cobaltstrike | e271f978f6b7bf43ab387a736512738611934cefbe2a436b7bda981229126ad0

Analysis

max time kernel
115s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

e9fe519c1e81059bbb5666f45ab0c6d7
SHA1

b4070f2d149badee7c4a126cd639a12e0f148e32
SHA256

e271f978f6b7bf43ab387a736512738611934cefbe2a436b7bda981229126ad0
SHA512

118fb8b60efe49e6893a7c1b59d5f9b7c89f53c772aabf9dcdcd65242d3606147ecbb76c487de6401d38221a1a5b99d8a2fd7b5a3d7f6ecea3e810c132329898
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000023f07-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024031-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024030-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024032-21.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002402d-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024036-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024037-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024039-78.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403b-89.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403d-103.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403e-112.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024041-126.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024044-152.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024047-167.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024049-180.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002404e-209.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002404c-207.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002404d-205.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002404b-203.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002404a-198.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024048-186.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024046-170.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024045-160.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024043-147.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024042-137.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024040-128.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403f-123.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403c-96.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002403a-85.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024038-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024035-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024034-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024033-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1400-0-0x00007FF6D49C0000-0x00007FF6D4D14000-memory.dmp	xmrig
behavioral1/files/0x000d000000023f07-5.dat	xmrig
behavioral1/memory/412-6-0x00007FF671FD0000-0x00007FF672324000-memory.dmp	xmrig
behavioral1/files/0x0007000000024031-10.dat	xmrig
behavioral1/files/0x0007000000024030-14.dat	xmrig
behavioral1/files/0x0007000000024032-21.dat	xmrig
behavioral1/memory/2712-23-0x00007FF632DB0000-0x00007FF633104000-memory.dmp	xmrig
behavioral1/files/0x000800000002402d-35.dat	xmrig
behavioral1/files/0x0007000000024036-53.dat	xmrig
behavioral1/files/0x0007000000024037-57.dat	xmrig
behavioral1/memory/1808-72-0x00007FF712670000-0x00007FF7129C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024039-78.dat	xmrig
behavioral1/files/0x000700000002403b-89.dat	xmrig
behavioral1/memory/640-88-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	xmrig
behavioral1/files/0x000700000002403d-103.dat	xmrig
behavioral1/files/0x000700000002403e-112.dat	xmrig
behavioral1/files/0x0007000000024041-126.dat	xmrig
behavioral1/files/0x0007000000024044-152.dat	xmrig
behavioral1/files/0x0007000000024047-167.dat	xmrig
behavioral1/files/0x0007000000024049-180.dat	xmrig
behavioral1/files/0x000700000002404e-209.dat	xmrig
behavioral1/files/0x000700000002404c-207.dat	xmrig
behavioral1/files/0x000700000002404d-205.dat	xmrig
behavioral1/files/0x000700000002404b-203.dat	xmrig
behavioral1/files/0x000700000002404a-198.dat	xmrig
behavioral1/memory/3528-194-0x00007FF7E8300000-0x00007FF7E8654000-memory.dmp	xmrig
behavioral1/memory/1156-193-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000024048-186.dat	xmrig
behavioral1/memory/5108-185-0x00007FF720F30000-0x00007FF721284000-memory.dmp	xmrig
behavioral1/memory/3088-184-0x00007FF752220000-0x00007FF752574000-memory.dmp	xmrig
behavioral1/memory/1776-183-0x00007FF6D4B20000-0x00007FF6D4E74000-memory.dmp	xmrig
behavioral1/memory/2256-179-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp	xmrig
behavioral1/memory/1792-173-0x00007FF674EE0000-0x00007FF675234000-memory.dmp	xmrig
behavioral1/memory/1016-172-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp	xmrig
behavioral1/files/0x0007000000024046-170.dat	xmrig
behavioral1/memory/4160-166-0x00007FF761640000-0x00007FF761994000-memory.dmp	xmrig
behavioral1/memory/2228-165-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024045-160.dat	xmrig
behavioral1/memory/380-157-0x00007FF76A470000-0x00007FF76A7C4000-memory.dmp	xmrig
behavioral1/memory/640-156-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	xmrig
behavioral1/memory/4624-150-0x00007FF767450000-0x00007FF7677A4000-memory.dmp	xmrig
behavioral1/memory/3268-149-0x00007FF745150000-0x00007FF7454A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024043-147.dat	xmrig
behavioral1/memory/1796-144-0x00007FF7DDD10000-0x00007FF7DE064000-memory.dmp	xmrig
behavioral1/memory/2280-143-0x00007FF628690000-0x00007FF6289E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024042-137.dat	xmrig
behavioral1/memory/2900-136-0x00007FF625530000-0x00007FF625884000-memory.dmp	xmrig
behavioral1/memory/1568-135-0x00007FF754450000-0x00007FF7547A4000-memory.dmp	xmrig
behavioral1/memory/4540-132-0x00007FF62F960000-0x00007FF62FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024040-128.dat	xmrig
behavioral1/memory/1156-125-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp	xmrig
behavioral1/files/0x000700000002403f-123.dat	xmrig
behavioral1/memory/3088-119-0x00007FF752220000-0x00007FF752574000-memory.dmp	xmrig
behavioral1/memory/4904-118-0x00007FF7BF480000-0x00007FF7BF7D4000-memory.dmp	xmrig
behavioral1/memory/1716-117-0x00007FF716890000-0x00007FF716BE4000-memory.dmp	xmrig
behavioral1/memory/2256-109-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp	xmrig
behavioral1/memory/3180-108-0x00007FF78F540000-0x00007FF78F894000-memory.dmp	xmrig
behavioral1/memory/1016-102-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp	xmrig
behavioral1/memory/5088-101-0x00007FF7AFC00000-0x00007FF7AFF54000-memory.dmp	xmrig
behavioral1/files/0x000700000002403c-96.dat	xmrig
behavioral1/memory/2228-95-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp	xmrig
behavioral1/memory/4688-94-0x00007FF7D1B20000-0x00007FF7D1E74000-memory.dmp	xmrig
behavioral1/files/0x000700000002403a-85.dat	xmrig
behavioral1/memory/3268-84-0x00007FF745150000-0x00007FF7454A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
412	WwHBovi.exe
2056	XxrRIEM.exe
3152	MrEwBEe.exe
2712	BvaTzwN.exe
4688	tftuTQt.exe
5088	wNISfWt.exe
3180	DFTEAfy.exe
1716	wEyHJsu.exe
4904	DRqEOVw.exe
4540	uhOxJYu.exe
1808	GLrRDsj.exe
2280	OiKkNQK.exe
3268	ZgfVLwH.exe
640	YwCAGxI.exe
2228	DwJKjUb.exe
1016	AFZjvuq.exe
2256	FIZdgTc.exe
3088	NTYmJQn.exe
1156	wKQcTRc.exe
1568	ulxWsEl.exe
2900	EqZOAHu.exe
1796	hFDUPGD.exe
4624	oLvOwzH.exe
380	URaspgk.exe
4160	rxDPnAm.exe
1792	weYkvdh.exe
1776	mtJawZT.exe
5108	HkebmXs.exe
3528	gpwDADK.exe
4916	pShmStI.exe
4120	HGEpDma.exe
8	IiyNFap.exe
4428	OJdgEbi.exe
820	JQGWguT.exe
3720	WNgPmgF.exe
2188	GntEKGd.exe
3964	QvWzrVX.exe
1720	cpICNjk.exe
2488	EgFJxpB.exe
4608	pRrYwfT.exe
228	mzmdseI.exe
4168	uWiRIaS.exe
464	RiJOyTV.exe
4800	tzyNFej.exe
1064	YhvTHFi.exe
2388	LpejmwX.exe
892	WKxaxJV.exe
1384	yvIuJAW.exe
940	SIJbbnF.exe
1968	tXpFqyu.exe
3584	NkXKJKd.exe
1964	CKSeGGn.exe
2872	hryOcZL.exe
3168	PQZbjKn.exe
3172	PIrNNbZ.exe
4588	ASIDsTA.exe
2164	mjvUbxq.exe
2692	RLzOtfg.exe
5128	mEKxBlM.exe
5160	aByTTmE.exe
5196	mOKPkjp.exe
5224	fCbDYHB.exe
5240	ssJFcrp.exe
5280	NSSaCSJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1400-0-0x00007FF6D49C0000-0x00007FF6D4D14000-memory.dmp	upx
behavioral1/files/0x000d000000023f07-5.dat	upx
behavioral1/memory/412-6-0x00007FF671FD0000-0x00007FF672324000-memory.dmp	upx
behavioral1/files/0x0007000000024031-10.dat	upx
behavioral1/files/0x0007000000024030-14.dat	upx
behavioral1/files/0x0007000000024032-21.dat	upx
behavioral1/memory/2712-23-0x00007FF632DB0000-0x00007FF633104000-memory.dmp	upx
behavioral1/files/0x000800000002402d-35.dat	upx
behavioral1/files/0x0007000000024036-53.dat	upx
behavioral1/files/0x0007000000024037-57.dat	upx
behavioral1/memory/1808-72-0x00007FF712670000-0x00007FF7129C4000-memory.dmp	upx
behavioral1/files/0x0007000000024039-78.dat	upx
behavioral1/files/0x000700000002403b-89.dat	upx
behavioral1/memory/640-88-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	upx
behavioral1/files/0x000700000002403d-103.dat	upx
behavioral1/files/0x000700000002403e-112.dat	upx
behavioral1/files/0x0007000000024041-126.dat	upx
behavioral1/files/0x0007000000024044-152.dat	upx
behavioral1/files/0x0007000000024047-167.dat	upx
behavioral1/files/0x0007000000024049-180.dat	upx
behavioral1/files/0x000700000002404e-209.dat	upx
behavioral1/files/0x000700000002404c-207.dat	upx
behavioral1/files/0x000700000002404d-205.dat	upx
behavioral1/files/0x000700000002404b-203.dat	upx
behavioral1/files/0x000700000002404a-198.dat	upx
behavioral1/memory/3528-194-0x00007FF7E8300000-0x00007FF7E8654000-memory.dmp	upx
behavioral1/memory/1156-193-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp	upx
behavioral1/files/0x0007000000024048-186.dat	upx
behavioral1/memory/5108-185-0x00007FF720F30000-0x00007FF721284000-memory.dmp	upx
behavioral1/memory/3088-184-0x00007FF752220000-0x00007FF752574000-memory.dmp	upx
behavioral1/memory/1776-183-0x00007FF6D4B20000-0x00007FF6D4E74000-memory.dmp	upx
behavioral1/memory/2256-179-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp	upx
behavioral1/memory/1792-173-0x00007FF674EE0000-0x00007FF675234000-memory.dmp	upx
behavioral1/memory/1016-172-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp	upx
behavioral1/files/0x0007000000024046-170.dat	upx
behavioral1/memory/4160-166-0x00007FF761640000-0x00007FF761994000-memory.dmp	upx
behavioral1/memory/2228-165-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp	upx
behavioral1/files/0x0007000000024045-160.dat	upx
behavioral1/memory/380-157-0x00007FF76A470000-0x00007FF76A7C4000-memory.dmp	upx
behavioral1/memory/640-156-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	upx
behavioral1/memory/4624-150-0x00007FF767450000-0x00007FF7677A4000-memory.dmp	upx
behavioral1/memory/3268-149-0x00007FF745150000-0x00007FF7454A4000-memory.dmp	upx
behavioral1/files/0x0007000000024043-147.dat	upx
behavioral1/memory/1796-144-0x00007FF7DDD10000-0x00007FF7DE064000-memory.dmp	upx
behavioral1/memory/2280-143-0x00007FF628690000-0x00007FF6289E4000-memory.dmp	upx
behavioral1/files/0x0007000000024042-137.dat	upx
behavioral1/memory/2900-136-0x00007FF625530000-0x00007FF625884000-memory.dmp	upx
behavioral1/memory/1568-135-0x00007FF754450000-0x00007FF7547A4000-memory.dmp	upx
behavioral1/memory/4540-132-0x00007FF62F960000-0x00007FF62FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000024040-128.dat	upx
behavioral1/memory/1156-125-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp	upx
behavioral1/files/0x000700000002403f-123.dat	upx
behavioral1/memory/3088-119-0x00007FF752220000-0x00007FF752574000-memory.dmp	upx
behavioral1/memory/4904-118-0x00007FF7BF480000-0x00007FF7BF7D4000-memory.dmp	upx
behavioral1/memory/1716-117-0x00007FF716890000-0x00007FF716BE4000-memory.dmp	upx
behavioral1/memory/2256-109-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp	upx
behavioral1/memory/3180-108-0x00007FF78F540000-0x00007FF78F894000-memory.dmp	upx
behavioral1/memory/1016-102-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp	upx
behavioral1/memory/5088-101-0x00007FF7AFC00000-0x00007FF7AFF54000-memory.dmp	upx
behavioral1/files/0x000700000002403c-96.dat	upx
behavioral1/memory/2228-95-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp	upx
behavioral1/memory/4688-94-0x00007FF7D1B20000-0x00007FF7D1E74000-memory.dmp	upx
behavioral1/files/0x000700000002403a-85.dat	upx
behavioral1/memory/3268-84-0x00007FF745150000-0x00007FF7454A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hLriYfZ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bKmcZbR.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mvispAu.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XphWPgT.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oNDFUgG.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yvIuJAW.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rIYZMYQ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\imBnuFR.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jGFRAEP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ylIfeec.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xZGmQqZ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ionomyr.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HGEpDma.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mjCfVuB.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dUGQTbt.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\huxLQLC.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aDIiICp.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\REBWZVe.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tzyNFej.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JxvVPOA.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\btuZCnN.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rikNcMn.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IRszdlk.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tZYEhFQ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Qqyjiia.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lUQRqMC.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mztoVWd.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ByIwMrY.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\umCvxJV.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RenrMHP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZWALueo.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MhTtptI.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CQkDZMY.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QWyXDEB.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PIuozWZ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VyLzwcm.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DESDicL.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zWKkizH.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uMBWeNC.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DZrsZNq.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SiAuWri.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cyWmPvP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LBBvfUC.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tjaxaVC.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kMYWZNz.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DhgHeBN.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TtwLZEN.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xMhTvET.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oLvOwzH.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hrqctmb.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XqgMOZk.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mxBtOLU.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iQQAWUE.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PBoAxTP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XnxevcX.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\REOjXGS.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yfPKDUD.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eJCEkAI.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JCZizGe.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mdkAEdz.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jhsCQDe.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DOgPTIH.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uWiRIaS.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HRdLcEX.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 412	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1400 wrote to memory of 412	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1400 wrote to memory of 2056	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1400 wrote to memory of 2056	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1400 wrote to memory of 3152	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1400 wrote to memory of 3152	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1400 wrote to memory of 2712	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1400 wrote to memory of 2712	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1400 wrote to memory of 4688	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 1400 wrote to memory of 4688	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 1400 wrote to memory of 5088	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 1400 wrote to memory of 5088	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 1400 wrote to memory of 3180	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1400 wrote to memory of 3180	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1400 wrote to memory of 1716	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1400 wrote to memory of 1716	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1400 wrote to memory of 4904	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1400 wrote to memory of 4904	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1400 wrote to memory of 4540	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1400 wrote to memory of 4540	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1400 wrote to memory of 1808	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1400 wrote to memory of 1808	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1400 wrote to memory of 2280	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1400 wrote to memory of 2280	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1400 wrote to memory of 3268	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1400 wrote to memory of 3268	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1400 wrote to memory of 640	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1400 wrote to memory of 640	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1400 wrote to memory of 2228	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1400 wrote to memory of 2228	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1400 wrote to memory of 1016	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1400 wrote to memory of 1016	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1400 wrote to memory of 2256	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 1400 wrote to memory of 2256	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 1400 wrote to memory of 3088	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1400 wrote to memory of 3088	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1400 wrote to memory of 1156	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1400 wrote to memory of 1156	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1400 wrote to memory of 1568	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1400 wrote to memory of 1568	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1400 wrote to memory of 2900	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1400 wrote to memory of 2900	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1400 wrote to memory of 1796	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1400 wrote to memory of 1796	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1400 wrote to memory of 4624	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1400 wrote to memory of 4624	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1400 wrote to memory of 380	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1400 wrote to memory of 380	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1400 wrote to memory of 4160	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1400 wrote to memory of 4160	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1400 wrote to memory of 1792	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1400 wrote to memory of 1792	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1400 wrote to memory of 1776	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1400 wrote to memory of 1776	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1400 wrote to memory of 5108	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1400 wrote to memory of 5108	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1400 wrote to memory of 3528	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1400 wrote to memory of 3528	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1400 wrote to memory of 4916	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1400 wrote to memory of 4916	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1400 wrote to memory of 4120	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1400 wrote to memory of 4120	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1400 wrote to memory of 8	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1400 wrote to memory of 8	1400	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\System\WwHBovi.exe
  C:\Windows\System\WwHBovi.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\XxrRIEM.exe
  C:\Windows\System\XxrRIEM.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MrEwBEe.exe
  C:\Windows\System\MrEwBEe.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\BvaTzwN.exe
  C:\Windows\System\BvaTzwN.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\tftuTQt.exe
  C:\Windows\System\tftuTQt.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\wNISfWt.exe
  C:\Windows\System\wNISfWt.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\DFTEAfy.exe
  C:\Windows\System\DFTEAfy.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\wEyHJsu.exe
  C:\Windows\System\wEyHJsu.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\DRqEOVw.exe
  C:\Windows\System\DRqEOVw.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\uhOxJYu.exe
  C:\Windows\System\uhOxJYu.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\GLrRDsj.exe
  C:\Windows\System\GLrRDsj.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\OiKkNQK.exe
  C:\Windows\System\OiKkNQK.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ZgfVLwH.exe
  C:\Windows\System\ZgfVLwH.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\YwCAGxI.exe
  C:\Windows\System\YwCAGxI.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\DwJKjUb.exe
  C:\Windows\System\DwJKjUb.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\AFZjvuq.exe
  C:\Windows\System\AFZjvuq.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\FIZdgTc.exe
  C:\Windows\System\FIZdgTc.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\NTYmJQn.exe
  C:\Windows\System\NTYmJQn.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\wKQcTRc.exe
  C:\Windows\System\wKQcTRc.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\ulxWsEl.exe
  C:\Windows\System\ulxWsEl.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\EqZOAHu.exe
  C:\Windows\System\EqZOAHu.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\hFDUPGD.exe
  C:\Windows\System\hFDUPGD.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\oLvOwzH.exe
  C:\Windows\System\oLvOwzH.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\URaspgk.exe
  C:\Windows\System\URaspgk.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\rxDPnAm.exe
  C:\Windows\System\rxDPnAm.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\weYkvdh.exe
  C:\Windows\System\weYkvdh.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\mtJawZT.exe
  C:\Windows\System\mtJawZT.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\HkebmXs.exe
  C:\Windows\System\HkebmXs.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\gpwDADK.exe
  C:\Windows\System\gpwDADK.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\pShmStI.exe
  C:\Windows\System\pShmStI.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\HGEpDma.exe
  C:\Windows\System\HGEpDma.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\IiyNFap.exe
  C:\Windows\System\IiyNFap.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\OJdgEbi.exe
  C:\Windows\System\OJdgEbi.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\JQGWguT.exe
  C:\Windows\System\JQGWguT.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\WNgPmgF.exe
  C:\Windows\System\WNgPmgF.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\GntEKGd.exe
  C:\Windows\System\GntEKGd.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\QvWzrVX.exe
  C:\Windows\System\QvWzrVX.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\cpICNjk.exe
  C:\Windows\System\cpICNjk.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\EgFJxpB.exe
  C:\Windows\System\EgFJxpB.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\pRrYwfT.exe
  C:\Windows\System\pRrYwfT.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\mzmdseI.exe
  C:\Windows\System\mzmdseI.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\uWiRIaS.exe
  C:\Windows\System\uWiRIaS.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\RiJOyTV.exe
  C:\Windows\System\RiJOyTV.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\tzyNFej.exe
  C:\Windows\System\tzyNFej.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\YhvTHFi.exe
  C:\Windows\System\YhvTHFi.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\LpejmwX.exe
  C:\Windows\System\LpejmwX.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\WKxaxJV.exe
  C:\Windows\System\WKxaxJV.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\yvIuJAW.exe
  C:\Windows\System\yvIuJAW.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\SIJbbnF.exe
  C:\Windows\System\SIJbbnF.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\tXpFqyu.exe
  C:\Windows\System\tXpFqyu.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\NkXKJKd.exe
  C:\Windows\System\NkXKJKd.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\CKSeGGn.exe
  C:\Windows\System\CKSeGGn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\hryOcZL.exe
  C:\Windows\System\hryOcZL.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\PQZbjKn.exe
  C:\Windows\System\PQZbjKn.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\PIrNNbZ.exe
  C:\Windows\System\PIrNNbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\ASIDsTA.exe
  C:\Windows\System\ASIDsTA.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\mjvUbxq.exe
  C:\Windows\System\mjvUbxq.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\RLzOtfg.exe
  C:\Windows\System\RLzOtfg.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\mEKxBlM.exe
  C:\Windows\System\mEKxBlM.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System\aByTTmE.exe
  C:\Windows\System\aByTTmE.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\mOKPkjp.exe
  C:\Windows\System\mOKPkjp.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\fCbDYHB.exe
  C:\Windows\System\fCbDYHB.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\ssJFcrp.exe
  C:\Windows\System\ssJFcrp.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System\NSSaCSJ.exe
  C:\Windows\System\NSSaCSJ.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\WJcPvzN.exe
  C:\Windows\System\WJcPvzN.exe
  2⤵
  PID:5308
- C:\Windows\System\JMEnGJL.exe
  C:\Windows\System\JMEnGJL.exe
  2⤵
  PID:5336
- C:\Windows\System\OUPrgAK.exe
  C:\Windows\System\OUPrgAK.exe
  2⤵
  PID:5364
- C:\Windows\System\uEQAcwP.exe
  C:\Windows\System\uEQAcwP.exe
  2⤵
  PID:5380
- C:\Windows\System\xWxurtZ.exe
  C:\Windows\System\xWxurtZ.exe
  2⤵
  PID:5408
- C:\Windows\System\toEsZEv.exe
  C:\Windows\System\toEsZEv.exe
  2⤵
  PID:5436
- C:\Windows\System\lWqYdiD.exe
  C:\Windows\System\lWqYdiD.exe
  2⤵
  PID:5464
- C:\Windows\System\moZLOcr.exe
  C:\Windows\System\moZLOcr.exe
  2⤵
  PID:5492
- C:\Windows\System\rleXrFU.exe
  C:\Windows\System\rleXrFU.exe
  2⤵
  PID:5520
- C:\Windows\System\ygdNqxi.exe
  C:\Windows\System\ygdNqxi.exe
  2⤵
  PID:5548
- C:\Windows\System\VAQZBhg.exe
  C:\Windows\System\VAQZBhg.exe
  2⤵
  PID:5584
- C:\Windows\System\bzVIbAi.exe
  C:\Windows\System\bzVIbAi.exe
  2⤵
  PID:5612
- C:\Windows\System\NfCkkSW.exe
  C:\Windows\System\NfCkkSW.exe
  2⤵
  PID:5640
- C:\Windows\System\cEvCIRu.exe
  C:\Windows\System\cEvCIRu.exe
  2⤵
  PID:5672
- C:\Windows\System\raXcYhI.exe
  C:\Windows\System\raXcYhI.exe
  2⤵
  PID:5712
- C:\Windows\System\NEYRwkV.exe
  C:\Windows\System\NEYRwkV.exe
  2⤵
  PID:5728
- C:\Windows\System\OmoTbJP.exe
  C:\Windows\System\OmoTbJP.exe
  2⤵
  PID:5756
- C:\Windows\System\WESNuLs.exe
  C:\Windows\System\WESNuLs.exe
  2⤵
  PID:5780
- C:\Windows\System\bJaiLFF.exe
  C:\Windows\System\bJaiLFF.exe
  2⤵
  PID:5808
- C:\Windows\System\btuZCnN.exe
  C:\Windows\System\btuZCnN.exe
  2⤵
  PID:5840
- C:\Windows\System\CNPiGWn.exe
  C:\Windows\System\CNPiGWn.exe
  2⤵
  PID:5880
- C:\Windows\System\nhILYNF.exe
  C:\Windows\System\nhILYNF.exe
  2⤵
  PID:5896
- C:\Windows\System\wxHzqpF.exe
  C:\Windows\System\wxHzqpF.exe
  2⤵
  PID:5924
- C:\Windows\System\BnFJEmb.exe
  C:\Windows\System\BnFJEmb.exe
  2⤵
  PID:5948
- C:\Windows\System\lUJLgWg.exe
  C:\Windows\System\lUJLgWg.exe
  2⤵
  PID:5980
- C:\Windows\System\MbwezNc.exe
  C:\Windows\System\MbwezNc.exe
  2⤵
  PID:6008
- C:\Windows\System\mwbAxKb.exe
  C:\Windows\System\mwbAxKb.exe
  2⤵
  PID:6036
- C:\Windows\System\KLLsASk.exe
  C:\Windows\System\KLLsASk.exe
  2⤵
  PID:6064
- C:\Windows\System\gVAcbTb.exe
  C:\Windows\System\gVAcbTb.exe
  2⤵
  PID:6092
- C:\Windows\System\IRYdAQf.exe
  C:\Windows\System\IRYdAQf.exe
  2⤵
  PID:6120
- C:\Windows\System\NBIEzlH.exe
  C:\Windows\System\NBIEzlH.exe
  2⤵
  PID:1596
- C:\Windows\System\bJPSDmC.exe
  C:\Windows\System\bJPSDmC.exe
  2⤵
  PID:3644
- C:\Windows\System\rikNcMn.exe
  C:\Windows\System\rikNcMn.exe
  2⤵
  PID:4060
- C:\Windows\System\UFBXtVo.exe
  C:\Windows\System\UFBXtVo.exe
  2⤵
  PID:2772
- C:\Windows\System\JORioSc.exe
  C:\Windows\System\JORioSc.exe
  2⤵
  PID:368
- C:\Windows\System\nknPkWd.exe
  C:\Windows\System\nknPkWd.exe
  2⤵
  PID:3304
- C:\Windows\System\DVpEfav.exe
  C:\Windows\System\DVpEfav.exe
  2⤵
  PID:5180
- C:\Windows\System\dvcSrNk.exe
  C:\Windows\System\dvcSrNk.exe
  2⤵
  PID:5236
- C:\Windows\System\EeOhlDK.exe
  C:\Windows\System\EeOhlDK.exe
  2⤵
  PID:5300
- C:\Windows\System\wKcnvcO.exe
  C:\Windows\System\wKcnvcO.exe
  2⤵
  PID:5372
- C:\Windows\System\BJswMRo.exe
  C:\Windows\System\BJswMRo.exe
  2⤵
  PID:5400
- C:\Windows\System\hnYfunr.exe
  C:\Windows\System\hnYfunr.exe
  2⤵
  PID:5476
- C:\Windows\System\jChXYQG.exe
  C:\Windows\System\jChXYQG.exe
  2⤵
  PID:5532
- C:\Windows\System\pWYNWVa.exe
  C:\Windows\System\pWYNWVa.exe
  2⤵
  PID:5604
- C:\Windows\System\tRYGHNP.exe
  C:\Windows\System\tRYGHNP.exe
  2⤵
  PID:5668
- C:\Windows\System\FAWNanN.exe
  C:\Windows\System\FAWNanN.exe
  2⤵
  PID:5740
- C:\Windows\System\WYoPjrw.exe
  C:\Windows\System\WYoPjrw.exe
  2⤵
  PID:5800
- C:\Windows\System\qZqllTG.exe
  C:\Windows\System\qZqllTG.exe
  2⤵
  PID:5868
- C:\Windows\System\giwHTyK.exe
  C:\Windows\System\giwHTyK.exe
  2⤵
  PID:5944
- C:\Windows\System\wwTmtbu.exe
  C:\Windows\System\wwTmtbu.exe
  2⤵
  PID:6048
- C:\Windows\System\alSHPAI.exe
  C:\Windows\System\alSHPAI.exe
  2⤵
  PID:6080
- C:\Windows\System\uGTwKSt.exe
  C:\Windows\System\uGTwKSt.exe
  2⤵
  PID:6140
- C:\Windows\System\TtwLZEN.exe
  C:\Windows\System\TtwLZEN.exe
  2⤵
  PID:2708
- C:\Windows\System\hrqctmb.exe
  C:\Windows\System\hrqctmb.exe
  2⤵
  PID:2208
- C:\Windows\System\hgyWuEG.exe
  C:\Windows\System\hgyWuEG.exe
  2⤵
  PID:5148
- C:\Windows\System\KcYWBCS.exe
  C:\Windows\System\KcYWBCS.exe
  2⤵
  PID:5332
- C:\Windows\System\XXDcvyj.exe
  C:\Windows\System\XXDcvyj.exe
  2⤵
  PID:5452
- C:\Windows\System\kHjZanM.exe
  C:\Windows\System\kHjZanM.exe
  2⤵
  PID:5632
- C:\Windows\System\RaLfuhN.exe
  C:\Windows\System\RaLfuhN.exe
  2⤵
  PID:6184
- C:\Windows\System\fWmoVDc.exe
  C:\Windows\System\fWmoVDc.exe
  2⤵
  PID:6212
- C:\Windows\System\ujXGtZp.exe
  C:\Windows\System\ujXGtZp.exe
  2⤵
  PID:6240
- C:\Windows\System\vrxuCUL.exe
  C:\Windows\System\vrxuCUL.exe
  2⤵
  PID:6256
- C:\Windows\System\lWSKJTM.exe
  C:\Windows\System\lWSKJTM.exe
  2⤵
  PID:6284
- C:\Windows\System\jsflgKS.exe
  C:\Windows\System\jsflgKS.exe
  2⤵
  PID:6312
- C:\Windows\System\zGjJwpb.exe
  C:\Windows\System\zGjJwpb.exe
  2⤵
  PID:6340
- C:\Windows\System\WNhLhqj.exe
  C:\Windows\System\WNhLhqj.exe
  2⤵
  PID:6364
- C:\Windows\System\eJCEkAI.exe
  C:\Windows\System\eJCEkAI.exe
  2⤵
  PID:6396
- C:\Windows\System\csiVzIl.exe
  C:\Windows\System\csiVzIl.exe
  2⤵
  PID:6424
- C:\Windows\System\vHjVTjK.exe
  C:\Windows\System\vHjVTjK.exe
  2⤵
  PID:6452
- C:\Windows\System\GehXwzQ.exe
  C:\Windows\System\GehXwzQ.exe
  2⤵
  PID:6492
- C:\Windows\System\jGFRAEP.exe
  C:\Windows\System\jGFRAEP.exe
  2⤵
  PID:6520
- C:\Windows\System\eekNLLY.exe
  C:\Windows\System\eekNLLY.exe
  2⤵
  PID:6548
- C:\Windows\System\kRLyyyM.exe
  C:\Windows\System\kRLyyyM.exe
  2⤵
  PID:6564
- C:\Windows\System\bMjtgSW.exe
  C:\Windows\System\bMjtgSW.exe
  2⤵
  PID:6604
- C:\Windows\System\aDsrzeR.exe
  C:\Windows\System\aDsrzeR.exe
  2⤵
  PID:6632
- C:\Windows\System\lIOYDxY.exe
  C:\Windows\System\lIOYDxY.exe
  2⤵
  PID:6660
- C:\Windows\System\fnRvSMy.exe
  C:\Windows\System\fnRvSMy.exe
  2⤵
  PID:6688
- C:\Windows\System\UxNksbo.exe
  C:\Windows\System\UxNksbo.exe
  2⤵
  PID:6704
- C:\Windows\System\TwTAOAw.exe
  C:\Windows\System\TwTAOAw.exe
  2⤵
  PID:6732
- C:\Windows\System\kgVepPV.exe
  C:\Windows\System\kgVepPV.exe
  2⤵
  PID:6772
- C:\Windows\System\koshAdZ.exe
  C:\Windows\System\koshAdZ.exe
  2⤵
  PID:6800
- C:\Windows\System\yLiVLyH.exe
  C:\Windows\System\yLiVLyH.exe
  2⤵
  PID:6816
- C:\Windows\System\NuXOuZH.exe
  C:\Windows\System\NuXOuZH.exe
  2⤵
  PID:6844
- C:\Windows\System\EQzUank.exe
  C:\Windows\System\EQzUank.exe
  2⤵
  PID:6872
- C:\Windows\System\LKlYTUJ.exe
  C:\Windows\System\LKlYTUJ.exe
  2⤵
  PID:6912
- C:\Windows\System\mcTOzWy.exe
  C:\Windows\System\mcTOzWy.exe
  2⤵
  PID:6940
- C:\Windows\System\MIpVtRT.exe
  C:\Windows\System\MIpVtRT.exe
  2⤵
  PID:6980
- C:\Windows\System\RefcvrW.exe
  C:\Windows\System\RefcvrW.exe
  2⤵
  PID:7008
- C:\Windows\System\sRtDgyE.exe
  C:\Windows\System\sRtDgyE.exe
  2⤵
  PID:7024
- C:\Windows\System\WqbDYRk.exe
  C:\Windows\System\WqbDYRk.exe
  2⤵
  PID:7052
- C:\Windows\System\XqgMOZk.exe
  C:\Windows\System\XqgMOZk.exe
  2⤵
  PID:7068
- C:\Windows\System\NqqdVeT.exe
  C:\Windows\System\NqqdVeT.exe
  2⤵
  PID:7096
- C:\Windows\System\xPebvWu.exe
  C:\Windows\System\xPebvWu.exe
  2⤵
  PID:7136
- C:\Windows\System\iDVBIUy.exe
  C:\Windows\System\iDVBIUy.exe
  2⤵
  PID:7164
- C:\Windows\System\iYdQtJv.exe
  C:\Windows\System\iYdQtJv.exe
  2⤵
  PID:5768
- C:\Windows\System\heoLZxr.exe
  C:\Windows\System\heoLZxr.exe
  2⤵
  PID:5852
- C:\Windows\System\TmzRnTz.exe
  C:\Windows\System\TmzRnTz.exe
  2⤵
  PID:6020
- C:\Windows\System\WeXnOcP.exe
  C:\Windows\System\WeXnOcP.exe
  2⤵
  PID:1368
- C:\Windows\System\KBqLRTk.exe
  C:\Windows\System\KBqLRTk.exe
  2⤵
  PID:5144
- C:\Windows\System\ZwunAnr.exe
  C:\Windows\System\ZwunAnr.exe
  2⤵
  PID:5512
- C:\Windows\System\sEDIcLU.exe
  C:\Windows\System\sEDIcLU.exe
  2⤵
  PID:6224
- C:\Windows\System\ntCfjeC.exe
  C:\Windows\System\ntCfjeC.exe
  2⤵
  PID:6276
- C:\Windows\System\BozOUkG.exe
  C:\Windows\System\BozOUkG.exe
  2⤵
  PID:6352
- C:\Windows\System\NYEZiJW.exe
  C:\Windows\System\NYEZiJW.exe
  2⤵
  PID:6440
- C:\Windows\System\MyMwiFg.exe
  C:\Windows\System\MyMwiFg.exe
  2⤵
  PID:6508
- C:\Windows\System\qrOfvzc.exe
  C:\Windows\System\qrOfvzc.exe
  2⤵
  PID:6540
- C:\Windows\System\zcNGWMt.exe
  C:\Windows\System\zcNGWMt.exe
  2⤵
  PID:6616
- C:\Windows\System\MhTtptI.exe
  C:\Windows\System\MhTtptI.exe
  2⤵
  PID:6648
- C:\Windows\System\QGVzGwK.exe
  C:\Windows\System\QGVzGwK.exe
  2⤵
  PID:6716
- C:\Windows\System\IayAtcL.exe
  C:\Windows\System\IayAtcL.exe
  2⤵
  PID:6792
- C:\Windows\System\jlIZWTl.exe
  C:\Windows\System\jlIZWTl.exe
  2⤵
  PID:6864
- C:\Windows\System\QhQHrZa.exe
  C:\Windows\System\QhQHrZa.exe
  2⤵
  PID:6904
- C:\Windows\System\mztoVWd.exe
  C:\Windows\System\mztoVWd.exe
  2⤵
  PID:6972
- C:\Windows\System\FvVWQkj.exe
  C:\Windows\System\FvVWQkj.exe
  2⤵
  PID:7040
- C:\Windows\System\FnYvNpc.exe
  C:\Windows\System\FnYvNpc.exe
  2⤵
  PID:7108
- C:\Windows\System\LBOGHDl.exe
  C:\Windows\System\LBOGHDl.exe
  2⤵
  PID:7156
- C:\Windows\System\eFtenyj.exe
  C:\Windows\System\eFtenyj.exe
  2⤵
  PID:5972
- C:\Windows\System\YattlEN.exe
  C:\Windows\System\YattlEN.exe
  2⤵
  PID:5292
- C:\Windows\System\ngKMkjn.exe
  C:\Windows\System\ngKMkjn.exe
  2⤵
  PID:6204
- C:\Windows\System\GUolJZA.exe
  C:\Windows\System\GUolJZA.exe
  2⤵
  PID:6380
- C:\Windows\System\IylhWhH.exe
  C:\Windows\System\IylhWhH.exe
  2⤵
  PID:6588
- C:\Windows\System\OtpgejA.exe
  C:\Windows\System\OtpgejA.exe
  2⤵
  PID:6744
- C:\Windows\System\SOwZXIK.exe
  C:\Windows\System\SOwZXIK.exe
  2⤵
  PID:6896
- C:\Windows\System\FHvBcGe.exe
  C:\Windows\System\FHvBcGe.exe
  2⤵
  PID:7184
- C:\Windows\System\pqTFfmi.exe
  C:\Windows\System\pqTFfmi.exe
  2⤵
  PID:7212
- C:\Windows\System\ETEytDm.exe
  C:\Windows\System\ETEytDm.exe
  2⤵
  PID:7240
- C:\Windows\System\HxDoUAN.exe
  C:\Windows\System\HxDoUAN.exe
  2⤵
  PID:7268
- C:\Windows\System\QQqDONg.exe
  C:\Windows\System\QQqDONg.exe
  2⤵
  PID:7296
- C:\Windows\System\smTQAdB.exe
  C:\Windows\System\smTQAdB.exe
  2⤵
  PID:7324
- C:\Windows\System\AYoqcPE.exe
  C:\Windows\System\AYoqcPE.exe
  2⤵
  PID:7352
- C:\Windows\System\dNItIjW.exe
  C:\Windows\System\dNItIjW.exe
  2⤵
  PID:7380
- C:\Windows\System\iwmvoDx.exe
  C:\Windows\System\iwmvoDx.exe
  2⤵
  PID:7408
- C:\Windows\System\vZVWsAD.exe
  C:\Windows\System\vZVWsAD.exe
  2⤵
  PID:7436
- C:\Windows\System\jAjflAI.exe
  C:\Windows\System\jAjflAI.exe
  2⤵
  PID:7464
- C:\Windows\System\tKVutzf.exe
  C:\Windows\System\tKVutzf.exe
  2⤵
  PID:7492
- C:\Windows\System\ElBuIWX.exe
  C:\Windows\System\ElBuIWX.exe
  2⤵
  PID:7520
- C:\Windows\System\FQOCnpP.exe
  C:\Windows\System\FQOCnpP.exe
  2⤵
  PID:7548
- C:\Windows\System\zuNPpvU.exe
  C:\Windows\System\zuNPpvU.exe
  2⤵
  PID:7580
- C:\Windows\System\ibbktLw.exe
  C:\Windows\System\ibbktLw.exe
  2⤵
  PID:7604
- C:\Windows\System\DZrsZNq.exe
  C:\Windows\System\DZrsZNq.exe
  2⤵
  PID:7632
- C:\Windows\System\ryfYUhj.exe
  C:\Windows\System\ryfYUhj.exe
  2⤵
  PID:7660
- C:\Windows\System\tVxsaDl.exe
  C:\Windows\System\tVxsaDl.exe
  2⤵
  PID:7688
- C:\Windows\System\cRwIncr.exe
  C:\Windows\System\cRwIncr.exe
  2⤵
  PID:7716
- C:\Windows\System\tjaxaVC.exe
  C:\Windows\System\tjaxaVC.exe
  2⤵
  PID:7744
- C:\Windows\System\eNRorqS.exe
  C:\Windows\System\eNRorqS.exe
  2⤵
  PID:7772
- C:\Windows\System\UfBlMBW.exe
  C:\Windows\System\UfBlMBW.exe
  2⤵
  PID:7800
- C:\Windows\System\VRitqwV.exe
  C:\Windows\System\VRitqwV.exe
  2⤵
  PID:7828
- C:\Windows\System\FzrJZZX.exe
  C:\Windows\System\FzrJZZX.exe
  2⤵
  PID:7856
- C:\Windows\System\NVVtVWs.exe
  C:\Windows\System\NVVtVWs.exe
  2⤵
  PID:7884
- C:\Windows\System\IbCNEAq.exe
  C:\Windows\System\IbCNEAq.exe
  2⤵
  PID:7924
- C:\Windows\System\AagvnWv.exe
  C:\Windows\System\AagvnWv.exe
  2⤵
  PID:7952
- C:\Windows\System\zHUVVUs.exe
  C:\Windows\System\zHUVVUs.exe
  2⤵
  PID:7968
- C:\Windows\System\XvZEZIM.exe
  C:\Windows\System\XvZEZIM.exe
  2⤵
  PID:7996
- C:\Windows\System\faFDhVJ.exe
  C:\Windows\System\faFDhVJ.exe
  2⤵
  PID:8024
- C:\Windows\System\PgQuDBW.exe
  C:\Windows\System\PgQuDBW.exe
  2⤵
  PID:8052
- C:\Windows\System\lZeKDXd.exe
  C:\Windows\System\lZeKDXd.exe
  2⤵
  PID:8080
- C:\Windows\System\trYQjhh.exe
  C:\Windows\System\trYQjhh.exe
  2⤵
  PID:8108
- C:\Windows\System\dJPhviz.exe
  C:\Windows\System\dJPhviz.exe
  2⤵
  PID:8136
- C:\Windows\System\HGrIxPS.exe
  C:\Windows\System\HGrIxPS.exe
  2⤵
  PID:8176
- C:\Windows\System\ctnizRR.exe
  C:\Windows\System\ctnizRR.exe
  2⤵
  PID:6956
- C:\Windows\System\QKPaMUh.exe
  C:\Windows\System\QKPaMUh.exe
  2⤵
  PID:7064
- C:\Windows\System\NiUpLfi.exe
  C:\Windows\System\NiUpLfi.exe
  2⤵
  PID:5832
- C:\Windows\System\SROKnEJ.exe
  C:\Windows\System\SROKnEJ.exe
  2⤵
  PID:6176
- C:\Windows\System\XEzTiCh.exe
  C:\Windows\System\XEzTiCh.exe
  2⤵
  PID:6532
- C:\Windows\System\HRdLcEX.exe
  C:\Windows\System\HRdLcEX.exe
  2⤵
  PID:7176
- C:\Windows\System\krYpiIU.exe
  C:\Windows\System\krYpiIU.exe
  2⤵
  PID:7232
- C:\Windows\System\JGznkFN.exe
  C:\Windows\System\JGznkFN.exe
  2⤵
  PID:7308
- C:\Windows\System\YYbJhSH.exe
  C:\Windows\System\YYbJhSH.exe
  2⤵
  PID:7364
- C:\Windows\System\TvhcjPa.exe
  C:\Windows\System\TvhcjPa.exe
  2⤵
  PID:7428
- C:\Windows\System\cHXnJsb.exe
  C:\Windows\System\cHXnJsb.exe
  2⤵
  PID:7504
- C:\Windows\System\uDcYoVE.exe
  C:\Windows\System\uDcYoVE.exe
  2⤵
  PID:7564
- C:\Windows\System\IPbmisp.exe
  C:\Windows\System\IPbmisp.exe
  2⤵
  PID:7620
- C:\Windows\System\RlsvSLy.exe
  C:\Windows\System\RlsvSLy.exe
  2⤵
  PID:7680
- C:\Windows\System\CIILurT.exe
  C:\Windows\System\CIILurT.exe
  2⤵
  PID:7756
- C:\Windows\System\PyODkwC.exe
  C:\Windows\System\PyODkwC.exe
  2⤵
  PID:7816
- C:\Windows\System\ByIwMrY.exe
  C:\Windows\System\ByIwMrY.exe
  2⤵
  PID:7876
- C:\Windows\System\MgPpiAM.exe
  C:\Windows\System\MgPpiAM.exe
  2⤵
  PID:7944
- C:\Windows\System\EgCdfUB.exe
  C:\Windows\System\EgCdfUB.exe
  2⤵
  PID:8012
- C:\Windows\System\CSmBSiG.exe
  C:\Windows\System\CSmBSiG.exe
  2⤵
  PID:8072
- C:\Windows\System\IvOYDxp.exe
  C:\Windows\System\IvOYDxp.exe
  2⤵
  PID:8164
- C:\Windows\System\AnJtJPb.exe
  C:\Windows\System\AnJtJPb.exe
  2⤵
  PID:7128
- C:\Windows\System\WtRXrjb.exe
  C:\Windows\System\WtRXrjb.exe
  2⤵
  PID:6324
- C:\Windows\System\ZEnaNPT.exe
  C:\Windows\System\ZEnaNPT.exe
  2⤵
  PID:6788
- C:\Windows\System\lmfVyIo.exe
  C:\Windows\System\lmfVyIo.exe
  2⤵
  PID:7280
- C:\Windows\System\JCZizGe.exe
  C:\Windows\System\JCZizGe.exe
  2⤵
  PID:7420
- C:\Windows\System\RgjBvau.exe
  C:\Windows\System\RgjBvau.exe
  2⤵
  PID:7588
- C:\Windows\System\ccnMQXB.exe
  C:\Windows\System\ccnMQXB.exe
  2⤵
  PID:2640
- C:\Windows\System\uLCnGqw.exe
  C:\Windows\System\uLCnGqw.exe
  2⤵
  PID:8196
- C:\Windows\System\tqKqVPA.exe
  C:\Windows\System\tqKqVPA.exe
  2⤵
  PID:8224
- C:\Windows\System\ISBfrMX.exe
  C:\Windows\System\ISBfrMX.exe
  2⤵
  PID:8252
- C:\Windows\System\gnumNOC.exe
  C:\Windows\System\gnumNOC.exe
  2⤵
  PID:8268
- C:\Windows\System\bBxEdoX.exe
  C:\Windows\System\bBxEdoX.exe
  2⤵
  PID:8296
- C:\Windows\System\NmQgaOp.exe
  C:\Windows\System\NmQgaOp.exe
  2⤵
  PID:8324
- C:\Windows\System\wUDwPEq.exe
  C:\Windows\System\wUDwPEq.exe
  2⤵
  PID:8352
- C:\Windows\System\taCgbuW.exe
  C:\Windows\System\taCgbuW.exe
  2⤵
  PID:8380
- C:\Windows\System\QzDmrDB.exe
  C:\Windows\System\QzDmrDB.exe
  2⤵
  PID:8408
- C:\Windows\System\VJySogy.exe
  C:\Windows\System\VJySogy.exe
  2⤵
  PID:8448
- C:\Windows\System\xlailfz.exe
  C:\Windows\System\xlailfz.exe
  2⤵
  PID:8476
- C:\Windows\System\zajnsjl.exe
  C:\Windows\System\zajnsjl.exe
  2⤵
  PID:8504
- C:\Windows\System\QWKGFZn.exe
  C:\Windows\System\QWKGFZn.exe
  2⤵
  PID:8520
- C:\Windows\System\eTVmKeN.exe
  C:\Windows\System\eTVmKeN.exe
  2⤵
  PID:8548
- C:\Windows\System\VGlTXXb.exe
  C:\Windows\System\VGlTXXb.exe
  2⤵
  PID:8588
- C:\Windows\System\ThGTnHc.exe
  C:\Windows\System\ThGTnHc.exe
  2⤵
  PID:8616
- C:\Windows\System\cpuJdaa.exe
  C:\Windows\System\cpuJdaa.exe
  2⤵
  PID:8632
- C:\Windows\System\dpQDWyd.exe
  C:\Windows\System\dpQDWyd.exe
  2⤵
  PID:8660
- C:\Windows\System\BoVbaQN.exe
  C:\Windows\System\BoVbaQN.exe
  2⤵
  PID:8688
- C:\Windows\System\keewaaC.exe
  C:\Windows\System\keewaaC.exe
  2⤵
  PID:8728
- C:\Windows\System\gqyMffQ.exe
  C:\Windows\System\gqyMffQ.exe
  2⤵
  PID:8780
- C:\Windows\System\DNTAURq.exe
  C:\Windows\System\DNTAURq.exe
  2⤵
  PID:8796
- C:\Windows\System\UsgHZDP.exe
  C:\Windows\System\UsgHZDP.exe
  2⤵
  PID:8812
- C:\Windows\System\HuhfabF.exe
  C:\Windows\System\HuhfabF.exe
  2⤵
  PID:8840
- C:\Windows\System\KRHdeIc.exe
  C:\Windows\System\KRHdeIc.exe
  2⤵
  PID:8868
- C:\Windows\System\mxBtOLU.exe
  C:\Windows\System\mxBtOLU.exe
  2⤵
  PID:8896
- C:\Windows\System\axCpvwN.exe
  C:\Windows\System\axCpvwN.exe
  2⤵
  PID:8924
- C:\Windows\System\QzwKXpi.exe
  C:\Windows\System\QzwKXpi.exe
  2⤵
  PID:8952
- C:\Windows\System\yJJhUIW.exe
  C:\Windows\System\yJJhUIW.exe
  2⤵
  PID:8980
- C:\Windows\System\vAfiFnX.exe
  C:\Windows\System\vAfiFnX.exe
  2⤵
  PID:8996
- C:\Windows\System\VBWpekz.exe
  C:\Windows\System\VBWpekz.exe
  2⤵
  PID:9024
- C:\Windows\System\xBHrEoK.exe
  C:\Windows\System\xBHrEoK.exe
  2⤵
  PID:9052
- C:\Windows\System\tHrZgTr.exe
  C:\Windows\System\tHrZgTr.exe
  2⤵
  PID:9080
- C:\Windows\System\vUBYLQi.exe
  C:\Windows\System\vUBYLQi.exe
  2⤵
  PID:9108
- C:\Windows\System\XHeCUmw.exe
  C:\Windows\System\XHeCUmw.exe
  2⤵
  PID:9136
- C:\Windows\System\tDiwsKk.exe
  C:\Windows\System\tDiwsKk.exe
  2⤵
  PID:9164
- C:\Windows\System\SpmgKHZ.exe
  C:\Windows\System\SpmgKHZ.exe
  2⤵
  PID:9192
- C:\Windows\System\hKJAuWv.exe
  C:\Windows\System\hKJAuWv.exe
  2⤵
  PID:7936
- C:\Windows\System\STEewxD.exe
  C:\Windows\System\STEewxD.exe
  2⤵
  PID:8100
- C:\Windows\System\HTwshJA.exe
  C:\Windows\System\HTwshJA.exe
  2⤵
  PID:3348
- C:\Windows\System\RXkUWXT.exe
  C:\Windows\System\RXkUWXT.exe
  2⤵
  PID:7204
- C:\Windows\System\pkBIVEC.exe
  C:\Windows\System\pkBIVEC.exe
  2⤵
  PID:7712
- C:\Windows\System\VgYbnvZ.exe
  C:\Windows\System\VgYbnvZ.exe
  2⤵
  PID:8212
- C:\Windows\System\FEnuahr.exe
  C:\Windows\System\FEnuahr.exe
  2⤵
  PID:8244
- C:\Windows\System\dqdgUSS.exe
  C:\Windows\System\dqdgUSS.exe
  2⤵
  PID:8312
- C:\Windows\System\bMbUdbQ.exe
  C:\Windows\System\bMbUdbQ.exe
  2⤵
  PID:8372
- C:\Windows\System\RCDlTAW.exe
  C:\Windows\System\RCDlTAW.exe
  2⤵
  PID:8440
- C:\Windows\System\GIupuhx.exe
  C:\Windows\System\GIupuhx.exe
  2⤵
  PID:8496
- C:\Windows\System\oGwfmjV.exe
  C:\Windows\System\oGwfmjV.exe
  2⤵
  PID:8572
- C:\Windows\System\QSDSehz.exe
  C:\Windows\System\QSDSehz.exe
  2⤵
  PID:8652
- C:\Windows\System\VKsAWOX.exe
  C:\Windows\System\VKsAWOX.exe
  2⤵
  PID:8716
- C:\Windows\System\ovkaYrO.exe
  C:\Windows\System\ovkaYrO.exe
  2⤵
  PID:8788
- C:\Windows\System\XljAdUn.exe
  C:\Windows\System\XljAdUn.exe
  2⤵
  PID:8852
- C:\Windows\System\tdCwAwZ.exe
  C:\Windows\System\tdCwAwZ.exe
  2⤵
  PID:8920
- C:\Windows\System\VLyLChE.exe
  C:\Windows\System\VLyLChE.exe
  2⤵
  PID:8968
- C:\Windows\System\xIOWUXg.exe
  C:\Windows\System\xIOWUXg.exe
  2⤵
  PID:9036
- C:\Windows\System\xeeohJE.exe
  C:\Windows\System\xeeohJE.exe
  2⤵
  PID:9072
- C:\Windows\System\QuAFOZr.exe
  C:\Windows\System\QuAFOZr.exe
  2⤵
  PID:9120
- C:\Windows\System\IPKdDcH.exe
  C:\Windows\System\IPKdDcH.exe
  2⤵
  PID:9180
- C:\Windows\System\wnqWQhK.exe
  C:\Windows\System\wnqWQhK.exe
  2⤵
  PID:8044
- C:\Windows\System\mxdlsyt.exe
  C:\Windows\System\mxdlsyt.exe
  2⤵
  PID:7344
- C:\Windows\System\fcpUBMF.exe
  C:\Windows\System\fcpUBMF.exe
  2⤵
  PID:1204
- C:\Windows\System\bVrYcdV.exe
  C:\Windows\System\bVrYcdV.exe
  2⤵
  PID:8280
- C:\Windows\System\mjCfVuB.exe
  C:\Windows\System\mjCfVuB.exe
  2⤵
  PID:8420
- C:\Windows\System\UfGmSRF.exe
  C:\Windows\System\UfGmSRF.exe
  2⤵
  PID:8540
- C:\Windows\System\ggotrPT.exe
  C:\Windows\System\ggotrPT.exe
  2⤵
  PID:4280
- C:\Windows\System\BSmcirf.exe
  C:\Windows\System\BSmcirf.exe
  2⤵
  PID:8860
- C:\Windows\System\qEGFxzZ.exe
  C:\Windows\System\qEGFxzZ.exe
  2⤵
  PID:8992
- C:\Windows\System\DgcbrOD.exe
  C:\Windows\System\DgcbrOD.exe
  2⤵
  PID:548
- C:\Windows\System\qlKYWho.exe
  C:\Windows\System\qlKYWho.exe
  2⤵
  PID:9236
- C:\Windows\System\HaVgqAp.exe
  C:\Windows\System\HaVgqAp.exe
  2⤵
  PID:9264
- C:\Windows\System\kpOJbxf.exe
  C:\Windows\System\kpOJbxf.exe
  2⤵
  PID:9292
- C:\Windows\System\CrJxQIL.exe
  C:\Windows\System\CrJxQIL.exe
  2⤵
  PID:9320
- C:\Windows\System\WviFJoa.exe
  C:\Windows\System\WviFJoa.exe
  2⤵
  PID:9348
- C:\Windows\System\SmerPgi.exe
  C:\Windows\System\SmerPgi.exe
  2⤵
  PID:9376
- C:\Windows\System\udSmGiD.exe
  C:\Windows\System\udSmGiD.exe
  2⤵
  PID:9404
- C:\Windows\System\utCQubs.exe
  C:\Windows\System\utCQubs.exe
  2⤵
  PID:9432
- C:\Windows\System\YyCnDBy.exe
  C:\Windows\System\YyCnDBy.exe
  2⤵
  PID:9460
- C:\Windows\System\hHILdCE.exe
  C:\Windows\System\hHILdCE.exe
  2⤵
  PID:9488
- C:\Windows\System\jVPCJeK.exe
  C:\Windows\System\jVPCJeK.exe
  2⤵
  PID:9516
- C:\Windows\System\OBKHgsu.exe
  C:\Windows\System\OBKHgsu.exe
  2⤵
  PID:9556
- C:\Windows\System\ODQpMuN.exe
  C:\Windows\System\ODQpMuN.exe
  2⤵
  PID:9584
- C:\Windows\System\ScXQozM.exe
  C:\Windows\System\ScXQozM.exe
  2⤵
  PID:9600
- C:\Windows\System\ZShpvGf.exe
  C:\Windows\System\ZShpvGf.exe
  2⤵
  PID:9628
- C:\Windows\System\ZoZkZEg.exe
  C:\Windows\System\ZoZkZEg.exe
  2⤵
  PID:9656
- C:\Windows\System\WmiQIJF.exe
  C:\Windows\System\WmiQIJF.exe
  2⤵
  PID:9684
- C:\Windows\System\OkZsqVQ.exe
  C:\Windows\System\OkZsqVQ.exe
  2⤵
  PID:9712
- C:\Windows\System\DcUHydm.exe
  C:\Windows\System\DcUHydm.exe
  2⤵
  PID:9740
- C:\Windows\System\nEQLkxE.exe
  C:\Windows\System\nEQLkxE.exe
  2⤵
  PID:9764
- C:\Windows\System\RTcTQER.exe
  C:\Windows\System\RTcTQER.exe
  2⤵
  PID:9792
- C:\Windows\System\JvcWIOT.exe
  C:\Windows\System\JvcWIOT.exe
  2⤵
  PID:9824
- C:\Windows\System\FApRZOV.exe
  C:\Windows\System\FApRZOV.exe
  2⤵
  PID:9852
- C:\Windows\System\shIYsEN.exe
  C:\Windows\System\shIYsEN.exe
  2⤵
  PID:9880
- C:\Windows\System\GwuYvEo.exe
  C:\Windows\System\GwuYvEo.exe
  2⤵
  PID:9908
- C:\Windows\System\ewyubSr.exe
  C:\Windows\System\ewyubSr.exe
  2⤵
  PID:9936
- C:\Windows\System\NrtnVLO.exe
  C:\Windows\System\NrtnVLO.exe
  2⤵
  PID:9964
- C:\Windows\System\xMhTvET.exe
  C:\Windows\System\xMhTvET.exe
  2⤵
  PID:9992
- C:\Windows\System\mzdnnez.exe
  C:\Windows\System\mzdnnez.exe
  2⤵
  PID:10020
- C:\Windows\System\CcSgWjA.exe
  C:\Windows\System\CcSgWjA.exe
  2⤵
  PID:10048
- C:\Windows\System\btSKcvp.exe
  C:\Windows\System\btSKcvp.exe
  2⤵
  PID:10076
- C:\Windows\System\GPXsUJG.exe
  C:\Windows\System\GPXsUJG.exe
  2⤵
  PID:10104
- C:\Windows\System\yxzTPmg.exe
  C:\Windows\System\yxzTPmg.exe
  2⤵
  PID:10140
- C:\Windows\System\aWAFdXZ.exe
  C:\Windows\System\aWAFdXZ.exe
  2⤵
  PID:10172
- C:\Windows\System\DTyxLeT.exe
  C:\Windows\System\DTyxLeT.exe
  2⤵
  PID:10188
- C:\Windows\System\HWXKdqn.exe
  C:\Windows\System\HWXKdqn.exe
  2⤵
  PID:10216
- C:\Windows\System\oQZYWcn.exe
  C:\Windows\System\oQZYWcn.exe
  2⤵
  PID:9152
- C:\Windows\System\fFhitwN.exe
  C:\Windows\System\fFhitwN.exe
  2⤵
  PID:7536
- C:\Windows\System\KVgIDOl.exe
  C:\Windows\System\KVgIDOl.exe
  2⤵
  PID:8344
- C:\Windows\System\EmrhnyR.exe
  C:\Windows\System\EmrhnyR.exe
  2⤵
  PID:8644
- C:\Windows\System\KlSWlwU.exe
  C:\Windows\System\KlSWlwU.exe
  2⤵
  PID:8944
- C:\Windows\System\MuGlZnD.exe
  C:\Windows\System\MuGlZnD.exe
  2⤵
  PID:9224
- C:\Windows\System\xGvFQsr.exe
  C:\Windows\System\xGvFQsr.exe
  2⤵
  PID:9276
- C:\Windows\System\krzlXJB.exe
  C:\Windows\System\krzlXJB.exe
  2⤵
  PID:9336
- C:\Windows\System\iQQAWUE.exe
  C:\Windows\System\iQQAWUE.exe
  2⤵
  PID:9416
- C:\Windows\System\czsoHAd.exe
  C:\Windows\System\czsoHAd.exe
  2⤵
  PID:9472
- C:\Windows\System\QTwayDl.exe
  C:\Windows\System\QTwayDl.exe
  2⤵
  PID:9508
- C:\Windows\System\PVeuyOn.exe
  C:\Windows\System\PVeuyOn.exe
  2⤵
  PID:9576
- C:\Windows\System\MRNWIFK.exe
  C:\Windows\System\MRNWIFK.exe
  2⤵
  PID:620
- C:\Windows\System\sfNHBIU.exe
  C:\Windows\System\sfNHBIU.exe
  2⤵
  PID:9620
- C:\Windows\System\WbqCeXM.exe
  C:\Windows\System\WbqCeXM.exe
  2⤵
  PID:1748
- C:\Windows\System\PHAEhDW.exe
  C:\Windows\System\PHAEhDW.exe
  2⤵
  PID:9724
- C:\Windows\System\uKPNgdh.exe
  C:\Windows\System\uKPNgdh.exe
  2⤵
  PID:9760
- C:\Windows\System\PBoAxTP.exe
  C:\Windows\System\PBoAxTP.exe
  2⤵
  PID:9816
- C:\Windows\System\ayRZlUA.exe
  C:\Windows\System\ayRZlUA.exe
  2⤵
  PID:1056
- C:\Windows\System\hiunpIf.exe
  C:\Windows\System\hiunpIf.exe
  2⤵
  PID:9920
- C:\Windows\System\cDyeKnu.exe
  C:\Windows\System\cDyeKnu.exe
  2⤵
  PID:9976
- C:\Windows\System\uHbmBjx.exe
  C:\Windows\System\uHbmBjx.exe
  2⤵
  PID:10036
- C:\Windows\System\NAAEHZK.exe
  C:\Windows\System\NAAEHZK.exe
  2⤵
  PID:10092
- C:\Windows\System\ifaRcIR.exe
  C:\Windows\System\ifaRcIR.exe
  2⤵
  PID:10160
- C:\Windows\System\RIubhMD.exe
  C:\Windows\System\RIubhMD.exe
  2⤵
  PID:7016
- C:\Windows\System\SVEiAfn.exe
  C:\Windows\System\SVEiAfn.exe
  2⤵
  PID:8532
- C:\Windows\System\QJnZGRk.exe
  C:\Windows\System\QJnZGRk.exe
  2⤵
  PID:9220
- C:\Windows\System\CZRkpow.exe
  C:\Windows\System\CZRkpow.exe
  2⤵
  PID:9312
- C:\Windows\System\nAVVsmv.exe
  C:\Windows\System\nAVVsmv.exe
  2⤵
  PID:9444
- C:\Windows\System\EuOjBjS.exe
  C:\Windows\System\EuOjBjS.exe
  2⤵
  PID:9568
- C:\Windows\System\IltVoDF.exe
  C:\Windows\System\IltVoDF.exe
  2⤵
  PID:9648
- C:\Windows\System\oVgdAfV.exe
  C:\Windows\System\oVgdAfV.exe
  2⤵
  PID:2180
- C:\Windows\System\oOlqWsb.exe
  C:\Windows\System\oOlqWsb.exe
  2⤵
  PID:9948
- C:\Windows\System\UnsILBf.exe
  C:\Windows\System\UnsILBf.exe
  2⤵
  PID:10008
- C:\Windows\System\AMOxplY.exe
  C:\Windows\System\AMOxplY.exe
  2⤵
  PID:10156
- C:\Windows\System\PRpVDgG.exe
  C:\Windows\System\PRpVDgG.exe
  2⤵
  PID:8236
- C:\Windows\System\xkTVLlq.exe
  C:\Windows\System\xkTVLlq.exe
  2⤵
  PID:644
- C:\Windows\System\jazQrWh.exe
  C:\Windows\System\jazQrWh.exe
  2⤵
  PID:9612
- C:\Windows\System\tmYiAKo.exe
  C:\Windows\System\tmYiAKo.exe
  2⤵
  PID:10256
- C:\Windows\System\wwLREcR.exe
  C:\Windows\System\wwLREcR.exe
  2⤵
  PID:10284
- C:\Windows\System\MyLOWeV.exe
  C:\Windows\System\MyLOWeV.exe
  2⤵
  PID:10312
- C:\Windows\System\zzOpZzq.exe
  C:\Windows\System\zzOpZzq.exe
  2⤵
  PID:10344
- C:\Windows\System\KaJTCHg.exe
  C:\Windows\System\KaJTCHg.exe
  2⤵
  PID:10372
- C:\Windows\System\tDzgSRo.exe
  C:\Windows\System\tDzgSRo.exe
  2⤵
  PID:10400
- C:\Windows\System\gibJJzs.exe
  C:\Windows\System\gibJJzs.exe
  2⤵
  PID:10428
- C:\Windows\System\KVWjTPj.exe
  C:\Windows\System\KVWjTPj.exe
  2⤵
  PID:10464
- C:\Windows\System\FEViaIF.exe
  C:\Windows\System\FEViaIF.exe
  2⤵
  PID:10496
- C:\Windows\System\MxzhJUI.exe
  C:\Windows\System\MxzhJUI.exe
  2⤵
  PID:10524
- C:\Windows\System\WTGIyhr.exe
  C:\Windows\System\WTGIyhr.exe
  2⤵
  PID:10540
- C:\Windows\System\LoHPvxc.exe
  C:\Windows\System\LoHPvxc.exe
  2⤵
  PID:10568
- C:\Windows\System\ZVvChMb.exe
  C:\Windows\System\ZVvChMb.exe
  2⤵
  PID:10596
- C:\Windows\System\QvDSLkt.exe
  C:\Windows\System\QvDSLkt.exe
  2⤵
  PID:10624
- C:\Windows\System\REOjXGS.exe
  C:\Windows\System\REOjXGS.exe
  2⤵
  PID:10652
- C:\Windows\System\MqWVIRg.exe
  C:\Windows\System\MqWVIRg.exe
  2⤵
  PID:10680
- C:\Windows\System\AjiteBw.exe
  C:\Windows\System\AjiteBw.exe
  2⤵
  PID:10708
- C:\Windows\System\paRTUCn.exe
  C:\Windows\System\paRTUCn.exe
  2⤵
  PID:10736
- C:\Windows\System\QfQpTMi.exe
  C:\Windows\System\QfQpTMi.exe
  2⤵
  PID:10764
- C:\Windows\System\dVjqPOD.exe
  C:\Windows\System\dVjqPOD.exe
  2⤵
  PID:10792
- C:\Windows\System\AWcwPOy.exe
  C:\Windows\System\AWcwPOy.exe
  2⤵
  PID:10820
- C:\Windows\System\ofULvTr.exe
  C:\Windows\System\ofULvTr.exe
  2⤵
  PID:10848
- C:\Windows\System\PkXOevp.exe
  C:\Windows\System\PkXOevp.exe
  2⤵
  PID:10876
- C:\Windows\System\gOWLfRc.exe
  C:\Windows\System\gOWLfRc.exe
  2⤵
  PID:10904
- C:\Windows\System\lYLdlGD.exe
  C:\Windows\System\lYLdlGD.exe
  2⤵
  PID:10932
- C:\Windows\System\pxegZCu.exe
  C:\Windows\System\pxegZCu.exe
  2⤵
  PID:10964
- C:\Windows\System\yabHToU.exe
  C:\Windows\System\yabHToU.exe
  2⤵
  PID:10988
- C:\Windows\System\dhLaSzM.exe
  C:\Windows\System\dhLaSzM.exe
  2⤵
  PID:11016
- C:\Windows\System\umCvxJV.exe
  C:\Windows\System\umCvxJV.exe
  2⤵
  PID:11044
- C:\Windows\System\WnrxeGu.exe
  C:\Windows\System\WnrxeGu.exe
  2⤵
  PID:11072
- C:\Windows\System\RtOsILY.exe
  C:\Windows\System\RtOsILY.exe
  2⤵
  PID:11100
- C:\Windows\System\ScQATSt.exe
  C:\Windows\System\ScQATSt.exe
  2⤵
  PID:11140
- C:\Windows\System\mSnbTnZ.exe
  C:\Windows\System\mSnbTnZ.exe
  2⤵
  PID:11168
- C:\Windows\System\IYLYKIP.exe
  C:\Windows\System\IYLYKIP.exe
  2⤵
  PID:11184
- C:\Windows\System\VgNwbVc.exe
  C:\Windows\System\VgNwbVc.exe
  2⤵
  PID:11208
- C:\Windows\System\znZKyTD.exe
  C:\Windows\System\znZKyTD.exe
  2⤵
  PID:11240
- C:\Windows\System\lvZaGZT.exe
  C:\Windows\System\lvZaGZT.exe
  2⤵
  PID:9752
- C:\Windows\System\yvzywaw.exe
  C:\Windows\System\yvzywaw.exe
  2⤵
  PID:10068
- C:\Windows\System\mVrSvcK.exe
  C:\Windows\System\mVrSvcK.exe
  2⤵
  PID:2824
- C:\Windows\System\BpLdosd.exe
  C:\Windows\System\BpLdosd.exe
  2⤵
  PID:10252
- C:\Windows\System\tndoRLp.exe
  C:\Windows\System\tndoRLp.exe
  2⤵
  PID:10308
- C:\Windows\System\wpXofrz.exe
  C:\Windows\System\wpXofrz.exe
  2⤵
  PID:10384
- C:\Windows\System\ylIfeec.exe
  C:\Windows\System\ylIfeec.exe
  2⤵
  PID:4164
- C:\Windows\System\KyrYyHe.exe
  C:\Windows\System\KyrYyHe.exe
  2⤵
  PID:10480
- C:\Windows\System\xZGmQqZ.exe
  C:\Windows\System\xZGmQqZ.exe
  2⤵
  PID:10612
- C:\Windows\System\CInoONC.exe
  C:\Windows\System\CInoONC.exe
  2⤵
  PID:10644
- C:\Windows\System\yxIyhBn.exe
  C:\Windows\System\yxIyhBn.exe
  2⤵
  PID:10672
- C:\Windows\System\kAunCKO.exe
  C:\Windows\System\kAunCKO.exe
  2⤵
  PID:10864
- C:\Windows\System\qXlLIPY.exe
  C:\Windows\System\qXlLIPY.exe
  2⤵
  PID:10924
- C:\Windows\System\oWoNgOt.exe
  C:\Windows\System\oWoNgOt.exe
  2⤵
  PID:10972
- C:\Windows\System\QxKAvzQ.exe
  C:\Windows\System\QxKAvzQ.exe
  2⤵
  PID:11084
- C:\Windows\System\DvUscIB.exe
  C:\Windows\System\DvUscIB.exe
  2⤵
  PID:11176
- C:\Windows\System\hGBlCEu.exe
  C:\Windows\System\hGBlCEu.exe
  2⤵
  PID:1200
- C:\Windows\System\LztBMWH.exe
  C:\Windows\System\LztBMWH.exe
  2⤵
  PID:2312
- C:\Windows\System\EzBeoAN.exe
  C:\Windows\System\EzBeoAN.exe
  2⤵
  PID:3216
- C:\Windows\System\WbKIhbP.exe
  C:\Windows\System\WbKIhbP.exe
  2⤵
  PID:4996
- C:\Windows\System\TzMQUVQ.exe
  C:\Windows\System\TzMQUVQ.exe
  2⤵
  PID:1644
- C:\Windows\System\fghOlYW.exe
  C:\Windows\System\fghOlYW.exe
  2⤵
  PID:3732
- C:\Windows\System\JWXuncR.exe
  C:\Windows\System\JWXuncR.exe
  2⤵
  PID:4252
- C:\Windows\System\VHqqZdY.exe
  C:\Windows\System\VHqqZdY.exe
  2⤵
  PID:4880
- C:\Windows\System\reqYPDo.exe
  C:\Windows\System\reqYPDo.exe
  2⤵
  PID:1224
- C:\Windows\System\FfPMYuB.exe
  C:\Windows\System\FfPMYuB.exe
  2⤵
  PID:2196
- C:\Windows\System\TyirMqK.exe
  C:\Windows\System\TyirMqK.exe
  2⤵
  PID:3236
- C:\Windows\System\IjJxtRM.exe
  C:\Windows\System\IjJxtRM.exe
  2⤵
  PID:1028
- C:\Windows\System\sJUWiBn.exe
  C:\Windows\System\sJUWiBn.exe
  2⤵
  PID:3928
- C:\Windows\System\WDNcHaz.exe
  C:\Windows\System\WDNcHaz.exe
  2⤵
  PID:2880
- C:\Windows\System\hnGJgiT.exe
  C:\Windows\System\hnGJgiT.exe
  2⤵
  PID:3596
- C:\Windows\System\sNGbPlo.exe
  C:\Windows\System\sNGbPlo.exe
  2⤵
  PID:944
- C:\Windows\System\LemqTaf.exe
  C:\Windows\System\LemqTaf.exe
  2⤵
  PID:3812
- C:\Windows\System\GkQSYSe.exe
  C:\Windows\System\GkQSYSe.exe
  2⤵
  PID:4676
- C:\Windows\System\eNZvhHF.exe
  C:\Windows\System\eNZvhHF.exe
  2⤵
  PID:10948
- C:\Windows\System\UTeZFAD.exe
  C:\Windows\System\UTeZFAD.exe
  2⤵
  PID:5032
- C:\Windows\System\GJJzeFg.exe
  C:\Windows\System\GJJzeFg.exe
  2⤵
  PID:1452
- C:\Windows\System\mfCcwsT.exe
  C:\Windows\System\mfCcwsT.exe
  2⤵
  PID:3684
- C:\Windows\System\NMHnspP.exe
  C:\Windows\System\NMHnspP.exe
  2⤵
  PID:10508
- C:\Windows\System\yanpZeZ.exe
  C:\Windows\System\yanpZeZ.exe
  2⤵
  PID:448
- C:\Windows\System\CNqmDMj.exe
  C:\Windows\System\CNqmDMj.exe
  2⤵
  PID:2100
- C:\Windows\System\WqhWajD.exe
  C:\Windows\System\WqhWajD.exe
  2⤵
  PID:452
- C:\Windows\System\BcHKtau.exe
  C:\Windows\System\BcHKtau.exe
  2⤵
  PID:4556
- C:\Windows\System\txAsZep.exe
  C:\Windows\System\txAsZep.exe
  2⤵
  PID:1388
- C:\Windows\System\wwDCYTL.exe
  C:\Windows\System\wwDCYTL.exe
  2⤵
  PID:4072
- C:\Windows\System\hXJTnjC.exe
  C:\Windows\System\hXJTnjC.exe
  2⤵
  PID:3292
- C:\Windows\System\lJeFzJG.exe
  C:\Windows\System\lJeFzJG.exe
  2⤵
  PID:2156
- C:\Windows\System\otFlGqV.exe
  C:\Windows\System\otFlGqV.exe
  2⤵
  PID:4572
- C:\Windows\System\iqOazPx.exe
  C:\Windows\System\iqOazPx.exe
  2⤵
  PID:3532
- C:\Windows\System\wcIpBdK.exe
  C:\Windows\System\wcIpBdK.exe
  2⤵
  PID:2232
- C:\Windows\System\xegCPWE.exe
  C:\Windows\System\xegCPWE.exe
  2⤵
  PID:5056
- C:\Windows\System\LogwYWs.exe
  C:\Windows\System\LogwYWs.exe
  2⤵
  PID:11272
- C:\Windows\System\AffXHVV.exe
  C:\Windows\System\AffXHVV.exe
  2⤵
  PID:11288
- C:\Windows\System\QPTHQXV.exe
  C:\Windows\System\QPTHQXV.exe
  2⤵
  PID:11328
- C:\Windows\System\RSlMUHD.exe
  C:\Windows\System\RSlMUHD.exe
  2⤵
  PID:11384
- C:\Windows\System\uxmmBrX.exe
  C:\Windows\System\uxmmBrX.exe
  2⤵
  PID:11428
- C:\Windows\System\vSyjSBV.exe
  C:\Windows\System\vSyjSBV.exe
  2⤵
  PID:11464
- C:\Windows\System\xdvIGJs.exe
  C:\Windows\System\xdvIGJs.exe
  2⤵
  PID:11488
- C:\Windows\System\ZNPaMzn.exe
  C:\Windows\System\ZNPaMzn.exe
  2⤵
  PID:11524
- C:\Windows\System\hTdqFpU.exe
  C:\Windows\System\hTdqFpU.exe
  2⤵
  PID:11556
- C:\Windows\System\ZIifZGF.exe
  C:\Windows\System\ZIifZGF.exe
  2⤵
  PID:11588
- C:\Windows\System\QlzzAQp.exe
  C:\Windows\System\QlzzAQp.exe
  2⤵
  PID:11620
- C:\Windows\System\zKBnHrI.exe
  C:\Windows\System\zKBnHrI.exe
  2⤵
  PID:11648
- C:\Windows\System\ioUcUQs.exe
  C:\Windows\System\ioUcUQs.exe
  2⤵
  PID:11676
- C:\Windows\System\ODnvohQ.exe
  C:\Windows\System\ODnvohQ.exe
  2⤵
  PID:11704
- C:\Windows\System\SiAuWri.exe
  C:\Windows\System\SiAuWri.exe
  2⤵
  PID:11736
- C:\Windows\System\gwNuYYB.exe
  C:\Windows\System\gwNuYYB.exe
  2⤵
  PID:11772
- C:\Windows\System\sUlzIHE.exe
  C:\Windows\System\sUlzIHE.exe
  2⤵
  PID:11800
- C:\Windows\System\rFqMXKC.exe
  C:\Windows\System\rFqMXKC.exe
  2⤵
  PID:11828
- C:\Windows\System\VGjBrUP.exe
  C:\Windows\System\VGjBrUP.exe
  2⤵
  PID:11856
- C:\Windows\System\wtVkkSM.exe
  C:\Windows\System\wtVkkSM.exe
  2⤵
  PID:11892
- C:\Windows\System\xLYcUdw.exe
  C:\Windows\System\xLYcUdw.exe
  2⤵
  PID:11920
- C:\Windows\System\gXEDtca.exe
  C:\Windows\System\gXEDtca.exe
  2⤵
  PID:11948
- C:\Windows\System\NkabAWS.exe
  C:\Windows\System\NkabAWS.exe
  2⤵
  PID:11980
- C:\Windows\System\bqktHAW.exe
  C:\Windows\System\bqktHAW.exe
  2⤵
  PID:12008
- C:\Windows\System\oVwzvfV.exe
  C:\Windows\System\oVwzvfV.exe
  2⤵
  PID:12048
- C:\Windows\System\GzROStX.exe
  C:\Windows\System\GzROStX.exe
  2⤵
  PID:12076
- C:\Windows\System\bJHZWxv.exe
  C:\Windows\System\bJHZWxv.exe
  2⤵
  PID:12092
- C:\Windows\System\VkKXuzX.exe
  C:\Windows\System\VkKXuzX.exe
  2⤵
  PID:12136
- C:\Windows\System\gqlbSIv.exe
  C:\Windows\System\gqlbSIv.exe
  2⤵
  PID:12164
- C:\Windows\System\vzkOsBD.exe
  C:\Windows\System\vzkOsBD.exe
  2⤵
  PID:12200
- C:\Windows\System\aHJsjHa.exe
  C:\Windows\System\aHJsjHa.exe
  2⤵
  PID:12228
- C:\Windows\System\BlfQiIG.exe
  C:\Windows\System\BlfQiIG.exe
  2⤵
  PID:12256
- C:\Windows\System\nidkYqe.exe
  C:\Windows\System\nidkYqe.exe
  2⤵
  PID:12284
- C:\Windows\System\cnOVgKI.exe
  C:\Windows\System\cnOVgKI.exe
  2⤵
  PID:11300
- C:\Windows\System\NKOzFXy.exe
  C:\Windows\System\NKOzFXy.exe
  2⤵
  PID:11368
- C:\Windows\System\XphUkHZ.exe
  C:\Windows\System\XphUkHZ.exe
  2⤵
  PID:948
- C:\Windows\System\LXKVZCQ.exe
  C:\Windows\System\LXKVZCQ.exe
  2⤵
  PID:11544
- C:\Windows\System\mIBlLSv.exe
  C:\Windows\System\mIBlLSv.exe
  2⤵
  PID:3056
- C:\Windows\System\iWgiazy.exe
  C:\Windows\System\iWgiazy.exe
  2⤵
  PID:11644
- C:\Windows\System\gsqGUKQ.exe
  C:\Windows\System\gsqGUKQ.exe
  2⤵
  PID:11716
- C:\Windows\System\qRNAgPL.exe
  C:\Windows\System\qRNAgPL.exe
  2⤵
  PID:11792
- C:\Windows\System\mqKshwI.exe
  C:\Windows\System\mqKshwI.exe
  2⤵
  PID:11852
- C:\Windows\System\JqpkLuE.exe
  C:\Windows\System\JqpkLuE.exe
  2⤵
  PID:11912
- C:\Windows\System\PdXnHli.exe
  C:\Windows\System\PdXnHli.exe
  2⤵
  PID:12000
- C:\Windows\System\tbHpQxA.exe
  C:\Windows\System\tbHpQxA.exe
  2⤵
  PID:12084
- C:\Windows\System\YxBtWrW.exe
  C:\Windows\System\YxBtWrW.exe
  2⤵
  PID:12160
- C:\Windows\System\SWomKKt.exe
  C:\Windows\System\SWomKKt.exe
  2⤵
  PID:12240
- C:\Windows\System\sRLlXsS.exe
  C:\Windows\System\sRLlXsS.exe
  2⤵
  PID:2844
- C:\Windows\System\xnRyehU.exe
  C:\Windows\System\xnRyehU.exe
  2⤵
  PID:11460
- C:\Windows\System\QgBbfLA.exe
  C:\Windows\System\QgBbfLA.exe
  2⤵
  PID:11616
- C:\Windows\System\LjHnqiY.exe
  C:\Windows\System\LjHnqiY.exe
  2⤵
  PID:11748
- C:\Windows\System\mfLdGhk.exe
  C:\Windows\System\mfLdGhk.exe
  2⤵
  PID:3460
- C:\Windows\System\FrfospY.exe
  C:\Windows\System\FrfospY.exe
  2⤵
  PID:12064
- C:\Windows\System\rFqIPiv.exe
  C:\Windows\System\rFqIPiv.exe
  2⤵
  PID:12220
- C:\Windows\System\uTOwWSC.exe
  C:\Windows\System\uTOwWSC.exe
  2⤵
  PID:4476
- C:\Windows\System\NgVaVAJ.exe
  C:\Windows\System\NgVaVAJ.exe
  2⤵
  PID:11700
- C:\Windows\System\kVKgqoo.exe
  C:\Windows\System\kVKgqoo.exe
  2⤵
  PID:12068
- C:\Windows\System\PLGCSgG.exe
  C:\Windows\System\PLGCSgG.exe
  2⤵
  PID:11572
- C:\Windows\System\JTjgIAQ.exe
  C:\Windows\System\JTjgIAQ.exe
  2⤵
  PID:2448
- C:\Windows\System\PZHfcPv.exe
  C:\Windows\System\PZHfcPv.exe
  2⤵
  PID:11444
- C:\Windows\System\jNoIvwa.exe
  C:\Windows\System\jNoIvwa.exe
  2⤵
  PID:12308
- C:\Windows\System\Jrihqhc.exe
  C:\Windows\System\Jrihqhc.exe
  2⤵
  PID:12336
- C:\Windows\System\aHnRgGj.exe
  C:\Windows\System\aHnRgGj.exe
  2⤵
  PID:12380
- C:\Windows\System\WAeOfTC.exe
  C:\Windows\System\WAeOfTC.exe
  2⤵
  PID:12408
- C:\Windows\System\ZMRnWax.exe
  C:\Windows\System\ZMRnWax.exe
  2⤵
  PID:12480
- C:\Windows\System\afnESBg.exe
  C:\Windows\System\afnESBg.exe
  2⤵
  PID:12524
- C:\Windows\System\WBBTRDC.exe
  C:\Windows\System\WBBTRDC.exe
  2⤵
  PID:12552
- C:\Windows\System\HniUhuX.exe
  C:\Windows\System\HniUhuX.exe
  2⤵
  PID:12572
- C:\Windows\System\ANCTyqA.exe
  C:\Windows\System\ANCTyqA.exe
  2⤵
  PID:12596
- C:\Windows\System\oWfYhzQ.exe
  C:\Windows\System\oWfYhzQ.exe
  2⤵
  PID:12624
- C:\Windows\System\DZVdJsr.exe
  C:\Windows\System\DZVdJsr.exe
  2⤵
  PID:12664
- C:\Windows\System\FYmGbmZ.exe
  C:\Windows\System\FYmGbmZ.exe
  2⤵
  PID:12692
- C:\Windows\System\rEJCQIk.exe
  C:\Windows\System\rEJCQIk.exe
  2⤵
  PID:12720
- C:\Windows\System\aXUSQRK.exe
  C:\Windows\System\aXUSQRK.exe
  2⤵
  PID:12748
- C:\Windows\System\ESVXwXB.exe
  C:\Windows\System\ESVXwXB.exe
  2⤵
  PID:12776
- C:\Windows\System\HFEYnUt.exe
  C:\Windows\System\HFEYnUt.exe
  2⤵
  PID:12792
- C:\Windows\System\JwnOnvA.exe
  C:\Windows\System\JwnOnvA.exe
  2⤵
  PID:12820
- C:\Windows\System\bKmcZbR.exe
  C:\Windows\System\bKmcZbR.exe
  2⤵
  PID:12860
- C:\Windows\System\tQgngLx.exe
  C:\Windows\System\tQgngLx.exe
  2⤵
  PID:12896
- C:\Windows\System\TXUyeyT.exe
  C:\Windows\System\TXUyeyT.exe
  2⤵
  PID:12956
- C:\Windows\System\uFhHXdX.exe
  C:\Windows\System\uFhHXdX.exe
  2⤵
  PID:12988
- C:\Windows\System\OlYEViR.exe
  C:\Windows\System\OlYEViR.exe
  2⤵
  PID:13004
- C:\Windows\System\bDBjtfC.exe
  C:\Windows\System\bDBjtfC.exe
  2⤵
  PID:13068
- C:\Windows\System\kWlPvaR.exe
  C:\Windows\System\kWlPvaR.exe
  2⤵
  PID:13116
- C:\Windows\System\rkRxhAt.exe
  C:\Windows\System\rkRxhAt.exe
  2⤵
  PID:13176
- C:\Windows\System\HJWpVdZ.exe
  C:\Windows\System\HJWpVdZ.exe
  2⤵
  PID:13204
- C:\Windows\System\WKstFzX.exe
  C:\Windows\System\WKstFzX.exe
  2⤵
  PID:13232
- C:\Windows\System\tkNqKgl.exe
  C:\Windows\System\tkNqKgl.exe
  2⤵
  PID:13260
- C:\Windows\System\OFttNpc.exe
  C:\Windows\System\OFttNpc.exe
  2⤵
  PID:13288
- C:\Windows\System\vVcPPGA.exe
  C:\Windows\System\vVcPPGA.exe
  2⤵
  PID:12300
- C:\Windows\System\hzrSutM.exe
  C:\Windows\System\hzrSutM.exe
  2⤵
  PID:12364
- C:\Windows\System\pldtAma.exe
  C:\Windows\System\pldtAma.exe
  2⤵
  PID:5176
- C:\Windows\System\VHHXCss.exe
  C:\Windows\System\VHHXCss.exe
  2⤵
  PID:12540
- C:\Windows\System\OThcboL.exe
  C:\Windows\System\OThcboL.exe
  2⤵
  PID:12612
- C:\Windows\System\MxnBmkH.exe
  C:\Windows\System\MxnBmkH.exe
  2⤵
  PID:12688
- C:\Windows\System\XbCbSOG.exe
  C:\Windows\System\XbCbSOG.exe
  2⤵
  PID:12772
- C:\Windows\System\Cyjvkoq.exe
  C:\Windows\System\Cyjvkoq.exe
  2⤵
  PID:12808
- C:\Windows\System\DUrVlXp.exe
  C:\Windows\System\DUrVlXp.exe
  2⤵
  PID:12892
- C:\Windows\System\kXxJbLd.exe
  C:\Windows\System\kXxJbLd.exe
  2⤵
  PID:11260
- C:\Windows\System\AVVZKNF.exe
  C:\Windows\System\AVVZKNF.exe
  2⤵
  PID:12952
- C:\Windows\System\xvroPlj.exe
  C:\Windows\System\xvroPlj.exe
  2⤵
  PID:13000
- C:\Windows\System\pugdlXS.exe
  C:\Windows\System\pugdlXS.exe
  2⤵
  PID:13108
- C:\Windows\System\xTIHbon.exe
  C:\Windows\System\xTIHbon.exe
  2⤵
  PID:13188
- C:\Windows\System\epDZWfe.exe
  C:\Windows\System\epDZWfe.exe
  2⤵
  PID:5860
- C:\Windows\System\vZZWGqU.exe
  C:\Windows\System\vZZWGqU.exe
  2⤵
  PID:13300
- C:\Windows\System\ukIgzGJ.exe
  C:\Windows\System\ukIgzGJ.exe
  2⤵
  PID:12432
- C:\Windows\System\nppYuDI.exe
  C:\Windows\System\nppYuDI.exe
  2⤵
  PID:12592
- C:\Windows\System\UlQYNQe.exe
  C:\Windows\System\UlQYNQe.exe
  2⤵
  PID:12804
- C:\Windows\System\uZZkjmo.exe
  C:\Windows\System\uZZkjmo.exe
  2⤵
  PID:11004
- C:\Windows\System\FsBwolU.exe
  C:\Windows\System\FsBwolU.exe
  2⤵
  PID:12996
- C:\Windows\System\guwxAqN.exe
  C:\Windows\System\guwxAqN.exe
  2⤵
  PID:13228
- C:\Windows\System\TQPsXnC.exe
  C:\Windows\System\TQPsXnC.exe
  2⤵
  PID:12404
- C:\Windows\System\jhXhUlq.exe
  C:\Windows\System\jhXhUlq.exe
  2⤵
  PID:12844
- C:\Windows\System\RpXyvIC.exe
  C:\Windows\System\RpXyvIC.exe
  2⤵
  PID:12908
- C:\Windows\System\xYtwdhx.exe
  C:\Windows\System\xYtwdhx.exe
  2⤵
  PID:11008
- C:\Windows\System\OLySpJx.exe
  C:\Windows\System\OLySpJx.exe
  2⤵
  PID:12744
- C:\Windows\System\crWPGJz.exe
  C:\Windows\System\crWPGJz.exe
  2⤵
  PID:13356
- C:\Windows\System\kBceedq.exe
  C:\Windows\System\kBceedq.exe
  2⤵
  PID:13388
- C:\Windows\System\hJWiNJO.exe
  C:\Windows\System\hJWiNJO.exe
  2⤵
  PID:13420
- C:\Windows\System\QzAPMIr.exe
  C:\Windows\System\QzAPMIr.exe
  2⤵
  PID:13448
- C:\Windows\System\pMiUMdE.exe
  C:\Windows\System\pMiUMdE.exe
  2⤵
  PID:13480
- C:\Windows\System\XYtMrGL.exe
  C:\Windows\System\XYtMrGL.exe
  2⤵
  PID:13508
- C:\Windows\System\uQphjcR.exe
  C:\Windows\System\uQphjcR.exe
  2⤵
  PID:13532
- C:\Windows\System\bKzpgDh.exe
  C:\Windows\System\bKzpgDh.exe
  2⤵
  PID:13564
- C:\Windows\System\iFBcvEX.exe
  C:\Windows\System\iFBcvEX.exe
  2⤵
  PID:13592
- C:\Windows\System\nbjNzcN.exe
  C:\Windows\System\nbjNzcN.exe
  2⤵
  PID:13620
- C:\Windows\System\zjhAjjg.exe
  C:\Windows\System\zjhAjjg.exe
  2⤵
  PID:13648
- C:\Windows\System\EKVvchE.exe
  C:\Windows\System\EKVvchE.exe
  2⤵
  PID:13676
- C:\Windows\System\OtAFrHM.exe
  C:\Windows\System\OtAFrHM.exe
  2⤵
  PID:13704
- C:\Windows\System\vNZvELo.exe
  C:\Windows\System\vNZvELo.exe
  2⤵
  PID:13732
- C:\Windows\System\tCYDHwX.exe
  C:\Windows\System\tCYDHwX.exe
  2⤵
  PID:13760
- C:\Windows\System\LOmeOsQ.exe
  C:\Windows\System\LOmeOsQ.exe
  2⤵
  PID:13788
- C:\Windows\System\ixYoipl.exe
  C:\Windows\System\ixYoipl.exe
  2⤵
  PID:13816
- C:\Windows\System\pFgZeOR.exe
  C:\Windows\System\pFgZeOR.exe
  2⤵
  PID:13844
- C:\Windows\System\rPblleT.exe
  C:\Windows\System\rPblleT.exe
  2⤵
  PID:13868
- C:\Windows\System\UbFNwFe.exe
  C:\Windows\System\UbFNwFe.exe
  2⤵
  PID:13900
- C:\Windows\System\SXBhiOO.exe
  C:\Windows\System\SXBhiOO.exe
  2⤵
  PID:13928
- C:\Windows\System\dUGQTbt.exe
  C:\Windows\System\dUGQTbt.exe
  2⤵
  PID:13964
- C:\Windows\System\hysfGqd.exe
  C:\Windows\System\hysfGqd.exe
  2⤵
  PID:13992
- C:\Windows\System\ouyIchT.exe
  C:\Windows\System\ouyIchT.exe
  2⤵
  PID:14020
- C:\Windows\System\wzAFZvL.exe
  C:\Windows\System\wzAFZvL.exe
  2⤵
  PID:14056
- C:\Windows\System\NVeqzSE.exe
  C:\Windows\System\NVeqzSE.exe
  2⤵
  PID:14096
- C:\Windows\System\WmncKju.exe
  C:\Windows\System\WmncKju.exe
  2⤵
  PID:14156
- C:\Windows\System\dmgXTCp.exe
  C:\Windows\System\dmgXTCp.exe
  2⤵
  PID:14172
- C:\Windows\System\xUpRzYg.exe
  C:\Windows\System\xUpRzYg.exe
  2⤵
  PID:14200
- C:\Windows\System\kbcekUa.exe
  C:\Windows\System\kbcekUa.exe
  2⤵
  PID:14232
- C:\Windows\System\ZHThdPp.exe
  C:\Windows\System\ZHThdPp.exe
  2⤵
  PID:14260
- C:\Windows\System\TSTtNxE.exe
  C:\Windows\System\TSTtNxE.exe
  2⤵
  PID:14288
- C:\Windows\System\nAArgJy.exe
  C:\Windows\System\nAArgJy.exe
  2⤵
  PID:14320
- C:\Windows\System\SqLTuTo.exe
  C:\Windows\System\SqLTuTo.exe
  2⤵
  PID:13368
- C:\Windows\System\mpuSHbt.exe
  C:\Windows\System\mpuSHbt.exe
  2⤵
  PID:13440
- C:\Windows\System\jFrDPSD.exe
  C:\Windows\System\jFrDPSD.exe
  2⤵
  PID:13520
- C:\Windows\System\qaBlGGh.exe
  C:\Windows\System\qaBlGGh.exe
  2⤵
  PID:13584
- C:\Windows\System\rMOipnR.exe
  C:\Windows\System\rMOipnR.exe
  2⤵
  PID:5064
- C:\Windows\System\ndFgcIx.exe
  C:\Windows\System\ndFgcIx.exe
  2⤵
  PID:13644
- C:\Windows\System\yfPKDUD.exe
  C:\Windows\System\yfPKDUD.exe
  2⤵
  PID:13716
- C:\Windows\System\rdCkhnU.exe
  C:\Windows\System\rdCkhnU.exe
  2⤵
  PID:13780
- C:\Windows\System\kCaiKhG.exe
  C:\Windows\System\kCaiKhG.exe
  2⤵
  PID:13860
- C:\Windows\System\zQhdhZl.exe
  C:\Windows\System\zQhdhZl.exe
  2⤵
  PID:13896
- C:\Windows\System\EFNPJFt.exe
  C:\Windows\System\EFNPJFt.exe
  2⤵
  PID:13976
- C:\Windows\System\nMVEEWb.exe
  C:\Windows\System\nMVEEWb.exe
  2⤵
  PID:6392
- C:\Windows\System\wDechon.exe
  C:\Windows\System\wDechon.exe
  2⤵
  PID:14072
- C:\Windows\System\DNEEfdv.exe
  C:\Windows\System\DNEEfdv.exe
  2⤵
  PID:6488
- C:\Windows\System\bGVtPsP.exe
  C:\Windows\System\bGVtPsP.exe
  2⤵
  PID:14212
- C:\Windows\System\XmZbnGF.exe
  C:\Windows\System\XmZbnGF.exe
  2⤵
  PID:14280
- C:\Windows\System\QIMXRlX.exe
  C:\Windows\System\QIMXRlX.exe
  2⤵
  PID:13344
- C:\Windows\System\OWjOhka.exe
  C:\Windows\System\OWjOhka.exe
  2⤵
  PID:5912
- C:\Windows\System\AKtSGJn.exe
  C:\Windows\System\AKtSGJn.exe
  2⤵
  PID:5060
- C:\Windows\System\FjQGwwm.exe
  C:\Windows\System\FjQGwwm.exe
  2⤵
  PID:13700
- C:\Windows\System\RgRPGII.exe
  C:\Windows\System\RgRPGII.exe
  2⤵
  PID:13828
- C:\Windows\System\VHXdXFg.exe
  C:\Windows\System\VHXdXFg.exe
  2⤵
  PID:7120
- C:\Windows\System\frrXAyv.exe
  C:\Windows\System\frrXAyv.exe
  2⤵
  PID:14048
- C:\Windows\System\YyobTlv.exe
  C:\Windows\System\YyobTlv.exe
  2⤵
  PID:14192
- C:\Windows\System\iTRZbhF.exe
  C:\Windows\System\iTRZbhF.exe
  2⤵
  PID:14332
- C:\Windows\System\AYCfGlG.exe
  C:\Windows\System\AYCfGlG.exe
  2⤵
  PID:13672
- C:\Windows\System\KOMIVkg.exe
  C:\Windows\System\KOMIVkg.exe
  2⤵
  PID:6964
- C:\Windows\System\YBMnKZB.exe
  C:\Windows\System\YBMnKZB.exe
  2⤵
  PID:13988
- C:\Windows\System\YHNjMUJ.exe
  C:\Windows\System\YHNjMUJ.exe
  2⤵
  PID:13468
- C:\Windows\System\WccgmvV.exe
  C:\Windows\System\WccgmvV.exe
  2⤵
  PID:13772
- C:\Windows\System\XhsxrEE.exe
  C:\Windows\System\XhsxrEE.exe
  2⤵
  PID:3764
- C:\Windows\System\DrZDmvp.exe
  C:\Windows\System\DrZDmvp.exe
  2⤵
  PID:13960
- C:\Windows\System\pEeEmCB.exe
  C:\Windows\System\pEeEmCB.exe
  2⤵
  PID:14344
- C:\Windows\System\lJZtNDq.exe
  C:\Windows\System\lJZtNDq.exe
  2⤵
  PID:14436
- C:\Windows\System\IlkxMRR.exe
  C:\Windows\System\IlkxMRR.exe
  2⤵
  PID:14464
- C:\Windows\System\AQqWhel.exe
  C:\Windows\System\AQqWhel.exe
  2⤵
  PID:14492
- C:\Windows\System\eyHlBel.exe
  C:\Windows\System\eyHlBel.exe
  2⤵
  PID:14524
- C:\Windows\System\mgdPppB.exe
  C:\Windows\System\mgdPppB.exe
  2⤵
  PID:14588
- C:\Windows\System\alfhBsk.exe
  C:\Windows\System\alfhBsk.exe
  2⤵
  PID:14616
- C:\Windows\System\KMWNcVW.exe
  C:\Windows\System\KMWNcVW.exe
  2⤵
  PID:14640
- C:\Windows\System\dSJCWlq.exe
  C:\Windows\System\dSJCWlq.exe
  2⤵
  PID:14668
- C:\Windows\System\ZNbBKjK.exe
  C:\Windows\System\ZNbBKjK.exe
  2⤵
  PID:14692
- C:\Windows\System\NgCRAdk.exe
  C:\Windows\System\NgCRAdk.exe
  2⤵
  PID:14752
- C:\Windows\System\QsvalnH.exe
  C:\Windows\System\QsvalnH.exe
  2⤵
  PID:14844
- C:\Windows\System\JxvVPOA.exe
  C:\Windows\System\JxvVPOA.exe
  2⤵
  PID:14864
- C:\Windows\System\Mrgwwin.exe
  C:\Windows\System\Mrgwwin.exe
  2⤵
  PID:14956
- C:\Windows\System\huxLQLC.exe
  C:\Windows\System\huxLQLC.exe
  2⤵
  PID:14976
- C:\Windows\System\YEmyDiQ.exe
  C:\Windows\System\YEmyDiQ.exe
  2⤵
  PID:14992
- C:\Windows\System\OVvfRne.exe
  C:\Windows\System\OVvfRne.exe
  2⤵
  PID:15020
- C:\Windows\System\RvIcxkE.exe
  C:\Windows\System\RvIcxkE.exe
  2⤵
  PID:15064
- C:\Windows\System\cyWmPvP.exe
  C:\Windows\System\cyWmPvP.exe
  2⤵
  PID:15084
- C:\Windows\System\IHATtnE.exe
  C:\Windows\System\IHATtnE.exe
  2⤵
  PID:15180
- C:\Windows\System\enTtuNM.exe
  C:\Windows\System\enTtuNM.exe
  2⤵
  PID:15260
- C:\Windows\System\VyEdCkg.exe
  C:\Windows\System\VyEdCkg.exe
  2⤵
  PID:15276
- C:\Windows\System\kMYWZNz.exe
  C:\Windows\System\kMYWZNz.exe
  2⤵
  PID:15292
- C:\Windows\System\QmqplwK.exe
  C:\Windows\System\QmqplwK.exe
  2⤵
  PID:15332
- C:\Windows\System\uvLdoiX.exe
  C:\Windows\System\uvLdoiX.exe
  2⤵
  PID:1892
- C:\Windows\System\pbxXIOY.exe
  C:\Windows\System\pbxXIOY.exe
  2⤵
  PID:2856
- C:\Windows\System\UESBGUR.exe
  C:\Windows\System\UESBGUR.exe
  2⤵
  PID:7124
- C:\Windows\System\LgsDrCu.exe
  C:\Windows\System\LgsDrCu.exe
  2⤵
  PID:6328
- C:\Windows\System\kCjSTrX.exe
  C:\Windows\System\kCjSTrX.exe
  2⤵
  PID:6784
- C:\Windows\System\efesIFn.exe
  C:\Windows\System\efesIFn.exe
  2⤵
  PID:112
- C:\Windows\System\bWNGjwv.exe
  C:\Windows\System\bWNGjwv.exe
  2⤵
  PID:14432
- C:\Windows\System\ugEdhAR.exe
  C:\Windows\System\ugEdhAR.exe
  2⤵
  PID:14512
- C:\Windows\System\hDUiGeV.exe
  C:\Windows\System\hDUiGeV.exe
  2⤵
  PID:14564
- C:\Windows\System\zSPdpPV.exe
  C:\Windows\System\zSPdpPV.exe
  2⤵
  PID:14680
- C:\Windows\System\NhyUzKE.exe
  C:\Windows\System\NhyUzKE.exe
  2⤵
  PID:1672
- C:\Windows\System\sBlBgWi.exe
  C:\Windows\System\sBlBgWi.exe
  2⤵
  PID:4648
- C:\Windows\System\FNkADwE.exe
  C:\Windows\System\FNkADwE.exe
  2⤵
  PID:2332
- C:\Windows\System\azjitEh.exe
  C:\Windows\System\azjitEh.exe
  2⤵
  PID:14764
- C:\Windows\System\yHgBaOJ.exe
  C:\Windows\System\yHgBaOJ.exe
  2⤵
  PID:7808
- C:\Windows\System\AGelRrf.exe
  C:\Windows\System\AGelRrf.exe
  2⤵
  PID:15004
- C:\Windows\System\OihBWLl.exe
  C:\Windows\System\OihBWLl.exe
  2⤵
  PID:15000
- C:\Windows\System\FBmcshs.exe
  C:\Windows\System\FBmcshs.exe
  2⤵
  PID:15048
- C:\Windows\System\aSKHhST.exe
  C:\Windows\System\aSKHhST.exe
  2⤵
  PID:15076
- C:\Windows\System\jAxkckF.exe
  C:\Windows\System\jAxkckF.exe
  2⤵
  PID:3512
- C:\Windows\System\griJGtz.exe
  C:\Windows\System\griJGtz.exe
  2⤵
  PID:8020
- C:\Windows\System\VSxTdgF.exe
  C:\Windows\System\VSxTdgF.exe
  2⤵
  PID:8132
- C:\Windows\System\wGXfxNC.exe
  C:\Windows\System\wGXfxNC.exe
  2⤵
  PID:8184
- C:\Windows\System\iBoEmYC.exe
  C:\Windows\System\iBoEmYC.exe
  2⤵
  PID:6836
- C:\Windows\System\jtOprto.exe
  C:\Windows\System\jtOprto.exe
  2⤵
  PID:14476
- C:\Windows\System\RemgDUK.exe
  C:\Windows\System\RemgDUK.exe
  2⤵
  PID:3196
- C:\Windows\System\eeQyoGm.exe
  C:\Windows\System\eeQyoGm.exe
  2⤵
  PID:2560
- C:\Windows\System\GmPtDFp.exe
  C:\Windows\System\GmPtDFp.exe
  2⤵
  PID:2380
- C:\Windows\System\JZmNtpc.exe
  C:\Windows\System\JZmNtpc.exe
  2⤵
  PID:1580
- C:\Windows\System\YwlWyCi.exe
  C:\Windows\System\YwlWyCi.exe
  2⤵
  PID:14488
- C:\Windows\System\YqiFTcx.exe
  C:\Windows\System\YqiFTcx.exe
  2⤵
  PID:15216
- C:\Windows\System\RrFDShc.exe
  C:\Windows\System\RrFDShc.exe
  2⤵
  PID:14876
- C:\Windows\System\UtnKlCp.exe
  C:\Windows\System\UtnKlCp.exe
  2⤵
  PID:14900
- C:\Windows\System\yjcQIoo.exe
  C:\Windows\System\yjcQIoo.exe
  2⤵
  PID:12156
- C:\Windows\System\EgOwluO.exe
  C:\Windows\System\EgOwluO.exe
  2⤵
  PID:7644
- C:\Windows\System\naMsQRG.exe
  C:\Windows\System\naMsQRG.exe
  2⤵
  PID:7940
- C:\Windows\System\pvensYU.exe
  C:\Windows\System\pvensYU.exe
  2⤵
  PID:2216
- C:\Windows\System\gYYOqBB.exe
  C:\Windows\System\gYYOqBB.exe
  2⤵
  PID:7400
- C:\Windows\System\LdSvGHk.exe
  C:\Windows\System\LdSvGHk.exe
  2⤵
  PID:7672
- C:\Windows\System\KXxAkfW.exe
  C:\Windows\System\KXxAkfW.exe
  2⤵
  PID:8292
- C:\Windows\System\mvispAu.exe
  C:\Windows\System\mvispAu.exe
  2⤵
  PID:15176
- C:\Windows\System\wnfkFVB.exe
  C:\Windows\System\wnfkFVB.exe
  2⤵
  PID:5220
- C:\Windows\System\gYGmPrF.exe
  C:\Windows\System\gYGmPrF.exe
  2⤵
  PID:5444
- C:\Windows\System\KhVefCs.exe
  C:\Windows\System\KhVefCs.exe
  2⤵
  PID:2992
- C:\Windows\System\zaAFzDh.exe
  C:\Windows\System\zaAFzDh.exe
  2⤵
  PID:5388
- C:\Windows\System\nvqKEAA.exe
  C:\Windows\System\nvqKEAA.exe
  2⤵
  PID:5304
- C:\Windows\System\iSyLCMF.exe
  C:\Windows\System\iSyLCMF.exe
  2⤵
  PID:5356
- C:\Windows\System\lLNCAER.exe
  C:\Windows\System\lLNCAER.exe
  2⤵
  PID:15284
- C:\Windows\System\ghwngUS.exe
  C:\Windows\System\ghwngUS.exe
  2⤵
  PID:15352
- C:\Windows\System\axbRdDa.exe
  C:\Windows\System\axbRdDa.exe
  2⤵
  PID:14340
- C:\Windows\System\rpDLlrA.exe
  C:\Windows\System\rpDLlrA.exe
  2⤵
  PID:7036
- C:\Windows\System\kMyBDmU.exe
  C:\Windows\System\kMyBDmU.exe
  2⤵
  PID:6412
- C:\Windows\System\FWnlCQD.exe
  C:\Windows\System\FWnlCQD.exe
  2⤵
  PID:4876
- C:\Windows\System\vMGZIyW.exe
  C:\Windows\System\vMGZIyW.exe
  2⤵
  PID:14484
- C:\Windows\System\hEbDdUN.exe
  C:\Windows\System\hEbDdUN.exe
  2⤵
  PID:3212
- C:\Windows\System\rWitXBT.exe
  C:\Windows\System\rWitXBT.exe
  2⤵
  PID:7488
- C:\Windows\System\PHDlWiK.exe
  C:\Windows\System\PHDlWiK.exe
  2⤵
  PID:3924
- C:\Windows\System\RcQRwyL.exe
  C:\Windows\System\RcQRwyL.exe
  2⤵
  PID:14872
- C:\Windows\System\pcEfweK.exe
  C:\Windows\System\pcEfweK.exe
  2⤵
  PID:5976
- C:\Windows\System\YhdrwRw.exe
  C:\Windows\System\YhdrwRw.exe
  2⤵
  PID:7864
- C:\Windows\System\GDCcBit.exe
  C:\Windows\System\GDCcBit.exe
  2⤵
  PID:7904
- C:\Windows\System\GVtqcXG.exe
  C:\Windows\System\GVtqcXG.exe
  2⤵
  PID:12508
- C:\Windows\System\LgYgelU.exe
  C:\Windows\System\LgYgelU.exe
  2⤵
  PID:15032
- C:\Windows\System\XphWPgT.exe
  C:\Windows\System\XphWPgT.exe
  2⤵
  PID:3640
- C:\Windows\System\zhlcDkV.exe
  C:\Windows\System\zhlcDkV.exe
  2⤵
  PID:6116
- C:\Windows\System\uRORCpO.exe
  C:\Windows\System\uRORCpO.exe
  2⤵
  PID:8144
- C:\Windows\System\nCpIfvV.exe
  C:\Windows\System\nCpIfvV.exe
  2⤵
  PID:8876
- C:\Windows\System\XGCeTXF.exe
  C:\Windows\System\XGCeTXF.exe
  2⤵
  PID:880
- C:\Windows\System\SSBepRx.exe
  C:\Windows\System\SSBepRx.exe
  2⤵
  PID:772
- C:\Windows\System\wLPcRQP.exe
  C:\Windows\System\wLPcRQP.exe
  2⤵
  PID:2128
- C:\Windows\System\GVSFGzw.exe
  C:\Windows\System\GVSFGzw.exe
  2⤵
  PID:4908
- C:\Windows\System\lQtIEAQ.exe
  C:\Windows\System\lQtIEAQ.exe
  2⤵
  PID:5188
- C:\Windows\System\oEWykHG.exe
  C:\Windows\System\oEWykHG.exe
  2⤵
  PID:14716
- C:\Windows\System\LYjzfre.exe
  C:\Windows\System\LYjzfre.exe
  2⤵
  PID:12148
- C:\Windows\System\rZaTNMo.exe
  C:\Windows\System\rZaTNMo.exe
  2⤵
  PID:8188
- C:\Windows\System\FxrfmaR.exe
  C:\Windows\System\FxrfmaR.exe
  2⤵
  PID:5484
- C:\Windows\System\FsoVZIM.exe
  C:\Windows\System\FsoVZIM.exe
  2⤵
  PID:3692
- C:\Windows\System\BkTtcZo.exe
  C:\Windows\System\BkTtcZo.exe
  2⤵
  PID:5628
- C:\Windows\System\HssLpIU.exe
  C:\Windows\System\HssLpIU.exe
  2⤵
  PID:5460
- C:\Windows\System\yzveoFp.exe
  C:\Windows\System\yzveoFp.exe
  2⤵
  PID:4372
- C:\Windows\System\ZhoYEaC.exe
  C:\Windows\System\ZhoYEaC.exe
  2⤵
  PID:5888
- C:\Windows\System\koCVzBE.exe
  C:\Windows\System\koCVzBE.exe
  2⤵
  PID:5648
- C:\Windows\System\QvYvwUE.exe
  C:\Windows\System\QvYvwUE.exe
  2⤵
  PID:5664
- C:\Windows\System\IlpmgOI.exe
  C:\Windows\System\IlpmgOI.exe
  2⤵
  PID:6196
- C:\Windows\System\llAVvQo.exe
  C:\Windows\System\llAVvQo.exe
  2⤵
  PID:4188
- C:\Windows\System\gaHDNNZ.exe
  C:\Windows\System\gaHDNNZ.exe
  2⤵
  PID:5140
- C:\Windows\System\nrtIuDW.exe
  C:\Windows\System\nrtIuDW.exe
  2⤵
  PID:5216
- C:\Windows\System\kjEtyzr.exe
  C:\Windows\System\kjEtyzr.exe
  2⤵
  PID:8708
- C:\Windows\System\WZEsTHX.exe
  C:\Windows\System\WZEsTHX.exe
  2⤵
  PID:5580
- C:\Windows\System\yYYMdvX.exe
  C:\Windows\System\yYYMdvX.exe
  2⤵
  PID:2504
- C:\Windows\System\gGcUYzZ.exe
  C:\Windows\System\gGcUYzZ.exe
  2⤵
  PID:6200
- C:\Windows\System\dmgyqGZ.exe
  C:\Windows\System\dmgyqGZ.exe
  2⤵
  PID:6280
- C:\Windows\System\EgtuMmN.exe
  C:\Windows\System\EgtuMmN.exe
  2⤵
  PID:3496
- C:\Windows\System\zxJcvkM.exe
  C:\Windows\System\zxJcvkM.exe
  2⤵
  PID:6320
- C:\Windows\System\jLwuSiY.exe
  C:\Windows\System\jLwuSiY.exe
  2⤵
  PID:6644
- C:\Windows\System\jYqQUAJ.exe
  C:\Windows\System\jYqQUAJ.exe
  2⤵
  PID:1552
- C:\Windows\System\VriLlpd.exe
  C:\Windows\System\VriLlpd.exe
  2⤵
  PID:6432
- C:\Windows\System\WUFDeXX.exe
  C:\Windows\System\WUFDeXX.exe
  2⤵
  PID:5212
- C:\Windows\System\zKZQzyQ.exe
  C:\Windows\System\zKZQzyQ.exe
  2⤵
  PID:5328
- C:\Windows\System\QwMzukb.exe
  C:\Windows\System\QwMzukb.exe
  2⤵
  PID:7840
- C:\Windows\System\UMOmVcp.exe
  C:\Windows\System\UMOmVcp.exe
  2⤵
  PID:8220
- C:\Windows\System\uvhLQCD.exe
  C:\Windows\System\uvhLQCD.exe
  2⤵
  PID:14928
- C:\Windows\System\AyXsYxR.exe
  C:\Windows\System\AyXsYxR.exe
  2⤵
  PID:6640
- C:\Windows\System\KOfZMwW.exe
  C:\Windows\System\KOfZMwW.exe
  2⤵
  PID:6684
- C:\Windows\System\PmHwqMy.exe
  C:\Windows\System\PmHwqMy.exe
  2⤵
  PID:6136
- C:\Windows\System\QOlRRmg.exe
  C:\Windows\System\QOlRRmg.exe
  2⤵
  PID:14460
- C:\Windows\System\RmtBArR.exe
  C:\Windows\System\RmtBArR.exe
  2⤵
  PID:14652
- C:\Windows\System\FcHJFWb.exe
  C:\Windows\System\FcHJFWb.exe
  2⤵
  PID:5932
- C:\Windows\System\WLwPlPp.exe
  C:\Windows\System\WLwPlPp.exe
  2⤵
  PID:6824
- C:\Windows\System\Yacxmov.exe
  C:\Windows\System\Yacxmov.exe
  2⤵
  PID:6852
- C:\Windows\System\RcTAzHu.exe
  C:\Windows\System\RcTAzHu.exe
  2⤵
  PID:3756
- C:\Windows\System\huBghxz.exe
  C:\Windows\System\huBghxz.exe
  2⤵
  PID:6932
- C:\Windows\System\OIdhvhZ.exe
  C:\Windows\System\OIdhvhZ.exe
  2⤵
  PID:4708
- C:\Windows\System\AGTwZTa.exe
  C:\Windows\System\AGTwZTa.exe
  2⤵
  PID:5264
- C:\Windows\System\BpVudCL.exe
  C:\Windows\System\BpVudCL.exe
  2⤵
  PID:5540
- C:\Windows\System\jufDhea.exe
  C:\Windows\System\jufDhea.exe
  2⤵
  PID:6612
- C:\Windows\System\QxvBRWq.exe
  C:\Windows\System\QxvBRWq.exe
  2⤵
  PID:5172
- C:\Windows\System\CQkDZMY.exe
  C:\Windows\System\CQkDZMY.exe
  2⤵
  PID:7104
- C:\Windows\System\fQZxfKS.exe
  C:\Windows\System\fQZxfKS.exe
  2⤵
  PID:3256
- C:\Windows\System\xMvIcmd.exe
  C:\Windows\System\xMvIcmd.exe
  2⤵
  PID:6840
- C:\Windows\System\wKkUhTS.exe
  C:\Windows\System\wKkUhTS.exe
  2⤵
  PID:6880
- C:\Windows\System\XDgphvm.exe
  C:\Windows\System\XDgphvm.exe
  2⤵
  PID:2996
- C:\Windows\System\xOnVMGF.exe
  C:\Windows\System\xOnVMGF.exe
  2⤵
  PID:15172
- C:\Windows\System\aReaOek.exe
  C:\Windows\System\aReaOek.exe
  2⤵
  PID:6168
- C:\Windows\System\rFROMTG.exe
  C:\Windows\System\rFROMTG.exe
  2⤵
  PID:7076
- C:\Windows\System\bwQxUEQ.exe
  C:\Windows\System\bwQxUEQ.exe
  2⤵
  PID:5820
- C:\Windows\System\DSgwjYe.exe
  C:\Windows\System\DSgwjYe.exe
  2⤵
  PID:6388
- C:\Windows\System\bgxfnVM.exe
  C:\Windows\System\bgxfnVM.exe
  2⤵
  PID:6348
- C:\Windows\System\hbRYEkl.exe
  C:\Windows\System\hbRYEkl.exe
  2⤵
  PID:15268
- C:\Windows\System\JZrlUvK.exe
  C:\Windows\System\JZrlUvK.exe
  2⤵
  PID:6332
- C:\Windows\System\KctfrnD.exe
  C:\Windows\System\KctfrnD.exe
  2⤵
  PID:5044
- C:\Windows\System\VxPpHgR.exe
  C:\Windows\System\VxPpHgR.exe
  2⤵
  PID:6812
- C:\Windows\System\ClbDszV.exe
  C:\Windows\System\ClbDszV.exe
  2⤵
  PID:6724
- C:\Windows\System\ayZcPiT.exe
  C:\Windows\System\ayZcPiT.exe
  2⤵
  PID:6928
- C:\Windows\System\fdvPBFF.exe
  C:\Windows\System\fdvPBFF.exe
  2⤵
  PID:15364
- C:\Windows\System\xDfrJGy.exe
  C:\Windows\System\xDfrJGy.exe
  2⤵
  PID:15392
- C:\Windows\System\nVFyAyW.exe
  C:\Windows\System\nVFyAyW.exe
  2⤵
  PID:15420
- C:\Windows\System\FpWzpyr.exe
  C:\Windows\System\FpWzpyr.exe
  2⤵
  PID:15448
- C:\Windows\System\lRjaYLo.exe
  C:\Windows\System\lRjaYLo.exe
  2⤵
  PID:15480
- C:\Windows\System\DLJXYCV.exe
  C:\Windows\System\DLJXYCV.exe
  2⤵
  PID:15508
- C:\Windows\System\rIYZMYQ.exe
  C:\Windows\System\rIYZMYQ.exe
  2⤵
  PID:15536
- C:\Windows\System\oNDFUgG.exe
  C:\Windows\System\oNDFUgG.exe
  2⤵
  PID:15564
- C:\Windows\System\vHXsMOI.exe
  C:\Windows\System\vHXsMOI.exe
  2⤵
  PID:15592
- C:\Windows\System\nniRokq.exe
  C:\Windows\System\nniRokq.exe
  2⤵
  PID:15620
- C:\Windows\System\HPtEckH.exe
  C:\Windows\System\HPtEckH.exe
  2⤵
  PID:15648
- C:\Windows\System\ywBuiMl.exe
  C:\Windows\System\ywBuiMl.exe
  2⤵
  PID:15680
- C:\Windows\System\uYbMFst.exe
  C:\Windows\System\uYbMFst.exe
  2⤵
  PID:15736
- C:\Windows\System\YgMbILd.exe
  C:\Windows\System\YgMbILd.exe
  2⤵
  PID:15768
- C:\Windows\System\JJZgokp.exe
  C:\Windows\System\JJZgokp.exe
  2⤵
  PID:15800
- C:\Windows\System\QWyXDEB.exe
  C:\Windows\System\QWyXDEB.exe
  2⤵
  PID:15828
- C:\Windows\System\pBKMgcq.exe
  C:\Windows\System\pBKMgcq.exe
  2⤵
  PID:15868
- C:\Windows\System\eRpyxhi.exe
  C:\Windows\System\eRpyxhi.exe
  2⤵
  PID:15884
- C:\Windows\System\mxkfhmi.exe
  C:\Windows\System\mxkfhmi.exe
  2⤵
  PID:15916
- C:\Windows\System\JAEPTqp.exe
  C:\Windows\System\JAEPTqp.exe
  2⤵
  PID:15944
- C:\Windows\System\qiKSvfg.exe
  C:\Windows\System\qiKSvfg.exe
  2⤵
  PID:15972
- C:\Windows\System\Kdwvxzy.exe
  C:\Windows\System\Kdwvxzy.exe
  2⤵
  PID:16000
- C:\Windows\System\EFrVAHL.exe
  C:\Windows\System\EFrVAHL.exe
  2⤵
  PID:16028
- C:\Windows\System\qaizDzV.exe
  C:\Windows\System\qaizDzV.exe
  2⤵
  PID:16056
- C:\Windows\System\ZtpxhwA.exe
  C:\Windows\System\ZtpxhwA.exe
  2⤵
  PID:16084
- C:\Windows\System\sMhmzDe.exe
  C:\Windows\System\sMhmzDe.exe
  2⤵
  PID:16112
- C:\Windows\System\fZmZzKb.exe
  C:\Windows\System\fZmZzKb.exe
  2⤵
  PID:16140
- C:\Windows\System\ALwgsKY.exe
  C:\Windows\System\ALwgsKY.exe
  2⤵
  PID:16168
- C:\Windows\System\Kzyefvc.exe
  C:\Windows\System\Kzyefvc.exe
  2⤵
  PID:16196
- C:\Windows\System\LxiNAPq.exe
  C:\Windows\System\LxiNAPq.exe
  2⤵
  PID:16224
- C:\Windows\System\FLFLisj.exe
  C:\Windows\System\FLFLisj.exe
  2⤵
  PID:16252
- C:\Windows\System\lTLaMIU.exe
  C:\Windows\System\lTLaMIU.exe
  2⤵
  PID:16284
- C:\Windows\System\YRmvXng.exe
  C:\Windows\System\YRmvXng.exe
  2⤵
  PID:16312
- C:\Windows\System\pRxyGLq.exe
  C:\Windows\System\pRxyGLq.exe
  2⤵
  PID:16340
- C:\Windows\System\BkJIFaO.exe
  C:\Windows\System\BkJIFaO.exe
  2⤵
  PID:16380
- C:\Windows\System\TvxhJTY.exe
  C:\Windows\System\TvxhJTY.exe
  2⤵
  PID:15384
- C:\Windows\System\xnEcvVA.exe
  C:\Windows\System\xnEcvVA.exe
  2⤵
  PID:15440
- C:\Windows\System\TBVDPiU.exe
  C:\Windows\System\TBVDPiU.exe
  2⤵
  PID:15504
- C:\Windows\System\rmXvMrG.exe
  C:\Windows\System\rmXvMrG.exe
  2⤵
  PID:15576
- C:\Windows\System\BhHhKiA.exe
  C:\Windows\System\BhHhKiA.exe
  2⤵
  PID:7152
- C:\Windows\System\OUEAIHN.exe
  C:\Windows\System\OUEAIHN.exe
  2⤵
  PID:6696
- C:\Windows\System\lQWPxrA.exe
  C:\Windows\System\lQWPxrA.exe
  2⤵
  PID:1008
- C:\Windows\System\lmOzUjr.exe
  C:\Windows\System\lmOzUjr.exe
  2⤵
  PID:15692
- C:\Windows\System\JFuSQys.exe
  C:\Windows\System\JFuSQys.exe
  2⤵
  PID:15792
- C:\Windows\System\TWNirzN.exe
  C:\Windows\System\TWNirzN.exe
  2⤵
  PID:15848
- C:\Windows\System\DeLTMBp.exe
  C:\Windows\System\DeLTMBp.exe
  2⤵
  PID:7248
- C:\Windows\System\QpeOsPe.exe
  C:\Windows\System\QpeOsPe.exe
  2⤵
  PID:15776
- C:\Windows\System\tckGUEB.exe
  C:\Windows\System\tckGUEB.exe
  2⤵
  PID:15908
- C:\Windows\System\IhVmFHP.exe
  C:\Windows\System\IhVmFHP.exe
  2⤵
  PID:15956
- C:\Windows\System\AyAYEoC.exe
  C:\Windows\System\AyAYEoC.exe
  2⤵
  PID:15984
- C:\Windows\System\CEDUXpQ.exe
  C:\Windows\System\CEDUXpQ.exe
  2⤵
  PID:7360
- C:\Windows\System\gfuHpEn.exe
  C:\Windows\System\gfuHpEn.exe
  2⤵
  PID:7432
- C:\Windows\System\xrjHhZe.exe
  C:\Windows\System\xrjHhZe.exe
  2⤵
  PID:16104
- C:\Windows\System\eaOkBmG.exe
  C:\Windows\System\eaOkBmG.exe
  2⤵
  PID:16164
- C:\Windows\System\DNnOzbJ.exe
  C:\Windows\System\DNnOzbJ.exe
  2⤵
  PID:16220
- C:\Windows\System\sDjMiWw.exe
  C:\Windows\System\sDjMiWw.exe
  2⤵
  PID:16244
- C:\Windows\System\dZiyQQE.exe
  C:\Windows\System\dZiyQQE.exe
  2⤵
  PID:16304
- C:\Windows\System\XaiFOfH.exe
  C:\Windows\System\XaiFOfH.exe
  2⤵
  PID:11992
- C:\Windows\System\PIuozWZ.exe
  C:\Windows\System\PIuozWZ.exe
  2⤵
  PID:16352
- C:\Windows\System\POCcfKj.exe
  C:\Windows\System\POCcfKj.exe
  2⤵
  PID:15128
- C:\Windows\System\JBhGkhF.exe
  C:\Windows\System\JBhGkhF.exe
  2⤵
  PID:1920
- C:\Windows\System\ZGHyPVC.exe
  C:\Windows\System\ZGHyPVC.exe
  2⤵
  PID:13324
- C:\Windows\System\wlEATIZ.exe
  C:\Windows\System\wlEATIZ.exe
  2⤵
  PID:12044
- C:\Windows\System\NxstQAS.exe
  C:\Windows\System\NxstQAS.exe
  2⤵
  PID:16376
- C:\Windows\System\VjCUIfc.exe
  C:\Windows\System\VjCUIfc.exe
  2⤵
  PID:15376
- C:\Windows\System\EJaPEOa.exe
  C:\Windows\System\EJaPEOa.exe
  2⤵
  PID:4340
- C:\Windows\System\HlqrWbZ.exe
  C:\Windows\System\HlqrWbZ.exe
  2⤵
  PID:15560
- C:\Windows\System\RisivtO.exe
  C:\Windows\System\RisivtO.exe
  2⤵
  PID:8060
- C:\Windows\System\AgBhaze.exe
  C:\Windows\System\AgBhaze.exe
  2⤵
  PID:7880
- C:\Windows\System\gyCWOqK.exe
  C:\Windows\System\gyCWOqK.exe
  2⤵
  PID:7900
- C:\Windows\System\feTbWLG.exe
  C:\Windows\System\feTbWLG.exe
  2⤵
  PID:7932
- C:\Windows\System\fuNpzxz.exe
  C:\Windows\System\fuNpzxz.exe
  2⤵
  PID:15880
- C:\Windows\System\hQejzHB.exe
  C:\Windows\System\hQejzHB.exe
  2⤵
  PID:7348
- C:\Windows\System\BvBbDJn.exe
  C:\Windows\System\BvBbDJn.exe
  2⤵
  PID:16052
- C:\Windows\System\qpPVXur.exe
  C:\Windows\System\qpPVXur.exe
  2⤵
  PID:16160
- C:\Windows\System\upcQKMz.exe
  C:\Windows\System\upcQKMz.exe
  2⤵
  PID:7592
- C:\Windows\System\cMzWIuc.exe
  C:\Windows\System\cMzWIuc.exe
  2⤵
  PID:4104
- C:\Windows\System\dQRDAni.exe
  C:\Windows\System\dQRDAni.exe
  2⤵
  PID:14388
- C:\Windows\System\jKuNxHI.exe
  C:\Windows\System\jKuNxHI.exe
  2⤵
  PID:14836
- C:\Windows\System\HKCIcsw.exe
  C:\Windows\System\HKCIcsw.exe
  2⤵
  PID:7768
- C:\Windows\System\wFeCuBJ.exe
  C:\Windows\System\wFeCuBJ.exe
  2⤵
  PID:7088
- C:\Windows\System\NvElSQh.exe
  C:\Windows\System\NvElSQh.exe
  2⤵
  PID:15748
- C:\Windows\System\NtVPmnQ.exe
  C:\Windows\System\NtVPmnQ.exe
  2⤵
  PID:7948
- C:\Windows\System\Ldohpxs.exe
  C:\Windows\System\Ldohpxs.exe
  2⤵
  PID:16012
- C:\Windows\System\JlVFrYV.exe
  C:\Windows\System\JlVFrYV.exe
  2⤵
  PID:7572
- C:\Windows\System\ppEFUfw.exe
  C:\Windows\System\ppEFUfw.exe
  2⤵
  PID:3332
- C:\Windows\System\XnxevcX.exe
  C:\Windows\System\XnxevcX.exe
  2⤵
  PID:2868
- C:\Windows\System\trsHUdx.exe
  C:\Windows\System\trsHUdx.exe
  2⤵
  PID:15840
- C:\Windows\System\UpOroda.exe
  C:\Windows\System\UpOroda.exe
  2⤵
  PID:16216
- C:\Windows\System\GctIcJx.exe
  C:\Windows\System\GctIcJx.exe
  2⤵
  PID:7424
- C:\Windows\System\BGjAjMd.exe
  C:\Windows\System\BGjAjMd.exe
  2⤵
  PID:14408
- C:\Windows\System\tnoxXDV.exe
  C:\Windows\System\tnoxXDV.exe
  2⤵
  PID:16392
- C:\Windows\System\ionomyr.exe
  C:\Windows\System\ionomyr.exe
  2⤵
  PID:16420
- C:\Windows\System\AnMduGZ.exe
  C:\Windows\System\AnMduGZ.exe
  2⤵
  PID:16448
- C:\Windows\System\wUjPATC.exe
  C:\Windows\System\wUjPATC.exe
  2⤵
  PID:16476
- C:\Windows\System\fpLVqHJ.exe
  C:\Windows\System\fpLVqHJ.exe
  2⤵
  PID:16504
- C:\Windows\System\CepZeFn.exe
  C:\Windows\System\CepZeFn.exe
  2⤵
  PID:16532
- C:\Windows\System\twNtLHA.exe
  C:\Windows\System\twNtLHA.exe
  2⤵
  PID:16560
- C:\Windows\System\GmEJiNx.exe
  C:\Windows\System\GmEJiNx.exe
  2⤵
  PID:16588
- C:\Windows\System\kGpfCgR.exe
  C:\Windows\System\kGpfCgR.exe
  2⤵
  PID:16616
- C:\Windows\System\xYVkgRW.exe
  C:\Windows\System\xYVkgRW.exe
  2⤵
  PID:16644
- C:\Windows\System\CDNwFtN.exe
  C:\Windows\System\CDNwFtN.exe
  2⤵
  PID:16672
- C:\Windows\System\mnyXGWV.exe
  C:\Windows\System\mnyXGWV.exe
  2⤵
  PID:16700
- C:\Windows\System\aDIiICp.exe
  C:\Windows\System\aDIiICp.exe
  2⤵
  PID:16728
- C:\Windows\System\ZqcXlmp.exe
  C:\Windows\System\ZqcXlmp.exe
  2⤵
  PID:16756
- C:\Windows\System\VloWDfI.exe
  C:\Windows\System\VloWDfI.exe
  2⤵
  PID:16784
- C:\Windows\System\MsgKUGp.exe
  C:\Windows\System\MsgKUGp.exe
  2⤵
  PID:16812
- C:\Windows\System\stHaXRT.exe
  C:\Windows\System\stHaXRT.exe
  2⤵
  PID:16840
- C:\Windows\System\pSCWLBu.exe
  C:\Windows\System\pSCWLBu.exe
  2⤵
  PID:16872
- C:\Windows\System\uzLCKTd.exe
  C:\Windows\System\uzLCKTd.exe
  2⤵
  PID:16900
- C:\Windows\System\MKMfgxe.exe
  C:\Windows\System\MKMfgxe.exe
  2⤵
  PID:17016
- C:\Windows\System\TVWqIVw.exe
  C:\Windows\System\TVWqIVw.exe
  2⤵
  PID:17044
- C:\Windows\System\AmjLPZT.exe
  C:\Windows\System\AmjLPZT.exe
  2⤵
  PID:17060
- C:\Windows\System\zDcHHtk.exe
  C:\Windows\System\zDcHHtk.exe
  2⤵
  PID:17088
- C:\Windows\System\DakfrVo.exe
  C:\Windows\System\DakfrVo.exe
  2⤵
  PID:17116
- C:\Windows\System\gAWYiLK.exe
  C:\Windows\System\gAWYiLK.exe
  2⤵
  PID:17144
- C:\Windows\System\rMEoWVo.exe
  C:\Windows\System\rMEoWVo.exe
  2⤵
  PID:17172
- C:\Windows\System\HiZAlQK.exe
  C:\Windows\System\HiZAlQK.exe
  2⤵
  PID:17200
- C:\Windows\System\SHZNWyc.exe
  C:\Windows\System\SHZNWyc.exe
  2⤵
  PID:17228
- C:\Windows\System\LAaUEBV.exe
  C:\Windows\System\LAaUEBV.exe
  2⤵
  PID:17256
- C:\Windows\System\KZGEycr.exe
  C:\Windows\System\KZGEycr.exe
  2⤵
  PID:17312
- C:\Windows\System\kOyeBJC.exe
  C:\Windows\System\kOyeBJC.exe
  2⤵
  PID:16412
- C:\Windows\System\boARCgn.exe
  C:\Windows\System\boARCgn.exe
  2⤵
  PID:16444
- C:\Windows\System\IRszdlk.exe
  C:\Windows\System\IRszdlk.exe
  2⤵
  PID:16516
- C:\Windows\System\dhoeeQf.exe
  C:\Windows\System\dhoeeQf.exe
  2⤵
  PID:16720
- C:\Windows\System\lyOIrMP.exe
  C:\Windows\System\lyOIrMP.exe
  2⤵
  PID:16864
- C:\Windows\System\aqtQCOe.exe
  C:\Windows\System\aqtQCOe.exe
  2⤵
  PID:8484
- C:\Windows\System\AxOqCji.exe
  C:\Windows\System\AxOqCji.exe
  2⤵
  PID:8544
- C:\Windows\System\PUVeFiR.exe
  C:\Windows\System\PUVeFiR.exe
  2⤵
  PID:16964
- C:\Windows\System\lrsefzR.exe
  C:\Windows\System\lrsefzR.exe
  2⤵
  PID:10276
- C:\Windows\System\mEVtAKJ.exe
  C:\Windows\System\mEVtAKJ.exe
  2⤵
  PID:17012
- C:\Windows\System\SIgaQmO.exe
  C:\Windows\System\SIgaQmO.exe
  2⤵
  PID:8640
- C:\Windows\System\LdacJtP.exe
  C:\Windows\System\LdacJtP.exe
  2⤵
  PID:10516
- C:\Windows\System\TOLsmbp.exe
  C:\Windows\System\TOLsmbp.exe
  2⤵
  PID:17084
- C:\Windows\System\MXsVDKY.exe
  C:\Windows\System\MXsVDKY.exe
  2⤵
  PID:17112
- C:\Windows\System\qQWMxMr.exe
  C:\Windows\System\qQWMxMr.exe
  2⤵
  PID:17184
- C:\Windows\System\OCWzmtK.exe
  C:\Windows\System\OCWzmtK.exe
  2⤵
  PID:17268
- C:\Windows\System\kPkLlJc.exe
  C:\Windows\System\kPkLlJc.exe
  2⤵
  PID:17364
- C:\Windows\System\kcRVVjI.exe
  C:\Windows\System\kcRVVjI.exe
  2⤵
  PID:17380
- C:\Windows\System\UAXasLO.exe
  C:\Windows\System\UAXasLO.exe
  2⤵
  PID:16388
- C:\Windows\System\VgBgdye.exe
  C:\Windows\System\VgBgdye.exe
  2⤵
  PID:8932
- C:\Windows\System\YEsCCFj.exe
  C:\Windows\System\YEsCCFj.exe
  2⤵
  PID:16612
- C:\Windows\System\BVkXSzL.exe
  C:\Windows\System\BVkXSzL.exe
  2⤵
  PID:16656
- C:\Windows\System\VayaPIK.exe
  C:\Windows\System\VayaPIK.exe
  2⤵
  PID:16684
- C:\Windows\System\fzNRCdL.exe
  C:\Windows\System\fzNRCdL.exe
  2⤵
  PID:9048
- C:\Windows\System\tvvuEKS.exe
  C:\Windows\System\tvvuEKS.exe
  2⤵
  PID:16768
- C:\Windows\System\DOgPTIH.exe
  C:\Windows\System\DOgPTIH.exe
  2⤵
  PID:16824
- C:\Windows\System\VRfXVHF.exe
  C:\Windows\System\VRfXVHF.exe
  2⤵
  PID:9088
- C:\Windows\System\QqUOBxU.exe
  C:\Windows\System\QqUOBxU.exe
  2⤵
  PID:9132
- C:\Windows\System\LXwvMHV.exe
  C:\Windows\System\LXwvMHV.exe
  2⤵
  PID:16924
- C:\Windows\System\aRVRfom.exe
  C:\Windows\System\aRVRfom.exe
  2⤵
  PID:16956
- C:\Windows\System\vRvwzSh.exe
  C:\Windows\System\vRvwzSh.exe
  2⤵
  PID:7200
- C:\Windows\System\YrQGkMe.exe
  C:\Windows\System\YrQGkMe.exe
  2⤵
  PID:16992
- C:\Windows\System\PIxKiov.exe
  C:\Windows\System\PIxKiov.exe
  2⤵
  PID:8656
- C:\Windows\System\brmOCNH.exe
  C:\Windows\System\brmOCNH.exe
  2⤵
  PID:7732
- C:\Windows\System\hLriYfZ.exe
  C:\Windows\System\hLriYfZ.exe
  2⤵
  PID:8736
- C:\Windows\System\vHYheJV.exe
  C:\Windows\System\vHYheJV.exe
  2⤵
  PID:2252
- C:\Windows\System\YFNQqwZ.exe
  C:\Windows\System\YFNQqwZ.exe
  2⤵
  PID:10640
- C:\Windows\System\jTgFNNL.exe
  C:\Windows\System\jTgFNNL.exe
  2⤵
  PID:17324
- C:\Windows\System\QlutFah.exe
  C:\Windows\System\QlutFah.exe
  2⤵
  PID:1256
- C:\Windows\System\fgINsfM.exe
  C:\Windows\System\fgINsfM.exe
  2⤵
  PID:8848
- C:\Windows\System\bTfFkyp.exe
  C:\Windows\System\bTfFkyp.exe
  2⤵
  PID:3728
- C:\Windows\System\tdyeswq.exe
  C:\Windows\System\tdyeswq.exe
  2⤵
  PID:16404
- C:\Windows\System\RdSISTH.exe
  C:\Windows\System\RdSISTH.exe
  2⤵
  PID:3296
- C:\Windows\System\vHVYiPd.exe
  C:\Windows\System\vHVYiPd.exe
  2⤵
  PID:8976
- C:\Windows\System\yHXWlaK.exe
  C:\Windows\System\yHXWlaK.exe
  2⤵
  PID:16780
- C:\Windows\System\ItzKJkk.exe
  C:\Windows\System\ItzKJkk.exe
  2⤵
  PID:1448
- C:\Windows\System\bBVxoej.exe
  C:\Windows\System\bBVxoej.exe
  2⤵
  PID:2528
- C:\Windows\System\pSSacDp.exe
  C:\Windows\System\pSSacDp.exe
  2⤵
  PID:16884
- C:\Windows\System\BkBBMIc.exe
  C:\Windows\System\BkBBMIc.exe
  2⤵
  PID:2840
- C:\Windows\System\Kciylcl.exe
  C:\Windows\System\Kciylcl.exe
  2⤵
  PID:9128
- C:\Windows\System\BFHBOTu.exe
  C:\Windows\System\BFHBOTu.exe
  2⤵
  PID:9200
- C:\Windows\System\ueLznJb.exe
  C:\Windows\System\ueLznJb.exe
  2⤵
  PID:16988
- C:\Windows\System\IXEyFfY.exe
  C:\Windows\System\IXEyFfY.exe
  2⤵
  PID:9064
- C:\Windows\System\mHjwWQF.exe
  C:\Windows\System\mHjwWQF.exe
  2⤵
  PID:10336
- C:\Windows\System\gYkmRCw.exe
  C:\Windows\System\gYkmRCw.exe
  2⤵
  PID:10392
- C:\Windows\System\DANpUAR.exe
  C:\Windows\System\DANpUAR.exe
  2⤵
  PID:1260
- C:\Windows\System\pWdsjbm.exe
  C:\Windows\System\pWdsjbm.exe
  2⤵
  PID:4696
- C:\Windows\System\FeKtuKN.exe
  C:\Windows\System\FeKtuKN.exe
  2⤵
  PID:8884
- C:\Windows\System\rEImiUe.exe
  C:\Windows\System\rEImiUe.exe
  2⤵
  PID:8308
- C:\Windows\System\sPNuDgn.exe
  C:\Windows\System\sPNuDgn.exe
  2⤵
  PID:17352
- C:\Windows\System\UgIKNfB.exe
  C:\Windows\System\UgIKNfB.exe
  2⤵
  PID:2276
- C:\Windows\System\WvTDxPk.exe
  C:\Windows\System\WvTDxPk.exe
  2⤵
  PID:9300
- C:\Windows\System\NAeSSiu.exe
  C:\Windows\System\NAeSSiu.exe
  2⤵
  PID:11396
- C:\Windows\System\MGdFvvD.exe
  C:\Windows\System\MGdFvvD.exe
  2⤵
  PID:11440
- C:\Windows\System\CMPYajq.exe
  C:\Windows\System\CMPYajq.exe
  2⤵
  PID:4500
- C:\Windows\System\dsyzhDH.exe
  C:\Windows\System\dsyzhDH.exe
  2⤵
  PID:9384
- C:\Windows\System\TrJeeBD.exe
  C:\Windows\System\TrJeeBD.exe
  2⤵
  PID:9412
- C:\Windows\System\miHyrkc.exe
  C:\Windows\System\miHyrkc.exe
  2⤵
  PID:16832
- C:\Windows\System\QdtDJAZ.exe
  C:\Windows\System\QdtDJAZ.exe
  2⤵
  PID:11656
- C:\Windows\System\WywjhBs.exe
  C:\Windows\System\WywjhBs.exe
  2⤵
  PID:9484
- C:\Windows\System\FeyauZl.exe
  C:\Windows\System\FeyauZl.exe
  2⤵
  PID:9092
- C:\Windows\System\DoERzwU.exe
  C:\Windows\System\DoERzwU.exe
  2⤵
  PID:10360
- C:\Windows\System\zHxsFjb.exe
  C:\Windows\System\zHxsFjb.exe
  2⤵
  PID:2124
- C:\Windows\System\MKUyHdz.exe
  C:\Windows\System\MKUyHdz.exe
  2⤵
  PID:7532
- C:\Windows\System\CXgpwLA.exe
  C:\Windows\System\CXgpwLA.exe
  2⤵
  PID:3068
- C:\Windows\System\XRNvbbx.exe
  C:\Windows\System\XRNvbbx.exe
  2⤵
  PID:10412
- C:\Windows\System\WiOSTxX.exe
  C:\Windows\System\WiOSTxX.exe
  2⤵
  PID:9772
- C:\Windows\System\fLWacTv.exe
  C:\Windows\System\fLWacTv.exe
  2⤵
  PID:8760
- C:\Windows\System\ELXLqmv.exe
  C:\Windows\System\ELXLqmv.exe
  2⤵
  PID:12108
- C:\Windows\System\siiSUJs.exe
  C:\Windows\System\siiSUJs.exe
  2⤵
  PID:17360
- C:\Windows\System\rnNEcls.exe
  C:\Windows\System\rnNEcls.exe
  2⤵
  PID:17356
- C:\Windows\System\lOkdhmq.exe
  C:\Windows\System\lOkdhmq.exe
  2⤵
  PID:9876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFZjvuq.exe

Filesize
6.1MB

MD5
56e8e6bf8424e37305da0fe51166facf

SHA1
59d5c81f5338e5c36d5835680b30982619ed75ce

SHA256
92000469cf329266ff3343dc0bc22d115423030f4e8a38190eba07bbfefd891f

SHA512
ce5e1c72880f6c621995da3e5f576573c6807edbd09525b3e2f7c658d3d1867eabbcc5bffd131d18b92887938949eb2d1d6035304b0c6f3141e1b489092ca92a

Download Submit
C:\Windows\System\BvaTzwN.exe

Filesize
6.1MB

MD5
260be2b10dedb18f11eb9a8ef526177f

SHA1
c17dbd502f1ecbce18d6095872a41d8f26e8bb56

SHA256
a10892ffa0db7cf21ead31bf32ce9a397f26c5e3abcb0bf87822c73fffd42d3d

SHA512
43f85a0fae70962526fded23b47db60ef74dee4a0cac51c6445b270488bfcd6c0a306352bffb4035ee47688d34bffe1710c5e1f31422a30503fa21097aeb9218

Download Submit
C:\Windows\System\DFTEAfy.exe

Filesize
6.1MB

MD5
d0f8ab6867edf79dcc90e2beeb2f1f5b

SHA1
2b29e4832f644293cf700477889050e4b8ab8282

SHA256
24075a1fb190f5f52c3e9a4db39c9846b7b5311d60b4b255933ed22fe7aaba87

SHA512
5888d83aa839712c80eee5066404d1903dacd2ea40538ff6e2c6d0c5e035f6bbae1e4bd4b7c73dce805bb3f5150129622d8d14865133752593d6ac696c077b5a

Download Submit
C:\Windows\System\DRqEOVw.exe

Filesize
6.1MB

MD5
938bc9a84427d69bc740edfa1b697375

SHA1
2ba0a7531ef86a2dd2356074b1eeedc2f9c8f14b

SHA256
9c96e6dc85ebbd560a6e0a138a081d38a49e945946bf6996ffb843eb965f3616

SHA512
1f30481a73c538e76e13ec4b31610a9867be784827559631a342b911575d327eb27511ea77f9628578cbe9730800c3688385f13605420b0ea2b779bb8b273dfe

Download Submit
C:\Windows\System\DwJKjUb.exe

Filesize
6.1MB

MD5
72e83594becd945981ed0bfc8688f99e

SHA1
3b8262e250a1c5cd782aea9a91dc45ab9687cebf

SHA256
ba2a5654511d514cf065606e643b5746ee137f53356aad890023013bc9dd386d

SHA512
2bbe83f61741ecc0f7c383377c4e4debb3c0a556c33efb003a790e9863b37128eb1bc47d4219a7afbc0445f8f0eef8a08b00f54d6e96a790541e0061e193cd2c

Download Submit
C:\Windows\System\EqZOAHu.exe

Filesize
6.1MB

MD5
6e5cededa1db518e3ec7df5bdfd9cec5

SHA1
d5501b94480cac6ad4ea0d1e9a366f7f4ec7e2e7

SHA256
ae8a8dc7ce9e80b1e08d116f07b1380f0e434a965453ceb6fb3a330dfffdbe80

SHA512
eee4e71588a8f730b4a44d8af517db3d95697cfbea9b1c338c745063bc7d788660fc4b04551c0cc98beb66f9b51cae96895ed81218ee749d56440fdc7f101a7a

Download Submit
C:\Windows\System\FIZdgTc.exe

Filesize
6.1MB

MD5
d2b07be6532bab788a047d1702009dea

SHA1
31d98d9610f6d10b8e5024d3cd487eb2337c1174

SHA256
b153597146028b0f404b3376a8e4091313d39c569aaea19b871f332e2b3a2e81

SHA512
34519707b690f2af72ea4af7381eb1067294c50ae2fb3d367f210e6d75afb05ffc36274b3bfaecdd6af36f0b4d6c08cdaf85473f06fbb86bef0f3bd45ecc211e

Download Submit
C:\Windows\System\GLrRDsj.exe

Filesize
6.1MB

MD5
1f4b48ef7c09534ab8d1efa18aef4957

SHA1
0e3a181d120c28afacd4ee76e318d738de45afc2

SHA256
5eb3ee6d0cda906550ae172cdf43d0130a0373ac1d90517ab150ea3a3155bfc5

SHA512
5d020407d3eda607e778d5145d9e2ba62b93cca7ac89124fce6f4f0ce6b8fa39e90e07347bb32c3519c8a0f2872e4cf961da9a52c3b15c1e352514b291213382

Download Submit
C:\Windows\System\HGEpDma.exe

Filesize
6.1MB

MD5
fd1c6bef94a7a8e77e1e6ce46e2c42de

SHA1
f5d92dc01e1ab848d9f73ae3f0500c4c4cc11e12

SHA256
c9e0d66489d2a92f72e1dc42f7125dad4521ecba2b5c239d4821393b7e75a824

SHA512
f757f610fa1c302a05e02ad3673d10770b6f289df95d6540ed5ededb460f9d5663070a16b093d2eb84fe8b34d0f63f1c221a9ab2d88c5b719c79e05bcfd446fd

Download Submit
C:\Windows\System\HkebmXs.exe

Filesize
6.1MB

MD5
7f024514b78ed85b104e2a3689574040

SHA1
edde3f586228f8b353a5c196940de2ccf2cb61b3

SHA256
c3e1d1f4ccbb68689cf14ac283cfc4f3021fd4c543c75a24420618e686ff6cb3

SHA512
4ce94bb881b38d51bd7314bdb51e7051a38519a1dc5baa85dfc5a9f68cbe348071d8fe1be31998bc09c6771ccd824a56119b41bb14a37fbebc4a13085a99eec8

Download Submit
C:\Windows\System\IiyNFap.exe

Filesize
6.1MB

MD5
79dec3f63edac02226adbb71bf92dbb6

SHA1
7dd65edd325556e52461508aa07b03f7254199fc

SHA256
19b648ffd0fe965561b2efec7936a600927e5a9fb24ac423877121161a29293b

SHA512
c43403f32e1811b50baa1a5de580c19101a80c2ba256de0ebfe17a73ed82f78ac1c4afe7f2190ae08a6e5793963245804aded44e337786c5ab676453d8a9b66b

Download Submit
C:\Windows\System\MrEwBEe.exe

Filesize
6.1MB

MD5
6fb503f58d91ab2f822c8e07f7029ce2

SHA1
37cf75df1d173fbcbe98a9daddac12f33e98a04a

SHA256
62d0cdd3496cc0dcdc2916291eac45505ceae0e2543b01358fd787cf9bd7ab13

SHA512
9c02a7e0100c8c611d692aadbe3f2f312f118bc4992ecf6808e883dc358d0ac571f4b66fcb38a5f06cb205c6c860447088033e2ef7d208c49392c566e1a1acf1

Download Submit
C:\Windows\System\NTYmJQn.exe

Filesize
6.1MB

MD5
2b48ca2d412346826a417de9394b775d

SHA1
fee84d5b10d52e655bba90626f2174890df779e2

SHA256
e230f7ff9a7a51669c053b3e9304c3a394ef508c30a36cc1ef0b21492c7a5a89

SHA512
fe9473360befbc6e459e6c0ab8b220920a4049090e9b38f019b58b073fe1ff3614e2b8aded80e89de1cd028795ff3838e96f468220f2b476db7e56dd546827e9

Download Submit
C:\Windows\System\OJdgEbi.exe

Filesize
6.1MB

MD5
b335781b1d8404e9cfdae189c00f4453

SHA1
bfa922a6fd3ea067b439a02aede76e63b43b37e5

SHA256
00848cb99b5409d4f18724720946d7e48827e7d46817bef39ced457e940455e7

SHA512
62fc79cd98f2617949b75923c617b6496312b57427c168c66bec16f8083636217a57812bd7660552a375dc4d5a9146841da9b5c2de2c715d4b5a74c74d2fcec0

Download Submit
C:\Windows\System\OiKkNQK.exe

Filesize
6.1MB

MD5
774ddb48b0e743799be2816535b41fb6

SHA1
c529ae5b43750a796337c82e29081fb54adea574

SHA256
ebe6c461319d2f10b352661de532aaa7e158496eeeca7eec2e711d4b139c0681

SHA512
660df9955564865d35072b41b87326433d098418542f695784edbde40774a321f3515393182368fa6f6e950acde65dc234a5dd62c85ad6661546f9e3ec9e20a0

Download Submit
C:\Windows\System\URaspgk.exe

Filesize
6.1MB

MD5
d6ac128d31ad15f7134496f9d37e842a

SHA1
f3fe8071c62d5546875a496f7cb960b039871e05

SHA256
78956c34c1c15b4a3bb02d4de1732822d10a3132ee8adcb045c3de46e2f42424

SHA512
e17bc54bac3d9cc1ca93d67c7755e103503daa688be16dc8ffeb1f13674cf9d9adfac1d240a922826958c6408b4ced6371f56f521e234f89615ad8a7f41ece89

Download Submit
C:\Windows\System\WwHBovi.exe

Filesize
6.1MB

MD5
3b9d9b9125b5db6334bee5ab48487cfb

SHA1
7778a91703ae2ee7ce770d423020b3ce2570c11c

SHA256
2073986a965c011351ab40963ad17d9264171703b654922aa67af90bed86e130

SHA512
3cb3131c3aa3385ca1a060a0f6e2d400a078319467713fc42ff7ddf7bd8375ecc847b20089bf737cdc4738b2f5e46d87292ea84b06269203aee51f262d2fbcde

Download Submit
C:\Windows\System\XxrRIEM.exe

Filesize
6.1MB

MD5
e7388a017a7c054369f46ef109517757

SHA1
9c329affcd04f38ed76325d6f93e6256e4faaccf

SHA256
2876ba0b1d2bf93ebcd3b0114f533cea784244d8aa891d11f9d6a96cba58d3d4

SHA512
85b90da949d008621d15a78cba060af4a3bbed675a2ecb66fa3614a14652e3451dfb0ffd7a1ba4d66f752f1783586930029741346e49434198df276b0f17f2cf

Download Submit
C:\Windows\System\YwCAGxI.exe

Filesize
6.1MB

MD5
a527628218ef3b2321906d27d1178b51

SHA1
d323427384e5535c72a6841d037d243bb5ecdd8f

SHA256
00cbfdb401e5602b9a892c86aa79cb9d79afa8dcbb64876c64b86d174287af77

SHA512
ca9c41275df4a9d3131595e3e6180869020295df83865715c3fb44dbc8c4f256ea05923f329fe6c79702f62cbb602d3e7236b8fe8a95e89c66e6c60c334a91dd

Download Submit
C:\Windows\System\ZgfVLwH.exe

Filesize
6.1MB

MD5
62ac52f0d64ba38b8e342ca30e81c9cd

SHA1
ec32e8674ef9f125a578513f1c75a08a37fb49a4

SHA256
6b8e55ae9307bbfbc7d1f5dce49a7722d26fc3d16f5fdffcdef8f9e734b9d46d

SHA512
4ad8075c7662eb2c3a66c4a072d3fbbbe8ba8aabe8873c6b7478daddcc7cee7880d4c02afe9d46d71376678ccc4bcadb4d213c1c3c1dc7a15c91b71867b94a40

Download Submit
C:\Windows\System\gpwDADK.exe

Filesize
6.1MB

MD5
6e04fa77e6b6061defd8fea7f1b17d29

SHA1
63c503c3c4a2dbea0d38e030504b194eeee301bf

SHA256
2586fb94d204dc41cf1ceca97918e6f605be28a287e1c0011748b4c9c8756253

SHA512
6c5db07e7b9439c2fc9ed5913c0e9b48f923278f0b74f95c8c94027f3dfaebb54f560735d803d6210df8046006da88a9cf385c838bd0a312e88eee80f2b5d54e

Download Submit
C:\Windows\System\hFDUPGD.exe

Filesize
6.1MB

MD5
efe055346ea4c929ed5b6d5f53df6bf0

SHA1
4cdc01f370ed57ebe09293b059755a9be0a54a68

SHA256
dbbdf538b0f3d46f574b453f0e670326c9b547c0f677dafda2aee0501544191e

SHA512
b1e6ac6a7aafcea87228b9bccd3d2f1726562446827e5510339cca68acba89dc3806aab18f9a06be927a6699e650597b3fea94b6df7383339a84265e92dc3ba5

Download Submit
C:\Windows\System\mtJawZT.exe

Filesize
6.1MB

MD5
bdc30ff85b5275930ad72843788fbd27

SHA1
ee8a90684ed35aec29f4dd081940f820a9730434

SHA256
131f157fb203bd1910849c8e3cbbb8142f1b9261e477e349bec9adc383749e84

SHA512
8c7212e7396c3a7c1f0205bad45fc77781292f7c3bcd861e3fa8cf3ba629fa6c3e05477e88aa21dc5807eeffa89823cb10e9c2a304eb237a7c5764742e6aff11

Download Submit
C:\Windows\System\oLvOwzH.exe

Filesize
6.1MB

MD5
ada1c2b854d69a5a7e5f0b47e4b30f2c

SHA1
a5844c0662f788c8de60d465520f0fabd26f9df9

SHA256
a0e15dc57d41664e355f351abf2937762c27616457d0f2cf7b2c46ad8e4c7219

SHA512
1a536c259bcebcb2ae083f70e6dfa3b2dd5103dec6c22d952f76bc64560212b336dae4b0e10bdc2b3e4c6daaaf0dce25a387020cd32f5ce2e8fa60fae323f8a9

Download Submit
C:\Windows\System\pShmStI.exe

Filesize
6.1MB

MD5
e583c6ea42dd7afbb2c791823233c1f8

SHA1
7f36a21bc0515d87c91c372c4a531d221755fb9b

SHA256
346af60d2ea803e1b092f81d882f35fca7006f06322bfb81027d44e18c6b1fcb

SHA512
683cbacd3b7afb5dde46c4831a958b1c34acfe863810eb6f68b198efa774bfa4dd379765e69a2c539c197bd83b2b6c6803ae7db23cf642a2c8cc8251fa8b9e45

Download Submit
C:\Windows\System\rxDPnAm.exe

Filesize
6.1MB

MD5
6db70f44bdaf4055a7b47cafd5ff17e6

SHA1
9064a614d42c231a0cd58420a10cb67e9e4a4acd

SHA256
75e0a7ef3ad0277aac30ec8641da73b3eca0b0ddcf2f6166d17c62ef80f8510e

SHA512
90b9f419027f71b5762f6dd7cfc2263aafc55baeadbd01ed48a9d9914078630ca53bef6cd97dca3b561e6d890d5910d8fa9059eac340cdc93d466ccace8eae92

Download Submit
C:\Windows\System\tftuTQt.exe

Filesize
6.1MB

MD5
3eb76ffedab1f050c8c38d2da3947655

SHA1
0994cbea8ca98e9b23bafd90c465ccc98b6a905b

SHA256
d822c4223822633105804aea1c6dd6f19a29c6d6980735a627ae78fbf69251a1

SHA512
5b6c166480de985f42e7330d79a3cabe483d4c142e81956700799ae5d8ba4a8cc5b3a28c3b1d11b228728cdbee9b229c28fd0e4f82b27340675dbd75214dc115

Download Submit
C:\Windows\System\uhOxJYu.exe

Filesize
6.1MB

MD5
1631993d2e0a04c28cfd3839ad6200d1

SHA1
9cf9c65949ea0f81284032b01552cafd728d63e2

SHA256
264b4fbbd607c9eb13daf3ffe91631bbd84c71b67ab5311363f245dfcab5f665

SHA512
4b3b4f02b9f9fdfda8300447f1460cd16a863b8eb8452c5f9fdbcb9f169179697a64c3738592b74b6cf971e3f7fd9772f592f6bc6d06b4c3a1b764fa68700dbe

Download Submit
C:\Windows\System\ulxWsEl.exe

Filesize
6.1MB

MD5
c106029139ba2cfbef75acb06b374b09

SHA1
1fe07b6032dc734a728ef47f5f282cda75b77837

SHA256
668ac83f5e651f8a48a4bf8f428435b820b0d3ac7f48230747e7eae3591a13d7

SHA512
9d4449deb2e4604563abe72a3d3ca29eec8d0dceff74fea935cbcea5bf6a24d23ed8a214c12de70ac9b92541d01e43ecb6a061ae1beec63f571e9b8ed9e46ef1

Download Submit
C:\Windows\System\wEyHJsu.exe

Filesize
6.1MB

MD5
2ed1fba7d178e013ac7d5137c73e25b9

SHA1
1f2bc389bb59483059aecba0a7736beb6fd57450

SHA256
c2716f1b64e8b38367d2a75b12f80760198641ff06c8a950a0feeed67637da97

SHA512
698841e4a2fda4f66bb69e165909c483214d9230520dc4f0c672148ba39720eace4d88a2dc5ca3cdecf291ffad92b6be700d8323b3401a3327fac7f14f24463b

Download Submit
C:\Windows\System\wKQcTRc.exe

Filesize
6.1MB

MD5
d1f47033f94864fd9edeebe2a1620966

SHA1
94e821feeb7715c815cd7b3d040c87c9cdc39419

SHA256
009d01ae03a03cade7fcadfe5702d05201c01c29073c6bc5c8fbc1f86722832e

SHA512
01f00ccb57ecb4a4cffc3ea74d7c3eb385a89b4abb237e74be81c53bcfabd5b837474d9cb61695c5255b868dcb7cccf94d3d8e805677325a6fcb33aa365cfe3e

Download Submit
C:\Windows\System\wNISfWt.exe

Filesize
6.1MB

MD5
dc7f8b34929944533338f7512b6ab6d1

SHA1
a1ba424d7d8c7523d2f416b350d289f84be2dcbd

SHA256
2772e0409e60f72576b447f2fae9bc889298aa995d1127fcfce2d13591abad90

SHA512
368f10ba4eddaeb080a7ca47bfcda28f7714a45bf4d54acb8da9f5b6fea0ed1704242a9990770d24cd7c99de92a0120de36f16cbb49e08fad3e434663827dec6

Download Submit
C:\Windows\System\weYkvdh.exe

Filesize
6.1MB

MD5
c6904aa2fd285021182bc2b6fcd5b4ce

SHA1
11d16f605a1ad00ad428a439b0f37a7b4736025f

SHA256
4262ac8acd0c492b8cfaf543e160bb6ceb245415b68272d8b4245868b9e179ca

SHA512
66da591ee0c451a200d5c8aed89b074b9a85082d8f6248f3ebd3151cc5fc85a5a28c8496fcb248ab76fa31ef0acf6a00ce7ed7030ada5edfc5c85695632278b5

Download Submit
memory/380-157-0x00007FF76A470000-0x00007FF76A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/380-2177-0x00007FF76A470000-0x00007FF76A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/380-1691-0x00007FF76A470000-0x00007FF76A7C4000-memory.dmp

Filesize
3.3MB

Download
memory/412-76-0x00007FF671FD0000-0x00007FF672324000-memory.dmp

Filesize
3.3MB

Download
memory/412-2047-0x00007FF671FD0000-0x00007FF672324000-memory.dmp

Filesize
3.3MB

Download
memory/412-6-0x00007FF671FD0000-0x00007FF672324000-memory.dmp

Filesize
3.3MB

Download
memory/640-2118-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/640-156-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/640-88-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/1016-172-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp

Filesize
3.3MB

Download
memory/1016-102-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2138-0x00007FF7F9A00000-0x00007FF7F9D54000-memory.dmp

Filesize
3.3MB

Download
memory/1156-125-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2156-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp

Filesize
3.3MB

Download
memory/1156-193-0x00007FF7AF9C0000-0x00007FF7AFD14000-memory.dmp

Filesize
3.3MB

Download
memory/1400-71-0x00007FF6D49C0000-0x00007FF6D4D14000-memory.dmp

Filesize
3.3MB

Download
memory/1400-0-0x00007FF6D49C0000-0x00007FF6D4D14000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1-0x000002BC53EC0000-0x000002BC53ED0000-memory.dmp

Filesize
64KB

Download
memory/1568-135-0x00007FF754450000-0x00007FF7547A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-1434-0x00007FF754450000-0x00007FF7547A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2157-0x00007FF754450000-0x00007FF7547A4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-50-0x00007FF716890000-0x00007FF716BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-117-0x00007FF716890000-0x00007FF716BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2114-0x00007FF716890000-0x00007FF716BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-2187-0x00007FF6D4B20000-0x00007FF6D4E74000-memory.dmp

Filesize
3.3MB

Download
memory/1776-1796-0x00007FF6D4B20000-0x00007FF6D4E74000-memory.dmp

Filesize
3.3MB

Download
memory/1776-183-0x00007FF6D4B20000-0x00007FF6D4E74000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2182-0x00007FF674EE0000-0x00007FF675234000-memory.dmp

Filesize
3.3MB

Download
memory/1792-1795-0x00007FF674EE0000-0x00007FF675234000-memory.dmp

Filesize
3.3MB

Download
memory/1792-173-0x00007FF674EE0000-0x00007FF675234000-memory.dmp

Filesize
3.3MB

Download
memory/1796-144-0x00007FF7DDD10000-0x00007FF7DE064000-memory.dmp

Filesize
3.3MB

Download
memory/1796-1555-0x00007FF7DDD10000-0x00007FF7DE064000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2166-0x00007FF7DDD10000-0x00007FF7DE064000-memory.dmp

Filesize
3.3MB

Download
memory/1808-72-0x00007FF712670000-0x00007FF7129C4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2121-0x00007FF712670000-0x00007FF7129C4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-80-0x00007FF7D7300000-0x00007FF7D7654000-memory.dmp

Filesize
3.3MB

Download
memory/2056-22-0x00007FF7D7300000-0x00007FF7D7654000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2080-0x00007FF7D7300000-0x00007FF7D7654000-memory.dmp

Filesize
3.3MB

Download
memory/2228-95-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-165-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2129-0x00007FF6AFD70000-0x00007FF6B00C4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-109-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp

Filesize
3.3MB

Download
memory/2256-179-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2148-0x00007FF6926B0000-0x00007FF692A04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-143-0x00007FF628690000-0x00007FF6289E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-75-0x00007FF628690000-0x00007FF6289E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2128-0x00007FF628690000-0x00007FF6289E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2095-0x00007FF632DB0000-0x00007FF633104000-memory.dmp

Filesize
3.3MB

Download
memory/2712-81-0x00007FF632DB0000-0x00007FF633104000-memory.dmp

Filesize
3.3MB

Download
memory/2712-23-0x00007FF632DB0000-0x00007FF633104000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2164-0x00007FF625530000-0x00007FF625884000-memory.dmp

Filesize
3.3MB

Download
memory/2900-136-0x00007FF625530000-0x00007FF625884000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1494-0x00007FF625530000-0x00007FF625884000-memory.dmp

Filesize
3.3MB

Download
memory/3088-184-0x00007FF752220000-0x00007FF752574000-memory.dmp

Filesize
3.3MB

Download
memory/3088-119-0x00007FF752220000-0x00007FF752574000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2150-0x00007FF752220000-0x00007FF752574000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2085-0x00007FF623290000-0x00007FF6235E4000-memory.dmp

Filesize
3.3MB

Download
memory/3152-24-0x00007FF623290000-0x00007FF6235E4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-108-0x00007FF78F540000-0x00007FF78F894000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2111-0x00007FF78F540000-0x00007FF78F894000-memory.dmp

Filesize
3.3MB

Download
memory/3180-43-0x00007FF78F540000-0x00007FF78F894000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2125-0x00007FF745150000-0x00007FF7454A4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-149-0x00007FF745150000-0x00007FF7454A4000-memory.dmp

Filesize
3.3MB

Download
memory/3268-84-0x00007FF745150000-0x00007FF7454A4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2193-0x00007FF7E8300000-0x00007FF7E8654000-memory.dmp

Filesize
3.3MB

Download
memory/3528-194-0x00007FF7E8300000-0x00007FF7E8654000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1972-0x00007FF7E8300000-0x00007FF7E8654000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1752-0x00007FF761640000-0x00007FF761994000-memory.dmp

Filesize
3.3MB

Download
memory/4160-2179-0x00007FF761640000-0x00007FF761994000-memory.dmp

Filesize
3.3MB

Download
memory/4160-166-0x00007FF761640000-0x00007FF761994000-memory.dmp

Filesize
3.3MB

Download
memory/4540-60-0x00007FF62F960000-0x00007FF62FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2120-0x00007FF62F960000-0x00007FF62FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-132-0x00007FF62F960000-0x00007FF62FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2168-0x00007FF767450000-0x00007FF7677A4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-150-0x00007FF767450000-0x00007FF7677A4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-1621-0x00007FF767450000-0x00007FF7677A4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-32-0x00007FF7D1B20000-0x00007FF7D1E74000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2102-0x00007FF7D1B20000-0x00007FF7D1E74000-memory.dmp

Filesize
3.3MB

Download
memory/4688-94-0x00007FF7D1B20000-0x00007FF7D1E74000-memory.dmp

Filesize
3.3MB

Download
memory/4904-118-0x00007FF7BF480000-0x00007FF7BF7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2122-0x00007FF7BF480000-0x00007FF7BF7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-56-0x00007FF7BF480000-0x00007FF7BF7D4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-38-0x00007FF7AFC00000-0x00007FF7AFF54000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2107-0x00007FF7AFC00000-0x00007FF7AFF54000-memory.dmp

Filesize
3.3MB

Download
memory/5088-101-0x00007FF7AFC00000-0x00007FF7AFF54000-memory.dmp

Filesize
3.3MB

Download
memory/5108-1915-0x00007FF720F30000-0x00007FF721284000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2189-0x00007FF720F30000-0x00007FF721284000-memory.dmp

Filesize
3.3MB

Download
memory/5108-185-0x00007FF720F30000-0x00007FF721284000-memory.dmp

Filesize
3.3MB

Download