cobaltstrike | 410c8df6170489cca3615a9bbb7a4a56b26e3aced1aed0868120c27b4d171e96

Analysis

max time kernel
130s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

517b5b00c2c77af5178e2d6ffc6c4a6b
SHA1

611b16addcf60f427b277ca4c783907b61743ee7
SHA256

410c8df6170489cca3615a9bbb7a4a56b26e3aced1aed0868120c27b4d171e96
SHA512

d86a8160a464c6996094c061fad9376179e9e01677af728d73925f1b1a2ac5b24904afc7e40e633af1c968953800826b7c40990fe66dee0b649a9b8b14d6730f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/296-0-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/memory/2748-8-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000800000001706d-19.dat	xmrig
behavioral1/files/0x0008000000016ea4-12.dat	xmrig
behavioral1/memory/2708-22-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00070000000173da-26.dat	xmrig
behavioral1/memory/2828-28-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f1-32.dat	xmrig
behavioral1/memory/2836-34-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3060-51-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x00070000000191d4-56.dat	xmrig
behavioral1/memory/620-58-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2432-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1380-95-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-119.dat	xmrig
behavioral1/files/0x0005000000019426-161.dat	xmrig
behavioral1/files/0x000500000001946b-195.dat	xmrig
behavioral1/memory/296-874-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1620-875-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1380-659-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019458-185.dat	xmrig
behavioral1/files/0x0005000000019442-170.dat	xmrig
behavioral1/files/0x000500000001945c-188.dat	xmrig
behavioral1/files/0x000500000001944d-176.dat	xmrig
behavioral1/files/0x0005000000019438-168.dat	xmrig
behavioral1/files/0x0005000000019423-159.dat	xmrig
behavioral1/files/0x00050000000193a5-154.dat	xmrig
behavioral1/files/0x000500000001937b-144.dat	xmrig
behavioral1/files/0x0005000000019397-149.dat	xmrig
behavioral1/files/0x000500000001936b-139.dat	xmrig
behavioral1/files/0x0005000000019356-134.dat	xmrig
behavioral1/files/0x000500000001928c-125.dat	xmrig
behavioral1/files/0x0005000000019353-129.dat	xmrig
behavioral1/files/0x0005000000019266-114.dat	xmrig
behavioral1/files/0x0005000000019263-107.dat	xmrig
behavioral1/memory/1620-102-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/620-100-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-99.dat	xmrig
behavioral1/files/0x0005000000019256-93.dat	xmrig
behavioral1/memory/2984-90-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2576-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019244-85.dat	xmrig
behavioral1/files/0x00050000000191ff-84.dat	xmrig
behavioral1/memory/1976-82-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/296-81-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2836-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2064-70-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001922c-74.dat	xmrig
behavioral1/memory/2828-65-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x002d000000016dbe-62.dat	xmrig
behavioral1/memory/2752-52-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2576-42-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x00070000000173fc-48.dat	xmrig
behavioral1/memory/296-40-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f4-39.dat	xmrig
behavioral1/memory/2752-17-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2748-3070-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2752-3071-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2836-3112-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3060-3109-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2576-3108-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1976-3141-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2064-3139-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	ogwHKDW.exe
2752	IPSdjDO.exe
2708	Ojfptkx.exe
2828	OGjcEsD.exe
2836	prjirFF.exe
2576	TXRhfjv.exe
3060	GtQcYOP.exe
620	TXnzgLb.exe
2064	priFjnk.exe
1976	eCjBqNH.exe
2432	zOuKtQU.exe
2984	mNKDmTp.exe
1380	UVOVfrZ.exe
1620	IqJyWvj.exe
1364	jVdxnKz.exe
1044	CdDnsAC.exe
264	HWzZIPn.exe
2060	SBLIijz.exe
1820	evKIvFa.exe
1952	ATaGkOp.exe
2144	BcfWAsg.exe
1128	jqjHhsH.exe
2380	gWUiOjn.exe
1468	FfapINd.exe
2152	NCBXceB.exe
2132	tbhmNTY.exe
1960	YeSMnPX.exe
1224	UKaMZYG.exe
1792	xOUZlhS.exe
2512	yQJiahu.exe
1768	kGfuKqb.exe
964	SGCSuUI.exe
1752	CuJALKq.exe
1764	oylQrHB.exe
1812	qqMfnFT.exe
2928	VdRpyNi.exe
1512	VUHgzXi.exe
1772	cyzSCjj.exe
1968	kOorNSw.exe
2480	UzQYjgj.exe
1588	MGsblDJ.exe
2460	OiyUFVr.exe
2488	IgalOaN.exe
2396	MKAprrJ.exe
3012	YZMvPQG.exe
1940	lYEkgrK.exe
2108	MmRKVqD.exe
2428	RijaevX.exe
892	gpfeEGw.exe
2452	qIImBul.exe
1744	SNAGgad.exe
2484	nMXnccA.exe
1844	FiLekXr.exe
2764	yWhGADD.exe
2832	BFiEkkN.exe
2668	TicSZVN.exe
2768	SwbxfUx.exe
2372	TaiRSDX.exe
2068	WZoyDaT.exe
3036	QETULrT.exe
648	cQLMhsy.exe
1432	uoBHMlE.exe
2888	vGYztJG.exe
1740	KHdWHdh.exe

Loads dropped DLL 64 IoCs

pid	Process
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/296-0-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/memory/2748-8-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000800000001706d-19.dat	upx
behavioral1/files/0x0008000000016ea4-12.dat	upx
behavioral1/memory/2708-22-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00070000000173da-26.dat	upx
behavioral1/memory/2828-28-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00070000000173f1-32.dat	upx
behavioral1/memory/2836-34-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/3060-51-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x00070000000191d4-56.dat	upx
behavioral1/memory/620-58-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2432-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1380-95-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0005000000019284-119.dat	upx
behavioral1/files/0x0005000000019426-161.dat	upx
behavioral1/files/0x000500000001946b-195.dat	upx
behavioral1/memory/1620-875-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1380-659-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0005000000019458-185.dat	upx
behavioral1/files/0x0005000000019442-170.dat	upx
behavioral1/files/0x000500000001945c-188.dat	upx
behavioral1/files/0x000500000001944d-176.dat	upx
behavioral1/files/0x0005000000019438-168.dat	upx
behavioral1/files/0x0005000000019423-159.dat	upx
behavioral1/files/0x00050000000193a5-154.dat	upx
behavioral1/files/0x000500000001937b-144.dat	upx
behavioral1/files/0x0005000000019397-149.dat	upx
behavioral1/files/0x000500000001936b-139.dat	upx
behavioral1/files/0x0005000000019356-134.dat	upx
behavioral1/files/0x000500000001928c-125.dat	upx
behavioral1/files/0x0005000000019353-129.dat	upx
behavioral1/files/0x0005000000019266-114.dat	upx
behavioral1/files/0x0005000000019263-107.dat	upx
behavioral1/memory/1620-102-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/620-100-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0005000000019259-99.dat	upx
behavioral1/files/0x0005000000019256-93.dat	upx
behavioral1/memory/2984-90-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2576-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0005000000019244-85.dat	upx
behavioral1/files/0x00050000000191ff-84.dat	upx
behavioral1/memory/1976-82-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2836-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2064-70-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000500000001922c-74.dat	upx
behavioral1/memory/2828-65-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x002d000000016dbe-62.dat	upx
behavioral1/memory/2752-52-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2576-42-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x00070000000173fc-48.dat	upx
behavioral1/memory/296-40-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x00070000000173f4-39.dat	upx
behavioral1/memory/2752-17-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2748-3070-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2752-3071-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2836-3112-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/3060-3109-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2576-3108-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1976-3141-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2064-3139-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/620-3130-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2828-3104-0x000000013FF00000-0x0000000140254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kLFairk.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BUxpays.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\klgJjig.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GnZjZvb.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OjtnLPw.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cyDvAAh.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cWRcJEs.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LhYEmlv.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EAwqXcL.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UewUqau.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oRULndS.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Kirtpgf.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EjZfspP.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aVPEJYt.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BxoFgTs.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aWdTpxR.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PIAclGb.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\txXAySw.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EHxnmXE.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fCSkvGO.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RqVybbU.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oFqDEIV.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BeDqnoZ.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\arOzWad.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GAAiDly.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FqvZJAq.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nCCQEVH.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JlzkOQr.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZfbAruL.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nJWLyNU.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dwdReMZ.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XViOoCE.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WcodMWx.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VwUCxwl.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oBTdZQh.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uzrLLgo.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sAcKUHc.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LrDcAxt.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CgSAGrF.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XIOADSR.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YkBSZED.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gMsbUCP.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lDGkMem.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\obWXzUN.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ExGCJig.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RQiEnMX.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dNangkz.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HTsbYvo.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pQrYEeS.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JoDoNDQ.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jLcMETW.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\quODQjV.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lRhQRME.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zMzNfgS.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\toOzspX.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mhlqmci.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yqrgSkN.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JeobuWZ.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KZhJebv.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dxaLIhz.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RdJSIXC.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QDAzHdh.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NHBpMeN.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FwrWprR.exe	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 296 wrote to memory of 2748	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 296 wrote to memory of 2748	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 296 wrote to memory of 2748	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 296 wrote to memory of 2752	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 296 wrote to memory of 2752	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 296 wrote to memory of 2752	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 296 wrote to memory of 2708	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 296 wrote to memory of 2708	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 296 wrote to memory of 2708	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 296 wrote to memory of 2828	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 296 wrote to memory of 2828	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 296 wrote to memory of 2828	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 296 wrote to memory of 2836	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 296 wrote to memory of 2836	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 296 wrote to memory of 2836	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 296 wrote to memory of 2576	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 296 wrote to memory of 2576	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 296 wrote to memory of 2576	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 296 wrote to memory of 3060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 296 wrote to memory of 3060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 296 wrote to memory of 3060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 296 wrote to memory of 620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 296 wrote to memory of 620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 296 wrote to memory of 620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 296 wrote to memory of 2064	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 296 wrote to memory of 2064	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 296 wrote to memory of 2064	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 296 wrote to memory of 2432	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 296 wrote to memory of 2432	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 296 wrote to memory of 2432	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 296 wrote to memory of 1976	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 296 wrote to memory of 1976	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 296 wrote to memory of 1976	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 296 wrote to memory of 2984	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 296 wrote to memory of 2984	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 296 wrote to memory of 2984	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 296 wrote to memory of 1380	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 296 wrote to memory of 1380	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 296 wrote to memory of 1380	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 296 wrote to memory of 1620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 296 wrote to memory of 1620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 296 wrote to memory of 1620	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 296 wrote to memory of 1364	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 296 wrote to memory of 1364	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 296 wrote to memory of 1364	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 296 wrote to memory of 1044	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 296 wrote to memory of 1044	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 296 wrote to memory of 1044	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 296 wrote to memory of 264	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 296 wrote to memory of 264	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 296 wrote to memory of 264	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 296 wrote to memory of 2060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 296 wrote to memory of 2060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 296 wrote to memory of 2060	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 296 wrote to memory of 1820	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 296 wrote to memory of 1820	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 296 wrote to memory of 1820	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 296 wrote to memory of 1952	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 296 wrote to memory of 1952	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 296 wrote to memory of 1952	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 296 wrote to memory of 2144	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 296 wrote to memory of 2144	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 296 wrote to memory of 2144	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 296 wrote to memory of 1128	296	2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_517b5b00c2c77af5178e2d6ffc6c4a6b_amadey_cobalt-strike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:296
- C:\Windows\System\ogwHKDW.exe
  C:\Windows\System\ogwHKDW.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\IPSdjDO.exe
  C:\Windows\System\IPSdjDO.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\Ojfptkx.exe
  C:\Windows\System\Ojfptkx.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OGjcEsD.exe
  C:\Windows\System\OGjcEsD.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\prjirFF.exe
  C:\Windows\System\prjirFF.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\TXRhfjv.exe
  C:\Windows\System\TXRhfjv.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\GtQcYOP.exe
  C:\Windows\System\GtQcYOP.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\TXnzgLb.exe
  C:\Windows\System\TXnzgLb.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\priFjnk.exe
  C:\Windows\System\priFjnk.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zOuKtQU.exe
  C:\Windows\System\zOuKtQU.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\eCjBqNH.exe
  C:\Windows\System\eCjBqNH.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\mNKDmTp.exe
  C:\Windows\System\mNKDmTp.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\UVOVfrZ.exe
  C:\Windows\System\UVOVfrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\IqJyWvj.exe
  C:\Windows\System\IqJyWvj.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\jVdxnKz.exe
  C:\Windows\System\jVdxnKz.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\CdDnsAC.exe
  C:\Windows\System\CdDnsAC.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\HWzZIPn.exe
  C:\Windows\System\HWzZIPn.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\SBLIijz.exe
  C:\Windows\System\SBLIijz.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\evKIvFa.exe
  C:\Windows\System\evKIvFa.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\ATaGkOp.exe
  C:\Windows\System\ATaGkOp.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\BcfWAsg.exe
  C:\Windows\System\BcfWAsg.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\jqjHhsH.exe
  C:\Windows\System\jqjHhsH.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\gWUiOjn.exe
  C:\Windows\System\gWUiOjn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\FfapINd.exe
  C:\Windows\System\FfapINd.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\NCBXceB.exe
  C:\Windows\System\NCBXceB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\YeSMnPX.exe
  C:\Windows\System\YeSMnPX.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\tbhmNTY.exe
  C:\Windows\System\tbhmNTY.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\xOUZlhS.exe
  C:\Windows\System\xOUZlhS.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UKaMZYG.exe
  C:\Windows\System\UKaMZYG.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\yQJiahu.exe
  C:\Windows\System\yQJiahu.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\kGfuKqb.exe
  C:\Windows\System\kGfuKqb.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\SGCSuUI.exe
  C:\Windows\System\SGCSuUI.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\CuJALKq.exe
  C:\Windows\System\CuJALKq.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\oylQrHB.exe
  C:\Windows\System\oylQrHB.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\qqMfnFT.exe
  C:\Windows\System\qqMfnFT.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\VUHgzXi.exe
  C:\Windows\System\VUHgzXi.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\VdRpyNi.exe
  C:\Windows\System\VdRpyNi.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\cyzSCjj.exe
  C:\Windows\System\cyzSCjj.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\kOorNSw.exe
  C:\Windows\System\kOorNSw.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\MGsblDJ.exe
  C:\Windows\System\MGsblDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\UzQYjgj.exe
  C:\Windows\System\UzQYjgj.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OiyUFVr.exe
  C:\Windows\System\OiyUFVr.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IgalOaN.exe
  C:\Windows\System\IgalOaN.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\YZMvPQG.exe
  C:\Windows\System\YZMvPQG.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\MKAprrJ.exe
  C:\Windows\System\MKAprrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\lYEkgrK.exe
  C:\Windows\System\lYEkgrK.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\MmRKVqD.exe
  C:\Windows\System\MmRKVqD.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\qIImBul.exe
  C:\Windows\System\qIImBul.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\RijaevX.exe
  C:\Windows\System\RijaevX.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\SNAGgad.exe
  C:\Windows\System\SNAGgad.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\gpfeEGw.exe
  C:\Windows\System\gpfeEGw.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\nMXnccA.exe
  C:\Windows\System\nMXnccA.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\FiLekXr.exe
  C:\Windows\System\FiLekXr.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\TicSZVN.exe
  C:\Windows\System\TicSZVN.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\yWhGADD.exe
  C:\Windows\System\yWhGADD.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\SwbxfUx.exe
  C:\Windows\System\SwbxfUx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\BFiEkkN.exe
  C:\Windows\System\BFiEkkN.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\WZoyDaT.exe
  C:\Windows\System\WZoyDaT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\TaiRSDX.exe
  C:\Windows\System\TaiRSDX.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\uoBHMlE.exe
  C:\Windows\System\uoBHMlE.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\QETULrT.exe
  C:\Windows\System\QETULrT.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\vGYztJG.exe
  C:\Windows\System\vGYztJG.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\cQLMhsy.exe
  C:\Windows\System\cQLMhsy.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\KHdWHdh.exe
  C:\Windows\System\KHdWHdh.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\thOzGYy.exe
  C:\Windows\System\thOzGYy.exe
  2⤵
  PID:1052
- C:\Windows\System\SpmGEZe.exe
  C:\Windows\System\SpmGEZe.exe
  2⤵
  PID:108
- C:\Windows\System\AhgkywH.exe
  C:\Windows\System\AhgkywH.exe
  2⤵
  PID:1688
- C:\Windows\System\sfcCUag.exe
  C:\Windows\System\sfcCUag.exe
  2⤵
  PID:568
- C:\Windows\System\WjEOFFj.exe
  C:\Windows\System\WjEOFFj.exe
  2⤵
  PID:2188
- C:\Windows\System\pMNrUPk.exe
  C:\Windows\System\pMNrUPk.exe
  2⤵
  PID:2088
- C:\Windows\System\FGMVAiH.exe
  C:\Windows\System\FGMVAiH.exe
  2⤵
  PID:1856
- C:\Windows\System\WYPFFbX.exe
  C:\Windows\System\WYPFFbX.exe
  2⤵
  PID:1796
- C:\Windows\System\sdwEHWh.exe
  C:\Windows\System\sdwEHWh.exe
  2⤵
  PID:2356
- C:\Windows\System\EwqPnEM.exe
  C:\Windows\System\EwqPnEM.exe
  2⤵
  PID:1300
- C:\Windows\System\oAzYLrn.exe
  C:\Windows\System\oAzYLrn.exe
  2⤵
  PID:1692
- C:\Windows\System\pobCtkE.exe
  C:\Windows\System\pobCtkE.exe
  2⤵
  PID:1836
- C:\Windows\System\DrFiVoJ.exe
  C:\Windows\System\DrFiVoJ.exe
  2⤵
  PID:2036
- C:\Windows\System\bzgmRTq.exe
  C:\Windows\System\bzgmRTq.exe
  2⤵
  PID:792
- C:\Windows\System\mQUwcZZ.exe
  C:\Windows\System\mQUwcZZ.exe
  2⤵
  PID:1988
- C:\Windows\System\GAAiDly.exe
  C:\Windows\System\GAAiDly.exe
  2⤵
  PID:2404
- C:\Windows\System\dYuRwlo.exe
  C:\Windows\System\dYuRwlo.exe
  2⤵
  PID:1444
- C:\Windows\System\zXLKVfG.exe
  C:\Windows\System\zXLKVfG.exe
  2⤵
  PID:1028
- C:\Windows\System\iVlKohB.exe
  C:\Windows\System\iVlKohB.exe
  2⤵
  PID:3032
- C:\Windows\System\RuGaRsD.exe
  C:\Windows\System\RuGaRsD.exe
  2⤵
  PID:2760
- C:\Windows\System\hgbNHkE.exe
  C:\Windows\System\hgbNHkE.exe
  2⤵
  PID:2492
- C:\Windows\System\dsAuJVs.exe
  C:\Windows\System\dsAuJVs.exe
  2⤵
  PID:1800
- C:\Windows\System\CQvVqxY.exe
  C:\Windows\System\CQvVqxY.exe
  2⤵
  PID:2588
- C:\Windows\System\PVqcTbf.exe
  C:\Windows\System\PVqcTbf.exe
  2⤵
  PID:1632
- C:\Windows\System\hquHhny.exe
  C:\Windows\System\hquHhny.exe
  2⤵
  PID:596
- C:\Windows\System\eDTXQla.exe
  C:\Windows\System\eDTXQla.exe
  2⤵
  PID:2724
- C:\Windows\System\wzuqBNM.exe
  C:\Windows\System\wzuqBNM.exe
  2⤵
  PID:1680
- C:\Windows\System\PfUFoxu.exe
  C:\Windows\System\PfUFoxu.exe
  2⤵
  PID:592
- C:\Windows\System\ydRSVAk.exe
  C:\Windows\System\ydRSVAk.exe
  2⤵
  PID:3064
- C:\Windows\System\rIHfyEz.exe
  C:\Windows\System\rIHfyEz.exe
  2⤵
  PID:2220
- C:\Windows\System\sWDpnrp.exe
  C:\Windows\System\sWDpnrp.exe
  2⤵
  PID:3048
- C:\Windows\System\cceJdmS.exe
  C:\Windows\System\cceJdmS.exe
  2⤵
  PID:2444
- C:\Windows\System\nzsuwkJ.exe
  C:\Windows\System\nzsuwkJ.exe
  2⤵
  PID:2900
- C:\Windows\System\CgSAGrF.exe
  C:\Windows\System\CgSAGrF.exe
  2⤵
  PID:1368
- C:\Windows\System\xNPauTc.exe
  C:\Windows\System\xNPauTc.exe
  2⤵
  PID:1996
- C:\Windows\System\GddIwSF.exe
  C:\Windows\System\GddIwSF.exe
  2⤵
  PID:1084
- C:\Windows\System\UUKxUpM.exe
  C:\Windows\System\UUKxUpM.exe
  2⤵
  PID:2340
- C:\Windows\System\iLjbYXR.exe
  C:\Windows\System\iLjbYXR.exe
  2⤵
  PID:2268
- C:\Windows\System\xMnlExU.exe
  C:\Windows\System\xMnlExU.exe
  2⤵
  PID:2520
- C:\Windows\System\UAaZHhI.exe
  C:\Windows\System\UAaZHhI.exe
  2⤵
  PID:1596
- C:\Windows\System\FftUuxK.exe
  C:\Windows\System\FftUuxK.exe
  2⤵
  PID:3020
- C:\Windows\System\mgSTfZb.exe
  C:\Windows\System\mgSTfZb.exe
  2⤵
  PID:2804
- C:\Windows\System\doKdoRy.exe
  C:\Windows\System\doKdoRy.exe
  2⤵
  PID:2260
- C:\Windows\System\hWobNsh.exe
  C:\Windows\System\hWobNsh.exe
  2⤵
  PID:1240
- C:\Windows\System\sBFCTez.exe
  C:\Windows\System\sBFCTez.exe
  2⤵
  PID:1900
- C:\Windows\System\eHqhCWW.exe
  C:\Windows\System\eHqhCWW.exe
  2⤵
  PID:916
- C:\Windows\System\TBIXbXL.exe
  C:\Windows\System\TBIXbXL.exe
  2⤵
  PID:776
- C:\Windows\System\lhMGcTO.exe
  C:\Windows\System\lhMGcTO.exe
  2⤵
  PID:2960
- C:\Windows\System\Pgnxbul.exe
  C:\Windows\System\Pgnxbul.exe
  2⤵
  PID:2084
- C:\Windows\System\UsqXZQf.exe
  C:\Windows\System\UsqXZQf.exe
  2⤵
  PID:2124
- C:\Windows\System\JETsPzF.exe
  C:\Windows\System\JETsPzF.exe
  2⤵
  PID:3092
- C:\Windows\System\EvrWPKw.exe
  C:\Windows\System\EvrWPKw.exe
  2⤵
  PID:3108
- C:\Windows\System\QZTqMjL.exe
  C:\Windows\System\QZTqMjL.exe
  2⤵
  PID:3128
- C:\Windows\System\FEZHazL.exe
  C:\Windows\System\FEZHazL.exe
  2⤵
  PID:3144
- C:\Windows\System\aiuxHFs.exe
  C:\Windows\System\aiuxHFs.exe
  2⤵
  PID:3168
- C:\Windows\System\yjoHIfa.exe
  C:\Windows\System\yjoHIfa.exe
  2⤵
  PID:3184
- C:\Windows\System\UOKsvQt.exe
  C:\Windows\System\UOKsvQt.exe
  2⤵
  PID:3204
- C:\Windows\System\fhMTUNG.exe
  C:\Windows\System\fhMTUNG.exe
  2⤵
  PID:3220
- C:\Windows\System\kRqfSEk.exe
  C:\Windows\System\kRqfSEk.exe
  2⤵
  PID:3240
- C:\Windows\System\tHLrXHs.exe
  C:\Windows\System\tHLrXHs.exe
  2⤵
  PID:3272
- C:\Windows\System\YYwZhkY.exe
  C:\Windows\System\YYwZhkY.exe
  2⤵
  PID:3296
- C:\Windows\System\WcodMWx.exe
  C:\Windows\System\WcodMWx.exe
  2⤵
  PID:3316
- C:\Windows\System\RIYdfya.exe
  C:\Windows\System\RIYdfya.exe
  2⤵
  PID:3336
- C:\Windows\System\MRdGjbP.exe
  C:\Windows\System\MRdGjbP.exe
  2⤵
  PID:3352
- C:\Windows\System\FtycZnW.exe
  C:\Windows\System\FtycZnW.exe
  2⤵
  PID:3372
- C:\Windows\System\RPFdxHc.exe
  C:\Windows\System\RPFdxHc.exe
  2⤵
  PID:3392
- C:\Windows\System\hqYPDTP.exe
  C:\Windows\System\hqYPDTP.exe
  2⤵
  PID:3416
- C:\Windows\System\xLKuCCM.exe
  C:\Windows\System\xLKuCCM.exe
  2⤵
  PID:3432
- C:\Windows\System\twlowAy.exe
  C:\Windows\System\twlowAy.exe
  2⤵
  PID:3452
- C:\Windows\System\WxiCDgY.exe
  C:\Windows\System\WxiCDgY.exe
  2⤵
  PID:3468
- C:\Windows\System\xRFMRwG.exe
  C:\Windows\System\xRFMRwG.exe
  2⤵
  PID:3488
- C:\Windows\System\ePiqhiQ.exe
  C:\Windows\System\ePiqhiQ.exe
  2⤵
  PID:3504
- C:\Windows\System\rCsHhik.exe
  C:\Windows\System\rCsHhik.exe
  2⤵
  PID:3524
- C:\Windows\System\bkVcxsY.exe
  C:\Windows\System\bkVcxsY.exe
  2⤵
  PID:3540
- C:\Windows\System\knChMyp.exe
  C:\Windows\System\knChMyp.exe
  2⤵
  PID:3560
- C:\Windows\System\NrZlWnT.exe
  C:\Windows\System\NrZlWnT.exe
  2⤵
  PID:3576
- C:\Windows\System\QXsVWeR.exe
  C:\Windows\System\QXsVWeR.exe
  2⤵
  PID:3596
- C:\Windows\System\OEpnOlZ.exe
  C:\Windows\System\OEpnOlZ.exe
  2⤵
  PID:3632
- C:\Windows\System\iXnffjW.exe
  C:\Windows\System\iXnffjW.exe
  2⤵
  PID:3648
- C:\Windows\System\nvcLGeg.exe
  C:\Windows\System\nvcLGeg.exe
  2⤵
  PID:3668
- C:\Windows\System\DJXGWSX.exe
  C:\Windows\System\DJXGWSX.exe
  2⤵
  PID:3684
- C:\Windows\System\mTSCUnK.exe
  C:\Windows\System\mTSCUnK.exe
  2⤵
  PID:3704
- C:\Windows\System\VtaHtQY.exe
  C:\Windows\System\VtaHtQY.exe
  2⤵
  PID:3720
- C:\Windows\System\BOHIAbt.exe
  C:\Windows\System\BOHIAbt.exe
  2⤵
  PID:3744
- C:\Windows\System\eSSDDIc.exe
  C:\Windows\System\eSSDDIc.exe
  2⤵
  PID:3764
- C:\Windows\System\IKKxcPb.exe
  C:\Windows\System\IKKxcPb.exe
  2⤵
  PID:3780
- C:\Windows\System\LVfFEdM.exe
  C:\Windows\System\LVfFEdM.exe
  2⤵
  PID:3800
- C:\Windows\System\XatOKtK.exe
  C:\Windows\System\XatOKtK.exe
  2⤵
  PID:3816
- C:\Windows\System\CeUQHei.exe
  C:\Windows\System\CeUQHei.exe
  2⤵
  PID:3836
- C:\Windows\System\FqvZJAq.exe
  C:\Windows\System\FqvZJAq.exe
  2⤵
  PID:3852
- C:\Windows\System\ogKQamS.exe
  C:\Windows\System\ogKQamS.exe
  2⤵
  PID:3872
- C:\Windows\System\AgkCNKi.exe
  C:\Windows\System\AgkCNKi.exe
  2⤵
  PID:3888
- C:\Windows\System\jSnGFXf.exe
  C:\Windows\System\jSnGFXf.exe
  2⤵
  PID:3908
- C:\Windows\System\MrdBAgm.exe
  C:\Windows\System\MrdBAgm.exe
  2⤵
  PID:3924
- C:\Windows\System\RCIMRdF.exe
  C:\Windows\System\RCIMRdF.exe
  2⤵
  PID:3940
- C:\Windows\System\RQFyVUl.exe
  C:\Windows\System\RQFyVUl.exe
  2⤵
  PID:3956
- C:\Windows\System\MTMlovq.exe
  C:\Windows\System\MTMlovq.exe
  2⤵
  PID:3980
- C:\Windows\System\PnHTZHJ.exe
  C:\Windows\System\PnHTZHJ.exe
  2⤵
  PID:3996
- C:\Windows\System\XSJcVvq.exe
  C:\Windows\System\XSJcVvq.exe
  2⤵
  PID:4012
- C:\Windows\System\AdTWyPm.exe
  C:\Windows\System\AdTWyPm.exe
  2⤵
  PID:4036
- C:\Windows\System\vENlzPw.exe
  C:\Windows\System\vENlzPw.exe
  2⤵
  PID:4056
- C:\Windows\System\LYwgUlf.exe
  C:\Windows\System\LYwgUlf.exe
  2⤵
  PID:1340
- C:\Windows\System\DNrUcpf.exe
  C:\Windows\System\DNrUcpf.exe
  2⤵
  PID:1736
- C:\Windows\System\SwuxGyL.exe
  C:\Windows\System\SwuxGyL.exe
  2⤵
  PID:2112
- C:\Windows\System\aXQzjpd.exe
  C:\Windows\System\aXQzjpd.exe
  2⤵
  PID:2464
- C:\Windows\System\EzcFBQA.exe
  C:\Windows\System\EzcFBQA.exe
  2⤵
  PID:532
- C:\Windows\System\MSlzNPR.exe
  C:\Windows\System\MSlzNPR.exe
  2⤵
  PID:2776
- C:\Windows\System\vPkyZOn.exe
  C:\Windows\System\vPkyZOn.exe
  2⤵
  PID:3104
- C:\Windows\System\OBldfua.exe
  C:\Windows\System\OBldfua.exe
  2⤵
  PID:3180
- C:\Windows\System\bGBueGU.exe
  C:\Windows\System\bGBueGU.exe
  2⤵
  PID:640
- C:\Windows\System\XrJwrli.exe
  C:\Windows\System\XrJwrli.exe
  2⤵
  PID:3088
- C:\Windows\System\GXYFDXs.exe
  C:\Windows\System\GXYFDXs.exe
  2⤵
  PID:3268
- C:\Windows\System\pxREaDG.exe
  C:\Windows\System\pxREaDG.exe
  2⤵
  PID:3304
- C:\Windows\System\AZjSSNV.exe
  C:\Windows\System\AZjSSNV.exe
  2⤵
  PID:3380
- C:\Windows\System\RQiEnMX.exe
  C:\Windows\System\RQiEnMX.exe
  2⤵
  PID:3428
- C:\Windows\System\ZadyrqX.exe
  C:\Windows\System\ZadyrqX.exe
  2⤵
  PID:3496
- C:\Windows\System\chNFLrY.exe
  C:\Windows\System\chNFLrY.exe
  2⤵
  PID:3568
- C:\Windows\System\sWEEmih.exe
  C:\Windows\System\sWEEmih.exe
  2⤵
  PID:3612
- C:\Windows\System\GVQpkPk.exe
  C:\Windows\System\GVQpkPk.exe
  2⤵
  PID:3620
- C:\Windows\System\PsggwfY.exe
  C:\Windows\System\PsggwfY.exe
  2⤵
  PID:3700
- C:\Windows\System\XwONRiF.exe
  C:\Windows\System\XwONRiF.exe
  2⤵
  PID:3740
- C:\Windows\System\NWLiBfv.exe
  C:\Windows\System\NWLiBfv.exe
  2⤵
  PID:3808
- C:\Windows\System\nZyXrZK.exe
  C:\Windows\System\nZyXrZK.exe
  2⤵
  PID:3156
- C:\Windows\System\cuKIzTv.exe
  C:\Windows\System\cuKIzTv.exe
  2⤵
  PID:3884
- C:\Windows\System\eindzVx.exe
  C:\Windows\System\eindzVx.exe
  2⤵
  PID:3192
- C:\Windows\System\ZktLFBM.exe
  C:\Windows\System\ZktLFBM.exe
  2⤵
  PID:3084
- C:\Windows\System\OAFDGtw.exe
  C:\Windows\System\OAFDGtw.exe
  2⤵
  PID:3236
- C:\Windows\System\TwDEXAL.exe
  C:\Windows\System\TwDEXAL.exe
  2⤵
  PID:3292
- C:\Windows\System\iFiJVYB.exe
  C:\Windows\System\iFiJVYB.exe
  2⤵
  PID:3584
- C:\Windows\System\TMQwPwr.exe
  C:\Windows\System\TMQwPwr.exe
  2⤵
  PID:3476
- C:\Windows\System\sbHMNJT.exe
  C:\Windows\System\sbHMNJT.exe
  2⤵
  PID:4024
- C:\Windows\System\vjxuKob.exe
  C:\Windows\System\vjxuKob.exe
  2⤵
  PID:4092
- C:\Windows\System\abMIujq.exe
  C:\Windows\System\abMIujq.exe
  2⤵
  PID:4072
- C:\Windows\System\wGYdrro.exe
  C:\Windows\System\wGYdrro.exe
  2⤵
  PID:1508
- C:\Windows\System\YBAydjF.exe
  C:\Windows\System\YBAydjF.exe
  2⤵
  PID:772
- C:\Windows\System\BPkKSRO.exe
  C:\Windows\System\BPkKSRO.exe
  2⤵
  PID:3216
- C:\Windows\System\mMpQFAe.exe
  C:\Windows\System\mMpQFAe.exe
  2⤵
  PID:3256
- C:\Windows\System\xeHDLfO.exe
  C:\Windows\System\xeHDLfO.exe
  2⤵
  PID:3832
- C:\Windows\System\CANEybY.exe
  C:\Windows\System\CANEybY.exe
  2⤵
  PID:3796
- C:\Windows\System\YGIOJIN.exe
  C:\Windows\System\YGIOJIN.exe
  2⤵
  PID:3896
- C:\Windows\System\bwpskzT.exe
  C:\Windows\System\bwpskzT.exe
  2⤵
  PID:3964
- C:\Windows\System\BlmlKQb.exe
  C:\Windows\System\BlmlKQb.exe
  2⤵
  PID:4048
- C:\Windows\System\aGofMNK.exe
  C:\Windows\System\aGofMNK.exe
  2⤵
  PID:3716
- C:\Windows\System\vNLHFye.exe
  C:\Windows\System\vNLHFye.exe
  2⤵
  PID:3464
- C:\Windows\System\lKhbOEW.exe
  C:\Windows\System\lKhbOEW.exe
  2⤵
  PID:3656
- C:\Windows\System\jVEpTSE.exe
  C:\Windows\System\jVEpTSE.exe
  2⤵
  PID:3776
- C:\Windows\System\pqrTXqF.exe
  C:\Windows\System\pqrTXqF.exe
  2⤵
  PID:2680
- C:\Windows\System\GRGOGEB.exe
  C:\Windows\System\GRGOGEB.exe
  2⤵
  PID:3056
- C:\Windows\System\aSkbWQS.exe
  C:\Windows\System\aSkbWQS.exe
  2⤵
  PID:3200
- C:\Windows\System\OEVkMXO.exe
  C:\Windows\System\OEVkMXO.exe
  2⤵
  PID:3360
- C:\Windows\System\tuHVgzP.exe
  C:\Windows\System\tuHVgzP.exe
  2⤵
  PID:3736
- C:\Windows\System\qIOCYub.exe
  C:\Windows\System\qIOCYub.exe
  2⤵
  PID:2624
- C:\Windows\System\cZvxASJ.exe
  C:\Windows\System\cZvxASJ.exe
  2⤵
  PID:3368
- C:\Windows\System\ruJCSSH.exe
  C:\Windows\System\ruJCSSH.exe
  2⤵
  PID:3628
- C:\Windows\System\GztaWHQ.exe
  C:\Windows\System\GztaWHQ.exe
  2⤵
  PID:3424
- C:\Windows\System\yNdLRpg.exe
  C:\Windows\System\yNdLRpg.exe
  2⤵
  PID:3400
- C:\Windows\System\pYAVASr.exe
  C:\Windows\System\pYAVASr.exe
  2⤵
  PID:3512
- C:\Windows\System\BhVfHtl.exe
  C:\Windows\System\BhVfHtl.exe
  2⤵
  PID:3516
- C:\Windows\System\OFTMehx.exe
  C:\Windows\System\OFTMehx.exe
  2⤵
  PID:4080
- C:\Windows\System\XmTeNRx.exe
  C:\Windows\System\XmTeNRx.exe
  2⤵
  PID:3100
- C:\Windows\System\FfttNFm.exe
  C:\Windows\System\FfttNFm.exe
  2⤵
  PID:3760
- C:\Windows\System\CAfgBGf.exe
  C:\Windows\System\CAfgBGf.exe
  2⤵
  PID:2744
- C:\Windows\System\jdlYhoV.exe
  C:\Windows\System\jdlYhoV.exe
  2⤵
  PID:3864
- C:\Windows\System\iNnUzdy.exe
  C:\Windows\System\iNnUzdy.exe
  2⤵
  PID:3644
- C:\Windows\System\HeYPOCl.exe
  C:\Windows\System\HeYPOCl.exe
  2⤵
  PID:3792
- C:\Windows\System\hkLCmdT.exe
  C:\Windows\System\hkLCmdT.exe
  2⤵
  PID:3772
- C:\Windows\System\lPorjUB.exe
  C:\Windows\System\lPorjUB.exe
  2⤵
  PID:3712
- C:\Windows\System\SZCYJDE.exe
  C:\Windows\System\SZCYJDE.exe
  2⤵
  PID:4112
- C:\Windows\System\PyDMzmX.exe
  C:\Windows\System\PyDMzmX.exe
  2⤵
  PID:4128
- C:\Windows\System\JLauXzr.exe
  C:\Windows\System\JLauXzr.exe
  2⤵
  PID:4152
- C:\Windows\System\pZLcHkM.exe
  C:\Windows\System\pZLcHkM.exe
  2⤵
  PID:4168
- C:\Windows\System\RYKPnxN.exe
  C:\Windows\System\RYKPnxN.exe
  2⤵
  PID:4192
- C:\Windows\System\iXoeboG.exe
  C:\Windows\System\iXoeboG.exe
  2⤵
  PID:4212
- C:\Windows\System\AxdnFQN.exe
  C:\Windows\System\AxdnFQN.exe
  2⤵
  PID:4236
- C:\Windows\System\PSeimcr.exe
  C:\Windows\System\PSeimcr.exe
  2⤵
  PID:4260
- C:\Windows\System\FkXCmPL.exe
  C:\Windows\System\FkXCmPL.exe
  2⤵
  PID:4284
- C:\Windows\System\TujMbKi.exe
  C:\Windows\System\TujMbKi.exe
  2⤵
  PID:4300
- C:\Windows\System\XIOADSR.exe
  C:\Windows\System\XIOADSR.exe
  2⤵
  PID:4320
- C:\Windows\System\SOlgukz.exe
  C:\Windows\System\SOlgukz.exe
  2⤵
  PID:4336
- C:\Windows\System\eNACeAR.exe
  C:\Windows\System\eNACeAR.exe
  2⤵
  PID:4356
- C:\Windows\System\XoLHzKi.exe
  C:\Windows\System\XoLHzKi.exe
  2⤵
  PID:4372
- C:\Windows\System\vnEybPF.exe
  C:\Windows\System\vnEybPF.exe
  2⤵
  PID:4392
- C:\Windows\System\BgkhAUH.exe
  C:\Windows\System\BgkhAUH.exe
  2⤵
  PID:4408
- C:\Windows\System\jXrvZFT.exe
  C:\Windows\System\jXrvZFT.exe
  2⤵
  PID:4432
- C:\Windows\System\TBMLJhI.exe
  C:\Windows\System\TBMLJhI.exe
  2⤵
  PID:4448
- C:\Windows\System\etmUOBY.exe
  C:\Windows\System\etmUOBY.exe
  2⤵
  PID:4468
- C:\Windows\System\ZjIpcqI.exe
  C:\Windows\System\ZjIpcqI.exe
  2⤵
  PID:4488
- C:\Windows\System\YZyaaly.exe
  C:\Windows\System\YZyaaly.exe
  2⤵
  PID:4504
- C:\Windows\System\BRWLdCU.exe
  C:\Windows\System\BRWLdCU.exe
  2⤵
  PID:4524
- C:\Windows\System\gBgyEtb.exe
  C:\Windows\System\gBgyEtb.exe
  2⤵
  PID:4548
- C:\Windows\System\HTwpUyy.exe
  C:\Windows\System\HTwpUyy.exe
  2⤵
  PID:4568
- C:\Windows\System\xcMRUVT.exe
  C:\Windows\System\xcMRUVT.exe
  2⤵
  PID:4588
- C:\Windows\System\DZonAib.exe
  C:\Windows\System\DZonAib.exe
  2⤵
  PID:4620
- C:\Windows\System\nCCQEVH.exe
  C:\Windows\System\nCCQEVH.exe
  2⤵
  PID:4644
- C:\Windows\System\hzKEaAF.exe
  C:\Windows\System\hzKEaAF.exe
  2⤵
  PID:4668
- C:\Windows\System\xXhCcjp.exe
  C:\Windows\System\xXhCcjp.exe
  2⤵
  PID:4684
- C:\Windows\System\Fcqchls.exe
  C:\Windows\System\Fcqchls.exe
  2⤵
  PID:4700
- C:\Windows\System\eePRSvK.exe
  C:\Windows\System\eePRSvK.exe
  2⤵
  PID:4724
- C:\Windows\System\EAwqXcL.exe
  C:\Windows\System\EAwqXcL.exe
  2⤵
  PID:4752
- C:\Windows\System\fBBMfIV.exe
  C:\Windows\System\fBBMfIV.exe
  2⤵
  PID:4772
- C:\Windows\System\OEqULUk.exe
  C:\Windows\System\OEqULUk.exe
  2⤵
  PID:4792
- C:\Windows\System\cKtRRGR.exe
  C:\Windows\System\cKtRRGR.exe
  2⤵
  PID:4808
- C:\Windows\System\aCqTgNU.exe
  C:\Windows\System\aCqTgNU.exe
  2⤵
  PID:4828
- C:\Windows\System\odguKuC.exe
  C:\Windows\System\odguKuC.exe
  2⤵
  PID:4848
- C:\Windows\System\MeiYmDS.exe
  C:\Windows\System\MeiYmDS.exe
  2⤵
  PID:4864
- C:\Windows\System\YuVLLVL.exe
  C:\Windows\System\YuVLLVL.exe
  2⤵
  PID:4880
- C:\Windows\System\KgGXkaJ.exe
  C:\Windows\System\KgGXkaJ.exe
  2⤵
  PID:4904
- C:\Windows\System\aESigOG.exe
  C:\Windows\System\aESigOG.exe
  2⤵
  PID:4920
- C:\Windows\System\bTHBVTn.exe
  C:\Windows\System\bTHBVTn.exe
  2⤵
  PID:4936
- C:\Windows\System\TFpaflq.exe
  C:\Windows\System\TFpaflq.exe
  2⤵
  PID:4952
- C:\Windows\System\YVnegYD.exe
  C:\Windows\System\YVnegYD.exe
  2⤵
  PID:4968
- C:\Windows\System\TndsWjp.exe
  C:\Windows\System\TndsWjp.exe
  2⤵
  PID:4988
- C:\Windows\System\kLFairk.exe
  C:\Windows\System\kLFairk.exe
  2⤵
  PID:5012
- C:\Windows\System\ldxRbpQ.exe
  C:\Windows\System\ldxRbpQ.exe
  2⤵
  PID:5028
- C:\Windows\System\PfVKHui.exe
  C:\Windows\System\PfVKHui.exe
  2⤵
  PID:5072
- C:\Windows\System\WXXtvaE.exe
  C:\Windows\System\WXXtvaE.exe
  2⤵
  PID:5092
- C:\Windows\System\JvbDXoQ.exe
  C:\Windows\System\JvbDXoQ.exe
  2⤵
  PID:5108
- C:\Windows\System\zMzNfgS.exe
  C:\Windows\System\zMzNfgS.exe
  2⤵
  PID:3364
- C:\Windows\System\zwXGfbD.exe
  C:\Windows\System\zwXGfbD.exe
  2⤵
  PID:3228
- C:\Windows\System\YFENCaS.exe
  C:\Windows\System\YFENCaS.exe
  2⤵
  PID:3408
- C:\Windows\System\iIdnAFI.exe
  C:\Windows\System\iIdnAFI.exe
  2⤵
  PID:3460
- C:\Windows\System\eDCSioe.exe
  C:\Windows\System\eDCSioe.exe
  2⤵
  PID:1908
- C:\Windows\System\wAuNRbp.exe
  C:\Windows\System\wAuNRbp.exe
  2⤵
  PID:3532
- C:\Windows\System\UewUqau.exe
  C:\Windows\System\UewUqau.exe
  2⤵
  PID:2656
- C:\Windows\System\KmHZtIq.exe
  C:\Windows\System\KmHZtIq.exe
  2⤵
  PID:4008
- C:\Windows\System\mDrUwpZ.exe
  C:\Windows\System\mDrUwpZ.exe
  2⤵
  PID:4108
- C:\Windows\System\NdJfogK.exe
  C:\Windows\System\NdJfogK.exe
  2⤵
  PID:4140
- C:\Windows\System\oRULndS.exe
  C:\Windows\System\oRULndS.exe
  2⤵
  PID:4064
- C:\Windows\System\dNangkz.exe
  C:\Windows\System\dNangkz.exe
  2⤵
  PID:3280
- C:\Windows\System\bgvcOCT.exe
  C:\Windows\System\bgvcOCT.exe
  2⤵
  PID:4220
- C:\Windows\System\rbaPUXq.exe
  C:\Windows\System\rbaPUXq.exe
  2⤵
  PID:3788
- C:\Windows\System\QoApMcK.exe
  C:\Windows\System\QoApMcK.exe
  2⤵
  PID:4280
- C:\Windows\System\FQXZMsM.exe
  C:\Windows\System\FQXZMsM.exe
  2⤵
  PID:3756
- C:\Windows\System\PNztxyi.exe
  C:\Windows\System\PNztxyi.exe
  2⤵
  PID:4344
- C:\Windows\System\YGUoxqB.exe
  C:\Windows\System\YGUoxqB.exe
  2⤵
  PID:4164
- C:\Windows\System\mcFQDKF.exe
  C:\Windows\System\mcFQDKF.exe
  2⤵
  PID:4200
- C:\Windows\System\JSOqTjr.exe
  C:\Windows\System\JSOqTjr.exe
  2⤵
  PID:4208
- C:\Windows\System\druSRwa.exe
  C:\Windows\System\druSRwa.exe
  2⤵
  PID:4460
- C:\Windows\System\AcFVmFU.exe
  C:\Windows\System\AcFVmFU.exe
  2⤵
  PID:4248
- C:\Windows\System\OuIuFjb.exe
  C:\Windows\System\OuIuFjb.exe
  2⤵
  PID:4500
- C:\Windows\System\ZKKcCPS.exe
  C:\Windows\System\ZKKcCPS.exe
  2⤵
  PID:4536
- C:\Windows\System\bgRNxLK.exe
  C:\Windows\System\bgRNxLK.exe
  2⤵
  PID:1360
- C:\Windows\System\Kirtpgf.exe
  C:\Windows\System\Kirtpgf.exe
  2⤵
  PID:4680
- C:\Windows\System\fAVbKfe.exe
  C:\Windows\System\fAVbKfe.exe
  2⤵
  PID:672
- C:\Windows\System\QDAzHdh.exe
  C:\Windows\System\QDAzHdh.exe
  2⤵
  PID:4400
- C:\Windows\System\iQxZjmx.exe
  C:\Windows\System\iQxZjmx.exe
  2⤵
  PID:4764
- C:\Windows\System\VbMyRqZ.exe
  C:\Windows\System\VbMyRqZ.exe
  2⤵
  PID:4844
- C:\Windows\System\xXGpaMH.exe
  C:\Windows\System\xXGpaMH.exe
  2⤵
  PID:4484
- C:\Windows\System\mxLNzWy.exe
  C:\Windows\System\mxLNzWy.exe
  2⤵
  PID:4912
- C:\Windows\System\tCPdEKD.exe
  C:\Windows\System\tCPdEKD.exe
  2⤵
  PID:4440
- C:\Windows\System\FTunkqM.exe
  C:\Windows\System\FTunkqM.exe
  2⤵
  PID:4944
- C:\Windows\System\QLjQjcj.exe
  C:\Windows\System\QLjQjcj.exe
  2⤵
  PID:4692
- C:\Windows\System\DGkYTmv.exe
  C:\Windows\System\DGkYTmv.exe
  2⤵
  PID:4736
- C:\Windows\System\vtfVBfw.exe
  C:\Windows\System\vtfVBfw.exe
  2⤵
  PID:4748
- C:\Windows\System\EqQMopO.exe
  C:\Windows\System\EqQMopO.exe
  2⤵
  PID:4820
- C:\Windows\System\NHBpMeN.exe
  C:\Windows\System\NHBpMeN.exe
  2⤵
  PID:2392
- C:\Windows\System\Qciyxik.exe
  C:\Windows\System\Qciyxik.exe
  2⤵
  PID:4928
- C:\Windows\System\ZZmYyux.exe
  C:\Windows\System\ZZmYyux.exe
  2⤵
  PID:5004
- C:\Windows\System\QEbuzZM.exe
  C:\Windows\System\QEbuzZM.exe
  2⤵
  PID:5048
- C:\Windows\System\vizHEsi.exe
  C:\Windows\System\vizHEsi.exe
  2⤵
  PID:1720
- C:\Windows\System\XikRQnW.exe
  C:\Windows\System\XikRQnW.exe
  2⤵
  PID:5084
- C:\Windows\System\guriodT.exe
  C:\Windows\System\guriodT.exe
  2⤵
  PID:3120
- C:\Windows\System\cWAWbyM.exe
  C:\Windows\System\cWAWbyM.exe
  2⤵
  PID:3484
- C:\Windows\System\eptpYmW.exe
  C:\Windows\System\eptpYmW.exe
  2⤵
  PID:696
- C:\Windows\System\NRSuYxU.exe
  C:\Windows\System\NRSuYxU.exe
  2⤵
  PID:2936
- C:\Windows\System\evpRzEe.exe
  C:\Windows\System\evpRzEe.exe
  2⤵
  PID:1132
- C:\Windows\System\cOXsKCl.exe
  C:\Windows\System\cOXsKCl.exe
  2⤵
  PID:4004
- C:\Windows\System\cfpkxCu.exe
  C:\Windows\System\cfpkxCu.exe
  2⤵
  PID:4028
- C:\Windows\System\UDtEETS.exe
  C:\Windows\System\UDtEETS.exe
  2⤵
  PID:4084
- C:\Windows\System\ztQZDME.exe
  C:\Windows\System\ztQZDME.exe
  2⤵
  PID:4144
- C:\Windows\System\fqhYBEc.exe
  C:\Windows\System\fqhYBEc.exe
  2⤵
  PID:4232
- C:\Windows\System\WFzDYSz.exe
  C:\Windows\System\WFzDYSz.exe
  2⤵
  PID:3828
- C:\Windows\System\NbzMFoM.exe
  C:\Windows\System\NbzMFoM.exe
  2⤵
  PID:4464
- C:\Windows\System\geuqeEC.exe
  C:\Windows\System\geuqeEC.exe
  2⤵
  PID:4584
- C:\Windows\System\YJejOqK.exe
  C:\Windows\System\YJejOqK.exe
  2⤵
  PID:3680
- C:\Windows\System\YaeEfzc.exe
  C:\Windows\System\YaeEfzc.exe
  2⤵
  PID:4720
- C:\Windows\System\YaCoyWw.exe
  C:\Windows\System\YaCoyWw.exe
  2⤵
  PID:4876
- C:\Windows\System\wlDKjxa.exe
  C:\Windows\System\wlDKjxa.exe
  2⤵
  PID:4532
- C:\Windows\System\hckrvPQ.exe
  C:\Windows\System\hckrvPQ.exe
  2⤵
  PID:4640
- C:\Windows\System\FYLOKyf.exe
  C:\Windows\System\FYLOKyf.exe
  2⤵
  PID:4676
- C:\Windows\System\WyhNooF.exe
  C:\Windows\System\WyhNooF.exe
  2⤵
  PID:4556
- C:\Windows\System\VnZcItp.exe
  C:\Windows\System\VnZcItp.exe
  2⤵
  PID:4364
- C:\Windows\System\ajJMUfE.exe
  C:\Windows\System\ajJMUfE.exe
  2⤵
  PID:4616
- C:\Windows\System\JlzkOQr.exe
  C:\Windows\System\JlzkOQr.exe
  2⤵
  PID:4732
- C:\Windows\System\VyQXNHW.exe
  C:\Windows\System\VyQXNHW.exe
  2⤵
  PID:4788
- C:\Windows\System\bFsiypj.exe
  C:\Windows\System\bFsiypj.exe
  2⤵
  PID:4892
- C:\Windows\System\RPGGqSz.exe
  C:\Windows\System\RPGGqSz.exe
  2⤵
  PID:2632
- C:\Windows\System\HvMJmaw.exe
  C:\Windows\System\HvMJmaw.exe
  2⤵
  PID:5060
- C:\Windows\System\zyGWHwk.exe
  C:\Windows\System\zyGWHwk.exe
  2⤵
  PID:5104
- C:\Windows\System\dkNfEMV.exe
  C:\Windows\System\dkNfEMV.exe
  2⤵
  PID:2964
- C:\Windows\System\azINoQH.exe
  C:\Windows\System\azINoQH.exe
  2⤵
  PID:2712
- C:\Windows\System\aUGyELE.exe
  C:\Windows\System\aUGyELE.exe
  2⤵
  PID:1776
- C:\Windows\System\OGrOXOO.exe
  C:\Windows\System\OGrOXOO.exe
  2⤵
  PID:3664
- C:\Windows\System\JXTTMZO.exe
  C:\Windows\System\JXTTMZO.exe
  2⤵
  PID:3412
- C:\Windows\System\lwWQPJv.exe
  C:\Windows\System\lwWQPJv.exe
  2⤵
  PID:3284
- C:\Windows\System\QBiVTIh.exe
  C:\Windows\System\QBiVTIh.exe
  2⤵
  PID:4496
- C:\Windows\System\mnhPTUZ.exe
  C:\Windows\System\mnhPTUZ.exe
  2⤵
  PID:4120
- C:\Windows\System\wNrKcQr.exe
  C:\Windows\System\wNrKcQr.exe
  2⤵
  PID:4716
- C:\Windows\System\hhsmamT.exe
  C:\Windows\System\hhsmamT.exe
  2⤵
  PID:5136
- C:\Windows\System\gcValRh.exe
  C:\Windows\System\gcValRh.exe
  2⤵
  PID:5156
- C:\Windows\System\xfHFrFe.exe
  C:\Windows\System\xfHFrFe.exe
  2⤵
  PID:5172
- C:\Windows\System\GtgZgJB.exe
  C:\Windows\System\GtgZgJB.exe
  2⤵
  PID:5196
- C:\Windows\System\YdkQJcs.exe
  C:\Windows\System\YdkQJcs.exe
  2⤵
  PID:5212
- C:\Windows\System\ldxhsqN.exe
  C:\Windows\System\ldxhsqN.exe
  2⤵
  PID:5236
- C:\Windows\System\LuDxolc.exe
  C:\Windows\System\LuDxolc.exe
  2⤵
  PID:5256
- C:\Windows\System\OmPgvMU.exe
  C:\Windows\System\OmPgvMU.exe
  2⤵
  PID:5276
- C:\Windows\System\vTPBlrx.exe
  C:\Windows\System\vTPBlrx.exe
  2⤵
  PID:5296
- C:\Windows\System\keGtxsr.exe
  C:\Windows\System\keGtxsr.exe
  2⤵
  PID:5316
- C:\Windows\System\PpfWrsu.exe
  C:\Windows\System\PpfWrsu.exe
  2⤵
  PID:5336
- C:\Windows\System\ZBvUIiL.exe
  C:\Windows\System\ZBvUIiL.exe
  2⤵
  PID:5360
- C:\Windows\System\xtKYFGC.exe
  C:\Windows\System\xtKYFGC.exe
  2⤵
  PID:5380
- C:\Windows\System\wRDebiA.exe
  C:\Windows\System\wRDebiA.exe
  2⤵
  PID:5400
- C:\Windows\System\dBaErBP.exe
  C:\Windows\System\dBaErBP.exe
  2⤵
  PID:5420
- C:\Windows\System\uQUlpIn.exe
  C:\Windows\System\uQUlpIn.exe
  2⤵
  PID:5440
- C:\Windows\System\yMbCtWV.exe
  C:\Windows\System\yMbCtWV.exe
  2⤵
  PID:5460
- C:\Windows\System\IJtDZZo.exe
  C:\Windows\System\IJtDZZo.exe
  2⤵
  PID:5480
- C:\Windows\System\foNbNqo.exe
  C:\Windows\System\foNbNqo.exe
  2⤵
  PID:5500
- C:\Windows\System\iBgNsrg.exe
  C:\Windows\System\iBgNsrg.exe
  2⤵
  PID:5520
- C:\Windows\System\hAhPKdS.exe
  C:\Windows\System\hAhPKdS.exe
  2⤵
  PID:5540
- C:\Windows\System\nDVvYib.exe
  C:\Windows\System\nDVvYib.exe
  2⤵
  PID:5560
- C:\Windows\System\RbWdAPQ.exe
  C:\Windows\System\RbWdAPQ.exe
  2⤵
  PID:5580
- C:\Windows\System\ZeeJjmL.exe
  C:\Windows\System\ZeeJjmL.exe
  2⤵
  PID:5600
- C:\Windows\System\ZqYvBPM.exe
  C:\Windows\System\ZqYvBPM.exe
  2⤵
  PID:5616
- C:\Windows\System\llpFCuO.exe
  C:\Windows\System\llpFCuO.exe
  2⤵
  PID:5640
- C:\Windows\System\OCleTJC.exe
  C:\Windows\System\OCleTJC.exe
  2⤵
  PID:5660
- C:\Windows\System\GVgAfRM.exe
  C:\Windows\System\GVgAfRM.exe
  2⤵
  PID:5680
- C:\Windows\System\kACrBWE.exe
  C:\Windows\System\kACrBWE.exe
  2⤵
  PID:5700
- C:\Windows\System\TSsgtIL.exe
  C:\Windows\System\TSsgtIL.exe
  2⤵
  PID:5720
- C:\Windows\System\wJWkiME.exe
  C:\Windows\System\wJWkiME.exe
  2⤵
  PID:5740
- C:\Windows\System\BZkUCyX.exe
  C:\Windows\System\BZkUCyX.exe
  2⤵
  PID:5760
- C:\Windows\System\YkGvbHc.exe
  C:\Windows\System\YkGvbHc.exe
  2⤵
  PID:5780
- C:\Windows\System\goYKbTy.exe
  C:\Windows\System\goYKbTy.exe
  2⤵
  PID:5800
- C:\Windows\System\JxkyGfr.exe
  C:\Windows\System\JxkyGfr.exe
  2⤵
  PID:5820
- C:\Windows\System\SlRIhcH.exe
  C:\Windows\System\SlRIhcH.exe
  2⤵
  PID:5840
- C:\Windows\System\vraCVvm.exe
  C:\Windows\System\vraCVvm.exe
  2⤵
  PID:5860
- C:\Windows\System\IPPLLZx.exe
  C:\Windows\System\IPPLLZx.exe
  2⤵
  PID:5880
- C:\Windows\System\vzsvIjQ.exe
  C:\Windows\System\vzsvIjQ.exe
  2⤵
  PID:5900
- C:\Windows\System\oEqYiWW.exe
  C:\Windows\System\oEqYiWW.exe
  2⤵
  PID:5920
- C:\Windows\System\vzlCPIn.exe
  C:\Windows\System\vzlCPIn.exe
  2⤵
  PID:5940
- C:\Windows\System\CsUTjpS.exe
  C:\Windows\System\CsUTjpS.exe
  2⤵
  PID:5960
- C:\Windows\System\GWdYucN.exe
  C:\Windows\System\GWdYucN.exe
  2⤵
  PID:5980
- C:\Windows\System\fSyPmqy.exe
  C:\Windows\System\fSyPmqy.exe
  2⤵
  PID:6000
- C:\Windows\System\XchBWKA.exe
  C:\Windows\System\XchBWKA.exe
  2⤵
  PID:6020
- C:\Windows\System\mLyCeyP.exe
  C:\Windows\System\mLyCeyP.exe
  2⤵
  PID:6040
- C:\Windows\System\kEPQLxS.exe
  C:\Windows\System\kEPQLxS.exe
  2⤵
  PID:6060
- C:\Windows\System\hoJcGiO.exe
  C:\Windows\System\hoJcGiO.exe
  2⤵
  PID:6080
- C:\Windows\System\XvRhhHB.exe
  C:\Windows\System\XvRhhHB.exe
  2⤵
  PID:6100
- C:\Windows\System\PBMLwoP.exe
  C:\Windows\System\PBMLwoP.exe
  2⤵
  PID:6120
- C:\Windows\System\uBXqVgF.exe
  C:\Windows\System\uBXqVgF.exe
  2⤵
  PID:6140
- C:\Windows\System\cvrbwUX.exe
  C:\Windows\System\cvrbwUX.exe
  2⤵
  PID:4520
- C:\Windows\System\aREIZXo.exe
  C:\Windows\System\aREIZXo.exe
  2⤵
  PID:4632
- C:\Windows\System\AebNnun.exe
  C:\Windows\System\AebNnun.exe
  2⤵
  PID:4984
- C:\Windows\System\IoKXvHy.exe
  C:\Windows\System\IoKXvHy.exe
  2⤵
  PID:5024
- C:\Windows\System\fyesYqq.exe
  C:\Windows\System\fyesYqq.exe
  2⤵
  PID:4784
- C:\Windows\System\IuiNfvC.exe
  C:\Windows\System\IuiNfvC.exe
  2⤵
  PID:4900
- C:\Windows\System\UWhmfqO.exe
  C:\Windows\System\UWhmfqO.exe
  2⤵
  PID:5064
- C:\Windows\System\cRIUyDi.exe
  C:\Windows\System\cRIUyDi.exe
  2⤵
  PID:3196
- C:\Windows\System\HnhzIhM.exe
  C:\Windows\System\HnhzIhM.exe
  2⤵
  PID:3288
- C:\Windows\System\LwShUAa.exe
  C:\Windows\System\LwShUAa.exe
  2⤵
  PID:4348
- C:\Windows\System\rLvsaYt.exe
  C:\Windows\System\rLvsaYt.exe
  2⤵
  PID:4148
- C:\Windows\System\ckgpNSM.exe
  C:\Windows\System\ckgpNSM.exe
  2⤵
  PID:4160
- C:\Windows\System\WzeDmuZ.exe
  C:\Windows\System\WzeDmuZ.exe
  2⤵
  PID:5144
- C:\Windows\System\ByDrIXR.exe
  C:\Windows\System\ByDrIXR.exe
  2⤵
  PID:5148
- C:\Windows\System\aAqgmNs.exe
  C:\Windows\System\aAqgmNs.exe
  2⤵
  PID:5164
- C:\Windows\System\ISEKzCB.exe
  C:\Windows\System\ISEKzCB.exe
  2⤵
  PID:5204
- C:\Windows\System\zqropIo.exe
  C:\Windows\System\zqropIo.exe
  2⤵
  PID:5264
- C:\Windows\System\kHJkRRo.exe
  C:\Windows\System\kHJkRRo.exe
  2⤵
  PID:5284
- C:\Windows\System\nChicxT.exe
  C:\Windows\System\nChicxT.exe
  2⤵
  PID:5308
- C:\Windows\System\BagjAUx.exe
  C:\Windows\System\BagjAUx.exe
  2⤵
  PID:920
- C:\Windows\System\GxhqJQM.exe
  C:\Windows\System\GxhqJQM.exe
  2⤵
  PID:5392
- C:\Windows\System\nqDEhrk.exe
  C:\Windows\System\nqDEhrk.exe
  2⤵
  PID:5428
- C:\Windows\System\pnEjabu.exe
  C:\Windows\System\pnEjabu.exe
  2⤵
  PID:5432
- C:\Windows\System\coaHTmv.exe
  C:\Windows\System\coaHTmv.exe
  2⤵
  PID:5476
- C:\Windows\System\cpSMcgR.exe
  C:\Windows\System\cpSMcgR.exe
  2⤵
  PID:5496
- C:\Windows\System\uPlemHW.exe
  C:\Windows\System\uPlemHW.exe
  2⤵
  PID:5556
- C:\Windows\System\aBMixEf.exe
  C:\Windows\System\aBMixEf.exe
  2⤵
  PID:5568
- C:\Windows\System\RlrrNZn.exe
  C:\Windows\System\RlrrNZn.exe
  2⤵
  PID:2840
- C:\Windows\System\tgYKrUJ.exe
  C:\Windows\System\tgYKrUJ.exe
  2⤵
  PID:5628
- C:\Windows\System\GPXRCFw.exe
  C:\Windows\System\GPXRCFw.exe
  2⤵
  PID:5656
- C:\Windows\System\cOUjiAn.exe
  C:\Windows\System\cOUjiAn.exe
  2⤵
  PID:5708
- C:\Windows\System\lcNRwuy.exe
  C:\Windows\System\lcNRwuy.exe
  2⤵
  PID:5748
- C:\Windows\System\WcdySkc.exe
  C:\Windows\System\WcdySkc.exe
  2⤵
  PID:5768
- C:\Windows\System\fCTrzLp.exe
  C:\Windows\System\fCTrzLp.exe
  2⤵
  PID:5772
- C:\Windows\System\PIAclGb.exe
  C:\Windows\System\PIAclGb.exe
  2⤵
  PID:5816
- C:\Windows\System\PNHJByz.exe
  C:\Windows\System\PNHJByz.exe
  2⤵
  PID:5868
- C:\Windows\System\bVxmZOj.exe
  C:\Windows\System\bVxmZOj.exe
  2⤵
  PID:5908
- C:\Windows\System\NrbKTop.exe
  C:\Windows\System\NrbKTop.exe
  2⤵
  PID:2436
- C:\Windows\System\EcZHXqZ.exe
  C:\Windows\System\EcZHXqZ.exe
  2⤵
  PID:5956
- C:\Windows\System\Eswhyan.exe
  C:\Windows\System\Eswhyan.exe
  2⤵
  PID:2008
- C:\Windows\System\EcrSYmY.exe
  C:\Windows\System\EcrSYmY.exe
  2⤵
  PID:5996
- C:\Windows\System\FWhUlwz.exe
  C:\Windows\System\FWhUlwz.exe
  2⤵
  PID:6008
- C:\Windows\System\zRvKmyK.exe
  C:\Windows\System\zRvKmyK.exe
  2⤵
  PID:6068
- C:\Windows\System\shrCrJr.exe
  C:\Windows\System\shrCrJr.exe
  2⤵
  PID:6072
- C:\Windows\System\DKfKYQp.exe
  C:\Windows\System\DKfKYQp.exe
  2⤵
  PID:6116
- C:\Windows\System\jTZheHv.exe
  C:\Windows\System\jTZheHv.exe
  2⤵
  PID:6136
- C:\Windows\System\MSLdmCw.exe
  C:\Windows\System\MSLdmCw.exe
  2⤵
  PID:4604
- C:\Windows\System\VwGbFLJ.exe
  C:\Windows\System\VwGbFLJ.exe
  2⤵
  PID:4608
- C:\Windows\System\WUnYNdp.exe
  C:\Windows\System\WUnYNdp.exe
  2⤵
  PID:4856
- C:\Windows\System\EMPAiNa.exe
  C:\Windows\System\EMPAiNa.exe
  2⤵
  PID:5056
- C:\Windows\System\ZzLKbYY.exe
  C:\Windows\System\ZzLKbYY.exe
  2⤵
  PID:3448
- C:\Windows\System\xKPncUn.exe
  C:\Windows\System\xKPncUn.exe
  2⤵
  PID:4184
- C:\Windows\System\VoEyqcc.exe
  C:\Windows\System\VoEyqcc.exe
  2⤵
  PID:3260
- C:\Windows\System\gvKgRdQ.exe
  C:\Windows\System\gvKgRdQ.exe
  2⤵
  PID:3344
- C:\Windows\System\PRDsBUX.exe
  C:\Windows\System\PRDsBUX.exe
  2⤵
  PID:5184
- C:\Windows\System\SIAXKyb.exe
  C:\Windows\System\SIAXKyb.exe
  2⤵
  PID:5232
- C:\Windows\System\qaRdfcR.exe
  C:\Windows\System\qaRdfcR.exe
  2⤵
  PID:5312
- C:\Windows\System\RQOrmGk.exe
  C:\Windows\System\RQOrmGk.exe
  2⤵
  PID:5396
- C:\Windows\System\pTVRVas.exe
  C:\Windows\System\pTVRVas.exe
  2⤵
  PID:5376
- C:\Windows\System\xqHwoAa.exe
  C:\Windows\System\xqHwoAa.exe
  2⤵
  PID:5436
- C:\Windows\System\HTsbYvo.exe
  C:\Windows\System\HTsbYvo.exe
  2⤵
  PID:5456
- C:\Windows\System\BUxpays.exe
  C:\Windows\System\BUxpays.exe
  2⤵
  PID:5528
- C:\Windows\System\toOzspX.exe
  C:\Windows\System\toOzspX.exe
  2⤵
  PID:5576
- C:\Windows\System\FidLRim.exe
  C:\Windows\System\FidLRim.exe
  2⤵
  PID:5672
- C:\Windows\System\aIfkhAy.exe
  C:\Windows\System\aIfkhAy.exe
  2⤵
  PID:5692
- C:\Windows\System\AbneiqR.exe
  C:\Windows\System\AbneiqR.exe
  2⤵
  PID:5732
- C:\Windows\System\rWGHDaQ.exe
  C:\Windows\System\rWGHDaQ.exe
  2⤵
  PID:5832
- C:\Windows\System\lPIhVTH.exe
  C:\Windows\System\lPIhVTH.exe
  2⤵
  PID:5852
- C:\Windows\System\uRDYcgI.exe
  C:\Windows\System\uRDYcgI.exe
  2⤵
  PID:5892
- C:\Windows\System\gonwPOJ.exe
  C:\Windows\System\gonwPOJ.exe
  2⤵
  PID:5936
- C:\Windows\System\fBJvdDr.exe
  C:\Windows\System\fBJvdDr.exe
  2⤵
  PID:5972
- C:\Windows\System\JJXBNIk.exe
  C:\Windows\System\JJXBNIk.exe
  2⤵
  PID:1276
- C:\Windows\System\ZlAXbzK.exe
  C:\Windows\System\ZlAXbzK.exe
  2⤵
  PID:6076
- C:\Windows\System\dPYywEB.exe
  C:\Windows\System\dPYywEB.exe
  2⤵
  PID:4368
- C:\Windows\System\fLPSezi.exe
  C:\Windows\System\fLPSezi.exe
  2⤵
  PID:4444
- C:\Windows\System\laEIpde.exe
  C:\Windows\System\laEIpde.exe
  2⤵
  PID:3728
- C:\Windows\System\DOcGRfQ.exe
  C:\Windows\System\DOcGRfQ.exe
  2⤵
  PID:3348
- C:\Windows\System\uQdGrvF.exe
  C:\Windows\System\uQdGrvF.exe
  2⤵
  PID:2756
- C:\Windows\System\sjsDMve.exe
  C:\Windows\System\sjsDMve.exe
  2⤵
  PID:4384
- C:\Windows\System\RCjXMQy.exe
  C:\Windows\System\RCjXMQy.exe
  2⤵
  PID:5228
- C:\Windows\System\tnEEoYW.exe
  C:\Windows\System\tnEEoYW.exe
  2⤵
  PID:5388
- C:\Windows\System\FDrNIPy.exe
  C:\Windows\System\FDrNIPy.exe
  2⤵
  PID:5452
- C:\Windows\System\GxVukwL.exe
  C:\Windows\System\GxVukwL.exe
  2⤵
  PID:5608
- C:\Windows\System\rxPVxaG.exe
  C:\Windows\System\rxPVxaG.exe
  2⤵
  PID:5632
- C:\Windows\System\JydTOUA.exe
  C:\Windows\System\JydTOUA.exe
  2⤵
  PID:5648
- C:\Windows\System\BeCKdWE.exe
  C:\Windows\System\BeCKdWE.exe
  2⤵
  PID:5712
- C:\Windows\System\nJUKhXx.exe
  C:\Windows\System\nJUKhXx.exe
  2⤵
  PID:5872
- C:\Windows\System\DJVrfES.exe
  C:\Windows\System\DJVrfES.exe
  2⤵
  PID:5952
- C:\Windows\System\bEPImzy.exe
  C:\Windows\System\bEPImzy.exe
  2⤵
  PID:5968
- C:\Windows\System\aVgVmeu.exe
  C:\Windows\System\aVgVmeu.exe
  2⤵
  PID:6108
- C:\Windows\System\KewwqhG.exe
  C:\Windows\System\KewwqhG.exe
  2⤵
  PID:4332
- C:\Windows\System\txCrdHy.exe
  C:\Windows\System\txCrdHy.exe
  2⤵
  PID:3176
- C:\Windows\System\DJDPQpz.exe
  C:\Windows\System\DJDPQpz.exe
  2⤵
  PID:4580
- C:\Windows\System\kvyKTwr.exe
  C:\Windows\System\kvyKTwr.exe
  2⤵
  PID:6152
- C:\Windows\System\MjpTJYC.exe
  C:\Windows\System\MjpTJYC.exe
  2⤵
  PID:6172
- C:\Windows\System\SyNuKtV.exe
  C:\Windows\System\SyNuKtV.exe
  2⤵
  PID:6192
- C:\Windows\System\NLQvJjm.exe
  C:\Windows\System\NLQvJjm.exe
  2⤵
  PID:6212
- C:\Windows\System\NQagxqj.exe
  C:\Windows\System\NQagxqj.exe
  2⤵
  PID:6236
- C:\Windows\System\tXRwVCQ.exe
  C:\Windows\System\tXRwVCQ.exe
  2⤵
  PID:6256
- C:\Windows\System\gotBIrt.exe
  C:\Windows\System\gotBIrt.exe
  2⤵
  PID:6276
- C:\Windows\System\PavxLOv.exe
  C:\Windows\System\PavxLOv.exe
  2⤵
  PID:6296
- C:\Windows\System\GxqtdVz.exe
  C:\Windows\System\GxqtdVz.exe
  2⤵
  PID:6316
- C:\Windows\System\WGmGRsg.exe
  C:\Windows\System\WGmGRsg.exe
  2⤵
  PID:6336
- C:\Windows\System\PrDrxnB.exe
  C:\Windows\System\PrDrxnB.exe
  2⤵
  PID:6356
- C:\Windows\System\STmIsRe.exe
  C:\Windows\System\STmIsRe.exe
  2⤵
  PID:6376
- C:\Windows\System\hMZqYop.exe
  C:\Windows\System\hMZqYop.exe
  2⤵
  PID:6396
- C:\Windows\System\wOQbkrG.exe
  C:\Windows\System\wOQbkrG.exe
  2⤵
  PID:6416
- C:\Windows\System\EkZhSDl.exe
  C:\Windows\System\EkZhSDl.exe
  2⤵
  PID:6436
- C:\Windows\System\XIlmvNV.exe
  C:\Windows\System\XIlmvNV.exe
  2⤵
  PID:6456
- C:\Windows\System\LQHGwXc.exe
  C:\Windows\System\LQHGwXc.exe
  2⤵
  PID:6476
- C:\Windows\System\EnkEkHy.exe
  C:\Windows\System\EnkEkHy.exe
  2⤵
  PID:6496
- C:\Windows\System\jNLyDqU.exe
  C:\Windows\System\jNLyDqU.exe
  2⤵
  PID:6516
- C:\Windows\System\lfSNvhe.exe
  C:\Windows\System\lfSNvhe.exe
  2⤵
  PID:6536
- C:\Windows\System\EtGfezy.exe
  C:\Windows\System\EtGfezy.exe
  2⤵
  PID:6556
- C:\Windows\System\jxWfSuQ.exe
  C:\Windows\System\jxWfSuQ.exe
  2⤵
  PID:6576
- C:\Windows\System\olaYvuu.exe
  C:\Windows\System\olaYvuu.exe
  2⤵
  PID:6596
- C:\Windows\System\heGmyWr.exe
  C:\Windows\System\heGmyWr.exe
  2⤵
  PID:6616
- C:\Windows\System\XwTRvJX.exe
  C:\Windows\System\XwTRvJX.exe
  2⤵
  PID:6636
- C:\Windows\System\AKbdphn.exe
  C:\Windows\System\AKbdphn.exe
  2⤵
  PID:6656
- C:\Windows\System\IzNgGYb.exe
  C:\Windows\System\IzNgGYb.exe
  2⤵
  PID:6676
- C:\Windows\System\uZKsmhU.exe
  C:\Windows\System\uZKsmhU.exe
  2⤵
  PID:6696
- C:\Windows\System\gLIzxgf.exe
  C:\Windows\System\gLIzxgf.exe
  2⤵
  PID:6716
- C:\Windows\System\CVWqEJu.exe
  C:\Windows\System\CVWqEJu.exe
  2⤵
  PID:6736
- C:\Windows\System\zLEZcBI.exe
  C:\Windows\System\zLEZcBI.exe
  2⤵
  PID:6756
- C:\Windows\System\sTrtRzq.exe
  C:\Windows\System\sTrtRzq.exe
  2⤵
  PID:6776
- C:\Windows\System\bjnQPVA.exe
  C:\Windows\System\bjnQPVA.exe
  2⤵
  PID:6796
- C:\Windows\System\MblPSkR.exe
  C:\Windows\System\MblPSkR.exe
  2⤵
  PID:6816
- C:\Windows\System\nghXWPf.exe
  C:\Windows\System\nghXWPf.exe
  2⤵
  PID:6836
- C:\Windows\System\klgJjig.exe
  C:\Windows\System\klgJjig.exe
  2⤵
  PID:6856
- C:\Windows\System\BpvtWOo.exe
  C:\Windows\System\BpvtWOo.exe
  2⤵
  PID:6876
- C:\Windows\System\ogfYMJN.exe
  C:\Windows\System\ogfYMJN.exe
  2⤵
  PID:6896
- C:\Windows\System\DxCMaEX.exe
  C:\Windows\System\DxCMaEX.exe
  2⤵
  PID:6920
- C:\Windows\System\PCOKElk.exe
  C:\Windows\System\PCOKElk.exe
  2⤵
  PID:6940
- C:\Windows\System\XicpHJe.exe
  C:\Windows\System\XicpHJe.exe
  2⤵
  PID:6960
- C:\Windows\System\BLXQNBz.exe
  C:\Windows\System\BLXQNBz.exe
  2⤵
  PID:6980
- C:\Windows\System\QwNoVRG.exe
  C:\Windows\System\QwNoVRG.exe
  2⤵
  PID:7000
- C:\Windows\System\LQFwzzu.exe
  C:\Windows\System\LQFwzzu.exe
  2⤵
  PID:7020
- C:\Windows\System\EbChZXf.exe
  C:\Windows\System\EbChZXf.exe
  2⤵
  PID:7036
- C:\Windows\System\OgOSBeB.exe
  C:\Windows\System\OgOSBeB.exe
  2⤵
  PID:7060
- C:\Windows\System\fTtXjyY.exe
  C:\Windows\System\fTtXjyY.exe
  2⤵
  PID:7080
- C:\Windows\System\ivJLoRo.exe
  C:\Windows\System\ivJLoRo.exe
  2⤵
  PID:7096
- C:\Windows\System\mHXkVnr.exe
  C:\Windows\System\mHXkVnr.exe
  2⤵
  PID:7116
- C:\Windows\System\DdDDpWT.exe
  C:\Windows\System\DdDDpWT.exe
  2⤵
  PID:7136
- C:\Windows\System\PYKRYQw.exe
  C:\Windows\System\PYKRYQw.exe
  2⤵
  PID:7156
- C:\Windows\System\rYttBvr.exe
  C:\Windows\System\rYttBvr.exe
  2⤵
  PID:5328
- C:\Windows\System\WESedGv.exe
  C:\Windows\System\WESedGv.exe
  2⤵
  PID:5248
- C:\Windows\System\ABfpLKQ.exe
  C:\Windows\System\ABfpLKQ.exe
  2⤵
  PID:5332
- C:\Windows\System\iUfspUO.exe
  C:\Windows\System\iUfspUO.exe
  2⤵
  PID:5548
- C:\Windows\System\KNAiFvp.exe
  C:\Windows\System\KNAiFvp.exe
  2⤵
  PID:5728
- C:\Windows\System\VwUCxwl.exe
  C:\Windows\System\VwUCxwl.exe
  2⤵
  PID:5948
- C:\Windows\System\YKppeJr.exe
  C:\Windows\System\YKppeJr.exe
  2⤵
  PID:6016
- C:\Windows\System\dXmqjCO.exe
  C:\Windows\System\dXmqjCO.exe
  2⤵
  PID:4664
- C:\Windows\System\qksduJy.exe
  C:\Windows\System\qksduJy.exe
  2⤵
  PID:4976
- C:\Windows\System\yiBMYrw.exe
  C:\Windows\System\yiBMYrw.exe
  2⤵
  PID:6164
- C:\Windows\System\VlTkcOf.exe
  C:\Windows\System\VlTkcOf.exe
  2⤵
  PID:6184
- C:\Windows\System\YoFIXGM.exe
  C:\Windows\System\YoFIXGM.exe
  2⤵
  PID:6244
- C:\Windows\System\egFaWNG.exe
  C:\Windows\System\egFaWNG.exe
  2⤵
  PID:6264
- C:\Windows\System\YxEOhnz.exe
  C:\Windows\System\YxEOhnz.exe
  2⤵
  PID:6288
- C:\Windows\System\oweszik.exe
  C:\Windows\System\oweszik.exe
  2⤵
  PID:6308
- C:\Windows\System\oBTdZQh.exe
  C:\Windows\System\oBTdZQh.exe
  2⤵
  PID:6364
- C:\Windows\System\ppkVnEo.exe
  C:\Windows\System\ppkVnEo.exe
  2⤵
  PID:6392
- C:\Windows\System\WlHZBPc.exe
  C:\Windows\System\WlHZBPc.exe
  2⤵
  PID:6432
- C:\Windows\System\RcvieZK.exe
  C:\Windows\System\RcvieZK.exe
  2⤵
  PID:6464
- C:\Windows\System\KFUaGtP.exe
  C:\Windows\System\KFUaGtP.exe
  2⤵
  PID:6488
- C:\Windows\System\iYYvltN.exe
  C:\Windows\System\iYYvltN.exe
  2⤵
  PID:6532
- C:\Windows\System\qooRzVy.exe
  C:\Windows\System\qooRzVy.exe
  2⤵
  PID:6572
- C:\Windows\System\hIYCGvJ.exe
  C:\Windows\System\hIYCGvJ.exe
  2⤵
  PID:6592
- C:\Windows\System\NMlfQDg.exe
  C:\Windows\System\NMlfQDg.exe
  2⤵
  PID:6644
- C:\Windows\System\txXAySw.exe
  C:\Windows\System\txXAySw.exe
  2⤵
  PID:6628
- C:\Windows\System\ZpzRgpq.exe
  C:\Windows\System\ZpzRgpq.exe
  2⤵
  PID:6668
- C:\Windows\System\YkBSZED.exe
  C:\Windows\System\YkBSZED.exe
  2⤵
  PID:6708
- C:\Windows\System\HXBJTna.exe
  C:\Windows\System\HXBJTna.exe
  2⤵
  PID:6748
- C:\Windows\System\xPydWCB.exe
  C:\Windows\System\xPydWCB.exe
  2⤵
  PID:6804
- C:\Windows\System\qyYFqDO.exe
  C:\Windows\System\qyYFqDO.exe
  2⤵
  PID:6852
- C:\Windows\System\orScvdX.exe
  C:\Windows\System\orScvdX.exe
  2⤵
  PID:6832
- C:\Windows\System\DUzYGYV.exe
  C:\Windows\System\DUzYGYV.exe
  2⤵
  PID:2092
- C:\Windows\System\tCuebqz.exe
  C:\Windows\System\tCuebqz.exe
  2⤵
  PID:6908
- C:\Windows\System\ZNJiowp.exe
  C:\Windows\System\ZNJiowp.exe
  2⤵
  PID:6968
- C:\Windows\System\EMsXKgS.exe
  C:\Windows\System\EMsXKgS.exe
  2⤵
  PID:7016
- C:\Windows\System\yIuBoWj.exe
  C:\Windows\System\yIuBoWj.exe
  2⤵
  PID:6988
- C:\Windows\System\rKTwKbf.exe
  C:\Windows\System\rKTwKbf.exe
  2⤵
  PID:7056
- C:\Windows\System\ArKxlqq.exe
  C:\Windows\System\ArKxlqq.exe
  2⤵
  PID:7092
- C:\Windows\System\yfULwgv.exe
  C:\Windows\System\yfULwgv.exe
  2⤵
  PID:7076
- C:\Windows\System\VlSIXmD.exe
  C:\Windows\System\VlSIXmD.exe
  2⤵
  PID:7104
- C:\Windows\System\pEAoXTa.exe
  C:\Windows\System\pEAoXTa.exe
  2⤵
  PID:5508
- C:\Windows\System\iiACCLV.exe
  C:\Windows\System\iiACCLV.exe
  2⤵
  PID:5252
- C:\Windows\System\qNmeUoN.exe
  C:\Windows\System\qNmeUoN.exe
  2⤵
  PID:5788
- C:\Windows\System\xolGRna.exe
  C:\Windows\System\xolGRna.exe
  2⤵
  PID:2944
- C:\Windows\System\alhqLLC.exe
  C:\Windows\System\alhqLLC.exe
  2⤵
  PID:4804
- C:\Windows\System\CclZEzR.exe
  C:\Windows\System\CclZEzR.exe
  2⤵
  PID:3116
- C:\Windows\System\GhtEHtL.exe
  C:\Windows\System\GhtEHtL.exe
  2⤵
  PID:4636
- C:\Windows\System\aJJqaLy.exe
  C:\Windows\System\aJJqaLy.exe
  2⤵
  PID:5132
- C:\Windows\System\dNzfMpq.exe
  C:\Windows\System\dNzfMpq.exe
  2⤵
  PID:6284
- C:\Windows\System\nSXFjkf.exe
  C:\Windows\System\nSXFjkf.exe
  2⤵
  PID:6444
- C:\Windows\System\bEQrJkM.exe
  C:\Windows\System\bEQrJkM.exe
  2⤵
  PID:6412
- C:\Windows\System\QOaDwjW.exe
  C:\Windows\System\QOaDwjW.exe
  2⤵
  PID:6424
- C:\Windows\System\jxxDYmY.exe
  C:\Windows\System\jxxDYmY.exe
  2⤵
  PID:6492
- C:\Windows\System\oPrtnPI.exe
  C:\Windows\System\oPrtnPI.exe
  2⤵
  PID:2544
- C:\Windows\System\kJReKBK.exe
  C:\Windows\System\kJReKBK.exe
  2⤵
  PID:6544
- C:\Windows\System\NffBsVK.exe
  C:\Windows\System\NffBsVK.exe
  2⤵
  PID:2672
- C:\Windows\System\KmyCyYt.exe
  C:\Windows\System\KmyCyYt.exe
  2⤵
  PID:6732
- C:\Windows\System\mCSAFmM.exe
  C:\Windows\System\mCSAFmM.exe
  2⤵
  PID:6768
- C:\Windows\System\zTNcRtA.exe
  C:\Windows\System\zTNcRtA.exe
  2⤵
  PID:6792
- C:\Windows\System\FEboLth.exe
  C:\Windows\System\FEboLth.exe
  2⤵
  PID:6744
- C:\Windows\System\LFuDOhJ.exe
  C:\Windows\System\LFuDOhJ.exe
  2⤵
  PID:2968
- C:\Windows\System\gdrRXaV.exe
  C:\Windows\System\gdrRXaV.exe
  2⤵
  PID:7044
- C:\Windows\System\FUsvMLM.exe
  C:\Windows\System\FUsvMLM.exe
  2⤵
  PID:7052
- C:\Windows\System\gAMypZL.exe
  C:\Windows\System\gAMypZL.exe
  2⤵
  PID:7132
- C:\Windows\System\gMsbUCP.exe
  C:\Windows\System\gMsbUCP.exe
  2⤵
  PID:5912
- C:\Windows\System\qUzokAM.exe
  C:\Windows\System\qUzokAM.exe
  2⤵
  PID:7088
- C:\Windows\System\kjUmbwq.exe
  C:\Windows\System\kjUmbwq.exe
  2⤵
  PID:7148
- C:\Windows\System\NSoXfRh.exe
  C:\Windows\System\NSoXfRh.exe
  2⤵
  PID:5752
- C:\Windows\System\JlPovqU.exe
  C:\Windows\System\JlPovqU.exe
  2⤵
  PID:6012
- C:\Windows\System\AsJJluf.exe
  C:\Windows\System\AsJJluf.exe
  2⤵
  PID:6200
- C:\Windows\System\aKCRGJM.exe
  C:\Windows\System\aKCRGJM.exe
  2⤵
  PID:2244
- C:\Windows\System\kbmLILq.exe
  C:\Windows\System\kbmLILq.exe
  2⤵
  PID:6324
- C:\Windows\System\uLrfdTO.exe
  C:\Windows\System\uLrfdTO.exe
  2⤵
  PID:6384
- C:\Windows\System\DTcJkNW.exe
  C:\Windows\System\DTcJkNW.exe
  2⤵
  PID:6524
- C:\Windows\System\ZOtkBmF.exe
  C:\Windows\System\ZOtkBmF.exe
  2⤵
  PID:6584
- C:\Windows\System\MTVtETC.exe
  C:\Windows\System\MTVtETC.exe
  2⤵
  PID:6612
- C:\Windows\System\YtmgEwT.exe
  C:\Windows\System\YtmgEwT.exe
  2⤵
  PID:2720
- C:\Windows\System\TZCcCRF.exe
  C:\Windows\System\TZCcCRF.exe
  2⤵
  PID:6772
- C:\Windows\System\RwBFCJp.exe
  C:\Windows\System\RwBFCJp.exe
  2⤵
  PID:2236
- C:\Windows\System\xCUXHCe.exe
  C:\Windows\System\xCUXHCe.exe
  2⤵
  PID:6884
- C:\Windows\System\dwtUqeh.exe
  C:\Windows\System\dwtUqeh.exe
  2⤵
  PID:5408
- C:\Windows\System\wSIfkWF.exe
  C:\Windows\System\wSIfkWF.exe
  2⤵
  PID:7128
- C:\Windows\System\TTLfTQN.exe
  C:\Windows\System\TTLfTQN.exe
  2⤵
  PID:5224
- C:\Windows\System\ffQotZk.exe
  C:\Windows\System\ffQotZk.exe
  2⤵
  PID:852
- C:\Windows\System\WrRrXAM.exe
  C:\Windows\System\WrRrXAM.exe
  2⤵
  PID:6204
- C:\Windows\System\YVFdhZv.exe
  C:\Windows\System\YVFdhZv.exe
  2⤵
  PID:6332
- C:\Windows\System\jdLSlAC.exe
  C:\Windows\System\jdLSlAC.exe
  2⤵
  PID:6312
- C:\Windows\System\xWeCwTU.exe
  C:\Windows\System\xWeCwTU.exe
  2⤵
  PID:6508
- C:\Windows\System\nLBQJsF.exe
  C:\Windows\System\nLBQJsF.exe
  2⤵
  PID:6724
- C:\Windows\System\CZVQzrL.exe
  C:\Windows\System\CZVQzrL.exe
  2⤵
  PID:1448
- C:\Windows\System\GglYXQZ.exe
  C:\Windows\System\GglYXQZ.exe
  2⤵
  PID:6784
- C:\Windows\System\TKCGiIP.exe
  C:\Windows\System\TKCGiIP.exe
  2⤵
  PID:1324
- C:\Windows\System\FoSTNrT.exe
  C:\Windows\System\FoSTNrT.exe
  2⤵
  PID:2184
- C:\Windows\System\vSsjMul.exe
  C:\Windows\System\vSsjMul.exe
  2⤵
  PID:572
- C:\Windows\System\JrRIJZK.exe
  C:\Windows\System\JrRIJZK.exe
  2⤵
  PID:6128
- C:\Windows\System\lQLlBPK.exe
  C:\Windows\System\lQLlBPK.exe
  2⤵
  PID:2336
- C:\Windows\System\JMDQlMH.exe
  C:\Windows\System\JMDQlMH.exe
  2⤵
  PID:6448
- C:\Windows\System\Kharwij.exe
  C:\Windows\System\Kharwij.exe
  2⤵
  PID:2600
- C:\Windows\System\rVtyCCY.exe
  C:\Windows\System\rVtyCCY.exe
  2⤵
  PID:6648
- C:\Windows\System\ZGkLnff.exe
  C:\Windows\System\ZGkLnff.exe
  2⤵
  PID:6512
- C:\Windows\System\jTrBCcw.exe
  C:\Windows\System\jTrBCcw.exe
  2⤵
  PID:6588
- C:\Windows\System\EAhDnOn.exe
  C:\Windows\System\EAhDnOn.exe
  2⤵
  PID:2592
- C:\Windows\System\QbXFMgh.exe
  C:\Windows\System\QbXFMgh.exe
  2⤵
  PID:284
- C:\Windows\System\nMmLvXo.exe
  C:\Windows\System\nMmLvXo.exe
  2⤵
  PID:1488
- C:\Windows\System\ZfbAruL.exe
  C:\Windows\System\ZfbAruL.exe
  2⤵
  PID:1164
- C:\Windows\System\VBxfmIX.exe
  C:\Windows\System\VBxfmIX.exe
  2⤵
  PID:544
- C:\Windows\System\TyqpUKO.exe
  C:\Windows\System\TyqpUKO.exe
  2⤵
  PID:5988
- C:\Windows\System\XQkHpvz.exe
  C:\Windows\System\XQkHpvz.exe
  2⤵
  PID:2856
- C:\Windows\System\jxRNByD.exe
  C:\Windows\System\jxRNByD.exe
  2⤵
  PID:6824
- C:\Windows\System\XDaoGBL.exe
  C:\Windows\System\XDaoGBL.exe
  2⤵
  PID:7012
- C:\Windows\System\dnCmZTH.exe
  C:\Windows\System\dnCmZTH.exe
  2⤵
  PID:7180
- C:\Windows\System\wicbbXi.exe
  C:\Windows\System\wicbbXi.exe
  2⤵
  PID:7200
- C:\Windows\System\bRaibGy.exe
  C:\Windows\System\bRaibGy.exe
  2⤵
  PID:7220
- C:\Windows\System\tzixXoJ.exe
  C:\Windows\System\tzixXoJ.exe
  2⤵
  PID:7240
- C:\Windows\System\htAiGjX.exe
  C:\Windows\System\htAiGjX.exe
  2⤵
  PID:7264
- C:\Windows\System\WbPzdMs.exe
  C:\Windows\System\WbPzdMs.exe
  2⤵
  PID:7284
- C:\Windows\System\ZGXLEvh.exe
  C:\Windows\System\ZGXLEvh.exe
  2⤵
  PID:7304
- C:\Windows\System\utSkkFT.exe
  C:\Windows\System\utSkkFT.exe
  2⤵
  PID:7320
- C:\Windows\System\TWNtGnN.exe
  C:\Windows\System\TWNtGnN.exe
  2⤵
  PID:7340
- C:\Windows\System\IwMKcxK.exe
  C:\Windows\System\IwMKcxK.exe
  2⤵
  PID:7356
- C:\Windows\System\RosoDvk.exe
  C:\Windows\System\RosoDvk.exe
  2⤵
  PID:7384
- C:\Windows\System\pAPLWIs.exe
  C:\Windows\System\pAPLWIs.exe
  2⤵
  PID:7404
- C:\Windows\System\CcaRNXt.exe
  C:\Windows\System\CcaRNXt.exe
  2⤵
  PID:7428
- C:\Windows\System\TEeYFFB.exe
  C:\Windows\System\TEeYFFB.exe
  2⤵
  PID:7444
- C:\Windows\System\aRNueqM.exe
  C:\Windows\System\aRNueqM.exe
  2⤵
  PID:7476
- C:\Windows\System\fkvgqpY.exe
  C:\Windows\System\fkvgqpY.exe
  2⤵
  PID:7492
- C:\Windows\System\ECVoxub.exe
  C:\Windows\System\ECVoxub.exe
  2⤵
  PID:7512
- C:\Windows\System\ABkqqRT.exe
  C:\Windows\System\ABkqqRT.exe
  2⤵
  PID:7528
- C:\Windows\System\isQRGMe.exe
  C:\Windows\System\isQRGMe.exe
  2⤵
  PID:7544
- C:\Windows\System\zckGpHA.exe
  C:\Windows\System\zckGpHA.exe
  2⤵
  PID:7568
- C:\Windows\System\SXdibSx.exe
  C:\Windows\System\SXdibSx.exe
  2⤵
  PID:7584
- C:\Windows\System\HomATXP.exe
  C:\Windows\System\HomATXP.exe
  2⤵
  PID:7600
- C:\Windows\System\qjFwZME.exe
  C:\Windows\System\qjFwZME.exe
  2⤵
  PID:7616
- C:\Windows\System\UmaeNYy.exe
  C:\Windows\System\UmaeNYy.exe
  2⤵
  PID:7632
- C:\Windows\System\QapOHuk.exe
  C:\Windows\System\QapOHuk.exe
  2⤵
  PID:7648
- C:\Windows\System\KhmnskE.exe
  C:\Windows\System\KhmnskE.exe
  2⤵
  PID:7664
- C:\Windows\System\VhyRxcQ.exe
  C:\Windows\System\VhyRxcQ.exe
  2⤵
  PID:7688
- C:\Windows\System\srrBmNj.exe
  C:\Windows\System\srrBmNj.exe
  2⤵
  PID:7704
- C:\Windows\System\jkCyDfg.exe
  C:\Windows\System\jkCyDfg.exe
  2⤵
  PID:7720
- C:\Windows\System\YFTrTab.exe
  C:\Windows\System\YFTrTab.exe
  2⤵
  PID:7736
- C:\Windows\System\fUqlKIc.exe
  C:\Windows\System\fUqlKIc.exe
  2⤵
  PID:7772
- C:\Windows\System\vSORkjE.exe
  C:\Windows\System\vSORkjE.exe
  2⤵
  PID:7804
- C:\Windows\System\NsRfIed.exe
  C:\Windows\System\NsRfIed.exe
  2⤵
  PID:7820
- C:\Windows\System\HhZkeEp.exe
  C:\Windows\System\HhZkeEp.exe
  2⤵
  PID:7836
- C:\Windows\System\xtfHMaR.exe
  C:\Windows\System\xtfHMaR.exe
  2⤵
  PID:7884
- C:\Windows\System\KzPqhaY.exe
  C:\Windows\System\KzPqhaY.exe
  2⤵
  PID:7900
- C:\Windows\System\kHOPoaK.exe
  C:\Windows\System\kHOPoaK.exe
  2⤵
  PID:7920
- C:\Windows\System\FEGyjPn.exe
  C:\Windows\System\FEGyjPn.exe
  2⤵
  PID:7936
- C:\Windows\System\VxcySDo.exe
  C:\Windows\System\VxcySDo.exe
  2⤵
  PID:7952
- C:\Windows\System\AYBHrBk.exe
  C:\Windows\System\AYBHrBk.exe
  2⤵
  PID:7972
- C:\Windows\System\Ginrijm.exe
  C:\Windows\System\Ginrijm.exe
  2⤵
  PID:7988
- C:\Windows\System\kOzEPnN.exe
  C:\Windows\System\kOzEPnN.exe
  2⤵
  PID:8008
- C:\Windows\System\CwAAbvB.exe
  C:\Windows\System\CwAAbvB.exe
  2⤵
  PID:8024
- C:\Windows\System\TeNsbgu.exe
  C:\Windows\System\TeNsbgu.exe
  2⤵
  PID:8040
- C:\Windows\System\GqQlBYQ.exe
  C:\Windows\System\GqQlBYQ.exe
  2⤵
  PID:8056
- C:\Windows\System\YwzTLnK.exe
  C:\Windows\System\YwzTLnK.exe
  2⤵
  PID:8072
- C:\Windows\System\XbdbETq.exe
  C:\Windows\System\XbdbETq.exe
  2⤵
  PID:8092
- C:\Windows\System\ioYQnNI.exe
  C:\Windows\System\ioYQnNI.exe
  2⤵
  PID:8120
- C:\Windows\System\VbpJBWZ.exe
  C:\Windows\System\VbpJBWZ.exe
  2⤵
  PID:8136
- C:\Windows\System\FGVwjVV.exe
  C:\Windows\System\FGVwjVV.exe
  2⤵
  PID:8156
- C:\Windows\System\JdOKKdy.exe
  C:\Windows\System\JdOKKdy.exe
  2⤵
  PID:8172
- C:\Windows\System\TcEnzyF.exe
  C:\Windows\System\TcEnzyF.exe
  2⤵
  PID:8188
- C:\Windows\System\EHxnmXE.exe
  C:\Windows\System\EHxnmXE.exe
  2⤵
  PID:992
- C:\Windows\System\oArhEOT.exe
  C:\Windows\System\oArhEOT.exe
  2⤵
  PID:6808
- C:\Windows\System\aavtTov.exe
  C:\Windows\System\aavtTov.exe
  2⤵
  PID:7212
- C:\Windows\System\dKHISJd.exe
  C:\Windows\System\dKHISJd.exe
  2⤵
  PID:1540
- C:\Windows\System\FDGUbaf.exe
  C:\Windows\System\FDGUbaf.exe
  2⤵
  PID:7252
- C:\Windows\System\YMFkAnv.exe
  C:\Windows\System\YMFkAnv.exe
  2⤵
  PID:7192
- C:\Windows\System\ARAsYLi.exe
  C:\Windows\System\ARAsYLi.exe
  2⤵
  PID:7236
- C:\Windows\System\ITeovbr.exe
  C:\Windows\System\ITeovbr.exe
  2⤵
  PID:7272
- C:\Windows\System\mxBOsQP.exe
  C:\Windows\System\mxBOsQP.exe
  2⤵
  PID:2664
- C:\Windows\System\BEIiOAo.exe
  C:\Windows\System\BEIiOAo.exe
  2⤵
  PID:7352
- C:\Windows\System\KaNHHVy.exe
  C:\Windows\System\KaNHHVy.exe
  2⤵
  PID:2044
- C:\Windows\System\jbaDnXy.exe
  C:\Windows\System\jbaDnXy.exe
  2⤵
  PID:4840
- C:\Windows\System\rdVgabD.exe
  C:\Windows\System\rdVgabD.exe
  2⤵
  PID:7372
- C:\Windows\System\LqTrAHv.exe
  C:\Windows\System\LqTrAHv.exe
  2⤵
  PID:600
- C:\Windows\System\JBfSQhO.exe
  C:\Windows\System\JBfSQhO.exe
  2⤵
  PID:1612
- C:\Windows\System\XXRaNtW.exe
  C:\Windows\System\XXRaNtW.exe
  2⤵
  PID:7400
- C:\Windows\System\gMCyrRc.exe
  C:\Windows\System\gMCyrRc.exe
  2⤵
  PID:7484
- C:\Windows\System\EIlwsKx.exe
  C:\Windows\System\EIlwsKx.exe
  2⤵
  PID:7488
- C:\Windows\System\IEchETo.exe
  C:\Windows\System\IEchETo.exe
  2⤵
  PID:7576
- C:\Windows\System\fobpQqL.exe
  C:\Windows\System\fobpQqL.exe
  2⤵
  PID:7656
- C:\Windows\System\lDGkMem.exe
  C:\Windows\System\lDGkMem.exe
  2⤵
  PID:7560
- C:\Windows\System\tLQdDdU.exe
  C:\Windows\System\tLQdDdU.exe
  2⤵
  PID:7696
- C:\Windows\System\LJovOIq.exe
  C:\Windows\System\LJovOIq.exe
  2⤵
  PID:7792
- C:\Windows\System\kelcyDT.exe
  C:\Windows\System\kelcyDT.exe
  2⤵
  PID:7832
- C:\Windows\System\nqXBolb.exe
  C:\Windows\System\nqXBolb.exe
  2⤵
  PID:7672
- C:\Windows\System\BgeeRvM.exe
  C:\Windows\System\BgeeRvM.exe
  2⤵
  PID:7764
- C:\Windows\System\QzoUJWb.exe
  C:\Windows\System\QzoUJWb.exe
  2⤵
  PID:7844
- C:\Windows\System\lYWSgAB.exe
  C:\Windows\System\lYWSgAB.exe
  2⤵
  PID:7928
- C:\Windows\System\qrkVgCa.exe
  C:\Windows\System\qrkVgCa.exe
  2⤵
  PID:7996
- C:\Windows\System\ZcolWlU.exe
  C:\Windows\System\ZcolWlU.exe
  2⤵
  PID:8036
- C:\Windows\System\YgJTZvh.exe
  C:\Windows\System\YgJTZvh.exe
  2⤵
  PID:8104
- C:\Windows\System\snqdxTu.exe
  C:\Windows\System\snqdxTu.exe
  2⤵
  PID:7860
- C:\Windows\System\yYFJPrt.exe
  C:\Windows\System\yYFJPrt.exe
  2⤵
  PID:8148
- C:\Windows\System\GGdUeXI.exe
  C:\Windows\System\GGdUeXI.exe
  2⤵
  PID:6868
- C:\Windows\System\eDRLvrF.exe
  C:\Windows\System\eDRLvrF.exe
  2⤵
  PID:7984
- C:\Windows\System\PNZSFdf.exe
  C:\Windows\System\PNZSFdf.exe
  2⤵
  PID:7876
- C:\Windows\System\NGRvPdv.exe
  C:\Windows\System\NGRvPdv.exe
  2⤵
  PID:7944
- C:\Windows\System\VYgCRsE.exe
  C:\Windows\System\VYgCRsE.exe
  2⤵
  PID:8020
- C:\Windows\System\pQrYEeS.exe
  C:\Windows\System\pQrYEeS.exe
  2⤵
  PID:8164
- C:\Windows\System\sDPfPnP.exe
  C:\Windows\System\sDPfPnP.exe
  2⤵
  PID:6228
- C:\Windows\System\EfKqVKw.exe
  C:\Windows\System\EfKqVKw.exe
  2⤵
  PID:2100
- C:\Windows\System\VnRufqi.exe
  C:\Windows\System\VnRufqi.exe
  2⤵
  PID:7176
- C:\Windows\System\poWkQfv.exe
  C:\Windows\System\poWkQfv.exe
  2⤵
  PID:6864
- C:\Windows\System\qByplFv.exe
  C:\Windows\System\qByplFv.exe
  2⤵
  PID:7296
- C:\Windows\System\mLeGrxh.exe
  C:\Windows\System\mLeGrxh.exe
  2⤵
  PID:2160
- C:\Windows\System\kBVzBCM.exe
  C:\Windows\System\kBVzBCM.exe
  2⤵
  PID:7456
- C:\Windows\System\VzGHcLo.exe
  C:\Windows\System\VzGHcLo.exe
  2⤵
  PID:7896
- C:\Windows\System\wLTxLQX.exe
  C:\Windows\System\wLTxLQX.exe
  2⤵
  PID:7716
- C:\Windows\System\aUJRpUn.exe
  C:\Windows\System\aUJRpUn.exe
  2⤵
  PID:8088
- C:\Windows\System\rhctbWi.exe
  C:\Windows\System\rhctbWi.exe
  2⤵
  PID:1336
- C:\Windows\System\asPEQpJ.exe
  C:\Windows\System\asPEQpJ.exe
  2⤵
  PID:328
- C:\Windows\System\utAMacH.exe
  C:\Windows\System\utAMacH.exe
  2⤵
  PID:560
- C:\Windows\System\pHJsFbp.exe
  C:\Windows\System\pHJsFbp.exe
  2⤵
  PID:2368
- C:\Windows\System\QMGArfo.exe
  C:\Windows\System\QMGArfo.exe
  2⤵
  PID:7424
- C:\Windows\System\pucVrZx.exe
  C:\Windows\System\pucVrZx.exe
  2⤵
  PID:7612
- C:\Windows\System\oyFBqqN.exe
  C:\Windows\System\oyFBqqN.exe
  2⤵
  PID:7784
- C:\Windows\System\MlCITol.exe
  C:\Windows\System\MlCITol.exe
  2⤵
  PID:7816
- C:\Windows\System\cmClqcJ.exe
  C:\Windows\System\cmClqcJ.exe
  2⤵
  PID:8068
- C:\Windows\System\HwbNvby.exe
  C:\Windows\System\HwbNvby.exe
  2⤵
  PID:7868
- C:\Windows\System\HoWXGfK.exe
  C:\Windows\System\HoWXGfK.exe
  2⤵
  PID:7916
- C:\Windows\System\KmCnfRs.exe
  C:\Windows\System\KmCnfRs.exe
  2⤵
  PID:6916
- C:\Windows\System\juDWeal.exe
  C:\Windows\System\juDWeal.exe
  2⤵
  PID:7312
- C:\Windows\System\hXxpYur.exe
  C:\Windows\System\hXxpYur.exe
  2⤵
  PID:7412
- C:\Windows\System\cETxrHZ.exe
  C:\Windows\System\cETxrHZ.exe
  2⤵
  PID:7624
- C:\Windows\System\jvYHOYg.exe
  C:\Windows\System\jvYHOYg.exe
  2⤵
  PID:7828
- C:\Windows\System\fCSkvGO.exe
  C:\Windows\System\fCSkvGO.exe
  2⤵
  PID:7712
- C:\Windows\System\mSJXXYa.exe
  C:\Windows\System\mSJXXYa.exe
  2⤵
  PID:7892
- C:\Windows\System\RikrcMY.exe
  C:\Windows\System\RikrcMY.exe
  2⤵
  PID:8180
- C:\Windows\System\LjvAXaM.exe
  C:\Windows\System\LjvAXaM.exe
  2⤵
  PID:7248
- C:\Windows\System\LOLwQQD.exe
  C:\Windows\System\LOLwQQD.exe
  2⤵
  PID:7380
- C:\Windows\System\oPxmUCK.exe
  C:\Windows\System\oPxmUCK.exe
  2⤵
  PID:7452
- C:\Windows\System\mhlqmci.exe
  C:\Windows\System\mhlqmci.exe
  2⤵
  PID:7700
- C:\Windows\System\MSrObya.exe
  C:\Windows\System\MSrObya.exe
  2⤵
  PID:7968
- C:\Windows\System\Pkmcebb.exe
  C:\Windows\System\Pkmcebb.exe
  2⤵
  PID:7504
- C:\Windows\System\LFMLGQF.exe
  C:\Windows\System\LFMLGQF.exe
  2⤵
  PID:8032
- C:\Windows\System\YJRYRUn.exe
  C:\Windows\System\YJRYRUn.exe
  2⤵
  PID:2988
- C:\Windows\System\ymwnQRm.exe
  C:\Windows\System\ymwnQRm.exe
  2⤵
  PID:7552
- C:\Windows\System\pLcBtTV.exe
  C:\Windows\System\pLcBtTV.exe
  2⤵
  PID:7908
- C:\Windows\System\HstaXBp.exe
  C:\Windows\System\HstaXBp.exe
  2⤵
  PID:7536
- C:\Windows\System\xThXtka.exe
  C:\Windows\System\xThXtka.exe
  2⤵
  PID:8128
- C:\Windows\System\CIMWMbW.exe
  C:\Windows\System\CIMWMbW.exe
  2⤵
  PID:2204
- C:\Windows\System\KJURIyS.exe
  C:\Windows\System\KJURIyS.exe
  2⤵
  PID:7752
- C:\Windows\System\OoMShvE.exe
  C:\Windows\System\OoMShvE.exe
  2⤵
  PID:8132
- C:\Windows\System\zpANYDw.exe
  C:\Windows\System\zpANYDw.exe
  2⤵
  PID:8016
- C:\Windows\System\MTkAEzy.exe
  C:\Windows\System\MTkAEzy.exe
  2⤵
  PID:7332
- C:\Windows\System\cgOyvsv.exe
  C:\Windows\System\cgOyvsv.exe
  2⤵
  PID:7756
- C:\Windows\System\eeljHuL.exe
  C:\Windows\System\eeljHuL.exe
  2⤵
  PID:7680
- C:\Windows\System\nohgsAJ.exe
  C:\Windows\System\nohgsAJ.exe
  2⤵
  PID:8112
- C:\Windows\System\ySeoEuC.exe
  C:\Windows\System\ySeoEuC.exe
  2⤵
  PID:7276
- C:\Windows\System\vogUPeW.exe
  C:\Windows\System\vogUPeW.exe
  2⤵
  PID:8204
- C:\Windows\System\rKygkdk.exe
  C:\Windows\System\rKygkdk.exe
  2⤵
  PID:8220
- C:\Windows\System\huIrbOP.exe
  C:\Windows\System\huIrbOP.exe
  2⤵
  PID:8236
- C:\Windows\System\NZwnJwb.exe
  C:\Windows\System\NZwnJwb.exe
  2⤵
  PID:8264
- C:\Windows\System\QIkezEL.exe
  C:\Windows\System\QIkezEL.exe
  2⤵
  PID:8280
- C:\Windows\System\abzrrLy.exe
  C:\Windows\System\abzrrLy.exe
  2⤵
  PID:8296
- C:\Windows\System\VyOFGqY.exe
  C:\Windows\System\VyOFGqY.exe
  2⤵
  PID:8312
- C:\Windows\System\MLvqQoS.exe
  C:\Windows\System\MLvqQoS.exe
  2⤵
  PID:8328
- C:\Windows\System\dECKKUA.exe
  C:\Windows\System\dECKKUA.exe
  2⤵
  PID:8348
- C:\Windows\System\LsZNWUT.exe
  C:\Windows\System\LsZNWUT.exe
  2⤵
  PID:8364
- C:\Windows\System\DRcBOSg.exe
  C:\Windows\System\DRcBOSg.exe
  2⤵
  PID:8380
- C:\Windows\System\rGHZIFN.exe
  C:\Windows\System\rGHZIFN.exe
  2⤵
  PID:8396
- C:\Windows\System\nJWLyNU.exe
  C:\Windows\System\nJWLyNU.exe
  2⤵
  PID:8416
- C:\Windows\System\pRFwwNK.exe
  C:\Windows\System\pRFwwNK.exe
  2⤵
  PID:8432
- C:\Windows\System\pDNdNqS.exe
  C:\Windows\System\pDNdNqS.exe
  2⤵
  PID:8448
- C:\Windows\System\nFiFrKd.exe
  C:\Windows\System\nFiFrKd.exe
  2⤵
  PID:8468
- C:\Windows\System\dwdReMZ.exe
  C:\Windows\System\dwdReMZ.exe
  2⤵
  PID:8488
- C:\Windows\System\dJkRXtL.exe
  C:\Windows\System\dJkRXtL.exe
  2⤵
  PID:8512
- C:\Windows\System\CKJvHGg.exe
  C:\Windows\System\CKJvHGg.exe
  2⤵
  PID:8532
- C:\Windows\System\jWcttdn.exe
  C:\Windows\System\jWcttdn.exe
  2⤵
  PID:8552
- C:\Windows\System\fPsFUrh.exe
  C:\Windows\System\fPsFUrh.exe
  2⤵
  PID:8572
- C:\Windows\System\FkabTmn.exe
  C:\Windows\System\FkabTmn.exe
  2⤵
  PID:8588
- C:\Windows\System\ajsVoIo.exe
  C:\Windows\System\ajsVoIo.exe
  2⤵
  PID:8604
- C:\Windows\System\TQKmHuq.exe
  C:\Windows\System\TQKmHuq.exe
  2⤵
  PID:8620
- C:\Windows\System\RBoVJzw.exe
  C:\Windows\System\RBoVJzw.exe
  2⤵
  PID:8644
- C:\Windows\System\FsVMvWI.exe
  C:\Windows\System\FsVMvWI.exe
  2⤵
  PID:8660
- C:\Windows\System\qfvPcrD.exe
  C:\Windows\System\qfvPcrD.exe
  2⤵
  PID:8680
- C:\Windows\System\oDTqWAX.exe
  C:\Windows\System\oDTqWAX.exe
  2⤵
  PID:8700
- C:\Windows\System\afJDLeL.exe
  C:\Windows\System\afJDLeL.exe
  2⤵
  PID:8732
- C:\Windows\System\QapfBIb.exe
  C:\Windows\System\QapfBIb.exe
  2⤵
  PID:8752
- C:\Windows\System\xdTWfhr.exe
  C:\Windows\System\xdTWfhr.exe
  2⤵
  PID:8772
- C:\Windows\System\kejmZEW.exe
  C:\Windows\System\kejmZEW.exe
  2⤵
  PID:8792
- C:\Windows\System\kTSrAWa.exe
  C:\Windows\System\kTSrAWa.exe
  2⤵
  PID:8808
- C:\Windows\System\quUzTur.exe
  C:\Windows\System\quUzTur.exe
  2⤵
  PID:8824
- C:\Windows\System\WRbdEpA.exe
  C:\Windows\System\WRbdEpA.exe
  2⤵
  PID:8840
- C:\Windows\System\TmpCQSJ.exe
  C:\Windows\System\TmpCQSJ.exe
  2⤵
  PID:8856
- C:\Windows\System\YHjCKbe.exe
  C:\Windows\System\YHjCKbe.exe
  2⤵
  PID:8872
- C:\Windows\System\twWVtWR.exe
  C:\Windows\System\twWVtWR.exe
  2⤵
  PID:8888
- C:\Windows\System\pGPvCaE.exe
  C:\Windows\System\pGPvCaE.exe
  2⤵
  PID:8904
- C:\Windows\System\YBeJTta.exe
  C:\Windows\System\YBeJTta.exe
  2⤵
  PID:8920
- C:\Windows\System\qbvwZhb.exe
  C:\Windows\System\qbvwZhb.exe
  2⤵
  PID:8968
- C:\Windows\System\JArYowP.exe
  C:\Windows\System\JArYowP.exe
  2⤵
  PID:8992
- C:\Windows\System\CbUxfnM.exe
  C:\Windows\System\CbUxfnM.exe
  2⤵
  PID:9008
- C:\Windows\System\NSxIKDj.exe
  C:\Windows\System\NSxIKDj.exe
  2⤵
  PID:9024
- C:\Windows\System\LiJLRzP.exe
  C:\Windows\System\LiJLRzP.exe
  2⤵
  PID:9040
- C:\Windows\System\YpUwNDc.exe
  C:\Windows\System\YpUwNDc.exe
  2⤵
  PID:9064
- C:\Windows\System\xCtAMFB.exe
  C:\Windows\System\xCtAMFB.exe
  2⤵
  PID:9084
- C:\Windows\System\cQQwwXy.exe
  C:\Windows\System\cQQwwXy.exe
  2⤵
  PID:9100
- C:\Windows\System\asUcoYV.exe
  C:\Windows\System\asUcoYV.exe
  2⤵
  PID:9116
- C:\Windows\System\SlKGEyh.exe
  C:\Windows\System\SlKGEyh.exe
  2⤵
  PID:9132
- C:\Windows\System\MkAjzpg.exe
  C:\Windows\System\MkAjzpg.exe
  2⤵
  PID:9148
- C:\Windows\System\xnZXBco.exe
  C:\Windows\System\xnZXBco.exe
  2⤵
  PID:9164
- C:\Windows\System\dScaCuw.exe
  C:\Windows\System\dScaCuw.exe
  2⤵
  PID:9180
- C:\Windows\System\xvfrojW.exe
  C:\Windows\System\xvfrojW.exe
  2⤵
  PID:9196
- C:\Windows\System\TTDOfQN.exe
  C:\Windows\System\TTDOfQN.exe
  2⤵
  PID:8196
- C:\Windows\System\yqqUFwN.exe
  C:\Windows\System\yqqUFwN.exe
  2⤵
  PID:8200
- C:\Windows\System\IhQfrwq.exe
  C:\Windows\System\IhQfrwq.exe
  2⤵
  PID:2648
- C:\Windows\System\udoKajl.exe
  C:\Windows\System\udoKajl.exe
  2⤵
  PID:7392
- C:\Windows\System\cYAoZgz.exe
  C:\Windows\System\cYAoZgz.exe
  2⤵
  PID:876
- C:\Windows\System\QLnofqO.exe
  C:\Windows\System\QLnofqO.exe
  2⤵
  PID:8308
- C:\Windows\System\WCBrTfj.exe
  C:\Windows\System\WCBrTfj.exe
  2⤵
  PID:8376
- C:\Windows\System\ZWGjOyP.exe
  C:\Windows\System\ZWGjOyP.exe
  2⤵
  PID:8404
- C:\Windows\System\CVRWoaG.exe
  C:\Windows\System\CVRWoaG.exe
  2⤵
  PID:8440
- C:\Windows\System\bQJpQIC.exe
  C:\Windows\System\bQJpQIC.exe
  2⤵
  PID:8480
- C:\Windows\System\ijmaAHD.exe
  C:\Windows\System\ijmaAHD.exe
  2⤵
  PID:8520
- C:\Windows\System\wvfiXVF.exe
  C:\Windows\System\wvfiXVF.exe
  2⤵
  PID:8632
- C:\Windows\System\AWpaWsl.exe
  C:\Windows\System\AWpaWsl.exe
  2⤵
  PID:8676
- C:\Windows\System\oBtSQgs.exe
  C:\Windows\System\oBtSQgs.exe
  2⤵
  PID:8712
- C:\Windows\System\uTqCFLy.exe
  C:\Windows\System\uTqCFLy.exe
  2⤵
  PID:8424
- C:\Windows\System\pBOPKKP.exe
  C:\Windows\System\pBOPKKP.exe
  2⤵
  PID:8292
- C:\Windows\System\jVrhuxJ.exe
  C:\Windows\System\jVrhuxJ.exe
  2⤵
  PID:8428
- C:\Windows\System\AYVxYYF.exe
  C:\Windows\System\AYVxYYF.exe
  2⤵
  PID:8508
- C:\Windows\System\htDMUnf.exe
  C:\Windows\System\htDMUnf.exe
  2⤵
  PID:8580
- C:\Windows\System\bjExBmK.exe
  C:\Windows\System\bjExBmK.exe
  2⤵
  PID:8652
- C:\Windows\System\CjuiLfX.exe
  C:\Windows\System\CjuiLfX.exe
  2⤵
  PID:8260
- C:\Windows\System\yFRMwzi.exe
  C:\Windows\System\yFRMwzi.exe
  2⤵
  PID:8724
- C:\Windows\System\PwvzHIl.exe
  C:\Windows\System\PwvzHIl.exe
  2⤵
  PID:8764
- C:\Windows\System\NnEUfbm.exe
  C:\Windows\System\NnEUfbm.exe
  2⤵
  PID:8788
- C:\Windows\System\GiPTGTM.exe
  C:\Windows\System\GiPTGTM.exe
  2⤵
  PID:8836
- C:\Windows\System\YsUvhdz.exe
  C:\Windows\System\YsUvhdz.exe
  2⤵
  PID:8848
- C:\Windows\System\BuOFrrj.exe
  C:\Windows\System\BuOFrrj.exe
  2⤵
  PID:8880
- C:\Windows\System\fNqGdDI.exe
  C:\Windows\System\fNqGdDI.exe
  2⤵
  PID:9000
- C:\Windows\System\VQzMVDq.exe
  C:\Windows\System\VQzMVDq.exe
  2⤵
  PID:8960
- C:\Windows\System\wZPFZPl.exe
  C:\Windows\System\wZPFZPl.exe
  2⤵
  PID:8980
- C:\Windows\System\QnOhXkr.exe
  C:\Windows\System\QnOhXkr.exe
  2⤵
  PID:9016
- C:\Windows\System\xkgYzXo.exe
  C:\Windows\System\xkgYzXo.exe
  2⤵
  PID:9056
- C:\Windows\System\NrCRYJt.exe
  C:\Windows\System\NrCRYJt.exe
  2⤵
  PID:8896
- C:\Windows\System\aBrBILZ.exe
  C:\Windows\System\aBrBILZ.exe
  2⤵
  PID:9080
- C:\Windows\System\HFxFZBe.exe
  C:\Windows\System\HFxFZBe.exe
  2⤵
  PID:9160
- C:\Windows\System\mnxnFgn.exe
  C:\Windows\System\mnxnFgn.exe
  2⤵
  PID:9156
- C:\Windows\System\YuEZbWk.exe
  C:\Windows\System\YuEZbWk.exe
  2⤵
  PID:9212
- C:\Windows\System\nvrtqkE.exe
  C:\Windows\System\nvrtqkE.exe
  2⤵
  PID:8304
- C:\Windows\System\zgKZTIQ.exe
  C:\Windows\System\zgKZTIQ.exe
  2⤵
  PID:9144
- C:\Windows\System\XXcFulx.exe
  C:\Windows\System\XXcFulx.exe
  2⤵
  PID:9176
- C:\Windows\System\yQeYKig.exe
  C:\Windows\System\yQeYKig.exe
  2⤵
  PID:8412
- C:\Windows\System\HEYGbaJ.exe
  C:\Windows\System\HEYGbaJ.exe
  2⤵
  PID:8668
- C:\Windows\System\xsMWDSb.exe
  C:\Windows\System\xsMWDSb.exe
  2⤵
  PID:8360
- C:\Windows\System\LZlXKJa.exe
  C:\Windows\System\LZlXKJa.exe
  2⤵
  PID:8688
- C:\Windows\System\TzsGfXf.exe
  C:\Windows\System\TzsGfXf.exe
  2⤵
  PID:8340
- C:\Windows\System\QUkhOBt.exe
  C:\Windows\System\QUkhOBt.exe
  2⤵
  PID:8564
- C:\Windows\System\emXJFEM.exe
  C:\Windows\System\emXJFEM.exe
  2⤵
  PID:8460
- C:\Windows\System\lwndcHN.exe
  C:\Windows\System\lwndcHN.exe
  2⤵
  PID:8696
- C:\Windows\System\epFhGTP.exe
  C:\Windows\System\epFhGTP.exe
  2⤵
  PID:8612
- C:\Windows\System\AkUGbtB.exe
  C:\Windows\System\AkUGbtB.exe
  2⤵
  PID:8816
- C:\Windows\System\RIFggxQ.exe
  C:\Windows\System\RIFggxQ.exe
  2⤵
  PID:8720
- C:\Windows\System\JoDoNDQ.exe
  C:\Windows\System\JoDoNDQ.exe
  2⤵
  PID:8928
- C:\Windows\System\KKAFlxB.exe
  C:\Windows\System\KKAFlxB.exe
  2⤵
  PID:8528
- C:\Windows\System\oZjNXSO.exe
  C:\Windows\System\oZjNXSO.exe
  2⤵
  PID:8976
- C:\Windows\System\XHVYCDp.exe
  C:\Windows\System\XHVYCDp.exe
  2⤵
  PID:9124
- C:\Windows\System\kSXSdNx.exe
  C:\Windows\System\kSXSdNx.exe
  2⤵
  PID:8548
- C:\Windows\System\NDePHBf.exe
  C:\Windows\System\NDePHBf.exe
  2⤵
  PID:9048
- C:\Windows\System\aYYVgcb.exe
  C:\Windows\System\aYYVgcb.exe
  2⤵
  PID:8276
- C:\Windows\System\oLzgQaH.exe
  C:\Windows\System\oLzgQaH.exe
  2⤵
  PID:8272
- C:\Windows\System\bvoYTkP.exe
  C:\Windows\System\bvoYTkP.exe
  2⤵
  PID:8800
- C:\Windows\System\iRBtZSb.exe
  C:\Windows\System\iRBtZSb.exe
  2⤵
  PID:9032
- C:\Windows\System\YgvfQpp.exe
  C:\Windows\System\YgvfQpp.exe
  2⤵
  PID:8832
- C:\Windows\System\nOAiXNt.exe
  C:\Windows\System\nOAiXNt.exe
  2⤵
  PID:8748
- C:\Windows\System\cNDknWD.exe
  C:\Windows\System\cNDknWD.exe
  2⤵
  PID:8336
- C:\Windows\System\ieJYHyQ.exe
  C:\Windows\System\ieJYHyQ.exe
  2⤵
  PID:8640
- C:\Windows\System\gqKVnBy.exe
  C:\Windows\System\gqKVnBy.exe
  2⤵
  PID:8084
- C:\Windows\System\XRqOETE.exe
  C:\Windows\System\XRqOETE.exe
  2⤵
  PID:8984
- C:\Windows\System\IwKcmOj.exe
  C:\Windows\System\IwKcmOj.exe
  2⤵
  PID:8568
- C:\Windows\System\PFnxGgi.exe
  C:\Windows\System\PFnxGgi.exe
  2⤵
  PID:8288
- C:\Windows\System\TjDRPOp.exe
  C:\Windows\System\TjDRPOp.exe
  2⤵
  PID:8964
- C:\Windows\System\heiVXRV.exe
  C:\Windows\System\heiVXRV.exe
  2⤵
  PID:9072
- C:\Windows\System\cLNPswy.exe
  C:\Windows\System\cLNPswy.exe
  2⤵
  PID:9128
- C:\Windows\System\hKmoiib.exe
  C:\Windows\System\hKmoiib.exe
  2⤵
  PID:9224
- C:\Windows\System\PfDtRYf.exe
  C:\Windows\System\PfDtRYf.exe
  2⤵
  PID:9252
- C:\Windows\System\YKuuKyX.exe
  C:\Windows\System\YKuuKyX.exe
  2⤵
  PID:9268
- C:\Windows\System\gxPgjrI.exe
  C:\Windows\System\gxPgjrI.exe
  2⤵
  PID:9292
- C:\Windows\System\kolkleh.exe
  C:\Windows\System\kolkleh.exe
  2⤵
  PID:9336
- C:\Windows\System\PiHtadM.exe
  C:\Windows\System\PiHtadM.exe
  2⤵
  PID:9360
- C:\Windows\System\pKLEuuX.exe
  C:\Windows\System\pKLEuuX.exe
  2⤵
  PID:9388
- C:\Windows\System\bsKvMyu.exe
  C:\Windows\System\bsKvMyu.exe
  2⤵
  PID:9404
- C:\Windows\System\cjBmXnh.exe
  C:\Windows\System\cjBmXnh.exe
  2⤵
  PID:9424
- C:\Windows\System\zGKoMUs.exe
  C:\Windows\System\zGKoMUs.exe
  2⤵
  PID:9456
- C:\Windows\System\chGqtMe.exe
  C:\Windows\System\chGqtMe.exe
  2⤵
  PID:9476
- C:\Windows\System\QLbwjvG.exe
  C:\Windows\System\QLbwjvG.exe
  2⤵
  PID:9500
- C:\Windows\System\jvbaTzz.exe
  C:\Windows\System\jvbaTzz.exe
  2⤵
  PID:9528
- C:\Windows\System\gDEzSfj.exe
  C:\Windows\System\gDEzSfj.exe
  2⤵
  PID:9552
- C:\Windows\System\NYnFoEs.exe
  C:\Windows\System\NYnFoEs.exe
  2⤵
  PID:9588
- C:\Windows\System\dMwBchN.exe
  C:\Windows\System\dMwBchN.exe
  2⤵
  PID:9632
- C:\Windows\System\IlvncBh.exe
  C:\Windows\System\IlvncBh.exe
  2⤵
  PID:9692
- C:\Windows\System\zUezXkn.exe
  C:\Windows\System\zUezXkn.exe
  2⤵
  PID:9720
- C:\Windows\System\SyEFWgx.exe
  C:\Windows\System\SyEFWgx.exe
  2⤵
  PID:9764
- C:\Windows\System\EhjRYhe.exe
  C:\Windows\System\EhjRYhe.exe
  2⤵
  PID:9800
- C:\Windows\System\igMnfHG.exe
  C:\Windows\System\igMnfHG.exe
  2⤵
  PID:9876
- C:\Windows\System\VUYFrTp.exe
  C:\Windows\System\VUYFrTp.exe
  2⤵
  PID:9904
- C:\Windows\System\TMLIHYC.exe
  C:\Windows\System\TMLIHYC.exe
  2⤵
  PID:9940
- C:\Windows\System\BJuypll.exe
  C:\Windows\System\BJuypll.exe
  2⤵
  PID:9968
- C:\Windows\System\zGJTRcV.exe
  C:\Windows\System\zGJTRcV.exe
  2⤵
  PID:9984
- C:\Windows\System\jfvHmga.exe
  C:\Windows\System\jfvHmga.exe
  2⤵
  PID:10008
- C:\Windows\System\aEDivmq.exe
  C:\Windows\System\aEDivmq.exe
  2⤵
  PID:10024
- C:\Windows\System\VaVdENX.exe
  C:\Windows\System\VaVdENX.exe
  2⤵
  PID:10044
- C:\Windows\System\lQRxOoq.exe
  C:\Windows\System\lQRxOoq.exe
  2⤵
  PID:10060
- C:\Windows\System\qTPAHZg.exe
  C:\Windows\System\qTPAHZg.exe
  2⤵
  PID:10088
- C:\Windows\System\NTLNjqC.exe
  C:\Windows\System\NTLNjqC.exe
  2⤵
  PID:10112
- C:\Windows\System\mjzsonZ.exe
  C:\Windows\System\mjzsonZ.exe
  2⤵
  PID:10132
- C:\Windows\System\PzeyIFw.exe
  C:\Windows\System\PzeyIFw.exe
  2⤵
  PID:10152
- C:\Windows\System\PEjBJVk.exe
  C:\Windows\System\PEjBJVk.exe
  2⤵
  PID:10168
- C:\Windows\System\JdSydrD.exe
  C:\Windows\System\JdSydrD.exe
  2⤵
  PID:10184
- C:\Windows\System\VTltakJ.exe
  C:\Windows\System\VTltakJ.exe
  2⤵
  PID:10208
- C:\Windows\System\rXwFSoA.exe
  C:\Windows\System\rXwFSoA.exe
  2⤵
  PID:10228
- C:\Windows\System\lvpYXld.exe
  C:\Windows\System\lvpYXld.exe
  2⤵
  PID:8740
- C:\Windows\System\nHWHQdz.exe
  C:\Windows\System\nHWHQdz.exe
  2⤵
  PID:9220
- C:\Windows\System\ykKWtuM.exe
  C:\Windows\System\ykKWtuM.exe
  2⤵
  PID:9236
- C:\Windows\System\YjPVdlp.exe
  C:\Windows\System\YjPVdlp.exe
  2⤵
  PID:9280
- C:\Windows\System\pJliIBN.exe
  C:\Windows\System\pJliIBN.exe
  2⤵
  PID:9324
- C:\Windows\System\dQlpOek.exe
  C:\Windows\System\dQlpOek.exe
  2⤵
  PID:9288
- C:\Windows\System\Qdzeduf.exe
  C:\Windows\System\Qdzeduf.exe
  2⤵
  PID:9368
- C:\Windows\System\MbaBMAc.exe
  C:\Windows\System\MbaBMAc.exe
  2⤵
  PID:9352
- C:\Windows\System\KUrOKWA.exe
  C:\Windows\System\KUrOKWA.exe
  2⤵
  PID:9396
- C:\Windows\System\EatYnKY.exe
  C:\Windows\System\EatYnKY.exe
  2⤵
  PID:9472
- C:\Windows\System\gzEBnky.exe
  C:\Windows\System\gzEBnky.exe
  2⤵
  PID:9488
- C:\Windows\System\YgtaFCM.exe
  C:\Windows\System\YgtaFCM.exe
  2⤵
  PID:9452
- C:\Windows\System\qlTpoAN.exe
  C:\Windows\System\qlTpoAN.exe
  2⤵
  PID:9536
- C:\Windows\System\bNkxyGM.exe
  C:\Windows\System\bNkxyGM.exe
  2⤵
  PID:9580
- C:\Windows\System\GLwktaO.exe
  C:\Windows\System\GLwktaO.exe
  2⤵
  PID:9564
- C:\Windows\System\ugKOvqX.exe
  C:\Windows\System\ugKOvqX.exe
  2⤵
  PID:9612
- C:\Windows\System\TImIFDN.exe
  C:\Windows\System\TImIFDN.exe
  2⤵
  PID:9664
- C:\Windows\System\HUDotXy.exe
  C:\Windows\System\HUDotXy.exe
  2⤵
  PID:9680
- C:\Windows\System\KbZyBUT.exe
  C:\Windows\System\KbZyBUT.exe
  2⤵
  PID:9704
- C:\Windows\System\cZdcVmV.exe
  C:\Windows\System\cZdcVmV.exe
  2⤵
  PID:9716
- C:\Windows\System\wwZwgeT.exe
  C:\Windows\System\wwZwgeT.exe
  2⤵
  PID:9748
- C:\Windows\System\dEsZwIa.exe
  C:\Windows\System\dEsZwIa.exe
  2⤵
  PID:9736
- C:\Windows\System\NxcFvNu.exe
  C:\Windows\System\NxcFvNu.exe
  2⤵
  PID:9780
- C:\Windows\System\VfdJPsD.exe
  C:\Windows\System\VfdJPsD.exe
  2⤵
  PID:9808
- C:\Windows\System\STwriIT.exe
  C:\Windows\System\STwriIT.exe
  2⤵
  PID:9828
- C:\Windows\System\PvuDXvj.exe
  C:\Windows\System\PvuDXvj.exe
  2⤵
  PID:9884
- C:\Windows\System\nvBdTPw.exe
  C:\Windows\System\nvBdTPw.exe
  2⤵
  PID:9844
- C:\Windows\System\Uzpzisr.exe
  C:\Windows\System\Uzpzisr.exe
  2⤵
  PID:9872
- C:\Windows\System\oIczxpl.exe
  C:\Windows\System\oIczxpl.exe
  2⤵
  PID:9932
- C:\Windows\System\jVHKvan.exe
  C:\Windows\System\jVHKvan.exe
  2⤵
  PID:9912
- C:\Windows\System\CFeUnuA.exe
  C:\Windows\System\CFeUnuA.exe
  2⤵
  PID:9952
- C:\Windows\System\jLcMETW.exe
  C:\Windows\System\jLcMETW.exe
  2⤵
  PID:10000
- C:\Windows\System\maahNQv.exe
  C:\Windows\System\maahNQv.exe
  2⤵
  PID:10084
- C:\Windows\System\zUIproJ.exe
  C:\Windows\System\zUIproJ.exe
  2⤵
  PID:10108
- C:\Windows\System\hqEAMDF.exe
  C:\Windows\System\hqEAMDF.exe
  2⤵
  PID:10124
- C:\Windows\System\alcszWZ.exe
  C:\Windows\System\alcszWZ.exe
  2⤵
  PID:10180
- C:\Windows\System\TKjVpPJ.exe
  C:\Windows\System\TKjVpPJ.exe
  2⤵
  PID:10204
- C:\Windows\System\XViOoCE.exe
  C:\Windows\System\XViOoCE.exe
  2⤵
  PID:9244
- C:\Windows\System\QxMZKcD.exe
  C:\Windows\System\QxMZKcD.exe
  2⤵
  PID:8600
- C:\Windows\System\uVORQHU.exe
  C:\Windows\System\uVORQHU.exe
  2⤵
  PID:9300
- C:\Windows\System\uWVnGIv.exe
  C:\Windows\System\uWVnGIv.exe
  2⤵
  PID:9384
- C:\Windows\System\eKeLFvr.exe
  C:\Windows\System\eKeLFvr.exe
  2⤵
  PID:9444
- C:\Windows\System\ahmbfGb.exe
  C:\Windows\System\ahmbfGb.exe
  2⤵
  PID:9508
- C:\Windows\System\FYojhdm.exe
  C:\Windows\System\FYojhdm.exe
  2⤵
  PID:9520
- C:\Windows\System\oLnKOSH.exe
  C:\Windows\System\oLnKOSH.exe
  2⤵
  PID:9572
- C:\Windows\System\zTLLYHx.exe
  C:\Windows\System\zTLLYHx.exe
  2⤵
  PID:9596
- C:\Windows\System\WkvmvTp.exe
  C:\Windows\System\WkvmvTp.exe
  2⤵
  PID:9656
- C:\Windows\System\JNYmFTS.exe
  C:\Windows\System\JNYmFTS.exe
  2⤵
  PID:9640
- C:\Windows\System\aShvXUR.exe
  C:\Windows\System\aShvXUR.exe
  2⤵
  PID:9744
- C:\Windows\System\waruKsG.exe
  C:\Windows\System\waruKsG.exe
  2⤵
  PID:9824
- C:\Windows\System\KpiAupU.exe
  C:\Windows\System\KpiAupU.exe
  2⤵
  PID:9924
- C:\Windows\System\OdpQIEM.exe
  C:\Windows\System\OdpQIEM.exe
  2⤵
  PID:9848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATaGkOp.exe

Filesize
5.9MB

MD5
74dc2ed24ea14dbfa825fd791d5c3d4e

SHA1
b9d808ec33c565304ff83783c694c92c241afd70

SHA256
5c79b2c52bca054c8bcd2bdbf075fe6754db89a7182f070b656a88400d7e5f15

SHA512
4f32c311b0452b548b1f0b5a779d44f8a5380374b857c6a61b1673b528404fd5561710ac93566e9676088870b8936146d08c3a8e491cfafebef7dd1eb22e4b62

Download Submit
C:\Windows\system\BcfWAsg.exe

Filesize
5.9MB

MD5
264a029609d9f434e27126ae8d0aab50

SHA1
4f49747eab8d5c4a1184aac3f124638b54c091db

SHA256
a6d8bee961dc7138d62373b3be875010dedc0879545715a47d4e1e62733ec31a

SHA512
cdf2d34fe58d981e46821798f376f3e44d87b9a7390999956f2b649029c197328a578280d63f0341c335f41d31e2af4c0b533aa84e92777579f278137d70271d

Download Submit
C:\Windows\system\CdDnsAC.exe

Filesize
5.9MB

MD5
cfaf856f4ed4369e620c0cf5f3d6cc24

SHA1
e8895a4466b4f6164c331757c12690e400b23cb3

SHA256
70bdfa57dc1749799429daf6e1a31d0dcb69fd2d54db03d748e38362f4ef8f33

SHA512
5124dfc2fe1638792ab44c54e507941189a9f67896af83ae0f764db5e1b2f59ae87fcdce2aa69ddcd25af8b92476a30e30b9dd3ed9bcca894c9e2a7e29bc5a4d

Download Submit
C:\Windows\system\FfapINd.exe

Filesize
5.9MB

MD5
e03a78690adc320981b0f5716a389f3d

SHA1
69691c0727fed56d21259f3bc5ef6fbde27745ac

SHA256
3564622594d837837a16f1e2e222819ea1f2389ae715ed42f2458eecef66b586

SHA512
b0c68fc728dc2640e546813d3804fdc9ddd122879955430f5f046f52feed6d82d1e9075d7bae72be7b07bfbaf46c7dbba2660c73735352377dab98283c147e86

Download Submit
C:\Windows\system\GtQcYOP.exe

Filesize
5.9MB

MD5
46929a78daa769f33a6e53aa9cf6bc4a

SHA1
53c5b82fbe3926bfcfa1fd2c48baf898169079bb

SHA256
164bebbf4199cefa9962afc8807d0813977e11a660429145ac128c3ba564f402

SHA512
ec93022434f592b7ef89de3a003a67d5e46f241d01d79e4fcf2c57dca7356be9e57b6b7b0323d752683107eccd32e4bb96e5b6168c1759723790dcdd54619f74

Download Submit
C:\Windows\system\HWzZIPn.exe

Filesize
5.9MB

MD5
986938b26a841cae748873f03f20ee78

SHA1
b5fde979ccb5ccd0269f2905dfef93f61e51418f

SHA256
7110b0b66a028ca2687651e8d8b5f0ccc5cfed06f96f9a02d1166d38f85240a1

SHA512
827d5db1f1ddc036b0915d6d62f9b80e1f5f9b63d5436d1a53bb93d838092dd6f0b6089bbee7b784b36d78450c2d765b1086bbf2a86eeb67dd49e1d85a1046c0

Download Submit
C:\Windows\system\IPSdjDO.exe

Filesize
5.9MB

MD5
2fb84896813458d9186bf34ea408b954

SHA1
638a66dbee5b5e91ad61467aed99eddd1c49852e

SHA256
571c02961ace3f8bfa0151acae2f388dc1adf7e2241e0b7d4d4672d68a0e9065

SHA512
0427cbe000cbd391c40ab350c0980846e4a80dce17b20330d83b34cb8900895f0bef3c2d469a768921e138f264444daa548589e8b8801ea923ef5900cda4a9e3

Download Submit
C:\Windows\system\IqJyWvj.exe

Filesize
5.9MB

MD5
3f5c21fa0efe362665c9841a998b33c9

SHA1
e5143e9396d48ef29dd8e74ce220601bcad61840

SHA256
113e5ff38ded96934632d62a672abb299da9aedd64987fb014b1d8d34bf94215

SHA512
4727fc7ebae1e0751819e93c05f4e200482a62074c7a3cfad3c0438b04b57d52500c0b5c5b84e34c67c18c158a774b39a295c8b86d5b28c77eb2c2ae0915c8bd

Download Submit
C:\Windows\system\NCBXceB.exe

Filesize
5.9MB

MD5
8cb6a2a0415432cad39f1fbee698d937

SHA1
49b2c5136d64c829be2bd3355ac8e2654f145de7

SHA256
78e9b4f69c68d793f56f5bffd95c97820009dc5f2266e9f17b1ac6c53285ac2c

SHA512
05bb76989f01e381d8c1a2aec55270c8c5b958047c23755aa974035d40f4649eae7568bbb66e3977cf1755f9c695b4ae9c8195c2d464a23416e3e495fcc05657

Download Submit
C:\Windows\system\OGjcEsD.exe

Filesize
5.9MB

MD5
b1b816f2acbf38fd90d1d25b0552f599

SHA1
5b7ced46e1e7673e190943f8ea1d2c17b7d5e599

SHA256
4b849b6134c03b69c1205b9fff35a9b801c64344aaa1c51445bcc0ba8d7c2e11

SHA512
82670120a745d8221248b5702b25306143b8d3b67fe35eebc18b464cde55abbd2aa41a473337f312553287074a7dd1eb1bdafb076f003ffff89e73d3a590bb20

Download Submit
C:\Windows\system\Ojfptkx.exe

Filesize
5.9MB

MD5
5551f3ade03da50d5ec98146fda7ea74

SHA1
d1404a9bd46557a23c35c2274188ab0706dbfc6d

SHA256
f47548951fe3ad73c91c334d961f4d41a897b3ff296dcc4e36e001e928ce21cb

SHA512
583e5b7e0e5fee8fb6f8f45316f124fb22985e349ca4edc9c1385b70071f53d03a88d566eb2b8d5226ef47ecbb70cb36119e6d0c947fcf46207d62e30e92ebc9

Download Submit
C:\Windows\system\SBLIijz.exe

Filesize
5.9MB

MD5
2e662d938f6f7bcba9a4a83737923bd4

SHA1
9e954352a6cf812c24345e2d12a9af643aa092f6

SHA256
a1a51d8f78c092bb0767946f12642deb4a79e484fb1e36c2b413c47376750b9f

SHA512
3212e1b92880c55088b8633a72a6f470c4888e25374cf7575e4c3a4a09ff667a8ededd77c8e4f7108500ec7691576a6b896bbff553692136d3d8794a0858e503

Download Submit
C:\Windows\system\SGCSuUI.exe

Filesize
5.9MB

MD5
72c0401bf1ec5d77a6853eb2806a28e5

SHA1
acca824c5cffbc862d11fad04cb70a681b6f37a9

SHA256
166c704cb793260365cedb71624bc616f08105fdabd57b87f8a118324ddf45f1

SHA512
e5c09cb2285bc7b1dfdf235796a549a5e2783e82239159053b50e05b0091707f58f36c566419fd31f3c8fa33d62d7f4365123804cab0484fec7cc510d1de89e8

Download Submit
C:\Windows\system\TXRhfjv.exe

Filesize
5.9MB

MD5
e921d59fc1cc6e5daffc5b78e19f1f31

SHA1
6dda136d986656548036ff3ba4d38f2b4600ab0c

SHA256
51f0f1e1cd708c3d1720c775145ac6b096450077913c87962d9d1e315b094d60

SHA512
751fadc9099b73507c2957e645c075301e94d369a2b10c699cc1d8c5bcf465761a5b1b98744ceb31ade05fc6b7bd662a9cb30ab4283436020ce2391e2b6f9b5f

Download Submit
C:\Windows\system\TXnzgLb.exe

Filesize
5.9MB

MD5
87ec24ffc5be9f8f9b8ce9ed49f3fa48

SHA1
b2a25db3f147b7a887adcb3088a1e6f290d4c2ef

SHA256
eaa60a54cf1b4c701a8baf078b4560f69ff1fb05af5d89a3c109d66644dcb9aa

SHA512
0d4cdbec12e8d8e9f7a354de996603ab0e4d386df3f42bb3e1af4349a8cc5d3960e4fc1a3dc864d501b47cf904b450a9e24715c852511ac648f443ed5381513f

Download Submit
C:\Windows\system\UKaMZYG.exe

Filesize
5.9MB

MD5
4e0a13565ca050cf3e1d004c2537482b

SHA1
cde1466034acced064ce45fb2ecdab809a969f8c

SHA256
01621c45fdaf197b0e0c8b27498e83fa94f6bda90fc0b0fbe8d86ac7d663a9ef

SHA512
ec0f0c1f633a6e27083b808400508babc7a3bd45e91dd937323986151ce74cb2ecec05c9e2d167530e6e31183f270f6f387e1e72af961e7be989ff847c12d874

Download Submit
C:\Windows\system\UVOVfrZ.exe

Filesize
5.9MB

MD5
584a7239bbd77f8321058933f4bba6bf

SHA1
ba0e36ae63684dae141af4fa34f50ef0803d1035

SHA256
8037bb953fe1efe4a3f5c92057b2d9e7bc2e8ed214dec2df992f33642ca42afe

SHA512
fb891f28aac1ea198e317ff35f597fc305732e414d16407a2340d1d39afce57215e7b804bca9638f4309c4c416f6fbbef05d4a0983e2e6fafb9f6491dbe65987

Download Submit
C:\Windows\system\eCjBqNH.exe

Filesize
5.9MB

MD5
ff447807d2e8e58de90899712b019f83

SHA1
b032209c950f0d769fca5ceb0e5eeb3233d6182c

SHA256
c9f1adfddaf8e0ceb053293a6a954414965c3856577722a4a8900e5c09cc3751

SHA512
ab3f2a3c62c50a21e3004a99a1343d96dfa73ca657320a2daeb785d3004f1db03148d9625cbe3eeb811c5d821458a79b4b1b0aaee5a3544d7c0d8310d6a3685c

Download Submit
C:\Windows\system\evKIvFa.exe

Filesize
5.9MB

MD5
c0eceb778988a156988a288473badd2b

SHA1
67edb1c61d402df0b85b51ec038b6371c31aad78

SHA256
720866ff1e56c3b8d24d690e11a055296148f43e4e5a23c842572c32b682cf2b

SHA512
e3eb6dfe04affd95e19fd3aaed61c989c5f5033b250df84b3e417239011dbebb0a1ae4e29c9ef9dd03a645816b997942f3de85b1008d5e42eb90fc8ecd684e8e

Download Submit
C:\Windows\system\gWUiOjn.exe

Filesize
5.9MB

MD5
50c3b3646ce73f60d5c678366eaf6a4b

SHA1
1a9bd5144d8755d0d3f4d6f7867efdd9481bbf45

SHA256
773fef660f895c3a208b659fb6168ac54268450def8736b7d4b09aa5cc1e78df

SHA512
4b00f5278f0c25d620de121af3062309e6e6188a4344d754f9fc5ed06d9e8de4a1cf4b20e58d6d2dd2c6442e95097faeca78dd768d0f9c55df870ec3fe5d79f8

Download Submit
C:\Windows\system\jVdxnKz.exe

Filesize
5.9MB

MD5
18914652fc6e7ea16c3c999417c8b710

SHA1
e4ef9e92115858bfff6e589c6ad6d6793df78a20

SHA256
93716d4c66aefddd432bfb093821e5f337c40660647c6a2bd4f3b9c3b7e0681a

SHA512
2ffadb77bd0c59b3c4ea27e72c8fb6ed1c0a1eae23022d5df2be6a08c95f1b77ff362088e5f787364e6274c4020af955fa92aba4ea10bc488c65642ea6b0e4c3

Download Submit
C:\Windows\system\jqjHhsH.exe

Filesize
5.9MB

MD5
c24075930f20f84dfbe60bfe57382d0f

SHA1
987310d33599226c84454911fb2a5d45ee9f92e3

SHA256
b4a0c23e55c61cd0a27b93b8410f4b3561c19a04b710609708060645a83452be

SHA512
ac317bc440fec17c75855195f85a75919c4d6bb1b133175d6ea214937f12007e911df881b135680ec40307bf77cc16d82f7e88f784f597c74d5c7bb6444bd187

Download Submit
C:\Windows\system\kGfuKqb.exe

Filesize
5.9MB

MD5
5cdc052acc2c57f4572e1d3f2a89f2f1

SHA1
fbfdf768fbac15de27e9e170e7888cfdcdf42a75

SHA256
df6da1087be6c742011077a86e57f326be5d959f4e7aa28f6bc0da88ac9e3163

SHA512
6a126f09cc7714858409b9e89312471e68906ab175cd1d6b11dbdf964f0a97f39d8b81e66509a6b10b8344117a2d4c591a31dada815ebb48847bb39dc8563e88

Download Submit
C:\Windows\system\mNKDmTp.exe

Filesize
5.9MB

MD5
69802fa1f7bfee4429fbea19f1f5f734

SHA1
bf49d2b0f1e3b59389a1128526dba2d889967c83

SHA256
3a651f08347abe2449806bbece779e35d441f2b1ff7237a10da8155ca6f4e7df

SHA512
d091a04afbe1d39fc8edb3e43340b7bdd3ef827c3cd45254cf015d81e9fb5998d37598b186c35aafc69e5ba7bc2799b418158c2667fa42a7e995cf575e7f43eb

Download Submit
C:\Windows\system\ogwHKDW.exe

Filesize
5.9MB

MD5
2688da2c10799035e5b122d786916728

SHA1
1490f9cb9a5a30c14b810a8847daeb27e7d158f0

SHA256
9c6b9f3c98e00f7c2957c047164bd846c7691cbb7769a6a32a247cadc8ec9ce3

SHA512
b1d1ff0f1bd34527538cfba5d1e59a1d810de3876025d237242affae6ab40a5dc31efa0419ca7d7d526507a59a35606c799e4c74a1087adac216746900a5a4d6

Download Submit
C:\Windows\system\priFjnk.exe

Filesize
5.9MB

MD5
c21dcf29aca5c641e8fd67c8af7908e7

SHA1
a3025bdcfc091ff62dba4086661e7d65018694a6

SHA256
9d9cf88c66e65de837cd831cac28248063b9bbe27701f318fc6457bc8be9827d

SHA512
c8081a8ce1dd80a568c0b35827e35ef5e11f43f2c5e12e06d3468946211e179f8fa2ae2f04af83243e6b1a1f79bcdbec847e46224f1833bc6af88555740d2f20

Download Submit
C:\Windows\system\prjirFF.exe

Filesize
5.9MB

MD5
e2c517879ba104eb51d84993be3427e1

SHA1
b2d888af572cd93881b06104cf3779973f7a0641

SHA256
e43e456f45ed7076df62c0c461b06cef17af85b8827cc2f3b94900cc5446b77b

SHA512
cccb4cf09a27b6667158b307908653c59ec88d76bb4e2cd254bc6c77993344f9a701f3dae4f7db48f64ca033470bf8f73cf67c99f703c719253dc1f5592ec391

Download Submit
C:\Windows\system\tbhmNTY.exe

Filesize
5.9MB

MD5
744c4388ef5f4064559ba154c203318c

SHA1
74bc1acf230c6dcbb815c537726432ec1a58897a

SHA256
7e1348b4f62074f6191a1fda9020311aedece5109888a31f6cdcaf054f1b19d3

SHA512
0ea2427af6c60565610d1918a7ca6154a294cbcf17cbc65fcf0946cc909e4e14c4a4da94e359cff254dd37df0697fc0faf0aadf73b2d7662ff4d44a26899b6dc

Download Submit
C:\Windows\system\yQJiahu.exe

Filesize
5.9MB

MD5
18b82ea45f1011b4498aabbf6aa858b3

SHA1
30638cdb9c34a87e00404c885876aa0e848b2452

SHA256
e34c77403f37e28db929101c8e7038d20de0d8fd459e28ea4e42d94301a92d40

SHA512
80b13fc588a7c399b1b0540bb5efaabaab824b66a694a691fe74271b4e73d8b6395e374de1eaa16cf9804e3713c8086161c8700345a764f722af528885d28543

Download Submit
C:\Windows\system\zOuKtQU.exe

Filesize
5.9MB

MD5
5744c6331b119bfacff5b1bbad02284b

SHA1
9efa8ea81a323de034156e83cd78466037462cb3

SHA256
c3e51ab35f0075bace65b98fd1408dc545ab15995fd1badb58280d1da98caa91

SHA512
f3dbd9eb826628143a236f2d252fc8b878af0892beac0307ab2cdc8a79528734237ba3492ba14dc8b95956160843f2620038f34e27f20000d7ba529d6eac78a2

Download Submit
\Windows\system\YeSMnPX.exe

Filesize
5.9MB

MD5
ca246db970e68cde7ae3e0fc44738803

SHA1
f532504643ea38d33cc8ba4a772055d777fe6678

SHA256
3bfe73a242c41838fc6595148efab91ccdc14d4a533d256f2f82dd3a0b6d5c01

SHA512
a11724c157d66f6b1ed827ea37ccdb63d4b00cb445af5582155de80da7bc56f754147dcadeadd6310769ab11b4d87334df7f0b4682b96a5a1822e4de4499c170

Download Submit
\Windows\system\xOUZlhS.exe

Filesize
5.9MB

MD5
7a05ea8718d528988c5854039cf6e21f

SHA1
ac9cb0cceefd0723d7f0d7d4929059c1119b79b9

SHA256
8d26bbf36b0af33bc7577d059be404b9e7957d7ea350f9f797607687fe2ef0cc

SHA512
aba80274eb1441cd6555f3472ab862c09317d8223dca3aecd43c0e6fc6dbf7e8a467a0fb9127c3751b5596890ed848f91022fc21625ed4e0a79960a959b7c318

Download Submit
memory/296-109-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/296-66-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/296-20-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/296-874-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/296-330-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/296-0-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/296-110-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/296-101-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/296-72-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/296-81-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/296-83-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/296-57-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/296-1031-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/296-16-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/296-41-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/296-33-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/296-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/296-40-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/296-50-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/296-27-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/620-100-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/620-58-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/620-3130-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1380-659-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1380-95-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1380-3225-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1620-102-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1620-875-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3186-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1976-82-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3141-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2064-70-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3139-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-89-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3171-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-42-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3108-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3069-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-22-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3070-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-8-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-52-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3071-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-17-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-65-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3104-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2828-28-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3112-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2836-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2836-34-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2984-90-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3174-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3060-51-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3109-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download