cobaltstrike | ca6732b7502602e94008bcccfa4a4fece5b5444ddeb7ed0fb25067d027466c28

Analysis

max time kernel
125s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

e2fbd0aa94a7aeaed871049e2121c6ec
SHA1

49c36c333705a711caa7cf22ee0c3ecd888c9b74
SHA256

ca6732b7502602e94008bcccfa4a4fece5b5444ddeb7ed0fb25067d027466c28
SHA512

6e5a01842c38a82dffacdc4cb6ee7657b5b9db875f3c37a44eea197dc0b4ec5ff82e448b6b5719c65f8e3eeebdfcc8ee568f1d2ce2bf96d13db2f92515853143
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000800000002426b-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024270-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002426f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024273-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024272-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024276-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024275-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024279-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024278-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024277-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024274-43.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002426c-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427a-77.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427b-89.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427f-107.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024282-130.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024283-154.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024285-152.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024284-148.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024281-137.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024280-127.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427e-111.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427d-108.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024286-158.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024287-167.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024288-174.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024289-181.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428a-186.dat	cobalt_reflective_dll
behavioral1/files/0x000d0000000240fa-200.dat	cobalt_reflective_dll
behavioral1/files/0x000c0000000240c1-198.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428b-205.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/6068-0-0x00007FF608650000-0x00007FF6089A4000-memory.dmp	xmrig
behavioral1/files/0x000800000002426b-5.dat	xmrig
behavioral1/memory/228-8-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000024270-10.dat	xmrig
behavioral1/files/0x000700000002426f-11.dat	xmrig
behavioral1/memory/2144-12-0x00007FF776180000-0x00007FF7764D4000-memory.dmp	xmrig
behavioral1/memory/3868-20-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024273-31.dat	xmrig
behavioral1/files/0x0007000000024272-35.dat	xmrig
behavioral1/files/0x0007000000024276-49.dat	xmrig
behavioral1/files/0x0007000000024275-52.dat	xmrig
behavioral1/memory/3016-60-0x00007FF7084D0000-0x00007FF708824000-memory.dmp	xmrig
behavioral1/memory/1996-63-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024279-70.dat	xmrig
behavioral1/memory/2420-73-0x00007FF7782D0000-0x00007FF778624000-memory.dmp	xmrig
behavioral1/memory/4940-72-0x00007FF7BDE80000-0x00007FF7BE1D4000-memory.dmp	xmrig
behavioral1/memory/2012-69-0x00007FF6F02C0000-0x00007FF6F0614000-memory.dmp	xmrig
behavioral1/memory/3888-68-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024278-66.dat	xmrig
behavioral1/files/0x0007000000024277-64.dat	xmrig
behavioral1/files/0x0007000000024274-43.dat	xmrig
behavioral1/memory/4204-37-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp	xmrig
behavioral1/memory/4676-32-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp	xmrig
behavioral1/files/0x000800000002426c-27.dat	xmrig
behavioral1/memory/3992-24-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp	xmrig
behavioral1/files/0x000700000002427a-77.dat	xmrig
behavioral1/memory/3488-88-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp	xmrig
behavioral1/files/0x000700000002427b-89.dat	xmrig
behavioral1/memory/5064-96-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp	xmrig
behavioral1/files/0x000700000002427f-107.dat	xmrig
behavioral1/memory/2484-114-0x00007FF796850000-0x00007FF796BA4000-memory.dmp	xmrig
behavioral1/memory/1996-121-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024282-130.dat	xmrig
behavioral1/memory/3888-131-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp	xmrig
behavioral1/memory/2448-145-0x00007FF6AA9D0000-0x00007FF6AAD24000-memory.dmp	xmrig
behavioral1/files/0x0007000000024283-154.dat	xmrig
behavioral1/files/0x0007000000024285-152.dat	xmrig
behavioral1/memory/904-151-0x00007FF6B4600000-0x00007FF6B4954000-memory.dmp	xmrig
behavioral1/memory/1220-150-0x00007FF7B62A0000-0x00007FF7B65F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024284-148.dat	xmrig
behavioral1/memory/1044-147-0x00007FF7B2970000-0x00007FF7B2CC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024281-137.dat	xmrig
behavioral1/memory/5072-136-0x00007FF7EE670000-0x00007FF7EE9C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024280-127.dat	xmrig
behavioral1/memory/2272-126-0x00007FF6CBDE0000-0x00007FF6CC134000-memory.dmp	xmrig
behavioral1/memory/4204-117-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp	xmrig
behavioral1/memory/4676-113-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp	xmrig
behavioral1/files/0x000700000002427e-111.dat	xmrig
behavioral1/memory/1184-110-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp	xmrig
behavioral1/files/0x000700000002427d-108.dat	xmrig
behavioral1/memory/3992-106-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp	xmrig
behavioral1/memory/5688-105-0x00007FF7698B0000-0x00007FF769C04000-memory.dmp	xmrig
behavioral1/files/0x000700000002427c-100.dat	xmrig
behavioral1/memory/3868-99-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp	xmrig
behavioral1/memory/2144-93-0x00007FF776180000-0x00007FF7764D4000-memory.dmp	xmrig
behavioral1/memory/4828-80-0x00007FF6E1EF0000-0x00007FF6E2244000-memory.dmp	xmrig
behavioral1/memory/228-79-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp	xmrig
behavioral1/memory/6068-78-0x00007FF608650000-0x00007FF6089A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024286-158.dat	xmrig
behavioral1/files/0x0007000000024287-167.dat	xmrig
behavioral1/memory/212-170-0x00007FF611500000-0x00007FF611854000-memory.dmp	xmrig
behavioral1/memory/5064-168-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp	xmrig
behavioral1/memory/3488-165-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp	xmrig
behavioral1/memory/6080-164-0x00007FF61C520000-0x00007FF61C874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
228	dTEKXoU.exe
2144	JXOwnvn.exe
3868	qUIgPiA.exe
3992	qAfpqUw.exe
4676	VBeMWeH.exe
4204	idsVqOb.exe
3016	lZOStii.exe
2012	dYfMCxC.exe
1996	jjdabEN.exe
4940	sOgnRou.exe
3888	aJmTUKf.exe
2420	lVDkiOA.exe
4828	opdYcjn.exe
3488	OpXSHsa.exe
5064	KMTVFNo.exe
5688	QkJGpdG.exe
1184	MKvENLD.exe
2484	KiQDaLK.exe
2272	gVItNSK.exe
5072	ZBknMoH.exe
2448	tKrQScs.exe
1220	uJnRKJn.exe
1044	GVsOCCm.exe
904	wWpcLnP.exe
6080	CXvwLuk.exe
212	AbdaLmP.exe
4040	ArBjZMP.exe
2836	FKBaUiG.exe
3124	qfcAuTW.exe
5980	LojfdpQ.exe
4496	KjcliTA.exe
696	eOJBqYC.exe
4348	pdmolsN.exe
5724	mBpfRda.exe
5308	PDeKVcz.exe
5516	VdxqXkw.exe
4436	hcOPYmS.exe
6060	TPEqcEd.exe
5760	yWFMHRF.exe
3608	xjiEvUK.exe
612	XnlWPbC.exe
396	QjKqIIV.exe
3184	PhoONvx.exe
5612	zCXkDko.exe
5604	YkOmheb.exe
4052	tMiZAIK.exe
5036	GgqfulV.exe
4252	MdUPKcb.exe
2744	IXKSODx.exe
4500	DbnRJFG.exe
2976	GZBIpeD.exe
1160	dlteFFS.exe
1052	VsKmPNG.exe
6112	XNEzrbO.exe
6012	ycHqVhS.exe
5896	TAlEded.exe
5272	EMxuODu.exe
2440	XayTIhg.exe
2828	pJpgstc.exe
4824	Dgfdxvg.exe
3444	tVSlcfw.exe
5300	NuKXkJs.exe
2520	WWEEWZH.exe
3092	jaIuRcv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/6068-0-0x00007FF608650000-0x00007FF6089A4000-memory.dmp	upx
behavioral1/files/0x000800000002426b-5.dat	upx
behavioral1/memory/228-8-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp	upx
behavioral1/files/0x0007000000024270-10.dat	upx
behavioral1/files/0x000700000002426f-11.dat	upx
behavioral1/memory/2144-12-0x00007FF776180000-0x00007FF7764D4000-memory.dmp	upx
behavioral1/memory/3868-20-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp	upx
behavioral1/files/0x0007000000024273-31.dat	upx
behavioral1/files/0x0007000000024272-35.dat	upx
behavioral1/files/0x0007000000024276-49.dat	upx
behavioral1/files/0x0007000000024275-52.dat	upx
behavioral1/memory/3016-60-0x00007FF7084D0000-0x00007FF708824000-memory.dmp	upx
behavioral1/memory/1996-63-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp	upx
behavioral1/files/0x0007000000024279-70.dat	upx
behavioral1/memory/2420-73-0x00007FF7782D0000-0x00007FF778624000-memory.dmp	upx
behavioral1/memory/4940-72-0x00007FF7BDE80000-0x00007FF7BE1D4000-memory.dmp	upx
behavioral1/memory/2012-69-0x00007FF6F02C0000-0x00007FF6F0614000-memory.dmp	upx
behavioral1/memory/3888-68-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp	upx
behavioral1/files/0x0007000000024278-66.dat	upx
behavioral1/files/0x0007000000024277-64.dat	upx
behavioral1/files/0x0007000000024274-43.dat	upx
behavioral1/memory/4204-37-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp	upx
behavioral1/memory/4676-32-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp	upx
behavioral1/files/0x000800000002426c-27.dat	upx
behavioral1/memory/3992-24-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp	upx
behavioral1/files/0x000700000002427a-77.dat	upx
behavioral1/memory/3488-88-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp	upx
behavioral1/files/0x000700000002427b-89.dat	upx
behavioral1/memory/5064-96-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp	upx
behavioral1/files/0x000700000002427f-107.dat	upx
behavioral1/memory/2484-114-0x00007FF796850000-0x00007FF796BA4000-memory.dmp	upx
behavioral1/memory/1996-121-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp	upx
behavioral1/files/0x0007000000024282-130.dat	upx
behavioral1/memory/3888-131-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp	upx
behavioral1/memory/2448-145-0x00007FF6AA9D0000-0x00007FF6AAD24000-memory.dmp	upx
behavioral1/files/0x0007000000024283-154.dat	upx
behavioral1/files/0x0007000000024285-152.dat	upx
behavioral1/memory/904-151-0x00007FF6B4600000-0x00007FF6B4954000-memory.dmp	upx
behavioral1/memory/1220-150-0x00007FF7B62A0000-0x00007FF7B65F4000-memory.dmp	upx
behavioral1/files/0x0007000000024284-148.dat	upx
behavioral1/memory/1044-147-0x00007FF7B2970000-0x00007FF7B2CC4000-memory.dmp	upx
behavioral1/files/0x0007000000024281-137.dat	upx
behavioral1/memory/5072-136-0x00007FF7EE670000-0x00007FF7EE9C4000-memory.dmp	upx
behavioral1/files/0x0007000000024280-127.dat	upx
behavioral1/memory/2272-126-0x00007FF6CBDE0000-0x00007FF6CC134000-memory.dmp	upx
behavioral1/memory/4204-117-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp	upx
behavioral1/memory/4676-113-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp	upx
behavioral1/files/0x000700000002427e-111.dat	upx
behavioral1/memory/1184-110-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp	upx
behavioral1/files/0x000700000002427d-108.dat	upx
behavioral1/memory/3992-106-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp	upx
behavioral1/memory/5688-105-0x00007FF7698B0000-0x00007FF769C04000-memory.dmp	upx
behavioral1/files/0x000700000002427c-100.dat	upx
behavioral1/memory/3868-99-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp	upx
behavioral1/memory/2144-93-0x00007FF776180000-0x00007FF7764D4000-memory.dmp	upx
behavioral1/memory/4828-80-0x00007FF6E1EF0000-0x00007FF6E2244000-memory.dmp	upx
behavioral1/memory/228-79-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp	upx
behavioral1/memory/6068-78-0x00007FF608650000-0x00007FF6089A4000-memory.dmp	upx
behavioral1/files/0x0007000000024286-158.dat	upx
behavioral1/files/0x0007000000024287-167.dat	upx
behavioral1/memory/212-170-0x00007FF611500000-0x00007FF611854000-memory.dmp	upx
behavioral1/memory/5064-168-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp	upx
behavioral1/memory/3488-165-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp	upx
behavioral1/memory/6080-164-0x00007FF61C520000-0x00007FF61C874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gGlvPDs.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\raOWTTA.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xYGLhBX.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dFCevao.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cURTGCA.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MddMNPV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LojfdpQ.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZKfZYkj.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lNcqlGz.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MuBcOgW.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dPtqKPd.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PSIklsV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vJvqepb.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NalZJAP.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eCecckN.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NLOHTsM.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OULmvdQ.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rVWwYAl.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MSwgIFp.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lHRRABE.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OzwImnw.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BcIRzJN.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wvrhSDb.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pdGTZfa.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vbrauNP.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vfiewUa.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mXRXusy.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EGGopMk.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xIxIQXG.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\caRLgqM.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JVQuuIX.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rHMtYUe.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JSWzBev.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iTIqCVb.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eRfOLWS.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MrHvlYG.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GaRwgpC.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dLqqcBp.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dSQbeGC.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pzIlqmr.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\izLNAvf.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lGuAySV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bvpKSKu.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\torgUMs.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EwkuhrE.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EiVTAnN.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RBXivHu.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ppAsSBB.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RyIAXDQ.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vmnUYDR.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MfTuRFj.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CmJXLFB.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LTEbjCq.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YQeihWo.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DIhAsyj.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DFqDzVl.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UVXUJjz.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bLkAOJG.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TPEqcEd.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mzLHxST.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pNRefXg.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lrHjffk.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lZOStii.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TmtAwMi.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6068 wrote to memory of 228	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 6068 wrote to memory of 228	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 6068 wrote to memory of 2144	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 6068 wrote to memory of 2144	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 6068 wrote to memory of 3868	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 6068 wrote to memory of 3868	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 6068 wrote to memory of 3992	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 6068 wrote to memory of 3992	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 6068 wrote to memory of 4676	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 6068 wrote to memory of 4676	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 6068 wrote to memory of 4204	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 6068 wrote to memory of 4204	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 6068 wrote to memory of 3016	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 6068 wrote to memory of 3016	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 6068 wrote to memory of 2012	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 6068 wrote to memory of 2012	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 6068 wrote to memory of 1996	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 6068 wrote to memory of 1996	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 6068 wrote to memory of 4940	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 6068 wrote to memory of 4940	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 6068 wrote to memory of 3888	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 6068 wrote to memory of 3888	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 6068 wrote to memory of 2420	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 6068 wrote to memory of 2420	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 6068 wrote to memory of 4828	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 6068 wrote to memory of 4828	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 6068 wrote to memory of 3488	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 6068 wrote to memory of 3488	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 6068 wrote to memory of 5064	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 6068 wrote to memory of 5064	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 6068 wrote to memory of 5688	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 6068 wrote to memory of 5688	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 6068 wrote to memory of 1184	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 6068 wrote to memory of 1184	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 6068 wrote to memory of 2484	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 6068 wrote to memory of 2484	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 6068 wrote to memory of 2272	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 6068 wrote to memory of 2272	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 6068 wrote to memory of 5072	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 6068 wrote to memory of 5072	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 6068 wrote to memory of 2448	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 6068 wrote to memory of 2448	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 6068 wrote to memory of 1220	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 6068 wrote to memory of 1220	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 6068 wrote to memory of 1044	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 6068 wrote to memory of 1044	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 6068 wrote to memory of 904	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 6068 wrote to memory of 904	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 6068 wrote to memory of 6080	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 6068 wrote to memory of 6080	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 6068 wrote to memory of 212	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 6068 wrote to memory of 212	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 6068 wrote to memory of 4040	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 6068 wrote to memory of 4040	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 6068 wrote to memory of 2836	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 6068 wrote to memory of 2836	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 6068 wrote to memory of 3124	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 6068 wrote to memory of 3124	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 6068 wrote to memory of 5980	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 6068 wrote to memory of 5980	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 6068 wrote to memory of 4496	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 6068 wrote to memory of 4496	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 6068 wrote to memory of 696	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 6068 wrote to memory of 696	6068	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:6068
- C:\Windows\System\dTEKXoU.exe
  C:\Windows\System\dTEKXoU.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\JXOwnvn.exe
  C:\Windows\System\JXOwnvn.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\qUIgPiA.exe
  C:\Windows\System\qUIgPiA.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\qAfpqUw.exe
  C:\Windows\System\qAfpqUw.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\VBeMWeH.exe
  C:\Windows\System\VBeMWeH.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\idsVqOb.exe
  C:\Windows\System\idsVqOb.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\lZOStii.exe
  C:\Windows\System\lZOStii.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\dYfMCxC.exe
  C:\Windows\System\dYfMCxC.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\jjdabEN.exe
  C:\Windows\System\jjdabEN.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\sOgnRou.exe
  C:\Windows\System\sOgnRou.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\aJmTUKf.exe
  C:\Windows\System\aJmTUKf.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\lVDkiOA.exe
  C:\Windows\System\lVDkiOA.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\opdYcjn.exe
  C:\Windows\System\opdYcjn.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\OpXSHsa.exe
  C:\Windows\System\OpXSHsa.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\KMTVFNo.exe
  C:\Windows\System\KMTVFNo.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\QkJGpdG.exe
  C:\Windows\System\QkJGpdG.exe
  2⤵
  - Executes dropped EXE
  PID:5688
- C:\Windows\System\MKvENLD.exe
  C:\Windows\System\MKvENLD.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\KiQDaLK.exe
  C:\Windows\System\KiQDaLK.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\gVItNSK.exe
  C:\Windows\System\gVItNSK.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ZBknMoH.exe
  C:\Windows\System\ZBknMoH.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\tKrQScs.exe
  C:\Windows\System\tKrQScs.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\uJnRKJn.exe
  C:\Windows\System\uJnRKJn.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\GVsOCCm.exe
  C:\Windows\System\GVsOCCm.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\wWpcLnP.exe
  C:\Windows\System\wWpcLnP.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\CXvwLuk.exe
  C:\Windows\System\CXvwLuk.exe
  2⤵
  - Executes dropped EXE
  PID:6080
- C:\Windows\System\AbdaLmP.exe
  C:\Windows\System\AbdaLmP.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\ArBjZMP.exe
  C:\Windows\System\ArBjZMP.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\FKBaUiG.exe
  C:\Windows\System\FKBaUiG.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\qfcAuTW.exe
  C:\Windows\System\qfcAuTW.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\LojfdpQ.exe
  C:\Windows\System\LojfdpQ.exe
  2⤵
  - Executes dropped EXE
  PID:5980
- C:\Windows\System\KjcliTA.exe
  C:\Windows\System\KjcliTA.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\eOJBqYC.exe
  C:\Windows\System\eOJBqYC.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\pdmolsN.exe
  C:\Windows\System\pdmolsN.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\mBpfRda.exe
  C:\Windows\System\mBpfRda.exe
  2⤵
  - Executes dropped EXE
  PID:5724
- C:\Windows\System\PDeKVcz.exe
  C:\Windows\System\PDeKVcz.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\VdxqXkw.exe
  C:\Windows\System\VdxqXkw.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\hcOPYmS.exe
  C:\Windows\System\hcOPYmS.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\TPEqcEd.exe
  C:\Windows\System\TPEqcEd.exe
  2⤵
  - Executes dropped EXE
  PID:6060
- C:\Windows\System\yWFMHRF.exe
  C:\Windows\System\yWFMHRF.exe
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Windows\System\xjiEvUK.exe
  C:\Windows\System\xjiEvUK.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\XnlWPbC.exe
  C:\Windows\System\XnlWPbC.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\QjKqIIV.exe
  C:\Windows\System\QjKqIIV.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\PhoONvx.exe
  C:\Windows\System\PhoONvx.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\zCXkDko.exe
  C:\Windows\System\zCXkDko.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System\YkOmheb.exe
  C:\Windows\System\YkOmheb.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System\tMiZAIK.exe
  C:\Windows\System\tMiZAIK.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\GgqfulV.exe
  C:\Windows\System\GgqfulV.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\MdUPKcb.exe
  C:\Windows\System\MdUPKcb.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\IXKSODx.exe
  C:\Windows\System\IXKSODx.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\DbnRJFG.exe
  C:\Windows\System\DbnRJFG.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\GZBIpeD.exe
  C:\Windows\System\GZBIpeD.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\dlteFFS.exe
  C:\Windows\System\dlteFFS.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\VsKmPNG.exe
  C:\Windows\System\VsKmPNG.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\XNEzrbO.exe
  C:\Windows\System\XNEzrbO.exe
  2⤵
  - Executes dropped EXE
  PID:6112
- C:\Windows\System\ycHqVhS.exe
  C:\Windows\System\ycHqVhS.exe
  2⤵
  - Executes dropped EXE
  PID:6012
- C:\Windows\System\TAlEded.exe
  C:\Windows\System\TAlEded.exe
  2⤵
  - Executes dropped EXE
  PID:5896
- C:\Windows\System\EMxuODu.exe
  C:\Windows\System\EMxuODu.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\XayTIhg.exe
  C:\Windows\System\XayTIhg.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\pJpgstc.exe
  C:\Windows\System\pJpgstc.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\Dgfdxvg.exe
  C:\Windows\System\Dgfdxvg.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\tVSlcfw.exe
  C:\Windows\System\tVSlcfw.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\NuKXkJs.exe
  C:\Windows\System\NuKXkJs.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System\WWEEWZH.exe
  C:\Windows\System\WWEEWZH.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jaIuRcv.exe
  C:\Windows\System\jaIuRcv.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\TRbjaEZ.exe
  C:\Windows\System\TRbjaEZ.exe
  2⤵
  PID:3984
- C:\Windows\System\HcnueZR.exe
  C:\Windows\System\HcnueZR.exe
  2⤵
  PID:2716
- C:\Windows\System\cmVdvMS.exe
  C:\Windows\System\cmVdvMS.exe
  2⤵
  PID:5304
- C:\Windows\System\TGWxrpw.exe
  C:\Windows\System\TGWxrpw.exe
  2⤵
  PID:4116
- C:\Windows\System\aiuNUph.exe
  C:\Windows\System\aiuNUph.exe
  2⤵
  PID:3216
- C:\Windows\System\GCnSwKX.exe
  C:\Windows\System\GCnSwKX.exe
  2⤵
  PID:6088
- C:\Windows\System\FKeMeTz.exe
  C:\Windows\System\FKeMeTz.exe
  2⤵
  PID:5112
- C:\Windows\System\FzbyZCt.exe
  C:\Windows\System\FzbyZCt.exe
  2⤵
  PID:1340
- C:\Windows\System\rGuVqjQ.exe
  C:\Windows\System\rGuVqjQ.exe
  2⤵
  PID:2916
- C:\Windows\System\vwyNPip.exe
  C:\Windows\System\vwyNPip.exe
  2⤵
  PID:2788
- C:\Windows\System\GRqoMyI.exe
  C:\Windows\System\GRqoMyI.exe
  2⤵
  PID:5988
- C:\Windows\System\RoWEGhn.exe
  C:\Windows\System\RoWEGhn.exe
  2⤵
  PID:3624
- C:\Windows\System\aiDsNIs.exe
  C:\Windows\System\aiDsNIs.exe
  2⤵
  PID:5092
- C:\Windows\System\npKrFGa.exe
  C:\Windows\System\npKrFGa.exe
  2⤵
  PID:4000
- C:\Windows\System\SoyhFuF.exe
  C:\Windows\System\SoyhFuF.exe
  2⤵
  PID:2764
- C:\Windows\System\QXIKDnV.exe
  C:\Windows\System\QXIKDnV.exe
  2⤵
  PID:3784
- C:\Windows\System\xfDQTYR.exe
  C:\Windows\System\xfDQTYR.exe
  2⤵
  PID:5452
- C:\Windows\System\sbxGdpl.exe
  C:\Windows\System\sbxGdpl.exe
  2⤵
  PID:2068
- C:\Windows\System\siQtvBL.exe
  C:\Windows\System\siQtvBL.exe
  2⤵
  PID:4804
- C:\Windows\System\CQPgXpu.exe
  C:\Windows\System\CQPgXpu.exe
  2⤵
  PID:5700
- C:\Windows\System\dHumLtm.exe
  C:\Windows\System\dHumLtm.exe
  2⤵
  PID:5844
- C:\Windows\System\RECBomH.exe
  C:\Windows\System\RECBomH.exe
  2⤵
  PID:6128
- C:\Windows\System\GaRwgpC.exe
  C:\Windows\System\GaRwgpC.exe
  2⤵
  PID:5808
- C:\Windows\System\gGlvPDs.exe
  C:\Windows\System\gGlvPDs.exe
  2⤵
  PID:2236
- C:\Windows\System\raOWTTA.exe
  C:\Windows\System\raOWTTA.exe
  2⤵
  PID:3976
- C:\Windows\System\nLdDGZg.exe
  C:\Windows\System\nLdDGZg.exe
  2⤵
  PID:2700
- C:\Windows\System\lgfSGpi.exe
  C:\Windows\System\lgfSGpi.exe
  2⤵
  PID:6028
- C:\Windows\System\tIdeRkL.exe
  C:\Windows\System\tIdeRkL.exe
  2⤵
  PID:4476
- C:\Windows\System\UumhgDo.exe
  C:\Windows\System\UumhgDo.exe
  2⤵
  PID:4488
- C:\Windows\System\IkfcMVK.exe
  C:\Windows\System\IkfcMVK.exe
  2⤵
  PID:1816
- C:\Windows\System\pWjdZIO.exe
  C:\Windows\System\pWjdZIO.exe
  2⤵
  PID:5540
- C:\Windows\System\lFJaXNz.exe
  C:\Windows\System\lFJaXNz.exe
  2⤵
  PID:4280
- C:\Windows\System\gGYFpwu.exe
  C:\Windows\System\gGYFpwu.exe
  2⤵
  PID:2176
- C:\Windows\System\GKBOqIM.exe
  C:\Windows\System\GKBOqIM.exe
  2⤵
  PID:628
- C:\Windows\System\XdDgbGC.exe
  C:\Windows\System\XdDgbGC.exe
  2⤵
  PID:4872
- C:\Windows\System\WNDaaGY.exe
  C:\Windows\System\WNDaaGY.exe
  2⤵
  PID:968
- C:\Windows\System\tfEHKQL.exe
  C:\Windows\System\tfEHKQL.exe
  2⤵
  PID:1708
- C:\Windows\System\nSKzrNM.exe
  C:\Windows\System\nSKzrNM.exe
  2⤵
  PID:2032
- C:\Windows\System\YEBorQx.exe
  C:\Windows\System\YEBorQx.exe
  2⤵
  PID:4964
- C:\Windows\System\CiFixZC.exe
  C:\Windows\System\CiFixZC.exe
  2⤵
  PID:3452
- C:\Windows\System\uszymAC.exe
  C:\Windows\System\uszymAC.exe
  2⤵
  PID:6008
- C:\Windows\System\ePGHedD.exe
  C:\Windows\System\ePGHedD.exe
  2⤵
  PID:4980
- C:\Windows\System\rTailjh.exe
  C:\Windows\System\rTailjh.exe
  2⤵
  PID:3120
- C:\Windows\System\JOeiXyF.exe
  C:\Windows\System\JOeiXyF.exe
  2⤵
  PID:5148
- C:\Windows\System\oNvvgUk.exe
  C:\Windows\System\oNvvgUk.exe
  2⤵
  PID:6100
- C:\Windows\System\EGGopMk.exe
  C:\Windows\System\EGGopMk.exe
  2⤵
  PID:5376
- C:\Windows\System\DHHwwRm.exe
  C:\Windows\System\DHHwwRm.exe
  2⤵
  PID:2160
- C:\Windows\System\naCGYhW.exe
  C:\Windows\System\naCGYhW.exe
  2⤵
  PID:3288
- C:\Windows\System\OHRuhcz.exe
  C:\Windows\System\OHRuhcz.exe
  2⤵
  PID:4844
- C:\Windows\System\KpBNShO.exe
  C:\Windows\System\KpBNShO.exe
  2⤵
  PID:1880
- C:\Windows\System\bKdRNql.exe
  C:\Windows\System\bKdRNql.exe
  2⤵
  PID:6120
- C:\Windows\System\vGCmeCZ.exe
  C:\Windows\System\vGCmeCZ.exe
  2⤵
  PID:5952
- C:\Windows\System\wHbnQdo.exe
  C:\Windows\System\wHbnQdo.exe
  2⤵
  PID:3108
- C:\Windows\System\qbGKaYz.exe
  C:\Windows\System\qbGKaYz.exe
  2⤵
  PID:3280
- C:\Windows\System\cqNtrRb.exe
  C:\Windows\System\cqNtrRb.exe
  2⤵
  PID:1404
- C:\Windows\System\ANVcHnG.exe
  C:\Windows\System\ANVcHnG.exe
  2⤵
  PID:4180
- C:\Windows\System\zscWZCU.exe
  C:\Windows\System\zscWZCU.exe
  2⤵
  PID:788
- C:\Windows\System\eEPeviA.exe
  C:\Windows\System\eEPeviA.exe
  2⤵
  PID:1916
- C:\Windows\System\NJdmNNe.exe
  C:\Windows\System\NJdmNNe.exe
  2⤵
  PID:5572
- C:\Windows\System\mzLHxST.exe
  C:\Windows\System\mzLHxST.exe
  2⤵
  PID:2860
- C:\Windows\System\QcoHcMK.exe
  C:\Windows\System\QcoHcMK.exe
  2⤵
  PID:3024
- C:\Windows\System\wvrhSDb.exe
  C:\Windows\System\wvrhSDb.exe
  2⤵
  PID:1252
- C:\Windows\System\ibOfDrw.exe
  C:\Windows\System\ibOfDrw.exe
  2⤵
  PID:5608
- C:\Windows\System\ZzxtHbi.exe
  C:\Windows\System\ZzxtHbi.exe
  2⤵
  PID:1504
- C:\Windows\System\ihxMjle.exe
  C:\Windows\System\ihxMjle.exe
  2⤵
  PID:6132
- C:\Windows\System\IYDZBug.exe
  C:\Windows\System\IYDZBug.exe
  2⤵
  PID:3440
- C:\Windows\System\ZIqbnni.exe
  C:\Windows\System\ZIqbnni.exe
  2⤵
  PID:6124
- C:\Windows\System\EKkEEPM.exe
  C:\Windows\System\EKkEEPM.exe
  2⤵
  PID:3536
- C:\Windows\System\uTlYWGh.exe
  C:\Windows\System\uTlYWGh.exe
  2⤵
  PID:4576
- C:\Windows\System\KwgyFvS.exe
  C:\Windows\System\KwgyFvS.exe
  2⤵
  PID:1876
- C:\Windows\System\dNPUuLg.exe
  C:\Windows\System\dNPUuLg.exe
  2⤵
  PID:5600
- C:\Windows\System\YHRRWVt.exe
  C:\Windows\System\YHRRWVt.exe
  2⤵
  PID:6000
- C:\Windows\System\QQQmomu.exe
  C:\Windows\System\QQQmomu.exe
  2⤵
  PID:1844
- C:\Windows\System\xHnBtPa.exe
  C:\Windows\System\xHnBtPa.exe
  2⤵
  PID:4508
- C:\Windows\System\xIleQxu.exe
  C:\Windows\System\xIleQxu.exe
  2⤵
  PID:6172
- C:\Windows\System\ywOgFtC.exe
  C:\Windows\System\ywOgFtC.exe
  2⤵
  PID:6208
- C:\Windows\System\XcAqbTd.exe
  C:\Windows\System\XcAqbTd.exe
  2⤵
  PID:6232
- C:\Windows\System\MYTrBEi.exe
  C:\Windows\System\MYTrBEi.exe
  2⤵
  PID:6264
- C:\Windows\System\fGGZPPd.exe
  C:\Windows\System\fGGZPPd.exe
  2⤵
  PID:6292
- C:\Windows\System\ymAXlDP.exe
  C:\Windows\System\ymAXlDP.exe
  2⤵
  PID:6320
- C:\Windows\System\LaNDEaa.exe
  C:\Windows\System\LaNDEaa.exe
  2⤵
  PID:6344
- C:\Windows\System\ltqPNdR.exe
  C:\Windows\System\ltqPNdR.exe
  2⤵
  PID:6376
- C:\Windows\System\STgKZLK.exe
  C:\Windows\System\STgKZLK.exe
  2⤵
  PID:6404
- C:\Windows\System\BwvgaRd.exe
  C:\Windows\System\BwvgaRd.exe
  2⤵
  PID:6424
- C:\Windows\System\XYtlxUe.exe
  C:\Windows\System\XYtlxUe.exe
  2⤵
  PID:6460
- C:\Windows\System\wJUIxcA.exe
  C:\Windows\System\wJUIxcA.exe
  2⤵
  PID:6484
- C:\Windows\System\SIIctPd.exe
  C:\Windows\System\SIIctPd.exe
  2⤵
  PID:6516
- C:\Windows\System\iPhAbCu.exe
  C:\Windows\System\iPhAbCu.exe
  2⤵
  PID:6544
- C:\Windows\System\cHlbNAo.exe
  C:\Windows\System\cHlbNAo.exe
  2⤵
  PID:6568
- C:\Windows\System\OkgJOKf.exe
  C:\Windows\System\OkgJOKf.exe
  2⤵
  PID:6600
- C:\Windows\System\AmUbMQD.exe
  C:\Windows\System\AmUbMQD.exe
  2⤵
  PID:6624
- C:\Windows\System\yoCyotg.exe
  C:\Windows\System\yoCyotg.exe
  2⤵
  PID:6656
- C:\Windows\System\ptMsGSH.exe
  C:\Windows\System\ptMsGSH.exe
  2⤵
  PID:6684
- C:\Windows\System\hrakJRY.exe
  C:\Windows\System\hrakJRY.exe
  2⤵
  PID:6700
- C:\Windows\System\NiEgIij.exe
  C:\Windows\System\NiEgIij.exe
  2⤵
  PID:6740
- C:\Windows\System\jBxrcvE.exe
  C:\Windows\System\jBxrcvE.exe
  2⤵
  PID:6768
- C:\Windows\System\XqchzNG.exe
  C:\Windows\System\XqchzNG.exe
  2⤵
  PID:6784
- C:\Windows\System\IGdmgCc.exe
  C:\Windows\System\IGdmgCc.exe
  2⤵
  PID:6808
- C:\Windows\System\ZHIqSjG.exe
  C:\Windows\System\ZHIqSjG.exe
  2⤵
  PID:6832
- C:\Windows\System\oIIIswQ.exe
  C:\Windows\System\oIIIswQ.exe
  2⤵
  PID:6868
- C:\Windows\System\sOJcpoa.exe
  C:\Windows\System\sOJcpoa.exe
  2⤵
  PID:6904
- C:\Windows\System\cgajeiY.exe
  C:\Windows\System\cgajeiY.exe
  2⤵
  PID:6944
- C:\Windows\System\vInaHab.exe
  C:\Windows\System\vInaHab.exe
  2⤵
  PID:7000
- C:\Windows\System\ueUSXSH.exe
  C:\Windows\System\ueUSXSH.exe
  2⤵
  PID:7032
- C:\Windows\System\JCeFXBW.exe
  C:\Windows\System\JCeFXBW.exe
  2⤵
  PID:7060
- C:\Windows\System\bsVBlUT.exe
  C:\Windows\System\bsVBlUT.exe
  2⤵
  PID:7092
- C:\Windows\System\lNDWytu.exe
  C:\Windows\System\lNDWytu.exe
  2⤵
  PID:7120
- C:\Windows\System\wTvXNne.exe
  C:\Windows\System\wTvXNne.exe
  2⤵
  PID:7148
- C:\Windows\System\ePcdJwz.exe
  C:\Windows\System\ePcdJwz.exe
  2⤵
  PID:2552
- C:\Windows\System\oJoRJEJ.exe
  C:\Windows\System\oJoRJEJ.exe
  2⤵
  PID:6204
- C:\Windows\System\shaHgeK.exe
  C:\Windows\System\shaHgeK.exe
  2⤵
  PID:6252
- C:\Windows\System\JfrhPdm.exe
  C:\Windows\System\JfrhPdm.exe
  2⤵
  PID:6328
- C:\Windows\System\gJiEgWA.exe
  C:\Windows\System\gJiEgWA.exe
  2⤵
  PID:6384
- C:\Windows\System\gmVKxyH.exe
  C:\Windows\System\gmVKxyH.exe
  2⤵
  PID:6448
- C:\Windows\System\jXgzqQF.exe
  C:\Windows\System\jXgzqQF.exe
  2⤵
  PID:6504
- C:\Windows\System\amFVSTs.exe
  C:\Windows\System\amFVSTs.exe
  2⤵
  PID:6540
- C:\Windows\System\WuwMqPb.exe
  C:\Windows\System\WuwMqPb.exe
  2⤵
  PID:6580
- C:\Windows\System\qrnJguD.exe
  C:\Windows\System\qrnJguD.exe
  2⤵
  PID:6652
- C:\Windows\System\TJAjjuE.exe
  C:\Windows\System\TJAjjuE.exe
  2⤵
  PID:6712
- C:\Windows\System\ENdAmPZ.exe
  C:\Windows\System\ENdAmPZ.exe
  2⤵
  PID:6780
- C:\Windows\System\DOhJLlK.exe
  C:\Windows\System\DOhJLlK.exe
  2⤵
  PID:6856
- C:\Windows\System\LTEbjCq.exe
  C:\Windows\System\LTEbjCq.exe
  2⤵
  PID:6916
- C:\Windows\System\MosRLTO.exe
  C:\Windows\System\MosRLTO.exe
  2⤵
  PID:332
- C:\Windows\System\OwGgUGt.exe
  C:\Windows\System\OwGgUGt.exe
  2⤵
  PID:2504
- C:\Windows\System\ePOLIcu.exe
  C:\Windows\System\ePOLIcu.exe
  2⤵
  PID:7052
- C:\Windows\System\QzrzaZj.exe
  C:\Windows\System\QzrzaZj.exe
  2⤵
  PID:7116
- C:\Windows\System\aThGzZN.exe
  C:\Windows\System\aThGzZN.exe
  2⤵
  PID:6168
- C:\Windows\System\iBbYsVa.exe
  C:\Windows\System\iBbYsVa.exe
  2⤵
  PID:6288
- C:\Windows\System\hUArTtu.exe
  C:\Windows\System\hUArTtu.exe
  2⤵
  PID:6440
- C:\Windows\System\shCuOFp.exe
  C:\Windows\System\shCuOFp.exe
  2⤵
  PID:6552
- C:\Windows\System\MaiScZj.exe
  C:\Windows\System\MaiScZj.exe
  2⤵
  PID:6680
- C:\Windows\System\OULmvdQ.exe
  C:\Windows\System\OULmvdQ.exe
  2⤵
  PID:6820
- C:\Windows\System\QAwoKVi.exe
  C:\Windows\System\QAwoKVi.exe
  2⤵
  PID:6988
- C:\Windows\System\HdzhRgF.exe
  C:\Windows\System\HdzhRgF.exe
  2⤵
  PID:7072
- C:\Windows\System\CfOwdEV.exe
  C:\Windows\System\CfOwdEV.exe
  2⤵
  PID:6352
- C:\Windows\System\pzIlqmr.exe
  C:\Windows\System\pzIlqmr.exe
  2⤵
  PID:6588
- C:\Windows\System\OvYfdJT.exe
  C:\Windows\System\OvYfdJT.exe
  2⤵
  PID:6896
- C:\Windows\System\hakGolp.exe
  C:\Windows\System\hakGolp.exe
  2⤵
  PID:6216
- C:\Windows\System\bswRtCm.exe
  C:\Windows\System\bswRtCm.exe
  2⤵
  PID:5076
- C:\Windows\System\IbvzeBU.exe
  C:\Windows\System\IbvzeBU.exe
  2⤵
  PID:7176
- C:\Windows\System\PSIklsV.exe
  C:\Windows\System\PSIklsV.exe
  2⤵
  PID:7200
- C:\Windows\System\zViLkiJ.exe
  C:\Windows\System\zViLkiJ.exe
  2⤵
  PID:7232
- C:\Windows\System\MfolZUJ.exe
  C:\Windows\System\MfolZUJ.exe
  2⤵
  PID:7260
- C:\Windows\System\saHJdxK.exe
  C:\Windows\System\saHJdxK.exe
  2⤵
  PID:7288
- C:\Windows\System\pLYFIcA.exe
  C:\Windows\System\pLYFIcA.exe
  2⤵
  PID:7316
- C:\Windows\System\cCDgNLs.exe
  C:\Windows\System\cCDgNLs.exe
  2⤵
  PID:7344
- C:\Windows\System\cgPlImK.exe
  C:\Windows\System\cgPlImK.exe
  2⤵
  PID:7368
- C:\Windows\System\IDwzuGk.exe
  C:\Windows\System\IDwzuGk.exe
  2⤵
  PID:7388
- C:\Windows\System\sVgJDSg.exe
  C:\Windows\System\sVgJDSg.exe
  2⤵
  PID:7424
- C:\Windows\System\MRHyses.exe
  C:\Windows\System\MRHyses.exe
  2⤵
  PID:7452
- C:\Windows\System\ABgsIiz.exe
  C:\Windows\System\ABgsIiz.exe
  2⤵
  PID:7484
- C:\Windows\System\XUIFMGV.exe
  C:\Windows\System\XUIFMGV.exe
  2⤵
  PID:7512
- C:\Windows\System\OyXoGlX.exe
  C:\Windows\System\OyXoGlX.exe
  2⤵
  PID:7536
- C:\Windows\System\itXIaMM.exe
  C:\Windows\System\itXIaMM.exe
  2⤵
  PID:7568
- C:\Windows\System\nolECtG.exe
  C:\Windows\System\nolECtG.exe
  2⤵
  PID:7584
- C:\Windows\System\sPNwizw.exe
  C:\Windows\System\sPNwizw.exe
  2⤵
  PID:7612
- C:\Windows\System\QQZcoyE.exe
  C:\Windows\System\QQZcoyE.exe
  2⤵
  PID:7640
- C:\Windows\System\cXujRBB.exe
  C:\Windows\System\cXujRBB.exe
  2⤵
  PID:7668
- C:\Windows\System\apGpEUo.exe
  C:\Windows\System\apGpEUo.exe
  2⤵
  PID:7696
- C:\Windows\System\bcEJHIU.exe
  C:\Windows\System\bcEJHIU.exe
  2⤵
  PID:7732
- C:\Windows\System\iXqgNKi.exe
  C:\Windows\System\iXqgNKi.exe
  2⤵
  PID:7760
- C:\Windows\System\dPcPWSa.exe
  C:\Windows\System\dPcPWSa.exe
  2⤵
  PID:7788
- C:\Windows\System\yBEWVeU.exe
  C:\Windows\System\yBEWVeU.exe
  2⤵
  PID:7812
- C:\Windows\System\eiuWpGA.exe
  C:\Windows\System\eiuWpGA.exe
  2⤵
  PID:7836
- C:\Windows\System\CJSDgye.exe
  C:\Windows\System\CJSDgye.exe
  2⤵
  PID:7864
- C:\Windows\System\RoHSSOT.exe
  C:\Windows\System\RoHSSOT.exe
  2⤵
  PID:7892
- C:\Windows\System\raHrRBy.exe
  C:\Windows\System\raHrRBy.exe
  2⤵
  PID:7932
- C:\Windows\System\duevXca.exe
  C:\Windows\System\duevXca.exe
  2⤵
  PID:7956
- C:\Windows\System\NjPnvCx.exe
  C:\Windows\System\NjPnvCx.exe
  2⤵
  PID:7976
- C:\Windows\System\yNYgAFE.exe
  C:\Windows\System\yNYgAFE.exe
  2⤵
  PID:8004
- C:\Windows\System\SfskjZN.exe
  C:\Windows\System\SfskjZN.exe
  2⤵
  PID:8040
- C:\Windows\System\cHSDxda.exe
  C:\Windows\System\cHSDxda.exe
  2⤵
  PID:8060
- C:\Windows\System\vtxghGv.exe
  C:\Windows\System\vtxghGv.exe
  2⤵
  PID:8092
- C:\Windows\System\oTIKYQa.exe
  C:\Windows\System\oTIKYQa.exe
  2⤵
  PID:8116
- C:\Windows\System\hMXGSja.exe
  C:\Windows\System\hMXGSja.exe
  2⤵
  PID:8144
- C:\Windows\System\uBwaaug.exe
  C:\Windows\System\uBwaaug.exe
  2⤵
  PID:8180
- C:\Windows\System\XpIyIkl.exe
  C:\Windows\System\XpIyIkl.exe
  2⤵
  PID:7184
- C:\Windows\System\RYGtPNL.exe
  C:\Windows\System\RYGtPNL.exe
  2⤵
  PID:7248
- C:\Windows\System\JkTmXwi.exe
  C:\Windows\System\JkTmXwi.exe
  2⤵
  PID:7312
- C:\Windows\System\FoNEAwW.exe
  C:\Windows\System\FoNEAwW.exe
  2⤵
  PID:7380
- C:\Windows\System\uWRPFUX.exe
  C:\Windows\System\uWRPFUX.exe
  2⤵
  PID:7444
- C:\Windows\System\KWVThcD.exe
  C:\Windows\System\KWVThcD.exe
  2⤵
  PID:7504
- C:\Windows\System\fLVMVng.exe
  C:\Windows\System\fLVMVng.exe
  2⤵
  PID:7576
- C:\Windows\System\OKgbZce.exe
  C:\Windows\System\OKgbZce.exe
  2⤵
  PID:7636
- C:\Windows\System\nezzUso.exe
  C:\Windows\System\nezzUso.exe
  2⤵
  PID:7708
- C:\Windows\System\TmtAwMi.exe
  C:\Windows\System\TmtAwMi.exe
  2⤵
  PID:7772
- C:\Windows\System\VgDJGbr.exe
  C:\Windows\System\VgDJGbr.exe
  2⤵
  PID:7856
- C:\Windows\System\uPRIJaI.exe
  C:\Windows\System\uPRIJaI.exe
  2⤵
  PID:7904
- C:\Windows\System\nOHLhZg.exe
  C:\Windows\System\nOHLhZg.exe
  2⤵
  PID:7968
- C:\Windows\System\BAAghfW.exe
  C:\Windows\System\BAAghfW.exe
  2⤵
  PID:8028
- C:\Windows\System\rRKnlnC.exe
  C:\Windows\System\rRKnlnC.exe
  2⤵
  PID:8112
- C:\Windows\System\xmsRzAZ.exe
  C:\Windows\System\xmsRzAZ.exe
  2⤵
  PID:8164
- C:\Windows\System\lgUiByK.exe
  C:\Windows\System\lgUiByK.exe
  2⤵
  PID:7240
- C:\Windows\System\GliXyWY.exe
  C:\Windows\System\GliXyWY.exe
  2⤵
  PID:7408
- C:\Windows\System\ewqnppO.exe
  C:\Windows\System\ewqnppO.exe
  2⤵
  PID:7564
- C:\Windows\System\MZkPBLg.exe
  C:\Windows\System\MZkPBLg.exe
  2⤵
  PID:7688
- C:\Windows\System\xZiJpCd.exe
  C:\Windows\System\xZiJpCd.exe
  2⤵
  PID:7876
- C:\Windows\System\xQTwrFQ.exe
  C:\Windows\System\xQTwrFQ.exe
  2⤵
  PID:8056
- C:\Windows\System\kSCLOdm.exe
  C:\Windows\System\kSCLOdm.exe
  2⤵
  PID:8156
- C:\Windows\System\FWuPMWz.exe
  C:\Windows\System\FWuPMWz.exe
  2⤵
  PID:7480
- C:\Windows\System\ItuLMsc.exe
  C:\Windows\System\ItuLMsc.exe
  2⤵
  PID:7820
- C:\Windows\System\cVccUhd.exe
  C:\Windows\System\cVccUhd.exe
  2⤵
  PID:8140
- C:\Windows\System\vkDGbZs.exe
  C:\Windows\System\vkDGbZs.exe
  2⤵
  PID:7768
- C:\Windows\System\GYqJawy.exe
  C:\Windows\System\GYqJawy.exe
  2⤵
  PID:8200
- C:\Windows\System\xIxIQXG.exe
  C:\Windows\System\xIxIQXG.exe
  2⤵
  PID:8220
- C:\Windows\System\FsOFOQc.exe
  C:\Windows\System\FsOFOQc.exe
  2⤵
  PID:8248
- C:\Windows\System\ytjrwJQ.exe
  C:\Windows\System\ytjrwJQ.exe
  2⤵
  PID:8276
- C:\Windows\System\ApqYQCn.exe
  C:\Windows\System\ApqYQCn.exe
  2⤵
  PID:8312
- C:\Windows\System\wClbiSN.exe
  C:\Windows\System\wClbiSN.exe
  2⤵
  PID:8344
- C:\Windows\System\OErPiwU.exe
  C:\Windows\System\OErPiwU.exe
  2⤵
  PID:8368
- C:\Windows\System\LhqhwPN.exe
  C:\Windows\System\LhqhwPN.exe
  2⤵
  PID:8392
- C:\Windows\System\TgfFaPS.exe
  C:\Windows\System\TgfFaPS.exe
  2⤵
  PID:8416
- C:\Windows\System\QbXiiaE.exe
  C:\Windows\System\QbXiiaE.exe
  2⤵
  PID:8444
- C:\Windows\System\dyszGUj.exe
  C:\Windows\System\dyszGUj.exe
  2⤵
  PID:8472
- C:\Windows\System\aEerKsu.exe
  C:\Windows\System\aEerKsu.exe
  2⤵
  PID:8504
- C:\Windows\System\HkLwWFu.exe
  C:\Windows\System\HkLwWFu.exe
  2⤵
  PID:8536
- C:\Windows\System\kTqjKiT.exe
  C:\Windows\System\kTqjKiT.exe
  2⤵
  PID:8556
- C:\Windows\System\OmpUDKX.exe
  C:\Windows\System\OmpUDKX.exe
  2⤵
  PID:8592
- C:\Windows\System\oiaaBBS.exe
  C:\Windows\System\oiaaBBS.exe
  2⤵
  PID:8612
- C:\Windows\System\HjCaLRs.exe
  C:\Windows\System\HjCaLRs.exe
  2⤵
  PID:8640
- C:\Windows\System\GbGNzlO.exe
  C:\Windows\System\GbGNzlO.exe
  2⤵
  PID:8672
- C:\Windows\System\fiwFzRa.exe
  C:\Windows\System\fiwFzRa.exe
  2⤵
  PID:8696
- C:\Windows\System\DuWqIOY.exe
  C:\Windows\System\DuWqIOY.exe
  2⤵
  PID:8724
- C:\Windows\System\VQqReHB.exe
  C:\Windows\System\VQqReHB.exe
  2⤵
  PID:8752
- C:\Windows\System\zPKyhDC.exe
  C:\Windows\System\zPKyhDC.exe
  2⤵
  PID:8784
- C:\Windows\System\JgbNOkW.exe
  C:\Windows\System\JgbNOkW.exe
  2⤵
  PID:8808
- C:\Windows\System\VXsDxbM.exe
  C:\Windows\System\VXsDxbM.exe
  2⤵
  PID:8836
- C:\Windows\System\gBZXcwf.exe
  C:\Windows\System\gBZXcwf.exe
  2⤵
  PID:8864
- C:\Windows\System\OhqqYzY.exe
  C:\Windows\System\OhqqYzY.exe
  2⤵
  PID:8892
- C:\Windows\System\rCnwuTF.exe
  C:\Windows\System\rCnwuTF.exe
  2⤵
  PID:8920
- C:\Windows\System\bmMQZQU.exe
  C:\Windows\System\bmMQZQU.exe
  2⤵
  PID:8948
- C:\Windows\System\apEdqsn.exe
  C:\Windows\System\apEdqsn.exe
  2⤵
  PID:8976
- C:\Windows\System\qhlRJHc.exe
  C:\Windows\System\qhlRJHc.exe
  2⤵
  PID:9004
- C:\Windows\System\ZuGxEZn.exe
  C:\Windows\System\ZuGxEZn.exe
  2⤵
  PID:9032
- C:\Windows\System\FtJLuHu.exe
  C:\Windows\System\FtJLuHu.exe
  2⤵
  PID:9064
- C:\Windows\System\pdGTZfa.exe
  C:\Windows\System\pdGTZfa.exe
  2⤵
  PID:9088
- C:\Windows\System\enhxTWJ.exe
  C:\Windows\System\enhxTWJ.exe
  2⤵
  PID:9116
- C:\Windows\System\lIZrJxb.exe
  C:\Windows\System\lIZrJxb.exe
  2⤵
  PID:9144
- C:\Windows\System\ERxYPkJ.exe
  C:\Windows\System\ERxYPkJ.exe
  2⤵
  PID:9172
- C:\Windows\System\pnJcaxP.exe
  C:\Windows\System\pnJcaxP.exe
  2⤵
  PID:9200
- C:\Windows\System\yHMbgOa.exe
  C:\Windows\System\yHMbgOa.exe
  2⤵
  PID:8232
- C:\Windows\System\AWKkrbr.exe
  C:\Windows\System\AWKkrbr.exe
  2⤵
  PID:8288
- C:\Windows\System\iFymBzh.exe
  C:\Windows\System\iFymBzh.exe
  2⤵
  PID:8352
- C:\Windows\System\xAztpRw.exe
  C:\Windows\System\xAztpRw.exe
  2⤵
  PID:8412
- C:\Windows\System\dlNDsXy.exe
  C:\Windows\System\dlNDsXy.exe
  2⤵
  PID:8464
- C:\Windows\System\zuMjomi.exe
  C:\Windows\System\zuMjomi.exe
  2⤵
  PID:8524
- C:\Windows\System\XbIdnvY.exe
  C:\Windows\System\XbIdnvY.exe
  2⤵
  PID:8576
- C:\Windows\System\rjjqhwM.exe
  C:\Windows\System\rjjqhwM.exe
  2⤵
  PID:8660
- C:\Windows\System\bYvMbjg.exe
  C:\Windows\System\bYvMbjg.exe
  2⤵
  PID:8708
- C:\Windows\System\CRhPxQn.exe
  C:\Windows\System\CRhPxQn.exe
  2⤵
  PID:8772
- C:\Windows\System\pwNONSO.exe
  C:\Windows\System\pwNONSO.exe
  2⤵
  PID:8832
- C:\Windows\System\nNbDJJl.exe
  C:\Windows\System\nNbDJJl.exe
  2⤵
  PID:8912
- C:\Windows\System\WZgFvhX.exe
  C:\Windows\System\WZgFvhX.exe
  2⤵
  PID:8944
- C:\Windows\System\OACYPxA.exe
  C:\Windows\System\OACYPxA.exe
  2⤵
  PID:9016
- C:\Windows\System\BJhIGJi.exe
  C:\Windows\System\BJhIGJi.exe
  2⤵
  PID:9100
- C:\Windows\System\LIEraCR.exe
  C:\Windows\System\LIEraCR.exe
  2⤵
  PID:9136
- C:\Windows\System\uPfUzvi.exe
  C:\Windows\System\uPfUzvi.exe
  2⤵
  PID:8212
- C:\Windows\System\fmlyIxQ.exe
  C:\Windows\System\fmlyIxQ.exe
  2⤵
  PID:8340
- C:\Windows\System\ruegvbu.exe
  C:\Windows\System\ruegvbu.exe
  2⤵
  PID:4984
- C:\Windows\System\nHuIlpi.exe
  C:\Windows\System\nHuIlpi.exe
  2⤵
  PID:5644
- C:\Windows\System\ZTFXGxK.exe
  C:\Windows\System\ZTFXGxK.exe
  2⤵
  PID:8688
- C:\Windows\System\zGBhgSq.exe
  C:\Windows\System\zGBhgSq.exe
  2⤵
  PID:8820
- C:\Windows\System\GvsGaxF.exe
  C:\Windows\System\GvsGaxF.exe
  2⤵
  PID:8932
- C:\Windows\System\QObFezR.exe
  C:\Windows\System\QObFezR.exe
  2⤵
  PID:9056
- C:\Windows\System\fsRimLd.exe
  C:\Windows\System\fsRimLd.exe
  2⤵
  PID:9192
- C:\Windows\System\RMdrEEG.exe
  C:\Windows\System\RMdrEEG.exe
  2⤵
  PID:4372
- C:\Windows\System\SYNLSOj.exe
  C:\Windows\System\SYNLSOj.exe
  2⤵
  PID:8748
- C:\Windows\System\JLDepMo.exe
  C:\Windows\System\JLDepMo.exe
  2⤵
  PID:9044
- C:\Windows\System\mfkNosQ.exe
  C:\Windows\System\mfkNosQ.exe
  2⤵
  PID:8604
- C:\Windows\System\ttQjLmj.exe
  C:\Windows\System\ttQjLmj.exe
  2⤵
  PID:8408
- C:\Windows\System\pJwcPKj.exe
  C:\Windows\System\pJwcPKj.exe
  2⤵
  PID:9224
- C:\Windows\System\mlEZlYJ.exe
  C:\Windows\System\mlEZlYJ.exe
  2⤵
  PID:9260
- C:\Windows\System\sAwTzQF.exe
  C:\Windows\System\sAwTzQF.exe
  2⤵
  PID:9280
- C:\Windows\System\Tqrrsqt.exe
  C:\Windows\System\Tqrrsqt.exe
  2⤵
  PID:9324
- C:\Windows\System\qzwtgjE.exe
  C:\Windows\System\qzwtgjE.exe
  2⤵
  PID:9348
- C:\Windows\System\vfoSYFA.exe
  C:\Windows\System\vfoSYFA.exe
  2⤵
  PID:9376
- C:\Windows\System\uAZoKXZ.exe
  C:\Windows\System\uAZoKXZ.exe
  2⤵
  PID:9408
- C:\Windows\System\yemjeen.exe
  C:\Windows\System\yemjeen.exe
  2⤵
  PID:9432
- C:\Windows\System\UtupvXg.exe
  C:\Windows\System\UtupvXg.exe
  2⤵
  PID:9460
- C:\Windows\System\tdCYIGx.exe
  C:\Windows\System\tdCYIGx.exe
  2⤵
  PID:9488
- C:\Windows\System\cqmqJfl.exe
  C:\Windows\System\cqmqJfl.exe
  2⤵
  PID:9520
- C:\Windows\System\oXjpRJn.exe
  C:\Windows\System\oXjpRJn.exe
  2⤵
  PID:9544
- C:\Windows\System\XgKSNWc.exe
  C:\Windows\System\XgKSNWc.exe
  2⤵
  PID:9572
- C:\Windows\System\mBYrOjg.exe
  C:\Windows\System\mBYrOjg.exe
  2⤵
  PID:9600
- C:\Windows\System\GibfDKm.exe
  C:\Windows\System\GibfDKm.exe
  2⤵
  PID:9628
- C:\Windows\System\iTHnwJa.exe
  C:\Windows\System\iTHnwJa.exe
  2⤵
  PID:9656
- C:\Windows\System\ddnLyoA.exe
  C:\Windows\System\ddnLyoA.exe
  2⤵
  PID:9684
- C:\Windows\System\LTVxZkw.exe
  C:\Windows\System\LTVxZkw.exe
  2⤵
  PID:9716
- C:\Windows\System\MJHPzoC.exe
  C:\Windows\System\MJHPzoC.exe
  2⤵
  PID:9752
- C:\Windows\System\TRaApQT.exe
  C:\Windows\System\TRaApQT.exe
  2⤵
  PID:9772
- C:\Windows\System\TxDxhSJ.exe
  C:\Windows\System\TxDxhSJ.exe
  2⤵
  PID:9800
- C:\Windows\System\kKebKCG.exe
  C:\Windows\System\kKebKCG.exe
  2⤵
  PID:9836
- C:\Windows\System\xYGLhBX.exe
  C:\Windows\System\xYGLhBX.exe
  2⤵
  PID:9856
- C:\Windows\System\ZKfZYkj.exe
  C:\Windows\System\ZKfZYkj.exe
  2⤵
  PID:9968
- C:\Windows\System\LBnwgKO.exe
  C:\Windows\System\LBnwgKO.exe
  2⤵
  PID:10004
- C:\Windows\System\OxtMLWp.exe
  C:\Windows\System\OxtMLWp.exe
  2⤵
  PID:10100
- C:\Windows\System\jWNVSYf.exe
  C:\Windows\System\jWNVSYf.exe
  2⤵
  PID:10120
- C:\Windows\System\dHYCwfz.exe
  C:\Windows\System\dHYCwfz.exe
  2⤵
  PID:10148
- C:\Windows\System\nHdPEfI.exe
  C:\Windows\System\nHdPEfI.exe
  2⤵
  PID:10176
- C:\Windows\System\uFvdKtp.exe
  C:\Windows\System\uFvdKtp.exe
  2⤵
  PID:10204
- C:\Windows\System\suQOBhE.exe
  C:\Windows\System\suQOBhE.exe
  2⤵
  PID:10232
- C:\Windows\System\rusSIhf.exe
  C:\Windows\System\rusSIhf.exe
  2⤵
  PID:9276
- C:\Windows\System\zltMHho.exe
  C:\Windows\System\zltMHho.exe
  2⤵
  PID:9340
- C:\Windows\System\fgJDfDA.exe
  C:\Windows\System\fgJDfDA.exe
  2⤵
  PID:9428
- C:\Windows\System\mXRXusy.exe
  C:\Windows\System\mXRXusy.exe
  2⤵
  PID:9484
- C:\Windows\System\uYZZebK.exe
  C:\Windows\System\uYZZebK.exe
  2⤵
  PID:9528
- C:\Windows\System\WeVTUDS.exe
  C:\Windows\System\WeVTUDS.exe
  2⤵
  PID:9596
- C:\Windows\System\WpXGEWm.exe
  C:\Windows\System\WpXGEWm.exe
  2⤵
  PID:9652
- C:\Windows\System\vFxgQUK.exe
  C:\Windows\System\vFxgQUK.exe
  2⤵
  PID:9708
- C:\Windows\System\ZNmbasN.exe
  C:\Windows\System\ZNmbasN.exe
  2⤵
  PID:9768
- C:\Windows\System\oxUMaYE.exe
  C:\Windows\System\oxUMaYE.exe
  2⤵
  PID:9844
- C:\Windows\System\SsVmOyP.exe
  C:\Windows\System\SsVmOyP.exe
  2⤵
  PID:9880
- C:\Windows\System\hBoQgSB.exe
  C:\Windows\System\hBoQgSB.exe
  2⤵
  PID:9908
- C:\Windows\System\MYpHCLW.exe
  C:\Windows\System\MYpHCLW.exe
  2⤵
  PID:4736
- C:\Windows\System\YMrAtuj.exe
  C:\Windows\System\YMrAtuj.exe
  2⤵
  PID:10028
- C:\Windows\System\sYqJvZb.exe
  C:\Windows\System\sYqJvZb.exe
  2⤵
  PID:10060
- C:\Windows\System\fdEsxbg.exe
  C:\Windows\System\fdEsxbg.exe
  2⤵
  PID:5584
- C:\Windows\System\ESavnQX.exe
  C:\Windows\System\ESavnQX.exe
  2⤵
  PID:10140
- C:\Windows\System\vvpbVru.exe
  C:\Windows\System\vvpbVru.exe
  2⤵
  PID:10200
- C:\Windows\System\AqkHGai.exe
  C:\Windows\System\AqkHGai.exe
  2⤵
  PID:10224
- C:\Windows\System\HQmtyMZ.exe
  C:\Windows\System\HQmtyMZ.exe
  2⤵
  PID:9308
- C:\Windows\System\uPjWCea.exe
  C:\Windows\System\uPjWCea.exe
  2⤵
  PID:9452
- C:\Windows\System\eZBHGrw.exe
  C:\Windows\System\eZBHGrw.exe
  2⤵
  PID:9568
- C:\Windows\System\vrOThgN.exe
  C:\Windows\System\vrOThgN.exe
  2⤵
  PID:9736
- C:\Windows\System\rkyOviQ.exe
  C:\Windows\System\rkyOviQ.exe
  2⤵
  PID:3096
- C:\Windows\System\pNRefXg.exe
  C:\Windows\System\pNRefXg.exe
  2⤵
  PID:9952
- C:\Windows\System\BLwfEip.exe
  C:\Windows\System\BLwfEip.exe
  2⤵
  PID:9944
- C:\Windows\System\tGpJtyk.exe
  C:\Windows\System\tGpJtyk.exe
  2⤵
  PID:4796
- C:\Windows\System\rSeUWqq.exe
  C:\Windows\System\rSeUWqq.exe
  2⤵
  PID:9964
- C:\Windows\System\FzQvFJG.exe
  C:\Windows\System\FzQvFJG.exe
  2⤵
  PID:10080
- C:\Windows\System\nMHhhNE.exe
  C:\Windows\System\nMHhhNE.exe
  2⤵
  PID:10012
- C:\Windows\System\QkmmygJ.exe
  C:\Windows\System\QkmmygJ.exe
  2⤵
  PID:9368
- C:\Windows\System\pdgXRot.exe
  C:\Windows\System\pdgXRot.exe
  2⤵
  PID:5776
- C:\Windows\System\ppAsSBB.exe
  C:\Windows\System\ppAsSBB.exe
  2⤵
  PID:5956
- C:\Windows\System\EsztMLi.exe
  C:\Windows\System\EsztMLi.exe
  2⤵
  PID:2332
- C:\Windows\System\oliGOVl.exe
  C:\Windows\System\oliGOVl.exe
  2⤵
  PID:10188
- C:\Windows\System\dbczWWp.exe
  C:\Windows\System\dbczWWp.exe
  2⤵
  PID:9640
- C:\Windows\System\OISQmjl.exe
  C:\Windows\System\OISQmjl.exe
  2⤵
  PID:10040
- C:\Windows\System\jgrPxYG.exe
  C:\Windows\System\jgrPxYG.exe
  2⤵
  PID:1556
- C:\Windows\System\goPiliR.exe
  C:\Windows\System\goPiliR.exe
  2⤵
  PID:10248
- C:\Windows\System\niiwSHI.exe
  C:\Windows\System\niiwSHI.exe
  2⤵
  PID:10268
- C:\Windows\System\wkCLtYe.exe
  C:\Windows\System\wkCLtYe.exe
  2⤵
  PID:10296
- C:\Windows\System\HsbqqaV.exe
  C:\Windows\System\HsbqqaV.exe
  2⤵
  PID:10336
- C:\Windows\System\uGIxDpq.exe
  C:\Windows\System\uGIxDpq.exe
  2⤵
  PID:10360
- C:\Windows\System\DkcUKNg.exe
  C:\Windows\System\DkcUKNg.exe
  2⤵
  PID:10392
- C:\Windows\System\JRVcbiN.exe
  C:\Windows\System\JRVcbiN.exe
  2⤵
  PID:10412
- C:\Windows\System\JSWzBev.exe
  C:\Windows\System\JSWzBev.exe
  2⤵
  PID:10448
- C:\Windows\System\JmgDktj.exe
  C:\Windows\System\JmgDktj.exe
  2⤵
  PID:10468
- C:\Windows\System\FJErsJE.exe
  C:\Windows\System\FJErsJE.exe
  2⤵
  PID:10496
- C:\Windows\System\TtwzQKq.exe
  C:\Windows\System\TtwzQKq.exe
  2⤵
  PID:10524
- C:\Windows\System\TamWvWA.exe
  C:\Windows\System\TamWvWA.exe
  2⤵
  PID:10560
- C:\Windows\System\yTjrJLA.exe
  C:\Windows\System\yTjrJLA.exe
  2⤵
  PID:10580
- C:\Windows\System\BlJUIRh.exe
  C:\Windows\System\BlJUIRh.exe
  2⤵
  PID:10608
- C:\Windows\System\sycYWOJ.exe
  C:\Windows\System\sycYWOJ.exe
  2⤵
  PID:10636
- C:\Windows\System\EAfIWbY.exe
  C:\Windows\System\EAfIWbY.exe
  2⤵
  PID:10664
- C:\Windows\System\IaRiedE.exe
  C:\Windows\System\IaRiedE.exe
  2⤵
  PID:10692
- C:\Windows\System\rAOcrRA.exe
  C:\Windows\System\rAOcrRA.exe
  2⤵
  PID:10728
- C:\Windows\System\cxmdZGp.exe
  C:\Windows\System\cxmdZGp.exe
  2⤵
  PID:10748
- C:\Windows\System\NKgziNv.exe
  C:\Windows\System\NKgziNv.exe
  2⤵
  PID:10776
- C:\Windows\System\MqGAgfl.exe
  C:\Windows\System\MqGAgfl.exe
  2⤵
  PID:10804
- C:\Windows\System\ZpHxWqR.exe
  C:\Windows\System\ZpHxWqR.exe
  2⤵
  PID:10832
- C:\Windows\System\RYCtCGB.exe
  C:\Windows\System\RYCtCGB.exe
  2⤵
  PID:10860
- C:\Windows\System\MZBIAdw.exe
  C:\Windows\System\MZBIAdw.exe
  2⤵
  PID:10888
- C:\Windows\System\EPmTjnY.exe
  C:\Windows\System\EPmTjnY.exe
  2⤵
  PID:10916
- C:\Windows\System\BcIRzJN.exe
  C:\Windows\System\BcIRzJN.exe
  2⤵
  PID:10944
- C:\Windows\System\miQIjJX.exe
  C:\Windows\System\miQIjJX.exe
  2⤵
  PID:10972
- C:\Windows\System\yTXclLi.exe
  C:\Windows\System\yTXclLi.exe
  2⤵
  PID:11000
- C:\Windows\System\AStXwKP.exe
  C:\Windows\System\AStXwKP.exe
  2⤵
  PID:11028
- C:\Windows\System\fmEHnCy.exe
  C:\Windows\System\fmEHnCy.exe
  2⤵
  PID:11056
- C:\Windows\System\jypejAS.exe
  C:\Windows\System\jypejAS.exe
  2⤵
  PID:11084
- C:\Windows\System\oMrNTGk.exe
  C:\Windows\System\oMrNTGk.exe
  2⤵
  PID:11112
- C:\Windows\System\jKkieUH.exe
  C:\Windows\System\jKkieUH.exe
  2⤵
  PID:11140
- C:\Windows\System\vctiwjH.exe
  C:\Windows\System\vctiwjH.exe
  2⤵
  PID:11168
- C:\Windows\System\jmsOWiU.exe
  C:\Windows\System\jmsOWiU.exe
  2⤵
  PID:11196
- C:\Windows\System\hRaTxJf.exe
  C:\Windows\System\hRaTxJf.exe
  2⤵
  PID:11224
- C:\Windows\System\sdLgjuE.exe
  C:\Windows\System\sdLgjuE.exe
  2⤵
  PID:11252
- C:\Windows\System\fvbYtOd.exe
  C:\Windows\System\fvbYtOd.exe
  2⤵
  PID:10280
- C:\Windows\System\ggQMVnm.exe
  C:\Windows\System\ggQMVnm.exe
  2⤵
  PID:10348
- C:\Windows\System\yNFPqdl.exe
  C:\Windows\System\yNFPqdl.exe
  2⤵
  PID:10404
- C:\Windows\System\qqfjsis.exe
  C:\Windows\System\qqfjsis.exe
  2⤵
  PID:10464
- C:\Windows\System\kQxUYji.exe
  C:\Windows\System\kQxUYji.exe
  2⤵
  PID:10536
- C:\Windows\System\iywZeqp.exe
  C:\Windows\System\iywZeqp.exe
  2⤵
  PID:10600
- C:\Windows\System\WDDqHKh.exe
  C:\Windows\System\WDDqHKh.exe
  2⤵
  PID:10660
- C:\Windows\System\DcoPfoB.exe
  C:\Windows\System\DcoPfoB.exe
  2⤵
  PID:10736
- C:\Windows\System\VHUZNFg.exe
  C:\Windows\System\VHUZNFg.exe
  2⤵
  PID:10816
- C:\Windows\System\IAFbZBl.exe
  C:\Windows\System\IAFbZBl.exe
  2⤵
  PID:10880
- C:\Windows\System\knYqiJk.exe
  C:\Windows\System\knYqiJk.exe
  2⤵
  PID:10940
- C:\Windows\System\TGMuaur.exe
  C:\Windows\System\TGMuaur.exe
  2⤵
  PID:11012
- C:\Windows\System\QGkOgOk.exe
  C:\Windows\System\QGkOgOk.exe
  2⤵
  PID:11076
- C:\Windows\System\ZWKKZYW.exe
  C:\Windows\System\ZWKKZYW.exe
  2⤵
  PID:11136
- C:\Windows\System\JdhfCoI.exe
  C:\Windows\System\JdhfCoI.exe
  2⤵
  PID:11208
- C:\Windows\System\ZXOFwIU.exe
  C:\Windows\System\ZXOFwIU.exe
  2⤵
  PID:10260
- C:\Windows\System\bmAZZGC.exe
  C:\Windows\System\bmAZZGC.exe
  2⤵
  PID:10400
- C:\Windows\System\cjoEbsi.exe
  C:\Windows\System\cjoEbsi.exe
  2⤵
  PID:10568
- C:\Windows\System\nUNRJKT.exe
  C:\Windows\System\nUNRJKT.exe
  2⤵
  PID:10712
- C:\Windows\System\ZvyJCda.exe
  C:\Windows\System\ZvyJCda.exe
  2⤵
  PID:10872
- C:\Windows\System\vbrauNP.exe
  C:\Windows\System\vbrauNP.exe
  2⤵
  PID:10992
- C:\Windows\System\yONsHvv.exe
  C:\Windows\System\yONsHvv.exe
  2⤵
  PID:11164
- C:\Windows\System\AlXUccZ.exe
  C:\Windows\System\AlXUccZ.exe
  2⤵
  PID:10368
- C:\Windows\System\Xlsxfzb.exe
  C:\Windows\System\Xlsxfzb.exe
  2⤵
  PID:10516
- C:\Windows\System\KsOyAEF.exe
  C:\Windows\System\KsOyAEF.exe
  2⤵
  PID:10844
- C:\Windows\System\YmhLVui.exe
  C:\Windows\System\YmhLVui.exe
  2⤵
  PID:2192
- C:\Windows\System\uCMWfwF.exe
  C:\Windows\System\uCMWfwF.exe
  2⤵
  PID:10796
- C:\Windows\System\izLNAvf.exe
  C:\Windows\System\izLNAvf.exe
  2⤵
  PID:4608
- C:\Windows\System\nUcUbtU.exe
  C:\Windows\System\nUcUbtU.exe
  2⤵
  PID:11248
- C:\Windows\System\KUsiTeU.exe
  C:\Windows\System\KUsiTeU.exe
  2⤵
  PID:11300
- C:\Windows\System\HRuikBa.exe
  C:\Windows\System\HRuikBa.exe
  2⤵
  PID:11324
- C:\Windows\System\xUmTGyA.exe
  C:\Windows\System\xUmTGyA.exe
  2⤵
  PID:11360
- C:\Windows\System\ErghlSC.exe
  C:\Windows\System\ErghlSC.exe
  2⤵
  PID:11400
- C:\Windows\System\IOafldI.exe
  C:\Windows\System\IOafldI.exe
  2⤵
  PID:11420
- C:\Windows\System\asRlGwg.exe
  C:\Windows\System\asRlGwg.exe
  2⤵
  PID:11448
- C:\Windows\System\KlRCEjS.exe
  C:\Windows\System\KlRCEjS.exe
  2⤵
  PID:11476
- C:\Windows\System\vxoLdiT.exe
  C:\Windows\System\vxoLdiT.exe
  2⤵
  PID:11508
- C:\Windows\System\DWzzWSW.exe
  C:\Windows\System\DWzzWSW.exe
  2⤵
  PID:11536
- C:\Windows\System\qxroGhL.exe
  C:\Windows\System\qxroGhL.exe
  2⤵
  PID:11564
- C:\Windows\System\JvgaCUi.exe
  C:\Windows\System\JvgaCUi.exe
  2⤵
  PID:11592
- C:\Windows\System\znurgic.exe
  C:\Windows\System\znurgic.exe
  2⤵
  PID:11624
- C:\Windows\System\jziijXh.exe
  C:\Windows\System\jziijXh.exe
  2⤵
  PID:11660
- C:\Windows\System\fvlscio.exe
  C:\Windows\System\fvlscio.exe
  2⤵
  PID:11684
- C:\Windows\System\kkqABru.exe
  C:\Windows\System\kkqABru.exe
  2⤵
  PID:11728
- C:\Windows\System\fvdXEAb.exe
  C:\Windows\System\fvdXEAb.exe
  2⤵
  PID:11756
- C:\Windows\System\YpWIMPX.exe
  C:\Windows\System\YpWIMPX.exe
  2⤵
  PID:11784
- C:\Windows\System\bACNfpY.exe
  C:\Windows\System\bACNfpY.exe
  2⤵
  PID:11812
- C:\Windows\System\myXJNaS.exe
  C:\Windows\System\myXJNaS.exe
  2⤵
  PID:11840
- C:\Windows\System\keycMHb.exe
  C:\Windows\System\keycMHb.exe
  2⤵
  PID:11868
- C:\Windows\System\PCnNUwR.exe
  C:\Windows\System\PCnNUwR.exe
  2⤵
  PID:11896
- C:\Windows\System\YngmAVV.exe
  C:\Windows\System\YngmAVV.exe
  2⤵
  PID:11924
- C:\Windows\System\afDACpr.exe
  C:\Windows\System\afDACpr.exe
  2⤵
  PID:11952
- C:\Windows\System\EbfMfUo.exe
  C:\Windows\System\EbfMfUo.exe
  2⤵
  PID:11980
- C:\Windows\System\RpiakeP.exe
  C:\Windows\System\RpiakeP.exe
  2⤵
  PID:12012
- C:\Windows\System\fySMOIF.exe
  C:\Windows\System\fySMOIF.exe
  2⤵
  PID:12048
- C:\Windows\System\fYQsuUQ.exe
  C:\Windows\System\fYQsuUQ.exe
  2⤵
  PID:12064
- C:\Windows\System\QfdVuku.exe
  C:\Windows\System\QfdVuku.exe
  2⤵
  PID:12092
- C:\Windows\System\eMwNsUg.exe
  C:\Windows\System\eMwNsUg.exe
  2⤵
  PID:12120
- C:\Windows\System\ttYlLbk.exe
  C:\Windows\System\ttYlLbk.exe
  2⤵
  PID:12148
- C:\Windows\System\tUbhntA.exe
  C:\Windows\System\tUbhntA.exe
  2⤵
  PID:12176
- C:\Windows\System\OoIFWoe.exe
  C:\Windows\System\OoIFWoe.exe
  2⤵
  PID:12204
- C:\Windows\System\uxhNthy.exe
  C:\Windows\System\uxhNthy.exe
  2⤵
  PID:12232
- C:\Windows\System\XIKRSnK.exe
  C:\Windows\System\XIKRSnK.exe
  2⤵
  PID:12260
- C:\Windows\System\dylGVgT.exe
  C:\Windows\System\dylGVgT.exe
  2⤵
  PID:2736
- C:\Windows\System\xYgmIdF.exe
  C:\Windows\System\xYgmIdF.exe
  2⤵
  PID:11336
- C:\Windows\System\urrysxd.exe
  C:\Windows\System\urrysxd.exe
  2⤵
  PID:11356
- C:\Windows\System\iNXQPCJ.exe
  C:\Windows\System\iNXQPCJ.exe
  2⤵
  PID:11416
- C:\Windows\System\caRLgqM.exe
  C:\Windows\System\caRLgqM.exe
  2⤵
  PID:11492
- C:\Windows\System\HogNTRu.exe
  C:\Windows\System\HogNTRu.exe
  2⤵
  PID:11528
- C:\Windows\System\uIbuoBe.exe
  C:\Windows\System\uIbuoBe.exe
  2⤵
  PID:11588
- C:\Windows\System\NdrIUwV.exe
  C:\Windows\System\NdrIUwV.exe
  2⤵
  PID:11620
- C:\Windows\System\dmrJwVq.exe
  C:\Windows\System\dmrJwVq.exe
  2⤵
  PID:4236
- C:\Windows\System\PcPwSvL.exe
  C:\Windows\System\PcPwSvL.exe
  2⤵
  PID:11696
- C:\Windows\System\lWXBcHy.exe
  C:\Windows\System\lWXBcHy.exe
  2⤵
  PID:11344
- C:\Windows\System\hejnWqN.exe
  C:\Windows\System\hejnWqN.exe
  2⤵
  PID:11632
- C:\Windows\System\sXHgfhF.exe
  C:\Windows\System\sXHgfhF.exe
  2⤵
  PID:11780
- C:\Windows\System\gshzjUW.exe
  C:\Windows\System\gshzjUW.exe
  2⤵
  PID:11852
- C:\Windows\System\dWldCOD.exe
  C:\Windows\System\dWldCOD.exe
  2⤵
  PID:11916
- C:\Windows\System\pponddz.exe
  C:\Windows\System\pponddz.exe
  2⤵
  PID:2280
- C:\Windows\System\brmfcwa.exe
  C:\Windows\System\brmfcwa.exe
  2⤵
  PID:4556
- C:\Windows\System\UZIVvSm.exe
  C:\Windows\System\UZIVvSm.exe
  2⤵
  PID:12032
- C:\Windows\System\VCTLVJN.exe
  C:\Windows\System\VCTLVJN.exe
  2⤵
  PID:12112
- C:\Windows\System\WpCCFmL.exe
  C:\Windows\System\WpCCFmL.exe
  2⤵
  PID:12172
- C:\Windows\System\dgPHAND.exe
  C:\Windows\System\dgPHAND.exe
  2⤵
  PID:12244
- C:\Windows\System\kyyfvtu.exe
  C:\Windows\System\kyyfvtu.exe
  2⤵
  PID:11292
- C:\Windows\System\vWsDsOo.exe
  C:\Windows\System\vWsDsOo.exe
  2⤵
  PID:11412
- C:\Windows\System\JAZvWuT.exe
  C:\Windows\System\JAZvWuT.exe
  2⤵
  PID:11504
- C:\Windows\System\yBxBWEe.exe
  C:\Windows\System\yBxBWEe.exe
  2⤵
  PID:1824
- C:\Windows\System\TYaERGB.exe
  C:\Windows\System\TYaERGB.exe
  2⤵
  PID:5924
- C:\Windows\System\EwkuhrE.exe
  C:\Windows\System\EwkuhrE.exe
  2⤵
  PID:11280
- C:\Windows\System\lzCKxeG.exe
  C:\Windows\System\lzCKxeG.exe
  2⤵
  PID:11768
- C:\Windows\System\QUswmdD.exe
  C:\Windows\System\QUswmdD.exe
  2⤵
  PID:11880
- C:\Windows\System\pNROAGG.exe
  C:\Windows\System\pNROAGG.exe
  2⤵
  PID:4948
- C:\Windows\System\pqvDcBO.exe
  C:\Windows\System\pqvDcBO.exe
  2⤵
  PID:1848
- C:\Windows\System\TlaKwtr.exe
  C:\Windows\System\TlaKwtr.exe
  2⤵
  PID:908
- C:\Windows\System\vJvqepb.exe
  C:\Windows\System\vJvqepb.exe
  2⤵
  PID:12200
- C:\Windows\System\QZKZcIj.exe
  C:\Windows\System\QZKZcIj.exe
  2⤵
  PID:12228
- C:\Windows\System\WTPglrx.exe
  C:\Windows\System\WTPglrx.exe
  2⤵
  PID:11384
- C:\Windows\System\ZnNkkUn.exe
  C:\Windows\System\ZnNkkUn.exe
  2⤵
  PID:11576
- C:\Windows\System\vZBQDic.exe
  C:\Windows\System\vZBQDic.exe
  2⤵
  PID:5908
- C:\Windows\System\LonBrxc.exe
  C:\Windows\System\LonBrxc.exe
  2⤵
  PID:5204
- C:\Windows\System\FNTWznx.exe
  C:\Windows\System\FNTWznx.exe
  2⤵
  PID:3528
- C:\Windows\System\qLZSATe.exe
  C:\Windows\System\qLZSATe.exe
  2⤵
  PID:11972
- C:\Windows\System\aXJGzXm.exe
  C:\Windows\System\aXJGzXm.exe
  2⤵
  PID:5480
- C:\Windows\System\aXUyGXS.exe
  C:\Windows\System\aXUyGXS.exe
  2⤵
  PID:5160
- C:\Windows\System\OMoMopP.exe
  C:\Windows\System\OMoMopP.exe
  2⤵
  PID:4192
- C:\Windows\System\JVQuuIX.exe
  C:\Windows\System\JVQuuIX.exe
  2⤵
  PID:4152
- C:\Windows\System\SXwNjik.exe
  C:\Windows\System\SXwNjik.exe
  2⤵
  PID:2844
- C:\Windows\System\yLoDfhU.exe
  C:\Windows\System\yLoDfhU.exe
  2⤵
  PID:12028
- C:\Windows\System\AUMfatI.exe
  C:\Windows\System\AUMfatI.exe
  2⤵
  PID:1140
- C:\Windows\System\Bxyymwp.exe
  C:\Windows\System\Bxyymwp.exe
  2⤵
  PID:4648
- C:\Windows\System\lmfAnzd.exe
  C:\Windows\System\lmfAnzd.exe
  2⤵
  PID:3900
- C:\Windows\System\bdHhNFt.exe
  C:\Windows\System\bdHhNFt.exe
  2⤵
  PID:3080
- C:\Windows\System\DnIeiQy.exe
  C:\Windows\System\DnIeiQy.exe
  2⤵
  PID:3676
- C:\Windows\System\uiTJQIQ.exe
  C:\Windows\System\uiTJQIQ.exe
  2⤵
  PID:12324
- C:\Windows\System\RxSkgwe.exe
  C:\Windows\System\RxSkgwe.exe
  2⤵
  PID:12344
- C:\Windows\System\yNdlzUs.exe
  C:\Windows\System\yNdlzUs.exe
  2⤵
  PID:12376
- C:\Windows\System\oFquzjS.exe
  C:\Windows\System\oFquzjS.exe
  2⤵
  PID:12404
- C:\Windows\System\HQyGaqy.exe
  C:\Windows\System\HQyGaqy.exe
  2⤵
  PID:12432
- C:\Windows\System\lSTaxgS.exe
  C:\Windows\System\lSTaxgS.exe
  2⤵
  PID:12464
- C:\Windows\System\StsbIGZ.exe
  C:\Windows\System\StsbIGZ.exe
  2⤵
  PID:12492
- C:\Windows\System\rmChCif.exe
  C:\Windows\System\rmChCif.exe
  2⤵
  PID:12528
- C:\Windows\System\tLqGgGO.exe
  C:\Windows\System\tLqGgGO.exe
  2⤵
  PID:12556
- C:\Windows\System\fMDnuLd.exe
  C:\Windows\System\fMDnuLd.exe
  2⤵
  PID:12584
- C:\Windows\System\QguRHzf.exe
  C:\Windows\System\QguRHzf.exe
  2⤵
  PID:12612
- C:\Windows\System\RuDmPXM.exe
  C:\Windows\System\RuDmPXM.exe
  2⤵
  PID:12644
- C:\Windows\System\GkrZSsl.exe
  C:\Windows\System\GkrZSsl.exe
  2⤵
  PID:12672
- C:\Windows\System\UoCebNU.exe
  C:\Windows\System\UoCebNU.exe
  2⤵
  PID:12704
- C:\Windows\System\JTWMNlt.exe
  C:\Windows\System\JTWMNlt.exe
  2⤵
  PID:12728
- C:\Windows\System\YjaNUGw.exe
  C:\Windows\System\YjaNUGw.exe
  2⤵
  PID:12756
- C:\Windows\System\YtsdlZW.exe
  C:\Windows\System\YtsdlZW.exe
  2⤵
  PID:12788
- C:\Windows\System\gcRTGup.exe
  C:\Windows\System\gcRTGup.exe
  2⤵
  PID:12836
- C:\Windows\System\wnYDjlo.exe
  C:\Windows\System\wnYDjlo.exe
  2⤵
  PID:12868
- C:\Windows\System\ZQknMAD.exe
  C:\Windows\System\ZQknMAD.exe
  2⤵
  PID:12904
- C:\Windows\System\teYdjHD.exe
  C:\Windows\System\teYdjHD.exe
  2⤵
  PID:12940
- C:\Windows\System\tEObpfB.exe
  C:\Windows\System\tEObpfB.exe
  2⤵
  PID:12964
- C:\Windows\System\bjoeOwp.exe
  C:\Windows\System\bjoeOwp.exe
  2⤵
  PID:12992
- C:\Windows\System\tnxMgKZ.exe
  C:\Windows\System\tnxMgKZ.exe
  2⤵
  PID:13028
- C:\Windows\System\MxpNSwg.exe
  C:\Windows\System\MxpNSwg.exe
  2⤵
  PID:13060
- C:\Windows\System\hmIYtDH.exe
  C:\Windows\System\hmIYtDH.exe
  2⤵
  PID:13092
- C:\Windows\System\ySaWWvR.exe
  C:\Windows\System\ySaWWvR.exe
  2⤵
  PID:13128
- C:\Windows\System\ZriTZTw.exe
  C:\Windows\System\ZriTZTw.exe
  2⤵
  PID:13156
- C:\Windows\System\SbdWIea.exe
  C:\Windows\System\SbdWIea.exe
  2⤵
  PID:13184
- C:\Windows\System\gPWOICG.exe
  C:\Windows\System\gPWOICG.exe
  2⤵
  PID:13220
- C:\Windows\System\lZKgXhN.exe
  C:\Windows\System\lZKgXhN.exe
  2⤵
  PID:13244
- C:\Windows\System\hKtCUcd.exe
  C:\Windows\System\hKtCUcd.exe
  2⤵
  PID:13272
- C:\Windows\System\LlDguLh.exe
  C:\Windows\System\LlDguLh.exe
  2⤵
  PID:2244
- C:\Windows\System\zbjlhJv.exe
  C:\Windows\System\zbjlhJv.exe
  2⤵
  PID:12340
- C:\Windows\System\HBMQhjz.exe
  C:\Windows\System\HBMQhjz.exe
  2⤵
  PID:12416
- C:\Windows\System\xbUZmJh.exe
  C:\Windows\System\xbUZmJh.exe
  2⤵
  PID:12476
- C:\Windows\System\eJdhTHU.exe
  C:\Windows\System\eJdhTHU.exe
  2⤵
  PID:2928
- C:\Windows\System\PNmecjj.exe
  C:\Windows\System\PNmecjj.exe
  2⤵
  PID:12552
- C:\Windows\System\tOjRoRw.exe
  C:\Windows\System\tOjRoRw.exe
  2⤵
  PID:4088
- C:\Windows\System\PfmmJaI.exe
  C:\Windows\System\PfmmJaI.exe
  2⤵
  PID:12636
- C:\Windows\System\udrnUOo.exe
  C:\Windows\System\udrnUOo.exe
  2⤵
  PID:12696
- C:\Windows\System\isoNvTE.exe
  C:\Windows\System\isoNvTE.exe
  2⤵
  PID:3616
- C:\Windows\System\SnRlqIe.exe
  C:\Windows\System\SnRlqIe.exe
  2⤵
  PID:12780
- C:\Windows\System\RyIAXDQ.exe
  C:\Windows\System\RyIAXDQ.exe
  2⤵
  PID:400
- C:\Windows\System\ECoErEP.exe
  C:\Windows\System\ECoErEP.exe
  2⤵
  PID:12928
- C:\Windows\System\YLYqDHd.exe
  C:\Windows\System\YLYqDHd.exe
  2⤵
  PID:5800
- C:\Windows\System\KZdABGZ.exe
  C:\Windows\System\KZdABGZ.exe
  2⤵
  PID:13052
- C:\Windows\System\LZAKdOH.exe
  C:\Windows\System\LZAKdOH.exe
  2⤵
  PID:13120
- C:\Windows\System\TpHsuSf.exe
  C:\Windows\System\TpHsuSf.exe
  2⤵
  PID:1748
- C:\Windows\System\oUVdJMK.exe
  C:\Windows\System\oUVdJMK.exe
  2⤵
  PID:13208
- C:\Windows\System\ScqDZSP.exe
  C:\Windows\System\ScqDZSP.exe
  2⤵
  PID:5512
- C:\Windows\System\zTREnAU.exe
  C:\Windows\System\zTREnAU.exe
  2⤵
  PID:5524
- C:\Windows\System\ielSdyN.exe
  C:\Windows\System\ielSdyN.exe
  2⤵
  PID:4620
- C:\Windows\System\SgyDRoj.exe
  C:\Windows\System\SgyDRoj.exe
  2⤵
  PID:12372
- C:\Windows\System\FRrEvJk.exe
  C:\Windows\System\FRrEvJk.exe
  2⤵
  PID:12452
- C:\Windows\System\iyVIrGn.exe
  C:\Windows\System\iyVIrGn.exe
  2⤵
  PID:5508
- C:\Windows\System\eoSIVbG.exe
  C:\Windows\System\eoSIVbG.exe
  2⤵
  PID:1484
- C:\Windows\System\jdcFfNJ.exe
  C:\Windows\System\jdcFfNJ.exe
  2⤵
  PID:5232
- C:\Windows\System\kPyAKzG.exe
  C:\Windows\System\kPyAKzG.exe
  2⤵
  PID:12692
- C:\Windows\System\ZlzYfyQ.exe
  C:\Windows\System\ZlzYfyQ.exe
  2⤵
  PID:2696
- C:\Windows\System\McPSvvl.exe
  C:\Windows\System\McPSvvl.exe
  2⤵
  PID:12852
- C:\Windows\System\YXHPOJi.exe
  C:\Windows\System\YXHPOJi.exe
  2⤵
  PID:4092
- C:\Windows\System\SXReNDm.exe
  C:\Windows\System\SXReNDm.exe
  2⤵
  PID:13004
- C:\Windows\System\vtcYlvx.exe
  C:\Windows\System\vtcYlvx.exe
  2⤵
  PID:528
- C:\Windows\System\OwuRKUV.exe
  C:\Windows\System\OwuRKUV.exe
  2⤵
  PID:4420
- C:\Windows\System\JqOjIyg.exe
  C:\Windows\System\JqOjIyg.exe
  2⤵
  PID:13260
- C:\Windows\System\XgPvTbC.exe
  C:\Windows\System\XgPvTbC.exe
  2⤵
  PID:964
- C:\Windows\System\IsTqFUl.exe
  C:\Windows\System\IsTqFUl.exe
  2⤵
  PID:2464
- C:\Windows\System\tkVjQrk.exe
  C:\Windows\System\tkVjQrk.exe
  2⤵
  PID:4784
- C:\Windows\System\tduOUeZ.exe
  C:\Windows\System\tduOUeZ.exe
  2⤵
  PID:12960
- C:\Windows\System\xCDrldg.exe
  C:\Windows\System\xCDrldg.exe
  2⤵
  PID:13168
- C:\Windows\System\MNsusbA.exe
  C:\Windows\System\MNsusbA.exe
  2⤵
  PID:4792
- C:\Windows\System\PlWbhnx.exe
  C:\Windows\System\PlWbhnx.exe
  2⤵
  PID:13152
- C:\Windows\System\GrdsMRV.exe
  C:\Windows\System\GrdsMRV.exe
  2⤵
  PID:4756
- C:\Windows\System\Ygtqegd.exe
  C:\Windows\System\Ygtqegd.exe
  2⤵
  PID:12512
- C:\Windows\System\JGjabuG.exe
  C:\Windows\System\JGjabuG.exe
  2⤵
  PID:12808
- C:\Windows\System\BbqSgxH.exe
  C:\Windows\System\BbqSgxH.exe
  2⤵
  PID:1768
- C:\Windows\System\apXDSjS.exe
  C:\Windows\System\apXDSjS.exe
  2⤵
  PID:11736
- C:\Windows\System\dvSleBY.exe
  C:\Windows\System\dvSleBY.exe
  2⤵
  PID:12884
- C:\Windows\System\AqhykBe.exe
  C:\Windows\System\AqhykBe.exe
  2⤵
  PID:12516
- C:\Windows\System\iKUIHaF.exe
  C:\Windows\System\iKUIHaF.exe
  2⤵
  PID:13016
- C:\Windows\System\csyqnvp.exe
  C:\Windows\System\csyqnvp.exe
  2⤵
  PID:4208
- C:\Windows\System\pzLSUwv.exe
  C:\Windows\System\pzLSUwv.exe
  2⤵
  PID:216
- C:\Windows\System\SabiHnI.exe
  C:\Windows\System\SabiHnI.exe
  2⤵
  PID:2200
- C:\Windows\System\ygLZZVq.exe
  C:\Windows\System\ygLZZVq.exe
  2⤵
  PID:5840
- C:\Windows\System\EiVTAnN.exe
  C:\Windows\System\EiVTAnN.exe
  2⤵
  PID:4416
- C:\Windows\System\eJSbQGP.exe
  C:\Windows\System\eJSbQGP.exe
  2⤵
  PID:3084
- C:\Windows\System\XIekpIN.exe
  C:\Windows\System\XIekpIN.exe
  2⤵
  PID:13348
- C:\Windows\System\SIXQMFt.exe
  C:\Windows\System\SIXQMFt.exe
  2⤵
  PID:13372
- C:\Windows\System\cHOwDmM.exe
  C:\Windows\System\cHOwDmM.exe
  2⤵
  PID:13404
- C:\Windows\System\rEuGBhO.exe
  C:\Windows\System\rEuGBhO.exe
  2⤵
  PID:13424
- C:\Windows\System\rLgYXld.exe
  C:\Windows\System\rLgYXld.exe
  2⤵
  PID:13460
- C:\Windows\System\EjXQVEI.exe
  C:\Windows\System\EjXQVEI.exe
  2⤵
  PID:13488
- C:\Windows\System\YQeihWo.exe
  C:\Windows\System\YQeihWo.exe
  2⤵
  PID:13528
- C:\Windows\System\HvNPCxs.exe
  C:\Windows\System\HvNPCxs.exe
  2⤵
  PID:13544
- C:\Windows\System\YSILLpD.exe
  C:\Windows\System\YSILLpD.exe
  2⤵
  PID:13572
- C:\Windows\System\fqYOcLt.exe
  C:\Windows\System\fqYOcLt.exe
  2⤵
  PID:13600
- C:\Windows\System\lNcqlGz.exe
  C:\Windows\System\lNcqlGz.exe
  2⤵
  PID:13628
- C:\Windows\System\ZICTYni.exe
  C:\Windows\System\ZICTYni.exe
  2⤵
  PID:13656
- C:\Windows\System\vfiewUa.exe
  C:\Windows\System\vfiewUa.exe
  2⤵
  PID:13684
- C:\Windows\System\AUqymha.exe
  C:\Windows\System\AUqymha.exe
  2⤵
  PID:13744
- C:\Windows\System\rVWwYAl.exe
  C:\Windows\System\rVWwYAl.exe
  2⤵
  PID:13772
- C:\Windows\System\MeiBWjm.exe
  C:\Windows\System\MeiBWjm.exe
  2⤵
  PID:13812
- C:\Windows\System\FlQMZvW.exe
  C:\Windows\System\FlQMZvW.exe
  2⤵
  PID:13868
- C:\Windows\System\ZPsqHQA.exe
  C:\Windows\System\ZPsqHQA.exe
  2⤵
  PID:13900
- C:\Windows\System\yRYCSBc.exe
  C:\Windows\System\yRYCSBc.exe
  2⤵
  PID:13928
- C:\Windows\System\NalZJAP.exe
  C:\Windows\System\NalZJAP.exe
  2⤵
  PID:13960
- C:\Windows\System\ioTgMOe.exe
  C:\Windows\System\ioTgMOe.exe
  2⤵
  PID:13988
- C:\Windows\System\yawaZsr.exe
  C:\Windows\System\yawaZsr.exe
  2⤵
  PID:14016
- C:\Windows\System\DIhAsyj.exe
  C:\Windows\System\DIhAsyj.exe
  2⤵
  PID:14056
- C:\Windows\System\cfWycXm.exe
  C:\Windows\System\cfWycXm.exe
  2⤵
  PID:14084
- C:\Windows\System\ufoJdgg.exe
  C:\Windows\System\ufoJdgg.exe
  2⤵
  PID:14112
- C:\Windows\System\owKFBah.exe
  C:\Windows\System\owKFBah.exe
  2⤵
  PID:14140
- C:\Windows\System\ChsRhjY.exe
  C:\Windows\System\ChsRhjY.exe
  2⤵
  PID:14168
- C:\Windows\System\owtXEun.exe
  C:\Windows\System\owtXEun.exe
  2⤵
  PID:14196
- C:\Windows\System\eWwlhFf.exe
  C:\Windows\System\eWwlhFf.exe
  2⤵
  PID:14216
- C:\Windows\System\PIrikJz.exe
  C:\Windows\System\PIrikJz.exe
  2⤵
  PID:14256
- C:\Windows\System\QUSaYgi.exe
  C:\Windows\System\QUSaYgi.exe
  2⤵
  PID:14284
- C:\Windows\System\ZmYRLTp.exe
  C:\Windows\System\ZmYRLTp.exe
  2⤵
  PID:14324
- C:\Windows\System\qvClCBc.exe
  C:\Windows\System\qvClCBc.exe
  2⤵
  PID:1188
- C:\Windows\System\drLQdRI.exe
  C:\Windows\System\drLQdRI.exe
  2⤵
  PID:4004
- C:\Windows\System\iVZFCDe.exe
  C:\Windows\System\iVZFCDe.exe
  2⤵
  PID:4960
- C:\Windows\System\wrUGGAB.exe
  C:\Windows\System\wrUGGAB.exe
  2⤵
  PID:3344
- C:\Windows\System\jXcBGQZ.exe
  C:\Windows\System\jXcBGQZ.exe
  2⤵
  PID:2864
- C:\Windows\System\AKiWgrN.exe
  C:\Windows\System\AKiWgrN.exe
  2⤵
  PID:6160
- C:\Windows\System\dvnsCjU.exe
  C:\Windows\System\dvnsCjU.exe
  2⤵
  PID:13452
- C:\Windows\System\Damyfpn.exe
  C:\Windows\System\Damyfpn.exe
  2⤵
  PID:13524
- C:\Windows\System\dvIDNnC.exe
  C:\Windows\System\dvIDNnC.exe
  2⤵
  PID:13564
- C:\Windows\System\xLIzkvD.exe
  C:\Windows\System\xLIzkvD.exe
  2⤵
  PID:6332
- C:\Windows\System\FEodvFV.exe
  C:\Windows\System\FEodvFV.exe
  2⤵
  PID:13648
- C:\Windows\System\aDZuUYq.exe
  C:\Windows\System\aDZuUYq.exe
  2⤵
  PID:4820
- C:\Windows\System\RJiViBY.exe
  C:\Windows\System\RJiViBY.exe
  2⤵
  PID:1268
- C:\Windows\System\vrdkNZd.exe
  C:\Windows\System\vrdkNZd.exe
  2⤵
  PID:12368
- C:\Windows\System\AzQCgia.exe
  C:\Windows\System\AzQCgia.exe
  2⤵
  PID:456
- C:\Windows\System\opxPQIH.exe
  C:\Windows\System\opxPQIH.exe
  2⤵
  PID:13756
- C:\Windows\System\zHiogVe.exe
  C:\Windows\System\zHiogVe.exe
  2⤵
  PID:13808
- C:\Windows\System\QzjGrCZ.exe
  C:\Windows\System\QzjGrCZ.exe
  2⤵
  PID:13880
- C:\Windows\System\irFQsKd.exe
  C:\Windows\System\irFQsKd.exe
  2⤵
  PID:6536
- C:\Windows\System\PYDFlcR.exe
  C:\Windows\System\PYDFlcR.exe
  2⤵
  PID:13948
- C:\Windows\System\iTIqCVb.exe
  C:\Windows\System\iTIqCVb.exe
  2⤵
  PID:13972
- C:\Windows\System\RjKBFLJ.exe
  C:\Windows\System\RjKBFLJ.exe
  2⤵
  PID:6584
- C:\Windows\System\zPHlecF.exe
  C:\Windows\System\zPHlecF.exe
  2⤵
  PID:6620
- C:\Windows\System\JKkwEhu.exe
  C:\Windows\System\JKkwEhu.exe
  2⤵
  PID:14052
- C:\Windows\System\eWvfZlF.exe
  C:\Windows\System\eWvfZlF.exe
  2⤵
  PID:6708
- C:\Windows\System\qfEUiCO.exe
  C:\Windows\System\qfEUiCO.exe
  2⤵
  PID:14164
- C:\Windows\System\YyJwTYM.exe
  C:\Windows\System\YyJwTYM.exe
  2⤵
  PID:14192
- C:\Windows\System\YHOWFkc.exe
  C:\Windows\System\YHOWFkc.exe
  2⤵
  PID:14252
- C:\Windows\System\nCvlwOp.exe
  C:\Windows\System\nCvlwOp.exe
  2⤵
  PID:6848
- C:\Windows\System\jxztCgE.exe
  C:\Windows\System\jxztCgE.exe
  2⤵
  PID:6892
- C:\Windows\System\atjAHqO.exe
  C:\Windows\System\atjAHqO.exe
  2⤵
  PID:3524
- C:\Windows\System\jsysNHI.exe
  C:\Windows\System\jsysNHI.exe
  2⤵
  PID:5596
- C:\Windows\System\XyWaGgv.exe
  C:\Windows\System\XyWaGgv.exe
  2⤵
  PID:4456
- C:\Windows\System\rHIkiYj.exe
  C:\Windows\System\rHIkiYj.exe
  2⤵
  PID:7084
- C:\Windows\System\OmXnnlM.exe
  C:\Windows\System\OmXnnlM.exe
  2⤵
  PID:6276
- C:\Windows\System\CqWuhBk.exe
  C:\Windows\System\CqWuhBk.exe
  2⤵
  PID:13592
- C:\Windows\System\txTAIXJ.exe
  C:\Windows\System\txTAIXJ.exe
  2⤵
  PID:13640
- C:\Windows\System\qhDcQZB.exe
  C:\Windows\System\qhDcQZB.exe
  2⤵
  PID:13620
- C:\Windows\System\elSovkP.exe
  C:\Windows\System\elSovkP.exe
  2⤵
  PID:4484
- C:\Windows\System\ukWtLFj.exe
  C:\Windows\System\ukWtLFj.exe
  2⤵
  PID:4524
- C:\Windows\System\ZZGdbMG.exe
  C:\Windows\System\ZZGdbMG.exe
  2⤵
  PID:5728
- C:\Windows\System\urQrutC.exe
  C:\Windows\System\urQrutC.exe
  2⤵
  PID:13728
- C:\Windows\System\nQeZnDO.exe
  C:\Windows\System\nQeZnDO.exe
  2⤵
  PID:13860
- C:\Windows\System\RKMSctO.exe
  C:\Windows\System\RKMSctO.exe
  2⤵
  PID:6524
- C:\Windows\System\jdyrUDa.exe
  C:\Windows\System\jdyrUDa.exe
  2⤵
  PID:13856
- C:\Windows\System\qtFKNDW.exe
  C:\Windows\System\qtFKNDW.exe
  2⤵
  PID:6672
- C:\Windows\System\tqfnYDF.exe
  C:\Windows\System\tqfnYDF.exe
  2⤵
  PID:14028
- C:\Windows\System\AAyQPiR.exe
  C:\Windows\System\AAyQPiR.exe
  2⤵
  PID:6888
- C:\Windows\System\RYKDDzd.exe
  C:\Windows\System\RYKDDzd.exe
  2⤵
  PID:14104
- C:\Windows\System\zBcFXRp.exe
  C:\Windows\System\zBcFXRp.exe
  2⤵
  PID:7040
- C:\Windows\System\eFHmsqT.exe
  C:\Windows\System\eFHmsqT.exe
  2⤵
  PID:14276
- C:\Windows\System\nwNekrG.exe
  C:\Windows\System\nwNekrG.exe
  2⤵
  PID:6900
- C:\Windows\System\DlrDItb.exe
  C:\Windows\System\DlrDItb.exe
  2⤵
  PID:6364
- C:\Windows\System\woJSJHv.exe
  C:\Windows\System\woJSJHv.exe
  2⤵
  PID:13364
- C:\Windows\System\BexCKkA.exe
  C:\Windows\System\BexCKkA.exe
  2⤵
  PID:1676
- C:\Windows\System\bLkAOJG.exe
  C:\Windows\System\bLkAOJG.exe
  2⤵
  PID:6912
- C:\Windows\System\AlUZiYd.exe
  C:\Windows\System\AlUZiYd.exe
  2⤵
  PID:6360
- C:\Windows\System\fHoPwss.exe
  C:\Windows\System\fHoPwss.exe
  2⤵
  PID:13732
- C:\Windows\System\hUktgFd.exe
  C:\Windows\System\hUktgFd.exe
  2⤵
  PID:14160
- C:\Windows\System\sYgkELV.exe
  C:\Windows\System\sYgkELV.exe
  2⤵
  PID:5124
- C:\Windows\System\FjFlGel.exe
  C:\Windows\System\FjFlGel.exe
  2⤵
  PID:6776
- C:\Windows\System\NcqFGwh.exe
  C:\Windows\System\NcqFGwh.exe
  2⤵
  PID:7044
- C:\Windows\System\NoCRXuu.exe
  C:\Windows\System\NoCRXuu.exe
  2⤵
  PID:13784
- C:\Windows\System\GknlRQv.exe
  C:\Windows\System\GknlRQv.exe
  2⤵
  PID:13920
- C:\Windows\System\XxTfRur.exe
  C:\Windows\System\XxTfRur.exe
  2⤵
  PID:7224
- C:\Windows\System\DOptFBf.exe
  C:\Windows\System\DOptFBf.exe
  2⤵
  PID:6748
- C:\Windows\System\BYMwbKT.exe
  C:\Windows\System\BYMwbKT.exe
  2⤵
  PID:14080
- C:\Windows\System\DEKerkm.exe
  C:\Windows\System\DEKerkm.exe
  2⤵
  PID:7328
- C:\Windows\System\FEWZoid.exe
  C:\Windows\System\FEWZoid.exe
  2⤵
  PID:7356
- C:\Windows\System\oBjYnTh.exe
  C:\Windows\System\oBjYnTh.exe
  2⤵
  PID:7396
- C:\Windows\System\AYWiGGI.exe
  C:\Windows\System\AYWiGGI.exe
  2⤵
  PID:6664
- C:\Windows\System\oQfakbD.exe
  C:\Windows\System\oQfakbD.exe
  2⤵
  PID:13624
- C:\Windows\System\plYEpFM.exe
  C:\Windows\System\plYEpFM.exe
  2⤵
  PID:7164
- C:\Windows\System\DeaeuwD.exe
  C:\Windows\System\DeaeuwD.exe
  2⤵
  PID:7560
- C:\Windows\System\SZPOUzq.exe
  C:\Windows\System\SZPOUzq.exe
  2⤵
  PID:7600
- C:\Windows\System\UeybCLX.exe
  C:\Windows\System\UeybCLX.exe
  2⤵
  PID:13500
- C:\Windows\System\vMOnCOa.exe
  C:\Windows\System\vMOnCOa.exe
  2⤵
  PID:13724
- C:\Windows\System\Sfibxvq.exe
  C:\Windows\System\Sfibxvq.exe
  2⤵
  PID:13912
- C:\Windows\System\eCecckN.exe
  C:\Windows\System\eCecckN.exe
  2⤵
  PID:6632
- C:\Windows\System\UOcymGh.exe
  C:\Windows\System\UOcymGh.exe
  2⤵
  PID:7824
- C:\Windows\System\syUDvdv.exe
  C:\Windows\System\syUDvdv.exe
  2⤵
  PID:1532
- C:\Windows\System\PFHWpwA.exe
  C:\Windows\System\PFHWpwA.exe
  2⤵
  PID:7900
- C:\Windows\System\KmicoxM.exe
  C:\Windows\System\KmicoxM.exe
  2⤵
  PID:7924
- C:\Windows\System\UMIQEBn.exe
  C:\Windows\System\UMIQEBn.exe
  2⤵
  PID:7496
- C:\Windows\System\fqDATrE.exe
  C:\Windows\System\fqDATrE.exe
  2⤵
  PID:13796
- C:\Windows\System\eSEfBJK.exe
  C:\Windows\System\eSEfBJK.exe
  2⤵
  PID:8012
- C:\Windows\System\KFjYWPH.exe
  C:\Windows\System\KFjYWPH.exe
  2⤵
  PID:8032
- C:\Windows\System\WLzjidl.exe
  C:\Windows\System\WLzjidl.exe
  2⤵
  PID:8104
- C:\Windows\System\XGgyOwl.exe
  C:\Windows\System\XGgyOwl.exe
  2⤵
  PID:7244
- C:\Windows\System\sgcpKPU.exe
  C:\Windows\System\sgcpKPU.exe
  2⤵
  PID:7880
- C:\Windows\System\taOFxMD.exe
  C:\Windows\System\taOFxMD.exe
  2⤵
  PID:7208
- C:\Windows\System\xfIcfHT.exe
  C:\Windows\System\xfIcfHT.exe
  2⤵
  PID:1628
- C:\Windows\System\UhpPZhB.exe
  C:\Windows\System\UhpPZhB.exe
  2⤵
  PID:7412
- C:\Windows\System\NklvpHB.exe
  C:\Windows\System\NklvpHB.exe
  2⤵
  PID:8020
- C:\Windows\System\aXBqeju.exe
  C:\Windows\System\aXBqeju.exe
  2⤵
  PID:8036
- C:\Windows\System\MSwgIFp.exe
  C:\Windows\System\MSwgIFp.exe
  2⤵
  PID:7744
- C:\Windows\System\jZNgnNB.exe
  C:\Windows\System\jZNgnNB.exe
  2⤵
  PID:6928
- C:\Windows\System\ohRRjbX.exe
  C:\Windows\System\ohRRjbX.exe
  2⤵
  PID:7268
- C:\Windows\System\XZtGWYI.exe
  C:\Windows\System\XZtGWYI.exe
  2⤵
  PID:8072
- C:\Windows\System\JiZRUBd.exe
  C:\Windows\System\JiZRUBd.exe
  2⤵
  PID:8100
- C:\Windows\System\lKxrcxU.exe
  C:\Windows\System\lKxrcxU.exe
  2⤵
  PID:7796
- C:\Windows\System\jfQesLG.exe
  C:\Windows\System\jfQesLG.exe
  2⤵
  PID:7304
- C:\Windows\System\CsFOBAu.exe
  C:\Windows\System\CsFOBAu.exe
  2⤵
  PID:5288
- C:\Windows\System\eNIkTUe.exe
  C:\Windows\System\eNIkTUe.exe
  2⤵
  PID:7964
- C:\Windows\System\IvrmIOt.exe
  C:\Windows\System\IvrmIOt.exe
  2⤵
  PID:7376
- C:\Windows\System\hySzYBl.exe
  C:\Windows\System\hySzYBl.exe
  2⤵
  PID:7996
- C:\Windows\System\MuBcOgW.exe
  C:\Windows\System\MuBcOgW.exe
  2⤵
  PID:8236
- C:\Windows\System\TcemgDk.exe
  C:\Windows\System\TcemgDk.exe
  2⤵
  PID:8000
- C:\Windows\System\FPghFvP.exe
  C:\Windows\System\FPghFvP.exe
  2⤵
  PID:7464
- C:\Windows\System\PuTXmDi.exe
  C:\Windows\System\PuTXmDi.exe
  2⤵
  PID:8308
- C:\Windows\System\dFCevao.exe
  C:\Windows\System\dFCevao.exe
  2⤵
  PID:7436
- C:\Windows\System\fFIMGWQ.exe
  C:\Windows\System\fFIMGWQ.exe
  2⤵
  PID:8364
- C:\Windows\System\IUbuIpJ.exe
  C:\Windows\System\IUbuIpJ.exe
  2⤵
  PID:8292
- C:\Windows\System\bEnkJYE.exe
  C:\Windows\System\bEnkJYE.exe
  2⤵
  PID:8488
- C:\Windows\System\FKpGoSs.exe
  C:\Windows\System\FKpGoSs.exe
  2⤵
  PID:7748
- C:\Windows\System\SEaOnRc.exe
  C:\Windows\System\SEaOnRc.exe
  2⤵
  PID:8500
- C:\Windows\System\NtyjXvm.exe
  C:\Windows\System\NtyjXvm.exe
  2⤵
  PID:8628
- C:\Windows\System\CwDPGcy.exe
  C:\Windows\System\CwDPGcy.exe
  2⤵
  PID:8684
- C:\Windows\System\lHRRABE.exe
  C:\Windows\System\lHRRABE.exe
  2⤵
  PID:8432
- C:\Windows\System\lWhqaji.exe
  C:\Windows\System\lWhqaji.exe
  2⤵
  PID:8712
- C:\Windows\System\BsqCmjc.exe
  C:\Windows\System\BsqCmjc.exe
  2⤵
  PID:8908
- C:\Windows\System\CGWeXSG.exe
  C:\Windows\System\CGWeXSG.exe
  2⤵
  PID:8956
- C:\Windows\System\OzwImnw.exe
  C:\Windows\System\OzwImnw.exe
  2⤵
  PID:8256
- C:\Windows\System\SsgCPaG.exe
  C:\Windows\System\SsgCPaG.exe
  2⤵
  PID:7940
- C:\Windows\System\IMPcXRq.exe
  C:\Windows\System\IMPcXRq.exe
  2⤵
  PID:8452
- C:\Windows\System\SHTLKqb.exe
  C:\Windows\System\SHTLKqb.exe
  2⤵
  PID:9104
- C:\Windows\System\Agxoqxb.exe
  C:\Windows\System\Agxoqxb.exe
  2⤵
  PID:9020
- C:\Windows\System\VjhhkZy.exe
  C:\Windows\System\VjhhkZy.exe
  2⤵
  PID:9188
- C:\Windows\System\MSTuipN.exe
  C:\Windows\System\MSTuipN.exe
  2⤵
  PID:8300
- C:\Windows\System\ytHOtml.exe
  C:\Windows\System\ytHOtml.exe
  2⤵
  PID:8496
- C:\Windows\System\KADnZCq.exe
  C:\Windows\System\KADnZCq.exe
  2⤵
  PID:9208
- C:\Windows\System\hmdIzRT.exe
  C:\Windows\System\hmdIzRT.exe
  2⤵
  PID:8608
- C:\Windows\System\PeMORGD.exe
  C:\Windows\System\PeMORGD.exe
  2⤵
  PID:9048
- C:\Windows\System\cTGZHES.exe
  C:\Windows\System\cTGZHES.exe
  2⤵
  PID:2748
- C:\Windows\System\jKDDmeN.exe
  C:\Windows\System\jKDDmeN.exe
  2⤵
  PID:9152
- C:\Windows\System\OsKmDOG.exe
  C:\Windows\System\OsKmDOG.exe
  2⤵
  PID:9084
- C:\Windows\System\DnqOqPG.exe
  C:\Windows\System\DnqOqPG.exe
  2⤵
  PID:8208
- C:\Windows\System\iIKGtOc.exe
  C:\Windows\System\iIKGtOc.exe
  2⤵
  PID:8996
- C:\Windows\System\EIPQyfB.exe
  C:\Windows\System\EIPQyfB.exe
  2⤵
  PID:8744
- C:\Windows\System\GKsMNWz.exe
  C:\Windows\System\GKsMNWz.exe
  2⤵
  PID:2188
- C:\Windows\System\PucBTex.exe
  C:\Windows\System\PucBTex.exe
  2⤵
  PID:716
- C:\Windows\System\qimvLHp.exe
  C:\Windows\System\qimvLHp.exe
  2⤵
  PID:8384
- C:\Windows\System\DFqDzVl.exe
  C:\Windows\System\DFqDzVl.exe
  2⤵
  PID:8492
- C:\Windows\System\gIuRwPg.exe
  C:\Windows\System\gIuRwPg.exe
  2⤵
  PID:9316
- C:\Windows\System\hwlkNvd.exe
  C:\Windows\System\hwlkNvd.exe
  2⤵
  PID:8520
- C:\Windows\System\HmFxQHI.exe
  C:\Windows\System\HmFxQHI.exe
  2⤵
  PID:9300
- C:\Windows\System\nQBEXIQ.exe
  C:\Windows\System\nQBEXIQ.exe
  2⤵
  PID:9320
- C:\Windows\System\BtfYQEG.exe
  C:\Windows\System\BtfYQEG.exe
  2⤵
  PID:9392
- C:\Windows\System\lGuAySV.exe
  C:\Windows\System\lGuAySV.exe
  2⤵
  PID:9496
- C:\Windows\System\fEocSDx.exe
  C:\Windows\System\fEocSDx.exe
  2⤵
  PID:9516
- C:\Windows\System\dHBMAsw.exe
  C:\Windows\System\dHBMAsw.exe
  2⤵
  PID:9532
- C:\Windows\System\qpQybwn.exe
  C:\Windows\System\qpQybwn.exe
  2⤵
  PID:9608
- C:\Windows\System\aStPUOY.exe
  C:\Windows\System\aStPUOY.exe
  2⤵
  PID:9644
- C:\Windows\System\xelaxDv.exe
  C:\Windows\System\xelaxDv.exe
  2⤵
  PID:9692
- C:\Windows\System\BzAzDRt.exe
  C:\Windows\System\BzAzDRt.exe
  2⤵
  PID:14408
- C:\Windows\System\DmhATQP.exe
  C:\Windows\System\DmhATQP.exe
  2⤵
  PID:14424
- C:\Windows\System\pXEhwmw.exe
  C:\Windows\System\pXEhwmw.exe
  2⤵
  PID:14452
- C:\Windows\System\EtwBtwB.exe
  C:\Windows\System\EtwBtwB.exe
  2⤵
  PID:14480
- C:\Windows\System\UJPQqDW.exe
  C:\Windows\System\UJPQqDW.exe
  2⤵
  PID:14508
- C:\Windows\System\QdsPHGg.exe
  C:\Windows\System\QdsPHGg.exe
  2⤵
  PID:14548
- C:\Windows\System\pkpxipJ.exe
  C:\Windows\System\pkpxipJ.exe
  2⤵
  PID:14564
- C:\Windows\System\TQOfwyL.exe
  C:\Windows\System\TQOfwyL.exe
  2⤵
  PID:14592
- C:\Windows\System\ESPeDOD.exe
  C:\Windows\System\ESPeDOD.exe
  2⤵
  PID:14620
- C:\Windows\System\RxCGwRH.exe
  C:\Windows\System\RxCGwRH.exe
  2⤵
  PID:14648
- C:\Windows\System\OTaPkHg.exe
  C:\Windows\System\OTaPkHg.exe
  2⤵
  PID:14704
- C:\Windows\System\VeNMwBm.exe
  C:\Windows\System\VeNMwBm.exe
  2⤵
  PID:14720
- C:\Windows\System\AsZHvfk.exe
  C:\Windows\System\AsZHvfk.exe
  2⤵
  PID:14752
- C:\Windows\System\eIjmsxq.exe
  C:\Windows\System\eIjmsxq.exe
  2⤵
  PID:14776
- C:\Windows\System\WypiXzJ.exe
  C:\Windows\System\WypiXzJ.exe
  2⤵
  PID:14804
- C:\Windows\System\HdYncvc.exe
  C:\Windows\System\HdYncvc.exe
  2⤵
  PID:14832
- C:\Windows\System\MYiFxjl.exe
  C:\Windows\System\MYiFxjl.exe
  2⤵
  PID:14864
- C:\Windows\System\fZwqlNK.exe
  C:\Windows\System\fZwqlNK.exe
  2⤵
  PID:14888
- C:\Windows\System\WHDdtYw.exe
  C:\Windows\System\WHDdtYw.exe
  2⤵
  PID:14916
- C:\Windows\System\nAIHfjN.exe
  C:\Windows\System\nAIHfjN.exe
  2⤵
  PID:14944
- C:\Windows\System\GrlOHfB.exe
  C:\Windows\System\GrlOHfB.exe
  2⤵
  PID:15024
- C:\Windows\System\ccXeGEw.exe
  C:\Windows\System\ccXeGEw.exe
  2⤵
  PID:15040
- C:\Windows\System\iSdewXX.exe
  C:\Windows\System\iSdewXX.exe
  2⤵
  PID:15068
- C:\Windows\System\LfjMlHj.exe
  C:\Windows\System\LfjMlHj.exe
  2⤵
  PID:15096
- C:\Windows\System\UVXUJjz.exe
  C:\Windows\System\UVXUJjz.exe
  2⤵
  PID:15124
- C:\Windows\System\oXAiBOe.exe
  C:\Windows\System\oXAiBOe.exe
  2⤵
  PID:15152
- C:\Windows\System\bvpKSKu.exe
  C:\Windows\System\bvpKSKu.exe
  2⤵
  PID:15180
- C:\Windows\System\nVVkRrq.exe
  C:\Windows\System\nVVkRrq.exe
  2⤵
  PID:15232
- C:\Windows\System\RYjLuKh.exe
  C:\Windows\System\RYjLuKh.exe
  2⤵
  PID:15248
- C:\Windows\System\gpDIgQY.exe
  C:\Windows\System\gpDIgQY.exe
  2⤵
  PID:15276
- C:\Windows\System\ZKRuevk.exe
  C:\Windows\System\ZKRuevk.exe
  2⤵
  PID:15304
- C:\Windows\System\TDdJeDY.exe
  C:\Windows\System\TDdJeDY.exe
  2⤵
  PID:15332
- C:\Windows\System\lrHjffk.exe
  C:\Windows\System\lrHjffk.exe
  2⤵
  PID:14340
- C:\Windows\System\HbIeZjb.exe
  C:\Windows\System\HbIeZjb.exe
  2⤵
  PID:14356
- C:\Windows\System\torgUMs.exe
  C:\Windows\System\torgUMs.exe
  2⤵
  PID:9780
- C:\Windows\System\SJhuDVD.exe
  C:\Windows\System\SJhuDVD.exe
  2⤵
  PID:14436
- C:\Windows\System\pCeBGfu.exe
  C:\Windows\System\pCeBGfu.exe
  2⤵
  PID:9876
- C:\Windows\System\gUQYHtY.exe
  C:\Windows\System\gUQYHtY.exe
  2⤵
  PID:9956
- C:\Windows\System\QoJggdT.exe
  C:\Windows\System\QoJggdT.exe
  2⤵
  PID:14632
- C:\Windows\System\rDAPzKs.exe
  C:\Windows\System\rDAPzKs.exe
  2⤵
  PID:14672
- C:\Windows\System\sMQqotC.exe
  C:\Windows\System\sMQqotC.exe
  2⤵
  PID:14688
- C:\Windows\System\LmRzMlB.exe
  C:\Windows\System\LmRzMlB.exe
  2⤵
  PID:14732
- C:\Windows\System\nGlSzBW.exe
  C:\Windows\System\nGlSzBW.exe
  2⤵
  PID:14772
- C:\Windows\System\BLLKjFT.exe
  C:\Windows\System\BLLKjFT.exe
  2⤵
  PID:14844
- C:\Windows\System\BWhkvpn.exe
  C:\Windows\System\BWhkvpn.exe
  2⤵
  PID:14908
- C:\Windows\System\krsBHMS.exe
  C:\Windows\System\krsBHMS.exe
  2⤵
  PID:14968
- C:\Windows\System\JfKpTQY.exe
  C:\Windows\System\JfKpTQY.exe
  2⤵
  PID:14992
- C:\Windows\System\eVIEKFk.exe
  C:\Windows\System\eVIEKFk.exe
  2⤵
  PID:15052
- C:\Windows\System\iJVYMhV.exe
  C:\Windows\System\iJVYMhV.exe
  2⤵
  PID:10136
- C:\Windows\System\RBXivHu.exe
  C:\Windows\System\RBXivHu.exe
  2⤵
  PID:10184
- C:\Windows\System\ZLggNWH.exe
  C:\Windows\System\ZLggNWH.exe
  2⤵
  PID:15192
- C:\Windows\System\GCfXYNB.exe
  C:\Windows\System\GCfXYNB.exe
  2⤵
  PID:15228
- C:\Windows\System\gJxxYxp.exe
  C:\Windows\System\gJxxYxp.exe
  2⤵
  PID:9360
- C:\Windows\System\caedmWu.exe
  C:\Windows\System\caedmWu.exe
  2⤵
  PID:9480
- C:\Windows\System\nrYfDSM.exe
  C:\Windows\System\nrYfDSM.exe
  2⤵
  PID:15300
- C:\Windows\System\rJgTkpu.exe
  C:\Windows\System\rJgTkpu.exe
  2⤵
  PID:15328
- C:\Windows\System\SldZjDb.exe
  C:\Windows\System\SldZjDb.exe
  2⤵
  PID:9744
- C:\Windows\System\IZavzOC.exe
  C:\Windows\System\IZavzOC.exe
  2⤵
  PID:9700
- C:\Windows\System\xWYxuTv.exe
  C:\Windows\System\xWYxuTv.exe
  2⤵
  PID:14444
- C:\Windows\System\bQxjzeo.exe
  C:\Windows\System\bQxjzeo.exe
  2⤵
  PID:14492
- C:\Windows\System\DkwhSHo.exe
  C:\Windows\System\DkwhSHo.exe
  2⤵
  PID:9976
- C:\Windows\System\aoIqWqg.exe
  C:\Windows\System\aoIqWqg.exe
  2⤵
  PID:10044
- C:\Windows\System\dRuYSCr.exe
  C:\Windows\System\dRuYSCr.exe
  2⤵
  PID:10112
- C:\Windows\System\fQXmGIz.exe
  C:\Windows\System\fQXmGIz.exe
  2⤵
  PID:14696
- C:\Windows\System\YMYaink.exe
  C:\Windows\System\YMYaink.exe
  2⤵
  PID:14740
- C:\Windows\System\mmxpqHY.exe
  C:\Windows\System\mmxpqHY.exe
  2⤵
  PID:9304
- C:\Windows\System\bNdQzCv.exe
  C:\Windows\System\bNdQzCv.exe
  2⤵
  PID:14988
- C:\Windows\System\pkPEFhS.exe
  C:\Windows\System\pkPEFhS.exe
  2⤵
  PID:15008
- C:\Windows\System\MtlyUUt.exe
  C:\Windows\System\MtlyUUt.exe
  2⤵
  PID:3020
- C:\Windows\System\jvTbnCK.exe
  C:\Windows\System\jvTbnCK.exe
  2⤵
  PID:15144
- C:\Windows\System\CLUFzFK.exe
  C:\Windows\System\CLUFzFK.exe
  2⤵
  PID:4776
- C:\Windows\System\ksfynWm.exe
  C:\Windows\System\ksfynWm.exe
  2⤵
  PID:15212
- C:\Windows\System\xLaubAW.exe
  C:\Windows\System\xLaubAW.exe
  2⤵
  PID:2364
- C:\Windows\System\TkUDgVi.exe
  C:\Windows\System\TkUDgVi.exe
  2⤵
  PID:15268
- C:\Windows\System\ufIQTBh.exe
  C:\Windows\System\ufIQTBh.exe
  2⤵
  PID:15296
- C:\Windows\System\kwlvuDF.exe
  C:\Windows\System\kwlvuDF.exe
  2⤵
  PID:10052
- C:\Windows\System\gVceANX.exe
  C:\Windows\System\gVceANX.exe
  2⤵
  PID:7012
- C:\Windows\System\Ntqeeno.exe
  C:\Windows\System\Ntqeeno.exe
  2⤵
  PID:14712
- C:\Windows\System\SxkaoJH.exe
  C:\Windows\System\SxkaoJH.exe
  2⤵
  PID:10372
- C:\Windows\System\vsVfPNZ.exe
  C:\Windows\System\vsVfPNZ.exe
  2⤵
  PID:14976
- C:\Windows\System\jndALxd.exe
  C:\Windows\System\jndALxd.exe
  2⤵
  PID:5672
- C:\Windows\System\wwBgbKx.exe
  C:\Windows\System\wwBgbKx.exe
  2⤵
  PID:5280
- C:\Windows\System\YbVXUtQ.exe
  C:\Windows\System\YbVXUtQ.exe
  2⤵
  PID:4876
- C:\Windows\System\tsIZGDa.exe
  C:\Windows\System\tsIZGDa.exe
  2⤵
  PID:9996
- C:\Windows\System\WqMnorF.exe
  C:\Windows\System\WqMnorF.exe
  2⤵
  PID:10644
- C:\Windows\System\getkZWa.exe
  C:\Windows\System\getkZWa.exe
  2⤵
  PID:9680
- C:\Windows\System\aEOEXXv.exe
  C:\Windows\System\aEOEXXv.exe
  2⤵
  PID:10168
- C:\Windows\System\uYuWPYA.exe
  C:\Windows\System\uYuWPYA.exe
  2⤵
  PID:9508
- C:\Windows\System\dHSCGAU.exe
  C:\Windows\System\dHSCGAU.exe
  2⤵
  PID:14556
- C:\Windows\System\MpPLqhN.exe
  C:\Windows\System\MpPLqhN.exe
  2⤵
  PID:10848
- C:\Windows\System\MrHvlYG.exe
  C:\Windows\System\MrHvlYG.exe
  2⤵
  PID:10324
- C:\Windows\System\wTxOCJT.exe
  C:\Windows\System\wTxOCJT.exe
  2⤵
  PID:10924
- C:\Windows\System\CmJXLFB.exe
  C:\Windows\System\CmJXLFB.exe
  2⤵
  PID:14900
- C:\Windows\System\yVBfKQK.exe
  C:\Windows\System\yVBfKQK.exe
  2⤵
  PID:14940
- C:\Windows\System\hTrfMDe.exe
  C:\Windows\System\hTrfMDe.exe
  2⤵
  PID:11008
- C:\Windows\System\QiditRq.exe
  C:\Windows\System\QiditRq.exe
  2⤵
  PID:10048
- C:\Windows\System\OOuHmsd.exe
  C:\Windows\System\OOuHmsd.exe
  2⤵
  PID:11100
- C:\Windows\System\kLInkeF.exe
  C:\Windows\System\kLInkeF.exe
  2⤵
  PID:11120
- C:\Windows\System\VvdrIkd.exe
  C:\Windows\System\VvdrIkd.exe
  2⤵
  PID:11176
- C:\Windows\System\TolZLbh.exe
  C:\Windows\System\TolZLbh.exe
  2⤵
  PID:11204
- C:\Windows\System\PeKXTDg.exe
  C:\Windows\System\PeKXTDg.exe
  2⤵
  PID:6804
- C:\Windows\System\hXWbZBJ.exe
  C:\Windows\System\hXWbZBJ.exe
  2⤵
  PID:10292
- C:\Windows\System\YehoDcu.exe
  C:\Windows\System\YehoDcu.exe
  2⤵
  PID:1680
- C:\Windows\System\EEpsPXL.exe
  C:\Windows\System\EEpsPXL.exe
  2⤵
  PID:10488
- C:\Windows\System\ZnRsVbN.exe
  C:\Windows\System\ZnRsVbN.exe
  2⤵
  PID:11016
- C:\Windows\System\ETDyyRA.exe
  C:\Windows\System\ETDyyRA.exe
  2⤵
  PID:10704
- C:\Windows\System\GVucUdm.exe
  C:\Windows\System\GVucUdm.exe
  2⤵
  PID:9584
- C:\Windows\System\FYCqMZy.exe
  C:\Windows\System\FYCqMZy.exe
  2⤵
  PID:10700
- C:\Windows\System\yqCFWKr.exe
  C:\Windows\System\yqCFWKr.exe
  2⤵
  PID:11048
- C:\Windows\System\gQhlbgu.exe
  C:\Windows\System\gQhlbgu.exe
  2⤵
  PID:11096
- C:\Windows\System\ghboGhI.exe
  C:\Windows\System\ghboGhI.exe
  2⤵
  PID:10420
- C:\Windows\System\rxTInse.exe
  C:\Windows\System\rxTInse.exe
  2⤵
  PID:10556
- C:\Windows\System\NLOHTsM.exe
  C:\Windows\System\NLOHTsM.exe
  2⤵
  PID:11180
- C:\Windows\System\TqhDgcM.exe
  C:\Windows\System\TqhDgcM.exe
  2⤵
  PID:10304
- C:\Windows\System\ItsVGlm.exe
  C:\Windows\System\ItsVGlm.exe
  2⤵
  PID:10456
- C:\Windows\System\LqqGanZ.exe
  C:\Windows\System\LqqGanZ.exe
  2⤵
  PID:10648
- C:\Windows\System\IrfIuTX.exe
  C:\Windows\System\IrfIuTX.exe
  2⤵
  PID:11244
- C:\Windows\System\ToycYaK.exe
  C:\Windows\System\ToycYaK.exe
  2⤵
  PID:11068
- C:\Windows\System\UmCzHMo.exe
  C:\Windows\System\UmCzHMo.exe
  2⤵
  PID:3140
- C:\Windows\System\xpnIROl.exe
  C:\Windows\System\xpnIROl.exe
  2⤵
  PID:2656
- C:\Windows\System\MOxeHxn.exe
  C:\Windows\System\MOxeHxn.exe
  2⤵
  PID:10936
- C:\Windows\System\gzuibaY.exe
  C:\Windows\System\gzuibaY.exe
  2⤵
  PID:10460
- C:\Windows\System\BDSSVoB.exe
  C:\Windows\System\BDSSVoB.exe
  2⤵
  PID:3604
- C:\Windows\System\bZQeysq.exe
  C:\Windows\System\bZQeysq.exe
  2⤵
  PID:11312
- C:\Windows\System\DfKumFZ.exe
  C:\Windows\System\DfKumFZ.exe
  2⤵
  PID:10900
- C:\Windows\System\ISHvAsx.exe
  C:\Windows\System\ISHvAsx.exe
  2⤵
  PID:11380
- C:\Windows\System\NjGQdyK.exe
  C:\Windows\System\NjGQdyK.exe
  2⤵
  PID:11272
- C:\Windows\System\nOFwBSj.exe
  C:\Windows\System\nOFwBSj.exe
  2⤵
  PID:11436
- C:\Windows\System\nEzdmRk.exe
  C:\Windows\System\nEzdmRk.exe
  2⤵
  PID:15368
- C:\Windows\System\YHOWepi.exe
  C:\Windows\System\YHOWepi.exe
  2⤵
  PID:15404
- C:\Windows\System\MAZvKrP.exe
  C:\Windows\System\MAZvKrP.exe
  2⤵
  PID:15424
- C:\Windows\System\KjFIGYd.exe
  C:\Windows\System\KjFIGYd.exe
  2⤵
  PID:15452
- C:\Windows\System\pGVKPyK.exe
  C:\Windows\System\pGVKPyK.exe
  2⤵
  PID:15480
- C:\Windows\System\lhKAamr.exe
  C:\Windows\System\lhKAamr.exe
  2⤵
  PID:15508
- C:\Windows\System\zDJelMr.exe
  C:\Windows\System\zDJelMr.exe
  2⤵
  PID:15536
- C:\Windows\System\kdhXZwj.exe
  C:\Windows\System\kdhXZwj.exe
  2⤵
  PID:15564
- C:\Windows\System\zLemXhp.exe
  C:\Windows\System\zLemXhp.exe
  2⤵
  PID:15592
- C:\Windows\System\PxBRHfE.exe
  C:\Windows\System\PxBRHfE.exe
  2⤵
  PID:15620
- C:\Windows\System\jgnPFnS.exe
  C:\Windows\System\jgnPFnS.exe
  2⤵
  PID:15652
- C:\Windows\System\nCTKsaL.exe
  C:\Windows\System\nCTKsaL.exe
  2⤵
  PID:15684
- C:\Windows\System\LXrkrdC.exe
  C:\Windows\System\LXrkrdC.exe
  2⤵
  PID:15704
- C:\Windows\System\nKxBbiL.exe
  C:\Windows\System\nKxBbiL.exe
  2⤵
  PID:15732
- C:\Windows\System\YURVfnW.exe
  C:\Windows\System\YURVfnW.exe
  2⤵
  PID:15760
- C:\Windows\System\iQgaUlt.exe
  C:\Windows\System\iQgaUlt.exe
  2⤵
  PID:15788
- C:\Windows\System\LdmrJut.exe
  C:\Windows\System\LdmrJut.exe
  2⤵
  PID:15824
- C:\Windows\System\aivWwmQ.exe
  C:\Windows\System\aivWwmQ.exe
  2⤵
  PID:15844
- C:\Windows\System\uDaoUtZ.exe
  C:\Windows\System\uDaoUtZ.exe
  2⤵
  PID:15872
- C:\Windows\System\pARcuQk.exe
  C:\Windows\System\pARcuQk.exe
  2⤵
  PID:15912
- C:\Windows\System\iUyIjkY.exe
  C:\Windows\System\iUyIjkY.exe
  2⤵
  PID:15940
- C:\Windows\System\HiUfOZy.exe
  C:\Windows\System\HiUfOZy.exe
  2⤵
  PID:15972
- C:\Windows\System\kzorjMm.exe
  C:\Windows\System\kzorjMm.exe
  2⤵
  PID:16000
- C:\Windows\System\bqIbjjt.exe
  C:\Windows\System\bqIbjjt.exe
  2⤵
  PID:16028
- C:\Windows\System\VXvGNzn.exe
  C:\Windows\System\VXvGNzn.exe
  2⤵
  PID:16056
- C:\Windows\System\hsCAOGF.exe
  C:\Windows\System\hsCAOGF.exe
  2⤵
  PID:16088
- C:\Windows\System\qdcmMmu.exe
  C:\Windows\System\qdcmMmu.exe
  2⤵
  PID:16124
- C:\Windows\System\PQIuvOm.exe
  C:\Windows\System\PQIuvOm.exe
  2⤵
  PID:16148
- C:\Windows\System\rGCjIoj.exe
  C:\Windows\System\rGCjIoj.exe
  2⤵
  PID:16176
- C:\Windows\System\PVJdazz.exe
  C:\Windows\System\PVJdazz.exe
  2⤵
  PID:16212
- C:\Windows\System\NeUYrsg.exe
  C:\Windows\System\NeUYrsg.exe
  2⤵
  PID:16232
- C:\Windows\System\MddMNPV.exe
  C:\Windows\System\MddMNPV.exe
  2⤵
  PID:16260
- C:\Windows\System\pdqFtaP.exe
  C:\Windows\System\pdqFtaP.exe
  2⤵
  PID:16288
- C:\Windows\System\DBTQviY.exe
  C:\Windows\System\DBTQviY.exe
  2⤵
  PID:16316
- C:\Windows\System\XotRjCc.exe
  C:\Windows\System\XotRjCc.exe
  2⤵
  PID:16344
- C:\Windows\System\FFkxLGr.exe
  C:\Windows\System\FFkxLGr.exe
  2⤵
  PID:11396
- C:\Windows\System\OjvBEzp.exe
  C:\Windows\System\OjvBEzp.exe
  2⤵
  PID:11496
- C:\Windows\System\Bhlvpks.exe
  C:\Windows\System\Bhlvpks.exe
  2⤵
  PID:11552
- C:\Windows\System\OomCeAC.exe
  C:\Windows\System\OomCeAC.exe
  2⤵
  PID:15472
- C:\Windows\System\DSksXZU.exe
  C:\Windows\System\DSksXZU.exe
  2⤵
  PID:15500
- C:\Windows\System\SygagCo.exe
  C:\Windows\System\SygagCo.exe
  2⤵
  PID:5704
- C:\Windows\System\EFZNoiR.exe
  C:\Windows\System\EFZNoiR.exe
  2⤵
  PID:15560
- C:\Windows\System\dSgcpKC.exe
  C:\Windows\System\dSgcpKC.exe
  2⤵
  PID:15640
- C:\Windows\System\gHpJLyP.exe
  C:\Windows\System\gHpJLyP.exe
  2⤵
  PID:15696
- C:\Windows\System\VItCfPR.exe
  C:\Windows\System\VItCfPR.exe
  2⤵
  PID:15756
- C:\Windows\System\MhpHBhy.exe
  C:\Windows\System\MhpHBhy.exe
  2⤵
  PID:15808
- C:\Windows\System\YYUNTrI.exe
  C:\Windows\System\YYUNTrI.exe
  2⤵
  PID:15868
- C:\Windows\System\NwZVDoi.exe
  C:\Windows\System\NwZVDoi.exe
  2⤵
  PID:15932
- C:\Windows\System\MFyHdSc.exe
  C:\Windows\System\MFyHdSc.exe
  2⤵
  PID:15984
- C:\Windows\System\zGmFzSE.exe
  C:\Windows\System\zGmFzSE.exe
  2⤵
  PID:16020
- C:\Windows\System\fJmKYqZ.exe
  C:\Windows\System\fJmKYqZ.exe
  2⤵
  PID:16104
- C:\Windows\System\szlRJSW.exe
  C:\Windows\System\szlRJSW.exe
  2⤵
  PID:16096
- C:\Windows\System\gVaWHoI.exe
  C:\Windows\System\gVaWHoI.exe
  2⤵
  PID:16084
- C:\Windows\System\xTwwEZH.exe
  C:\Windows\System\xTwwEZH.exe
  2⤵
  PID:16220
- C:\Windows\System\HyghlSZ.exe
  C:\Windows\System\HyghlSZ.exe
  2⤵
  PID:11856
- C:\Windows\System\XUqEPSM.exe
  C:\Windows\System\XUqEPSM.exe
  2⤵
  PID:11884
- C:\Windows\System\VPclQaQ.exe
  C:\Windows\System\VPclQaQ.exe
  2⤵
  PID:16312
- C:\Windows\System\dVpakMN.exe
  C:\Windows\System\dVpakMN.exe
  2⤵
  PID:11968
- C:\Windows\System\jIOzQvS.exe
  C:\Windows\System\jIOzQvS.exe
  2⤵
  PID:1420
- C:\Windows\System\mlzdNWj.exe
  C:\Windows\System\mlzdNWj.exe
  2⤵
  PID:11488
- C:\Windows\System\yAmijmG.exe
  C:\Windows\System\yAmijmG.exe
  2⤵
  PID:15448
- C:\Windows\System\enJUKRB.exe
  C:\Windows\System\enJUKRB.exe
  2⤵
  PID:11612
- C:\Windows\System\rBayTyg.exe
  C:\Windows\System\rBayTyg.exe
  2⤵
  PID:12184
- C:\Windows\System\SPIWQJb.exe
  C:\Windows\System\SPIWQJb.exe
  2⤵
  PID:12220
- C:\Windows\System\kabIsfi.exe
  C:\Windows\System\kabIsfi.exe
  2⤵
  PID:12248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AbdaLmP.exe

Filesize
6.0MB

MD5
07dc1abfc17ad1e7e782a8c4f8cfb2d4

SHA1
bd9e9137429f693064e232084d97798aa8b90c14

SHA256
d99ced52bba6af6d22cc517544d19f8f6e0193960a962dffc7f9d99dcad0c8df

SHA512
816dc797591cc018ceb21c64756823b5817d28d90550c801f62f6a9c2ed35bb92473f02b00b197b9cbe7b1a09d75af26cc15893d76aba45d2493b2b197542c98

Download Submit
C:\Windows\System\ArBjZMP.exe

Filesize
6.0MB

MD5
7a8a7539ab09857555e0c877e07dfdd6

SHA1
05727a2d883d176a2ab30bb7a9075e63ab2808ef

SHA256
e9505aab0d8ad189cce02d46eb70eb5249ef3807e5562c9a468ca5f476319ca9

SHA512
f735f951e2b2ca18aa98d633f8742ceb746e91c024ed5eb42777c160a0b2e58ea075655e2fb8f316480e89bedbe05d2b3a9efe9752dded117e0fa7a29761180e

Download Submit
C:\Windows\System\CXvwLuk.exe

Filesize
6.0MB

MD5
9fb9f49cb9a33523fb524afda5e135b4

SHA1
96dcaee39351e90ea0a6db1307912f82b20f4e88

SHA256
cd4bbbf046974940e891a6cbdc08341b34110816b6a9484cf90a2cb1de4ae565

SHA512
62ffb1d6a630af58849d8b3c7728bfb57158488b6c2529acbaf5c658afb79c6065fe9779cf20a478f1cc0a7f1bcc103af585ab30feb4c798d03857e772ff79e5

Download Submit
C:\Windows\System\FKBaUiG.exe

Filesize
6.0MB

MD5
7702c625893a179fbad714277eb3cb6a

SHA1
3051ac292cf2d57157d76d3d2b6f8a9262bc2a31

SHA256
adebdc1e6864d21b89ce511c626eb8f05fe6aa9a167ee88b04e6b5fd9200b0cc

SHA512
7ac9cd3366b8009969aa0f5d8525146b6750090b7ffdef66521842d3b66f55f8206a9f23c004b899dc9912046a673a6a2cef748363529813593f633a41bb6278

Download Submit
C:\Windows\System\GVsOCCm.exe

Filesize
6.0MB

MD5
988eba757fcbd520209afb864a97c411

SHA1
f07cad64c164754eecf9a3d9358a3536f3ae2119

SHA256
a00997f809347b9d791196ae978b3f9130e33b82bfca040696a071204151a309

SHA512
b7676f4e97f03173a46bfacdf10d90fdfe6bfe09366512d9c59c862bc7466676dcbd548fa9f1fe5b574f62932881c3ec24829ba7d0db9763b9942994cb6496e2

Download Submit
C:\Windows\System\JXOwnvn.exe

Filesize
6.0MB

MD5
9a66dcec31666a8baa9102d04f21430f

SHA1
a45122b262f01ed2a45da3a2ba0fb38af052523b

SHA256
2c8b8b045d4ec74342615c3506e7d17aa246ac4ee9c430e82ddd54d0d11d7cfa

SHA512
67ff8005604c54823c031c47a65ca163fc45e1a567cf58701c694fc8cb2c279b323dd444fd41d59fcd2558ea04bb66229654aa5c247e1e51ebe7edbec3a0e9b2

Download Submit
C:\Windows\System\KMTVFNo.exe

Filesize
6.0MB

MD5
8ff969bba4df970c5e224a533912b5ba

SHA1
d79ac483a56194211f2abe96c4e38cac03bcd028

SHA256
5c5c03c0de6c98c6b86219f287fe22c3e00f723b8d282e7090f817fd8bb901b7

SHA512
ff6362b204cc698f2ec1f9c5d6ec518661553dce92291209f2100c0fd549900c214dbdb17c2c4ad1146dcc99c49b9ab94f6b3e72aa9c26a87a0e9657e5f28b1c

Download Submit
C:\Windows\System\KiQDaLK.exe

Filesize
6.0MB

MD5
60410444d4016b89255bf445eb1f2e13

SHA1
73f5641f0c609a052a0c6fe23700dc46b9af1310

SHA256
1cbfb92b919e621de62f2ec3ae17b9621aca8629954dfa880f457bfaee8a86f3

SHA512
f46c854103c9d9b26c6ff263f5cffa40cad59833f525347606dc6304f5019925879fc812ae6c48efdd01b785e782a2cc5f7d239100af8d08e9f22c062531f1e8

Download Submit
C:\Windows\System\KjcliTA.exe

Filesize
6.0MB

MD5
43617072aa42ca38288cd693a1becb8e

SHA1
9ab543eccb7d52c07ff74048dd2f3e5220c53c1d

SHA256
a55a7432f9612909e2bb202d15494f1298f17631df2c24204e6a41ef36e9ad21

SHA512
1b04c4a017bc89c61de2087b81c5297f77b51de08505cb5d4f5c6c5fdf7fc23778b21c440c48aeaf2c802129ea520a253276d390d740df7c8f5451dc1ae92001

Download Submit
C:\Windows\System\LojfdpQ.exe

Filesize
6.0MB

MD5
270487fd817ba42e85a74d8029d88258

SHA1
f8f800620962d5d1996fbf8cd5eef1ad1a9fd512

SHA256
e0a7d6043da274b9f165e4d5c64d1f0f0ca5e646da494cd942b837e2ce025f62

SHA512
9ab3bc49b7f3f8e30dc33eaa949dde66c87f5983c56f27edf79d518ab9352866120ec553794ec7cd988c78090c706086556c4231d8b619cff91833d88f97fe41

Download Submit
C:\Windows\System\MKvENLD.exe

Filesize
6.0MB

MD5
b6cb6b76bc914c8d597ec347f3e6eb27

SHA1
28d330d70fbe187606d0d79ff440f5552b7150cb

SHA256
6fba3c7be3288e7f04ae0e0712c617cea7c3b680b514cfbbf52990d635f5a216

SHA512
75c37c9283aaf4aeda1c3d87e733118be7bfcc9c7b2283e04e5bf6a4d813835e5f5fec5aaea179650b99be7eaba1e9fdb3f042d6b376bfb3f8f53f47f1fd9fe8

Download Submit
C:\Windows\System\OpXSHsa.exe

Filesize
6.0MB

MD5
73df88980f58288087d3418762bd1d69

SHA1
1fef1cb4f7033e2386d234fbcbc4c28a5eb2eb70

SHA256
65ff22855f2cc3cc614aef16d6e8d15e9cf8f7a0bb9ed1720780a0c6966cdc77

SHA512
91a37833b8aff7eabdd8d13ff825e53d9ad652100800899405992bdefac3edc021013333194ddbced3d755303506b118016aa79df11665c762c5b1a65a48fad2

Download Submit
C:\Windows\System\QkJGpdG.exe

Filesize
6.0MB

MD5
6551ec72a42e72dbd552560f192f233e

SHA1
4e0ad9a02f881509147ab91b961f4dd55eacc65f

SHA256
84f38b9e03b863f29a72b055f254ed61f8680bc959dfc61d7120acaade095d2b

SHA512
af7205f3913cb0cd2971eff294e684582b4a4cc924977330d51cc8c96b72af1d3e49a47c343e66e2cac38834d7fe40af5b08a58518c19164db747825b912586b

Download Submit
C:\Windows\System\VBeMWeH.exe

Filesize
6.0MB

MD5
38db34513ffc43a310fb1f666fdc578d

SHA1
11c6b6b837d726ab3bd67beabde3cc88097a398e

SHA256
45c0cc6dedf7935def616adef92c0c27252581668e60faeb57179d049045fb18

SHA512
d30b289e74fc13095930a98a0566013c40b2df2415f97bf6a3a63cbd38458f09b25030fb39d14c83d344e45eb085161d4d3b360eb3e48f9c9ad1725a67b11083

Download Submit
C:\Windows\System\ZBknMoH.exe

Filesize
6.0MB

MD5
86991cb548a9e40ee9706a884814b3f6

SHA1
56969681c87e1887b51d44e98cb1d563bdf377e8

SHA256
fc9e50d72abb8109c811401d2b3854c1b42c808e517b6830c3d18bf7042567a3

SHA512
57b1fc436ceae3bbbf1e3bcf2bf0f46f320b331094ce0225b5e054b42e2f0e30b51257ac12ef3f13b0f52487a5b8bbc6ab8f6c6944b86142dd47dbec5967e542

Download Submit
C:\Windows\System\aJmTUKf.exe

Filesize
6.0MB

MD5
8c3f82f4acb28e57492e2415add63243

SHA1
34e730270301ed6c6698c3ebc7b3fceb4d14b332

SHA256
31d4b5c3b0b4d928198a73f95303b8bf829a6b375f0172829944092b21f527a4

SHA512
686b6f2e5f1ffbc4036fff8d3c54ec81abe52a64483ace85af84544b487616dbaf0408425bb14adb8d2e1fe48b893b53f3e6ed3e73bd2b88e08987cf96bb5160

Download Submit
C:\Windows\System\dTEKXoU.exe

Filesize
6.0MB

MD5
90fdddd80fc36b1b70202c749f36ebbe

SHA1
c6e30edf02ab4622c688406c9b57b80176620966

SHA256
36b9800d13638c611d9a73a2d87bba536d567e73b373346182845b30deba4d55

SHA512
d94694dd1f4c0b1fcfdf3611386d67580c221e50cd0a1fb36b53bffc3571be71bc90a8820544507359a55834c89191b86dbe0b1a6d7cec661ecf4d66d5699823

Download Submit
C:\Windows\System\dYfMCxC.exe

Filesize
6.0MB

MD5
049a7950805dbecfe04bd763a80ba2d0

SHA1
84a288f85e1ef3527571dc15b4a64364a2027757

SHA256
cf7bb034cbb4e439035fa1e898f63675b7158602bd774a5d147cbbd3904ddffd

SHA512
89409e76ee9392cb343de17b56e3501bf6aceae098233dce9af4e85e7514cafb5acc34145196187e1d961f75a7e914e913103006d66c25cb4df57d785f156cec

Download Submit
C:\Windows\System\eOJBqYC.exe

Filesize
6.0MB

MD5
5152a7a1cecb74a923d3085fc1f89804

SHA1
890fb1d2271d5a8d5e6f1fb18d69a711cce8b584

SHA256
15f8a764ef1f1dcc7189026681ca847d67becfd53ceb108dab4bc7b8f9295fca

SHA512
1627feefaea30e9fdaf1b1801366261569d8a62f5503a4b3aee912410663577fbff93cc0a16051718dd82fdb539344f28dbd72504f56886031c0be8f4b45ce14

Download Submit
C:\Windows\System\gVItNSK.exe

Filesize
6.0MB

MD5
dc40b98a7c96888f26b673f3b9b3e21a

SHA1
9237304e34f83f672f1bd280bb6ec907858fff85

SHA256
a61c9619d5abc6125a8b8d97039bccb7fcd14a5564c7807fcc9ddd8bde06955f

SHA512
3bab7bcf2c8f778c36a5f9dd5f4ffed5769e6e1ef11c2edfaa0fbb554b1c4f081d3b4a61c93aaf969fceb5dd4585b213d11836f5a5b4fbe5ea88814ce7d5386c

Download Submit
C:\Windows\System\idsVqOb.exe

Filesize
6.0MB

MD5
5dcc91000aebae3cc52aa077585cd461

SHA1
ad8c21c94bfe5333b7ec230dbed077e5f6b3ad0e

SHA256
3500a15a4881366174d922e7a3544f813ba7c5f8534b0c4dec72312ff4a4ed38

SHA512
f9302ec9555d0a8b5da872917d13cf2b499d5cd4ae90fe6e2bd559a72e23bb494367b4495d1c391597657827c4456536c5fded49ac1088081fd9204408ed435f

Download Submit
C:\Windows\System\jjdabEN.exe

Filesize
6.0MB

MD5
d82f338b279f9120679d4f77afd556c0

SHA1
cda77e0d5857cb99d4049a20f88cd843e6706b00

SHA256
b1cfba905782d8aca970ae96a7f0f7b6ebbd5df35c6203d1eb96df2d0995a50a

SHA512
4b10ff6760557f8bb1b72bfb47b2c721f6e5470482c6a0b264a41698aefc181269b2857484f8b1c41dbd81181e9c7b8838f2b68f1efb7ddd682b8bd14c9b0596

Download Submit
C:\Windows\System\lVDkiOA.exe

Filesize
6.0MB

MD5
6e94865e7f55af3c7a797f899ecc0af2

SHA1
c2ad3d0f99291aac25bf56d5c539838b17a8fbf2

SHA256
4427ee854083a1e9da53113f72a7a8d0fcfbad2d4516251632eaf2c443cdfa70

SHA512
85e5310de79cbc71076c49f69bf9a0f0164de419f467ff32708e5d49745ce752e37606c6892a55bfc956b3eee7da5a7fd41e5d7b244fac219525167bf620e74a

Download Submit
C:\Windows\System\lZOStii.exe

Filesize
6.0MB

MD5
e52344912346e6a7695df7bbcf36145a

SHA1
3fc56f870084a8d5a73403f69a4ede00bd917c25

SHA256
832d7eace6c01f519904a2dda61d308c99be3c982d0fca24a30a9131e194762c

SHA512
58f5f69163924c19a47123ac8bd2223ef916dc9b95de45d4fa4aba4c21a3805e87cd6757544cb68cbff866a80167373910d9a62b4780bcf1df81271e49b5aef4

Download Submit
C:\Windows\System\opdYcjn.exe

Filesize
6.0MB

MD5
4446da514a5ad9a8b1b3034b98708e65

SHA1
1df48c393df80d82a6ecdc97d1498a0bd3f0cf29

SHA256
d8a42319d167ab9d6bdfdd71fbc882884fc5309a8e5b044760497220360ab797

SHA512
094ac22bd276472c0551aed3be81e5c31abda9745642869c82cb600ef3a2972b9d33af975bd1dca2e67e0f0664a7f9b8ad53e363d92893c64b83d1e4a620b2ea

Download Submit
C:\Windows\System\qAfpqUw.exe

Filesize
6.0MB

MD5
258bd93ce447db597a401791d7cdb6a8

SHA1
260d3e14ced6658b4797c397940c73419bebcbce

SHA256
56c226f5589d8d830434f81c8b5b60bbe5f75fa5240542f308a0333e5a8446b9

SHA512
dfeb94cca6d6bb470c8ea5a99ec327e605be836f979de6b948b80e900092cc53d75dade603e328a840ee16b0280e35eaf6332e0200ab00e150908985be2a17fa

Download Submit
C:\Windows\System\qUIgPiA.exe

Filesize
6.0MB

MD5
8f6eac76cdcfa4198f2d6956590db675

SHA1
e8673d76ce7b6a93fab2a6e48368d7b669d32e19

SHA256
c39e67e22c707a95175859b32a97565fca3fcc7310914257b3f8b4695b05099a

SHA512
f50243458dcfdb059e3a4b4dcbe31dc517ec2ec66a06adef0bd61d73c89bd153c5e6ec8ec74c5e228f8a0586e8f2463a14c47ea735bfc444c2c30ef34d4c63bf

Download Submit
C:\Windows\System\qfcAuTW.exe

Filesize
6.0MB

MD5
a360836eed57568abcd4e83db9a8e5ef

SHA1
5f72d9a34b67cdf2e5218b788f028170071d5d22

SHA256
b7afd651a53e5c9f6dd37aa08e0ce4e099c62c837201af67c224a7329d3eb7fb

SHA512
3a21f6941e7270428f4f085867ec24878e7ecda07d9b78fdc2839d44a64907c45c589eb295ecfda425a5239e8542432c4443bbde1af2d4161285719db9b0e83a

Download Submit
C:\Windows\System\sOgnRou.exe

Filesize
6.0MB

MD5
78768319d4ab5bc701119ae0dca23233

SHA1
4da3b229f9907ec2fa19860b8e42b78840d9f4a8

SHA256
214137704e597c0fcfd75a3b9aa0edaa611ec775245f86039220520814e335ec

SHA512
2993e84cfafcbbfc35fd4e88c2d29d56b5860c9919faa4998afafb7ad7f4ebfd462a12fd35d1b7d515542ac3bdc6a928ab69a4a7d28fef13ede1b563ce887210

Download Submit
C:\Windows\System\tKrQScs.exe

Filesize
6.0MB

MD5
a399f43cb0023fa59fbc0c73655617c1

SHA1
f5d5796a22c33a0c86cba723afce996e0d528460

SHA256
cd936000565abab1cbc22d9268119ab80981717fa863cfff2dc15898e445e714

SHA512
746eae16c84a39494f4ea94a9c43499b1a37f978f7b3226f9c44dd6a64ea2b0c19575ca832a2968ca8f3ab9c8c23355232283a91c3f7d407129e69b815463521

Download Submit
C:\Windows\System\uJnRKJn.exe

Filesize
6.0MB

MD5
12172fc192295a7655e3b87eae5f0ea7

SHA1
92f63e2c5674e91d6b909d4c6e342603943bb932

SHA256
084ace27b00f9436ad69e343c5e1abee183da59ee64242e62c800778e3723b69

SHA512
a6d7d8522b7e8bf4cb9e1445826fe562cfeb2736cc61c1c23dbe84261dec56b427dfd06a1e50ab06922b3a32ac5257a5972488bff32f49611ba975fc4bf084d7

Download Submit
C:\Windows\System\wWpcLnP.exe

Filesize
6.0MB

MD5
b8de34b78fcbe9044bebd1d314e08074

SHA1
4d1b83402d4d680d4b300b9f7c617f5774519cb9

SHA256
d4d6da80bc107cae8abbc5effb0fe5e95ff71fd856eea31e089e1443f3871948

SHA512
a3bf04fdd8343ce623003b81da41c13a029a7a01b03775ae7313ec2077e91bafc581f8efeb9e2f61306d32f0151df95d2b650c845b6a34d2c688ec7614d3eb23

Download Submit
memory/212-1921-0x00007FF611500000-0x00007FF611854000-memory.dmp

Filesize
3.3MB

Download
memory/212-170-0x00007FF611500000-0x00007FF611854000-memory.dmp

Filesize
3.3MB

Download
memory/228-1125-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp

Filesize
3.3MB

Download
memory/228-8-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp

Filesize
3.3MB

Download
memory/228-79-0x00007FF7BF7F0000-0x00007FF7BFB44000-memory.dmp

Filesize
3.3MB

Download
memory/904-222-0x00007FF6B4600000-0x00007FF6B4954000-memory.dmp

Filesize
3.3MB

Download
memory/904-151-0x00007FF6B4600000-0x00007FF6B4954000-memory.dmp

Filesize
3.3MB

Download
memory/904-1585-0x00007FF6B4600000-0x00007FF6B4954000-memory.dmp

Filesize
3.3MB

Download
memory/1044-147-0x00007FF7B2970000-0x00007FF7B2CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-1582-0x00007FF7B2970000-0x00007FF7B2CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-210-0x00007FF7B2970000-0x00007FF7B2CC4000-memory.dmp

Filesize
3.3MB

Download
memory/1184-110-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp

Filesize
3.3MB

Download
memory/1184-1544-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp

Filesize
3.3MB

Download
memory/1184-183-0x00007FF73C7B0000-0x00007FF73CB04000-memory.dmp

Filesize
3.3MB

Download
memory/1220-1580-0x00007FF7B62A0000-0x00007FF7B65F4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-221-0x00007FF7B62A0000-0x00007FF7B65F4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-150-0x00007FF7B62A0000-0x00007FF7B65F4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1198-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-63-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-121-0x00007FF66AE70000-0x00007FF66B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1200-0x00007FF6F02C0000-0x00007FF6F0614000-memory.dmp

Filesize
3.3MB

Download
memory/2012-69-0x00007FF6F02C0000-0x00007FF6F0614000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1132-0x00007FF776180000-0x00007FF7764D4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-12-0x00007FF776180000-0x00007FF7764D4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-93-0x00007FF776180000-0x00007FF7764D4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1560-0x00007FF6CBDE0000-0x00007FF6CC134000-memory.dmp

Filesize
3.3MB

Download
memory/2272-126-0x00007FF6CBDE0000-0x00007FF6CC134000-memory.dmp

Filesize
3.3MB

Download
memory/2272-207-0x00007FF6CBDE0000-0x00007FF6CC134000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1202-0x00007FF7782D0000-0x00007FF778624000-memory.dmp

Filesize
3.3MB

Download
memory/2420-73-0x00007FF7782D0000-0x00007FF778624000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1577-0x00007FF6AA9D0000-0x00007FF6AAD24000-memory.dmp

Filesize
3.3MB

Download
memory/2448-208-0x00007FF6AA9D0000-0x00007FF6AAD24000-memory.dmp

Filesize
3.3MB

Download
memory/2448-145-0x00007FF6AA9D0000-0x00007FF6AAD24000-memory.dmp

Filesize
3.3MB

Download
memory/2484-114-0x00007FF796850000-0x00007FF796BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1547-0x00007FF796850000-0x00007FF796BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-191-0x00007FF796850000-0x00007FF796BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2059-0x00007FF743C60000-0x00007FF743FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-189-0x00007FF743C60000-0x00007FF743FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-60-0x00007FF7084D0000-0x00007FF708824000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1195-0x00007FF7084D0000-0x00007FF708824000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2064-0x00007FF7FB110000-0x00007FF7FB464000-memory.dmp

Filesize
3.3MB

Download
memory/3124-194-0x00007FF7FB110000-0x00007FF7FB464000-memory.dmp

Filesize
3.3MB

Download
memory/3488-88-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1523-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-165-0x00007FF69C680000-0x00007FF69C9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-99-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-20-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-1170-0x00007FF78E250000-0x00007FF78E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-1196-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-131-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-68-0x00007FF7E2550000-0x00007FF7E28A4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-106-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp

Filesize
3.3MB

Download
memory/3992-24-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1189-0x00007FF7B4D40000-0x00007FF7B5094000-memory.dmp

Filesize
3.3MB

Download
memory/4040-436-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2051-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-175-0x00007FF7C4D50000-0x00007FF7C50A4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-37-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-1194-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-117-0x00007FF7F4A60000-0x00007FF7F4DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-1193-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp

Filesize
3.3MB

Download
memory/4676-113-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp

Filesize
3.3MB

Download
memory/4676-32-0x00007FF6B2500000-0x00007FF6B2854000-memory.dmp

Filesize
3.3MB

Download
memory/4828-1511-0x00007FF6E1EF0000-0x00007FF6E2244000-memory.dmp

Filesize
3.3MB

Download
memory/4828-80-0x00007FF6E1EF0000-0x00007FF6E2244000-memory.dmp

Filesize
3.3MB

Download
memory/4828-159-0x00007FF6E1EF0000-0x00007FF6E2244000-memory.dmp

Filesize
3.3MB

Download
memory/4940-72-0x00007FF7BDE80000-0x00007FF7BE1D4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-1197-0x00007FF7BDE80000-0x00007FF7BE1D4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1536-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-168-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-96-0x00007FF76A260000-0x00007FF76A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-136-0x00007FF7EE670000-0x00007FF7EE9C4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-1573-0x00007FF7EE670000-0x00007FF7EE9C4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-213-0x00007FF7EE670000-0x00007FF7EE9C4000-memory.dmp

Filesize
3.3MB

Download
memory/5688-1543-0x00007FF7698B0000-0x00007FF769C04000-memory.dmp

Filesize
3.3MB

Download
memory/5688-173-0x00007FF7698B0000-0x00007FF769C04000-memory.dmp

Filesize
3.3MB

Download
memory/5688-105-0x00007FF7698B0000-0x00007FF769C04000-memory.dmp

Filesize
3.3MB

Download
memory/6068-0-0x00007FF608650000-0x00007FF6089A4000-memory.dmp

Filesize
3.3MB

Download
memory/6068-78-0x00007FF608650000-0x00007FF6089A4000-memory.dmp

Filesize
3.3MB

Download
memory/6068-1-0x00000148BB360000-0x00000148BB370000-memory.dmp

Filesize
64KB

Download
memory/6080-254-0x00007FF61C520000-0x00007FF61C874000-memory.dmp

Filesize
3.3MB

Download
memory/6080-1919-0x00007FF61C520000-0x00007FF61C874000-memory.dmp

Filesize
3.3MB

Download
memory/6080-164-0x00007FF61C520000-0x00007FF61C874000-memory.dmp

Filesize
3.3MB

Download