cobaltstrike | a5966f5cc44db4e677ecc703e17109a388d434ce2bdef006fdd53a907004ac5b

Analysis

max time kernel
124s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

c52a8dfc34c9afdf0a438c7c577a398f
SHA1

0d9c34e4bb3336abc0ee89be64c493f94844e84f
SHA256

a5966f5cc44db4e677ecc703e17109a388d434ce2bdef006fdd53a907004ac5b
SHA512

db3d40e260c8edfa0b7b50b239ae85ca653321818dd3420a69a0cddf911b0f82354f8b00dfc1c502d4ad3b843262882e6436992a9a33c48837b85beb614ed0d1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00080000000242c5-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ca-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242c9-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cb-23.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cc-29.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000242c6-40.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cd-47.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ce-49.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cf-52.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d0-62.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d1-72.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d6-92.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d7-97.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242df-140.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e1-150.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e4-161.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e6-172.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e7-179.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e5-168.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e3-159.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e2-155.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e0-145.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242de-132.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242dd-128.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242dc-125.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242db-117.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242da-112.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d9-107.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d8-102.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d5-90.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d4-88.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d3-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5716-0-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	xmrig
behavioral2/files/0x00080000000242c5-5.dat	xmrig
behavioral2/memory/4020-7-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ca-10.dat	xmrig
behavioral2/files/0x00070000000242c9-11.dat	xmrig
behavioral2/memory/3012-12-0x00007FF7B9DB0000-0x00007FF7BA104000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cb-23.dat	xmrig
behavioral2/memory/1392-18-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp	xmrig
behavioral2/memory/4076-24-0x00007FF673B00000-0x00007FF673E54000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cc-29.dat	xmrig
behavioral2/memory/1856-30-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp	xmrig
behavioral2/files/0x00080000000242c6-40.dat	xmrig
behavioral2/files/0x00070000000242cd-47.dat	xmrig
behavioral2/memory/1936-46-0x00007FF7852F0000-0x00007FF785644000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ce-49.dat	xmrig
behavioral2/files/0x00070000000242cf-52.dat	xmrig
behavioral2/files/0x00070000000242d0-62.dat	xmrig
behavioral2/memory/2276-61-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp	xmrig
behavioral2/memory/5716-60-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	xmrig
behavioral2/memory/5752-54-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp	xmrig
behavioral2/memory/4020-67-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d1-72.dat	xmrig
behavioral2/memory/4808-77-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp	xmrig
behavioral2/memory/1392-83-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d6-92.dat	xmrig
behavioral2/files/0x00070000000242d7-97.dat	xmrig
behavioral2/files/0x00070000000242df-140.dat	xmrig
behavioral2/files/0x00070000000242e1-150.dat	xmrig
behavioral2/files/0x00070000000242e4-161.dat	xmrig
behavioral2/files/0x00070000000242e6-172.dat	xmrig
behavioral2/memory/4832-596-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	xmrig
behavioral2/memory/4672-602-0x00007FF6B0590000-0x00007FF6B08E4000-memory.dmp	xmrig
behavioral2/memory/1872-605-0x00007FF63E550000-0x00007FF63E8A4000-memory.dmp	xmrig
behavioral2/memory/5080-610-0x00007FF6B1460000-0x00007FF6B17B4000-memory.dmp	xmrig
behavioral2/memory/4572-607-0x00007FF674A10000-0x00007FF674D64000-memory.dmp	xmrig
behavioral2/memory/1264-615-0x00007FF729370000-0x00007FF7296C4000-memory.dmp	xmrig
behavioral2/memory/1604-620-0x00007FF670870000-0x00007FF670BC4000-memory.dmp	xmrig
behavioral2/memory/1772-627-0x00007FF6DCF00000-0x00007FF6DD254000-memory.dmp	xmrig
behavioral2/memory/2420-624-0x00007FF6C5A10000-0x00007FF6C5D64000-memory.dmp	xmrig
behavioral2/memory/4880-623-0x00007FF602C90000-0x00007FF602FE4000-memory.dmp	xmrig
behavioral2/memory/1332-633-0x00007FF6C1DD0000-0x00007FF6C2124000-memory.dmp	xmrig
behavioral2/memory/4948-639-0x00007FF74A090000-0x00007FF74A3E4000-memory.dmp	xmrig
behavioral2/memory/4076-636-0x00007FF673B00000-0x00007FF673E54000-memory.dmp	xmrig
behavioral2/memory/1256-630-0x00007FF76F3D0000-0x00007FF76F724000-memory.dmp	xmrig
behavioral2/memory/5604-618-0x00007FF70D260000-0x00007FF70D5B4000-memory.dmp	xmrig
behavioral2/memory/5060-614-0x00007FF6F9670000-0x00007FF6F99C4000-memory.dmp	xmrig
behavioral2/memory/4444-609-0x00007FF7ABF80000-0x00007FF7AC2D4000-memory.dmp	xmrig
behavioral2/memory/1856-676-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp	xmrig
behavioral2/memory/4264-603-0x00007FF65EEB0000-0x00007FF65F204000-memory.dmp	xmrig
behavioral2/memory/752-736-0x00007FF70EA20000-0x00007FF70ED74000-memory.dmp	xmrig
behavioral2/memory/2144-792-0x00007FF694BE0000-0x00007FF694F34000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e7-179.dat	xmrig
behavioral2/memory/1936-858-0x00007FF7852F0000-0x00007FF785644000-memory.dmp	xmrig
behavioral2/memory/5752-930-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e5-168.dat	xmrig
behavioral2/memory/2276-991-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e3-159.dat	xmrig
behavioral2/files/0x00070000000242e2-155.dat	xmrig
behavioral2/memory/4680-1069-0x00007FF636920000-0x00007FF636C74000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e0-145.dat	xmrig
behavioral2/memory/4832-1137-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	xmrig
behavioral2/memory/4808-1134-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp	xmrig
behavioral2/files/0x00070000000242de-132.dat	xmrig
behavioral2/files/0x00070000000242dd-128.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4020	zBtUMda.exe
3012	YUVFzon.exe
1392	tTaDJfH.exe
4076	vdNNfXw.exe
1856	DOXGftc.exe
752	srWQAQQ.exe
2144	hUGgRBf.exe
1936	sAXeMUn.exe
5752	xFLmitn.exe
2276	SwHjPIi.exe
4680	EaseLdJ.exe
4808	suWwtfa.exe
4832	rMPXBvu.exe
4948	oUpEnXd.exe
4672	konjuVn.exe
4264	kozPAak.exe
1872	xnRcFVC.exe
4572	INRBHrw.exe
4444	GFZUSAC.exe
5080	sKCvEhu.exe
5060	PgKaAMs.exe
1264	zXohhxT.exe
5604	ceZrTya.exe
1604	wVDttYc.exe
4880	tAVznFj.exe
2420	rllwHqX.exe
1772	CxYeSFk.exe
1256	PAxsjXk.exe
1332	wKDRkou.exe
956	ORwMDaJ.exe
5780	zIUjIjg.exe
3064	ZSXluZw.exe
3808	SkbEyGE.exe
2588	ATOTPUa.exe
428	XiZASyu.exe
2948	LQEdjkd.exe
4644	yllHxII.exe
3764	CIYdWBy.exe
1376	yXZVYdF.exe
1048	RCSwvSM.exe
2016	EDvcgHQ.exe
4024	ycueIYy.exe
5680	WQswuZl.exe
3088	duqSWzU.exe
4236	BystrgY.exe
508	BpMFNJl.exe
1456	DMuNOsF.exe
5608	mycuZCW.exe
4380	dEIKDqI.exe
1336	MdFbCub.exe
2184	xhMmPCH.exe
5544	KtgjksI.exe
5152	BJWQkAz.exe
860	parVvmY.exe
5996	OGfemOw.exe
5792	czZuzMa.exe
5992	YxBkYbl.exe
5344	syaeppq.exe
1956	bLOwHUS.exe
3348	LvRaanw.exe
3260	KMXCRsg.exe
5488	ZrtPsEN.exe
4368	LHJDBjV.exe
2124	PCfFjBi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5716-0-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	upx
behavioral2/files/0x00080000000242c5-5.dat	upx
behavioral2/memory/4020-7-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp	upx
behavioral2/files/0x00070000000242ca-10.dat	upx
behavioral2/files/0x00070000000242c9-11.dat	upx
behavioral2/memory/3012-12-0x00007FF7B9DB0000-0x00007FF7BA104000-memory.dmp	upx
behavioral2/files/0x00070000000242cb-23.dat	upx
behavioral2/memory/1392-18-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp	upx
behavioral2/memory/4076-24-0x00007FF673B00000-0x00007FF673E54000-memory.dmp	upx
behavioral2/files/0x00070000000242cc-29.dat	upx
behavioral2/memory/1856-30-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp	upx
behavioral2/files/0x00080000000242c6-40.dat	upx
behavioral2/files/0x00070000000242cd-47.dat	upx
behavioral2/memory/1936-46-0x00007FF7852F0000-0x00007FF785644000-memory.dmp	upx
behavioral2/files/0x00070000000242ce-49.dat	upx
behavioral2/files/0x00070000000242cf-52.dat	upx
behavioral2/files/0x00070000000242d0-62.dat	upx
behavioral2/memory/2276-61-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp	upx
behavioral2/memory/5716-60-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	upx
behavioral2/memory/5752-54-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp	upx
behavioral2/memory/4020-67-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp	upx
behavioral2/files/0x00070000000242d1-72.dat	upx
behavioral2/memory/4808-77-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp	upx
behavioral2/memory/1392-83-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp	upx
behavioral2/files/0x00070000000242d6-92.dat	upx
behavioral2/files/0x00070000000242d7-97.dat	upx
behavioral2/files/0x00070000000242df-140.dat	upx
behavioral2/files/0x00070000000242e1-150.dat	upx
behavioral2/files/0x00070000000242e4-161.dat	upx
behavioral2/files/0x00070000000242e6-172.dat	upx
behavioral2/memory/4832-596-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	upx
behavioral2/memory/4672-602-0x00007FF6B0590000-0x00007FF6B08E4000-memory.dmp	upx
behavioral2/memory/1872-605-0x00007FF63E550000-0x00007FF63E8A4000-memory.dmp	upx
behavioral2/memory/5080-610-0x00007FF6B1460000-0x00007FF6B17B4000-memory.dmp	upx
behavioral2/memory/4572-607-0x00007FF674A10000-0x00007FF674D64000-memory.dmp	upx
behavioral2/memory/1264-615-0x00007FF729370000-0x00007FF7296C4000-memory.dmp	upx
behavioral2/memory/1604-620-0x00007FF670870000-0x00007FF670BC4000-memory.dmp	upx
behavioral2/memory/1772-627-0x00007FF6DCF00000-0x00007FF6DD254000-memory.dmp	upx
behavioral2/memory/2420-624-0x00007FF6C5A10000-0x00007FF6C5D64000-memory.dmp	upx
behavioral2/memory/4880-623-0x00007FF602C90000-0x00007FF602FE4000-memory.dmp	upx
behavioral2/memory/1332-633-0x00007FF6C1DD0000-0x00007FF6C2124000-memory.dmp	upx
behavioral2/memory/4948-639-0x00007FF74A090000-0x00007FF74A3E4000-memory.dmp	upx
behavioral2/memory/4076-636-0x00007FF673B00000-0x00007FF673E54000-memory.dmp	upx
behavioral2/memory/1256-630-0x00007FF76F3D0000-0x00007FF76F724000-memory.dmp	upx
behavioral2/memory/5604-618-0x00007FF70D260000-0x00007FF70D5B4000-memory.dmp	upx
behavioral2/memory/5060-614-0x00007FF6F9670000-0x00007FF6F99C4000-memory.dmp	upx
behavioral2/memory/4444-609-0x00007FF7ABF80000-0x00007FF7AC2D4000-memory.dmp	upx
behavioral2/memory/1856-676-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp	upx
behavioral2/memory/4264-603-0x00007FF65EEB0000-0x00007FF65F204000-memory.dmp	upx
behavioral2/memory/752-736-0x00007FF70EA20000-0x00007FF70ED74000-memory.dmp	upx
behavioral2/memory/2144-792-0x00007FF694BE0000-0x00007FF694F34000-memory.dmp	upx
behavioral2/files/0x00070000000242e7-179.dat	upx
behavioral2/memory/1936-858-0x00007FF7852F0000-0x00007FF785644000-memory.dmp	upx
behavioral2/memory/5752-930-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp	upx
behavioral2/files/0x00070000000242e5-168.dat	upx
behavioral2/memory/2276-991-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp	upx
behavioral2/files/0x00070000000242e3-159.dat	upx
behavioral2/files/0x00070000000242e2-155.dat	upx
behavioral2/memory/4680-1069-0x00007FF636920000-0x00007FF636C74000-memory.dmp	upx
behavioral2/files/0x00070000000242e0-145.dat	upx
behavioral2/memory/4832-1137-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp	upx
behavioral2/memory/4808-1134-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp	upx
behavioral2/files/0x00070000000242de-132.dat	upx
behavioral2/files/0x00070000000242dd-128.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hQlerOr.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bDUGuhF.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ESrMVmO.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oTPBjia.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MZdMJCu.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\smIvvAf.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FySnncC.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JRuhxHc.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rtiTpPz.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vdUFFpv.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eTKROon.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eAJvbgO.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UsgWEMa.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fXUBHQJ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nRDqZIU.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CVtKuYL.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QTqVFER.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xrcnaZp.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JRGFGiz.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\znWbgrh.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cwTTOdJ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bRkkhpf.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\afeMbWy.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NsDzedM.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aIdzoZi.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TAOKBVp.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SDoaCoL.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nBOUOhM.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FUbWoUR.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tLYgAgQ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iBhRxti.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ysoiIVk.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KlLwFHT.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GgkRkJD.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HmyuHoP.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PCfFjBi.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZzUqyGv.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mGHoLFd.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yOOsRec.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QrWwfag.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kVEpHoe.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zSnsoyj.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\unYtMhy.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NbLYGVI.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bczULTU.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oTpLpVh.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\phKzKES.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WwqeCTH.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aYApTaq.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pTsOiRD.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\moObREG.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sDHjJJS.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IiHblCn.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gxXXYJZ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DUBqkKQ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UVXHmZD.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CqefYBr.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BbqkfHs.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IRynetP.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GjaWsyZ.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VNgzAvn.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vqJpIRr.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RfMpvJi.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kAxVDdi.exe	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5716 wrote to memory of 4020	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5716 wrote to memory of 4020	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5716 wrote to memory of 3012	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5716 wrote to memory of 3012	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5716 wrote to memory of 1392	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5716 wrote to memory of 1392	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5716 wrote to memory of 4076	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5716 wrote to memory of 4076	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5716 wrote to memory of 1856	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5716 wrote to memory of 1856	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5716 wrote to memory of 752	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5716 wrote to memory of 752	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5716 wrote to memory of 2144	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5716 wrote to memory of 2144	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5716 wrote to memory of 1936	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5716 wrote to memory of 1936	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5716 wrote to memory of 5752	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5716 wrote to memory of 5752	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5716 wrote to memory of 2276	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5716 wrote to memory of 2276	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5716 wrote to memory of 4680	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5716 wrote to memory of 4680	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5716 wrote to memory of 4808	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5716 wrote to memory of 4808	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5716 wrote to memory of 4832	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5716 wrote to memory of 4832	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5716 wrote to memory of 4948	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5716 wrote to memory of 4948	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5716 wrote to memory of 4672	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5716 wrote to memory of 4672	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5716 wrote to memory of 4264	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5716 wrote to memory of 4264	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5716 wrote to memory of 1872	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5716 wrote to memory of 1872	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5716 wrote to memory of 4572	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5716 wrote to memory of 4572	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5716 wrote to memory of 4444	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5716 wrote to memory of 4444	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5716 wrote to memory of 5080	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5716 wrote to memory of 5080	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5716 wrote to memory of 5060	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5716 wrote to memory of 5060	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5716 wrote to memory of 1264	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5716 wrote to memory of 1264	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5716 wrote to memory of 5604	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5716 wrote to memory of 5604	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5716 wrote to memory of 1604	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5716 wrote to memory of 1604	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5716 wrote to memory of 4880	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5716 wrote to memory of 4880	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5716 wrote to memory of 2420	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5716 wrote to memory of 2420	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5716 wrote to memory of 1772	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5716 wrote to memory of 1772	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5716 wrote to memory of 1256	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5716 wrote to memory of 1256	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5716 wrote to memory of 1332	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5716 wrote to memory of 1332	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5716 wrote to memory of 956	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5716 wrote to memory of 956	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5716 wrote to memory of 5780	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5716 wrote to memory of 5780	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5716 wrote to memory of 3064	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5716 wrote to memory of 3064	5716	2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119

C:\Users\Admin\AppData\Local\Temp\2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_c52a8dfc34c9afdf0a438c7c577a398f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5716
- C:\Windows\System\zBtUMda.exe
  C:\Windows\System\zBtUMda.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\YUVFzon.exe
  C:\Windows\System\YUVFzon.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tTaDJfH.exe
  C:\Windows\System\tTaDJfH.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\vdNNfXw.exe
  C:\Windows\System\vdNNfXw.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\DOXGftc.exe
  C:\Windows\System\DOXGftc.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\srWQAQQ.exe
  C:\Windows\System\srWQAQQ.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\hUGgRBf.exe
  C:\Windows\System\hUGgRBf.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\sAXeMUn.exe
  C:\Windows\System\sAXeMUn.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\xFLmitn.exe
  C:\Windows\System\xFLmitn.exe
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System\SwHjPIi.exe
  C:\Windows\System\SwHjPIi.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\EaseLdJ.exe
  C:\Windows\System\EaseLdJ.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\suWwtfa.exe
  C:\Windows\System\suWwtfa.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\rMPXBvu.exe
  C:\Windows\System\rMPXBvu.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\oUpEnXd.exe
  C:\Windows\System\oUpEnXd.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\konjuVn.exe
  C:\Windows\System\konjuVn.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\kozPAak.exe
  C:\Windows\System\kozPAak.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\xnRcFVC.exe
  C:\Windows\System\xnRcFVC.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\INRBHrw.exe
  C:\Windows\System\INRBHrw.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\GFZUSAC.exe
  C:\Windows\System\GFZUSAC.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\sKCvEhu.exe
  C:\Windows\System\sKCvEhu.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\PgKaAMs.exe
  C:\Windows\System\PgKaAMs.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\zXohhxT.exe
  C:\Windows\System\zXohhxT.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ceZrTya.exe
  C:\Windows\System\ceZrTya.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System\wVDttYc.exe
  C:\Windows\System\wVDttYc.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tAVznFj.exe
  C:\Windows\System\tAVznFj.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\rllwHqX.exe
  C:\Windows\System\rllwHqX.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\CxYeSFk.exe
  C:\Windows\System\CxYeSFk.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\PAxsjXk.exe
  C:\Windows\System\PAxsjXk.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\wKDRkou.exe
  C:\Windows\System\wKDRkou.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\ORwMDaJ.exe
  C:\Windows\System\ORwMDaJ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\zIUjIjg.exe
  C:\Windows\System\zIUjIjg.exe
  2⤵
  - Executes dropped EXE
  PID:5780
- C:\Windows\System\ZSXluZw.exe
  C:\Windows\System\ZSXluZw.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\SkbEyGE.exe
  C:\Windows\System\SkbEyGE.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\ATOTPUa.exe
  C:\Windows\System\ATOTPUa.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\XiZASyu.exe
  C:\Windows\System\XiZASyu.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\LQEdjkd.exe
  C:\Windows\System\LQEdjkd.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\yllHxII.exe
  C:\Windows\System\yllHxII.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\CIYdWBy.exe
  C:\Windows\System\CIYdWBy.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\yXZVYdF.exe
  C:\Windows\System\yXZVYdF.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\RCSwvSM.exe
  C:\Windows\System\RCSwvSM.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\EDvcgHQ.exe
  C:\Windows\System\EDvcgHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ycueIYy.exe
  C:\Windows\System\ycueIYy.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\WQswuZl.exe
  C:\Windows\System\WQswuZl.exe
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Windows\System\duqSWzU.exe
  C:\Windows\System\duqSWzU.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\BystrgY.exe
  C:\Windows\System\BystrgY.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\BpMFNJl.exe
  C:\Windows\System\BpMFNJl.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\DMuNOsF.exe
  C:\Windows\System\DMuNOsF.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\mycuZCW.exe
  C:\Windows\System\mycuZCW.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\dEIKDqI.exe
  C:\Windows\System\dEIKDqI.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\MdFbCub.exe
  C:\Windows\System\MdFbCub.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\xhMmPCH.exe
  C:\Windows\System\xhMmPCH.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\KtgjksI.exe
  C:\Windows\System\KtgjksI.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\BJWQkAz.exe
  C:\Windows\System\BJWQkAz.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\parVvmY.exe
  C:\Windows\System\parVvmY.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\OGfemOw.exe
  C:\Windows\System\OGfemOw.exe
  2⤵
  - Executes dropped EXE
  PID:5996
- C:\Windows\System\czZuzMa.exe
  C:\Windows\System\czZuzMa.exe
  2⤵
  - Executes dropped EXE
  PID:5792
- C:\Windows\System\YxBkYbl.exe
  C:\Windows\System\YxBkYbl.exe
  2⤵
  - Executes dropped EXE
  PID:5992
- C:\Windows\System\syaeppq.exe
  C:\Windows\System\syaeppq.exe
  2⤵
  - Executes dropped EXE
  PID:5344
- C:\Windows\System\bLOwHUS.exe
  C:\Windows\System\bLOwHUS.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\LvRaanw.exe
  C:\Windows\System\LvRaanw.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\KMXCRsg.exe
  C:\Windows\System\KMXCRsg.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\ZrtPsEN.exe
  C:\Windows\System\ZrtPsEN.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\LHJDBjV.exe
  C:\Windows\System\LHJDBjV.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\PCfFjBi.exe
  C:\Windows\System\PCfFjBi.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\PglyRJO.exe
  C:\Windows\System\PglyRJO.exe
  2⤵
  PID:4912
- C:\Windows\System\BNewpbH.exe
  C:\Windows\System\BNewpbH.exe
  2⤵
  PID:972
- C:\Windows\System\FbPlWDw.exe
  C:\Windows\System\FbPlWDw.exe
  2⤵
  PID:5364
- C:\Windows\System\ihdHfnS.exe
  C:\Windows\System\ihdHfnS.exe
  2⤵
  PID:5600
- C:\Windows\System\pIEmIps.exe
  C:\Windows\System\pIEmIps.exe
  2⤵
  PID:3920
- C:\Windows\System\iOxtBTP.exe
  C:\Windows\System\iOxtBTP.exe
  2⤵
  PID:1968
- C:\Windows\System\AGcQaLE.exe
  C:\Windows\System\AGcQaLE.exe
  2⤵
  PID:5916
- C:\Windows\System\kYyDPvV.exe
  C:\Windows\System\kYyDPvV.exe
  2⤵
  PID:5436
- C:\Windows\System\SkkCfDq.exe
  C:\Windows\System\SkkCfDq.exe
  2⤵
  PID:552
- C:\Windows\System\TPJwinp.exe
  C:\Windows\System\TPJwinp.exe
  2⤵
  PID:5648
- C:\Windows\System\ZejQnjJ.exe
  C:\Windows\System\ZejQnjJ.exe
  2⤵
  PID:4464
- C:\Windows\System\cTOaSHV.exe
  C:\Windows\System\cTOaSHV.exe
  2⤵
  PID:1768
- C:\Windows\System\oRcGNsw.exe
  C:\Windows\System\oRcGNsw.exe
  2⤵
  PID:3344
- C:\Windows\System\mBUmwCl.exe
  C:\Windows\System\mBUmwCl.exe
  2⤵
  PID:6124
- C:\Windows\System\yQArOvo.exe
  C:\Windows\System\yQArOvo.exe
  2⤵
  PID:392
- C:\Windows\System\fChZfxb.exe
  C:\Windows\System\fChZfxb.exe
  2⤵
  PID:636
- C:\Windows\System\sIPlwQL.exe
  C:\Windows\System\sIPlwQL.exe
  2⤵
  PID:1620
- C:\Windows\System\KVGAmFy.exe
  C:\Windows\System\KVGAmFy.exe
  2⤵
  PID:4400
- C:\Windows\System\bRkkhpf.exe
  C:\Windows\System\bRkkhpf.exe
  2⤵
  PID:2976
- C:\Windows\System\hyBTIvG.exe
  C:\Windows\System\hyBTIvG.exe
  2⤵
  PID:3912
- C:\Windows\System\xUmdQXu.exe
  C:\Windows\System\xUmdQXu.exe
  2⤵
  PID:3068
- C:\Windows\System\kQdpcKq.exe
  C:\Windows\System\kQdpcKq.exe
  2⤵
  PID:3516
- C:\Windows\System\zQOjbox.exe
  C:\Windows\System\zQOjbox.exe
  2⤵
  PID:5860
- C:\Windows\System\GjaWsyZ.exe
  C:\Windows\System\GjaWsyZ.exe
  2⤵
  PID:4960
- C:\Windows\System\jiBHAqu.exe
  C:\Windows\System\jiBHAqu.exe
  2⤵
  PID:4456
- C:\Windows\System\SbRDmpt.exe
  C:\Windows\System\SbRDmpt.exe
  2⤵
  PID:1308
- C:\Windows\System\OoTWMmX.exe
  C:\Windows\System\OoTWMmX.exe
  2⤵
  PID:2424
- C:\Windows\System\bozLeDV.exe
  C:\Windows\System\bozLeDV.exe
  2⤵
  PID:2392
- C:\Windows\System\ymcUUIK.exe
  C:\Windows\System\ymcUUIK.exe
  2⤵
  PID:2448
- C:\Windows\System\VpZPiuO.exe
  C:\Windows\System\VpZPiuO.exe
  2⤵
  PID:5952
- C:\Windows\System\wuGCesx.exe
  C:\Windows\System\wuGCesx.exe
  2⤵
  PID:3152
- C:\Windows\System\oeAHpiZ.exe
  C:\Windows\System\oeAHpiZ.exe
  2⤵
  PID:5104
- C:\Windows\System\KJcOktr.exe
  C:\Windows\System\KJcOktr.exe
  2⤵
  PID:1576
- C:\Windows\System\qbpgHvp.exe
  C:\Windows\System\qbpgHvp.exe
  2⤵
  PID:3352
- C:\Windows\System\RKYFBWe.exe
  C:\Windows\System\RKYFBWe.exe
  2⤵
  PID:3684
- C:\Windows\System\DLRANoh.exe
  C:\Windows\System\DLRANoh.exe
  2⤵
  PID:3296
- C:\Windows\System\zEhjiSN.exe
  C:\Windows\System\zEhjiSN.exe
  2⤵
  PID:4176
- C:\Windows\System\VNgzAvn.exe
  C:\Windows\System\VNgzAvn.exe
  2⤵
  PID:2044
- C:\Windows\System\rSSklJa.exe
  C:\Windows\System\rSSklJa.exe
  2⤵
  PID:6096
- C:\Windows\System\HpLeUtK.exe
  C:\Windows\System\HpLeUtK.exe
  2⤵
  PID:4596
- C:\Windows\System\IiHblCn.exe
  C:\Windows\System\IiHblCn.exe
  2⤵
  PID:3092
- C:\Windows\System\iEVzvhK.exe
  C:\Windows\System\iEVzvhK.exe
  2⤵
  PID:6080
- C:\Windows\System\zoHfThF.exe
  C:\Windows\System\zoHfThF.exe
  2⤵
  PID:5764
- C:\Windows\System\MwdDqIv.exe
  C:\Windows\System\MwdDqIv.exe
  2⤵
  PID:6104
- C:\Windows\System\HSUeFtR.exe
  C:\Windows\System\HSUeFtR.exe
  2⤵
  PID:5556
- C:\Windows\System\eLpuxqI.exe
  C:\Windows\System\eLpuxqI.exe
  2⤵
  PID:1948
- C:\Windows\System\auQSwqV.exe
  C:\Windows\System\auQSwqV.exe
  2⤵
  PID:5596
- C:\Windows\System\lhKgxra.exe
  C:\Windows\System\lhKgxra.exe
  2⤵
  PID:3900
- C:\Windows\System\gfPoLUK.exe
  C:\Windows\System\gfPoLUK.exe
  2⤵
  PID:4232
- C:\Windows\System\gksTHYA.exe
  C:\Windows\System\gksTHYA.exe
  2⤵
  PID:1820
- C:\Windows\System\zZmstkD.exe
  C:\Windows\System\zZmstkD.exe
  2⤵
  PID:1100
- C:\Windows\System\EHhbqtS.exe
  C:\Windows\System\EHhbqtS.exe
  2⤵
  PID:1844
- C:\Windows\System\KGizNoa.exe
  C:\Windows\System\KGizNoa.exe
  2⤵
  PID:5828
- C:\Windows\System\TqFGDed.exe
  C:\Windows\System\TqFGDed.exe
  2⤵
  PID:3636
- C:\Windows\System\QgLIORO.exe
  C:\Windows\System\QgLIORO.exe
  2⤵
  PID:5908
- C:\Windows\System\YVWgEjO.exe
  C:\Windows\System\YVWgEjO.exe
  2⤵
  PID:4548
- C:\Windows\System\gPcjHuc.exe
  C:\Windows\System\gPcjHuc.exe
  2⤵
  PID:892
- C:\Windows\System\UJGBViM.exe
  C:\Windows\System\UJGBViM.exe
  2⤵
  PID:5052
- C:\Windows\System\HQdQFcW.exe
  C:\Windows\System\HQdQFcW.exe
  2⤵
  PID:5112
- C:\Windows\System\WYSskVF.exe
  C:\Windows\System\WYSskVF.exe
  2⤵
  PID:5592
- C:\Windows\System\GzajTYo.exe
  C:\Windows\System\GzajTYo.exe
  2⤵
  PID:2076
- C:\Windows\System\CAtUHlu.exe
  C:\Windows\System\CAtUHlu.exe
  2⤵
  PID:5092
- C:\Windows\System\RrIQsjw.exe
  C:\Windows\System\RrIQsjw.exe
  2⤵
  PID:3544
- C:\Windows\System\JukuikE.exe
  C:\Windows\System\JukuikE.exe
  2⤵
  PID:5136
- C:\Windows\System\szgZlXu.exe
  C:\Windows\System\szgZlXu.exe
  2⤵
  PID:5888
- C:\Windows\System\sIvKtes.exe
  C:\Windows\System\sIvKtes.exe
  2⤵
  PID:5196
- C:\Windows\System\ymoncHj.exe
  C:\Windows\System\ymoncHj.exe
  2⤵
  PID:5356
- C:\Windows\System\OCqbLij.exe
  C:\Windows\System\OCqbLij.exe
  2⤵
  PID:212
- C:\Windows\System\NhJdGNX.exe
  C:\Windows\System\NhJdGNX.exe
  2⤵
  PID:1616
- C:\Windows\System\meKPlli.exe
  C:\Windows\System\meKPlli.exe
  2⤵
  PID:5524
- C:\Windows\System\kVEpHoe.exe
  C:\Windows\System\kVEpHoe.exe
  2⤵
  PID:4200
- C:\Windows\System\kPRjOTW.exe
  C:\Windows\System\kPRjOTW.exe
  2⤵
  PID:3972
- C:\Windows\System\cfbTsQg.exe
  C:\Windows\System\cfbTsQg.exe
  2⤵
  PID:2532
- C:\Windows\System\jtkGRmZ.exe
  C:\Windows\System\jtkGRmZ.exe
  2⤵
  PID:5272
- C:\Windows\System\FjGHpRu.exe
  C:\Windows\System\FjGHpRu.exe
  2⤵
  PID:2684
- C:\Windows\System\BJXalio.exe
  C:\Windows\System\BJXalio.exe
  2⤵
  PID:4652
- C:\Windows\System\UNqRNtY.exe
  C:\Windows\System\UNqRNtY.exe
  2⤵
  PID:2528
- C:\Windows\System\ysoiIVk.exe
  C:\Windows\System\ysoiIVk.exe
  2⤵
  PID:6184
- C:\Windows\System\WsfRVwC.exe
  C:\Windows\System\WsfRVwC.exe
  2⤵
  PID:6212
- C:\Windows\System\IqHLMpg.exe
  C:\Windows\System\IqHLMpg.exe
  2⤵
  PID:6228
- C:\Windows\System\FSjPphf.exe
  C:\Windows\System\FSjPphf.exe
  2⤵
  PID:6256
- C:\Windows\System\YzjTBAa.exe
  C:\Windows\System\YzjTBAa.exe
  2⤵
  PID:6284
- C:\Windows\System\nowQZff.exe
  C:\Windows\System\nowQZff.exe
  2⤵
  PID:6312
- C:\Windows\System\afeMbWy.exe
  C:\Windows\System\afeMbWy.exe
  2⤵
  PID:6340
- C:\Windows\System\qnqohRG.exe
  C:\Windows\System\qnqohRG.exe
  2⤵
  PID:6368
- C:\Windows\System\jebLmel.exe
  C:\Windows\System\jebLmel.exe
  2⤵
  PID:6396
- C:\Windows\System\oKZtyRr.exe
  C:\Windows\System\oKZtyRr.exe
  2⤵
  PID:6424
- C:\Windows\System\ntGiDRU.exe
  C:\Windows\System\ntGiDRU.exe
  2⤵
  PID:6452
- C:\Windows\System\GoCxbnp.exe
  C:\Windows\System\GoCxbnp.exe
  2⤵
  PID:6480
- C:\Windows\System\RgUxDhR.exe
  C:\Windows\System\RgUxDhR.exe
  2⤵
  PID:6508
- C:\Windows\System\pSDReFM.exe
  C:\Windows\System\pSDReFM.exe
  2⤵
  PID:6536
- C:\Windows\System\gxXXYJZ.exe
  C:\Windows\System\gxXXYJZ.exe
  2⤵
  PID:6552
- C:\Windows\System\EQlHwxF.exe
  C:\Windows\System\EQlHwxF.exe
  2⤵
  PID:6580
- C:\Windows\System\RrobYgX.exe
  C:\Windows\System\RrobYgX.exe
  2⤵
  PID:6608
- C:\Windows\System\ztTIrYy.exe
  C:\Windows\System\ztTIrYy.exe
  2⤵
  PID:6660
- C:\Windows\System\fsOgpkc.exe
  C:\Windows\System\fsOgpkc.exe
  2⤵
  PID:6688
- C:\Windows\System\ESMiWHp.exe
  C:\Windows\System\ESMiWHp.exe
  2⤵
  PID:6704
- C:\Windows\System\TGEktbJ.exe
  C:\Windows\System\TGEktbJ.exe
  2⤵
  PID:6732
- C:\Windows\System\bncZibQ.exe
  C:\Windows\System\bncZibQ.exe
  2⤵
  PID:6756
- C:\Windows\System\IGcJyex.exe
  C:\Windows\System\IGcJyex.exe
  2⤵
  PID:6784
- C:\Windows\System\bDPiRtt.exe
  C:\Windows\System\bDPiRtt.exe
  2⤵
  PID:6804
- C:\Windows\System\BXuuKMY.exe
  C:\Windows\System\BXuuKMY.exe
  2⤵
  PID:6844
- C:\Windows\System\qlykdXw.exe
  C:\Windows\System\qlykdXw.exe
  2⤵
  PID:6872
- C:\Windows\System\IwhIRZC.exe
  C:\Windows\System\IwhIRZC.exe
  2⤵
  PID:6900
- C:\Windows\System\ZGVbNcx.exe
  C:\Windows\System\ZGVbNcx.exe
  2⤵
  PID:6940
- C:\Windows\System\iXbgHjT.exe
  C:\Windows\System\iXbgHjT.exe
  2⤵
  PID:6960
- C:\Windows\System\nvGRNeY.exe
  C:\Windows\System\nvGRNeY.exe
  2⤵
  PID:6984
- C:\Windows\System\YuiqFkC.exe
  C:\Windows\System\YuiqFkC.exe
  2⤵
  PID:7000
- C:\Windows\System\hZjuUnY.exe
  C:\Windows\System\hZjuUnY.exe
  2⤵
  PID:7028
- C:\Windows\System\xCddouI.exe
  C:\Windows\System\xCddouI.exe
  2⤵
  PID:7084
- C:\Windows\System\OVsoxKw.exe
  C:\Windows\System\OVsoxKw.exe
  2⤵
  PID:7120
- C:\Windows\System\eSRqTdx.exe
  C:\Windows\System\eSRqTdx.exe
  2⤵
  PID:4668
- C:\Windows\System\hfBDmlR.exe
  C:\Windows\System\hfBDmlR.exe
  2⤵
  PID:1512
- C:\Windows\System\KlLwFHT.exe
  C:\Windows\System\KlLwFHT.exe
  2⤵
  PID:5804
- C:\Windows\System\BffenqW.exe
  C:\Windows\System\BffenqW.exe
  2⤵
  PID:6176
- C:\Windows\System\SOPinIY.exe
  C:\Windows\System\SOPinIY.exe
  2⤵
  PID:6272
- C:\Windows\System\feSRKaU.exe
  C:\Windows\System\feSRKaU.exe
  2⤵
  PID:6380
- C:\Windows\System\WuooLqS.exe
  C:\Windows\System\WuooLqS.exe
  2⤵
  PID:6564
- C:\Windows\System\DihdMbd.exe
  C:\Windows\System\DihdMbd.exe
  2⤵
  PID:4676
- C:\Windows\System\nmASeeM.exe
  C:\Windows\System\nmASeeM.exe
  2⤵
  PID:6720
- C:\Windows\System\JWgwuQs.exe
  C:\Windows\System\JWgwuQs.exe
  2⤵
  PID:6860
- C:\Windows\System\OsZnysF.exe
  C:\Windows\System\OsZnysF.exe
  2⤵
  PID:6928
- C:\Windows\System\xilrcZw.exe
  C:\Windows\System\xilrcZw.exe
  2⤵
  PID:6980
- C:\Windows\System\CRWPqcJ.exe
  C:\Windows\System\CRWPqcJ.exe
  2⤵
  PID:5980
- C:\Windows\System\ZJZvHBx.exe
  C:\Windows\System\ZJZvHBx.exe
  2⤵
  PID:1960
- C:\Windows\System\FOnTJYv.exe
  C:\Windows\System\FOnTJYv.exe
  2⤵
  PID:4616
- C:\Windows\System\EEOaTGM.exe
  C:\Windows\System\EEOaTGM.exe
  2⤵
  PID:7064
- C:\Windows\System\EOyzqck.exe
  C:\Windows\System\EOyzqck.exe
  2⤵
  PID:4980
- C:\Windows\System\yntVMlX.exe
  C:\Windows\System\yntVMlX.exe
  2⤵
  PID:7080
- C:\Windows\System\KSwlFKg.exe
  C:\Windows\System\KSwlFKg.exe
  2⤵
  PID:7136
- C:\Windows\System\RGSBvBc.exe
  C:\Windows\System\RGSBvBc.exe
  2⤵
  PID:648
- C:\Windows\System\QTqVFER.exe
  C:\Windows\System\QTqVFER.exe
  2⤵
  PID:4108
- C:\Windows\System\JRuhxHc.exe
  C:\Windows\System\JRuhxHc.exe
  2⤵
  PID:6224
- C:\Windows\System\qGpHUVu.exe
  C:\Windows\System\qGpHUVu.exe
  2⤵
  PID:1652
- C:\Windows\System\twTMjHc.exe
  C:\Windows\System\twTMjHc.exe
  2⤵
  PID:6352
- C:\Windows\System\OkhjyXN.exe
  C:\Windows\System\OkhjyXN.exe
  2⤵
  PID:4932
- C:\Windows\System\grkawrm.exe
  C:\Windows\System\grkawrm.exe
  2⤵
  PID:5032
- C:\Windows\System\uFTfRjA.exe
  C:\Windows\System\uFTfRjA.exe
  2⤵
  PID:6716
- C:\Windows\System\YUQlTUa.exe
  C:\Windows\System\YUQlTUa.exe
  2⤵
  PID:6896
- C:\Windows\System\boLzgPj.exe
  C:\Windows\System\boLzgPj.exe
  2⤵
  PID:6996
- C:\Windows\System\yzLfGvi.exe
  C:\Windows\System\yzLfGvi.exe
  2⤵
  PID:7076
- C:\Windows\System\vTDrqag.exe
  C:\Windows\System\vTDrqag.exe
  2⤵
  PID:5004
- C:\Windows\System\axIkLAr.exe
  C:\Windows\System\axIkLAr.exe
  2⤵
  PID:3992
- C:\Windows\System\ptaduxI.exe
  C:\Windows\System\ptaduxI.exe
  2⤵
  PID:6548
- C:\Windows\System\msZjulA.exe
  C:\Windows\System\msZjulA.exe
  2⤵
  PID:4936
- C:\Windows\System\IYEpqrU.exe
  C:\Windows\System\IYEpqrU.exe
  2⤵
  PID:64
- C:\Windows\System\mGHoLFd.exe
  C:\Windows\System\mGHoLFd.exe
  2⤵
  PID:6976
- C:\Windows\System\xEerpNO.exe
  C:\Windows\System\xEerpNO.exe
  2⤵
  PID:7172
- C:\Windows\System\iwCSoZc.exe
  C:\Windows\System\iwCSoZc.exe
  2⤵
  PID:7208
- C:\Windows\System\KsoyXFt.exe
  C:\Windows\System\KsoyXFt.exe
  2⤵
  PID:7244
- C:\Windows\System\BwiodQy.exe
  C:\Windows\System\BwiodQy.exe
  2⤵
  PID:7276
- C:\Windows\System\wddFowu.exe
  C:\Windows\System\wddFowu.exe
  2⤵
  PID:7300
- C:\Windows\System\GbuwFqJ.exe
  C:\Windows\System\GbuwFqJ.exe
  2⤵
  PID:7332
- C:\Windows\System\rIsLsxH.exe
  C:\Windows\System\rIsLsxH.exe
  2⤵
  PID:7360
- C:\Windows\System\vGLMGwP.exe
  C:\Windows\System\vGLMGwP.exe
  2⤵
  PID:7392
- C:\Windows\System\zzmlKyl.exe
  C:\Windows\System\zzmlKyl.exe
  2⤵
  PID:7416
- C:\Windows\System\Qxbtmyu.exe
  C:\Windows\System\Qxbtmyu.exe
  2⤵
  PID:7444
- C:\Windows\System\KFihmFc.exe
  C:\Windows\System\KFihmFc.exe
  2⤵
  PID:7476
- C:\Windows\System\XARCLSk.exe
  C:\Windows\System\XARCLSk.exe
  2⤵
  PID:7512
- C:\Windows\System\EUjYGSd.exe
  C:\Windows\System\EUjYGSd.exe
  2⤵
  PID:7540
- C:\Windows\System\WlODuQk.exe
  C:\Windows\System\WlODuQk.exe
  2⤵
  PID:7568
- C:\Windows\System\fYnAQXU.exe
  C:\Windows\System\fYnAQXU.exe
  2⤵
  PID:7596
- C:\Windows\System\nPXsDME.exe
  C:\Windows\System\nPXsDME.exe
  2⤵
  PID:7628
- C:\Windows\System\WpBXeQZ.exe
  C:\Windows\System\WpBXeQZ.exe
  2⤵
  PID:7656
- C:\Windows\System\GgkRkJD.exe
  C:\Windows\System\GgkRkJD.exe
  2⤵
  PID:7692
- C:\Windows\System\qSeDari.exe
  C:\Windows\System\qSeDari.exe
  2⤵
  PID:7744
- C:\Windows\System\FUbWoUR.exe
  C:\Windows\System\FUbWoUR.exe
  2⤵
  PID:7796
- C:\Windows\System\IwSmwtQ.exe
  C:\Windows\System\IwSmwtQ.exe
  2⤵
  PID:7836
- C:\Windows\System\vqJpIRr.exe
  C:\Windows\System\vqJpIRr.exe
  2⤵
  PID:7880
- C:\Windows\System\IdONcSr.exe
  C:\Windows\System\IdONcSr.exe
  2⤵
  PID:7960
- C:\Windows\System\KFxvwDI.exe
  C:\Windows\System\KFxvwDI.exe
  2⤵
  PID:8000
- C:\Windows\System\ltFyfTW.exe
  C:\Windows\System\ltFyfTW.exe
  2⤵
  PID:8040
- C:\Windows\System\pHeyAmq.exe
  C:\Windows\System\pHeyAmq.exe
  2⤵
  PID:8076
- C:\Windows\System\QFaFWFY.exe
  C:\Windows\System\QFaFWFY.exe
  2⤵
  PID:8120
- C:\Windows\System\XtOIYJn.exe
  C:\Windows\System\XtOIYJn.exe
  2⤵
  PID:8144
- C:\Windows\System\GfjMZjl.exe
  C:\Windows\System\GfjMZjl.exe
  2⤵
  PID:8168
- C:\Windows\System\LgsrdYo.exe
  C:\Windows\System\LgsrdYo.exe
  2⤵
  PID:7196
- C:\Windows\System\MBCIILg.exe
  C:\Windows\System\MBCIILg.exe
  2⤵
  PID:7268
- C:\Windows\System\JERXDoD.exe
  C:\Windows\System\JERXDoD.exe
  2⤵
  PID:7328
- C:\Windows\System\ZWzCLOy.exe
  C:\Windows\System\ZWzCLOy.exe
  2⤵
  PID:7384
- C:\Windows\System\rtiTpPz.exe
  C:\Windows\System\rtiTpPz.exe
  2⤵
  PID:7432
- C:\Windows\System\nmaVNAM.exe
  C:\Windows\System\nmaVNAM.exe
  2⤵
  PID:7500
- C:\Windows\System\nwRjOEL.exe
  C:\Windows\System\nwRjOEL.exe
  2⤵
  PID:7576
- C:\Windows\System\FhVvFJp.exe
  C:\Windows\System\FhVvFJp.exe
  2⤵
  PID:7616
- C:\Windows\System\QdPugIT.exe
  C:\Windows\System\QdPugIT.exe
  2⤵
  PID:7704
- C:\Windows\System\bNJpQvp.exe
  C:\Windows\System\bNJpQvp.exe
  2⤵
  PID:7812
- C:\Windows\System\DUBqkKQ.exe
  C:\Windows\System\DUBqkKQ.exe
  2⤵
  PID:7948
- C:\Windows\System\LvTorLt.exe
  C:\Windows\System\LvTorLt.exe
  2⤵
  PID:7996
- C:\Windows\System\jFJLLLx.exe
  C:\Windows\System\jFJLLLx.exe
  2⤵
  PID:8068
- C:\Windows\System\IgPUCWs.exe
  C:\Windows\System\IgPUCWs.exe
  2⤵
  PID:8160
- C:\Windows\System\MCVRoAT.exe
  C:\Windows\System\MCVRoAT.exe
  2⤵
  PID:7236
- C:\Windows\System\RgnEcFy.exe
  C:\Windows\System\RgnEcFy.exe
  2⤵
  PID:7356
- C:\Windows\System\NsDzedM.exe
  C:\Windows\System\NsDzedM.exe
  2⤵
  PID:7460
- C:\Windows\System\ELpfjLx.exe
  C:\Windows\System\ELpfjLx.exe
  2⤵
  PID:7640
- C:\Windows\System\PmIbHab.exe
  C:\Windows\System\PmIbHab.exe
  2⤵
  PID:7856
- C:\Windows\System\adMQrVQ.exe
  C:\Windows\System\adMQrVQ.exe
  2⤵
  PID:8048
- C:\Windows\System\PMvTWRL.exe
  C:\Windows\System\PMvTWRL.exe
  2⤵
  PID:3944
- C:\Windows\System\YWnVyHV.exe
  C:\Windows\System\YWnVyHV.exe
  2⤵
  PID:7412
- C:\Windows\System\HYTtBmx.exe
  C:\Windows\System\HYTtBmx.exe
  2⤵
  PID:7740
- C:\Windows\System\UsgWEMa.exe
  C:\Windows\System\UsgWEMa.exe
  2⤵
  PID:7352
- C:\Windows\System\xrcnaZp.exe
  C:\Windows\System\xrcnaZp.exe
  2⤵
  PID:8132
- C:\Windows\System\cwubDUk.exe
  C:\Windows\System\cwubDUk.exe
  2⤵
  PID:6220
- C:\Windows\System\bfnKPrX.exe
  C:\Windows\System\bfnKPrX.exe
  2⤵
  PID:8220
- C:\Windows\System\PXZfajH.exe
  C:\Windows\System\PXZfajH.exe
  2⤵
  PID:8248
- C:\Windows\System\IwpFlyL.exe
  C:\Windows\System\IwpFlyL.exe
  2⤵
  PID:8276
- C:\Windows\System\tCHfYex.exe
  C:\Windows\System\tCHfYex.exe
  2⤵
  PID:8304
- C:\Windows\System\gLzZxGt.exe
  C:\Windows\System\gLzZxGt.exe
  2⤵
  PID:8336
- C:\Windows\System\RThDxZp.exe
  C:\Windows\System\RThDxZp.exe
  2⤵
  PID:8368
- C:\Windows\System\VDpYmHV.exe
  C:\Windows\System\VDpYmHV.exe
  2⤵
  PID:8392
- C:\Windows\System\fHFDoPE.exe
  C:\Windows\System\fHFDoPE.exe
  2⤵
  PID:8416
- C:\Windows\System\IqDwBcA.exe
  C:\Windows\System\IqDwBcA.exe
  2⤵
  PID:8448
- C:\Windows\System\tmgAXiO.exe
  C:\Windows\System\tmgAXiO.exe
  2⤵
  PID:8476
- C:\Windows\System\iMijjxU.exe
  C:\Windows\System\iMijjxU.exe
  2⤵
  PID:8504
- C:\Windows\System\bDnkbSM.exe
  C:\Windows\System\bDnkbSM.exe
  2⤵
  PID:8532
- C:\Windows\System\UjdpuKR.exe
  C:\Windows\System\UjdpuKR.exe
  2⤵
  PID:8568
- C:\Windows\System\fMwwiMe.exe
  C:\Windows\System\fMwwiMe.exe
  2⤵
  PID:8588
- C:\Windows\System\DTAZjbk.exe
  C:\Windows\System\DTAZjbk.exe
  2⤵
  PID:8616
- C:\Windows\System\oXUUrCn.exe
  C:\Windows\System\oXUUrCn.exe
  2⤵
  PID:8660
- C:\Windows\System\YBrrnAY.exe
  C:\Windows\System\YBrrnAY.exe
  2⤵
  PID:8684
- C:\Windows\System\jZGFfet.exe
  C:\Windows\System\jZGFfet.exe
  2⤵
  PID:8712
- C:\Windows\System\ElEvpoM.exe
  C:\Windows\System\ElEvpoM.exe
  2⤵
  PID:8732
- C:\Windows\System\YYpRbgJ.exe
  C:\Windows\System\YYpRbgJ.exe
  2⤵
  PID:8760
- C:\Windows\System\EQiDuXZ.exe
  C:\Windows\System\EQiDuXZ.exe
  2⤵
  PID:8792
- C:\Windows\System\hAdhgds.exe
  C:\Windows\System\hAdhgds.exe
  2⤵
  PID:8824
- C:\Windows\System\WwqeCTH.exe
  C:\Windows\System\WwqeCTH.exe
  2⤵
  PID:8856
- C:\Windows\System\SsCsNUF.exe
  C:\Windows\System\SsCsNUF.exe
  2⤵
  PID:8876
- C:\Windows\System\TmHIqmD.exe
  C:\Windows\System\TmHIqmD.exe
  2⤵
  PID:8904
- C:\Windows\System\xRcTdLB.exe
  C:\Windows\System\xRcTdLB.exe
  2⤵
  PID:8932
- C:\Windows\System\owhEJhf.exe
  C:\Windows\System\owhEJhf.exe
  2⤵
  PID:8972
- C:\Windows\System\YJcFitL.exe
  C:\Windows\System\YJcFitL.exe
  2⤵
  PID:9020
- C:\Windows\System\eoHVOEz.exe
  C:\Windows\System\eoHVOEz.exe
  2⤵
  PID:9064
- C:\Windows\System\rwHzNqc.exe
  C:\Windows\System\rwHzNqc.exe
  2⤵
  PID:9092
- C:\Windows\System\CeUMPUe.exe
  C:\Windows\System\CeUMPUe.exe
  2⤵
  PID:9116
- C:\Windows\System\aBhOKxB.exe
  C:\Windows\System\aBhOKxB.exe
  2⤵
  PID:9144
- C:\Windows\System\kWUQcBD.exe
  C:\Windows\System\kWUQcBD.exe
  2⤵
  PID:9180
- C:\Windows\System\zkGEhgd.exe
  C:\Windows\System\zkGEhgd.exe
  2⤵
  PID:6328
- C:\Windows\System\szyqZRN.exe
  C:\Windows\System\szyqZRN.exe
  2⤵
  PID:8240
- C:\Windows\System\NZurYCx.exe
  C:\Windows\System\NZurYCx.exe
  2⤵
  PID:8288
- C:\Windows\System\FdPyzDv.exe
  C:\Windows\System\FdPyzDv.exe
  2⤵
  PID:8376
- C:\Windows\System\eKWhlWU.exe
  C:\Windows\System\eKWhlWU.exe
  2⤵
  PID:8412
- C:\Windows\System\WJVCGSq.exe
  C:\Windows\System\WJVCGSq.exe
  2⤵
  PID:8500
- C:\Windows\System\dsZXNLb.exe
  C:\Windows\System\dsZXNLb.exe
  2⤵
  PID:7144
- C:\Windows\System\BAHxxsh.exe
  C:\Windows\System\BAHxxsh.exe
  2⤵
  PID:8632
- C:\Windows\System\NCuLWWc.exe
  C:\Windows\System\NCuLWWc.exe
  2⤵
  PID:5084
- C:\Windows\System\yOOsRec.exe
  C:\Windows\System\yOOsRec.exe
  2⤵
  PID:2404
- C:\Windows\System\Ejejrxp.exe
  C:\Windows\System\Ejejrxp.exe
  2⤵
  PID:2056
- C:\Windows\System\MMrvsHG.exe
  C:\Windows\System\MMrvsHG.exe
  2⤵
  PID:7808
- C:\Windows\System\iMDYuZY.exe
  C:\Windows\System\iMDYuZY.exe
  2⤵
  PID:8672
- C:\Windows\System\zdAOVrD.exe
  C:\Windows\System\zdAOVrD.exe
  2⤵
  PID:8744
- C:\Windows\System\cNluASq.exe
  C:\Windows\System\cNluASq.exe
  2⤵
  PID:8808
- C:\Windows\System\woZISMT.exe
  C:\Windows\System\woZISMT.exe
  2⤵
  PID:8864
- C:\Windows\System\qCjGgAG.exe
  C:\Windows\System\qCjGgAG.exe
  2⤵
  PID:8928
- C:\Windows\System\UwAbIFj.exe
  C:\Windows\System\UwAbIFj.exe
  2⤵
  PID:9008
- C:\Windows\System\pbqbPPt.exe
  C:\Windows\System\pbqbPPt.exe
  2⤵
  PID:9112
- C:\Windows\System\VEvTpAL.exe
  C:\Windows\System\VEvTpAL.exe
  2⤵
  PID:9168
- C:\Windows\System\lUhIzCC.exe
  C:\Windows\System\lUhIzCC.exe
  2⤵
  PID:8260
- C:\Windows\System\eFwrnDB.exe
  C:\Windows\System\eFwrnDB.exe
  2⤵
  PID:8384
- C:\Windows\System\ByqYOcB.exe
  C:\Windows\System\ByqYOcB.exe
  2⤵
  PID:8524
- C:\Windows\System\ccBwMZE.exe
  C:\Windows\System\ccBwMZE.exe
  2⤵
  PID:1976
- C:\Windows\System\qbFBoAG.exe
  C:\Windows\System\qbFBoAG.exe
  2⤵
  PID:7192
- C:\Windows\System\BlNWbPD.exe
  C:\Windows\System\BlNWbPD.exe
  2⤵
  PID:8720
- C:\Windows\System\SomoLBg.exe
  C:\Windows\System\SomoLBg.exe
  2⤵
  PID:8888
- C:\Windows\System\GdijXzf.exe
  C:\Windows\System\GdijXzf.exe
  2⤵
  PID:9076
- C:\Windows\System\RfMpvJi.exe
  C:\Windows\System\RfMpvJi.exe
  2⤵
  PID:8272
- C:\Windows\System\WclpcmH.exe
  C:\Windows\System\WclpcmH.exe
  2⤵
  PID:8600
- C:\Windows\System\CptkdxP.exe
  C:\Windows\System\CptkdxP.exe
  2⤵
  PID:7232
- C:\Windows\System\cdSAsUz.exe
  C:\Windows\System\cdSAsUz.exe
  2⤵
  PID:9140
- C:\Windows\System\LySIjCK.exe
  C:\Windows\System\LySIjCK.exe
  2⤵
  PID:5684
- C:\Windows\System\xASGxNx.exe
  C:\Windows\System\xASGxNx.exe
  2⤵
  PID:8408
- C:\Windows\System\gGmvNwR.exe
  C:\Windows\System\gGmvNwR.exe
  2⤵
  PID:9224
- C:\Windows\System\OJoMNTu.exe
  C:\Windows\System\OJoMNTu.exe
  2⤵
  PID:9256
- C:\Windows\System\czLsFOV.exe
  C:\Windows\System\czLsFOV.exe
  2⤵
  PID:9280
- C:\Windows\System\sygABRN.exe
  C:\Windows\System\sygABRN.exe
  2⤵
  PID:9304
- C:\Windows\System\yJWlfDK.exe
  C:\Windows\System\yJWlfDK.exe
  2⤵
  PID:9336
- C:\Windows\System\ldzyBPG.exe
  C:\Windows\System\ldzyBPG.exe
  2⤵
  PID:9356
- C:\Windows\System\OZjGvOj.exe
  C:\Windows\System\OZjGvOj.exe
  2⤵
  PID:9384
- C:\Windows\System\UbzpkeD.exe
  C:\Windows\System\UbzpkeD.exe
  2⤵
  PID:9420
- C:\Windows\System\tbPyOmL.exe
  C:\Windows\System\tbPyOmL.exe
  2⤵
  PID:9440
- C:\Windows\System\frisnqg.exe
  C:\Windows\System\frisnqg.exe
  2⤵
  PID:9476
- C:\Windows\System\eVofZFn.exe
  C:\Windows\System\eVofZFn.exe
  2⤵
  PID:9504
- C:\Windows\System\tLYgAgQ.exe
  C:\Windows\System\tLYgAgQ.exe
  2⤵
  PID:9544
- C:\Windows\System\IYkaTUx.exe
  C:\Windows\System\IYkaTUx.exe
  2⤵
  PID:9568
- C:\Windows\System\dSjVNMY.exe
  C:\Windows\System\dSjVNMY.exe
  2⤵
  PID:9596
- C:\Windows\System\gMliige.exe
  C:\Windows\System\gMliige.exe
  2⤵
  PID:9628
- C:\Windows\System\zDuQJyl.exe
  C:\Windows\System\zDuQJyl.exe
  2⤵
  PID:9656
- C:\Windows\System\TzqGSmT.exe
  C:\Windows\System\TzqGSmT.exe
  2⤵
  PID:9680
- C:\Windows\System\yVthpfH.exe
  C:\Windows\System\yVthpfH.exe
  2⤵
  PID:9712
- C:\Windows\System\xJTBgAd.exe
  C:\Windows\System\xJTBgAd.exe
  2⤵
  PID:9740
- C:\Windows\System\DLEqJRa.exe
  C:\Windows\System\DLEqJRa.exe
  2⤵
  PID:9768
- C:\Windows\System\kXhXyWv.exe
  C:\Windows\System\kXhXyWv.exe
  2⤵
  PID:9796
- C:\Windows\System\SAHTadH.exe
  C:\Windows\System\SAHTadH.exe
  2⤵
  PID:9820
- C:\Windows\System\hyyNLOO.exe
  C:\Windows\System\hyyNLOO.exe
  2⤵
  PID:9852
- C:\Windows\System\eeuuvaV.exe
  C:\Windows\System\eeuuvaV.exe
  2⤵
  PID:9872
- C:\Windows\System\rUtqFeJ.exe
  C:\Windows\System\rUtqFeJ.exe
  2⤵
  PID:9900
- C:\Windows\System\ElpKgux.exe
  C:\Windows\System\ElpKgux.exe
  2⤵
  PID:9928
- C:\Windows\System\iapoOoq.exe
  C:\Windows\System\iapoOoq.exe
  2⤵
  PID:9956
- C:\Windows\System\WIsJUCx.exe
  C:\Windows\System\WIsJUCx.exe
  2⤵
  PID:9988
- C:\Windows\System\rIwelFt.exe
  C:\Windows\System\rIwelFt.exe
  2⤵
  PID:10076
- C:\Windows\System\ZpjRGMI.exe
  C:\Windows\System\ZpjRGMI.exe
  2⤵
  PID:10140
- C:\Windows\System\GNFghAh.exe
  C:\Windows\System\GNFghAh.exe
  2⤵
  PID:10184
- C:\Windows\System\HmyuHoP.exe
  C:\Windows\System\HmyuHoP.exe
  2⤵
  PID:10204
- C:\Windows\System\uuQXRGd.exe
  C:\Windows\System\uuQXRGd.exe
  2⤵
  PID:8832
- C:\Windows\System\MNFiVTD.exe
  C:\Windows\System\MNFiVTD.exe
  2⤵
  PID:9288
- C:\Windows\System\MTBGRWF.exe
  C:\Windows\System\MTBGRWF.exe
  2⤵
  PID:9320
- C:\Windows\System\XuFCLjd.exe
  C:\Windows\System\XuFCLjd.exe
  2⤵
  PID:9436
- C:\Windows\System\BOQjSzB.exe
  C:\Windows\System\BOQjSzB.exe
  2⤵
  PID:9520
- C:\Windows\System\wOllvTi.exe
  C:\Windows\System\wOllvTi.exe
  2⤵
  PID:9584
- C:\Windows\System\rTnGEZS.exe
  C:\Windows\System\rTnGEZS.exe
  2⤵
  PID:9640
- C:\Windows\System\YKvdfVo.exe
  C:\Windows\System\YKvdfVo.exe
  2⤵
  PID:9696
- C:\Windows\System\XdMyYoD.exe
  C:\Windows\System\XdMyYoD.exe
  2⤵
  PID:9756
- C:\Windows\System\aUDIAhR.exe
  C:\Windows\System\aUDIAhR.exe
  2⤵
  PID:9828
- C:\Windows\System\qgshvCQ.exe
  C:\Windows\System\qgshvCQ.exe
  2⤵
  PID:9892
- C:\Windows\System\UVXHmZD.exe
  C:\Windows\System\UVXHmZD.exe
  2⤵
  PID:9968
- C:\Windows\System\oAVfweR.exe
  C:\Windows\System\oAVfweR.exe
  2⤵
  PID:10020
- C:\Windows\System\cXBCpPP.exe
  C:\Windows\System\cXBCpPP.exe
  2⤵
  PID:10216
- C:\Windows\System\FBJCjjG.exe
  C:\Windows\System\FBJCjjG.exe
  2⤵
  PID:9296
- C:\Windows\System\smIvvAf.exe
  C:\Windows\System\smIvvAf.exe
  2⤵
  PID:9496
- C:\Windows\System\XbiPWqG.exe
  C:\Windows\System\XbiPWqG.exe
  2⤵
  PID:9664
- C:\Windows\System\ITzqFPX.exe
  C:\Windows\System\ITzqFPX.exe
  2⤵
  PID:9752
- C:\Windows\System\oHjUTbN.exe
  C:\Windows\System\oHjUTbN.exe
  2⤵
  PID:9920
- C:\Windows\System\TnLUAYi.exe
  C:\Windows\System\TnLUAYi.exe
  2⤵
  PID:10172
- C:\Windows\System\NkoJhmX.exe
  C:\Windows\System\NkoJhmX.exe
  2⤵
  PID:9432
- C:\Windows\System\hNvMfoI.exe
  C:\Windows\System\hNvMfoI.exe
  2⤵
  PID:9728
- C:\Windows\System\PGvrgBY.exe
  C:\Windows\System\PGvrgBY.exe
  2⤵
  PID:10060
- C:\Windows\System\qcOsBeL.exe
  C:\Windows\System\qcOsBeL.exe
  2⤵
  PID:9884
- C:\Windows\System\aaUhkdg.exe
  C:\Windows\System\aaUhkdg.exe
  2⤵
  PID:9692
- C:\Windows\System\vSPDYqF.exe
  C:\Windows\System\vSPDYqF.exe
  2⤵
  PID:10268
- C:\Windows\System\BInDGXr.exe
  C:\Windows\System\BInDGXr.exe
  2⤵
  PID:10296
- C:\Windows\System\BCdVVtO.exe
  C:\Windows\System\BCdVVtO.exe
  2⤵
  PID:10324
- C:\Windows\System\aJgUtnE.exe
  C:\Windows\System\aJgUtnE.exe
  2⤵
  PID:10352
- C:\Windows\System\NtSVOVJ.exe
  C:\Windows\System\NtSVOVJ.exe
  2⤵
  PID:10380
- C:\Windows\System\VvEuPfW.exe
  C:\Windows\System\VvEuPfW.exe
  2⤵
  PID:10408
- C:\Windows\System\puoYalO.exe
  C:\Windows\System\puoYalO.exe
  2⤵
  PID:10436
- C:\Windows\System\cDbiSJR.exe
  C:\Windows\System\cDbiSJR.exe
  2⤵
  PID:10464
- C:\Windows\System\CQAIJfE.exe
  C:\Windows\System\CQAIJfE.exe
  2⤵
  PID:10492
- C:\Windows\System\GaSNWsb.exe
  C:\Windows\System\GaSNWsb.exe
  2⤵
  PID:10520
- C:\Windows\System\dKsgPYG.exe
  C:\Windows\System\dKsgPYG.exe
  2⤵
  PID:10556
- C:\Windows\System\feoCvsr.exe
  C:\Windows\System\feoCvsr.exe
  2⤵
  PID:10576
- C:\Windows\System\lDjpSga.exe
  C:\Windows\System\lDjpSga.exe
  2⤵
  PID:10604
- C:\Windows\System\gUxijQT.exe
  C:\Windows\System\gUxijQT.exe
  2⤵
  PID:10632
- C:\Windows\System\ekvaSTn.exe
  C:\Windows\System\ekvaSTn.exe
  2⤵
  PID:10660
- C:\Windows\System\ozaXAtf.exe
  C:\Windows\System\ozaXAtf.exe
  2⤵
  PID:10688
- C:\Windows\System\MbasLSf.exe
  C:\Windows\System\MbasLSf.exe
  2⤵
  PID:10716
- C:\Windows\System\kJsmpuf.exe
  C:\Windows\System\kJsmpuf.exe
  2⤵
  PID:10752
- C:\Windows\System\YgWYkLU.exe
  C:\Windows\System\YgWYkLU.exe
  2⤵
  PID:10772
- C:\Windows\System\DEVmoOG.exe
  C:\Windows\System\DEVmoOG.exe
  2⤵
  PID:10800
- C:\Windows\System\geTbIpB.exe
  C:\Windows\System\geTbIpB.exe
  2⤵
  PID:10828
- C:\Windows\System\mgSNxBX.exe
  C:\Windows\System\mgSNxBX.exe
  2⤵
  PID:10856
- C:\Windows\System\MIEiCtB.exe
  C:\Windows\System\MIEiCtB.exe
  2⤵
  PID:10888
- C:\Windows\System\IjCFFPw.exe
  C:\Windows\System\IjCFFPw.exe
  2⤵
  PID:10916
- C:\Windows\System\ZySFqVh.exe
  C:\Windows\System\ZySFqVh.exe
  2⤵
  PID:10944
- C:\Windows\System\USNBEEB.exe
  C:\Windows\System\USNBEEB.exe
  2⤵
  PID:10972
- C:\Windows\System\ZnEQDpx.exe
  C:\Windows\System\ZnEQDpx.exe
  2⤵
  PID:11000
- C:\Windows\System\WMVGsYQ.exe
  C:\Windows\System\WMVGsYQ.exe
  2⤵
  PID:11028
- C:\Windows\System\YAPxHUO.exe
  C:\Windows\System\YAPxHUO.exe
  2⤵
  PID:11056
- C:\Windows\System\PbBEBbS.exe
  C:\Windows\System\PbBEBbS.exe
  2⤵
  PID:11084
- C:\Windows\System\CbEwOTF.exe
  C:\Windows\System\CbEwOTF.exe
  2⤵
  PID:11112
- C:\Windows\System\MNHXXNS.exe
  C:\Windows\System\MNHXXNS.exe
  2⤵
  PID:11140
- C:\Windows\System\DzBBgfT.exe
  C:\Windows\System\DzBBgfT.exe
  2⤵
  PID:11168
- C:\Windows\System\zSnsoyj.exe
  C:\Windows\System\zSnsoyj.exe
  2⤵
  PID:11196
- C:\Windows\System\MOTQtDw.exe
  C:\Windows\System\MOTQtDw.exe
  2⤵
  PID:11224
- C:\Windows\System\vdUFFpv.exe
  C:\Windows\System\vdUFFpv.exe
  2⤵
  PID:11252
- C:\Windows\System\lHCicrD.exe
  C:\Windows\System\lHCicrD.exe
  2⤵
  PID:10280
- C:\Windows\System\GFGVhDB.exe
  C:\Windows\System\GFGVhDB.exe
  2⤵
  PID:10372
- C:\Windows\System\kAxVDdi.exe
  C:\Windows\System\kAxVDdi.exe
  2⤵
  PID:10400
- C:\Windows\System\tvEwIwp.exe
  C:\Windows\System\tvEwIwp.exe
  2⤵
  PID:10480
- C:\Windows\System\lrJbrWH.exe
  C:\Windows\System\lrJbrWH.exe
  2⤵
  PID:10540
- C:\Windows\System\CnQTvGw.exe
  C:\Windows\System\CnQTvGw.exe
  2⤵
  PID:10616
- C:\Windows\System\IxCLHSJ.exe
  C:\Windows\System\IxCLHSJ.exe
  2⤵
  PID:10708
- C:\Windows\System\cSgmtxA.exe
  C:\Windows\System\cSgmtxA.exe
  2⤵
  PID:10820
- C:\Windows\System\KTfGuYl.exe
  C:\Windows\System\KTfGuYl.exe
  2⤵
  PID:10868
- C:\Windows\System\ShuvNDZ.exe
  C:\Windows\System\ShuvNDZ.exe
  2⤵
  PID:10936
- C:\Windows\System\GdDKdwV.exe
  C:\Windows\System\GdDKdwV.exe
  2⤵
  PID:11024
- C:\Windows\System\KUUssOl.exe
  C:\Windows\System\KUUssOl.exe
  2⤵
  PID:11080
- C:\Windows\System\BBiUHNQ.exe
  C:\Windows\System\BBiUHNQ.exe
  2⤵
  PID:11136
- C:\Windows\System\eTKROon.exe
  C:\Windows\System\eTKROon.exe
  2⤵
  PID:11212
- C:\Windows\System\KuUyRVX.exe
  C:\Windows\System\KuUyRVX.exe
  2⤵
  PID:10264
- C:\Windows\System\SJekebj.exe
  C:\Windows\System\SJekebj.exe
  2⤵
  PID:5312
- C:\Windows\System\zceLMuq.exe
  C:\Windows\System\zceLMuq.exe
  2⤵
  PID:10504
- C:\Windows\System\aJBAlab.exe
  C:\Windows\System\aJBAlab.exe
  2⤵
  PID:10596
- C:\Windows\System\nGgtTDR.exe
  C:\Windows\System\nGgtTDR.exe
  2⤵
  PID:6832
- C:\Windows\System\WvxMpcc.exe
  C:\Windows\System\WvxMpcc.exe
  2⤵
  PID:7680
- C:\Windows\System\sylCIha.exe
  C:\Windows\System\sylCIha.exe
  2⤵
  PID:10792
- C:\Windows\System\jhxbkCd.exe
  C:\Windows\System\jhxbkCd.exe
  2⤵
  PID:10964
- C:\Windows\System\SVZDjYv.exe
  C:\Windows\System\SVZDjYv.exe
  2⤵
  PID:11076
- C:\Windows\System\wRlKGUr.exe
  C:\Windows\System\wRlKGUr.exe
  2⤵
  PID:11192
- C:\Windows\System\RldlOvx.exe
  C:\Windows\System\RldlOvx.exe
  2⤵
  PID:9500
- C:\Windows\System\NCjQHif.exe
  C:\Windows\System\NCjQHif.exe
  2⤵
  PID:6856
- C:\Windows\System\CDkBhWw.exe
  C:\Windows\System\CDkBhWw.exe
  2⤵
  PID:10784
- C:\Windows\System\bczULTU.exe
  C:\Windows\System\bczULTU.exe
  2⤵
  PID:9488
- C:\Windows\System\YMGEEcX.exe
  C:\Windows\System\YMGEEcX.exe
  2⤵
  PID:4496
- C:\Windows\System\QAzmfOK.exe
  C:\Windows\System\QAzmfOK.exe
  2⤵
  PID:11052
- C:\Windows\System\isGuurN.exe
  C:\Windows\System\isGuurN.exe
  2⤵
  PID:11292
- C:\Windows\System\OcbLqCT.exe
  C:\Windows\System\OcbLqCT.exe
  2⤵
  PID:11328
- C:\Windows\System\thdRhWl.exe
  C:\Windows\System\thdRhWl.exe
  2⤵
  PID:11344
- C:\Windows\System\YooWSLd.exe
  C:\Windows\System\YooWSLd.exe
  2⤵
  PID:11384
- C:\Windows\System\UPeIzas.exe
  C:\Windows\System\UPeIzas.exe
  2⤵
  PID:11412
- C:\Windows\System\ZpzahRW.exe
  C:\Windows\System\ZpzahRW.exe
  2⤵
  PID:11440
- C:\Windows\System\bsNaHlW.exe
  C:\Windows\System\bsNaHlW.exe
  2⤵
  PID:11476
- C:\Windows\System\kbNBYHj.exe
  C:\Windows\System\kbNBYHj.exe
  2⤵
  PID:11504
- C:\Windows\System\zLLPpfo.exe
  C:\Windows\System\zLLPpfo.exe
  2⤵
  PID:11528
- C:\Windows\System\ARdPIKZ.exe
  C:\Windows\System\ARdPIKZ.exe
  2⤵
  PID:11560
- C:\Windows\System\hHTHsco.exe
  C:\Windows\System\hHTHsco.exe
  2⤵
  PID:11588
- C:\Windows\System\LIpYmBv.exe
  C:\Windows\System\LIpYmBv.exe
  2⤵
  PID:11616
- C:\Windows\System\bUweEFW.exe
  C:\Windows\System\bUweEFW.exe
  2⤵
  PID:11648
- C:\Windows\System\VQANiyT.exe
  C:\Windows\System\VQANiyT.exe
  2⤵
  PID:11684
- C:\Windows\System\qcPeFHW.exe
  C:\Windows\System\qcPeFHW.exe
  2⤵
  PID:11708
- C:\Windows\System\FjLkCEF.exe
  C:\Windows\System\FjLkCEF.exe
  2⤵
  PID:11732
- C:\Windows\System\gxqGToL.exe
  C:\Windows\System\gxqGToL.exe
  2⤵
  PID:11760
- C:\Windows\System\WGxHKlo.exe
  C:\Windows\System\WGxHKlo.exe
  2⤵
  PID:11804
- C:\Windows\System\rtQQlXh.exe
  C:\Windows\System\rtQQlXh.exe
  2⤵
  PID:11828
- C:\Windows\System\pYxWHJX.exe
  C:\Windows\System\pYxWHJX.exe
  2⤵
  PID:11856
- C:\Windows\System\JEpeIBa.exe
  C:\Windows\System\JEpeIBa.exe
  2⤵
  PID:11880
- C:\Windows\System\aYApTaq.exe
  C:\Windows\System\aYApTaq.exe
  2⤵
  PID:11908
- C:\Windows\System\hQlerOr.exe
  C:\Windows\System\hQlerOr.exe
  2⤵
  PID:11936
- C:\Windows\System\SNLgKVm.exe
  C:\Windows\System\SNLgKVm.exe
  2⤵
  PID:11964
- C:\Windows\System\dsmYssk.exe
  C:\Windows\System\dsmYssk.exe
  2⤵
  PID:11996
- C:\Windows\System\iMppQvU.exe
  C:\Windows\System\iMppQvU.exe
  2⤵
  PID:12028
- C:\Windows\System\aDfXVoq.exe
  C:\Windows\System\aDfXVoq.exe
  2⤵
  PID:12048
- C:\Windows\System\JRGFGiz.exe
  C:\Windows\System\JRGFGiz.exe
  2⤵
  PID:12076
- C:\Windows\System\OHSxOqH.exe
  C:\Windows\System\OHSxOqH.exe
  2⤵
  PID:12104
- C:\Windows\System\NeETYrc.exe
  C:\Windows\System\NeETYrc.exe
  2⤵
  PID:12132
- C:\Windows\System\PVnVQmh.exe
  C:\Windows\System\PVnVQmh.exe
  2⤵
  PID:12160
- C:\Windows\System\AtYkYht.exe
  C:\Windows\System\AtYkYht.exe
  2⤵
  PID:12188
- C:\Windows\System\yUocYiq.exe
  C:\Windows\System\yUocYiq.exe
  2⤵
  PID:12216
- C:\Windows\System\qdvRXKj.exe
  C:\Windows\System\qdvRXKj.exe
  2⤵
  PID:12244
- C:\Windows\System\ULiWYOc.exe
  C:\Windows\System\ULiWYOc.exe
  2⤵
  PID:12276
- C:\Windows\System\rDWAfgc.exe
  C:\Windows\System\rDWAfgc.exe
  2⤵
  PID:4092
- C:\Windows\System\dEZfTZc.exe
  C:\Windows\System\dEZfTZc.exe
  2⤵
  PID:11336
- C:\Windows\System\pFezLVO.exe
  C:\Windows\System\pFezLVO.exe
  2⤵
  PID:11408
- C:\Windows\System\yBkevYf.exe
  C:\Windows\System\yBkevYf.exe
  2⤵
  PID:11484
- C:\Windows\System\PSfTWnd.exe
  C:\Windows\System\PSfTWnd.exe
  2⤵
  PID:11540
- C:\Windows\System\fkiKSIM.exe
  C:\Windows\System\fkiKSIM.exe
  2⤵
  PID:11576
- C:\Windows\System\fAoIlva.exe
  C:\Windows\System\fAoIlva.exe
  2⤵
  PID:11640
- C:\Windows\System\TCVKTBv.exe
  C:\Windows\System\TCVKTBv.exe
  2⤵
  PID:11724
- C:\Windows\System\xbvVBPL.exe
  C:\Windows\System\xbvVBPL.exe
  2⤵
  PID:11756
- C:\Windows\System\uSIOIBl.exe
  C:\Windows\System\uSIOIBl.exe
  2⤵
  PID:11816
- C:\Windows\System\zjSayGS.exe
  C:\Windows\System\zjSayGS.exe
  2⤵
  PID:11872
- C:\Windows\System\lKGIywE.exe
  C:\Windows\System\lKGIywE.exe
  2⤵
  PID:11920
- C:\Windows\System\stcFqGk.exe
  C:\Windows\System\stcFqGk.exe
  2⤵
  PID:11984
- C:\Windows\System\EgvfUMC.exe
  C:\Windows\System\EgvfUMC.exe
  2⤵
  PID:12044
- C:\Windows\System\kgyURMu.exe
  C:\Windows\System\kgyURMu.exe
  2⤵
  PID:12116
- C:\Windows\System\tUaVxOm.exe
  C:\Windows\System\tUaVxOm.exe
  2⤵
  PID:12200
- C:\Windows\System\HVXXXqc.exe
  C:\Windows\System\HVXXXqc.exe
  2⤵
  PID:12268
- C:\Windows\System\mFsQHDK.exe
  C:\Windows\System\mFsQHDK.exe
  2⤵
  PID:11324
- C:\Windows\System\yEiQiFB.exe
  C:\Windows\System\yEiQiFB.exe
  2⤵
  PID:11464
- C:\Windows\System\gedAeRC.exe
  C:\Windows\System\gedAeRC.exe
  2⤵
  PID:11600
- C:\Windows\System\hajamhk.exe
  C:\Windows\System\hajamhk.exe
  2⤵
  PID:11692
- C:\Windows\System\KcsgSbY.exe
  C:\Windows\System\KcsgSbY.exe
  2⤵
  PID:11844
- C:\Windows\System\ugTDlnd.exe
  C:\Windows\System\ugTDlnd.exe
  2⤵
  PID:11900
- C:\Windows\System\fXUBHQJ.exe
  C:\Windows\System\fXUBHQJ.exe
  2⤵
  PID:12040
- C:\Windows\System\guiRtxB.exe
  C:\Windows\System\guiRtxB.exe
  2⤵
  PID:12232
- C:\Windows\System\lfuzaWr.exe
  C:\Windows\System\lfuzaWr.exe
  2⤵
  PID:11460
- C:\Windows\System\BIxUGtw.exe
  C:\Windows\System\BIxUGtw.exe
  2⤵
  PID:7908
- C:\Windows\System\TSzPoxm.exe
  C:\Windows\System\TSzPoxm.exe
  2⤵
  PID:11976
- C:\Windows\System\rzDrdFo.exe
  C:\Windows\System\rzDrdFo.exe
  2⤵
  PID:11272
- C:\Windows\System\vPeFJAM.exe
  C:\Windows\System\vPeFJAM.exe
  2⤵
  PID:4544
- C:\Windows\System\UlzuIuU.exe
  C:\Windows\System\UlzuIuU.exe
  2⤵
  PID:4416
- C:\Windows\System\cWkhFsn.exe
  C:\Windows\System\cWkhFsn.exe
  2⤵
  PID:5520
- C:\Windows\System\IVfwBCJ.exe
  C:\Windows\System\IVfwBCJ.exe
  2⤵
  PID:12316
- C:\Windows\System\vHIpHHx.exe
  C:\Windows\System\vHIpHHx.exe
  2⤵
  PID:12340
- C:\Windows\System\IPMIDzW.exe
  C:\Windows\System\IPMIDzW.exe
  2⤵
  PID:12364
- C:\Windows\System\JgFZxGs.exe
  C:\Windows\System\JgFZxGs.exe
  2⤵
  PID:12388
- C:\Windows\System\gXlVAON.exe
  C:\Windows\System\gXlVAON.exe
  2⤵
  PID:12440
- C:\Windows\System\OcIPtsF.exe
  C:\Windows\System\OcIPtsF.exe
  2⤵
  PID:12496
- C:\Windows\System\QHPnXgC.exe
  C:\Windows\System\QHPnXgC.exe
  2⤵
  PID:12536
- C:\Windows\System\rKHlXuQ.exe
  C:\Windows\System\rKHlXuQ.exe
  2⤵
  PID:12552
- C:\Windows\System\oZbvMdo.exe
  C:\Windows\System\oZbvMdo.exe
  2⤵
  PID:12580
- C:\Windows\System\nXJyIDH.exe
  C:\Windows\System\nXJyIDH.exe
  2⤵
  PID:12608
- C:\Windows\System\KNnsmCL.exe
  C:\Windows\System\KNnsmCL.exe
  2⤵
  PID:12636
- C:\Windows\System\RubiHUh.exe
  C:\Windows\System\RubiHUh.exe
  2⤵
  PID:12664
- C:\Windows\System\hpjCYiV.exe
  C:\Windows\System\hpjCYiV.exe
  2⤵
  PID:12692
- C:\Windows\System\ybQtJUU.exe
  C:\Windows\System\ybQtJUU.exe
  2⤵
  PID:12720
- C:\Windows\System\THVnttx.exe
  C:\Windows\System\THVnttx.exe
  2⤵
  PID:12748
- C:\Windows\System\NaAJiJj.exe
  C:\Windows\System\NaAJiJj.exe
  2⤵
  PID:12776
- C:\Windows\System\dpKEQvM.exe
  C:\Windows\System\dpKEQvM.exe
  2⤵
  PID:12804
- C:\Windows\System\tmEzECd.exe
  C:\Windows\System\tmEzECd.exe
  2⤵
  PID:12832
- C:\Windows\System\clvHZMH.exe
  C:\Windows\System\clvHZMH.exe
  2⤵
  PID:12860
- C:\Windows\System\eqyNSiR.exe
  C:\Windows\System\eqyNSiR.exe
  2⤵
  PID:12888
- C:\Windows\System\fnFHZGC.exe
  C:\Windows\System\fnFHZGC.exe
  2⤵
  PID:12924
- C:\Windows\System\FNCusmn.exe
  C:\Windows\System\FNCusmn.exe
  2⤵
  PID:12944
- C:\Windows\System\qyUHRKZ.exe
  C:\Windows\System\qyUHRKZ.exe
  2⤵
  PID:12972
- C:\Windows\System\yorBMNp.exe
  C:\Windows\System\yorBMNp.exe
  2⤵
  PID:13000
- C:\Windows\System\NkuERVP.exe
  C:\Windows\System\NkuERVP.exe
  2⤵
  PID:13028
- C:\Windows\System\ZFXCrAH.exe
  C:\Windows\System\ZFXCrAH.exe
  2⤵
  PID:13056
- C:\Windows\System\APLAtIS.exe
  C:\Windows\System\APLAtIS.exe
  2⤵
  PID:13088
- C:\Windows\System\sQPXPYs.exe
  C:\Windows\System\sQPXPYs.exe
  2⤵
  PID:13116
- C:\Windows\System\ETOkgFa.exe
  C:\Windows\System\ETOkgFa.exe
  2⤵
  PID:13144
- C:\Windows\System\anSKHES.exe
  C:\Windows\System\anSKHES.exe
  2⤵
  PID:13172
- C:\Windows\System\FATIpIR.exe
  C:\Windows\System\FATIpIR.exe
  2⤵
  PID:13200
- C:\Windows\System\XaZSsDr.exe
  C:\Windows\System\XaZSsDr.exe
  2⤵
  PID:13228
- C:\Windows\System\aQoBdIY.exe
  C:\Windows\System\aQoBdIY.exe
  2⤵
  PID:13256
- C:\Windows\System\RTNCBrU.exe
  C:\Windows\System\RTNCBrU.exe
  2⤵
  PID:13284
- C:\Windows\System\CvXAlsb.exe
  C:\Windows\System\CvXAlsb.exe
  2⤵
  PID:1876
- C:\Windows\System\xLtqagH.exe
  C:\Windows\System\xLtqagH.exe
  2⤵
  PID:12332
- C:\Windows\System\nbePyUM.exe
  C:\Windows\System\nbePyUM.exe
  2⤵
  PID:5072
- C:\Windows\System\CDgrAon.exe
  C:\Windows\System\CDgrAon.exe
  2⤵
  PID:11364
- C:\Windows\System\slfeCpa.exe
  C:\Windows\System\slfeCpa.exe
  2⤵
  PID:11368
- C:\Windows\System\zgfFsHW.exe
  C:\Windows\System\zgfFsHW.exe
  2⤵
  PID:4900
- C:\Windows\System\qSSNRmS.exe
  C:\Windows\System\qSSNRmS.exe
  2⤵
  PID:12548
- C:\Windows\System\tOdypdP.exe
  C:\Windows\System\tOdypdP.exe
  2⤵
  PID:12620
- C:\Windows\System\NWqLZyQ.exe
  C:\Windows\System\NWqLZyQ.exe
  2⤵
  PID:12684
- C:\Windows\System\rcdGnCr.exe
  C:\Windows\System\rcdGnCr.exe
  2⤵
  PID:12744
- C:\Windows\System\iGypXpE.exe
  C:\Windows\System\iGypXpE.exe
  2⤵
  PID:12820
- C:\Windows\System\oqRVJJb.exe
  C:\Windows\System\oqRVJJb.exe
  2⤵
  PID:12872
- C:\Windows\System\lvHQVyE.exe
  C:\Windows\System\lvHQVyE.exe
  2⤵
  PID:12932
- C:\Windows\System\KzjBnjV.exe
  C:\Windows\System\KzjBnjV.exe
  2⤵
  PID:12992
- C:\Windows\System\OGvgvqZ.exe
  C:\Windows\System\OGvgvqZ.exe
  2⤵
  PID:13040
- C:\Windows\System\YCUiREY.exe
  C:\Windows\System\YCUiREY.exe
  2⤵
  PID:13112
- C:\Windows\System\ACpVHcX.exe
  C:\Windows\System\ACpVHcX.exe
  2⤵
  PID:13192
- C:\Windows\System\GPvwXsX.exe
  C:\Windows\System\GPvwXsX.exe
  2⤵
  PID:4408
- C:\Windows\System\xVZtREg.exe
  C:\Windows\System\xVZtREg.exe
  2⤵
  PID:13308
- C:\Windows\System\vwtawwZ.exe
  C:\Windows\System\vwtawwZ.exe
  2⤵
  PID:12432
- C:\Windows\System\DaVDIfS.exe
  C:\Windows\System\DaVDIfS.exe
  2⤵
  PID:11048
- C:\Windows\System\RjKEBJj.exe
  C:\Windows\System\RjKEBJj.exe
  2⤵
  PID:12648
- C:\Windows\System\cHTVWik.exe
  C:\Windows\System\cHTVWik.exe
  2⤵
  PID:12740
- C:\Windows\System\wPDjPXM.exe
  C:\Windows\System\wPDjPXM.exe
  2⤵
  PID:12884
- C:\Windows\System\doZukYI.exe
  C:\Windows\System\doZukYI.exe
  2⤵
  PID:13080
- C:\Windows\System\LpqgGkk.exe
  C:\Windows\System\LpqgGkk.exe
  2⤵
  PID:13184
- C:\Windows\System\EQPpJNU.exe
  C:\Windows\System\EQPpJNU.exe
  2⤵
  PID:12312
- C:\Windows\System\NSAGnDH.exe
  C:\Windows\System\NSAGnDH.exe
  2⤵
  PID:12544
- C:\Windows\System\aJqtbuM.exe
  C:\Windows\System\aJqtbuM.exe
  2⤵
  PID:2344
- C:\Windows\System\OfcVCng.exe
  C:\Windows\System\OfcVCng.exe
  2⤵
  PID:13244
- C:\Windows\System\FQQfqjd.exe
  C:\Windows\System\FQQfqjd.exe
  2⤵
  PID:12800
- C:\Windows\System\kNCRvdo.exe
  C:\Windows\System\kNCRvdo.exe
  2⤵
  PID:2876
- C:\Windows\System\zZzHJkn.exe
  C:\Windows\System\zZzHJkn.exe
  2⤵
  PID:12712
- C:\Windows\System\xBXnqVi.exe
  C:\Windows\System\xBXnqVi.exe
  2⤵
  PID:13332
- C:\Windows\System\MSYpUqh.exe
  C:\Windows\System\MSYpUqh.exe
  2⤵
  PID:13360
- C:\Windows\System\nOLApsW.exe
  C:\Windows\System\nOLApsW.exe
  2⤵
  PID:13388
- C:\Windows\System\DrBTGLh.exe
  C:\Windows\System\DrBTGLh.exe
  2⤵
  PID:13416
- C:\Windows\System\NfIGXcj.exe
  C:\Windows\System\NfIGXcj.exe
  2⤵
  PID:13452
- C:\Windows\System\VyDoBvZ.exe
  C:\Windows\System\VyDoBvZ.exe
  2⤵
  PID:13472
- C:\Windows\System\WMFmWzi.exe
  C:\Windows\System\WMFmWzi.exe
  2⤵
  PID:13500
- C:\Windows\System\pTsOiRD.exe
  C:\Windows\System\pTsOiRD.exe
  2⤵
  PID:13528
- C:\Windows\System\NIlzxrR.exe
  C:\Windows\System\NIlzxrR.exe
  2⤵
  PID:13556
- C:\Windows\System\QdrfUJL.exe
  C:\Windows\System\QdrfUJL.exe
  2⤵
  PID:13584
- C:\Windows\System\EqtCWHs.exe
  C:\Windows\System\EqtCWHs.exe
  2⤵
  PID:13612
- C:\Windows\System\QjKHedM.exe
  C:\Windows\System\QjKHedM.exe
  2⤵
  PID:13640
- C:\Windows\System\hSZqtQa.exe
  C:\Windows\System\hSZqtQa.exe
  2⤵
  PID:13672
- C:\Windows\System\SKlcIUp.exe
  C:\Windows\System\SKlcIUp.exe
  2⤵
  PID:13700
- C:\Windows\System\RyeXcbP.exe
  C:\Windows\System\RyeXcbP.exe
  2⤵
  PID:13732
- C:\Windows\System\oTpLpVh.exe
  C:\Windows\System\oTpLpVh.exe
  2⤵
  PID:13760
- C:\Windows\System\xhZplgX.exe
  C:\Windows\System\xhZplgX.exe
  2⤵
  PID:13788
- C:\Windows\System\sTnBwgQ.exe
  C:\Windows\System\sTnBwgQ.exe
  2⤵
  PID:13816
- C:\Windows\System\jLRVEzD.exe
  C:\Windows\System\jLRVEzD.exe
  2⤵
  PID:13844
- C:\Windows\System\ZIQFCOY.exe
  C:\Windows\System\ZIQFCOY.exe
  2⤵
  PID:13872
- C:\Windows\System\OggShmS.exe
  C:\Windows\System\OggShmS.exe
  2⤵
  PID:13900
- C:\Windows\System\ZTcAkKU.exe
  C:\Windows\System\ZTcAkKU.exe
  2⤵
  PID:13928
- C:\Windows\System\XmNXioW.exe
  C:\Windows\System\XmNXioW.exe
  2⤵
  PID:13956
- C:\Windows\System\kVALIHI.exe
  C:\Windows\System\kVALIHI.exe
  2⤵
  PID:13984
- C:\Windows\System\PTJChRO.exe
  C:\Windows\System\PTJChRO.exe
  2⤵
  PID:14004
- C:\Windows\System\DsIDyBR.exe
  C:\Windows\System\DsIDyBR.exe
  2⤵
  PID:14040
- C:\Windows\System\DvrNhYp.exe
  C:\Windows\System\DvrNhYp.exe
  2⤵
  PID:14068
- C:\Windows\System\OBmutrZ.exe
  C:\Windows\System\OBmutrZ.exe
  2⤵
  PID:14096
- C:\Windows\System\ZYJWGIp.exe
  C:\Windows\System\ZYJWGIp.exe
  2⤵
  PID:14124
- C:\Windows\System\xPDXCOg.exe
  C:\Windows\System\xPDXCOg.exe
  2⤵
  PID:14152
- C:\Windows\System\AgSrkRK.exe
  C:\Windows\System\AgSrkRK.exe
  2⤵
  PID:14180
- C:\Windows\System\AWxaKLY.exe
  C:\Windows\System\AWxaKLY.exe
  2⤵
  PID:14208
- C:\Windows\System\lvPMFqz.exe
  C:\Windows\System\lvPMFqz.exe
  2⤵
  PID:14236
- C:\Windows\System\GEFubKB.exe
  C:\Windows\System\GEFubKB.exe
  2⤵
  PID:14264
- C:\Windows\System\rDASFnD.exe
  C:\Windows\System\rDASFnD.exe
  2⤵
  PID:14292
- C:\Windows\System\VVPkkAI.exe
  C:\Windows\System\VVPkkAI.exe
  2⤵
  PID:14320
- C:\Windows\System\aVNxfNP.exe
  C:\Windows\System\aVNxfNP.exe
  2⤵
  PID:13348
- C:\Windows\System\YNzLUQt.exe
  C:\Windows\System\YNzLUQt.exe
  2⤵
  PID:13408
- C:\Windows\System\YNKmLDL.exe
  C:\Windows\System\YNKmLDL.exe
  2⤵
  PID:13468
- C:\Windows\System\wndBGXG.exe
  C:\Windows\System\wndBGXG.exe
  2⤵
  PID:13544
- C:\Windows\System\CGmusKS.exe
  C:\Windows\System\CGmusKS.exe
  2⤵
  PID:13604
- C:\Windows\System\nNwElkh.exe
  C:\Windows\System\nNwElkh.exe
  2⤵
  PID:13660
- C:\Windows\System\iRAtKZb.exe
  C:\Windows\System\iRAtKZb.exe
  2⤵
  PID:1296
- C:\Windows\System\eUPbyRg.exe
  C:\Windows\System\eUPbyRg.exe
  2⤵
  PID:13724
- C:\Windows\System\bQTiiQm.exe
  C:\Windows\System\bQTiiQm.exe
  2⤵
  PID:13812
- C:\Windows\System\eAJvbgO.exe
  C:\Windows\System\eAJvbgO.exe
  2⤵
  PID:13856
- C:\Windows\System\FmEUohJ.exe
  C:\Windows\System\FmEUohJ.exe
  2⤵
  PID:13920
- C:\Windows\System\SkGnXSB.exe
  C:\Windows\System\SkGnXSB.exe
  2⤵
  PID:13980
- C:\Windows\System\pZAVQJf.exe
  C:\Windows\System\pZAVQJf.exe
  2⤵
  PID:14056
- C:\Windows\System\VOQQOdv.exe
  C:\Windows\System\VOQQOdv.exe
  2⤵
  PID:14116
- C:\Windows\System\BwNWhfj.exe
  C:\Windows\System\BwNWhfj.exe
  2⤵
  PID:14176
- C:\Windows\System\DPPOwUA.exe
  C:\Windows\System\DPPOwUA.exe
  2⤵
  PID:14248
- C:\Windows\System\GrInkuD.exe
  C:\Windows\System\GrInkuD.exe
  2⤵
  PID:14288
- C:\Windows\System\hAmKnTr.exe
  C:\Windows\System\hAmKnTr.exe
  2⤵
  PID:13380
- C:\Windows\System\hFRwKdY.exe
  C:\Windows\System\hFRwKdY.exe
  2⤵
  PID:13520
- C:\Windows\System\RgvitPU.exe
  C:\Windows\System\RgvitPU.exe
  2⤵
  PID:13696
- C:\Windows\System\gNwyTmL.exe
  C:\Windows\System\gNwyTmL.exe
  2⤵
  PID:13752
- C:\Windows\System\lfjGJyt.exe
  C:\Windows\System\lfjGJyt.exe
  2⤵
  PID:13892
- C:\Windows\System\IyMMVBq.exe
  C:\Windows\System\IyMMVBq.exe
  2⤵
  PID:14036
- C:\Windows\System\fYCkXGd.exe
  C:\Windows\System\fYCkXGd.exe
  2⤵
  PID:14220
- C:\Windows\System\PlkAkKK.exe
  C:\Windows\System\PlkAkKK.exe
  2⤵
  PID:14284
- C:\Windows\System\fLnUnuG.exe
  C:\Windows\System\fLnUnuG.exe
  2⤵
  PID:13464
- C:\Windows\System\xhYpsLV.exe
  C:\Windows\System\xhYpsLV.exe
  2⤵
  PID:5476
- C:\Windows\System\wptspwQ.exe
  C:\Windows\System\wptspwQ.exe
  2⤵
  PID:14024
- C:\Windows\System\RnnZHHl.exe
  C:\Windows\System\RnnZHHl.exe
  2⤵
  PID:14332
- C:\Windows\System\nkXIyif.exe
  C:\Windows\System\nkXIyif.exe
  2⤵
  PID:852
- C:\Windows\System\UkkkQaA.exe
  C:\Windows\System\UkkkQaA.exe
  2⤵
  PID:5744
- C:\Windows\System\trHGLCu.exe
  C:\Windows\System\trHGLCu.exe
  2⤵
  PID:14276
- C:\Windows\System\CnUgkHr.exe
  C:\Windows\System\CnUgkHr.exe
  2⤵
  PID:14364
- C:\Windows\System\sDmuxcK.exe
  C:\Windows\System\sDmuxcK.exe
  2⤵
  PID:14392
- C:\Windows\System\oMmuEKv.exe
  C:\Windows\System\oMmuEKv.exe
  2⤵
  PID:14420
- C:\Windows\System\kGEZdiv.exe
  C:\Windows\System\kGEZdiv.exe
  2⤵
  PID:14448
- C:\Windows\System\SDVdxgw.exe
  C:\Windows\System\SDVdxgw.exe
  2⤵
  PID:14476
- C:\Windows\System\SXXksVU.exe
  C:\Windows\System\SXXksVU.exe
  2⤵
  PID:14504
- C:\Windows\System\QVrdOsk.exe
  C:\Windows\System\QVrdOsk.exe
  2⤵
  PID:14532
- C:\Windows\System\zNHuPax.exe
  C:\Windows\System\zNHuPax.exe
  2⤵
  PID:14560
- C:\Windows\System\BNKOcrI.exe
  C:\Windows\System\BNKOcrI.exe
  2⤵
  PID:14588
- C:\Windows\System\hQvJgDH.exe
  C:\Windows\System\hQvJgDH.exe
  2⤵
  PID:14616
- C:\Windows\System\PKQuysm.exe
  C:\Windows\System\PKQuysm.exe
  2⤵
  PID:14644
- C:\Windows\System\FZZpkMb.exe
  C:\Windows\System\FZZpkMb.exe
  2⤵
  PID:14672
- C:\Windows\System\gBCEjYu.exe
  C:\Windows\System\gBCEjYu.exe
  2⤵
  PID:14700
- C:\Windows\System\LuCMhqL.exe
  C:\Windows\System\LuCMhqL.exe
  2⤵
  PID:14728
- C:\Windows\System\pyVdiCO.exe
  C:\Windows\System\pyVdiCO.exe
  2⤵
  PID:14756
- C:\Windows\System\yXETNni.exe
  C:\Windows\System\yXETNni.exe
  2⤵
  PID:14784
- C:\Windows\System\snQHOgx.exe
  C:\Windows\System\snQHOgx.exe
  2⤵
  PID:14812
- C:\Windows\System\bDUGuhF.exe
  C:\Windows\System\bDUGuhF.exe
  2⤵
  PID:14840
- C:\Windows\System\UJvzhor.exe
  C:\Windows\System\UJvzhor.exe
  2⤵
  PID:14868
- C:\Windows\System\YMXzbJa.exe
  C:\Windows\System\YMXzbJa.exe
  2⤵
  PID:14896
- C:\Windows\System\eviIWAh.exe
  C:\Windows\System\eviIWAh.exe
  2⤵
  PID:14924
- C:\Windows\System\trPypaG.exe
  C:\Windows\System\trPypaG.exe
  2⤵
  PID:14952
- C:\Windows\System\RALiXzc.exe
  C:\Windows\System\RALiXzc.exe
  2⤵
  PID:14980
- C:\Windows\System\yRSBKew.exe
  C:\Windows\System\yRSBKew.exe
  2⤵
  PID:15016
- C:\Windows\System\RchtleE.exe
  C:\Windows\System\RchtleE.exe
  2⤵
  PID:15036
- C:\Windows\System\WOprvDZ.exe
  C:\Windows\System\WOprvDZ.exe
  2⤵
  PID:15064
- C:\Windows\System\uYGZIkG.exe
  C:\Windows\System\uYGZIkG.exe
  2⤵
  PID:15092
- C:\Windows\System\rGitqQk.exe
  C:\Windows\System\rGitqQk.exe
  2⤵
  PID:15128
- C:\Windows\System\pWIbXwX.exe
  C:\Windows\System\pWIbXwX.exe
  2⤵
  PID:15152
- C:\Windows\System\BytOlBI.exe
  C:\Windows\System\BytOlBI.exe
  2⤵
  PID:15184
- C:\Windows\System\hciaZNy.exe
  C:\Windows\System\hciaZNy.exe
  2⤵
  PID:15216
- C:\Windows\System\cYJtGgt.exe
  C:\Windows\System\cYJtGgt.exe
  2⤵
  PID:15264
- C:\Windows\System\RqJoQhi.exe
  C:\Windows\System\RqJoQhi.exe
  2⤵
  PID:15292
- C:\Windows\System\KqbSEQt.exe
  C:\Windows\System\KqbSEQt.exe
  2⤵
  PID:14864
- C:\Windows\System\MysPeHP.exe
  C:\Windows\System\MysPeHP.exe
  2⤵
  PID:14912
- C:\Windows\System\unYtMhy.exe
  C:\Windows\System\unYtMhy.exe
  2⤵
  PID:15032
- C:\Windows\System\PRSONho.exe
  C:\Windows\System\PRSONho.exe
  2⤵
  PID:15076
- C:\Windows\System\RdoJQwJ.exe
  C:\Windows\System\RdoJQwJ.exe
  2⤵
  PID:15176
- C:\Windows\System\zWbljYH.exe
  C:\Windows\System\zWbljYH.exe
  2⤵
  PID:14376
- C:\Windows\System\ztfeyiW.exe
  C:\Windows\System\ztfeyiW.exe
  2⤵
  PID:14556
- C:\Windows\System\BffRuJv.exe
  C:\Windows\System\BffRuJv.exe
  2⤵
  PID:14608
- C:\Windows\System\pZiILFb.exe
  C:\Windows\System\pZiILFb.exe
  2⤵
  PID:14656
- C:\Windows\System\IktqefC.exe
  C:\Windows\System\IktqefC.exe
  2⤵
  PID:14724
- C:\Windows\System\DvYDcNx.exe
  C:\Windows\System\DvYDcNx.exe
  2⤵
  PID:14808
- C:\Windows\System\cQXrLbl.exe
  C:\Windows\System\cQXrLbl.exe
  2⤵
  PID:14852
- C:\Windows\System\RHtuYtH.exe
  C:\Windows\System\RHtuYtH.exe
  2⤵
  PID:14936
- C:\Windows\System\XgdLkTI.exe
  C:\Windows\System\XgdLkTI.exe
  2⤵
  PID:15120
- C:\Windows\System\WjwXlom.exe
  C:\Windows\System\WjwXlom.exe
  2⤵
  PID:15056
- C:\Windows\System\IctXzsK.exe
  C:\Windows\System\IctXzsK.exe
  2⤵
  PID:15240
- C:\Windows\System\NNAfBeS.exe
  C:\Windows\System\NNAfBeS.exe
  2⤵
  PID:15252
- C:\Windows\System\TPFMmAE.exe
  C:\Windows\System\TPFMmAE.exe
  2⤵
  PID:15192
- C:\Windows\System\VToFGAS.exe
  C:\Windows\System\VToFGAS.exe
  2⤵
  PID:15324
- C:\Windows\System\XguDCnA.exe
  C:\Windows\System\XguDCnA.exe
  2⤵
  PID:6936
- C:\Windows\System\swhdsNN.exe
  C:\Windows\System\swhdsNN.exe
  2⤵
  PID:14348
- C:\Windows\System\YaFgVnK.exe
  C:\Windows\System\YaFgVnK.exe
  2⤵
  PID:14416
- C:\Windows\System\oejTBmi.exe
  C:\Windows\System\oejTBmi.exe
  2⤵
  PID:14500
- C:\Windows\System\MuoKHFc.exe
  C:\Windows\System\MuoKHFc.exe
  2⤵
  PID:6048
- C:\Windows\System\FemvTQx.exe
  C:\Windows\System\FemvTQx.exe
  2⤵
  PID:4776
- C:\Windows\System\HsaZGrK.exe
  C:\Windows\System\HsaZGrK.exe
  2⤵
  PID:14600
- C:\Windows\System\MZdMJCu.exe
  C:\Windows\System\MZdMJCu.exe
  2⤵
  PID:1836
- C:\Windows\System\CqefYBr.exe
  C:\Windows\System\CqefYBr.exe
  2⤵
  PID:6644
- C:\Windows\System\smxlZMb.exe
  C:\Windows\System\smxlZMb.exe
  2⤵
  PID:6632
- C:\Windows\System\RIdTQtA.exe
  C:\Windows\System\RIdTQtA.exe
  2⤵
  PID:14836
- C:\Windows\System\knbkCBY.exe
  C:\Windows\System\knbkCBY.exe
  2⤵
  PID:3552
- C:\Windows\System\eBgrWiU.exe
  C:\Windows\System\eBgrWiU.exe
  2⤵
  PID:15004
- C:\Windows\System\PgtbwIQ.exe
  C:\Windows\System\PgtbwIQ.exe
  2⤵
  PID:4632
- C:\Windows\System\IBdSYKP.exe
  C:\Windows\System\IBdSYKP.exe
  2⤵
  PID:2032
- C:\Windows\System\clrXrjk.exe
  C:\Windows\System\clrXrjk.exe
  2⤵
  PID:3736
- C:\Windows\System\YLQvKmz.exe
  C:\Windows\System\YLQvKmz.exe
  2⤵
  PID:15116
- C:\Windows\System\NtOeHKZ.exe
  C:\Windows\System\NtOeHKZ.exe
  2⤵
  PID:3384
- C:\Windows\System\pgJTfIb.exe
  C:\Windows\System\pgJTfIb.exe
  2⤵
  PID:15244
- C:\Windows\System\BvIXBno.exe
  C:\Windows\System\BvIXBno.exe
  2⤵
  PID:15260
- C:\Windows\System\KXBphuV.exe
  C:\Windows\System\KXBphuV.exe
  2⤵
  PID:15316
- C:\Windows\System\JHaxDkC.exe
  C:\Windows\System\JHaxDkC.exe
  2⤵
  PID:14256
- C:\Windows\System\dywQGwe.exe
  C:\Windows\System\dywQGwe.exe
  2⤵
  PID:14464
- C:\Windows\System\xTINbKb.exe
  C:\Windows\System\xTINbKb.exe
  2⤵
  PID:2932
- C:\Windows\System\xnQCTXN.exe
  C:\Windows\System\xnQCTXN.exe
  2⤵
  PID:712
- C:\Windows\System\hDiBOCr.exe
  C:\Windows\System\hDiBOCr.exe
  2⤵
  PID:2572
- C:\Windows\System\NbLYGVI.exe
  C:\Windows\System\NbLYGVI.exe
  2⤵
  PID:5924
- C:\Windows\System\hjWEaDP.exe
  C:\Windows\System\hjWEaDP.exe
  2⤵
  PID:6040
- C:\Windows\System\zHQnahd.exe
  C:\Windows\System\zHQnahd.exe
  2⤵
  PID:14796
- C:\Windows\System\aIdzoZi.exe
  C:\Windows\System\aIdzoZi.exe
  2⤵
  PID:4428
- C:\Windows\System\zzqRnWe.exe
  C:\Windows\System\zzqRnWe.exe
  2⤵
  PID:2760
- C:\Windows\System\eYGPJmB.exe
  C:\Windows\System\eYGPJmB.exe
  2⤵
  PID:4816
- C:\Windows\System\uzuyZyn.exe
  C:\Windows\System\uzuyZyn.exe
  2⤵
  PID:15144
- C:\Windows\System\eRHvsNo.exe
  C:\Windows\System\eRHvsNo.exe
  2⤵
  PID:3656
- C:\Windows\System\snlfZVU.exe
  C:\Windows\System\snlfZVU.exe
  2⤵
  PID:2712
- C:\Windows\System\weBFhsK.exe
  C:\Windows\System\weBFhsK.exe
  2⤵
  PID:2256
- C:\Windows\System\uHUDicy.exe
  C:\Windows\System\uHUDicy.exe
  2⤵
  PID:6836
- C:\Windows\System\JAOenIt.exe
  C:\Windows\System\JAOenIt.exe
  2⤵
  PID:14544
- C:\Windows\System\QohtiGH.exe
  C:\Windows\System\QohtiGH.exe
  2⤵
  PID:3508
- C:\Windows\System\LqkDdhf.exe
  C:\Windows\System\LqkDdhf.exe
  2⤵
  PID:12176
- C:\Windows\System\pkoDVBe.exe
  C:\Windows\System\pkoDVBe.exe
  2⤵
  PID:5800
- C:\Windows\System\TAOKBVp.exe
  C:\Windows\System\TAOKBVp.exe
  2⤵
  PID:6388
- C:\Windows\System\uIUscWN.exe
  C:\Windows\System\uIUscWN.exe
  2⤵
  PID:4500
- C:\Windows\System\QrWwfag.exe
  C:\Windows\System\QrWwfag.exe
  2⤵
  PID:1028
- C:\Windows\System\YGsJkCm.exe
  C:\Windows\System\YGsJkCm.exe
  2⤵
  PID:15148
- C:\Windows\System\fXJdldz.exe
  C:\Windows\System\fXJdldz.exe
  2⤵
  PID:7156
- C:\Windows\System\fHCEGJz.exe
  C:\Windows\System\fHCEGJz.exe
  2⤵
  PID:4160
- C:\Windows\System\GQxmteq.exe
  C:\Windows\System\GQxmteq.exe
  2⤵
  PID:14488
- C:\Windows\System\jvspcyh.exe
  C:\Windows\System\jvspcyh.exe
  2⤵
  PID:5420
- C:\Windows\System\WgSAUNl.exe
  C:\Windows\System\WgSAUNl.exe
  2⤵
  PID:14640
- C:\Windows\System\epdbBQf.exe
  C:\Windows\System\epdbBQf.exe
  2⤵
  PID:1008
- C:\Windows\System\LFytfic.exe
  C:\Windows\System\LFytfic.exe
  2⤵
  PID:5956
- C:\Windows\System\ieANbtj.exe
  C:\Windows\System\ieANbtj.exe
  2⤵
  PID:2036
- C:\Windows\System\xCdUJFC.exe
  C:\Windows\System\xCdUJFC.exe
  2⤵
  PID:5548
- C:\Windows\System\KnQAoXo.exe
  C:\Windows\System\KnQAoXo.exe
  2⤵
  PID:1644
- C:\Windows\System\OOAipdW.exe
  C:\Windows\System\OOAipdW.exe
  2⤵
  PID:5724
- C:\Windows\System\ktiGWUi.exe
  C:\Windows\System\ktiGWUi.exe
  2⤵
  PID:632
- C:\Windows\System\SaLutll.exe
  C:\Windows\System\SaLutll.exe
  2⤵
  PID:4088
- C:\Windows\System\dkOXgJZ.exe
  C:\Windows\System\dkOXgJZ.exe
  2⤵
  PID:928
- C:\Windows\System\EIqxLYA.exe
  C:\Windows\System\EIqxLYA.exe
  2⤵
  PID:5632
- C:\Windows\System\EAEWEoK.exe
  C:\Windows\System\EAEWEoK.exe
  2⤵
  PID:5868
- C:\Windows\System\CNCmICU.exe
  C:\Windows\System\CNCmICU.exe
  2⤵
  PID:7224
- C:\Windows\System\qFpKhie.exe
  C:\Windows\System\qFpKhie.exe
  2⤵
  PID:4612
- C:\Windows\System\SdKibud.exe
  C:\Windows\System\SdKibud.exe
  2⤵
  PID:2540
- C:\Windows\System\KVOhYjk.exe
  C:\Windows\System\KVOhYjk.exe
  2⤵
  PID:4684
- C:\Windows\System\eUwkHAR.exe
  C:\Windows\System\eUwkHAR.exe
  2⤵
  PID:4144
- C:\Windows\System\FjwFWyr.exe
  C:\Windows\System\FjwFWyr.exe
  2⤵
  PID:14768
- C:\Windows\System\BvaVsey.exe
  C:\Windows\System\BvaVsey.exe
  2⤵
  PID:7456
- C:\Windows\System\IoVRehP.exe
  C:\Windows\System\IoVRehP.exe
  2⤵
  PID:4876
- C:\Windows\System\tSIhFjn.exe
  C:\Windows\System\tSIhFjn.exe
  2⤵
  PID:5036
- C:\Windows\System\zXxEaiK.exe
  C:\Windows\System\zXxEaiK.exe
  2⤵
  PID:7016
- C:\Windows\System\CBfIbsK.exe
  C:\Windows\System\CBfIbsK.exe
  2⤵
  PID:7252
- C:\Windows\System\iIDHJHW.exe
  C:\Windows\System\iIDHJHW.exe
  2⤵
  PID:4488
- C:\Windows\System\qLyfoXd.exe
  C:\Windows\System\qLyfoXd.exe
  2⤵
  PID:4956
- C:\Windows\System\QGOJgNO.exe
  C:\Windows\System\QGOJgNO.exe
  2⤵
  PID:2764
- C:\Windows\System\ZNJNUAl.exe
  C:\Windows\System\ZNJNUAl.exe
  2⤵
  PID:7752
- C:\Windows\System\KMLLoWO.exe
  C:\Windows\System\KMLLoWO.exe
  2⤵
  PID:2336
- C:\Windows\System\WZdVxJa.exe
  C:\Windows\System\WZdVxJa.exe
  2⤵
  PID:5468
- C:\Windows\System\DRtNPqG.exe
  C:\Windows\System\DRtNPqG.exe
  2⤵
  PID:6464
- C:\Windows\System\fCsAUGA.exe
  C:\Windows\System\fCsAUGA.exe
  2⤵
  PID:7972
- C:\Windows\System\lNSyqCH.exe
  C:\Windows\System\lNSyqCH.exe
  2⤵
  PID:8072
- C:\Windows\System\ZzUqyGv.exe
  C:\Windows\System\ZzUqyGv.exe
  2⤵
  PID:3016
- C:\Windows\System\kBEeNZy.exe
  C:\Windows\System\kBEeNZy.exe
  2⤵
  PID:5772
- C:\Windows\System\mIFMQqV.exe
  C:\Windows\System\mIFMQqV.exe
  2⤵
  PID:3960
- C:\Windows\System\YWpUDYf.exe
  C:\Windows\System\YWpUDYf.exe
  2⤵
  PID:5708
- C:\Windows\System\NRzOVef.exe
  C:\Windows\System\NRzOVef.exe
  2⤵
  PID:7320
- C:\Windows\System\fSyBWYq.exe
  C:\Windows\System\fSyBWYq.exe
  2⤵
  PID:1216
- C:\Windows\System\gveEzrR.exe
  C:\Windows\System\gveEzrR.exe
  2⤵
  PID:7536
- C:\Windows\System\CEUuYmS.exe
  C:\Windows\System\CEUuYmS.exe
  2⤵
  PID:3308
- C:\Windows\System\aOROqgc.exe
  C:\Windows\System\aOROqgc.exe
  2⤵
  PID:7564
- C:\Windows\System\vDfIKJR.exe
  C:\Windows\System\vDfIKJR.exe
  2⤵
  PID:8112
- C:\Windows\System\svfSOkF.exe
  C:\Windows\System\svfSOkF.exe
  2⤵
  PID:7768
- C:\Windows\System\mOQDdja.exe
  C:\Windows\System\mOQDdja.exe
  2⤵
  PID:2492
- C:\Windows\System\XnBwglw.exe
  C:\Windows\System\XnBwglw.exe
  2⤵
  PID:8032
- C:\Windows\System\FDqpUCS.exe
  C:\Windows\System\FDqpUCS.exe
  2⤵
  PID:7256
- C:\Windows\System\DYgjcJq.exe
  C:\Windows\System\DYgjcJq.exe
  2⤵
  PID:7292
- C:\Windows\System\ApTgiKs.exe
  C:\Windows\System\ApTgiKs.exe
  2⤵
  PID:1068
- C:\Windows\System\moObREG.exe
  C:\Windows\System\moObREG.exe
  2⤵
  PID:5336
- C:\Windows\System\uIESQCR.exe
  C:\Windows\System\uIESQCR.exe
  2⤵
  PID:6700
- C:\Windows\System\oFFsZVi.exe
  C:\Windows\System\oFFsZVi.exe
  2⤵
  PID:4840
- C:\Windows\System\QoWjjYc.exe
  C:\Windows\System\QoWjjYc.exe
  2⤵
  PID:5784
- C:\Windows\System\vtoWIez.exe
  C:\Windows\System\vtoWIez.exe
  2⤵
  PID:7648
- C:\Windows\System\qNWrNDD.exe
  C:\Windows\System\qNWrNDD.exe
  2⤵
  PID:8292
- C:\Windows\System\IRynetP.exe
  C:\Windows\System\IRynetP.exe
  2⤵
  PID:8312
- C:\Windows\System\wtJEMBt.exe
  C:\Windows\System\wtJEMBt.exe
  2⤵
  PID:8360
- C:\Windows\System\yWXZVpp.exe
  C:\Windows\System\yWXZVpp.exe
  2⤵
  PID:7472
- C:\Windows\System\xdmTLpw.exe
  C:\Windows\System\xdmTLpw.exe
  2⤵
  PID:8028
- C:\Windows\System\wJljRps.exe
  C:\Windows\System\wJljRps.exe
  2⤵
  PID:7980
- C:\Windows\System\sDHjJJS.exe
  C:\Windows\System\sDHjJJS.exe
  2⤵
  PID:8540
- C:\Windows\System\QcbYuKm.exe
  C:\Windows\System\QcbYuKm.exe
  2⤵
  PID:7548
- C:\Windows\System\LQRZtYa.exe
  C:\Windows\System\LQRZtYa.exe
  2⤵
  PID:4504
- C:\Windows\System\QHGLOWa.exe
  C:\Windows\System\QHGLOWa.exe
  2⤵
  PID:1044
- C:\Windows\System\AQLMCNd.exe
  C:\Windows\System\AQLMCNd.exe
  2⤵
  PID:4528
- C:\Windows\System\pbTpzwL.exe
  C:\Windows\System\pbTpzwL.exe
  2⤵
  PID:6052
- C:\Windows\System\hvdISOQ.exe
  C:\Windows\System\hvdISOQ.exe
  2⤵
  PID:8820
- C:\Windows\System\RYHpIuw.exe
  C:\Windows\System\RYHpIuw.exe
  2⤵
  PID:8200
- C:\Windows\System\NHLYWuK.exe
  C:\Windows\System\NHLYWuK.exe
  2⤵
  PID:8844
- C:\Windows\System\NxzlkOh.exe
  C:\Windows\System\NxzlkOh.exe
  2⤵
  PID:5280
- C:\Windows\System\WzTcLLE.exe
  C:\Windows\System\WzTcLLE.exe
  2⤵
  PID:3760
- C:\Windows\System\fLrxuyx.exe
  C:\Windows\System\fLrxuyx.exe
  2⤵
  PID:8332
- C:\Windows\System\CQKUQNa.exe
  C:\Windows\System\CQKUQNa.exe
  2⤵
  PID:8992
- C:\Windows\System\wylsCVG.exe
  C:\Windows\System\wylsCVG.exe
  2⤵
  PID:9060
- C:\Windows\System\jSiIxFh.exe
  C:\Windows\System\jSiIxFh.exe
  2⤵
  PID:9176
- C:\Windows\System\iBhRxti.exe
  C:\Windows\System\iBhRxti.exe
  2⤵
  PID:6292
- C:\Windows\System\cvMbNbQ.exe
  C:\Windows\System\cvMbNbQ.exe
  2⤵
  PID:5936
- C:\Windows\System\DeiLjkf.exe
  C:\Windows\System\DeiLjkf.exe
  2⤵
  PID:8300
- C:\Windows\System\PLgCkbA.exe
  C:\Windows\System\PLgCkbA.exe
  2⤵
  PID:4048
- C:\Windows\System\GfnxZpT.exe
  C:\Windows\System\GfnxZpT.exe
  2⤵
  PID:8492
- C:\Windows\System\HioIuFd.exe
  C:\Windows\System\HioIuFd.exe
  2⤵
  PID:8852
- C:\Windows\System\PCCRFAk.exe
  C:\Windows\System\PCCRFAk.exe
  2⤵
  PID:6164
- C:\Windows\System\cwTTOdJ.exe
  C:\Windows\System\cwTTOdJ.exe
  2⤵
  PID:8668
- C:\Windows\System\iLXjwbE.exe
  C:\Windows\System\iLXjwbE.exe
  2⤵
  PID:8728
- C:\Windows\System\tjTnwXt.exe
  C:\Windows\System\tjTnwXt.exe
  2⤵
  PID:9128
- C:\Windows\System\uubxZUZ.exe
  C:\Windows\System\uubxZUZ.exe
  2⤵
  PID:6628
- C:\Windows\System\NxDCScm.exe
  C:\Windows\System\NxDCScm.exe
  2⤵
  PID:8652
- C:\Windows\System\eAEsTWR.exe
  C:\Windows\System\eAEsTWR.exe
  2⤵
  PID:2216
- C:\Windows\System\YMAVPOI.exe
  C:\Windows\System\YMAVPOI.exe
  2⤵
  PID:1516
- C:\Windows\System\iCoaBHs.exe
  C:\Windows\System\iCoaBHs.exe
  2⤵
  PID:8740
- C:\Windows\System\DfUAYOH.exe
  C:\Windows\System\DfUAYOH.exe
  2⤵
  PID:6764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CxYeSFk.exe

Filesize
6.1MB

MD5
287569bdb217ea5221edc18121841467

SHA1
5b76681bdab6ce9c5c5d8a76601997172ecf7d13

SHA256
2136aa7584f0d8ecc91b23b840bdd3562187949cd6f962f3ec66cbae82dd5619

SHA512
707dee1fa5e5e8dd6d5a617d5ce732d3d5eb59bcdd37aa4517f5df52236ffdf689210fae5c0de977709d01904c5a43dc7f8992c3e026835bda124d529392d4ad

Download Submit
C:\Windows\System\DOXGftc.exe

Filesize
6.1MB

MD5
976957bf8ec17bfc7d983532fd322e23

SHA1
517a4af5a4a4546d58f52f8be48723b8bec65b95

SHA256
e1de7b766ee0c69bca2cfd6fc0f59d3902b6aacb33ad50f890206242fbd672df

SHA512
abe9e37bccaafae7f97ec0398b282beb08d2a7dc52fab5b80ff80b7df273d01e5adc6dee420094a692baef7ec12e134411f3baca12405d4313bab85139ae5ec7

Download Submit
C:\Windows\System\EaseLdJ.exe

Filesize
6.1MB

MD5
5ae2a582d0fcf589af836e0e41b1a5a8

SHA1
f7d29476402efec5c70330624054ebc3f142683c

SHA256
8cf70badb8a78ea4cd930c0742e8eb2628ec87241be67f798ba85f9cad38707a

SHA512
e498c7166bcb34a7a140524e342cb932f9f40556ed5a70a76113d69566e45e98796c0fe7c04005b23ce7854a0e05e5323ffd9892b2333fff3184060a33d12c87

Download Submit
C:\Windows\System\GFZUSAC.exe

Filesize
6.1MB

MD5
fb899ce731d974a4cfe1c2adc3f078f5

SHA1
436fed074ea49e419eb54d939f060001ebd5d208

SHA256
ae3255d92157b15b0607be72e3d54152cb64ec7ae1aa91fb250cfb5d11cf9c77

SHA512
ffc033f71f3ba48c803727c48af6a598ba2411b05c1b0028a8fcb37b0d69de85a8eca8701fa00dcf79033fdfc82b9871e3651de14f5c4af872402ed3610f0e82

Download Submit
C:\Windows\System\INRBHrw.exe

Filesize
6.1MB

MD5
4239d85256d7bc4ea88c71960ac1618c

SHA1
20ba307558eb39f97580053f2d99f0a500c07214

SHA256
bef99e191b994c53d12626eb1ab5221bb55f1933bd0fc13126325be80d7d07e5

SHA512
d99479a02c66e0cefa9496b233ffecc5079f2001a2198908a98fea4e245d4ba1bdfecd6e3ce4d4b5eda767b14df62ded9e41e8cce31bb56a7caff891b57e0049

Download Submit
C:\Windows\System\ORwMDaJ.exe

Filesize
6.1MB

MD5
c65b44d9bbbd7a629ac90050ebbf6030

SHA1
07c7542f7e820e423be121f410a95c3a428c7f63

SHA256
a4c1a9b1e27832f1fdd6cfab538854333393b85fe80060b614ee4d4991987933

SHA512
401e12bde11cc42068e0ffe2a55a11ee9d59e2fd1e9d0eedd71c2ca62173a351d5c104bed692f200321d218addf5ae19527f8fc9e298d5ac4028baebf123b539

Download Submit
C:\Windows\System\PAxsjXk.exe

Filesize
6.1MB

MD5
eb50f33055e1c585f513acd98a05b1f5

SHA1
87a66b0d483202d33aed94768bb8a540b7e526cd

SHA256
bd3e7a399e13c17fa10a396c08c9657e1237fc751f11a5e09dd645edef41cdb5

SHA512
7a31a74395abc3a6d8af36637b866ce55dc93e3dc8f70a497e0994cf80ab3bd6a997b5ca74ce88f7e1bd92a9d3c707eda3e4acc26c534ca110375d0256c68753

Download Submit
C:\Windows\System\PgKaAMs.exe

Filesize
6.1MB

MD5
bc00170a09eb249fcaa88ff2fa1268d8

SHA1
89f028706291476594b09ab0b5c1d6c95121cf43

SHA256
6852ae8115b3b3070ddcf7e6b70c0f6430cc8994bd6dc3de99c464e1680dd1ec

SHA512
496a9bd4e95ef55fad2e2cc7553c6a150932d68d9554adb933e768ed084d82793809afe110908fc05ac192f86a7fdec954effac208311c7fd86446da0f5ba2ff

Download Submit
C:\Windows\System\SwHjPIi.exe

Filesize
6.1MB

MD5
12975ee3de2690f0fba22d53259e3dec

SHA1
6e192866ad7ef067366fbffc5f49c964e703066c

SHA256
480d05e9cce2b37f39eceaa0eb75dcf58fd4355db9056b20646e248b62bdca54

SHA512
25ba662a108bc465731e51bf1d1dfef4851db1173e78d9d4c05055cc8840203b37f76790c305617268ee635513a65bde820fa00c8c9fd4c4908d759aaae0dedb

Download Submit
C:\Windows\System\YUVFzon.exe

Filesize
6.1MB

MD5
1e02887584438ded62b329ab6da6a53f

SHA1
12495ac9651cfb27fc489ceef425be04ad0661d6

SHA256
dd74c4add473eb568ce21d829b08af31cdb546f64309b9f99a83d6a0cce95b35

SHA512
e1a92544c2c9795bd18ba640a3b6b93665f7dadf75c5e5d4459412ebe46a98ca937a73459d5b66aff192440547561d2c8b18caf696ce9bc3fc08823c759357fd

Download Submit
C:\Windows\System\ZSXluZw.exe

Filesize
6.1MB

MD5
9b0b476dbd631f5a763c37147067876a

SHA1
d12408999515136e309f207b767420be6b98dc2a

SHA256
26b754204b6bd1c26d7a0e3ad7eab9fdafe497845ea4495305d2617121c290e4

SHA512
731276de4d392496e7784ec879e15bdd57b95418a8599b2bf0132beae1e283d8f8469104a3a49860426324a0f19c3955743acf3e36ba991a03a3a5498866f53e

Download Submit
C:\Windows\System\ceZrTya.exe

Filesize
6.1MB

MD5
6beb0366ee3401ee0a7bef1517e103db

SHA1
ba601c8163bbfc5314cf6c3a1e5be96570edfdcc

SHA256
fcafd46336df7c8d8e6e54e9134526e46b7fa98094eed034e4217dff22a3c237

SHA512
d8013165f5e736a7ec49aa259537c8337430b38e54599998571e72df7683593ef3a495247b6d30317c9cb6722c22f6efa3edc94a79c948d7e544a1c72ae314ff

Download Submit
C:\Windows\System\hUGgRBf.exe

Filesize
6.1MB

MD5
da64357ab20ee4626f797ed4a14f1d93

SHA1
37ac0e2dbd0f97b927e042902b757a1953bb421a

SHA256
ee628a136e7d4e5dfc748c5dc12e1ae6c5d495f6620d890b0d5996df039e53bc

SHA512
9d73aa41de30d702cf5e7cec9cc393a354d99a09e5c510100c6c599e3650ffeaf1d97df747228183af3e63a954eb5088895740ed8da3debd17e02858473755ea

Download Submit
C:\Windows\System\konjuVn.exe

Filesize
6.1MB

MD5
53c6b61ec43d0f7c22c2f70a054f5162

SHA1
d302c46bb2ac536fbee379e96e44debdd0e7d339

SHA256
b5f698c95bc43bddfc25eedfea142d23071327aeecbdcb0d783a367c0f0706ca

SHA512
d6fa27d64d396d648314c17a7d200e6f19c6e4a9b76d031b96689d31423836a50fea7698946804f6908d57d688a2c3b3b363025830b3f589710c1fdeaebd5aab

Download Submit
C:\Windows\System\kozPAak.exe

Filesize
6.1MB

MD5
3cc3b17f5285c1caf0123608fdbe7ed0

SHA1
0c644b0d4912e9caab67cd47116ccea1f47ef2bf

SHA256
c108837e6edb90a383186b6a635353725a44977c04946ec9bcf30443311f1443

SHA512
6baa14bf3517489686c46a6df8a3539f353f0d3d8ab66d6bf4cc97ecaf1073dee0f7084ac421cb8224ab0e910eca4add9f9a2db6ece14ac324c6acfbe5c527aa

Download Submit
C:\Windows\System\oUpEnXd.exe

Filesize
6.1MB

MD5
f4b443b3cf342fff52ae81ed635e38ae

SHA1
e26b0584d134226467cb0ef42d4f88ae9cfa4d67

SHA256
ebf6352f771e94125448058301976a16377a2679fb9ea2852e4d1cbb113354a7

SHA512
be1c2e74066707c1fbc09ef62ad47813afc73a22487d193ae5e84655646b6072cf3e06a7aac643497ebb11cbc563bb8af6558d3f57a34213de4167360882a1b3

Download Submit
C:\Windows\System\rMPXBvu.exe

Filesize
6.1MB

MD5
d90b919e8282fb464956f4b7fafb4922

SHA1
12e647b507461464be1e1f38c8c34c012e2df5ea

SHA256
1fee3f625c6082b6f4f9a6778880ea3f503e37f32e12aa8d55b2c585e5482cf9

SHA512
ed26d62f465ba88f5e9beb72deaee529b0e0560e30dc1173ae8167a34c12a7a9eb4396f9d07e858fda9fb0a505443cd7743a818cc0e0be68dc49c3166053ebf3

Download Submit
C:\Windows\System\rllwHqX.exe

Filesize
6.1MB

MD5
43a6a1c8262767e9064a3943c1b10822

SHA1
b46c26b9c834cd8dd39024fdf1d7d3f51b3662ba

SHA256
ce550bcfa082af78d37e44138880d9a2b339faf4facb7f849e9217a35ea1543f

SHA512
5357f89c2c09db56500043b7eb68088631eafb7c94fbda2a5562d193618811052f82fabadc40903e8d111bd27cbbcf1c979c8c89c7065991011ebf4964251700

Download Submit
C:\Windows\System\sAXeMUn.exe

Filesize
6.1MB

MD5
3147f1371e00b2667872df0a1643d54c

SHA1
857beacef55358662c64a4b6a5443e0b803310fe

SHA256
ffb2a96b44c2081d0285e8c78c8781a6675e1f880d803eae7fc23e4c7cc7a350

SHA512
bc8d32bb9cec9862e355ab7a2330bd9cb5f14d68bb6a27810b518e31a6535261b2a50c7ef9a5cce7251f83c15f4b9574270afa89875f73c023090acbb67398c1

Download Submit
C:\Windows\System\sKCvEhu.exe

Filesize
6.1MB

MD5
a64b532a1c5e933f3459f04c3563631e

SHA1
aec4cf885fa07f0f4c12b7308e29f5580038b98f

SHA256
f9b3ea871886ec8f5ee6a1b1f817a8fe9fb43a97bc449448f645e5b173da854c

SHA512
56497d218aea09aeec97b39c540a570d1f4ce2d903661bb5e9acd2ebaea431761de9f2e4c1947d4400c158c972531565c9c136bf5339f645a67c2d4ae57f5528

Download Submit
C:\Windows\System\srWQAQQ.exe

Filesize
6.1MB

MD5
6828176401f34ae4fb43ace6528b9324

SHA1
f5a8654f0516cf1a355fb5cbf06d8fba085d51f3

SHA256
874c82cb219b5a51f0c73e35c21c1a29665a188f9b87bb515334b5b8bf661c69

SHA512
3f62ceaece49e6e09c45d7cb0de3219ed46448636883312d57edde1616d65264c113f2242645f1ac2de0607d1530aeed5ed159304f10fcdbe79fad5f6dc49256

Download Submit
C:\Windows\System\suWwtfa.exe

Filesize
6.1MB

MD5
e789ecf5b843878838b216f8853f26d7

SHA1
8c76c4bb4d614b4bc4ca357d88662ec97c0d6c91

SHA256
6a94b183ccd7d70e3e89e2fffdc5bd2befaa06aa32bb16ea6c2e47de4f0d35be

SHA512
6b665f872dbbc1c4ce6eb0a246b1c056b1004c970bf3ba8eb244d9e5aec29c54cc68d75189cb0db7bbdb69b014a8b01d56f2c016b223e8bad34d9c260118a28a

Download Submit
C:\Windows\System\tAVznFj.exe

Filesize
6.1MB

MD5
35f31a430bc7933d92135419f9efe8be

SHA1
2d1ee76c6358b4e277c5070c5197a69e76662a78

SHA256
715537bc59750029ea12d83005aabaafc5ab93a6ab853de30b90078049cadbbd

SHA512
f4c8b59f351a8e3567a9dc8682101d7d74c9067f6c26abc2f1b39bdddbc494b7bc97f5c18aa4c7b5ddeb43b1cf3d9b41eaccb13eb22fdd3769aeb64ab927f00b

Download Submit
C:\Windows\System\tTaDJfH.exe

Filesize
6.1MB

MD5
deb0bb1e81bfce41b8be211429385641

SHA1
31314d3e65d32356316fa1903edcdc6da55d38ca

SHA256
99efacac60622b64a1e2ae3654d29cc454c0aaabfbd7beeab4d2701f264cc310

SHA512
3865b57702e6cb5dc2e8947385fe386337fcc0cda78f17aebbcf3aab9eac82b4f7ae3f91b15520e45a3ed78c85085820a5b2cb5da8dd68286ca528dc7910b80a

Download Submit
C:\Windows\System\vdNNfXw.exe

Filesize
6.1MB

MD5
7cd6bc6c7192e5d3788820f530ad6a62

SHA1
246a5de801a1525f6e21d297f57f9f943486f519

SHA256
edbbfbc83aee7008d772f5a744f5c85d8b06a9283c032ddd45e72b7d6735c4ab

SHA512
81731dc3819c96886472ef36792f13e58286666aeeee4ab79531bc7915a629683155ace5e4a4905077e25dbfa977dc455d11f3aa7e8615ff1efb0531ed44216e

Download Submit
C:\Windows\System\wKDRkou.exe

Filesize
6.1MB

MD5
2922ac506b42cdbd67b66ac6fd56f51d

SHA1
54bb723644d0b2ddce26d4599c2cd75198653155

SHA256
2c19e145a5bdca4c5e91da59f150bf8d72feadfe5396a1543b1c426201b71e6e

SHA512
54a58061e862b2f03f5b8329d288ba56db04d7cb653fe3439d1992265d6a30bb5d8866fd0a12fe57f85e1015d6c09df544799cdb704ba37e8b98d521da078c51

Download Submit
C:\Windows\System\wVDttYc.exe

Filesize
6.1MB

MD5
553a38860d44d73db1ddf21b38ce02f1

SHA1
b3bf47d930d6a683daa5b3990dda26f1b90aace1

SHA256
524bbe6a352c5a027d4cc1e4508b30c24ada745e83c765020a7024d11f77a062

SHA512
f4320bad24d55eb9dce9b54a293d34ae80413de688ccec89788c6e370f68a13d48d4a829db53cfe15d30c8df6c0160ff7c09d6b0feb5a9e30c41b8502f69fd38

Download Submit
C:\Windows\System\xFLmitn.exe

Filesize
6.1MB

MD5
a1ae5c0964b0c38d4c382f0c83d65e85

SHA1
fb26535a92c95f629f5134444d58a81018a2e911

SHA256
253d995e3985a95ec62739d0fdb253128a3a65de65c3827fa22a3af49d1bdd12

SHA512
6f82806766b8285164db32109e6c630e14c477238d71cd16c02f5393d3c899596e4a282f49643749af56d19569a2fe7464c8bebf425d8f4213fd711e140782e5

Download Submit
C:\Windows\System\xnRcFVC.exe

Filesize
6.1MB

MD5
cc403b7e901169efc42ac2a45ffd2dab

SHA1
87f4777690d34b00f1d328d550ccfd9e4eba6b7d

SHA256
10f3950cf175d48e952f4c3735f83311d06d0c3d3b19d40bcc52f0f4fabd524c

SHA512
a92a7903e29b4183789ac25105630eff91448bb28a8af7238d11fe2f5cc567ed883d932b8e6897a72fcd07e5384cfeaa63114e4bcd634666f0a4d4df69a8985f

Download Submit
C:\Windows\System\zBtUMda.exe

Filesize
6.1MB

MD5
282860b5c79a824b1a843b517a52a3b4

SHA1
624d30e6ca34b220e71af6a593cc2d97748b4057

SHA256
3ba7e5143cdd454ca7a5cc8d647df0b654a75b9589b385f9ba2fbb0dba60a20b

SHA512
cd5a963b75251e37755584f64ce16e099bdad75d68578aff91802d5f76deb621b4109b197d94a33ee4fdfc5dfc9043339447666e9d5090b4975e3ebcabcc1987

Download Submit
C:\Windows\System\zIUjIjg.exe

Filesize
6.1MB

MD5
f5eb1c5dd3d48d9c6b724ec006d7e40d

SHA1
deac5bc5fbce4e0ae994621ebe3086ff8491c13c

SHA256
b2ea2b2d94ac075f64b64cfc9ff28cfacb55e47bb8fd0398689f19866e1a3dbf

SHA512
c60256cdd954a981f87c803ee06bb210d4db048244cd2677afba18368cc1670d36c87a780b0648e548b81b8201cec7261b57090659587deefbe30482d9adce6b

Download Submit
C:\Windows\System\zXohhxT.exe

Filesize
6.1MB

MD5
47507fe5c68d5f068c01980731a42c76

SHA1
9c7d70dc7ef01270f1eed9f39b4680924fbd5a21

SHA256
b083f92431cab1fa6c060eed277ad5de9cf9277d74ed18f47ab8be1059d407bc

SHA512
91730471e66a2a2310d74124d70ed469076df1167482f8bf8713c82cb8ef2e10856fdd2b0d8fd1fb9dc6d97ac7a0d3112f4e5b87f4330cd12876fc4f258771bd

Download Submit
memory/752-35-0x00007FF70EA20000-0x00007FF70ED74000-memory.dmp

Filesize
3.3MB

Download
memory/752-736-0x00007FF70EA20000-0x00007FF70ED74000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2391-0x00007FF76F3D0000-0x00007FF76F724000-memory.dmp

Filesize
3.3MB

Download
memory/1256-630-0x00007FF76F3D0000-0x00007FF76F724000-memory.dmp

Filesize
3.3MB

Download
memory/1264-615-0x00007FF729370000-0x00007FF7296C4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-2377-0x00007FF729370000-0x00007FF7296C4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-633-0x00007FF6C1DD0000-0x00007FF6C2124000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2394-0x00007FF6C1DD0000-0x00007FF6C2124000-memory.dmp

Filesize
3.3MB

Download
memory/1392-83-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp

Filesize
3.3MB

Download
memory/1392-18-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2172-0x00007FF7B8F30000-0x00007FF7B9284000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2379-0x00007FF670870000-0x00007FF670BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1604-620-0x00007FF670870000-0x00007FF670BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-627-0x00007FF6DCF00000-0x00007FF6DD254000-memory.dmp

Filesize
3.3MB

Download
memory/1856-676-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-30-0x00007FF698A90000-0x00007FF698DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-2364-0x00007FF63E550000-0x00007FF63E8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-605-0x00007FF63E550000-0x00007FF63E8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-858-0x00007FF7852F0000-0x00007FF785644000-memory.dmp

Filesize
3.3MB

Download
memory/1936-46-0x00007FF7852F0000-0x00007FF785644000-memory.dmp

Filesize
3.3MB

Download
memory/2144-792-0x00007FF694BE0000-0x00007FF694F34000-memory.dmp

Filesize
3.3MB

Download
memory/2144-42-0x00007FF694BE0000-0x00007FF694F34000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2276-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp

Filesize
3.3MB

Download
memory/2276-61-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp

Filesize
3.3MB

Download
memory/2276-991-0x00007FF6137E0000-0x00007FF613B34000-memory.dmp

Filesize
3.3MB

Download
memory/2420-624-0x00007FF6C5A10000-0x00007FF6C5D64000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2387-0x00007FF6C5A10000-0x00007FF6C5D64000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2168-0x00007FF7B9DB0000-0x00007FF7BA104000-memory.dmp

Filesize
3.3MB

Download
memory/3012-12-0x00007FF7B9DB0000-0x00007FF7BA104000-memory.dmp

Filesize
3.3MB

Download
memory/3012-74-0x00007FF7B9DB0000-0x00007FF7BA104000-memory.dmp

Filesize
3.3MB

Download
memory/4020-7-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2161-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-67-0x00007FF7B3870000-0x00007FF7B3BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-24-0x00007FF673B00000-0x00007FF673E54000-memory.dmp

Filesize
3.3MB

Download
memory/4076-636-0x00007FF673B00000-0x00007FF673E54000-memory.dmp

Filesize
3.3MB

Download
memory/4264-603-0x00007FF65EEB0000-0x00007FF65F204000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2361-0x00007FF65EEB0000-0x00007FF65F204000-memory.dmp

Filesize
3.3MB

Download
memory/4444-609-0x00007FF7ABF80000-0x00007FF7AC2D4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-607-0x00007FF674A10000-0x00007FF674D64000-memory.dmp

Filesize
3.3MB

Download
memory/4672-602-0x00007FF6B0590000-0x00007FF6B08E4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-1069-0x00007FF636920000-0x00007FF636C74000-memory.dmp

Filesize
3.3MB

Download
memory/4680-68-0x00007FF636920000-0x00007FF636C74000-memory.dmp

Filesize
3.3MB

Download
memory/4808-77-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp

Filesize
3.3MB

Download
memory/4808-1134-0x00007FF7F1430000-0x00007FF7F1784000-memory.dmp

Filesize
3.3MB

Download
memory/4832-1137-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-596-0x00007FF62B270000-0x00007FF62B5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2384-0x00007FF602C90000-0x00007FF602FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-623-0x00007FF602C90000-0x00007FF602FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-639-0x00007FF74A090000-0x00007FF74A3E4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-614-0x00007FF6F9670000-0x00007FF6F99C4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2378-0x00007FF6F9670000-0x00007FF6F99C4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2373-0x00007FF6B1460000-0x00007FF6B17B4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-610-0x00007FF6B1460000-0x00007FF6B17B4000-memory.dmp

Filesize
3.3MB

Download
memory/5604-618-0x00007FF70D260000-0x00007FF70D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5604-2380-0x00007FF70D260000-0x00007FF70D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5716-0-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5716-60-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5716-1-0x000001BB39740000-0x000001BB39750000-memory.dmp

Filesize
64KB

Download
memory/5752-930-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp

Filesize
3.3MB

Download
memory/5752-54-0x00007FF6DBF30000-0x00007FF6DC284000-memory.dmp

Filesize
3.3MB

Download