cobaltstrike | b323ee95f4d43a0c11cf275aae7827d722a945b630349084925620ed6beadda3

Analysis

max time kernel
128s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

86e78b12d1e54456d970850532c661f3
SHA1

ab9ad3e96e6a6e8e67b6631c46569747122c9cd2
SHA256

b323ee95f4d43a0c11cf275aae7827d722a945b630349084925620ed6beadda3
SHA512

f9ce04f882702db85d5d5b46f8e1674c0db60c38fc8919e2bda98a8b3ea132d6c11b478bdd9db05734cd0769dbe99ac4b45340d9d87f7df6fb8c318a99ec753e
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUN:Q+856utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015685-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156a6-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cbd-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ceb-32.dat	cobalt_reflective_dll
behavioral1/files/0x003200000001566d-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf8-44.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164c8-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c7b-182.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-155.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001612f-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-129.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d03-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfc-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c84-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d25-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c62-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016855-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001658c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016aa9-84.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001662e-75.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d36-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-185.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016307-72.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-6.dat	xmrig
behavioral1/files/0x0008000000015685-12.dat	xmrig
behavioral1/files/0x00080000000156a6-16.dat	xmrig
behavioral1/memory/2432-20-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2740-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2792-19-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cbd-22.dat	xmrig
behavioral1/files/0x0007000000015ceb-32.dat	xmrig
behavioral1/memory/2560-35-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x003200000001566d-36.dat	xmrig
behavioral1/memory/2912-28-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2156-42-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2632-43-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf8-44.dat	xmrig
behavioral1/memory/1044-50-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00060000000164c8-169.dat	xmrig
behavioral1/memory/792-78-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c7b-182.dat	xmrig
behavioral1/files/0x00060000000173da-178.dat	xmrig
behavioral1/files/0x0006000000016eca-155.dat	xmrig
behavioral1/files/0x000700000001612f-151.dat	xmrig
behavioral1/files/0x0006000000016dd7-148.dat	xmrig
behavioral1/files/0x0006000000016dbe-142.dat	xmrig
behavioral1/files/0x0006000000016d96-136.dat	xmrig
behavioral1/files/0x0006000000016d36-129.dat	xmrig
behavioral1/memory/2016-128-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d03-125.dat	xmrig
behavioral1/files/0x0006000000016d3e-122.dat	xmrig
behavioral1/files/0x0006000000016cfc-116.dat	xmrig
behavioral1/files/0x0006000000016c84-114.dat	xmrig
behavioral1/files/0x0006000000016d25-112.dat	xmrig
behavioral1/files/0x0006000000016cd1-105.dat	xmrig
behavioral1/files/0x0006000000016c62-99.dat	xmrig
behavioral1/memory/2156-98-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016855-87.dat	xmrig
behavioral1/files/0x000600000001658c-85.dat	xmrig
behavioral1/files/0x0006000000016aa9-84.dat	xmrig
behavioral1/files/0x000600000001662e-75.dat	xmrig
behavioral1/files/0x0008000000015d36-60.dat	xmrig
behavioral1/files/0x00060000000173f1-185.dat	xmrig
behavioral1/files/0x000600000001706d-174.dat	xmrig
behavioral1/files/0x0006000000016ea4-166.dat	xmrig
behavioral1/files/0x0006000000016dd1-164.dat	xmrig
behavioral1/files/0x0006000000016d9a-162.dat	xmrig
behavioral1/files/0x0006000000016d46-160.dat	xmrig
behavioral1/memory/1804-121-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2272-83-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2156-74-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0006000000016307-72.dat	xmrig
behavioral1/memory/2792-3074-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2740-3098-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2912-3102-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2432-3100-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2560-3142-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1044-3264-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2632-3265-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/792-3329-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2272-3343-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2016-3354-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1804-3358-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2740	ZkzyxTB.exe
2792	mxlTtPy.exe
2432	SHpAzTe.exe
2912	HFYBtfm.exe
2560	HPCcxfV.exe
2632	vHuBher.exe
1044	zlnVKkB.exe
792	JviEbnt.exe
2272	BOfXBHB.exe
1804	mobRkXa.exe
2016	vjvcsAX.exe
2036	wjKHtFB.exe
2468	tFlhBpz.exe
2616	pqUEPso.exe
532	owUMfij.exe
2836	yJgxqGW.exe
1492	JxvECvu.exe
2032	WCCTSsA.exe
2952	VhOtwak.exe
1004	nAWLpCm.exe
2520	iCKLJkb.exe
2396	xiFZzCT.exe
2204	hktcVbt.exe
672	gJarRIL.exe
900	nYTLDve.exe
1660	VrtaHmv.exe
1528	YByPHgO.exe
2832	gERYUtm.exe
1968	sLMcCzU.exe
1784	gJmveEk.exe
3068	reyNVZY.exe
3060	ABWOupR.exe
888	kcUSFCU.exe
2228	lFAEnMt.exe
444	SOPDToh.exe
2424	aRIZaBT.exe
676	JrcnFvD.exe
772	dpapudq.exe
1372	PKCogIL.exe
1676	htxGjLZ.exe
1704	LGUcPHO.exe
1716	hpzsQKH.exe
652	ZabLyAc.exe
568	knekymu.exe
1276	SILjZib.exe
2512	TMgtAUl.exe
1816	hpYAtKu.exe
2416	gPQEZqv.exe
2476	FvCKhia.exe
1084	RUSrzdB.exe
764	kBCZYBb.exe
2292	REsyuBW.exe
1296	ImGHmBv.exe
1584	XqrrHop.exe
2804	eLMfHPY.exe
2124	DRnNzGO.exe
2744	JMwwfMy.exe
2592	UttFQDu.exe
1696	iiqXoMZ.exe
1700	KQBNKyc.exe
2808	UBVBVPJ.exe
2620	lrxVCgL.exe
2716	rwXFjxQ.exe
2784	kEhppIv.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0007000000012119-6.dat	upx
behavioral1/files/0x0008000000015685-12.dat	upx
behavioral1/files/0x00080000000156a6-16.dat	upx
behavioral1/memory/2432-20-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2740-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2792-19-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0008000000015cbd-22.dat	upx
behavioral1/files/0x0007000000015ceb-32.dat	upx
behavioral1/memory/2560-35-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x003200000001566d-36.dat	upx
behavioral1/memory/2912-28-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2156-42-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2632-43-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf8-44.dat	upx
behavioral1/memory/1044-50-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x00060000000164c8-169.dat	upx
behavioral1/memory/792-78-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0006000000016c7b-182.dat	upx
behavioral1/files/0x00060000000173da-178.dat	upx
behavioral1/files/0x0006000000016eca-155.dat	upx
behavioral1/files/0x000700000001612f-151.dat	upx
behavioral1/files/0x0006000000016dd7-148.dat	upx
behavioral1/files/0x0006000000016dbe-142.dat	upx
behavioral1/files/0x0006000000016d96-136.dat	upx
behavioral1/files/0x0006000000016d36-129.dat	upx
behavioral1/memory/2016-128-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0007000000015d03-125.dat	upx
behavioral1/files/0x0006000000016d3e-122.dat	upx
behavioral1/files/0x0006000000016cfc-116.dat	upx
behavioral1/files/0x0006000000016c84-114.dat	upx
behavioral1/files/0x0006000000016d25-112.dat	upx
behavioral1/files/0x0006000000016cd1-105.dat	upx
behavioral1/files/0x0006000000016c62-99.dat	upx
behavioral1/files/0x0006000000016855-87.dat	upx
behavioral1/files/0x000600000001658c-85.dat	upx
behavioral1/files/0x0006000000016aa9-84.dat	upx
behavioral1/files/0x000600000001662e-75.dat	upx
behavioral1/files/0x0008000000015d36-60.dat	upx
behavioral1/files/0x00060000000173f1-185.dat	upx
behavioral1/files/0x000600000001706d-174.dat	upx
behavioral1/files/0x0006000000016ea4-166.dat	upx
behavioral1/files/0x0006000000016dd1-164.dat	upx
behavioral1/files/0x0006000000016d9a-162.dat	upx
behavioral1/files/0x0006000000016d46-160.dat	upx
behavioral1/memory/1804-121-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2272-83-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0006000000016307-72.dat	upx
behavioral1/memory/2792-3074-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2740-3098-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2912-3102-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2432-3100-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2560-3142-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1044-3264-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2632-3265-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/792-3329-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2272-3343-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2016-3354-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1804-3358-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZLPOoOe.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JWPWSAM.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JbjfsJH.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BeOYalD.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AjInvPN.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WypGbNY.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dQODmCm.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qFrrgKw.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\koiMIkh.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cXQuZjy.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GgaAClQ.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nbzVvjB.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\znsUZvx.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HWzNNNR.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DJvnQjg.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VUsgIag.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DAFLQFB.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YNCFCoU.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qbFdqVS.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RDLbOCy.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FddMtKF.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GhBCiRN.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hktcVbt.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LOLsJcc.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IeMHmpc.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JaRRqLY.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PALzpKs.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HCTRJlI.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lxKDevi.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QPOdbCo.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GzrgCbV.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tLvWcPW.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pMWoZHd.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WNpXlQZ.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ecOotjD.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yvKqFco.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Xgcjcui.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hSHguXn.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\naYgeqN.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sTqdAaw.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\elSqcuf.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wvxjfXy.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OTKDqYW.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xSCqgiU.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Htjhxnj.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wgdaIDf.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OOCEWOn.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OixgDRU.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yARiQBq.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TMgtAUl.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZCqSBsU.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hnSuHfi.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XPoBvHq.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jlOCFNy.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xyjcREE.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XRUxEUP.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ykhCPIK.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rxkXHtk.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TqxrafX.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jTwnZUB.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zlIVykm.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\glWBado.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WgwRzBo.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mcpBRvJ.exe	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2740	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2156 wrote to memory of 2740	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2156 wrote to memory of 2740	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	31
PID 2156 wrote to memory of 2792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2156 wrote to memory of 2792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2156 wrote to memory of 2792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	32
PID 2156 wrote to memory of 2432	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2156 wrote to memory of 2432	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2156 wrote to memory of 2432	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	33
PID 2156 wrote to memory of 2912	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2156 wrote to memory of 2912	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2156 wrote to memory of 2912	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	34
PID 2156 wrote to memory of 2560	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2156 wrote to memory of 2560	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2156 wrote to memory of 2560	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	35
PID 2156 wrote to memory of 2632	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2156 wrote to memory of 2632	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2156 wrote to memory of 2632	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	36
PID 2156 wrote to memory of 1044	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2156 wrote to memory of 1044	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2156 wrote to memory of 1044	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	37
PID 2156 wrote to memory of 532	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2156 wrote to memory of 532	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2156 wrote to memory of 532	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	38
PID 2156 wrote to memory of 792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2156 wrote to memory of 792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2156 wrote to memory of 792	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	39
PID 2156 wrote to memory of 1492	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2156 wrote to memory of 1492	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2156 wrote to memory of 1492	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	40
PID 2156 wrote to memory of 2272	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2156 wrote to memory of 2272	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2156 wrote to memory of 2272	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	41
PID 2156 wrote to memory of 2396	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2156 wrote to memory of 2396	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2156 wrote to memory of 2396	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	42
PID 2156 wrote to memory of 1804	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2156 wrote to memory of 1804	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2156 wrote to memory of 1804	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	43
PID 2156 wrote to memory of 2204	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2156 wrote to memory of 2204	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2156 wrote to memory of 2204	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	44
PID 2156 wrote to memory of 2016	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2156 wrote to memory of 2016	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2156 wrote to memory of 2016	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	45
PID 2156 wrote to memory of 900	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2156 wrote to memory of 900	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2156 wrote to memory of 900	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	46
PID 2156 wrote to memory of 2036	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2156 wrote to memory of 2036	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2156 wrote to memory of 2036	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	47
PID 2156 wrote to memory of 1660	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2156 wrote to memory of 1660	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2156 wrote to memory of 1660	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	48
PID 2156 wrote to memory of 2468	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2156 wrote to memory of 2468	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2156 wrote to memory of 2468	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	49
PID 2156 wrote to memory of 2832	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2156 wrote to memory of 2832	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2156 wrote to memory of 2832	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	50
PID 2156 wrote to memory of 2616	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2156 wrote to memory of 2616	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2156 wrote to memory of 2616	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	51
PID 2156 wrote to memory of 1968	2156	2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_86e78b12d1e54456d970850532c661f3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\System\ZkzyxTB.exe
  C:\Windows\System\ZkzyxTB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\mxlTtPy.exe
  C:\Windows\System\mxlTtPy.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\SHpAzTe.exe
  C:\Windows\System\SHpAzTe.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\HFYBtfm.exe
  C:\Windows\System\HFYBtfm.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HPCcxfV.exe
  C:\Windows\System\HPCcxfV.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\vHuBher.exe
  C:\Windows\System\vHuBher.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\zlnVKkB.exe
  C:\Windows\System\zlnVKkB.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\owUMfij.exe
  C:\Windows\System\owUMfij.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\JviEbnt.exe
  C:\Windows\System\JviEbnt.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\JxvECvu.exe
  C:\Windows\System\JxvECvu.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\BOfXBHB.exe
  C:\Windows\System\BOfXBHB.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\xiFZzCT.exe
  C:\Windows\System\xiFZzCT.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\mobRkXa.exe
  C:\Windows\System\mobRkXa.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\hktcVbt.exe
  C:\Windows\System\hktcVbt.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\vjvcsAX.exe
  C:\Windows\System\vjvcsAX.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\nYTLDve.exe
  C:\Windows\System\nYTLDve.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\wjKHtFB.exe
  C:\Windows\System\wjKHtFB.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\VrtaHmv.exe
  C:\Windows\System\VrtaHmv.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\tFlhBpz.exe
  C:\Windows\System\tFlhBpz.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\gERYUtm.exe
  C:\Windows\System\gERYUtm.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\pqUEPso.exe
  C:\Windows\System\pqUEPso.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\sLMcCzU.exe
  C:\Windows\System\sLMcCzU.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\yJgxqGW.exe
  C:\Windows\System\yJgxqGW.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\gJmveEk.exe
  C:\Windows\System\gJmveEk.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\WCCTSsA.exe
  C:\Windows\System\WCCTSsA.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\reyNVZY.exe
  C:\Windows\System\reyNVZY.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\VhOtwak.exe
  C:\Windows\System\VhOtwak.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ABWOupR.exe
  C:\Windows\System\ABWOupR.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\nAWLpCm.exe
  C:\Windows\System\nAWLpCm.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\kcUSFCU.exe
  C:\Windows\System\kcUSFCU.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\iCKLJkb.exe
  C:\Windows\System\iCKLJkb.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\lFAEnMt.exe
  C:\Windows\System\lFAEnMt.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\gJarRIL.exe
  C:\Windows\System\gJarRIL.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\SOPDToh.exe
  C:\Windows\System\SOPDToh.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\YByPHgO.exe
  C:\Windows\System\YByPHgO.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\aRIZaBT.exe
  C:\Windows\System\aRIZaBT.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\JrcnFvD.exe
  C:\Windows\System\JrcnFvD.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\dpapudq.exe
  C:\Windows\System\dpapudq.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\PKCogIL.exe
  C:\Windows\System\PKCogIL.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\htxGjLZ.exe
  C:\Windows\System\htxGjLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\LGUcPHO.exe
  C:\Windows\System\LGUcPHO.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\hpzsQKH.exe
  C:\Windows\System\hpzsQKH.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZabLyAc.exe
  C:\Windows\System\ZabLyAc.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\knekymu.exe
  C:\Windows\System\knekymu.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\SILjZib.exe
  C:\Windows\System\SILjZib.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\TMgtAUl.exe
  C:\Windows\System\TMgtAUl.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\hpYAtKu.exe
  C:\Windows\System\hpYAtKu.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\gPQEZqv.exe
  C:\Windows\System\gPQEZqv.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\FvCKhia.exe
  C:\Windows\System\FvCKhia.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RUSrzdB.exe
  C:\Windows\System\RUSrzdB.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\kBCZYBb.exe
  C:\Windows\System\kBCZYBb.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\REsyuBW.exe
  C:\Windows\System\REsyuBW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ImGHmBv.exe
  C:\Windows\System\ImGHmBv.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\DRnNzGO.exe
  C:\Windows\System\DRnNzGO.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\XqrrHop.exe
  C:\Windows\System\XqrrHop.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\iiqXoMZ.exe
  C:\Windows\System\iiqXoMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\eLMfHPY.exe
  C:\Windows\System\eLMfHPY.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UBVBVPJ.exe
  C:\Windows\System\UBVBVPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\JMwwfMy.exe
  C:\Windows\System\JMwwfMy.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\lrxVCgL.exe
  C:\Windows\System\lrxVCgL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UttFQDu.exe
  C:\Windows\System\UttFQDu.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\rwXFjxQ.exe
  C:\Windows\System\rwXFjxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\KQBNKyc.exe
  C:\Windows\System\KQBNKyc.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\kEhppIv.exe
  C:\Windows\System\kEhppIv.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ICCEyzj.exe
  C:\Windows\System\ICCEyzj.exe
  2⤵
  PID:3000
- C:\Windows\System\SlbSzlC.exe
  C:\Windows\System\SlbSzlC.exe
  2⤵
  PID:2200
- C:\Windows\System\KZRosmx.exe
  C:\Windows\System\KZRosmx.exe
  2⤵
  PID:2800
- C:\Windows\System\AgpQIFW.exe
  C:\Windows\System\AgpQIFW.exe
  2⤵
  PID:1756
- C:\Windows\System\XrDaQOP.exe
  C:\Windows\System\XrDaQOP.exe
  2⤵
  PID:2644
- C:\Windows\System\HoJDtCA.exe
  C:\Windows\System\HoJDtCA.exe
  2⤵
  PID:2180
- C:\Windows\System\fjUGLSm.exe
  C:\Windows\System\fjUGLSm.exe
  2⤵
  PID:1516
- C:\Windows\System\apDWmHr.exe
  C:\Windows\System\apDWmHr.exe
  2⤵
  PID:1108
- C:\Windows\System\uuGYSiV.exe
  C:\Windows\System\uuGYSiV.exe
  2⤵
  PID:1500
- C:\Windows\System\WtWwkKN.exe
  C:\Windows\System\WtWwkKN.exe
  2⤵
  PID:1948
- C:\Windows\System\VfTUbhs.exe
  C:\Windows\System\VfTUbhs.exe
  2⤵
  PID:2212
- C:\Windows\System\SGGalHy.exe
  C:\Windows\System\SGGalHy.exe
  2⤵
  PID:2624
- C:\Windows\System\geqgjlL.exe
  C:\Windows\System\geqgjlL.exe
  2⤵
  PID:2348
- C:\Windows\System\bhhTBJT.exe
  C:\Windows\System\bhhTBJT.exe
  2⤵
  PID:2840
- C:\Windows\System\RtwSwfp.exe
  C:\Windows\System\RtwSwfp.exe
  2⤵
  PID:1448
- C:\Windows\System\TRQkNTU.exe
  C:\Windows\System\TRQkNTU.exe
  2⤵
  PID:2536
- C:\Windows\System\QhuOwoa.exe
  C:\Windows\System\QhuOwoa.exe
  2⤵
  PID:2404
- C:\Windows\System\DamATeD.exe
  C:\Windows\System\DamATeD.exe
  2⤵
  PID:1288
- C:\Windows\System\dEmfizn.exe
  C:\Windows\System\dEmfizn.exe
  2⤵
  PID:960
- C:\Windows\System\olHKyMP.exe
  C:\Windows\System\olHKyMP.exe
  2⤵
  PID:1712
- C:\Windows\System\dFnBAQQ.exe
  C:\Windows\System\dFnBAQQ.exe
  2⤵
  PID:1324
- C:\Windows\System\tgZvfCk.exe
  C:\Windows\System\tgZvfCk.exe
  2⤵
  PID:1540
- C:\Windows\System\VwYlCwH.exe
  C:\Windows\System\VwYlCwH.exe
  2⤵
  PID:2976
- C:\Windows\System\AFsZEMU.exe
  C:\Windows\System\AFsZEMU.exe
  2⤵
  PID:2484
- C:\Windows\System\WnCBrzJ.exe
  C:\Windows\System\WnCBrzJ.exe
  2⤵
  PID:880
- C:\Windows\System\glWBado.exe
  C:\Windows\System\glWBado.exe
  2⤵
  PID:1300
- C:\Windows\System\AKhLtvw.exe
  C:\Windows\System\AKhLtvw.exe
  2⤵
  PID:3032
- C:\Windows\System\QPOdbCo.exe
  C:\Windows\System\QPOdbCo.exe
  2⤵
  PID:2140
- C:\Windows\System\fSAIiae.exe
  C:\Windows\System\fSAIiae.exe
  2⤵
  PID:2436
- C:\Windows\System\EHzLkAi.exe
  C:\Windows\System\EHzLkAi.exe
  2⤵
  PID:1736
- C:\Windows\System\RZRmDaT.exe
  C:\Windows\System\RZRmDaT.exe
  2⤵
  PID:1588
- C:\Windows\System\ZUjTbsS.exe
  C:\Windows\System\ZUjTbsS.exe
  2⤵
  PID:704
- C:\Windows\System\nCfIkhN.exe
  C:\Windows\System\nCfIkhN.exe
  2⤵
  PID:2776
- C:\Windows\System\juhGTTK.exe
  C:\Windows\System\juhGTTK.exe
  2⤵
  PID:316
- C:\Windows\System\aDmcegW.exe
  C:\Windows\System\aDmcegW.exe
  2⤵
  PID:2580
- C:\Windows\System\ybAAjXO.exe
  C:\Windows\System\ybAAjXO.exe
  2⤵
  PID:2172
- C:\Windows\System\sprkcJc.exe
  C:\Windows\System\sprkcJc.exe
  2⤵
  PID:2340
- C:\Windows\System\txACnxH.exe
  C:\Windows\System\txACnxH.exe
  2⤵
  PID:1760
- C:\Windows\System\LBboRsC.exe
  C:\Windows\System\LBboRsC.exe
  2⤵
  PID:1316
- C:\Windows\System\ZWMhxaa.exe
  C:\Windows\System\ZWMhxaa.exe
  2⤵
  PID:1160
- C:\Windows\System\vHBJipk.exe
  C:\Windows\System\vHBJipk.exe
  2⤵
  PID:1592
- C:\Windows\System\WzNuazB.exe
  C:\Windows\System\WzNuazB.exe
  2⤵
  PID:2796
- C:\Windows\System\cxUDdeu.exe
  C:\Windows\System\cxUDdeu.exe
  2⤵
  PID:2568
- C:\Windows\System\LQPuXVD.exe
  C:\Windows\System\LQPuXVD.exe
  2⤵
  PID:1724
- C:\Windows\System\uyLezhh.exe
  C:\Windows\System\uyLezhh.exe
  2⤵
  PID:1560
- C:\Windows\System\YzpqYVd.exe
  C:\Windows\System\YzpqYVd.exe
  2⤵
  PID:2652
- C:\Windows\System\DineTJr.exe
  C:\Windows\System\DineTJr.exe
  2⤵
  PID:2540
- C:\Windows\System\vGvPgpY.exe
  C:\Windows\System\vGvPgpY.exe
  2⤵
  PID:3096
- C:\Windows\System\lguANun.exe
  C:\Windows\System\lguANun.exe
  2⤵
  PID:3112
- C:\Windows\System\MPuNaVC.exe
  C:\Windows\System\MPuNaVC.exe
  2⤵
  PID:3140
- C:\Windows\System\JAesLcU.exe
  C:\Windows\System\JAesLcU.exe
  2⤵
  PID:3156
- C:\Windows\System\NshASYP.exe
  C:\Windows\System\NshASYP.exe
  2⤵
  PID:3172
- C:\Windows\System\YPDevUx.exe
  C:\Windows\System\YPDevUx.exe
  2⤵
  PID:3188
- C:\Windows\System\gxXvWpy.exe
  C:\Windows\System\gxXvWpy.exe
  2⤵
  PID:3204
- C:\Windows\System\YDEYuPc.exe
  C:\Windows\System\YDEYuPc.exe
  2⤵
  PID:3224
- C:\Windows\System\nqkpAAy.exe
  C:\Windows\System\nqkpAAy.exe
  2⤵
  PID:3252
- C:\Windows\System\IFMSoAK.exe
  C:\Windows\System\IFMSoAK.exe
  2⤵
  PID:3272
- C:\Windows\System\TqTjePf.exe
  C:\Windows\System\TqTjePf.exe
  2⤵
  PID:3292
- C:\Windows\System\DvhgpMZ.exe
  C:\Windows\System\DvhgpMZ.exe
  2⤵
  PID:3320
- C:\Windows\System\bSGKKnc.exe
  C:\Windows\System\bSGKKnc.exe
  2⤵
  PID:3340
- C:\Windows\System\xSHIYPv.exe
  C:\Windows\System\xSHIYPv.exe
  2⤵
  PID:3356
- C:\Windows\System\VYTbFdU.exe
  C:\Windows\System\VYTbFdU.exe
  2⤵
  PID:3372
- C:\Windows\System\dBnjyQA.exe
  C:\Windows\System\dBnjyQA.exe
  2⤵
  PID:3388
- C:\Windows\System\zRNrhcr.exe
  C:\Windows\System\zRNrhcr.exe
  2⤵
  PID:3404
- C:\Windows\System\vJxtyUp.exe
  C:\Windows\System\vJxtyUp.exe
  2⤵
  PID:3424
- C:\Windows\System\oFkdBBA.exe
  C:\Windows\System\oFkdBBA.exe
  2⤵
  PID:3452
- C:\Windows\System\afBOVSm.exe
  C:\Windows\System\afBOVSm.exe
  2⤵
  PID:3472
- C:\Windows\System\pZgPiLB.exe
  C:\Windows\System\pZgPiLB.exe
  2⤵
  PID:3496
- C:\Windows\System\JAPCIXi.exe
  C:\Windows\System\JAPCIXi.exe
  2⤵
  PID:3516
- C:\Windows\System\DqiwLad.exe
  C:\Windows\System\DqiwLad.exe
  2⤵
  PID:3536
- C:\Windows\System\tvLrmnD.exe
  C:\Windows\System\tvLrmnD.exe
  2⤵
  PID:3556
- C:\Windows\System\TCWxGjh.exe
  C:\Windows\System\TCWxGjh.exe
  2⤵
  PID:3572
- C:\Windows\System\hcQfXuJ.exe
  C:\Windows\System\hcQfXuJ.exe
  2⤵
  PID:3588
- C:\Windows\System\WwWVyCt.exe
  C:\Windows\System\WwWVyCt.exe
  2⤵
  PID:3604
- C:\Windows\System\DMevuSx.exe
  C:\Windows\System\DMevuSx.exe
  2⤵
  PID:3628
- C:\Windows\System\wxlSSAZ.exe
  C:\Windows\System\wxlSSAZ.exe
  2⤵
  PID:3652
- C:\Windows\System\IFVfjxp.exe
  C:\Windows\System\IFVfjxp.exe
  2⤵
  PID:3672
- C:\Windows\System\ZZfxQEJ.exe
  C:\Windows\System\ZZfxQEJ.exe
  2⤵
  PID:3688
- C:\Windows\System\MpOjUmG.exe
  C:\Windows\System\MpOjUmG.exe
  2⤵
  PID:3704
- C:\Windows\System\xnRqBNo.exe
  C:\Windows\System\xnRqBNo.exe
  2⤵
  PID:3720
- C:\Windows\System\QJdoFTL.exe
  C:\Windows\System\QJdoFTL.exe
  2⤵
  PID:3736
- C:\Windows\System\zVaHwTd.exe
  C:\Windows\System\zVaHwTd.exe
  2⤵
  PID:3756
- C:\Windows\System\IEnCbHV.exe
  C:\Windows\System\IEnCbHV.exe
  2⤵
  PID:3772
- C:\Windows\System\IBmwwUC.exe
  C:\Windows\System\IBmwwUC.exe
  2⤵
  PID:3788
- C:\Windows\System\AwZrhpW.exe
  C:\Windows\System\AwZrhpW.exe
  2⤵
  PID:3804
- C:\Windows\System\WgwRzBo.exe
  C:\Windows\System\WgwRzBo.exe
  2⤵
  PID:3820
- C:\Windows\System\tmekcqA.exe
  C:\Windows\System\tmekcqA.exe
  2⤵
  PID:3840
- C:\Windows\System\vdqfyld.exe
  C:\Windows\System\vdqfyld.exe
  2⤵
  PID:3872
- C:\Windows\System\OObiYGp.exe
  C:\Windows\System\OObiYGp.exe
  2⤵
  PID:3920
- C:\Windows\System\ukZPLox.exe
  C:\Windows\System\ukZPLox.exe
  2⤵
  PID:3944
- C:\Windows\System\ZrwtfLF.exe
  C:\Windows\System\ZrwtfLF.exe
  2⤵
  PID:3964
- C:\Windows\System\gTQzTPD.exe
  C:\Windows\System\gTQzTPD.exe
  2⤵
  PID:3980
- C:\Windows\System\xHWXdME.exe
  C:\Windows\System\xHWXdME.exe
  2⤵
  PID:3996
- C:\Windows\System\pcETqbg.exe
  C:\Windows\System\pcETqbg.exe
  2⤵
  PID:4020
- C:\Windows\System\RBikIwr.exe
  C:\Windows\System\RBikIwr.exe
  2⤵
  PID:4036
- C:\Windows\System\QMtPXXh.exe
  C:\Windows\System\QMtPXXh.exe
  2⤵
  PID:4060
- C:\Windows\System\ioxpVZz.exe
  C:\Windows\System\ioxpVZz.exe
  2⤵
  PID:4076
- C:\Windows\System\zWuTQEJ.exe
  C:\Windows\System\zWuTQEJ.exe
  2⤵
  PID:2064
- C:\Windows\System\GZBueNo.exe
  C:\Windows\System\GZBueNo.exe
  2⤵
  PID:2664
- C:\Windows\System\DbCCOFZ.exe
  C:\Windows\System\DbCCOFZ.exe
  2⤵
  PID:1792
- C:\Windows\System\eYRiQBu.exe
  C:\Windows\System\eYRiQBu.exe
  2⤵
  PID:2608
- C:\Windows\System\xjQDjVI.exe
  C:\Windows\System\xjQDjVI.exe
  2⤵
  PID:1664
- C:\Windows\System\qaPyrIB.exe
  C:\Windows\System\qaPyrIB.exe
  2⤵
  PID:2356
- C:\Windows\System\nbzVvjB.exe
  C:\Windows\System\nbzVvjB.exe
  2⤵
  PID:2352
- C:\Windows\System\rRkOjSi.exe
  C:\Windows\System\rRkOjSi.exe
  2⤵
  PID:2168
- C:\Windows\System\BgaKUSE.exe
  C:\Windows\System\BgaKUSE.exe
  2⤵
  PID:2040
- C:\Windows\System\CstgIaV.exe
  C:\Windows\System\CstgIaV.exe
  2⤵
  PID:2328
- C:\Windows\System\TEiYwUY.exe
  C:\Windows\System\TEiYwUY.exe
  2⤵
  PID:2924
- C:\Windows\System\wRxWlmE.exe
  C:\Windows\System\wRxWlmE.exe
  2⤵
  PID:1580
- C:\Windows\System\YwQmyBd.exe
  C:\Windows\System\YwQmyBd.exe
  2⤵
  PID:1680
- C:\Windows\System\iFxGbAw.exe
  C:\Windows\System\iFxGbAw.exe
  2⤵
  PID:920
- C:\Windows\System\YqNkXqn.exe
  C:\Windows\System\YqNkXqn.exe
  2⤵
  PID:2144
- C:\Windows\System\Jznlgdz.exe
  C:\Windows\System\Jznlgdz.exe
  2⤵
  PID:3128
- C:\Windows\System\pXqNRjo.exe
  C:\Windows\System\pXqNRjo.exe
  2⤵
  PID:3164
- C:\Windows\System\mYbzzFj.exe
  C:\Windows\System\mYbzzFj.exe
  2⤵
  PID:3236
- C:\Windows\System\lHzRJfi.exe
  C:\Windows\System\lHzRJfi.exe
  2⤵
  PID:3248
- C:\Windows\System\PwHawEG.exe
  C:\Windows\System\PwHawEG.exe
  2⤵
  PID:2280
- C:\Windows\System\WIhorBl.exe
  C:\Windows\System\WIhorBl.exe
  2⤵
  PID:2188
- C:\Windows\System\aibYoHe.exe
  C:\Windows\System\aibYoHe.exe
  2⤵
  PID:3152
- C:\Windows\System\XmhAcrE.exe
  C:\Windows\System\XmhAcrE.exe
  2⤵
  PID:3432
- C:\Windows\System\fOmgreo.exe
  C:\Windows\System\fOmgreo.exe
  2⤵
  PID:3480
- C:\Windows\System\RksjotP.exe
  C:\Windows\System\RksjotP.exe
  2⤵
  PID:3568
- C:\Windows\System\AfGmbeJ.exe
  C:\Windows\System\AfGmbeJ.exe
  2⤵
  PID:3640
- C:\Windows\System\tXNJVyV.exe
  C:\Windows\System\tXNJVyV.exe
  2⤵
  PID:3216
- C:\Windows\System\gwJzByB.exe
  C:\Windows\System\gwJzByB.exe
  2⤵
  PID:3260
- C:\Windows\System\MzRNOCg.exe
  C:\Windows\System\MzRNOCg.exe
  2⤵
  PID:3212
- C:\Windows\System\OBuUYWc.exe
  C:\Windows\System\OBuUYWc.exe
  2⤵
  PID:3316
- C:\Windows\System\dDtZdNk.exe
  C:\Windows\System\dDtZdNk.exe
  2⤵
  PID:3780
- C:\Windows\System\WHXpFAe.exe
  C:\Windows\System\WHXpFAe.exe
  2⤵
  PID:3416
- C:\Windows\System\leNSonc.exe
  C:\Windows\System\leNSonc.exe
  2⤵
  PID:3468
- C:\Windows\System\wOIBPNs.exe
  C:\Windows\System\wOIBPNs.exe
  2⤵
  PID:3868
- C:\Windows\System\mYFRiNP.exe
  C:\Windows\System\mYFRiNP.exe
  2⤵
  PID:3544
- C:\Windows\System\ONbvdWX.exe
  C:\Windows\System\ONbvdWX.exe
  2⤵
  PID:3668
- C:\Windows\System\MbElgOJ.exe
  C:\Windows\System\MbElgOJ.exe
  2⤵
  PID:3880
- C:\Windows\System\HRXcIZc.exe
  C:\Windows\System\HRXcIZc.exe
  2⤵
  PID:3932
- C:\Windows\System\ODoFbVd.exe
  C:\Windows\System\ODoFbVd.exe
  2⤵
  PID:3700
- C:\Windows\System\LHPFsyZ.exe
  C:\Windows\System\LHPFsyZ.exe
  2⤵
  PID:3612
- C:\Windows\System\JvZbNkz.exe
  C:\Windows\System\JvZbNkz.exe
  2⤵
  PID:3012
- C:\Windows\System\kmRXJBH.exe
  C:\Windows\System\kmRXJBH.exe
  2⤵
  PID:3908
- C:\Windows\System\CxVxJNf.exe
  C:\Windows\System\CxVxJNf.exe
  2⤵
  PID:3976
- C:\Windows\System\YbUogrt.exe
  C:\Windows\System\YbUogrt.exe
  2⤵
  PID:3956
- C:\Windows\System\tDmDmWj.exe
  C:\Windows\System\tDmDmWj.exe
  2⤵
  PID:4052
- C:\Windows\System\vrifpFm.exe
  C:\Windows\System\vrifpFm.exe
  2⤵
  PID:4028
- C:\Windows\System\ttRBwVy.exe
  C:\Windows\System\ttRBwVy.exe
  2⤵
  PID:2472
- C:\Windows\System\YTYAGHD.exe
  C:\Windows\System\YTYAGHD.exe
  2⤵
  PID:2904
- C:\Windows\System\mIeHFKI.exe
  C:\Windows\System\mIeHFKI.exe
  2⤵
  PID:2332
- C:\Windows\System\WPziJVl.exe
  C:\Windows\System\WPziJVl.exe
  2⤵
  PID:2980
- C:\Windows\System\QuTksPu.exe
  C:\Windows\System\QuTksPu.exe
  2⤵
  PID:1624
- C:\Windows\System\evrxaBd.exe
  C:\Windows\System\evrxaBd.exe
  2⤵
  PID:544
- C:\Windows\System\URZKilT.exe
  C:\Windows\System\URZKilT.exe
  2⤵
  PID:1648
- C:\Windows\System\ZCqSBsU.exe
  C:\Windows\System\ZCqSBsU.exe
  2⤵
  PID:584
- C:\Windows\System\ARvHQZE.exe
  C:\Windows\System\ARvHQZE.exe
  2⤵
  PID:280
- C:\Windows\System\njWKGaM.exe
  C:\Windows\System\njWKGaM.exe
  2⤵
  PID:3076
- C:\Windows\System\sMoVppf.exe
  C:\Windows\System\sMoVppf.exe
  2⤵
  PID:3084
- C:\Windows\System\ANjNJAE.exe
  C:\Windows\System\ANjNJAE.exe
  2⤵
  PID:3240
- C:\Windows\System\kJUQhId.exe
  C:\Windows\System\kJUQhId.exe
  2⤵
  PID:3196
- C:\Windows\System\atXvMrv.exe
  C:\Windows\System\atXvMrv.exe
  2⤵
  PID:3328
- C:\Windows\System\KozmCmZ.exe
  C:\Windows\System\KozmCmZ.exe
  2⤵
  PID:3104
- C:\Windows\System\iokRgDX.exe
  C:\Windows\System\iokRgDX.exe
  2⤵
  PID:3448
- C:\Windows\System\ZoPtonI.exe
  C:\Windows\System\ZoPtonI.exe
  2⤵
  PID:3532
- C:\Windows\System\qxGoJRc.exe
  C:\Windows\System\qxGoJRc.exe
  2⤵
  PID:3680
- C:\Windows\System\tvCsqXq.exe
  C:\Windows\System\tvCsqXq.exe
  2⤵
  PID:3180
- C:\Windows\System\GkUGulD.exe
  C:\Windows\System\GkUGulD.exe
  2⤵
  PID:3752
- C:\Windows\System\BZFDPoM.exe
  C:\Windows\System\BZFDPoM.exe
  2⤵
  PID:3420
- C:\Windows\System\zvTlNvK.exe
  C:\Windows\System\zvTlNvK.exe
  2⤵
  PID:3460
- C:\Windows\System\nndilec.exe
  C:\Windows\System\nndilec.exe
  2⤵
  PID:3856
- C:\Windows\System\XScsFQX.exe
  C:\Windows\System\XScsFQX.exe
  2⤵
  PID:3620
- C:\Windows\System\AcZGuat.exe
  C:\Windows\System\AcZGuat.exe
  2⤵
  PID:3732
- C:\Windows\System\paUeqQr.exe
  C:\Windows\System\paUeqQr.exe
  2⤵
  PID:1132
- C:\Windows\System\rOfXIoB.exe
  C:\Windows\System\rOfXIoB.exe
  2⤵
  PID:3616
- C:\Windows\System\iEmKDXX.exe
  C:\Windows\System\iEmKDXX.exe
  2⤵
  PID:4008
- C:\Windows\System\gZXlGjM.exe
  C:\Windows\System\gZXlGjM.exe
  2⤵
  PID:2260
- C:\Windows\System\Qskbsll.exe
  C:\Windows\System\Qskbsll.exe
  2⤵
  PID:4016
- C:\Windows\System\qrsUTeA.exe
  C:\Windows\System\qrsUTeA.exe
  2⤵
  PID:4032
- C:\Windows\System\OKgiWHZ.exe
  C:\Windows\System\OKgiWHZ.exe
  2⤵
  PID:2788
- C:\Windows\System\MujCUNA.exe
  C:\Windows\System\MujCUNA.exe
  2⤵
  PID:2692
- C:\Windows\System\KpyhaEv.exe
  C:\Windows\System\KpyhaEv.exe
  2⤵
  PID:1452
- C:\Windows\System\pyWZEos.exe
  C:\Windows\System\pyWZEos.exe
  2⤵
  PID:1744
- C:\Windows\System\JjrErIs.exe
  C:\Windows\System\JjrErIs.exe
  2⤵
  PID:3092
- C:\Windows\System\ebzFKnC.exe
  C:\Windows\System\ebzFKnC.exe
  2⤵
  PID:2880
- C:\Windows\System\EByAmHI.exe
  C:\Windows\System\EByAmHI.exe
  2⤵
  PID:2576
- C:\Windows\System\kwBZrgo.exe
  C:\Windows\System\kwBZrgo.exe
  2⤵
  PID:3368
- C:\Windows\System\ZWjwIfF.exe
  C:\Windows\System\ZWjwIfF.exe
  2⤵
  PID:3268
- C:\Windows\System\aKisRTo.exe
  C:\Windows\System\aKisRTo.exe
  2⤵
  PID:3380
- C:\Windows\System\CMySdoV.exe
  C:\Windows\System\CMySdoV.exe
  2⤵
  PID:3636
- C:\Windows\System\OpBEPFJ.exe
  C:\Windows\System\OpBEPFJ.exe
  2⤵
  PID:3352
- C:\Windows\System\rWXoxPS.exe
  C:\Windows\System\rWXoxPS.exe
  2⤵
  PID:3508
- C:\Windows\System\YShATVB.exe
  C:\Windows\System\YShATVB.exe
  2⤵
  PID:3940
- C:\Windows\System\vKurmfK.exe
  C:\Windows\System\vKurmfK.exe
  2⤵
  PID:3836
- C:\Windows\System\YfpRtCH.exe
  C:\Windows\System\YfpRtCH.exe
  2⤵
  PID:2760
- C:\Windows\System\XfglYBj.exe
  C:\Windows\System\XfglYBj.exe
  2⤵
  PID:4048
- C:\Windows\System\lJFGvNP.exe
  C:\Windows\System\lJFGvNP.exe
  2⤵
  PID:1980
- C:\Windows\System\ajuImpT.exe
  C:\Windows\System\ajuImpT.exe
  2⤵
  PID:1672
- C:\Windows\System\BSqcsfV.exe
  C:\Windows\System\BSqcsfV.exe
  2⤵
  PID:3148
- C:\Windows\System\QEnVOWk.exe
  C:\Windows\System\QEnVOWk.exe
  2⤵
  PID:1328
- C:\Windows\System\UxvRVgm.exe
  C:\Windows\System\UxvRVgm.exe
  2⤵
  PID:956
- C:\Windows\System\SePxOcu.exe
  C:\Windows\System\SePxOcu.exe
  2⤵
  PID:3384
- C:\Windows\System\VTcoYnd.exe
  C:\Windows\System\VTcoYnd.exe
  2⤵
  PID:3564
- C:\Windows\System\aVRbxgM.exe
  C:\Windows\System\aVRbxgM.exe
  2⤵
  PID:4116
- C:\Windows\System\MwKPwta.exe
  C:\Windows\System\MwKPwta.exe
  2⤵
  PID:4136
- C:\Windows\System\rxkXHtk.exe
  C:\Windows\System\rxkXHtk.exe
  2⤵
  PID:4156
- C:\Windows\System\ujQGxZf.exe
  C:\Windows\System\ujQGxZf.exe
  2⤵
  PID:4180
- C:\Windows\System\UvobZdj.exe
  C:\Windows\System\UvobZdj.exe
  2⤵
  PID:4200
- C:\Windows\System\VUeQPWZ.exe
  C:\Windows\System\VUeQPWZ.exe
  2⤵
  PID:4220
- C:\Windows\System\paWRhLb.exe
  C:\Windows\System\paWRhLb.exe
  2⤵
  PID:4240
- C:\Windows\System\IvoXaVo.exe
  C:\Windows\System\IvoXaVo.exe
  2⤵
  PID:4260
- C:\Windows\System\HvYruFH.exe
  C:\Windows\System\HvYruFH.exe
  2⤵
  PID:4280
- C:\Windows\System\oHBWZTJ.exe
  C:\Windows\System\oHBWZTJ.exe
  2⤵
  PID:4304
- C:\Windows\System\ibSUxmj.exe
  C:\Windows\System\ibSUxmj.exe
  2⤵
  PID:4320
- C:\Windows\System\rIdYLYk.exe
  C:\Windows\System\rIdYLYk.exe
  2⤵
  PID:4340
- C:\Windows\System\GnuLUej.exe
  C:\Windows\System\GnuLUej.exe
  2⤵
  PID:4360
- C:\Windows\System\emOYjut.exe
  C:\Windows\System\emOYjut.exe
  2⤵
  PID:4380
- C:\Windows\System\XCRyAza.exe
  C:\Windows\System\XCRyAza.exe
  2⤵
  PID:4404
- C:\Windows\System\jZEurkm.exe
  C:\Windows\System\jZEurkm.exe
  2⤵
  PID:4424
- C:\Windows\System\qzjDECc.exe
  C:\Windows\System\qzjDECc.exe
  2⤵
  PID:4444
- C:\Windows\System\cBYjYyx.exe
  C:\Windows\System\cBYjYyx.exe
  2⤵
  PID:4460
- C:\Windows\System\FrKdwmn.exe
  C:\Windows\System\FrKdwmn.exe
  2⤵
  PID:4476
- C:\Windows\System\QfzZggf.exe
  C:\Windows\System\QfzZggf.exe
  2⤵
  PID:4492
- C:\Windows\System\HSSXkTg.exe
  C:\Windows\System\HSSXkTg.exe
  2⤵
  PID:4516
- C:\Windows\System\BFVgmhb.exe
  C:\Windows\System\BFVgmhb.exe
  2⤵
  PID:4532
- C:\Windows\System\SrZkXFE.exe
  C:\Windows\System\SrZkXFE.exe
  2⤵
  PID:4552
- C:\Windows\System\gKkkFIS.exe
  C:\Windows\System\gKkkFIS.exe
  2⤵
  PID:4576
- C:\Windows\System\rlARylK.exe
  C:\Windows\System\rlARylK.exe
  2⤵
  PID:4592
- C:\Windows\System\RIRQmCm.exe
  C:\Windows\System\RIRQmCm.exe
  2⤵
  PID:4608
- C:\Windows\System\bkIjAmB.exe
  C:\Windows\System\bkIjAmB.exe
  2⤵
  PID:4624
- C:\Windows\System\GXbKYYE.exe
  C:\Windows\System\GXbKYYE.exe
  2⤵
  PID:4640
- C:\Windows\System\MzjuzzM.exe
  C:\Windows\System\MzjuzzM.exe
  2⤵
  PID:4656
- C:\Windows\System\kRmfoGu.exe
  C:\Windows\System\kRmfoGu.exe
  2⤵
  PID:4672
- C:\Windows\System\iScJnIb.exe
  C:\Windows\System\iScJnIb.exe
  2⤵
  PID:4688
- C:\Windows\System\MRIxmms.exe
  C:\Windows\System\MRIxmms.exe
  2⤵
  PID:4704
- C:\Windows\System\sPaJxEZ.exe
  C:\Windows\System\sPaJxEZ.exe
  2⤵
  PID:4724
- C:\Windows\System\zNPctnD.exe
  C:\Windows\System\zNPctnD.exe
  2⤵
  PID:4744
- C:\Windows\System\XJKMsKg.exe
  C:\Windows\System\XJKMsKg.exe
  2⤵
  PID:4780
- C:\Windows\System\cXwJMgQ.exe
  C:\Windows\System\cXwJMgQ.exe
  2⤵
  PID:4800
- C:\Windows\System\hnSuHfi.exe
  C:\Windows\System\hnSuHfi.exe
  2⤵
  PID:4820
- C:\Windows\System\txCFACY.exe
  C:\Windows\System\txCFACY.exe
  2⤵
  PID:4844
- C:\Windows\System\zOeKMCr.exe
  C:\Windows\System\zOeKMCr.exe
  2⤵
  PID:4860
- C:\Windows\System\IkyCXDv.exe
  C:\Windows\System\IkyCXDv.exe
  2⤵
  PID:4876
- C:\Windows\System\CeMFMPx.exe
  C:\Windows\System\CeMFMPx.exe
  2⤵
  PID:4904
- C:\Windows\System\ayxRYqW.exe
  C:\Windows\System\ayxRYqW.exe
  2⤵
  PID:4932
- C:\Windows\System\wkWxOgn.exe
  C:\Windows\System\wkWxOgn.exe
  2⤵
  PID:4972
- C:\Windows\System\sBZbhvR.exe
  C:\Windows\System\sBZbhvR.exe
  2⤵
  PID:4992
- C:\Windows\System\KLOisSO.exe
  C:\Windows\System\KLOisSO.exe
  2⤵
  PID:5012
- C:\Windows\System\IqcAWWN.exe
  C:\Windows\System\IqcAWWN.exe
  2⤵
  PID:5032
- C:\Windows\System\MSuvJEA.exe
  C:\Windows\System\MSuvJEA.exe
  2⤵
  PID:5048
- C:\Windows\System\fzWoOkD.exe
  C:\Windows\System\fzWoOkD.exe
  2⤵
  PID:5068
- C:\Windows\System\otNCvkv.exe
  C:\Windows\System\otNCvkv.exe
  2⤵
  PID:5088
- C:\Windows\System\XqrZjKF.exe
  C:\Windows\System\XqrZjKF.exe
  2⤵
  PID:5108
- C:\Windows\System\OIXWKde.exe
  C:\Windows\System\OIXWKde.exe
  2⤵
  PID:3440
- C:\Windows\System\RHNaevs.exe
  C:\Windows\System\RHNaevs.exe
  2⤵
  PID:3764
- C:\Windows\System\MRXcxZV.exe
  C:\Windows\System\MRXcxZV.exe
  2⤵
  PID:3888
- C:\Windows\System\PMHePIZ.exe
  C:\Windows\System\PMHePIZ.exe
  2⤵
  PID:2184
- C:\Windows\System\vIjVEun.exe
  C:\Windows\System\vIjVEun.exe
  2⤵
  PID:2812
- C:\Windows\System\ciehAHy.exe
  C:\Windows\System\ciehAHy.exe
  2⤵
  PID:3900
- C:\Windows\System\cvjdsrP.exe
  C:\Windows\System\cvjdsrP.exe
  2⤵
  PID:2572
- C:\Windows\System\IvdTRmj.exe
  C:\Windows\System\IvdTRmj.exe
  2⤵
  PID:1944
- C:\Windows\System\XonGqtQ.exe
  C:\Windows\System\XonGqtQ.exe
  2⤵
  PID:4128
- C:\Windows\System\LquLBtA.exe
  C:\Windows\System\LquLBtA.exe
  2⤵
  PID:4168
- C:\Windows\System\UHNexRS.exe
  C:\Windows\System\UHNexRS.exe
  2⤵
  PID:4112
- C:\Windows\System\nUHVzWs.exe
  C:\Windows\System\nUHVzWs.exe
  2⤵
  PID:4152
- C:\Windows\System\dHOvzDC.exe
  C:\Windows\System\dHOvzDC.exe
  2⤵
  PID:4256
- C:\Windows\System\rsaOKsx.exe
  C:\Windows\System\rsaOKsx.exe
  2⤵
  PID:4188
- C:\Windows\System\tbwJRGU.exe
  C:\Windows\System\tbwJRGU.exe
  2⤵
  PID:4328
- C:\Windows\System\Newhtgt.exe
  C:\Windows\System\Newhtgt.exe
  2⤵
  PID:4228
- C:\Windows\System\LxLvclv.exe
  C:\Windows\System\LxLvclv.exe
  2⤵
  PID:4368
- C:\Windows\System\yvKqFco.exe
  C:\Windows\System\yvKqFco.exe
  2⤵
  PID:4420
- C:\Windows\System\aMyNeUd.exe
  C:\Windows\System\aMyNeUd.exe
  2⤵
  PID:4484
- C:\Windows\System\Boutgrf.exe
  C:\Windows\System\Boutgrf.exe
  2⤵
  PID:4316
- C:\Windows\System\KxMoHay.exe
  C:\Windows\System\KxMoHay.exe
  2⤵
  PID:4572
- C:\Windows\System\ByKbxkl.exe
  C:\Windows\System\ByKbxkl.exe
  2⤵
  PID:4604
- C:\Windows\System\EBLtNIP.exe
  C:\Windows\System\EBLtNIP.exe
  2⤵
  PID:4736
- C:\Windows\System\iNUPubO.exe
  C:\Windows\System\iNUPubO.exe
  2⤵
  PID:4348
- C:\Windows\System\YexzCyf.exe
  C:\Windows\System\YexzCyf.exe
  2⤵
  PID:4796
- C:\Windows\System\zvsGGsr.exe
  C:\Windows\System\zvsGGsr.exe
  2⤵
  PID:4840
- C:\Windows\System\tneZLcS.exe
  C:\Windows\System\tneZLcS.exe
  2⤵
  PID:4512
- C:\Windows\System\UHmOouo.exe
  C:\Windows\System\UHmOouo.exe
  2⤵
  PID:4504
- C:\Windows\System\yRqPfDJ.exe
  C:\Windows\System\yRqPfDJ.exe
  2⤵
  PID:4548
- C:\Windows\System\qPAVbkw.exe
  C:\Windows\System\qPAVbkw.exe
  2⤵
  PID:4588
- C:\Windows\System\jHeLyMc.exe
  C:\Windows\System\jHeLyMc.exe
  2⤵
  PID:4884
- C:\Windows\System\yhURUqX.exe
  C:\Windows\System\yhURUqX.exe
  2⤵
  PID:4652
- C:\Windows\System\Xgcjcui.exe
  C:\Windows\System\Xgcjcui.exe
  2⤵
  PID:4944
- C:\Windows\System\yzlhEut.exe
  C:\Windows\System\yzlhEut.exe
  2⤵
  PID:4984
- C:\Windows\System\sEAtotW.exe
  C:\Windows\System\sEAtotW.exe
  2⤵
  PID:5064
- C:\Windows\System\znsUZvx.exe
  C:\Windows\System\znsUZvx.exe
  2⤵
  PID:2852
- C:\Windows\System\UJlavZL.exe
  C:\Windows\System\UJlavZL.exe
  2⤵
  PID:3852
- C:\Windows\System\zNKVyDP.exe
  C:\Windows\System\zNKVyDP.exe
  2⤵
  PID:4164
- C:\Windows\System\BUGcKQp.exe
  C:\Windows\System\BUGcKQp.exe
  2⤵
  PID:4300
- C:\Windows\System\vMyHoCB.exe
  C:\Windows\System\vMyHoCB.exe
  2⤵
  PID:4372
- C:\Windows\System\sVLlhOt.exe
  C:\Windows\System\sVLlhOt.exe
  2⤵
  PID:4356
- C:\Windows\System\KAPGunn.exe
  C:\Windows\System\KAPGunn.exe
  2⤵
  PID:4956
- C:\Windows\System\ohpQQrX.exe
  C:\Windows\System\ohpQQrX.exe
  2⤵
  PID:5008
- C:\Windows\System\DnVzHhg.exe
  C:\Windows\System\DnVzHhg.exe
  2⤵
  PID:4544
- C:\Windows\System\rthPNmu.exe
  C:\Windows\System\rthPNmu.exe
  2⤵
  PID:3288
- C:\Windows\System\TqxrafX.exe
  C:\Windows\System\TqxrafX.exe
  2⤵
  PID:4872
- C:\Windows\System\KiGBIRH.exe
  C:\Windows\System\KiGBIRH.exe
  2⤵
  PID:4084
- C:\Windows\System\ZWhLpeD.exe
  C:\Windows\System\ZWhLpeD.exe
  2⤵
  PID:4732
- C:\Windows\System\hqemBYh.exe
  C:\Windows\System\hqemBYh.exe
  2⤵
  PID:4760
- C:\Windows\System\LJskoVQ.exe
  C:\Windows\System\LJskoVQ.exe
  2⤵
  PID:4396
- C:\Windows\System\vLKWEla.exe
  C:\Windows\System\vLKWEla.exe
  2⤵
  PID:4456
- C:\Windows\System\TfOoESD.exe
  C:\Windows\System\TfOoESD.exe
  2⤵
  PID:4196
- C:\Windows\System\dVYNMSD.exe
  C:\Windows\System\dVYNMSD.exe
  2⤵
  PID:4124
- C:\Windows\System\fERDlAO.exe
  C:\Windows\System\fERDlAO.exe
  2⤵
  PID:4776
- C:\Windows\System\jvGTcGJ.exe
  C:\Windows\System\jvGTcGJ.exe
  2⤵
  PID:4920
- C:\Windows\System\AWGlumR.exe
  C:\Windows\System\AWGlumR.exe
  2⤵
  PID:4852
- C:\Windows\System\yBwvRkq.exe
  C:\Windows\System\yBwvRkq.exe
  2⤵
  PID:4716
- C:\Windows\System\NdkyGTd.exe
  C:\Windows\System\NdkyGTd.exe
  2⤵
  PID:1408
- C:\Windows\System\DGdxGJO.exe
  C:\Windows\System\DGdxGJO.exe
  2⤵
  PID:3492
- C:\Windows\System\CHcChqT.exe
  C:\Windows\System\CHcChqT.exe
  2⤵
  PID:4684
- C:\Windows\System\qPFOwXe.exe
  C:\Windows\System\qPFOwXe.exe
  2⤵
  PID:4988
- C:\Windows\System\LEdvncR.exe
  C:\Windows\System\LEdvncR.exe
  2⤵
  PID:5024
- C:\Windows\System\YGhcowQ.exe
  C:\Windows\System\YGhcowQ.exe
  2⤵
  PID:3864
- C:\Windows\System\ieochrg.exe
  C:\Windows\System\ieochrg.exe
  2⤵
  PID:3120
- C:\Windows\System\vXKaePf.exe
  C:\Windows\System\vXKaePf.exe
  2⤵
  PID:4268
- C:\Windows\System\DhNyaQM.exe
  C:\Windows\System\DhNyaQM.exe
  2⤵
  PID:4148
- C:\Windows\System\pNftJyK.exe
  C:\Windows\System\pNftJyK.exe
  2⤵
  PID:4392
- C:\Windows\System\czqbZMQ.exe
  C:\Windows\System\czqbZMQ.exe
  2⤵
  PID:4964
- C:\Windows\System\nyMnOLP.exe
  C:\Windows\System\nyMnOLP.exe
  2⤵
  PID:5040
- C:\Windows\System\BLlARgF.exe
  C:\Windows\System\BLlARgF.exe
  2⤵
  PID:3528
- C:\Windows\System\OBLsKut.exe
  C:\Windows\System\OBLsKut.exe
  2⤵
  PID:1096
- C:\Windows\System\yJodvSV.exe
  C:\Windows\System\yJodvSV.exe
  2⤵
  PID:3800
- C:\Windows\System\hEBzJCg.exe
  C:\Windows\System\hEBzJCg.exe
  2⤵
  PID:4508
- C:\Windows\System\UrOrmth.exe
  C:\Windows\System\UrOrmth.exe
  2⤵
  PID:1800
- C:\Windows\System\aOvkZeJ.exe
  C:\Windows\System\aOvkZeJ.exe
  2⤵
  PID:3524
- C:\Windows\System\ymMADZt.exe
  C:\Windows\System\ymMADZt.exe
  2⤵
  PID:4172
- C:\Windows\System\GwpUGtM.exe
  C:\Windows\System\GwpUGtM.exe
  2⤵
  PID:664
- C:\Windows\System\qTlMvkk.exe
  C:\Windows\System\qTlMvkk.exe
  2⤵
  PID:2456
- C:\Windows\System\twBXXAf.exe
  C:\Windows\System\twBXXAf.exe
  2⤵
  PID:2660
- C:\Windows\System\MXZFQAK.exe
  C:\Windows\System\MXZFQAK.exe
  2⤵
  PID:4752
- C:\Windows\System\QvTiIJW.exe
  C:\Windows\System\QvTiIJW.exe
  2⤵
  PID:5096
- C:\Windows\System\pCMEGhD.exe
  C:\Windows\System\pCMEGhD.exe
  2⤵
  PID:3304
- C:\Windows\System\HaoEDJM.exe
  C:\Windows\System\HaoEDJM.exe
  2⤵
  PID:4952
- C:\Windows\System\ZnPqzdk.exe
  C:\Windows\System\ZnPqzdk.exe
  2⤵
  PID:4528
- C:\Windows\System\lIVsCCT.exe
  C:\Windows\System\lIVsCCT.exe
  2⤵
  PID:2160
- C:\Windows\System\iKWpqTV.exe
  C:\Windows\System\iKWpqTV.exe
  2⤵
  PID:4668
- C:\Windows\System\hCATyYa.exe
  C:\Windows\System\hCATyYa.exe
  2⤵
  PID:4236
- C:\Windows\System\nTfeUOE.exe
  C:\Windows\System\nTfeUOE.exe
  2⤵
  PID:276
- C:\Windows\System\LSeBTSC.exe
  C:\Windows\System\LSeBTSC.exe
  2⤵
  PID:2420
- C:\Windows\System\eHXapiT.exe
  C:\Windows\System\eHXapiT.exe
  2⤵
  PID:2240
- C:\Windows\System\HmJlnlW.exe
  C:\Windows\System\HmJlnlW.exe
  2⤵
  PID:1984
- C:\Windows\System\ijYoIKP.exe
  C:\Windows\System\ijYoIKP.exe
  2⤵
  PID:4828
- C:\Windows\System\goWJvpF.exe
  C:\Windows\System\goWJvpF.exe
  2⤵
  PID:916
- C:\Windows\System\OTKDqYW.exe
  C:\Windows\System\OTKDqYW.exe
  2⤵
  PID:4288
- C:\Windows\System\ZVCqHTH.exe
  C:\Windows\System\ZVCqHTH.exe
  2⤵
  PID:4772
- C:\Windows\System\XqFcIYT.exe
  C:\Windows\System\XqFcIYT.exe
  2⤵
  PID:4720
- C:\Windows\System\igcIzyQ.exe
  C:\Windows\System\igcIzyQ.exe
  2⤵
  PID:1480
- C:\Windows\System\rfTXwBh.exe
  C:\Windows\System\rfTXwBh.exe
  2⤵
  PID:1924
- C:\Windows\System\bZhEQIq.exe
  C:\Windows\System\bZhEQIq.exe
  2⤵
  PID:2288
- C:\Windows\System\FjUavoq.exe
  C:\Windows\System\FjUavoq.exe
  2⤵
  PID:1292
- C:\Windows\System\ZnSZsPD.exe
  C:\Windows\System\ZnSZsPD.exe
  2⤵
  PID:1928
- C:\Windows\System\WPhCKeL.exe
  C:\Windows\System\WPhCKeL.exe
  2⤵
  PID:4900
- C:\Windows\System\QlyPemf.exe
  C:\Windows\System\QlyPemf.exe
  2⤵
  PID:4468
- C:\Windows\System\BArYXlW.exe
  C:\Windows\System\BArYXlW.exe
  2⤵
  PID:820
- C:\Windows\System\CUthlTd.exe
  C:\Windows\System\CUthlTd.exe
  2⤵
  PID:4892
- C:\Windows\System\MQOrmgt.exe
  C:\Windows\System\MQOrmgt.exe
  2⤵
  PID:4888
- C:\Windows\System\TQnHSJf.exe
  C:\Windows\System\TQnHSJf.exe
  2⤵
  PID:1732
- C:\Windows\System\ebdWQzF.exe
  C:\Windows\System\ebdWQzF.exe
  2⤵
  PID:4568
- C:\Windows\System\EMSuvjH.exe
  C:\Windows\System\EMSuvjH.exe
  2⤵
  PID:4636
- C:\Windows\System\qMXssoW.exe
  C:\Windows\System\qMXssoW.exe
  2⤵
  PID:1152
- C:\Windows\System\wYIwFVE.exe
  C:\Windows\System\wYIwFVE.exe
  2⤵
  PID:5136
- C:\Windows\System\uISvWgw.exe
  C:\Windows\System\uISvWgw.exe
  2⤵
  PID:5168
- C:\Windows\System\UpjDBit.exe
  C:\Windows\System\UpjDBit.exe
  2⤵
  PID:5184
- C:\Windows\System\FvQQpta.exe
  C:\Windows\System\FvQQpta.exe
  2⤵
  PID:5200
- C:\Windows\System\riqImVo.exe
  C:\Windows\System\riqImVo.exe
  2⤵
  PID:5216
- C:\Windows\System\iiQnDRu.exe
  C:\Windows\System\iiQnDRu.exe
  2⤵
  PID:5232
- C:\Windows\System\mcpBRvJ.exe
  C:\Windows\System\mcpBRvJ.exe
  2⤵
  PID:5248
- C:\Windows\System\itKYSBE.exe
  C:\Windows\System\itKYSBE.exe
  2⤵
  PID:5264
- C:\Windows\System\JfWsbyQ.exe
  C:\Windows\System\JfWsbyQ.exe
  2⤵
  PID:5280
- C:\Windows\System\nunCALm.exe
  C:\Windows\System\nunCALm.exe
  2⤵
  PID:5296
- C:\Windows\System\FJYVrIF.exe
  C:\Windows\System\FJYVrIF.exe
  2⤵
  PID:5312
- C:\Windows\System\RYiqbSF.exe
  C:\Windows\System\RYiqbSF.exe
  2⤵
  PID:5328
- C:\Windows\System\VOANMDL.exe
  C:\Windows\System\VOANMDL.exe
  2⤵
  PID:5348
- C:\Windows\System\ZOgomOS.exe
  C:\Windows\System\ZOgomOS.exe
  2⤵
  PID:5364
- C:\Windows\System\PYHjgot.exe
  C:\Windows\System\PYHjgot.exe
  2⤵
  PID:5480
- C:\Windows\System\jLiNbkb.exe
  C:\Windows\System\jLiNbkb.exe
  2⤵
  PID:5496
- C:\Windows\System\gBKVowB.exe
  C:\Windows\System\gBKVowB.exe
  2⤵
  PID:5512
- C:\Windows\System\prIzYiZ.exe
  C:\Windows\System\prIzYiZ.exe
  2⤵
  PID:5528
- C:\Windows\System\YDLRspj.exe
  C:\Windows\System\YDLRspj.exe
  2⤵
  PID:5544
- C:\Windows\System\HLFiSyS.exe
  C:\Windows\System\HLFiSyS.exe
  2⤵
  PID:5572
- C:\Windows\System\AsPHRgp.exe
  C:\Windows\System\AsPHRgp.exe
  2⤵
  PID:5588
- C:\Windows\System\EQAXHbD.exe
  C:\Windows\System\EQAXHbD.exe
  2⤵
  PID:5604
- C:\Windows\System\JYkXVqE.exe
  C:\Windows\System\JYkXVqE.exe
  2⤵
  PID:5620
- C:\Windows\System\SCCKgxT.exe
  C:\Windows\System\SCCKgxT.exe
  2⤵
  PID:5636
- C:\Windows\System\FdVNulr.exe
  C:\Windows\System\FdVNulr.exe
  2⤵
  PID:5652
- C:\Windows\System\PgOhGAR.exe
  C:\Windows\System\PgOhGAR.exe
  2⤵
  PID:5668
- C:\Windows\System\XzNYyHw.exe
  C:\Windows\System\XzNYyHw.exe
  2⤵
  PID:5684
- C:\Windows\System\EcJUHsb.exe
  C:\Windows\System\EcJUHsb.exe
  2⤵
  PID:5700
- C:\Windows\System\uBBzJla.exe
  C:\Windows\System\uBBzJla.exe
  2⤵
  PID:5716
- C:\Windows\System\iNnDyoG.exe
  C:\Windows\System\iNnDyoG.exe
  2⤵
  PID:5752
- C:\Windows\System\iqHhVEX.exe
  C:\Windows\System\iqHhVEX.exe
  2⤵
  PID:5768
- C:\Windows\System\dNiMmBD.exe
  C:\Windows\System\dNiMmBD.exe
  2⤵
  PID:5784
- C:\Windows\System\mCUPLTy.exe
  C:\Windows\System\mCUPLTy.exe
  2⤵
  PID:5800
- C:\Windows\System\qhKqTWo.exe
  C:\Windows\System\qhKqTWo.exe
  2⤵
  PID:5816
- C:\Windows\System\hjZtzJM.exe
  C:\Windows\System\hjZtzJM.exe
  2⤵
  PID:5832
- C:\Windows\System\WWeXvAc.exe
  C:\Windows\System\WWeXvAc.exe
  2⤵
  PID:5848
- C:\Windows\System\LgpltFd.exe
  C:\Windows\System\LgpltFd.exe
  2⤵
  PID:5864
- C:\Windows\System\WItyNmZ.exe
  C:\Windows\System\WItyNmZ.exe
  2⤵
  PID:5880
- C:\Windows\System\jffdZNV.exe
  C:\Windows\System\jffdZNV.exe
  2⤵
  PID:5912
- C:\Windows\System\DRAfyeR.exe
  C:\Windows\System\DRAfyeR.exe
  2⤵
  PID:5928
- C:\Windows\System\LtLgTMR.exe
  C:\Windows\System\LtLgTMR.exe
  2⤵
  PID:5944
- C:\Windows\System\yBVNqiU.exe
  C:\Windows\System\yBVNqiU.exe
  2⤵
  PID:5960
- C:\Windows\System\OhEOyhh.exe
  C:\Windows\System\OhEOyhh.exe
  2⤵
  PID:5976
- C:\Windows\System\bWdSVJY.exe
  C:\Windows\System\bWdSVJY.exe
  2⤵
  PID:5996
- C:\Windows\System\LynNYDd.exe
  C:\Windows\System\LynNYDd.exe
  2⤵
  PID:6036
- C:\Windows\System\RhkViRp.exe
  C:\Windows\System\RhkViRp.exe
  2⤵
  PID:6052
- C:\Windows\System\cDzxHtz.exe
  C:\Windows\System\cDzxHtz.exe
  2⤵
  PID:6068
- C:\Windows\System\WNFpTnI.exe
  C:\Windows\System\WNFpTnI.exe
  2⤵
  PID:6088
- C:\Windows\System\wxQAqBG.exe
  C:\Windows\System\wxQAqBG.exe
  2⤵
  PID:6104
- C:\Windows\System\vawcNEx.exe
  C:\Windows\System\vawcNEx.exe
  2⤵
  PID:6132
- C:\Windows\System\KOhgVKH.exe
  C:\Windows\System\KOhgVKH.exe
  2⤵
  PID:1788
- C:\Windows\System\XTcGMea.exe
  C:\Windows\System\XTcGMea.exe
  2⤵
  PID:3412
- C:\Windows\System\efbhxmP.exe
  C:\Windows\System\efbhxmP.exe
  2⤵
  PID:5228
- C:\Windows\System\MuWIoOD.exe
  C:\Windows\System\MuWIoOD.exe
  2⤵
  PID:5292
- C:\Windows\System\AdSuuzB.exe
  C:\Windows\System\AdSuuzB.exe
  2⤵
  PID:2128
- C:\Windows\System\mTfJhev.exe
  C:\Windows\System\mTfJhev.exe
  2⤵
  PID:2320
- C:\Windows\System\TIvIERB.exe
  C:\Windows\System\TIvIERB.exe
  2⤵
  PID:5176
- C:\Windows\System\wIbqqiN.exe
  C:\Windows\System\wIbqqiN.exe
  2⤵
  PID:5240
- C:\Windows\System\oNPdYAB.exe
  C:\Windows\System\oNPdYAB.exe
  2⤵
  PID:5304
- C:\Windows\System\dxSoqYA.exe
  C:\Windows\System\dxSoqYA.exe
  2⤵
  PID:5344
- C:\Windows\System\RDBLNdk.exe
  C:\Windows\System\RDBLNdk.exe
  2⤵
  PID:5128
- C:\Windows\System\DuPndKm.exe
  C:\Windows\System\DuPndKm.exe
  2⤵
  PID:1552
- C:\Windows\System\TUCBGhl.exe
  C:\Windows\System\TUCBGhl.exe
  2⤵
  PID:1620
- C:\Windows\System\JZDcVlB.exe
  C:\Windows\System\JZDcVlB.exe
  2⤵
  PID:5428
- C:\Windows\System\DYMmNGJ.exe
  C:\Windows\System\DYMmNGJ.exe
  2⤵
  PID:5440
- C:\Windows\System\lledfzv.exe
  C:\Windows\System\lledfzv.exe
  2⤵
  PID:5456
- C:\Windows\System\YWuTboB.exe
  C:\Windows\System\YWuTboB.exe
  2⤵
  PID:5552
- C:\Windows\System\VdjFHfp.exe
  C:\Windows\System\VdjFHfp.exe
  2⤵
  PID:5568
- C:\Windows\System\CCBXgUw.exe
  C:\Windows\System\CCBXgUw.exe
  2⤵
  PID:5628
- C:\Windows\System\lJXswVR.exe
  C:\Windows\System\lJXswVR.exe
  2⤵
  PID:5724
- C:\Windows\System\lIiDTnk.exe
  C:\Windows\System\lIiDTnk.exe
  2⤵
  PID:5504
- C:\Windows\System\yVpTBOu.exe
  C:\Windows\System\yVpTBOu.exe
  2⤵
  PID:5920
- C:\Windows\System\nMPNZGL.exe
  C:\Windows\System\nMPNZGL.exe
  2⤵
  PID:5648
- C:\Windows\System\GzrgCbV.exe
  C:\Windows\System\GzrgCbV.exe
  2⤵
  PID:5856
- C:\Windows\System\dXVWDns.exe
  C:\Windows\System\dXVWDns.exe
  2⤵
  PID:5908
- C:\Windows\System\MYMXNfQ.exe
  C:\Windows\System\MYMXNfQ.exe
  2⤵
  PID:1964
- C:\Windows\System\bGXWHHH.exe
  C:\Windows\System\bGXWHHH.exe
  2⤵
  PID:5900
- C:\Windows\System\kvPsGZs.exe
  C:\Windows\System\kvPsGZs.exe
  2⤵
  PID:5972
- C:\Windows\System\TidlsYt.exe
  C:\Windows\System\TidlsYt.exe
  2⤵
  PID:5760
- C:\Windows\System\YwUitjF.exe
  C:\Windows\System\YwUitjF.exe
  2⤵
  PID:5644
- C:\Windows\System\taJNblm.exe
  C:\Windows\System\taJNblm.exe
  2⤵
  PID:5540
- C:\Windows\System\qcrQYvr.exe
  C:\Windows\System\qcrQYvr.exe
  2⤵
  PID:6004
- C:\Windows\System\iqlTZUf.exe
  C:\Windows\System\iqlTZUf.exe
  2⤵
  PID:6024
- C:\Windows\System\PVYbjbG.exe
  C:\Windows\System\PVYbjbG.exe
  2⤵
  PID:6116
- C:\Windows\System\VAOeHtB.exe
  C:\Windows\System\VAOeHtB.exe
  2⤵
  PID:1996
- C:\Windows\System\CAqqHvi.exe
  C:\Windows\System\CAqqHvi.exe
  2⤵
  PID:1860
- C:\Windows\System\SqUEhDW.exe
  C:\Windows\System\SqUEhDW.exe
  2⤵
  PID:5152
- C:\Windows\System\wXUrOLR.exe
  C:\Windows\System\wXUrOLR.exe
  2⤵
  PID:5160
- C:\Windows\System\VTVjVDl.exe
  C:\Windows\System\VTVjVDl.exe
  2⤵
  PID:5224
- C:\Windows\System\GGxBqAm.exe
  C:\Windows\System\GGxBqAm.exe
  2⤵
  PID:5272
- C:\Windows\System\uLvjioc.exe
  C:\Windows\System\uLvjioc.exe
  2⤵
  PID:4212
- C:\Windows\System\SkoHusr.exe
  C:\Windows\System\SkoHusr.exe
  2⤵
  PID:5492
- C:\Windows\System\FsiwSyl.exe
  C:\Windows\System\FsiwSyl.exe
  2⤵
  PID:5736
- C:\Windows\System\vvMAkvP.exe
  C:\Windows\System\vvMAkvP.exe
  2⤵
  PID:5748
- C:\Windows\System\YXVLsOQ.exe
  C:\Windows\System\YXVLsOQ.exe
  2⤵
  PID:5524
- C:\Windows\System\FYZcxmx.exe
  C:\Windows\System\FYZcxmx.exe
  2⤵
  PID:5776
- C:\Windows\System\PXoXTRE.exe
  C:\Windows\System\PXoXTRE.exe
  2⤵
  PID:5844
- C:\Windows\System\bWCUeHf.exe
  C:\Windows\System\bWCUeHf.exe
  2⤵
  PID:5288
- C:\Windows\System\ECBbAWG.exe
  C:\Windows\System\ECBbAWG.exe
  2⤵
  PID:5340
- C:\Windows\System\qXPGFtW.exe
  C:\Windows\System\qXPGFtW.exe
  2⤵
  PID:5420
- C:\Windows\System\ZFmSPeA.exe
  C:\Windows\System\ZFmSPeA.exe
  2⤵
  PID:5564
- C:\Windows\System\DPlZuYm.exe
  C:\Windows\System\DPlZuYm.exe
  2⤵
  PID:5956
- C:\Windows\System\LejjJKB.exe
  C:\Windows\System\LejjJKB.exe
  2⤵
  PID:5764
- C:\Windows\System\SNswRRd.exe
  C:\Windows\System\SNswRRd.exe
  2⤵
  PID:5580
- C:\Windows\System\WhfbZMo.exe
  C:\Windows\System\WhfbZMo.exe
  2⤵
  PID:5940
- C:\Windows\System\PDwyJpy.exe
  C:\Windows\System\PDwyJpy.exe
  2⤵
  PID:5708
- C:\Windows\System\uOUjTFL.exe
  C:\Windows\System\uOUjTFL.exe
  2⤵
  PID:5472
- C:\Windows\System\LOLsJcc.exe
  C:\Windows\System\LOLsJcc.exe
  2⤵
  PID:6060
- C:\Windows\System\OiCXFgF.exe
  C:\Windows\System\OiCXFgF.exe
  2⤵
  PID:6044
- C:\Windows\System\Vxlxwhu.exe
  C:\Windows\System\Vxlxwhu.exe
  2⤵
  PID:5144
- C:\Windows\System\PDLRMLP.exe
  C:\Windows\System\PDLRMLP.exe
  2⤵
  PID:6080
- C:\Windows\System\fRmRHQO.exe
  C:\Windows\System\fRmRHQO.exe
  2⤵
  PID:5116
- C:\Windows\System\wYQWAoE.exe
  C:\Windows\System\wYQWAoE.exe
  2⤵
  PID:5596
- C:\Windows\System\VfMKzyc.exe
  C:\Windows\System\VfMKzyc.exe
  2⤵
  PID:5412
- C:\Windows\System\GFsUlOc.exe
  C:\Windows\System\GFsUlOc.exe
  2⤵
  PID:5244
- C:\Windows\System\KzJyqys.exe
  C:\Windows\System\KzJyqys.exe
  2⤵
  PID:3004
- C:\Windows\System\TFIiyCC.exe
  C:\Windows\System\TFIiyCC.exe
  2⤵
  PID:4712
- C:\Windows\System\cuVxzfH.exe
  C:\Windows\System\cuVxzfH.exe
  2⤵
  PID:5208
- C:\Windows\System\mXpbAOg.exe
  C:\Windows\System\mXpbAOg.exe
  2⤵
  PID:6032
- C:\Windows\System\metoLNr.exe
  C:\Windows\System\metoLNr.exe
  2⤵
  PID:5812
- C:\Windows\System\GFdVIgP.exe
  C:\Windows\System\GFdVIgP.exe
  2⤵
  PID:5692
- C:\Windows\System\nVXhiSp.exe
  C:\Windows\System\nVXhiSp.exe
  2⤵
  PID:5840
- C:\Windows\System\DIsFtNJ.exe
  C:\Windows\System\DIsFtNJ.exe
  2⤵
  PID:6152
- C:\Windows\System\IeMHmpc.exe
  C:\Windows\System\IeMHmpc.exe
  2⤵
  PID:6168
- C:\Windows\System\qWWoBkU.exe
  C:\Windows\System\qWWoBkU.exe
  2⤵
  PID:6188
- C:\Windows\System\kXjcTZr.exe
  C:\Windows\System\kXjcTZr.exe
  2⤵
  PID:6236
- C:\Windows\System\lfuOaqV.exe
  C:\Windows\System\lfuOaqV.exe
  2⤵
  PID:6252
- C:\Windows\System\uLAUVyP.exe
  C:\Windows\System\uLAUVyP.exe
  2⤵
  PID:6268
- C:\Windows\System\mVNnAeF.exe
  C:\Windows\System\mVNnAeF.exe
  2⤵
  PID:6288
- C:\Windows\System\HfHnVBU.exe
  C:\Windows\System\HfHnVBU.exe
  2⤵
  PID:6308
- C:\Windows\System\wiibsmd.exe
  C:\Windows\System\wiibsmd.exe
  2⤵
  PID:6324
- C:\Windows\System\wLWzavL.exe
  C:\Windows\System\wLWzavL.exe
  2⤵
  PID:6344
- C:\Windows\System\YSwvyAt.exe
  C:\Windows\System\YSwvyAt.exe
  2⤵
  PID:6360
- C:\Windows\System\BBEMgAX.exe
  C:\Windows\System\BBEMgAX.exe
  2⤵
  PID:6380
- C:\Windows\System\PbPalRR.exe
  C:\Windows\System\PbPalRR.exe
  2⤵
  PID:6404
- C:\Windows\System\DCRWnIL.exe
  C:\Windows\System\DCRWnIL.exe
  2⤵
  PID:6420
- C:\Windows\System\OseAFqW.exe
  C:\Windows\System\OseAFqW.exe
  2⤵
  PID:6436
- C:\Windows\System\DfbUKcO.exe
  C:\Windows\System\DfbUKcO.exe
  2⤵
  PID:6452
- C:\Windows\System\BnUZqkS.exe
  C:\Windows\System\BnUZqkS.exe
  2⤵
  PID:6468
- C:\Windows\System\FMWpQCg.exe
  C:\Windows\System\FMWpQCg.exe
  2⤵
  PID:6488
- C:\Windows\System\Pzldycn.exe
  C:\Windows\System\Pzldycn.exe
  2⤵
  PID:6504
- C:\Windows\System\kqzkQVN.exe
  C:\Windows\System\kqzkQVN.exe
  2⤵
  PID:6524
- C:\Windows\System\FXroldo.exe
  C:\Windows\System\FXroldo.exe
  2⤵
  PID:6540
- C:\Windows\System\dPrmDsS.exe
  C:\Windows\System\dPrmDsS.exe
  2⤵
  PID:6556
- C:\Windows\System\HeRsMyy.exe
  C:\Windows\System\HeRsMyy.exe
  2⤵
  PID:6580
- C:\Windows\System\xsymsif.exe
  C:\Windows\System\xsymsif.exe
  2⤵
  PID:6600
- C:\Windows\System\RrBoUOa.exe
  C:\Windows\System\RrBoUOa.exe
  2⤵
  PID:6620
- C:\Windows\System\knzeYdE.exe
  C:\Windows\System\knzeYdE.exe
  2⤵
  PID:6636
- C:\Windows\System\OshCpkL.exe
  C:\Windows\System\OshCpkL.exe
  2⤵
  PID:6652
- C:\Windows\System\nuLodjE.exe
  C:\Windows\System\nuLodjE.exe
  2⤵
  PID:6668
- C:\Windows\System\ZcTKhvH.exe
  C:\Windows\System\ZcTKhvH.exe
  2⤵
  PID:6692
- C:\Windows\System\viQHfYi.exe
  C:\Windows\System\viQHfYi.exe
  2⤵
  PID:6716
- C:\Windows\System\RHDTzef.exe
  C:\Windows\System\RHDTzef.exe
  2⤵
  PID:6732
- C:\Windows\System\bADTDGV.exe
  C:\Windows\System\bADTDGV.exe
  2⤵
  PID:6752
- C:\Windows\System\xlGKsZj.exe
  C:\Windows\System\xlGKsZj.exe
  2⤵
  PID:6768
- C:\Windows\System\HNXipfY.exe
  C:\Windows\System\HNXipfY.exe
  2⤵
  PID:6784
- C:\Windows\System\DbzaAix.exe
  C:\Windows\System\DbzaAix.exe
  2⤵
  PID:6800
- C:\Windows\System\ESyAYmw.exe
  C:\Windows\System\ESyAYmw.exe
  2⤵
  PID:6820
- C:\Windows\System\xVrysOn.exe
  C:\Windows\System\xVrysOn.exe
  2⤵
  PID:6840
- C:\Windows\System\SOhLJPX.exe
  C:\Windows\System\SOhLJPX.exe
  2⤵
  PID:6856
- C:\Windows\System\paaawwX.exe
  C:\Windows\System\paaawwX.exe
  2⤵
  PID:6872
- C:\Windows\System\uQHbDKx.exe
  C:\Windows\System\uQHbDKx.exe
  2⤵
  PID:6892
- C:\Windows\System\eauXtKb.exe
  C:\Windows\System\eauXtKb.exe
  2⤵
  PID:6908
- C:\Windows\System\sHMfYMS.exe
  C:\Windows\System\sHMfYMS.exe
  2⤵
  PID:6924
- C:\Windows\System\urDhqlE.exe
  C:\Windows\System\urDhqlE.exe
  2⤵
  PID:6940
- C:\Windows\System\xVbvZeS.exe
  C:\Windows\System\xVbvZeS.exe
  2⤵
  PID:7036
- C:\Windows\System\WeMvCxz.exe
  C:\Windows\System\WeMvCxz.exe
  2⤵
  PID:7052
- C:\Windows\System\ZQBAXlU.exe
  C:\Windows\System\ZQBAXlU.exe
  2⤵
  PID:7068
- C:\Windows\System\xMFibgb.exe
  C:\Windows\System\xMFibgb.exe
  2⤵
  PID:7084
- C:\Windows\System\QuhkVdB.exe
  C:\Windows\System\QuhkVdB.exe
  2⤵
  PID:7100
- C:\Windows\System\CdyqXmJ.exe
  C:\Windows\System\CdyqXmJ.exe
  2⤵
  PID:7120
- C:\Windows\System\WuJLGws.exe
  C:\Windows\System\WuJLGws.exe
  2⤵
  PID:7136
- C:\Windows\System\XrwOPzi.exe
  C:\Windows\System\XrwOPzi.exe
  2⤵
  PID:7152
- C:\Windows\System\ewklrhg.exe
  C:\Windows\System\ewklrhg.exe
  2⤵
  PID:4768
- C:\Windows\System\ZyibZEQ.exe
  C:\Windows\System\ZyibZEQ.exe
  2⤵
  PID:6020
- C:\Windows\System\BLUdZIb.exe
  C:\Windows\System\BLUdZIb.exe
  2⤵
  PID:6184
- C:\Windows\System\AANPhrr.exe
  C:\Windows\System\AANPhrr.exe
  2⤵
  PID:5992
- C:\Windows\System\iMzUOyR.exe
  C:\Windows\System\iMzUOyR.exe
  2⤵
  PID:5612
- C:\Windows\System\bHNuzrG.exe
  C:\Windows\System\bHNuzrG.exe
  2⤵
  PID:6016
- C:\Windows\System\PPOjUQd.exe
  C:\Windows\System\PPOjUQd.exe
  2⤵
  PID:5336
- C:\Windows\System\GfQBlIH.exe
  C:\Windows\System\GfQBlIH.exe
  2⤵
  PID:6048
- C:\Windows\System\oVTshFD.exe
  C:\Windows\System\oVTshFD.exe
  2⤵
  PID:5792
- C:\Windows\System\rFRSWeB.exe
  C:\Windows\System\rFRSWeB.exe
  2⤵
  PID:6216
- C:\Windows\System\DmCaDwm.exe
  C:\Windows\System\DmCaDwm.exe
  2⤵
  PID:6232
- C:\Windows\System\HxJNrTh.exe
  C:\Windows\System\HxJNrTh.exe
  2⤵
  PID:6280
- C:\Windows\System\kxrSjDq.exe
  C:\Windows\System\kxrSjDq.exe
  2⤵
  PID:6356
- C:\Windows\System\TmSHhOI.exe
  C:\Windows\System\TmSHhOI.exe
  2⤵
  PID:6388
- C:\Windows\System\DbLAURz.exe
  C:\Windows\System\DbLAURz.exe
  2⤵
  PID:6460
- C:\Windows\System\hNHehcJ.exe
  C:\Windows\System\hNHehcJ.exe
  2⤵
  PID:6332
- C:\Windows\System\BNssxAL.exe
  C:\Windows\System\BNssxAL.exe
  2⤵
  PID:6576
- C:\Windows\System\JrZMLVX.exe
  C:\Windows\System\JrZMLVX.exe
  2⤵
  PID:6564
- C:\Windows\System\SUTqPvB.exe
  C:\Windows\System\SUTqPvB.exe
  2⤵
  PID:6676
- C:\Windows\System\bBTXRTN.exe
  C:\Windows\System\bBTXRTN.exe
  2⤵
  PID:6724
- C:\Windows\System\INnPoda.exe
  C:\Windows\System\INnPoda.exe
  2⤵
  PID:6764
- C:\Windows\System\tfIRvto.exe
  C:\Windows\System\tfIRvto.exe
  2⤵
  PID:6828
- C:\Windows\System\edxztKp.exe
  C:\Windows\System\edxztKp.exe
  2⤵
  PID:6900
- C:\Windows\System\kWjIaWI.exe
  C:\Windows\System\kWjIaWI.exe
  2⤵
  PID:6376
- C:\Windows\System\ZnrQeUN.exe
  C:\Windows\System\ZnrQeUN.exe
  2⤵
  PID:7044
- C:\Windows\System\HiDWARL.exe
  C:\Windows\System\HiDWARL.exe
  2⤵
  PID:6476
- C:\Windows\System\ECnTYVw.exe
  C:\Windows\System\ECnTYVw.exe
  2⤵
  PID:6516
- C:\Windows\System\yqPPkyo.exe
  C:\Windows\System\yqPPkyo.exe
  2⤵
  PID:6588
- C:\Windows\System\ioXgOEA.exe
  C:\Windows\System\ioXgOEA.exe
  2⤵
  PID:6660
- C:\Windows\System\iFkgHMw.exe
  C:\Windows\System\iFkgHMw.exe
  2⤵
  PID:6708
- C:\Windows\System\pEntEUl.exe
  C:\Windows\System\pEntEUl.exe
  2⤵
  PID:6744
- C:\Windows\System\yvKEaNG.exe
  C:\Windows\System\yvKEaNG.exe
  2⤵
  PID:6808
- C:\Windows\System\ZLMjhBS.exe
  C:\Windows\System\ZLMjhBS.exe
  2⤵
  PID:6852
- C:\Windows\System\GRMZfIY.exe
  C:\Windows\System\GRMZfIY.exe
  2⤵
  PID:6920
- C:\Windows\System\XYxpCAv.exe
  C:\Windows\System\XYxpCAv.exe
  2⤵
  PID:7116
- C:\Windows\System\tLvWcPW.exe
  C:\Windows\System\tLvWcPW.exe
  2⤵
  PID:5132
- C:\Windows\System\zZtBArd.exe
  C:\Windows\System\zZtBArd.exe
  2⤵
  PID:5744
- C:\Windows\System\MeOAyoy.exe
  C:\Windows\System\MeOAyoy.exe
  2⤵
  PID:5464
- C:\Windows\System\pdSCHSH.exe
  C:\Windows\System\pdSCHSH.exe
  2⤵
  PID:6984
- C:\Windows\System\YITEjxS.exe
  C:\Windows\System\YITEjxS.exe
  2⤵
  PID:7004
- C:\Windows\System\GFFiqju.exe
  C:\Windows\System\GFFiqju.exe
  2⤵
  PID:7024
- C:\Windows\System\TLexSMV.exe
  C:\Windows\System\TLexSMV.exe
  2⤵
  PID:7064
- C:\Windows\System\LgJjGun.exe
  C:\Windows\System\LgJjGun.exe
  2⤵
  PID:7132
- C:\Windows\System\xSCqgiU.exe
  C:\Windows\System\xSCqgiU.exe
  2⤵
  PID:4968
- C:\Windows\System\IvciQTF.exe
  C:\Windows\System\IvciQTF.exe
  2⤵
  PID:5560
- C:\Windows\System\VyPkxmG.exe
  C:\Windows\System\VyPkxmG.exe
  2⤵
  PID:6076
- C:\Windows\System\TOtrsMP.exe
  C:\Windows\System\TOtrsMP.exe
  2⤵
  PID:2412
- C:\Windows\System\jqoMqnP.exe
  C:\Windows\System\jqoMqnP.exe
  2⤵
  PID:6200
- C:\Windows\System\CcqkDVQ.exe
  C:\Windows\System\CcqkDVQ.exe
  2⤵
  PID:6776
- C:\Windows\System\sKwPZgX.exe
  C:\Windows\System\sKwPZgX.exe
  2⤵
  PID:6916
- C:\Windows\System\HWzNNNR.exe
  C:\Windows\System\HWzNNNR.exe
  2⤵
  PID:5968
- C:\Windows\System\njRMJTZ.exe
  C:\Windows\System\njRMJTZ.exe
  2⤵
  PID:7060
- C:\Windows\System\MeazESs.exe
  C:\Windows\System\MeazESs.exe
  2⤵
  PID:6140
- C:\Windows\System\iVJLHCg.exe
  C:\Windows\System\iVJLHCg.exe
  2⤵
  PID:6008
- C:\Windows\System\RTAVoVk.exe
  C:\Windows\System\RTAVoVk.exe
  2⤵
  PID:6224
- C:\Windows\System\tFHUmXq.exe
  C:\Windows\System\tFHUmXq.exe
  2⤵
  PID:5408
- C:\Windows\System\MozoHcu.exe
  C:\Windows\System\MozoHcu.exe
  2⤵
  PID:6648
- C:\Windows\System\ENMrbWi.exe
  C:\Windows\System\ENMrbWi.exe
  2⤵
  PID:6864
- C:\Windows\System\MBgneQP.exe
  C:\Windows\System\MBgneQP.exe
  2⤵
  PID:6304
- C:\Windows\System\pdZlvwF.exe
  C:\Windows\System\pdZlvwF.exe
  2⤵
  PID:6512
- C:\Windows\System\vBPfpwG.exe
  C:\Windows\System\vBPfpwG.exe
  2⤵
  PID:7080
- C:\Windows\System\nuhRauz.exe
  C:\Windows\System\nuhRauz.exe
  2⤵
  PID:6952
- C:\Windows\System\LaGbQCL.exe
  C:\Windows\System\LaGbQCL.exe
  2⤵
  PID:6964
- C:\Windows\System\fPpqBwK.exe
  C:\Windows\System\fPpqBwK.exe
  2⤵
  PID:7020
- C:\Windows\System\PQkrqSR.exe
  C:\Windows\System\PQkrqSR.exe
  2⤵
  PID:6212
- C:\Windows\System\diKGnaP.exe
  C:\Windows\System\diKGnaP.exe
  2⤵
  PID:6392
- C:\Windows\System\bvFACMD.exe
  C:\Windows\System\bvFACMD.exe
  2⤵
  PID:6688
- C:\Windows\System\wnwikiY.exe
  C:\Windows\System\wnwikiY.exe
  2⤵
  PID:6932
- C:\Windows\System\JxGzJFP.exe
  C:\Windows\System\JxGzJFP.exe
  2⤵
  PID:6548
- C:\Windows\System\MfXIZjS.exe
  C:\Windows\System\MfXIZjS.exe
  2⤵
  PID:6884
- C:\Windows\System\OEDaWgq.exe
  C:\Windows\System\OEDaWgq.exe
  2⤵
  PID:7032
- C:\Windows\System\wBlVnId.exe
  C:\Windows\System\wBlVnId.exe
  2⤵
  PID:6432
- C:\Windows\System\BSRTmTn.exe
  C:\Windows\System\BSRTmTn.exe
  2⤵
  PID:6484
- C:\Windows\System\awgJyZc.exe
  C:\Windows\System\awgJyZc.exe
  2⤵
  PID:6980
- C:\Windows\System\FkQnZgp.exe
  C:\Windows\System\FkQnZgp.exe
  2⤵
  PID:6700
- C:\Windows\System\AqTrdKx.exe
  C:\Windows\System\AqTrdKx.exe
  2⤵
  PID:6956
- C:\Windows\System\fayDFOm.exe
  C:\Windows\System\fayDFOm.exe
  2⤵
  PID:6572
- C:\Windows\System\XhuILsa.exe
  C:\Windows\System\XhuILsa.exe
  2⤵
  PID:7176
- C:\Windows\System\LEBNeTa.exe
  C:\Windows\System\LEBNeTa.exe
  2⤵
  PID:7192
- C:\Windows\System\Htjhxnj.exe
  C:\Windows\System\Htjhxnj.exe
  2⤵
  PID:7208
- C:\Windows\System\LqaLVbP.exe
  C:\Windows\System\LqaLVbP.exe
  2⤵
  PID:7252
- C:\Windows\System\ULYfwyK.exe
  C:\Windows\System\ULYfwyK.exe
  2⤵
  PID:7268
- C:\Windows\System\sfUoPcr.exe
  C:\Windows\System\sfUoPcr.exe
  2⤵
  PID:7312
- C:\Windows\System\jTwnZUB.exe
  C:\Windows\System\jTwnZUB.exe
  2⤵
  PID:7332
- C:\Windows\System\HryYjXm.exe
  C:\Windows\System\HryYjXm.exe
  2⤵
  PID:7348
- C:\Windows\System\HDwKhnL.exe
  C:\Windows\System\HDwKhnL.exe
  2⤵
  PID:7364
- C:\Windows\System\qYLnZaG.exe
  C:\Windows\System\qYLnZaG.exe
  2⤵
  PID:7384
- C:\Windows\System\TeteyHt.exe
  C:\Windows\System\TeteyHt.exe
  2⤵
  PID:7408
- C:\Windows\System\uPzvbkH.exe
  C:\Windows\System\uPzvbkH.exe
  2⤵
  PID:7424
- C:\Windows\System\qePzTfj.exe
  C:\Windows\System\qePzTfj.exe
  2⤵
  PID:7452
- C:\Windows\System\WczwPbx.exe
  C:\Windows\System\WczwPbx.exe
  2⤵
  PID:7468
- C:\Windows\System\KCxIpmi.exe
  C:\Windows\System\KCxIpmi.exe
  2⤵
  PID:7492
- C:\Windows\System\dNaWKCI.exe
  C:\Windows\System\dNaWKCI.exe
  2⤵
  PID:7508
- C:\Windows\System\fVmDXMq.exe
  C:\Windows\System\fVmDXMq.exe
  2⤵
  PID:7524
- C:\Windows\System\zoMJEXN.exe
  C:\Windows\System\zoMJEXN.exe
  2⤵
  PID:7544
- C:\Windows\System\XPoBvHq.exe
  C:\Windows\System\XPoBvHq.exe
  2⤵
  PID:7564
- C:\Windows\System\inzlNqP.exe
  C:\Windows\System\inzlNqP.exe
  2⤵
  PID:7584
- C:\Windows\System\OnumpSJ.exe
  C:\Windows\System\OnumpSJ.exe
  2⤵
  PID:7600
- C:\Windows\System\aQEwpcf.exe
  C:\Windows\System\aQEwpcf.exe
  2⤵
  PID:7620
- C:\Windows\System\ATbbiAK.exe
  C:\Windows\System\ATbbiAK.exe
  2⤵
  PID:7636
- C:\Windows\System\EyoxOKU.exe
  C:\Windows\System\EyoxOKU.exe
  2⤵
  PID:7652
- C:\Windows\System\sflLnrk.exe
  C:\Windows\System\sflLnrk.exe
  2⤵
  PID:7676
- C:\Windows\System\YYkHaNc.exe
  C:\Windows\System\YYkHaNc.exe
  2⤵
  PID:7700
- C:\Windows\System\OktuuUf.exe
  C:\Windows\System\OktuuUf.exe
  2⤵
  PID:7728
- C:\Windows\System\NDQOuvz.exe
  C:\Windows\System\NDQOuvz.exe
  2⤵
  PID:7744
- C:\Windows\System\YJBmUAw.exe
  C:\Windows\System\YJBmUAw.exe
  2⤵
  PID:7760
- C:\Windows\System\rXcdsrA.exe
  C:\Windows\System\rXcdsrA.exe
  2⤵
  PID:7776
- C:\Windows\System\HGKFbRR.exe
  C:\Windows\System\HGKFbRR.exe
  2⤵
  PID:7796
- C:\Windows\System\iGZalJL.exe
  C:\Windows\System\iGZalJL.exe
  2⤵
  PID:7816
- C:\Windows\System\KtadZnI.exe
  C:\Windows\System\KtadZnI.exe
  2⤵
  PID:7832
- C:\Windows\System\xoHRwDE.exe
  C:\Windows\System\xoHRwDE.exe
  2⤵
  PID:7852
- C:\Windows\System\CWsopDe.exe
  C:\Windows\System\CWsopDe.exe
  2⤵
  PID:7868
- C:\Windows\System\pkILQYX.exe
  C:\Windows\System\pkILQYX.exe
  2⤵
  PID:7888
- C:\Windows\System\bwtBnkp.exe
  C:\Windows\System\bwtBnkp.exe
  2⤵
  PID:7908
- C:\Windows\System\xgairqC.exe
  C:\Windows\System\xgairqC.exe
  2⤵
  PID:7928
- C:\Windows\System\HqGtsGa.exe
  C:\Windows\System\HqGtsGa.exe
  2⤵
  PID:7944
- C:\Windows\System\lMesZdk.exe
  C:\Windows\System\lMesZdk.exe
  2⤵
  PID:7996
- C:\Windows\System\SxtaUzZ.exe
  C:\Windows\System\SxtaUzZ.exe
  2⤵
  PID:8016
- C:\Windows\System\tQYxQlf.exe
  C:\Windows\System\tQYxQlf.exe
  2⤵
  PID:8032
- C:\Windows\System\DMHBCXV.exe
  C:\Windows\System\DMHBCXV.exe
  2⤵
  PID:8048
- C:\Windows\System\vRswUKt.exe
  C:\Windows\System\vRswUKt.exe
  2⤵
  PID:8068
- C:\Windows\System\IpbtRNf.exe
  C:\Windows\System\IpbtRNf.exe
  2⤵
  PID:8084
- C:\Windows\System\AgclZAe.exe
  C:\Windows\System\AgclZAe.exe
  2⤵
  PID:8108
- C:\Windows\System\RUaiiou.exe
  C:\Windows\System\RUaiiou.exe
  2⤵
  PID:8124
- C:\Windows\System\McIUKRN.exe
  C:\Windows\System\McIUKRN.exe
  2⤵
  PID:8144
- C:\Windows\System\xlaiXeg.exe
  C:\Windows\System\xlaiXeg.exe
  2⤵
  PID:8160
- C:\Windows\System\KyrwWnv.exe
  C:\Windows\System\KyrwWnv.exe
  2⤵
  PID:8180
- C:\Windows\System\mbOjoAG.exe
  C:\Windows\System\mbOjoAG.exe
  2⤵
  PID:6320
- C:\Windows\System\YzSYLqF.exe
  C:\Windows\System\YzSYLqF.exe
  2⤵
  PID:7200
- C:\Windows\System\oKgyxXP.exe
  C:\Windows\System\oKgyxXP.exe
  2⤵
  PID:5740
- C:\Windows\System\uqzGKEE.exe
  C:\Windows\System\uqzGKEE.exe
  2⤵
  PID:7264
- C:\Windows\System\qbFdqVS.exe
  C:\Windows\System\qbFdqVS.exe
  2⤵
  PID:6960
- C:\Windows\System\wWsgURL.exe
  C:\Windows\System\wWsgURL.exe
  2⤵
  PID:2988
- C:\Windows\System\yiXRRIf.exe
  C:\Windows\System\yiXRRIf.exe
  2⤵
  PID:6368
- C:\Windows\System\xYLtVqi.exe
  C:\Windows\System\xYLtVqi.exe
  2⤵
  PID:6996
- C:\Windows\System\dPoyruF.exe
  C:\Windows\System\dPoyruF.exe
  2⤵
  PID:7016
- C:\Windows\System\jlOCFNy.exe
  C:\Windows\System\jlOCFNy.exe
  2⤵
  PID:6264
- C:\Windows\System\APSiexo.exe
  C:\Windows\System\APSiexo.exe
  2⤵
  PID:7224
- C:\Windows\System\PFMzbTH.exe
  C:\Windows\System\PFMzbTH.exe
  2⤵
  PID:7248
- C:\Windows\System\NmfClhS.exe
  C:\Windows\System\NmfClhS.exe
  2⤵
  PID:7304
- C:\Windows\System\RzlBasv.exe
  C:\Windows\System\RzlBasv.exe
  2⤵
  PID:7324
- C:\Windows\System\cTDZchA.exe
  C:\Windows\System\cTDZchA.exe
  2⤵
  PID:7416
- C:\Windows\System\DJvnQjg.exe
  C:\Windows\System\DJvnQjg.exe
  2⤵
  PID:7340
- C:\Windows\System\jkDRiMQ.exe
  C:\Windows\System\jkDRiMQ.exe
  2⤵
  PID:7380
- C:\Windows\System\WlXWkvi.exe
  C:\Windows\System\WlXWkvi.exe
  2⤵
  PID:7520
- C:\Windows\System\RDLbOCy.exe
  C:\Windows\System\RDLbOCy.exe
  2⤵
  PID:7596
- C:\Windows\System\KEqZXug.exe
  C:\Windows\System\KEqZXug.exe
  2⤵
  PID:7532
- C:\Windows\System\RUSSHho.exe
  C:\Windows\System\RUSSHho.exe
  2⤵
  PID:7664
- C:\Windows\System\dRRBbbb.exe
  C:\Windows\System\dRRBbbb.exe
  2⤵
  PID:7716
- C:\Windows\System\lllzeGx.exe
  C:\Windows\System\lllzeGx.exe
  2⤵
  PID:7644
- C:\Windows\System\VSZxltv.exe
  C:\Windows\System\VSZxltv.exe
  2⤵
  PID:7788
- C:\Windows\System\ouSFmuT.exe
  C:\Windows\System\ouSFmuT.exe
  2⤵
  PID:7828
- C:\Windows\System\wmpFrAQ.exe
  C:\Windows\System\wmpFrAQ.exe
  2⤵
  PID:7904
- C:\Windows\System\wWGpDAp.exe
  C:\Windows\System\wWGpDAp.exe
  2⤵
  PID:7608
- C:\Windows\System\McooBsp.exe
  C:\Windows\System\McooBsp.exe
  2⤵
  PID:7920
- C:\Windows\System\ncFBFiP.exe
  C:\Windows\System\ncFBFiP.exe
  2⤵
  PID:7692
- C:\Windows\System\WtVZfuB.exe
  C:\Windows\System\WtVZfuB.exe
  2⤵
  PID:7768
- C:\Windows\System\pLWImAf.exe
  C:\Windows\System\pLWImAf.exe
  2⤵
  PID:7812
- C:\Windows\System\cFFjMNW.exe
  C:\Windows\System\cFFjMNW.exe
  2⤵
  PID:7876
- C:\Windows\System\TkheRvT.exe
  C:\Windows\System\TkheRvT.exe
  2⤵
  PID:7960
- C:\Windows\System\IYUKTOX.exe
  C:\Windows\System\IYUKTOX.exe
  2⤵
  PID:7976
- C:\Windows\System\otGtsuQ.exe
  C:\Windows\System\otGtsuQ.exe
  2⤵
  PID:8004
- C:\Windows\System\BmthGxv.exe
  C:\Windows\System\BmthGxv.exe
  2⤵
  PID:8040
- C:\Windows\System\EYFInpZ.exe
  C:\Windows\System\EYFInpZ.exe
  2⤵
  PID:6096
- C:\Windows\System\gzuqQkx.exe
  C:\Windows\System\gzuqQkx.exe
  2⤵
  PID:6532
- C:\Windows\System\cbyFuOL.exe
  C:\Windows\System\cbyFuOL.exe
  2⤵
  PID:7184
- C:\Windows\System\FKelZGm.exe
  C:\Windows\System\FKelZGm.exe
  2⤵
  PID:7300
- C:\Windows\System\OtbiaqS.exe
  C:\Windows\System\OtbiaqS.exe
  2⤵
  PID:8064
- C:\Windows\System\xDGqFvc.exe
  C:\Windows\System\xDGqFvc.exe
  2⤵
  PID:8140
- C:\Windows\System\zITbOid.exe
  C:\Windows\System\zITbOid.exe
  2⤵
  PID:6848
- C:\Windows\System\btRztVg.exe
  C:\Windows\System\btRztVg.exe
  2⤵
  PID:5676
- C:\Windows\System\EJxeVwt.exe
  C:\Windows\System\EJxeVwt.exe
  2⤵
  PID:7236
- C:\Windows\System\ghGXcen.exe
  C:\Windows\System\ghGXcen.exe
  2⤵
  PID:7328
- C:\Windows\System\bVuJYlS.exe
  C:\Windows\System\bVuJYlS.exe
  2⤵
  PID:7480
- C:\Windows\System\RlwgtIS.exe
  C:\Windows\System\RlwgtIS.exe
  2⤵
  PID:7560
- C:\Windows\System\gBkNRpf.exe
  C:\Windows\System\gBkNRpf.exe
  2⤵
  PID:7444
- C:\Windows\System\oefMEDn.exe
  C:\Windows\System\oefMEDn.exe
  2⤵
  PID:7612
- C:\Windows\System\gGGwJmF.exe
  C:\Windows\System\gGGwJmF.exe
  2⤵
  PID:7576
- C:\Windows\System\XcLDTYb.exe
  C:\Windows\System\XcLDTYb.exe
  2⤵
  PID:7804
- C:\Windows\System\OPZxCJr.exe
  C:\Windows\System\OPZxCJr.exe
  2⤵
  PID:7984
- C:\Windows\System\UWZfLfj.exe
  C:\Windows\System\UWZfLfj.exe
  2⤵
  PID:8120
- C:\Windows\System\ugblAcl.exe
  C:\Windows\System\ugblAcl.exe
  2⤵
  PID:6228
- C:\Windows\System\vUohUSA.exe
  C:\Windows\System\vUohUSA.exe
  2⤵
  PID:6796
- C:\Windows\System\gePzntC.exe
  C:\Windows\System\gePzntC.exe
  2⤵
  PID:7628
- C:\Windows\System\vNOYDAg.exe
  C:\Windows\System\vNOYDAg.exe
  2⤵
  PID:7720
- C:\Windows\System\DsvHjSp.exe
  C:\Windows\System\DsvHjSp.exe
  2⤵
  PID:8008
- C:\Windows\System\ddOvGAU.exe
  C:\Windows\System\ddOvGAU.exe
  2⤵
  PID:7900
- C:\Windows\System\WOgGThI.exe
  C:\Windows\System\WOgGThI.exe
  2⤵
  PID:7736
- C:\Windows\System\AilJrUl.exe
  C:\Windows\System\AilJrUl.exe
  2⤵
  PID:7968
- C:\Windows\System\LGRPvfp.exe
  C:\Windows\System\LGRPvfp.exe
  2⤵
  PID:8104
- C:\Windows\System\BfbyVZV.exe
  C:\Windows\System\BfbyVZV.exe
  2⤵
  PID:6396
- C:\Windows\System\TofukdN.exe
  C:\Windows\System\TofukdN.exe
  2⤵
  PID:8172
- C:\Windows\System\vbqhTCi.exe
  C:\Windows\System\vbqhTCi.exe
  2⤵
  PID:7220
- C:\Windows\System\RifTVaJ.exe
  C:\Windows\System\RifTVaJ.exe
  2⤵
  PID:6616
- C:\Windows\System\GbeLEVT.exe
  C:\Windows\System\GbeLEVT.exe
  2⤵
  PID:8028
- C:\Windows\System\MmLHSIf.exe
  C:\Windows\System\MmLHSIf.exe
  2⤵
  PID:8156
- C:\Windows\System\sLeqhwJ.exe
  C:\Windows\System\sLeqhwJ.exe
  2⤵
  PID:7216
- C:\Windows\System\JuhVbhr.exe
  C:\Windows\System\JuhVbhr.exe
  2⤵
  PID:8056
- C:\Windows\System\SBaqpqr.exe
  C:\Windows\System\SBaqpqr.exe
  2⤵
  PID:7540
- C:\Windows\System\wNoAvam.exe
  C:\Windows\System\wNoAvam.exe
  2⤵
  PID:6832
- C:\Windows\System\VyAzSjl.exe
  C:\Windows\System\VyAzSjl.exe
  2⤵
  PID:7392
- C:\Windows\System\RlcIqUy.exe
  C:\Windows\System\RlcIqUy.exe
  2⤵
  PID:6992
- C:\Windows\System\mclaGzN.exe
  C:\Windows\System\mclaGzN.exe
  2⤵
  PID:7660
- C:\Windows\System\wgYXohO.exe
  C:\Windows\System\wgYXohO.exe
  2⤵
  PID:7752
- C:\Windows\System\qoINxDZ.exe
  C:\Windows\System\qoINxDZ.exe
  2⤵
  PID:8096
- C:\Windows\System\CHmUcHq.exe
  C:\Windows\System\CHmUcHq.exe
  2⤵
  PID:7484
- C:\Windows\System\NLALztv.exe
  C:\Windows\System\NLALztv.exe
  2⤵
  PID:8116
- C:\Windows\System\OsbfQLC.exe
  C:\Windows\System\OsbfQLC.exe
  2⤵
  PID:7276
- C:\Windows\System\WHNjluJ.exe
  C:\Windows\System\WHNjluJ.exe
  2⤵
  PID:7108
- C:\Windows\System\xTOVsjp.exe
  C:\Windows\System\xTOVsjp.exe
  2⤵
  PID:7844
- C:\Windows\System\pMWoZHd.exe
  C:\Windows\System\pMWoZHd.exe
  2⤵
  PID:8176
- C:\Windows\System\XmhfUGX.exe
  C:\Windows\System\XmhfUGX.exe
  2⤵
  PID:7516
- C:\Windows\System\VDskDRO.exe
  C:\Windows\System\VDskDRO.exe
  2⤵
  PID:8216
- C:\Windows\System\MIkvNVA.exe
  C:\Windows\System\MIkvNVA.exe
  2⤵
  PID:8232
- C:\Windows\System\rlesGVn.exe
  C:\Windows\System\rlesGVn.exe
  2⤵
  PID:8248
- C:\Windows\System\MHYSovH.exe
  C:\Windows\System\MHYSovH.exe
  2⤵
  PID:8332
- C:\Windows\System\WrYeiRx.exe
  C:\Windows\System\WrYeiRx.exe
  2⤵
  PID:8348
- C:\Windows\System\gdhcICg.exe
  C:\Windows\System\gdhcICg.exe
  2⤵
  PID:8364
- C:\Windows\System\PHvnJSN.exe
  C:\Windows\System\PHvnJSN.exe
  2⤵
  PID:8380
- C:\Windows\System\AlXVIjE.exe
  C:\Windows\System\AlXVIjE.exe
  2⤵
  PID:8396
- C:\Windows\System\xyjcREE.exe
  C:\Windows\System\xyjcREE.exe
  2⤵
  PID:8412
- C:\Windows\System\QPDQPxY.exe
  C:\Windows\System\QPDQPxY.exe
  2⤵
  PID:8428
- C:\Windows\System\AVBqxcc.exe
  C:\Windows\System\AVBqxcc.exe
  2⤵
  PID:8448
- C:\Windows\System\SMRVvFX.exe
  C:\Windows\System\SMRVvFX.exe
  2⤵
  PID:8464
- C:\Windows\System\TcXmovo.exe
  C:\Windows\System\TcXmovo.exe
  2⤵
  PID:8480
- C:\Windows\System\NjSgsUt.exe
  C:\Windows\System\NjSgsUt.exe
  2⤵
  PID:8496
- C:\Windows\System\VBDihZj.exe
  C:\Windows\System\VBDihZj.exe
  2⤵
  PID:8512
- C:\Windows\System\IUwXnWc.exe
  C:\Windows\System\IUwXnWc.exe
  2⤵
  PID:8528
- C:\Windows\System\aFwcKob.exe
  C:\Windows\System\aFwcKob.exe
  2⤵
  PID:8544
- C:\Windows\System\lUIzcBB.exe
  C:\Windows\System\lUIzcBB.exe
  2⤵
  PID:8560
- C:\Windows\System\SJrYpVq.exe
  C:\Windows\System\SJrYpVq.exe
  2⤵
  PID:8576
- C:\Windows\System\dhcCWdm.exe
  C:\Windows\System\dhcCWdm.exe
  2⤵
  PID:8592
- C:\Windows\System\FKVpurV.exe
  C:\Windows\System\FKVpurV.exe
  2⤵
  PID:8608
- C:\Windows\System\JvFOVGY.exe
  C:\Windows\System\JvFOVGY.exe
  2⤵
  PID:8624
- C:\Windows\System\IpDcsvc.exe
  C:\Windows\System\IpDcsvc.exe
  2⤵
  PID:8644
- C:\Windows\System\DypzBQF.exe
  C:\Windows\System\DypzBQF.exe
  2⤵
  PID:8660
- C:\Windows\System\YgfxTUd.exe
  C:\Windows\System\YgfxTUd.exe
  2⤵
  PID:8676
- C:\Windows\System\VUsgIag.exe
  C:\Windows\System\VUsgIag.exe
  2⤵
  PID:8692
- C:\Windows\System\BWuADPW.exe
  C:\Windows\System\BWuADPW.exe
  2⤵
  PID:8708
- C:\Windows\System\QprDNJC.exe
  C:\Windows\System\QprDNJC.exe
  2⤵
  PID:8724
- C:\Windows\System\MWQxjXi.exe
  C:\Windows\System\MWQxjXi.exe
  2⤵
  PID:8740
- C:\Windows\System\vcGjkzq.exe
  C:\Windows\System\vcGjkzq.exe
  2⤵
  PID:8756
- C:\Windows\System\HqiCXJw.exe
  C:\Windows\System\HqiCXJw.exe
  2⤵
  PID:8772
- C:\Windows\System\rfyRKwY.exe
  C:\Windows\System\rfyRKwY.exe
  2⤵
  PID:8788
- C:\Windows\System\BILWmuu.exe
  C:\Windows\System\BILWmuu.exe
  2⤵
  PID:8804
- C:\Windows\System\rBDSHVR.exe
  C:\Windows\System\rBDSHVR.exe
  2⤵
  PID:8820
- C:\Windows\System\wdgaamC.exe
  C:\Windows\System\wdgaamC.exe
  2⤵
  PID:8836
- C:\Windows\System\kEeWsBZ.exe
  C:\Windows\System\kEeWsBZ.exe
  2⤵
  PID:8852
- C:\Windows\System\QzzvQCH.exe
  C:\Windows\System\QzzvQCH.exe
  2⤵
  PID:8872
- C:\Windows\System\dQODmCm.exe
  C:\Windows\System\dQODmCm.exe
  2⤵
  PID:8888
- C:\Windows\System\OdWfmwm.exe
  C:\Windows\System\OdWfmwm.exe
  2⤵
  PID:8904
- C:\Windows\System\QVJmPJx.exe
  C:\Windows\System\QVJmPJx.exe
  2⤵
  PID:8924
- C:\Windows\System\zRtDBeP.exe
  C:\Windows\System\zRtDBeP.exe
  2⤵
  PID:8940
- C:\Windows\System\zypDmfG.exe
  C:\Windows\System\zypDmfG.exe
  2⤵
  PID:8956
- C:\Windows\System\GrjlRKk.exe
  C:\Windows\System\GrjlRKk.exe
  2⤵
  PID:8972
- C:\Windows\System\LFDpgwd.exe
  C:\Windows\System\LFDpgwd.exe
  2⤵
  PID:8988
- C:\Windows\System\NiPJVzp.exe
  C:\Windows\System\NiPJVzp.exe
  2⤵
  PID:9004
- C:\Windows\System\dGBlxXF.exe
  C:\Windows\System\dGBlxXF.exe
  2⤵
  PID:9024
- C:\Windows\System\qRfTpiH.exe
  C:\Windows\System\qRfTpiH.exe
  2⤵
  PID:9048
- C:\Windows\System\GbDsxjb.exe
  C:\Windows\System\GbDsxjb.exe
  2⤵
  PID:9064
- C:\Windows\System\kkztpkc.exe
  C:\Windows\System\kkztpkc.exe
  2⤵
  PID:9200
- C:\Windows\System\pQoEkOf.exe
  C:\Windows\System\pQoEkOf.exe
  2⤵
  PID:8244
- C:\Windows\System\VGSbdQm.exe
  C:\Windows\System\VGSbdQm.exe
  2⤵
  PID:8204
- C:\Windows\System\qgzoIRx.exe
  C:\Windows\System\qgzoIRx.exe
  2⤵
  PID:7464
- C:\Windows\System\biEnPuE.exe
  C:\Windows\System\biEnPuE.exe
  2⤵
  PID:7688
- C:\Windows\System\AAGPfZi.exe
  C:\Windows\System\AAGPfZi.exe
  2⤵
  PID:8284
- C:\Windows\System\mUtMBfz.exe
  C:\Windows\System\mUtMBfz.exe
  2⤵
  PID:8308
- C:\Windows\System\LUPHiwa.exe
  C:\Windows\System\LUPHiwa.exe
  2⤵
  PID:8340
- C:\Windows\System\SpCiwph.exe
  C:\Windows\System\SpCiwph.exe
  2⤵
  PID:8388
- C:\Windows\System\EVHDmAo.exe
  C:\Windows\System\EVHDmAo.exe
  2⤵
  PID:8488
- C:\Windows\System\ZkVLXhU.exe
  C:\Windows\System\ZkVLXhU.exe
  2⤵
  PID:8444
- C:\Windows\System\PcmmXUF.exe
  C:\Windows\System\PcmmXUF.exe
  2⤵
  PID:8476
- C:\Windows\System\GiRgJuU.exe
  C:\Windows\System\GiRgJuU.exe
  2⤵
  PID:8504
- C:\Windows\System\QXYTvyN.exe
  C:\Windows\System\QXYTvyN.exe
  2⤵
  PID:8588
- C:\Windows\System\IZrjdhN.exe
  C:\Windows\System\IZrjdhN.exe
  2⤵
  PID:8656
- C:\Windows\System\yyqsgYG.exe
  C:\Windows\System\yyqsgYG.exe
  2⤵
  PID:8640
- C:\Windows\System\MePxYVT.exe
  C:\Windows\System\MePxYVT.exe
  2⤵
  PID:8632
- C:\Windows\System\gqdKHQJ.exe
  C:\Windows\System\gqdKHQJ.exe
  2⤵
  PID:8768
- C:\Windows\System\LoQQfoE.exe
  C:\Windows\System\LoQQfoE.exe
  2⤵
  PID:8832
- C:\Windows\System\vHtjheU.exe
  C:\Windows\System\vHtjheU.exe
  2⤵
  PID:8860
- C:\Windows\System\dZJWPFl.exe
  C:\Windows\System\dZJWPFl.exe
  2⤵
  PID:8896
- C:\Windows\System\HlgJhOl.exe
  C:\Windows\System\HlgJhOl.exe
  2⤵
  PID:8812
- C:\Windows\System\XfbZVgl.exe
  C:\Windows\System\XfbZVgl.exe
  2⤵
  PID:8844
- C:\Windows\System\WnCYZDF.exe
  C:\Windows\System\WnCYZDF.exe
  2⤵
  PID:8884
- C:\Windows\System\fUaKYEV.exe
  C:\Windows\System\fUaKYEV.exe
  2⤵
  PID:8964
- C:\Windows\System\jCCgXCo.exe
  C:\Windows\System\jCCgXCo.exe
  2⤵
  PID:9000
- C:\Windows\System\eexFHGk.exe
  C:\Windows\System\eexFHGk.exe
  2⤵
  PID:8984
- C:\Windows\System\zVZhZSw.exe
  C:\Windows\System\zVZhZSw.exe
  2⤵
  PID:9056
- C:\Windows\System\iuvVQnL.exe
  C:\Windows\System\iuvVQnL.exe
  2⤵
  PID:9072
- C:\Windows\System\kRuBcgA.exe
  C:\Windows\System\kRuBcgA.exe
  2⤵
  PID:9088
- C:\Windows\System\ZLPOoOe.exe
  C:\Windows\System\ZLPOoOe.exe
  2⤵
  PID:9112
- C:\Windows\System\pSYShTO.exe
  C:\Windows\System\pSYShTO.exe
  2⤵
  PID:9128
- C:\Windows\System\CalAeuP.exe
  C:\Windows\System\CalAeuP.exe
  2⤵
  PID:9144
- C:\Windows\System\jjcEooC.exe
  C:\Windows\System\jjcEooC.exe
  2⤵
  PID:9164
- C:\Windows\System\NwkYSmD.exe
  C:\Windows\System\NwkYSmD.exe
  2⤵
  PID:9160
- C:\Windows\System\WCRIXDs.exe
  C:\Windows\System\WCRIXDs.exe
  2⤵
  PID:9184
- C:\Windows\System\GWJDSXR.exe
  C:\Windows\System\GWJDSXR.exe
  2⤵
  PID:8076
- C:\Windows\System\KyrpFUc.exe
  C:\Windows\System\KyrpFUc.exe
  2⤵
  PID:7396
- C:\Windows\System\CbLguBj.exe
  C:\Windows\System\CbLguBj.exe
  2⤵
  PID:7404
- C:\Windows\System\yFyfwjR.exe
  C:\Windows\System\yFyfwjR.exe
  2⤵
  PID:8256
- C:\Windows\System\LDDUKhU.exe
  C:\Windows\System\LDDUKhU.exe
  2⤵
  PID:8304
- C:\Windows\System\rZfOMIN.exe
  C:\Windows\System\rZfOMIN.exe
  2⤵
  PID:8652
- C:\Windows\System\fAStRQs.exe
  C:\Windows\System\fAStRQs.exe
  2⤵
  PID:8800
- C:\Windows\System\XRnOiLa.exe
  C:\Windows\System\XRnOiLa.exe
  2⤵
  PID:8932
- C:\Windows\System\EVbBkXY.exe
  C:\Windows\System\EVbBkXY.exe
  2⤵
  PID:9040
- C:\Windows\System\tXWpnZl.exe
  C:\Windows\System\tXWpnZl.exe
  2⤵
  PID:8880
- C:\Windows\System\KnaJBvk.exe
  C:\Windows\System\KnaJBvk.exe
  2⤵
  PID:8996
- C:\Windows\System\AAsPVsM.exe
  C:\Windows\System\AAsPVsM.exe
  2⤵
  PID:9120
- C:\Windows\System\yHmTBvA.exe
  C:\Windows\System\yHmTBvA.exe
  2⤵
  PID:9192
- C:\Windows\System\RYhaEik.exe
  C:\Windows\System\RYhaEik.exe
  2⤵
  PID:7896
- C:\Windows\System\ECzpXUa.exe
  C:\Windows\System\ECzpXUa.exe
  2⤵
  PID:8268
- C:\Windows\System\lfpmDjd.exe
  C:\Windows\System\lfpmDjd.exe
  2⤵
  PID:8276
- C:\Windows\System\RbtIppF.exe
  C:\Windows\System\RbtIppF.exe
  2⤵
  PID:8440
- C:\Windows\System\pcAYqnP.exe
  C:\Windows\System\pcAYqnP.exe
  2⤵
  PID:8356
- C:\Windows\System\RqXXJwf.exe
  C:\Windows\System\RqXXJwf.exe
  2⤵
  PID:8584
- C:\Windows\System\aXPsCKh.exe
  C:\Windows\System\aXPsCKh.exe
  2⤵
  PID:8732
- C:\Windows\System\xhJLwJK.exe
  C:\Windows\System\xhJLwJK.exe
  2⤵
  PID:8600
- C:\Windows\System\KXXOXUe.exe
  C:\Windows\System\KXXOXUe.exe
  2⤵
  PID:8520
- C:\Windows\System\pobaNpF.exe
  C:\Windows\System\pobaNpF.exe
  2⤵
  PID:8700
- C:\Windows\System\aCfBdWr.exe
  C:\Windows\System\aCfBdWr.exe
  2⤵
  PID:8900
- C:\Windows\System\dbeoGIZ.exe
  C:\Windows\System\dbeoGIZ.exe
  2⤵
  PID:9044
- C:\Windows\System\AjzgpeS.exe
  C:\Windows\System\AjzgpeS.exe
  2⤵
  PID:9076
- C:\Windows\System\TauGRyu.exe
  C:\Windows\System\TauGRyu.exe
  2⤵
  PID:7848
- C:\Windows\System\huoZzrc.exe
  C:\Windows\System\huoZzrc.exe
  2⤵
  PID:8404
- C:\Windows\System\CGkJnDB.exe
  C:\Windows\System\CGkJnDB.exe
  2⤵
  PID:8980
- C:\Windows\System\ldBCwPS.exe
  C:\Windows\System\ldBCwPS.exe
  2⤵
  PID:8460
- C:\Windows\System\wXQinsO.exe
  C:\Windows\System\wXQinsO.exe
  2⤵
  PID:8720
- C:\Windows\System\rqSAxWO.exe
  C:\Windows\System\rqSAxWO.exe
  2⤵
  PID:8604
- C:\Windows\System\bLNLygG.exe
  C:\Windows\System\bLNLygG.exe
  2⤵
  PID:8704
- C:\Windows\System\ObkQxYj.exe
  C:\Windows\System\ObkQxYj.exe
  2⤵
  PID:9208
- C:\Windows\System\KnleSPR.exe
  C:\Windows\System\KnleSPR.exe
  2⤵
  PID:8224
- C:\Windows\System\OeTSiMi.exe
  C:\Windows\System\OeTSiMi.exe
  2⤵
  PID:9224
- C:\Windows\System\Yqowwlz.exe
  C:\Windows\System\Yqowwlz.exe
  2⤵
  PID:9240
- C:\Windows\System\jFBhHWp.exe
  C:\Windows\System\jFBhHWp.exe
  2⤵
  PID:9256
- C:\Windows\System\lqGxvkG.exe
  C:\Windows\System\lqGxvkG.exe
  2⤵
  PID:9272
- C:\Windows\System\QoxxOfS.exe
  C:\Windows\System\QoxxOfS.exe
  2⤵
  PID:9296
- C:\Windows\System\KzCzoRC.exe
  C:\Windows\System\KzCzoRC.exe
  2⤵
  PID:9312
- C:\Windows\System\OzNTjIf.exe
  C:\Windows\System\OzNTjIf.exe
  2⤵
  PID:9328
- C:\Windows\System\EciZJjl.exe
  C:\Windows\System\EciZJjl.exe
  2⤵
  PID:9344
- C:\Windows\System\lddcWNk.exe
  C:\Windows\System\lddcWNk.exe
  2⤵
  PID:9360
- C:\Windows\System\qcVeOIp.exe
  C:\Windows\System\qcVeOIp.exe
  2⤵
  PID:9376
- C:\Windows\System\oOLEjzf.exe
  C:\Windows\System\oOLEjzf.exe
  2⤵
  PID:9392
- C:\Windows\System\uvQxOdr.exe
  C:\Windows\System\uvQxOdr.exe
  2⤵
  PID:9408
- C:\Windows\System\wgdaIDf.exe
  C:\Windows\System\wgdaIDf.exe
  2⤵
  PID:9424
- C:\Windows\System\NKgdiJd.exe
  C:\Windows\System\NKgdiJd.exe
  2⤵
  PID:9444
- C:\Windows\System\kdeCLpE.exe
  C:\Windows\System\kdeCLpE.exe
  2⤵
  PID:9460
- C:\Windows\System\XxVuCCg.exe
  C:\Windows\System\XxVuCCg.exe
  2⤵
  PID:9480
- C:\Windows\System\VkHSBcV.exe
  C:\Windows\System\VkHSBcV.exe
  2⤵
  PID:9496
- C:\Windows\System\UxPsfDD.exe
  C:\Windows\System\UxPsfDD.exe
  2⤵
  PID:9596
- C:\Windows\System\nvfyWTg.exe
  C:\Windows\System\nvfyWTg.exe
  2⤵
  PID:9612
- C:\Windows\System\redauaC.exe
  C:\Windows\System\redauaC.exe
  2⤵
  PID:9628
- C:\Windows\System\nypipxW.exe
  C:\Windows\System\nypipxW.exe
  2⤵
  PID:9652
- C:\Windows\System\aaMsyIq.exe
  C:\Windows\System\aaMsyIq.exe
  2⤵
  PID:9672
- C:\Windows\System\ijKjYmQ.exe
  C:\Windows\System\ijKjYmQ.exe
  2⤵
  PID:9692
- C:\Windows\System\LTApFLZ.exe
  C:\Windows\System\LTApFLZ.exe
  2⤵
  PID:9708
- C:\Windows\System\PqCwCZg.exe
  C:\Windows\System\PqCwCZg.exe
  2⤵
  PID:9736
- C:\Windows\System\qYCoWRp.exe
  C:\Windows\System\qYCoWRp.exe
  2⤵
  PID:9752
- C:\Windows\System\NRCbcrn.exe
  C:\Windows\System\NRCbcrn.exe
  2⤵
  PID:9776
- C:\Windows\System\GftCDuX.exe
  C:\Windows\System\GftCDuX.exe
  2⤵
  PID:9800
- C:\Windows\System\iShXReb.exe
  C:\Windows\System\iShXReb.exe
  2⤵
  PID:9820
- C:\Windows\System\cUHIsgx.exe
  C:\Windows\System\cUHIsgx.exe
  2⤵
  PID:9840
- C:\Windows\System\dxouJMu.exe
  C:\Windows\System\dxouJMu.exe
  2⤵
  PID:9860
- C:\Windows\System\lvIPSjH.exe
  C:\Windows\System\lvIPSjH.exe
  2⤵
  PID:9880
- C:\Windows\System\KGdmtbI.exe
  C:\Windows\System\KGdmtbI.exe
  2⤵
  PID:9896
- C:\Windows\System\UaypmsA.exe
  C:\Windows\System\UaypmsA.exe
  2⤵
  PID:9916
- C:\Windows\System\OIQEmWy.exe
  C:\Windows\System\OIQEmWy.exe
  2⤵
  PID:9936
- C:\Windows\System\LSzPfEv.exe
  C:\Windows\System\LSzPfEv.exe
  2⤵
  PID:9952
- C:\Windows\System\RVhDDDM.exe
  C:\Windows\System\RVhDDDM.exe
  2⤵
  PID:9968
- C:\Windows\System\BdzJEye.exe
  C:\Windows\System\BdzJEye.exe
  2⤵
  PID:9984
- C:\Windows\System\SVFnDCK.exe
  C:\Windows\System\SVFnDCK.exe
  2⤵
  PID:10004
- C:\Windows\System\rdIqRds.exe
  C:\Windows\System\rdIqRds.exe
  2⤵
  PID:10028
- C:\Windows\System\FojhjLA.exe
  C:\Windows\System\FojhjLA.exe
  2⤵
  PID:10056
- C:\Windows\System\VBwZRzT.exe
  C:\Windows\System\VBwZRzT.exe
  2⤵
  PID:10076
- C:\Windows\System\sVEGorY.exe
  C:\Windows\System\sVEGorY.exe
  2⤵
  PID:10092
- C:\Windows\System\abxMOYE.exe
  C:\Windows\System\abxMOYE.exe
  2⤵
  PID:10108
- C:\Windows\System\WWfrtnn.exe
  C:\Windows\System\WWfrtnn.exe
  2⤵
  PID:10128
- C:\Windows\System\zRMRcPr.exe
  C:\Windows\System\zRMRcPr.exe
  2⤵
  PID:10156
- C:\Windows\System\IwiWqrX.exe
  C:\Windows\System\IwiWqrX.exe
  2⤵
  PID:10180
- C:\Windows\System\vpqaaUk.exe
  C:\Windows\System\vpqaaUk.exe
  2⤵
  PID:10200
- C:\Windows\System\paWCbyt.exe
  C:\Windows\System\paWCbyt.exe
  2⤵
  PID:10216
- C:\Windows\System\NQJkfSr.exe
  C:\Windows\System\NQJkfSr.exe
  2⤵
  PID:8784
- C:\Windows\System\ezmwLJC.exe
  C:\Windows\System\ezmwLJC.exe
  2⤵
  PID:9236
- C:\Windows\System\cZCzGGI.exe
  C:\Windows\System\cZCzGGI.exe
  2⤵
  PID:9308
- C:\Windows\System\vnbfDie.exe
  C:\Windows\System\vnbfDie.exe
  2⤵
  PID:9368
- C:\Windows\System\hiqOtIs.exe
  C:\Windows\System\hiqOtIs.exe
  2⤵
  PID:8360
- C:\Windows\System\mDQtejt.exe
  C:\Windows\System\mDQtejt.exe
  2⤵
  PID:9356
- C:\Windows\System\ExaBfnZ.exe
  C:\Windows\System\ExaBfnZ.exe
  2⤵
  PID:7556
- C:\Windows\System\lDjUfOw.exe
  C:\Windows\System\lDjUfOw.exe
  2⤵
  PID:9472
- C:\Windows\System\abBmRMn.exe
  C:\Windows\System\abBmRMn.exe
  2⤵
  PID:9524
- C:\Windows\System\ZsfsfkN.exe
  C:\Windows\System\ZsfsfkN.exe
  2⤵
  PID:9548
- C:\Windows\System\IQjSYns.exe
  C:\Windows\System\IQjSYns.exe
  2⤵
  PID:9572
- C:\Windows\System\GRsCzss.exe
  C:\Windows\System\GRsCzss.exe
  2⤵
  PID:8556
- C:\Windows\System\Pusdwzc.exe
  C:\Windows\System\Pusdwzc.exe
  2⤵
  PID:9252
- C:\Windows\System\WChBbmS.exe
  C:\Windows\System\WChBbmS.exe
  2⤵
  PID:9320
- C:\Windows\System\zwwuCrp.exe
  C:\Windows\System\zwwuCrp.exe
  2⤵
  PID:9388
- C:\Windows\System\umdxdoB.exe
  C:\Windows\System\umdxdoB.exe
  2⤵
  PID:9580
- C:\Windows\System\dfSjNbv.exe
  C:\Windows\System\dfSjNbv.exe
  2⤵
  PID:9588
- C:\Windows\System\mTNyugK.exe
  C:\Windows\System\mTNyugK.exe
  2⤵
  PID:9620
- C:\Windows\System\XkmMoAa.exe
  C:\Windows\System\XkmMoAa.exe
  2⤵
  PID:9664
- C:\Windows\System\SUTSKYt.exe
  C:\Windows\System\SUTSKYt.exe
  2⤵
  PID:9684
- C:\Windows\System\UftephA.exe
  C:\Windows\System\UftephA.exe
  2⤵
  PID:9716
- C:\Windows\System\CsOMXkS.exe
  C:\Windows\System\CsOMXkS.exe
  2⤵
  PID:9732
- C:\Windows\System\NqTPyJV.exe
  C:\Windows\System\NqTPyJV.exe
  2⤵
  PID:9764
- C:\Windows\System\ByegTLq.exe
  C:\Windows\System\ByegTLq.exe
  2⤵
  PID:9812
- C:\Windows\System\GrGgUwd.exe
  C:\Windows\System\GrGgUwd.exe
  2⤵
  PID:9868
- C:\Windows\System\Uhrhqib.exe
  C:\Windows\System\Uhrhqib.exe
  2⤵
  PID:9948
- C:\Windows\System\syFTAQg.exe
  C:\Windows\System\syFTAQg.exe
  2⤵
  PID:9996
- C:\Windows\System\AAyGvak.exe
  C:\Windows\System\AAyGvak.exe
  2⤵
  PID:10012
- C:\Windows\System\FddMtKF.exe
  C:\Windows\System\FddMtKF.exe
  2⤵
  PID:10036
- C:\Windows\System\ISkRaGI.exe
  C:\Windows\System\ISkRaGI.exe
  2⤵
  PID:10052
- C:\Windows\System\sWVKfAD.exe
  C:\Windows\System\sWVKfAD.exe
  2⤵
  PID:10068
- C:\Windows\System\oSxIQBh.exe
  C:\Windows\System\oSxIQBh.exe
  2⤵
  PID:10120
- C:\Windows\System\raJDmPn.exe
  C:\Windows\System\raJDmPn.exe
  2⤵
  PID:10144
- C:\Windows\System\spBYXEA.exe
  C:\Windows\System\spBYXEA.exe
  2⤵
  PID:10168
- C:\Windows\System\rDIZhMJ.exe
  C:\Windows\System\rDIZhMJ.exe
  2⤵
  PID:10192
- C:\Windows\System\pHlEpFu.exe
  C:\Windows\System\pHlEpFu.exe
  2⤵
  PID:10228
- C:\Windows\System\CsYRvBJ.exe
  C:\Windows\System\CsYRvBJ.exe
  2⤵
  PID:9232
- C:\Windows\System\fWlOCSB.exe
  C:\Windows\System\fWlOCSB.exe
  2⤵
  PID:9372
- C:\Windows\System\kFkHAQo.exe
  C:\Windows\System\kFkHAQo.exe
  2⤵
  PID:9468
- C:\Windows\System\BhGViiC.exe
  C:\Windows\System\BhGViiC.exe
  2⤵
  PID:9508
- C:\Windows\System\ktbeigo.exe
  C:\Windows\System\ktbeigo.exe
  2⤵
  PID:9556
- C:\Windows\System\cRpWhuA.exe
  C:\Windows\System\cRpWhuA.exe
  2⤵
  PID:8212
- C:\Windows\System\miOstTw.exe
  C:\Windows\System\miOstTw.exe
  2⤵
  PID:8376
- C:\Windows\System\cjdfTYk.exe
  C:\Windows\System\cjdfTYk.exe
  2⤵
  PID:9352
- C:\Windows\System\iFnYFUx.exe
  C:\Windows\System\iFnYFUx.exe
  2⤵
  PID:9680
- C:\Windows\System\ioRwRSu.exe
  C:\Windows\System\ioRwRSu.exe
  2⤵
  PID:9688
- C:\Windows\System\YtLlBhR.exe
  C:\Windows\System\YtLlBhR.exe
  2⤵
  PID:9668
- C:\Windows\System\upqQybv.exe
  C:\Windows\System\upqQybv.exe
  2⤵
  PID:9760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BOfXBHB.exe

Filesize
6.0MB

MD5
210227a142eceddfcfbb614b255b9f33

SHA1
59602fefeb6363822b2aea9e93fc078c9637072f

SHA256
d4b58f93b53534d0d70ba2650bf1afcab3203fb343e9d46e3a516fe3067c0bfd

SHA512
2eaafc76b1fc053240aab88682600c9063fe3d99b8cf74b8bdc6e1ab75cbcba041090e4bb5792b481e7417c7b4e813c1eabb304bba29e18dee1974cce2d58d98

Download Submit
C:\Windows\system\HPCcxfV.exe

Filesize
6.0MB

MD5
d5cbed1ce4a89ba451f2368fd0935227

SHA1
aaad9d7cccc1a13c6a2fc2911d15eef503bd5101

SHA256
a0d89a04f4707c7d6c13533ab6d1496417efe2c2ed8e0b8b8c4ca8ee88288616

SHA512
469e2dca63a2b7d44ac2c4a0fb1fab81f461bc09522d2af57a3eb2cd1b92b4fcec9010d7dd3436f8a59dfa4b7a7eb5c64cd0b499fe7cd9da525fefbde32f6c71

Download Submit
C:\Windows\system\JviEbnt.exe

Filesize
6.0MB

MD5
aceb3cc6abe9df4f62396c4e9c0c5898

SHA1
3e6d427acec24e5c03476cfad554ab18d76dc1a9

SHA256
e96f641aba0e1d0fe7f598d6ea6b3781d03a0a6544c7ac65c3ab00945bf265ac

SHA512
876a591dd6e163cf45b1f8d799d823c9fc8507b68333b6f42e49dbbc8d995f19f414e9e4d9eee1cd60b398fa4f32a2b7e8625bb15bbb8a572719fc893b8c9dd6

Download Submit
C:\Windows\system\JxvECvu.exe

Filesize
6.0MB

MD5
fbd9513fdf17519db3dfc56b95073d29

SHA1
5eea969713161f677887626ee91c0c081c156364

SHA256
204d8049171ece39082e6d7030bd87a8a4e4ba0694bf878c85f9e30571f9504e

SHA512
726027a3a38b91a98ceff98866adb7e6346b268004882d98cb7f90024066c56fef5b43c7b7ebbe67e06f73ffe9cffd1ccb6c334ebf39b8f0fae6c4b1ab2111ad

Download Submit
C:\Windows\system\SHpAzTe.exe

Filesize
6.0MB

MD5
a225c163d8b782057256d43d916f35d5

SHA1
9dd2a6ad7ffe4e90384b217bc231eaa59f798db6

SHA256
125ddf97e78a617b4162bea09996d59b8e7ccc257cdd9b0c919c5c88a43f692d

SHA512
d6d1f89278d54692c66ccc771ebfacf677e63ee0663600b71d945907c7470b258bc017a1cf7e8d83570f3861224a34f74cf5a1a85e46aab9aafdb825f3d7d170

Download Submit
C:\Windows\system\VhOtwak.exe

Filesize
6.0MB

MD5
b04f149b4568b5bebc97fbeb8713ba55

SHA1
59b63f4d326264e8ec30bbb32dd302105eb707f0

SHA256
6c5b1cbd58c4491d67155882e8e942cf3bd8c743b1b8060ff411d34bdb012302

SHA512
b18c820611556adee6bb02473ea48163f0bcb178325202389e97351de8ce8b3b19dbbda337394b2a262b4163d5aeb0d5e488098a94822aea8a3afe79b5735eba

Download Submit
C:\Windows\system\VrtaHmv.exe

Filesize
6.0MB

MD5
862012603ec727d4a1ffb548b0e9e205

SHA1
182d720d6b4f45411864b7198e39ed28f850f3ac

SHA256
bfb4eea1e17728d33420bbbd3dc68350d979e06c72ee1bf6242e2681f08b7269

SHA512
6cd4ef4bbe9e50968d9ddc898c9f3fbe023e4f40ba9e3f9069a07b4589ef57159e35497cb1da412e1ecbca3dc17aaee220961caf7ee89b4ede2fbaad7444f5e7

Download Submit
C:\Windows\system\WCCTSsA.exe

Filesize
6.0MB

MD5
e1efd86d4bda3fc8da3f43bb93d2aeca

SHA1
8b592a038d7849f58486abb0008da298bff108b8

SHA256
6700061e3bbbb041bd308b4fdf5fc8494a4ac2ee3fc322daf647a02ac3af03f1

SHA512
3c1d4c3c9bfa3e92fa488750815948f6e55af061c75146ee850ab65f166a614ad4a466f2ca63024feeabe201f65a77600e5e492a0ab074478361833483a8223b

Download Submit
C:\Windows\system\YByPHgO.exe

Filesize
6.0MB

MD5
523481357a7a1d4f51461cb80d517143

SHA1
014f47337b6bfbbdd4e40660307f3ab4e2daaf4b

SHA256
e25bc0b10ad4747c933fcd1373ea7fd21ffebca0ab69fb7fd9175adeda1ecb55

SHA512
00fff5e73e6bf43045a841281624cde03d8b8066bec4dac1f3aca9a19b18284ec1bb6440efe3a7c471e21bfb3b84608fe1b2f149f87e6383ab91c80180843dd2

Download Submit
C:\Windows\system\ZkzyxTB.exe

Filesize
6.0MB

MD5
5b3b7a35437d8f410c555a5aebfab1fe

SHA1
28cc73aaa491a8ed3ae2a6f0535a88b70d23bd7a

SHA256
c34476650a27d7976f5e2f6dfd58f655923b5d41ae908659615201577726b277

SHA512
ff3dae021810705e6cc50618ca8a0a8fb0fc42e100759c586628b5c9d825015e2758173da73d2d7efa389628fb3b2f108bd290bebc640fcb809aff22a3667ee8

Download Submit
C:\Windows\system\gJarRIL.exe

Filesize
6.0MB

MD5
9352653c7e2ce112185e517fe23ef96a

SHA1
09418efc476c1cb080dc89c73d00850887d31f3f

SHA256
80c3c202e8f7195a19cccf436fc57a328af62da0ad55d20db6cfc54bf006ee73

SHA512
81b77a81998a33a12d0d7c571706f916abdb8b17fe9ef80f375ec5b7935ff041b1fb1f2b15b21a7eb934a7c210aa248a2be1a7609c6cb5eab683fa557768a2de

Download Submit
C:\Windows\system\iCKLJkb.exe

Filesize
6.0MB

MD5
9b07110405674449405f5d36c2020b30

SHA1
26cbc115e04117f704d5b5617de5c85f226ef28f

SHA256
074e16a032a85cb38cb980ea71dbb0b6f6a58c4fc27acee377f28aa4768fbcd6

SHA512
b71b313868b7696c8c6dd49b389a4dbba6dfc784f0e8816a08a3791439dc4aed90b5024d75de273d6eca809b7e9537dd14db051eac0e561de7d6c9f050acd34d

Download Submit
C:\Windows\system\mobRkXa.exe

Filesize
6.0MB

MD5
09eb116acbaa7bc58f604c061a9747e4

SHA1
521399b634261f5b108f60538d0cdd37b81271b0

SHA256
52461e4bd8d95e3adbcdd8f463d9ffb00928d4d86f9fadbeda9d91628af2672b

SHA512
18a04ea53134b10206140813348c6f908f1fef9b0192e4ed40adb35aabbb72aac16d467e2358b42b52dd1027196a36de083ceb088c2c2f1aac9947cf9ea6535b

Download Submit
C:\Windows\system\mxlTtPy.exe

Filesize
6.0MB

MD5
704a40ea7be8edd1102d834a8836ffc2

SHA1
e8897ff207455f8f3e81572daccf222bac73d293

SHA256
e0c6c887d626885c45176d39527e690bf26bc61c365a4f086928363c9c579236

SHA512
6d35b11765ea6738a4e79700f7fc82af7631f5e725a20a3dc135db57ff1051a4879780ff72a5c36445b3eaa9acf2c217c1c5d5a4f8888981c098323a5bbc0114

Download Submit
C:\Windows\system\nAWLpCm.exe

Filesize
6.0MB

MD5
2196af3f6187a3aa5050cec299337590

SHA1
ebd154fd591109200c0d70db4196878bee2ccc92

SHA256
19e561a31dfc624e3d7e7f5165bb0d1bd4ccc1f86eaf63c79cea6bbef69cd94a

SHA512
d4be0989d4df92404efd1f7f02bd32f386a6380bf5acecc94eb9c2c9b836d5a527b7e61a1fa76c408026088a3b95977e2c5a1a9b5f18e4a729e4d442b9e0847a

Download Submit
C:\Windows\system\owUMfij.exe

Filesize
6.0MB

MD5
ac5bc8f04ffb5c0a480c3681ff4db164

SHA1
9b8b51309c1f347b20e59a4c2deb0c999e9346be

SHA256
2caeeb227e39de01b8e2238234349669da01d9480ac2dc4f5ace493649588965

SHA512
ad2fffcdd21cce3068832e2afd3c82e71861caf3c59ba36ec858d960fe54716b8a69918b8df356ee8f18233632935c51abfd829df52337440a2f3f046960ab05

Download Submit
C:\Windows\system\pqUEPso.exe

Filesize
6.0MB

MD5
f58bc7045e56b1067f92aa9b3b3c2b8e

SHA1
8c525a86ae7dd731b52c748c16d996401e3e503f

SHA256
1f9d32c2de6758b553b92533b448ef77dba129a57c493996ee01778b856f947e

SHA512
c9ecbde8656f341d7a78005db2523aa025903ddb9c672a3a0ab0e91052c00c88f845e22f36241c098f379fe79e2188c10ce630516cd792cb65d29dd3771e6a4e

Download Submit
C:\Windows\system\tFlhBpz.exe

Filesize
6.0MB

MD5
e2a4879049ef6b168897eaf322d689ef

SHA1
3f5ca792fc3c9ea7f8dac08369afffb2187e3d50

SHA256
94ef1e587c3660ba21fc48fcd51d17987c6b4e14535dc9eadd0df3f6de46f29d

SHA512
928cc6bd475cbb18654de1c191469dc00c8f93b04d11c4641704e18e9562246b1cbb7c2a119a7fe22d4678b486c50446c9ce11d2d1347b24f1032e56fee3ceaf

Download Submit
C:\Windows\system\vjvcsAX.exe

Filesize
6.0MB

MD5
ab33ffa0a2a448a63d0be5683787ef7b

SHA1
d75967ef99cc3810357038f94f3e828fc4908a0c

SHA256
deba4ad0259801c72d5446531746b595c381f2ffb1f48a456ef4d9396cf53ea0

SHA512
b5c38aab25582ca56ff2a1f6f641cfe40eff4f58a8f9b88ef6111743ad94129f91be930d9610f4bd9d3e126813d6255cb02de7840e0781cf0aef06edc105d609

Download Submit
C:\Windows\system\wjKHtFB.exe

Filesize
6.0MB

MD5
a4fd55f360186719c23ece4aab7ab371

SHA1
e4a8a816221a2f945bf90dc7299a2707e02ee4fb

SHA256
407cd4635a173f5be00eaf0dca51cc49a185df33ae81cabc12a83d135f0c6d84

SHA512
31c89478a269ab670eadf87d01f09cac93cfe9084dabeb57e141d88024fc7b8f0c383fec44a5307e68613753127d070dd51ffcb5f263698fd4fb0a16ac751c33

Download Submit
C:\Windows\system\xiFZzCT.exe

Filesize
6.0MB

MD5
fe8c31a178da4143812a6eef1062837b

SHA1
dd3d223e19fd4abb4d6f4d084396073c60faf717

SHA256
748dbf518faef1b4aafcabcd5131493a7d2532d1ab312160f57030ac5c7713b2

SHA512
e4ad9c1606e3bc91f5e6cb02ab2b6136294b29e0939f5229308483f91b5f8e997390ba3f979cc3a75300a4cd731d881c945b16a3c5b51a4eacc9c8d9f63c0bc3

Download Submit
C:\Windows\system\yJgxqGW.exe

Filesize
6.0MB

MD5
cab2b21515eabc7eadb5b137af87b811

SHA1
7be5a13622f1b8c8b51d04fefa66966c55afe00c

SHA256
5bdd0f8c990c45ff761ce16fa5777fd1d1478307288e02647197cecbfcce654e

SHA512
7d2ac3cbac7c9a480eaa8ee1f3e8194b11f3cc4ba4a07f4373953c46bab7b14e6bce69347b000413dc8dacb0b606f6e9d5bdd701f80b322b1c38c7f320aebae6

Download Submit
\Windows\system\ABWOupR.exe

Filesize
6.0MB

MD5
ab4ffe6145e672536fc4166978feef58

SHA1
9f02e7c71d5b929816c13fd57fe0bea60b0e7448

SHA256
1a45d9db4ec2d1d62bc05613e1d2183ff04b3db461b7d161154d43a22fba7984

SHA512
824411fb30c391e9ebf771e756bb103e75386fbf8953d96f25da0dd76b8b8db98ece434c62d309985953ac6d0fc7d3004f268d1ad7d2e3879213ea8bd8015bb9

Download Submit
\Windows\system\HFYBtfm.exe

Filesize
6.0MB

MD5
86411d8d27325cd780fca23a3b5d48b5

SHA1
c58abdfff4418905658d9e1ae710efe41dcde233

SHA256
36792120041c2525d45bae467fd340980bf057eb58a3778afac4abb1ff85ee53

SHA512
d872baaeb2ceb852b0d4a2de380b7fb1c9207c2bfc5341f754c993439aa81db7ed405527b8d627f91d676b60f3a89e3d8b3595df50d3f2ea372b5a432ba2a5ac

Download Submit
\Windows\system\SOPDToh.exe

Filesize
6.0MB

MD5
0421663adf38e30f15bab54e82139c38

SHA1
c8d0f5d36a0d98c790c3dd654f40f3c025bd6ab4

SHA256
be76b115ecea38b63b8205d894afa13f1a7a095a4851252bf156a994fd744114

SHA512
a8333a7abf2f9364de7c4b5c65bb141461a8d9ed1c08e4b148ce59f6ab60598bf2a61f8fb1ac2175ccd3d2f3053d646de6676a5252f5475d0c1e8e6a7939a8b8

Download Submit
\Windows\system\gERYUtm.exe

Filesize
6.0MB

MD5
b29a6d35993c933aeb1533529540ec4a

SHA1
7e4f4a3d50049c7671ef19fcbc7dc74e9e5f4200

SHA256
890b4e79688ef5e50692ea8f2212246fca18e2bc3c52b0157a3136fb7861f9b8

SHA512
24d005e39534f4582f7af4b35060e330b2769a5f31f376d218f191e36695b843223e45235d39e6ea9efb9334e2dc3e542ddc84d49409657cdc5cfe02cfcaf87a

Download Submit
\Windows\system\gJmveEk.exe

Filesize
6.0MB

MD5
418d4b815cf7f1cf62e82d59b49c953b

SHA1
912f69a04f1209232a301748fa2b9b61dc42b7e4

SHA256
fd0fb5b107666e3d4ee8cbad9292cb28d8593a43bdf89cc8a02c9bd6d2891cdb

SHA512
ce1b9f19d7dfa1c069459d1f8f7db680d26b7b33a7aa2c8bad995c4755edb0ebb365cd68ea3da422923b930a3343698c03f187117b42ea115aea5c332b5ddc8a

Download Submit
\Windows\system\hktcVbt.exe

Filesize
6.0MB

MD5
b12cee2a45dd4b99b395e537ab3f2110

SHA1
b3eecd62dbc90801bd8b95d2dbad4ccc66cc6fd4

SHA256
94e80d81943d72c3a3b2b5ff9d6cf663efe5d1d9f00f515a3370ab252fcfec21

SHA512
fb138ab427e7e9c73fa3553822617b37075b5447db7f58d5c4970122569b9487cb4bb35bc381319db720d36bd0a21b2b94a10b94236b7f07454ad15ede45fcd2

Download Submit
\Windows\system\kcUSFCU.exe

Filesize
6.0MB

MD5
e8aabfec0e7c745720832d7e32e35ee6

SHA1
78a9ed21a1c2e4c240acc511d5f4fd36e6f20e02

SHA256
8a3ce6b13bc4fa9c26feb72f8114d2fd8587f24b3de51eb00bc84aa3d143c649

SHA512
702f3da6425c4e73b179c36386e91de130d0a2f5b7c6caf1eb9f2e85d32311de9ceab167511dc98f1b37bc46417b4b9ca847d6357b80b43404e4e7df5b52be0f

Download Submit
\Windows\system\lFAEnMt.exe

Filesize
6.0MB

MD5
3f93d5f6f32678746a07b1bd2d00aed5

SHA1
7fce62613c05f7aa3a087bac075fd4f221e43a5d

SHA256
5e28b008a75d8e2e63212f9d68d30ad6a2fa4007d49df440e0918ff7e82fb73a

SHA512
43190172a2f861c053bf7b079a5ea84925bf9ce20a5ef2d4f0d3c8966545953fdeeec24573d9d1f318e7eaf8bb18286802feda21c230e2b7a86bd01d1d0a8fa2

Download Submit
\Windows\system\nYTLDve.exe

Filesize
6.0MB

MD5
25b49dc95fb6028625f94208a03b7a79

SHA1
7ce3c9ec76ebfe4b0323b046f173e53af59fa4db

SHA256
de86caa409448c3bc742ce65b70270d097132fc39c51294561f855b743908832

SHA512
e4edd7786d4f40013513d15dd034c4cd675910680c9221a60f00adca5d6a39f7d5e8acc1abbf9bb931f7d585938f6fc2c39b32e6e7595e35348d87bf79bc2cdc

Download Submit
\Windows\system\reyNVZY.exe

Filesize
6.0MB

MD5
62f7e8ccc128c6bd0cee5bcd7c607c04

SHA1
e8ec9c984eeb4216102d3eb88ac32eaed3f03277

SHA256
92af95faf698d88cb4177ec673f944acee93bcbc40c6bdff8034dff7358603da

SHA512
c4beb47a03bd4d308d41ce8a84a8f9bd5e62669e4160b53022affa014184a88d628378294c2511e70a99645ba6ac6cac04141229dc8bdf21b8e8c9fc62eef926

Download Submit
\Windows\system\sLMcCzU.exe

Filesize
6.0MB

MD5
f3c699cf1e84dc2e6002dc9b1b292cb2

SHA1
efa37776f9b5763cb25d1b1f1dd1f4b0240dacf0

SHA256
2c66d086453eb27d8f36eb0d32604c02084a098b61eedb8e1b3f3959571eb25a

SHA512
b2754646dfeca77311c6950583c0dc42a0601a729f27cc7f1f038b35895dfa5a738a5b0dfbf577c7504f4fbbfc3c167dca6b88ecd03fa260977d522f2851a0aa

Download Submit
\Windows\system\vHuBher.exe

Filesize
6.0MB

MD5
c73c64ebb31832baf0f6ba3b4bc7ff38

SHA1
29824c2670c4240c2cbcae827c9df20ceef10b02

SHA256
a3afc7b4f357b455a3ff4bafdf50049dd7001a668a17deee65cf9d22d0474070

SHA512
137c513a69f0bebfdc9b9fe6cd3acaafccb5b796e519e6bcb0cde4f3b165024372d6dca21eed7f4329067e606da5f00770b70db008f4613340a452620d19b18b

Download Submit
\Windows\system\zlnVKkB.exe

Filesize
6.0MB

MD5
649803ffc98f0c0f6bfb5a6acbe6f72d

SHA1
3328bdbe21ff885d49a8efae42e78fc243b7b1f2

SHA256
16de47fd75268b23f9807262ede1469c781d000adc99b9badadeeebed7d02905

SHA512
7c15e5465777e220b7658a1f4ea4bbcb027f5a5d3c2ed809afa9317ab68a033f1422a4abfa08fe97cb125cfab794b026b2fb4006a2eb6e35f9b3b1542ea394c8

Download Submit
memory/792-78-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/792-3329-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1044-3264-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1044-50-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1804-121-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1804-3358-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2016-128-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3354-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2156-8-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2156-42-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-100-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2156-995-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2156-98-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2156-89-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-34-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-37-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-135-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-130-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-62-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-592-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-59-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-861-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-23-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-645-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-996-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-74-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2156-47-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2156-134-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1109-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2156-103-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3343-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2272-83-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2432-20-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3100-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3142-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2560-35-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3265-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-43-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3098-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2740-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2792-19-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3074-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3102-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2912-28-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download