cobaltstrike | ce617030c6716c95749fa3d577dd0ab7e7a7865ed7665919f38fcfb31582a715

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

1756a224c565630a120116c3317592eb
SHA1

55f5a9b8a71ada0cf652d23818dd2e44cbdd94de
SHA256

ce617030c6716c95749fa3d577dd0ab7e7a7865ed7665919f38fcfb31582a715
SHA512

3be0a8c50f2864ddbe20eeefc5a2390d19ab7ce14aedf318d62e14636038a961810aced4d409d5c88d0f74752c9d1827449e1353fe9ca3c995dcdd8fe4f9287f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUc:T+q56utgpPF8u/7c

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d88-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d90-12.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000015d48-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015df1-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f38-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e4f-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015f4e-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-106.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-138.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-118.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-74.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f6-3.dat	xmrig
behavioral1/memory/2816-9-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d88-10.dat	xmrig
behavioral1/files/0x0008000000015d90-12.dat	xmrig
behavioral1/memory/2812-18-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2804-21-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2316-20-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0036000000015d48-23.dat	xmrig
behavioral1/memory/2780-28-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0008000000015da1-29.dat	xmrig
behavioral1/memory/2316-38-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015df1-35.dat	xmrig
behavioral1/memory/2608-49-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f38-50.dat	xmrig
behavioral1/memory/2812-48-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e4f-47.dat	xmrig
behavioral1/memory/2788-46-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2724-43-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-62.dat	xmrig
behavioral1/files/0x0009000000015f4e-59.dat	xmrig
behavioral1/files/0x0006000000016d68-70.dat	xmrig
behavioral1/files/0x0006000000016d4c-66.dat	xmrig
behavioral1/files/0x0006000000016d73-78.dat	xmrig
behavioral1/files/0x0006000000016dd5-82.dat	xmrig
behavioral1/files/0x0006000000016de9-90.dat	xmrig
behavioral1/files/0x0006000000016df5-94.dat	xmrig
behavioral1/files/0x0006000000016edc-102.dat	xmrig
behavioral1/files/0x0006000000016f02-106.dat	xmrig
behavioral1/files/0x00060000000174b4-114.dat	xmrig
behavioral1/files/0x0006000000017570-122.dat	xmrig
behavioral1/files/0x000500000001871c-150.dat	xmrig
behavioral1/memory/2804-832-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001870c-146.dat	xmrig
behavioral1/files/0x0005000000018706-142.dat	xmrig
behavioral1/files/0x0005000000018697-138.dat	xmrig
behavioral1/files/0x000d000000018683-134.dat	xmrig
behavioral1/files/0x00060000000175f7-130.dat	xmrig
behavioral1/files/0x00060000000175f1-126.dat	xmrig
behavioral1/files/0x00060000000174f8-118.dat	xmrig
behavioral1/files/0x000600000001707f-110.dat	xmrig
behavioral1/files/0x0006000000016df8-98.dat	xmrig
behavioral1/files/0x0006000000016dd9-86.dat	xmrig
behavioral1/files/0x0006000000016d6f-74.dat	xmrig
behavioral1/memory/2816-3978-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2812-3998-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1948-3999-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1956-4000-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2804-4003-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2688-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/3020-4005-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2780-4006-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2180-4008-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1932-4010-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2316-4014-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2608-4016-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1948-4025-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2180-4027-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2688-4026-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1932-4028-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1956-4029-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/3020-4030-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2816	gdbUqUL.exe
2812	YXtxDKf.exe
2804	blqlLOu.exe
2780	neIWwML.exe
2724	Ldnooqr.exe
2788	EmRRSpe.exe
2608	mlkAQVw.exe
1948	LSmpxJf.exe
1956	NRwWBAI.exe
2688	GtUpdKK.exe
3020	VfQzIJe.exe
2180	dIRiVye.exe
1932	APTpdVF.exe
2448	HPbJhdH.exe
1032	RBDhJQM.exe
1672	QNPgtip.exe
1716	RHTdugj.exe
112	bhAdrAj.exe
2764	cXWcKkB.exe
1524	VjVJLxi.exe
824	azNODZU.exe
1268	sGZjTLD.exe
1740	aVCKPTh.exe
2004	rfFQqHb.exe
2888	aVdjYjB.exe
1360	XZkmsoo.exe
1256	XVVxJaV.exe
1248	qatmtav.exe
2980	sTnNHNL.exe
1560	jLdbUjl.exe
2416	NSgJEAT.exe
1920	pawjnLp.exe
2300	DpPgZHc.exe
1916	HRcrLlP.exe
2064	OjKPVUD.exe
2216	omcyzKF.exe
1308	GnBXiOz.exe
796	AhSpaVD.exe
1152	dooWJGe.exe
1384	yveskzp.exe
1820	iyxVaIy.exe
900	zwkXWcF.exe
444	smWbuKP.exe
1960	LZbXvhm.exe
2188	MGRbSsu.exe
2164	WkRyWok.exe
980	hyjcBEm.exe
1516	QoObRQL.exe
1352	bqjbKaq.exe
1328	SWeILLV.exe
1396	sWtkneZ.exe
856	KiZcTnE.exe
1616	AaYfyCV.exe
1160	nMxdUut.exe
1536	xpGgwOm.exe
844	ucQRyMv.exe
2016	huACXab.exe
604	GsxWBWX.exe
1372	xMQLXKC.exe
2020	RGKOnsD.exe
1336	FBXwNEm.exe
1652	Viuhtkp.exe
1340	numuwYD.exe
1976	pKlBRhB.exe

Loads dropped DLL 64 IoCs

pid	Process
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00080000000120f6-3.dat	upx
behavioral1/memory/2816-9-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x0008000000015d88-10.dat	upx
behavioral1/files/0x0008000000015d90-12.dat	upx
behavioral1/memory/2812-18-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2804-21-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0036000000015d48-23.dat	upx
behavioral1/memory/2780-28-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0008000000015da1-29.dat	upx
behavioral1/memory/2316-38-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0007000000015df1-35.dat	upx
behavioral1/memory/2608-49-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0007000000015f38-50.dat	upx
behavioral1/memory/2812-48-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000015e4f-47.dat	upx
behavioral1/memory/2788-46-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2724-43-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-62.dat	upx
behavioral1/files/0x0009000000015f4e-59.dat	upx
behavioral1/files/0x0006000000016d68-70.dat	upx
behavioral1/files/0x0006000000016d4c-66.dat	upx
behavioral1/files/0x0006000000016d73-78.dat	upx
behavioral1/files/0x0006000000016dd5-82.dat	upx
behavioral1/files/0x0006000000016de9-90.dat	upx
behavioral1/files/0x0006000000016df5-94.dat	upx
behavioral1/files/0x0006000000016edc-102.dat	upx
behavioral1/files/0x0006000000016f02-106.dat	upx
behavioral1/files/0x00060000000174b4-114.dat	upx
behavioral1/files/0x0006000000017570-122.dat	upx
behavioral1/files/0x000500000001871c-150.dat	upx
behavioral1/memory/2804-832-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001870c-146.dat	upx
behavioral1/files/0x0005000000018706-142.dat	upx
behavioral1/files/0x0005000000018697-138.dat	upx
behavioral1/files/0x000d000000018683-134.dat	upx
behavioral1/files/0x00060000000175f7-130.dat	upx
behavioral1/files/0x00060000000175f1-126.dat	upx
behavioral1/files/0x00060000000174f8-118.dat	upx
behavioral1/files/0x000600000001707f-110.dat	upx
behavioral1/files/0x0006000000016df8-98.dat	upx
behavioral1/files/0x0006000000016dd9-86.dat	upx
behavioral1/files/0x0006000000016d6f-74.dat	upx
behavioral1/memory/2816-3978-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2812-3998-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1948-3999-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1956-4000-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2804-4003-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2688-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/3020-4005-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2780-4006-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2180-4008-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1932-4010-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2608-4016-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1948-4025-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2180-4027-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2688-4026-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1932-4028-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1956-4029-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/3020-4030-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MsyIQXV.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ynxfJIf.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\knatmoQ.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AcpwWOf.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YhIbMFf.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ykksSby.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HuFgyWI.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LfDnygD.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iOnlrsr.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bKfSspy.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pLlbCHB.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GsxWBWX.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RnIGbja.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jrzAOme.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EXkkhWM.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cYWTjbK.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WvSxEUh.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OHyStGT.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aDcxYqV.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZjpZFkK.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xbdBLDv.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uBDgNPq.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cWuiJMh.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gPfJdKx.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZXzQsLT.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kklsIwy.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TVReECh.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JijuxPx.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gHoLfeE.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tzdURdi.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MpDmgat.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DNaqTsc.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HZvQlBz.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vZUkLZN.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DbIyzWn.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YtkKvEr.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vxbDRUC.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WwjAeiH.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FYJvJlK.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kwSKPjz.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dSkwLMw.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dulZxJS.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fuJyRQU.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gMODGPn.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XIpGSXv.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\edgfZUP.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WNYCEJm.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ICVyPSI.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VyVSCNn.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\udHyInl.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wGJvirr.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HlxglKT.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KTDARxr.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xkVXTiU.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eDnhjfl.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IBUgOVD.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JmHxOYX.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JGHPodx.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rflwpPy.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cWgERFU.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dooWJGe.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LZbXvhm.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MGRbSsu.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GeaBZck.exe	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2816	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2316 wrote to memory of 2816	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2316 wrote to memory of 2816	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2316 wrote to memory of 2812	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2316 wrote to memory of 2812	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2316 wrote to memory of 2812	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2316 wrote to memory of 2804	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2316 wrote to memory of 2804	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2316 wrote to memory of 2804	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2316 wrote to memory of 2780	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2316 wrote to memory of 2780	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2316 wrote to memory of 2780	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2316 wrote to memory of 2724	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2316 wrote to memory of 2724	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2316 wrote to memory of 2724	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2316 wrote to memory of 2788	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2316 wrote to memory of 2788	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2316 wrote to memory of 2788	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2316 wrote to memory of 2608	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2316 wrote to memory of 2608	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2316 wrote to memory of 2608	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2316 wrote to memory of 1948	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2316 wrote to memory of 1948	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2316 wrote to memory of 1948	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2316 wrote to memory of 1956	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2316 wrote to memory of 1956	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2316 wrote to memory of 1956	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2316 wrote to memory of 2688	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2316 wrote to memory of 2688	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2316 wrote to memory of 2688	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2316 wrote to memory of 3020	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2316 wrote to memory of 3020	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2316 wrote to memory of 3020	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2316 wrote to memory of 2180	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2316 wrote to memory of 2180	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2316 wrote to memory of 2180	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2316 wrote to memory of 1932	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2316 wrote to memory of 1932	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2316 wrote to memory of 1932	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2316 wrote to memory of 2448	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2316 wrote to memory of 2448	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2316 wrote to memory of 2448	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2316 wrote to memory of 1032	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2316 wrote to memory of 1032	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2316 wrote to memory of 1032	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2316 wrote to memory of 1672	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2316 wrote to memory of 1672	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2316 wrote to memory of 1672	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2316 wrote to memory of 1716	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2316 wrote to memory of 1716	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2316 wrote to memory of 1716	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2316 wrote to memory of 112	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2316 wrote to memory of 112	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2316 wrote to memory of 112	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2316 wrote to memory of 2764	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2316 wrote to memory of 2764	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2316 wrote to memory of 2764	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2316 wrote to memory of 1524	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2316 wrote to memory of 1524	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2316 wrote to memory of 1524	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2316 wrote to memory of 824	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2316 wrote to memory of 824	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2316 wrote to memory of 824	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2316 wrote to memory of 1268	2316	2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_1756a224c565630a120116c3317592eb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\System\gdbUqUL.exe
  C:\Windows\System\gdbUqUL.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\YXtxDKf.exe
  C:\Windows\System\YXtxDKf.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\blqlLOu.exe
  C:\Windows\System\blqlLOu.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\neIWwML.exe
  C:\Windows\System\neIWwML.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\Ldnooqr.exe
  C:\Windows\System\Ldnooqr.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EmRRSpe.exe
  C:\Windows\System\EmRRSpe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\mlkAQVw.exe
  C:\Windows\System\mlkAQVw.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\LSmpxJf.exe
  C:\Windows\System\LSmpxJf.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NRwWBAI.exe
  C:\Windows\System\NRwWBAI.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\GtUpdKK.exe
  C:\Windows\System\GtUpdKK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\VfQzIJe.exe
  C:\Windows\System\VfQzIJe.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\dIRiVye.exe
  C:\Windows\System\dIRiVye.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\APTpdVF.exe
  C:\Windows\System\APTpdVF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\HPbJhdH.exe
  C:\Windows\System\HPbJhdH.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\RBDhJQM.exe
  C:\Windows\System\RBDhJQM.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\QNPgtip.exe
  C:\Windows\System\QNPgtip.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\RHTdugj.exe
  C:\Windows\System\RHTdugj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\bhAdrAj.exe
  C:\Windows\System\bhAdrAj.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\cXWcKkB.exe
  C:\Windows\System\cXWcKkB.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\VjVJLxi.exe
  C:\Windows\System\VjVJLxi.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\azNODZU.exe
  C:\Windows\System\azNODZU.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\sGZjTLD.exe
  C:\Windows\System\sGZjTLD.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\aVCKPTh.exe
  C:\Windows\System\aVCKPTh.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rfFQqHb.exe
  C:\Windows\System\rfFQqHb.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\aVdjYjB.exe
  C:\Windows\System\aVdjYjB.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\XZkmsoo.exe
  C:\Windows\System\XZkmsoo.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\XVVxJaV.exe
  C:\Windows\System\XVVxJaV.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\qatmtav.exe
  C:\Windows\System\qatmtav.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\sTnNHNL.exe
  C:\Windows\System\sTnNHNL.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\jLdbUjl.exe
  C:\Windows\System\jLdbUjl.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\NSgJEAT.exe
  C:\Windows\System\NSgJEAT.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\pawjnLp.exe
  C:\Windows\System\pawjnLp.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\DpPgZHc.exe
  C:\Windows\System\DpPgZHc.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\HRcrLlP.exe
  C:\Windows\System\HRcrLlP.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\OjKPVUD.exe
  C:\Windows\System\OjKPVUD.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\omcyzKF.exe
  C:\Windows\System\omcyzKF.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\GnBXiOz.exe
  C:\Windows\System\GnBXiOz.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\AhSpaVD.exe
  C:\Windows\System\AhSpaVD.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\dooWJGe.exe
  C:\Windows\System\dooWJGe.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\yveskzp.exe
  C:\Windows\System\yveskzp.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\iyxVaIy.exe
  C:\Windows\System\iyxVaIy.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\zwkXWcF.exe
  C:\Windows\System\zwkXWcF.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\smWbuKP.exe
  C:\Windows\System\smWbuKP.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\LZbXvhm.exe
  C:\Windows\System\LZbXvhm.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\MGRbSsu.exe
  C:\Windows\System\MGRbSsu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\WkRyWok.exe
  C:\Windows\System\WkRyWok.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\hyjcBEm.exe
  C:\Windows\System\hyjcBEm.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\QoObRQL.exe
  C:\Windows\System\QoObRQL.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\bqjbKaq.exe
  C:\Windows\System\bqjbKaq.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\SWeILLV.exe
  C:\Windows\System\SWeILLV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\sWtkneZ.exe
  C:\Windows\System\sWtkneZ.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\KiZcTnE.exe
  C:\Windows\System\KiZcTnE.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\AaYfyCV.exe
  C:\Windows\System\AaYfyCV.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\nMxdUut.exe
  C:\Windows\System\nMxdUut.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\xpGgwOm.exe
  C:\Windows\System\xpGgwOm.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ucQRyMv.exe
  C:\Windows\System\ucQRyMv.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\huACXab.exe
  C:\Windows\System\huACXab.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\GsxWBWX.exe
  C:\Windows\System\GsxWBWX.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\xMQLXKC.exe
  C:\Windows\System\xMQLXKC.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\RGKOnsD.exe
  C:\Windows\System\RGKOnsD.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FBXwNEm.exe
  C:\Windows\System\FBXwNEm.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\Viuhtkp.exe
  C:\Windows\System\Viuhtkp.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\numuwYD.exe
  C:\Windows\System\numuwYD.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\pKlBRhB.exe
  C:\Windows\System\pKlBRhB.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\WEOZCJy.exe
  C:\Windows\System\WEOZCJy.exe
  2⤵
  PID:2540
- C:\Windows\System\cvtTykk.exe
  C:\Windows\System\cvtTykk.exe
  2⤵
  PID:2380
- C:\Windows\System\vZUkLZN.exe
  C:\Windows\System\vZUkLZN.exe
  2⤵
  PID:1752
- C:\Windows\System\cdoXgAp.exe
  C:\Windows\System\cdoXgAp.exe
  2⤵
  PID:2344
- C:\Windows\System\BQjTSGJ.exe
  C:\Windows\System\BQjTSGJ.exe
  2⤵
  PID:2696
- C:\Windows\System\UvTPndp.exe
  C:\Windows\System\UvTPndp.exe
  2⤵
  PID:2732
- C:\Windows\System\qQycCmW.exe
  C:\Windows\System\qQycCmW.exe
  2⤵
  PID:1576
- C:\Windows\System\pxSdVye.exe
  C:\Windows\System\pxSdVye.exe
  2⤵
  PID:2808
- C:\Windows\System\QvHsNEa.exe
  C:\Windows\System\QvHsNEa.exe
  2⤵
  PID:2692
- C:\Windows\System\SAvxoAt.exe
  C:\Windows\System\SAvxoAt.exe
  2⤵
  PID:2716
- C:\Windows\System\DPouXJi.exe
  C:\Windows\System\DPouXJi.exe
  2⤵
  PID:2080
- C:\Windows\System\LzExfOD.exe
  C:\Windows\System\LzExfOD.exe
  2⤵
  PID:2748
- C:\Windows\System\yhkMLAU.exe
  C:\Windows\System\yhkMLAU.exe
  2⤵
  PID:2636
- C:\Windows\System\UpvyNMg.exe
  C:\Windows\System\UpvyNMg.exe
  2⤵
  PID:2604
- C:\Windows\System\doXvcGI.exe
  C:\Windows\System\doXvcGI.exe
  2⤵
  PID:2232
- C:\Windows\System\iDcKDWQ.exe
  C:\Windows\System\iDcKDWQ.exe
  2⤵
  PID:1852
- C:\Windows\System\GKXdGZF.exe
  C:\Windows\System\GKXdGZF.exe
  2⤵
  PID:2088
- C:\Windows\System\yFjjenl.exe
  C:\Windows\System\yFjjenl.exe
  2⤵
  PID:2564
- C:\Windows\System\UFgJVCz.exe
  C:\Windows\System\UFgJVCz.exe
  2⤵
  PID:532
- C:\Windows\System\cTrMniR.exe
  C:\Windows\System\cTrMniR.exe
  2⤵
  PID:2072
- C:\Windows\System\tpnYWgP.exe
  C:\Windows\System\tpnYWgP.exe
  2⤵
  PID:1872
- C:\Windows\System\MjOAsvo.exe
  C:\Windows\System\MjOAsvo.exe
  2⤵
  PID:1996
- C:\Windows\System\fImdgJv.exe
  C:\Windows\System\fImdgJv.exe
  2⤵
  PID:2032
- C:\Windows\System\LXMUjln.exe
  C:\Windows\System\LXMUjln.exe
  2⤵
  PID:1108
- C:\Windows\System\qQepLoT.exe
  C:\Windows\System\qQepLoT.exe
  2⤵
  PID:2964
- C:\Windows\System\uFXLJnV.exe
  C:\Windows\System\uFXLJnV.exe
  2⤵
  PID:2244
- C:\Windows\System\tjJFSEM.exe
  C:\Windows\System\tjJFSEM.exe
  2⤵
  PID:2712
- C:\Windows\System\NVWyvrX.exe
  C:\Windows\System\NVWyvrX.exe
  2⤵
  PID:2248
- C:\Windows\System\yGfbxVw.exe
  C:\Windows\System\yGfbxVw.exe
  2⤵
  PID:1912
- C:\Windows\System\FCeVDzG.exe
  C:\Windows\System\FCeVDzG.exe
  2⤵
  PID:1232
- C:\Windows\System\RNAuueF.exe
  C:\Windows\System\RNAuueF.exe
  2⤵
  PID:1884
- C:\Windows\System\RIvYRDI.exe
  C:\Windows\System\RIvYRDI.exe
  2⤵
  PID:832
- C:\Windows\System\zuRZpmH.exe
  C:\Windows\System\zuRZpmH.exe
  2⤵
  PID:1136
- C:\Windows\System\LkIWBft.exe
  C:\Windows\System\LkIWBft.exe
  2⤵
  PID:600
- C:\Windows\System\xyvLlTO.exe
  C:\Windows\System\xyvLlTO.exe
  2⤵
  PID:1084
- C:\Windows\System\LfDnygD.exe
  C:\Windows\System\LfDnygD.exe
  2⤵
  PID:1144
- C:\Windows\System\knatmoQ.exe
  C:\Windows\System\knatmoQ.exe
  2⤵
  PID:1756
- C:\Windows\System\iUeLDVN.exe
  C:\Windows\System\iUeLDVN.exe
  2⤵
  PID:328
- C:\Windows\System\JdyEIIy.exe
  C:\Windows\System\JdyEIIy.exe
  2⤵
  PID:2236
- C:\Windows\System\TdaiAMR.exe
  C:\Windows\System\TdaiAMR.exe
  2⤵
  PID:1028
- C:\Windows\System\RcRFuom.exe
  C:\Windows\System\RcRFuom.exe
  2⤵
  PID:1456
- C:\Windows\System\gwQbior.exe
  C:\Windows\System\gwQbior.exe
  2⤵
  PID:552
- C:\Windows\System\jnPyscu.exe
  C:\Windows\System\jnPyscu.exe
  2⤵
  PID:2292
- C:\Windows\System\KTPVjhI.exe
  C:\Windows\System\KTPVjhI.exe
  2⤵
  PID:3004
- C:\Windows\System\SfqLDne.exe
  C:\Windows\System\SfqLDne.exe
  2⤵
  PID:1736
- C:\Windows\System\LOSqmTK.exe
  C:\Windows\System\LOSqmTK.exe
  2⤵
  PID:1252
- C:\Windows\System\HilmTNZ.exe
  C:\Windows\System\HilmTNZ.exe
  2⤵
  PID:2560
- C:\Windows\System\vHNxxKJ.exe
  C:\Windows\System\vHNxxKJ.exe
  2⤵
  PID:2024
- C:\Windows\System\zfAktOU.exe
  C:\Windows\System\zfAktOU.exe
  2⤵
  PID:2996
- C:\Windows\System\xdUOLKL.exe
  C:\Windows\System\xdUOLKL.exe
  2⤵
  PID:2828
- C:\Windows\System\cDrqGUD.exe
  C:\Windows\System\cDrqGUD.exe
  2⤵
  PID:2860
- C:\Windows\System\zFuvmnu.exe
  C:\Windows\System\zFuvmnu.exe
  2⤵
  PID:2756
- C:\Windows\System\EpYMWLi.exe
  C:\Windows\System\EpYMWLi.exe
  2⤵
  PID:2660
- C:\Windows\System\uzBPXWy.exe
  C:\Windows\System\uzBPXWy.exe
  2⤵
  PID:2104
- C:\Windows\System\GjCevhe.exe
  C:\Windows\System\GjCevhe.exe
  2⤵
  PID:568
- C:\Windows\System\aGnlbWg.exe
  C:\Windows\System\aGnlbWg.exe
  2⤵
  PID:1904
- C:\Windows\System\BMlOvAf.exe
  C:\Windows\System\BMlOvAf.exe
  2⤵
  PID:1864
- C:\Windows\System\XdRGQjX.exe
  C:\Windows\System\XdRGQjX.exe
  2⤵
  PID:2744
- C:\Windows\System\wudmfWL.exe
  C:\Windows\System\wudmfWL.exe
  2⤵
  PID:840
- C:\Windows\System\NlrsNid.exe
  C:\Windows\System\NlrsNid.exe
  2⤵
  PID:864
- C:\Windows\System\izjjTkr.exe
  C:\Windows\System\izjjTkr.exe
  2⤵
  PID:2488
- C:\Windows\System\fVoVRNn.exe
  C:\Windows\System\fVoVRNn.exe
  2⤵
  PID:2984
- C:\Windows\System\hXNfFoB.exe
  C:\Windows\System\hXNfFoB.exe
  2⤵
  PID:1804
- C:\Windows\System\OcJBNbb.exe
  C:\Windows\System\OcJBNbb.exe
  2⤵
  PID:2484
- C:\Windows\System\XrSbxDF.exe
  C:\Windows\System\XrSbxDF.exe
  2⤵
  PID:1600
- C:\Windows\System\bEMLIem.exe
  C:\Windows\System\bEMLIem.exe
  2⤵
  PID:2376
- C:\Windows\System\oyQqHoQ.exe
  C:\Windows\System\oyQqHoQ.exe
  2⤵
  PID:2532
- C:\Windows\System\ZjpZFkK.exe
  C:\Windows\System\ZjpZFkK.exe
  2⤵
  PID:1760
- C:\Windows\System\MkGhBpB.exe
  C:\Windows\System\MkGhBpB.exe
  2⤵
  PID:884
- C:\Windows\System\gbNOTfj.exe
  C:\Windows\System\gbNOTfj.exe
  2⤵
  PID:1548
- C:\Windows\System\Ttpgigr.exe
  C:\Windows\System\Ttpgigr.exe
  2⤵
  PID:2792
- C:\Windows\System\RnSbdbW.exe
  C:\Windows\System\RnSbdbW.exe
  2⤵
  PID:2584
- C:\Windows\System\jgPiyRI.exe
  C:\Windows\System\jgPiyRI.exe
  2⤵
  PID:3032
- C:\Windows\System\ssBwWlq.exe
  C:\Windows\System\ssBwWlq.exe
  2⤵
  PID:1876
- C:\Windows\System\ftrzXlY.exe
  C:\Windows\System\ftrzXlY.exe
  2⤵
  PID:2616
- C:\Windows\System\StJxDzK.exe
  C:\Windows\System\StJxDzK.exe
  2⤵
  PID:2976
- C:\Windows\System\TBVdEHN.exe
  C:\Windows\System\TBVdEHN.exe
  2⤵
  PID:2572
- C:\Windows\System\xrgsjzz.exe
  C:\Windows\System\xrgsjzz.exe
  2⤵
  PID:2600
- C:\Windows\System\dulZxJS.exe
  C:\Windows\System\dulZxJS.exe
  2⤵
  PID:1900
- C:\Windows\System\HLpPZOA.exe
  C:\Windows\System\HLpPZOA.exe
  2⤵
  PID:1924
- C:\Windows\System\oJfiXUq.exe
  C:\Windows\System\oJfiXUq.exe
  2⤵
  PID:2052
- C:\Windows\System\bXNjKSk.exe
  C:\Windows\System\bXNjKSk.exe
  2⤵
  PID:1556
- C:\Windows\System\iBZoEgR.exe
  C:\Windows\System\iBZoEgR.exe
  2⤵
  PID:2120
- C:\Windows\System\HfHLVJP.exe
  C:\Windows\System\HfHLVJP.exe
  2⤵
  PID:2852
- C:\Windows\System\CxLIQfr.exe
  C:\Windows\System\CxLIQfr.exe
  2⤵
  PID:2028
- C:\Windows\System\MXBaCCl.exe
  C:\Windows\System\MXBaCCl.exe
  2⤵
  PID:2912
- C:\Windows\System\BvOuIxU.exe
  C:\Windows\System\BvOuIxU.exe
  2⤵
  PID:1048
- C:\Windows\System\udHyInl.exe
  C:\Windows\System\udHyInl.exe
  2⤵
  PID:3088
- C:\Windows\System\OOrQgKU.exe
  C:\Windows\System\OOrQgKU.exe
  2⤵
  PID:3104
- C:\Windows\System\PfhTeag.exe
  C:\Windows\System\PfhTeag.exe
  2⤵
  PID:3120
- C:\Windows\System\VCAvIBk.exe
  C:\Windows\System\VCAvIBk.exe
  2⤵
  PID:3136
- C:\Windows\System\ARQKmCf.exe
  C:\Windows\System\ARQKmCf.exe
  2⤵
  PID:3152
- C:\Windows\System\ByiknQd.exe
  C:\Windows\System\ByiknQd.exe
  2⤵
  PID:3168
- C:\Windows\System\TtNjkAZ.exe
  C:\Windows\System\TtNjkAZ.exe
  2⤵
  PID:3184
- C:\Windows\System\ZziTZaq.exe
  C:\Windows\System\ZziTZaq.exe
  2⤵
  PID:3200
- C:\Windows\System\LjZHjjZ.exe
  C:\Windows\System\LjZHjjZ.exe
  2⤵
  PID:3216
- C:\Windows\System\qXrUXXc.exe
  C:\Windows\System\qXrUXXc.exe
  2⤵
  PID:3232
- C:\Windows\System\VQGnQxL.exe
  C:\Windows\System\VQGnQxL.exe
  2⤵
  PID:3248
- C:\Windows\System\VyvGJeq.exe
  C:\Windows\System\VyvGJeq.exe
  2⤵
  PID:3264
- C:\Windows\System\qinKuEz.exe
  C:\Windows\System\qinKuEz.exe
  2⤵
  PID:3280
- C:\Windows\System\csqnzQy.exe
  C:\Windows\System\csqnzQy.exe
  2⤵
  PID:3296
- C:\Windows\System\lujeFpm.exe
  C:\Windows\System\lujeFpm.exe
  2⤵
  PID:3312
- C:\Windows\System\KfGChHZ.exe
  C:\Windows\System\KfGChHZ.exe
  2⤵
  PID:3328
- C:\Windows\System\iFiZMJS.exe
  C:\Windows\System\iFiZMJS.exe
  2⤵
  PID:3344
- C:\Windows\System\gZFuBSB.exe
  C:\Windows\System\gZFuBSB.exe
  2⤵
  PID:3360
- C:\Windows\System\KJMBnTu.exe
  C:\Windows\System\KJMBnTu.exe
  2⤵
  PID:3376
- C:\Windows\System\IGrzhlq.exe
  C:\Windows\System\IGrzhlq.exe
  2⤵
  PID:3392
- C:\Windows\System\YRgjoMB.exe
  C:\Windows\System\YRgjoMB.exe
  2⤵
  PID:3408
- C:\Windows\System\GamBVeX.exe
  C:\Windows\System\GamBVeX.exe
  2⤵
  PID:3424
- C:\Windows\System\QAoWtkE.exe
  C:\Windows\System\QAoWtkE.exe
  2⤵
  PID:3440
- C:\Windows\System\xbdBLDv.exe
  C:\Windows\System\xbdBLDv.exe
  2⤵
  PID:3456
- C:\Windows\System\VTbFJMM.exe
  C:\Windows\System\VTbFJMM.exe
  2⤵
  PID:3472
- C:\Windows\System\WITZFrk.exe
  C:\Windows\System\WITZFrk.exe
  2⤵
  PID:3488
- C:\Windows\System\ZihMjMv.exe
  C:\Windows\System\ZihMjMv.exe
  2⤵
  PID:3504
- C:\Windows\System\RFEiwiK.exe
  C:\Windows\System\RFEiwiK.exe
  2⤵
  PID:3520
- C:\Windows\System\EGAbkpD.exe
  C:\Windows\System\EGAbkpD.exe
  2⤵
  PID:3536
- C:\Windows\System\WmaYDIN.exe
  C:\Windows\System\WmaYDIN.exe
  2⤵
  PID:3552
- C:\Windows\System\AxqpgrK.exe
  C:\Windows\System\AxqpgrK.exe
  2⤵
  PID:3568
- C:\Windows\System\fibNPNc.exe
  C:\Windows\System\fibNPNc.exe
  2⤵
  PID:3584
- C:\Windows\System\ITBhVMi.exe
  C:\Windows\System\ITBhVMi.exe
  2⤵
  PID:3600
- C:\Windows\System\VHzCWvK.exe
  C:\Windows\System\VHzCWvK.exe
  2⤵
  PID:3616
- C:\Windows\System\VARlvoM.exe
  C:\Windows\System\VARlvoM.exe
  2⤵
  PID:3632
- C:\Windows\System\pyVESip.exe
  C:\Windows\System\pyVESip.exe
  2⤵
  PID:3648
- C:\Windows\System\cgRKSqC.exe
  C:\Windows\System\cgRKSqC.exe
  2⤵
  PID:3664
- C:\Windows\System\oyCVuzi.exe
  C:\Windows\System\oyCVuzi.exe
  2⤵
  PID:3680
- C:\Windows\System\egbNUDA.exe
  C:\Windows\System\egbNUDA.exe
  2⤵
  PID:3696
- C:\Windows\System\THddLzO.exe
  C:\Windows\System\THddLzO.exe
  2⤵
  PID:3712
- C:\Windows\System\JAhXtFO.exe
  C:\Windows\System\JAhXtFO.exe
  2⤵
  PID:3728
- C:\Windows\System\sKwimPu.exe
  C:\Windows\System\sKwimPu.exe
  2⤵
  PID:3744
- C:\Windows\System\kvCaTDB.exe
  C:\Windows\System\kvCaTDB.exe
  2⤵
  PID:3760
- C:\Windows\System\wtLerbh.exe
  C:\Windows\System\wtLerbh.exe
  2⤵
  PID:3776
- C:\Windows\System\uBDgNPq.exe
  C:\Windows\System\uBDgNPq.exe
  2⤵
  PID:3792
- C:\Windows\System\RnIGbja.exe
  C:\Windows\System\RnIGbja.exe
  2⤵
  PID:3808
- C:\Windows\System\hUAZtns.exe
  C:\Windows\System\hUAZtns.exe
  2⤵
  PID:3824
- C:\Windows\System\fPqBAor.exe
  C:\Windows\System\fPqBAor.exe
  2⤵
  PID:3840
- C:\Windows\System\TxhcOgP.exe
  C:\Windows\System\TxhcOgP.exe
  2⤵
  PID:3856
- C:\Windows\System\iKkpCYo.exe
  C:\Windows\System\iKkpCYo.exe
  2⤵
  PID:3872
- C:\Windows\System\YyCqZNv.exe
  C:\Windows\System\YyCqZNv.exe
  2⤵
  PID:3888
- C:\Windows\System\WhpQrkK.exe
  C:\Windows\System\WhpQrkK.exe
  2⤵
  PID:3904
- C:\Windows\System\UbqiFiN.exe
  C:\Windows\System\UbqiFiN.exe
  2⤵
  PID:3920
- C:\Windows\System\OjMwhtO.exe
  C:\Windows\System\OjMwhtO.exe
  2⤵
  PID:3936
- C:\Windows\System\rFfLXFS.exe
  C:\Windows\System\rFfLXFS.exe
  2⤵
  PID:3952
- C:\Windows\System\tsXcIOc.exe
  C:\Windows\System\tsXcIOc.exe
  2⤵
  PID:3968
- C:\Windows\System\GYgyXKx.exe
  C:\Windows\System\GYgyXKx.exe
  2⤵
  PID:3984
- C:\Windows\System\FTpAukK.exe
  C:\Windows\System\FTpAukK.exe
  2⤵
  PID:4000
- C:\Windows\System\GeaBZck.exe
  C:\Windows\System\GeaBZck.exe
  2⤵
  PID:4016
- C:\Windows\System\zzGirmh.exe
  C:\Windows\System\zzGirmh.exe
  2⤵
  PID:4032
- C:\Windows\System\XznTuyo.exe
  C:\Windows\System\XznTuyo.exe
  2⤵
  PID:4048
- C:\Windows\System\xnvALGI.exe
  C:\Windows\System\xnvALGI.exe
  2⤵
  PID:4064
- C:\Windows\System\djRsWNQ.exe
  C:\Windows\System\djRsWNQ.exe
  2⤵
  PID:4080
- C:\Windows\System\mNcbeqU.exe
  C:\Windows\System\mNcbeqU.exe
  2⤵
  PID:892
- C:\Windows\System\jIUPZdP.exe
  C:\Windows\System\jIUPZdP.exe
  2⤵
  PID:3008
- C:\Windows\System\Dglroao.exe
  C:\Windows\System\Dglroao.exe
  2⤵
  PID:2624
- C:\Windows\System\nDmdXpr.exe
  C:\Windows\System\nDmdXpr.exe
  2⤵
  PID:2220
- C:\Windows\System\LnakmXc.exe
  C:\Windows\System\LnakmXc.exe
  2⤵
  PID:3080
- C:\Windows\System\owraIaR.exe
  C:\Windows\System\owraIaR.exe
  2⤵
  PID:3128
- C:\Windows\System\rYdDOwI.exe
  C:\Windows\System\rYdDOwI.exe
  2⤵
  PID:3144
- C:\Windows\System\OQkpknU.exe
  C:\Windows\System\OQkpknU.exe
  2⤵
  PID:3176
- C:\Windows\System\ZRgxrLL.exe
  C:\Windows\System\ZRgxrLL.exe
  2⤵
  PID:3224
- C:\Windows\System\snKZFSq.exe
  C:\Windows\System\snKZFSq.exe
  2⤵
  PID:3240
- C:\Windows\System\hHjmvSB.exe
  C:\Windows\System\hHjmvSB.exe
  2⤵
  PID:3288
- C:\Windows\System\JikvaOX.exe
  C:\Windows\System\JikvaOX.exe
  2⤵
  PID:3304
- C:\Windows\System\ooqoVkH.exe
  C:\Windows\System\ooqoVkH.exe
  2⤵
  PID:3336
- C:\Windows\System\ZuYsdBn.exe
  C:\Windows\System\ZuYsdBn.exe
  2⤵
  PID:3384
- C:\Windows\System\bvGzDtl.exe
  C:\Windows\System\bvGzDtl.exe
  2⤵
  PID:3400
- C:\Windows\System\PoxqvUD.exe
  C:\Windows\System\PoxqvUD.exe
  2⤵
  PID:3448
- C:\Windows\System\ygwdEQH.exe
  C:\Windows\System\ygwdEQH.exe
  2⤵
  PID:2844
- C:\Windows\System\gzEAVVb.exe
  C:\Windows\System\gzEAVVb.exe
  2⤵
  PID:3484
- C:\Windows\System\cqTLaBT.exe
  C:\Windows\System\cqTLaBT.exe
  2⤵
  PID:3500
- C:\Windows\System\rILuwxC.exe
  C:\Windows\System\rILuwxC.exe
  2⤵
  PID:3548
- C:\Windows\System\ouHmPmH.exe
  C:\Windows\System\ouHmPmH.exe
  2⤵
  PID:3580
- C:\Windows\System\fXHSrTe.exe
  C:\Windows\System\fXHSrTe.exe
  2⤵
  PID:3596
- C:\Windows\System\crZCaka.exe
  C:\Windows\System\crZCaka.exe
  2⤵
  PID:3644
- C:\Windows\System\dimbGOU.exe
  C:\Windows\System\dimbGOU.exe
  2⤵
  PID:3676
- C:\Windows\System\vqaERvw.exe
  C:\Windows\System\vqaERvw.exe
  2⤵
  PID:3692
- C:\Windows\System\lVknxxn.exe
  C:\Windows\System\lVknxxn.exe
  2⤵
  PID:3740
- C:\Windows\System\RkALfWE.exe
  C:\Windows\System\RkALfWE.exe
  2⤵
  PID:3756
- C:\Windows\System\LISDiCI.exe
  C:\Windows\System\LISDiCI.exe
  2⤵
  PID:3804
- C:\Windows\System\AuTqEkL.exe
  C:\Windows\System\AuTqEkL.exe
  2⤵
  PID:3820
- C:\Windows\System\KIsXnBM.exe
  C:\Windows\System\KIsXnBM.exe
  2⤵
  PID:3868
- C:\Windows\System\iYvHUEQ.exe
  C:\Windows\System\iYvHUEQ.exe
  2⤵
  PID:3900
- C:\Windows\System\vKMrECO.exe
  C:\Windows\System\vKMrECO.exe
  2⤵
  PID:3916
- C:\Windows\System\xcKQGcW.exe
  C:\Windows\System\xcKQGcW.exe
  2⤵
  PID:3948
- C:\Windows\System\HVCfqqp.exe
  C:\Windows\System\HVCfqqp.exe
  2⤵
  PID:3980
- C:\Windows\System\uEOoScI.exe
  C:\Windows\System\uEOoScI.exe
  2⤵
  PID:4028
- C:\Windows\System\RMjfSRq.exe
  C:\Windows\System\RMjfSRq.exe
  2⤵
  PID:4060
- C:\Windows\System\vYNsKZd.exe
  C:\Windows\System\vYNsKZd.exe
  2⤵
  PID:4076
- C:\Windows\System\sbphVXr.exe
  C:\Windows\System\sbphVXr.exe
  2⤵
  PID:1816
- C:\Windows\System\RXASgmd.exe
  C:\Windows\System\RXASgmd.exe
  2⤵
  PID:1552
- C:\Windows\System\QGUasGN.exe
  C:\Windows\System\QGUasGN.exe
  2⤵
  PID:3100
- C:\Windows\System\hDvYQnV.exe
  C:\Windows\System\hDvYQnV.exe
  2⤵
  PID:3164
- C:\Windows\System\DdkgxCi.exe
  C:\Windows\System\DdkgxCi.exe
  2⤵
  PID:3244
- C:\Windows\System\ewihxQb.exe
  C:\Windows\System\ewihxQb.exe
  2⤵
  PID:3276
- C:\Windows\System\zUEcOIF.exe
  C:\Windows\System\zUEcOIF.exe
  2⤵
  PID:3368
- C:\Windows\System\eyeNzBm.exe
  C:\Windows\System\eyeNzBm.exe
  2⤵
  PID:3452
- C:\Windows\System\AWrfbve.exe
  C:\Windows\System\AWrfbve.exe
  2⤵
  PID:3512
- C:\Windows\System\JGRxSxs.exe
  C:\Windows\System\JGRxSxs.exe
  2⤵
  PID:3560
- C:\Windows\System\hnFltsE.exe
  C:\Windows\System\hnFltsE.exe
  2⤵
  PID:3608
- C:\Windows\System\HLoWlOX.exe
  C:\Windows\System\HLoWlOX.exe
  2⤵
  PID:3688
- C:\Windows\System\YyXQCRG.exe
  C:\Windows\System\YyXQCRG.exe
  2⤵
  PID:3752
- C:\Windows\System\FGSMlUY.exe
  C:\Windows\System\FGSMlUY.exe
  2⤵
  PID:3816
- C:\Windows\System\pWriYSi.exe
  C:\Windows\System\pWriYSi.exe
  2⤵
  PID:3880
- C:\Windows\System\myyimri.exe
  C:\Windows\System\myyimri.exe
  2⤵
  PID:3944
- C:\Windows\System\HdNDpLv.exe
  C:\Windows\System\HdNDpLv.exe
  2⤵
  PID:4008
- C:\Windows\System\XqnfvXZ.exe
  C:\Windows\System\XqnfvXZ.exe
  2⤵
  PID:4072
- C:\Windows\System\cWuiJMh.exe
  C:\Windows\System\cWuiJMh.exe
  2⤵
  PID:2588
- C:\Windows\System\iqXYyBk.exe
  C:\Windows\System\iqXYyBk.exe
  2⤵
  PID:3148
- C:\Windows\System\KTDARxr.exe
  C:\Windows\System\KTDARxr.exe
  2⤵
  PID:3212
- C:\Windows\System\nZcmcaK.exe
  C:\Windows\System\nZcmcaK.exe
  2⤵
  PID:2752
- C:\Windows\System\IjyWhaS.exe
  C:\Windows\System\IjyWhaS.exe
  2⤵
  PID:3404
- C:\Windows\System\xyxGeXG.exe
  C:\Windows\System\xyxGeXG.exe
  2⤵
  PID:3576
- C:\Windows\System\WadbElk.exe
  C:\Windows\System\WadbElk.exe
  2⤵
  PID:3656
- C:\Windows\System\myGiCoC.exe
  C:\Windows\System\myGiCoC.exe
  2⤵
  PID:3896
- C:\Windows\System\GHVbJPj.exe
  C:\Windows\System\GHVbJPj.exe
  2⤵
  PID:2700
- C:\Windows\System\kPDwZRj.exe
  C:\Windows\System\kPDwZRj.exe
  2⤵
  PID:3976
- C:\Windows\System\yxxSner.exe
  C:\Windows\System\yxxSner.exe
  2⤵
  PID:2868
- C:\Windows\System\fuJyRQU.exe
  C:\Windows\System\fuJyRQU.exe
  2⤵
  PID:3132
- C:\Windows\System\gUGKwDg.exe
  C:\Windows\System\gUGKwDg.exe
  2⤵
  PID:3352
- C:\Windows\System\vhTLAIq.exe
  C:\Windows\System\vhTLAIq.exe
  2⤵
  PID:3592
- C:\Windows\System\cePPIAj.exe
  C:\Windows\System\cePPIAj.exe
  2⤵
  PID:4104
- C:\Windows\System\WsSFQyg.exe
  C:\Windows\System\WsSFQyg.exe
  2⤵
  PID:4120
- C:\Windows\System\QqxdiUa.exe
  C:\Windows\System\QqxdiUa.exe
  2⤵
  PID:4136
- C:\Windows\System\pDYIXbm.exe
  C:\Windows\System\pDYIXbm.exe
  2⤵
  PID:4152
- C:\Windows\System\WeehrBV.exe
  C:\Windows\System\WeehrBV.exe
  2⤵
  PID:4168
- C:\Windows\System\djUSVmq.exe
  C:\Windows\System\djUSVmq.exe
  2⤵
  PID:4184
- C:\Windows\System\XxByBTr.exe
  C:\Windows\System\XxByBTr.exe
  2⤵
  PID:4200
- C:\Windows\System\VjQIRiW.exe
  C:\Windows\System\VjQIRiW.exe
  2⤵
  PID:4216
- C:\Windows\System\FZmQWga.exe
  C:\Windows\System\FZmQWga.exe
  2⤵
  PID:4232
- C:\Windows\System\nEhlcpV.exe
  C:\Windows\System\nEhlcpV.exe
  2⤵
  PID:4248
- C:\Windows\System\mZImuwK.exe
  C:\Windows\System\mZImuwK.exe
  2⤵
  PID:4264
- C:\Windows\System\jFSpuCE.exe
  C:\Windows\System\jFSpuCE.exe
  2⤵
  PID:4280
- C:\Windows\System\biiRtaC.exe
  C:\Windows\System\biiRtaC.exe
  2⤵
  PID:4296
- C:\Windows\System\PGKttTI.exe
  C:\Windows\System\PGKttTI.exe
  2⤵
  PID:4312
- C:\Windows\System\SMtBlnP.exe
  C:\Windows\System\SMtBlnP.exe
  2⤵
  PID:4328
- C:\Windows\System\NoGwFrZ.exe
  C:\Windows\System\NoGwFrZ.exe
  2⤵
  PID:4344
- C:\Windows\System\BQiFUxZ.exe
  C:\Windows\System\BQiFUxZ.exe
  2⤵
  PID:4360
- C:\Windows\System\YhDqMiF.exe
  C:\Windows\System\YhDqMiF.exe
  2⤵
  PID:4376
- C:\Windows\System\LbWImic.exe
  C:\Windows\System\LbWImic.exe
  2⤵
  PID:4392
- C:\Windows\System\VuFUugw.exe
  C:\Windows\System\VuFUugw.exe
  2⤵
  PID:4408
- C:\Windows\System\fpsUlSE.exe
  C:\Windows\System\fpsUlSE.exe
  2⤵
  PID:4424
- C:\Windows\System\xMNCAjb.exe
  C:\Windows\System\xMNCAjb.exe
  2⤵
  PID:4440
- C:\Windows\System\cgZeOgS.exe
  C:\Windows\System\cgZeOgS.exe
  2⤵
  PID:4456
- C:\Windows\System\SXCXrIw.exe
  C:\Windows\System\SXCXrIw.exe
  2⤵
  PID:4472
- C:\Windows\System\npUHoiD.exe
  C:\Windows\System\npUHoiD.exe
  2⤵
  PID:4488
- C:\Windows\System\oELwokV.exe
  C:\Windows\System\oELwokV.exe
  2⤵
  PID:4504
- C:\Windows\System\FsknqaQ.exe
  C:\Windows\System\FsknqaQ.exe
  2⤵
  PID:4520
- C:\Windows\System\mBxkvPH.exe
  C:\Windows\System\mBxkvPH.exe
  2⤵
  PID:4536
- C:\Windows\System\FZacjTV.exe
  C:\Windows\System\FZacjTV.exe
  2⤵
  PID:4552
- C:\Windows\System\uaWWtqJ.exe
  C:\Windows\System\uaWWtqJ.exe
  2⤵
  PID:4568
- C:\Windows\System\AOdzNtu.exe
  C:\Windows\System\AOdzNtu.exe
  2⤵
  PID:4584
- C:\Windows\System\RbTTKHB.exe
  C:\Windows\System\RbTTKHB.exe
  2⤵
  PID:4600
- C:\Windows\System\HRVheyW.exe
  C:\Windows\System\HRVheyW.exe
  2⤵
  PID:4616
- C:\Windows\System\HKddHJu.exe
  C:\Windows\System\HKddHJu.exe
  2⤵
  PID:4632
- C:\Windows\System\aQdIzgQ.exe
  C:\Windows\System\aQdIzgQ.exe
  2⤵
  PID:4648
- C:\Windows\System\UixTvZI.exe
  C:\Windows\System\UixTvZI.exe
  2⤵
  PID:4664
- C:\Windows\System\ydeUNDb.exe
  C:\Windows\System\ydeUNDb.exe
  2⤵
  PID:4680
- C:\Windows\System\fJGdSPO.exe
  C:\Windows\System\fJGdSPO.exe
  2⤵
  PID:4696
- C:\Windows\System\QqQsZFu.exe
  C:\Windows\System\QqQsZFu.exe
  2⤵
  PID:4712
- C:\Windows\System\GgESDbN.exe
  C:\Windows\System\GgESDbN.exe
  2⤵
  PID:4728
- C:\Windows\System\NXDHPVc.exe
  C:\Windows\System\NXDHPVc.exe
  2⤵
  PID:4744
- C:\Windows\System\fgdHFTL.exe
  C:\Windows\System\fgdHFTL.exe
  2⤵
  PID:4760
- C:\Windows\System\OGnJcPf.exe
  C:\Windows\System\OGnJcPf.exe
  2⤵
  PID:4776
- C:\Windows\System\QUeQDJO.exe
  C:\Windows\System\QUeQDJO.exe
  2⤵
  PID:4792
- C:\Windows\System\GgUePtd.exe
  C:\Windows\System\GgUePtd.exe
  2⤵
  PID:4808
- C:\Windows\System\RnOkhGn.exe
  C:\Windows\System\RnOkhGn.exe
  2⤵
  PID:4824
- C:\Windows\System\inWwwCB.exe
  C:\Windows\System\inWwwCB.exe
  2⤵
  PID:4840
- C:\Windows\System\tJewamz.exe
  C:\Windows\System\tJewamz.exe
  2⤵
  PID:4856
- C:\Windows\System\WWtMIZk.exe
  C:\Windows\System\WWtMIZk.exe
  2⤵
  PID:4872
- C:\Windows\System\afNIAAJ.exe
  C:\Windows\System\afNIAAJ.exe
  2⤵
  PID:4888
- C:\Windows\System\BvDNJFq.exe
  C:\Windows\System\BvDNJFq.exe
  2⤵
  PID:4904
- C:\Windows\System\CLEEtJI.exe
  C:\Windows\System\CLEEtJI.exe
  2⤵
  PID:4920
- C:\Windows\System\Jgccznn.exe
  C:\Windows\System\Jgccznn.exe
  2⤵
  PID:4936
- C:\Windows\System\cHgpEFI.exe
  C:\Windows\System\cHgpEFI.exe
  2⤵
  PID:4952
- C:\Windows\System\HaZmpsQ.exe
  C:\Windows\System\HaZmpsQ.exe
  2⤵
  PID:4968
- C:\Windows\System\qeHZBQw.exe
  C:\Windows\System\qeHZBQw.exe
  2⤵
  PID:4984
- C:\Windows\System\mdcscJP.exe
  C:\Windows\System\mdcscJP.exe
  2⤵
  PID:5000
- C:\Windows\System\ljYaoCZ.exe
  C:\Windows\System\ljYaoCZ.exe
  2⤵
  PID:5016
- C:\Windows\System\SmrKqit.exe
  C:\Windows\System\SmrKqit.exe
  2⤵
  PID:5032
- C:\Windows\System\RYPaDKS.exe
  C:\Windows\System\RYPaDKS.exe
  2⤵
  PID:5048
- C:\Windows\System\zgFsIDU.exe
  C:\Windows\System\zgFsIDU.exe
  2⤵
  PID:5064
- C:\Windows\System\vzGypnD.exe
  C:\Windows\System\vzGypnD.exe
  2⤵
  PID:5080
- C:\Windows\System\wbtRZFK.exe
  C:\Windows\System\wbtRZFK.exe
  2⤵
  PID:5096
- C:\Windows\System\lpzimMB.exe
  C:\Windows\System\lpzimMB.exe
  2⤵
  PID:5112
- C:\Windows\System\bwcdCUY.exe
  C:\Windows\System\bwcdCUY.exe
  2⤵
  PID:4040
- C:\Windows\System\QNbKPtp.exe
  C:\Windows\System\QNbKPtp.exe
  2⤵
  PID:3048
- C:\Windows\System\fInNdmX.exe
  C:\Windows\System\fInNdmX.exe
  2⤵
  PID:3528
- C:\Windows\System\WwJQVrt.exe
  C:\Windows\System\WwJQVrt.exe
  2⤵
  PID:4112
- C:\Windows\System\LeuAuvA.exe
  C:\Windows\System\LeuAuvA.exe
  2⤵
  PID:4144
- C:\Windows\System\JijuxPx.exe
  C:\Windows\System\JijuxPx.exe
  2⤵
  PID:4176
- C:\Windows\System\fKpcUPx.exe
  C:\Windows\System\fKpcUPx.exe
  2⤵
  PID:4208
- C:\Windows\System\tQxnpsl.exe
  C:\Windows\System\tQxnpsl.exe
  2⤵
  PID:4240
- C:\Windows\System\wgxMxFM.exe
  C:\Windows\System\wgxMxFM.exe
  2⤵
  PID:4272
- C:\Windows\System\yGqSpEL.exe
  C:\Windows\System\yGqSpEL.exe
  2⤵
  PID:4304
- C:\Windows\System\pSMzvBp.exe
  C:\Windows\System\pSMzvBp.exe
  2⤵
  PID:4320
- C:\Windows\System\PxlhxWM.exe
  C:\Windows\System\PxlhxWM.exe
  2⤵
  PID:1720
- C:\Windows\System\lbWIKpO.exe
  C:\Windows\System\lbWIKpO.exe
  2⤵
  PID:4368
- C:\Windows\System\eDSDXVQ.exe
  C:\Windows\System\eDSDXVQ.exe
  2⤵
  PID:4400
- C:\Windows\System\XGmDHxB.exe
  C:\Windows\System\XGmDHxB.exe
  2⤵
  PID:4436
- C:\Windows\System\lMwVrHk.exe
  C:\Windows\System\lMwVrHk.exe
  2⤵
  PID:4452
- C:\Windows\System\QxahwUA.exe
  C:\Windows\System\QxahwUA.exe
  2⤵
  PID:4500
- C:\Windows\System\OkFstXF.exe
  C:\Windows\System\OkFstXF.exe
  2⤵
  PID:4532
- C:\Windows\System\kUoCnUT.exe
  C:\Windows\System\kUoCnUT.exe
  2⤵
  PID:4564
- C:\Windows\System\wtcpUXY.exe
  C:\Windows\System\wtcpUXY.exe
  2⤵
  PID:4596
- C:\Windows\System\jrzAOme.exe
  C:\Windows\System\jrzAOme.exe
  2⤵
  PID:4612
- C:\Windows\System\NXvJTlt.exe
  C:\Windows\System\NXvJTlt.exe
  2⤵
  PID:4660
- C:\Windows\System\easrCSp.exe
  C:\Windows\System\easrCSp.exe
  2⤵
  PID:4692
- C:\Windows\System\mHosaFP.exe
  C:\Windows\System\mHosaFP.exe
  2⤵
  PID:4708
- C:\Windows\System\JKhZIRm.exe
  C:\Windows\System\JKhZIRm.exe
  2⤵
  PID:4772
- C:\Windows\System\Vqngpsb.exe
  C:\Windows\System\Vqngpsb.exe
  2⤵
  PID:4848
- C:\Windows\System\cZsWuAx.exe
  C:\Windows\System\cZsWuAx.exe
  2⤵
  PID:4864
- C:\Windows\System\YjaEOND.exe
  C:\Windows\System\YjaEOND.exe
  2⤵
  PID:4928
- C:\Windows\System\RKlnxrH.exe
  C:\Windows\System\RKlnxrH.exe
  2⤵
  PID:4352
- C:\Windows\System\TPQQCyF.exe
  C:\Windows\System\TPQQCyF.exe
  2⤵
  PID:2200
- C:\Windows\System\QuqFokC.exe
  C:\Windows\System\QuqFokC.exe
  2⤵
  PID:4432
- C:\Windows\System\AcpwWOf.exe
  C:\Windows\System\AcpwWOf.exe
  2⤵
  PID:2336
- C:\Windows\System\fTHNxqA.exe
  C:\Windows\System\fTHNxqA.exe
  2⤵
  PID:4592
- C:\Windows\System\wGJvirr.exe
  C:\Windows\System\wGJvirr.exe
  2⤵
  PID:4656
- C:\Windows\System\FevSkDr.exe
  C:\Windows\System\FevSkDr.exe
  2⤵
  PID:4624
- C:\Windows\System\KlBrwlD.exe
  C:\Windows\System\KlBrwlD.exe
  2⤵
  PID:4752
- C:\Windows\System\INnqFnx.exe
  C:\Windows\System\INnqFnx.exe
  2⤵
  PID:2280
- C:\Windows\System\tTrFiPJ.exe
  C:\Windows\System\tTrFiPJ.exe
  2⤵
  PID:4788
- C:\Windows\System\TCIfgeA.exe
  C:\Windows\System\TCIfgeA.exe
  2⤵
  PID:4884
- C:\Windows\System\kAQibtt.exe
  C:\Windows\System\kAQibtt.exe
  2⤵
  PID:4916
- C:\Windows\System\XIlLtkq.exe
  C:\Windows\System\XIlLtkq.exe
  2⤵
  PID:1604
- C:\Windows\System\OjUvwtL.exe
  C:\Windows\System\OjUvwtL.exe
  2⤵
  PID:4948
- C:\Windows\System\ThCuUnx.exe
  C:\Windows\System\ThCuUnx.exe
  2⤵
  PID:4980
- C:\Windows\System\ZIyLouT.exe
  C:\Windows\System\ZIyLouT.exe
  2⤵
  PID:2916
- C:\Windows\System\PMcbrEW.exe
  C:\Windows\System\PMcbrEW.exe
  2⤵
  PID:5040
- C:\Windows\System\sbPpvhV.exe
  C:\Windows\System\sbPpvhV.exe
  2⤵
  PID:5072
- C:\Windows\System\EWJezlq.exe
  C:\Windows\System\EWJezlq.exe
  2⤵
  PID:2904
- C:\Windows\System\xJWwCwt.exe
  C:\Windows\System\xJWwCwt.exe
  2⤵
  PID:2108
- C:\Windows\System\RrOHoZc.exe
  C:\Windows\System\RrOHoZc.exe
  2⤵
  PID:2944
- C:\Windows\System\MBGfqWu.exe
  C:\Windows\System\MBGfqWu.exe
  2⤵
  PID:3320
- C:\Windows\System\PMFKzfu.exe
  C:\Windows\System\PMFKzfu.exe
  2⤵
  PID:2708
- C:\Windows\System\XEBZPnz.exe
  C:\Windows\System\XEBZPnz.exe
  2⤵
  PID:4128
- C:\Windows\System\rapHqCD.exe
  C:\Windows\System\rapHqCD.exe
  2⤵
  PID:4180
- C:\Windows\System\ywUFeCu.exe
  C:\Windows\System\ywUFeCu.exe
  2⤵
  PID:820
- C:\Windows\System\NnjpBNA.exe
  C:\Windows\System\NnjpBNA.exe
  2⤵
  PID:1484
- C:\Windows\System\pNxnlUU.exe
  C:\Windows\System\pNxnlUU.exe
  2⤵
  PID:4292
- C:\Windows\System\ZvkiDzR.exe
  C:\Windows\System\ZvkiDzR.exe
  2⤵
  PID:4356
- C:\Windows\System\KxxtvPx.exe
  C:\Windows\System\KxxtvPx.exe
  2⤵
  PID:4324
- C:\Windows\System\zNXLNvu.exe
  C:\Windows\System\zNXLNvu.exe
  2⤵
  PID:4496
- C:\Windows\System\bNlNjoD.exe
  C:\Windows\System\bNlNjoD.exe
  2⤵
  PID:4576
- C:\Windows\System\GggBSMq.exe
  C:\Windows\System\GggBSMq.exe
  2⤵
  PID:4704
- C:\Windows\System\QcYLzMI.exe
  C:\Windows\System\QcYLzMI.exe
  2⤵
  PID:1684
- C:\Windows\System\yLILfuJ.exe
  C:\Windows\System\yLILfuJ.exe
  2⤵
  PID:4784
- C:\Windows\System\tDqGgUG.exe
  C:\Windows\System\tDqGgUG.exe
  2⤵
  PID:1664
- C:\Windows\System\fynAiJU.exe
  C:\Windows\System\fynAiJU.exe
  2⤵
  PID:2884
- C:\Windows\System\wArFefI.exe
  C:\Windows\System\wArFefI.exe
  2⤵
  PID:2388
- C:\Windows\System\BSChrib.exe
  C:\Windows\System\BSChrib.exe
  2⤵
  PID:2848
- C:\Windows\System\OdvYZZa.exe
  C:\Windows\System\OdvYZZa.exe
  2⤵
  PID:5044
- C:\Windows\System\NLYSYOt.exe
  C:\Windows\System\NLYSYOt.exe
  2⤵
  PID:4976
- C:\Windows\System\seufgzL.exe
  C:\Windows\System\seufgzL.exe
  2⤵
  PID:1972
- C:\Windows\System\JhMMPkI.exe
  C:\Windows\System\JhMMPkI.exe
  2⤵
  PID:3292
- C:\Windows\System\GjRUSly.exe
  C:\Windows\System\GjRUSly.exe
  2⤵
  PID:4196
- C:\Windows\System\kiRhODp.exe
  C:\Windows\System\kiRhODp.exe
  2⤵
  PID:4256
- C:\Windows\System\ryPyuwq.exe
  C:\Windows\System\ryPyuwq.exe
  2⤵
  PID:3784
- C:\Windows\System\UTmECkX.exe
  C:\Windows\System\UTmECkX.exe
  2⤵
  PID:2920
- C:\Windows\System\ERqyvMr.exe
  C:\Windows\System\ERqyvMr.exe
  2⤵
  PID:4560
- C:\Windows\System\YqyPnRU.exe
  C:\Windows\System\YqyPnRU.exe
  2⤵
  PID:1764
- C:\Windows\System\SGvaWSE.exe
  C:\Windows\System\SGvaWSE.exe
  2⤵
  PID:4640
- C:\Windows\System\nKLgQWY.exe
  C:\Windows\System\nKLgQWY.exe
  2⤵
  PID:2156
- C:\Windows\System\qFhBVgl.exe
  C:\Windows\System\qFhBVgl.exe
  2⤵
  PID:5008
- C:\Windows\System\XecOZIa.exe
  C:\Windows\System\XecOZIa.exe
  2⤵
  PID:4148
- C:\Windows\System\jelpPcP.exe
  C:\Windows\System\jelpPcP.exe
  2⤵
  PID:5108
- C:\Windows\System\uMqhKbR.exe
  C:\Windows\System\uMqhKbR.exe
  2⤵
  PID:4288
- C:\Windows\System\WwsWhoi.exe
  C:\Windows\System\WwsWhoi.exe
  2⤵
  PID:2836
- C:\Windows\System\daCiCeF.exe
  C:\Windows\System\daCiCeF.exe
  2⤵
  PID:5124
- C:\Windows\System\ZeDlIoW.exe
  C:\Windows\System\ZeDlIoW.exe
  2⤵
  PID:5140
- C:\Windows\System\TdCPGDZ.exe
  C:\Windows\System\TdCPGDZ.exe
  2⤵
  PID:5156
- C:\Windows\System\jsZnRlD.exe
  C:\Windows\System\jsZnRlD.exe
  2⤵
  PID:5172
- C:\Windows\System\fmQLuSE.exe
  C:\Windows\System\fmQLuSE.exe
  2⤵
  PID:5188
- C:\Windows\System\jBCabrC.exe
  C:\Windows\System\jBCabrC.exe
  2⤵
  PID:5204
- C:\Windows\System\rlmnocG.exe
  C:\Windows\System\rlmnocG.exe
  2⤵
  PID:5220
- C:\Windows\System\SsUNjom.exe
  C:\Windows\System\SsUNjom.exe
  2⤵
  PID:5236
- C:\Windows\System\sVUFbwJ.exe
  C:\Windows\System\sVUFbwJ.exe
  2⤵
  PID:5256
- C:\Windows\System\PQeLtAI.exe
  C:\Windows\System\PQeLtAI.exe
  2⤵
  PID:5272
- C:\Windows\System\rfKvAEY.exe
  C:\Windows\System\rfKvAEY.exe
  2⤵
  PID:5292
- C:\Windows\System\lrmcegm.exe
  C:\Windows\System\lrmcegm.exe
  2⤵
  PID:5312
- C:\Windows\System\vZumaYy.exe
  C:\Windows\System\vZumaYy.exe
  2⤵
  PID:5328
- C:\Windows\System\DvUMstO.exe
  C:\Windows\System\DvUMstO.exe
  2⤵
  PID:5344
- C:\Windows\System\EzvhHfd.exe
  C:\Windows\System\EzvhHfd.exe
  2⤵
  PID:5360
- C:\Windows\System\xkVXTiU.exe
  C:\Windows\System\xkVXTiU.exe
  2⤵
  PID:5376
- C:\Windows\System\jwPTGfh.exe
  C:\Windows\System\jwPTGfh.exe
  2⤵
  PID:5392
- C:\Windows\System\DbIyzWn.exe
  C:\Windows\System\DbIyzWn.exe
  2⤵
  PID:5428
- C:\Windows\System\kMaAnaA.exe
  C:\Windows\System\kMaAnaA.exe
  2⤵
  PID:5480
- C:\Windows\System\JhwVYyO.exe
  C:\Windows\System\JhwVYyO.exe
  2⤵
  PID:5504
- C:\Windows\System\ccQthNy.exe
  C:\Windows\System\ccQthNy.exe
  2⤵
  PID:5520
- C:\Windows\System\wsPmzyA.exe
  C:\Windows\System\wsPmzyA.exe
  2⤵
  PID:5540
- C:\Windows\System\IYZwSRW.exe
  C:\Windows\System\IYZwSRW.exe
  2⤵
  PID:5556
- C:\Windows\System\mwneCss.exe
  C:\Windows\System\mwneCss.exe
  2⤵
  PID:5572
- C:\Windows\System\RNTjYPE.exe
  C:\Windows\System\RNTjYPE.exe
  2⤵
  PID:5588
- C:\Windows\System\ciMOwma.exe
  C:\Windows\System\ciMOwma.exe
  2⤵
  PID:5604
- C:\Windows\System\grDuOsw.exe
  C:\Windows\System\grDuOsw.exe
  2⤵
  PID:6132
- C:\Windows\System\gHoLfeE.exe
  C:\Windows\System\gHoLfeE.exe
  2⤵
  PID:2556
- C:\Windows\System\MrcybyA.exe
  C:\Windows\System\MrcybyA.exe
  2⤵
  PID:4912
- C:\Windows\System\DtiRQew.exe
  C:\Windows\System\DtiRQew.exe
  2⤵
  PID:5132
- C:\Windows\System\BYPjUPC.exe
  C:\Windows\System\BYPjUPC.exe
  2⤵
  PID:3064
- C:\Windows\System\PUQbiSV.exe
  C:\Windows\System\PUQbiSV.exe
  2⤵
  PID:2940
- C:\Windows\System\WixlQYV.exe
  C:\Windows\System\WixlQYV.exe
  2⤵
  PID:5148
- C:\Windows\System\cdTBecP.exe
  C:\Windows\System\cdTBecP.exe
  2⤵
  PID:4512
- C:\Windows\System\FJlGNut.exe
  C:\Windows\System\FJlGNut.exe
  2⤵
  PID:5228
- C:\Windows\System\ulyvgwM.exe
  C:\Windows\System\ulyvgwM.exe
  2⤵
  PID:5216
- C:\Windows\System\JedAsif.exe
  C:\Windows\System\JedAsif.exe
  2⤵
  PID:5264
- C:\Windows\System\SpJvnwH.exe
  C:\Windows\System\SpJvnwH.exe
  2⤵
  PID:5288
- C:\Windows\System\EPTnaGm.exe
  C:\Windows\System\EPTnaGm.exe
  2⤵
  PID:5336
- C:\Windows\System\hqbVWgk.exe
  C:\Windows\System\hqbVWgk.exe
  2⤵
  PID:5400
- C:\Windows\System\PuqIMot.exe
  C:\Windows\System\PuqIMot.exe
  2⤵
  PID:5356
- C:\Windows\System\QNzlvrN.exe
  C:\Windows\System\QNzlvrN.exe
  2⤵
  PID:5412
- C:\Windows\System\JxZwQwN.exe
  C:\Windows\System\JxZwQwN.exe
  2⤵
  PID:5424
- C:\Windows\System\DDsiSwb.exe
  C:\Windows\System\DDsiSwb.exe
  2⤵
  PID:5448
- C:\Windows\System\zLejIIH.exe
  C:\Windows\System\zLejIIH.exe
  2⤵
  PID:5488
- C:\Windows\System\CkWHdRT.exe
  C:\Windows\System\CkWHdRT.exe
  2⤵
  PID:5472
- C:\Windows\System\QjaWTrz.exe
  C:\Windows\System\QjaWTrz.exe
  2⤵
  PID:5528
- C:\Windows\System\rNPpbpv.exe
  C:\Windows\System\rNPpbpv.exe
  2⤵
  PID:5532
- C:\Windows\System\ivOGHLX.exe
  C:\Windows\System\ivOGHLX.exe
  2⤵
  PID:5568
- C:\Windows\System\YoWoMEV.exe
  C:\Windows\System\YoWoMEV.exe
  2⤵
  PID:5584
- C:\Windows\System\JqizKng.exe
  C:\Windows\System\JqizKng.exe
  2⤵
  PID:5628
- C:\Windows\System\pTREOiz.exe
  C:\Windows\System\pTREOiz.exe
  2⤵
  PID:5644
- C:\Windows\System\kcGGliB.exe
  C:\Windows\System\kcGGliB.exe
  2⤵
  PID:5660
- C:\Windows\System\uALtTvJ.exe
  C:\Windows\System\uALtTvJ.exe
  2⤵
  PID:5680
- C:\Windows\System\TjYqElU.exe
  C:\Windows\System\TjYqElU.exe
  2⤵
  PID:5696
- C:\Windows\System\ZdbkOTy.exe
  C:\Windows\System\ZdbkOTy.exe
  2⤵
  PID:5712
- C:\Windows\System\qStzncO.exe
  C:\Windows\System\qStzncO.exe
  2⤵
  PID:5728
- C:\Windows\System\GeaCArD.exe
  C:\Windows\System\GeaCArD.exe
  2⤵
  PID:6140
- C:\Windows\System\ssezKTZ.exe
  C:\Windows\System\ssezKTZ.exe
  2⤵
  PID:5760
- C:\Windows\System\GbZzDnW.exe
  C:\Windows\System\GbZzDnW.exe
  2⤵
  PID:5792
- C:\Windows\System\aOXnNGm.exe
  C:\Windows\System\aOXnNGm.exe
  2⤵
  PID:5872
- C:\Windows\System\BpNoBda.exe
  C:\Windows\System\BpNoBda.exe
  2⤵
  PID:5772
- C:\Windows\System\AMNgEIu.exe
  C:\Windows\System\AMNgEIu.exe
  2⤵
  PID:5796
- C:\Windows\System\RmKkvqs.exe
  C:\Windows\System\RmKkvqs.exe
  2⤵
  PID:5820
- C:\Windows\System\lmrrTqu.exe
  C:\Windows\System\lmrrTqu.exe
  2⤵
  PID:5864
- C:\Windows\System\JoYZPaf.exe
  C:\Windows\System\JoYZPaf.exe
  2⤵
  PID:5184
- C:\Windows\System\iOnlrsr.exe
  C:\Windows\System\iOnlrsr.exe
  2⤵
  PID:5352
- C:\Windows\System\LXiUdJE.exe
  C:\Windows\System\LXiUdJE.exe
  2⤵
  PID:5888
- C:\Windows\System\ECvddwh.exe
  C:\Windows\System\ECvddwh.exe
  2⤵
  PID:5908
- C:\Windows\System\PmvHAOi.exe
  C:\Windows\System\PmvHAOi.exe
  2⤵
  PID:5924
- C:\Windows\System\iKhQgdC.exe
  C:\Windows\System\iKhQgdC.exe
  2⤵
  PID:5940
- C:\Windows\System\YoCfaxY.exe
  C:\Windows\System\YoCfaxY.exe
  2⤵
  PID:5956
- C:\Windows\System\oyqpBQt.exe
  C:\Windows\System\oyqpBQt.exe
  2⤵
  PID:5972
- C:\Windows\System\gMODGPn.exe
  C:\Windows\System\gMODGPn.exe
  2⤵
  PID:5988
- C:\Windows\System\MJRPzXq.exe
  C:\Windows\System\MJRPzXq.exe
  2⤵
  PID:5896
- C:\Windows\System\UfyTjZN.exe
  C:\Windows\System\UfyTjZN.exe
  2⤵
  PID:6016
- C:\Windows\System\TmWnJIy.exe
  C:\Windows\System\TmWnJIy.exe
  2⤵
  PID:6028
- C:\Windows\System\wfjPjee.exe
  C:\Windows\System\wfjPjee.exe
  2⤵
  PID:6044
- C:\Windows\System\HEAtcZl.exe
  C:\Windows\System\HEAtcZl.exe
  2⤵
  PID:6060
- C:\Windows\System\kCvoFcg.exe
  C:\Windows\System\kCvoFcg.exe
  2⤵
  PID:6076
- C:\Windows\System\RoSLWzR.exe
  C:\Windows\System\RoSLWzR.exe
  2⤵
  PID:6092
- C:\Windows\System\pkTQnRA.exe
  C:\Windows\System\pkTQnRA.exe
  2⤵
  PID:6108
- C:\Windows\System\wnUoONF.exe
  C:\Windows\System\wnUoONF.exe
  2⤵
  PID:6124
- C:\Windows\System\fdXKUbF.exe
  C:\Windows\System\fdXKUbF.exe
  2⤵
  PID:4992
- C:\Windows\System\SQwyfni.exe
  C:\Windows\System\SQwyfni.exe
  2⤵
  PID:4480
- C:\Windows\System\wSooeSC.exe
  C:\Windows\System\wSooeSC.exe
  2⤵
  PID:5252
- C:\Windows\System\VeXWnNL.exe
  C:\Windows\System\VeXWnNL.exe
  2⤵
  PID:5464
- C:\Windows\System\DDGSDJc.exe
  C:\Windows\System\DDGSDJc.exe
  2⤵
  PID:5516
- C:\Windows\System\KwaxlqP.exe
  C:\Windows\System\KwaxlqP.exe
  2⤵
  PID:5388
- C:\Windows\System\gpjMWty.exe
  C:\Windows\System\gpjMWty.exe
  2⤵
  PID:5460
- C:\Windows\System\ONIRmzL.exe
  C:\Windows\System\ONIRmzL.exe
  2⤵
  PID:5624
- C:\Windows\System\xiuIrLE.exe
  C:\Windows\System\xiuIrLE.exe
  2⤵
  PID:5676
- C:\Windows\System\nnQtAFi.exe
  C:\Windows\System\nnQtAFi.exe
  2⤵
  PID:5656
- C:\Windows\System\JDpOKHL.exe
  C:\Windows\System\JDpOKHL.exe
  2⤵
  PID:5724
- C:\Windows\System\HkXUyFQ.exe
  C:\Windows\System\HkXUyFQ.exe
  2⤵
  PID:5824
- C:\Windows\System\oAchIry.exe
  C:\Windows\System\oAchIry.exe
  2⤵
  PID:5708
- C:\Windows\System\XjUNfRQ.exe
  C:\Windows\System\XjUNfRQ.exe
  2⤵
  PID:5768
- C:\Windows\System\WFeekxy.exe
  C:\Windows\System\WFeekxy.exe
  2⤵
  PID:5816
- C:\Windows\System\XIpGSXv.exe
  C:\Windows\System\XIpGSXv.exe
  2⤵
  PID:5848
- C:\Windows\System\VCSqkkW.exe
  C:\Windows\System\VCSqkkW.exe
  2⤵
  PID:1712
- C:\Windows\System\JvjzSfb.exe
  C:\Windows\System\JvjzSfb.exe
  2⤵
  PID:5844
- C:\Windows\System\sTtjGpK.exe
  C:\Windows\System\sTtjGpK.exe
  2⤵
  PID:5876
- C:\Windows\System\NJUBVqt.exe
  C:\Windows\System\NJUBVqt.exe
  2⤵
  PID:5948
- C:\Windows\System\zeqhWqU.exe
  C:\Windows\System\zeqhWqU.exe
  2⤵
  PID:5984
- C:\Windows\System\eJrGOzN.exe
  C:\Windows\System\eJrGOzN.exe
  2⤵
  PID:5300
- C:\Windows\System\NRPfFbd.exe
  C:\Windows\System\NRPfFbd.exe
  2⤵
  PID:5904
- C:\Windows\System\jYODasz.exe
  C:\Windows\System\jYODasz.exe
  2⤵
  PID:5968
- C:\Windows\System\oIiUETZ.exe
  C:\Windows\System\oIiUETZ.exe
  2⤵
  PID:6036
- C:\Windows\System\EInDFYF.exe
  C:\Windows\System\EInDFYF.exe
  2⤵
  PID:6052
- C:\Windows\System\qXozQSo.exe
  C:\Windows\System\qXozQSo.exe
  2⤵
  PID:6100
- C:\Windows\System\jQrMJiB.exe
  C:\Windows\System\jQrMJiB.exe
  2⤵
  PID:5200
- C:\Windows\System\MhbCvnv.exe
  C:\Windows\System\MhbCvnv.exe
  2⤵
  PID:4244
- C:\Windows\System\JATdFFi.exe
  C:\Windows\System\JATdFFi.exe
  2⤵
  PID:5500
- C:\Windows\System\MLcmfeN.exe
  C:\Windows\System\MLcmfeN.exe
  2⤵
  PID:5552
- C:\Windows\System\MYMEeLJ.exe
  C:\Windows\System\MYMEeLJ.exe
  2⤵
  PID:5784
- C:\Windows\System\rpYjTzK.exe
  C:\Windows\System\rpYjTzK.exe
  2⤵
  PID:5384
- C:\Windows\System\AmVQzgR.exe
  C:\Windows\System\AmVQzgR.exe
  2⤵
  PID:2272
- C:\Windows\System\bvSetxe.exe
  C:\Windows\System\bvSetxe.exe
  2⤵
  PID:5736
- C:\Windows\System\GXoVsoQ.exe
  C:\Windows\System\GXoVsoQ.exe
  2⤵
  PID:5832
- C:\Windows\System\SweSIgw.exe
  C:\Windows\System\SweSIgw.exe
  2⤵
  PID:5440
- C:\Windows\System\eQbrQvi.exe
  C:\Windows\System\eQbrQvi.exe
  2⤵
  PID:5920
- C:\Windows\System\RtdGvPQ.exe
  C:\Windows\System\RtdGvPQ.exe
  2⤵
  PID:5368
- C:\Windows\System\rHshjUu.exe
  C:\Windows\System\rHshjUu.exe
  2⤵
  PID:6084
- C:\Windows\System\EoYzqil.exe
  C:\Windows\System\EoYzqil.exe
  2⤵
  PID:6072
- C:\Windows\System\ZmDtPuq.exe
  C:\Windows\System\ZmDtPuq.exe
  2⤵
  PID:6116
- C:\Windows\System\mpUTvtR.exe
  C:\Windows\System\mpUTvtR.exe
  2⤵
  PID:5720
- C:\Windows\System\ykqAAay.exe
  C:\Windows\System\ykqAAay.exe
  2⤵
  PID:5640
- C:\Windows\System\UQIfEaw.exe
  C:\Windows\System\UQIfEaw.exe
  2⤵
  PID:5744
- C:\Windows\System\YhIbMFf.exe
  C:\Windows\System\YhIbMFf.exe
  2⤵
  PID:5916
- C:\Windows\System\VvlKoRK.exe
  C:\Windows\System\VvlKoRK.exe
  2⤵
  PID:5512
- C:\Windows\System\TUTGvUN.exe
  C:\Windows\System\TUTGvUN.exe
  2⤵
  PID:6156
- C:\Windows\System\xjpNlNe.exe
  C:\Windows\System\xjpNlNe.exe
  2⤵
  PID:6172
- C:\Windows\System\iWQxLsx.exe
  C:\Windows\System\iWQxLsx.exe
  2⤵
  PID:6188
- C:\Windows\System\edgfZUP.exe
  C:\Windows\System\edgfZUP.exe
  2⤵
  PID:6204
- C:\Windows\System\WRhqaMN.exe
  C:\Windows\System\WRhqaMN.exe
  2⤵
  PID:6220
- C:\Windows\System\ykjVkHe.exe
  C:\Windows\System\ykjVkHe.exe
  2⤵
  PID:6236
- C:\Windows\System\yIuBDfO.exe
  C:\Windows\System\yIuBDfO.exe
  2⤵
  PID:6252
- C:\Windows\System\BkWUZEM.exe
  C:\Windows\System\BkWUZEM.exe
  2⤵
  PID:6268
- C:\Windows\System\zugBnVK.exe
  C:\Windows\System\zugBnVK.exe
  2⤵
  PID:6284
- C:\Windows\System\WdZMzim.exe
  C:\Windows\System\WdZMzim.exe
  2⤵
  PID:6300
- C:\Windows\System\EWbhbpe.exe
  C:\Windows\System\EWbhbpe.exe
  2⤵
  PID:6316
- C:\Windows\System\nAEVTYH.exe
  C:\Windows\System\nAEVTYH.exe
  2⤵
  PID:6332
- C:\Windows\System\SZNVzNt.exe
  C:\Windows\System\SZNVzNt.exe
  2⤵
  PID:6348
- C:\Windows\System\LEuGsZc.exe
  C:\Windows\System\LEuGsZc.exe
  2⤵
  PID:6364
- C:\Windows\System\BSdVTOn.exe
  C:\Windows\System\BSdVTOn.exe
  2⤵
  PID:6380
- C:\Windows\System\XkjuUvY.exe
  C:\Windows\System\XkjuUvY.exe
  2⤵
  PID:6396
- C:\Windows\System\RoZXKgu.exe
  C:\Windows\System\RoZXKgu.exe
  2⤵
  PID:6412
- C:\Windows\System\gZyGBPY.exe
  C:\Windows\System\gZyGBPY.exe
  2⤵
  PID:6428
- C:\Windows\System\kjZZcQh.exe
  C:\Windows\System\kjZZcQh.exe
  2⤵
  PID:6444
- C:\Windows\System\rSlNeDC.exe
  C:\Windows\System\rSlNeDC.exe
  2⤵
  PID:6460
- C:\Windows\System\GABtyuu.exe
  C:\Windows\System\GABtyuu.exe
  2⤵
  PID:6476
- C:\Windows\System\IbpriOX.exe
  C:\Windows\System\IbpriOX.exe
  2⤵
  PID:6492
- C:\Windows\System\hhDqadz.exe
  C:\Windows\System\hhDqadz.exe
  2⤵
  PID:6508
- C:\Windows\System\DUHLjlW.exe
  C:\Windows\System\DUHLjlW.exe
  2⤵
  PID:6524
- C:\Windows\System\LxMuWGn.exe
  C:\Windows\System\LxMuWGn.exe
  2⤵
  PID:6540
- C:\Windows\System\QYjIYsN.exe
  C:\Windows\System\QYjIYsN.exe
  2⤵
  PID:6556
- C:\Windows\System\OXItXug.exe
  C:\Windows\System\OXItXug.exe
  2⤵
  PID:6572
- C:\Windows\System\srkWkfM.exe
  C:\Windows\System\srkWkfM.exe
  2⤵
  PID:6588
- C:\Windows\System\FzgHHwq.exe
  C:\Windows\System\FzgHHwq.exe
  2⤵
  PID:6604
- C:\Windows\System\NgaksSa.exe
  C:\Windows\System\NgaksSa.exe
  2⤵
  PID:6620
- C:\Windows\System\DyGoBGw.exe
  C:\Windows\System\DyGoBGw.exe
  2⤵
  PID:6636
- C:\Windows\System\ABSvALd.exe
  C:\Windows\System\ABSvALd.exe
  2⤵
  PID:6652
- C:\Windows\System\TBRYyvi.exe
  C:\Windows\System\TBRYyvi.exe
  2⤵
  PID:6668
- C:\Windows\System\qVQIUvg.exe
  C:\Windows\System\qVQIUvg.exe
  2⤵
  PID:6684
- C:\Windows\System\FBmObyv.exe
  C:\Windows\System\FBmObyv.exe
  2⤵
  PID:6700
- C:\Windows\System\rHHOBBh.exe
  C:\Windows\System\rHHOBBh.exe
  2⤵
  PID:6716
- C:\Windows\System\bLXvmnE.exe
  C:\Windows\System\bLXvmnE.exe
  2⤵
  PID:6732
- C:\Windows\System\teXBMdm.exe
  C:\Windows\System\teXBMdm.exe
  2⤵
  PID:6748
- C:\Windows\System\wCryELW.exe
  C:\Windows\System\wCryELW.exe
  2⤵
  PID:6764
- C:\Windows\System\KxkadJQ.exe
  C:\Windows\System\KxkadJQ.exe
  2⤵
  PID:6780
- C:\Windows\System\siqVbJp.exe
  C:\Windows\System\siqVbJp.exe
  2⤵
  PID:6796
- C:\Windows\System\HGiAXSV.exe
  C:\Windows\System\HGiAXSV.exe
  2⤵
  PID:6812
- C:\Windows\System\gNwjPii.exe
  C:\Windows\System\gNwjPii.exe
  2⤵
  PID:6828
- C:\Windows\System\Mmtevnd.exe
  C:\Windows\System\Mmtevnd.exe
  2⤵
  PID:6844
- C:\Windows\System\CEKeyjb.exe
  C:\Windows\System\CEKeyjb.exe
  2⤵
  PID:6860
- C:\Windows\System\ddAwGaS.exe
  C:\Windows\System\ddAwGaS.exe
  2⤵
  PID:6876
- C:\Windows\System\WSbvQab.exe
  C:\Windows\System\WSbvQab.exe
  2⤵
  PID:6892
- C:\Windows\System\JJGUTfV.exe
  C:\Windows\System\JJGUTfV.exe
  2⤵
  PID:6908
- C:\Windows\System\EXkkhWM.exe
  C:\Windows\System\EXkkhWM.exe
  2⤵
  PID:6924
- C:\Windows\System\GdRkTXi.exe
  C:\Windows\System\GdRkTXi.exe
  2⤵
  PID:6940
- C:\Windows\System\wvMfSTD.exe
  C:\Windows\System\wvMfSTD.exe
  2⤵
  PID:6956
- C:\Windows\System\GjNReXA.exe
  C:\Windows\System\GjNReXA.exe
  2⤵
  PID:6972
- C:\Windows\System\VDFslQD.exe
  C:\Windows\System\VDFslQD.exe
  2⤵
  PID:6988
- C:\Windows\System\MfadAfk.exe
  C:\Windows\System\MfadAfk.exe
  2⤵
  PID:7004
- C:\Windows\System\oHUtJhW.exe
  C:\Windows\System\oHUtJhW.exe
  2⤵
  PID:7020
- C:\Windows\System\VsVTRkZ.exe
  C:\Windows\System\VsVTRkZ.exe
  2⤵
  PID:7036
- C:\Windows\System\NXOeRQh.exe
  C:\Windows\System\NXOeRQh.exe
  2⤵
  PID:7052
- C:\Windows\System\JGHPodx.exe
  C:\Windows\System\JGHPodx.exe
  2⤵
  PID:7068
- C:\Windows\System\RqgHXMi.exe
  C:\Windows\System\RqgHXMi.exe
  2⤵
  PID:7084
- C:\Windows\System\tDWPRdS.exe
  C:\Windows\System\tDWPRdS.exe
  2⤵
  PID:7100
- C:\Windows\System\gPfJdKx.exe
  C:\Windows\System\gPfJdKx.exe
  2⤵
  PID:7116
- C:\Windows\System\nJACvEA.exe
  C:\Windows\System\nJACvEA.exe
  2⤵
  PID:7132
- C:\Windows\System\okUFEIJ.exe
  C:\Windows\System\okUFEIJ.exe
  2⤵
  PID:7148
- C:\Windows\System\dJQYTah.exe
  C:\Windows\System\dJQYTah.exe
  2⤵
  PID:7164
- C:\Windows\System\CoTOXQx.exe
  C:\Windows\System\CoTOXQx.exe
  2⤵
  PID:5444
- C:\Windows\System\hNQEEoJ.exe
  C:\Windows\System\hNQEEoJ.exe
  2⤵
  PID:5980
- C:\Windows\System\xVmAPVd.exe
  C:\Windows\System\xVmAPVd.exe
  2⤵
  PID:4720
- C:\Windows\System\vpkRfOp.exe
  C:\Windows\System\vpkRfOp.exe
  2⤵
  PID:6184
- C:\Windows\System\dRqcSUD.exe
  C:\Windows\System\dRqcSUD.exe
  2⤵
  PID:5168
- C:\Windows\System\kcgwjXq.exe
  C:\Windows\System\kcgwjXq.exe
  2⤵
  PID:6200
- C:\Windows\System\HgymFOL.exe
  C:\Windows\System\HgymFOL.exe
  2⤵
  PID:6216
- C:\Windows\System\Grotebl.exe
  C:\Windows\System\Grotebl.exe
  2⤵
  PID:6264
- C:\Windows\System\UIVvHHn.exe
  C:\Windows\System\UIVvHHn.exe
  2⤵
  PID:6328
- C:\Windows\System\SorsQrp.exe
  C:\Windows\System\SorsQrp.exe
  2⤵
  PID:6360
- C:\Windows\System\AXakOkl.exe
  C:\Windows\System\AXakOkl.exe
  2⤵
  PID:6308
- C:\Windows\System\gKpNqsB.exe
  C:\Windows\System\gKpNqsB.exe
  2⤵
  PID:6452
- C:\Windows\System\JNwxZXB.exe
  C:\Windows\System\JNwxZXB.exe
  2⤵
  PID:6408
- C:\Windows\System\KpukNDa.exe
  C:\Windows\System\KpukNDa.exe
  2⤵
  PID:6484
- C:\Windows\System\LpCmwJK.exe
  C:\Windows\System\LpCmwJK.exe
  2⤵
  PID:6504
- C:\Windows\System\RQBZcmk.exe
  C:\Windows\System\RQBZcmk.exe
  2⤵
  PID:6548
- C:\Windows\System\JSdEZjx.exe
  C:\Windows\System\JSdEZjx.exe
  2⤵
  PID:6568
- C:\Windows\System\uYLZirp.exe
  C:\Windows\System\uYLZirp.exe
  2⤵
  PID:6616
- C:\Windows\System\mivgWpD.exe
  C:\Windows\System\mivgWpD.exe
  2⤵
  PID:6596
- C:\Windows\System\bzZwprW.exe
  C:\Windows\System\bzZwprW.exe
  2⤵
  PID:6660
- C:\Windows\System\kFIxLtt.exe
  C:\Windows\System\kFIxLtt.exe
  2⤵
  PID:6680
- C:\Windows\System\FRtoDqu.exe
  C:\Windows\System\FRtoDqu.exe
  2⤵
  PID:6712
- C:\Windows\System\enspfvg.exe
  C:\Windows\System\enspfvg.exe
  2⤵
  PID:6744
- C:\Windows\System\brAKybY.exe
  C:\Windows\System\brAKybY.exe
  2⤵
  PID:6804
- C:\Windows\System\KmzCBgY.exe
  C:\Windows\System\KmzCBgY.exe
  2⤵
  PID:6840
- C:\Windows\System\lXnfwVA.exe
  C:\Windows\System\lXnfwVA.exe
  2⤵
  PID:6900
- C:\Windows\System\FOmeIUo.exe
  C:\Windows\System\FOmeIUo.exe
  2⤵
  PID:6788
- C:\Windows\System\OAFQbaV.exe
  C:\Windows\System\OAFQbaV.exe
  2⤵
  PID:6820
- C:\Windows\System\XyLeOdD.exe
  C:\Windows\System\XyLeOdD.exe
  2⤵
  PID:6948
- C:\Windows\System\awMsina.exe
  C:\Windows\System\awMsina.exe
  2⤵
  PID:6968
- C:\Windows\System\UTUucDR.exe
  C:\Windows\System\UTUucDR.exe
  2⤵
  PID:7012
- C:\Windows\System\GBQhGOT.exe
  C:\Windows\System\GBQhGOT.exe
  2⤵
  PID:7032
- C:\Windows\System\VQAFfTe.exe
  C:\Windows\System\VQAFfTe.exe
  2⤵
  PID:7044
- C:\Windows\System\JCzYLmU.exe
  C:\Windows\System\JCzYLmU.exe
  2⤵
  PID:7156
- C:\Windows\System\Buzubuu.exe
  C:\Windows\System\Buzubuu.exe
  2⤵
  PID:5840
- C:\Windows\System\tzdURdi.exe
  C:\Windows\System\tzdURdi.exe
  2⤵
  PID:7076
- C:\Windows\System\okmWGvd.exe
  C:\Windows\System\okmWGvd.exe
  2⤵
  PID:5964
- C:\Windows\System\UqdzxqB.exe
  C:\Windows\System\UqdzxqB.exe
  2⤵
  PID:7140
- C:\Windows\System\nZzJGah.exe
  C:\Windows\System\nZzJGah.exe
  2⤵
  PID:5408
- C:\Windows\System\HUaZMcf.exe
  C:\Windows\System\HUaZMcf.exe
  2⤵
  PID:6356
- C:\Windows\System\aUpeBNl.exe
  C:\Windows\System\aUpeBNl.exe
  2⤵
  PID:6436
- C:\Windows\System\TvCMJhV.exe
  C:\Windows\System\TvCMJhV.exe
  2⤵
  PID:6376
- C:\Windows\System\AtbEIqD.exe
  C:\Windows\System\AtbEIqD.exe
  2⤵
  PID:6468
- C:\Windows\System\gQJMOow.exe
  C:\Windows\System\gQJMOow.exe
  2⤵
  PID:6580
- C:\Windows\System\VsBpQxf.exe
  C:\Windows\System\VsBpQxf.exe
  2⤵
  PID:6664
- C:\Windows\System\WQPTOnA.exe
  C:\Windows\System\WQPTOnA.exe
  2⤵
  PID:6808
- C:\Windows\System\BWiXzTw.exe
  C:\Windows\System\BWiXzTw.exe
  2⤵
  PID:6772
- C:\Windows\System\lSGkucI.exe
  C:\Windows\System\lSGkucI.exe
  2⤵
  PID:6628
- C:\Windows\System\zxIPhpD.exe
  C:\Windows\System\zxIPhpD.exe
  2⤵
  PID:6852
- C:\Windows\System\UuWssLT.exe
  C:\Windows\System\UuWssLT.exe
  2⤵
  PID:6792
- C:\Windows\System\UIFSMbx.exe
  C:\Windows\System\UIFSMbx.exe
  2⤵
  PID:6964
- C:\Windows\System\oGaQAFT.exe
  C:\Windows\System\oGaQAFT.exe
  2⤵
  PID:7124
- C:\Windows\System\NabcJup.exe
  C:\Windows\System\NabcJup.exe
  2⤵
  PID:6180
- C:\Windows\System\lNncqfo.exe
  C:\Windows\System\lNncqfo.exe
  2⤵
  PID:4160
- C:\Windows\System\wFkWfPQ.exe
  C:\Windows\System\wFkWfPQ.exe
  2⤵
  PID:6260
- C:\Windows\System\hmjslLt.exe
  C:\Windows\System\hmjslLt.exe
  2⤵
  PID:6324
- C:\Windows\System\pNXFrYJ.exe
  C:\Windows\System\pNXFrYJ.exe
  2⤵
  PID:6644
- C:\Windows\System\fiUpXwu.exe
  C:\Windows\System\fiUpXwu.exe
  2⤵
  PID:5740
- C:\Windows\System\kFqOZbs.exe
  C:\Windows\System\kFqOZbs.exe
  2⤵
  PID:6500
- C:\Windows\System\Rbffkwk.exe
  C:\Windows\System\Rbffkwk.exe
  2⤵
  PID:6632
- C:\Windows\System\SmeORIk.exe
  C:\Windows\System\SmeORIk.exe
  2⤵
  PID:6996
- C:\Windows\System\qvpCszX.exe
  C:\Windows\System\qvpCszX.exe
  2⤵
  PID:6420
- C:\Windows\System\riHKhrt.exe
  C:\Windows\System\riHKhrt.exe
  2⤵
  PID:6708
- C:\Windows\System\FCsDxwO.exe
  C:\Windows\System\FCsDxwO.exe
  2⤵
  PID:7092
- C:\Windows\System\bKlAsIV.exe
  C:\Windows\System\bKlAsIV.exe
  2⤵
  PID:6728
- C:\Windows\System\MhRZASB.exe
  C:\Windows\System\MhRZASB.exe
  2⤵
  PID:7048
- C:\Windows\System\nwNxRQr.exe
  C:\Windows\System\nwNxRQr.exe
  2⤵
  PID:6932
- C:\Windows\System\GjMCMMh.exe
  C:\Windows\System\GjMCMMh.exe
  2⤵
  PID:7144
- C:\Windows\System\EIcvtCg.exe
  C:\Windows\System\EIcvtCg.exe
  2⤵
  PID:6472
- C:\Windows\System\XLqQBhe.exe
  C:\Windows\System\XLqQBhe.exe
  2⤵
  PID:5580
- C:\Windows\System\GNpTXdj.exe
  C:\Windows\System\GNpTXdj.exe
  2⤵
  PID:7180
- C:\Windows\System\XbbqiHF.exe
  C:\Windows\System\XbbqiHF.exe
  2⤵
  PID:7196
- C:\Windows\System\UwKSfNR.exe
  C:\Windows\System\UwKSfNR.exe
  2⤵
  PID:7212
- C:\Windows\System\QFgnkgc.exe
  C:\Windows\System\QFgnkgc.exe
  2⤵
  PID:7228
- C:\Windows\System\NzpjkUv.exe
  C:\Windows\System\NzpjkUv.exe
  2⤵
  PID:7244
- C:\Windows\System\ozlwxRZ.exe
  C:\Windows\System\ozlwxRZ.exe
  2⤵
  PID:7260
- C:\Windows\System\IJsPkGX.exe
  C:\Windows\System\IJsPkGX.exe
  2⤵
  PID:7276
- C:\Windows\System\RKvbtaE.exe
  C:\Windows\System\RKvbtaE.exe
  2⤵
  PID:7292
- C:\Windows\System\bmPCFHu.exe
  C:\Windows\System\bmPCFHu.exe
  2⤵
  PID:7308
- C:\Windows\System\sHPpaHm.exe
  C:\Windows\System\sHPpaHm.exe
  2⤵
  PID:7324
- C:\Windows\System\bawoxux.exe
  C:\Windows\System\bawoxux.exe
  2⤵
  PID:7340
- C:\Windows\System\zUfufPy.exe
  C:\Windows\System\zUfufPy.exe
  2⤵
  PID:7356
- C:\Windows\System\RNyLvhM.exe
  C:\Windows\System\RNyLvhM.exe
  2⤵
  PID:7376
- C:\Windows\System\dDwxxeQ.exe
  C:\Windows\System\dDwxxeQ.exe
  2⤵
  PID:7392
- C:\Windows\System\BuwVyGb.exe
  C:\Windows\System\BuwVyGb.exe
  2⤵
  PID:7408
- C:\Windows\System\LgfKmLn.exe
  C:\Windows\System\LgfKmLn.exe
  2⤵
  PID:7424
- C:\Windows\System\hvUHEdy.exe
  C:\Windows\System\hvUHEdy.exe
  2⤵
  PID:7440
- C:\Windows\System\ABSSbne.exe
  C:\Windows\System\ABSSbne.exe
  2⤵
  PID:7456
- C:\Windows\System\HlxglKT.exe
  C:\Windows\System\HlxglKT.exe
  2⤵
  PID:7472
- C:\Windows\System\RjKUJtX.exe
  C:\Windows\System\RjKUJtX.exe
  2⤵
  PID:7488
- C:\Windows\System\RVIwboY.exe
  C:\Windows\System\RVIwboY.exe
  2⤵
  PID:7504
- C:\Windows\System\WeesBCw.exe
  C:\Windows\System\WeesBCw.exe
  2⤵
  PID:7520
- C:\Windows\System\dlKRbnD.exe
  C:\Windows\System\dlKRbnD.exe
  2⤵
  PID:7540
- C:\Windows\System\rPXgetk.exe
  C:\Windows\System\rPXgetk.exe
  2⤵
  PID:7556
- C:\Windows\System\YtkKvEr.exe
  C:\Windows\System\YtkKvEr.exe
  2⤵
  PID:7572
- C:\Windows\System\tYmczvt.exe
  C:\Windows\System\tYmczvt.exe
  2⤵
  PID:7588
- C:\Windows\System\ttyMjyr.exe
  C:\Windows\System\ttyMjyr.exe
  2⤵
  PID:7608
- C:\Windows\System\upQHnNR.exe
  C:\Windows\System\upQHnNR.exe
  2⤵
  PID:7624
- C:\Windows\System\FSgHUYo.exe
  C:\Windows\System\FSgHUYo.exe
  2⤵
  PID:7640
- C:\Windows\System\RKNcdAA.exe
  C:\Windows\System\RKNcdAA.exe
  2⤵
  PID:7656
- C:\Windows\System\GpPRDIK.exe
  C:\Windows\System\GpPRDIK.exe
  2⤵
  PID:7676
- C:\Windows\System\WxgNAYW.exe
  C:\Windows\System\WxgNAYW.exe
  2⤵
  PID:7692
- C:\Windows\System\BZhvcoY.exe
  C:\Windows\System\BZhvcoY.exe
  2⤵
  PID:7708
- C:\Windows\System\AnKxMFI.exe
  C:\Windows\System\AnKxMFI.exe
  2⤵
  PID:7724
- C:\Windows\System\iFXJPEV.exe
  C:\Windows\System\iFXJPEV.exe
  2⤵
  PID:7740
- C:\Windows\System\ewZesjT.exe
  C:\Windows\System\ewZesjT.exe
  2⤵
  PID:7756
- C:\Windows\System\lpvVKDS.exe
  C:\Windows\System\lpvVKDS.exe
  2⤵
  PID:7776
- C:\Windows\System\rPEoKEE.exe
  C:\Windows\System\rPEoKEE.exe
  2⤵
  PID:7792
- C:\Windows\System\AQONtBn.exe
  C:\Windows\System\AQONtBn.exe
  2⤵
  PID:7808
- C:\Windows\System\znrmpJS.exe
  C:\Windows\System\znrmpJS.exe
  2⤵
  PID:7824
- C:\Windows\System\WkEmmLm.exe
  C:\Windows\System\WkEmmLm.exe
  2⤵
  PID:7840
- C:\Windows\System\lrXYbYi.exe
  C:\Windows\System\lrXYbYi.exe
  2⤵
  PID:7856
- C:\Windows\System\IYOsdTs.exe
  C:\Windows\System\IYOsdTs.exe
  2⤵
  PID:7872
- C:\Windows\System\gpySRCt.exe
  C:\Windows\System\gpySRCt.exe
  2⤵
  PID:7888
- C:\Windows\System\MpDmgat.exe
  C:\Windows\System\MpDmgat.exe
  2⤵
  PID:7904
- C:\Windows\System\byjQtnM.exe
  C:\Windows\System\byjQtnM.exe
  2⤵
  PID:7920
- C:\Windows\System\QJWQjRf.exe
  C:\Windows\System\QJWQjRf.exe
  2⤵
  PID:7936
- C:\Windows\System\qohojNb.exe
  C:\Windows\System\qohojNb.exe
  2⤵
  PID:7952
- C:\Windows\System\mDQZscf.exe
  C:\Windows\System\mDQZscf.exe
  2⤵
  PID:7968
- C:\Windows\System\GISHnEx.exe
  C:\Windows\System\GISHnEx.exe
  2⤵
  PID:7984
- C:\Windows\System\vxbDRUC.exe
  C:\Windows\System\vxbDRUC.exe
  2⤵
  PID:8004
- C:\Windows\System\fDlteGc.exe
  C:\Windows\System\fDlteGc.exe
  2⤵
  PID:8020
- C:\Windows\System\MvtOyPB.exe
  C:\Windows\System\MvtOyPB.exe
  2⤵
  PID:8040
- C:\Windows\System\MNLFSzn.exe
  C:\Windows\System\MNLFSzn.exe
  2⤵
  PID:8056
- C:\Windows\System\EAiMjHJ.exe
  C:\Windows\System\EAiMjHJ.exe
  2⤵
  PID:8076
- C:\Windows\System\ZzbKoQV.exe
  C:\Windows\System\ZzbKoQV.exe
  2⤵
  PID:8092
- C:\Windows\System\gxpxmtW.exe
  C:\Windows\System\gxpxmtW.exe
  2⤵
  PID:8108
- C:\Windows\System\mbaCwwT.exe
  C:\Windows\System\mbaCwwT.exe
  2⤵
  PID:8124
- C:\Windows\System\jtjZNTP.exe
  C:\Windows\System\jtjZNTP.exe
  2⤵
  PID:8140
- C:\Windows\System\cKChMlT.exe
  C:\Windows\System\cKChMlT.exe
  2⤵
  PID:8156
- C:\Windows\System\lOVSaJk.exe
  C:\Windows\System\lOVSaJk.exe
  2⤵
  PID:8180
- C:\Windows\System\numqmxR.exe
  C:\Windows\System\numqmxR.exe
  2⤵
  PID:6296
- C:\Windows\System\MHHDluk.exe
  C:\Windows\System\MHHDluk.exe
  2⤵
  PID:7252
- C:\Windows\System\xbFYxgU.exe
  C:\Windows\System\xbFYxgU.exe
  2⤵
  PID:7316
- C:\Windows\System\WhLKFkP.exe
  C:\Windows\System\WhLKFkP.exe
  2⤵
  PID:7236
- C:\Windows\System\IZntPJY.exe
  C:\Windows\System\IZntPJY.exe
  2⤵
  PID:7304
- C:\Windows\System\ZZptnWs.exe
  C:\Windows\System\ZZptnWs.exe
  2⤵
  PID:7368
- C:\Windows\System\vsBgtkM.exe
  C:\Windows\System\vsBgtkM.exe
  2⤵
  PID:7208
- C:\Windows\System\hreHUqw.exe
  C:\Windows\System\hreHUqw.exe
  2⤵
  PID:7384
- C:\Windows\System\pksmVVN.exe
  C:\Windows\System\pksmVVN.exe
  2⤵
  PID:7448
- C:\Windows\System\TkJVebw.exe
  C:\Windows\System\TkJVebw.exe
  2⤵
  PID:7512
- C:\Windows\System\wPOjvHN.exe
  C:\Windows\System\wPOjvHN.exe
  2⤵
  PID:7432
- C:\Windows\System\WwjAeiH.exe
  C:\Windows\System\WwjAeiH.exe
  2⤵
  PID:7500
- C:\Windows\System\qmOJmhI.exe
  C:\Windows\System\qmOJmhI.exe
  2⤵
  PID:7596
- C:\Windows\System\bkPnRQK.exe
  C:\Windows\System\bkPnRQK.exe
  2⤵
  PID:7600
- C:\Windows\System\KZrqwCR.exe
  C:\Windows\System\KZrqwCR.exe
  2⤵
  PID:7688
- C:\Windows\System\XjHfiaY.exe
  C:\Windows\System\XjHfiaY.exe
  2⤵
  PID:7752
- C:\Windows\System\efqldOH.exe
  C:\Windows\System\efqldOH.exe
  2⤵
  PID:7732
- C:\Windows\System\Pnuancs.exe
  C:\Windows\System\Pnuancs.exe
  2⤵
  PID:7764
- C:\Windows\System\QhqkbpQ.exe
  C:\Windows\System\QhqkbpQ.exe
  2⤵
  PID:7788
- C:\Windows\System\HFHQOSK.exe
  C:\Windows\System\HFHQOSK.exe
  2⤵
  PID:7852
- C:\Windows\System\wXeWaUC.exe
  C:\Windows\System\wXeWaUC.exe
  2⤵
  PID:7804
- C:\Windows\System\lWnhhnq.exe
  C:\Windows\System\lWnhhnq.exe
  2⤵
  PID:7868
- C:\Windows\System\WhcgylY.exe
  C:\Windows\System\WhcgylY.exe
  2⤵
  PID:7800
- C:\Windows\System\FIoGcJP.exe
  C:\Windows\System\FIoGcJP.exe
  2⤵
  PID:7944
- C:\Windows\System\ALlMQhU.exe
  C:\Windows\System\ALlMQhU.exe
  2⤵
  PID:7992
- C:\Windows\System\gbWhmIy.exe
  C:\Windows\System\gbWhmIy.exe
  2⤵
  PID:8016
- C:\Windows\System\gFAAAMK.exe
  C:\Windows\System\gFAAAMK.exe
  2⤵
  PID:8084
- C:\Windows\System\OhIUvIC.exe
  C:\Windows\System\OhIUvIC.exe
  2⤵
  PID:8148
- C:\Windows\System\vzqHlqR.exe
  C:\Windows\System\vzqHlqR.exe
  2⤵
  PID:8028
- C:\Windows\System\onrrYRy.exe
  C:\Windows\System\onrrYRy.exe
  2⤵
  PID:8168
- C:\Windows\System\aVAksff.exe
  C:\Windows\System\aVAksff.exe
  2⤵
  PID:8068
- C:\Windows\System\eDnhjfl.exe
  C:\Windows\System\eDnhjfl.exe
  2⤵
  PID:8136
- C:\Windows\System\DWRjUvr.exe
  C:\Windows\System\DWRjUvr.exe
  2⤵
  PID:1544
- C:\Windows\System\LaFRrGa.exe
  C:\Windows\System\LaFRrGa.exe
  2⤵
  PID:7268
- C:\Windows\System\ssULwIq.exe
  C:\Windows\System\ssULwIq.exe
  2⤵
  PID:7416
- C:\Windows\System\trHTSvt.exe
  C:\Windows\System\trHTSvt.exe
  2⤵
  PID:7548
- C:\Windows\System\iiWWDUw.exe
  C:\Windows\System\iiWWDUw.exe
  2⤵
  PID:7404
- C:\Windows\System\pTUTdwL.exe
  C:\Windows\System\pTUTdwL.exe
  2⤵
  PID:7480
- C:\Windows\System\fIfeHNS.exe
  C:\Windows\System\fIfeHNS.exe
  2⤵
  PID:7468
- C:\Windows\System\FYIATGh.exe
  C:\Windows\System\FYIATGh.exe
  2⤵
  PID:7700
- C:\Windows\System\kXvHFsd.exe
  C:\Windows\System\kXvHFsd.exe
  2⤵
  PID:7616
- C:\Windows\System\wzPpzjC.exe
  C:\Windows\System\wzPpzjC.exe
  2⤵
  PID:7664
- C:\Windows\System\gmwSeZm.exe
  C:\Windows\System\gmwSeZm.exe
  2⤵
  PID:7864
- C:\Windows\System\xDeHZvW.exe
  C:\Windows\System\xDeHZvW.exe
  2⤵
  PID:7772
- C:\Windows\System\iMtUmdT.exe
  C:\Windows\System\iMtUmdT.exe
  2⤵
  PID:7976
- C:\Windows\System\vAYMMVx.exe
  C:\Windows\System\vAYMMVx.exe
  2⤵
  PID:8052
- C:\Windows\System\GZBnHZN.exe
  C:\Windows\System\GZBnHZN.exe
  2⤵
  PID:8064
- C:\Windows\System\NhWDdKF.exe
  C:\Windows\System\NhWDdKF.exe
  2⤵
  PID:8000
- C:\Windows\System\JPmojQZ.exe
  C:\Windows\System\JPmojQZ.exe
  2⤵
  PID:7256
- C:\Windows\System\MfKFYSD.exe
  C:\Windows\System\MfKFYSD.exe
  2⤵
  PID:7420
- C:\Windows\System\wxUJJUB.exe
  C:\Windows\System\wxUJJUB.exe
  2⤵
  PID:7204
- C:\Windows\System\XEWrtlj.exe
  C:\Windows\System\XEWrtlj.exe
  2⤵
  PID:7552
- C:\Windows\System\yFWBDeH.exe
  C:\Windows\System\yFWBDeH.exe
  2⤵
  PID:7900
- C:\Windows\System\vjuHfTY.exe
  C:\Windows\System\vjuHfTY.exe
  2⤵
  PID:6952
- C:\Windows\System\uGoIlYX.exe
  C:\Windows\System\uGoIlYX.exe
  2⤵
  PID:8048
- C:\Windows\System\HyBuYua.exe
  C:\Windows\System\HyBuYua.exe
  2⤵
  PID:7652
- C:\Windows\System\KMKlFac.exe
  C:\Windows\System\KMKlFac.exe
  2⤵
  PID:7220
- C:\Windows\System\jTLuwQu.exe
  C:\Windows\System\jTLuwQu.exe
  2⤵
  PID:7400
- C:\Windows\System\xkKTlSv.exe
  C:\Windows\System\xkKTlSv.exe
  2⤵
  PID:7584
- C:\Windows\System\yuKfMLE.exe
  C:\Windows\System\yuKfMLE.exe
  2⤵
  PID:7176
- C:\Windows\System\OscpuBP.exe
  C:\Windows\System\OscpuBP.exe
  2⤵
  PID:7636
- C:\Windows\System\MmzliKm.exe
  C:\Windows\System\MmzliKm.exe
  2⤵
  PID:8116
- C:\Windows\System\PNiAJHG.exe
  C:\Windows\System\PNiAJHG.exe
  2⤵
  PID:8208
- C:\Windows\System\MsyIQXV.exe
  C:\Windows\System\MsyIQXV.exe
  2⤵
  PID:8224
- C:\Windows\System\CzbEsKL.exe
  C:\Windows\System\CzbEsKL.exe
  2⤵
  PID:8240
- C:\Windows\System\oFgDkYj.exe
  C:\Windows\System\oFgDkYj.exe
  2⤵
  PID:8256
- C:\Windows\System\gJaNfJG.exe
  C:\Windows\System\gJaNfJG.exe
  2⤵
  PID:8272
- C:\Windows\System\RVtcUak.exe
  C:\Windows\System\RVtcUak.exe
  2⤵
  PID:8288
- C:\Windows\System\hEcofFG.exe
  C:\Windows\System\hEcofFG.exe
  2⤵
  PID:8304
- C:\Windows\System\NgQeHIx.exe
  C:\Windows\System\NgQeHIx.exe
  2⤵
  PID:8320
- C:\Windows\System\ykksSby.exe
  C:\Windows\System\ykksSby.exe
  2⤵
  PID:8340
- C:\Windows\System\iaPQWWt.exe
  C:\Windows\System\iaPQWWt.exe
  2⤵
  PID:8356
- C:\Windows\System\hMqiwcX.exe
  C:\Windows\System\hMqiwcX.exe
  2⤵
  PID:8372
- C:\Windows\System\ffMfdVV.exe
  C:\Windows\System\ffMfdVV.exe
  2⤵
  PID:8388
- C:\Windows\System\PvlrjmZ.exe
  C:\Windows\System\PvlrjmZ.exe
  2⤵
  PID:8404
- C:\Windows\System\CRxEvnB.exe
  C:\Windows\System\CRxEvnB.exe
  2⤵
  PID:8420
- C:\Windows\System\RRXFMJt.exe
  C:\Windows\System\RRXFMJt.exe
  2⤵
  PID:8436
- C:\Windows\System\tosoIyt.exe
  C:\Windows\System\tosoIyt.exe
  2⤵
  PID:8452
- C:\Windows\System\rVCMtNV.exe
  C:\Windows\System\rVCMtNV.exe
  2⤵
  PID:8468
- C:\Windows\System\SFAMzBg.exe
  C:\Windows\System\SFAMzBg.exe
  2⤵
  PID:8488
- C:\Windows\System\ZCHABsr.exe
  C:\Windows\System\ZCHABsr.exe
  2⤵
  PID:8504
- C:\Windows\System\svtbqYs.exe
  C:\Windows\System\svtbqYs.exe
  2⤵
  PID:8520
- C:\Windows\System\aTqjzWD.exe
  C:\Windows\System\aTqjzWD.exe
  2⤵
  PID:8536
- C:\Windows\System\ichrvnC.exe
  C:\Windows\System\ichrvnC.exe
  2⤵
  PID:8552
- C:\Windows\System\cYWTjbK.exe
  C:\Windows\System\cYWTjbK.exe
  2⤵
  PID:8568
- C:\Windows\System\TgbhlIn.exe
  C:\Windows\System\TgbhlIn.exe
  2⤵
  PID:8584
- C:\Windows\System\GdquzpO.exe
  C:\Windows\System\GdquzpO.exe
  2⤵
  PID:8604
- C:\Windows\System\IWtAAdt.exe
  C:\Windows\System\IWtAAdt.exe
  2⤵
  PID:8620
- C:\Windows\System\toEOODI.exe
  C:\Windows\System\toEOODI.exe
  2⤵
  PID:8636
- C:\Windows\System\eBsyPBc.exe
  C:\Windows\System\eBsyPBc.exe
  2⤵
  PID:8652
- C:\Windows\System\yfKOlVT.exe
  C:\Windows\System\yfKOlVT.exe
  2⤵
  PID:8672
- C:\Windows\System\KnOWWHz.exe
  C:\Windows\System\KnOWWHz.exe
  2⤵
  PID:8688
- C:\Windows\System\CWrzOih.exe
  C:\Windows\System\CWrzOih.exe
  2⤵
  PID:8704
- C:\Windows\System\srLoRQt.exe
  C:\Windows\System\srLoRQt.exe
  2⤵
  PID:8720
- C:\Windows\System\HmsMMdW.exe
  C:\Windows\System\HmsMMdW.exe
  2⤵
  PID:8736
- C:\Windows\System\yfHnJsd.exe
  C:\Windows\System\yfHnJsd.exe
  2⤵
  PID:8752
- C:\Windows\System\HkgxEGo.exe
  C:\Windows\System\HkgxEGo.exe
  2⤵
  PID:8768
- C:\Windows\System\ZSgmlWF.exe
  C:\Windows\System\ZSgmlWF.exe
  2⤵
  PID:8784
- C:\Windows\System\TCNuHqJ.exe
  C:\Windows\System\TCNuHqJ.exe
  2⤵
  PID:8804
- C:\Windows\System\vXkCltr.exe
  C:\Windows\System\vXkCltr.exe
  2⤵
  PID:8832
- C:\Windows\System\jEcLcwc.exe
  C:\Windows\System\jEcLcwc.exe
  2⤵
  PID:8848
- C:\Windows\System\xfhPDme.exe
  C:\Windows\System\xfhPDme.exe
  2⤵
  PID:8864
- C:\Windows\System\GVkZuKy.exe
  C:\Windows\System\GVkZuKy.exe
  2⤵
  PID:8880
- C:\Windows\System\CfSfaDj.exe
  C:\Windows\System\CfSfaDj.exe
  2⤵
  PID:8896
- C:\Windows\System\uekFxLP.exe
  C:\Windows\System\uekFxLP.exe
  2⤵
  PID:8912
- C:\Windows\System\POqiwqU.exe
  C:\Windows\System\POqiwqU.exe
  2⤵
  PID:8928
- C:\Windows\System\ywafpLm.exe
  C:\Windows\System\ywafpLm.exe
  2⤵
  PID:8948
- C:\Windows\System\vMyrkXj.exe
  C:\Windows\System\vMyrkXj.exe
  2⤵
  PID:8972
- C:\Windows\System\DFsxQYI.exe
  C:\Windows\System\DFsxQYI.exe
  2⤵
  PID:9064
- C:\Windows\System\UyZOQak.exe
  C:\Windows\System\UyZOQak.exe
  2⤵
  PID:9080
- C:\Windows\System\iroHcQh.exe
  C:\Windows\System\iroHcQh.exe
  2⤵
  PID:9112
- C:\Windows\System\xxioxvU.exe
  C:\Windows\System\xxioxvU.exe
  2⤵
  PID:9128
- C:\Windows\System\prxyBMU.exe
  C:\Windows\System\prxyBMU.exe
  2⤵
  PID:9144
- C:\Windows\System\YCPXOhD.exe
  C:\Windows\System\YCPXOhD.exe
  2⤵
  PID:9168
- C:\Windows\System\yLNmRRG.exe
  C:\Windows\System\yLNmRRG.exe
  2⤵
  PID:9184
- C:\Windows\System\dGoMzWs.exe
  C:\Windows\System\dGoMzWs.exe
  2⤵
  PID:9200
- C:\Windows\System\qyDlllY.exe
  C:\Windows\System\qyDlllY.exe
  2⤵
  PID:8104
- C:\Windows\System\JaILdiv.exe
  C:\Windows\System\JaILdiv.exe
  2⤵
  PID:7896
- C:\Windows\System\eibeMlb.exe
  C:\Windows\System\eibeMlb.exe
  2⤵
  PID:8204
- C:\Windows\System\DIDnMGl.exe
  C:\Windows\System\DIDnMGl.exe
  2⤵
  PID:8236
- C:\Windows\System\xIUpQcF.exe
  C:\Windows\System\xIUpQcF.exe
  2⤵
  PID:8248
- C:\Windows\System\xQxtCPm.exe
  C:\Windows\System\xQxtCPm.exe
  2⤵
  PID:8312
- C:\Windows\System\sEOtImr.exe
  C:\Windows\System\sEOtImr.exe
  2⤵
  PID:8496
- C:\Windows\System\PkmEZxH.exe
  C:\Windows\System\PkmEZxH.exe
  2⤵
  PID:8444
- C:\Windows\System\zgjZGQi.exe
  C:\Windows\System\zgjZGQi.exe
  2⤵
  PID:8532
- C:\Windows\System\AljLjoO.exe
  C:\Windows\System\AljLjoO.exe
  2⤵
  PID:8592
- C:\Windows\System\vlhmRkN.exe
  C:\Windows\System\vlhmRkN.exe
  2⤵
  PID:8632
- C:\Windows\System\mCtmpzt.exe
  C:\Windows\System\mCtmpzt.exe
  2⤵
  PID:8700
- C:\Windows\System\TOIBuDS.exe
  C:\Windows\System\TOIBuDS.exe
  2⤵
  PID:8760
- C:\Windows\System\rflwpPy.exe
  C:\Windows\System\rflwpPy.exe
  2⤵
  PID:8712
- C:\Windows\System\zjYfHfL.exe
  C:\Windows\System\zjYfHfL.exe
  2⤵
  PID:8748
- C:\Windows\System\KwVYGXG.exe
  C:\Windows\System\KwVYGXG.exe
  2⤵
  PID:8800
- C:\Windows\System\vyjvdWH.exe
  C:\Windows\System\vyjvdWH.exe
  2⤵
  PID:8816
- C:\Windows\System\qIairwO.exe
  C:\Windows\System\qIairwO.exe
  2⤵
  PID:8876
- C:\Windows\System\ayXafDk.exe
  C:\Windows\System\ayXafDk.exe
  2⤵
  PID:8892
- C:\Windows\System\HtaRqDQ.exe
  C:\Windows\System\HtaRqDQ.exe
  2⤵
  PID:8956
- C:\Windows\System\ndPpkMR.exe
  C:\Windows\System\ndPpkMR.exe
  2⤵
  PID:8984
- C:\Windows\System\iCvPLlU.exe
  C:\Windows\System\iCvPLlU.exe
  2⤵
  PID:9000
- C:\Windows\System\rXKwRfc.exe
  C:\Windows\System\rXKwRfc.exe
  2⤵
  PID:9016
- C:\Windows\System\dmEgxlU.exe
  C:\Windows\System\dmEgxlU.exe
  2⤵
  PID:9032
- C:\Windows\System\MbdnRKo.exe
  C:\Windows\System\MbdnRKo.exe
  2⤵
  PID:8964
- C:\Windows\System\RIhYJfI.exe
  C:\Windows\System\RIhYJfI.exe
  2⤵
  PID:9060
- C:\Windows\System\HaTZHrO.exe
  C:\Windows\System\HaTZHrO.exe
  2⤵
  PID:9076
- C:\Windows\System\IjvuWti.exe
  C:\Windows\System\IjvuWti.exe
  2⤵
  PID:9108
- C:\Windows\System\BCMOlLU.exe
  C:\Windows\System\BCMOlLU.exe
  2⤵
  PID:9156
- C:\Windows\System\ifRlnZP.exe
  C:\Windows\System\ifRlnZP.exe
  2⤵
  PID:7672
- C:\Windows\System\MMmvccm.exe
  C:\Windows\System\MMmvccm.exe
  2⤵
  PID:8220
- C:\Windows\System\UZKNRkE.exe
  C:\Windows\System\UZKNRkE.exe
  2⤵
  PID:9124
- C:\Windows\System\ZRslmwB.exe
  C:\Windows\System\ZRslmwB.exe
  2⤵
  PID:8368
- C:\Windows\System\asjQCAA.exe
  C:\Windows\System\asjQCAA.exe
  2⤵
  PID:7960
- C:\Windows\System\oWyQwcQ.exe
  C:\Windows\System\oWyQwcQ.exe
  2⤵
  PID:8528
- C:\Windows\System\cQzgtpC.exe
  C:\Windows\System\cQzgtpC.exe
  2⤵
  PID:8564
- C:\Windows\System\TMyCBdm.exe
  C:\Windows\System\TMyCBdm.exe
  2⤵
  PID:8328
- C:\Windows\System\dbLLbtm.exe
  C:\Windows\System\dbLLbtm.exe
  2⤵
  PID:8396
- C:\Windows\System\zBhEHoD.exe
  C:\Windows\System\zBhEHoD.exe
  2⤵
  PID:8380
- C:\Windows\System\EOcChrE.exe
  C:\Windows\System\EOcChrE.exe
  2⤵
  PID:8432
- C:\Windows\System\pQZMRon.exe
  C:\Windows\System\pQZMRon.exe
  2⤵
  PID:8512
- C:\Windows\System\TArjGie.exe
  C:\Windows\System\TArjGie.exe
  2⤵
  PID:8596
- C:\Windows\System\fOOrMqD.exe
  C:\Windows\System\fOOrMqD.exe
  2⤵
  PID:8664
- C:\Windows\System\TistUDY.exe
  C:\Windows\System\TistUDY.exe
  2⤵
  PID:8644
- C:\Windows\System\iQCtIhZ.exe
  C:\Windows\System\iQCtIhZ.exe
  2⤵
  PID:8828
- C:\Windows\System\rKwvkUn.exe
  C:\Windows\System\rKwvkUn.exe
  2⤵
  PID:8684
- C:\Windows\System\mEnqEdQ.exe
  C:\Windows\System\mEnqEdQ.exe
  2⤵
  PID:8796
- C:\Windows\System\HcAMgyO.exe
  C:\Windows\System\HcAMgyO.exe
  2⤵
  PID:8860
- C:\Windows\System\peTpGmf.exe
  C:\Windows\System\peTpGmf.exe
  2⤵
  PID:9008
- C:\Windows\System\UwMOSRC.exe
  C:\Windows\System\UwMOSRC.exe
  2⤵
  PID:9092
- C:\Windows\System\woYTdID.exe
  C:\Windows\System\woYTdID.exe
  2⤵
  PID:9140
- C:\Windows\System\nyWOnRE.exe
  C:\Windows\System\nyWOnRE.exe
  2⤵
  PID:8996
- C:\Windows\System\zChRlOy.exe
  C:\Windows\System\zChRlOy.exe
  2⤵
  PID:9056
- C:\Windows\System\TkqczKp.exe
  C:\Windows\System\TkqczKp.exe
  2⤵
  PID:8200
- C:\Windows\System\HuFgyWI.exe
  C:\Windows\System\HuFgyWI.exe
  2⤵
  PID:9176
- C:\Windows\System\XnKqIeh.exe
  C:\Windows\System\XnKqIeh.exe
  2⤵
  PID:8100
- C:\Windows\System\vhsnbQr.exe
  C:\Windows\System\vhsnbQr.exe
  2⤵
  PID:8352
- C:\Windows\System\LCZktEc.exe
  C:\Windows\System\LCZktEc.exe
  2⤵
  PID:8548
- C:\Windows\System\AXteRun.exe
  C:\Windows\System\AXteRun.exe
  2⤵
  PID:8464
- C:\Windows\System\qQDOciq.exe
  C:\Windows\System\qQDOciq.exe
  2⤵
  PID:8728
- C:\Windows\System\zjXvnoT.exe
  C:\Windows\System\zjXvnoT.exe
  2⤵
  PID:8780
- C:\Windows\System\UjBNWNy.exe
  C:\Windows\System\UjBNWNy.exe
  2⤵
  PID:8924
- C:\Windows\System\LwuccEr.exe
  C:\Windows\System\LwuccEr.exe
  2⤵
  PID:8680
- C:\Windows\System\KRwbhXK.exe
  C:\Windows\System\KRwbhXK.exe
  2⤵
  PID:9052
- C:\Windows\System\jLppKDp.exe
  C:\Windows\System\jLppKDp.exe
  2⤵
  PID:8296
- C:\Windows\System\hPhgQMT.exe
  C:\Windows\System\hPhgQMT.exe
  2⤵
  PID:8216
- C:\Windows\System\RAdnPCx.exe
  C:\Windows\System\RAdnPCx.exe
  2⤵
  PID:8476
- C:\Windows\System\DpKVfTs.exe
  C:\Windows\System\DpKVfTs.exe
  2⤵
  PID:8600
- C:\Windows\System\GrermKQ.exe
  C:\Windows\System\GrermKQ.exe
  2⤵
  PID:8824
- C:\Windows\System\kGBlOLF.exe
  C:\Windows\System\kGBlOLF.exe
  2⤵
  PID:8844
- C:\Windows\System\IMsDGgO.exe
  C:\Windows\System\IMsDGgO.exe
  2⤵
  PID:8284
- C:\Windows\System\XgNbKub.exe
  C:\Windows\System\XgNbKub.exe
  2⤵
  PID:8428
- C:\Windows\System\AsMOsFk.exe
  C:\Windows\System\AsMOsFk.exe
  2⤵
  PID:9220
- C:\Windows\System\KFGAcKr.exe
  C:\Windows\System\KFGAcKr.exe
  2⤵
  PID:9240
- C:\Windows\System\uvHqVua.exe
  C:\Windows\System\uvHqVua.exe
  2⤵
  PID:9260
- C:\Windows\System\Jzshjks.exe
  C:\Windows\System\Jzshjks.exe
  2⤵
  PID:9312
- C:\Windows\System\rSwdAfC.exe
  C:\Windows\System\rSwdAfC.exe
  2⤵
  PID:9344
- C:\Windows\System\rhcOknT.exe
  C:\Windows\System\rhcOknT.exe
  2⤵
  PID:9396
- C:\Windows\System\JRmthcP.exe
  C:\Windows\System\JRmthcP.exe
  2⤵
  PID:9468
- C:\Windows\System\FYJvJlK.exe
  C:\Windows\System\FYJvJlK.exe
  2⤵
  PID:9484
- C:\Windows\System\AUCzNcj.exe
  C:\Windows\System\AUCzNcj.exe
  2⤵
  PID:9500
- C:\Windows\System\imbMHxF.exe
  C:\Windows\System\imbMHxF.exe
  2⤵
  PID:9520
- C:\Windows\System\MudsMlI.exe
  C:\Windows\System\MudsMlI.exe
  2⤵
  PID:9536
- C:\Windows\System\MLaagiK.exe
  C:\Windows\System\MLaagiK.exe
  2⤵
  PID:9552
- C:\Windows\System\nQnmQbJ.exe
  C:\Windows\System\nQnmQbJ.exe
  2⤵
  PID:9576
- C:\Windows\System\aQYunKn.exe
  C:\Windows\System\aQYunKn.exe
  2⤵
  PID:9592
- C:\Windows\System\XXTRxBS.exe
  C:\Windows\System\XXTRxBS.exe
  2⤵
  PID:9608
- C:\Windows\System\FKZGCSA.exe
  C:\Windows\System\FKZGCSA.exe
  2⤵
  PID:9624
- C:\Windows\System\GtnBbVz.exe
  C:\Windows\System\GtnBbVz.exe
  2⤵
  PID:9640
- C:\Windows\System\bXomJMA.exe
  C:\Windows\System\bXomJMA.exe
  2⤵
  PID:9656
- C:\Windows\System\sEMVshM.exe
  C:\Windows\System\sEMVshM.exe
  2⤵
  PID:9672
- C:\Windows\System\jYHorvQ.exe
  C:\Windows\System\jYHorvQ.exe
  2⤵
  PID:9688
- C:\Windows\System\ADfCBpe.exe
  C:\Windows\System\ADfCBpe.exe
  2⤵
  PID:9704
- C:\Windows\System\ICuMPwG.exe
  C:\Windows\System\ICuMPwG.exe
  2⤵
  PID:9720
- C:\Windows\System\ZllXMjo.exe
  C:\Windows\System\ZllXMjo.exe
  2⤵
  PID:9740
- C:\Windows\System\XPmuyEv.exe
  C:\Windows\System\XPmuyEv.exe
  2⤵
  PID:9756
- C:\Windows\System\hZfHYeT.exe
  C:\Windows\System\hZfHYeT.exe
  2⤵
  PID:9772
- C:\Windows\System\fWGJylf.exe
  C:\Windows\System\fWGJylf.exe
  2⤵
  PID:9788
- C:\Windows\System\DRGHxTg.exe
  C:\Windows\System\DRGHxTg.exe
  2⤵
  PID:9804
- C:\Windows\System\cZWMpYP.exe
  C:\Windows\System\cZWMpYP.exe
  2⤵
  PID:9824
- C:\Windows\System\TNfdYjZ.exe
  C:\Windows\System\TNfdYjZ.exe
  2⤵
  PID:9840
- C:\Windows\System\XQvdUqK.exe
  C:\Windows\System\XQvdUqK.exe
  2⤵
  PID:9856
- C:\Windows\System\VHlakde.exe
  C:\Windows\System\VHlakde.exe
  2⤵
  PID:9872
- C:\Windows\System\YnRFJiD.exe
  C:\Windows\System\YnRFJiD.exe
  2⤵
  PID:9888
- C:\Windows\System\YGwRaYd.exe
  C:\Windows\System\YGwRaYd.exe
  2⤵
  PID:9904
- C:\Windows\System\kjlRzYv.exe
  C:\Windows\System\kjlRzYv.exe
  2⤵
  PID:9920
- C:\Windows\System\RbsVVrY.exe
  C:\Windows\System\RbsVVrY.exe
  2⤵
  PID:9936
- C:\Windows\System\IRitqjz.exe
  C:\Windows\System\IRitqjz.exe
  2⤵
  PID:9952
- C:\Windows\System\yJIccnf.exe
  C:\Windows\System\yJIccnf.exe
  2⤵
  PID:9968
- C:\Windows\System\VtxRCYU.exe
  C:\Windows\System\VtxRCYU.exe
  2⤵
  PID:9984
- C:\Windows\System\NKurYCy.exe
  C:\Windows\System\NKurYCy.exe
  2⤵
  PID:10000
- C:\Windows\System\tzPIWzC.exe
  C:\Windows\System\tzPIWzC.exe
  2⤵
  PID:10016
- C:\Windows\System\GnPDDxd.exe
  C:\Windows\System\GnPDDxd.exe
  2⤵
  PID:10044
- C:\Windows\System\ZXzQsLT.exe
  C:\Windows\System\ZXzQsLT.exe
  2⤵
  PID:10068
- C:\Windows\System\XgkgEwu.exe
  C:\Windows\System\XgkgEwu.exe
  2⤵
  PID:10088
- C:\Windows\System\wAWurho.exe
  C:\Windows\System\wAWurho.exe
  2⤵
  PID:10104
- C:\Windows\System\SbhMtxv.exe
  C:\Windows\System\SbhMtxv.exe
  2⤵
  PID:10124
- C:\Windows\System\bKfSspy.exe
  C:\Windows\System\bKfSspy.exe
  2⤵
  PID:10140
- C:\Windows\System\tHFRtri.exe
  C:\Windows\System\tHFRtri.exe
  2⤵
  PID:10156
- C:\Windows\System\MnoPrxs.exe
  C:\Windows\System\MnoPrxs.exe
  2⤵
  PID:10180
- C:\Windows\System\gYKlJSV.exe
  C:\Windows\System\gYKlJSV.exe
  2⤵
  PID:10196
- C:\Windows\System\hQlHxEl.exe
  C:\Windows\System\hQlHxEl.exe
  2⤵
  PID:10212
- C:\Windows\System\BQVrDcq.exe
  C:\Windows\System\BQVrDcq.exe
  2⤵
  PID:10228
- C:\Windows\System\LXywsTA.exe
  C:\Windows\System\LXywsTA.exe
  2⤵
  PID:8820
- C:\Windows\System\DCIqZos.exe
  C:\Windows\System\DCIqZos.exe
  2⤵
  PID:8980
- C:\Windows\System\EhRoZnU.exe
  C:\Windows\System\EhRoZnU.exe
  2⤵
  PID:8544
- C:\Windows\System\xgZPVZm.exe
  C:\Windows\System\xgZPVZm.exe
  2⤵
  PID:9232
- C:\Windows\System\VygpyXl.exe
  C:\Windows\System\VygpyXl.exe
  2⤵
  PID:9276
- C:\Windows\System\IQQJUKU.exe
  C:\Windows\System\IQQJUKU.exe
  2⤵
  PID:9308
- C:\Windows\System\PFuxqux.exe
  C:\Windows\System\PFuxqux.exe
  2⤵
  PID:9340
- C:\Windows\System\ucnGSDL.exe
  C:\Windows\System\ucnGSDL.exe
  2⤵
  PID:9364
- C:\Windows\System\PnBLgPC.exe
  C:\Windows\System\PnBLgPC.exe
  2⤵
  PID:9384
- C:\Windows\System\ujXLBYv.exe
  C:\Windows\System\ujXLBYv.exe
  2⤵
  PID:9412
- C:\Windows\System\TztBFVL.exe
  C:\Windows\System\TztBFVL.exe
  2⤵
  PID:9392
- C:\Windows\System\PLyWqPR.exe
  C:\Windows\System\PLyWqPR.exe
  2⤵
  PID:9440
- C:\Windows\System\gScZYnU.exe
  C:\Windows\System\gScZYnU.exe
  2⤵
  PID:9456
- C:\Windows\System\FwlgEMB.exe
  C:\Windows\System\FwlgEMB.exe
  2⤵
  PID:9496
- C:\Windows\System\izMXRYu.exe
  C:\Windows\System\izMXRYu.exe
  2⤵
  PID:9516
- C:\Windows\System\XXUwKeg.exe
  C:\Windows\System\XXUwKeg.exe
  2⤵
  PID:9532
- C:\Windows\System\kklsIwy.exe
  C:\Windows\System\kklsIwy.exe
  2⤵
  PID:9572
- C:\Windows\System\YAuXKbL.exe
  C:\Windows\System\YAuXKbL.exe
  2⤵
  PID:9636
- C:\Windows\System\cWgERFU.exe
  C:\Windows\System\cWgERFU.exe
  2⤵
  PID:9700
- C:\Windows\System\UXekVNX.exe
  C:\Windows\System\UXekVNX.exe
  2⤵
  PID:9652
- C:\Windows\System\PxTkMaG.exe
  C:\Windows\System\PxTkMaG.exe
  2⤵
  PID:9712
- C:\Windows\System\qhPATxT.exe
  C:\Windows\System\qhPATxT.exe
  2⤵
  PID:9748
- C:\Windows\System\UuXJEMJ.exe
  C:\Windows\System\UuXJEMJ.exe
  2⤵
  PID:9784
- C:\Windows\System\IfunSQN.exe
  C:\Windows\System\IfunSQN.exe
  2⤵
  PID:9836
- C:\Windows\System\ZlrhkrA.exe
  C:\Windows\System\ZlrhkrA.exe
  2⤵
  PID:9848
- C:\Windows\System\FUXTwha.exe
  C:\Windows\System\FUXTwha.exe
  2⤵
  PID:9868
- C:\Windows\System\Kedbhah.exe
  C:\Windows\System\Kedbhah.exe
  2⤵
  PID:9916
- C:\Windows\System\OWykzJg.exe
  C:\Windows\System\OWykzJg.exe
  2⤵
  PID:9948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\APTpdVF.exe

Filesize
6.0MB

MD5
7fa4ec17935a76e2d00175544636f7df

SHA1
5ab36d148d240f24b6a7229c1c6c62a0aa573798

SHA256
95237062c1474edd960bfa38286f395a8dfaee23667ab9e11b4ae4987dab47e1

SHA512
8fd3e20c6e4f917b35196dbec0ff8fe1ec3ab1deead0b7fdceff0ecc1433af3ce6a2e3bc2a30d25af49e196b29dc184cdfe70e4d5f3aed53d475674a8b0b87cd

Download Submit
C:\Windows\system\GtUpdKK.exe

Filesize
6.0MB

MD5
3658fc7130714cc7a76f1d0ef20e1037

SHA1
f20a8bdb38c4eb43dde6a559e29bdfcfad66a22e

SHA256
d69d53cc4d1632d755413684e8f5d6e594f2772d86388de2839db5472cec7bed

SHA512
beb6fcc80895cc71646d926d316fbdeb71d49db04aa3bc1092837f4d0060379dfe8182fbfee38e60cbcf3f4d587a8789709d28ebacafd9d3566f061ea49d6fe5

Download Submit
C:\Windows\system\HPbJhdH.exe

Filesize
6.0MB

MD5
4832b7477f883ba64f28c770c1403315

SHA1
1ed2845abc9736715a75dc3b99b69bdac8f194eb

SHA256
72f7d273178aafd01830806da97bb68c07c36c48339c932f75c4389864b3f4ba

SHA512
3fcf32c4b5f9cea05619b50fc1ba4dc7b2d95b344cc744cf82337a5776d34090edb1bdf591b9b6d0c01ddb40045c63b66c567f2da64d854a3f7aa11eedae8381

Download Submit
C:\Windows\system\NRwWBAI.exe

Filesize
6.0MB

MD5
54eea0cf978c761f679822e4f868071f

SHA1
8253ba529804841915fa2e12ea360fee7b74ab4e

SHA256
8d1983385f2fae996659318d8056fd561f4651230b0462251dab9885fb1e40ef

SHA512
eb9914f8a13aac5f427e74a402b970e5cb92a9908ce6c6e93c3fc5cb861863787177f5573fc203b8987ecb7c9519251d35b7fa1dc8890cd3b5284d81ebd8d6d0

Download Submit
C:\Windows\system\NSgJEAT.exe

Filesize
6.1MB

MD5
013c5327387653326caa6caa8dd50829

SHA1
a617400a64cedaafad365edec2677289e644d390

SHA256
52bdb00f39915728b5f7b21ae70f0bd819d235191c2dff454070723bb17ce9d7

SHA512
3838a999423250260ab3832a889d918d99b07d03fa4fe11654d172569b4dfb2d4825c8ccea6e7be2928943c228da92c9a55c1a47b274aa1d5dc7ef8f8a2e4125

Download Submit
C:\Windows\system\QNPgtip.exe

Filesize
6.0MB

MD5
92b43a4a628c2273ae3ea76a13e8de37

SHA1
a2234aaea8970766c137b6150ef6914581a22cad

SHA256
101f980a73433650e05f616f232264c7758ce0873e6c8b10038a9243489b8075

SHA512
fcbcd0350067688ed240e98dda453978f04e1befc883599bfc697814cd5c7c2147c1b7d620e208200ba3f3920e3c86df42d36af4de513b46721d9dd7d99d5fc7

Download Submit
C:\Windows\system\RBDhJQM.exe

Filesize
6.0MB

MD5
de643136929a92fe65c82795d01100b4

SHA1
5311acd2bfa7a8fc55ceb06f8b6d7dedd48c524c

SHA256
4327cc106fc537892eeddafb69e71262cb8b72c5be94f35df1231d47584e83e9

SHA512
99124edf7d1956e1322e1a35bf50446649a35b3324382eece19dabce9869029a757522608cdcfaad41eeea5a6367c65808faf6e4784fd6ee8795bafe97ac0107

Download Submit
C:\Windows\system\RHTdugj.exe

Filesize
6.0MB

MD5
7f0f8a8a26c0a65f08189e7730f90ac4

SHA1
71dba7d8054cf36a7916d060ee3142a93ceabaca

SHA256
2217669154bcadeea2fa1ec6752ef57ea8d1a88916f3005cf14a6d4e9e4332e9

SHA512
0d2d415840d91614e1dc89c6dd1bc657f5595fbe9c4525e9af4bf6041b5ebfde946286291fe32bdce54600232c422e053df8b607a5381f6ea9baa3a933192959

Download Submit
C:\Windows\system\VfQzIJe.exe

Filesize
6.0MB

MD5
472ce9f27e1539f625627555f7328ff0

SHA1
53545bb48be7d04c1161e3facc94009a76798a17

SHA256
e3fe80d100e56724b3cd4a8047d4f28d55f63631c9ed1a5f7e4813e4fa31cc05

SHA512
d04e6a12f6827762e6dcc265a314331e9369842d1f98539f751ab7149244db3c7d635f795bfce8aa4c79ec99c038ec6632f25095635c5a8592da1935652862b6

Download Submit
C:\Windows\system\VjVJLxi.exe

Filesize
6.1MB

MD5
4ccb8acc9287d9486419af13403b6a83

SHA1
7647fb4bc7f13b799408367510fa2eae0734113e

SHA256
9f5ad4978396304e27a4461b9066479c3d6b5ae083fea2961a4f351ab128ebb3

SHA512
119ecf7f2a56f63b9b37d4ee40dc29f1ab49bc2494a7f7618ed0743bfece2aafe195ba4ee723e7dd1c8e272afbe34cb1c927227e31e91316d908a0f0b025f663

Download Submit
C:\Windows\system\XVVxJaV.exe

Filesize
6.1MB

MD5
bfa759011626eaaa2e9afcb5a88bd475

SHA1
48888aaafeddd68b3559d6a411ed80bc5062640a

SHA256
295922eefc5b51caad86ae48c56450d3f952247053e3fd74ec438851934a3eb2

SHA512
b61d03d8dc5cd9edfc2232ed7a2a064ba006b962f1190ee85824b895e037483fe8ccbb38621ffcf9f32c7dafb405963a9ebc3f1cbf376afd70fc0cee87c23700

Download Submit
C:\Windows\system\XZkmsoo.exe

Filesize
6.1MB

MD5
7d7c88ef70407fdb11f2f90d437bb64d

SHA1
5aa15b94ca7b710fbcda911af844709b15099e96

SHA256
e8aca3d6f31e2885306f657521eb22f8bc97771a553124057d3efc939b749bef

SHA512
41bb068b42ca331d3d455f336553459304845bf9136d2e5b00394cfdfedba5b59c410d8a88aa1dfb964e3a57ecd2785ac76e3ecf8f21d05db71f660acfb444e8

Download Submit
C:\Windows\system\aVCKPTh.exe

Filesize
6.1MB

MD5
e76416da0dfd3bb1cbe15687584b6a04

SHA1
f8d228e31cb13f5decdfd61a88312fed90d87832

SHA256
fc768d63263401b920cc9b89529c56af6a8ffa1b9ef790717fc582440ac9c810

SHA512
792b3c6863a40b5a14e18c728d8b3b6985d87de9f27ac73caf16b22b1e6f9d5ae07536f088d4ed1b1ec613187ebe5c9781251bbc4526491e0b035d84310a4d7a

Download Submit
C:\Windows\system\aVdjYjB.exe

Filesize
6.1MB

MD5
83378ceef73c7c62f3a5da546db2b462

SHA1
ea5ffff4a5be3bc40f5b4a06ae74052184bd7ff1

SHA256
116eae028ea97418d8bc3ce08fac81233dfa710a6835799546ddae9a89cdf49c

SHA512
92fe705a16e290fd3b87e4d2b5a8084cfd4392b337e325de1d07222ea9989590d7806bf8096ac3702f2ac5accdb86339447aa90400323d4cac08e8cb38c3d9a6

Download Submit
C:\Windows\system\azNODZU.exe

Filesize
6.1MB

MD5
54cfeda5f9c504205576acd899e410b1

SHA1
1fcd040684ee71921f53865197009372eae8c7c3

SHA256
98d394d8277a0e91957021915980ff090769c3a072235b884ed65c14e80b2c0d

SHA512
80b17887ff50d79b617cca2b5dd5e34af9779b38d4691cbf5e9822134c3edd7977e279b861b40953e036557deb452a1f7e2a52627cb75576bbc0151c268ffff6

Download Submit
C:\Windows\system\bhAdrAj.exe

Filesize
6.0MB

MD5
d2b3fd7b688190cdcb6c111295e8db93

SHA1
d06e5ac1107781e2d9de47df3f405693f53c9e8d

SHA256
2f3e0330fd627fac589ee312e6c31ef8cebb592b376119b10f2a3572d4871808

SHA512
3f97179b175db3b2cf6d9103967a72d9c0b6da049f3e21b3276381c79034a879cbfe669199314706cb79f92379c6f0768fabc8aa5b761d7fffdd780c8e6f57a4

Download Submit
C:\Windows\system\blqlLOu.exe

Filesize
6.0MB

MD5
33b9f1dae682b4cc66990a58f7eab92b

SHA1
2d0efc617d6fa60e830b7c2c7109b2eab4d4e434

SHA256
7cee29879129c65c9555a702d7c122eeddee79a183008aaf439bc589a4384ede

SHA512
734f95b42ce72082d073868eecfc0622419bc8b892a3e8a61d10fd0bbb39bba56af852d8065100203bf4b17a7508706dd17064d817bd91a2a916e2a2398bd338

Download Submit
C:\Windows\system\cXWcKkB.exe

Filesize
6.0MB

MD5
d5cf7a1a8996d12868735a326b6a29bb

SHA1
a902883b8d2bb6e2b32d12409d77c9d0d0708d0d

SHA256
2421e03a81ea6041725b00db191c2f4cfc4406c76b41640f6a071960be42082f

SHA512
7874b813b636a9cf7a798065192c6f85076f36165b7f76c0472a5360bd73fdf4f53104ff0f537dbd727d3ade00cbf68ca40c66792e97a3f03cdd13b13225bca6

Download Submit
C:\Windows\system\dIRiVye.exe

Filesize
6.0MB

MD5
914bd4d4a1913617c1aba39bb265b0af

SHA1
ce867116cd4c63f45b6944c08720ee32d4e0ac02

SHA256
050c8219e4433f8b12fe5fdd46c4d041a287f488c1fc7fed3cafc3264ca63d06

SHA512
7e20b8ac2bde5cf6b0c417ef6601e45191fd1368435e76febec74e9457080c7f0bea1610e9ca6fb0fd088cde3f1bf9d595af05712a9703f9a4c801e319151295

Download Submit
C:\Windows\system\jLdbUjl.exe

Filesize
6.1MB

MD5
2093186f7e2a8ad0e4c125ecdbda42b6

SHA1
07ecafb6f8a85df8f5299265bcfb950f029ed799

SHA256
bd4a295f7d7138c08677c06161a26f4cd2cd3d6bfa6196cfedd9714148e8c241

SHA512
a32f677153d62b3f419208fd31b005b35654b4cfb9f550e69c1fc30dc60dee7dbd309aff686c45a23f4b18662fa63e8dc727604655c1133e8d81c740a055a044

Download Submit
C:\Windows\system\mlkAQVw.exe

Filesize
6.0MB

MD5
efbbad28275a1fc6cb0f6c6652cc3dda

SHA1
26d336d83e5c6730dbcdd12407b5669be2d9a9c3

SHA256
c84b73f6276cc87e1ebe378f9a87b713472dd2e9b5477b807d33d04c998406ca

SHA512
de11bf7c9d64de8297edfc317e025aeec5b8c817ba667d530c64c4cf327a59969707f5f90c2ab6c4829ec279d941c10728401fb6c9a7fdd6d085172204fe8fd2

Download Submit
C:\Windows\system\pawjnLp.exe

Filesize
6.1MB

MD5
35ed669a37d9424dbcf3b78943aeacab

SHA1
d5f703775ad459c13a5517a40766fd5720e7a75d

SHA256
0a59529b3ea7f9e662e19efbf4f30e5fe858c2ce0e35c1f4664e84010884f7c0

SHA512
9db613ae6d7624d87f1cdb32d24a5e2e1a4bf5b1cea300dae1a648924b6dc908e4e3fa3593cd42bc1a9f821c2ca7bc0757e45dd0989af9af2c4d14f593bc7480

Download Submit
C:\Windows\system\qatmtav.exe

Filesize
6.1MB

MD5
8ec26ab1af0df50e3e128899c81a42bc

SHA1
9ac57bdba918198fa60aac49424328fc62383ea5

SHA256
4feebd8f24a2ba2f94b83dd583525973eeee6c2ee9356d477049a020766e0466

SHA512
969c72ee77a4c1d1c54a5b06ee0e4c10bbc1acbcb58c91690c02f5abc2761034fa5007271af0b8be944ffb1eab10ec93900ed0e9ae94f793e6baee21888f33b4

Download Submit
C:\Windows\system\rfFQqHb.exe

Filesize
6.1MB

MD5
18165287cb6a84d044a0cfb9783450d9

SHA1
dfbb3c3119f69332da65632e0c341a1255d5981f

SHA256
9a2025162a126d291ce38f55b2aa3cf3e7e22d756cdcb83eda42b5b6e299c870

SHA512
6977f5427cd5ea703baf992df52a6cf0c018d10bd863a0f5ed4d323686c0d95da926d27e6112094e522e828dc8b5f1f7407b8571def541ec7ffe198e23c9d815

Download Submit
C:\Windows\system\sGZjTLD.exe

Filesize
6.1MB

MD5
3cb09430eec3f787bc4b33059c122eb6

SHA1
93afdbe26d873adc6fe387a0b209103323649b3e

SHA256
3e53b85ff09b84ddaadf780060a8b53fac3aaf24b18859d69e31b3c21e828b13

SHA512
4b79a08654038314a651913068b0a6963be0442001418614e62ba37361c31aea8b418d71ee52b957b484640d5c598fef0a1007bba5bd67d5d979b4c229380caa

Download Submit
C:\Windows\system\sTnNHNL.exe

Filesize
6.1MB

MD5
8c395a48c8468fa82e90cb71219dd485

SHA1
682c380335b0c24255d4e5334798aeb3a7b1dce9

SHA256
9504d00ca2fe1e904249c935af57f6d851e6fe843dd921d70f46864fdaaeea94

SHA512
afe04245d37945aed2397cff7b1db4e0915a749fbeeb3262b39600d2fd6f688c0c170dbadf4e26531c065146bfedf409476d9394849093ec1428ffdbdff22f5e

Download Submit
\Windows\system\EmRRSpe.exe

Filesize
6.0MB

MD5
a8aafab996a41986637a53472a3f32be

SHA1
2a3531e6cf385c6bd247e7518f3427d077bdc7a1

SHA256
a23dfcf937ebdd471c906cbfda8e232664c27ce944cafd143cd0d83bf10bfdb9

SHA512
692a5a0b76e5876fa789ccdd86fd79f8a1f9c020e8ce4d57ea26487656e4f6a0920bf9c0a86752c77b471bc53ff8f100526f8e46b579369657ae0b7f8bc66ec7

Download Submit
\Windows\system\LSmpxJf.exe

Filesize
6.0MB

MD5
6ce9b1d5cd0ab21185345ae0280cfdf6

SHA1
2458d16b59d2694ffa4c55c097f930989c861587

SHA256
9a8affc109f190741d3e2f19175ca6a6b512e3cd3bcbd8e95d04bf1681d3218d

SHA512
e6b36b7fecd0ade02d1212576b0548507aa3ac6bfd1d8e6b4efd90b99ae07b0cbacc2230f4fa1a065e74d0a8f11d916b61c1b99398dfbfff186563b9f0f6199c

Download Submit
\Windows\system\Ldnooqr.exe

Filesize
6.0MB

MD5
c0be15b2f70c45e27634624bd179a0cd

SHA1
784bed393a04cd0430636d2310476754d965e127

SHA256
1a205639bb6a08d26dcd38edc4955d8b0ed71bbac0c2bf494fad56014cf72505

SHA512
48d861e0f6e8f3cdff532ee0ba282cf916c138819b667fcc13ab32f63ed20c43a565b706266e9106102d89d68c334e397b7069d7f719a03cebed415dda10b65b

Download Submit
\Windows\system\YXtxDKf.exe

Filesize
6.0MB

MD5
bfbb381a4ed5dd5a144874aa4720dec8

SHA1
abf012cd37f61e58d071565f1ce95cad99b1824b

SHA256
47c2631643835734f5b2982fa48ea042bc7e65ba9b1992cf0596adaf81dd5f06

SHA512
7eeea4476e8bdf6e70f0de434fc9e7c06b1544526f39602e879687242b8bb9f9b771423c6832b21dd4e6155aca33e1aefc02d00adeb7f725ced871001b24451f

Download Submit
\Windows\system\gdbUqUL.exe

Filesize
6.0MB

MD5
9bd68fc8d99509452b6403f5480a8165

SHA1
e9ae1ff4937308ddb93bc17466b1b6d3ea8ed778

SHA256
8121a75dfe59b935aefae78428aaf95baf0c9f1b5a5c3e21151f03ebf63ba5da

SHA512
0725da5f77814289de97a4c7bd109a8cc9a789fc6665eea028f9f8b68753bfcfaa70d0e710446c3493b5c7694b3de034b223324b335e06394c3a1da1bf582bb8

Download Submit
\Windows\system\neIWwML.exe

Filesize
6.0MB

MD5
51ef367ab93ff620dfdf1a2f732f2ce7

SHA1
f967909ece6ebb6b4d64374d630c2f2937f99568

SHA256
2393225c3ded8c4a2c4e44e4e9feef26af2f32dc1ce7e3b093db6127dfe0bb3b

SHA512
3e39296275758033ccf35a3238beacc43ebdaccaf0a840befc5cf36fb08cbef988e32c7e2a91e589cfae06624d04bd865c15de03f853a26d64682596cc314711

Download Submit
memory/1932-4028-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1932-4010-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1948-4025-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1948-3999-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1956-4029-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-4000-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-4027-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2180-4008-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4018-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4021-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-51-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4024-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-7-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4023-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2316-26-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2316-4022-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-20-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4020-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2316-30-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4001-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4019-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4017-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4004-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4013-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4014-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4007-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-38-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4009-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4011-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4016-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2608-49-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4026-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-43-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-28-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4006-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-46-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4003-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-832-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-21-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3998-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2812-18-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2812-48-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2816-9-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3978-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4005-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4030-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download