cobaltstrike | dd417e8487ae9bd630f801ac605c6f22e423ea763b15d87f4c5c02599b841306

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

08fadc099c689e6d97b98d6166d6406d
SHA1

d4e2d475970409f83dfd2e7c64170003f228e587
SHA256

dd417e8487ae9bd630f801ac605c6f22e423ea763b15d87f4c5c02599b841306
SHA512

bf98cc7e389cd38789774d3c3b475b3d0a2fca16ce313363d7cd58be2502152d3866aa858c31aaabfbdc0fd2764faa86ace51345c25b1eb898aa48cacc0e2f4c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016edb-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-34.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-48.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-52.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-44.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-33.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016edb-8.dat	xmrig
behavioral1/files/0x000700000001707c-15.dat	xmrig
behavioral1/files/0x0007000000017403-22.dat	xmrig
behavioral1/files/0x000700000001746a-28.dat	xmrig
behavioral1/files/0x00080000000174a6-34.dat	xmrig
behavioral1/files/0x000500000001926c-48.dat	xmrig
behavioral1/files/0x000500000001929a-60.dat	xmrig
behavioral1/files/0x0005000000019319-64.dat	xmrig
behavioral1/files/0x00050000000193a4-80.dat	xmrig
behavioral1/files/0x0005000000019433-92.dat	xmrig
behavioral1/files/0x0005000000019450-100.dat	xmrig
behavioral1/memory/1684-3744-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2332-3775-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2396-3776-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2896-3795-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2716-3806-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2972-3802-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1156-3793-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2976-3808-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2848-3850-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2756-3857-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2740-3859-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2200-3858-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2876-3886-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2756-1553-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2716-1550-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2972-1522-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2740-1519-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2896-1517-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2848-1515-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2976-1514-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2200-1513-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2876-1534-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2960-1455-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2396-226-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2756-224-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2716-222-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2876-220-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2972-218-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2740-216-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2896-214-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2848-212-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2960-187-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/988-185-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2332-176-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x000500000001950e-138.dat	xmrig
behavioral1/files/0x0005000000019513-136.dat	xmrig
behavioral1/files/0x00050000000194d7-132.dat	xmrig
behavioral1/files/0x00050000000194df-129.dat	xmrig
behavioral1/files/0x0005000000019465-107.dat	xmrig
behavioral1/memory/2976-197-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2200-192-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1156-190-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001947d-125.dat	xmrig
behavioral1/files/0x0005000000019485-122.dat	xmrig
behavioral1/files/0x0005000000019479-116.dat	xmrig
behavioral1/memory/1684-168-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001953e-140.dat	xmrig
behavioral1/files/0x000500000001946a-115.dat	xmrig
behavioral1/files/0x000500000001945b-104.dat	xmrig
behavioral1/files/0x0005000000019446-96.dat	xmrig
behavioral1/files/0x00050000000193c1-88.dat	xmrig
behavioral1/files/0x00050000000193b3-84.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	vNCZTcJ.exe
1684	izOPumN.exe
2332	EhPDzJB.exe
988	wCwvzxx.exe
1156	yExPuBU.exe
2200	TGgrFVA.exe
2976	dJLxnMK.exe
2848	abIrIiW.exe
2896	bRitnEO.exe
2740	uJStYbb.exe
2972	BPAvMaY.exe
2876	OTmbAID.exe
2716	IbdqUye.exe
2756	FDDfLkS.exe
2728	uKgFhaV.exe
2612	RRSJJUp.exe
2680	ycLwznK.exe
3044	boyQMTN.exe
1984	DraxJyh.exe
668	sNKoGhs.exe
1612	ZsoZNFq.exe
2028	zjhayfI.exe
2144	JiRKWLP.exe
1364	UYnVZLY.exe
1952	AJIPucw.exe
2040	LnXGBYY.exe
1776	JNBOZTO.exe
2704	BJQbWzg.exe
2060	gOeteuX.exe
596	fBOShbI.exe
948	xORBHiN.exe
760	MiFLCHd.exe
3064	xkujDrZ.exe
1428	haKqmvV.exe
1160	OGXXarB.exe
2308	MaUPxZR.exe
572	IbgiKkq.exe
1740	OwWdKTJ.exe
1800	CXPSsvB.exe
388	pJKETex.exe
2556	FDAQiWY.exe
1988	jipBEed.exe
2944	NWNfBcw.exe
2256	SXUVZat.exe
2424	lNLLCbg.exe
1712	nDqeDNA.exe
1244	wXxJtDB.exe
3036	NpGoeou.exe
2296	TVnJIte.exe
1336	XxyZbOC.exe
1604	VObqZNs.exe
3004	bPLhtvr.exe
1968	UEfJGNQ.exe
1608	ZJqpGDX.exe
2220	KjbbFQd.exe
1080	UahHhKc.exe
376	vMAdSKU.exe
888	scXcqAt.exe
592	zMonzGv.exe
1304	UGKFVdV.exe
2380	bGzgmKb.exe
2768	CEbRElC.exe
2376	ESWqbll.exe
2980	uFIJxqi.exe

Loads dropped DLL 64 IoCs

pid	Process
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0008000000016edb-8.dat	upx
behavioral1/files/0x000700000001707c-15.dat	upx
behavioral1/files/0x0007000000017403-22.dat	upx
behavioral1/files/0x000700000001746a-28.dat	upx
behavioral1/files/0x00080000000174a6-34.dat	upx
behavioral1/files/0x000500000001926c-48.dat	upx
behavioral1/files/0x000500000001929a-60.dat	upx
behavioral1/files/0x0005000000019319-64.dat	upx
behavioral1/files/0x00050000000193a4-80.dat	upx
behavioral1/files/0x0005000000019433-92.dat	upx
behavioral1/files/0x0005000000019450-100.dat	upx
behavioral1/memory/1684-3744-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2332-3775-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2396-3776-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2896-3795-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2716-3806-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2972-3802-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1156-3793-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2976-3808-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2848-3850-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2756-3857-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2740-3859-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2200-3858-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2876-3886-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2756-1553-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2716-1550-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2972-1522-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2740-1519-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2896-1517-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2848-1515-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2976-1514-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2200-1513-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2876-1534-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2960-1455-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2396-226-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2756-224-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2716-222-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2876-220-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2972-218-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2740-216-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2896-214-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2848-212-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/988-185-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2332-176-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x000500000001950e-138.dat	upx
behavioral1/files/0x0005000000019513-136.dat	upx
behavioral1/files/0x00050000000194d7-132.dat	upx
behavioral1/files/0x00050000000194df-129.dat	upx
behavioral1/files/0x0005000000019465-107.dat	upx
behavioral1/memory/2976-197-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2200-192-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1156-190-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x000500000001947d-125.dat	upx
behavioral1/files/0x0005000000019485-122.dat	upx
behavioral1/files/0x0005000000019479-116.dat	upx
behavioral1/memory/1684-168-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x000500000001953e-140.dat	upx
behavioral1/files/0x000500000001946a-115.dat	upx
behavioral1/files/0x000500000001945b-104.dat	upx
behavioral1/files/0x0005000000019446-96.dat	upx
behavioral1/files/0x00050000000193c1-88.dat	upx
behavioral1/files/0x00050000000193b3-84.dat	upx
behavioral1/files/0x0005000000019387-76.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BWIoLCm.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AifOqgr.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KTrQvaI.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lveidet.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iaDyZaU.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vlmlaom.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OKAvIrb.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UxRXTpL.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IbgiKkq.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hhhvYsj.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VNjdzIY.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OmzkepE.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IKXSpht.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oQUWEMk.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wCwvzxx.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kUmhxgr.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oBrFQWp.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RWvcpnH.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DvxfmZA.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UjMRONK.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yonpLaz.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wPbNDkH.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bNExMYr.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JiRuFUe.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xlHgiPW.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DOsrPlD.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GbSvlbG.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wLxpbdm.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jaLKclD.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kJTLZlf.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zaToItK.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VYRBSEQ.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oszlyIP.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gtbhbcM.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KktUKPH.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TiYPsnG.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aqxevNm.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QTMFGbE.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jPPcpqJ.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sctVNcB.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CPTbGtW.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZItOJcn.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cRjBpnk.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IlCwmTF.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DTboIlB.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ceZzZSh.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AbDmXTd.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OpCzseh.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zzbmEHE.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GuBiGLT.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vTKUiWD.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hpYHkvv.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zehJPqq.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uBlNqbd.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aJIHAle.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GvjKlMr.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hkbusjY.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cGyGToO.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lIYUeDh.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lBwaiUs.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oDFeDBm.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Aasqbjj.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ccySgtK.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IKqoNRH.exe	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2396	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2960 wrote to memory of 2396	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2960 wrote to memory of 2396	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2960 wrote to memory of 1684	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2960 wrote to memory of 1684	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2960 wrote to memory of 1684	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2960 wrote to memory of 2332	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2960 wrote to memory of 2332	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2960 wrote to memory of 2332	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2960 wrote to memory of 988	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2960 wrote to memory of 988	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2960 wrote to memory of 988	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2960 wrote to memory of 1156	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2960 wrote to memory of 1156	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2960 wrote to memory of 1156	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2960 wrote to memory of 2200	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2960 wrote to memory of 2200	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2960 wrote to memory of 2200	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2960 wrote to memory of 2976	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2960 wrote to memory of 2976	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2960 wrote to memory of 2976	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2960 wrote to memory of 2848	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2960 wrote to memory of 2848	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2960 wrote to memory of 2848	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2960 wrote to memory of 2896	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2960 wrote to memory of 2896	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2960 wrote to memory of 2896	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2960 wrote to memory of 2740	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2960 wrote to memory of 2740	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2960 wrote to memory of 2740	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2960 wrote to memory of 2972	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2960 wrote to memory of 2972	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2960 wrote to memory of 2972	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2960 wrote to memory of 2876	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2960 wrote to memory of 2876	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2960 wrote to memory of 2876	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2960 wrote to memory of 2716	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2960 wrote to memory of 2716	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2960 wrote to memory of 2716	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2960 wrote to memory of 2756	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2960 wrote to memory of 2756	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2960 wrote to memory of 2756	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2960 wrote to memory of 2728	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2960 wrote to memory of 2728	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2960 wrote to memory of 2728	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2960 wrote to memory of 2612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2960 wrote to memory of 2612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2960 wrote to memory of 2612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2960 wrote to memory of 2680	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2960 wrote to memory of 2680	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2960 wrote to memory of 2680	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2960 wrote to memory of 3044	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2960 wrote to memory of 3044	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2960 wrote to memory of 3044	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2960 wrote to memory of 1984	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2960 wrote to memory of 1984	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2960 wrote to memory of 1984	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2960 wrote to memory of 668	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2960 wrote to memory of 668	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2960 wrote to memory of 668	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2960 wrote to memory of 1612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2960 wrote to memory of 1612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2960 wrote to memory of 1612	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2960 wrote to memory of 2028	2960	2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_08fadc099c689e6d97b98d6166d6406d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\System\vNCZTcJ.exe
  C:\Windows\System\vNCZTcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\izOPumN.exe
  C:\Windows\System\izOPumN.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\EhPDzJB.exe
  C:\Windows\System\EhPDzJB.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\wCwvzxx.exe
  C:\Windows\System\wCwvzxx.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\yExPuBU.exe
  C:\Windows\System\yExPuBU.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\TGgrFVA.exe
  C:\Windows\System\TGgrFVA.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\dJLxnMK.exe
  C:\Windows\System\dJLxnMK.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\abIrIiW.exe
  C:\Windows\System\abIrIiW.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\bRitnEO.exe
  C:\Windows\System\bRitnEO.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\uJStYbb.exe
  C:\Windows\System\uJStYbb.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\BPAvMaY.exe
  C:\Windows\System\BPAvMaY.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\OTmbAID.exe
  C:\Windows\System\OTmbAID.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\IbdqUye.exe
  C:\Windows\System\IbdqUye.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\FDDfLkS.exe
  C:\Windows\System\FDDfLkS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\uKgFhaV.exe
  C:\Windows\System\uKgFhaV.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\RRSJJUp.exe
  C:\Windows\System\RRSJJUp.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\ycLwznK.exe
  C:\Windows\System\ycLwznK.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\boyQMTN.exe
  C:\Windows\System\boyQMTN.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\DraxJyh.exe
  C:\Windows\System\DraxJyh.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\sNKoGhs.exe
  C:\Windows\System\sNKoGhs.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\ZsoZNFq.exe
  C:\Windows\System\ZsoZNFq.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\zjhayfI.exe
  C:\Windows\System\zjhayfI.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\JiRKWLP.exe
  C:\Windows\System\JiRKWLP.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\UYnVZLY.exe
  C:\Windows\System\UYnVZLY.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\AJIPucw.exe
  C:\Windows\System\AJIPucw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\OGXXarB.exe
  C:\Windows\System\OGXXarB.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\LnXGBYY.exe
  C:\Windows\System\LnXGBYY.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\jipBEed.exe
  C:\Windows\System\jipBEed.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\JNBOZTO.exe
  C:\Windows\System\JNBOZTO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\NWNfBcw.exe
  C:\Windows\System\NWNfBcw.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\BJQbWzg.exe
  C:\Windows\System\BJQbWzg.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\SXUVZat.exe
  C:\Windows\System\SXUVZat.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\gOeteuX.exe
  C:\Windows\System\gOeteuX.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\TVnJIte.exe
  C:\Windows\System\TVnJIte.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\fBOShbI.exe
  C:\Windows\System\fBOShbI.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\XxyZbOC.exe
  C:\Windows\System\XxyZbOC.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\xORBHiN.exe
  C:\Windows\System\xORBHiN.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VObqZNs.exe
  C:\Windows\System\VObqZNs.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\MiFLCHd.exe
  C:\Windows\System\MiFLCHd.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\bPLhtvr.exe
  C:\Windows\System\bPLhtvr.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\xkujDrZ.exe
  C:\Windows\System\xkujDrZ.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\UEfJGNQ.exe
  C:\Windows\System\UEfJGNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\haKqmvV.exe
  C:\Windows\System\haKqmvV.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ZJqpGDX.exe
  C:\Windows\System\ZJqpGDX.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MaUPxZR.exe
  C:\Windows\System\MaUPxZR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\KjbbFQd.exe
  C:\Windows\System\KjbbFQd.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\IbgiKkq.exe
  C:\Windows\System\IbgiKkq.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\vMAdSKU.exe
  C:\Windows\System\vMAdSKU.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\OwWdKTJ.exe
  C:\Windows\System\OwWdKTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\scXcqAt.exe
  C:\Windows\System\scXcqAt.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\CXPSsvB.exe
  C:\Windows\System\CXPSsvB.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\zMonzGv.exe
  C:\Windows\System\zMonzGv.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\pJKETex.exe
  C:\Windows\System\pJKETex.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\UGKFVdV.exe
  C:\Windows\System\UGKFVdV.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\FDAQiWY.exe
  C:\Windows\System\FDAQiWY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\bGzgmKb.exe
  C:\Windows\System\bGzgmKb.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\lNLLCbg.exe
  C:\Windows\System\lNLLCbg.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ESWqbll.exe
  C:\Windows\System\ESWqbll.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\nDqeDNA.exe
  C:\Windows\System\nDqeDNA.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\uFIJxqi.exe
  C:\Windows\System\uFIJxqi.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\wXxJtDB.exe
  C:\Windows\System\wXxJtDB.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\TmKcdXG.exe
  C:\Windows\System\TmKcdXG.exe
  2⤵
  PID:1768
- C:\Windows\System\NpGoeou.exe
  C:\Windows\System\NpGoeou.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\JMoSrJR.exe
  C:\Windows\System\JMoSrJR.exe
  2⤵
  PID:2400
- C:\Windows\System\UahHhKc.exe
  C:\Windows\System\UahHhKc.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\sRCoqUb.exe
  C:\Windows\System\sRCoqUb.exe
  2⤵
  PID:280
- C:\Windows\System\CEbRElC.exe
  C:\Windows\System\CEbRElC.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ZkzhQkX.exe
  C:\Windows\System\ZkzhQkX.exe
  2⤵
  PID:2884
- C:\Windows\System\DSbznRl.exe
  C:\Windows\System\DSbznRl.exe
  2⤵
  PID:2356
- C:\Windows\System\upcrsOg.exe
  C:\Windows\System\upcrsOg.exe
  2⤵
  PID:2948
- C:\Windows\System\pWpxyUE.exe
  C:\Windows\System\pWpxyUE.exe
  2⤵
  PID:1748
- C:\Windows\System\waetnzF.exe
  C:\Windows\System\waetnzF.exe
  2⤵
  PID:2648
- C:\Windows\System\fmRvQtT.exe
  C:\Windows\System\fmRvQtT.exe
  2⤵
  PID:3056
- C:\Windows\System\DeoecVd.exe
  C:\Windows\System\DeoecVd.exe
  2⤵
  PID:1840
- C:\Windows\System\PxlwSAc.exe
  C:\Windows\System\PxlwSAc.exe
  2⤵
  PID:2604
- C:\Windows\System\PZzTyHd.exe
  C:\Windows\System\PZzTyHd.exe
  2⤵
  PID:2036
- C:\Windows\System\QiVBuYw.exe
  C:\Windows\System\QiVBuYw.exe
  2⤵
  PID:2712
- C:\Windows\System\mFyZUrn.exe
  C:\Windows\System\mFyZUrn.exe
  2⤵
  PID:2508
- C:\Windows\System\HkQexLI.exe
  C:\Windows\System\HkQexLI.exe
  2⤵
  PID:3000
- C:\Windows\System\itVlPxX.exe
  C:\Windows\System\itVlPxX.exe
  2⤵
  PID:2600
- C:\Windows\System\jJFZejI.exe
  C:\Windows\System\jJFZejI.exe
  2⤵
  PID:892
- C:\Windows\System\yVdRlPG.exe
  C:\Windows\System\yVdRlPG.exe
  2⤵
  PID:1528
- C:\Windows\System\fzJdZJh.exe
  C:\Windows\System\fzJdZJh.exe
  2⤵
  PID:328
- C:\Windows\System\HxPmqmP.exe
  C:\Windows\System\HxPmqmP.exe
  2⤵
  PID:316
- C:\Windows\System\BUMBmZj.exe
  C:\Windows\System\BUMBmZj.exe
  2⤵
  PID:2552
- C:\Windows\System\duogtmD.exe
  C:\Windows\System\duogtmD.exe
  2⤵
  PID:2860
- C:\Windows\System\mgKVGPN.exe
  C:\Windows\System\mgKVGPN.exe
  2⤵
  PID:2816
- C:\Windows\System\KhdgOSe.exe
  C:\Windows\System\KhdgOSe.exe
  2⤵
  PID:2460
- C:\Windows\System\lrrYRwq.exe
  C:\Windows\System\lrrYRwq.exe
  2⤵
  PID:1272
- C:\Windows\System\YDGhzqQ.exe
  C:\Windows\System\YDGhzqQ.exe
  2⤵
  PID:2504
- C:\Windows\System\rxxalwd.exe
  C:\Windows\System\rxxalwd.exe
  2⤵
  PID:2548
- C:\Windows\System\RETczBc.exe
  C:\Windows\System\RETczBc.exe
  2⤵
  PID:1644
- C:\Windows\System\pcuarlN.exe
  C:\Windows\System\pcuarlN.exe
  2⤵
  PID:2636
- C:\Windows\System\fhgMfzF.exe
  C:\Windows\System\fhgMfzF.exe
  2⤵
  PID:1980
- C:\Windows\System\JcLOqva.exe
  C:\Windows\System\JcLOqva.exe
  2⤵
  PID:2348
- C:\Windows\System\qYuRTjr.exe
  C:\Windows\System\qYuRTjr.exe
  2⤵
  PID:1200
- C:\Windows\System\nuezTHb.exe
  C:\Windows\System\nuezTHb.exe
  2⤵
  PID:3080
- C:\Windows\System\IHMqwQu.exe
  C:\Windows\System\IHMqwQu.exe
  2⤵
  PID:3108
- C:\Windows\System\gUIIGUf.exe
  C:\Windows\System\gUIIGUf.exe
  2⤵
  PID:3156
- C:\Windows\System\pWmmLRB.exe
  C:\Windows\System\pWmmLRB.exe
  2⤵
  PID:3172
- C:\Windows\System\fauwGtn.exe
  C:\Windows\System\fauwGtn.exe
  2⤵
  PID:3188
- C:\Windows\System\WUrRGBJ.exe
  C:\Windows\System\WUrRGBJ.exe
  2⤵
  PID:3208
- C:\Windows\System\ETJXNNa.exe
  C:\Windows\System\ETJXNNa.exe
  2⤵
  PID:3224
- C:\Windows\System\fVObQJP.exe
  C:\Windows\System\fVObQJP.exe
  2⤵
  PID:3248
- C:\Windows\System\RtIqeRO.exe
  C:\Windows\System\RtIqeRO.exe
  2⤵
  PID:3424
- C:\Windows\System\aCJUfJm.exe
  C:\Windows\System\aCJUfJm.exe
  2⤵
  PID:3512
- C:\Windows\System\UpOCNsR.exe
  C:\Windows\System\UpOCNsR.exe
  2⤵
  PID:3544
- C:\Windows\System\yjxKELs.exe
  C:\Windows\System\yjxKELs.exe
  2⤵
  PID:3568
- C:\Windows\System\MdCyCzu.exe
  C:\Windows\System\MdCyCzu.exe
  2⤵
  PID:3584
- C:\Windows\System\SypBOhp.exe
  C:\Windows\System\SypBOhp.exe
  2⤵
  PID:3608
- C:\Windows\System\TsEeppO.exe
  C:\Windows\System\TsEeppO.exe
  2⤵
  PID:3628
- C:\Windows\System\IgzHWJX.exe
  C:\Windows\System\IgzHWJX.exe
  2⤵
  PID:3648
- C:\Windows\System\lcRBYOo.exe
  C:\Windows\System\lcRBYOo.exe
  2⤵
  PID:3668
- C:\Windows\System\lJcFDMV.exe
  C:\Windows\System\lJcFDMV.exe
  2⤵
  PID:3688
- C:\Windows\System\RLvXQPq.exe
  C:\Windows\System\RLvXQPq.exe
  2⤵
  PID:3708
- C:\Windows\System\zDJsuCo.exe
  C:\Windows\System\zDJsuCo.exe
  2⤵
  PID:3732
- C:\Windows\System\KqZbeih.exe
  C:\Windows\System\KqZbeih.exe
  2⤵
  PID:3752
- C:\Windows\System\AodPnoW.exe
  C:\Windows\System\AodPnoW.exe
  2⤵
  PID:3772
- C:\Windows\System\WBwNPLy.exe
  C:\Windows\System\WBwNPLy.exe
  2⤵
  PID:3792
- C:\Windows\System\obpnmVE.exe
  C:\Windows\System\obpnmVE.exe
  2⤵
  PID:3812
- C:\Windows\System\WIVFSlx.exe
  C:\Windows\System\WIVFSlx.exe
  2⤵
  PID:3832
- C:\Windows\System\rZYjCzZ.exe
  C:\Windows\System\rZYjCzZ.exe
  2⤵
  PID:3852
- C:\Windows\System\rCvjcwl.exe
  C:\Windows\System\rCvjcwl.exe
  2⤵
  PID:3872
- C:\Windows\System\TMcGlas.exe
  C:\Windows\System\TMcGlas.exe
  2⤵
  PID:3888
- C:\Windows\System\cwDJLii.exe
  C:\Windows\System\cwDJLii.exe
  2⤵
  PID:3912
- C:\Windows\System\Aasqbjj.exe
  C:\Windows\System\Aasqbjj.exe
  2⤵
  PID:3932
- C:\Windows\System\sSqWVsq.exe
  C:\Windows\System\sSqWVsq.exe
  2⤵
  PID:3952
- C:\Windows\System\ZGiXrdb.exe
  C:\Windows\System\ZGiXrdb.exe
  2⤵
  PID:3972
- C:\Windows\System\FNdUVmG.exe
  C:\Windows\System\FNdUVmG.exe
  2⤵
  PID:3992
- C:\Windows\System\PWYsuEx.exe
  C:\Windows\System\PWYsuEx.exe
  2⤵
  PID:4008
- C:\Windows\System\FOHzZuE.exe
  C:\Windows\System\FOHzZuE.exe
  2⤵
  PID:4032
- C:\Windows\System\Jvnwzsv.exe
  C:\Windows\System\Jvnwzsv.exe
  2⤵
  PID:4048
- C:\Windows\System\VfLIsHr.exe
  C:\Windows\System\VfLIsHr.exe
  2⤵
  PID:4072
- C:\Windows\System\laAEUaO.exe
  C:\Windows\System\laAEUaO.exe
  2⤵
  PID:4092
- C:\Windows\System\pXjrTnV.exe
  C:\Windows\System\pXjrTnV.exe
  2⤵
  PID:1084
- C:\Windows\System\vcXnDNM.exe
  C:\Windows\System\vcXnDNM.exe
  2⤵
  PID:1820
- C:\Windows\System\fQCHjkT.exe
  C:\Windows\System\fQCHjkT.exe
  2⤵
  PID:448
- C:\Windows\System\FKZrTTf.exe
  C:\Windows\System\FKZrTTf.exe
  2⤵
  PID:1920
- C:\Windows\System\fihusMs.exe
  C:\Windows\System\fihusMs.exe
  2⤵
  PID:1744
- C:\Windows\System\HzdZxMJ.exe
  C:\Windows\System\HzdZxMJ.exe
  2⤵
  PID:1804
- C:\Windows\System\CtdEimb.exe
  C:\Windows\System\CtdEimb.exe
  2⤵
  PID:1996
- C:\Windows\System\iceBqRj.exe
  C:\Windows\System\iceBqRj.exe
  2⤵
  PID:2916
- C:\Windows\System\gMAtKfR.exe
  C:\Windows\System\gMAtKfR.exe
  2⤵
  PID:3068
- C:\Windows\System\frItJrP.exe
  C:\Windows\System\frItJrP.exe
  2⤵
  PID:1600
- C:\Windows\System\XgwFWeF.exe
  C:\Windows\System\XgwFWeF.exe
  2⤵
  PID:2116
- C:\Windows\System\iYPrGUU.exe
  C:\Windows\System\iYPrGUU.exe
  2⤵
  PID:3088
- C:\Windows\System\pauGFmB.exe
  C:\Windows\System\pauGFmB.exe
  2⤵
  PID:3104
- C:\Windows\System\FqAWziF.exe
  C:\Windows\System\FqAWziF.exe
  2⤵
  PID:2804
- C:\Windows\System\TijZvro.exe
  C:\Windows\System\TijZvro.exe
  2⤵
  PID:2096
- C:\Windows\System\ULfVdhl.exe
  C:\Windows\System\ULfVdhl.exe
  2⤵
  PID:3128
- C:\Windows\System\SrhzMKv.exe
  C:\Windows\System\SrhzMKv.exe
  2⤵
  PID:3152
- C:\Windows\System\hONfWFt.exe
  C:\Windows\System\hONfWFt.exe
  2⤵
  PID:3236
- C:\Windows\System\dzkPtPW.exe
  C:\Windows\System\dzkPtPW.exe
  2⤵
  PID:3260
- C:\Windows\System\QLnQwaM.exe
  C:\Windows\System\QLnQwaM.exe
  2⤵
  PID:3280
- C:\Windows\System\AyVtxCO.exe
  C:\Windows\System\AyVtxCO.exe
  2⤵
  PID:3296
- C:\Windows\System\eEkmLiB.exe
  C:\Windows\System\eEkmLiB.exe
  2⤵
  PID:3320
- C:\Windows\System\MdsKBNc.exe
  C:\Windows\System\MdsKBNc.exe
  2⤵
  PID:3340
- C:\Windows\System\smQkSty.exe
  C:\Windows\System\smQkSty.exe
  2⤵
  PID:3360
- C:\Windows\System\CHWwnSv.exe
  C:\Windows\System\CHWwnSv.exe
  2⤵
  PID:3380
- C:\Windows\System\fsgVtyZ.exe
  C:\Windows\System\fsgVtyZ.exe
  2⤵
  PID:3400
- C:\Windows\System\CHWTqva.exe
  C:\Windows\System\CHWTqva.exe
  2⤵
  PID:3444
- C:\Windows\System\mnsCExO.exe
  C:\Windows\System\mnsCExO.exe
  2⤵
  PID:3456
- C:\Windows\System\CeNWvik.exe
  C:\Windows\System\CeNWvik.exe
  2⤵
  PID:3472
- C:\Windows\System\LUalRoL.exe
  C:\Windows\System\LUalRoL.exe
  2⤵
  PID:3492
- C:\Windows\System\qsJKBdF.exe
  C:\Windows\System\qsJKBdF.exe
  2⤵
  PID:3504
- C:\Windows\System\KToWlYN.exe
  C:\Windows\System\KToWlYN.exe
  2⤵
  PID:3524
- C:\Windows\System\DFKDCGy.exe
  C:\Windows\System\DFKDCGy.exe
  2⤵
  PID:3592
- C:\Windows\System\FWgpTPR.exe
  C:\Windows\System\FWgpTPR.exe
  2⤵
  PID:3600
- C:\Windows\System\QUObZyJ.exe
  C:\Windows\System\QUObZyJ.exe
  2⤵
  PID:3640
- C:\Windows\System\RoZrQWl.exe
  C:\Windows\System\RoZrQWl.exe
  2⤵
  PID:3684
- C:\Windows\System\wMNZRON.exe
  C:\Windows\System\wMNZRON.exe
  2⤵
  PID:3696
- C:\Windows\System\WORpEPs.exe
  C:\Windows\System\WORpEPs.exe
  2⤵
  PID:3760
- C:\Windows\System\InSeymE.exe
  C:\Windows\System\InSeymE.exe
  2⤵
  PID:3744
- C:\Windows\System\WmfShwM.exe
  C:\Windows\System\WmfShwM.exe
  2⤵
  PID:3784
- C:\Windows\System\dpQoVNg.exe
  C:\Windows\System\dpQoVNg.exe
  2⤵
  PID:3844
- C:\Windows\System\XEtlZOy.exe
  C:\Windows\System\XEtlZOy.exe
  2⤵
  PID:3884
- C:\Windows\System\DRksnhD.exe
  C:\Windows\System\DRksnhD.exe
  2⤵
  PID:3896
- C:\Windows\System\ogjfXeR.exe
  C:\Windows\System\ogjfXeR.exe
  2⤵
  PID:3968
- C:\Windows\System\WpZYAIh.exe
  C:\Windows\System\WpZYAIh.exe
  2⤵
  PID:3940
- C:\Windows\System\nfTXKBf.exe
  C:\Windows\System\nfTXKBf.exe
  2⤵
  PID:3984
- C:\Windows\System\UiTRtua.exe
  C:\Windows\System\UiTRtua.exe
  2⤵
  PID:4044
- C:\Windows\System\AHFKait.exe
  C:\Windows\System\AHFKait.exe
  2⤵
  PID:4068
- C:\Windows\System\nYBPREj.exe
  C:\Windows\System\nYBPREj.exe
  2⤵
  PID:2336
- C:\Windows\System\CPTbGtW.exe
  C:\Windows\System\CPTbGtW.exe
  2⤵
  PID:2412
- C:\Windows\System\eAwubKN.exe
  C:\Windows\System\eAwubKN.exe
  2⤵
  PID:2808
- C:\Windows\System\nalMdSp.exe
  C:\Windows\System\nalMdSp.exe
  2⤵
  PID:2172
- C:\Windows\System\FUzhuRL.exe
  C:\Windows\System\FUzhuRL.exe
  2⤵
  PID:1048
- C:\Windows\System\MRQZGpB.exe
  C:\Windows\System\MRQZGpB.exe
  2⤵
  PID:1284
- C:\Windows\System\lFLlAuj.exe
  C:\Windows\System\lFLlAuj.exe
  2⤵
  PID:856
- C:\Windows\System\RDKaLrT.exe
  C:\Windows\System\RDKaLrT.exe
  2⤵
  PID:1392
- C:\Windows\System\mcWrZes.exe
  C:\Windows\System\mcWrZes.exe
  2⤵
  PID:3116
- C:\Windows\System\bgHZKKu.exe
  C:\Windows\System\bgHZKKu.exe
  2⤵
  PID:616
- C:\Windows\System\WgVPDZq.exe
  C:\Windows\System\WgVPDZq.exe
  2⤵
  PID:3144
- C:\Windows\System\wqdNixX.exe
  C:\Windows\System\wqdNixX.exe
  2⤵
  PID:3268
- C:\Windows\System\OQpdOle.exe
  C:\Windows\System\OQpdOle.exe
  2⤵
  PID:3308
- C:\Windows\System\pMHavmS.exe
  C:\Windows\System\pMHavmS.exe
  2⤵
  PID:3328
- C:\Windows\System\euFUImx.exe
  C:\Windows\System\euFUImx.exe
  2⤵
  PID:3332
- C:\Windows\System\nDtAdUv.exe
  C:\Windows\System\nDtAdUv.exe
  2⤵
  PID:3372
- C:\Windows\System\ceZzZSh.exe
  C:\Windows\System\ceZzZSh.exe
  2⤵
  PID:3448
- C:\Windows\System\kUmhxgr.exe
  C:\Windows\System\kUmhxgr.exe
  2⤵
  PID:3480
- C:\Windows\System\aEqlUzy.exe
  C:\Windows\System\aEqlUzy.exe
  2⤵
  PID:3564
- C:\Windows\System\JZNsCqX.exe
  C:\Windows\System\JZNsCqX.exe
  2⤵
  PID:3532
- C:\Windows\System\sunYpUN.exe
  C:\Windows\System\sunYpUN.exe
  2⤵
  PID:3580
- C:\Windows\System\jPfBKBQ.exe
  C:\Windows\System\jPfBKBQ.exe
  2⤵
  PID:3676
- C:\Windows\System\WeqzyOn.exe
  C:\Windows\System\WeqzyOn.exe
  2⤵
  PID:3720
- C:\Windows\System\uQfnROJ.exe
  C:\Windows\System\uQfnROJ.exe
  2⤵
  PID:3748
- C:\Windows\System\oEBulbl.exe
  C:\Windows\System\oEBulbl.exe
  2⤵
  PID:3848
- C:\Windows\System\PIhpPyL.exe
  C:\Windows\System\PIhpPyL.exe
  2⤵
  PID:3928
- C:\Windows\System\QMceVcJ.exe
  C:\Windows\System\QMceVcJ.exe
  2⤵
  PID:3924
- C:\Windows\System\jfQJSej.exe
  C:\Windows\System\jfQJSej.exe
  2⤵
  PID:3988
- C:\Windows\System\cIyLRQe.exe
  C:\Windows\System\cIyLRQe.exe
  2⤵
  PID:4024
- C:\Windows\System\KtmAyhO.exe
  C:\Windows\System\KtmAyhO.exe
  2⤵
  PID:2792
- C:\Windows\System\yoMSgyN.exe
  C:\Windows\System\yoMSgyN.exe
  2⤵
  PID:408
- C:\Windows\System\aNAHnny.exe
  C:\Windows\System\aNAHnny.exe
  2⤵
  PID:880
- C:\Windows\System\rjIzvMz.exe
  C:\Windows\System\rjIzvMz.exe
  2⤵
  PID:2080
- C:\Windows\System\zpgCVuZ.exe
  C:\Windows\System\zpgCVuZ.exe
  2⤵
  PID:3204
- C:\Windows\System\djRdXqW.exe
  C:\Windows\System\djRdXqW.exe
  2⤵
  PID:3100
- C:\Windows\System\VugrlEV.exe
  C:\Windows\System\VugrlEV.exe
  2⤵
  PID:3140
- C:\Windows\System\zGAVglg.exe
  C:\Windows\System\zGAVglg.exe
  2⤵
  PID:3276
- C:\Windows\System\npvaKTs.exe
  C:\Windows\System\npvaKTs.exe
  2⤵
  PID:3292
- C:\Windows\System\cFODiyA.exe
  C:\Windows\System\cFODiyA.exe
  2⤵
  PID:3368
- C:\Windows\System\gTRRPlt.exe
  C:\Windows\System\gTRRPlt.exe
  2⤵
  PID:3452
- C:\Windows\System\RMfvLQz.exe
  C:\Windows\System\RMfvLQz.exe
  2⤵
  PID:3560
- C:\Windows\System\dsHpWNk.exe
  C:\Windows\System\dsHpWNk.exe
  2⤵
  PID:4100
- C:\Windows\System\olPZzOk.exe
  C:\Windows\System\olPZzOk.exe
  2⤵
  PID:4120
- C:\Windows\System\ebSrPSz.exe
  C:\Windows\System\ebSrPSz.exe
  2⤵
  PID:4140
- C:\Windows\System\qLQgcxs.exe
  C:\Windows\System\qLQgcxs.exe
  2⤵
  PID:4160
- C:\Windows\System\FbbZYlr.exe
  C:\Windows\System\FbbZYlr.exe
  2⤵
  PID:4180
- C:\Windows\System\XyztDaz.exe
  C:\Windows\System\XyztDaz.exe
  2⤵
  PID:4200
- C:\Windows\System\SbNBBXP.exe
  C:\Windows\System\SbNBBXP.exe
  2⤵
  PID:4220
- C:\Windows\System\qcbQRmp.exe
  C:\Windows\System\qcbQRmp.exe
  2⤵
  PID:4240
- C:\Windows\System\RPAHybX.exe
  C:\Windows\System\RPAHybX.exe
  2⤵
  PID:4260
- C:\Windows\System\PgeWzWD.exe
  C:\Windows\System\PgeWzWD.exe
  2⤵
  PID:4280
- C:\Windows\System\aJQeAoN.exe
  C:\Windows\System\aJQeAoN.exe
  2⤵
  PID:4300
- C:\Windows\System\LKzJMNy.exe
  C:\Windows\System\LKzJMNy.exe
  2⤵
  PID:4320
- C:\Windows\System\GqmKOxy.exe
  C:\Windows\System\GqmKOxy.exe
  2⤵
  PID:4340
- C:\Windows\System\DIxFOuy.exe
  C:\Windows\System\DIxFOuy.exe
  2⤵
  PID:4360
- C:\Windows\System\ZziRtHa.exe
  C:\Windows\System\ZziRtHa.exe
  2⤵
  PID:4380
- C:\Windows\System\LQCIfsq.exe
  C:\Windows\System\LQCIfsq.exe
  2⤵
  PID:4396
- C:\Windows\System\HvVDVIb.exe
  C:\Windows\System\HvVDVIb.exe
  2⤵
  PID:4420
- C:\Windows\System\FbkAgXM.exe
  C:\Windows\System\FbkAgXM.exe
  2⤵
  PID:4440
- C:\Windows\System\wLxpbdm.exe
  C:\Windows\System\wLxpbdm.exe
  2⤵
  PID:4460
- C:\Windows\System\gHfFkzE.exe
  C:\Windows\System\gHfFkzE.exe
  2⤵
  PID:4480
- C:\Windows\System\aAtxMUx.exe
  C:\Windows\System\aAtxMUx.exe
  2⤵
  PID:4500
- C:\Windows\System\JpAEzwA.exe
  C:\Windows\System\JpAEzwA.exe
  2⤵
  PID:4520
- C:\Windows\System\QPKYWvj.exe
  C:\Windows\System\QPKYWvj.exe
  2⤵
  PID:4540
- C:\Windows\System\DROoiQm.exe
  C:\Windows\System\DROoiQm.exe
  2⤵
  PID:4556
- C:\Windows\System\iaDyZaU.exe
  C:\Windows\System\iaDyZaU.exe
  2⤵
  PID:4580
- C:\Windows\System\uhzomaI.exe
  C:\Windows\System\uhzomaI.exe
  2⤵
  PID:4596
- C:\Windows\System\yjMBTai.exe
  C:\Windows\System\yjMBTai.exe
  2⤵
  PID:4620
- C:\Windows\System\xChDzuV.exe
  C:\Windows\System\xChDzuV.exe
  2⤵
  PID:4640
- C:\Windows\System\JWxhZrs.exe
  C:\Windows\System\JWxhZrs.exe
  2⤵
  PID:4660
- C:\Windows\System\wVpyRQh.exe
  C:\Windows\System\wVpyRQh.exe
  2⤵
  PID:4680
- C:\Windows\System\ehtZhVx.exe
  C:\Windows\System\ehtZhVx.exe
  2⤵
  PID:4700
- C:\Windows\System\kDqFkEp.exe
  C:\Windows\System\kDqFkEp.exe
  2⤵
  PID:4720
- C:\Windows\System\GJiUxgd.exe
  C:\Windows\System\GJiUxgd.exe
  2⤵
  PID:4740
- C:\Windows\System\yAzcCwI.exe
  C:\Windows\System\yAzcCwI.exe
  2⤵
  PID:4760
- C:\Windows\System\fqZyNjO.exe
  C:\Windows\System\fqZyNjO.exe
  2⤵
  PID:4780
- C:\Windows\System\tQeDmNu.exe
  C:\Windows\System\tQeDmNu.exe
  2⤵
  PID:4796
- C:\Windows\System\gZNGVfc.exe
  C:\Windows\System\gZNGVfc.exe
  2⤵
  PID:4820
- C:\Windows\System\rOjZtKk.exe
  C:\Windows\System\rOjZtKk.exe
  2⤵
  PID:4840
- C:\Windows\System\QOHLwCe.exe
  C:\Windows\System\QOHLwCe.exe
  2⤵
  PID:4860
- C:\Windows\System\vlxZMHW.exe
  C:\Windows\System\vlxZMHW.exe
  2⤵
  PID:4880
- C:\Windows\System\rYroMAr.exe
  C:\Windows\System\rYroMAr.exe
  2⤵
  PID:4900
- C:\Windows\System\kIcdKxr.exe
  C:\Windows\System\kIcdKxr.exe
  2⤵
  PID:4920
- C:\Windows\System\vsHJMvj.exe
  C:\Windows\System\vsHJMvj.exe
  2⤵
  PID:4940
- C:\Windows\System\zyUFuWW.exe
  C:\Windows\System\zyUFuWW.exe
  2⤵
  PID:4960
- C:\Windows\System\iYGDpBC.exe
  C:\Windows\System\iYGDpBC.exe
  2⤵
  PID:4980
- C:\Windows\System\rbnDKCr.exe
  C:\Windows\System\rbnDKCr.exe
  2⤵
  PID:4996
- C:\Windows\System\FaQPSCW.exe
  C:\Windows\System\FaQPSCW.exe
  2⤵
  PID:5020
- C:\Windows\System\LaXNeyz.exe
  C:\Windows\System\LaXNeyz.exe
  2⤵
  PID:5036
- C:\Windows\System\ElpBMLL.exe
  C:\Windows\System\ElpBMLL.exe
  2⤵
  PID:5060
- C:\Windows\System\wccKMys.exe
  C:\Windows\System\wccKMys.exe
  2⤵
  PID:5080
- C:\Windows\System\CxnjyaW.exe
  C:\Windows\System\CxnjyaW.exe
  2⤵
  PID:5100
- C:\Windows\System\muIowHL.exe
  C:\Windows\System\muIowHL.exe
  2⤵
  PID:3620
- C:\Windows\System\XNIFGnd.exe
  C:\Windows\System\XNIFGnd.exe
  2⤵
  PID:3540
- C:\Windows\System\QtETQqD.exe
  C:\Windows\System\QtETQqD.exe
  2⤵
  PID:3740
- C:\Windows\System\rMVAPzJ.exe
  C:\Windows\System\rMVAPzJ.exe
  2⤵
  PID:4004
- C:\Windows\System\nALYkKR.exe
  C:\Windows\System\nALYkKR.exe
  2⤵
  PID:3868
- C:\Windows\System\uQFelbx.exe
  C:\Windows\System\uQFelbx.exe
  2⤵
  PID:4088
- C:\Windows\System\lJSEPPE.exe
  C:\Windows\System\lJSEPPE.exe
  2⤵
  PID:2456
- C:\Windows\System\AQCKRbe.exe
  C:\Windows\System\AQCKRbe.exe
  2⤵
  PID:2620
- C:\Windows\System\fNitfor.exe
  C:\Windows\System\fNitfor.exe
  2⤵
  PID:2752
- C:\Windows\System\vTKUiWD.exe
  C:\Windows\System\vTKUiWD.exe
  2⤵
  PID:3196
- C:\Windows\System\VNefrYI.exe
  C:\Windows\System\VNefrYI.exe
  2⤵
  PID:3312
- C:\Windows\System\lCupdlX.exe
  C:\Windows\System\lCupdlX.exe
  2⤵
  PID:3352
- C:\Windows\System\JSEFgyd.exe
  C:\Windows\System\JSEFgyd.exe
  2⤵
  PID:3488
- C:\Windows\System\eGiBzyk.exe
  C:\Windows\System\eGiBzyk.exe
  2⤵
  PID:4128
- C:\Windows\System\CQUNBYU.exe
  C:\Windows\System\CQUNBYU.exe
  2⤵
  PID:4132
- C:\Windows\System\oezECBx.exe
  C:\Windows\System\oezECBx.exe
  2⤵
  PID:4156
- C:\Windows\System\vPSGwFW.exe
  C:\Windows\System\vPSGwFW.exe
  2⤵
  PID:4196
- C:\Windows\System\CDtEhSu.exe
  C:\Windows\System\CDtEhSu.exe
  2⤵
  PID:4236
- C:\Windows\System\iugIRMb.exe
  C:\Windows\System\iugIRMb.exe
  2⤵
  PID:4268
- C:\Windows\System\JozmroA.exe
  C:\Windows\System\JozmroA.exe
  2⤵
  PID:4328
- C:\Windows\System\VtIviNu.exe
  C:\Windows\System\VtIviNu.exe
  2⤵
  PID:4368
- C:\Windows\System\CyPOIIV.exe
  C:\Windows\System\CyPOIIV.exe
  2⤵
  PID:4372
- C:\Windows\System\aYxveqw.exe
  C:\Windows\System\aYxveqw.exe
  2⤵
  PID:4388
- C:\Windows\System\wllRxTt.exe
  C:\Windows\System\wllRxTt.exe
  2⤵
  PID:4428
- C:\Windows\System\DOfNTOo.exe
  C:\Windows\System\DOfNTOo.exe
  2⤵
  PID:4476
- C:\Windows\System\RgzFCOn.exe
  C:\Windows\System\RgzFCOn.exe
  2⤵
  PID:4528
- C:\Windows\System\rEbtSjQ.exe
  C:\Windows\System\rEbtSjQ.exe
  2⤵
  PID:4512
- C:\Windows\System\tRtjLwP.exe
  C:\Windows\System\tRtjLwP.exe
  2⤵
  PID:4572
- C:\Windows\System\gJseuzy.exe
  C:\Windows\System\gJseuzy.exe
  2⤵
  PID:4616
- C:\Windows\System\hRUpzrs.exe
  C:\Windows\System\hRUpzrs.exe
  2⤵
  PID:4652
- C:\Windows\System\HThjisI.exe
  C:\Windows\System\HThjisI.exe
  2⤵
  PID:4668
- C:\Windows\System\WoOuXdw.exe
  C:\Windows\System\WoOuXdw.exe
  2⤵
  PID:4708
- C:\Windows\System\IUWaXmo.exe
  C:\Windows\System\IUWaXmo.exe
  2⤵
  PID:4732
- C:\Windows\System\tOcQDNq.exe
  C:\Windows\System\tOcQDNq.exe
  2⤵
  PID:4776
- C:\Windows\System\HQvfpqP.exe
  C:\Windows\System\HQvfpqP.exe
  2⤵
  PID:4812
- C:\Windows\System\rhrnJrE.exe
  C:\Windows\System\rhrnJrE.exe
  2⤵
  PID:4852
- C:\Windows\System\CagDwzc.exe
  C:\Windows\System\CagDwzc.exe
  2⤵
  PID:4888
- C:\Windows\System\ccySgtK.exe
  C:\Windows\System\ccySgtK.exe
  2⤵
  PID:4908
- C:\Windows\System\dTvNKhN.exe
  C:\Windows\System\dTvNKhN.exe
  2⤵
  PID:4932
- C:\Windows\System\VzmaJHf.exe
  C:\Windows\System\VzmaJHf.exe
  2⤵
  PID:4956
- C:\Windows\System\ymSBwQY.exe
  C:\Windows\System\ymSBwQY.exe
  2⤵
  PID:5012
- C:\Windows\System\xhnoKYh.exe
  C:\Windows\System\xhnoKYh.exe
  2⤵
  PID:5056
- C:\Windows\System\gAvGWKo.exe
  C:\Windows\System\gAvGWKo.exe
  2⤵
  PID:5096
- C:\Windows\System\mpdGwWW.exe
  C:\Windows\System\mpdGwWW.exe
  2⤵
  PID:3680
- C:\Windows\System\RYnqMdo.exe
  C:\Windows\System\RYnqMdo.exe
  2⤵
  PID:5112
- C:\Windows\System\YQomwbd.exe
  C:\Windows\System\YQomwbd.exe
  2⤵
  PID:3800
- C:\Windows\System\BWIoLCm.exe
  C:\Windows\System\BWIoLCm.exe
  2⤵
  PID:4020
- C:\Windows\System\nkLyQba.exe
  C:\Windows\System\nkLyQba.exe
  2⤵
  PID:4040
- C:\Windows\System\dAlhGGy.exe
  C:\Windows\System\dAlhGGy.exe
  2⤵
  PID:3096
- C:\Windows\System\LEfIRDE.exe
  C:\Windows\System\LEfIRDE.exe
  2⤵
  PID:2512
- C:\Windows\System\bIvecjg.exe
  C:\Windows\System\bIvecjg.exe
  2⤵
  PID:3256
- C:\Windows\System\uBZzRkg.exe
  C:\Windows\System\uBZzRkg.exe
  2⤵
  PID:3464
- C:\Windows\System\VqpiKwH.exe
  C:\Windows\System\VqpiKwH.exe
  2⤵
  PID:4176
- C:\Windows\System\zLkyWGA.exe
  C:\Windows\System\zLkyWGA.exe
  2⤵
  PID:4188
- C:\Windows\System\jlKjeFn.exe
  C:\Windows\System\jlKjeFn.exe
  2⤵
  PID:4316
- C:\Windows\System\yhwKCgL.exe
  C:\Windows\System\yhwKCgL.exe
  2⤵
  PID:4252
- C:\Windows\System\YEMrfZo.exe
  C:\Windows\System\YEMrfZo.exe
  2⤵
  PID:4352
- C:\Windows\System\emCgtYa.exe
  C:\Windows\System\emCgtYa.exe
  2⤵
  PID:4448
- C:\Windows\System\WPiPKUw.exe
  C:\Windows\System\WPiPKUw.exe
  2⤵
  PID:4496
- C:\Windows\System\copxNBS.exe
  C:\Windows\System\copxNBS.exe
  2⤵
  PID:4568
- C:\Windows\System\rlVjEbo.exe
  C:\Windows\System\rlVjEbo.exe
  2⤵
  PID:4592
- C:\Windows\System\qpnOEYI.exe
  C:\Windows\System\qpnOEYI.exe
  2⤵
  PID:4692
- C:\Windows\System\LSVgOml.exe
  C:\Windows\System\LSVgOml.exe
  2⤵
  PID:4748
- C:\Windows\System\bnRoKqO.exe
  C:\Windows\System\bnRoKqO.exe
  2⤵
  PID:4736
- C:\Windows\System\waRCvjV.exe
  C:\Windows\System\waRCvjV.exe
  2⤵
  PID:4856
- C:\Windows\System\MFXTdED.exe
  C:\Windows\System\MFXTdED.exe
  2⤵
  PID:4872
- C:\Windows\System\XlGkwMO.exe
  C:\Windows\System\XlGkwMO.exe
  2⤵
  PID:4928
- C:\Windows\System\YUirkDT.exe
  C:\Windows\System\YUirkDT.exe
  2⤵
  PID:4988
- C:\Windows\System\eGDQHGO.exe
  C:\Windows\System\eGDQHGO.exe
  2⤵
  PID:5008
- C:\Windows\System\SqVlMOK.exe
  C:\Windows\System\SqVlMOK.exe
  2⤵
  PID:5072
- C:\Windows\System\gMtSEIg.exe
  C:\Windows\System\gMtSEIg.exe
  2⤵
  PID:5116
- C:\Windows\System\lmQBlnL.exe
  C:\Windows\System\lmQBlnL.exe
  2⤵
  PID:3944
- C:\Windows\System\ynKJpGe.exe
  C:\Windows\System\ynKJpGe.exe
  2⤵
  PID:3136
- C:\Windows\System\jzePXVE.exe
  C:\Windows\System\jzePXVE.exe
  2⤵
  PID:3500
- C:\Windows\System\lzAcnnZ.exe
  C:\Windows\System\lzAcnnZ.exe
  2⤵
  PID:3396
- C:\Windows\System\NaADCsf.exe
  C:\Windows\System\NaADCsf.exe
  2⤵
  PID:4116
- C:\Windows\System\IJJdfeq.exe
  C:\Windows\System\IJJdfeq.exe
  2⤵
  PID:4292
- C:\Windows\System\Mwjpgko.exe
  C:\Windows\System\Mwjpgko.exe
  2⤵
  PID:4412
- C:\Windows\System\vYqHhda.exe
  C:\Windows\System\vYqHhda.exe
  2⤵
  PID:4432
- C:\Windows\System\fwSZthL.exe
  C:\Windows\System\fwSZthL.exe
  2⤵
  PID:4552
- C:\Windows\System\WurQfbM.exe
  C:\Windows\System\WurQfbM.exe
  2⤵
  PID:4588
- C:\Windows\System\bkbVEaM.exe
  C:\Windows\System\bkbVEaM.exe
  2⤵
  PID:4676
- C:\Windows\System\KqXXHUP.exe
  C:\Windows\System\KqXXHUP.exe
  2⤵
  PID:4832
- C:\Windows\System\JCCNXNz.exe
  C:\Windows\System\JCCNXNz.exe
  2⤵
  PID:5132
- C:\Windows\System\ACThEfG.exe
  C:\Windows\System\ACThEfG.exe
  2⤵
  PID:5148
- C:\Windows\System\JVRkhmc.exe
  C:\Windows\System\JVRkhmc.exe
  2⤵
  PID:5164
- C:\Windows\System\EvieLIj.exe
  C:\Windows\System\EvieLIj.exe
  2⤵
  PID:5188
- C:\Windows\System\EEJEEfy.exe
  C:\Windows\System\EEJEEfy.exe
  2⤵
  PID:5208
- C:\Windows\System\EqqhdzP.exe
  C:\Windows\System\EqqhdzP.exe
  2⤵
  PID:5228
- C:\Windows\System\UqhjWzL.exe
  C:\Windows\System\UqhjWzL.exe
  2⤵
  PID:5248
- C:\Windows\System\VIfsKqP.exe
  C:\Windows\System\VIfsKqP.exe
  2⤵
  PID:5272
- C:\Windows\System\zMFGTBm.exe
  C:\Windows\System\zMFGTBm.exe
  2⤵
  PID:5292
- C:\Windows\System\xKXDzQY.exe
  C:\Windows\System\xKXDzQY.exe
  2⤵
  PID:5312
- C:\Windows\System\MTSjOjV.exe
  C:\Windows\System\MTSjOjV.exe
  2⤵
  PID:5332
- C:\Windows\System\AnWUuIa.exe
  C:\Windows\System\AnWUuIa.exe
  2⤵
  PID:5352
- C:\Windows\System\lNVoPuK.exe
  C:\Windows\System\lNVoPuK.exe
  2⤵
  PID:5372
- C:\Windows\System\KUNXtLQ.exe
  C:\Windows\System\KUNXtLQ.exe
  2⤵
  PID:5392
- C:\Windows\System\sOjqYaB.exe
  C:\Windows\System\sOjqYaB.exe
  2⤵
  PID:5412
- C:\Windows\System\jpBqzCe.exe
  C:\Windows\System\jpBqzCe.exe
  2⤵
  PID:5432
- C:\Windows\System\SjpRRDj.exe
  C:\Windows\System\SjpRRDj.exe
  2⤵
  PID:5452
- C:\Windows\System\yVuorRx.exe
  C:\Windows\System\yVuorRx.exe
  2⤵
  PID:5468
- C:\Windows\System\wJbVnMq.exe
  C:\Windows\System\wJbVnMq.exe
  2⤵
  PID:5492
- C:\Windows\System\dukMszp.exe
  C:\Windows\System\dukMszp.exe
  2⤵
  PID:5508
- C:\Windows\System\vOzzXuC.exe
  C:\Windows\System\vOzzXuC.exe
  2⤵
  PID:5532
- C:\Windows\System\VSNXAsA.exe
  C:\Windows\System\VSNXAsA.exe
  2⤵
  PID:5548
- C:\Windows\System\BRxxsdK.exe
  C:\Windows\System\BRxxsdK.exe
  2⤵
  PID:5572
- C:\Windows\System\LKSniqT.exe
  C:\Windows\System\LKSniqT.exe
  2⤵
  PID:5592
- C:\Windows\System\lZdJpbG.exe
  C:\Windows\System\lZdJpbG.exe
  2⤵
  PID:5612
- C:\Windows\System\OlFdptO.exe
  C:\Windows\System\OlFdptO.exe
  2⤵
  PID:5632
- C:\Windows\System\OLAAOHy.exe
  C:\Windows\System\OLAAOHy.exe
  2⤵
  PID:5652
- C:\Windows\System\BFbpOji.exe
  C:\Windows\System\BFbpOji.exe
  2⤵
  PID:5668
- C:\Windows\System\xmIUGXm.exe
  C:\Windows\System\xmIUGXm.exe
  2⤵
  PID:5688
- C:\Windows\System\bzfDVYq.exe
  C:\Windows\System\bzfDVYq.exe
  2⤵
  PID:5708
- C:\Windows\System\KTJwObj.exe
  C:\Windows\System\KTJwObj.exe
  2⤵
  PID:5732
- C:\Windows\System\UNlPYFw.exe
  C:\Windows\System\UNlPYFw.exe
  2⤵
  PID:5748
- C:\Windows\System\eWptAkN.exe
  C:\Windows\System\eWptAkN.exe
  2⤵
  PID:5772
- C:\Windows\System\YcWswPq.exe
  C:\Windows\System\YcWswPq.exe
  2⤵
  PID:5792
- C:\Windows\System\hCXhTtS.exe
  C:\Windows\System\hCXhTtS.exe
  2⤵
  PID:5812
- C:\Windows\System\dYFAENK.exe
  C:\Windows\System\dYFAENK.exe
  2⤵
  PID:5832
- C:\Windows\System\rSvTkvF.exe
  C:\Windows\System\rSvTkvF.exe
  2⤵
  PID:5852
- C:\Windows\System\SBqmfMj.exe
  C:\Windows\System\SBqmfMj.exe
  2⤵
  PID:5872
- C:\Windows\System\wBWOrut.exe
  C:\Windows\System\wBWOrut.exe
  2⤵
  PID:5892
- C:\Windows\System\DyraNzm.exe
  C:\Windows\System\DyraNzm.exe
  2⤵
  PID:5912
- C:\Windows\System\fAcFdcF.exe
  C:\Windows\System\fAcFdcF.exe
  2⤵
  PID:5932
- C:\Windows\System\BMsaksY.exe
  C:\Windows\System\BMsaksY.exe
  2⤵
  PID:5952
- C:\Windows\System\aLwKVPG.exe
  C:\Windows\System\aLwKVPG.exe
  2⤵
  PID:5968
- C:\Windows\System\atLnJyA.exe
  C:\Windows\System\atLnJyA.exe
  2⤵
  PID:5984
- C:\Windows\System\FnuHFwb.exe
  C:\Windows\System\FnuHFwb.exe
  2⤵
  PID:6004
- C:\Windows\System\sGhzlho.exe
  C:\Windows\System\sGhzlho.exe
  2⤵
  PID:6024
- C:\Windows\System\BzvQkUz.exe
  C:\Windows\System\BzvQkUz.exe
  2⤵
  PID:6040
- C:\Windows\System\vQzpLqd.exe
  C:\Windows\System\vQzpLqd.exe
  2⤵
  PID:6064
- C:\Windows\System\tBwDTSH.exe
  C:\Windows\System\tBwDTSH.exe
  2⤵
  PID:6088
- C:\Windows\System\NZsSDei.exe
  C:\Windows\System\NZsSDei.exe
  2⤵
  PID:6108
- C:\Windows\System\cjXxaGc.exe
  C:\Windows\System\cjXxaGc.exe
  2⤵
  PID:6128
- C:\Windows\System\vwUKTLI.exe
  C:\Windows\System\vwUKTLI.exe
  2⤵
  PID:4952
- C:\Windows\System\fGghkcy.exe
  C:\Windows\System\fGghkcy.exe
  2⤵
  PID:4976
- C:\Windows\System\tENBvQO.exe
  C:\Windows\System\tENBvQO.exe
  2⤵
  PID:3704
- C:\Windows\System\LXLaGHj.exe
  C:\Windows\System\LXLaGHj.exe
  2⤵
  PID:2988
- C:\Windows\System\mlhNfXX.exe
  C:\Windows\System\mlhNfXX.exe
  2⤵
  PID:2656
- C:\Windows\System\sbfjbua.exe
  C:\Windows\System\sbfjbua.exe
  2⤵
  PID:3420
- C:\Windows\System\nRzvPWp.exe
  C:\Windows\System\nRzvPWp.exe
  2⤵
  PID:4416
- C:\Windows\System\Igrisqx.exe
  C:\Windows\System\Igrisqx.exe
  2⤵
  PID:4308
- C:\Windows\System\dlNwmaY.exe
  C:\Windows\System\dlNwmaY.exe
  2⤵
  PID:4636
- C:\Windows\System\sRMuvOV.exe
  C:\Windows\System\sRMuvOV.exe
  2⤵
  PID:4792
- C:\Windows\System\DpeCvpX.exe
  C:\Windows\System\DpeCvpX.exe
  2⤵
  PID:5156
- C:\Windows\System\niKIcBY.exe
  C:\Windows\System\niKIcBY.exe
  2⤵
  PID:5200
- C:\Windows\System\AxVOQRH.exe
  C:\Windows\System\AxVOQRH.exe
  2⤵
  PID:5176
- C:\Windows\System\XlhrQRx.exe
  C:\Windows\System\XlhrQRx.exe
  2⤵
  PID:5240
- C:\Windows\System\KBiwclM.exe
  C:\Windows\System\KBiwclM.exe
  2⤵
  PID:5256
- C:\Windows\System\GGBbPFk.exe
  C:\Windows\System\GGBbPFk.exe
  2⤵
  PID:5264
- C:\Windows\System\CiLcRex.exe
  C:\Windows\System\CiLcRex.exe
  2⤵
  PID:5360
- C:\Windows\System\WiQIkcM.exe
  C:\Windows\System\WiQIkcM.exe
  2⤵
  PID:5308
- C:\Windows\System\zBHNnxi.exe
  C:\Windows\System\zBHNnxi.exe
  2⤵
  PID:5380
- C:\Windows\System\bOQGZHp.exe
  C:\Windows\System\bOQGZHp.exe
  2⤵
  PID:5404
- C:\Windows\System\IKqoNRH.exe
  C:\Windows\System\IKqoNRH.exe
  2⤵
  PID:5428
- C:\Windows\System\KwqHUtT.exe
  C:\Windows\System\KwqHUtT.exe
  2⤵
  PID:5460
- C:\Windows\System\CMyBysl.exe
  C:\Windows\System\CMyBysl.exe
  2⤵
  PID:5520
- C:\Windows\System\xviKIsD.exe
  C:\Windows\System\xviKIsD.exe
  2⤵
  PID:5500
- C:\Windows\System\hpYHkvv.exe
  C:\Windows\System\hpYHkvv.exe
  2⤵
  PID:5608
- C:\Windows\System\vFzHSkB.exe
  C:\Windows\System\vFzHSkB.exe
  2⤵
  PID:5684
- C:\Windows\System\pnqlvJJ.exe
  C:\Windows\System\pnqlvJJ.exe
  2⤵
  PID:5716
- C:\Windows\System\yqDVeqT.exe
  C:\Windows\System\yqDVeqT.exe
  2⤵
  PID:5628
- C:\Windows\System\IaSFAjZ.exe
  C:\Windows\System\IaSFAjZ.exe
  2⤵
  PID:5768
- C:\Windows\System\ZXMhDJs.exe
  C:\Windows\System\ZXMhDJs.exe
  2⤵
  PID:5704
- C:\Windows\System\RtVLgKA.exe
  C:\Windows\System\RtVLgKA.exe
  2⤵
  PID:5848
- C:\Windows\System\BqXNNIm.exe
  C:\Windows\System\BqXNNIm.exe
  2⤵
  PID:5888
- C:\Windows\System\rDFlAMI.exe
  C:\Windows\System\rDFlAMI.exe
  2⤵
  PID:5780
- C:\Windows\System\yIKVERQ.exe
  C:\Windows\System\yIKVERQ.exe
  2⤵
  PID:5992
- C:\Windows\System\eFbJYFQ.exe
  C:\Windows\System\eFbJYFQ.exe
  2⤵
  PID:5828
- C:\Windows\System\xxoIggV.exe
  C:\Windows\System\xxoIggV.exe
  2⤵
  PID:5864
- C:\Windows\System\KktUKPH.exe
  C:\Windows\System\KktUKPH.exe
  2⤵
  PID:6072
- C:\Windows\System\FfOhEfs.exe
  C:\Windows\System\FfOhEfs.exe
  2⤵
  PID:6120
- C:\Windows\System\PgQiYRz.exe
  C:\Windows\System\PgQiYRz.exe
  2⤵
  PID:5976
- C:\Windows\System\TOjrEJT.exe
  C:\Windows\System\TOjrEJT.exe
  2⤵
  PID:4936
- C:\Windows\System\zcugarM.exe
  C:\Windows\System\zcugarM.exe
  2⤵
  PID:6060
- C:\Windows\System\pyPNIYv.exe
  C:\Windows\System\pyPNIYv.exe
  2⤵
  PID:6104
- C:\Windows\System\HBAWUbX.exe
  C:\Windows\System\HBAWUbX.exe
  2⤵
  PID:6136
- C:\Windows\System\sgAiJWk.exe
  C:\Windows\System\sgAiJWk.exe
  2⤵
  PID:5052
- C:\Windows\System\jCCgrIV.exe
  C:\Windows\System\jCCgrIV.exe
  2⤵
  PID:4168
- C:\Windows\System\fIEiQTY.exe
  C:\Windows\System\fIEiQTY.exe
  2⤵
  PID:4648
- C:\Windows\System\dvzZtyo.exe
  C:\Windows\System\dvzZtyo.exe
  2⤵
  PID:4336
- C:\Windows\System\UngsEZM.exe
  C:\Windows\System\UngsEZM.exe
  2⤵
  PID:4892
- C:\Windows\System\uMAmXZT.exe
  C:\Windows\System\uMAmXZT.exe
  2⤵
  PID:5288
- C:\Windows\System\CiBBxjD.exe
  C:\Windows\System\CiBBxjD.exe
  2⤵
  PID:5220
- C:\Windows\System\SyyALRb.exe
  C:\Windows\System\SyyALRb.exe
  2⤵
  PID:5324
- C:\Windows\System\rNjvmMn.exe
  C:\Windows\System\rNjvmMn.exe
  2⤵
  PID:5476
- C:\Windows\System\hkbusjY.exe
  C:\Windows\System\hkbusjY.exe
  2⤵
  PID:5560
- C:\Windows\System\hZXATtG.exe
  C:\Windows\System\hZXATtG.exe
  2⤵
  PID:5420
- C:\Windows\System\cVgElYb.exe
  C:\Windows\System\cVgElYb.exe
  2⤵
  PID:5524
- C:\Windows\System\oJECtOV.exe
  C:\Windows\System\oJECtOV.exe
  2⤵
  PID:5644
- C:\Windows\System\hlhJJcO.exe
  C:\Windows\System\hlhJJcO.exe
  2⤵
  PID:5580
- C:\Windows\System\FGxpYXQ.exe
  C:\Windows\System\FGxpYXQ.exe
  2⤵
  PID:5740
- C:\Windows\System\qovoLLX.exe
  C:\Windows\System\qovoLLX.exe
  2⤵
  PID:5588
- C:\Windows\System\NnfeWYT.exe
  C:\Windows\System\NnfeWYT.exe
  2⤵
  PID:5804
- C:\Windows\System\NOjquFZ.exe
  C:\Windows\System\NOjquFZ.exe
  2⤵
  PID:6032
- C:\Windows\System\izXCjAS.exe
  C:\Windows\System\izXCjAS.exe
  2⤵
  PID:6084
- C:\Windows\System\gJqDVcR.exe
  C:\Windows\System\gJqDVcR.exe
  2⤵
  PID:6000
- C:\Windows\System\UPlBMby.exe
  C:\Windows\System\UPlBMby.exe
  2⤵
  PID:5908
- C:\Windows\System\NlngMmh.exe
  C:\Windows\System\NlngMmh.exe
  2⤵
  PID:3232
- C:\Windows\System\rancDex.exe
  C:\Windows\System\rancDex.exe
  2⤵
  PID:4232
- C:\Windows\System\rMaxdjz.exe
  C:\Windows\System\rMaxdjz.exe
  2⤵
  PID:5196
- C:\Windows\System\moUmfQG.exe
  C:\Windows\System\moUmfQG.exe
  2⤵
  PID:5172
- C:\Windows\System\MOhqLFF.exe
  C:\Windows\System\MOhqLFF.exe
  2⤵
  PID:5124
- C:\Windows\System\bpKFnoM.exe
  C:\Windows\System\bpKFnoM.exe
  2⤵
  PID:5224
- C:\Windows\System\VOizJlj.exe
  C:\Windows\System\VOizJlj.exe
  2⤵
  PID:5344
- C:\Windows\System\VAdiciP.exe
  C:\Windows\System\VAdiciP.exe
  2⤵
  PID:5640
- C:\Windows\System\ZXBexBo.exe
  C:\Windows\System\ZXBexBo.exe
  2⤵
  PID:5540
- C:\Windows\System\SVNfdMZ.exe
  C:\Windows\System\SVNfdMZ.exe
  2⤵
  PID:2088
- C:\Windows\System\WyYhSFm.exe
  C:\Windows\System\WyYhSFm.exe
  2⤵
  PID:5928
- C:\Windows\System\HJpySob.exe
  C:\Windows\System\HJpySob.exe
  2⤵
  PID:6012
- C:\Windows\System\QzhdZCQ.exe
  C:\Windows\System\QzhdZCQ.exe
  2⤵
  PID:5584
- C:\Windows\System\uqVCnMK.exe
  C:\Windows\System\uqVCnMK.exe
  2⤵
  PID:6152
- C:\Windows\System\HsFihNZ.exe
  C:\Windows\System\HsFihNZ.exe
  2⤵
  PID:6168
- C:\Windows\System\AvMOUSh.exe
  C:\Windows\System\AvMOUSh.exe
  2⤵
  PID:6188
- C:\Windows\System\HagnhGF.exe
  C:\Windows\System\HagnhGF.exe
  2⤵
  PID:6208
- C:\Windows\System\GoezfLm.exe
  C:\Windows\System\GoezfLm.exe
  2⤵
  PID:6224
- C:\Windows\System\ojHRphS.exe
  C:\Windows\System\ojHRphS.exe
  2⤵
  PID:6248
- C:\Windows\System\ZjPoJqO.exe
  C:\Windows\System\ZjPoJqO.exe
  2⤵
  PID:6296
- C:\Windows\System\xsPgPyo.exe
  C:\Windows\System\xsPgPyo.exe
  2⤵
  PID:6312
- C:\Windows\System\YGbHboT.exe
  C:\Windows\System\YGbHboT.exe
  2⤵
  PID:6328
- C:\Windows\System\LQqyCEx.exe
  C:\Windows\System\LQqyCEx.exe
  2⤵
  PID:6344
- C:\Windows\System\srpYeOm.exe
  C:\Windows\System\srpYeOm.exe
  2⤵
  PID:6360
- C:\Windows\System\SDOIkxr.exe
  C:\Windows\System\SDOIkxr.exe
  2⤵
  PID:6376
- C:\Windows\System\FIfVNEc.exe
  C:\Windows\System\FIfVNEc.exe
  2⤵
  PID:6392
- C:\Windows\System\hNJilQi.exe
  C:\Windows\System\hNJilQi.exe
  2⤵
  PID:6416
- C:\Windows\System\sYfDqJv.exe
  C:\Windows\System\sYfDqJv.exe
  2⤵
  PID:6432
- C:\Windows\System\nWtcZdS.exe
  C:\Windows\System\nWtcZdS.exe
  2⤵
  PID:6448
- C:\Windows\System\rcnbqnZ.exe
  C:\Windows\System\rcnbqnZ.exe
  2⤵
  PID:6464
- C:\Windows\System\butEreG.exe
  C:\Windows\System\butEreG.exe
  2⤵
  PID:6480
- C:\Windows\System\zehJPqq.exe
  C:\Windows\System\zehJPqq.exe
  2⤵
  PID:6496
- C:\Windows\System\yUTQtpR.exe
  C:\Windows\System\yUTQtpR.exe
  2⤵
  PID:6516
- C:\Windows\System\TVQGdek.exe
  C:\Windows\System\TVQGdek.exe
  2⤵
  PID:6536
- C:\Windows\System\cnILXvV.exe
  C:\Windows\System\cnILXvV.exe
  2⤵
  PID:6556
- C:\Windows\System\EgvSubi.exe
  C:\Windows\System\EgvSubi.exe
  2⤵
  PID:6572
- C:\Windows\System\QgaFSVI.exe
  C:\Windows\System\QgaFSVI.exe
  2⤵
  PID:6588
- C:\Windows\System\oBrFQWp.exe
  C:\Windows\System\oBrFQWp.exe
  2⤵
  PID:6604
- C:\Windows\System\jgvyhDa.exe
  C:\Windows\System\jgvyhDa.exe
  2⤵
  PID:6620
- C:\Windows\System\xHhRGTp.exe
  C:\Windows\System\xHhRGTp.exe
  2⤵
  PID:6636
- C:\Windows\System\qBdqUCe.exe
  C:\Windows\System\qBdqUCe.exe
  2⤵
  PID:6660
- C:\Windows\System\aOCqGrZ.exe
  C:\Windows\System\aOCqGrZ.exe
  2⤵
  PID:6676
- C:\Windows\System\UarEvDd.exe
  C:\Windows\System\UarEvDd.exe
  2⤵
  PID:6692
- C:\Windows\System\CuASWbI.exe
  C:\Windows\System\CuASWbI.exe
  2⤵
  PID:6708
- C:\Windows\System\vlmlaom.exe
  C:\Windows\System\vlmlaom.exe
  2⤵
  PID:6724
- C:\Windows\System\nTUYhuC.exe
  C:\Windows\System\nTUYhuC.exe
  2⤵
  PID:6740
- C:\Windows\System\rvtkPIw.exe
  C:\Windows\System\rvtkPIw.exe
  2⤵
  PID:6756
- C:\Windows\System\BfIyJdH.exe
  C:\Windows\System\BfIyJdH.exe
  2⤵
  PID:6772
- C:\Windows\System\QdQzYjr.exe
  C:\Windows\System\QdQzYjr.exe
  2⤵
  PID:6788
- C:\Windows\System\mxWKCgF.exe
  C:\Windows\System\mxWKCgF.exe
  2⤵
  PID:6804
- C:\Windows\System\kOGKiMT.exe
  C:\Windows\System\kOGKiMT.exe
  2⤵
  PID:6820
- C:\Windows\System\dCZyDcv.exe
  C:\Windows\System\dCZyDcv.exe
  2⤵
  PID:6836
- C:\Windows\System\xtSquJn.exe
  C:\Windows\System\xtSquJn.exe
  2⤵
  PID:6852
- C:\Windows\System\fzKgnyF.exe
  C:\Windows\System\fzKgnyF.exe
  2⤵
  PID:6868
- C:\Windows\System\STIUAfA.exe
  C:\Windows\System\STIUAfA.exe
  2⤵
  PID:6884
- C:\Windows\System\cuqDojs.exe
  C:\Windows\System\cuqDojs.exe
  2⤵
  PID:6900
- C:\Windows\System\kqMZXqb.exe
  C:\Windows\System\kqMZXqb.exe
  2⤵
  PID:6916
- C:\Windows\System\TVCnjLi.exe
  C:\Windows\System\TVCnjLi.exe
  2⤵
  PID:6932
- C:\Windows\System\KKQmtLv.exe
  C:\Windows\System\KKQmtLv.exe
  2⤵
  PID:6948
- C:\Windows\System\JDoLhCA.exe
  C:\Windows\System\JDoLhCA.exe
  2⤵
  PID:6964
- C:\Windows\System\xQWvpey.exe
  C:\Windows\System\xQWvpey.exe
  2⤵
  PID:6980
- C:\Windows\System\WCTYeaY.exe
  C:\Windows\System\WCTYeaY.exe
  2⤵
  PID:6996
- C:\Windows\System\GngtlSy.exe
  C:\Windows\System\GngtlSy.exe
  2⤵
  PID:7012
- C:\Windows\System\qmttWRF.exe
  C:\Windows\System\qmttWRF.exe
  2⤵
  PID:7028
- C:\Windows\System\wTPIqMy.exe
  C:\Windows\System\wTPIqMy.exe
  2⤵
  PID:7044
- C:\Windows\System\ZoosKNQ.exe
  C:\Windows\System\ZoosKNQ.exe
  2⤵
  PID:7060
- C:\Windows\System\iYGOHDo.exe
  C:\Windows\System\iYGOHDo.exe
  2⤵
  PID:7076
- C:\Windows\System\BjJwmRu.exe
  C:\Windows\System\BjJwmRu.exe
  2⤵
  PID:7092
- C:\Windows\System\QOkfKzc.exe
  C:\Windows\System\QOkfKzc.exe
  2⤵
  PID:7108
- C:\Windows\System\WsepEsg.exe
  C:\Windows\System\WsepEsg.exe
  2⤵
  PID:7124
- C:\Windows\System\fFFSEzU.exe
  C:\Windows\System\fFFSEzU.exe
  2⤵
  PID:7144
- C:\Windows\System\cfWTHPl.exe
  C:\Windows\System\cfWTHPl.exe
  2⤵
  PID:7160
- C:\Windows\System\ifEnyoe.exe
  C:\Windows\System\ifEnyoe.exe
  2⤵
  PID:4468
- C:\Windows\System\uBlNqbd.exe
  C:\Windows\System\uBlNqbd.exe
  2⤵
  PID:5444
- C:\Windows\System\BrhUwiy.exe
  C:\Windows\System\BrhUwiy.exe
  2⤵
  PID:344
- C:\Windows\System\jSpZlFY.exe
  C:\Windows\System\jSpZlFY.exe
  2⤵
  PID:5964
- C:\Windows\System\FsINtFe.exe
  C:\Windows\System\FsINtFe.exe
  2⤵
  PID:6176
- C:\Windows\System\gguovqN.exe
  C:\Windows\System\gguovqN.exe
  2⤵
  PID:4208
- C:\Windows\System\QxNeYFh.exe
  C:\Windows\System\QxNeYFh.exe
  2⤵
  PID:6216
- C:\Windows\System\kzxltPy.exe
  C:\Windows\System\kzxltPy.exe
  2⤵
  PID:6220
- C:\Windows\System\AvLRCOA.exe
  C:\Windows\System\AvLRCOA.exe
  2⤵
  PID:5764
- C:\Windows\System\nUNrdWc.exe
  C:\Windows\System\nUNrdWc.exe
  2⤵
  PID:5744
- C:\Windows\System\GNSmWuK.exe
  C:\Windows\System\GNSmWuK.exe
  2⤵
  PID:6200
- C:\Windows\System\XljcHou.exe
  C:\Windows\System\XljcHou.exe
  2⤵
  PID:6236
- C:\Windows\System\ohgoVQR.exe
  C:\Windows\System\ohgoVQR.exe
  2⤵
  PID:6308
- C:\Windows\System\GYdJjqq.exe
  C:\Windows\System\GYdJjqq.exe
  2⤵
  PID:6340
- C:\Windows\System\qIyVYfb.exe
  C:\Windows\System\qIyVYfb.exe
  2⤵
  PID:6372
- C:\Windows\System\ktfrnht.exe
  C:\Windows\System\ktfrnht.exe
  2⤵
  PID:6424
- C:\Windows\System\yLuXBzh.exe
  C:\Windows\System\yLuXBzh.exe
  2⤵
  PID:6456
- C:\Windows\System\GimbroY.exe
  C:\Windows\System\GimbroY.exe
  2⤵
  PID:6488
- C:\Windows\System\sXIILIx.exe
  C:\Windows\System\sXIILIx.exe
  2⤵
  PID:6524
- C:\Windows\System\qvBXwrm.exe
  C:\Windows\System\qvBXwrm.exe
  2⤵
  PID:6580
- C:\Windows\System\nhaMhgj.exe
  C:\Windows\System\nhaMhgj.exe
  2⤵
  PID:6584
- C:\Windows\System\lmfbfQw.exe
  C:\Windows\System\lmfbfQw.exe
  2⤵
  PID:6616
- C:\Windows\System\hUVITxS.exe
  C:\Windows\System\hUVITxS.exe
  2⤵
  PID:6648
- C:\Windows\System\zkvFJNb.exe
  C:\Windows\System\zkvFJNb.exe
  2⤵
  PID:6672
- C:\Windows\System\bfdBkdh.exe
  C:\Windows\System\bfdBkdh.exe
  2⤵
  PID:6704
- C:\Windows\System\RVxsqAc.exe
  C:\Windows\System\RVxsqAc.exe
  2⤵
  PID:6736
- C:\Windows\System\YQzmfiX.exe
  C:\Windows\System\YQzmfiX.exe
  2⤵
  PID:6768
- C:\Windows\System\fnbBlJi.exe
  C:\Windows\System\fnbBlJi.exe
  2⤵
  PID:6800
- C:\Windows\System\rcOqlAJ.exe
  C:\Windows\System\rcOqlAJ.exe
  2⤵
  PID:6832
- C:\Windows\System\ylJGuAZ.exe
  C:\Windows\System\ylJGuAZ.exe
  2⤵
  PID:6864
- C:\Windows\System\fNKDLJE.exe
  C:\Windows\System\fNKDLJE.exe
  2⤵
  PID:6908
- C:\Windows\System\tDNkDPQ.exe
  C:\Windows\System\tDNkDPQ.exe
  2⤵
  PID:6896
- C:\Windows\System\YgKiHIe.exe
  C:\Windows\System\YgKiHIe.exe
  2⤵
  PID:6972
- C:\Windows\System\FRmvfjL.exe
  C:\Windows\System\FRmvfjL.exe
  2⤵
  PID:7004
- C:\Windows\System\TqlndNz.exe
  C:\Windows\System\TqlndNz.exe
  2⤵
  PID:7036
- C:\Windows\System\bNExMYr.exe
  C:\Windows\System\bNExMYr.exe
  2⤵
  PID:7068
- C:\Windows\System\xoAfgSQ.exe
  C:\Windows\System\xoAfgSQ.exe
  2⤵
  PID:7100
- C:\Windows\System\LbhJxzj.exe
  C:\Windows\System\LbhJxzj.exe
  2⤵
  PID:7120
- C:\Windows\System\gRDQPSA.exe
  C:\Windows\System\gRDQPSA.exe
  2⤵
  PID:7156
- C:\Windows\System\EPbpWTa.exe
  C:\Windows\System\EPbpWTa.exe
  2⤵
  PID:1728
- C:\Windows\System\wyNhqYN.exe
  C:\Windows\System\wyNhqYN.exe
  2⤵
  PID:5328
- C:\Windows\System\AbNAGyU.exe
  C:\Windows\System\AbNAGyU.exe
  2⤵
  PID:6020
- C:\Windows\System\nAYJFfz.exe
  C:\Windows\System\nAYJFfz.exe
  2⤵
  PID:5068
- C:\Windows\System\HBHzSoC.exe
  C:\Windows\System\HBHzSoC.exe
  2⤵
  PID:1076
- C:\Windows\System\SSwqozO.exe
  C:\Windows\System\SSwqozO.exe
  2⤵
  PID:5924
- C:\Windows\System\cevromb.exe
  C:\Windows\System\cevromb.exe
  2⤵
  PID:6232
- C:\Windows\System\ILRGteL.exe
  C:\Windows\System\ILRGteL.exe
  2⤵
  PID:6256
- C:\Windows\System\JjTgXFT.exe
  C:\Windows\System\JjTgXFT.exe
  2⤵
  PID:6352
- C:\Windows\System\yhPEzjD.exe
  C:\Windows\System\yhPEzjD.exe
  2⤵
  PID:6428
- C:\Windows\System\CbXelYc.exe
  C:\Windows\System\CbXelYc.exe
  2⤵
  PID:6460
- C:\Windows\System\HDMouPH.exe
  C:\Windows\System\HDMouPH.exe
  2⤵
  PID:560
- C:\Windows\System\sIxepYl.exe
  C:\Windows\System\sIxepYl.exe
  2⤵
  PID:6644
- C:\Windows\System\GcHpDQz.exe
  C:\Windows\System\GcHpDQz.exe
  2⤵
  PID:2388
- C:\Windows\System\JPnTVmQ.exe
  C:\Windows\System\JPnTVmQ.exe
  2⤵
  PID:6700
- C:\Windows\System\odCZCPO.exe
  C:\Windows\System\odCZCPO.exe
  2⤵
  PID:1708
- C:\Windows\System\RcPpjBl.exe
  C:\Windows\System\RcPpjBl.exe
  2⤵
  PID:6828
- C:\Windows\System\JKgqhhd.exe
  C:\Windows\System\JKgqhhd.exe
  2⤵
  PID:6876
- C:\Windows\System\MOIjkCV.exe
  C:\Windows\System\MOIjkCV.exe
  2⤵
  PID:6956
- C:\Windows\System\aqxevNm.exe
  C:\Windows\System\aqxevNm.exe
  2⤵
  PID:6976
- C:\Windows\System\UbAdScC.exe
  C:\Windows\System\UbAdScC.exe
  2⤵
  PID:7056
- C:\Windows\System\KddUhTo.exe
  C:\Windows\System\KddUhTo.exe
  2⤵
  PID:7104
- C:\Windows\System\UIOPCIP.exe
  C:\Windows\System\UIOPCIP.exe
  2⤵
  PID:7116
- C:\Windows\System\ZItOJcn.exe
  C:\Windows\System\ZItOJcn.exe
  2⤵
  PID:5544
- C:\Windows\System\cdJsGmw.exe
  C:\Windows\System\cdJsGmw.exe
  2⤵
  PID:5128
- C:\Windows\System\RblyAKD.exe
  C:\Windows\System\RblyAKD.exe
  2⤵
  PID:5700
- C:\Windows\System\AbDmXTd.exe
  C:\Windows\System\AbDmXTd.exe
  2⤵
  PID:6164
- C:\Windows\System\bPQimcb.exe
  C:\Windows\System\bPQimcb.exe
  2⤵
  PID:6368
- C:\Windows\System\CveCWlI.exe
  C:\Windows\System\CveCWlI.exe
  2⤵
  PID:6492
- C:\Windows\System\TEmUeJg.exe
  C:\Windows\System\TEmUeJg.exe
  2⤵
  PID:6632
- C:\Windows\System\RWvcpnH.exe
  C:\Windows\System\RWvcpnH.exe
  2⤵
  PID:1732
- C:\Windows\System\dPeYQTg.exe
  C:\Windows\System\dPeYQTg.exe
  2⤵
  PID:6812
- C:\Windows\System\pqGEhmT.exe
  C:\Windows\System\pqGEhmT.exe
  2⤵
  PID:6944
- C:\Windows\System\hamEKxa.exe
  C:\Windows\System\hamEKxa.exe
  2⤵
  PID:1792
- C:\Windows\System\BocKYzw.exe
  C:\Windows\System\BocKYzw.exe
  2⤵
  PID:7040
- C:\Windows\System\uxzmDLL.exe
  C:\Windows\System\uxzmDLL.exe
  2⤵
  PID:2964
- C:\Windows\System\gEAGHFI.exe
  C:\Windows\System\gEAGHFI.exe
  2⤵
  PID:7184
- C:\Windows\System\UBSpHvT.exe
  C:\Windows\System\UBSpHvT.exe
  2⤵
  PID:7200
- C:\Windows\System\zYAkpUc.exe
  C:\Windows\System\zYAkpUc.exe
  2⤵
  PID:7216
- C:\Windows\System\uuceApM.exe
  C:\Windows\System\uuceApM.exe
  2⤵
  PID:7232
- C:\Windows\System\KXXWkCR.exe
  C:\Windows\System\KXXWkCR.exe
  2⤵
  PID:7248
- C:\Windows\System\eAlgLbm.exe
  C:\Windows\System\eAlgLbm.exe
  2⤵
  PID:7264
- C:\Windows\System\wDcWtiF.exe
  C:\Windows\System\wDcWtiF.exe
  2⤵
  PID:7280
- C:\Windows\System\gTRCEJz.exe
  C:\Windows\System\gTRCEJz.exe
  2⤵
  PID:7296
- C:\Windows\System\LTiBEQk.exe
  C:\Windows\System\LTiBEQk.exe
  2⤵
  PID:7312
- C:\Windows\System\hzXDdVw.exe
  C:\Windows\System\hzXDdVw.exe
  2⤵
  PID:7328
- C:\Windows\System\XFjGVst.exe
  C:\Windows\System\XFjGVst.exe
  2⤵
  PID:7344
- C:\Windows\System\nzetZMp.exe
  C:\Windows\System\nzetZMp.exe
  2⤵
  PID:7360
- C:\Windows\System\hauRSRJ.exe
  C:\Windows\System\hauRSRJ.exe
  2⤵
  PID:7376
- C:\Windows\System\tDsIZDj.exe
  C:\Windows\System\tDsIZDj.exe
  2⤵
  PID:7392
- C:\Windows\System\RcAeifY.exe
  C:\Windows\System\RcAeifY.exe
  2⤵
  PID:7408
- C:\Windows\System\xItolGV.exe
  C:\Windows\System\xItolGV.exe
  2⤵
  PID:7424
- C:\Windows\System\ZzEzGWl.exe
  C:\Windows\System\ZzEzGWl.exe
  2⤵
  PID:7440
- C:\Windows\System\TGInjAv.exe
  C:\Windows\System\TGInjAv.exe
  2⤵
  PID:7456
- C:\Windows\System\YuYRJJn.exe
  C:\Windows\System\YuYRJJn.exe
  2⤵
  PID:7472
- C:\Windows\System\KDXnHBJ.exe
  C:\Windows\System\KDXnHBJ.exe
  2⤵
  PID:7488
- C:\Windows\System\OnADoMr.exe
  C:\Windows\System\OnADoMr.exe
  2⤵
  PID:7504
- C:\Windows\System\uLjvkdw.exe
  C:\Windows\System\uLjvkdw.exe
  2⤵
  PID:7520
- C:\Windows\System\iDitkIG.exe
  C:\Windows\System\iDitkIG.exe
  2⤵
  PID:7536
- C:\Windows\System\nFWenXy.exe
  C:\Windows\System\nFWenXy.exe
  2⤵
  PID:7552
- C:\Windows\System\whhNUUJ.exe
  C:\Windows\System\whhNUUJ.exe
  2⤵
  PID:7568
- C:\Windows\System\MGpwiYD.exe
  C:\Windows\System\MGpwiYD.exe
  2⤵
  PID:7584
- C:\Windows\System\SNLsFEO.exe
  C:\Windows\System\SNLsFEO.exe
  2⤵
  PID:7600
- C:\Windows\System\lLifAit.exe
  C:\Windows\System\lLifAit.exe
  2⤵
  PID:7616
- C:\Windows\System\MuNdSDe.exe
  C:\Windows\System\MuNdSDe.exe
  2⤵
  PID:7632
- C:\Windows\System\ZuqSWRH.exe
  C:\Windows\System\ZuqSWRH.exe
  2⤵
  PID:7648
- C:\Windows\System\zcryWhw.exe
  C:\Windows\System\zcryWhw.exe
  2⤵
  PID:7664
- C:\Windows\System\ISUTQTh.exe
  C:\Windows\System\ISUTQTh.exe
  2⤵
  PID:7680
- C:\Windows\System\goOOiib.exe
  C:\Windows\System\goOOiib.exe
  2⤵
  PID:7696
- C:\Windows\System\dlQXCaO.exe
  C:\Windows\System\dlQXCaO.exe
  2⤵
  PID:7712
- C:\Windows\System\Viwkvto.exe
  C:\Windows\System\Viwkvto.exe
  2⤵
  PID:7728
- C:\Windows\System\ZzWeHbq.exe
  C:\Windows\System\ZzWeHbq.exe
  2⤵
  PID:7744
- C:\Windows\System\MWzZOYw.exe
  C:\Windows\System\MWzZOYw.exe
  2⤵
  PID:7760
- C:\Windows\System\XoPMtXR.exe
  C:\Windows\System\XoPMtXR.exe
  2⤵
  PID:7776
- C:\Windows\System\TgacrOr.exe
  C:\Windows\System\TgacrOr.exe
  2⤵
  PID:7792
- C:\Windows\System\uzaOXBJ.exe
  C:\Windows\System\uzaOXBJ.exe
  2⤵
  PID:7808
- C:\Windows\System\HfIbDJM.exe
  C:\Windows\System\HfIbDJM.exe
  2⤵
  PID:7824
- C:\Windows\System\tUaOZnx.exe
  C:\Windows\System\tUaOZnx.exe
  2⤵
  PID:7840
- C:\Windows\System\dEPwzyn.exe
  C:\Windows\System\dEPwzyn.exe
  2⤵
  PID:7856
- C:\Windows\System\mxysRnQ.exe
  C:\Windows\System\mxysRnQ.exe
  2⤵
  PID:7872
- C:\Windows\System\pKQFoFZ.exe
  C:\Windows\System\pKQFoFZ.exe
  2⤵
  PID:7888
- C:\Windows\System\LihjjCb.exe
  C:\Windows\System\LihjjCb.exe
  2⤵
  PID:7904
- C:\Windows\System\traDqLu.exe
  C:\Windows\System\traDqLu.exe
  2⤵
  PID:7920
- C:\Windows\System\xAajQko.exe
  C:\Windows\System\xAajQko.exe
  2⤵
  PID:7936
- C:\Windows\System\SsLTLCk.exe
  C:\Windows\System\SsLTLCk.exe
  2⤵
  PID:7952
- C:\Windows\System\CftVgUg.exe
  C:\Windows\System\CftVgUg.exe
  2⤵
  PID:7968
- C:\Windows\System\OCXMvao.exe
  C:\Windows\System\OCXMvao.exe
  2⤵
  PID:7984
- C:\Windows\System\KRuFQkV.exe
  C:\Windows\System\KRuFQkV.exe
  2⤵
  PID:8000
- C:\Windows\System\eGYtltP.exe
  C:\Windows\System\eGYtltP.exe
  2⤵
  PID:8016
- C:\Windows\System\NBizUvH.exe
  C:\Windows\System\NBizUvH.exe
  2⤵
  PID:8032
- C:\Windows\System\PNfggFT.exe
  C:\Windows\System\PNfggFT.exe
  2⤵
  PID:8048
- C:\Windows\System\qJalonE.exe
  C:\Windows\System\qJalonE.exe
  2⤵
  PID:8064
- C:\Windows\System\ZqbmxtP.exe
  C:\Windows\System\ZqbmxtP.exe
  2⤵
  PID:8080
- C:\Windows\System\gQyoVKz.exe
  C:\Windows\System\gQyoVKz.exe
  2⤵
  PID:8096
- C:\Windows\System\matqNTE.exe
  C:\Windows\System\matqNTE.exe
  2⤵
  PID:8112
- C:\Windows\System\umYArlB.exe
  C:\Windows\System\umYArlB.exe
  2⤵
  PID:8128
- C:\Windows\System\MpAHNSG.exe
  C:\Windows\System\MpAHNSG.exe
  2⤵
  PID:8144
- C:\Windows\System\FONqnfD.exe
  C:\Windows\System\FONqnfD.exe
  2⤵
  PID:8160
- C:\Windows\System\NjdiWZo.exe
  C:\Windows\System\NjdiWZo.exe
  2⤵
  PID:8176
- C:\Windows\System\IJPjIWN.exe
  C:\Windows\System\IJPjIWN.exe
  2⤵
  PID:5144
- C:\Windows\System\NIxWkVp.exe
  C:\Windows\System\NIxWkVp.exe
  2⤵
  PID:5696
- C:\Windows\System\eMsJRvp.exe
  C:\Windows\System\eMsJRvp.exe
  2⤵
  PID:804
- C:\Windows\System\gVzOhQI.exe
  C:\Windows\System\gVzOhQI.exe
  2⤵
  PID:6600
- C:\Windows\System\ptJhlCI.exe
  C:\Windows\System\ptJhlCI.exe
  2⤵
  PID:6892
- C:\Windows\System\CAGFNka.exe
  C:\Windows\System\CAGFNka.exe
  2⤵
  PID:1536
- C:\Windows\System\ymejMrx.exe
  C:\Windows\System\ymejMrx.exe
  2⤵
  PID:7084
- C:\Windows\System\AcQgncr.exe
  C:\Windows\System\AcQgncr.exe
  2⤵
  PID:7196
- C:\Windows\System\tbIowbj.exe
  C:\Windows\System\tbIowbj.exe
  2⤵
  PID:7228
- C:\Windows\System\IMJRxBw.exe
  C:\Windows\System\IMJRxBw.exe
  2⤵
  PID:7240
- C:\Windows\System\pUabVqm.exe
  C:\Windows\System\pUabVqm.exe
  2⤵
  PID:7288
- C:\Windows\System\IRwWFrF.exe
  C:\Windows\System\IRwWFrF.exe
  2⤵
  PID:7320
- C:\Windows\System\gDMpxZL.exe
  C:\Windows\System\gDMpxZL.exe
  2⤵
  PID:7324
- C:\Windows\System\JflJDGI.exe
  C:\Windows\System\JflJDGI.exe
  2⤵
  PID:7356
- C:\Windows\System\asUODFU.exe
  C:\Windows\System\asUODFU.exe
  2⤵
  PID:7388
- C:\Windows\System\XPiguTl.exe
  C:\Windows\System\XPiguTl.exe
  2⤵
  PID:7420
- C:\Windows\System\AvSHYPs.exe
  C:\Windows\System\AvSHYPs.exe
  2⤵
  PID:7436
- C:\Windows\System\rYRWpCz.exe
  C:\Windows\System\rYRWpCz.exe
  2⤵
  PID:7468
- C:\Windows\System\BgxtSim.exe
  C:\Windows\System\BgxtSim.exe
  2⤵
  PID:1584
- C:\Windows\System\CUPzeNs.exe
  C:\Windows\System\CUPzeNs.exe
  2⤵
  PID:7532
- C:\Windows\System\ZuoUJtc.exe
  C:\Windows\System\ZuoUJtc.exe
  2⤵
  PID:7576
- C:\Windows\System\ZiROVeK.exe
  C:\Windows\System\ZiROVeK.exe
  2⤵
  PID:7596
- C:\Windows\System\LvUfLap.exe
  C:\Windows\System\LvUfLap.exe
  2⤵
  PID:7624
- C:\Windows\System\IgzXAai.exe
  C:\Windows\System\IgzXAai.exe
  2⤵
  PID:7672
- C:\Windows\System\ZUVRFnC.exe
  C:\Windows\System\ZUVRFnC.exe
  2⤵
  PID:7704
- C:\Windows\System\hibMVoV.exe
  C:\Windows\System\hibMVoV.exe
  2⤵
  PID:7720
- C:\Windows\System\WnxecMi.exe
  C:\Windows\System\WnxecMi.exe
  2⤵
  PID:7752
- C:\Windows\System\JfthMME.exe
  C:\Windows\System\JfthMME.exe
  2⤵
  PID:7784
- C:\Windows\System\BrKBDtG.exe
  C:\Windows\System\BrKBDtG.exe
  2⤵
  PID:7816
- C:\Windows\System\qndsSjX.exe
  C:\Windows\System\qndsSjX.exe
  2⤵
  PID:7848
- C:\Windows\System\taYJEsC.exe
  C:\Windows\System\taYJEsC.exe
  2⤵
  PID:7896
- C:\Windows\System\YUzUqaU.exe
  C:\Windows\System\YUzUqaU.exe
  2⤵
  PID:7912
- C:\Windows\System\fzAeWBn.exe
  C:\Windows\System\fzAeWBn.exe
  2⤵
  PID:7944
- C:\Windows\System\hhhvYsj.exe
  C:\Windows\System\hhhvYsj.exe
  2⤵
  PID:7948
- C:\Windows\System\mseDzHb.exe
  C:\Windows\System\mseDzHb.exe
  2⤵
  PID:7976
- C:\Windows\System\qDBjMLI.exe
  C:\Windows\System\qDBjMLI.exe
  2⤵
  PID:8008
- C:\Windows\System\uMswbMu.exe
  C:\Windows\System\uMswbMu.exe
  2⤵
  PID:8056
- C:\Windows\System\sApeJoA.exe
  C:\Windows\System\sApeJoA.exe
  2⤵
  PID:8072
- C:\Windows\System\NVYCsXe.exe
  C:\Windows\System\NVYCsXe.exe
  2⤵
  PID:2764
- C:\Windows\System\aUHfAZT.exe
  C:\Windows\System\aUHfAZT.exe
  2⤵
  PID:1992
- C:\Windows\System\GPTooAy.exe
  C:\Windows\System\GPTooAy.exe
  2⤵
  PID:8136
- C:\Windows\System\CWiHbRx.exe
  C:\Windows\System\CWiHbRx.exe
  2⤵
  PID:8184
- C:\Windows\System\ePVMyjM.exe
  C:\Windows\System\ePVMyjM.exe
  2⤵
  PID:8188
- C:\Windows\System\UzFAtkZ.exe
  C:\Windows\System\UzFAtkZ.exe
  2⤵
  PID:6116
- C:\Windows\System\bayVhyF.exe
  C:\Windows\System\bayVhyF.exe
  2⤵
  PID:6476
- C:\Windows\System\UvwNFfi.exe
  C:\Windows\System\UvwNFfi.exe
  2⤵
  PID:612
- C:\Windows\System\EwvdSZv.exe
  C:\Windows\System\EwvdSZv.exe
  2⤵
  PID:7180
- C:\Windows\System\DrYnsCf.exe
  C:\Windows\System\DrYnsCf.exe
  2⤵
  PID:7212
- C:\Windows\System\wtSEQMb.exe
  C:\Windows\System\wtSEQMb.exe
  2⤵
  PID:7304
- C:\Windows\System\cByUrMh.exe
  C:\Windows\System\cByUrMh.exe
  2⤵
  PID:7384
- C:\Windows\System\jxHOqOt.exe
  C:\Windows\System\jxHOqOt.exe
  2⤵
  PID:7452
- C:\Windows\System\wVhKlcc.exe
  C:\Windows\System\wVhKlcc.exe
  2⤵
  PID:7512
- C:\Windows\System\XebJJLu.exe
  C:\Windows\System\XebJJLu.exe
  2⤵
  PID:7548
- C:\Windows\System\WegaPVw.exe
  C:\Windows\System\WegaPVw.exe
  2⤵
  PID:7612
- C:\Windows\System\QsoCNLu.exe
  C:\Windows\System\QsoCNLu.exe
  2⤵
  PID:7592
- C:\Windows\System\sSKdhrU.exe
  C:\Windows\System\sSKdhrU.exe
  2⤵
  PID:7656
- C:\Windows\System\TTHEqzm.exe
  C:\Windows\System\TTHEqzm.exe
  2⤵
  PID:7708
- C:\Windows\System\IqxspoQ.exe
  C:\Windows\System\IqxspoQ.exe
  2⤵
  PID:7804
- C:\Windows\System\mmVrVBf.exe
  C:\Windows\System\mmVrVBf.exe
  2⤵
  PID:2852
- C:\Windows\System\TvnmGXn.exe
  C:\Windows\System\TvnmGXn.exe
  2⤵
  PID:7928
- C:\Windows\System\GKKePCY.exe
  C:\Windows\System\GKKePCY.exe
  2⤵
  PID:2644
- C:\Windows\System\deaaUPp.exe
  C:\Windows\System\deaaUPp.exe
  2⤵
  PID:7960
- C:\Windows\System\JiRuFUe.exe
  C:\Windows\System\JiRuFUe.exe
  2⤵
  PID:2720
- C:\Windows\System\jpJiPQl.exe
  C:\Windows\System\jpJiPQl.exe
  2⤵
  PID:8120
- C:\Windows\System\vnKgMTz.exe
  C:\Windows\System\vnKgMTz.exe
  2⤵
  PID:2864
- C:\Windows\System\SBaJCQM.exe
  C:\Windows\System\SBaJCQM.exe
  2⤵
  PID:2168
- C:\Windows\System\lOgBWkw.exe
  C:\Windows\System\lOgBWkw.exe
  2⤵
  PID:2692
- C:\Windows\System\AifOqgr.exe
  C:\Windows\System\AifOqgr.exe
  2⤵
  PID:7372
- C:\Windows\System\whAWwKm.exe
  C:\Windows\System\whAWwKm.exe
  2⤵
  PID:7484
- C:\Windows\System\jEXcRKj.exe
  C:\Windows\System\jEXcRKj.exe
  2⤵
  PID:7500
- C:\Windows\System\pljxJOX.exe
  C:\Windows\System\pljxJOX.exe
  2⤵
  PID:7580
- C:\Windows\System\JHvzEoZ.exe
  C:\Windows\System\JHvzEoZ.exe
  2⤵
  PID:7688
- C:\Windows\System\dCGOZfz.exe
  C:\Windows\System\dCGOZfz.exe
  2⤵
  PID:1720
- C:\Windows\System\wekrPAn.exe
  C:\Windows\System\wekrPAn.exe
  2⤵
  PID:7772
- C:\Windows\System\fMvaAFh.exe
  C:\Windows\System\fMvaAFh.exe
  2⤵
  PID:7864
- C:\Windows\System\sWqlTBY.exe
  C:\Windows\System\sWqlTBY.exe
  2⤵
  PID:2668
- C:\Windows\System\BRWziOj.exe
  C:\Windows\System\BRWziOj.exe
  2⤵
  PID:8040
- C:\Windows\System\qrOpjAT.exe
  C:\Windows\System\qrOpjAT.exe
  2⤵
  PID:8156
- C:\Windows\System\bSYpbWY.exe
  C:\Windows\System\bSYpbWY.exe
  2⤵
  PID:1492
- C:\Windows\System\iRjuJMn.exe
  C:\Windows\System\iRjuJMn.exe
  2⤵
  PID:2052
- C:\Windows\System\xKpaalf.exe
  C:\Windows\System\xKpaalf.exe
  2⤵
  PID:6056
- C:\Windows\System\NrbApFj.exe
  C:\Windows\System\NrbApFj.exe
  2⤵
  PID:6548
- C:\Windows\System\JBNWskN.exe
  C:\Windows\System\JBNWskN.exe
  2⤵
  PID:1028
- C:\Windows\System\QLTOBsX.exe
  C:\Windows\System\QLTOBsX.exe
  2⤵
  PID:7276
- C:\Windows\System\YCFUEIa.exe
  C:\Windows\System\YCFUEIa.exe
  2⤵
  PID:6052
- C:\Windows\System\OXJRVhz.exe
  C:\Windows\System\OXJRVhz.exe
  2⤵
  PID:6036
- C:\Windows\System\YYChTJJ.exe
  C:\Windows\System\YYChTJJ.exe
  2⤵
  PID:6016
- C:\Windows\System\TtkMZJq.exe
  C:\Windows\System\TtkMZJq.exe
  2⤵
  PID:7868
- C:\Windows\System\xlHgiPW.exe
  C:\Windows\System\xlHgiPW.exe
  2⤵
  PID:8140
- C:\Windows\System\JxlFAmL.exe
  C:\Windows\System\JxlFAmL.exe
  2⤵
  PID:7020
- C:\Windows\System\UfPEZpq.exe
  C:\Windows\System\UfPEZpq.exe
  2⤵
  PID:5340
- C:\Windows\System\wPsUgnl.exe
  C:\Windows\System\wPsUgnl.exe
  2⤵
  PID:7768
- C:\Windows\System\JAfcgUJ.exe
  C:\Windows\System\JAfcgUJ.exe
  2⤵
  PID:7416
- C:\Windows\System\ycnPdME.exe
  C:\Windows\System\ycnPdME.exe
  2⤵
  PID:8196
- C:\Windows\System\NviGXbp.exe
  C:\Windows\System\NviGXbp.exe
  2⤵
  PID:8212
- C:\Windows\System\PcnWRDh.exe
  C:\Windows\System\PcnWRDh.exe
  2⤵
  PID:8228
- C:\Windows\System\LAKtEbF.exe
  C:\Windows\System\LAKtEbF.exe
  2⤵
  PID:8244
- C:\Windows\System\Bnpunhy.exe
  C:\Windows\System\Bnpunhy.exe
  2⤵
  PID:8260
- C:\Windows\System\Yawowxk.exe
  C:\Windows\System\Yawowxk.exe
  2⤵
  PID:8276
- C:\Windows\System\KGPYKMm.exe
  C:\Windows\System\KGPYKMm.exe
  2⤵
  PID:8292
- C:\Windows\System\vzfkdvy.exe
  C:\Windows\System\vzfkdvy.exe
  2⤵
  PID:8308
- C:\Windows\System\SKqjHGK.exe
  C:\Windows\System\SKqjHGK.exe
  2⤵
  PID:8324
- C:\Windows\System\GrtTgxR.exe
  C:\Windows\System\GrtTgxR.exe
  2⤵
  PID:8340
- C:\Windows\System\angithT.exe
  C:\Windows\System\angithT.exe
  2⤵
  PID:8356
- C:\Windows\System\gRKWsUx.exe
  C:\Windows\System\gRKWsUx.exe
  2⤵
  PID:8372
- C:\Windows\System\QvOEpEW.exe
  C:\Windows\System\QvOEpEW.exe
  2⤵
  PID:8388
- C:\Windows\System\gBNCnEj.exe
  C:\Windows\System\gBNCnEj.exe
  2⤵
  PID:8404
- C:\Windows\System\iXbhKyR.exe
  C:\Windows\System\iXbhKyR.exe
  2⤵
  PID:8420
- C:\Windows\System\AkGjPpx.exe
  C:\Windows\System\AkGjPpx.exe
  2⤵
  PID:8436
- C:\Windows\System\kGaGJtj.exe
  C:\Windows\System\kGaGJtj.exe
  2⤵
  PID:8452
- C:\Windows\System\cGyGToO.exe
  C:\Windows\System\cGyGToO.exe
  2⤵
  PID:8468
- C:\Windows\System\QfPjtOV.exe
  C:\Windows\System\QfPjtOV.exe
  2⤵
  PID:8484
- C:\Windows\System\eBIJkoX.exe
  C:\Windows\System\eBIJkoX.exe
  2⤵
  PID:8500
- C:\Windows\System\dJvTjtE.exe
  C:\Windows\System\dJvTjtE.exe
  2⤵
  PID:8516
- C:\Windows\System\BlggMdq.exe
  C:\Windows\System\BlggMdq.exe
  2⤵
  PID:8532
- C:\Windows\System\lgjfkJz.exe
  C:\Windows\System\lgjfkJz.exe
  2⤵
  PID:8548
- C:\Windows\System\MlFQXSp.exe
  C:\Windows\System\MlFQXSp.exe
  2⤵
  PID:8564
- C:\Windows\System\rlEbdzY.exe
  C:\Windows\System\rlEbdzY.exe
  2⤵
  PID:8580
- C:\Windows\System\PwnPkGr.exe
  C:\Windows\System\PwnPkGr.exe
  2⤵
  PID:8596
- C:\Windows\System\OKAvIrb.exe
  C:\Windows\System\OKAvIrb.exe
  2⤵
  PID:8612
- C:\Windows\System\GZCvbAB.exe
  C:\Windows\System\GZCvbAB.exe
  2⤵
  PID:8628
- C:\Windows\System\KTrQvaI.exe
  C:\Windows\System\KTrQvaI.exe
  2⤵
  PID:8644
- C:\Windows\System\pAXTAEX.exe
  C:\Windows\System\pAXTAEX.exe
  2⤵
  PID:8660
- C:\Windows\System\ohLsFBN.exe
  C:\Windows\System\ohLsFBN.exe
  2⤵
  PID:8676
- C:\Windows\System\yXtasmG.exe
  C:\Windows\System\yXtasmG.exe
  2⤵
  PID:8692
- C:\Windows\System\HXiycVE.exe
  C:\Windows\System\HXiycVE.exe
  2⤵
  PID:8708
- C:\Windows\System\cciFdwP.exe
  C:\Windows\System\cciFdwP.exe
  2⤵
  PID:8724
- C:\Windows\System\nyUqEAa.exe
  C:\Windows\System\nyUqEAa.exe
  2⤵
  PID:8740
- C:\Windows\System\wlfpzkq.exe
  C:\Windows\System\wlfpzkq.exe
  2⤵
  PID:8756
- C:\Windows\System\fDRZjHG.exe
  C:\Windows\System\fDRZjHG.exe
  2⤵
  PID:8772
- C:\Windows\System\STuenWY.exe
  C:\Windows\System\STuenWY.exe
  2⤵
  PID:8788
- C:\Windows\System\cRjBpnk.exe
  C:\Windows\System\cRjBpnk.exe
  2⤵
  PID:8804
- C:\Windows\System\jaLKclD.exe
  C:\Windows\System\jaLKclD.exe
  2⤵
  PID:8824
- C:\Windows\System\WjInVyJ.exe
  C:\Windows\System\WjInVyJ.exe
  2⤵
  PID:8840
- C:\Windows\System\PxMFxEs.exe
  C:\Windows\System\PxMFxEs.exe
  2⤵
  PID:8856
- C:\Windows\System\oahixpf.exe
  C:\Windows\System\oahixpf.exe
  2⤵
  PID:8872
- C:\Windows\System\OsboBAY.exe
  C:\Windows\System\OsboBAY.exe
  2⤵
  PID:8888
- C:\Windows\System\xZQggTF.exe
  C:\Windows\System\xZQggTF.exe
  2⤵
  PID:8904
- C:\Windows\System\uAHKPkV.exe
  C:\Windows\System\uAHKPkV.exe
  2⤵
  PID:8920
- C:\Windows\System\VVMCujO.exe
  C:\Windows\System\VVMCujO.exe
  2⤵
  PID:8936
- C:\Windows\System\mnBvVmK.exe
  C:\Windows\System\mnBvVmK.exe
  2⤵
  PID:8952
- C:\Windows\System\VzNSvnG.exe
  C:\Windows\System\VzNSvnG.exe
  2⤵
  PID:8968
- C:\Windows\System\DZRjRyW.exe
  C:\Windows\System\DZRjRyW.exe
  2⤵
  PID:8984
- C:\Windows\System\vBKYIjS.exe
  C:\Windows\System\vBKYIjS.exe
  2⤵
  PID:9000
- C:\Windows\System\XDvlHBL.exe
  C:\Windows\System\XDvlHBL.exe
  2⤵
  PID:9016
- C:\Windows\System\mvRgXjt.exe
  C:\Windows\System\mvRgXjt.exe
  2⤵
  PID:9032
- C:\Windows\System\jhnUJUZ.exe
  C:\Windows\System\jhnUJUZ.exe
  2⤵
  PID:9048
- C:\Windows\System\lIYUeDh.exe
  C:\Windows\System\lIYUeDh.exe
  2⤵
  PID:9064
- C:\Windows\System\qYHuJur.exe
  C:\Windows\System\qYHuJur.exe
  2⤵
  PID:9080
- C:\Windows\System\AgggJRE.exe
  C:\Windows\System\AgggJRE.exe
  2⤵
  PID:9096
- C:\Windows\System\lTpmFAr.exe
  C:\Windows\System\lTpmFAr.exe
  2⤵
  PID:9112
- C:\Windows\System\tkjqEZn.exe
  C:\Windows\System\tkjqEZn.exe
  2⤵
  PID:9128
- C:\Windows\System\mCfzXhT.exe
  C:\Windows\System\mCfzXhT.exe
  2⤵
  PID:9144
- C:\Windows\System\twsYZHY.exe
  C:\Windows\System\twsYZHY.exe
  2⤵
  PID:9160
- C:\Windows\System\tKQyKbX.exe
  C:\Windows\System\tKQyKbX.exe
  2⤵
  PID:9176
- C:\Windows\System\yPXRKZM.exe
  C:\Windows\System\yPXRKZM.exe
  2⤵
  PID:9196
- C:\Windows\System\EBUVylO.exe
  C:\Windows\System\EBUVylO.exe
  2⤵
  PID:7800
- C:\Windows\System\nglbYbK.exe
  C:\Windows\System\nglbYbK.exe
  2⤵
  PID:8092
- C:\Windows\System\QCRFoJt.exe
  C:\Windows\System\QCRFoJt.exe
  2⤵
  PID:2772
- C:\Windows\System\DWoAcyT.exe
  C:\Windows\System\DWoAcyT.exe
  2⤵
  PID:8272
- C:\Windows\System\EbmgqjI.exe
  C:\Windows\System\EbmgqjI.exe
  2⤵
  PID:8364
- C:\Windows\System\KOOQYpA.exe
  C:\Windows\System\KOOQYpA.exe
  2⤵
  PID:8320
- C:\Windows\System\UmIohIa.exe
  C:\Windows\System\UmIohIa.exe
  2⤵
  PID:8224
- C:\Windows\System\SNSPFUa.exe
  C:\Windows\System\SNSPFUa.exe
  2⤵
  PID:8368
- C:\Windows\System\XTnjwqs.exe
  C:\Windows\System\XTnjwqs.exe
  2⤵
  PID:8432
- C:\Windows\System\ajFcAIw.exe
  C:\Windows\System\ajFcAIw.exe
  2⤵
  PID:8412
- C:\Windows\System\uSTWfqH.exe
  C:\Windows\System\uSTWfqH.exe
  2⤵
  PID:8444
- C:\Windows\System\DBaxWjk.exe
  C:\Windows\System\DBaxWjk.exe
  2⤵
  PID:8480
- C:\Windows\System\USMUYlE.exe
  C:\Windows\System\USMUYlE.exe
  2⤵
  PID:8544
- C:\Windows\System\OpCzseh.exe
  C:\Windows\System\OpCzseh.exe
  2⤵
  PID:8604
- C:\Windows\System\QddEsmz.exe
  C:\Windows\System\QddEsmz.exe
  2⤵
  PID:8668
- C:\Windows\System\MgJRMDM.exe
  C:\Windows\System\MgJRMDM.exe
  2⤵
  PID:8524
- C:\Windows\System\sLDwTKr.exe
  C:\Windows\System\sLDwTKr.exe
  2⤵
  PID:8556
- C:\Windows\System\hpjyBpl.exe
  C:\Windows\System\hpjyBpl.exe
  2⤵
  PID:8620
- C:\Windows\System\hGFJxZg.exe
  C:\Windows\System\hGFJxZg.exe
  2⤵
  PID:8684
- C:\Windows\System\xFKEmLk.exe
  C:\Windows\System\xFKEmLk.exe
  2⤵
  PID:3048
- C:\Windows\System\loCOgGH.exe
  C:\Windows\System\loCOgGH.exe
  2⤵
  PID:8812
- C:\Windows\System\jRXAmsO.exe
  C:\Windows\System\jRXAmsO.exe
  2⤵
  PID:8780
- C:\Windows\System\mBoCZRQ.exe
  C:\Windows\System\mBoCZRQ.exe
  2⤵
  PID:8796
- C:\Windows\System\KViaphV.exe
  C:\Windows\System\KViaphV.exe
  2⤵
  PID:8864
- C:\Windows\System\MZIpSnL.exe
  C:\Windows\System\MZIpSnL.exe
  2⤵
  PID:8928
- C:\Windows\System\aUOMjGi.exe
  C:\Windows\System\aUOMjGi.exe
  2⤵
  PID:8992
- C:\Windows\System\edCyZgq.exe
  C:\Windows\System\edCyZgq.exe
  2⤵
  PID:9060
- C:\Windows\System\TVdxssm.exe
  C:\Windows\System\TVdxssm.exe
  2⤵
  PID:2616
- C:\Windows\System\CxAzbHc.exe
  C:\Windows\System\CxAzbHc.exe
  2⤵
  PID:4456
- C:\Windows\System\kpzGezf.exe
  C:\Windows\System\kpzGezf.exe
  2⤵
  PID:8944
- C:\Windows\System\jtTbzFw.exe
  C:\Windows\System\jtTbzFw.exe
  2⤵
  PID:7628
- C:\Windows\System\IlCwmTF.exe
  C:\Windows\System\IlCwmTF.exe
  2⤵
  PID:9104
- C:\Windows\System\pCYFjpn.exe
  C:\Windows\System\pCYFjpn.exe
  2⤵
  PID:9168
- C:\Windows\System\HKwpGcc.exe
  C:\Windows\System\HKwpGcc.exe
  2⤵
  PID:9212
- C:\Windows\System\ovchPMf.exe
  C:\Windows\System\ovchPMf.exe
  2⤵
  PID:1676
- C:\Windows\System\MadnJlg.exe
  C:\Windows\System\MadnJlg.exe
  2⤵
  PID:5300
- C:\Windows\System\fGPmzKV.exe
  C:\Windows\System\fGPmzKV.exe
  2⤵
  PID:580
- C:\Windows\System\vLILdIb.exe
  C:\Windows\System\vLILdIb.exe
  2⤵
  PID:8220
- C:\Windows\System\hLkvTBY.exe
  C:\Windows\System\hLkvTBY.exe
  2⤵
  PID:8336
- C:\Windows\System\gWkRuYQ.exe
  C:\Windows\System\gWkRuYQ.exe
  2⤵
  PID:8348
- C:\Windows\System\FFnTmLO.exe
  C:\Windows\System\FFnTmLO.exe
  2⤵
  PID:8384
- C:\Windows\System\itiGAHw.exe
  C:\Windows\System\itiGAHw.exe
  2⤵
  PID:8496
- C:\Windows\System\WnPOGtT.exe
  C:\Windows\System\WnPOGtT.exe
  2⤵
  PID:1456
- C:\Windows\System\AEtVZHe.exe
  C:\Windows\System\AEtVZHe.exe
  2⤵
  PID:8492
- C:\Windows\System\wlSqwBp.exe
  C:\Windows\System\wlSqwBp.exe
  2⤵
  PID:5756
- C:\Windows\System\cBUqeBB.exe
  C:\Windows\System\cBUqeBB.exe
  2⤵
  PID:8716
- C:\Windows\System\iSKKulZ.exe
  C:\Windows\System\iSKKulZ.exe
  2⤵
  PID:2244
- C:\Windows\System\hILULHC.exe
  C:\Windows\System\hILULHC.exe
  2⤵
  PID:8736
- C:\Windows\System\SzhViBH.exe
  C:\Windows\System\SzhViBH.exe
  2⤵
  PID:1288
- C:\Windows\System\xdMiDoz.exe
  C:\Windows\System\xdMiDoz.exe
  2⤵
  PID:6148
- C:\Windows\System\IBDLAJX.exe
  C:\Windows\System\IBDLAJX.exe
  2⤵
  PID:8896
- C:\Windows\System\CBLCvax.exe
  C:\Windows\System\CBLCvax.exe
  2⤵
  PID:9024
- C:\Windows\System\zooEhZw.exe
  C:\Windows\System\zooEhZw.exe
  2⤵
  PID:9120
- C:\Windows\System\jrpmedP.exe
  C:\Windows\System\jrpmedP.exe
  2⤵
  PID:9188
- C:\Windows\System\SYsCPkp.exe
  C:\Windows\System\SYsCPkp.exe
  2⤵
  PID:8012
- C:\Windows\System\thhIAUq.exe
  C:\Windows\System\thhIAUq.exe
  2⤵
  PID:2920
- C:\Windows\System\ECqKDHK.exe
  C:\Windows\System\ECqKDHK.exe
  2⤵
  PID:9040
- C:\Windows\System\MUasgia.exe
  C:\Windows\System\MUasgia.exe
  2⤵
  PID:8916
- C:\Windows\System\VDEQkeA.exe
  C:\Windows\System\VDEQkeA.exe
  2⤵
  PID:8240
- C:\Windows\System\MXdkwaA.exe
  C:\Windows\System\MXdkwaA.exe
  2⤵
  PID:9076
- C:\Windows\System\FCyGkso.exe
  C:\Windows\System\FCyGkso.exe
  2⤵
  PID:9208
- C:\Windows\System\VNjdzIY.exe
  C:\Windows\System\VNjdzIY.exe
  2⤵
  PID:2392
- C:\Windows\System\TQYQiGU.exe
  C:\Windows\System\TQYQiGU.exe
  2⤵
  PID:8332
- C:\Windows\System\chDxNSq.exe
  C:\Windows\System\chDxNSq.exe
  2⤵
  PID:8428
- C:\Windows\System\EEtFGeu.exe
  C:\Windows\System\EEtFGeu.exe
  2⤵
  PID:8640
- C:\Windows\System\NQhyjLs.exe
  C:\Windows\System\NQhyjLs.exe
  2⤵
  PID:8636
- C:\Windows\System\HxJzyGJ.exe
  C:\Windows\System\HxJzyGJ.exe
  2⤵
  PID:8476
- C:\Windows\System\JIpCLip.exe
  C:\Windows\System\JIpCLip.exe
  2⤵
  PID:8656
- C:\Windows\System\cVdbDUU.exe
  C:\Windows\System\cVdbDUU.exe
  2⤵
  PID:2936
- C:\Windows\System\dKDzTIP.exe
  C:\Windows\System\dKDzTIP.exe
  2⤵
  PID:9092
- C:\Windows\System\lKKlZMd.exe
  C:\Windows\System\lKKlZMd.exe
  2⤵
  PID:2024
- C:\Windows\System\WeFpPvW.exe
  C:\Windows\System\WeFpPvW.exe
  2⤵
  PID:9156
- C:\Windows\System\nQXHBot.exe
  C:\Windows\System\nQXHBot.exe
  2⤵
  PID:9184
- C:\Windows\System\bvziWcT.exe
  C:\Windows\System\bvziWcT.exe
  2⤵
  PID:2304
- C:\Windows\System\yZyvbLI.exe
  C:\Windows\System\yZyvbLI.exe
  2⤵
  PID:7528
- C:\Windows\System\PSogGmO.exe
  C:\Windows\System\PSogGmO.exe
  2⤵
  PID:4000
- C:\Windows\System\tbleXgf.exe
  C:\Windows\System\tbleXgf.exe
  2⤵
  PID:8208
- C:\Windows\System\fIadFbC.exe
  C:\Windows\System\fIadFbC.exe
  2⤵
  PID:5948
- C:\Windows\System\pmrmEZb.exe
  C:\Windows\System\pmrmEZb.exe
  2⤵
  PID:8836
- C:\Windows\System\qWZDYfR.exe
  C:\Windows\System\qWZDYfR.exe
  2⤵
  PID:2724
- C:\Windows\System\YXlnIrw.exe
  C:\Windows\System\YXlnIrw.exe
  2⤵
  PID:8752
- C:\Windows\System\oDXbFOA.exe
  C:\Windows\System\oDXbFOA.exe
  2⤵
  PID:8880
- C:\Windows\System\cnhJVGM.exe
  C:\Windows\System\cnhJVGM.exe
  2⤵
  PID:8528
- C:\Windows\System\BmPwLFz.exe
  C:\Windows\System\BmPwLFz.exe
  2⤵
  PID:9012
- C:\Windows\System\WiRjbyE.exe
  C:\Windows\System\WiRjbyE.exe
  2⤵
  PID:1948
- C:\Windows\System\LmBvmzD.exe
  C:\Windows\System\LmBvmzD.exe
  2⤵
  PID:1388
- C:\Windows\System\PIWsKyX.exe
  C:\Windows\System\PIWsKyX.exe
  2⤵
  PID:7560
- C:\Windows\System\fvdaggt.exe
  C:\Windows\System\fvdaggt.exe
  2⤵
  PID:8980
- C:\Windows\System\sGbsfIX.exe
  C:\Windows\System\sGbsfIX.exe
  2⤵
  PID:6100
- C:\Windows\System\rZnWMGU.exe
  C:\Windows\System\rZnWMGU.exe
  2⤵
  PID:8256
- C:\Windows\System\kUVDflR.exe
  C:\Windows\System\kUVDflR.exe
  2⤵
  PID:9232
- C:\Windows\System\EHsfntu.exe
  C:\Windows\System\EHsfntu.exe
  2⤵
  PID:9248
- C:\Windows\System\nYEmUKk.exe
  C:\Windows\System\nYEmUKk.exe
  2⤵
  PID:9264
- C:\Windows\System\FceCbHY.exe
  C:\Windows\System\FceCbHY.exe
  2⤵
  PID:9280
- C:\Windows\System\KpSflKy.exe
  C:\Windows\System\KpSflKy.exe
  2⤵
  PID:9296
- C:\Windows\System\fVDPMgw.exe
  C:\Windows\System\fVDPMgw.exe
  2⤵
  PID:9312
- C:\Windows\System\IRwVgwv.exe
  C:\Windows\System\IRwVgwv.exe
  2⤵
  PID:9328
- C:\Windows\System\BRSZFwh.exe
  C:\Windows\System\BRSZFwh.exe
  2⤵
  PID:9344
- C:\Windows\System\efejiGa.exe
  C:\Windows\System\efejiGa.exe
  2⤵
  PID:9368
- C:\Windows\System\XtUzVXS.exe
  C:\Windows\System\XtUzVXS.exe
  2⤵
  PID:9384
- C:\Windows\System\rGBfuKB.exe
  C:\Windows\System\rGBfuKB.exe
  2⤵
  PID:9400
- C:\Windows\System\mbTMwtq.exe
  C:\Windows\System\mbTMwtq.exe
  2⤵
  PID:9416
- C:\Windows\System\tnrgzSN.exe
  C:\Windows\System\tnrgzSN.exe
  2⤵
  PID:9436
- C:\Windows\System\YvafkRz.exe
  C:\Windows\System\YvafkRz.exe
  2⤵
  PID:9452
- C:\Windows\System\OAbrGhI.exe
  C:\Windows\System\OAbrGhI.exe
  2⤵
  PID:9468
- C:\Windows\System\QbgKcxz.exe
  C:\Windows\System\QbgKcxz.exe
  2⤵
  PID:9484
- C:\Windows\System\spNmZBx.exe
  C:\Windows\System\spNmZBx.exe
  2⤵
  PID:9500
- C:\Windows\System\DxYQxWi.exe
  C:\Windows\System\DxYQxWi.exe
  2⤵
  PID:9516
- C:\Windows\System\kpgNMEL.exe
  C:\Windows\System\kpgNMEL.exe
  2⤵
  PID:9532
- C:\Windows\System\wjhbFuU.exe
  C:\Windows\System\wjhbFuU.exe
  2⤵
  PID:9552
- C:\Windows\System\sIAiQPd.exe
  C:\Windows\System\sIAiQPd.exe
  2⤵
  PID:9568
- C:\Windows\System\MpaRmXF.exe
  C:\Windows\System\MpaRmXF.exe
  2⤵
  PID:9584
- C:\Windows\System\CYFtkDw.exe
  C:\Windows\System\CYFtkDw.exe
  2⤵
  PID:9600
- C:\Windows\System\DvxfmZA.exe
  C:\Windows\System\DvxfmZA.exe
  2⤵
  PID:9616
- C:\Windows\System\TvZJwkP.exe
  C:\Windows\System\TvZJwkP.exe
  2⤵
  PID:9632
- C:\Windows\System\qQERtzs.exe
  C:\Windows\System\qQERtzs.exe
  2⤵
  PID:9648
- C:\Windows\System\ZYPDGrN.exe
  C:\Windows\System\ZYPDGrN.exe
  2⤵
  PID:9664
- C:\Windows\System\jZAqzRn.exe
  C:\Windows\System\jZAqzRn.exe
  2⤵
  PID:9680
- C:\Windows\System\rrsroCy.exe
  C:\Windows\System\rrsroCy.exe
  2⤵
  PID:9696
- C:\Windows\System\iMbaLld.exe
  C:\Windows\System\iMbaLld.exe
  2⤵
  PID:9716
- C:\Windows\System\qaaEDjL.exe
  C:\Windows\System\qaaEDjL.exe
  2⤵
  PID:9736
- C:\Windows\System\hvqTncw.exe
  C:\Windows\System\hvqTncw.exe
  2⤵
  PID:9752
- C:\Windows\System\VIsouzE.exe
  C:\Windows\System\VIsouzE.exe
  2⤵
  PID:9772
- C:\Windows\System\sMOKTJe.exe
  C:\Windows\System\sMOKTJe.exe
  2⤵
  PID:9792
- C:\Windows\System\RxUmMMe.exe
  C:\Windows\System\RxUmMMe.exe
  2⤵
  PID:9808
- C:\Windows\System\QvfsvPr.exe
  C:\Windows\System\QvfsvPr.exe
  2⤵
  PID:9828
- C:\Windows\System\LKOaKaa.exe
  C:\Windows\System\LKOaKaa.exe
  2⤵
  PID:9844
- C:\Windows\System\CMUCOHa.exe
  C:\Windows\System\CMUCOHa.exe
  2⤵
  PID:9868
- C:\Windows\System\WUgvoWF.exe
  C:\Windows\System\WUgvoWF.exe
  2⤵
  PID:9884
- C:\Windows\System\aqHqVfL.exe
  C:\Windows\System\aqHqVfL.exe
  2⤵
  PID:9900
- C:\Windows\System\KGtSmSb.exe
  C:\Windows\System\KGtSmSb.exe
  2⤵
  PID:9920
- C:\Windows\System\NpINlbQ.exe
  C:\Windows\System\NpINlbQ.exe
  2⤵
  PID:9936
- C:\Windows\System\ZvzKUKx.exe
  C:\Windows\System\ZvzKUKx.exe
  2⤵
  PID:9952
- C:\Windows\System\ZLpVYLO.exe
  C:\Windows\System\ZLpVYLO.exe
  2⤵
  PID:9968
- C:\Windows\System\QpbitdA.exe
  C:\Windows\System\QpbitdA.exe
  2⤵
  PID:9984
- C:\Windows\System\lIlwKKA.exe
  C:\Windows\System\lIlwKKA.exe
  2⤵
  PID:10000
- C:\Windows\System\nmPiwNU.exe
  C:\Windows\System\nmPiwNU.exe
  2⤵
  PID:10016
- C:\Windows\System\GFYPHwm.exe
  C:\Windows\System\GFYPHwm.exe
  2⤵
  PID:10032
- C:\Windows\System\yfFOMrH.exe
  C:\Windows\System\yfFOMrH.exe
  2⤵
  PID:10048
- C:\Windows\System\UTsjaRg.exe
  C:\Windows\System\UTsjaRg.exe
  2⤵
  PID:10064
- C:\Windows\System\QTMFGbE.exe
  C:\Windows\System\QTMFGbE.exe
  2⤵
  PID:10080
- C:\Windows\System\dYkFXgW.exe
  C:\Windows\System\dYkFXgW.exe
  2⤵
  PID:10096
- C:\Windows\System\ARsMMaY.exe
  C:\Windows\System\ARsMMaY.exe
  2⤵
  PID:10112
- C:\Windows\System\wVcnCqx.exe
  C:\Windows\System\wVcnCqx.exe
  2⤵
  PID:10128
- C:\Windows\System\EVMBzef.exe
  C:\Windows\System\EVMBzef.exe
  2⤵
  PID:10144
- C:\Windows\System\hcJgsIH.exe
  C:\Windows\System\hcJgsIH.exe
  2⤵
  PID:10160
- C:\Windows\System\EtiUmWD.exe
  C:\Windows\System\EtiUmWD.exe
  2⤵
  PID:10176
- C:\Windows\System\uHXwPAb.exe
  C:\Windows\System\uHXwPAb.exe
  2⤵
  PID:10192
- C:\Windows\System\EwsQyiO.exe
  C:\Windows\System\EwsQyiO.exe
  2⤵
  PID:10208
- C:\Windows\System\ctzIMme.exe
  C:\Windows\System\ctzIMme.exe
  2⤵
  PID:10224
- C:\Windows\System\PuzZfEa.exe
  C:\Windows\System\PuzZfEa.exe
  2⤵
  PID:9140
- C:\Windows\System\HGuKpHD.exe
  C:\Windows\System\HGuKpHD.exe
  2⤵
  PID:9276
- C:\Windows\System\vRfdGIW.exe
  C:\Windows\System\vRfdGIW.exe
  2⤵
  PID:9224
- C:\Windows\System\NWCTJTy.exe
  C:\Windows\System\NWCTJTy.exe
  2⤵
  PID:9292
- C:\Windows\System\FbiLXOi.exe
  C:\Windows\System\FbiLXOi.exe
  2⤵
  PID:9376
- C:\Windows\System\UoWOKZi.exe
  C:\Windows\System\UoWOKZi.exe
  2⤵
  PID:9360
- C:\Windows\System\zzbmEHE.exe
  C:\Windows\System\zzbmEHE.exe
  2⤵
  PID:9408
- C:\Windows\System\WxDYyeY.exe
  C:\Windows\System\WxDYyeY.exe
  2⤵
  PID:9424
- C:\Windows\System\iMfnnxA.exe
  C:\Windows\System\iMfnnxA.exe
  2⤵
  PID:9432
- C:\Windows\System\TiYPsnG.exe
  C:\Windows\System\TiYPsnG.exe
  2⤵
  PID:9464
- C:\Windows\System\PiEUqtR.exe
  C:\Windows\System\PiEUqtR.exe
  2⤵
  PID:9540
- C:\Windows\System\cjGRjda.exe
  C:\Windows\System\cjGRjda.exe
  2⤵
  PID:9528
- C:\Windows\System\JRcYHoQ.exe
  C:\Windows\System\JRcYHoQ.exe
  2⤵
  PID:9580
- C:\Windows\System\zfPUtXS.exe
  C:\Windows\System\zfPUtXS.exe
  2⤵
  PID:9640
- C:\Windows\System\lBGkZKu.exe
  C:\Windows\System\lBGkZKu.exe
  2⤵
  PID:9624
- C:\Windows\System\phcnNxs.exe
  C:\Windows\System\phcnNxs.exe
  2⤵
  PID:9688
- C:\Windows\System\zaOgzAq.exe
  C:\Windows\System\zaOgzAq.exe
  2⤵
  PID:9728
- C:\Windows\System\XVMYwdo.exe
  C:\Windows\System\XVMYwdo.exe
  2⤵
  PID:9656
- C:\Windows\System\IYIojZl.exe
  C:\Windows\System\IYIojZl.exe
  2⤵
  PID:9820
- C:\Windows\System\UjMRONK.exe
  C:\Windows\System\UjMRONK.exe
  2⤵
  PID:9804
- C:\Windows\System\NxhgVsm.exe
  C:\Windows\System\NxhgVsm.exe
  2⤵
  PID:9840
- C:\Windows\System\HJxXBPn.exe
  C:\Windows\System\HJxXBPn.exe
  2⤵
  PID:9912
- C:\Windows\System\SAZTyMF.exe
  C:\Windows\System\SAZTyMF.exe
  2⤵
  PID:9932
- C:\Windows\System\nKueqet.exe
  C:\Windows\System\nKueqet.exe
  2⤵
  PID:9996
- C:\Windows\System\EpYnySv.exe
  C:\Windows\System\EpYnySv.exe
  2⤵
  PID:10060
- C:\Windows\System\gjqwSli.exe
  C:\Windows\System\gjqwSli.exe
  2⤵
  PID:10124
- C:\Windows\System\OemXHgm.exe
  C:\Windows\System\OemXHgm.exe
  2⤵
  PID:10188
- C:\Windows\System\rTMstAh.exe
  C:\Windows\System\rTMstAh.exe
  2⤵
  PID:9980
- C:\Windows\System\jlgdfxd.exe
  C:\Windows\System\jlgdfxd.exe
  2⤵
  PID:10044
- C:\Windows\System\gHXfPkd.exe
  C:\Windows\System\gHXfPkd.exe
  2⤵
  PID:9976
- C:\Windows\System\MrsmaqH.exe
  C:\Windows\System\MrsmaqH.exe
  2⤵
  PID:10108
- C:\Windows\System\wcxJeZt.exe
  C:\Windows\System\wcxJeZt.exe
  2⤵
  PID:10200
- C:\Windows\System\JMmxINQ.exe
  C:\Windows\System\JMmxINQ.exe
  2⤵
  PID:9272
- C:\Windows\System\aPJCcJP.exe
  C:\Windows\System\aPJCcJP.exe
  2⤵
  PID:9356
- C:\Windows\System\bTqgRTY.exe
  C:\Windows\System\bTqgRTY.exe
  2⤵
  PID:9308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AJIPucw.exe

Filesize
6.1MB

MD5
93fd8483be5b43f7937a57b40629b6c7

SHA1
06c295164b11b54af75188b2af5ad6866203efc0

SHA256
5a5a805a61bba902e0e54191a1c67bfa9269fa12a07ebe775457be8d9d8db3be

SHA512
e2fef420d98964b45e86dcb3e9988f8c8a8afafe15e34492c6696ce9ab54fff4e068fe16dcf93bcb4f4066b670d1807ccb750ea9e519a59b7d7e6eec010e65ec

Download Submit
C:\Windows\system\BJQbWzg.exe

Filesize
6.1MB

MD5
96880da80a6a31717704d55c5e5b5c1b

SHA1
64c1b8fb86be2b3265af68c1c09ae67bf986a5e7

SHA256
55d0a81ed9b9d8b752b585f1e00198b878aa5cf54cf1e3294b632a478c883879

SHA512
cc86022ecd446c40577bfcd7aaddf64e7c468ce46dbe38f110d37be7afa7ba8962979902344911e9c5fee46ed502522559b8cd4249e784e80075b17566e8e3be

Download Submit
C:\Windows\system\BPAvMaY.exe

Filesize
6.1MB

MD5
f4f7d91674a76bec04cc4c5d043f1619

SHA1
79118ac532be159e7695b47ce93183063298ad30

SHA256
502d5206dbf12fb6b22e1fe3f6a1f11bfc01335df94b075f73ab784b12698555

SHA512
a3f386b575622d72a584e5d678ff81c9e3460724089370dd3921c1175d75195a7d2137f5e3cd16da180f66f2cc80fa7bb7a25423d1c153fdc38af632bd60450c

Download Submit
C:\Windows\system\DraxJyh.exe

Filesize
6.1MB

MD5
05efb92cb92ca6286e628dba24d4672e

SHA1
6a7dec09970112eecc10166847f99b66eb3b3ae7

SHA256
830f8966bf64423b513a72d254f32e3f30359f78adeed66cf40aff60fb41d18d

SHA512
9e76a5817b7867f8f4c2d742b105bec0865368a91d4ff912e185d0f90db1e0b9f038e5ad7bb147b0c682cabe13d37266a08532b3c4c82fdf9f910a9652572fbf

Download Submit
C:\Windows\system\EhPDzJB.exe

Filesize
6.1MB

MD5
7d3af87aab823ea73198c584474d315c

SHA1
c454251c604169b6276be47efec9d0d954026865

SHA256
a84a7f9eefc1d19febf6b7d1bfe57b393e64f81dea29ac101276a33af9c2c386

SHA512
4dc4d35f6ca8a1a01c8ddcbb491a1ff6ef71726c742ddadbe6a066898ba4b162da67dd076777616053f26fb24ca26097dc5f99af6435fd9686c21bc9f76d0638

Download Submit
C:\Windows\system\FDDfLkS.exe

Filesize
6.1MB

MD5
ebfdc2ce52fa02f338ca9c6da9769aef

SHA1
b6367942e55d8a3b90aacb902cdb085350533243

SHA256
ffef0aca0bae85c287190d921ff9612f078daf5ca53b964ec09bab8e805e3860

SHA512
03e1aed0b806095c17123aba9623fdae20a5c22b1f5a9e1e9e8e16e2c66bf7aa3cf8a446b26b8de12f0c6c117030d1dd2968275c2307a4f1b7479226b7afa3ec

Download Submit
C:\Windows\system\IbdqUye.exe

Filesize
6.1MB

MD5
25417c0f74352f65c5eed67a421a1d08

SHA1
54a0077f45da3e95fdb40eb9035aceadc1e9704b

SHA256
6524c3b3e200823708d9d329dfe983386a38d0fd2c38fb79ebeaac2b08d7dc8b

SHA512
4933d1297f9d9ba7d12eaf2ddeec1257f0e559a03290e0e4d2304333f46e16bd83f364c00f2bc4d24578ced05cb233b756c06d09ad06df0d37e1a3552bad5396

Download Submit
C:\Windows\system\JNBOZTO.exe

Filesize
6.1MB

MD5
b4bcd66131e14673acce1eaae10c6ff0

SHA1
e971a8141b67945063d2ce94a4916df17f64bfea

SHA256
db98eb044dd608b0d6b52887a011465a11f98afc3d91acfa8f43222c58dd59ff

SHA512
fbe1d11926c0e841de991990e470aec7b3b7762ad607d48066380d9aa2128001ab9d5040edacd8d8cbf1cd0c7b801f5a3a5072ed818125f8bd72a6dd10ecf3f1

Download Submit
C:\Windows\system\JiRKWLP.exe

Filesize
6.1MB

MD5
fa2f90aee8b4f8032649cb150dccf5a4

SHA1
2d25910cef15b682dc0f04bf1b5d528bb0d727a4

SHA256
7430729f7980462a27eeebcc13c56464cbb6fc2385b5e125c86c5656b4c7957e

SHA512
910c8d12cc595a248000e604ee34d42e4ed8ba78d5c6da954975a3b2bee96ca60b7ea4151e762df910ecc3071082c382490df4e4f60a3ce959de61eae91a02ba

Download Submit
C:\Windows\system\LnXGBYY.exe

Filesize
6.1MB

MD5
cf4f7b19d8ae915a958b5b3f0bb4e40d

SHA1
0d1a42e8a6da6d8d0eb29beb481b032a3d2ba126

SHA256
3104dd3e7bff88930ce74824f4de2ecddcaa1995db88c9d40934ffbfaa46db41

SHA512
bdf3b552b9fc0d7ddd37fd8d810b7f3036e956bdbfbe3a2e54302696a5ddff86cdb88d4dc49ddf674539db5ac4b6be2fd4dff84f2be65494d188266db0f47211

Download Submit
C:\Windows\system\OTmbAID.exe

Filesize
6.1MB

MD5
aceb200c57d205425fbb3a573b716dcd

SHA1
bd192a5b561f22c1b7ab8b1709b8be316565e821

SHA256
b69f0f97e23c5ced46ae50b97f85fe46d20f7b327392a9a4f72d4e27872ace4a

SHA512
7ac97c9de594312337ea614dc80e8bb9252536f56fa3f37ecd5bdb999abfd6a104b78aba6c9d3cde1446064d0bb00dfb151391902c45719358d81bc99e8ea442

Download Submit
C:\Windows\system\RRSJJUp.exe

Filesize
6.1MB

MD5
bdede60ab79217d64631536a57140a89

SHA1
e60c471a09d4b858f7c14a1843016abe8fb68645

SHA256
6ede8bcafa29e7424eaf3a856746db66b50eb6a902c59d0331e547417638c9ed

SHA512
59fd4847167d5fe75ed905582cdef2a713942fd40b714f39529c0ada9c83a91d4b62e81aaa3b950037e847f2c7723f8acfc5ab5b7955af8d7264ffa3ffe4ebcf

Download Submit
C:\Windows\system\TGgrFVA.exe

Filesize
6.1MB

MD5
d8c7e811085d6b6b789c3e167bb1965d

SHA1
5587a61ab6397f503573858c3dba53461b7de906

SHA256
0ed64028929fe4d03e605fb9f594c9f6120d640f1bf9cd9dc1b867cfa3f12d24

SHA512
93a7802d701105f5907704e3138554565f23dd74d660508982fbbcf0eb37a1a5383ba13c1743a4c158dfc81dc95e5c46600bf1f25382198c64c340c9b32fb9b2

Download Submit
C:\Windows\system\UYnVZLY.exe

Filesize
6.1MB

MD5
09f82343c5aa03950f9c6888a357db33

SHA1
f9ea65a081b903326dc237aacf8207b9a731c346

SHA256
68d7f730385966a1983f0e3b5ae0d45cdac9de9d3555b6861947e1b48853bd12

SHA512
4c53cba5089c3b396ecfbba8eac624cd379a189e70e00f0653b8ec341965d1b6fdd53d8bb27c8f4a0cfe45fa8c14e880b4a479ec1cda69d400b2a963bb55e8cd

Download Submit
C:\Windows\system\ZsoZNFq.exe

Filesize
6.1MB

MD5
8f66c0a0b6d3b0466952f6dea81902a1

SHA1
34a3c70b620bb246d0c68c3a7e7c745a45502348

SHA256
35e853e5cf1cfa0a1a8eeeb8b5887f4a35c01199dfdf57769df04cc41d99d0d5

SHA512
b63996ee070d4dbd356a670a3264f2353d8169f182a764d3350c998d50c7ea513e75b8da088210438abeedbd7c2d32bfba42692447f0be992c229fb59c58dab1

Download Submit
C:\Windows\system\bRitnEO.exe

Filesize
6.1MB

MD5
d98e4f4e4f26ffd2bb609e76260e98c0

SHA1
f4b7b39d6ad67028c50e9dccf1e109f9fa1c2b6b

SHA256
bd875bec0a4b458911f335d03dfd338846afdf171b409890ea83e40ef714a4ce

SHA512
2d9c417bb5e495188a5368503ac6c02ae8eb7aaea5028164253c3417aa4d076ded4070a6979e7c305595c8f6e7f2b1da34d2c5bd9668338d0afe10924e19104a

Download Submit
C:\Windows\system\boyQMTN.exe

Filesize
6.1MB

MD5
d32972bc7830390f5758b9a865cc851b

SHA1
31a360e8c6f0b3796b4fa2479cde2df1891d29e5

SHA256
a4dacdce4cda05df1e569fdc25571fff00f48007852d8b31c3d353f13579e4c9

SHA512
3e04b6c257ee2ff8f9b741dfa9c824961f4b1941548710459669aeffab57f54d092c1aa41e4ee345551bd2ac4230477a0d0d5dfab1dca556584df9ef8bf78102

Download Submit
C:\Windows\system\dJLxnMK.exe

Filesize
6.1MB

MD5
35ae3e5ff20c14d0d8a3b4d87f988d8d

SHA1
7d292ab685a9508370614bad640e472787094796

SHA256
bf795f5074c17794514c34bcb4f3116484eab2451810d2fbab001a6ffcede8a3

SHA512
6963217b8b53791504e89d8b8fcb7f007048e0053e456401d2e3f700d869dd2395e8b17da26227cacb9c59d4ae1c8296e42751396627dbca98ce0d4e4b2d34b6

Download Submit
C:\Windows\system\gOeteuX.exe

Filesize
6.1MB

MD5
42e92deb54fd34cb0c8c27e2aa56f219

SHA1
a7881e57c89ee5e677eca7a0bb8ee5ddc9b5b28a

SHA256
1747e4d89c6faf261852ad92e3edc2da511365965993d9e9f2128701dc885ab8

SHA512
00655f88cef28f5a8f9e5ad621e1a5ff16be8f452f056a6bf7a93ec6c514d53259625b95be193143408f110742d3a47a018654685e6b8ef279d45cc2cab728ae

Download Submit
C:\Windows\system\sNKoGhs.exe

Filesize
6.1MB

MD5
02cbc437b3e14ddbc0df6089600971f7

SHA1
62b3337c0bf6c1cde48383e3e27f40b09da93f70

SHA256
969e66add9547be2abd8ceebe4c0050b550e7649aa7a583ac8e14363ade67f26

SHA512
e2d4f06d6a65643c2ed1c2030ddc43cbc7e91e467dd82d612b38de22ee3b864071c0a77b98c478f0b7e7948c417c230e65377478faef2179fcdfc10faf65b853

Download Submit
C:\Windows\system\uJStYbb.exe

Filesize
6.1MB

MD5
4ca3822fab11e0d62a44e292a0386bd5

SHA1
46b822c2a192c87a222534c7cd68429861a884c5

SHA256
834d3c4b96b6e3fdc78b71f93bf96ea5c27ab62c88356ca6132dae655f41368e

SHA512
80b7e5283ef95f29d8e93bc3a8aaf30ac07bc7232c928c241c9238af0b651b8596002fe3a5f2c3dbf225b702ca77621004ca9640fe42818dbc7536f1173f1fc4

Download Submit
C:\Windows\system\uKgFhaV.exe

Filesize
6.1MB

MD5
a9733a4cd103b8beace2e22e0a09b800

SHA1
2b76c8d1239001aa8144f398186884bf2cd1e5f9

SHA256
92d747e36e0c789bb918c576ee30bff8be47d4ccb070a164f850d1ecbea11878

SHA512
94b74c54a7412eb09fe6918cb557f9e7d380445ef13111a76de08cab0be06f929b51fd438cd8b682e283e6be21774d97892aa23b0a52071b82f2a8f7cd2bd43c

Download Submit
C:\Windows\system\vNCZTcJ.exe

Filesize
6.1MB

MD5
87ccc07ecf537784c8f9704ff93280f2

SHA1
543fecf07b3f4468930425954672ee969c1cbc06

SHA256
3d525d302f5dc2243fe4d3784414c36db9086909db89e906c66de8ebb824615b

SHA512
e01dbc16ce4b506fab896cd036ecd12cb08527a42c3b95c85456e0991aa68ada4d7226a2fcf4af1d919b58a7df2bc7d04d5b271b009ebef0b556a7e6b787acd1

Download Submit
C:\Windows\system\wCwvzxx.exe

Filesize
6.1MB

MD5
1fc4c10bfbfcb7a5a7a8295b75fe03b0

SHA1
aadc986a77162abd0809e35a6ed3b40c43484a5e

SHA256
34569040aac9621bb599814953593178a1700729e94d7b2d0ca33a53d4e1372b

SHA512
fe17bc3e8124f4e99c74b8ba8223f3b40314aa7dae15c9294041a8da532c54bd628d2be11334281f137bb711bcfc4d1e8d649c09cba031a9084088b54bc3a89b

Download Submit
C:\Windows\system\ycLwznK.exe

Filesize
6.1MB

MD5
0392eefbbd378324984eeada248d2845

SHA1
8a1e1379d4b260555c393238dc1493bc876b7ce8

SHA256
24e046a42868c801e1faceeca44e40c087bc1542f7624dc352f5dd7f57b58fab

SHA512
8da661f8e3121773ddb112235c147e8a89a50d0767265228c0b686fbac0d1c46f86ee87375b25e6e19e5673427f5217cf88330f6cc4aebd220d263699ff4525c

Download Submit
C:\Windows\system\zjhayfI.exe

Filesize
6.1MB

MD5
0b2b93def9f81b39d0132b8c1d0f9198

SHA1
0da2fdc64b19e47ddafd9746b1a00b2d74189ece

SHA256
b755508fb882c4d2e80b9a777d7e49b27117c7138640c3e96df3be91201d69d6

SHA512
14d2c52ccccc0819f48dcfe2e364746bd4527b1be41eae6cec19f1bb2cc3aa7a0b068d677832b082cf8ec70650688479a986742ccd17ffef59c136b16c8699be

Download Submit
\Windows\system\NWNfBcw.exe

Filesize
6.1MB

MD5
e686b49992cd69b39c40eeb45a2caba6

SHA1
f39097918f887ed05a7d6ee26cdab963709fd2d4

SHA256
f4467f79c7ff54582d85d4f7db5bd1c802126d1ee6aea2e3cb64026616a42928

SHA512
3671bf2eb851402a8e9f2430a049ed7605243b8e2fd76e993943c29b6c2e2913ec509afbb33ce27494b5773a5f4f591d06cef333ed031e074fb81f18ce3903f1

Download Submit
\Windows\system\OGXXarB.exe

Filesize
6.1MB

MD5
544ac6d2b3c6c0b7f7cafc65c41dac13

SHA1
9ff3f4fff27e927c2546b22e4855bdc6ddff43f4

SHA256
680a40a13149a0a41300e0a3958b686b3b3ecd40660c7341b0c59294df7c7097

SHA512
3105e02bf628127ded5b0fbe8a32a016c02738d775517deac4baeee848213b04317c47b582c927f34773e3e7502b1db465393cb2493e88611aee4b301b391485

Download Submit
\Windows\system\SXUVZat.exe

Filesize
6.1MB

MD5
2468ac8a7fc445154b590a6dc1907c3a

SHA1
7200195c1e3999459bc45314ae964277f014b696

SHA256
e54aec3850d85d59ee2792bb64aa68c4d6526e0723ec28a4759cf1130773ebbf

SHA512
06ddfb4f44d4f295041f9b8be8f51400d86f30eecee2a6ef130c03ad3c044ac81665e452d066952661b5e7728d99588ceccc6748ac7b58b70649de5987619ba6

Download Submit
\Windows\system\TVnJIte.exe

Filesize
6.1MB

MD5
6ecbc2708a2e70213e91794c483c93a3

SHA1
f35cf728ac985a691e399ef2816bbb928ddbc958

SHA256
cce9b03c3b9e5428a847f6f00e720ac7d393727b9876a4939e88e6e73fdb77f8

SHA512
9093cdaadff97505d8afdf1b49b70680a3bf6a8b7edf149abdba4c88a8f7489436f00e04a6043789a056cd9c8e882bcadc5f0a874624d58051175b370b419342

Download Submit
\Windows\system\abIrIiW.exe

Filesize
6.1MB

MD5
3187de3c08407d237db63e4af6568e29

SHA1
2f9bed4707e7985869563856bc8cc9f7ff2f7414

SHA256
24329a5689452968596986f5d26a4acb321ea96c355a9fa0fc1816caa287ec49

SHA512
9424033bc64513c1736eedd5ce99371bffdb5946206343fddd6b83e194bd5510da15106cc4a6fad716207d9a4deb1a625026d29fc239e4b2e14b66d4620c5322

Download Submit
\Windows\system\fBOShbI.exe

Filesize
6.1MB

MD5
7defe18c809d3b97bac713b501f62049

SHA1
8d262bb81166cb44bd8235b48b2e78ea4619a606

SHA256
0aea7d58df1fb962141f05f0a4a723c0759d690d643043c07647bc930a5ed2e4

SHA512
55c4762460103c5d5887096be5ec03bbd122b9b426546923d1a21c5ad6e9fb6d0a097b956f900b1a2103edcb69e0fb10a789f4234a1a7693974d7a63e667f704

Download Submit
\Windows\system\izOPumN.exe

Filesize
6.1MB

MD5
e5bcadf5aff0173af2ab16d9009d3b7b

SHA1
3111427bd38cb3a160946abcb16bb821638c580f

SHA256
62339f023ec9b773921d69712a7b6fd0e6f297db348cc9ff61e65938ba9bc620

SHA512
04e433e0b2d78dc59215d0d54d23c512455deabda7a071e59e41a4de84e290ae98455a7096111e3d21bbe77e101276cf1d66359bdf46d33f7800ba183450a404

Download Submit
\Windows\system\jipBEed.exe

Filesize
6.1MB

MD5
7148a564eba35eeda44ee94bba289806

SHA1
a833e073cb5ef33bfb480fcee4fa747074d3f452

SHA256
f9e070cc4ee56708f44545570df03aeca5b6b8e3c0152647cf1a35c92c704a02

SHA512
b64b14e4ca04d7d2b499172318ec1133758cc3b31f100b9bb4417d0869caf61b60ffd6845cffd7cc38e85a4c561450ac448492d34afc546c120205c7719b97d9

Download Submit
\Windows\system\yExPuBU.exe

Filesize
6.1MB

MD5
b2930464acf18baed3fe1360da34a1b7

SHA1
e1dac5f2885a456a3cb74a523449adc377542d09

SHA256
b93218d9f206fa6608353c023810305af3793a28324aed73b41f43204dc2645a

SHA512
977c32d7fad5e13ef4ae7440a6b441548230382484c9b0c535955e7f68fe9a754fa9df8e7f71b49802c23578b577f78515f544534e8adcebbf2b295502c68fda

Download Submit
memory/988-185-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-3793-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-190-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-168-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-3744-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-192-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3858-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1513-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3775-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2332-176-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3776-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2396-226-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3806-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-222-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1550-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1519-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3859-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2740-216-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2756-224-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3857-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1553-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3850-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2848-212-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1515-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1534-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-220-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3886-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3795-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-214-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1517-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-223-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2960-187-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-0-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-225-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1455-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1511-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1512-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-211-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2960-1526-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-191-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2960-219-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1560-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-161-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-221-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-179-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1516-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-171-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1518-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2960-114-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1521-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1458-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1538-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1552-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2960-195-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2960-213-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-215-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2960-217-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3802-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-218-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1522-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3808-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1514-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2976-197-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download