cobaltstrike | 661fb8bee06962e4472c2065df334916b133d260e583f3b1de37abc5a7eb829c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

1eadd8aa4c2d26e1c1e9b16320094e7c
SHA1

d6e101701b0d90ceceb3384a2629443643eef7eb
SHA256

661fb8bee06962e4472c2065df334916b133d260e583f3b1de37abc5a7eb829c
SHA512

4105721bc47e186db7261cc26fe01590683b91922ad1aeaf70aa383e6befc7d339f61c120d6171b5411b95a3328480592b76d9ed2aef43fdd269a79a199a2516
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUk:T+q56utgpPF8u/7k

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2104-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-6.dat	xmrig
behavioral1/files/0x0008000000015d6e-11.dat	xmrig
behavioral1/files/0x0008000000015d7e-10.dat	xmrig
behavioral1/files/0x0007000000015da7-34.dat	xmrig
behavioral1/memory/2748-18-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d87-16.dat	xmrig
behavioral1/memory/2680-29-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d8f-24.dat	xmrig
behavioral1/files/0x0007000000015d9a-56.dat	xmrig
behavioral1/files/0x0006000000016dd1-82.dat	xmrig
behavioral1/files/0x0006000000016d9a-75.dat	xmrig
behavioral1/files/0x0006000000016d46-68.dat	xmrig
behavioral1/memory/2684-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cfc-61.dat	xmrig
behavioral1/files/0x0006000000016d36-59.dat	xmrig
behavioral1/files/0x0006000000016d25-54.dat	xmrig
behavioral1/files/0x0006000000016c84-50.dat	xmrig
behavioral1/files/0x0006000000016cd1-47.dat	xmrig
behavioral1/files/0x0009000000015e18-39.dat	xmrig
behavioral1/memory/2104-46-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2800-38-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000018687-148.dat	xmrig
behavioral1/memory/2104-1037-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2748-1325-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2588-208-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2540-191-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c26-180.dat	xmrig
behavioral1/files/0x0006000000018f53-177.dat	xmrig
behavioral1/files/0x0005000000018792-172.dat	xmrig
behavioral1/files/0x0006000000018c1a-169.dat	xmrig
behavioral1/memory/2952-164-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x000d00000001866e-158.dat	xmrig
behavioral1/files/0x0006000000017525-157.dat	xmrig
behavioral1/files/0x0006000000016d3e-154.dat	xmrig
behavioral1/memory/2636-153-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0014000000018663-139.dat	xmrig
behavioral1/files/0x000600000001706d-133.dat	xmrig
behavioral1/files/0x0006000000016ea4-132.dat	xmrig
behavioral1/files/0x00060000000174a2-129.dat	xmrig
behavioral1/files/0x0006000000017472-122.dat	xmrig
behavioral1/files/0x00060000000173f4-115.dat	xmrig
behavioral1/memory/2140-109-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173da-105.dat	xmrig
behavioral1/files/0x0006000000016eca-98.dat	xmrig
behavioral1/files/0x0006000000016dd7-87.dat	xmrig
behavioral1/files/0x0006000000016dbe-78.dat	xmrig
behavioral1/files/0x0006000000016d96-71.dat	xmrig
behavioral1/memory/2772-211-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2104-168-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-146.dat	xmrig
behavioral1/files/0x00060000000173fc-145.dat	xmrig
behavioral1/files/0x00060000000173f1-138.dat	xmrig
behavioral1/memory/2772-3868-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2588-3869-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2140-3870-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2684-3871-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2800-3873-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2748-3875-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2952-3874-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2540-3895-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2680-3894-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2636-3872-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	rLVHXcd.exe
2680	XwZkpXV.exe
2800	CyZqgmu.exe
2684	Jicpuzs.exe
2140	RdiBauD.exe
2636	dDScOxk.exe
2588	FubTpxi.exe
2772	pupCEqZ.exe
2952	irCjwon.exe
2540	GFgTiYI.exe
484	iEodLCP.exe
1488	pqowJCH.exe
2804	NtoVHQF.exe
2924	rpBFpbo.exe
2984	mzdqMdp.exe
304	HjRULHG.exe
2620	souvVzZ.exe
1688	jWVtevE.exe
2500	ntTVNqE.exe
584	eqUIRoL.exe
2832	kxQLKkw.exe
856	msrcBBu.exe
3064	dTjQSWt.exe
2188	gYlnZxs.exe
1012	gnOyDcv.exe
2268	oZyGTJH.exe
1056	raSASny.exe
1572	DfrOSaj.exe
956	XxwPWzB.exe
2044	zYhLRfj.exe
944	yeFhiVa.exe
2248	xJxrcbv.exe
556	QsKJyJm.exe
568	suCoSnl.exe
2880	BjcdAdy.exe
1956	gSORqWD.exe
2820	ZRTJldX.exe
2436	vZtdsCg.exe
2644	HWvvPYf.exe
1952	wrETWuz.exe
2364	DQnOhpt.exe
716	rKUzvHB.exe
1796	olhvcLk.exe
1080	CjHTDnO.exe
1712	zeATOlU.exe
2876	UemDkxO.exe
2412	zZwawSa.exe
300	RLTkNnn.exe
664	UAwHvbL.exe
960	wEBLMHW.exe
1584	URZriiR.exe
1660	PmNtVyz.exe
1676	PhbKfqN.exe
2668	yVbfddu.exe
1384	eHWNFta.exe
1352	YJPPXIO.exe
1464	FWKhIiW.exe
1092	XLdcSrw.exe
1408	VrQWTGe.exe
2252	czVRwJa.exe
828	yNmmwln.exe
2108	tCtctMM.exe
2524	mhGwHLO.exe
536	AWNogRo.exe

Loads dropped DLL 64 IoCs

pid	Process
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0007000000012119-6.dat	upx
behavioral1/files/0x0008000000015d6e-11.dat	upx
behavioral1/files/0x0008000000015d7e-10.dat	upx
behavioral1/files/0x0007000000015da7-34.dat	upx
behavioral1/memory/2748-18-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0007000000015d87-16.dat	upx
behavioral1/memory/2680-29-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0007000000015d8f-24.dat	upx
behavioral1/files/0x0007000000015d9a-56.dat	upx
behavioral1/files/0x0006000000016dd1-82.dat	upx
behavioral1/files/0x0006000000016d9a-75.dat	upx
behavioral1/files/0x0006000000016d46-68.dat	upx
behavioral1/memory/2684-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0006000000016cfc-61.dat	upx
behavioral1/files/0x0006000000016d36-59.dat	upx
behavioral1/files/0x0006000000016d25-54.dat	upx
behavioral1/files/0x0006000000016c84-50.dat	upx
behavioral1/files/0x0006000000016cd1-47.dat	upx
behavioral1/files/0x0009000000015e18-39.dat	upx
behavioral1/memory/2800-38-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000018687-148.dat	upx
behavioral1/memory/2104-1037-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2748-1325-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2588-208-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2540-191-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0006000000018c26-180.dat	upx
behavioral1/files/0x0006000000018f53-177.dat	upx
behavioral1/files/0x0005000000018792-172.dat	upx
behavioral1/files/0x0006000000018c1a-169.dat	upx
behavioral1/memory/2952-164-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x000d00000001866e-158.dat	upx
behavioral1/files/0x0006000000017525-157.dat	upx
behavioral1/files/0x0006000000016d3e-154.dat	upx
behavioral1/memory/2636-153-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0014000000018663-139.dat	upx
behavioral1/files/0x000600000001706d-133.dat	upx
behavioral1/files/0x0006000000016ea4-132.dat	upx
behavioral1/files/0x00060000000174a2-129.dat	upx
behavioral1/files/0x0006000000017472-122.dat	upx
behavioral1/files/0x00060000000173f4-115.dat	upx
behavioral1/memory/2140-109-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x00060000000173da-105.dat	upx
behavioral1/files/0x0006000000016eca-98.dat	upx
behavioral1/files/0x0006000000016dd7-87.dat	upx
behavioral1/files/0x0006000000016dbe-78.dat	upx
behavioral1/files/0x0006000000016d96-71.dat	upx
behavioral1/memory/2772-211-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0006000000017487-146.dat	upx
behavioral1/files/0x00060000000173fc-145.dat	upx
behavioral1/files/0x00060000000173f1-138.dat	upx
behavioral1/memory/2772-3868-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2588-3869-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2140-3870-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2684-3871-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2800-3873-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2748-3875-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2952-3874-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2540-3895-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2680-3894-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2636-3872-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qLlyFvd.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CuzIDmQ.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LKnyKHi.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uCESpUL.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uSVrcHN.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eTmhSKu.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xEuSAzo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aemFyKp.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xcKzlhp.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PhieVqE.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xEKdUeg.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yrJsXaA.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JroPlWZ.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RXmRBmj.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RjHKbqb.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KOzmsAY.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZSTlFHh.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WfRMswN.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AyBNeOw.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OengnDk.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CSYaEtj.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GlZasXQ.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OizDtTo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LAjeTXP.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GKXCnga.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UYhVKap.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vmITSYs.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FCEcXTb.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KOiGOrg.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pMvHUJn.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\thLydlJ.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IOLrzOP.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ohQZlBo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rHTdsjE.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PkTrqme.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KEwCGjL.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LQRVDsr.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VNNUbHB.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qFjNnlC.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qCLYnSi.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ceENPPs.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bWxqoyW.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UJDhlGo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tnDmAsr.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YAUexdN.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rpBFpbo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bFPPHQh.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FeEnDJC.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CwWPPlz.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HolAYJD.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iEkxEtP.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DrDGped.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kheYZcA.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nlzevvu.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TeYCIQY.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pTYTXWP.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yaXftix.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nTtBpYW.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XGMpYst.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PcKYfYN.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vGMmEge.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wZtNOfo.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mfqEmuG.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ukwkgzz.exe	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2748	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2104 wrote to memory of 2748	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2104 wrote to memory of 2748	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	31
PID 2104 wrote to memory of 2680	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2104 wrote to memory of 2680	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2104 wrote to memory of 2680	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 2104 wrote to memory of 2800	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2104 wrote to memory of 2800	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2104 wrote to memory of 2800	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 2104 wrote to memory of 2140	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2104 wrote to memory of 2140	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2104 wrote to memory of 2140	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 2104 wrote to memory of 2684	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2104 wrote to memory of 2684	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2104 wrote to memory of 2684	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 2104 wrote to memory of 2772	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2104 wrote to memory of 2772	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2104 wrote to memory of 2772	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 2104 wrote to memory of 2636	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2104 wrote to memory of 2636	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2104 wrote to memory of 2636	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 2104 wrote to memory of 2540	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2104 wrote to memory of 2540	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2104 wrote to memory of 2540	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 2104 wrote to memory of 2588	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2104 wrote to memory of 2588	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2104 wrote to memory of 2588	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 2104 wrote to memory of 2984	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2104 wrote to memory of 2984	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2104 wrote to memory of 2984	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 2104 wrote to memory of 2952	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2104 wrote to memory of 2952	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2104 wrote to memory of 2952	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 2104 wrote to memory of 304	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2104 wrote to memory of 304	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2104 wrote to memory of 304	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 2104 wrote to memory of 484	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2104 wrote to memory of 484	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2104 wrote to memory of 484	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 2104 wrote to memory of 856	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2104 wrote to memory of 856	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2104 wrote to memory of 856	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 2104 wrote to memory of 1488	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2104 wrote to memory of 1488	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2104 wrote to memory of 1488	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 2104 wrote to memory of 1956	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2104 wrote to memory of 1956	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2104 wrote to memory of 1956	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 2104 wrote to memory of 2804	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2104 wrote to memory of 2804	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2104 wrote to memory of 2804	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 2104 wrote to memory of 2820	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2104 wrote to memory of 2820	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2104 wrote to memory of 2820	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 2104 wrote to memory of 2924	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2104 wrote to memory of 2924	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2104 wrote to memory of 2924	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 2104 wrote to memory of 2436	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2104 wrote to memory of 2436	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2104 wrote to memory of 2436	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 2104 wrote to memory of 2620	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2104 wrote to memory of 2620	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2104 wrote to memory of 2620	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 2104 wrote to memory of 1952	2104	2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_1eadd8aa4c2d26e1c1e9b16320094e7c_amadey_cobalt-strike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\System\rLVHXcd.exe
  C:\Windows\System\rLVHXcd.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\XwZkpXV.exe
  C:\Windows\System\XwZkpXV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\CyZqgmu.exe
  C:\Windows\System\CyZqgmu.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\RdiBauD.exe
  C:\Windows\System\RdiBauD.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\Jicpuzs.exe
  C:\Windows\System\Jicpuzs.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\pupCEqZ.exe
  C:\Windows\System\pupCEqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\dDScOxk.exe
  C:\Windows\System\dDScOxk.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\GFgTiYI.exe
  C:\Windows\System\GFgTiYI.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\FubTpxi.exe
  C:\Windows\System\FubTpxi.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\mzdqMdp.exe
  C:\Windows\System\mzdqMdp.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\irCjwon.exe
  C:\Windows\System\irCjwon.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\HjRULHG.exe
  C:\Windows\System\HjRULHG.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\iEodLCP.exe
  C:\Windows\System\iEodLCP.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\msrcBBu.exe
  C:\Windows\System\msrcBBu.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\pqowJCH.exe
  C:\Windows\System\pqowJCH.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\gSORqWD.exe
  C:\Windows\System\gSORqWD.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\NtoVHQF.exe
  C:\Windows\System\NtoVHQF.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ZRTJldX.exe
  C:\Windows\System\ZRTJldX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\rpBFpbo.exe
  C:\Windows\System\rpBFpbo.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vZtdsCg.exe
  C:\Windows\System\vZtdsCg.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\souvVzZ.exe
  C:\Windows\System\souvVzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\wrETWuz.exe
  C:\Windows\System\wrETWuz.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\jWVtevE.exe
  C:\Windows\System\jWVtevE.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\DQnOhpt.exe
  C:\Windows\System\DQnOhpt.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\ntTVNqE.exe
  C:\Windows\System\ntTVNqE.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\olhvcLk.exe
  C:\Windows\System\olhvcLk.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\eqUIRoL.exe
  C:\Windows\System\eqUIRoL.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\CjHTDnO.exe
  C:\Windows\System\CjHTDnO.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\kxQLKkw.exe
  C:\Windows\System\kxQLKkw.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\UemDkxO.exe
  C:\Windows\System\UemDkxO.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\dTjQSWt.exe
  C:\Windows\System\dTjQSWt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\zZwawSa.exe
  C:\Windows\System\zZwawSa.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gYlnZxs.exe
  C:\Windows\System\gYlnZxs.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\UAwHvbL.exe
  C:\Windows\System\UAwHvbL.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\gnOyDcv.exe
  C:\Windows\System\gnOyDcv.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\URZriiR.exe
  C:\Windows\System\URZriiR.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\oZyGTJH.exe
  C:\Windows\System\oZyGTJH.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\PmNtVyz.exe
  C:\Windows\System\PmNtVyz.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\raSASny.exe
  C:\Windows\System\raSASny.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\PhbKfqN.exe
  C:\Windows\System\PhbKfqN.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\DfrOSaj.exe
  C:\Windows\System\DfrOSaj.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\eHWNFta.exe
  C:\Windows\System\eHWNFta.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\XxwPWzB.exe
  C:\Windows\System\XxwPWzB.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\YJPPXIO.exe
  C:\Windows\System\YJPPXIO.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\zYhLRfj.exe
  C:\Windows\System\zYhLRfj.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\FWKhIiW.exe
  C:\Windows\System\FWKhIiW.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\yeFhiVa.exe
  C:\Windows\System\yeFhiVa.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VrQWTGe.exe
  C:\Windows\System\VrQWTGe.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\xJxrcbv.exe
  C:\Windows\System\xJxrcbv.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\czVRwJa.exe
  C:\Windows\System\czVRwJa.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\QsKJyJm.exe
  C:\Windows\System\QsKJyJm.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\yNmmwln.exe
  C:\Windows\System\yNmmwln.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\suCoSnl.exe
  C:\Windows\System\suCoSnl.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\tCtctMM.exe
  C:\Windows\System\tCtctMM.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\BjcdAdy.exe
  C:\Windows\System\BjcdAdy.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\mhGwHLO.exe
  C:\Windows\System\mhGwHLO.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\HWvvPYf.exe
  C:\Windows\System\HWvvPYf.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\AWNogRo.exe
  C:\Windows\System\AWNogRo.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\rKUzvHB.exe
  C:\Windows\System\rKUzvHB.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\gUZgoub.exe
  C:\Windows\System\gUZgoub.exe
  2⤵
  PID:2488
- C:\Windows\System\zeATOlU.exe
  C:\Windows\System\zeATOlU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\OFUgavq.exe
  C:\Windows\System\OFUgavq.exe
  2⤵
  PID:2460
- C:\Windows\System\RLTkNnn.exe
  C:\Windows\System\RLTkNnn.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\iKImLEi.exe
  C:\Windows\System\iKImLEi.exe
  2⤵
  PID:2328
- C:\Windows\System\wEBLMHW.exe
  C:\Windows\System\wEBLMHW.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\eITPpIY.exe
  C:\Windows\System\eITPpIY.exe
  2⤵
  PID:604
- C:\Windows\System\yVbfddu.exe
  C:\Windows\System\yVbfddu.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\WsRHIOG.exe
  C:\Windows\System\WsRHIOG.exe
  2⤵
  PID:1704
- C:\Windows\System\XLdcSrw.exe
  C:\Windows\System\XLdcSrw.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\UGFRnbF.exe
  C:\Windows\System\UGFRnbF.exe
  2⤵
  PID:3148
- C:\Windows\System\XbqjiUX.exe
  C:\Windows\System\XbqjiUX.exe
  2⤵
  PID:3212
- C:\Windows\System\eGtBiWS.exe
  C:\Windows\System\eGtBiWS.exe
  2⤵
  PID:3228
- C:\Windows\System\UNoMNrl.exe
  C:\Windows\System\UNoMNrl.exe
  2⤵
  PID:3244
- C:\Windows\System\wvprmYX.exe
  C:\Windows\System\wvprmYX.exe
  2⤵
  PID:3260
- C:\Windows\System\hndAnux.exe
  C:\Windows\System\hndAnux.exe
  2⤵
  PID:3276
- C:\Windows\System\TJchjgf.exe
  C:\Windows\System\TJchjgf.exe
  2⤵
  PID:3292
- C:\Windows\System\lxNXHhh.exe
  C:\Windows\System\lxNXHhh.exe
  2⤵
  PID:3320
- C:\Windows\System\kIWcxwD.exe
  C:\Windows\System\kIWcxwD.exe
  2⤵
  PID:3340
- C:\Windows\System\MheOuKO.exe
  C:\Windows\System\MheOuKO.exe
  2⤵
  PID:3372
- C:\Windows\System\AFitxpt.exe
  C:\Windows\System\AFitxpt.exe
  2⤵
  PID:3392
- C:\Windows\System\ZLNTDou.exe
  C:\Windows\System\ZLNTDou.exe
  2⤵
  PID:3412
- C:\Windows\System\CPJyyIN.exe
  C:\Windows\System\CPJyyIN.exe
  2⤵
  PID:3428
- C:\Windows\System\PmhnYuh.exe
  C:\Windows\System\PmhnYuh.exe
  2⤵
  PID:3444
- C:\Windows\System\hPvfeNO.exe
  C:\Windows\System\hPvfeNO.exe
  2⤵
  PID:3460
- C:\Windows\System\zNvLYwX.exe
  C:\Windows\System\zNvLYwX.exe
  2⤵
  PID:3480
- C:\Windows\System\DPyHLQb.exe
  C:\Windows\System\DPyHLQb.exe
  2⤵
  PID:3500
- C:\Windows\System\qIkHVAR.exe
  C:\Windows\System\qIkHVAR.exe
  2⤵
  PID:3516
- C:\Windows\System\qGZjRlN.exe
  C:\Windows\System\qGZjRlN.exe
  2⤵
  PID:3536
- C:\Windows\System\YBSZNyE.exe
  C:\Windows\System\YBSZNyE.exe
  2⤵
  PID:3556
- C:\Windows\System\lDnvYFu.exe
  C:\Windows\System\lDnvYFu.exe
  2⤵
  PID:3572
- C:\Windows\System\vAJkKku.exe
  C:\Windows\System\vAJkKku.exe
  2⤵
  PID:3588
- C:\Windows\System\XatLHOt.exe
  C:\Windows\System\XatLHOt.exe
  2⤵
  PID:3604
- C:\Windows\System\ZfCfHso.exe
  C:\Windows\System\ZfCfHso.exe
  2⤵
  PID:3620
- C:\Windows\System\SnZhILA.exe
  C:\Windows\System\SnZhILA.exe
  2⤵
  PID:3636
- C:\Windows\System\hPwwtrZ.exe
  C:\Windows\System\hPwwtrZ.exe
  2⤵
  PID:3652
- C:\Windows\System\dBYvQlW.exe
  C:\Windows\System\dBYvQlW.exe
  2⤵
  PID:3668
- C:\Windows\System\aZmsdQs.exe
  C:\Windows\System\aZmsdQs.exe
  2⤵
  PID:3684
- C:\Windows\System\hppMDOK.exe
  C:\Windows\System\hppMDOK.exe
  2⤵
  PID:3700
- C:\Windows\System\GKXCnga.exe
  C:\Windows\System\GKXCnga.exe
  2⤵
  PID:3716
- C:\Windows\System\XTCDnvb.exe
  C:\Windows\System\XTCDnvb.exe
  2⤵
  PID:3732
- C:\Windows\System\OkQyExB.exe
  C:\Windows\System\OkQyExB.exe
  2⤵
  PID:3748
- C:\Windows\System\UKaaCgu.exe
  C:\Windows\System\UKaaCgu.exe
  2⤵
  PID:3768
- C:\Windows\System\BPiGWsG.exe
  C:\Windows\System\BPiGWsG.exe
  2⤵
  PID:3784
- C:\Windows\System\CqnofJu.exe
  C:\Windows\System\CqnofJu.exe
  2⤵
  PID:3800
- C:\Windows\System\qbfEjeT.exe
  C:\Windows\System\qbfEjeT.exe
  2⤵
  PID:3816
- C:\Windows\System\glYXBUi.exe
  C:\Windows\System\glYXBUi.exe
  2⤵
  PID:3832
- C:\Windows\System\WTNNPYq.exe
  C:\Windows\System\WTNNPYq.exe
  2⤵
  PID:3848
- C:\Windows\System\zgWEbDs.exe
  C:\Windows\System\zgWEbDs.exe
  2⤵
  PID:3864
- C:\Windows\System\lplQdzJ.exe
  C:\Windows\System\lplQdzJ.exe
  2⤵
  PID:3880
- C:\Windows\System\znZFhkA.exe
  C:\Windows\System\znZFhkA.exe
  2⤵
  PID:3896
- C:\Windows\System\PhieVqE.exe
  C:\Windows\System\PhieVqE.exe
  2⤵
  PID:3912
- C:\Windows\System\GNqLcFf.exe
  C:\Windows\System\GNqLcFf.exe
  2⤵
  PID:3928
- C:\Windows\System\CflaqXP.exe
  C:\Windows\System\CflaqXP.exe
  2⤵
  PID:3944
- C:\Windows\System\oVfNZyI.exe
  C:\Windows\System\oVfNZyI.exe
  2⤵
  PID:3960
- C:\Windows\System\yKxhNhH.exe
  C:\Windows\System\yKxhNhH.exe
  2⤵
  PID:3976
- C:\Windows\System\KOzmsAY.exe
  C:\Windows\System\KOzmsAY.exe
  2⤵
  PID:3992
- C:\Windows\System\cpARHTE.exe
  C:\Windows\System\cpARHTE.exe
  2⤵
  PID:4008
- C:\Windows\System\OGZKpTb.exe
  C:\Windows\System\OGZKpTb.exe
  2⤵
  PID:4024
- C:\Windows\System\PSfKgUw.exe
  C:\Windows\System\PSfKgUw.exe
  2⤵
  PID:4040
- C:\Windows\System\fcvznor.exe
  C:\Windows\System\fcvznor.exe
  2⤵
  PID:4064
- C:\Windows\System\TMCPjHs.exe
  C:\Windows\System\TMCPjHs.exe
  2⤵
  PID:4080
- C:\Windows\System\irAlCKs.exe
  C:\Windows\System\irAlCKs.exe
  2⤵
  PID:1812
- C:\Windows\System\eWykRLp.exe
  C:\Windows\System\eWykRLp.exe
  2⤵
  PID:1924
- C:\Windows\System\RMvccDD.exe
  C:\Windows\System\RMvccDD.exe
  2⤵
  PID:800
- C:\Windows\System\XNqyyyx.exe
  C:\Windows\System\XNqyyyx.exe
  2⤵
  PID:1860
- C:\Windows\System\oYyCOrF.exe
  C:\Windows\System\oYyCOrF.exe
  2⤵
  PID:884
- C:\Windows\System\DeSamgi.exe
  C:\Windows\System\DeSamgi.exe
  2⤵
  PID:1632
- C:\Windows\System\kURgYfs.exe
  C:\Windows\System\kURgYfs.exe
  2⤵
  PID:2836
- C:\Windows\System\DNRqSGF.exe
  C:\Windows\System\DNRqSGF.exe
  2⤵
  PID:760
- C:\Windows\System\OFLvQBC.exe
  C:\Windows\System\OFLvQBC.exe
  2⤵
  PID:1988
- C:\Windows\System\nfrutzB.exe
  C:\Windows\System\nfrutzB.exe
  2⤵
  PID:2892
- C:\Windows\System\OengnDk.exe
  C:\Windows\System\OengnDk.exe
  2⤵
  PID:1716
- C:\Windows\System\ytthcqo.exe
  C:\Windows\System\ytthcqo.exe
  2⤵
  PID:1744
- C:\Windows\System\ytxsWxq.exe
  C:\Windows\System\ytxsWxq.exe
  2⤵
  PID:1784
- C:\Windows\System\oOGSrgk.exe
  C:\Windows\System\oOGSrgk.exe
  2⤵
  PID:796
- C:\Windows\System\UMAChbn.exe
  C:\Windows\System\UMAChbn.exe
  2⤵
  PID:2716
- C:\Windows\System\IqExOmV.exe
  C:\Windows\System\IqExOmV.exe
  2⤵
  PID:3156
- C:\Windows\System\TnHRsGJ.exe
  C:\Windows\System\TnHRsGJ.exe
  2⤵
  PID:3172
- C:\Windows\System\cqnyRHf.exe
  C:\Windows\System\cqnyRHf.exe
  2⤵
  PID:3188
- C:\Windows\System\uFPaEli.exe
  C:\Windows\System\uFPaEli.exe
  2⤵
  PID:3224
- C:\Windows\System\mmFqOqb.exe
  C:\Windows\System\mmFqOqb.exe
  2⤵
  PID:3420
- C:\Windows\System\VHqHPlt.exe
  C:\Windows\System\VHqHPlt.exe
  2⤵
  PID:3488
- C:\Windows\System\LXJogTs.exe
  C:\Windows\System\LXJogTs.exe
  2⤵
  PID:3528
- C:\Windows\System\OedHYKs.exe
  C:\Windows\System\OedHYKs.exe
  2⤵
  PID:3596
- C:\Windows\System\EczMkIB.exe
  C:\Windows\System\EczMkIB.exe
  2⤵
  PID:3692
- C:\Windows\System\FhGoGuH.exe
  C:\Windows\System\FhGoGuH.exe
  2⤵
  PID:3792
- C:\Windows\System\pUjmovp.exe
  C:\Windows\System\pUjmovp.exe
  2⤵
  PID:3856
- C:\Windows\System\ffmsWZq.exe
  C:\Windows\System\ffmsWZq.exe
  2⤵
  PID:3408
- C:\Windows\System\nTNtGXx.exe
  C:\Windows\System\nTNtGXx.exe
  2⤵
  PID:3988
- C:\Windows\System\lbvEKLl.exe
  C:\Windows\System\lbvEKLl.exe
  2⤵
  PID:4052
- C:\Windows\System\oAngtas.exe
  C:\Windows\System\oAngtas.exe
  2⤵
  PID:4088
- C:\Windows\System\xxMxBLa.exe
  C:\Windows\System\xxMxBLa.exe
  2⤵
  PID:288
- C:\Windows\System\UYeRVbr.exe
  C:\Windows\System\UYeRVbr.exe
  2⤵
  PID:3308
- C:\Windows\System\MNLEjuY.exe
  C:\Windows\System\MNLEjuY.exe
  2⤵
  PID:2512
- C:\Windows\System\qxMqpkk.exe
  C:\Windows\System\qxMqpkk.exe
  2⤵
  PID:3020
- C:\Windows\System\vYLLneu.exe
  C:\Windows\System\vYLLneu.exe
  2⤵
  PID:3368
- C:\Windows\System\YlesXvR.exe
  C:\Windows\System\YlesXvR.exe
  2⤵
  PID:1944
- C:\Windows\System\gsrktiQ.exe
  C:\Windows\System\gsrktiQ.exe
  2⤵
  PID:3404
- C:\Windows\System\XqRhhKb.exe
  C:\Windows\System\XqRhhKb.exe
  2⤵
  PID:1216
- C:\Windows\System\ceKiyYb.exe
  C:\Windows\System\ceKiyYb.exe
  2⤵
  PID:2400
- C:\Windows\System\rgoOmgO.exe
  C:\Windows\System\rgoOmgO.exe
  2⤵
  PID:4072
- C:\Windows\System\QqpjVkl.exe
  C:\Windows\System\QqpjVkl.exe
  2⤵
  PID:4000
- C:\Windows\System\ahGzTvK.exe
  C:\Windows\System\ahGzTvK.exe
  2⤵
  PID:3872
- C:\Windows\System\wACeMsQ.exe
  C:\Windows\System\wACeMsQ.exe
  2⤵
  PID:3780
- C:\Windows\System\ukwkgzz.exe
  C:\Windows\System\ukwkgzz.exe
  2⤵
  PID:3708
- C:\Windows\System\kswvgWm.exe
  C:\Windows\System\kswvgWm.exe
  2⤵
  PID:3616
- C:\Windows\System\xEKdUeg.exe
  C:\Windows\System\xEKdUeg.exe
  2⤵
  PID:3544
- C:\Windows\System\xLynxfk.exe
  C:\Windows\System\xLynxfk.exe
  2⤵
  PID:3440
- C:\Windows\System\ZSTlFHh.exe
  C:\Windows\System\ZSTlFHh.exe
  2⤵
  PID:1612
- C:\Windows\System\YLrJExe.exe
  C:\Windows\System\YLrJExe.exe
  2⤵
  PID:2128
- C:\Windows\System\HBTsCAq.exe
  C:\Windows\System\HBTsCAq.exe
  2⤵
  PID:1640
- C:\Windows\System\GhVopDQ.exe
  C:\Windows\System\GhVopDQ.exe
  2⤵
  PID:2708
- C:\Windows\System\UHAaXJG.exe
  C:\Windows\System\UHAaXJG.exe
  2⤵
  PID:2220
- C:\Windows\System\nHZQzXM.exe
  C:\Windows\System\nHZQzXM.exe
  2⤵
  PID:1200
- C:\Windows\System\MmHWOTl.exe
  C:\Windows\System\MmHWOTl.exe
  2⤵
  PID:1792
- C:\Windows\System\kLlFACb.exe
  C:\Windows\System\kLlFACb.exe
  2⤵
  PID:2176
- C:\Windows\System\vvEldMx.exe
  C:\Windows\System\vvEldMx.exe
  2⤵
  PID:2272
- C:\Windows\System\ZTvygFW.exe
  C:\Windows\System\ZTvygFW.exe
  2⤵
  PID:3196
- C:\Windows\System\XsjnQMf.exe
  C:\Windows\System\XsjnQMf.exe
  2⤵
  PID:3180
- C:\Windows\System\NSwVCEj.exe
  C:\Windows\System\NSwVCEj.exe
  2⤵
  PID:3288
- C:\Windows\System\ZWAUHqx.exe
  C:\Windows\System\ZWAUHqx.exe
  2⤵
  PID:3388
- C:\Windows\System\VRFIpCY.exe
  C:\Windows\System\VRFIpCY.exe
  2⤵
  PID:3724
- C:\Windows\System\xIioAFc.exe
  C:\Windows\System\xIioAFc.exe
  2⤵
  PID:3632
- C:\Windows\System\VTVhLnn.exe
  C:\Windows\System\VTVhLnn.exe
  2⤵
  PID:3728
- C:\Windows\System\eUSHkms.exe
  C:\Windows\System\eUSHkms.exe
  2⤵
  PID:4020
- C:\Windows\System\xzVryxU.exe
  C:\Windows\System\xzVryxU.exe
  2⤵
  PID:316
- C:\Windows\System\JWuuuGW.exe
  C:\Windows\System\JWuuuGW.exe
  2⤵
  PID:3268
- C:\Windows\System\kwxvRBF.exe
  C:\Windows\System\kwxvRBF.exe
  2⤵
  PID:3356
- C:\Windows\System\wUByqOh.exe
  C:\Windows\System\wUByqOh.exe
  2⤵
  PID:1372
- C:\Windows\System\pOpIsca.exe
  C:\Windows\System\pOpIsca.exe
  2⤵
  PID:3956
- C:\Windows\System\DIxwVvX.exe
  C:\Windows\System\DIxwVvX.exe
  2⤵
  PID:376
- C:\Windows\System\ojpAHQX.exe
  C:\Windows\System\ojpAHQX.exe
  2⤵
  PID:3552
- C:\Windows\System\qzwtuuq.exe
  C:\Windows\System\qzwtuuq.exe
  2⤵
  PID:4032
- C:\Windows\System\nrCtqvB.exe
  C:\Windows\System\nrCtqvB.exe
  2⤵
  PID:3812
- C:\Windows\System\qLlyFvd.exe
  C:\Windows\System\qLlyFvd.exe
  2⤵
  PID:2156
- C:\Windows\System\layWvsf.exe
  C:\Windows\System\layWvsf.exe
  2⤵
  PID:3476
- C:\Windows\System\afKLOMo.exe
  C:\Windows\System\afKLOMo.exe
  2⤵
  PID:3908
- C:\Windows\System\oSwSzsq.exe
  C:\Windows\System\oSwSzsq.exe
  2⤵
  PID:1776
- C:\Windows\System\IkGgZMX.exe
  C:\Windows\System\IkGgZMX.exe
  2⤵
  PID:1732
- C:\Windows\System\eCtDnet.exe
  C:\Windows\System\eCtDnet.exe
  2⤵
  PID:2940
- C:\Windows\System\GOBOJVI.exe
  C:\Windows\System\GOBOJVI.exe
  2⤵
  PID:2576
- C:\Windows\System\HIspsyz.exe
  C:\Windows\System\HIspsyz.exe
  2⤵
  PID:4104
- C:\Windows\System\lHWOWGS.exe
  C:\Windows\System\lHWOWGS.exe
  2⤵
  PID:4124
- C:\Windows\System\EAqebfM.exe
  C:\Windows\System\EAqebfM.exe
  2⤵
  PID:4144
- C:\Windows\System\XIfbcdo.exe
  C:\Windows\System\XIfbcdo.exe
  2⤵
  PID:4160
- C:\Windows\System\FQZOmCe.exe
  C:\Windows\System\FQZOmCe.exe
  2⤵
  PID:4176
- C:\Windows\System\BXIeXhf.exe
  C:\Windows\System\BXIeXhf.exe
  2⤵
  PID:4192
- C:\Windows\System\FyyKdPu.exe
  C:\Windows\System\FyyKdPu.exe
  2⤵
  PID:4208
- C:\Windows\System\LcxlZFj.exe
  C:\Windows\System\LcxlZFj.exe
  2⤵
  PID:4224
- C:\Windows\System\EwOUcax.exe
  C:\Windows\System\EwOUcax.exe
  2⤵
  PID:4240
- C:\Windows\System\HfQXiHW.exe
  C:\Windows\System\HfQXiHW.exe
  2⤵
  PID:4256
- C:\Windows\System\UCNdWaV.exe
  C:\Windows\System\UCNdWaV.exe
  2⤵
  PID:4272
- C:\Windows\System\lpSRIpb.exe
  C:\Windows\System\lpSRIpb.exe
  2⤵
  PID:4288
- C:\Windows\System\uoFkxbN.exe
  C:\Windows\System\uoFkxbN.exe
  2⤵
  PID:4304
- C:\Windows\System\JXvJuhR.exe
  C:\Windows\System\JXvJuhR.exe
  2⤵
  PID:4320
- C:\Windows\System\KYCycUz.exe
  C:\Windows\System\KYCycUz.exe
  2⤵
  PID:4336
- C:\Windows\System\jmFIHQP.exe
  C:\Windows\System\jmFIHQP.exe
  2⤵
  PID:4352
- C:\Windows\System\blJrhpa.exe
  C:\Windows\System\blJrhpa.exe
  2⤵
  PID:4368
- C:\Windows\System\CAZhYqK.exe
  C:\Windows\System\CAZhYqK.exe
  2⤵
  PID:4384
- C:\Windows\System\awRuNCA.exe
  C:\Windows\System\awRuNCA.exe
  2⤵
  PID:4400
- C:\Windows\System\jVVfKoG.exe
  C:\Windows\System\jVVfKoG.exe
  2⤵
  PID:4416
- C:\Windows\System\pfiJXVO.exe
  C:\Windows\System\pfiJXVO.exe
  2⤵
  PID:4432
- C:\Windows\System\VXCIKdj.exe
  C:\Windows\System\VXCIKdj.exe
  2⤵
  PID:4492
- C:\Windows\System\MDCXINz.exe
  C:\Windows\System\MDCXINz.exe
  2⤵
  PID:4516
- C:\Windows\System\rGWigMl.exe
  C:\Windows\System\rGWigMl.exe
  2⤵
  PID:4604
- C:\Windows\System\MQKQHok.exe
  C:\Windows\System\MQKQHok.exe
  2⤵
  PID:4620
- C:\Windows\System\fdvKyUW.exe
  C:\Windows\System\fdvKyUW.exe
  2⤵
  PID:4640
- C:\Windows\System\RjfFnpe.exe
  C:\Windows\System\RjfFnpe.exe
  2⤵
  PID:4664
- C:\Windows\System\bFPPHQh.exe
  C:\Windows\System\bFPPHQh.exe
  2⤵
  PID:4684
- C:\Windows\System\TEebslF.exe
  C:\Windows\System\TEebslF.exe
  2⤵
  PID:4704
- C:\Windows\System\duaHGtN.exe
  C:\Windows\System\duaHGtN.exe
  2⤵
  PID:4724
- C:\Windows\System\SuKTHUa.exe
  C:\Windows\System\SuKTHUa.exe
  2⤵
  PID:4744
- C:\Windows\System\iTcZsZZ.exe
  C:\Windows\System\iTcZsZZ.exe
  2⤵
  PID:4764
- C:\Windows\System\BDtWZBD.exe
  C:\Windows\System\BDtWZBD.exe
  2⤵
  PID:4784
- C:\Windows\System\Uvkkxvj.exe
  C:\Windows\System\Uvkkxvj.exe
  2⤵
  PID:4804
- C:\Windows\System\EFkAUzS.exe
  C:\Windows\System\EFkAUzS.exe
  2⤵
  PID:4824
- C:\Windows\System\QmJRdyM.exe
  C:\Windows\System\QmJRdyM.exe
  2⤵
  PID:4844
- C:\Windows\System\TacOHmp.exe
  C:\Windows\System\TacOHmp.exe
  2⤵
  PID:4864
- C:\Windows\System\fOwKHdL.exe
  C:\Windows\System\fOwKHdL.exe
  2⤵
  PID:4884
- C:\Windows\System\kvbRLxU.exe
  C:\Windows\System\kvbRLxU.exe
  2⤵
  PID:4904
- C:\Windows\System\fakwVRO.exe
  C:\Windows\System\fakwVRO.exe
  2⤵
  PID:4924
- C:\Windows\System\DedxvPM.exe
  C:\Windows\System\DedxvPM.exe
  2⤵
  PID:4944
- C:\Windows\System\QLjOhlA.exe
  C:\Windows\System\QLjOhlA.exe
  2⤵
  PID:4964
- C:\Windows\System\jAxYVBo.exe
  C:\Windows\System\jAxYVBo.exe
  2⤵
  PID:4984
- C:\Windows\System\jCGlaHl.exe
  C:\Windows\System\jCGlaHl.exe
  2⤵
  PID:5004
- C:\Windows\System\UOpqDeA.exe
  C:\Windows\System\UOpqDeA.exe
  2⤵
  PID:5024
- C:\Windows\System\uwVsSiG.exe
  C:\Windows\System\uwVsSiG.exe
  2⤵
  PID:5044
- C:\Windows\System\pqmwZto.exe
  C:\Windows\System\pqmwZto.exe
  2⤵
  PID:5064
- C:\Windows\System\xvdCipl.exe
  C:\Windows\System\xvdCipl.exe
  2⤵
  PID:5084
- C:\Windows\System\NFszCsR.exe
  C:\Windows\System\NFszCsR.exe
  2⤵
  PID:5104
- C:\Windows\System\yPgirXO.exe
  C:\Windows\System\yPgirXO.exe
  2⤵
  PID:2124
- C:\Windows\System\bpfrDME.exe
  C:\Windows\System\bpfrDME.exe
  2⤵
  PID:3568
- C:\Windows\System\mEuwgYm.exe
  C:\Windows\System\mEuwgYm.exe
  2⤵
  PID:3496
- C:\Windows\System\yaTmvhV.exe
  C:\Windows\System\yaTmvhV.exe
  2⤵
  PID:4060
- C:\Windows\System\qVEmwii.exe
  C:\Windows\System\qVEmwii.exe
  2⤵
  PID:3808
- C:\Windows\System\hCGmLZt.exe
  C:\Windows\System\hCGmLZt.exe
  2⤵
  PID:3876
- C:\Windows\System\XJwkfaN.exe
  C:\Windows\System\XJwkfaN.exe
  2⤵
  PID:2336
- C:\Windows\System\KVDkAJE.exe
  C:\Windows\System\KVDkAJE.exe
  2⤵
  PID:4140
- C:\Windows\System\dTdofGZ.exe
  C:\Windows\System\dTdofGZ.exe
  2⤵
  PID:4232
- C:\Windows\System\zhRyUyJ.exe
  C:\Windows\System\zhRyUyJ.exe
  2⤵
  PID:4300
- C:\Windows\System\naCHDYQ.exe
  C:\Windows\System\naCHDYQ.exe
  2⤵
  PID:3580
- C:\Windows\System\smggWvg.exe
  C:\Windows\System\smggWvg.exe
  2⤵
  PID:4360
- C:\Windows\System\AwuGoxx.exe
  C:\Windows\System\AwuGoxx.exe
  2⤵
  PID:4396
- C:\Windows\System\SsYnoAj.exe
  C:\Windows\System\SsYnoAj.exe
  2⤵
  PID:408
- C:\Windows\System\nUaCEFx.exe
  C:\Windows\System\nUaCEFx.exe
  2⤵
  PID:3284
- C:\Windows\System\tyPewZR.exe
  C:\Windows\System\tyPewZR.exe
  2⤵
  PID:3336
- C:\Windows\System\jLMbmQE.exe
  C:\Windows\System\jLMbmQE.exe
  2⤵
  PID:3892
- C:\Windows\System\ZtxKKuP.exe
  C:\Windows\System\ZtxKKuP.exe
  2⤵
  PID:4504
- C:\Windows\System\WPThWPG.exe
  C:\Windows\System\WPThWPG.exe
  2⤵
  PID:4448
- C:\Windows\System\sAtlyTh.exe
  C:\Windows\System\sAtlyTh.exe
  2⤵
  PID:4468
- C:\Windows\System\GabInzF.exe
  C:\Windows\System\GabInzF.exe
  2⤵
  PID:3300
- C:\Windows\System\xoRPeed.exe
  C:\Windows\System\xoRPeed.exe
  2⤵
  PID:4412
- C:\Windows\System\sqDCEbK.exe
  C:\Windows\System\sqDCEbK.exe
  2⤵
  PID:4344
- C:\Windows\System\RjHKbqb.exe
  C:\Windows\System\RjHKbqb.exe
  2⤵
  PID:4280
- C:\Windows\System\nCHtbWn.exe
  C:\Windows\System\nCHtbWn.exe
  2⤵
  PID:4184
- C:\Windows\System\YLYubbR.exe
  C:\Windows\System\YLYubbR.exe
  2⤵
  PID:2464
- C:\Windows\System\zZFSdCF.exe
  C:\Windows\System\zZFSdCF.exe
  2⤵
  PID:4512
- C:\Windows\System\uVTwxwg.exe
  C:\Windows\System\uVTwxwg.exe
  2⤵
  PID:2348
- C:\Windows\System\qBaKtAI.exe
  C:\Windows\System\qBaKtAI.exe
  2⤵
  PID:4532
- C:\Windows\System\kUmHKTM.exe
  C:\Windows\System\kUmHKTM.exe
  2⤵
  PID:4552
- C:\Windows\System\ZqZsaGO.exe
  C:\Windows\System\ZqZsaGO.exe
  2⤵
  PID:4572
- C:\Windows\System\kQNYmXo.exe
  C:\Windows\System\kQNYmXo.exe
  2⤵
  PID:4584
- C:\Windows\System\PPYuCrh.exe
  C:\Windows\System\PPYuCrh.exe
  2⤵
  PID:4616
- C:\Windows\System\AXPtYTl.exe
  C:\Windows\System\AXPtYTl.exe
  2⤵
  PID:4632
- C:\Windows\System\ANGYUoT.exe
  C:\Windows\System\ANGYUoT.exe
  2⤵
  PID:4656
- C:\Windows\System\hUprqsL.exe
  C:\Windows\System\hUprqsL.exe
  2⤵
  PID:4692
- C:\Windows\System\SPvYkUR.exe
  C:\Windows\System\SPvYkUR.exe
  2⤵
  PID:4732
- C:\Windows\System\lwpxYsE.exe
  C:\Windows\System\lwpxYsE.exe
  2⤵
  PID:4772
- C:\Windows\System\ODcHPdg.exe
  C:\Windows\System\ODcHPdg.exe
  2⤵
  PID:4812
- C:\Windows\System\RDOCovT.exe
  C:\Windows\System\RDOCovT.exe
  2⤵
  PID:4816
- C:\Windows\System\pNLHghG.exe
  C:\Windows\System\pNLHghG.exe
  2⤵
  PID:4852
- C:\Windows\System\FCEcXTb.exe
  C:\Windows\System\FCEcXTb.exe
  2⤵
  PID:4880
- C:\Windows\System\gmzEVHA.exe
  C:\Windows\System\gmzEVHA.exe
  2⤵
  PID:4912
- C:\Windows\System\BbwGRNC.exe
  C:\Windows\System\BbwGRNC.exe
  2⤵
  PID:4952
- C:\Windows\System\MQaMusj.exe
  C:\Windows\System\MQaMusj.exe
  2⤵
  PID:4992
- C:\Windows\System\ppMKkjQ.exe
  C:\Windows\System\ppMKkjQ.exe
  2⤵
  PID:5016
- C:\Windows\System\jTxpAnT.exe
  C:\Windows\System\jTxpAnT.exe
  2⤵
  PID:5052
- C:\Windows\System\fOZAevT.exe
  C:\Windows\System\fOZAevT.exe
  2⤵
  PID:5076
- C:\Windows\System\WLffegn.exe
  C:\Windows\System\WLffegn.exe
  2⤵
  PID:5112
- C:\Windows\System\NIboYky.exe
  C:\Windows\System\NIboYky.exe
  2⤵
  PID:3456
- C:\Windows\System\VRYaqZa.exe
  C:\Windows\System\VRYaqZa.exe
  2⤵
  PID:3348
- C:\Windows\System\JjYVrqx.exe
  C:\Windows\System\JjYVrqx.exe
  2⤵
  PID:1788
- C:\Windows\System\GtRJuwQ.exe
  C:\Windows\System\GtRJuwQ.exe
  2⤵
  PID:3648
- C:\Windows\System\YSLXuwh.exe
  C:\Windows\System\YSLXuwh.exe
  2⤵
  PID:3712
- C:\Windows\System\mvoOTHJ.exe
  C:\Windows\System\mvoOTHJ.exe
  2⤵
  PID:4204
- C:\Windows\System\mWOOwvG.exe
  C:\Windows\System\mWOOwvG.exe
  2⤵
  PID:4268
- C:\Windows\System\mXkoitJ.exe
  C:\Windows\System\mXkoitJ.exe
  2⤵
  PID:3548
- C:\Windows\System\dNSylCo.exe
  C:\Windows\System\dNSylCo.exe
  2⤵
  PID:4392
- C:\Windows\System\mcWDgHN.exe
  C:\Windows\System\mcWDgHN.exe
  2⤵
  PID:1740
- C:\Windows\System\CClMyDd.exe
  C:\Windows\System\CClMyDd.exe
  2⤵
  PID:1496
- C:\Windows\System\BvMxxra.exe
  C:\Windows\System\BvMxxra.exe
  2⤵
  PID:3312
- C:\Windows\System\lGZljmV.exe
  C:\Windows\System\lGZljmV.exe
  2⤵
  PID:4480
- C:\Windows\System\zopteeB.exe
  C:\Windows\System\zopteeB.exe
  2⤵
  PID:4284
- C:\Windows\System\KPJptZt.exe
  C:\Windows\System\KPJptZt.exe
  2⤵
  PID:4152
- C:\Windows\System\nMgsWHD.exe
  C:\Windows\System\nMgsWHD.exe
  2⤵
  PID:3676
- C:\Windows\System\ceJVHXq.exe
  C:\Windows\System\ceJVHXq.exe
  2⤵
  PID:4612
- C:\Windows\System\yQGkeJQ.exe
  C:\Windows\System\yQGkeJQ.exe
  2⤵
  PID:4736
- C:\Windows\System\ZVOTmrv.exe
  C:\Windows\System\ZVOTmrv.exe
  2⤵
  PID:4800
- C:\Windows\System\NULbJeD.exe
  C:\Windows\System\NULbJeD.exe
  2⤵
  PID:4892
- C:\Windows\System\ieGphrA.exe
  C:\Windows\System\ieGphrA.exe
  2⤵
  PID:4980
- C:\Windows\System\clZGdrS.exe
  C:\Windows\System\clZGdrS.exe
  2⤵
  PID:3740
- C:\Windows\System\NwRdwlI.exe
  C:\Windows\System\NwRdwlI.exe
  2⤵
  PID:444
- C:\Windows\System\CUYAlMh.exe
  C:\Windows\System\CUYAlMh.exe
  2⤵
  PID:3760
- C:\Windows\System\hysXKJh.exe
  C:\Windows\System\hysXKJh.exe
  2⤵
  PID:4580
- C:\Windows\System\CuzIDmQ.exe
  C:\Windows\System\CuzIDmQ.exe
  2⤵
  PID:4528
- C:\Windows\System\EoUpRPk.exe
  C:\Windows\System\EoUpRPk.exe
  2⤵
  PID:4568
- C:\Windows\System\ySmzQLx.exe
  C:\Windows\System\ySmzQLx.exe
  2⤵
  PID:4660
- C:\Windows\System\XoSsVVt.exe
  C:\Windows\System\XoSsVVt.exe
  2⤵
  PID:3628
- C:\Windows\System\bquiRht.exe
  C:\Windows\System\bquiRht.exe
  2⤵
  PID:3840
- C:\Windows\System\bYYtyPI.exe
  C:\Windows\System\bYYtyPI.exe
  2⤵
  PID:5072
- C:\Windows\System\SBwWZtL.exe
  C:\Windows\System\SBwWZtL.exe
  2⤵
  PID:4996
- C:\Windows\System\CKRKvho.exe
  C:\Windows\System\CKRKvho.exe
  2⤵
  PID:3968
- C:\Windows\System\VvlpGoV.exe
  C:\Windows\System\VvlpGoV.exe
  2⤵
  PID:4500
- C:\Windows\System\LXFnHNm.exe
  C:\Windows\System\LXFnHNm.exe
  2⤵
  PID:1728
- C:\Windows\System\nkSRESs.exe
  C:\Windows\System\nkSRESs.exe
  2⤵
  PID:1244
- C:\Windows\System\KOiGOrg.exe
  C:\Windows\System\KOiGOrg.exe
  2⤵
  PID:5100
- C:\Windows\System\dHRyRpY.exe
  C:\Windows\System\dHRyRpY.exe
  2⤵
  PID:4956
- C:\Windows\System\bPeFYvp.exe
  C:\Windows\System\bPeFYvp.exe
  2⤵
  PID:4840
- C:\Windows\System\ceENPPs.exe
  C:\Windows\System\ceENPPs.exe
  2⤵
  PID:3380
- C:\Windows\System\zEHqioQ.exe
  C:\Windows\System\zEHqioQ.exe
  2⤵
  PID:4444
- C:\Windows\System\rkXBYaw.exe
  C:\Windows\System\rkXBYaw.exe
  2⤵
  PID:4488
- C:\Windows\System\qcprfBE.exe
  C:\Windows\System\qcprfBE.exe
  2⤵
  PID:4348
- C:\Windows\System\dSJSIbh.exe
  C:\Windows\System\dSJSIbh.exe
  2⤵
  PID:4220
- C:\Windows\System\LRAfjWp.exe
  C:\Windows\System\LRAfjWp.exe
  2⤵
  PID:4548
- C:\Windows\System\iBxbuVe.exe
  C:\Windows\System\iBxbuVe.exe
  2⤵
  PID:4696
- C:\Windows\System\JJceTDz.exe
  C:\Windows\System\JJceTDz.exe
  2⤵
  PID:5056
- C:\Windows\System\yrJsXaA.exe
  C:\Windows\System\yrJsXaA.exe
  2⤵
  PID:5136
- C:\Windows\System\BtFzkks.exe
  C:\Windows\System\BtFzkks.exe
  2⤵
  PID:5152
- C:\Windows\System\CFsbiOY.exe
  C:\Windows\System\CFsbiOY.exe
  2⤵
  PID:5168
- C:\Windows\System\UsjALRZ.exe
  C:\Windows\System\UsjALRZ.exe
  2⤵
  PID:5184
- C:\Windows\System\WlIzIop.exe
  C:\Windows\System\WlIzIop.exe
  2⤵
  PID:5200
- C:\Windows\System\IvtZsmd.exe
  C:\Windows\System\IvtZsmd.exe
  2⤵
  PID:5216
- C:\Windows\System\pfWzLmM.exe
  C:\Windows\System\pfWzLmM.exe
  2⤵
  PID:5232
- C:\Windows\System\vGMmEge.exe
  C:\Windows\System\vGMmEge.exe
  2⤵
  PID:5248
- C:\Windows\System\cuUKRXi.exe
  C:\Windows\System\cuUKRXi.exe
  2⤵
  PID:5264
- C:\Windows\System\bWxqoyW.exe
  C:\Windows\System\bWxqoyW.exe
  2⤵
  PID:5280
- C:\Windows\System\rkaqPNC.exe
  C:\Windows\System\rkaqPNC.exe
  2⤵
  PID:5296
- C:\Windows\System\eVqtaBB.exe
  C:\Windows\System\eVqtaBB.exe
  2⤵
  PID:5312
- C:\Windows\System\ywLWbQY.exe
  C:\Windows\System\ywLWbQY.exe
  2⤵
  PID:5328
- C:\Windows\System\ktltgBG.exe
  C:\Windows\System\ktltgBG.exe
  2⤵
  PID:5344
- C:\Windows\System\zNqthJj.exe
  C:\Windows\System\zNqthJj.exe
  2⤵
  PID:5360
- C:\Windows\System\CjXcbMn.exe
  C:\Windows\System\CjXcbMn.exe
  2⤵
  PID:5376
- C:\Windows\System\KvErzIY.exe
  C:\Windows\System\KvErzIY.exe
  2⤵
  PID:5392
- C:\Windows\System\leCXCSl.exe
  C:\Windows\System\leCXCSl.exe
  2⤵
  PID:5408
- C:\Windows\System\jcOJWIZ.exe
  C:\Windows\System\jcOJWIZ.exe
  2⤵
  PID:5424
- C:\Windows\System\LHMbZKH.exe
  C:\Windows\System\LHMbZKH.exe
  2⤵
  PID:5444
- C:\Windows\System\wuiMKvu.exe
  C:\Windows\System\wuiMKvu.exe
  2⤵
  PID:5460
- C:\Windows\System\WLxOPtx.exe
  C:\Windows\System\WLxOPtx.exe
  2⤵
  PID:5476
- C:\Windows\System\MAhAtBl.exe
  C:\Windows\System\MAhAtBl.exe
  2⤵
  PID:5492
- C:\Windows\System\TXIgJag.exe
  C:\Windows\System\TXIgJag.exe
  2⤵
  PID:5508
- C:\Windows\System\FvIqazm.exe
  C:\Windows\System\FvIqazm.exe
  2⤵
  PID:5524
- C:\Windows\System\WELFusd.exe
  C:\Windows\System\WELFusd.exe
  2⤵
  PID:5544
- C:\Windows\System\SqsqJqm.exe
  C:\Windows\System\SqsqJqm.exe
  2⤵
  PID:5560
- C:\Windows\System\LglBWot.exe
  C:\Windows\System\LglBWot.exe
  2⤵
  PID:5576
- C:\Windows\System\ohQZlBo.exe
  C:\Windows\System\ohQZlBo.exe
  2⤵
  PID:5592
- C:\Windows\System\TXWrniu.exe
  C:\Windows\System\TXWrniu.exe
  2⤵
  PID:5608
- C:\Windows\System\rpZImTn.exe
  C:\Windows\System\rpZImTn.exe
  2⤵
  PID:5624
- C:\Windows\System\xWlgzxe.exe
  C:\Windows\System\xWlgzxe.exe
  2⤵
  PID:5640
- C:\Windows\System\KCPDdiw.exe
  C:\Windows\System\KCPDdiw.exe
  2⤵
  PID:5656
- C:\Windows\System\VlLkHTe.exe
  C:\Windows\System\VlLkHTe.exe
  2⤵
  PID:5672
- C:\Windows\System\uxodvBd.exe
  C:\Windows\System\uxodvBd.exe
  2⤵
  PID:5688
- C:\Windows\System\gahkbmH.exe
  C:\Windows\System\gahkbmH.exe
  2⤵
  PID:5704
- C:\Windows\System\mGKgnOq.exe
  C:\Windows\System\mGKgnOq.exe
  2⤵
  PID:5720
- C:\Windows\System\ZnLqudr.exe
  C:\Windows\System\ZnLqudr.exe
  2⤵
  PID:5740
- C:\Windows\System\wcREvtp.exe
  C:\Windows\System\wcREvtp.exe
  2⤵
  PID:5756
- C:\Windows\System\CsWkUkr.exe
  C:\Windows\System\CsWkUkr.exe
  2⤵
  PID:5772
- C:\Windows\System\QVMVGkp.exe
  C:\Windows\System\QVMVGkp.exe
  2⤵
  PID:5788
- C:\Windows\System\laPnyAX.exe
  C:\Windows\System\laPnyAX.exe
  2⤵
  PID:5804
- C:\Windows\System\tuLEiUd.exe
  C:\Windows\System\tuLEiUd.exe
  2⤵
  PID:5820
- C:\Windows\System\PakaZTS.exe
  C:\Windows\System\PakaZTS.exe
  2⤵
  PID:5840
- C:\Windows\System\oArAuNW.exe
  C:\Windows\System\oArAuNW.exe
  2⤵
  PID:5856
- C:\Windows\System\csJOcoX.exe
  C:\Windows\System\csJOcoX.exe
  2⤵
  PID:5872
- C:\Windows\System\nlzevvu.exe
  C:\Windows\System\nlzevvu.exe
  2⤵
  PID:5888
- C:\Windows\System\jTbBoLi.exe
  C:\Windows\System\jTbBoLi.exe
  2⤵
  PID:5904
- C:\Windows\System\KXmXYoO.exe
  C:\Windows\System\KXmXYoO.exe
  2⤵
  PID:5920
- C:\Windows\System\qkoZlVE.exe
  C:\Windows\System\qkoZlVE.exe
  2⤵
  PID:5936
- C:\Windows\System\SryTKAH.exe
  C:\Windows\System\SryTKAH.exe
  2⤵
  PID:5952
- C:\Windows\System\IgRRBkF.exe
  C:\Windows\System\IgRRBkF.exe
  2⤵
  PID:5968
- C:\Windows\System\GldOeeC.exe
  C:\Windows\System\GldOeeC.exe
  2⤵
  PID:5984
- C:\Windows\System\AVFiZjy.exe
  C:\Windows\System\AVFiZjy.exe
  2⤵
  PID:6012
- C:\Windows\System\IOTJiYU.exe
  C:\Windows\System\IOTJiYU.exe
  2⤵
  PID:6028
- C:\Windows\System\OIoCcgT.exe
  C:\Windows\System\OIoCcgT.exe
  2⤵
  PID:6052
- C:\Windows\System\aejfHHN.exe
  C:\Windows\System\aejfHHN.exe
  2⤵
  PID:6068
- C:\Windows\System\FWiGWPg.exe
  C:\Windows\System\FWiGWPg.exe
  2⤵
  PID:6084
- C:\Windows\System\bRWCnAm.exe
  C:\Windows\System\bRWCnAm.exe
  2⤵
  PID:6100
- C:\Windows\System\VSTCNKv.exe
  C:\Windows\System\VSTCNKv.exe
  2⤵
  PID:6116
- C:\Windows\System\XZdmxUg.exe
  C:\Windows\System\XZdmxUg.exe
  2⤵
  PID:6132
- C:\Windows\System\DWcMPum.exe
  C:\Windows\System\DWcMPum.exe
  2⤵
  PID:4676
- C:\Windows\System\mPlhvMt.exe
  C:\Windows\System\mPlhvMt.exe
  2⤵
  PID:3664
- C:\Windows\System\kKcKiOy.exe
  C:\Windows\System\kKcKiOy.exe
  2⤵
  PID:4464
- C:\Windows\System\hXpgPQn.exe
  C:\Windows\System\hXpgPQn.exe
  2⤵
  PID:4440
- C:\Windows\System\BxkiZjd.exe
  C:\Windows\System\BxkiZjd.exe
  2⤵
  PID:5012
- C:\Windows\System\ZSxHqTB.exe
  C:\Windows\System\ZSxHqTB.exe
  2⤵
  PID:5176
- C:\Windows\System\WDiMYWa.exe
  C:\Windows\System\WDiMYWa.exe
  2⤵
  PID:5240
- C:\Windows\System\FKFJYtD.exe
  C:\Windows\System\FKFJYtD.exe
  2⤵
  PID:5276
- C:\Windows\System\fSwrfnS.exe
  C:\Windows\System\fSwrfnS.exe
  2⤵
  PID:5368
- C:\Windows\System\GlgKBoS.exe
  C:\Windows\System\GlgKBoS.exe
  2⤵
  PID:2300
- C:\Windows\System\qyMjLIK.exe
  C:\Windows\System\qyMjLIK.exe
  2⤵
  PID:5632
- C:\Windows\System\sYXSixu.exe
  C:\Windows\System\sYXSixu.exe
  2⤵
  PID:5728
- C:\Windows\System\qOmoCiY.exe
  C:\Windows\System\qOmoCiY.exe
  2⤵
  PID:5832
- C:\Windows\System\znzWUah.exe
  C:\Windows\System\znzWUah.exe
  2⤵
  PID:5900
- C:\Windows\System\ySgUpiC.exe
  C:\Windows\System\ySgUpiC.exe
  2⤵
  PID:5964
- C:\Windows\System\wOHuJFT.exe
  C:\Windows\System\wOHuJFT.exe
  2⤵
  PID:6004
- C:\Windows\System\AlDDztY.exe
  C:\Windows\System\AlDDztY.exe
  2⤵
  PID:6044
- C:\Windows\System\mWzAjlt.exe
  C:\Windows\System\mWzAjlt.exe
  2⤵
  PID:4836
- C:\Windows\System\OQftasg.exe
  C:\Windows\System\OQftasg.exe
  2⤵
  PID:5212
- C:\Windows\System\SrfITjh.exe
  C:\Windows\System\SrfITjh.exe
  2⤵
  PID:5340
- C:\Windows\System\cGirgcm.exe
  C:\Windows\System\cGirgcm.exe
  2⤵
  PID:5796
- C:\Windows\System\mhhxCsj.exe
  C:\Windows\System\mhhxCsj.exe
  2⤵
  PID:5932
- C:\Windows\System\YVkkErM.exe
  C:\Windows\System\YVkkErM.exe
  2⤵
  PID:6148
- C:\Windows\System\hRHiLnP.exe
  C:\Windows\System\hRHiLnP.exe
  2⤵
  PID:6172
- C:\Windows\System\ZgdzsoS.exe
  C:\Windows\System\ZgdzsoS.exe
  2⤵
  PID:6192
- C:\Windows\System\VCRehtk.exe
  C:\Windows\System\VCRehtk.exe
  2⤵
  PID:6212
- C:\Windows\System\gbdEBQC.exe
  C:\Windows\System\gbdEBQC.exe
  2⤵
  PID:6232
- C:\Windows\System\SIWrZkf.exe
  C:\Windows\System\SIWrZkf.exe
  2⤵
  PID:6252
- C:\Windows\System\SOsydfJ.exe
  C:\Windows\System\SOsydfJ.exe
  2⤵
  PID:6276
- C:\Windows\System\zRIkObq.exe
  C:\Windows\System\zRIkObq.exe
  2⤵
  PID:6460
- C:\Windows\System\DNlyYaP.exe
  C:\Windows\System\DNlyYaP.exe
  2⤵
  PID:6484
- C:\Windows\System\qtwxnAc.exe
  C:\Windows\System\qtwxnAc.exe
  2⤵
  PID:6500
- C:\Windows\System\VpJnbQY.exe
  C:\Windows\System\VpJnbQY.exe
  2⤵
  PID:6520
- C:\Windows\System\vrVSsAH.exe
  C:\Windows\System\vrVSsAH.exe
  2⤵
  PID:6540
- C:\Windows\System\kJmhoje.exe
  C:\Windows\System\kJmhoje.exe
  2⤵
  PID:6584
- C:\Windows\System\CpzAXfR.exe
  C:\Windows\System\CpzAXfR.exe
  2⤵
  PID:6600
- C:\Windows\System\dauVtTt.exe
  C:\Windows\System\dauVtTt.exe
  2⤵
  PID:6624
- C:\Windows\System\geEInUe.exe
  C:\Windows\System\geEInUe.exe
  2⤵
  PID:6640
- C:\Windows\System\CnQJRtE.exe
  C:\Windows\System\CnQJRtE.exe
  2⤵
  PID:6660
- C:\Windows\System\ziVgfHo.exe
  C:\Windows\System\ziVgfHo.exe
  2⤵
  PID:6680
- C:\Windows\System\hMnUilC.exe
  C:\Windows\System\hMnUilC.exe
  2⤵
  PID:6700
- C:\Windows\System\zBhafUD.exe
  C:\Windows\System\zBhafUD.exe
  2⤵
  PID:6720
- C:\Windows\System\AEZECNK.exe
  C:\Windows\System\AEZECNK.exe
  2⤵
  PID:6740
- C:\Windows\System\WHCsSrl.exe
  C:\Windows\System\WHCsSrl.exe
  2⤵
  PID:6756
- C:\Windows\System\RRjqaAT.exe
  C:\Windows\System\RRjqaAT.exe
  2⤵
  PID:6784
- C:\Windows\System\WfRMswN.exe
  C:\Windows\System\WfRMswN.exe
  2⤵
  PID:6800
- C:\Windows\System\FZVvPQG.exe
  C:\Windows\System\FZVvPQG.exe
  2⤵
  PID:6828
- C:\Windows\System\BgLJkMq.exe
  C:\Windows\System\BgLJkMq.exe
  2⤵
  PID:6848
- C:\Windows\System\PEjfXpq.exe
  C:\Windows\System\PEjfXpq.exe
  2⤵
  PID:6872
- C:\Windows\System\WkkxaYp.exe
  C:\Windows\System\WkkxaYp.exe
  2⤵
  PID:6888
- C:\Windows\System\naUoJmd.exe
  C:\Windows\System\naUoJmd.exe
  2⤵
  PID:6908
- C:\Windows\System\vOCphCV.exe
  C:\Windows\System\vOCphCV.exe
  2⤵
  PID:6928
- C:\Windows\System\AagcUCG.exe
  C:\Windows\System\AagcUCG.exe
  2⤵
  PID:6948
- C:\Windows\System\sHEStql.exe
  C:\Windows\System\sHEStql.exe
  2⤵
  PID:6968
- C:\Windows\System\BYZWUDT.exe
  C:\Windows\System\BYZWUDT.exe
  2⤵
  PID:6984
- C:\Windows\System\MIJieOG.exe
  C:\Windows\System\MIJieOG.exe
  2⤵
  PID:7000
- C:\Windows\System\XEKTIqW.exe
  C:\Windows\System\XEKTIqW.exe
  2⤵
  PID:7020
- C:\Windows\System\vEeVosq.exe
  C:\Windows\System\vEeVosq.exe
  2⤵
  PID:7036
- C:\Windows\System\KJPZknq.exe
  C:\Windows\System\KJPZknq.exe
  2⤵
  PID:7052
- C:\Windows\System\JgYieRO.exe
  C:\Windows\System\JgYieRO.exe
  2⤵
  PID:7068
- C:\Windows\System\HkpWXRr.exe
  C:\Windows\System\HkpWXRr.exe
  2⤵
  PID:7088
- C:\Windows\System\BObEVQZ.exe
  C:\Windows\System\BObEVQZ.exe
  2⤵
  PID:7104
- C:\Windows\System\aSORpMI.exe
  C:\Windows\System\aSORpMI.exe
  2⤵
  PID:7120
- C:\Windows\System\BeAmTZZ.exe
  C:\Windows\System\BeAmTZZ.exe
  2⤵
  PID:7148
- C:\Windows\System\ADmvPiP.exe
  C:\Windows\System\ADmvPiP.exe
  2⤵
  PID:2948
- C:\Windows\System\erlHhQi.exe
  C:\Windows\System\erlHhQi.exe
  2⤵
  PID:6040
- C:\Windows\System\QHjMhTA.exe
  C:\Windows\System\QHjMhTA.exe
  2⤵
  PID:4940
- C:\Windows\System\hIKKPsS.exe
  C:\Windows\System\hIKKPsS.exe
  2⤵
  PID:6180
- C:\Windows\System\hAmnbJN.exe
  C:\Windows\System\hAmnbJN.exe
  2⤵
  PID:4132
- C:\Windows\System\hYUASbP.exe
  C:\Windows\System\hYUASbP.exe
  2⤵
  PID:5040
- C:\Windows\System\DRNxXHV.exe
  C:\Windows\System\DRNxXHV.exe
  2⤵
  PID:6272
- C:\Windows\System\HWnUWWc.exe
  C:\Windows\System\HWnUWWc.exe
  2⤵
  PID:4188
- C:\Windows\System\gdwmhjT.exe
  C:\Windows\System\gdwmhjT.exe
  2⤵
  PID:4560
- C:\Windows\System\fJXuPXP.exe
  C:\Windows\System\fJXuPXP.exe
  2⤵
  PID:5160
- C:\Windows\System\zaOWBnh.exe
  C:\Windows\System\zaOWBnh.exe
  2⤵
  PID:2856
- C:\Windows\System\OqtjZhq.exe
  C:\Windows\System\OqtjZhq.exe
  2⤵
  PID:5468
- C:\Windows\System\vUYiFen.exe
  C:\Windows\System\vUYiFen.exe
  2⤵
  PID:5532
- C:\Windows\System\AemnLVn.exe
  C:\Windows\System\AemnLVn.exe
  2⤵
  PID:5540
- C:\Windows\System\CFybVzC.exe
  C:\Windows\System\CFybVzC.exe
  2⤵
  PID:6080
- C:\Windows\System\UsUDAyM.exe
  C:\Windows\System\UsUDAyM.exe
  2⤵
  PID:4652
- C:\Windows\System\uCESpUL.exe
  C:\Windows\System\uCESpUL.exe
  2⤵
  PID:6200
- C:\Windows\System\FeEnDJC.exe
  C:\Windows\System\FeEnDJC.exe
  2⤵
  PID:6248
- C:\Windows\System\fihIACp.exe
  C:\Windows\System\fihIACp.exe
  2⤵
  PID:5196
- C:\Windows\System\gAwXSAm.exe
  C:\Windows\System\gAwXSAm.exe
  2⤵
  PID:5336
- C:\Windows\System\aQJlwTo.exe
  C:\Windows\System\aQJlwTo.exe
  2⤵
  PID:5996
- C:\Windows\System\XqqnsgR.exe
  C:\Windows\System\XqqnsgR.exe
  2⤵
  PID:5148
- C:\Windows\System\cqgZYFW.exe
  C:\Windows\System\cqgZYFW.exe
  2⤵
  PID:6092
- C:\Windows\System\RYVtlXu.exe
  C:\Windows\System\RYVtlXu.exe
  2⤵
  PID:6020
- C:\Windows\System\JyDKsCU.exe
  C:\Windows\System\JyDKsCU.exe
  2⤵
  PID:5884
- C:\Windows\System\uktzqxB.exe
  C:\Windows\System\uktzqxB.exe
  2⤵
  PID:5852
- C:\Windows\System\fFLKUkl.exe
  C:\Windows\System\fFLKUkl.exe
  2⤵
  PID:5784
- C:\Windows\System\gVaxUAl.exe
  C:\Windows\System\gVaxUAl.exe
  2⤵
  PID:5712
- C:\Windows\System\MvJcQWL.exe
  C:\Windows\System\MvJcQWL.exe
  2⤵
  PID:5620
- C:\Windows\System\Rgzrdvb.exe
  C:\Windows\System\Rgzrdvb.exe
  2⤵
  PID:5556
- C:\Windows\System\ahRymNO.exe
  C:\Windows\System\ahRymNO.exe
  2⤵
  PID:5484
- C:\Windows\System\YQHAdrz.exe
  C:\Windows\System\YQHAdrz.exe
  2⤵
  PID:5416
- C:\Windows\System\tTDMigJ.exe
  C:\Windows\System\tTDMigJ.exe
  2⤵
  PID:5352
- C:\Windows\System\CRtgfeB.exe
  C:\Windows\System\CRtgfeB.exe
  2⤵
  PID:5288
- C:\Windows\System\UdSLUIL.exe
  C:\Windows\System\UdSLUIL.exe
  2⤵
  PID:6312
- C:\Windows\System\rwWPUXK.exe
  C:\Windows\System\rwWPUXK.exe
  2⤵
  PID:6328
- C:\Windows\System\QDlDEop.exe
  C:\Windows\System\QDlDEop.exe
  2⤵
  PID:6480
- C:\Windows\System\rsqUKZA.exe
  C:\Windows\System\rsqUKZA.exe
  2⤵
  PID:6352
- C:\Windows\System\vZrpNNk.exe
  C:\Windows\System\vZrpNNk.exe
  2⤵
  PID:6372
- C:\Windows\System\zlJsvhj.exe
  C:\Windows\System\zlJsvhj.exe
  2⤵
  PID:6428
- C:\Windows\System\HeJoGUZ.exe
  C:\Windows\System\HeJoGUZ.exe
  2⤵
  PID:6448
- C:\Windows\System\Ntunpri.exe
  C:\Windows\System\Ntunpri.exe
  2⤵
  PID:6516
- C:\Windows\System\rNriQtG.exe
  C:\Windows\System\rNriQtG.exe
  2⤵
  PID:6556
- C:\Windows\System\ymTQdwx.exe
  C:\Windows\System\ymTQdwx.exe
  2⤵
  PID:6572
- C:\Windows\System\bSWSsAe.exe
  C:\Windows\System\bSWSsAe.exe
  2⤵
  PID:6620
- C:\Windows\System\voBTdem.exe
  C:\Windows\System\voBTdem.exe
  2⤵
  PID:6652
- C:\Windows\System\OQtHdKp.exe
  C:\Windows\System\OQtHdKp.exe
  2⤵
  PID:2776
- C:\Windows\System\RCkhgTA.exe
  C:\Windows\System\RCkhgTA.exe
  2⤵
  PID:6732
- C:\Windows\System\UJDhlGo.exe
  C:\Windows\System\UJDhlGo.exe
  2⤵
  PID:2532
- C:\Windows\System\jlSIyrP.exe
  C:\Windows\System\jlSIyrP.exe
  2⤵
  PID:6596
- C:\Windows\System\FfrPdrs.exe
  C:\Windows\System\FfrPdrs.exe
  2⤵
  PID:6668
- C:\Windows\System\eNspOaM.exe
  C:\Windows\System\eNspOaM.exe
  2⤵
  PID:6748
- C:\Windows\System\OFbCMjy.exe
  C:\Windows\System\OFbCMjy.exe
  2⤵
  PID:6772
- C:\Windows\System\jxFfbic.exe
  C:\Windows\System\jxFfbic.exe
  2⤵
  PID:2452
- C:\Windows\System\siRTpTa.exe
  C:\Windows\System\siRTpTa.exe
  2⤵
  PID:6812
- C:\Windows\System\GlcSGzA.exe
  C:\Windows\System\GlcSGzA.exe
  2⤵
  PID:6936
- C:\Windows\System\cYFDxIl.exe
  C:\Windows\System\cYFDxIl.exe
  2⤵
  PID:6980
- C:\Windows\System\RFcwjEK.exe
  C:\Windows\System\RFcwjEK.exe
  2⤵
  PID:7044
- C:\Windows\System\jfFhigg.exe
  C:\Windows\System\jfFhigg.exe
  2⤵
  PID:2528
- C:\Windows\System\htfzcGL.exe
  C:\Windows\System\htfzcGL.exe
  2⤵
  PID:6836
- C:\Windows\System\vQxlJdo.exe
  C:\Windows\System\vQxlJdo.exe
  2⤵
  PID:7112
- C:\Windows\System\sHTgiLo.exe
  C:\Windows\System\sHTgiLo.exe
  2⤵
  PID:6920
- C:\Windows\System\ztUXSvH.exe
  C:\Windows\System\ztUXSvH.exe
  2⤵
  PID:4596
- C:\Windows\System\CmQVSbt.exe
  C:\Windows\System\CmQVSbt.exe
  2⤵
  PID:6224
- C:\Windows\System\fSzXpkd.exe
  C:\Windows\System\fSzXpkd.exe
  2⤵
  PID:5400
- C:\Windows\System\dtKVlYF.exe
  C:\Windows\System\dtKVlYF.exe
  2⤵
  PID:7060
- C:\Windows\System\RaUDSQX.exe
  C:\Windows\System\RaUDSQX.exe
  2⤵
  PID:6960
- C:\Windows\System\LSChxHB.exe
  C:\Windows\System\LSChxHB.exe
  2⤵
  PID:7128
- C:\Windows\System\zetRjZC.exe
  C:\Windows\System\zetRjZC.exe
  2⤵
  PID:6156
- C:\Windows\System\vfBfoVs.exe
  C:\Windows\System\vfBfoVs.exe
  2⤵
  PID:6160
- C:\Windows\System\QddRfNC.exe
  C:\Windows\System\QddRfNC.exe
  2⤵
  PID:1948
- C:\Windows\System\xUQmdQq.exe
  C:\Windows\System\xUQmdQq.exe
  2⤵
  PID:872
- C:\Windows\System\GlbmqNw.exe
  C:\Windows\System\GlbmqNw.exe
  2⤵
  PID:5768
- C:\Windows\System\ixxZTqp.exe
  C:\Windows\System\ixxZTqp.exe
  2⤵
  PID:6288
- C:\Windows\System\IDrXHYl.exe
  C:\Windows\System\IDrXHYl.exe
  2⤵
  PID:2472
- C:\Windows\System\MpNDAgu.exe
  C:\Windows\System\MpNDAgu.exe
  2⤵
  PID:6108
- C:\Windows\System\jVZDFmk.exe
  C:\Windows\System\jVZDFmk.exe
  2⤵
  PID:4476
- C:\Windows\System\GmnTOni.exe
  C:\Windows\System\GmnTOni.exe
  2⤵
  PID:6076
- C:\Windows\System\oqddSJn.exe
  C:\Windows\System\oqddSJn.exe
  2⤵
  PID:5440
- C:\Windows\System\gkNjEIn.exe
  C:\Windows\System\gkNjEIn.exe
  2⤵
  PID:6244
- C:\Windows\System\ULvjyOd.exe
  C:\Windows\System\ULvjyOd.exe
  2⤵
  PID:6304
- C:\Windows\System\CtxaLNg.exe
  C:\Windows\System\CtxaLNg.exe
  2⤵
  PID:2812
- C:\Windows\System\BglxKbe.exe
  C:\Windows\System\BglxKbe.exe
  2⤵
  PID:6060
- C:\Windows\System\fiHIFsL.exe
  C:\Windows\System\fiHIFsL.exe
  2⤵
  PID:5948
- C:\Windows\System\UlNzoDt.exe
  C:\Windows\System\UlNzoDt.exe
  2⤵
  PID:5520
- C:\Windows\System\UUWruGk.exe
  C:\Windows\System\UUWruGk.exe
  2⤵
  PID:6208
- C:\Windows\System\UuIyNnS.exe
  C:\Windows\System\UuIyNnS.exe
  2⤵
  PID:5256
- C:\Windows\System\MFmigNv.exe
  C:\Windows\System\MFmigNv.exe
  2⤵
  PID:6336
- C:\Windows\System\issqLXl.exe
  C:\Windows\System\issqLXl.exe
  2⤵
  PID:2568
- C:\Windows\System\xAKwEBk.exe
  C:\Windows\System\xAKwEBk.exe
  2⤵
  PID:6388
- C:\Windows\System\fnMVePc.exe
  C:\Windows\System\fnMVePc.exe
  2⤵
  PID:6548
- C:\Windows\System\WLlVFLm.exe
  C:\Windows\System\WLlVFLm.exe
  2⤵
  PID:6348
- C:\Windows\System\uSnVZOL.exe
  C:\Windows\System\uSnVZOL.exe
  2⤵
  PID:6408
- C:\Windows\System\NMnjkOM.exe
  C:\Windows\System\NMnjkOM.exe
  2⤵
  PID:6420
- C:\Windows\System\hTWaBYc.exe
  C:\Windows\System\hTWaBYc.exe
  2⤵
  PID:6536
- C:\Windows\System\IOfHRzA.exe
  C:\Windows\System\IOfHRzA.exe
  2⤵
  PID:6492
- C:\Windows\System\yhKbgor.exe
  C:\Windows\System\yhKbgor.exe
  2⤵
  PID:6496
- C:\Windows\System\ZxiajBR.exe
  C:\Windows\System\ZxiajBR.exe
  2⤵
  PID:6824
- C:\Windows\System\CpwLAHc.exe
  C:\Windows\System\CpwLAHc.exe
  2⤵
  PID:6976
- C:\Windows\System\pMvHUJn.exe
  C:\Windows\System\pMvHUJn.exe
  2⤵
  PID:6844
- C:\Windows\System\yeToECb.exe
  C:\Windows\System\yeToECb.exe
  2⤵
  PID:7164
- C:\Windows\System\OXKipgd.exe
  C:\Windows\System\OXKipgd.exe
  2⤵
  PID:4792
- C:\Windows\System\zTikFNW.exe
  C:\Windows\System\zTikFNW.exe
  2⤵
  PID:1736
- C:\Windows\System\SDYIErB.exe
  C:\Windows\System\SDYIErB.exe
  2⤵
  PID:6868
- C:\Windows\System\JEhhpdk.exe
  C:\Windows\System\JEhhpdk.exe
  2⤵
  PID:6592
- C:\Windows\System\yUmTvmo.exe
  C:\Windows\System\yUmTvmo.exe
  2⤵
  PID:5116
- C:\Windows\System\DaCNpUW.exe
  C:\Windows\System\DaCNpUW.exe
  2⤵
  PID:5208
- C:\Windows\System\nlOiLIu.exe
  C:\Windows\System\nlOiLIu.exe
  2⤵
  PID:5436
- C:\Windows\System\FGNAHhq.exe
  C:\Windows\System\FGNAHhq.exe
  2⤵
  PID:6296
- C:\Windows\System\KOfXqrn.exe
  C:\Windows\System\KOfXqrn.exe
  2⤵
  PID:4380
- C:\Windows\System\uVmLBsh.exe
  C:\Windows\System\uVmLBsh.exe
  2⤵
  PID:5652
- C:\Windows\System\wwFdZcs.exe
  C:\Windows\System\wwFdZcs.exe
  2⤵
  PID:7012
- C:\Windows\System\pvVsVJe.exe
  C:\Windows\System\pvVsVJe.exe
  2⤵
  PID:2596
- C:\Windows\System\MFHGzZr.exe
  C:\Windows\System\MFHGzZr.exe
  2⤵
  PID:1636
- C:\Windows\System\MHUJkEz.exe
  C:\Windows\System\MHUJkEz.exe
  2⤵
  PID:2396
- C:\Windows\System\pugbOBb.exe
  C:\Windows\System\pugbOBb.exe
  2⤵
  PID:6996
- C:\Windows\System\LcjUtpM.exe
  C:\Windows\System\LcjUtpM.exe
  2⤵
  PID:7136
- C:\Windows\System\HvrdwSi.exe
  C:\Windows\System\HvrdwSi.exe
  2⤵
  PID:5880
- C:\Windows\System\PHtQfUf.exe
  C:\Windows\System\PHtQfUf.exe
  2⤵
  PID:6380
- C:\Windows\System\TeYCIQY.exe
  C:\Windows\System\TeYCIQY.exe
  2⤵
  PID:6140
- C:\Windows\System\CxDwJYI.exe
  C:\Windows\System\CxDwJYI.exe
  2⤵
  PID:6096
- C:\Windows\System\qoTCwMU.exe
  C:\Windows\System\qoTCwMU.exe
  2⤵
  PID:6308
- C:\Windows\System\pCVLQNz.exe
  C:\Windows\System\pCVLQNz.exe
  2⤵
  PID:6608
- C:\Windows\System\DgkKQel.exe
  C:\Windows\System\DgkKQel.exe
  2⤵
  PID:5292
- C:\Windows\System\HmEwwlr.exe
  C:\Windows\System\HmEwwlr.exe
  2⤵
  PID:5228
- C:\Windows\System\EqVNiND.exe
  C:\Windows\System\EqVNiND.exe
  2⤵
  PID:6400
- C:\Windows\System\rHTdsjE.exe
  C:\Windows\System\rHTdsjE.exe
  2⤵
  PID:6632
- C:\Windows\System\qpMkyNf.exe
  C:\Windows\System\qpMkyNf.exe
  2⤵
  PID:7156
- C:\Windows\System\eVZJvwO.exe
  C:\Windows\System\eVZJvwO.exe
  2⤵
  PID:6956
- C:\Windows\System\CfWidln.exe
  C:\Windows\System\CfWidln.exe
  2⤵
  PID:6168
- C:\Windows\System\nszIPCa.exe
  C:\Windows\System\nszIPCa.exe
  2⤵
  PID:7100
- C:\Windows\System\WkAifhI.exe
  C:\Windows\System\WkAifhI.exe
  2⤵
  PID:6896
- C:\Windows\System\NugCzFB.exe
  C:\Windows\System\NugCzFB.exe
  2⤵
  PID:6656
- C:\Windows\System\VysUGGS.exe
  C:\Windows\System\VysUGGS.exe
  2⤵
  PID:6860
- C:\Windows\System\vgkQsYZ.exe
  C:\Windows\System\vgkQsYZ.exe
  2⤵
  PID:5680
- C:\Windows\System\BJeTlHv.exe
  C:\Windows\System\BJeTlHv.exe
  2⤵
  PID:7016
- C:\Windows\System\ZCUdmCp.exe
  C:\Windows\System\ZCUdmCp.exe
  2⤵
  PID:4460
- C:\Windows\System\ZDAzEOe.exe
  C:\Windows\System\ZDAzEOe.exe
  2⤵
  PID:2760
- C:\Windows\System\LxxxPMg.exe
  C:\Windows\System\LxxxPMg.exe
  2⤵
  PID:6392
- C:\Windows\System\MxjUCpD.exe
  C:\Windows\System\MxjUCpD.exe
  2⤵
  PID:5384
- C:\Windows\System\yobPmoo.exe
  C:\Windows\System\yobPmoo.exe
  2⤵
  PID:3068
- C:\Windows\System\GiCjgkJ.exe
  C:\Windows\System\GiCjgkJ.exe
  2⤵
  PID:7032
- C:\Windows\System\aXDTpoD.exe
  C:\Windows\System\aXDTpoD.exe
  2⤵
  PID:2448
- C:\Windows\System\iyWzhGk.exe
  C:\Windows\System\iyWzhGk.exe
  2⤵
  PID:6344
- C:\Windows\System\ElcVCWw.exe
  C:\Windows\System\ElcVCWw.exe
  2⤵
  PID:6416
- C:\Windows\System\HmvcFXN.exe
  C:\Windows\System\HmvcFXN.exe
  2⤵
  PID:2012
- C:\Windows\System\pTYTXWP.exe
  C:\Windows\System\pTYTXWP.exe
  2⤵
  PID:6164
- C:\Windows\System\fgoyGCQ.exe
  C:\Windows\System\fgoyGCQ.exe
  2⤵
  PID:5812
- C:\Windows\System\wZtNOfo.exe
  C:\Windows\System\wZtNOfo.exe
  2⤵
  PID:2020
- C:\Windows\System\ruUsKOH.exe
  C:\Windows\System\ruUsKOH.exe
  2⤵
  PID:2132
- C:\Windows\System\SRILbuJ.exe
  C:\Windows\System\SRILbuJ.exe
  2⤵
  PID:1396
- C:\Windows\System\KQcoYii.exe
  C:\Windows\System\KQcoYii.exe
  2⤵
  PID:6940
- C:\Windows\System\YneUxOm.exe
  C:\Windows\System\YneUxOm.exe
  2⤵
  PID:7080
- C:\Windows\System\oaHAHuy.exe
  C:\Windows\System\oaHAHuy.exe
  2⤵
  PID:6444
- C:\Windows\System\PeHVYZm.exe
  C:\Windows\System\PeHVYZm.exe
  2⤵
  PID:4252
- C:\Windows\System\CaZKiYj.exe
  C:\Windows\System\CaZKiYj.exe
  2⤵
  PID:4636
- C:\Windows\System\UYhVKap.exe
  C:\Windows\System\UYhVKap.exe
  2⤵
  PID:5588
- C:\Windows\System\OYyuCzZ.exe
  C:\Windows\System\OYyuCzZ.exe
  2⤵
  PID:5320
- C:\Windows\System\qQCmGkp.exe
  C:\Windows\System\qQCmGkp.exe
  2⤵
  PID:6508
- C:\Windows\System\jOXCBUi.exe
  C:\Windows\System\jOXCBUi.exe
  2⤵
  PID:1008
- C:\Windows\System\shEIpuY.exe
  C:\Windows\System\shEIpuY.exe
  2⤵
  PID:4312
- C:\Windows\System\ecWfosf.exe
  C:\Windows\System\ecWfosf.exe
  2⤵
  PID:1724
- C:\Windows\System\JfAdiZR.exe
  C:\Windows\System\JfAdiZR.exe
  2⤵
  PID:6360
- C:\Windows\System\NJCkzGk.exe
  C:\Windows\System\NJCkzGk.exe
  2⤵
  PID:5488
- C:\Windows\System\kvyZRwo.exe
  C:\Windows\System\kvyZRwo.exe
  2⤵
  PID:7172
- C:\Windows\System\rPcqeqD.exe
  C:\Windows\System\rPcqeqD.exe
  2⤵
  PID:7188
- C:\Windows\System\mfqEmuG.exe
  C:\Windows\System\mfqEmuG.exe
  2⤵
  PID:7212
- C:\Windows\System\cLsrPuY.exe
  C:\Windows\System\cLsrPuY.exe
  2⤵
  PID:7228
- C:\Windows\System\oDrtrhE.exe
  C:\Windows\System\oDrtrhE.exe
  2⤵
  PID:7244
- C:\Windows\System\TtjAqag.exe
  C:\Windows\System\TtjAqag.exe
  2⤵
  PID:7260
- C:\Windows\System\sQbShZV.exe
  C:\Windows\System\sQbShZV.exe
  2⤵
  PID:7276
- C:\Windows\System\ehrmMbq.exe
  C:\Windows\System\ehrmMbq.exe
  2⤵
  PID:7292
- C:\Windows\System\qhZPnjp.exe
  C:\Windows\System\qhZPnjp.exe
  2⤵
  PID:7308
- C:\Windows\System\SZfoRjw.exe
  C:\Windows\System\SZfoRjw.exe
  2⤵
  PID:7324
- C:\Windows\System\hIGzGLc.exe
  C:\Windows\System\hIGzGLc.exe
  2⤵
  PID:7340
- C:\Windows\System\KDygnYD.exe
  C:\Windows\System\KDygnYD.exe
  2⤵
  PID:7356
- C:\Windows\System\LeNdtKh.exe
  C:\Windows\System\LeNdtKh.exe
  2⤵
  PID:7372
- C:\Windows\System\EfxAplo.exe
  C:\Windows\System\EfxAplo.exe
  2⤵
  PID:7388
- C:\Windows\System\odwAWeW.exe
  C:\Windows\System\odwAWeW.exe
  2⤵
  PID:7404
- C:\Windows\System\GerqpHS.exe
  C:\Windows\System\GerqpHS.exe
  2⤵
  PID:7420
- C:\Windows\System\fFHuvYs.exe
  C:\Windows\System\fFHuvYs.exe
  2⤵
  PID:7436
- C:\Windows\System\tlARYDJ.exe
  C:\Windows\System\tlARYDJ.exe
  2⤵
  PID:7452
- C:\Windows\System\JHSMNxf.exe
  C:\Windows\System\JHSMNxf.exe
  2⤵
  PID:7468
- C:\Windows\System\nNDxTSq.exe
  C:\Windows\System\nNDxTSq.exe
  2⤵
  PID:7484
- C:\Windows\System\oGnTNOT.exe
  C:\Windows\System\oGnTNOT.exe
  2⤵
  PID:7500
- C:\Windows\System\OmZRaeU.exe
  C:\Windows\System\OmZRaeU.exe
  2⤵
  PID:7516
- C:\Windows\System\BdLXRPS.exe
  C:\Windows\System\BdLXRPS.exe
  2⤵
  PID:7532
- C:\Windows\System\xnUqhgq.exe
  C:\Windows\System\xnUqhgq.exe
  2⤵
  PID:7548
- C:\Windows\System\ZEgqASc.exe
  C:\Windows\System\ZEgqASc.exe
  2⤵
  PID:7564
- C:\Windows\System\FREwaiq.exe
  C:\Windows\System\FREwaiq.exe
  2⤵
  PID:7580
- C:\Windows\System\GzBOvXT.exe
  C:\Windows\System\GzBOvXT.exe
  2⤵
  PID:7596
- C:\Windows\System\dTISnES.exe
  C:\Windows\System\dTISnES.exe
  2⤵
  PID:7612
- C:\Windows\System\TwSlQkE.exe
  C:\Windows\System\TwSlQkE.exe
  2⤵
  PID:7628
- C:\Windows\System\PHabzHe.exe
  C:\Windows\System\PHabzHe.exe
  2⤵
  PID:7644
- C:\Windows\System\jcUDfwN.exe
  C:\Windows\System\jcUDfwN.exe
  2⤵
  PID:7660
- C:\Windows\System\GfwtURf.exe
  C:\Windows\System\GfwtURf.exe
  2⤵
  PID:7676
- C:\Windows\System\WpXiBJv.exe
  C:\Windows\System\WpXiBJv.exe
  2⤵
  PID:7692
- C:\Windows\System\NiWPvGc.exe
  C:\Windows\System\NiWPvGc.exe
  2⤵
  PID:7708
- C:\Windows\System\GVTrGEa.exe
  C:\Windows\System\GVTrGEa.exe
  2⤵
  PID:7724
- C:\Windows\System\dpUQuWS.exe
  C:\Windows\System\dpUQuWS.exe
  2⤵
  PID:7740
- C:\Windows\System\RQsZGdH.exe
  C:\Windows\System\RQsZGdH.exe
  2⤵
  PID:7756
- C:\Windows\System\TbrxurV.exe
  C:\Windows\System\TbrxurV.exe
  2⤵
  PID:7772
- C:\Windows\System\KXtpvHg.exe
  C:\Windows\System\KXtpvHg.exe
  2⤵
  PID:7816
- C:\Windows\System\ZpbSiVT.exe
  C:\Windows\System\ZpbSiVT.exe
  2⤵
  PID:7912
- C:\Windows\System\ZeZgdmB.exe
  C:\Windows\System\ZeZgdmB.exe
  2⤵
  PID:8028
- C:\Windows\System\CjHSlnc.exe
  C:\Windows\System\CjHSlnc.exe
  2⤵
  PID:8044
- C:\Windows\System\HaygIvQ.exe
  C:\Windows\System\HaygIvQ.exe
  2⤵
  PID:8060
- C:\Windows\System\MfreENL.exe
  C:\Windows\System\MfreENL.exe
  2⤵
  PID:8080
- C:\Windows\System\lkPlqta.exe
  C:\Windows\System\lkPlqta.exe
  2⤵
  PID:8096
- C:\Windows\System\SFYmkRw.exe
  C:\Windows\System\SFYmkRw.exe
  2⤵
  PID:8112
- C:\Windows\System\JTwTaII.exe
  C:\Windows\System\JTwTaII.exe
  2⤵
  PID:8128
- C:\Windows\System\AHkSKHO.exe
  C:\Windows\System\AHkSKHO.exe
  2⤵
  PID:8144
- C:\Windows\System\gMRrpzC.exe
  C:\Windows\System\gMRrpzC.exe
  2⤵
  PID:8172
- C:\Windows\System\DtYrqdV.exe
  C:\Windows\System\DtYrqdV.exe
  2⤵
  PID:2884
- C:\Windows\System\sSdzKqG.exe
  C:\Windows\System\sSdzKqG.exe
  2⤵
  PID:588
- C:\Windows\System\MjmNphI.exe
  C:\Windows\System\MjmNphI.exe
  2⤵
  PID:7196
- C:\Windows\System\fvrXiws.exe
  C:\Windows\System\fvrXiws.exe
  2⤵
  PID:6324
- C:\Windows\System\avzUkEZ.exe
  C:\Windows\System\avzUkEZ.exe
  2⤵
  PID:6024
- C:\Windows\System\pKwUElB.exe
  C:\Windows\System\pKwUElB.exe
  2⤵
  PID:5696
- C:\Windows\System\XJMFNPl.exe
  C:\Windows\System\XJMFNPl.exe
  2⤵
  PID:1552
- C:\Windows\System\sFKypUR.exe
  C:\Windows\System\sFKypUR.exe
  2⤵
  PID:5500
- C:\Windows\System\LKnyKHi.exe
  C:\Windows\System\LKnyKHi.exe
  2⤵
  PID:2852
- C:\Windows\System\DgrFwkP.exe
  C:\Windows\System\DgrFwkP.exe
  2⤵
  PID:7220
- C:\Windows\System\WRDcXJr.exe
  C:\Windows\System\WRDcXJr.exe
  2⤵
  PID:7240
- C:\Windows\System\PkTrqme.exe
  C:\Windows\System\PkTrqme.exe
  2⤵
  PID:7300
- C:\Windows\System\eBjTOgX.exe
  C:\Windows\System\eBjTOgX.exe
  2⤵
  PID:7368
- C:\Windows\System\tIuMIiW.exe
  C:\Windows\System\tIuMIiW.exe
  2⤵
  PID:7384
- C:\Windows\System\RCnMZOt.exe
  C:\Windows\System\RCnMZOt.exe
  2⤵
  PID:7416
- C:\Windows\System\IvRpPjr.exe
  C:\Windows\System\IvRpPjr.exe
  2⤵
  PID:7492
- C:\Windows\System\yrxzGzp.exe
  C:\Windows\System\yrxzGzp.exe
  2⤵
  PID:7508
- C:\Windows\System\sahnZMB.exe
  C:\Windows\System\sahnZMB.exe
  2⤵
  PID:7620
- C:\Windows\System\FaoeymO.exe
  C:\Windows\System\FaoeymO.exe
  2⤵
  PID:7572
- C:\Windows\System\tnDmAsr.exe
  C:\Windows\System\tnDmAsr.exe
  2⤵
  PID:7604
- C:\Windows\System\KVwgjPR.exe
  C:\Windows\System\KVwgjPR.exe
  2⤵
  PID:7656
- C:\Windows\System\arbhNRt.exe
  C:\Windows\System\arbhNRt.exe
  2⤵
  PID:7748
- C:\Windows\System\VBeockv.exe
  C:\Windows\System\VBeockv.exe
  2⤵
  PID:7792
- C:\Windows\System\OuZhcBy.exe
  C:\Windows\System\OuZhcBy.exe
  2⤵
  PID:7808
- C:\Windows\System\vQCgUCN.exe
  C:\Windows\System\vQCgUCN.exe
  2⤵
  PID:7672
- C:\Windows\System\cnXGwrF.exe
  C:\Windows\System\cnXGwrF.exe
  2⤵
  PID:7828
- C:\Windows\System\AavcKCj.exe
  C:\Windows\System\AavcKCj.exe
  2⤵
  PID:7852
- C:\Windows\System\TtLAAPA.exe
  C:\Windows\System\TtLAAPA.exe
  2⤵
  PID:7872
- C:\Windows\System\wAaKFZY.exe
  C:\Windows\System\wAaKFZY.exe
  2⤵
  PID:5568
- C:\Windows\System\JvVZfod.exe
  C:\Windows\System\JvVZfod.exe
  2⤵
  PID:7920
- C:\Windows\System\DsjfLLW.exe
  C:\Windows\System\DsjfLLW.exe
  2⤵
  PID:7832
- C:\Windows\System\uNvkLvG.exe
  C:\Windows\System\uNvkLvG.exe
  2⤵
  PID:7892
- C:\Windows\System\jAPzXEI.exe
  C:\Windows\System\jAPzXEI.exe
  2⤵
  PID:7908
- C:\Windows\System\KVaspjZ.exe
  C:\Windows\System\KVaspjZ.exe
  2⤵
  PID:7928
- C:\Windows\System\ieDgfdP.exe
  C:\Windows\System\ieDgfdP.exe
  2⤵
  PID:7940
- C:\Windows\System\UgUTgQT.exe
  C:\Windows\System\UgUTgQT.exe
  2⤵
  PID:7956
- C:\Windows\System\qvsTZQv.exe
  C:\Windows\System\qvsTZQv.exe
  2⤵
  PID:7972
- C:\Windows\System\JhTsRhR.exe
  C:\Windows\System\JhTsRhR.exe
  2⤵
  PID:7992
- C:\Windows\System\daBIcBM.exe
  C:\Windows\System\daBIcBM.exe
  2⤵
  PID:8008
- C:\Windows\System\jccMVPz.exe
  C:\Windows\System\jccMVPz.exe
  2⤵
  PID:1912
- C:\Windows\System\cYWBcJZ.exe
  C:\Windows\System\cYWBcJZ.exe
  2⤵
  PID:2392
- C:\Windows\System\YagfLMA.exe
  C:\Windows\System\YagfLMA.exe
  2⤵
  PID:8040
- C:\Windows\System\rPQQdfY.exe
  C:\Windows\System\rPQQdfY.exe
  2⤵
  PID:8088
- C:\Windows\System\NthWoyu.exe
  C:\Windows\System\NthWoyu.exe
  2⤵
  PID:8052
- C:\Windows\System\TNfsxRj.exe
  C:\Windows\System\TNfsxRj.exe
  2⤵
  PID:8180
- C:\Windows\System\jAzvbEt.exe
  C:\Windows\System\jAzvbEt.exe
  2⤵
  PID:8160
- C:\Windows\System\HOixbET.exe
  C:\Windows\System\HOixbET.exe
  2⤵
  PID:2652
- C:\Windows\System\imObALn.exe
  C:\Windows\System\imObALn.exe
  2⤵
  PID:7096
- C:\Windows\System\eaVjzUe.exe
  C:\Windows\System\eaVjzUe.exe
  2⤵
  PID:7320
- C:\Windows\System\IZjqNgp.exe
  C:\Windows\System\IZjqNgp.exe
  2⤵
  PID:5420
- C:\Windows\System\kPNFkav.exe
  C:\Windows\System\kPNFkav.exe
  2⤵
  PID:6768
- C:\Windows\System\uSVrcHN.exe
  C:\Windows\System\uSVrcHN.exe
  2⤵
  PID:6128
- C:\Windows\System\sKyjhQi.exe
  C:\Windows\System\sKyjhQi.exe
  2⤵
  PID:7364
- C:\Windows\System\vmITSYs.exe
  C:\Windows\System\vmITSYs.exe
  2⤵
  PID:7428
- C:\Windows\System\DmhOCwk.exe
  C:\Windows\System\DmhOCwk.exe
  2⤵
  PID:7400
- C:\Windows\System\fSSwMkR.exe
  C:\Windows\System\fSSwMkR.exe
  2⤵
  PID:756
- C:\Windows\System\MBDGRsH.exe
  C:\Windows\System\MBDGRsH.exe
  2⤵
  PID:7448
- C:\Windows\System\XvdRlrI.exe
  C:\Windows\System\XvdRlrI.exe
  2⤵
  PID:7784
- C:\Windows\System\ZfEFclB.exe
  C:\Windows\System\ZfEFclB.exe
  2⤵
  PID:7528
- C:\Windows\System\zUBXZXd.exe
  C:\Windows\System\zUBXZXd.exe
  2⤵
  PID:2496
- C:\Windows\System\NUqQgPN.exe
  C:\Windows\System\NUqQgPN.exe
  2⤵
  PID:2100
- C:\Windows\System\LvbFVVN.exe
  C:\Windows\System\LvbFVVN.exe
  2⤵
  PID:2868
- C:\Windows\System\vXBMaTn.exe
  C:\Windows\System\vXBMaTn.exe
  2⤵
  PID:2324
- C:\Windows\System\fdZUldF.exe
  C:\Windows\System\fdZUldF.exe
  2⤵
  PID:1920
- C:\Windows\System\QQyMRjQ.exe
  C:\Windows\System\QQyMRjQ.exe
  2⤵
  PID:8000
- C:\Windows\System\IxqKPex.exe
  C:\Windows\System\IxqKPex.exe
  2⤵
  PID:7704
- C:\Windows\System\onYhwsH.exe
  C:\Windows\System\onYhwsH.exe
  2⤵
  PID:7864
- C:\Windows\System\HLiJaZF.exe
  C:\Windows\System\HLiJaZF.exe
  2⤵
  PID:8140
- C:\Windows\System\zLYYpWC.exe
  C:\Windows\System\zLYYpWC.exe
  2⤵
  PID:2008
- C:\Windows\System\lKvkgwM.exe
  C:\Windows\System\lKvkgwM.exe
  2⤵
  PID:7180
- C:\Windows\System\aJAqsln.exe
  C:\Windows\System\aJAqsln.exe
  2⤵
  PID:8036
- C:\Windows\System\LAoZVtr.exe
  C:\Windows\System\LAoZVtr.exe
  2⤵
  PID:7804
- C:\Windows\System\CwWPPlz.exe
  C:\Windows\System\CwWPPlz.exe
  2⤵
  PID:7284
- C:\Windows\System\TygoOdT.exe
  C:\Windows\System\TygoOdT.exe
  2⤵
  PID:8188
- C:\Windows\System\waLSqzu.exe
  C:\Windows\System\waLSqzu.exe
  2⤵
  PID:7980
- C:\Windows\System\IZNzVqo.exe
  C:\Windows\System\IZNzVqo.exe
  2⤵
  PID:4428
- C:\Windows\System\OtDMNpW.exe
  C:\Windows\System\OtDMNpW.exe
  2⤵
  PID:2712
- C:\Windows\System\GfmlQak.exe
  C:\Windows\System\GfmlQak.exe
  2⤵
  PID:8156
- C:\Windows\System\PIWlKYn.exe
  C:\Windows\System\PIWlKYn.exe
  2⤵
  PID:7184
- C:\Windows\System\kKMmqrw.exe
  C:\Windows\System\kKMmqrw.exe
  2⤵
  PID:7272
- C:\Windows\System\tDbimvD.exe
  C:\Windows\System\tDbimvD.exe
  2⤵
  PID:7588
- C:\Windows\System\lHpdFrl.exe
  C:\Windows\System\lHpdFrl.exe
  2⤵
  PID:3016
- C:\Windows\System\NPcNXKm.exe
  C:\Windows\System\NPcNXKm.exe
  2⤵
  PID:5504
- C:\Windows\System\HolAYJD.exe
  C:\Windows\System\HolAYJD.exe
  2⤵
  PID:2896
- C:\Windows\System\lMpXRVu.exe
  C:\Windows\System\lMpXRVu.exe
  2⤵
  PID:7788
- C:\Windows\System\GCBWLPl.exe
  C:\Windows\System\GCBWLPl.exe
  2⤵
  PID:7900
- C:\Windows\System\pOrnIkE.exe
  C:\Windows\System\pOrnIkE.exe
  2⤵
  PID:8056
- C:\Windows\System\qiVPucA.exe
  C:\Windows\System\qiVPucA.exe
  2⤵
  PID:8024
- C:\Windows\System\hoWdmjC.exe
  C:\Windows\System\hoWdmjC.exe
  2⤵
  PID:5272
- C:\Windows\System\lDYRLHD.exe
  C:\Windows\System\lDYRLHD.exe
  2⤵
  PID:7720
- C:\Windows\System\gnEGukl.exe
  C:\Windows\System\gnEGukl.exe
  2⤵
  PID:7884
- C:\Windows\System\XtUVjln.exe
  C:\Windows\System\XtUVjln.exe
  2⤵
  PID:1204
- C:\Windows\System\yAkfxGG.exe
  C:\Windows\System\yAkfxGG.exe
  2⤵
  PID:1556
- C:\Windows\System\HlhnkIw.exe
  C:\Windows\System\HlhnkIw.exe
  2⤵
  PID:2768
- C:\Windows\System\GpWdYit.exe
  C:\Windows\System\GpWdYit.exe
  2⤵
  PID:7512
- C:\Windows\System\NTDAvqq.exe
  C:\Windows\System\NTDAvqq.exe
  2⤵
  PID:8152
- C:\Windows\System\KEwCGjL.exe
  C:\Windows\System\KEwCGjL.exe
  2⤵
  PID:7544
- C:\Windows\System\iCTHWOZ.exe
  C:\Windows\System\iCTHWOZ.exe
  2⤵
  PID:8108
- C:\Windows\System\wyLOQkh.exe
  C:\Windows\System\wyLOQkh.exe
  2⤵
  PID:7236
- C:\Windows\System\NrUNCsf.exe
  C:\Windows\System\NrUNCsf.exe
  2⤵
  PID:8020
- C:\Windows\System\QaPgNuf.exe
  C:\Windows\System\QaPgNuf.exe
  2⤵
  PID:7840
- C:\Windows\System\TtRDQxI.exe
  C:\Windows\System\TtRDQxI.exe
  2⤵
  PID:6696
- C:\Windows\System\KTJPSly.exe
  C:\Windows\System\KTJPSly.exe
  2⤵
  PID:8200
- C:\Windows\System\wqgmQVt.exe
  C:\Windows\System\wqgmQVt.exe
  2⤵
  PID:8216
- C:\Windows\System\XMmTujE.exe
  C:\Windows\System\XMmTujE.exe
  2⤵
  PID:8232
- C:\Windows\System\mUnsRZA.exe
  C:\Windows\System\mUnsRZA.exe
  2⤵
  PID:8248
- C:\Windows\System\YCQCVDc.exe
  C:\Windows\System\YCQCVDc.exe
  2⤵
  PID:8264
- C:\Windows\System\QixdrqA.exe
  C:\Windows\System\QixdrqA.exe
  2⤵
  PID:8280
- C:\Windows\System\SDgsxkv.exe
  C:\Windows\System\SDgsxkv.exe
  2⤵
  PID:8296
- C:\Windows\System\xxQgZTA.exe
  C:\Windows\System\xxQgZTA.exe
  2⤵
  PID:8312
- C:\Windows\System\NqqTquK.exe
  C:\Windows\System\NqqTquK.exe
  2⤵
  PID:8328
- C:\Windows\System\ZLdGAwx.exe
  C:\Windows\System\ZLdGAwx.exe
  2⤵
  PID:8344
- C:\Windows\System\zDDFPJw.exe
  C:\Windows\System\zDDFPJw.exe
  2⤵
  PID:8360
- C:\Windows\System\BXDsxUf.exe
  C:\Windows\System\BXDsxUf.exe
  2⤵
  PID:8376
- C:\Windows\System\SMAlDme.exe
  C:\Windows\System\SMAlDme.exe
  2⤵
  PID:8392
- C:\Windows\System\QkwaGDO.exe
  C:\Windows\System\QkwaGDO.exe
  2⤵
  PID:8408
- C:\Windows\System\NkBZBSh.exe
  C:\Windows\System\NkBZBSh.exe
  2⤵
  PID:8424
- C:\Windows\System\RiFCoIh.exe
  C:\Windows\System\RiFCoIh.exe
  2⤵
  PID:8440
- C:\Windows\System\yHRkBNt.exe
  C:\Windows\System\yHRkBNt.exe
  2⤵
  PID:8456
- C:\Windows\System\riQTRjn.exe
  C:\Windows\System\riQTRjn.exe
  2⤵
  PID:8472
- C:\Windows\System\fnAcZRC.exe
  C:\Windows\System\fnAcZRC.exe
  2⤵
  PID:8488
- C:\Windows\System\ODMeaLu.exe
  C:\Windows\System\ODMeaLu.exe
  2⤵
  PID:8508
- C:\Windows\System\tVtQINI.exe
  C:\Windows\System\tVtQINI.exe
  2⤵
  PID:8524
- C:\Windows\System\CccKiDA.exe
  C:\Windows\System\CccKiDA.exe
  2⤵
  PID:8540
- C:\Windows\System\LoABtew.exe
  C:\Windows\System\LoABtew.exe
  2⤵
  PID:8556
- C:\Windows\System\OsoIzcX.exe
  C:\Windows\System\OsoIzcX.exe
  2⤵
  PID:8580
- C:\Windows\System\WfdDdFF.exe
  C:\Windows\System\WfdDdFF.exe
  2⤵
  PID:8600
- C:\Windows\System\ZtRlqba.exe
  C:\Windows\System\ZtRlqba.exe
  2⤵
  PID:8616
- C:\Windows\System\ecSiXcv.exe
  C:\Windows\System\ecSiXcv.exe
  2⤵
  PID:8632
- C:\Windows\System\ggWaYLq.exe
  C:\Windows\System\ggWaYLq.exe
  2⤵
  PID:8648
- C:\Windows\System\ozWCHnV.exe
  C:\Windows\System\ozWCHnV.exe
  2⤵
  PID:8664
- C:\Windows\System\FIPHaMv.exe
  C:\Windows\System\FIPHaMv.exe
  2⤵
  PID:8688
- C:\Windows\System\vStXzpK.exe
  C:\Windows\System\vStXzpK.exe
  2⤵
  PID:8708
- C:\Windows\System\lvVBKVA.exe
  C:\Windows\System\lvVBKVA.exe
  2⤵
  PID:8724
- C:\Windows\System\VOjMOWl.exe
  C:\Windows\System\VOjMOWl.exe
  2⤵
  PID:8744
- C:\Windows\System\iGuReYk.exe
  C:\Windows\System\iGuReYk.exe
  2⤵
  PID:8760
- C:\Windows\System\eGzueek.exe
  C:\Windows\System\eGzueek.exe
  2⤵
  PID:8784
- C:\Windows\System\ZTxnCXW.exe
  C:\Windows\System\ZTxnCXW.exe
  2⤵
  PID:8800
- C:\Windows\System\QqErKhn.exe
  C:\Windows\System\QqErKhn.exe
  2⤵
  PID:8820
- C:\Windows\System\tydMwDi.exe
  C:\Windows\System\tydMwDi.exe
  2⤵
  PID:8836
- C:\Windows\System\AXwMyqi.exe
  C:\Windows\System\AXwMyqi.exe
  2⤵
  PID:8852
- C:\Windows\System\oygkcAN.exe
  C:\Windows\System\oygkcAN.exe
  2⤵
  PID:8868
- C:\Windows\System\danwbVx.exe
  C:\Windows\System\danwbVx.exe
  2⤵
  PID:8884
- C:\Windows\System\iUwhDbL.exe
  C:\Windows\System\iUwhDbL.exe
  2⤵
  PID:8900
- C:\Windows\System\BFwnpNJ.exe
  C:\Windows\System\BFwnpNJ.exe
  2⤵
  PID:8920
- C:\Windows\System\aTcwqeL.exe
  C:\Windows\System\aTcwqeL.exe
  2⤵
  PID:8936
- C:\Windows\System\RoUbNDs.exe
  C:\Windows\System\RoUbNDs.exe
  2⤵
  PID:8952
- C:\Windows\System\KVqgzZH.exe
  C:\Windows\System\KVqgzZH.exe
  2⤵
  PID:8968
- C:\Windows\System\btaPffw.exe
  C:\Windows\System\btaPffw.exe
  2⤵
  PID:9000
- C:\Windows\System\OyREswi.exe
  C:\Windows\System\OyREswi.exe
  2⤵
  PID:9020
- C:\Windows\System\zQmffmd.exe
  C:\Windows\System\zQmffmd.exe
  2⤵
  PID:9036
- C:\Windows\System\ktJIKnx.exe
  C:\Windows\System\ktJIKnx.exe
  2⤵
  PID:9052
- C:\Windows\System\wVRfffY.exe
  C:\Windows\System\wVRfffY.exe
  2⤵
  PID:9068
- C:\Windows\System\qPRzjkA.exe
  C:\Windows\System\qPRzjkA.exe
  2⤵
  PID:9084
- C:\Windows\System\czCpbyC.exe
  C:\Windows\System\czCpbyC.exe
  2⤵
  PID:9100
- C:\Windows\System\JBafoTi.exe
  C:\Windows\System\JBafoTi.exe
  2⤵
  PID:9116
- C:\Windows\System\nWqkPLm.exe
  C:\Windows\System\nWqkPLm.exe
  2⤵
  PID:9136
- C:\Windows\System\PoLTAHM.exe
  C:\Windows\System\PoLTAHM.exe
  2⤵
  PID:9152
- C:\Windows\System\WQLSkkl.exe
  C:\Windows\System\WQLSkkl.exe
  2⤵
  PID:9168
- C:\Windows\System\qdIRRLh.exe
  C:\Windows\System\qdIRRLh.exe
  2⤵
  PID:9200
- C:\Windows\System\rRXbflO.exe
  C:\Windows\System\rRXbflO.exe
  2⤵
  PID:7560
- C:\Windows\System\CSYaEtj.exe
  C:\Windows\System\CSYaEtj.exe
  2⤵
  PID:8224
- C:\Windows\System\NxsAGoS.exe
  C:\Windows\System\NxsAGoS.exe
  2⤵
  PID:8016
- C:\Windows\System\jiqgzum.exe
  C:\Windows\System\jiqgzum.exe
  2⤵
  PID:8292
- C:\Windows\System\eTmhSKu.exe
  C:\Windows\System\eTmhSKu.exe
  2⤵
  PID:8356
- C:\Windows\System\KeBfygb.exe
  C:\Windows\System\KeBfygb.exe
  2⤵
  PID:8420
- C:\Windows\System\kDrcDzs.exe
  C:\Windows\System\kDrcDzs.exe
  2⤵
  PID:8480
- C:\Windows\System\oDkvLQY.exe
  C:\Windows\System\oDkvLQY.exe
  2⤵
  PID:7636
- C:\Windows\System\YllzuTn.exe
  C:\Windows\System\YllzuTn.exe
  2⤵
  PID:7800
- C:\Windows\System\OUekbDV.exe
  C:\Windows\System\OUekbDV.exe
  2⤵
  PID:7352
- C:\Windows\System\YrlzJYj.exe
  C:\Windows\System\YrlzJYj.exe
  2⤵
  PID:8484
- C:\Windows\System\sHExFdu.exe
  C:\Windows\System\sHExFdu.exe
  2⤵
  PID:8272
- C:\Windows\System\IfNIqMt.exe
  C:\Windows\System\IfNIqMt.exe
  2⤵
  PID:8336
- C:\Windows\System\bqLcyoP.exe
  C:\Windows\System\bqLcyoP.exe
  2⤵
  PID:8400
- C:\Windows\System\wfYLUOu.exe
  C:\Windows\System\wfYLUOu.exe
  2⤵
  PID:8464
- C:\Windows\System\nVMmpPF.exe
  C:\Windows\System\nVMmpPF.exe
  2⤵
  PID:8588
- C:\Windows\System\KVukZwm.exe
  C:\Windows\System\KVukZwm.exe
  2⤵
  PID:8628
- C:\Windows\System\BdSniKq.exe
  C:\Windows\System\BdSniKq.exe
  2⤵
  PID:8568
- C:\Windows\System\fTelMPL.exe
  C:\Windows\System\fTelMPL.exe
  2⤵
  PID:8572
- C:\Windows\System\jIGvHPM.exe
  C:\Windows\System\jIGvHPM.exe
  2⤵
  PID:8640
- C:\Windows\System\EpsmvIe.exe
  C:\Windows\System\EpsmvIe.exe
  2⤵
  PID:8700
- C:\Windows\System\kKAvRSV.exe
  C:\Windows\System\kKAvRSV.exe
  2⤵
  PID:8740
- C:\Windows\System\CFvwstK.exe
  C:\Windows\System\CFvwstK.exe
  2⤵
  PID:8768
- C:\Windows\System\XnKaDbz.exe
  C:\Windows\System\XnKaDbz.exe
  2⤵
  PID:8844
- C:\Windows\System\GmkXvsK.exe
  C:\Windows\System\GmkXvsK.exe
  2⤵
  PID:8908
- C:\Windows\System\QWvKVQe.exe
  C:\Windows\System\QWvKVQe.exe
  2⤵
  PID:8976
- C:\Windows\System\ADeauCi.exe
  C:\Windows\System\ADeauCi.exe
  2⤵
  PID:8796
- C:\Windows\System\XQeDPKf.exe
  C:\Windows\System\XQeDPKf.exe
  2⤵
  PID:8864
- C:\Windows\System\YoKlXCd.exe
  C:\Windows\System\YoKlXCd.exe
  2⤵
  PID:8932
- C:\Windows\System\yarVsys.exe
  C:\Windows\System\yarVsys.exe
  2⤵
  PID:8992
- C:\Windows\System\PsDoPWv.exe
  C:\Windows\System\PsDoPWv.exe
  2⤵
  PID:8980
- C:\Windows\System\ObGVAyW.exe
  C:\Windows\System\ObGVAyW.exe
  2⤵
  PID:9016
- C:\Windows\System\xZwignj.exe
  C:\Windows\System\xZwignj.exe
  2⤵
  PID:9048
- C:\Windows\System\zAzZTQF.exe
  C:\Windows\System\zAzZTQF.exe
  2⤵
  PID:9096
- C:\Windows\System\PpcaUgh.exe
  C:\Windows\System\PpcaUgh.exe
  2⤵
  PID:9184
- C:\Windows\System\ENyAYmt.exe
  C:\Windows\System\ENyAYmt.exe
  2⤵
  PID:9208
- C:\Windows\System\OvfSLxU.exe
  C:\Windows\System\OvfSLxU.exe
  2⤵
  PID:8352
- C:\Windows\System\Cwwhwpn.exe
  C:\Windows\System\Cwwhwpn.exe
  2⤵
  PID:9196
- C:\Windows\System\RDkgLqH.exe
  C:\Windows\System\RDkgLqH.exe
  2⤵
  PID:8368
- C:\Windows\System\YakkYnm.exe
  C:\Windows\System\YakkYnm.exe
  2⤵
  PID:8468
- C:\Windows\System\XxGLkiW.exe
  C:\Windows\System\XxGLkiW.exe
  2⤵
  PID:8308
- C:\Windows\System\LCOtbdC.exe
  C:\Windows\System\LCOtbdC.exe
  2⤵
  PID:7948
- C:\Windows\System\wBIdnwm.exe
  C:\Windows\System\wBIdnwm.exe
  2⤵
  PID:8624
- C:\Windows\System\IsjjFoM.exe
  C:\Windows\System\IsjjFoM.exe
  2⤵
  PID:8372
- C:\Windows\System\ORRcPYd.exe
  C:\Windows\System\ORRcPYd.exe
  2⤵
  PID:8684
- C:\Windows\System\nahYfsv.exe
  C:\Windows\System\nahYfsv.exe
  2⤵
  PID:8880
- C:\Windows\System\JxukDpi.exe
  C:\Windows\System\JxukDpi.exe
  2⤵
  PID:8928
- C:\Windows\System\gAHJAwY.exe
  C:\Windows\System\gAHJAwY.exe
  2⤵
  PID:9064
- C:\Windows\System\TjHRneP.exe
  C:\Windows\System\TjHRneP.exe
  2⤵
  PID:8500
- C:\Windows\System\SNYZsto.exe
  C:\Windows\System\SNYZsto.exe
  2⤵
  PID:9176
- C:\Windows\System\XGMpYst.exe
  C:\Windows\System\XGMpYst.exe
  2⤵
  PID:8780
- C:\Windows\System\eCcOFkj.exe
  C:\Windows\System\eCcOFkj.exe
  2⤵
  PID:8944
- C:\Windows\System\UQfWDyM.exe
  C:\Windows\System\UQfWDyM.exe
  2⤵
  PID:9108
- C:\Windows\System\YWvnlgS.exe
  C:\Windows\System\YWvnlgS.exe
  2⤵
  PID:9124
- C:\Windows\System\yjMlgkm.exe
  C:\Windows\System\yjMlgkm.exe
  2⤵
  PID:8388
- C:\Windows\System\VuxdiHQ.exe
  C:\Windows\System\VuxdiHQ.exe
  2⤵
  PID:8596
- C:\Windows\System\NGqXPJR.exe
  C:\Windows\System\NGqXPJR.exe
  2⤵
  PID:8720
- C:\Windows\System\KJWZQpI.exe
  C:\Windows\System\KJWZQpI.exe
  2⤵
  PID:8536
- C:\Windows\System\yNjvpKl.exe
  C:\Windows\System\yNjvpKl.exe
  2⤵
  PID:8520
- C:\Windows\System\QCDmkHp.exe
  C:\Windows\System\QCDmkHp.exe
  2⤵
  PID:8736
- C:\Windows\System\kHcJamV.exe
  C:\Windows\System\kHcJamV.exe
  2⤵
  PID:8816
- C:\Windows\System\TIjRSwv.exe
  C:\Windows\System\TIjRSwv.exe
  2⤵
  PID:8860
- C:\Windows\System\DbmPwUl.exe
  C:\Windows\System\DbmPwUl.exe
  2⤵
  PID:9080
- C:\Windows\System\vgExAkZ.exe
  C:\Windows\System\vgExAkZ.exe
  2⤵
  PID:7736
- C:\Windows\System\BywukNh.exe
  C:\Windows\System\BywukNh.exe
  2⤵
  PID:8124
- C:\Windows\System\cMlRftL.exe
  C:\Windows\System\cMlRftL.exe
  2⤵
  PID:9164
- C:\Windows\System\FfomFlx.exe
  C:\Windows\System\FfomFlx.exe
  2⤵
  PID:7716
- C:\Windows\System\ueedvry.exe
  C:\Windows\System\ueedvry.exe
  2⤵
  PID:8660
- C:\Windows\System\CsuKcGf.exe
  C:\Windows\System\CsuKcGf.exe
  2⤵
  PID:8672
- C:\Windows\System\iEkxEtP.exe
  C:\Windows\System\iEkxEtP.exe
  2⤵
  PID:8964
- C:\Windows\System\zNPboYy.exe
  C:\Windows\System\zNPboYy.exe
  2⤵
  PID:9012
- C:\Windows\System\QnMwAvS.exe
  C:\Windows\System\QnMwAvS.exe
  2⤵
  PID:8260
- C:\Windows\System\RyRhCuL.exe
  C:\Windows\System\RyRhCuL.exe
  2⤵
  PID:8452
- C:\Windows\System\WDRQPWl.exe
  C:\Windows\System\WDRQPWl.exe
  2⤵
  PID:9008
- C:\Windows\System\gHtYjCv.exe
  C:\Windows\System\gHtYjCv.exe
  2⤵
  PID:1000
- C:\Windows\System\pNqvybk.exe
  C:\Windows\System\pNqvybk.exe
  2⤵
  PID:6564
- C:\Windows\System\OBOnsoU.exe
  C:\Windows\System\OBOnsoU.exe
  2⤵
  PID:9224
- C:\Windows\System\LQRVDsr.exe
  C:\Windows\System\LQRVDsr.exe
  2⤵
  PID:9240
- C:\Windows\System\lMtoqpy.exe
  C:\Windows\System\lMtoqpy.exe
  2⤵
  PID:9256
- C:\Windows\System\tXAZXGn.exe
  C:\Windows\System\tXAZXGn.exe
  2⤵
  PID:9272
- C:\Windows\System\zrsxais.exe
  C:\Windows\System\zrsxais.exe
  2⤵
  PID:9288
- C:\Windows\System\QFqgtQQ.exe
  C:\Windows\System\QFqgtQQ.exe
  2⤵
  PID:9304
- C:\Windows\System\rFcRuNW.exe
  C:\Windows\System\rFcRuNW.exe
  2⤵
  PID:9320
- C:\Windows\System\sABVqly.exe
  C:\Windows\System\sABVqly.exe
  2⤵
  PID:9336
- C:\Windows\System\mcXKhjp.exe
  C:\Windows\System\mcXKhjp.exe
  2⤵
  PID:9352
- C:\Windows\System\FDpRxjV.exe
  C:\Windows\System\FDpRxjV.exe
  2⤵
  PID:9368
- C:\Windows\System\LcgJxLX.exe
  C:\Windows\System\LcgJxLX.exe
  2⤵
  PID:9384
- C:\Windows\System\aQJNash.exe
  C:\Windows\System\aQJNash.exe
  2⤵
  PID:9400
- C:\Windows\System\nySkJSh.exe
  C:\Windows\System\nySkJSh.exe
  2⤵
  PID:9416
- C:\Windows\System\uEeOdaY.exe
  C:\Windows\System\uEeOdaY.exe
  2⤵
  PID:9436
- C:\Windows\System\GaUAZci.exe
  C:\Windows\System\GaUAZci.exe
  2⤵
  PID:9484
- C:\Windows\System\IGhNbbz.exe
  C:\Windows\System\IGhNbbz.exe
  2⤵
  PID:9500
- C:\Windows\System\cSQqbqN.exe
  C:\Windows\System\cSQqbqN.exe
  2⤵
  PID:9532
- C:\Windows\System\XcQXZni.exe
  C:\Windows\System\XcQXZni.exe
  2⤵
  PID:9548
- C:\Windows\System\cqLTIWo.exe
  C:\Windows\System\cqLTIWo.exe
  2⤵
  PID:9564
- C:\Windows\System\qsGJMVw.exe
  C:\Windows\System\qsGJMVw.exe
  2⤵
  PID:9584
- C:\Windows\System\GuAPUBC.exe
  C:\Windows\System\GuAPUBC.exe
  2⤵
  PID:9600
- C:\Windows\System\hgoXfuu.exe
  C:\Windows\System\hgoXfuu.exe
  2⤵
  PID:9616
- C:\Windows\System\JWGxKlS.exe
  C:\Windows\System\JWGxKlS.exe
  2⤵
  PID:9636
- C:\Windows\System\wfPFmLv.exe
  C:\Windows\System\wfPFmLv.exe
  2⤵
  PID:9652
- C:\Windows\System\YXYBsps.exe
  C:\Windows\System\YXYBsps.exe
  2⤵
  PID:9680
- C:\Windows\System\ZGWJNMm.exe
  C:\Windows\System\ZGWJNMm.exe
  2⤵
  PID:9696
- C:\Windows\System\XBLVXMt.exe
  C:\Windows\System\XBLVXMt.exe
  2⤵
  PID:9712
- C:\Windows\System\gtPTXin.exe
  C:\Windows\System\gtPTXin.exe
  2⤵
  PID:9728
- C:\Windows\System\KpslxET.exe
  C:\Windows\System\KpslxET.exe
  2⤵
  PID:9744
- C:\Windows\System\FAvySod.exe
  C:\Windows\System\FAvySod.exe
  2⤵
  PID:9768
- C:\Windows\System\byVdZEM.exe
  C:\Windows\System\byVdZEM.exe
  2⤵
  PID:9784
- C:\Windows\System\PmPcybG.exe
  C:\Windows\System\PmPcybG.exe
  2⤵
  PID:9800
- C:\Windows\System\jYeHSXG.exe
  C:\Windows\System\jYeHSXG.exe
  2⤵
  PID:9816
- C:\Windows\System\caPOhvc.exe
  C:\Windows\System\caPOhvc.exe
  2⤵
  PID:9832
- C:\Windows\System\qhAiFHg.exe
  C:\Windows\System\qhAiFHg.exe
  2⤵
  PID:9848
- C:\Windows\System\VOzPLxj.exe
  C:\Windows\System\VOzPLxj.exe
  2⤵
  PID:9864
- C:\Windows\System\BZXNUZF.exe
  C:\Windows\System\BZXNUZF.exe
  2⤵
  PID:9880
- C:\Windows\System\QKIbTJH.exe
  C:\Windows\System\QKIbTJH.exe
  2⤵
  PID:9896
- C:\Windows\System\FEVWUCL.exe
  C:\Windows\System\FEVWUCL.exe
  2⤵
  PID:9912
- C:\Windows\System\noZhXNf.exe
  C:\Windows\System\noZhXNf.exe
  2⤵
  PID:9928
- C:\Windows\System\oLQEUtS.exe
  C:\Windows\System\oLQEUtS.exe
  2⤵
  PID:9948
- C:\Windows\System\nrjNlmG.exe
  C:\Windows\System\nrjNlmG.exe
  2⤵
  PID:9964
- C:\Windows\System\eqLJdnn.exe
  C:\Windows\System\eqLJdnn.exe
  2⤵
  PID:9980
- C:\Windows\System\qdRCcQy.exe
  C:\Windows\System\qdRCcQy.exe
  2⤵
  PID:9996
- C:\Windows\System\iEddmCj.exe
  C:\Windows\System\iEddmCj.exe
  2⤵
  PID:10012
- C:\Windows\System\xWzLPbx.exe
  C:\Windows\System\xWzLPbx.exe
  2⤵
  PID:10028
- C:\Windows\System\AOJcBVu.exe
  C:\Windows\System\AOJcBVu.exe
  2⤵
  PID:10044
- C:\Windows\System\kzhIUag.exe
  C:\Windows\System\kzhIUag.exe
  2⤵
  PID:10060
- C:\Windows\System\sCCpKQZ.exe
  C:\Windows\System\sCCpKQZ.exe
  2⤵
  PID:10080
- C:\Windows\System\pZdcUoX.exe
  C:\Windows\System\pZdcUoX.exe
  2⤵
  PID:10096
- C:\Windows\System\qPDnmjF.exe
  C:\Windows\System\qPDnmjF.exe
  2⤵
  PID:10112
- C:\Windows\System\LvFNgBw.exe
  C:\Windows\System\LvFNgBw.exe
  2⤵
  PID:10128
- C:\Windows\System\AzomUwp.exe
  C:\Windows\System\AzomUwp.exe
  2⤵
  PID:10144
- C:\Windows\System\OtOPkNZ.exe
  C:\Windows\System\OtOPkNZ.exe
  2⤵
  PID:10160
- C:\Windows\System\dXwTiKK.exe
  C:\Windows\System\dXwTiKK.exe
  2⤵
  PID:10176
- C:\Windows\System\LGhgqfy.exe
  C:\Windows\System\LGhgqfy.exe
  2⤵
  PID:10192
- C:\Windows\System\avJuvuS.exe
  C:\Windows\System\avJuvuS.exe
  2⤵
  PID:10208
- C:\Windows\System\jStJwNm.exe
  C:\Windows\System\jStJwNm.exe
  2⤵
  PID:10228
- C:\Windows\System\rLZLEXw.exe
  C:\Windows\System\rLZLEXw.exe
  2⤵
  PID:7968
- C:\Windows\System\WpwISPh.exe
  C:\Windows\System\WpwISPh.exe
  2⤵
  PID:9284
- C:\Windows\System\EkHElkX.exe
  C:\Windows\System\EkHElkX.exe
  2⤵
  PID:8832
- C:\Windows\System\gcxEMxf.exe
  C:\Windows\System\gcxEMxf.exe
  2⤵
  PID:9376
- C:\Windows\System\rCWhWod.exe
  C:\Windows\System\rCWhWod.exe
  2⤵
  PID:9264
- C:\Windows\System\rgVvene.exe
  C:\Windows\System\rgVvene.exe
  2⤵
  PID:9396
- C:\Windows\System\eSLCYFy.exe
  C:\Windows\System\eSLCYFy.exe
  2⤵
  PID:9392
- C:\Windows\System\IzMnaPT.exe
  C:\Windows\System\IzMnaPT.exe
  2⤵
  PID:9332
- C:\Windows\System\yaTGizq.exe
  C:\Windows\System\yaTGizq.exe
  2⤵
  PID:9456
- C:\Windows\System\JHfMOOv.exe
  C:\Windows\System\JHfMOOv.exe
  2⤵
  PID:9476
- C:\Windows\System\cmQonvO.exe
  C:\Windows\System\cmQonvO.exe
  2⤵
  PID:9492
- C:\Windows\System\PXmxpaY.exe
  C:\Windows\System\PXmxpaY.exe
  2⤵
  PID:9472
- C:\Windows\System\KuqEIQj.exe
  C:\Windows\System\KuqEIQj.exe
  2⤵
  PID:9556
- C:\Windows\System\uobSBZA.exe
  C:\Windows\System\uobSBZA.exe
  2⤵
  PID:9592
- C:\Windows\System\EqTLpnD.exe
  C:\Windows\System\EqTLpnD.exe
  2⤵
  PID:9596
- C:\Windows\System\KoUpcHm.exe
  C:\Windows\System\KoUpcHm.exe
  2⤵
  PID:9644
- C:\Windows\System\pbiPKYs.exe
  C:\Windows\System\pbiPKYs.exe
  2⤵
  PID:9668
- C:\Windows\System\ELfEmVO.exe
  C:\Windows\System\ELfEmVO.exe
  2⤵
  PID:9708
- C:\Windows\System\CuCvKOB.exe
  C:\Windows\System\CuCvKOB.exe
  2⤵
  PID:9776
- C:\Windows\System\eIOJWdd.exe
  C:\Windows\System\eIOJWdd.exe
  2⤵
  PID:9736
- C:\Windows\System\wgmxpmw.exe
  C:\Windows\System\wgmxpmw.exe
  2⤵
  PID:9876
- C:\Windows\System\XrHZWHC.exe
  C:\Windows\System\XrHZWHC.exe
  2⤵
  PID:9940
- C:\Windows\System\LfuCnjO.exe
  C:\Windows\System\LfuCnjO.exe
  2⤵
  PID:10004
- C:\Windows\System\FbrjUyw.exe
  C:\Windows\System\FbrjUyw.exe
  2⤵
  PID:10068
- C:\Windows\System\jUdPsIO.exe
  C:\Windows\System\jUdPsIO.exe
  2⤵
  PID:10108
- C:\Windows\System\NAPxEBz.exe
  C:\Windows\System\NAPxEBz.exe
  2⤵
  PID:10172
- C:\Windows\System\joXuwlZ.exe
  C:\Windows\System\joXuwlZ.exe
  2⤵
  PID:9752
- C:\Windows\System\qyhlTVJ.exe
  C:\Windows\System\qyhlTVJ.exe
  2⤵
  PID:9792
- C:\Windows\System\GlBIpOC.exe
  C:\Windows\System\GlBIpOC.exe
  2⤵
  PID:9856
- C:\Windows\System\EaSJLyx.exe
  C:\Windows\System\EaSJLyx.exe
  2⤵
  PID:9920
- C:\Windows\System\tRlTiWC.exe
  C:\Windows\System\tRlTiWC.exe
  2⤵
  PID:9988
- C:\Windows\System\kotQJta.exe
  C:\Windows\System\kotQJta.exe
  2⤵
  PID:10056
- C:\Windows\System\iXYsWFv.exe
  C:\Windows\System\iXYsWFv.exe
  2⤵
  PID:10152
- C:\Windows\System\QThZEme.exe
  C:\Windows\System\QThZEme.exe
  2⤵
  PID:10216
- C:\Windows\System\FVbhqBJ.exe
  C:\Windows\System\FVbhqBJ.exe
  2⤵
  PID:10088
- C:\Windows\System\ptNglsa.exe
  C:\Windows\System\ptNglsa.exe
  2⤵
  PID:9344
- C:\Windows\System\SGxOtcH.exe
  C:\Windows\System\SGxOtcH.exe
  2⤵
  PID:8756
- C:\Windows\System\kqqryJt.exe
  C:\Windows\System\kqqryJt.exe
  2⤵
  PID:9412
- C:\Windows\System\HTXquGN.exe
  C:\Windows\System\HTXquGN.exe
  2⤵
  PID:9300
- C:\Windows\System\pLgdCVm.exe
  C:\Windows\System\pLgdCVm.exe
  2⤵
  PID:9496
- C:\Windows\System\wFQBLsK.exe
  C:\Windows\System\wFQBLsK.exe
  2⤵
  PID:9576
- C:\Windows\System\FMmmTTY.exe
  C:\Windows\System\FMmmTTY.exe
  2⤵
  PID:9540
- C:\Windows\System\xEuSAzo.exe
  C:\Windows\System\xEuSAzo.exe
  2⤵
  PID:9632
- C:\Windows\System\KyFcLuY.exe
  C:\Windows\System\KyFcLuY.exe
  2⤵
  PID:9812
- C:\Windows\System\qcNrmBD.exe
  C:\Windows\System\qcNrmBD.exe
  2⤵
  PID:10036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CyZqgmu.exe

Filesize
5.9MB

MD5
483655540889c3375c498f1ef96742b8

SHA1
f0e66ec3c6a689593e90563e7a1068debc46b305

SHA256
d3c779e05e62bd3570aaa7c94b599486491a933b4714efdbbc68a15d7c5dd449

SHA512
784aa1976135966d7f3df33c7b6f0533e7300db085530e1d03c969aa853b81e75c9c95e266de7c98d40ca9ed321c5fc2325da9b31729bf350db57cd160a6ea52

Download Submit
C:\Windows\system\FubTpxi.exe

Filesize
5.9MB

MD5
f2787d04cd8aafb3978b35c5bc16c272

SHA1
3542f3243d80f1002d2229f715ad114bee14da98

SHA256
a0bca6edb3f3b09391a1251a3d85e8aae9f7497e19b665ae8c2bf46bac758771

SHA512
eab676bc3c31bcd88725205187b53d552f30d614ca5416477a32296305c6e550aecdaa00441689dc5838b4d963600f2707e496c448118f1144476816fd23abe1

Download Submit
C:\Windows\system\Jicpuzs.exe

Filesize
5.9MB

MD5
2a4d5860fb6a697fa82ca9669d711b18

SHA1
34380f0ddb6b4fe84ad14259d13ec314fb3c92c6

SHA256
d4c76b67fd0ab65a4e77ebc7ee3f367b430f45d8903d450098274606f0f3a803

SHA512
fcdacadb8a51cedaef72d19ed7120a95205bf7f5acd35b361beb0ab5b9bb18ba61c8c68a6d059587550e16afd7dddc0e4edcb3617603c54abdc1b40d7f4b76b6

Download Submit
C:\Windows\system\XwZkpXV.exe

Filesize
5.9MB

MD5
163c40a592cbd1e7f489a83429810837

SHA1
014fdc0f87236e39682214d6fb6b839ec088bdd8

SHA256
c40ba73f4e7427b39675151460191b6187d77766054eec09912821ee11d54856

SHA512
41f1f99066a07e35811c472d60d67ad47e1988282b8ed74526485332321962711dd6fa8a84711e12abcf2614c0fbd5ce76ba9f27fdf2821652562038218c45a2

Download Submit
C:\Windows\system\dTjQSWt.exe

Filesize
5.9MB

MD5
dde985825881647621eeb9f0f2104e6e

SHA1
dcad025b67968f826b388b7476f823f35a1fc965

SHA256
81fde3c0ddcdfcc51525f083e26aa744850fdce63c337429458c3b8a41225201

SHA512
77e222deea982b6a5ee9e46d1d6aa360f6dd914a6a7752a84979dd9ec4f101b3e123438240932818f5587f60cd2e911d11c002679fc3aff86006fbef882f9451

Download Submit
C:\Windows\system\eqUIRoL.exe

Filesize
5.9MB

MD5
b25c39200adc263b5a8259682046ecce

SHA1
429a832fddb5efca614144757ab52d544d8dabb0

SHA256
73295f750a3fd55cc46337458769f0347ba0ac5876c49788e9d5bb1f19711f63

SHA512
bd70361f475e02fce5805b14e304bde964fe13a23010b89fda3e51f892d06409fdcb0a3b9c5beb85583314f5694323357cb77ac266716c43c082503552b7dd3f

Download Submit
C:\Windows\system\gYlnZxs.exe

Filesize
5.9MB

MD5
28d0d14fa92cd895db0d931173c52419

SHA1
f5916489022d15faf880a65c4d0aac046d270ad6

SHA256
4ea89e4e355cd5225b843241c44e242149eb7e26a5810a2ed4f189480c537e5b

SHA512
006037d65280cfa9c6328ddc63eef084e1ec1ecc2b717603ab7472755df6bd178442d21aeca3f58afa17d4bf893064297fbfb764f2c74a58ea22d660afdceba6

Download Submit
C:\Windows\system\gnOyDcv.exe

Filesize
5.9MB

MD5
835cea32c63c661c2431bacc0e55fde4

SHA1
44539f765808058e878184dd3ed34557d3fc2844

SHA256
ec2882e4131ebf5fee0e989b01132552eb40381ca144d63ba58bbc7080a57938

SHA512
c57dd8396ec7105b9e1cbb6eb14bd2de38143a6776747177e65d02788049ffdba63da9bf989861972636d512969c0ff01dcd3ba547a4b08064b298caf9ab966d

Download Submit
C:\Windows\system\irCjwon.exe

Filesize
5.9MB

MD5
de665c9b568f7cddda665deee839d433

SHA1
5ca0e834505bbf262b20a5b1c3a46de60a908585

SHA256
afbe7d50fdf6e9cd116434dbf0fc3e00b2fd146d74a7c0d3a187128becde399f

SHA512
03b91bd12c88f103f58f716e2cbad91900f0acd5a20882c79bc17413582f886d4e56165d634a5adb84d59c0701b4b8277a811ca22abd43b4f7243d33cadf69c1

Download Submit
C:\Windows\system\jWVtevE.exe

Filesize
5.9MB

MD5
82d20c4a544c7071424e067a93fc68c9

SHA1
d01b1139883719ab1cdd4251106632aeda06a9d1

SHA256
97522c96e009a4ca071e926e3b53738578c7d90e28a102973f0f2ecb36e4b72b

SHA512
7ed737c49f1c2b99bc61c46f550dc984f1237190e1c652b8f28657fb5cf9eec53c9977c8870bec9a4af7dddf27299fa4a3cef8a23ee395017e2282fda4f947c1

Download Submit
C:\Windows\system\kxQLKkw.exe

Filesize
5.9MB

MD5
3179b588537e76c1cf189c8d9289d8b7

SHA1
f3b7f4a9f0caac0151da422a09d74ac1beeefac8

SHA256
efeca8de684e62e1e51829ae24b58ee6727c6737cf266c37c8b2dbdce16c0e8b

SHA512
f7ed2a43a061532d9b88cb29860eb1ec9fbc308353f86b0d7212a5e10b4095907bbb8b3e27ed9b99a1e898976dd34076f05a0495fd1a43de89106094502f85f9

Download Submit
C:\Windows\system\msrcBBu.exe

Filesize
5.9MB

MD5
980e23439599ffb89926c4b7be294143

SHA1
dbb35b94734b47c6a774c7fa54464c58e4959bc6

SHA256
bb9d1fd9b2b696bc38f2dee8f38bdcf0454d9b7b4a01e408f753b8a35fa6d598

SHA512
6de25a1673c8e6abe9e47526b3130dda58de9fb8f6c0bf61d665e92a10dc939ff1650013859a89213dc8af5afcb769409252c505cccd4cc05388ffd38cccee6c

Download Submit
C:\Windows\system\ntTVNqE.exe

Filesize
5.9MB

MD5
3b1643b26470584ff99eaece621bc383

SHA1
7afe5910d37009d30b2deee20c4498d15e2858bf

SHA256
54d26315043dc492cde732bbb0eef062c6c9bff16adae929929bfab2fb01a04f

SHA512
9c9d998b9bc26c898b701cccc1922d9e71f2c898001c1b7634ead0c775c863a7676d149fbc882a06f869ab264d01a72cccdae4c40a428bba383f9e71d5d0d23a

Download Submit
C:\Windows\system\oZyGTJH.exe

Filesize
5.9MB

MD5
911ff5b6efad01da3209d51a497cf431

SHA1
b6113efb67f327b8b43138b355fd9a8053b1e171

SHA256
1ad58695f5d987d5ea8f965cfceb4a0db865f698c7de2ee4c7779903fdff08d4

SHA512
5f794e1824afe14a9584ccdedbac006fb50206dd39134d65689aa9d23802a75211fe47378231fec0a5a457d0b5d0fe707053fc5a3f76ac93c5f2bc57ba96c7d6

Download Submit
C:\Windows\system\pupCEqZ.exe

Filesize
5.9MB

MD5
e9765381e0d7688ab123b870f06cae38

SHA1
f9c225ff354cf97af597f34ed51747891673b752

SHA256
01c09263f3c9c9ee2907d0ebb2769e27b36c6627888ef027c34eb73851aa368d

SHA512
e8a5ce8ca83fe93ded0b9edbba4403f594eb343c91b8d85c0b80c580535981f566970deb20f86f6a266457d1d0c4f55071ccfe7a5b6b8673d44bf64281e7fb96

Download Submit
C:\Windows\system\rLVHXcd.exe

Filesize
5.9MB

MD5
6d0c0523460c6cc8e30795c0e7be80da

SHA1
b6bcd8d7a4ae306504c735d134c598941adac030

SHA256
ea979562d06affe66a1bab9e68e81362a9b49ff76cce32144b8e2ccf5ba7a6fe

SHA512
aeca16a24f2ffb1391eedc2a998fe50ff121f6f29282b1f645600c6c56d17a5f3704c52389621638905c39b85cd56789b9600dab4711e06c078b95f053470cb3

Download Submit
C:\Windows\system\souvVzZ.exe

Filesize
5.9MB

MD5
b165bbdbd9b5b609653ce7f900ebe994

SHA1
a74c3fc28334353bc4c75c597e3345ec7f288f54

SHA256
af2b2aadafe668cfddd411fbf0104df108f32d6e4ebe410acbb1c866d5dc81ff

SHA512
f0cb00d08efeabbdd69d4a8eafd84965402e49cc48b070206f13e04d5bddf555c75fa6ae9d3420225d5cb105eb62e9a767d11fbccbc86a38505ede5c2a511eb4

Download Submit
\Windows\system\CjHTDnO.exe

Filesize
5.9MB

MD5
8565d4dcc60204622da2ba62cab1731b

SHA1
4ad55f2388233fb378e4a7ee91054bf1931f36b0

SHA256
8a50884cc64bda6910f189a0e48e6b13a56a9c99d4d1b0c533bf7d07fe307eba

SHA512
a141580547b4993fb37df374cb1b1f6533e54e57c6bc5bffde751daf4a1bd9cf0bca486ca984f227edc3a30a1bab70b9d1cd9d62cdcff0bc5648a90f050877f5

Download Submit
\Windows\system\DQnOhpt.exe

Filesize
5.9MB

MD5
b65fc7441822197eccbd7631766003fa

SHA1
0018e34a4edbe92a40efaaa2d86bfdb26b1d5fef

SHA256
a2b7572535ddd365b5fe2d8fe45059072485487feff3537f52d6774e8398f1e5

SHA512
610eba18bec82b3c02b6e4bb3d1671c1d301a01008fb96b7041900bae44b813ac5a8482a965bf645fbd6be722da56b317269e5eea898aa648918a373316b112f

Download Submit
\Windows\system\GFgTiYI.exe

Filesize
5.9MB

MD5
4570183920c6dda9357cbcffcf430b7d

SHA1
7da511434e3c2055728c98c3be85ff6ce8dd134f

SHA256
1b9b2e7877bdd62957d0dd59d4b6b060e4373ead5db3bc740dabb7bc74f6ff6a

SHA512
8aad85fefa8fc3d5914dfa6890797b903d0551dc3211859ecd695e764ac4c51c890527a430c1489b4918dddecaec39ac07ee6f09f66fab8b81413ca5ec7f1805

Download Submit
\Windows\system\HjRULHG.exe

Filesize
5.9MB

MD5
43b3ff7ba467212b828c7d0df3630886

SHA1
98620979a092de88ea7b44188c4d3ed8a20e2fc2

SHA256
a0da189180d43b24e8c877a34ccd03690ea93203823b8a5c41eea5995337092c

SHA512
5232efef973e6625ae5493640bc30802877ea3aa366056cc39fe78a4dd3a17203f0965de567deeb9ae176a91d33cae516db8d11a7b35067b69a10b89bfee8d5b

Download Submit
\Windows\system\NtoVHQF.exe

Filesize
5.9MB

MD5
55adb57d8e9b2d666415b4437517f471

SHA1
7a8ae690ee08717d7eeb25debf67037613e40f43

SHA256
1d7f1472455710d8c45bb12c2b157412fbc00c77bdb9eaaeb2a59091ea26e910

SHA512
54dcfb4700c91c8a4bb7e36fcbe8686c3b5e6aa4277263747f1d8bc608900ee0e2a6ab1f7c040acd741f5c6f8b3dd624f6bd81ef0f4bc6b3479cdd3f0f634279

Download Submit
\Windows\system\PmNtVyz.exe

Filesize
5.9MB

MD5
4183885a9031c4e7107fd7a320ae14ae

SHA1
90cbacb9d1c8e32e88168b88f88e6eec203ce5fc

SHA256
2738ed794b1d6dd79d338233dff4e27760e10e19269c5e5535088fc38de6d0d8

SHA512
0fb59d2ac79b002789cefbefbc27eb4f918f8030f407231ffb814b76d5963f0da400451935d734dcfd182c703a5aa79c209ad9298444b6271c9b7ec7144775a6

Download Submit
\Windows\system\RdiBauD.exe

Filesize
5.9MB

MD5
f15187c9a6a5500e0f6946a4bcd92ed8

SHA1
e2713dad0a9d6d29cc87a5d31532a0ab468f4856

SHA256
76f21e660b8957bdd2398a57bddf743b279333682da25d52708a60a78afde04f

SHA512
c6f8e9f32f004470e05a91e71fff8f6ea4e371e3dda56951d9d316b1a57e1082feb81ebc380a23db1869ad4173d22d614b70620575050be79e342105244e0638

Download Submit
\Windows\system\UAwHvbL.exe

Filesize
5.9MB

MD5
381c0827584d5c2fa686db6d558b6c92

SHA1
3579da373616a3c4038894c27f5011ae2b544f6e

SHA256
7dbb4fe0aa89d07a443e908ea5a972fb5b900f0e70b53c5a0b804baa30207b32

SHA512
7e1e550b31751adefd6e4e806ba13e12414b4fc8aaba7213ede2868ceb3c8e6e5016d615db22ffe5f7c7898519d9bedb33b81e09f76025bc49fbe6d419decae0

Download Submit
\Windows\system\URZriiR.exe

Filesize
5.9MB

MD5
7aa5fdcde41b749555c13863c80aaa9c

SHA1
5c8f09ae020aa9767424650020c1c1a1b8f4ad44

SHA256
0463b399e6ab01d074a1883adf7f62503dc0a1cbd747b61378fed8d12e6d8fa6

SHA512
3445d98621681c60ea0d56a5244eb075f92022154a6a26d2c888cfce880726eb2cf93e8e43b4f9d0aafa141958361acf9e224fde793e016a73219ce440fc3593

Download Submit
\Windows\system\UemDkxO.exe

Filesize
5.9MB

MD5
3035afb813dfc61e18a6a079c0f375bd

SHA1
9fb0f082385db5ec2d694bac295ace2445f6e652

SHA256
132d08243c7e50f42cf81441f00b3874d5362f58e6dc9d89f7b6c3d5d0e4d082

SHA512
ce857219993ac59097b320db3a0b80f5d58d6c913815d5b3b2ad6735b30c2280abca9cee0da739597728abcb8a16bf51d48d065c9931790c5b05bf42143a369b

Download Submit
\Windows\system\ZRTJldX.exe

Filesize
5.9MB

MD5
f01cd65055ca4ceee5a7c5e096c7eeb5

SHA1
bb802b0f0c1b47ab09a5ca0c969b5f45f4784467

SHA256
771e80193916357c925a52923d8875e501b194d6c922130107a09650b519acf8

SHA512
4233c2bdff483eb17cd682759ffb1d68befaf991bc409aa340045a7946ec6a82606a3f377a84d5a07581f4afd45d7bee9acd197d905437640c7b737579255ca8

Download Submit
\Windows\system\dDScOxk.exe

Filesize
5.9MB

MD5
6d36db70c21db85a3f2946f0db07a9fc

SHA1
9bd6754d0b2e5d071146459d2b0f7fc478d89ad2

SHA256
be491b5c8fd606a034ba3adf624d7426d712b97ae095b647a4dd7c13f3ace27d

SHA512
bb53b4871063fb42eb00bb124de8aabb6f5018187d50246da85f9c956b82134da5278a9c3c7b7f6f0fe258a7d43d23670a6bf1377cdb0c071a55804dfafc39df

Download Submit
\Windows\system\gSORqWD.exe

Filesize
5.9MB

MD5
51a42b25cd838c45affa0e70eb730d0f

SHA1
625470c1d92f074816d561702eeba14f18764cb1

SHA256
f57ee376ade035c6c09c5b5ee2f36e9b83c9b44015c62b055c54fdec5bb6987d

SHA512
fa8bc95da8715e7ed0b4a6e3839e87d83ad93a4dfa8835011d73eab36f880c5f9b43bd60bc5bc73dfef909677f3ff0b02c142a7de5e1c9ac9c54a74ce6add395

Download Submit
\Windows\system\iEodLCP.exe

Filesize
5.9MB

MD5
82f64a4c6cc89ec164cfd795f3e9734c

SHA1
84753b26c5aa2fe75de8fc76810f8c52af31deea

SHA256
01a7615a5d4b3e89a0f69a25a7ce722a13325b3ffe4610d88fa60b5b9f0bf6ac

SHA512
cd5647e86776251a9ff3d182fa4bc306e3a31eff5a8d0b3cb87b9aff5ebb0982fc4649eb96239892ede308e15e82d6888fd136a8a5891c851a5b3d25563ce1b9

Download Submit
\Windows\system\mzdqMdp.exe

Filesize
5.9MB

MD5
de96a55271a690288beb1ce9e973452d

SHA1
574b1f025c81f5b0c32d04337f0b0918b54d71c2

SHA256
0b0f726a4ad6d2b6335f6ab86d9ca76432e502f13c5b78aeb85f69177218307d

SHA512
a20306b202c3a4c6fa4e86a371da01317e7accb1da740762ed0e92f1dc83a9c6d96264627144842189259d7a433e75bef1d6a35aa9224c698521b9e27d2ca533

Download Submit
\Windows\system\olhvcLk.exe

Filesize
5.9MB

MD5
5161174bcc945e6f35bb2fab1fae208a

SHA1
777a49de95911aeeb92050ee982a893a85c41c8f

SHA256
7f9eca652b89a3e37884a525f907ed1a2e9f134bfed45fb1495ac24e16ccb355

SHA512
12e848505ab5d17cba81145ccc7136b5e273782266c022cd4e32be03baaab74fbcf2e15184af37cf593e20879acf9b7b838d2194fd0f46d1c2897b3392db8039

Download Submit
\Windows\system\pqowJCH.exe

Filesize
5.9MB

MD5
eeba0de9bd8b9a49a2763de1294f3d90

SHA1
6e45c823ecb0dd7694a06da70fb093626a068a1b

SHA256
c0c05e90cf1263c7a44a1b95e8410d47c98eed498917256f0822c39c69da9201

SHA512
7265be19090c5413337547e63349fa3cce41f5ad219fc5830b59d3d247159ffbc2cc5f6f15f0b224c779f9decce56beeb5662d4328fd5cdf1b97ec5bf6cdafa8

Download Submit
\Windows\system\rpBFpbo.exe

Filesize
5.9MB

MD5
89031beee8a622de162fef88c9e5d6ee

SHA1
5291105de2400e59d6e9797eab6f8cb839a59a63

SHA256
bb7a1980b8f6d2314359ac9ae6534dfefa3a66bc47c72ca1b7374343e125929e

SHA512
51f96a66bcbba80479d41db4ac5d206698fc4da45993b5524143d7fdf298f460fb3f910493f1fcdaca54ec3deacb5868b655f9af3803494286c2a31867d5c993

Download Submit
\Windows\system\vZtdsCg.exe

Filesize
5.9MB

MD5
c747a0c5d49fe5e7c3f839e768a8fcaa

SHA1
cabbce55dec755f99fd77bbfa77658ed5556f72f

SHA256
f6f21d95a400ee4a46b49a4b8955b993cc352bba2f8a50ff0e24b26aa08d40f1

SHA512
d6f0e2ed06194bbf10295a663c1c939e7911c06e4b493fa3ed13952fd8a459cf9ff57b54184f4e76477b334cd3cc20976f3bbea698829e3ddef02e93f827a830

Download Submit
\Windows\system\wrETWuz.exe

Filesize
5.9MB

MD5
af670ddbb5bd2ac72bbfafc96cbcdc90

SHA1
242e8b7c2f5bbed08bf46e97151f70aae12a6755

SHA256
d49e3a7db8d72ecf4f0f94c729c4e68f80a654f921fa608653c1507b400344fa

SHA512
0544198f4730a7550e2cb40f4231fb8e37888442068978cd4a061c604e691cc30bb9474a7e0a22dab5c879a5edc64caaf4878b15ab342768066808d9ee515d85

Download Submit
\Windows\system\zZwawSa.exe

Filesize
5.9MB

MD5
ca0335f1fb3ef8422b6e49aecfcb0dc8

SHA1
45153fe090a0367cb488946106973b226197c26b

SHA256
a0eb65b327fabc8c74caccac2df76d23a58e640585c001417aa1363d4ff37158

SHA512
e28f77629a1c6827c43f93dad0f335515760662357c7835a761efcaac81f7a0fd6408d2c4080a08352b522ba5a72c2ef74ab3a8c3593f6eb583081b171308d07

Download Submit
memory/2104-162-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1566-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1570-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1569-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1443-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-168-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1567-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2104-161-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2104-160-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-159-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1037-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-176-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2104-156-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2104-46-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-183-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2104-186-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2104-32-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2104-204-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-195-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-205-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2104-201-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2104-212-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2104-0-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1442-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1568-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-109-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3870-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-191-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3895-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3869-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2588-208-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2636-153-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3872-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2680-29-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3894-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-63-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3871-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-18-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1325-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3875-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2772-211-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3868-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3873-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2800-38-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3874-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2952-164-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download