cobaltstrike | f462b4edef672cd0902ad130b58dbd9fedacb605788cb3d0df3d7a497b84737e

Analysis

max time kernel
153s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.2MB
MD5

1b0f630a9f2a84c4d4a99661df651fc2
SHA1

28c793f4fd44ee90710d52d3d867ffbd0d5fb244
SHA256

f462b4edef672cd0902ad130b58dbd9fedacb605788cb3d0df3d7a497b84737e
SHA512

ce3bdacde296794471ce77e883699578c722caa9153f49e1ab8d5edbaa11c9364e7332cdd41ecf7de2a90707ac6141096ae7e72de72928e9fe65db46800d3e95
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l1:RWWBibf56utgpPFotBER/mQ32lUB

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-10.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000016cab-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-30.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d2c-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-48.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-204.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral1/memory/3000-8-0x000000013F990000-0x000000013FCE1000-memory.dmp	xmrig
behavioral1/memory/2312-29-0x000000013F220000-0x000000013F571000-memory.dmp	xmrig
behavioral1/memory/1128-34-0x000000013F860000-0x000000013FBB1000-memory.dmp	xmrig
behavioral1/memory/2816-36-0x000000013FB80000-0x000000013FED1000-memory.dmp	xmrig
behavioral1/memory/3000-39-0x000000013F990000-0x000000013FCE1000-memory.dmp	xmrig
behavioral1/memory/1128-42-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	xmrig
behavioral1/memory/2480-44-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	xmrig
behavioral1/memory/2916-45-0x000000013F9C0000-0x000000013FD11000-memory.dmp	xmrig
behavioral1/memory/2160-58-0x000000013FB60000-0x000000013FEB1000-memory.dmp	xmrig
behavioral1/memory/2804-59-0x000000013F5D0000-0x000000013F921000-memory.dmp	xmrig
behavioral1/memory/2872-69-0x000000013FA60000-0x000000013FDB1000-memory.dmp	xmrig
behavioral1/memory/2856-77-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2548-80-0x000000013F440000-0x000000013F791000-memory.dmp	xmrig
behavioral1/memory/2480-84-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	xmrig
behavioral1/memory/264-87-0x000000013F460000-0x000000013F7B1000-memory.dmp	xmrig
behavioral1/memory/1128-75-0x000000013F460000-0x000000013F7B1000-memory.dmp	xmrig
behavioral1/memory/2512-90-0x000000013FCD0000-0x0000000140021000-memory.dmp	xmrig
behavioral1/memory/1128-92-0x0000000002380000-0x00000000026D1000-memory.dmp	xmrig
behavioral1/memory/2872-106-0x000000013FA60000-0x000000013FDB1000-memory.dmp	xmrig
behavioral1/memory/2360-174-0x000000013F4E0000-0x000000013F831000-memory.dmp	xmrig
behavioral1/memory/2868-213-0x000000013F030000-0x000000013F381000-memory.dmp	xmrig
behavioral1/memory/1436-242-0x000000013F460000-0x000000013F7B1000-memory.dmp	xmrig
behavioral1/memory/2916-867-0x000000013F9C0000-0x000000013FD11000-memory.dmp	xmrig
behavioral1/memory/2160-960-0x000000013FB60000-0x000000013FEB1000-memory.dmp	xmrig
behavioral1/memory/2312-987-0x000000013F220000-0x000000013F571000-memory.dmp	xmrig
behavioral1/memory/3000-847-0x000000013F990000-0x000000013FCE1000-memory.dmp	xmrig
behavioral1/memory/264-1011-0x000000013F460000-0x000000013F7B1000-memory.dmp	xmrig
behavioral1/memory/2480-1000-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	xmrig
behavioral1/memory/2856-1009-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2868-1021-0x000000013F030000-0x000000013F381000-memory.dmp	xmrig
behavioral1/memory/2360-1008-0x000000013F4E0000-0x000000013F831000-memory.dmp	xmrig
behavioral1/memory/2816-1031-0x000000013FB80000-0x000000013FED1000-memory.dmp	xmrig
behavioral1/memory/2804-1007-0x000000013F5D0000-0x000000013F921000-memory.dmp	xmrig
behavioral1/memory/2512-1037-0x000000013FCD0000-0x0000000140021000-memory.dmp	xmrig
behavioral1/memory/2872-1035-0x000000013FA60000-0x000000013FDB1000-memory.dmp	xmrig
behavioral1/memory/2548-1041-0x000000013F440000-0x000000013F791000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3000	yBbqdSC.exe
2916	QbzaYbc.exe
2160	oHSDujl.exe
2312	YaohGRI.exe
2816	IinNSrr.exe
2480	tezYiCF.exe
2512	aPlzoLL.exe
2804	gmErYrp.exe
2872	UeepMJm.exe
2856	KBtFlnB.exe
2548	Hhvjjct.exe
264	iUpxXbj.exe
2360	cepbCUz.exe
2868	iFRARNv.exe
1436	jAiJbib.exe
1500	urCgJyX.exe
1496	UkCmWlh.exe
452	OaNMzEs.exe
2088	DcUnlfX.exe
1340	OYobKGK.exe
1168	LTZOCoA.exe
2196	dSWxolZ.exe
556	vjbcGeE.exe
2232	lrgeFzV.exe
2412	JmtZbuZ.exe
2472	eWbcXPn.exe
2328	FlfYLDe.exe
900	EqqgGru.exe
2672	fhkfZfz.exe
2148	KZwnzdm.exe
1812	AHAvcAe.exe
960	msTAvWq.exe
2544	cZlsHOk.exe
2568	PLDIgLD.exe
2208	RhpIyNw.exe
1764	sPrqpPu.exe
1744	vsoJXhk.exe
1312	WPcghAv.exe
2780	uKEfQTW.exe
2376	XJQYaBm.exe
1976	DGiRGiA.exe
2752	xyhHCoO.exe
2616	vqXbycH.exe
888	WDmevht.exe
2632	UNJwxIx.exe
1524	ibLjjtY.exe
1256	OmDRxAg.exe
1624	mOPxCQb.exe
1236	rUEIUvh.exe
2224	xwcSJwK.exe
3064	NArRISv.exe
2980	jlZkhCL.exe
2840	JZfohDw.exe
2420	aCFlSJd.exe
2524	pYdvXxu.exe
2964	UYrvhOi.exe
2952	auyOHKQ.exe
2836	nKgPEsv.exe
1460	oNHLbWD.exe
1516	MgyZiDQ.exe
432	mSHRkuW.exe
2884	IZcfwXD.exe
2380	zsLDaMJ.exe
940	VmSKmpt.exe

Loads dropped DLL 64 IoCs

pid	Process
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1128-0-0x000000013F860000-0x000000013FBB1000-memory.dmp	upx
behavioral1/files/0x000c000000012266-6.dat	upx
behavioral1/memory/3000-8-0x000000013F990000-0x000000013FCE1000-memory.dmp	upx
behavioral1/files/0x0008000000016cf0-10.dat	upx
behavioral1/memory/2916-16-0x000000013F9C0000-0x000000013FD11000-memory.dmp	upx
behavioral1/files/0x000b000000016cab-12.dat	upx
behavioral1/memory/2160-21-0x000000013FB60000-0x000000013FEB1000-memory.dmp	upx
behavioral1/files/0x0007000000016d0c-23.dat	upx
behavioral1/memory/2312-29-0x000000013F220000-0x000000013F571000-memory.dmp	upx
behavioral1/files/0x0007000000016d1c-30.dat	upx
behavioral1/memory/1128-34-0x000000013F860000-0x000000013FBB1000-memory.dmp	upx
behavioral1/memory/2816-36-0x000000013FB80000-0x000000013FED1000-memory.dmp	upx
behavioral1/memory/3000-39-0x000000013F990000-0x000000013FCE1000-memory.dmp	upx
behavioral1/files/0x000a000000016d2c-41.dat	upx
behavioral1/memory/2480-44-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	upx
behavioral1/memory/2916-45-0x000000013F9C0000-0x000000013FD11000-memory.dmp	upx
behavioral1/memory/2512-51-0x000000013FCD0000-0x0000000140021000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-48.dat	upx
behavioral1/files/0x0002000000018334-52.dat	upx
behavioral1/memory/2160-58-0x000000013FB60000-0x000000013FEB1000-memory.dmp	upx
behavioral1/memory/2804-59-0x000000013F5D0000-0x000000013F921000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-60.dat	upx
behavioral1/files/0x000500000001950f-67.dat	upx
behavioral1/memory/2872-69-0x000000013FA60000-0x000000013FDB1000-memory.dmp	upx
behavioral1/files/0x0005000000019515-70.dat	upx
behavioral1/memory/2856-77-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx
behavioral1/memory/2548-80-0x000000013F440000-0x000000013F791000-memory.dmp	upx
behavioral1/memory/2480-84-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	upx
behavioral1/memory/264-87-0x000000013F460000-0x000000013F7B1000-memory.dmp	upx
behavioral1/files/0x000500000001957c-88.dat	upx
behavioral1/files/0x0005000000019547-83.dat	upx
behavioral1/memory/2512-90-0x000000013FCD0000-0x0000000140021000-memory.dmp	upx
behavioral1/memory/2360-95-0x000000013F4E0000-0x000000013F831000-memory.dmp	upx
behavioral1/files/0x00050000000195a7-98.dat	upx
behavioral1/memory/2868-101-0x000000013F030000-0x000000013F381000-memory.dmp	upx
behavioral1/memory/2872-106-0x000000013FA60000-0x000000013FDB1000-memory.dmp	upx
behavioral1/files/0x00050000000195a9-112.dat	upx
behavioral1/files/0x00050000000195ab-116.dat	upx
behavioral1/files/0x00050000000195ad-121.dat	upx
behavioral1/files/0x00050000000195af-128.dat	upx
behavioral1/files/0x00050000000195b1-132.dat	upx
behavioral1/files/0x00050000000195b3-142.dat	upx
behavioral1/files/0x00050000000195b5-145.dat	upx
behavioral1/files/0x00050000000195b7-149.dat	upx
behavioral1/files/0x00050000000195bb-156.dat	upx
behavioral1/files/0x00050000000195bd-159.dat	upx
behavioral1/files/0x00050000000195c1-169.dat	upx
behavioral1/memory/2360-174-0x000000013F4E0000-0x000000013F831000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-175.dat	upx
behavioral1/files/0x00050000000195c5-180.dat	upx
behavioral1/files/0x00050000000195c6-187.dat	upx
behavioral1/files/0x00050000000195c7-193.dat	upx
behavioral1/files/0x000500000001960c-194.dat	upx
behavioral1/files/0x0005000000019643-200.dat	upx
behavioral1/files/0x000500000001975a-204.dat	upx
behavioral1/memory/2868-213-0x000000013F030000-0x000000013F381000-memory.dmp	upx
behavioral1/memory/1436-242-0x000000013F460000-0x000000013F7B1000-memory.dmp	upx
behavioral1/memory/2916-867-0x000000013F9C0000-0x000000013FD11000-memory.dmp	upx
behavioral1/memory/2160-960-0x000000013FB60000-0x000000013FEB1000-memory.dmp	upx
behavioral1/memory/2312-987-0x000000013F220000-0x000000013F571000-memory.dmp	upx
behavioral1/memory/3000-847-0x000000013F990000-0x000000013FCE1000-memory.dmp	upx
behavioral1/memory/264-1011-0x000000013F460000-0x000000013F7B1000-memory.dmp	upx
behavioral1/memory/2480-1000-0x000000013FCA0000-0x000000013FFF1000-memory.dmp	upx
behavioral1/memory/2856-1009-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rUEIUvh.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aydCAqD.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gGKdFQv.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oioXnrB.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HaIdnMz.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\czfFRIt.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SyEpauH.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jYdlHho.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mCosEqB.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EHMBpYs.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zLuukVi.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CqsialE.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CiLhIts.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XtyzfMP.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mJgfjQT.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FmUHOJz.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nrgOvZU.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jEutknI.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nyddFAK.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bmWwRpS.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PAJledu.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NyQRgaS.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cxtzeOn.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tCDqiCg.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RqbnOCC.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OThPyPQ.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\maHtNoQ.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HWhvELT.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HXBHMLv.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ddjJScX.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jcuEMUK.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JSqkEWX.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GzNRJYg.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZMqeCiq.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UeaHyGr.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wiBfmIY.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kaBGTjj.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yojfFoe.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yMTpuoB.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qwOLoMx.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JEhzyqR.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cxNktht.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rKZlzNm.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rfcBdKd.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rOdTpUl.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VcbBERl.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sPrqpPu.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ncbynsK.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zlenCdK.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TzSFJZq.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ugKXCJD.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NNNtsTF.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JZfohDw.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qxednsH.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mzNjwid.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RoXfsds.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tCewzsg.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NfgYMGd.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LSAXwYk.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xBigggb.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bdsvZqG.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VUzWJwr.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hDvCOum.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WoDgsjz.exe	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 3000	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1128 wrote to memory of 3000	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1128 wrote to memory of 3000	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1128 wrote to memory of 2916	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1128 wrote to memory of 2916	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1128 wrote to memory of 2916	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1128 wrote to memory of 2160	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1128 wrote to memory of 2160	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1128 wrote to memory of 2160	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1128 wrote to memory of 2312	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1128 wrote to memory of 2312	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1128 wrote to memory of 2312	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1128 wrote to memory of 2816	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1128 wrote to memory of 2816	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1128 wrote to memory of 2816	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1128 wrote to memory of 2480	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1128 wrote to memory of 2480	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1128 wrote to memory of 2480	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1128 wrote to memory of 2512	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1128 wrote to memory of 2512	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1128 wrote to memory of 2512	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1128 wrote to memory of 2804	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1128 wrote to memory of 2804	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1128 wrote to memory of 2804	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1128 wrote to memory of 2872	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1128 wrote to memory of 2872	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1128 wrote to memory of 2872	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1128 wrote to memory of 2856	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1128 wrote to memory of 2856	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1128 wrote to memory of 2856	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1128 wrote to memory of 2548	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1128 wrote to memory of 2548	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1128 wrote to memory of 2548	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1128 wrote to memory of 264	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1128 wrote to memory of 264	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1128 wrote to memory of 264	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1128 wrote to memory of 2360	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1128 wrote to memory of 2360	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1128 wrote to memory of 2360	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1128 wrote to memory of 2868	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1128 wrote to memory of 2868	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1128 wrote to memory of 2868	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1128 wrote to memory of 1436	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1128 wrote to memory of 1436	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1128 wrote to memory of 1436	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1128 wrote to memory of 1500	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1128 wrote to memory of 1500	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1128 wrote to memory of 1500	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1128 wrote to memory of 1496	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1128 wrote to memory of 1496	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1128 wrote to memory of 1496	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1128 wrote to memory of 452	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1128 wrote to memory of 452	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1128 wrote to memory of 452	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1128 wrote to memory of 2088	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1128 wrote to memory of 2088	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1128 wrote to memory of 2088	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1128 wrote to memory of 1340	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1128 wrote to memory of 1340	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1128 wrote to memory of 1340	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1128 wrote to memory of 1168	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1128 wrote to memory of 1168	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1128 wrote to memory of 1168	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1128 wrote to memory of 2196	1128	2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_1b0f630a9f2a84c4d4a99661df651fc2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\System\yBbqdSC.exe
  C:\Windows\System\yBbqdSC.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QbzaYbc.exe
  C:\Windows\System\QbzaYbc.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\oHSDujl.exe
  C:\Windows\System\oHSDujl.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\YaohGRI.exe
  C:\Windows\System\YaohGRI.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\IinNSrr.exe
  C:\Windows\System\IinNSrr.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\tezYiCF.exe
  C:\Windows\System\tezYiCF.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\aPlzoLL.exe
  C:\Windows\System\aPlzoLL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\gmErYrp.exe
  C:\Windows\System\gmErYrp.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UeepMJm.exe
  C:\Windows\System\UeepMJm.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\KBtFlnB.exe
  C:\Windows\System\KBtFlnB.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\Hhvjjct.exe
  C:\Windows\System\Hhvjjct.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\iUpxXbj.exe
  C:\Windows\System\iUpxXbj.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\cepbCUz.exe
  C:\Windows\System\cepbCUz.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\iFRARNv.exe
  C:\Windows\System\iFRARNv.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\jAiJbib.exe
  C:\Windows\System\jAiJbib.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\urCgJyX.exe
  C:\Windows\System\urCgJyX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\UkCmWlh.exe
  C:\Windows\System\UkCmWlh.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\OaNMzEs.exe
  C:\Windows\System\OaNMzEs.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\DcUnlfX.exe
  C:\Windows\System\DcUnlfX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\OYobKGK.exe
  C:\Windows\System\OYobKGK.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\LTZOCoA.exe
  C:\Windows\System\LTZOCoA.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\dSWxolZ.exe
  C:\Windows\System\dSWxolZ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\vjbcGeE.exe
  C:\Windows\System\vjbcGeE.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\lrgeFzV.exe
  C:\Windows\System\lrgeFzV.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\JmtZbuZ.exe
  C:\Windows\System\JmtZbuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\eWbcXPn.exe
  C:\Windows\System\eWbcXPn.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\FlfYLDe.exe
  C:\Windows\System\FlfYLDe.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\EqqgGru.exe
  C:\Windows\System\EqqgGru.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\fhkfZfz.exe
  C:\Windows\System\fhkfZfz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\KZwnzdm.exe
  C:\Windows\System\KZwnzdm.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\AHAvcAe.exe
  C:\Windows\System\AHAvcAe.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\msTAvWq.exe
  C:\Windows\System\msTAvWq.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\cZlsHOk.exe
  C:\Windows\System\cZlsHOk.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\PLDIgLD.exe
  C:\Windows\System\PLDIgLD.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\RhpIyNw.exe
  C:\Windows\System\RhpIyNw.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\sPrqpPu.exe
  C:\Windows\System\sPrqpPu.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\vsoJXhk.exe
  C:\Windows\System\vsoJXhk.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\WPcghAv.exe
  C:\Windows\System\WPcghAv.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\uKEfQTW.exe
  C:\Windows\System\uKEfQTW.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\XJQYaBm.exe
  C:\Windows\System\XJQYaBm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\DGiRGiA.exe
  C:\Windows\System\DGiRGiA.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\xyhHCoO.exe
  C:\Windows\System\xyhHCoO.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\UNJwxIx.exe
  C:\Windows\System\UNJwxIx.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\vqXbycH.exe
  C:\Windows\System\vqXbycH.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ibLjjtY.exe
  C:\Windows\System\ibLjjtY.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\WDmevht.exe
  C:\Windows\System\WDmevht.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\OmDRxAg.exe
  C:\Windows\System\OmDRxAg.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\mOPxCQb.exe
  C:\Windows\System\mOPxCQb.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\rUEIUvh.exe
  C:\Windows\System\rUEIUvh.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\xwcSJwK.exe
  C:\Windows\System\xwcSJwK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\NArRISv.exe
  C:\Windows\System\NArRISv.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\jlZkhCL.exe
  C:\Windows\System\jlZkhCL.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\JZfohDw.exe
  C:\Windows\System\JZfohDw.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\aCFlSJd.exe
  C:\Windows\System\aCFlSJd.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\pYdvXxu.exe
  C:\Windows\System\pYdvXxu.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\UYrvhOi.exe
  C:\Windows\System\UYrvhOi.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\auyOHKQ.exe
  C:\Windows\System\auyOHKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\nKgPEsv.exe
  C:\Windows\System\nKgPEsv.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MgyZiDQ.exe
  C:\Windows\System\MgyZiDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\oNHLbWD.exe
  C:\Windows\System\oNHLbWD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\IZcfwXD.exe
  C:\Windows\System\IZcfwXD.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\mSHRkuW.exe
  C:\Windows\System\mSHRkuW.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\zsLDaMJ.exe
  C:\Windows\System\zsLDaMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VmSKmpt.exe
  C:\Windows\System\VmSKmpt.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\YmBnBDH.exe
  C:\Windows\System\YmBnBDH.exe
  2⤵
  PID:1056
- C:\Windows\System\vQwsqlG.exe
  C:\Windows\System\vQwsqlG.exe
  2⤵
  PID:608
- C:\Windows\System\WLzfgfs.exe
  C:\Windows\System\WLzfgfs.exe
  2⤵
  PID:840
- C:\Windows\System\mYWoXJJ.exe
  C:\Windows\System\mYWoXJJ.exe
  2⤵
  PID:2348
- C:\Windows\System\xKZaoLU.exe
  C:\Windows\System\xKZaoLU.exe
  2⤵
  PID:924
- C:\Windows\System\swqhXzz.exe
  C:\Windows\System\swqhXzz.exe
  2⤵
  PID:1804
- C:\Windows\System\fkKUstC.exe
  C:\Windows\System\fkKUstC.exe
  2⤵
  PID:2444
- C:\Windows\System\ADFcwnG.exe
  C:\Windows\System\ADFcwnG.exe
  2⤵
  PID:1652
- C:\Windows\System\nMIfkqd.exe
  C:\Windows\System\nMIfkqd.exe
  2⤵
  PID:1988
- C:\Windows\System\NdELivx.exe
  C:\Windows\System\NdELivx.exe
  2⤵
  PID:2268
- C:\Windows\System\xiphAsl.exe
  C:\Windows\System\xiphAsl.exe
  2⤵
  PID:1552
- C:\Windows\System\gIrBkUB.exe
  C:\Windows\System\gIrBkUB.exe
  2⤵
  PID:1960
- C:\Windows\System\PmbxTTB.exe
  C:\Windows\System\PmbxTTB.exe
  2⤵
  PID:1424
- C:\Windows\System\VnnbqgN.exe
  C:\Windows\System\VnnbqgN.exe
  2⤵
  PID:1584
- C:\Windows\System\cxNktht.exe
  C:\Windows\System\cxNktht.exe
  2⤵
  PID:1876
- C:\Windows\System\AnbAyQt.exe
  C:\Windows\System\AnbAyQt.exe
  2⤵
  PID:912
- C:\Windows\System\cSsJvoq.exe
  C:\Windows\System\cSsJvoq.exe
  2⤵
  PID:2740
- C:\Windows\System\qxednsH.exe
  C:\Windows\System\qxednsH.exe
  2⤵
  PID:1572
- C:\Windows\System\graXcsJ.exe
  C:\Windows\System\graXcsJ.exe
  2⤵
  PID:1540
- C:\Windows\System\rVhFeJA.exe
  C:\Windows\System\rVhFeJA.exe
  2⤵
  PID:2552
- C:\Windows\System\cjpEHtC.exe
  C:\Windows\System\cjpEHtC.exe
  2⤵
  PID:2300
- C:\Windows\System\uUpISTN.exe
  C:\Windows\System\uUpISTN.exe
  2⤵
  PID:2352
- C:\Windows\System\YeCBcGH.exe
  C:\Windows\System\YeCBcGH.exe
  2⤵
  PID:2704
- C:\Windows\System\CdMSgaM.exe
  C:\Windows\System\CdMSgaM.exe
  2⤵
  PID:2096
- C:\Windows\System\bqdGCBM.exe
  C:\Windows\System\bqdGCBM.exe
  2⤵
  PID:2808
- C:\Windows\System\vFeKzOS.exe
  C:\Windows\System\vFeKzOS.exe
  2⤵
  PID:2636
- C:\Windows\System\NYRhgyc.exe
  C:\Windows\System\NYRhgyc.exe
  2⤵
  PID:2612
- C:\Windows\System\xVlUoCz.exe
  C:\Windows\System\xVlUoCz.exe
  2⤵
  PID:1940
- C:\Windows\System\HXBHMLv.exe
  C:\Windows\System\HXBHMLv.exe
  2⤵
  PID:2592
- C:\Windows\System\LtkGFnc.exe
  C:\Windows\System\LtkGFnc.exe
  2⤵
  PID:1588
- C:\Windows\System\LwstcFL.exe
  C:\Windows\System\LwstcFL.exe
  2⤵
  PID:1616
- C:\Windows\System\QEiWapY.exe
  C:\Windows\System\QEiWapY.exe
  2⤵
  PID:2184
- C:\Windows\System\lrJIflB.exe
  C:\Windows\System\lrJIflB.exe
  2⤵
  PID:2244
- C:\Windows\System\aVIuSwi.exe
  C:\Windows\System\aVIuSwi.exe
  2⤵
  PID:3068
- C:\Windows\System\HKmnswY.exe
  C:\Windows\System\HKmnswY.exe
  2⤵
  PID:2052
- C:\Windows\System\YBdHdAD.exe
  C:\Windows\System\YBdHdAD.exe
  2⤵
  PID:2844
- C:\Windows\System\hTAAjFM.exe
  C:\Windows\System\hTAAjFM.exe
  2⤵
  PID:1956
- C:\Windows\System\XBqfauo.exe
  C:\Windows\System\XBqfauo.exe
  2⤵
  PID:1992
- C:\Windows\System\ddjJScX.exe
  C:\Windows\System\ddjJScX.exe
  2⤵
  PID:2272
- C:\Windows\System\vjqJHMZ.exe
  C:\Windows\System\vjqJHMZ.exe
  2⤵
  PID:1492
- C:\Windows\System\mzNjwid.exe
  C:\Windows\System\mzNjwid.exe
  2⤵
  PID:1040
- C:\Windows\System\diOnxku.exe
  C:\Windows\System\diOnxku.exe
  2⤵
  PID:3032
- C:\Windows\System\shBHMcN.exe
  C:\Windows\System\shBHMcN.exe
  2⤵
  PID:3056
- C:\Windows\System\xBigggb.exe
  C:\Windows\System\xBigggb.exe
  2⤵
  PID:3060
- C:\Windows\System\tUVcIVj.exe
  C:\Windows\System\tUVcIVj.exe
  2⤵
  PID:2976
- C:\Windows\System\tTZXNUo.exe
  C:\Windows\System\tTZXNUo.exe
  2⤵
  PID:1836
- C:\Windows\System\NCJXTRW.exe
  C:\Windows\System\NCJXTRW.exe
  2⤵
  PID:2824
- C:\Windows\System\WtNHtLQ.exe
  C:\Windows\System\WtNHtLQ.exe
  2⤵
  PID:1248
- C:\Windows\System\ZmFmFXW.exe
  C:\Windows\System\ZmFmFXW.exe
  2⤵
  PID:2188
- C:\Windows\System\scUPSbX.exe
  C:\Windows\System\scUPSbX.exe
  2⤵
  PID:1148
- C:\Windows\System\pZZhcVO.exe
  C:\Windows\System\pZZhcVO.exe
  2⤵
  PID:3028
- C:\Windows\System\vCJWMCN.exe
  C:\Windows\System\vCJWMCN.exe
  2⤵
  PID:2216
- C:\Windows\System\TElMUBN.exe
  C:\Windows\System\TElMUBN.exe
  2⤵
  PID:2476
- C:\Windows\System\qpvfENm.exe
  C:\Windows\System\qpvfENm.exe
  2⤵
  PID:2960
- C:\Windows\System\KxFpipL.exe
  C:\Windows\System\KxFpipL.exe
  2⤵
  PID:1784
- C:\Windows\System\AMzXpju.exe
  C:\Windows\System\AMzXpju.exe
  2⤵
  PID:560
- C:\Windows\System\UNqvngl.exe
  C:\Windows\System\UNqvngl.exe
  2⤵
  PID:1796
- C:\Windows\System\BgoXcnd.exe
  C:\Windows\System\BgoXcnd.exe
  2⤵
  PID:2284
- C:\Windows\System\GXSMWXe.exe
  C:\Windows\System\GXSMWXe.exe
  2⤵
  PID:768
- C:\Windows\System\FmUHOJz.exe
  C:\Windows\System\FmUHOJz.exe
  2⤵
  PID:1712
- C:\Windows\System\IjZjIOE.exe
  C:\Windows\System\IjZjIOE.exe
  2⤵
  PID:1700
- C:\Windows\System\lMoNEju.exe
  C:\Windows\System\lMoNEju.exe
  2⤵
  PID:1232
- C:\Windows\System\hdmYVee.exe
  C:\Windows\System\hdmYVee.exe
  2⤵
  PID:2608
- C:\Windows\System\RiqXMZi.exe
  C:\Windows\System\RiqXMZi.exe
  2⤵
  PID:1800
- C:\Windows\System\HbxGhjV.exe
  C:\Windows\System\HbxGhjV.exe
  2⤵
  PID:1704
- C:\Windows\System\tfKyIPy.exe
  C:\Windows\System\tfKyIPy.exe
  2⤵
  PID:2956
- C:\Windows\System\nCAGPBM.exe
  C:\Windows\System\nCAGPBM.exe
  2⤵
  PID:1824
- C:\Windows\System\MGbUjni.exe
  C:\Windows\System\MGbUjni.exe
  2⤵
  PID:2932
- C:\Windows\System\pgPaIUo.exe
  C:\Windows\System\pgPaIUo.exe
  2⤵
  PID:2128
- C:\Windows\System\EajrYyU.exe
  C:\Windows\System\EajrYyU.exe
  2⤵
  PID:2252
- C:\Windows\System\aFCrzGF.exe
  C:\Windows\System\aFCrzGF.exe
  2⤵
  PID:2912
- C:\Windows\System\siHJhhu.exe
  C:\Windows\System\siHJhhu.exe
  2⤵
  PID:2828
- C:\Windows\System\TzfZsNk.exe
  C:\Windows\System\TzfZsNk.exe
  2⤵
  PID:2880
- C:\Windows\System\vEmBYvs.exe
  C:\Windows\System\vEmBYvs.exe
  2⤵
  PID:3036
- C:\Windows\System\qlPueIU.exe
  C:\Windows\System\qlPueIU.exe
  2⤵
  PID:2676
- C:\Windows\System\WVLWTzi.exe
  C:\Windows\System\WVLWTzi.exe
  2⤵
  PID:3008
- C:\Windows\System\KYdKAJt.exe
  C:\Windows\System\KYdKAJt.exe
  2⤵
  PID:864
- C:\Windows\System\YRzUGOT.exe
  C:\Windows\System\YRzUGOT.exe
  2⤵
  PID:1304
- C:\Windows\System\WqXpPQP.exe
  C:\Windows\System\WqXpPQP.exe
  2⤵
  PID:836
- C:\Windows\System\VRTVwTw.exe
  C:\Windows\System\VRTVwTw.exe
  2⤵
  PID:756
- C:\Windows\System\KtwnAJm.exe
  C:\Windows\System\KtwnAJm.exe
  2⤵
  PID:612
- C:\Windows\System\wCGmhZB.exe
  C:\Windows\System\wCGmhZB.exe
  2⤵
  PID:1088
- C:\Windows\System\ANkbgVl.exe
  C:\Windows\System\ANkbgVl.exe
  2⤵
  PID:932
- C:\Windows\System\ySwqQTK.exe
  C:\Windows\System\ySwqQTK.exe
  2⤵
  PID:2584
- C:\Windows\System\EKFHBvS.exe
  C:\Windows\System\EKFHBvS.exe
  2⤵
  PID:2028
- C:\Windows\System\UYDdwIG.exe
  C:\Windows\System\UYDdwIG.exe
  2⤵
  PID:2236
- C:\Windows\System\bdsvZqG.exe
  C:\Windows\System\bdsvZqG.exe
  2⤵
  PID:1564
- C:\Windows\System\SiZitJB.exe
  C:\Windows\System\SiZitJB.exe
  2⤵
  PID:2156
- C:\Windows\System\SHCYnjL.exe
  C:\Windows\System\SHCYnjL.exe
  2⤵
  PID:2212
- C:\Windows\System\DWgghNT.exe
  C:\Windows\System\DWgghNT.exe
  2⤵
  PID:1944
- C:\Windows\System\ninqjKN.exe
  C:\Windows\System\ninqjKN.exe
  2⤵
  PID:2484
- C:\Windows\System\zAjUlwh.exe
  C:\Windows\System\zAjUlwh.exe
  2⤵
  PID:3020
- C:\Windows\System\XaqflYl.exe
  C:\Windows\System\XaqflYl.exe
  2⤵
  PID:624
- C:\Windows\System\WuebvQd.exe
  C:\Windows\System\WuebvQd.exe
  2⤵
  PID:2228
- C:\Windows\System\LWHwGtc.exe
  C:\Windows\System\LWHwGtc.exe
  2⤵
  PID:2764
- C:\Windows\System\IPYZDZo.exe
  C:\Windows\System\IPYZDZo.exe
  2⤵
  PID:1728
- C:\Windows\System\OIUOyZT.exe
  C:\Windows\System\OIUOyZT.exe
  2⤵
  PID:1612
- C:\Windows\System\rCdgZoH.exe
  C:\Windows\System\rCdgZoH.exe
  2⤵
  PID:2784
- C:\Windows\System\MuzKwHV.exe
  C:\Windows\System\MuzKwHV.exe
  2⤵
  PID:2700
- C:\Windows\System\BMoagvD.exe
  C:\Windows\System\BMoagvD.exe
  2⤵
  PID:972
- C:\Windows\System\bIAWJav.exe
  C:\Windows\System\bIAWJav.exe
  2⤵
  PID:2180
- C:\Windows\System\qLLgKvm.exe
  C:\Windows\System\qLLgKvm.exe
  2⤵
  PID:2572
- C:\Windows\System\kZslLEk.exe
  C:\Windows\System\kZslLEk.exe
  2⤵
  PID:2332
- C:\Windows\System\iEfxBoZ.exe
  C:\Windows\System\iEfxBoZ.exe
  2⤵
  PID:1632
- C:\Windows\System\KAeTptu.exe
  C:\Windows\System\KAeTptu.exe
  2⤵
  PID:1928
- C:\Windows\System\BoOaeED.exe
  C:\Windows\System\BoOaeED.exe
  2⤵
  PID:1808
- C:\Windows\System\SkJtsNu.exe
  C:\Windows\System\SkJtsNu.exe
  2⤵
  PID:2560
- C:\Windows\System\MJnKViH.exe
  C:\Windows\System\MJnKViH.exe
  2⤵
  PID:2324
- C:\Windows\System\LEPtyGI.exe
  C:\Windows\System\LEPtyGI.exe
  2⤵
  PID:2192
- C:\Windows\System\KQSFXBU.exe
  C:\Windows\System\KQSFXBU.exe
  2⤵
  PID:680
- C:\Windows\System\CTqXYRs.exe
  C:\Windows\System\CTqXYRs.exe
  2⤵
  PID:1064
- C:\Windows\System\lzYxWaG.exe
  C:\Windows\System\lzYxWaG.exe
  2⤵
  PID:1080
- C:\Windows\System\RxtSVmf.exe
  C:\Windows\System\RxtSVmf.exe
  2⤵
  PID:2012
- C:\Windows\System\HOscAmN.exe
  C:\Windows\System\HOscAmN.exe
  2⤵
  PID:1192
- C:\Windows\System\dZIBlhz.exe
  C:\Windows\System\dZIBlhz.exe
  2⤵
  PID:2132
- C:\Windows\System\wgvJCOL.exe
  C:\Windows\System\wgvJCOL.exe
  2⤵
  PID:3080
- C:\Windows\System\tKzUUHU.exe
  C:\Windows\System\tKzUUHU.exe
  2⤵
  PID:3096
- C:\Windows\System\aVkKxvi.exe
  C:\Windows\System\aVkKxvi.exe
  2⤵
  PID:3112
- C:\Windows\System\BHrkpMk.exe
  C:\Windows\System\BHrkpMk.exe
  2⤵
  PID:3132
- C:\Windows\System\EKQHvxw.exe
  C:\Windows\System\EKQHvxw.exe
  2⤵
  PID:3148
- C:\Windows\System\MAECSla.exe
  C:\Windows\System\MAECSla.exe
  2⤵
  PID:3164
- C:\Windows\System\nJpCAvV.exe
  C:\Windows\System\nJpCAvV.exe
  2⤵
  PID:3184
- C:\Windows\System\CsumjTe.exe
  C:\Windows\System\CsumjTe.exe
  2⤵
  PID:3204
- C:\Windows\System\EwOAtuK.exe
  C:\Windows\System\EwOAtuK.exe
  2⤵
  PID:3232
- C:\Windows\System\LQSLipr.exe
  C:\Windows\System\LQSLipr.exe
  2⤵
  PID:3248
- C:\Windows\System\oLKSEHm.exe
  C:\Windows\System\oLKSEHm.exe
  2⤵
  PID:3264
- C:\Windows\System\TIfqnzn.exe
  C:\Windows\System\TIfqnzn.exe
  2⤵
  PID:3280
- C:\Windows\System\bQrLbFR.exe
  C:\Windows\System\bQrLbFR.exe
  2⤵
  PID:3312
- C:\Windows\System\nOnPnhv.exe
  C:\Windows\System\nOnPnhv.exe
  2⤵
  PID:3328
- C:\Windows\System\KFHcnvU.exe
  C:\Windows\System\KFHcnvU.exe
  2⤵
  PID:3344
- C:\Windows\System\oXFVzHG.exe
  C:\Windows\System\oXFVzHG.exe
  2⤵
  PID:3360
- C:\Windows\System\DBtxNAP.exe
  C:\Windows\System\DBtxNAP.exe
  2⤵
  PID:3380
- C:\Windows\System\wEJGUtN.exe
  C:\Windows\System\wEJGUtN.exe
  2⤵
  PID:3404
- C:\Windows\System\BhSnYEu.exe
  C:\Windows\System\BhSnYEu.exe
  2⤵
  PID:3424
- C:\Windows\System\GQQwpVD.exe
  C:\Windows\System\GQQwpVD.exe
  2⤵
  PID:3456
- C:\Windows\System\KUsVUvE.exe
  C:\Windows\System\KUsVUvE.exe
  2⤵
  PID:3476
- C:\Windows\System\kaBGTjj.exe
  C:\Windows\System\kaBGTjj.exe
  2⤵
  PID:3496
- C:\Windows\System\QatzDcQ.exe
  C:\Windows\System\QatzDcQ.exe
  2⤵
  PID:3532
- C:\Windows\System\KrRiFmk.exe
  C:\Windows\System\KrRiFmk.exe
  2⤵
  PID:3548
- C:\Windows\System\irJRKxQ.exe
  C:\Windows\System\irJRKxQ.exe
  2⤵
  PID:3564
- C:\Windows\System\EZrGqNc.exe
  C:\Windows\System\EZrGqNc.exe
  2⤵
  PID:3604
- C:\Windows\System\tElLUOt.exe
  C:\Windows\System\tElLUOt.exe
  2⤵
  PID:3620
- C:\Windows\System\prDUPoN.exe
  C:\Windows\System\prDUPoN.exe
  2⤵
  PID:3636
- C:\Windows\System\VSTNrqa.exe
  C:\Windows\System\VSTNrqa.exe
  2⤵
  PID:3652
- C:\Windows\System\gQHGzRz.exe
  C:\Windows\System\gQHGzRz.exe
  2⤵
  PID:3668
- C:\Windows\System\uZWiYqQ.exe
  C:\Windows\System\uZWiYqQ.exe
  2⤵
  PID:3700
- C:\Windows\System\rCnbmzP.exe
  C:\Windows\System\rCnbmzP.exe
  2⤵
  PID:3716
- C:\Windows\System\uApYuXI.exe
  C:\Windows\System\uApYuXI.exe
  2⤵
  PID:3740
- C:\Windows\System\jYdlHho.exe
  C:\Windows\System\jYdlHho.exe
  2⤵
  PID:3756
- C:\Windows\System\HsDzUQq.exe
  C:\Windows\System\HsDzUQq.exe
  2⤵
  PID:3772
- C:\Windows\System\CKPPuLV.exe
  C:\Windows\System\CKPPuLV.exe
  2⤵
  PID:3792
- C:\Windows\System\mKOtrJA.exe
  C:\Windows\System\mKOtrJA.exe
  2⤵
  PID:3808
- C:\Windows\System\uhBQUPe.exe
  C:\Windows\System\uhBQUPe.exe
  2⤵
  PID:3840
- C:\Windows\System\CXXOVhW.exe
  C:\Windows\System\CXXOVhW.exe
  2⤵
  PID:3860
- C:\Windows\System\NfFaGWc.exe
  C:\Windows\System\NfFaGWc.exe
  2⤵
  PID:3876
- C:\Windows\System\bMqbGBz.exe
  C:\Windows\System\bMqbGBz.exe
  2⤵
  PID:3892
- C:\Windows\System\BpLjXRd.exe
  C:\Windows\System\BpLjXRd.exe
  2⤵
  PID:3920
- C:\Windows\System\KbdJffr.exe
  C:\Windows\System\KbdJffr.exe
  2⤵
  PID:3952
- C:\Windows\System\hZfJjHZ.exe
  C:\Windows\System\hZfJjHZ.exe
  2⤵
  PID:3968
- C:\Windows\System\ERPmlNe.exe
  C:\Windows\System\ERPmlNe.exe
  2⤵
  PID:3984
- C:\Windows\System\RbZFkBE.exe
  C:\Windows\System\RbZFkBE.exe
  2⤵
  PID:4008
- C:\Windows\System\ItvRBWy.exe
  C:\Windows\System\ItvRBWy.exe
  2⤵
  PID:4036
- C:\Windows\System\IQhlBIl.exe
  C:\Windows\System\IQhlBIl.exe
  2⤵
  PID:4056
- C:\Windows\System\HXuaTZp.exe
  C:\Windows\System\HXuaTZp.exe
  2⤵
  PID:4084
- C:\Windows\System\ggAMAPj.exe
  C:\Windows\System\ggAMAPj.exe
  2⤵
  PID:1084
- C:\Windows\System\NutXmmb.exe
  C:\Windows\System\NutXmmb.exe
  2⤵
  PID:3124
- C:\Windows\System\RZnjbOc.exe
  C:\Windows\System\RZnjbOc.exe
  2⤵
  PID:3160
- C:\Windows\System\UXNxIIk.exe
  C:\Windows\System\UXNxIIk.exe
  2⤵
  PID:3200
- C:\Windows\System\cyJwqmL.exe
  C:\Windows\System\cyJwqmL.exe
  2⤵
  PID:3276
- C:\Windows\System\UlzOrOT.exe
  C:\Windows\System\UlzOrOT.exe
  2⤵
  PID:3256
- C:\Windows\System\YyBEevG.exe
  C:\Windows\System\YyBEevG.exe
  2⤵
  PID:3216
- C:\Windows\System\NBWSRnK.exe
  C:\Windows\System\NBWSRnK.exe
  2⤵
  PID:3140
- C:\Windows\System\tCZGxEw.exe
  C:\Windows\System\tCZGxEw.exe
  2⤵
  PID:3212
- C:\Windows\System\vVhAnRA.exe
  C:\Windows\System\vVhAnRA.exe
  2⤵
  PID:3300
- C:\Windows\System\nxZAcPq.exe
  C:\Windows\System\nxZAcPq.exe
  2⤵
  PID:3396
- C:\Windows\System\evynMpH.exe
  C:\Windows\System\evynMpH.exe
  2⤵
  PID:3440
- C:\Windows\System\aVukMTP.exe
  C:\Windows\System\aVukMTP.exe
  2⤵
  PID:3336
- C:\Windows\System\svloftS.exe
  C:\Windows\System\svloftS.exe
  2⤵
  PID:3368
- C:\Windows\System\cryhbdm.exe
  C:\Windows\System\cryhbdm.exe
  2⤵
  PID:3468
- C:\Windows\System\rvMiXrp.exe
  C:\Windows\System\rvMiXrp.exe
  2⤵
  PID:3528
- C:\Windows\System\lniIepl.exe
  C:\Windows\System\lniIepl.exe
  2⤵
  PID:3556
- C:\Windows\System\ctzXNkn.exe
  C:\Windows\System\ctzXNkn.exe
  2⤵
  PID:3588
- C:\Windows\System\RCYdLdF.exe
  C:\Windows\System\RCYdLdF.exe
  2⤵
  PID:3676
- C:\Windows\System\zLliRDp.exe
  C:\Windows\System\zLliRDp.exe
  2⤵
  PID:3712
- C:\Windows\System\tINvpNT.exe
  C:\Windows\System\tINvpNT.exe
  2⤵
  PID:3684
- C:\Windows\System\zkOGioP.exe
  C:\Windows\System\zkOGioP.exe
  2⤵
  PID:3696
- C:\Windows\System\NsOVIsc.exe
  C:\Windows\System\NsOVIsc.exe
  2⤵
  PID:3828
- C:\Windows\System\EaPYPyO.exe
  C:\Windows\System\EaPYPyO.exe
  2⤵
  PID:3732
- C:\Windows\System\RoXfsds.exe
  C:\Windows\System\RoXfsds.exe
  2⤵
  PID:3804
- C:\Windows\System\VfLdCCa.exe
  C:\Windows\System\VfLdCCa.exe
  2⤵
  PID:3884
- C:\Windows\System\zbnqPfl.exe
  C:\Windows\System\zbnqPfl.exe
  2⤵
  PID:3908
- C:\Windows\System\QdnTbSi.exe
  C:\Windows\System\QdnTbSi.exe
  2⤵
  PID:3976
- C:\Windows\System\wwXRReY.exe
  C:\Windows\System\wwXRReY.exe
  2⤵
  PID:4016
- C:\Windows\System\mCosEqB.exe
  C:\Windows\System\mCosEqB.exe
  2⤵
  PID:4044
- C:\Windows\System\jfGfstn.exe
  C:\Windows\System\jfGfstn.exe
  2⤵
  PID:4052
- C:\Windows\System\slWYUzk.exe
  C:\Windows\System\slWYUzk.exe
  2⤵
  PID:4072
- C:\Windows\System\aIIimSB.exe
  C:\Windows\System\aIIimSB.exe
  2⤵
  PID:3088
- C:\Windows\System\fsrpzpz.exe
  C:\Windows\System\fsrpzpz.exe
  2⤵
  PID:2892
- C:\Windows\System\sGoqDPS.exe
  C:\Windows\System\sGoqDPS.exe
  2⤵
  PID:3272
- C:\Windows\System\MNKdcZj.exe
  C:\Windows\System\MNKdcZj.exe
  2⤵
  PID:3472
- C:\Windows\System\WGNEBLm.exe
  C:\Windows\System\WGNEBLm.exe
  2⤵
  PID:3600
- C:\Windows\System\BSwQnSz.exe
  C:\Windows\System\BSwQnSz.exe
  2⤵
  PID:3648
- C:\Windows\System\VUzWJwr.exe
  C:\Windows\System\VUzWJwr.exe
  2⤵
  PID:3784
- C:\Windows\System\TNtGjZm.exe
  C:\Windows\System\TNtGjZm.exe
  2⤵
  PID:3816
- C:\Windows\System\JAZDSYE.exe
  C:\Windows\System\JAZDSYE.exe
  2⤵
  PID:3832
- C:\Windows\System\LYSYXyn.exe
  C:\Windows\System\LYSYXyn.exe
  2⤵
  PID:564
- C:\Windows\System\xZJwXsz.exe
  C:\Windows\System\xZJwXsz.exe
  2⤵
  PID:4068
- C:\Windows\System\cSkRMKW.exe
  C:\Windows\System\cSkRMKW.exe
  2⤵
  PID:2000
- C:\Windows\System\sUUqmwA.exe
  C:\Windows\System\sUUqmwA.exe
  2⤵
  PID:3948
- C:\Windows\System\ncbynsK.exe
  C:\Windows\System\ncbynsK.exe
  2⤵
  PID:3352
- C:\Windows\System\aydCAqD.exe
  C:\Windows\System\aydCAqD.exe
  2⤵
  PID:3572
- C:\Windows\System\rzAHPiu.exe
  C:\Windows\System\rzAHPiu.exe
  2⤵
  PID:3616
- C:\Windows\System\ZotqfTk.exe
  C:\Windows\System\ZotqfTk.exe
  2⤵
  PID:3172
- C:\Windows\System\kMRrQiT.exe
  C:\Windows\System\kMRrQiT.exe
  2⤵
  PID:3324
- C:\Windows\System\qDVxNUY.exe
  C:\Windows\System\qDVxNUY.exe
  2⤵
  PID:3788
- C:\Windows\System\AoasVaG.exe
  C:\Windows\System\AoasVaG.exe
  2⤵
  PID:3392
- C:\Windows\System\wTPqorV.exe
  C:\Windows\System\wTPqorV.exe
  2⤵
  PID:3372
- C:\Windows\System\EiibxKz.exe
  C:\Windows\System\EiibxKz.exe
  2⤵
  PID:3940
- C:\Windows\System\ezTKOft.exe
  C:\Windows\System\ezTKOft.exe
  2⤵
  PID:3156
- C:\Windows\System\zZEHFkF.exe
  C:\Windows\System\zZEHFkF.exe
  2⤵
  PID:3848
- C:\Windows\System\jyMKdvL.exe
  C:\Windows\System\jyMKdvL.exe
  2⤵
  PID:3296
- C:\Windows\System\EtfBPhl.exe
  C:\Windows\System\EtfBPhl.exe
  2⤵
  PID:4076
- C:\Windows\System\jcuEMUK.exe
  C:\Windows\System\jcuEMUK.exe
  2⤵
  PID:3520
- C:\Windows\System\fNVIrWq.exe
  C:\Windows\System\fNVIrWq.exe
  2⤵
  PID:3748
- C:\Windows\System\JuseqXq.exe
  C:\Windows\System\JuseqXq.exe
  2⤵
  PID:3448
- C:\Windows\System\UDMGuIw.exe
  C:\Windows\System\UDMGuIw.exe
  2⤵
  PID:3872
- C:\Windows\System\zlenCdK.exe
  C:\Windows\System\zlenCdK.exe
  2⤵
  PID:3412
- C:\Windows\System\WTuUImG.exe
  C:\Windows\System\WTuUImG.exe
  2⤵
  PID:3728
- C:\Windows\System\QropZpe.exe
  C:\Windows\System\QropZpe.exe
  2⤵
  PID:3420
- C:\Windows\System\CqpTssl.exe
  C:\Windows\System\CqpTssl.exe
  2⤵
  PID:3932
- C:\Windows\System\TCYKSvx.exe
  C:\Windows\System\TCYKSvx.exe
  2⤵
  PID:4120
- C:\Windows\System\lFjhoZt.exe
  C:\Windows\System\lFjhoZt.exe
  2⤵
  PID:4140
- C:\Windows\System\bMaPReA.exe
  C:\Windows\System\bMaPReA.exe
  2⤵
  PID:4156
- C:\Windows\System\ydcZdEZ.exe
  C:\Windows\System\ydcZdEZ.exe
  2⤵
  PID:4196
- C:\Windows\System\xypWZRH.exe
  C:\Windows\System\xypWZRH.exe
  2⤵
  PID:4212
- C:\Windows\System\OpPLorK.exe
  C:\Windows\System\OpPLorK.exe
  2⤵
  PID:4232
- C:\Windows\System\Rzfeduu.exe
  C:\Windows\System\Rzfeduu.exe
  2⤵
  PID:4252
- C:\Windows\System\tfTaPkY.exe
  C:\Windows\System\tfTaPkY.exe
  2⤵
  PID:4272
- C:\Windows\System\SQrkbgQ.exe
  C:\Windows\System\SQrkbgQ.exe
  2⤵
  PID:4296
- C:\Windows\System\rKZlzNm.exe
  C:\Windows\System\rKZlzNm.exe
  2⤵
  PID:4312
- C:\Windows\System\IxakiPY.exe
  C:\Windows\System\IxakiPY.exe
  2⤵
  PID:4328
- C:\Windows\System\hXJfYpZ.exe
  C:\Windows\System\hXJfYpZ.exe
  2⤵
  PID:4344
- C:\Windows\System\GjEUeWr.exe
  C:\Windows\System\GjEUeWr.exe
  2⤵
  PID:4364
- C:\Windows\System\qKeosEn.exe
  C:\Windows\System\qKeosEn.exe
  2⤵
  PID:4388
- C:\Windows\System\pKYvgEw.exe
  C:\Windows\System\pKYvgEw.exe
  2⤵
  PID:4412
- C:\Windows\System\nyQaRvo.exe
  C:\Windows\System\nyQaRvo.exe
  2⤵
  PID:4432
- C:\Windows\System\ytKIQBu.exe
  C:\Windows\System\ytKIQBu.exe
  2⤵
  PID:4476
- C:\Windows\System\JSqkEWX.exe
  C:\Windows\System\JSqkEWX.exe
  2⤵
  PID:4496
- C:\Windows\System\PJMVeYo.exe
  C:\Windows\System\PJMVeYo.exe
  2⤵
  PID:4516
- C:\Windows\System\fvPtlJT.exe
  C:\Windows\System\fvPtlJT.exe
  2⤵
  PID:4556
- C:\Windows\System\UfaCoRA.exe
  C:\Windows\System\UfaCoRA.exe
  2⤵
  PID:4576
- C:\Windows\System\QpagAEa.exe
  C:\Windows\System\QpagAEa.exe
  2⤵
  PID:4596
- C:\Windows\System\nrgOvZU.exe
  C:\Windows\System\nrgOvZU.exe
  2⤵
  PID:4620
- C:\Windows\System\TvCqDvW.exe
  C:\Windows\System\TvCqDvW.exe
  2⤵
  PID:4636
- C:\Windows\System\AqtzAKK.exe
  C:\Windows\System\AqtzAKK.exe
  2⤵
  PID:4656
- C:\Windows\System\hJsCFHS.exe
  C:\Windows\System\hJsCFHS.exe
  2⤵
  PID:4680
- C:\Windows\System\PAJledu.exe
  C:\Windows\System\PAJledu.exe
  2⤵
  PID:4732
- C:\Windows\System\OhOhyjn.exe
  C:\Windows\System\OhOhyjn.exe
  2⤵
  PID:4760
- C:\Windows\System\OJkBvBq.exe
  C:\Windows\System\OJkBvBq.exe
  2⤵
  PID:4780
- C:\Windows\System\KRVtRVx.exe
  C:\Windows\System\KRVtRVx.exe
  2⤵
  PID:4796
- C:\Windows\System\gGKdFQv.exe
  C:\Windows\System\gGKdFQv.exe
  2⤵
  PID:4816
- C:\Windows\System\CAjgdQJ.exe
  C:\Windows\System\CAjgdQJ.exe
  2⤵
  PID:4844
- C:\Windows\System\SKOGAbN.exe
  C:\Windows\System\SKOGAbN.exe
  2⤵
  PID:4864
- C:\Windows\System\JskFkYV.exe
  C:\Windows\System\JskFkYV.exe
  2⤵
  PID:4896
- C:\Windows\System\lrEoSyV.exe
  C:\Windows\System\lrEoSyV.exe
  2⤵
  PID:4916
- C:\Windows\System\ElLJMEw.exe
  C:\Windows\System\ElLJMEw.exe
  2⤵
  PID:4936
- C:\Windows\System\rDxWWqc.exe
  C:\Windows\System\rDxWWqc.exe
  2⤵
  PID:4952
- C:\Windows\System\FJcckBg.exe
  C:\Windows\System\FJcckBg.exe
  2⤵
  PID:4972
- C:\Windows\System\BaPfGBv.exe
  C:\Windows\System\BaPfGBv.exe
  2⤵
  PID:4988
- C:\Windows\System\WcIWAnd.exe
  C:\Windows\System\WcIWAnd.exe
  2⤵
  PID:5004
- C:\Windows\System\ysFSuKV.exe
  C:\Windows\System\ysFSuKV.exe
  2⤵
  PID:5020
- C:\Windows\System\HspsWPT.exe
  C:\Windows\System\HspsWPT.exe
  2⤵
  PID:5040
- C:\Windows\System\sVaYMNh.exe
  C:\Windows\System\sVaYMNh.exe
  2⤵
  PID:5060
- C:\Windows\System\kVcVImO.exe
  C:\Windows\System\kVcVImO.exe
  2⤵
  PID:5088
- C:\Windows\System\TwspIGK.exe
  C:\Windows\System\TwspIGK.exe
  2⤵
  PID:5112
- C:\Windows\System\tCewzsg.exe
  C:\Windows\System\tCewzsg.exe
  2⤵
  PID:3708
- C:\Windows\System\CeCDsTi.exe
  C:\Windows\System\CeCDsTi.exe
  2⤵
  PID:4148
- C:\Windows\System\txpZDzI.exe
  C:\Windows\System\txpZDzI.exe
  2⤵
  PID:3356
- C:\Windows\System\YcBoPvH.exe
  C:\Windows\System\YcBoPvH.exe
  2⤵
  PID:3388
- C:\Windows\System\GxrXuvx.exe
  C:\Windows\System\GxrXuvx.exe
  2⤵
  PID:4192
- C:\Windows\System\auTRPgc.exe
  C:\Windows\System\auTRPgc.exe
  2⤵
  PID:4268
- C:\Windows\System\NnhjSzn.exe
  C:\Windows\System\NnhjSzn.exe
  2⤵
  PID:3504
- C:\Windows\System\GFdmAxt.exe
  C:\Windows\System\GFdmAxt.exe
  2⤵
  PID:4320
- C:\Windows\System\kqQkkGb.exe
  C:\Windows\System\kqQkkGb.exe
  2⤵
  PID:4308
- C:\Windows\System\wWlhRyj.exe
  C:\Windows\System\wWlhRyj.exe
  2⤵
  PID:4404
- C:\Windows\System\Cgzripz.exe
  C:\Windows\System\Cgzripz.exe
  2⤵
  PID:2080
- C:\Windows\System\uAjUnIk.exe
  C:\Windows\System\uAjUnIk.exe
  2⤵
  PID:4376
- C:\Windows\System\KsIxfkl.exe
  C:\Windows\System\KsIxfkl.exe
  2⤵
  PID:4420
- C:\Windows\System\OKStGgg.exe
  C:\Windows\System\OKStGgg.exe
  2⤵
  PID:1060
- C:\Windows\System\XoqisPv.exe
  C:\Windows\System\XoqisPv.exe
  2⤵
  PID:1684
- C:\Windows\System\JtcVZOe.exe
  C:\Windows\System\JtcVZOe.exe
  2⤵
  PID:4444
- C:\Windows\System\jnsUFVD.exe
  C:\Windows\System\jnsUFVD.exe
  2⤵
  PID:4508
- C:\Windows\System\LcFyCwX.exe
  C:\Windows\System\LcFyCwX.exe
  2⤵
  PID:4484
- C:\Windows\System\TSMBCNz.exe
  C:\Windows\System\TSMBCNz.exe
  2⤵
  PID:4540
- C:\Windows\System\WwnXoHD.exe
  C:\Windows\System\WwnXoHD.exe
  2⤵
  PID:4572
- C:\Windows\System\SdFZdLw.exe
  C:\Windows\System\SdFZdLw.exe
  2⤵
  PID:4584
- C:\Windows\System\KTivQgZ.exe
  C:\Windows\System\KTivQgZ.exe
  2⤵
  PID:4648
- C:\Windows\System\XTBzJit.exe
  C:\Windows\System\XTBzJit.exe
  2⤵
  PID:4672
- C:\Windows\System\xNKrFkz.exe
  C:\Windows\System\xNKrFkz.exe
  2⤵
  PID:4632
- C:\Windows\System\hDvCOum.exe
  C:\Windows\System\hDvCOum.exe
  2⤵
  PID:4696
- C:\Windows\System\FOxRCVl.exe
  C:\Windows\System\FOxRCVl.exe
  2⤵
  PID:4712
- C:\Windows\System\NOmtGNk.exe
  C:\Windows\System\NOmtGNk.exe
  2⤵
  PID:4772
- C:\Windows\System\uDGIiPC.exe
  C:\Windows\System\uDGIiPC.exe
  2⤵
  PID:4748
- C:\Windows\System\HgEynOn.exe
  C:\Windows\System\HgEynOn.exe
  2⤵
  PID:4908
- C:\Windows\System\zCEhftN.exe
  C:\Windows\System\zCEhftN.exe
  2⤵
  PID:4884
- C:\Windows\System\QJqfpCy.exe
  C:\Windows\System\QJqfpCy.exe
  2⤵
  PID:4968
- C:\Windows\System\DnPOSQf.exe
  C:\Windows\System\DnPOSQf.exe
  2⤵
  PID:5048
- C:\Windows\System\rVLsrvZ.exe
  C:\Windows\System\rVLsrvZ.exe
  2⤵
  PID:4788
- C:\Windows\System\kUKqQsG.exe
  C:\Windows\System\kUKqQsG.exe
  2⤵
  PID:4832
- C:\Windows\System\HrrqLGt.exe
  C:\Windows\System\HrrqLGt.exe
  2⤵
  PID:5096
- C:\Windows\System\oRTEEnf.exe
  C:\Windows\System\oRTEEnf.exe
  2⤵
  PID:4876
- C:\Windows\System\eEDvNiY.exe
  C:\Windows\System\eEDvNiY.exe
  2⤵
  PID:4116
- C:\Windows\System\SSBtWdV.exe
  C:\Windows\System\SSBtWdV.exe
  2⤵
  PID:3492
- C:\Windows\System\GzUbpyq.exe
  C:\Windows\System\GzUbpyq.exe
  2⤵
  PID:5072
- C:\Windows\System\WoDgsjz.exe
  C:\Windows\System\WoDgsjz.exe
  2⤵
  PID:3240
- C:\Windows\System\CUTfclG.exe
  C:\Windows\System\CUTfclG.exe
  2⤵
  PID:4164
- C:\Windows\System\PQlUAmh.exe
  C:\Windows\System\PQlUAmh.exe
  2⤵
  PID:4028
- C:\Windows\System\uYLsQbq.exe
  C:\Windows\System\uYLsQbq.exe
  2⤵
  PID:3432
- C:\Windows\System\GjoKTvj.exe
  C:\Windows\System\GjoKTvj.exe
  2⤵
  PID:3964
- C:\Windows\System\JXRdbhH.exe
  C:\Windows\System\JXRdbhH.exe
  2⤵
  PID:4132
- C:\Windows\System\ycqqGIs.exe
  C:\Windows\System\ycqqGIs.exe
  2⤵
  PID:4176
- C:\Windows\System\EHMBpYs.exe
  C:\Windows\System\EHMBpYs.exe
  2⤵
  PID:2624
- C:\Windows\System\kCVjKBP.exe
  C:\Windows\System\kCVjKBP.exe
  2⤵
  PID:3800
- C:\Windows\System\dieMFGT.exe
  C:\Windows\System\dieMFGT.exe
  2⤵
  PID:1508
- C:\Windows\System\UXlgNne.exe
  C:\Windows\System\UXlgNne.exe
  2⤵
  PID:4220
- C:\Windows\System\CRwQCSP.exe
  C:\Windows\System\CRwQCSP.exe
  2⤵
  PID:4384
- C:\Windows\System\GKvsrLp.exe
  C:\Windows\System\GKvsrLp.exe
  2⤵
  PID:2528
- C:\Windows\System\kiOwGkF.exe
  C:\Windows\System\kiOwGkF.exe
  2⤵
  PID:4552
- C:\Windows\System\GdINzsY.exe
  C:\Windows\System\GdINzsY.exe
  2⤵
  PID:1592
- C:\Windows\System\rbqZWjj.exe
  C:\Windows\System\rbqZWjj.exe
  2⤵
  PID:4592
- C:\Windows\System\dxLpMZm.exe
  C:\Windows\System\dxLpMZm.exe
  2⤵
  PID:4568
- C:\Windows\System\hAsoQSG.exe
  C:\Windows\System\hAsoQSG.exe
  2⤵
  PID:4544
- C:\Windows\System\crVyEmM.exe
  C:\Windows\System\crVyEmM.exe
  2⤵
  PID:4668
- C:\Windows\System\CZRWokD.exe
  C:\Windows\System\CZRWokD.exe
  2⤵
  PID:4912
- C:\Windows\System\FDkGEPs.exe
  C:\Windows\System\FDkGEPs.exe
  2⤵
  PID:4724
- C:\Windows\System\EJqToMw.exe
  C:\Windows\System\EJqToMw.exe
  2⤵
  PID:4728
- C:\Windows\System\iazEZxC.exe
  C:\Windows\System\iazEZxC.exe
  2⤵
  PID:5016
- C:\Windows\System\TIMIrlQ.exe
  C:\Windows\System\TIMIrlQ.exe
  2⤵
  PID:4872
- C:\Windows\System\gkeoFGW.exe
  C:\Windows\System\gkeoFGW.exe
  2⤵
  PID:5052
- C:\Windows\System\wGxTisK.exe
  C:\Windows\System\wGxTisK.exe
  2⤵
  PID:5036
- C:\Windows\System\bImkbjn.exe
  C:\Windows\System\bImkbjn.exe
  2⤵
  PID:1840
- C:\Windows\System\sLnQFHF.exe
  C:\Windows\System\sLnQFHF.exe
  2⤵
  PID:4616
- C:\Windows\System\TzSFJZq.exe
  C:\Windows\System\TzSFJZq.exe
  2⤵
  PID:4812
- C:\Windows\System\OwldHtP.exe
  C:\Windows\System\OwldHtP.exe
  2⤵
  PID:4860
- C:\Windows\System\GBViZVL.exe
  C:\Windows\System\GBViZVL.exe
  2⤵
  PID:4768
- C:\Windows\System\eHwAxxo.exe
  C:\Windows\System\eHwAxxo.exe
  2⤵
  PID:4456
- C:\Windows\System\qhPFvce.exe
  C:\Windows\System\qhPFvce.exe
  2⤵
  PID:4260
- C:\Windows\System\TEqcduJ.exe
  C:\Windows\System\TEqcduJ.exe
  2⤵
  PID:3376
- C:\Windows\System\MEageKN.exe
  C:\Windows\System\MEageKN.exe
  2⤵
  PID:4528
- C:\Windows\System\lblCdoq.exe
  C:\Windows\System\lblCdoq.exe
  2⤵
  PID:4692
- C:\Windows\System\HBKWumB.exe
  C:\Windows\System\HBKWumB.exe
  2⤵
  PID:5108
- C:\Windows\System\TybiwqZ.exe
  C:\Windows\System\TybiwqZ.exe
  2⤵
  PID:4288
- C:\Windows\System\walBSgi.exe
  C:\Windows\System\walBSgi.exe
  2⤵
  PID:4184
- C:\Windows\System\Bzgmnyh.exe
  C:\Windows\System\Bzgmnyh.exe
  2⤵
  PID:4448
- C:\Windows\System\eLhqSgI.exe
  C:\Windows\System\eLhqSgI.exe
  2⤵
  PID:4460
- C:\Windows\System\IwopxnM.exe
  C:\Windows\System\IwopxnM.exe
  2⤵
  PID:4984
- C:\Windows\System\lIefsvG.exe
  C:\Windows\System\lIefsvG.exe
  2⤵
  PID:3768
- C:\Windows\System\OHglawp.exe
  C:\Windows\System\OHglawp.exe
  2⤵
  PID:4264
- C:\Windows\System\CPQtqmk.exe
  C:\Windows\System\CPQtqmk.exe
  2⤵
  PID:3928
- C:\Windows\System\NwfkQJZ.exe
  C:\Windows\System\NwfkQJZ.exe
  2⤵
  PID:3628
- C:\Windows\System\vTnKaxr.exe
  C:\Windows\System\vTnKaxr.exe
  2⤵
  PID:3868
- C:\Windows\System\fMayWdH.exe
  C:\Windows\System\fMayWdH.exe
  2⤵
  PID:5144
- C:\Windows\System\ICakGzh.exe
  C:\Windows\System\ICakGzh.exe
  2⤵
  PID:5160
- C:\Windows\System\JhUvEvz.exe
  C:\Windows\System\JhUvEvz.exe
  2⤵
  PID:5176
- C:\Windows\System\wUjZkBv.exe
  C:\Windows\System\wUjZkBv.exe
  2⤵
  PID:5192
- C:\Windows\System\SJMFwUJ.exe
  C:\Windows\System\SJMFwUJ.exe
  2⤵
  PID:5216
- C:\Windows\System\vmnrndp.exe
  C:\Windows\System\vmnrndp.exe
  2⤵
  PID:5232
- C:\Windows\System\yojfFoe.exe
  C:\Windows\System\yojfFoe.exe
  2⤵
  PID:5248
- C:\Windows\System\sQYbkzW.exe
  C:\Windows\System\sQYbkzW.exe
  2⤵
  PID:5576
- C:\Windows\System\XGPCUgB.exe
  C:\Windows\System\XGPCUgB.exe
  2⤵
  PID:5592
- C:\Windows\System\TcqxUOo.exe
  C:\Windows\System\TcqxUOo.exe
  2⤵
  PID:5608
- C:\Windows\System\xyxWqdY.exe
  C:\Windows\System\xyxWqdY.exe
  2⤵
  PID:5632
- C:\Windows\System\ONZdBEZ.exe
  C:\Windows\System\ONZdBEZ.exe
  2⤵
  PID:5648
- C:\Windows\System\QpskJOe.exe
  C:\Windows\System\QpskJOe.exe
  2⤵
  PID:5664
- C:\Windows\System\UJiqrsI.exe
  C:\Windows\System\UJiqrsI.exe
  2⤵
  PID:5680
- C:\Windows\System\aNMlzKa.exe
  C:\Windows\System\aNMlzKa.exe
  2⤵
  PID:5696
- C:\Windows\System\eEbbesH.exe
  C:\Windows\System\eEbbesH.exe
  2⤵
  PID:5712
- C:\Windows\System\QrFRKtS.exe
  C:\Windows\System\QrFRKtS.exe
  2⤵
  PID:5728
- C:\Windows\System\uMbxBuX.exe
  C:\Windows\System\uMbxBuX.exe
  2⤵
  PID:5744
- C:\Windows\System\KMyPvZO.exe
  C:\Windows\System\KMyPvZO.exe
  2⤵
  PID:5760
- C:\Windows\System\vnPDpAk.exe
  C:\Windows\System\vnPDpAk.exe
  2⤵
  PID:5776
- C:\Windows\System\aZuQwxa.exe
  C:\Windows\System\aZuQwxa.exe
  2⤵
  PID:5792
- C:\Windows\System\RvObpSt.exe
  C:\Windows\System\RvObpSt.exe
  2⤵
  PID:5808
- C:\Windows\System\IEOsbkH.exe
  C:\Windows\System\IEOsbkH.exe
  2⤵
  PID:5824
- C:\Windows\System\fZQBmsq.exe
  C:\Windows\System\fZQBmsq.exe
  2⤵
  PID:5840
- C:\Windows\System\mgextRq.exe
  C:\Windows\System\mgextRq.exe
  2⤵
  PID:5856
- C:\Windows\System\ZtbADhq.exe
  C:\Windows\System\ZtbADhq.exe
  2⤵
  PID:5872
- C:\Windows\System\dPJUcNI.exe
  C:\Windows\System\dPJUcNI.exe
  2⤵
  PID:5888
- C:\Windows\System\YaTLqTo.exe
  C:\Windows\System\YaTLqTo.exe
  2⤵
  PID:5904
- C:\Windows\System\oioXnrB.exe
  C:\Windows\System\oioXnrB.exe
  2⤵
  PID:5920
- C:\Windows\System\OXdzugY.exe
  C:\Windows\System\OXdzugY.exe
  2⤵
  PID:5944
- C:\Windows\System\fSkHplP.exe
  C:\Windows\System\fSkHplP.exe
  2⤵
  PID:5960
- C:\Windows\System\PbPAqMY.exe
  C:\Windows\System\PbPAqMY.exe
  2⤵
  PID:5980
- C:\Windows\System\prNFxmE.exe
  C:\Windows\System\prNFxmE.exe
  2⤵
  PID:6000
- C:\Windows\System\lWyYslj.exe
  C:\Windows\System\lWyYslj.exe
  2⤵
  PID:6020
- C:\Windows\System\RAvinrw.exe
  C:\Windows\System\RAvinrw.exe
  2⤵
  PID:6040
- C:\Windows\System\HaIdnMz.exe
  C:\Windows\System\HaIdnMz.exe
  2⤵
  PID:6060
- C:\Windows\System\gvDPYTN.exe
  C:\Windows\System\gvDPYTN.exe
  2⤵
  PID:6076
- C:\Windows\System\IDQTpqq.exe
  C:\Windows\System\IDQTpqq.exe
  2⤵
  PID:6100
- C:\Windows\System\VhftQee.exe
  C:\Windows\System\VhftQee.exe
  2⤵
  PID:6116
- C:\Windows\System\xoiCBff.exe
  C:\Windows\System\xoiCBff.exe
  2⤵
  PID:6132
- C:\Windows\System\lulHGhc.exe
  C:\Windows\System\lulHGhc.exe
  2⤵
  PID:3180
- C:\Windows\System\EnpaPmt.exe
  C:\Windows\System\EnpaPmt.exe
  2⤵
  PID:4284
- C:\Windows\System\wnjIIPd.exe
  C:\Windows\System\wnjIIPd.exe
  2⤵
  PID:5124
- C:\Windows\System\yMTpuoB.exe
  C:\Windows\System\yMTpuoB.exe
  2⤵
  PID:5168
- C:\Windows\System\bKnVela.exe
  C:\Windows\System\bKnVela.exe
  2⤵
  PID:4924
- C:\Windows\System\DVmsSVF.exe
  C:\Windows\System\DVmsSVF.exe
  2⤵
  PID:4536
- C:\Windows\System\OSOiVUe.exe
  C:\Windows\System\OSOiVUe.exe
  2⤵
  PID:4004
- C:\Windows\System\bypMeQr.exe
  C:\Windows\System\bypMeQr.exe
  2⤵
  PID:5000
- C:\Windows\System\lKTgccU.exe
  C:\Windows\System\lKTgccU.exe
  2⤵
  PID:5224
- C:\Windows\System\YRakeHW.exe
  C:\Windows\System\YRakeHW.exe
  2⤵
  PID:4464
- C:\Windows\System\PWeBeiX.exe
  C:\Windows\System\PWeBeiX.exe
  2⤵
  PID:5184
- C:\Windows\System\rpQCMGq.exe
  C:\Windows\System\rpQCMGq.exe
  2⤵
  PID:5208
- C:\Windows\System\mXmXeic.exe
  C:\Windows\System\mXmXeic.exe
  2⤵
  PID:5620
- C:\Windows\System\dyCqkTT.exe
  C:\Windows\System\dyCqkTT.exe
  2⤵
  PID:5616
- C:\Windows\System\HyaejNo.exe
  C:\Windows\System\HyaejNo.exe
  2⤵
  PID:1368
- C:\Windows\System\fvrzRKt.exe
  C:\Windows\System\fvrzRKt.exe
  2⤵
  PID:5688
- C:\Windows\System\iBausSw.exe
  C:\Windows\System\iBausSw.exe
  2⤵
  PID:5820
- C:\Windows\System\HcDwbLU.exe
  C:\Windows\System\HcDwbLU.exe
  2⤵
  PID:5376
- C:\Windows\System\LGGIgQu.exe
  C:\Windows\System\LGGIgQu.exe
  2⤵
  PID:5276
- C:\Windows\System\GviHMfH.exe
  C:\Windows\System\GviHMfH.exe
  2⤵
  PID:5284
- C:\Windows\System\udzOGeH.exe
  C:\Windows\System\udzOGeH.exe
  2⤵
  PID:5296
- C:\Windows\System\vKkBeLp.exe
  C:\Windows\System\vKkBeLp.exe
  2⤵
  PID:5560
- C:\Windows\System\sayibQs.exe
  C:\Windows\System\sayibQs.exe
  2⤵
  PID:5324
- C:\Windows\System\dbnazVg.exe
  C:\Windows\System\dbnazVg.exe
  2⤵
  PID:5336
- C:\Windows\System\vnbfYhL.exe
  C:\Windows\System\vnbfYhL.exe
  2⤵
  PID:5360
- C:\Windows\System\SWLZIDl.exe
  C:\Windows\System\SWLZIDl.exe
  2⤵
  PID:5396
- C:\Windows\System\ujYFVLb.exe
  C:\Windows\System\ujYFVLb.exe
  2⤵
  PID:5412
- C:\Windows\System\GRGsYZH.exe
  C:\Windows\System\GRGsYZH.exe
  2⤵
  PID:5424
- C:\Windows\System\EVzLlHl.exe
  C:\Windows\System\EVzLlHl.exe
  2⤵
  PID:5448
- C:\Windows\System\NjjLsGA.exe
  C:\Windows\System\NjjLsGA.exe
  2⤵
  PID:5460
- C:\Windows\System\ADSTXCX.exe
  C:\Windows\System\ADSTXCX.exe
  2⤵
  PID:5480
- C:\Windows\System\VaeIrWc.exe
  C:\Windows\System\VaeIrWc.exe
  2⤵
  PID:5496
- C:\Windows\System\ZFwYUeK.exe
  C:\Windows\System\ZFwYUeK.exe
  2⤵
  PID:5516
- C:\Windows\System\ehlTmVw.exe
  C:\Windows\System\ehlTmVw.exe
  2⤵
  PID:5544
- C:\Windows\System\nbClTdu.exe
  C:\Windows\System\nbClTdu.exe
  2⤵
  PID:5644
- C:\Windows\System\rUgDCdP.exe
  C:\Windows\System\rUgDCdP.exe
  2⤵
  PID:5740
- C:\Windows\System\msXIlSj.exe
  C:\Windows\System\msXIlSj.exe
  2⤵
  PID:5900
- C:\Windows\System\czfFRIt.exe
  C:\Windows\System\czfFRIt.exe
  2⤵
  PID:5880
- C:\Windows\System\mERKCPz.exe
  C:\Windows\System\mERKCPz.exe
  2⤵
  PID:5940
- C:\Windows\System\UmJeNLY.exe
  C:\Windows\System\UmJeNLY.exe
  2⤵
  PID:5968
- C:\Windows\System\hRmLIkF.exe
  C:\Windows\System\hRmLIkF.exe
  2⤵
  PID:6016
- C:\Windows\System\WjAaXha.exe
  C:\Windows\System\WjAaXha.exe
  2⤵
  PID:5988
- C:\Windows\System\adHtqQD.exe
  C:\Windows\System\adHtqQD.exe
  2⤵
  PID:6068
- C:\Windows\System\NyQRgaS.exe
  C:\Windows\System\NyQRgaS.exe
  2⤵
  PID:6124
- C:\Windows\System\THEaTqn.exe
  C:\Windows\System\THEaTqn.exe
  2⤵
  PID:4280
- C:\Windows\System\GJiZuNH.exe
  C:\Windows\System\GJiZuNH.exe
  2⤵
  PID:5156
- C:\Windows\System\qrfGETF.exe
  C:\Windows\System\qrfGETF.exe
  2⤵
  PID:5604
- C:\Windows\System\sqxiIQR.exe
  C:\Windows\System\sqxiIQR.exe
  2⤵
  PID:1792
- C:\Windows\System\PrklaYz.exe
  C:\Windows\System\PrklaYz.exe
  2⤵
  PID:5852
- C:\Windows\System\NElNZCz.exe
  C:\Windows\System\NElNZCz.exe
  2⤵
  PID:5996
- C:\Windows\System\ChKlTnK.exe
  C:\Windows\System\ChKlTnK.exe
  2⤵
  PID:5388
- C:\Windows\System\jEutknI.exe
  C:\Windows\System\jEutknI.exe
  2⤵
  PID:6036
- C:\Windows\System\Kwmvmmj.exe
  C:\Windows\System\Kwmvmmj.exe
  2⤵
  PID:5260
- C:\Windows\System\EYGcIBn.exe
  C:\Windows\System\EYGcIBn.exe
  2⤵
  PID:5848
- C:\Windows\System\eBndFeU.exe
  C:\Windows\System\eBndFeU.exe
  2⤵
  PID:5868
- C:\Windows\System\qNbloPb.exe
  C:\Windows\System\qNbloPb.exe
  2⤵
  PID:6032
- C:\Windows\System\SyEpauH.exe
  C:\Windows\System\SyEpauH.exe
  2⤵
  PID:6112
- C:\Windows\System\tlFXdOb.exe
  C:\Windows\System\tlFXdOb.exe
  2⤵
  PID:2040
- C:\Windows\System\rdEpVuD.exe
  C:\Windows\System\rdEpVuD.exe
  2⤵
  PID:5472
- C:\Windows\System\UsaMDPE.exe
  C:\Windows\System\UsaMDPE.exe
  2⤵
  PID:5240
- C:\Windows\System\OhICKJs.exe
  C:\Windows\System\OhICKJs.exe
  2⤵
  PID:5256
- C:\Windows\System\JkXmVEV.exe
  C:\Windows\System\JkXmVEV.exe
  2⤵
  PID:5588
- C:\Windows\System\JPIrVMW.exe
  C:\Windows\System\JPIrVMW.exe
  2⤵
  PID:5788
- C:\Windows\System\FGjNcoQ.exe
  C:\Windows\System\FGjNcoQ.exe
  2⤵
  PID:5912
- C:\Windows\System\TbalGCr.exe
  C:\Windows\System\TbalGCr.exe
  2⤵
  PID:5532
- C:\Windows\System\HdMsOol.exe
  C:\Windows\System\HdMsOol.exe
  2⤵
  PID:5312
- C:\Windows\System\awLuZhU.exe
  C:\Windows\System\awLuZhU.exe
  2⤵
  PID:6148
- C:\Windows\System\NGYJeBm.exe
  C:\Windows\System\NGYJeBm.exe
  2⤵
  PID:6164
- C:\Windows\System\cxtzeOn.exe
  C:\Windows\System\cxtzeOn.exe
  2⤵
  PID:6184
- C:\Windows\System\kBQAlwB.exe
  C:\Windows\System\kBQAlwB.exe
  2⤵
  PID:6316
- C:\Windows\System\RDHIsjQ.exe
  C:\Windows\System\RDHIsjQ.exe
  2⤵
  PID:6332
- C:\Windows\System\BOjYqpy.exe
  C:\Windows\System\BOjYqpy.exe
  2⤵
  PID:6348
- C:\Windows\System\YQePVbe.exe
  C:\Windows\System\YQePVbe.exe
  2⤵
  PID:6372
- C:\Windows\System\qbVavST.exe
  C:\Windows\System\qbVavST.exe
  2⤵
  PID:6388
- C:\Windows\System\HhpnOfy.exe
  C:\Windows\System\HhpnOfy.exe
  2⤵
  PID:6436
- C:\Windows\System\tVZPIaJ.exe
  C:\Windows\System\tVZPIaJ.exe
  2⤵
  PID:6456
- C:\Windows\System\QjgRSyG.exe
  C:\Windows\System\QjgRSyG.exe
  2⤵
  PID:6472
- C:\Windows\System\EkybNvs.exe
  C:\Windows\System\EkybNvs.exe
  2⤵
  PID:6488
- C:\Windows\System\nZFvmtR.exe
  C:\Windows\System\nZFvmtR.exe
  2⤵
  PID:6524
- C:\Windows\System\zdODXmv.exe
  C:\Windows\System\zdODXmv.exe
  2⤵
  PID:6540
- C:\Windows\System\HVUdCOq.exe
  C:\Windows\System\HVUdCOq.exe
  2⤵
  PID:6588
- C:\Windows\System\XIdkpTi.exe
  C:\Windows\System\XIdkpTi.exe
  2⤵
  PID:6608
- C:\Windows\System\Gtusuvn.exe
  C:\Windows\System\Gtusuvn.exe
  2⤵
  PID:6624
- C:\Windows\System\jczjlbu.exe
  C:\Windows\System\jczjlbu.exe
  2⤵
  PID:6640
- C:\Windows\System\rfcBdKd.exe
  C:\Windows\System\rfcBdKd.exe
  2⤵
  PID:6688
- C:\Windows\System\BBivWCb.exe
  C:\Windows\System\BBivWCb.exe
  2⤵
  PID:6708
- C:\Windows\System\NzoVATi.exe
  C:\Windows\System\NzoVATi.exe
  2⤵
  PID:6736
- C:\Windows\System\ZYYHLrC.exe
  C:\Windows\System\ZYYHLrC.exe
  2⤵
  PID:6752
- C:\Windows\System\RlEVjVp.exe
  C:\Windows\System\RlEVjVp.exe
  2⤵
  PID:6768
- C:\Windows\System\zZLVLgP.exe
  C:\Windows\System\zZLVLgP.exe
  2⤵
  PID:6788
- C:\Windows\System\YzqJQVL.exe
  C:\Windows\System\YzqJQVL.exe
  2⤵
  PID:6876
- C:\Windows\System\fYEHgie.exe
  C:\Windows\System\fYEHgie.exe
  2⤵
  PID:6908
- C:\Windows\System\rOdTpUl.exe
  C:\Windows\System\rOdTpUl.exe
  2⤵
  PID:7040
- C:\Windows\System\EMIMMtS.exe
  C:\Windows\System\EMIMMtS.exe
  2⤵
  PID:7056
- C:\Windows\System\OcBHjZu.exe
  C:\Windows\System\OcBHjZu.exe
  2⤵
  PID:7088
- C:\Windows\System\URWOSBJ.exe
  C:\Windows\System\URWOSBJ.exe
  2⤵
  PID:7108
- C:\Windows\System\mIRmZpK.exe
  C:\Windows\System\mIRmZpK.exe
  2⤵
  PID:7124
- C:\Windows\System\hcHkmRN.exe
  C:\Windows\System\hcHkmRN.exe
  2⤵
  PID:7140
- C:\Windows\System\vEJCIox.exe
  C:\Windows\System\vEJCIox.exe
  2⤵
  PID:5352
- C:\Windows\System\niLFZfX.exe
  C:\Windows\System\niLFZfX.exe
  2⤵
  PID:5384
- C:\Windows\System\GzNRJYg.exe
  C:\Windows\System\GzNRJYg.exe
  2⤵
  PID:5420
- C:\Windows\System\SQSyjOX.exe
  C:\Windows\System\SQSyjOX.exe
  2⤵
  PID:5452
- C:\Windows\System\ELjvGBO.exe
  C:\Windows\System\ELjvGBO.exe
  2⤵
  PID:5584
- C:\Windows\System\WtsDbkO.exe
  C:\Windows\System\WtsDbkO.exe
  2⤵
  PID:6096
- C:\Windows\System\imnEfju.exe
  C:\Windows\System\imnEfju.exe
  2⤵
  PID:1948
- C:\Windows\System\RYJGjpm.exe
  C:\Windows\System\RYJGjpm.exe
  2⤵
  PID:5348
- C:\Windows\System\DTrkfdP.exe
  C:\Windows\System\DTrkfdP.exe
  2⤵
  PID:5368
- C:\Windows\System\zLuukVi.exe
  C:\Windows\System\zLuukVi.exe
  2⤵
  PID:6204
- C:\Windows\System\pCztdCz.exe
  C:\Windows\System\pCztdCz.exe
  2⤵
  PID:6236
- C:\Windows\System\LrQRrBo.exe
  C:\Windows\System\LrQRrBo.exe
  2⤵
  PID:6256
- C:\Windows\System\vaEEmzo.exe
  C:\Windows\System\vaEEmzo.exe
  2⤵
  PID:6356
- C:\Windows\System\LErcmqT.exe
  C:\Windows\System\LErcmqT.exe
  2⤵
  PID:6408
- C:\Windows\System\TcGwESi.exe
  C:\Windows\System\TcGwESi.exe
  2⤵
  PID:6288
- C:\Windows\System\QsjlkkK.exe
  C:\Windows\System\QsjlkkK.exe
  2⤵
  PID:6424
- C:\Windows\System\YUCBUcb.exe
  C:\Windows\System\YUCBUcb.exe
  2⤵
  PID:6432
- C:\Windows\System\hQJmnUz.exe
  C:\Windows\System\hQJmnUz.exe
  2⤵
  PID:6452
- C:\Windows\System\eaCgxbm.exe
  C:\Windows\System\eaCgxbm.exe
  2⤵
  PID:6532
- C:\Windows\System\XOECWMr.exe
  C:\Windows\System\XOECWMr.exe
  2⤵
  PID:6484
- C:\Windows\System\LzRLfHe.exe
  C:\Windows\System\LzRLfHe.exe
  2⤵
  PID:6548
- C:\Windows\System\ugKXCJD.exe
  C:\Windows\System\ugKXCJD.exe
  2⤵
  PID:6616
- C:\Windows\System\izgMPnh.exe
  C:\Windows\System\izgMPnh.exe
  2⤵
  PID:6700
- C:\Windows\System\MfbJLvw.exe
  C:\Windows\System\MfbJLvw.exe
  2⤵
  PID:6556
- C:\Windows\System\lbHqKYd.exe
  C:\Windows\System\lbHqKYd.exe
  2⤵
  PID:6580
- C:\Windows\System\dJRHEOQ.exe
  C:\Windows\System\dJRHEOQ.exe
  2⤵
  PID:6676
- C:\Windows\System\SYXaYVe.exe
  C:\Windows\System\SYXaYVe.exe
  2⤵
  PID:6648
- C:\Windows\System\XVDCYAw.exe
  C:\Windows\System\XVDCYAw.exe
  2⤵
  PID:6804
- C:\Windows\System\EMRdgbs.exe
  C:\Windows\System\EMRdgbs.exe
  2⤵
  PID:6716
- C:\Windows\System\iVXCOIG.exe
  C:\Windows\System\iVXCOIG.exe
  2⤵
  PID:6888
- C:\Windows\System\kbHrkzz.exe
  C:\Windows\System\kbHrkzz.exe
  2⤵
  PID:7100
- C:\Windows\System\FWrtGxs.exe
  C:\Windows\System\FWrtGxs.exe
  2⤵
  PID:6984
- C:\Windows\System\MqxdJNG.exe
  C:\Windows\System\MqxdJNG.exe
  2⤵
  PID:7028
- C:\Windows\System\GTNAQbp.exe
  C:\Windows\System\GTNAQbp.exe
  2⤵
  PID:6952
- C:\Windows\System\eQOrKxx.exe
  C:\Windows\System\eQOrKxx.exe
  2⤵
  PID:7080
- C:\Windows\System\OdJukaw.exe
  C:\Windows\System\OdJukaw.exe
  2⤵
  PID:7132
- C:\Windows\System\vPRltDo.exe
  C:\Windows\System\vPRltDo.exe
  2⤵
  PID:5344
- C:\Windows\System\EMHWGaS.exe
  C:\Windows\System\EMHWGaS.exe
  2⤵
  PID:5408
- C:\Windows\System\GMCKrLW.exe
  C:\Windows\System\GMCKrLW.exe
  2⤵
  PID:4428
- C:\Windows\System\WvrYqqn.exe
  C:\Windows\System\WvrYqqn.exe
  2⤵
  PID:5804
- C:\Windows\System\pJhLJYo.exe
  C:\Windows\System\pJhLJYo.exe
  2⤵
  PID:5356
- C:\Windows\System\XTfVwDJ.exe
  C:\Windows\System\XTfVwDJ.exe
  2⤵
  PID:5512
- C:\Windows\System\zYUBGRl.exe
  C:\Windows\System\zYUBGRl.exe
  2⤵
  PID:6416
- C:\Windows\System\gGXldNW.exe
  C:\Windows\System\gGXldNW.exe
  2⤵
  PID:6384
- C:\Windows\System\CqsialE.exe
  C:\Windows\System\CqsialE.exe
  2⤵
  PID:6160
- C:\Windows\System\NfgYMGd.exe
  C:\Windows\System\NfgYMGd.exe
  2⤵
  PID:6368
- C:\Windows\System\WsmAQgK.exe
  C:\Windows\System\WsmAQgK.exe
  2⤵
  PID:6364
- C:\Windows\System\ZSTZtLv.exe
  C:\Windows\System\ZSTZtLv.exe
  2⤵
  PID:6600
- C:\Windows\System\nsVCLdF.exe
  C:\Windows\System\nsVCLdF.exe
  2⤵
  PID:6664
- C:\Windows\System\KocPmov.exe
  C:\Windows\System\KocPmov.exe
  2⤵
  PID:6696
- C:\Windows\System\CiLhIts.exe
  C:\Windows\System\CiLhIts.exe
  2⤵
  PID:7096
- C:\Windows\System\ttBSMxs.exe
  C:\Windows\System\ttBSMxs.exe
  2⤵
  PID:7020
- C:\Windows\System\GlruiTt.exe
  C:\Windows\System\GlruiTt.exe
  2⤵
  PID:6968
- C:\Windows\System\pWsyisj.exe
  C:\Windows\System\pWsyisj.exe
  2⤵
  PID:7008
- C:\Windows\System\zeaOzGW.exe
  C:\Windows\System\zeaOzGW.exe
  2⤵
  PID:7032
- C:\Windows\System\oyoqzCY.exe
  C:\Windows\System\oyoqzCY.exe
  2⤵
  PID:6928
- C:\Windows\System\nOaLnCU.exe
  C:\Windows\System\nOaLnCU.exe
  2⤵
  PID:6972
- C:\Windows\System\vWXxqDe.exe
  C:\Windows\System\vWXxqDe.exe
  2⤵
  PID:6732
- C:\Windows\System\PjNEwri.exe
  C:\Windows\System\PjNEwri.exe
  2⤵
  PID:6816
- C:\Windows\System\IVwHibh.exe
  C:\Windows\System\IVwHibh.exe
  2⤵
  PID:6836
- C:\Windows\System\GAIewIs.exe
  C:\Windows\System\GAIewIs.exe
  2⤵
  PID:7152
- C:\Windows\System\rQolcav.exe
  C:\Windows\System\rQolcav.exe
  2⤵
  PID:6956
- C:\Windows\System\XgWMXIP.exe
  C:\Windows\System\XgWMXIP.exe
  2⤵
  PID:7164
- C:\Windows\System\qSHiThx.exe
  C:\Windows\System\qSHiThx.exe
  2⤵
  PID:5372
- C:\Windows\System\IyOUopc.exe
  C:\Windows\System\IyOUopc.exe
  2⤵
  PID:5200
- C:\Windows\System\TXOChBk.exe
  C:\Windows\System\TXOChBk.exe
  2⤵
  PID:5528
- C:\Windows\System\avUwcNp.exe
  C:\Windows\System\avUwcNp.exe
  2⤵
  PID:6504
- C:\Windows\System\QXMtTLF.exe
  C:\Windows\System\QXMtTLF.exe
  2⤵
  PID:6192
- C:\Windows\System\KfMcjbf.exe
  C:\Windows\System\KfMcjbf.exe
  2⤵
  PID:6284
- C:\Windows\System\yFpyYDg.exe
  C:\Windows\System\yFpyYDg.exe
  2⤵
  PID:6212
- C:\Windows\System\NNNtsTF.exe
  C:\Windows\System\NNNtsTF.exe
  2⤵
  PID:6248
- C:\Windows\System\IAlqIet.exe
  C:\Windows\System\IAlqIet.exe
  2⤵
  PID:6268
- C:\Windows\System\KZklkEg.exe
  C:\Windows\System\KZklkEg.exe
  2⤵
  PID:5552
- C:\Windows\System\gucntdE.exe
  C:\Windows\System\gucntdE.exe
  2⤵
  PID:6276
- C:\Windows\System\cJFmCgM.exe
  C:\Windows\System\cJFmCgM.exe
  2⤵
  PID:5304
- C:\Windows\System\KSZjbxq.exe
  C:\Windows\System\KSZjbxq.exe
  2⤵
  PID:6516
- C:\Windows\System\readJTr.exe
  C:\Windows\System\readJTr.exe
  2⤵
  PID:6292
- C:\Windows\System\LCoEmWa.exe
  C:\Windows\System\LCoEmWa.exe
  2⤵
  PID:6784
- C:\Windows\System\aVIOLKn.exe
  C:\Windows\System\aVIOLKn.exe
  2⤵
  PID:6988
- C:\Windows\System\TotaQer.exe
  C:\Windows\System\TotaQer.exe
  2⤵
  PID:7072
- C:\Windows\System\kbTVBHd.exe
  C:\Windows\System\kbTVBHd.exe
  2⤵
  PID:6620
- C:\Windows\System\uDoIvZf.exe
  C:\Windows\System\uDoIvZf.exe
  2⤵
  PID:6844
- C:\Windows\System\rJsUuwc.exe
  C:\Windows\System\rJsUuwc.exe
  2⤵
  PID:6796
- C:\Windows\System\LENauJD.exe
  C:\Windows\System\LENauJD.exe
  2⤵
  PID:7052
- C:\Windows\System\nLodZWP.exe
  C:\Windows\System\nLodZWP.exe
  2⤵
  PID:7024
- C:\Windows\System\mwjzbRT.exe
  C:\Windows\System\mwjzbRT.exe
  2⤵
  PID:6848
- C:\Windows\System\lLPnqYg.exe
  C:\Windows\System\lLPnqYg.exe
  2⤵
  PID:6764
- C:\Windows\System\ysqjtwb.exe
  C:\Windows\System\ysqjtwb.exe
  2⤵
  PID:7148
- C:\Windows\System\xtQMvEg.exe
  C:\Windows\System\xtQMvEg.exe
  2⤵
  PID:1924
- C:\Windows\System\xcYlGdV.exe
  C:\Windows\System\xcYlGdV.exe
  2⤵
  PID:5536
- C:\Windows\System\mvYdRYx.exe
  C:\Windows\System\mvYdRYx.exe
  2⤵
  PID:6232
- C:\Windows\System\tDWYzED.exe
  C:\Windows\System\tDWYzED.exe
  2⤵
  PID:6240
- C:\Windows\System\mHafrzp.exe
  C:\Windows\System\mHafrzp.exe
  2⤵
  PID:6480
- C:\Windows\System\Ihwonmr.exe
  C:\Windows\System\Ihwonmr.exe
  2⤵
  PID:6520
- C:\Windows\System\DpxlqkS.exe
  C:\Windows\System\DpxlqkS.exe
  2⤵
  PID:6404
- C:\Windows\System\GhGWXwd.exe
  C:\Windows\System\GhGWXwd.exe
  2⤵
  PID:6196
- C:\Windows\System\gttDhcR.exe
  C:\Windows\System\gttDhcR.exe
  2⤵
  PID:6468
- C:\Windows\System\Xvyfati.exe
  C:\Windows\System\Xvyfati.exe
  2⤵
  PID:7016
- C:\Windows\System\JxgtEzK.exe
  C:\Windows\System\JxgtEzK.exe
  2⤵
  PID:6576
- C:\Windows\System\tCDqiCg.exe
  C:\Windows\System\tCDqiCg.exe
  2⤵
  PID:6656
- C:\Windows\System\owiRHkG.exe
  C:\Windows\System\owiRHkG.exe
  2⤵
  PID:6940
- C:\Windows\System\sCudkFO.exe
  C:\Windows\System\sCudkFO.exe
  2⤵
  PID:6856
- C:\Windows\System\bKFpyEk.exe
  C:\Windows\System\bKFpyEk.exe
  2⤵
  PID:7036
- C:\Windows\System\qnqetHl.exe
  C:\Windows\System\qnqetHl.exe
  2⤵
  PID:5784
- C:\Windows\System\YlQhjvL.exe
  C:\Windows\System\YlQhjvL.exe
  2⤵
  PID:7116
- C:\Windows\System\bQlKGpc.exe
  C:\Windows\System\bQlKGpc.exe
  2⤵
  PID:5896
- C:\Windows\System\nWHrUPI.exe
  C:\Windows\System\nWHrUPI.exe
  2⤵
  PID:6344
- C:\Windows\System\dFyWQes.exe
  C:\Windows\System\dFyWQes.exe
  2⤵
  PID:6868
- C:\Windows\System\vKgqoOJ.exe
  C:\Windows\System\vKgqoOJ.exe
  2⤵
  PID:5564
- C:\Windows\System\LSAXwYk.exe
  C:\Windows\System\LSAXwYk.exe
  2⤵
  PID:6572
- C:\Windows\System\xCMTEts.exe
  C:\Windows\System\xCMTEts.exe
  2⤵
  PID:6400
- C:\Windows\System\TPtFNnN.exe
  C:\Windows\System\TPtFNnN.exe
  2⤵
  PID:6948
- C:\Windows\System\FTJuLKv.exe
  C:\Windows\System\FTJuLKv.exe
  2⤵
  PID:6308
- C:\Windows\System\hyZadSP.exe
  C:\Windows\System\hyZadSP.exe
  2⤵
  PID:6500
- C:\Windows\System\BlAHhfG.exe
  C:\Windows\System\BlAHhfG.exe
  2⤵
  PID:6780
- C:\Windows\System\RqbnOCC.exe
  C:\Windows\System\RqbnOCC.exe
  2⤵
  PID:5416
- C:\Windows\System\mDdoFMz.exe
  C:\Windows\System\mDdoFMz.exe
  2⤵
  PID:6924
- C:\Windows\System\qwOLoMx.exe
  C:\Windows\System\qwOLoMx.exe
  2⤵
  PID:6812
- C:\Windows\System\IxTDcAM.exe
  C:\Windows\System\IxTDcAM.exe
  2⤵
  PID:6884
- C:\Windows\System\nyddFAK.exe
  C:\Windows\System\nyddFAK.exe
  2⤵
  PID:6744
- C:\Windows\System\HPkahSc.exe
  C:\Windows\System\HPkahSc.exe
  2⤵
  PID:7064
- C:\Windows\System\iTKvtZA.exe
  C:\Windows\System\iTKvtZA.exe
  2⤵
  PID:7180
- C:\Windows\System\IxcvKOb.exe
  C:\Windows\System\IxcvKOb.exe
  2⤵
  PID:7204
- C:\Windows\System\ePusUTg.exe
  C:\Windows\System\ePusUTg.exe
  2⤵
  PID:7224
- C:\Windows\System\erkKNUM.exe
  C:\Windows\System\erkKNUM.exe
  2⤵
  PID:7248
- C:\Windows\System\QoBmlxs.exe
  C:\Windows\System\QoBmlxs.exe
  2⤵
  PID:7268
- C:\Windows\System\SUnamwH.exe
  C:\Windows\System\SUnamwH.exe
  2⤵
  PID:7288
- C:\Windows\System\jOOScOX.exe
  C:\Windows\System\jOOScOX.exe
  2⤵
  PID:7304
- C:\Windows\System\jNltjGj.exe
  C:\Windows\System\jNltjGj.exe
  2⤵
  PID:7348
- C:\Windows\System\lKFfXws.exe
  C:\Windows\System\lKFfXws.exe
  2⤵
  PID:7364
- C:\Windows\System\EYOpCcX.exe
  C:\Windows\System\EYOpCcX.exe
  2⤵
  PID:7396
- C:\Windows\System\YiPZHHO.exe
  C:\Windows\System\YiPZHHO.exe
  2⤵
  PID:7416
- C:\Windows\System\fiCUNSK.exe
  C:\Windows\System\fiCUNSK.exe
  2⤵
  PID:7436
- C:\Windows\System\ueRCAlB.exe
  C:\Windows\System\ueRCAlB.exe
  2⤵
  PID:7472
- C:\Windows\System\vbWmNAa.exe
  C:\Windows\System\vbWmNAa.exe
  2⤵
  PID:7488
- C:\Windows\System\pjyFZjW.exe
  C:\Windows\System\pjyFZjW.exe
  2⤵
  PID:7508
- C:\Windows\System\hbMEgCk.exe
  C:\Windows\System\hbMEgCk.exe
  2⤵
  PID:7532
- C:\Windows\System\gFSETBU.exe
  C:\Windows\System\gFSETBU.exe
  2⤵
  PID:7548
- C:\Windows\System\dJcEKht.exe
  C:\Windows\System\dJcEKht.exe
  2⤵
  PID:7568
- C:\Windows\System\VhPuRPY.exe
  C:\Windows\System\VhPuRPY.exe
  2⤵
  PID:7584
- C:\Windows\System\vKHvhob.exe
  C:\Windows\System\vKHvhob.exe
  2⤵
  PID:7604
- C:\Windows\System\kKnmaWM.exe
  C:\Windows\System\kKnmaWM.exe
  2⤵
  PID:7632
- C:\Windows\System\wAHlEKK.exe
  C:\Windows\System\wAHlEKK.exe
  2⤵
  PID:7648
- C:\Windows\System\IevlRlD.exe
  C:\Windows\System\IevlRlD.exe
  2⤵
  PID:7672
- C:\Windows\System\cTHghNL.exe
  C:\Windows\System\cTHghNL.exe
  2⤵
  PID:7692
- C:\Windows\System\WFfBlHO.exe
  C:\Windows\System\WFfBlHO.exe
  2⤵
  PID:7708
- C:\Windows\System\YRAFXvv.exe
  C:\Windows\System\YRAFXvv.exe
  2⤵
  PID:7748
- C:\Windows\System\UogIpVK.exe
  C:\Windows\System\UogIpVK.exe
  2⤵
  PID:7772
- C:\Windows\System\jqbLBBV.exe
  C:\Windows\System\jqbLBBV.exe
  2⤵
  PID:7788
- C:\Windows\System\ghytLAD.exe
  C:\Windows\System\ghytLAD.exe
  2⤵
  PID:7804
- C:\Windows\System\nGDmKKS.exe
  C:\Windows\System\nGDmKKS.exe
  2⤵
  PID:7824
- C:\Windows\System\vbpESrV.exe
  C:\Windows\System\vbpESrV.exe
  2⤵
  PID:7840
- C:\Windows\System\icLIOXq.exe
  C:\Windows\System\icLIOXq.exe
  2⤵
  PID:7856
- C:\Windows\System\YCmKWak.exe
  C:\Windows\System\YCmKWak.exe
  2⤵
  PID:7876
- C:\Windows\System\kPHdJZQ.exe
  C:\Windows\System\kPHdJZQ.exe
  2⤵
  PID:7916
- C:\Windows\System\dqPsEBu.exe
  C:\Windows\System\dqPsEBu.exe
  2⤵
  PID:7952
- C:\Windows\System\btcAfjQ.exe
  C:\Windows\System\btcAfjQ.exe
  2⤵
  PID:8008
- C:\Windows\System\kpLMErd.exe
  C:\Windows\System\kpLMErd.exe
  2⤵
  PID:8040
- C:\Windows\System\GhayOfy.exe
  C:\Windows\System\GhayOfy.exe
  2⤵
  PID:8060
- C:\Windows\System\OThPyPQ.exe
  C:\Windows\System\OThPyPQ.exe
  2⤵
  PID:8100
- C:\Windows\System\FQLyMSQ.exe
  C:\Windows\System\FQLyMSQ.exe
  2⤵
  PID:8116
- C:\Windows\System\jKbKegN.exe
  C:\Windows\System\jKbKegN.exe
  2⤵
  PID:8132
- C:\Windows\System\ihZkGkc.exe
  C:\Windows\System\ihZkGkc.exe
  2⤵
  PID:8156
- C:\Windows\System\VDrfwVU.exe
  C:\Windows\System\VDrfwVU.exe
  2⤵
  PID:8172
- C:\Windows\System\FlIStxS.exe
  C:\Windows\System\FlIStxS.exe
  2⤵
  PID:8188
- C:\Windows\System\ZMqeCiq.exe
  C:\Windows\System\ZMqeCiq.exe
  2⤵
  PID:5492
- C:\Windows\System\frBguFw.exe
  C:\Windows\System\frBguFw.exe
  2⤵
  PID:7220
- C:\Windows\System\ZMpQxhh.exe
  C:\Windows\System\ZMpQxhh.exe
  2⤵
  PID:7212
- C:\Windows\System\tqsEBcR.exe
  C:\Windows\System\tqsEBcR.exe
  2⤵
  PID:7264
- C:\Windows\System\vgTeIAZ.exe
  C:\Windows\System\vgTeIAZ.exe
  2⤵
  PID:7336
- C:\Windows\System\oQgWuzT.exe
  C:\Windows\System\oQgWuzT.exe
  2⤵
  PID:7376
- C:\Windows\System\nFsYOJG.exe
  C:\Windows\System\nFsYOJG.exe
  2⤵
  PID:7384
- C:\Windows\System\EdfsnbU.exe
  C:\Windows\System\EdfsnbU.exe
  2⤵
  PID:7428
- C:\Windows\System\XtyzfMP.exe
  C:\Windows\System\XtyzfMP.exe
  2⤵
  PID:7412
- C:\Windows\System\maHtNoQ.exe
  C:\Windows\System\maHtNoQ.exe
  2⤵
  PID:7520
- C:\Windows\System\AGwsfRm.exe
  C:\Windows\System\AGwsfRm.exe
  2⤵
  PID:7596
- C:\Windows\System\IwMXDdV.exe
  C:\Windows\System\IwMXDdV.exe
  2⤵
  PID:7576
- C:\Windows\System\zoGZRwM.exe
  C:\Windows\System\zoGZRwM.exe
  2⤵
  PID:7812
- C:\Windows\System\JNHvFzx.exe
  C:\Windows\System\JNHvFzx.exe
  2⤵
  PID:7868
- C:\Windows\System\bgDpLdM.exe
  C:\Windows\System\bgDpLdM.exe
  2⤵
  PID:7900
- C:\Windows\System\VrINNBi.exe
  C:\Windows\System\VrINNBi.exe
  2⤵
  PID:7928
- C:\Windows\System\ljKRuKX.exe
  C:\Windows\System\ljKRuKX.exe
  2⤵
  PID:7932
- C:\Windows\System\rzxjDeB.exe
  C:\Windows\System\rzxjDeB.exe
  2⤵
  PID:8068
- C:\Windows\System\OEekzmL.exe
  C:\Windows\System\OEekzmL.exe
  2⤵
  PID:8080
- C:\Windows\System\JcsveYB.exe
  C:\Windows\System\JcsveYB.exe
  2⤵
  PID:8152
- C:\Windows\System\lidMVEF.exe
  C:\Windows\System\lidMVEF.exe
  2⤵
  PID:7196
- C:\Windows\System\KbwkILc.exe
  C:\Windows\System\KbwkILc.exe
  2⤵
  PID:7328
- C:\Windows\System\UeaHyGr.exe
  C:\Windows\System\UeaHyGr.exe
  2⤵
  PID:1664
- C:\Windows\System\lUnNAsF.exe
  C:\Windows\System\lUnNAsF.exe
  2⤵
  PID:7756
- C:\Windows\System\CJnpBEO.exe
  C:\Windows\System\CJnpBEO.exe
  2⤵
  PID:7784
- C:\Windows\System\wiBfmIY.exe
  C:\Windows\System\wiBfmIY.exe
  2⤵
  PID:7724
- C:\Windows\System\HWhvELT.exe
  C:\Windows\System\HWhvELT.exe
  2⤵
  PID:7540
- C:\Windows\System\msGCKoG.exe
  C:\Windows\System\msGCKoG.exe
  2⤵
  PID:7940
- C:\Windows\System\zDcglnS.exe
  C:\Windows\System\zDcglnS.exe
  2⤵
  PID:8048
- C:\Windows\System\HBiXfit.exe
  C:\Windows\System\HBiXfit.exe
  2⤵
  PID:8096
- C:\Windows\System\FBRHFdk.exe
  C:\Windows\System\FBRHFdk.exe
  2⤵
  PID:7256
- C:\Windows\System\uAwxQlr.exe
  C:\Windows\System\uAwxQlr.exe
  2⤵
  PID:7408
- C:\Windows\System\QbqofaP.exe
  C:\Windows\System\QbqofaP.exe
  2⤵
  PID:5556
- C:\Windows\System\RgsuEhV.exe
  C:\Windows\System\RgsuEhV.exe
  2⤵
  PID:7912
- C:\Windows\System\VcbBERl.exe
  C:\Windows\System\VcbBERl.exe
  2⤵
  PID:7988
- C:\Windows\System\mOGgOnB.exe
  C:\Windows\System\mOGgOnB.exe
  2⤵
  PID:8016
- C:\Windows\System\vxcpuWu.exe
  C:\Windows\System\vxcpuWu.exe
  2⤵
  PID:8028
- C:\Windows\System\bmWwRpS.exe
  C:\Windows\System\bmWwRpS.exe
  2⤵
  PID:8124
- C:\Windows\System\mJgfjQT.exe
  C:\Windows\System\mJgfjQT.exe
  2⤵
  PID:7172
- C:\Windows\System\JEhzyqR.exe
  C:\Windows\System\JEhzyqR.exe
  2⤵
  PID:8112
- C:\Windows\System\TdURJYz.exe
  C:\Windows\System\TdURJYz.exe
  2⤵
  PID:8144
- C:\Windows\System\NqpfBvr.exe
  C:\Windows\System\NqpfBvr.exe
  2⤵
  PID:7372
- C:\Windows\System\RjmJHFB.exe
  C:\Windows\System\RjmJHFB.exe
  2⤵
  PID:7232
- C:\Windows\System\mkBUgCl.exe
  C:\Windows\System\mkBUgCl.exe
  2⤵
  PID:7176
- C:\Windows\System\qufNviC.exe
  C:\Windows\System\qufNviC.exe
  2⤵
  PID:8072
- C:\Windows\System\cOmLvIF.exe
  C:\Windows\System\cOmLvIF.exe
  2⤵
  PID:7668
- C:\Windows\System\ODtbAse.exe
  C:\Windows\System\ODtbAse.exe
  2⤵
  PID:7964
- C:\Windows\System\tTtTxcu.exe
  C:\Windows\System\tTtTxcu.exe
  2⤵
  PID:7456
- C:\Windows\System\gGrgWOX.exe
  C:\Windows\System\gGrgWOX.exe
  2⤵
  PID:7592
- C:\Windows\System\MjGYTNi.exe
  C:\Windows\System\MjGYTNi.exe
  2⤵
  PID:8164
- C:\Windows\System\PpoxPuY.exe
  C:\Windows\System\PpoxPuY.exe
  2⤵
  PID:8088
- C:\Windows\System\YHoKFcB.exe
  C:\Windows\System\YHoKFcB.exe
  2⤵
  PID:7656
- C:\Windows\System\GiekGvq.exe
  C:\Windows\System\GiekGvq.exe
  2⤵
  PID:7480
- C:\Windows\System\nsZCUND.exe
  C:\Windows\System\nsZCUND.exe
  2⤵
  PID:7816
- C:\Windows\System\TJqBlmB.exe
  C:\Windows\System\TJqBlmB.exe
  2⤵
  PID:7388
- C:\Windows\System\DKZotws.exe
  C:\Windows\System\DKZotws.exe
  2⤵
  PID:7616
- C:\Windows\System\YqRKQTb.exe
  C:\Windows\System\YqRKQTb.exe
  2⤵
  PID:7484
- C:\Windows\System\UVgbbNp.exe
  C:\Windows\System\UVgbbNp.exe
  2⤵
  PID:8108
- C:\Windows\System\RPtzBTt.exe
  C:\Windows\System\RPtzBTt.exe
  2⤵
  PID:7312
- C:\Windows\System\jTrWRGP.exe
  C:\Windows\System\jTrWRGP.exe
  2⤵
  PID:7244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EqqgGru.exe

Filesize
5.2MB

MD5
a58df34ff15322800021e03c28318b94

SHA1
dbf30d2eb098be6e7c96abf3c5b6354a3c9473e1

SHA256
8ba9c626fc6285c395e87d54a6ab9a7a37ed2c295f1a4eafdb5b08ab02dc52e0

SHA512
ffa12497acf12dce351a9d110ffae1b5d8698fb419f8678aad24824c3b7fd754bb1d905789e4f92e5f61f38380740389558c57f73bf93a576682ea184f2838c4

Download Submit
C:\Windows\system\KBtFlnB.exe

Filesize
5.2MB

MD5
f66715cd6e422ef5d6e2dc70be6e74f8

SHA1
8676713a42c8559c033033d713c7e7642e4d114a

SHA256
4bb73bdff70bad2a671f8eda9612b028c0aa04459ed4951b95745a212c8ee403

SHA512
0d496f567d04018309d0f6461f3ed434b297051c41a1fe8f8b942d2c873c3fa58e5d60255ccb4ff078416be2ca54fba0d109384f99ea11c704dbcecf2136c3c6

Download Submit
C:\Windows\system\OYobKGK.exe

Filesize
5.2MB

MD5
5b7f956b82ec424e8a1771f200667b7f

SHA1
5ba6a8915673141d83d6845d3e25a674efab22d1

SHA256
9df05bf3a5fb25f23a5a5eca906f7638470277a99f61b557a2d0270815a4f7b5

SHA512
86f213aab1a564c8dd86c28c1b9ab158c78f32a2581fee25ebbc2f270a111a2e9a1ac09713d772c6cfc75f5a30736e21016b06d38e94272c8abcd9ffd9b82cd6

Download Submit
C:\Windows\system\OaNMzEs.exe

Filesize
5.2MB

MD5
c1ca39596b88cc4644578ee4a01b425f

SHA1
df8fff94e75c62cd31eb08947e6a4a583c10fd2c

SHA256
0fdac751c5372013a4200b7e14fc05b43acd926ff420c14a33921f1df9659143

SHA512
34d67b9dd0a57919e0a6e691e7b41c77a367cd28f2f05ba75f2558050a4d3d7bd2f9d36cac716bf37d30e13b7ba3b592d64fe0375a5b298982930d4058b5fec5

Download Submit
C:\Windows\system\aPlzoLL.exe

Filesize
5.2MB

MD5
57d04dcb9ac3cefb41dbe12536a198eb

SHA1
701a8882f3c0028c8a8e67edb0d0db691fcf7000

SHA256
ab04e881478676c486a1ba1351f6e8f45cc28fdcda30a51b4a46a50b8e09f34f

SHA512
d078b68a4534e12f829a924fa4132b2b200534a56315f99044030009db86c1e490a4c260b17c5f1401e586d6fb113e735d1ed06614b8eedda316be68c5a53fdb

Download Submit
C:\Windows\system\fhkfZfz.exe

Filesize
5.2MB

MD5
ec9bd8f20e8ab163346f3ef06f56097e

SHA1
5db4b61dbbe5d8ed4f951d0e1acd01acc4495e34

SHA256
8c45b7d64b56230a42c99a05430a319e89aa26d965d3ed07c088fcaf757af9bd

SHA512
4dbf18c78b724ccff92fb2a081ff1d79b271fa13111c6f9b50e29370c1db64987b48d0610ff6974b8e705a4126d133a38b4fde13005ec6e6f22d41cf758c1573

Download Submit
C:\Windows\system\iUpxXbj.exe

Filesize
5.2MB

MD5
84c2cced82d674154bc646c4d18e2484

SHA1
f0deb706b0822eaa832fa64ee902450b435ef934

SHA256
ea124a58194e7e2b06f3e6514d933ee5994fa2326993dbe6758111b53ffc5afc

SHA512
7b8b1ab0e7d2b41cfebdaa530cca927e9599e718be84d3d7bdc3a47a53df90bc37b23083f66704882d4d835269f3e6e3af1dc6d62340e7d3517af22bfdff689f

Download Submit
C:\Windows\system\jAiJbib.exe

Filesize
5.2MB

MD5
8b9c11963b485903d376b26337f0f665

SHA1
955875592add9b08f1a87f7cddfd1b36496a30f2

SHA256
423621068e75cd21c9c8d9fd43b2452d820d2d4cbe2d081d03d7cdc1cb237ab9

SHA512
40018302c90b5c5d959828c14958b90a110f22069b9538182b6bbb443a489f0d36b53cc7c6b68fed6f5d9cf4a1f2cd7ed35e1ab60f3478b2c53b6c0a6e45fa40

Download Submit
C:\Windows\system\oHSDujl.exe

Filesize
5.2MB

MD5
83320ad174f5eb284cd297dc15df70f7

SHA1
f7f6cccf4467d3cba6f3db42ab1487228415cd3d

SHA256
aaea540a0160436bcd429fce528c51e5690de2babce4b30feac78f18730255dc

SHA512
d86cd05b053bb5bfd125ccf3b1d13c08864370f9012c18869fb81b4701fb02412fb97c646cfe09649db9fe1f2251710d0d21bcdf04656d0103f1e88300b2bfcd

Download Submit
C:\Windows\system\tezYiCF.exe

Filesize
5.2MB

MD5
977fbd6d63d4c1c32c3d243c3ab3c8bb

SHA1
ef138d874c041e1761f008e42ca4901dd526dc43

SHA256
3ad493175213c97e9f7ed0433a9b5a8331d912cc6bd7c286e015fe9f17b9c09e

SHA512
d1cfae2d9f11f3b9d1480a51f6d4fb8be4f3ef6ad14f88c50f139d674a89eb8c43357ba4e80e42df9c8fa9c0baed9a943688d5d93f0a3fe9223d4da6920f2718

Download Submit
C:\Windows\system\urCgJyX.exe

Filesize
5.2MB

MD5
7f514351b4b844eddf3f385ae8c3219d

SHA1
481f39e911e2f76945f2ad761e264aaa6f13cd6f

SHA256
01f7239f6ea1e0da29454f8dd33552f3df33a4c7069f592fc2a0b90f4b334df4

SHA512
555223b97e15197c23d5f212bc209c856f566d59ef74273cf7ca236f7a4c00aa8763072b106f03064fe145885169206eb104719645264ce34ff2034baa81932e

Download Submit
C:\Windows\system\vjbcGeE.exe

Filesize
5.2MB

MD5
1f080ee4741672b4a8e56fa92df470c1

SHA1
a71ccff88a6b08d36dcd71de6d29f52b4f82342f

SHA256
93e69afd370ac4159059b6d3461c9848083e0efcf63866e895f9442b01987f45

SHA512
2c88741b1b90c29d9941573e831ed552bdd0c02336c1bb4910d7a8e473765d2794aa8d2aa8730eecb6754c4a2bdda17d573b04d12c386ef4b5eb6534b634b0fb

Download Submit
C:\Windows\system\yBbqdSC.exe

Filesize
5.2MB

MD5
8089db9c708364340ed9977dd028a3a1

SHA1
83d59b54e173ccadcbccf69d1b6bc60fee70359a

SHA256
877adc91cdc41d4e48921a77baa74be9ea80cc67832f89418c5f096dbffaa9fe

SHA512
7c5b4fa213b6459be7123bb5dd882287d014054b311cbee6ecb553f6e68e9f8ad0058ee05fd26aa2d5fcdf3fc394dc9aca782374a99b23a11bfa3bf911a0a0b2

Download Submit
\Windows\system\AHAvcAe.exe

Filesize
5.2MB

MD5
cf99d34d17a14be7c654d9497b372ff0

SHA1
29a0c7a6de665e0f401336d4d0d7fd6698df5045

SHA256
574e3fee38db219a6fe2ce2c6271954bf9c24b1b7975295f866dc83b7038e080

SHA512
5cd8454b00ee3c372be289164545c5f1e9085cbb316f2c310279cefde8dcbed403bbfc0591f6503ae720d245fe2251a1b836f41778720153dfe0c68730802cea

Download Submit
\Windows\system\DcUnlfX.exe

Filesize
5.2MB

MD5
66215a552303d2887a829d35fa4c6bae

SHA1
eaa45865043092bafba2fb87b19f00c2cd2ffb6a

SHA256
0237cd0111e98f0b89aaa5fb24bb6ee5edcd7eaae85cb83c34549c7e695d1361

SHA512
0432eb639b0be20f250fb804b1f70c6c018f34de91791dce8c858d0b90227bf35cd2b2e28b3454ce2f81fba2579fa17e39492763cc2d40df98dc9cbd9f3c216b

Download Submit
\Windows\system\FlfYLDe.exe

Filesize
5.2MB

MD5
b185e0f4d05c4934a8e051a25d3ad620

SHA1
77164fee86ead8963edcd83887b9c55e135c0676

SHA256
fd5f0623f6c20d9f5661089ef5e49eb15766bed37d27480bf549d2a39eb46b96

SHA512
9e8d69835865f0ef4506801ea4ec481bfb64b93916488d79f4540a7e9506947c04081345c1882da7fa69e62ef50f0eb586589805006aed861aa1411e3dabeeee

Download Submit
\Windows\system\Hhvjjct.exe

Filesize
5.2MB

MD5
b5bb8314dde8fe4853467ab90a41cd4c

SHA1
c7b37130a7d22cc2760c7a0b0bcdd59dd0e3ad01

SHA256
f93b132c468b069bcfd9b6f40222edd284a7751352805c4a2174e2a5d4714964

SHA512
6af5af88bbaca0c616b11ca4a3e6ede94199c76cd3db5e155e1a12e08684527ebfd63c7ccc185c9b405ad465e24d2825bb1e6149218415bae0d09b7428743ac3

Download Submit
\Windows\system\IinNSrr.exe

Filesize
5.2MB

MD5
60fd3d9c79ab68ae7b9d2f6d9b6ea309

SHA1
e21b42f37b7010178551126d52c48706a64341fa

SHA256
3bd63adfea13e084658d9f18a888ad587a6cea3b09ebbd282c5e4cb7f5a7e2dc

SHA512
282f95854b95c65a5805cc2d0e92e8130caf10264296c34fc34bbc8fcd085d37be5f8fa13b23d71239bd9f99c39570db613c4fe3fd203afadf17c4f18e0c4ee8

Download Submit
\Windows\system\JmtZbuZ.exe

Filesize
5.2MB

MD5
f9e7f41ab360680f93fc22d67095fe73

SHA1
146aa3b38400bb3f8267dc7e85c7c6652adefd05

SHA256
4cd6591471f9302d2973b1ec7541b80449298adb147b8cc97c26cca3320418f4

SHA512
5125718bdbf791ec36aa1bcdfe0a89e7ed4cb6926a7dc12ae685fbc477b24488dd393bbfbbeff53ffa5f8b6af7c74a6bafef41341fcdb9f7cc2d78e3f0733d9e

Download Submit
\Windows\system\KZwnzdm.exe

Filesize
5.2MB

MD5
10c12644f79138ac821a0bbe45b1d1df

SHA1
7920fbf6fa48bc844c76918138a3199f77c0df25

SHA256
b71964c1463c0524a04ad775fad441517265885b5419253f190e9224e4d63f52

SHA512
c92c566eef0c971b0d4e0f129ebc001fc8b051fc8e0f682b804543c53726669a4fac65924e21aaa5f366fa3781d31249a9c43017edc5ee16b66eb7deb133f0c7

Download Submit
\Windows\system\LTZOCoA.exe

Filesize
5.2MB

MD5
c84bcbee058b2a1c3b8d65f49405ccee

SHA1
c2f10f0497eb8c731216dc3b8874da5f19949293

SHA256
74caee5b1dd8bae6d10981b338e3ed55173ca6516f27ad0cc61891d71b617a52

SHA512
6859549a4206ba517329c2527b8ff186f23a3b94ca6349e14f3bb6571217701ddff60f7ee330f7b95c28e283705d3f291f0a532c16d8ce29d221fe7b70f08968

Download Submit
\Windows\system\QbzaYbc.exe

Filesize
5.2MB

MD5
1e811dcf3969742e9ea899c058101b3f

SHA1
1a1dac05b2f6a0f55bffa72ea822b9b4b9215048

SHA256
593ebd9b3dbfe60a5f4636883e3f4dc62f6c9ac62e0edc8ade8455d26d1baff3

SHA512
1ddd12fb03df74fa6f3762d7ec472b8ef4051bdbd81606a7590936af3efb0d8f073708ba77e7858de896b3e2a2d9df4f96029723f23f3c8620f11258634b73c9

Download Submit
\Windows\system\UeepMJm.exe

Filesize
5.2MB

MD5
00be106d9dc18912490b3494f2673538

SHA1
87e0f0b7c729a25dfebf31a52ae82ec41e2c4577

SHA256
218b26f82ce41c7240f153cf56532cb3606e9117ce5236e78f65e58f4e6e5e8f

SHA512
0dab539c7b21ba94c4240219d314d01dd4eebd4ab67accbaa9339b446197119892a4c13ec2230013cf5fc96eb4988343eea34f3d85fd1080e4e0862dbb0f31ae

Download Submit
\Windows\system\UkCmWlh.exe

Filesize
5.2MB

MD5
bf4b07c3924f736b215854e32807b135

SHA1
fc53e55fdea51471681ff4f0c0f9a2a9649af7e4

SHA256
2ee10ba5b2a4f41edcfd74025e13818a09d7334025289361b160baf8679a9238

SHA512
916dc161ad5528cb7d1a63bd50da5d7d12c18e366176e2deef2ad525008adbf669781ea800d91264c319063ca4184147f73d9d3ac0e34ca2f63ede88a606c3d9

Download Submit
\Windows\system\YaohGRI.exe

Filesize
5.2MB

MD5
f0d5b61b526d730b38fab55449ced842

SHA1
71e231a517c8de9d517fb7403817986507bfb7af

SHA256
e7a4df24ab311beb56b21f09b346cd67d435e0088eb8bd5f92d2d8f47a396b8c

SHA512
cffc544cddf9a5eb2191ebdd182fa07ab4cc9b8d88c22ffc20065f7f5b068360d28f89b6e5134d0ba66cdda18c4767284b73f7e51a16bc513cf1cc984befb642

Download Submit
\Windows\system\cepbCUz.exe

Filesize
5.2MB

MD5
47495a29f0a017709130221791122d39

SHA1
b71ba444457084b03921aa3d57f83faedfda3966

SHA256
6b622aff34fdfe66fac810e2928a42c7e96270e3f07ccd05a248fd9bf62b06d7

SHA512
87e1b592bad4efc7586ecde374ebdb64846366eacb7bc38d1c2d34a9ffc8f86711fa2553c3ded9618638c5da07e23830456688a5d80e764ab0a8a98a85d2ad50

Download Submit
\Windows\system\dSWxolZ.exe

Filesize
5.2MB

MD5
8aa4fd59825e9db457a874c85509c659

SHA1
b38fea15685aa0020630e7a2a57514b5d6784c54

SHA256
80d550b27c30cffbb4b54272b29a8a0118fc86a34660c5cc6618e5f8c145f7a7

SHA512
d0d7e4d1588aed2e821cc059e9bd9332d9893aa121147e762a86ce9c641325959ac93696273c9cf47961c7f7f5ef4955ff92220b13c8a1fff7768a675ddff89c

Download Submit
\Windows\system\eWbcXPn.exe

Filesize
5.2MB

MD5
4665c9c72be795252c78f7acd2dad43e

SHA1
4afa1795feefebfb1c6617222174edf54e37f2da

SHA256
642692d0e2cc6ee0d246b12e411143762bfaa06e1e38b19c174ad4068d922ca4

SHA512
3a487464a017fdbe955ced8d81fb3069d4c78ab2ed01da7a5d096ba8805dce2337e04587a50b1ff257afa0857d529bf1f071e9e1ec8d106f8557b36008b5a333

Download Submit
\Windows\system\gmErYrp.exe

Filesize
5.2MB

MD5
e7d3d3c1a5218a0440ce19a82a36b99e

SHA1
ec15e998babec5d60a31a310bb83e10487ea752a

SHA256
d1fac1766fe7c1ba16e780e1673e6f1eb55abc0c897c4228e2e2156e0e6afa37

SHA512
bfcf35d36a01305d88d82eb9d44efbe3138bf09bac393a8d21f670b937f655c05d6e538e050837ac58db4f1a754e5d9b797bb3879941ea65089c1ccee1b9ec44

Download Submit
\Windows\system\iFRARNv.exe

Filesize
5.2MB

MD5
0ed5cb0b72c44248d93addb45f890578

SHA1
21c2fd5ced995686f7f6f6ac2bc2b71fc2883f6e

SHA256
a487344045faff94a12d187e7841f82e5ce625b02b3e2ce1918689e6e419effa

SHA512
2feb731c6dbabe0a0508efd72724e1c625144586705ba985f446d39b9a017e8ec424a702571ec4b59413435199280d3504b3f04b98d7541a3b086bf70c31826e

Download Submit
\Windows\system\lrgeFzV.exe

Filesize
5.2MB

MD5
6fcbd535785294cd1d5c3f8e6321f3f5

SHA1
99220fea42c665265d6a351161b1ee3e0a9b03e2

SHA256
4cc0aa655ce89accf80ec21403607e8dd19f80f74e61312d1e142887f60fd88c

SHA512
6154e7730ac0431934674e65ba0ee9a1e618ee0142ed73a978a9a7e79c12477017fcb79e36d0a9ecb5c46c0d054104aa7ec1f64a0903c0177f76094d4088d313

Download Submit
\Windows\system\msTAvWq.exe

Filesize
5.2MB

MD5
dbd753a648abe68a44972b5bcdeaac77

SHA1
dd8b967becbdff91611c5ad5102259eb55b96bbb

SHA256
86046942706b7d33203d9bedc11357efdb23610ff33e5b97d1f82628760acd67

SHA512
edf067474d08a1dcf256c690eee75b0738e232a12a982e83f5932457dbb030e11f9dd9ece325e509461a67ab1284ab5bc70e9a14d478457f87b9c3306bf43365

Download Submit
memory/264-87-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/264-1011-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-34-0x000000013F860000-0x000000013FBB1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-27-0x000000013F220000-0x000000013F571000-memory.dmp

Filesize
3.3MB

Download
memory/1128-89-0x000000013F4E0000-0x000000013F831000-memory.dmp

Filesize
3.3MB

Download
memory/1128-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1128-49-0x000000013FCD0000-0x0000000140021000-memory.dmp

Filesize
3.3MB

Download
memory/1128-81-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-75-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-247-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-92-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-0-0x000000013F860000-0x000000013FBB1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-42-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-7-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-107-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-14-0x0000000002380000-0x00000000026D1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-79-0x000000013F440000-0x000000013F791000-memory.dmp

Filesize
3.3MB

Download
memory/1128-109-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/1436-242-0x000000013F460000-0x000000013F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/2160-21-0x000000013FB60000-0x000000013FEB1000-memory.dmp

Filesize
3.3MB

Download
memory/2160-960-0x000000013FB60000-0x000000013FEB1000-memory.dmp

Filesize
3.3MB

Download
memory/2160-58-0x000000013FB60000-0x000000013FEB1000-memory.dmp

Filesize
3.3MB

Download
memory/2312-29-0x000000013F220000-0x000000013F571000-memory.dmp

Filesize
3.3MB

Download
memory/2312-987-0x000000013F220000-0x000000013F571000-memory.dmp

Filesize
3.3MB

Download
memory/2360-95-0x000000013F4E0000-0x000000013F831000-memory.dmp

Filesize
3.3MB

Download
memory/2360-174-0x000000013F4E0000-0x000000013F831000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1008-0x000000013F4E0000-0x000000013F831000-memory.dmp

Filesize
3.3MB

Download
memory/2480-44-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1000-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2480-84-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2512-90-0x000000013FCD0000-0x0000000140021000-memory.dmp

Filesize
3.3MB

Download
memory/2512-51-0x000000013FCD0000-0x0000000140021000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1037-0x000000013FCD0000-0x0000000140021000-memory.dmp

Filesize
3.3MB

Download
memory/2548-80-0x000000013F440000-0x000000013F791000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1041-0x000000013F440000-0x000000013F791000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013F5D0000-0x000000013F921000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1007-0x000000013F5D0000-0x000000013F921000-memory.dmp

Filesize
3.3MB

Download
memory/2816-36-0x000000013FB80000-0x000000013FED1000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1031-0x000000013FB80000-0x000000013FED1000-memory.dmp

Filesize
3.3MB

Download
memory/2856-77-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1009-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/2868-213-0x000000013F030000-0x000000013F381000-memory.dmp

Filesize
3.3MB

Download
memory/2868-101-0x000000013F030000-0x000000013F381000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1021-0x000000013F030000-0x000000013F381000-memory.dmp

Filesize
3.3MB

Download
memory/2872-69-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1035-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2872-106-0x000000013FA60000-0x000000013FDB1000-memory.dmp

Filesize
3.3MB

Download
memory/2916-16-0x000000013F9C0000-0x000000013FD11000-memory.dmp

Filesize
3.3MB

Download
memory/2916-867-0x000000013F9C0000-0x000000013FD11000-memory.dmp

Filesize
3.3MB

Download
memory/2916-45-0x000000013F9C0000-0x000000013FD11000-memory.dmp

Filesize
3.3MB

Download
memory/3000-8-0x000000013F990000-0x000000013FCE1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-847-0x000000013F990000-0x000000013FCE1000-memory.dmp

Filesize
3.3MB

Download
memory/3000-39-0x000000013F990000-0x000000013FCE1000-memory.dmp

Filesize
3.3MB

Download