cobaltstrike | 857fd457033224c474eef4ed538c56f3f34726bd88557704b6d7b0a3ba937a20

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

3c2a92bf79e63eb1dd6400d99b479d44
SHA1

bd9be4c6469d59eee562b0481d343c2008388dd9
SHA256

857fd457033224c474eef4ed538c56f3f34726bd88557704b6d7b0a3ba937a20
SHA512

74730c1ee1ff1244a5fbdac215c94934e7513223027bc15b69016c9022ed020cc506705492760c0e2627410b9ec6869368e6683ed33f897b09574478be8d1eeb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1992-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000c000000012252-6.dat	xmrig
behavioral1/files/0x0008000000015f6a-8.dat	xmrig
behavioral1/memory/332-15-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0007000000015fe6-20.dat	xmrig
behavioral1/memory/2360-19-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000161e4-28.dat	xmrig
behavioral1/memory/2784-29-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2840-35-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000191c9-42.dat	xmrig
behavioral1/memory/2968-41-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2796-52-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00050000000191e9-57.dat	xmrig
behavioral1/memory/2924-58-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2840-72-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2972-73-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x000500000001922a-71.dat	xmrig
behavioral1/memory/2168-106-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000500000001926c-118.dat	xmrig
behavioral1/files/0x000500000001934b-133.dat	xmrig
behavioral1/files/0x0005000000019359-138.dat	xmrig
behavioral1/files/0x0005000000019406-156.dat	xmrig
behavioral1/files/0x000500000001944b-188.dat	xmrig
behavioral1/memory/2972-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2168-895-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2992-755-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/1500-554-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000500000001944e-193.dat	xmrig
behavioral1/files/0x0005000000019456-198.dat	xmrig
behavioral1/files/0x000500000001943c-183.dat	xmrig
behavioral1/files/0x0005000000019438-178.dat	xmrig
behavioral1/files/0x000500000001942d-173.dat	xmrig
behavioral1/files/0x0005000000019418-163.dat	xmrig
behavioral1/files/0x0005000000019422-167.dat	xmrig
behavioral1/files/0x0005000000019395-153.dat	xmrig
behavioral1/files/0x0005000000019385-148.dat	xmrig
behavioral1/files/0x0005000000019377-143.dat	xmrig
behavioral1/files/0x0005000000019336-128.dat	xmrig
behavioral1/files/0x00050000000192eb-123.dat	xmrig
behavioral1/files/0x0005000000019249-113.dat	xmrig
behavioral1/memory/2716-105-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2992-97-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2924-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001923d-95.dat	xmrig
behavioral1/files/0x0005000000019246-104.dat	xmrig
behavioral1/memory/1500-88-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d84-87.dat	xmrig
behavioral1/memory/2288-83-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2968-82-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019239-81.dat	xmrig
behavioral1/memory/2716-65-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2784-64-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019211-63.dat	xmrig
behavioral1/memory/3004-54-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1992-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016308-34.dat	xmrig
behavioral1/files/0x00090000000164af-39.dat	xmrig
behavioral1/memory/3004-24-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2360-3715-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2784-3731-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2968-3755-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2972-3788-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2924-3794-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1500-3801-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
332	tiWyGKN.exe
2360	NxeNGBC.exe
3004	fSSasYe.exe
2784	UhMwuBX.exe
2840	MyVaMOw.exe
2968	sjEtpuF.exe
2796	eMXdMUZ.exe
2924	DmQOvbd.exe
2716	oCcvwHv.exe
2972	eRvZLea.exe
2288	eByWFEG.exe
1500	VBGpYFx.exe
2992	RrejYFc.exe
2168	nylEoDU.exe
796	MiZwUof.exe
2752	AcQWtOv.exe
3036	FtpxtEX.exe
760	VTRrvdV.exe
3060	wabvPBu.exe
2024	irgJdSt.exe
2220	cihhsJK.exe
884	xNddHFm.exe
2256	pJbGSAd.exe
2092	dvPxWSc.exe
1324	NoQJCff.exe
664	CFEkSJi.exe
844	KHVaPOw.exe
620	kIljhop.exe
740	AUcaJXI.exe
1600	iHnocUu.exe
1568	wgAiaTE.exe
2432	TQesExk.exe
1256	dQtQzWX.exe
2584	xCSVMZy.exe
1660	JeOoLxu.exe
556	DvWgDDN.exe
992	icOsTBv.exe
2236	dtzzdHY.exe
1988	AfmcfIW.exe
1816	AtTwAgS.exe
1736	RHHRnNP.exe
876	RYBRHag.exe
2216	fVuAJvy.exe
600	lgqoomz.exe
880	kiWIoFS.exe
2028	RxPDaQw.exe
2496	kqxJzFr.exe
2192	cposKZB.exe
1580	mdgcefC.exe
2632	iErrEDH.exe
2512	jvmTKip.exe
2876	bQEFsUC.exe
2844	iNHheyj.exe
2808	ztFXEGS.exe
2304	pMuMGWP.exe
2864	ljnXzML.exe
1936	FjBnYBy.exe
2144	rNtkwXh.exe
3056	JXBwGXp.exe
2896	UtUCstb.exe
548	XhlYQZx.exe
1268	leRxKzs.exe
2300	RlUXtXR.exe
380	jZmsULs.exe

Loads dropped DLL 64 IoCs

pid	Process
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000c000000012252-6.dat	upx
behavioral1/files/0x0008000000015f6a-8.dat	upx
behavioral1/memory/332-15-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0007000000015fe6-20.dat	upx
behavioral1/memory/2360-19-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00070000000161e4-28.dat	upx
behavioral1/memory/2784-29-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2840-35-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00060000000191c9-42.dat	upx
behavioral1/memory/2968-41-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2796-52-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00050000000191e9-57.dat	upx
behavioral1/memory/2924-58-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2840-72-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2972-73-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x000500000001922a-71.dat	upx
behavioral1/memory/2168-106-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000500000001926c-118.dat	upx
behavioral1/files/0x000500000001934b-133.dat	upx
behavioral1/files/0x0005000000019359-138.dat	upx
behavioral1/files/0x0005000000019406-156.dat	upx
behavioral1/files/0x000500000001944b-188.dat	upx
behavioral1/memory/2972-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2168-895-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2992-755-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/1500-554-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000500000001944e-193.dat	upx
behavioral1/files/0x0005000000019456-198.dat	upx
behavioral1/files/0x000500000001943c-183.dat	upx
behavioral1/files/0x0005000000019438-178.dat	upx
behavioral1/files/0x000500000001942d-173.dat	upx
behavioral1/files/0x0005000000019418-163.dat	upx
behavioral1/files/0x0005000000019422-167.dat	upx
behavioral1/files/0x0005000000019395-153.dat	upx
behavioral1/files/0x0005000000019385-148.dat	upx
behavioral1/files/0x0005000000019377-143.dat	upx
behavioral1/files/0x0005000000019336-128.dat	upx
behavioral1/files/0x00050000000192eb-123.dat	upx
behavioral1/files/0x0005000000019249-113.dat	upx
behavioral1/memory/2716-105-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2992-97-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2924-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001923d-95.dat	upx
behavioral1/files/0x0005000000019246-104.dat	upx
behavioral1/memory/1500-88-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0009000000015d84-87.dat	upx
behavioral1/memory/2288-83-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2968-82-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0005000000019239-81.dat	upx
behavioral1/memory/2716-65-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2784-64-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0005000000019211-63.dat	upx
behavioral1/memory/3004-54-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1992-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0007000000016308-34.dat	upx
behavioral1/files/0x00090000000164af-39.dat	upx
behavioral1/memory/3004-24-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2360-3715-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2784-3731-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2968-3755-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2972-3788-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2924-3794-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1500-3801-0x000000013FD10000-0x0000000140064000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BjxzSFL.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QlGPnEy.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SnOjmVI.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JfxPXkJ.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FnhPOqS.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EMlRqmQ.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bnatAvt.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CZSzYcA.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NwDRqtX.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XHspVbY.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iBmkZLF.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tnaDtqC.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kWRNwVZ.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RebibQq.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hIftIpM.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IjeSKwM.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uRyuIQA.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dDLgOvI.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ToXoklk.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Laizpwk.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TXBcPAy.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vHmODSa.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OkaNBxD.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rqUOmgS.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HjmIHXV.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zDczoCW.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VXTBTjW.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HsHbwpD.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KlHSZmy.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CIbsvTL.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eGfeevK.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WGqKOfn.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CvDwSGC.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hTDFTan.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kCoPHsn.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XjJUmpX.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jRKaJYr.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qtAJkdL.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TGqjTtB.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tSuNmWV.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aNUFfhK.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\awnMSAp.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AiWbpcx.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hjpwBvp.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xDNdGgm.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SLaHVJx.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tJtfRkh.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HJmuChs.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YEwufYA.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GGZdPsR.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TmhCuiX.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qyYUbFn.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EkoKiaj.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TeDWwIB.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\htlKMqq.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hhOLcMQ.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wKyiZnp.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kQdJaiN.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uaXSPFZ.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cDrvbCk.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qDLrrLo.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sfBofOs.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EPIKWmu.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iKDTGyG.exe	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 332	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 1992 wrote to memory of 332	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 1992 wrote to memory of 332	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	32
PID 1992 wrote to memory of 2360	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 1992 wrote to memory of 2360	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 1992 wrote to memory of 2360	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	33
PID 1992 wrote to memory of 3004	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 1992 wrote to memory of 3004	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 1992 wrote to memory of 3004	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	34
PID 1992 wrote to memory of 2784	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 1992 wrote to memory of 2784	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 1992 wrote to memory of 2784	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	35
PID 1992 wrote to memory of 2840	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 1992 wrote to memory of 2840	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 1992 wrote to memory of 2840	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	36
PID 1992 wrote to memory of 2968	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 1992 wrote to memory of 2968	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 1992 wrote to memory of 2968	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	37
PID 1992 wrote to memory of 2796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 1992 wrote to memory of 2796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 1992 wrote to memory of 2796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	38
PID 1992 wrote to memory of 2924	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 1992 wrote to memory of 2924	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 1992 wrote to memory of 2924	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	39
PID 1992 wrote to memory of 2716	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 1992 wrote to memory of 2716	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 1992 wrote to memory of 2716	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	40
PID 1992 wrote to memory of 2972	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 1992 wrote to memory of 2972	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 1992 wrote to memory of 2972	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	41
PID 1992 wrote to memory of 2288	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 1992 wrote to memory of 2288	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 1992 wrote to memory of 2288	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	42
PID 1992 wrote to memory of 1500	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 1992 wrote to memory of 1500	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 1992 wrote to memory of 1500	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	43
PID 1992 wrote to memory of 2992	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 1992 wrote to memory of 2992	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 1992 wrote to memory of 2992	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	44
PID 1992 wrote to memory of 2168	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 1992 wrote to memory of 2168	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 1992 wrote to memory of 2168	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	45
PID 1992 wrote to memory of 796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 1992 wrote to memory of 796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 1992 wrote to memory of 796	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	46
PID 1992 wrote to memory of 2752	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 1992 wrote to memory of 2752	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 1992 wrote to memory of 2752	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	47
PID 1992 wrote to memory of 3036	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 1992 wrote to memory of 3036	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 1992 wrote to memory of 3036	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	48
PID 1992 wrote to memory of 760	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 1992 wrote to memory of 760	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 1992 wrote to memory of 760	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	49
PID 1992 wrote to memory of 3060	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 1992 wrote to memory of 3060	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 1992 wrote to memory of 3060	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	50
PID 1992 wrote to memory of 2024	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 1992 wrote to memory of 2024	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 1992 wrote to memory of 2024	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	51
PID 1992 wrote to memory of 2220	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52
PID 1992 wrote to memory of 2220	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52
PID 1992 wrote to memory of 2220	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	52
PID 1992 wrote to memory of 884	1992	2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_3c2a92bf79e63eb1dd6400d99b479d44_amadey_cobalt-strike_poet-rat_smoke-loader.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\System\tiWyGKN.exe
  C:\Windows\System\tiWyGKN.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\NxeNGBC.exe
  C:\Windows\System\NxeNGBC.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\fSSasYe.exe
  C:\Windows\System\fSSasYe.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\UhMwuBX.exe
  C:\Windows\System\UhMwuBX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\MyVaMOw.exe
  C:\Windows\System\MyVaMOw.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\sjEtpuF.exe
  C:\Windows\System\sjEtpuF.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\eMXdMUZ.exe
  C:\Windows\System\eMXdMUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\DmQOvbd.exe
  C:\Windows\System\DmQOvbd.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\oCcvwHv.exe
  C:\Windows\System\oCcvwHv.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\eRvZLea.exe
  C:\Windows\System\eRvZLea.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\eByWFEG.exe
  C:\Windows\System\eByWFEG.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\VBGpYFx.exe
  C:\Windows\System\VBGpYFx.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\RrejYFc.exe
  C:\Windows\System\RrejYFc.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\nylEoDU.exe
  C:\Windows\System\nylEoDU.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\MiZwUof.exe
  C:\Windows\System\MiZwUof.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\AcQWtOv.exe
  C:\Windows\System\AcQWtOv.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FtpxtEX.exe
  C:\Windows\System\FtpxtEX.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\VTRrvdV.exe
  C:\Windows\System\VTRrvdV.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\wabvPBu.exe
  C:\Windows\System\wabvPBu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\irgJdSt.exe
  C:\Windows\System\irgJdSt.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\cihhsJK.exe
  C:\Windows\System\cihhsJK.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\xNddHFm.exe
  C:\Windows\System\xNddHFm.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pJbGSAd.exe
  C:\Windows\System\pJbGSAd.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\dvPxWSc.exe
  C:\Windows\System\dvPxWSc.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NoQJCff.exe
  C:\Windows\System\NoQJCff.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\CFEkSJi.exe
  C:\Windows\System\CFEkSJi.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\KHVaPOw.exe
  C:\Windows\System\KHVaPOw.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\kIljhop.exe
  C:\Windows\System\kIljhop.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\AUcaJXI.exe
  C:\Windows\System\AUcaJXI.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\iHnocUu.exe
  C:\Windows\System\iHnocUu.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\wgAiaTE.exe
  C:\Windows\System\wgAiaTE.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\TQesExk.exe
  C:\Windows\System\TQesExk.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\dQtQzWX.exe
  C:\Windows\System\dQtQzWX.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\xCSVMZy.exe
  C:\Windows\System\xCSVMZy.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\JeOoLxu.exe
  C:\Windows\System\JeOoLxu.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\DvWgDDN.exe
  C:\Windows\System\DvWgDDN.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\icOsTBv.exe
  C:\Windows\System\icOsTBv.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\dtzzdHY.exe
  C:\Windows\System\dtzzdHY.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\AfmcfIW.exe
  C:\Windows\System\AfmcfIW.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\AtTwAgS.exe
  C:\Windows\System\AtTwAgS.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\RHHRnNP.exe
  C:\Windows\System\RHHRnNP.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\RYBRHag.exe
  C:\Windows\System\RYBRHag.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\fVuAJvy.exe
  C:\Windows\System\fVuAJvy.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\lgqoomz.exe
  C:\Windows\System\lgqoomz.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\kiWIoFS.exe
  C:\Windows\System\kiWIoFS.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\RxPDaQw.exe
  C:\Windows\System\RxPDaQw.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\kqxJzFr.exe
  C:\Windows\System\kqxJzFr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\cposKZB.exe
  C:\Windows\System\cposKZB.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\mdgcefC.exe
  C:\Windows\System\mdgcefC.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\iErrEDH.exe
  C:\Windows\System\iErrEDH.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\jvmTKip.exe
  C:\Windows\System\jvmTKip.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\bQEFsUC.exe
  C:\Windows\System\bQEFsUC.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iNHheyj.exe
  C:\Windows\System\iNHheyj.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ztFXEGS.exe
  C:\Windows\System\ztFXEGS.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\pMuMGWP.exe
  C:\Windows\System\pMuMGWP.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ljnXzML.exe
  C:\Windows\System\ljnXzML.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\FjBnYBy.exe
  C:\Windows\System\FjBnYBy.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\rNtkwXh.exe
  C:\Windows\System\rNtkwXh.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\JXBwGXp.exe
  C:\Windows\System\JXBwGXp.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\UtUCstb.exe
  C:\Windows\System\UtUCstb.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XhlYQZx.exe
  C:\Windows\System\XhlYQZx.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\leRxKzs.exe
  C:\Windows\System\leRxKzs.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\RlUXtXR.exe
  C:\Windows\System\RlUXtXR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\jZmsULs.exe
  C:\Windows\System\jZmsULs.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\kySnFqF.exe
  C:\Windows\System\kySnFqF.exe
  2⤵
  PID:2540
- C:\Windows\System\PDCeuyD.exe
  C:\Windows\System\PDCeuyD.exe
  2⤵
  PID:1264
- C:\Windows\System\syaAlTf.exe
  C:\Windows\System\syaAlTf.exe
  2⤵
  PID:1484
- C:\Windows\System\ZGRoCoT.exe
  C:\Windows\System\ZGRoCoT.exe
  2⤵
  PID:1344
- C:\Windows\System\AxeiQjj.exe
  C:\Windows\System\AxeiQjj.exe
  2⤵
  PID:1752
- C:\Windows\System\RgUBvlz.exe
  C:\Windows\System\RgUBvlz.exe
  2⤵
  PID:904
- C:\Windows\System\oRAIvPF.exe
  C:\Windows\System\oRAIvPF.exe
  2⤵
  PID:1372
- C:\Windows\System\XTHJbXC.exe
  C:\Windows\System\XTHJbXC.exe
  2⤵
  PID:2228
- C:\Windows\System\VZHRRcr.exe
  C:\Windows\System\VZHRRcr.exe
  2⤵
  PID:1596
- C:\Windows\System\hVPOLfJ.exe
  C:\Windows\System\hVPOLfJ.exe
  2⤵
  PID:2428
- C:\Windows\System\PEhyxRj.exe
  C:\Windows\System\PEhyxRj.exe
  2⤵
  PID:896
- C:\Windows\System\keKHsro.exe
  C:\Windows\System\keKHsro.exe
  2⤵
  PID:2468
- C:\Windows\System\QMVXseS.exe
  C:\Windows\System\QMVXseS.exe
  2⤵
  PID:2052
- C:\Windows\System\CpzPGmx.exe
  C:\Windows\System\CpzPGmx.exe
  2⤵
  PID:1100
- C:\Windows\System\dwvVlDA.exe
  C:\Windows\System\dwvVlDA.exe
  2⤵
  PID:2440
- C:\Windows\System\CmVZcBT.exe
  C:\Windows\System\CmVZcBT.exe
  2⤵
  PID:1640
- C:\Windows\System\EOzBuRk.exe
  C:\Windows\System\EOzBuRk.exe
  2⤵
  PID:2516
- C:\Windows\System\ezmOQXO.exe
  C:\Windows\System\ezmOQXO.exe
  2⤵
  PID:2976
- C:\Windows\System\dqOuTpX.exe
  C:\Windows\System\dqOuTpX.exe
  2⤵
  PID:2700
- C:\Windows\System\lySRZcg.exe
  C:\Windows\System\lySRZcg.exe
  2⤵
  PID:2804
- C:\Windows\System\CdpmJie.exe
  C:\Windows\System\CdpmJie.exe
  2⤵
  PID:1624
- C:\Windows\System\qysHolE.exe
  C:\Windows\System\qysHolE.exe
  2⤵
  PID:2128
- C:\Windows\System\EULAQpi.exe
  C:\Windows\System\EULAQpi.exe
  2⤵
  PID:1204
- C:\Windows\System\nOXPjjc.exe
  C:\Windows\System\nOXPjjc.exe
  2⤵
  PID:2032
- C:\Windows\System\TdiZaCR.exe
  C:\Windows\System\TdiZaCR.exe
  2⤵
  PID:2652
- C:\Windows\System\ALiZhQd.exe
  C:\Windows\System\ALiZhQd.exe
  2⤵
  PID:2016
- C:\Windows\System\yUSxmOp.exe
  C:\Windows\System\yUSxmOp.exe
  2⤵
  PID:836
- C:\Windows\System\ECRrRcC.exe
  C:\Windows\System\ECRrRcC.exe
  2⤵
  PID:2000
- C:\Windows\System\VBEBtJx.exe
  C:\Windows\System\VBEBtJx.exe
  2⤵
  PID:1776
- C:\Windows\System\tXYKtGU.exe
  C:\Windows\System\tXYKtGU.exe
  2⤵
  PID:2196
- C:\Windows\System\RjUZNPG.exe
  C:\Windows\System\RjUZNPG.exe
  2⤵
  PID:608
- C:\Windows\System\veiQiJK.exe
  C:\Windows\System\veiQiJK.exe
  2⤵
  PID:2176
- C:\Windows\System\efgvZTG.exe
  C:\Windows\System\efgvZTG.exe
  2⤵
  PID:1756
- C:\Windows\System\yFOBcjT.exe
  C:\Windows\System\yFOBcjT.exe
  2⤵
  PID:1588
- C:\Windows\System\QvFWLeG.exe
  C:\Windows\System\QvFWLeG.exe
  2⤵
  PID:1732
- C:\Windows\System\KDqtSiM.exe
  C:\Windows\System\KDqtSiM.exe
  2⤵
  PID:2704
- C:\Windows\System\OZQdVYg.exe
  C:\Windows\System\OZQdVYg.exe
  2⤵
  PID:848
- C:\Windows\System\AGytdnt.exe
  C:\Windows\System\AGytdnt.exe
  2⤵
  PID:1432
- C:\Windows\System\OlLkqKi.exe
  C:\Windows\System\OlLkqKi.exe
  2⤵
  PID:2320
- C:\Windows\System\KXxWUxm.exe
  C:\Windows\System\KXxWUxm.exe
  2⤵
  PID:1092
- C:\Windows\System\KgumUZA.exe
  C:\Windows\System\KgumUZA.exe
  2⤵
  PID:1964
- C:\Windows\System\sSmqddd.exe
  C:\Windows\System\sSmqddd.exe
  2⤵
  PID:2476
- C:\Windows\System\tevsQna.exe
  C:\Windows\System\tevsQna.exe
  2⤵
  PID:2588
- C:\Windows\System\ATmJdWA.exe
  C:\Windows\System\ATmJdWA.exe
  2⤵
  PID:2600
- C:\Windows\System\yWcLrDM.exe
  C:\Windows\System\yWcLrDM.exe
  2⤵
  PID:3084
- C:\Windows\System\muRWFaa.exe
  C:\Windows\System\muRWFaa.exe
  2⤵
  PID:3104
- C:\Windows\System\rclITDP.exe
  C:\Windows\System\rclITDP.exe
  2⤵
  PID:3124
- C:\Windows\System\PVGAauv.exe
  C:\Windows\System\PVGAauv.exe
  2⤵
  PID:3144
- C:\Windows\System\fFtZiBe.exe
  C:\Windows\System\fFtZiBe.exe
  2⤵
  PID:3168
- C:\Windows\System\hUCZdHo.exe
  C:\Windows\System\hUCZdHo.exe
  2⤵
  PID:3188
- C:\Windows\System\fjrFVCm.exe
  C:\Windows\System\fjrFVCm.exe
  2⤵
  PID:3208
- C:\Windows\System\smcTWuH.exe
  C:\Windows\System\smcTWuH.exe
  2⤵
  PID:3228
- C:\Windows\System\EecLcPJ.exe
  C:\Windows\System\EecLcPJ.exe
  2⤵
  PID:3248
- C:\Windows\System\SytDHPT.exe
  C:\Windows\System\SytDHPT.exe
  2⤵
  PID:3268
- C:\Windows\System\zVGqUFt.exe
  C:\Windows\System\zVGqUFt.exe
  2⤵
  PID:3288
- C:\Windows\System\SqSIUzr.exe
  C:\Windows\System\SqSIUzr.exe
  2⤵
  PID:3308
- C:\Windows\System\GZTbYHF.exe
  C:\Windows\System\GZTbYHF.exe
  2⤵
  PID:3328
- C:\Windows\System\GtsWIhK.exe
  C:\Windows\System\GtsWIhK.exe
  2⤵
  PID:3348
- C:\Windows\System\evvhuug.exe
  C:\Windows\System\evvhuug.exe
  2⤵
  PID:3368
- C:\Windows\System\fNnKMnZ.exe
  C:\Windows\System\fNnKMnZ.exe
  2⤵
  PID:3388
- C:\Windows\System\LzcWsdS.exe
  C:\Windows\System\LzcWsdS.exe
  2⤵
  PID:3408
- C:\Windows\System\jQGzQDf.exe
  C:\Windows\System\jQGzQDf.exe
  2⤵
  PID:3428
- C:\Windows\System\soCgTHe.exe
  C:\Windows\System\soCgTHe.exe
  2⤵
  PID:3448
- C:\Windows\System\PKctwSg.exe
  C:\Windows\System\PKctwSg.exe
  2⤵
  PID:3468
- C:\Windows\System\PwGQOjn.exe
  C:\Windows\System\PwGQOjn.exe
  2⤵
  PID:3484
- C:\Windows\System\OGllKRF.exe
  C:\Windows\System\OGllKRF.exe
  2⤵
  PID:3508
- C:\Windows\System\lHcgpeg.exe
  C:\Windows\System\lHcgpeg.exe
  2⤵
  PID:3524
- C:\Windows\System\CRnQTXR.exe
  C:\Windows\System\CRnQTXR.exe
  2⤵
  PID:3548
- C:\Windows\System\dgVUYOJ.exe
  C:\Windows\System\dgVUYOJ.exe
  2⤵
  PID:3568
- C:\Windows\System\unVJyly.exe
  C:\Windows\System\unVJyly.exe
  2⤵
  PID:3588
- C:\Windows\System\dBOjmXm.exe
  C:\Windows\System\dBOjmXm.exe
  2⤵
  PID:3608
- C:\Windows\System\MFcHDBn.exe
  C:\Windows\System\MFcHDBn.exe
  2⤵
  PID:3628
- C:\Windows\System\OTeaCWh.exe
  C:\Windows\System\OTeaCWh.exe
  2⤵
  PID:3648
- C:\Windows\System\ixpBLOg.exe
  C:\Windows\System\ixpBLOg.exe
  2⤵
  PID:3668
- C:\Windows\System\ivLDdFl.exe
  C:\Windows\System\ivLDdFl.exe
  2⤵
  PID:3688
- C:\Windows\System\Zqmvhdi.exe
  C:\Windows\System\Zqmvhdi.exe
  2⤵
  PID:3708
- C:\Windows\System\wdDZuVd.exe
  C:\Windows\System\wdDZuVd.exe
  2⤵
  PID:3728
- C:\Windows\System\HDFOxPj.exe
  C:\Windows\System\HDFOxPj.exe
  2⤵
  PID:3748
- C:\Windows\System\atpawug.exe
  C:\Windows\System\atpawug.exe
  2⤵
  PID:3768
- C:\Windows\System\aVgCZGG.exe
  C:\Windows\System\aVgCZGG.exe
  2⤵
  PID:3784
- C:\Windows\System\HVNUhPv.exe
  C:\Windows\System\HVNUhPv.exe
  2⤵
  PID:3808
- C:\Windows\System\fHVLsoa.exe
  C:\Windows\System\fHVLsoa.exe
  2⤵
  PID:3828
- C:\Windows\System\YWiLVbV.exe
  C:\Windows\System\YWiLVbV.exe
  2⤵
  PID:3848
- C:\Windows\System\UIgoSqw.exe
  C:\Windows\System\UIgoSqw.exe
  2⤵
  PID:3868
- C:\Windows\System\AIotomj.exe
  C:\Windows\System\AIotomj.exe
  2⤵
  PID:3884
- C:\Windows\System\vfWdJSM.exe
  C:\Windows\System\vfWdJSM.exe
  2⤵
  PID:3908
- C:\Windows\System\OOHyWvF.exe
  C:\Windows\System\OOHyWvF.exe
  2⤵
  PID:3928
- C:\Windows\System\bdhykfY.exe
  C:\Windows\System\bdhykfY.exe
  2⤵
  PID:3948
- C:\Windows\System\QYIVjKF.exe
  C:\Windows\System\QYIVjKF.exe
  2⤵
  PID:3972
- C:\Windows\System\AWpLOmI.exe
  C:\Windows\System\AWpLOmI.exe
  2⤵
  PID:3992
- C:\Windows\System\wSVevoj.exe
  C:\Windows\System\wSVevoj.exe
  2⤵
  PID:4012
- C:\Windows\System\KsAbNwZ.exe
  C:\Windows\System\KsAbNwZ.exe
  2⤵
  PID:4028
- C:\Windows\System\ovmukmD.exe
  C:\Windows\System\ovmukmD.exe
  2⤵
  PID:4052
- C:\Windows\System\TTNYjkg.exe
  C:\Windows\System\TTNYjkg.exe
  2⤵
  PID:4072
- C:\Windows\System\GcMMWPm.exe
  C:\Windows\System\GcMMWPm.exe
  2⤵
  PID:4088
- C:\Windows\System\oBoyojY.exe
  C:\Windows\System\oBoyojY.exe
  2⤵
  PID:2292
- C:\Windows\System\uRyuIQA.exe
  C:\Windows\System\uRyuIQA.exe
  2⤵
  PID:2284
- C:\Windows\System\QsHCLEd.exe
  C:\Windows\System\QsHCLEd.exe
  2⤵
  PID:2580
- C:\Windows\System\MoeNGKj.exe
  C:\Windows\System\MoeNGKj.exe
  2⤵
  PID:2156
- C:\Windows\System\pKenVFd.exe
  C:\Windows\System\pKenVFd.exe
  2⤵
  PID:1824
- C:\Windows\System\kaorerg.exe
  C:\Windows\System\kaorerg.exe
  2⤵
  PID:696
- C:\Windows\System\vhQfXTX.exe
  C:\Windows\System\vhQfXTX.exe
  2⤵
  PID:2064
- C:\Windows\System\ajgiSkg.exe
  C:\Windows\System\ajgiSkg.exe
  2⤵
  PID:3100
- C:\Windows\System\OJJqAEs.exe
  C:\Windows\System\OJJqAEs.exe
  2⤵
  PID:3136
- C:\Windows\System\BjxzSFL.exe
  C:\Windows\System\BjxzSFL.exe
  2⤵
  PID:3200
- C:\Windows\System\hJZWGny.exe
  C:\Windows\System\hJZWGny.exe
  2⤵
  PID:3244
- C:\Windows\System\fAWTlWd.exe
  C:\Windows\System\fAWTlWd.exe
  2⤵
  PID:3276
- C:\Windows\System\ZonmSui.exe
  C:\Windows\System\ZonmSui.exe
  2⤵
  PID:3260
- C:\Windows\System\xkpsVcX.exe
  C:\Windows\System\xkpsVcX.exe
  2⤵
  PID:3300
- C:\Windows\System\nVQNslV.exe
  C:\Windows\System\nVQNslV.exe
  2⤵
  PID:3336
- C:\Windows\System\hgBmULC.exe
  C:\Windows\System\hgBmULC.exe
  2⤵
  PID:3400
- C:\Windows\System\zqeWlvF.exe
  C:\Windows\System\zqeWlvF.exe
  2⤵
  PID:3384
- C:\Windows\System\HrJiwzg.exe
  C:\Windows\System\HrJiwzg.exe
  2⤵
  PID:3456
- C:\Windows\System\ZoIdthx.exe
  C:\Windows\System\ZoIdthx.exe
  2⤵
  PID:3460
- C:\Windows\System\AHTQLyM.exe
  C:\Windows\System\AHTQLyM.exe
  2⤵
  PID:3496
- C:\Windows\System\UckEWRy.exe
  C:\Windows\System\UckEWRy.exe
  2⤵
  PID:3536
- C:\Windows\System\vLcnNOU.exe
  C:\Windows\System\vLcnNOU.exe
  2⤵
  PID:3600
- C:\Windows\System\QlGPnEy.exe
  C:\Windows\System\QlGPnEy.exe
  2⤵
  PID:3644
- C:\Windows\System\kfagnpd.exe
  C:\Windows\System\kfagnpd.exe
  2⤵
  PID:3620
- C:\Windows\System\kJrSYUD.exe
  C:\Windows\System\kJrSYUD.exe
  2⤵
  PID:3716
- C:\Windows\System\DixjVZG.exe
  C:\Windows\System\DixjVZG.exe
  2⤵
  PID:3704
- C:\Windows\System\OiVQXeD.exe
  C:\Windows\System\OiVQXeD.exe
  2⤵
  PID:3740
- C:\Windows\System\InoiRYQ.exe
  C:\Windows\System\InoiRYQ.exe
  2⤵
  PID:3800
- C:\Windows\System\FDqhlOZ.exe
  C:\Windows\System\FDqhlOZ.exe
  2⤵
  PID:3780
- C:\Windows\System\kaxZaTM.exe
  C:\Windows\System\kaxZaTM.exe
  2⤵
  PID:3820
- C:\Windows\System\FZwhLEY.exe
  C:\Windows\System\FZwhLEY.exe
  2⤵
  PID:3916
- C:\Windows\System\yBcRCAx.exe
  C:\Windows\System\yBcRCAx.exe
  2⤵
  PID:3900
- C:\Windows\System\dDLgOvI.exe
  C:\Windows\System\dDLgOvI.exe
  2⤵
  PID:3940
- C:\Windows\System\BWPdoIU.exe
  C:\Windows\System\BWPdoIU.exe
  2⤵
  PID:4036
- C:\Windows\System\baxdIvL.exe
  C:\Windows\System\baxdIvL.exe
  2⤵
  PID:3984
- C:\Windows\System\VAACUjo.exe
  C:\Windows\System\VAACUjo.exe
  2⤵
  PID:4024
- C:\Windows\System\SLGfUvp.exe
  C:\Windows\System\SLGfUvp.exe
  2⤵
  PID:2792
- C:\Windows\System\rEqfPYI.exe
  C:\Windows\System\rEqfPYI.exe
  2⤵
  PID:2444
- C:\Windows\System\CelRqmc.exe
  C:\Windows\System\CelRqmc.exe
  2⤵
  PID:3020
- C:\Windows\System\VXvaXbq.exe
  C:\Windows\System\VXvaXbq.exe
  2⤵
  PID:3092
- C:\Windows\System\TAwCiCc.exe
  C:\Windows\System\TAwCiCc.exe
  2⤵
  PID:3120
- C:\Windows\System\tziKpJq.exe
  C:\Windows\System\tziKpJq.exe
  2⤵
  PID:3204
- C:\Windows\System\DuCZmTD.exe
  C:\Windows\System\DuCZmTD.exe
  2⤵
  PID:3240
- C:\Windows\System\NYXPXLW.exe
  C:\Windows\System\NYXPXLW.exe
  2⤵
  PID:272
- C:\Windows\System\zEnwkPx.exe
  C:\Windows\System\zEnwkPx.exe
  2⤵
  PID:3296
- C:\Windows\System\OmWJIHP.exe
  C:\Windows\System\OmWJIHP.exe
  2⤵
  PID:3340
- C:\Windows\System\zTwtGYs.exe
  C:\Windows\System\zTwtGYs.exe
  2⤵
  PID:3396
- C:\Windows\System\BhPynqN.exe
  C:\Windows\System\BhPynqN.exe
  2⤵
  PID:3424
- C:\Windows\System\fVFgqqO.exe
  C:\Windows\System\fVFgqqO.exe
  2⤵
  PID:3564
- C:\Windows\System\AvsTFlo.exe
  C:\Windows\System\AvsTFlo.exe
  2⤵
  PID:3596
- C:\Windows\System\aspenYD.exe
  C:\Windows\System\aspenYD.exe
  2⤵
  PID:3560
- C:\Windows\System\buRpLwH.exe
  C:\Windows\System\buRpLwH.exe
  2⤵
  PID:3676
- C:\Windows\System\dlqPIpX.exe
  C:\Windows\System\dlqPIpX.exe
  2⤵
  PID:3664
- C:\Windows\System\YEwufYA.exe
  C:\Windows\System\YEwufYA.exe
  2⤵
  PID:3792
- C:\Windows\System\SSpXsIC.exe
  C:\Windows\System\SSpXsIC.exe
  2⤵
  PID:3776
- C:\Windows\System\qCIfKJy.exe
  C:\Windows\System\qCIfKJy.exe
  2⤵
  PID:3924
- C:\Windows\System\vVlEPpk.exe
  C:\Windows\System\vVlEPpk.exe
  2⤵
  PID:3892
- C:\Windows\System\QSPJRDP.exe
  C:\Windows\System\QSPJRDP.exe
  2⤵
  PID:3960
- C:\Windows\System\pNTXyOX.exe
  C:\Windows\System\pNTXyOX.exe
  2⤵
  PID:4020
- C:\Windows\System\WIWtUlU.exe
  C:\Windows\System\WIWtUlU.exe
  2⤵
  PID:2504
- C:\Windows\System\QgzaTRu.exe
  C:\Windows\System\QgzaTRu.exe
  2⤵
  PID:1308
- C:\Windows\System\IiOQDGA.exe
  C:\Windows\System\IiOQDGA.exe
  2⤵
  PID:632
- C:\Windows\System\odepnbi.exe
  C:\Windows\System\odepnbi.exe
  2⤵
  PID:3184
- C:\Windows\System\JAsGkMo.exe
  C:\Windows\System\JAsGkMo.exe
  2⤵
  PID:3140
- C:\Windows\System\yhNOgfF.exe
  C:\Windows\System\yhNOgfF.exe
  2⤵
  PID:3320
- C:\Windows\System\iexNRZY.exe
  C:\Windows\System\iexNRZY.exe
  2⤵
  PID:3440
- C:\Windows\System\DUqhRbj.exe
  C:\Windows\System\DUqhRbj.exe
  2⤵
  PID:3556
- C:\Windows\System\CZORFJw.exe
  C:\Windows\System\CZORFJw.exe
  2⤵
  PID:3584
- C:\Windows\System\CXOgxVE.exe
  C:\Windows\System\CXOgxVE.exe
  2⤵
  PID:3532
- C:\Windows\System\zQufvQl.exe
  C:\Windows\System\zQufvQl.exe
  2⤵
  PID:3696
- C:\Windows\System\kSXQSko.exe
  C:\Windows\System\kSXQSko.exe
  2⤵
  PID:3880
- C:\Windows\System\KySFsSZ.exe
  C:\Windows\System\KySFsSZ.exe
  2⤵
  PID:3860
- C:\Windows\System\jIkwWmZ.exe
  C:\Windows\System\jIkwWmZ.exe
  2⤵
  PID:4064
- C:\Windows\System\kpoUVWB.exe
  C:\Windows\System\kpoUVWB.exe
  2⤵
  PID:1228
- C:\Windows\System\rJzbOsT.exe
  C:\Windows\System\rJzbOsT.exe
  2⤵
  PID:956
- C:\Windows\System\XGebVUl.exe
  C:\Windows\System\XGebVUl.exe
  2⤵
  PID:1760
- C:\Windows\System\KjDeNTP.exe
  C:\Windows\System\KjDeNTP.exe
  2⤵
  PID:3224
- C:\Windows\System\NJrjSbW.exe
  C:\Windows\System\NJrjSbW.exe
  2⤵
  PID:3416
- C:\Windows\System\DSeXlYT.exe
  C:\Windows\System\DSeXlYT.exe
  2⤵
  PID:3636
- C:\Windows\System\iDZlGfu.exe
  C:\Windows\System\iDZlGfu.exe
  2⤵
  PID:3744
- C:\Windows\System\QgIFPGX.exe
  C:\Windows\System\QgIFPGX.exe
  2⤵
  PID:3656
- C:\Windows\System\iRWzKWF.exe
  C:\Windows\System\iRWzKWF.exe
  2⤵
  PID:3936
- C:\Windows\System\jxgqfuy.exe
  C:\Windows\System\jxgqfuy.exe
  2⤵
  PID:1444
- C:\Windows\System\VkVZFAC.exe
  C:\Windows\System\VkVZFAC.exe
  2⤵
  PID:2696
- C:\Windows\System\YDcpiYE.exe
  C:\Windows\System\YDcpiYE.exe
  2⤵
  PID:2152
- C:\Windows\System\PmiEZUv.exe
  C:\Windows\System\PmiEZUv.exe
  2⤵
  PID:4112
- C:\Windows\System\NAnWcaj.exe
  C:\Windows\System\NAnWcaj.exe
  2⤵
  PID:4132
- C:\Windows\System\NZntEOk.exe
  C:\Windows\System\NZntEOk.exe
  2⤵
  PID:4152
- C:\Windows\System\bNqKvoX.exe
  C:\Windows\System\bNqKvoX.exe
  2⤵
  PID:4176
- C:\Windows\System\HZAykoO.exe
  C:\Windows\System\HZAykoO.exe
  2⤵
  PID:4196
- C:\Windows\System\vDYNxZE.exe
  C:\Windows\System\vDYNxZE.exe
  2⤵
  PID:4216
- C:\Windows\System\jLSiXgA.exe
  C:\Windows\System\jLSiXgA.exe
  2⤵
  PID:4236
- C:\Windows\System\ndKZzdX.exe
  C:\Windows\System\ndKZzdX.exe
  2⤵
  PID:4256
- C:\Windows\System\bJEeIcV.exe
  C:\Windows\System\bJEeIcV.exe
  2⤵
  PID:4272
- C:\Windows\System\ugVuTKH.exe
  C:\Windows\System\ugVuTKH.exe
  2⤵
  PID:4296
- C:\Windows\System\rUiFPli.exe
  C:\Windows\System\rUiFPli.exe
  2⤵
  PID:4316
- C:\Windows\System\DdFkEDQ.exe
  C:\Windows\System\DdFkEDQ.exe
  2⤵
  PID:4336
- C:\Windows\System\FCYGvqD.exe
  C:\Windows\System\FCYGvqD.exe
  2⤵
  PID:4356
- C:\Windows\System\VWLTWnh.exe
  C:\Windows\System\VWLTWnh.exe
  2⤵
  PID:4376
- C:\Windows\System\xunCSPl.exe
  C:\Windows\System\xunCSPl.exe
  2⤵
  PID:4396
- C:\Windows\System\VPcqTYj.exe
  C:\Windows\System\VPcqTYj.exe
  2⤵
  PID:4416
- C:\Windows\System\iodkhIz.exe
  C:\Windows\System\iodkhIz.exe
  2⤵
  PID:4436
- C:\Windows\System\BPaQDbL.exe
  C:\Windows\System\BPaQDbL.exe
  2⤵
  PID:4456
- C:\Windows\System\cckQlcb.exe
  C:\Windows\System\cckQlcb.exe
  2⤵
  PID:4480
- C:\Windows\System\izOGohN.exe
  C:\Windows\System\izOGohN.exe
  2⤵
  PID:4500
- C:\Windows\System\MGZXwAl.exe
  C:\Windows\System\MGZXwAl.exe
  2⤵
  PID:4520
- C:\Windows\System\mcgbzza.exe
  C:\Windows\System\mcgbzza.exe
  2⤵
  PID:4536
- C:\Windows\System\mglwxAk.exe
  C:\Windows\System\mglwxAk.exe
  2⤵
  PID:4560
- C:\Windows\System\HNrIrjn.exe
  C:\Windows\System\HNrIrjn.exe
  2⤵
  PID:4580
- C:\Windows\System\BVYSMce.exe
  C:\Windows\System\BVYSMce.exe
  2⤵
  PID:4600
- C:\Windows\System\HWiLfxK.exe
  C:\Windows\System\HWiLfxK.exe
  2⤵
  PID:4620
- C:\Windows\System\YrNCQCp.exe
  C:\Windows\System\YrNCQCp.exe
  2⤵
  PID:4640
- C:\Windows\System\gNccRMu.exe
  C:\Windows\System\gNccRMu.exe
  2⤵
  PID:4660
- C:\Windows\System\NwDRqtX.exe
  C:\Windows\System\NwDRqtX.exe
  2⤵
  PID:4680
- C:\Windows\System\qpdSSWY.exe
  C:\Windows\System\qpdSSWY.exe
  2⤵
  PID:4700
- C:\Windows\System\nnqZEbB.exe
  C:\Windows\System\nnqZEbB.exe
  2⤵
  PID:4720
- C:\Windows\System\qoBKgVT.exe
  C:\Windows\System\qoBKgVT.exe
  2⤵
  PID:4736
- C:\Windows\System\sYrwhux.exe
  C:\Windows\System\sYrwhux.exe
  2⤵
  PID:4760
- C:\Windows\System\xDnozTG.exe
  C:\Windows\System\xDnozTG.exe
  2⤵
  PID:4780
- C:\Windows\System\CIgFssR.exe
  C:\Windows\System\CIgFssR.exe
  2⤵
  PID:4800
- C:\Windows\System\FxTTqKY.exe
  C:\Windows\System\FxTTqKY.exe
  2⤵
  PID:4820
- C:\Windows\System\XbxModv.exe
  C:\Windows\System\XbxModv.exe
  2⤵
  PID:4840
- C:\Windows\System\bxDYake.exe
  C:\Windows\System\bxDYake.exe
  2⤵
  PID:4860
- C:\Windows\System\OjmtHVW.exe
  C:\Windows\System\OjmtHVW.exe
  2⤵
  PID:4880
- C:\Windows\System\VurNdyh.exe
  C:\Windows\System\VurNdyh.exe
  2⤵
  PID:4900
- C:\Windows\System\ByYXwsa.exe
  C:\Windows\System\ByYXwsa.exe
  2⤵
  PID:4920
- C:\Windows\System\JqAqHLH.exe
  C:\Windows\System\JqAqHLH.exe
  2⤵
  PID:4936
- C:\Windows\System\UfQkPZA.exe
  C:\Windows\System\UfQkPZA.exe
  2⤵
  PID:4960
- C:\Windows\System\NZAjTyD.exe
  C:\Windows\System\NZAjTyD.exe
  2⤵
  PID:4980
- C:\Windows\System\sBQUGvV.exe
  C:\Windows\System\sBQUGvV.exe
  2⤵
  PID:5000
- C:\Windows\System\MNgurlJ.exe
  C:\Windows\System\MNgurlJ.exe
  2⤵
  PID:5020
- C:\Windows\System\VEHsjKd.exe
  C:\Windows\System\VEHsjKd.exe
  2⤵
  PID:5040
- C:\Windows\System\DXSkvCF.exe
  C:\Windows\System\DXSkvCF.exe
  2⤵
  PID:5060
- C:\Windows\System\nzPteUu.exe
  C:\Windows\System\nzPteUu.exe
  2⤵
  PID:5076
- C:\Windows\System\IzGluuT.exe
  C:\Windows\System\IzGluuT.exe
  2⤵
  PID:5100
- C:\Windows\System\cNHHSNE.exe
  C:\Windows\System\cNHHSNE.exe
  2⤵
  PID:3364
- C:\Windows\System\ZAxvQbS.exe
  C:\Windows\System\ZAxvQbS.exe
  2⤵
  PID:3492
- C:\Windows\System\utEwmEx.exe
  C:\Windows\System\utEwmEx.exe
  2⤵
  PID:3844
- C:\Windows\System\GkKGdgg.exe
  C:\Windows\System\GkKGdgg.exe
  2⤵
  PID:1584
- C:\Windows\System\kadVgQp.exe
  C:\Windows\System\kadVgQp.exe
  2⤵
  PID:3356
- C:\Windows\System\NqAWBVq.exe
  C:\Windows\System\NqAWBVq.exe
  2⤵
  PID:4128
- C:\Windows\System\yMcveVs.exe
  C:\Windows\System\yMcveVs.exe
  2⤵
  PID:4164
- C:\Windows\System\urMNnou.exe
  C:\Windows\System\urMNnou.exe
  2⤵
  PID:4188
- C:\Windows\System\HElOhjF.exe
  C:\Windows\System\HElOhjF.exe
  2⤵
  PID:4232
- C:\Windows\System\vqtKgch.exe
  C:\Windows\System\vqtKgch.exe
  2⤵
  PID:4248
- C:\Windows\System\IFDfmBj.exe
  C:\Windows\System\IFDfmBj.exe
  2⤵
  PID:4292
- C:\Windows\System\ZviZxdX.exe
  C:\Windows\System\ZviZxdX.exe
  2⤵
  PID:4304
- C:\Windows\System\oBZslho.exe
  C:\Windows\System\oBZslho.exe
  2⤵
  PID:4352
- C:\Windows\System\SuYOkEk.exe
  C:\Windows\System\SuYOkEk.exe
  2⤵
  PID:4364
- C:\Windows\System\QApTRhu.exe
  C:\Windows\System\QApTRhu.exe
  2⤵
  PID:4392
- C:\Windows\System\BFbpudH.exe
  C:\Windows\System\BFbpudH.exe
  2⤵
  PID:4424
- C:\Windows\System\klnyiwg.exe
  C:\Windows\System\klnyiwg.exe
  2⤵
  PID:4476
- C:\Windows\System\Euospyw.exe
  C:\Windows\System\Euospyw.exe
  2⤵
  PID:4488
- C:\Windows\System\eXelksX.exe
  C:\Windows\System\eXelksX.exe
  2⤵
  PID:4512
- C:\Windows\System\CFFzSft.exe
  C:\Windows\System\CFFzSft.exe
  2⤵
  PID:4528
- C:\Windows\System\YxSXIrH.exe
  C:\Windows\System\YxSXIrH.exe
  2⤵
  PID:756
- C:\Windows\System\nFGbCVM.exe
  C:\Windows\System\nFGbCVM.exe
  2⤵
  PID:2892
- C:\Windows\System\KdKgNTH.exe
  C:\Windows\System\KdKgNTH.exe
  2⤵
  PID:2664
- C:\Windows\System\VmPngIt.exe
  C:\Windows\System\VmPngIt.exe
  2⤵
  PID:4676
- C:\Windows\System\TukIMeJ.exe
  C:\Windows\System\TukIMeJ.exe
  2⤵
  PID:4716
- C:\Windows\System\DUpulJE.exe
  C:\Windows\System\DUpulJE.exe
  2⤵
  PID:3048
- C:\Windows\System\RkkGbhM.exe
  C:\Windows\System\RkkGbhM.exe
  2⤵
  PID:4788
- C:\Windows\System\AHADnjL.exe
  C:\Windows\System\AHADnjL.exe
  2⤵
  PID:4776
- C:\Windows\System\GZfPveT.exe
  C:\Windows\System\GZfPveT.exe
  2⤵
  PID:4808
- C:\Windows\System\jGqgUdH.exe
  C:\Windows\System\jGqgUdH.exe
  2⤵
  PID:4868
- C:\Windows\System\rNWjGcC.exe
  C:\Windows\System\rNWjGcC.exe
  2⤵
  PID:4852
- C:\Windows\System\zSHraxF.exe
  C:\Windows\System\zSHraxF.exe
  2⤵
  PID:4896
- C:\Windows\System\DYyCsuT.exe
  C:\Windows\System\DYyCsuT.exe
  2⤵
  PID:4952
- C:\Windows\System\XTxYxLf.exe
  C:\Windows\System\XTxYxLf.exe
  2⤵
  PID:788
- C:\Windows\System\BktDtEq.exe
  C:\Windows\System\BktDtEq.exe
  2⤵
  PID:5072
- C:\Windows\System\tCxPQWx.exe
  C:\Windows\System\tCxPQWx.exe
  2⤵
  PID:4972
- C:\Windows\System\nSNaSPa.exe
  C:\Windows\System\nSNaSPa.exe
  2⤵
  PID:5112
- C:\Windows\System\GZUHwPX.exe
  C:\Windows\System\GZUHwPX.exe
  2⤵
  PID:5084
- C:\Windows\System\xMYJMPV.exe
  C:\Windows\System\xMYJMPV.exe
  2⤵
  PID:3988
- C:\Windows\System\dcNItbv.exe
  C:\Windows\System\dcNItbv.exe
  2⤵
  PID:3640
- C:\Windows\System\mIYaGzz.exe
  C:\Windows\System\mIYaGzz.exe
  2⤵
  PID:4080
- C:\Windows\System\bdGGsVe.exe
  C:\Windows\System\bdGGsVe.exe
  2⤵
  PID:4140
- C:\Windows\System\orqLBUQ.exe
  C:\Windows\System\orqLBUQ.exe
  2⤵
  PID:4144
- C:\Windows\System\HjmIHXV.exe
  C:\Windows\System\HjmIHXV.exe
  2⤵
  PID:4224
- C:\Windows\System\tdpKcdD.exe
  C:\Windows\System\tdpKcdD.exe
  2⤵
  PID:1700
- C:\Windows\System\CVXlElC.exe
  C:\Windows\System\CVXlElC.exe
  2⤵
  PID:4244
- C:\Windows\System\eSUIpZm.exe
  C:\Windows\System\eSUIpZm.exe
  2⤵
  PID:2956
- C:\Windows\System\nkeBkaF.exe
  C:\Windows\System\nkeBkaF.exe
  2⤵
  PID:1248
- C:\Windows\System\Betteob.exe
  C:\Windows\System\Betteob.exe
  2⤵
  PID:4332
- C:\Windows\System\snArQGJ.exe
  C:\Windows\System\snArQGJ.exe
  2⤵
  PID:4412
- C:\Windows\System\GeQmYPJ.exe
  C:\Windows\System\GeQmYPJ.exe
  2⤵
  PID:4516
- C:\Windows\System\ClCbRWh.exe
  C:\Windows\System\ClCbRWh.exe
  2⤵
  PID:4552
- C:\Windows\System\XnDvSXM.exe
  C:\Windows\System\XnDvSXM.exe
  2⤵
  PID:4556
- C:\Windows\System\dEefZAn.exe
  C:\Windows\System\dEefZAn.exe
  2⤵
  PID:4572
- C:\Windows\System\ruphUto.exe
  C:\Windows\System\ruphUto.exe
  2⤵
  PID:4672
- C:\Windows\System\wxdfVHl.exe
  C:\Windows\System\wxdfVHl.exe
  2⤵
  PID:4712
- C:\Windows\System\VhBRjnu.exe
  C:\Windows\System\VhBRjnu.exe
  2⤵
  PID:4792
- C:\Windows\System\hSsGGkG.exe
  C:\Windows\System\hSsGGkG.exe
  2⤵
  PID:4816
- C:\Windows\System\izuuUWF.exe
  C:\Windows\System\izuuUWF.exe
  2⤵
  PID:4908
- C:\Windows\System\ZSIhbhz.exe
  C:\Windows\System\ZSIhbhz.exe
  2⤵
  PID:4916
- C:\Windows\System\sbTzgSm.exe
  C:\Windows\System\sbTzgSm.exe
  2⤵
  PID:5016
- C:\Windows\System\mxDJanY.exe
  C:\Windows\System\mxDJanY.exe
  2⤵
  PID:5092
- C:\Windows\System\MydQpLn.exe
  C:\Windows\System\MydQpLn.exe
  2⤵
  PID:4008
- C:\Windows\System\cNJazss.exe
  C:\Windows\System\cNJazss.exe
  2⤵
  PID:540
- C:\Windows\System\OmdEGxR.exe
  C:\Windows\System\OmdEGxR.exe
  2⤵
  PID:4268
- C:\Windows\System\AcccwWH.exe
  C:\Windows\System\AcccwWH.exe
  2⤵
  PID:3476
- C:\Windows\System\YIkbvOD.exe
  C:\Windows\System\YIkbvOD.exe
  2⤵
  PID:4344
- C:\Windows\System\HBgOMiC.exe
  C:\Windows\System\HBgOMiC.exe
  2⤵
  PID:4384
- C:\Windows\System\XxGcHLN.exe
  C:\Windows\System\XxGcHLN.exe
  2⤵
  PID:4108
- C:\Windows\System\UvIZGPS.exe
  C:\Windows\System\UvIZGPS.exe
  2⤵
  PID:2576
- C:\Windows\System\NvPppif.exe
  C:\Windows\System\NvPppif.exe
  2⤵
  PID:4324
- C:\Windows\System\civyqko.exe
  C:\Windows\System\civyqko.exe
  2⤵
  PID:3052
- C:\Windows\System\CAVEqUO.exe
  C:\Windows\System\CAVEqUO.exe
  2⤵
  PID:1996
- C:\Windows\System\exTItkj.exe
  C:\Windows\System\exTItkj.exe
  2⤵
  PID:3904
- C:\Windows\System\ZfXDLJP.exe
  C:\Windows\System\ZfXDLJP.exe
  2⤵
  PID:2772
- C:\Windows\System\RuLeXLI.exe
  C:\Windows\System\RuLeXLI.exe
  2⤵
  PID:1312
- C:\Windows\System\EbXkZAi.exe
  C:\Windows\System\EbXkZAi.exe
  2⤵
  PID:4588
- C:\Windows\System\nzRqLlK.exe
  C:\Windows\System\nzRqLlK.exe
  2⤵
  PID:4444
- C:\Windows\System\iMTUTMp.exe
  C:\Windows\System\iMTUTMp.exe
  2⤵
  PID:2916
- C:\Windows\System\xcQcRwQ.exe
  C:\Windows\System\xcQcRwQ.exe
  2⤵
  PID:4752
- C:\Windows\System\zDczoCW.exe
  C:\Windows\System\zDczoCW.exe
  2⤵
  PID:4732
- C:\Windows\System\ZPHLjfc.exe
  C:\Windows\System\ZPHLjfc.exe
  2⤵
  PID:5012
- C:\Windows\System\YQpYoku.exe
  C:\Windows\System\YQpYoku.exe
  2⤵
  PID:5032
- C:\Windows\System\uUcLmsb.exe
  C:\Windows\System\uUcLmsb.exe
  2⤵
  PID:1240
- C:\Windows\System\ZrZaVcj.exe
  C:\Windows\System\ZrZaVcj.exe
  2⤵
  PID:5088
- C:\Windows\System\jrlSPtW.exe
  C:\Windows\System\jrlSPtW.exe
  2⤵
  PID:5052
- C:\Windows\System\DVFRRWx.exe
  C:\Windows\System\DVFRRWx.exe
  2⤵
  PID:4548
- C:\Windows\System\UKIvKqU.exe
  C:\Windows\System\UKIvKqU.exe
  2⤵
  PID:3040
- C:\Windows\System\iXLEnJr.exe
  C:\Windows\System\iXLEnJr.exe
  2⤵
  PID:3968
- C:\Windows\System\svPWxus.exe
  C:\Windows\System\svPWxus.exe
  2⤵
  PID:3824
- C:\Windows\System\ppZygwT.exe
  C:\Windows\System\ppZygwT.exe
  2⤵
  PID:4452
- C:\Windows\System\glvAjMp.exe
  C:\Windows\System\glvAjMp.exe
  2⤵
  PID:4812
- C:\Windows\System\EoKFkzw.exe
  C:\Windows\System\EoKFkzw.exe
  2⤵
  PID:264
- C:\Windows\System\sshyZWF.exe
  C:\Windows\System\sshyZWF.exe
  2⤵
  PID:3756
- C:\Windows\System\JvCbyNd.exe
  C:\Windows\System\JvCbyNd.exe
  2⤵
  PID:4312
- C:\Windows\System\EUUeCXh.exe
  C:\Windows\System\EUUeCXh.exe
  2⤵
  PID:4968
- C:\Windows\System\oqUvgkB.exe
  C:\Windows\System\oqUvgkB.exe
  2⤵
  PID:4996
- C:\Windows\System\cbTUZkw.exe
  C:\Windows\System\cbTUZkw.exe
  2⤵
  PID:4308
- C:\Windows\System\qMYqrVB.exe
  C:\Windows\System\qMYqrVB.exe
  2⤵
  PID:2960
- C:\Windows\System\OlMYsPt.exe
  C:\Windows\System\OlMYsPt.exe
  2⤵
  PID:4596
- C:\Windows\System\OUTKuGQ.exe
  C:\Windows\System\OUTKuGQ.exe
  2⤵
  PID:2140
- C:\Windows\System\gLBjZbR.exe
  C:\Windows\System\gLBjZbR.exe
  2⤵
  PID:2952
- C:\Windows\System\mXCNfxY.exe
  C:\Windows\System\mXCNfxY.exe
  2⤵
  PID:2908
- C:\Windows\System\PEkWtmK.exe
  C:\Windows\System\PEkWtmK.exe
  2⤵
  PID:3064
- C:\Windows\System\nLixtMX.exe
  C:\Windows\System\nLixtMX.exe
  2⤵
  PID:2244
- C:\Windows\System\fTZFuFH.exe
  C:\Windows\System\fTZFuFH.exe
  2⤵
  PID:4628
- C:\Windows\System\LtwJMJk.exe
  C:\Windows\System\LtwJMJk.exe
  2⤵
  PID:4192
- C:\Windows\System\yCtckyC.exe
  C:\Windows\System\yCtckyC.exe
  2⤵
  PID:4728
- C:\Windows\System\fcOhcGu.exe
  C:\Windows\System\fcOhcGu.exe
  2⤵
  PID:5068
- C:\Windows\System\JuWnOer.exe
  C:\Windows\System\JuWnOer.exe
  2⤵
  PID:4912
- C:\Windows\System\NHzShUn.exe
  C:\Windows\System\NHzShUn.exe
  2⤵
  PID:2776
- C:\Windows\System\zKBKyhh.exe
  C:\Windows\System\zKBKyhh.exe
  2⤵
  PID:4708
- C:\Windows\System\IWtiFku.exe
  C:\Windows\System\IWtiFku.exe
  2⤵
  PID:1280
- C:\Windows\System\kkyJxwV.exe
  C:\Windows\System\kkyJxwV.exe
  2⤵
  PID:2788
- C:\Windows\System\LoOhdFq.exe
  C:\Windows\System\LoOhdFq.exe
  2⤵
  PID:5116
- C:\Windows\System\yyCnHSV.exe
  C:\Windows\System\yyCnHSV.exe
  2⤵
  PID:2328
- C:\Windows\System\RvTfMIC.exe
  C:\Windows\System\RvTfMIC.exe
  2⤵
  PID:3012
- C:\Windows\System\Igaqmfm.exe
  C:\Windows\System\Igaqmfm.exe
  2⤵
  PID:5128
- C:\Windows\System\uCjYYZC.exe
  C:\Windows\System\uCjYYZC.exe
  2⤵
  PID:5144
- C:\Windows\System\DPvncgp.exe
  C:\Windows\System\DPvncgp.exe
  2⤵
  PID:5160
- C:\Windows\System\WRxPsqr.exe
  C:\Windows\System\WRxPsqr.exe
  2⤵
  PID:5180
- C:\Windows\System\vwXPUUs.exe
  C:\Windows\System\vwXPUUs.exe
  2⤵
  PID:5196
- C:\Windows\System\moRvsyz.exe
  C:\Windows\System\moRvsyz.exe
  2⤵
  PID:5212
- C:\Windows\System\DoixGkR.exe
  C:\Windows\System\DoixGkR.exe
  2⤵
  PID:5228
- C:\Windows\System\tSshckv.exe
  C:\Windows\System\tSshckv.exe
  2⤵
  PID:5248
- C:\Windows\System\BSTtRxa.exe
  C:\Windows\System\BSTtRxa.exe
  2⤵
  PID:5268
- C:\Windows\System\GGZdPsR.exe
  C:\Windows\System\GGZdPsR.exe
  2⤵
  PID:5296
- C:\Windows\System\CfYLJvT.exe
  C:\Windows\System\CfYLJvT.exe
  2⤵
  PID:5312
- C:\Windows\System\TlOyOus.exe
  C:\Windows\System\TlOyOus.exe
  2⤵
  PID:5328
- C:\Windows\System\AtpvEAV.exe
  C:\Windows\System\AtpvEAV.exe
  2⤵
  PID:5344
- C:\Windows\System\YJHHqVn.exe
  C:\Windows\System\YJHHqVn.exe
  2⤵
  PID:5360
- C:\Windows\System\YKkktOT.exe
  C:\Windows\System\YKkktOT.exe
  2⤵
  PID:5376
- C:\Windows\System\mKSdFEV.exe
  C:\Windows\System\mKSdFEV.exe
  2⤵
  PID:5392
- C:\Windows\System\WOdMRCt.exe
  C:\Windows\System\WOdMRCt.exe
  2⤵
  PID:5408
- C:\Windows\System\QXYAgli.exe
  C:\Windows\System\QXYAgli.exe
  2⤵
  PID:5424
- C:\Windows\System\SnOjmVI.exe
  C:\Windows\System\SnOjmVI.exe
  2⤵
  PID:5440
- C:\Windows\System\tnqlXuV.exe
  C:\Windows\System\tnqlXuV.exe
  2⤵
  PID:5456
- C:\Windows\System\bhcEEUx.exe
  C:\Windows\System\bhcEEUx.exe
  2⤵
  PID:5472
- C:\Windows\System\iQUGtSS.exe
  C:\Windows\System\iQUGtSS.exe
  2⤵
  PID:5488
- C:\Windows\System\ydFRjcp.exe
  C:\Windows\System\ydFRjcp.exe
  2⤵
  PID:5504
- C:\Windows\System\KGvGAWN.exe
  C:\Windows\System\KGvGAWN.exe
  2⤵
  PID:5520
- C:\Windows\System\sqlqfSS.exe
  C:\Windows\System\sqlqfSS.exe
  2⤵
  PID:5536
- C:\Windows\System\eEPCVqY.exe
  C:\Windows\System\eEPCVqY.exe
  2⤵
  PID:5572
- C:\Windows\System\XahqeYo.exe
  C:\Windows\System\XahqeYo.exe
  2⤵
  PID:5588
- C:\Windows\System\gwFzUsf.exe
  C:\Windows\System\gwFzUsf.exe
  2⤵
  PID:5604
- C:\Windows\System\HFNcHPV.exe
  C:\Windows\System\HFNcHPV.exe
  2⤵
  PID:5620
- C:\Windows\System\dXMGKxE.exe
  C:\Windows\System\dXMGKxE.exe
  2⤵
  PID:5636
- C:\Windows\System\ugiUWPE.exe
  C:\Windows\System\ugiUWPE.exe
  2⤵
  PID:5652
- C:\Windows\System\sZCCkxs.exe
  C:\Windows\System\sZCCkxs.exe
  2⤵
  PID:5668
- C:\Windows\System\exFkUam.exe
  C:\Windows\System\exFkUam.exe
  2⤵
  PID:5684
- C:\Windows\System\ZCvStev.exe
  C:\Windows\System\ZCvStev.exe
  2⤵
  PID:5700
- C:\Windows\System\bmCDuye.exe
  C:\Windows\System\bmCDuye.exe
  2⤵
  PID:5716
- C:\Windows\System\xeFefYq.exe
  C:\Windows\System\xeFefYq.exe
  2⤵
  PID:5788
- C:\Windows\System\afDAliZ.exe
  C:\Windows\System\afDAliZ.exe
  2⤵
  PID:5816
- C:\Windows\System\TdmNuYg.exe
  C:\Windows\System\TdmNuYg.exe
  2⤵
  PID:5836
- C:\Windows\System\xvYLOpH.exe
  C:\Windows\System\xvYLOpH.exe
  2⤵
  PID:5884
- C:\Windows\System\MQWukiF.exe
  C:\Windows\System\MQWukiF.exe
  2⤵
  PID:5900
- C:\Windows\System\xwXQPZe.exe
  C:\Windows\System\xwXQPZe.exe
  2⤵
  PID:5920
- C:\Windows\System\rJAAqOR.exe
  C:\Windows\System\rJAAqOR.exe
  2⤵
  PID:5956
- C:\Windows\System\MlVoSOT.exe
  C:\Windows\System\MlVoSOT.exe
  2⤵
  PID:6016
- C:\Windows\System\sXlspnd.exe
  C:\Windows\System\sXlspnd.exe
  2⤵
  PID:6044
- C:\Windows\System\zVftpDq.exe
  C:\Windows\System\zVftpDq.exe
  2⤵
  PID:6060
- C:\Windows\System\ifoBCua.exe
  C:\Windows\System\ifoBCua.exe
  2⤵
  PID:6076
- C:\Windows\System\gdgDTvI.exe
  C:\Windows\System\gdgDTvI.exe
  2⤵
  PID:6092
- C:\Windows\System\CvDwSGC.exe
  C:\Windows\System\CvDwSGC.exe
  2⤵
  PID:6116
- C:\Windows\System\SMiuEox.exe
  C:\Windows\System\SMiuEox.exe
  2⤵
  PID:6132
- C:\Windows\System\kjacFWX.exe
  C:\Windows\System\kjacFWX.exe
  2⤵
  PID:2240
- C:\Windows\System\ELabquH.exe
  C:\Windows\System\ELabquH.exe
  2⤵
  PID:4856
- C:\Windows\System\TNVHlad.exe
  C:\Windows\System\TNVHlad.exe
  2⤵
  PID:5176
- C:\Windows\System\YJLevEr.exe
  C:\Windows\System\YJLevEr.exe
  2⤵
  PID:5236
- C:\Windows\System\hlUnliR.exe
  C:\Windows\System\hlUnliR.exe
  2⤵
  PID:5280
- C:\Windows\System\RNqNIhI.exe
  C:\Windows\System\RNqNIhI.exe
  2⤵
  PID:5352
- C:\Windows\System\XDuWSVE.exe
  C:\Windows\System\XDuWSVE.exe
  2⤵
  PID:2520
- C:\Windows\System\rdYgUke.exe
  C:\Windows\System\rdYgUke.exe
  2⤵
  PID:5452
- C:\Windows\System\xiUtptw.exe
  C:\Windows\System\xiUtptw.exe
  2⤵
  PID:5516
- C:\Windows\System\kEEOpSs.exe
  C:\Windows\System\kEEOpSs.exe
  2⤵
  PID:5556
- C:\Windows\System\FgKmeRk.exe
  C:\Windows\System\FgKmeRk.exe
  2⤵
  PID:5600
- C:\Windows\System\VybtpBO.exe
  C:\Windows\System\VybtpBO.exe
  2⤵
  PID:5692
- C:\Windows\System\URlrDVd.exe
  C:\Windows\System\URlrDVd.exe
  2⤵
  PID:5740
- C:\Windows\System\vYIGrNc.exe
  C:\Windows\System\vYIGrNc.exe
  2⤵
  PID:5760
- C:\Windows\System\tkBoNjM.exe
  C:\Windows\System\tkBoNjM.exe
  2⤵
  PID:5776
- C:\Windows\System\fqaHgSQ.exe
  C:\Windows\System\fqaHgSQ.exe
  2⤵
  PID:5256
- C:\Windows\System\bQYAvDk.exe
  C:\Windows\System\bQYAvDk.exe
  2⤵
  PID:5368
- C:\Windows\System\kTlvAmI.exe
  C:\Windows\System\kTlvAmI.exe
  2⤵
  PID:4184
- C:\Windows\System\CrifvRB.exe
  C:\Windows\System\CrifvRB.exe
  2⤵
  PID:1260
- C:\Windows\System\VeZtwnu.exe
  C:\Windows\System\VeZtwnu.exe
  2⤵
  PID:1708
- C:\Windows\System\yzIsZGY.exe
  C:\Windows\System\yzIsZGY.exe
  2⤵
  PID:1764
- C:\Windows\System\HOJKVOv.exe
  C:\Windows\System\HOJKVOv.exe
  2⤵
  PID:5808
- C:\Windows\System\wPcUjht.exe
  C:\Windows\System\wPcUjht.exe
  2⤵
  PID:5336
- C:\Windows\System\rKMciAN.exe
  C:\Windows\System\rKMciAN.exe
  2⤵
  PID:5848
- C:\Windows\System\hbMEwve.exe
  C:\Windows\System\hbMEwve.exe
  2⤵
  PID:5464
- C:\Windows\System\kPfLBaQ.exe
  C:\Windows\System\kPfLBaQ.exe
  2⤵
  PID:1744
- C:\Windows\System\rHgfsPR.exe
  C:\Windows\System\rHgfsPR.exe
  2⤵
  PID:5864
- C:\Windows\System\JmkTPRD.exe
  C:\Windows\System\JmkTPRD.exe
  2⤵
  PID:5932
- C:\Windows\System\XyHedIZ.exe
  C:\Windows\System\XyHedIZ.exe
  2⤵
  PID:5948
- C:\Windows\System\jQqISql.exe
  C:\Windows\System\jQqISql.exe
  2⤵
  PID:5468
- C:\Windows\System\ffvPtQh.exe
  C:\Windows\System\ffvPtQh.exe
  2⤵
  PID:5992
- C:\Windows\System\vIyTwev.exe
  C:\Windows\System\vIyTwev.exe
  2⤵
  PID:6068
- C:\Windows\System\tzfBlrV.exe
  C:\Windows\System\tzfBlrV.exe
  2⤵
  PID:6108
- C:\Windows\System\KbVsHjP.exe
  C:\Windows\System\KbVsHjP.exe
  2⤵
  PID:5168
- C:\Windows\System\TACpuFC.exe
  C:\Windows\System\TACpuFC.exe
  2⤵
  PID:5384
- C:\Windows\System\xBuaHls.exe
  C:\Windows\System\xBuaHls.exe
  2⤵
  PID:5564
- C:\Windows\System\KIiOozP.exe
  C:\Windows\System\KIiOozP.exe
  2⤵
  PID:6088
- C:\Windows\System\sIRdGou.exe
  C:\Windows\System\sIRdGou.exe
  2⤵
  PID:5220
- C:\Windows\System\kRJNGnb.exe
  C:\Windows\System\kRJNGnb.exe
  2⤵
  PID:1512
- C:\Windows\System\QBiBFsk.exe
  C:\Windows\System\QBiBFsk.exe
  2⤵
  PID:5420
- C:\Windows\System\OpielSE.exe
  C:\Windows\System\OpielSE.exe
  2⤵
  PID:5288
- C:\Windows\System\ZvzYMdF.exe
  C:\Windows\System\ZvzYMdF.exe
  2⤵
  PID:5448
- C:\Windows\System\ZYKvBcZ.exe
  C:\Windows\System\ZYKvBcZ.exe
  2⤵
  PID:5660
- C:\Windows\System\DAMDfdN.exe
  C:\Windows\System\DAMDfdN.exe
  2⤵
  PID:5756
- C:\Windows\System\pFzAlbM.exe
  C:\Windows\System\pFzAlbM.exe
  2⤵
  PID:3068
- C:\Windows\System\UolDEdW.exe
  C:\Windows\System\UolDEdW.exe
  2⤵
  PID:5940
- C:\Windows\System\AEZUfPI.exe
  C:\Windows\System\AEZUfPI.exe
  2⤵
  PID:5432
- C:\Windows\System\kQFlfAh.exe
  C:\Windows\System\kQFlfAh.exe
  2⤵
  PID:5880
- C:\Windows\System\gzyCvCN.exe
  C:\Windows\System\gzyCvCN.exe
  2⤵
  PID:5980
- C:\Windows\System\UEoXKGh.exe
  C:\Windows\System\UEoXKGh.exe
  2⤵
  PID:5916
- C:\Windows\System\CwsFsjg.exe
  C:\Windows\System\CwsFsjg.exe
  2⤵
  PID:356
- C:\Windows\System\JfxPXkJ.exe
  C:\Windows\System\JfxPXkJ.exe
  2⤵
  PID:5680
- C:\Windows\System\UYgQtQX.exe
  C:\Windows\System\UYgQtQX.exe
  2⤵
  PID:2984
- C:\Windows\System\viDDYEl.exe
  C:\Windows\System\viDDYEl.exe
  2⤵
  PID:6084
- C:\Windows\System\RplwGRD.exe
  C:\Windows\System\RplwGRD.exe
  2⤵
  PID:5844
- C:\Windows\System\YXqRvUB.exe
  C:\Windows\System\YXqRvUB.exe
  2⤵
  PID:3016
- C:\Windows\System\ToXoklk.exe
  C:\Windows\System\ToXoklk.exe
  2⤵
  PID:5736
- C:\Windows\System\TFuGYCc.exe
  C:\Windows\System\TFuGYCc.exe
  2⤵
  PID:5828
- C:\Windows\System\gifxDCn.exe
  C:\Windows\System\gifxDCn.exe
  2⤵
  PID:5208
- C:\Windows\System\PWukrBf.exe
  C:\Windows\System\PWukrBf.exe
  2⤵
  PID:5748
- C:\Windows\System\NpYMPYJ.exe
  C:\Windows\System\NpYMPYJ.exe
  2⤵
  PID:5728
- C:\Windows\System\fNYXqeM.exe
  C:\Windows\System\fNYXqeM.exe
  2⤵
  PID:5964
- C:\Windows\System\fqFrsmo.exe
  C:\Windows\System\fqFrsmo.exe
  2⤵
  PID:2136
- C:\Windows\System\rEvIwKX.exe
  C:\Windows\System\rEvIwKX.exe
  2⤵
  PID:5580
- C:\Windows\System\TgIbCdK.exe
  C:\Windows\System\TgIbCdK.exe
  2⤵
  PID:5648
- C:\Windows\System\AARzDSe.exe
  C:\Windows\System\AARzDSe.exe
  2⤵
  PID:5852
- C:\Windows\System\PeDeOhd.exe
  C:\Windows\System\PeDeOhd.exe
  2⤵
  PID:6028
- C:\Windows\System\rviUXBI.exe
  C:\Windows\System\rviUXBI.exe
  2⤵
  PID:5512
- C:\Windows\System\aUzzaPN.exe
  C:\Windows\System\aUzzaPN.exe
  2⤵
  PID:6124
- C:\Windows\System\iVecTdZ.exe
  C:\Windows\System\iVecTdZ.exe
  2⤵
  PID:5552
- C:\Windows\System\ouTwkbn.exe
  C:\Windows\System\ouTwkbn.exe
  2⤵
  PID:1156
- C:\Windows\System\FWflkaT.exe
  C:\Windows\System\FWflkaT.exe
  2⤵
  PID:6100
- C:\Windows\System\aNUFfhK.exe
  C:\Windows\System\aNUFfhK.exe
  2⤵
  PID:5912
- C:\Windows\System\rsAxhuB.exe
  C:\Windows\System\rsAxhuB.exe
  2⤵
  PID:5304
- C:\Windows\System\tlfpXHM.exe
  C:\Windows\System\tlfpXHM.exe
  2⤵
  PID:5324
- C:\Windows\System\TNlillj.exe
  C:\Windows\System\TNlillj.exe
  2⤵
  PID:5596
- C:\Windows\System\kEEJHRF.exe
  C:\Windows\System\kEEJHRF.exe
  2⤵
  PID:5796
- C:\Windows\System\VGhdwuo.exe
  C:\Windows\System\VGhdwuo.exe
  2⤵
  PID:6148
- C:\Windows\System\JitLVBa.exe
  C:\Windows\System\JitLVBa.exe
  2⤵
  PID:6164
- C:\Windows\System\Ynihnab.exe
  C:\Windows\System\Ynihnab.exe
  2⤵
  PID:6180
- C:\Windows\System\ctXrNki.exe
  C:\Windows\System\ctXrNki.exe
  2⤵
  PID:6204
- C:\Windows\System\RaLSFQh.exe
  C:\Windows\System\RaLSFQh.exe
  2⤵
  PID:6228
- C:\Windows\System\ZEbEuxy.exe
  C:\Windows\System\ZEbEuxy.exe
  2⤵
  PID:6252
- C:\Windows\System\hEMlgBV.exe
  C:\Windows\System\hEMlgBV.exe
  2⤵
  PID:6280
- C:\Windows\System\BIsZjPS.exe
  C:\Windows\System\BIsZjPS.exe
  2⤵
  PID:6308
- C:\Windows\System\UhERbum.exe
  C:\Windows\System\UhERbum.exe
  2⤵
  PID:6328
- C:\Windows\System\TzyNVpy.exe
  C:\Windows\System\TzyNVpy.exe
  2⤵
  PID:6344
- C:\Windows\System\ooprwvD.exe
  C:\Windows\System\ooprwvD.exe
  2⤵
  PID:6360
- C:\Windows\System\ZwNMYmT.exe
  C:\Windows\System\ZwNMYmT.exe
  2⤵
  PID:6376
- C:\Windows\System\pumuZif.exe
  C:\Windows\System\pumuZif.exe
  2⤵
  PID:6396
- C:\Windows\System\fQCzXhQ.exe
  C:\Windows\System\fQCzXhQ.exe
  2⤵
  PID:6416
- C:\Windows\System\QBVxRco.exe
  C:\Windows\System\QBVxRco.exe
  2⤵
  PID:6452
- C:\Windows\System\awnMSAp.exe
  C:\Windows\System\awnMSAp.exe
  2⤵
  PID:6476
- C:\Windows\System\qzKJuUe.exe
  C:\Windows\System\qzKJuUe.exe
  2⤵
  PID:6492
- C:\Windows\System\clawNfB.exe
  C:\Windows\System\clawNfB.exe
  2⤵
  PID:6532
- C:\Windows\System\cFnVEGK.exe
  C:\Windows\System\cFnVEGK.exe
  2⤵
  PID:6548
- C:\Windows\System\rFYHWnd.exe
  C:\Windows\System\rFYHWnd.exe
  2⤵
  PID:6564
- C:\Windows\System\CWwgaCT.exe
  C:\Windows\System\CWwgaCT.exe
  2⤵
  PID:6580
- C:\Windows\System\fcPpCUx.exe
  C:\Windows\System\fcPpCUx.exe
  2⤵
  PID:6596
- C:\Windows\System\HqrpwWu.exe
  C:\Windows\System\HqrpwWu.exe
  2⤵
  PID:6612
- C:\Windows\System\oKjAAth.exe
  C:\Windows\System\oKjAAth.exe
  2⤵
  PID:6628
- C:\Windows\System\TFMKBWY.exe
  C:\Windows\System\TFMKBWY.exe
  2⤵
  PID:6644
- C:\Windows\System\Upavbqq.exe
  C:\Windows\System\Upavbqq.exe
  2⤵
  PID:6688
- C:\Windows\System\jpXEnyc.exe
  C:\Windows\System\jpXEnyc.exe
  2⤵
  PID:6704
- C:\Windows\System\UaujxNP.exe
  C:\Windows\System\UaujxNP.exe
  2⤵
  PID:6720
- C:\Windows\System\VuYCuuZ.exe
  C:\Windows\System\VuYCuuZ.exe
  2⤵
  PID:6736
- C:\Windows\System\tLPSMHS.exe
  C:\Windows\System\tLPSMHS.exe
  2⤵
  PID:6756
- C:\Windows\System\AjGDSqu.exe
  C:\Windows\System\AjGDSqu.exe
  2⤵
  PID:6772
- C:\Windows\System\wdKpNpK.exe
  C:\Windows\System\wdKpNpK.exe
  2⤵
  PID:6788
- C:\Windows\System\XsTcqWT.exe
  C:\Windows\System\XsTcqWT.exe
  2⤵
  PID:6804
- C:\Windows\System\oUBgkZo.exe
  C:\Windows\System\oUBgkZo.exe
  2⤵
  PID:6820
- C:\Windows\System\FnhPOqS.exe
  C:\Windows\System\FnhPOqS.exe
  2⤵
  PID:6836
- C:\Windows\System\UKUHgov.exe
  C:\Windows\System\UKUHgov.exe
  2⤵
  PID:6852
- C:\Windows\System\oUquImj.exe
  C:\Windows\System\oUquImj.exe
  2⤵
  PID:6868
- C:\Windows\System\PtzLmks.exe
  C:\Windows\System\PtzLmks.exe
  2⤵
  PID:6884
- C:\Windows\System\hRhnxxS.exe
  C:\Windows\System\hRhnxxS.exe
  2⤵
  PID:6900
- C:\Windows\System\phdTOBc.exe
  C:\Windows\System\phdTOBc.exe
  2⤵
  PID:6916
- C:\Windows\System\GdkdpFE.exe
  C:\Windows\System\GdkdpFE.exe
  2⤵
  PID:6932
- C:\Windows\System\amWHoyw.exe
  C:\Windows\System\amWHoyw.exe
  2⤵
  PID:6952
- C:\Windows\System\HZtGfPF.exe
  C:\Windows\System\HZtGfPF.exe
  2⤵
  PID:6972
- C:\Windows\System\EMlRqmQ.exe
  C:\Windows\System\EMlRqmQ.exe
  2⤵
  PID:7052
- C:\Windows\System\mDfsTbm.exe
  C:\Windows\System\mDfsTbm.exe
  2⤵
  PID:7068
- C:\Windows\System\HBdhHCP.exe
  C:\Windows\System\HBdhHCP.exe
  2⤵
  PID:7084
- C:\Windows\System\YBWhtaN.exe
  C:\Windows\System\YBWhtaN.exe
  2⤵
  PID:7100
- C:\Windows\System\bdkigSm.exe
  C:\Windows\System\bdkigSm.exe
  2⤵
  PID:7116
- C:\Windows\System\syJhrfY.exe
  C:\Windows\System\syJhrfY.exe
  2⤵
  PID:7132
- C:\Windows\System\ZGekpoL.exe
  C:\Windows\System\ZGekpoL.exe
  2⤵
  PID:7148
- C:\Windows\System\eWUmVwn.exe
  C:\Windows\System\eWUmVwn.exe
  2⤵
  PID:7164
- C:\Windows\System\vpApCKp.exe
  C:\Windows\System\vpApCKp.exe
  2⤵
  PID:5712
- C:\Windows\System\HRgDiHU.exe
  C:\Windows\System\HRgDiHU.exe
  2⤵
  PID:2568
- C:\Windows\System\pdyUZIv.exe
  C:\Windows\System\pdyUZIv.exe
  2⤵
  PID:5156
- C:\Windows\System\WncEiIU.exe
  C:\Windows\System\WncEiIU.exe
  2⤵
  PID:5804
- C:\Windows\System\XiuMlZL.exe
  C:\Windows\System\XiuMlZL.exe
  2⤵
  PID:5484
- C:\Windows\System\vmEctVX.exe
  C:\Windows\System\vmEctVX.exe
  2⤵
  PID:5952
- C:\Windows\System\qzyQYwd.exe
  C:\Windows\System\qzyQYwd.exe
  2⤵
  PID:6196
- C:\Windows\System\NquONwn.exe
  C:\Windows\System\NquONwn.exe
  2⤵
  PID:6240
- C:\Windows\System\QRloUfP.exe
  C:\Windows\System\QRloUfP.exe
  2⤵
  PID:6296
- C:\Windows\System\tzjFfAP.exe
  C:\Windows\System\tzjFfAP.exe
  2⤵
  PID:6336
- C:\Windows\System\xhwlihR.exe
  C:\Windows\System\xhwlihR.exe
  2⤵
  PID:6412
- C:\Windows\System\uhaZXjw.exe
  C:\Windows\System\uhaZXjw.exe
  2⤵
  PID:6472
- C:\Windows\System\fCDCQZw.exe
  C:\Windows\System\fCDCQZw.exe
  2⤵
  PID:6428
- C:\Windows\System\llQfLmU.exe
  C:\Windows\System\llQfLmU.exe
  2⤵
  PID:6216
- C:\Windows\System\yADXEKR.exe
  C:\Windows\System\yADXEKR.exe
  2⤵
  PID:6224
- C:\Windows\System\BTOiIPN.exe
  C:\Windows\System\BTOiIPN.exe
  2⤵
  PID:6272
- C:\Windows\System\PcXeOrt.exe
  C:\Windows\System\PcXeOrt.exe
  2⤵
  PID:6320
- C:\Windows\System\BgtdDPg.exe
  C:\Windows\System\BgtdDPg.exe
  2⤵
  PID:6392
- C:\Windows\System\zwboLuR.exe
  C:\Windows\System\zwboLuR.exe
  2⤵
  PID:6444
- C:\Windows\System\pQVenpj.exe
  C:\Windows\System\pQVenpj.exe
  2⤵
  PID:4464
- C:\Windows\System\ztXyqIu.exe
  C:\Windows\System\ztXyqIu.exe
  2⤵
  PID:6524
- C:\Windows\System\KZAeHhM.exe
  C:\Windows\System\KZAeHhM.exe
  2⤵
  PID:6572
- C:\Windows\System\zdqTvLo.exe
  C:\Windows\System\zdqTvLo.exe
  2⤵
  PID:6588
- C:\Windows\System\RNaegHr.exe
  C:\Windows\System\RNaegHr.exe
  2⤵
  PID:6652
- C:\Windows\System\fKkWHTd.exe
  C:\Windows\System\fKkWHTd.exe
  2⤵
  PID:6604
- C:\Windows\System\pLmaTrU.exe
  C:\Windows\System\pLmaTrU.exe
  2⤵
  PID:6672
- C:\Windows\System\dsojHzx.exe
  C:\Windows\System\dsojHzx.exe
  2⤵
  PID:6712
- C:\Windows\System\wDwYeKa.exe
  C:\Windows\System\wDwYeKa.exe
  2⤵
  PID:6752
- C:\Windows\System\AubukVk.exe
  C:\Windows\System\AubukVk.exe
  2⤵
  PID:6816
- C:\Windows\System\TGsMNQc.exe
  C:\Windows\System\TGsMNQc.exe
  2⤵
  PID:6880
- C:\Windows\System\bfYhUIe.exe
  C:\Windows\System\bfYhUIe.exe
  2⤵
  PID:6940
- C:\Windows\System\bxkrOuP.exe
  C:\Windows\System\bxkrOuP.exe
  2⤵
  PID:6728
- C:\Windows\System\uiYYqqQ.exe
  C:\Windows\System\uiYYqqQ.exe
  2⤵
  PID:6800
- C:\Windows\System\kAjgJNV.exe
  C:\Windows\System\kAjgJNV.exe
  2⤵
  PID:6892
- C:\Windows\System\zDgtzrz.exe
  C:\Windows\System\zDgtzrz.exe
  2⤵
  PID:1548
- C:\Windows\System\LoeOJNR.exe
  C:\Windows\System\LoeOJNR.exe
  2⤵
  PID:6700
- C:\Windows\System\qXUXZMW.exe
  C:\Windows\System\qXUXZMW.exe
  2⤵
  PID:7008
- C:\Windows\System\fFdiWeN.exe
  C:\Windows\System\fFdiWeN.exe
  2⤵
  PID:6988
- C:\Windows\System\geEljgt.exe
  C:\Windows\System\geEljgt.exe
  2⤵
  PID:6948
- C:\Windows\System\RtoTjhG.exe
  C:\Windows\System\RtoTjhG.exe
  2⤵
  PID:7032
- C:\Windows\System\XMoTwOH.exe
  C:\Windows\System\XMoTwOH.exe
  2⤵
  PID:7044
- C:\Windows\System\NNhTiUf.exe
  C:\Windows\System\NNhTiUf.exe
  2⤵
  PID:7184
- C:\Windows\System\csUFzUh.exe
  C:\Windows\System\csUFzUh.exe
  2⤵
  PID:7200
- C:\Windows\System\ifmVgJn.exe
  C:\Windows\System\ifmVgJn.exe
  2⤵
  PID:7224
- C:\Windows\System\XApmuYC.exe
  C:\Windows\System\XApmuYC.exe
  2⤵
  PID:7240
- C:\Windows\System\HNTuLRd.exe
  C:\Windows\System\HNTuLRd.exe
  2⤵
  PID:7256
- C:\Windows\System\WNplBRB.exe
  C:\Windows\System\WNplBRB.exe
  2⤵
  PID:7272
- C:\Windows\System\VwNzbNR.exe
  C:\Windows\System\VwNzbNR.exe
  2⤵
  PID:7288
- C:\Windows\System\hxMVxda.exe
  C:\Windows\System\hxMVxda.exe
  2⤵
  PID:7304
- C:\Windows\System\wroJnvT.exe
  C:\Windows\System\wroJnvT.exe
  2⤵
  PID:7320
- C:\Windows\System\PkllpUW.exe
  C:\Windows\System\PkllpUW.exe
  2⤵
  PID:7336
- C:\Windows\System\eSQCRtC.exe
  C:\Windows\System\eSQCRtC.exe
  2⤵
  PID:7352
- C:\Windows\System\ktmZPPM.exe
  C:\Windows\System\ktmZPPM.exe
  2⤵
  PID:7368
- C:\Windows\System\PNrZqCf.exe
  C:\Windows\System\PNrZqCf.exe
  2⤵
  PID:7384
- C:\Windows\System\RMtspVq.exe
  C:\Windows\System\RMtspVq.exe
  2⤵
  PID:7400
- C:\Windows\System\RdsPJjY.exe
  C:\Windows\System\RdsPJjY.exe
  2⤵
  PID:7416
- C:\Windows\System\usFLDHn.exe
  C:\Windows\System\usFLDHn.exe
  2⤵
  PID:7432
- C:\Windows\System\XLtlAAi.exe
  C:\Windows\System\XLtlAAi.exe
  2⤵
  PID:7448
- C:\Windows\System\hpAtzXW.exe
  C:\Windows\System\hpAtzXW.exe
  2⤵
  PID:7464
- C:\Windows\System\WUkLmxz.exe
  C:\Windows\System\WUkLmxz.exe
  2⤵
  PID:7480
- C:\Windows\System\ckcojlG.exe
  C:\Windows\System\ckcojlG.exe
  2⤵
  PID:7496
- C:\Windows\System\ZDANIbA.exe
  C:\Windows\System\ZDANIbA.exe
  2⤵
  PID:7532
- C:\Windows\System\BHsDOIJ.exe
  C:\Windows\System\BHsDOIJ.exe
  2⤵
  PID:7548
- C:\Windows\System\BGNoffu.exe
  C:\Windows\System\BGNoffu.exe
  2⤵
  PID:7564
- C:\Windows\System\Vjvgqzp.exe
  C:\Windows\System\Vjvgqzp.exe
  2⤵
  PID:7580
- C:\Windows\System\RvwHCQX.exe
  C:\Windows\System\RvwHCQX.exe
  2⤵
  PID:7596
- C:\Windows\System\jvFCkwY.exe
  C:\Windows\System\jvFCkwY.exe
  2⤵
  PID:7616
- C:\Windows\System\jCgOpWl.exe
  C:\Windows\System\jCgOpWl.exe
  2⤵
  PID:7636
- C:\Windows\System\eGxIxQv.exe
  C:\Windows\System\eGxIxQv.exe
  2⤵
  PID:7652
- C:\Windows\System\qXviOqc.exe
  C:\Windows\System\qXviOqc.exe
  2⤵
  PID:7668
- C:\Windows\System\tMUyQjM.exe
  C:\Windows\System\tMUyQjM.exe
  2⤵
  PID:7684
- C:\Windows\System\hhBXzog.exe
  C:\Windows\System\hhBXzog.exe
  2⤵
  PID:7700
- C:\Windows\System\wJIYdUt.exe
  C:\Windows\System\wJIYdUt.exe
  2⤵
  PID:7716
- C:\Windows\System\usHUdiw.exe
  C:\Windows\System\usHUdiw.exe
  2⤵
  PID:7732
- C:\Windows\System\MglrWAx.exe
  C:\Windows\System\MglrWAx.exe
  2⤵
  PID:7752
- C:\Windows\System\LNhCVIh.exe
  C:\Windows\System\LNhCVIh.exe
  2⤵
  PID:7768
- C:\Windows\System\dyGTdqd.exe
  C:\Windows\System\dyGTdqd.exe
  2⤵
  PID:7784
- C:\Windows\System\GtICxUA.exe
  C:\Windows\System\GtICxUA.exe
  2⤵
  PID:7800
- C:\Windows\System\BrDxDBr.exe
  C:\Windows\System\BrDxDBr.exe
  2⤵
  PID:7816
- C:\Windows\System\AiWbpcx.exe
  C:\Windows\System\AiWbpcx.exe
  2⤵
  PID:7832
- C:\Windows\System\HHigSJD.exe
  C:\Windows\System\HHigSJD.exe
  2⤵
  PID:7852
- C:\Windows\System\ABckObJ.exe
  C:\Windows\System\ABckObJ.exe
  2⤵
  PID:7872
- C:\Windows\System\VPkHBXS.exe
  C:\Windows\System\VPkHBXS.exe
  2⤵
  PID:7960
- C:\Windows\System\TwlVmwu.exe
  C:\Windows\System\TwlVmwu.exe
  2⤵
  PID:7980
- C:\Windows\System\koWyOmp.exe
  C:\Windows\System\koWyOmp.exe
  2⤵
  PID:7996
- C:\Windows\System\tWuVTfD.exe
  C:\Windows\System\tWuVTfD.exe
  2⤵
  PID:8020
- C:\Windows\System\FjcPzMG.exe
  C:\Windows\System\FjcPzMG.exe
  2⤵
  PID:8064
- C:\Windows\System\wkvsQQd.exe
  C:\Windows\System\wkvsQQd.exe
  2⤵
  PID:8092
- C:\Windows\System\KddRdur.exe
  C:\Windows\System\KddRdur.exe
  2⤵
  PID:8112
- C:\Windows\System\wTZxOkM.exe
  C:\Windows\System\wTZxOkM.exe
  2⤵
  PID:8132
- C:\Windows\System\GWfLAad.exe
  C:\Windows\System\GWfLAad.exe
  2⤵
  PID:8148
- C:\Windows\System\YjGtTaI.exe
  C:\Windows\System\YjGtTaI.exe
  2⤵
  PID:8164
- C:\Windows\System\cuTcPWU.exe
  C:\Windows\System\cuTcPWU.exe
  2⤵
  PID:8184
- C:\Windows\System\JRwkPPC.exe
  C:\Windows\System\JRwkPPC.exe
  2⤵
  PID:7048
- C:\Windows\System\zaUhzcW.exe
  C:\Windows\System\zaUhzcW.exe
  2⤵
  PID:6748
- C:\Windows\System\NruZRET.exe
  C:\Windows\System\NruZRET.exe
  2⤵
  PID:6864
- C:\Windows\System\iRJCRkv.exe
  C:\Windows\System\iRJCRkv.exe
  2⤵
  PID:6484
- C:\Windows\System\ucusmkG.exe
  C:\Windows\System\ucusmkG.exe
  2⤵
  PID:7108
- C:\Windows\System\SspRNcy.exe
  C:\Windows\System\SspRNcy.exe
  2⤵
  PID:2200
- C:\Windows\System\sKLURaw.exe
  C:\Windows\System\sKLURaw.exe
  2⤵
  PID:6160
- C:\Windows\System\bnatAvt.exe
  C:\Windows\System\bnatAvt.exe
  2⤵
  PID:6288
- C:\Windows\System\kPkzrJD.exe
  C:\Windows\System\kPkzrJD.exe
  2⤵
  PID:6500
- C:\Windows\System\iPxamlf.exe
  C:\Windows\System\iPxamlf.exe
  2⤵
  PID:6432
- C:\Windows\System\yvpFnxX.exe
  C:\Windows\System\yvpFnxX.exe
  2⤵
  PID:6540
- C:\Windows\System\fvxTOXz.exe
  C:\Windows\System\fvxTOXz.exe
  2⤵
  PID:6812
- C:\Windows\System\kpHAnmb.exe
  C:\Windows\System\kpHAnmb.exe
  2⤵
  PID:6924
- C:\Windows\System\XgVonBC.exe
  C:\Windows\System\XgVonBC.exe
  2⤵
  PID:7004
- C:\Windows\System\pnEJNjI.exe
  C:\Windows\System\pnEJNjI.exe
  2⤵
  PID:7192
- C:\Windows\System\oKozxcY.exe
  C:\Windows\System\oKozxcY.exe
  2⤵
  PID:6980
- C:\Windows\System\YzFOGff.exe
  C:\Windows\System\YzFOGff.exe
  2⤵
  PID:7176
- C:\Windows\System\mGWgxrZ.exe
  C:\Windows\System\mGWgxrZ.exe
  2⤵
  PID:6624
- C:\Windows\System\UUmYVca.exe
  C:\Windows\System\UUmYVca.exe
  2⤵
  PID:6664
- C:\Windows\System\QEWetsE.exe
  C:\Windows\System\QEWetsE.exe
  2⤵
  PID:6268
- C:\Windows\System\CxDrvFV.exe
  C:\Windows\System\CxDrvFV.exe
  2⤵
  PID:6468
- C:\Windows\System\piUSaam.exe
  C:\Windows\System\piUSaam.exe
  2⤵
  PID:6236
- C:\Windows\System\gtQSFHb.exe
  C:\Windows\System\gtQSFHb.exe
  2⤵
  PID:5320
- C:\Windows\System\XTYrSlt.exe
  C:\Windows\System\XTYrSlt.exe
  2⤵
  PID:5752
- C:\Windows\System\oCNqxtN.exe
  C:\Windows\System\oCNqxtN.exe
  2⤵
  PID:7096
- C:\Windows\System\tqDbdDg.exe
  C:\Windows\System\tqDbdDg.exe
  2⤵
  PID:108
- C:\Windows\System\ejnjoYB.exe
  C:\Windows\System\ejnjoYB.exe
  2⤵
  PID:7212
- C:\Windows\System\FxHnPar.exe
  C:\Windows\System\FxHnPar.exe
  2⤵
  PID:7220
- C:\Windows\System\cHSFNVl.exe
  C:\Windows\System\cHSFNVl.exe
  2⤵
  PID:7312
- C:\Windows\System\iNKxNsC.exe
  C:\Windows\System\iNKxNsC.exe
  2⤵
  PID:7360
- C:\Windows\System\KzpPCvd.exe
  C:\Windows\System\KzpPCvd.exe
  2⤵
  PID:7624
- C:\Windows\System\MdRGCVb.exe
  C:\Windows\System\MdRGCVb.exe
  2⤵
  PID:7760
- C:\Windows\System\oFRODhI.exe
  C:\Windows\System\oFRODhI.exe
  2⤵
  PID:7664
- C:\Windows\System\RAxrWYI.exe
  C:\Windows\System\RAxrWYI.exe
  2⤵
  PID:7868
- C:\Windows\System\DaGpPXe.exe
  C:\Windows\System\DaGpPXe.exe
  2⤵
  PID:7916
- C:\Windows\System\seARwSM.exe
  C:\Windows\System\seARwSM.exe
  2⤵
  PID:7932
- C:\Windows\System\vhzPjux.exe
  C:\Windows\System\vhzPjux.exe
  2⤵
  PID:7948
- C:\Windows\System\rjAbhJO.exe
  C:\Windows\System\rjAbhJO.exe
  2⤵
  PID:7992
- C:\Windows\System\sLWVibG.exe
  C:\Windows\System\sLWVibG.exe
  2⤵
  PID:8004
- C:\Windows\System\dJJAGwp.exe
  C:\Windows\System\dJJAGwp.exe
  2⤵
  PID:8028
- C:\Windows\System\eJheOHy.exe
  C:\Windows\System\eJheOHy.exe
  2⤵
  PID:8044
- C:\Windows\System\iVgBvNL.exe
  C:\Windows\System\iVgBvNL.exe
  2⤵
  PID:8100
- C:\Windows\System\rjwDqsU.exe
  C:\Windows\System\rjwDqsU.exe
  2⤵
  PID:8080
- C:\Windows\System\Mqupwjj.exe
  C:\Windows\System\Mqupwjj.exe
  2⤵
  PID:8088
- C:\Windows\System\HYCCdFL.exe
  C:\Windows\System\HYCCdFL.exe
  2⤵
  PID:8076
- C:\Windows\System\pNvmPXj.exe
  C:\Windows\System\pNvmPXj.exe
  2⤵
  PID:8128
- C:\Windows\System\QOCsRoG.exe
  C:\Windows\System\QOCsRoG.exe
  2⤵
  PID:6324
- C:\Windows\System\CZSzYcA.exe
  C:\Windows\System\CZSzYcA.exe
  2⤵
  PID:7144
- C:\Windows\System\XBzLXJc.exe
  C:\Windows\System\XBzLXJc.exe
  2⤵
  PID:6448
- C:\Windows\System\pKhpYLO.exe
  C:\Windows\System\pKhpYLO.exe
  2⤵
  PID:6696
- C:\Windows\System\DPHbsOH.exe
  C:\Windows\System\DPHbsOH.exe
  2⤵
  PID:6368
- C:\Windows\System\MLgTZqm.exe
  C:\Windows\System\MLgTZqm.exe
  2⤵
  PID:5968
- C:\Windows\System\GQunnfI.exe
  C:\Windows\System\GQunnfI.exe
  2⤵
  PID:6832
- C:\Windows\System\lcGyYth.exe
  C:\Windows\System\lcGyYth.exe
  2⤵
  PID:6968
- C:\Windows\System\OciOjyt.exe
  C:\Windows\System\OciOjyt.exe
  2⤵
  PID:6356
- C:\Windows\System\wZeWPhx.exe
  C:\Windows\System\wZeWPhx.exe
  2⤵
  PID:6304
- C:\Windows\System\VXTBTjW.exe
  C:\Windows\System\VXTBTjW.exe
  2⤵
  PID:7296
- C:\Windows\System\LGQRvoY.exe
  C:\Windows\System\LGQRvoY.exe
  2⤵
  PID:7332
- C:\Windows\System\uCoWJRt.exe
  C:\Windows\System\uCoWJRt.exe
  2⤵
  PID:5676
- C:\Windows\System\lokezRV.exe
  C:\Windows\System\lokezRV.exe
  2⤵
  PID:7268
- C:\Windows\System\XSRHVOB.exe
  C:\Windows\System\XSRHVOB.exe
  2⤵
  PID:7172
- C:\Windows\System\HqpzCqb.exe
  C:\Windows\System\HqpzCqb.exe
  2⤵
  PID:7348
- C:\Windows\System\KrZouii.exe
  C:\Windows\System\KrZouii.exe
  2⤵
  PID:7376
- C:\Windows\System\MRcmrQv.exe
  C:\Windows\System\MRcmrQv.exe
  2⤵
  PID:7408
- C:\Windows\System\IyDmUJU.exe
  C:\Windows\System\IyDmUJU.exe
  2⤵
  PID:7444
- C:\Windows\System\QRRGwjv.exe
  C:\Windows\System\QRRGwjv.exe
  2⤵
  PID:7440
- C:\Windows\System\rUfCNio.exe
  C:\Windows\System\rUfCNio.exe
  2⤵
  PID:7520
- C:\Windows\System\TfdlnIf.exe
  C:\Windows\System\TfdlnIf.exe
  2⤵
  PID:7540
- C:\Windows\System\DqSPjlc.exe
  C:\Windows\System\DqSPjlc.exe
  2⤵
  PID:7588
- C:\Windows\System\tQiIcNk.exe
  C:\Windows\System\tQiIcNk.exe
  2⤵
  PID:7604
- C:\Windows\System\HpGEwuv.exe
  C:\Windows\System\HpGEwuv.exe
  2⤵
  PID:7764
- C:\Windows\System\PdvOHnr.exe
  C:\Windows\System\PdvOHnr.exe
  2⤵
  PID:7792
- C:\Windows\System\jdlFnPF.exe
  C:\Windows\System\jdlFnPF.exe
  2⤵
  PID:7812
- C:\Windows\System\xlMgVYe.exe
  C:\Windows\System\xlMgVYe.exe
  2⤵
  PID:7808
- C:\Windows\System\aMmfpte.exe
  C:\Windows\System\aMmfpte.exe
  2⤵
  PID:7796
- C:\Windows\System\EWcSjWS.exe
  C:\Windows\System\EWcSjWS.exe
  2⤵
  PID:8012
- C:\Windows\System\SAVQJeF.exe
  C:\Windows\System\SAVQJeF.exe
  2⤵
  PID:8176
- C:\Windows\System\wKyiZnp.exe
  C:\Windows\System\wKyiZnp.exe
  2⤵
  PID:6636
- C:\Windows\System\FtcyZcl.exe
  C:\Windows\System\FtcyZcl.exe
  2⤵
  PID:6640
- C:\Windows\System\FTnjIQU.exe
  C:\Windows\System\FTnjIQU.exe
  2⤵
  PID:7900
- C:\Windows\System\zyNXhjl.exe
  C:\Windows\System\zyNXhjl.exe
  2⤵
  PID:7912
- C:\Windows\System\icNsMNW.exe
  C:\Windows\System\icNsMNW.exe
  2⤵
  PID:6744
- C:\Windows\System\qeWEsol.exe
  C:\Windows\System\qeWEsol.exe
  2⤵
  PID:6340
- C:\Windows\System\vcfAIiz.exe
  C:\Windows\System\vcfAIiz.exe
  2⤵
  PID:7316
- C:\Windows\System\IJliUEd.exe
  C:\Windows\System\IJliUEd.exe
  2⤵
  PID:6560
- C:\Windows\System\MmsfHYg.exe
  C:\Windows\System\MmsfHYg.exe
  2⤵
  PID:7064
- C:\Windows\System\YUTvMUU.exe
  C:\Windows\System\YUTvMUU.exe
  2⤵
  PID:8108
- C:\Windows\System\RkNFSYh.exe
  C:\Windows\System\RkNFSYh.exe
  2⤵
  PID:7968
- C:\Windows\System\vTABUmc.exe
  C:\Windows\System\vTABUmc.exe
  2⤵
  PID:7232
- C:\Windows\System\ONCAAgC.exe
  C:\Windows\System\ONCAAgC.exe
  2⤵
  PID:6176
- C:\Windows\System\yZabsCM.exe
  C:\Windows\System\yZabsCM.exe
  2⤵
  PID:7460
- C:\Windows\System\SeHxObj.exe
  C:\Windows\System\SeHxObj.exe
  2⤵
  PID:7524
- C:\Windows\System\gFIibPi.exe
  C:\Windows\System\gFIibPi.exe
  2⤵
  PID:7708
- C:\Windows\System\KLAIkSB.exe
  C:\Windows\System\KLAIkSB.exe
  2⤵
  PID:7364
- C:\Windows\System\KcIlZXo.exe
  C:\Windows\System\KcIlZXo.exe
  2⤵
  PID:7512
- C:\Windows\System\MtxDTJX.exe
  C:\Windows\System\MtxDTJX.exe
  2⤵
  PID:7844
- C:\Windows\System\vYlRujs.exe
  C:\Windows\System\vYlRujs.exe
  2⤵
  PID:7508
- C:\Windows\System\rWsFFen.exe
  C:\Windows\System\rWsFFen.exe
  2⤵
  PID:1768
- C:\Windows\System\FgkCbrd.exe
  C:\Windows\System\FgkCbrd.exe
  2⤵
  PID:7928
- C:\Windows\System\HtijyrE.exe
  C:\Windows\System\HtijyrE.exe
  2⤵
  PID:7956
- C:\Windows\System\zxfWyYd.exe
  C:\Windows\System\zxfWyYd.exe
  2⤵
  PID:7140
- C:\Windows\System\rmzsOOH.exe
  C:\Windows\System\rmzsOOH.exe
  2⤵
  PID:8052
- C:\Windows\System\DMueLrf.exe
  C:\Windows\System\DMueLrf.exe
  2⤵
  PID:7696
- C:\Windows\System\CLxwkQN.exe
  C:\Windows\System\CLxwkQN.exe
  2⤵
  PID:7944
- C:\Windows\System\TrxUeuI.exe
  C:\Windows\System\TrxUeuI.exe
  2⤵
  PID:8036
- C:\Windows\System\brqGZyq.exe
  C:\Windows\System\brqGZyq.exe
  2⤵
  PID:7492
- C:\Windows\System\tfHDTsh.exe
  C:\Windows\System\tfHDTsh.exe
  2⤵
  PID:7424
- C:\Windows\System\iQSdXut.exe
  C:\Windows\System\iQSdXut.exe
  2⤵
  PID:7864
- C:\Windows\System\OvKZNQZ.exe
  C:\Windows\System\OvKZNQZ.exe
  2⤵
  PID:8200
- C:\Windows\System\SogoNIc.exe
  C:\Windows\System\SogoNIc.exe
  2⤵
  PID:8216
- C:\Windows\System\XXRURSr.exe
  C:\Windows\System\XXRURSr.exe
  2⤵
  PID:8232
- C:\Windows\System\CHJnMCa.exe
  C:\Windows\System\CHJnMCa.exe
  2⤵
  PID:8248
- C:\Windows\System\GaUhzNU.exe
  C:\Windows\System\GaUhzNU.exe
  2⤵
  PID:8264
- C:\Windows\System\xCaWdIB.exe
  C:\Windows\System\xCaWdIB.exe
  2⤵
  PID:8280
- C:\Windows\System\huXDzMX.exe
  C:\Windows\System\huXDzMX.exe
  2⤵
  PID:8296
- C:\Windows\System\ibPwMJo.exe
  C:\Windows\System\ibPwMJo.exe
  2⤵
  PID:8312
- C:\Windows\System\LZMtRwN.exe
  C:\Windows\System\LZMtRwN.exe
  2⤵
  PID:8328
- C:\Windows\System\dYTdIPC.exe
  C:\Windows\System\dYTdIPC.exe
  2⤵
  PID:8344
- C:\Windows\System\Saqtrao.exe
  C:\Windows\System\Saqtrao.exe
  2⤵
  PID:8360
- C:\Windows\System\EamZyYw.exe
  C:\Windows\System\EamZyYw.exe
  2⤵
  PID:8380
- C:\Windows\System\CIxfpqB.exe
  C:\Windows\System\CIxfpqB.exe
  2⤵
  PID:8404
- C:\Windows\System\fFbkyGe.exe
  C:\Windows\System\fFbkyGe.exe
  2⤵
  PID:8424
- C:\Windows\System\MzRAcDf.exe
  C:\Windows\System\MzRAcDf.exe
  2⤵
  PID:8448
- C:\Windows\System\mzFZbJH.exe
  C:\Windows\System\mzFZbJH.exe
  2⤵
  PID:8468
- C:\Windows\System\AnxBaxF.exe
  C:\Windows\System\AnxBaxF.exe
  2⤵
  PID:8488
- C:\Windows\System\vOwaGmG.exe
  C:\Windows\System\vOwaGmG.exe
  2⤵
  PID:8508
- C:\Windows\System\NLnkJXh.exe
  C:\Windows\System\NLnkJXh.exe
  2⤵
  PID:8528
- C:\Windows\System\bKgLlnA.exe
  C:\Windows\System\bKgLlnA.exe
  2⤵
  PID:8556
- C:\Windows\System\MPHWhqr.exe
  C:\Windows\System\MPHWhqr.exe
  2⤵
  PID:8584
- C:\Windows\System\mKdpcoM.exe
  C:\Windows\System\mKdpcoM.exe
  2⤵
  PID:8612
- C:\Windows\System\Ibxzmck.exe
  C:\Windows\System\Ibxzmck.exe
  2⤵
  PID:8656
- C:\Windows\System\RfTaEjX.exe
  C:\Windows\System\RfTaEjX.exe
  2⤵
  PID:8676
- C:\Windows\System\jIByiZt.exe
  C:\Windows\System\jIByiZt.exe
  2⤵
  PID:8696
- C:\Windows\System\WmfLQuY.exe
  C:\Windows\System\WmfLQuY.exe
  2⤵
  PID:8716
- C:\Windows\System\WYvWPhu.exe
  C:\Windows\System\WYvWPhu.exe
  2⤵
  PID:8740
- C:\Windows\System\CiJgcLK.exe
  C:\Windows\System\CiJgcLK.exe
  2⤵
  PID:8756
- C:\Windows\System\eUwhOcn.exe
  C:\Windows\System\eUwhOcn.exe
  2⤵
  PID:8780
- C:\Windows\System\JIVbOWZ.exe
  C:\Windows\System\JIVbOWZ.exe
  2⤵
  PID:8796
- C:\Windows\System\JXfdUOS.exe
  C:\Windows\System\JXfdUOS.exe
  2⤵
  PID:8820
- C:\Windows\System\uSIaIHq.exe
  C:\Windows\System\uSIaIHq.exe
  2⤵
  PID:8840
- C:\Windows\System\HWqcFNS.exe
  C:\Windows\System\HWqcFNS.exe
  2⤵
  PID:8856
- C:\Windows\System\tLEwMtb.exe
  C:\Windows\System\tLEwMtb.exe
  2⤵
  PID:8880
- C:\Windows\System\eaqYtUP.exe
  C:\Windows\System\eaqYtUP.exe
  2⤵
  PID:8900
- C:\Windows\System\tmPvlsS.exe
  C:\Windows\System\tmPvlsS.exe
  2⤵
  PID:8916
- C:\Windows\System\etzPcfg.exe
  C:\Windows\System\etzPcfg.exe
  2⤵
  PID:8944
- C:\Windows\System\XifSKUT.exe
  C:\Windows\System\XifSKUT.exe
  2⤵
  PID:8960
- C:\Windows\System\AzbMZxu.exe
  C:\Windows\System\AzbMZxu.exe
  2⤵
  PID:8992
- C:\Windows\System\wxRHKvq.exe
  C:\Windows\System\wxRHKvq.exe
  2⤵
  PID:9008
- C:\Windows\System\lgEbWzA.exe
  C:\Windows\System\lgEbWzA.exe
  2⤵
  PID:9024
- C:\Windows\System\VtXwazw.exe
  C:\Windows\System\VtXwazw.exe
  2⤵
  PID:9040
- C:\Windows\System\VrkmCUl.exe
  C:\Windows\System\VrkmCUl.exe
  2⤵
  PID:9120
- C:\Windows\System\SbXSbof.exe
  C:\Windows\System\SbXSbof.exe
  2⤵
  PID:9180
- C:\Windows\System\zNiiaCD.exe
  C:\Windows\System\zNiiaCD.exe
  2⤵
  PID:7264
- C:\Windows\System\NhvCHYw.exe
  C:\Windows\System\NhvCHYw.exe
  2⤵
  PID:7908
- C:\Windows\System\dVxWVwK.exe
  C:\Windows\System\dVxWVwK.exe
  2⤵
  PID:8160
- C:\Windows\System\XsiBUfD.exe
  C:\Windows\System\XsiBUfD.exe
  2⤵
  PID:8276
- C:\Windows\System\fJmObeQ.exe
  C:\Windows\System\fJmObeQ.exe
  2⤵
  PID:6248
- C:\Windows\System\dfrzsNu.exe
  C:\Windows\System\dfrzsNu.exe
  2⤵
  PID:7380
- C:\Windows\System\XFUEjCS.exe
  C:\Windows\System\XFUEjCS.exe
  2⤵
  PID:8324
- C:\Windows\System\XoyEpiN.exe
  C:\Windows\System\XoyEpiN.exe
  2⤵
  PID:8320
- C:\Windows\System\EjfxIyI.exe
  C:\Windows\System\EjfxIyI.exe
  2⤵
  PID:8368
- C:\Windows\System\FVBZveK.exe
  C:\Windows\System\FVBZveK.exe
  2⤵
  PID:8396
- C:\Windows\System\tcdrEgO.exe
  C:\Windows\System\tcdrEgO.exe
  2⤵
  PID:8548
- C:\Windows\System\AJnDCck.exe
  C:\Windows\System\AJnDCck.exe
  2⤵
  PID:8604
- C:\Windows\System\jTyQFoS.exe
  C:\Windows\System\jTyQFoS.exe
  2⤵
  PID:8664
- C:\Windows\System\KcTAFQu.exe
  C:\Windows\System\KcTAFQu.exe
  2⤵
  PID:8520
- C:\Windows\System\nqhJPNk.exe
  C:\Windows\System\nqhJPNk.exe
  2⤵
  PID:8572
- C:\Windows\System\bTEDHMo.exe
  C:\Windows\System\bTEDHMo.exe
  2⤵
  PID:8624
- C:\Windows\System\BvsfoEm.exe
  C:\Windows\System\BvsfoEm.exe
  2⤵
  PID:8728
- C:\Windows\System\qGmMaNV.exe
  C:\Windows\System\qGmMaNV.exe
  2⤵
  PID:8772
- C:\Windows\System\mOPCUyR.exe
  C:\Windows\System\mOPCUyR.exe
  2⤵
  PID:8832
- C:\Windows\System\xGkOFOv.exe
  C:\Windows\System\xGkOFOv.exe
  2⤵
  PID:8816
- C:\Windows\System\JIuvHMo.exe
  C:\Windows\System\JIuvHMo.exe
  2⤵
  PID:8852
- C:\Windows\System\mDeKoAW.exe
  C:\Windows\System\mDeKoAW.exe
  2⤵
  PID:8912
- C:\Windows\System\HVjGAGo.exe
  C:\Windows\System\HVjGAGo.exe
  2⤵
  PID:8924
- C:\Windows\System\BfVPVhB.exe
  C:\Windows\System\BfVPVhB.exe
  2⤵
  PID:8940
- C:\Windows\System\WnoZbwM.exe
  C:\Windows\System\WnoZbwM.exe
  2⤵
  PID:8980
- C:\Windows\System\XHspVbY.exe
  C:\Windows\System\XHspVbY.exe
  2⤵
  PID:9036
- C:\Windows\System\SFwmwTq.exe
  C:\Windows\System\SFwmwTq.exe
  2⤵
  PID:9068
- C:\Windows\System\dEwadPT.exe
  C:\Windows\System\dEwadPT.exe
  2⤵
  PID:324
- C:\Windows\System\ECnefpM.exe
  C:\Windows\System\ECnefpM.exe
  2⤵
  PID:9096
- C:\Windows\System\bGIURSq.exe
  C:\Windows\System\bGIURSq.exe
  2⤵
  PID:9128
- C:\Windows\System\bIUQDlz.exe
  C:\Windows\System\bIUQDlz.exe
  2⤵
  PID:9148
- C:\Windows\System\CByAJQB.exe
  C:\Windows\System\CByAJQB.exe
  2⤵
  PID:9172
- C:\Windows\System\VeKuCfU.exe
  C:\Windows\System\VeKuCfU.exe
  2⤵
  PID:7828
- C:\Windows\System\UVLVQWk.exe
  C:\Windows\System\UVLVQWk.exe
  2⤵
  PID:8272
- C:\Windows\System\xSfxctE.exe
  C:\Windows\System\xSfxctE.exe
  2⤵
  PID:9196
- C:\Windows\System\UYRFPVp.exe
  C:\Windows\System\UYRFPVp.exe
  2⤵
  PID:9212
- C:\Windows\System\xPcLUAP.exe
  C:\Windows\System\xPcLUAP.exe
  2⤵
  PID:8060
- C:\Windows\System\ucusqDA.exe
  C:\Windows\System\ucusqDA.exe
  2⤵
  PID:9192
- C:\Windows\System\tYPKOIj.exe
  C:\Windows\System\tYPKOIj.exe
  2⤵
  PID:580
- C:\Windows\System\SqlXHuT.exe
  C:\Windows\System\SqlXHuT.exe
  2⤵
  PID:7740
- C:\Windows\System\yomnkVd.exe
  C:\Windows\System\yomnkVd.exe
  2⤵
  PID:8340
- C:\Windows\System\lanVcgR.exe
  C:\Windows\System\lanVcgR.exe
  2⤵
  PID:8412
- C:\Windows\System\QpuXgbC.exe
  C:\Windows\System\QpuXgbC.exe
  2⤵
  PID:8420
- C:\Windows\System\xvvlFxD.exe
  C:\Windows\System\xvvlFxD.exe
  2⤵
  PID:8596
- C:\Windows\System\yQRlOLE.exe
  C:\Windows\System\yQRlOLE.exe
  2⤵
  PID:8464
- C:\Windows\System\jDVRKop.exe
  C:\Windows\System\jDVRKop.exe
  2⤵
  PID:8476
- C:\Windows\System\TkbFYDp.exe
  C:\Windows\System\TkbFYDp.exe
  2⤵
  PID:8600
- C:\Windows\System\lOnZawb.exe
  C:\Windows\System\lOnZawb.exe
  2⤵
  PID:8564
- C:\Windows\System\njZjArZ.exe
  C:\Windows\System\njZjArZ.exe
  2⤵
  PID:8648
- C:\Windows\System\uDMZryp.exe
  C:\Windows\System\uDMZryp.exe
  2⤵
  PID:8712
- C:\Windows\System\EhZSIfV.exe
  C:\Windows\System\EhZSIfV.exe
  2⤵
  PID:8724
- C:\Windows\System\xDbULfP.exe
  C:\Windows\System\xDbULfP.exe
  2⤵
  PID:8788
- C:\Windows\System\ITYoxGQ.exe
  C:\Windows\System\ITYoxGQ.exe
  2⤵
  PID:8872
- C:\Windows\System\MTquToK.exe
  C:\Windows\System\MTquToK.exe
  2⤵
  PID:8888
- C:\Windows\System\oBHVHKQ.exe
  C:\Windows\System\oBHVHKQ.exe
  2⤵
  PID:8896
- C:\Windows\System\oPrHCOj.exe
  C:\Windows\System\oPrHCOj.exe
  2⤵
  PID:9004
- C:\Windows\System\fpfbpYq.exe
  C:\Windows\System\fpfbpYq.exe
  2⤵
  PID:9016
- C:\Windows\System\CJKSMbI.exe
  C:\Windows\System\CJKSMbI.exe
  2⤵
  PID:9060
- C:\Windows\System\UTLTuCu.exe
  C:\Windows\System\UTLTuCu.exe
  2⤵
  PID:9056
- C:\Windows\System\tyFQXSt.exe
  C:\Windows\System\tyFQXSt.exe
  2⤵
  PID:1720
- C:\Windows\System\JWyNBeU.exe
  C:\Windows\System\JWyNBeU.exe
  2⤵
  PID:9164
- C:\Windows\System\BviYpSf.exe
  C:\Windows\System\BviYpSf.exe
  2⤵
  PID:8240
- C:\Windows\System\aTizDqG.exe
  C:\Windows\System\aTizDqG.exe
  2⤵
  PID:7396
- C:\Windows\System\KSFnpAf.exe
  C:\Windows\System\KSFnpAf.exe
  2⤵
  PID:8228
- C:\Windows\System\wstQChm.exe
  C:\Windows\System\wstQChm.exe
  2⤵
  PID:8376
- C:\Windows\System\AtDtoie.exe
  C:\Windows\System\AtDtoie.exe
  2⤵
  PID:8352
- C:\Windows\System\PclVQGl.exe
  C:\Windows\System\PclVQGl.exe
  2⤵
  PID:8392
- C:\Windows\System\CfKuVSr.exe
  C:\Windows\System\CfKuVSr.exe
  2⤵
  PID:8540
- C:\Windows\System\lcoVjqF.exe
  C:\Windows\System\lcoVjqF.exe
  2⤵
  PID:8504
- C:\Windows\System\cfONFYN.exe
  C:\Windows\System\cfONFYN.exe
  2⤵
  PID:8536
- C:\Windows\System\GWrYAcw.exe
  C:\Windows\System\GWrYAcw.exe
  2⤵
  PID:8688
- C:\Windows\System\AVWJoLN.exe
  C:\Windows\System\AVWJoLN.exe
  2⤵
  PID:8848
- C:\Windows\System\ijWQZFR.exe
  C:\Windows\System\ijWQZFR.exe
  2⤵
  PID:9084
- C:\Windows\System\RgkCYNl.exe
  C:\Windows\System\RgkCYNl.exe
  2⤵
  PID:8244
- C:\Windows\System\IkzHPyV.exe
  C:\Windows\System\IkzHPyV.exe
  2⤵
  PID:8640
- C:\Windows\System\uqiIemU.exe
  C:\Windows\System\uqiIemU.exe
  2⤵
  PID:9160
- C:\Windows\System\KxavyUy.exe
  C:\Windows\System\KxavyUy.exe
  2⤵
  PID:9064
- C:\Windows\System\UgSVtbv.exe
  C:\Windows\System\UgSVtbv.exe
  2⤵
  PID:9144
- C:\Windows\System\kQdJaiN.exe
  C:\Windows\System\kQdJaiN.exe
  2⤵
  PID:8804
- C:\Windows\System\bGkREaE.exe
  C:\Windows\System\bGkREaE.exe
  2⤵
  PID:8212
- C:\Windows\System\wGwHKNM.exe
  C:\Windows\System\wGwHKNM.exe
  2⤵
  PID:7080
- C:\Windows\System\heoIyPM.exe
  C:\Windows\System\heoIyPM.exe
  2⤵
  PID:8432
- C:\Windows\System\ejmtLvD.exe
  C:\Windows\System\ejmtLvD.exe
  2⤵
  PID:8684
- C:\Windows\System\AdEgSCp.exe
  C:\Windows\System\AdEgSCp.exe
  2⤵
  PID:8652
- C:\Windows\System\XsqcydC.exe
  C:\Windows\System\XsqcydC.exe
  2⤵
  PID:8836
- C:\Windows\System\WXbDZeO.exe
  C:\Windows\System\WXbDZeO.exe
  2⤵
  PID:9188
- C:\Windows\System\IIqxGCy.exe
  C:\Windows\System\IIqxGCy.exe
  2⤵
  PID:9208
- C:\Windows\System\seADEZj.exe
  C:\Windows\System\seADEZj.exe
  2⤵
  PID:8544
- C:\Windows\System\jphiytN.exe
  C:\Windows\System\jphiytN.exe
  2⤵
  PID:9048
- C:\Windows\System\mMtlIdn.exe
  C:\Windows\System\mMtlIdn.exe
  2⤵
  PID:9052
- C:\Windows\System\KxJmSnq.exe
  C:\Windows\System\KxJmSnq.exe
  2⤵
  PID:8972
- C:\Windows\System\VeMiGLi.exe
  C:\Windows\System\VeMiGLi.exe
  2⤵
  PID:8356
- C:\Windows\System\Hhynjne.exe
  C:\Windows\System\Hhynjne.exe
  2⤵
  PID:8260
- C:\Windows\System\RzuWDub.exe
  C:\Windows\System\RzuWDub.exe
  2⤵
  PID:1000
- C:\Windows\System\aegqGyT.exe
  C:\Windows\System\aegqGyT.exe
  2⤵
  PID:9236
- C:\Windows\System\oWiDmAw.exe
  C:\Windows\System\oWiDmAw.exe
  2⤵
  PID:9256
- C:\Windows\System\YdNnPkH.exe
  C:\Windows\System\YdNnPkH.exe
  2⤵
  PID:9272
- C:\Windows\System\OyGTJuu.exe
  C:\Windows\System\OyGTJuu.exe
  2⤵
  PID:9292
- C:\Windows\System\IgEClMi.exe
  C:\Windows\System\IgEClMi.exe
  2⤵
  PID:9316
- C:\Windows\System\YNurGPv.exe
  C:\Windows\System\YNurGPv.exe
  2⤵
  PID:9336
- C:\Windows\System\cdYJcEj.exe
  C:\Windows\System\cdYJcEj.exe
  2⤵
  PID:9356
- C:\Windows\System\sUBywIM.exe
  C:\Windows\System\sUBywIM.exe
  2⤵
  PID:9376
- C:\Windows\System\uCRODDW.exe
  C:\Windows\System\uCRODDW.exe
  2⤵
  PID:9396
- C:\Windows\System\rpyATKo.exe
  C:\Windows\System\rpyATKo.exe
  2⤵
  PID:9412
- C:\Windows\System\sPTafqH.exe
  C:\Windows\System\sPTafqH.exe
  2⤵
  PID:9436
- C:\Windows\System\pEUjzGK.exe
  C:\Windows\System\pEUjzGK.exe
  2⤵
  PID:9476
- C:\Windows\System\vlUzHzq.exe
  C:\Windows\System\vlUzHzq.exe
  2⤵
  PID:9492
- C:\Windows\System\BchNYBT.exe
  C:\Windows\System\BchNYBT.exe
  2⤵
  PID:9508
- C:\Windows\System\RytDPpN.exe
  C:\Windows\System\RytDPpN.exe
  2⤵
  PID:9536
- C:\Windows\System\yXKLwrp.exe
  C:\Windows\System\yXKLwrp.exe
  2⤵
  PID:9552
- C:\Windows\System\QJkygrE.exe
  C:\Windows\System\QJkygrE.exe
  2⤵
  PID:9568
- C:\Windows\System\SwBlZOn.exe
  C:\Windows\System\SwBlZOn.exe
  2⤵
  PID:9588
- C:\Windows\System\BfALZZH.exe
  C:\Windows\System\BfALZZH.exe
  2⤵
  PID:9604
- C:\Windows\System\MfNYXto.exe
  C:\Windows\System\MfNYXto.exe
  2⤵
  PID:9624
- C:\Windows\System\FKKPVie.exe
  C:\Windows\System\FKKPVie.exe
  2⤵
  PID:9648
- C:\Windows\System\GQEHuiz.exe
  C:\Windows\System\GQEHuiz.exe
  2⤵
  PID:9664
- C:\Windows\System\DKaLrTJ.exe
  C:\Windows\System\DKaLrTJ.exe
  2⤵
  PID:9684
- C:\Windows\System\bFDbEwE.exe
  C:\Windows\System\bFDbEwE.exe
  2⤵
  PID:9712
- C:\Windows\System\sEJvtKS.exe
  C:\Windows\System\sEJvtKS.exe
  2⤵
  PID:9728
- C:\Windows\System\GLuaJEd.exe
  C:\Windows\System\GLuaJEd.exe
  2⤵
  PID:9744
- C:\Windows\System\UpBmhRx.exe
  C:\Windows\System\UpBmhRx.exe
  2⤵
  PID:9760
- C:\Windows\System\VhgPUsx.exe
  C:\Windows\System\VhgPUsx.exe
  2⤵
  PID:9784
- C:\Windows\System\IVkClUP.exe
  C:\Windows\System\IVkClUP.exe
  2⤵
  PID:9800
- C:\Windows\System\wscXfsY.exe
  C:\Windows\System\wscXfsY.exe
  2⤵
  PID:9816
- C:\Windows\System\YiZeJXr.exe
  C:\Windows\System\YiZeJXr.exe
  2⤵
  PID:9832
- C:\Windows\System\sfSUmiv.exe
  C:\Windows\System\sfSUmiv.exe
  2⤵
  PID:9856
- C:\Windows\System\FcLNfuM.exe
  C:\Windows\System\FcLNfuM.exe
  2⤵
  PID:9872
- C:\Windows\System\BejHgld.exe
  C:\Windows\System\BejHgld.exe
  2⤵
  PID:9892
- C:\Windows\System\izHESDO.exe
  C:\Windows\System\izHESDO.exe
  2⤵
  PID:9908
- C:\Windows\System\teZzlXh.exe
  C:\Windows\System\teZzlXh.exe
  2⤵
  PID:9928
- C:\Windows\System\FdYsjGn.exe
  C:\Windows\System\FdYsjGn.exe
  2⤵
  PID:9944
- C:\Windows\System\aaREdfI.exe
  C:\Windows\System\aaREdfI.exe
  2⤵
  PID:9980
- C:\Windows\System\qGSdJGo.exe
  C:\Windows\System\qGSdJGo.exe
  2⤵
  PID:9996
- C:\Windows\System\JRIPfQO.exe
  C:\Windows\System\JRIPfQO.exe
  2⤵
  PID:10012
- C:\Windows\System\mMgrgIj.exe
  C:\Windows\System\mMgrgIj.exe
  2⤵
  PID:10028
- C:\Windows\System\ltfdQlD.exe
  C:\Windows\System\ltfdQlD.exe
  2⤵
  PID:10052
- C:\Windows\System\tbIvJmh.exe
  C:\Windows\System\tbIvJmh.exe
  2⤵
  PID:10072
- C:\Windows\System\ufxwgTY.exe
  C:\Windows\System\ufxwgTY.exe
  2⤵
  PID:10088
- C:\Windows\System\vKVvvQG.exe
  C:\Windows\System\vKVvvQG.exe
  2⤵
  PID:10128
- C:\Windows\System\hHfjdYE.exe
  C:\Windows\System\hHfjdYE.exe
  2⤵
  PID:10144
- C:\Windows\System\DIihrcE.exe
  C:\Windows\System\DIihrcE.exe
  2⤵
  PID:10160
- C:\Windows\System\lfusqaq.exe
  C:\Windows\System\lfusqaq.exe
  2⤵
  PID:10188
- C:\Windows\System\eDIXMti.exe
  C:\Windows\System\eDIXMti.exe
  2⤵
  PID:10212
- C:\Windows\System\CwYkRYb.exe
  C:\Windows\System\CwYkRYb.exe
  2⤵
  PID:10236
- C:\Windows\System\NjqNvwm.exe
  C:\Windows\System\NjqNvwm.exe
  2⤵
  PID:8988
- C:\Windows\System\yKAWWLA.exe
  C:\Windows\System\yKAWWLA.exe
  2⤵
  PID:9248
- C:\Windows\System\FXinOiX.exe
  C:\Windows\System\FXinOiX.exe
  2⤵
  PID:8892
- C:\Windows\System\ZsSwuUr.exe
  C:\Windows\System\ZsSwuUr.exe
  2⤵
  PID:9332
- C:\Windows\System\sqmJyCN.exe
  C:\Windows\System\sqmJyCN.exe
  2⤵
  PID:9372
- C:\Windows\System\AjFIWgF.exe
  C:\Windows\System\AjFIWgF.exe
  2⤵
  PID:8768
- C:\Windows\System\CngWroL.exe
  C:\Windows\System\CngWroL.exe
  2⤵
  PID:7940
- C:\Windows\System\SsoefZy.exe
  C:\Windows\System\SsoefZy.exe
  2⤵
  PID:9264
- C:\Windows\System\qgIZQEt.exe
  C:\Windows\System\qgIZQEt.exe
  2⤵
  PID:9312
- C:\Windows\System\riIQaRa.exe
  C:\Windows\System\riIQaRa.exe
  2⤵
  PID:9384
- C:\Windows\System\iBmkZLF.exe
  C:\Windows\System\iBmkZLF.exe
  2⤵
  PID:9432
- C:\Windows\System\LwdrCmF.exe
  C:\Windows\System\LwdrCmF.exe
  2⤵
  PID:9452
- C:\Windows\System\qehowaq.exe
  C:\Windows\System\qehowaq.exe
  2⤵
  PID:9468
- C:\Windows\System\KHPrTib.exe
  C:\Windows\System\KHPrTib.exe
  2⤵
  PID:9548
- C:\Windows\System\lFmFACW.exe
  C:\Windows\System\lFmFACW.exe
  2⤵
  PID:9580
- C:\Windows\System\leWxUFZ.exe
  C:\Windows\System\leWxUFZ.exe
  2⤵
  PID:9656
- C:\Windows\System\hxeGaSe.exe
  C:\Windows\System\hxeGaSe.exe
  2⤵
  PID:9708
- C:\Windows\System\hLTHJoR.exe
  C:\Windows\System\hLTHJoR.exe
  2⤵
  PID:9740
- C:\Windows\System\XNSXLoj.exe
  C:\Windows\System\XNSXLoj.exe
  2⤵
  PID:9808
- C:\Windows\System\MSKSocN.exe
  C:\Windows\System\MSKSocN.exe
  2⤵
  PID:9852
- C:\Windows\System\nilacQd.exe
  C:\Windows\System\nilacQd.exe
  2⤵
  PID:9672
- C:\Windows\System\RQAwjTm.exe
  C:\Windows\System\RQAwjTm.exe
  2⤵
  PID:9924
- C:\Windows\System\xRNbHQI.exe
  C:\Windows\System\xRNbHQI.exe
  2⤵
  PID:9964
- C:\Windows\System\XuegXeX.exe
  C:\Windows\System\XuegXeX.exe
  2⤵
  PID:9752
- C:\Windows\System\kpKLpHm.exe
  C:\Windows\System\kpKLpHm.exe
  2⤵
  PID:9828
- C:\Windows\System\TaWCQob.exe
  C:\Windows\System\TaWCQob.exe
  2⤵
  PID:9900
- C:\Windows\System\dRqTHog.exe
  C:\Windows\System\dRqTHog.exe
  2⤵
  PID:10008
- C:\Windows\System\bWtLbMz.exe
  C:\Windows\System\bWtLbMz.exe
  2⤵
  PID:10048
- C:\Windows\System\WvFdWEs.exe
  C:\Windows\System\WvFdWEs.exe
  2⤵
  PID:9992
- C:\Windows\System\JZUVMvo.exe
  C:\Windows\System\JZUVMvo.exe
  2⤵
  PID:10096
- C:\Windows\System\nOohsJU.exe
  C:\Windows\System\nOohsJU.exe
  2⤵
  PID:10168
- C:\Windows\System\PhPtZgx.exe
  C:\Windows\System\PhPtZgx.exe
  2⤵
  PID:10108
- C:\Windows\System\ogWQGFy.exe
  C:\Windows\System\ogWQGFy.exe
  2⤵
  PID:10184
- C:\Windows\System\cDJkSbj.exe
  C:\Windows\System\cDJkSbj.exe
  2⤵
  PID:10200
- C:\Windows\System\mpUTPYJ.exe
  C:\Windows\System\mpUTPYJ.exe
  2⤵
  PID:8056
- C:\Windows\System\ryUwMLz.exe
  C:\Windows\System\ryUwMLz.exe
  2⤵
  PID:9156
- C:\Windows\System\mopaxAv.exe
  C:\Windows\System\mopaxAv.exe
  2⤵
  PID:9328
- C:\Windows\System\xqdkbMn.exe
  C:\Windows\System\xqdkbMn.exe
  2⤵
  PID:9232
- C:\Windows\System\dPmWaSb.exe
  C:\Windows\System\dPmWaSb.exe
  2⤵
  PID:9448
- C:\Windows\System\XGiNNGa.exe
  C:\Windows\System\XGiNNGa.exe
  2⤵
  PID:9504
- C:\Windows\System\TiaCBcX.exe
  C:\Windows\System\TiaCBcX.exe
  2⤵
  PID:9364
- C:\Windows\System\GdEWsga.exe
  C:\Windows\System\GdEWsga.exe
  2⤵
  PID:7660
- C:\Windows\System\XalhUDL.exe
  C:\Windows\System\XalhUDL.exe
  2⤵
  PID:9616
- C:\Windows\System\QLhvigX.exe
  C:\Windows\System\QLhvigX.exe
  2⤵
  PID:9692
- C:\Windows\System\OBEiTQP.exe
  C:\Windows\System\OBEiTQP.exe
  2⤵
  PID:9564
- C:\Windows\System\jaCkQDm.exe
  C:\Windows\System\jaCkQDm.exe
  2⤵
  PID:9840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUcaJXI.exe

Filesize
5.9MB

MD5
9f15e6a785b5a6134ffb9437b6e85502

SHA1
fd94c5965f64d75092baf966da2bd030ddea7bfa

SHA256
ffdff867750b2df170501928112ff7c3d6aa4d84e44bb50bdf43d0d62c37c84f

SHA512
0c989023086f62a77c4efdc40276aeb15a5928354514c1026d10a36ab0b7cd2611d22a10fbc8d94aaccf4402bc78bd385d9ec0f7b902689a32f05786e09a771b

Download Submit
C:\Windows\system\AcQWtOv.exe

Filesize
5.9MB

MD5
0a939e46344c75522a49e55ea6920a4d

SHA1
26e8d63bcdee262275c17af47b192354edd39a1d

SHA256
64d0e349020f0131d38c586b4e54052595c7003a196f3c6bee806f324d564a18

SHA512
a286f78d77ff31b3e0fb22f243c5e78d2add4871a72d797c4c82faf2f4dac4eb1fa85de31068da268a6338b2879f274c7d8b11e1e5eb68b7d889dfe99eb66bfe

Download Submit
C:\Windows\system\CFEkSJi.exe

Filesize
5.9MB

MD5
e242cf868ffbf510fb5f6086ff9b3202

SHA1
c29040a8cc7f025e69ad04363c60261ce352a3e0

SHA256
484e8cdeb1b58e7a281728128fc3716bbb56ea9154360faef8ee36d2c6266413

SHA512
1bb1d00e8eb7e8f8bae15e5e155044d959d36297dd9ce999d64996c15ba16b134d7343b9f373f9b06055be11fbd82219fbd18f6df2c9cca999d4f8211d6669f0

Download Submit
C:\Windows\system\DmQOvbd.exe

Filesize
5.9MB

MD5
6b57cc62d8e0b46eb6c6ea89c5a6864b

SHA1
b28a0ec017cff6bd94d9084f29584c4966ffa94c

SHA256
fc5e3af5a353109e5c5c82b5a6c6abd00c5630f5836842fd7e1b020ad59dd84a

SHA512
e1a9f5d307aa799d48b478b5c80daeffa73a95ad94cdfd7175aa9cb051abfdc83ea4a12cfa3f3b812ceed63dc48ee3ee35c7d595fbabede1bae766b513bb0ee7

Download Submit
C:\Windows\system\FtpxtEX.exe

Filesize
5.9MB

MD5
f03dab7db12f9c040022e94b03ff8d9b

SHA1
da56c7fe86a38c89cb07192bcd116e8097f2188d

SHA256
ebf2f14bf49d238071e8fe3993f44260584d298ac56fbda4346f1aeb2a521494

SHA512
6af970667811b1797b385b34cdecbca888978afb6355616a6145b29e291cf94d8c2a55faad96b4df1f25e7643f173d51fcb859575684805449d19ffa1f728e9b

Download Submit
C:\Windows\system\KHVaPOw.exe

Filesize
5.9MB

MD5
ccfdbb0e925dc68ea92cb7f1319ad772

SHA1
8900d5ae975cbb596a1034a5eeda4e131e6793aa

SHA256
9b032e188ee2fd7bcb5d874b5bab97ab6fd8605270c850d0594c6815fcda9578

SHA512
a528250005a067b78c7dd354f5610ecaca4c560809d681d7151084a13ed02134e38649402d3e6462d07b7bf26eb162c195ca282988f1ff323d253596db845a07

Download Submit
C:\Windows\system\MiZwUof.exe

Filesize
5.9MB

MD5
19dad6111109e2111b7d13f86ca18e1f

SHA1
39db3c4ada68b7e30bcc99e77f1d4f70ef021d26

SHA256
66fde30ed3797206cb4b5bd55ac38170d9cfa7f2b3c98bfe03c4308cea802116

SHA512
2ae6014fd04d6db41082fb96a77a8c739f8aa214d52fbf6e682a600df90774410a6671485c9e5e85f16dc541ceeadd6791800ec21a5443523f1a3fc486cd888d

Download Submit
C:\Windows\system\MyVaMOw.exe

Filesize
5.9MB

MD5
a823bb6a5b5d23dbd768e117bdaea8ce

SHA1
bd3e6acb3cf07122161bfe649df581285a72f5ae

SHA256
9028b92d07246f1527bafeedae972d5eef1744116e3ba1ed361bdf77003f8ff2

SHA512
b1ee67e5bd6b9ec5415ce747a2e8d246a4093edd924cfa7efae4e3de929dee965ccb8034d326acfe4a6155d4f37000a266a10bef5428ac1aa7b1bd56a1b0bcda

Download Submit
C:\Windows\system\NoQJCff.exe

Filesize
5.9MB

MD5
43a03c95007ee3548b6943afb3eb75a3

SHA1
4abbd6a9187ae224a7eb174d45fcbef5ae2fdb2b

SHA256
f421be3695f7bcffd8fed1dd9d097671cab0c70515ce789f165e7a7f6fdb5142

SHA512
e0275a418723ca81236aa56fed3b4d7aab7bdf2853fc420aae93afaa779af242981041985b55d37498deffa427a23cdf897ee15af7e639b73f11abee1438dcf1

Download Submit
C:\Windows\system\RrejYFc.exe

Filesize
5.9MB

MD5
c0bb4af0b5f79f366fd6692f477499bc

SHA1
e966f347a00f466a070fbfa4569f107a42616d3e

SHA256
751cc360f6ac40f56cf221226daed80460fdbff737666aa4ab2c8cf2c28e999f

SHA512
8d4f1fcefceeaee8ee1c4f4d1b949ee0b5d2280cb842984770b7e0659d8c70b47b9c300e8a01deb24d66aeee51a899f9de59516d9f94b62717843594a6f832ed

Download Submit
C:\Windows\system\TQesExk.exe

Filesize
5.9MB

MD5
3a8d7434d003696b416f64992d7b8a8f

SHA1
f12f9660d0e351b6ee93266ee5d72b4f2331c320

SHA256
e70b7145b91cddf4114779372ebf1616296be4c7e3ad53af11370d5fabee141a

SHA512
eb790e7b00bacb1a4aaa541663dd93c86c5ab2fe1949056cde70fd6d11d4314a0b9081145226da3af2f21f1f606e88d1802b091e9af69ec64e80e3b95a076e88

Download Submit
C:\Windows\system\UhMwuBX.exe

Filesize
5.9MB

MD5
2dac63cde5a3a567c2994a9dbcfd4680

SHA1
12a23c042f21093811bcd095051ab145ccebd7e0

SHA256
d9b2e6890bcfd61b961bf9fcdd2d90b31d5d117e0d83d0d95dc94569c448aa0c

SHA512
512374a69e0888f4a4a3630e3f3653f149b3aa992bb3e0558322d5881cffccf7171887ff5e275d6a75e31bf376ffde21165cb092fb072863d780767aec98c8a7

Download Submit
C:\Windows\system\VBGpYFx.exe

Filesize
5.9MB

MD5
9faf44dda9fe69904b448c23c236f3d3

SHA1
757e58e776f3ea46de0d98d66327a32343d4b9f1

SHA256
f14d4a85460d15870200b31484d4d85da8577ddc5660099c8ec347e7f30bd9fb

SHA512
979e07c07bf89a905954991a2e9cdbeb4f7625379ee11800727cd9ccfb465ee826948afe63f226319c194cc41f9d4b70d29468a3fe5906f299d36defc48f469a

Download Submit
C:\Windows\system\VTRrvdV.exe

Filesize
5.9MB

MD5
97c20b5fbd1ef0e3980370f5a80a82ab

SHA1
c4994081a38dbb607dccb56f9a05f5cc6c750fbb

SHA256
789390c41f36484cafb9904e44367e5146a45da506aba09720878c1cedef087a

SHA512
2ea292d626d300c9dc4a563ce8843f3a2dddcd026b9fe2cf653e62fb93ad6e2b3e6893b97f18aac6c4d584bfab567396832bb05c1f73a1db233217c4972058ca

Download Submit
C:\Windows\system\bBfSbvw.exe

Filesize
8B

MD5
ecf6b7ff3d234f73808efb34e4a84846

SHA1
9b1173348c9e8cb9223d2c740adb7428c392ad6c

SHA256
e00a0dbd61286e3b4233da7f74e7c774628e9a26c1b458f7c96483fe302cf7c1

SHA512
1f90c68b709565ffe0bf8ed287c69a0723a7fc66a1d19cb6b452c3784e16b430a9523157c7d846ae7163c386ec35587796d24b6f47da0da2c5840274b6c8eab5

Download Submit
C:\Windows\system\cihhsJK.exe

Filesize
5.9MB

MD5
230145ee5279a513487563814703e5d2

SHA1
ff132c22edeeefc5e8f3798a5001152ed034bc94

SHA256
5d85c3ae183874eaad83756529655bd87a95c88ca78337cde24da3402faa8715

SHA512
1a9a47de8f73bbb7dd4a99e128780d2785dce8359f72ab86133c0ec2890fb3160cbe87b5eb861f83402dabaf7c5d62d527567978cc52ba3f99813bd686b4f2a8

Download Submit
C:\Windows\system\eByWFEG.exe

Filesize
5.9MB

MD5
ef082a426aaf930e69677fb0e13f64dd

SHA1
cd96612c5a4789c9f2f1f357506f1da60e455bed

SHA256
def5902e515528bd99ea320acba2ffa7f5f3f6b6c672f66b59f8443fb0ea5e24

SHA512
b706ad584770d3c9e5f7700f610f9b897037a57035595820cee5249178121a235889772e4dd2bb62198f541ef18d9ab58be634afd5f5c708476f33aba703162f

Download Submit
C:\Windows\system\eRvZLea.exe

Filesize
5.9MB

MD5
f71eb46a28060bca9c32ac9f02ad757a

SHA1
00f70b0d7d7c06e6207804432e579686c31088ad

SHA256
2afcd264688681838fc1304cf82c2c3204509fccf8e148d34bf6acf51708e49e

SHA512
54a60f494b53e9cbfcc4c8fe66382632f251db834be2ff78c16086ab7737f14fa06abfbaf9bd9681c169c05f941623646e3f18e454908439b19dd02db3b293f6

Download Submit
C:\Windows\system\fSSasYe.exe

Filesize
5.9MB

MD5
2033fd63201f07796832f074abde1b82

SHA1
f7e0d34b3a61d71e877daecd1e6b4bfb7315ba73

SHA256
0c9cf7d8130350ff11d0d6cf8035ca9178cf7ca4cefa55a86eaab39ae25faf47

SHA512
dabd3c2e8ff61b1847bf77355474744c63c63702b974e897eefba8b6283a04201da120901c28a3c21222d6723ab95a9eb141682680244fc432383ada3d048596

Download Submit
C:\Windows\system\iHnocUu.exe

Filesize
5.9MB

MD5
27de45f79cf47d9efaf11ff50df0a6b5

SHA1
600deccc8eceb69f2d62126617161569ef46bafa

SHA256
e31d1df96bf031694426d574db0a22a5be4797d1cdbf2fa0bd3d7117b2d23f13

SHA512
0db926b0921b8d75fc9ea08a09b5f76eef2f77f98f00bc20cffd7ea2af2cde5d33dbbe64777dda73f4d1cd06d51f1e38a6a281b7dc44ddd98a8e11ac5becd3ca

Download Submit
C:\Windows\system\irgJdSt.exe

Filesize
5.9MB

MD5
7c8b358681f2b80799d0a45bdf472f19

SHA1
cb732a706040883724dc54479870092ca046ced9

SHA256
8c32446bb632b96921459e971218e029dc19c5a20c47f3d77e39c235a5f49913

SHA512
c58922f12af89b2d6c4ae430e294eb329a2c9902037136c383639b175eb2a41407497fd95ca5455ec78d07df810e8623396ada5432e6d15de7cc2f214a5d0fb3

Download Submit
C:\Windows\system\kIljhop.exe

Filesize
5.9MB

MD5
e64bb0d0437cbea5c1c48b6b3de2b04f

SHA1
26cbd24d2727107cdbbfe2911cc25743cda74769

SHA256
25d02bb77251255c82cb8f713567bb2de7aaedcf9f5b9761de2f13582e794a75

SHA512
8fe649772b009384b5622e3bee214b23f19f62e3b14b64998d8a0548d4d077d5a0ae7bc178d6f41789827e65a34de005c03eeb2be308eee61af8512062dace8a

Download Submit
C:\Windows\system\nylEoDU.exe

Filesize
5.9MB

MD5
ec87973f2d1f0b2f8b2958bbafb3062f

SHA1
c65d71736919b7eac6b6769d1b9541f53cab2ee9

SHA256
efaa8f36c5224f907629421c857e3890d0ebaeca5546deeb9fdd8bd220e2f320

SHA512
062fd34c2506af3a4f9e3827eca0d28153d3a28fb229ee63b47346077969aceb80031892ee7848116e7c82e6620498837f6a6ee12f0f198fd97776954e3a6514

Download Submit
C:\Windows\system\oCcvwHv.exe

Filesize
5.9MB

MD5
75d2d3f7b6c88f682956a07698f81e69

SHA1
26a365adfd69f5f9f6a6c34eb54ecdfac4891e2e

SHA256
dd7dff18f8cb848a7b9326c136cd9408f0c797cda800e1a0ec40351b2364324a

SHA512
cac28591139cb72ab5b24c0307c0c38d475760b4b864b0afc7104a7e1c36d058d4095db1a155adeebba8a7c1992d6dc40f43a512c031aa518025658a9f1258cd

Download Submit
C:\Windows\system\pJbGSAd.exe

Filesize
5.9MB

MD5
3def9e8edcd66cf1e18b0012313262f3

SHA1
c87bac871199a6c7de85bd361c7d044f444e4703

SHA256
8e14cf29f793de5ea824c51a7abe987e245f710c50c48d220d5293415529b96f

SHA512
f2e65c48d50afa2ef6e7ccf48860dae47ce5542d47de7bafeb391f6a9d1d201c9a6a0f571477ad7a9f4ccdad3f80a4ab29095525c111b48b239328ca71726fd9

Download Submit
C:\Windows\system\sjEtpuF.exe

Filesize
5.9MB

MD5
17de7d8f6d9b6dc718fa8235712e3e45

SHA1
744696dc160e96c7e11624c0244d78d6b4638156

SHA256
3d972c5fcdfdb71f422465d9347573f250064a8d59fedc36b3329b356b4a446d

SHA512
3d3fad16f38048c6d0548096c17e3918c1cc25adda42d08dca3564c06c8711bb3fe71e2b9724e84348e277b3a353d700647f68af259ffeec7277d68729ae2d98

Download Submit
C:\Windows\system\tiWyGKN.exe

Filesize
5.9MB

MD5
171c4c1d585196dfedeb617a21e5747e

SHA1
ab793b2a43ba4ec2c0e753f06c79557fe5f9a2c6

SHA256
2a2852c77f4e8ddbd7aa24bdf379c201ac091e661994170645095fb38f3ebedb

SHA512
0853201b413884f8c14845bc5ba45449bb93628aa04502a01484602850ee33569cba46e0de2104c169a7fb0d66d14e9cfa88d135985b8fb15bc999b556bb6e58

Download Submit
C:\Windows\system\wabvPBu.exe

Filesize
5.9MB

MD5
562515d1e960f0b17b6377fb25ee9a98

SHA1
cebf49e9e63b802fe24c561545f361a977673f36

SHA256
7f2af9696606b98e909ffa97646f05e6be2f24943e1891600035796f444286d0

SHA512
485f26c77109b4ca6d4610bbf75070971d76bcb27a7230ab51a27a7cad35f0ea3f61250ec95ba0ae4bba35a918e127f194d43dfade115acc4d91140268aeab61

Download Submit
C:\Windows\system\wgAiaTE.exe

Filesize
5.9MB

MD5
2457b0bb69d0b81f39022aaca1811ce3

SHA1
561500571c1897a6eb2dfe63253b05deecd1f4bf

SHA256
9ccf8db1be90acbd6e039bfee6bdbf4f3f124dcdde0041373783c37de9338a3e

SHA512
d3afd1e276011e2a0986dfb0f6cf340caaa6c62e9e4e5d1c59f8d41bbfce8423d4021eec393ea4538fc8f6c39f3dfa108c7de079461952b04d7c17f3bf157e64

Download Submit
C:\Windows\system\xNddHFm.exe

Filesize
5.9MB

MD5
09c9bc17bcb52eccfae686f4a6a1b4b7

SHA1
863e35627058038f81699f93d0ab934739213c20

SHA256
6fb3e3387b8e0c84d3180a340bf01dc60e7ab5ea8ece95018214eef099fd0d1b

SHA512
be6f472f7089122003576aba57f60b0fd10e58702db0fab94a695f8916e60ff8d72b8b93e52d2abb37c9417a1ea49d77b4aa49aedba2b6d641ed5924a67079c0

Download Submit
\Windows\system\NxeNGBC.exe

Filesize
5.9MB

MD5
9e7ab288df407a080f60cb4aaad4de91

SHA1
1cc7fcdd976dd22669b3ddb59cc6f4b68f232311

SHA256
5fdb29a36cf8e7d9587e2b29741b2c4aea417fc6c92ec7d6f6944e78d3088f63

SHA512
eaefb0c7caf5bc1c4a1b3fd61f8342470005e95e4d777432f4b59725d0b1cecba2dc05c14295c34c46b128bf6c9e0c1dcc55dbbb21a6fee10b3c6ee3297b114a

Download Submit
\Windows\system\dvPxWSc.exe

Filesize
5.9MB

MD5
2443e9113dc3849779f8da1fa1c596fb

SHA1
05898fc3f708e36376681aa81ce7076f3c497e40

SHA256
745e2b9c1b5085dd4a1604b0e8fe7a1a8722bef465f87d0c4eb94dae9d9b4058

SHA512
ffd25fdc6a5fecbe69547d011b053de27878489adbd1179041dd794718484517bd896e51082e2db277c5ad67db0787fbe6c3aa6dc675744f67f01c8c17616561

Download Submit
\Windows\system\eMXdMUZ.exe

Filesize
5.9MB

MD5
597b627b4a973fd49abc4aca789f674c

SHA1
3ae8a1ea796a2d93c176e55b01ee975a49af67d6

SHA256
e296cc5bc7275c45bdb6c667de504bdd54b6b948697369859abd41a6abc2a870

SHA512
a711ae5c7e6490d4feb0a533e27c7901e63be4bfaf15bcc035fc04070a3e7da5ebc73e701c377295df023deb59409b09658a02d064dd34523b0b7da65a03e145

Download Submit
memory/332-15-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/332-3807-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3801-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1500-88-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1500-554-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1992-93-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-69-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-440-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1992-655-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1992-7-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-994-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1992-848-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1992-13-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-37-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1992-85-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1992-31-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-27-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-111-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1992-110-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-43-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1992-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1992-61-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1992-55-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-26-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-102-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1992-101-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1992-92-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-266-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1992-78-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2168-106-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2168-3810-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2168-895-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4445-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2288-83-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2360-19-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3715-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3814-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2716-65-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2716-105-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2784-64-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3731-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-29-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-52-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3824-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2840-72-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3831-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-35-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2924-58-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3794-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3755-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-41-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-82-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3788-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2972-73-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2972-216-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2992-97-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3841-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-755-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-24-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-54-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3817-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download