cobaltstrike | 954aa8555c6ee63f122af6aad21e68340cdf2551d19fd9981362defb76df6e60

Analysis

max time kernel
93s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

9b1f558c95cfc250f5f29411f87ae9f2
SHA1

2c0b0e03b52387090fd36f6c7b7d215b3bc09edb
SHA256

954aa8555c6ee63f122af6aad21e68340cdf2551d19fd9981362defb76df6e60
SHA512

975e2891d44d1e48b69ecf1b0633bd0f92b02cd320368e31b3dc8703136d430055a2afcf630ae3abc9fd8e18d18168178321e9ab542b420471373a2005c2493a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0012000000023f16-4.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c8-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c9-12.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ca-23.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cb-34.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cc-32.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cd-40.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ce-47.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d0-58.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d1-67.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d3-73.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d4-81.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d5-87.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d8-102.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240da-108.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240df-137.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e3-153.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e5-161.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e7-171.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e6-166.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e4-162.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e2-151.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e1-147.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e0-144.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240de-132.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dd-124.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dc-122.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240db-116.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d9-106.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d7-96.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d6-92.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d2-71.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cf-54.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3144-0-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp	xmrig
behavioral2/files/0x0012000000023f16-4.dat	xmrig
behavioral2/memory/2764-7-0x00007FF763270000-0x00007FF7635C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c8-10.dat	xmrig
behavioral2/files/0x00070000000240c9-12.dat	xmrig
behavioral2/memory/4460-14-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp	xmrig
behavioral2/memory/4420-20-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ca-23.dat	xmrig
behavioral2/memory/3988-24-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	xmrig
behavioral2/files/0x00070000000240cb-34.dat	xmrig
behavioral2/files/0x00070000000240cc-32.dat	xmrig
behavioral2/files/0x00070000000240cd-40.dat	xmrig
behavioral2/files/0x00070000000240ce-47.dat	xmrig
behavioral2/memory/1864-50-0x00007FF673260000-0x00007FF6735B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d0-58.dat	xmrig
behavioral2/files/0x00070000000240d1-67.dat	xmrig
behavioral2/files/0x00070000000240d3-73.dat	xmrig
behavioral2/files/0x00070000000240d4-81.dat	xmrig
behavioral2/files/0x00070000000240d5-87.dat	xmrig
behavioral2/files/0x00070000000240d8-102.dat	xmrig
behavioral2/files/0x00070000000240da-108.dat	xmrig
behavioral2/files/0x00070000000240df-137.dat	xmrig
behavioral2/files/0x00070000000240e3-153.dat	xmrig
behavioral2/files/0x00070000000240e5-161.dat	xmrig
behavioral2/memory/336-542-0x00007FF6A8ED0000-0x00007FF6A9224000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e7-171.dat	xmrig
behavioral2/files/0x00070000000240e6-166.dat	xmrig
behavioral2/files/0x00070000000240e4-162.dat	xmrig
behavioral2/memory/4180-546-0x00007FF61A300000-0x00007FF61A654000-memory.dmp	xmrig
behavioral2/memory/3216-550-0x00007FF799CE0000-0x00007FF79A034000-memory.dmp	xmrig
behavioral2/memory/440-553-0x00007FF6A4040000-0x00007FF6A4394000-memory.dmp	xmrig
behavioral2/memory/2444-556-0x00007FF7C3C70000-0x00007FF7C3FC4000-memory.dmp	xmrig
behavioral2/memory/2888-560-0x00007FF771800000-0x00007FF771B54000-memory.dmp	xmrig
behavioral2/memory/2648-567-0x00007FF6EDD60000-0x00007FF6EE0B4000-memory.dmp	xmrig
behavioral2/memory/2732-571-0x00007FF746E10000-0x00007FF747164000-memory.dmp	xmrig
behavioral2/memory/4476-574-0x00007FF72A6E0000-0x00007FF72AA34000-memory.dmp	xmrig
behavioral2/memory/540-582-0x00007FF6E7A40000-0x00007FF6E7D94000-memory.dmp	xmrig
behavioral2/memory/3432-598-0x00007FF78B760000-0x00007FF78BAB4000-memory.dmp	xmrig
behavioral2/memory/1008-595-0x00007FF6A1800000-0x00007FF6A1B54000-memory.dmp	xmrig
behavioral2/memory/3144-596-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp	xmrig
behavioral2/memory/1596-592-0x00007FF78F420000-0x00007FF78F774000-memory.dmp	xmrig
behavioral2/memory/1344-588-0x00007FF7AF680000-0x00007FF7AF9D4000-memory.dmp	xmrig
behavioral2/memory/1536-585-0x00007FF696760000-0x00007FF696AB4000-memory.dmp	xmrig
behavioral2/memory/2200-581-0x00007FF7F2FF0000-0x00007FF7F3344000-memory.dmp	xmrig
behavioral2/memory/4164-578-0x00007FF635B10000-0x00007FF635E64000-memory.dmp	xmrig
behavioral2/memory/2128-577-0x00007FF60FDB0000-0x00007FF610104000-memory.dmp	xmrig
behavioral2/memory/536-570-0x00007FF68B660000-0x00007FF68B9B4000-memory.dmp	xmrig
behavioral2/memory/2764-622-0x00007FF763270000-0x00007FF7635C4000-memory.dmp	xmrig
behavioral2/memory/840-562-0x00007FF6C4D70000-0x00007FF6C50C4000-memory.dmp	xmrig
behavioral2/memory/1740-549-0x00007FF7C4370000-0x00007FF7C46C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e2-151.dat	xmrig
behavioral2/files/0x00070000000240e1-147.dat	xmrig
behavioral2/files/0x00070000000240e0-144.dat	xmrig
behavioral2/memory/4460-652-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240de-132.dat	xmrig
behavioral2/files/0x00070000000240dd-124.dat	xmrig
behavioral2/files/0x00070000000240dc-122.dat	xmrig
behavioral2/files/0x00070000000240db-116.dat	xmrig
behavioral2/memory/4420-697-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d9-106.dat	xmrig
behavioral2/memory/3988-761-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d7-96.dat	xmrig
behavioral2/memory/4588-819-0x00007FF79A4E0000-0x00007FF79A834000-memory.dmp	xmrig
behavioral2/memory/1956-888-0x00007FF659930000-0x00007FF659C84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	dYquiMR.exe
4460	dSsJxSg.exe
4420	GuIzJyk.exe
3988	GohSZNl.exe
4588	EYcLjXd.exe
1956	cskabZH.exe
5112	DwqwnZe.exe
1864	xdjzjUI.exe
336	ejTxWcT.exe
3432	hdrltUC.exe
4180	wRXGBKu.exe
1740	bIytAZi.exe
3216	dZNyIMy.exe
440	HBnBFNw.exe
2444	sUDONny.exe
2888	OCtItCh.exe
840	vmPnynu.exe
2648	vQMMKLf.exe
536	oTkMRrL.exe
2732	oCJfRup.exe
4476	fmyGCAp.exe
2128	szTrlRf.exe
4164	RFgfnti.exe
2200	IGCUyRp.exe
540	PBPMLUn.exe
1536	cIMmCYu.exe
1344	ErWRVIE.exe
1596	gTmGSiZ.exe
1008	bxXOAYS.exe
3140	lWvzHAi.exe
1020	YCGTwcb.exe
4580	szDUIDp.exe
3728	RnWCdcs.exe
1996	HMiNZPd.exe
1544	HiJxjMB.exe
1676	OkGchXu.exe
4160	KFEkDVy.exe
4696	KjXbjRE.exe
636	BrdzDen.exe
1164	PgFWliv.exe
4812	JiVNkXy.exe
1120	LGOUKUq.exe
2976	PYJRHms.exe
1176	oYeNGhr.exe
4664	HgkNTpq.exe
3452	DKRYQNB.exe
4680	bavXxRK.exe
4156	XJtdhjy.exe
2388	LDoraGZ.exe
1224	dVrqTfb.exe
2288	WLzlCJp.exe
224	kkcufnj.exe
2116	MmSaDXx.exe
1604	ZlUkhPR.exe
5000	gBWELfM.exe
4996	bbRcCOP.exe
4948	QvCEcOl.exe
1128	IghgjTN.exe
3380	yVTPjTQ.exe
3360	DiOmXdZ.exe
4972	hiSHwsZ.exe
2708	wBGsydY.exe
2024	HiDkZtL.exe
5020	puPcZIV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3144-0-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp	upx
behavioral2/files/0x0012000000023f16-4.dat	upx
behavioral2/memory/2764-7-0x00007FF763270000-0x00007FF7635C4000-memory.dmp	upx
behavioral2/files/0x00070000000240c8-10.dat	upx
behavioral2/files/0x00070000000240c9-12.dat	upx
behavioral2/memory/4460-14-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp	upx
behavioral2/memory/4420-20-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp	upx
behavioral2/files/0x00070000000240ca-23.dat	upx
behavioral2/memory/3988-24-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	upx
behavioral2/files/0x00070000000240cb-34.dat	upx
behavioral2/files/0x00070000000240cc-32.dat	upx
behavioral2/files/0x00070000000240cd-40.dat	upx
behavioral2/files/0x00070000000240ce-47.dat	upx
behavioral2/memory/1864-50-0x00007FF673260000-0x00007FF6735B4000-memory.dmp	upx
behavioral2/files/0x00070000000240d0-58.dat	upx
behavioral2/files/0x00070000000240d1-67.dat	upx
behavioral2/files/0x00070000000240d3-73.dat	upx
behavioral2/files/0x00070000000240d4-81.dat	upx
behavioral2/files/0x00070000000240d5-87.dat	upx
behavioral2/files/0x00070000000240d8-102.dat	upx
behavioral2/files/0x00070000000240da-108.dat	upx
behavioral2/files/0x00070000000240df-137.dat	upx
behavioral2/files/0x00070000000240e3-153.dat	upx
behavioral2/files/0x00070000000240e5-161.dat	upx
behavioral2/memory/336-542-0x00007FF6A8ED0000-0x00007FF6A9224000-memory.dmp	upx
behavioral2/files/0x00070000000240e7-171.dat	upx
behavioral2/files/0x00070000000240e6-166.dat	upx
behavioral2/files/0x00070000000240e4-162.dat	upx
behavioral2/memory/4180-546-0x00007FF61A300000-0x00007FF61A654000-memory.dmp	upx
behavioral2/memory/3216-550-0x00007FF799CE0000-0x00007FF79A034000-memory.dmp	upx
behavioral2/memory/440-553-0x00007FF6A4040000-0x00007FF6A4394000-memory.dmp	upx
behavioral2/memory/2444-556-0x00007FF7C3C70000-0x00007FF7C3FC4000-memory.dmp	upx
behavioral2/memory/2888-560-0x00007FF771800000-0x00007FF771B54000-memory.dmp	upx
behavioral2/memory/2648-567-0x00007FF6EDD60000-0x00007FF6EE0B4000-memory.dmp	upx
behavioral2/memory/2732-571-0x00007FF746E10000-0x00007FF747164000-memory.dmp	upx
behavioral2/memory/4476-574-0x00007FF72A6E0000-0x00007FF72AA34000-memory.dmp	upx
behavioral2/memory/540-582-0x00007FF6E7A40000-0x00007FF6E7D94000-memory.dmp	upx
behavioral2/memory/3432-598-0x00007FF78B760000-0x00007FF78BAB4000-memory.dmp	upx
behavioral2/memory/1008-595-0x00007FF6A1800000-0x00007FF6A1B54000-memory.dmp	upx
behavioral2/memory/3144-596-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp	upx
behavioral2/memory/1596-592-0x00007FF78F420000-0x00007FF78F774000-memory.dmp	upx
behavioral2/memory/1344-588-0x00007FF7AF680000-0x00007FF7AF9D4000-memory.dmp	upx
behavioral2/memory/1536-585-0x00007FF696760000-0x00007FF696AB4000-memory.dmp	upx
behavioral2/memory/2200-581-0x00007FF7F2FF0000-0x00007FF7F3344000-memory.dmp	upx
behavioral2/memory/4164-578-0x00007FF635B10000-0x00007FF635E64000-memory.dmp	upx
behavioral2/memory/2128-577-0x00007FF60FDB0000-0x00007FF610104000-memory.dmp	upx
behavioral2/memory/536-570-0x00007FF68B660000-0x00007FF68B9B4000-memory.dmp	upx
behavioral2/memory/2764-622-0x00007FF763270000-0x00007FF7635C4000-memory.dmp	upx
behavioral2/memory/840-562-0x00007FF6C4D70000-0x00007FF6C50C4000-memory.dmp	upx
behavioral2/memory/1740-549-0x00007FF7C4370000-0x00007FF7C46C4000-memory.dmp	upx
behavioral2/files/0x00070000000240e2-151.dat	upx
behavioral2/files/0x00070000000240e1-147.dat	upx
behavioral2/files/0x00070000000240e0-144.dat	upx
behavioral2/memory/4460-652-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp	upx
behavioral2/files/0x00070000000240de-132.dat	upx
behavioral2/files/0x00070000000240dd-124.dat	upx
behavioral2/files/0x00070000000240dc-122.dat	upx
behavioral2/files/0x00070000000240db-116.dat	upx
behavioral2/memory/4420-697-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp	upx
behavioral2/files/0x00070000000240d9-106.dat	upx
behavioral2/memory/3988-761-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	upx
behavioral2/files/0x00070000000240d7-96.dat	upx
behavioral2/memory/4588-819-0x00007FF79A4E0000-0x00007FF79A834000-memory.dmp	upx
behavioral2/memory/1956-888-0x00007FF659930000-0x00007FF659C84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ocaDLxc.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CVtzeDr.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VbIyZsc.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XULtiCb.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\disycMt.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\erQAXvp.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uXBSevt.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VbudNsI.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PAqOKQC.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AYOBGOT.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ejQhDgY.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KcRDHMD.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HUfApJc.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TFCjuxk.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PBPMLUn.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KDaDYfZ.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rElPFeH.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vdHgCzs.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cMQxjIt.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GIyUagD.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hnyitni.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eTYovOZ.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eyxjYaW.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mSQtjra.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uDHQgts.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iqMORIL.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rvaeJyG.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OhKsxEq.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nMkDiHh.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\odiihMm.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HASuBSH.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DkSOnKT.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qbvlPGe.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IGCUyRp.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PbWFgai.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dGvfSZz.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UsAwzLg.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ujRNedd.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LVxTYxK.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VnZNHrB.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BOcAsQx.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AwpTwZg.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MUeeFjD.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cleyizM.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nLszrgN.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FoMVkdV.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pUYDsHA.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZhdyjSY.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DjHZumQ.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RhTseLJ.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vJuapDy.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LhtKRIl.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EWHjVUl.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\McRWzUq.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jEpyqga.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NMTzzGi.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kzgSape.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HPTRPcm.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QigNmdW.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kMqbGmE.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KTfjTVQ.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WDnIUjx.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MGyuhRo.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ovHrPzj.exe	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 2764	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3144 wrote to memory of 2764	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3144 wrote to memory of 4460	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3144 wrote to memory of 4460	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3144 wrote to memory of 4420	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3144 wrote to memory of 4420	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3144 wrote to memory of 3988	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3144 wrote to memory of 3988	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3144 wrote to memory of 4588	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3144 wrote to memory of 4588	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3144 wrote to memory of 1956	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3144 wrote to memory of 1956	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3144 wrote to memory of 5112	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3144 wrote to memory of 5112	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3144 wrote to memory of 1864	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3144 wrote to memory of 1864	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3144 wrote to memory of 336	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3144 wrote to memory of 336	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3144 wrote to memory of 3432	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3144 wrote to memory of 3432	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3144 wrote to memory of 4180	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3144 wrote to memory of 4180	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3144 wrote to memory of 1740	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3144 wrote to memory of 1740	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3144 wrote to memory of 3216	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3144 wrote to memory of 3216	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3144 wrote to memory of 440	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3144 wrote to memory of 440	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3144 wrote to memory of 2444	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3144 wrote to memory of 2444	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3144 wrote to memory of 2888	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3144 wrote to memory of 2888	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3144 wrote to memory of 840	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3144 wrote to memory of 840	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3144 wrote to memory of 2648	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3144 wrote to memory of 2648	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3144 wrote to memory of 536	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3144 wrote to memory of 536	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3144 wrote to memory of 2732	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3144 wrote to memory of 2732	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3144 wrote to memory of 4476	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3144 wrote to memory of 4476	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3144 wrote to memory of 2128	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3144 wrote to memory of 2128	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3144 wrote to memory of 4164	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3144 wrote to memory of 4164	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3144 wrote to memory of 2200	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3144 wrote to memory of 2200	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3144 wrote to memory of 540	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3144 wrote to memory of 540	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3144 wrote to memory of 1536	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3144 wrote to memory of 1536	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3144 wrote to memory of 1344	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3144 wrote to memory of 1344	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3144 wrote to memory of 1596	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3144 wrote to memory of 1596	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3144 wrote to memory of 1008	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3144 wrote to memory of 1008	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3144 wrote to memory of 3140	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3144 wrote to memory of 3140	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3144 wrote to memory of 1020	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3144 wrote to memory of 1020	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3144 wrote to memory of 4580	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3144 wrote to memory of 4580	3144	2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_9b1f558c95cfc250f5f29411f87ae9f2_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\System\dYquiMR.exe
  C:\Windows\System\dYquiMR.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\dSsJxSg.exe
  C:\Windows\System\dSsJxSg.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\GuIzJyk.exe
  C:\Windows\System\GuIzJyk.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\GohSZNl.exe
  C:\Windows\System\GohSZNl.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\EYcLjXd.exe
  C:\Windows\System\EYcLjXd.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\cskabZH.exe
  C:\Windows\System\cskabZH.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\DwqwnZe.exe
  C:\Windows\System\DwqwnZe.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\xdjzjUI.exe
  C:\Windows\System\xdjzjUI.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ejTxWcT.exe
  C:\Windows\System\ejTxWcT.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\hdrltUC.exe
  C:\Windows\System\hdrltUC.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\wRXGBKu.exe
  C:\Windows\System\wRXGBKu.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\bIytAZi.exe
  C:\Windows\System\bIytAZi.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\dZNyIMy.exe
  C:\Windows\System\dZNyIMy.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\HBnBFNw.exe
  C:\Windows\System\HBnBFNw.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\sUDONny.exe
  C:\Windows\System\sUDONny.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\OCtItCh.exe
  C:\Windows\System\OCtItCh.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\vmPnynu.exe
  C:\Windows\System\vmPnynu.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\vQMMKLf.exe
  C:\Windows\System\vQMMKLf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\oTkMRrL.exe
  C:\Windows\System\oTkMRrL.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\oCJfRup.exe
  C:\Windows\System\oCJfRup.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\fmyGCAp.exe
  C:\Windows\System\fmyGCAp.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\szTrlRf.exe
  C:\Windows\System\szTrlRf.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\RFgfnti.exe
  C:\Windows\System\RFgfnti.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\IGCUyRp.exe
  C:\Windows\System\IGCUyRp.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\PBPMLUn.exe
  C:\Windows\System\PBPMLUn.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\cIMmCYu.exe
  C:\Windows\System\cIMmCYu.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ErWRVIE.exe
  C:\Windows\System\ErWRVIE.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\gTmGSiZ.exe
  C:\Windows\System\gTmGSiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\bxXOAYS.exe
  C:\Windows\System\bxXOAYS.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\lWvzHAi.exe
  C:\Windows\System\lWvzHAi.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\YCGTwcb.exe
  C:\Windows\System\YCGTwcb.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\szDUIDp.exe
  C:\Windows\System\szDUIDp.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\RnWCdcs.exe
  C:\Windows\System\RnWCdcs.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\HMiNZPd.exe
  C:\Windows\System\HMiNZPd.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\HiJxjMB.exe
  C:\Windows\System\HiJxjMB.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\OkGchXu.exe
  C:\Windows\System\OkGchXu.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\KFEkDVy.exe
  C:\Windows\System\KFEkDVy.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\KjXbjRE.exe
  C:\Windows\System\KjXbjRE.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\BrdzDen.exe
  C:\Windows\System\BrdzDen.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\PgFWliv.exe
  C:\Windows\System\PgFWliv.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\JiVNkXy.exe
  C:\Windows\System\JiVNkXy.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\LGOUKUq.exe
  C:\Windows\System\LGOUKUq.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\PYJRHms.exe
  C:\Windows\System\PYJRHms.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\oYeNGhr.exe
  C:\Windows\System\oYeNGhr.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\HgkNTpq.exe
  C:\Windows\System\HgkNTpq.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\DKRYQNB.exe
  C:\Windows\System\DKRYQNB.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\bavXxRK.exe
  C:\Windows\System\bavXxRK.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\XJtdhjy.exe
  C:\Windows\System\XJtdhjy.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\LDoraGZ.exe
  C:\Windows\System\LDoraGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\dVrqTfb.exe
  C:\Windows\System\dVrqTfb.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\WLzlCJp.exe
  C:\Windows\System\WLzlCJp.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\kkcufnj.exe
  C:\Windows\System\kkcufnj.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\MmSaDXx.exe
  C:\Windows\System\MmSaDXx.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ZlUkhPR.exe
  C:\Windows\System\ZlUkhPR.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\gBWELfM.exe
  C:\Windows\System\gBWELfM.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\bbRcCOP.exe
  C:\Windows\System\bbRcCOP.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\QvCEcOl.exe
  C:\Windows\System\QvCEcOl.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\IghgjTN.exe
  C:\Windows\System\IghgjTN.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\yVTPjTQ.exe
  C:\Windows\System\yVTPjTQ.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\DiOmXdZ.exe
  C:\Windows\System\DiOmXdZ.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\hiSHwsZ.exe
  C:\Windows\System\hiSHwsZ.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\wBGsydY.exe
  C:\Windows\System\wBGsydY.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\HiDkZtL.exe
  C:\Windows\System\HiDkZtL.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\puPcZIV.exe
  C:\Windows\System\puPcZIV.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\CHGmizd.exe
  C:\Windows\System\CHGmizd.exe
  2⤵
  PID:2552
- C:\Windows\System\TpDaxra.exe
  C:\Windows\System\TpDaxra.exe
  2⤵
  PID:3112
- C:\Windows\System\OwNJKEr.exe
  C:\Windows\System\OwNJKEr.exe
  2⤵
  PID:4188
- C:\Windows\System\BdTqYIZ.exe
  C:\Windows\System\BdTqYIZ.exe
  2⤵
  PID:2752
- C:\Windows\System\QigNmdW.exe
  C:\Windows\System\QigNmdW.exe
  2⤵
  PID:2820
- C:\Windows\System\vEeFtHs.exe
  C:\Windows\System\vEeFtHs.exe
  2⤵
  PID:3256
- C:\Windows\System\qTPanRm.exe
  C:\Windows\System\qTPanRm.exe
  2⤵
  PID:4168
- C:\Windows\System\WfXgNEI.exe
  C:\Windows\System\WfXgNEI.exe
  2⤵
  PID:452
- C:\Windows\System\psZXhts.exe
  C:\Windows\System\psZXhts.exe
  2⤵
  PID:4548
- C:\Windows\System\nerOxcZ.exe
  C:\Windows\System\nerOxcZ.exe
  2⤵
  PID:392
- C:\Windows\System\eMZoFQh.exe
  C:\Windows\System\eMZoFQh.exe
  2⤵
  PID:3936
- C:\Windows\System\fAdhFzq.exe
  C:\Windows\System\fAdhFzq.exe
  2⤵
  PID:4204
- C:\Windows\System\DFxdCxL.exe
  C:\Windows\System\DFxdCxL.exe
  2⤵
  PID:4940
- C:\Windows\System\beDYVUR.exe
  C:\Windows\System\beDYVUR.exe
  2⤵
  PID:2964
- C:\Windows\System\QggfOPO.exe
  C:\Windows\System\QggfOPO.exe
  2⤵
  PID:2140
- C:\Windows\System\IacgdTQ.exe
  C:\Windows\System\IacgdTQ.exe
  2⤵
  PID:5148
- C:\Windows\System\ZoDZNVd.exe
  C:\Windows\System\ZoDZNVd.exe
  2⤵
  PID:5176
- C:\Windows\System\YaWjTMv.exe
  C:\Windows\System\YaWjTMv.exe
  2⤵
  PID:5204
- C:\Windows\System\RfOmpem.exe
  C:\Windows\System\RfOmpem.exe
  2⤵
  PID:5244
- C:\Windows\System\OnBrQVG.exe
  C:\Windows\System\OnBrQVG.exe
  2⤵
  PID:5272
- C:\Windows\System\ZFNdWNb.exe
  C:\Windows\System\ZFNdWNb.exe
  2⤵
  PID:5300
- C:\Windows\System\zCOwOSX.exe
  C:\Windows\System\zCOwOSX.exe
  2⤵
  PID:5316
- C:\Windows\System\jgczfVi.exe
  C:\Windows\System\jgczfVi.exe
  2⤵
  PID:5344
- C:\Windows\System\wHiOikH.exe
  C:\Windows\System\wHiOikH.exe
  2⤵
  PID:5372
- C:\Windows\System\UeLkaBV.exe
  C:\Windows\System\UeLkaBV.exe
  2⤵
  PID:5400
- C:\Windows\System\aBoPNcQ.exe
  C:\Windows\System\aBoPNcQ.exe
  2⤵
  PID:5428
- C:\Windows\System\XBEHTmq.exe
  C:\Windows\System\XBEHTmq.exe
  2⤵
  PID:5456
- C:\Windows\System\ayvMHEh.exe
  C:\Windows\System\ayvMHEh.exe
  2⤵
  PID:5484
- C:\Windows\System\ocaDLxc.exe
  C:\Windows\System\ocaDLxc.exe
  2⤵
  PID:5512
- C:\Windows\System\uHsNfDr.exe
  C:\Windows\System\uHsNfDr.exe
  2⤵
  PID:5540
- C:\Windows\System\FsMasYq.exe
  C:\Windows\System\FsMasYq.exe
  2⤵
  PID:5568
- C:\Windows\System\gZoJxrA.exe
  C:\Windows\System\gZoJxrA.exe
  2⤵
  PID:5596
- C:\Windows\System\KQVXJTU.exe
  C:\Windows\System\KQVXJTU.exe
  2⤵
  PID:5624
- C:\Windows\System\JPJweqF.exe
  C:\Windows\System\JPJweqF.exe
  2⤵
  PID:5652
- C:\Windows\System\DtCZYiV.exe
  C:\Windows\System\DtCZYiV.exe
  2⤵
  PID:5680
- C:\Windows\System\MHfOkmu.exe
  C:\Windows\System\MHfOkmu.exe
  2⤵
  PID:5708
- C:\Windows\System\MUeeFjD.exe
  C:\Windows\System\MUeeFjD.exe
  2⤵
  PID:5736
- C:\Windows\System\sjpkirt.exe
  C:\Windows\System\sjpkirt.exe
  2⤵
  PID:5764
- C:\Windows\System\qIksggC.exe
  C:\Windows\System\qIksggC.exe
  2⤵
  PID:5792
- C:\Windows\System\IqKtACV.exe
  C:\Windows\System\IqKtACV.exe
  2⤵
  PID:5820
- C:\Windows\System\lwtupiJ.exe
  C:\Windows\System\lwtupiJ.exe
  2⤵
  PID:5844
- C:\Windows\System\etYayXZ.exe
  C:\Windows\System\etYayXZ.exe
  2⤵
  PID:5876
- C:\Windows\System\HwNgaTi.exe
  C:\Windows\System\HwNgaTi.exe
  2⤵
  PID:5904
- C:\Windows\System\SdnwJSG.exe
  C:\Windows\System\SdnwJSG.exe
  2⤵
  PID:5932
- C:\Windows\System\pwdBKbw.exe
  C:\Windows\System\pwdBKbw.exe
  2⤵
  PID:5960
- C:\Windows\System\kMqbGmE.exe
  C:\Windows\System\kMqbGmE.exe
  2⤵
  PID:5988
- C:\Windows\System\KlASaJq.exe
  C:\Windows\System\KlASaJq.exe
  2⤵
  PID:6016
- C:\Windows\System\XHGpIXc.exe
  C:\Windows\System\XHGpIXc.exe
  2⤵
  PID:6044
- C:\Windows\System\gkkuJAI.exe
  C:\Windows\System\gkkuJAI.exe
  2⤵
  PID:6072
- C:\Windows\System\GrJbehh.exe
  C:\Windows\System\GrJbehh.exe
  2⤵
  PID:6100
- C:\Windows\System\rPVNnFZ.exe
  C:\Windows\System\rPVNnFZ.exe
  2⤵
  PID:6128
- C:\Windows\System\RwEjWPs.exe
  C:\Windows\System\RwEjWPs.exe
  2⤵
  PID:1720
- C:\Windows\System\ZnLKVbr.exe
  C:\Windows\System\ZnLKVbr.exe
  2⤵
  PID:4928
- C:\Windows\System\zzGmngF.exe
  C:\Windows\System\zzGmngF.exe
  2⤵
  PID:1368
- C:\Windows\System\ahTctNA.exe
  C:\Windows\System\ahTctNA.exe
  2⤵
  PID:5136
- C:\Windows\System\QcRpSNP.exe
  C:\Windows\System\QcRpSNP.exe
  2⤵
  PID:5196
- C:\Windows\System\SMTwdJp.exe
  C:\Windows\System\SMTwdJp.exe
  2⤵
  PID:5292
- C:\Windows\System\wbABxrb.exe
  C:\Windows\System\wbABxrb.exe
  2⤵
  PID:5360
- C:\Windows\System\TJINZkK.exe
  C:\Windows\System\TJINZkK.exe
  2⤵
  PID:5392
- C:\Windows\System\eexvKip.exe
  C:\Windows\System\eexvKip.exe
  2⤵
  PID:5468
- C:\Windows\System\aNeqhOB.exe
  C:\Windows\System\aNeqhOB.exe
  2⤵
  PID:5528
- C:\Windows\System\XGVGlef.exe
  C:\Windows\System\XGVGlef.exe
  2⤵
  PID:5588
- C:\Windows\System\ujFVVIH.exe
  C:\Windows\System\ujFVVIH.exe
  2⤵
  PID:5664
- C:\Windows\System\rOHNYrU.exe
  C:\Windows\System\rOHNYrU.exe
  2⤵
  PID:5724
- C:\Windows\System\ZwAxGNe.exe
  C:\Windows\System\ZwAxGNe.exe
  2⤵
  PID:5784
- C:\Windows\System\RjOorbw.exe
  C:\Windows\System\RjOorbw.exe
  2⤵
  PID:5860
- C:\Windows\System\KDaDYfZ.exe
  C:\Windows\System\KDaDYfZ.exe
  2⤵
  PID:5920
- C:\Windows\System\ufkBuux.exe
  C:\Windows\System\ufkBuux.exe
  2⤵
  PID:5980
- C:\Windows\System\BDOYXdP.exe
  C:\Windows\System\BDOYXdP.exe
  2⤵
  PID:6036
- C:\Windows\System\wCkzctx.exe
  C:\Windows\System\wCkzctx.exe
  2⤵
  PID:6112
- C:\Windows\System\osoqSoU.exe
  C:\Windows\System\osoqSoU.exe
  2⤵
  PID:3880
- C:\Windows\System\PpJtRxs.exe
  C:\Windows\System\PpJtRxs.exe
  2⤵
  PID:5132
- C:\Windows\System\eyxjYaW.exe
  C:\Windows\System\eyxjYaW.exe
  2⤵
  PID:5288
- C:\Windows\System\AXhjwOv.exe
  C:\Windows\System\AXhjwOv.exe
  2⤵
  PID:5440
- C:\Windows\System\dWLQrfr.exe
  C:\Windows\System\dWLQrfr.exe
  2⤵
  PID:5560
- C:\Windows\System\iGXTOVw.exe
  C:\Windows\System\iGXTOVw.exe
  2⤵
  PID:5896
- C:\Windows\System\ZZikWEm.exe
  C:\Windows\System\ZZikWEm.exe
  2⤵
  PID:6008
- C:\Windows\System\phpXaIL.exe
  C:\Windows\System\phpXaIL.exe
  2⤵
  PID:6084
- C:\Windows\System\CVtzeDr.exe
  C:\Windows\System\CVtzeDr.exe
  2⤵
  PID:2280
- C:\Windows\System\aeYIwKG.exe
  C:\Windows\System\aeYIwKG.exe
  2⤵
  PID:5336
- C:\Windows\System\FDPyYWl.exe
  C:\Windows\System\FDPyYWl.exe
  2⤵
  PID:5640
- C:\Windows\System\pvBrrya.exe
  C:\Windows\System\pvBrrya.exe
  2⤵
  PID:6148
- C:\Windows\System\GSxMvzz.exe
  C:\Windows\System\GSxMvzz.exe
  2⤵
  PID:6176
- C:\Windows\System\WxJeYIw.exe
  C:\Windows\System\WxJeYIw.exe
  2⤵
  PID:6204
- C:\Windows\System\PIgFTQw.exe
  C:\Windows\System\PIgFTQw.exe
  2⤵
  PID:6232
- C:\Windows\System\lzsPIzo.exe
  C:\Windows\System\lzsPIzo.exe
  2⤵
  PID:6260
- C:\Windows\System\OFeeOww.exe
  C:\Windows\System\OFeeOww.exe
  2⤵
  PID:6288
- C:\Windows\System\BAiafxF.exe
  C:\Windows\System\BAiafxF.exe
  2⤵
  PID:6328
- C:\Windows\System\rElPFeH.exe
  C:\Windows\System\rElPFeH.exe
  2⤵
  PID:6356
- C:\Windows\System\vyGvKCB.exe
  C:\Windows\System\vyGvKCB.exe
  2⤵
  PID:6372
- C:\Windows\System\ODfRMGD.exe
  C:\Windows\System\ODfRMGD.exe
  2⤵
  PID:6400
- C:\Windows\System\iUDlgqb.exe
  C:\Windows\System\iUDlgqb.exe
  2⤵
  PID:6428
- C:\Windows\System\pvXUYnp.exe
  C:\Windows\System\pvXUYnp.exe
  2⤵
  PID:6456
- C:\Windows\System\OicCwON.exe
  C:\Windows\System\OicCwON.exe
  2⤵
  PID:6484
- C:\Windows\System\PneEECu.exe
  C:\Windows\System\PneEECu.exe
  2⤵
  PID:6544
- C:\Windows\System\QLjSTAj.exe
  C:\Windows\System\QLjSTAj.exe
  2⤵
  PID:6584
- C:\Windows\System\kAnvBlO.exe
  C:\Windows\System\kAnvBlO.exe
  2⤵
  PID:6620
- C:\Windows\System\fpyAFiE.exe
  C:\Windows\System\fpyAFiE.exe
  2⤵
  PID:6652
- C:\Windows\System\fbQyQHV.exe
  C:\Windows\System\fbQyQHV.exe
  2⤵
  PID:6700
- C:\Windows\System\AEEauoL.exe
  C:\Windows\System\AEEauoL.exe
  2⤵
  PID:6720
- C:\Windows\System\PbWFgai.exe
  C:\Windows\System\PbWFgai.exe
  2⤵
  PID:6740
- C:\Windows\System\ggWbAJT.exe
  C:\Windows\System\ggWbAJT.exe
  2⤵
  PID:6796
- C:\Windows\System\dGvfSZz.exe
  C:\Windows\System\dGvfSZz.exe
  2⤵
  PID:6832
- C:\Windows\System\yAsolAm.exe
  C:\Windows\System\yAsolAm.exe
  2⤵
  PID:6876
- C:\Windows\System\sDzOOwW.exe
  C:\Windows\System\sDzOOwW.exe
  2⤵
  PID:6896
- C:\Windows\System\SXczDgf.exe
  C:\Windows\System\SXczDgf.exe
  2⤵
  PID:6932
- C:\Windows\System\AcmYMhY.exe
  C:\Windows\System\AcmYMhY.exe
  2⤵
  PID:6988
- C:\Windows\System\Vkzawpi.exe
  C:\Windows\System\Vkzawpi.exe
  2⤵
  PID:7060
- C:\Windows\System\ULGvzvZ.exe
  C:\Windows\System\ULGvzvZ.exe
  2⤵
  PID:5232
- C:\Windows\System\zMNwNzh.exe
  C:\Windows\System\zMNwNzh.exe
  2⤵
  PID:5700
- C:\Windows\System\blgHDFM.exe
  C:\Windows\System\blgHDFM.exe
  2⤵
  PID:1856
- C:\Windows\System\fEtyRFl.exe
  C:\Windows\System\fEtyRFl.exe
  2⤵
  PID:6248
- C:\Windows\System\nNDoghN.exe
  C:\Windows\System\nNDoghN.exe
  2⤵
  PID:6320
- C:\Windows\System\McRWzUq.exe
  C:\Windows\System\McRWzUq.exe
  2⤵
  PID:4220
- C:\Windows\System\RGYGmnY.exe
  C:\Windows\System\RGYGmnY.exe
  2⤵
  PID:6444
- C:\Windows\System\Iqvblmb.exe
  C:\Windows\System\Iqvblmb.exe
  2⤵
  PID:2748
- C:\Windows\System\ZkNaWkz.exe
  C:\Windows\System\ZkNaWkz.exe
  2⤵
  PID:4380
- C:\Windows\System\suQTcRL.exe
  C:\Windows\System\suQTcRL.exe
  2⤵
  PID:1108
- C:\Windows\System\qrHmrfg.exe
  C:\Windows\System\qrHmrfg.exe
  2⤵
  PID:2224
- C:\Windows\System\QJOzJbD.exe
  C:\Windows\System\QJOzJbD.exe
  2⤵
  PID:5032
- C:\Windows\System\KjXqLsS.exe
  C:\Windows\System\KjXqLsS.exe
  2⤵
  PID:2852
- C:\Windows\System\sCpKCcX.exe
  C:\Windows\System\sCpKCcX.exe
  2⤵
  PID:1944
- C:\Windows\System\sttEJfm.exe
  C:\Windows\System\sttEJfm.exe
  2⤵
  PID:6600
- C:\Windows\System\jYSzFld.exe
  C:\Windows\System\jYSzFld.exe
  2⤵
  PID:6668
- C:\Windows\System\UAfJzFI.exe
  C:\Windows\System\UAfJzFI.exe
  2⤵
  PID:6692
- C:\Windows\System\IJvGMrQ.exe
  C:\Windows\System\IJvGMrQ.exe
  2⤵
  PID:1048
- C:\Windows\System\nVmvRyw.exe
  C:\Windows\System\nVmvRyw.exe
  2⤵
  PID:2520
- C:\Windows\System\FlczCXa.exe
  C:\Windows\System\FlczCXa.exe
  2⤵
  PID:6912
- C:\Windows\System\GOuuOLM.exe
  C:\Windows\System\GOuuOLM.exe
  2⤵
  PID:7000
- C:\Windows\System\AFgiEIl.exe
  C:\Windows\System\AFgiEIl.exe
  2⤵
  PID:2244
- C:\Windows\System\GFtZwkp.exe
  C:\Windows\System\GFtZwkp.exe
  2⤵
  PID:6168
- C:\Windows\System\FfoLtgP.exe
  C:\Windows\System\FfoLtgP.exe
  2⤵
  PID:6300
- C:\Windows\System\ucIHarC.exe
  C:\Windows\System\ucIHarC.exe
  2⤵
  PID:6384
- C:\Windows\System\HeArePQ.exe
  C:\Windows\System\HeArePQ.exe
  2⤵
  PID:3596
- C:\Windows\System\gjQhSPf.exe
  C:\Windows\System\gjQhSPf.exe
  2⤵
  PID:2684
- C:\Windows\System\kTjGkMH.exe
  C:\Windows\System\kTjGkMH.exe
  2⤵
  PID:4016
- C:\Windows\System\SCJuTyN.exe
  C:\Windows\System\SCJuTyN.exe
  2⤵
  PID:6556
- C:\Windows\System\ujfOdlk.exe
  C:\Windows\System\ujfOdlk.exe
  2⤵
  PID:6632
- C:\Windows\System\QDucwIU.exe
  C:\Windows\System\QDucwIU.exe
  2⤵
  PID:6696
- C:\Windows\System\vVJofbG.exe
  C:\Windows\System\vVJofbG.exe
  2⤵
  PID:6820
- C:\Windows\System\AwpTwZg.exe
  C:\Windows\System\AwpTwZg.exe
  2⤵
  PID:6892
- C:\Windows\System\myTHLiG.exe
  C:\Windows\System\myTHLiG.exe
  2⤵
  PID:1040
- C:\Windows\System\icxNHft.exe
  C:\Windows\System\icxNHft.exe
  2⤵
  PID:6524
- C:\Windows\System\UVKqcbv.exe
  C:\Windows\System\UVKqcbv.exe
  2⤵
  PID:6776
- C:\Windows\System\DrVxXPu.exe
  C:\Windows\System\DrVxXPu.exe
  2⤵
  PID:2384
- C:\Windows\System\LARodXl.exe
  C:\Windows\System\LARodXl.exe
  2⤵
  PID:7204
- C:\Windows\System\fNBDvCk.exe
  C:\Windows\System\fNBDvCk.exe
  2⤵
  PID:7252
- C:\Windows\System\LGMbjvv.exe
  C:\Windows\System\LGMbjvv.exe
  2⤵
  PID:7288
- C:\Windows\System\WLhpikA.exe
  C:\Windows\System\WLhpikA.exe
  2⤵
  PID:7320
- C:\Windows\System\NpNBRLO.exe
  C:\Windows\System\NpNBRLO.exe
  2⤵
  PID:7372
- C:\Windows\System\jHQHioT.exe
  C:\Windows\System\jHQHioT.exe
  2⤵
  PID:7404
- C:\Windows\System\xMkSjbh.exe
  C:\Windows\System\xMkSjbh.exe
  2⤵
  PID:7420
- C:\Windows\System\ITHdhaz.exe
  C:\Windows\System\ITHdhaz.exe
  2⤵
  PID:7448
- C:\Windows\System\ViBxxiR.exe
  C:\Windows\System\ViBxxiR.exe
  2⤵
  PID:7480
- C:\Windows\System\xVuFjLv.exe
  C:\Windows\System\xVuFjLv.exe
  2⤵
  PID:7504
- C:\Windows\System\waKchnO.exe
  C:\Windows\System\waKchnO.exe
  2⤵
  PID:7532
- C:\Windows\System\GlkdQzp.exe
  C:\Windows\System\GlkdQzp.exe
  2⤵
  PID:7560
- C:\Windows\System\gaQtZxI.exe
  C:\Windows\System\gaQtZxI.exe
  2⤵
  PID:7588
- C:\Windows\System\ncfgYFI.exe
  C:\Windows\System\ncfgYFI.exe
  2⤵
  PID:7620
- C:\Windows\System\IYrcYAt.exe
  C:\Windows\System\IYrcYAt.exe
  2⤵
  PID:7648
- C:\Windows\System\YxFaNbc.exe
  C:\Windows\System\YxFaNbc.exe
  2⤵
  PID:7676
- C:\Windows\System\urPJqcK.exe
  C:\Windows\System\urPJqcK.exe
  2⤵
  PID:7704
- C:\Windows\System\DobLVBH.exe
  C:\Windows\System\DobLVBH.exe
  2⤵
  PID:7732
- C:\Windows\System\avnBVKt.exe
  C:\Windows\System\avnBVKt.exe
  2⤵
  PID:7760
- C:\Windows\System\plDJCeF.exe
  C:\Windows\System\plDJCeF.exe
  2⤵
  PID:7792
- C:\Windows\System\KWukDyD.exe
  C:\Windows\System\KWukDyD.exe
  2⤵
  PID:7820
- C:\Windows\System\eJkyUGA.exe
  C:\Windows\System\eJkyUGA.exe
  2⤵
  PID:7856
- C:\Windows\System\rCzksAn.exe
  C:\Windows\System\rCzksAn.exe
  2⤵
  PID:7876
- C:\Windows\System\UsAwzLg.exe
  C:\Windows\System\UsAwzLg.exe
  2⤵
  PID:7904
- C:\Windows\System\ZhdyjSY.exe
  C:\Windows\System\ZhdyjSY.exe
  2⤵
  PID:7948
- C:\Windows\System\hzcwnNg.exe
  C:\Windows\System\hzcwnNg.exe
  2⤵
  PID:7964
- C:\Windows\System\TcqaXFj.exe
  C:\Windows\System\TcqaXFj.exe
  2⤵
  PID:7992
- C:\Windows\System\ujRNedd.exe
  C:\Windows\System\ujRNedd.exe
  2⤵
  PID:8020
- C:\Windows\System\gylIEcq.exe
  C:\Windows\System\gylIEcq.exe
  2⤵
  PID:8048
- C:\Windows\System\ausrYYW.exe
  C:\Windows\System\ausrYYW.exe
  2⤵
  PID:8076
- C:\Windows\System\LVxTYxK.exe
  C:\Windows\System\LVxTYxK.exe
  2⤵
  PID:8104
- C:\Windows\System\YtFYPGX.exe
  C:\Windows\System\YtFYPGX.exe
  2⤵
  PID:8132
- C:\Windows\System\FhSBlNm.exe
  C:\Windows\System\FhSBlNm.exe
  2⤵
  PID:8172
- C:\Windows\System\mgdPTqi.exe
  C:\Windows\System\mgdPTqi.exe
  2⤵
  PID:7216
- C:\Windows\System\dxOKJZC.exe
  C:\Windows\System\dxOKJZC.exe
  2⤵
  PID:7272
- C:\Windows\System\mEgGcbH.exe
  C:\Windows\System\mEgGcbH.exe
  2⤵
  PID:7332
- C:\Windows\System\zTZWilR.exe
  C:\Windows\System\zTZWilR.exe
  2⤵
  PID:7440
- C:\Windows\System\BuerpTe.exe
  C:\Windows\System\BuerpTe.exe
  2⤵
  PID:7468
- C:\Windows\System\oaBpGCJ.exe
  C:\Windows\System\oaBpGCJ.exe
  2⤵
  PID:7528
- C:\Windows\System\gAGXgWh.exe
  C:\Windows\System\gAGXgWh.exe
  2⤵
  PID:7612
- C:\Windows\System\sMysEaP.exe
  C:\Windows\System\sMysEaP.exe
  2⤵
  PID:7668
- C:\Windows\System\xorbjXV.exe
  C:\Windows\System\xorbjXV.exe
  2⤵
  PID:7728
- C:\Windows\System\azDGdpK.exe
  C:\Windows\System\azDGdpK.exe
  2⤵
  PID:7804
- C:\Windows\System\puONXaS.exe
  C:\Windows\System\puONXaS.exe
  2⤵
  PID:7868
- C:\Windows\System\CeEFPMC.exe
  C:\Windows\System\CeEFPMC.exe
  2⤵
  PID:692
- C:\Windows\System\zdTplFG.exe
  C:\Windows\System\zdTplFG.exe
  2⤵
  PID:5004
- C:\Windows\System\DgLyStk.exe
  C:\Windows\System\DgLyStk.exe
  2⤵
  PID:552
- C:\Windows\System\iizWOVX.exe
  C:\Windows\System\iizWOVX.exe
  2⤵
  PID:7156
- C:\Windows\System\anyJOGF.exe
  C:\Windows\System\anyJOGF.exe
  2⤵
  PID:7928
- C:\Windows\System\mSQtjra.exe
  C:\Windows\System\mSQtjra.exe
  2⤵
  PID:7980
- C:\Windows\System\GAvbjdi.exe
  C:\Windows\System\GAvbjdi.exe
  2⤵
  PID:8040
- C:\Windows\System\qUczrrM.exe
  C:\Windows\System\qUczrrM.exe
  2⤵
  PID:8100
- C:\Windows\System\VbIyZsc.exe
  C:\Windows\System\VbIyZsc.exe
  2⤵
  PID:8184
- C:\Windows\System\eInCmKn.exe
  C:\Windows\System\eInCmKn.exe
  2⤵
  PID:6764
- C:\Windows\System\yQzxoFR.exe
  C:\Windows\System\yQzxoFR.exe
  2⤵
  PID:7464
- C:\Windows\System\DgkgXWa.exe
  C:\Windows\System\DgkgXWa.exe
  2⤵
  PID:7664
- C:\Windows\System\cnDZfyh.exe
  C:\Windows\System\cnDZfyh.exe
  2⤵
  PID:7780
- C:\Windows\System\vdHgCzs.exe
  C:\Windows\System\vdHgCzs.exe
  2⤵
  PID:4672
- C:\Windows\System\uKyrBMW.exe
  C:\Windows\System\uKyrBMW.exe
  2⤵
  PID:2204
- C:\Windows\System\GvYbIzu.exe
  C:\Windows\System\GvYbIzu.exe
  2⤵
  PID:7956
- C:\Windows\System\wYnnoFO.exe
  C:\Windows\System\wYnnoFO.exe
  2⤵
  PID:8096
- C:\Windows\System\kYIuNOA.exe
  C:\Windows\System\kYIuNOA.exe
  2⤵
  PID:6660
- C:\Windows\System\CosXCin.exe
  C:\Windows\System\CosXCin.exe
  2⤵
  PID:6500
- C:\Windows\System\PufjXwM.exe
  C:\Windows\System\PufjXwM.exe
  2⤵
  PID:4872
- C:\Windows\System\cRvttFK.exe
  C:\Windows\System\cRvttFK.exe
  2⤵
  PID:8088
- C:\Windows\System\kkqaRqg.exe
  C:\Windows\System\kkqaRqg.exe
  2⤵
  PID:8200
- C:\Windows\System\zLubzqf.exe
  C:\Windows\System\zLubzqf.exe
  2⤵
  PID:8228
- C:\Windows\System\xVvWMxs.exe
  C:\Windows\System\xVvWMxs.exe
  2⤵
  PID:8256
- C:\Windows\System\TYOWDDp.exe
  C:\Windows\System\TYOWDDp.exe
  2⤵
  PID:8284
- C:\Windows\System\XjBUOKk.exe
  C:\Windows\System\XjBUOKk.exe
  2⤵
  PID:8312
- C:\Windows\System\NFPuVjd.exe
  C:\Windows\System\NFPuVjd.exe
  2⤵
  PID:8340
- C:\Windows\System\fBzxYyU.exe
  C:\Windows\System\fBzxYyU.exe
  2⤵
  PID:8368
- C:\Windows\System\DmIjGIx.exe
  C:\Windows\System\DmIjGIx.exe
  2⤵
  PID:8396
- C:\Windows\System\AGjUseO.exe
  C:\Windows\System\AGjUseO.exe
  2⤵
  PID:8424
- C:\Windows\System\xLRSrpS.exe
  C:\Windows\System\xLRSrpS.exe
  2⤵
  PID:8452
- C:\Windows\System\APzAWVJ.exe
  C:\Windows\System\APzAWVJ.exe
  2⤵
  PID:8488
- C:\Windows\System\UXWMCDF.exe
  C:\Windows\System\UXWMCDF.exe
  2⤵
  PID:8508
- C:\Windows\System\mjfXELG.exe
  C:\Windows\System\mjfXELG.exe
  2⤵
  PID:8536
- C:\Windows\System\MtMnThu.exe
  C:\Windows\System\MtMnThu.exe
  2⤵
  PID:8564
- C:\Windows\System\vQdAJho.exe
  C:\Windows\System\vQdAJho.exe
  2⤵
  PID:8596
- C:\Windows\System\cleyizM.exe
  C:\Windows\System\cleyizM.exe
  2⤵
  PID:8624
- C:\Windows\System\keYwlgt.exe
  C:\Windows\System\keYwlgt.exe
  2⤵
  PID:8652
- C:\Windows\System\mfWvkzB.exe
  C:\Windows\System\mfWvkzB.exe
  2⤵
  PID:8680
- C:\Windows\System\oTdFWcf.exe
  C:\Windows\System\oTdFWcf.exe
  2⤵
  PID:8708
- C:\Windows\System\bmdZesD.exe
  C:\Windows\System\bmdZesD.exe
  2⤵
  PID:8752
- C:\Windows\System\BLZjenf.exe
  C:\Windows\System\BLZjenf.exe
  2⤵
  PID:8768
- C:\Windows\System\xLHFyVK.exe
  C:\Windows\System\xLHFyVK.exe
  2⤵
  PID:8796
- C:\Windows\System\zPZddpH.exe
  C:\Windows\System\zPZddpH.exe
  2⤵
  PID:8824
- C:\Windows\System\FnrFZKY.exe
  C:\Windows\System\FnrFZKY.exe
  2⤵
  PID:8856
- C:\Windows\System\OnHxRbw.exe
  C:\Windows\System\OnHxRbw.exe
  2⤵
  PID:8880
- C:\Windows\System\btIEfUO.exe
  C:\Windows\System\btIEfUO.exe
  2⤵
  PID:8908
- C:\Windows\System\BRBzTso.exe
  C:\Windows\System\BRBzTso.exe
  2⤵
  PID:8940
- C:\Windows\System\ctrLjIl.exe
  C:\Windows\System\ctrLjIl.exe
  2⤵
  PID:8972
- C:\Windows\System\jqbZRTm.exe
  C:\Windows\System\jqbZRTm.exe
  2⤵
  PID:9000
- C:\Windows\System\QqyJKWG.exe
  C:\Windows\System\QqyJKWG.exe
  2⤵
  PID:9028
- C:\Windows\System\LiSIeGW.exe
  C:\Windows\System\LiSIeGW.exe
  2⤵
  PID:9056
- C:\Windows\System\rFcMecF.exe
  C:\Windows\System\rFcMecF.exe
  2⤵
  PID:9084
- C:\Windows\System\DryFSXI.exe
  C:\Windows\System\DryFSXI.exe
  2⤵
  PID:9112
- C:\Windows\System\bmvvpXz.exe
  C:\Windows\System\bmvvpXz.exe
  2⤵
  PID:9140
- C:\Windows\System\DQNIljO.exe
  C:\Windows\System\DQNIljO.exe
  2⤵
  PID:9168
- C:\Windows\System\AJIkwpp.exe
  C:\Windows\System\AJIkwpp.exe
  2⤵
  PID:9196
- C:\Windows\System\FfQCqAZ.exe
  C:\Windows\System\FfQCqAZ.exe
  2⤵
  PID:8212
- C:\Windows\System\daogprK.exe
  C:\Windows\System\daogprK.exe
  2⤵
  PID:8276
- C:\Windows\System\kSUXWoU.exe
  C:\Windows\System\kSUXWoU.exe
  2⤵
  PID:8336
- C:\Windows\System\PVUuMPC.exe
  C:\Windows\System\PVUuMPC.exe
  2⤵
  PID:8416
- C:\Windows\System\KTfjTVQ.exe
  C:\Windows\System\KTfjTVQ.exe
  2⤵
  PID:8472
- C:\Windows\System\IgDvkkp.exe
  C:\Windows\System\IgDvkkp.exe
  2⤵
  PID:8532
- C:\Windows\System\jEpyqga.exe
  C:\Windows\System\jEpyqga.exe
  2⤵
  PID:8608
- C:\Windows\System\nNkuSsd.exe
  C:\Windows\System\nNkuSsd.exe
  2⤵
  PID:8672
- C:\Windows\System\gbqFVOl.exe
  C:\Windows\System\gbqFVOl.exe
  2⤵
  PID:8732
- C:\Windows\System\WzWxUFI.exe
  C:\Windows\System\WzWxUFI.exe
  2⤵
  PID:8792
- C:\Windows\System\AXjJKvf.exe
  C:\Windows\System\AXjJKvf.exe
  2⤵
  PID:8868
- C:\Windows\System\ZFZdqCj.exe
  C:\Windows\System\ZFZdqCj.exe
  2⤵
  PID:8928
- C:\Windows\System\Trdtwkh.exe
  C:\Windows\System\Trdtwkh.exe
  2⤵
  PID:9044
- C:\Windows\System\ashOeLm.exe
  C:\Windows\System\ashOeLm.exe
  2⤵
  PID:9076
- C:\Windows\System\Dkgnyji.exe
  C:\Windows\System\Dkgnyji.exe
  2⤵
  PID:9108
- C:\Windows\System\IeuwEJx.exe
  C:\Windows\System\IeuwEJx.exe
  2⤵
  PID:9152
- C:\Windows\System\eGpSmJk.exe
  C:\Windows\System\eGpSmJk.exe
  2⤵
  PID:8252
- C:\Windows\System\fpYYaja.exe
  C:\Windows\System\fpYYaja.exe
  2⤵
  PID:8388
- C:\Windows\System\zgmsaSP.exe
  C:\Windows\System\zgmsaSP.exe
  2⤵
  PID:8528
- C:\Windows\System\uDHQgts.exe
  C:\Windows\System\uDHQgts.exe
  2⤵
  PID:8644
- C:\Windows\System\elFWjIg.exe
  C:\Windows\System\elFWjIg.exe
  2⤵
  PID:8900
- C:\Windows\System\jBKVeNP.exe
  C:\Windows\System\jBKVeNP.exe
  2⤵
  PID:8592
- C:\Windows\System\tixguLz.exe
  C:\Windows\System\tixguLz.exe
  2⤵
  PID:9240
- C:\Windows\System\MYHZxfj.exe
  C:\Windows\System\MYHZxfj.exe
  2⤵
  PID:9280
- C:\Windows\System\cifWOIV.exe
  C:\Windows\System\cifWOIV.exe
  2⤵
  PID:9296
- C:\Windows\System\UXsmvaS.exe
  C:\Windows\System\UXsmvaS.exe
  2⤵
  PID:9340
- C:\Windows\System\FCHTqUI.exe
  C:\Windows\System\FCHTqUI.exe
  2⤵
  PID:9372
- C:\Windows\System\eRpDbwn.exe
  C:\Windows\System\eRpDbwn.exe
  2⤵
  PID:9404
- C:\Windows\System\iqMORIL.exe
  C:\Windows\System\iqMORIL.exe
  2⤵
  PID:9432
- C:\Windows\System\djyKHMU.exe
  C:\Windows\System\djyKHMU.exe
  2⤵
  PID:9460
- C:\Windows\System\wziMcVy.exe
  C:\Windows\System\wziMcVy.exe
  2⤵
  PID:9488
- C:\Windows\System\LWhdFTx.exe
  C:\Windows\System\LWhdFTx.exe
  2⤵
  PID:9516
- C:\Windows\System\ktJmWxt.exe
  C:\Windows\System\ktJmWxt.exe
  2⤵
  PID:9544
- C:\Windows\System\SUnLZhA.exe
  C:\Windows\System\SUnLZhA.exe
  2⤵
  PID:9576
- C:\Windows\System\kfPwgKR.exe
  C:\Windows\System\kfPwgKR.exe
  2⤵
  PID:9604
- C:\Windows\System\VuFGeTf.exe
  C:\Windows\System\VuFGeTf.exe
  2⤵
  PID:9632
- C:\Windows\System\PjRxMzQ.exe
  C:\Windows\System\PjRxMzQ.exe
  2⤵
  PID:9660
- C:\Windows\System\DBrnkFX.exe
  C:\Windows\System\DBrnkFX.exe
  2⤵
  PID:9688
- C:\Windows\System\iEXXRkP.exe
  C:\Windows\System\iEXXRkP.exe
  2⤵
  PID:9716
- C:\Windows\System\ynAQPpL.exe
  C:\Windows\System\ynAQPpL.exe
  2⤵
  PID:9744
- C:\Windows\System\zgqgUQG.exe
  C:\Windows\System\zgqgUQG.exe
  2⤵
  PID:9772
- C:\Windows\System\oaqToTq.exe
  C:\Windows\System\oaqToTq.exe
  2⤵
  PID:9800
- C:\Windows\System\AIZMKCs.exe
  C:\Windows\System\AIZMKCs.exe
  2⤵
  PID:9828
- C:\Windows\System\PieEzUg.exe
  C:\Windows\System\PieEzUg.exe
  2⤵
  PID:9856
- C:\Windows\System\knNSLuJ.exe
  C:\Windows\System\knNSLuJ.exe
  2⤵
  PID:9884
- C:\Windows\System\RBArOcZ.exe
  C:\Windows\System\RBArOcZ.exe
  2⤵
  PID:9912
- C:\Windows\System\LhNeJss.exe
  C:\Windows\System\LhNeJss.exe
  2⤵
  PID:9944
- C:\Windows\System\BQnTRwh.exe
  C:\Windows\System\BQnTRwh.exe
  2⤵
  PID:9972
- C:\Windows\System\OScekfq.exe
  C:\Windows\System\OScekfq.exe
  2⤵
  PID:10000
- C:\Windows\System\yjFWdgZ.exe
  C:\Windows\System\yjFWdgZ.exe
  2⤵
  PID:10028
- C:\Windows\System\sLoRLaD.exe
  C:\Windows\System\sLoRLaD.exe
  2⤵
  PID:10056
- C:\Windows\System\xNnBVnL.exe
  C:\Windows\System\xNnBVnL.exe
  2⤵
  PID:10084
- C:\Windows\System\QJMOhqT.exe
  C:\Windows\System\QJMOhqT.exe
  2⤵
  PID:10112
- C:\Windows\System\FBmmOTZ.exe
  C:\Windows\System\FBmmOTZ.exe
  2⤵
  PID:10140
- C:\Windows\System\PAqOKQC.exe
  C:\Windows\System\PAqOKQC.exe
  2⤵
  PID:10168
- C:\Windows\System\imcVaEF.exe
  C:\Windows\System\imcVaEF.exe
  2⤵
  PID:10196
- C:\Windows\System\yygGHBn.exe
  C:\Windows\System\yygGHBn.exe
  2⤵
  PID:10224
- C:\Windows\System\APhIxZt.exe
  C:\Windows\System\APhIxZt.exe
  2⤵
  PID:9276
- C:\Windows\System\UJediSC.exe
  C:\Windows\System\UJediSC.exe
  2⤵
  PID:9356
- C:\Windows\System\ddfAJRM.exe
  C:\Windows\System\ddfAJRM.exe
  2⤵
  PID:9424
- C:\Windows\System\pBBLHSg.exe
  C:\Windows\System\pBBLHSg.exe
  2⤵
  PID:9484
- C:\Windows\System\BMoTNxl.exe
  C:\Windows\System\BMoTNxl.exe
  2⤵
  PID:9560
- C:\Windows\System\gkGKciw.exe
  C:\Windows\System\gkGKciw.exe
  2⤵
  PID:9620
- C:\Windows\System\PyrcuNm.exe
  C:\Windows\System\PyrcuNm.exe
  2⤵
  PID:9680
- C:\Windows\System\sNywxMl.exe
  C:\Windows\System\sNywxMl.exe
  2⤵
  PID:9740
- C:\Windows\System\dtFoqhP.exe
  C:\Windows\System\dtFoqhP.exe
  2⤵
  PID:9812
- C:\Windows\System\myxVXpA.exe
  C:\Windows\System\myxVXpA.exe
  2⤵
  PID:9876
- C:\Windows\System\wTkdHsc.exe
  C:\Windows\System\wTkdHsc.exe
  2⤵
  PID:9936
- C:\Windows\System\vSLYpVh.exe
  C:\Windows\System\vSLYpVh.exe
  2⤵
  PID:9992
- C:\Windows\System\fbvfQSF.exe
  C:\Windows\System\fbvfQSF.exe
  2⤵
  PID:10072
- C:\Windows\System\URBvTUa.exe
  C:\Windows\System\URBvTUa.exe
  2⤵
  PID:10164
- C:\Windows\System\nNjOxwF.exe
  C:\Windows\System\nNjOxwF.exe
  2⤵
  PID:10208
- C:\Windows\System\AiNMaIB.exe
  C:\Windows\System\AiNMaIB.exe
  2⤵
  PID:9332
- C:\Windows\System\YxXxAuk.exe
  C:\Windows\System\YxXxAuk.exe
  2⤵
  PID:9480
- C:\Windows\System\zmufvkg.exe
  C:\Windows\System\zmufvkg.exe
  2⤵
  PID:9656
- C:\Windows\System\cilhNIS.exe
  C:\Windows\System\cilhNIS.exe
  2⤵
  PID:9792
- C:\Windows\System\XULtiCb.exe
  C:\Windows\System\XULtiCb.exe
  2⤵
  PID:9928
- C:\Windows\System\DYywVzj.exe
  C:\Windows\System\DYywVzj.exe
  2⤵
  PID:10108
- C:\Windows\System\cTSwjaT.exe
  C:\Windows\System\cTSwjaT.exe
  2⤵
  PID:9572
- C:\Windows\System\mXYAfdD.exe
  C:\Windows\System\mXYAfdD.exe
  2⤵
  PID:9904
- C:\Windows\System\Yeuhqbu.exe
  C:\Windows\System\Yeuhqbu.exe
  2⤵
  PID:9644
- C:\Windows\System\hlyjDmr.exe
  C:\Windows\System\hlyjDmr.exe
  2⤵
  PID:10044
- C:\Windows\System\pRjLapa.exe
  C:\Windows\System\pRjLapa.exe
  2⤵
  PID:10244
- C:\Windows\System\YuxEPZD.exe
  C:\Windows\System\YuxEPZD.exe
  2⤵
  PID:10280
- C:\Windows\System\CSQnmSe.exe
  C:\Windows\System\CSQnmSe.exe
  2⤵
  PID:10308
- C:\Windows\System\qppOYNN.exe
  C:\Windows\System\qppOYNN.exe
  2⤵
  PID:10344
- C:\Windows\System\YEShOou.exe
  C:\Windows\System\YEShOou.exe
  2⤵
  PID:10372
- C:\Windows\System\fVWSfsi.exe
  C:\Windows\System\fVWSfsi.exe
  2⤵
  PID:10400
- C:\Windows\System\iGQBXLG.exe
  C:\Windows\System\iGQBXLG.exe
  2⤵
  PID:10428
- C:\Windows\System\TpJhVzZ.exe
  C:\Windows\System\TpJhVzZ.exe
  2⤵
  PID:10456
- C:\Windows\System\NbLuRsQ.exe
  C:\Windows\System\NbLuRsQ.exe
  2⤵
  PID:10488
- C:\Windows\System\wxRVnVj.exe
  C:\Windows\System\wxRVnVj.exe
  2⤵
  PID:10528
- C:\Windows\System\IjTbUsJ.exe
  C:\Windows\System\IjTbUsJ.exe
  2⤵
  PID:10556
- C:\Windows\System\NMTzzGi.exe
  C:\Windows\System\NMTzzGi.exe
  2⤵
  PID:10572
- C:\Windows\System\HASuBSH.exe
  C:\Windows\System\HASuBSH.exe
  2⤵
  PID:10628
- C:\Windows\System\JRwXPGC.exe
  C:\Windows\System\JRwXPGC.exe
  2⤵
  PID:10652
- C:\Windows\System\YQkQWHD.exe
  C:\Windows\System\YQkQWHD.exe
  2⤵
  PID:10680
- C:\Windows\System\XYZZPMO.exe
  C:\Windows\System\XYZZPMO.exe
  2⤵
  PID:10720
- C:\Windows\System\LQmWQxc.exe
  C:\Windows\System\LQmWQxc.exe
  2⤵
  PID:10736
- C:\Windows\System\PVPdrnw.exe
  C:\Windows\System\PVPdrnw.exe
  2⤵
  PID:10764
- C:\Windows\System\OHoedqd.exe
  C:\Windows\System\OHoedqd.exe
  2⤵
  PID:10792
- C:\Windows\System\osjGmaV.exe
  C:\Windows\System\osjGmaV.exe
  2⤵
  PID:10820
- C:\Windows\System\zCgCXlh.exe
  C:\Windows\System\zCgCXlh.exe
  2⤵
  PID:10848
- C:\Windows\System\mYEgozp.exe
  C:\Windows\System\mYEgozp.exe
  2⤵
  PID:10876
- C:\Windows\System\BSQYNtX.exe
  C:\Windows\System\BSQYNtX.exe
  2⤵
  PID:10904
- C:\Windows\System\VmNzjzZ.exe
  C:\Windows\System\VmNzjzZ.exe
  2⤵
  PID:10932
- C:\Windows\System\zOjCujC.exe
  C:\Windows\System\zOjCujC.exe
  2⤵
  PID:10960
- C:\Windows\System\qTXDbzo.exe
  C:\Windows\System\qTXDbzo.exe
  2⤵
  PID:10988
- C:\Windows\System\xUYBfoV.exe
  C:\Windows\System\xUYBfoV.exe
  2⤵
  PID:11016
- C:\Windows\System\yVMSpZz.exe
  C:\Windows\System\yVMSpZz.exe
  2⤵
  PID:11044
- C:\Windows\System\GrBbBmx.exe
  C:\Windows\System\GrBbBmx.exe
  2⤵
  PID:11072
- C:\Windows\System\efxZAkr.exe
  C:\Windows\System\efxZAkr.exe
  2⤵
  PID:11100
- C:\Windows\System\pWTAKHL.exe
  C:\Windows\System\pWTAKHL.exe
  2⤵
  PID:11128
- C:\Windows\System\oULEDZD.exe
  C:\Windows\System\oULEDZD.exe
  2⤵
  PID:11156
- C:\Windows\System\eVzzVHs.exe
  C:\Windows\System\eVzzVHs.exe
  2⤵
  PID:11184
- C:\Windows\System\mqTODGB.exe
  C:\Windows\System\mqTODGB.exe
  2⤵
  PID:11212
- C:\Windows\System\doldaPJ.exe
  C:\Windows\System\doldaPJ.exe
  2⤵
  PID:11240
- C:\Windows\System\NiGBCNy.exe
  C:\Windows\System\NiGBCNy.exe
  2⤵
  PID:8948
- C:\Windows\System\OSxiHzk.exe
  C:\Windows\System\OSxiHzk.exe
  2⤵
  PID:10304
- C:\Windows\System\ZsRVGEa.exe
  C:\Windows\System\ZsRVGEa.exe
  2⤵
  PID:10356
- C:\Windows\System\kJhSUcd.exe
  C:\Windows\System\kJhSUcd.exe
  2⤵
  PID:10420
- C:\Windows\System\sfUTnZf.exe
  C:\Windows\System\sfUTnZf.exe
  2⤵
  PID:10480
- C:\Windows\System\gZKaVeT.exe
  C:\Windows\System\gZKaVeT.exe
  2⤵
  PID:10564
- C:\Windows\System\zlPVCfF.exe
  C:\Windows\System\zlPVCfF.exe
  2⤵
  PID:10624
- C:\Windows\System\quxiLSo.exe
  C:\Windows\System\quxiLSo.exe
  2⤵
  PID:1824
- C:\Windows\System\sEXNVSY.exe
  C:\Windows\System\sEXNVSY.exe
  2⤵
  PID:6244
- C:\Windows\System\FbloJBp.exe
  C:\Windows\System\FbloJBp.exe
  2⤵
  PID:10520
- C:\Windows\System\UHqXIoU.exe
  C:\Windows\System\UHqXIoU.exe
  2⤵
  PID:10776
- C:\Windows\System\JRWdPIS.exe
  C:\Windows\System\JRWdPIS.exe
  2⤵
  PID:10844
- C:\Windows\System\ScvMZNb.exe
  C:\Windows\System\ScvMZNb.exe
  2⤵
  PID:10920
- C:\Windows\System\rvaeJyG.exe
  C:\Windows\System\rvaeJyG.exe
  2⤵
  PID:11004
- C:\Windows\System\cMQxjIt.exe
  C:\Windows\System\cMQxjIt.exe
  2⤵
  PID:11064
- C:\Windows\System\VQRKGWW.exe
  C:\Windows\System\VQRKGWW.exe
  2⤵
  PID:11124
- C:\Windows\System\hUNOTUJ.exe
  C:\Windows\System\hUNOTUJ.exe
  2⤵
  PID:11200
- C:\Windows\System\uCXxeeO.exe
  C:\Windows\System\uCXxeeO.exe
  2⤵
  PID:9728
- C:\Windows\System\sTlpRvD.exe
  C:\Windows\System\sTlpRvD.exe
  2⤵
  PID:10388
- C:\Windows\System\ivzhWBb.exe
  C:\Windows\System\ivzhWBb.exe
  2⤵
  PID:10536
- C:\Windows\System\fHkZulb.exe
  C:\Windows\System\fHkZulb.exe
  2⤵
  PID:2336
- C:\Windows\System\pzsuHwn.exe
  C:\Windows\System\pzsuHwn.exe
  2⤵
  PID:10672
- C:\Windows\System\DCXaOgf.exe
  C:\Windows\System\DCXaOgf.exe
  2⤵
  PID:3924
- C:\Windows\System\EleGDFA.exe
  C:\Windows\System\EleGDFA.exe
  2⤵
  PID:10900
- C:\Windows\System\DjXkwAB.exe
  C:\Windows\System\DjXkwAB.exe
  2⤵
  PID:11092
- C:\Windows\System\BzpCDSy.exe
  C:\Windows\System\BzpCDSy.exe
  2⤵
  PID:11236
- C:\Windows\System\ahdHiBG.exe
  C:\Windows\System\ahdHiBG.exe
  2⤵
  PID:4048
- C:\Windows\System\hTbvXxZ.exe
  C:\Windows\System\hTbvXxZ.exe
  2⤵
  PID:3560
- C:\Windows\System\nudkuMm.exe
  C:\Windows\System\nudkuMm.exe
  2⤵
  PID:3512
- C:\Windows\System\dYgBWcG.exe
  C:\Windows\System\dYgBWcG.exe
  2⤵
  PID:10896
- C:\Windows\System\iRMhhTt.exe
  C:\Windows\System\iRMhhTt.exe
  2⤵
  PID:4396
- C:\Windows\System\dOUCPJo.exe
  C:\Windows\System\dOUCPJo.exe
  2⤵
  PID:10448
- C:\Windows\System\DjHZumQ.exe
  C:\Windows\System\DjHZumQ.exe
  2⤵
  PID:1992
- C:\Windows\System\XChrpwp.exe
  C:\Windows\System\XChrpwp.exe
  2⤵
  PID:3804
- C:\Windows\System\wpUFMCp.exe
  C:\Windows\System\wpUFMCp.exe
  2⤵
  PID:2624
- C:\Windows\System\LPtCxZN.exe
  C:\Windows\System\LPtCxZN.exe
  2⤵
  PID:11280
- C:\Windows\System\tbfMejq.exe
  C:\Windows\System\tbfMejq.exe
  2⤵
  PID:11308
- C:\Windows\System\YGiMdkG.exe
  C:\Windows\System\YGiMdkG.exe
  2⤵
  PID:11336
- C:\Windows\System\OhKsxEq.exe
  C:\Windows\System\OhKsxEq.exe
  2⤵
  PID:11364
- C:\Windows\System\BZDgEVu.exe
  C:\Windows\System\BZDgEVu.exe
  2⤵
  PID:11392
- C:\Windows\System\QDmXzvS.exe
  C:\Windows\System\QDmXzvS.exe
  2⤵
  PID:11420
- C:\Windows\System\iBLdRlw.exe
  C:\Windows\System\iBLdRlw.exe
  2⤵
  PID:11448
- C:\Windows\System\JdhzZlJ.exe
  C:\Windows\System\JdhzZlJ.exe
  2⤵
  PID:11476
- C:\Windows\System\GIyUagD.exe
  C:\Windows\System\GIyUagD.exe
  2⤵
  PID:11504
- C:\Windows\System\nvfMDhE.exe
  C:\Windows\System\nvfMDhE.exe
  2⤵
  PID:11532
- C:\Windows\System\disycMt.exe
  C:\Windows\System\disycMt.exe
  2⤵
  PID:11560
- C:\Windows\System\BrntTuZ.exe
  C:\Windows\System\BrntTuZ.exe
  2⤵
  PID:11588
- C:\Windows\System\WMJzEax.exe
  C:\Windows\System\WMJzEax.exe
  2⤵
  PID:11616
- C:\Windows\System\PdHsQGV.exe
  C:\Windows\System\PdHsQGV.exe
  2⤵
  PID:11648
- C:\Windows\System\xSairoV.exe
  C:\Windows\System\xSairoV.exe
  2⤵
  PID:11676
- C:\Windows\System\kCcuOYZ.exe
  C:\Windows\System\kCcuOYZ.exe
  2⤵
  PID:11704
- C:\Windows\System\eCpnlCB.exe
  C:\Windows\System\eCpnlCB.exe
  2⤵
  PID:11740
- C:\Windows\System\tOJogVk.exe
  C:\Windows\System\tOJogVk.exe
  2⤵
  PID:11760
- C:\Windows\System\sqJXTsx.exe
  C:\Windows\System\sqJXTsx.exe
  2⤵
  PID:11788
- C:\Windows\System\tntydHv.exe
  C:\Windows\System\tntydHv.exe
  2⤵
  PID:11816
- C:\Windows\System\VIHBRVo.exe
  C:\Windows\System\VIHBRVo.exe
  2⤵
  PID:11844
- C:\Windows\System\ECgvQFJ.exe
  C:\Windows\System\ECgvQFJ.exe
  2⤵
  PID:11872
- C:\Windows\System\JcmVoVc.exe
  C:\Windows\System\JcmVoVc.exe
  2⤵
  PID:11900
- C:\Windows\System\dElBPQT.exe
  C:\Windows\System\dElBPQT.exe
  2⤵
  PID:11928
- C:\Windows\System\DAthwXR.exe
  C:\Windows\System\DAthwXR.exe
  2⤵
  PID:11956
- C:\Windows\System\mkrzbPI.exe
  C:\Windows\System\mkrzbPI.exe
  2⤵
  PID:11984
- C:\Windows\System\XJBISQn.exe
  C:\Windows\System\XJBISQn.exe
  2⤵
  PID:12012
- C:\Windows\System\yKAXAXm.exe
  C:\Windows\System\yKAXAXm.exe
  2⤵
  PID:12040
- C:\Windows\System\aecbOBG.exe
  C:\Windows\System\aecbOBG.exe
  2⤵
  PID:12068
- C:\Windows\System\DkmEaLf.exe
  C:\Windows\System\DkmEaLf.exe
  2⤵
  PID:12096
- C:\Windows\System\RUsCXPY.exe
  C:\Windows\System\RUsCXPY.exe
  2⤵
  PID:12124
- C:\Windows\System\PMkLlvo.exe
  C:\Windows\System\PMkLlvo.exe
  2⤵
  PID:12152
- C:\Windows\System\bpJsKZl.exe
  C:\Windows\System\bpJsKZl.exe
  2⤵
  PID:12180
- C:\Windows\System\lahTDzM.exe
  C:\Windows\System\lahTDzM.exe
  2⤵
  PID:12208
- C:\Windows\System\pDoQtGF.exe
  C:\Windows\System\pDoQtGF.exe
  2⤵
  PID:12236
- C:\Windows\System\lINKuOV.exe
  C:\Windows\System\lINKuOV.exe
  2⤵
  PID:12264
- C:\Windows\System\MvaqgsL.exe
  C:\Windows\System\MvaqgsL.exe
  2⤵
  PID:11272
- C:\Windows\System\xxWLRfI.exe
  C:\Windows\System\xxWLRfI.exe
  2⤵
  PID:11304
- C:\Windows\System\aetPUvF.exe
  C:\Windows\System\aetPUvF.exe
  2⤵
  PID:11376
- C:\Windows\System\gDHhCDz.exe
  C:\Windows\System\gDHhCDz.exe
  2⤵
  PID:11436
- C:\Windows\System\wqWRhMk.exe
  C:\Windows\System\wqWRhMk.exe
  2⤵
  PID:11500
- C:\Windows\System\jrmMyLt.exe
  C:\Windows\System\jrmMyLt.exe
  2⤵
  PID:11572
- C:\Windows\System\xCOiryR.exe
  C:\Windows\System\xCOiryR.exe
  2⤵
  PID:11640
- C:\Windows\System\ggGpWJR.exe
  C:\Windows\System\ggGpWJR.exe
  2⤵
  PID:924
- C:\Windows\System\migggNK.exe
  C:\Windows\System\migggNK.exe
  2⤵
  PID:11748
- C:\Windows\System\FqSvjKb.exe
  C:\Windows\System\FqSvjKb.exe
  2⤵
  PID:11784
- C:\Windows\System\oPlPXuQ.exe
  C:\Windows\System\oPlPXuQ.exe
  2⤵
  PID:11856
- C:\Windows\System\HSSCgmV.exe
  C:\Windows\System\HSSCgmV.exe
  2⤵
  PID:11912
- C:\Windows\System\SSDtLRN.exe
  C:\Windows\System\SSDtLRN.exe
  2⤵
  PID:1192
- C:\Windows\System\pZzKWOp.exe
  C:\Windows\System\pZzKWOp.exe
  2⤵
  PID:12004
- C:\Windows\System\NmJZgNW.exe
  C:\Windows\System\NmJZgNW.exe
  2⤵
  PID:12088
- C:\Windows\System\eLFcYpv.exe
  C:\Windows\System\eLFcYpv.exe
  2⤵
  PID:12144
- C:\Windows\System\RhTseLJ.exe
  C:\Windows\System\RhTseLJ.exe
  2⤵
  PID:12200
- C:\Windows\System\ZvmzHII.exe
  C:\Windows\System\ZvmzHII.exe
  2⤵
  PID:12256
- C:\Windows\System\ORlQswN.exe
  C:\Windows\System\ORlQswN.exe
  2⤵
  PID:4132
- C:\Windows\System\UNBYWty.exe
  C:\Windows\System\UNBYWty.exe
  2⤵
  PID:11360
- C:\Windows\System\ruuDrGu.exe
  C:\Windows\System\ruuDrGu.exe
  2⤵
  PID:11528
- C:\Windows\System\RpxVGrN.exe
  C:\Windows\System\RpxVGrN.exe
  2⤵
  PID:11672
- C:\Windows\System\joPpmmb.exe
  C:\Windows\System\joPpmmb.exe
  2⤵
  PID:4044
- C:\Windows\System\YLAqMGm.exe
  C:\Windows\System\YLAqMGm.exe
  2⤵
  PID:11968
- C:\Windows\System\RORxmKU.exe
  C:\Windows\System\RORxmKU.exe
  2⤵
  PID:12060
- C:\Windows\System\iisPrxA.exe
  C:\Windows\System\iisPrxA.exe
  2⤵
  PID:12176
- C:\Windows\System\KrZqVIM.exe
  C:\Windows\System\KrZqVIM.exe
  2⤵
  PID:3700
- C:\Windows\System\vllfZTC.exe
  C:\Windows\System\vllfZTC.exe
  2⤵
  PID:11612
- C:\Windows\System\NuUZWeh.exe
  C:\Windows\System\NuUZWeh.exe
  2⤵
  PID:11840
- C:\Windows\System\MgqQdUb.exe
  C:\Windows\System\MgqQdUb.exe
  2⤵
  PID:12032
- C:\Windows\System\YrQQpzp.exe
  C:\Windows\System\YrQQpzp.exe
  2⤵
  PID:11356
- C:\Windows\System\AAYsFFE.exe
  C:\Windows\System\AAYsFFE.exe
  2⤵
  PID:3388
- C:\Windows\System\vqBejPa.exe
  C:\Windows\System\vqBejPa.exe
  2⤵
  PID:4572
- C:\Windows\System\sbYpbQa.exe
  C:\Windows\System\sbYpbQa.exe
  2⤵
  PID:2016
- C:\Windows\System\FKyUflY.exe
  C:\Windows\System\FKyUflY.exe
  2⤵
  PID:12304
- C:\Windows\System\UcymHsB.exe
  C:\Windows\System\UcymHsB.exe
  2⤵
  PID:12332
- C:\Windows\System\GfLLXqo.exe
  C:\Windows\System\GfLLXqo.exe
  2⤵
  PID:12360
- C:\Windows\System\EiuTCPs.exe
  C:\Windows\System\EiuTCPs.exe
  2⤵
  PID:12388
- C:\Windows\System\QOuFEWy.exe
  C:\Windows\System\QOuFEWy.exe
  2⤵
  PID:12416
- C:\Windows\System\ESrlZmZ.exe
  C:\Windows\System\ESrlZmZ.exe
  2⤵
  PID:12444
- C:\Windows\System\yzuWaPx.exe
  C:\Windows\System\yzuWaPx.exe
  2⤵
  PID:12472
- C:\Windows\System\wAWEeSh.exe
  C:\Windows\System\wAWEeSh.exe
  2⤵
  PID:12500
- C:\Windows\System\PnJvtYp.exe
  C:\Windows\System\PnJvtYp.exe
  2⤵
  PID:12528
- C:\Windows\System\tWLGnhS.exe
  C:\Windows\System\tWLGnhS.exe
  2⤵
  PID:12556
- C:\Windows\System\FrdQWPM.exe
  C:\Windows\System\FrdQWPM.exe
  2⤵
  PID:12584
- C:\Windows\System\qdGVAIF.exe
  C:\Windows\System\qdGVAIF.exe
  2⤵
  PID:12612
- C:\Windows\System\brqTgMZ.exe
  C:\Windows\System\brqTgMZ.exe
  2⤵
  PID:12640
- C:\Windows\System\EcoCVZQ.exe
  C:\Windows\System\EcoCVZQ.exe
  2⤵
  PID:12668
- C:\Windows\System\eUgVRHK.exe
  C:\Windows\System\eUgVRHK.exe
  2⤵
  PID:12696
- C:\Windows\System\NpoHAph.exe
  C:\Windows\System\NpoHAph.exe
  2⤵
  PID:12724
- C:\Windows\System\FAJwYlG.exe
  C:\Windows\System\FAJwYlG.exe
  2⤵
  PID:12748
- C:\Windows\System\OvRgaYU.exe
  C:\Windows\System\OvRgaYU.exe
  2⤵
  PID:12780
- C:\Windows\System\GoOYrGQ.exe
  C:\Windows\System\GoOYrGQ.exe
  2⤵
  PID:12808
- C:\Windows\System\czYeRrw.exe
  C:\Windows\System\czYeRrw.exe
  2⤵
  PID:12836
- C:\Windows\System\PaqcFcu.exe
  C:\Windows\System\PaqcFcu.exe
  2⤵
  PID:12864
- C:\Windows\System\GrbQmhz.exe
  C:\Windows\System\GrbQmhz.exe
  2⤵
  PID:12892
- C:\Windows\System\ofDbdJa.exe
  C:\Windows\System\ofDbdJa.exe
  2⤵
  PID:12920
- C:\Windows\System\MhBluNC.exe
  C:\Windows\System\MhBluNC.exe
  2⤵
  PID:12944
- C:\Windows\System\sFwnJsU.exe
  C:\Windows\System\sFwnJsU.exe
  2⤵
  PID:12976
- C:\Windows\System\zRLFhKD.exe
  C:\Windows\System\zRLFhKD.exe
  2⤵
  PID:13004
- C:\Windows\System\VnZNHrB.exe
  C:\Windows\System\VnZNHrB.exe
  2⤵
  PID:13032
- C:\Windows\System\GOasdHg.exe
  C:\Windows\System\GOasdHg.exe
  2⤵
  PID:13060
- C:\Windows\System\NfGupRR.exe
  C:\Windows\System\NfGupRR.exe
  2⤵
  PID:13088
- C:\Windows\System\rPPtjMZ.exe
  C:\Windows\System\rPPtjMZ.exe
  2⤵
  PID:13116
- C:\Windows\System\eIIaoTN.exe
  C:\Windows\System\eIIaoTN.exe
  2⤵
  PID:13144
- C:\Windows\System\kNYitQt.exe
  C:\Windows\System\kNYitQt.exe
  2⤵
  PID:13172
- C:\Windows\System\LFuTBic.exe
  C:\Windows\System\LFuTBic.exe
  2⤵
  PID:13200
- C:\Windows\System\FAvWxZv.exe
  C:\Windows\System\FAvWxZv.exe
  2⤵
  PID:13228
- C:\Windows\System\ZmZrgDf.exe
  C:\Windows\System\ZmZrgDf.exe
  2⤵
  PID:13256
- C:\Windows\System\gOCWOCH.exe
  C:\Windows\System\gOCWOCH.exe
  2⤵
  PID:13284
- C:\Windows\System\mCoIBvU.exe
  C:\Windows\System\mCoIBvU.exe
  2⤵
  PID:11996
- C:\Windows\System\EEJCvcg.exe
  C:\Windows\System\EEJCvcg.exe
  2⤵
  PID:12352
- C:\Windows\System\AbQKFlJ.exe
  C:\Windows\System\AbQKFlJ.exe
  2⤵
  PID:12412
- C:\Windows\System\XNfTnIm.exe
  C:\Windows\System\XNfTnIm.exe
  2⤵
  PID:12484
- C:\Windows\System\GDRuGrV.exe
  C:\Windows\System\GDRuGrV.exe
  2⤵
  PID:12548
- C:\Windows\System\pzvWABh.exe
  C:\Windows\System\pzvWABh.exe
  2⤵
  PID:12608
- C:\Windows\System\sCnEMOp.exe
  C:\Windows\System\sCnEMOp.exe
  2⤵
  PID:12684
- C:\Windows\System\YSXcRwm.exe
  C:\Windows\System\YSXcRwm.exe
  2⤵
  PID:12732
- C:\Windows\System\UKiKhNf.exe
  C:\Windows\System\UKiKhNf.exe
  2⤵
  PID:12804
- C:\Windows\System\FOFiRTn.exe
  C:\Windows\System\FOFiRTn.exe
  2⤵
  PID:12876
- C:\Windows\System\CVYzYep.exe
  C:\Windows\System\CVYzYep.exe
  2⤵
  PID:12936
- C:\Windows\System\NMFgaop.exe
  C:\Windows\System\NMFgaop.exe
  2⤵
  PID:13000
- C:\Windows\System\wwuLkUj.exe
  C:\Windows\System\wwuLkUj.exe
  2⤵
  PID:13072
- C:\Windows\System\kiYwxho.exe
  C:\Windows\System\kiYwxho.exe
  2⤵
  PID:13136
- C:\Windows\System\UzNhnXz.exe
  C:\Windows\System\UzNhnXz.exe
  2⤵
  PID:13196
- C:\Windows\System\vJuapDy.exe
  C:\Windows\System\vJuapDy.exe
  2⤵
  PID:13268
- C:\Windows\System\nuioqpV.exe
  C:\Windows\System\nuioqpV.exe
  2⤵
  PID:12328
- C:\Windows\System\LhpYtHK.exe
  C:\Windows\System\LhpYtHK.exe
  2⤵
  PID:12468
- C:\Windows\System\cVHtvtc.exe
  C:\Windows\System\cVHtvtc.exe
  2⤵
  PID:12636
- C:\Windows\System\wjkTGRt.exe
  C:\Windows\System\wjkTGRt.exe
  2⤵
  PID:12796
- C:\Windows\System\xZaVQbZ.exe
  C:\Windows\System\xZaVQbZ.exe
  2⤵
  PID:12940
- C:\Windows\System\wMGQrjo.exe
  C:\Windows\System\wMGQrjo.exe
  2⤵
  PID:13168
- C:\Windows\System\mDDXQXy.exe
  C:\Windows\System\mDDXQXy.exe
  2⤵
  PID:13252
- C:\Windows\System\TeutKOH.exe
  C:\Windows\System\TeutKOH.exe
  2⤵
  PID:12540
- C:\Windows\System\rKunNud.exe
  C:\Windows\System\rKunNud.exe
  2⤵
  PID:12908
- C:\Windows\System\WDnIUjx.exe
  C:\Windows\System\WDnIUjx.exe
  2⤵
  PID:13248
- C:\Windows\System\dSrhrEC.exe
  C:\Windows\System\dSrhrEC.exe
  2⤵
  PID:12860
- C:\Windows\System\GlquDEM.exe
  C:\Windows\System\GlquDEM.exe
  2⤵
  PID:13224
- C:\Windows\System\pqpgsnH.exe
  C:\Windows\System\pqpgsnH.exe
  2⤵
  PID:13332
- C:\Windows\System\gPaYmmN.exe
  C:\Windows\System\gPaYmmN.exe
  2⤵
  PID:13360
- C:\Windows\System\YXwgbKu.exe
  C:\Windows\System\YXwgbKu.exe
  2⤵
  PID:13388
- C:\Windows\System\hMjKyHr.exe
  C:\Windows\System\hMjKyHr.exe
  2⤵
  PID:13416
- C:\Windows\System\WfayoYU.exe
  C:\Windows\System\WfayoYU.exe
  2⤵
  PID:13444
- C:\Windows\System\SsYGNjU.exe
  C:\Windows\System\SsYGNjU.exe
  2⤵
  PID:13472
- C:\Windows\System\FHBViLn.exe
  C:\Windows\System\FHBViLn.exe
  2⤵
  PID:13500
- C:\Windows\System\fxMzYxr.exe
  C:\Windows\System\fxMzYxr.exe
  2⤵
  PID:13528
- C:\Windows\System\pTSVZmc.exe
  C:\Windows\System\pTSVZmc.exe
  2⤵
  PID:13556
- C:\Windows\System\XwdWxBE.exe
  C:\Windows\System\XwdWxBE.exe
  2⤵
  PID:13584
- C:\Windows\System\fWpoTfQ.exe
  C:\Windows\System\fWpoTfQ.exe
  2⤵
  PID:13612
- C:\Windows\System\rodbRxK.exe
  C:\Windows\System\rodbRxK.exe
  2⤵
  PID:13640
- C:\Windows\System\kWGekDH.exe
  C:\Windows\System\kWGekDH.exe
  2⤵
  PID:13668
- C:\Windows\System\bHZbrUB.exe
  C:\Windows\System\bHZbrUB.exe
  2⤵
  PID:13696
- C:\Windows\System\TfWGbnA.exe
  C:\Windows\System\TfWGbnA.exe
  2⤵
  PID:13724
- C:\Windows\System\gtyyDQW.exe
  C:\Windows\System\gtyyDQW.exe
  2⤵
  PID:13752
- C:\Windows\System\MYtPXzE.exe
  C:\Windows\System\MYtPXzE.exe
  2⤵
  PID:13780
- C:\Windows\System\tTXZqPC.exe
  C:\Windows\System\tTXZqPC.exe
  2⤵
  PID:13808
- C:\Windows\System\MGyuhRo.exe
  C:\Windows\System\MGyuhRo.exe
  2⤵
  PID:13836
- C:\Windows\System\WOpONkX.exe
  C:\Windows\System\WOpONkX.exe
  2⤵
  PID:13864
- C:\Windows\System\QJOabUL.exe
  C:\Windows\System\QJOabUL.exe
  2⤵
  PID:13892
- C:\Windows\System\jjzrOtL.exe
  C:\Windows\System\jjzrOtL.exe
  2⤵
  PID:13920
- C:\Windows\System\OwsrVTm.exe
  C:\Windows\System\OwsrVTm.exe
  2⤵
  PID:13948
- C:\Windows\System\iHvhaWm.exe
  C:\Windows\System\iHvhaWm.exe
  2⤵
  PID:13976
- C:\Windows\System\nOKZcoD.exe
  C:\Windows\System\nOKZcoD.exe
  2⤵
  PID:14004
- C:\Windows\System\NBlRsMA.exe
  C:\Windows\System\NBlRsMA.exe
  2⤵
  PID:14032
- C:\Windows\System\gqDxpAb.exe
  C:\Windows\System\gqDxpAb.exe
  2⤵
  PID:14060
- C:\Windows\System\fUFFFUk.exe
  C:\Windows\System\fUFFFUk.exe
  2⤵
  PID:14088
- C:\Windows\System\vAzKtXN.exe
  C:\Windows\System\vAzKtXN.exe
  2⤵
  PID:14116
- C:\Windows\System\NWbzvno.exe
  C:\Windows\System\NWbzvno.exe
  2⤵
  PID:14144
- C:\Windows\System\sFzzKJe.exe
  C:\Windows\System\sFzzKJe.exe
  2⤵
  PID:14172
- C:\Windows\System\eFVtxJb.exe
  C:\Windows\System\eFVtxJb.exe
  2⤵
  PID:14200
- C:\Windows\System\pfIIMrn.exe
  C:\Windows\System\pfIIMrn.exe
  2⤵
  PID:14228
- C:\Windows\System\xGzlnfI.exe
  C:\Windows\System\xGzlnfI.exe
  2⤵
  PID:14264
- C:\Windows\System\QTDXuNr.exe
  C:\Windows\System\QTDXuNr.exe
  2⤵
  PID:14292
- C:\Windows\System\xMDobDI.exe
  C:\Windows\System\xMDobDI.exe
  2⤵
  PID:14320
- C:\Windows\System\BtWkjTp.exe
  C:\Windows\System\BtWkjTp.exe
  2⤵
  PID:13344
- C:\Windows\System\tUpHWwP.exe
  C:\Windows\System\tUpHWwP.exe
  2⤵
  PID:5284
- C:\Windows\System\uRBFgIj.exe
  C:\Windows\System\uRBFgIj.exe
  2⤵
  PID:13456
- C:\Windows\System\LHLVLlW.exe
  C:\Windows\System\LHLVLlW.exe
  2⤵
  PID:13520
- C:\Windows\System\FjiWXti.exe
  C:\Windows\System\FjiWXti.exe
  2⤵
  PID:13580
- C:\Windows\System\EWzNUvJ.exe
  C:\Windows\System\EWzNUvJ.exe
  2⤵
  PID:13652
- C:\Windows\System\coeZoqq.exe
  C:\Windows\System\coeZoqq.exe
  2⤵
  PID:436
- C:\Windows\System\HfsupsK.exe
  C:\Windows\System\HfsupsK.exe
  2⤵
  PID:13708
- C:\Windows\System\cjtKuot.exe
  C:\Windows\System\cjtKuot.exe
  2⤵
  PID:13772
- C:\Windows\System\oaaNwYJ.exe
  C:\Windows\System\oaaNwYJ.exe
  2⤵
  PID:13832
- C:\Windows\System\DkSOnKT.exe
  C:\Windows\System\DkSOnKT.exe
  2⤵
  PID:13904
- C:\Windows\System\nvvgWTy.exe
  C:\Windows\System\nvvgWTy.exe
  2⤵
  PID:13968
- C:\Windows\System\NKZPCtt.exe
  C:\Windows\System\NKZPCtt.exe
  2⤵
  PID:14044
- C:\Windows\System\GqaDAXO.exe
  C:\Windows\System\GqaDAXO.exe
  2⤵
  PID:14100
- C:\Windows\System\rtffUgq.exe
  C:\Windows\System\rtffUgq.exe
  2⤵
  PID:5836
- C:\Windows\System\lQpUvOz.exe
  C:\Windows\System\lQpUvOz.exe
  2⤵
  PID:14196
- C:\Windows\System\RaXxGmQ.exe
  C:\Windows\System\RaXxGmQ.exe
  2⤵
  PID:14240
- C:\Windows\System\yHUzpuR.exe
  C:\Windows\System\yHUzpuR.exe
  2⤵
  PID:14288
- C:\Windows\System\AYOBGOT.exe
  C:\Windows\System\AYOBGOT.exe
  2⤵
  PID:13400
- C:\Windows\System\DKYuUog.exe
  C:\Windows\System\DKYuUog.exe
  2⤵
  PID:13548
- C:\Windows\System\YJUJRHh.exe
  C:\Windows\System\YJUJRHh.exe
  2⤵
  PID:3024
- C:\Windows\System\fQdvZTr.exe
  C:\Windows\System\fQdvZTr.exe
  2⤵
  PID:6324
- C:\Windows\System\gRpguUA.exe
  C:\Windows\System\gRpguUA.exe
  2⤵
  PID:14080
- C:\Windows\System\OOvPZGi.exe
  C:\Windows\System\OOvPZGi.exe
  2⤵
  PID:14224
- C:\Windows\System\squoxwa.exe
  C:\Windows\System\squoxwa.exe
  2⤵
  PID:13496
- C:\Windows\System\klnFkrO.exe
  C:\Windows\System\klnFkrO.exe
  2⤵
  PID:13860
- C:\Windows\System\vDrIOCs.exe
  C:\Windows\System\vDrIOCs.exe
  2⤵
  PID:10808
- C:\Windows\System\rpOSklP.exe
  C:\Windows\System\rpOSklP.exe
  2⤵
  PID:10788
- C:\Windows\System\QaOlSyE.exe
  C:\Windows\System\QaOlSyE.exe
  2⤵
  PID:14312
- C:\Windows\System\jxtcowL.exe
  C:\Windows\System\jxtcowL.exe
  2⤵
  PID:10972
- C:\Windows\System\dtLUQbx.exe
  C:\Windows\System\dtLUQbx.exe
  2⤵
  PID:13764
- C:\Windows\System\vSNfFdK.exe
  C:\Windows\System\vSNfFdK.exe
  2⤵
  PID:14348
- C:\Windows\System\KKhKEac.exe
  C:\Windows\System\KKhKEac.exe
  2⤵
  PID:14364
- C:\Windows\System\VRrQvmC.exe
  C:\Windows\System\VRrQvmC.exe
  2⤵
  PID:14404
- C:\Windows\System\BOcAsQx.exe
  C:\Windows\System\BOcAsQx.exe
  2⤵
  PID:14432
- C:\Windows\System\QrKJyMR.exe
  C:\Windows\System\QrKJyMR.exe
  2⤵
  PID:14464
- C:\Windows\System\waDjQxi.exe
  C:\Windows\System\waDjQxi.exe
  2⤵
  PID:14492
- C:\Windows\System\oITQXSc.exe
  C:\Windows\System\oITQXSc.exe
  2⤵
  PID:14520
- C:\Windows\System\ejciwGe.exe
  C:\Windows\System\ejciwGe.exe
  2⤵
  PID:14548
- C:\Windows\System\MGdWBEa.exe
  C:\Windows\System\MGdWBEa.exe
  2⤵
  PID:14576
- C:\Windows\System\zepnazh.exe
  C:\Windows\System\zepnazh.exe
  2⤵
  PID:14604
- C:\Windows\System\vHaALCy.exe
  C:\Windows\System\vHaALCy.exe
  2⤵
  PID:14632
- C:\Windows\System\IOZDXok.exe
  C:\Windows\System\IOZDXok.exe
  2⤵
  PID:14668
- C:\Windows\System\NvTfSPE.exe
  C:\Windows\System\NvTfSPE.exe
  2⤵
  PID:14696
- C:\Windows\System\IEWrIbB.exe
  C:\Windows\System\IEWrIbB.exe
  2⤵
  PID:14724
- C:\Windows\System\WRxxdSV.exe
  C:\Windows\System\WRxxdSV.exe
  2⤵
  PID:14752
- C:\Windows\System\UVOvErh.exe
  C:\Windows\System\UVOvErh.exe
  2⤵
  PID:14780
- C:\Windows\System\gtMOLfe.exe
  C:\Windows\System\gtMOLfe.exe
  2⤵
  PID:14808
- C:\Windows\System\LhtKRIl.exe
  C:\Windows\System\LhtKRIl.exe
  2⤵
  PID:14840
- C:\Windows\System\bOAGFnN.exe
  C:\Windows\System\bOAGFnN.exe
  2⤵
  PID:14872
- C:\Windows\System\cFSoTOk.exe
  C:\Windows\System\cFSoTOk.exe
  2⤵
  PID:14908
- C:\Windows\System\vWsPmTr.exe
  C:\Windows\System\vWsPmTr.exe
  2⤵
  PID:14932
- C:\Windows\System\HzdHCVI.exe
  C:\Windows\System\HzdHCVI.exe
  2⤵
  PID:14956
- C:\Windows\System\hNibYaZ.exe
  C:\Windows\System\hNibYaZ.exe
  2⤵
  PID:14988
- C:\Windows\System\KfwLbgp.exe
  C:\Windows\System\KfwLbgp.exe
  2⤵
  PID:15024
- C:\Windows\System\cLVfjTy.exe
  C:\Windows\System\cLVfjTy.exe
  2⤵
  PID:15044
- C:\Windows\System\XLrttij.exe
  C:\Windows\System\XLrttij.exe
  2⤵
  PID:15088
- C:\Windows\System\sYcCgbq.exe
  C:\Windows\System\sYcCgbq.exe
  2⤵
  PID:15116
- C:\Windows\System\ShMgCni.exe
  C:\Windows\System\ShMgCni.exe
  2⤵
  PID:15152
- C:\Windows\System\GAtSyxn.exe
  C:\Windows\System\GAtSyxn.exe
  2⤵
  PID:15168
- C:\Windows\System\emFiXdU.exe
  C:\Windows\System\emFiXdU.exe
  2⤵
  PID:15268
- C:\Windows\System\WoHwqCj.exe
  C:\Windows\System\WoHwqCj.exe
  2⤵
  PID:15296
- C:\Windows\System\qoqdfig.exe
  C:\Windows\System\qoqdfig.exe
  2⤵
  PID:15352
- C:\Windows\System\UlfZBDN.exe
  C:\Windows\System\UlfZBDN.exe
  2⤵
  PID:14356
- C:\Windows\System\lZFzQuo.exe
  C:\Windows\System\lZFzQuo.exe
  2⤵
  PID:14420
- C:\Windows\System\fmsWXia.exe
  C:\Windows\System\fmsWXia.exe
  2⤵
  PID:14452
- C:\Windows\System\qGZebBH.exe
  C:\Windows\System\qGZebBH.exe
  2⤵
  PID:14540
- C:\Windows\System\jHlxJxY.exe
  C:\Windows\System\jHlxJxY.exe
  2⤵
  PID:14596
- C:\Windows\System\CDmBEJF.exe
  C:\Windows\System\CDmBEJF.exe
  2⤵
  PID:14680
- C:\Windows\System\eCYFbDU.exe
  C:\Windows\System\eCYFbDU.exe
  2⤵
  PID:14736
- C:\Windows\System\UdooyWX.exe
  C:\Windows\System\UdooyWX.exe
  2⤵
  PID:14792
- C:\Windows\System\sPmpItZ.exe
  C:\Windows\System\sPmpItZ.exe
  2⤵
  PID:14836
- C:\Windows\System\nEEnZmF.exe
  C:\Windows\System\nEEnZmF.exe
  2⤵
  PID:4716
- C:\Windows\System\nMkDiHh.exe
  C:\Windows\System\nMkDiHh.exe
  2⤵
  PID:14896
- C:\Windows\System\WuUowCW.exe
  C:\Windows\System\WuUowCW.exe
  2⤵
  PID:14952
- C:\Windows\System\npDHdkS.exe
  C:\Windows\System\npDHdkS.exe
  2⤵
  PID:15008
- C:\Windows\System\raMrOBD.exe
  C:\Windows\System\raMrOBD.exe
  2⤵
  PID:15036
- C:\Windows\System\ejQhDgY.exe
  C:\Windows\System\ejQhDgY.exe
  2⤵
  PID:15100
- C:\Windows\System\gYvCbXf.exe
  C:\Windows\System\gYvCbXf.exe
  2⤵
  PID:15164
- C:\Windows\System\kTTSAcN.exe
  C:\Windows\System\kTTSAcN.exe
  2⤵
  PID:15256
- C:\Windows\System\NCWYGWH.exe
  C:\Windows\System\NCWYGWH.exe
  2⤵
  PID:15204
- C:\Windows\System\HuYmQht.exe
  C:\Windows\System\HuYmQht.exe
  2⤵
  PID:4728
- C:\Windows\System\EhsdTjT.exe
  C:\Windows\System\EhsdTjT.exe
  2⤵
  PID:2240
- C:\Windows\System\RdiwABL.exe
  C:\Windows\System\RdiwABL.exe
  2⤵
  PID:4904
- C:\Windows\System\draZykY.exe
  C:\Windows\System\draZykY.exe
  2⤵
  PID:14940
- C:\Windows\System\nztUFbc.exe
  C:\Windows\System\nztUFbc.exe
  2⤵
  PID:15064
- C:\Windows\System\nLszrgN.exe
  C:\Windows\System\nLszrgN.exe
  2⤵
  PID:7088
- C:\Windows\System\ZHccXFW.exe
  C:\Windows\System\ZHccXFW.exe
  2⤵
  PID:7016
- C:\Windows\System\CWyYkJz.exe
  C:\Windows\System\CWyYkJz.exe
  2⤵
  PID:6628
- C:\Windows\System\AaPyqbO.exe
  C:\Windows\System\AaPyqbO.exe
  2⤵
  PID:6808
- C:\Windows\System\scPPDKK.exe
  C:\Windows\System\scPPDKK.exe
  2⤵
  PID:6924
- C:\Windows\System\PMCLdrN.exe
  C:\Windows\System\PMCLdrN.exe
  2⤵
  PID:6996
- C:\Windows\System\YzgXJwI.exe
  C:\Windows\System\YzgXJwI.exe
  2⤵
  PID:15292
- C:\Windows\System\kHUNkDg.exe
  C:\Windows\System\kHUNkDg.exe
  2⤵
  PID:2220
- C:\Windows\System\ovHrPzj.exe
  C:\Windows\System\ovHrPzj.exe
  2⤵
  PID:6644
- C:\Windows\System\dgJQsOa.exe
  C:\Windows\System\dgJQsOa.exe
  2⤵
  PID:4568
- C:\Windows\System\jKauAmN.exe
  C:\Windows\System\jKauAmN.exe
  2⤵
  PID:4152
- C:\Windows\System\yqmxUyw.exe
  C:\Windows\System\yqmxUyw.exe
  2⤵
  PID:848
- C:\Windows\System\zNjUlZk.exe
  C:\Windows\System\zNjUlZk.exe
  2⤵
  PID:3276
- C:\Windows\System\jFlgleA.exe
  C:\Windows\System\jFlgleA.exe
  2⤵
  PID:3056
- C:\Windows\System\JtNpzIQ.exe
  C:\Windows\System\JtNpzIQ.exe
  2⤵
  PID:664
- C:\Windows\System\xsDXfaJ.exe
  C:\Windows\System\xsDXfaJ.exe
  2⤵
  PID:4084
- C:\Windows\System\CqFVNwl.exe
  C:\Windows\System\CqFVNwl.exe
  2⤵
  PID:2568
- C:\Windows\System\KZdBGTD.exe
  C:\Windows\System\KZdBGTD.exe
  2⤵
  PID:3992
- C:\Windows\System\RvADaGk.exe
  C:\Windows\System\RvADaGk.exe
  2⤵
  PID:14476
- C:\Windows\System\DsMbLdB.exe
  C:\Windows\System\DsMbLdB.exe
  2⤵
  PID:5888
- C:\Windows\System\BpOwlQV.exe
  C:\Windows\System\BpOwlQV.exe
  2⤵
  PID:4248
- C:\Windows\System\GBQOThH.exe
  C:\Windows\System\GBQOThH.exe
  2⤵
  PID:6272
- C:\Windows\System\KcRDHMD.exe
  C:\Windows\System\KcRDHMD.exe
  2⤵
  PID:6344
- C:\Windows\System\pvMGfrr.exe
  C:\Windows\System\pvMGfrr.exe
  2⤵
  PID:2600
- C:\Windows\System\EZGpyqv.exe
  C:\Windows\System\EZGpyqv.exe
  2⤵
  PID:2452
- C:\Windows\System\GCdRQbe.exe
  C:\Windows\System\GCdRQbe.exe
  2⤵
  PID:4888
- C:\Windows\System\erQAXvp.exe
  C:\Windows\System\erQAXvp.exe
  2⤵
  PID:14924
- C:\Windows\System\uXBSevt.exe
  C:\Windows\System\uXBSevt.exe
  2⤵
  PID:6476
- C:\Windows\System\wgisEPo.exe
  C:\Windows\System\wgisEPo.exe
  2⤵
  PID:15140
- C:\Windows\System\CuNzhtx.exe
  C:\Windows\System\CuNzhtx.exe
  2⤵
  PID:5212
- C:\Windows\System\tlSljQo.exe
  C:\Windows\System\tlSljQo.exe
  2⤵
  PID:1188
- C:\Windows\System\hnyitni.exe
  C:\Windows\System\hnyitni.exe
  2⤵
  PID:208
- C:\Windows\System\WmBSoBL.exe
  C:\Windows\System\WmBSoBL.exe
  2⤵
  PID:2928
- C:\Windows\System\sYBiwgN.exe
  C:\Windows\System\sYBiwgN.exe
  2⤵
  PID:14996
- C:\Windows\System\YslhiUz.exe
  C:\Windows\System\YslhiUz.exe
  2⤵
  PID:5380
- C:\Windows\System\AmHiVFp.exe
  C:\Windows\System\AmHiVFp.exe
  2⤵
  PID:5408
- C:\Windows\System\GhHXomG.exe
  C:\Windows\System\GhHXomG.exe
  2⤵
  PID:5452
- C:\Windows\System\xxEEIuw.exe
  C:\Windows\System\xxEEIuw.exe
  2⤵
  PID:5464
- C:\Windows\System\kvFutRk.exe
  C:\Windows\System\kvFutRk.exe
  2⤵
  PID:7068
- C:\Windows\System\JSseYha.exe
  C:\Windows\System\JSseYha.exe
  2⤵
  PID:15288
- C:\Windows\System\eTYovOZ.exe
  C:\Windows\System\eTYovOZ.exe
  2⤵
  PID:4512
- C:\Windows\System\yyWSkpF.exe
  C:\Windows\System\yyWSkpF.exe
  2⤵
  PID:2848
- C:\Windows\System\BqTyYmC.exe
  C:\Windows\System\BqTyYmC.exe
  2⤵
  PID:5576
- C:\Windows\System\hBrrgnQ.exe
  C:\Windows\System\hBrrgnQ.exe
  2⤵
  PID:4256
- C:\Windows\System\ucjWHSu.exe
  C:\Windows\System\ucjWHSu.exe
  2⤵
  PID:1840
- C:\Windows\System\jgOTicT.exe
  C:\Windows\System\jgOTicT.exe
  2⤵
  PID:3444
- C:\Windows\System\VbudNsI.exe
  C:\Windows\System\VbudNsI.exe
  2⤵
  PID:5704
- C:\Windows\System\fjmqoeo.exe
  C:\Windows\System\fjmqoeo.exe
  2⤵
  PID:2464
- C:\Windows\System\HUfApJc.exe
  C:\Windows\System\HUfApJc.exe
  2⤵
  PID:1540
- C:\Windows\System\ZlrCscm.exe
  C:\Windows\System\ZlrCscm.exe
  2⤵
  PID:14532
- C:\Windows\System\ifAohYF.exe
  C:\Windows\System\ifAohYF.exe
  2⤵
  PID:14600
- C:\Windows\System\VVxsUYg.exe
  C:\Windows\System\VVxsUYg.exe
  2⤵
  PID:3872
- C:\Windows\System\MVQQEgX.exe
  C:\Windows\System\MVQQEgX.exe
  2⤵
  PID:14776
- C:\Windows\System\qyHduwv.exe
  C:\Windows\System\qyHduwv.exe
  2⤵
  PID:6472
- C:\Windows\System\alZyfHG.exe
  C:\Windows\System\alZyfHG.exe
  2⤵
  PID:14928
- C:\Windows\System\kCcQnFy.exe
  C:\Windows\System\kCcQnFy.exe
  2⤵
  PID:5928
- C:\Windows\System\fBwmDxl.exe
  C:\Windows\System\fBwmDxl.exe
  2⤵
  PID:15224
- C:\Windows\System\IVoMfwW.exe
  C:\Windows\System\IVoMfwW.exe
  2⤵
  PID:2856
- C:\Windows\System\VYMkIBk.exe
  C:\Windows\System\VYMkIBk.exe
  2⤵
  PID:3788
- C:\Windows\System\XOELpMv.exe
  C:\Windows\System\XOELpMv.exe
  2⤵
  PID:14944
- C:\Windows\System\wNthFjs.exe
  C:\Windows\System\wNthFjs.exe
  2⤵
  PID:6032
- C:\Windows\System\oGumCRr.exe
  C:\Windows\System\oGumCRr.exe
  2⤵
  PID:6528
- C:\Windows\System\EvtPBjF.exe
  C:\Windows\System\EvtPBjF.exe
  2⤵
  PID:6960
- C:\Windows\System\sXEXVgP.exe
  C:\Windows\System\sXEXVgP.exe
  2⤵
  PID:6136
- C:\Windows\System\qJbNInU.exe
  C:\Windows\System\qJbNInU.exe
  2⤵
  PID:3984
- C:\Windows\System\YuCkyPn.exe
  C:\Windows\System\YuCkyPn.exe
  2⤵
  PID:116
- C:\Windows\System\HVhRlUM.exe
  C:\Windows\System\HVhRlUM.exe
  2⤵
  PID:7304
- C:\Windows\System\zJGoxaa.exe
  C:\Windows\System\zJGoxaa.exe
  2⤵
  PID:7328
- C:\Windows\System\ydhFCvG.exe
  C:\Windows\System\ydhFCvG.exe
  2⤵
  PID:5228
- C:\Windows\System\bdPkeLO.exe
  C:\Windows\System\bdPkeLO.exe
  2⤵
  PID:5312
- C:\Windows\System\FoMVkdV.exe
  C:\Windows\System\FoMVkdV.exe
  2⤵
  PID:7460
- C:\Windows\System\odiihMm.exe
  C:\Windows\System\odiihMm.exe
  2⤵
  PID:7488
- C:\Windows\System\mwfCOyD.exe
  C:\Windows\System\mwfCOyD.exe
  2⤵
  PID:5524
- C:\Windows\System\RiHdmKe.exe
  C:\Windows\System\RiHdmKe.exe
  2⤵
  PID:5552
- C:\Windows\System\UIxZHVG.exe
  C:\Windows\System\UIxZHVG.exe
  2⤵
  PID:5612
- C:\Windows\System\NpxdTps.exe
  C:\Windows\System\NpxdTps.exe
  2⤵
  PID:7628
- C:\Windows\System\IbCDXtR.exe
  C:\Windows\System\IbCDXtR.exe
  2⤵
  PID:5828
- C:\Windows\System\TFCjuxk.exe
  C:\Windows\System\TFCjuxk.exe
  2⤵
  PID:6468
- C:\Windows\System\qbvlPGe.exe
  C:\Windows\System\qbvlPGe.exe
  2⤵
  PID:15076
- C:\Windows\System\kIQpcIJ.exe
  C:\Windows\System\kIQpcIJ.exe
  2⤵
  PID:5944
- C:\Windows\System\GMkcphH.exe
  C:\Windows\System\GMkcphH.exe
  2⤵
  PID:6860
- C:\Windows\System\fUTYqwm.exe
  C:\Windows\System\fUTYqwm.exe
  2⤵
  PID:7852
- C:\Windows\System\WMzSalI.exe
  C:\Windows\System\WMzSalI.exe
  2⤵
  PID:7884
- C:\Windows\System\DLfggQM.exe
  C:\Windows\System\DLfggQM.exe
  2⤵
  PID:5480
- C:\Windows\System\TemVNmf.exe
  C:\Windows\System\TemVNmf.exe
  2⤵
  PID:1392
- C:\Windows\System\aouAGvz.exe
  C:\Windows\System\aouAGvz.exe
  2⤵
  PID:1632
- C:\Windows\System\NayRaeg.exe
  C:\Windows\System\NayRaeg.exe
  2⤵
  PID:7260
- C:\Windows\System\kDhAein.exe
  C:\Windows\System\kDhAein.exe
  2⤵
  PID:5160
- C:\Windows\System\tMBJFjw.exe
  C:\Windows\System\tMBJFjw.exe
  2⤵
  PID:8000
- C:\Windows\System\YOtTKiL.exe
  C:\Windows\System\YOtTKiL.exe
  2⤵
  PID:4528
- C:\Windows\System\nifITXg.exe
  C:\Windows\System\nifITXg.exe
  2⤵
  PID:6868
- C:\Windows\System\ibCxgHm.exe
  C:\Windows\System\ibCxgHm.exe
  2⤵
  PID:7520
- C:\Windows\System\EwFgshs.exe
  C:\Windows\System\EwFgshs.exe
  2⤵
  PID:8188
- C:\Windows\System\oqhfPIK.exe
  C:\Windows\System\oqhfPIK.exe
  2⤵
  PID:7248
- C:\Windows\System\yzgEhmp.exe
  C:\Windows\System\yzgEhmp.exe
  2⤵
  PID:5972
- C:\Windows\System\JtkiRli.exe
  C:\Windows\System\JtkiRli.exe
  2⤵
  PID:6172
- C:\Windows\System\hIcnCRP.exe
  C:\Windows\System\hIcnCRP.exe
  2⤵
  PID:6200
- C:\Windows\System\XkwBgOv.exe
  C:\Windows\System\XkwBgOv.exe
  2⤵
  PID:7712
- C:\Windows\System\jWnMPUB.exe
  C:\Windows\System\jWnMPUB.exe
  2⤵
  PID:6284
- C:\Windows\System\qPxZnXZ.exe
  C:\Windows\System\qPxZnXZ.exe
  2⤵
  PID:7752
- C:\Windows\System\scYJfDb.exe
  C:\Windows\System\scYJfDb.exe
  2⤵
  PID:5168
- C:\Windows\System\vHsJnXb.exe
  C:\Windows\System\vHsJnXb.exe
  2⤵
  PID:3348
- C:\Windows\System\BkJdRfC.exe
  C:\Windows\System\BkJdRfC.exe
  2⤵
  PID:7936
- C:\Windows\System\uxfTbQH.exe
  C:\Windows\System\uxfTbQH.exe
  2⤵
  PID:7976
- C:\Windows\System\bdcEADV.exe
  C:\Windows\System\bdcEADV.exe
  2⤵
  PID:556
- C:\Windows\System\EWHjVUl.exe
  C:\Windows\System\EWHjVUl.exe
  2⤵
  PID:5356
- C:\Windows\System\goYNZKO.exe
  C:\Windows\System\goYNZKO.exe
  2⤵
  PID:8092
- C:\Windows\System\cEwZcnq.exe
  C:\Windows\System\cEwZcnq.exe
  2⤵
  PID:6140
- C:\Windows\System\ITcsoEW.exe
  C:\Windows\System\ITcsoEW.exe
  2⤵
  PID:7244
- C:\Windows\System\erCYAPP.exe
  C:\Windows\System\erCYAPP.exe
  2⤵
  PID:7632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DwqwnZe.exe

Filesize
6.1MB

MD5
b62bfcd342ff164eb67c3099b2427397

SHA1
10e3d6a78de592e9820177f3c0b691985d26e81e

SHA256
731866856426df628d9465252e2d3b69781aa24a06983f1d5b65b0c5462017fd

SHA512
2b23c30b0e159ecd528a779d972a2033f1fbb49abee2404297b7534a9b6a7033b84378e14b330944ed0dad450f025e13c8253bc1fffaf225930c6e037479f438

Download Submit
C:\Windows\System\EYcLjXd.exe

Filesize
6.1MB

MD5
521b25c6d65241631d400719978f9005

SHA1
584d92656b6f4589fd6a5f4ab7519b1d3c49364d

SHA256
3674673fb436ffd26114bd2200bd85bea1afeeaf2d0d19bfd03bec10a3986728

SHA512
40bb26d2cecffe4fef2426299ba11a446ed08dc576a1a8c479d2d0f5943fac9cc565777b169bcf045ffc73324abc0aac622e846c86b56f4ae38381e18bb1decd

Download Submit
C:\Windows\System\ErWRVIE.exe

Filesize
6.1MB

MD5
3441436917dd9821cc2ec03427d501ec

SHA1
b420b28d9cbcdc994c4847b9fe5ce26fab757699

SHA256
72beef410753fba21f0a157ab20f1f8a9f77311cb7784cf5247a1a18a79c0ce6

SHA512
b07c0bdf8a0c243b81d212e740ba7c7fe7607d138c5df0efa8e87102ce04c6d33c69bc02f87f6948ee2dd1c16d06f03b478e62e0773d2675ffe030dcbdc4722a

Download Submit
C:\Windows\System\GohSZNl.exe

Filesize
6.1MB

MD5
da5af7d681972769f3c603481611eb28

SHA1
d0bb02debc96ba198801fd352452d1109ddecd4f

SHA256
259c186606f9382c62abc9cb6cadc78aabb8c622ecf7c3c673b9807e930115c4

SHA512
f823106ede9fcd94d8014f110612f48e4f4ac4578be11598bb9fa1ed7d9ec41266f5f7f92babdc77c5f29a2ad47c9ad889daa68e999cfeeffc32cdadd890c5ee

Download Submit
C:\Windows\System\GuIzJyk.exe

Filesize
6.1MB

MD5
fc39662537473083a3e573a2e39bef2d

SHA1
9446fcc0a8704c0fa48fe7d123e1de8ce3c7572f

SHA256
9e936df73101d277399045f912f34c9fd689d660adef8ad6e4cf7c90bb8fe72b

SHA512
ccb737f2d0d7395fb9fddcd6cbb71e0c58d453c6c64b8a6298e95030456fc933f02fd32703cdf7309be5287eb4c88c57ae2c87254dec3a65e860b2e723c661c9

Download Submit
C:\Windows\System\HBnBFNw.exe

Filesize
6.1MB

MD5
4e2f1c26172f76097c5afc4d44b15d31

SHA1
eb07c1e09a236c75de19a0c727019ef78ba4c493

SHA256
b6e020da4758c31d6079d6ba162e275981bc1e142069a4bd7a8f7a079e1ed997

SHA512
f502ab8351252324f8d6560352404d957a2aa54cd9229ed2e55429a415eae85f515ae6ac4cf65bea0923e3c23779314867595632240d4db9223312dfef094a86

Download Submit
C:\Windows\System\IGCUyRp.exe

Filesize
6.1MB

MD5
183a327ccbe535f58ba0776be9dca0cc

SHA1
d80fc2eb683e67319608ebaccb324c00fc75c0ee

SHA256
2a584ac19f741fc28d6d6ac46c36013fc71ea67a8df6b52ee277088ab3b06d66

SHA512
d24d71f3e51d2330df8ed96ef60332220bc115571e0b976ca7cd2899e0ddd209eba05483cabdca0383bdce6ab5aa95b4667da4c52a71929d2047a209997e5bcd

Download Submit
C:\Windows\System\OCtItCh.exe

Filesize
6.1MB

MD5
a2c2f34cfdd07fa73173e36de6f03943

SHA1
b3367d1cdfba7d3420c52ff19d3f30a7a1965d36

SHA256
d3e285e206142b37e9830d7b13b87b50ec76b09937a70856884de8ba53d1588e

SHA512
7aa1dac30fd3c7e1530f397d2847cd7bc6b26e3bba89351b96e6e91f812b460e82b2a25bb0466c933e22c95272f74cf1e4755569caf30e90e23c4850f1fd830e

Download Submit
C:\Windows\System\PBPMLUn.exe

Filesize
6.1MB

MD5
547a14d521e1dfd18c088768f14f585d

SHA1
33457bee9f0a1a4ea59cb1012243de1f84dbb680

SHA256
cb721e536914c54f7c6befbef13acd4f21ca0926242be5fbc52ec3b0b09afac0

SHA512
de574789dbbb1ea957bf05b09628b5168a17181de289bf0903381e53cec27d147a07625732f17d61af54365109a7753c2d686e846f5a033104032def6470732c

Download Submit
C:\Windows\System\RFgfnti.exe

Filesize
6.1MB

MD5
96a343dfe265fa076415703bb37aa6f7

SHA1
55c1be9ebf3eba01f24823a6c86aa659c0083f87

SHA256
92eb454c3b9118291b756a01ac5bcaef6571977f42525e776d82034bcc1804f4

SHA512
ae1223f6295e33814fb926cb8977a0f3b97895b9e21b30649d8e8100443648a4c9b40c25705d457bcd7348f2edab9bfd5e512e03582ad98f1ccb6acdd6643263

Download Submit
C:\Windows\System\RnWCdcs.exe

Filesize
6.1MB

MD5
e49509f1d6b522b37aae4901a370454c

SHA1
607b6081dc2bc456cf3172345318c1416b524742

SHA256
de4e8bf6a348d1ba8144c15f0e70542ec39900d8d01fa6585daa1219b2d16550

SHA512
2e9949a3712bb59dfb074a450de63a65ec4a9756abad08b9dff80fc1f9e39b23bd6692e1bbb48d9621fa84ba2bdb4c0e15b52b9055653aed640b668966694390

Download Submit
C:\Windows\System\YCGTwcb.exe

Filesize
6.1MB

MD5
e8a8e5909ba020cac9f1d1b0f4b06525

SHA1
988b976ce84bfea42a77b43bb15d9a8b72234ba0

SHA256
e2a9365d40093fca4c97033025789f57dd5b8abe72f7ea289a2bab26f98786ff

SHA512
1c3f7beefe1e9000e64cb03f764cc5a1e2609418a504920264af953cf828b836c8ef2e8bb9466d98b5dbc114e220a57a98d96a57328e3852a702063887264f53

Download Submit
C:\Windows\System\bIytAZi.exe

Filesize
6.1MB

MD5
20708c22705d6ce7d085c9665a8dedf3

SHA1
7b0020f229002029a33243860d2806578d097d98

SHA256
0cf6395543b98ba2d633a8e9ef510bd5a17a0924dfdfa2c5e05cee322998b135

SHA512
2d7cc71a9c66844f4ec13010d765b7bec075e9eb7ffdcdb1be185d3d1b73281d17088913011d2d85d0303adbd835ba92c600c06e1fa95e81b0bf6fc93afb9b12

Download Submit
C:\Windows\System\bxXOAYS.exe

Filesize
6.1MB

MD5
6ef6158b3d42a29139d7962aba3332fb

SHA1
5bd5132073ae72ded0b37b9de009ecb2934cbdda

SHA256
c908ce03535b5b93d20a441a0a1fea8f23e963260c27ec232b3ac155dc0d9cbb

SHA512
d7b4b3fda026600fe421cf43afc348710a006cf222e92e0dee366073925980116a099b06a127c78b1106ab4fe0802340f8d25a02f0f342cc4db056166d8c1194

Download Submit
C:\Windows\System\cIMmCYu.exe

Filesize
6.1MB

MD5
60b7d4c019d00eaccf2a7b75928bb065

SHA1
bf9fc7569e0bb76b80d12dd4e499c5327aacfe61

SHA256
ecc3b6f2542780fc960fc4b121f941b629c15cee7c9f8b4f5851f42df9bdf09e

SHA512
1e2b69b93547b4ca2095477841c833c7c5b6d88bcd820316399f6f02b3c2184cc1b6a7609d44b9af2eca30bcc361083c9d60812aba428ddbfa1d5bfa2f24ad83

Download Submit
C:\Windows\System\cskabZH.exe

Filesize
6.1MB

MD5
138cb5838ea4a0ecf745ea6b5430858b

SHA1
c752edc863417cd19111420a7255a3cf971b960d

SHA256
b162ccc0f3e9cef1826e0845eda2ccb1a6c73d911ff861e296eb9f85f909567e

SHA512
a4cbd4b67d70f7448f3cd393d536e3398b46a6faf9b80f8a513087c609d26e34dcffa4463f7e8d36ef7df84dd8dc2e59b99f85039a094e6a51b90634a0c5456a

Download Submit
C:\Windows\System\dSsJxSg.exe

Filesize
6.1MB

MD5
675fc955f24658a80b1b1d315681de14

SHA1
9e890fa9075172c13440c4c067173b2daf9691df

SHA256
4e7102e4ee510f27e6f4c1d7fa5f19b4763665562092386c59d9dd19fe264a3a

SHA512
0e007857a6e96759cbac0e7b404ed46583b38b55dad39f2f1a076e2df3dc993ee47d67c74b9a2eb4bac5f9623dbfe9391a7361b6df8daf4c3c6f1a910163b678

Download Submit
C:\Windows\System\dYquiMR.exe

Filesize
6.1MB

MD5
ec94f115845b879c0f82e0d3bbc218b8

SHA1
533660422011b9a14c82976190c9446f20e1fff2

SHA256
3b64c788471544d52d5ad258b51e276d9a687aa16f9ae4ad1feb9e7b78c46ca9

SHA512
ee4e144896d272c29476da6f2f4a03456e63236294debf656039413d3c05ebaabc66b36859b3d80d5ed96a9b0a998b506a35912c3727edf1e4f9aa4acbae0d99

Download Submit
C:\Windows\System\dZNyIMy.exe

Filesize
6.1MB

MD5
0e9481f8d5212047352146bf3dde9111

SHA1
3a5186814e31942881829e0e85e3c9d0466560ca

SHA256
48580a07042e2c73e503b722c7a909b057f266cdd539ad583d80a651a76622b3

SHA512
93bb756b04ce58bf21922f69f61742d3459566812066020a6c6c483cde8572627820bea921fdb2161e2237070c693d9698b87d85a889a383bef84a79f71f7c08

Download Submit
C:\Windows\System\ejTxWcT.exe

Filesize
6.1MB

MD5
cfdd97e6e1b46c116c59b7ab0aa05537

SHA1
9ea239c8d2bf65c7f7fc3671eb1e7fd30b09e901

SHA256
89323f21057d78552e8d7e8ffbd90838ae1eaa0946e87e644d5a1ed1f1aebcf4

SHA512
4e12df3212a6282031de85651ee8e79fbc1dd129ae6910067e7a155ea145eac2ca3e742b1395fe373219f1269fc1602ab8ef2ec3ab4405841eb1484a58d902a7

Download Submit
C:\Windows\System\fmyGCAp.exe

Filesize
6.1MB

MD5
5a3d0a899841dd8d72ea0b10844b51f2

SHA1
ab63eefc8fe940663d6d3f40320102131df626a7

SHA256
9e235230e24aec381d8a58945862ed38b17a4888d0796d0747a8dc8a62fedc9c

SHA512
972ce002ed70cf854b8206f18ae08faa63eefaecbf552680c95e1e455419d29465b67b06313796974801026aa9a887e20b548db639b5d6efd871ce78a6f78231

Download Submit
C:\Windows\System\gTmGSiZ.exe

Filesize
6.1MB

MD5
49f5370006693521860d4e0ccba29f13

SHA1
6b9ba781f62a3a17462d07e2d8dc5ea2d9dd602a

SHA256
4605945f74ca2eb5c3924ba04ea46a4f3c800ed4fdec6e10d35ef75c2f665b40

SHA512
786c8ee5ff16154de0c62470e242e695fb7d73e45458bdb84b03c9af496b07234e4fad34eec9cfa3ac92c47f839b95d30b07a0de0db66c5372edf4188bc59a0f

Download Submit
C:\Windows\System\hdrltUC.exe

Filesize
6.1MB

MD5
5d9f7a35ee0c239af58ebd83528ca17e

SHA1
910b25df778eba80d3f62922c1084d869058746c

SHA256
ce1d29d215106f73cec9304751adb5bea476f72924cf2b00d2cb87b57f5c26e7

SHA512
4e6b76f32331fa4c34f67a43460a4e5cfa8948dd5655dc8ba9ec853e86b11a3af9f816825c496e4f2fda7a2e75e0a2f59725a82e99ec51369944d51ccd2f4bf4

Download Submit
C:\Windows\System\lWvzHAi.exe

Filesize
6.1MB

MD5
6e3923a1ed5e36a9a743d98a7ccb554d

SHA1
5ae2efdfb2d6a3adb8047a8b8a6e2fd57f49dc4a

SHA256
2b55aad8c06032ed2280ab3fca85cd7f6cea43ffda02db02f125ef59ae982850

SHA512
cc5503624089bbda739e57a22385efb32fa1df85ee8889e85d1c8cdf6d0af4bdae447c62d0fbca888ac9c76ed633aba40565726ce34be21821ee9db55e786fe4

Download Submit
C:\Windows\System\oCJfRup.exe

Filesize
6.1MB

MD5
a0dfdb9b53837fe838bc83de72e0c92b

SHA1
6ad44c6918c174c3b41069f4cfdf2551b0b114d8

SHA256
ecc0367597e227c4659d3ccaa88ec84cb58f2cd80d88dfb7a2ed43190ce81676

SHA512
d39111a5c45f4f187a93b55bb3b5131721bdf5df9e1dab13df5894c0079ac22271b0e1f5db15d9e4f0e5d33c3849efcdb8fca614e8c45c90e855d2e5d1c8cb85

Download Submit
C:\Windows\System\oTkMRrL.exe

Filesize
6.1MB

MD5
7dae0981d94d4506536b8b2e0415437a

SHA1
39e6cef57702035f17bc57d37b30a3d6a7ddfa7d

SHA256
0d9c4c2af577f16223e9c9934eafda673fed04a7d127f0d575c9d4a567292639

SHA512
cf006d521f652cd1f533dd8bb45c430b7ec36bfdcf44eae64111ce65b24745c0807b94f009eaa6c2aaa5928d8cd9f86f2e3999c3f0e8a52207865e27c6fcc5db

Download Submit
C:\Windows\System\sUDONny.exe

Filesize
6.1MB

MD5
ee3024142fadcb032deb28e0b455154e

SHA1
06b924cefabcef81009c34b27fc21f18a115c02c

SHA256
56205371bea09a3b82ecbb98ba12ec8ed743c602faef0cc14c475089288e3b75

SHA512
48c6e36dc8135ff2d8f83001cc30387a86dd471d198d8e557adc50efdc759c15551a3fc69e96774583f1a856f25e811c60738bb9d58a7810928d3c53d4483f1d

Download Submit
C:\Windows\System\szDUIDp.exe

Filesize
6.1MB

MD5
5c63fd31e55061413ca7741463f8c770

SHA1
918b80c52014d138e07d5fa192d3e41e116774cf

SHA256
af7e4a51ce3dd792f7cad82fa8c3fa79eee08335fbf3a3013f22e5525d75eb44

SHA512
041a46b2356550ada768b0c4d411b0d391905a4e2e158118a4830c925aa4cfcc81cf0316ce53afddb8aa8dd45318d1988cbdabbe353d0983bcd02f33a538a5e2

Download Submit
C:\Windows\System\szTrlRf.exe

Filesize
6.1MB

MD5
f499483b01dc62f9dcb4206bedad929f

SHA1
fc9aa8f10000419a060f7828f37fc0271544efa0

SHA256
e9731e0e31c3730cb3b436e690ad15fe91f518c7ecc85b2f06478a208fbe193b

SHA512
8ee2bd7e26511b29c1d4777fbacfb9357656e54e38573684eb3ddbf19a3a2b155cdf4430b1faeb4c764b22addcdae78090f2aba999b336ac90d66db2dd98f442

Download Submit
C:\Windows\System\vQMMKLf.exe

Filesize
6.1MB

MD5
94f3ec23ae84796d3a0e8c693cffb9a4

SHA1
8f49604619cedcebb73068a9a5b668f170e9399b

SHA256
e66eb0606e0d59d7367da6cefd71c2f4cdb853be6a45727ff6cb5f45c2a66695

SHA512
63791bf0b94d9739373b31967a9c1dfa73b3967fa288b43d380addff7f7e86cff957406b5b6c3fb48a9e4afc29052af5e2228fadda33e341008e8a40cc27c28d

Download Submit
C:\Windows\System\vmPnynu.exe

Filesize
6.1MB

MD5
f7e6304e1f83c4f256bc8ab52375b19f

SHA1
39ba23a1381aa4663b3fa579f7cb09f75ceb2b1b

SHA256
0ab33ff47edd5238e694358b2fc50d673103e68983962efd923ea1e96ee540ae

SHA512
991d3757d4e5158b0757b1051d2cb0e8dd13401f891cd37b583b7bfa80550c8fc0b02a86fe34974e8242bad25733e2209c7639ba0515e96dbb698527d5c37bca

Download Submit
C:\Windows\System\wRXGBKu.exe

Filesize
6.1MB

MD5
ad46d331f2123c6e9eb30f95a39dacad

SHA1
c4cf1ec42f49d79ba832162567f3c4b209398b9e

SHA256
a30a18e737f22ee8b65aa8e84855af0931b6853592f7d694d5236b69a4b61aaa

SHA512
9dfd9ca8e09f8fd046bad01f60db1ff883cd53dcea066a29f5f9787753457aae225691f4d112c909fb8f679dcf5d73d098df250f87f8a910d9f22675450c3b4a

Download Submit
C:\Windows\System\xdjzjUI.exe

Filesize
6.1MB

MD5
e933d3d08a38d180d5e7e80ef426c3e9

SHA1
2724981928751c65e58aad29cf16116ffc2437a1

SHA256
6f2fd4f1a0f4c2adc78320b704d5fc981a7f8c211e760eb1a48458a5a4ca8435

SHA512
287be08f0ec05b639f1fddef9dbd0451a6dcf7abdd985b24b9cd470fac9f2c35630495ddc9597c5aefd099632d1ba8563b27ccf8717f792abd7c0a49818fc98e

Download Submit
memory/336-542-0x00007FF6A8ED0000-0x00007FF6A9224000-memory.dmp

Filesize
3.3MB

Download
memory/336-1003-0x00007FF6A8ED0000-0x00007FF6A9224000-memory.dmp

Filesize
3.3MB

Download
memory/336-2158-0x00007FF6A8ED0000-0x00007FF6A9224000-memory.dmp

Filesize
3.3MB

Download
memory/440-553-0x00007FF6A4040000-0x00007FF6A4394000-memory.dmp

Filesize
3.3MB

Download
memory/440-2174-0x00007FF6A4040000-0x00007FF6A4394000-memory.dmp

Filesize
3.3MB

Download
memory/536-570-0x00007FF68B660000-0x00007FF68B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-582-0x00007FF6E7A40000-0x00007FF6E7D94000-memory.dmp

Filesize
3.3MB

Download
memory/540-2210-0x00007FF6E7A40000-0x00007FF6E7D94000-memory.dmp

Filesize
3.3MB

Download
memory/840-562-0x00007FF6C4D70000-0x00007FF6C50C4000-memory.dmp

Filesize
3.3MB

Download
memory/840-2186-0x00007FF6C4D70000-0x00007FF6C50C4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2215-0x00007FF6A1800000-0x00007FF6A1B54000-memory.dmp

Filesize
3.3MB

Download
memory/1008-595-0x00007FF6A1800000-0x00007FF6A1B54000-memory.dmp

Filesize
3.3MB

Download
memory/1344-588-0x00007FF7AF680000-0x00007FF7AF9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2208-0x00007FF7AF680000-0x00007FF7AF9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-585-0x00007FF696760000-0x00007FF696AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2209-0x00007FF696760000-0x00007FF696AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2214-0x00007FF78F420000-0x00007FF78F774000-memory.dmp

Filesize
3.3MB

Download
memory/1596-592-0x00007FF78F420000-0x00007FF78F774000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2159-0x00007FF7C4370000-0x00007FF7C46C4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-549-0x00007FF7C4370000-0x00007FF7C46C4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-50-0x00007FF673260000-0x00007FF6735B4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2156-0x00007FF673260000-0x00007FF6735B4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-1000-0x00007FF673260000-0x00007FF6735B4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2150-0x00007FF659930000-0x00007FF659C84000-memory.dmp

Filesize
3.3MB

Download
memory/1956-888-0x00007FF659930000-0x00007FF659C84000-memory.dmp

Filesize
3.3MB

Download
memory/1956-36-0x00007FF659930000-0x00007FF659C84000-memory.dmp

Filesize
3.3MB

Download
memory/2128-577-0x00007FF60FDB0000-0x00007FF610104000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2203-0x00007FF60FDB0000-0x00007FF610104000-memory.dmp

Filesize
3.3MB

Download
memory/2200-581-0x00007FF7F2FF0000-0x00007FF7F3344000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2178-0x00007FF7C3C70000-0x00007FF7C3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-556-0x00007FF7C3C70000-0x00007FF7C3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2198-0x00007FF6EDD60000-0x00007FF6EE0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-567-0x00007FF6EDD60000-0x00007FF6EE0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-571-0x00007FF746E10000-0x00007FF747164000-memory.dmp

Filesize
3.3MB

Download
memory/2764-622-0x00007FF763270000-0x00007FF7635C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-7-0x00007FF763270000-0x00007FF7635C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2087-0x00007FF763270000-0x00007FF7635C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-560-0x00007FF771800000-0x00007FF771B54000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2179-0x00007FF771800000-0x00007FF771B54000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1-0x000001F4BF380000-0x000001F4BF390000-memory.dmp

Filesize
64KB

Download
memory/3144-0-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-596-0x00007FF67CF70000-0x00007FF67D2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-550-0x00007FF799CE0000-0x00007FF79A034000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2169-0x00007FF799CE0000-0x00007FF79A034000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2162-0x00007FF78B760000-0x00007FF78BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-598-0x00007FF78B760000-0x00007FF78BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3988-761-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2127-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/3988-24-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/4164-578-0x00007FF635B10000-0x00007FF635E64000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2163-0x00007FF61A300000-0x00007FF61A654000-memory.dmp

Filesize
3.3MB

Download
memory/4180-546-0x00007FF61A300000-0x00007FF61A654000-memory.dmp

Filesize
3.3MB

Download
memory/4420-697-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2125-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp

Filesize
3.3MB

Download
memory/4420-20-0x00007FF6ED720000-0x00007FF6EDA74000-memory.dmp

Filesize
3.3MB

Download
memory/4460-2092-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-14-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4460-652-0x00007FF6DB950000-0x00007FF6DBCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-574-0x00007FF72A6E0000-0x00007FF72AA34000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2193-0x00007FF72A6E0000-0x00007FF72AA34000-memory.dmp

Filesize
3.3MB

Download
memory/4588-31-0x00007FF79A4E0000-0x00007FF79A834000-memory.dmp

Filesize
3.3MB

Download
memory/4588-819-0x00007FF79A4E0000-0x00007FF79A834000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2146-0x00007FF79A4E0000-0x00007FF79A834000-memory.dmp

Filesize
3.3MB

Download
memory/5112-41-0x00007FF617D20000-0x00007FF618074000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2153-0x00007FF617D20000-0x00007FF618074000-memory.dmp

Filesize
3.3MB

Download
memory/5112-962-0x00007FF617D20000-0x00007FF618074000-memory.dmp

Filesize
3.3MB

Download