cobaltstrike | aa68ed0552d6aa4b0a3f2d8efe9884daaa0e38f6dbb9a181bbbd3c9bc1445a8f

Analysis

max time kernel
118s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

d3570d5e7a2dfaab88093e2a3c168e10
SHA1

1d275c89a86f3f7246bf21ed1f37848f671602e0
SHA256

aa68ed0552d6aa4b0a3f2d8efe9884daaa0e38f6dbb9a181bbbd3c9bc1445a8f
SHA512

dc6e95a458c192d58448ec1495688f9a2af8d4b77d8376271c48fd38c1bf231784ae79f3a762c275938a3b493a9bd5c772ed00160f9b55ca84557f34bfa9fcee
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000024046-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ec-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240eb-11.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000240e8-22.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ed-28.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ef-35.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f0-39.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f1-47.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f2-50.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f3-60.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f8-89.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f9-95.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240fd-112.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240fe-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024101-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024102-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024104-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024109-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024108-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024107-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024106-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024105-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024103-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024100-132.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ff-124.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240fc-107.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240fb-102.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240fa-97.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f7-84.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f6-79.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f5-75.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240f4-69.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4824-0-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp	xmrig
behavioral2/files/0x000b000000024046-5.dat	xmrig
behavioral2/memory/2180-9-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ec-10.dat	xmrig
behavioral2/files/0x00070000000240eb-11.dat	xmrig
behavioral2/memory/4160-14-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp	xmrig
behavioral2/memory/2144-19-0x00007FF7D0910000-0x00007FF7D0C64000-memory.dmp	xmrig
behavioral2/files/0x00080000000240e8-22.dat	xmrig
behavioral2/memory/820-24-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ed-28.dat	xmrig
behavioral2/memory/2968-31-0x00007FF703290000-0x00007FF7035E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ef-35.dat	xmrig
behavioral2/memory/5856-36-0x00007FF7BFC50000-0x00007FF7BFFA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240f0-39.dat	xmrig
behavioral2/memory/5088-46-0x00007FF6F8940000-0x00007FF6F8C94000-memory.dmp	xmrig
behavioral2/files/0x00070000000240f1-47.dat	xmrig
behavioral2/files/0x00070000000240f2-50.dat	xmrig
behavioral2/files/0x00070000000240f3-60.dat	xmrig
behavioral2/files/0x00070000000240f8-89.dat	xmrig
behavioral2/files/0x00070000000240f9-95.dat	xmrig
behavioral2/files/0x00070000000240fd-112.dat	xmrig
behavioral2/files/0x00070000000240fe-120.dat	xmrig
behavioral2/files/0x0007000000024101-129.dat	xmrig
behavioral2/files/0x0007000000024102-142.dat	xmrig
behavioral2/files/0x0007000000024104-150.dat	xmrig
behavioral2/memory/3416-972-0x00007FF685BC0000-0x00007FF685F14000-memory.dmp	xmrig
behavioral2/files/0x0007000000024109-174.dat	xmrig
behavioral2/files/0x0007000000024108-170.dat	xmrig
behavioral2/files/0x0007000000024107-166.dat	xmrig
behavioral2/files/0x0007000000024106-162.dat	xmrig
behavioral2/files/0x0007000000024105-154.dat	xmrig
behavioral2/files/0x0007000000024103-146.dat	xmrig
behavioral2/files/0x0007000000024100-132.dat	xmrig
behavioral2/files/0x00070000000240ff-124.dat	xmrig
behavioral2/memory/5556-977-0x00007FF7A4C40000-0x00007FF7A4F94000-memory.dmp	xmrig
behavioral2/memory/116-976-0x00007FF6B4B90000-0x00007FF6B4EE4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240fc-107.dat	xmrig
behavioral2/files/0x00070000000240fb-102.dat	xmrig
behavioral2/files/0x00070000000240fa-97.dat	xmrig
behavioral2/files/0x00070000000240f7-84.dat	xmrig
behavioral2/files/0x00070000000240f6-79.dat	xmrig
behavioral2/files/0x00070000000240f5-75.dat	xmrig
behavioral2/files/0x00070000000240f4-69.dat	xmrig
behavioral2/memory/2180-63-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp	xmrig
behavioral2/memory/1108-59-0x00007FF6F41B0000-0x00007FF6F4504000-memory.dmp	xmrig
behavioral2/memory/4824-57-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp	xmrig
behavioral2/memory/228-51-0x00007FF793A10000-0x00007FF793D64000-memory.dmp	xmrig
behavioral2/memory/2924-978-0x00007FF7C77F0000-0x00007FF7C7B44000-memory.dmp	xmrig
behavioral2/memory/2940-980-0x00007FF70FF20000-0x00007FF710274000-memory.dmp	xmrig
behavioral2/memory/3584-981-0x00007FF7F5800000-0x00007FF7F5B54000-memory.dmp	xmrig
behavioral2/memory/3936-979-0x00007FF7617E0000-0x00007FF761B34000-memory.dmp	xmrig
behavioral2/memory/1872-982-0x00007FF6E2980000-0x00007FF6E2CD4000-memory.dmp	xmrig
behavioral2/memory/2576-986-0x00007FF6F1F70000-0x00007FF6F22C4000-memory.dmp	xmrig
behavioral2/memory/2060-985-0x00007FF6460D0000-0x00007FF646424000-memory.dmp	xmrig
behavioral2/memory/2596-987-0x00007FF62FA10000-0x00007FF62FD64000-memory.dmp	xmrig
behavioral2/memory/2484-991-0x00007FF71AAF0000-0x00007FF71AE44000-memory.dmp	xmrig
behavioral2/memory/3076-997-0x00007FF618900000-0x00007FF618C54000-memory.dmp	xmrig
behavioral2/memory/6024-1002-0x00007FF7F69E0000-0x00007FF7F6D34000-memory.dmp	xmrig
behavioral2/memory/1608-1005-0x00007FF74A740000-0x00007FF74AA94000-memory.dmp	xmrig
behavioral2/memory/3608-1006-0x00007FF696190000-0x00007FF6964E4000-memory.dmp	xmrig
behavioral2/memory/1316-1010-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp	xmrig
behavioral2/memory/4160-1009-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp	xmrig
behavioral2/memory/5728-1001-0x00007FF7F20C0000-0x00007FF7F2414000-memory.dmp	xmrig
behavioral2/memory/4104-1000-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2180	ERtbWIt.exe
4160	rVtVSZW.exe
2144	ZFHFhLC.exe
820	Refzkry.exe
2968	HXntSiS.exe
5856	DnFfBWx.exe
5088	EGsSLhC.exe
228	HLdXlix.exe
1108	vxViIQV.exe
3416	CLCMlNw.exe
1316	FXoAxPd.exe
116	HHRBpAO.exe
5556	WiEKiOi.exe
2924	ArkzTdb.exe
3936	zYiDVLy.exe
2940	VGSNzVv.exe
3584	NPVcYPA.exe
1872	gUIFZRI.exe
2060	bkZIpSz.exe
2576	TcZumHT.exe
2596	eocjTNu.exe
2484	WQtiQfI.exe
6096	GSDTLMy.exe
3076	qlXdFue.exe
4104	SIZEmfe.exe
5728	IGGwBrP.exe
6024	UjrEMca.exe
1608	RONRJAW.exe
3608	TvTwbZy.exe
3456	FQwaPAO.exe
4244	eBNKZlz.exe
4288	pMqkfDs.exe
5176	rzOHmaI.exe
5736	mklDIuB.exe
2956	dvzYGYa.exe
4008	QUnHYeu.exe
5920	BGgDKvI.exe
6132	VbTBELl.exe
4356	NiiPhKz.exe
5156	znZMmrX.exe
1628	jGkObGz.exe
3680	lFYPvXL.exe
1276	AkDJdpa.exe
5524	nEUDJyZ.exe
5832	yJyMJxQ.exe
648	MooaxbN.exe
6068	oZgxOdP.exe
1556	lCiKZIr.exe
3168	tlAnuxs.exe
2908	ibxNqyz.exe
2772	nHCRSgw.exe
1436	cLnvSOd.exe
5264	bcxMzjg.exe
876	HTASKbS.exe
1800	ZETxoLE.exe
760	gJYAlTI.exe
4700	aZVnLVj.exe
4472	tcEdOOc.exe
2212	BEhfCud.exe
1704	wDJjNmc.exe
5984	tkqbirP.exe
1856	jzqrBLd.exe
1312	EqVwgOl.exe
4488	vqjJIDz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4824-0-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp	upx
behavioral2/files/0x000b000000024046-5.dat	upx
behavioral2/memory/2180-9-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp	upx
behavioral2/files/0x00070000000240ec-10.dat	upx
behavioral2/files/0x00070000000240eb-11.dat	upx
behavioral2/memory/4160-14-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp	upx
behavioral2/memory/2144-19-0x00007FF7D0910000-0x00007FF7D0C64000-memory.dmp	upx
behavioral2/files/0x00080000000240e8-22.dat	upx
behavioral2/memory/820-24-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp	upx
behavioral2/files/0x00070000000240ed-28.dat	upx
behavioral2/memory/2968-31-0x00007FF703290000-0x00007FF7035E4000-memory.dmp	upx
behavioral2/files/0x00070000000240ef-35.dat	upx
behavioral2/memory/5856-36-0x00007FF7BFC50000-0x00007FF7BFFA4000-memory.dmp	upx
behavioral2/files/0x00070000000240f0-39.dat	upx
behavioral2/memory/5088-46-0x00007FF6F8940000-0x00007FF6F8C94000-memory.dmp	upx
behavioral2/files/0x00070000000240f1-47.dat	upx
behavioral2/files/0x00070000000240f2-50.dat	upx
behavioral2/files/0x00070000000240f3-60.dat	upx
behavioral2/files/0x00070000000240f8-89.dat	upx
behavioral2/files/0x00070000000240f9-95.dat	upx
behavioral2/files/0x00070000000240fd-112.dat	upx
behavioral2/files/0x00070000000240fe-120.dat	upx
behavioral2/files/0x0007000000024101-129.dat	upx
behavioral2/files/0x0007000000024102-142.dat	upx
behavioral2/files/0x0007000000024104-150.dat	upx
behavioral2/memory/3416-972-0x00007FF685BC0000-0x00007FF685F14000-memory.dmp	upx
behavioral2/files/0x0007000000024109-174.dat	upx
behavioral2/files/0x0007000000024108-170.dat	upx
behavioral2/files/0x0007000000024107-166.dat	upx
behavioral2/files/0x0007000000024106-162.dat	upx
behavioral2/files/0x0007000000024105-154.dat	upx
behavioral2/files/0x0007000000024103-146.dat	upx
behavioral2/files/0x0007000000024100-132.dat	upx
behavioral2/files/0x00070000000240ff-124.dat	upx
behavioral2/memory/5556-977-0x00007FF7A4C40000-0x00007FF7A4F94000-memory.dmp	upx
behavioral2/memory/116-976-0x00007FF6B4B90000-0x00007FF6B4EE4000-memory.dmp	upx
behavioral2/files/0x00070000000240fc-107.dat	upx
behavioral2/files/0x00070000000240fb-102.dat	upx
behavioral2/files/0x00070000000240fa-97.dat	upx
behavioral2/files/0x00070000000240f7-84.dat	upx
behavioral2/files/0x00070000000240f6-79.dat	upx
behavioral2/files/0x00070000000240f5-75.dat	upx
behavioral2/files/0x00070000000240f4-69.dat	upx
behavioral2/memory/2180-63-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp	upx
behavioral2/memory/1108-59-0x00007FF6F41B0000-0x00007FF6F4504000-memory.dmp	upx
behavioral2/memory/4824-57-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp	upx
behavioral2/memory/228-51-0x00007FF793A10000-0x00007FF793D64000-memory.dmp	upx
behavioral2/memory/2924-978-0x00007FF7C77F0000-0x00007FF7C7B44000-memory.dmp	upx
behavioral2/memory/2940-980-0x00007FF70FF20000-0x00007FF710274000-memory.dmp	upx
behavioral2/memory/3584-981-0x00007FF7F5800000-0x00007FF7F5B54000-memory.dmp	upx
behavioral2/memory/3936-979-0x00007FF7617E0000-0x00007FF761B34000-memory.dmp	upx
behavioral2/memory/1872-982-0x00007FF6E2980000-0x00007FF6E2CD4000-memory.dmp	upx
behavioral2/memory/2576-986-0x00007FF6F1F70000-0x00007FF6F22C4000-memory.dmp	upx
behavioral2/memory/2060-985-0x00007FF6460D0000-0x00007FF646424000-memory.dmp	upx
behavioral2/memory/2596-987-0x00007FF62FA10000-0x00007FF62FD64000-memory.dmp	upx
behavioral2/memory/2484-991-0x00007FF71AAF0000-0x00007FF71AE44000-memory.dmp	upx
behavioral2/memory/3076-997-0x00007FF618900000-0x00007FF618C54000-memory.dmp	upx
behavioral2/memory/6024-1002-0x00007FF7F69E0000-0x00007FF7F6D34000-memory.dmp	upx
behavioral2/memory/1608-1005-0x00007FF74A740000-0x00007FF74AA94000-memory.dmp	upx
behavioral2/memory/3608-1006-0x00007FF696190000-0x00007FF6964E4000-memory.dmp	upx
behavioral2/memory/1316-1010-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp	upx
behavioral2/memory/4160-1009-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp	upx
behavioral2/memory/5728-1001-0x00007FF7F20C0000-0x00007FF7F2414000-memory.dmp	upx
behavioral2/memory/4104-1000-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HlZCFyx.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QpehEsZ.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tMvurwp.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CMeikcV.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\osnOMDm.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mMRqLVA.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nifegzn.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cUWNKBu.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hKEqtCK.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nganIpO.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\itLzvgQ.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CnkFDAQ.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\joupdkb.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FBpwgxL.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FtXCQOE.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XPhZTwm.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\muevLqz.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OPifmGw.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qKWNDeM.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tkqbirP.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sJfEmOy.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HKphVuV.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\quusphY.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tJveGWi.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BGgDKvI.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\naCLAEY.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uolHPbh.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vRCHFDi.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BevJAUi.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\egXBOSK.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DnFfBWx.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ckjCXip.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\urjvUVs.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nKIEYXe.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iGkxDRI.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MQspawg.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IrNZbNa.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cxFvFap.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xQBUJOt.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VQpBQRz.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CepAONF.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XZBMbTh.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BMhhYCr.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WQtiQfI.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MooaxbN.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hOfKDnt.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vAvQXwV.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uZAdvkt.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NyVHgFf.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XgEYQVr.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\esQYtlG.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hnzeXbe.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GedJYOy.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BDXFiUI.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ELuSOZF.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FQwaPAO.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\buNLwuk.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tNxaxjT.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AZpTzNT.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lCiKZIr.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iLcaGDI.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dzktCkt.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CJEYSAp.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OOaNXjj.exe	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2180	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4824 wrote to memory of 2180	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4824 wrote to memory of 4160	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4824 wrote to memory of 4160	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4824 wrote to memory of 2144	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4824 wrote to memory of 2144	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4824 wrote to memory of 820	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4824 wrote to memory of 820	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4824 wrote to memory of 2968	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4824 wrote to memory of 2968	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4824 wrote to memory of 5856	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4824 wrote to memory of 5856	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4824 wrote to memory of 5088	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4824 wrote to memory of 5088	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4824 wrote to memory of 228	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4824 wrote to memory of 228	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4824 wrote to memory of 1108	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4824 wrote to memory of 1108	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4824 wrote to memory of 3416	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4824 wrote to memory of 3416	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4824 wrote to memory of 1316	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4824 wrote to memory of 1316	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4824 wrote to memory of 116	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4824 wrote to memory of 116	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4824 wrote to memory of 5556	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4824 wrote to memory of 5556	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4824 wrote to memory of 2924	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4824 wrote to memory of 2924	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4824 wrote to memory of 3936	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4824 wrote to memory of 3936	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4824 wrote to memory of 2940	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4824 wrote to memory of 2940	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4824 wrote to memory of 3584	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4824 wrote to memory of 3584	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4824 wrote to memory of 1872	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4824 wrote to memory of 1872	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4824 wrote to memory of 2060	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4824 wrote to memory of 2060	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4824 wrote to memory of 2576	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4824 wrote to memory of 2576	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4824 wrote to memory of 2596	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4824 wrote to memory of 2596	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4824 wrote to memory of 2484	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4824 wrote to memory of 2484	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4824 wrote to memory of 6096	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4824 wrote to memory of 6096	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4824 wrote to memory of 3076	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4824 wrote to memory of 3076	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4824 wrote to memory of 4104	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4824 wrote to memory of 4104	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4824 wrote to memory of 5728	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4824 wrote to memory of 5728	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4824 wrote to memory of 6024	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4824 wrote to memory of 6024	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4824 wrote to memory of 1608	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4824 wrote to memory of 1608	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4824 wrote to memory of 3608	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4824 wrote to memory of 3608	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4824 wrote to memory of 3456	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4824 wrote to memory of 3456	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4824 wrote to memory of 4244	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4824 wrote to memory of 4244	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4824 wrote to memory of 4288	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4824 wrote to memory of 4288	4824	2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_d3570d5e7a2dfaab88093e2a3c168e10_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\System\ERtbWIt.exe
  C:\Windows\System\ERtbWIt.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\rVtVSZW.exe
  C:\Windows\System\rVtVSZW.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\ZFHFhLC.exe
  C:\Windows\System\ZFHFhLC.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\Refzkry.exe
  C:\Windows\System\Refzkry.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\HXntSiS.exe
  C:\Windows\System\HXntSiS.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\DnFfBWx.exe
  C:\Windows\System\DnFfBWx.exe
  2⤵
  - Executes dropped EXE
  PID:5856
- C:\Windows\System\EGsSLhC.exe
  C:\Windows\System\EGsSLhC.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\HLdXlix.exe
  C:\Windows\System\HLdXlix.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\vxViIQV.exe
  C:\Windows\System\vxViIQV.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\CLCMlNw.exe
  C:\Windows\System\CLCMlNw.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\FXoAxPd.exe
  C:\Windows\System\FXoAxPd.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\HHRBpAO.exe
  C:\Windows\System\HHRBpAO.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\WiEKiOi.exe
  C:\Windows\System\WiEKiOi.exe
  2⤵
  - Executes dropped EXE
  PID:5556
- C:\Windows\System\ArkzTdb.exe
  C:\Windows\System\ArkzTdb.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\zYiDVLy.exe
  C:\Windows\System\zYiDVLy.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\VGSNzVv.exe
  C:\Windows\System\VGSNzVv.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\NPVcYPA.exe
  C:\Windows\System\NPVcYPA.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\gUIFZRI.exe
  C:\Windows\System\gUIFZRI.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\bkZIpSz.exe
  C:\Windows\System\bkZIpSz.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\TcZumHT.exe
  C:\Windows\System\TcZumHT.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\eocjTNu.exe
  C:\Windows\System\eocjTNu.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\WQtiQfI.exe
  C:\Windows\System\WQtiQfI.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\GSDTLMy.exe
  C:\Windows\System\GSDTLMy.exe
  2⤵
  - Executes dropped EXE
  PID:6096
- C:\Windows\System\qlXdFue.exe
  C:\Windows\System\qlXdFue.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\SIZEmfe.exe
  C:\Windows\System\SIZEmfe.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\IGGwBrP.exe
  C:\Windows\System\IGGwBrP.exe
  2⤵
  - Executes dropped EXE
  PID:5728
- C:\Windows\System\UjrEMca.exe
  C:\Windows\System\UjrEMca.exe
  2⤵
  - Executes dropped EXE
  PID:6024
- C:\Windows\System\RONRJAW.exe
  C:\Windows\System\RONRJAW.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TvTwbZy.exe
  C:\Windows\System\TvTwbZy.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\FQwaPAO.exe
  C:\Windows\System\FQwaPAO.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\eBNKZlz.exe
  C:\Windows\System\eBNKZlz.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\pMqkfDs.exe
  C:\Windows\System\pMqkfDs.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\rzOHmaI.exe
  C:\Windows\System\rzOHmaI.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\mklDIuB.exe
  C:\Windows\System\mklDIuB.exe
  2⤵
  - Executes dropped EXE
  PID:5736
- C:\Windows\System\dvzYGYa.exe
  C:\Windows\System\dvzYGYa.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QUnHYeu.exe
  C:\Windows\System\QUnHYeu.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\BGgDKvI.exe
  C:\Windows\System\BGgDKvI.exe
  2⤵
  - Executes dropped EXE
  PID:5920
- C:\Windows\System\VbTBELl.exe
  C:\Windows\System\VbTBELl.exe
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Windows\System\NiiPhKz.exe
  C:\Windows\System\NiiPhKz.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\znZMmrX.exe
  C:\Windows\System\znZMmrX.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\jGkObGz.exe
  C:\Windows\System\jGkObGz.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\lFYPvXL.exe
  C:\Windows\System\lFYPvXL.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\AkDJdpa.exe
  C:\Windows\System\AkDJdpa.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\nEUDJyZ.exe
  C:\Windows\System\nEUDJyZ.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\yJyMJxQ.exe
  C:\Windows\System\yJyMJxQ.exe
  2⤵
  - Executes dropped EXE
  PID:5832
- C:\Windows\System\MooaxbN.exe
  C:\Windows\System\MooaxbN.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\oZgxOdP.exe
  C:\Windows\System\oZgxOdP.exe
  2⤵
  - Executes dropped EXE
  PID:6068
- C:\Windows\System\lCiKZIr.exe
  C:\Windows\System\lCiKZIr.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\tlAnuxs.exe
  C:\Windows\System\tlAnuxs.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\ibxNqyz.exe
  C:\Windows\System\ibxNqyz.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\nHCRSgw.exe
  C:\Windows\System\nHCRSgw.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\cLnvSOd.exe
  C:\Windows\System\cLnvSOd.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\bcxMzjg.exe
  C:\Windows\System\bcxMzjg.exe
  2⤵
  - Executes dropped EXE
  PID:5264
- C:\Windows\System\HTASKbS.exe
  C:\Windows\System\HTASKbS.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ZETxoLE.exe
  C:\Windows\System\ZETxoLE.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\gJYAlTI.exe
  C:\Windows\System\gJYAlTI.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\aZVnLVj.exe
  C:\Windows\System\aZVnLVj.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\tcEdOOc.exe
  C:\Windows\System\tcEdOOc.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\BEhfCud.exe
  C:\Windows\System\BEhfCud.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\wDJjNmc.exe
  C:\Windows\System\wDJjNmc.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\tkqbirP.exe
  C:\Windows\System\tkqbirP.exe
  2⤵
  - Executes dropped EXE
  PID:5984
- C:\Windows\System\jzqrBLd.exe
  C:\Windows\System\jzqrBLd.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\EqVwgOl.exe
  C:\Windows\System\EqVwgOl.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\vqjJIDz.exe
  C:\Windows\System\vqjJIDz.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\pWoeUaT.exe
  C:\Windows\System\pWoeUaT.exe
  2⤵
  PID:5912
- C:\Windows\System\bDMxqYN.exe
  C:\Windows\System\bDMxqYN.exe
  2⤵
  PID:3260
- C:\Windows\System\MKJOwyi.exe
  C:\Windows\System\MKJOwyi.exe
  2⤵
  PID:5604
- C:\Windows\System\TTvnCdx.exe
  C:\Windows\System\TTvnCdx.exe
  2⤵
  PID:4112
- C:\Windows\System\NkKQGwH.exe
  C:\Windows\System\NkKQGwH.exe
  2⤵
  PID:4264
- C:\Windows\System\UGBOdsI.exe
  C:\Windows\System\UGBOdsI.exe
  2⤵
  PID:2648
- C:\Windows\System\NJfKdOe.exe
  C:\Windows\System\NJfKdOe.exe
  2⤵
  PID:5328
- C:\Windows\System\TqJwNSc.exe
  C:\Windows\System\TqJwNSc.exe
  2⤵
  PID:3992
- C:\Windows\System\gQWiDKx.exe
  C:\Windows\System\gQWiDKx.exe
  2⤵
  PID:780
- C:\Windows\System\sZXfbLE.exe
  C:\Windows\System\sZXfbLE.exe
  2⤵
  PID:4544
- C:\Windows\System\Fpzpmzy.exe
  C:\Windows\System\Fpzpmzy.exe
  2⤵
  PID:5212
- C:\Windows\System\NUvvdmS.exe
  C:\Windows\System\NUvvdmS.exe
  2⤵
  PID:4164
- C:\Windows\System\ALnpskO.exe
  C:\Windows\System\ALnpskO.exe
  2⤵
  PID:5044
- C:\Windows\System\dRpZvZE.exe
  C:\Windows\System\dRpZvZE.exe
  2⤵
  PID:6036
- C:\Windows\System\yldpXJJ.exe
  C:\Windows\System\yldpXJJ.exe
  2⤵
  PID:1536
- C:\Windows\System\oHWQwhR.exe
  C:\Windows\System\oHWQwhR.exe
  2⤵
  PID:3660
- C:\Windows\System\HlZCFyx.exe
  C:\Windows\System\HlZCFyx.exe
  2⤵
  PID:1036
- C:\Windows\System\ckjCXip.exe
  C:\Windows\System\ckjCXip.exe
  2⤵
  PID:4052
- C:\Windows\System\MhIAzwU.exe
  C:\Windows\System\MhIAzwU.exe
  2⤵
  PID:5240
- C:\Windows\System\MQspawg.exe
  C:\Windows\System\MQspawg.exe
  2⤵
  PID:3192
- C:\Windows\System\zZFZMjM.exe
  C:\Windows\System\zZFZMjM.exe
  2⤵
  PID:4828
- C:\Windows\System\NRaMcto.exe
  C:\Windows\System\NRaMcto.exe
  2⤵
  PID:2860
- C:\Windows\System\tfQIlfW.exe
  C:\Windows\System\tfQIlfW.exe
  2⤵
  PID:4940
- C:\Windows\System\xJvPrMA.exe
  C:\Windows\System\xJvPrMA.exe
  2⤵
  PID:5224
- C:\Windows\System\BWgIuXi.exe
  C:\Windows\System\BWgIuXi.exe
  2⤵
  PID:3036
- C:\Windows\System\fuQkbRe.exe
  C:\Windows\System\fuQkbRe.exe
  2⤵
  PID:2444
- C:\Windows\System\dXHnXyy.exe
  C:\Windows\System\dXHnXyy.exe
  2⤵
  PID:5076
- C:\Windows\System\chedxZj.exe
  C:\Windows\System\chedxZj.exe
  2⤵
  PID:4840
- C:\Windows\System\QBqnXAQ.exe
  C:\Windows\System\QBqnXAQ.exe
  2⤵
  PID:1224
- C:\Windows\System\wIDqQiD.exe
  C:\Windows\System\wIDqQiD.exe
  2⤵
  PID:3440
- C:\Windows\System\mCdlaUO.exe
  C:\Windows\System\mCdlaUO.exe
  2⤵
  PID:2540
- C:\Windows\System\CaVQUnn.exe
  C:\Windows\System\CaVQUnn.exe
  2⤵
  PID:5072
- C:\Windows\System\HkesMhw.exe
  C:\Windows\System\HkesMhw.exe
  2⤵
  PID:2076
- C:\Windows\System\QfyepmW.exe
  C:\Windows\System\QfyepmW.exe
  2⤵
  PID:1172
- C:\Windows\System\mtOIvVZ.exe
  C:\Windows\System\mtOIvVZ.exe
  2⤵
  PID:3968
- C:\Windows\System\qxcSIcq.exe
  C:\Windows\System\qxcSIcq.exe
  2⤵
  PID:4384
- C:\Windows\System\mFunvEu.exe
  C:\Windows\System\mFunvEu.exe
  2⤵
  PID:3196
- C:\Windows\System\rmzeBlu.exe
  C:\Windows\System\rmzeBlu.exe
  2⤵
  PID:5876
- C:\Windows\System\IgzffRG.exe
  C:\Windows\System\IgzffRG.exe
  2⤵
  PID:2432
- C:\Windows\System\ErHZAtV.exe
  C:\Windows\System\ErHZAtV.exe
  2⤵
  PID:412
- C:\Windows\System\CEIZhPL.exe
  C:\Windows\System\CEIZhPL.exe
  2⤵
  PID:3288
- C:\Windows\System\jmRTJOH.exe
  C:\Windows\System\jmRTJOH.exe
  2⤵
  PID:868
- C:\Windows\System\oRxseZv.exe
  C:\Windows\System\oRxseZv.exe
  2⤵
  PID:1852
- C:\Windows\System\GkZCnfV.exe
  C:\Windows\System\GkZCnfV.exe
  2⤵
  PID:1056
- C:\Windows\System\dKuRRsC.exe
  C:\Windows\System\dKuRRsC.exe
  2⤵
  PID:3652
- C:\Windows\System\jArtdlZ.exe
  C:\Windows\System\jArtdlZ.exe
  2⤵
  PID:4724
- C:\Windows\System\nifegzn.exe
  C:\Windows\System\nifegzn.exe
  2⤵
  PID:5744
- C:\Windows\System\CmVzOLR.exe
  C:\Windows\System\CmVzOLR.exe
  2⤵
  PID:1688
- C:\Windows\System\buNLwuk.exe
  C:\Windows\System\buNLwuk.exe
  2⤵
  PID:5924
- C:\Windows\System\LwZpSAL.exe
  C:\Windows\System\LwZpSAL.exe
  2⤵
  PID:5820
- C:\Windows\System\hsLwror.exe
  C:\Windows\System\hsLwror.exe
  2⤵
  PID:5172
- C:\Windows\System\pLMknwc.exe
  C:\Windows\System\pLMknwc.exe
  2⤵
  PID:5764
- C:\Windows\System\WQmbcVi.exe
  C:\Windows\System\WQmbcVi.exe
  2⤵
  PID:6116
- C:\Windows\System\SAxPaqf.exe
  C:\Windows\System\SAxPaqf.exe
  2⤵
  PID:4888
- C:\Windows\System\GLWyqog.exe
  C:\Windows\System\GLWyqog.exe
  2⤵
  PID:4124
- C:\Windows\System\AqNtWbh.exe
  C:\Windows\System\AqNtWbh.exe
  2⤵
  PID:1516
- C:\Windows\System\HtDIKAv.exe
  C:\Windows\System\HtDIKAv.exe
  2⤵
  PID:540
- C:\Windows\System\nkBnLwA.exe
  C:\Windows\System\nkBnLwA.exe
  2⤵
  PID:1184
- C:\Windows\System\VrJcaNd.exe
  C:\Windows\System\VrJcaNd.exe
  2⤵
  PID:4276
- C:\Windows\System\pcYrgKd.exe
  C:\Windows\System\pcYrgKd.exe
  2⤵
  PID:376
- C:\Windows\System\EniFnYU.exe
  C:\Windows\System\EniFnYU.exe
  2⤵
  PID:3360
- C:\Windows\System\UFwntsK.exe
  C:\Windows\System\UFwntsK.exe
  2⤵
  PID:2360
- C:\Windows\System\QLhxTGm.exe
  C:\Windows\System\QLhxTGm.exe
  2⤵
  PID:5392
- C:\Windows\System\PuQRpLT.exe
  C:\Windows\System\PuQRpLT.exe
  2⤵
  PID:5200
- C:\Windows\System\iGkxDRI.exe
  C:\Windows\System\iGkxDRI.exe
  2⤵
  PID:5516
- C:\Windows\System\aAycaKg.exe
  C:\Windows\System\aAycaKg.exe
  2⤵
  PID:4144
- C:\Windows\System\GAKtHEg.exe
  C:\Windows\System\GAKtHEg.exe
  2⤵
  PID:1912
- C:\Windows\System\dIQoLEb.exe
  C:\Windows\System\dIQoLEb.exe
  2⤵
  PID:4620
- C:\Windows\System\BishXBZ.exe
  C:\Windows\System\BishXBZ.exe
  2⤵
  PID:1448
- C:\Windows\System\OOaNXjj.exe
  C:\Windows\System\OOaNXjj.exe
  2⤵
  PID:2276
- C:\Windows\System\KAqGNEw.exe
  C:\Windows\System\KAqGNEw.exe
  2⤵
  PID:3932
- C:\Windows\System\FSpvCWV.exe
  C:\Windows\System\FSpvCWV.exe
  2⤵
  PID:4300
- C:\Windows\System\hcotMpE.exe
  C:\Windows\System\hcotMpE.exe
  2⤵
  PID:2580
- C:\Windows\System\txLxtGE.exe
  C:\Windows\System\txLxtGE.exe
  2⤵
  PID:1940
- C:\Windows\System\UcptHHY.exe
  C:\Windows\System\UcptHHY.exe
  2⤵
  PID:1820
- C:\Windows\System\eeuHTvK.exe
  C:\Windows\System\eeuHTvK.exe
  2⤵
  PID:1072
- C:\Windows\System\ElwqCtL.exe
  C:\Windows\System\ElwqCtL.exe
  2⤵
  PID:6160
- C:\Windows\System\irDwKGj.exe
  C:\Windows\System\irDwKGj.exe
  2⤵
  PID:6188
- C:\Windows\System\eNtwmcz.exe
  C:\Windows\System\eNtwmcz.exe
  2⤵
  PID:6216
- C:\Windows\System\dKkOFUk.exe
  C:\Windows\System\dKkOFUk.exe
  2⤵
  PID:6244
- C:\Windows\System\ZWauMLS.exe
  C:\Windows\System\ZWauMLS.exe
  2⤵
  PID:6260
- C:\Windows\System\batFQGD.exe
  C:\Windows\System\batFQGD.exe
  2⤵
  PID:6300
- C:\Windows\System\HTDNuvO.exe
  C:\Windows\System\HTDNuvO.exe
  2⤵
  PID:6328
- C:\Windows\System\YshUMKQ.exe
  C:\Windows\System\YshUMKQ.exe
  2⤵
  PID:6356
- C:\Windows\System\ZoCaCRj.exe
  C:\Windows\System\ZoCaCRj.exe
  2⤵
  PID:6372
- C:\Windows\System\QFcQSWb.exe
  C:\Windows\System\QFcQSWb.exe
  2⤵
  PID:6400
- C:\Windows\System\kUNRarV.exe
  C:\Windows\System\kUNRarV.exe
  2⤵
  PID:6428
- C:\Windows\System\qTybGOD.exe
  C:\Windows\System\qTybGOD.exe
  2⤵
  PID:6456
- C:\Windows\System\IrNZbNa.exe
  C:\Windows\System\IrNZbNa.exe
  2⤵
  PID:6496
- C:\Windows\System\QANkQqC.exe
  C:\Windows\System\QANkQqC.exe
  2⤵
  PID:6524
- C:\Windows\System\MlytXBr.exe
  C:\Windows\System\MlytXBr.exe
  2⤵
  PID:6552
- C:\Windows\System\EBrdnHT.exe
  C:\Windows\System\EBrdnHT.exe
  2⤵
  PID:6592
- C:\Windows\System\oQvcnXL.exe
  C:\Windows\System\oQvcnXL.exe
  2⤵
  PID:6608
- C:\Windows\System\EgYqPJP.exe
  C:\Windows\System\EgYqPJP.exe
  2⤵
  PID:6632
- C:\Windows\System\WHWgNFM.exe
  C:\Windows\System\WHWgNFM.exe
  2⤵
  PID:6664
- C:\Windows\System\hCGyWXr.exe
  C:\Windows\System\hCGyWXr.exe
  2⤵
  PID:6704
- C:\Windows\System\EMKtlWz.exe
  C:\Windows\System\EMKtlWz.exe
  2⤵
  PID:6720
- C:\Windows\System\QViQzDU.exe
  C:\Windows\System\QViQzDU.exe
  2⤵
  PID:6748
- C:\Windows\System\YcpaIBJ.exe
  C:\Windows\System\YcpaIBJ.exe
  2⤵
  PID:6764
- C:\Windows\System\vWqZdQW.exe
  C:\Windows\System\vWqZdQW.exe
  2⤵
  PID:6792
- C:\Windows\System\tybizRU.exe
  C:\Windows\System\tybizRU.exe
  2⤵
  PID:6832
- C:\Windows\System\NyVHgFf.exe
  C:\Windows\System\NyVHgFf.exe
  2⤵
  PID:6856
- C:\Windows\System\cItjWGo.exe
  C:\Windows\System\cItjWGo.exe
  2⤵
  PID:6888
- C:\Windows\System\DfHHrGk.exe
  C:\Windows\System\DfHHrGk.exe
  2⤵
  PID:6916
- C:\Windows\System\NlJuBpB.exe
  C:\Windows\System\NlJuBpB.exe
  2⤵
  PID:6944
- C:\Windows\System\GVUSkAA.exe
  C:\Windows\System\GVUSkAA.exe
  2⤵
  PID:6972
- C:\Windows\System\VfrRrAh.exe
  C:\Windows\System\VfrRrAh.exe
  2⤵
  PID:7012
- C:\Windows\System\hTnRQOI.exe
  C:\Windows\System\hTnRQOI.exe
  2⤵
  PID:7028
- C:\Windows\System\uNaaUHC.exe
  C:\Windows\System\uNaaUHC.exe
  2⤵
  PID:7056
- C:\Windows\System\rbUcfpd.exe
  C:\Windows\System\rbUcfpd.exe
  2⤵
  PID:7084
- C:\Windows\System\neALRwT.exe
  C:\Windows\System\neALRwT.exe
  2⤵
  PID:7112
- C:\Windows\System\SYPyDGh.exe
  C:\Windows\System\SYPyDGh.exe
  2⤵
  PID:7140
- C:\Windows\System\FTSRoci.exe
  C:\Windows\System\FTSRoci.exe
  2⤵
  PID:7156
- C:\Windows\System\XiNnenj.exe
  C:\Windows\System\XiNnenj.exe
  2⤵
  PID:4664
- C:\Windows\System\xvMhAws.exe
  C:\Windows\System\xvMhAws.exe
  2⤵
  PID:4732
- C:\Windows\System\WvFlKnF.exe
  C:\Windows\System\WvFlKnF.exe
  2⤵
  PID:6176
- C:\Windows\System\kRSKqSe.exe
  C:\Windows\System\kRSKqSe.exe
  2⤵
  PID:6236
- C:\Windows\System\RscJBzv.exe
  C:\Windows\System\RscJBzv.exe
  2⤵
  PID:6312
- C:\Windows\System\bOqYazX.exe
  C:\Windows\System\bOqYazX.exe
  2⤵
  PID:6368
- C:\Windows\System\nkydjOC.exe
  C:\Windows\System\nkydjOC.exe
  2⤵
  PID:6440
- C:\Windows\System\cUWNKBu.exe
  C:\Windows\System\cUWNKBu.exe
  2⤵
  PID:6488
- C:\Windows\System\vFWblVc.exe
  C:\Windows\System\vFWblVc.exe
  2⤵
  PID:6576
- C:\Windows\System\XkHemnv.exe
  C:\Windows\System\XkHemnv.exe
  2⤵
  PID:6660
- C:\Windows\System\jKAIKXM.exe
  C:\Windows\System\jKAIKXM.exe
  2⤵
  PID:6692
- C:\Windows\System\wkxqlda.exe
  C:\Windows\System\wkxqlda.exe
  2⤵
  PID:6780
- C:\Windows\System\mqjrLaG.exe
  C:\Windows\System\mqjrLaG.exe
  2⤵
  PID:6820
- C:\Windows\System\tMvurwp.exe
  C:\Windows\System\tMvurwp.exe
  2⤵
  PID:6880
- C:\Windows\System\tZJULnT.exe
  C:\Windows\System\tZJULnT.exe
  2⤵
  PID:6956
- C:\Windows\System\baBQBzk.exe
  C:\Windows\System\baBQBzk.exe
  2⤵
  PID:7020
- C:\Windows\System\ISMxhMF.exe
  C:\Windows\System\ISMxhMF.exe
  2⤵
  PID:7044
- C:\Windows\System\xRTjySL.exe
  C:\Windows\System\xRTjySL.exe
  2⤵
  PID:7104
- C:\Windows\System\KcrqqNg.exe
  C:\Windows\System\KcrqqNg.exe
  2⤵
  PID:6020
- C:\Windows\System\HykFkpb.exe
  C:\Windows\System\HykFkpb.exe
  2⤵
  PID:6204
- C:\Windows\System\EtwNknN.exe
  C:\Windows\System\EtwNknN.exe
  2⤵
  PID:6276
- C:\Windows\System\snHqozS.exe
  C:\Windows\System\snHqozS.exe
  2⤵
  PID:6416
- C:\Windows\System\tjPZrtC.exe
  C:\Windows\System\tjPZrtC.exe
  2⤵
  PID:6536
- C:\Windows\System\iPTizWa.exe
  C:\Windows\System\iPTizWa.exe
  2⤵
  PID:6716
- C:\Windows\System\kSiJUUG.exe
  C:\Windows\System\kSiJUUG.exe
  2⤵
  PID:6876
- C:\Windows\System\wZvPMKX.exe
  C:\Windows\System\wZvPMKX.exe
  2⤵
  PID:7000
- C:\Windows\System\AfbaHsk.exe
  C:\Windows\System\AfbaHsk.exe
  2⤵
  PID:7148
- C:\Windows\System\idJxkWy.exe
  C:\Windows\System\idJxkWy.exe
  2⤵
  PID:6156
- C:\Windows\System\URCsndi.exe
  C:\Windows\System\URCsndi.exe
  2⤵
  PID:7172
- C:\Windows\System\FluUUBI.exe
  C:\Windows\System\FluUUBI.exe
  2⤵
  PID:7200
- C:\Windows\System\wLyPiuI.exe
  C:\Windows\System\wLyPiuI.exe
  2⤵
  PID:7228
- C:\Windows\System\DGZpleH.exe
  C:\Windows\System\DGZpleH.exe
  2⤵
  PID:7256
- C:\Windows\System\XBuPCCr.exe
  C:\Windows\System\XBuPCCr.exe
  2⤵
  PID:7284
- C:\Windows\System\kiJeRBB.exe
  C:\Windows\System\kiJeRBB.exe
  2⤵
  PID:7312
- C:\Windows\System\VTrgFGz.exe
  C:\Windows\System\VTrgFGz.exe
  2⤵
  PID:7352
- C:\Windows\System\SotuEqX.exe
  C:\Windows\System\SotuEqX.exe
  2⤵
  PID:7380
- C:\Windows\System\LdvfBAF.exe
  C:\Windows\System\LdvfBAF.exe
  2⤵
  PID:7408
- C:\Windows\System\LYsfpNk.exe
  C:\Windows\System\LYsfpNk.exe
  2⤵
  PID:7424
- C:\Windows\System\CmYStnX.exe
  C:\Windows\System\CmYStnX.exe
  2⤵
  PID:7452
- C:\Windows\System\DYubzEB.exe
  C:\Windows\System\DYubzEB.exe
  2⤵
  PID:7492
- C:\Windows\System\EosimzP.exe
  C:\Windows\System\EosimzP.exe
  2⤵
  PID:7520
- C:\Windows\System\FEglALx.exe
  C:\Windows\System\FEglALx.exe
  2⤵
  PID:7536
- C:\Windows\System\vjGuwgq.exe
  C:\Windows\System\vjGuwgq.exe
  2⤵
  PID:7564
- C:\Windows\System\yWctLmY.exe
  C:\Windows\System\yWctLmY.exe
  2⤵
  PID:7592
- C:\Windows\System\zzhmdDz.exe
  C:\Windows\System\zzhmdDz.exe
  2⤵
  PID:7620
- C:\Windows\System\TQsvfXd.exe
  C:\Windows\System\TQsvfXd.exe
  2⤵
  PID:7660
- C:\Windows\System\ffiGofc.exe
  C:\Windows\System\ffiGofc.exe
  2⤵
  PID:7688
- C:\Windows\System\xEDzkIB.exe
  C:\Windows\System\xEDzkIB.exe
  2⤵
  PID:7716
- C:\Windows\System\OnRxRbc.exe
  C:\Windows\System\OnRxRbc.exe
  2⤵
  PID:7744
- C:\Windows\System\pFTLpBq.exe
  C:\Windows\System\pFTLpBq.exe
  2⤵
  PID:7772
- C:\Windows\System\lSBFBWt.exe
  C:\Windows\System\lSBFBWt.exe
  2⤵
  PID:7800
- C:\Windows\System\HpLjodD.exe
  C:\Windows\System\HpLjodD.exe
  2⤵
  PID:7816
- C:\Windows\System\AtzpGOb.exe
  C:\Windows\System\AtzpGOb.exe
  2⤵
  PID:7844
- C:\Windows\System\HdQsLgB.exe
  C:\Windows\System\HdQsLgB.exe
  2⤵
  PID:7884
- C:\Windows\System\kenFGLw.exe
  C:\Windows\System\kenFGLw.exe
  2⤵
  PID:7912
- C:\Windows\System\kWvGoNj.exe
  C:\Windows\System\kWvGoNj.exe
  2⤵
  PID:7940
- C:\Windows\System\EJfQKhj.exe
  C:\Windows\System\EJfQKhj.exe
  2⤵
  PID:7956
- C:\Windows\System\BnkclDp.exe
  C:\Windows\System\BnkclDp.exe
  2⤵
  PID:7984
- C:\Windows\System\ddqCnOK.exe
  C:\Windows\System\ddqCnOK.exe
  2⤵
  PID:8012
- C:\Windows\System\BqYQkmP.exe
  C:\Windows\System\BqYQkmP.exe
  2⤵
  PID:8040
- C:\Windows\System\eHmETjL.exe
  C:\Windows\System\eHmETjL.exe
  2⤵
  PID:8068
- C:\Windows\System\GedJYOy.exe
  C:\Windows\System\GedJYOy.exe
  2⤵
  PID:8096
- C:\Windows\System\EXYdEgB.exe
  C:\Windows\System\EXYdEgB.exe
  2⤵
  PID:8124
- C:\Windows\System\bgRzinY.exe
  C:\Windows\System\bgRzinY.exe
  2⤵
  PID:8152
- C:\Windows\System\MLEpSht.exe
  C:\Windows\System\MLEpSht.exe
  2⤵
  PID:6480
- C:\Windows\System\PfXBxgh.exe
  C:\Windows\System\PfXBxgh.exe
  2⤵
  PID:6808
- C:\Windows\System\COMfUYm.exe
  C:\Windows\System\COMfUYm.exe
  2⤵
  PID:7096
- C:\Windows\System\MwdnPke.exe
  C:\Windows\System\MwdnPke.exe
  2⤵
  PID:7188
- C:\Windows\System\IAIvumb.exe
  C:\Windows\System\IAIvumb.exe
  2⤵
  PID:7248
- C:\Windows\System\QwcmsIh.exe
  C:\Windows\System\QwcmsIh.exe
  2⤵
  PID:7296
- C:\Windows\System\Lkmvclh.exe
  C:\Windows\System\Lkmvclh.exe
  2⤵
  PID:7344
- C:\Windows\System\drSvBzV.exe
  C:\Windows\System\drSvBzV.exe
  2⤵
  PID:7416
- C:\Windows\System\CjFjuNC.exe
  C:\Windows\System\CjFjuNC.exe
  2⤵
  PID:7480
- C:\Windows\System\DmpEjBW.exe
  C:\Windows\System\DmpEjBW.exe
  2⤵
  PID:7548
- C:\Windows\System\wqGldun.exe
  C:\Windows\System\wqGldun.exe
  2⤵
  PID:7608
- C:\Windows\System\nqQpHSx.exe
  C:\Windows\System\nqQpHSx.exe
  2⤵
  PID:7704
- C:\Windows\System\HDzwHyx.exe
  C:\Windows\System\HDzwHyx.exe
  2⤵
  PID:7768
- C:\Windows\System\dAKgVjs.exe
  C:\Windows\System\dAKgVjs.exe
  2⤵
  PID:7792
- C:\Windows\System\aQZStaN.exe
  C:\Windows\System\aQZStaN.exe
  2⤵
  PID:7876
- C:\Windows\System\YpjIROw.exe
  C:\Windows\System\YpjIROw.exe
  2⤵
  PID:7948
- C:\Windows\System\zBoFVev.exe
  C:\Windows\System\zBoFVev.exe
  2⤵
  PID:8004
- C:\Windows\System\vaaQNMO.exe
  C:\Windows\System\vaaQNMO.exe
  2⤵
  PID:8080
- C:\Windows\System\sUvUbHB.exe
  C:\Windows\System\sUvUbHB.exe
  2⤵
  PID:8112
- C:\Windows\System\Prsgwdj.exe
  C:\Windows\System\Prsgwdj.exe
  2⤵
  PID:8180
- C:\Windows\System\vAzZqZj.exe
  C:\Windows\System\vAzZqZj.exe
  2⤵
  PID:7080
- C:\Windows\System\FBpwgxL.exe
  C:\Windows\System\FBpwgxL.exe
  2⤵
  PID:7272
- C:\Windows\System\DbdOMYZ.exe
  C:\Windows\System\DbdOMYZ.exe
  2⤵
  PID:7396
- C:\Windows\System\DSYvsgX.exe
  C:\Windows\System\DSYvsgX.exe
  2⤵
  PID:7576
- C:\Windows\System\ExIUrtN.exe
  C:\Windows\System\ExIUrtN.exe
  2⤵
  PID:7736
- C:\Windows\System\fATktFr.exe
  C:\Windows\System\fATktFr.exe
  2⤵
  PID:7788
- C:\Windows\System\pfJLFIS.exe
  C:\Windows\System\pfJLFIS.exe
  2⤵
  PID:7980
- C:\Windows\System\uvSfeGB.exe
  C:\Windows\System\uvSfeGB.exe
  2⤵
  PID:8140
- C:\Windows\System\RincquU.exe
  C:\Windows\System\RincquU.exe
  2⤵
  PID:7184
- C:\Windows\System\dcUsQYZ.exe
  C:\Windows\System\dcUsQYZ.exe
  2⤵
  PID:7508
- C:\Windows\System\JleXXIJ.exe
  C:\Windows\System\JleXXIJ.exe
  2⤵
  PID:8212
- C:\Windows\System\lXEeoPe.exe
  C:\Windows\System\lXEeoPe.exe
  2⤵
  PID:8248
- C:\Windows\System\mOGIcCj.exe
  C:\Windows\System\mOGIcCj.exe
  2⤵
  PID:8280
- C:\Windows\System\rDedQyF.exe
  C:\Windows\System\rDedQyF.exe
  2⤵
  PID:8308
- C:\Windows\System\yqyMrEh.exe
  C:\Windows\System\yqyMrEh.exe
  2⤵
  PID:8336
- C:\Windows\System\pOgshrk.exe
  C:\Windows\System\pOgshrk.exe
  2⤵
  PID:8352
- C:\Windows\System\ahrgPDi.exe
  C:\Windows\System\ahrgPDi.exe
  2⤵
  PID:8380
- C:\Windows\System\PlINSZJ.exe
  C:\Windows\System\PlINSZJ.exe
  2⤵
  PID:8408
- C:\Windows\System\naCLAEY.exe
  C:\Windows\System\naCLAEY.exe
  2⤵
  PID:8432
- C:\Windows\System\HZRZZNy.exe
  C:\Windows\System\HZRZZNy.exe
  2⤵
  PID:8464
- C:\Windows\System\hOfKDnt.exe
  C:\Windows\System\hOfKDnt.exe
  2⤵
  PID:8492
- C:\Windows\System\gyOoQld.exe
  C:\Windows\System\gyOoQld.exe
  2⤵
  PID:8520
- C:\Windows\System\rCisqtA.exe
  C:\Windows\System\rCisqtA.exe
  2⤵
  PID:8548
- C:\Windows\System\pEonncd.exe
  C:\Windows\System\pEonncd.exe
  2⤵
  PID:8576
- C:\Windows\System\rGggEml.exe
  C:\Windows\System\rGggEml.exe
  2⤵
  PID:8604
- C:\Windows\System\AlAkWEx.exe
  C:\Windows\System\AlAkWEx.exe
  2⤵
  PID:8632
- C:\Windows\System\GxyJTGP.exe
  C:\Windows\System\GxyJTGP.exe
  2⤵
  PID:8660
- C:\Windows\System\OfeRZEm.exe
  C:\Windows\System\OfeRZEm.exe
  2⤵
  PID:8688
- C:\Windows\System\uAnQLCU.exe
  C:\Windows\System\uAnQLCU.exe
  2⤵
  PID:8716
- C:\Windows\System\rIkrmcA.exe
  C:\Windows\System\rIkrmcA.exe
  2⤵
  PID:8756
- C:\Windows\System\DSRdgZb.exe
  C:\Windows\System\DSRdgZb.exe
  2⤵
  PID:8784
- C:\Windows\System\KhPflJQ.exe
  C:\Windows\System\KhPflJQ.exe
  2⤵
  PID:8800
- C:\Windows\System\ebnAJlq.exe
  C:\Windows\System\ebnAJlq.exe
  2⤵
  PID:8828
- C:\Windows\System\GJQSPgm.exe
  C:\Windows\System\GJQSPgm.exe
  2⤵
  PID:8856
- C:\Windows\System\rOfNtoq.exe
  C:\Windows\System\rOfNtoq.exe
  2⤵
  PID:8884
- C:\Windows\System\AqSMkGT.exe
  C:\Windows\System\AqSMkGT.exe
  2⤵
  PID:8912
- C:\Windows\System\UfVQhPu.exe
  C:\Windows\System\UfVQhPu.exe
  2⤵
  PID:8940
- C:\Windows\System\qgcHuGG.exe
  C:\Windows\System\qgcHuGG.exe
  2⤵
  PID:8980
- C:\Windows\System\tIaaUYH.exe
  C:\Windows\System\tIaaUYH.exe
  2⤵
  PID:9092
- C:\Windows\System\CMeikcV.exe
  C:\Windows\System\CMeikcV.exe
  2⤵
  PID:9120
- C:\Windows\System\OJFUVWc.exe
  C:\Windows\System\OJFUVWc.exe
  2⤵
  PID:9144
- C:\Windows\System\KxEcZZc.exe
  C:\Windows\System\KxEcZZc.exe
  2⤵
  PID:9180
- C:\Windows\System\EUAhFSn.exe
  C:\Windows\System\EUAhFSn.exe
  2⤵
  PID:7676
- C:\Windows\System\NAVGDsh.exe
  C:\Windows\System\NAVGDsh.exe
  2⤵
  PID:8056
- C:\Windows\System\INKgiKQ.exe
  C:\Windows\System\INKgiKQ.exe
  2⤵
  PID:8196
- C:\Windows\System\ntqfmzo.exe
  C:\Windows\System\ntqfmzo.exe
  2⤵
  PID:8392
- C:\Windows\System\LsHeXzR.exe
  C:\Windows\System\LsHeXzR.exe
  2⤵
  PID:8480
- C:\Windows\System\elDOFtY.exe
  C:\Windows\System\elDOFtY.exe
  2⤵
  PID:8564
- C:\Windows\System\XEJmpmh.exe
  C:\Windows\System\XEJmpmh.exe
  2⤵
  PID:4512
- C:\Windows\System\uGudEfG.exe
  C:\Windows\System\uGudEfG.exe
  2⤵
  PID:8680
- C:\Windows\System\iFhshwM.exe
  C:\Windows\System\iFhshwM.exe
  2⤵
  PID:8728
- C:\Windows\System\rJjFSyC.exe
  C:\Windows\System\rJjFSyC.exe
  2⤵
  PID:4656
- C:\Windows\System\eAIZMhJ.exe
  C:\Windows\System\eAIZMhJ.exe
  2⤵
  PID:1604
- C:\Windows\System\piuQjue.exe
  C:\Windows\System\piuQjue.exe
  2⤵
  PID:8868
- C:\Windows\System\mrwDnGx.exe
  C:\Windows\System\mrwDnGx.exe
  2⤵
  PID:8900
- C:\Windows\System\cxFvFap.exe
  C:\Windows\System\cxFvFap.exe
  2⤵
  PID:8932
- C:\Windows\System\JowKOMP.exe
  C:\Windows\System\JowKOMP.exe
  2⤵
  PID:5960
- C:\Windows\System\yFOHuoy.exe
  C:\Windows\System\yFOHuoy.exe
  2⤵
  PID:5296
- C:\Windows\System\sqUPgJs.exe
  C:\Windows\System\sqUPgJs.exe
  2⤵
  PID:772
- C:\Windows\System\hICdbOH.exe
  C:\Windows\System\hICdbOH.exe
  2⤵
  PID:8992
- C:\Windows\System\QnMPxoT.exe
  C:\Windows\System\QnMPxoT.exe
  2⤵
  PID:3668
- C:\Windows\System\eesbgRD.exe
  C:\Windows\System\eesbgRD.exe
  2⤵
  PID:8996
- C:\Windows\System\iLcaGDI.exe
  C:\Windows\System\iLcaGDI.exe
  2⤵
  PID:1992
- C:\Windows\System\CSPhdpU.exe
  C:\Windows\System\CSPhdpU.exe
  2⤵
  PID:4900
- C:\Windows\System\dSjSXdn.exe
  C:\Windows\System\dSjSXdn.exe
  2⤵
  PID:4168
- C:\Windows\System\jjzWLjT.exe
  C:\Windows\System\jjzWLjT.exe
  2⤵
  PID:2192
- C:\Windows\System\fgRyVHF.exe
  C:\Windows\System\fgRyVHF.exe
  2⤵
  PID:7972
- C:\Windows\System\VQpBQRz.exe
  C:\Windows\System\VQpBQRz.exe
  2⤵
  PID:8300
- C:\Windows\System\HKphVuV.exe
  C:\Windows\System\HKphVuV.exe
  2⤵
  PID:7856
- C:\Windows\System\HsjkDro.exe
  C:\Windows\System\HsjkDro.exe
  2⤵
  PID:8304
- C:\Windows\System\bPvcJFW.exe
  C:\Windows\System\bPvcJFW.exe
  2⤵
  PID:8512
- C:\Windows\System\hCxMcKe.exe
  C:\Windows\System\hCxMcKe.exe
  2⤵
  PID:8748
- C:\Windows\System\rGZFbAx.exe
  C:\Windows\System\rGZFbAx.exe
  2⤵
  PID:8896
- C:\Windows\System\BDXFiUI.exe
  C:\Windows\System\BDXFiUI.exe
  2⤵
  PID:2036
- C:\Windows\System\IlKZpCX.exe
  C:\Windows\System\IlKZpCX.exe
  2⤵
  PID:2560
- C:\Windows\System\LjdvGxg.exe
  C:\Windows\System\LjdvGxg.exe
  2⤵
  PID:9064
- C:\Windows\System\vhaLKVF.exe
  C:\Windows\System\vhaLKVF.exe
  2⤵
  PID:9104
- C:\Windows\System\gSfrPja.exe
  C:\Windows\System\gSfrPja.exe
  2⤵
  PID:8476
- C:\Windows\System\HImxIri.exe
  C:\Windows\System\HImxIri.exe
  2⤵
  PID:2876
- C:\Windows\System\muitnwT.exe
  C:\Windows\System\muitnwT.exe
  2⤵
  PID:4980
- C:\Windows\System\OMJFcUy.exe
  C:\Windows\System\OMJFcUy.exe
  2⤵
  PID:3212
- C:\Windows\System\OUlAtSW.exe
  C:\Windows\System\OUlAtSW.exe
  2⤵
  PID:1160
- C:\Windows\System\PVCjfYa.exe
  C:\Windows\System\PVCjfYa.exe
  2⤵
  PID:3632
- C:\Windows\System\KlZQBfr.exe
  C:\Windows\System\KlZQBfr.exe
  2⤵
  PID:4628
- C:\Windows\System\UpZhFrt.exe
  C:\Windows\System\UpZhFrt.exe
  2⤵
  PID:9248
- C:\Windows\System\FQytEmN.exe
  C:\Windows\System\FQytEmN.exe
  2⤵
  PID:9280
- C:\Windows\System\bIrCfRy.exe
  C:\Windows\System\bIrCfRy.exe
  2⤵
  PID:9308
- C:\Windows\System\DBXlzmI.exe
  C:\Windows\System\DBXlzmI.exe
  2⤵
  PID:9344
- C:\Windows\System\GBcayaf.exe
  C:\Windows\System\GBcayaf.exe
  2⤵
  PID:9372
- C:\Windows\System\YtwpUlB.exe
  C:\Windows\System\YtwpUlB.exe
  2⤵
  PID:9400
- C:\Windows\System\MqcbVEa.exe
  C:\Windows\System\MqcbVEa.exe
  2⤵
  PID:9432
- C:\Windows\System\bCiIsFS.exe
  C:\Windows\System\bCiIsFS.exe
  2⤵
  PID:9460
- C:\Windows\System\hKEqtCK.exe
  C:\Windows\System\hKEqtCK.exe
  2⤵
  PID:9488
- C:\Windows\System\cUUujXQ.exe
  C:\Windows\System\cUUujXQ.exe
  2⤵
  PID:9520
- C:\Windows\System\VNfvAiE.exe
  C:\Windows\System\VNfvAiE.exe
  2⤵
  PID:9548
- C:\Windows\System\fLGWaBB.exe
  C:\Windows\System\fLGWaBB.exe
  2⤵
  PID:9576
- C:\Windows\System\oaAzrBL.exe
  C:\Windows\System\oaAzrBL.exe
  2⤵
  PID:9612
- C:\Windows\System\KFaIgel.exe
  C:\Windows\System\KFaIgel.exe
  2⤵
  PID:9644
- C:\Windows\System\wEVckAw.exe
  C:\Windows\System\wEVckAw.exe
  2⤵
  PID:9680
- C:\Windows\System\buKSfxL.exe
  C:\Windows\System\buKSfxL.exe
  2⤵
  PID:9708
- C:\Windows\System\anZPUoP.exe
  C:\Windows\System\anZPUoP.exe
  2⤵
  PID:9740
- C:\Windows\System\SYXcrUY.exe
  C:\Windows\System\SYXcrUY.exe
  2⤵
  PID:9764
- C:\Windows\System\QaQQrMX.exe
  C:\Windows\System\QaQQrMX.exe
  2⤵
  PID:9800
- C:\Windows\System\ewLuVGU.exe
  C:\Windows\System\ewLuVGU.exe
  2⤵
  PID:9828
- C:\Windows\System\dItBxrF.exe
  C:\Windows\System\dItBxrF.exe
  2⤵
  PID:9856
- C:\Windows\System\yIwfUKd.exe
  C:\Windows\System\yIwfUKd.exe
  2⤵
  PID:9884
- C:\Windows\System\TPotKsq.exe
  C:\Windows\System\TPotKsq.exe
  2⤵
  PID:9912
- C:\Windows\System\TIWdJXl.exe
  C:\Windows\System\TIWdJXl.exe
  2⤵
  PID:9940
- C:\Windows\System\ucvfOnw.exe
  C:\Windows\System\ucvfOnw.exe
  2⤵
  PID:9968
- C:\Windows\System\elQwLGs.exe
  C:\Windows\System\elQwLGs.exe
  2⤵
  PID:10004
- C:\Windows\System\MeMZZLU.exe
  C:\Windows\System\MeMZZLU.exe
  2⤵
  PID:10032
- C:\Windows\System\KvREPxf.exe
  C:\Windows\System\KvREPxf.exe
  2⤵
  PID:10060
- C:\Windows\System\frfFKEz.exe
  C:\Windows\System\frfFKEz.exe
  2⤵
  PID:10088
- C:\Windows\System\IMyoyPm.exe
  C:\Windows\System\IMyoyPm.exe
  2⤵
  PID:10136
- C:\Windows\System\HdTrumh.exe
  C:\Windows\System\HdTrumh.exe
  2⤵
  PID:10176
- C:\Windows\System\sjeQhof.exe
  C:\Windows\System\sjeQhof.exe
  2⤵
  PID:10208
- C:\Windows\System\saRVyhd.exe
  C:\Windows\System\saRVyhd.exe
  2⤵
  PID:10236
- C:\Windows\System\JEGHfrz.exe
  C:\Windows\System\JEGHfrz.exe
  2⤵
  PID:9268
- C:\Windows\System\QzYmLIi.exe
  C:\Windows\System\QzYmLIi.exe
  2⤵
  PID:9324
- C:\Windows\System\zniUEtf.exe
  C:\Windows\System\zniUEtf.exe
  2⤵
  PID:9396
- C:\Windows\System\vAvQXwV.exe
  C:\Windows\System\vAvQXwV.exe
  2⤵
  PID:9452
- C:\Windows\System\jQvGcnz.exe
  C:\Windows\System\jQvGcnz.exe
  2⤵
  PID:9544
- C:\Windows\System\JpGGGbg.exe
  C:\Windows\System\JpGGGbg.exe
  2⤵
  PID:9640
- C:\Windows\System\aXmXvhw.exe
  C:\Windows\System\aXmXvhw.exe
  2⤵
  PID:9700
- C:\Windows\System\QWfIthP.exe
  C:\Windows\System\QWfIthP.exe
  2⤵
  PID:3468
- C:\Windows\System\wDugbiB.exe
  C:\Windows\System\wDugbiB.exe
  2⤵
  PID:9812
- C:\Windows\System\sSmKcJj.exe
  C:\Windows\System\sSmKcJj.exe
  2⤵
  PID:9876
- C:\Windows\System\fbqladn.exe
  C:\Windows\System\fbqladn.exe
  2⤵
  PID:9936
- C:\Windows\System\DBogBKD.exe
  C:\Windows\System\DBogBKD.exe
  2⤵
  PID:10016
- C:\Windows\System\otngjsG.exe
  C:\Windows\System\otngjsG.exe
  2⤵
  PID:10084
- C:\Windows\System\teJoiFm.exe
  C:\Windows\System\teJoiFm.exe
  2⤵
  PID:10172
- C:\Windows\System\mmYTVyL.exe
  C:\Windows\System\mmYTVyL.exe
  2⤵
  PID:9300
- C:\Windows\System\kZJmkjn.exe
  C:\Windows\System\kZJmkjn.exe
  2⤵
  PID:9444
- C:\Windows\System\KWhCMJz.exe
  C:\Windows\System\KWhCMJz.exe
  2⤵
  PID:9636
- C:\Windows\System\hnzeXbe.exe
  C:\Windows\System\hnzeXbe.exe
  2⤵
  PID:9844
- C:\Windows\System\eWjzmSj.exe
  C:\Windows\System\eWjzmSj.exe
  2⤵
  PID:10048
- C:\Windows\System\FGjqmcJ.exe
  C:\Windows\System\FGjqmcJ.exe
  2⤵
  PID:6032
- C:\Windows\System\FOnayKv.exe
  C:\Windows\System\FOnayKv.exe
  2⤵
  PID:10132
- C:\Windows\System\tTBVKPX.exe
  C:\Windows\System\tTBVKPX.exe
  2⤵
  PID:10244
- C:\Windows\System\hKeQZEO.exe
  C:\Windows\System\hKeQZEO.exe
  2⤵
  PID:10272
- C:\Windows\System\ypABkwf.exe
  C:\Windows\System\ypABkwf.exe
  2⤵
  PID:10316
- C:\Windows\System\gmKrCUw.exe
  C:\Windows\System\gmKrCUw.exe
  2⤵
  PID:10344
- C:\Windows\System\kyUOrcX.exe
  C:\Windows\System\kyUOrcX.exe
  2⤵
  PID:10400
- C:\Windows\System\NPjEVwO.exe
  C:\Windows\System\NPjEVwO.exe
  2⤵
  PID:10424
- C:\Windows\System\xjvDKzh.exe
  C:\Windows\System\xjvDKzh.exe
  2⤵
  PID:10452
- C:\Windows\System\qkckmBO.exe
  C:\Windows\System\qkckmBO.exe
  2⤵
  PID:10488
- C:\Windows\System\hFiyyEt.exe
  C:\Windows\System\hFiyyEt.exe
  2⤵
  PID:10516
- C:\Windows\System\aFOrbTM.exe
  C:\Windows\System\aFOrbTM.exe
  2⤵
  PID:10552
- C:\Windows\System\CyfXvTt.exe
  C:\Windows\System\CyfXvTt.exe
  2⤵
  PID:10580
- C:\Windows\System\pdZJRPv.exe
  C:\Windows\System\pdZJRPv.exe
  2⤵
  PID:10608
- C:\Windows\System\fSedaeS.exe
  C:\Windows\System\fSedaeS.exe
  2⤵
  PID:10640
- C:\Windows\System\kvRdjQQ.exe
  C:\Windows\System\kvRdjQQ.exe
  2⤵
  PID:10668
- C:\Windows\System\STZExsA.exe
  C:\Windows\System\STZExsA.exe
  2⤵
  PID:10696
- C:\Windows\System\RQWqQlb.exe
  C:\Windows\System\RQWqQlb.exe
  2⤵
  PID:10724
- C:\Windows\System\AACPTLP.exe
  C:\Windows\System\AACPTLP.exe
  2⤵
  PID:10756
- C:\Windows\System\pkDkpUd.exe
  C:\Windows\System\pkDkpUd.exe
  2⤵
  PID:10772
- C:\Windows\System\xqsyHNV.exe
  C:\Windows\System\xqsyHNV.exe
  2⤵
  PID:10812
- C:\Windows\System\HevngeM.exe
  C:\Windows\System\HevngeM.exe
  2⤵
  PID:10844
- C:\Windows\System\XYhsWgw.exe
  C:\Windows\System\XYhsWgw.exe
  2⤵
  PID:10872
- C:\Windows\System\fLrTXMg.exe
  C:\Windows\System\fLrTXMg.exe
  2⤵
  PID:10912
- C:\Windows\System\DrJfSTk.exe
  C:\Windows\System\DrJfSTk.exe
  2⤵
  PID:10928
- C:\Windows\System\WUELINg.exe
  C:\Windows\System\WUELINg.exe
  2⤵
  PID:10956
- C:\Windows\System\rPaanYc.exe
  C:\Windows\System\rPaanYc.exe
  2⤵
  PID:10984
- C:\Windows\System\PKXkHpG.exe
  C:\Windows\System\PKXkHpG.exe
  2⤵
  PID:11012
- C:\Windows\System\KIptPkd.exe
  C:\Windows\System\KIptPkd.exe
  2⤵
  PID:11040
- C:\Windows\System\wEBcBSv.exe
  C:\Windows\System\wEBcBSv.exe
  2⤵
  PID:11068
- C:\Windows\System\EUCeNBH.exe
  C:\Windows\System\EUCeNBH.exe
  2⤵
  PID:11096
- C:\Windows\System\kdGhFHU.exe
  C:\Windows\System\kdGhFHU.exe
  2⤵
  PID:11128
- C:\Windows\System\lyCnXal.exe
  C:\Windows\System\lyCnXal.exe
  2⤵
  PID:11160
- C:\Windows\System\iKpGFlp.exe
  C:\Windows\System\iKpGFlp.exe
  2⤵
  PID:11188
- C:\Windows\System\nganIpO.exe
  C:\Windows\System\nganIpO.exe
  2⤵
  PID:11216
- C:\Windows\System\lTYJSww.exe
  C:\Windows\System\lTYJSww.exe
  2⤵
  PID:11244
- C:\Windows\System\mBTIykB.exe
  C:\Windows\System\mBTIykB.exe
  2⤵
  PID:5348
- C:\Windows\System\WmZUUts.exe
  C:\Windows\System\WmZUUts.exe
  2⤵
  PID:10332
- C:\Windows\System\agCBhlK.exe
  C:\Windows\System\agCBhlK.exe
  2⤵
  PID:10252
- C:\Windows\System\QDltpBH.exe
  C:\Windows\System\QDltpBH.exe
  2⤵
  PID:10448
- C:\Windows\System\yCeVmYk.exe
  C:\Windows\System\yCeVmYk.exe
  2⤵
  PID:10548
- C:\Windows\System\dtTISMh.exe
  C:\Windows\System\dtTISMh.exe
  2⤵
  PID:10620
- C:\Windows\System\WNAlvYT.exe
  C:\Windows\System\WNAlvYT.exe
  2⤵
  PID:10688
- C:\Windows\System\GVdYOuK.exe
  C:\Windows\System\GVdYOuK.exe
  2⤵
  PID:10768
- C:\Windows\System\pdSoQFK.exe
  C:\Windows\System\pdSoQFK.exe
  2⤵
  PID:10828
- C:\Windows\System\crJkYUB.exe
  C:\Windows\System\crJkYUB.exe
  2⤵
  PID:10744
- C:\Windows\System\aylBgcm.exe
  C:\Windows\System\aylBgcm.exe
  2⤵
  PID:5580
- C:\Windows\System\gOBbiNV.exe
  C:\Windows\System\gOBbiNV.exe
  2⤵
  PID:11036
- C:\Windows\System\wEKPuBh.exe
  C:\Windows\System\wEKPuBh.exe
  2⤵
  PID:11120
- C:\Windows\System\AUZWpzX.exe
  C:\Windows\System\AUZWpzX.exe
  2⤵
  PID:11200
- C:\Windows\System\sybzVJe.exe
  C:\Windows\System\sybzVJe.exe
  2⤵
  PID:9788
- C:\Windows\System\vlsRtJZ.exe
  C:\Windows\System\vlsRtJZ.exe
  2⤵
  PID:10544
- C:\Windows\System\CepAONF.exe
  C:\Windows\System\CepAONF.exe
  2⤵
  PID:10600
- C:\Windows\System\QhXpKqI.exe
  C:\Windows\System\QhXpKqI.exe
  2⤵
  PID:10752
- C:\Windows\System\HFBCbck.exe
  C:\Windows\System\HFBCbck.exe
  2⤵
  PID:10868
- C:\Windows\System\ZSDDbEe.exe
  C:\Windows\System\ZSDDbEe.exe
  2⤵
  PID:10940
- C:\Windows\System\Kuviyxl.exe
  C:\Windows\System\Kuviyxl.exe
  2⤵
  PID:2612
- C:\Windows\System\SeUoKmE.exe
  C:\Windows\System\SeUoKmE.exe
  2⤵
  PID:10508
- C:\Windows\System\ijUhHTQ.exe
  C:\Windows\System\ijUhHTQ.exe
  2⤵
  PID:10716
- C:\Windows\System\YroGRyt.exe
  C:\Windows\System\YroGRyt.exe
  2⤵
  PID:9496
- C:\Windows\System\XZBMbTh.exe
  C:\Windows\System\XZBMbTh.exe
  2⤵
  PID:4932
- C:\Windows\System\zuTvCrS.exe
  C:\Windows\System\zuTvCrS.exe
  2⤵
  PID:4040
- C:\Windows\System\LPIcUrh.exe
  C:\Windows\System\LPIcUrh.exe
  2⤵
  PID:8708
- C:\Windows\System\cJpyZVK.exe
  C:\Windows\System\cJpyZVK.exe
  2⤵
  PID:11184
- C:\Windows\System\uiXYcNE.exe
  C:\Windows\System\uiXYcNE.exe
  2⤵
  PID:11092
- C:\Windows\System\xQBUJOt.exe
  C:\Windows\System\xQBUJOt.exe
  2⤵
  PID:11268
- C:\Windows\System\ROTpbkT.exe
  C:\Windows\System\ROTpbkT.exe
  2⤵
  PID:11296
- C:\Windows\System\oyNrPWG.exe
  C:\Windows\System\oyNrPWG.exe
  2⤵
  PID:11324
- C:\Windows\System\TbShDzX.exe
  C:\Windows\System\TbShDzX.exe
  2⤵
  PID:11352
- C:\Windows\System\pUgmqks.exe
  C:\Windows\System\pUgmqks.exe
  2⤵
  PID:11380
- C:\Windows\System\RQOVEva.exe
  C:\Windows\System\RQOVEva.exe
  2⤵
  PID:11408
- C:\Windows\System\qBvmggD.exe
  C:\Windows\System\qBvmggD.exe
  2⤵
  PID:11436
- C:\Windows\System\VmbxGXD.exe
  C:\Windows\System\VmbxGXD.exe
  2⤵
  PID:11464
- C:\Windows\System\uXvlmht.exe
  C:\Windows\System\uXvlmht.exe
  2⤵
  PID:11484
- C:\Windows\System\huMcBMa.exe
  C:\Windows\System\huMcBMa.exe
  2⤵
  PID:11512
- C:\Windows\System\lMILzBf.exe
  C:\Windows\System\lMILzBf.exe
  2⤵
  PID:11548
- C:\Windows\System\mgrgRKX.exe
  C:\Windows\System\mgrgRKX.exe
  2⤵
  PID:11576
- C:\Windows\System\mbsjRHu.exe
  C:\Windows\System\mbsjRHu.exe
  2⤵
  PID:11604
- C:\Windows\System\XPhZTwm.exe
  C:\Windows\System\XPhZTwm.exe
  2⤵
  PID:11632
- C:\Windows\System\GnyMAJR.exe
  C:\Windows\System\GnyMAJR.exe
  2⤵
  PID:11660
- C:\Windows\System\itLzvgQ.exe
  C:\Windows\System\itLzvgQ.exe
  2⤵
  PID:11688
- C:\Windows\System\KvBRVSV.exe
  C:\Windows\System\KvBRVSV.exe
  2⤵
  PID:11720
- C:\Windows\System\ibrSCQh.exe
  C:\Windows\System\ibrSCQh.exe
  2⤵
  PID:11748
- C:\Windows\System\KOlpMhQ.exe
  C:\Windows\System\KOlpMhQ.exe
  2⤵
  PID:11776
- C:\Windows\System\wvAtRvB.exe
  C:\Windows\System\wvAtRvB.exe
  2⤵
  PID:11804
- C:\Windows\System\ANhqmQO.exe
  C:\Windows\System\ANhqmQO.exe
  2⤵
  PID:11836
- C:\Windows\System\ivZnPQI.exe
  C:\Windows\System\ivZnPQI.exe
  2⤵
  PID:11864
- C:\Windows\System\VMkLEPk.exe
  C:\Windows\System\VMkLEPk.exe
  2⤵
  PID:11892
- C:\Windows\System\xRkwkDZ.exe
  C:\Windows\System\xRkwkDZ.exe
  2⤵
  PID:11920
- C:\Windows\System\GrYaaqK.exe
  C:\Windows\System\GrYaaqK.exe
  2⤵
  PID:11948
- C:\Windows\System\VwjquIM.exe
  C:\Windows\System\VwjquIM.exe
  2⤵
  PID:11976
- C:\Windows\System\SZSDyHA.exe
  C:\Windows\System\SZSDyHA.exe
  2⤵
  PID:12004
- C:\Windows\System\cPxpagE.exe
  C:\Windows\System\cPxpagE.exe
  2⤵
  PID:12032
- C:\Windows\System\szzGbET.exe
  C:\Windows\System\szzGbET.exe
  2⤵
  PID:12060
- C:\Windows\System\QpehEsZ.exe
  C:\Windows\System\QpehEsZ.exe
  2⤵
  PID:12088
- C:\Windows\System\jgeuaoF.exe
  C:\Windows\System\jgeuaoF.exe
  2⤵
  PID:12116
- C:\Windows\System\BMhhYCr.exe
  C:\Windows\System\BMhhYCr.exe
  2⤵
  PID:12144
- C:\Windows\System\CErzVRh.exe
  C:\Windows\System\CErzVRh.exe
  2⤵
  PID:12172
- C:\Windows\System\OxobdKj.exe
  C:\Windows\System\OxobdKj.exe
  2⤵
  PID:12200
- C:\Windows\System\EawNRSa.exe
  C:\Windows\System\EawNRSa.exe
  2⤵
  PID:12232
- C:\Windows\System\RQiYysQ.exe
  C:\Windows\System\RQiYysQ.exe
  2⤵
  PID:12260
- C:\Windows\System\hxdCePa.exe
  C:\Windows\System\hxdCePa.exe
  2⤵
  PID:10336
- C:\Windows\System\HaZpzsv.exe
  C:\Windows\System\HaZpzsv.exe
  2⤵
  PID:11320
- C:\Windows\System\UJlcMhR.exe
  C:\Windows\System\UJlcMhR.exe
  2⤵
  PID:11404
- C:\Windows\System\CsmanhE.exe
  C:\Windows\System\CsmanhE.exe
  2⤵
  PID:11508
- C:\Windows\System\zOxxgYs.exe
  C:\Windows\System\zOxxgYs.exe
  2⤵
  PID:11680
- C:\Windows\System\noomQVK.exe
  C:\Windows\System\noomQVK.exe
  2⤵
  PID:11816
- C:\Windows\System\sKKxWvZ.exe
  C:\Windows\System\sKKxWvZ.exe
  2⤵
  PID:11888
- C:\Windows\System\gSmWqww.exe
  C:\Windows\System\gSmWqww.exe
  2⤵
  PID:11944
- C:\Windows\System\YEbsJtx.exe
  C:\Windows\System\YEbsJtx.exe
  2⤵
  PID:11992
- C:\Windows\System\MRaVQum.exe
  C:\Windows\System\MRaVQum.exe
  2⤵
  PID:12080
- C:\Windows\System\QuUJRwp.exe
  C:\Windows\System\QuUJRwp.exe
  2⤵
  PID:12136
- C:\Windows\System\qwjSTjt.exe
  C:\Windows\System\qwjSTjt.exe
  2⤵
  PID:4528
- C:\Windows\System\RbVGkly.exe
  C:\Windows\System\RbVGkly.exe
  2⤵
  PID:11288
- C:\Windows\System\FocQzTs.exe
  C:\Windows\System\FocQzTs.exe
  2⤵
  PID:11588
- C:\Windows\System\RHqUuGx.exe
  C:\Windows\System\RHqUuGx.exe
  2⤵
  PID:4044
- C:\Windows\System\VcmyiKD.exe
  C:\Windows\System\VcmyiKD.exe
  2⤵
  PID:4984
- C:\Windows\System\OdvYCSt.exe
  C:\Windows\System\OdvYCSt.exe
  2⤵
  PID:12016
- C:\Windows\System\dAVHlpd.exe
  C:\Windows\System\dAVHlpd.exe
  2⤵
  PID:12280
- C:\Windows\System\yOUtdCz.exe
  C:\Windows\System\yOUtdCz.exe
  2⤵
  PID:4152
- C:\Windows\System\VEOxJub.exe
  C:\Windows\System\VEOxJub.exe
  2⤵
  PID:12284
- C:\Windows\System\UjLXjqR.exe
  C:\Windows\System\UjLXjqR.exe
  2⤵
  PID:1332
- C:\Windows\System\kciUkgc.exe
  C:\Windows\System\kciUkgc.exe
  2⤵
  PID:3332
- C:\Windows\System\KEhVzjv.exe
  C:\Windows\System\KEhVzjv.exe
  2⤵
  PID:12316
- C:\Windows\System\BOMqTDA.exe
  C:\Windows\System\BOMqTDA.exe
  2⤵
  PID:12352
- C:\Windows\System\SXgnbML.exe
  C:\Windows\System\SXgnbML.exe
  2⤵
  PID:12396
- C:\Windows\System\VeKruhD.exe
  C:\Windows\System\VeKruhD.exe
  2⤵
  PID:12420
- C:\Windows\System\xppCPIS.exe
  C:\Windows\System\xppCPIS.exe
  2⤵
  PID:12448
- C:\Windows\System\UGIDbYX.exe
  C:\Windows\System\UGIDbYX.exe
  2⤵
  PID:12476
- C:\Windows\System\pKbzNrS.exe
  C:\Windows\System\pKbzNrS.exe
  2⤵
  PID:12504
- C:\Windows\System\uTATRZd.exe
  C:\Windows\System\uTATRZd.exe
  2⤵
  PID:12532
- C:\Windows\System\aNxRPEC.exe
  C:\Windows\System\aNxRPEC.exe
  2⤵
  PID:12560
- C:\Windows\System\DrfYtJw.exe
  C:\Windows\System\DrfYtJw.exe
  2⤵
  PID:12588
- C:\Windows\System\RcasNsc.exe
  C:\Windows\System\RcasNsc.exe
  2⤵
  PID:12616
- C:\Windows\System\rRaLbrh.exe
  C:\Windows\System\rRaLbrh.exe
  2⤵
  PID:12644
- C:\Windows\System\ROmnuYV.exe
  C:\Windows\System\ROmnuYV.exe
  2⤵
  PID:12672
- C:\Windows\System\lsgYlhx.exe
  C:\Windows\System\lsgYlhx.exe
  2⤵
  PID:12700
- C:\Windows\System\uJXmror.exe
  C:\Windows\System\uJXmror.exe
  2⤵
  PID:12728
- C:\Windows\System\HeiMETT.exe
  C:\Windows\System\HeiMETT.exe
  2⤵
  PID:12760
- C:\Windows\System\hzfwucx.exe
  C:\Windows\System\hzfwucx.exe
  2⤵
  PID:12788
- C:\Windows\System\oknHvJG.exe
  C:\Windows\System\oknHvJG.exe
  2⤵
  PID:12816
- C:\Windows\System\yGexCQy.exe
  C:\Windows\System\yGexCQy.exe
  2⤵
  PID:12852
- C:\Windows\System\TEppygx.exe
  C:\Windows\System\TEppygx.exe
  2⤵
  PID:12884
- C:\Windows\System\GIzZkxP.exe
  C:\Windows\System\GIzZkxP.exe
  2⤵
  PID:12912
- C:\Windows\System\muevLqz.exe
  C:\Windows\System\muevLqz.exe
  2⤵
  PID:12928
- C:\Windows\System\cmlDRgR.exe
  C:\Windows\System\cmlDRgR.exe
  2⤵
  PID:12988
- C:\Windows\System\eALoACg.exe
  C:\Windows\System\eALoACg.exe
  2⤵
  PID:13008
- C:\Windows\System\ksEWlnp.exe
  C:\Windows\System\ksEWlnp.exe
  2⤵
  PID:13048
- C:\Windows\System\pCifwRG.exe
  C:\Windows\System\pCifwRG.exe
  2⤵
  PID:13076
- C:\Windows\System\zebtfiV.exe
  C:\Windows\System\zebtfiV.exe
  2⤵
  PID:13104
- C:\Windows\System\EdayRmy.exe
  C:\Windows\System\EdayRmy.exe
  2⤵
  PID:13132
- C:\Windows\System\NfkFVGR.exe
  C:\Windows\System\NfkFVGR.exe
  2⤵
  PID:13160
- C:\Windows\System\cChpoFk.exe
  C:\Windows\System\cChpoFk.exe
  2⤵
  PID:13188
- C:\Windows\System\yJRbili.exe
  C:\Windows\System\yJRbili.exe
  2⤵
  PID:13216
- C:\Windows\System\YDeEyDy.exe
  C:\Windows\System\YDeEyDy.exe
  2⤵
  PID:13244
- C:\Windows\System\uolHPbh.exe
  C:\Windows\System\uolHPbh.exe
  2⤵
  PID:13272
- C:\Windows\System\FjnURQI.exe
  C:\Windows\System\FjnURQI.exe
  2⤵
  PID:13304
- C:\Windows\System\urjvUVs.exe
  C:\Windows\System\urjvUVs.exe
  2⤵
  PID:12364
- C:\Windows\System\tyecCxb.exe
  C:\Windows\System\tyecCxb.exe
  2⤵
  PID:3720
- C:\Windows\System\BVcuWpk.exe
  C:\Windows\System\BVcuWpk.exe
  2⤵
  PID:12488
- C:\Windows\System\RVMQawN.exe
  C:\Windows\System\RVMQawN.exe
  2⤵
  PID:12528
- C:\Windows\System\OiKoGLn.exe
  C:\Windows\System\OiKoGLn.exe
  2⤵
  PID:12584
- C:\Windows\System\OlIrvap.exe
  C:\Windows\System\OlIrvap.exe
  2⤵
  PID:12684
- C:\Windows\System\GJsfOmb.exe
  C:\Windows\System\GJsfOmb.exe
  2⤵
  PID:12720
- C:\Windows\System\VQdiHQz.exe
  C:\Windows\System\VQdiHQz.exe
  2⤵
  PID:12772
- C:\Windows\System\ZpcHTxe.exe
  C:\Windows\System\ZpcHTxe.exe
  2⤵
  PID:12844
- C:\Windows\System\EPxXDNk.exe
  C:\Windows\System\EPxXDNk.exe
  2⤵
  PID:12836
- C:\Windows\System\CUcnaoP.exe
  C:\Windows\System\CUcnaoP.exe
  2⤵
  PID:12924
- C:\Windows\System\iuAfTIL.exe
  C:\Windows\System\iuAfTIL.exe
  2⤵
  PID:936
- C:\Windows\System\Jmculhe.exe
  C:\Windows\System\Jmculhe.exe
  2⤵
  PID:13024
- C:\Windows\System\egXBOSK.exe
  C:\Windows\System\egXBOSK.exe
  2⤵
  PID:13040
- C:\Windows\System\CnAGXFP.exe
  C:\Windows\System\CnAGXFP.exe
  2⤵
  PID:13100
- C:\Windows\System\tNxaxjT.exe
  C:\Windows\System\tNxaxjT.exe
  2⤵
  PID:13152
- C:\Windows\System\fKYySRt.exe
  C:\Windows\System\fKYySRt.exe
  2⤵
  PID:13228
- C:\Windows\System\SAdxjZI.exe
  C:\Windows\System\SAdxjZI.exe
  2⤵
  PID:13292
- C:\Windows\System\NAamLWJ.exe
  C:\Windows\System\NAamLWJ.exe
  2⤵
  PID:12348
- C:\Windows\System\wrVaunc.exe
  C:\Windows\System\wrVaunc.exe
  2⤵
  PID:12412
- C:\Windows\System\eGxUVAI.exe
  C:\Windows\System\eGxUVAI.exe
  2⤵
  PID:12580
- C:\Windows\System\IAjrOZI.exe
  C:\Windows\System\IAjrOZI.exe
  2⤵
  PID:3944
- C:\Windows\System\HlefsNY.exe
  C:\Windows\System\HlefsNY.exe
  2⤵
  PID:12864
- C:\Windows\System\zsGLfaL.exe
  C:\Windows\System\zsGLfaL.exe
  2⤵
  PID:12984
- C:\Windows\System\yTlZtmm.exe
  C:\Windows\System\yTlZtmm.exe
  2⤵
  PID:13044
- C:\Windows\System\zaPccnd.exe
  C:\Windows\System\zaPccnd.exe
  2⤵
  PID:13184
- C:\Windows\System\pLXwKpQ.exe
  C:\Windows\System\pLXwKpQ.exe
  2⤵
  PID:12376
- C:\Windows\System\URXcOoM.exe
  C:\Windows\System\URXcOoM.exe
  2⤵
  PID:12612
- C:\Windows\System\GjOguLy.exe
  C:\Windows\System\GjOguLy.exe
  2⤵
  PID:4200
- C:\Windows\System\xwrOKhA.exe
  C:\Windows\System\xwrOKhA.exe
  2⤵
  PID:11832
- C:\Windows\System\QRLCTNo.exe
  C:\Windows\System\QRLCTNo.exe
  2⤵
  PID:12880
- C:\Windows\System\AteuqnB.exe
  C:\Windows\System\AteuqnB.exe
  2⤵
  PID:5932
- C:\Windows\System\IyMddpV.exe
  C:\Windows\System\IyMddpV.exe
  2⤵
  PID:5012
- C:\Windows\System\Hlunzxc.exe
  C:\Windows\System\Hlunzxc.exe
  2⤵
  PID:12696
- C:\Windows\System\IyRFKub.exe
  C:\Windows\System\IyRFKub.exe
  2⤵
  PID:10232
- C:\Windows\System\HtiKVpk.exe
  C:\Windows\System\HtiKVpk.exe
  2⤵
  PID:10116
- C:\Windows\System\VgveMqy.exe
  C:\Windows\System\VgveMqy.exe
  2⤵
  PID:3872
- C:\Windows\System\OBNXHRM.exe
  C:\Windows\System\OBNXHRM.exe
  2⤵
  PID:13348
- C:\Windows\System\JfeZlVJ.exe
  C:\Windows\System\JfeZlVJ.exe
  2⤵
  PID:13364
- C:\Windows\System\osnOMDm.exe
  C:\Windows\System\osnOMDm.exe
  2⤵
  PID:13392
- C:\Windows\System\qJrsFAe.exe
  C:\Windows\System\qJrsFAe.exe
  2⤵
  PID:13424
- C:\Windows\System\UmGLEZT.exe
  C:\Windows\System\UmGLEZT.exe
  2⤵
  PID:13456
- C:\Windows\System\HQFPwrn.exe
  C:\Windows\System\HQFPwrn.exe
  2⤵
  PID:13484
- C:\Windows\System\pCmwdlN.exe
  C:\Windows\System\pCmwdlN.exe
  2⤵
  PID:13512
- C:\Windows\System\mwNzXDE.exe
  C:\Windows\System\mwNzXDE.exe
  2⤵
  PID:13540
- C:\Windows\System\jKzGQuW.exe
  C:\Windows\System\jKzGQuW.exe
  2⤵
  PID:13568
- C:\Windows\System\pOMVCJf.exe
  C:\Windows\System\pOMVCJf.exe
  2⤵
  PID:13596
- C:\Windows\System\DWBtOsR.exe
  C:\Windows\System\DWBtOsR.exe
  2⤵
  PID:13624
- C:\Windows\System\QDPpTDz.exe
  C:\Windows\System\QDPpTDz.exe
  2⤵
  PID:13656
- C:\Windows\System\XRraHmL.exe
  C:\Windows\System\XRraHmL.exe
  2⤵
  PID:13704
- C:\Windows\System\lveRhSL.exe
  C:\Windows\System\lveRhSL.exe
  2⤵
  PID:13724
- C:\Windows\System\SrHIZVK.exe
  C:\Windows\System\SrHIZVK.exe
  2⤵
  PID:13752
- C:\Windows\System\lJaHDsJ.exe
  C:\Windows\System\lJaHDsJ.exe
  2⤵
  PID:13780
- C:\Windows\System\kbOInzw.exe
  C:\Windows\System\kbOInzw.exe
  2⤵
  PID:13808
- C:\Windows\System\NCoLBDy.exe
  C:\Windows\System\NCoLBDy.exe
  2⤵
  PID:13836
- C:\Windows\System\cPsbyXR.exe
  C:\Windows\System\cPsbyXR.exe
  2⤵
  PID:13864
- C:\Windows\System\MpHyRTJ.exe
  C:\Windows\System\MpHyRTJ.exe
  2⤵
  PID:13904
- C:\Windows\System\LzMBqtg.exe
  C:\Windows\System\LzMBqtg.exe
  2⤵
  PID:13952
- C:\Windows\System\DbgWjwz.exe
  C:\Windows\System\DbgWjwz.exe
  2⤵
  PID:13984
- C:\Windows\System\PnybXYC.exe
  C:\Windows\System\PnybXYC.exe
  2⤵
  PID:14004
- C:\Windows\System\KErvkxO.exe
  C:\Windows\System\KErvkxO.exe
  2⤵
  PID:14032
- C:\Windows\System\efBKFGl.exe
  C:\Windows\System\efBKFGl.exe
  2⤵
  PID:14076
- C:\Windows\System\SvyweJS.exe
  C:\Windows\System\SvyweJS.exe
  2⤵
  PID:14096
- C:\Windows\System\zZQFtAp.exe
  C:\Windows\System\zZQFtAp.exe
  2⤵
  PID:14144
- C:\Windows\System\OEfeiFm.exe
  C:\Windows\System\OEfeiFm.exe
  2⤵
  PID:14180
- C:\Windows\System\BqoUWDD.exe
  C:\Windows\System\BqoUWDD.exe
  2⤵
  PID:14208
- C:\Windows\System\RIVlnFT.exe
  C:\Windows\System\RIVlnFT.exe
  2⤵
  PID:14244
- C:\Windows\System\BqxkvXe.exe
  C:\Windows\System\BqxkvXe.exe
  2⤵
  PID:14308
- C:\Windows\System\fYyJqTl.exe
  C:\Windows\System\fYyJqTl.exe
  2⤵
  PID:14324
- C:\Windows\System\JWEJhiJ.exe
  C:\Windows\System\JWEJhiJ.exe
  2⤵
  PID:10124
- C:\Windows\System\ZrKExDw.exe
  C:\Windows\System\ZrKExDw.exe
  2⤵
  PID:13388
- C:\Windows\System\cKmnXwc.exe
  C:\Windows\System\cKmnXwc.exe
  2⤵
  PID:13440
- C:\Windows\System\ojOXJWC.exe
  C:\Windows\System\ojOXJWC.exe
  2⤵
  PID:13536
- C:\Windows\System\KQKAZwj.exe
  C:\Windows\System\KQKAZwj.exe
  2⤵
  PID:1372
- C:\Windows\System\vRCHFDi.exe
  C:\Windows\System\vRCHFDi.exe
  2⤵
  PID:10296
- C:\Windows\System\KIulsYB.exe
  C:\Windows\System\KIulsYB.exe
  2⤵
  PID:13748
- C:\Windows\System\nKIEYXe.exe
  C:\Windows\System\nKIEYXe.exe
  2⤵
  PID:13832
- C:\Windows\System\bVGDDrr.exe
  C:\Windows\System\bVGDDrr.exe
  2⤵
  PID:13944
- C:\Windows\System\ErTHDZw.exe
  C:\Windows\System\ErTHDZw.exe
  2⤵
  PID:13976
- C:\Windows\System\kqPlrNA.exe
  C:\Windows\System\kqPlrNA.exe
  2⤵
  PID:14068
- C:\Windows\System\YSNwTEj.exe
  C:\Windows\System\YSNwTEj.exe
  2⤵
  PID:14084
- C:\Windows\System\RrWejtV.exe
  C:\Windows\System\RrWejtV.exe
  2⤵
  PID:14132
- C:\Windows\System\twTpiQz.exe
  C:\Windows\System\twTpiQz.exe
  2⤵
  PID:14236
- C:\Windows\System\vGIbrFN.exe
  C:\Windows\System\vGIbrFN.exe
  2⤵
  PID:14272
- C:\Windows\System\EUfZgpx.exe
  C:\Windows\System\EUfZgpx.exe
  2⤵
  PID:13912
- C:\Windows\System\quusphY.exe
  C:\Windows\System\quusphY.exe
  2⤵
  PID:6520
- C:\Windows\System\giHvxWu.exe
  C:\Windows\System\giHvxWu.exe
  2⤵
  PID:6776
- C:\Windows\System\DiZfLVw.exe
  C:\Windows\System\DiZfLVw.exe
  2⤵
  PID:13960
- C:\Windows\System\BjMuJZh.exe
  C:\Windows\System\BjMuJZh.exe
  2⤵
  PID:7136
- C:\Windows\System\mLBOirN.exe
  C:\Windows\System\mLBOirN.exe
  2⤵
  PID:6056
- C:\Windows\System\CWObwXj.exe
  C:\Windows\System\CWObwXj.exe
  2⤵
  PID:13404
- C:\Windows\System\LNdohsM.exe
  C:\Windows\System\LNdohsM.exe
  2⤵
  PID:13476
- C:\Windows\System\gPyFrGx.exe
  C:\Windows\System\gPyFrGx.exe
  2⤵
  PID:14172
- C:\Windows\System\cNHTYKG.exe
  C:\Windows\System\cNHTYKG.exe
  2⤵
  PID:13000
- C:\Windows\System\GiqKFtL.exe
  C:\Windows\System\GiqKFtL.exe
  2⤵
  PID:2712
- C:\Windows\System\auuhxKT.exe
  C:\Windows\System\auuhxKT.exe
  2⤵
  PID:6968
- C:\Windows\System\raYarGs.exe
  C:\Windows\System\raYarGs.exe
  2⤵
  PID:7280
- C:\Windows\System\OPifmGw.exe
  C:\Windows\System\OPifmGw.exe
  2⤵
  PID:7368
- C:\Windows\System\ltErdJZ.exe
  C:\Windows\System\ltErdJZ.exe
  2⤵
  PID:7460
- C:\Windows\System\JIFecTV.exe
  C:\Windows\System\JIFecTV.exe
  2⤵
  PID:7616
- C:\Windows\System\qFEGAON.exe
  C:\Windows\System\qFEGAON.exe
  2⤵
  PID:7640
- C:\Windows\System\AxkOBNM.exe
  C:\Windows\System\AxkOBNM.exe
  2⤵
  PID:7796
- C:\Windows\System\sNwZdnT.exe
  C:\Windows\System\sNwZdnT.exe
  2⤵
  PID:7900
- C:\Windows\System\UXiWuoF.exe
  C:\Windows\System\UXiWuoF.exe
  2⤵
  PID:7964
- C:\Windows\System\aEzvwDt.exe
  C:\Windows\System\aEzvwDt.exe
  2⤵
  PID:8076
- C:\Windows\System\aXwDLlQ.exe
  C:\Windows\System\aXwDLlQ.exe
  2⤵
  PID:7208
- C:\Windows\System\jMSlPWb.exe
  C:\Windows\System\jMSlPWb.exe
  2⤵
  PID:1220
- C:\Windows\System\JfFssSZ.exe
  C:\Windows\System\JfFssSZ.exe
  2⤵
  PID:5844
- C:\Windows\System\WCktYVA.exe
  C:\Windows\System\WCktYVA.exe
  2⤵
  PID:2064
- C:\Windows\System\ytDAABS.exe
  C:\Windows\System\ytDAABS.exe
  2⤵
  PID:884
- C:\Windows\System\pARLhkT.exe
  C:\Windows\System\pARLhkT.exe
  2⤵
  PID:1748
- C:\Windows\System\uVPpkuy.exe
  C:\Windows\System\uVPpkuy.exe
  2⤵
  PID:8
- C:\Windows\System\LyHXsPh.exe
  C:\Windows\System\LyHXsPh.exe
  2⤵
  PID:5380
- C:\Windows\System\zdKDaWo.exe
  C:\Windows\System\zdKDaWo.exe
  2⤵
  PID:2464
- C:\Windows\System\ZUxrGmr.exe
  C:\Windows\System\ZUxrGmr.exe
  2⤵
  PID:4648
- C:\Windows\System\iEQNCFr.exe
  C:\Windows\System\iEQNCFr.exe
  2⤵
  PID:4460
- C:\Windows\System\iPIjsmM.exe
  C:\Windows\System\iPIjsmM.exe
  2⤵
  PID:2752
- C:\Windows\System\pQITeMR.exe
  C:\Windows\System\pQITeMR.exe
  2⤵
  PID:13720
- C:\Windows\System\LjOyTVm.exe
  C:\Windows\System\LjOyTVm.exe
  2⤵
  PID:13828
- C:\Windows\System\BJRGtcw.exe
  C:\Windows\System\BJRGtcw.exe
  2⤵
  PID:13980
- C:\Windows\System\sBDJXIC.exe
  C:\Windows\System\sBDJXIC.exe
  2⤵
  PID:14108
- C:\Windows\System\pwDhRak.exe
  C:\Windows\System\pwDhRak.exe
  2⤵
  PID:14164
- C:\Windows\System\ndyGcVf.exe
  C:\Windows\System\ndyGcVf.exe
  2⤵
  PID:13924
- C:\Windows\System\CnkFDAQ.exe
  C:\Windows\System\CnkFDAQ.exe
  2⤵
  PID:2072
- C:\Windows\System\WxWJcjS.exe
  C:\Windows\System\WxWJcjS.exe
  2⤵
  PID:6908
- C:\Windows\System\OFbqdMd.exe
  C:\Windows\System\OFbqdMd.exe
  2⤵
  PID:3816
- C:\Windows\System\uZAdvkt.exe
  C:\Windows\System\uZAdvkt.exe
  2⤵
  PID:3444
- C:\Windows\System\MpVNQrL.exe
  C:\Windows\System\MpVNQrL.exe
  2⤵
  PID:14088
- C:\Windows\System\dICYQSq.exe
  C:\Windows\System\dICYQSq.exe
  2⤵
  PID:6572
- C:\Windows\System\JjbcgLz.exe
  C:\Windows\System\JjbcgLz.exe
  2⤵
  PID:6760
- C:\Windows\System\YMtSspI.exe
  C:\Windows\System\YMtSspI.exe
  2⤵
  PID:4328
- C:\Windows\System\dnroqoj.exe
  C:\Windows\System\dnroqoj.exe
  2⤵
  PID:7560
- C:\Windows\System\vRMUwoO.exe
  C:\Windows\System\vRMUwoO.exe
  2⤵
  PID:7668
- C:\Windows\System\ixjxvmF.exe
  C:\Windows\System\ixjxvmF.exe
  2⤵
  PID:7880
- C:\Windows\System\cRkXmOX.exe
  C:\Windows\System\cRkXmOX.exe
  2⤵
  PID:8064
- C:\Windows\System\UmvnUPp.exe
  C:\Windows\System\UmvnUPp.exe
  2⤵
  PID:7320
- C:\Windows\System\BDkBTXn.exe
  C:\Windows\System\BDkBTXn.exe
  2⤵
  PID:1540
- C:\Windows\System\MMJLGMd.exe
  C:\Windows\System\MMJLGMd.exe
  2⤵
  PID:7388
- C:\Windows\System\yEXyXyf.exe
  C:\Windows\System\yEXyXyf.exe
  2⤵
  PID:1428
- C:\Windows\System\GxyQwia.exe
  C:\Windows\System\GxyQwia.exe
  2⤵
  PID:988
- C:\Windows\System\mydjcQe.exe
  C:\Windows\System\mydjcQe.exe
  2⤵
  PID:2224
- C:\Windows\System\LRMgBUS.exe
  C:\Windows\System\LRMgBUS.exe
  2⤵
  PID:2108
- C:\Windows\System\ioLSImM.exe
  C:\Windows\System\ioLSImM.exe
  2⤵
  PID:3880
- C:\Windows\System\VMsDdvR.exe
  C:\Windows\System\VMsDdvR.exe
  2⤵
  PID:1080
- C:\Windows\System\fgwvwDd.exe
  C:\Windows\System\fgwvwDd.exe
  2⤵
  PID:2552
- C:\Windows\System\jhfYVAW.exe
  C:\Windows\System\jhfYVAW.exe
  2⤵
  PID:3184
- C:\Windows\System\SGgLZOa.exe
  C:\Windows\System\SGgLZOa.exe
  2⤵
  PID:7652
- C:\Windows\System\VwYNyNy.exe
  C:\Windows\System\VwYNyNy.exe
  2⤵
  PID:5716
- C:\Windows\System\ZWpgeAC.exe
  C:\Windows\System\ZWpgeAC.exe
  2⤵
  PID:3760
- C:\Windows\System\ppUwgCK.exe
  C:\Windows\System\ppUwgCK.exe
  2⤵
  PID:9108
- C:\Windows\System\ufNDvQw.exe
  C:\Windows\System\ufNDvQw.exe
  2⤵
  PID:1900
- C:\Windows\System\ZBQxQcq.exe
  C:\Windows\System\ZBQxQcq.exe
  2⤵
  PID:3064
- C:\Windows\System\tQZRVYU.exe
  C:\Windows\System\tQZRVYU.exe
  2⤵
  PID:14304
- C:\Windows\System\RVBQupn.exe
  C:\Windows\System\RVBQupn.exe
  2⤵
  PID:7224
- C:\Windows\System\ZXEDBEP.exe
  C:\Windows\System\ZXEDBEP.exe
  2⤵
  PID:5292
- C:\Windows\System\aZodbdL.exe
  C:\Windows\System\aZodbdL.exe
  2⤵
  PID:7724
- C:\Windows\System\DvAHnbQ.exe
  C:\Windows\System\DvAHnbQ.exe
  2⤵
  PID:4504
- C:\Windows\System\VIXataY.exe
  C:\Windows\System\VIXataY.exe
  2⤵
  PID:1672
- C:\Windows\System\cyvIlfe.exe
  C:\Windows\System\cyvIlfe.exe
  2⤵
  PID:3116
- C:\Windows\System\ttXaJxy.exe
  C:\Windows\System\ttXaJxy.exe
  2⤵
  PID:5280
- C:\Windows\System\AwCVhyI.exe
  C:\Windows\System\AwCVhyI.exe
  2⤵
  PID:13744
- C:\Windows\System\cBAAjEw.exe
  C:\Windows\System\cBAAjEw.exe
  2⤵
  PID:13800
- C:\Windows\System\UGKAEKg.exe
  C:\Windows\System\UGKAEKg.exe
  2⤵
  PID:5372
- C:\Windows\System\bSqTeTE.exe
  C:\Windows\System\bSqTeTE.exe
  2⤵
  PID:6620
- C:\Windows\System\iaePnIX.exe
  C:\Windows\System\iaePnIX.exe
  2⤵
  PID:5300
- C:\Windows\System\IHDEbcR.exe
  C:\Windows\System\IHDEbcR.exe
  2⤵
  PID:4964
- C:\Windows\System\LjDKLfQ.exe
  C:\Windows\System\LjDKLfQ.exe
  2⤵
  PID:7852
- C:\Windows\System\lfcNtdh.exe
  C:\Windows\System\lfcNtdh.exe
  2⤵
  PID:6392
- C:\Windows\System\oNelMKd.exe
  C:\Windows\System\oNelMKd.exe
  2⤵
  PID:4312
- C:\Windows\System\MDrIleU.exe
  C:\Windows\System\MDrIleU.exe
  2⤵
  PID:5020
- C:\Windows\System\MxzpRot.exe
  C:\Windows\System\MxzpRot.exe
  2⤵
  PID:12380
- C:\Windows\System\VltNpdM.exe
  C:\Windows\System\VltNpdM.exe
  2⤵
  PID:2920
- C:\Windows\System\angIEsQ.exe
  C:\Windows\System\angIEsQ.exe
  2⤵
  PID:6148
- C:\Windows\System\SlTsPXf.exe
  C:\Windows\System\SlTsPXf.exe
  2⤵
  PID:4284
- C:\Windows\System\tuouKwP.exe
  C:\Windows\System\tuouKwP.exe
  2⤵
  PID:4580
- C:\Windows\System\eusYfUV.exe
  C:\Windows\System\eusYfUV.exe
  2⤵
  PID:2300
- C:\Windows\System\qTyYRGk.exe
  C:\Windows\System\qTyYRGk.exe
  2⤵
  PID:4188
- C:\Windows\System\gJJNYTA.exe
  C:\Windows\System\gJJNYTA.exe
  2⤵
  PID:5976
- C:\Windows\System\QGXpzeB.exe
  C:\Windows\System\QGXpzeB.exe
  2⤵
  PID:5592
- C:\Windows\System\bkXDEQz.exe
  C:\Windows\System\bkXDEQz.exe
  2⤵
  PID:6336
- C:\Windows\System\sJfEmOy.exe
  C:\Windows\System\sJfEmOy.exe
  2⤵
  PID:6896
- C:\Windows\System\nKhoZIT.exe
  C:\Windows\System\nKhoZIT.exe
  2⤵
  PID:6424
- C:\Windows\System\dzktCkt.exe
  C:\Windows\System\dzktCkt.exe
  2⤵
  PID:6436
- C:\Windows\System\sJdQANB.exe
  C:\Windows\System\sJdQANB.exe
  2⤵
  PID:6472
- C:\Windows\System\NLSHgpY.exe
  C:\Windows\System\NLSHgpY.exe
  2⤵
  PID:6512
- C:\Windows\System\stTOqFQ.exe
  C:\Windows\System\stTOqFQ.exe
  2⤵
  PID:1248
- C:\Windows\System\xVbYWnH.exe
  C:\Windows\System\xVbYWnH.exe
  2⤵
  PID:7488
- C:\Windows\System\trQkVXN.exe
  C:\Windows\System\trQkVXN.exe
  2⤵
  PID:3420
- C:\Windows\System\KPCjDmA.exe
  C:\Windows\System\KPCjDmA.exe
  2⤵
  PID:6196
- C:\Windows\System\wUMkJqS.exe
  C:\Windows\System\wUMkJqS.exe
  2⤵
  PID:8272
- C:\Windows\System\iHDjOwU.exe
  C:\Windows\System\iHDjOwU.exe
  2⤵
  PID:4684
- C:\Windows\System\fmsAMBT.exe
  C:\Windows\System\fmsAMBT.exe
  2⤵
  PID:9032
- C:\Windows\System\lIMNjOC.exe
  C:\Windows\System\lIMNjOC.exe
  2⤵
  PID:6728
- C:\Windows\System\KuTJoFq.exe
  C:\Windows\System\KuTJoFq.exe
  2⤵
  PID:3516
- C:\Windows\System\sJtKVly.exe
  C:\Windows\System\sJtKVly.exe
  2⤵
  PID:632
- C:\Windows\System\yLuZODK.exe
  C:\Windows\System\yLuZODK.exe
  2⤵
  PID:8224
- C:\Windows\System\MpiDfzB.exe
  C:\Windows\System\MpiDfzB.exe
  2⤵
  PID:6864
- C:\Windows\System\hWJwBNH.exe
  C:\Windows\System\hWJwBNH.exe
  2⤵
  PID:6868
- C:\Windows\System\ffQKViC.exe
  C:\Windows\System\ffQKViC.exe
  2⤵
  PID:6352
- C:\Windows\System\zfqBdOs.exe
  C:\Windows\System\zfqBdOs.exe
  2⤵
  PID:6452
- C:\Windows\System\YsUSpAi.exe
  C:\Windows\System\YsUSpAi.exe
  2⤵
  PID:13036
- C:\Windows\System\uIYeEqD.exe
  C:\Windows\System\uIYeEqD.exe
  2⤵
  PID:13636
- C:\Windows\System\qAHsekV.exe
  C:\Windows\System\qAHsekV.exe
  2⤵
  PID:7052
- C:\Windows\System\eyiDqSL.exe
  C:\Windows\System\eyiDqSL.exe
  2⤵
  PID:6544
- C:\Windows\System\AZsmnVV.exe
  C:\Windows\System\AZsmnVV.exe
  2⤵
  PID:7092
- C:\Windows\System\omsnzkV.exe
  C:\Windows\System\omsnzkV.exe
  2⤵
  PID:7064
- C:\Windows\System\cLEYoKw.exe
  C:\Windows\System\cLEYoKw.exe
  2⤵
  PID:7108
- C:\Windows\System\oDlnEwQ.exe
  C:\Windows\System\oDlnEwQ.exe
  2⤵
  PID:6080
- C:\Windows\System\AzjaJyB.exe
  C:\Windows\System\AzjaJyB.exe
  2⤵
  PID:6568
- C:\Windows\System\uCRGuIm.exe
  C:\Windows\System\uCRGuIm.exe
  2⤵
  PID:2252
- C:\Windows\System\qJfccgy.exe
  C:\Windows\System\qJfccgy.exe
  2⤵
  PID:1512
- C:\Windows\System\rPJHYmC.exe
  C:\Windows\System\rPJHYmC.exe
  2⤵
  PID:4876
- C:\Windows\System\nHFvdUy.exe
  C:\Windows\System\nHFvdUy.exe
  2⤵
  PID:2156
- C:\Windows\System\DmhzrWB.exe
  C:\Windows\System\DmhzrWB.exe
  2⤵
  PID:5928
- C:\Windows\System\ELopYUU.exe
  C:\Windows\System\ELopYUU.exe
  2⤵
  PID:2204
- C:\Windows\System\KxBGZHJ.exe
  C:\Windows\System\KxBGZHJ.exe
  2⤵
  PID:14364
- C:\Windows\System\EXdiRnZ.exe
  C:\Windows\System\EXdiRnZ.exe
  2⤵
  PID:14392
- C:\Windows\System\MGazsog.exe
  C:\Windows\System\MGazsog.exe
  2⤵
  PID:14420
- C:\Windows\System\nOJfzpg.exe
  C:\Windows\System\nOJfzpg.exe
  2⤵
  PID:14448
- C:\Windows\System\pRAeKsJ.exe
  C:\Windows\System\pRAeKsJ.exe
  2⤵
  PID:14476
- C:\Windows\System\xmTNcxi.exe
  C:\Windows\System\xmTNcxi.exe
  2⤵
  PID:14504
- C:\Windows\System\ckpUHyA.exe
  C:\Windows\System\ckpUHyA.exe
  2⤵
  PID:14532
- C:\Windows\System\mxIurvA.exe
  C:\Windows\System\mxIurvA.exe
  2⤵
  PID:14560
- C:\Windows\System\PNqSYoO.exe
  C:\Windows\System\PNqSYoO.exe
  2⤵
  PID:14588
- C:\Windows\System\wcHQghJ.exe
  C:\Windows\System\wcHQghJ.exe
  2⤵
  PID:14616
- C:\Windows\System\bHKJelK.exe
  C:\Windows\System\bHKJelK.exe
  2⤵
  PID:14644
- C:\Windows\System\WhLnzsV.exe
  C:\Windows\System\WhLnzsV.exe
  2⤵
  PID:14672
- C:\Windows\System\CUrMahf.exe
  C:\Windows\System\CUrMahf.exe
  2⤵
  PID:14700
- C:\Windows\System\nuFAYwk.exe
  C:\Windows\System\nuFAYwk.exe
  2⤵
  PID:14728
- C:\Windows\System\ySoBdIT.exe
  C:\Windows\System\ySoBdIT.exe
  2⤵
  PID:14756
- C:\Windows\System\uMYXcUk.exe
  C:\Windows\System\uMYXcUk.exe
  2⤵
  PID:14784
- C:\Windows\System\xdliAeL.exe
  C:\Windows\System\xdliAeL.exe
  2⤵
  PID:14812
- C:\Windows\System\YzwxMAS.exe
  C:\Windows\System\YzwxMAS.exe
  2⤵
  PID:14840
- C:\Windows\System\mPfhMVL.exe
  C:\Windows\System\mPfhMVL.exe
  2⤵
  PID:14868
- C:\Windows\System\sQDIIar.exe
  C:\Windows\System\sQDIIar.exe
  2⤵
  PID:14896
- C:\Windows\System\FBKSYmu.exe
  C:\Windows\System\FBKSYmu.exe
  2⤵
  PID:14924
- C:\Windows\System\DgJUqoG.exe
  C:\Windows\System\DgJUqoG.exe
  2⤵
  PID:14952
- C:\Windows\System\xfVCLhd.exe
  C:\Windows\System\xfVCLhd.exe
  2⤵
  PID:14980
- C:\Windows\System\SQsFkWC.exe
  C:\Windows\System\SQsFkWC.exe
  2⤵
  PID:15008
- C:\Windows\System\IAoWJtU.exe
  C:\Windows\System\IAoWJtU.exe
  2⤵
  PID:15048
- C:\Windows\System\ydMEHFR.exe
  C:\Windows\System\ydMEHFR.exe
  2⤵
  PID:15064
- C:\Windows\System\ZpOQPSj.exe
  C:\Windows\System\ZpOQPSj.exe
  2⤵
  PID:15092
- C:\Windows\System\JGwQMBD.exe
  C:\Windows\System\JGwQMBD.exe
  2⤵
  PID:15120
- C:\Windows\System\joupdkb.exe
  C:\Windows\System\joupdkb.exe
  2⤵
  PID:15148
- C:\Windows\System\GmLBXzY.exe
  C:\Windows\System\GmLBXzY.exe
  2⤵
  PID:15176
- C:\Windows\System\EBmBgoj.exe
  C:\Windows\System\EBmBgoj.exe
  2⤵
  PID:15204
- C:\Windows\System\XgEYQVr.exe
  C:\Windows\System\XgEYQVr.exe
  2⤵
  PID:15232
- C:\Windows\System\yyMsrea.exe
  C:\Windows\System\yyMsrea.exe
  2⤵
  PID:15260
- C:\Windows\System\RKXYCqb.exe
  C:\Windows\System\RKXYCqb.exe
  2⤵
  PID:15288
- C:\Windows\System\HKEcVhn.exe
  C:\Windows\System\HKEcVhn.exe
  2⤵
  PID:15316
- C:\Windows\System\OKstMEN.exe
  C:\Windows\System\OKstMEN.exe
  2⤵
  PID:15344
- C:\Windows\System\VXAcqWE.exe
  C:\Windows\System\VXAcqWE.exe
  2⤵
  PID:14360
- C:\Windows\System\DMvWfrl.exe
  C:\Windows\System\DMvWfrl.exe
  2⤵
  PID:14432
- C:\Windows\System\oqkBJcd.exe
  C:\Windows\System\oqkBJcd.exe
  2⤵
  PID:14496
- C:\Windows\System\TNTRgGB.exe
  C:\Windows\System\TNTRgGB.exe
  2⤵
  PID:14556
- C:\Windows\System\HFDJfYD.exe
  C:\Windows\System\HFDJfYD.exe
  2⤵
  PID:14628
- C:\Windows\System\ELphhlQ.exe
  C:\Windows\System\ELphhlQ.exe
  2⤵
  PID:14668
- C:\Windows\System\XeNfyQE.exe
  C:\Windows\System\XeNfyQE.exe
  2⤵
  PID:14724
- C:\Windows\System\CJEYSAp.exe
  C:\Windows\System\CJEYSAp.exe
  2⤵
  PID:7100
- C:\Windows\System\WLyjFII.exe
  C:\Windows\System\WLyjFII.exe
  2⤵
  PID:14824
- C:\Windows\System\MyGCVkw.exe
  C:\Windows\System\MyGCVkw.exe
  2⤵
  PID:14852
- C:\Windows\System\SoXyzMG.exe
  C:\Windows\System\SoXyzMG.exe
  2⤵
  PID:8652
- C:\Windows\System\mMRqLVA.exe
  C:\Windows\System\mMRqLVA.exe
  2⤵
  PID:8700
- C:\Windows\System\oeRWaBY.exe
  C:\Windows\System\oeRWaBY.exe
  2⤵
  PID:14948
- C:\Windows\System\VLECvgt.exe
  C:\Windows\System\VLECvgt.exe
  2⤵
  PID:14976
- C:\Windows\System\oktdxGI.exe
  C:\Windows\System\oktdxGI.exe
  2⤵
  PID:15028
- C:\Windows\System\JxKhFqn.exe
  C:\Windows\System\JxKhFqn.exe
  2⤵
  PID:1772
- C:\Windows\System\yKIfqHm.exe
  C:\Windows\System\yKIfqHm.exe
  2⤵
  PID:15060
- C:\Windows\System\aoDOURT.exe
  C:\Windows\System\aoDOURT.exe
  2⤵
  PID:15088
- C:\Windows\System\ckARpbO.exe
  C:\Windows\System\ckARpbO.exe
  2⤵
  PID:15140
- C:\Windows\System\WPeoSOq.exe
  C:\Windows\System\WPeoSOq.exe
  2⤵
  PID:2332
- C:\Windows\System\CxAaTWc.exe
  C:\Windows\System\CxAaTWc.exe
  2⤵
  PID:15228
- C:\Windows\System\HEBnWdu.exe
  C:\Windows\System\HEBnWdu.exe
  2⤵
  PID:15280
- C:\Windows\System\IUtRkBx.exe
  C:\Windows\System\IUtRkBx.exe
  2⤵
  PID:15328
- C:\Windows\System\AZpTzNT.exe
  C:\Windows\System\AZpTzNT.exe
  2⤵
  PID:9212
- C:\Windows\System\GQPtjFK.exe
  C:\Windows\System\GQPtjFK.exe
  2⤵
  PID:14416
- C:\Windows\System\RRmuPeA.exe
  C:\Windows\System\RRmuPeA.exe
  2⤵
  PID:14544
- C:\Windows\System\CstZieB.exe
  C:\Windows\System\CstZieB.exe
  2⤵
  PID:8560
- C:\Windows\System\yEsnLGk.exe
  C:\Windows\System\yEsnLGk.exe
  2⤵
  PID:2420
- C:\Windows\System\ELuSOZF.exe
  C:\Windows\System\ELuSOZF.exe
  2⤵
  PID:8928
- C:\Windows\System\JPZOhhL.exe
  C:\Windows\System\JPZOhhL.exe
  2⤵
  PID:4616
- C:\Windows\System\jicTERl.exe
  C:\Windows\System\jicTERl.exe
  2⤵
  PID:14864
- C:\Windows\System\eSBRpGu.exe
  C:\Windows\System\eSBRpGu.exe
  2⤵
  PID:14936
- C:\Windows\System\gNBgsBe.exe
  C:\Windows\System\gNBgsBe.exe
  2⤵
  PID:8812
- C:\Windows\System\DBbMwVe.exe
  C:\Windows\System\DBbMwVe.exe
  2⤵
  PID:2428
- C:\Windows\System\FOfohlJ.exe
  C:\Windows\System\FOfohlJ.exe
  2⤵
  PID:2696
- C:\Windows\System\gJnckoq.exe
  C:\Windows\System\gJnckoq.exe
  2⤵
  PID:15116
- C:\Windows\System\nPIAsuz.exe
  C:\Windows\System\nPIAsuz.exe
  2⤵
  PID:2520
- C:\Windows\System\GJIUqFH.exe
  C:\Windows\System\GJIUqFH.exe
  2⤵
  PID:15256
- C:\Windows\System\icOjjjI.exe
  C:\Windows\System\icOjjjI.exe
  2⤵
  PID:6804
- C:\Windows\System\lZzhidu.exe
  C:\Windows\System\lZzhidu.exe
  2⤵
  PID:14488
- C:\Windows\System\YCWKkQV.exe
  C:\Windows\System\YCWKkQV.exe
  2⤵
  PID:14608
- C:\Windows\System\MrpyTKB.exe
  C:\Windows\System\MrpyTKB.exe
  2⤵
  PID:14752
- C:\Windows\System\iTdoDyq.exe
  C:\Windows\System\iTdoDyq.exe
  2⤵
  PID:9456
- C:\Windows\System\tZllGbE.exe
  C:\Windows\System\tZllGbE.exe
  2⤵
  PID:9536
- C:\Windows\System\rZuOnWJ.exe
  C:\Windows\System\rZuOnWJ.exe
  2⤵
  PID:8648
- C:\Windows\System\XGVIIDQ.exe
  C:\Windows\System\XGVIIDQ.exe
  2⤵
  PID:4548
- C:\Windows\System\wKUzuBV.exe
  C:\Windows\System\wKUzuBV.exe
  2⤵
  PID:2132
- C:\Windows\System\qAmCzEW.exe
  C:\Windows\System\qAmCzEW.exe
  2⤵
  PID:9012
- C:\Windows\System\dOtBlUj.exe
  C:\Windows\System\dOtBlUj.exe
  2⤵
  PID:9316
- C:\Windows\System\Dlrkefg.exe
  C:\Windows\System\Dlrkefg.exe
  2⤵
  PID:8188
- C:\Windows\System\FOyDPCs.exe
  C:\Windows\System\FOyDPCs.exe
  2⤵
  PID:9760
- C:\Windows\System\GJMZVGI.exe
  C:\Windows\System\GJMZVGI.exe
  2⤵
  PID:6092
- C:\Windows\System\FtXCQOE.exe
  C:\Windows\System\FtXCQOE.exe
  2⤵
  PID:14916
- C:\Windows\System\colSsDC.exe
  C:\Windows\System\colSsDC.exe
  2⤵
  PID:9840
- C:\Windows\System\tMQDNyu.exe
  C:\Windows\System\tMQDNyu.exe
  2⤵
  PID:7212
- C:\Windows\System\MrIjVIb.exe
  C:\Windows\System\MrIjVIb.exe
  2⤵
  PID:9260
- C:\Windows\System\gwnQnhO.exe
  C:\Windows\System\gwnQnhO.exe
  2⤵
  PID:7340
- C:\Windows\System\MflXhOE.exe
  C:\Windows\System\MflXhOE.exe
  2⤵
  PID:3748
- C:\Windows\System\aPtvsMH.exe
  C:\Windows\System\aPtvsMH.exe
  2⤵
  PID:10012
- C:\Windows\System\WblwIbE.exe
  C:\Windows\System\WblwIbE.exe
  2⤵
  PID:10044
- C:\Windows\System\VdmLiyV.exe
  C:\Windows\System\VdmLiyV.exe
  2⤵
  PID:10068
- C:\Windows\System\XwMgRSY.exe
  C:\Windows\System\XwMgRSY.exe
  2⤵
  PID:10104
- C:\Windows\System\aGPSCup.exe
  C:\Windows\System\aGPSCup.exe
  2⤵
  PID:10148
- C:\Windows\System\QdLUKIv.exe
  C:\Windows\System\QdLUKIv.exe
  2⤵
  PID:7764
- C:\Windows\System\YWmwgMb.exe
  C:\Windows\System\YWmwgMb.exe
  2⤵
  PID:9716
- C:\Windows\System\XxthGqu.exe
  C:\Windows\System\XxthGqu.exe
  2⤵
  PID:5248
- C:\Windows\System\CwvRxmA.exe
  C:\Windows\System\CwvRxmA.exe
  2⤵
  PID:15004
- C:\Windows\System\HucwnuG.exe
  C:\Windows\System\HucwnuG.exe
  2⤵
  PID:9340
- C:\Windows\System\OlZpvCt.exe
  C:\Windows\System\OlZpvCt.exe
  2⤵
  PID:8000
- C:\Windows\System\FPJPfkT.exe
  C:\Windows\System\FPJPfkT.exe
  2⤵
  PID:10188
- C:\Windows\System\flTWCBK.exe
  C:\Windows\System\flTWCBK.exe
  2⤵
  PID:9652
- C:\Windows\System\ThxJLHx.exe
  C:\Windows\System\ThxJLHx.exe
  2⤵
  PID:9816
- C:\Windows\System\vejxXCK.exe
  C:\Windows\System\vejxXCK.exe
  2⤵
  PID:9792
- C:\Windows\System\tJveGWi.exe
  C:\Windows\System\tJveGWi.exe
  2⤵
  PID:9468
- C:\Windows\System\lnbeZGN.exe
  C:\Windows\System\lnbeZGN.exe
  2⤵
  PID:8028
- C:\Windows\System\NxbeWVp.exe
  C:\Windows\System\NxbeWVp.exe
  2⤵
  PID:7528
- C:\Windows\System\juPZXLh.exe
  C:\Windows\System\juPZXLh.exe
  2⤵
  PID:10040
- C:\Windows\System\BMrkBIO.exe
  C:\Windows\System\BMrkBIO.exe
  2⤵
  PID:10080
- C:\Windows\System\ybaicLw.exe
  C:\Windows\System\ybaicLw.exe
  2⤵
  PID:7836
- C:\Windows\System\KxJkkAH.exe
  C:\Windows\System\KxJkkAH.exe
  2⤵
  PID:9896
- C:\Windows\System\vLbPwSl.exe
  C:\Windows\System\vLbPwSl.exe
  2⤵
  PID:9292
- C:\Windows\System\xzMCHyF.exe
  C:\Windows\System\xzMCHyF.exe
  2⤵
  PID:6364
- C:\Windows\System\iwXlPaX.exe
  C:\Windows\System\iwXlPaX.exe
  2⤵
  PID:7220
- C:\Windows\System\xGigWMQ.exe
  C:\Windows\System\xGigWMQ.exe
  2⤵
  PID:7644
- C:\Windows\System\dUHcGrl.exe
  C:\Windows\System\dUHcGrl.exe
  2⤵
  PID:8220
- C:\Windows\System\oeCmgTd.exe
  C:\Windows\System\oeCmgTd.exe
  2⤵
  PID:7392
- C:\Windows\System\bZNldcH.exe
  C:\Windows\System\bZNldcH.exe
  2⤵
  PID:9964
- C:\Windows\System\sgnsCyS.exe
  C:\Windows\System\sgnsCyS.exe
  2⤵
  PID:9796
- C:\Windows\System\Fmfptdk.exe
  C:\Windows\System\Fmfptdk.exe
  2⤵
  PID:8332
- C:\Windows\System\vtkvyuy.exe
  C:\Windows\System\vtkvyuy.exe
  2⤵
  PID:10328
- C:\Windows\System\MoExlKC.exe
  C:\Windows\System\MoExlKC.exe
  2⤵
  PID:8360
- C:\Windows\System\NfZFklT.exe
  C:\Windows\System\NfZFklT.exe
  2⤵
  PID:9388
- C:\Windows\System\tjyYDci.exe
  C:\Windows\System\tjyYDci.exe
  2⤵
  PID:8440
- C:\Windows\System\rRnltfG.exe
  C:\Windows\System\rRnltfG.exe
  2⤵
  PID:15376
- C:\Windows\System\qmvUDEE.exe
  C:\Windows\System\qmvUDEE.exe
  2⤵
  PID:15404
- C:\Windows\System\IYoCXLF.exe
  C:\Windows\System\IYoCXLF.exe
  2⤵
  PID:15436
- C:\Windows\System\gMjTMjL.exe
  C:\Windows\System\gMjTMjL.exe
  2⤵
  PID:15460
- C:\Windows\System\CzUYtea.exe
  C:\Windows\System\CzUYtea.exe
  2⤵
  PID:15488
- C:\Windows\System\UtozPNf.exe
  C:\Windows\System\UtozPNf.exe
  2⤵
  PID:15516
- C:\Windows\System\DMSwfmy.exe
  C:\Windows\System\DMSwfmy.exe
  2⤵
  PID:15544
- C:\Windows\System\lOliwfJ.exe
  C:\Windows\System\lOliwfJ.exe
  2⤵
  PID:15572
- C:\Windows\System\GIskhAj.exe
  C:\Windows\System\GIskhAj.exe
  2⤵
  PID:15600
- C:\Windows\System\QpbKmuB.exe
  C:\Windows\System\QpbKmuB.exe
  2⤵
  PID:15628
- C:\Windows\System\DbvlJxV.exe
  C:\Windows\System\DbvlJxV.exe
  2⤵
  PID:15656
- C:\Windows\System\fTNYpxO.exe
  C:\Windows\System\fTNYpxO.exe
  2⤵
  PID:15684
- C:\Windows\System\pSzQgcJ.exe
  C:\Windows\System\pSzQgcJ.exe
  2⤵
  PID:15712
- C:\Windows\System\sNdWxlT.exe
  C:\Windows\System\sNdWxlT.exe
  2⤵
  PID:15740
- C:\Windows\System\QuIoHoi.exe
  C:\Windows\System\QuIoHoi.exe
  2⤵
  PID:15768
- C:\Windows\System\PWVNeyB.exe
  C:\Windows\System\PWVNeyB.exe
  2⤵
  PID:15796
- C:\Windows\System\fkxdJEn.exe
  C:\Windows\System\fkxdJEn.exe
  2⤵
  PID:15824
- C:\Windows\System\iVzxCjP.exe
  C:\Windows\System\iVzxCjP.exe
  2⤵
  PID:15852
- C:\Windows\System\ijEjetf.exe
  C:\Windows\System\ijEjetf.exe
  2⤵
  PID:15880
- C:\Windows\System\uWwzMvo.exe
  C:\Windows\System\uWwzMvo.exe
  2⤵
  PID:15908
- C:\Windows\System\cyiZsLB.exe
  C:\Windows\System\cyiZsLB.exe
  2⤵
  PID:15936
- C:\Windows\System\obzTTfc.exe
  C:\Windows\System\obzTTfc.exe
  2⤵
  PID:15964
- C:\Windows\System\TKqZJzR.exe
  C:\Windows\System\TKqZJzR.exe
  2⤵
  PID:15992
- C:\Windows\System\rOldHzm.exe
  C:\Windows\System\rOldHzm.exe
  2⤵
  PID:16020
- C:\Windows\System\MKibVFp.exe
  C:\Windows\System\MKibVFp.exe
  2⤵
  PID:16048
- C:\Windows\System\iuYLZwb.exe
  C:\Windows\System\iuYLZwb.exe
  2⤵
  PID:16076
- C:\Windows\System\tuzwKCs.exe
  C:\Windows\System\tuzwKCs.exe
  2⤵
  PID:16104
- C:\Windows\System\JLlbEMc.exe
  C:\Windows\System\JLlbEMc.exe
  2⤵
  PID:16132
- C:\Windows\System\qcECOyj.exe
  C:\Windows\System\qcECOyj.exe
  2⤵
  PID:16160
- C:\Windows\System\TCgBHPV.exe
  C:\Windows\System\TCgBHPV.exe
  2⤵
  PID:16188
- C:\Windows\System\gHHdiQE.exe
  C:\Windows\System\gHHdiQE.exe
  2⤵
  PID:16216
- C:\Windows\System\DKccNqV.exe
  C:\Windows\System\DKccNqV.exe
  2⤵
  PID:16244
- C:\Windows\System\DmxuTxV.exe
  C:\Windows\System\DmxuTxV.exe
  2⤵
  PID:16272
- C:\Windows\System\NynMlqm.exe
  C:\Windows\System\NynMlqm.exe
  2⤵
  PID:16300
- C:\Windows\System\NWmSMVP.exe
  C:\Windows\System\NWmSMVP.exe
  2⤵
  PID:16328
- C:\Windows\System\YNRxhTd.exe
  C:\Windows\System\YNRxhTd.exe
  2⤵
  PID:16356
- C:\Windows\System\UdhJmCt.exe
  C:\Windows\System\UdhJmCt.exe
  2⤵
  PID:10356
- C:\Windows\System\blFklqt.exe
  C:\Windows\System\blFklqt.exe
  2⤵
  PID:15400
- C:\Windows\System\UaSQZMa.exe
  C:\Windows\System\UaSQZMa.exe
  2⤵
  PID:10464
- C:\Windows\System\rMebvXU.exe
  C:\Windows\System\rMebvXU.exe
  2⤵
  PID:10568
- C:\Windows\System\IBYfynb.exe
  C:\Windows\System\IBYfynb.exe
  2⤵
  PID:8500
- C:\Windows\System\gPzdwva.exe
  C:\Windows\System\gPzdwva.exe
  2⤵
  PID:10596
- C:\Windows\System\JcKBolO.exe
  C:\Windows\System\JcKBolO.exe
  2⤵
  PID:8612
- C:\Windows\System\UBpraFT.exe
  C:\Windows\System\UBpraFT.exe
  2⤵
  PID:15536
- C:\Windows\System\Wdhjsmw.exe
  C:\Windows\System\Wdhjsmw.exe
  2⤵
  PID:8684
- C:\Windows\System\rFzNcVW.exe
  C:\Windows\System\rFzNcVW.exe
  2⤵
  PID:8696
- C:\Windows\System\pFKnYGt.exe
  C:\Windows\System\pFKnYGt.exe
  2⤵
  PID:8724
- C:\Windows\System\oRQPUlX.exe
  C:\Windows\System\oRQPUlX.exe
  2⤵
  PID:15668
- C:\Windows\System\CmVYbrE.exe
  C:\Windows\System\CmVYbrE.exe
  2⤵
  PID:15696
- C:\Windows\System\EuJCFSv.exe
  C:\Windows\System\EuJCFSv.exe
  2⤵
  PID:8808
- C:\Windows\System\meKqblg.exe
  C:\Windows\System\meKqblg.exe
  2⤵
  PID:15764
- C:\Windows\System\jqAQVPL.exe
  C:\Windows\System\jqAQVPL.exe
  2⤵
  PID:8880
- C:\Windows\System\sFafxVZ.exe
  C:\Windows\System\sFafxVZ.exe
  2⤵
  PID:10900
- C:\Windows\System\xmtsJdm.exe
  C:\Windows\System\xmtsJdm.exe
  2⤵
  PID:15892
- C:\Windows\System\XcutYIF.exe
  C:\Windows\System\XcutYIF.exe
  2⤵
  PID:15920
- C:\Windows\System\LsJMpnD.exe
  C:\Windows\System\LsJMpnD.exe
  2⤵
  PID:8948
- C:\Windows\System\IPKVpBQ.exe
  C:\Windows\System\IPKVpBQ.exe
  2⤵
  PID:15984
- C:\Windows\System\KNXZERw.exe
  C:\Windows\System\KNXZERw.exe
  2⤵
  PID:16012
- C:\Windows\System\GUQdeOB.exe
  C:\Windows\System\GUQdeOB.exe
  2⤵
  PID:11084
- C:\Windows\System\ILjEBTB.exe
  C:\Windows\System\ILjEBTB.exe
  2⤵
  PID:16072
- C:\Windows\System\lGPIMnX.exe
  C:\Windows\System\lGPIMnX.exe
  2⤵
  PID:16124
- C:\Windows\System\wmKnpxU.exe
  C:\Windows\System\wmKnpxU.exe
  2⤵
  PID:16172
- C:\Windows\System\rHcQTOg.exe
  C:\Windows\System\rHcQTOg.exe
  2⤵
  PID:11224
- C:\Windows\System\DpEcAFt.exe
  C:\Windows\System\DpEcAFt.exe
  2⤵
  PID:11252
- C:\Windows\System\cQJKKYG.exe
  C:\Windows\System\cQJKKYG.exe
  2⤵
  PID:16312
- C:\Windows\System\VWblrQX.exe
  C:\Windows\System\VWblrQX.exe
  2⤵
  PID:16368
- C:\Windows\System\vbuexLZ.exe
  C:\Windows\System\vbuexLZ.exe
  2⤵
  PID:15388
- C:\Windows\System\XebONrP.exe
  C:\Windows\System\XebONrP.exe
  2⤵
  PID:15424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArkzTdb.exe

Filesize
6.0MB

MD5
fb77ba3f449cd0949e1d3bc18edd41b3

SHA1
5dfea3278d42edfffb0ec69a7f018d5b4be293c3

SHA256
c5ce16e19cf70fd4b35e549f1812be137b0e481d3f39f7a3d7a1459bf2bebf96

SHA512
de33ff7df3a4f27e21fbaaa2458c27155cd0327f6ae762ebf347790d8ebd3191c2651407822bf82d6c4d39140ae663229e4ea52e2b0c3a68d5919a464ee402d9

Download Submit
C:\Windows\System\CLCMlNw.exe

Filesize
6.0MB

MD5
f6e9df2b96310039edd02fe3802ca159

SHA1
90bef0276d1c28337c7b45ed1586345401204a53

SHA256
c5a55e05877ec6ae0f13fde1c0aba53162c5c5751b4bd3c97e8b8e4e48a4cda8

SHA512
0934454b159f3add995ef38abe7b10dd732941af8540551707d87732c926698d7f0a9fe0f542cd3bbcc60573238439df815a6651b97ddb26f5014488054eb8ec

Download Submit
C:\Windows\System\DnFfBWx.exe

Filesize
6.0MB

MD5
9cf1e63e7b9beea50b6bb275ab3874d0

SHA1
71cfa8d5ba554499e07649003bc006a298b66cc3

SHA256
b0c2e813d194d22b5cfe0b138f6f292dbe5bf36d2fc53b48718e99e32341429b

SHA512
0b17ffe903fdcb98de8b5d721443ae2ebcfce1277be5e991d6fea0cb5ffa121c852d6d6eafb7923a8674bf2cc8380958bdca94787f067d36dc61c0d655181534

Download Submit
C:\Windows\System\EGsSLhC.exe

Filesize
6.0MB

MD5
c96a93473347f6a3ee6d725021167427

SHA1
275a31e7d32540ac295b83d2e3f27c01697f3009

SHA256
a58e1c09fc2209329de6970acf1cefe987a8832418c183fbc73366749af8d136

SHA512
af54039e5b395cdbb136612ba290890b1e152bde59b81b3c6265e606a1ee96c60c7ba8a68e46221acab84a6719cd501268495d3eff2727835c0ef87b01d5ffd0

Download Submit
C:\Windows\System\ERtbWIt.exe

Filesize
6.0MB

MD5
d619f0c7681057f222852d206522733c

SHA1
9481fdbcd7efd960a96605d47d6f0699dd4ae580

SHA256
6b6d8111e53eddb0c4b09c2e4e35098a58f41a6169a7f8d5851e924ede858ec3

SHA512
7901d91b653d57edc5feb996a76437edde06180946d8bf644a81e6c8c1fece37853aadedbcca16a1098fff17babae2b6e13e994abcdfc2269717184a42845722

Download Submit
C:\Windows\System\FQwaPAO.exe

Filesize
6.1MB

MD5
4b56d6dfb213435b7adbb07038f9e859

SHA1
86e073a300f708d9a9d5b9b58672b7633ec3056c

SHA256
f92739555e431fa818628ab6ed65a842f69a459d503b3beabdc7d733d707e7d2

SHA512
a76498b74bd2f04b742d858d149e5f44c89392f91fd7d951d21e299326ba9b64cb55d943ea784f6f217919c40b6688ae97889cbef4e9ae8fdb0b54110dc0dd8c

Download Submit
C:\Windows\System\FXoAxPd.exe

Filesize
6.0MB

MD5
92ea76aaa9705c2cf7029a5bca4e9a67

SHA1
288b5592495690c574a6b6df839a86e7194a5a71

SHA256
7f97bd09c46a8149238942d382e5d77a55e3e2f648436aad2939129b55308d86

SHA512
b9c6ef9afefa764b3d9903918b06b93271f36f15da905377ddb2ead8af65c16ced0e1ee69927203493c493f2f8c2de150eab621399f555145ddc585af168c27c

Download Submit
C:\Windows\System\GSDTLMy.exe

Filesize
6.0MB

MD5
6534fed1dc6025a18d82e006808ba5ab

SHA1
0b0ef3b7e020bb50dc06aa6eea9fb2b3a9282446

SHA256
6c7d3aa711e690e7f07d678ce0433742d4e9ef9d8b9eea647db9c4c8c629bdd3

SHA512
07360172e5c4ea0e81852c4cef96b6e14930d98be4f393f0ea2c5337f287d120eae4713926a15f1b3a88da4b3566d393777013184d1bc5e7ec81bf2a42d5f097

Download Submit
C:\Windows\System\HHRBpAO.exe

Filesize
6.0MB

MD5
ec487cf26f7d66f523726946219fbec8

SHA1
5b349e2865f44253e31b9a3a438aa57d72cac26c

SHA256
45c05d0f75716f03bd0180f46242851bb11165b3f7fbff3017aedcfbb2c24c2d

SHA512
f69607c46377abf32f0383c1c2cab067d0b3295d2970026d675a35b03f3f8367dcff564234d9e5d918f3b3150aa2c353cad11dc8ed7b2d4febb494fb71e51d0f

Download Submit
C:\Windows\System\HLdXlix.exe

Filesize
6.0MB

MD5
489b4c21dfc0eb3a0a20224ea93adb10

SHA1
f0b1893013dd4c0804d66bcdd420083d87195912

SHA256
22852bc6dde19c40779840b491ba96682cef62d55275f2346a9cc198ab369c78

SHA512
de70224ed8ca97db2bd9e37cb4264da44531d492a30438adff7c6737750c40468adc996304745e56a73b431106edccfcc6682e313870df0adc2d49d8a80d893d

Download Submit
C:\Windows\System\HXntSiS.exe

Filesize
6.0MB

MD5
36604f5d00f4dabde040ade7f4c8bd4a

SHA1
a364cbf15cb49507c5facf93ba4d201e01c36447

SHA256
a57e5bd14031dc979eafbe4efa30bc68d1b27fe6c161329698d9d2415e642cbf

SHA512
d381071300ede1b15c73d96ee5d1f0258ef2c5f7cf0cbf0e34f33728733f862666b3ab666b8bff4356a71322872a53306268dfdf2ae5e49887f53b8992665d4f

Download Submit
C:\Windows\System\IGGwBrP.exe

Filesize
6.0MB

MD5
e38e26406ef19ebd9e024ea9536350fb

SHA1
65a53334384b6f60410c9464753d25ec05ac5b59

SHA256
01ae7444d45b8a934d9b97ad01ea83cdc98e6580e42e95a0cce6c107f3aa8235

SHA512
7f7f27e60848ddceb5b030e218a15f3c067572af9aea35e3ed8345beea335e5a26ed6b8c4b06ee79145289531f14f88fa38ae0b2f4ecf7043a60354c27ea6d9b

Download Submit
C:\Windows\System\NPVcYPA.exe

Filesize
6.0MB

MD5
fe89bdabe2f5772034e0f3a6d7e45c94

SHA1
2bf31fa093960f1a692a119563b4a042d849a1a7

SHA256
8803d313157f227e5cb32b48847652b37893bad9f427eb91078f3a5717608fdc

SHA512
bd2121b69dea0ba9152f7b8c5a3275e0418b92b585e7ed3b9cad47bf1e43ac3c0d1e48a5b49d6eb774633894e787b258d78602b8d878fa1167e95e1145d5ed70

Download Submit
C:\Windows\System\RONRJAW.exe

Filesize
6.1MB

MD5
964cd657af59ec87dd0ce4983739ddad

SHA1
07a69258740a77e49530cdc48e0947dbd42567e0

SHA256
a4daaa85e2887bb3109ea1f11e5a6b4186c9f436b287ba769f41968f5585f135

SHA512
b7cfc345ad1dabd16bd65bf770a3c9c07b01d5ebf602c5b83b5729589c8e542143d0829e4aa1b4d9750854d573ce79dcaca9abd5cecca3d811caf1a730fc7b75

Download Submit
C:\Windows\System\Refzkry.exe

Filesize
6.0MB

MD5
7fa72e21eec031f0d8a8a5c9903e218b

SHA1
f5a5250fbb16144f7f8a61fa90451ca0aad4c60f

SHA256
954d298f39766dda9a90c177caad6445037198efa685bccd5c1b7cc6e125f556

SHA512
35c336e8d554395a05665f09e2cfc2c23b5294a8bc6a5a1dbb990ce1d2b43c91dd34556887b6bc21dcd72efc5845aba00faf41dc0a25bd1221beeb101f85cbde

Download Submit
C:\Windows\System\SIZEmfe.exe

Filesize
6.0MB

MD5
37eae27f523efad4c5886a73946fa909

SHA1
0e9ed3524d40cff60d40b3c949533401f7f00ce7

SHA256
612a04c0a9ee714487fa66d36276e297f2b8c1fd09856f0d7250ed6bdc08f312

SHA512
613ef01a0528cab00990956fbec53603697646da692957eb44a0c753b34be42d90bcf1724539b19581683b4438743df75ea7490cd7c38e68d429e3a2c8036758

Download Submit
C:\Windows\System\TcZumHT.exe

Filesize
6.0MB

MD5
cab34da140bf0bca4c84f013ebdea369

SHA1
ab861ca8f2a6a53f803963342bed73bcc7f70592

SHA256
4d4b931c4aae753afde5b04ca7b92fb760a03e863aec989db7c1d30f51a5f745

SHA512
a52608a0844fe9fcf8f562602a3e07ae90b9e58748829335255cb274ab289f8200bcb502363c0342e4f511e0e848a4eebb1c9a76e515944d61ac141023c643df

Download Submit
C:\Windows\System\TvTwbZy.exe

Filesize
6.1MB

MD5
832e7c50fa64d47fd89d8277f0afff7e

SHA1
dfc678b8fb866445b4cbe5fef6bc385abd6cafac

SHA256
ee5e6f55c2f3d758cdf01b5621199d8efa47eab6ae96f8f22455bad66b28e251

SHA512
3c7ef23893678daef0996eccc9fe2a19f6ebaec5716310af40f19a9aaeda9da2a41c1e79d349b4a49f092bb58fe6d4e84cc17e00841790542e5ef362c5c4347b

Download Submit
C:\Windows\System\UjrEMca.exe

Filesize
6.1MB

MD5
cf15f2202649fe5ba5e0520aac997aad

SHA1
c4d585ba28536cd1438d6fe1555034e2f545ecb9

SHA256
2839f26b63d74c1d9c71619665059b8f513317a8dfd5b0f9f39822440730427d

SHA512
91e4a70626b8e2902a6cb7ce266234e0701bcddd3c4fa37379abee226dc2c2456484784407ec5136411103471f3d2dfe8e297fce18badef6037ced8bb8452749

Download Submit
C:\Windows\System\VGSNzVv.exe

Filesize
6.0MB

MD5
7ef1435e26a07a6b0ef1b7ab027d0700

SHA1
c842083584e0537805177e73ee76ddc029a8e01b

SHA256
6c867c97ac248b6f417a26309bb6da8aa012ef17a2e1247627010b89f61f195e

SHA512
0eb58a937a1262c4d597bb6171e18e2457c9111abbc26462cac2ce7378412a58e14f33a7bf65585ed331e3691a1de1b49c831e51d191e74e8c4131b67ab25305

Download Submit
C:\Windows\System\WQtiQfI.exe

Filesize
6.0MB

MD5
4526761b46aa0a2428b3d00c634f40c7

SHA1
24f9db468a428a514ce9c323e39dcfe7049ef78e

SHA256
2c7265ea286651def66bb3e1966b9ca1a4a640bad2f15059de517ef3d8e040e5

SHA512
9f62cd9ea5e82fb8008f33695c09c987ef0f1941ff55fd34e5b108d32b8828c75443d0a2df50efd3657b21589f26c8ed860cdf974985ca59cc8606e3fe4e6300

Download Submit
C:\Windows\System\WiEKiOi.exe

Filesize
6.0MB

MD5
d85db931a090c863bf6eac1593592d15

SHA1
6ba9e29e193421169c8bd8ec41651b81745bd954

SHA256
9ee532c318aa6c182fe87bf6af6f9e53329c7997832832baab1f13664f57d472

SHA512
0735164c0f48509636e38a60e8fc0f616f69e17d2c9e9b9d04f42b5694f922a5f8181340781be2aa1beb5916d48807826f1fce172b770c5a61e7c44471b9c779

Download Submit
C:\Windows\System\ZFHFhLC.exe

Filesize
6.0MB

MD5
b065858bfa0d3c4a60f9ab7ec45fae8b

SHA1
ca2f97be6387d96e13cebb9f4c8434d490b9a2b5

SHA256
30afc814f970a01a04080df97f3deeafea1b4b864cb2fa6514125466da015205

SHA512
b9465eb556c2f021fff0a6c192c6af70675e7414153977c6601ef37c0e1430edd5b2ec743eee4581a8f75c553257ccdf1f2b9938a9f5bdb8f17c00f09f8fc593

Download Submit
C:\Windows\System\bkZIpSz.exe

Filesize
6.0MB

MD5
db894bcdb83c585c345e0775eec1f638

SHA1
485ddbdd670a96d176befa4cd3005ec11f7cb2f1

SHA256
dd0901acd16657c9cecae0ad5e0fa2c3aae6356ab504123ff1545fdd24510c06

SHA512
3537bbbec449081728dd38ef8e8b3348d0b826e0a6b51bd726f0ac8191bdf4f3bd044bf4b8dd596585849a2da122c499ae718016490ba7ab5d080f59b7929c7c

Download Submit
C:\Windows\System\eBNKZlz.exe

Filesize
6.1MB

MD5
8865b18978c74c245cbaf0cc2b036791

SHA1
18aa5b604b18ba730c0fa7fc689ffd123845b6b2

SHA256
784c3069baa66c2ecf1daaedb3dd6e3fb3e5a777859ee3837b4480c6c96407a0

SHA512
fcf47547765627df43367337ddf5014599ca5de1cd32767a1a8c75c4c7e0560d59c74afbf26719c54264c5b6d01c96bbaa8f21bd31aca0af2b73803c9327c117

Download Submit
C:\Windows\System\eocjTNu.exe

Filesize
6.0MB

MD5
07bd29a01bfbcddcfb63d370d378ebc9

SHA1
abf91ca56f21a2cec363eb77eef1a108fed35f40

SHA256
fa7684d3d9c8e98cfc017714821792f4dd007f72ab7ae2dea4542276f3747b8a

SHA512
6d662af73426196747763fece21ac14d575ff6baa2c6c09d5a2f711f48f947288719b0d80723cd1f2013a7bbea9f39cb9778747a03561f38dc7df7161b8a8d79

Download Submit
C:\Windows\System\gUIFZRI.exe

Filesize
6.0MB

MD5
c88b67dd3cfe98bf8fa85185b44c15b8

SHA1
349c444f0ebe1d0225c77777b317edd19a35507b

SHA256
66f08392742c0d06ff3a5cb4f96e1357a1fe9e2d6db6b5c4102e1262d05f9e13

SHA512
fbb51f33ef1f910f93e278c0985420595025356ae8f70a433250ea60f2d331106d8286159c0e8df612f2dc90ea2fe0af073243ab821012eed4ec83728c18f83e

Download Submit
C:\Windows\System\pMqkfDs.exe

Filesize
6.1MB

MD5
0165dda4c59f16187d085628d4221fb7

SHA1
cb7b78fab11552e54a6462c8a221296a6b3441bf

SHA256
12c069ed11d7e98d7ac9205903519bf7ce446360d25fac2fd747933f301a52cd

SHA512
fafe98cfed9d67c33eabfbed9b0140de8264ff10e02c5fb6b5e6e175f1da0016a1847c6db832d2a6190bdd4690c762008cd6ee5c6542fe30c790462765b2aad9

Download Submit
C:\Windows\System\qlXdFue.exe

Filesize
6.0MB

MD5
87a804d3ffbd5d5d9540da473bcfc477

SHA1
7b07bcd44b19af2fc093a86c7f8ebd8298ee0f1a

SHA256
2025d0515cdc09722febab775c1c44db9c1155698b126ac92e7d888707a7983b

SHA512
8417b6c12d2895b83c7fed8b8fbf0aa35f72dd90240f5ae9836555dc68acd951ed679b97274bf50869dc728b535b864ed63bce1dedeeb9c85adab959fcf3cfc7

Download Submit
C:\Windows\System\rVtVSZW.exe

Filesize
6.0MB

MD5
7abc8da1b0fca79a09fea320467d1030

SHA1
ef2547d32506f02c3cefa5abec34a711dbe0999e

SHA256
dcafae30ccd6c17d5d787787c585a37d98ce1a0502a1533d5243be546cd0ea90

SHA512
cf5eb4f83f736d0d253a592216fae6d607e1548e943df1d8e2526a2a3d15582b69ae78ac6a91e8d56b132a16741781d3218bcc4202f8ee18ee04e73b8c451c85

Download Submit
C:\Windows\System\vxViIQV.exe

Filesize
6.0MB

MD5
5bc7539d3151ab4b465ae756876f0c26

SHA1
40690fe0de54156efb07b280d23d9f247655b52b

SHA256
bab3c744a1fa58ce702197a75a36c14915b12bfa67c9246d5c9c0587aba5bcb6

SHA512
a296747cae6402e84f9eae56f3d93360d718399af3d29cd8423be40426730960297382466e6ce25264e19f6b4aae8813c8f1fdf5a778a04b3b02a9cba77e6790

Download Submit
C:\Windows\System\zYiDVLy.exe

Filesize
6.0MB

MD5
49eb75e850eeb34b44b45b9b010bb97d

SHA1
aaad9bcb6904851bf4b6f5337c5c20bd9fc74973

SHA256
bbb676edda6fc7c39d5109d4b4f2e31bbcf9893882937d037d44d612802d678e

SHA512
2792ac1416d7f3eb77ecd6c145092f4112acd319b016b6ac2fa0136ce062a2977a8d412a9c2f1a59305b6a4c04e53e7705b39b396b37f4071b3db147027141a4

Download Submit
memory/116-1974-0x00007FF6B4B90000-0x00007FF6B4EE4000-memory.dmp

Filesize
3.3MB

Download
memory/116-976-0x00007FF6B4B90000-0x00007FF6B4EE4000-memory.dmp

Filesize
3.3MB

Download
memory/228-1346-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/228-51-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/228-1955-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/820-24-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/820-1878-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/820-1125-0x00007FF75CDA0000-0x00007FF75D0F4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-1960-0x00007FF6F41B0000-0x00007FF6F4504000-memory.dmp

Filesize
3.3MB

Download
memory/1108-59-0x00007FF6F41B0000-0x00007FF6F4504000-memory.dmp

Filesize
3.3MB

Download
memory/1108-1404-0x00007FF6F41B0000-0x00007FF6F4504000-memory.dmp

Filesize
3.3MB

Download
memory/1316-1970-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-1010-0x00007FF78B450000-0x00007FF78B7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-1005-0x00007FF74A740000-0x00007FF74AA94000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2007-0x00007FF74A740000-0x00007FF74AA94000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1984-0x00007FF6E2980000-0x00007FF6E2CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-982-0x00007FF6E2980000-0x00007FF6E2CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-985-0x00007FF6460D0000-0x00007FF646424000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1994-0x00007FF6460D0000-0x00007FF646424000-memory.dmp

Filesize
3.3MB

Download
memory/2144-19-0x00007FF7D0910000-0x00007FF7D0C64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1843-0x00007FF7D0910000-0x00007FF7D0C64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1071-0x00007FF7D0910000-0x00007FF7D0C64000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1723-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp

Filesize
3.3MB

Download
memory/2180-63-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp

Filesize
3.3MB

Download
memory/2180-9-0x00007FF6CCB10000-0x00007FF6CCE64000-memory.dmp

Filesize
3.3MB

Download
memory/2484-991-0x00007FF71AAF0000-0x00007FF71AE44000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1995-0x00007FF71AAF0000-0x00007FF71AE44000-memory.dmp

Filesize
3.3MB

Download
memory/2576-986-0x00007FF6F1F70000-0x00007FF6F22C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1992-0x00007FF6F1F70000-0x00007FF6F22C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-987-0x00007FF62FA10000-0x00007FF62FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1993-0x00007FF62FA10000-0x00007FF62FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1980-0x00007FF7C77F0000-0x00007FF7C7B44000-memory.dmp

Filesize
3.3MB

Download
memory/2924-978-0x00007FF7C77F0000-0x00007FF7C7B44000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1988-0x00007FF70FF20000-0x00007FF710274000-memory.dmp

Filesize
3.3MB

Download
memory/2940-980-0x00007FF70FF20000-0x00007FF710274000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1181-0x00007FF703290000-0x00007FF7035E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-31-0x00007FF703290000-0x00007FF7035E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1916-0x00007FF703290000-0x00007FF7035E4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-1999-0x00007FF618900000-0x00007FF618C54000-memory.dmp

Filesize
3.3MB

Download
memory/3076-997-0x00007FF618900000-0x00007FF618C54000-memory.dmp

Filesize
3.3MB

Download
memory/3416-1407-0x00007FF685BC0000-0x00007FF685F14000-memory.dmp

Filesize
3.3MB

Download
memory/3416-1969-0x00007FF685BC0000-0x00007FF685F14000-memory.dmp

Filesize
3.3MB

Download
memory/3416-972-0x00007FF685BC0000-0x00007FF685F14000-memory.dmp

Filesize
3.3MB

Download
memory/3584-981-0x00007FF7F5800000-0x00007FF7F5B54000-memory.dmp

Filesize
3.3MB

Download
memory/3584-1982-0x00007FF7F5800000-0x00007FF7F5B54000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2011-0x00007FF696190000-0x00007FF6964E4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-1006-0x00007FF696190000-0x00007FF6964E4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1987-0x00007FF7617E0000-0x00007FF761B34000-memory.dmp

Filesize
3.3MB

Download
memory/3936-979-0x00007FF7617E0000-0x00007FF761B34000-memory.dmp

Filesize
3.3MB

Download
memory/4104-1000-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2000-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp

Filesize
3.3MB

Download
memory/4160-14-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1729-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1009-0x00007FF6DB930000-0x00007FF6DBC84000-memory.dmp

Filesize
3.3MB

Download
memory/4824-1-0x000001A5F56D0000-0x000001A5F56E0000-memory.dmp

Filesize
64KB

Download
memory/4824-57-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-0-0x00007FF65AB50000-0x00007FF65AEA4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1299-0x00007FF6F8940000-0x00007FF6F8C94000-memory.dmp

Filesize
3.3MB

Download
memory/5088-46-0x00007FF6F8940000-0x00007FF6F8C94000-memory.dmp

Filesize
3.3MB

Download
memory/5088-1944-0x00007FF6F8940000-0x00007FF6F8C94000-memory.dmp

Filesize
3.3MB

Download
memory/5556-1978-0x00007FF7A4C40000-0x00007FF7A4F94000-memory.dmp

Filesize
3.3MB

Download
memory/5556-977-0x00007FF7A4C40000-0x00007FF7A4F94000-memory.dmp

Filesize
3.3MB

Download
memory/5728-1997-0x00007FF7F20C0000-0x00007FF7F2414000-memory.dmp

Filesize
3.3MB

Download
memory/5728-1001-0x00007FF7F20C0000-0x00007FF7F2414000-memory.dmp

Filesize
3.3MB

Download
memory/5856-36-0x00007FF7BFC50000-0x00007FF7BFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/5856-1241-0x00007FF7BFC50000-0x00007FF7BFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/5856-1945-0x00007FF7BFC50000-0x00007FF7BFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/6024-2005-0x00007FF7F69E0000-0x00007FF7F6D34000-memory.dmp

Filesize
3.3MB

Download
memory/6024-1002-0x00007FF7F69E0000-0x00007FF7F6D34000-memory.dmp

Filesize
3.3MB

Download
memory/6096-1990-0x00007FF79B190000-0x00007FF79B4E4000-memory.dmp

Filesize
3.3MB

Download
memory/6096-995-0x00007FF79B190000-0x00007FF79B4E4000-memory.dmp

Filesize
3.3MB

Download