cobaltstrike | a04fa4b23996db736736df5185e29f400f5b159fa677628bb1224eb37ec3b574

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

5.7MB
MD5

c37696cbd04658973352b0f40ae79bd5
SHA1

820ee7253bf371114f2f258f45d4e1b566a43fc1
SHA256

a04fa4b23996db736736df5185e29f400f5b159fa677628bb1224eb37ec3b574
SHA512

d4fdbcb79380cb3e949121d42642668c23315e64f0b5e7df0d11b61af858bd7dd043d7383f244b9e0ab76c2b9b11a41ba2b8cc35371ed0cd5d1aeeaa0b0a8476
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUJ:j+R56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x001000000001235b-5.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d8c-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e37-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015eac-19.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016114-31.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001901d-43.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190b2-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f36-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f6a-26.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191a3-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191c9-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191e9-73.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d6c-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922a-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192eb-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019422-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019418-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019406-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019395-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019385-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019359-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001934b-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019336-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019249-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001923d-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019239-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019211-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-0-0x000000013F880000-0x000000013FBCD000-memory.dmp	xmrig
behavioral1/files/0x001000000001235b-5.dat	xmrig
behavioral1/memory/2544-7-0x000000013F260000-0x000000013F5AD000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d8c-9.dat	xmrig
behavioral1/files/0x0007000000015e37-15.dat	xmrig
behavioral1/memory/2248-13-0x000000013F690000-0x000000013F9DD000-memory.dmp	xmrig
behavioral1/files/0x0007000000015eac-19.dat	xmrig
behavioral1/memory/2756-27-0x000000013F7C0000-0x000000013FB0D000-memory.dmp	xmrig
behavioral1/files/0x0009000000016114-31.dat	xmrig
behavioral1/memory/2892-39-0x000000013FE80000-0x00000001401CD000-memory.dmp	xmrig
behavioral1/files/0x000600000001901d-43.dat	xmrig
behavioral1/files/0x00060000000190b2-49.dat	xmrig
behavioral1/memory/2912-51-0x000000013F7E0000-0x000000013FB2D000-memory.dmp	xmrig
behavioral1/memory/2140-54-0x000000013F530000-0x000000013F87D000-memory.dmp	xmrig
behavioral1/memory/1076-53-0x000000013F370000-0x000000013F6BD000-memory.dmp	xmrig
behavioral1/memory/628-45-0x000000013F080000-0x000000013F3CD000-memory.dmp	xmrig
behavioral1/files/0x0007000000018f36-37.dat	xmrig
behavioral1/files/0x0007000000015f6a-26.dat	xmrig
behavioral1/files/0x00050000000191a3-57.dat	xmrig
behavioral1/memory/2664-61-0x000000013FCA0000-0x000000013FFED000-memory.dmp	xmrig
behavioral1/memory/2632-67-0x000000013F0D0000-0x000000013F41D000-memory.dmp	xmrig
behavioral1/files/0x00050000000191c9-70.dat	xmrig
behavioral1/files/0x00050000000191e9-73.dat	xmrig
behavioral1/memory/2780-78-0x000000013FBB0000-0x000000013FEFD000-memory.dmp	xmrig
behavioral1/memory/2224-77-0x000000013F550000-0x000000013F89D000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d6c-65.dat	xmrig
behavioral1/memory/1080-85-0x000000013FCD0000-0x000000014001D000-memory.dmp	xmrig
behavioral1/files/0x000500000001922a-89.dat	xmrig
behavioral1/memory/2932-108-0x000000013F020000-0x000000013F36D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-106.dat	xmrig
behavioral1/memory/2680-121-0x000000013F950000-0x000000013FC9D000-memory.dmp	xmrig
behavioral1/files/0x00050000000192eb-125.dat	xmrig
behavioral1/memory/1780-133-0x000000013F7A0000-0x000000013FAED000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-149.dat	xmrig
behavioral1/memory/1660-169-0x000000013F5D0000-0x000000013F91D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019438-191.dat	xmrig
behavioral1/memory/2560-187-0x000000013F7D0000-0x000000013FB1D000-memory.dmp	xmrig
behavioral1/files/0x000500000001942d-186.dat	xmrig
behavioral1/memory/2312-181-0x000000013F2B0000-0x000000013F5FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019422-179.dat	xmrig
behavioral1/memory/404-175-0x000000013F1E0000-0x000000013F52D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019418-173.dat	xmrig
behavioral1/memory/2288-163-0x000000013FFB0000-0x00000001402FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019406-167.dat	xmrig
behavioral1/files/0x0005000000019395-161.dat	xmrig
behavioral1/memory/1608-157-0x000000013F320000-0x000000013F66D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019385-155.dat	xmrig
behavioral1/memory/1988-151-0x000000013FF60000-0x00000001402AD000-memory.dmp	xmrig
behavioral1/memory/2800-145-0x000000013F190000-0x000000013F4DD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019359-143.dat	xmrig
behavioral1/files/0x000500000001934b-137.dat	xmrig
behavioral1/files/0x0005000000019336-131.dat	xmrig
behavioral1/files/0x000500000001926c-119.dat	xmrig
behavioral1/memory/3036-115-0x000000013F780000-0x000000013FACD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019249-113.dat	xmrig
behavioral1/memory/2856-103-0x000000013F920000-0x000000013FC6D000-memory.dmp	xmrig
behavioral1/files/0x000500000001923d-101.dat	xmrig
behavioral1/memory/280-91-0x000000013FB60000-0x000000013FEAD000-memory.dmp	xmrig
behavioral1/memory/2988-96-0x000000013F300000-0x000000013F64D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019239-94.dat	xmrig
behavioral1/files/0x0005000000019211-83.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2544	PcnmDox.exe
2248	EmUaRFQ.exe
1076	uuylehK.exe
2140	nJcvtlU.exe
2756	fwebgih.exe
2820	BAuIZYP.exe
2892	OhjlPOX.exe
628	piqlXrJ.exe
2912	ixXzxzd.exe
2664	HaSdiOR.exe
2632	ZrqeleV.exe
2780	HGRrwYZ.exe
2224	xKjyuMA.exe
1080	tLKBNPO.exe
280	CTnWcNh.exe
2988	wagEqcp.exe
2856	uUbmUPw.exe
2932	qQPviTn.exe
3036	eQywnEG.exe
2680	ygWdFNK.exe
1736	veHSyRB.exe
1780	QLUKPUG.exe
1744	HtZIOBq.exe
2800	Ldxqeik.exe
1988	jxviroJ.exe
1608	VVituXj.exe
2288	mJJlBuN.exe
1660	QiAvxbD.exe
404	mKlckFI.exe
2312	MkvyTyQ.exe
2560	fXqpRBa.exe
464	wlTqkTM.exe
1332	DdiKGUT.exe
1732	oTNcMNW.exe
892	bibHnKH.exe
1304	ZwHbDFQ.exe
1764	ZhVwcTP.exe
1356	CnCzxQk.exe
936	KeBkupI.exe
2176	beVFfwh.exe
2696	GHGLZiA.exe
2572	PdoxMcp.exe
2080	FlthwCk.exe
984	BUxlxKn.exe
2148	UljMffr.exe
1868	VryBOPJ.exe
868	baDiBcC.exe
532	OVzeyDV.exe
1560	NGjlXqB.exe
1596	pGjFqBE.exe
292	HfDUZZw.exe
2704	cRKVTAP.exe
2900	HWlBflW.exe
2132	uwJPTRH.exe
2884	tqQdYIP.exe
2676	xbHoLBM.exe
2328	XIOhYJK.exe
2000	LRODUTY.exe
1996	cVayGLC.exe
2980	KWDPUzs.exe
788	pPzeFeq.exe
1056	Xhzbfaz.exe
2456	tvkTgGS.exe
2436	Ggmxqee.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vAFeZHE.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WQwfGGf.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VpHFanX.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lwylRrg.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vhKIsua.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rJfafzk.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zJBCIAo.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ptegLIu.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lPliHIv.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tnQPWzu.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kMfZJjB.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xEGEvrI.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kBptNUW.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hBLyeax.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JfmOnSR.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FnkhWEb.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kYYpShD.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rELXawQ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZgUWFmE.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fbxgDFp.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jxviroJ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UCHojfn.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wDDGiox.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jAOZeIb.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KjAxiqS.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MyNVbDQ.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DIueaMX.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nfUlBWA.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QpCftPD.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tTyAKTl.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iicuLOv.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XpkEzkX.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\svtNYCN.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ownSNUW.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lhuJhPV.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rIbQAWP.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EBjZusE.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ypyWzuf.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AmZpGQY.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NnyHqrn.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oJHVmkK.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LYisaZM.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kkJpXVp.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CcpRkiP.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pxuUCEz.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VCSVPTe.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WPudHtg.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rpvwSDy.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WPFUtxN.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\orqNGnu.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mSwvWSk.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SurInaV.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NUPxljT.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KsWusYI.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tqQdYIP.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PoNiIcM.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wRnqkjo.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GBERBOf.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cFNKVmU.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LrnSLND.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gjBMPrI.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xRTemfT.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vtArKWt.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GWMiDYh.exe	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2544	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2532 wrote to memory of 2544	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2532 wrote to memory of 2544	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2532 wrote to memory of 2248	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2532 wrote to memory of 2248	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2532 wrote to memory of 2248	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2532 wrote to memory of 1076	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2532 wrote to memory of 1076	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2532 wrote to memory of 1076	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2532 wrote to memory of 2140	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2532 wrote to memory of 2140	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2532 wrote to memory of 2140	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2532 wrote to memory of 2756	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2532 wrote to memory of 2756	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2532 wrote to memory of 2756	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2532 wrote to memory of 2820	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2532 wrote to memory of 2820	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2532 wrote to memory of 2820	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2532 wrote to memory of 2892	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2532 wrote to memory of 2892	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2532 wrote to memory of 2892	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2532 wrote to memory of 628	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2532 wrote to memory of 628	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2532 wrote to memory of 628	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2532 wrote to memory of 2912	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2532 wrote to memory of 2912	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2532 wrote to memory of 2912	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2532 wrote to memory of 2664	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2532 wrote to memory of 2664	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2532 wrote to memory of 2664	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2532 wrote to memory of 2632	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2532 wrote to memory of 2632	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2532 wrote to memory of 2632	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2532 wrote to memory of 2780	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2532 wrote to memory of 2780	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2532 wrote to memory of 2780	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2532 wrote to memory of 2224	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2532 wrote to memory of 2224	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2532 wrote to memory of 2224	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2532 wrote to memory of 1080	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2532 wrote to memory of 1080	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2532 wrote to memory of 1080	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2532 wrote to memory of 280	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2532 wrote to memory of 280	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2532 wrote to memory of 280	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2532 wrote to memory of 2988	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2532 wrote to memory of 2988	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2532 wrote to memory of 2988	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2532 wrote to memory of 2856	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2532 wrote to memory of 2856	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2532 wrote to memory of 2856	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2532 wrote to memory of 2932	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2532 wrote to memory of 2932	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2532 wrote to memory of 2932	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2532 wrote to memory of 3036	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2532 wrote to memory of 3036	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2532 wrote to memory of 3036	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2532 wrote to memory of 2680	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2532 wrote to memory of 2680	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2532 wrote to memory of 2680	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2532 wrote to memory of 1736	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 2532 wrote to memory of 1736	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 2532 wrote to memory of 1736	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52
PID 2532 wrote to memory of 1780	2532	2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_c37696cbd04658973352b0f40ae79bd5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\PcnmDox.exe
  C:\Windows\System\PcnmDox.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\EmUaRFQ.exe
  C:\Windows\System\EmUaRFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\uuylehK.exe
  C:\Windows\System\uuylehK.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\nJcvtlU.exe
  C:\Windows\System\nJcvtlU.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\fwebgih.exe
  C:\Windows\System\fwebgih.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\BAuIZYP.exe
  C:\Windows\System\BAuIZYP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\OhjlPOX.exe
  C:\Windows\System\OhjlPOX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\piqlXrJ.exe
  C:\Windows\System\piqlXrJ.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ixXzxzd.exe
  C:\Windows\System\ixXzxzd.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HaSdiOR.exe
  C:\Windows\System\HaSdiOR.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZrqeleV.exe
  C:\Windows\System\ZrqeleV.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HGRrwYZ.exe
  C:\Windows\System\HGRrwYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\xKjyuMA.exe
  C:\Windows\System\xKjyuMA.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\tLKBNPO.exe
  C:\Windows\System\tLKBNPO.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\CTnWcNh.exe
  C:\Windows\System\CTnWcNh.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\wagEqcp.exe
  C:\Windows\System\wagEqcp.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\uUbmUPw.exe
  C:\Windows\System\uUbmUPw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\qQPviTn.exe
  C:\Windows\System\qQPviTn.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\eQywnEG.exe
  C:\Windows\System\eQywnEG.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ygWdFNK.exe
  C:\Windows\System\ygWdFNK.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\veHSyRB.exe
  C:\Windows\System\veHSyRB.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\QLUKPUG.exe
  C:\Windows\System\QLUKPUG.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\HtZIOBq.exe
  C:\Windows\System\HtZIOBq.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\Ldxqeik.exe
  C:\Windows\System\Ldxqeik.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\jxviroJ.exe
  C:\Windows\System\jxviroJ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\VVituXj.exe
  C:\Windows\System\VVituXj.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mJJlBuN.exe
  C:\Windows\System\mJJlBuN.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\QiAvxbD.exe
  C:\Windows\System\QiAvxbD.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\mKlckFI.exe
  C:\Windows\System\mKlckFI.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\MkvyTyQ.exe
  C:\Windows\System\MkvyTyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\fXqpRBa.exe
  C:\Windows\System\fXqpRBa.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\wlTqkTM.exe
  C:\Windows\System\wlTqkTM.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\DdiKGUT.exe
  C:\Windows\System\DdiKGUT.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\oTNcMNW.exe
  C:\Windows\System\oTNcMNW.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\bibHnKH.exe
  C:\Windows\System\bibHnKH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ZwHbDFQ.exe
  C:\Windows\System\ZwHbDFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ZhVwcTP.exe
  C:\Windows\System\ZhVwcTP.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\CnCzxQk.exe
  C:\Windows\System\CnCzxQk.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\KeBkupI.exe
  C:\Windows\System\KeBkupI.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\beVFfwh.exe
  C:\Windows\System\beVFfwh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\GHGLZiA.exe
  C:\Windows\System\GHGLZiA.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\PdoxMcp.exe
  C:\Windows\System\PdoxMcp.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\FlthwCk.exe
  C:\Windows\System\FlthwCk.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\BUxlxKn.exe
  C:\Windows\System\BUxlxKn.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\UljMffr.exe
  C:\Windows\System\UljMffr.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\VryBOPJ.exe
  C:\Windows\System\VryBOPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\baDiBcC.exe
  C:\Windows\System\baDiBcC.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\OVzeyDV.exe
  C:\Windows\System\OVzeyDV.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\NGjlXqB.exe
  C:\Windows\System\NGjlXqB.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\pGjFqBE.exe
  C:\Windows\System\pGjFqBE.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\HfDUZZw.exe
  C:\Windows\System\HfDUZZw.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\cRKVTAP.exe
  C:\Windows\System\cRKVTAP.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HWlBflW.exe
  C:\Windows\System\HWlBflW.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\uwJPTRH.exe
  C:\Windows\System\uwJPTRH.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\tqQdYIP.exe
  C:\Windows\System\tqQdYIP.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\xbHoLBM.exe
  C:\Windows\System\xbHoLBM.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\XIOhYJK.exe
  C:\Windows\System\XIOhYJK.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LRODUTY.exe
  C:\Windows\System\LRODUTY.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\cVayGLC.exe
  C:\Windows\System\cVayGLC.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\KWDPUzs.exe
  C:\Windows\System\KWDPUzs.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\pPzeFeq.exe
  C:\Windows\System\pPzeFeq.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\Xhzbfaz.exe
  C:\Windows\System\Xhzbfaz.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\Ggmxqee.exe
  C:\Windows\System\Ggmxqee.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\tvkTgGS.exe
  C:\Windows\System\tvkTgGS.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\siQcodM.exe
  C:\Windows\System\siQcodM.exe
  2⤵
  PID:2300
- C:\Windows\System\wvmRVxn.exe
  C:\Windows\System\wvmRVxn.exe
  2⤵
  PID:2476
- C:\Windows\System\wvRliMY.exe
  C:\Windows\System\wvRliMY.exe
  2⤵
  PID:952
- C:\Windows\System\hCjxdVs.exe
  C:\Windows\System\hCjxdVs.exe
  2⤵
  PID:756
- C:\Windows\System\NASvqzH.exe
  C:\Windows\System\NASvqzH.exe
  2⤵
  PID:2496
- C:\Windows\System\ECMMxcu.exe
  C:\Windows\System\ECMMxcu.exe
  2⤵
  PID:1516
- C:\Windows\System\lmAhnvU.exe
  C:\Windows\System\lmAhnvU.exe
  2⤵
  PID:1768
- C:\Windows\System\zYmiswf.exe
  C:\Windows\System\zYmiswf.exe
  2⤵
  PID:1796
- C:\Windows\System\cFNKVmU.exe
  C:\Windows\System\cFNKVmU.exe
  2⤵
  PID:2028
- C:\Windows\System\ZQTmyIw.exe
  C:\Windows\System\ZQTmyIw.exe
  2⤵
  PID:680
- C:\Windows\System\JywSIoi.exe
  C:\Windows\System\JywSIoi.exe
  2⤵
  PID:2172
- C:\Windows\System\bSOkKOZ.exe
  C:\Windows\System\bSOkKOZ.exe
  2⤵
  PID:1800
- C:\Windows\System\wAexuqk.exe
  C:\Windows\System\wAexuqk.exe
  2⤵
  PID:1884
- C:\Windows\System\QggdPvg.exe
  C:\Windows\System\QggdPvg.exe
  2⤵
  PID:1752
- C:\Windows\System\MbvUNpB.exe
  C:\Windows\System\MbvUNpB.exe
  2⤵
  PID:1124
- C:\Windows\System\ylmcdpB.exe
  C:\Windows\System\ylmcdpB.exe
  2⤵
  PID:1420
- C:\Windows\System\CXHcHmV.exe
  C:\Windows\System\CXHcHmV.exe
  2⤵
  PID:2720
- C:\Windows\System\DetJOxC.exe
  C:\Windows\System\DetJOxC.exe
  2⤵
  PID:2008
- C:\Windows\System\jQPSYXK.exe
  C:\Windows\System\jQPSYXK.exe
  2⤵
  PID:2688
- C:\Windows\System\BQiJgwG.exe
  C:\Windows\System\BQiJgwG.exe
  2⤵
  PID:2744
- C:\Windows\System\NunpLSS.exe
  C:\Windows\System\NunpLSS.exe
  2⤵
  PID:2944
- C:\Windows\System\RdxVBxr.exe
  C:\Windows\System\RdxVBxr.exe
  2⤵
  PID:3028
- C:\Windows\System\pIpZMgx.exe
  C:\Windows\System\pIpZMgx.exe
  2⤵
  PID:2928
- C:\Windows\System\LFqkbwe.exe
  C:\Windows\System\LFqkbwe.exe
  2⤵
  PID:2724
- C:\Windows\System\FSpRttb.exe
  C:\Windows\System\FSpRttb.exe
  2⤵
  PID:2284
- C:\Windows\System\pcRbTDv.exe
  C:\Windows\System\pcRbTDv.exe
  2⤵
  PID:968
- C:\Windows\System\nWNXYuj.exe
  C:\Windows\System\nWNXYuj.exe
  2⤵
  PID:2168
- C:\Windows\System\rrEUFAB.exe
  C:\Windows\System\rrEUFAB.exe
  2⤵
  PID:1720
- C:\Windows\System\ClVnnhA.exe
  C:\Windows\System\ClVnnhA.exe
  2⤵
  PID:2984
- C:\Windows\System\CnMqfAd.exe
  C:\Windows\System\CnMqfAd.exe
  2⤵
  PID:684
- C:\Windows\System\bUcHfCn.exe
  C:\Windows\System\bUcHfCn.exe
  2⤵
  PID:2336
- C:\Windows\System\qctZKom.exe
  C:\Windows\System\qctZKom.exe
  2⤵
  PID:2692
- C:\Windows\System\TKvWrym.exe
  C:\Windows\System\TKvWrym.exe
  2⤵
  PID:1048
- C:\Windows\System\csehVmf.exe
  C:\Windows\System\csehVmf.exe
  2⤵
  PID:1680
- C:\Windows\System\xPyKIzb.exe
  C:\Windows\System\xPyKIzb.exe
  2⤵
  PID:880
- C:\Windows\System\TsGuUNI.exe
  C:\Windows\System\TsGuUNI.exe
  2⤵
  PID:1700
- C:\Windows\System\VTTYJXx.exe
  C:\Windows\System\VTTYJXx.exe
  2⤵
  PID:2876
- C:\Windows\System\LIDodQE.exe
  C:\Windows\System\LIDodQE.exe
  2⤵
  PID:2908
- C:\Windows\System\OIAjIEE.exe
  C:\Windows\System\OIAjIEE.exe
  2⤵
  PID:1888
- C:\Windows\System\lARFOpy.exe
  C:\Windows\System\lARFOpy.exe
  2⤵
  PID:1920
- C:\Windows\System\xHTJvji.exe
  C:\Windows\System\xHTJvji.exe
  2⤵
  PID:2296
- C:\Windows\System\gIknTAn.exe
  C:\Windows\System\gIknTAn.exe
  2⤵
  PID:3068
- C:\Windows\System\DCOCtHp.exe
  C:\Windows\System\DCOCtHp.exe
  2⤵
  PID:1900
- C:\Windows\System\JNbsuaB.exe
  C:\Windows\System\JNbsuaB.exe
  2⤵
  PID:2340
- C:\Windows\System\jnSVYOs.exe
  C:\Windows\System\jnSVYOs.exe
  2⤵
  PID:2280
- C:\Windows\System\xiCMxpR.exe
  C:\Windows\System\xiCMxpR.exe
  2⤵
  PID:2540
- C:\Windows\System\ZJbuqoy.exe
  C:\Windows\System\ZJbuqoy.exe
  2⤵
  PID:300
- C:\Windows\System\GejOAjk.exe
  C:\Windows\System\GejOAjk.exe
  2⤵
  PID:1656
- C:\Windows\System\oYvghMy.exe
  C:\Windows\System\oYvghMy.exe
  2⤵
  PID:1876
- C:\Windows\System\PriqDDI.exe
  C:\Windows\System\PriqDDI.exe
  2⤵
  PID:1588
- C:\Windows\System\AGVVooF.exe
  C:\Windows\System\AGVVooF.exe
  2⤵
  PID:2472
- C:\Windows\System\GcimruX.exe
  C:\Windows\System\GcimruX.exe
  2⤵
  PID:836
- C:\Windows\System\PAXUCpC.exe
  C:\Windows\System\PAXUCpC.exe
  2⤵
  PID:1852
- C:\Windows\System\WJBUxWk.exe
  C:\Windows\System\WJBUxWk.exe
  2⤵
  PID:2400
- C:\Windows\System\MSSttZt.exe
  C:\Windows\System\MSSttZt.exe
  2⤵
  PID:1352
- C:\Windows\System\kadsSXY.exe
  C:\Windows\System\kadsSXY.exe
  2⤵
  PID:1236
- C:\Windows\System\CSiYIfP.exe
  C:\Windows\System\CSiYIfP.exe
  2⤵
  PID:2064
- C:\Windows\System\mvYGDKf.exe
  C:\Windows\System\mvYGDKf.exe
  2⤵
  PID:1684
- C:\Windows\System\McVMRvX.exe
  C:\Windows\System\McVMRvX.exe
  2⤵
  PID:2760
- C:\Windows\System\ewtwTus.exe
  C:\Windows\System\ewtwTus.exe
  2⤵
  PID:2612
- C:\Windows\System\BZAEuTH.exe
  C:\Windows\System\BZAEuTH.exe
  2⤵
  PID:1212
- C:\Windows\System\ehHyBCi.exe
  C:\Windows\System\ehHyBCi.exe
  2⤵
  PID:2992
- C:\Windows\System\WLMhAvY.exe
  C:\Windows\System\WLMhAvY.exe
  2⤵
  PID:1336
- C:\Windows\System\lANCBCs.exe
  C:\Windows\System\lANCBCs.exe
  2⤵
  PID:1348
- C:\Windows\System\sOhNKDh.exe
  C:\Windows\System\sOhNKDh.exe
  2⤵
  PID:764
- C:\Windows\System\EUsYwzm.exe
  C:\Windows\System\EUsYwzm.exe
  2⤵
  PID:2480
- C:\Windows\System\mfomUKp.exe
  C:\Windows\System\mfomUKp.exe
  2⤵
  PID:3088
- C:\Windows\System\SZWCitt.exe
  C:\Windows\System\SZWCitt.exe
  2⤵
  PID:3112
- C:\Windows\System\HcPjCRA.exe
  C:\Windows\System\HcPjCRA.exe
  2⤵
  PID:3140
- C:\Windows\System\MFlyakm.exe
  C:\Windows\System\MFlyakm.exe
  2⤵
  PID:3160
- C:\Windows\System\jxQUUXD.exe
  C:\Windows\System\jxQUUXD.exe
  2⤵
  PID:3192
- C:\Windows\System\KSHNwlZ.exe
  C:\Windows\System\KSHNwlZ.exe
  2⤵
  PID:3216
- C:\Windows\System\RarkBFB.exe
  C:\Windows\System\RarkBFB.exe
  2⤵
  PID:3240
- C:\Windows\System\EieUYry.exe
  C:\Windows\System\EieUYry.exe
  2⤵
  PID:3264
- C:\Windows\System\Vlzjldi.exe
  C:\Windows\System\Vlzjldi.exe
  2⤵
  PID:3288
- C:\Windows\System\APlXIcS.exe
  C:\Windows\System\APlXIcS.exe
  2⤵
  PID:3304
- C:\Windows\System\bFKUEnb.exe
  C:\Windows\System\bFKUEnb.exe
  2⤵
  PID:3332
- C:\Windows\System\MAmTxXA.exe
  C:\Windows\System\MAmTxXA.exe
  2⤵
  PID:3352
- C:\Windows\System\YdeJeFq.exe
  C:\Windows\System\YdeJeFq.exe
  2⤵
  PID:3384
- C:\Windows\System\oYZtuMo.exe
  C:\Windows\System\oYZtuMo.exe
  2⤵
  PID:3404
- C:\Windows\System\gDeNmEC.exe
  C:\Windows\System\gDeNmEC.exe
  2⤵
  PID:3432
- C:\Windows\System\VPZQkUE.exe
  C:\Windows\System\VPZQkUE.exe
  2⤵
  PID:3448
- C:\Windows\System\EbxFUsB.exe
  C:\Windows\System\EbxFUsB.exe
  2⤵
  PID:3476
- C:\Windows\System\PRmEYiO.exe
  C:\Windows\System\PRmEYiO.exe
  2⤵
  PID:3500
- C:\Windows\System\vmUIFli.exe
  C:\Windows\System\vmUIFli.exe
  2⤵
  PID:3528
- C:\Windows\System\YBtvaSE.exe
  C:\Windows\System\YBtvaSE.exe
  2⤵
  PID:3544
- C:\Windows\System\mcVIbXm.exe
  C:\Windows\System\mcVIbXm.exe
  2⤵
  PID:3572
- C:\Windows\System\eAADLPw.exe
  C:\Windows\System\eAADLPw.exe
  2⤵
  PID:3604
- C:\Windows\System\BEXzTte.exe
  C:\Windows\System\BEXzTte.exe
  2⤵
  PID:3628
- C:\Windows\System\WMSuaNZ.exe
  C:\Windows\System\WMSuaNZ.exe
  2⤵
  PID:3652
- C:\Windows\System\BHihlpE.exe
  C:\Windows\System\BHihlpE.exe
  2⤵
  PID:3676
- C:\Windows\System\UGAPCAp.exe
  C:\Windows\System\UGAPCAp.exe
  2⤵
  PID:3696
- C:\Windows\System\WQRaRjv.exe
  C:\Windows\System\WQRaRjv.exe
  2⤵
  PID:3724
- C:\Windows\System\KwJprqi.exe
  C:\Windows\System\KwJprqi.exe
  2⤵
  PID:3748
- C:\Windows\System\iKGsBzF.exe
  C:\Windows\System\iKGsBzF.exe
  2⤵
  PID:3772
- C:\Windows\System\EzMRZzM.exe
  C:\Windows\System\EzMRZzM.exe
  2⤵
  PID:3792
- C:\Windows\System\ORDQBPn.exe
  C:\Windows\System\ORDQBPn.exe
  2⤵
  PID:3820
- C:\Windows\System\EANattH.exe
  C:\Windows\System\EANattH.exe
  2⤵
  PID:3844
- C:\Windows\System\PfOFKVN.exe
  C:\Windows\System\PfOFKVN.exe
  2⤵
  PID:3868
- C:\Windows\System\XNAYkkK.exe
  C:\Windows\System\XNAYkkK.exe
  2⤵
  PID:3888
- C:\Windows\System\llascAi.exe
  C:\Windows\System\llascAi.exe
  2⤵
  PID:3908
- C:\Windows\System\vasHawY.exe
  C:\Windows\System\vasHawY.exe
  2⤵
  PID:3932
- C:\Windows\System\QMFpnSR.exe
  C:\Windows\System\QMFpnSR.exe
  2⤵
  PID:3960
- C:\Windows\System\AWXCXoZ.exe
  C:\Windows\System\AWXCXoZ.exe
  2⤵
  PID:3988
- C:\Windows\System\XFSyFvR.exe
  C:\Windows\System\XFSyFvR.exe
  2⤵
  PID:4012
- C:\Windows\System\NQZlUeZ.exe
  C:\Windows\System\NQZlUeZ.exe
  2⤵
  PID:4036
- C:\Windows\System\ZDvnJet.exe
  C:\Windows\System\ZDvnJet.exe
  2⤵
  PID:4060
- C:\Windows\System\snoDaax.exe
  C:\Windows\System\snoDaax.exe
  2⤵
  PID:4076
- C:\Windows\System\qQeLfQp.exe
  C:\Windows\System\qQeLfQp.exe
  2⤵
  PID:2292
- C:\Windows\System\yCItNfP.exe
  C:\Windows\System\yCItNfP.exe
  2⤵
  PID:1984
- C:\Windows\System\AKClPwg.exe
  C:\Windows\System\AKClPwg.exe
  2⤵
  PID:2376
- C:\Windows\System\vCwQkRv.exe
  C:\Windows\System\vCwQkRv.exe
  2⤵
  PID:1872
- C:\Windows\System\FPNKIWM.exe
  C:\Windows\System\FPNKIWM.exe
  2⤵
  PID:3132
- C:\Windows\System\glWveDY.exe
  C:\Windows\System\glWveDY.exe
  2⤵
  PID:3100
- C:\Windows\System\VpkOYyN.exe
  C:\Windows\System\VpkOYyN.exe
  2⤵
  PID:3176
- C:\Windows\System\DAhCPMo.exe
  C:\Windows\System\DAhCPMo.exe
  2⤵
  PID:3232
- C:\Windows\System\gpfAkua.exe
  C:\Windows\System\gpfAkua.exe
  2⤵
  PID:3280
- C:\Windows\System\tnQPWzu.exe
  C:\Windows\System\tnQPWzu.exe
  2⤵
  PID:3276
- C:\Windows\System\qHjXmRo.exe
  C:\Windows\System\qHjXmRo.exe
  2⤵
  PID:3328
- C:\Windows\System\MJsVynr.exe
  C:\Windows\System\MJsVynr.exe
  2⤵
  PID:3368
- C:\Windows\System\DtdRsWA.exe
  C:\Windows\System\DtdRsWA.exe
  2⤵
  PID:3296
- C:\Windows\System\NIsFRXN.exe
  C:\Windows\System\NIsFRXN.exe
  2⤵
  PID:3428
- C:\Windows\System\YjFzdgo.exe
  C:\Windows\System\YjFzdgo.exe
  2⤵
  PID:3472
- C:\Windows\System\UEWPdHq.exe
  C:\Windows\System\UEWPdHq.exe
  2⤵
  PID:3440
- C:\Windows\System\lMFiQtE.exe
  C:\Windows\System\lMFiQtE.exe
  2⤵
  PID:3496
- C:\Windows\System\jyNgfWS.exe
  C:\Windows\System\jyNgfWS.exe
  2⤵
  PID:3560
- C:\Windows\System\koevKbT.exe
  C:\Windows\System\koevKbT.exe
  2⤵
  PID:3596
- C:\Windows\System\SBzTfAC.exe
  C:\Windows\System\SBzTfAC.exe
  2⤵
  PID:3620
- C:\Windows\System\VYUFEAi.exe
  C:\Windows\System\VYUFEAi.exe
  2⤵
  PID:3704
- C:\Windows\System\ZsPnNeL.exe
  C:\Windows\System\ZsPnNeL.exe
  2⤵
  PID:3640
- C:\Windows\System\JLgDIsZ.exe
  C:\Windows\System\JLgDIsZ.exe
  2⤵
  PID:3692
- C:\Windows\System\ZNECfYf.exe
  C:\Windows\System\ZNECfYf.exe
  2⤵
  PID:3760
- C:\Windows\System\ColHUih.exe
  C:\Windows\System\ColHUih.exe
  2⤵
  PID:3816
- C:\Windows\System\DWFvuvf.exe
  C:\Windows\System\DWFvuvf.exe
  2⤵
  PID:3860
- C:\Windows\System\iNrRBUO.exe
  C:\Windows\System\iNrRBUO.exe
  2⤵
  PID:3840
- C:\Windows\System\wcBEypS.exe
  C:\Windows\System\wcBEypS.exe
  2⤵
  PID:3832
- C:\Windows\System\DsEgNHr.exe
  C:\Windows\System\DsEgNHr.exe
  2⤵
  PID:3924
- C:\Windows\System\DnGeMIL.exe
  C:\Windows\System\DnGeMIL.exe
  2⤵
  PID:3968
- C:\Windows\System\pkfVoWF.exe
  C:\Windows\System\pkfVoWF.exe
  2⤵
  PID:3980
- C:\Windows\System\MCIcLyI.exe
  C:\Windows\System\MCIcLyI.exe
  2⤵
  PID:4048
- C:\Windows\System\KzmUstO.exe
  C:\Windows\System\KzmUstO.exe
  2⤵
  PID:4088
- C:\Windows\System\LNenzLI.exe
  C:\Windows\System\LNenzLI.exe
  2⤵
  PID:4072
- C:\Windows\System\bARRvZw.exe
  C:\Windows\System\bARRvZw.exe
  2⤵
  PID:2500
- C:\Windows\System\CGpeBge.exe
  C:\Windows\System\CGpeBge.exe
  2⤵
  PID:2520
- C:\Windows\System\BVokVOB.exe
  C:\Windows\System\BVokVOB.exe
  2⤵
  PID:3080
- C:\Windows\System\OklUtBJ.exe
  C:\Windows\System\OklUtBJ.exe
  2⤵
  PID:2432
- C:\Windows\System\tyVxhqz.exe
  C:\Windows\System\tyVxhqz.exe
  2⤵
  PID:3272
- C:\Windows\System\iMhNggM.exe
  C:\Windows\System\iMhNggM.exe
  2⤵
  PID:2792
- C:\Windows\System\FZDsytd.exe
  C:\Windows\System\FZDsytd.exe
  2⤵
  PID:3256
- C:\Windows\System\FbowQiu.exe
  C:\Windows\System\FbowQiu.exe
  2⤵
  PID:3284
- C:\Windows\System\JiQeaZU.exe
  C:\Windows\System\JiQeaZU.exe
  2⤵
  PID:3348
- C:\Windows\System\ODQqckB.exe
  C:\Windows\System\ODQqckB.exe
  2⤵
  PID:2996
- C:\Windows\System\XsvMxxC.exe
  C:\Windows\System\XsvMxxC.exe
  2⤵
  PID:3396
- C:\Windows\System\vbMmusz.exe
  C:\Windows\System\vbMmusz.exe
  2⤵
  PID:1908
- C:\Windows\System\fEFsgFo.exe
  C:\Windows\System\fEFsgFo.exe
  2⤵
  PID:3584
- C:\Windows\System\bmiSeoN.exe
  C:\Windows\System\bmiSeoN.exe
  2⤵
  PID:3556
- C:\Windows\System\mysCAON.exe
  C:\Windows\System\mysCAON.exe
  2⤵
  PID:3672
- C:\Windows\System\xfmynsN.exe
  C:\Windows\System\xfmynsN.exe
  2⤵
  PID:3756
- C:\Windows\System\HWLQfbY.exe
  C:\Windows\System\HWLQfbY.exe
  2⤵
  PID:2712
- C:\Windows\System\GWMiDYh.exe
  C:\Windows\System\GWMiDYh.exe
  2⤵
  PID:3808
- C:\Windows\System\XKXJXEh.exe
  C:\Windows\System\XKXJXEh.exe
  2⤵
  PID:3716
- C:\Windows\System\lcVknVC.exe
  C:\Windows\System\lcVknVC.exe
  2⤵
  PID:3852
- C:\Windows\System\yHHlDED.exe
  C:\Windows\System\yHHlDED.exe
  2⤵
  PID:3920
- C:\Windows\System\lhuJhPV.exe
  C:\Windows\System\lhuJhPV.exe
  2⤵
  PID:3976
- C:\Windows\System\FGnBdHZ.exe
  C:\Windows\System\FGnBdHZ.exe
  2⤵
  PID:4084
- C:\Windows\System\ZqUVzrq.exe
  C:\Windows\System\ZqUVzrq.exe
  2⤵
  PID:3876
- C:\Windows\System\YFCyKkj.exe
  C:\Windows\System\YFCyKkj.exe
  2⤵
  PID:1856
- C:\Windows\System\KkFTSgU.exe
  C:\Windows\System\KkFTSgU.exe
  2⤵
  PID:1816
- C:\Windows\System\mQkdLrq.exe
  C:\Windows\System\mQkdLrq.exe
  2⤵
  PID:1808
- C:\Windows\System\aPHHQmC.exe
  C:\Windows\System\aPHHQmC.exe
  2⤵
  PID:3228
- C:\Windows\System\royxXKD.exe
  C:\Windows\System\royxXKD.exe
  2⤵
  PID:972
- C:\Windows\System\EvIMXti.exe
  C:\Windows\System\EvIMXti.exe
  2⤵
  PID:3252
- C:\Windows\System\dtjFImt.exe
  C:\Windows\System\dtjFImt.exe
  2⤵
  PID:1508
- C:\Windows\System\ygmFREu.exe
  C:\Windows\System\ygmFREu.exe
  2⤵
  PID:2404
- C:\Windows\System\dITGQPS.exe
  C:\Windows\System\dITGQPS.exe
  2⤵
  PID:3360
- C:\Windows\System\LXzxGEF.exe
  C:\Windows\System\LXzxGEF.exe
  2⤵
  PID:3320
- C:\Windows\System\AYzijok.exe
  C:\Windows\System\AYzijok.exe
  2⤵
  PID:1604
- C:\Windows\System\OxnRgRP.exe
  C:\Windows\System\OxnRgRP.exe
  2⤵
  PID:1188
- C:\Windows\System\qwIYmFZ.exe
  C:\Windows\System\qwIYmFZ.exe
  2⤵
  PID:3580
- C:\Windows\System\RNEUTyS.exe
  C:\Windows\System\RNEUTyS.exe
  2⤵
  PID:3588
- C:\Windows\System\EewIIqw.exe
  C:\Windows\System\EewIIqw.exe
  2⤵
  PID:3612
- C:\Windows\System\xcvlADs.exe
  C:\Windows\System\xcvlADs.exe
  2⤵
  PID:3904
- C:\Windows\System\eqXMGpx.exe
  C:\Windows\System\eqXMGpx.exe
  2⤵
  PID:3940
- C:\Windows\System\ggQLNhp.exe
  C:\Windows\System\ggQLNhp.exe
  2⤵
  PID:3784
- C:\Windows\System\zSvRcoz.exe
  C:\Windows\System\zSvRcoz.exe
  2⤵
  PID:4056
- C:\Windows\System\ktgtZFX.exe
  C:\Windows\System\ktgtZFX.exe
  2⤵
  PID:2144
- C:\Windows\System\wFiqYDM.exe
  C:\Windows\System\wFiqYDM.exe
  2⤵
  PID:3956
- C:\Windows\System\QdawMNt.exe
  C:\Windows\System\QdawMNt.exe
  2⤵
  PID:1972
- C:\Windows\System\taAchGg.exe
  C:\Windows\System\taAchGg.exe
  2⤵
  PID:2736
- C:\Windows\System\nuTpdtD.exe
  C:\Windows\System\nuTpdtD.exe
  2⤵
  PID:3224
- C:\Windows\System\gniQQHK.exe
  C:\Windows\System\gniQQHK.exe
  2⤵
  PID:2824
- C:\Windows\System\aVykkgm.exe
  C:\Windows\System\aVykkgm.exe
  2⤵
  PID:2860
- C:\Windows\System\ZPzfSUt.exe
  C:\Windows\System\ZPzfSUt.exe
  2⤵
  PID:2768
- C:\Windows\System\JfzXTDY.exe
  C:\Windows\System\JfzXTDY.exe
  2⤵
  PID:3212
- C:\Windows\System\PfJlGVE.exe
  C:\Windows\System\PfJlGVE.exe
  2⤵
  PID:2512
- C:\Windows\System\WTJMQqC.exe
  C:\Windows\System\WTJMQqC.exe
  2⤵
  PID:3488
- C:\Windows\System\kvAtwHY.exe
  C:\Windows\System\kvAtwHY.exe
  2⤵
  PID:3168
- C:\Windows\System\oxgjHnd.exe
  C:\Windows\System\oxgjHnd.exe
  2⤵
  PID:3200
- C:\Windows\System\zjmxKcn.exe
  C:\Windows\System\zjmxKcn.exe
  2⤵
  PID:2072
- C:\Windows\System\XuAAiyG.exe
  C:\Windows\System\XuAAiyG.exe
  2⤵
  PID:2732
- C:\Windows\System\MUXqJlK.exe
  C:\Windows\System\MUXqJlK.exe
  2⤵
  PID:2940
- C:\Windows\System\BoqNDuU.exe
  C:\Windows\System\BoqNDuU.exe
  2⤵
  PID:2956
- C:\Windows\System\FeAoBmY.exe
  C:\Windows\System\FeAoBmY.exe
  2⤵
  PID:3828
- C:\Windows\System\RamdqYz.exe
  C:\Windows\System\RamdqYz.exe
  2⤵
  PID:4052
- C:\Windows\System\lMExmQP.exe
  C:\Windows\System\lMExmQP.exe
  2⤵
  PID:1864
- C:\Windows\System\YIdONaS.exe
  C:\Windows\System\YIdONaS.exe
  2⤵
  PID:4104
- C:\Windows\System\rFGIkwL.exe
  C:\Windows\System\rFGIkwL.exe
  2⤵
  PID:4144
- C:\Windows\System\JwKYeSn.exe
  C:\Windows\System\JwKYeSn.exe
  2⤵
  PID:4160
- C:\Windows\System\bNuyAIR.exe
  C:\Windows\System\bNuyAIR.exe
  2⤵
  PID:4180
- C:\Windows\System\MxHIXTt.exe
  C:\Windows\System\MxHIXTt.exe
  2⤵
  PID:4200
- C:\Windows\System\CUiJtqA.exe
  C:\Windows\System\CUiJtqA.exe
  2⤵
  PID:4216
- C:\Windows\System\UsLBkaK.exe
  C:\Windows\System\UsLBkaK.exe
  2⤵
  PID:4236
- C:\Windows\System\YkGQNwX.exe
  C:\Windows\System\YkGQNwX.exe
  2⤵
  PID:4264
- C:\Windows\System\NyunKyB.exe
  C:\Windows\System\NyunKyB.exe
  2⤵
  PID:4280
- C:\Windows\System\eqGagfL.exe
  C:\Windows\System\eqGagfL.exe
  2⤵
  PID:4316
- C:\Windows\System\KhkOonM.exe
  C:\Windows\System\KhkOonM.exe
  2⤵
  PID:4332
- C:\Windows\System\feXkPZr.exe
  C:\Windows\System\feXkPZr.exe
  2⤵
  PID:4348
- C:\Windows\System\YuvOxBA.exe
  C:\Windows\System\YuvOxBA.exe
  2⤵
  PID:4376
- C:\Windows\System\lEJYKjf.exe
  C:\Windows\System\lEJYKjf.exe
  2⤵
  PID:4396
- C:\Windows\System\sAcvDXa.exe
  C:\Windows\System\sAcvDXa.exe
  2⤵
  PID:4416
- C:\Windows\System\zjzzyjL.exe
  C:\Windows\System\zjzzyjL.exe
  2⤵
  PID:4448
- C:\Windows\System\ZrlmnNt.exe
  C:\Windows\System\ZrlmnNt.exe
  2⤵
  PID:4464
- C:\Windows\System\aPjilbp.exe
  C:\Windows\System\aPjilbp.exe
  2⤵
  PID:4484
- C:\Windows\System\hMOfaHJ.exe
  C:\Windows\System\hMOfaHJ.exe
  2⤵
  PID:4500
- C:\Windows\System\RMhwFxo.exe
  C:\Windows\System\RMhwFxo.exe
  2⤵
  PID:4520
- C:\Windows\System\eTuWDvE.exe
  C:\Windows\System\eTuWDvE.exe
  2⤵
  PID:4552
- C:\Windows\System\oSBBeuY.exe
  C:\Windows\System\oSBBeuY.exe
  2⤵
  PID:4600
- C:\Windows\System\xijtumo.exe
  C:\Windows\System\xijtumo.exe
  2⤵
  PID:4616
- C:\Windows\System\WTwXADI.exe
  C:\Windows\System\WTwXADI.exe
  2⤵
  PID:4632
- C:\Windows\System\lDyqDmI.exe
  C:\Windows\System\lDyqDmI.exe
  2⤵
  PID:4648
- C:\Windows\System\rYqldCu.exe
  C:\Windows\System\rYqldCu.exe
  2⤵
  PID:4668
- C:\Windows\System\NZJinWd.exe
  C:\Windows\System\NZJinWd.exe
  2⤵
  PID:4696
- C:\Windows\System\QpCftPD.exe
  C:\Windows\System\QpCftPD.exe
  2⤵
  PID:4736
- C:\Windows\System\OqvfNLt.exe
  C:\Windows\System\OqvfNLt.exe
  2⤵
  PID:4808
- C:\Windows\System\JEKUDxh.exe
  C:\Windows\System\JEKUDxh.exe
  2⤵
  PID:4900
- C:\Windows\System\TwkDkxH.exe
  C:\Windows\System\TwkDkxH.exe
  2⤵
  PID:4920
- C:\Windows\System\FSKEnzw.exe
  C:\Windows\System\FSKEnzw.exe
  2⤵
  PID:4948
- C:\Windows\System\oQfjlaW.exe
  C:\Windows\System\oQfjlaW.exe
  2⤵
  PID:4980
- C:\Windows\System\BEQmNmC.exe
  C:\Windows\System\BEQmNmC.exe
  2⤵
  PID:5000
- C:\Windows\System\cDrEuRx.exe
  C:\Windows\System\cDrEuRx.exe
  2⤵
  PID:5020
- C:\Windows\System\JfoJatY.exe
  C:\Windows\System\JfoJatY.exe
  2⤵
  PID:5036
- C:\Windows\System\MaVsrot.exe
  C:\Windows\System\MaVsrot.exe
  2⤵
  PID:5052
- C:\Windows\System\YnOPTtc.exe
  C:\Windows\System\YnOPTtc.exe
  2⤵
  PID:5072
- C:\Windows\System\CVtiHUl.exe
  C:\Windows\System\CVtiHUl.exe
  2⤵
  PID:5088
- C:\Windows\System\NzFhdPO.exe
  C:\Windows\System\NzFhdPO.exe
  2⤵
  PID:5108
- C:\Windows\System\caNlKnc.exe
  C:\Windows\System\caNlKnc.exe
  2⤵
  PID:2428
- C:\Windows\System\YyfMThW.exe
  C:\Windows\System\YyfMThW.exe
  2⤵
  PID:3648
- C:\Windows\System\fihxuxb.exe
  C:\Windows\System\fihxuxb.exe
  2⤵
  PID:4112
- C:\Windows\System\QIgERdK.exe
  C:\Windows\System\QIgERdK.exe
  2⤵
  PID:4140
- C:\Windows\System\fCmVbEc.exe
  C:\Windows\System\fCmVbEc.exe
  2⤵
  PID:4208
- C:\Windows\System\kvkmMsy.exe
  C:\Windows\System\kvkmMsy.exe
  2⤵
  PID:4252
- C:\Windows\System\mQlALKt.exe
  C:\Windows\System\mQlALKt.exe
  2⤵
  PID:4308
- C:\Windows\System\KnQoEjD.exe
  C:\Windows\System\KnQoEjD.exe
  2⤵
  PID:4388
- C:\Windows\System\YmoczgF.exe
  C:\Windows\System\YmoczgF.exe
  2⤵
  PID:4428
- C:\Windows\System\WPWnKXL.exe
  C:\Windows\System\WPWnKXL.exe
  2⤵
  PID:4432
- C:\Windows\System\bplJvxC.exe
  C:\Windows\System\bplJvxC.exe
  2⤵
  PID:4476
- C:\Windows\System\LwhgYFg.exe
  C:\Windows\System\LwhgYFg.exe
  2⤵
  PID:4564
- C:\Windows\System\mnNggaM.exe
  C:\Windows\System\mnNggaM.exe
  2⤵
  PID:4572
- C:\Windows\System\tasceva.exe
  C:\Windows\System\tasceva.exe
  2⤵
  PID:4588
- C:\Windows\System\KTuVxFv.exe
  C:\Windows\System\KTuVxFv.exe
  2⤵
  PID:4368
- C:\Windows\System\vGgDOTP.exe
  C:\Windows\System\vGgDOTP.exe
  2⤵
  PID:4728
- C:\Windows\System\bVjxgtk.exe
  C:\Windows\System\bVjxgtk.exe
  2⤵
  PID:3188
- C:\Windows\System\zTPzbDZ.exe
  C:\Windows\System\zTPzbDZ.exe
  2⤵
  PID:3024
- C:\Windows\System\ObhURVt.exe
  C:\Windows\System\ObhURVt.exe
  2⤵
  PID:3180
- C:\Windows\System\vWXMGiC.exe
  C:\Windows\System\vWXMGiC.exe
  2⤵
  PID:4224
- C:\Windows\System\EgoRfer.exe
  C:\Windows\System\EgoRfer.exe
  2⤵
  PID:4324
- C:\Windows\System\dcHrwzJ.exe
  C:\Windows\System\dcHrwzJ.exe
  2⤵
  PID:4372
- C:\Windows\System\pdeAIZn.exe
  C:\Windows\System\pdeAIZn.exe
  2⤵
  PID:4456
- C:\Windows\System\EwHmjmM.exe
  C:\Windows\System\EwHmjmM.exe
  2⤵
  PID:3520
- C:\Windows\System\PYAwrhE.exe
  C:\Windows\System\PYAwrhE.exe
  2⤵
  PID:4680
- C:\Windows\System\iMyRFmD.exe
  C:\Windows\System\iMyRFmD.exe
  2⤵
  PID:4772
- C:\Windows\System\juQPhqb.exe
  C:\Windows\System\juQPhqb.exe
  2⤵
  PID:2872
- C:\Windows\System\LaLyfFi.exe
  C:\Windows\System\LaLyfFi.exe
  2⤵
  PID:4800
- C:\Windows\System\xpyNHnN.exe
  C:\Windows\System\xpyNHnN.exe
  2⤵
  PID:1576
- C:\Windows\System\gToWqvM.exe
  C:\Windows\System\gToWqvM.exe
  2⤵
  PID:4828
- C:\Windows\System\MbIXUvW.exe
  C:\Windows\System\MbIXUvW.exe
  2⤵
  PID:4844
- C:\Windows\System\mTeWOnx.exe
  C:\Windows\System\mTeWOnx.exe
  2⤵
  PID:4856
- C:\Windows\System\uHvxoSO.exe
  C:\Windows\System\uHvxoSO.exe
  2⤵
  PID:4876
- C:\Windows\System\xffCLED.exe
  C:\Windows\System\xffCLED.exe
  2⤵
  PID:4944
- C:\Windows\System\NnyHqrn.exe
  C:\Windows\System\NnyHqrn.exe
  2⤵
  PID:5032
- C:\Windows\System\CdyulcR.exe
  C:\Windows\System\CdyulcR.exe
  2⤵
  PID:5100
- C:\Windows\System\pkzzCPd.exe
  C:\Windows\System\pkzzCPd.exe
  2⤵
  PID:2444
- C:\Windows\System\bYZkWeZ.exe
  C:\Windows\System\bYZkWeZ.exe
  2⤵
  PID:4136
- C:\Windows\System\noUeIuZ.exe
  C:\Windows\System\noUeIuZ.exe
  2⤵
  PID:1712
- C:\Windows\System\jdDJaWz.exe
  C:\Windows\System\jdDJaWz.exe
  2⤵
  PID:5008
- C:\Windows\System\sIvUPKt.exe
  C:\Windows\System\sIvUPKt.exe
  2⤵
  PID:1976
- C:\Windows\System\rKzHXLm.exe
  C:\Windows\System\rKzHXLm.exe
  2⤵
  PID:4580
- C:\Windows\System\rVYFIDY.exe
  C:\Windows\System\rVYFIDY.exe
  2⤵
  PID:4168
- C:\Windows\System\SfyiHRd.exe
  C:\Windows\System\SfyiHRd.exe
  2⤵
  PID:3952
- C:\Windows\System\mKYpFGm.exe
  C:\Windows\System\mKYpFGm.exe
  2⤵
  PID:4296
- C:\Windows\System\KaEuMMg.exe
  C:\Windows\System\KaEuMMg.exe
  2⤵
  PID:4568
- C:\Windows\System\kUqDnYu.exe
  C:\Windows\System\kUqDnYu.exe
  2⤵
  PID:4628
- C:\Windows\System\bUzpixG.exe
  C:\Windows\System\bUzpixG.exe
  2⤵
  PID:1192
- C:\Windows\System\PrUSgJM.exe
  C:\Windows\System\PrUSgJM.exe
  2⤵
  PID:2620
- C:\Windows\System\YYBrAPq.exe
  C:\Windows\System\YYBrAPq.exe
  2⤵
  PID:4188
- C:\Windows\System\kOmomOu.exe
  C:\Windows\System\kOmomOu.exe
  2⤵
  PID:4716
- C:\Windows\System\sgacYqO.exe
  C:\Windows\System\sgacYqO.exe
  2⤵
  PID:4192
- C:\Windows\System\sIjDBaQ.exe
  C:\Windows\System\sIjDBaQ.exe
  2⤵
  PID:4536
- C:\Windows\System\vsjwGQj.exe
  C:\Windows\System\vsjwGQj.exe
  2⤵
  PID:1740
- C:\Windows\System\oPqNssG.exe
  C:\Windows\System\oPqNssG.exe
  2⤵
  PID:4692
- C:\Windows\System\kyNUFtn.exe
  C:\Windows\System\kyNUFtn.exe
  2⤵
  PID:3564
- C:\Windows\System\QlfIaCb.exe
  C:\Windows\System\QlfIaCb.exe
  2⤵
  PID:4824
- C:\Windows\System\mVcknVi.exe
  C:\Windows\System\mVcknVi.exe
  2⤵
  PID:4780
- C:\Windows\System\syLnwwx.exe
  C:\Windows\System\syLnwwx.exe
  2⤵
  PID:4872
- C:\Windows\System\FHlnBuG.exe
  C:\Windows\System\FHlnBuG.exe
  2⤵
  PID:2448
- C:\Windows\System\tWxvVpy.exe
  C:\Windows\System\tWxvVpy.exe
  2⤵
  PID:4888
- C:\Windows\System\VNkCWEF.exe
  C:\Windows\System\VNkCWEF.exe
  2⤵
  PID:4916
- C:\Windows\System\tCihntF.exe
  C:\Windows\System\tCihntF.exe
  2⤵
  PID:4996
- C:\Windows\System\xMQSNBT.exe
  C:\Windows\System\xMQSNBT.exe
  2⤵
  PID:5096
- C:\Windows\System\IRFlMyC.exe
  C:\Windows\System\IRFlMyC.exe
  2⤵
  PID:4960
- C:\Windows\System\MoCLIop.exe
  C:\Windows\System\MoCLIop.exe
  2⤵
  PID:4248
- C:\Windows\System\rIbQAWP.exe
  C:\Windows\System\rIbQAWP.exe
  2⤵
  PID:3684
- C:\Windows\System\UcoNtmz.exe
  C:\Windows\System\UcoNtmz.exe
  2⤵
  PID:4516
- C:\Windows\System\iGAXbpP.exe
  C:\Windows\System\iGAXbpP.exe
  2⤵
  PID:2608
- C:\Windows\System\ENMLXKk.exe
  C:\Windows\System\ENMLXKk.exe
  2⤵
  PID:1240
- C:\Windows\System\DEjbebq.exe
  C:\Windows\System\DEjbebq.exe
  2⤵
  PID:4260
- C:\Windows\System\awVztLN.exe
  C:\Windows\System\awVztLN.exe
  2⤵
  PID:3616
- C:\Windows\System\oZEWCfV.exe
  C:\Windows\System\oZEWCfV.exe
  2⤵
  PID:4292
- C:\Windows\System\udVZdrF.exe
  C:\Windows\System\udVZdrF.exe
  2⤵
  PID:4664
- C:\Windows\System\bcLHDMw.exe
  C:\Windows\System\bcLHDMw.exe
  2⤵
  PID:4684
- C:\Windows\System\TCmfStB.exe
  C:\Windows\System\TCmfStB.exe
  2⤵
  PID:4408
- C:\Windows\System\PeYifua.exe
  C:\Windows\System\PeYifua.exe
  2⤵
  PID:3060
- C:\Windows\System\YxwMICo.exe
  C:\Windows\System\YxwMICo.exe
  2⤵
  PID:4228
- C:\Windows\System\zldYGbA.exe
  C:\Windows\System\zldYGbA.exe
  2⤵
  PID:4612
- C:\Windows\System\NcpKLXU.exe
  C:\Windows\System\NcpKLXU.exe
  2⤵
  PID:2452
- C:\Windows\System\QfMCVcs.exe
  C:\Windows\System\QfMCVcs.exe
  2⤵
  PID:4540
- C:\Windows\System\lsHYsbU.exe
  C:\Windows\System\lsHYsbU.exe
  2⤵
  PID:4836
- C:\Windows\System\RDaJhdM.exe
  C:\Windows\System\RDaJhdM.exe
  2⤵
  PID:4868
- C:\Windows\System\EyRwqDn.exe
  C:\Windows\System\EyRwqDn.exe
  2⤵
  PID:1380
- C:\Windows\System\oJHVmkK.exe
  C:\Windows\System\oJHVmkK.exe
  2⤵
  PID:1672
- C:\Windows\System\lqXzxBq.exe
  C:\Windows\System\lqXzxBq.exe
  2⤵
  PID:2684
- C:\Windows\System\HMCdPdN.exe
  C:\Windows\System\HMCdPdN.exe
  2⤵
  PID:4976
- C:\Windows\System\gYQsllQ.exe
  C:\Windows\System\gYQsllQ.exe
  2⤵
  PID:4472
- C:\Windows\System\cqmEhYM.exe
  C:\Windows\System\cqmEhYM.exe
  2⤵
  PID:4004
- C:\Windows\System\LYisaZM.exe
  C:\Windows\System\LYisaZM.exe
  2⤵
  PID:4356
- C:\Windows\System\yzcfjHv.exe
  C:\Windows\System\yzcfjHv.exe
  2⤵
  PID:4676
- C:\Windows\System\OtDFuKk.exe
  C:\Windows\System\OtDFuKk.exe
  2⤵
  PID:1584
- C:\Windows\System\PFiXWVw.exe
  C:\Windows\System\PFiXWVw.exe
  2⤵
  PID:2464
- C:\Windows\System\JQLkCWT.exe
  C:\Windows\System\JQLkCWT.exe
  2⤵
  PID:2628
- C:\Windows\System\GiIQYYP.exe
  C:\Windows\System\GiIQYYP.exe
  2⤵
  PID:4532
- C:\Windows\System\VxMbBFx.exe
  C:\Windows\System\VxMbBFx.exe
  2⤵
  PID:3660
- C:\Windows\System\yhjRetH.exe
  C:\Windows\System\yhjRetH.exe
  2⤵
  PID:4884
- C:\Windows\System\aJzXTZs.exe
  C:\Windows\System\aJzXTZs.exe
  2⤵
  PID:3512
- C:\Windows\System\pUpQOhi.exe
  C:\Windows\System\pUpQOhi.exe
  2⤵
  PID:4196
- C:\Windows\System\qiMSQfZ.exe
  C:\Windows\System\qiMSQfZ.exe
  2⤵
  PID:3016
- C:\Windows\System\uqJoRjQ.exe
  C:\Windows\System\uqJoRjQ.exe
  2⤵
  PID:5132
- C:\Windows\System\CDXhUrn.exe
  C:\Windows\System\CDXhUrn.exe
  2⤵
  PID:5160
- C:\Windows\System\cFsktBF.exe
  C:\Windows\System\cFsktBF.exe
  2⤵
  PID:5176
- C:\Windows\System\rKdzYaX.exe
  C:\Windows\System\rKdzYaX.exe
  2⤵
  PID:5192
- C:\Windows\System\sUFZjqX.exe
  C:\Windows\System\sUFZjqX.exe
  2⤵
  PID:5216
- C:\Windows\System\GDdeyGt.exe
  C:\Windows\System\GDdeyGt.exe
  2⤵
  PID:5340
- C:\Windows\System\GPwEsxm.exe
  C:\Windows\System\GPwEsxm.exe
  2⤵
  PID:5356
- C:\Windows\System\hVXvVwC.exe
  C:\Windows\System\hVXvVwC.exe
  2⤵
  PID:5388
- C:\Windows\System\zhXtxHy.exe
  C:\Windows\System\zhXtxHy.exe
  2⤵
  PID:5412
- C:\Windows\System\lkkALNr.exe
  C:\Windows\System\lkkALNr.exe
  2⤵
  PID:5432
- C:\Windows\System\kQFEhiU.exe
  C:\Windows\System\kQFEhiU.exe
  2⤵
  PID:5456
- C:\Windows\System\XkXQNhw.exe
  C:\Windows\System\XkXQNhw.exe
  2⤵
  PID:5484
- C:\Windows\System\DvWYaTt.exe
  C:\Windows\System\DvWYaTt.exe
  2⤵
  PID:5508
- C:\Windows\System\CjXTbMk.exe
  C:\Windows\System\CjXTbMk.exe
  2⤵
  PID:5524
- C:\Windows\System\XroUEPG.exe
  C:\Windows\System\XroUEPG.exe
  2⤵
  PID:5552
- C:\Windows\System\qUenetV.exe
  C:\Windows\System\qUenetV.exe
  2⤵
  PID:5580
- C:\Windows\System\duZLiDW.exe
  C:\Windows\System\duZLiDW.exe
  2⤵
  PID:5604
- C:\Windows\System\mbxkeGP.exe
  C:\Windows\System\mbxkeGP.exe
  2⤵
  PID:5628
- C:\Windows\System\HQEqZGe.exe
  C:\Windows\System\HQEqZGe.exe
  2⤵
  PID:5644
- C:\Windows\System\UOygQNI.exe
  C:\Windows\System\UOygQNI.exe
  2⤵
  PID:5676
- C:\Windows\System\LHbIybW.exe
  C:\Windows\System\LHbIybW.exe
  2⤵
  PID:5692
- C:\Windows\System\SBgRoHk.exe
  C:\Windows\System\SBgRoHk.exe
  2⤵
  PID:5712
- C:\Windows\System\pdZPtsg.exe
  C:\Windows\System\pdZPtsg.exe
  2⤵
  PID:5736
- C:\Windows\System\eYsANLI.exe
  C:\Windows\System\eYsANLI.exe
  2⤵
  PID:5752
- C:\Windows\System\zJVXoPm.exe
  C:\Windows\System\zJVXoPm.exe
  2⤵
  PID:5772
- C:\Windows\System\bKACXTm.exe
  C:\Windows\System\bKACXTm.exe
  2⤵
  PID:5800
- C:\Windows\System\estcPZX.exe
  C:\Windows\System\estcPZX.exe
  2⤵
  PID:5820
- C:\Windows\System\WAFIUlj.exe
  C:\Windows\System\WAFIUlj.exe
  2⤵
  PID:5844
- C:\Windows\System\fedWWas.exe
  C:\Windows\System\fedWWas.exe
  2⤵
  PID:5864
- C:\Windows\System\vTPkmzl.exe
  C:\Windows\System\vTPkmzl.exe
  2⤵
  PID:5880
- C:\Windows\System\DFavRsz.exe
  C:\Windows\System\DFavRsz.exe
  2⤵
  PID:5900
- C:\Windows\System\VqAdyPB.exe
  C:\Windows\System\VqAdyPB.exe
  2⤵
  PID:5916
- C:\Windows\System\JqAQVQC.exe
  C:\Windows\System\JqAQVQC.exe
  2⤵
  PID:5932
- C:\Windows\System\cvgEEep.exe
  C:\Windows\System\cvgEEep.exe
  2⤵
  PID:5968
- C:\Windows\System\RWsltrN.exe
  C:\Windows\System\RWsltrN.exe
  2⤵
  PID:5984
- C:\Windows\System\bNnYgEa.exe
  C:\Windows\System\bNnYgEa.exe
  2⤵
  PID:6004
- C:\Windows\System\yJjakBJ.exe
  C:\Windows\System\yJjakBJ.exe
  2⤵
  PID:6020
- C:\Windows\System\skfGHas.exe
  C:\Windows\System\skfGHas.exe
  2⤵
  PID:6040
- C:\Windows\System\swxqaRu.exe
  C:\Windows\System\swxqaRu.exe
  2⤵
  PID:6056
- C:\Windows\System\ZWSRsIH.exe
  C:\Windows\System\ZWSRsIH.exe
  2⤵
  PID:6072
- C:\Windows\System\AArQVAA.exe
  C:\Windows\System\AArQVAA.exe
  2⤵
  PID:6096
- C:\Windows\System\mcBYxot.exe
  C:\Windows\System\mcBYxot.exe
  2⤵
  PID:6120
- C:\Windows\System\iknyrIn.exe
  C:\Windows\System\iknyrIn.exe
  2⤵
  PID:6140
- C:\Windows\System\EyUxSml.exe
  C:\Windows\System\EyUxSml.exe
  2⤵
  PID:4964
- C:\Windows\System\EHZBiOC.exe
  C:\Windows\System\EHZBiOC.exe
  2⤵
  PID:5188
- C:\Windows\System\UrLYttU.exe
  C:\Windows\System\UrLYttU.exe
  2⤵
  PID:5224
- C:\Windows\System\sIdLHbN.exe
  C:\Windows\System\sIdLHbN.exe
  2⤵
  PID:3720
- C:\Windows\System\rLOyXEF.exe
  C:\Windows\System\rLOyXEF.exe
  2⤵
  PID:4932
- C:\Windows\System\XQwGWfX.exe
  C:\Windows\System\XQwGWfX.exe
  2⤵
  PID:4988
- C:\Windows\System\djfHIGO.exe
  C:\Windows\System\djfHIGO.exe
  2⤵
  PID:3800
- C:\Windows\System\ziatGyL.exe
  C:\Windows\System\ziatGyL.exe
  2⤵
  PID:5244
- C:\Windows\System\PsRfyxT.exe
  C:\Windows\System\PsRfyxT.exe
  2⤵
  PID:1600
- C:\Windows\System\QZjfUGx.exe
  C:\Windows\System\QZjfUGx.exe
  2⤵
  PID:4092
- C:\Windows\System\huxrUPD.exe
  C:\Windows\System\huxrUPD.exe
  2⤵
  PID:5256
- C:\Windows\System\psAfOip.exe
  C:\Windows\System\psAfOip.exe
  2⤵
  PID:5264
- C:\Windows\System\WtdDROr.exe
  C:\Windows\System\WtdDROr.exe
  2⤵
  PID:5292
- C:\Windows\System\BoDBnQV.exe
  C:\Windows\System\BoDBnQV.exe
  2⤵
  PID:5332
- C:\Windows\System\baPGEPS.exe
  C:\Windows\System\baPGEPS.exe
  2⤵
  PID:5368
- C:\Windows\System\SkfQIct.exe
  C:\Windows\System\SkfQIct.exe
  2⤵
  PID:5420
- C:\Windows\System\wDDGiox.exe
  C:\Windows\System\wDDGiox.exe
  2⤵
  PID:5448
- C:\Windows\System\ENbssAC.exe
  C:\Windows\System\ENbssAC.exe
  2⤵
  PID:5476
- C:\Windows\System\mmPsGSi.exe
  C:\Windows\System\mmPsGSi.exe
  2⤵
  PID:5504
- C:\Windows\System\VugewIf.exe
  C:\Windows\System\VugewIf.exe
  2⤵
  PID:5560
- C:\Windows\System\RxtqSKJ.exe
  C:\Windows\System\RxtqSKJ.exe
  2⤵
  PID:5576
- C:\Windows\System\LQbHzNC.exe
  C:\Windows\System\LQbHzNC.exe
  2⤵
  PID:5612
- C:\Windows\System\kvyLAuT.exe
  C:\Windows\System\kvyLAuT.exe
  2⤵
  PID:5660
- C:\Windows\System\YgDReXi.exe
  C:\Windows\System\YgDReXi.exe
  2⤵
  PID:5684
- C:\Windows\System\kPfSkMa.exe
  C:\Windows\System\kPfSkMa.exe
  2⤵
  PID:5780
- C:\Windows\System\XdhRAzv.exe
  C:\Windows\System\XdhRAzv.exe
  2⤵
  PID:5828
- C:\Windows\System\MFboghg.exe
  C:\Windows\System\MFboghg.exe
  2⤵
  PID:5956
- C:\Windows\System\VXpTmgI.exe
  C:\Windows\System\VXpTmgI.exe
  2⤵
  PID:6000
- C:\Windows\System\XULaEcQ.exe
  C:\Windows\System\XULaEcQ.exe
  2⤵
  PID:6068
- C:\Windows\System\Ivcerem.exe
  C:\Windows\System\Ivcerem.exe
  2⤵
  PID:6116
- C:\Windows\System\EDpCZTR.exe
  C:\Windows\System\EDpCZTR.exe
  2⤵
  PID:3064
- C:\Windows\System\DGzjazr.exe
  C:\Windows\System\DGzjazr.exe
  2⤵
  PID:5084
- C:\Windows\System\EIoYHus.exe
  C:\Windows\System\EIoYHus.exe
  2⤵
  PID:5768
- C:\Windows\System\qmmJPlD.exe
  C:\Windows\System\qmmJPlD.exe
  2⤵
  PID:6092
- C:\Windows\System\XeQyCZH.exe
  C:\Windows\System\XeQyCZH.exe
  2⤵
  PID:5816
- C:\Windows\System\eLnIDKF.exe
  C:\Windows\System\eLnIDKF.exe
  2⤵
  PID:5228
- C:\Windows\System\fGNpZgS.exe
  C:\Windows\System\fGNpZgS.exe
  2⤵
  PID:4544
- C:\Windows\System\eAsRets.exe
  C:\Windows\System\eAsRets.exe
  2⤵
  PID:5248
- C:\Windows\System\wykkglK.exe
  C:\Windows\System\wykkglK.exe
  2⤵
  PID:5268
- C:\Windows\System\USgSvco.exe
  C:\Windows\System\USgSvco.exe
  2⤵
  PID:5976
- C:\Windows\System\PWQxOmg.exe
  C:\Windows\System\PWQxOmg.exe
  2⤵
  PID:5372
- C:\Windows\System\XUFKqrZ.exe
  C:\Windows\System\XUFKqrZ.exe
  2⤵
  PID:5440
- C:\Windows\System\sBqRuhn.exe
  C:\Windows\System\sBqRuhn.exe
  2⤵
  PID:5544
- C:\Windows\System\SkwjHue.exe
  C:\Windows\System\SkwjHue.exe
  2⤵
  PID:5616
- C:\Windows\System\isPHcfA.exe
  C:\Windows\System\isPHcfA.exe
  2⤵
  PID:5656
- C:\Windows\System\dtnYejl.exe
  C:\Windows\System\dtnYejl.exe
  2⤵
  PID:5744
- C:\Windows\System\hgoPGxu.exe
  C:\Windows\System\hgoPGxu.exe
  2⤵
  PID:5872
- C:\Windows\System\txIVgex.exe
  C:\Windows\System\txIVgex.exe
  2⤵
  PID:5944
- C:\Windows\System\LAmXwTC.exe
  C:\Windows\System\LAmXwTC.exe
  2⤵
  PID:5152
- C:\Windows\System\IpQHYMr.exe
  C:\Windows\System\IpQHYMr.exe
  2⤵
  PID:5148
- C:\Windows\System\bxEITuZ.exe
  C:\Windows\System\bxEITuZ.exe
  2⤵
  PID:5288
- C:\Windows\System\geXEMQW.exe
  C:\Windows\System\geXEMQW.exe
  2⤵
  PID:5720
- C:\Windows\System\VpuIqYR.exe
  C:\Windows\System\VpuIqYR.exe
  2⤵
  PID:4444
- C:\Windows\System\YVhvulI.exe
  C:\Windows\System\YVhvulI.exe
  2⤵
  PID:4608
- C:\Windows\System\dcSSPDV.exe
  C:\Windows\System\dcSSPDV.exe
  2⤵
  PID:5364
- C:\Windows\System\yuVRkXs.exe
  C:\Windows\System\yuVRkXs.exe
  2⤵
  PID:5764
- C:\Windows\System\XWORVrK.exe
  C:\Windows\System\XWORVrK.exe
  2⤵
  PID:6032
- C:\Windows\System\tfpRmbj.exe
  C:\Windows\System\tfpRmbj.exe
  2⤵
  PID:4968
- C:\Windows\System\leIdWlF.exe
  C:\Windows\System\leIdWlF.exe
  2⤵
  PID:5376
- C:\Windows\System\hmMqDTf.exe
  C:\Windows\System\hmMqDTf.exe
  2⤵
  PID:5592
- C:\Windows\System\JkVmnbu.exe
  C:\Windows\System\JkVmnbu.exe
  2⤵
  PID:5640
- C:\Windows\System\pukbckZ.exe
  C:\Windows\System\pukbckZ.exe
  2⤵
  PID:5912
- C:\Windows\System\tiToPnk.exe
  C:\Windows\System\tiToPnk.exe
  2⤵
  PID:5964
- C:\Windows\System\AABfVCb.exe
  C:\Windows\System\AABfVCb.exe
  2⤵
  PID:2648
- C:\Windows\System\rIXlqyx.exe
  C:\Windows\System\rIXlqyx.exe
  2⤵
  PID:4972
- C:\Windows\System\VYBLDHt.exe
  C:\Windows\System\VYBLDHt.exe
  2⤵
  PID:6012
- C:\Windows\System\usKiScd.exe
  C:\Windows\System\usKiScd.exe
  2⤵
  PID:5536
- C:\Windows\System\fQMJkby.exe
  C:\Windows\System\fQMJkby.exe
  2⤵
  PID:5240
- C:\Windows\System\spWMYct.exe
  C:\Windows\System\spWMYct.exe
  2⤵
  PID:5888
- C:\Windows\System\eQRvhQA.exe
  C:\Windows\System\eQRvhQA.exe
  2⤵
  PID:5400
- C:\Windows\System\WwVMyvk.exe
  C:\Windows\System\WwVMyvk.exe
  2⤵
  PID:5348
- C:\Windows\System\dZEkiGz.exe
  C:\Windows\System\dZEkiGz.exe
  2⤵
  PID:5428
- C:\Windows\System\PLXqtjh.exe
  C:\Windows\System\PLXqtjh.exe
  2⤵
  PID:5500
- C:\Windows\System\RruVuIH.exe
  C:\Windows\System\RruVuIH.exe
  2⤵
  PID:4704
- C:\Windows\System\iOTMKle.exe
  C:\Windows\System\iOTMKle.exe
  2⤵
  PID:5168
- C:\Windows\System\cVGvwHL.exe
  C:\Windows\System\cVGvwHL.exe
  2⤵
  PID:6064
- C:\Windows\System\VzfHZun.exe
  C:\Windows\System\VzfHZun.exe
  2⤵
  PID:2356
- C:\Windows\System\fTVQSdO.exe
  C:\Windows\System\fTVQSdO.exe
  2⤵
  PID:5796
- C:\Windows\System\tTEtoRf.exe
  C:\Windows\System\tTEtoRf.exe
  2⤵
  PID:5080
- C:\Windows\System\ATtOFVg.exe
  C:\Windows\System\ATtOFVg.exe
  2⤵
  PID:5516
- C:\Windows\System\fpaZBMb.exe
  C:\Windows\System\fpaZBMb.exe
  2⤵
  PID:5896
- C:\Windows\System\EPRauiO.exe
  C:\Windows\System\EPRauiO.exe
  2⤵
  PID:5836
- C:\Windows\System\nEBDZau.exe
  C:\Windows\System\nEBDZau.exe
  2⤵
  PID:5728
- C:\Windows\System\eOtgMlr.exe
  C:\Windows\System\eOtgMlr.exe
  2⤵
  PID:6052
- C:\Windows\System\SlZshUD.exe
  C:\Windows\System\SlZshUD.exe
  2⤵
  PID:6112
- C:\Windows\System\EBjZusE.exe
  C:\Windows\System\EBjZusE.exe
  2⤵
  PID:5324
- C:\Windows\System\fRiRieP.exe
  C:\Windows\System\fRiRieP.exe
  2⤵
  PID:6016
- C:\Windows\System\SRRcPto.exe
  C:\Windows\System\SRRcPto.exe
  2⤵
  PID:5940
- C:\Windows\System\pbbxDcz.exe
  C:\Windows\System\pbbxDcz.exe
  2⤵
  PID:5336
- C:\Windows\System\EPxjIKr.exe
  C:\Windows\System\EPxjIKr.exe
  2⤵
  PID:6028
- C:\Windows\System\LFbVjkh.exe
  C:\Windows\System\LFbVjkh.exe
  2⤵
  PID:2784
- C:\Windows\System\osjLqVo.exe
  C:\Windows\System\osjLqVo.exe
  2⤵
  PID:5708
- C:\Windows\System\mUGoSfA.exe
  C:\Windows\System\mUGoSfA.exe
  2⤵
  PID:5568
- C:\Windows\System\xRprQKg.exe
  C:\Windows\System\xRprQKg.exe
  2⤵
  PID:5200
- C:\Windows\System\zlUVkbm.exe
  C:\Windows\System\zlUVkbm.exe
  2⤵
  PID:5852
- C:\Windows\System\LKppgEf.exe
  C:\Windows\System\LKppgEf.exe
  2⤵
  PID:5124
- C:\Windows\System\RvSEnZH.exe
  C:\Windows\System\RvSEnZH.exe
  2⤵
  PID:5468
- C:\Windows\System\aqBwgGu.exe
  C:\Windows\System\aqBwgGu.exe
  2⤵
  PID:2584
- C:\Windows\System\OoYcJhO.exe
  C:\Windows\System\OoYcJhO.exe
  2⤵
  PID:5312
- C:\Windows\System\BikIhuH.exe
  C:\Windows\System\BikIhuH.exe
  2⤵
  PID:5924
- C:\Windows\System\RtjiXWo.exe
  C:\Windows\System\RtjiXWo.exe
  2⤵
  PID:6164
- C:\Windows\System\LVcKYkA.exe
  C:\Windows\System\LVcKYkA.exe
  2⤵
  PID:6188
- C:\Windows\System\zZditNZ.exe
  C:\Windows\System\zZditNZ.exe
  2⤵
  PID:6204
- C:\Windows\System\TusoYGa.exe
  C:\Windows\System\TusoYGa.exe
  2⤵
  PID:6220
- C:\Windows\System\PlLvqNc.exe
  C:\Windows\System\PlLvqNc.exe
  2⤵
  PID:6236
- C:\Windows\System\yOfXHme.exe
  C:\Windows\System\yOfXHme.exe
  2⤵
  PID:6260
- C:\Windows\System\gQfHreT.exe
  C:\Windows\System\gQfHreT.exe
  2⤵
  PID:6276
- C:\Windows\System\LTNAwpo.exe
  C:\Windows\System\LTNAwpo.exe
  2⤵
  PID:6316
- C:\Windows\System\cdEMYbR.exe
  C:\Windows\System\cdEMYbR.exe
  2⤵
  PID:6336
- C:\Windows\System\QgaNSNs.exe
  C:\Windows\System\QgaNSNs.exe
  2⤵
  PID:6352
- C:\Windows\System\bwCgnQt.exe
  C:\Windows\System\bwCgnQt.exe
  2⤵
  PID:6372
- C:\Windows\System\KCitYyN.exe
  C:\Windows\System\KCitYyN.exe
  2⤵
  PID:6388
- C:\Windows\System\cbIrWfo.exe
  C:\Windows\System\cbIrWfo.exe
  2⤵
  PID:6412
- C:\Windows\System\DaCGfjI.exe
  C:\Windows\System\DaCGfjI.exe
  2⤵
  PID:6436
- C:\Windows\System\CPsyEon.exe
  C:\Windows\System\CPsyEon.exe
  2⤵
  PID:6484
- C:\Windows\System\obwAOaQ.exe
  C:\Windows\System\obwAOaQ.exe
  2⤵
  PID:6512
- C:\Windows\System\XmEhLAV.exe
  C:\Windows\System\XmEhLAV.exe
  2⤵
  PID:6548
- C:\Windows\System\oAwegfl.exe
  C:\Windows\System\oAwegfl.exe
  2⤵
  PID:6564
- C:\Windows\System\Swkkkrd.exe
  C:\Windows\System\Swkkkrd.exe
  2⤵
  PID:6584
- C:\Windows\System\cngEnnB.exe
  C:\Windows\System\cngEnnB.exe
  2⤵
  PID:6600
- C:\Windows\System\sGOXtPR.exe
  C:\Windows\System\sGOXtPR.exe
  2⤵
  PID:6624
- C:\Windows\System\YiGbhlC.exe
  C:\Windows\System\YiGbhlC.exe
  2⤵
  PID:6728
- C:\Windows\System\LskHwbO.exe
  C:\Windows\System\LskHwbO.exe
  2⤵
  PID:6752
- C:\Windows\System\eZhGnrj.exe
  C:\Windows\System\eZhGnrj.exe
  2⤵
  PID:6772
- C:\Windows\System\sMsRluK.exe
  C:\Windows\System\sMsRluK.exe
  2⤵
  PID:6792
- C:\Windows\System\eIuKeNG.exe
  C:\Windows\System\eIuKeNG.exe
  2⤵
  PID:6808
- C:\Windows\System\ggumMXf.exe
  C:\Windows\System\ggumMXf.exe
  2⤵
  PID:6824
- C:\Windows\System\sWeiiqk.exe
  C:\Windows\System\sWeiiqk.exe
  2⤵
  PID:6840
- C:\Windows\System\ipspNEk.exe
  C:\Windows\System\ipspNEk.exe
  2⤵
  PID:6856
- C:\Windows\System\RvwcVNE.exe
  C:\Windows\System\RvwcVNE.exe
  2⤵
  PID:6872
- C:\Windows\System\nOfTYun.exe
  C:\Windows\System\nOfTYun.exe
  2⤵
  PID:6888
- C:\Windows\System\SDhsTEe.exe
  C:\Windows\System\SDhsTEe.exe
  2⤵
  PID:6904
- C:\Windows\System\ouqAskp.exe
  C:\Windows\System\ouqAskp.exe
  2⤵
  PID:6924
- C:\Windows\System\aDjGGCo.exe
  C:\Windows\System\aDjGGCo.exe
  2⤵
  PID:6944
- C:\Windows\System\DlYuCTG.exe
  C:\Windows\System\DlYuCTG.exe
  2⤵
  PID:6960
- C:\Windows\System\teRxZtI.exe
  C:\Windows\System\teRxZtI.exe
  2⤵
  PID:6976
- C:\Windows\System\zuHOSTG.exe
  C:\Windows\System\zuHOSTG.exe
  2⤵
  PID:6992
- C:\Windows\System\ZFiJhOW.exe
  C:\Windows\System\ZFiJhOW.exe
  2⤵
  PID:7020
- C:\Windows\System\abgzzGL.exe
  C:\Windows\System\abgzzGL.exe
  2⤵
  PID:7036
- C:\Windows\System\zJlMwhg.exe
  C:\Windows\System\zJlMwhg.exe
  2⤵
  PID:7060
- C:\Windows\System\yTtyoGd.exe
  C:\Windows\System\yTtyoGd.exe
  2⤵
  PID:7080
- C:\Windows\System\WKQgPjq.exe
  C:\Windows\System\WKQgPjq.exe
  2⤵
  PID:7100
- C:\Windows\System\DAKguJs.exe
  C:\Windows\System\DAKguJs.exe
  2⤵
  PID:7116
- C:\Windows\System\wHTbJQo.exe
  C:\Windows\System\wHTbJQo.exe
  2⤵
  PID:7144
- C:\Windows\System\WiHtzOB.exe
  C:\Windows\System\WiHtzOB.exe
  2⤵
  PID:7160
- C:\Windows\System\CCvCVJP.exe
  C:\Windows\System\CCvCVJP.exe
  2⤵
  PID:5792
- C:\Windows\System\zLzBBCS.exe
  C:\Windows\System\zLzBBCS.exe
  2⤵
  PID:6172
- C:\Windows\System\ersbiEf.exe
  C:\Windows\System\ersbiEf.exe
  2⤵
  PID:6148
- C:\Windows\System\xGcEAiC.exe
  C:\Windows\System\xGcEAiC.exe
  2⤵
  PID:4132
- C:\Windows\System\CWYRsdw.exe
  C:\Windows\System\CWYRsdw.exe
  2⤵
  PID:6268
- C:\Windows\System\pUMgSUO.exe
  C:\Windows\System\pUMgSUO.exe
  2⤵
  PID:6332
- C:\Windows\System\FPiTEav.exe
  C:\Windows\System\FPiTEav.exe
  2⤵
  PID:6368
- C:\Windows\System\aDAhDhU.exe
  C:\Windows\System\aDAhDhU.exe
  2⤵
  PID:6216
- C:\Windows\System\XUQkJSY.exe
  C:\Windows\System\XUQkJSY.exe
  2⤵
  PID:6292
- C:\Windows\System\djPwOSj.exe
  C:\Windows\System\djPwOSj.exe
  2⤵
  PID:6308
- C:\Windows\System\HImjhEQ.exe
  C:\Windows\System\HImjhEQ.exe
  2⤵
  PID:6380
- C:\Windows\System\HysRVpJ.exe
  C:\Windows\System\HysRVpJ.exe
  2⤵
  PID:6404
- C:\Windows\System\rXsESYi.exe
  C:\Windows\System\rXsESYi.exe
  2⤵
  PID:6428
- C:\Windows\System\GGIRCsT.exe
  C:\Windows\System\GGIRCsT.exe
  2⤵
  PID:6492
- C:\Windows\System\OPhihVx.exe
  C:\Windows\System\OPhihVx.exe
  2⤵
  PID:6468
- C:\Windows\System\WeZVNqy.exe
  C:\Windows\System\WeZVNqy.exe
  2⤵
  PID:6480
- C:\Windows\System\BTgGurH.exe
  C:\Windows\System\BTgGurH.exe
  2⤵
  PID:6532
- C:\Windows\System\jXfMptL.exe
  C:\Windows\System\jXfMptL.exe
  2⤵
  PID:6576
- C:\Windows\System\NSlJpsp.exe
  C:\Windows\System\NSlJpsp.exe
  2⤵
  PID:6612
- C:\Windows\System\FnkhWEb.exe
  C:\Windows\System\FnkhWEb.exe
  2⤵
  PID:6496
- C:\Windows\System\FWtpgqz.exe
  C:\Windows\System\FWtpgqz.exe
  2⤵
  PID:6644
- C:\Windows\System\pPiUEQW.exe
  C:\Windows\System\pPiUEQW.exe
  2⤵
  PID:6640
- C:\Windows\System\kMfZJjB.exe
  C:\Windows\System\kMfZJjB.exe
  2⤵
  PID:6688
- C:\Windows\System\LwTxIuT.exe
  C:\Windows\System\LwTxIuT.exe
  2⤵
  PID:6716
- C:\Windows\System\iNTHcur.exe
  C:\Windows\System\iNTHcur.exe
  2⤵
  PID:6744
- C:\Windows\System\OUEAhLp.exe
  C:\Windows\System\OUEAhLp.exe
  2⤵
  PID:6784
- C:\Windows\System\cJCtryY.exe
  C:\Windows\System\cJCtryY.exe
  2⤵
  PID:6704
- C:\Windows\System\UPlJLTL.exe
  C:\Windows\System\UPlJLTL.exe
  2⤵
  PID:6884
- C:\Windows\System\qKJPYUF.exe
  C:\Windows\System\qKJPYUF.exe
  2⤵
  PID:6916
- C:\Windows\System\ptBuGhv.exe
  C:\Windows\System\ptBuGhv.exe
  2⤵
  PID:6956
- C:\Windows\System\pCjnddG.exe
  C:\Windows\System\pCjnddG.exe
  2⤵
  PID:6900
- C:\Windows\System\ZacfnYO.exe
  C:\Windows\System\ZacfnYO.exe
  2⤵
  PID:6832
- C:\Windows\System\cgMnNNd.exe
  C:\Windows\System\cgMnNNd.exe
  2⤵
  PID:7032
- C:\Windows\System\WQwfGGf.exe
  C:\Windows\System\WQwfGGf.exe
  2⤵
  PID:6936
- C:\Windows\System\kPrqxOh.exe
  C:\Windows\System\kPrqxOh.exe
  2⤵
  PID:7044
- C:\Windows\System\LFthMMG.exe
  C:\Windows\System\LFthMMG.exe
  2⤵
  PID:7068
- C:\Windows\System\zDjNxLt.exe
  C:\Windows\System\zDjNxLt.exe
  2⤵
  PID:7108
- C:\Windows\System\WgwzTnf.exe
  C:\Windows\System\WgwzTnf.exe
  2⤵
  PID:6048
- C:\Windows\System\JSThTiy.exe
  C:\Windows\System\JSThTiy.exe
  2⤵
  PID:6328
- C:\Windows\System\pxjBexA.exe
  C:\Windows\System\pxjBexA.exe
  2⤵
  PID:7128
- C:\Windows\System\IjGXUSe.exe
  C:\Windows\System\IjGXUSe.exe
  2⤵
  PID:5296
- C:\Windows\System\UdPvnBp.exe
  C:\Windows\System\UdPvnBp.exe
  2⤵
  PID:6248
- C:\Windows\System\jXGPEoS.exe
  C:\Windows\System\jXGPEoS.exe
  2⤵
  PID:6304
- C:\Windows\System\oVNrMAb.exe
  C:\Windows\System\oVNrMAb.exe
  2⤵
  PID:6456
- C:\Windows\System\nKSaxbd.exe
  C:\Windows\System\nKSaxbd.exe
  2⤵
  PID:6540
- C:\Windows\System\npuLuNV.exe
  C:\Windows\System\npuLuNV.exe
  2⤵
  PID:6444
- C:\Windows\System\qGaYgXi.exe
  C:\Windows\System\qGaYgXi.exe
  2⤵
  PID:6556
- C:\Windows\System\leKSioa.exe
  C:\Windows\System\leKSioa.exe
  2⤵
  PID:6696
- C:\Windows\System\mfezOZx.exe
  C:\Windows\System\mfezOZx.exe
  2⤵
  PID:6692
- C:\Windows\System\BSoXlQG.exe
  C:\Windows\System\BSoXlQG.exe
  2⤵
  PID:6672
- C:\Windows\System\CWXcsbY.exe
  C:\Windows\System\CWXcsbY.exe
  2⤵
  PID:6820
- C:\Windows\System\NkNepkT.exe
  C:\Windows\System\NkNepkT.exe
  2⤵
  PID:6988
- C:\Windows\System\NhPINrf.exe
  C:\Windows\System\NhPINrf.exe
  2⤵
  PID:6864
- C:\Windows\System\bZYsUAQ.exe
  C:\Windows\System\bZYsUAQ.exe
  2⤵
  PID:6836
- C:\Windows\System\IciJIYu.exe
  C:\Windows\System\IciJIYu.exe
  2⤵
  PID:7016
- C:\Windows\System\bFfvtIW.exe
  C:\Windows\System\bFfvtIW.exe
  2⤵
  PID:7112
- C:\Windows\System\ySwkoHa.exe
  C:\Windows\System\ySwkoHa.exe
  2⤵
  PID:7092
- C:\Windows\System\XysiBLh.exe
  C:\Windows\System\XysiBLh.exe
  2⤵
  PID:6324
- C:\Windows\System\mdsyOdk.exe
  C:\Windows\System\mdsyOdk.exe
  2⤵
  PID:6364
- C:\Windows\System\hdRQQFX.exe
  C:\Windows\System\hdRQQFX.exe
  2⤵
  PID:5472
- C:\Windows\System\sghwmgB.exe
  C:\Windows\System\sghwmgB.exe
  2⤵
  PID:6572
- C:\Windows\System\xEGEvrI.exe
  C:\Windows\System\xEGEvrI.exe
  2⤵
  PID:6288
- C:\Windows\System\CWHreAq.exe
  C:\Windows\System\CWHreAq.exe
  2⤵
  PID:6476
- C:\Windows\System\ljdBuqm.exe
  C:\Windows\System\ljdBuqm.exe
  2⤵
  PID:6544
- C:\Windows\System\ujEtwGd.exe
  C:\Windows\System\ujEtwGd.exe
  2⤵
  PID:6656
- C:\Windows\System\AtfNgSE.exe
  C:\Windows\System\AtfNgSE.exe
  2⤵
  PID:6664
- C:\Windows\System\ODfvagp.exe
  C:\Windows\System\ODfvagp.exe
  2⤵
  PID:6736
- C:\Windows\System\mGLfTse.exe
  C:\Windows\System\mGLfTse.exe
  2⤵
  PID:6852
- C:\Windows\System\QTFYbok.exe
  C:\Windows\System\QTFYbok.exe
  2⤵
  PID:6968
- C:\Windows\System\QyurMcI.exe
  C:\Windows\System\QyurMcI.exe
  2⤵
  PID:6160
- C:\Windows\System\fWKnazT.exe
  C:\Windows\System\fWKnazT.exe
  2⤵
  PID:6524
- C:\Windows\System\naaCGgM.exe
  C:\Windows\System\naaCGgM.exe
  2⤵
  PID:6652
- C:\Windows\System\xNuImpT.exe
  C:\Windows\System\xNuImpT.exe
  2⤵
  PID:6972
- C:\Windows\System\xWqCFcG.exe
  C:\Windows\System\xWqCFcG.exe
  2⤵
  PID:7008
- C:\Windows\System\GwGYBkr.exe
  C:\Windows\System\GwGYBkr.exe
  2⤵
  PID:6232
- C:\Windows\System\jCVMAcP.exe
  C:\Windows\System\jCVMAcP.exe
  2⤵
  PID:6384
- C:\Windows\System\MwMHXzv.exe
  C:\Windows\System\MwMHXzv.exe
  2⤵
  PID:7392
- C:\Windows\System\RQABqHW.exe
  C:\Windows\System\RQABqHW.exe
  2⤵
  PID:7408
- C:\Windows\System\LxkFjZw.exe
  C:\Windows\System\LxkFjZw.exe
  2⤵
  PID:7424
- C:\Windows\System\gFFKpcM.exe
  C:\Windows\System\gFFKpcM.exe
  2⤵
  PID:7440
- C:\Windows\System\ybxLXYQ.exe
  C:\Windows\System\ybxLXYQ.exe
  2⤵
  PID:7456
- C:\Windows\System\bIKzFZR.exe
  C:\Windows\System\bIKzFZR.exe
  2⤵
  PID:7472
- C:\Windows\System\AVMDzgJ.exe
  C:\Windows\System\AVMDzgJ.exe
  2⤵
  PID:7496
- C:\Windows\System\wdITdls.exe
  C:\Windows\System\wdITdls.exe
  2⤵
  PID:7516
- C:\Windows\System\HSbQahu.exe
  C:\Windows\System\HSbQahu.exe
  2⤵
  PID:7532
- C:\Windows\System\gdNWhcn.exe
  C:\Windows\System\gdNWhcn.exe
  2⤵
  PID:7556
- C:\Windows\System\oDFsPsW.exe
  C:\Windows\System\oDFsPsW.exe
  2⤵
  PID:7572
- C:\Windows\System\XOMjAIR.exe
  C:\Windows\System\XOMjAIR.exe
  2⤵
  PID:7592
- C:\Windows\System\VDnVlku.exe
  C:\Windows\System\VDnVlku.exe
  2⤵
  PID:7616
- C:\Windows\System\PpPwHMH.exe
  C:\Windows\System\PpPwHMH.exe
  2⤵
  PID:7636
- C:\Windows\System\tCcXkxo.exe
  C:\Windows\System\tCcXkxo.exe
  2⤵
  PID:7664
- C:\Windows\System\OHxEDKe.exe
  C:\Windows\System\OHxEDKe.exe
  2⤵
  PID:7684
- C:\Windows\System\cQPFENS.exe
  C:\Windows\System\cQPFENS.exe
  2⤵
  PID:7700
- C:\Windows\System\jtpozrx.exe
  C:\Windows\System\jtpozrx.exe
  2⤵
  PID:7724
- C:\Windows\System\HPDoSAI.exe
  C:\Windows\System\HPDoSAI.exe
  2⤵
  PID:7744
- C:\Windows\System\rtYHdui.exe
  C:\Windows\System\rtYHdui.exe
  2⤵
  PID:7932
- C:\Windows\System\nbYoYOA.exe
  C:\Windows\System\nbYoYOA.exe
  2⤵
  PID:7948
- C:\Windows\System\FqSGoDL.exe
  C:\Windows\System\FqSGoDL.exe
  2⤵
  PID:7964
- C:\Windows\System\dnngSDJ.exe
  C:\Windows\System\dnngSDJ.exe
  2⤵
  PID:7980
- C:\Windows\System\RlNrBbl.exe
  C:\Windows\System\RlNrBbl.exe
  2⤵
  PID:7996
- C:\Windows\System\zSjSfUZ.exe
  C:\Windows\System\zSjSfUZ.exe
  2⤵
  PID:8012
- C:\Windows\System\bwFXtWs.exe
  C:\Windows\System\bwFXtWs.exe
  2⤵
  PID:8032
- C:\Windows\System\YvpZeZF.exe
  C:\Windows\System\YvpZeZF.exe
  2⤵
  PID:8048
- C:\Windows\System\aVKcuNS.exe
  C:\Windows\System\aVKcuNS.exe
  2⤵
  PID:8064
- C:\Windows\System\yOOGDvv.exe
  C:\Windows\System\yOOGDvv.exe
  2⤵
  PID:8080
- C:\Windows\System\vvKfKrA.exe
  C:\Windows\System\vvKfKrA.exe
  2⤵
  PID:8096
- C:\Windows\System\ZspEoHp.exe
  C:\Windows\System\ZspEoHp.exe
  2⤵
  PID:8112
- C:\Windows\System\TbWcjeq.exe
  C:\Windows\System\TbWcjeq.exe
  2⤵
  PID:8128
- C:\Windows\System\RfiTzcg.exe
  C:\Windows\System\RfiTzcg.exe
  2⤵
  PID:8148
- C:\Windows\System\aSvinhK.exe
  C:\Windows\System\aSvinhK.exe
  2⤵
  PID:8172
- C:\Windows\System\GEBNiDJ.exe
  C:\Windows\System\GEBNiDJ.exe
  2⤵
  PID:6608
- C:\Windows\System\tbAgBtz.exe
  C:\Windows\System\tbAgBtz.exe
  2⤵
  PID:7152
- C:\Windows\System\mljJEaz.exe
  C:\Windows\System\mljJEaz.exe
  2⤵
  PID:6348
- C:\Windows\System\BXQBDtz.exe
  C:\Windows\System\BXQBDtz.exe
  2⤵
  PID:7328
- C:\Windows\System\ptegLIu.exe
  C:\Windows\System\ptegLIu.exe
  2⤵
  PID:7344
- C:\Windows\System\hzWvqbK.exe
  C:\Windows\System\hzWvqbK.exe
  2⤵
  PID:7360
- C:\Windows\System\xMEwnUJ.exe
  C:\Windows\System\xMEwnUJ.exe
  2⤵
  PID:7400
- C:\Windows\System\UppfnXs.exe
  C:\Windows\System\UppfnXs.exe
  2⤵
  PID:7468
- C:\Windows\System\UcdMQjZ.exe
  C:\Windows\System\UcdMQjZ.exe
  2⤵
  PID:7512
- C:\Windows\System\HDlMmrG.exe
  C:\Windows\System\HDlMmrG.exe
  2⤵
  PID:7552
- C:\Windows\System\eklKzHE.exe
  C:\Windows\System\eklKzHE.exe
  2⤵
  PID:7568
- C:\Windows\System\aaLyXDI.exe
  C:\Windows\System\aaLyXDI.exe
  2⤵
  PID:7628
- C:\Windows\System\mtFtOun.exe
  C:\Windows\System\mtFtOun.exe
  2⤵
  PID:7644
- C:\Windows\System\uIMcccT.exe
  C:\Windows\System\uIMcccT.exe
  2⤵
  PID:7656
- C:\Windows\System\DGmMjtQ.exe
  C:\Windows\System\DGmMjtQ.exe
  2⤵
  PID:7712
- C:\Windows\System\zsuxJWH.exe
  C:\Windows\System\zsuxJWH.exe
  2⤵
  PID:7680
- C:\Windows\System\DWHxLrQ.exe
  C:\Windows\System\DWHxLrQ.exe
  2⤵
  PID:7760
- C:\Windows\System\RrtOgUi.exe
  C:\Windows\System\RrtOgUi.exe
  2⤵
  PID:7792
- C:\Windows\System\IRUfmkh.exe
  C:\Windows\System\IRUfmkh.exe
  2⤵
  PID:7808
- C:\Windows\System\IkPcopr.exe
  C:\Windows\System\IkPcopr.exe
  2⤵
  PID:7820
- C:\Windows\System\zzPoxmb.exe
  C:\Windows\System\zzPoxmb.exe
  2⤵
  PID:7920
- C:\Windows\System\ZfoxOJr.exe
  C:\Windows\System\ZfoxOJr.exe
  2⤵
  PID:8020
- C:\Windows\System\tPUNZEj.exe
  C:\Windows\System\tPUNZEj.exe
  2⤵
  PID:8156
- C:\Windows\System\HEpPpRJ.exe
  C:\Windows\System\HEpPpRJ.exe
  2⤵
  PID:7944
- C:\Windows\System\XoqCQIJ.exe
  C:\Windows\System\XoqCQIJ.exe
  2⤵
  PID:8076
- C:\Windows\System\ohFPuos.exe
  C:\Windows\System\ohFPuos.exe
  2⤵
  PID:7180
- C:\Windows\System\kVfuXDL.exe
  C:\Windows\System\kVfuXDL.exe
  2⤵
  PID:7200
- C:\Windows\System\WrsmMty.exe
  C:\Windows\System\WrsmMty.exe
  2⤵
  PID:8180
- C:\Windows\System\SXjecit.exe
  C:\Windows\System\SXjecit.exe
  2⤵
  PID:7220
- C:\Windows\System\xYBmGxx.exe
  C:\Windows\System\xYBmGxx.exe
  2⤵
  PID:7232
- C:\Windows\System\OtJGBgP.exe
  C:\Windows\System\OtJGBgP.exe
  2⤵
  PID:6912
- C:\Windows\System\MkGmowt.exe
  C:\Windows\System\MkGmowt.exe
  2⤵
  PID:7248
- C:\Windows\System\qurHFVX.exe
  C:\Windows\System\qurHFVX.exe
  2⤵
  PID:7252
- C:\Windows\System\ZrbQLkp.exe
  C:\Windows\System\ZrbQLkp.exe
  2⤵
  PID:7076
- C:\Windows\System\wQGORwz.exe
  C:\Windows\System\wQGORwz.exe
  2⤵
  PID:7276
- C:\Windows\System\kaAZsgA.exe
  C:\Windows\System\kaAZsgA.exe
  2⤵
  PID:7300
- C:\Windows\System\oHjuTdd.exe
  C:\Windows\System\oHjuTdd.exe
  2⤵
  PID:7316
- C:\Windows\System\tmfnZuN.exe
  C:\Windows\System\tmfnZuN.exe
  2⤵
  PID:7624
- C:\Windows\System\AKWAvdk.exe
  C:\Windows\System\AKWAvdk.exe
  2⤵
  PID:7752
- C:\Windows\System\zbVJMJr.exe
  C:\Windows\System\zbVJMJr.exe
  2⤵
  PID:7564
- C:\Windows\System\BAuSYFv.exe
  C:\Windows\System\BAuSYFv.exe
  2⤵
  PID:7608
- C:\Windows\System\bAjTmUO.exe
  C:\Windows\System\bAjTmUO.exe
  2⤵
  PID:7676
- C:\Windows\System\eqCCuTi.exe
  C:\Windows\System\eqCCuTi.exe
  2⤵
  PID:7840
- C:\Windows\System\tEyGFce.exe
  C:\Windows\System\tEyGFce.exe
  2⤵
  PID:7872
- C:\Windows\System\nEEqbtS.exe
  C:\Windows\System\nEEqbtS.exe
  2⤵
  PID:7860
- C:\Windows\System\utMNvRi.exe
  C:\Windows\System\utMNvRi.exe
  2⤵
  PID:7856
- C:\Windows\System\vuxALgi.exe
  C:\Windows\System\vuxALgi.exe
  2⤵
  PID:7888
- C:\Windows\System\ltKzvvF.exe
  C:\Windows\System\ltKzvvF.exe
  2⤵
  PID:7904
- C:\Windows\System\yWzDKzj.exe
  C:\Windows\System\yWzDKzj.exe
  2⤵
  PID:7916
- C:\Windows\System\orqNGnu.exe
  C:\Windows\System\orqNGnu.exe
  2⤵
  PID:8072
- C:\Windows\System\VBsTPDs.exe
  C:\Windows\System\VBsTPDs.exe
  2⤵
  PID:7140
- C:\Windows\System\qCTVRoY.exe
  C:\Windows\System\qCTVRoY.exe
  2⤵
  PID:7332
- C:\Windows\System\RCEGehE.exe
  C:\Windows\System\RCEGehE.exe
  2⤵
  PID:6880
- C:\Windows\System\ZHkYiqc.exe
  C:\Windows\System\ZHkYiqc.exe
  2⤵
  PID:6660
- C:\Windows\System\nsVfUTX.exe
  C:\Windows\System\nsVfUTX.exe
  2⤵
  PID:8120
- C:\Windows\System\MELnkuZ.exe
  C:\Windows\System\MELnkuZ.exe
  2⤵
  PID:7272
- C:\Windows\System\BBeMmoR.exe
  C:\Windows\System\BBeMmoR.exe
  2⤵
  PID:7292
- C:\Windows\System\nsmrEeq.exe
  C:\Windows\System\nsmrEeq.exe
  2⤵
  PID:7464
- C:\Windows\System\GuZDOTF.exe
  C:\Windows\System\GuZDOTF.exe
  2⤵
  PID:7508
- C:\Windows\System\cWTwxsx.exe
  C:\Windows\System\cWTwxsx.exe
  2⤵
  PID:7388
- C:\Windows\System\ixhiBwK.exe
  C:\Windows\System\ixhiBwK.exe
  2⤵
  PID:7588
- C:\Windows\System\QXiDSkJ.exe
  C:\Windows\System\QXiDSkJ.exe
  2⤵
  PID:7492
- C:\Windows\System\Xnrwvit.exe
  C:\Windows\System\Xnrwvit.exe
  2⤵
  PID:7780
- C:\Windows\System\dLuFmaf.exe
  C:\Windows\System\dLuFmaf.exe
  2⤵
  PID:7612
- C:\Windows\System\UvnEwbK.exe
  C:\Windows\System\UvnEwbK.exe
  2⤵
  PID:7908
- C:\Windows\System\wLpLTbE.exe
  C:\Windows\System\wLpLTbE.exe
  2⤵
  PID:7848
- C:\Windows\System\sFLqSKS.exe
  C:\Windows\System\sFLqSKS.exe
  2⤵
  PID:7756
- C:\Windows\System\ITAaxqN.exe
  C:\Windows\System\ITAaxqN.exe
  2⤵
  PID:7896
- C:\Windows\System\NHnJUuw.exe
  C:\Windows\System\NHnJUuw.exe
  2⤵
  PID:8008
- C:\Windows\System\HFnLMeO.exe
  C:\Windows\System\HFnLMeO.exe
  2⤵
  PID:8140
- C:\Windows\System\NKyUmYe.exe
  C:\Windows\System\NKyUmYe.exe
  2⤵
  PID:6804
- C:\Windows\System\RcoWxDf.exe
  C:\Windows\System\RcoWxDf.exe
  2⤵
  PID:8040
- C:\Windows\System\LOINIJx.exe
  C:\Windows\System\LOINIJx.exe
  2⤵
  PID:7280
- C:\Windows\System\TZcpNow.exe
  C:\Windows\System\TZcpNow.exe
  2⤵
  PID:7436
- C:\Windows\System\QcqGCcG.exe
  C:\Windows\System\QcqGCcG.exe
  2⤵
  PID:7336
- C:\Windows\System\gQxKpDE.exe
  C:\Windows\System\gQxKpDE.exe
  2⤵
  PID:7732
- C:\Windows\System\NUMgopR.exe
  C:\Windows\System\NUMgopR.exe
  2⤵
  PID:7992
- C:\Windows\System\qYHTEbU.exe
  C:\Windows\System\qYHTEbU.exe
  2⤵
  PID:8004
- C:\Windows\System\JYdOepV.exe
  C:\Windows\System\JYdOepV.exe
  2⤵
  PID:8124
- C:\Windows\System\xkguNbh.exe
  C:\Windows\System\xkguNbh.exe
  2⤵
  PID:7352
- C:\Windows\System\OXGOEFY.exe
  C:\Windows\System\OXGOEFY.exe
  2⤵
  PID:7940
- C:\Windows\System\wvJzMrF.exe
  C:\Windows\System\wvJzMrF.exe
  2⤵
  PID:8204
- C:\Windows\System\luPfBtB.exe
  C:\Windows\System\luPfBtB.exe
  2⤵
  PID:8220
- C:\Windows\System\qEeNsAL.exe
  C:\Windows\System\qEeNsAL.exe
  2⤵
  PID:8236
- C:\Windows\System\UulYyNU.exe
  C:\Windows\System\UulYyNU.exe
  2⤵
  PID:8260
- C:\Windows\System\aNNxBOV.exe
  C:\Windows\System\aNNxBOV.exe
  2⤵
  PID:8276
- C:\Windows\System\vPJiJud.exe
  C:\Windows\System\vPJiJud.exe
  2⤵
  PID:8304
- C:\Windows\System\eJOQLsx.exe
  C:\Windows\System\eJOQLsx.exe
  2⤵
  PID:8324
- C:\Windows\System\KbAAJcX.exe
  C:\Windows\System\KbAAJcX.exe
  2⤵
  PID:8340
- C:\Windows\System\RAFNZOW.exe
  C:\Windows\System\RAFNZOW.exe
  2⤵
  PID:8384
- C:\Windows\System\BGTLoOP.exe
  C:\Windows\System\BGTLoOP.exe
  2⤵
  PID:8400
- C:\Windows\System\yZRVHOw.exe
  C:\Windows\System\yZRVHOw.exe
  2⤵
  PID:8416
- C:\Windows\System\VKmYUpu.exe
  C:\Windows\System\VKmYUpu.exe
  2⤵
  PID:8432
- C:\Windows\System\QvMjdDS.exe
  C:\Windows\System\QvMjdDS.exe
  2⤵
  PID:8448
- C:\Windows\System\PGWZazi.exe
  C:\Windows\System\PGWZazi.exe
  2⤵
  PID:8464
- C:\Windows\System\nlRTIGr.exe
  C:\Windows\System\nlRTIGr.exe
  2⤵
  PID:8480
- C:\Windows\System\DkAbjYg.exe
  C:\Windows\System\DkAbjYg.exe
  2⤵
  PID:8496
- C:\Windows\System\yZRHkmV.exe
  C:\Windows\System\yZRHkmV.exe
  2⤵
  PID:8512
- C:\Windows\System\haKQbse.exe
  C:\Windows\System\haKQbse.exe
  2⤵
  PID:8528
- C:\Windows\System\UuEZwPU.exe
  C:\Windows\System\UuEZwPU.exe
  2⤵
  PID:8544
- C:\Windows\System\syAdxsn.exe
  C:\Windows\System\syAdxsn.exe
  2⤵
  PID:8592
- C:\Windows\System\PQeasjz.exe
  C:\Windows\System\PQeasjz.exe
  2⤵
  PID:8608
- C:\Windows\System\WeCYRgM.exe
  C:\Windows\System\WeCYRgM.exe
  2⤵
  PID:8628
- C:\Windows\System\KsWttEq.exe
  C:\Windows\System\KsWttEq.exe
  2⤵
  PID:8656
- C:\Windows\System\daDyiFe.exe
  C:\Windows\System\daDyiFe.exe
  2⤵
  PID:8680
- C:\Windows\System\zOaDXdW.exe
  C:\Windows\System\zOaDXdW.exe
  2⤵
  PID:8704
- C:\Windows\System\FKktjZb.exe
  C:\Windows\System\FKktjZb.exe
  2⤵
  PID:8720
- C:\Windows\System\GpMPrUD.exe
  C:\Windows\System\GpMPrUD.exe
  2⤵
  PID:8744
- C:\Windows\System\kFlmIDI.exe
  C:\Windows\System\kFlmIDI.exe
  2⤵
  PID:8764
- C:\Windows\System\BBupzXE.exe
  C:\Windows\System\BBupzXE.exe
  2⤵
  PID:8792
- C:\Windows\System\OQccngJ.exe
  C:\Windows\System\OQccngJ.exe
  2⤵
  PID:8816
- C:\Windows\System\vYEfVpx.exe
  C:\Windows\System\vYEfVpx.exe
  2⤵
  PID:8832
- C:\Windows\System\gWNVPuP.exe
  C:\Windows\System\gWNVPuP.exe
  2⤵
  PID:8848
- C:\Windows\System\pdJKxAF.exe
  C:\Windows\System\pdJKxAF.exe
  2⤵
  PID:8864
- C:\Windows\System\cIeEZgp.exe
  C:\Windows\System\cIeEZgp.exe
  2⤵
  PID:8880
- C:\Windows\System\tjASvFT.exe
  C:\Windows\System\tjASvFT.exe
  2⤵
  PID:8896
- C:\Windows\System\eiOOcyr.exe
  C:\Windows\System\eiOOcyr.exe
  2⤵
  PID:8912
- C:\Windows\System\HiDAIMt.exe
  C:\Windows\System\HiDAIMt.exe
  2⤵
  PID:8928
- C:\Windows\System\vJcErAV.exe
  C:\Windows\System\vJcErAV.exe
  2⤵
  PID:8960
- C:\Windows\System\tTyAKTl.exe
  C:\Windows\System\tTyAKTl.exe
  2⤵
  PID:8980
- C:\Windows\System\ItWhmem.exe
  C:\Windows\System\ItWhmem.exe
  2⤵
  PID:9000
- C:\Windows\System\haiQgBO.exe
  C:\Windows\System\haiQgBO.exe
  2⤵
  PID:9016
- C:\Windows\System\FcGHtTd.exe
  C:\Windows\System\FcGHtTd.exe
  2⤵
  PID:9040
- C:\Windows\System\XUkhUVv.exe
  C:\Windows\System\XUkhUVv.exe
  2⤵
  PID:9056
- C:\Windows\System\YWWkdqX.exe
  C:\Windows\System\YWWkdqX.exe
  2⤵
  PID:9080
- C:\Windows\System\rVVRZxy.exe
  C:\Windows\System\rVVRZxy.exe
  2⤵
  PID:9112
- C:\Windows\System\kAyahBu.exe
  C:\Windows\System\kAyahBu.exe
  2⤵
  PID:9128
- C:\Windows\System\FLNRUCW.exe
  C:\Windows\System\FLNRUCW.exe
  2⤵
  PID:9144
- C:\Windows\System\cUYqSun.exe
  C:\Windows\System\cUYqSun.exe
  2⤵
  PID:9160
- C:\Windows\System\gfuWSUL.exe
  C:\Windows\System\gfuWSUL.exe
  2⤵
  PID:9176
- C:\Windows\System\wnzZMKD.exe
  C:\Windows\System\wnzZMKD.exe
  2⤵
  PID:9192
- C:\Windows\System\gzCmnuz.exe
  C:\Windows\System\gzCmnuz.exe
  2⤵
  PID:9208
- C:\Windows\System\lSciXpY.exe
  C:\Windows\System\lSciXpY.exe
  2⤵
  PID:8228
- C:\Windows\System\vTvBFRv.exe
  C:\Windows\System\vTvBFRv.exe
  2⤵
  PID:7832
- C:\Windows\System\JToVkZj.exe
  C:\Windows\System\JToVkZj.exe
  2⤵
  PID:7548
- C:\Windows\System\bjTiCJq.exe
  C:\Windows\System\bjTiCJq.exe
  2⤵
  PID:7836
- C:\Windows\System\YhqtrkP.exe
  C:\Windows\System\YhqtrkP.exe
  2⤵
  PID:7864
- C:\Windows\System\gSownSG.exe
  C:\Windows\System\gSownSG.exe
  2⤵
  PID:7852
- C:\Windows\System\kBptNUW.exe
  C:\Windows\System\kBptNUW.exe
  2⤵
  PID:7196
- C:\Windows\System\jkzwAzZ.exe
  C:\Windows\System\jkzwAzZ.exe
  2⤵
  PID:7448
- C:\Windows\System\pDvEYmX.exe
  C:\Windows\System\pDvEYmX.exe
  2⤵
  PID:8136
- C:\Windows\System\jvdgwZO.exe
  C:\Windows\System\jvdgwZO.exe
  2⤵
  PID:8244
- C:\Windows\System\ApxsUmK.exe
  C:\Windows\System\ApxsUmK.exe
  2⤵
  PID:8352
- C:\Windows\System\nTfAAVm.exe
  C:\Windows\System\nTfAAVm.exe
  2⤵
  PID:8360
- C:\Windows\System\KKAphAs.exe
  C:\Windows\System\KKAphAs.exe
  2⤵
  PID:8364
- C:\Windows\System\UzeOOQY.exe
  C:\Windows\System\UzeOOQY.exe
  2⤵
  PID:8412
- C:\Windows\System\rzNCAxX.exe
  C:\Windows\System\rzNCAxX.exe
  2⤵
  PID:8508
- C:\Windows\System\uWItwLw.exe
  C:\Windows\System\uWItwLw.exe
  2⤵
  PID:8460
- C:\Windows\System\RlbiUbQ.exe
  C:\Windows\System\RlbiUbQ.exe
  2⤵
  PID:8552
- C:\Windows\System\VihhJyI.exe
  C:\Windows\System\VihhJyI.exe
  2⤵
  PID:8696
- C:\Windows\System\tqyULhe.exe
  C:\Windows\System\tqyULhe.exe
  2⤵
  PID:8712
- C:\Windows\System\VGMRgMg.exe
  C:\Windows\System\VGMRgMg.exe
  2⤵
  PID:8756
- C:\Windows\System\OnaBXov.exe
  C:\Windows\System\OnaBXov.exe
  2⤵
  PID:8772
- C:\Windows\System\SzWcyeH.exe
  C:\Windows\System\SzWcyeH.exe
  2⤵
  PID:8788
- C:\Windows\System\tlDqFnN.exe
  C:\Windows\System\tlDqFnN.exe
  2⤵
  PID:8828
- C:\Windows\System\FVZDqDm.exe
  C:\Windows\System\FVZDqDm.exe
  2⤵
  PID:8892
- C:\Windows\System\hFZXzWW.exe
  C:\Windows\System\hFZXzWW.exe
  2⤵
  PID:8808
- C:\Windows\System\GPPKlMD.exe
  C:\Windows\System\GPPKlMD.exe
  2⤵
  PID:7652
- C:\Windows\System\JOuVVoU.exe
  C:\Windows\System\JOuVVoU.exe
  2⤵
  PID:7528
- C:\Windows\System\zhleKyI.exe
  C:\Windows\System\zhleKyI.exe
  2⤵
  PID:7504
- C:\Windows\System\XbxnhUu.exe
  C:\Windows\System\XbxnhUu.exe
  2⤵
  PID:6768
- C:\Windows\System\cDVeedY.exe
  C:\Windows\System\cDVeedY.exe
  2⤵
  PID:8356
- C:\Windows\System\AKtcNcf.exe
  C:\Windows\System\AKtcNcf.exe
  2⤵
  PID:8332
- C:\Windows\System\VvAckRq.exe
  C:\Windows\System\VvAckRq.exe
  2⤵
  PID:8296
- C:\Windows\System\UvKFVxB.exe
  C:\Windows\System\UvKFVxB.exe
  2⤵
  PID:8376
- C:\Windows\System\APgYPLz.exe
  C:\Windows\System\APgYPLz.exe
  2⤵
  PID:8560
- C:\Windows\System\kdwhSrQ.exe
  C:\Windows\System\kdwhSrQ.exe
  2⤵
  PID:8472
- C:\Windows\System\WhkuIts.exe
  C:\Windows\System\WhkuIts.exe
  2⤵
  PID:8568
- C:\Windows\System\rGaiUxC.exe
  C:\Windows\System\rGaiUxC.exe
  2⤵
  PID:8636
- C:\Windows\System\ELXwRgZ.exe
  C:\Windows\System\ELXwRgZ.exe
  2⤵
  PID:8652
- C:\Windows\System\qoFkEnC.exe
  C:\Windows\System\qoFkEnC.exe
  2⤵
  PID:8672
- C:\Windows\System\IkVausR.exe
  C:\Windows\System\IkVausR.exe
  2⤵
  PID:8780
- C:\Windows\System\GFOafXd.exe
  C:\Windows\System\GFOafXd.exe
  2⤵
  PID:8784
- C:\Windows\System\ByTofhm.exe
  C:\Windows\System\ByTofhm.exe
  2⤵
  PID:8920
- C:\Windows\System\YBsUqun.exe
  C:\Windows\System\YBsUqun.exe
  2⤵
  PID:8876
- C:\Windows\System\mXEHgIM.exe
  C:\Windows\System\mXEHgIM.exe
  2⤵
  PID:8940
- C:\Windows\System\ksPWtQI.exe
  C:\Windows\System\ksPWtQI.exe
  2⤵
  PID:8956
- C:\Windows\System\juxdGIu.exe
  C:\Windows\System\juxdGIu.exe
  2⤵
  PID:8992
- C:\Windows\System\ackkFpH.exe
  C:\Windows\System\ackkFpH.exe
  2⤵
  PID:9048
- C:\Windows\System\iywpWBS.exe
  C:\Windows\System\iywpWBS.exe
  2⤵
  PID:9032
- C:\Windows\System\PoNiIcM.exe
  C:\Windows\System\PoNiIcM.exe
  2⤵
  PID:9092
- C:\Windows\System\knIXNjv.exe
  C:\Windows\System\knIXNjv.exe
  2⤵
  PID:7380
- C:\Windows\System\vKzeguu.exe
  C:\Windows\System\vKzeguu.exe
  2⤵
  PID:8212
- C:\Windows\System\bmPWiSY.exe
  C:\Windows\System\bmPWiSY.exe
  2⤵
  PID:7184
- C:\Windows\System\iGtNOTE.exe
  C:\Windows\System\iGtNOTE.exe
  2⤵
  PID:8456
- C:\Windows\System\edgVKlR.exe
  C:\Windows\System\edgVKlR.exe
  2⤵
  PID:8444
- C:\Windows\System\ucvOEnF.exe
  C:\Windows\System\ucvOEnF.exe
  2⤵
  PID:8620
- C:\Windows\System\QrwIkFa.exe
  C:\Windows\System\QrwIkFa.exe
  2⤵
  PID:8752
- C:\Windows\System\VXsAPOf.exe
  C:\Windows\System\VXsAPOf.exe
  2⤵
  PID:8604
- C:\Windows\System\gBrdESg.exe
  C:\Windows\System\gBrdESg.exe
  2⤵
  PID:8728
- C:\Windows\System\uMiEJeu.exe
  C:\Windows\System\uMiEJeu.exe
  2⤵
  PID:8936
- C:\Windows\System\UHuFLGF.exe
  C:\Windows\System\UHuFLGF.exe
  2⤵
  PID:9036
- C:\Windows\System\mKEOwZS.exe
  C:\Windows\System\mKEOwZS.exe
  2⤵
  PID:9104
- C:\Windows\System\fuYRAaK.exe
  C:\Windows\System\fuYRAaK.exe
  2⤵
  PID:9072
- C:\Windows\System\WSdXmhI.exe
  C:\Windows\System\WSdXmhI.exe
  2⤵
  PID:9124
- C:\Windows\System\nOXwtDD.exe
  C:\Windows\System\nOXwtDD.exe
  2⤵
  PID:9200
- C:\Windows\System\RHKoAPX.exe
  C:\Windows\System\RHKoAPX.exe
  2⤵
  PID:9152
- C:\Windows\System\JgOiWnN.exe
  C:\Windows\System\JgOiWnN.exe
  2⤵
  PID:7804
- C:\Windows\System\BcNibIW.exe
  C:\Windows\System\BcNibIW.exe
  2⤵
  PID:7824
- C:\Windows\System\sasPslo.exe
  C:\Windows\System\sasPslo.exe
  2⤵
  PID:7124
- C:\Windows\System\fGPIfhB.exe
  C:\Windows\System\fGPIfhB.exe
  2⤵
  PID:8252
- C:\Windows\System\wQBnCWz.exe
  C:\Windows\System\wQBnCWz.exe
  2⤵
  PID:8408
- C:\Windows\System\SUMOQvf.exe
  C:\Windows\System\SUMOQvf.exe
  2⤵
  PID:8588
- C:\Windows\System\VpHFanX.exe
  C:\Windows\System\VpHFanX.exe
  2⤵
  PID:9100
- C:\Windows\System\YFXkCwH.exe
  C:\Windows\System\YFXkCwH.exe
  2⤵
  PID:9168
- C:\Windows\System\XiVEszh.exe
  C:\Windows\System\XiVEszh.exe
  2⤵
  PID:9156
- C:\Windows\System\XmeaQsJ.exe
  C:\Windows\System\XmeaQsJ.exe
  2⤵
  PID:9028
- C:\Windows\System\OODbdBK.exe
  C:\Windows\System\OODbdBK.exe
  2⤵
  PID:9136
- C:\Windows\System\BnVcWdS.exe
  C:\Windows\System\BnVcWdS.exe
  2⤵
  PID:7420
- C:\Windows\System\EGFMiet.exe
  C:\Windows\System\EGFMiet.exe
  2⤵
  PID:7208
- C:\Windows\System\sbLHPiZ.exe
  C:\Windows\System\sbLHPiZ.exe
  2⤵
  PID:8648
- C:\Windows\System\dGSIgBS.exe
  C:\Windows\System\dGSIgBS.exe
  2⤵
  PID:8740
- C:\Windows\System\acjQFFf.exe
  C:\Windows\System\acjQFFf.exe
  2⤵
  PID:9052
- C:\Windows\System\DToukaN.exe
  C:\Windows\System\DToukaN.exe
  2⤵
  PID:8540
- C:\Windows\System\zpczLWL.exe
  C:\Windows\System\zpczLWL.exe
  2⤵
  PID:8316
- C:\Windows\System\tKfTrGf.exe
  C:\Windows\System\tKfTrGf.exe
  2⤵
  PID:9172
- C:\Windows\System\oSrYZsc.exe
  C:\Windows\System\oSrYZsc.exe
  2⤵
  PID:8200
- C:\Windows\System\QlxnVvE.exe
  C:\Windows\System\QlxnVvE.exe
  2⤵
  PID:7988
- C:\Windows\System\HtRAiJA.exe
  C:\Windows\System\HtRAiJA.exe
  2⤵
  PID:8580
- C:\Windows\System\JfJfRbK.exe
  C:\Windows\System\JfJfRbK.exe
  2⤵
  PID:8348
- C:\Windows\System\JbGSUth.exe
  C:\Windows\System\JbGSUth.exe
  2⤵
  PID:7956
- C:\Windows\System\myUwIxx.exe
  C:\Windows\System\myUwIxx.exe
  2⤵
  PID:8692
- C:\Windows\System\vumCXOW.exe
  C:\Windows\System\vumCXOW.exe
  2⤵
  PID:8844
- C:\Windows\System\mtfMCDY.exe
  C:\Windows\System\mtfMCDY.exe
  2⤵
  PID:8284
- C:\Windows\System\YgJQXSJ.exe
  C:\Windows\System\YgJQXSJ.exe
  2⤵
  PID:7876
- C:\Windows\System\yISqnGm.exe
  C:\Windows\System\yISqnGm.exe
  2⤵
  PID:7368
- C:\Windows\System\akXbHfp.exe
  C:\Windows\System\akXbHfp.exe
  2⤵
  PID:9188
- C:\Windows\System\tSfFFXI.exe
  C:\Windows\System\tSfFFXI.exe
  2⤵
  PID:9232
- C:\Windows\System\klRlgPm.exe
  C:\Windows\System\klRlgPm.exe
  2⤵
  PID:9252
- C:\Windows\System\TNgYTDQ.exe
  C:\Windows\System\TNgYTDQ.exe
  2⤵
  PID:9276
- C:\Windows\System\PgOPwFL.exe
  C:\Windows\System\PgOPwFL.exe
  2⤵
  PID:9308
- C:\Windows\System\dNPHlwJ.exe
  C:\Windows\System\dNPHlwJ.exe
  2⤵
  PID:9324
- C:\Windows\System\XwZfWwL.exe
  C:\Windows\System\XwZfWwL.exe
  2⤵
  PID:9340
- C:\Windows\System\kYYpShD.exe
  C:\Windows\System\kYYpShD.exe
  2⤵
  PID:9356
- C:\Windows\System\VEhARQZ.exe
  C:\Windows\System\VEhARQZ.exe
  2⤵
  PID:9372
- C:\Windows\System\lINIYjE.exe
  C:\Windows\System\lINIYjE.exe
  2⤵
  PID:9392
- C:\Windows\System\ENlKFER.exe
  C:\Windows\System\ENlKFER.exe
  2⤵
  PID:9408
- C:\Windows\System\kRktrbG.exe
  C:\Windows\System\kRktrbG.exe
  2⤵
  PID:9424
- C:\Windows\System\jNKFuxg.exe
  C:\Windows\System\jNKFuxg.exe
  2⤵
  PID:9444
- C:\Windows\System\YigsCZe.exe
  C:\Windows\System\YigsCZe.exe
  2⤵
  PID:9460
- C:\Windows\System\CYwqCxP.exe
  C:\Windows\System\CYwqCxP.exe
  2⤵
  PID:9476
- C:\Windows\System\lfeUtpH.exe
  C:\Windows\System\lfeUtpH.exe
  2⤵
  PID:9492
- C:\Windows\System\OqBnYlK.exe
  C:\Windows\System\OqBnYlK.exe
  2⤵
  PID:9512
- C:\Windows\System\WymbsFb.exe
  C:\Windows\System\WymbsFb.exe
  2⤵
  PID:9528
- C:\Windows\System\sTZqKLh.exe
  C:\Windows\System\sTZqKLh.exe
  2⤵
  PID:9544
- C:\Windows\System\zassbAW.exe
  C:\Windows\System\zassbAW.exe
  2⤵
  PID:9564
- C:\Windows\System\HTUlDmN.exe
  C:\Windows\System\HTUlDmN.exe
  2⤵
  PID:9580
- C:\Windows\System\UAQMPTm.exe
  C:\Windows\System\UAQMPTm.exe
  2⤵
  PID:9596
- C:\Windows\System\JVHvWtA.exe
  C:\Windows\System\JVHvWtA.exe
  2⤵
  PID:9616
- C:\Windows\System\cqjOqkL.exe
  C:\Windows\System\cqjOqkL.exe
  2⤵
  PID:9636
- C:\Windows\System\slzAsSn.exe
  C:\Windows\System\slzAsSn.exe
  2⤵
  PID:9652
- C:\Windows\System\DHjuHNq.exe
  C:\Windows\System\DHjuHNq.exe
  2⤵
  PID:9668
- C:\Windows\System\XXbrPMB.exe
  C:\Windows\System\XXbrPMB.exe
  2⤵
  PID:9684
- C:\Windows\System\XOEgvHz.exe
  C:\Windows\System\XOEgvHz.exe
  2⤵
  PID:9700
- C:\Windows\System\cfKrbBR.exe
  C:\Windows\System\cfKrbBR.exe
  2⤵
  PID:9716
- C:\Windows\System\MjsCUYC.exe
  C:\Windows\System\MjsCUYC.exe
  2⤵
  PID:9732
- C:\Windows\System\vOEFyId.exe
  C:\Windows\System\vOEFyId.exe
  2⤵
  PID:9748
- C:\Windows\System\HpXKTFI.exe
  C:\Windows\System\HpXKTFI.exe
  2⤵
  PID:9764
- C:\Windows\System\jOTzwsW.exe
  C:\Windows\System\jOTzwsW.exe
  2⤵
  PID:9780
- C:\Windows\System\UqEpfuI.exe
  C:\Windows\System\UqEpfuI.exe
  2⤵
  PID:9796
- C:\Windows\System\FMKfIiS.exe
  C:\Windows\System\FMKfIiS.exe
  2⤵
  PID:9812
- C:\Windows\System\hWpGAMI.exe
  C:\Windows\System\hWpGAMI.exe
  2⤵
  PID:9828
- C:\Windows\System\llysRgp.exe
  C:\Windows\System\llysRgp.exe
  2⤵
  PID:9860
- C:\Windows\System\xUxgMqg.exe
  C:\Windows\System\xUxgMqg.exe
  2⤵
  PID:9876
- C:\Windows\System\AEbZPTB.exe
  C:\Windows\System\AEbZPTB.exe
  2⤵
  PID:9900
- C:\Windows\System\dwIiIQf.exe
  C:\Windows\System\dwIiIQf.exe
  2⤵
  PID:9944
- C:\Windows\System\nIimQuI.exe
  C:\Windows\System\nIimQuI.exe
  2⤵
  PID:9960
- C:\Windows\System\RYPAAWa.exe
  C:\Windows\System\RYPAAWa.exe
  2⤵
  PID:9976
- C:\Windows\System\ovFhLof.exe
  C:\Windows\System\ovFhLof.exe
  2⤵
  PID:9992
- C:\Windows\System\EwxLVMx.exe
  C:\Windows\System\EwxLVMx.exe
  2⤵
  PID:10008
- C:\Windows\System\uWEqBNI.exe
  C:\Windows\System\uWEqBNI.exe
  2⤵
  PID:10032
- C:\Windows\System\BsMisbC.exe
  C:\Windows\System\BsMisbC.exe
  2⤵
  PID:10056
- C:\Windows\System\OmqEMfF.exe
  C:\Windows\System\OmqEMfF.exe
  2⤵
  PID:10072
- C:\Windows\System\TRQggOm.exe
  C:\Windows\System\TRQggOm.exe
  2⤵
  PID:10088
- C:\Windows\System\PAbgCqh.exe
  C:\Windows\System\PAbgCqh.exe
  2⤵
  PID:10108
- C:\Windows\System\hDueYCh.exe
  C:\Windows\System\hDueYCh.exe
  2⤵
  PID:10136
- C:\Windows\System\HmUzoOt.exe
  C:\Windows\System\HmUzoOt.exe
  2⤵
  PID:10152
- C:\Windows\System\LfCSAqi.exe
  C:\Windows\System\LfCSAqi.exe
  2⤵
  PID:10168
- C:\Windows\System\aMEOlNG.exe
  C:\Windows\System\aMEOlNG.exe
  2⤵
  PID:10184
- C:\Windows\System\giLNASo.exe
  C:\Windows\System\giLNASo.exe
  2⤵
  PID:10200
- C:\Windows\System\BFLaXPl.exe
  C:\Windows\System\BFLaXPl.exe
  2⤵
  PID:10216
- C:\Windows\System\yaceeSo.exe
  C:\Windows\System\yaceeSo.exe
  2⤵
  PID:10232
- C:\Windows\System\jnTBomw.exe
  C:\Windows\System\jnTBomw.exe
  2⤵
  PID:9012
- C:\Windows\System\zKLuJHS.exe
  C:\Windows\System\zKLuJHS.exe
  2⤵
  PID:8564
- C:\Windows\System\QJczjRn.exe
  C:\Windows\System\QJczjRn.exe
  2⤵
  PID:9264
- C:\Windows\System\ROZgHJB.exe
  C:\Windows\System\ROZgHJB.exe
  2⤵
  PID:8572
- C:\Windows\System\NdvDmlu.exe
  C:\Windows\System\NdvDmlu.exe
  2⤵
  PID:9288
- C:\Windows\System\uEpAlKT.exe
  C:\Windows\System\uEpAlKT.exe
  2⤵
  PID:9316
- C:\Windows\System\XLEpJtq.exe
  C:\Windows\System\XLEpJtq.exe
  2⤵
  PID:9384
- C:\Windows\System\UdkDdEP.exe
  C:\Windows\System\UdkDdEP.exe
  2⤵
  PID:9456
- C:\Windows\System\xoMBtCU.exe
  C:\Windows\System\xoMBtCU.exe
  2⤵
  PID:9524
- C:\Windows\System\TjBOxZU.exe
  C:\Windows\System\TjBOxZU.exe
  2⤵
  PID:9588
- C:\Windows\System\gapaUPi.exe
  C:\Windows\System\gapaUPi.exe
  2⤵
  PID:9632
- C:\Windows\System\tTIXSfC.exe
  C:\Windows\System\tTIXSfC.exe
  2⤵
  PID:9332
- C:\Windows\System\FHeldQq.exe
  C:\Windows\System\FHeldQq.exe
  2⤵
  PID:9400
- C:\Windows\System\sZjkpIN.exe
  C:\Windows\System\sZjkpIN.exe
  2⤵
  PID:9500
- C:\Windows\System\dLmMswl.exe
  C:\Windows\System\dLmMswl.exe
  2⤵
  PID:9472
- C:\Windows\System\FFTfMzt.exe
  C:\Windows\System\FFTfMzt.exe
  2⤵
  PID:9536
- C:\Windows\System\jZRATJJ.exe
  C:\Windows\System\jZRATJJ.exe
  2⤵
  PID:9604
- C:\Windows\System\syttDas.exe
  C:\Windows\System\syttDas.exe
  2⤵
  PID:9696
- C:\Windows\System\qZlEYak.exe
  C:\Windows\System\qZlEYak.exe
  2⤵
  PID:9776
- C:\Windows\System\MFrFIoq.exe
  C:\Windows\System\MFrFIoq.exe
  2⤵
  PID:9868
- C:\Windows\System\iBwvdWN.exe
  C:\Windows\System\iBwvdWN.exe
  2⤵
  PID:9852
- C:\Windows\System\jAOZeIb.exe
  C:\Windows\System\jAOZeIb.exe
  2⤵
  PID:9928
- C:\Windows\System\OdTwXba.exe
  C:\Windows\System\OdTwXba.exe
  2⤵
  PID:10000
- C:\Windows\System\TgIsyQQ.exe
  C:\Windows\System\TgIsyQQ.exe
  2⤵
  PID:10048
- C:\Windows\System\oeZlLpu.exe
  C:\Windows\System\oeZlLpu.exe
  2⤵
  PID:10116
- C:\Windows\System\HxUomBx.exe
  C:\Windows\System\HxUomBx.exe
  2⤵
  PID:10128
- C:\Windows\System\pVfzGRd.exe
  C:\Windows\System\pVfzGRd.exe
  2⤵
  PID:10196
- C:\Windows\System\bycHceS.exe
  C:\Windows\System\bycHceS.exe
  2⤵
  PID:9892
- C:\Windows\System\zEeoRzA.exe
  C:\Windows\System\zEeoRzA.exe
  2⤵
  PID:10224
- C:\Windows\System\ZGDDLWv.exe
  C:\Windows\System\ZGDDLWv.exe
  2⤵
  PID:10020
- C:\Windows\System\TCpgmOM.exe
  C:\Windows\System\TCpgmOM.exe
  2⤵
  PID:10100
- C:\Windows\System\hMPYYbV.exe
  C:\Windows\System\hMPYYbV.exe
  2⤵
  PID:9576
- C:\Windows\System\hwjTzJN.exe
  C:\Windows\System\hwjTzJN.exe
  2⤵
  PID:9872
- C:\Windows\System\RxZGrJD.exe
  C:\Windows\System\RxZGrJD.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BAuIZYP.exe

Filesize
5.7MB

MD5
899ec72588579d5c367e71a83613cb92

SHA1
9a22bb26b3a9967a238181cb5c05d9fd63ddc212

SHA256
0b56687c8bda6782f099571cb5a98eaabb5354b9d96861200ccc2b885a03f54d

SHA512
9e7405b1addc2adbefe6f9b402c44f733289b96fdd6a7783c0366cfafbe3655ead2fbff95f92701e1265ea2609b46f7e8377844f46e7c4a940a7769ccfe8c538

Download Submit
C:\Windows\system\CTnWcNh.exe

Filesize
5.7MB

MD5
6aef53df46502231fa08210235a1141d

SHA1
98416d487e4c89883d10876ab9253e6088272f38

SHA256
4202193e2bb58b787973ecfe627741c6f216c4b47c08e729be8caa55b545b02e

SHA512
2f88b647dcf847484a8e3965ecd7a745e43f7324fb1d4db9d9699cdfb27a5652712d9ae5730fbd60b4b86303f658a0ccb7950f2e2a22927e95b5e9205245e7a0

Download Submit
C:\Windows\system\HGRrwYZ.exe

Filesize
5.7MB

MD5
862f9b118ca1199f0be5f06ecae2df99

SHA1
25ddf66ed0fd3ba1d2765c8219cb6d7c3175e2db

SHA256
b3a20e40b43af7221caa96bd4672d158c7545d83b92b984eb0a8a3548b3f3d19

SHA512
48615a6f2acc86732d00f60a44540598848630a0130732f54283ded478bcfdcb3ac66aa6c21a3f3454ae21ac8dfe9f93b20907f8883214f9ed5b73268f88b13f

Download Submit
C:\Windows\system\HtZIOBq.exe

Filesize
5.7MB

MD5
b62c5d13aabeeeec9f8a48672cc9ae10

SHA1
07233d197b12f7991d3d2c107d95548b5ddf4f0b

SHA256
7541c1ef9a382b82b4318b08e944d5c9ce6e8938c6ff2795aff8e964c91877ce

SHA512
fb0e39315fd9ecb81fd54f1f5fd2ebe33be36dcc7bcb94ae67c6209de78b9740ee67d319db29417c12684fa669c86fa2f13874066a6808a586e582fb2806da84

Download Submit
C:\Windows\system\Ldxqeik.exe

Filesize
5.7MB

MD5
334d2bceba31c2543263db3de1e962a8

SHA1
9f41234355ade26caee9909cd15a49372e297605

SHA256
4163fb94ab3a94fdd283e4ae5eedfcc271553841413aae566fe2ff62252d3a2f

SHA512
0d1ec4814ba6c88f30f0a30e234dd6bc53586e3b92550fe672fd0a503c318fa4784c89569a31de73ab323baa22e4caff53e1b49c0d5c6417db59f87df23c5c16

Download Submit
C:\Windows\system\MkvyTyQ.exe

Filesize
5.7MB

MD5
dd5c37309ee205cd874e49a3e6e8fed3

SHA1
8171c7ac7924f4bb58c36f18d1b3a43056471ff4

SHA256
ef6c37159d3822dba16352227f2d2a8486707d310cb6a2801fe7b4216bbac646

SHA512
bf0d18985caf64effb595f01db7290fce39af4c9290c6215772b26398e98ba110437c2921806eb4d2a74640aab36b692943ae216bdd130ce0f5eab31d928b6b8

Download Submit
C:\Windows\system\OhjlPOX.exe

Filesize
5.7MB

MD5
2642c3a801f1ad4f792e88158e95eecf

SHA1
40324c900a175b414cbec25d5293741e79d79f9d

SHA256
34b5a7e6d589876b57b671987611cfb0a67fc9cd9cd44307098e233a5c2a03bd

SHA512
9d693010e6924a1063d317533b87d7632ffa0fe1d1012e3a303f498786277fe1c066bfbf5d35eea62044687bd46fc237302d262b1531faefe567f78a65c2bfa0

Download Submit
C:\Windows\system\PcnmDox.exe

Filesize
5.7MB

MD5
658e521dfb377e166cf99a123b80ee68

SHA1
74b36d2333f05be93234de694e70105e0b4ef580

SHA256
67e95575329f3ab5fd16131e242f6ea5dbd812adcc77d84b0529931e7773d20c

SHA512
89b87a05d9756019aab9d6d1803f8491de33f0d3b42ea08aefb2909f4b50dc0b5dce7aa8294098c8489c06b402c16d3ad33cb43b5859b43be2e7434f82e7fca5

Download Submit
C:\Windows\system\QLUKPUG.exe

Filesize
5.7MB

MD5
e7ae09b72d3ff70b4994ec94e2c6ba82

SHA1
52c177e946665f4c45e8265c459409034e53d29a

SHA256
fb6ff0d75a67210b4df193038f108b302c030f7c3fce95abe46d1cf603e4d9c8

SHA512
d1f15f231b38f7750101407b995f5752764361a3d679dd016a0ba78c01236e4db5d2e11100f5ff9c32584d0bd128c15e8d31f4ac4b1e80fe297054698aa2c04f

Download Submit
C:\Windows\system\QiAvxbD.exe

Filesize
5.7MB

MD5
e82a1cc16a04bb6feebe4f8103440d36

SHA1
9088cd4ecf26a69bda8ff956b7b90735a6476411

SHA256
0f480d741c90984e93b9e2e62126d9396d92b4e7f1d8a656b841242188b12267

SHA512
7d4c1fa0e2691e63cf45ea67955d414c8842617f21c5de75451424f1de856e80d95ffafe052484fcfc5a7225b857de38661e5fd9b432c36ef6b91a70f50bb3ca

Download Submit
C:\Windows\system\VVituXj.exe

Filesize
5.7MB

MD5
b51c02c81de0ff7d5839967bd4747aa7

SHA1
a05451927b72b99a6781b090e0eb3291cfb4acf8

SHA256
3e394291540efb3ff17ec51e3d9ca66f9c7905c8bb09c55ee0cb4882eb4d9450

SHA512
aca44e12dae10bad8580775abf4ba8d6f63145ef1be0df2faf24033d5ce53513b424376358ef9cf17ccb089e3b0475f783303a54c08a741b6031900cbe191f02

Download Submit
C:\Windows\system\ZrqeleV.exe

Filesize
5.7MB

MD5
d05327401ca01b2755e693d81ecc6065

SHA1
427cea0c297e4dc442e58f91e64a3e05add6f40a

SHA256
0234441bcf1b157e8ea176319c98462e3e358143b579dc0f2b852458691ed833

SHA512
907fa4529839e1b105bf231bdfb83ef8b92464b42b2ddaeeceb4a6cd05b37cdd047c6d9a2e3af4935a7e5011616a1a051ac23d8f7f29132342c3676f90c3696b

Download Submit
C:\Windows\system\eQywnEG.exe

Filesize
5.7MB

MD5
ddd2b2131d72cd85769717e486b5f2e0

SHA1
27e8ab12864e34cb3c5412c3560072003bdfb256

SHA256
28614c569ffb06719ff9687370f13fed6aebe6897160219987adac12671abaef

SHA512
cc66bf2afc53ffc0a199626e837e3c008aff128ac89856679a2bbb2168d8657fe845849f9dc908e84aba0b06ace167512e80bdca8350fb4ca6fe8b89afb01c0d

Download Submit
C:\Windows\system\fXqpRBa.exe

Filesize
5.7MB

MD5
a80f4ba5e79ebbeedfd22fd95b76db7e

SHA1
29c6464f8e59e3b532152f8f432c8add694220ec

SHA256
06e6e7f772ebb486c21207329d689149f2135ed5566c1ca68754ca12b72d73cd

SHA512
81ec1dc5bf62b405ac554fb0d1400701d81b1a428f62878b8358c2aaefae285a537374b1991abc46e4bd72ba45c22e0de27c6f34cd0dd46c060bcf9ffd055079

Download Submit
C:\Windows\system\fwebgih.exe

Filesize
5.7MB

MD5
7c134a92800b48ff73c087abbc36d826

SHA1
8dea1247ba93aa73f0dc6721f45556fb901a05f3

SHA256
cf76031c4c3bda7900dec6f90abcc3e05a8f72da9c6f8b54b32d5e0cc548fb0e

SHA512
d64a5aeef44943611a9ea182b0a4bc5dbcad3b7e18adb0668ece632bf7b04ea66fa4328ff73a06f1a5f334200cb076df182e72d96df160b3b45a46092930b6b0

Download Submit
C:\Windows\system\ixXzxzd.exe

Filesize
5.7MB

MD5
dc86e87aba4840490c3912180c96bd6d

SHA1
745be81b8d650f820a9cddc7398ab24ebd17e6bf

SHA256
9ccca4de4001d063e9196bac0ee88553b407c696891f792aa0c23cbe50914770

SHA512
2a18269dfd18806404d45ff69a76460540bc0c9224b51a6457ae1dce741d16df2652b543b0096ed039a1250cf041ae5e3955b45799459b5427daa16d7fc51ef6

Download Submit
C:\Windows\system\jxviroJ.exe

Filesize
5.7MB

MD5
6009de05aa3b397ae55b704fc6cb7a26

SHA1
30a910168aeb502fefb5f6787576dffd35a8e8e0

SHA256
10375a97510a8f2b701392d0d427bda356148b50a62e4d0941ede4b1f1fdd8e7

SHA512
e38bac78c3640488152c59bb0ca7c3ff89572abbbd6a8af70c0895d6a9eab648ed83493e71b65d91e1f99ad20c9aea6e01702c2866638c9792d8d10a7d72534c

Download Submit
C:\Windows\system\mJJlBuN.exe

Filesize
5.7MB

MD5
50f714867ed7df7e377e81144ac4e8a6

SHA1
d29a86b2bcad3e1a03efc0df257c4802455f0b53

SHA256
98a20dc4254edb7f08ac44547d8e792dc68dc33c07f497c5563bc5af17e1f236

SHA512
7b9f539b02f5e411f56ee3b391400b2cc4e7b3d87b1508db10d281bd2a8c4add28155a430f7e08bee19aad4ff718bf37b212889b26e59f6c8ef5482c4683516d

Download Submit
C:\Windows\system\mKlckFI.exe

Filesize
5.7MB

MD5
4e11eb1845825a512d1a4fb0572e28bc

SHA1
a83d78014eddb90796ed33c942ebc37b005bd642

SHA256
a608e5e31fcb308b6b90df69aa201d5761129c13204eabce8c3185877cc49f68

SHA512
1825ddb5f529820b83b950c0623d5182e0b1dcdf47d5676b3c70bcdd15c748d80c58ea844f29e061874ea5b62bfb9b2d46bd267074a2159463e91db474827eb5

Download Submit
C:\Windows\system\piqlXrJ.exe

Filesize
5.7MB

MD5
27aae84658e03e1980af85e13023bdbb

SHA1
b0370e70ea9c1766cdc4620b9c2f65a2f102c913

SHA256
3943b362d118ec5c9c96bbfbedb624af6b4fd2c1b702881fe198919653286c23

SHA512
0296a54e086e52d212fc24ada25d9778d833ba321d436034c0dac94fbb36e5cbbf8a82149d7a7adc45adef0898ee35629fa8b857da0cea7690d6d8ca94ac6693

Download Submit
C:\Windows\system\qQPviTn.exe

Filesize
5.7MB

MD5
ad19498cd1399662133b6bc5d58477f1

SHA1
7d10547ae37993a7f0b487c778bd5e3b5ffebd04

SHA256
92fb49748ab089b96f053d8730e3a6b7c06698ff9090ad7384af48f888b98591

SHA512
2f6f07a7ad810915044841db287e7c68975136dc65cd73fa86331356f4f9e25d96f2f13d4f1a5a880f3e2aff0c8e476d1acb13af97dd9a0ca21fef44434a2464

Download Submit
C:\Windows\system\tLKBNPO.exe

Filesize
5.7MB

MD5
97afcf77a5197051cd53907de2d22287

SHA1
3af8f19b2f6e3c3c98087633064a9ca586c35b1c

SHA256
e1f9d833ad2d6826f21f311b3bbf8320df131fd770caa536cf10c3c122402813

SHA512
416ce8dc5061852f4213656c0f7b93a703ae8fdfe6a4e86aa4aaa35209e80b7c8da28e04d35a680edfa9fa085fb3b5df0b669394273bec0800cae0fad1cc8f5c

Download Submit
C:\Windows\system\uUbmUPw.exe

Filesize
5.7MB

MD5
e8f51c2eb8977378c5caf2075b44eda9

SHA1
96b21fc84b2a03dc270095573097df51efb0caf7

SHA256
1128bd159a667b9953c33d2d5f4d96a826319bc036f3cc29766e101be9a4c8b5

SHA512
9149a7b0fbe778ca749422a87d756c70546be0669e0ee33cb83f5ad384379f87a96390835c2387082c75adaa761fcfd8760f93e0fd85ffa53d855968f3fdf38a

Download Submit
C:\Windows\system\veHSyRB.exe

Filesize
5.7MB

MD5
2ee939971978a6db0f6de4ccddeb8a85

SHA1
6a97eefe149635c42b569b9614c7c1250173ef9b

SHA256
09fb91af79472ffb9e1539f1d5adc72d76b5ab3c8f08cdfd742c9e2b4822a000

SHA512
c5715088491aad17f903302288d818e81d7ee9af5c7eaf9d41d0ef0490d0b2462d9f761651923fbb829490aee110f05638c97bb7065552cbb03fd2cdec8b9f90

Download Submit
C:\Windows\system\wagEqcp.exe

Filesize
5.7MB

MD5
69630d412d190273b4d9e5e25166f918

SHA1
7793921bb4ca9307054815ac48a7c8afa2046b00

SHA256
ba2cf4658c69a78d42fabc991c18c3b91a8cb00a80cc10d28ad29890cf889b3f

SHA512
de61e0904ba4fd2f864455ced1b7579be51102701cad93a8de0a3595a6a2def8626cdbe2f6d37025d3b31b0a145c266b9e2568a8025bffbef4a1d0d1ac83d145

Download Submit
C:\Windows\system\wlTqkTM.exe

Filesize
5.7MB

MD5
3a315f7be40a547b5ddc7140ac35f7b3

SHA1
4233ba9e0d07e28935299486d9b873cbd3a027cf

SHA256
cc2e9c9280d25003d266944b85484663cca9b74575cd6f7bd7d4bce66a3091b7

SHA512
dd88fe93f4f3c3577b2719ac43f05271b8062a4d09fff0e4e6fc5a447b7ced5b261f79ee4aa24d9e55e473f77626d88b27532490a4dfcee8b3362f31e8ab7fa5

Download Submit
C:\Windows\system\ygWdFNK.exe

Filesize
5.7MB

MD5
95a8bff8aa6727884a15faa8a6bc58f7

SHA1
ae69a3ebfbf254202b938e8f9b8f31de2bfaa965

SHA256
ed5c0b2ce315d49f931985fc7841abfcb6a2767273d9e7a90b982135dd75ccc9

SHA512
80fcb84d1ecd432f4b44e8af1ae7f2027beda6348c8e8d7a0a87da99341eaa3cef4226582e9b411ab477e2e8f33e1ffe6a6986669e16fe436583d27b883c1cdb

Download Submit
\Windows\system\EmUaRFQ.exe

Filesize
5.7MB

MD5
dd908aeefe0b6dd2c7b5a9fedb1c0c3c

SHA1
994807026e9ae1712b21d15ed9a0b32f371a76cc

SHA256
9ca57d06af0c03ea22876d1d16e3393176afcb34720be88fc566a8d52275b434

SHA512
5755582d2d929860897ebf380a7f01f21bedea3602159443d760fdd516d8bb0c7cf54364d5acf1ce0238188e8b761c9a993e8921fb6a8d64998d93def8c9c569

Download Submit
\Windows\system\HaSdiOR.exe

Filesize
5.7MB

MD5
3158fa40f7434be0a268f88f07c80e18

SHA1
2fe781db34496525ecbd34ff1770ec28dc5504c1

SHA256
ef4ecd3e385926d6e1de29c942914fcbcb6b8e073794f171988b6b2d996a6ec9

SHA512
98214ddc4a23ce0835d15e56388601ac7f74fdb89ed4d9f605dec9aee41aee889a544434a972d6de9614cb13b1acf3cfbc1c21945b90cba4df27c540987caa48

Download Submit
\Windows\system\nJcvtlU.exe

Filesize
5.7MB

MD5
9e17a459f5ad0edc112fa4e30b44ece5

SHA1
1d931b9662fa6835076960c8f7fd432c49f07963

SHA256
95bc7a46de0aed86d9b7de0492ec5d5a19e59e3086c80e0733664f244935bde5

SHA512
7e618522411fafb579fc5735bdeda66fa3971e8e86ccd2fdd983491bc598f63ccc0c1193fc71c443090a0c6317de8b3f84e595a1c26afc15cc1ccc5a6a5fb504

Download Submit
\Windows\system\uuylehK.exe

Filesize
5.7MB

MD5
38cf0e9e95bfa9aee4e90577a0cede44

SHA1
2e87e9ede6f0b82c4c7cc963b3d9f4d2d34f24af

SHA256
5626f972d7617717f378a53d111ffed2397cc10fbb6637162e2a4828c6a50a95

SHA512
dfec086437f85848dd559ff2648c8334c6bf5705301ce2b1b58193132020c812c1984ec20296f597107a1901fe2d0371b3672c73b81d95ad8a116a21e9d32cf4

Download Submit
\Windows\system\xKjyuMA.exe

Filesize
5.7MB

MD5
420a94caa86aa1d26c5f3e2458462be9

SHA1
62fde024065a7102d0ad7b2b65795850df24a8ad

SHA256
316495967e33293e59344c36fd294d3df4c66252050d11bd33e5323f88f11d98

SHA512
653599de7320902e6b0f41d67e0d9bf45b479560bfb00301669a0e36e78331709c9c600e37efa6dd7d306114e4fb94818be0a2e89180890d37a432e136ee63d0

Download Submit
memory/280-91-0x000000013FB60000-0x000000013FEAD000-memory.dmp

Filesize
3.3MB

Download
memory/404-175-0x000000013F1E0000-0x000000013F52D000-memory.dmp

Filesize
3.3MB

Download
memory/628-45-0x000000013F080000-0x000000013F3CD000-memory.dmp

Filesize
3.3MB

Download
memory/1076-53-0x000000013F370000-0x000000013F6BD000-memory.dmp

Filesize
3.3MB

Download
memory/1080-85-0x000000013FCD0000-0x000000014001D000-memory.dmp

Filesize
3.3MB

Download
memory/1608-157-0x000000013F320000-0x000000013F66D000-memory.dmp

Filesize
3.3MB

Download
memory/1660-169-0x000000013F5D0000-0x000000013F91D000-memory.dmp

Filesize
3.3MB

Download
memory/1780-133-0x000000013F7A0000-0x000000013FAED000-memory.dmp

Filesize
3.3MB

Download
memory/1988-151-0x000000013FF60000-0x00000001402AD000-memory.dmp

Filesize
3.3MB

Download
memory/2140-54-0x000000013F530000-0x000000013F87D000-memory.dmp

Filesize
3.3MB

Download
memory/2224-77-0x000000013F550000-0x000000013F89D000-memory.dmp

Filesize
3.3MB

Download
memory/2248-13-0x000000013F690000-0x000000013F9DD000-memory.dmp

Filesize
3.3MB

Download
memory/2288-163-0x000000013FFB0000-0x00000001402FD000-memory.dmp

Filesize
3.3MB

Download
memory/2312-181-0x000000013F2B0000-0x000000013F5FD000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x000000013F880000-0x000000013FBCD000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2544-7-0x000000013F260000-0x000000013F5AD000-memory.dmp

Filesize
3.3MB

Download
memory/2560-187-0x000000013F7D0000-0x000000013FB1D000-memory.dmp

Filesize
3.3MB

Download
memory/2632-67-0x000000013F0D0000-0x000000013F41D000-memory.dmp

Filesize
3.3MB

Download
memory/2664-61-0x000000013FCA0000-0x000000013FFED000-memory.dmp

Filesize
3.3MB

Download
memory/2680-121-0x000000013F950000-0x000000013FC9D000-memory.dmp

Filesize
3.3MB

Download
memory/2756-27-0x000000013F7C0000-0x000000013FB0D000-memory.dmp

Filesize
3.3MB

Download
memory/2780-78-0x000000013FBB0000-0x000000013FEFD000-memory.dmp

Filesize
3.3MB

Download
memory/2800-145-0x000000013F190000-0x000000013F4DD000-memory.dmp

Filesize
3.3MB

Download
memory/2856-103-0x000000013F920000-0x000000013FC6D000-memory.dmp

Filesize
3.3MB

Download
memory/2892-39-0x000000013FE80000-0x00000001401CD000-memory.dmp

Filesize
3.3MB

Download
memory/2912-51-0x000000013F7E0000-0x000000013FB2D000-memory.dmp

Filesize
3.3MB

Download
memory/2932-108-0x000000013F020000-0x000000013F36D000-memory.dmp

Filesize
3.3MB

Download
memory/2988-96-0x000000013F300000-0x000000013F64D000-memory.dmp

Filesize
3.3MB

Download
memory/3036-115-0x000000013F780000-0x000000013FACD000-memory.dmp

Filesize
3.3MB

Download