cobaltstrike | 78e343dbc2a61da3355b5417d83e6c2e91f1619fc88a1cb069b5a7cab13ce642

Analysis

max time kernel
124s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
Size

5.9MB
MD5

49bcdd0ccd416106b2c1713b4f23e907
SHA1

29dbcee42312246d5aabccc091976659a297234e
SHA256

78e343dbc2a61da3355b5417d83e6c2e91f1619fc88a1cb069b5a7cab13ce642
SHA512

8a13febd375bee261e1067e5a660907d75e403f14272c087b1783a428daadc1b7027abef5b2bdc59767d784131585dddaba7934fffb973d6964c18e58b019cc7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig backdoor miner persistence privilege_escalation trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4632-0-0x00007FF60E400000-0x00007FF60E754000-memory.dmp	xmrig
behavioral2/files/0x000c000000023f61-5.dat	xmrig
behavioral2/memory/1528-8-0x00007FF778060000-0x00007FF7783B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002406d-11.dat	xmrig
behavioral2/files/0x000700000002406e-14.dat	xmrig
behavioral2/memory/2684-19-0x00007FF730390000-0x00007FF7306E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024070-29.dat	xmrig
behavioral2/memory/3524-30-0x00007FF740340000-0x00007FF740694000-memory.dmp	xmrig
behavioral2/files/0x000700000002406f-25.dat	xmrig
behavioral2/memory/4772-24-0x00007FF783660000-0x00007FF7839B4000-memory.dmp	xmrig
behavioral2/memory/4652-16-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp	xmrig
behavioral2/files/0x0007000000024071-36.dat	xmrig
behavioral2/memory/4988-38-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp	xmrig
behavioral2/files/0x000800000002406a-42.dat	xmrig
behavioral2/files/0x0007000000024072-47.dat	xmrig
behavioral2/memory/928-44-0x00007FF756640000-0x00007FF756994000-memory.dmp	xmrig
behavioral2/files/0x0007000000024073-53.dat	xmrig
behavioral2/memory/4724-60-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024074-64.dat	xmrig
behavioral2/memory/1152-63-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp	xmrig
behavioral2/memory/4652-62-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp	xmrig
behavioral2/memory/1528-61-0x00007FF778060000-0x00007FF7783B4000-memory.dmp	xmrig
behavioral2/memory/4632-54-0x00007FF60E400000-0x00007FF60E754000-memory.dmp	xmrig
behavioral2/memory/60-48-0x00007FF6812E0000-0x00007FF681634000-memory.dmp	xmrig
behavioral2/files/0x0007000000024075-68.dat	xmrig
behavioral2/memory/2684-71-0x00007FF730390000-0x00007FF7306E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024078-81.dat	xmrig
behavioral2/memory/2988-80-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024079-89.dat	xmrig
behavioral2/memory/4836-90-0x00007FF629410000-0x00007FF629764000-memory.dmp	xmrig
behavioral2/memory/4964-88-0x00007FF7D80C0000-0x00007FF7D8414000-memory.dmp	xmrig
behavioral2/memory/3524-87-0x00007FF740340000-0x00007FF740694000-memory.dmp	xmrig
behavioral2/files/0x0007000000024077-79.dat	xmrig
behavioral2/memory/4772-76-0x00007FF783660000-0x00007FF7839B4000-memory.dmp	xmrig
behavioral2/memory/3724-75-0x00007FF7BE9F0000-0x00007FF7BED44000-memory.dmp	xmrig
behavioral2/memory/4988-93-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp	xmrig
behavioral2/files/0x000700000002407a-96.dat	xmrig
behavioral2/files/0x000700000001e6ce-103.dat	xmrig
behavioral2/memory/928-97-0x00007FF756640000-0x00007FF756994000-memory.dmp	xmrig
behavioral2/files/0x000700000002407b-110.dat	xmrig
behavioral2/memory/60-108-0x00007FF6812E0000-0x00007FF681634000-memory.dmp	xmrig
behavioral2/memory/3888-105-0x00007FF7EB870000-0x00007FF7EBBC4000-memory.dmp	xmrig
behavioral2/memory/4724-112-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023ede-117.dat	xmrig
behavioral2/memory/1152-118-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp	xmrig
behavioral2/memory/5116-114-0x00007FF68A9D0000-0x00007FF68AD24000-memory.dmp	xmrig
behavioral2/memory/2652-113-0x00007FF6A73C0000-0x00007FF6A7714000-memory.dmp	xmrig
behavioral2/memory/5004-121-0x00007FF79C6E0000-0x00007FF79CA34000-memory.dmp	xmrig
behavioral2/files/0x000500000001da7a-124.dat	xmrig
behavioral2/memory/3156-125-0x00007FF6D9DB0000-0x00007FF6DA104000-memory.dmp	xmrig
behavioral2/files/0x000500000001daac-130.dat	xmrig
behavioral2/files/0x000800000001da70-135.dat	xmrig
behavioral2/memory/5112-138-0x00007FF7A71B0000-0x00007FF7A7504000-memory.dmp	xmrig
behavioral2/files/0x000600000001da9b-144.dat	xmrig
behavioral2/memory/3824-146-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	xmrig
behavioral2/memory/2988-137-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp	xmrig
behavioral2/memory/5016-131-0x00007FF60E9F0000-0x00007FF60ED44000-memory.dmp	xmrig
behavioral2/memory/4836-147-0x00007FF629410000-0x00007FF629764000-memory.dmp	xmrig
behavioral2/files/0x000900000001e124-150.dat	xmrig
behavioral2/memory/4992-151-0x00007FF6A7060000-0x00007FF6A73B4000-memory.dmp	xmrig
behavioral2/files/0x0006000000016916-156.dat	xmrig
behavioral2/memory/3400-157-0x00007FF79B890000-0x00007FF79BBE4000-memory.dmp	xmrig
behavioral2/files/0x000800000001e125-162.dat	xmrig
behavioral2/files/0x000500000001e34f-173.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1528	dhiVQJm.exe
4652	yOnRshe.exe
2684	njGvWXX.exe
4772	BkhVFPU.exe
3524	dRpUUIx.exe
4988	MnIqKFb.exe
928	BSgrHaM.exe
60	YEBarFX.exe
4724	mkjqJZG.exe
1152	FURHXSH.exe
3724	bHrXYeY.exe
2988	yewCPtK.exe
4964	nbMjEnG.exe
4836	lidqAKF.exe
3888	kHHQyac.exe
2652	BALJRrj.exe
5116	YHpNqKP.exe
5004	UzXywFp.exe
3156	rhPPeuh.exe
5016	HupSZkU.exe
5112	lckSyJC.exe
3824	yWXZblY.exe
4992	iduxtxj.exe
3400	uQdsTRr.exe
1696	OWUMOqd.exe
5108	RfOfMnI.exe
3092	hJqPfwT.exe
1224	rCBpJnd.exe
3456	hNaEeix.exe
600	EjvjTEt.exe
2840	hZjWmEm.exe
2772	JMbLASI.exe
892	bUxqIPX.exe
3144	JXmPvCZ.exe
2976	ViyZYnN.exe
392	LpyvUlW.exe
1440	gzfdORj.exe
3412	aqerPQz.exe
2752	NeeZdTU.exe
5052	dfqxbcC.exe
676	MiOhEHX.exe
4600	IgnchYf.exe
900	bJSJsLP.exe
4320	DeVkfiI.exe
3664	VYIiDKr.exe
1480	XdtuTmY.exe
4732	mElxOLe.exe
428	EjSNckB.exe
828	WBgdWMP.exe
456	wHsdwyJ.exe
2004	nEernCm.exe
32	xXOkRXR.exe
1108	XnsKqbJ.exe
4908	XzIAgTv.exe
1652	qvzcoDm.exe
4344	TSlwAHX.exe
2500	zjYuDHb.exe
1328	HnFBuNc.exe
212	sXPPstv.exe
4388	OxHyRAr.exe
3328	MFFHDUU.exe
2512	VXPguJL.exe
536	iGxeqci.exe
3332	JozqAYL.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4632-0-0x00007FF60E400000-0x00007FF60E754000-memory.dmp	upx
behavioral2/files/0x000c000000023f61-5.dat	upx
behavioral2/memory/1528-8-0x00007FF778060000-0x00007FF7783B4000-memory.dmp	upx
behavioral2/files/0x000700000002406d-11.dat	upx
behavioral2/files/0x000700000002406e-14.dat	upx
behavioral2/memory/2684-19-0x00007FF730390000-0x00007FF7306E4000-memory.dmp	upx
behavioral2/files/0x0007000000024070-29.dat	upx
behavioral2/memory/3524-30-0x00007FF740340000-0x00007FF740694000-memory.dmp	upx
behavioral2/files/0x000700000002406f-25.dat	upx
behavioral2/memory/4772-24-0x00007FF783660000-0x00007FF7839B4000-memory.dmp	upx
behavioral2/memory/4652-16-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp	upx
behavioral2/files/0x0007000000024071-36.dat	upx
behavioral2/memory/4988-38-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp	upx
behavioral2/files/0x000800000002406a-42.dat	upx
behavioral2/files/0x0007000000024072-47.dat	upx
behavioral2/memory/928-44-0x00007FF756640000-0x00007FF756994000-memory.dmp	upx
behavioral2/files/0x0007000000024073-53.dat	upx
behavioral2/memory/4724-60-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp	upx
behavioral2/files/0x0007000000024074-64.dat	upx
behavioral2/memory/1152-63-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp	upx
behavioral2/memory/4652-62-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp	upx
behavioral2/memory/1528-61-0x00007FF778060000-0x00007FF7783B4000-memory.dmp	upx
behavioral2/memory/4632-54-0x00007FF60E400000-0x00007FF60E754000-memory.dmp	upx
behavioral2/memory/60-48-0x00007FF6812E0000-0x00007FF681634000-memory.dmp	upx
behavioral2/files/0x0007000000024075-68.dat	upx
behavioral2/memory/2684-71-0x00007FF730390000-0x00007FF7306E4000-memory.dmp	upx
behavioral2/files/0x0007000000024078-81.dat	upx
behavioral2/memory/2988-80-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp	upx
behavioral2/files/0x0007000000024079-89.dat	upx
behavioral2/memory/4836-90-0x00007FF629410000-0x00007FF629764000-memory.dmp	upx
behavioral2/memory/4964-88-0x00007FF7D80C0000-0x00007FF7D8414000-memory.dmp	upx
behavioral2/memory/3524-87-0x00007FF740340000-0x00007FF740694000-memory.dmp	upx
behavioral2/files/0x0007000000024077-79.dat	upx
behavioral2/memory/4772-76-0x00007FF783660000-0x00007FF7839B4000-memory.dmp	upx
behavioral2/memory/3724-75-0x00007FF7BE9F0000-0x00007FF7BED44000-memory.dmp	upx
behavioral2/memory/4988-93-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp	upx
behavioral2/files/0x000700000002407a-96.dat	upx
behavioral2/files/0x000700000001e6ce-103.dat	upx
behavioral2/memory/928-97-0x00007FF756640000-0x00007FF756994000-memory.dmp	upx
behavioral2/files/0x000700000002407b-110.dat	upx
behavioral2/memory/60-108-0x00007FF6812E0000-0x00007FF681634000-memory.dmp	upx
behavioral2/memory/3888-105-0x00007FF7EB870000-0x00007FF7EBBC4000-memory.dmp	upx
behavioral2/memory/4724-112-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp	upx
behavioral2/files/0x000b000000023ede-117.dat	upx
behavioral2/memory/1152-118-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp	upx
behavioral2/memory/5116-114-0x00007FF68A9D0000-0x00007FF68AD24000-memory.dmp	upx
behavioral2/memory/2652-113-0x00007FF6A73C0000-0x00007FF6A7714000-memory.dmp	upx
behavioral2/memory/5004-121-0x00007FF79C6E0000-0x00007FF79CA34000-memory.dmp	upx
behavioral2/files/0x000500000001da7a-124.dat	upx
behavioral2/memory/3156-125-0x00007FF6D9DB0000-0x00007FF6DA104000-memory.dmp	upx
behavioral2/files/0x000500000001daac-130.dat	upx
behavioral2/files/0x000800000001da70-135.dat	upx
behavioral2/memory/5112-138-0x00007FF7A71B0000-0x00007FF7A7504000-memory.dmp	upx
behavioral2/files/0x000600000001da9b-144.dat	upx
behavioral2/memory/3824-146-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp	upx
behavioral2/memory/2988-137-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp	upx
behavioral2/memory/5016-131-0x00007FF60E9F0000-0x00007FF60ED44000-memory.dmp	upx
behavioral2/memory/4836-147-0x00007FF629410000-0x00007FF629764000-memory.dmp	upx
behavioral2/files/0x000900000001e124-150.dat	upx
behavioral2/memory/4992-151-0x00007FF6A7060000-0x00007FF6A73B4000-memory.dmp	upx
behavioral2/files/0x0006000000016916-156.dat	upx
behavioral2/memory/3400-157-0x00007FF79B890000-0x00007FF79BBE4000-memory.dmp	upx
behavioral2/files/0x000800000001e125-162.dat	upx
behavioral2/files/0x000500000001e34f-173.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qLHzALY.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZDbbVaE.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rfMVGMW.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vVLpSlb.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tazanze.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tqJjijC.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rCBpJnd.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wHsdwyJ.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bXRAngV.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BwpIwxY.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xpybayD.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FxFcnxX.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oAFTxyb.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oJrBDoD.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qvzcoDm.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LfvruwL.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lLLaEDr.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gQKJojF.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nMBtQNr.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IqYTLnR.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bHrXYeY.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aoRstPQ.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zkNbdAb.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WldOslv.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NjWbySH.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Sjagqho.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rKnKWvm.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HnSeAjN.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iQZkiUN.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vxYkzIH.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WjVnwxO.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CuVPCWs.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cARHGbr.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yQONfao.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CrxTuwC.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IfoxEdH.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sXPPstv.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kFfFczP.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DuGtmRT.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LKymYMy.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iCZsfxP.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FEJtQpB.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EjvjTEt.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kqeCwmT.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dopdDFP.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lsETUfI.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IdKYERX.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AHJGufW.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BLvLEZh.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\igrWWbA.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gsuVCsQ.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XaykIrT.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mNbETrR.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rwPnrAa.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FOZIfqH.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WijSKnv.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mYoJzAX.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OdkoIcE.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XbkcDFF.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aUgbSbe.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fJZJpYa.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sqekvlJ.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jsEFXTB.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UzXywFp.exe	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 1528	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	90
PID 4632 wrote to memory of 1528	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	90
PID 4632 wrote to memory of 4652	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	91
PID 4632 wrote to memory of 4652	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	91
PID 4632 wrote to memory of 2684	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	92
PID 4632 wrote to memory of 2684	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	92
PID 4632 wrote to memory of 4772	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	93
PID 4632 wrote to memory of 4772	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	93
PID 4632 wrote to memory of 3524	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	94
PID 4632 wrote to memory of 3524	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	94
PID 4632 wrote to memory of 4988	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	95
PID 4632 wrote to memory of 4988	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	95
PID 4632 wrote to memory of 928	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	98
PID 4632 wrote to memory of 928	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	98
PID 4632 wrote to memory of 60	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	100
PID 4632 wrote to memory of 60	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	100
PID 4632 wrote to memory of 4724	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	101
PID 4632 wrote to memory of 4724	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	101
PID 4632 wrote to memory of 1152	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	102
PID 4632 wrote to memory of 1152	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	102
PID 4632 wrote to memory of 3724	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	103
PID 4632 wrote to memory of 3724	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	103
PID 4632 wrote to memory of 2988	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	104
PID 4632 wrote to memory of 2988	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	104
PID 4632 wrote to memory of 4964	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	105
PID 4632 wrote to memory of 4964	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	105
PID 4632 wrote to memory of 4836	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	106
PID 4632 wrote to memory of 4836	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	106
PID 4632 wrote to memory of 3888	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	107
PID 4632 wrote to memory of 3888	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	107
PID 4632 wrote to memory of 2652	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	108
PID 4632 wrote to memory of 2652	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	108
PID 4632 wrote to memory of 5116	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	109
PID 4632 wrote to memory of 5116	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	109
PID 4632 wrote to memory of 5004	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	110
PID 4632 wrote to memory of 5004	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	110
PID 4632 wrote to memory of 3156	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	111
PID 4632 wrote to memory of 3156	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	111
PID 4632 wrote to memory of 5016	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	112
PID 4632 wrote to memory of 5016	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	112
PID 4632 wrote to memory of 5112	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	114
PID 4632 wrote to memory of 5112	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	114
PID 4632 wrote to memory of 3824	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	115
PID 4632 wrote to memory of 3824	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	115
PID 4632 wrote to memory of 4992	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	116
PID 4632 wrote to memory of 4992	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	116
PID 4632 wrote to memory of 3400	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	119
PID 4632 wrote to memory of 3400	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	119
PID 4632 wrote to memory of 1696	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	121
PID 4632 wrote to memory of 1696	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	121
PID 4632 wrote to memory of 5108	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	123
PID 4632 wrote to memory of 5108	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	123
PID 4632 wrote to memory of 3092	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	124
PID 4632 wrote to memory of 3092	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	124
PID 4632 wrote to memory of 1224	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	125
PID 4632 wrote to memory of 1224	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	125
PID 4632 wrote to memory of 3456	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	126
PID 4632 wrote to memory of 3456	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	126
PID 4632 wrote to memory of 600	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	127
PID 4632 wrote to memory of 600	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	127
PID 4632 wrote to memory of 2840	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	129
PID 4632 wrote to memory of 2840	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	129
PID 4632 wrote to memory of 2772	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	130
PID 4632 wrote to memory of 2772	4632	2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe	130

C:\Users\Admin\AppData\Local\Temp\2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_49bcdd0ccd416106b2c1713b4f23e907_amadey_cobalt-strike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\System\dhiVQJm.exe
  C:\Windows\System\dhiVQJm.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\yOnRshe.exe
  C:\Windows\System\yOnRshe.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\njGvWXX.exe
  C:\Windows\System\njGvWXX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\BkhVFPU.exe
  C:\Windows\System\BkhVFPU.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\dRpUUIx.exe
  C:\Windows\System\dRpUUIx.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\MnIqKFb.exe
  C:\Windows\System\MnIqKFb.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\BSgrHaM.exe
  C:\Windows\System\BSgrHaM.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\YEBarFX.exe
  C:\Windows\System\YEBarFX.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\mkjqJZG.exe
  C:\Windows\System\mkjqJZG.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\FURHXSH.exe
  C:\Windows\System\FURHXSH.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\bHrXYeY.exe
  C:\Windows\System\bHrXYeY.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\yewCPtK.exe
  C:\Windows\System\yewCPtK.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\nbMjEnG.exe
  C:\Windows\System\nbMjEnG.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\lidqAKF.exe
  C:\Windows\System\lidqAKF.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\kHHQyac.exe
  C:\Windows\System\kHHQyac.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\BALJRrj.exe
  C:\Windows\System\BALJRrj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\YHpNqKP.exe
  C:\Windows\System\YHpNqKP.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\UzXywFp.exe
  C:\Windows\System\UzXywFp.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\rhPPeuh.exe
  C:\Windows\System\rhPPeuh.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\HupSZkU.exe
  C:\Windows\System\HupSZkU.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\lckSyJC.exe
  C:\Windows\System\lckSyJC.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\yWXZblY.exe
  C:\Windows\System\yWXZblY.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\iduxtxj.exe
  C:\Windows\System\iduxtxj.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\uQdsTRr.exe
  C:\Windows\System\uQdsTRr.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\OWUMOqd.exe
  C:\Windows\System\OWUMOqd.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\RfOfMnI.exe
  C:\Windows\System\RfOfMnI.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\hJqPfwT.exe
  C:\Windows\System\hJqPfwT.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\rCBpJnd.exe
  C:\Windows\System\rCBpJnd.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\hNaEeix.exe
  C:\Windows\System\hNaEeix.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\EjvjTEt.exe
  C:\Windows\System\EjvjTEt.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\hZjWmEm.exe
  C:\Windows\System\hZjWmEm.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\JMbLASI.exe
  C:\Windows\System\JMbLASI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\bUxqIPX.exe
  C:\Windows\System\bUxqIPX.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\JXmPvCZ.exe
  C:\Windows\System\JXmPvCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\ViyZYnN.exe
  C:\Windows\System\ViyZYnN.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LpyvUlW.exe
  C:\Windows\System\LpyvUlW.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\gzfdORj.exe
  C:\Windows\System\gzfdORj.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\aqerPQz.exe
  C:\Windows\System\aqerPQz.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\NeeZdTU.exe
  C:\Windows\System\NeeZdTU.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\dfqxbcC.exe
  C:\Windows\System\dfqxbcC.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\MiOhEHX.exe
  C:\Windows\System\MiOhEHX.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\IgnchYf.exe
  C:\Windows\System\IgnchYf.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\bJSJsLP.exe
  C:\Windows\System\bJSJsLP.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\DeVkfiI.exe
  C:\Windows\System\DeVkfiI.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\VYIiDKr.exe
  C:\Windows\System\VYIiDKr.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\XdtuTmY.exe
  C:\Windows\System\XdtuTmY.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\mElxOLe.exe
  C:\Windows\System\mElxOLe.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\EjSNckB.exe
  C:\Windows\System\EjSNckB.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\WBgdWMP.exe
  C:\Windows\System\WBgdWMP.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\wHsdwyJ.exe
  C:\Windows\System\wHsdwyJ.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\nEernCm.exe
  C:\Windows\System\nEernCm.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\xXOkRXR.exe
  C:\Windows\System\xXOkRXR.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\XnsKqbJ.exe
  C:\Windows\System\XnsKqbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\XzIAgTv.exe
  C:\Windows\System\XzIAgTv.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\qvzcoDm.exe
  C:\Windows\System\qvzcoDm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\TSlwAHX.exe
  C:\Windows\System\TSlwAHX.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\zjYuDHb.exe
  C:\Windows\System\zjYuDHb.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HnFBuNc.exe
  C:\Windows\System\HnFBuNc.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\sXPPstv.exe
  C:\Windows\System\sXPPstv.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\OxHyRAr.exe
  C:\Windows\System\OxHyRAr.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\MFFHDUU.exe
  C:\Windows\System\MFFHDUU.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\VXPguJL.exe
  C:\Windows\System\VXPguJL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\iGxeqci.exe
  C:\Windows\System\iGxeqci.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JozqAYL.exe
  C:\Windows\System\JozqAYL.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\sKkVplr.exe
  C:\Windows\System\sKkVplr.exe
  2⤵
  PID:232
- C:\Windows\System\XQWLlPh.exe
  C:\Windows\System\XQWLlPh.exe
  2⤵
  PID:3388
- C:\Windows\System\eJnyHPU.exe
  C:\Windows\System\eJnyHPU.exe
  2⤵
  PID:3928
- C:\Windows\System\wFeTYbZ.exe
  C:\Windows\System\wFeTYbZ.exe
  2⤵
  PID:3368
- C:\Windows\System\eDKQoFz.exe
  C:\Windows\System\eDKQoFz.exe
  2⤵
  PID:4112
- C:\Windows\System\HrTmxfS.exe
  C:\Windows\System\HrTmxfS.exe
  2⤵
  PID:4512
- C:\Windows\System\mYlMoie.exe
  C:\Windows\System\mYlMoie.exe
  2⤵
  PID:620
- C:\Windows\System\OkYFptr.exe
  C:\Windows\System\OkYFptr.exe
  2⤵
  PID:1624
- C:\Windows\System\DkNCxwe.exe
  C:\Windows\System\DkNCxwe.exe
  2⤵
  PID:3268
- C:\Windows\System\dcvgUro.exe
  C:\Windows\System\dcvgUro.exe
  2⤵
  PID:4728
- C:\Windows\System\UxPisne.exe
  C:\Windows\System\UxPisne.exe
  2⤵
  PID:4636
- C:\Windows\System\GvMOhRC.exe
  C:\Windows\System\GvMOhRC.exe
  2⤵
  PID:1868
- C:\Windows\System\lleGDMB.exe
  C:\Windows\System\lleGDMB.exe
  2⤵
  PID:3296
- C:\Windows\System\dEvNoKF.exe
  C:\Windows\System\dEvNoKF.exe
  2⤵
  PID:3132
- C:\Windows\System\FmVnMWs.exe
  C:\Windows\System\FmVnMWs.exe
  2⤵
  PID:5144
- C:\Windows\System\jyDmRaL.exe
  C:\Windows\System\jyDmRaL.exe
  2⤵
  PID:5176
- C:\Windows\System\ksHQmGy.exe
  C:\Windows\System\ksHQmGy.exe
  2⤵
  PID:5204
- C:\Windows\System\cEdEGkQ.exe
  C:\Windows\System\cEdEGkQ.exe
  2⤵
  PID:5232
- C:\Windows\System\SmZfixp.exe
  C:\Windows\System\SmZfixp.exe
  2⤵
  PID:5260
- C:\Windows\System\AcIuZeu.exe
  C:\Windows\System\AcIuZeu.exe
  2⤵
  PID:5292
- C:\Windows\System\MWHRfOE.exe
  C:\Windows\System\MWHRfOE.exe
  2⤵
  PID:5312
- C:\Windows\System\RObEUDG.exe
  C:\Windows\System\RObEUDG.exe
  2⤵
  PID:5340
- C:\Windows\System\BpMDGOd.exe
  C:\Windows\System\BpMDGOd.exe
  2⤵
  PID:5372
- C:\Windows\System\uEznapw.exe
  C:\Windows\System\uEznapw.exe
  2⤵
  PID:5404
- C:\Windows\System\lvjhZuB.exe
  C:\Windows\System\lvjhZuB.exe
  2⤵
  PID:5420
- C:\Windows\System\dJNArKs.exe
  C:\Windows\System\dJNArKs.exe
  2⤵
  PID:5444
- C:\Windows\System\yJePivw.exe
  C:\Windows\System\yJePivw.exe
  2⤵
  PID:5480
- C:\Windows\System\kMimvNs.exe
  C:\Windows\System\kMimvNs.exe
  2⤵
  PID:5516
- C:\Windows\System\PnHHecN.exe
  C:\Windows\System\PnHHecN.exe
  2⤵
  PID:5544
- C:\Windows\System\tZKSPBy.exe
  C:\Windows\System\tZKSPBy.exe
  2⤵
  PID:5572
- C:\Windows\System\mdCgXkw.exe
  C:\Windows\System\mdCgXkw.exe
  2⤵
  PID:5600
- C:\Windows\System\VWMXMxE.exe
  C:\Windows\System\VWMXMxE.exe
  2⤵
  PID:5632
- C:\Windows\System\kqeCwmT.exe
  C:\Windows\System\kqeCwmT.exe
  2⤵
  PID:5660
- C:\Windows\System\ivhukzt.exe
  C:\Windows\System\ivhukzt.exe
  2⤵
  PID:5688
- C:\Windows\System\jHftxTO.exe
  C:\Windows\System\jHftxTO.exe
  2⤵
  PID:5712
- C:\Windows\System\AHJGufW.exe
  C:\Windows\System\AHJGufW.exe
  2⤵
  PID:5740
- C:\Windows\System\GmNNRwv.exe
  C:\Windows\System\GmNNRwv.exe
  2⤵
  PID:5776
- C:\Windows\System\XwsDAxa.exe
  C:\Windows\System\XwsDAxa.exe
  2⤵
  PID:5800
- C:\Windows\System\ucTIvLk.exe
  C:\Windows\System\ucTIvLk.exe
  2⤵
  PID:5832
- C:\Windows\System\yelaRkW.exe
  C:\Windows\System\yelaRkW.exe
  2⤵
  PID:5852
- C:\Windows\System\dmULNqw.exe
  C:\Windows\System\dmULNqw.exe
  2⤵
  PID:5884
- C:\Windows\System\JxHMQnv.exe
  C:\Windows\System\JxHMQnv.exe
  2⤵
  PID:5916
- C:\Windows\System\JUgTHGQ.exe
  C:\Windows\System\JUgTHGQ.exe
  2⤵
  PID:5940
- C:\Windows\System\PDuuSzV.exe
  C:\Windows\System\PDuuSzV.exe
  2⤵
  PID:5976
- C:\Windows\System\LpmWHSC.exe
  C:\Windows\System\LpmWHSC.exe
  2⤵
  PID:6004
- C:\Windows\System\zTAkAGu.exe
  C:\Windows\System\zTAkAGu.exe
  2⤵
  PID:6024
- C:\Windows\System\hJuRHuN.exe
  C:\Windows\System\hJuRHuN.exe
  2⤵
  PID:6052
- C:\Windows\System\UeUCugT.exe
  C:\Windows\System\UeUCugT.exe
  2⤵
  PID:6088
- C:\Windows\System\nPJgRnG.exe
  C:\Windows\System\nPJgRnG.exe
  2⤵
  PID:6120
- C:\Windows\System\TvecucW.exe
  C:\Windows\System\TvecucW.exe
  2⤵
  PID:5136
- C:\Windows\System\BwYozxv.exe
  C:\Windows\System\BwYozxv.exe
  2⤵
  PID:5244
- C:\Windows\System\EPQsQvG.exe
  C:\Windows\System\EPQsQvG.exe
  2⤵
  PID:5332
- C:\Windows\System\XRwkBZp.exe
  C:\Windows\System\XRwkBZp.exe
  2⤵
  PID:5396
- C:\Windows\System\IpqcEIA.exe
  C:\Windows\System\IpqcEIA.exe
  2⤵
  PID:5472
- C:\Windows\System\sCSAWtu.exe
  C:\Windows\System\sCSAWtu.exe
  2⤵
  PID:5532
- C:\Windows\System\vRPsXEV.exe
  C:\Windows\System\vRPsXEV.exe
  2⤵
  PID:5616
- C:\Windows\System\hEIdEYc.exe
  C:\Windows\System\hEIdEYc.exe
  2⤵
  PID:5700
- C:\Windows\System\MJqpMdi.exe
  C:\Windows\System\MJqpMdi.exe
  2⤵
  PID:5772
- C:\Windows\System\SgcWIhm.exe
  C:\Windows\System\SgcWIhm.exe
  2⤵
  PID:5892
- C:\Windows\System\fTlFDyA.exe
  C:\Windows\System\fTlFDyA.exe
  2⤵
  PID:816
- C:\Windows\System\hiqHDBM.exe
  C:\Windows\System\hiqHDBM.exe
  2⤵
  PID:5160
- C:\Windows\System\uSvuYvp.exe
  C:\Windows\System\uSvuYvp.exe
  2⤵
  PID:5384
- C:\Windows\System\dfmFZgM.exe
  C:\Windows\System\dfmFZgM.exe
  2⤵
  PID:5464
- C:\Windows\System\KmLqSIx.exe
  C:\Windows\System\KmLqSIx.exe
  2⤵
  PID:5748
- C:\Windows\System\EuXhUzC.exe
  C:\Windows\System\EuXhUzC.exe
  2⤵
  PID:5904
- C:\Windows\System\bXRAngV.exe
  C:\Windows\System\bXRAngV.exe
  2⤵
  PID:5360
- C:\Windows\System\StUrsnt.exe
  C:\Windows\System\StUrsnt.exe
  2⤵
  PID:5524
- C:\Windows\System\XZEvSMF.exe
  C:\Windows\System\XZEvSMF.exe
  2⤵
  PID:6068
- C:\Windows\System\ijSrFSe.exe
  C:\Windows\System\ijSrFSe.exe
  2⤵
  PID:4008
- C:\Windows\System\WHQrNST.exe
  C:\Windows\System\WHQrNST.exe
  2⤵
  PID:6016
- C:\Windows\System\MvzivXv.exe
  C:\Windows\System\MvzivXv.exe
  2⤵
  PID:6168
- C:\Windows\System\OJLvPIo.exe
  C:\Windows\System\OJLvPIo.exe
  2⤵
  PID:6196
- C:\Windows\System\EbMPPJc.exe
  C:\Windows\System\EbMPPJc.exe
  2⤵
  PID:6224
- C:\Windows\System\UmCzOTm.exe
  C:\Windows\System\UmCzOTm.exe
  2⤵
  PID:6248
- C:\Windows\System\feOjpbS.exe
  C:\Windows\System\feOjpbS.exe
  2⤵
  PID:6280
- C:\Windows\System\aoRstPQ.exe
  C:\Windows\System\aoRstPQ.exe
  2⤵
  PID:6308
- C:\Windows\System\ykIgWwc.exe
  C:\Windows\System\ykIgWwc.exe
  2⤵
  PID:6336
- C:\Windows\System\ZWWOHzR.exe
  C:\Windows\System\ZWWOHzR.exe
  2⤵
  PID:6364
- C:\Windows\System\ihEnNEa.exe
  C:\Windows\System\ihEnNEa.exe
  2⤵
  PID:6392
- C:\Windows\System\bCbaBAc.exe
  C:\Windows\System\bCbaBAc.exe
  2⤵
  PID:6416
- C:\Windows\System\TwbUzxd.exe
  C:\Windows\System\TwbUzxd.exe
  2⤵
  PID:6448
- C:\Windows\System\GkHRxGd.exe
  C:\Windows\System\GkHRxGd.exe
  2⤵
  PID:6476
- C:\Windows\System\HAWyKTK.exe
  C:\Windows\System\HAWyKTK.exe
  2⤵
  PID:6516
- C:\Windows\System\BLkXvWa.exe
  C:\Windows\System\BLkXvWa.exe
  2⤵
  PID:6540
- C:\Windows\System\ZhAWnub.exe
  C:\Windows\System\ZhAWnub.exe
  2⤵
  PID:6560
- C:\Windows\System\MBnATvu.exe
  C:\Windows\System\MBnATvu.exe
  2⤵
  PID:6592
- C:\Windows\System\vgfhogG.exe
  C:\Windows\System\vgfhogG.exe
  2⤵
  PID:6616
- C:\Windows\System\RGhllqy.exe
  C:\Windows\System\RGhllqy.exe
  2⤵
  PID:6648
- C:\Windows\System\bfgCfMr.exe
  C:\Windows\System\bfgCfMr.exe
  2⤵
  PID:6676
- C:\Windows\System\kkjkrAE.exe
  C:\Windows\System\kkjkrAE.exe
  2⤵
  PID:6704
- C:\Windows\System\tndIIBO.exe
  C:\Windows\System\tndIIBO.exe
  2⤵
  PID:6740
- C:\Windows\System\qORvmMu.exe
  C:\Windows\System\qORvmMu.exe
  2⤵
  PID:6760
- C:\Windows\System\GzgcGlu.exe
  C:\Windows\System\GzgcGlu.exe
  2⤵
  PID:6792
- C:\Windows\System\ycerJTx.exe
  C:\Windows\System\ycerJTx.exe
  2⤵
  PID:6824
- C:\Windows\System\cIqAqvp.exe
  C:\Windows\System\cIqAqvp.exe
  2⤵
  PID:6852
- C:\Windows\System\XxFeLXR.exe
  C:\Windows\System\XxFeLXR.exe
  2⤵
  PID:6876
- C:\Windows\System\aUgbSbe.exe
  C:\Windows\System\aUgbSbe.exe
  2⤵
  PID:6908
- C:\Windows\System\RpQgZYp.exe
  C:\Windows\System\RpQgZYp.exe
  2⤵
  PID:6936
- C:\Windows\System\juXYarx.exe
  C:\Windows\System\juXYarx.exe
  2⤵
  PID:6960
- C:\Windows\System\tqKevzy.exe
  C:\Windows\System\tqKevzy.exe
  2⤵
  PID:6984
- C:\Windows\System\qLHzALY.exe
  C:\Windows\System\qLHzALY.exe
  2⤵
  PID:7020
- C:\Windows\System\kFfFczP.exe
  C:\Windows\System\kFfFczP.exe
  2⤵
  PID:7044
- C:\Windows\System\fTFwXNf.exe
  C:\Windows\System\fTFwXNf.exe
  2⤵
  PID:7076
- C:\Windows\System\BWjVPPU.exe
  C:\Windows\System\BWjVPPU.exe
  2⤵
  PID:7108
- C:\Windows\System\WEweEck.exe
  C:\Windows\System\WEweEck.exe
  2⤵
  PID:7144
- C:\Windows\System\xvHSQhP.exe
  C:\Windows\System\xvHSQhP.exe
  2⤵
  PID:7160
- C:\Windows\System\GWxIOsC.exe
  C:\Windows\System\GWxIOsC.exe
  2⤵
  PID:6176
- C:\Windows\System\gPkWDJJ.exe
  C:\Windows\System\gPkWDJJ.exe
  2⤵
  PID:6236
- C:\Windows\System\PrjJeqO.exe
  C:\Windows\System\PrjJeqO.exe
  2⤵
  PID:6288
- C:\Windows\System\bUIOAov.exe
  C:\Windows\System\bUIOAov.exe
  2⤵
  PID:6348
- C:\Windows\System\QSQZWbD.exe
  C:\Windows\System\QSQZWbD.exe
  2⤵
  PID:6512
- C:\Windows\System\dfkdUMz.exe
  C:\Windows\System\dfkdUMz.exe
  2⤵
  PID:6556
- C:\Windows\System\MmjsJkA.exe
  C:\Windows\System\MmjsJkA.exe
  2⤵
  PID:6644
- C:\Windows\System\wJsKpqz.exe
  C:\Windows\System\wJsKpqz.exe
  2⤵
  PID:6700
- C:\Windows\System\VJtFzTo.exe
  C:\Windows\System\VJtFzTo.exe
  2⤵
  PID:6756
- C:\Windows\System\rfTdpim.exe
  C:\Windows\System\rfTdpim.exe
  2⤵
  PID:6816
- C:\Windows\System\Fyzozoz.exe
  C:\Windows\System\Fyzozoz.exe
  2⤵
  PID:6900
- C:\Windows\System\dTZkyfw.exe
  C:\Windows\System\dTZkyfw.exe
  2⤵
  PID:6948
- C:\Windows\System\qRhsiIZ.exe
  C:\Windows\System\qRhsiIZ.exe
  2⤵
  PID:7040
- C:\Windows\System\cGUresI.exe
  C:\Windows\System\cGUresI.exe
  2⤵
  PID:7116
- C:\Windows\System\LnhkCnf.exe
  C:\Windows\System\LnhkCnf.exe
  2⤵
  PID:6152
- C:\Windows\System\vthlCFF.exe
  C:\Windows\System\vthlCFF.exe
  2⤵
  PID:6256
- C:\Windows\System\aTtHNGf.exe
  C:\Windows\System\aTtHNGf.exe
  2⤵
  PID:6484
- C:\Windows\System\whBZIGo.exe
  C:\Windows\System\whBZIGo.exe
  2⤵
  PID:5168
- C:\Windows\System\fdeWoWx.exe
  C:\Windows\System\fdeWoWx.exe
  2⤵
  PID:5556
- C:\Windows\System\DoYRLGC.exe
  C:\Windows\System\DoYRLGC.exe
  2⤵
  PID:6576
- C:\Windows\System\RblUvNt.exe
  C:\Windows\System\RblUvNt.exe
  2⤵
  PID:6808
- C:\Windows\System\hXtUYst.exe
  C:\Windows\System\hXtUYst.exe
  2⤵
  PID:6920
- C:\Windows\System\nqQytON.exe
  C:\Windows\System\nqQytON.exe
  2⤵
  PID:7064
- C:\Windows\System\kPvjINl.exe
  C:\Windows\System\kPvjINl.exe
  2⤵
  PID:3180
- C:\Windows\System\ZDbbVaE.exe
  C:\Windows\System\ZDbbVaE.exe
  2⤵
  PID:644
- C:\Windows\System\qdXTlbE.exe
  C:\Windows\System\qdXTlbE.exe
  2⤵
  PID:3084
- C:\Windows\System\PNVcJGe.exe
  C:\Windows\System\PNVcJGe.exe
  2⤵
  PID:6588
- C:\Windows\System\ZihIMDo.exe
  C:\Windows\System\ZihIMDo.exe
  2⤵
  PID:3172
- C:\Windows\System\ZERYMlE.exe
  C:\Windows\System\ZERYMlE.exe
  2⤵
  PID:6996
- C:\Windows\System\wVITZMC.exe
  C:\Windows\System\wVITZMC.exe
  2⤵
  PID:3600
- C:\Windows\System\hmQRvzi.exe
  C:\Windows\System\hmQRvzi.exe
  2⤵
  PID:6324
- C:\Windows\System\EJbJkgS.exe
  C:\Windows\System\EJbJkgS.exe
  2⤵
  PID:7140
- C:\Windows\System\lwAHGHm.exe
  C:\Windows\System\lwAHGHm.exe
  2⤵
  PID:6668
- C:\Windows\System\XQEtfeS.exe
  C:\Windows\System\XQEtfeS.exe
  2⤵
  PID:7196
- C:\Windows\System\xGVUKIB.exe
  C:\Windows\System\xGVUKIB.exe
  2⤵
  PID:7228
- C:\Windows\System\JvOmsaU.exe
  C:\Windows\System\JvOmsaU.exe
  2⤵
  PID:7256
- C:\Windows\System\ngVMjck.exe
  C:\Windows\System\ngVMjck.exe
  2⤵
  PID:7276
- C:\Windows\System\OEpYsWa.exe
  C:\Windows\System\OEpYsWa.exe
  2⤵
  PID:7304
- C:\Windows\System\fwUIPUq.exe
  C:\Windows\System\fwUIPUq.exe
  2⤵
  PID:7344
- C:\Windows\System\eVQMnUI.exe
  C:\Windows\System\eVQMnUI.exe
  2⤵
  PID:7372
- C:\Windows\System\HsTYOxI.exe
  C:\Windows\System\HsTYOxI.exe
  2⤵
  PID:7408
- C:\Windows\System\KNSsbHy.exe
  C:\Windows\System\KNSsbHy.exe
  2⤵
  PID:7444
- C:\Windows\System\YuFqoWf.exe
  C:\Windows\System\YuFqoWf.exe
  2⤵
  PID:7472
- C:\Windows\System\fJZJpYa.exe
  C:\Windows\System\fJZJpYa.exe
  2⤵
  PID:7492
- C:\Windows\System\ifPjdge.exe
  C:\Windows\System\ifPjdge.exe
  2⤵
  PID:7532
- C:\Windows\System\RyNpkqi.exe
  C:\Windows\System\RyNpkqi.exe
  2⤵
  PID:7556
- C:\Windows\System\NShzuYV.exe
  C:\Windows\System\NShzuYV.exe
  2⤵
  PID:7580
- C:\Windows\System\YBMXXie.exe
  C:\Windows\System\YBMXXie.exe
  2⤵
  PID:7612
- C:\Windows\System\ynrJvbp.exe
  C:\Windows\System\ynrJvbp.exe
  2⤵
  PID:7644
- C:\Windows\System\jvhtMcI.exe
  C:\Windows\System\jvhtMcI.exe
  2⤵
  PID:7668
- C:\Windows\System\QlfoXSc.exe
  C:\Windows\System\QlfoXSc.exe
  2⤵
  PID:7700
- C:\Windows\System\DqIwxso.exe
  C:\Windows\System\DqIwxso.exe
  2⤵
  PID:7732
- C:\Windows\System\dyjfeDq.exe
  C:\Windows\System\dyjfeDq.exe
  2⤵
  PID:7756
- C:\Windows\System\XjqzfoQ.exe
  C:\Windows\System\XjqzfoQ.exe
  2⤵
  PID:7788
- C:\Windows\System\vSPMONB.exe
  C:\Windows\System\vSPMONB.exe
  2⤵
  PID:7812
- C:\Windows\System\RwhNfle.exe
  C:\Windows\System\RwhNfle.exe
  2⤵
  PID:7832
- C:\Windows\System\pvmBbes.exe
  C:\Windows\System\pvmBbes.exe
  2⤵
  PID:7864
- C:\Windows\System\SgHiFNE.exe
  C:\Windows\System\SgHiFNE.exe
  2⤵
  PID:7888
- C:\Windows\System\dybDapi.exe
  C:\Windows\System\dybDapi.exe
  2⤵
  PID:7916
- C:\Windows\System\WijSKnv.exe
  C:\Windows\System\WijSKnv.exe
  2⤵
  PID:7944
- C:\Windows\System\NUgZqIN.exe
  C:\Windows\System\NUgZqIN.exe
  2⤵
  PID:7972
- C:\Windows\System\qEVvVCD.exe
  C:\Windows\System\qEVvVCD.exe
  2⤵
  PID:8000
- C:\Windows\System\kjZelrj.exe
  C:\Windows\System\kjZelrj.exe
  2⤵
  PID:8028
- C:\Windows\System\aLiMEzF.exe
  C:\Windows\System\aLiMEzF.exe
  2⤵
  PID:8056
- C:\Windows\System\URsHtKK.exe
  C:\Windows\System\URsHtKK.exe
  2⤵
  PID:8084
- C:\Windows\System\Arviqlg.exe
  C:\Windows\System\Arviqlg.exe
  2⤵
  PID:8112
- C:\Windows\System\BXgLGSE.exe
  C:\Windows\System\BXgLGSE.exe
  2⤵
  PID:8140
- C:\Windows\System\PpAKuoI.exe
  C:\Windows\System\PpAKuoI.exe
  2⤵
  PID:8168
- C:\Windows\System\vaTWrWU.exe
  C:\Windows\System\vaTWrWU.exe
  2⤵
  PID:7180
- C:\Windows\System\ROUTWUb.exe
  C:\Windows\System\ROUTWUb.exe
  2⤵
  PID:7244
- C:\Windows\System\CXeFwig.exe
  C:\Windows\System\CXeFwig.exe
  2⤵
  PID:7296
- C:\Windows\System\TFgyErO.exe
  C:\Windows\System\TFgyErO.exe
  2⤵
  PID:2040
- C:\Windows\System\swAnvVP.exe
  C:\Windows\System\swAnvVP.exe
  2⤵
  PID:7428
- C:\Windows\System\CLTjYWi.exe
  C:\Windows\System\CLTjYWi.exe
  2⤵
  PID:7488
- C:\Windows\System\dgSYyOV.exe
  C:\Windows\System\dgSYyOV.exe
  2⤵
  PID:7564
- C:\Windows\System\rAJpHHv.exe
  C:\Windows\System\rAJpHHv.exe
  2⤵
  PID:7636
- C:\Windows\System\dopdDFP.exe
  C:\Windows\System\dopdDFP.exe
  2⤵
  PID:7708
- C:\Windows\System\cZMlWME.exe
  C:\Windows\System\cZMlWME.exe
  2⤵
  PID:7768
- C:\Windows\System\ZHQUvTP.exe
  C:\Windows\System\ZHQUvTP.exe
  2⤵
  PID:7824
- C:\Windows\System\lXwibBl.exe
  C:\Windows\System\lXwibBl.exe
  2⤵
  PID:7900
- C:\Windows\System\IbwTCZk.exe
  C:\Windows\System\IbwTCZk.exe
  2⤵
  PID:7968
- C:\Windows\System\ymdlOLf.exe
  C:\Windows\System\ymdlOLf.exe
  2⤵
  PID:8024
- C:\Windows\System\cqlLMLY.exe
  C:\Windows\System\cqlLMLY.exe
  2⤵
  PID:8096
- C:\Windows\System\gqWoskS.exe
  C:\Windows\System\gqWoskS.exe
  2⤵
  PID:8160
- C:\Windows\System\EIcFbYF.exe
  C:\Windows\System\EIcFbYF.exe
  2⤵
  PID:7240
- C:\Windows\System\KRLYusS.exe
  C:\Windows\System\KRLYusS.exe
  2⤵
  PID:7404
- C:\Windows\System\byZsQvO.exe
  C:\Windows\System\byZsQvO.exe
  2⤵
  PID:7544
- C:\Windows\System\YxZhKJj.exe
  C:\Windows\System\YxZhKJj.exe
  2⤵
  PID:7688
- C:\Windows\System\iiqBWZk.exe
  C:\Windows\System\iiqBWZk.exe
  2⤵
  PID:7828
- C:\Windows\System\mhbPjXG.exe
  C:\Windows\System\mhbPjXG.exe
  2⤵
  PID:8012
- C:\Windows\System\DRvgaOX.exe
  C:\Windows\System\DRvgaOX.exe
  2⤵
  PID:8152
- C:\Windows\System\xdLfBhc.exe
  C:\Windows\System\xdLfBhc.exe
  2⤵
  PID:7460
- C:\Windows\System\fatrYaQ.exe
  C:\Windows\System\fatrYaQ.exe
  2⤵
  PID:7820
- C:\Windows\System\wCRiTmu.exe
  C:\Windows\System\wCRiTmu.exe
  2⤵
  PID:8136
- C:\Windows\System\GEujNrH.exe
  C:\Windows\System\GEujNrH.exe
  2⤵
  PID:7956
- C:\Windows\System\rKnKWvm.exe
  C:\Windows\System\rKnKWvm.exe
  2⤵
  PID:7796
- C:\Windows\System\AspZnvI.exe
  C:\Windows\System\AspZnvI.exe
  2⤵
  PID:8216
- C:\Windows\System\nwAYLfz.exe
  C:\Windows\System\nwAYLfz.exe
  2⤵
  PID:8244
- C:\Windows\System\zkNbdAb.exe
  C:\Windows\System\zkNbdAb.exe
  2⤵
  PID:8272
- C:\Windows\System\VgbcTHC.exe
  C:\Windows\System\VgbcTHC.exe
  2⤵
  PID:8300
- C:\Windows\System\heXlXBt.exe
  C:\Windows\System\heXlXBt.exe
  2⤵
  PID:8328
- C:\Windows\System\HnSeAjN.exe
  C:\Windows\System\HnSeAjN.exe
  2⤵
  PID:8356
- C:\Windows\System\ywyJEGb.exe
  C:\Windows\System\ywyJEGb.exe
  2⤵
  PID:8384
- C:\Windows\System\snoRGJv.exe
  C:\Windows\System\snoRGJv.exe
  2⤵
  PID:8412
- C:\Windows\System\MmaAenD.exe
  C:\Windows\System\MmaAenD.exe
  2⤵
  PID:8440
- C:\Windows\System\kHUWdep.exe
  C:\Windows\System\kHUWdep.exe
  2⤵
  PID:8468
- C:\Windows\System\BRxlRux.exe
  C:\Windows\System\BRxlRux.exe
  2⤵
  PID:8496
- C:\Windows\System\DIPuQrs.exe
  C:\Windows\System\DIPuQrs.exe
  2⤵
  PID:8524
- C:\Windows\System\oZQOsOC.exe
  C:\Windows\System\oZQOsOC.exe
  2⤵
  PID:8552
- C:\Windows\System\ondDzBm.exe
  C:\Windows\System\ondDzBm.exe
  2⤵
  PID:8580
- C:\Windows\System\LVcGgBF.exe
  C:\Windows\System\LVcGgBF.exe
  2⤵
  PID:8608
- C:\Windows\System\qTsADzc.exe
  C:\Windows\System\qTsADzc.exe
  2⤵
  PID:8636
- C:\Windows\System\ZgsEqAF.exe
  C:\Windows\System\ZgsEqAF.exe
  2⤵
  PID:8664
- C:\Windows\System\VcaYbXU.exe
  C:\Windows\System\VcaYbXU.exe
  2⤵
  PID:8692
- C:\Windows\System\YICboCj.exe
  C:\Windows\System\YICboCj.exe
  2⤵
  PID:8720
- C:\Windows\System\kfuywqi.exe
  C:\Windows\System\kfuywqi.exe
  2⤵
  PID:8748
- C:\Windows\System\eEZQVMd.exe
  C:\Windows\System\eEZQVMd.exe
  2⤵
  PID:8780
- C:\Windows\System\xZZHTSP.exe
  C:\Windows\System\xZZHTSP.exe
  2⤵
  PID:8804
- C:\Windows\System\BozagZG.exe
  C:\Windows\System\BozagZG.exe
  2⤵
  PID:8832
- C:\Windows\System\QVKEZdN.exe
  C:\Windows\System\QVKEZdN.exe
  2⤵
  PID:8860
- C:\Windows\System\lZogccw.exe
  C:\Windows\System\lZogccw.exe
  2⤵
  PID:8888
- C:\Windows\System\YpuLGkG.exe
  C:\Windows\System\YpuLGkG.exe
  2⤵
  PID:8916
- C:\Windows\System\WiDKpWW.exe
  C:\Windows\System\WiDKpWW.exe
  2⤵
  PID:8944
- C:\Windows\System\rfMVGMW.exe
  C:\Windows\System\rfMVGMW.exe
  2⤵
  PID:8972
- C:\Windows\System\vmUeOyn.exe
  C:\Windows\System\vmUeOyn.exe
  2⤵
  PID:9000
- C:\Windows\System\NoJfzRv.exe
  C:\Windows\System\NoJfzRv.exe
  2⤵
  PID:9028
- C:\Windows\System\xxrjMwq.exe
  C:\Windows\System\xxrjMwq.exe
  2⤵
  PID:9056
- C:\Windows\System\iZTPsck.exe
  C:\Windows\System\iZTPsck.exe
  2⤵
  PID:9084
- C:\Windows\System\xdnpcrq.exe
  C:\Windows\System\xdnpcrq.exe
  2⤵
  PID:9112
- C:\Windows\System\dvzfofm.exe
  C:\Windows\System\dvzfofm.exe
  2⤵
  PID:9140
- C:\Windows\System\ipLnNKK.exe
  C:\Windows\System\ipLnNKK.exe
  2⤵
  PID:9168
- C:\Windows\System\DuGtmRT.exe
  C:\Windows\System\DuGtmRT.exe
  2⤵
  PID:9196
- C:\Windows\System\PegUrWF.exe
  C:\Windows\System\PegUrWF.exe
  2⤵
  PID:8212
- C:\Windows\System\vmrUEbx.exe
  C:\Windows\System\vmrUEbx.exe
  2⤵
  PID:8284
- C:\Windows\System\wRzSdqs.exe
  C:\Windows\System\wRzSdqs.exe
  2⤵
  PID:8348
- C:\Windows\System\hWHZaJu.exe
  C:\Windows\System\hWHZaJu.exe
  2⤵
  PID:8408
- C:\Windows\System\ABjhkDm.exe
  C:\Windows\System\ABjhkDm.exe
  2⤵
  PID:8484
- C:\Windows\System\yTghWwg.exe
  C:\Windows\System\yTghWwg.exe
  2⤵
  PID:8544
- C:\Windows\System\cnnZBvJ.exe
  C:\Windows\System\cnnZBvJ.exe
  2⤵
  PID:8600
- C:\Windows\System\kQzrxpZ.exe
  C:\Windows\System\kQzrxpZ.exe
  2⤵
  PID:8660
- C:\Windows\System\AqjjjsA.exe
  C:\Windows\System\AqjjjsA.exe
  2⤵
  PID:8732
- C:\Windows\System\qhrBRXR.exe
  C:\Windows\System\qhrBRXR.exe
  2⤵
  PID:748
- C:\Windows\System\QGrICVh.exe
  C:\Windows\System\QGrICVh.exe
  2⤵
  PID:8824
- C:\Windows\System\MGRXVdG.exe
  C:\Windows\System\MGRXVdG.exe
  2⤵
  PID:8876
- C:\Windows\System\oJrBDoD.exe
  C:\Windows\System\oJrBDoD.exe
  2⤵
  PID:8936
- C:\Windows\System\bCDuTqx.exe
  C:\Windows\System\bCDuTqx.exe
  2⤵
  PID:8996
- C:\Windows\System\bUfrlzg.exe
  C:\Windows\System\bUfrlzg.exe
  2⤵
  PID:9068
- C:\Windows\System\iblgIGG.exe
  C:\Windows\System\iblgIGG.exe
  2⤵
  PID:9132
- C:\Windows\System\MslVZUo.exe
  C:\Windows\System\MslVZUo.exe
  2⤵
  PID:9188
- C:\Windows\System\lsETUfI.exe
  C:\Windows\System\lsETUfI.exe
  2⤵
  PID:8320
- C:\Windows\System\mBEfCWT.exe
  C:\Windows\System\mBEfCWT.exe
  2⤵
  PID:8460
- C:\Windows\System\WldOslv.exe
  C:\Windows\System\WldOslv.exe
  2⤵
  PID:1724
- C:\Windows\System\ujUujMF.exe
  C:\Windows\System\ujUujMF.exe
  2⤵
  PID:8760
- C:\Windows\System\hsplTJo.exe
  C:\Windows\System\hsplTJo.exe
  2⤵
  PID:8852
- C:\Windows\System\JmAOnFB.exe
  C:\Windows\System\JmAOnFB.exe
  2⤵
  PID:8992
- C:\Windows\System\wcjBISn.exe
  C:\Windows\System\wcjBISn.exe
  2⤵
  PID:9160
- C:\Windows\System\RzWjJQK.exe
  C:\Windows\System\RzWjJQK.exe
  2⤵
  PID:8404
- C:\Windows\System\GspANNm.exe
  C:\Windows\System\GspANNm.exe
  2⤵
  PID:3064
- C:\Windows\System\EmgWddP.exe
  C:\Windows\System\EmgWddP.exe
  2⤵
  PID:9052
- C:\Windows\System\gBDhsXI.exe
  C:\Windows\System\gBDhsXI.exe
  2⤵
  PID:8656
- C:\Windows\System\iFqCYuD.exe
  C:\Windows\System\iFqCYuD.exe
  2⤵
  PID:8576
- C:\Windows\System\oUErRGL.exe
  C:\Windows\System\oUErRGL.exe
  2⤵
  PID:9236
- C:\Windows\System\SJkBdrS.exe
  C:\Windows\System\SJkBdrS.exe
  2⤵
  PID:9264
- C:\Windows\System\qgyWUZb.exe
  C:\Windows\System\qgyWUZb.exe
  2⤵
  PID:9292
- C:\Windows\System\eIKzmYM.exe
  C:\Windows\System\eIKzmYM.exe
  2⤵
  PID:9320
- C:\Windows\System\aUPdpYC.exe
  C:\Windows\System\aUPdpYC.exe
  2⤵
  PID:9348
- C:\Windows\System\WjVnwxO.exe
  C:\Windows\System\WjVnwxO.exe
  2⤵
  PID:9376
- C:\Windows\System\JLPBtaT.exe
  C:\Windows\System\JLPBtaT.exe
  2⤵
  PID:9404
- C:\Windows\System\YlRKrcA.exe
  C:\Windows\System\YlRKrcA.exe
  2⤵
  PID:9432
- C:\Windows\System\BUgoBej.exe
  C:\Windows\System\BUgoBej.exe
  2⤵
  PID:9460
- C:\Windows\System\IWAmmVn.exe
  C:\Windows\System\IWAmmVn.exe
  2⤵
  PID:9488
- C:\Windows\System\XWHMmEe.exe
  C:\Windows\System\XWHMmEe.exe
  2⤵
  PID:9516
- C:\Windows\System\LjeGNBA.exe
  C:\Windows\System\LjeGNBA.exe
  2⤵
  PID:9544
- C:\Windows\System\hGIVHBY.exe
  C:\Windows\System\hGIVHBY.exe
  2⤵
  PID:9572
- C:\Windows\System\aEwkEYJ.exe
  C:\Windows\System\aEwkEYJ.exe
  2⤵
  PID:9600
- C:\Windows\System\HPHQbJw.exe
  C:\Windows\System\HPHQbJw.exe
  2⤵
  PID:9628
- C:\Windows\System\GnIqttK.exe
  C:\Windows\System\GnIqttK.exe
  2⤵
  PID:9656
- C:\Windows\System\SlUztbg.exe
  C:\Windows\System\SlUztbg.exe
  2⤵
  PID:9684
- C:\Windows\System\eVYcAmT.exe
  C:\Windows\System\eVYcAmT.exe
  2⤵
  PID:9712
- C:\Windows\System\RpyoRhf.exe
  C:\Windows\System\RpyoRhf.exe
  2⤵
  PID:9740
- C:\Windows\System\wmkBaMI.exe
  C:\Windows\System\wmkBaMI.exe
  2⤵
  PID:9768
- C:\Windows\System\qCrBsjw.exe
  C:\Windows\System\qCrBsjw.exe
  2⤵
  PID:9796
- C:\Windows\System\rxYNpWa.exe
  C:\Windows\System\rxYNpWa.exe
  2⤵
  PID:9824
- C:\Windows\System\lYKeLNl.exe
  C:\Windows\System\lYKeLNl.exe
  2⤵
  PID:9852
- C:\Windows\System\vAVfeve.exe
  C:\Windows\System\vAVfeve.exe
  2⤵
  PID:9880
- C:\Windows\System\VGeURJr.exe
  C:\Windows\System\VGeURJr.exe
  2⤵
  PID:9908
- C:\Windows\System\xIOQokD.exe
  C:\Windows\System\xIOQokD.exe
  2⤵
  PID:9936
- C:\Windows\System\tYuMknJ.exe
  C:\Windows\System\tYuMknJ.exe
  2⤵
  PID:9964
- C:\Windows\System\VfagFsH.exe
  C:\Windows\System\VfagFsH.exe
  2⤵
  PID:9996
- C:\Windows\System\HCdaCfE.exe
  C:\Windows\System\HCdaCfE.exe
  2⤵
  PID:10024
- C:\Windows\System\PvOYROj.exe
  C:\Windows\System\PvOYROj.exe
  2⤵
  PID:10052
- C:\Windows\System\EVkmACQ.exe
  C:\Windows\System\EVkmACQ.exe
  2⤵
  PID:10080
- C:\Windows\System\oTNFTMv.exe
  C:\Windows\System\oTNFTMv.exe
  2⤵
  PID:10108
- C:\Windows\System\xyUsbTM.exe
  C:\Windows\System\xyUsbTM.exe
  2⤵
  PID:10128
- C:\Windows\System\UQamllC.exe
  C:\Windows\System\UQamllC.exe
  2⤵
  PID:10164
- C:\Windows\System\kSFWsEy.exe
  C:\Windows\System\kSFWsEy.exe
  2⤵
  PID:10212
- C:\Windows\System\iCJaMjQ.exe
  C:\Windows\System\iCJaMjQ.exe
  2⤵
  PID:10236
- C:\Windows\System\bgpneOE.exe
  C:\Windows\System\bgpneOE.exe
  2⤵
  PID:9260
- C:\Windows\System\NWAozkw.exe
  C:\Windows\System\NWAozkw.exe
  2⤵
  PID:9332
- C:\Windows\System\EBuuRej.exe
  C:\Windows\System\EBuuRej.exe
  2⤵
  PID:9396
- C:\Windows\System\XvuFMwb.exe
  C:\Windows\System\XvuFMwb.exe
  2⤵
  PID:9456
- C:\Windows\System\FSWLBLG.exe
  C:\Windows\System\FSWLBLG.exe
  2⤵
  PID:9528
- C:\Windows\System\AtESwMq.exe
  C:\Windows\System\AtESwMq.exe
  2⤵
  PID:9592
- C:\Windows\System\GRFpukr.exe
  C:\Windows\System\GRFpukr.exe
  2⤵
  PID:9652
- C:\Windows\System\LQGRdkI.exe
  C:\Windows\System\LQGRdkI.exe
  2⤵
  PID:9724
- C:\Windows\System\yWejsSj.exe
  C:\Windows\System\yWejsSj.exe
  2⤵
  PID:9788
- C:\Windows\System\ytfeLJm.exe
  C:\Windows\System\ytfeLJm.exe
  2⤵
  PID:9848
- C:\Windows\System\iTOikMF.exe
  C:\Windows\System\iTOikMF.exe
  2⤵
  PID:9920
- C:\Windows\System\zRBmkfT.exe
  C:\Windows\System\zRBmkfT.exe
  2⤵
  PID:9984
- C:\Windows\System\tjBkyPy.exe
  C:\Windows\System\tjBkyPy.exe
  2⤵
  PID:3864
- C:\Windows\System\wMMiGjB.exe
  C:\Windows\System\wMMiGjB.exe
  2⤵
  PID:10096
- C:\Windows\System\XstdOjY.exe
  C:\Windows\System\XstdOjY.exe
  2⤵
  PID:2768
- C:\Windows\System\zjibBuS.exe
  C:\Windows\System\zjibBuS.exe
  2⤵
  PID:10152
- C:\Windows\System\vVLpSlb.exe
  C:\Windows\System\vVLpSlb.exe
  2⤵
  PID:1904
- C:\Windows\System\uwIOFWT.exe
  C:\Windows\System\uwIOFWT.exe
  2⤵
  PID:10232
- C:\Windows\System\aaEhNFL.exe
  C:\Windows\System\aaEhNFL.exe
  2⤵
  PID:9312
- C:\Windows\System\XBZyNSn.exe
  C:\Windows\System\XBZyNSn.exe
  2⤵
  PID:9452
- C:\Windows\System\UffCVxM.exe
  C:\Windows\System\UffCVxM.exe
  2⤵
  PID:9620
- C:\Windows\System\BwpIwxY.exe
  C:\Windows\System\BwpIwxY.exe
  2⤵
  PID:9752
- C:\Windows\System\kWotuDR.exe
  C:\Windows\System\kWotuDR.exe
  2⤵
  PID:9900
- C:\Windows\System\jkAHljQ.exe
  C:\Windows\System\jkAHljQ.exe
  2⤵
  PID:10040
- C:\Windows\System\jQMBATc.exe
  C:\Windows\System\jQMBATc.exe
  2⤵
  PID:3596
- C:\Windows\System\dEwlYUC.exe
  C:\Windows\System\dEwlYUC.exe
  2⤵
  PID:10144
- C:\Windows\System\TZlLaWS.exe
  C:\Windows\System\TZlLaWS.exe
  2⤵
  PID:9512
- C:\Windows\System\mExGhxn.exe
  C:\Windows\System\mExGhxn.exe
  2⤵
  PID:9844
- C:\Windows\System\lrWTKGu.exe
  C:\Windows\System\lrWTKGu.exe
  2⤵
  PID:3680
- C:\Windows\System\DviVdSG.exe
  C:\Windows\System\DviVdSG.exe
  2⤵
  PID:9424
- C:\Windows\System\CkNNrgM.exe
  C:\Windows\System\CkNNrgM.exe
  2⤵
  PID:10124
- C:\Windows\System\YxqOaoD.exe
  C:\Windows\System\YxqOaoD.exe
  2⤵
  PID:1396
- C:\Windows\System\OnXgBpP.exe
  C:\Windows\System\OnXgBpP.exe
  2⤵
  PID:10256
- C:\Windows\System\GmZhGxV.exe
  C:\Windows\System\GmZhGxV.exe
  2⤵
  PID:10284
- C:\Windows\System\vBBUQfR.exe
  C:\Windows\System\vBBUQfR.exe
  2⤵
  PID:10312
- C:\Windows\System\ayikXVV.exe
  C:\Windows\System\ayikXVV.exe
  2⤵
  PID:10348
- C:\Windows\System\adBrAps.exe
  C:\Windows\System\adBrAps.exe
  2⤵
  PID:10368
- C:\Windows\System\eMqCbgL.exe
  C:\Windows\System\eMqCbgL.exe
  2⤵
  PID:10396
- C:\Windows\System\yIcDiGv.exe
  C:\Windows\System\yIcDiGv.exe
  2⤵
  PID:10424
- C:\Windows\System\WNSzoeq.exe
  C:\Windows\System\WNSzoeq.exe
  2⤵
  PID:10452
- C:\Windows\System\YiVhigf.exe
  C:\Windows\System\YiVhigf.exe
  2⤵
  PID:10476
- C:\Windows\System\NbpAKlU.exe
  C:\Windows\System\NbpAKlU.exe
  2⤵
  PID:10520
- C:\Windows\System\NtqqzuV.exe
  C:\Windows\System\NtqqzuV.exe
  2⤵
  PID:10568
- C:\Windows\System\VfAGhOY.exe
  C:\Windows\System\VfAGhOY.exe
  2⤵
  PID:10584
- C:\Windows\System\QdnLVYP.exe
  C:\Windows\System\QdnLVYP.exe
  2⤵
  PID:10612
- C:\Windows\System\ighQFio.exe
  C:\Windows\System\ighQFio.exe
  2⤵
  PID:10640
- C:\Windows\System\PKrTLmf.exe
  C:\Windows\System\PKrTLmf.exe
  2⤵
  PID:10668
- C:\Windows\System\OIUHOxy.exe
  C:\Windows\System\OIUHOxy.exe
  2⤵
  PID:10696
- C:\Windows\System\UcBCsna.exe
  C:\Windows\System\UcBCsna.exe
  2⤵
  PID:10724
- C:\Windows\System\xezcTti.exe
  C:\Windows\System\xezcTti.exe
  2⤵
  PID:10752
- C:\Windows\System\wkVnIRt.exe
  C:\Windows\System\wkVnIRt.exe
  2⤵
  PID:10780
- C:\Windows\System\sqekvlJ.exe
  C:\Windows\System\sqekvlJ.exe
  2⤵
  PID:10808
- C:\Windows\System\LfvruwL.exe
  C:\Windows\System\LfvruwL.exe
  2⤵
  PID:10836
- C:\Windows\System\CTotMMI.exe
  C:\Windows\System\CTotMMI.exe
  2⤵
  PID:10864
- C:\Windows\System\bwlEUrX.exe
  C:\Windows\System\bwlEUrX.exe
  2⤵
  PID:10892
- C:\Windows\System\vvBDRdO.exe
  C:\Windows\System\vvBDRdO.exe
  2⤵
  PID:10920
- C:\Windows\System\KkbAEsC.exe
  C:\Windows\System\KkbAEsC.exe
  2⤵
  PID:10948
- C:\Windows\System\IoyJxmg.exe
  C:\Windows\System\IoyJxmg.exe
  2⤵
  PID:10976
- C:\Windows\System\YWFTUCF.exe
  C:\Windows\System\YWFTUCF.exe
  2⤵
  PID:11016
- C:\Windows\System\dfKdCFa.exe
  C:\Windows\System\dfKdCFa.exe
  2⤵
  PID:11032
- C:\Windows\System\GBvuFnx.exe
  C:\Windows\System\GBvuFnx.exe
  2⤵
  PID:11060
- C:\Windows\System\QxHXlvC.exe
  C:\Windows\System\QxHXlvC.exe
  2⤵
  PID:11088
- C:\Windows\System\sCNrxxw.exe
  C:\Windows\System\sCNrxxw.exe
  2⤵
  PID:11116
- C:\Windows\System\KhTVoDb.exe
  C:\Windows\System\KhTVoDb.exe
  2⤵
  PID:11144
- C:\Windows\System\FbjYtsU.exe
  C:\Windows\System\FbjYtsU.exe
  2⤵
  PID:11172
- C:\Windows\System\jaXOoMa.exe
  C:\Windows\System\jaXOoMa.exe
  2⤵
  PID:11200
- C:\Windows\System\eisboeR.exe
  C:\Windows\System\eisboeR.exe
  2⤵
  PID:11228
- C:\Windows\System\YyPrNtB.exe
  C:\Windows\System\YyPrNtB.exe
  2⤵
  PID:11256
- C:\Windows\System\NYVjmEH.exe
  C:\Windows\System\NYVjmEH.exe
  2⤵
  PID:4332
- C:\Windows\System\SQUlQpE.exe
  C:\Windows\System\SQUlQpE.exe
  2⤵
  PID:4200
- C:\Windows\System\wZpMNdL.exe
  C:\Windows\System\wZpMNdL.exe
  2⤵
  PID:10304
- C:\Windows\System\CGOXiJL.exe
  C:\Windows\System\CGOXiJL.exe
  2⤵
  PID:10356
- C:\Windows\System\guztMxy.exe
  C:\Windows\System\guztMxy.exe
  2⤵
  PID:452
- C:\Windows\System\JvtLqSi.exe
  C:\Windows\System\JvtLqSi.exe
  2⤵
  PID:10448
- C:\Windows\System\BWmwyys.exe
  C:\Windows\System\BWmwyys.exe
  2⤵
  PID:4296
- C:\Windows\System\rWROWaz.exe
  C:\Windows\System\rWROWaz.exe
  2⤵
  PID:3640
- C:\Windows\System\rfBqTNy.exe
  C:\Windows\System\rfBqTNy.exe
  2⤵
  PID:3764
- C:\Windows\System\bFdvTya.exe
  C:\Windows\System\bFdvTya.exe
  2⤵
  PID:10632
- C:\Windows\System\ldXaude.exe
  C:\Windows\System\ldXaude.exe
  2⤵
  PID:10764
- C:\Windows\System\TfRZvqP.exe
  C:\Windows\System\TfRZvqP.exe
  2⤵
  PID:10832
- C:\Windows\System\OETplgv.exe
  C:\Windows\System\OETplgv.exe
  2⤵
  PID:10912
- C:\Windows\System\KOZVLMa.exe
  C:\Windows\System\KOZVLMa.exe
  2⤵
  PID:11012
- C:\Windows\System\wJLPEpk.exe
  C:\Windows\System\wJLPEpk.exe
  2⤵
  PID:1284
- C:\Windows\System\GeJYqvS.exe
  C:\Windows\System\GeJYqvS.exe
  2⤵
  PID:1660
- C:\Windows\System\IaHFZyv.exe
  C:\Windows\System\IaHFZyv.exe
  2⤵
  PID:11164
- C:\Windows\System\jdMberQ.exe
  C:\Windows\System\jdMberQ.exe
  2⤵
  PID:11244
- C:\Windows\System\QoWtZny.exe
  C:\Windows\System\QoWtZny.exe
  2⤵
  PID:10280
- C:\Windows\System\tYDIXsZ.exe
  C:\Windows\System\tYDIXsZ.exe
  2⤵
  PID:10380
- C:\Windows\System\paOzPce.exe
  C:\Windows\System\paOzPce.exe
  2⤵
  PID:10472
- C:\Windows\System\XRBtsYk.exe
  C:\Windows\System\XRBtsYk.exe
  2⤵
  PID:10564
- C:\Windows\System\sbjLUcC.exe
  C:\Windows\System\sbjLUcC.exe
  2⤵
  PID:10796
- C:\Windows\System\IVIlzPQ.exe
  C:\Windows\System\IVIlzPQ.exe
  2⤵
  PID:4620
- C:\Windows\System\eydvoAU.exe
  C:\Windows\System\eydvoAU.exe
  2⤵
  PID:11128
- C:\Windows\System\zDjghcr.exe
  C:\Windows\System\zDjghcr.exe
  2⤵
  PID:1576
- C:\Windows\System\DfyYRKH.exe
  C:\Windows\System\DfyYRKH.exe
  2⤵
  PID:10716
- C:\Windows\System\aevBlmC.exe
  C:\Windows\System\aevBlmC.exe
  2⤵
  PID:11196
- C:\Windows\System\evuxlxq.exe
  C:\Windows\System\evuxlxq.exe
  2⤵
  PID:11084
- C:\Windows\System\yYaYenT.exe
  C:\Windows\System\yYaYenT.exe
  2⤵
  PID:11272
- C:\Windows\System\MIiqDPf.exe
  C:\Windows\System\MIiqDPf.exe
  2⤵
  PID:11304
- C:\Windows\System\qUfwwKs.exe
  C:\Windows\System\qUfwwKs.exe
  2⤵
  PID:11332
- C:\Windows\System\EFLrhYl.exe
  C:\Windows\System\EFLrhYl.exe
  2⤵
  PID:11364
- C:\Windows\System\isEIVXT.exe
  C:\Windows\System\isEIVXT.exe
  2⤵
  PID:11396
- C:\Windows\System\eSCyfuT.exe
  C:\Windows\System\eSCyfuT.exe
  2⤵
  PID:11432
- C:\Windows\System\xiyMipf.exe
  C:\Windows\System\xiyMipf.exe
  2⤵
  PID:11460
- C:\Windows\System\xpybayD.exe
  C:\Windows\System\xpybayD.exe
  2⤵
  PID:11476
- C:\Windows\System\TpXEiLy.exe
  C:\Windows\System\TpXEiLy.exe
  2⤵
  PID:11520
- C:\Windows\System\KZDHMyj.exe
  C:\Windows\System\KZDHMyj.exe
  2⤵
  PID:11568
- C:\Windows\System\zViRkPc.exe
  C:\Windows\System\zViRkPc.exe
  2⤵
  PID:11596
- C:\Windows\System\SEvvvjV.exe
  C:\Windows\System\SEvvvjV.exe
  2⤵
  PID:11628
- C:\Windows\System\kwxbqZz.exe
  C:\Windows\System\kwxbqZz.exe
  2⤵
  PID:11656
- C:\Windows\System\xidOwRO.exe
  C:\Windows\System\xidOwRO.exe
  2⤵
  PID:11684
- C:\Windows\System\bNRVHPz.exe
  C:\Windows\System\bNRVHPz.exe
  2⤵
  PID:11724
- C:\Windows\System\djFqUDY.exe
  C:\Windows\System\djFqUDY.exe
  2⤵
  PID:11756
- C:\Windows\System\LmGEgSs.exe
  C:\Windows\System\LmGEgSs.exe
  2⤵
  PID:11784
- C:\Windows\System\aSjmLkP.exe
  C:\Windows\System\aSjmLkP.exe
  2⤵
  PID:11812
- C:\Windows\System\WNKLJaQ.exe
  C:\Windows\System\WNKLJaQ.exe
  2⤵
  PID:11840
- C:\Windows\System\goedtUu.exe
  C:\Windows\System\goedtUu.exe
  2⤵
  PID:11868
- C:\Windows\System\FxFcnxX.exe
  C:\Windows\System\FxFcnxX.exe
  2⤵
  PID:11896
- C:\Windows\System\Rrxwbak.exe
  C:\Windows\System\Rrxwbak.exe
  2⤵
  PID:11924
- C:\Windows\System\RQQGIXB.exe
  C:\Windows\System\RQQGIXB.exe
  2⤵
  PID:11952
- C:\Windows\System\ENJsHSJ.exe
  C:\Windows\System\ENJsHSJ.exe
  2⤵
  PID:11980
- C:\Windows\System\iBUEXTM.exe
  C:\Windows\System\iBUEXTM.exe
  2⤵
  PID:12028
- C:\Windows\System\PpsTJzE.exe
  C:\Windows\System\PpsTJzE.exe
  2⤵
  PID:12076
- C:\Windows\System\oJryOVi.exe
  C:\Windows\System\oJryOVi.exe
  2⤵
  PID:12112
- C:\Windows\System\XASxEqU.exe
  C:\Windows\System\XASxEqU.exe
  2⤵
  PID:12144
- C:\Windows\System\DEAPZxQ.exe
  C:\Windows\System\DEAPZxQ.exe
  2⤵
  PID:12172
- C:\Windows\System\JZzRTbF.exe
  C:\Windows\System\JZzRTbF.exe
  2⤵
  PID:12204
- C:\Windows\System\CkrFuMY.exe
  C:\Windows\System\CkrFuMY.exe
  2⤵
  PID:12232
- C:\Windows\System\dAnRjzV.exe
  C:\Windows\System\dAnRjzV.exe
  2⤵
  PID:12260
- C:\Windows\System\mPPFkdj.exe
  C:\Windows\System\mPPFkdj.exe
  2⤵
  PID:10720
- C:\Windows\System\GsNJzaQ.exe
  C:\Windows\System\GsNJzaQ.exe
  2⤵
  PID:11328
- C:\Windows\System\bsjVNRU.exe
  C:\Windows\System\bsjVNRU.exe
  2⤵
  PID:11412
- C:\Windows\System\NjWbySH.exe
  C:\Windows\System\NjWbySH.exe
  2⤵
  PID:11472
- C:\Windows\System\PQvzvCT.exe
  C:\Windows\System\PQvzvCT.exe
  2⤵
  PID:11560
- C:\Windows\System\SYRQWEf.exe
  C:\Windows\System\SYRQWEf.exe
  2⤵
  PID:11608
- C:\Windows\System\BLvLEZh.exe
  C:\Windows\System\BLvLEZh.exe
  2⤵
  PID:11676
- C:\Windows\System\cPINsbz.exe
  C:\Windows\System\cPINsbz.exe
  2⤵
  PID:11772
- C:\Windows\System\MRsOHlS.exe
  C:\Windows\System\MRsOHlS.exe
  2⤵
  PID:11836
- C:\Windows\System\vGBckZx.exe
  C:\Windows\System\vGBckZx.exe
  2⤵
  PID:11908
- C:\Windows\System\uRmEjMF.exe
  C:\Windows\System\uRmEjMF.exe
  2⤵
  PID:11992
- C:\Windows\System\JaGUyly.exe
  C:\Windows\System\JaGUyly.exe
  2⤵
  PID:12100
- C:\Windows\System\MccDEeO.exe
  C:\Windows\System\MccDEeO.exe
  2⤵
  PID:3408
- C:\Windows\System\jNlIosK.exe
  C:\Windows\System\jNlIosK.exe
  2⤵
  PID:11540
- C:\Windows\System\ThFgIrc.exe
  C:\Windows\System\ThFgIrc.exe
  2⤵
  PID:11672
- C:\Windows\System\MBxcDyl.exe
  C:\Windows\System\MBxcDyl.exe
  2⤵
  PID:11880
- C:\Windows\System\igrWWbA.exe
  C:\Windows\System\igrWWbA.exe
  2⤵
  PID:2144
- C:\Windows\System\kiprKsP.exe
  C:\Windows\System\kiprKsP.exe
  2⤵
  PID:10596
- C:\Windows\System\IfoxEdH.exe
  C:\Windows\System\IfoxEdH.exe
  2⤵
  PID:10604
- C:\Windows\System\QsgETNC.exe
  C:\Windows\System\QsgETNC.exe
  2⤵
  PID:10248
- C:\Windows\System\vbPqTue.exe
  C:\Windows\System\vbPqTue.exe
  2⤵
  PID:3980
- C:\Windows\System\oGYViIT.exe
  C:\Windows\System\oGYViIT.exe
  2⤵
  PID:11704
- C:\Windows\System\jsEFXTB.exe
  C:\Windows\System\jsEFXTB.exe
  2⤵
  PID:11500
- C:\Windows\System\CNYJhti.exe
  C:\Windows\System\CNYJhti.exe
  2⤵
  PID:11824
- C:\Windows\System\tazanze.exe
  C:\Windows\System\tazanze.exe
  2⤵
  PID:10608
- C:\Windows\System\ozAarCD.exe
  C:\Windows\System\ozAarCD.exe
  2⤵
  PID:10436
- C:\Windows\System\gXOqgJr.exe
  C:\Windows\System\gXOqgJr.exe
  2⤵
  PID:2200
- C:\Windows\System\nUuEZrV.exe
  C:\Windows\System\nUuEZrV.exe
  2⤵
  PID:4796
- C:\Windows\System\FMTpJuF.exe
  C:\Windows\System\FMTpJuF.exe
  2⤵
  PID:10884
- C:\Windows\System\PzcQUhV.exe
  C:\Windows\System\PzcQUhV.exe
  2⤵
  PID:12312
- C:\Windows\System\HTVZiGP.exe
  C:\Windows\System\HTVZiGP.exe
  2⤵
  PID:12340
- C:\Windows\System\PNHQedd.exe
  C:\Windows\System\PNHQedd.exe
  2⤵
  PID:12368
- C:\Windows\System\qSgnYLQ.exe
  C:\Windows\System\qSgnYLQ.exe
  2⤵
  PID:12400
- C:\Windows\System\XdPCSjn.exe
  C:\Windows\System\XdPCSjn.exe
  2⤵
  PID:12432
- C:\Windows\System\ItnKJOT.exe
  C:\Windows\System\ItnKJOT.exe
  2⤵
  PID:12460
- C:\Windows\System\CtunTSI.exe
  C:\Windows\System\CtunTSI.exe
  2⤵
  PID:12488
- C:\Windows\System\vFQlCVx.exe
  C:\Windows\System\vFQlCVx.exe
  2⤵
  PID:12516
- C:\Windows\System\qIpqjzy.exe
  C:\Windows\System\qIpqjzy.exe
  2⤵
  PID:12544
- C:\Windows\System\IzIZxhH.exe
  C:\Windows\System\IzIZxhH.exe
  2⤵
  PID:12572
- C:\Windows\System\gsuVCsQ.exe
  C:\Windows\System\gsuVCsQ.exe
  2⤵
  PID:12612
- C:\Windows\System\ebKFcij.exe
  C:\Windows\System\ebKFcij.exe
  2⤵
  PID:12628
- C:\Windows\System\VlUXIiS.exe
  C:\Windows\System\VlUXIiS.exe
  2⤵
  PID:12656
- C:\Windows\System\PtIDcvs.exe
  C:\Windows\System\PtIDcvs.exe
  2⤵
  PID:12684
- C:\Windows\System\osBpEwy.exe
  C:\Windows\System\osBpEwy.exe
  2⤵
  PID:12712
- C:\Windows\System\chUMoMr.exe
  C:\Windows\System\chUMoMr.exe
  2⤵
  PID:12740
- C:\Windows\System\CWMaHaU.exe
  C:\Windows\System\CWMaHaU.exe
  2⤵
  PID:12768
- C:\Windows\System\JhMEifL.exe
  C:\Windows\System\JhMEifL.exe
  2⤵
  PID:12796
- C:\Windows\System\LhxYBbc.exe
  C:\Windows\System\LhxYBbc.exe
  2⤵
  PID:12824
- C:\Windows\System\xujdyUG.exe
  C:\Windows\System\xujdyUG.exe
  2⤵
  PID:12852
- C:\Windows\System\NtcThna.exe
  C:\Windows\System\NtcThna.exe
  2⤵
  PID:12880
- C:\Windows\System\vBoinTt.exe
  C:\Windows\System\vBoinTt.exe
  2⤵
  PID:12916
- C:\Windows\System\aUNleuc.exe
  C:\Windows\System\aUNleuc.exe
  2⤵
  PID:12944
- C:\Windows\System\mDVlyVr.exe
  C:\Windows\System\mDVlyVr.exe
  2⤵
  PID:12972
- C:\Windows\System\DPXdPOH.exe
  C:\Windows\System\DPXdPOH.exe
  2⤵
  PID:13000
- C:\Windows\System\zblyFeb.exe
  C:\Windows\System\zblyFeb.exe
  2⤵
  PID:13028
- C:\Windows\System\wHiTmHx.exe
  C:\Windows\System\wHiTmHx.exe
  2⤵
  PID:13056
- C:\Windows\System\oqSPWzj.exe
  C:\Windows\System\oqSPWzj.exe
  2⤵
  PID:13084
- C:\Windows\System\rpCdpHH.exe
  C:\Windows\System\rpCdpHH.exe
  2⤵
  PID:13112
- C:\Windows\System\RoCTZdr.exe
  C:\Windows\System\RoCTZdr.exe
  2⤵
  PID:13140
- C:\Windows\System\cqLkmCH.exe
  C:\Windows\System\cqLkmCH.exe
  2⤵
  PID:13196
- C:\Windows\System\kUIaFfH.exe
  C:\Windows\System\kUIaFfH.exe
  2⤵
  PID:13224
- C:\Windows\System\iURXQPF.exe
  C:\Windows\System\iURXQPF.exe
  2⤵
  PID:13256
- C:\Windows\System\ObwBCet.exe
  C:\Windows\System\ObwBCet.exe
  2⤵
  PID:13292
- C:\Windows\System\rPPwiIX.exe
  C:\Windows\System\rPPwiIX.exe
  2⤵
  PID:12364
- C:\Windows\System\MyrhFTc.exe
  C:\Windows\System\MyrhFTc.exe
  2⤵
  PID:12444
- C:\Windows\System\PwtvzmN.exe
  C:\Windows\System\PwtvzmN.exe
  2⤵
  PID:12508
- C:\Windows\System\kfTlWlh.exe
  C:\Windows\System\kfTlWlh.exe
  2⤵
  PID:12568
- C:\Windows\System\EtgfAOG.exe
  C:\Windows\System\EtgfAOG.exe
  2⤵
  PID:12676
- C:\Windows\System\CuVPCWs.exe
  C:\Windows\System\CuVPCWs.exe
  2⤵
  PID:12724
- C:\Windows\System\IYvMBwt.exe
  C:\Windows\System\IYvMBwt.exe
  2⤵
  PID:12760
- C:\Windows\System\oAFTxyb.exe
  C:\Windows\System\oAFTxyb.exe
  2⤵
  PID:12836
- C:\Windows\System\CVfnYJV.exe
  C:\Windows\System\CVfnYJV.exe
  2⤵
  PID:12876
- C:\Windows\System\TOfpeCV.exe
  C:\Windows\System\TOfpeCV.exe
  2⤵
  PID:4708
- C:\Windows\System\jULrPLb.exe
  C:\Windows\System\jULrPLb.exe
  2⤵
  PID:13124
- C:\Windows\System\yZxhFCd.exe
  C:\Windows\System\yZxhFCd.exe
  2⤵
  PID:12284
- C:\Windows\System\nJcMMDx.exe
  C:\Windows\System\nJcMMDx.exe
  2⤵
  PID:11452
- C:\Windows\System\zMjxloi.exe
  C:\Windows\System\zMjxloi.exe
  2⤵
  PID:11316
- C:\Windows\System\gNJGcZW.exe
  C:\Windows\System\gNJGcZW.exe
  2⤵
  PID:13132
- C:\Windows\System\DYqLWag.exe
  C:\Windows\System\DYqLWag.exe
  2⤵
  PID:13236
- C:\Windows\System\sLaCCYf.exe
  C:\Windows\System\sLaCCYf.exe
  2⤵
  PID:13288
- C:\Windows\System\LKymYMy.exe
  C:\Windows\System\LKymYMy.exe
  2⤵
  PID:12536
- C:\Windows\System\rglaAOi.exe
  C:\Windows\System\rglaAOi.exe
  2⤵
  PID:12300
- C:\Windows\System\wjaZSKs.exe
  C:\Windows\System\wjaZSKs.exe
  2⤵
  PID:4100
- C:\Windows\System\ICtUPqc.exe
  C:\Windows\System\ICtUPqc.exe
  2⤵
  PID:12816
- C:\Windows\System\xaZnlog.exe
  C:\Windows\System\xaZnlog.exe
  2⤵
  PID:12928
- C:\Windows\System\gzZrafy.exe
  C:\Windows\System\gzZrafy.exe
  2⤵
  PID:12224
- C:\Windows\System\VsdotIN.exe
  C:\Windows\System\VsdotIN.exe
  2⤵
  PID:11752
- C:\Windows\System\xyEZwmn.exe
  C:\Windows\System\xyEZwmn.exe
  2⤵
  PID:13220
- C:\Windows\System\jWmbUPq.exe
  C:\Windows\System\jWmbUPq.exe
  2⤵
  PID:13108
- C:\Windows\System\hYkolQB.exe
  C:\Windows\System\hYkolQB.exe
  2⤵
  PID:12256
- C:\Windows\System\GLjNujW.exe
  C:\Windows\System\GLjNujW.exe
  2⤵
  PID:13248
- C:\Windows\System\omHZIYK.exe
  C:\Windows\System\omHZIYK.exe
  2⤵
  PID:13104
- C:\Windows\System\FTHiGIZ.exe
  C:\Windows\System\FTHiGIZ.exe
  2⤵
  PID:12192
- C:\Windows\System\oGXFeVz.exe
  C:\Windows\System\oGXFeVz.exe
  2⤵
  PID:12304
- C:\Windows\System\VYkZZMP.exe
  C:\Windows\System\VYkZZMP.exe
  2⤵
  PID:12956
- C:\Windows\System\CRJnOlS.exe
  C:\Windows\System\CRJnOlS.exe
  2⤵
  PID:13080
- C:\Windows\System\OUALltM.exe
  C:\Windows\System\OUALltM.exe
  2⤵
  PID:13320
- C:\Windows\System\QUDBVHs.exe
  C:\Windows\System\QUDBVHs.exe
  2⤵
  PID:13348
- C:\Windows\System\gqGktSg.exe
  C:\Windows\System\gqGktSg.exe
  2⤵
  PID:13376
- C:\Windows\System\IdKYERX.exe
  C:\Windows\System\IdKYERX.exe
  2⤵
  PID:13404
- C:\Windows\System\vsMJkLA.exe
  C:\Windows\System\vsMJkLA.exe
  2⤵
  PID:13432
- C:\Windows\System\aFWuiuI.exe
  C:\Windows\System\aFWuiuI.exe
  2⤵
  PID:13472
- C:\Windows\System\McTsbjq.exe
  C:\Windows\System\McTsbjq.exe
  2⤵
  PID:13488
- C:\Windows\System\uCSwJKG.exe
  C:\Windows\System\uCSwJKG.exe
  2⤵
  PID:13516
- C:\Windows\System\ZsnuFAz.exe
  C:\Windows\System\ZsnuFAz.exe
  2⤵
  PID:13544
- C:\Windows\System\yswBBye.exe
  C:\Windows\System\yswBBye.exe
  2⤵
  PID:13572
- C:\Windows\System\UKkfLmi.exe
  C:\Windows\System\UKkfLmi.exe
  2⤵
  PID:13600
- C:\Windows\System\qzMaiKq.exe
  C:\Windows\System\qzMaiKq.exe
  2⤵
  PID:13628
- C:\Windows\System\uBaDdTD.exe
  C:\Windows\System\uBaDdTD.exe
  2⤵
  PID:13656
- C:\Windows\System\gKkHhsR.exe
  C:\Windows\System\gKkHhsR.exe
  2⤵
  PID:13684
- C:\Windows\System\DOwYEhO.exe
  C:\Windows\System\DOwYEhO.exe
  2⤵
  PID:13712
- C:\Windows\System\wbYVVLJ.exe
  C:\Windows\System\wbYVVLJ.exe
  2⤵
  PID:13740
- C:\Windows\System\blFWTgf.exe
  C:\Windows\System\blFWTgf.exe
  2⤵
  PID:13768
- C:\Windows\System\iCZsfxP.exe
  C:\Windows\System\iCZsfxP.exe
  2⤵
  PID:13800
- C:\Windows\System\GMmztcD.exe
  C:\Windows\System\GMmztcD.exe
  2⤵
  PID:13828
- C:\Windows\System\IfJNiRK.exe
  C:\Windows\System\IfJNiRK.exe
  2⤵
  PID:13856
- C:\Windows\System\tYxuCdd.exe
  C:\Windows\System\tYxuCdd.exe
  2⤵
  PID:13884
- C:\Windows\System\tqJjijC.exe
  C:\Windows\System\tqJjijC.exe
  2⤵
  PID:13912
- C:\Windows\System\lLLaEDr.exe
  C:\Windows\System\lLLaEDr.exe
  2⤵
  PID:13940
- C:\Windows\System\afeoNof.exe
  C:\Windows\System\afeoNof.exe
  2⤵
  PID:13968
- C:\Windows\System\WamqILF.exe
  C:\Windows\System\WamqILF.exe
  2⤵
  PID:13996
- C:\Windows\System\Sbgaaeo.exe
  C:\Windows\System\Sbgaaeo.exe
  2⤵
  PID:14024
- C:\Windows\System\AQldZUt.exe
  C:\Windows\System\AQldZUt.exe
  2⤵
  PID:14052
- C:\Windows\System\iQZkiUN.exe
  C:\Windows\System\iQZkiUN.exe
  2⤵
  PID:14080
- C:\Windows\System\rmXMqhX.exe
  C:\Windows\System\rmXMqhX.exe
  2⤵
  PID:14108
- C:\Windows\System\zHJyuck.exe
  C:\Windows\System\zHJyuck.exe
  2⤵
  PID:14136
- C:\Windows\System\aFuegix.exe
  C:\Windows\System\aFuegix.exe
  2⤵
  PID:14164
- C:\Windows\System\cbNxkun.exe
  C:\Windows\System\cbNxkun.exe
  2⤵
  PID:14196
- C:\Windows\System\maOmQfI.exe
  C:\Windows\System\maOmQfI.exe
  2⤵
  PID:14224
- C:\Windows\System\LNkTSVK.exe
  C:\Windows\System\LNkTSVK.exe
  2⤵
  PID:14252
- C:\Windows\System\EbtHjJi.exe
  C:\Windows\System\EbtHjJi.exe
  2⤵
  PID:14284
- C:\Windows\System\YmqUwgw.exe
  C:\Windows\System\YmqUwgw.exe
  2⤵
  PID:14324
- C:\Windows\System\HKGqStB.exe
  C:\Windows\System\HKGqStB.exe
  2⤵
  PID:13316
- C:\Windows\System\aHGlSqv.exe
  C:\Windows\System\aHGlSqv.exe
  2⤵
  PID:13388
- C:\Windows\System\XQMnPYD.exe
  C:\Windows\System\XQMnPYD.exe
  2⤵
  PID:13428
- C:\Windows\System\XaykIrT.exe
  C:\Windows\System\XaykIrT.exe
  2⤵
  PID:13244
- C:\Windows\System\mYoJzAX.exe
  C:\Windows\System\mYoJzAX.exe
  2⤵
  PID:13280
- C:\Windows\System\hLxxFcV.exe
  C:\Windows\System\hLxxFcV.exe
  2⤵
  PID:13164
- C:\Windows\System\NHrFLTl.exe
  C:\Windows\System\NHrFLTl.exe
  2⤵
  PID:13528
- C:\Windows\System\BMLMvuW.exe
  C:\Windows\System\BMLMvuW.exe
  2⤵
  PID:13564
- C:\Windows\System\FLxaDTz.exe
  C:\Windows\System\FLxaDTz.exe
  2⤵
  PID:13624
- C:\Windows\System\eRWhucp.exe
  C:\Windows\System\eRWhucp.exe
  2⤵
  PID:13696
- C:\Windows\System\niYXbLK.exe
  C:\Windows\System\niYXbLK.exe
  2⤵
  PID:13760
- C:\Windows\System\aXKaclj.exe
  C:\Windows\System\aXKaclj.exe
  2⤵
  PID:13824
- C:\Windows\System\rYLkgjO.exe
  C:\Windows\System\rYLkgjO.exe
  2⤵
  PID:13880
- C:\Windows\System\vcZoKsb.exe
  C:\Windows\System\vcZoKsb.exe
  2⤵
  PID:13952
- C:\Windows\System\NMgPcqb.exe
  C:\Windows\System\NMgPcqb.exe
  2⤵
  PID:14016
- C:\Windows\System\gsJseUR.exe
  C:\Windows\System\gsJseUR.exe
  2⤵
  PID:14076
- C:\Windows\System\GDWqyhA.exe
  C:\Windows\System\GDWqyhA.exe
  2⤵
  PID:14128
- C:\Windows\System\gQKJojF.exe
  C:\Windows\System\gQKJojF.exe
  2⤵
  PID:14172
- C:\Windows\System\PboaNOL.exe
  C:\Windows\System\PboaNOL.exe
  2⤵
  PID:14184
- C:\Windows\System\mNbETrR.exe
  C:\Windows\System\mNbETrR.exe
  2⤵
  PID:1968
- C:\Windows\System\tCKRHlm.exe
  C:\Windows\System\tCKRHlm.exe
  2⤵
  PID:14116
- C:\Windows\System\hbHcIOE.exe
  C:\Windows\System\hbHcIOE.exe
  2⤵
  PID:13344
- C:\Windows\System\rwPnrAa.exe
  C:\Windows\System\rwPnrAa.exe
  2⤵
  PID:13184
- C:\Windows\System\lcdEVvF.exe
  C:\Windows\System\lcdEVvF.exe
  2⤵
  PID:13456
- C:\Windows\System\jUVMSlO.exe
  C:\Windows\System\jUVMSlO.exe
  2⤵
  PID:3300
- C:\Windows\System\dgfKCAo.exe
  C:\Windows\System\dgfKCAo.exe
  2⤵
  PID:2880
- C:\Windows\System\cARHGbr.exe
  C:\Windows\System\cARHGbr.exe
  2⤵
  PID:13680
- C:\Windows\System\YeJwToA.exe
  C:\Windows\System\YeJwToA.exe
  2⤵
  PID:13796
- C:\Windows\System\vxYkzIH.exe
  C:\Windows\System\vxYkzIH.exe
  2⤵
  PID:13908
- C:\Windows\System\nMFSFWu.exe
  C:\Windows\System\nMFSFWu.exe
  2⤵
  PID:4800
- C:\Windows\System\nGobeCO.exe
  C:\Windows\System\nGobeCO.exe
  2⤵
  PID:4552
- C:\Windows\System\yYAdTlI.exe
  C:\Windows\System\yYAdTlI.exe
  2⤵
  PID:14064
- C:\Windows\System\dcnnltE.exe
  C:\Windows\System\dcnnltE.exe
  2⤵
  PID:2928
- C:\Windows\System\HBrnCDe.exe
  C:\Windows\System\HBrnCDe.exe
  2⤵
  PID:1460
- C:\Windows\System\HwKfuGs.exe
  C:\Windows\System\HwKfuGs.exe
  2⤵
  PID:4256
- C:\Windows\System\hhMDuTZ.exe
  C:\Windows\System\hhMDuTZ.exe
  2⤵
  PID:4752
- C:\Windows\System\hBEwLzj.exe
  C:\Windows\System\hBEwLzj.exe
  2⤵
  PID:1452
- C:\Windows\System\FQeuhho.exe
  C:\Windows\System\FQeuhho.exe
  2⤵
  PID:1032
- C:\Windows\System\sxwOPpB.exe
  C:\Windows\System\sxwOPpB.exe
  2⤵
  PID:14332
- C:\Windows\System\ZxTNLvp.exe
  C:\Windows\System\ZxTNLvp.exe
  2⤵
  PID:2552
- C:\Windows\System\PGHuihd.exe
  C:\Windows\System\PGHuihd.exe
  2⤵
  PID:3968
- C:\Windows\System\aByBIXi.exe
  C:\Windows\System\aByBIXi.exe
  2⤵
  PID:4976
- C:\Windows\System\OdkoIcE.exe
  C:\Windows\System\OdkoIcE.exe
  2⤵
  PID:2920
- C:\Windows\System\XQSdGaw.exe
  C:\Windows\System\XQSdGaw.exe
  2⤵
  PID:13868
- C:\Windows\System\WhIQqtP.exe
  C:\Windows\System\WhIQqtP.exe
  2⤵
  PID:14044
- C:\Windows\System\KJgbKjg.exe
  C:\Windows\System\KJgbKjg.exe
  2⤵
  PID:376
- C:\Windows\System\DjjSbhj.exe
  C:\Windows\System\DjjSbhj.exe
  2⤵
  PID:14236
- C:\Windows\System\WznCvqy.exe
  C:\Windows\System\WznCvqy.exe
  2⤵
  PID:4916
- C:\Windows\System\HGbtWgD.exe
  C:\Windows\System\HGbtWgD.exe
  2⤵
  PID:4912
- C:\Windows\System\fYZtvOd.exe
  C:\Windows\System\fYZtvOd.exe
  2⤵
  PID:1420
- C:\Windows\System\wimneyD.exe
  C:\Windows\System\wimneyD.exe
  2⤵
  PID:13424
- C:\Windows\System\aBpIEMF.exe
  C:\Windows\System\aBpIEMF.exe
  2⤵
  PID:5152
- C:\Windows\System\QejOwii.exe
  C:\Windows\System\QejOwii.exe
  2⤵
  PID:2608
- C:\Windows\System\ujsuTax.exe
  C:\Windows\System\ujsuTax.exe
  2⤵
  PID:13876
- C:\Windows\System\iDSHtAA.exe
  C:\Windows\System\iDSHtAA.exe
  2⤵
  PID:5252
- C:\Windows\System\DuAUEIG.exe
  C:\Windows\System\DuAUEIG.exe
  2⤵
  PID:2080
- C:\Windows\System\olpISew.exe
  C:\Windows\System\olpISew.exe
  2⤵
  PID:960
- C:\Windows\System\MFplLfG.exe
  C:\Windows\System\MFplLfG.exe
  2⤵
  PID:2888
- C:\Windows\System\untTUsA.exe
  C:\Windows\System\untTUsA.exe
  2⤵
  PID:5392
- C:\Windows\System\GJniznP.exe
  C:\Windows\System\GJniznP.exe
  2⤵
  PID:5192
- C:\Windows\System\xdFjelW.exe
  C:\Windows\System\xdFjelW.exe
  2⤵
  PID:5468
- C:\Windows\System\qIOeKgV.exe
  C:\Windows\System\qIOeKgV.exe
  2⤵
  PID:14104
- C:\Windows\System\ReHggEE.exe
  C:\Windows\System\ReHggEE.exe
  2⤵
  PID:5564
- C:\Windows\System\UIuaecd.exe
  C:\Windows\System\UIuaecd.exe
  2⤵
  PID:5592
- C:\Windows\System\Sjagqho.exe
  C:\Windows\System\Sjagqho.exe
  2⤵
  PID:1816
- C:\Windows\System\oJCixpM.exe
  C:\Windows\System\oJCixpM.exe
  2⤵
  PID:4380
- C:\Windows\System\nMBtQNr.exe
  C:\Windows\System\nMBtQNr.exe
  2⤵
  PID:5708
- C:\Windows\System\twgwkAX.exe
  C:\Windows\System\twgwkAX.exe
  2⤵
  PID:2672
- C:\Windows\System\NEOFPkE.exe
  C:\Windows\System\NEOFPkE.exe
  2⤵
  PID:5796
- C:\Windows\System\FEJtQpB.exe
  C:\Windows\System\FEJtQpB.exe
  2⤵
  PID:5496
- C:\Windows\System\SfgXcAC.exe
  C:\Windows\System\SfgXcAC.exe
  2⤵
  PID:1508
- C:\Windows\System\cKEhBTX.exe
  C:\Windows\System\cKEhBTX.exe
  2⤵
  PID:5912
- C:\Windows\System\QLaiMxS.exe
  C:\Windows\System\QLaiMxS.exe
  2⤵
  PID:5948
- C:\Windows\System\wQABehr.exe
  C:\Windows\System\wQABehr.exe
  2⤵
  PID:5456
- C:\Windows\System\HscfmJY.exe
  C:\Windows\System\HscfmJY.exe
  2⤵
  PID:6020
- C:\Windows\System\yQONfao.exe
  C:\Windows\System\yQONfao.exe
  2⤵
  PID:2228
- C:\Windows\System\ANICWbu.exe
  C:\Windows\System\ANICWbu.exe
  2⤵
  PID:5972
- C:\Windows\System\ehocxWR.exe
  C:\Windows\System\ehocxWR.exe
  2⤵
  PID:14368
- C:\Windows\System\haUYebT.exe
  C:\Windows\System\haUYebT.exe
  2⤵
  PID:14396
- C:\Windows\System\ctlpmYJ.exe
  C:\Windows\System\ctlpmYJ.exe
  2⤵
  PID:14424
- C:\Windows\System\YaiVMqp.exe
  C:\Windows\System\YaiVMqp.exe
  2⤵
  PID:14440
- C:\Windows\System\VQoXIly.exe
  C:\Windows\System\VQoXIly.exe
  2⤵
  PID:14480
- C:\Windows\System\embirpB.exe
  C:\Windows\System\embirpB.exe
  2⤵
  PID:14520
- C:\Windows\System\ZdyaKXw.exe
  C:\Windows\System\ZdyaKXw.exe
  2⤵
  PID:14536
- C:\Windows\System\ryIvwcI.exe
  C:\Windows\System\ryIvwcI.exe
  2⤵
  PID:14564
- C:\Windows\System\aXFbbHw.exe
  C:\Windows\System\aXFbbHw.exe
  2⤵
  PID:14592
- C:\Windows\System\ZfGsVZA.exe
  C:\Windows\System\ZfGsVZA.exe
  2⤵
  PID:14620
- C:\Windows\System\HtxSEnU.exe
  C:\Windows\System\HtxSEnU.exe
  2⤵
  PID:14652
- C:\Windows\System\DGXCyqz.exe
  C:\Windows\System\DGXCyqz.exe
  2⤵
  PID:14668
- C:\Windows\System\OSUQDcI.exe
  C:\Windows\System\OSUQDcI.exe
  2⤵
  PID:14712
- C:\Windows\System\IiLqkEd.exe
  C:\Windows\System\IiLqkEd.exe
  2⤵
  PID:14768
- C:\Windows\System\DDieYtd.exe
  C:\Windows\System\DDieYtd.exe
  2⤵
  PID:14784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BALJRrj.exe

Filesize
5.9MB

MD5
bd0dd13a26ad5d88da1576a0615bed38

SHA1
31dc50d4b56a254e44f27bb03f56817f59030820

SHA256
7556be6f97d2127ada33963ebf794728f480ac17d10f2914b1845debeea7d82d

SHA512
d8aa7c36397f5d418c60f03d16362458b17d0f1ba0f9a7ec903f8c9190574443445eede72a34f525b6cd470cd3e61aff0977e4f2d7aa49c31fa8e910b98d75eb

Download Submit
C:\Windows\System\BSgrHaM.exe

Filesize
5.9MB

MD5
eac59dc55152da4224d3fa443c570cb6

SHA1
f6a3dbf57dc3272e4fdd6a29ea699e8ae3659003

SHA256
110b440fe6d1959b641f81909dce6704042cc149eeae5022f78c97b8206dae71

SHA512
85ce695a238bcde65a44df359c021c4586a79a0e24b3e0483b164aa7016e80e523b278ca1b63d2fc49d3571b977d7ebe7cf40e7709854abd3cff2b4ed0e8b3b4

Download Submit
C:\Windows\System\BkhVFPU.exe

Filesize
5.9MB

MD5
a56d44722c1ecbcd2dd71b98a77c8c83

SHA1
75eb5c5e5656ae3f7f5ee8bb3000f9562c9cfdd5

SHA256
742d7ec70026e584f5e099b27a18a745f239e62c51378a4e4b4114cd05449695

SHA512
a44fcca1d02f37ec19637fc7d1d7183cbd6386f3dd7f6b447a712379bf0922a0e0091d5f4eab3c07b52208f20437351d7239a8d04f94732473f2a7ae5d5daaee

Download Submit
C:\Windows\System\EjvjTEt.exe

Filesize
5.9MB

MD5
8bb00a55c467d4958311921052f87818

SHA1
d7cbb6832af7e20d55dc1075dad836e4c3687cfa

SHA256
f106c824fd5ad89caaff6c90f4519e3ef01e53266ca1f4819fca0f50357b719a

SHA512
b55ecf4512b0a1b9855bcfa65dfb8f63ea22b1d0069f7a102ee7851248c9cc90b4a704aef07bd51c339e1ee7f4b3d23b968493d6a039e1c2cd19258653e3840e

Download Submit
C:\Windows\System\FURHXSH.exe

Filesize
5.9MB

MD5
8df731d37cda1acab3cb6e70f8545e62

SHA1
3255a810514c2966156176028e0d2fe7a6f064f0

SHA256
29b092a5133b8c881cb221a4f8dbdcdcac3b8199489bb668951d117ba60732ef

SHA512
e4351966319ab2a3c41e4fce104e59503a12e0c184b6798859c63eadac5be6ecbd02c16f3971b1705b63211976ccd2b2d6d7310a7058ff3f2990f79a3170277f

Download Submit
C:\Windows\System\HupSZkU.exe

Filesize
5.9MB

MD5
8b0aa59fd5dcbb10719c55db54165272

SHA1
9d8da88d1b70364336a6626ef8f3c533c4484634

SHA256
ca44a1f5a8e4b7e81ad8dfd5f2b16c2f9a70f2934156ff1db9dede0d8f890ba0

SHA512
8fce9c00fcc37bcfd3162310249849cb6f3bd6c95e5ce89e384e7772d21e975f2ebe0d99a54fafc31f07314a6db5449c1450d2b1c9b96ebed05d8ff064beb7ff

Download Submit
C:\Windows\System\JMbLASI.exe

Filesize
5.9MB

MD5
f5d3b84db5126a12d67b9bdb8433b96f

SHA1
0302ddac46b0c2605b13038cebb181c14b03d645

SHA256
0b6d809b39666be502d0917a3e6289fefbec80db9b77071e237c7eb08986c6cc

SHA512
65b9021896e645dd8749ccec61aed555c0651941dec02b6a4ce44765ac410ce532b52979e478ddd20f2787caf95ec51b7f0fa47de06c93b5d9c8c61a8c2f2eac

Download Submit
C:\Windows\System\MnIqKFb.exe

Filesize
5.9MB

MD5
0d105c40187be01926b1eba5e2b5aaa2

SHA1
2178bdceda1c3904825b5513d7f3014222d2f439

SHA256
8da7daa9aac5812b580cb07cfbf346d472683bdc1a53675f44ced4e50af83443

SHA512
c62cc3ca93c7eb58c92a018cac73385d60b57089a7f52b04ffae93a670b07f54f1298fcd51bbfeaf99a15ded11724e2d831b8df85f6512540ad44ec09c1772af

Download Submit
C:\Windows\System\OWUMOqd.exe

Filesize
5.9MB

MD5
430038e0f04a2d213f68ec537c2077c2

SHA1
724f5287b79d2983a534b92e7298ce201a82e35b

SHA256
d48eb141c4df51113fc2bddb1e30790dfd1efa6282d3f4a6fa1a504181b89b89

SHA512
95e56cf89d357726c95c42426ce02a497d8600e28ab4e13ce6427b870c06c9732c89de39bbc6332b7acc2fd1c3a4c53c52411307e39e96cf69d9917d78555e96

Download Submit
C:\Windows\System\RfOfMnI.exe

Filesize
5.9MB

MD5
c3d312e7e1ca74bf8cf9533a74eae8c4

SHA1
bb0a5723acc9102676606960218ecc27123e31ad

SHA256
3444d1e9e75884204d4292e28cd3827e9334ee4924ab7a180e117d3626f079a0

SHA512
94cfa0214366df874dd064c287d6db01ffc30f02a41ea4c937fb0be6ebd3099b29c1cbab9462d3a3df44079aaff71a2320b28bef1ea837bed42faf59ed6e1413

Download Submit
C:\Windows\System\UzXywFp.exe

Filesize
5.9MB

MD5
52aaf3a3aa66cb1d4803184784ea0dc4

SHA1
1c1cf8307f6e8e5851fee238f27afe8ee3f0be5f

SHA256
d328eb73693498d92e95e31fd07a1f85c804580aecd1164206d9f2f75317a648

SHA512
c1a58c65c98bcb63e82d76ee07454597999ee54d0bdc439387312e3c3d8b7d7afbd16b1ff3bb59d46c25624c6a39bf2fadea1f1cfd10169826a40f50290ad216

Download Submit
C:\Windows\System\YEBarFX.exe

Filesize
5.9MB

MD5
5098eb7da84f5ffc876f5717fefb240e

SHA1
d79edf79250dad67f08df619ec8a21859b03315b

SHA256
3f51b71e37ace600f2c081fac8a61b9393013e95d7fb386eca9d0feedc70be84

SHA512
f138ce56ab1ff732a256b2e7a9188e92b059ef6c9c2050c87a8b7c48e017fbdcb6d632caaf3fa5651c7680a6b09e5e92d954cd861644d739e185404d13156426

Download Submit
C:\Windows\System\YHpNqKP.exe

Filesize
5.9MB

MD5
ec46530a5b70c5ad81ca141ca4eb39f8

SHA1
de1712775b0fda3c01262dda51e737465c30e84c

SHA256
24b2790f4854da86aa7a9009f93297dc7300a802a1f112dc1085443f51b71e57

SHA512
f9a4cf1c78923716343adb268058c8538afd8a7ba65b577e1600235b7da2ce97b7d6f4b8b91d29254df8fdc98c1e0eabd5b2c24d2e10c3f06e4bb391598b8df6

Download Submit
C:\Windows\System\bHrXYeY.exe

Filesize
5.9MB

MD5
4382cd03725df05a7666d161bfd60d4e

SHA1
5749428594b965f4ddb21481848ace25838ba889

SHA256
4bb8200f6f55752880d9f0301b28ed78adbeaf06e800f5b7e46d32dad154cce5

SHA512
fc364bde67554b6b2005b4fb3988fb5633a052a4ebb100c71e85d0a45895a8f673806619764a0fa9f6e601566212de4982fd6925375527b7a26c0b9fa137891a

Download Submit
C:\Windows\System\dRpUUIx.exe

Filesize
5.9MB

MD5
2c1fd607e144ee1b6d1c127cc9830b92

SHA1
875782eec72c9c1e6f9eeb394a5bafadcf93a45b

SHA256
782c1ecf95be8309cfe8f664bab4a98c96dab2cee6948eb86253a006cf41803a

SHA512
3293e43733216052bf291ebf7b36c67cbb98ee19f5fa7d71334cf45f1e5b1eba00d6ae3d5aae882177eef9f02b23a6b19b074345dfd311dc844bf126cc4b62ff

Download Submit
C:\Windows\System\dhiVQJm.exe

Filesize
5.9MB

MD5
a29139b635d8d0d9acae882e03dfb37d

SHA1
81d6814cceaf9e4203452526f56d8ed517d7dca0

SHA256
f30053e5afb63601429b223bd395bf7db9e15f3ff795fe03b864065b844f66f2

SHA512
36f962f99952bc43a473c2dc61a8304aef9d80f28e8e848bd55279660af9ce4b6d55e4c17a98e87a85f88a42023932cdf45ca91f3d5bfa5a5c10784839ba37e1

Download Submit
C:\Windows\System\hJqPfwT.exe

Filesize
5.9MB

MD5
6f40c5dbd46935de1afc38342b56f11c

SHA1
b56413ede12c7e5cb8e13ee14c1350cb9dce5468

SHA256
29a449c09c751330ef6857c7a4c3a35123f6a9761c8277dc9de7520d74b3d836

SHA512
b9c935f4b0a90854d2805099d732b75d87d3b55b99c6e5eeadcbe635182c26a661609c4560a1a0796e20177c66527742f4892a45aceb81bc4ebbec1a5a5a4173

Download Submit
C:\Windows\System\hNaEeix.exe

Filesize
5.9MB

MD5
c72221133c23f9418addb2840acced8d

SHA1
f0062e05190fe17774e54ab41ce2ffcb59663a90

SHA256
03f364d022cdfc5c6ca37973f8b7ee63cffeb42f83b6231035bd583072dccfc1

SHA512
9dc7bf49613bbb7f43356b80089c4ab97f8e78efccb6d0e2a3d217ae27b3896240659175f7dae916265f3975f7a092c73a2f3e7501ba05cf5c22cbb8bc8b19e3

Download Submit
C:\Windows\System\hZjWmEm.exe

Filesize
5.9MB

MD5
a929253391d78a28a8dea189821e48cb

SHA1
2dace3d814dc0cdb0237b0d6fd951a42c3801285

SHA256
49d632178590367990e34173e27b64adf9e5cd277b33ff6492862c67cbe33049

SHA512
755f3219637a268b28842d42069447ceed9a37462b3f7efcb1730ab475a71483806f877ccc2435cd3559c36d80d65e0e519696c5599e179ec8e3c40cd2127775

Download Submit
C:\Windows\System\iduxtxj.exe

Filesize
5.9MB

MD5
aa1d06316f6ea1399343ecd245d5eb95

SHA1
a958f6dc7b73ecbc3b71e8f7662f19b7b5b6664c

SHA256
a60abe3ce11dba4572c69a0778faadefcd28c0f3e1f2811f1e40532754ef9dee

SHA512
a05b63c52563a3f77dcbecd6da600854d907e25d5844e298d4b6c1ebefadf5f805f998d89a97910473ba031c1f281b7206b320070bb6259a7d87001cbee48618

Download Submit
C:\Windows\System\kHHQyac.exe

Filesize
5.9MB

MD5
3eb19d59ecfef3bd2c3ef151b46838d8

SHA1
f9050b9e5096af6ea5d9132b34dfa2d3a392cd2a

SHA256
cb8603d08068fa3d73af70c80d2e616a1a212ec90be02656ca940667de86eef2

SHA512
1439d29b99359283941017e2acb7cf03854432a12513de352a8903e3c353b36f4642582dd7f4a6886364aecd86ec289081143e7cf1e6619b758233cb61ae36c1

Download Submit
C:\Windows\System\lckSyJC.exe

Filesize
5.9MB

MD5
bddd9f9006e8e6df7ff39cf23cf31af6

SHA1
7a67a07c2a6d879ae984ed65b5d1a8effbb6ed49

SHA256
0534bed153f0222d3eb035682f9388fdc08d0d9a02f211c5b48bab2acd57412f

SHA512
488514b35831267de9259d23a7e9c394211ebd4e2fabd152b4fee367a3e92df2df5ebe3b07391073220aa42f5869b4749ec3920ed1b7e3136063da0224441558

Download Submit
C:\Windows\System\lidqAKF.exe

Filesize
5.9MB

MD5
84f956a949b3ba10b5f8d50f4f564264

SHA1
95ea6a6b366afa693c5af8d44b14c65ca581ac6e

SHA256
077a9813746549c57e8cb9d086c5826585396f45507a0ffd262453fd692ba2b0

SHA512
c7c66478433bd38579e47cf7c393f3f3f40d4910bcc6ead8bfff1c625e5644b5df8f04b64201cad06a2bd91134a4abac018356d6c765d83b47eb1ee55b8a1d0d

Download Submit
C:\Windows\System\mkjqJZG.exe

Filesize
5.9MB

MD5
f6731735e24fa235d3238bf1787fde86

SHA1
0017e57b713d6f7c9c69082245a358c46388a6c4

SHA256
c30e9b225929f14bbe5c5d8770ab27bf109d558ff8e06cd4c1f0d841585ac0b8

SHA512
2eeeb84e6c68a59423eb17af81d80608344f8a8b77b4982ce65b1866c881d0aebeb596e6991ade6776ff8a0cb8aff39a9b0e800b50148b892b57e45439419ee9

Download Submit
C:\Windows\System\nbMjEnG.exe

Filesize
5.9MB

MD5
e48b185239e8c137d63d9663133762f3

SHA1
1f168e4e97dd48a1687eec8a385b5fc0ee8c3fef

SHA256
93784ec698451a0fb62e18159c3a1eccfb0aeffeb387805bc1f4779078543637

SHA512
c7101686218d0a2eb282c9bafefeeedf139af21a176c5829dab6e7bd2c63103ab56dd5f7e6893400acdf4b1e0a864a73c832874e2ae119e4af1ec3ece4dfb7b9

Download Submit
C:\Windows\System\njGvWXX.exe

Filesize
5.9MB

MD5
533e64912cdb80e72a15dfb56a105a1b

SHA1
6d55239a83b364f9fdc4b824044e625aee5c3524

SHA256
3ac245ec9e44da2e550bc1b71608d67fac217d4cc40972fdd5aa0c13953ba6e6

SHA512
f35c6f903f3175f638438ba9fffbc8786fec9422964b43465cb5128a404381377760a54d420abbe538f15e625a8b0507d4e27b5aedaf402455900b89b471bd10

Download Submit
C:\Windows\System\rCBpJnd.exe

Filesize
5.9MB

MD5
44cf95947906f34c5cd83567166aaa19

SHA1
36a14e43d6e03be017b8e48805888f4994cfc566

SHA256
578a3716d26df1a4af3fa797ebfab13d57f8678b6c7287fff85337c1c8760e0d

SHA512
803f89593466e802ca0dcc666730e210bc9e06944d01e793adad1eea50e24f13a78f9685442611cc0efeae8ad99995bb616685dbb76dbf3e2a4022d5755da675

Download Submit
C:\Windows\System\rhPPeuh.exe

Filesize
5.9MB

MD5
a4c2ceba9ee38ed019ffd7faccd55d9f

SHA1
5c1755be84023544e84efd471ea67cb1dff6c58c

SHA256
92d375b4e3214a8390b4073771eda2bcf5edacc4f6bdae5fd23ac77084d5d3dc

SHA512
af30b9eeaaa73437920415012d1f8f5bba74415f58caea774e74378648bb5b752678b7974c0b6a836a25d61b2a20f7532350524314c6353f6e3012ae1eae836f

Download Submit
C:\Windows\System\uQdsTRr.exe

Filesize
5.9MB

MD5
873712553a6e83fbabde11100e4c7ed5

SHA1
e4e2957357489b6367fc5d04970a92b766c2e7f0

SHA256
1b54583d3e2953ab328599a1cae7e3ecb72148f886b34f3bb5a71abf9aea6898

SHA512
2fe875482a3f39509aa9e2a2ec387f535d6226274464227f04c8bef3554ea6b87b7d3c0fc9e1774e9bfdcb324a9c240fd5f3caa85560fcaa67972a281782535a

Download Submit
C:\Windows\System\yOnRshe.exe

Filesize
5.9MB

MD5
ea3459cc2d2f91e95b02082ea8bf5d60

SHA1
46626fb79fc5135b29f93734321b41326dcdae87

SHA256
ca4488a7f4659ea42acc2a9c966bbcd81707327f3eba0aa4e1c346d2909330bd

SHA512
965e694d8199bf113b658ebb2b92ccf9d3f354ea3c2651ec2276644ebf6df029423055d93d083b9e7ed8f43c21ef39d88eceb9a652acae282c1af6e550178eac

Download Submit
C:\Windows\System\yWXZblY.exe

Filesize
5.9MB

MD5
34b28e0e024d40e27fe6ae8e235752bb

SHA1
9d214533a63dabc00fb7f25c264e6d5159a2223d

SHA256
ff6201f645d61f75f8e4ce19bceeb4bd04c2cece5c9bdb2bfac48e0e1766685f

SHA512
297db9d97f84831e903199e92d42e6f9edbf6f3e561af3e72e6cc83b7e5ca844ba4b1b9bd00e2ad075bf04b3d3349c8938e52e445cc6115934925d3304eb3f92

Download Submit
C:\Windows\System\yewCPtK.exe

Filesize
5.9MB

MD5
8905dab8b9e7f7e3845c65dd2f69e533

SHA1
8373aa8236dc6228fd45d630ee28c547272a7661

SHA256
ba3497c15aace0814f583697fe31485c041f2e3575ba9a2b662ed95f3afcd3f1

SHA512
78b8e039dfa1cec262859450b8661a1c9e01612642dd49a9b9bbdcd7c3373a0979bf945761741d302e1d6b105b6876869931e1987f698c31e20a97fff7217005

Download Submit
memory/60-48-0x00007FF6812E0000-0x00007FF681634000-memory.dmp

Filesize
3.3MB

Download
memory/60-1345-0x00007FF6812E0000-0x00007FF681634000-memory.dmp

Filesize
3.3MB

Download
memory/60-108-0x00007FF6812E0000-0x00007FF681634000-memory.dmp

Filesize
3.3MB

Download
memory/928-1340-0x00007FF756640000-0x00007FF756994000-memory.dmp

Filesize
3.3MB

Download
memory/928-44-0x00007FF756640000-0x00007FF756994000-memory.dmp

Filesize
3.3MB

Download
memory/928-97-0x00007FF756640000-0x00007FF756994000-memory.dmp

Filesize
3.3MB

Download
memory/1152-118-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp

Filesize
3.3MB

Download
memory/1152-63-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1350-0x00007FF6D8740000-0x00007FF6D8A94000-memory.dmp

Filesize
3.3MB

Download
memory/1224-184-0x00007FF70E400000-0x00007FF70E754000-memory.dmp

Filesize
3.3MB

Download
memory/1224-690-0x00007FF70E400000-0x00007FF70E754000-memory.dmp

Filesize
3.3MB

Download
memory/1528-61-0x00007FF778060000-0x00007FF7783B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-8-0x00007FF778060000-0x00007FF7783B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1193-0x00007FF778060000-0x00007FF7783B4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-442-0x00007FF779C70000-0x00007FF779FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-163-0x00007FF779C70000-0x00007FF779FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2285-0x00007FF779C70000-0x00007FF779FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-113-0x00007FF6A73C0000-0x00007FF6A7714000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1826-0x00007FF6A73C0000-0x00007FF6A7714000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1209-0x00007FF730390000-0x00007FF7306E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-19-0x00007FF730390000-0x00007FF7306E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-71-0x00007FF730390000-0x00007FF7306E4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-80-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1640-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-137-0x00007FF7BE060000-0x00007FF7BE3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-561-0x00007FF6C2AF0000-0x00007FF6C2E44000-memory.dmp

Filesize
3.3MB

Download
memory/3092-176-0x00007FF6C2AF0000-0x00007FF6C2E44000-memory.dmp

Filesize
3.3MB

Download
memory/3156-181-0x00007FF6D9DB0000-0x00007FF6DA104000-memory.dmp

Filesize
3.3MB

Download
memory/3156-125-0x00007FF6D9DB0000-0x00007FF6DA104000-memory.dmp

Filesize
3.3MB

Download
memory/3156-1997-0x00007FF6D9DB0000-0x00007FF6DA104000-memory.dmp

Filesize
3.3MB

Download
memory/3400-2257-0x00007FF79B890000-0x00007FF79BBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-377-0x00007FF79B890000-0x00007FF79BBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-157-0x00007FF79B890000-0x00007FF79BBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-746-0x00007FF78D500000-0x00007FF78D854000-memory.dmp

Filesize
3.3MB

Download
memory/3456-193-0x00007FF78D500000-0x00007FF78D854000-memory.dmp

Filesize
3.3MB

Download
memory/3524-30-0x00007FF740340000-0x00007FF740694000-memory.dmp

Filesize
3.3MB

Download
memory/3524-1219-0x00007FF740340000-0x00007FF740694000-memory.dmp

Filesize
3.3MB

Download
memory/3524-87-0x00007FF740340000-0x00007FF740694000-memory.dmp

Filesize
3.3MB

Download
memory/3724-75-0x00007FF7BE9F0000-0x00007FF7BED44000-memory.dmp

Filesize
3.3MB

Download
memory/3724-1632-0x00007FF7BE9F0000-0x00007FF7BED44000-memory.dmp

Filesize
3.3MB

Download
memory/3824-146-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3824-2073-0x00007FF6F2B80000-0x00007FF6F2ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-1823-0x00007FF7EB870000-0x00007FF7EBBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-105-0x00007FF7EB870000-0x00007FF7EBBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-1-0x0000019A99320000-0x0000019A99330000-memory.dmp

Filesize
64KB

Download
memory/4632-54-0x00007FF60E400000-0x00007FF60E754000-memory.dmp

Filesize
3.3MB

Download
memory/4632-0-0x00007FF60E400000-0x00007FF60E754000-memory.dmp

Filesize
3.3MB

Download
memory/4652-16-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4652-1206-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4652-62-0x00007FF6D1AE0000-0x00007FF6D1E34000-memory.dmp

Filesize
3.3MB

Download
memory/4724-1353-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-60-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-112-0x00007FF7CA260000-0x00007FF7CA5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-76-0x00007FF783660000-0x00007FF7839B4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-24-0x00007FF783660000-0x00007FF7839B4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-1215-0x00007FF783660000-0x00007FF7839B4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-90-0x00007FF629410000-0x00007FF629764000-memory.dmp

Filesize
3.3MB

Download
memory/4836-1650-0x00007FF629410000-0x00007FF629764000-memory.dmp

Filesize
3.3MB

Download
memory/4836-147-0x00007FF629410000-0x00007FF629764000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1643-0x00007FF7D80C0000-0x00007FF7D8414000-memory.dmp

Filesize
3.3MB

Download
memory/4964-88-0x00007FF7D80C0000-0x00007FF7D8414000-memory.dmp

Filesize
3.3MB

Download
memory/4988-93-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp

Filesize
3.3MB

Download
memory/4988-38-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp

Filesize
3.3MB

Download
memory/4988-1301-0x00007FF6E15D0000-0x00007FF6E1924000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2245-0x00007FF6A7060000-0x00007FF6A73B4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-314-0x00007FF6A7060000-0x00007FF6A73B4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-151-0x00007FF6A7060000-0x00007FF6A73B4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-1960-0x00007FF79C6E0000-0x00007FF79CA34000-memory.dmp

Filesize
3.3MB

Download
memory/5004-175-0x00007FF79C6E0000-0x00007FF79CA34000-memory.dmp

Filesize
3.3MB

Download
memory/5004-121-0x00007FF79C6E0000-0x00007FF79CA34000-memory.dmp

Filesize
3.3MB

Download
memory/5016-183-0x00007FF60E9F0000-0x00007FF60ED44000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2067-0x00007FF60E9F0000-0x00007FF60ED44000-memory.dmp

Filesize
3.3MB

Download
memory/5016-131-0x00007FF60E9F0000-0x00007FF60ED44000-memory.dmp

Filesize
3.3MB

Download
memory/5108-169-0x00007FF7C8500000-0x00007FF7C8854000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2291-0x00007FF7C8500000-0x00007FF7C8854000-memory.dmp

Filesize
3.3MB

Download
memory/5108-505-0x00007FF7C8500000-0x00007FF7C8854000-memory.dmp

Filesize
3.3MB

Download
memory/5112-190-0x00007FF7A71B0000-0x00007FF7A7504000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2076-0x00007FF7A71B0000-0x00007FF7A7504000-memory.dmp

Filesize
3.3MB

Download
memory/5112-138-0x00007FF7A71B0000-0x00007FF7A7504000-memory.dmp

Filesize
3.3MB

Download
memory/5116-114-0x00007FF68A9D0000-0x00007FF68AD24000-memory.dmp

Filesize
3.3MB

Download
memory/5116-1842-0x00007FF68A9D0000-0x00007FF68AD24000-memory.dmp

Filesize
3.3MB

Download