cobaltstrike | 4087ca1abf51069b5d8c6240f8936ff9036f4405bed2feb3b0ba39f6fe8d128c

Analysis

max time kernel
102s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

337697db9f7d2b65bf91cb89fc763e7b
SHA1

0082926bd7b0081d314f8178b172f33e4f9b3219
SHA256

4087ca1abf51069b5d8c6240f8936ff9036f4405bed2feb3b0ba39f6fe8d128c
SHA512

9b049b9a624d6a15b173aeb54942f707a64e39f0807ab85524f5a903f9aad0cc3cf8df30a331155a7b1ff41579129d8b4b98ee146164a8d17498b7dcbf007683
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00090000000227aa-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426d-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426e-11.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002426a-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024272-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024274-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024273-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024279-86.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427a-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024280-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024283-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024285-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024287-184.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428c-211.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428a-209.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428b-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024289-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024288-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024286-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024284-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024282-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024281-151.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427f-137.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427e-125.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427d-120.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427c-111.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427b-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024278-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024277-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024276-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024275-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024271-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024270-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5508-0-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp	xmrig
behavioral2/files/0x00090000000227aa-4.dat	xmrig
behavioral2/memory/3492-8-0x00007FF676F00000-0x00007FF677254000-memory.dmp	xmrig
behavioral2/files/0x000700000002426d-10.dat	xmrig
behavioral2/files/0x000700000002426e-11.dat	xmrig
behavioral2/memory/6008-14-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp	xmrig
behavioral2/memory/5408-18-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp	xmrig
behavioral2/memory/216-24-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp	xmrig
behavioral2/files/0x000800000002426a-28.dat	xmrig
behavioral2/memory/5144-36-0x00007FF642C40000-0x00007FF642F94000-memory.dmp	xmrig
behavioral2/memory/6072-38-0x00007FF6CDA30000-0x00007FF6CDD84000-memory.dmp	xmrig
behavioral2/files/0x0007000000024272-40.dat	xmrig
behavioral2/memory/1956-42-0x00007FF656640000-0x00007FF656994000-memory.dmp	xmrig
behavioral2/files/0x0007000000024274-50.dat	xmrig
behavioral2/files/0x0007000000024273-53.dat	xmrig
behavioral2/memory/5508-60-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp	xmrig
behavioral2/memory/3492-67-0x00007FF676F00000-0x00007FF677254000-memory.dmp	xmrig
behavioral2/memory/6008-75-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp	xmrig
behavioral2/memory/5408-79-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp	xmrig
behavioral2/files/0x0007000000024279-86.dat	xmrig
behavioral2/files/0x000700000002427a-94.dat	xmrig
behavioral2/memory/1956-107-0x00007FF656640000-0x00007FF656994000-memory.dmp	xmrig
behavioral2/memory/5760-115-0x00007FF62E4B0000-0x00007FF62E804000-memory.dmp	xmrig
behavioral2/files/0x0007000000024280-131.dat	xmrig
behavioral2/memory/5812-142-0x00007FF7C9590000-0x00007FF7C98E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024283-153.dat	xmrig
behavioral2/files/0x0007000000024285-167.dat	xmrig
behavioral2/files/0x0007000000024287-184.dat	xmrig
behavioral2/files/0x000700000002428c-211.dat	xmrig
behavioral2/files/0x000700000002428a-209.dat	xmrig
behavioral2/files/0x000700000002428b-206.dat	xmrig
behavioral2/files/0x0007000000024289-204.dat	xmrig
behavioral2/files/0x0007000000024288-199.dat	xmrig
behavioral2/memory/3120-198-0x00007FF63D790000-0x00007FF63DAE4000-memory.dmp	xmrig
behavioral2/memory/4712-194-0x00007FF643400000-0x00007FF643754000-memory.dmp	xmrig
behavioral2/memory/4608-193-0x00007FF633780000-0x00007FF633AD4000-memory.dmp	xmrig
behavioral2/memory/4812-187-0x00007FF7CD2A0000-0x00007FF7CD5F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024286-182.dat	xmrig
behavioral2/memory/1492-179-0x00007FF7719F0000-0x00007FF771D44000-memory.dmp	xmrig
behavioral2/memory/4584-176-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp	xmrig
behavioral2/memory/2816-175-0x00007FF659B40000-0x00007FF659E94000-memory.dmp	xmrig
behavioral2/memory/788-174-0x00007FF659A50000-0x00007FF659DA4000-memory.dmp	xmrig
behavioral2/memory/5892-172-0x00007FF608A10000-0x00007FF608D64000-memory.dmp	xmrig
behavioral2/files/0x0007000000024284-170.dat	xmrig
behavioral2/memory/4732-166-0x00007FF7AAE20000-0x00007FF7AB174000-memory.dmp	xmrig
behavioral2/memory/4792-160-0x00007FF733940000-0x00007FF733C94000-memory.dmp	xmrig
behavioral2/memory/1084-159-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp	xmrig
behavioral2/memory/5908-158-0x00007FF7F31F0000-0x00007FF7F3544000-memory.dmp	xmrig
behavioral2/files/0x0007000000024282-156.dat	xmrig
behavioral2/files/0x0007000000024281-151.dat	xmrig
behavioral2/memory/1176-150-0x00007FF7432E0000-0x00007FF743634000-memory.dmp	xmrig
behavioral2/memory/4420-149-0x00007FF730A00000-0x00007FF730D54000-memory.dmp	xmrig
behavioral2/memory/4848-143-0x00007FF7B1D70000-0x00007FF7B20C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002427f-137.dat	xmrig
behavioral2/memory/1672-136-0x00007FF62E680000-0x00007FF62E9D4000-memory.dmp	xmrig
behavioral2/memory/2972-135-0x00007FF656D40000-0x00007FF657094000-memory.dmp	xmrig
behavioral2/memory/4712-134-0x00007FF643400000-0x00007FF643754000-memory.dmp	xmrig
behavioral2/memory/3512-130-0x00007FF75CE10000-0x00007FF75D164000-memory.dmp	xmrig
behavioral2/files/0x000700000002427e-125.dat	xmrig
behavioral2/memory/4608-124-0x00007FF633780000-0x00007FF633AD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002427d-120.dat	xmrig
behavioral2/memory/5092-119-0x00007FF698A70000-0x00007FF698DC4000-memory.dmp	xmrig
behavioral2/memory/4584-118-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002427c-111.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3492	BmrdopP.exe
6008	qGNQWat.exe
5408	UJsuvOF.exe
216	xweOJbt.exe
5144	ENSNrxo.exe
6072	ogHzBED.exe
1956	RGsJWJK.exe
5760	OVZWIDW.exe
5092	BWnbaJg.exe
3512	psNipmp.exe
2972	gprindZ.exe
1672	qSXjbrS.exe
4420	eLooufz.exe
5908	yRTGVzs.exe
1084	GOjxjWq.exe
5892	jOkotSt.exe
2816	SOZGMES.exe
4584	pGwILVj.exe
4608	RYlCaOG.exe
4712	ZjsjLQe.exe
5812	WFvoCvA.exe
4848	rvSnMSx.exe
1176	wrFUZpM.exe
4792	IejnNvq.exe
4732	gXtiugZ.exe
788	KtuUGDn.exe
1492	hFFGXMU.exe
4812	SETCoOk.exe
3120	snwpIzd.exe
1456	cxeeDif.exe
4380	wFDmANc.exe
2824	FErYAFX.exe
1368	DDDPDpb.exe
2240	UxKGgmG.exe
2032	xISoUyq.exe
2276	samsPnn.exe
3792	QeddvML.exe
3956	DCZWRKE.exe
3948	rCxDjsK.exe
4040	eRMeVHF.exe
2468	bjBaWER.exe
3160	xTHdonv.exe
1828	YWgZyza.exe
2408	nGwqXZo.exe
3376	WqGRzpc.exe
5016	UFDHmyh.exe
5904	WANCzPs.exe
1640	jorNexx.exe
4104	FHDLSqq.exe
776	TxNVEah.exe
3656	fnUcyjF.exe
4556	iqARUIl.exe
3936	UOKdsgT.exe
4944	ppjNbHb.exe
4028	TFyfplp.exe
3372	HtCqtLe.exe
1008	ppMhYqt.exe
1104	DwbgyNx.exe
2624	HhhYGMZ.exe
3756	YduwyWM.exe
5432	HMtGXpQ.exe
5396	KAJtPnK.exe
3408	UsMCvgr.exe
5456	PKOCzaM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5508-0-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp	upx
behavioral2/files/0x00090000000227aa-4.dat	upx
behavioral2/memory/3492-8-0x00007FF676F00000-0x00007FF677254000-memory.dmp	upx
behavioral2/files/0x000700000002426d-10.dat	upx
behavioral2/files/0x000700000002426e-11.dat	upx
behavioral2/memory/6008-14-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp	upx
behavioral2/memory/5408-18-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp	upx
behavioral2/memory/216-24-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp	upx
behavioral2/files/0x000800000002426a-28.dat	upx
behavioral2/memory/5144-36-0x00007FF642C40000-0x00007FF642F94000-memory.dmp	upx
behavioral2/memory/6072-38-0x00007FF6CDA30000-0x00007FF6CDD84000-memory.dmp	upx
behavioral2/files/0x0007000000024272-40.dat	upx
behavioral2/memory/1956-42-0x00007FF656640000-0x00007FF656994000-memory.dmp	upx
behavioral2/files/0x0007000000024274-50.dat	upx
behavioral2/files/0x0007000000024273-53.dat	upx
behavioral2/memory/5508-60-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp	upx
behavioral2/memory/3492-67-0x00007FF676F00000-0x00007FF677254000-memory.dmp	upx
behavioral2/memory/6008-75-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp	upx
behavioral2/memory/5408-79-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp	upx
behavioral2/files/0x0007000000024279-86.dat	upx
behavioral2/files/0x000700000002427a-94.dat	upx
behavioral2/memory/1956-107-0x00007FF656640000-0x00007FF656994000-memory.dmp	upx
behavioral2/memory/5760-115-0x00007FF62E4B0000-0x00007FF62E804000-memory.dmp	upx
behavioral2/files/0x0007000000024280-131.dat	upx
behavioral2/memory/5812-142-0x00007FF7C9590000-0x00007FF7C98E4000-memory.dmp	upx
behavioral2/files/0x0007000000024283-153.dat	upx
behavioral2/files/0x0007000000024285-167.dat	upx
behavioral2/files/0x0007000000024287-184.dat	upx
behavioral2/files/0x000700000002428c-211.dat	upx
behavioral2/files/0x000700000002428a-209.dat	upx
behavioral2/files/0x000700000002428b-206.dat	upx
behavioral2/files/0x0007000000024289-204.dat	upx
behavioral2/files/0x0007000000024288-199.dat	upx
behavioral2/memory/3120-198-0x00007FF63D790000-0x00007FF63DAE4000-memory.dmp	upx
behavioral2/memory/4712-194-0x00007FF643400000-0x00007FF643754000-memory.dmp	upx
behavioral2/memory/4608-193-0x00007FF633780000-0x00007FF633AD4000-memory.dmp	upx
behavioral2/memory/4812-187-0x00007FF7CD2A0000-0x00007FF7CD5F4000-memory.dmp	upx
behavioral2/files/0x0007000000024286-182.dat	upx
behavioral2/memory/1492-179-0x00007FF7719F0000-0x00007FF771D44000-memory.dmp	upx
behavioral2/memory/4584-176-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp	upx
behavioral2/memory/2816-175-0x00007FF659B40000-0x00007FF659E94000-memory.dmp	upx
behavioral2/memory/788-174-0x00007FF659A50000-0x00007FF659DA4000-memory.dmp	upx
behavioral2/memory/5892-172-0x00007FF608A10000-0x00007FF608D64000-memory.dmp	upx
behavioral2/files/0x0007000000024284-170.dat	upx
behavioral2/memory/4732-166-0x00007FF7AAE20000-0x00007FF7AB174000-memory.dmp	upx
behavioral2/memory/4792-160-0x00007FF733940000-0x00007FF733C94000-memory.dmp	upx
behavioral2/memory/1084-159-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp	upx
behavioral2/memory/5908-158-0x00007FF7F31F0000-0x00007FF7F3544000-memory.dmp	upx
behavioral2/files/0x0007000000024282-156.dat	upx
behavioral2/files/0x0007000000024281-151.dat	upx
behavioral2/memory/1176-150-0x00007FF7432E0000-0x00007FF743634000-memory.dmp	upx
behavioral2/memory/4420-149-0x00007FF730A00000-0x00007FF730D54000-memory.dmp	upx
behavioral2/memory/4848-143-0x00007FF7B1D70000-0x00007FF7B20C4000-memory.dmp	upx
behavioral2/files/0x000700000002427f-137.dat	upx
behavioral2/memory/1672-136-0x00007FF62E680000-0x00007FF62E9D4000-memory.dmp	upx
behavioral2/memory/2972-135-0x00007FF656D40000-0x00007FF657094000-memory.dmp	upx
behavioral2/memory/4712-134-0x00007FF643400000-0x00007FF643754000-memory.dmp	upx
behavioral2/memory/3512-130-0x00007FF75CE10000-0x00007FF75D164000-memory.dmp	upx
behavioral2/files/0x000700000002427e-125.dat	upx
behavioral2/memory/4608-124-0x00007FF633780000-0x00007FF633AD4000-memory.dmp	upx
behavioral2/files/0x000700000002427d-120.dat	upx
behavioral2/memory/5092-119-0x00007FF698A70000-0x00007FF698DC4000-memory.dmp	upx
behavioral2/memory/4584-118-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp	upx
behavioral2/files/0x000700000002427c-111.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qvvtyEP.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PAsztpb.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HUsrfqV.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DWTuAOz.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fLYCclc.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mZywMYE.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fKGnLtu.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xTHdonv.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pdaBNCI.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uaVMwMm.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FnCzxKX.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZfrMtDp.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pXHZdZZ.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\elxBNQa.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FsMwvtI.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DCZWRKE.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\itzeHCH.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ynrDJvf.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GOjxjWq.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OgtBZDh.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KMPglRT.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZQpffUz.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gDuwczz.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NrpMlts.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FLlomZL.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\prrWfGP.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rSRBGgO.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rKPiBmi.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zyEWQCf.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zxZcESa.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WoZnyDg.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tBRGjaz.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\okIFvMN.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hiBMGKz.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ajiPOOA.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bPnpCGl.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UFxpDXr.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SoUQQcO.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kJofdTE.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AnWXyic.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VtDmcJy.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kJhQQGM.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dYnqvJT.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TENTHLd.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hFFGXMU.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QeilZII.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JNlierh.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FtFUSAO.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EoPZFSa.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FiBarXl.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aForGqX.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NqIqGnR.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ilrgCFZ.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kvxftpd.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PFThlKE.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YpZnAzx.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qJqikOV.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zqqtacQ.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CnXaxIs.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zYWBGPa.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bwvKSQS.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mANBSvA.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tsumfvh.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TScpVWR.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5508 wrote to memory of 3492	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5508 wrote to memory of 3492	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5508 wrote to memory of 6008	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5508 wrote to memory of 6008	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5508 wrote to memory of 5408	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5508 wrote to memory of 5408	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5508 wrote to memory of 216	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5508 wrote to memory of 216	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5508 wrote to memory of 5144	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5508 wrote to memory of 5144	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5508 wrote to memory of 6072	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5508 wrote to memory of 6072	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5508 wrote to memory of 1956	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5508 wrote to memory of 1956	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5508 wrote to memory of 5760	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5508 wrote to memory of 5760	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5508 wrote to memory of 5092	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5508 wrote to memory of 5092	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5508 wrote to memory of 3512	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5508 wrote to memory of 3512	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5508 wrote to memory of 2972	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5508 wrote to memory of 2972	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5508 wrote to memory of 1672	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5508 wrote to memory of 1672	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5508 wrote to memory of 4420	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5508 wrote to memory of 4420	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5508 wrote to memory of 5908	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5508 wrote to memory of 5908	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5508 wrote to memory of 1084	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5508 wrote to memory of 1084	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5508 wrote to memory of 5892	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5508 wrote to memory of 5892	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5508 wrote to memory of 2816	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5508 wrote to memory of 2816	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5508 wrote to memory of 4584	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5508 wrote to memory of 4584	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5508 wrote to memory of 4608	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5508 wrote to memory of 4608	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5508 wrote to memory of 4712	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5508 wrote to memory of 4712	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5508 wrote to memory of 5812	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5508 wrote to memory of 5812	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5508 wrote to memory of 4848	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5508 wrote to memory of 4848	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5508 wrote to memory of 1176	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5508 wrote to memory of 1176	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5508 wrote to memory of 4792	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5508 wrote to memory of 4792	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5508 wrote to memory of 4732	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5508 wrote to memory of 4732	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5508 wrote to memory of 788	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5508 wrote to memory of 788	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5508 wrote to memory of 1492	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5508 wrote to memory of 1492	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5508 wrote to memory of 4812	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5508 wrote to memory of 4812	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5508 wrote to memory of 3120	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5508 wrote to memory of 3120	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5508 wrote to memory of 1456	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5508 wrote to memory of 1456	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5508 wrote to memory of 4380	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5508 wrote to memory of 4380	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5508 wrote to memory of 2824	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5508 wrote to memory of 2824	5508	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117

C:\Users\Admin\AppData\Local\Temp\2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5508
- C:\Windows\System\BmrdopP.exe
  C:\Windows\System\BmrdopP.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\qGNQWat.exe
  C:\Windows\System\qGNQWat.exe
  2⤵
  - Executes dropped EXE
  PID:6008
- C:\Windows\System\UJsuvOF.exe
  C:\Windows\System\UJsuvOF.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System\xweOJbt.exe
  C:\Windows\System\xweOJbt.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\ENSNrxo.exe
  C:\Windows\System\ENSNrxo.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\ogHzBED.exe
  C:\Windows\System\ogHzBED.exe
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\System\RGsJWJK.exe
  C:\Windows\System\RGsJWJK.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\OVZWIDW.exe
  C:\Windows\System\OVZWIDW.exe
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Windows\System\BWnbaJg.exe
  C:\Windows\System\BWnbaJg.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\psNipmp.exe
  C:\Windows\System\psNipmp.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\gprindZ.exe
  C:\Windows\System\gprindZ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\qSXjbrS.exe
  C:\Windows\System\qSXjbrS.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\eLooufz.exe
  C:\Windows\System\eLooufz.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\yRTGVzs.exe
  C:\Windows\System\yRTGVzs.exe
  2⤵
  - Executes dropped EXE
  PID:5908
- C:\Windows\System\GOjxjWq.exe
  C:\Windows\System\GOjxjWq.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\jOkotSt.exe
  C:\Windows\System\jOkotSt.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System\SOZGMES.exe
  C:\Windows\System\SOZGMES.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\pGwILVj.exe
  C:\Windows\System\pGwILVj.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\RYlCaOG.exe
  C:\Windows\System\RYlCaOG.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\ZjsjLQe.exe
  C:\Windows\System\ZjsjLQe.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\WFvoCvA.exe
  C:\Windows\System\WFvoCvA.exe
  2⤵
  - Executes dropped EXE
  PID:5812
- C:\Windows\System\rvSnMSx.exe
  C:\Windows\System\rvSnMSx.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\wrFUZpM.exe
  C:\Windows\System\wrFUZpM.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\IejnNvq.exe
  C:\Windows\System\IejnNvq.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\gXtiugZ.exe
  C:\Windows\System\gXtiugZ.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\KtuUGDn.exe
  C:\Windows\System\KtuUGDn.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\hFFGXMU.exe
  C:\Windows\System\hFFGXMU.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\SETCoOk.exe
  C:\Windows\System\SETCoOk.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\snwpIzd.exe
  C:\Windows\System\snwpIzd.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\cxeeDif.exe
  C:\Windows\System\cxeeDif.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\wFDmANc.exe
  C:\Windows\System\wFDmANc.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\FErYAFX.exe
  C:\Windows\System\FErYAFX.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\DDDPDpb.exe
  C:\Windows\System\DDDPDpb.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UxKGgmG.exe
  C:\Windows\System\UxKGgmG.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\xISoUyq.exe
  C:\Windows\System\xISoUyq.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\samsPnn.exe
  C:\Windows\System\samsPnn.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\QeddvML.exe
  C:\Windows\System\QeddvML.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\DCZWRKE.exe
  C:\Windows\System\DCZWRKE.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\rCxDjsK.exe
  C:\Windows\System\rCxDjsK.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\eRMeVHF.exe
  C:\Windows\System\eRMeVHF.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\bjBaWER.exe
  C:\Windows\System\bjBaWER.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\xTHdonv.exe
  C:\Windows\System\xTHdonv.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\YWgZyza.exe
  C:\Windows\System\YWgZyza.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\nGwqXZo.exe
  C:\Windows\System\nGwqXZo.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\WqGRzpc.exe
  C:\Windows\System\WqGRzpc.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\UFDHmyh.exe
  C:\Windows\System\UFDHmyh.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\WANCzPs.exe
  C:\Windows\System\WANCzPs.exe
  2⤵
  - Executes dropped EXE
  PID:5904
- C:\Windows\System\jorNexx.exe
  C:\Windows\System\jorNexx.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\FHDLSqq.exe
  C:\Windows\System\FHDLSqq.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\TxNVEah.exe
  C:\Windows\System\TxNVEah.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\fnUcyjF.exe
  C:\Windows\System\fnUcyjF.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\iqARUIl.exe
  C:\Windows\System\iqARUIl.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\UOKdsgT.exe
  C:\Windows\System\UOKdsgT.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\ppjNbHb.exe
  C:\Windows\System\ppjNbHb.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\TFyfplp.exe
  C:\Windows\System\TFyfplp.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\HtCqtLe.exe
  C:\Windows\System\HtCqtLe.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\ppMhYqt.exe
  C:\Windows\System\ppMhYqt.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\DwbgyNx.exe
  C:\Windows\System\DwbgyNx.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\HhhYGMZ.exe
  C:\Windows\System\HhhYGMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\YduwyWM.exe
  C:\Windows\System\YduwyWM.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\HMtGXpQ.exe
  C:\Windows\System\HMtGXpQ.exe
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Windows\System\KAJtPnK.exe
  C:\Windows\System\KAJtPnK.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\UsMCvgr.exe
  C:\Windows\System\UsMCvgr.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\PKOCzaM.exe
  C:\Windows\System\PKOCzaM.exe
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Windows\System\adeURqh.exe
  C:\Windows\System\adeURqh.exe
  2⤵
  PID:924
- C:\Windows\System\OrMwdou.exe
  C:\Windows\System\OrMwdou.exe
  2⤵
  PID:5560
- C:\Windows\System\rSRBGgO.exe
  C:\Windows\System\rSRBGgO.exe
  2⤵
  PID:5172
- C:\Windows\System\txVpjdf.exe
  C:\Windows\System\txVpjdf.exe
  2⤵
  PID:5244
- C:\Windows\System\FcZHgcg.exe
  C:\Windows\System\FcZHgcg.exe
  2⤵
  PID:764
- C:\Windows\System\TKukwCX.exe
  C:\Windows\System\TKukwCX.exe
  2⤵
  PID:632
- C:\Windows\System\ZeZGOwS.exe
  C:\Windows\System\ZeZGOwS.exe
  2⤵
  PID:4156
- C:\Windows\System\EVKHrrd.exe
  C:\Windows\System\EVKHrrd.exe
  2⤵
  PID:400
- C:\Windows\System\bPnpCGl.exe
  C:\Windows\System\bPnpCGl.exe
  2⤵
  PID:1744
- C:\Windows\System\RxfZSLS.exe
  C:\Windows\System\RxfZSLS.exe
  2⤵
  PID:4004
- C:\Windows\System\icOKtTu.exe
  C:\Windows\System\icOKtTu.exe
  2⤵
  PID:2016
- C:\Windows\System\rnzvJDW.exe
  C:\Windows\System\rnzvJDW.exe
  2⤵
  PID:3080
- C:\Windows\System\qDlqVBq.exe
  C:\Windows\System\qDlqVBq.exe
  2⤵
  PID:3056
- C:\Windows\System\cIDVgMO.exe
  C:\Windows\System\cIDVgMO.exe
  2⤵
  PID:6116
- C:\Windows\System\cJEjBzO.exe
  C:\Windows\System\cJEjBzO.exe
  2⤵
  PID:2508
- C:\Windows\System\vlZjJod.exe
  C:\Windows\System\vlZjJod.exe
  2⤵
  PID:2492
- C:\Windows\System\BoLYdwi.exe
  C:\Windows\System\BoLYdwi.exe
  2⤵
  PID:4356
- C:\Windows\System\WvSscnx.exe
  C:\Windows\System\WvSscnx.exe
  2⤵
  PID:4436
- C:\Windows\System\PieYpKu.exe
  C:\Windows\System\PieYpKu.exe
  2⤵
  PID:4884
- C:\Windows\System\dFtMfzI.exe
  C:\Windows\System\dFtMfzI.exe
  2⤵
  PID:4468
- C:\Windows\System\CnXaxIs.exe
  C:\Windows\System\CnXaxIs.exe
  2⤵
  PID:5360
- C:\Windows\System\bvxIscA.exe
  C:\Windows\System\bvxIscA.exe
  2⤵
  PID:4888
- C:\Windows\System\jGMjycb.exe
  C:\Windows\System\jGMjycb.exe
  2⤵
  PID:3588
- C:\Windows\System\exyUjze.exe
  C:\Windows\System\exyUjze.exe
  2⤵
  PID:4760
- C:\Windows\System\JEeNQFi.exe
  C:\Windows\System\JEeNQFi.exe
  2⤵
  PID:4972
- C:\Windows\System\zjIpUQb.exe
  C:\Windows\System\zjIpUQb.exe
  2⤵
  PID:5404
- C:\Windows\System\hYIjgjL.exe
  C:\Windows\System\hYIjgjL.exe
  2⤵
  PID:1932
- C:\Windows\System\tdZunhg.exe
  C:\Windows\System\tdZunhg.exe
  2⤵
  PID:952
- C:\Windows\System\MOafJVd.exe
  C:\Windows\System\MOafJVd.exe
  2⤵
  PID:2460
- C:\Windows\System\JQjSusN.exe
  C:\Windows\System\JQjSusN.exe
  2⤵
  PID:3384
- C:\Windows\System\cQJNKNz.exe
  C:\Windows\System\cQJNKNz.exe
  2⤵
  PID:2896
- C:\Windows\System\TlCqiiz.exe
  C:\Windows\System\TlCqiiz.exe
  2⤵
  PID:3660
- C:\Windows\System\CCYnGKg.exe
  C:\Windows\System\CCYnGKg.exe
  2⤵
  PID:1328
- C:\Windows\System\LbAVCNz.exe
  C:\Windows\System\LbAVCNz.exe
  2⤵
  PID:5664
- C:\Windows\System\vFWiupj.exe
  C:\Windows\System\vFWiupj.exe
  2⤵
  PID:644
- C:\Windows\System\GGTxMpw.exe
  C:\Windows\System\GGTxMpw.exe
  2⤵
  PID:5980
- C:\Windows\System\FXJwuOB.exe
  C:\Windows\System\FXJwuOB.exe
  2⤵
  PID:1088
- C:\Windows\System\YnyBDEk.exe
  C:\Windows\System\YnyBDEk.exe
  2⤵
  PID:4292
- C:\Windows\System\CvzMvRe.exe
  C:\Windows\System\CvzMvRe.exe
  2⤵
  PID:5428
- C:\Windows\System\PpLxslX.exe
  C:\Windows\System\PpLxslX.exe
  2⤵
  PID:5624
- C:\Windows\System\ASSDPjQ.exe
  C:\Windows\System\ASSDPjQ.exe
  2⤵
  PID:5676
- C:\Windows\System\uDeWLzW.exe
  C:\Windows\System\uDeWLzW.exe
  2⤵
  PID:3804
- C:\Windows\System\LfRFQBd.exe
  C:\Windows\System\LfRFQBd.exe
  2⤵
  PID:920
- C:\Windows\System\OgtBZDh.exe
  C:\Windows\System\OgtBZDh.exe
  2⤵
  PID:1536
- C:\Windows\System\kqRupAr.exe
  C:\Windows\System\kqRupAr.exe
  2⤵
  PID:5072
- C:\Windows\System\KBzGmiZ.exe
  C:\Windows\System\KBzGmiZ.exe
  2⤵
  PID:5132
- C:\Windows\System\uTYWvQk.exe
  C:\Windows\System\uTYWvQk.exe
  2⤵
  PID:2196
- C:\Windows\System\vWtJLnr.exe
  C:\Windows\System\vWtJLnr.exe
  2⤵
  PID:2184
- C:\Windows\System\tsUbFCS.exe
  C:\Windows\System\tsUbFCS.exe
  2⤵
  PID:5020
- C:\Windows\System\eSmdgFP.exe
  C:\Windows\System\eSmdgFP.exe
  2⤵
  PID:4768
- C:\Windows\System\zJQBxRJ.exe
  C:\Windows\System\zJQBxRJ.exe
  2⤵
  PID:5212
- C:\Windows\System\XXfsMLD.exe
  C:\Windows\System\XXfsMLD.exe
  2⤵
  PID:2060
- C:\Windows\System\ZmXLJJN.exe
  C:\Windows\System\ZmXLJJN.exe
  2⤵
  PID:5888
- C:\Windows\System\PZMcKNl.exe
  C:\Windows\System\PZMcKNl.exe
  2⤵
  PID:3024
- C:\Windows\System\FiBarXl.exe
  C:\Windows\System\FiBarXl.exe
  2⤵
  PID:3960
- C:\Windows\System\oEsdvZO.exe
  C:\Windows\System\oEsdvZO.exe
  2⤵
  PID:556
- C:\Windows\System\JYGnGOj.exe
  C:\Windows\System\JYGnGOj.exe
  2⤵
  PID:5048
- C:\Windows\System\BEdlBdr.exe
  C:\Windows\System\BEdlBdr.exe
  2⤵
  PID:4332
- C:\Windows\System\HfFmdeC.exe
  C:\Windows\System\HfFmdeC.exe
  2⤵
  PID:4340
- C:\Windows\System\vvYwRsZ.exe
  C:\Windows\System\vvYwRsZ.exe
  2⤵
  PID:5328
- C:\Windows\System\NkTnQYP.exe
  C:\Windows\System\NkTnQYP.exe
  2⤵
  PID:5960
- C:\Windows\System\nUKNYXw.exe
  C:\Windows\System\nUKNYXw.exe
  2⤵
  PID:1904
- C:\Windows\System\mFUqrFJ.exe
  C:\Windows\System\mFUqrFJ.exe
  2⤵
  PID:5968
- C:\Windows\System\aWqRmfu.exe
  C:\Windows\System\aWqRmfu.exe
  2⤵
  PID:6184
- C:\Windows\System\zzVuyXh.exe
  C:\Windows\System\zzVuyXh.exe
  2⤵
  PID:6212
- C:\Windows\System\fhxWuFT.exe
  C:\Windows\System\fhxWuFT.exe
  2⤵
  PID:6228
- C:\Windows\System\fLYCclc.exe
  C:\Windows\System\fLYCclc.exe
  2⤵
  PID:6256
- C:\Windows\System\MZNMLfP.exe
  C:\Windows\System\MZNMLfP.exe
  2⤵
  PID:6284
- C:\Windows\System\bcCgYZM.exe
  C:\Windows\System\bcCgYZM.exe
  2⤵
  PID:6312
- C:\Windows\System\tiZNVxG.exe
  C:\Windows\System\tiZNVxG.exe
  2⤵
  PID:6340
- C:\Windows\System\XcHPPAD.exe
  C:\Windows\System\XcHPPAD.exe
  2⤵
  PID:6356
- C:\Windows\System\ztRoRmr.exe
  C:\Windows\System\ztRoRmr.exe
  2⤵
  PID:6384
- C:\Windows\System\bzEmQcR.exe
  C:\Windows\System\bzEmQcR.exe
  2⤵
  PID:6412
- C:\Windows\System\mULGbak.exe
  C:\Windows\System\mULGbak.exe
  2⤵
  PID:6440
- C:\Windows\System\uAYTxYz.exe
  C:\Windows\System\uAYTxYz.exe
  2⤵
  PID:6468
- C:\Windows\System\GGkVYnp.exe
  C:\Windows\System\GGkVYnp.exe
  2⤵
  PID:6496
- C:\Windows\System\WcHyLKw.exe
  C:\Windows\System\WcHyLKw.exe
  2⤵
  PID:6524
- C:\Windows\System\aNLDMri.exe
  C:\Windows\System\aNLDMri.exe
  2⤵
  PID:6552
- C:\Windows\System\KUtdXRF.exe
  C:\Windows\System\KUtdXRF.exe
  2⤵
  PID:6580
- C:\Windows\System\bdovMJu.exe
  C:\Windows\System\bdovMJu.exe
  2⤵
  PID:6608
- C:\Windows\System\PVGjngd.exe
  C:\Windows\System\PVGjngd.exe
  2⤵
  PID:6632
- C:\Windows\System\nsKnMTr.exe
  C:\Windows\System\nsKnMTr.exe
  2⤵
  PID:6664
- C:\Windows\System\dtejAMi.exe
  C:\Windows\System\dtejAMi.exe
  2⤵
  PID:6692
- C:\Windows\System\gGvZJzF.exe
  C:\Windows\System\gGvZJzF.exe
  2⤵
  PID:6720
- C:\Windows\System\gxOxHoU.exe
  C:\Windows\System\gxOxHoU.exe
  2⤵
  PID:6748
- C:\Windows\System\TScpVWR.exe
  C:\Windows\System\TScpVWR.exe
  2⤵
  PID:6776
- C:\Windows\System\QQvdQMU.exe
  C:\Windows\System\QQvdQMU.exe
  2⤵
  PID:6804
- C:\Windows\System\pRbOsZy.exe
  C:\Windows\System\pRbOsZy.exe
  2⤵
  PID:6832
- C:\Windows\System\hQEKjHN.exe
  C:\Windows\System\hQEKjHN.exe
  2⤵
  PID:6860
- C:\Windows\System\SurvscO.exe
  C:\Windows\System\SurvscO.exe
  2⤵
  PID:6888
- C:\Windows\System\OwdiEdu.exe
  C:\Windows\System\OwdiEdu.exe
  2⤵
  PID:6916
- C:\Windows\System\nwHSEae.exe
  C:\Windows\System\nwHSEae.exe
  2⤵
  PID:6944
- C:\Windows\System\JOXLqlM.exe
  C:\Windows\System\JOXLqlM.exe
  2⤵
  PID:6972
- C:\Windows\System\NVbGvPp.exe
  C:\Windows\System\NVbGvPp.exe
  2⤵
  PID:7000
- C:\Windows\System\slKCVCc.exe
  C:\Windows\System\slKCVCc.exe
  2⤵
  PID:7028
- C:\Windows\System\bcKKjdM.exe
  C:\Windows\System\bcKKjdM.exe
  2⤵
  PID:7056
- C:\Windows\System\MztvKbz.exe
  C:\Windows\System\MztvKbz.exe
  2⤵
  PID:7084
- C:\Windows\System\CikKoDE.exe
  C:\Windows\System\CikKoDE.exe
  2⤵
  PID:7112
- C:\Windows\System\mMcaYYY.exe
  C:\Windows\System\mMcaYYY.exe
  2⤵
  PID:7140
- C:\Windows\System\ruNZKUA.exe
  C:\Windows\System\ruNZKUA.exe
  2⤵
  PID:3584
- C:\Windows\System\cCrFILD.exe
  C:\Windows\System\cCrFILD.exe
  2⤵
  PID:4900
- C:\Windows\System\DubAXgF.exe
  C:\Windows\System\DubAXgF.exe
  2⤵
  PID:6124
- C:\Windows\System\tuJhZrV.exe
  C:\Windows\System\tuJhZrV.exe
  2⤵
  PID:5752
- C:\Windows\System\wihlmRW.exe
  C:\Windows\System\wihlmRW.exe
  2⤵
  PID:1496
- C:\Windows\System\NvSEVbU.exe
  C:\Windows\System\NvSEVbU.exe
  2⤵
  PID:6204
- C:\Windows\System\TELHBVK.exe
  C:\Windows\System\TELHBVK.exe
  2⤵
  PID:6272
- C:\Windows\System\zJYnyFl.exe
  C:\Windows\System\zJYnyFl.exe
  2⤵
  PID:6332
- C:\Windows\System\VxeYphh.exe
  C:\Windows\System\VxeYphh.exe
  2⤵
  PID:6400
- C:\Windows\System\HTKsvWm.exe
  C:\Windows\System\HTKsvWm.exe
  2⤵
  PID:6460
- C:\Windows\System\zYWBGPa.exe
  C:\Windows\System\zYWBGPa.exe
  2⤵
  PID:6536
- C:\Windows\System\hkMxZrV.exe
  C:\Windows\System\hkMxZrV.exe
  2⤵
  PID:6596
- C:\Windows\System\owyuPzp.exe
  C:\Windows\System\owyuPzp.exe
  2⤵
  PID:6656
- C:\Windows\System\EcFfCPI.exe
  C:\Windows\System\EcFfCPI.exe
  2⤵
  PID:6732
- C:\Windows\System\SDlSkrF.exe
  C:\Windows\System\SDlSkrF.exe
  2⤵
  PID:6792
- C:\Windows\System\ElrTTxK.exe
  C:\Windows\System\ElrTTxK.exe
  2⤵
  PID:6852
- C:\Windows\System\cPzDsrW.exe
  C:\Windows\System\cPzDsrW.exe
  2⤵
  PID:6928
- C:\Windows\System\HLDkYwj.exe
  C:\Windows\System\HLDkYwj.exe
  2⤵
  PID:6988
- C:\Windows\System\YbVyhXR.exe
  C:\Windows\System\YbVyhXR.exe
  2⤵
  PID:7048
- C:\Windows\System\aFcYSxL.exe
  C:\Windows\System\aFcYSxL.exe
  2⤵
  PID:7124
- C:\Windows\System\qMYmbha.exe
  C:\Windows\System\qMYmbha.exe
  2⤵
  PID:5512
- C:\Windows\System\ENcQyCb.exe
  C:\Windows\System\ENcQyCb.exe
  2⤵
  PID:1660
- C:\Windows\System\sZGQDJs.exe
  C:\Windows\System\sZGQDJs.exe
  2⤵
  PID:6240
- C:\Windows\System\VJnynvj.exe
  C:\Windows\System\VJnynvj.exe
  2⤵
  PID:6372
- C:\Windows\System\NnOwSHh.exe
  C:\Windows\System\NnOwSHh.exe
  2⤵
  PID:2964
- C:\Windows\System\RkvtYSP.exe
  C:\Windows\System\RkvtYSP.exe
  2⤵
  PID:6648
- C:\Windows\System\bGjYxsp.exe
  C:\Windows\System\bGjYxsp.exe
  2⤵
  PID:6820
- C:\Windows\System\CKIyNeN.exe
  C:\Windows\System\CKIyNeN.exe
  2⤵
  PID:6956
- C:\Windows\System\qefhAiw.exe
  C:\Windows\System\qefhAiw.exe
  2⤵
  PID:7096
- C:\Windows\System\KMPglRT.exe
  C:\Windows\System\KMPglRT.exe
  2⤵
  PID:7200
- C:\Windows\System\RIAebgk.exe
  C:\Windows\System\RIAebgk.exe
  2⤵
  PID:7228
- C:\Windows\System\AeuhpFd.exe
  C:\Windows\System\AeuhpFd.exe
  2⤵
  PID:7256
- C:\Windows\System\akcKgeR.exe
  C:\Windows\System\akcKgeR.exe
  2⤵
  PID:7284
- C:\Windows\System\vsARYlc.exe
  C:\Windows\System\vsARYlc.exe
  2⤵
  PID:7312
- C:\Windows\System\alwVXRe.exe
  C:\Windows\System\alwVXRe.exe
  2⤵
  PID:7336
- C:\Windows\System\hNtUpAL.exe
  C:\Windows\System\hNtUpAL.exe
  2⤵
  PID:7356
- C:\Windows\System\jedIGEO.exe
  C:\Windows\System\jedIGEO.exe
  2⤵
  PID:7384
- C:\Windows\System\TyISmqe.exe
  C:\Windows\System\TyISmqe.exe
  2⤵
  PID:7412
- C:\Windows\System\UfVdnkl.exe
  C:\Windows\System\UfVdnkl.exe
  2⤵
  PID:7440
- C:\Windows\System\vwYipQJ.exe
  C:\Windows\System\vwYipQJ.exe
  2⤵
  PID:7468
- C:\Windows\System\EklowoV.exe
  C:\Windows\System\EklowoV.exe
  2⤵
  PID:7496
- C:\Windows\System\oRrXoxr.exe
  C:\Windows\System\oRrXoxr.exe
  2⤵
  PID:7524
- C:\Windows\System\qJqikOV.exe
  C:\Windows\System\qJqikOV.exe
  2⤵
  PID:7552
- C:\Windows\System\CJzTPoK.exe
  C:\Windows\System\CJzTPoK.exe
  2⤵
  PID:7580
- C:\Windows\System\ZOhlGNy.exe
  C:\Windows\System\ZOhlGNy.exe
  2⤵
  PID:7608
- C:\Windows\System\EcBIatC.exe
  C:\Windows\System\EcBIatC.exe
  2⤵
  PID:7636
- C:\Windows\System\iSjDgGJ.exe
  C:\Windows\System\iSjDgGJ.exe
  2⤵
  PID:7664
- C:\Windows\System\FtIYSeL.exe
  C:\Windows\System\FtIYSeL.exe
  2⤵
  PID:7692
- C:\Windows\System\ahtlErc.exe
  C:\Windows\System\ahtlErc.exe
  2⤵
  PID:7720
- C:\Windows\System\qHiWcbc.exe
  C:\Windows\System\qHiWcbc.exe
  2⤵
  PID:7748
- C:\Windows\System\hAjlrdM.exe
  C:\Windows\System\hAjlrdM.exe
  2⤵
  PID:7776
- C:\Windows\System\hZpyMlL.exe
  C:\Windows\System\hZpyMlL.exe
  2⤵
  PID:7804
- C:\Windows\System\qdKqwKR.exe
  C:\Windows\System\qdKqwKR.exe
  2⤵
  PID:7832
- C:\Windows\System\HWZkvmK.exe
  C:\Windows\System\HWZkvmK.exe
  2⤵
  PID:7860
- C:\Windows\System\ZtRbkHN.exe
  C:\Windows\System\ZtRbkHN.exe
  2⤵
  PID:7888
- C:\Windows\System\QIYOAZt.exe
  C:\Windows\System\QIYOAZt.exe
  2⤵
  PID:7916
- C:\Windows\System\wOlFBfa.exe
  C:\Windows\System\wOlFBfa.exe
  2⤵
  PID:7944
- C:\Windows\System\zqqtacQ.exe
  C:\Windows\System\zqqtacQ.exe
  2⤵
  PID:7972
- C:\Windows\System\YsQpyOP.exe
  C:\Windows\System\YsQpyOP.exe
  2⤵
  PID:8000
- C:\Windows\System\uUwodEc.exe
  C:\Windows\System\uUwodEc.exe
  2⤵
  PID:8028
- C:\Windows\System\cqlrGYI.exe
  C:\Windows\System\cqlrGYI.exe
  2⤵
  PID:8056
- C:\Windows\System\ZTtvQWN.exe
  C:\Windows\System\ZTtvQWN.exe
  2⤵
  PID:8084
- C:\Windows\System\TZCgkUZ.exe
  C:\Windows\System\TZCgkUZ.exe
  2⤵
  PID:8112
- C:\Windows\System\KWRTkNO.exe
  C:\Windows\System\KWRTkNO.exe
  2⤵
  PID:8140
- C:\Windows\System\bIrtlPB.exe
  C:\Windows\System\bIrtlPB.exe
  2⤵
  PID:8168
- C:\Windows\System\AsTMtql.exe
  C:\Windows\System\AsTMtql.exe
  2⤵
  PID:7156
- C:\Windows\System\ZNoifIF.exe
  C:\Windows\System\ZNoifIF.exe
  2⤵
  PID:6176
- C:\Windows\System\iMfJLeq.exe
  C:\Windows\System\iMfJLeq.exe
  2⤵
  PID:6568
- C:\Windows\System\DTFTHwt.exe
  C:\Windows\System\DTFTHwt.exe
  2⤵
  PID:2752
- C:\Windows\System\kzLoAMv.exe
  C:\Windows\System\kzLoAMv.exe
  2⤵
  PID:7192
- C:\Windows\System\SpOnrHN.exe
  C:\Windows\System\SpOnrHN.exe
  2⤵
  PID:7248
- C:\Windows\System\xAYjINY.exe
  C:\Windows\System\xAYjINY.exe
  2⤵
  PID:7304
- C:\Windows\System\bwvKSQS.exe
  C:\Windows\System\bwvKSQS.exe
  2⤵
  PID:7372
- C:\Windows\System\YluUbLV.exe
  C:\Windows\System\YluUbLV.exe
  2⤵
  PID:7428
- C:\Windows\System\vZOXvsm.exe
  C:\Windows\System\vZOXvsm.exe
  2⤵
  PID:7488
- C:\Windows\System\nhkpfpx.exe
  C:\Windows\System\nhkpfpx.exe
  2⤵
  PID:7564
- C:\Windows\System\ybIwHmg.exe
  C:\Windows\System\ybIwHmg.exe
  2⤵
  PID:7624
- C:\Windows\System\PjiTbAo.exe
  C:\Windows\System\PjiTbAo.exe
  2⤵
  PID:7680
- C:\Windows\System\zJOFffA.exe
  C:\Windows\System\zJOFffA.exe
  2⤵
  PID:7732
- C:\Windows\System\XhcvQvO.exe
  C:\Windows\System\XhcvQvO.exe
  2⤵
  PID:7792
- C:\Windows\System\bSjIOcU.exe
  C:\Windows\System\bSjIOcU.exe
  2⤵
  PID:7852
- C:\Windows\System\iwgeTKC.exe
  C:\Windows\System\iwgeTKC.exe
  2⤵
  PID:7928
- C:\Windows\System\dAapyqr.exe
  C:\Windows\System\dAapyqr.exe
  2⤵
  PID:7984
- C:\Windows\System\qvvtyEP.exe
  C:\Windows\System\qvvtyEP.exe
  2⤵
  PID:8040
- C:\Windows\System\pQiFbbJ.exe
  C:\Windows\System\pQiFbbJ.exe
  2⤵
  PID:8096
- C:\Windows\System\SYlSGbR.exe
  C:\Windows\System\SYlSGbR.exe
  2⤵
  PID:8156
- C:\Windows\System\QmJhJXu.exe
  C:\Windows\System\QmJhJXu.exe
  2⤵
  PID:1408
- C:\Windows\System\EHsjoTs.exe
  C:\Windows\System\EHsjoTs.exe
  2⤵
  PID:3776
- C:\Windows\System\dCUnUmC.exe
  C:\Windows\System\dCUnUmC.exe
  2⤵
  PID:7216
- C:\Windows\System\tBRGjaz.exe
  C:\Windows\System\tBRGjaz.exe
  2⤵
  PID:7348
- C:\Windows\System\SvXDslp.exe
  C:\Windows\System\SvXDslp.exe
  2⤵
  PID:6076
- C:\Windows\System\SRLlUMU.exe
  C:\Windows\System\SRLlUMU.exe
  2⤵
  PID:7600
- C:\Windows\System\kovAVrX.exe
  C:\Windows\System\kovAVrX.exe
  2⤵
  PID:7760
- C:\Windows\System\EHSBNEc.exe
  C:\Windows\System\EHSBNEc.exe
  2⤵
  PID:7820
- C:\Windows\System\trCTDKK.exe
  C:\Windows\System\trCTDKK.exe
  2⤵
  PID:7960
- C:\Windows\System\XhpVRHL.exe
  C:\Windows\System\XhpVRHL.exe
  2⤵
  PID:8072
- C:\Windows\System\QVUcWea.exe
  C:\Windows\System\QVUcWea.exe
  2⤵
  PID:5496
- C:\Windows\System\vaWZGAJ.exe
  C:\Windows\System\vaWZGAJ.exe
  2⤵
  PID:7172
- C:\Windows\System\GOHZihh.exe
  C:\Windows\System\GOHZihh.exe
  2⤵
  PID:8212
- C:\Windows\System\uYvNUpV.exe
  C:\Windows\System\uYvNUpV.exe
  2⤵
  PID:8240
- C:\Windows\System\okIFvMN.exe
  C:\Windows\System\okIFvMN.exe
  2⤵
  PID:8268
- C:\Windows\System\irlmaRm.exe
  C:\Windows\System\irlmaRm.exe
  2⤵
  PID:8296
- C:\Windows\System\YDadmdz.exe
  C:\Windows\System\YDadmdz.exe
  2⤵
  PID:8324
- C:\Windows\System\VNqXDXu.exe
  C:\Windows\System\VNqXDXu.exe
  2⤵
  PID:8352
- C:\Windows\System\WJymhWU.exe
  C:\Windows\System\WJymhWU.exe
  2⤵
  PID:8380
- C:\Windows\System\vTuioji.exe
  C:\Windows\System\vTuioji.exe
  2⤵
  PID:8408
- C:\Windows\System\OvOsetd.exe
  C:\Windows\System\OvOsetd.exe
  2⤵
  PID:8436
- C:\Windows\System\OoJEgbQ.exe
  C:\Windows\System\OoJEgbQ.exe
  2⤵
  PID:8468
- C:\Windows\System\vbBYbfT.exe
  C:\Windows\System\vbBYbfT.exe
  2⤵
  PID:8504
- C:\Windows\System\BmkKmPJ.exe
  C:\Windows\System\BmkKmPJ.exe
  2⤵
  PID:8532
- C:\Windows\System\BJDwqQk.exe
  C:\Windows\System\BJDwqQk.exe
  2⤵
  PID:8560
- C:\Windows\System\aForGqX.exe
  C:\Windows\System\aForGqX.exe
  2⤵
  PID:8588
- C:\Windows\System\vnmNZEM.exe
  C:\Windows\System\vnmNZEM.exe
  2⤵
  PID:8616
- C:\Windows\System\OTNdRxo.exe
  C:\Windows\System\OTNdRxo.exe
  2⤵
  PID:8644
- C:\Windows\System\XcWtCcB.exe
  C:\Windows\System\XcWtCcB.exe
  2⤵
  PID:8672
- C:\Windows\System\JsBkcOx.exe
  C:\Windows\System\JsBkcOx.exe
  2⤵
  PID:8700
- C:\Windows\System\TaMTIOp.exe
  C:\Windows\System\TaMTIOp.exe
  2⤵
  PID:8728
- C:\Windows\System\VnPNEpR.exe
  C:\Windows\System\VnPNEpR.exe
  2⤵
  PID:8756
- C:\Windows\System\RRJROgp.exe
  C:\Windows\System\RRJROgp.exe
  2⤵
  PID:8784
- C:\Windows\System\vtiUSwh.exe
  C:\Windows\System\vtiUSwh.exe
  2⤵
  PID:8812
- C:\Windows\System\giTsghE.exe
  C:\Windows\System\giTsghE.exe
  2⤵
  PID:8840
- C:\Windows\System\eDLEZJQ.exe
  C:\Windows\System\eDLEZJQ.exe
  2⤵
  PID:8868
- C:\Windows\System\rCtsRmb.exe
  C:\Windows\System\rCtsRmb.exe
  2⤵
  PID:8896
- C:\Windows\System\vTyZSmp.exe
  C:\Windows\System\vTyZSmp.exe
  2⤵
  PID:8924
- C:\Windows\System\uqyKJZZ.exe
  C:\Windows\System\uqyKJZZ.exe
  2⤵
  PID:8952
- C:\Windows\System\RxDGyZR.exe
  C:\Windows\System\RxDGyZR.exe
  2⤵
  PID:8980
- C:\Windows\System\BgrFHHO.exe
  C:\Windows\System\BgrFHHO.exe
  2⤵
  PID:9008
- C:\Windows\System\viPGggI.exe
  C:\Windows\System\viPGggI.exe
  2⤵
  PID:9036
- C:\Windows\System\mANBSvA.exe
  C:\Windows\System\mANBSvA.exe
  2⤵
  PID:9064
- C:\Windows\System\xcxIVMb.exe
  C:\Windows\System\xcxIVMb.exe
  2⤵
  PID:9092
- C:\Windows\System\bBVgRMO.exe
  C:\Windows\System\bBVgRMO.exe
  2⤵
  PID:9120
- C:\Windows\System\nplaztQ.exe
  C:\Windows\System\nplaztQ.exe
  2⤵
  PID:9148
- C:\Windows\System\TxDjLZI.exe
  C:\Windows\System\TxDjLZI.exe
  2⤵
  PID:9176
- C:\Windows\System\rqsUBdb.exe
  C:\Windows\System\rqsUBdb.exe
  2⤵
  PID:9204
- C:\Windows\System\qvQoTDR.exe
  C:\Windows\System\qvQoTDR.exe
  2⤵
  PID:432
- C:\Windows\System\PnIVQWH.exe
  C:\Windows\System\PnIVQWH.exe
  2⤵
  PID:5576
- C:\Windows\System\APIsfwS.exe
  C:\Windows\System\APIsfwS.exe
  2⤵
  PID:7904
- C:\Windows\System\xnoWriA.exe
  C:\Windows\System\xnoWriA.exe
  2⤵
  PID:8128
- C:\Windows\System\mZWAWGb.exe
  C:\Windows\System\mZWAWGb.exe
  2⤵
  PID:7040
- C:\Windows\System\ojvMTdP.exe
  C:\Windows\System\ojvMTdP.exe
  2⤵
  PID:8232
- C:\Windows\System\FTElyYv.exe
  C:\Windows\System\FTElyYv.exe
  2⤵
  PID:8284
- C:\Windows\System\ZQHOiai.exe
  C:\Windows\System\ZQHOiai.exe
  2⤵
  PID:8340
- C:\Windows\System\BgxRJKK.exe
  C:\Windows\System\BgxRJKK.exe
  2⤵
  PID:8392
- C:\Windows\System\eVbAwhP.exe
  C:\Windows\System\eVbAwhP.exe
  2⤵
  PID:8428
- C:\Windows\System\uTPypJo.exe
  C:\Windows\System\uTPypJo.exe
  2⤵
  PID:8496
- C:\Windows\System\OZgZFTs.exe
  C:\Windows\System\OZgZFTs.exe
  2⤵
  PID:8524
- C:\Windows\System\ADLuUiD.exe
  C:\Windows\System\ADLuUiD.exe
  2⤵
  PID:1364
- C:\Windows\System\tsumfvh.exe
  C:\Windows\System\tsumfvh.exe
  2⤵
  PID:8628
- C:\Windows\System\ddnNuEV.exe
  C:\Windows\System\ddnNuEV.exe
  2⤵
  PID:8684
- C:\Windows\System\sezDYkd.exe
  C:\Windows\System\sezDYkd.exe
  2⤵
  PID:8744
- C:\Windows\System\RQqbRfn.exe
  C:\Windows\System\RQqbRfn.exe
  2⤵
  PID:8804
- C:\Windows\System\zXaKEdS.exe
  C:\Windows\System\zXaKEdS.exe
  2⤵
  PID:8880
- C:\Windows\System\ZQSKUGl.exe
  C:\Windows\System\ZQSKUGl.exe
  2⤵
  PID:8940
- C:\Windows\System\bahEiBD.exe
  C:\Windows\System\bahEiBD.exe
  2⤵
  PID:9000
- C:\Windows\System\krUWkfW.exe
  C:\Windows\System\krUWkfW.exe
  2⤵
  PID:9076
- C:\Windows\System\Nyrkwjw.exe
  C:\Windows\System\Nyrkwjw.exe
  2⤵
  PID:9132
- C:\Windows\System\SNNbSsu.exe
  C:\Windows\System\SNNbSsu.exe
  2⤵
  PID:9192
- C:\Windows\System\GduWOnv.exe
  C:\Windows\System\GduWOnv.exe
  2⤵
  PID:7592
- C:\Windows\System\hjFWizr.exe
  C:\Windows\System\hjFWizr.exe
  2⤵
  PID:748
- C:\Windows\System\OBXucMg.exe
  C:\Windows\System\OBXucMg.exe
  2⤵
  PID:4736
- C:\Windows\System\EdwFJGQ.exe
  C:\Windows\System\EdwFJGQ.exe
  2⤵
  PID:8368
- C:\Windows\System\ZrFRUuV.exe
  C:\Windows\System\ZrFRUuV.exe
  2⤵
  PID:8488
- C:\Windows\System\lamFqGN.exe
  C:\Windows\System\lamFqGN.exe
  2⤵
  PID:512
- C:\Windows\System\aHxdgzF.exe
  C:\Windows\System\aHxdgzF.exe
  2⤵
  PID:8712
- C:\Windows\System\rmhHGzg.exe
  C:\Windows\System\rmhHGzg.exe
  2⤵
  PID:8832
- C:\Windows\System\lzKqPVP.exe
  C:\Windows\System\lzKqPVP.exe
  2⤵
  PID:8972
- C:\Windows\System\ETMrUsI.exe
  C:\Windows\System\ETMrUsI.exe
  2⤵
  PID:3524
- C:\Windows\System\QeilZII.exe
  C:\Windows\System\QeilZII.exe
  2⤵
  PID:3904
- C:\Windows\System\LlgokYl.exe
  C:\Windows\System\LlgokYl.exe
  2⤵
  PID:8224
- C:\Windows\System\TFvOkzN.exe
  C:\Windows\System\TFvOkzN.exe
  2⤵
  PID:8464
- C:\Windows\System\pdaBNCI.exe
  C:\Windows\System\pdaBNCI.exe
  2⤵
  PID:2244
- C:\Windows\System\RCXIrXJ.exe
  C:\Windows\System\RCXIrXJ.exe
  2⤵
  PID:8916
- C:\Windows\System\nNaBDUw.exe
  C:\Windows\System\nNaBDUw.exe
  2⤵
  PID:6136
- C:\Windows\System\sOjzjSr.exe
  C:\Windows\System\sOjzjSr.exe
  2⤵
  PID:9244
- C:\Windows\System\SwtAMZy.exe
  C:\Windows\System\SwtAMZy.exe
  2⤵
  PID:9272
- C:\Windows\System\omaTiww.exe
  C:\Windows\System\omaTiww.exe
  2⤵
  PID:9300
- C:\Windows\System\EXYAKCf.exe
  C:\Windows\System\EXYAKCf.exe
  2⤵
  PID:9316
- C:\Windows\System\rjaVUNV.exe
  C:\Windows\System\rjaVUNV.exe
  2⤵
  PID:9344
- C:\Windows\System\keFJvEM.exe
  C:\Windows\System\keFJvEM.exe
  2⤵
  PID:9384
- C:\Windows\System\wKIJOHU.exe
  C:\Windows\System\wKIJOHU.exe
  2⤵
  PID:9412
- C:\Windows\System\KvHGqdV.exe
  C:\Windows\System\KvHGqdV.exe
  2⤵
  PID:9440
- C:\Windows\System\OvZyOVG.exe
  C:\Windows\System\OvZyOVG.exe
  2⤵
  PID:9468
- C:\Windows\System\DZDQkEJ.exe
  C:\Windows\System\DZDQkEJ.exe
  2⤵
  PID:9496
- C:\Windows\System\YvtEcKc.exe
  C:\Windows\System\YvtEcKc.exe
  2⤵
  PID:9524
- C:\Windows\System\YpZnAzx.exe
  C:\Windows\System\YpZnAzx.exe
  2⤵
  PID:9552
- C:\Windows\System\WBXtvtx.exe
  C:\Windows\System\WBXtvtx.exe
  2⤵
  PID:9568
- C:\Windows\System\EPemhqR.exe
  C:\Windows\System\EPemhqR.exe
  2⤵
  PID:9596
- C:\Windows\System\oLAhZJc.exe
  C:\Windows\System\oLAhZJc.exe
  2⤵
  PID:9624
- C:\Windows\System\dmJPPIu.exe
  C:\Windows\System\dmJPPIu.exe
  2⤵
  PID:9652
- C:\Windows\System\gykRmUi.exe
  C:\Windows\System\gykRmUi.exe
  2⤵
  PID:9680
- C:\Windows\System\MNVmyFs.exe
  C:\Windows\System\MNVmyFs.exe
  2⤵
  PID:9708
- C:\Windows\System\NqIqGnR.exe
  C:\Windows\System\NqIqGnR.exe
  2⤵
  PID:9736
- C:\Windows\System\APjEnEu.exe
  C:\Windows\System\APjEnEu.exe
  2⤵
  PID:9764
- C:\Windows\System\vEFqEBC.exe
  C:\Windows\System\vEFqEBC.exe
  2⤵
  PID:9792
- C:\Windows\System\cdjJjqa.exe
  C:\Windows\System\cdjJjqa.exe
  2⤵
  PID:9872
- C:\Windows\System\OBTKEZt.exe
  C:\Windows\System\OBTKEZt.exe
  2⤵
  PID:9924
- C:\Windows\System\EXjVedz.exe
  C:\Windows\System\EXjVedz.exe
  2⤵
  PID:9944
- C:\Windows\System\YXNMSfm.exe
  C:\Windows\System\YXNMSfm.exe
  2⤵
  PID:9988
- C:\Windows\System\XiPCLpV.exe
  C:\Windows\System\XiPCLpV.exe
  2⤵
  PID:10028
- C:\Windows\System\HzVsnDj.exe
  C:\Windows\System\HzVsnDj.exe
  2⤵
  PID:10072
- C:\Windows\System\NHdVeBw.exe
  C:\Windows\System\NHdVeBw.exe
  2⤵
  PID:10092
- C:\Windows\System\sajlWzb.exe
  C:\Windows\System\sajlWzb.exe
  2⤵
  PID:10128
- C:\Windows\System\BDauVpz.exe
  C:\Windows\System\BDauVpz.exe
  2⤵
  PID:10152
- C:\Windows\System\kRbmIpH.exe
  C:\Windows\System\kRbmIpH.exe
  2⤵
  PID:10180
- C:\Windows\System\eXTLvsN.exe
  C:\Windows\System\eXTLvsN.exe
  2⤵
  PID:10196
- C:\Windows\System\ucktSdK.exe
  C:\Windows\System\ucktSdK.exe
  2⤵
  PID:4508
- C:\Windows\System\kkmTTcE.exe
  C:\Windows\System\kkmTTcE.exe
  2⤵
  PID:4804
- C:\Windows\System\ySAjoBI.exe
  C:\Windows\System\ySAjoBI.exe
  2⤵
  PID:9168
- C:\Windows\System\wzDXxLG.exe
  C:\Windows\System\wzDXxLG.exe
  2⤵
  PID:4428
- C:\Windows\System\AvKqOSi.exe
  C:\Windows\System\AvKqOSi.exe
  2⤵
  PID:9332
- C:\Windows\System\jhhwnnF.exe
  C:\Windows\System\jhhwnnF.exe
  2⤵
  PID:9424
- C:\Windows\System\cLpPpHu.exe
  C:\Windows\System\cLpPpHu.exe
  2⤵
  PID:9488
- C:\Windows\System\qXBXogV.exe
  C:\Windows\System\qXBXogV.exe
  2⤵
  PID:9544
- C:\Windows\System\MrNLzuA.exe
  C:\Windows\System\MrNLzuA.exe
  2⤵
  PID:9588
- C:\Windows\System\fjpnUvV.exe
  C:\Windows\System\fjpnUvV.exe
  2⤵
  PID:9636
- C:\Windows\System\UTfKrab.exe
  C:\Windows\System\UTfKrab.exe
  2⤵
  PID:4460
- C:\Windows\System\ENoccTn.exe
  C:\Windows\System\ENoccTn.exe
  2⤵
  PID:1284
- C:\Windows\System\qsLzIuw.exe
  C:\Windows\System\qsLzIuw.exe
  2⤵
  PID:5852
- C:\Windows\System\ZVGEBqJ.exe
  C:\Windows\System\ZVGEBqJ.exe
  2⤵
  PID:5336
- C:\Windows\System\rKPiBmi.exe
  C:\Windows\System\rKPiBmi.exe
  2⤵
  PID:5656
- C:\Windows\System\yYVlxDt.exe
  C:\Windows\System\yYVlxDt.exe
  2⤵
  PID:2924
- C:\Windows\System\LpRLJvA.exe
  C:\Windows\System\LpRLJvA.exe
  2⤵
  PID:1812
- C:\Windows\System\rQvGkid.exe
  C:\Windows\System\rQvGkid.exe
  2⤵
  PID:4808
- C:\Windows\System\rhGGSIm.exe
  C:\Windows\System\rhGGSIm.exe
  2⤵
  PID:4144
- C:\Windows\System\QDcqNDx.exe
  C:\Windows\System\QDcqNDx.exe
  2⤵
  PID:9748
- C:\Windows\System\Xiuspel.exe
  C:\Windows\System\Xiuspel.exe
  2⤵
  PID:4628
- C:\Windows\System\fteVYvA.exe
  C:\Windows\System\fteVYvA.exe
  2⤵
  PID:4108
- C:\Windows\System\Gjbkexz.exe
  C:\Windows\System\Gjbkexz.exe
  2⤵
  PID:9888
- C:\Windows\System\OZUotYX.exe
  C:\Windows\System\OZUotYX.exe
  2⤵
  PID:5728
- C:\Windows\System\aqreNJT.exe
  C:\Windows\System\aqreNJT.exe
  2⤵
  PID:9956
- C:\Windows\System\KktiRSW.exe
  C:\Windows\System\KktiRSW.exe
  2⤵
  PID:10048
- C:\Windows\System\EUIlijJ.exe
  C:\Windows\System\EUIlijJ.exe
  2⤵
  PID:10112
- C:\Windows\System\zXVdHzA.exe
  C:\Windows\System\zXVdHzA.exe
  2⤵
  PID:10188
- C:\Windows\System\MVSwmmx.exe
  C:\Windows\System\MVSwmmx.exe
  2⤵
  PID:1884
- C:\Windows\System\fEiemnl.exe
  C:\Windows\System\fEiemnl.exe
  2⤵
  PID:9260
- C:\Windows\System\fLlpeoA.exe
  C:\Windows\System\fLlpeoA.exe
  2⤵
  PID:9432
- C:\Windows\System\AEmUOAs.exe
  C:\Windows\System\AEmUOAs.exe
  2⤵
  PID:9512
- C:\Windows\System\KZurONm.exe
  C:\Windows\System\KZurONm.exe
  2⤵
  PID:9644
- C:\Windows\System\YUOFZYx.exe
  C:\Windows\System\YUOFZYx.exe
  2⤵
  PID:2780
- C:\Windows\System\zDKhtGJ.exe
  C:\Windows\System\zDKhtGJ.exe
  2⤵
  PID:5836
- C:\Windows\System\LmvDEAd.exe
  C:\Windows\System\LmvDEAd.exe
  2⤵
  PID:2008
- C:\Windows\System\hrMLfLt.exe
  C:\Windows\System\hrMLfLt.exe
  2⤵
  PID:9752
- C:\Windows\System\wUdUwZa.exe
  C:\Windows\System\wUdUwZa.exe
  2⤵
  PID:6104
- C:\Windows\System\uuvBQaG.exe
  C:\Windows\System\uuvBQaG.exe
  2⤵
  PID:10008
- C:\Windows\System\uFBTjGG.exe
  C:\Windows\System\uFBTjGG.exe
  2⤵
  PID:10136
- C:\Windows\System\ONLOOFF.exe
  C:\Windows\System\ONLOOFF.exe
  2⤵
  PID:8420
- C:\Windows\System\amQBFfA.exe
  C:\Windows\System\amQBFfA.exe
  2⤵
  PID:3452
- C:\Windows\System\dprJBOk.exe
  C:\Windows\System\dprJBOk.exe
  2⤵
  PID:2988
- C:\Windows\System\DjwNIOf.exe
  C:\Windows\System\DjwNIOf.exe
  2⤵
  PID:5540
- C:\Windows\System\HoETscd.exe
  C:\Windows\System\HoETscd.exe
  2⤵
  PID:9912
- C:\Windows\System\RjnozPW.exe
  C:\Windows\System\RjnozPW.exe
  2⤵
  PID:10212
- C:\Windows\System\gjGKUpO.exe
  C:\Windows\System\gjGKUpO.exe
  2⤵
  PID:5600
- C:\Windows\System\BnWBYOn.exe
  C:\Windows\System\BnWBYOn.exe
  2⤵
  PID:10232
- C:\Windows\System\myBkPku.exe
  C:\Windows\System\myBkPku.exe
  2⤵
  PID:1068
- C:\Windows\System\oRSZLCJ.exe
  C:\Windows\System\oRSZLCJ.exe
  2⤵
  PID:3988
- C:\Windows\System\gKnRQgr.exe
  C:\Windows\System\gKnRQgr.exe
  2⤵
  PID:10276
- C:\Windows\System\VZxfupR.exe
  C:\Windows\System\VZxfupR.exe
  2⤵
  PID:10308
- C:\Windows\System\utjFjMQ.exe
  C:\Windows\System\utjFjMQ.exe
  2⤵
  PID:10336
- C:\Windows\System\vvQTDTA.exe
  C:\Windows\System\vvQTDTA.exe
  2⤵
  PID:10364
- C:\Windows\System\RvilOex.exe
  C:\Windows\System\RvilOex.exe
  2⤵
  PID:10392
- C:\Windows\System\uaVMwMm.exe
  C:\Windows\System\uaVMwMm.exe
  2⤵
  PID:10420
- C:\Windows\System\FnCzxKX.exe
  C:\Windows\System\FnCzxKX.exe
  2⤵
  PID:10448
- C:\Windows\System\JNlierh.exe
  C:\Windows\System\JNlierh.exe
  2⤵
  PID:10476
- C:\Windows\System\PTwMuNq.exe
  C:\Windows\System\PTwMuNq.exe
  2⤵
  PID:10512
- C:\Windows\System\QPfWzCQ.exe
  C:\Windows\System\QPfWzCQ.exe
  2⤵
  PID:10560
- C:\Windows\System\faJyQsq.exe
  C:\Windows\System\faJyQsq.exe
  2⤵
  PID:10604
- C:\Windows\System\qYaiGgN.exe
  C:\Windows\System\qYaiGgN.exe
  2⤵
  PID:10632
- C:\Windows\System\UxbAyqN.exe
  C:\Windows\System\UxbAyqN.exe
  2⤵
  PID:10664
- C:\Windows\System\bkvuoHI.exe
  C:\Windows\System\bkvuoHI.exe
  2⤵
  PID:10692
- C:\Windows\System\SKVDjlV.exe
  C:\Windows\System\SKVDjlV.exe
  2⤵
  PID:10740
- C:\Windows\System\ZQpffUz.exe
  C:\Windows\System\ZQpffUz.exe
  2⤵
  PID:10756
- C:\Windows\System\YQbsvPg.exe
  C:\Windows\System\YQbsvPg.exe
  2⤵
  PID:10784
- C:\Windows\System\plHsuNG.exe
  C:\Windows\System\plHsuNG.exe
  2⤵
  PID:10820
- C:\Windows\System\mWixyQd.exe
  C:\Windows\System\mWixyQd.exe
  2⤵
  PID:10876
- C:\Windows\System\geKZvwe.exe
  C:\Windows\System\geKZvwe.exe
  2⤵
  PID:10908
- C:\Windows\System\NYJDcMQ.exe
  C:\Windows\System\NYJDcMQ.exe
  2⤵
  PID:10944
- C:\Windows\System\FxaCByi.exe
  C:\Windows\System\FxaCByi.exe
  2⤵
  PID:10976
- C:\Windows\System\EPjrTlw.exe
  C:\Windows\System\EPjrTlw.exe
  2⤵
  PID:11012
- C:\Windows\System\TriJHMX.exe
  C:\Windows\System\TriJHMX.exe
  2⤵
  PID:11040
- C:\Windows\System\mbCsNix.exe
  C:\Windows\System\mbCsNix.exe
  2⤵
  PID:11076
- C:\Windows\System\bADaZsX.exe
  C:\Windows\System\bADaZsX.exe
  2⤵
  PID:11116
- C:\Windows\System\KroNVqw.exe
  C:\Windows\System\KroNVqw.exe
  2⤵
  PID:11144
- C:\Windows\System\ZVvOXlT.exe
  C:\Windows\System\ZVvOXlT.exe
  2⤵
  PID:11176
- C:\Windows\System\RJfwPKD.exe
  C:\Windows\System\RJfwPKD.exe
  2⤵
  PID:11224
- C:\Windows\System\XXnYgwk.exe
  C:\Windows\System\XXnYgwk.exe
  2⤵
  PID:10268
- C:\Windows\System\SoUQQcO.exe
  C:\Windows\System\SoUQQcO.exe
  2⤵
  PID:10416
- C:\Windows\System\SNzwFoW.exe
  C:\Windows\System\SNzwFoW.exe
  2⤵
  PID:10540
- C:\Windows\System\xqsnUyY.exe
  C:\Windows\System\xqsnUyY.exe
  2⤵
  PID:10680
- C:\Windows\System\HIpbmtf.exe
  C:\Windows\System\HIpbmtf.exe
  2⤵
  PID:10816
- C:\Windows\System\XFREpAG.exe
  C:\Windows\System\XFREpAG.exe
  2⤵
  PID:2496
- C:\Windows\System\tuJUyyx.exe
  C:\Windows\System\tuJUyyx.exe
  2⤵
  PID:10984
- C:\Windows\System\gDuwczz.exe
  C:\Windows\System\gDuwczz.exe
  2⤵
  PID:11128
- C:\Windows\System\LcReXNX.exe
  C:\Windows\System\LcReXNX.exe
  2⤵
  PID:11172
- C:\Windows\System\CXEVwmZ.exe
  C:\Windows\System\CXEVwmZ.exe
  2⤵
  PID:1888
- C:\Windows\System\kJofdTE.exe
  C:\Windows\System\kJofdTE.exe
  2⤵
  PID:10660
- C:\Windows\System\tPwWmBD.exe
  C:\Windows\System\tPwWmBD.exe
  2⤵
  PID:11048
- C:\Windows\System\RPnCoSN.exe
  C:\Windows\System\RPnCoSN.exe
  2⤵
  PID:5796
- C:\Windows\System\mZywMYE.exe
  C:\Windows\System\mZywMYE.exe
  2⤵
  PID:11004
- C:\Windows\System\kPfnPEQ.exe
  C:\Windows\System\kPfnPEQ.exe
  2⤵
  PID:10748
- C:\Windows\System\YrDhuBO.exe
  C:\Windows\System\YrDhuBO.exe
  2⤵
  PID:11272
- C:\Windows\System\WrHQZaB.exe
  C:\Windows\System\WrHQZaB.exe
  2⤵
  PID:11300
- C:\Windows\System\EXWYVMn.exe
  C:\Windows\System\EXWYVMn.exe
  2⤵
  PID:11332
- C:\Windows\System\PAsztpb.exe
  C:\Windows\System\PAsztpb.exe
  2⤵
  PID:11376
- C:\Windows\System\vFUEkRS.exe
  C:\Windows\System\vFUEkRS.exe
  2⤵
  PID:11408
- C:\Windows\System\mwhWADI.exe
  C:\Windows\System\mwhWADI.exe
  2⤵
  PID:11444
- C:\Windows\System\UcxzldK.exe
  C:\Windows\System\UcxzldK.exe
  2⤵
  PID:11472
- C:\Windows\System\HUsrfqV.exe
  C:\Windows\System\HUsrfqV.exe
  2⤵
  PID:11536
- C:\Windows\System\jxiVQVJ.exe
  C:\Windows\System\jxiVQVJ.exe
  2⤵
  PID:11564
- C:\Windows\System\rXxdwGS.exe
  C:\Windows\System\rXxdwGS.exe
  2⤵
  PID:11588
- C:\Windows\System\FBRCyev.exe
  C:\Windows\System\FBRCyev.exe
  2⤵
  PID:11620
- C:\Windows\System\GIaPZMU.exe
  C:\Windows\System\GIaPZMU.exe
  2⤵
  PID:11664
- C:\Windows\System\rgLQoZD.exe
  C:\Windows\System\rgLQoZD.exe
  2⤵
  PID:11696
- C:\Windows\System\AnWXyic.exe
  C:\Windows\System\AnWXyic.exe
  2⤵
  PID:11728
- C:\Windows\System\mnXbRZV.exe
  C:\Windows\System\mnXbRZV.exe
  2⤵
  PID:11760
- C:\Windows\System\hRUGtBM.exe
  C:\Windows\System\hRUGtBM.exe
  2⤵
  PID:11788
- C:\Windows\System\uJwGtdy.exe
  C:\Windows\System\uJwGtdy.exe
  2⤵
  PID:11820
- C:\Windows\System\jchZIzg.exe
  C:\Windows\System\jchZIzg.exe
  2⤵
  PID:11852
- C:\Windows\System\vwaukVQ.exe
  C:\Windows\System\vwaukVQ.exe
  2⤵
  PID:11892
- C:\Windows\System\aDxCMVf.exe
  C:\Windows\System\aDxCMVf.exe
  2⤵
  PID:11912
- C:\Windows\System\ZfrMtDp.exe
  C:\Windows\System\ZfrMtDp.exe
  2⤵
  PID:11940
- C:\Windows\System\RtTSOTz.exe
  C:\Windows\System\RtTSOTz.exe
  2⤵
  PID:11972
- C:\Windows\System\zyEWQCf.exe
  C:\Windows\System\zyEWQCf.exe
  2⤵
  PID:12020
- C:\Windows\System\yDKPYWE.exe
  C:\Windows\System\yDKPYWE.exe
  2⤵
  PID:12036
- C:\Windows\System\zfIUhfC.exe
  C:\Windows\System\zfIUhfC.exe
  2⤵
  PID:12072
- C:\Windows\System\NyNtJSR.exe
  C:\Windows\System\NyNtJSR.exe
  2⤵
  PID:12100
- C:\Windows\System\VtDmcJy.exe
  C:\Windows\System\VtDmcJy.exe
  2⤵
  PID:12148
- C:\Windows\System\IxBQwep.exe
  C:\Windows\System\IxBQwep.exe
  2⤵
  PID:12176
- C:\Windows\System\ZIdDfPy.exe
  C:\Windows\System\ZIdDfPy.exe
  2⤵
  PID:12204
- C:\Windows\System\HZQTogr.exe
  C:\Windows\System\HZQTogr.exe
  2⤵
  PID:12232
- C:\Windows\System\AahkxTm.exe
  C:\Windows\System\AahkxTm.exe
  2⤵
  PID:12260
- C:\Windows\System\XIbTEst.exe
  C:\Windows\System\XIbTEst.exe
  2⤵
  PID:10524
- C:\Windows\System\usQKFrx.exe
  C:\Windows\System\usQKFrx.exe
  2⤵
  PID:11328
- C:\Windows\System\SumTUEw.exe
  C:\Windows\System\SumTUEw.exe
  2⤵
  PID:11424
- C:\Windows\System\pXHZdZZ.exe
  C:\Windows\System\pXHZdZZ.exe
  2⤵
  PID:11484
- C:\Windows\System\SwmknDC.exe
  C:\Windows\System\SwmknDC.exe
  2⤵
  PID:11584
- C:\Windows\System\feFigMy.exe
  C:\Windows\System\feFigMy.exe
  2⤵
  PID:11676
- C:\Windows\System\xygFsMl.exe
  C:\Windows\System\xygFsMl.exe
  2⤵
  PID:11720
- C:\Windows\System\KikBaFg.exe
  C:\Windows\System\KikBaFg.exe
  2⤵
  PID:11776
- C:\Windows\System\phoKYxQ.exe
  C:\Windows\System\phoKYxQ.exe
  2⤵
  PID:11844
- C:\Windows\System\iZgPllR.exe
  C:\Windows\System\iZgPllR.exe
  2⤵
  PID:11924
- C:\Windows\System\YYZDZEu.exe
  C:\Windows\System\YYZDZEu.exe
  2⤵
  PID:11968
- C:\Windows\System\nxJfYUH.exe
  C:\Windows\System\nxJfYUH.exe
  2⤵
  PID:12048
- C:\Windows\System\bvOwtdV.exe
  C:\Windows\System\bvOwtdV.exe
  2⤵
  PID:12068
- C:\Windows\System\BUfEzkf.exe
  C:\Windows\System\BUfEzkf.exe
  2⤵
  PID:12220
- C:\Windows\System\kJhQQGM.exe
  C:\Windows\System\kJhQQGM.exe
  2⤵
  PID:11324
- C:\Windows\System\neSrBdJ.exe
  C:\Windows\System\neSrBdJ.exe
  2⤵
  PID:11468
- C:\Windows\System\kFYDWhS.exe
  C:\Windows\System\kFYDWhS.exe
  2⤵
  PID:11688
- C:\Windows\System\VrkGKHi.exe
  C:\Windows\System\VrkGKHi.exe
  2⤵
  PID:2296
- C:\Windows\System\hjwQKQr.exe
  C:\Windows\System\hjwQKQr.exe
  2⤵
  PID:11936
- C:\Windows\System\JeAAEhI.exe
  C:\Windows\System\JeAAEhI.exe
  2⤵
  PID:12064
- C:\Windows\System\NrpMlts.exe
  C:\Windows\System\NrpMlts.exe
  2⤵
  PID:11292
- C:\Windows\System\kHMaJnK.exe
  C:\Windows\System\kHMaJnK.exe
  2⤵
  PID:5940
- C:\Windows\System\dklLtrQ.exe
  C:\Windows\System\dklLtrQ.exe
  2⤵
  PID:11900
- C:\Windows\System\sczWwtv.exe
  C:\Windows\System\sczWwtv.exe
  2⤵
  PID:12200
- C:\Windows\System\dKtCSUE.exe
  C:\Windows\System\dKtCSUE.exe
  2⤵
  PID:12292
- C:\Windows\System\WNsnULV.exe
  C:\Windows\System\WNsnULV.exe
  2⤵
  PID:12332
- C:\Windows\System\xQlRobS.exe
  C:\Windows\System\xQlRobS.exe
  2⤵
  PID:12368
- C:\Windows\System\SDmvBzN.exe
  C:\Windows\System\SDmvBzN.exe
  2⤵
  PID:12396
- C:\Windows\System\YsFytSS.exe
  C:\Windows\System\YsFytSS.exe
  2⤵
  PID:12424
- C:\Windows\System\feLZNWR.exe
  C:\Windows\System\feLZNWR.exe
  2⤵
  PID:12452
- C:\Windows\System\kbUqSWx.exe
  C:\Windows\System\kbUqSWx.exe
  2⤵
  PID:12480
- C:\Windows\System\ppqJFws.exe
  C:\Windows\System\ppqJFws.exe
  2⤵
  PID:12508
- C:\Windows\System\EsvnlCF.exe
  C:\Windows\System\EsvnlCF.exe
  2⤵
  PID:12536
- C:\Windows\System\YZJtEGF.exe
  C:\Windows\System\YZJtEGF.exe
  2⤵
  PID:12572
- C:\Windows\System\NfLWCuL.exe
  C:\Windows\System\NfLWCuL.exe
  2⤵
  PID:12592
- C:\Windows\System\FLlomZL.exe
  C:\Windows\System\FLlomZL.exe
  2⤵
  PID:12624
- C:\Windows\System\fNUDwJW.exe
  C:\Windows\System\fNUDwJW.exe
  2⤵
  PID:12652
- C:\Windows\System\csVFNYD.exe
  C:\Windows\System\csVFNYD.exe
  2⤵
  PID:12680
- C:\Windows\System\jELYZOt.exe
  C:\Windows\System\jELYZOt.exe
  2⤵
  PID:12708
- C:\Windows\System\ESRkFhb.exe
  C:\Windows\System\ESRkFhb.exe
  2⤵
  PID:12736
- C:\Windows\System\ZioNbcL.exe
  C:\Windows\System\ZioNbcL.exe
  2⤵
  PID:12764
- C:\Windows\System\Tvuhxsn.exe
  C:\Windows\System\Tvuhxsn.exe
  2⤵
  PID:12792
- C:\Windows\System\RTyNskC.exe
  C:\Windows\System\RTyNskC.exe
  2⤵
  PID:12820
- C:\Windows\System\sdsCcYX.exe
  C:\Windows\System\sdsCcYX.exe
  2⤵
  PID:12848
- C:\Windows\System\jimUhot.exe
  C:\Windows\System\jimUhot.exe
  2⤵
  PID:12876
- C:\Windows\System\bEBALjr.exe
  C:\Windows\System\bEBALjr.exe
  2⤵
  PID:12904
- C:\Windows\System\hiBMGKz.exe
  C:\Windows\System\hiBMGKz.exe
  2⤵
  PID:12932
- C:\Windows\System\pqBVEVe.exe
  C:\Windows\System\pqBVEVe.exe
  2⤵
  PID:12960
- C:\Windows\System\kBuvtXN.exe
  C:\Windows\System\kBuvtXN.exe
  2⤵
  PID:12992
- C:\Windows\System\UGOJbGs.exe
  C:\Windows\System\UGOJbGs.exe
  2⤵
  PID:13032
- C:\Windows\System\xKnKEzV.exe
  C:\Windows\System\xKnKEzV.exe
  2⤵
  PID:13052
- C:\Windows\System\cJokTrM.exe
  C:\Windows\System\cJokTrM.exe
  2⤵
  PID:13084
- C:\Windows\System\oFSRIrl.exe
  C:\Windows\System\oFSRIrl.exe
  2⤵
  PID:13104
- C:\Windows\System\aRKyRxz.exe
  C:\Windows\System\aRKyRxz.exe
  2⤵
  PID:13132
- C:\Windows\System\dUuwruT.exe
  C:\Windows\System\dUuwruT.exe
  2⤵
  PID:13160
- C:\Windows\System\AUzRZzy.exe
  C:\Windows\System\AUzRZzy.exe
  2⤵
  PID:13188
- C:\Windows\System\srjAvJu.exe
  C:\Windows\System\srjAvJu.exe
  2⤵
  PID:13216
- C:\Windows\System\gjvTdUd.exe
  C:\Windows\System\gjvTdUd.exe
  2⤵
  PID:13244
- C:\Windows\System\CbwfWuB.exe
  C:\Windows\System\CbwfWuB.exe
  2⤵
  PID:13272
- C:\Windows\System\NWgFRtD.exe
  C:\Windows\System\NWgFRtD.exe
  2⤵
  PID:13300
- C:\Windows\System\MZXoNdx.exe
  C:\Windows\System\MZXoNdx.exe
  2⤵
  PID:5232
- C:\Windows\System\oehjwjG.exe
  C:\Windows\System\oehjwjG.exe
  2⤵
  PID:10296
- C:\Windows\System\oNWciaD.exe
  C:\Windows\System\oNWciaD.exe
  2⤵
  PID:10248
- C:\Windows\System\KqPNuEp.exe
  C:\Windows\System\KqPNuEp.exe
  2⤵
  PID:12420
- C:\Windows\System\uuXHzwv.exe
  C:\Windows\System\uuXHzwv.exe
  2⤵
  PID:12496
- C:\Windows\System\kxgABBw.exe
  C:\Windows\System\kxgABBw.exe
  2⤵
  PID:12556
- C:\Windows\System\lsXujMj.exe
  C:\Windows\System\lsXujMj.exe
  2⤵
  PID:12644
- C:\Windows\System\fXhrQtQ.exe
  C:\Windows\System\fXhrQtQ.exe
  2⤵
  PID:12676
- C:\Windows\System\NmqvBIB.exe
  C:\Windows\System\NmqvBIB.exe
  2⤵
  PID:12752
- C:\Windows\System\ztYmpgz.exe
  C:\Windows\System\ztYmpgz.exe
  2⤵
  PID:12812
- C:\Windows\System\EuYZrkl.exe
  C:\Windows\System\EuYZrkl.exe
  2⤵
  PID:12872
- C:\Windows\System\zegTogn.exe
  C:\Windows\System\zegTogn.exe
  2⤵
  PID:12944
- C:\Windows\System\lTVaDLl.exe
  C:\Windows\System\lTVaDLl.exe
  2⤵
  PID:13012
- C:\Windows\System\GAoLuDI.exe
  C:\Windows\System\GAoLuDI.exe
  2⤵
  PID:13068
- C:\Windows\System\pYiqkbn.exe
  C:\Windows\System\pYiqkbn.exe
  2⤵
  PID:13128
- C:\Windows\System\hiQziIz.exe
  C:\Windows\System\hiQziIz.exe
  2⤵
  PID:13204
- C:\Windows\System\pvntloj.exe
  C:\Windows\System\pvntloj.exe
  2⤵
  PID:13264
- C:\Windows\System\JyiBzhx.exe
  C:\Windows\System\JyiBzhx.exe
  2⤵
  PID:12388
- C:\Windows\System\olYVXZA.exe
  C:\Windows\System\olYVXZA.exe
  2⤵
  PID:6132
- C:\Windows\System\xqbwEet.exe
  C:\Windows\System\xqbwEet.exe
  2⤵
  PID:6096
- C:\Windows\System\jvucuSw.exe
  C:\Windows\System\jvucuSw.exe
  2⤵
  PID:12616
- C:\Windows\System\ErQLPIT.exe
  C:\Windows\System\ErQLPIT.exe
  2⤵
  PID:12868
- C:\Windows\System\YjiifXW.exe
  C:\Windows\System\YjiifXW.exe
  2⤵
  PID:13004
- C:\Windows\System\bmTrezX.exe
  C:\Windows\System\bmTrezX.exe
  2⤵
  PID:13172
- C:\Windows\System\elxBNQa.exe
  C:\Windows\System\elxBNQa.exe
  2⤵
  PID:10644
- C:\Windows\System\kFSeoGp.exe
  C:\Windows\System\kFSeoGp.exe
  2⤵
  PID:11992
- C:\Windows\System\equrkSH.exe
  C:\Windows\System\equrkSH.exe
  2⤵
  PID:12840
- C:\Windows\System\GFDJCdw.exe
  C:\Windows\System\GFDJCdw.exe
  2⤵
  PID:13236
- C:\Windows\System\FtFUSAO.exe
  C:\Windows\System\FtFUSAO.exe
  2⤵
  PID:12788
- C:\Windows\System\KBPFBvO.exe
  C:\Windows\System\KBPFBvO.exe
  2⤵
  PID:12612
- C:\Windows\System\MtGmkRV.exe
  C:\Windows\System\MtGmkRV.exe
  2⤵
  PID:13328
- C:\Windows\System\FVnmCZL.exe
  C:\Windows\System\FVnmCZL.exe
  2⤵
  PID:13356
- C:\Windows\System\tisqPYI.exe
  C:\Windows\System\tisqPYI.exe
  2⤵
  PID:13384
- C:\Windows\System\DWTuAOz.exe
  C:\Windows\System\DWTuAOz.exe
  2⤵
  PID:13412
- C:\Windows\System\ZYeXhbO.exe
  C:\Windows\System\ZYeXhbO.exe
  2⤵
  PID:13440
- C:\Windows\System\aSPUYPP.exe
  C:\Windows\System\aSPUYPP.exe
  2⤵
  PID:13468
- C:\Windows\System\LLDTxVo.exe
  C:\Windows\System\LLDTxVo.exe
  2⤵
  PID:13496
- C:\Windows\System\nlosLZe.exe
  C:\Windows\System\nlosLZe.exe
  2⤵
  PID:13524
- C:\Windows\System\OINOzCw.exe
  C:\Windows\System\OINOzCw.exe
  2⤵
  PID:13552
- C:\Windows\System\NSBbsqZ.exe
  C:\Windows\System\NSBbsqZ.exe
  2⤵
  PID:13580
- C:\Windows\System\EPzhOsh.exe
  C:\Windows\System\EPzhOsh.exe
  2⤵
  PID:13608
- C:\Windows\System\OrrshBM.exe
  C:\Windows\System\OrrshBM.exe
  2⤵
  PID:13636
- C:\Windows\System\sHqGvKx.exe
  C:\Windows\System\sHqGvKx.exe
  2⤵
  PID:13668
- C:\Windows\System\qBSzVLk.exe
  C:\Windows\System\qBSzVLk.exe
  2⤵
  PID:13696
- C:\Windows\System\fMskYPz.exe
  C:\Windows\System\fMskYPz.exe
  2⤵
  PID:13724
- C:\Windows\System\DXelvYb.exe
  C:\Windows\System\DXelvYb.exe
  2⤵
  PID:13752
- C:\Windows\System\ozCTWpb.exe
  C:\Windows\System\ozCTWpb.exe
  2⤵
  PID:13780
- C:\Windows\System\tryJvCA.exe
  C:\Windows\System\tryJvCA.exe
  2⤵
  PID:13812
- C:\Windows\System\tJVxzyV.exe
  C:\Windows\System\tJVxzyV.exe
  2⤵
  PID:13840
- C:\Windows\System\kMBfybf.exe
  C:\Windows\System\kMBfybf.exe
  2⤵
  PID:13868
- C:\Windows\System\VYAiGHw.exe
  C:\Windows\System\VYAiGHw.exe
  2⤵
  PID:13896
- C:\Windows\System\uapMjMO.exe
  C:\Windows\System\uapMjMO.exe
  2⤵
  PID:13924
- C:\Windows\System\qZrAWGs.exe
  C:\Windows\System\qZrAWGs.exe
  2⤵
  PID:13952
- C:\Windows\System\hhdMKgk.exe
  C:\Windows\System\hhdMKgk.exe
  2⤵
  PID:13980
- C:\Windows\System\xRKJKJa.exe
  C:\Windows\System\xRKJKJa.exe
  2⤵
  PID:14008
- C:\Windows\System\cRydMBb.exe
  C:\Windows\System\cRydMBb.exe
  2⤵
  PID:14036
- C:\Windows\System\cYhlvYX.exe
  C:\Windows\System\cYhlvYX.exe
  2⤵
  PID:14064
- C:\Windows\System\NcoFZGS.exe
  C:\Windows\System\NcoFZGS.exe
  2⤵
  PID:14092
- C:\Windows\System\HOwuRNx.exe
  C:\Windows\System\HOwuRNx.exe
  2⤵
  PID:14120
- C:\Windows\System\DqPFIWR.exe
  C:\Windows\System\DqPFIWR.exe
  2⤵
  PID:14148
- C:\Windows\System\SRVIGFr.exe
  C:\Windows\System\SRVIGFr.exe
  2⤵
  PID:14176
- C:\Windows\System\UFxpDXr.exe
  C:\Windows\System\UFxpDXr.exe
  2⤵
  PID:14204
- C:\Windows\System\bgcnyoA.exe
  C:\Windows\System\bgcnyoA.exe
  2⤵
  PID:14232
- C:\Windows\System\fKGnLtu.exe
  C:\Windows\System\fKGnLtu.exe
  2⤵
  PID:14260
- C:\Windows\System\Srblpmh.exe
  C:\Windows\System\Srblpmh.exe
  2⤵
  PID:14288
- C:\Windows\System\IAXEciG.exe
  C:\Windows\System\IAXEciG.exe
  2⤵
  PID:14316
- C:\Windows\System\tQAQCVS.exe
  C:\Windows\System\tQAQCVS.exe
  2⤵
  PID:13324
- C:\Windows\System\hAUCdpd.exe
  C:\Windows\System\hAUCdpd.exe
  2⤵
  PID:13404
- C:\Windows\System\FzIjPFs.exe
  C:\Windows\System\FzIjPFs.exe
  2⤵
  PID:13464
- C:\Windows\System\ZNRFqQw.exe
  C:\Windows\System\ZNRFqQw.exe
  2⤵
  PID:13536
- C:\Windows\System\uruquPm.exe
  C:\Windows\System\uruquPm.exe
  2⤵
  PID:13600
- C:\Windows\System\tFWIlKx.exe
  C:\Windows\System\tFWIlKx.exe
  2⤵
  PID:13664
- C:\Windows\System\FsMwvtI.exe
  C:\Windows\System\FsMwvtI.exe
  2⤵
  PID:13736
- C:\Windows\System\gtyfhKs.exe
  C:\Windows\System\gtyfhKs.exe
  2⤵
  PID:13804
- C:\Windows\System\LwZMnYY.exe
  C:\Windows\System\LwZMnYY.exe
  2⤵
  PID:13864
- C:\Windows\System\xfqXiCK.exe
  C:\Windows\System\xfqXiCK.exe
  2⤵
  PID:13940
- C:\Windows\System\MUveCSU.exe
  C:\Windows\System\MUveCSU.exe
  2⤵
  PID:14000
- C:\Windows\System\tFIuJRp.exe
  C:\Windows\System\tFIuJRp.exe
  2⤵
  PID:14060
- C:\Windows\System\jMtmbCr.exe
  C:\Windows\System\jMtmbCr.exe
  2⤵
  PID:14136
- C:\Windows\System\qtiWRBO.exe
  C:\Windows\System\qtiWRBO.exe
  2⤵
  PID:5052
- C:\Windows\System\cVnARSd.exe
  C:\Windows\System\cVnARSd.exe
  2⤵
  PID:14196
- C:\Windows\System\HdDYjRf.exe
  C:\Windows\System\HdDYjRf.exe
  2⤵
  PID:14280
- C:\Windows\System\wIraUMS.exe
  C:\Windows\System\wIraUMS.exe
  2⤵
  PID:14308
- C:\Windows\System\cPSOmWy.exe
  C:\Windows\System\cPSOmWy.exe
  2⤵
  PID:13436
- C:\Windows\System\kDPhMzU.exe
  C:\Windows\System\kDPhMzU.exe
  2⤵
  PID:13564
- C:\Windows\System\zxZcESa.exe
  C:\Windows\System\zxZcESa.exe
  2⤵
  PID:13692
- C:\Windows\System\QsvyjwZ.exe
  C:\Windows\System\QsvyjwZ.exe
  2⤵
  PID:13908
- C:\Windows\System\lFrvtZc.exe
  C:\Windows\System\lFrvtZc.exe
  2⤵
  PID:13992
- C:\Windows\System\dZTcfas.exe
  C:\Windows\System\dZTcfas.exe
  2⤵
  PID:14160
- C:\Windows\System\xcmkrkT.exe
  C:\Windows\System\xcmkrkT.exe
  2⤵
  PID:14272
- C:\Windows\System\CrmbBaw.exe
  C:\Windows\System\CrmbBaw.exe
  2⤵
  PID:13460
- C:\Windows\System\auxacst.exe
  C:\Windows\System\auxacst.exe
  2⤵
  PID:13768
- C:\Windows\System\fSxGQIV.exe
  C:\Windows\System\fSxGQIV.exe
  2⤵
  PID:10320
- C:\Windows\System\OxGDbsg.exe
  C:\Windows\System\OxGDbsg.exe
  2⤵
  PID:11200
- C:\Windows\System\wiaJHhd.exe
  C:\Windows\System\wiaJHhd.exe
  2⤵
  PID:10592
- C:\Windows\System\zWEwVMM.exe
  C:\Windows\System\zWEwVMM.exe
  2⤵
  PID:11208
- C:\Windows\System\jaxIVAL.exe
  C:\Windows\System\jaxIVAL.exe
  2⤵
  PID:13660
- C:\Windows\System\EjywVwZ.exe
  C:\Windows\System\EjywVwZ.exe
  2⤵
  PID:10548
- C:\Windows\System\hJgWpwm.exe
  C:\Windows\System\hJgWpwm.exe
  2⤵
  PID:13628
- C:\Windows\System\zUWwHFP.exe
  C:\Windows\System\zUWwHFP.exe
  2⤵
  PID:13376
- C:\Windows\System\Bywbike.exe
  C:\Windows\System\Bywbike.exe
  2⤵
  PID:14352
- C:\Windows\System\NBefTci.exe
  C:\Windows\System\NBefTci.exe
  2⤵
  PID:14380
- C:\Windows\System\rRFbTkx.exe
  C:\Windows\System\rRFbTkx.exe
  2⤵
  PID:14408
- C:\Windows\System\kAROTHB.exe
  C:\Windows\System\kAROTHB.exe
  2⤵
  PID:14436
- C:\Windows\System\PVQwUCQ.exe
  C:\Windows\System\PVQwUCQ.exe
  2⤵
  PID:14464
- C:\Windows\System\CDgMxtG.exe
  C:\Windows\System\CDgMxtG.exe
  2⤵
  PID:14492
- C:\Windows\System\IxxcZzK.exe
  C:\Windows\System\IxxcZzK.exe
  2⤵
  PID:14520
- C:\Windows\System\ccVflYd.exe
  C:\Windows\System\ccVflYd.exe
  2⤵
  PID:14548
- C:\Windows\System\jIYlGSJ.exe
  C:\Windows\System\jIYlGSJ.exe
  2⤵
  PID:14576
- C:\Windows\System\laFoDFN.exe
  C:\Windows\System\laFoDFN.exe
  2⤵
  PID:14612
- C:\Windows\System\JzgKAtT.exe
  C:\Windows\System\JzgKAtT.exe
  2⤵
  PID:14636
- C:\Windows\System\OglICVk.exe
  C:\Windows\System\OglICVk.exe
  2⤵
  PID:14672
- C:\Windows\System\YZKhUPt.exe
  C:\Windows\System\YZKhUPt.exe
  2⤵
  PID:14700
- C:\Windows\System\itzeHCH.exe
  C:\Windows\System\itzeHCH.exe
  2⤵
  PID:14732
- C:\Windows\System\QsCSTIn.exe
  C:\Windows\System\QsCSTIn.exe
  2⤵
  PID:14768
- C:\Windows\System\oPDBtNP.exe
  C:\Windows\System\oPDBtNP.exe
  2⤵
  PID:14796
- C:\Windows\System\PfNUsZw.exe
  C:\Windows\System\PfNUsZw.exe
  2⤵
  PID:14824
- C:\Windows\System\BzLfWSa.exe
  C:\Windows\System\BzLfWSa.exe
  2⤵
  PID:14852
- C:\Windows\System\pQwWEBk.exe
  C:\Windows\System\pQwWEBk.exe
  2⤵
  PID:14880
- C:\Windows\System\ynrDJvf.exe
  C:\Windows\System\ynrDJvf.exe
  2⤵
  PID:14908
- C:\Windows\System\pTmrNfR.exe
  C:\Windows\System\pTmrNfR.exe
  2⤵
  PID:14936
- C:\Windows\System\JjTmXxE.exe
  C:\Windows\System\JjTmXxE.exe
  2⤵
  PID:14964
- C:\Windows\System\laXHsRp.exe
  C:\Windows\System\laXHsRp.exe
  2⤵
  PID:14992
- C:\Windows\System\bCeLjUQ.exe
  C:\Windows\System\bCeLjUQ.exe
  2⤵
  PID:15020
- C:\Windows\System\ilrgCFZ.exe
  C:\Windows\System\ilrgCFZ.exe
  2⤵
  PID:15048
- C:\Windows\System\YNUTxGi.exe
  C:\Windows\System\YNUTxGi.exe
  2⤵
  PID:15080
- C:\Windows\System\GVbUQRo.exe
  C:\Windows\System\GVbUQRo.exe
  2⤵
  PID:15104
- C:\Windows\System\kMrFDew.exe
  C:\Windows\System\kMrFDew.exe
  2⤵
  PID:15132
- C:\Windows\System\EcFYIOd.exe
  C:\Windows\System\EcFYIOd.exe
  2⤵
  PID:15160
- C:\Windows\System\ZDSTTPm.exe
  C:\Windows\System\ZDSTTPm.exe
  2⤵
  PID:15188
- C:\Windows\System\BamfOtG.exe
  C:\Windows\System\BamfOtG.exe
  2⤵
  PID:15216
- C:\Windows\System\HGMDBKZ.exe
  C:\Windows\System\HGMDBKZ.exe
  2⤵
  PID:14476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWnbaJg.exe

Filesize
6.0MB

MD5
4c3e3d8ac036fa77e43702cfca768401

SHA1
0d80ed1816ceb61b5ff737cbf777625f393db8c4

SHA256
570a49c8a8afd8cb046b842202838e57a8db608f4e01c9ca9fd2ffed92651038

SHA512
84652f0a479e99b975d83633c47f44db17540f6a98fa98cf42dec52f4afae7125fac44a07eba46849feb5a7cf0386109df7e5f1c16737bb449b127e36c7a65e8

Download Submit
C:\Windows\System\BmrdopP.exe

Filesize
6.0MB

MD5
dea6b256100c6a29a1572fe41e61bd08

SHA1
14e29b61311df9c85781b7b41639469abbef77c0

SHA256
6059b36f41d76def2cb5f67a14ae2fbe4721ecaee51eae8c784d9ff6b030f479

SHA512
18395a2f32c94f931cb274abdcb4e8d32684d3da62b9693374beb9fadf28a54de319e2e0bc18d348ce68a082170f7709a13fb822072d2b607bbecfaa3118a0c2

Download Submit
C:\Windows\System\DDDPDpb.exe

Filesize
6.1MB

MD5
61f0a804c3909da09ac4012c85d7e367

SHA1
b9f6bbadc0e9a08998a87faa358ef2b2ec94feff

SHA256
4ce59ce77fc79a7df41454ba7575555fac5da851559c44db55c026a20008beed

SHA512
47bebb388df7c5381098c94c464484e7b6a1b97e41a98e0ff227b7d6f6176e3f7c099ff3bc3572239ae23803f35c96558fbd4d16e039b56655461b5fa284abf6

Download Submit
C:\Windows\System\ENSNrxo.exe

Filesize
6.0MB

MD5
5dc68ce7bab5ea12b82412a50750f5c2

SHA1
8ae57799b156acafb64a7f82c7c6b85e8d011a15

SHA256
ac32b88cbc01243293d214ff49a5fbd3246b02a9ef513563ffe40343f20572ba

SHA512
493f6ca62d0898b75a2f4b2d05fb30cd48c7b27478e50df5b0935a9abe40b268def1748c8a6363329a6f268a7a48371b8a2e41cafc55801af664073ff7df9c06

Download Submit
C:\Windows\System\FErYAFX.exe

Filesize
6.1MB

MD5
22ffdc388976f9eaec710ee8d1cf3b1a

SHA1
b5962b83436e6dd4f230418d1af1a611d6a11817

SHA256
c2b1b96eedce37baca22db5f73e01a7a03d861eb376d3b30200cd06e36b47943

SHA512
3e6705083b374cad9db9303cd1575c6612da6e0cde319d2176f2ec61dd048318d459970375658a79dfa4f86b791872bebbec7c1ee9be311cb249937d5e35df0d

Download Submit
C:\Windows\System\GOjxjWq.exe

Filesize
6.1MB

MD5
1aed2e3395062a961955b6a269d20489

SHA1
f5101014ab48a9ca676bbd7ae3ad3ecd88851dcd

SHA256
6b5846c66a7bbffd0b7dc52b0f5fd596dbd49e6072c21db841d348d8ad82ccdc

SHA512
b1b26cce1d46d5b3e7872d24523e17cb805ea34ecf9b4baf433054ddb745826b4d313ec7db3aff37e77e0e3785871100f8f3433e7e3d8722bc7b5fd292748a53

Download Submit
C:\Windows\System\IejnNvq.exe

Filesize
6.1MB

MD5
eb31dd0b7e653f6c41ef05c3f660adcf

SHA1
eab69c21d1bf1235a06e36c7a39dbbbcd51f5202

SHA256
faa7d1f5c5de02d825c6bb5b9839a90c3d709d4a3d2cc85c447cee3cb95f4ede

SHA512
ed80496df3a6a1cb159698e59e7a178ef5c201f3373e62b343c5b5090453a3d0929f6666b088bc8cb5b2f993a09e7d5b44e13d7627705bf441177b5a9143dc08

Download Submit
C:\Windows\System\KtuUGDn.exe

Filesize
6.1MB

MD5
3ac9960cb1fc6feb247ca5529e10fab3

SHA1
6b0a718a5d0d39097ad67f510be0f1fadfe2e38d

SHA256
ae921243e30936190eeea6e585b2843ac1bb849a27f521ebe6b73e9f1d38173d

SHA512
341a3994ac1802a9b685454e5ee75ad9e5db2bc84530a4a867f888ad6308c3b416c818f3fa1384b0618683ce2abab995b975bace696947d5cbd28c2efa61e87b

Download Submit
C:\Windows\System\OVZWIDW.exe

Filesize
6.0MB

MD5
301a5985632dea231caa3f20577e6ea2

SHA1
6e6c4293a74db81582f7e524592e3e56302c18ec

SHA256
171b3ca3d5821fadbc492f29201596c8528086edd2f6d45308ac95a1cf2c4c47

SHA512
102e20a7ec2f6c23296a4ce395fb9059cfd77ae117bd46f8aa9c35c748d43a5367ad5764de7b86ed3161899fb6a2c218a1e8454d896bc21ef364f485c730d7cd

Download Submit
C:\Windows\System\RGsJWJK.exe

Filesize
6.0MB

MD5
34829b77913b224603f34f257a140032

SHA1
324cfa5662d36881b762b422407296c349a63653

SHA256
b8cb9730063cd4bd1d16a8526344c925b1420729624f1183cb999651b51be2cd

SHA512
5e3baf2e1367b608e463b1fe55bc987251c96bd46d33f8450b51badec2ad4a62f41150bc63845ac4d651c7c5cde8112c353fd766869c4b9569da112132d73972

Download Submit
C:\Windows\System\RYlCaOG.exe

Filesize
6.1MB

MD5
602a29cad608516515814f21074044fc

SHA1
99c0924cc274176d64e5d91c94e756bdc2da4f95

SHA256
d03e5a4ae2584f3d49166f6b6188570b73977245179ae022ba7f9ccc7fc1eacb

SHA512
732404d1b0c86a9bacc92a856661fda21640562f5e530f0c6627019f90a865c7179ec06ba5ecff182a7fcaf9510994625ecc7c2fd2a82f482057b8334d4d4cfc

Download Submit
C:\Windows\System\SETCoOk.exe

Filesize
6.1MB

MD5
7b95a48799df1b00b91c5f86d74f1052

SHA1
429a0a6f9749d2cd550957bc43309872591e9b13

SHA256
2e7270dbac10edd018d3159ba4a4b63e24dd3fcfd1e2e12325f1bd3443806083

SHA512
8b434dc6f94e5606ac7930fd360bccb0bd40566dece379d36488899f8439dff57109cd5d6e346dc33bb53695eb58550b0983a799960bd9f79d3318df0e9eb039

Download Submit
C:\Windows\System\SOZGMES.exe

Filesize
6.1MB

MD5
39abd9136e8b04d8a218ec2040ca00d4

SHA1
4c7bbc640aa098dc0bafddb027eab3f4b8317fea

SHA256
aa49761ec73af6980f264fe035440a870cd395677b1025e6e7f1f5955b066d0b

SHA512
156721ac1991beae3d12f54e66d36d80d3e4e9f0292284c1e30087312b4ec50694b605ee8bedf3385ed6fcc01793a3626541ed7b1ccd512bf978552d1d91252f

Download Submit
C:\Windows\System\UJsuvOF.exe

Filesize
6.0MB

MD5
776afa216308fc5894aa73b85abae16d

SHA1
2ffc5c18b76a1d26b0c01499a30a6aa9411b7ca7

SHA256
80920853413ddee3a5fa4680525f30f8da568543384f0326b0e93d51b86485ef

SHA512
e82750c909fc5038bb986c32f0178782aa0aa8850ac99bb05a40abea1797128c8f5b7c53a42809d024145b79459bdddc49c27404cc9163916cbb2164a873fc24

Download Submit
C:\Windows\System\WFvoCvA.exe

Filesize
6.1MB

MD5
d05312a858267ebddaa842b2fa6369e5

SHA1
9327d445454a4d9d3405a03b660b9a3073394178

SHA256
2aaf3961533319973c2693459f276d7aee8311b32d6ac983609f66248e41f88c

SHA512
5d66dda5b336f91f8eab05f87e8e2e35d807243ffe0311679fb8a47ad969554f63c73bbf7afbd7d24c3e354bcf2884f2af34b2e097d04e96f72abd1ece0360fb

Download Submit
C:\Windows\System\ZjsjLQe.exe

Filesize
6.1MB

MD5
fb8f62f98b060e179acee7fae259a716

SHA1
8aa84da7c634d163670838f249fc1e570e40aa9d

SHA256
66421557290502ccda7ad07568d6f5fa49f4a784654732ae9f0797777306996d

SHA512
082261d584e56b623e6a260dc9fd62bc23ff57c6c1a098b8d54163059c820e538910889e97cbdcb1aeb29112f1e66bf233128d8d51db410ebe1e69741af975a7

Download Submit
C:\Windows\System\cxeeDif.exe

Filesize
6.1MB

MD5
4aee194a5a18951642414d47b57e6ba9

SHA1
77131676fa91292afa22de10f242967117d1cb82

SHA256
52263c182f1ece3db8bfa82ef2e8a426d09cef769dc810f76dbc122bbed40428

SHA512
a8d61a017f115a3a6711237e2923b35f6bf41506b4b9e7a2aa3e6e8d789457acd491a2efeef64d1f363554882247b20d8d6ccb6b43874ec9476a8f7cdd4f84dd

Download Submit
C:\Windows\System\eLooufz.exe

Filesize
6.1MB

MD5
c4190cc87b0ae388c8d09b158e71bd9e

SHA1
69efe830a2ea983e67936e4ffe39ae0a7f8d7b7d

SHA256
e322b29439c3120d2fa148ffe90bb30322f9d71767bb1d151abbe19ac8c8aa85

SHA512
35d6e09e8ad0e85193852fcec098406234612d1b1d0f59bf8ffabc816593be8dd2dc983034f839fec0c1d06e358d95be0357f69713499fc1dd15b0cb2de74081

Download Submit
C:\Windows\System\gXtiugZ.exe

Filesize
6.1MB

MD5
e0d4bd2c67a33ca17fdf4e747b258907

SHA1
d2bab5fd6de50477f9a5fda852ce9f21898fb9c4

SHA256
b854d4da7a08e7891f173ddca836c3ddef1079ad3256cc5ea4b081c7e125037d

SHA512
1cf6b55cb1ddd85a87d7897b4bf2dd509c4673acf856dab3130e07ec0a9fcca2c3ba53de870fffedf209890317ba8a2084a98a4a3065352e719e11d82425d17e

Download Submit
C:\Windows\System\gprindZ.exe

Filesize
6.1MB

MD5
faab51b36249beceee301eed6ffe91e9

SHA1
6fa9b8a652bd4e20481b4bc4c9e6bbbc373ef507

SHA256
9178ba4b1f316142c9c54c1287720fcb5a1e85a2d17b6bee029e066c82412dbb

SHA512
e2315ea33f0f43cf808795d075cf21efcafd38e8b7f60c9a8a2a8a171f86ccb228f8367ab9d388cfbed9c59c9ca048607ccb37484e2e9cdc64d38654902c3f5e

Download Submit
C:\Windows\System\hFFGXMU.exe

Filesize
6.1MB

MD5
21b26e3c2d4cf3f274c449cf8b7b42a1

SHA1
75896a884df5d2945c4dea0d8d590a5ff4d614be

SHA256
420170794814e0b2e50fefa775b1192dd556848f26ea93d0b3bd082b4c6377a7

SHA512
3987f43aea895b163255c6e895987b0065062bc48705ab610f12795bddf31cb39d73188c1b60fa0c9209cdf9cf50322e2ee5bfa9cf0dd26498099ee81a51ef81

Download Submit
C:\Windows\System\jOkotSt.exe

Filesize
6.1MB

MD5
b5cc9d2536cf87102295ed3e02f8e251

SHA1
9089b096f26861bd1ddce606ac8cc4768aeac236

SHA256
1c628d52dbc503cad274ca20574660ff569f1a38e9cfabaec59f0c29e13c355b

SHA512
09d5702055b09e15b080ccbe9284315ac043890c60499f769df3ef3a76595aad83b912ae99d01f79d3dc2785a3a1bb89a6918c15bce058ab0401f13f1f8435fe

Download Submit
C:\Windows\System\ogHzBED.exe

Filesize
6.0MB

MD5
f671dfc36ee7349fe7aaaad33ac16eee

SHA1
f55557c19adb1611dd98ef4ba1655161ad2f088d

SHA256
e9df24e5edf59701153b29957d63ac5796af7b09ab42c51964b30c3b34a57ab0

SHA512
77eb1b7210999480d3b2809a10b18851beb3fa3a66d476e3649ce5097868ebbc69ef56493366f90287a0e06a6ac9b71dfc5d4d96e1c63a1842b61ff1aa499362

Download Submit
C:\Windows\System\pGwILVj.exe

Filesize
6.1MB

MD5
9ff00149c232eebdd4629203e0f051c7

SHA1
b3f729ea12d51c80e6e6bba11a04af243575e44a

SHA256
a802626dbcf092ec68872dbf03724dce5f7e5959d737870a98c3bd0bd78ef6cd

SHA512
62dd596c8abfdf612ad135022781b53aafbd1e5848f0af903b789a1c2b541aab11ef1d6aa461950bc144452e4d29b1c6bbdf3406b89e24dd635ed6e546e6a2b4

Download Submit
C:\Windows\System\psNipmp.exe

Filesize
6.0MB

MD5
dc8c80cb96799b004e6a6bea62ba1b8b

SHA1
a40773a8cc7c4ffc8ef575d5222a775f7e0acfca

SHA256
d840a2c4376d394c201b1ab287fe11ed34811f89d0c0d6da6f3f09cfabbf5325

SHA512
b3d8eb7036b0d3bf89b1294f3fb58a0283f4a96e4da5a5c62b4537608c0cf564eec30369d8c97eab82a409334328e08ba68c9c1098e5dc78fe0f9bdb32a58076

Download Submit
C:\Windows\System\qGNQWat.exe

Filesize
6.0MB

MD5
45b25485d284bfa35a08eaf595ea488b

SHA1
8636a0ad167f2fc570c651f11ce738db35b88eb9

SHA256
bde28ad6d98bc225f111acd4c4b1c06f5a43024e8c43cb550ef09ce80b02c754

SHA512
62fa595feb63512b609089ade17b5482478a9c5a3156802ec3d405e1bf8337b8e5e840010da42e6db56aa8def6c10e54056f877ae2d03a7883e917c86f485b92

Download Submit
C:\Windows\System\qSXjbrS.exe

Filesize
6.1MB

MD5
5834fbee1394a64331d7eb5b268db227

SHA1
4b0ae8b4dbb074869f03dd7a6954e74781c056a6

SHA256
bfe75c406f37d5bfb85e523e2b76328569c5d6dff326632aff2a1b868972c9bb

SHA512
b22a6caee72b07e1b6b5210aacd3675dffba758c926b736f4e1169176b578b67341fc099aedd1370b128c3730d028002990282860720c76e810cfc16f68fad5c

Download Submit
C:\Windows\System\rvSnMSx.exe

Filesize
6.1MB

MD5
3f228d2d5a95c5560626e877115f30b6

SHA1
7acae22f51070644201e808073f7548af68cb2d8

SHA256
f42867a69484c947d0de8e3ed03c12948e90060fcfdefa815783d337203ba123

SHA512
cfc583e94eb9f4acbfd4e1eb702e203c4c8276099f8fe12c8c773801a3a63cff8981419eac6adef6759336c81ea7e5be066faaad8ee9c3547869dd6e287a7fa9

Download Submit
C:\Windows\System\snwpIzd.exe

Filesize
6.1MB

MD5
e98618a7f350312787a5d7b3ebbbd173

SHA1
2d09844042d89e5f2515bea197f54da7c56dd0d3

SHA256
5b741d6f6ee049c35e035db5c69bd905a3cbdaaeb49ebc6da58372c3786f99aa

SHA512
cb761f4c146aacf88c553bbcd0f2024b4fb39d075dbacd3c10c9629f404e866393c7787d1c7257840c360e9b028c494211aea5bd6fa6d282979b479acce93a91

Download Submit
C:\Windows\System\wFDmANc.exe

Filesize
6.1MB

MD5
3dadfa196d4e09ffbf00cf89c829171f

SHA1
310da1d2fe683cadbd36cc43858e140f00632751

SHA256
1958e6bb8a7dad3bba0b158bffcb1a52bedcbca4011c328b93b120cfaa56448f

SHA512
77664cc76f4e038d58316d24566a2810416da0617bc218cda276878193f8617bac37926c1303d5086e1c74b595f2d33946b760abd1fbb8e7a36bfdd1e7cd48ad

Download Submit
C:\Windows\System\wrFUZpM.exe

Filesize
6.1MB

MD5
890ba40295bbca2ed83d315444e3f9b2

SHA1
c0ac5a720ed15975af9d4f4d9642579e260d49e4

SHA256
37841313c0932d2bb21384adcf6f22481cf1e953af2e817ad6e1aaf22223da81

SHA512
aab1ad1313a28143a61ecbb8eaca73955743179aaab996c876c50bfc2ee917c0c641dc439ce02a8882b67280d4a8411cfdbdcebda8e0c331b8b83a4e4b76beba

Download Submit
C:\Windows\System\xweOJbt.exe

Filesize
6.0MB

MD5
bd8b0ee02b5cc29eb55f742642e50b66

SHA1
35bdbfaeca47b89273f22d2acc9adf68afcfd42a

SHA256
b3b194a331b89271c89a26922074084a177478606e8afc592949885a1067b17b

SHA512
9765079be0551ec7b2967f16419c81c00cd3336b9a5a2f31f2e32412c2ba8c447339d746db4dcd4c3ab29ef64e789596fa2cebff5da5fa1840d1ddf56765504f

Download Submit
C:\Windows\System\yRTGVzs.exe

Filesize
6.1MB

MD5
3eaf1e89966679fe821993bf2bd61676

SHA1
a3926ffec40b72e462aac594319eb8e64f3b5299

SHA256
ef949a358978564f1f56efb641344ef24828feacdb3d9a996f34b646875b2471

SHA512
16132f24ebf18c469f08345d308d03dc34cf9fab7888d5cb93d3baf5c676e89c97f66dd8d528f0571c805dfc7a67f54059068ab8a3d7e1f57bc206854d2780a7

Download Submit
memory/216-88-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp

Filesize
3.3MB

Download
memory/216-24-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp

Filesize
3.3MB

Download
memory/788-174-0x00007FF659A50000-0x00007FF659DA4000-memory.dmp

Filesize
3.3MB

Download
memory/788-2303-0x00007FF659A50000-0x00007FF659DA4000-memory.dmp

Filesize
3.3MB

Download
memory/788-1496-0x00007FF659A50000-0x00007FF659DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-96-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2291-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-159-0x00007FF68D450000-0x00007FF68D7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-1371-0x00007FF7432E0000-0x00007FF743634000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2298-0x00007FF7432E0000-0x00007FF743634000-memory.dmp

Filesize
3.3MB

Download
memory/1176-150-0x00007FF7432E0000-0x00007FF743634000-memory.dmp

Filesize
3.3MB

Download
memory/1492-179-0x00007FF7719F0000-0x00007FF771D44000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2302-0x00007FF7719F0000-0x00007FF771D44000-memory.dmp

Filesize
3.3MB

Download
memory/1492-1610-0x00007FF7719F0000-0x00007FF771D44000-memory.dmp

Filesize
3.3MB

Download
memory/1672-78-0x00007FF62E680000-0x00007FF62E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-136-0x00007FF62E680000-0x00007FF62E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2288-0x00007FF62E680000-0x00007FF62E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-42-0x00007FF656640000-0x00007FF656994000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2283-0x00007FF656640000-0x00007FF656994000-memory.dmp

Filesize
3.3MB

Download
memory/1956-107-0x00007FF656640000-0x00007FF656994000-memory.dmp

Filesize
3.3MB

Download
memory/2816-175-0x00007FF659B40000-0x00007FF659E94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-110-0x00007FF659B40000-0x00007FF659E94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2294-0x00007FF659B40000-0x00007FF659E94000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2287-0x00007FF656D40000-0x00007FF657094000-memory.dmp

Filesize
3.3MB

Download
memory/2972-70-0x00007FF656D40000-0x00007FF657094000-memory.dmp

Filesize
3.3MB

Download
memory/2972-135-0x00007FF656D40000-0x00007FF657094000-memory.dmp

Filesize
3.3MB

Download
memory/3120-1742-0x00007FF63D790000-0x00007FF63DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-198-0x00007FF63D790000-0x00007FF63DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2305-0x00007FF63D790000-0x00007FF63DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3492-8-0x00007FF676F00000-0x00007FF677254000-memory.dmp

Filesize
3.3MB

Download
memory/3492-67-0x00007FF676F00000-0x00007FF677254000-memory.dmp

Filesize
3.3MB

Download
memory/3512-130-0x00007FF75CE10000-0x00007FF75D164000-memory.dmp

Filesize
3.3MB

Download
memory/3512-61-0x00007FF75CE10000-0x00007FF75D164000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2286-0x00007FF75CE10000-0x00007FF75D164000-memory.dmp

Filesize
3.3MB

Download
memory/4420-80-0x00007FF730A00000-0x00007FF730D54000-memory.dmp

Filesize
3.3MB

Download
memory/4420-149-0x00007FF730A00000-0x00007FF730D54000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2289-0x00007FF730A00000-0x00007FF730D54000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2293-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-176-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-118-0x00007FF716E50000-0x00007FF7171A4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-124-0x00007FF633780000-0x00007FF633AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2295-0x00007FF633780000-0x00007FF633AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-193-0x00007FF633780000-0x00007FF633AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2296-0x00007FF643400000-0x00007FF643754000-memory.dmp

Filesize
3.3MB

Download
memory/4712-134-0x00007FF643400000-0x00007FF643754000-memory.dmp

Filesize
3.3MB

Download
memory/4712-194-0x00007FF643400000-0x00007FF643754000-memory.dmp

Filesize
3.3MB

Download
memory/4732-166-0x00007FF7AAE20000-0x00007FF7AB174000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2301-0x00007FF7AAE20000-0x00007FF7AB174000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1495-0x00007FF7AAE20000-0x00007FF7AB174000-memory.dmp

Filesize
3.3MB

Download
memory/4792-160-0x00007FF733940000-0x00007FF733C94000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2300-0x00007FF733940000-0x00007FF733C94000-memory.dmp

Filesize
3.3MB

Download
memory/4792-1434-0x00007FF733940000-0x00007FF733C94000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1675-0x00007FF7CD2A0000-0x00007FF7CD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2304-0x00007FF7CD2A0000-0x00007FF7CD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-187-0x00007FF7CD2A0000-0x00007FF7CD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-143-0x00007FF7B1D70000-0x00007FF7B20C4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-1248-0x00007FF7B1D70000-0x00007FF7B20C4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2299-0x00007FF7B1D70000-0x00007FF7B20C4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-52-0x00007FF698A70000-0x00007FF698DC4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2284-0x00007FF698A70000-0x00007FF698DC4000-memory.dmp

Filesize
3.3MB

Download
memory/5092-119-0x00007FF698A70000-0x00007FF698DC4000-memory.dmp

Filesize
3.3MB

Download
memory/5144-2280-0x00007FF642C40000-0x00007FF642F94000-memory.dmp

Filesize
3.3MB

Download
memory/5144-36-0x00007FF642C40000-0x00007FF642F94000-memory.dmp

Filesize
3.3MB

Download
memory/5408-18-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp

Filesize
3.3MB

Download
memory/5408-79-0x00007FF65F6E0000-0x00007FF65FA34000-memory.dmp

Filesize
3.3MB

Download
memory/5508-0-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp

Filesize
3.3MB

Download
memory/5508-1-0x000001B8EFC30000-0x000001B8EFC40000-memory.dmp

Filesize
64KB

Download
memory/5508-60-0x00007FF6388F0000-0x00007FF638C44000-memory.dmp

Filesize
3.3MB

Download
memory/5760-2285-0x00007FF62E4B0000-0x00007FF62E804000-memory.dmp

Filesize
3.3MB

Download
memory/5760-115-0x00007FF62E4B0000-0x00007FF62E804000-memory.dmp

Filesize
3.3MB

Download
memory/5760-48-0x00007FF62E4B0000-0x00007FF62E804000-memory.dmp

Filesize
3.3MB

Download
memory/5812-142-0x00007FF7C9590000-0x00007FF7C98E4000-memory.dmp

Filesize
3.3MB

Download
memory/5812-1188-0x00007FF7C9590000-0x00007FF7C98E4000-memory.dmp

Filesize
3.3MB

Download
memory/5812-2297-0x00007FF7C9590000-0x00007FF7C98E4000-memory.dmp

Filesize
3.3MB

Download
memory/5892-172-0x00007FF608A10000-0x00007FF608D64000-memory.dmp

Filesize
3.3MB

Download
memory/5892-2292-0x00007FF608A10000-0x00007FF608D64000-memory.dmp

Filesize
3.3MB

Download
memory/5892-102-0x00007FF608A10000-0x00007FF608D64000-memory.dmp

Filesize
3.3MB

Download
memory/5908-158-0x00007FF7F31F0000-0x00007FF7F3544000-memory.dmp

Filesize
3.3MB

Download
memory/5908-91-0x00007FF7F31F0000-0x00007FF7F3544000-memory.dmp

Filesize
3.3MB

Download
memory/5908-2290-0x00007FF7F31F0000-0x00007FF7F3544000-memory.dmp

Filesize
3.3MB

Download
memory/6008-14-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/6008-75-0x00007FF70A9A0000-0x00007FF70ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/6072-38-0x00007FF6CDA30000-0x00007FF6CDD84000-memory.dmp

Filesize
3.3MB

Download
memory/6072-2282-0x00007FF6CDA30000-0x00007FF6CDD84000-memory.dmp

Filesize
3.3MB

Download