cobaltstrike | 18b28757a0ef2a1d041a230492062a1b66ada59c771131ec15e3067aa84022bb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

41f48e1c61f4cb26915e1109b6d09334
SHA1

0bde3efb8e072cb2c35f84c260682ed02e6dd730
SHA256

18b28757a0ef2a1d041a230492062a1b66ada59c771131ec15e3067aa84022bb
SHA512

c4b5145cc2dfdc421880fc1dab00af062ebf3c1d00dbfc88e997cc867979508dd59236d240159119a4152af2a35274d7a92211ab6a1df75ba3df4db922143bea
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017481-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174bf-18.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-26.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001867d-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-51.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190c9-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c8-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-134.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1272-0-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x0008000000017481-8.dat	xmrig
behavioral1/files/0x000800000001749c-13.dat	xmrig
behavioral1/files/0x00080000000174bf-18.dat	xmrig
behavioral1/files/0x0016000000018657-26.dat	xmrig
behavioral1/files/0x000600000001867d-30.dat	xmrig
behavioral1/files/0x000600000001878d-41.dat	xmrig
behavioral1/files/0x0005000000019c53-60.dat	xmrig
behavioral1/files/0x0005000000019d20-65.dat	xmrig
behavioral1/files/0x000500000001a42b-120.dat	xmrig
behavioral1/files/0x000500000001a42f-128.dat	xmrig
behavioral1/memory/2592-239-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2708-237-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2892-235-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/1272-234-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2832-233-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2692-231-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2428-229-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2916-226-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2548-224-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a301-110.dat	xmrig
behavioral1/files/0x000500000001a49c-164.dat	xmrig
behavioral1/files/0x000500000001a4b5-161.dat	xmrig
behavioral1/files/0x000500000001a48e-147.dat	xmrig
behavioral1/files/0x000500000001a46a-143.dat	xmrig
behavioral1/files/0x000500000001a431-131.dat	xmrig
behavioral1/files/0x000500000001a42d-126.dat	xmrig
behavioral1/files/0x000500000001a345-115.dat	xmrig
behavioral1/files/0x000500000001a0a1-105.dat	xmrig
behavioral1/files/0x000500000001a07b-100.dat	xmrig
behavioral1/files/0x000500000001a067-95.dat	xmrig
behavioral1/files/0x0005000000019fb9-90.dat	xmrig
behavioral1/files/0x0005000000019f9f-85.dat	xmrig
behavioral1/files/0x0005000000019db8-80.dat	xmrig
behavioral1/files/0x0005000000019da4-75.dat	xmrig
behavioral1/files/0x0005000000019d44-70.dat	xmrig
behavioral1/files/0x0005000000019c3a-55.dat	xmrig
behavioral1/files/0x0005000000019c38-51.dat	xmrig
behavioral1/files/0x00080000000190c9-45.dat	xmrig
behavioral1/files/0x00060000000186c8-36.dat	xmrig
behavioral1/memory/2368-183-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2636-362-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2756-314-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2808-249-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2896-247-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4aa-158.dat	xmrig
behavioral1/files/0x000500000001a49a-150.dat	xmrig
behavioral1/files/0x000500000001a48c-144.dat	xmrig
behavioral1/files/0x000500000001a434-134.dat	xmrig
behavioral1/memory/2600-367-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1272-2018-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1272-1745-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2692-4071-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2832-4078-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2708-4079-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2428-4077-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2636-4076-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2808-4075-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2592-4074-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2892-4073-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2896-4080-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2756-4082-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2600-4081-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2368	vgUkZtd.exe
2548	opraTEg.exe
2916	IKsDglb.exe
2428	SuMPYgk.exe
2692	ACWWfGv.exe
2832	iIbfkkk.exe
2892	guCDVsb.exe
2708	hxQVVBR.exe
2592	fGyQgdx.exe
2896	SVZlnWY.exe
2808	ZwDJiNh.exe
2756	xSojcNa.exe
2636	ZiOrjkJ.exe
2600	YsaNZaw.exe
2704	aryoyAs.exe
3040	tIKxiTG.exe
1912	WsuaRLT.exe
800	OVxtjve.exe
2396	jQmmbqf.exe
1032	CUkHoYK.exe
1388	aNlfUzN.exe
1972	HGIfMai.exe
1636	LkHvWNV.exe
836	vTAUmVS.exe
1980	fJdMwlP.exe
264	bclilrr.exe
2940	dgxxfWI.exe
924	ovwoRqB.exe
2568	TeebQka.exe
1976	bMzOUkk.exe
2276	tfGhVxL.exe
2820	tnNRgcK.exe
2132	QMcPMDC.exe
1364	TLJNmjI.exe
780	JHbeCfM.exe
700	KCSyUcV.exe
380	rnfpxQJ.exe
1840	ZcZIkcw.exe
344	QRvhsNg.exe
408	bsrmXfl.exe
1728	MdMHxNI.exe
2992	vhEclQO.exe
892	UXlIKTz.exe
1748	fiOwjrK.exe
308	aLrtWag.exe
1516	MypGxYA.exe
1668	BvWgfGM.exe
920	qddmtRE.exe
1736	SWYzLic.exe
3008	oJUYcGL.exe
2108	nocxMhU.exe
2464	DXkQlmF.exe
3032	LTjxGNf.exe
2456	JRLhYAe.exe
2712	deczgkk.exe
2856	hanmcac.exe
2632	OpgImLj.exe
2204	HjWoVvd.exe
2800	UCopefs.exe
1808	DtgztdC.exe
1708	hWBhrQD.exe
1344	TGMyniB.exe
2012	FmomiiI.exe
2248	qxqVqma.exe

Loads dropped DLL 64 IoCs

pid	Process
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1272-0-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x0008000000017481-8.dat	upx
behavioral1/files/0x000800000001749c-13.dat	upx
behavioral1/files/0x00080000000174bf-18.dat	upx
behavioral1/files/0x0016000000018657-26.dat	upx
behavioral1/files/0x000600000001867d-30.dat	upx
behavioral1/files/0x000600000001878d-41.dat	upx
behavioral1/files/0x0005000000019c53-60.dat	upx
behavioral1/files/0x0005000000019d20-65.dat	upx
behavioral1/files/0x000500000001a42b-120.dat	upx
behavioral1/files/0x000500000001a42f-128.dat	upx
behavioral1/memory/2592-239-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2708-237-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2892-235-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2832-233-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2692-231-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2428-229-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2916-226-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2548-224-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x000500000001a301-110.dat	upx
behavioral1/files/0x000500000001a49c-164.dat	upx
behavioral1/files/0x000500000001a4b5-161.dat	upx
behavioral1/files/0x000500000001a48e-147.dat	upx
behavioral1/files/0x000500000001a46a-143.dat	upx
behavioral1/files/0x000500000001a431-131.dat	upx
behavioral1/files/0x000500000001a42d-126.dat	upx
behavioral1/files/0x000500000001a345-115.dat	upx
behavioral1/files/0x000500000001a0a1-105.dat	upx
behavioral1/files/0x000500000001a07b-100.dat	upx
behavioral1/files/0x000500000001a067-95.dat	upx
behavioral1/files/0x0005000000019fb9-90.dat	upx
behavioral1/files/0x0005000000019f9f-85.dat	upx
behavioral1/files/0x0005000000019db8-80.dat	upx
behavioral1/files/0x0005000000019da4-75.dat	upx
behavioral1/files/0x0005000000019d44-70.dat	upx
behavioral1/files/0x0005000000019c3a-55.dat	upx
behavioral1/files/0x0005000000019c38-51.dat	upx
behavioral1/files/0x00080000000190c9-45.dat	upx
behavioral1/files/0x00060000000186c8-36.dat	upx
behavioral1/memory/2368-183-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2636-362-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2756-314-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2808-249-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2896-247-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000500000001a4aa-158.dat	upx
behavioral1/files/0x000500000001a49a-150.dat	upx
behavioral1/files/0x000500000001a48c-144.dat	upx
behavioral1/files/0x000500000001a434-134.dat	upx
behavioral1/memory/2600-367-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1272-2018-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1272-1745-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2692-4071-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2832-4078-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2708-4079-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2428-4077-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2636-4076-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2808-4075-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2592-4074-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2892-4073-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2896-4080-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2756-4082-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2600-4081-0x000000013FD40000-0x0000000140094000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JLqGNWy.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XLBROEq.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TBeWGxA.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CFDYuNN.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zWqZAac.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CTSnUZX.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tlJFTmR.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\agUzmhh.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LpvmakJ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IrxyjQQ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\riiYiuJ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XnjLrsV.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TRlGymi.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AudEcYn.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PFvQVVi.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UbbgRuQ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TGMyniB.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WhYBdwi.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CxAoBtA.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HvQAuzS.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oObjlue.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ECOlkTX.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PYhoSgO.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hHeYdpw.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JHeZFKt.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\laTfgCb.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CqreYXQ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FPuucqJ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SWPWUkk.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vuobbuO.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wBcjBKa.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HEDyxbI.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bVmkEeX.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FMYYhir.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PzZWJuU.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NoQZSWi.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\trCjfEm.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nOqlBRZ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zFTuHRL.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FdlgIIg.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UWjbHex.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cZEqgck.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VsBpbKF.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\udmSeMd.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BsZsnnW.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jxpQiFu.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\upISbxl.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vTAUmVS.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vdWtIJT.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QIdqREJ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iOZlUmW.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OKSInMe.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DuDmnJM.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XjUtbcS.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DXcQKhQ.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RlNweNp.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VvdfYGl.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mPLuXsK.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nPBNByi.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ciGuiDw.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sGjKTqV.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NNLvndm.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bWPQpOu.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZcmvUeY.exe	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2368	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1272 wrote to memory of 2368	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1272 wrote to memory of 2368	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 1272 wrote to memory of 2548	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1272 wrote to memory of 2548	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1272 wrote to memory of 2548	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 1272 wrote to memory of 2916	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1272 wrote to memory of 2916	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1272 wrote to memory of 2916	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 1272 wrote to memory of 2428	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1272 wrote to memory of 2428	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1272 wrote to memory of 2428	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 1272 wrote to memory of 2692	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1272 wrote to memory of 2692	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1272 wrote to memory of 2692	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 1272 wrote to memory of 2832	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1272 wrote to memory of 2832	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1272 wrote to memory of 2832	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 1272 wrote to memory of 2892	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1272 wrote to memory of 2892	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1272 wrote to memory of 2892	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 1272 wrote to memory of 2708	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1272 wrote to memory of 2708	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1272 wrote to memory of 2708	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 1272 wrote to memory of 2592	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1272 wrote to memory of 2592	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1272 wrote to memory of 2592	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 1272 wrote to memory of 2896	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1272 wrote to memory of 2896	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1272 wrote to memory of 2896	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 1272 wrote to memory of 2808	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1272 wrote to memory of 2808	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1272 wrote to memory of 2808	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 1272 wrote to memory of 2756	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1272 wrote to memory of 2756	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1272 wrote to memory of 2756	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 1272 wrote to memory of 2636	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1272 wrote to memory of 2636	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1272 wrote to memory of 2636	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 1272 wrote to memory of 2600	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1272 wrote to memory of 2600	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1272 wrote to memory of 2600	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 1272 wrote to memory of 2704	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1272 wrote to memory of 2704	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1272 wrote to memory of 2704	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 1272 wrote to memory of 3040	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1272 wrote to memory of 3040	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1272 wrote to memory of 3040	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 1272 wrote to memory of 1912	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1272 wrote to memory of 1912	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1272 wrote to memory of 1912	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 1272 wrote to memory of 800	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1272 wrote to memory of 800	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1272 wrote to memory of 800	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 1272 wrote to memory of 2396	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1272 wrote to memory of 2396	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1272 wrote to memory of 2396	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 1272 wrote to memory of 1032	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1272 wrote to memory of 1032	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1272 wrote to memory of 1032	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 1272 wrote to memory of 1388	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1272 wrote to memory of 1388	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1272 wrote to memory of 1388	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 1272 wrote to memory of 1972	1272	2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_41f48e1c61f4cb26915e1109b6d09334_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\System\vgUkZtd.exe
  C:\Windows\System\vgUkZtd.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\opraTEg.exe
  C:\Windows\System\opraTEg.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\IKsDglb.exe
  C:\Windows\System\IKsDglb.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\SuMPYgk.exe
  C:\Windows\System\SuMPYgk.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ACWWfGv.exe
  C:\Windows\System\ACWWfGv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iIbfkkk.exe
  C:\Windows\System\iIbfkkk.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\guCDVsb.exe
  C:\Windows\System\guCDVsb.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\hxQVVBR.exe
  C:\Windows\System\hxQVVBR.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\fGyQgdx.exe
  C:\Windows\System\fGyQgdx.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\SVZlnWY.exe
  C:\Windows\System\SVZlnWY.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ZwDJiNh.exe
  C:\Windows\System\ZwDJiNh.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\xSojcNa.exe
  C:\Windows\System\xSojcNa.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ZiOrjkJ.exe
  C:\Windows\System\ZiOrjkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\YsaNZaw.exe
  C:\Windows\System\YsaNZaw.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\aryoyAs.exe
  C:\Windows\System\aryoyAs.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\tIKxiTG.exe
  C:\Windows\System\tIKxiTG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\WsuaRLT.exe
  C:\Windows\System\WsuaRLT.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\OVxtjve.exe
  C:\Windows\System\OVxtjve.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\jQmmbqf.exe
  C:\Windows\System\jQmmbqf.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\CUkHoYK.exe
  C:\Windows\System\CUkHoYK.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\aNlfUzN.exe
  C:\Windows\System\aNlfUzN.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\HGIfMai.exe
  C:\Windows\System\HGIfMai.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\LkHvWNV.exe
  C:\Windows\System\LkHvWNV.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\vTAUmVS.exe
  C:\Windows\System\vTAUmVS.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\fJdMwlP.exe
  C:\Windows\System\fJdMwlP.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\rnfpxQJ.exe
  C:\Windows\System\rnfpxQJ.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\bclilrr.exe
  C:\Windows\System\bclilrr.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\ZcZIkcw.exe
  C:\Windows\System\ZcZIkcw.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\dgxxfWI.exe
  C:\Windows\System\dgxxfWI.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QRvhsNg.exe
  C:\Windows\System\QRvhsNg.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\ovwoRqB.exe
  C:\Windows\System\ovwoRqB.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\bsrmXfl.exe
  C:\Windows\System\bsrmXfl.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\TeebQka.exe
  C:\Windows\System\TeebQka.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\vhEclQO.exe
  C:\Windows\System\vhEclQO.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\bMzOUkk.exe
  C:\Windows\System\bMzOUkk.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\UXlIKTz.exe
  C:\Windows\System\UXlIKTz.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\tfGhVxL.exe
  C:\Windows\System\tfGhVxL.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\aLrtWag.exe
  C:\Windows\System\aLrtWag.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\tnNRgcK.exe
  C:\Windows\System\tnNRgcK.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\MypGxYA.exe
  C:\Windows\System\MypGxYA.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\QMcPMDC.exe
  C:\Windows\System\QMcPMDC.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\BvWgfGM.exe
  C:\Windows\System\BvWgfGM.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\TLJNmjI.exe
  C:\Windows\System\TLJNmjI.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\qddmtRE.exe
  C:\Windows\System\qddmtRE.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\JHbeCfM.exe
  C:\Windows\System\JHbeCfM.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\DXkQlmF.exe
  C:\Windows\System\DXkQlmF.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\KCSyUcV.exe
  C:\Windows\System\KCSyUcV.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\LTjxGNf.exe
  C:\Windows\System\LTjxGNf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\MdMHxNI.exe
  C:\Windows\System\MdMHxNI.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\JRLhYAe.exe
  C:\Windows\System\JRLhYAe.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\fiOwjrK.exe
  C:\Windows\System\fiOwjrK.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\HEOfnPK.exe
  C:\Windows\System\HEOfnPK.exe
  2⤵
  PID:2308
- C:\Windows\System\SWYzLic.exe
  C:\Windows\System\SWYzLic.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\poBPirn.exe
  C:\Windows\System\poBPirn.exe
  2⤵
  PID:3016
- C:\Windows\System\oJUYcGL.exe
  C:\Windows\System\oJUYcGL.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bQKoskm.exe
  C:\Windows\System\bQKoskm.exe
  2⤵
  PID:2488
- C:\Windows\System\nocxMhU.exe
  C:\Windows\System\nocxMhU.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\yIEVAwz.exe
  C:\Windows\System\yIEVAwz.exe
  2⤵
  PID:2740
- C:\Windows\System\deczgkk.exe
  C:\Windows\System\deczgkk.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\MJGkRSb.exe
  C:\Windows\System\MJGkRSb.exe
  2⤵
  PID:2912
- C:\Windows\System\hanmcac.exe
  C:\Windows\System\hanmcac.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\HjUvDRN.exe
  C:\Windows\System\HjUvDRN.exe
  2⤵
  PID:1276
- C:\Windows\System\OpgImLj.exe
  C:\Windows\System\OpgImLj.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\GGiUrpp.exe
  C:\Windows\System\GGiUrpp.exe
  2⤵
  PID:2628
- C:\Windows\System\HjWoVvd.exe
  C:\Windows\System\HjWoVvd.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HNMopUQ.exe
  C:\Windows\System\HNMopUQ.exe
  2⤵
  PID:2180
- C:\Windows\System\UCopefs.exe
  C:\Windows\System\UCopefs.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\SegHViI.exe
  C:\Windows\System\SegHViI.exe
  2⤵
  PID:1152
- C:\Windows\System\DtgztdC.exe
  C:\Windows\System\DtgztdC.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\HMdRdYP.exe
  C:\Windows\System\HMdRdYP.exe
  2⤵
  PID:1496
- C:\Windows\System\hWBhrQD.exe
  C:\Windows\System\hWBhrQD.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\KtqLEfs.exe
  C:\Windows\System\KtqLEfs.exe
  2⤵
  PID:2468
- C:\Windows\System\TGMyniB.exe
  C:\Windows\System\TGMyniB.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\KLmyCOx.exe
  C:\Windows\System\KLmyCOx.exe
  2⤵
  PID:2028
- C:\Windows\System\FmomiiI.exe
  C:\Windows\System\FmomiiI.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\WSSShhs.exe
  C:\Windows\System\WSSShhs.exe
  2⤵
  PID:2136
- C:\Windows\System\qxqVqma.exe
  C:\Windows\System\qxqVqma.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\YQMdTTq.exe
  C:\Windows\System\YQMdTTq.exe
  2⤵
  PID:1656
- C:\Windows\System\peCzcwu.exe
  C:\Windows\System\peCzcwu.exe
  2⤵
  PID:592
- C:\Windows\System\XHQbRrF.exe
  C:\Windows\System\XHQbRrF.exe
  2⤵
  PID:2384
- C:\Windows\System\kSKhoiq.exe
  C:\Windows\System\kSKhoiq.exe
  2⤵
  PID:888
- C:\Windows\System\TzVVIXe.exe
  C:\Windows\System\TzVVIXe.exe
  2⤵
  PID:1652
- C:\Windows\System\vHOFyqr.exe
  C:\Windows\System\vHOFyqr.exe
  2⤵
  PID:1952
- C:\Windows\System\KwlQylL.exe
  C:\Windows\System\KwlQylL.exe
  2⤵
  PID:996
- C:\Windows\System\vdWtIJT.exe
  C:\Windows\System\vdWtIJT.exe
  2⤵
  PID:3088
- C:\Windows\System\SpdccLM.exe
  C:\Windows\System\SpdccLM.exe
  2⤵
  PID:3104
- C:\Windows\System\bIdofYB.exe
  C:\Windows\System\bIdofYB.exe
  2⤵
  PID:3184
- C:\Windows\System\PlpQcPl.exe
  C:\Windows\System\PlpQcPl.exe
  2⤵
  PID:3200
- C:\Windows\System\WpTHZZn.exe
  C:\Windows\System\WpTHZZn.exe
  2⤵
  PID:3216
- C:\Windows\System\ixgkbJv.exe
  C:\Windows\System\ixgkbJv.exe
  2⤵
  PID:3232
- C:\Windows\System\ygXxxFw.exe
  C:\Windows\System\ygXxxFw.exe
  2⤵
  PID:3248
- C:\Windows\System\xIODYSS.exe
  C:\Windows\System\xIODYSS.exe
  2⤵
  PID:3264
- C:\Windows\System\JhoqEcc.exe
  C:\Windows\System\JhoqEcc.exe
  2⤵
  PID:3284
- C:\Windows\System\amJhmtj.exe
  C:\Windows\System\amJhmtj.exe
  2⤵
  PID:3300
- C:\Windows\System\RCjyokL.exe
  C:\Windows\System\RCjyokL.exe
  2⤵
  PID:3320
- C:\Windows\System\CIbZber.exe
  C:\Windows\System\CIbZber.exe
  2⤵
  PID:3336
- C:\Windows\System\ctMPbPS.exe
  C:\Windows\System\ctMPbPS.exe
  2⤵
  PID:3352
- C:\Windows\System\TOaATfw.exe
  C:\Windows\System\TOaATfw.exe
  2⤵
  PID:3368
- C:\Windows\System\eEnSCsn.exe
  C:\Windows\System\eEnSCsn.exe
  2⤵
  PID:3388
- C:\Windows\System\FuRFaOE.exe
  C:\Windows\System\FuRFaOE.exe
  2⤵
  PID:3404
- C:\Windows\System\BVrakYD.exe
  C:\Windows\System\BVrakYD.exe
  2⤵
  PID:3420
- C:\Windows\System\krJjmPI.exe
  C:\Windows\System\krJjmPI.exe
  2⤵
  PID:3436
- C:\Windows\System\axBlanp.exe
  C:\Windows\System\axBlanp.exe
  2⤵
  PID:3460
- C:\Windows\System\cLLSDEp.exe
  C:\Windows\System\cLLSDEp.exe
  2⤵
  PID:3480
- C:\Windows\System\PGclzyF.exe
  C:\Windows\System\PGclzyF.exe
  2⤵
  PID:3496
- C:\Windows\System\tlJFTmR.exe
  C:\Windows\System\tlJFTmR.exe
  2⤵
  PID:3512
- C:\Windows\System\fAJqHgX.exe
  C:\Windows\System\fAJqHgX.exe
  2⤵
  PID:3532
- C:\Windows\System\irsrqAh.exe
  C:\Windows\System\irsrqAh.exe
  2⤵
  PID:3548
- C:\Windows\System\JUPKbrb.exe
  C:\Windows\System\JUPKbrb.exe
  2⤵
  PID:3564
- C:\Windows\System\ehzqjKi.exe
  C:\Windows\System\ehzqjKi.exe
  2⤵
  PID:3584
- C:\Windows\System\qOiFHGk.exe
  C:\Windows\System\qOiFHGk.exe
  2⤵
  PID:3600
- C:\Windows\System\WCMrKci.exe
  C:\Windows\System\WCMrKci.exe
  2⤵
  PID:3624
- C:\Windows\System\bvwCKiM.exe
  C:\Windows\System\bvwCKiM.exe
  2⤵
  PID:3644
- C:\Windows\System\sMAPcLb.exe
  C:\Windows\System\sMAPcLb.exe
  2⤵
  PID:3668
- C:\Windows\System\eSbEZJg.exe
  C:\Windows\System\eSbEZJg.exe
  2⤵
  PID:3696
- C:\Windows\System\wMjtQmI.exe
  C:\Windows\System\wMjtQmI.exe
  2⤵
  PID:3712
- C:\Windows\System\qJrlvxC.exe
  C:\Windows\System\qJrlvxC.exe
  2⤵
  PID:3728
- C:\Windows\System\WjJlURy.exe
  C:\Windows\System\WjJlURy.exe
  2⤵
  PID:3768
- C:\Windows\System\EDgkBni.exe
  C:\Windows\System\EDgkBni.exe
  2⤵
  PID:3784
- C:\Windows\System\siAOiIf.exe
  C:\Windows\System\siAOiIf.exe
  2⤵
  PID:3800
- C:\Windows\System\BXMXSgg.exe
  C:\Windows\System\BXMXSgg.exe
  2⤵
  PID:3816
- C:\Windows\System\Gptwjhd.exe
  C:\Windows\System\Gptwjhd.exe
  2⤵
  PID:3832
- C:\Windows\System\txdWdmE.exe
  C:\Windows\System\txdWdmE.exe
  2⤵
  PID:3848
- C:\Windows\System\LnxuxoM.exe
  C:\Windows\System\LnxuxoM.exe
  2⤵
  PID:3864
- C:\Windows\System\ncmgAPu.exe
  C:\Windows\System\ncmgAPu.exe
  2⤵
  PID:3880
- C:\Windows\System\JRDZlMW.exe
  C:\Windows\System\JRDZlMW.exe
  2⤵
  PID:3896
- C:\Windows\System\AMUSQKJ.exe
  C:\Windows\System\AMUSQKJ.exe
  2⤵
  PID:3912
- C:\Windows\System\imxKQUH.exe
  C:\Windows\System\imxKQUH.exe
  2⤵
  PID:3928
- C:\Windows\System\SirsnEq.exe
  C:\Windows\System\SirsnEq.exe
  2⤵
  PID:3944
- C:\Windows\System\WwytuJj.exe
  C:\Windows\System\WwytuJj.exe
  2⤵
  PID:3960
- C:\Windows\System\xEBrrFl.exe
  C:\Windows\System\xEBrrFl.exe
  2⤵
  PID:3976
- C:\Windows\System\RRQEEKe.exe
  C:\Windows\System\RRQEEKe.exe
  2⤵
  PID:3992
- C:\Windows\System\LxQsZNJ.exe
  C:\Windows\System\LxQsZNJ.exe
  2⤵
  PID:4008
- C:\Windows\System\jUfnjqz.exe
  C:\Windows\System\jUfnjqz.exe
  2⤵
  PID:4024
- C:\Windows\System\yabPVFg.exe
  C:\Windows\System\yabPVFg.exe
  2⤵
  PID:4040
- C:\Windows\System\IXhMGmb.exe
  C:\Windows\System\IXhMGmb.exe
  2⤵
  PID:4056
- C:\Windows\System\VKOOOxT.exe
  C:\Windows\System\VKOOOxT.exe
  2⤵
  PID:4072
- C:\Windows\System\rFQyXyF.exe
  C:\Windows\System\rFQyXyF.exe
  2⤵
  PID:4088
- C:\Windows\System\JqfCgXU.exe
  C:\Windows\System\JqfCgXU.exe
  2⤵
  PID:760
- C:\Windows\System\aqbavbn.exe
  C:\Windows\System\aqbavbn.exe
  2⤵
  PID:2596
- C:\Windows\System\hverywG.exe
  C:\Windows\System\hverywG.exe
  2⤵
  PID:1920
- C:\Windows\System\TRlGymi.exe
  C:\Windows\System\TRlGymi.exe
  2⤵
  PID:3756
- C:\Windows\System\XqOXaGe.exe
  C:\Windows\System\XqOXaGe.exe
  2⤵
  PID:3824
- C:\Windows\System\XpzxeGA.exe
  C:\Windows\System\XpzxeGA.exe
  2⤵
  PID:3860
- C:\Windows\System\lkiAPIn.exe
  C:\Windows\System\lkiAPIn.exe
  2⤵
  PID:3956
- C:\Windows\System\YTfgYIa.exe
  C:\Windows\System\YTfgYIa.exe
  2⤵
  PID:4020
- C:\Windows\System\soZGQae.exe
  C:\Windows\System\soZGQae.exe
  2⤵
  PID:316
- C:\Windows\System\MAdmgRO.exe
  C:\Windows\System\MAdmgRO.exe
  2⤵
  PID:2828
- C:\Windows\System\ICciZsJ.exe
  C:\Windows\System\ICciZsJ.exe
  2⤵
  PID:1928
- C:\Windows\System\YkuGkWU.exe
  C:\Windows\System\YkuGkWU.exe
  2⤵
  PID:1120
- C:\Windows\System\KczXxID.exe
  C:\Windows\System\KczXxID.exe
  2⤵
  PID:1672
- C:\Windows\System\TwsXJJX.exe
  C:\Windows\System\TwsXJJX.exe
  2⤵
  PID:2964
- C:\Windows\System\bttLUCe.exe
  C:\Windows\System\bttLUCe.exe
  2⤵
  PID:584
- C:\Windows\System\uEfXQvU.exe
  C:\Windows\System\uEfXQvU.exe
  2⤵
  PID:2980
- C:\Windows\System\BPaIbfY.exe
  C:\Windows\System\BPaIbfY.exe
  2⤵
  PID:3136
- C:\Windows\System\fILzdza.exe
  C:\Windows\System\fILzdza.exe
  2⤵
  PID:3152
- C:\Windows\System\plsJPaM.exe
  C:\Windows\System\plsJPaM.exe
  2⤵
  PID:3176
- C:\Windows\System\ruhfwnv.exe
  C:\Windows\System\ruhfwnv.exe
  2⤵
  PID:3240
- C:\Windows\System\wYSdhsy.exe
  C:\Windows\System\wYSdhsy.exe
  2⤵
  PID:3308
- C:\Windows\System\GrBraYw.exe
  C:\Windows\System\GrBraYw.exe
  2⤵
  PID:3380
- C:\Windows\System\VAlUvxh.exe
  C:\Windows\System\VAlUvxh.exe
  2⤵
  PID:3488
- C:\Windows\System\hqkzDVl.exe
  C:\Windows\System\hqkzDVl.exe
  2⤵
  PID:3560
- C:\Windows\System\NLBJykC.exe
  C:\Windows\System\NLBJykC.exe
  2⤵
  PID:3640
- C:\Windows\System\JekGLTO.exe
  C:\Windows\System\JekGLTO.exe
  2⤵
  PID:3688
- C:\Windows\System\ZtuSeYe.exe
  C:\Windows\System\ZtuSeYe.exe
  2⤵
  PID:3812
- C:\Windows\System\GPOGetB.exe
  C:\Windows\System\GPOGetB.exe
  2⤵
  PID:3876
- C:\Windows\System\VfZHIAx.exe
  C:\Windows\System\VfZHIAx.exe
  2⤵
  PID:3968
- C:\Windows\System\UuoJoAp.exe
  C:\Windows\System\UuoJoAp.exe
  2⤵
  PID:4032
- C:\Windows\System\BZXTnQF.exe
  C:\Windows\System\BZXTnQF.exe
  2⤵
  PID:2688
- C:\Windows\System\KxuxxvF.exe
  C:\Windows\System\KxuxxvF.exe
  2⤵
  PID:1676
- C:\Windows\System\jbjhLpW.exe
  C:\Windows\System\jbjhLpW.exe
  2⤵
  PID:1996
- C:\Windows\System\VmbCIxT.exe
  C:\Windows\System\VmbCIxT.exe
  2⤵
  PID:2904
- C:\Windows\System\tTQlHol.exe
  C:\Windows\System\tTQlHol.exe
  2⤵
  PID:2700
- C:\Windows\System\UbNhCYJ.exe
  C:\Windows\System\UbNhCYJ.exe
  2⤵
  PID:1056
- C:\Windows\System\lNyuotJ.exe
  C:\Windows\System\lNyuotJ.exe
  2⤵
  PID:676
- C:\Windows\System\xjustYl.exe
  C:\Windows\System\xjustYl.exe
  2⤵
  PID:2140
- C:\Windows\System\JpgDElC.exe
  C:\Windows\System\JpgDElC.exe
  2⤵
  PID:544
- C:\Windows\System\btqQnWh.exe
  C:\Windows\System\btqQnWh.exe
  2⤵
  PID:3100
- C:\Windows\System\BhKbebx.exe
  C:\Windows\System\BhKbebx.exe
  2⤵
  PID:3256
- C:\Windows\System\YNPIhGE.exe
  C:\Windows\System\YNPIhGE.exe
  2⤵
  PID:3292
- C:\Windows\System\YlhCKww.exe
  C:\Windows\System\YlhCKww.exe
  2⤵
  PID:3360
- C:\Windows\System\QWKvXOn.exe
  C:\Windows\System\QWKvXOn.exe
  2⤵
  PID:3428
- C:\Windows\System\WBQGfqP.exe
  C:\Windows\System\WBQGfqP.exe
  2⤵
  PID:3504
- C:\Windows\System\jjrCVBv.exe
  C:\Windows\System\jjrCVBv.exe
  2⤵
  PID:3576
- C:\Windows\System\qxbRtoZ.exe
  C:\Windows\System\qxbRtoZ.exe
  2⤵
  PID:3652
- C:\Windows\System\OUGapLe.exe
  C:\Windows\System\OUGapLe.exe
  2⤵
  PID:3660
- C:\Windows\System\YGfcwIA.exe
  C:\Windows\System\YGfcwIA.exe
  2⤵
  PID:3736
- C:\Windows\System\ZdgAnnL.exe
  C:\Windows\System\ZdgAnnL.exe
  2⤵
  PID:3888
- C:\Windows\System\CcrVnLI.exe
  C:\Windows\System\CcrVnLI.exe
  2⤵
  PID:3828
- C:\Windows\System\dchdbhB.exe
  C:\Windows\System\dchdbhB.exe
  2⤵
  PID:4052
- C:\Windows\System\FOKmvCt.exe
  C:\Windows\System\FOKmvCt.exe
  2⤵
  PID:2996
- C:\Windows\System\vbushjc.exe
  C:\Windows\System\vbushjc.exe
  2⤵
  PID:1796
- C:\Windows\System\IRsJxGB.exe
  C:\Windows\System\IRsJxGB.exe
  2⤵
  PID:3076
- C:\Windows\System\dxdauBq.exe
  C:\Windows\System\dxdauBq.exe
  2⤵
  PID:3120
- C:\Windows\System\CMbozGy.exe
  C:\Windows\System\CMbozGy.exe
  2⤵
  PID:3212
- C:\Windows\System\CsbuvMV.exe
  C:\Windows\System\CsbuvMV.exe
  2⤵
  PID:3168
- C:\Windows\System\YoRMktE.exe
  C:\Windows\System\YoRMktE.exe
  2⤵
  PID:3272
- C:\Windows\System\ZYwjWBd.exe
  C:\Windows\System\ZYwjWBd.exe
  2⤵
  PID:3528
- C:\Windows\System\IqAjEBX.exe
  C:\Windows\System\IqAjEBX.exe
  2⤵
  PID:3412
- C:\Windows\System\bsiNaop.exe
  C:\Windows\System\bsiNaop.exe
  2⤵
  PID:3452
- C:\Windows\System\nCLbmSX.exe
  C:\Windows\System\nCLbmSX.exe
  2⤵
  PID:3776
- C:\Windows\System\YQsNmrt.exe
  C:\Windows\System\YQsNmrt.exe
  2⤵
  PID:3936
- C:\Windows\System\GsAdysP.exe
  C:\Windows\System\GsAdysP.exe
  2⤵
  PID:2500
- C:\Windows\System\wmYvajg.exe
  C:\Windows\System\wmYvajg.exe
  2⤵
  PID:2052
- C:\Windows\System\XTRwiGK.exe
  C:\Windows\System\XTRwiGK.exe
  2⤵
  PID:2960
- C:\Windows\System\EpxgtkT.exe
  C:\Windows\System\EpxgtkT.exe
  2⤵
  PID:2492
- C:\Windows\System\XZSFhic.exe
  C:\Windows\System\XZSFhic.exe
  2⤵
  PID:1352
- C:\Windows\System\yyUdWyO.exe
  C:\Windows\System\yyUdWyO.exe
  2⤵
  PID:2240
- C:\Windows\System\QOKRsgN.exe
  C:\Windows\System\QOKRsgN.exe
  2⤵
  PID:348
- C:\Windows\System\eVqamNt.exe
  C:\Windows\System\eVqamNt.exe
  2⤵
  PID:2920
- C:\Windows\System\uocbASd.exe
  C:\Windows\System\uocbASd.exe
  2⤵
  PID:2224
- C:\Windows\System\qtVOEby.exe
  C:\Windows\System\qtVOEby.exe
  2⤵
  PID:3748
- C:\Windows\System\JmAfOna.exe
  C:\Windows\System\JmAfOna.exe
  2⤵
  PID:3400
- C:\Windows\System\Ufqpgwi.exe
  C:\Windows\System\Ufqpgwi.exe
  2⤵
  PID:3448
- C:\Windows\System\zxcMLSG.exe
  C:\Windows\System\zxcMLSG.exe
  2⤵
  PID:2208
- C:\Windows\System\nyFKwoh.exe
  C:\Windows\System\nyFKwoh.exe
  2⤵
  PID:3128
- C:\Windows\System\bmGRfOx.exe
  C:\Windows\System\bmGRfOx.exe
  2⤵
  PID:3708
- C:\Windows\System\DiXtXgN.exe
  C:\Windows\System\DiXtXgN.exe
  2⤵
  PID:3144
- C:\Windows\System\pjbycNc.exe
  C:\Windows\System\pjbycNc.exe
  2⤵
  PID:3172
- C:\Windows\System\ctAdPdc.exe
  C:\Windows\System\ctAdPdc.exe
  2⤵
  PID:3520
- C:\Windows\System\GGistYg.exe
  C:\Windows\System\GGistYg.exe
  2⤵
  PID:3808
- C:\Windows\System\raaZGfp.exe
  C:\Windows\System\raaZGfp.exe
  2⤵
  PID:1684
- C:\Windows\System\GHRCSSH.exe
  C:\Windows\System\GHRCSSH.exe
  2⤵
  PID:2640
- C:\Windows\System\zLINALe.exe
  C:\Windows\System\zLINALe.exe
  2⤵
  PID:3656
- C:\Windows\System\AMWevEU.exe
  C:\Windows\System\AMWevEU.exe
  2⤵
  PID:4016
- C:\Windows\System\PMZKyIu.exe
  C:\Windows\System\PMZKyIu.exe
  2⤵
  PID:3224
- C:\Windows\System\JcEwdMJ.exe
  C:\Windows\System\JcEwdMJ.exe
  2⤵
  PID:4100
- C:\Windows\System\EprdUum.exe
  C:\Windows\System\EprdUum.exe
  2⤵
  PID:4116
- C:\Windows\System\CryGGcY.exe
  C:\Windows\System\CryGGcY.exe
  2⤵
  PID:4148
- C:\Windows\System\VvHOLeg.exe
  C:\Windows\System\VvHOLeg.exe
  2⤵
  PID:4164
- C:\Windows\System\fOAFjGv.exe
  C:\Windows\System\fOAFjGv.exe
  2⤵
  PID:4180
- C:\Windows\System\ZDKTIRp.exe
  C:\Windows\System\ZDKTIRp.exe
  2⤵
  PID:4196
- C:\Windows\System\qrGiPIA.exe
  C:\Windows\System\qrGiPIA.exe
  2⤵
  PID:4212
- C:\Windows\System\YIFzODB.exe
  C:\Windows\System\YIFzODB.exe
  2⤵
  PID:4228
- C:\Windows\System\wAGQZWh.exe
  C:\Windows\System\wAGQZWh.exe
  2⤵
  PID:4244
- C:\Windows\System\zYelXdP.exe
  C:\Windows\System\zYelXdP.exe
  2⤵
  PID:4260
- C:\Windows\System\rsMgOwP.exe
  C:\Windows\System\rsMgOwP.exe
  2⤵
  PID:4276
- C:\Windows\System\FGgmeEl.exe
  C:\Windows\System\FGgmeEl.exe
  2⤵
  PID:4292
- C:\Windows\System\TpGkduj.exe
  C:\Windows\System\TpGkduj.exe
  2⤵
  PID:4308
- C:\Windows\System\eWFoyYH.exe
  C:\Windows\System\eWFoyYH.exe
  2⤵
  PID:4324
- C:\Windows\System\iLsASmB.exe
  C:\Windows\System\iLsASmB.exe
  2⤵
  PID:4340
- C:\Windows\System\TMqMRVe.exe
  C:\Windows\System\TMqMRVe.exe
  2⤵
  PID:4356
- C:\Windows\System\JJDiiBl.exe
  C:\Windows\System\JJDiiBl.exe
  2⤵
  PID:4372
- C:\Windows\System\CFDYuNN.exe
  C:\Windows\System\CFDYuNN.exe
  2⤵
  PID:4388
- C:\Windows\System\qYvyYPF.exe
  C:\Windows\System\qYvyYPF.exe
  2⤵
  PID:4404
- C:\Windows\System\udmSeMd.exe
  C:\Windows\System\udmSeMd.exe
  2⤵
  PID:4420
- C:\Windows\System\HrzFRol.exe
  C:\Windows\System\HrzFRol.exe
  2⤵
  PID:4436
- C:\Windows\System\FKVqgxf.exe
  C:\Windows\System\FKVqgxf.exe
  2⤵
  PID:4452
- C:\Windows\System\BjilAfQ.exe
  C:\Windows\System\BjilAfQ.exe
  2⤵
  PID:4468
- C:\Windows\System\PYhoSgO.exe
  C:\Windows\System\PYhoSgO.exe
  2⤵
  PID:4484
- C:\Windows\System\BSPaiuw.exe
  C:\Windows\System\BSPaiuw.exe
  2⤵
  PID:4500
- C:\Windows\System\VzHoNlD.exe
  C:\Windows\System\VzHoNlD.exe
  2⤵
  PID:4628
- C:\Windows\System\lvmuQPe.exe
  C:\Windows\System\lvmuQPe.exe
  2⤵
  PID:4700
- C:\Windows\System\UOTaqIi.exe
  C:\Windows\System\UOTaqIi.exe
  2⤵
  PID:4716
- C:\Windows\System\MRJvalj.exe
  C:\Windows\System\MRJvalj.exe
  2⤵
  PID:4744
- C:\Windows\System\MngZwSh.exe
  C:\Windows\System\MngZwSh.exe
  2⤵
  PID:4760
- C:\Windows\System\BsZsnnW.exe
  C:\Windows\System\BsZsnnW.exe
  2⤵
  PID:4776
- C:\Windows\System\tnLeAeV.exe
  C:\Windows\System\tnLeAeV.exe
  2⤵
  PID:4792
- C:\Windows\System\RmXYRgL.exe
  C:\Windows\System\RmXYRgL.exe
  2⤵
  PID:4820
- C:\Windows\System\egCmPcJ.exe
  C:\Windows\System\egCmPcJ.exe
  2⤵
  PID:4836
- C:\Windows\System\BKMnNNq.exe
  C:\Windows\System\BKMnNNq.exe
  2⤵
  PID:4852
- C:\Windows\System\KctYlHR.exe
  C:\Windows\System\KctYlHR.exe
  2⤵
  PID:4868
- C:\Windows\System\GnxMrjQ.exe
  C:\Windows\System\GnxMrjQ.exe
  2⤵
  PID:4884
- C:\Windows\System\qmJQNrW.exe
  C:\Windows\System\qmJQNrW.exe
  2⤵
  PID:4900
- C:\Windows\System\jfYNepM.exe
  C:\Windows\System\jfYNepM.exe
  2⤵
  PID:4924
- C:\Windows\System\CpaINoM.exe
  C:\Windows\System\CpaINoM.exe
  2⤵
  PID:4944
- C:\Windows\System\HYKnJua.exe
  C:\Windows\System\HYKnJua.exe
  2⤵
  PID:4980
- C:\Windows\System\pnIlRqL.exe
  C:\Windows\System\pnIlRqL.exe
  2⤵
  PID:5004
- C:\Windows\System\LdVIIIq.exe
  C:\Windows\System\LdVIIIq.exe
  2⤵
  PID:5020
- C:\Windows\System\fVpbRTL.exe
  C:\Windows\System\fVpbRTL.exe
  2⤵
  PID:5040
- C:\Windows\System\eJGfolr.exe
  C:\Windows\System\eJGfolr.exe
  2⤵
  PID:5060
- C:\Windows\System\XYPVNKs.exe
  C:\Windows\System\XYPVNKs.exe
  2⤵
  PID:5076
- C:\Windows\System\uAqXomh.exe
  C:\Windows\System\uAqXomh.exe
  2⤵
  PID:5100
- C:\Windows\System\kWuYruA.exe
  C:\Windows\System\kWuYruA.exe
  2⤵
  PID:3908
- C:\Windows\System\UFyrLuv.exe
  C:\Windows\System\UFyrLuv.exe
  2⤵
  PID:1816
- C:\Windows\System\NhheEOQ.exe
  C:\Windows\System\NhheEOQ.exe
  2⤵
  PID:2336
- C:\Windows\System\IrSblak.exe
  C:\Windows\System\IrSblak.exe
  2⤵
  PID:3332
- C:\Windows\System\HSCJSzd.exe
  C:\Windows\System\HSCJSzd.exe
  2⤵
  PID:3792
- C:\Windows\System\vFBtxPr.exe
  C:\Windows\System\vFBtxPr.exe
  2⤵
  PID:2188
- C:\Windows\System\BmfTBej.exe
  C:\Windows\System\BmfTBej.exe
  2⤵
  PID:4160
- C:\Windows\System\KWvfWLr.exe
  C:\Windows\System\KWvfWLr.exe
  2⤵
  PID:3680
- C:\Windows\System\wWlTxSe.exe
  C:\Windows\System\wWlTxSe.exe
  2⤵
  PID:3456
- C:\Windows\System\iqyXvoI.exe
  C:\Windows\System\iqyXvoI.exe
  2⤵
  PID:3636
- C:\Windows\System\oBADVyH.exe
  C:\Windows\System\oBADVyH.exe
  2⤵
  PID:1552
- C:\Windows\System\ciGuiDw.exe
  C:\Windows\System\ciGuiDw.exe
  2⤵
  PID:2844
- C:\Windows\System\hHeYdpw.exe
  C:\Windows\System\hHeYdpw.exe
  2⤵
  PID:1792
- C:\Windows\System\bSbXjGW.exe
  C:\Windows\System\bSbXjGW.exe
  2⤵
  PID:1624
- C:\Windows\System\hmNFcWn.exe
  C:\Windows\System\hmNFcWn.exe
  2⤵
  PID:4220
- C:\Windows\System\irmFgam.exe
  C:\Windows\System\irmFgam.exe
  2⤵
  PID:2360
- C:\Windows\System\xXbDMHf.exe
  C:\Windows\System\xXbDMHf.exe
  2⤵
  PID:4124
- C:\Windows\System\VgpOKon.exe
  C:\Windows\System\VgpOKon.exe
  2⤵
  PID:4140
- C:\Windows\System\hJqdyzz.exe
  C:\Windows\System\hJqdyzz.exe
  2⤵
  PID:4204
- C:\Windows\System\bXEwpQK.exe
  C:\Windows\System\bXEwpQK.exe
  2⤵
  PID:4240
- C:\Windows\System\MrUMwhZ.exe
  C:\Windows\System\MrUMwhZ.exe
  2⤵
  PID:4272
- C:\Windows\System\YsrpbvO.exe
  C:\Windows\System\YsrpbvO.exe
  2⤵
  PID:4300
- C:\Windows\System\mTBoayd.exe
  C:\Windows\System\mTBoayd.exe
  2⤵
  PID:4380
- C:\Windows\System\xaJLQLk.exe
  C:\Windows\System\xaJLQLk.exe
  2⤵
  PID:4460
- C:\Windows\System\SQGZSAg.exe
  C:\Windows\System\SQGZSAg.exe
  2⤵
  PID:4492
- C:\Windows\System\qATmKjw.exe
  C:\Windows\System\qATmKjw.exe
  2⤵
  PID:4412
- C:\Windows\System\fScWrqw.exe
  C:\Windows\System\fScWrqw.exe
  2⤵
  PID:4476
- C:\Windows\System\IrxyjQQ.exe
  C:\Windows\System\IrxyjQQ.exe
  2⤵
  PID:4512
- C:\Windows\System\UUigyXL.exe
  C:\Windows\System\UUigyXL.exe
  2⤵
  PID:4432
- C:\Windows\System\rBRvCuv.exe
  C:\Windows\System\rBRvCuv.exe
  2⤵
  PID:4548
- C:\Windows\System\WrjHeYV.exe
  C:\Windows\System\WrjHeYV.exe
  2⤵
  PID:4568
- C:\Windows\System\RNMGCxa.exe
  C:\Windows\System\RNMGCxa.exe
  2⤵
  PID:4588
- C:\Windows\System\EhvHtwW.exe
  C:\Windows\System\EhvHtwW.exe
  2⤵
  PID:4612
- C:\Windows\System\mIxTYzK.exe
  C:\Windows\System\mIxTYzK.exe
  2⤵
  PID:4636
- C:\Windows\System\zWqZAac.exe
  C:\Windows\System\zWqZAac.exe
  2⤵
  PID:4656
- C:\Windows\System\gwklpWy.exe
  C:\Windows\System\gwklpWy.exe
  2⤵
  PID:4672
- C:\Windows\System\mcZHtFB.exe
  C:\Windows\System\mcZHtFB.exe
  2⤵
  PID:4688
- C:\Windows\System\OqewEfV.exe
  C:\Windows\System\OqewEfV.exe
  2⤵
  PID:4696
- C:\Windows\System\lKfBkaS.exe
  C:\Windows\System\lKfBkaS.exe
  2⤵
  PID:1936
- C:\Windows\System\XewKYfY.exe
  C:\Windows\System\XewKYfY.exe
  2⤵
  PID:4728
- C:\Windows\System\ZvmBBif.exe
  C:\Windows\System\ZvmBBif.exe
  2⤵
  PID:4736
- C:\Windows\System\RAAObpT.exe
  C:\Windows\System\RAAObpT.exe
  2⤵
  PID:844
- C:\Windows\System\AaxNfRV.exe
  C:\Windows\System\AaxNfRV.exe
  2⤵
  PID:4912
- C:\Windows\System\lIeBIzr.exe
  C:\Windows\System\lIeBIzr.exe
  2⤵
  PID:4860
- C:\Windows\System\CQtkFZg.exe
  C:\Windows\System\CQtkFZg.exe
  2⤵
  PID:2608
- C:\Windows\System\qoTGWiS.exe
  C:\Windows\System\qoTGWiS.exe
  2⤵
  PID:4784
- C:\Windows\System\WhYBdwi.exe
  C:\Windows\System\WhYBdwi.exe
  2⤵
  PID:672
- C:\Windows\System\IkdoXVY.exe
  C:\Windows\System\IkdoXVY.exe
  2⤵
  PID:5012
- C:\Windows\System\iYGdBDw.exe
  C:\Windows\System\iYGdBDw.exe
  2⤵
  PID:5092
- C:\Windows\System\rWlIlHH.exe
  C:\Windows\System\rWlIlHH.exe
  2⤵
  PID:4936
- C:\Windows\System\pAcmXjI.exe
  C:\Windows\System\pAcmXjI.exe
  2⤵
  PID:5000
- C:\Windows\System\iRZhhpw.exe
  C:\Windows\System\iRZhhpw.exe
  2⤵
  PID:5028
- C:\Windows\System\WMdKNDu.exe
  C:\Windows\System\WMdKNDu.exe
  2⤵
  PID:5108
- C:\Windows\System\ynqCPfO.exe
  C:\Windows\System\ynqCPfO.exe
  2⤵
  PID:828
- C:\Windows\System\ZyhDzhc.exe
  C:\Windows\System\ZyhDzhc.exe
  2⤵
  PID:1852
- C:\Windows\System\FsYYPuH.exe
  C:\Windows\System\FsYYPuH.exe
  2⤵
  PID:3080
- C:\Windows\System\ZYlhNcs.exe
  C:\Windows\System\ZYlhNcs.exe
  2⤵
  PID:1580
- C:\Windows\System\ZySIcjc.exe
  C:\Windows\System\ZySIcjc.exe
  2⤵
  PID:976
- C:\Windows\System\RbtMYqj.exe
  C:\Windows\System\RbtMYqj.exe
  2⤵
  PID:3196
- C:\Windows\System\DePMlXt.exe
  C:\Windows\System\DePMlXt.exe
  2⤵
  PID:3056
- C:\Windows\System\uuFQKhf.exe
  C:\Windows\System\uuFQKhf.exe
  2⤵
  PID:3296
- C:\Windows\System\jhZSsVv.exe
  C:\Windows\System\jhZSsVv.exe
  2⤵
  PID:1332
- C:\Windows\System\osfrySx.exe
  C:\Windows\System\osfrySx.exe
  2⤵
  PID:3476
- C:\Windows\System\vXJOyPv.exe
  C:\Windows\System\vXJOyPv.exe
  2⤵
  PID:1644
- C:\Windows\System\rcJFuLO.exe
  C:\Windows\System\rcJFuLO.exe
  2⤵
  PID:3208
- C:\Windows\System\nFZSMSB.exe
  C:\Windows\System\nFZSMSB.exe
  2⤵
  PID:4068
- C:\Windows\System\HeAUkMA.exe
  C:\Windows\System\HeAUkMA.exe
  2⤵
  PID:2884
- C:\Windows\System\fnduHdB.exe
  C:\Windows\System\fnduHdB.exe
  2⤵
  PID:4172
- C:\Windows\System\gaVSoJR.exe
  C:\Windows\System\gaVSoJR.exe
  2⤵
  PID:4348
- C:\Windows\System\meenhVK.exe
  C:\Windows\System\meenhVK.exe
  2⤵
  PID:4252
- C:\Windows\System\LIKLdRw.exe
  C:\Windows\System\LIKLdRw.exe
  2⤵
  PID:1784
- C:\Windows\System\LzTmjDK.exe
  C:\Windows\System\LzTmjDK.exe
  2⤵
  PID:4532
- C:\Windows\System\mgdriAC.exe
  C:\Windows\System\mgdriAC.exe
  2⤵
  PID:916
- C:\Windows\System\rnGnVin.exe
  C:\Windows\System\rnGnVin.exe
  2⤵
  PID:4652
- C:\Windows\System\yacjQRL.exe
  C:\Windows\System\yacjQRL.exe
  2⤵
  PID:4880
- C:\Windows\System\aIPnKFj.exe
  C:\Windows\System\aIPnKFj.exe
  2⤵
  PID:4664
- C:\Windows\System\KbdZxpR.exe
  C:\Windows\System\KbdZxpR.exe
  2⤵
  PID:2772
- C:\Windows\System\SolKpIi.exe
  C:\Windows\System\SolKpIi.exe
  2⤵
  PID:5056
- C:\Windows\System\vXotjdf.exe
  C:\Windows\System\vXotjdf.exe
  2⤵
  PID:4080
- C:\Windows\System\KKilWSx.exe
  C:\Windows\System\KKilWSx.exe
  2⤵
  PID:3872
- C:\Windows\System\odnfcKv.exe
  C:\Windows\System\odnfcKv.exe
  2⤵
  PID:3856
- C:\Windows\System\eNHqqwN.exe
  C:\Windows\System\eNHqqwN.exe
  2⤵
  PID:1800
- C:\Windows\System\FlUOxDa.exe
  C:\Windows\System\FlUOxDa.exe
  2⤵
  PID:2272
- C:\Windows\System\aekGWNM.exe
  C:\Windows\System\aekGWNM.exe
  2⤵
  PID:4740
- C:\Windows\System\VHtibGz.exe
  C:\Windows\System\VHtibGz.exe
  2⤵
  PID:4896
- C:\Windows\System\jbSBozz.exe
  C:\Windows\System\jbSBozz.exe
  2⤵
  PID:3348
- C:\Windows\System\gsyQbyY.exe
  C:\Windows\System\gsyQbyY.exe
  2⤵
  PID:5036
- C:\Windows\System\jlbpRLJ.exe
  C:\Windows\System\jlbpRLJ.exe
  2⤵
  PID:1712
- C:\Windows\System\tmsvYND.exe
  C:\Windows\System\tmsvYND.exe
  2⤵
  PID:2976
- C:\Windows\System\BJCDmlS.exe
  C:\Windows\System\BJCDmlS.exe
  2⤵
  PID:4336
- C:\Windows\System\yRSMPxv.exe
  C:\Windows\System\yRSMPxv.exe
  2⤵
  PID:4448
- C:\Windows\System\LhrWTRB.exe
  C:\Windows\System\LhrWTRB.exe
  2⤵
  PID:4396
- C:\Windows\System\NXPPrkz.exe
  C:\Windows\System\NXPPrkz.exe
  2⤵
  PID:4224
- C:\Windows\System\WhIbVbk.exe
  C:\Windows\System\WhIbVbk.exe
  2⤵
  PID:4600
- C:\Windows\System\wfqmQwa.exe
  C:\Windows\System\wfqmQwa.exe
  2⤵
  PID:2172
- C:\Windows\System\HEDyxbI.exe
  C:\Windows\System\HEDyxbI.exe
  2⤵
  PID:4624
- C:\Windows\System\hlyJgrv.exe
  C:\Windows\System\hlyJgrv.exe
  2⤵
  PID:2400
- C:\Windows\System\XBJINRl.exe
  C:\Windows\System\XBJINRl.exe
  2⤵
  PID:4848
- C:\Windows\System\CnGnbBA.exe
  C:\Windows\System\CnGnbBA.exe
  2⤵
  PID:4724
- C:\Windows\System\DbiAItL.exe
  C:\Windows\System\DbiAItL.exe
  2⤵
  PID:2732
- C:\Windows\System\FrBZyDO.exe
  C:\Windows\System\FrBZyDO.exe
  2⤵
  PID:4752
- C:\Windows\System\IhpxwNS.exe
  C:\Windows\System\IhpxwNS.exe
  2⤵
  PID:4620
- C:\Windows\System\xNwTEvt.exe
  C:\Windows\System\xNwTEvt.exe
  2⤵
  PID:4976
- C:\Windows\System\DlDcpOu.exe
  C:\Windows\System\DlDcpOu.exe
  2⤵
  PID:4892
- C:\Windows\System\jQJRjwD.exe
  C:\Windows\System\jQJRjwD.exe
  2⤵
  PID:3608
- C:\Windows\System\fEviWTS.exe
  C:\Windows\System\fEviWTS.exe
  2⤵
  PID:4108
- C:\Windows\System\WQbjOTh.exe
  C:\Windows\System\WQbjOTh.exe
  2⤵
  PID:3632
- C:\Windows\System\aLsQHAY.exe
  C:\Windows\System\aLsQHAY.exe
  2⤵
  PID:4268
- C:\Windows\System\OPvzdAw.exe
  C:\Windows\System\OPvzdAw.exe
  2⤵
  PID:2876
- C:\Windows\System\bndtKuL.exe
  C:\Windows\System\bndtKuL.exe
  2⤵
  PID:4768
- C:\Windows\System\EFJsRsG.exe
  C:\Windows\System\EFJsRsG.exe
  2⤵
  PID:5072
- C:\Windows\System\prJlaSI.exe
  C:\Windows\System\prJlaSI.exe
  2⤵
  PID:4712
- C:\Windows\System\MHezssm.exe
  C:\Windows\System\MHezssm.exe
  2⤵
  PID:4400
- C:\Windows\System\DYsehZD.exe
  C:\Windows\System\DYsehZD.exe
  2⤵
  PID:4556
- C:\Windows\System\SIWDULo.exe
  C:\Windows\System\SIWDULo.exe
  2⤵
  PID:1596
- C:\Windows\System\VecuEuy.exe
  C:\Windows\System\VecuEuy.exe
  2⤵
  PID:4648
- C:\Windows\System\glKBRmN.exe
  C:\Windows\System\glKBRmN.exe
  2⤵
  PID:1700
- C:\Windows\System\UsehItq.exe
  C:\Windows\System\UsehItq.exe
  2⤵
  PID:580
- C:\Windows\System\mVrkHQZ.exe
  C:\Windows\System\mVrkHQZ.exe
  2⤵
  PID:2588
- C:\Windows\System\zNctxVn.exe
  C:\Windows\System\zNctxVn.exe
  2⤵
  PID:3052
- C:\Windows\System\suSqxli.exe
  C:\Windows\System\suSqxli.exe
  2⤵
  PID:4996
- C:\Windows\System\wXjlNdm.exe
  C:\Windows\System\wXjlNdm.exe
  2⤵
  PID:3020
- C:\Windows\System\rUIxZxd.exe
  C:\Windows\System\rUIxZxd.exe
  2⤵
  PID:3084
- C:\Windows\System\kwOOMho.exe
  C:\Windows\System\kwOOMho.exe
  2⤵
  PID:2324
- C:\Windows\System\XjUtbcS.exe
  C:\Windows\System\XjUtbcS.exe
  2⤵
  PID:5088
- C:\Windows\System\UJHbVcW.exe
  C:\Windows\System\UJHbVcW.exe
  2⤵
  PID:5132
- C:\Windows\System\pzlduqH.exe
  C:\Windows\System\pzlduqH.exe
  2⤵
  PID:5152
- C:\Windows\System\qdMaMxO.exe
  C:\Windows\System\qdMaMxO.exe
  2⤵
  PID:5172
- C:\Windows\System\TAIUhsk.exe
  C:\Windows\System\TAIUhsk.exe
  2⤵
  PID:5196
- C:\Windows\System\DTeUxCD.exe
  C:\Windows\System\DTeUxCD.exe
  2⤵
  PID:5212
- C:\Windows\System\YTrLJMZ.exe
  C:\Windows\System\YTrLJMZ.exe
  2⤵
  PID:5228
- C:\Windows\System\OBiobdd.exe
  C:\Windows\System\OBiobdd.exe
  2⤵
  PID:5248
- C:\Windows\System\UxQsWUM.exe
  C:\Windows\System\UxQsWUM.exe
  2⤵
  PID:5264
- C:\Windows\System\jCSHpmi.exe
  C:\Windows\System\jCSHpmi.exe
  2⤵
  PID:5316
- C:\Windows\System\pkwnkwd.exe
  C:\Windows\System\pkwnkwd.exe
  2⤵
  PID:5340
- C:\Windows\System\zIvPDdn.exe
  C:\Windows\System\zIvPDdn.exe
  2⤵
  PID:5356
- C:\Windows\System\woaGxaB.exe
  C:\Windows\System\woaGxaB.exe
  2⤵
  PID:5372
- C:\Windows\System\xOXDaxK.exe
  C:\Windows\System\xOXDaxK.exe
  2⤵
  PID:5396
- C:\Windows\System\vuobbuO.exe
  C:\Windows\System\vuobbuO.exe
  2⤵
  PID:5412
- C:\Windows\System\JwKjvYJ.exe
  C:\Windows\System\JwKjvYJ.exe
  2⤵
  PID:5440
- C:\Windows\System\ikBfCnI.exe
  C:\Windows\System\ikBfCnI.exe
  2⤵
  PID:5456
- C:\Windows\System\MjiqQsT.exe
  C:\Windows\System\MjiqQsT.exe
  2⤵
  PID:5476
- C:\Windows\System\eOoXcEL.exe
  C:\Windows\System\eOoXcEL.exe
  2⤵
  PID:5492
- C:\Windows\System\lKKTALO.exe
  C:\Windows\System\lKKTALO.exe
  2⤵
  PID:5508
- C:\Windows\System\wxUTvdj.exe
  C:\Windows\System\wxUTvdj.exe
  2⤵
  PID:5528
- C:\Windows\System\IokShoP.exe
  C:\Windows\System\IokShoP.exe
  2⤵
  PID:5544
- C:\Windows\System\DAesAgn.exe
  C:\Windows\System\DAesAgn.exe
  2⤵
  PID:5560
- C:\Windows\System\culbGhp.exe
  C:\Windows\System\culbGhp.exe
  2⤵
  PID:5580
- C:\Windows\System\EoleFKK.exe
  C:\Windows\System\EoleFKK.exe
  2⤵
  PID:5596
- C:\Windows\System\BygnlAq.exe
  C:\Windows\System\BygnlAq.exe
  2⤵
  PID:5616
- C:\Windows\System\zsBjPzL.exe
  C:\Windows\System\zsBjPzL.exe
  2⤵
  PID:5636
- C:\Windows\System\EXdAjdk.exe
  C:\Windows\System\EXdAjdk.exe
  2⤵
  PID:5656
- C:\Windows\System\tvgTxSe.exe
  C:\Windows\System\tvgTxSe.exe
  2⤵
  PID:5672
- C:\Windows\System\kkaHAWw.exe
  C:\Windows\System\kkaHAWw.exe
  2⤵
  PID:5692
- C:\Windows\System\EMPTvzk.exe
  C:\Windows\System\EMPTvzk.exe
  2⤵
  PID:5712
- C:\Windows\System\CUfOCRF.exe
  C:\Windows\System\CUfOCRF.exe
  2⤵
  PID:5736
- C:\Windows\System\FeAfVqw.exe
  C:\Windows\System\FeAfVqw.exe
  2⤵
  PID:5756
- C:\Windows\System\MNisUfY.exe
  C:\Windows\System\MNisUfY.exe
  2⤵
  PID:5780
- C:\Windows\System\qEvftIj.exe
  C:\Windows\System\qEvftIj.exe
  2⤵
  PID:5820
- C:\Windows\System\wOtXOap.exe
  C:\Windows\System\wOtXOap.exe
  2⤵
  PID:5836
- C:\Windows\System\XbvTBiW.exe
  C:\Windows\System\XbvTBiW.exe
  2⤵
  PID:5852
- C:\Windows\System\lkPbEIN.exe
  C:\Windows\System\lkPbEIN.exe
  2⤵
  PID:5876
- C:\Windows\System\hLsqjCH.exe
  C:\Windows\System\hLsqjCH.exe
  2⤵
  PID:5900
- C:\Windows\System\rQNCFtH.exe
  C:\Windows\System\rQNCFtH.exe
  2⤵
  PID:5916
- C:\Windows\System\yrzomoa.exe
  C:\Windows\System\yrzomoa.exe
  2⤵
  PID:5940
- C:\Windows\System\kvTgcht.exe
  C:\Windows\System\kvTgcht.exe
  2⤵
  PID:5956
- C:\Windows\System\GDuAaUY.exe
  C:\Windows\System\GDuAaUY.exe
  2⤵
  PID:5972
- C:\Windows\System\XkUTWjd.exe
  C:\Windows\System\XkUTWjd.exe
  2⤵
  PID:5988
- C:\Windows\System\WXZwrii.exe
  C:\Windows\System\WXZwrii.exe
  2⤵
  PID:6004
- C:\Windows\System\pmLNkOF.exe
  C:\Windows\System\pmLNkOF.exe
  2⤵
  PID:6024
- C:\Windows\System\OfcXujy.exe
  C:\Windows\System\OfcXujy.exe
  2⤵
  PID:6040
- C:\Windows\System\XXYOwhE.exe
  C:\Windows\System\XXYOwhE.exe
  2⤵
  PID:6080
- C:\Windows\System\ZuErORe.exe
  C:\Windows\System\ZuErORe.exe
  2⤵
  PID:6096
- C:\Windows\System\GOSKrHK.exe
  C:\Windows\System\GOSKrHK.exe
  2⤵
  PID:6112
- C:\Windows\System\oLAucnu.exe
  C:\Windows\System\oLAucnu.exe
  2⤵
  PID:6128
- C:\Windows\System\yXgXrtu.exe
  C:\Windows\System\yXgXrtu.exe
  2⤵
  PID:4876
- C:\Windows\System\mgUwOGQ.exe
  C:\Windows\System\mgUwOGQ.exe
  2⤵
  PID:4444
- C:\Windows\System\fBpnnrS.exe
  C:\Windows\System\fBpnnrS.exe
  2⤵
  PID:5148
- C:\Windows\System\eHYeGWl.exe
  C:\Windows\System\eHYeGWl.exe
  2⤵
  PID:1696
- C:\Windows\System\gygnhub.exe
  C:\Windows\System\gygnhub.exe
  2⤵
  PID:5256
- C:\Windows\System\dJdxSyu.exe
  C:\Windows\System\dJdxSyu.exe
  2⤵
  PID:1084
- C:\Windows\System\VNXCBOj.exe
  C:\Windows\System\VNXCBOj.exe
  2⤵
  PID:3524
- C:\Windows\System\DdPFmPF.exe
  C:\Windows\System\DdPFmPF.exe
  2⤵
  PID:4428
- C:\Windows\System\zRMqnbF.exe
  C:\Windows\System\zRMqnbF.exe
  2⤵
  PID:4844
- C:\Windows\System\otleXOB.exe
  C:\Windows\System\otleXOB.exe
  2⤵
  PID:5244
- C:\Windows\System\bVmkEeX.exe
  C:\Windows\System\bVmkEeX.exe
  2⤵
  PID:4580
- C:\Windows\System\AkEaChp.exe
  C:\Windows\System\AkEaChp.exe
  2⤵
  PID:4828
- C:\Windows\System\JVfsCAi.exe
  C:\Windows\System\JVfsCAi.exe
  2⤵
  PID:5276
- C:\Windows\System\KMbvRuu.exe
  C:\Windows\System\KMbvRuu.exe
  2⤵
  PID:5296
- C:\Windows\System\uRJtmly.exe
  C:\Windows\System\uRJtmly.exe
  2⤵
  PID:5312
- C:\Windows\System\MEIaUyj.exe
  C:\Windows\System\MEIaUyj.exe
  2⤵
  PID:5332
- C:\Windows\System\UwyDbCT.exe
  C:\Windows\System\UwyDbCT.exe
  2⤵
  PID:5348
- C:\Windows\System\Hvmvlla.exe
  C:\Windows\System\Hvmvlla.exe
  2⤵
  PID:5408
- C:\Windows\System\DzkKXyw.exe
  C:\Windows\System\DzkKXyw.exe
  2⤵
  PID:5452
- C:\Windows\System\sERWTCM.exe
  C:\Windows\System\sERWTCM.exe
  2⤵
  PID:5388
- C:\Windows\System\iVMpGQd.exe
  C:\Windows\System\iVMpGQd.exe
  2⤵
  PID:5484
- C:\Windows\System\TtPTyqg.exe
  C:\Windows\System\TtPTyqg.exe
  2⤵
  PID:5520
- C:\Windows\System\brKHVZw.exe
  C:\Windows\System\brKHVZw.exe
  2⤵
  PID:5588
- C:\Windows\System\gyLlyvC.exe
  C:\Windows\System\gyLlyvC.exe
  2⤵
  PID:5744
- C:\Windows\System\qpPxRNV.exe
  C:\Windows\System\qpPxRNV.exe
  2⤵
  PID:5576
- C:\Windows\System\XulxbMx.exe
  C:\Windows\System\XulxbMx.exe
  2⤵
  PID:5436
- C:\Windows\System\LDbNpLw.exe
  C:\Windows\System\LDbNpLw.exe
  2⤵
  PID:5680
- C:\Windows\System\LvDpDhy.exe
  C:\Windows\System\LvDpDhy.exe
  2⤵
  PID:5764
- C:\Windows\System\gqSLAOo.exe
  C:\Windows\System\gqSLAOo.exe
  2⤵
  PID:5816
- C:\Windows\System\oRgJLnd.exe
  C:\Windows\System\oRgJLnd.exe
  2⤵
  PID:5724
- C:\Windows\System\NKIfLOr.exe
  C:\Windows\System\NKIfLOr.exe
  2⤵
  PID:5648
- C:\Windows\System\NHStIPb.exe
  C:\Windows\System\NHStIPb.exe
  2⤵
  PID:5884
- C:\Windows\System\rCVZTAE.exe
  C:\Windows\System\rCVZTAE.exe
  2⤵
  PID:5892
- C:\Windows\System\doLGktb.exe
  C:\Windows\System\doLGktb.exe
  2⤵
  PID:5924
- C:\Windows\System\uyNNOdk.exe
  C:\Windows\System\uyNNOdk.exe
  2⤵
  PID:5936
- C:\Windows\System\dhnHowG.exe
  C:\Windows\System\dhnHowG.exe
  2⤵
  PID:5996
- C:\Windows\System\AxMfphG.exe
  C:\Windows\System\AxMfphG.exe
  2⤵
  PID:6076
- C:\Windows\System\jcoWZbU.exe
  C:\Windows\System\jcoWZbU.exe
  2⤵
  PID:6140
- C:\Windows\System\JNmuyLC.exe
  C:\Windows\System\JNmuyLC.exe
  2⤵
  PID:776
- C:\Windows\System\uGxKFwh.exe
  C:\Windows\System\uGxKFwh.exe
  2⤵
  PID:5168
- C:\Windows\System\riiYiuJ.exe
  C:\Windows\System\riiYiuJ.exe
  2⤵
  PID:4236
- C:\Windows\System\BCBGgHs.exe
  C:\Windows\System\BCBGgHs.exe
  2⤵
  PID:1524
- C:\Windows\System\jCLeFoN.exe
  C:\Windows\System\jCLeFoN.exe
  2⤵
  PID:6088
- C:\Windows\System\UyFnYTi.exe
  C:\Windows\System\UyFnYTi.exe
  2⤵
  PID:4136
- C:\Windows\System\VyVuXme.exe
  C:\Windows\System\VyVuXme.exe
  2⤵
  PID:2984
- C:\Windows\System\ohVQHvT.exe
  C:\Windows\System\ohVQHvT.exe
  2⤵
  PID:5368
- C:\Windows\System\wZEiPNc.exe
  C:\Windows\System\wZEiPNc.exe
  2⤵
  PID:5556
- C:\Windows\System\UsFEhYs.exe
  C:\Windows\System\UsFEhYs.exe
  2⤵
  PID:5328
- C:\Windows\System\zdnEnoi.exe
  C:\Windows\System\zdnEnoi.exe
  2⤵
  PID:5572
- C:\Windows\System\SmNftle.exe
  C:\Windows\System\SmNftle.exe
  2⤵
  PID:5632
- C:\Windows\System\IVmemqA.exe
  C:\Windows\System\IVmemqA.exe
  2⤵
  PID:5708
- C:\Windows\System\NNLvndm.exe
  C:\Windows\System\NNLvndm.exe
  2⤵
  PID:5240
- C:\Windows\System\sbXCmoD.exe
  C:\Windows\System\sbXCmoD.exe
  2⤵
  PID:5464
- C:\Windows\System\ePaQEDq.exe
  C:\Windows\System\ePaQEDq.exe
  2⤵
  PID:964
- C:\Windows\System\wWVHlny.exe
  C:\Windows\System\wWVHlny.exe
  2⤵
  PID:5792
- C:\Windows\System\fOmQfRu.exe
  C:\Windows\System\fOmQfRu.exe
  2⤵
  PID:5732
- C:\Windows\System\AXWPAGb.exe
  C:\Windows\System\AXWPAGb.exe
  2⤵
  PID:5288
- C:\Windows\System\dUfavkp.exe
  C:\Windows\System\dUfavkp.exe
  2⤵
  PID:5896
- C:\Windows\System\YuGDpFf.exe
  C:\Windows\System\YuGDpFf.exe
  2⤵
  PID:5800
- C:\Windows\System\hGxzjdt.exe
  C:\Windows\System\hGxzjdt.exe
  2⤵
  PID:5728
- C:\Windows\System\pbRbANQ.exe
  C:\Windows\System\pbRbANQ.exe
  2⤵
  PID:6036
- C:\Windows\System\jRktLZd.exe
  C:\Windows\System\jRktLZd.exe
  2⤵
  PID:6020
- C:\Windows\System\IFbTtSO.exe
  C:\Windows\System\IFbTtSO.exe
  2⤵
  PID:6104
- C:\Windows\System\bvJUlmO.exe
  C:\Windows\System\bvJUlmO.exe
  2⤵
  PID:5952
- C:\Windows\System\oLwWkKF.exe
  C:\Windows\System\oLwWkKF.exe
  2⤵
  PID:4932
- C:\Windows\System\BwcInrl.exe
  C:\Windows\System\BwcInrl.exe
  2⤵
  PID:3704
- C:\Windows\System\fIEEoyR.exe
  C:\Windows\System\fIEEoyR.exe
  2⤵
  PID:5624
- C:\Windows\System\MIhGUmU.exe
  C:\Windows\System\MIhGUmU.exe
  2⤵
  PID:5788
- C:\Windows\System\LzpChnw.exe
  C:\Windows\System\LzpChnw.exe
  2⤵
  PID:5720
- C:\Windows\System\pWVmgAg.exe
  C:\Windows\System\pWVmgAg.exe
  2⤵
  PID:5608
- C:\Windows\System\FmKDHIL.exe
  C:\Windows\System\FmKDHIL.exe
  2⤵
  PID:6120
- C:\Windows\System\UkcRkSe.exe
  C:\Windows\System\UkcRkSe.exe
  2⤵
  PID:5832
- C:\Windows\System\xePAWHt.exe
  C:\Windows\System\xePAWHt.exe
  2⤵
  PID:5804
- C:\Windows\System\lnBogLP.exe
  C:\Windows\System\lnBogLP.exe
  2⤵
  PID:6072
- C:\Windows\System\DOWjOsB.exe
  C:\Windows\System\DOWjOsB.exe
  2⤵
  PID:5752
- C:\Windows\System\wprFnAa.exe
  C:\Windows\System\wprFnAa.exe
  2⤵
  PID:5472
- C:\Windows\System\jvKwaDk.exe
  C:\Windows\System\jvKwaDk.exe
  2⤵
  PID:5424
- C:\Windows\System\UxezEKb.exe
  C:\Windows\System\UxezEKb.exe
  2⤵
  PID:2496
- C:\Windows\System\kJbIcwj.exe
  C:\Windows\System\kJbIcwj.exe
  2⤵
  PID:5324
- C:\Windows\System\HSNLNKo.exe
  C:\Windows\System\HSNLNKo.exe
  2⤵
  PID:5848
- C:\Windows\System\JjMCWwS.exe
  C:\Windows\System\JjMCWwS.exe
  2⤵
  PID:5184
- C:\Windows\System\cEFNlKT.exe
  C:\Windows\System\cEFNlKT.exe
  2⤵
  PID:6032
- C:\Windows\System\zRsaJDp.exe
  C:\Windows\System\zRsaJDp.exe
  2⤵
  PID:5828
- C:\Windows\System\uVoXevp.exe
  C:\Windows\System\uVoXevp.exe
  2⤵
  PID:5812
- C:\Windows\System\PPUtcIt.exe
  C:\Windows\System\PPUtcIt.exe
  2⤵
  PID:5224
- C:\Windows\System\ohVEtOF.exe
  C:\Windows\System\ohVEtOF.exe
  2⤵
  PID:5128
- C:\Windows\System\aEOxmOP.exe
  C:\Windows\System\aEOxmOP.exe
  2⤵
  PID:6060
- C:\Windows\System\oWjjWKO.exe
  C:\Windows\System\oWjjWKO.exe
  2⤵
  PID:5304
- C:\Windows\System\zSynPvZ.exe
  C:\Windows\System\zSynPvZ.exe
  2⤵
  PID:5912
- C:\Windows\System\nGOLnCc.exe
  C:\Windows\System\nGOLnCc.exe
  2⤵
  PID:4816
- C:\Windows\System\HqMGfWS.exe
  C:\Windows\System\HqMGfWS.exe
  2⤵
  PID:5236
- C:\Windows\System\NsuQUjL.exe
  C:\Windows\System\NsuQUjL.exe
  2⤵
  PID:6156
- C:\Windows\System\oycdrFa.exe
  C:\Windows\System\oycdrFa.exe
  2⤵
  PID:6176
- C:\Windows\System\FCeFwmD.exe
  C:\Windows\System\FCeFwmD.exe
  2⤵
  PID:6192
- C:\Windows\System\MSgBzXU.exe
  C:\Windows\System\MSgBzXU.exe
  2⤵
  PID:6208
- C:\Windows\System\RzZSvbC.exe
  C:\Windows\System\RzZSvbC.exe
  2⤵
  PID:6224
- C:\Windows\System\LeglGGU.exe
  C:\Windows\System\LeglGGU.exe
  2⤵
  PID:6240
- C:\Windows\System\SAHzgwO.exe
  C:\Windows\System\SAHzgwO.exe
  2⤵
  PID:6256
- C:\Windows\System\pexnaVx.exe
  C:\Windows\System\pexnaVx.exe
  2⤵
  PID:6276
- C:\Windows\System\wBcjBKa.exe
  C:\Windows\System\wBcjBKa.exe
  2⤵
  PID:6296
- C:\Windows\System\DVoeGWD.exe
  C:\Windows\System\DVoeGWD.exe
  2⤵
  PID:6324
- C:\Windows\System\gtnAJKP.exe
  C:\Windows\System\gtnAJKP.exe
  2⤵
  PID:6396
- C:\Windows\System\pkfqlFQ.exe
  C:\Windows\System\pkfqlFQ.exe
  2⤵
  PID:6412
- C:\Windows\System\qxTTGFL.exe
  C:\Windows\System\qxTTGFL.exe
  2⤵
  PID:6432
- C:\Windows\System\FSXZRNf.exe
  C:\Windows\System\FSXZRNf.exe
  2⤵
  PID:6448
- C:\Windows\System\maEpaEy.exe
  C:\Windows\System\maEpaEy.exe
  2⤵
  PID:6464
- C:\Windows\System\bWPQpOu.exe
  C:\Windows\System\bWPQpOu.exe
  2⤵
  PID:6480
- C:\Windows\System\jxpQiFu.exe
  C:\Windows\System\jxpQiFu.exe
  2⤵
  PID:6508
- C:\Windows\System\KRdADfC.exe
  C:\Windows\System\KRdADfC.exe
  2⤵
  PID:6524
- C:\Windows\System\aAqaGen.exe
  C:\Windows\System\aAqaGen.exe
  2⤵
  PID:6540
- C:\Windows\System\XtSunJL.exe
  C:\Windows\System\XtSunJL.exe
  2⤵
  PID:6556
- C:\Windows\System\LydbLts.exe
  C:\Windows\System\LydbLts.exe
  2⤵
  PID:6580
- C:\Windows\System\hcBbgLa.exe
  C:\Windows\System\hcBbgLa.exe
  2⤵
  PID:6608
- C:\Windows\System\NwZbgRp.exe
  C:\Windows\System\NwZbgRp.exe
  2⤵
  PID:6624
- C:\Windows\System\rkXorJX.exe
  C:\Windows\System\rkXorJX.exe
  2⤵
  PID:6640
- C:\Windows\System\hGtMvjE.exe
  C:\Windows\System\hGtMvjE.exe
  2⤵
  PID:6656
- C:\Windows\System\dwGqJUv.exe
  C:\Windows\System\dwGqJUv.exe
  2⤵
  PID:6676
- C:\Windows\System\gaoFKgN.exe
  C:\Windows\System\gaoFKgN.exe
  2⤵
  PID:6720
- C:\Windows\System\VliLyrQ.exe
  C:\Windows\System\VliLyrQ.exe
  2⤵
  PID:6736
- C:\Windows\System\ZrnXvaw.exe
  C:\Windows\System\ZrnXvaw.exe
  2⤵
  PID:6752
- C:\Windows\System\NyjRecR.exe
  C:\Windows\System\NyjRecR.exe
  2⤵
  PID:6768
- C:\Windows\System\ZcmvUeY.exe
  C:\Windows\System\ZcmvUeY.exe
  2⤵
  PID:6784
- C:\Windows\System\fIZAInR.exe
  C:\Windows\System\fIZAInR.exe
  2⤵
  PID:6808
- C:\Windows\System\nBCcQWB.exe
  C:\Windows\System\nBCcQWB.exe
  2⤵
  PID:6828
- C:\Windows\System\zQIHauw.exe
  C:\Windows\System\zQIHauw.exe
  2⤵
  PID:6844
- C:\Windows\System\LMNHRyu.exe
  C:\Windows\System\LMNHRyu.exe
  2⤵
  PID:6868
- C:\Windows\System\MIMuzUo.exe
  C:\Windows\System\MIMuzUo.exe
  2⤵
  PID:6884
- C:\Windows\System\kirwxuB.exe
  C:\Windows\System\kirwxuB.exe
  2⤵
  PID:6900
- C:\Windows\System\uHyGmKq.exe
  C:\Windows\System\uHyGmKq.exe
  2⤵
  PID:6920
- C:\Windows\System\MZhMeoy.exe
  C:\Windows\System\MZhMeoy.exe
  2⤵
  PID:6940
- C:\Windows\System\lwsQjgo.exe
  C:\Windows\System\lwsQjgo.exe
  2⤵
  PID:6956
- C:\Windows\System\VoaTzFN.exe
  C:\Windows\System\VoaTzFN.exe
  2⤵
  PID:7000
- C:\Windows\System\UvxdYjE.exe
  C:\Windows\System\UvxdYjE.exe
  2⤵
  PID:7016
- C:\Windows\System\DXcQKhQ.exe
  C:\Windows\System\DXcQKhQ.exe
  2⤵
  PID:7036
- C:\Windows\System\gPtaqFr.exe
  C:\Windows\System\gPtaqFr.exe
  2⤵
  PID:7052
- C:\Windows\System\uRfMgFi.exe
  C:\Windows\System\uRfMgFi.exe
  2⤵
  PID:7072
- C:\Windows\System\CEucOoi.exe
  C:\Windows\System\CEucOoi.exe
  2⤵
  PID:7088
- C:\Windows\System\OzfqPJx.exe
  C:\Windows\System\OzfqPJx.exe
  2⤵
  PID:7108
- C:\Windows\System\AZhBXSJ.exe
  C:\Windows\System\AZhBXSJ.exe
  2⤵
  PID:7124
- C:\Windows\System\KmJVyZc.exe
  C:\Windows\System\KmJVyZc.exe
  2⤵
  PID:7144
- C:\Windows\System\CUCgmWa.exe
  C:\Windows\System\CUCgmWa.exe
  2⤵
  PID:7160
- C:\Windows\System\hmEMPsn.exe
  C:\Windows\System\hmEMPsn.exe
  2⤵
  PID:6184
- C:\Windows\System\IJFYqdv.exe
  C:\Windows\System\IJFYqdv.exe
  2⤵
  PID:6248
- C:\Windows\System\SLYWFPI.exe
  C:\Windows\System\SLYWFPI.exe
  2⤵
  PID:6292
- C:\Windows\System\keGRSpO.exe
  C:\Windows\System\keGRSpO.exe
  2⤵
  PID:6384
- C:\Windows\System\pTODzAU.exe
  C:\Windows\System\pTODzAU.exe
  2⤵
  PID:5432
- C:\Windows\System\JOaREMV.exe
  C:\Windows\System\JOaREMV.exe
  2⤵
  PID:5220
- C:\Windows\System\jiFKNVD.exe
  C:\Windows\System\jiFKNVD.exe
  2⤵
  PID:6460
- C:\Windows\System\NPaBoEQ.exe
  C:\Windows\System\NPaBoEQ.exe
  2⤵
  PID:5872
- C:\Windows\System\EgDeSkx.exe
  C:\Windows\System\EgDeSkx.exe
  2⤵
  PID:6012
- C:\Windows\System\nRNYodZ.exe
  C:\Windows\System\nRNYodZ.exe
  2⤵
  PID:4692
- C:\Windows\System\ANdUVlS.exe
  C:\Windows\System\ANdUVlS.exe
  2⤵
  PID:6204
- C:\Windows\System\fbJXynb.exe
  C:\Windows\System\fbJXynb.exe
  2⤵
  PID:6272
- C:\Windows\System\PNsvCES.exe
  C:\Windows\System\PNsvCES.exe
  2⤵
  PID:6316
- C:\Windows\System\WraTMpw.exe
  C:\Windows\System\WraTMpw.exe
  2⤵
  PID:6496
- C:\Windows\System\Oxdoxqq.exe
  C:\Windows\System\Oxdoxqq.exe
  2⤵
  PID:6536
- C:\Windows\System\ZwUXJgP.exe
  C:\Windows\System\ZwUXJgP.exe
  2⤵
  PID:6592
- C:\Windows\System\dPQifia.exe
  C:\Windows\System\dPQifia.exe
  2⤵
  PID:6684
- C:\Windows\System\VRdlIKG.exe
  C:\Windows\System\VRdlIKG.exe
  2⤵
  PID:6548
- C:\Windows\System\SMDOUeZ.exe
  C:\Windows\System\SMDOUeZ.exe
  2⤵
  PID:6708
- C:\Windows\System\eGzSCyK.exe
  C:\Windows\System\eGzSCyK.exe
  2⤵
  PID:6552
- C:\Windows\System\XOaUvQN.exe
  C:\Windows\System\XOaUvQN.exe
  2⤵
  PID:6604
- C:\Windows\System\JHeZFKt.exe
  C:\Windows\System\JHeZFKt.exe
  2⤵
  PID:6748
- C:\Windows\System\rNNJiaL.exe
  C:\Windows\System\rNNJiaL.exe
  2⤵
  PID:6824
- C:\Windows\System\AcSoizn.exe
  C:\Windows\System\AcSoizn.exe
  2⤵
  PID:6892
- C:\Windows\System\bqKbpcz.exe
  C:\Windows\System\bqKbpcz.exe
  2⤵
  PID:6732
- C:\Windows\System\CzkTcYo.exe
  C:\Windows\System\CzkTcYo.exe
  2⤵
  PID:6984
- C:\Windows\System\ubbUFzl.exe
  C:\Windows\System\ubbUFzl.exe
  2⤵
  PID:6760
- C:\Windows\System\RxgLFFk.exe
  C:\Windows\System\RxgLFFk.exe
  2⤵
  PID:6800
- C:\Windows\System\cBNiPFo.exe
  C:\Windows\System\cBNiPFo.exe
  2⤵
  PID:6968
- C:\Windows\System\wvkeroX.exe
  C:\Windows\System\wvkeroX.exe
  2⤵
  PID:7100
- C:\Windows\System\IwuaBhk.exe
  C:\Windows\System\IwuaBhk.exe
  2⤵
  PID:7140
- C:\Windows\System\DLGBWIF.exe
  C:\Windows\System\DLGBWIF.exe
  2⤵
  PID:6288
- C:\Windows\System\izSNJjx.exe
  C:\Windows\System\izSNJjx.exe
  2⤵
  PID:7084
- C:\Windows\System\YRLCYHj.exe
  C:\Windows\System\YRLCYHj.exe
  2⤵
  PID:6360
- C:\Windows\System\LauiYhU.exe
  C:\Windows\System\LauiYhU.exe
  2⤵
  PID:6220
- C:\Windows\System\qfTkGNb.exe
  C:\Windows\System\qfTkGNb.exe
  2⤵
  PID:6364
- C:\Windows\System\tcrFdkA.exe
  C:\Windows\System\tcrFdkA.exe
  2⤵
  PID:6392
- C:\Windows\System\KdlxGsh.exe
  C:\Windows\System\KdlxGsh.exe
  2⤵
  PID:2416
- C:\Windows\System\bfmvxCv.exe
  C:\Windows\System\bfmvxCv.exe
  2⤵
  PID:6308
- C:\Windows\System\jYGtOnu.exe
  C:\Windows\System\jYGtOnu.exe
  2⤵
  PID:6652
- C:\Windows\System\KSKLpvR.exe
  C:\Windows\System\KSKLpvR.exe
  2⤵
  PID:6600
- C:\Windows\System\usvdgho.exe
  C:\Windows\System\usvdgho.exe
  2⤵
  PID:5932
- C:\Windows\System\wPGKRjG.exe
  C:\Windows\System\wPGKRjG.exe
  2⤵
  PID:6928
- C:\Windows\System\cRrDNna.exe
  C:\Windows\System\cRrDNna.exe
  2⤵
  PID:6992
- C:\Windows\System\elTDVwn.exe
  C:\Windows\System\elTDVwn.exe
  2⤵
  PID:6404
- C:\Windows\System\PUDAyqX.exe
  C:\Windows\System\PUDAyqX.exe
  2⤵
  PID:6440
- C:\Windows\System\fwqfRkj.exe
  C:\Windows\System\fwqfRkj.exe
  2⤵
  PID:6232
- C:\Windows\System\efwWAnn.exe
  C:\Windows\System\efwWAnn.exe
  2⤵
  PID:6264
- C:\Windows\System\GXlDQeo.exe
  C:\Windows\System\GXlDQeo.exe
  2⤵
  PID:5364
- C:\Windows\System\fIwqOQz.exe
  C:\Windows\System\fIwqOQz.exe
  2⤵
  PID:6572
- C:\Windows\System\FSHYUFE.exe
  C:\Windows\System\FSHYUFE.exe
  2⤵
  PID:6408
- C:\Windows\System\KflzInc.exe
  C:\Windows\System\KflzInc.exe
  2⤵
  PID:6980
- C:\Windows\System\oEMacuP.exe
  C:\Windows\System\oEMacuP.exe
  2⤵
  PID:7136
- C:\Windows\System\mDiXlTq.exe
  C:\Windows\System\mDiXlTq.exe
  2⤵
  PID:6356
- C:\Windows\System\RAitWqY.exe
  C:\Windows\System\RAitWqY.exe
  2⤵
  PID:6620
- C:\Windows\System\hNKzZYc.exe
  C:\Windows\System\hNKzZYc.exe
  2⤵
  PID:6704
- C:\Windows\System\Eoawxsp.exe
  C:\Windows\System\Eoawxsp.exe
  2⤵
  PID:7156
- C:\Windows\System\lQsWNjm.exe
  C:\Windows\System\lQsWNjm.exe
  2⤵
  PID:1716
- C:\Windows\System\FkDXSdN.exe
  C:\Windows\System\FkDXSdN.exe
  2⤵
  PID:5668
- C:\Windows\System\uxlpWEx.exe
  C:\Windows\System\uxlpWEx.exe
  2⤵
  PID:6840
- C:\Windows\System\oZagJKC.exe
  C:\Windows\System\oZagJKC.exe
  2⤵
  PID:7024
- C:\Windows\System\xaYCToG.exe
  C:\Windows\System\xaYCToG.exe
  2⤵
  PID:6688
- C:\Windows\System\TbXFskt.exe
  C:\Windows\System\TbXFskt.exe
  2⤵
  PID:7096
- C:\Windows\System\RPAnHhH.exe
  C:\Windows\System\RPAnHhH.exe
  2⤵
  PID:7048
- C:\Windows\System\svyOmYU.exe
  C:\Windows\System\svyOmYU.exe
  2⤵
  PID:7188
- C:\Windows\System\HmqhpwX.exe
  C:\Windows\System\HmqhpwX.exe
  2⤵
  PID:7204
- C:\Windows\System\CeccfXE.exe
  C:\Windows\System\CeccfXE.exe
  2⤵
  PID:7220
- C:\Windows\System\GZvuqAE.exe
  C:\Windows\System\GZvuqAE.exe
  2⤵
  PID:7240
- C:\Windows\System\QEsbvWp.exe
  C:\Windows\System\QEsbvWp.exe
  2⤵
  PID:7256
- C:\Windows\System\jwRUXAJ.exe
  C:\Windows\System\jwRUXAJ.exe
  2⤵
  PID:7284
- C:\Windows\System\ucLtIaT.exe
  C:\Windows\System\ucLtIaT.exe
  2⤵
  PID:7308
- C:\Windows\System\zKxHLnb.exe
  C:\Windows\System\zKxHLnb.exe
  2⤵
  PID:7324
- C:\Windows\System\asBxnkd.exe
  C:\Windows\System\asBxnkd.exe
  2⤵
  PID:7376
- C:\Windows\System\TLkYPOz.exe
  C:\Windows\System\TLkYPOz.exe
  2⤵
  PID:7420
- C:\Windows\System\RlNweNp.exe
  C:\Windows\System\RlNweNp.exe
  2⤵
  PID:7444
- C:\Windows\System\dQHwxOe.exe
  C:\Windows\System\dQHwxOe.exe
  2⤵
  PID:7460
- C:\Windows\System\cZcnQrl.exe
  C:\Windows\System\cZcnQrl.exe
  2⤵
  PID:7480
- C:\Windows\System\XnjLrsV.exe
  C:\Windows\System\XnjLrsV.exe
  2⤵
  PID:7496
- C:\Windows\System\diXtzkX.exe
  C:\Windows\System\diXtzkX.exe
  2⤵
  PID:7516
- C:\Windows\System\WVxHSDI.exe
  C:\Windows\System\WVxHSDI.exe
  2⤵
  PID:7532
- C:\Windows\System\TguhRFg.exe
  C:\Windows\System\TguhRFg.exe
  2⤵
  PID:7552
- C:\Windows\System\apxBtWP.exe
  C:\Windows\System\apxBtWP.exe
  2⤵
  PID:7572
- C:\Windows\System\XcZlYaQ.exe
  C:\Windows\System\XcZlYaQ.exe
  2⤵
  PID:7588
- C:\Windows\System\vidkTsN.exe
  C:\Windows\System\vidkTsN.exe
  2⤵
  PID:7604
- C:\Windows\System\GjJUEPs.exe
  C:\Windows\System\GjJUEPs.exe
  2⤵
  PID:7620
- C:\Windows\System\JTpxSbZ.exe
  C:\Windows\System\JTpxSbZ.exe
  2⤵
  PID:7680
- C:\Windows\System\chNPcwz.exe
  C:\Windows\System\chNPcwz.exe
  2⤵
  PID:7700
- C:\Windows\System\pVGFBAj.exe
  C:\Windows\System\pVGFBAj.exe
  2⤵
  PID:7716
- C:\Windows\System\lLpTnMy.exe
  C:\Windows\System\lLpTnMy.exe
  2⤵
  PID:7732
- C:\Windows\System\fKperuV.exe
  C:\Windows\System\fKperuV.exe
  2⤵
  PID:7748
- C:\Windows\System\TzMYzAS.exe
  C:\Windows\System\TzMYzAS.exe
  2⤵
  PID:7764
- C:\Windows\System\QIdqREJ.exe
  C:\Windows\System\QIdqREJ.exe
  2⤵
  PID:7784
- C:\Windows\System\imDHazV.exe
  C:\Windows\System\imDHazV.exe
  2⤵
  PID:7804
- C:\Windows\System\OLiuseP.exe
  C:\Windows\System\OLiuseP.exe
  2⤵
  PID:7824
- C:\Windows\System\NPuOsTn.exe
  C:\Windows\System\NPuOsTn.exe
  2⤵
  PID:7840
- C:\Windows\System\oHQGXRQ.exe
  C:\Windows\System\oHQGXRQ.exe
  2⤵
  PID:7856
- C:\Windows\System\RuJeWfV.exe
  C:\Windows\System\RuJeWfV.exe
  2⤵
  PID:7872
- C:\Windows\System\Yigstgl.exe
  C:\Windows\System\Yigstgl.exe
  2⤵
  PID:7896
- C:\Windows\System\skScwan.exe
  C:\Windows\System\skScwan.exe
  2⤵
  PID:7912
- C:\Windows\System\lCsZVZB.exe
  C:\Windows\System\lCsZVZB.exe
  2⤵
  PID:7932
- C:\Windows\System\FCuXtwi.exe
  C:\Windows\System\FCuXtwi.exe
  2⤵
  PID:7952
- C:\Windows\System\vRaSoyv.exe
  C:\Windows\System\vRaSoyv.exe
  2⤵
  PID:7972
- C:\Windows\System\MkHHDQM.exe
  C:\Windows\System\MkHHDQM.exe
  2⤵
  PID:7988
- C:\Windows\System\NlATzjl.exe
  C:\Windows\System\NlATzjl.exe
  2⤵
  PID:8008
- C:\Windows\System\qeTmIEu.exe
  C:\Windows\System\qeTmIEu.exe
  2⤵
  PID:8028
- C:\Windows\System\xIoPDRC.exe
  C:\Windows\System\xIoPDRC.exe
  2⤵
  PID:8044
- C:\Windows\System\XcfbRxz.exe
  C:\Windows\System\XcfbRxz.exe
  2⤵
  PID:8064
- C:\Windows\System\yNULBkA.exe
  C:\Windows\System\yNULBkA.exe
  2⤵
  PID:8080
- C:\Windows\System\DdePAbR.exe
  C:\Windows\System\DdePAbR.exe
  2⤵
  PID:8096
- C:\Windows\System\UzevCGM.exe
  C:\Windows\System\UzevCGM.exe
  2⤵
  PID:8112
- C:\Windows\System\CTSnUZX.exe
  C:\Windows\System\CTSnUZX.exe
  2⤵
  PID:8128
- C:\Windows\System\qtyYTVK.exe
  C:\Windows\System\qtyYTVK.exe
  2⤵
  PID:8144
- C:\Windows\System\HSUQnQE.exe
  C:\Windows\System\HSUQnQE.exe
  2⤵
  PID:8160
- C:\Windows\System\lPwjeBg.exe
  C:\Windows\System\lPwjeBg.exe
  2⤵
  PID:8176
- C:\Windows\System\GJlGtZy.exe
  C:\Windows\System\GJlGtZy.exe
  2⤵
  PID:6976
- C:\Windows\System\xfjKLew.exe
  C:\Windows\System\xfjKLew.exe
  2⤵
  PID:6796
- C:\Windows\System\RyxgRkD.exe
  C:\Windows\System\RyxgRkD.exe
  2⤵
  PID:7064
- C:\Windows\System\tMiJduM.exe
  C:\Windows\System\tMiJduM.exe
  2⤵
  PID:7292
- C:\Windows\System\zRWAOSM.exe
  C:\Windows\System\zRWAOSM.exe
  2⤵
  PID:6456
- C:\Windows\System\CxAoBtA.exe
  C:\Windows\System\CxAoBtA.exe
  2⤵
  PID:6492
- C:\Windows\System\zZlNpJo.exe
  C:\Windows\System\zZlNpJo.exe
  2⤵
  PID:6172
- C:\Windows\System\FlzvZoK.exe
  C:\Windows\System\FlzvZoK.exe
  2⤵
  PID:7228
- C:\Windows\System\FdlgIIg.exe
  C:\Windows\System\FdlgIIg.exe
  2⤵
  PID:7272
- C:\Windows\System\UWjbHex.exe
  C:\Windows\System\UWjbHex.exe
  2⤵
  PID:7364
- C:\Windows\System\axfIqUf.exe
  C:\Windows\System\axfIqUf.exe
  2⤵
  PID:7340
- C:\Windows\System\LxaWRme.exe
  C:\Windows\System\LxaWRme.exe
  2⤵
  PID:7360
- C:\Windows\System\GpBocpf.exe
  C:\Windows\System\GpBocpf.exe
  2⤵
  PID:7468
- C:\Windows\System\JMbFIIs.exe
  C:\Windows\System\JMbFIIs.exe
  2⤵
  PID:7508
- C:\Windows\System\bIXtbDm.exe
  C:\Windows\System\bIXtbDm.exe
  2⤵
  PID:7584
- C:\Windows\System\kKPjZKi.exe
  C:\Windows\System\kKPjZKi.exe
  2⤵
  PID:7412
- C:\Windows\System\rUumcQD.exe
  C:\Windows\System\rUumcQD.exe
  2⤵
  PID:7528
- C:\Windows\System\mYYIrFv.exe
  C:\Windows\System\mYYIrFv.exe
  2⤵
  PID:7600
- C:\Windows\System\qPkeenZ.exe
  C:\Windows\System\qPkeenZ.exe
  2⤵
  PID:7644
- C:\Windows\System\aoiOoNt.exe
  C:\Windows\System\aoiOoNt.exe
  2⤵
  PID:7668
- C:\Windows\System\MRIVAYN.exe
  C:\Windows\System\MRIVAYN.exe
  2⤵
  PID:7728
- C:\Windows\System\JmKFhLG.exe
  C:\Windows\System\JmKFhLG.exe
  2⤵
  PID:7796
- C:\Windows\System\DASMxro.exe
  C:\Windows\System\DASMxro.exe
  2⤵
  PID:7836
- C:\Windows\System\RsOZyhk.exe
  C:\Windows\System\RsOZyhk.exe
  2⤵
  PID:7908
- C:\Windows\System\jsvDKcY.exe
  C:\Windows\System\jsvDKcY.exe
  2⤵
  PID:7980
- C:\Windows\System\eOBGJiP.exe
  C:\Windows\System\eOBGJiP.exe
  2⤵
  PID:8024
- C:\Windows\System\SMlqoJr.exe
  C:\Windows\System\SMlqoJr.exe
  2⤵
  PID:7712
- C:\Windows\System\gYEeVnG.exe
  C:\Windows\System\gYEeVnG.exe
  2⤵
  PID:7776
- C:\Windows\System\HvQAuzS.exe
  C:\Windows\System\HvQAuzS.exe
  2⤵
  PID:7848
- C:\Windows\System\Unobtzh.exe
  C:\Windows\System\Unobtzh.exe
  2⤵
  PID:7884
- C:\Windows\System\zyTgFqv.exe
  C:\Windows\System\zyTgFqv.exe
  2⤵
  PID:7924
- C:\Windows\System\FcMjTZp.exe
  C:\Windows\System\FcMjTZp.exe
  2⤵
  PID:7996
- C:\Windows\System\hKmvrGy.exe
  C:\Windows\System\hKmvrGy.exe
  2⤵
  PID:8056
- C:\Windows\System\raHvwJS.exe
  C:\Windows\System\raHvwJS.exe
  2⤵
  PID:8104
- C:\Windows\System\JeTQwbS.exe
  C:\Windows\System\JeTQwbS.exe
  2⤵
  PID:8124
- C:\Windows\System\idNVmYR.exe
  C:\Windows\System\idNVmYR.exe
  2⤵
  PID:8184
- C:\Windows\System\PWZHKwj.exe
  C:\Windows\System\PWZHKwj.exe
  2⤵
  PID:7028
- C:\Windows\System\zUzuSJn.exe
  C:\Windows\System\zUzuSJn.exe
  2⤵
  PID:6444
- C:\Windows\System\qofcQiy.exe
  C:\Windows\System\qofcQiy.exe
  2⤵
  PID:7216
- C:\Windows\System\SFaJLic.exe
  C:\Windows\System\SFaJLic.exe
  2⤵
  PID:6152
- C:\Windows\System\laTfgCb.exe
  C:\Windows\System\laTfgCb.exe
  2⤵
  PID:7032
- C:\Windows\System\OYBPSZN.exe
  C:\Windows\System\OYBPSZN.exe
  2⤵
  PID:7372
- C:\Windows\System\JOzrkct.exe
  C:\Windows\System\JOzrkct.exe
  2⤵
  PID:7440
- C:\Windows\System\wRnePAX.exe
  C:\Windows\System\wRnePAX.exe
  2⤵
  PID:7544
- C:\Windows\System\vLRuonI.exe
  C:\Windows\System\vLRuonI.exe
  2⤵
  PID:7280
- C:\Windows\System\Shdpeun.exe
  C:\Windows\System\Shdpeun.exe
  2⤵
  PID:7504
- C:\Windows\System\uxRHiwq.exe
  C:\Windows\System\uxRHiwq.exe
  2⤵
  PID:7476
- C:\Windows\System\rLBnkWc.exe
  C:\Windows\System\rLBnkWc.exe
  2⤵
  PID:7400
- C:\Windows\System\pAGlSPv.exe
  C:\Windows\System\pAGlSPv.exe
  2⤵
  PID:7524
- C:\Windows\System\uGwLJXu.exe
  C:\Windows\System\uGwLJXu.exe
  2⤵
  PID:7632
- C:\Windows\System\CSXQssU.exe
  C:\Windows\System\CSXQssU.exe
  2⤵
  PID:7640
- C:\Windows\System\UnPNUxA.exe
  C:\Windows\System\UnPNUxA.exe
  2⤵
  PID:7832
- C:\Windows\System\HKoUhAO.exe
  C:\Windows\System\HKoUhAO.exe
  2⤵
  PID:7780
- C:\Windows\System\gZUctnL.exe
  C:\Windows\System\gZUctnL.exe
  2⤵
  PID:8004
- C:\Windows\System\orMDIka.exe
  C:\Windows\System\orMDIka.exe
  2⤵
  PID:8120
- C:\Windows\System\rvkLWXh.exe
  C:\Windows\System\rvkLWXh.exe
  2⤵
  PID:6376
- C:\Windows\System\PkNMpmA.exe
  C:\Windows\System\PkNMpmA.exe
  2⤵
  PID:7432
- C:\Windows\System\SQQvBoY.exe
  C:\Windows\System\SQQvBoY.exe
  2⤵
  PID:7008
- C:\Windows\System\JLqGNWy.exe
  C:\Windows\System\JLqGNWy.exe
  2⤵
  PID:8016
- C:\Windows\System\xLWympV.exe
  C:\Windows\System\xLWympV.exe
  2⤵
  PID:7596
- C:\Windows\System\ryyYDnA.exe
  C:\Windows\System\ryyYDnA.exe
  2⤵
  PID:8052
- C:\Windows\System\GUuFyKd.exe
  C:\Windows\System\GUuFyKd.exe
  2⤵
  PID:7176
- C:\Windows\System\PezKLsK.exe
  C:\Windows\System\PezKLsK.exe
  2⤵
  PID:8208
- C:\Windows\System\ZLLRKdj.exe
  C:\Windows\System\ZLLRKdj.exe
  2⤵
  PID:8224
- C:\Windows\System\NWoIZZU.exe
  C:\Windows\System\NWoIZZU.exe
  2⤵
  PID:8240
- C:\Windows\System\yvUenYW.exe
  C:\Windows\System\yvUenYW.exe
  2⤵
  PID:8260
- C:\Windows\System\WazcUCT.exe
  C:\Windows\System\WazcUCT.exe
  2⤵
  PID:8280
- C:\Windows\System\EDfWQJl.exe
  C:\Windows\System\EDfWQJl.exe
  2⤵
  PID:8308
- C:\Windows\System\UFaIjrS.exe
  C:\Windows\System\UFaIjrS.exe
  2⤵
  PID:8324
- C:\Windows\System\oLIQfiX.exe
  C:\Windows\System\oLIQfiX.exe
  2⤵
  PID:8340
- C:\Windows\System\BWTedbh.exe
  C:\Windows\System\BWTedbh.exe
  2⤵
  PID:8364
- C:\Windows\System\brZxGfn.exe
  C:\Windows\System\brZxGfn.exe
  2⤵
  PID:8380
- C:\Windows\System\JRpNgwX.exe
  C:\Windows\System\JRpNgwX.exe
  2⤵
  PID:8400
- C:\Windows\System\NEVyImv.exe
  C:\Windows\System\NEVyImv.exe
  2⤵
  PID:8432
- C:\Windows\System\Rgyzldk.exe
  C:\Windows\System\Rgyzldk.exe
  2⤵
  PID:8448
- C:\Windows\System\FKJdGsG.exe
  C:\Windows\System\FKJdGsG.exe
  2⤵
  PID:8464
- C:\Windows\System\YSjnIUv.exe
  C:\Windows\System\YSjnIUv.exe
  2⤵
  PID:8488
- C:\Windows\System\NrMKHEZ.exe
  C:\Windows\System\NrMKHEZ.exe
  2⤵
  PID:8504
- C:\Windows\System\TORVEzS.exe
  C:\Windows\System\TORVEzS.exe
  2⤵
  PID:8524
- C:\Windows\System\kDrnhtC.exe
  C:\Windows\System\kDrnhtC.exe
  2⤵
  PID:8540
- C:\Windows\System\RTuSbhq.exe
  C:\Windows\System\RTuSbhq.exe
  2⤵
  PID:8584
- C:\Windows\System\JnBvBIQ.exe
  C:\Windows\System\JnBvBIQ.exe
  2⤵
  PID:8608
- C:\Windows\System\eoWtExl.exe
  C:\Windows\System\eoWtExl.exe
  2⤵
  PID:8628
- C:\Windows\System\VvdfYGl.exe
  C:\Windows\System\VvdfYGl.exe
  2⤵
  PID:8644
- C:\Windows\System\JHFXBNw.exe
  C:\Windows\System\JHFXBNw.exe
  2⤵
  PID:8664
- C:\Windows\System\FddKJrQ.exe
  C:\Windows\System\FddKJrQ.exe
  2⤵
  PID:8680
- C:\Windows\System\rRrKzPA.exe
  C:\Windows\System\rRrKzPA.exe
  2⤵
  PID:8696
- C:\Windows\System\WxUMdji.exe
  C:\Windows\System\WxUMdji.exe
  2⤵
  PID:8712
- C:\Windows\System\FZqelMz.exe
  C:\Windows\System\FZqelMz.exe
  2⤵
  PID:8736
- C:\Windows\System\qMbGKxK.exe
  C:\Windows\System\qMbGKxK.exe
  2⤵
  PID:8752
- C:\Windows\System\IBRdLcI.exe
  C:\Windows\System\IBRdLcI.exe
  2⤵
  PID:8796
- C:\Windows\System\FMYYhir.exe
  C:\Windows\System\FMYYhir.exe
  2⤵
  PID:8816
- C:\Windows\System\wdajhJO.exe
  C:\Windows\System\wdajhJO.exe
  2⤵
  PID:8840
- C:\Windows\System\bcsuaeS.exe
  C:\Windows\System\bcsuaeS.exe
  2⤵
  PID:8864
- C:\Windows\System\TvcIBFX.exe
  C:\Windows\System\TvcIBFX.exe
  2⤵
  PID:8888
- C:\Windows\System\mAQRyCE.exe
  C:\Windows\System\mAQRyCE.exe
  2⤵
  PID:8904
- C:\Windows\System\QZARwyU.exe
  C:\Windows\System\QZARwyU.exe
  2⤵
  PID:8920
- C:\Windows\System\OCczWoI.exe
  C:\Windows\System\OCczWoI.exe
  2⤵
  PID:8952
- C:\Windows\System\AiiiqDz.exe
  C:\Windows\System\AiiiqDz.exe
  2⤵
  PID:8968
- C:\Windows\System\fufnVFU.exe
  C:\Windows\System\fufnVFU.exe
  2⤵
  PID:8984
- C:\Windows\System\SGFEFmq.exe
  C:\Windows\System\SGFEFmq.exe
  2⤵
  PID:9000
- C:\Windows\System\xVmdCKS.exe
  C:\Windows\System\xVmdCKS.exe
  2⤵
  PID:9016
- C:\Windows\System\iWITfGX.exe
  C:\Windows\System\iWITfGX.exe
  2⤵
  PID:9032
- C:\Windows\System\QVypEEA.exe
  C:\Windows\System\QVypEEA.exe
  2⤵
  PID:9048
- C:\Windows\System\MeTlLLU.exe
  C:\Windows\System\MeTlLLU.exe
  2⤵
  PID:9064
- C:\Windows\System\eLAYQpl.exe
  C:\Windows\System\eLAYQpl.exe
  2⤵
  PID:9080
- C:\Windows\System\IbUKNiK.exe
  C:\Windows\System\IbUKNiK.exe
  2⤵
  PID:9096
- C:\Windows\System\zutZZPO.exe
  C:\Windows\System\zutZZPO.exe
  2⤵
  PID:9112
- C:\Windows\System\ZudsklT.exe
  C:\Windows\System\ZudsklT.exe
  2⤵
  PID:9128
- C:\Windows\System\ZxzwdYt.exe
  C:\Windows\System\ZxzwdYt.exe
  2⤵
  PID:9144
- C:\Windows\System\ihYmUsB.exe
  C:\Windows\System\ihYmUsB.exe
  2⤵
  PID:9160
- C:\Windows\System\kbtDCTp.exe
  C:\Windows\System\kbtDCTp.exe
  2⤵
  PID:9176
- C:\Windows\System\yjFxfkl.exe
  C:\Windows\System\yjFxfkl.exe
  2⤵
  PID:9192
- C:\Windows\System\bphbZPI.exe
  C:\Windows\System\bphbZPI.exe
  2⤵
  PID:9208
- C:\Windows\System\gtpcRQS.exe
  C:\Windows\System\gtpcRQS.exe
  2⤵
  PID:7940
- C:\Windows\System\pCLrzIy.exe
  C:\Windows\System\pCLrzIy.exe
  2⤵
  PID:8200
- C:\Windows\System\Zgteddy.exe
  C:\Windows\System\Zgteddy.exe
  2⤵
  PID:8236
- C:\Windows\System\vDdVrYl.exe
  C:\Windows\System\vDdVrYl.exe
  2⤵
  PID:7892
- C:\Windows\System\xfdAFZj.exe
  C:\Windows\System\xfdAFZj.exe
  2⤵
  PID:8348
- C:\Windows\System\rvAMqwi.exe
  C:\Windows\System\rvAMqwi.exe
  2⤵
  PID:8388
- C:\Windows\System\gahAvcR.exe
  C:\Windows\System\gahAvcR.exe
  2⤵
  PID:7656
- C:\Windows\System\BMHJeep.exe
  C:\Windows\System\BMHJeep.exe
  2⤵
  PID:8248
- C:\Windows\System\kDknyAM.exe
  C:\Windows\System\kDknyAM.exe
  2⤵
  PID:8480
- C:\Windows\System\LmNEbYx.exe
  C:\Windows\System\LmNEbYx.exe
  2⤵
  PID:7904
- C:\Windows\System\fGpKGQv.exe
  C:\Windows\System\fGpKGQv.exe
  2⤵
  PID:7964
- C:\Windows\System\jqnGHLX.exe
  C:\Windows\System\jqnGHLX.exe
  2⤵
  PID:8140
- C:\Windows\System\uNaJzyS.exe
  C:\Windows\System\uNaJzyS.exe
  2⤵
  PID:8172
- C:\Windows\System\EDigHPr.exe
  C:\Windows\System\EDigHPr.exe
  2⤵
  PID:7300
- C:\Windows\System\HdVFcta.exe
  C:\Windows\System\HdVFcta.exe
  2⤵
  PID:880
- C:\Windows\System\WUaODoN.exe
  C:\Windows\System\WUaODoN.exe
  2⤵
  PID:7616
- C:\Windows\System\gsjUWoX.exe
  C:\Windows\System\gsjUWoX.exe
  2⤵
  PID:7692
- C:\Windows\System\wApaKsm.exe
  C:\Windows\System\wApaKsm.exe
  2⤵
  PID:7184
- C:\Windows\System\QqaeFmp.exe
  C:\Windows\System\QqaeFmp.exe
  2⤵
  PID:6568
- C:\Windows\System\jrKvpHK.exe
  C:\Windows\System\jrKvpHK.exe
  2⤵
  PID:8040
- C:\Windows\System\SfsFmpv.exe
  C:\Windows\System\SfsFmpv.exe
  2⤵
  PID:8220
- C:\Windows\System\MsvMPEf.exe
  C:\Windows\System\MsvMPEf.exe
  2⤵
  PID:8288
- C:\Windows\System\JOacmst.exe
  C:\Windows\System\JOacmst.exe
  2⤵
  PID:8336
- C:\Windows\System\tyOmaZz.exe
  C:\Windows\System\tyOmaZz.exe
  2⤵
  PID:8416
- C:\Windows\System\dwyCznA.exe
  C:\Windows\System\dwyCznA.exe
  2⤵
  PID:8460
- C:\Windows\System\oFOwdTZ.exe
  C:\Windows\System\oFOwdTZ.exe
  2⤵
  PID:8512
- C:\Windows\System\BrkPdCk.exe
  C:\Windows\System\BrkPdCk.exe
  2⤵
  PID:8536
- C:\Windows\System\ywjqVjJ.exe
  C:\Windows\System\ywjqVjJ.exe
  2⤵
  PID:8552
- C:\Windows\System\PzZWJuU.exe
  C:\Windows\System\PzZWJuU.exe
  2⤵
  PID:8576
- C:\Windows\System\mILnGfY.exe
  C:\Windows\System\mILnGfY.exe
  2⤵
  PID:8640
- C:\Windows\System\LQbWOCp.exe
  C:\Windows\System\LQbWOCp.exe
  2⤵
  PID:7436
- C:\Windows\System\zHtPstv.exe
  C:\Windows\System\zHtPstv.exe
  2⤵
  PID:8652
- C:\Windows\System\SUNnRLg.exe
  C:\Windows\System\SUNnRLg.exe
  2⤵
  PID:8748
- C:\Windows\System\VUZfXEI.exe
  C:\Windows\System\VUZfXEI.exe
  2⤵
  PID:8768
- C:\Windows\System\IFBebss.exe
  C:\Windows\System\IFBebss.exe
  2⤵
  PID:8784
- C:\Windows\System\IihOTIq.exe
  C:\Windows\System\IihOTIq.exe
  2⤵
  PID:8824
- C:\Windows\System\aFvEmme.exe
  C:\Windows\System\aFvEmme.exe
  2⤵
  PID:8808
- C:\Windows\System\SPOHSvW.exe
  C:\Windows\System\SPOHSvW.exe
  2⤵
  PID:8856
- C:\Windows\System\gQPnqfh.exe
  C:\Windows\System\gQPnqfh.exe
  2⤵
  PID:8872
- C:\Windows\System\MVsaTCi.exe
  C:\Windows\System\MVsaTCi.exe
  2⤵
  PID:8884
- C:\Windows\System\bYVSVfR.exe
  C:\Windows\System\bYVSVfR.exe
  2⤵
  PID:7392
- C:\Windows\System\DClFkST.exe
  C:\Windows\System\DClFkST.exe
  2⤵
  PID:8936
- C:\Windows\System\sSbIVZD.exe
  C:\Windows\System\sSbIVZD.exe
  2⤵
  PID:7664
- C:\Windows\System\SzLQfxu.exe
  C:\Windows\System\SzLQfxu.exe
  2⤵
  PID:8964
- C:\Windows\System\xtJGmah.exe
  C:\Windows\System\xtJGmah.exe
  2⤵
  PID:8976
- C:\Windows\System\CwrhVRN.exe
  C:\Windows\System\CwrhVRN.exe
  2⤵
  PID:8992
- C:\Windows\System\nnjJMuF.exe
  C:\Windows\System\nnjJMuF.exe
  2⤵
  PID:9072
- C:\Windows\System\XXJgRcE.exe
  C:\Windows\System\XXJgRcE.exe
  2⤵
  PID:7212
- C:\Windows\System\sFfjTzh.exe
  C:\Windows\System\sFfjTzh.exe
  2⤵
  PID:9156
- C:\Windows\System\dcudaGf.exe
  C:\Windows\System\dcudaGf.exe
  2⤵
  PID:8396
- C:\Windows\System\brwSBTK.exe
  C:\Windows\System\brwSBTK.exe
  2⤵
  PID:7880
- C:\Windows\System\lNDIAft.exe
  C:\Windows\System\lNDIAft.exe
  2⤵
  PID:6880
- C:\Windows\System\kXeOmYe.exe
  C:\Windows\System\kXeOmYe.exe
  2⤵
  PID:7388
- C:\Windows\System\cRZrWca.exe
  C:\Windows\System\cRZrWca.exe
  2⤵
  PID:8076
- C:\Windows\System\HUtaddw.exe
  C:\Windows\System\HUtaddw.exe
  2⤵
  PID:8292
- C:\Windows\System\VPoLHyc.exe
  C:\Windows\System\VPoLHyc.exe
  2⤵
  PID:7688
- C:\Windows\System\cuIoUQu.exe
  C:\Windows\System\cuIoUQu.exe
  2⤵
  PID:8444
- C:\Windows\System\agUzmhh.exe
  C:\Windows\System\agUzmhh.exe
  2⤵
  PID:6864
- C:\Windows\System\VScPteD.exe
  C:\Windows\System\VScPteD.exe
  2⤵
  PID:7920
- C:\Windows\System\EQuWmZb.exe
  C:\Windows\System\EQuWmZb.exe
  2⤵
  PID:8216
- C:\Windows\System\JVeyGlu.exe
  C:\Windows\System\JVeyGlu.exe
  2⤵
  PID:8412
- C:\Windows\System\YwhsBBv.exe
  C:\Windows\System\YwhsBBv.exe
  2⤵
  PID:8496
- C:\Windows\System\BrVpbFg.exe
  C:\Windows\System\BrVpbFg.exe
  2⤵
  PID:8560
- C:\Windows\System\eAtryOX.exe
  C:\Windows\System\eAtryOX.exe
  2⤵
  PID:8548
- C:\Windows\System\fNdcREz.exe
  C:\Windows\System\fNdcREz.exe
  2⤵
  PID:8624
- C:\Windows\System\fYYRtAa.exe
  C:\Windows\System\fYYRtAa.exe
  2⤵
  PID:8656
- C:\Windows\System\GdlJEVP.exe
  C:\Windows\System\GdlJEVP.exe
  2⤵
  PID:8660
- C:\Windows\System\EmoAncP.exe
  C:\Windows\System\EmoAncP.exe
  2⤵
  PID:8780
- C:\Windows\System\JHxDCxZ.exe
  C:\Windows\System\JHxDCxZ.exe
  2⤵
  PID:6996
- C:\Windows\System\CurmDvh.exe
  C:\Windows\System\CurmDvh.exe
  2⤵
  PID:8944
- C:\Windows\System\NmWzHqt.exe
  C:\Windows\System\NmWzHqt.exe
  2⤵
  PID:7336
- C:\Windows\System\XYSUgik.exe
  C:\Windows\System\XYSUgik.exe
  2⤵
  PID:8848
- C:\Windows\System\jRMUkHd.exe
  C:\Windows\System\jRMUkHd.exe
  2⤵
  PID:8916
- C:\Windows\System\GXNMIwV.exe
  C:\Windows\System\GXNMIwV.exe
  2⤵
  PID:8948
- C:\Windows\System\uxwxWHn.exe
  C:\Windows\System\uxwxWHn.exe
  2⤵
  PID:9060
- C:\Windows\System\VOGJyNp.exe
  C:\Windows\System\VOGJyNp.exe
  2⤵
  PID:9152
- C:\Windows\System\nhhRZye.exe
  C:\Windows\System\nhhRZye.exe
  2⤵
  PID:9028
- C:\Windows\System\GLFQUAp.exe
  C:\Windows\System\GLFQUAp.exe
  2⤵
  PID:7868
- C:\Windows\System\beXtBNv.exe
  C:\Windows\System\beXtBNv.exe
  2⤵
  PID:6952
- C:\Windows\System\ZgGIYqS.exe
  C:\Windows\System\ZgGIYqS.exe
  2⤵
  PID:6372
- C:\Windows\System\qIxLXiC.exe
  C:\Windows\System\qIxLXiC.exe
  2⤵
  PID:6860
- C:\Windows\System\EQexPjz.exe
  C:\Windows\System\EQexPjz.exe
  2⤵
  PID:8592
- C:\Windows\System\SjBIPYy.exe
  C:\Windows\System\SjBIPYy.exe
  2⤵
  PID:8572
- C:\Windows\System\imRpspR.exe
  C:\Windows\System\imRpspR.exe
  2⤵
  PID:7792
- C:\Windows\System\KhFBrwr.exe
  C:\Windows\System\KhFBrwr.exe
  2⤵
  PID:8252
- C:\Windows\System\jCAcRUU.exe
  C:\Windows\System\jCAcRUU.exe
  2⤵
  PID:8604
- C:\Windows\System\DaJrEnb.exe
  C:\Windows\System\DaJrEnb.exe
  2⤵
  PID:6428
- C:\Windows\System\jfbftNs.exe
  C:\Windows\System\jfbftNs.exe
  2⤵
  PID:9040
- C:\Windows\System\lScfAVI.exe
  C:\Windows\System\lScfAVI.exe
  2⤵
  PID:8704
- C:\Windows\System\MKMZPhw.exe
  C:\Windows\System\MKMZPhw.exe
  2⤵
  PID:9120
- C:\Windows\System\cpgoKZf.exe
  C:\Windows\System\cpgoKZf.exe
  2⤵
  PID:8776
- C:\Windows\System\oAwCpnU.exe
  C:\Windows\System\oAwCpnU.exe
  2⤵
  PID:7676
- C:\Windows\System\AteFACL.exe
  C:\Windows\System\AteFACL.exe
  2⤵
  PID:8880
- C:\Windows\System\UlfpUaP.exe
  C:\Windows\System\UlfpUaP.exe
  2⤵
  PID:9172
- C:\Windows\System\lsOtGzX.exe
  C:\Windows\System\lsOtGzX.exe
  2⤵
  PID:8088
- C:\Windows\System\bqBgjlH.exe
  C:\Windows\System\bqBgjlH.exe
  2⤵
  PID:6908
- C:\Windows\System\mxiXENn.exe
  C:\Windows\System\mxiXENn.exe
  2⤵
  PID:9124
- C:\Windows\System\hDDaoRO.exe
  C:\Windows\System\hDDaoRO.exe
  2⤵
  PID:8440
- C:\Windows\System\WGBdxln.exe
  C:\Windows\System\WGBdxln.exe
  2⤵
  PID:8708
- C:\Windows\System\VhzhBkP.exe
  C:\Windows\System\VhzhBkP.exe
  2⤵
  PID:9024
- C:\Windows\System\zSTDyHp.exe
  C:\Windows\System\zSTDyHp.exe
  2⤵
  PID:9056
- C:\Windows\System\kRzUvMD.exe
  C:\Windows\System\kRzUvMD.exe
  2⤵
  PID:8476
- C:\Windows\System\fRdUmzr.exe
  C:\Windows\System\fRdUmzr.exe
  2⤵
  PID:1548
- C:\Windows\System\xbRMtpA.exe
  C:\Windows\System\xbRMtpA.exe
  2⤵
  PID:8620
- C:\Windows\System\ftQmNKS.exe
  C:\Windows\System\ftQmNKS.exe
  2⤵
  PID:8500
- C:\Windows\System\SekVqJT.exe
  C:\Windows\System\SekVqJT.exe
  2⤵
  PID:9140
- C:\Windows\System\dIPRiLH.exe
  C:\Windows\System\dIPRiLH.exe
  2⤵
  PID:8744
- C:\Windows\System\yAmxytZ.exe
  C:\Windows\System\yAmxytZ.exe
  2⤵
  PID:8828
- C:\Windows\System\ZLtZDxd.exe
  C:\Windows\System\ZLtZDxd.exe
  2⤵
  PID:9240
- C:\Windows\System\NQxKkjg.exe
  C:\Windows\System\NQxKkjg.exe
  2⤵
  PID:9256
- C:\Windows\System\PjxxHyi.exe
  C:\Windows\System\PjxxHyi.exe
  2⤵
  PID:9272
- C:\Windows\System\vnqrMTW.exe
  C:\Windows\System\vnqrMTW.exe
  2⤵
  PID:9288
- C:\Windows\System\xKxcTPK.exe
  C:\Windows\System\xKxcTPK.exe
  2⤵
  PID:9304
- C:\Windows\System\MggaJky.exe
  C:\Windows\System\MggaJky.exe
  2⤵
  PID:9320
- C:\Windows\System\iMntllw.exe
  C:\Windows\System\iMntllw.exe
  2⤵
  PID:9336
- C:\Windows\System\UiZGVYf.exe
  C:\Windows\System\UiZGVYf.exe
  2⤵
  PID:9352
- C:\Windows\System\QcfjiMr.exe
  C:\Windows\System\QcfjiMr.exe
  2⤵
  PID:9368
- C:\Windows\System\vYUqQie.exe
  C:\Windows\System\vYUqQie.exe
  2⤵
  PID:9384
- C:\Windows\System\KZxnqnw.exe
  C:\Windows\System\KZxnqnw.exe
  2⤵
  PID:9400
- C:\Windows\System\vLSDuJI.exe
  C:\Windows\System\vLSDuJI.exe
  2⤵
  PID:9416
- C:\Windows\System\NoQZSWi.exe
  C:\Windows\System\NoQZSWi.exe
  2⤵
  PID:9432
- C:\Windows\System\eoxkBwY.exe
  C:\Windows\System\eoxkBwY.exe
  2⤵
  PID:9448
- C:\Windows\System\DZaLHEo.exe
  C:\Windows\System\DZaLHEo.exe
  2⤵
  PID:9464
- C:\Windows\System\YovPdnp.exe
  C:\Windows\System\YovPdnp.exe
  2⤵
  PID:9480
- C:\Windows\System\WYwLYRo.exe
  C:\Windows\System\WYwLYRo.exe
  2⤵
  PID:9496
- C:\Windows\System\GVYSpWj.exe
  C:\Windows\System\GVYSpWj.exe
  2⤵
  PID:9512
- C:\Windows\System\oObjlue.exe
  C:\Windows\System\oObjlue.exe
  2⤵
  PID:9588
- C:\Windows\System\PYcJHKo.exe
  C:\Windows\System\PYcJHKo.exe
  2⤵
  PID:9604
- C:\Windows\System\VkfSTgA.exe
  C:\Windows\System\VkfSTgA.exe
  2⤵
  PID:9620
- C:\Windows\System\iAiSmDv.exe
  C:\Windows\System\iAiSmDv.exe
  2⤵
  PID:9636
- C:\Windows\System\ZPRqlbr.exe
  C:\Windows\System\ZPRqlbr.exe
  2⤵
  PID:9652
- C:\Windows\System\BsVDWAk.exe
  C:\Windows\System\BsVDWAk.exe
  2⤵
  PID:9668
- C:\Windows\System\zwlbYPR.exe
  C:\Windows\System\zwlbYPR.exe
  2⤵
  PID:9684
- C:\Windows\System\guTVwDh.exe
  C:\Windows\System\guTVwDh.exe
  2⤵
  PID:9700
- C:\Windows\System\XsytSsI.exe
  C:\Windows\System\XsytSsI.exe
  2⤵
  PID:9792
- C:\Windows\System\TwNMazV.exe
  C:\Windows\System\TwNMazV.exe
  2⤵
  PID:9872
- C:\Windows\System\vtJIOGR.exe
  C:\Windows\System\vtJIOGR.exe
  2⤵
  PID:9900
- C:\Windows\System\lWeAPbZ.exe
  C:\Windows\System\lWeAPbZ.exe
  2⤵
  PID:9916
- C:\Windows\System\DdGlTsV.exe
  C:\Windows\System\DdGlTsV.exe
  2⤵
  PID:9936
- C:\Windows\System\Lgjopij.exe
  C:\Windows\System\Lgjopij.exe
  2⤵
  PID:9952
- C:\Windows\System\LpvmakJ.exe
  C:\Windows\System\LpvmakJ.exe
  2⤵
  PID:9968
- C:\Windows\System\eXTKaqx.exe
  C:\Windows\System\eXTKaqx.exe
  2⤵
  PID:9984
- C:\Windows\System\jRDtJpc.exe
  C:\Windows\System\jRDtJpc.exe
  2⤵
  PID:10000
- C:\Windows\System\KJbvBqI.exe
  C:\Windows\System\KJbvBqI.exe
  2⤵
  PID:10016
- C:\Windows\System\NKwtGYM.exe
  C:\Windows\System\NKwtGYM.exe
  2⤵
  PID:10036
- C:\Windows\System\NREkivX.exe
  C:\Windows\System\NREkivX.exe
  2⤵
  PID:10052
- C:\Windows\System\DkfshnE.exe
  C:\Windows\System\DkfshnE.exe
  2⤵
  PID:10068
- C:\Windows\System\Sauqruv.exe
  C:\Windows\System\Sauqruv.exe
  2⤵
  PID:10104
- C:\Windows\System\EOuOJdZ.exe
  C:\Windows\System\EOuOJdZ.exe
  2⤵
  PID:10128
- C:\Windows\System\GcRhvla.exe
  C:\Windows\System\GcRhvla.exe
  2⤵
  PID:10204
- C:\Windows\System\NPyBLTB.exe
  C:\Windows\System\NPyBLTB.exe
  2⤵
  PID:9248
- C:\Windows\System\sRgCkrn.exe
  C:\Windows\System\sRgCkrn.exe
  2⤵
  PID:9312
- C:\Windows\System\iboMrXj.exe
  C:\Windows\System\iboMrXj.exe
  2⤵
  PID:9428
- C:\Windows\System\QOcaAsm.exe
  C:\Windows\System\QOcaAsm.exe
  2⤵
  PID:9348
- C:\Windows\System\OTdHIrP.exe
  C:\Windows\System\OTdHIrP.exe
  2⤵
  PID:9580
- C:\Windows\System\qBOQcWE.exe
  C:\Windows\System\qBOQcWE.exe
  2⤵
  PID:9708
- C:\Windows\System\VHCcPBU.exe
  C:\Windows\System\VHCcPBU.exe
  2⤵
  PID:2120
- C:\Windows\System\TSGTOIM.exe
  C:\Windows\System\TSGTOIM.exe
  2⤵
  PID:9736
- C:\Windows\System\IFvbeot.exe
  C:\Windows\System\IFvbeot.exe
  2⤵
  PID:9776
- C:\Windows\System\qGkSmKd.exe
  C:\Windows\System\qGkSmKd.exe
  2⤵
  PID:9744
- C:\Windows\System\chlPywi.exe
  C:\Windows\System\chlPywi.exe
  2⤵
  PID:9816
- C:\Windows\System\GoWYTqE.exe
  C:\Windows\System\GoWYTqE.exe
  2⤵
  PID:9836
- C:\Windows\System\KEkewcr.exe
  C:\Windows\System\KEkewcr.exe
  2⤵
  PID:9860
- C:\Windows\System\CiGTVUN.exe
  C:\Windows\System\CiGTVUN.exe
  2⤵
  PID:9880
- C:\Windows\System\qyTDudi.exe
  C:\Windows\System\qyTDudi.exe
  2⤵
  PID:9932
- C:\Windows\System\tXgJQIq.exe
  C:\Windows\System\tXgJQIq.exe
  2⤵
  PID:9976
- C:\Windows\System\roJHMjh.exe
  C:\Windows\System\roJHMjh.exe
  2⤵
  PID:9980
- C:\Windows\System\sRyWHqT.exe
  C:\Windows\System\sRyWHqT.exe
  2⤵
  PID:10012
- C:\Windows\System\nIUuwxG.exe
  C:\Windows\System\nIUuwxG.exe
  2⤵
  PID:10048
- C:\Windows\System\ygsdaNS.exe
  C:\Windows\System\ygsdaNS.exe
  2⤵
  PID:10084
- C:\Windows\System\aWIgfXM.exe
  C:\Windows\System\aWIgfXM.exe
  2⤵
  PID:10096
- C:\Windows\System\jrMmjVV.exe
  C:\Windows\System\jrMmjVV.exe
  2⤵
  PID:10136
- C:\Windows\System\sUNkZnH.exe
  C:\Windows\System\sUNkZnH.exe
  2⤵
  PID:10156
- C:\Windows\System\TcDERCg.exe
  C:\Windows\System\TcDERCg.exe
  2⤵
  PID:10172
- C:\Windows\System\zWwMUmT.exe
  C:\Windows\System\zWwMUmT.exe
  2⤵
  PID:10188
- C:\Windows\System\qseGcsR.exe
  C:\Windows\System\qseGcsR.exe
  2⤵
  PID:10212
- C:\Windows\System\TCFEmkS.exe
  C:\Windows\System\TCFEmkS.exe
  2⤵
  PID:10232
- C:\Windows\System\zraCANM.exe
  C:\Windows\System\zraCANM.exe
  2⤵
  PID:8272
- C:\Windows\System\khJNmiX.exe
  C:\Windows\System\khJNmiX.exe
  2⤵
  PID:9104
- C:\Windows\System\hGRrxCl.exe
  C:\Windows\System\hGRrxCl.exe
  2⤵
  PID:9344
- C:\Windows\System\AiPYCmB.exe
  C:\Windows\System\AiPYCmB.exe
  2⤵
  PID:9360
- C:\Windows\System\sAbCvnv.exe
  C:\Windows\System\sAbCvnv.exe
  2⤵
  PID:9364
- C:\Windows\System\uEPqJZX.exe
  C:\Windows\System\uEPqJZX.exe
  2⤵
  PID:9380
- C:\Windows\System\rjpcFPO.exe
  C:\Windows\System\rjpcFPO.exe
  2⤵
  PID:9612
- C:\Windows\System\eQDhDwt.exe
  C:\Windows\System\eQDhDwt.exe
  2⤵
  PID:9628
- C:\Windows\System\rfogTyX.exe
  C:\Windows\System\rfogTyX.exe
  2⤵
  PID:9660
- C:\Windows\System\dJMoRFk.exe
  C:\Windows\System\dJMoRFk.exe
  2⤵
  PID:9408
- C:\Windows\System\RXOzoVW.exe
  C:\Windows\System\RXOzoVW.exe
  2⤵
  PID:9556
- C:\Windows\System\iwSBTzM.exe
  C:\Windows\System\iwSBTzM.exe
  2⤵
  PID:9696
- C:\Windows\System\XSTNWZV.exe
  C:\Windows\System\XSTNWZV.exe
  2⤵
  PID:9752
- C:\Windows\System\XPadaXf.exe
  C:\Windows\System\XPadaXf.exe
  2⤵
  PID:9720
- C:\Windows\System\QEUslJT.exe
  C:\Windows\System\QEUslJT.exe
  2⤵
  PID:9772
- C:\Windows\System\lZbjAIA.exe
  C:\Windows\System\lZbjAIA.exe
  2⤵
  PID:9768
- C:\Windows\System\qqKJdaD.exe
  C:\Windows\System\qqKJdaD.exe
  2⤵
  PID:9812
- C:\Windows\System\vNofiAX.exe
  C:\Windows\System\vNofiAX.exe
  2⤵
  PID:9832
- C:\Windows\System\WUHRjBh.exe
  C:\Windows\System\WUHRjBh.exe
  2⤵
  PID:9884
- C:\Windows\System\MwQoznH.exe
  C:\Windows\System\MwQoznH.exe
  2⤵
  PID:8360
- C:\Windows\System\QGdVGSW.exe
  C:\Windows\System\QGdVGSW.exe
  2⤵
  PID:9948
- C:\Windows\System\hgiiwaY.exe
  C:\Windows\System\hgiiwaY.exe
  2⤵
  PID:9996
- C:\Windows\System\KMcOhAT.exe
  C:\Windows\System\KMcOhAT.exe
  2⤵
  PID:9232
- C:\Windows\System\rbEzGVl.exe
  C:\Windows\System\rbEzGVl.exe
  2⤵
  PID:9300
- C:\Windows\System\hTRHQzc.exe
  C:\Windows\System\hTRHQzc.exe
  2⤵
  PID:10168
- C:\Windows\System\HFUqMsd.exe
  C:\Windows\System\HFUqMsd.exe
  2⤵
  PID:9236
- C:\Windows\System\ysleeww.exe
  C:\Windows\System\ysleeww.exe
  2⤵
  PID:9540
- C:\Windows\System\SllMRxt.exe
  C:\Windows\System\SllMRxt.exe
  2⤵
  PID:9568
- C:\Windows\System\EnBgZWi.exe
  C:\Windows\System\EnBgZWi.exe
  2⤵
  PID:9552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACWWfGv.exe

Filesize
6.0MB

MD5
bfd4fefafe0f23b5f67bf00d66271599

SHA1
5cbda0a343c7b8a8d6c5f888f3ca6ae3f242906f

SHA256
f33e6d5102703c995829cdcac59ebb8ff327e661aed0d4a3880446296676da70

SHA512
b0937a9bfd6b01f42a6166439c14cd1e78d44f14ddea2fd6c15cb42e5c08a152e8282fd7ef8d9c1899b5dea5b20327f12373c164ead3fb846cbdd7bf96966e4b

Download Submit
C:\Windows\system\CUkHoYK.exe

Filesize
6.1MB

MD5
70f693f0d8fcaf30e7d71bbbf250b0f1

SHA1
a3c776fff52bad82a39a5b7f3b94117a216789b3

SHA256
c3bfefc7bb1821c5fce5891b5880966d0c5660344001584ddcb1da287bea3e07

SHA512
3da7bcb5e79bcfb86bae795035d5d6b05ebe2bf25043b568151f53e254ac048e8f4e8463e851ab7f4def68eefbd14a4cf2ee919b2ee45276c1e66735bf5c297d

Download Submit
C:\Windows\system\HGIfMai.exe

Filesize
6.1MB

MD5
46e523e5a8de700c91c1f045ef1b28e0

SHA1
d995954546f691f0049ad436cc0eb14c7a583e8a

SHA256
1fc307cf102a3230a86143bc99146410bfcac1aac01c82f834ea65d1adb66a34

SHA512
4ee1ba46dcfdfe07b394ed83acf9e863a0e5960552c32499f907792bd6a97d48c50267af4261fe8e6abcf0daacdd8ef521f3968d446b59eba1834ebeb339e660

Download Submit
C:\Windows\system\LkHvWNV.exe

Filesize
6.1MB

MD5
e3af22761505909af4e8ac5f31393a44

SHA1
3b7633557de6e2e7522108830d37e6d7e3e2ec4c

SHA256
13b5026bbfe49b85af66c1456dcaf63d3991ea51f0be012f8b2fc0fc4e9ebf40

SHA512
3b109d59f19f9449d39a63f44b75618360fc17fd809b7a78ef822bc7d62828bf4a4632d7095a58677c1bb7088e489e2e83c1f05925c6f99675d3023c5952f4f4

Download Submit
C:\Windows\system\OVxtjve.exe

Filesize
6.1MB

MD5
5f88e5c465a4d67db8fb43b8dcb1452f

SHA1
008ee86f7656019f613de0be73ed2c242ec211f3

SHA256
80a76e1c7a632b9578a098447bdd483d1e94eaaa4a8b30d229bd9c764ba06d61

SHA512
a5a817b1e707277786eea0d30edc19b99c8413dba78edac10d138d6af3960be414bedcccf6c71d1dffd9dbf7682daef88a9e64d306ad8908027b42b7b47b9fed

Download Submit
C:\Windows\system\SVZlnWY.exe

Filesize
6.1MB

MD5
85e3a76f628d71e2d11c4b6e5b1efb24

SHA1
f79f7e1a2f28dba63d63d115f55d170cd58e9597

SHA256
88519b02241cf4d09082812f5046306a1f091efb9447380112bd4360f226562c

SHA512
0d4acc07536a931c378819e377cb9949ba53891555ea0337347158ffc32a9e8fb4a7c0594d3ac30467af661ef6050a4624028bd440a63b56d77fc2d17de98b71

Download Submit
C:\Windows\system\TeebQka.exe

Filesize
6.1MB

MD5
ec2ce53c00d2d70ff5ba6026c807c57c

SHA1
1e25dab7a49ed06ef3daf826c11880940ce87def

SHA256
67dd467b380019e4cd8f96d4d4e63e382a321317de07554bff0b3f0a3f024259

SHA512
7624be5ed78e361c478b1d12c6f3b1d7fe8f10ef71aa20f9fac7c537ff3375594e77e6897faa3837c50b94dda08ff31a496f35bd70bdd7a0329584a993dad5b2

Download Submit
C:\Windows\system\WsuaRLT.exe

Filesize
6.1MB

MD5
c8bdae9fe2d2ddb54b43f5b97c3280d5

SHA1
2e64f801bcf03dddced34de4d34bbb632bddb4e9

SHA256
50e3e0df4e2610c186a20707c06694e5bdf17fb58545b9ce86867d2bd60a2747

SHA512
3597fd510ec9e8d6c7ab82b682caae8d5889bcdfc1751f3473d5afa38d8318e3ac7219932fd38ad50c12404c14c1baaa1732abb22703880ff2b6ce1492bd1b84

Download Submit
C:\Windows\system\YsaNZaw.exe

Filesize
6.1MB

MD5
576ca872ef8ded5007ec2dc8e16bb767

SHA1
f780539863292447f9cc6f2a7b4ba262d1309e9f

SHA256
446d15940d8811c81ff0a655b291012c43862f0d4af5cdceadc8e7887389e7a8

SHA512
8fb72f2d36fe3bad12c40f7ce1d71e024cc6138d9870cb179ddc9e9570858a14afdee78e4ada86e5c866753a4a7ea9a9bd563b8c0d491079ea383394ca02067d

Download Submit
C:\Windows\system\ZiOrjkJ.exe

Filesize
6.1MB

MD5
e2cec1b219a6a7e41580f767a6ce90f1

SHA1
58f8e960d67c79ced11edab54df29e703007f337

SHA256
9dd84948eff555c816906aa598eb90a786ac9f2b0a2eb50c3fc1177d8adf6526

SHA512
3f561a3a83f049b7e47e8a9cfce3a9faa171b267378a593f2a4e13cbd7bff5c65b660f4350b0ba18d5d5e093dd41eddbc72160e230baa2d892165e9c1363c2d2

Download Submit
C:\Windows\system\ZwDJiNh.exe

Filesize
6.1MB

MD5
a4d23953b51e9d776cfa03ecc7265c93

SHA1
a7fab56226daa9f308b7cb4518b7dacb619175c7

SHA256
bd587c644d28ea23f950328bca9bdf35d6856641fc4a5318bd13bed9cf565940

SHA512
2323fe7ee254cf37fe0147c86ab4230f7756e52f46668f2668eb9e50272b30418fd5b88b541abe05d28b5e068c6d43675109f62a9ec41eda29352a89a5a3aee0

Download Submit
C:\Windows\system\aNlfUzN.exe

Filesize
6.1MB

MD5
231266278136c8b1f2ccee221c630433

SHA1
19a2d7fb22617b38ca542b7b3f6b2f3749e6a429

SHA256
a9604a8253af09ad76235484d35efa726d961811ce86107fb3d4521b56ce8614

SHA512
4ba79665ba97aabcc059953656e2926c58699ab726a0e956477993cd96cf2b8b44af3a4fec8d7ea6b5109f5e18115b54a060ba693b2b1ac9c8ea2324d5ac4f1b

Download Submit
C:\Windows\system\aryoyAs.exe

Filesize
6.1MB

MD5
da36c4a03528f47b351742186aa77044

SHA1
ebd06c9a6e438c22dd929998559e38719ebbd534

SHA256
2c4288fd2a37b1cf02136cd8df4e845001a9666e35bd0c7cee7ba5d7eda6b591

SHA512
58191f9c324cc16d1199410583d458890e00736cf0ce9155b19fb3d694ba205d9c877143e8a442832951b52042ceafc75143c45a64fcc287339ce0d4d7f86a1b

Download Submit
C:\Windows\system\dgxxfWI.exe

Filesize
6.1MB

MD5
88d891ad9a046591db38de77b0b22726

SHA1
4e203aaf58546b58e8d0c2afcb1aaf4ce7c56662

SHA256
7d9f5287c2cf5bd6296bb3d55ced969734af62922552dc6baf2995f7ce9040c8

SHA512
55625fbe25c2af5389265647ec531f72f8ed09c45d1d97a9322911f327a7813917c8b0b7caddb20a1f38821ba41998be1af1928632860f72d130c1a3e806f105

Download Submit
C:\Windows\system\fGyQgdx.exe

Filesize
6.1MB

MD5
789821d0cedcec02faa0f9c2b4e8daab

SHA1
b023d0dc171fa769dd02865724fc1a76397a1643

SHA256
dc736e61bf88db238ba17e5a12dc0fe59516a82d534f97b6a4ae17a9b99bc367

SHA512
5cc8a3184946db2a3444ac2f6a8434cf6f65fdc49a011aa376aadfd2dd033c0a90e4a587b7c60961b9a296d25849aff69657861be56c00225f37536c91589917

Download Submit
C:\Windows\system\fJdMwlP.exe

Filesize
6.1MB

MD5
495c0c5ef325484fbec5a2ebb96a8a9a

SHA1
c4872629bf358766e65ffceb45bf7a1d1ff2b877

SHA256
ee553038104e53067f7beb32457305d5a1221d554883e82bff60772dd4183f77

SHA512
520d46fa1e1d2575047d2935b4cca562c1277715695c9df528650a0479f4c8fb95dac90f31424482c87f692f705ff0cea5e2587be33f26d492053b916fa56342

Download Submit
C:\Windows\system\guCDVsb.exe

Filesize
6.1MB

MD5
bef778ba8c9d06e31c6f485823367ce1

SHA1
a396c2e143961a5ea4ad7e9e0d12f180cfdb5a26

SHA256
025f7ddbb39f77a781d7e3249a462bfd25d10e45e07efbca97e706abe3697e1e

SHA512
6920a1447a044ce207c085760dda316c4292f3ee16cbea8e076319f014eec465afb33f9b7241351bdddbe90b7fd17d4091e725c16e41a7151b0d1b28c5793285

Download Submit
C:\Windows\system\hxQVVBR.exe

Filesize
6.1MB

MD5
5f4bfa6c2ad90559d2b41a64f7f53569

SHA1
9b1ea2ac42748e46852fa4c90aadf7ce0c07cc04

SHA256
ee09ac6761b75c501b562a675251481403ec50b378c6d33701f5730df01915ab

SHA512
900156d7171938e6bffa11742cf6f4ad1a689ebb3f0c61dab470f98d967028792e60aab01025f14240aa11768c2d28654450fa86365fe5870f74dd4fc0d669e4

Download Submit
C:\Windows\system\iIbfkkk.exe

Filesize
6.0MB

MD5
73674d5fd1bc3310558ede1fad550ea3

SHA1
9508dde5e1dc19482b8ff3dd2c2cf5b0c3fe4dda

SHA256
e0d881e207be1e39121cbc5573786cc25138f8708073bf0232f5d103ff4b94ee

SHA512
8eceeac0a723e5e306c945a0f252a99cc0fac74193c5269de7c07c8ed04a2c0da1c36fbdd3706639cb2e8d9abd06901f67afc3141b3cb6a34fa8110a63848750

Download Submit
C:\Windows\system\jQmmbqf.exe

Filesize
6.1MB

MD5
365bea20937bacfe177776435a3febd6

SHA1
c5e582107ae0dd391f7217d98f34a0b225de88af

SHA256
d7502f97564096806f3d99db4a351b6a2aa4632b19427ed318165acc7d99dccc

SHA512
40b5594b8395f46c093df7583712152ebcc0c303e1ff88f3f39ef65b18f207f2fd6474fb94431920b2766c0ca75b36eb04929ebb3a477e6854976efee0464c7c

Download Submit
C:\Windows\system\tIKxiTG.exe

Filesize
6.1MB

MD5
2c8ca85e49337e3cdb4b4ee621296d9e

SHA1
6728705c8c150a8975019f9f1cc57c93940b5609

SHA256
38391083db2279150e3a1c0cb71e3fafedd25092b95387cb9c217ac7cc1517b9

SHA512
a26479e05ab753b61e52c5b1836055df5aa9661ab34a8dac451128dd018dea72b1a10c1cca5267105174bbfde41394c729f5706c717e5a6e160b438a70ae8636

Download Submit
C:\Windows\system\vTAUmVS.exe

Filesize
6.1MB

MD5
da4fba5172950bb57fd83168574df9c3

SHA1
cc83014706c7263e8b39bab00383275369d7ac57

SHA256
7bb3b00b0ce65249d06d173575334b91b2cdb2795ceea48b555ae040163d6a61

SHA512
fc671f8919861fad9999b39a4803feb4f841b4d7fa8c768509f023afdebbeae7f7d5970aa4cbf5a598e57456d599cf98490072e30a7e403fa6e6a327f6a2b79c

Download Submit
C:\Windows\system\vgUkZtd.exe

Filesize
6.0MB

MD5
438b2462449104d98367924c3718f9ae

SHA1
84181ca90c1ce635bfbc9a5d77f37a719eb3b6f2

SHA256
6f8e87f113e2cd4d8e74924428b22deb68546319771817487ef0258c638d0278

SHA512
388db3a2479d82b32b90185a03a12722243468af182a91ff8016e7f613d81a8a2e3c8a6c843b5a1847c35d680fd99862e929046bf1589d7d9c9386ea2f29b9b1

Download Submit
C:\Windows\system\xSojcNa.exe

Filesize
6.1MB

MD5
8137b0ada357f234ba0ea95b16a3b543

SHA1
c2c5564f4f3b01e890244428bb97c8619c658dea

SHA256
0d0d859c4ed1aaa77255a97af2b52a888408979cd526110372e17f47133b83b5

SHA512
9eee87be3df2ee8c5d69b3ca84e2040dc915efdb22286d4a84c946f7d1e2be79408a12c33e61c4d92a9d009883fa11d132af3190cb6d6ef9b26da28c1070375c

Download Submit
\Windows\system\IKsDglb.exe

Filesize
6.0MB

MD5
8a5f857ae8b4ef60c5938be67e1f05c3

SHA1
0dffbaed41a4e236a993c98a7e7ff1102adad04a

SHA256
794c30dcc7cbd82ff61646087a2d86f90c2d76fde2ca1cc78c903ad65e4d6088

SHA512
7879738e390a724c5ed2d46accfc79a4f29cced7b5f7f030124eefec7e652a874b3559f3fdf12ca1071d32f1bc6a38dd52dab4902c8cf0725a532ae9e5409f1a

Download Submit
\Windows\system\QRvhsNg.exe

Filesize
6.1MB

MD5
5e0fed2afe8a65a4ef6d1ca2ad7da415

SHA1
225fdac172b28d043b46aad85385c80caf0c6d94

SHA256
538a0a2cdc7973db26fb5f9de84ee2fc3f1d4233ebf4d46f2d8d96b75813eadd

SHA512
b9151cb01abd992b8ab774b0db7eb299bcddd60cf899309f55581bbae1cc4d14b346a28450a0826206af4482966744a2087463880b8674a3033ff383d0feaf6e

Download Submit
\Windows\system\SuMPYgk.exe

Filesize
6.0MB

MD5
dc13ef05f867f3d5bd5c048e60bf8463

SHA1
de2194d8b0a6a63c75cbf4efdf8aab885a97355b

SHA256
486ed152ac0cfe827cae68b20e3813f309220713afae5b0076afb513b5977cb7

SHA512
85da539a5ad02ad21bca10fe64ac319677d58f85dfc96586d8d60f16cba734e7068eae033c6ec3fe09382f04d13e4550bfcd7b09f90b516bc14300a9b6211f93

Download Submit
\Windows\system\ZcZIkcw.exe

Filesize
6.1MB

MD5
77d3719e43ec2c1784c418c030b7183f

SHA1
99704924df299c0455aa86b0f8b2ba2349a23af3

SHA256
de31c051b3e0669917ff58157217763b48062a5de53b430a5d72a6ecbeacb2a6

SHA512
bcc21c0ae62444a6226d4015926ebc28cbf7bf1052149e972e30c7c5393064831fac3ba10519e94dd0e553843eb70d7afa5f5a62f982c7f0e1651feea9042592

Download Submit
\Windows\system\bMzOUkk.exe

Filesize
6.1MB

MD5
2fe5f090a223054834d93faeac33df70

SHA1
0f480579b0e6bfce754c9aeaa7814bbe3ecc1e46

SHA256
af6ef6f9ffbb1283b47f9f537c55b0551a9b74d12b529fdb9c2ed5571a97017f

SHA512
9547392034fcdd002665ac27aa8667e41b94df1db98407b93f8bcea32ea3d0a30ec8b35213bd4b9ce8dfd9a4083eceeb0b208c12301c599b016e75c623f95fe6

Download Submit
\Windows\system\bclilrr.exe

Filesize
6.1MB

MD5
e6c601395e0844a956503206286f7517

SHA1
4bb33e285779e97fc1544f194a45b448469a2555

SHA256
7dd1dff19d9cc3d1c9aa0a69b948c5f0348dbb3ba17fb1366cb3948db97ebb15

SHA512
833efcb8e0b4a60134d4a2eb3526f20bcad23e65386c183f21d91e1250af0b2f7895aa98b9ed64d677c827532603105a83c359b1873e99fee2115d7d9afe36e5

Download Submit
\Windows\system\bsrmXfl.exe

Filesize
6.1MB

MD5
0ae68924be4aec542825dbb379ced3f3

SHA1
b487322a4406b7b12fb3244ae83ac4dd5fd073e5

SHA256
f2bdb9ad6c0bf629529ee8bc3964cd30654089e4ed2af12176130952e82aa598

SHA512
a1288ef189368f6854431b9f5bc3c55bf15f10cfe4dc436efb96b04511996f90f3ceceef92a098c17d1d0be75446cc1296883a5eacc4b4d625ed83368ddcaab7

Download Submit
\Windows\system\opraTEg.exe

Filesize
6.0MB

MD5
7c63316f0421ce81266a852632616492

SHA1
92b886610af61d245eedbed0f6c27f68cbfa4b54

SHA256
47550839f3b3e40bb02d6ba6f878c25c82cc1d0291c0868d7f2768f2305b80a7

SHA512
f2550111e2006b08565ae6864267105620fd02c21b4f2b54798257d98f9c1fdd638b6fcab74dd3cfee1295d1bd7b62d6a08bf8c842a58f413a8dd9c7e42c93ba

Download Submit
\Windows\system\ovwoRqB.exe

Filesize
6.1MB

MD5
74c05b1505b92b60b4ea5b9f40f3d7e1

SHA1
d5b3b3743c4a97f2ce065ebf7e2093dd4732fbf3

SHA256
3a4d6e75c2fb04561031f91d9e796179b4446732cb9118249594b70ddab79589

SHA512
049e0c9d63ade7cd950ed786831894dfdedb60de28a307fd6e8d0fe0ff81cd35b48bbea84b2cadef7493d17220699548c1484cf2a9aa0a1e435ceae1aba706c3

Download Submit
\Windows\system\rnfpxQJ.exe

Filesize
6.1MB

MD5
e160b30d5bfbaede7c527df37a54be7b

SHA1
78118f56d92dc770753def78bd37d3d6c402ebf0

SHA256
79999379e30a9e0133a6402126a72b05845e4c2a339826f0c53371e9561a3d5a

SHA512
aae649184f544763c255cc15f80aeaa36cca118aa2cfdbe61b5a4bc56a430dce15266579620c17ee27001c4a7a136f5ad10bc5e9b0568df95e68bbe04c0957cc

Download Submit
\Windows\system\vhEclQO.exe

Filesize
6.1MB

MD5
8bd61b0ac6e14b1d512f77884df73271

SHA1
6194af705665ffd9a29a2dad462ae1f6867b13ff

SHA256
4fc3a28f73126b4da57fcca3e76dad15902c129659fc6fa84632e9209e3fa111

SHA512
22b2126b04312b9515d9764fdf01754c0a928e8802cb91eaa994180fce13ad3d70c7b30349b028e927214d5066d8005095dfaae6bf4352e2a5b6122a5954699e

Download Submit
memory/1272-2071-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1272-1745-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1272-225-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-1987-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2018-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-230-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2024-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-232-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2048-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-234-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2083-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-236-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2126-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1272-399-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1272-373-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-364-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2127-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1272-354-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2130-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-313-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2307-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1272-248-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2089-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1272-243-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2108-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1272-238-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2092-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1272-141-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1272-0-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2055-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-183-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2428-229-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4077-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-224-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2592-239-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4074-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4081-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2600-367-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4076-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2636-362-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4071-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2692-231-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2708-237-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4079-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-314-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4082-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2808-249-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4075-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4078-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-233-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4073-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-235-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-247-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4080-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-226-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download