cobaltstrike | 0ca3d1d0a7e31f909b9576d3f0ba861ce0a0767cf9ba24c62d61ebf7ead7e84d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

9fd23662e61a939ac926abbd8169cbc2
SHA1

093f96c6cfcfcfa6299f31b618b43dd8509d37ac
SHA256

0ca3d1d0a7e31f909b9576d3f0ba861ce0a0767cf9ba24c62d61ebf7ead7e84d
SHA512

e3f273dfaac2d2475936a09dfa5322e2cf87465ef357776579f5a075e76f379a9fa5e3de9a0df3896543e0485de4ce9c0a2023b8a79260cbce673f3d15f323dc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig backdoor miner persistence privilege_escalation trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120ea-3.dat	xmrig
behavioral1/memory/1032-11-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d98-10.dat	xmrig
behavioral1/files/0x0008000000015d8c-8.dat	xmrig
behavioral1/memory/2940-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2832-19-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e37-26.dat	xmrig
behavioral1/files/0x0007000000015fe6-39.dat	xmrig
behavioral1/files/0x0007000000015f6a-44.dat	xmrig
behavioral1/memory/2104-30-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00090000000161e4-52.dat	xmrig
behavioral1/memory/2708-59-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2568-66-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/572-71-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d6c-70.dat	xmrig
behavioral1/memory/600-77-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2128-83-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2776-97-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001923d-103.dat	xmrig
behavioral1/files/0x0005000000019249-111.dat	xmrig
behavioral1/memory/600-249-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1028-549-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2776-698-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2904-464-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2128-382-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000500000001944b-197.dat	xmrig
behavioral1/files/0x000500000001943c-192.dat	xmrig
behavioral1/files/0x0005000000019438-187.dat	xmrig
behavioral1/files/0x000500000001942d-182.dat	xmrig
behavioral1/files/0x0005000000019422-177.dat	xmrig
behavioral1/files/0x0005000000019418-172.dat	xmrig
behavioral1/files/0x0005000000019406-167.dat	xmrig
behavioral1/files/0x0005000000019395-162.dat	xmrig
behavioral1/files/0x0005000000019385-157.dat	xmrig
behavioral1/files/0x0005000000019377-152.dat	xmrig
behavioral1/files/0x0005000000019359-147.dat	xmrig
behavioral1/files/0x000500000001934b-142.dat	xmrig
behavioral1/files/0x0005000000019336-137.dat	xmrig
behavioral1/files/0x00050000000192eb-132.dat	xmrig
behavioral1/files/0x000500000001926c-127.dat	xmrig
behavioral1/files/0x0005000000019246-107.dat	xmrig
behavioral1/files/0x0005000000019239-96.dat	xmrig
behavioral1/memory/1028-90-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x000500000001922a-89.dat	xmrig
behavioral1/memory/2904-87-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2904-86-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019211-82.dat	xmrig
behavioral1/files/0x00050000000191e9-76.dat	xmrig
behavioral1/memory/3012-74-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016308-65.dat	xmrig
behavioral1/memory/2104-61-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2940-54-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2832-53-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2872-51-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0007000000016114-50.dat	xmrig
behavioral1/memory/2912-45-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/3012-43-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1032-41-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2904-38-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2904-6-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2832-2877-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1032-2878-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2104-2880-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1032	PBhFzRe.exe
2832	BgrpjoI.exe
2940	ImXKvgx.exe
2104	HBNkYsO.exe
3012	iIjTsRq.exe
2912	RURsyDi.exe
2872	pJQyLoe.exe
2708	PXvlRQW.exe
2568	BaWCMgK.exe
572	XNYoEWg.exe
600	QikbzzL.exe
2128	UlZPcwn.exe
1028	kdlTYjJ.exe
2776	clwBzyD.exe
2112	khvOXTv.exe
2028	GbyPmDW.exe
2508	lQpIGBo.exe
2036	SeeOoeu.exe
1240	LftNdiY.exe
2300	xfMiBES.exe
2656	CitdkhX.exe
2460	ujgzBOb.exe
2264	IquNCql.exe
2480	KsIbogb.exe
676	OxbUANu.exe
1692	HFJnvFO.exe
1328	obBvJRB.exe
1332	maDFQAS.exe
444	WNgWjbW.exe
1156	XaGxiTw.exe
1088	rGyeDmh.exe
1368	vDxuqPP.exe
1712	FaQKSWU.exe
772	yKkhiRL.exe
1336	LBqiHdI.exe
1796	fYLLEtv.exe
1732	ftguuAz.exe
1008	XZtpUID.exe
908	BlVjwjf.exe
2076	xXVgCVC.exe
2616	ZcNQkhM.exe
2584	WHIHcKz.exe
2640	CGnHzCI.exe
400	CcAFdFN.exe
1152	QuLFLWm.exe
2612	sLSGpij.exe
1488	kceSEMK.exe
1232	oLVzNzx.exe
756	OTImBzx.exe
2596	QpuplFP.exe
2768	Dukukqu.exe
1596	NdifQsf.exe
1604	oyeDmSK.exe
3000	TBmWXfb.exe
1652	vybVYJK.exe
2208	oRNlIDK.exe
2564	YVxYwcl.exe
592	wduNwvn.exe
2744	qldGWfj.exe
2892	GXXwTbF.exe
3024	rncIokV.exe
888	SNRZhkr.exe
1228	fGdLANy.exe
876	pvGKLzs.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00070000000120ea-3.dat	upx
behavioral1/memory/1032-11-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0008000000015d98-10.dat	upx
behavioral1/files/0x0008000000015d8c-8.dat	upx
behavioral1/memory/2940-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2832-19-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0008000000015e37-26.dat	upx
behavioral1/files/0x0007000000015fe6-39.dat	upx
behavioral1/files/0x0007000000015f6a-44.dat	upx
behavioral1/memory/2104-30-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00090000000161e4-52.dat	upx
behavioral1/memory/2708-59-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2568-66-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/572-71-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0009000000015d6c-70.dat	upx
behavioral1/memory/600-77-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2128-83-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2776-97-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x000500000001923d-103.dat	upx
behavioral1/files/0x0005000000019249-111.dat	upx
behavioral1/memory/600-249-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1028-549-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2776-698-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2128-382-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000500000001944b-197.dat	upx
behavioral1/files/0x000500000001943c-192.dat	upx
behavioral1/files/0x0005000000019438-187.dat	upx
behavioral1/files/0x000500000001942d-182.dat	upx
behavioral1/files/0x0005000000019422-177.dat	upx
behavioral1/files/0x0005000000019418-172.dat	upx
behavioral1/files/0x0005000000019406-167.dat	upx
behavioral1/files/0x0005000000019395-162.dat	upx
behavioral1/files/0x0005000000019385-157.dat	upx
behavioral1/files/0x0005000000019377-152.dat	upx
behavioral1/files/0x0005000000019359-147.dat	upx
behavioral1/files/0x000500000001934b-142.dat	upx
behavioral1/files/0x0005000000019336-137.dat	upx
behavioral1/files/0x00050000000192eb-132.dat	upx
behavioral1/files/0x000500000001926c-127.dat	upx
behavioral1/files/0x0005000000019246-107.dat	upx
behavioral1/files/0x0005000000019239-96.dat	upx
behavioral1/memory/1028-90-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x000500000001922a-89.dat	upx
behavioral1/files/0x0005000000019211-82.dat	upx
behavioral1/files/0x00050000000191e9-76.dat	upx
behavioral1/memory/3012-74-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0009000000016308-65.dat	upx
behavioral1/memory/2104-61-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2940-54-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2832-53-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2872-51-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0007000000016114-50.dat	upx
behavioral1/memory/2912-45-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/3012-43-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1032-41-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2904-38-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2832-2877-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1032-2878-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2104-2880-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/3012-2883-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2940-2889-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2708-2986-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/600-2981-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PnVnCQy.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SZGNxiy.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rustkCe.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qiDPKEj.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lpJgPYF.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rSNBfpt.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FuEIuNp.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\llkFzMN.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pXfuMKQ.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YpLKETB.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\skiPPdI.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NpQSlcf.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oyxBikp.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RWYlXCW.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gdBcOAI.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rGyeDmh.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qCvxfwj.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nTpCEJb.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uuJoIXV.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dIwXloF.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WqAPjjY.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tKJhWto.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lnAWKRA.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cOHuwKF.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oBtmNGk.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gFMBvTk.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tlHBHsf.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gRwrpbG.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gZKnmqL.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lCnFzQS.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jXCPrgY.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FPEIaoV.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rLOgTaz.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iPiUHzJ.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fNzKeMc.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GhoEAsZ.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kdZTAfW.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wNcECXJ.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KEbZNGP.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iVyAjQR.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kzRiInq.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fUdWUAB.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eFmZkwk.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xAlmHtS.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oUXTZTO.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vXpyaTn.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ioAlZsm.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gqYWgUG.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lpyIgDT.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LCjGdgs.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BYWClOf.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uGxaUGI.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nWKDAMV.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FfeiAng.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dzRqJZD.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xZKoreD.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZmXuIkH.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XyZSgVv.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cKWhmaA.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NswJGwT.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aGNfBWL.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cLpQwzg.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GcojbOm.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IfhBvIb.exe	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1032	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2904 wrote to memory of 1032	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2904 wrote to memory of 1032	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2904 wrote to memory of 2832	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2904 wrote to memory of 2832	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2904 wrote to memory of 2832	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2904 wrote to memory of 2940	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2904 wrote to memory of 2940	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2904 wrote to memory of 2940	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2904 wrote to memory of 2104	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2904 wrote to memory of 2104	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2904 wrote to memory of 2104	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2904 wrote to memory of 2912	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2904 wrote to memory of 2912	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2904 wrote to memory of 2912	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2904 wrote to memory of 3012	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2904 wrote to memory of 3012	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2904 wrote to memory of 3012	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2904 wrote to memory of 2872	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2904 wrote to memory of 2872	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2904 wrote to memory of 2872	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2904 wrote to memory of 2708	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2904 wrote to memory of 2708	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2904 wrote to memory of 2708	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2904 wrote to memory of 2568	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2904 wrote to memory of 2568	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2904 wrote to memory of 2568	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2904 wrote to memory of 572	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2904 wrote to memory of 572	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2904 wrote to memory of 572	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2904 wrote to memory of 600	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2904 wrote to memory of 600	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2904 wrote to memory of 600	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2904 wrote to memory of 2128	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2904 wrote to memory of 2128	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2904 wrote to memory of 2128	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2904 wrote to memory of 1028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2904 wrote to memory of 1028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2904 wrote to memory of 1028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2904 wrote to memory of 2776	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2904 wrote to memory of 2776	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2904 wrote to memory of 2776	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2904 wrote to memory of 2112	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2904 wrote to memory of 2112	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2904 wrote to memory of 2112	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2904 wrote to memory of 2028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2904 wrote to memory of 2028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2904 wrote to memory of 2028	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2904 wrote to memory of 2508	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2904 wrote to memory of 2508	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2904 wrote to memory of 2508	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2904 wrote to memory of 2036	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2904 wrote to memory of 2036	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2904 wrote to memory of 2036	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2904 wrote to memory of 1240	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2904 wrote to memory of 1240	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2904 wrote to memory of 1240	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2904 wrote to memory of 2300	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2904 wrote to memory of 2300	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2904 wrote to memory of 2300	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2904 wrote to memory of 2656	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2904 wrote to memory of 2656	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2904 wrote to memory of 2656	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2904 wrote to memory of 2460	2904	2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_9fd23662e61a939ac926abbd8169cbc2_amadey_cobalt-strike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\PBhFzRe.exe
  C:\Windows\System\PBhFzRe.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\BgrpjoI.exe
  C:\Windows\System\BgrpjoI.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ImXKvgx.exe
  C:\Windows\System\ImXKvgx.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\HBNkYsO.exe
  C:\Windows\System\HBNkYsO.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\RURsyDi.exe
  C:\Windows\System\RURsyDi.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\iIjTsRq.exe
  C:\Windows\System\iIjTsRq.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\pJQyLoe.exe
  C:\Windows\System\pJQyLoe.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\PXvlRQW.exe
  C:\Windows\System\PXvlRQW.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\BaWCMgK.exe
  C:\Windows\System\BaWCMgK.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XNYoEWg.exe
  C:\Windows\System\XNYoEWg.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\QikbzzL.exe
  C:\Windows\System\QikbzzL.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\UlZPcwn.exe
  C:\Windows\System\UlZPcwn.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\kdlTYjJ.exe
  C:\Windows\System\kdlTYjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\clwBzyD.exe
  C:\Windows\System\clwBzyD.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\khvOXTv.exe
  C:\Windows\System\khvOXTv.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\GbyPmDW.exe
  C:\Windows\System\GbyPmDW.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\lQpIGBo.exe
  C:\Windows\System\lQpIGBo.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\SeeOoeu.exe
  C:\Windows\System\SeeOoeu.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\LftNdiY.exe
  C:\Windows\System\LftNdiY.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\xfMiBES.exe
  C:\Windows\System\xfMiBES.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\CitdkhX.exe
  C:\Windows\System\CitdkhX.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ujgzBOb.exe
  C:\Windows\System\ujgzBOb.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IquNCql.exe
  C:\Windows\System\IquNCql.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\KsIbogb.exe
  C:\Windows\System\KsIbogb.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OxbUANu.exe
  C:\Windows\System\OxbUANu.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\HFJnvFO.exe
  C:\Windows\System\HFJnvFO.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\obBvJRB.exe
  C:\Windows\System\obBvJRB.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\maDFQAS.exe
  C:\Windows\System\maDFQAS.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\WNgWjbW.exe
  C:\Windows\System\WNgWjbW.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\XaGxiTw.exe
  C:\Windows\System\XaGxiTw.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\rGyeDmh.exe
  C:\Windows\System\rGyeDmh.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\vDxuqPP.exe
  C:\Windows\System\vDxuqPP.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\FaQKSWU.exe
  C:\Windows\System\FaQKSWU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\yKkhiRL.exe
  C:\Windows\System\yKkhiRL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\LBqiHdI.exe
  C:\Windows\System\LBqiHdI.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\fYLLEtv.exe
  C:\Windows\System\fYLLEtv.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ftguuAz.exe
  C:\Windows\System\ftguuAz.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\XZtpUID.exe
  C:\Windows\System\XZtpUID.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\BlVjwjf.exe
  C:\Windows\System\BlVjwjf.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\xXVgCVC.exe
  C:\Windows\System\xXVgCVC.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ZcNQkhM.exe
  C:\Windows\System\ZcNQkhM.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\WHIHcKz.exe
  C:\Windows\System\WHIHcKz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\CGnHzCI.exe
  C:\Windows\System\CGnHzCI.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\CcAFdFN.exe
  C:\Windows\System\CcAFdFN.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\QuLFLWm.exe
  C:\Windows\System\QuLFLWm.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\sLSGpij.exe
  C:\Windows\System\sLSGpij.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\kceSEMK.exe
  C:\Windows\System\kceSEMK.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\oLVzNzx.exe
  C:\Windows\System\oLVzNzx.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\OTImBzx.exe
  C:\Windows\System\OTImBzx.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\QpuplFP.exe
  C:\Windows\System\QpuplFP.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\Dukukqu.exe
  C:\Windows\System\Dukukqu.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\NdifQsf.exe
  C:\Windows\System\NdifQsf.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\oyeDmSK.exe
  C:\Windows\System\oyeDmSK.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\TBmWXfb.exe
  C:\Windows\System\TBmWXfb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\vybVYJK.exe
  C:\Windows\System\vybVYJK.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\oRNlIDK.exe
  C:\Windows\System\oRNlIDK.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YVxYwcl.exe
  C:\Windows\System\YVxYwcl.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\wduNwvn.exe
  C:\Windows\System\wduNwvn.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\qldGWfj.exe
  C:\Windows\System\qldGWfj.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\GXXwTbF.exe
  C:\Windows\System\GXXwTbF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rncIokV.exe
  C:\Windows\System\rncIokV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\SNRZhkr.exe
  C:\Windows\System\SNRZhkr.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\fGdLANy.exe
  C:\Windows\System\fGdLANy.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\pvGKLzs.exe
  C:\Windows\System\pvGKLzs.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\qQQbIbu.exe
  C:\Windows\System\qQQbIbu.exe
  2⤵
  PID:1960
- C:\Windows\System\JYnNGzD.exe
  C:\Windows\System\JYnNGzD.exe
  2⤵
  PID:2772
- C:\Windows\System\wBbKDTh.exe
  C:\Windows\System\wBbKDTh.exe
  2⤵
  PID:1804
- C:\Windows\System\fzZdoqg.exe
  C:\Windows\System\fzZdoqg.exe
  2⤵
  PID:2152
- C:\Windows\System\eVBWKdV.exe
  C:\Windows\System\eVBWKdV.exe
  2⤵
  PID:2500
- C:\Windows\System\UiQnzvv.exe
  C:\Windows\System\UiQnzvv.exe
  2⤵
  PID:1036
- C:\Windows\System\steunmG.exe
  C:\Windows\System\steunmG.exe
  2⤵
  PID:2404
- C:\Windows\System\SwIsvuF.exe
  C:\Windows\System\SwIsvuF.exe
  2⤵
  PID:2652
- C:\Windows\System\enCakXJ.exe
  C:\Windows\System\enCakXJ.exe
  2⤵
  PID:1236
- C:\Windows\System\LGweHnd.exe
  C:\Windows\System\LGweHnd.exe
  2⤵
  PID:1696
- C:\Windows\System\OFcqsxl.exe
  C:\Windows\System\OFcqsxl.exe
  2⤵
  PID:2272
- C:\Windows\System\GKBdPNc.exe
  C:\Windows\System\GKBdPNc.exe
  2⤵
  PID:548
- C:\Windows\System\SQPvDnV.exe
  C:\Windows\System\SQPvDnV.exe
  2⤵
  PID:2440
- C:\Windows\System\kTtPOsX.exe
  C:\Windows\System\kTtPOsX.exe
  2⤵
  PID:2080
- C:\Windows\System\uwcftAt.exe
  C:\Windows\System\uwcftAt.exe
  2⤵
  PID:2400
- C:\Windows\System\OlgrftW.exe
  C:\Windows\System\OlgrftW.exe
  2⤵
  PID:2620
- C:\Windows\System\BcmOpQv.exe
  C:\Windows\System\BcmOpQv.exe
  2⤵
  PID:2360
- C:\Windows\System\GriTJbz.exe
  C:\Windows\System\GriTJbz.exe
  2⤵
  PID:340
- C:\Windows\System\QSgkRpc.exe
  C:\Windows\System\QSgkRpc.exe
  2⤵
  PID:1192
- C:\Windows\System\QcvpHVR.exe
  C:\Windows\System\QcvpHVR.exe
  2⤵
  PID:2292
- C:\Windows\System\NjMLBMz.exe
  C:\Windows\System\NjMLBMz.exe
  2⤵
  PID:1660
- C:\Windows\System\GWHfROc.exe
  C:\Windows\System\GWHfROc.exe
  2⤵
  PID:2216
- C:\Windows\System\oHamftC.exe
  C:\Windows\System\oHamftC.exe
  2⤵
  PID:2968
- C:\Windows\System\tPtjFQp.exe
  C:\Windows\System\tPtjFQp.exe
  2⤵
  PID:2012
- C:\Windows\System\FHdBtvl.exe
  C:\Windows\System\FHdBtvl.exe
  2⤵
  PID:2532
- C:\Windows\System\vhxydpk.exe
  C:\Windows\System\vhxydpk.exe
  2⤵
  PID:2332
- C:\Windows\System\foZbMqH.exe
  C:\Windows\System\foZbMqH.exe
  2⤵
  PID:2120
- C:\Windows\System\mNZYnDb.exe
  C:\Windows\System\mNZYnDb.exe
  2⤵
  PID:1092
- C:\Windows\System\ocWDgNQ.exe
  C:\Windows\System\ocWDgNQ.exe
  2⤵
  PID:2124
- C:\Windows\System\MiugNcY.exe
  C:\Windows\System\MiugNcY.exe
  2⤵
  PID:1636
- C:\Windows\System\zKcLEkH.exe
  C:\Windows\System\zKcLEkH.exe
  2⤵
  PID:944
- C:\Windows\System\dVSBAOM.exe
  C:\Windows\System\dVSBAOM.exe
  2⤵
  PID:1320
- C:\Windows\System\PdsGPQl.exe
  C:\Windows\System\PdsGPQl.exe
  2⤵
  PID:1996
- C:\Windows\System\oSiBCqg.exe
  C:\Windows\System\oSiBCqg.exe
  2⤵
  PID:2820
- C:\Windows\System\fKQWxVD.exe
  C:\Windows\System\fKQWxVD.exe
  2⤵
  PID:2220
- C:\Windows\System\zuIelfH.exe
  C:\Windows\System\zuIelfH.exe
  2⤵
  PID:1980
- C:\Windows\System\PAkSGWL.exe
  C:\Windows\System\PAkSGWL.exe
  2⤵
  PID:1936
- C:\Windows\System\RqYTlbt.exe
  C:\Windows\System\RqYTlbt.exe
  2⤵
  PID:2280
- C:\Windows\System\tfOIoYb.exe
  C:\Windows\System\tfOIoYb.exe
  2⤵
  PID:3068
- C:\Windows\System\dkIGbdv.exe
  C:\Windows\System\dkIGbdv.exe
  2⤵
  PID:1612
- C:\Windows\System\USLIXSS.exe
  C:\Windows\System\USLIXSS.exe
  2⤵
  PID:2816
- C:\Windows\System\lXjeDWC.exe
  C:\Windows\System\lXjeDWC.exe
  2⤵
  PID:3092
- C:\Windows\System\EHunkIv.exe
  C:\Windows\System\EHunkIv.exe
  2⤵
  PID:3112
- C:\Windows\System\BnKDDFx.exe
  C:\Windows\System\BnKDDFx.exe
  2⤵
  PID:3132
- C:\Windows\System\wlCtpsx.exe
  C:\Windows\System\wlCtpsx.exe
  2⤵
  PID:3152
- C:\Windows\System\OHCEuke.exe
  C:\Windows\System\OHCEuke.exe
  2⤵
  PID:3172
- C:\Windows\System\vyzlnqJ.exe
  C:\Windows\System\vyzlnqJ.exe
  2⤵
  PID:3192
- C:\Windows\System\HcCziyl.exe
  C:\Windows\System\HcCziyl.exe
  2⤵
  PID:3212
- C:\Windows\System\hjtamjW.exe
  C:\Windows\System\hjtamjW.exe
  2⤵
  PID:3232
- C:\Windows\System\dfbavLG.exe
  C:\Windows\System\dfbavLG.exe
  2⤵
  PID:3252
- C:\Windows\System\FSAcuGB.exe
  C:\Windows\System\FSAcuGB.exe
  2⤵
  PID:3272
- C:\Windows\System\cKWhmaA.exe
  C:\Windows\System\cKWhmaA.exe
  2⤵
  PID:3292
- C:\Windows\System\WNRfHYH.exe
  C:\Windows\System\WNRfHYH.exe
  2⤵
  PID:3312
- C:\Windows\System\qMyRfbi.exe
  C:\Windows\System\qMyRfbi.exe
  2⤵
  PID:3332
- C:\Windows\System\qymvIje.exe
  C:\Windows\System\qymvIje.exe
  2⤵
  PID:3352
- C:\Windows\System\EhXMfpJ.exe
  C:\Windows\System\EhXMfpJ.exe
  2⤵
  PID:3372
- C:\Windows\System\RZlJPdU.exe
  C:\Windows\System\RZlJPdU.exe
  2⤵
  PID:3396
- C:\Windows\System\EfSCOOZ.exe
  C:\Windows\System\EfSCOOZ.exe
  2⤵
  PID:3416
- C:\Windows\System\gBFUNcB.exe
  C:\Windows\System\gBFUNcB.exe
  2⤵
  PID:3436
- C:\Windows\System\rYAbmJm.exe
  C:\Windows\System\rYAbmJm.exe
  2⤵
  PID:3456
- C:\Windows\System\qwwofke.exe
  C:\Windows\System\qwwofke.exe
  2⤵
  PID:3476
- C:\Windows\System\qCvxfwj.exe
  C:\Windows\System\qCvxfwj.exe
  2⤵
  PID:3496
- C:\Windows\System\TxXCjQy.exe
  C:\Windows\System\TxXCjQy.exe
  2⤵
  PID:3516
- C:\Windows\System\vUXCRax.exe
  C:\Windows\System\vUXCRax.exe
  2⤵
  PID:3536
- C:\Windows\System\gDgBKKo.exe
  C:\Windows\System\gDgBKKo.exe
  2⤵
  PID:3556
- C:\Windows\System\UJPoQWL.exe
  C:\Windows\System\UJPoQWL.exe
  2⤵
  PID:3576
- C:\Windows\System\CXHFHFj.exe
  C:\Windows\System\CXHFHFj.exe
  2⤵
  PID:3596
- C:\Windows\System\HVmvaJp.exe
  C:\Windows\System\HVmvaJp.exe
  2⤵
  PID:3616
- C:\Windows\System\dyQoOvJ.exe
  C:\Windows\System\dyQoOvJ.exe
  2⤵
  PID:3636
- C:\Windows\System\vPHblXv.exe
  C:\Windows\System\vPHblXv.exe
  2⤵
  PID:3656
- C:\Windows\System\GUVHulK.exe
  C:\Windows\System\GUVHulK.exe
  2⤵
  PID:3676
- C:\Windows\System\vPMZmrV.exe
  C:\Windows\System\vPMZmrV.exe
  2⤵
  PID:3696
- C:\Windows\System\TvCrCwj.exe
  C:\Windows\System\TvCrCwj.exe
  2⤵
  PID:3716
- C:\Windows\System\uBXmmnM.exe
  C:\Windows\System\uBXmmnM.exe
  2⤵
  PID:3736
- C:\Windows\System\Xhbjgrp.exe
  C:\Windows\System\Xhbjgrp.exe
  2⤵
  PID:3756
- C:\Windows\System\fuyXEYs.exe
  C:\Windows\System\fuyXEYs.exe
  2⤵
  PID:3776
- C:\Windows\System\zjMmvGW.exe
  C:\Windows\System\zjMmvGW.exe
  2⤵
  PID:3796
- C:\Windows\System\QlEKCkK.exe
  C:\Windows\System\QlEKCkK.exe
  2⤵
  PID:3816
- C:\Windows\System\tqdxZeS.exe
  C:\Windows\System\tqdxZeS.exe
  2⤵
  PID:3836
- C:\Windows\System\AUdxAwu.exe
  C:\Windows\System\AUdxAwu.exe
  2⤵
  PID:3856
- C:\Windows\System\gQfwDBN.exe
  C:\Windows\System\gQfwDBN.exe
  2⤵
  PID:3876
- C:\Windows\System\Zuhrtzh.exe
  C:\Windows\System\Zuhrtzh.exe
  2⤵
  PID:3896
- C:\Windows\System\HLBWJLO.exe
  C:\Windows\System\HLBWJLO.exe
  2⤵
  PID:3916
- C:\Windows\System\DtMZWoY.exe
  C:\Windows\System\DtMZWoY.exe
  2⤵
  PID:3940
- C:\Windows\System\GlZkzmJ.exe
  C:\Windows\System\GlZkzmJ.exe
  2⤵
  PID:3960
- C:\Windows\System\VwbEifE.exe
  C:\Windows\System\VwbEifE.exe
  2⤵
  PID:3980
- C:\Windows\System\FEkIefy.exe
  C:\Windows\System\FEkIefy.exe
  2⤵
  PID:3996
- C:\Windows\System\dDgZuPf.exe
  C:\Windows\System\dDgZuPf.exe
  2⤵
  PID:4020
- C:\Windows\System\zBUjPqw.exe
  C:\Windows\System\zBUjPqw.exe
  2⤵
  PID:4040
- C:\Windows\System\yelInku.exe
  C:\Windows\System\yelInku.exe
  2⤵
  PID:4060
- C:\Windows\System\kzRiInq.exe
  C:\Windows\System\kzRiInq.exe
  2⤵
  PID:4080
- C:\Windows\System\ZkEnokM.exe
  C:\Windows\System\ZkEnokM.exe
  2⤵
  PID:2672
- C:\Windows\System\xtrLqqc.exe
  C:\Windows\System\xtrLqqc.exe
  2⤵
  PID:2520
- C:\Windows\System\OebUKDM.exe
  C:\Windows\System\OebUKDM.exe
  2⤵
  PID:2144
- C:\Windows\System\jBzskMX.exe
  C:\Windows\System\jBzskMX.exe
  2⤵
  PID:2148
- C:\Windows\System\WtGnCWa.exe
  C:\Windows\System\WtGnCWa.exe
  2⤵
  PID:2420
- C:\Windows\System\eckOPpS.exe
  C:\Windows\System\eckOPpS.exe
  2⤵
  PID:988
- C:\Windows\System\LwjXrGj.exe
  C:\Windows\System\LwjXrGj.exe
  2⤵
  PID:1772
- C:\Windows\System\aMBQvGX.exe
  C:\Windows\System\aMBQvGX.exe
  2⤵
  PID:2444
- C:\Windows\System\fUdWUAB.exe
  C:\Windows\System\fUdWUAB.exe
  2⤵
  PID:1052
- C:\Windows\System\ZQecDTE.exe
  C:\Windows\System\ZQecDTE.exe
  2⤵
  PID:884
- C:\Windows\System\YADWYnP.exe
  C:\Windows\System\YADWYnP.exe
  2⤵
  PID:1608
- C:\Windows\System\uwEZxZi.exe
  C:\Windows\System\uwEZxZi.exe
  2⤵
  PID:3088
- C:\Windows\System\PMFXYka.exe
  C:\Windows\System\PMFXYka.exe
  2⤵
  PID:3120
- C:\Windows\System\fwmmYuI.exe
  C:\Windows\System\fwmmYuI.exe
  2⤵
  PID:3144
- C:\Windows\System\mImTSSR.exe
  C:\Windows\System\mImTSSR.exe
  2⤵
  PID:3164
- C:\Windows\System\jrpWcVP.exe
  C:\Windows\System\jrpWcVP.exe
  2⤵
  PID:3228
- C:\Windows\System\ZJWBHuh.exe
  C:\Windows\System\ZJWBHuh.exe
  2⤵
  PID:3244
- C:\Windows\System\aixPOtV.exe
  C:\Windows\System\aixPOtV.exe
  2⤵
  PID:3300
- C:\Windows\System\EXzDiTh.exe
  C:\Windows\System\EXzDiTh.exe
  2⤵
  PID:3328
- C:\Windows\System\dAJRApQ.exe
  C:\Windows\System\dAJRApQ.exe
  2⤵
  PID:3360
- C:\Windows\System\gCzLUYu.exe
  C:\Windows\System\gCzLUYu.exe
  2⤵
  PID:3364
- C:\Windows\System\NWrHRJK.exe
  C:\Windows\System\NWrHRJK.exe
  2⤵
  PID:3432
- C:\Windows\System\JHIBSST.exe
  C:\Windows\System\JHIBSST.exe
  2⤵
  PID:3464
- C:\Windows\System\ybDRsme.exe
  C:\Windows\System\ybDRsme.exe
  2⤵
  PID:3488
- C:\Windows\System\vTPnzFY.exe
  C:\Windows\System\vTPnzFY.exe
  2⤵
  PID:3544
- C:\Windows\System\aWKSxyN.exe
  C:\Windows\System\aWKSxyN.exe
  2⤵
  PID:3584
- C:\Windows\System\eObMeBH.exe
  C:\Windows\System\eObMeBH.exe
  2⤵
  PID:3588
- C:\Windows\System\gkXNDwi.exe
  C:\Windows\System\gkXNDwi.exe
  2⤵
  PID:3628
- C:\Windows\System\FlAOeZb.exe
  C:\Windows\System\FlAOeZb.exe
  2⤵
  PID:3648
- C:\Windows\System\hNSAJHf.exe
  C:\Windows\System\hNSAJHf.exe
  2⤵
  PID:3708
- C:\Windows\System\CzOxotT.exe
  C:\Windows\System\CzOxotT.exe
  2⤵
  PID:3732
- C:\Windows\System\gupFUAd.exe
  C:\Windows\System\gupFUAd.exe
  2⤵
  PID:3764
- C:\Windows\System\hoCrXIi.exe
  C:\Windows\System\hoCrXIi.exe
  2⤵
  PID:3788
- C:\Windows\System\saiTDQN.exe
  C:\Windows\System\saiTDQN.exe
  2⤵
  PID:3828
- C:\Windows\System\mkeMTJm.exe
  C:\Windows\System\mkeMTJm.exe
  2⤵
  PID:3852
- C:\Windows\System\HofuvdM.exe
  C:\Windows\System\HofuvdM.exe
  2⤵
  PID:3908
- C:\Windows\System\KCGhXVT.exe
  C:\Windows\System\KCGhXVT.exe
  2⤵
  PID:3932
- C:\Windows\System\jZdHejq.exe
  C:\Windows\System\jZdHejq.exe
  2⤵
  PID:3968
- C:\Windows\System\xgBiWIo.exe
  C:\Windows\System\xgBiWIo.exe
  2⤵
  PID:4028
- C:\Windows\System\leirMTl.exe
  C:\Windows\System\leirMTl.exe
  2⤵
  PID:4036
- C:\Windows\System\HTBFyHp.exe
  C:\Windows\System\HTBFyHp.exe
  2⤵
  PID:4076
- C:\Windows\System\aiSYXAW.exe
  C:\Windows\System\aiSYXAW.exe
  2⤵
  PID:3020
- C:\Windows\System\OcMglUy.exe
  C:\Windows\System\OcMglUy.exe
  2⤵
  PID:1704
- C:\Windows\System\JWuguBA.exe
  C:\Windows\System\JWuguBA.exe
  2⤵
  PID:1620
- C:\Windows\System\inDaVTK.exe
  C:\Windows\System\inDaVTK.exe
  2⤵
  PID:1012
- C:\Windows\System\YaoQauB.exe
  C:\Windows\System\YaoQauB.exe
  2⤵
  PID:900
- C:\Windows\System\iNFRNLU.exe
  C:\Windows\System\iNFRNLU.exe
  2⤵
  PID:1672
- C:\Windows\System\KblLooS.exe
  C:\Windows\System\KblLooS.exe
  2⤵
  PID:1940
- C:\Windows\System\xDNyLsj.exe
  C:\Windows\System\xDNyLsj.exe
  2⤵
  PID:3100
- C:\Windows\System\GJZYPKN.exe
  C:\Windows\System\GJZYPKN.exe
  2⤵
  PID:3168
- C:\Windows\System\QiLdNqv.exe
  C:\Windows\System\QiLdNqv.exe
  2⤵
  PID:3240
- C:\Windows\System\MIoXHue.exe
  C:\Windows\System\MIoXHue.exe
  2⤵
  PID:3280
- C:\Windows\System\oBtmNGk.exe
  C:\Windows\System\oBtmNGk.exe
  2⤵
  PID:3304
- C:\Windows\System\UrCnTrL.exe
  C:\Windows\System\UrCnTrL.exe
  2⤵
  PID:3404
- C:\Windows\System\FyYZNzJ.exe
  C:\Windows\System\FyYZNzJ.exe
  2⤵
  PID:3444
- C:\Windows\System\dyKaKBp.exe
  C:\Windows\System\dyKaKBp.exe
  2⤵
  PID:3484
- C:\Windows\System\uGFyIpp.exe
  C:\Windows\System\uGFyIpp.exe
  2⤵
  PID:3548
- C:\Windows\System\elmYksL.exe
  C:\Windows\System\elmYksL.exe
  2⤵
  PID:3568
- C:\Windows\System\pCkNSyb.exe
  C:\Windows\System\pCkNSyb.exe
  2⤵
  PID:3652
- C:\Windows\System\BZbebSe.exe
  C:\Windows\System\BZbebSe.exe
  2⤵
  PID:3724
- C:\Windows\System\wQXODtr.exe
  C:\Windows\System\wQXODtr.exe
  2⤵
  PID:3768
- C:\Windows\System\mbsaEfu.exe
  C:\Windows\System\mbsaEfu.exe
  2⤵
  PID:3824
- C:\Windows\System\jNYhViN.exe
  C:\Windows\System\jNYhViN.exe
  2⤵
  PID:4112
- C:\Windows\System\PvEMDby.exe
  C:\Windows\System\PvEMDby.exe
  2⤵
  PID:4132
- C:\Windows\System\NWZHcis.exe
  C:\Windows\System\NWZHcis.exe
  2⤵
  PID:4152
- C:\Windows\System\AgrRAgd.exe
  C:\Windows\System\AgrRAgd.exe
  2⤵
  PID:4172
- C:\Windows\System\BREEpfT.exe
  C:\Windows\System\BREEpfT.exe
  2⤵
  PID:4192
- C:\Windows\System\XkXXmSP.exe
  C:\Windows\System\XkXXmSP.exe
  2⤵
  PID:4212
- C:\Windows\System\QXFXgcJ.exe
  C:\Windows\System\QXFXgcJ.exe
  2⤵
  PID:4232
- C:\Windows\System\YWmrBqd.exe
  C:\Windows\System\YWmrBqd.exe
  2⤵
  PID:4256
- C:\Windows\System\ZQnQjim.exe
  C:\Windows\System\ZQnQjim.exe
  2⤵
  PID:4276
- C:\Windows\System\HgaRBZo.exe
  C:\Windows\System\HgaRBZo.exe
  2⤵
  PID:4296
- C:\Windows\System\fCAXqeT.exe
  C:\Windows\System\fCAXqeT.exe
  2⤵
  PID:4316
- C:\Windows\System\dTcSrcB.exe
  C:\Windows\System\dTcSrcB.exe
  2⤵
  PID:4336
- C:\Windows\System\bZMGJOA.exe
  C:\Windows\System\bZMGJOA.exe
  2⤵
  PID:4356
- C:\Windows\System\rQrCNpU.exe
  C:\Windows\System\rQrCNpU.exe
  2⤵
  PID:4376
- C:\Windows\System\vJqipSm.exe
  C:\Windows\System\vJqipSm.exe
  2⤵
  PID:4396
- C:\Windows\System\mZPbnrp.exe
  C:\Windows\System\mZPbnrp.exe
  2⤵
  PID:4416
- C:\Windows\System\yUsniyK.exe
  C:\Windows\System\yUsniyK.exe
  2⤵
  PID:4436
- C:\Windows\System\JUXTBip.exe
  C:\Windows\System\JUXTBip.exe
  2⤵
  PID:4456
- C:\Windows\System\knbEFVI.exe
  C:\Windows\System\knbEFVI.exe
  2⤵
  PID:4476
- C:\Windows\System\GEnQkfG.exe
  C:\Windows\System\GEnQkfG.exe
  2⤵
  PID:4496
- C:\Windows\System\KGhaTbW.exe
  C:\Windows\System\KGhaTbW.exe
  2⤵
  PID:4516
- C:\Windows\System\ESplbKt.exe
  C:\Windows\System\ESplbKt.exe
  2⤵
  PID:4536
- C:\Windows\System\AKrVFRo.exe
  C:\Windows\System\AKrVFRo.exe
  2⤵
  PID:4560
- C:\Windows\System\FZSMGkd.exe
  C:\Windows\System\FZSMGkd.exe
  2⤵
  PID:4580
- C:\Windows\System\qkUTYXV.exe
  C:\Windows\System\qkUTYXV.exe
  2⤵
  PID:4600
- C:\Windows\System\QniEuCD.exe
  C:\Windows\System\QniEuCD.exe
  2⤵
  PID:4620
- C:\Windows\System\SLJCqjs.exe
  C:\Windows\System\SLJCqjs.exe
  2⤵
  PID:4640
- C:\Windows\System\VtifKww.exe
  C:\Windows\System\VtifKww.exe
  2⤵
  PID:4660
- C:\Windows\System\esBLCNo.exe
  C:\Windows\System\esBLCNo.exe
  2⤵
  PID:4680
- C:\Windows\System\brYszmR.exe
  C:\Windows\System\brYszmR.exe
  2⤵
  PID:4700
- C:\Windows\System\FcVuJKN.exe
  C:\Windows\System\FcVuJKN.exe
  2⤵
  PID:4720
- C:\Windows\System\LIpnoaA.exe
  C:\Windows\System\LIpnoaA.exe
  2⤵
  PID:4740
- C:\Windows\System\OJwXKEv.exe
  C:\Windows\System\OJwXKEv.exe
  2⤵
  PID:4760
- C:\Windows\System\yuvAQcu.exe
  C:\Windows\System\yuvAQcu.exe
  2⤵
  PID:4780
- C:\Windows\System\zNxDxCy.exe
  C:\Windows\System\zNxDxCy.exe
  2⤵
  PID:4800
- C:\Windows\System\gFMBvTk.exe
  C:\Windows\System\gFMBvTk.exe
  2⤵
  PID:4820
- C:\Windows\System\WRydtkJ.exe
  C:\Windows\System\WRydtkJ.exe
  2⤵
  PID:4840
- C:\Windows\System\TjfjWLB.exe
  C:\Windows\System\TjfjWLB.exe
  2⤵
  PID:4860
- C:\Windows\System\cnBTBYT.exe
  C:\Windows\System\cnBTBYT.exe
  2⤵
  PID:4880
- C:\Windows\System\aTPTJSb.exe
  C:\Windows\System\aTPTJSb.exe
  2⤵
  PID:4900
- C:\Windows\System\sljaFRu.exe
  C:\Windows\System\sljaFRu.exe
  2⤵
  PID:4920
- C:\Windows\System\TPQPMhJ.exe
  C:\Windows\System\TPQPMhJ.exe
  2⤵
  PID:4940
- C:\Windows\System\bsMkotg.exe
  C:\Windows\System\bsMkotg.exe
  2⤵
  PID:4960
- C:\Windows\System\NzoCQhx.exe
  C:\Windows\System\NzoCQhx.exe
  2⤵
  PID:4980
- C:\Windows\System\NdFWDLt.exe
  C:\Windows\System\NdFWDLt.exe
  2⤵
  PID:5000
- C:\Windows\System\glTaFcW.exe
  C:\Windows\System\glTaFcW.exe
  2⤵
  PID:5020
- C:\Windows\System\QVFAsMh.exe
  C:\Windows\System\QVFAsMh.exe
  2⤵
  PID:5040
- C:\Windows\System\VRneUeB.exe
  C:\Windows\System\VRneUeB.exe
  2⤵
  PID:5060
- C:\Windows\System\NDKOESS.exe
  C:\Windows\System\NDKOESS.exe
  2⤵
  PID:5080
- C:\Windows\System\mPWiNJc.exe
  C:\Windows\System\mPWiNJc.exe
  2⤵
  PID:5100
- C:\Windows\System\jHQdIie.exe
  C:\Windows\System\jHQdIie.exe
  2⤵
  PID:3848
- C:\Windows\System\wUAMLZF.exe
  C:\Windows\System\wUAMLZF.exe
  2⤵
  PID:3948
- C:\Windows\System\QPcwxmN.exe
  C:\Windows\System\QPcwxmN.exe
  2⤵
  PID:3956
- C:\Windows\System\PiMJosR.exe
  C:\Windows\System\PiMJosR.exe
  2⤵
  PID:4012
- C:\Windows\System\vUUpqLn.exe
  C:\Windows\System\vUUpqLn.exe
  2⤵
  PID:2936
- C:\Windows\System\gWJambX.exe
  C:\Windows\System\gWJambX.exe
  2⤵
  PID:852
- C:\Windows\System\sEFWKHV.exe
  C:\Windows\System\sEFWKHV.exe
  2⤵
  PID:1808
- C:\Windows\System\kmWdWKV.exe
  C:\Windows\System\kmWdWKV.exe
  2⤵
  PID:1616
- C:\Windows\System\xSYXQHW.exe
  C:\Windows\System\xSYXQHW.exe
  2⤵
  PID:1600
- C:\Windows\System\kCGqKer.exe
  C:\Windows\System\kCGqKer.exe
  2⤵
  PID:3180
- C:\Windows\System\hYPDveB.exe
  C:\Windows\System\hYPDveB.exe
  2⤵
  PID:3288
- C:\Windows\System\mtSdKrE.exe
  C:\Windows\System\mtSdKrE.exe
  2⤵
  PID:3344
- C:\Windows\System\NTFdALM.exe
  C:\Windows\System\NTFdALM.exe
  2⤵
  PID:3452
- C:\Windows\System\iYpNSVQ.exe
  C:\Windows\System\iYpNSVQ.exe
  2⤵
  PID:3468
- C:\Windows\System\eNWsoJy.exe
  C:\Windows\System\eNWsoJy.exe
  2⤵
  PID:3508
- C:\Windows\System\pyOkPvL.exe
  C:\Windows\System\pyOkPvL.exe
  2⤵
  PID:3644
- C:\Windows\System\tQXESXf.exe
  C:\Windows\System\tQXESXf.exe
  2⤵
  PID:3692
- C:\Windows\System\UZuGxNf.exe
  C:\Windows\System\UZuGxNf.exe
  2⤵
  PID:4108
- C:\Windows\System\zcnQWxA.exe
  C:\Windows\System\zcnQWxA.exe
  2⤵
  PID:4140
- C:\Windows\System\LmUelBy.exe
  C:\Windows\System\LmUelBy.exe
  2⤵
  PID:4164
- C:\Windows\System\NWbCyjh.exe
  C:\Windows\System\NWbCyjh.exe
  2⤵
  PID:4184
- C:\Windows\System\rgpFcar.exe
  C:\Windows\System\rgpFcar.exe
  2⤵
  PID:4228
- C:\Windows\System\RaWAICz.exe
  C:\Windows\System\RaWAICz.exe
  2⤵
  PID:4288
- C:\Windows\System\uOKIgBu.exe
  C:\Windows\System\uOKIgBu.exe
  2⤵
  PID:4312
- C:\Windows\System\vDsZNdT.exe
  C:\Windows\System\vDsZNdT.exe
  2⤵
  PID:4344
- C:\Windows\System\nPBGAFo.exe
  C:\Windows\System\nPBGAFo.exe
  2⤵
  PID:4368
- C:\Windows\System\CNaaods.exe
  C:\Windows\System\CNaaods.exe
  2⤵
  PID:4412
- C:\Windows\System\fUHQnSl.exe
  C:\Windows\System\fUHQnSl.exe
  2⤵
  PID:4428
- C:\Windows\System\lrCwOUf.exe
  C:\Windows\System\lrCwOUf.exe
  2⤵
  PID:4484
- C:\Windows\System\lKoWoKx.exe
  C:\Windows\System\lKoWoKx.exe
  2⤵
  PID:4524
- C:\Windows\System\PYFCptg.exe
  C:\Windows\System\PYFCptg.exe
  2⤵
  PID:4544
- C:\Windows\System\tWnbZbL.exe
  C:\Windows\System\tWnbZbL.exe
  2⤵
  PID:4588
- C:\Windows\System\EploRaJ.exe
  C:\Windows\System\EploRaJ.exe
  2⤵
  PID:4612
- C:\Windows\System\MAYjSHU.exe
  C:\Windows\System\MAYjSHU.exe
  2⤵
  PID:4656
- C:\Windows\System\otwOPun.exe
  C:\Windows\System\otwOPun.exe
  2⤵
  PID:4696
- C:\Windows\System\DbRThJC.exe
  C:\Windows\System\DbRThJC.exe
  2⤵
  PID:4716
- C:\Windows\System\NEqCuXw.exe
  C:\Windows\System\NEqCuXw.exe
  2⤵
  PID:4776
- C:\Windows\System\xwDeRtH.exe
  C:\Windows\System\xwDeRtH.exe
  2⤵
  PID:4788
- C:\Windows\System\GjvHTNM.exe
  C:\Windows\System\GjvHTNM.exe
  2⤵
  PID:4812
- C:\Windows\System\ZcnaJhp.exe
  C:\Windows\System\ZcnaJhp.exe
  2⤵
  PID:4832
- C:\Windows\System\ZnBSueG.exe
  C:\Windows\System\ZnBSueG.exe
  2⤵
  PID:4888
- C:\Windows\System\exWCAOQ.exe
  C:\Windows\System\exWCAOQ.exe
  2⤵
  PID:4912
- C:\Windows\System\qSAoVqo.exe
  C:\Windows\System\qSAoVqo.exe
  2⤵
  PID:4956
- C:\Windows\System\ixujhZP.exe
  C:\Windows\System\ixujhZP.exe
  2⤵
  PID:4988
- C:\Windows\System\nosVYiU.exe
  C:\Windows\System\nosVYiU.exe
  2⤵
  PID:5012
- C:\Windows\System\MvwGmXB.exe
  C:\Windows\System\MvwGmXB.exe
  2⤵
  PID:5056
- C:\Windows\System\UkajxWU.exe
  C:\Windows\System\UkajxWU.exe
  2⤵
  PID:5096
- C:\Windows\System\PjZVYrH.exe
  C:\Windows\System\PjZVYrH.exe
  2⤵
  PID:5112
- C:\Windows\System\cUNEClA.exe
  C:\Windows\System\cUNEClA.exe
  2⤵
  PID:3952
- C:\Windows\System\FidZnZV.exe
  C:\Windows\System\FidZnZV.exe
  2⤵
  PID:4048
- C:\Windows\System\yasWNBe.exe
  C:\Windows\System\yasWNBe.exe
  2⤵
  PID:4056
- C:\Windows\System\fdFEXDW.exe
  C:\Windows\System\fdFEXDW.exe
  2⤵
  PID:796
- C:\Windows\System\wNOsMCo.exe
  C:\Windows\System\wNOsMCo.exe
  2⤵
  PID:2780
- C:\Windows\System\JtbGyGG.exe
  C:\Windows\System\JtbGyGG.exe
  2⤵
  PID:3124
- C:\Windows\System\RjYhMvi.exe
  C:\Windows\System\RjYhMvi.exe
  2⤵
  PID:2604
- C:\Windows\System\jtWFAqB.exe
  C:\Windows\System\jtWFAqB.exe
  2⤵
  PID:3712
- C:\Windows\System\bdFAoSG.exe
  C:\Windows\System\bdFAoSG.exe
  2⤵
  PID:3664
- C:\Windows\System\mGUYEBs.exe
  C:\Windows\System\mGUYEBs.exe
  2⤵
  PID:3684
- C:\Windows\System\kRflcEG.exe
  C:\Windows\System\kRflcEG.exe
  2⤵
  PID:4120
- C:\Windows\System\uPWlece.exe
  C:\Windows\System\uPWlece.exe
  2⤵
  PID:4188
- C:\Windows\System\LEzyjAM.exe
  C:\Windows\System\LEzyjAM.exe
  2⤵
  PID:4220
- C:\Windows\System\GMjlook.exe
  C:\Windows\System\GMjlook.exe
  2⤵
  PID:4272
- C:\Windows\System\pXfuMKQ.exe
  C:\Windows\System\pXfuMKQ.exe
  2⤵
  PID:4328
- C:\Windows\System\xBKfNRn.exe
  C:\Windows\System\xBKfNRn.exe
  2⤵
  PID:4392
- C:\Windows\System\tjQBwhT.exe
  C:\Windows\System\tjQBwhT.exe
  2⤵
  PID:4388
- C:\Windows\System\vMnHjzy.exe
  C:\Windows\System\vMnHjzy.exe
  2⤵
  PID:4512
- C:\Windows\System\tvJsAHN.exe
  C:\Windows\System\tvJsAHN.exe
  2⤵
  PID:4552
- C:\Windows\System\OrBtqTI.exe
  C:\Windows\System\OrBtqTI.exe
  2⤵
  PID:4636
- C:\Windows\System\rUnzsoL.exe
  C:\Windows\System\rUnzsoL.exe
  2⤵
  PID:2700
- C:\Windows\System\sMiGeVD.exe
  C:\Windows\System\sMiGeVD.exe
  2⤵
  PID:4708
- C:\Windows\System\QAWJjGH.exe
  C:\Windows\System\QAWJjGH.exe
  2⤵
  PID:4732
- C:\Windows\System\mQdiusB.exe
  C:\Windows\System\mQdiusB.exe
  2⤵
  PID:4856
- C:\Windows\System\YCMZGfG.exe
  C:\Windows\System\YCMZGfG.exe
  2⤵
  PID:4916
- C:\Windows\System\DdezILf.exe
  C:\Windows\System\DdezILf.exe
  2⤵
  PID:4948
- C:\Windows\System\tlHBHsf.exe
  C:\Windows\System\tlHBHsf.exe
  2⤵
  PID:2848
- C:\Windows\System\nZDtoVJ.exe
  C:\Windows\System\nZDtoVJ.exe
  2⤵
  PID:5048
- C:\Windows\System\IIGXpNS.exe
  C:\Windows\System\IIGXpNS.exe
  2⤵
  PID:5088
- C:\Windows\System\RdvBvpU.exe
  C:\Windows\System\RdvBvpU.exe
  2⤵
  PID:3904
- C:\Windows\System\HfMpKfr.exe
  C:\Windows\System\HfMpKfr.exe
  2⤵
  PID:4008
- C:\Windows\System\AtLbuGO.exe
  C:\Windows\System\AtLbuGO.exe
  2⤵
  PID:1444
- C:\Windows\System\dWNReUd.exe
  C:\Windows\System\dWNReUd.exe
  2⤵
  PID:2376
- C:\Windows\System\DvsprJG.exe
  C:\Windows\System\DvsprJG.exe
  2⤵
  PID:3388
- C:\Windows\System\diLySYF.exe
  C:\Windows\System\diLySYF.exe
  2⤵
  PID:3564
- C:\Windows\System\XouBPyE.exe
  C:\Windows\System\XouBPyE.exe
  2⤵
  PID:5140
- C:\Windows\System\EXMsJNa.exe
  C:\Windows\System\EXMsJNa.exe
  2⤵
  PID:5160
- C:\Windows\System\KttrmnR.exe
  C:\Windows\System\KttrmnR.exe
  2⤵
  PID:5180
- C:\Windows\System\TdxmdZd.exe
  C:\Windows\System\TdxmdZd.exe
  2⤵
  PID:5200
- C:\Windows\System\DRMimku.exe
  C:\Windows\System\DRMimku.exe
  2⤵
  PID:5220
- C:\Windows\System\bYKrqHb.exe
  C:\Windows\System\bYKrqHb.exe
  2⤵
  PID:5240
- C:\Windows\System\fMxgtho.exe
  C:\Windows\System\fMxgtho.exe
  2⤵
  PID:5260
- C:\Windows\System\ZRtWWnX.exe
  C:\Windows\System\ZRtWWnX.exe
  2⤵
  PID:5280
- C:\Windows\System\wQojPRx.exe
  C:\Windows\System\wQojPRx.exe
  2⤵
  PID:5300
- C:\Windows\System\KPtVLet.exe
  C:\Windows\System\KPtVLet.exe
  2⤵
  PID:5320
- C:\Windows\System\cDzNMbo.exe
  C:\Windows\System\cDzNMbo.exe
  2⤵
  PID:5340
- C:\Windows\System\jLFzxgi.exe
  C:\Windows\System\jLFzxgi.exe
  2⤵
  PID:5360
- C:\Windows\System\HuDqSrj.exe
  C:\Windows\System\HuDqSrj.exe
  2⤵
  PID:5380
- C:\Windows\System\gjcxAkW.exe
  C:\Windows\System\gjcxAkW.exe
  2⤵
  PID:5400
- C:\Windows\System\YdwewUo.exe
  C:\Windows\System\YdwewUo.exe
  2⤵
  PID:5420
- C:\Windows\System\CTwbJyy.exe
  C:\Windows\System\CTwbJyy.exe
  2⤵
  PID:5440
- C:\Windows\System\zMLggVW.exe
  C:\Windows\System\zMLggVW.exe
  2⤵
  PID:5460
- C:\Windows\System\ADEZAkg.exe
  C:\Windows\System\ADEZAkg.exe
  2⤵
  PID:5480
- C:\Windows\System\pbEczjo.exe
  C:\Windows\System\pbEczjo.exe
  2⤵
  PID:5500
- C:\Windows\System\LbxSOWt.exe
  C:\Windows\System\LbxSOWt.exe
  2⤵
  PID:5520
- C:\Windows\System\vuofvwp.exe
  C:\Windows\System\vuofvwp.exe
  2⤵
  PID:5540
- C:\Windows\System\JndCVeI.exe
  C:\Windows\System\JndCVeI.exe
  2⤵
  PID:5564
- C:\Windows\System\xbhoyrh.exe
  C:\Windows\System\xbhoyrh.exe
  2⤵
  PID:5584
- C:\Windows\System\qPsEOla.exe
  C:\Windows\System\qPsEOla.exe
  2⤵
  PID:5604
- C:\Windows\System\xKKzpeU.exe
  C:\Windows\System\xKKzpeU.exe
  2⤵
  PID:5624
- C:\Windows\System\PdTSjqI.exe
  C:\Windows\System\PdTSjqI.exe
  2⤵
  PID:5644
- C:\Windows\System\JmFOGWl.exe
  C:\Windows\System\JmFOGWl.exe
  2⤵
  PID:5664
- C:\Windows\System\wtLisIS.exe
  C:\Windows\System\wtLisIS.exe
  2⤵
  PID:5684
- C:\Windows\System\iRehDru.exe
  C:\Windows\System\iRehDru.exe
  2⤵
  PID:5704
- C:\Windows\System\aYLmtZC.exe
  C:\Windows\System\aYLmtZC.exe
  2⤵
  PID:5724
- C:\Windows\System\ldxYnQC.exe
  C:\Windows\System\ldxYnQC.exe
  2⤵
  PID:5744
- C:\Windows\System\PmusUvn.exe
  C:\Windows\System\PmusUvn.exe
  2⤵
  PID:5764
- C:\Windows\System\vjIWyte.exe
  C:\Windows\System\vjIWyte.exe
  2⤵
  PID:5784
- C:\Windows\System\mQXnCkp.exe
  C:\Windows\System\mQXnCkp.exe
  2⤵
  PID:5804
- C:\Windows\System\oKETRYt.exe
  C:\Windows\System\oKETRYt.exe
  2⤵
  PID:5824
- C:\Windows\System\QHILaka.exe
  C:\Windows\System\QHILaka.exe
  2⤵
  PID:5844
- C:\Windows\System\xliTVLP.exe
  C:\Windows\System\xliTVLP.exe
  2⤵
  PID:5864
- C:\Windows\System\fObIfUr.exe
  C:\Windows\System\fObIfUr.exe
  2⤵
  PID:5884
- C:\Windows\System\KiUIdBx.exe
  C:\Windows\System\KiUIdBx.exe
  2⤵
  PID:5904
- C:\Windows\System\ztnUGGz.exe
  C:\Windows\System\ztnUGGz.exe
  2⤵
  PID:5924
- C:\Windows\System\NsSwNdq.exe
  C:\Windows\System\NsSwNdq.exe
  2⤵
  PID:5944
- C:\Windows\System\hpryKrR.exe
  C:\Windows\System\hpryKrR.exe
  2⤵
  PID:5964
- C:\Windows\System\rvMpbfv.exe
  C:\Windows\System\rvMpbfv.exe
  2⤵
  PID:5984
- C:\Windows\System\QYTFHwL.exe
  C:\Windows\System\QYTFHwL.exe
  2⤵
  PID:6004
- C:\Windows\System\jEGHaBn.exe
  C:\Windows\System\jEGHaBn.exe
  2⤵
  PID:6024
- C:\Windows\System\vSuWxGn.exe
  C:\Windows\System\vSuWxGn.exe
  2⤵
  PID:6044
- C:\Windows\System\YPcEjBn.exe
  C:\Windows\System\YPcEjBn.exe
  2⤵
  PID:6064
- C:\Windows\System\RIgVFeY.exe
  C:\Windows\System\RIgVFeY.exe
  2⤵
  PID:6084
- C:\Windows\System\NEHNzMJ.exe
  C:\Windows\System\NEHNzMJ.exe
  2⤵
  PID:6104
- C:\Windows\System\dmQkZZc.exe
  C:\Windows\System\dmQkZZc.exe
  2⤵
  PID:6124
- C:\Windows\System\MTYPQIG.exe
  C:\Windows\System\MTYPQIG.exe
  2⤵
  PID:3632
- C:\Windows\System\HNKsIdy.exe
  C:\Windows\System\HNKsIdy.exe
  2⤵
  PID:3832
- C:\Windows\System\dDbOXgg.exe
  C:\Windows\System\dDbOXgg.exe
  2⤵
  PID:4148
- C:\Windows\System\XutUGoZ.exe
  C:\Windows\System\XutUGoZ.exe
  2⤵
  PID:4292
- C:\Windows\System\RGgeeAN.exe
  C:\Windows\System\RGgeeAN.exe
  2⤵
  PID:4324
- C:\Windows\System\hKvpRkz.exe
  C:\Windows\System\hKvpRkz.exe
  2⤵
  PID:4468
- C:\Windows\System\slptvZC.exe
  C:\Windows\System\slptvZC.exe
  2⤵
  PID:4572
- C:\Windows\System\xfHEKLZ.exe
  C:\Windows\System\xfHEKLZ.exe
  2⤵
  PID:4648
- C:\Windows\System\gdfKerT.exe
  C:\Windows\System\gdfKerT.exe
  2⤵
  PID:4676
- C:\Windows\System\TvkadEO.exe
  C:\Windows\System\TvkadEO.exe
  2⤵
  PID:4836
- C:\Windows\System\ODolGZR.exe
  C:\Windows\System\ODolGZR.exe
  2⤵
  PID:4892
- C:\Windows\System\tbxHsgy.exe
  C:\Windows\System\tbxHsgy.exe
  2⤵
  PID:4996
- C:\Windows\System\ICKAOZC.exe
  C:\Windows\System\ICKAOZC.exe
  2⤵
  PID:5108
- C:\Windows\System\EYNYbFV.exe
  C:\Windows\System\EYNYbFV.exe
  2⤵
  PID:2688
- C:\Windows\System\ruKpnse.exe
  C:\Windows\System\ruKpnse.exe
  2⤵
  PID:2468
- C:\Windows\System\RdIcXLR.exe
  C:\Windows\System\RdIcXLR.exe
  2⤵
  PID:2224
- C:\Windows\System\GLSGKNJ.exe
  C:\Windows\System\GLSGKNJ.exe
  2⤵
  PID:3348
- C:\Windows\System\QhGvhYc.exe
  C:\Windows\System\QhGvhYc.exe
  2⤵
  PID:5168
- C:\Windows\System\qeSTRrC.exe
  C:\Windows\System\qeSTRrC.exe
  2⤵
  PID:5192
- C:\Windows\System\MwMxiOe.exe
  C:\Windows\System\MwMxiOe.exe
  2⤵
  PID:5236
- C:\Windows\System\urYlqxN.exe
  C:\Windows\System\urYlqxN.exe
  2⤵
  PID:5276
- C:\Windows\System\AdxspuV.exe
  C:\Windows\System\AdxspuV.exe
  2⤵
  PID:5292
- C:\Windows\System\BTGHVNl.exe
  C:\Windows\System\BTGHVNl.exe
  2⤵
  PID:5336
- C:\Windows\System\ghvIFTM.exe
  C:\Windows\System\ghvIFTM.exe
  2⤵
  PID:5352
- C:\Windows\System\YHCpVVy.exe
  C:\Windows\System\YHCpVVy.exe
  2⤵
  PID:5396
- C:\Windows\System\pjcLcyq.exe
  C:\Windows\System\pjcLcyq.exe
  2⤵
  PID:5428
- C:\Windows\System\owKzPvo.exe
  C:\Windows\System\owKzPvo.exe
  2⤵
  PID:5452
- C:\Windows\System\cYMCIwW.exe
  C:\Windows\System\cYMCIwW.exe
  2⤵
  PID:5472
- C:\Windows\System\fNzKeMc.exe
  C:\Windows\System\fNzKeMc.exe
  2⤵
  PID:5516
- C:\Windows\System\xtKgZHp.exe
  C:\Windows\System\xtKgZHp.exe
  2⤵
  PID:5548
- C:\Windows\System\SlWbCPN.exe
  C:\Windows\System\SlWbCPN.exe
  2⤵
  PID:5620
- C:\Windows\System\GbdrRkq.exe
  C:\Windows\System\GbdrRkq.exe
  2⤵
  PID:5652
- C:\Windows\System\FFXzqLo.exe
  C:\Windows\System\FFXzqLo.exe
  2⤵
  PID:5636
- C:\Windows\System\TJPXtLK.exe
  C:\Windows\System\TJPXtLK.exe
  2⤵
  PID:5676
- C:\Windows\System\kvfeKLe.exe
  C:\Windows\System\kvfeKLe.exe
  2⤵
  PID:5740
- C:\Windows\System\kyHnulQ.exe
  C:\Windows\System\kyHnulQ.exe
  2⤵
  PID:5760
- C:\Windows\System\GCbNsfD.exe
  C:\Windows\System\GCbNsfD.exe
  2⤵
  PID:5800
- C:\Windows\System\SLlCZFk.exe
  C:\Windows\System\SLlCZFk.exe
  2⤵
  PID:5832
- C:\Windows\System\IwKgoNw.exe
  C:\Windows\System\IwKgoNw.exe
  2⤵
  PID:5856
- C:\Windows\System\xwBqXJW.exe
  C:\Windows\System\xwBqXJW.exe
  2⤵
  PID:5900
- C:\Windows\System\GEvHMrg.exe
  C:\Windows\System\GEvHMrg.exe
  2⤵
  PID:5912
- C:\Windows\System\WYjUmhm.exe
  C:\Windows\System\WYjUmhm.exe
  2⤵
  PID:5936
- C:\Windows\System\edqAbJC.exe
  C:\Windows\System\edqAbJC.exe
  2⤵
  PID:5960
- C:\Windows\System\FPBYCEr.exe
  C:\Windows\System\FPBYCEr.exe
  2⤵
  PID:6012
- C:\Windows\System\zaQBTuN.exe
  C:\Windows\System\zaQBTuN.exe
  2⤵
  PID:6032
- C:\Windows\System\rWSmAPu.exe
  C:\Windows\System\rWSmAPu.exe
  2⤵
  PID:6056
- C:\Windows\System\noYMPEh.exe
  C:\Windows\System\noYMPEh.exe
  2⤵
  PID:6096
- C:\Windows\System\qRjohdI.exe
  C:\Windows\System\qRjohdI.exe
  2⤵
  PID:1448
- C:\Windows\System\DPJQenk.exe
  C:\Windows\System\DPJQenk.exe
  2⤵
  PID:4168
- C:\Windows\System\SYnLRQg.exe
  C:\Windows\System\SYnLRQg.exe
  2⤵
  PID:4284
- C:\Windows\System\iXWTtfK.exe
  C:\Windows\System\iXWTtfK.exe
  2⤵
  PID:4372
- C:\Windows\System\AelNncg.exe
  C:\Windows\System\AelNncg.exe
  2⤵
  PID:4488
- C:\Windows\System\rceGKgK.exe
  C:\Windows\System\rceGKgK.exe
  2⤵
  PID:4616
- C:\Windows\System\mtPDvSX.exe
  C:\Windows\System\mtPDvSX.exe
  2⤵
  PID:4936
- C:\Windows\System\wRXoGYJ.exe
  C:\Windows\System\wRXoGYJ.exe
  2⤵
  PID:4952
- C:\Windows\System\oAztmHr.exe
  C:\Windows\System\oAztmHr.exe
  2⤵
  PID:3912
- C:\Windows\System\JNqhjQB.exe
  C:\Windows\System\JNqhjQB.exe
  2⤵
  PID:3248
- C:\Windows\System\lrxKXPU.exe
  C:\Windows\System\lrxKXPU.exe
  2⤵
  PID:3220
- C:\Windows\System\aExezVB.exe
  C:\Windows\System\aExezVB.exe
  2⤵
  PID:5196
- C:\Windows\System\NZJPxRz.exe
  C:\Windows\System\NZJPxRz.exe
  2⤵
  PID:5248
- C:\Windows\System\ILtwvbD.exe
  C:\Windows\System\ILtwvbD.exe
  2⤵
  PID:5328
- C:\Windows\System\CfYPIOe.exe
  C:\Windows\System\CfYPIOe.exe
  2⤵
  PID:5356
- C:\Windows\System\NgeJRve.exe
  C:\Windows\System\NgeJRve.exe
  2⤵
  PID:5416
- C:\Windows\System\WGtbfhe.exe
  C:\Windows\System\WGtbfhe.exe
  2⤵
  PID:5456
- C:\Windows\System\sUfkVds.exe
  C:\Windows\System\sUfkVds.exe
  2⤵
  PID:5508
- C:\Windows\System\cgsYdre.exe
  C:\Windows\System\cgsYdre.exe
  2⤵
  PID:5552
- C:\Windows\System\XgwtcJz.exe
  C:\Windows\System\XgwtcJz.exe
  2⤵
  PID:5660
- C:\Windows\System\zFzPEcI.exe
  C:\Windows\System\zFzPEcI.exe
  2⤵
  PID:5680
- C:\Windows\System\FQtFsdU.exe
  C:\Windows\System\FQtFsdU.exe
  2⤵
  PID:5716
- C:\Windows\System\aHhsJJP.exe
  C:\Windows\System\aHhsJJP.exe
  2⤵
  PID:5776
- C:\Windows\System\ZgJCVPG.exe
  C:\Windows\System\ZgJCVPG.exe
  2⤵
  PID:5820
- C:\Windows\System\gbiQQgR.exe
  C:\Windows\System\gbiQQgR.exe
  2⤵
  PID:1912
- C:\Windows\System\AhLfjqa.exe
  C:\Windows\System\AhLfjqa.exe
  2⤵
  PID:5940
- C:\Windows\System\IkUEYum.exe
  C:\Windows\System\IkUEYum.exe
  2⤵
  PID:5980
- C:\Windows\System\uSXdSMu.exe
  C:\Windows\System\uSXdSMu.exe
  2⤵
  PID:5992
- C:\Windows\System\dYyJMVf.exe
  C:\Windows\System\dYyJMVf.exe
  2⤵
  PID:6092
- C:\Windows\System\XsGcMNL.exe
  C:\Windows\System\XsGcMNL.exe
  2⤵
  PID:6132
- C:\Windows\System\aWXSzoh.exe
  C:\Windows\System\aWXSzoh.exe
  2⤵
  PID:3784
- C:\Windows\System\PrGyRMy.exe
  C:\Windows\System\PrGyRMy.exe
  2⤵
  PID:4352
- C:\Windows\System\UZkLmwU.exe
  C:\Windows\System\UZkLmwU.exe
  2⤵
  PID:4432
- C:\Windows\System\hPpRYeV.exe
  C:\Windows\System\hPpRYeV.exe
  2⤵
  PID:4808
- C:\Windows\System\qMzGKCd.exe
  C:\Windows\System\qMzGKCd.exe
  2⤵
  PID:5116
- C:\Windows\System\EkAqDhb.exe
  C:\Windows\System\EkAqDhb.exe
  2⤵
  PID:5076
- C:\Windows\System\ccDFjuA.exe
  C:\Windows\System\ccDFjuA.exe
  2⤵
  PID:5172
- C:\Windows\System\qICNTMb.exe
  C:\Windows\System\qICNTMb.exe
  2⤵
  PID:5228
- C:\Windows\System\AhKOzDr.exe
  C:\Windows\System\AhKOzDr.exe
  2⤵
  PID:5372
- C:\Windows\System\buuDdrL.exe
  C:\Windows\System\buuDdrL.exe
  2⤵
  PID:5476
- C:\Windows\System\BdEqKBJ.exe
  C:\Windows\System\BdEqKBJ.exe
  2⤵
  PID:5580
- C:\Windows\System\HvfplAw.exe
  C:\Windows\System\HvfplAw.exe
  2⤵
  PID:5656
- C:\Windows\System\gRiCUBM.exe
  C:\Windows\System\gRiCUBM.exe
  2⤵
  PID:6164
- C:\Windows\System\ugNTgHK.exe
  C:\Windows\System\ugNTgHK.exe
  2⤵
  PID:6184
- C:\Windows\System\dJlrjRe.exe
  C:\Windows\System\dJlrjRe.exe
  2⤵
  PID:6204
- C:\Windows\System\XFmalXy.exe
  C:\Windows\System\XFmalXy.exe
  2⤵
  PID:6224
- C:\Windows\System\nvsefyT.exe
  C:\Windows\System\nvsefyT.exe
  2⤵
  PID:6244
- C:\Windows\System\xBFFZaD.exe
  C:\Windows\System\xBFFZaD.exe
  2⤵
  PID:6264
- C:\Windows\System\miFcrJp.exe
  C:\Windows\System\miFcrJp.exe
  2⤵
  PID:6284
- C:\Windows\System\lCGvkNA.exe
  C:\Windows\System\lCGvkNA.exe
  2⤵
  PID:6304
- C:\Windows\System\hpvHQHl.exe
  C:\Windows\System\hpvHQHl.exe
  2⤵
  PID:6324
- C:\Windows\System\LdWIcNf.exe
  C:\Windows\System\LdWIcNf.exe
  2⤵
  PID:6344
- C:\Windows\System\XxZoKhI.exe
  C:\Windows\System\XxZoKhI.exe
  2⤵
  PID:6364
- C:\Windows\System\NswJGwT.exe
  C:\Windows\System\NswJGwT.exe
  2⤵
  PID:6384
- C:\Windows\System\DMwceji.exe
  C:\Windows\System\DMwceji.exe
  2⤵
  PID:6404
- C:\Windows\System\PFQRNlb.exe
  C:\Windows\System\PFQRNlb.exe
  2⤵
  PID:6424
- C:\Windows\System\xxiViQx.exe
  C:\Windows\System\xxiViQx.exe
  2⤵
  PID:6444
- C:\Windows\System\MyaRAta.exe
  C:\Windows\System\MyaRAta.exe
  2⤵
  PID:6464
- C:\Windows\System\nousVii.exe
  C:\Windows\System\nousVii.exe
  2⤵
  PID:6484
- C:\Windows\System\hHJibcw.exe
  C:\Windows\System\hHJibcw.exe
  2⤵
  PID:6504
- C:\Windows\System\ftxDVTP.exe
  C:\Windows\System\ftxDVTP.exe
  2⤵
  PID:6524
- C:\Windows\System\zYKFgDV.exe
  C:\Windows\System\zYKFgDV.exe
  2⤵
  PID:6544
- C:\Windows\System\sFbxnxl.exe
  C:\Windows\System\sFbxnxl.exe
  2⤵
  PID:6564
- C:\Windows\System\satjKRC.exe
  C:\Windows\System\satjKRC.exe
  2⤵
  PID:6584
- C:\Windows\System\kkCMrHw.exe
  C:\Windows\System\kkCMrHw.exe
  2⤵
  PID:6604
- C:\Windows\System\GPciRMZ.exe
  C:\Windows\System\GPciRMZ.exe
  2⤵
  PID:6624
- C:\Windows\System\dzRqJZD.exe
  C:\Windows\System\dzRqJZD.exe
  2⤵
  PID:6644
- C:\Windows\System\AqAVCrK.exe
  C:\Windows\System\AqAVCrK.exe
  2⤵
  PID:6664
- C:\Windows\System\suhbmlj.exe
  C:\Windows\System\suhbmlj.exe
  2⤵
  PID:6684
- C:\Windows\System\XjAHXYx.exe
  C:\Windows\System\XjAHXYx.exe
  2⤵
  PID:6704
- C:\Windows\System\VIRkpwy.exe
  C:\Windows\System\VIRkpwy.exe
  2⤵
  PID:6724
- C:\Windows\System\EyZodxn.exe
  C:\Windows\System\EyZodxn.exe
  2⤵
  PID:6744
- C:\Windows\System\mQOulpu.exe
  C:\Windows\System\mQOulpu.exe
  2⤵
  PID:6764
- C:\Windows\System\LPpVqyu.exe
  C:\Windows\System\LPpVqyu.exe
  2⤵
  PID:6784
- C:\Windows\System\EQbaDQS.exe
  C:\Windows\System\EQbaDQS.exe
  2⤵
  PID:6804
- C:\Windows\System\beCrIMv.exe
  C:\Windows\System\beCrIMv.exe
  2⤵
  PID:6828
- C:\Windows\System\PDBRLZe.exe
  C:\Windows\System\PDBRLZe.exe
  2⤵
  PID:6848
- C:\Windows\System\JIVTDdf.exe
  C:\Windows\System\JIVTDdf.exe
  2⤵
  PID:6868
- C:\Windows\System\GPFxRgE.exe
  C:\Windows\System\GPFxRgE.exe
  2⤵
  PID:6888
- C:\Windows\System\Mkzrirx.exe
  C:\Windows\System\Mkzrirx.exe
  2⤵
  PID:6908
- C:\Windows\System\xzZpBWZ.exe
  C:\Windows\System\xzZpBWZ.exe
  2⤵
  PID:6928
- C:\Windows\System\liDyEDt.exe
  C:\Windows\System\liDyEDt.exe
  2⤵
  PID:6948
- C:\Windows\System\DZyAOGL.exe
  C:\Windows\System\DZyAOGL.exe
  2⤵
  PID:6968
- C:\Windows\System\nTpCEJb.exe
  C:\Windows\System\nTpCEJb.exe
  2⤵
  PID:6988
- C:\Windows\System\uHuGsEV.exe
  C:\Windows\System\uHuGsEV.exe
  2⤵
  PID:7008
- C:\Windows\System\kEClatE.exe
  C:\Windows\System\kEClatE.exe
  2⤵
  PID:7028
- C:\Windows\System\SfEVnMt.exe
  C:\Windows\System\SfEVnMt.exe
  2⤵
  PID:7048
- C:\Windows\System\COxYkmJ.exe
  C:\Windows\System\COxYkmJ.exe
  2⤵
  PID:7068
- C:\Windows\System\RYtSdRm.exe
  C:\Windows\System\RYtSdRm.exe
  2⤵
  PID:7088
- C:\Windows\System\zRJNmHk.exe
  C:\Windows\System\zRJNmHk.exe
  2⤵
  PID:7108
- C:\Windows\System\vXuGKGT.exe
  C:\Windows\System\vXuGKGT.exe
  2⤵
  PID:7128
- C:\Windows\System\EOuEuSE.exe
  C:\Windows\System\EOuEuSE.exe
  2⤵
  PID:7148
- C:\Windows\System\SYIYmfS.exe
  C:\Windows\System\SYIYmfS.exe
  2⤵
  PID:5732
- C:\Windows\System\wrysCYe.exe
  C:\Windows\System\wrysCYe.exe
  2⤵
  PID:5780
- C:\Windows\System\FUSypxP.exe
  C:\Windows\System\FUSypxP.exe
  2⤵
  PID:5816
- C:\Windows\System\YEsvGiq.exe
  C:\Windows\System\YEsvGiq.exe
  2⤵
  PID:5872
- C:\Windows\System\pnfBhhp.exe
  C:\Windows\System\pnfBhhp.exe
  2⤵
  PID:5952
- C:\Windows\System\YwkaAHs.exe
  C:\Windows\System\YwkaAHs.exe
  2⤵
  PID:6100
- C:\Windows\System\vzXhgEu.exe
  C:\Windows\System\vzXhgEu.exe
  2⤵
  PID:2824
- C:\Windows\System\vJoUinW.exe
  C:\Windows\System\vJoUinW.exe
  2⤵
  PID:4592
- C:\Windows\System\NgYYfoV.exe
  C:\Windows\System\NgYYfoV.exe
  2⤵
  PID:2812
- C:\Windows\System\JusAMTj.exe
  C:\Windows\System\JusAMTj.exe
  2⤵
  PID:4772
- C:\Windows\System\TMsQGBL.exe
  C:\Windows\System\TMsQGBL.exe
  2⤵
  PID:5256
- C:\Windows\System\UduITfd.exe
  C:\Windows\System\UduITfd.exe
  2⤵
  PID:5368
- C:\Windows\System\cCULsBK.exe
  C:\Windows\System\cCULsBK.exe
  2⤵
  PID:5468
- C:\Windows\System\TbpiGuA.exe
  C:\Windows\System\TbpiGuA.exe
  2⤵
  PID:6152
- C:\Windows\System\KMEfACq.exe
  C:\Windows\System\KMEfACq.exe
  2⤵
  PID:6176
- C:\Windows\System\Kpilxih.exe
  C:\Windows\System\Kpilxih.exe
  2⤵
  PID:6196
- C:\Windows\System\VpDFgYE.exe
  C:\Windows\System\VpDFgYE.exe
  2⤵
  PID:6252
- C:\Windows\System\qcPYrXt.exe
  C:\Windows\System\qcPYrXt.exe
  2⤵
  PID:6292
- C:\Windows\System\CkwgXTk.exe
  C:\Windows\System\CkwgXTk.exe
  2⤵
  PID:6332
- C:\Windows\System\FVCVPXk.exe
  C:\Windows\System\FVCVPXk.exe
  2⤵
  PID:6352
- C:\Windows\System\juhPVYR.exe
  C:\Windows\System\juhPVYR.exe
  2⤵
  PID:6392
- C:\Windows\System\yHznUEO.exe
  C:\Windows\System\yHznUEO.exe
  2⤵
  PID:6420
- C:\Windows\System\BGDWnPU.exe
  C:\Windows\System\BGDWnPU.exe
  2⤵
  PID:6436
- C:\Windows\System\IoglPTK.exe
  C:\Windows\System\IoglPTK.exe
  2⤵
  PID:6476
- C:\Windows\System\vMxajGL.exe
  C:\Windows\System\vMxajGL.exe
  2⤵
  PID:6512
- C:\Windows\System\yOEvMUU.exe
  C:\Windows\System\yOEvMUU.exe
  2⤵
  PID:6536
- C:\Windows\System\HMDPBfG.exe
  C:\Windows\System\HMDPBfG.exe
  2⤵
  PID:6580
- C:\Windows\System\elrjIoG.exe
  C:\Windows\System\elrjIoG.exe
  2⤵
  PID:6620
- C:\Windows\System\DUCiySN.exe
  C:\Windows\System\DUCiySN.exe
  2⤵
  PID:6636
- C:\Windows\System\GXSbGlX.exe
  C:\Windows\System\GXSbGlX.exe
  2⤵
  PID:6672
- C:\Windows\System\ZWUnYXs.exe
  C:\Windows\System\ZWUnYXs.exe
  2⤵
  PID:6696
- C:\Windows\System\yfLOTOC.exe
  C:\Windows\System\yfLOTOC.exe
  2⤵
  PID:6716
- C:\Windows\System\xAlmHtS.exe
  C:\Windows\System\xAlmHtS.exe
  2⤵
  PID:6760
- C:\Windows\System\GwbUgcq.exe
  C:\Windows\System\GwbUgcq.exe
  2⤵
  PID:6792
- C:\Windows\System\NtdNQgL.exe
  C:\Windows\System\NtdNQgL.exe
  2⤵
  PID:6820
- C:\Windows\System\MWjHYvo.exe
  C:\Windows\System\MWjHYvo.exe
  2⤵
  PID:6844
- C:\Windows\System\QldfSzS.exe
  C:\Windows\System\QldfSzS.exe
  2⤵
  PID:6884
- C:\Windows\System\yocUmTB.exe
  C:\Windows\System\yocUmTB.exe
  2⤵
  PID:6916
- C:\Windows\System\zgrjQYe.exe
  C:\Windows\System\zgrjQYe.exe
  2⤵
  PID:6940
- C:\Windows\System\xHWyzjP.exe
  C:\Windows\System\xHWyzjP.exe
  2⤵
  PID:6960
- C:\Windows\System\FVuRnEe.exe
  C:\Windows\System\FVuRnEe.exe
  2⤵
  PID:7000
- C:\Windows\System\xxtHwPB.exe
  C:\Windows\System\xxtHwPB.exe
  2⤵
  PID:7044
- C:\Windows\System\NHwUiLI.exe
  C:\Windows\System\NHwUiLI.exe
  2⤵
  PID:7076
- C:\Windows\System\TjsVjMF.exe
  C:\Windows\System\TjsVjMF.exe
  2⤵
  PID:2352
- C:\Windows\System\eOHqBAO.exe
  C:\Windows\System\eOHqBAO.exe
  2⤵
  PID:7116
- C:\Windows\System\EsGeiee.exe
  C:\Windows\System\EsGeiee.exe
  2⤵
  PID:5596
- C:\Windows\System\pWAIjeQ.exe
  C:\Windows\System\pWAIjeQ.exe
  2⤵
  PID:5712
- C:\Windows\System\jmzDhLb.exe
  C:\Windows\System\jmzDhLb.exe
  2⤵
  PID:5752
- C:\Windows\System\KiWAqfY.exe
  C:\Windows\System\KiWAqfY.exe
  2⤵
  PID:6016
- C:\Windows\System\pnYAcio.exe
  C:\Windows\System\pnYAcio.exe
  2⤵
  PID:4180
- C:\Windows\System\biowJkd.exe
  C:\Windows\System\biowJkd.exe
  2⤵
  PID:4728
- C:\Windows\System\scEthZU.exe
  C:\Windows\System\scEthZU.exe
  2⤵
  PID:5216
- C:\Windows\System\OiYdfBq.exe
  C:\Windows\System\OiYdfBq.exe
  2⤵
  PID:5572
- C:\Windows\System\lTdNQbF.exe
  C:\Windows\System\lTdNQbF.exe
  2⤵
  PID:5412
- C:\Windows\System\czgKbfZ.exe
  C:\Windows\System\czgKbfZ.exe
  2⤵
  PID:6180
- C:\Windows\System\hfAyJoJ.exe
  C:\Windows\System\hfAyJoJ.exe
  2⤵
  PID:6280
- C:\Windows\System\quDzmvm.exe
  C:\Windows\System\quDzmvm.exe
  2⤵
  PID:6316
- C:\Windows\System\USWVwop.exe
  C:\Windows\System\USWVwop.exe
  2⤵
  PID:6396
- C:\Windows\System\jiIqchf.exe
  C:\Windows\System\jiIqchf.exe
  2⤵
  PID:6432
- C:\Windows\System\whaOavX.exe
  C:\Windows\System\whaOavX.exe
  2⤵
  PID:6520
- C:\Windows\System\wEySnho.exe
  C:\Windows\System\wEySnho.exe
  2⤵
  PID:6516
- C:\Windows\System\DcjDEKt.exe
  C:\Windows\System\DcjDEKt.exe
  2⤵
  PID:6556
- C:\Windows\System\JMUWJfN.exe
  C:\Windows\System\JMUWJfN.exe
  2⤵
  PID:6660
- C:\Windows\System\ElvxDYz.exe
  C:\Windows\System\ElvxDYz.exe
  2⤵
  PID:2956
- C:\Windows\System\aYUIXIt.exe
  C:\Windows\System\aYUIXIt.exe
  2⤵
  PID:6740
- C:\Windows\System\oLxadHp.exe
  C:\Windows\System\oLxadHp.exe
  2⤵
  PID:6756
- C:\Windows\System\YpLKETB.exe
  C:\Windows\System\YpLKETB.exe
  2⤵
  PID:6896
- C:\Windows\System\BUjeERU.exe
  C:\Windows\System\BUjeERU.exe
  2⤵
  PID:6904
- C:\Windows\System\xiMxwij.exe
  C:\Windows\System\xiMxwij.exe
  2⤵
  PID:1624
- C:\Windows\System\EUJmLPC.exe
  C:\Windows\System\EUJmLPC.exe
  2⤵
  PID:7036
- C:\Windows\System\JlqBdag.exe
  C:\Windows\System\JlqBdag.exe
  2⤵
  PID:7096
- C:\Windows\System\tivQdwS.exe
  C:\Windows\System\tivQdwS.exe
  2⤵
  PID:7060
- C:\Windows\System\lrBxRop.exe
  C:\Windows\System\lrBxRop.exe
  2⤵
  PID:7156
- C:\Windows\System\eWAxhST.exe
  C:\Windows\System\eWAxhST.exe
  2⤵
  PID:2752
- C:\Windows\System\HugUUVf.exe
  C:\Windows\System\HugUUVf.exe
  2⤵
  PID:6000
- C:\Windows\System\JboRwwu.exe
  C:\Windows\System\JboRwwu.exe
  2⤵
  PID:4532
- C:\Windows\System\BUommVh.exe
  C:\Windows\System\BUommVh.exe
  2⤵
  PID:5136
- C:\Windows\System\bCovuxw.exe
  C:\Windows\System\bCovuxw.exe
  2⤵
  PID:5448
- C:\Windows\System\PdgLoQh.exe
  C:\Windows\System\PdgLoQh.exe
  2⤵
  PID:6236
- C:\Windows\System\ZvWKKtV.exe
  C:\Windows\System\ZvWKKtV.exe
  2⤵
  PID:6300
- C:\Windows\System\yNLkTNB.exe
  C:\Windows\System\yNLkTNB.exe
  2⤵
  PID:6472
- C:\Windows\System\LMYhitJ.exe
  C:\Windows\System\LMYhitJ.exe
  2⤵
  PID:6572
- C:\Windows\System\lRZXKdB.exe
  C:\Windows\System\lRZXKdB.exe
  2⤵
  PID:2996
- C:\Windows\System\ZwRRzaJ.exe
  C:\Windows\System\ZwRRzaJ.exe
  2⤵
  PID:6656
- C:\Windows\System\bAbJbwO.exe
  C:\Windows\System\bAbJbwO.exe
  2⤵
  PID:6776
- C:\Windows\System\uUlIGpY.exe
  C:\Windows\System\uUlIGpY.exe
  2⤵
  PID:6900
- C:\Windows\System\bBhAODR.exe
  C:\Windows\System\bBhAODR.exe
  2⤵
  PID:7024
- C:\Windows\System\jFVIeJe.exe
  C:\Windows\System\jFVIeJe.exe
  2⤵
  PID:7064
- C:\Windows\System\zOitCZd.exe
  C:\Windows\System\zOitCZd.exe
  2⤵
  PID:5880
- C:\Windows\System\VfjwiTl.exe
  C:\Windows\System\VfjwiTl.exe
  2⤵
  PID:5932
- C:\Windows\System\sXcCPUt.exe
  C:\Windows\System\sXcCPUt.exe
  2⤵
  PID:6052
- C:\Windows\System\qhDVpPL.exe
  C:\Windows\System\qhDVpPL.exe
  2⤵
  PID:5528
- C:\Windows\System\UwlqqxF.exe
  C:\Windows\System\UwlqqxF.exe
  2⤵
  PID:6160
- C:\Windows\System\vQYOjCM.exe
  C:\Windows\System\vQYOjCM.exe
  2⤵
  PID:6480
- C:\Windows\System\WVGYHfS.exe
  C:\Windows\System\WVGYHfS.exe
  2⤵
  PID:2924
- C:\Windows\System\RUUlcjR.exe
  C:\Windows\System\RUUlcjR.exe
  2⤵
  PID:7180
- C:\Windows\System\AGHuCcI.exe
  C:\Windows\System\AGHuCcI.exe
  2⤵
  PID:7200
- C:\Windows\System\WhjdNpU.exe
  C:\Windows\System\WhjdNpU.exe
  2⤵
  PID:7220
- C:\Windows\System\inkRvps.exe
  C:\Windows\System\inkRvps.exe
  2⤵
  PID:7240
- C:\Windows\System\dvTXvzA.exe
  C:\Windows\System\dvTXvzA.exe
  2⤵
  PID:7260
- C:\Windows\System\TbyFtUI.exe
  C:\Windows\System\TbyFtUI.exe
  2⤵
  PID:7280
- C:\Windows\System\xnFHWjF.exe
  C:\Windows\System\xnFHWjF.exe
  2⤵
  PID:7300
- C:\Windows\System\aSTbrcT.exe
  C:\Windows\System\aSTbrcT.exe
  2⤵
  PID:7320
- C:\Windows\System\XKvSMbm.exe
  C:\Windows\System\XKvSMbm.exe
  2⤵
  PID:7340
- C:\Windows\System\eYVkqIU.exe
  C:\Windows\System\eYVkqIU.exe
  2⤵
  PID:7360
- C:\Windows\System\pIJpqJW.exe
  C:\Windows\System\pIJpqJW.exe
  2⤵
  PID:7380
- C:\Windows\System\BaEiJEx.exe
  C:\Windows\System\BaEiJEx.exe
  2⤵
  PID:7400
- C:\Windows\System\DDwvWkZ.exe
  C:\Windows\System\DDwvWkZ.exe
  2⤵
  PID:7420
- C:\Windows\System\oFsYxWr.exe
  C:\Windows\System\oFsYxWr.exe
  2⤵
  PID:7440
- C:\Windows\System\utzohAh.exe
  C:\Windows\System\utzohAh.exe
  2⤵
  PID:7460
- C:\Windows\System\siQSrbQ.exe
  C:\Windows\System\siQSrbQ.exe
  2⤵
  PID:7480
- C:\Windows\System\pgLlrqP.exe
  C:\Windows\System\pgLlrqP.exe
  2⤵
  PID:7500
- C:\Windows\System\IrEvEaB.exe
  C:\Windows\System\IrEvEaB.exe
  2⤵
  PID:7520
- C:\Windows\System\DwOIkiC.exe
  C:\Windows\System\DwOIkiC.exe
  2⤵
  PID:7540
- C:\Windows\System\QVfbmVp.exe
  C:\Windows\System\QVfbmVp.exe
  2⤵
  PID:7560
- C:\Windows\System\bnHPalW.exe
  C:\Windows\System\bnHPalW.exe
  2⤵
  PID:7580
- C:\Windows\System\xKmxlkk.exe
  C:\Windows\System\xKmxlkk.exe
  2⤵
  PID:7600
- C:\Windows\System\eQnEDBA.exe
  C:\Windows\System\eQnEDBA.exe
  2⤵
  PID:7620
- C:\Windows\System\PaUroZE.exe
  C:\Windows\System\PaUroZE.exe
  2⤵
  PID:7640
- C:\Windows\System\FVbgiUv.exe
  C:\Windows\System\FVbgiUv.exe
  2⤵
  PID:7660
- C:\Windows\System\OsYczrF.exe
  C:\Windows\System\OsYczrF.exe
  2⤵
  PID:7676
- C:\Windows\System\KpMXSYY.exe
  C:\Windows\System\KpMXSYY.exe
  2⤵
  PID:7700
- C:\Windows\System\HWGEKrY.exe
  C:\Windows\System\HWGEKrY.exe
  2⤵
  PID:7720
- C:\Windows\System\NPVVmVg.exe
  C:\Windows\System\NPVVmVg.exe
  2⤵
  PID:7740
- C:\Windows\System\OgHZBRo.exe
  C:\Windows\System\OgHZBRo.exe
  2⤵
  PID:7760
- C:\Windows\System\XnbivGp.exe
  C:\Windows\System\XnbivGp.exe
  2⤵
  PID:7780
- C:\Windows\System\haVVZrI.exe
  C:\Windows\System\haVVZrI.exe
  2⤵
  PID:7800
- C:\Windows\System\mVEJPlb.exe
  C:\Windows\System\mVEJPlb.exe
  2⤵
  PID:7816
- C:\Windows\System\PYgAJqf.exe
  C:\Windows\System\PYgAJqf.exe
  2⤵
  PID:7844
- C:\Windows\System\xRnafmi.exe
  C:\Windows\System\xRnafmi.exe
  2⤵
  PID:7864
- C:\Windows\System\XhQaKiF.exe
  C:\Windows\System\XhQaKiF.exe
  2⤵
  PID:7884
- C:\Windows\System\RFbAFSK.exe
  C:\Windows\System\RFbAFSK.exe
  2⤵
  PID:7904
- C:\Windows\System\mjpDDGy.exe
  C:\Windows\System\mjpDDGy.exe
  2⤵
  PID:7924
- C:\Windows\System\HDWsDMr.exe
  C:\Windows\System\HDWsDMr.exe
  2⤵
  PID:7944
- C:\Windows\System\WYwxKHc.exe
  C:\Windows\System\WYwxKHc.exe
  2⤵
  PID:7964
- C:\Windows\System\oaiscaP.exe
  C:\Windows\System\oaiscaP.exe
  2⤵
  PID:7984
- C:\Windows\System\GekiNNZ.exe
  C:\Windows\System\GekiNNZ.exe
  2⤵
  PID:8004
- C:\Windows\System\pMUpqQl.exe
  C:\Windows\System\pMUpqQl.exe
  2⤵
  PID:8024
- C:\Windows\System\rtQncry.exe
  C:\Windows\System\rtQncry.exe
  2⤵
  PID:8044
- C:\Windows\System\bRzHWLC.exe
  C:\Windows\System\bRzHWLC.exe
  2⤵
  PID:8064
- C:\Windows\System\IVCAzRl.exe
  C:\Windows\System\IVCAzRl.exe
  2⤵
  PID:8084
- C:\Windows\System\LNclsZe.exe
  C:\Windows\System\LNclsZe.exe
  2⤵
  PID:8104
- C:\Windows\System\Fwslkhm.exe
  C:\Windows\System\Fwslkhm.exe
  2⤵
  PID:8124
- C:\Windows\System\KkqGnXi.exe
  C:\Windows\System\KkqGnXi.exe
  2⤵
  PID:8144
- C:\Windows\System\aBoAcHi.exe
  C:\Windows\System\aBoAcHi.exe
  2⤵
  PID:8160
- C:\Windows\System\GRoEUgu.exe
  C:\Windows\System\GRoEUgu.exe
  2⤵
  PID:8184
- C:\Windows\System\ElPryZU.exe
  C:\Windows\System\ElPryZU.exe
  2⤵
  PID:6816
- C:\Windows\System\ILYOZWM.exe
  C:\Windows\System\ILYOZWM.exe
  2⤵
  PID:6800
- C:\Windows\System\GLdhhrM.exe
  C:\Windows\System\GLdhhrM.exe
  2⤵
  PID:6856
- C:\Windows\System\zRIhiXp.exe
  C:\Windows\System\zRIhiXp.exe
  2⤵
  PID:7004
- C:\Windows\System\YyjUyuH.exe
  C:\Windows\System\YyjUyuH.exe
  2⤵
  PID:7160
- C:\Windows\System\EAyuJas.exe
  C:\Windows\System\EAyuJas.exe
  2⤵
  PID:5152
- C:\Windows\System\jwYsMOO.exe
  C:\Windows\System\jwYsMOO.exe
  2⤵
  PID:2928
- C:\Windows\System\fhaLMGo.exe
  C:\Windows\System\fhaLMGo.exe
  2⤵
  PID:6356
- C:\Windows\System\haeKeXQ.exe
  C:\Windows\System\haeKeXQ.exe
  2⤵
  PID:7196
- C:\Windows\System\xdEpAMc.exe
  C:\Windows\System\xdEpAMc.exe
  2⤵
  PID:7256
- C:\Windows\System\SOPYZqg.exe
  C:\Windows\System\SOPYZqg.exe
  2⤵
  PID:7276
- C:\Windows\System\xdilJNf.exe
  C:\Windows\System\xdilJNf.exe
  2⤵
  PID:760
- C:\Windows\System\ZCukODa.exe
  C:\Windows\System\ZCukODa.exe
  2⤵
  PID:7312
- C:\Windows\System\TnAqEJW.exe
  C:\Windows\System\TnAqEJW.exe
  2⤵
  PID:7348
- C:\Windows\System\TvGjARh.exe
  C:\Windows\System\TvGjARh.exe
  2⤵
  PID:7416
- C:\Windows\System\kAPFZNX.exe
  C:\Windows\System\kAPFZNX.exe
  2⤵
  PID:7428
- C:\Windows\System\XekisvU.exe
  C:\Windows\System\XekisvU.exe
  2⤵
  PID:7432
- C:\Windows\System\iTPcxtn.exe
  C:\Windows\System\iTPcxtn.exe
  2⤵
  PID:7472
- C:\Windows\System\fuGppsn.exe
  C:\Windows\System\fuGppsn.exe
  2⤵
  PID:7532
- C:\Windows\System\pPgbDVI.exe
  C:\Windows\System\pPgbDVI.exe
  2⤵
  PID:7572
- C:\Windows\System\EGLurzq.exe
  C:\Windows\System\EGLurzq.exe
  2⤵
  PID:7616
- C:\Windows\System\cqDNpGN.exe
  C:\Windows\System\cqDNpGN.exe
  2⤵
  PID:7628
- C:\Windows\System\DDYDHLJ.exe
  C:\Windows\System\DDYDHLJ.exe
  2⤵
  PID:7684
- C:\Windows\System\nwAaLrk.exe
  C:\Windows\System\nwAaLrk.exe
  2⤵
  PID:7688
- C:\Windows\System\IIhgyCt.exe
  C:\Windows\System\IIhgyCt.exe
  2⤵
  PID:7708
- C:\Windows\System\OutNclE.exe
  C:\Windows\System\OutNclE.exe
  2⤵
  PID:7748
- C:\Windows\System\UqlOtkC.exe
  C:\Windows\System\UqlOtkC.exe
  2⤵
  PID:7808
- C:\Windows\System\YaKbCsz.exe
  C:\Windows\System\YaKbCsz.exe
  2⤵
  PID:7828
- C:\Windows\System\VTQtzkR.exe
  C:\Windows\System\VTQtzkR.exe
  2⤵
  PID:7836
- C:\Windows\System\sLfiwUp.exe
  C:\Windows\System\sLfiwUp.exe
  2⤵
  PID:7876
- C:\Windows\System\DpzzxAB.exe
  C:\Windows\System\DpzzxAB.exe
  2⤵
  PID:7912
- C:\Windows\System\nnAbxni.exe
  C:\Windows\System\nnAbxni.exe
  2⤵
  PID:7952
- C:\Windows\System\JrgHSAP.exe
  C:\Windows\System\JrgHSAP.exe
  2⤵
  PID:8020
- C:\Windows\System\HGzKJyf.exe
  C:\Windows\System\HGzKJyf.exe
  2⤵
  PID:7996
- C:\Windows\System\aBXuvrS.exe
  C:\Windows\System\aBXuvrS.exe
  2⤵
  PID:8056
- C:\Windows\System\ugTUQIT.exe
  C:\Windows\System\ugTUQIT.exe
  2⤵
  PID:8072
- C:\Windows\System\xEzKCaV.exe
  C:\Windows\System\xEzKCaV.exe
  2⤵
  PID:8132
- C:\Windows\System\whJJEPX.exe
  C:\Windows\System\whJJEPX.exe
  2⤵
  PID:8168
- C:\Windows\System\uZHpKUs.exe
  C:\Windows\System\uZHpKUs.exe
  2⤵
  PID:8152
- C:\Windows\System\XWacBbv.exe
  C:\Windows\System\XWacBbv.exe
  2⤵
  PID:2684
- C:\Windows\System\sRgyzXE.exe
  C:\Windows\System\sRgyzXE.exe
  2⤵
  PID:6500
- C:\Windows\System\DIFssBU.exe
  C:\Windows\System\DIFssBU.exe
  2⤵
  PID:2788
- C:\Windows\System\ubHrzZI.exe
  C:\Windows\System\ubHrzZI.exe
  2⤵
  PID:5032
- C:\Windows\System\zhoWVoo.exe
  C:\Windows\System\zhoWVoo.exe
  2⤵
  PID:1644
- C:\Windows\System\vSlWwvM.exe
  C:\Windows\System\vSlWwvM.exe
  2⤵
  PID:6440
- C:\Windows\System\vKIQHek.exe
  C:\Windows\System\vKIQHek.exe
  2⤵
  PID:7228
- C:\Windows\System\zrGNeFI.exe
  C:\Windows\System\zrGNeFI.exe
  2⤵
  PID:7296
- C:\Windows\System\RZYOCIM.exe
  C:\Windows\System\RZYOCIM.exe
  2⤵
  PID:7336
- C:\Windows\System\ehzTCzZ.exe
  C:\Windows\System\ehzTCzZ.exe
  2⤵
  PID:7352
- C:\Windows\System\uQYzvoH.exe
  C:\Windows\System\uQYzvoH.exe
  2⤵
  PID:7452
- C:\Windows\System\WBZtiqa.exe
  C:\Windows\System\WBZtiqa.exe
  2⤵
  PID:7576
- C:\Windows\System\jSdeqLX.exe
  C:\Windows\System\jSdeqLX.exe
  2⤵
  PID:7596
- C:\Windows\System\BlBzsYx.exe
  C:\Windows\System\BlBzsYx.exe
  2⤵
  PID:7636
- C:\Windows\System\qnHdUCh.exe
  C:\Windows\System\qnHdUCh.exe
  2⤵
  PID:7776
- C:\Windows\System\jAoEzcX.exe
  C:\Windows\System\jAoEzcX.exe
  2⤵
  PID:7824
- C:\Windows\System\OnOnkSM.exe
  C:\Windows\System\OnOnkSM.exe
  2⤵
  PID:7872
- C:\Windows\System\aTGkSuL.exe
  C:\Windows\System\aTGkSuL.exe
  2⤵
  PID:7900
- C:\Windows\System\cjvaLbx.exe
  C:\Windows\System\cjvaLbx.exe
  2⤵
  PID:8040
- C:\Windows\System\ZPsRZVO.exe
  C:\Windows\System\ZPsRZVO.exe
  2⤵
  PID:7940
- C:\Windows\System\jHpcoDM.exe
  C:\Windows\System\jHpcoDM.exe
  2⤵
  PID:7976
- C:\Windows\System\tQTyUxH.exe
  C:\Windows\System\tQTyUxH.exe
  2⤵
  PID:8060
- C:\Windows\System\tmNhRZx.exe
  C:\Windows\System\tmNhRZx.exe
  2⤵
  PID:8100
- C:\Windows\System\foZYjjd.exe
  C:\Windows\System\foZYjjd.exe
  2⤵
  PID:6752
- C:\Windows\System\DQyqzWY.exe
  C:\Windows\System\DQyqzWY.exe
  2⤵
  PID:7120
- C:\Windows\System\ziCfVvL.exe
  C:\Windows\System\ziCfVvL.exe
  2⤵
  PID:6700
- C:\Windows\System\gSIHNgr.exe
  C:\Windows\System\gSIHNgr.exe
  2⤵
  PID:6336
- C:\Windows\System\qwykTyn.exe
  C:\Windows\System\qwykTyn.exe
  2⤵
  PID:7212
- C:\Windows\System\QlcfwEp.exe
  C:\Windows\System\QlcfwEp.exe
  2⤵
  PID:2884
- C:\Windows\System\uYkGRJq.exe
  C:\Windows\System\uYkGRJq.exe
  2⤵
  PID:7568
- C:\Windows\System\YIpiRqG.exe
  C:\Windows\System\YIpiRqG.exe
  2⤵
  PID:2692
- C:\Windows\System\DlrYode.exe
  C:\Windows\System\DlrYode.exe
  2⤵
  PID:7512
- C:\Windows\System\aUvBPpQ.exe
  C:\Windows\System\aUvBPpQ.exe
  2⤵
  PID:7736
- C:\Windows\System\CRRDsQF.exe
  C:\Windows\System\CRRDsQF.exe
  2⤵
  PID:7656
- C:\Windows\System\lJyMtvM.exe
  C:\Windows\System\lJyMtvM.exe
  2⤵
  PID:8092
- C:\Windows\System\ndBaSML.exe
  C:\Windows\System\ndBaSML.exe
  2⤵
  PID:8036
- C:\Windows\System\DdpZGau.exe
  C:\Windows\System\DdpZGau.exe
  2⤵
  PID:1640
- C:\Windows\System\KBejeGH.exe
  C:\Windows\System\KBejeGH.exe
  2⤵
  PID:2840
- C:\Windows\System\erQGNes.exe
  C:\Windows\System\erQGNes.exe
  2⤵
  PID:3380
- C:\Windows\System\toyEbry.exe
  C:\Windows\System\toyEbry.exe
  2⤵
  PID:6692
- C:\Windows\System\tVOIeBg.exe
  C:\Windows\System\tVOIeBg.exe
  2⤵
  PID:6924
- C:\Windows\System\sUOXPHn.exe
  C:\Windows\System\sUOXPHn.exe
  2⤵
  PID:7396
- C:\Windows\System\nGlOAUu.exe
  C:\Windows\System\nGlOAUu.exe
  2⤵
  PID:7696
- C:\Windows\System\yEicQTI.exe
  C:\Windows\System\yEicQTI.exe
  2⤵
  PID:2676
- C:\Windows\System\NajfHJh.exe
  C:\Windows\System\NajfHJh.exe
  2⤵
  PID:7668
- C:\Windows\System\MYWPGup.exe
  C:\Windows\System\MYWPGup.exe
  2⤵
  PID:7920
- C:\Windows\System\jgCyjUC.exe
  C:\Windows\System\jgCyjUC.exe
  2⤵
  PID:7880
- C:\Windows\System\wNkvOKB.exe
  C:\Windows\System\wNkvOKB.exe
  2⤵
  PID:8136
- C:\Windows\System\HmumJFr.exe
  C:\Windows\System\HmumJFr.exe
  2⤵
  PID:8180
- C:\Windows\System\EhDfZap.exe
  C:\Windows\System\EhDfZap.exe
  2⤵
  PID:4748
- C:\Windows\System\CqAcwNb.exe
  C:\Windows\System\CqAcwNb.exe
  2⤵
  PID:7288
- C:\Windows\System\utgxxlV.exe
  C:\Windows\System\utgxxlV.exe
  2⤵
  PID:8208
- C:\Windows\System\emqKGdt.exe
  C:\Windows\System\emqKGdt.exe
  2⤵
  PID:8224
- C:\Windows\System\FmagYUQ.exe
  C:\Windows\System\FmagYUQ.exe
  2⤵
  PID:8240
- C:\Windows\System\CgZSGWE.exe
  C:\Windows\System\CgZSGWE.exe
  2⤵
  PID:8256
- C:\Windows\System\iuLnLiU.exe
  C:\Windows\System\iuLnLiU.exe
  2⤵
  PID:8276
- C:\Windows\System\hLkAKbf.exe
  C:\Windows\System\hLkAKbf.exe
  2⤵
  PID:8292
- C:\Windows\System\iRdYzoi.exe
  C:\Windows\System\iRdYzoi.exe
  2⤵
  PID:8308
- C:\Windows\System\fcYuSFM.exe
  C:\Windows\System\fcYuSFM.exe
  2⤵
  PID:8356
- C:\Windows\System\RwUzVea.exe
  C:\Windows\System\RwUzVea.exe
  2⤵
  PID:8372
- C:\Windows\System\LAfIcZQ.exe
  C:\Windows\System\LAfIcZQ.exe
  2⤵
  PID:8388
- C:\Windows\System\cfawLSC.exe
  C:\Windows\System\cfawLSC.exe
  2⤵
  PID:8404
- C:\Windows\System\IaahBVc.exe
  C:\Windows\System\IaahBVc.exe
  2⤵
  PID:8424
- C:\Windows\System\mrKoyLi.exe
  C:\Windows\System\mrKoyLi.exe
  2⤵
  PID:8440
- C:\Windows\System\pkXfjSU.exe
  C:\Windows\System\pkXfjSU.exe
  2⤵
  PID:8456
- C:\Windows\System\FQsZZoT.exe
  C:\Windows\System\FQsZZoT.exe
  2⤵
  PID:8500
- C:\Windows\System\MeVMtTT.exe
  C:\Windows\System\MeVMtTT.exe
  2⤵
  PID:8528
- C:\Windows\System\XrqIhQy.exe
  C:\Windows\System\XrqIhQy.exe
  2⤵
  PID:8548
- C:\Windows\System\vICKQTm.exe
  C:\Windows\System\vICKQTm.exe
  2⤵
  PID:8596
- C:\Windows\System\XPgmzCC.exe
  C:\Windows\System\XPgmzCC.exe
  2⤵
  PID:8616
- C:\Windows\System\JdPtkfC.exe
  C:\Windows\System\JdPtkfC.exe
  2⤵
  PID:8632
- C:\Windows\System\kSsXRec.exe
  C:\Windows\System\kSsXRec.exe
  2⤵
  PID:8648
- C:\Windows\System\mXorFaH.exe
  C:\Windows\System\mXorFaH.exe
  2⤵
  PID:8664
- C:\Windows\System\hhrFNac.exe
  C:\Windows\System\hhrFNac.exe
  2⤵
  PID:8680
- C:\Windows\System\bMSXIdP.exe
  C:\Windows\System\bMSXIdP.exe
  2⤵
  PID:8696
- C:\Windows\System\gpQRuxD.exe
  C:\Windows\System\gpQRuxD.exe
  2⤵
  PID:8712
- C:\Windows\System\LNJQODe.exe
  C:\Windows\System\LNJQODe.exe
  2⤵
  PID:8728
- C:\Windows\System\SjlXdJD.exe
  C:\Windows\System\SjlXdJD.exe
  2⤵
  PID:8744
- C:\Windows\System\ulEmnXI.exe
  C:\Windows\System\ulEmnXI.exe
  2⤵
  PID:8772
- C:\Windows\System\cOdyoFd.exe
  C:\Windows\System\cOdyoFd.exe
  2⤵
  PID:8788
- C:\Windows\System\RwgsaUT.exe
  C:\Windows\System\RwgsaUT.exe
  2⤵
  PID:8812
- C:\Windows\System\SgpBjvI.exe
  C:\Windows\System\SgpBjvI.exe
  2⤵
  PID:8840
- C:\Windows\System\iEEhipD.exe
  C:\Windows\System\iEEhipD.exe
  2⤵
  PID:8860
- C:\Windows\System\sWlwnsU.exe
  C:\Windows\System\sWlwnsU.exe
  2⤵
  PID:8880
- C:\Windows\System\DFbsSnp.exe
  C:\Windows\System\DFbsSnp.exe
  2⤵
  PID:8900
- C:\Windows\System\YKJqRyG.exe
  C:\Windows\System\YKJqRyG.exe
  2⤵
  PID:8916
- C:\Windows\System\mFDdvbs.exe
  C:\Windows\System\mFDdvbs.exe
  2⤵
  PID:8932
- C:\Windows\System\cnkdEFc.exe
  C:\Windows\System\cnkdEFc.exe
  2⤵
  PID:8948
- C:\Windows\System\mxQiqwn.exe
  C:\Windows\System\mxQiqwn.exe
  2⤵
  PID:8964
- C:\Windows\System\aBOMFeY.exe
  C:\Windows\System\aBOMFeY.exe
  2⤵
  PID:9024
- C:\Windows\System\kYeCAkR.exe
  C:\Windows\System\kYeCAkR.exe
  2⤵
  PID:9040
- C:\Windows\System\sGuWukH.exe
  C:\Windows\System\sGuWukH.exe
  2⤵
  PID:9056
- C:\Windows\System\dtNCURA.exe
  C:\Windows\System\dtNCURA.exe
  2⤵
  PID:9080
- C:\Windows\System\nIofVLm.exe
  C:\Windows\System\nIofVLm.exe
  2⤵
  PID:9100
- C:\Windows\System\lmPVcrp.exe
  C:\Windows\System\lmPVcrp.exe
  2⤵
  PID:9116
- C:\Windows\System\rOIROhG.exe
  C:\Windows\System\rOIROhG.exe
  2⤵
  PID:9132
- C:\Windows\System\AacFaMN.exe
  C:\Windows\System\AacFaMN.exe
  2⤵
  PID:9152
- C:\Windows\System\PMpILSO.exe
  C:\Windows\System\PMpILSO.exe
  2⤵
  PID:9172
- C:\Windows\System\tsetsMn.exe
  C:\Windows\System\tsetsMn.exe
  2⤵
  PID:9200
- C:\Windows\System\CeBFitz.exe
  C:\Windows\System\CeBFitz.exe
  2⤵
  PID:7372
- C:\Windows\System\eFmZkwk.exe
  C:\Windows\System\eFmZkwk.exe
  2⤵
  PID:7608
- C:\Windows\System\dhwgZmR.exe
  C:\Windows\System\dhwgZmR.exe
  2⤵
  PID:2948
- C:\Windows\System\Ulatdyr.exe
  C:\Windows\System\Ulatdyr.exe
  2⤵
  PID:3028
- C:\Windows\System\AtXuZDV.exe
  C:\Windows\System\AtXuZDV.exe
  2⤵
  PID:2340
- C:\Windows\System\krLVThl.exe
  C:\Windows\System\krLVThl.exe
  2⤵
  PID:7292
- C:\Windows\System\JqUJYpi.exe
  C:\Windows\System\JqUJYpi.exe
  2⤵
  PID:8236
- C:\Windows\System\gBQMWVj.exe
  C:\Windows\System\gBQMWVj.exe
  2⤵
  PID:8268
- C:\Windows\System\bexRzHm.exe
  C:\Windows\System\bexRzHm.exe
  2⤵
  PID:8288
- C:\Windows\System\BBUMtqm.exe
  C:\Windows\System\BBUMtqm.exe
  2⤵
  PID:2448
- C:\Windows\System\aHHHmMR.exe
  C:\Windows\System\aHHHmMR.exe
  2⤵
  PID:8328
- C:\Windows\System\gHEBgqH.exe
  C:\Windows\System\gHEBgqH.exe
  2⤵
  PID:8336
- C:\Windows\System\FbWgYIk.exe
  C:\Windows\System\FbWgYIk.exe
  2⤵
  PID:2576
- C:\Windows\System\NqYoaWw.exe
  C:\Windows\System\NqYoaWw.exe
  2⤵
  PID:2160
- C:\Windows\System\AnXOzkr.exe
  C:\Windows\System\AnXOzkr.exe
  2⤵
  PID:8348
- C:\Windows\System\eNooBSJ.exe
  C:\Windows\System\eNooBSJ.exe
  2⤵
  PID:1956
- C:\Windows\System\XuesVeW.exe
  C:\Windows\System\XuesVeW.exe
  2⤵
  PID:2972
- C:\Windows\System\waPyzzB.exe
  C:\Windows\System\waPyzzB.exe
  2⤵
  PID:1284
- C:\Windows\System\rrjNYlz.exe
  C:\Windows\System\rrjNYlz.exe
  2⤵
  PID:1132
- C:\Windows\System\OaiQbzw.exe
  C:\Windows\System\OaiQbzw.exe
  2⤵
  PID:2524
- C:\Windows\System\xKhojLe.exe
  C:\Windows\System\xKhojLe.exe
  2⤵
  PID:8436
- C:\Windows\System\SIMobKo.exe
  C:\Windows\System\SIMobKo.exe
  2⤵
  PID:1004
- C:\Windows\System\cvctXiH.exe
  C:\Windows\System\cvctXiH.exe
  2⤵
  PID:8520
- C:\Windows\System\jauyehn.exe
  C:\Windows\System\jauyehn.exe
  2⤵
  PID:8524
- C:\Windows\System\zqvOgUT.exe
  C:\Windows\System\zqvOgUT.exe
  2⤵
  PID:1688
- C:\Windows\System\sDtddcR.exe
  C:\Windows\System\sDtddcR.exe
  2⤵
  PID:8576
- C:\Windows\System\anjRVzJ.exe
  C:\Windows\System\anjRVzJ.exe
  2⤵
  PID:8584
- C:\Windows\System\TVybGfa.exe
  C:\Windows\System\TVybGfa.exe
  2⤵
  PID:8672
- C:\Windows\System\OUDTpQT.exe
  C:\Windows\System\OUDTpQT.exe
  2⤵
  PID:8708
- C:\Windows\System\yFoxOAN.exe
  C:\Windows\System\yFoxOAN.exe
  2⤵
  PID:8624
- C:\Windows\System\miEUeHe.exe
  C:\Windows\System\miEUeHe.exe
  2⤵
  PID:8828
- C:\Windows\System\WznNjmC.exe
  C:\Windows\System\WznNjmC.exe
  2⤵
  PID:8660
- C:\Windows\System\TdoHHrZ.exe
  C:\Windows\System\TdoHHrZ.exe
  2⤵
  PID:8756
- C:\Windows\System\vtNracr.exe
  C:\Windows\System\vtNracr.exe
  2⤵
  PID:8808
- C:\Windows\System\ZeilrdI.exe
  C:\Windows\System\ZeilrdI.exe
  2⤵
  PID:8912
- C:\Windows\System\SKBFFDJ.exe
  C:\Windows\System\SKBFFDJ.exe
  2⤵
  PID:8956
- C:\Windows\System\NZoFulL.exe
  C:\Windows\System\NZoFulL.exe
  2⤵
  PID:8892
- C:\Windows\System\mOPMgXX.exe
  C:\Windows\System\mOPMgXX.exe
  2⤵
  PID:8992
- C:\Windows\System\gRwrpbG.exe
  C:\Windows\System\gRwrpbG.exe
  2⤵
  PID:9020
- C:\Windows\System\orBcTWS.exe
  C:\Windows\System\orBcTWS.exe
  2⤵
  PID:9052
- C:\Windows\System\MjLsBwt.exe
  C:\Windows\System\MjLsBwt.exe
  2⤵
  PID:9128
- C:\Windows\System\foSvNZJ.exe
  C:\Windows\System\foSvNZJ.exe
  2⤵
  PID:9108
- C:\Windows\System\dLljPdF.exe
  C:\Windows\System\dLljPdF.exe
  2⤵
  PID:9148
- C:\Windows\System\oJkxKXA.exe
  C:\Windows\System\oJkxKXA.exe
  2⤵
  PID:9196
- C:\Windows\System\aYTBmzq.exe
  C:\Windows\System\aYTBmzq.exe
  2⤵
  PID:7632
- C:\Windows\System\OHlvjFs.exe
  C:\Windows\System\OHlvjFs.exe
  2⤵
  PID:7992
- C:\Windows\System\ClVjdtJ.exe
  C:\Windows\System\ClVjdtJ.exe
  2⤵
  PID:8200
- C:\Windows\System\wxKlzFM.exe
  C:\Windows\System\wxKlzFM.exe
  2⤵
  PID:8156
- C:\Windows\System\KjweKvn.exe
  C:\Windows\System\KjweKvn.exe
  2⤵
  PID:8272
- C:\Windows\System\fDPIDtB.exe
  C:\Windows\System\fDPIDtB.exe
  2⤵
  PID:8304
- C:\Windows\System\BNyotNi.exe
  C:\Windows\System\BNyotNi.exe
  2⤵
  PID:2016
- C:\Windows\System\pOYpEQd.exe
  C:\Windows\System\pOYpEQd.exe
  2⤵
  PID:8332
- C:\Windows\System\VdkKssa.exe
  C:\Windows\System\VdkKssa.exe
  2⤵
  PID:644
- C:\Windows\System\AgWdpRn.exe
  C:\Windows\System\AgWdpRn.exe
  2⤵
  PID:8352
- C:\Windows\System\GRXGoHZ.exe
  C:\Windows\System\GRXGoHZ.exe
  2⤵
  PID:2164
- C:\Windows\System\RaYcglW.exe
  C:\Windows\System\RaYcglW.exe
  2⤵
  PID:2452
- C:\Windows\System\oGdeQWx.exe
  C:\Windows\System\oGdeQWx.exe
  2⤵
  PID:8412
- C:\Windows\System\iQcVqJa.exe
  C:\Windows\System\iQcVqJa.exe
  2⤵
  PID:8572
- C:\Windows\System\lxvDRxj.exe
  C:\Windows\System\lxvDRxj.exe
  2⤵
  PID:8704
- C:\Windows\System\tyhncjG.exe
  C:\Windows\System\tyhncjG.exe
  2⤵
  PID:8784
- C:\Windows\System\XnNKGSo.exe
  C:\Windows\System\XnNKGSo.exe
  2⤵
  PID:8568
- C:\Windows\System\olXhtSE.exe
  C:\Windows\System\olXhtSE.exe
  2⤵
  PID:8876
- C:\Windows\System\AymaVqe.exe
  C:\Windows\System\AymaVqe.exe
  2⤵
  PID:8608
- C:\Windows\System\VqWiGKJ.exe
  C:\Windows\System\VqWiGKJ.exe
  2⤵
  PID:8720
- C:\Windows\System\bMlEGew.exe
  C:\Windows\System\bMlEGew.exe
  2⤵
  PID:8852
- C:\Windows\System\cJAjdYR.exe
  C:\Windows\System\cJAjdYR.exe
  2⤵
  PID:8896
- C:\Windows\System\uzOgpck.exe
  C:\Windows\System\uzOgpck.exe
  2⤵
  PID:9004
- C:\Windows\System\DUYmSKq.exe
  C:\Windows\System\DUYmSKq.exe
  2⤵
  PID:8980
- C:\Windows\System\zZeQhNA.exe
  C:\Windows\System\zZeQhNA.exe
  2⤵
  PID:9076
- C:\Windows\System\ZfwZMoU.exe
  C:\Windows\System\ZfwZMoU.exe
  2⤵
  PID:9164
- C:\Windows\System\XXMwzsD.exe
  C:\Windows\System\XXMwzsD.exe
  2⤵
  PID:9180
- C:\Windows\System\NMUzWgM.exe
  C:\Windows\System\NMUzWgM.exe
  2⤵
  PID:1528
- C:\Windows\System\mPPpnuR.exe
  C:\Windows\System\mPPpnuR.exe
  2⤵
  PID:7972
- C:\Windows\System\dXRGkdu.exe
  C:\Windows\System\dXRGkdu.exe
  2⤵
  PID:2580
- C:\Windows\System\bkEayiz.exe
  C:\Windows\System\bkEayiz.exe
  2⤵
  PID:8264
- C:\Windows\System\XsGIWYi.exe
  C:\Windows\System\XsGIWYi.exe
  2⤵
  PID:2052
- C:\Windows\System\aBpevzy.exe
  C:\Windows\System\aBpevzy.exe
  2⤵
  PID:8364
- C:\Windows\System\FjcBEfh.exe
  C:\Windows\System\FjcBEfh.exe
  2⤵
  PID:2040
- C:\Windows\System\Fcrqirh.exe
  C:\Windows\System\Fcrqirh.exe
  2⤵
  PID:8640
- C:\Windows\System\SbccVoO.exe
  C:\Windows\System\SbccVoO.exe
  2⤵
  PID:8448
- C:\Windows\System\pokRFzH.exe
  C:\Windows\System\pokRFzH.exe
  2⤵
  PID:8452
- C:\Windows\System\rVNqeEN.exe
  C:\Windows\System\rVNqeEN.exe
  2⤵
  PID:8516
- C:\Windows\System\GhsQFgv.exe
  C:\Windows\System\GhsQFgv.exe
  2⤵
  PID:8752
- C:\Windows\System\pSPdxEu.exe
  C:\Windows\System\pSPdxEu.exe
  2⤵
  PID:8944
- C:\Windows\System\EnPKulc.exe
  C:\Windows\System\EnPKulc.exe
  2⤵
  PID:9096
- C:\Windows\System\gvSisJT.exe
  C:\Windows\System\gvSisJT.exe
  2⤵
  PID:9072
- C:\Windows\System\xwwvZGD.exe
  C:\Windows\System\xwwvZGD.exe
  2⤵
  PID:9184
- C:\Windows\System\wQBPXnF.exe
  C:\Windows\System\wQBPXnF.exe
  2⤵
  PID:7268
- C:\Windows\System\KVyDeuR.exe
  C:\Windows\System\KVyDeuR.exe
  2⤵
  PID:2716
- C:\Windows\System\JPMDkwN.exe
  C:\Windows\System\JPMDkwN.exe
  2⤵
  PID:8344
- C:\Windows\System\ZaUUHeJ.exe
  C:\Windows\System\ZaUUHeJ.exe
  2⤵
  PID:2252
- C:\Windows\System\DNtkYht.exe
  C:\Windows\System\DNtkYht.exe
  2⤵
  PID:8656
- C:\Windows\System\OwlaGLr.exe
  C:\Windows\System\OwlaGLr.exe
  2⤵
  PID:8832
- C:\Windows\System\pyLddiQ.exe
  C:\Windows\System\pyLddiQ.exe
  2⤵
  PID:8800
- C:\Windows\System\HAGFZcT.exe
  C:\Windows\System\HAGFZcT.exe
  2⤵
  PID:8996
- C:\Windows\System\gjmSMfg.exe
  C:\Windows\System\gjmSMfg.exe
  2⤵
  PID:9212
- C:\Windows\System\lslQSJV.exe
  C:\Windows\System\lslQSJV.exe
  2⤵
  PID:8316
- C:\Windows\System\wbmouHM.exe
  C:\Windows\System\wbmouHM.exe
  2⤵
  PID:3032
- C:\Windows\System\VXEOiAw.exe
  C:\Windows\System\VXEOiAw.exe
  2⤵
  PID:8420
- C:\Windows\System\oUXTZTO.exe
  C:\Windows\System\oUXTZTO.exe
  2⤵
  PID:708
- C:\Windows\System\WfVkZSB.exe
  C:\Windows\System\WfVkZSB.exe
  2⤵
  PID:7528
- C:\Windows\System\sSWrrAQ.exe
  C:\Windows\System\sSWrrAQ.exe
  2⤵
  PID:8340
- C:\Windows\System\EEyevBD.exe
  C:\Windows\System\EEyevBD.exe
  2⤵
  PID:7488
- C:\Windows\System\OGqJgKY.exe
  C:\Windows\System\OGqJgKY.exe
  2⤵
  PID:8604
- C:\Windows\System\CyIlxfk.exe
  C:\Windows\System\CyIlxfk.exe
  2⤵
  PID:9124
- C:\Windows\System\vydTWdW.exe
  C:\Windows\System\vydTWdW.exe
  2⤵
  PID:8644
- C:\Windows\System\zVTgllG.exe
  C:\Windows\System\zVTgllG.exe
  2⤵
  PID:8736
- C:\Windows\System\tHXiCXe.exe
  C:\Windows\System\tHXiCXe.exe
  2⤵
  PID:8960
- C:\Windows\System\LSbZHHW.exe
  C:\Windows\System\LSbZHHW.exe
  2⤵
  PID:9068
- C:\Windows\System\GvhCJKz.exe
  C:\Windows\System\GvhCJKz.exe
  2⤵
  PID:9048
- C:\Windows\System\jOKhpxE.exe
  C:\Windows\System\jOKhpxE.exe
  2⤵
  PID:9232
- C:\Windows\System\aReNaDl.exe
  C:\Windows\System\aReNaDl.exe
  2⤵
  PID:9248
- C:\Windows\System\BSnmYNH.exe
  C:\Windows\System\BSnmYNH.exe
  2⤵
  PID:9268
- C:\Windows\System\zAYsNEl.exe
  C:\Windows\System\zAYsNEl.exe
  2⤵
  PID:9292
- C:\Windows\System\ziKdWVH.exe
  C:\Windows\System\ziKdWVH.exe
  2⤵
  PID:9312
- C:\Windows\System\aJMHiNn.exe
  C:\Windows\System\aJMHiNn.exe
  2⤵
  PID:9328
- C:\Windows\System\KDyoxhn.exe
  C:\Windows\System\KDyoxhn.exe
  2⤵
  PID:9348
- C:\Windows\System\DkSzcSJ.exe
  C:\Windows\System\DkSzcSJ.exe
  2⤵
  PID:9368
- C:\Windows\System\ZIKUpmt.exe
  C:\Windows\System\ZIKUpmt.exe
  2⤵
  PID:9392
- C:\Windows\System\VgggnAG.exe
  C:\Windows\System\VgggnAG.exe
  2⤵
  PID:9412
- C:\Windows\System\bcHJjQA.exe
  C:\Windows\System\bcHJjQA.exe
  2⤵
  PID:9428
- C:\Windows\System\HzXBLmM.exe
  C:\Windows\System\HzXBLmM.exe
  2⤵
  PID:9452
- C:\Windows\System\yAqetbi.exe
  C:\Windows\System\yAqetbi.exe
  2⤵
  PID:9468
- C:\Windows\System\eziPnmM.exe
  C:\Windows\System\eziPnmM.exe
  2⤵
  PID:9488
- C:\Windows\System\ojsIgpK.exe
  C:\Windows\System\ojsIgpK.exe
  2⤵
  PID:9508
- C:\Windows\System\KdGrvEb.exe
  C:\Windows\System\KdGrvEb.exe
  2⤵
  PID:9532
- C:\Windows\System\tkEsZYh.exe
  C:\Windows\System\tkEsZYh.exe
  2⤵
  PID:9552
- C:\Windows\System\RZQbVOe.exe
  C:\Windows\System\RZQbVOe.exe
  2⤵
  PID:9568
- C:\Windows\System\Sxodmyz.exe
  C:\Windows\System\Sxodmyz.exe
  2⤵
  PID:9592
- C:\Windows\System\WYzAYBx.exe
  C:\Windows\System\WYzAYBx.exe
  2⤵
  PID:9608
- C:\Windows\System\iaPfcTE.exe
  C:\Windows\System\iaPfcTE.exe
  2⤵
  PID:9628
- C:\Windows\System\piBavus.exe
  C:\Windows\System\piBavus.exe
  2⤵
  PID:9648
- C:\Windows\System\GdhXzIm.exe
  C:\Windows\System\GdhXzIm.exe
  2⤵
  PID:9672
- C:\Windows\System\AQUrNfQ.exe
  C:\Windows\System\AQUrNfQ.exe
  2⤵
  PID:9696
- C:\Windows\System\cgcbtRA.exe
  C:\Windows\System\cgcbtRA.exe
  2⤵
  PID:9712
- C:\Windows\System\uPVqwko.exe
  C:\Windows\System\uPVqwko.exe
  2⤵
  PID:9748
- C:\Windows\System\TRvUjkB.exe
  C:\Windows\System\TRvUjkB.exe
  2⤵
  PID:9772
- C:\Windows\System\NpIceJp.exe
  C:\Windows\System\NpIceJp.exe
  2⤵
  PID:9804
- C:\Windows\System\VGBXWAy.exe
  C:\Windows\System\VGBXWAy.exe
  2⤵
  PID:9820
- C:\Windows\System\AzOBnCm.exe
  C:\Windows\System\AzOBnCm.exe
  2⤵
  PID:9836
- C:\Windows\System\gypQNQQ.exe
  C:\Windows\System\gypQNQQ.exe
  2⤵
  PID:9852
- C:\Windows\System\IKQFecw.exe
  C:\Windows\System\IKQFecw.exe
  2⤵
  PID:9868
- C:\Windows\System\JopXrky.exe
  C:\Windows\System\JopXrky.exe
  2⤵
  PID:9900
- C:\Windows\System\ShmdQQq.exe
  C:\Windows\System\ShmdQQq.exe
  2⤵
  PID:9916
- C:\Windows\System\qDIJynu.exe
  C:\Windows\System\qDIJynu.exe
  2⤵
  PID:9932
- C:\Windows\System\pIQrwGI.exe
  C:\Windows\System\pIQrwGI.exe
  2⤵
  PID:9948
- C:\Windows\System\UxkLJMh.exe
  C:\Windows\System\UxkLJMh.exe
  2⤵
  PID:9964
- C:\Windows\System\hAWgPpQ.exe
  C:\Windows\System\hAWgPpQ.exe
  2⤵
  PID:9980
- C:\Windows\System\vLPgeoU.exe
  C:\Windows\System\vLPgeoU.exe
  2⤵
  PID:10000
- C:\Windows\System\hcooxsr.exe
  C:\Windows\System\hcooxsr.exe
  2⤵
  PID:10020
- C:\Windows\System\XpVZxPa.exe
  C:\Windows\System\XpVZxPa.exe
  2⤵
  PID:10036
- C:\Windows\System\sWFZXjj.exe
  C:\Windows\System\sWFZXjj.exe
  2⤵
  PID:10052
- C:\Windows\System\URwwFPI.exe
  C:\Windows\System\URwwFPI.exe
  2⤵
  PID:10076
- C:\Windows\System\DRodSaU.exe
  C:\Windows\System\DRodSaU.exe
  2⤵
  PID:10092
- C:\Windows\System\jBAOFqi.exe
  C:\Windows\System\jBAOFqi.exe
  2⤵
  PID:10108
- C:\Windows\System\mPfcWTt.exe
  C:\Windows\System\mPfcWTt.exe
  2⤵
  PID:10128
- C:\Windows\System\vYVepje.exe
  C:\Windows\System\vYVepje.exe
  2⤵
  PID:10144
- C:\Windows\System\iWhUIHw.exe
  C:\Windows\System\iWhUIHw.exe
  2⤵
  PID:10168
- C:\Windows\System\pRRByyo.exe
  C:\Windows\System\pRRByyo.exe
  2⤵
  PID:10188
- C:\Windows\System\CrSoCGY.exe
  C:\Windows\System\CrSoCGY.exe
  2⤵
  PID:10204
- C:\Windows\System\tByZMzu.exe
  C:\Windows\System\tByZMzu.exe
  2⤵
  PID:10220
- C:\Windows\System\IYnHkTL.exe
  C:\Windows\System\IYnHkTL.exe
  2⤵
  PID:8016
- C:\Windows\System\EpsKWSB.exe
  C:\Windows\System\EpsKWSB.exe
  2⤵
  PID:9244
- C:\Windows\System\tMjpijP.exe
  C:\Windows\System\tMjpijP.exe
  2⤵
  PID:9288
- C:\Windows\System\EhrjWIy.exe
  C:\Windows\System\EhrjWIy.exe
  2⤵
  PID:9320
- C:\Windows\System\QtgtyZb.exe
  C:\Windows\System\QtgtyZb.exe
  2⤵
  PID:9340
- C:\Windows\System\nXiakdz.exe
  C:\Windows\System\nXiakdz.exe
  2⤵
  PID:9408
- C:\Windows\System\HofLjHq.exe
  C:\Windows\System\HofLjHq.exe
  2⤵
  PID:9476
- C:\Windows\System\SrZNoFp.exe
  C:\Windows\System\SrZNoFp.exe
  2⤵
  PID:9504
- C:\Windows\System\rQMQVeP.exe
  C:\Windows\System\rQMQVeP.exe
  2⤵
  PID:9540
- C:\Windows\System\SwRhzwv.exe
  C:\Windows\System\SwRhzwv.exe
  2⤵
  PID:9564
- C:\Windows\System\zLJjumo.exe
  C:\Windows\System\zLJjumo.exe
  2⤵
  PID:9584
- C:\Windows\System\gnjZpkV.exe
  C:\Windows\System\gnjZpkV.exe
  2⤵
  PID:9624
- C:\Windows\System\rdxqfGi.exe
  C:\Windows\System\rdxqfGi.exe
  2⤵
  PID:9680
- C:\Windows\System\jDAUcPC.exe
  C:\Windows\System\jDAUcPC.exe
  2⤵
  PID:9704
- C:\Windows\System\wZGGDWg.exe
  C:\Windows\System\wZGGDWg.exe
  2⤵
  PID:9768
- C:\Windows\System\XDapjTF.exe
  C:\Windows\System\XDapjTF.exe
  2⤵
  PID:9688
- C:\Windows\System\QpViWpP.exe
  C:\Windows\System\QpViWpP.exe
  2⤵
  PID:9784
- C:\Windows\System\QxZNrkp.exe
  C:\Windows\System\QxZNrkp.exe
  2⤵
  PID:9848
- C:\Windows\System\ZqTIspS.exe
  C:\Windows\System\ZqTIspS.exe
  2⤵
  PID:9892
- C:\Windows\System\rZQyhjf.exe
  C:\Windows\System\rZQyhjf.exe
  2⤵
  PID:9956
- C:\Windows\System\RJFgrrr.exe
  C:\Windows\System\RJFgrrr.exe
  2⤵
  PID:9996
- C:\Windows\System\BiFPgys.exe
  C:\Windows\System\BiFPgys.exe
  2⤵
  PID:10032
- C:\Windows\System\ZxNTDIJ.exe
  C:\Windows\System\ZxNTDIJ.exe
  2⤵
  PID:10072
- C:\Windows\System\AgMXyZk.exe
  C:\Windows\System\AgMXyZk.exe
  2⤵
  PID:9828
- C:\Windows\System\wSEWRsU.exe
  C:\Windows\System\wSEWRsU.exe
  2⤵
  PID:10212
- C:\Windows\System\hdTLFcJ.exe
  C:\Windows\System\hdTLFcJ.exe
  2⤵
  PID:9220
- C:\Windows\System\Semaruy.exe
  C:\Windows\System\Semaruy.exe
  2⤵
  PID:10008
- C:\Windows\System\ojXKAWr.exe
  C:\Windows\System\ojXKAWr.exe
  2⤵
  PID:10232
- C:\Windows\System\yXYfTpg.exe
  C:\Windows\System\yXYfTpg.exe
  2⤵
  PID:9908
- C:\Windows\System\WdUcfbj.exe
  C:\Windows\System\WdUcfbj.exe
  2⤵
  PID:10164
- C:\Windows\System\FvrSrPi.exe
  C:\Windows\System\FvrSrPi.exe
  2⤵
  PID:10088
- C:\Windows\System\rLOgTaz.exe
  C:\Windows\System\rLOgTaz.exe
  2⤵
  PID:9300
- C:\Windows\System\JnDLdYU.exe
  C:\Windows\System\JnDLdYU.exe
  2⤵
  PID:9364
- C:\Windows\System\vrLYQlu.exe
  C:\Windows\System\vrLYQlu.exe
  2⤵
  PID:9380
- C:\Windows\System\ZAxcAmG.exe
  C:\Windows\System\ZAxcAmG.exe
  2⤵
  PID:9976
- C:\Windows\System\aBqPAhX.exe
  C:\Windows\System\aBqPAhX.exe
  2⤵
  PID:9480
- C:\Windows\System\NTUsrep.exe
  C:\Windows\System\NTUsrep.exe
  2⤵
  PID:9424
- C:\Windows\System\WgWvhwU.exe
  C:\Windows\System\WgWvhwU.exe
  2⤵
  PID:9548
- C:\Windows\System\YJPGFCb.exe
  C:\Windows\System\YJPGFCb.exe
  2⤵
  PID:9620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BaWCMgK.exe

Filesize
5.9MB

MD5
705533ffb3a60016a354446f7d763abd

SHA1
995ccc8d1add8041ef3813deffa14e77c5895190

SHA256
0f86f5b852a0df2e1665c0a0319ac3e19d9e8579188de1ade71294709abd8ee3

SHA512
9a8a050682b626a4d6c9e5ee55011f138d01daf2357201a18725d8fd18ad81068e0238174610b082718f544c41125ffd37e37a3598591eae9f2261e9338aec08

Download Submit
C:\Windows\system\CScvYIE.exe

Filesize
8B

MD5
ace62352ac2bfd3732be8954975804dc

SHA1
451fc20b424dce89eee535ef0cd00389101cfc26

SHA256
c61ba97a14b3f4cb308fd34c9545dbe5e047ca44d40b8a5967c05e576435ce18

SHA512
653abc67447da9e863b38f98c5297efcff5a8a5c104aa99d577029ccb0e7ad5cbcf7d89f0c37736967152116d776147e6aed55b51c1a91ed63b6a31f5fa34a65

Download Submit
C:\Windows\system\CitdkhX.exe

Filesize
5.9MB

MD5
b24e35edfea989c88f2a68303b40dbd3

SHA1
dc8021843830f14cdc9adc1cbffdd81ecc61ee5a

SHA256
aee56e017000dcfcd13730817f66181f3f37d8e0eb9561b63c80fbd59d75290d

SHA512
b88d95cfe29fcfba4613aec27be804f63d1eed96fc43f866c03e2ac25e9bcc0eaa628b905e4c66b04ec693d653fb9b3fb0bf63f51c790b772f31ae2966b0ef6f

Download Submit
C:\Windows\system\GbyPmDW.exe

Filesize
5.9MB

MD5
5b023108c7087ad62643b76ad574b384

SHA1
7f9d466b4f54e98443cdfd8b7d11ce80a3c246ea

SHA256
e54ed9dc7bfb42c7f6a83ca1bdbe4e7a0ad05bf86069a9a1aaa205deb80f15dc

SHA512
a650758cefac823ce6c91240c391b9d2aed847e5d1d984b864ed8116e56ad0fdfc8778048bd62dcb31b62dcba81a2b2ab0e13a30fcb6c64f31de408e447478e0

Download Submit
C:\Windows\system\HBNkYsO.exe

Filesize
5.9MB

MD5
2883d333dd620a0355c502b483972ebd

SHA1
a33569937e3c846b21b5e5293480ebcbd6b61d1c

SHA256
6c0e505e5a4d69b4dafa19126e0247b883fcd0f6d60fe8077507d0192e33e2d1

SHA512
1805af21ae72d3088057aa743e940fa8b63eb21424f2f76885bc3b8eefe3fe2505ebdca12cf0a9b5e87158bb98258bc5e6b6639902855d5b5d4b5550ba65b248

Download Submit
C:\Windows\system\HFJnvFO.exe

Filesize
5.9MB

MD5
5df53a2161b55f29edd69ec4c73a17ee

SHA1
182e3ab0da444976ddee2c3aac4d580e4fdc618d

SHA256
c725e79fdb3019f00ee4d069d0a076a28835e75f8fb289ce3f83fdcc25cd0e80

SHA512
b436da3f8013fe35ba6bb3ac8bec0791f6d1111bf4f38405242bff8ebab7b00ca7a6d7dcc16eee7d3ace9798e80c5f6838481f9fe0a64677761778e3c60d068b

Download Submit
C:\Windows\system\ImXKvgx.exe

Filesize
5.9MB

MD5
45584a929e4e1bb3bf3245705247b2ee

SHA1
6fae635d6a10c55a7b1aca2f4bb14f3b88d77312

SHA256
f11f6e665d9ed03ced0eec1d9462b78a1215c0440d1d3fe659a01ffca1997bd4

SHA512
1e3dda8e83441c9cb9df6b9d2e1df36076dec7dedead146943b4c1304e5d41a768b026a51ee6e29905a763d177de691fdcc9ebdd4c0ec4547b434ba6dece4991

Download Submit
C:\Windows\system\IquNCql.exe

Filesize
5.9MB

MD5
e6f576494c0979877ee616fed24abb14

SHA1
191ad2ff78d0e80b738ab334f5e5d5d35ff3b245

SHA256
d965cdf58d3eadfee23454752f4e214f7417a706938d478c7f2bdb6a0d8a483e

SHA512
68445d64ea274b88df368c4f174e12dff39f6fb1d684d0566ba11288eb1ae6660f8b0babd11f6283d12af2ab31858bfa1687c3de380d5b7433eaa6c5804e03a8

Download Submit
C:\Windows\system\KsIbogb.exe

Filesize
5.9MB

MD5
2a4e5ee33e4e9c7df2332cd0c3af35dd

SHA1
5260a7ce095f4187c36de60026a33d0903c0449f

SHA256
2bd4ed2e83d6f5d1b141df43e162947c28b973abc85e9fd76008a109481965e6

SHA512
d845a20193d8687632205d46185fd07ee7ce6836d9ceaefba62326b38da985dbf540e821c64dab4b7b1f28a572123b63b383936c53e57856ff5b890143a56c59

Download Submit
C:\Windows\system\LftNdiY.exe

Filesize
5.9MB

MD5
e4930db37d2c787519aae13782cbbcdb

SHA1
a7d0b40586f7080d8f0a684f073ff7acc29d25e9

SHA256
f8a9cfa884041a60ee7a150b754fff1f3cb16e6f1294f6c5c2bfd3d8c4dbcfa5

SHA512
91a5dd6a26e6b17f726626d41926e4d0e7777667c5654bd87a285087096a12c9e33dfc160b507f03767f931944e5457607fca12fec0d23d43d0d19477236d97c

Download Submit
C:\Windows\system\OxbUANu.exe

Filesize
5.9MB

MD5
e5e94e2c7799cdfa3f0079281e69cea8

SHA1
4861eed1e66f47d5f815ab64538d1b0bff323d1b

SHA256
7191a4477bc016b7096db9b54497af0af8bcbfce4ca27f4c121ac70bb818d962

SHA512
94f96037d505752b48057d0a5a3ee1826265da0e96609dc8630be3cfea597dbfabb3e1a9ed54858df934651e9b127e3233928b88de0c195785972a72b957bd61

Download Submit
C:\Windows\system\QikbzzL.exe

Filesize
5.9MB

MD5
120134e01a829e7de8ffcd22024d7901

SHA1
fefcfaa0659ac566503e6eb5ec0ed97a4def956d

SHA256
c905a961c9d7f2f83d9834b1c6437796482a31be3ab980bf43982e80e72d4927

SHA512
bd3889c7cab0ca2db90b37a52c667934fe2d1474e52a28579dcdc5939dbe5e82d6702d23e051e4fc630d5c6def52555947a3aa4298a6cfac0e33dee9d879ee89

Download Submit
C:\Windows\system\RURsyDi.exe

Filesize
5.9MB

MD5
be8fb1146265118ecf4cb980fa808058

SHA1
3a8d8251e58418e31a258f265a0e5b2aef8cf4a5

SHA256
af7584e3e2298ed5c337531fd41ca9c0a22b237390fa56d8d50a98fd0d23fa62

SHA512
76e526f0a9b1e82ed0d3ed700bd573c1989ee6ea57f9d03f62c6b2a480206361c3e40b8da8dfb40cd5a68ee063dbef38cce012d2d6ebaf65fea78f7a5657351a

Download Submit
C:\Windows\system\SeeOoeu.exe

Filesize
5.9MB

MD5
12b9851c985bccdc9d238151b08934ac

SHA1
55f232957233092b83c89425e722cb79b2cfdc7b

SHA256
4e87dff2256faf1689dd06b8f3f386b3c2af704612be21b030ef27ed58758280

SHA512
6cb1e1322cb67725469f0bf90ec83ead29d34a814b28425ea640318ed2adcce31259a991e11ee206b5513a83fb2f7cfd866fc296be075aa1ea7b24ac96e13c61

Download Submit
C:\Windows\system\UlZPcwn.exe

Filesize
5.9MB

MD5
9a314fe0095b973f9d5fc89a6d09a981

SHA1
00cff22bc4b771c624ae5e236dec8404d5c6d01c

SHA256
dca663559904592f34f3ed2bb5becf7d389053a96606025ffb67dc82d68a302f

SHA512
74001825c842456148049f43567d1563e9209a849675f1ff196e6a45dcbb79294dce728dbb517ab91cca38f5e27838e95673b4da7f309a51b48118d14a434523

Download Submit
C:\Windows\system\WNgWjbW.exe

Filesize
5.9MB

MD5
bd525274cde10e100595f10ac6c9ace8

SHA1
9f82b5594ff8cbf9debde2d38914127a951b52b6

SHA256
07477cbf8e4a850b887c8dfe79d0f000b89e3e9394b4a07db7e97d659e12dd75

SHA512
4f09cf35699be7f594aa8b2f9db06b93295b23cae38ce67c28d0ece4468a97aeed50f017af46be8bbb7ff518c4c3cbf53727bf4b19c00075d92bcfd2b3f2df63

Download Submit
C:\Windows\system\XNYoEWg.exe

Filesize
5.9MB

MD5
32e3f2b131e4f128eb5e0a5b049ec250

SHA1
5ec278e58b4acc3feef4d0bd2b76ecf7a1e51bb9

SHA256
3cd142241112da7eb6abb41a5247949f6107f753607c39494a748d1d39e6c720

SHA512
ad450f595f44a1a884a59ca2bec99d6f571987eb7ee438489a5554bbae8652c29f87cb9b328cc233ca45f0528053d28fd09c95728f381078d8a8f321ab7820ba

Download Submit
C:\Windows\system\XaGxiTw.exe

Filesize
5.9MB

MD5
d670aa1d1d2cace5d105d0b4f3152e86

SHA1
ebba8af5ea0d2ab6ddd9ea129f0e93069bff1785

SHA256
f9e0a5fa665ca31a7900ac7bb6a63628dbac7a9cf9013da1e9b367146af458d2

SHA512
73ef744d2053cac3de1010d04a4166c4c98c6ae4cdd8cbe164bac30d988972d09a5c62b82aeaf61477249c77ae47c8e9f7dde6db01ed3018fdf9fdc8c80a6d51

Download Submit
C:\Windows\system\clwBzyD.exe

Filesize
5.9MB

MD5
609350e7a106c8fcbf5eb97490570d40

SHA1
59e05b70719fe5999381783042eb3a9389061ea0

SHA256
3e9e34ba311e78687b430ec0d8387edb44794fb820e0c3045853defb9c6fb87a

SHA512
f78c0ac1b5842661d819c626d731752e03d2ee24b3efc20914f1b0202b065b36e39f34b233223e7ddd7d374af5119332721f64043817ed269ec3777cebbedcf9

Download Submit
C:\Windows\system\iIjTsRq.exe

Filesize
5.9MB

MD5
dfec0308a2b02dc680f7e3d62c94f2dd

SHA1
3d887033781d6f6c5c9eab302cacc7b08043ed88

SHA256
fef7fa1c8fb39299814ef7a1eff1a39182ed94c86b43b87226e8a3f70d818289

SHA512
1cc6e201aa9cfe5da0ac846789cb47a6949b6cd576e5e7cbaf558e27127ed23d24bdab237a7c05465160eaf69aecee7a346231c0309960efd35b354c1748deff

Download Submit
C:\Windows\system\kdlTYjJ.exe

Filesize
5.9MB

MD5
56046c729aefe2c56818a700b8d44462

SHA1
d17c9d72ce721786bd2d6cc8613270dcd141c91d

SHA256
b1148a0c18aafa3672dac4797bc06f7a48166701d1c0677fda71ecb6a3a744f4

SHA512
1f0b10ae798981cc1cc031558e9f633a417bbca1b5776400f08c33e76be3620af863991b979c89bf04448dbeca98f4d10752297abaae88e9c3186d46425d6425

Download Submit
C:\Windows\system\khvOXTv.exe

Filesize
5.9MB

MD5
d20428bf2fe95137c5e065d5eadad77a

SHA1
d6b5747367aa75a0cfc5ef079b94d56ef697fc1d

SHA256
22e7039baffc6f2b0f01772cf26eef097cc51c88e24b4f3f12e3fed6c6ddd298

SHA512
e338cf7879a68e15e1a1799385ec6f83f144ee99485a30c8827ca240e1c3d377186878241e01d298d2b75f23182734e666e9f02c15d42e01bbfd1b4ced17703f

Download Submit
C:\Windows\system\lQpIGBo.exe

Filesize
5.9MB

MD5
aeb44d2b5c906c481637ec67300da4bc

SHA1
4a8e63db55e50f2ecacb35b1787e597629b12765

SHA256
2174b558e69751dc4f33890c20b26c9ed687c548bc686ad64f731ea6f9051fac

SHA512
57f1cccfa74f857d243b962bd23e0569070ffaff027a503c3dd9fe6aeb6413ad274efb637ca3fdb479741b7737aded63253c3518f4b74f910a7b7a7e01c8ba4e

Download Submit
C:\Windows\system\maDFQAS.exe

Filesize
5.9MB

MD5
04b9fb8a9005491bede98af939d75661

SHA1
7a0a7f9081444a9a83bddf9c31971b4a28b89f0a

SHA256
cfd3b5283b6abea00c01bbf5fad6a22ec5082ab815d0618ea75eef95d2209542

SHA512
33f8568bac9c678901311a17636c0c73be8df0f8e04173e2140452447ea21fee3a1bed6781dafb5d4d42f1c8c3a4e4550a4e7a60ac05f6cb4e78c51e690ffe2b

Download Submit
C:\Windows\system\obBvJRB.exe

Filesize
5.9MB

MD5
c82a8bbdd5255ef94e3486274353de09

SHA1
6f82d11e641df8d91467e5c46533d182f02dc3dd

SHA256
6e198c61181a37309aeca5bf2cde714b5a134eafdb2edc6e27e80079ee5c03e5

SHA512
a730fceb366d9ef7d24431d1f7046149978898baebd9bab2e718384952ed41b4a42dce6233331aff6093f94e2de88bceb449b6f73149b5008d4777fe83f4b8a2

Download Submit
C:\Windows\system\pJQyLoe.exe

Filesize
5.9MB

MD5
07c00240e496193edcd8ed7fe60f9015

SHA1
83231456b611ab72bbcfd04915219e4fbd79bf68

SHA256
b4cdbdf288de987126b2c08f9e8294b1174647d32e44b4d49c71512a55fb6f2c

SHA512
25bca2fa772fdc30bed13870d4758bcdf80e58a67abfbb3fb20f65da8fe29360d362e181e50cc651e646b2003e0795c85588f274305b790096fc37f016df7aa7

Download Submit
C:\Windows\system\rGyeDmh.exe

Filesize
5.9MB

MD5
67ee4bd5aa2ae0515c0b9091b77dceb3

SHA1
d0a47f83832fdb9be45b4ce03d74c6b6405a1c09

SHA256
0edc25d1a9943b34aded76d62fa5effa7711c4e8220052cdea6c152dee561ba1

SHA512
b5b2abe23a331374324b858d07037ef966a443041fb4fa054b00dc3878a67d9a5e4d032147071b32006730dff91fbc8135891cbcfc603d25fb767422ba1413d4

Download Submit
C:\Windows\system\ujgzBOb.exe

Filesize
5.9MB

MD5
9313712e3dd0bbbf2961c7a1dbb74846

SHA1
925374f1a7f4d52ed1080a4d2bb84f1628a1b0ee

SHA256
c65cb9e6d028c6df7055464803dc9be14388933ed372a8d07cf4320bd53530c1

SHA512
482ecc6b5230bbc6aaacbc366520092d2ca4c0a83bde97654983f58bec8adf73889b6cab54f0a02d3351837dbe3674a3202d5429f22c6cb1fb30e85d34344bb8

Download Submit
C:\Windows\system\vDxuqPP.exe

Filesize
5.9MB

MD5
03a9f615f6e7daf4a644b4288776dcfc

SHA1
75eb247a6dd991f42f17b1b26b1d6dee67429734

SHA256
cb056075f59034d943f9ffc7a88110c3995d8be336460ab42e02c6745ee0335a

SHA512
bb7b76fa421e735fdb72d9a5c227565e4fa9e43acf2687a9cca66d8ef4dc44d1fe5cbe140071c71c2e92fe24882f3c39f5d63e39877fc45a58e3fb5ca597e0df

Download Submit
C:\Windows\system\xfMiBES.exe

Filesize
5.9MB

MD5
005e7a019c4e5f0d3356a9ffd579e0d0

SHA1
7c5e8a14d4c2097d7e38d597144f5ee9e9bd0116

SHA256
c0f98e0ca8a3d212068c03fe19163f0c2407c80f568cdb377068a339d837c32e

SHA512
936084983f294a4f6d9de14441c88128f9400037274233a53c48aab36892e439122b1c6db83c835c1793eedba24eae703ea488cd71fcbd288ecd0f48136757eb

Download Submit
\Windows\system\BgrpjoI.exe

Filesize
5.9MB

MD5
923096fd8d8962260d07fc8acd0c2c1e

SHA1
509d32a35333fee7dcda2bc6d24f1831c7d233e5

SHA256
8700ec99c1a62d28590722023f9eb2959c8548d4a2c10b97c70bb670a5fc031e

SHA512
8d238d52b49c190a1c6d05833da4bf315e072467e933e588e38cee629aa471946601bbddf3cb4aadf252ed94ec92248deaa5610db3a42f17604cf10088f92174

Download Submit
\Windows\system\PBhFzRe.exe

Filesize
5.9MB

MD5
3380d77012064f60fd6207c5901efaac

SHA1
7a555db67c28263bd609621fa74ba728d34ecc42

SHA256
60d8d57332d0bbe8ebff06463e609f63717af04fd88a8175f7996f74045f4e6f

SHA512
6e0ad7a7cd4e0071b7cbb0994fe4880df64f7c71c29dfaaebea64b7e7cbbd38f3c8d928d3611373f3d3f2ebb56fbdeb683d1ca747639c7789051bf7dfaa2b0c4

Download Submit
\Windows\system\PXvlRQW.exe

Filesize
5.9MB

MD5
4584b80cdb962a2287d60d638720eb99

SHA1
bdcf66279f26ba099bb892e18fce249701cccb91

SHA256
8b1ee29216c5a542f182fb6eb9a168d07bf4732e7a4ec0d37dabe6df39b3f5e9

SHA512
2b1e725ed49909aa7a133488b928b96a3d5e0245a8306a67be055f4591b8c032eae25304ab259c459b4d060d5710204f230fe054f9e81ea226be3677c0f5efb8

Download Submit
memory/572-71-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/572-2989-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/600-249-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/600-2981-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/600-77-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-90-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1028-549-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2997-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1032-41-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-11-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2878-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-61-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2880-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2104-30-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2128-83-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2991-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2128-382-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2568-66-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3001-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2986-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2708-59-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2993-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-97-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-698-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-19-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2877-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2832-53-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2999-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2872-51-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2904-100-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-93-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-62-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2904-68-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2904-47-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2904-615-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-828-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-464-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2904-40-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-38-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-35-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-25-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2904-17-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-16-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2904-6-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-80-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2904-86-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2904-87-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2904-306-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2904-101-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-57-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2904-94-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2988-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2912-45-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2889-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-21-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-54-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2883-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-43-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-74-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download