cobaltstrike | 8d2b7006c700990c524047e1097f7708da5a2f3ec5c823c4ae868baf2d87ec9c

Analysis

max time kernel
105s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

94b60a4a410b5ba13da1ef1a1318e378
SHA1

c4711b5602fc1fb5f08b223e53210e676279cd4e
SHA256

8d2b7006c700990c524047e1097f7708da5a2f3ec5c823c4ae868baf2d87ec9c
SHA512

2f319b51756884f63856fded6c2211ba0af08dc52ff0af44bb0d6f0b1d115ed294a440cab5812648491b15387470bd64e60b43fa5ab5a085bb82a2350f0fd453
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024268-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024269-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426a-17.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426b-22.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426c-30.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024266-34.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426d-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024270-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024272-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024275-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024276-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024277-101.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024278-121.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427e-152.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427f-155.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427d-149.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427c-145.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427b-132.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427a-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024279-127.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024274-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024273-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024271-62.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426e-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024282-173.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024287-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024284-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024286-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024285-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024283-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024281-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024280-164.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4440-0-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp	xmrig
behavioral2/files/0x0008000000024268-6.dat	xmrig
behavioral2/memory/5464-8-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024269-10.dat	xmrig
behavioral2/files/0x000700000002426a-17.dat	xmrig
behavioral2/memory/5332-13-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp	xmrig
behavioral2/files/0x000700000002426b-22.dat	xmrig
behavioral2/memory/3676-23-0x00007FF695100000-0x00007FF695454000-memory.dmp	xmrig
behavioral2/memory/436-19-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002426c-30.dat	xmrig
behavioral2/memory/5368-31-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024266-34.dat	xmrig
behavioral2/memory/2580-38-0x00007FF6AE7B0000-0x00007FF6AEB04000-memory.dmp	xmrig
behavioral2/files/0x000700000002426d-41.dat	xmrig
behavioral2/memory/4732-42-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024270-54.dat	xmrig
behavioral2/files/0x0007000000024272-70.dat	xmrig
behavioral2/files/0x0007000000024275-87.dat	xmrig
behavioral2/memory/4756-91-0x00007FF6AC230000-0x00007FF6AC584000-memory.dmp	xmrig
behavioral2/files/0x0007000000024276-93.dat	xmrig
behavioral2/files/0x0007000000024277-101.dat	xmrig
behavioral2/memory/4732-110-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024278-121.dat	xmrig
behavioral2/memory/4680-136-0x00007FF741EE0000-0x00007FF742234000-memory.dmp	xmrig
behavioral2/memory/3628-141-0x00007FF7224D0000-0x00007FF722824000-memory.dmp	xmrig
behavioral2/files/0x000700000002427e-152.dat	xmrig
behavioral2/files/0x000700000002427f-155.dat	xmrig
behavioral2/memory/5832-154-0x00007FF7B9EE0000-0x00007FF7BA234000-memory.dmp	xmrig
behavioral2/memory/4476-151-0x00007FF7E5B80000-0x00007FF7E5ED4000-memory.dmp	xmrig
behavioral2/files/0x000700000002427d-149.dat	xmrig
behavioral2/memory/4716-148-0x00007FF730950000-0x00007FF730CA4000-memory.dmp	xmrig
behavioral2/memory/804-147-0x00007FF7521C0000-0x00007FF752514000-memory.dmp	xmrig
behavioral2/files/0x000700000002427c-145.dat	xmrig
behavioral2/memory/2412-135-0x00007FF6CE9F0000-0x00007FF6CED44000-memory.dmp	xmrig
behavioral2/files/0x000700000002427b-132.dat	xmrig
behavioral2/files/0x000700000002427a-131.dat	xmrig
behavioral2/files/0x0007000000024279-127.dat	xmrig
behavioral2/memory/2868-124-0x00007FF628CF0000-0x00007FF629044000-memory.dmp	xmrig
behavioral2/memory/4516-123-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp	xmrig
behavioral2/memory/3552-118-0x00007FF71EFD0000-0x00007FF71F324000-memory.dmp	xmrig
behavioral2/memory/5444-115-0x00007FF743F00000-0x00007FF744254000-memory.dmp	xmrig
behavioral2/memory/4984-103-0x00007FF72C0A0000-0x00007FF72C3F4000-memory.dmp	xmrig
behavioral2/memory/4864-96-0x00007FF7D02C0000-0x00007FF7D0614000-memory.dmp	xmrig
behavioral2/memory/5368-95-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp	xmrig
behavioral2/memory/3676-88-0x00007FF695100000-0x00007FF695454000-memory.dmp	xmrig
behavioral2/memory/4960-85-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp	xmrig
behavioral2/files/0x0007000000024274-84.dat	xmrig
behavioral2/memory/436-83-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp	xmrig
behavioral2/memory/4608-75-0x00007FF6666C0000-0x00007FF666A14000-memory.dmp	xmrig
behavioral2/memory/5332-74-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp	xmrig
behavioral2/files/0x0007000000024273-78.dat	xmrig
behavioral2/memory/4832-73-0x00007FF7E0CC0000-0x00007FF7E1014000-memory.dmp	xmrig
behavioral2/memory/5464-67-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024271-62.dat	xmrig
behavioral2/memory/4440-60-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp	xmrig
behavioral2/memory/4716-61-0x00007FF730950000-0x00007FF730CA4000-memory.dmp	xmrig
behavioral2/memory/4680-55-0x00007FF741EE0000-0x00007FF742234000-memory.dmp	xmrig
behavioral2/files/0x000700000002426e-48.dat	xmrig
behavioral2/memory/4516-49-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp	xmrig
behavioral2/memory/5604-166-0x00007FF723D80000-0x00007FF7240D4000-memory.dmp	xmrig
behavioral2/memory/6100-170-0x00007FF733310000-0x00007FF733664000-memory.dmp	xmrig
behavioral2/files/0x0007000000024282-173.dat	xmrig
behavioral2/memory/5444-195-0x00007FF743F00000-0x00007FF744254000-memory.dmp	xmrig
behavioral2/files/0x0007000000024287-206.dat	xmrig

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
5464	vuQyHZL.exe
5332	WONPSJy.exe
436	HPpfOmh.exe
3676	xJHInNL.exe
5368	blEIgEH.exe
2580	QyfowDw.exe
4732	pjkrgcT.exe
4516	BFkhkbN.exe
4680	zrXcXqY.exe
4716	DIvsLVw.exe
4832	fPcnQlv.exe
4608	sbQFgsG.exe
4960	mDHujLh.exe
4756	msuHZTW.exe
4864	KdNhZqe.exe
4984	mzwwuEh.exe
5444	JnfJaoM.exe
2868	syAWXEl.exe
3552	VRGdpmX.exe
2412	QkcxMQu.exe
804	kBgcorp.exe
4476	xtxqumU.exe
3628	AcafZKe.exe
5832	XWmjLuw.exe
5604	BsCRRdR.exe
6100	fUKyyON.exe
6020	aXnFdJj.exe
3236	rLVOduz.exe
1932	GwlupfT.exe
4704	kyqQFQb.exe
1752	sNrwHbu.exe
5248	wzMBfvW.exe
1336	lJnWLXv.exe
4472	nJwYSsg.exe
1244	gJzGpYf.exe
5812	BOebUFY.exe
752	BadoJAD.exe
1844	oXVNJGw.exe
3648	DYatJaT.exe
5704	QzaEmua.exe
3356	oIpKtXA.exe
1544	mkiyZNt.exe
2060	RcChHSl.exe
1128	dCeErsU.exe
2044	MRDCuTU.exe
2256	zVxHwoF.exe
5784	cmbvSqE.exe
5524	TlgupFA.exe
1612	FcGlaDo.exe
5040	vnzUkBe.exe
1464	mQJPmHB.exe
2648	MklIlWb.exe
5924	aOULhGI.exe
3688	vMXWuqb.exe
4916	lmFbtYP.exe
5196	BZTaqjg.exe
5244	eLKDFAj.exe
2788	UCnOHAk.exe
4996	arsgTUT.exe
4404	FsKomvr.exe
5172	WwlNJiA.exe
3724	itBMQIG.exe
5492	QIiObVU.exe
2860	kpXyOSv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4440-0-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp	upx
behavioral2/files/0x0008000000024268-6.dat	upx
behavioral2/memory/5464-8-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp	upx
behavioral2/files/0x0007000000024269-10.dat	upx
behavioral2/files/0x000700000002426a-17.dat	upx
behavioral2/memory/5332-13-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp	upx
behavioral2/files/0x000700000002426b-22.dat	upx
behavioral2/memory/3676-23-0x00007FF695100000-0x00007FF695454000-memory.dmp	upx
behavioral2/memory/436-19-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp	upx
behavioral2/files/0x000700000002426c-30.dat	upx
behavioral2/memory/5368-31-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp	upx
behavioral2/files/0x0008000000024266-34.dat	upx
behavioral2/memory/2580-38-0x00007FF6AE7B0000-0x00007FF6AEB04000-memory.dmp	upx
behavioral2/files/0x000700000002426d-41.dat	upx
behavioral2/memory/4732-42-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp	upx
behavioral2/files/0x0007000000024270-54.dat	upx
behavioral2/files/0x0007000000024272-70.dat	upx
behavioral2/files/0x0007000000024275-87.dat	upx
behavioral2/memory/4756-91-0x00007FF6AC230000-0x00007FF6AC584000-memory.dmp	upx
behavioral2/files/0x0007000000024276-93.dat	upx
behavioral2/files/0x0007000000024277-101.dat	upx
behavioral2/memory/4732-110-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp	upx
behavioral2/files/0x0007000000024278-121.dat	upx
behavioral2/memory/4680-136-0x00007FF741EE0000-0x00007FF742234000-memory.dmp	upx
behavioral2/memory/3628-141-0x00007FF7224D0000-0x00007FF722824000-memory.dmp	upx
behavioral2/files/0x000700000002427e-152.dat	upx
behavioral2/files/0x000700000002427f-155.dat	upx
behavioral2/memory/5832-154-0x00007FF7B9EE0000-0x00007FF7BA234000-memory.dmp	upx
behavioral2/memory/4476-151-0x00007FF7E5B80000-0x00007FF7E5ED4000-memory.dmp	upx
behavioral2/files/0x000700000002427d-149.dat	upx
behavioral2/memory/4716-148-0x00007FF730950000-0x00007FF730CA4000-memory.dmp	upx
behavioral2/memory/804-147-0x00007FF7521C0000-0x00007FF752514000-memory.dmp	upx
behavioral2/files/0x000700000002427c-145.dat	upx
behavioral2/memory/2412-135-0x00007FF6CE9F0000-0x00007FF6CED44000-memory.dmp	upx
behavioral2/files/0x000700000002427b-132.dat	upx
behavioral2/files/0x000700000002427a-131.dat	upx
behavioral2/files/0x0007000000024279-127.dat	upx
behavioral2/memory/2868-124-0x00007FF628CF0000-0x00007FF629044000-memory.dmp	upx
behavioral2/memory/4516-123-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp	upx
behavioral2/memory/3552-118-0x00007FF71EFD0000-0x00007FF71F324000-memory.dmp	upx
behavioral2/memory/5444-115-0x00007FF743F00000-0x00007FF744254000-memory.dmp	upx
behavioral2/memory/4984-103-0x00007FF72C0A0000-0x00007FF72C3F4000-memory.dmp	upx
behavioral2/memory/4864-96-0x00007FF7D02C0000-0x00007FF7D0614000-memory.dmp	upx
behavioral2/memory/5368-95-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp	upx
behavioral2/memory/3676-88-0x00007FF695100000-0x00007FF695454000-memory.dmp	upx
behavioral2/memory/4960-85-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp	upx
behavioral2/files/0x0007000000024274-84.dat	upx
behavioral2/memory/436-83-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp	upx
behavioral2/memory/4608-75-0x00007FF6666C0000-0x00007FF666A14000-memory.dmp	upx
behavioral2/memory/5332-74-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp	upx
behavioral2/files/0x0007000000024273-78.dat	upx
behavioral2/memory/4832-73-0x00007FF7E0CC0000-0x00007FF7E1014000-memory.dmp	upx
behavioral2/memory/5464-67-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp	upx
behavioral2/files/0x0007000000024271-62.dat	upx
behavioral2/memory/4440-60-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp	upx
behavioral2/memory/4716-61-0x00007FF730950000-0x00007FF730CA4000-memory.dmp	upx
behavioral2/memory/4680-55-0x00007FF741EE0000-0x00007FF742234000-memory.dmp	upx
behavioral2/files/0x000700000002426e-48.dat	upx
behavioral2/memory/4516-49-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp	upx
behavioral2/memory/5604-166-0x00007FF723D80000-0x00007FF7240D4000-memory.dmp	upx
behavioral2/memory/6100-170-0x00007FF733310000-0x00007FF733664000-memory.dmp	upx
behavioral2/files/0x0007000000024282-173.dat	upx
behavioral2/memory/5444-195-0x00007FF743F00000-0x00007FF744254000-memory.dmp	upx
behavioral2/files/0x0007000000024287-206.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MPXYwfi.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pzdXyIV.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FJuJIBC.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UoOzJxO.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tphHhbc.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sfvgqsO.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fwcSWQd.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pxvROhJ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FTzhmQC.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UCnOHAk.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jepveTJ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CUJaEfz.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KsUxAnk.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WvIPxmc.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YGIBVUL.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HHWtrKk.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DVMsllE.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZDKIfrg.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GtAeCdY.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WKfjJeW.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DlQwvNv.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AFDlllc.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oCcGRKm.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NPyAmbA.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kyqQFQb.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QzaEmua.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YkMyVKC.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YGZtBhB.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NEBJZNs.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\acEanAJ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HpdsySf.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gFZXFfB.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YBUiJhF.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ysspyfl.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OGAVgdL.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qVOoJeP.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lLxETtK.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fECIZYV.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oMFLcvt.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YcskAZx.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fmZDjIo.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lJztzCh.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mgUYizw.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GDUdZVi.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ElcJIIJ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uppKVYA.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SGynQZG.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aYyMauV.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZuYYtoJ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NsjgzPY.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OdfEBhQ.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HSvNgct.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YXXEbIN.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GitmrqN.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TYWAXre.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JaKTKxf.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\emYGZDs.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pFCiXFn.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IfzsUoT.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AIzrtRv.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AKKTcqw.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dPxKxha.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PZrWJsk.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zUZraEx.exe	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{E43C1698-309D-4EF7-A6D3-4E55D3809182}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	14548	explorer.exe
Token: SeCreatePagefilePrivilege	14548	explorer.exe
Token: SeShutdownPrivilege	14548	explorer.exe
Token: SeCreatePagefilePrivilege	14548	explorer.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
14880	sihost.exe
14548	explorer.exe
14548	explorer.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
14548	explorer.exe
14548	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 5464	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4440 wrote to memory of 5464	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4440 wrote to memory of 5332	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4440 wrote to memory of 5332	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4440 wrote to memory of 436	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4440 wrote to memory of 436	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4440 wrote to memory of 3676	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4440 wrote to memory of 3676	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4440 wrote to memory of 5368	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4440 wrote to memory of 5368	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4440 wrote to memory of 2580	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4440 wrote to memory of 2580	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4440 wrote to memory of 4732	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4440 wrote to memory of 4732	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4440 wrote to memory of 4516	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4440 wrote to memory of 4516	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4440 wrote to memory of 4680	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4440 wrote to memory of 4680	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4440 wrote to memory of 4716	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4440 wrote to memory of 4716	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4440 wrote to memory of 4832	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4440 wrote to memory of 4832	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4440 wrote to memory of 4608	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4440 wrote to memory of 4608	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4440 wrote to memory of 4960	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4440 wrote to memory of 4960	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4440 wrote to memory of 4756	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4440 wrote to memory of 4756	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4440 wrote to memory of 4864	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4440 wrote to memory of 4864	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4440 wrote to memory of 4984	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4440 wrote to memory of 4984	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4440 wrote to memory of 5444	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4440 wrote to memory of 5444	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4440 wrote to memory of 2868	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4440 wrote to memory of 2868	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4440 wrote to memory of 3552	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4440 wrote to memory of 3552	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4440 wrote to memory of 2412	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4440 wrote to memory of 2412	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4440 wrote to memory of 804	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4440 wrote to memory of 804	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4440 wrote to memory of 4476	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4440 wrote to memory of 4476	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4440 wrote to memory of 3628	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4440 wrote to memory of 3628	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4440 wrote to memory of 5832	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4440 wrote to memory of 5832	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4440 wrote to memory of 5604	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4440 wrote to memory of 5604	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4440 wrote to memory of 6100	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4440 wrote to memory of 6100	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4440 wrote to memory of 6020	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4440 wrote to memory of 6020	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4440 wrote to memory of 3236	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4440 wrote to memory of 3236	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4440 wrote to memory of 4704	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4440 wrote to memory of 4704	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4440 wrote to memory of 1932	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4440 wrote to memory of 1932	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4440 wrote to memory of 1752	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4440 wrote to memory of 1752	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4440 wrote to memory of 5248	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4440 wrote to memory of 5248	4440	2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119

C:\Users\Admin\AppData\Local\Temp\2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_94b60a4a410b5ba13da1ef1a1318e378_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Windows\System\vuQyHZL.exe
  C:\Windows\System\vuQyHZL.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\WONPSJy.exe
  C:\Windows\System\WONPSJy.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System\HPpfOmh.exe
  C:\Windows\System\HPpfOmh.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\xJHInNL.exe
  C:\Windows\System\xJHInNL.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\blEIgEH.exe
  C:\Windows\System\blEIgEH.exe
  2⤵
  - Executes dropped EXE
  PID:5368
- C:\Windows\System\QyfowDw.exe
  C:\Windows\System\QyfowDw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\pjkrgcT.exe
  C:\Windows\System\pjkrgcT.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\BFkhkbN.exe
  C:\Windows\System\BFkhkbN.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\zrXcXqY.exe
  C:\Windows\System\zrXcXqY.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\DIvsLVw.exe
  C:\Windows\System\DIvsLVw.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\fPcnQlv.exe
  C:\Windows\System\fPcnQlv.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\sbQFgsG.exe
  C:\Windows\System\sbQFgsG.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\mDHujLh.exe
  C:\Windows\System\mDHujLh.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\msuHZTW.exe
  C:\Windows\System\msuHZTW.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\KdNhZqe.exe
  C:\Windows\System\KdNhZqe.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\mzwwuEh.exe
  C:\Windows\System\mzwwuEh.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\JnfJaoM.exe
  C:\Windows\System\JnfJaoM.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System\syAWXEl.exe
  C:\Windows\System\syAWXEl.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VRGdpmX.exe
  C:\Windows\System\VRGdpmX.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\QkcxMQu.exe
  C:\Windows\System\QkcxMQu.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\kBgcorp.exe
  C:\Windows\System\kBgcorp.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\xtxqumU.exe
  C:\Windows\System\xtxqumU.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\AcafZKe.exe
  C:\Windows\System\AcafZKe.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\XWmjLuw.exe
  C:\Windows\System\XWmjLuw.exe
  2⤵
  - Executes dropped EXE
  PID:5832
- C:\Windows\System\BsCRRdR.exe
  C:\Windows\System\BsCRRdR.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System\fUKyyON.exe
  C:\Windows\System\fUKyyON.exe
  2⤵
  - Executes dropped EXE
  PID:6100
- C:\Windows\System\aXnFdJj.exe
  C:\Windows\System\aXnFdJj.exe
  2⤵
  - Executes dropped EXE
  PID:6020
- C:\Windows\System\rLVOduz.exe
  C:\Windows\System\rLVOduz.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\kyqQFQb.exe
  C:\Windows\System\kyqQFQb.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\GwlupfT.exe
  C:\Windows\System\GwlupfT.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\sNrwHbu.exe
  C:\Windows\System\sNrwHbu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\wzMBfvW.exe
  C:\Windows\System\wzMBfvW.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\lJnWLXv.exe
  C:\Windows\System\lJnWLXv.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\nJwYSsg.exe
  C:\Windows\System\nJwYSsg.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\gJzGpYf.exe
  C:\Windows\System\gJzGpYf.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\BOebUFY.exe
  C:\Windows\System\BOebUFY.exe
  2⤵
  - Executes dropped EXE
  PID:5812
- C:\Windows\System\BadoJAD.exe
  C:\Windows\System\BadoJAD.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\oXVNJGw.exe
  C:\Windows\System\oXVNJGw.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\DYatJaT.exe
  C:\Windows\System\DYatJaT.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\QzaEmua.exe
  C:\Windows\System\QzaEmua.exe
  2⤵
  - Executes dropped EXE
  PID:5704
- C:\Windows\System\oIpKtXA.exe
  C:\Windows\System\oIpKtXA.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\mkiyZNt.exe
  C:\Windows\System\mkiyZNt.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\RcChHSl.exe
  C:\Windows\System\RcChHSl.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\dCeErsU.exe
  C:\Windows\System\dCeErsU.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\MRDCuTU.exe
  C:\Windows\System\MRDCuTU.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\zVxHwoF.exe
  C:\Windows\System\zVxHwoF.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\cmbvSqE.exe
  C:\Windows\System\cmbvSqE.exe
  2⤵
  - Executes dropped EXE
  PID:5784
- C:\Windows\System\TlgupFA.exe
  C:\Windows\System\TlgupFA.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\FcGlaDo.exe
  C:\Windows\System\FcGlaDo.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\vnzUkBe.exe
  C:\Windows\System\vnzUkBe.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\mQJPmHB.exe
  C:\Windows\System\mQJPmHB.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\MklIlWb.exe
  C:\Windows\System\MklIlWb.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\aOULhGI.exe
  C:\Windows\System\aOULhGI.exe
  2⤵
  - Executes dropped EXE
  PID:5924
- C:\Windows\System\vMXWuqb.exe
  C:\Windows\System\vMXWuqb.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\lmFbtYP.exe
  C:\Windows\System\lmFbtYP.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\BZTaqjg.exe
  C:\Windows\System\BZTaqjg.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\eLKDFAj.exe
  C:\Windows\System\eLKDFAj.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System\UCnOHAk.exe
  C:\Windows\System\UCnOHAk.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\arsgTUT.exe
  C:\Windows\System\arsgTUT.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\FsKomvr.exe
  C:\Windows\System\FsKomvr.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\WwlNJiA.exe
  C:\Windows\System\WwlNJiA.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System\itBMQIG.exe
  C:\Windows\System\itBMQIG.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\QIiObVU.exe
  C:\Windows\System\QIiObVU.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\System\kpXyOSv.exe
  C:\Windows\System\kpXyOSv.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ZLJWvcb.exe
  C:\Windows\System\ZLJWvcb.exe
  2⤵
  PID:5420
- C:\Windows\System\DVMsllE.exe
  C:\Windows\System\DVMsllE.exe
  2⤵
  PID:4652
- C:\Windows\System\syiMnBn.exe
  C:\Windows\System\syiMnBn.exe
  2⤵
  PID:1976
- C:\Windows\System\fLXZhcu.exe
  C:\Windows\System\fLXZhcu.exe
  2⤵
  PID:4764
- C:\Windows\System\jepveTJ.exe
  C:\Windows\System\jepveTJ.exe
  2⤵
  PID:1428
- C:\Windows\System\hEMRRKs.exe
  C:\Windows\System\hEMRRKs.exe
  2⤵
  PID:5980
- C:\Windows\System\CUJaEfz.exe
  C:\Windows\System\CUJaEfz.exe
  2⤵
  PID:3500
- C:\Windows\System\pmHLhwV.exe
  C:\Windows\System\pmHLhwV.exe
  2⤵
  PID:4860
- C:\Windows\System\aKlAlaF.exe
  C:\Windows\System\aKlAlaF.exe
  2⤵
  PID:3040
- C:\Windows\System\yYmQaLS.exe
  C:\Windows\System\yYmQaLS.exe
  2⤵
  PID:3592
- C:\Windows\System\KsUxAnk.exe
  C:\Windows\System\KsUxAnk.exe
  2⤵
  PID:824
- C:\Windows\System\PkxkIOZ.exe
  C:\Windows\System\PkxkIOZ.exe
  2⤵
  PID:2088
- C:\Windows\System\HSvNgct.exe
  C:\Windows\System\HSvNgct.exe
  2⤵
  PID:3080
- C:\Windows\System\XCPXDNB.exe
  C:\Windows\System\XCPXDNB.exe
  2⤵
  PID:5268
- C:\Windows\System\uppKVYA.exe
  C:\Windows\System\uppKVYA.exe
  2⤵
  PID:1044
- C:\Windows\System\VlgYwPK.exe
  C:\Windows\System\VlgYwPK.exe
  2⤵
  PID:5896
- C:\Windows\System\dxWtnku.exe
  C:\Windows\System\dxWtnku.exe
  2⤵
  PID:4708
- C:\Windows\System\luoHmZI.exe
  C:\Windows\System\luoHmZI.exe
  2⤵
  PID:1848
- C:\Windows\System\laKFzZL.exe
  C:\Windows\System\laKFzZL.exe
  2⤵
  PID:3240
- C:\Windows\System\vZNbZuM.exe
  C:\Windows\System\vZNbZuM.exe
  2⤵
  PID:5072
- C:\Windows\System\IPRaVDe.exe
  C:\Windows\System\IPRaVDe.exe
  2⤵
  PID:3604
- C:\Windows\System\dQKWxht.exe
  C:\Windows\System\dQKWxht.exe
  2⤵
  PID:4232
- C:\Windows\System\gPbOLbc.exe
  C:\Windows\System\gPbOLbc.exe
  2⤵
  PID:4948
- C:\Windows\System\gdNZEhb.exe
  C:\Windows\System\gdNZEhb.exe
  2⤵
  PID:5884
- C:\Windows\System\QEjqlyM.exe
  C:\Windows\System\QEjqlyM.exe
  2⤵
  PID:1372
- C:\Windows\System\oqAQuKo.exe
  C:\Windows\System\oqAQuKo.exe
  2⤵
  PID:4300
- C:\Windows\System\bHCXtlS.exe
  C:\Windows\System\bHCXtlS.exe
  2⤵
  PID:2472
- C:\Windows\System\GdepTNM.exe
  C:\Windows\System\GdepTNM.exe
  2⤵
  PID:5108
- C:\Windows\System\WRHLpHe.exe
  C:\Windows\System\WRHLpHe.exe
  2⤵
  PID:4656
- C:\Windows\System\fECIZYV.exe
  C:\Windows\System\fECIZYV.exe
  2⤵
  PID:1756
- C:\Windows\System\mtyRUiZ.exe
  C:\Windows\System\mtyRUiZ.exe
  2⤵
  PID:3792
- C:\Windows\System\cVNQEZu.exe
  C:\Windows\System\cVNQEZu.exe
  2⤵
  PID:2840
- C:\Windows\System\qpAArFM.exe
  C:\Windows\System\qpAArFM.exe
  2⤵
  PID:1104
- C:\Windows\System\bQUQvpw.exe
  C:\Windows\System\bQUQvpw.exe
  2⤵
  PID:4856
- C:\Windows\System\tfMaDQn.exe
  C:\Windows\System\tfMaDQn.exe
  2⤵
  PID:4508
- C:\Windows\System\TDedjXg.exe
  C:\Windows\System\TDedjXg.exe
  2⤵
  PID:4724
- C:\Windows\System\wFBsCug.exe
  C:\Windows\System\wFBsCug.exe
  2⤵
  PID:3808
- C:\Windows\System\AYaPOhZ.exe
  C:\Windows\System\AYaPOhZ.exe
  2⤵
  PID:4292
- C:\Windows\System\lWNsrXJ.exe
  C:\Windows\System\lWNsrXJ.exe
  2⤵
  PID:4636
- C:\Windows\System\QIFYdIv.exe
  C:\Windows\System\QIFYdIv.exe
  2⤵
  PID:5540
- C:\Windows\System\PnwqeZX.exe
  C:\Windows\System\PnwqeZX.exe
  2⤵
  PID:4884
- C:\Windows\System\HqYfLar.exe
  C:\Windows\System\HqYfLar.exe
  2⤵
  PID:1468
- C:\Windows\System\abJiuQa.exe
  C:\Windows\System\abJiuQa.exe
  2⤵
  PID:4816
- C:\Windows\System\NcJqxfx.exe
  C:\Windows\System\NcJqxfx.exe
  2⤵
  PID:1724
- C:\Windows\System\tfjnnaZ.exe
  C:\Windows\System\tfjnnaZ.exe
  2⤵
  PID:2380
- C:\Windows\System\xXkXkUv.exe
  C:\Windows\System\xXkXkUv.exe
  2⤵
  PID:1728
- C:\Windows\System\flfOycO.exe
  C:\Windows\System\flfOycO.exe
  2⤵
  PID:1172
- C:\Windows\System\hSKGjOk.exe
  C:\Windows\System\hSKGjOk.exe
  2⤵
  PID:4952
- C:\Windows\System\tEOyTKm.exe
  C:\Windows\System\tEOyTKm.exe
  2⤵
  PID:2836
- C:\Windows\System\VubwUcO.exe
  C:\Windows\System\VubwUcO.exe
  2⤵
  PID:1380
- C:\Windows\System\fKBYhyu.exe
  C:\Windows\System\fKBYhyu.exe
  2⤵
  PID:396
- C:\Windows\System\uXdHGrK.exe
  C:\Windows\System\uXdHGrK.exe
  2⤵
  PID:4568
- C:\Windows\System\AIsuQZf.exe
  C:\Windows\System\AIsuQZf.exe
  2⤵
  PID:2252
- C:\Windows\System\GNrvtxm.exe
  C:\Windows\System\GNrvtxm.exe
  2⤵
  PID:3576
- C:\Windows\System\mdoJNDH.exe
  C:\Windows\System\mdoJNDH.exe
  2⤵
  PID:968
- C:\Windows\System\GMwvQHY.exe
  C:\Windows\System\GMwvQHY.exe
  2⤵
  PID:5932
- C:\Windows\System\qDNzkEt.exe
  C:\Windows\System\qDNzkEt.exe
  2⤵
  PID:5908
- C:\Windows\System\INTcdXn.exe
  C:\Windows\System\INTcdXn.exe
  2⤵
  PID:2656
- C:\Windows\System\FolXXsc.exe
  C:\Windows\System\FolXXsc.exe
  2⤵
  PID:4668
- C:\Windows\System\BfFSSQj.exe
  C:\Windows\System\BfFSSQj.exe
  2⤵
  PID:5936
- C:\Windows\System\oUzqiWd.exe
  C:\Windows\System\oUzqiWd.exe
  2⤵
  PID:3668
- C:\Windows\System\sJMpKSf.exe
  C:\Windows\System\sJMpKSf.exe
  2⤵
  PID:6168
- C:\Windows\System\mbkopsA.exe
  C:\Windows\System\mbkopsA.exe
  2⤵
  PID:6188
- C:\Windows\System\WNexisW.exe
  C:\Windows\System\WNexisW.exe
  2⤵
  PID:6248
- C:\Windows\System\dyoZfSF.exe
  C:\Windows\System\dyoZfSF.exe
  2⤵
  PID:6284
- C:\Windows\System\IPcmqDm.exe
  C:\Windows\System\IPcmqDm.exe
  2⤵
  PID:6312
- C:\Windows\System\GUvqOaJ.exe
  C:\Windows\System\GUvqOaJ.exe
  2⤵
  PID:6340
- C:\Windows\System\MPXYwfi.exe
  C:\Windows\System\MPXYwfi.exe
  2⤵
  PID:6364
- C:\Windows\System\QusHjxd.exe
  C:\Windows\System\QusHjxd.exe
  2⤵
  PID:6400
- C:\Windows\System\RzZIvAq.exe
  C:\Windows\System\RzZIvAq.exe
  2⤵
  PID:6428
- C:\Windows\System\MPlvEev.exe
  C:\Windows\System\MPlvEev.exe
  2⤵
  PID:6448
- C:\Windows\System\FsKONvf.exe
  C:\Windows\System\FsKONvf.exe
  2⤵
  PID:6480
- C:\Windows\System\jlagHxT.exe
  C:\Windows\System\jlagHxT.exe
  2⤵
  PID:6512
- C:\Windows\System\xQeVjSM.exe
  C:\Windows\System\xQeVjSM.exe
  2⤵
  PID:6540
- C:\Windows\System\utqvWnd.exe
  C:\Windows\System\utqvWnd.exe
  2⤵
  PID:6564
- C:\Windows\System\AiRxozA.exe
  C:\Windows\System\AiRxozA.exe
  2⤵
  PID:6596
- C:\Windows\System\wEkoycQ.exe
  C:\Windows\System\wEkoycQ.exe
  2⤵
  PID:6624
- C:\Windows\System\CtgaucG.exe
  C:\Windows\System\CtgaucG.exe
  2⤵
  PID:6652
- C:\Windows\System\crEmBqT.exe
  C:\Windows\System\crEmBqT.exe
  2⤵
  PID:6676
- C:\Windows\System\FXKJZLJ.exe
  C:\Windows\System\FXKJZLJ.exe
  2⤵
  PID:6708
- C:\Windows\System\oMFLcvt.exe
  C:\Windows\System\oMFLcvt.exe
  2⤵
  PID:6736
- C:\Windows\System\zlpqvNJ.exe
  C:\Windows\System\zlpqvNJ.exe
  2⤵
  PID:6764
- C:\Windows\System\aHTpAiO.exe
  C:\Windows\System\aHTpAiO.exe
  2⤵
  PID:6792
- C:\Windows\System\wXRwGjT.exe
  C:\Windows\System\wXRwGjT.exe
  2⤵
  PID:6820
- C:\Windows\System\djLBchR.exe
  C:\Windows\System\djLBchR.exe
  2⤵
  PID:6844
- C:\Windows\System\fwNpDIk.exe
  C:\Windows\System\fwNpDIk.exe
  2⤵
  PID:6876
- C:\Windows\System\qbbghLL.exe
  C:\Windows\System\qbbghLL.exe
  2⤵
  PID:6904
- C:\Windows\System\VfuAjhF.exe
  C:\Windows\System\VfuAjhF.exe
  2⤵
  PID:6932
- C:\Windows\System\cpQOVMh.exe
  C:\Windows\System\cpQOVMh.exe
  2⤵
  PID:6960
- C:\Windows\System\mkeajQP.exe
  C:\Windows\System\mkeajQP.exe
  2⤵
  PID:6988
- C:\Windows\System\QKaLcQb.exe
  C:\Windows\System\QKaLcQb.exe
  2⤵
  PID:7016
- C:\Windows\System\CtCbhEq.exe
  C:\Windows\System\CtCbhEq.exe
  2⤵
  PID:7044
- C:\Windows\System\sRxqTfs.exe
  C:\Windows\System\sRxqTfs.exe
  2⤵
  PID:7072
- C:\Windows\System\GNXfqUA.exe
  C:\Windows\System\GNXfqUA.exe
  2⤵
  PID:7100
- C:\Windows\System\qsAlhBm.exe
  C:\Windows\System\qsAlhBm.exe
  2⤵
  PID:7128
- C:\Windows\System\kPLdLyU.exe
  C:\Windows\System\kPLdLyU.exe
  2⤵
  PID:7156
- C:\Windows\System\heTEDLe.exe
  C:\Windows\System\heTEDLe.exe
  2⤵
  PID:6200
- C:\Windows\System\QWoElQQ.exe
  C:\Windows\System\QWoElQQ.exe
  2⤵
  PID:6276
- C:\Windows\System\mhmCPKG.exe
  C:\Windows\System\mhmCPKG.exe
  2⤵
  PID:6328
- C:\Windows\System\qaRNlyw.exe
  C:\Windows\System\qaRNlyw.exe
  2⤵
  PID:2064
- C:\Windows\System\mjGFlvk.exe
  C:\Windows\System\mjGFlvk.exe
  2⤵
  PID:4544
- C:\Windows\System\zOyUver.exe
  C:\Windows\System\zOyUver.exe
  2⤵
  PID:5948
- C:\Windows\System\QmvotHh.exe
  C:\Windows\System\QmvotHh.exe
  2⤵
  PID:5012
- C:\Windows\System\wZldlQH.exe
  C:\Windows\System\wZldlQH.exe
  2⤵
  PID:5100
- C:\Windows\System\pcrVemQ.exe
  C:\Windows\System\pcrVemQ.exe
  2⤵
  PID:6440
- C:\Windows\System\FfTsWUY.exe
  C:\Windows\System\FfTsWUY.exe
  2⤵
  PID:6504
- C:\Windows\System\AexhjSC.exe
  C:\Windows\System\AexhjSC.exe
  2⤵
  PID:6576
- C:\Windows\System\TXPKvuL.exe
  C:\Windows\System\TXPKvuL.exe
  2⤵
  PID:6632
- C:\Windows\System\XaJlXid.exe
  C:\Windows\System\XaJlXid.exe
  2⤵
  PID:6704
- C:\Windows\System\GAnJAQz.exe
  C:\Windows\System\GAnJAQz.exe
  2⤵
  PID:6772
- C:\Windows\System\slqICle.exe
  C:\Windows\System\slqICle.exe
  2⤵
  PID:6836
- C:\Windows\System\vZHoqpD.exe
  C:\Windows\System\vZHoqpD.exe
  2⤵
  PID:6892
- C:\Windows\System\CyQpQhO.exe
  C:\Windows\System\CyQpQhO.exe
  2⤵
  PID:6968
- C:\Windows\System\faBNaMV.exe
  C:\Windows\System\faBNaMV.exe
  2⤵
  PID:7004
- C:\Windows\System\LHKubED.exe
  C:\Windows\System\LHKubED.exe
  2⤵
  PID:7092
- C:\Windows\System\mZNhslZ.exe
  C:\Windows\System\mZNhslZ.exe
  2⤵
  PID:6152
- C:\Windows\System\XHRFSGa.exe
  C:\Windows\System\XHRFSGa.exe
  2⤵
  PID:6336
- C:\Windows\System\jEGoLkZ.exe
  C:\Windows\System\jEGoLkZ.exe
  2⤵
  PID:5156
- C:\Windows\System\xqNDBxd.exe
  C:\Windows\System\xqNDBxd.exe
  2⤵
  PID:6392
- C:\Windows\System\LGxwIMk.exe
  C:\Windows\System\LGxwIMk.exe
  2⤵
  PID:6536
- C:\Windows\System\XBIfSDc.exe
  C:\Windows\System\XBIfSDc.exe
  2⤵
  PID:6696
- C:\Windows\System\rdISCMt.exe
  C:\Windows\System\rdISCMt.exe
  2⤵
  PID:6828
- C:\Windows\System\AYrjkJx.exe
  C:\Windows\System\AYrjkJx.exe
  2⤵
  PID:6928
- C:\Windows\System\eTqPydD.exe
  C:\Windows\System\eTqPydD.exe
  2⤵
  PID:7060
- C:\Windows\System\iPusZHJ.exe
  C:\Windows\System\iPusZHJ.exe
  2⤵
  PID:5952
- C:\Windows\System\kPCAkop.exe
  C:\Windows\System\kPCAkop.exe
  2⤵
  PID:6040
- C:\Windows\System\ZwaFmil.exe
  C:\Windows\System\ZwaFmil.exe
  2⤵
  PID:5320
- C:\Windows\System\wxjGhDE.exe
  C:\Windows\System\wxjGhDE.exe
  2⤵
  PID:6760
- C:\Windows\System\XOXizQU.exe
  C:\Windows\System\XOXizQU.exe
  2⤵
  PID:7068
- C:\Windows\System\hiBFiKb.exe
  C:\Windows\System\hiBFiKb.exe
  2⤵
  PID:1528
- C:\Windows\System\XSeAvhl.exe
  C:\Windows\System\XSeAvhl.exe
  2⤵
  PID:7136
- C:\Windows\System\aVxaOhv.exe
  C:\Windows\System\aVxaOhv.exe
  2⤵
  PID:3776
- C:\Windows\System\gLPgFYZ.exe
  C:\Windows\System\gLPgFYZ.exe
  2⤵
  PID:7184
- C:\Windows\System\aFlusps.exe
  C:\Windows\System\aFlusps.exe
  2⤵
  PID:7208
- C:\Windows\System\BnFzIQx.exe
  C:\Windows\System\BnFzIQx.exe
  2⤵
  PID:7240
- C:\Windows\System\tBHxSUV.exe
  C:\Windows\System\tBHxSUV.exe
  2⤵
  PID:7256
- C:\Windows\System\SnDGaMO.exe
  C:\Windows\System\SnDGaMO.exe
  2⤵
  PID:7284
- C:\Windows\System\xTMjyHQ.exe
  C:\Windows\System\xTMjyHQ.exe
  2⤵
  PID:7312
- C:\Windows\System\hiQlqhU.exe
  C:\Windows\System\hiQlqhU.exe
  2⤵
  PID:7348
- C:\Windows\System\XLBBVMR.exe
  C:\Windows\System\XLBBVMR.exe
  2⤵
  PID:7376
- C:\Windows\System\Kvusmhu.exe
  C:\Windows\System\Kvusmhu.exe
  2⤵
  PID:7404
- C:\Windows\System\sfUMsFE.exe
  C:\Windows\System\sfUMsFE.exe
  2⤵
  PID:7432
- C:\Windows\System\feLZGbH.exe
  C:\Windows\System\feLZGbH.exe
  2⤵
  PID:7460
- C:\Windows\System\BhwHzYs.exe
  C:\Windows\System\BhwHzYs.exe
  2⤵
  PID:7492
- C:\Windows\System\wxTAWqp.exe
  C:\Windows\System\wxTAWqp.exe
  2⤵
  PID:7520
- C:\Windows\System\CArpRlW.exe
  C:\Windows\System\CArpRlW.exe
  2⤵
  PID:7552
- C:\Windows\System\iYhhrYU.exe
  C:\Windows\System\iYhhrYU.exe
  2⤵
  PID:7576
- C:\Windows\System\jPBjsMj.exe
  C:\Windows\System\jPBjsMj.exe
  2⤵
  PID:7608
- C:\Windows\System\OwTFFYf.exe
  C:\Windows\System\OwTFFYf.exe
  2⤵
  PID:7636
- C:\Windows\System\vFMnNOY.exe
  C:\Windows\System\vFMnNOY.exe
  2⤵
  PID:7664
- C:\Windows\System\KFKdLzc.exe
  C:\Windows\System\KFKdLzc.exe
  2⤵
  PID:7692
- C:\Windows\System\eJErQLi.exe
  C:\Windows\System\eJErQLi.exe
  2⤵
  PID:7712
- C:\Windows\System\TQgFSNK.exe
  C:\Windows\System\TQgFSNK.exe
  2⤵
  PID:7740
- C:\Windows\System\jBGMOvY.exe
  C:\Windows\System\jBGMOvY.exe
  2⤵
  PID:7768
- C:\Windows\System\pgLXhAD.exe
  C:\Windows\System\pgLXhAD.exe
  2⤵
  PID:7800
- C:\Windows\System\BuFcnzZ.exe
  C:\Windows\System\BuFcnzZ.exe
  2⤵
  PID:7836
- C:\Windows\System\fUJHvyC.exe
  C:\Windows\System\fUJHvyC.exe
  2⤵
  PID:7856
- C:\Windows\System\LnvyuAE.exe
  C:\Windows\System\LnvyuAE.exe
  2⤵
  PID:7884
- C:\Windows\System\ZDKIfrg.exe
  C:\Windows\System\ZDKIfrg.exe
  2⤵
  PID:7920
- C:\Windows\System\QFWdsQp.exe
  C:\Windows\System\QFWdsQp.exe
  2⤵
  PID:7948
- C:\Windows\System\SGynQZG.exe
  C:\Windows\System\SGynQZG.exe
  2⤵
  PID:7968
- C:\Windows\System\mAuhxgm.exe
  C:\Windows\System\mAuhxgm.exe
  2⤵
  PID:8008
- C:\Windows\System\ILGWBVE.exe
  C:\Windows\System\ILGWBVE.exe
  2⤵
  PID:8036
- C:\Windows\System\YXXEbIN.exe
  C:\Windows\System\YXXEbIN.exe
  2⤵
  PID:8064
- C:\Windows\System\xtbCnUs.exe
  C:\Windows\System\xtbCnUs.exe
  2⤵
  PID:8092
- C:\Windows\System\jSNHNAi.exe
  C:\Windows\System\jSNHNAi.exe
  2⤵
  PID:8120
- C:\Windows\System\eDkkTvd.exe
  C:\Windows\System\eDkkTvd.exe
  2⤵
  PID:8148
- C:\Windows\System\wCzDkKf.exe
  C:\Windows\System\wCzDkKf.exe
  2⤵
  PID:8176
- C:\Windows\System\dedmDfZ.exe
  C:\Windows\System\dedmDfZ.exe
  2⤵
  PID:7200
- C:\Windows\System\iAiKwzQ.exe
  C:\Windows\System\iAiKwzQ.exe
  2⤵
  PID:7268
- C:\Windows\System\FdOcjLl.exe
  C:\Windows\System\FdOcjLl.exe
  2⤵
  PID:7332
- C:\Windows\System\rIvtBZu.exe
  C:\Windows\System\rIvtBZu.exe
  2⤵
  PID:7412
- C:\Windows\System\kLgPdcZ.exe
  C:\Windows\System\kLgPdcZ.exe
  2⤵
  PID:7472
- C:\Windows\System\cyMiJEv.exe
  C:\Windows\System\cyMiJEv.exe
  2⤵
  PID:7536
- C:\Windows\System\WgAEHDv.exe
  C:\Windows\System\WgAEHDv.exe
  2⤵
  PID:7596
- C:\Windows\System\BlIqcVd.exe
  C:\Windows\System\BlIqcVd.exe
  2⤵
  PID:7676
- C:\Windows\System\CKVUZMq.exe
  C:\Windows\System\CKVUZMq.exe
  2⤵
  PID:6112
- C:\Windows\System\GtAeCdY.exe
  C:\Windows\System\GtAeCdY.exe
  2⤵
  PID:7788
- C:\Windows\System\YshdDmH.exe
  C:\Windows\System\YshdDmH.exe
  2⤵
  PID:7852
- C:\Windows\System\YkMyVKC.exe
  C:\Windows\System\YkMyVKC.exe
  2⤵
  PID:7908
- C:\Windows\System\GVLtHMQ.exe
  C:\Windows\System\GVLtHMQ.exe
  2⤵
  PID:7988
- C:\Windows\System\yAxntul.exe
  C:\Windows\System\yAxntul.exe
  2⤵
  PID:8052
- C:\Windows\System\mgenyDU.exe
  C:\Windows\System\mgenyDU.exe
  2⤵
  PID:8128
- C:\Windows\System\pnYmnLf.exe
  C:\Windows\System\pnYmnLf.exe
  2⤵
  PID:8164
- C:\Windows\System\PllFVOo.exe
  C:\Windows\System\PllFVOo.exe
  2⤵
  PID:7296
- C:\Windows\System\qYitIaa.exe
  C:\Windows\System\qYitIaa.exe
  2⤵
  PID:7448
- C:\Windows\System\sRjzIgJ.exe
  C:\Windows\System\sRjzIgJ.exe
  2⤵
  PID:7620
- C:\Windows\System\amzTuiV.exe
  C:\Windows\System\amzTuiV.exe
  2⤵
  PID:7736
- C:\Windows\System\VyWKKXs.exe
  C:\Windows\System\VyWKKXs.exe
  2⤵
  PID:7876
- C:\Windows\System\yuoZHOH.exe
  C:\Windows\System\yuoZHOH.exe
  2⤵
  PID:8020
- C:\Windows\System\GKLpjor.exe
  C:\Windows\System\GKLpjor.exe
  2⤵
  PID:8160
- C:\Windows\System\KAQDJQd.exe
  C:\Windows\System\KAQDJQd.exe
  2⤵
  PID:7360
- C:\Windows\System\rcCWwCM.exe
  C:\Windows\System\rcCWwCM.exe
  2⤵
  PID:6004
- C:\Windows\System\abLhjnQ.exe
  C:\Windows\System\abLhjnQ.exe
  2⤵
  PID:7956
- C:\Windows\System\ZUKTKNJ.exe
  C:\Windows\System\ZUKTKNJ.exe
  2⤵
  PID:3624
- C:\Windows\System\TEDehbI.exe
  C:\Windows\System\TEDehbI.exe
  2⤵
  PID:7816
- C:\Windows\System\RTrZmQc.exe
  C:\Windows\System\RTrZmQc.exe
  2⤵
  PID:7568
- C:\Windows\System\WvIPxmc.exe
  C:\Windows\System\WvIPxmc.exe
  2⤵
  PID:3324
- C:\Windows\System\kRrWxKg.exe
  C:\Windows\System\kRrWxKg.exe
  2⤵
  PID:8220
- C:\Windows\System\JZNxSeZ.exe
  C:\Windows\System\JZNxSeZ.exe
  2⤵
  PID:8252
- C:\Windows\System\XyWGgXi.exe
  C:\Windows\System\XyWGgXi.exe
  2⤵
  PID:8276
- C:\Windows\System\sWyhCpE.exe
  C:\Windows\System\sWyhCpE.exe
  2⤵
  PID:8304
- C:\Windows\System\YGIBVUL.exe
  C:\Windows\System\YGIBVUL.exe
  2⤵
  PID:8332
- C:\Windows\System\AIzrtRv.exe
  C:\Windows\System\AIzrtRv.exe
  2⤵
  PID:8360
- C:\Windows\System\jAFNpPu.exe
  C:\Windows\System\jAFNpPu.exe
  2⤵
  PID:8388
- C:\Windows\System\LdXgfnX.exe
  C:\Windows\System\LdXgfnX.exe
  2⤵
  PID:8416
- C:\Windows\System\pzdXyIV.exe
  C:\Windows\System\pzdXyIV.exe
  2⤵
  PID:8456
- C:\Windows\System\FSwpobu.exe
  C:\Windows\System\FSwpobu.exe
  2⤵
  PID:8472
- C:\Windows\System\roYIzkq.exe
  C:\Windows\System\roYIzkq.exe
  2⤵
  PID:8500
- C:\Windows\System\kTLYKYC.exe
  C:\Windows\System\kTLYKYC.exe
  2⤵
  PID:8536
- C:\Windows\System\XxUqYnK.exe
  C:\Windows\System\XxUqYnK.exe
  2⤵
  PID:8564
- C:\Windows\System\Nprpxpg.exe
  C:\Windows\System\Nprpxpg.exe
  2⤵
  PID:8584
- C:\Windows\System\rHQaQxF.exe
  C:\Windows\System\rHQaQxF.exe
  2⤵
  PID:8612
- C:\Windows\System\xcxLvcN.exe
  C:\Windows\System\xcxLvcN.exe
  2⤵
  PID:8652
- C:\Windows\System\pQtEdLB.exe
  C:\Windows\System\pQtEdLB.exe
  2⤵
  PID:8680
- C:\Windows\System\XCTkvjH.exe
  C:\Windows\System\XCTkvjH.exe
  2⤵
  PID:8708
- C:\Windows\System\XsXSatx.exe
  C:\Windows\System\XsXSatx.exe
  2⤵
  PID:8728
- C:\Windows\System\ReGgsgV.exe
  C:\Windows\System\ReGgsgV.exe
  2⤵
  PID:8764
- C:\Windows\System\fqJDcJD.exe
  C:\Windows\System\fqJDcJD.exe
  2⤵
  PID:8784
- C:\Windows\System\mRvveal.exe
  C:\Windows\System\mRvveal.exe
  2⤵
  PID:8824
- C:\Windows\System\xOJvBCv.exe
  C:\Windows\System\xOJvBCv.exe
  2⤵
  PID:8852
- C:\Windows\System\mQamnTq.exe
  C:\Windows\System\mQamnTq.exe
  2⤵
  PID:8876
- C:\Windows\System\FJuJIBC.exe
  C:\Windows\System\FJuJIBC.exe
  2⤵
  PID:8912
- C:\Windows\System\YKivrra.exe
  C:\Windows\System\YKivrra.exe
  2⤵
  PID:8940
- C:\Windows\System\tXjMsWa.exe
  C:\Windows\System\tXjMsWa.exe
  2⤵
  PID:8964
- C:\Windows\System\rWsrUmw.exe
  C:\Windows\System\rWsrUmw.exe
  2⤵
  PID:8992
- C:\Windows\System\aYyMauV.exe
  C:\Windows\System\aYyMauV.exe
  2⤵
  PID:9016
- C:\Windows\System\oxNGKyk.exe
  C:\Windows\System\oxNGKyk.exe
  2⤵
  PID:9052
- C:\Windows\System\kvWXTUu.exe
  C:\Windows\System\kvWXTUu.exe
  2⤵
  PID:9084
- C:\Windows\System\aAQFSJS.exe
  C:\Windows\System\aAQFSJS.exe
  2⤵
  PID:9140
- C:\Windows\System\OiIypbn.exe
  C:\Windows\System\OiIypbn.exe
  2⤵
  PID:9168
- C:\Windows\System\VSVRNdB.exe
  C:\Windows\System\VSVRNdB.exe
  2⤵
  PID:9200
- C:\Windows\System\ACCWLUo.exe
  C:\Windows\System\ACCWLUo.exe
  2⤵
  PID:8260
- C:\Windows\System\oRTMQtg.exe
  C:\Windows\System\oRTMQtg.exe
  2⤵
  PID:8356
- C:\Windows\System\PnNUYJv.exe
  C:\Windows\System\PnNUYJv.exe
  2⤵
  PID:8412
- C:\Windows\System\KffnUbT.exe
  C:\Windows\System\KffnUbT.exe
  2⤵
  PID:8468
- C:\Windows\System\uBbiAjb.exe
  C:\Windows\System\uBbiAjb.exe
  2⤵
  PID:8544
- C:\Windows\System\VBZNibZ.exe
  C:\Windows\System\VBZNibZ.exe
  2⤵
  PID:8604
- C:\Windows\System\nTFSjDR.exe
  C:\Windows\System\nTFSjDR.exe
  2⤵
  PID:8660
- C:\Windows\System\HYyYIDX.exe
  C:\Windows\System\HYyYIDX.exe
  2⤵
  PID:8740
- C:\Windows\System\HHWtrKk.exe
  C:\Windows\System\HHWtrKk.exe
  2⤵
  PID:8804
- C:\Windows\System\IvcIIpV.exe
  C:\Windows\System\IvcIIpV.exe
  2⤵
  PID:8892
- C:\Windows\System\wwBRdbO.exe
  C:\Windows\System\wwBRdbO.exe
  2⤵
  PID:8956
- C:\Windows\System\dkiZvyE.exe
  C:\Windows\System\dkiZvyE.exe
  2⤵
  PID:2132
- C:\Windows\System\YDaKFMV.exe
  C:\Windows\System\YDaKFMV.exe
  2⤵
  PID:800
- C:\Windows\System\PaKwkwj.exe
  C:\Windows\System\PaKwkwj.exe
  2⤵
  PID:9128
- C:\Windows\System\uBmiecj.exe
  C:\Windows\System\uBmiecj.exe
  2⤵
  PID:2736
- C:\Windows\System\OVLsffd.exe
  C:\Windows\System\OVLsffd.exe
  2⤵
  PID:8328
- C:\Windows\System\ROKtLcJ.exe
  C:\Windows\System\ROKtLcJ.exe
  2⤵
  PID:8492
- C:\Windows\System\yzOllqq.exe
  C:\Windows\System\yzOllqq.exe
  2⤵
  PID:8636
- C:\Windows\System\rNjEeQw.exe
  C:\Windows\System\rNjEeQw.exe
  2⤵
  PID:8772
- C:\Windows\System\MyPWiGL.exe
  C:\Windows\System\MyPWiGL.exe
  2⤵
  PID:8920
- C:\Windows\System\ghzahDy.exe
  C:\Windows\System\ghzahDy.exe
  2⤵
  PID:2988
- C:\Windows\System\arYpuTn.exe
  C:\Windows\System\arYpuTn.exe
  2⤵
  PID:2556
- C:\Windows\System\WKfjJeW.exe
  C:\Windows\System\WKfjJeW.exe
  2⤵
  PID:8384
- C:\Windows\System\EXnFzuJ.exe
  C:\Windows\System\EXnFzuJ.exe
  2⤵
  PID:2468
- C:\Windows\System\RUTpAjZ.exe
  C:\Windows\System\RUTpAjZ.exe
  2⤵
  PID:1124
- C:\Windows\System\oheJzWP.exe
  C:\Windows\System\oheJzWP.exe
  2⤵
  PID:9152
- C:\Windows\System\TpjHsrI.exe
  C:\Windows\System\TpjHsrI.exe
  2⤵
  PID:2968
- C:\Windows\System\iVQlDEs.exe
  C:\Windows\System\iVQlDEs.exe
  2⤵
  PID:8980
- C:\Windows\System\SzlPZqO.exe
  C:\Windows\System\SzlPZqO.exe
  2⤵
  PID:8924
- C:\Windows\System\PsGiDrd.exe
  C:\Windows\System\PsGiDrd.exe
  2⤵
  PID:4552
- C:\Windows\System\hdprlng.exe
  C:\Windows\System\hdprlng.exe
  2⤵
  PID:9240
- C:\Windows\System\iNgmoSF.exe
  C:\Windows\System\iNgmoSF.exe
  2⤵
  PID:9272
- C:\Windows\System\bXUmHdE.exe
  C:\Windows\System\bXUmHdE.exe
  2⤵
  PID:9296
- C:\Windows\System\UBSciKT.exe
  C:\Windows\System\UBSciKT.exe
  2⤵
  PID:9320
- C:\Windows\System\YGZtBhB.exe
  C:\Windows\System\YGZtBhB.exe
  2⤵
  PID:9344
- C:\Windows\System\sExQxVS.exe
  C:\Windows\System\sExQxVS.exe
  2⤵
  PID:9372
- C:\Windows\System\RGWyanz.exe
  C:\Windows\System\RGWyanz.exe
  2⤵
  PID:9400
- C:\Windows\System\FCdHqMU.exe
  C:\Windows\System\FCdHqMU.exe
  2⤵
  PID:9436
- C:\Windows\System\JpqTrNb.exe
  C:\Windows\System\JpqTrNb.exe
  2⤵
  PID:9456
- C:\Windows\System\WrRIPgv.exe
  C:\Windows\System\WrRIPgv.exe
  2⤵
  PID:9492
- C:\Windows\System\swASReU.exe
  C:\Windows\System\swASReU.exe
  2⤵
  PID:9512
- C:\Windows\System\yJfwycl.exe
  C:\Windows\System\yJfwycl.exe
  2⤵
  PID:9540
- C:\Windows\System\UZMALJS.exe
  C:\Windows\System\UZMALJS.exe
  2⤵
  PID:9576
- C:\Windows\System\YMJObZW.exe
  C:\Windows\System\YMJObZW.exe
  2⤵
  PID:9604
- C:\Windows\System\Irajhgm.exe
  C:\Windows\System\Irajhgm.exe
  2⤵
  PID:9628
- C:\Windows\System\RRWmyaX.exe
  C:\Windows\System\RRWmyaX.exe
  2⤵
  PID:9660
- C:\Windows\System\FtazoXT.exe
  C:\Windows\System\FtazoXT.exe
  2⤵
  PID:9688
- C:\Windows\System\Rfoohou.exe
  C:\Windows\System\Rfoohou.exe
  2⤵
  PID:9712
- C:\Windows\System\GitmrqN.exe
  C:\Windows\System\GitmrqN.exe
  2⤵
  PID:9744
- C:\Windows\System\yKkIDXt.exe
  C:\Windows\System\yKkIDXt.exe
  2⤵
  PID:9768
- C:\Windows\System\MwccxRG.exe
  C:\Windows\System\MwccxRG.exe
  2⤵
  PID:9800
- C:\Windows\System\VehgIAr.exe
  C:\Windows\System\VehgIAr.exe
  2⤵
  PID:9828
- C:\Windows\System\MNvpZzH.exe
  C:\Windows\System\MNvpZzH.exe
  2⤵
  PID:9856
- C:\Windows\System\HdrSYyA.exe
  C:\Windows\System\HdrSYyA.exe
  2⤵
  PID:9876
- C:\Windows\System\sEyciry.exe
  C:\Windows\System\sEyciry.exe
  2⤵
  PID:9904
- C:\Windows\System\EbfJBJK.exe
  C:\Windows\System\EbfJBJK.exe
  2⤵
  PID:9932
- C:\Windows\System\LBYEgrg.exe
  C:\Windows\System\LBYEgrg.exe
  2⤵
  PID:9960
- C:\Windows\System\kbEJwmh.exe
  C:\Windows\System\kbEJwmh.exe
  2⤵
  PID:9988
- C:\Windows\System\YBUiJhF.exe
  C:\Windows\System\YBUiJhF.exe
  2⤵
  PID:10016
- C:\Windows\System\qotmtjg.exe
  C:\Windows\System\qotmtjg.exe
  2⤵
  PID:10044
- C:\Windows\System\zZLhwJL.exe
  C:\Windows\System\zZLhwJL.exe
  2⤵
  PID:10064
- C:\Windows\System\fjJmIyE.exe
  C:\Windows\System\fjJmIyE.exe
  2⤵
  PID:10100
- C:\Windows\System\kuPfAGp.exe
  C:\Windows\System\kuPfAGp.exe
  2⤵
  PID:10128
- C:\Windows\System\xGpkkta.exe
  C:\Windows\System\xGpkkta.exe
  2⤵
  PID:10192
- C:\Windows\System\EwKBMog.exe
  C:\Windows\System\EwKBMog.exe
  2⤵
  PID:10232
- C:\Windows\System\VSuHiYq.exe
  C:\Windows\System\VSuHiYq.exe
  2⤵
  PID:9228
- C:\Windows\System\YcskAZx.exe
  C:\Windows\System\YcskAZx.exe
  2⤵
  PID:9312
- C:\Windows\System\SfmvOdA.exe
  C:\Windows\System\SfmvOdA.exe
  2⤵
  PID:9364
- C:\Windows\System\YmIqOcx.exe
  C:\Windows\System\YmIqOcx.exe
  2⤵
  PID:9424
- C:\Windows\System\LHpAbSw.exe
  C:\Windows\System\LHpAbSw.exe
  2⤵
  PID:9500
- C:\Windows\System\elmbQYU.exe
  C:\Windows\System\elmbQYU.exe
  2⤵
  PID:9564
- C:\Windows\System\xvtLOrr.exe
  C:\Windows\System\xvtLOrr.exe
  2⤵
  PID:9644
- C:\Windows\System\XeBBAIT.exe
  C:\Windows\System\XeBBAIT.exe
  2⤵
  PID:9696
- C:\Windows\System\qZhKYaS.exe
  C:\Windows\System\qZhKYaS.exe
  2⤵
  PID:9752
- C:\Windows\System\NEBJZNs.exe
  C:\Windows\System\NEBJZNs.exe
  2⤵
  PID:9812
- C:\Windows\System\TajXtOv.exe
  C:\Windows\System\TajXtOv.exe
  2⤵
  PID:9864
- C:\Windows\System\UoOzJxO.exe
  C:\Windows\System\UoOzJxO.exe
  2⤵
  PID:9928
- C:\Windows\System\qmOZSSu.exe
  C:\Windows\System\qmOZSSu.exe
  2⤵
  PID:9980
- C:\Windows\System\LaRvWCE.exe
  C:\Windows\System\LaRvWCE.exe
  2⤵
  PID:5260
- C:\Windows\System\kWwvxVe.exe
  C:\Windows\System\kWwvxVe.exe
  2⤵
  PID:10080
- C:\Windows\System\gVGoOyL.exe
  C:\Windows\System\gVGoOyL.exe
  2⤵
  PID:10176
- C:\Windows\System\uROBDXt.exe
  C:\Windows\System\uROBDXt.exe
  2⤵
  PID:9156
- C:\Windows\System\LYxxvKX.exe
  C:\Windows\System\LYxxvKX.exe
  2⤵
  PID:10220
- C:\Windows\System\sLBznCv.exe
  C:\Windows\System\sLBznCv.exe
  2⤵
  PID:9284
- C:\Windows\System\OTVlamc.exe
  C:\Windows\System\OTVlamc.exe
  2⤵
  PID:9468
- C:\Windows\System\IqMUtoA.exe
  C:\Windows\System\IqMUtoA.exe
  2⤵
  PID:9588
- C:\Windows\System\TYWAXre.exe
  C:\Windows\System\TYWAXre.exe
  2⤵
  PID:9728
- C:\Windows\System\fCGXouY.exe
  C:\Windows\System\fCGXouY.exe
  2⤵
  PID:9836
- C:\Windows\System\CxPqpgj.exe
  C:\Windows\System\CxPqpgj.exe
  2⤵
  PID:9952
- C:\Windows\System\teeFRiy.exe
  C:\Windows\System\teeFRiy.exe
  2⤵
  PID:10052
- C:\Windows\System\IqJjIvK.exe
  C:\Windows\System\IqJjIvK.exe
  2⤵
  PID:9212
- C:\Windows\System\jbgaKFA.exe
  C:\Windows\System\jbgaKFA.exe
  2⤵
  PID:1476
- C:\Windows\System\vqIyuWX.exe
  C:\Windows\System\vqIyuWX.exe
  2⤵
  PID:9480
- C:\Windows\System\HyvglET.exe
  C:\Windows\System\HyvglET.exe
  2⤵
  PID:9780
- C:\Windows\System\EaGftMy.exe
  C:\Windows\System\EaGftMy.exe
  2⤵
  PID:10028
- C:\Windows\System\KJEvsbE.exe
  C:\Windows\System\KJEvsbE.exe
  2⤵
  PID:8836
- C:\Windows\System\AZCgerS.exe
  C:\Windows\System\AZCgerS.exe
  2⤵
  PID:9672
- C:\Windows\System\UHHnbbN.exe
  C:\Windows\System\UHHnbbN.exe
  2⤵
  PID:9356
- C:\Windows\System\bWPlcLm.exe
  C:\Windows\System\bWPlcLm.exe
  2⤵
  PID:10248
- C:\Windows\System\ttNAKVq.exe
  C:\Windows\System\ttNAKVq.exe
  2⤵
  PID:10276
- C:\Windows\System\nDHclVG.exe
  C:\Windows\System\nDHclVG.exe
  2⤵
  PID:10296
- C:\Windows\System\xMLgdBB.exe
  C:\Windows\System\xMLgdBB.exe
  2⤵
  PID:10324
- C:\Windows\System\LhxxfZT.exe
  C:\Windows\System\LhxxfZT.exe
  2⤵
  PID:10352
- C:\Windows\System\WnDfcPX.exe
  C:\Windows\System\WnDfcPX.exe
  2⤵
  PID:10388
- C:\Windows\System\eevXukk.exe
  C:\Windows\System\eevXukk.exe
  2⤵
  PID:10408
- C:\Windows\System\pvhdLiU.exe
  C:\Windows\System\pvhdLiU.exe
  2⤵
  PID:10436
- C:\Windows\System\hFRDsUq.exe
  C:\Windows\System\hFRDsUq.exe
  2⤵
  PID:10464
- C:\Windows\System\OJqBdRW.exe
  C:\Windows\System\OJqBdRW.exe
  2⤵
  PID:10492
- C:\Windows\System\ZuYYtoJ.exe
  C:\Windows\System\ZuYYtoJ.exe
  2⤵
  PID:10520
- C:\Windows\System\XsOMlcu.exe
  C:\Windows\System\XsOMlcu.exe
  2⤵
  PID:10548
- C:\Windows\System\ggDDClv.exe
  C:\Windows\System\ggDDClv.exe
  2⤵
  PID:10576
- C:\Windows\System\DMhmonl.exe
  C:\Windows\System\DMhmonl.exe
  2⤵
  PID:10604
- C:\Windows\System\XePdIix.exe
  C:\Windows\System\XePdIix.exe
  2⤵
  PID:10632
- C:\Windows\System\wLjwdrs.exe
  C:\Windows\System\wLjwdrs.exe
  2⤵
  PID:10660
- C:\Windows\System\GmMiQxD.exe
  C:\Windows\System\GmMiQxD.exe
  2⤵
  PID:10688
- C:\Windows\System\eVNdTGx.exe
  C:\Windows\System\eVNdTGx.exe
  2⤵
  PID:10716
- C:\Windows\System\fjWfoWB.exe
  C:\Windows\System\fjWfoWB.exe
  2⤵
  PID:10744
- C:\Windows\System\mphYRFQ.exe
  C:\Windows\System\mphYRFQ.exe
  2⤵
  PID:10772
- C:\Windows\System\cUVawAX.exe
  C:\Windows\System\cUVawAX.exe
  2⤵
  PID:10800
- C:\Windows\System\gTtbEUp.exe
  C:\Windows\System\gTtbEUp.exe
  2⤵
  PID:10828
- C:\Windows\System\ylgXhsy.exe
  C:\Windows\System\ylgXhsy.exe
  2⤵
  PID:10856
- C:\Windows\System\usZcrnJ.exe
  C:\Windows\System\usZcrnJ.exe
  2⤵
  PID:10892
- C:\Windows\System\JmmwBll.exe
  C:\Windows\System\JmmwBll.exe
  2⤵
  PID:10912
- C:\Windows\System\eqZhAsE.exe
  C:\Windows\System\eqZhAsE.exe
  2⤵
  PID:10944
- C:\Windows\System\GeAIcbs.exe
  C:\Windows\System\GeAIcbs.exe
  2⤵
  PID:10968
- C:\Windows\System\NUONRSO.exe
  C:\Windows\System\NUONRSO.exe
  2⤵
  PID:10996
- C:\Windows\System\MIeSSBN.exe
  C:\Windows\System\MIeSSBN.exe
  2⤵
  PID:11024
- C:\Windows\System\KqJPJsj.exe
  C:\Windows\System\KqJPJsj.exe
  2⤵
  PID:11052
- C:\Windows\System\mzpKBIh.exe
  C:\Windows\System\mzpKBIh.exe
  2⤵
  PID:11088
- C:\Windows\System\fmZDjIo.exe
  C:\Windows\System\fmZDjIo.exe
  2⤵
  PID:11108
- C:\Windows\System\CyRtiGR.exe
  C:\Windows\System\CyRtiGR.exe
  2⤵
  PID:11136
- C:\Windows\System\dBJSpbD.exe
  C:\Windows\System\dBJSpbD.exe
  2⤵
  PID:11164
- C:\Windows\System\KLmqyeJ.exe
  C:\Windows\System\KLmqyeJ.exe
  2⤵
  PID:11192
- C:\Windows\System\EJUFAwo.exe
  C:\Windows\System\EJUFAwo.exe
  2⤵
  PID:11220
- C:\Windows\System\wAVXFYE.exe
  C:\Windows\System\wAVXFYE.exe
  2⤵
  PID:11256
- C:\Windows\System\IFWDecj.exe
  C:\Windows\System\IFWDecj.exe
  2⤵
  PID:10288
- C:\Windows\System\xjwvyyj.exe
  C:\Windows\System\xjwvyyj.exe
  2⤵
  PID:10336
- C:\Windows\System\FTzhmQC.exe
  C:\Windows\System\FTzhmQC.exe
  2⤵
  PID:5572
- C:\Windows\System\qfXaDRh.exe
  C:\Windows\System\qfXaDRh.exe
  2⤵
  PID:10448
- C:\Windows\System\EigsnmX.exe
  C:\Windows\System\EigsnmX.exe
  2⤵
  PID:10504
- C:\Windows\System\zlMtssx.exe
  C:\Windows\System\zlMtssx.exe
  2⤵
  PID:10572
- C:\Windows\System\gruYpba.exe
  C:\Windows\System\gruYpba.exe
  2⤵
  PID:10628
- C:\Windows\System\PGXfzSH.exe
  C:\Windows\System\PGXfzSH.exe
  2⤵
  PID:10700
- C:\Windows\System\JaKTKxf.exe
  C:\Windows\System\JaKTKxf.exe
  2⤵
  PID:10764
- C:\Windows\System\eukOZAT.exe
  C:\Windows\System\eukOZAT.exe
  2⤵
  PID:10848
- C:\Windows\System\tjAqoaQ.exe
  C:\Windows\System\tjAqoaQ.exe
  2⤵
  PID:10900
- C:\Windows\System\GgcrhqY.exe
  C:\Windows\System\GgcrhqY.exe
  2⤵
  PID:10960
- C:\Windows\System\ymLaMWc.exe
  C:\Windows\System\ymLaMWc.exe
  2⤵
  PID:11020
- C:\Windows\System\lIQWCig.exe
  C:\Windows\System\lIQWCig.exe
  2⤵
  PID:11096
- C:\Windows\System\VKeawkX.exe
  C:\Windows\System\VKeawkX.exe
  2⤵
  PID:11156
- C:\Windows\System\bkVQZYk.exe
  C:\Windows\System\bkVQZYk.exe
  2⤵
  PID:11216
- C:\Windows\System\NsbCKcX.exe
  C:\Windows\System\NsbCKcX.exe
  2⤵
  PID:10308
- C:\Windows\System\EoLmdoa.exe
  C:\Windows\System\EoLmdoa.exe
  2⤵
  PID:10404
- C:\Windows\System\fnYOckf.exe
  C:\Windows\System\fnYOckf.exe
  2⤵
  PID:10544
- C:\Windows\System\HeUMdYj.exe
  C:\Windows\System\HeUMdYj.exe
  2⤵
  PID:10684
- C:\Windows\System\GzLvFut.exe
  C:\Windows\System\GzLvFut.exe
  2⤵
  PID:10868
- C:\Windows\System\opDpdwP.exe
  C:\Windows\System\opDpdwP.exe
  2⤵
  PID:10988
- C:\Windows\System\haPJSQO.exe
  C:\Windows\System\haPJSQO.exe
  2⤵
  PID:11132
- C:\Windows\System\tdGKitE.exe
  C:\Windows\System\tdGKitE.exe
  2⤵
  PID:10260
- C:\Windows\System\zcNtynu.exe
  C:\Windows\System\zcNtynu.exe
  2⤵
  PID:10616
- C:\Windows\System\fxyQVZe.exe
  C:\Windows\System\fxyQVZe.exe
  2⤵
  PID:10952
- C:\Windows\System\IRwLyTL.exe
  C:\Windows\System\IRwLyTL.exe
  2⤵
  PID:10256
- C:\Windows\System\DdiDtYy.exe
  C:\Windows\System\DdiDtYy.exe
  2⤵
  PID:11076
- C:\Windows\System\FjRmLMX.exe
  C:\Windows\System\FjRmLMX.exe
  2⤵
  PID:10924
- C:\Windows\System\dPSniww.exe
  C:\Windows\System\dPSniww.exe
  2⤵
  PID:11288
- C:\Windows\System\PoncYVQ.exe
  C:\Windows\System\PoncYVQ.exe
  2⤵
  PID:11320
- C:\Windows\System\nzhqgpo.exe
  C:\Windows\System\nzhqgpo.exe
  2⤵
  PID:11344
- C:\Windows\System\CPqXjLG.exe
  C:\Windows\System\CPqXjLG.exe
  2⤵
  PID:11372
- C:\Windows\System\glZnwps.exe
  C:\Windows\System\glZnwps.exe
  2⤵
  PID:11400
- C:\Windows\System\npvqKNR.exe
  C:\Windows\System\npvqKNR.exe
  2⤵
  PID:11428
- C:\Windows\System\acEanAJ.exe
  C:\Windows\System\acEanAJ.exe
  2⤵
  PID:11456
- C:\Windows\System\BkGrPVK.exe
  C:\Windows\System\BkGrPVK.exe
  2⤵
  PID:11484
- C:\Windows\System\edVzWmU.exe
  C:\Windows\System\edVzWmU.exe
  2⤵
  PID:11512
- C:\Windows\System\UAFEcBv.exe
  C:\Windows\System\UAFEcBv.exe
  2⤵
  PID:11540
- C:\Windows\System\oMnqVYE.exe
  C:\Windows\System\oMnqVYE.exe
  2⤵
  PID:11568
- C:\Windows\System\wEsbiAr.exe
  C:\Windows\System\wEsbiAr.exe
  2⤵
  PID:11596
- C:\Windows\System\uXvGplH.exe
  C:\Windows\System\uXvGplH.exe
  2⤵
  PID:11624
- C:\Windows\System\yODJFhm.exe
  C:\Windows\System\yODJFhm.exe
  2⤵
  PID:11652
- C:\Windows\System\kLtsFEQ.exe
  C:\Windows\System\kLtsFEQ.exe
  2⤵
  PID:11680
- C:\Windows\System\tphHhbc.exe
  C:\Windows\System\tphHhbc.exe
  2⤵
  PID:11708
- C:\Windows\System\CcCVIzI.exe
  C:\Windows\System\CcCVIzI.exe
  2⤵
  PID:11736
- C:\Windows\System\EqNtSbh.exe
  C:\Windows\System\EqNtSbh.exe
  2⤵
  PID:11764
- C:\Windows\System\feyTmRZ.exe
  C:\Windows\System\feyTmRZ.exe
  2⤵
  PID:11792
- C:\Windows\System\tfJbeAr.exe
  C:\Windows\System\tfJbeAr.exe
  2⤵
  PID:11820
- C:\Windows\System\sfvgqsO.exe
  C:\Windows\System\sfvgqsO.exe
  2⤵
  PID:11848
- C:\Windows\System\kxvAwOM.exe
  C:\Windows\System\kxvAwOM.exe
  2⤵
  PID:11876
- C:\Windows\System\IKuIAbz.exe
  C:\Windows\System\IKuIAbz.exe
  2⤵
  PID:11904
- C:\Windows\System\AVvHfUC.exe
  C:\Windows\System\AVvHfUC.exe
  2⤵
  PID:11932
- C:\Windows\System\qLeMyUU.exe
  C:\Windows\System\qLeMyUU.exe
  2⤵
  PID:11960
- C:\Windows\System\mPuznCe.exe
  C:\Windows\System\mPuznCe.exe
  2⤵
  PID:11988
- C:\Windows\System\GcfMRUa.exe
  C:\Windows\System\GcfMRUa.exe
  2⤵
  PID:12016
- C:\Windows\System\WtDLssX.exe
  C:\Windows\System\WtDLssX.exe
  2⤵
  PID:12044
- C:\Windows\System\zkXyOrI.exe
  C:\Windows\System\zkXyOrI.exe
  2⤵
  PID:12072
- C:\Windows\System\pVRzRPl.exe
  C:\Windows\System\pVRzRPl.exe
  2⤵
  PID:12100
- C:\Windows\System\ULumyBR.exe
  C:\Windows\System\ULumyBR.exe
  2⤵
  PID:12128
- C:\Windows\System\VYyogsf.exe
  C:\Windows\System\VYyogsf.exe
  2⤵
  PID:12156
- C:\Windows\System\cTmHMnB.exe
  C:\Windows\System\cTmHMnB.exe
  2⤵
  PID:12184
- C:\Windows\System\XOaUFjB.exe
  C:\Windows\System\XOaUFjB.exe
  2⤵
  PID:12212
- C:\Windows\System\fwcSWQd.exe
  C:\Windows\System\fwcSWQd.exe
  2⤵
  PID:12240
- C:\Windows\System\WPoUMDq.exe
  C:\Windows\System\WPoUMDq.exe
  2⤵
  PID:12268
- C:\Windows\System\NxiMMzg.exe
  C:\Windows\System\NxiMMzg.exe
  2⤵
  PID:11284
- C:\Windows\System\sVyVbkZ.exe
  C:\Windows\System\sVyVbkZ.exe
  2⤵
  PID:11356
- C:\Windows\System\zuGHUex.exe
  C:\Windows\System\zuGHUex.exe
  2⤵
  PID:11420
- C:\Windows\System\uXHrxus.exe
  C:\Windows\System\uXHrxus.exe
  2⤵
  PID:11480
- C:\Windows\System\yKGckVf.exe
  C:\Windows\System\yKGckVf.exe
  2⤵
  PID:11552
- C:\Windows\System\PyktAki.exe
  C:\Windows\System\PyktAki.exe
  2⤵
  PID:11616
- C:\Windows\System\BLRCEzS.exe
  C:\Windows\System\BLRCEzS.exe
  2⤵
  PID:11676
- C:\Windows\System\fyVvVGm.exe
  C:\Windows\System\fyVvVGm.exe
  2⤵
  PID:11748
- C:\Windows\System\qICrIpL.exe
  C:\Windows\System\qICrIpL.exe
  2⤵
  PID:11840
- C:\Windows\System\JpiTrrV.exe
  C:\Windows\System\JpiTrrV.exe
  2⤵
  PID:11872
- C:\Windows\System\emYGZDs.exe
  C:\Windows\System\emYGZDs.exe
  2⤵
  PID:11944
- C:\Windows\System\SXUgUFK.exe
  C:\Windows\System\SXUgUFK.exe
  2⤵
  PID:12008
- C:\Windows\System\gCljgPg.exe
  C:\Windows\System\gCljgPg.exe
  2⤵
  PID:12068
- C:\Windows\System\rMcGDkC.exe
  C:\Windows\System\rMcGDkC.exe
  2⤵
  PID:12140
- C:\Windows\System\pFCiXFn.exe
  C:\Windows\System\pFCiXFn.exe
  2⤵
  PID:12204
- C:\Windows\System\gyxCjTQ.exe
  C:\Windows\System\gyxCjTQ.exe
  2⤵
  PID:12264
- C:\Windows\System\lZpFmIT.exe
  C:\Windows\System\lZpFmIT.exe
  2⤵
  PID:11384
- C:\Windows\System\InOoSsI.exe
  C:\Windows\System\InOoSsI.exe
  2⤵
  PID:11532
- C:\Windows\System\FKUeBDD.exe
  C:\Windows\System\FKUeBDD.exe
  2⤵
  PID:11672
- C:\Windows\System\HJlFEGE.exe
  C:\Windows\System\HJlFEGE.exe
  2⤵
  PID:11804
- C:\Windows\System\CnshmjO.exe
  C:\Windows\System\CnshmjO.exe
  2⤵
  PID:11984
- C:\Windows\System\tTToQES.exe
  C:\Windows\System\tTToQES.exe
  2⤵
  PID:12124
- C:\Windows\System\AhBjLlw.exe
  C:\Windows\System\AhBjLlw.exe
  2⤵
  PID:11280
- C:\Windows\System\gHHjCnU.exe
  C:\Windows\System\gHHjCnU.exe
  2⤵
  PID:11644
- C:\Windows\System\RvqPkaH.exe
  C:\Windows\System\RvqPkaH.exe
  2⤵
  PID:11972
- C:\Windows\System\IfzsUoT.exe
  C:\Windows\System\IfzsUoT.exe
  2⤵
  PID:11448
- C:\Windows\System\LHCQYtO.exe
  C:\Windows\System\LHCQYtO.exe
  2⤵
  PID:12252
- C:\Windows\System\XLUjDfO.exe
  C:\Windows\System\XLUjDfO.exe
  2⤵
  PID:11900
- C:\Windows\System\LPCClZp.exe
  C:\Windows\System\LPCClZp.exe
  2⤵
  PID:12316
- C:\Windows\System\LlfHTtP.exe
  C:\Windows\System\LlfHTtP.exe
  2⤵
  PID:12344
- C:\Windows\System\uXfSVka.exe
  C:\Windows\System\uXfSVka.exe
  2⤵
  PID:12372
- C:\Windows\System\nnLActJ.exe
  C:\Windows\System\nnLActJ.exe
  2⤵
  PID:12400
- C:\Windows\System\DWSJGme.exe
  C:\Windows\System\DWSJGme.exe
  2⤵
  PID:12428
- C:\Windows\System\OqPwYmO.exe
  C:\Windows\System\OqPwYmO.exe
  2⤵
  PID:12456
- C:\Windows\System\vrTtROX.exe
  C:\Windows\System\vrTtROX.exe
  2⤵
  PID:12484
- C:\Windows\System\bElLNIM.exe
  C:\Windows\System\bElLNIM.exe
  2⤵
  PID:12512
- C:\Windows\System\TTayqVW.exe
  C:\Windows\System\TTayqVW.exe
  2⤵
  PID:12556
- C:\Windows\System\OmXfbto.exe
  C:\Windows\System\OmXfbto.exe
  2⤵
  PID:12572
- C:\Windows\System\ryFosmp.exe
  C:\Windows\System\ryFosmp.exe
  2⤵
  PID:12600
- C:\Windows\System\qYXOGSk.exe
  C:\Windows\System\qYXOGSk.exe
  2⤵
  PID:12628
- C:\Windows\System\LKrKWcK.exe
  C:\Windows\System\LKrKWcK.exe
  2⤵
  PID:12656
- C:\Windows\System\gepjvAP.exe
  C:\Windows\System\gepjvAP.exe
  2⤵
  PID:12684
- C:\Windows\System\GzQXNEY.exe
  C:\Windows\System\GzQXNEY.exe
  2⤵
  PID:12712
- C:\Windows\System\GGXRkwR.exe
  C:\Windows\System\GGXRkwR.exe
  2⤵
  PID:12740
- C:\Windows\System\lJztzCh.exe
  C:\Windows\System\lJztzCh.exe
  2⤵
  PID:12768
- C:\Windows\System\DlQwvNv.exe
  C:\Windows\System\DlQwvNv.exe
  2⤵
  PID:12796
- C:\Windows\System\QqfTkdw.exe
  C:\Windows\System\QqfTkdw.exe
  2⤵
  PID:12828
- C:\Windows\System\VjhDmuw.exe
  C:\Windows\System\VjhDmuw.exe
  2⤵
  PID:12856
- C:\Windows\System\XzpMrov.exe
  C:\Windows\System\XzpMrov.exe
  2⤵
  PID:12888
- C:\Windows\System\NlSEbyu.exe
  C:\Windows\System\NlSEbyu.exe
  2⤵
  PID:12920
- C:\Windows\System\GizLJrF.exe
  C:\Windows\System\GizLJrF.exe
  2⤵
  PID:12948
- C:\Windows\System\oRJTywd.exe
  C:\Windows\System\oRJTywd.exe
  2⤵
  PID:12980
- C:\Windows\System\BXGsXFj.exe
  C:\Windows\System\BXGsXFj.exe
  2⤵
  PID:13008
- C:\Windows\System\hDBHtdL.exe
  C:\Windows\System\hDBHtdL.exe
  2⤵
  PID:13036
- C:\Windows\System\bpYsEKs.exe
  C:\Windows\System\bpYsEKs.exe
  2⤵
  PID:13064
- C:\Windows\System\PMSMltx.exe
  C:\Windows\System\PMSMltx.exe
  2⤵
  PID:13092
- C:\Windows\System\OKogvyX.exe
  C:\Windows\System\OKogvyX.exe
  2⤵
  PID:13120
- C:\Windows\System\nprwiuF.exe
  C:\Windows\System\nprwiuF.exe
  2⤵
  PID:13148
- C:\Windows\System\qHdNDJk.exe
  C:\Windows\System\qHdNDJk.exe
  2⤵
  PID:13176
- C:\Windows\System\AVaoqFk.exe
  C:\Windows\System\AVaoqFk.exe
  2⤵
  PID:13204
- C:\Windows\System\qrqwUdo.exe
  C:\Windows\System\qrqwUdo.exe
  2⤵
  PID:13232
- C:\Windows\System\AAriSgz.exe
  C:\Windows\System\AAriSgz.exe
  2⤵
  PID:13260
- C:\Windows\System\EfWDPDw.exe
  C:\Windows\System\EfWDPDw.exe
  2⤵
  PID:13300
- C:\Windows\System\RIzpEAA.exe
  C:\Windows\System\RIzpEAA.exe
  2⤵
  PID:12328
- C:\Windows\System\UJfbyIK.exe
  C:\Windows\System\UJfbyIK.exe
  2⤵
  PID:12392
- C:\Windows\System\jufNZOv.exe
  C:\Windows\System\jufNZOv.exe
  2⤵
  PID:12452
- C:\Windows\System\pxvROhJ.exe
  C:\Windows\System\pxvROhJ.exe
  2⤵
  PID:12552
- C:\Windows\System\rCOtnFm.exe
  C:\Windows\System\rCOtnFm.exe
  2⤵
  PID:12592
- C:\Windows\System\RyiTvrB.exe
  C:\Windows\System\RyiTvrB.exe
  2⤵
  PID:12652
- C:\Windows\System\JraRzpR.exe
  C:\Windows\System\JraRzpR.exe
  2⤵
  PID:12708
- C:\Windows\System\VSpjMnK.exe
  C:\Windows\System\VSpjMnK.exe
  2⤵
  PID:12780
- C:\Windows\System\xOBYalZ.exe
  C:\Windows\System\xOBYalZ.exe
  2⤵
  PID:12840
- C:\Windows\System\toEiDOh.exe
  C:\Windows\System\toEiDOh.exe
  2⤵
  PID:12900
- C:\Windows\System\KamVcRe.exe
  C:\Windows\System\KamVcRe.exe
  2⤵
  PID:12972
- C:\Windows\System\SRVRgaA.exe
  C:\Windows\System\SRVRgaA.exe
  2⤵
  PID:13028
- C:\Windows\System\BSVVJAx.exe
  C:\Windows\System\BSVVJAx.exe
  2⤵
  PID:13088
- C:\Windows\System\AXDoXyf.exe
  C:\Windows\System\AXDoXyf.exe
  2⤵
  PID:13160
- C:\Windows\System\kYVZuAP.exe
  C:\Windows\System\kYVZuAP.exe
  2⤵
  PID:13224
- C:\Windows\System\RDjeNJC.exe
  C:\Windows\System\RDjeNJC.exe
  2⤵
  PID:13288
- C:\Windows\System\KLIqmcF.exe
  C:\Windows\System\KLIqmcF.exe
  2⤵
  PID:12420
- C:\Windows\System\gTPmPYg.exe
  C:\Windows\System\gTPmPYg.exe
  2⤵
  PID:12568
- C:\Windows\System\OjSzSJk.exe
  C:\Windows\System\OjSzSJk.exe
  2⤵
  PID:12704
- C:\Windows\System\nSSwDTK.exe
  C:\Windows\System\nSSwDTK.exe
  2⤵
  PID:12820
- C:\Windows\System\HFLzvCj.exe
  C:\Windows\System\HFLzvCj.exe
  2⤵
  PID:12944
- C:\Windows\System\HNidJLR.exe
  C:\Windows\System\HNidJLR.exe
  2⤵
  PID:13116
- C:\Windows\System\PShyyvI.exe
  C:\Windows\System\PShyyvI.exe
  2⤵
  PID:13272
- C:\Windows\System\WjDTUlc.exe
  C:\Windows\System\WjDTUlc.exe
  2⤵
  PID:12524
- C:\Windows\System\dSDiBis.exe
  C:\Windows\System\dSDiBis.exe
  2⤵
  PID:12880
- C:\Windows\System\VqBRfnV.exe
  C:\Windows\System\VqBRfnV.exe
  2⤵
  PID:964
- C:\Windows\System\gsrlHzj.exe
  C:\Windows\System\gsrlHzj.exe
  2⤵
  PID:12676
- C:\Windows\System\rWfrthI.exe
  C:\Windows\System\rWfrthI.exe
  2⤵
  PID:4488
- C:\Windows\System\fNifECV.exe
  C:\Windows\System\fNifECV.exe
  2⤵
  PID:3644
- C:\Windows\System\BHjpqkC.exe
  C:\Windows\System\BHjpqkC.exe
  2⤵
  PID:2740
- C:\Windows\System\Rklladc.exe
  C:\Windows\System\Rklladc.exe
  2⤵
  PID:4064
- C:\Windows\System\KAEJCAR.exe
  C:\Windows\System\KAEJCAR.exe
  2⤵
  PID:13332
- C:\Windows\System\kLwhIcm.exe
  C:\Windows\System\kLwhIcm.exe
  2⤵
  PID:13360
- C:\Windows\System\ARrSULl.exe
  C:\Windows\System\ARrSULl.exe
  2⤵
  PID:13388
- C:\Windows\System\tvcbrdN.exe
  C:\Windows\System\tvcbrdN.exe
  2⤵
  PID:13424
- C:\Windows\System\gNceUSk.exe
  C:\Windows\System\gNceUSk.exe
  2⤵
  PID:13448
- C:\Windows\System\HCTDTnr.exe
  C:\Windows\System\HCTDTnr.exe
  2⤵
  PID:13488
- C:\Windows\System\RSoxIDE.exe
  C:\Windows\System\RSoxIDE.exe
  2⤵
  PID:13508
- C:\Windows\System\HpdsySf.exe
  C:\Windows\System\HpdsySf.exe
  2⤵
  PID:13536
- C:\Windows\System\kSrFGIY.exe
  C:\Windows\System\kSrFGIY.exe
  2⤵
  PID:13564
- C:\Windows\System\MQItIOc.exe
  C:\Windows\System\MQItIOc.exe
  2⤵
  PID:13608
- C:\Windows\System\PHxQLLT.exe
  C:\Windows\System\PHxQLLT.exe
  2⤵
  PID:13632
- C:\Windows\System\OZHSjZT.exe
  C:\Windows\System\OZHSjZT.exe
  2⤵
  PID:13668
- C:\Windows\System\QgnnGic.exe
  C:\Windows\System\QgnnGic.exe
  2⤵
  PID:13688
- C:\Windows\System\SJNJroX.exe
  C:\Windows\System\SJNJroX.exe
  2⤵
  PID:13716
- C:\Windows\System\AKNFUGl.exe
  C:\Windows\System\AKNFUGl.exe
  2⤵
  PID:13768
- C:\Windows\System\tdzOQWG.exe
  C:\Windows\System\tdzOQWG.exe
  2⤵
  PID:13808
- C:\Windows\System\rkcZqBV.exe
  C:\Windows\System\rkcZqBV.exe
  2⤵
  PID:13824
- C:\Windows\System\eqjPwCQ.exe
  C:\Windows\System\eqjPwCQ.exe
  2⤵
  PID:13852
- C:\Windows\System\tIXqIvx.exe
  C:\Windows\System\tIXqIvx.exe
  2⤵
  PID:13892
- C:\Windows\System\bBWtogg.exe
  C:\Windows\System\bBWtogg.exe
  2⤵
  PID:13908
- C:\Windows\System\YWhEMIu.exe
  C:\Windows\System\YWhEMIu.exe
  2⤵
  PID:13940
- C:\Windows\System\jfqVZAF.exe
  C:\Windows\System\jfqVZAF.exe
  2⤵
  PID:13968
- C:\Windows\System\ALKINlR.exe
  C:\Windows\System\ALKINlR.exe
  2⤵
  PID:13996
- C:\Windows\System\HlXOzRd.exe
  C:\Windows\System\HlXOzRd.exe
  2⤵
  PID:14024
- C:\Windows\System\NsjgzPY.exe
  C:\Windows\System\NsjgzPY.exe
  2⤵
  PID:14052
- C:\Windows\System\wOCRhVz.exe
  C:\Windows\System\wOCRhVz.exe
  2⤵
  PID:14080
- C:\Windows\System\XOFNQhj.exe
  C:\Windows\System\XOFNQhj.exe
  2⤵
  PID:14120
- C:\Windows\System\dIlecIw.exe
  C:\Windows\System\dIlecIw.exe
  2⤵
  PID:14136
- C:\Windows\System\gbBvQEy.exe
  C:\Windows\System\gbBvQEy.exe
  2⤵
  PID:14164
- C:\Windows\System\RMeHpJy.exe
  C:\Windows\System\RMeHpJy.exe
  2⤵
  PID:14192
- C:\Windows\System\QzsOfku.exe
  C:\Windows\System\QzsOfku.exe
  2⤵
  PID:14220
- C:\Windows\System\sAjfzKO.exe
  C:\Windows\System\sAjfzKO.exe
  2⤵
  PID:14248
- C:\Windows\System\AKKTcqw.exe
  C:\Windows\System\AKKTcqw.exe
  2⤵
  PID:14276
- C:\Windows\System\veCezGx.exe
  C:\Windows\System\veCezGx.exe
  2⤵
  PID:14304
- C:\Windows\System\garNcIG.exe
  C:\Windows\System\garNcIG.exe
  2⤵
  PID:14332
- C:\Windows\System\iasyiuM.exe
  C:\Windows\System\iasyiuM.exe
  2⤵
  PID:12812
- C:\Windows\System\isUYvaU.exe
  C:\Windows\System\isUYvaU.exe
  2⤵
  PID:13412
- C:\Windows\System\aHcJNrO.exe
  C:\Windows\System\aHcJNrO.exe
  2⤵
  PID:876
- C:\Windows\System\ZeHrgLK.exe
  C:\Windows\System\ZeHrgLK.exe
  2⤵
  PID:13528
- C:\Windows\System\hFnkaBU.exe
  C:\Windows\System\hFnkaBU.exe
  2⤵
  PID:2888
- C:\Windows\System\HeljFSs.exe
  C:\Windows\System\HeljFSs.exe
  2⤵
  PID:3720
- C:\Windows\System\nZHSMOi.exe
  C:\Windows\System\nZHSMOi.exe
  2⤵
  PID:1824
- C:\Windows\System\BpkADLE.exe
  C:\Windows\System\BpkADLE.exe
  2⤵
  PID:5068
- C:\Windows\System\mPjgstW.exe
  C:\Windows\System\mPjgstW.exe
  2⤵
  PID:13748
- C:\Windows\System\azPdYXb.exe
  C:\Windows\System\azPdYXb.exe
  2⤵
  PID:13792
- C:\Windows\System\tyoxeeW.exe
  C:\Windows\System\tyoxeeW.exe
  2⤵
  PID:4896
- C:\Windows\System\bHlGhXw.exe
  C:\Windows\System\bHlGhXw.exe
  2⤵
  PID:13844
- C:\Windows\System\DhpWmbE.exe
  C:\Windows\System\DhpWmbE.exe
  2⤵
  PID:13888
- C:\Windows\System\jzeebZT.exe
  C:\Windows\System\jzeebZT.exe
  2⤵
  PID:13920
- C:\Windows\System\FglfHLd.exe
  C:\Windows\System\FglfHLd.exe
  2⤵
  PID:13988
- C:\Windows\System\sPwGYfT.exe
  C:\Windows\System\sPwGYfT.exe
  2⤵
  PID:14016
- C:\Windows\System\oivqtkL.exe
  C:\Windows\System\oivqtkL.exe
  2⤵
  PID:3364
- C:\Windows\System\txMnTZQ.exe
  C:\Windows\System\txMnTZQ.exe
  2⤵
  PID:5716
- C:\Windows\System\wmPTfyI.exe
  C:\Windows\System\wmPTfyI.exe
  2⤵
  PID:4180
- C:\Windows\System\tvlmaee.exe
  C:\Windows\System\tvlmaee.exe
  2⤵
  PID:14156
- C:\Windows\System\YLrCMSC.exe
  C:\Windows\System\YLrCMSC.exe
  2⤵
  PID:14188
- C:\Windows\System\dPxKxha.exe
  C:\Windows\System\dPxKxha.exe
  2⤵
  PID:14260
- C:\Windows\System\ickahGb.exe
  C:\Windows\System\ickahGb.exe
  2⤵
  PID:1200
- C:\Windows\System\HjvBTrQ.exe
  C:\Windows\System\HjvBTrQ.exe
  2⤵
  PID:14324
- C:\Windows\System\gFZXFfB.exe
  C:\Windows\System\gFZXFfB.exe
  2⤵
  PID:13380
- C:\Windows\System\jkWeYqy.exe
  C:\Windows\System\jkWeYqy.exe
  2⤵
  PID:13460
- C:\Windows\System\tFLVSQW.exe
  C:\Windows\System\tFLVSQW.exe
  2⤵
  PID:1668
- C:\Windows\System\HbNOKYK.exe
  C:\Windows\System\HbNOKYK.exe
  2⤵
  PID:2464
- C:\Windows\System\RQfZqYC.exe
  C:\Windows\System\RQfZqYC.exe
  2⤵
  PID:4188
- C:\Windows\System\tqpKseZ.exe
  C:\Windows\System\tqpKseZ.exe
  2⤵
  PID:6052
- C:\Windows\System\YeOHtZD.exe
  C:\Windows\System\YeOHtZD.exe
  2⤵
  PID:1984
- C:\Windows\System\fVDFmjx.exe
  C:\Windows\System\fVDFmjx.exe
  2⤵
  PID:4400
- C:\Windows\System\ADOChxo.exe
  C:\Windows\System\ADOChxo.exe
  2⤵
  PID:13820
- C:\Windows\System\aUyjWgc.exe
  C:\Windows\System\aUyjWgc.exe
  2⤵
  PID:5316
- C:\Windows\System\JxsQJGz.exe
  C:\Windows\System\JxsQJGz.exe
  2⤵
  PID:13652
- C:\Windows\System\KvHhgJM.exe
  C:\Windows\System\KvHhgJM.exe
  2⤵
  PID:2228
- C:\Windows\System\CylJdCn.exe
  C:\Windows\System\CylJdCn.exe
  2⤵
  PID:14064
- C:\Windows\System\jnVAtao.exe
  C:\Windows\System\jnVAtao.exe
  2⤵
  PID:14092
- C:\Windows\System\CTeRYTL.exe
  C:\Windows\System\CTeRYTL.exe
  2⤵
  PID:14160
- C:\Windows\System\AFDlllc.exe
  C:\Windows\System\AFDlllc.exe
  2⤵
  PID:14216
- C:\Windows\System\osGpFwq.exe
  C:\Windows\System\osGpFwq.exe
  2⤵
  PID:4804
- C:\Windows\System\SjsveBu.exe
  C:\Windows\System\SjsveBu.exe
  2⤵
  PID:5448
- C:\Windows\System\DGmMeFW.exe
  C:\Windows\System\DGmMeFW.exe
  2⤵
  PID:13444
- C:\Windows\System\wioJLbF.exe
  C:\Windows\System\wioJLbF.exe
  2⤵
  PID:5592
- C:\Windows\System\RXIPuLy.exe
  C:\Windows\System\RXIPuLy.exe
  2⤵
  PID:13680
- C:\Windows\System\MvXqARq.exe
  C:\Windows\System\MvXqARq.exe
  2⤵
  PID:3180
- C:\Windows\System\TFOoULg.exe
  C:\Windows\System\TFOoULg.exe
  2⤵
  PID:3780
- C:\Windows\System\VCHYRrZ.exe
  C:\Windows\System\VCHYRrZ.exe
  2⤵
  PID:13284
- C:\Windows\System\dIoWgQw.exe
  C:\Windows\System\dIoWgQw.exe
  2⤵
  PID:3044
- C:\Windows\System\nBgRtry.exe
  C:\Windows\System\nBgRtry.exe
  2⤵
  PID:14044
- C:\Windows\System\vnaTgsf.exe
  C:\Windows\System\vnaTgsf.exe
  2⤵
  PID:4600
- C:\Windows\System\oCcGRKm.exe
  C:\Windows\System\oCcGRKm.exe
  2⤵
  PID:2560
- C:\Windows\System\mgUYizw.exe
  C:\Windows\System\mgUYizw.exe
  2⤵
  PID:13648
- C:\Windows\System\WgOFiVE.exe
  C:\Windows\System\WgOFiVE.exe
  2⤵
  PID:5712
- C:\Windows\System\RkLveBM.exe
  C:\Windows\System\RkLveBM.exe
  2⤵
  PID:3264
- C:\Windows\System\ysspyfl.exe
  C:\Windows\System\ysspyfl.exe
  2⤵
  PID:5440
- C:\Windows\System\ECtgpjW.exe
  C:\Windows\System\ECtgpjW.exe
  2⤵
  PID:4740
- C:\Windows\System\eLKbebb.exe
  C:\Windows\System\eLKbebb.exe
  2⤵
  PID:13756
- C:\Windows\System\oQVwJlR.exe
  C:\Windows\System\oQVwJlR.exe
  2⤵
  PID:3732
- C:\Windows\System\TKKFjJM.exe
  C:\Windows\System\TKKFjJM.exe
  2⤵
  PID:5452
- C:\Windows\System\VtSyBHH.exe
  C:\Windows\System\VtSyBHH.exe
  2⤵
  PID:13352
- C:\Windows\System\BArpxRw.exe
  C:\Windows\System\BArpxRw.exe
  2⤵
  PID:13764
- C:\Windows\System\eGoBPRN.exe
  C:\Windows\System\eGoBPRN.exe
  2⤵
  PID:2100
- C:\Windows\System\apmCOsu.exe
  C:\Windows\System\apmCOsu.exe
  2⤵
  PID:3360
- C:\Windows\System\dPrsZHh.exe
  C:\Windows\System\dPrsZHh.exe
  2⤵
  PID:5308
- C:\Windows\System\LeKnmYl.exe
  C:\Windows\System\LeKnmYl.exe
  2⤵
  PID:13504
- C:\Windows\System\vJYkXOW.exe
  C:\Windows\System\vJYkXOW.exe
  2⤵
  PID:4432
- C:\Windows\System\xFFwHlm.exe
  C:\Windows\System\xFFwHlm.exe
  2⤵
  PID:4084
- C:\Windows\System\PZrWJsk.exe
  C:\Windows\System\PZrWJsk.exe
  2⤵
  PID:3876
- C:\Windows\System\HQjZiaS.exe
  C:\Windows\System\HQjZiaS.exe
  2⤵
  PID:5788
- C:\Windows\System\dktUWoX.exe
  C:\Windows\System\dktUWoX.exe
  2⤵
  PID:5892
- C:\Windows\System\ccjkmnD.exe
  C:\Windows\System\ccjkmnD.exe
  2⤵
  PID:13664
- C:\Windows\System\qrlkpuV.exe
  C:\Windows\System\qrlkpuV.exe
  2⤵
  PID:5008
- C:\Windows\System\PtWeHFl.exe
  C:\Windows\System\PtWeHFl.exe
  2⤵
  PID:932
- C:\Windows\System\oDuTEcb.exe
  C:\Windows\System\oDuTEcb.exe
  2⤵
  PID:14356
- C:\Windows\System\mTBxxyx.exe
  C:\Windows\System\mTBxxyx.exe
  2⤵
  PID:14384
- C:\Windows\System\UswmVKT.exe
  C:\Windows\System\UswmVKT.exe
  2⤵
  PID:14412
- C:\Windows\System\DZlsFBZ.exe
  C:\Windows\System\DZlsFBZ.exe
  2⤵
  PID:14440
- C:\Windows\System\kxaUWXc.exe
  C:\Windows\System\kxaUWXc.exe
  2⤵
  PID:14480
- C:\Windows\System\ztosFmr.exe
  C:\Windows\System\ztosFmr.exe
  2⤵
  PID:14496
- C:\Windows\System\yiZZNAx.exe
  C:\Windows\System\yiZZNAx.exe
  2⤵
  PID:14524
- C:\Windows\System\EcAqiFK.exe
  C:\Windows\System\EcAqiFK.exe
  2⤵
  PID:14552
- C:\Windows\System\oQXmmdO.exe
  C:\Windows\System\oQXmmdO.exe
  2⤵
  PID:14580
- C:\Windows\System\aBCQKKz.exe
  C:\Windows\System\aBCQKKz.exe
  2⤵
  PID:14608
- C:\Windows\System\DWBWkzu.exe
  C:\Windows\System\DWBWkzu.exe
  2⤵
  PID:14656
- C:\Windows\System\ZxNqhrd.exe
  C:\Windows\System\ZxNqhrd.exe
  2⤵
  PID:14872
- C:\Windows\System\PhyZGcy.exe
  C:\Windows\System\PhyZGcy.exe
  2⤵
  PID:14964
- C:\Windows\System\jyFuYPz.exe
  C:\Windows\System\jyFuYPz.exe
  2⤵
  PID:15008
- C:\Windows\System\LXVGsQv.exe
  C:\Windows\System\LXVGsQv.exe
  2⤵
  PID:15036
- C:\Windows\System\PnRBCYV.exe
  C:\Windows\System\PnRBCYV.exe
  2⤵
  PID:15076
- C:\Windows\System\MUZmuSe.exe
  C:\Windows\System\MUZmuSe.exe
  2⤵
  PID:15104
- C:\Windows\System\XfnHiVt.exe
  C:\Windows\System\XfnHiVt.exe
  2⤵
  PID:15136
- C:\Windows\System\vrmkdhM.exe
  C:\Windows\System\vrmkdhM.exe
  2⤵
  PID:15172
- C:\Windows\System\pHYfVvp.exe
  C:\Windows\System\pHYfVvp.exe
  2⤵
  PID:15200
- C:\Windows\System\OdpDQvJ.exe
  C:\Windows\System\OdpDQvJ.exe
  2⤵
  PID:15228
- C:\Windows\System\MifQIJK.exe
  C:\Windows\System\MifQIJK.exe
  2⤵
  PID:15260
- C:\Windows\System\EhFVoiI.exe
  C:\Windows\System\EhFVoiI.exe
  2⤵
  PID:15288
- C:\Windows\System\RXMWVSx.exe
  C:\Windows\System\RXMWVSx.exe
  2⤵
  PID:15328
- C:\Windows\System\biOuqAg.exe
  C:\Windows\System\biOuqAg.exe
  2⤵
  PID:4548
- C:\Windows\System\DnvvLtU.exe
  C:\Windows\System\DnvvLtU.exe
  2⤵
  PID:2976
- C:\Windows\System\GhGfEgb.exe
  C:\Windows\System\GhGfEgb.exe
  2⤵
  PID:14476
- C:\Windows\System\obUHytz.exe
  C:\Windows\System\obUHytz.exe
  2⤵
  PID:14536
- C:\Windows\System\mqekYVV.exe
  C:\Windows\System\mqekYVV.exe
  2⤵
  PID:14600
- C:\Windows\System\hxmEiYU.exe
  C:\Windows\System\hxmEiYU.exe
  2⤵
  PID:14652
- C:\Windows\System\lEpsXLo.exe
  C:\Windows\System\lEpsXLo.exe
  2⤵
  PID:14760
- C:\Windows\System\pvSGPTy.exe
  C:\Windows\System\pvSGPTy.exe
  2⤵
  PID:14780
- C:\Windows\System\NPyAmbA.exe
  C:\Windows\System\NPyAmbA.exe
  2⤵
  PID:14784
- C:\Windows\System\byFqMAw.exe
  C:\Windows\System\byFqMAw.exe
  2⤵
  PID:14820
- C:\Windows\System\cWPSudY.exe
  C:\Windows\System\cWPSudY.exe
  2⤵
  PID:3352

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:14880
- C:\Windows\explorer.exe
  explorer.exe /LOADSAVEDWINDOWS
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:14548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AcafZKe.exe

Filesize
6.0MB

MD5
c85ff13a97511b8acc447e3bf16c657a

SHA1
782ba082594de05fc7d93de7f6183332eb6e2e17

SHA256
ca61f87f25eea00cb1c0329d505edd441fc82a8a27c487c19e8760ab0e14ef60

SHA512
b3a36d83259d0aebc16ed488c1bc7ec392b299a23d67a0f53a42c283bdf0ceb326a357cb30e9457b2252b201fe607b21183aff0c0c719062d1ed5c4d5d8fd7ca

Download Submit
C:\Windows\System\BFkhkbN.exe

Filesize
6.0MB

MD5
90151737c8d5cd83548eff26f52c97c4

SHA1
10610286f1fcd5cb0e42c160ce6d8d41b2335979

SHA256
6d78bb8de9752032fbaf67e84651ca4c57fa265063c424e8aef114e7f10961ab

SHA512
092c8105285828f652a4c87db21097e68a891a3ceaec04e40b6a477e077ab75ee41f3d74d7e21a214d93d1fef609164d15b7c082aa09a9707c8f18e7a7a89ef5

Download Submit
C:\Windows\System\BsCRRdR.exe

Filesize
6.0MB

MD5
3c2f376da18fadfe13135112a8f07ace

SHA1
4ff2d818ad2bf789afea35a7b3c8d7f6f5785942

SHA256
9da2c244dace27b2c52181920dfceffc64ac567b1510884a2dd11c12bf3fac80

SHA512
8be4714f67375383211389d206c33f955f8dd4dabdb8c3c832b8c33ff0e47655963d09fceea66cd21cf4ebf1baa7617426ba3852c28d5517d31c8275e581c8e7

Download Submit
C:\Windows\System\DIvsLVw.exe

Filesize
6.0MB

MD5
bfb5e232a96684013b7739fb0341b16f

SHA1
d100b42265162d0ab16dc2cf0df12d103424bb67

SHA256
95738df74af5ff451c157fe885a8555ebc9274c4dd1c9f283b13aff3f3e7cd7f

SHA512
3edffded9b8d352b4fbee81fc500307b0743dfdfe266f200fbfd645b41107aafa4bba7438c550879acb55520a8a7f18c83de4b32ddfcc7ae9b987c443cdc83ea

Download Submit
C:\Windows\System\GwlupfT.exe

Filesize
6.0MB

MD5
c4a8d8a8ce86d3e16e19b6fae75fa526

SHA1
eb28b63fafc4012717396a7f5f0d2ac970b336a1

SHA256
3aed065655a44f1ca4bdd57df96e37b6827e183636288a44eb751dd27ab0ae76

SHA512
48789bd6830848b724dd1d579c352225a61ff747f8ceb62265d41023c3727f4238907de8e8debe8091c2b89e8532002520f28dd7bcf727bbae47fcfd22dbf72e

Download Submit
C:\Windows\System\HPpfOmh.exe

Filesize
6.0MB

MD5
cfcbae117d13ca5bc6e83904f9deebf0

SHA1
d145bc923d41b5c5abb7114fa17e96537c12be4c

SHA256
ab1e2035a3b006ec77763a3ea2c27e14d313a6abb24c76a0a9529411108a16b2

SHA512
056408233397321cd3068cc42713972ad0583d122a6ca2f99e0e9c02667c78666dac7423ee92f5a8247af34338b09cb0765ebe7167c67468e702b0973aec0137

Download Submit
C:\Windows\System\JnfJaoM.exe

Filesize
6.0MB

MD5
e7d7b3e19889f2c60a91f5e6c810fb05

SHA1
39bc86b0a5262a2f9c0a8c0690d15feeb19b1c42

SHA256
04427cfc57305ca8c4f04378109d7aaa86d46c67ec3b38882f882fcbb3932d88

SHA512
7fd9b004c31090d6a220425db05b26d5b542084ae409a4104d87766c41c849f1087dcebcf608ca3215a5021eb93fe8933966472522745e03639f0486670e1857

Download Submit
C:\Windows\System\KdNhZqe.exe

Filesize
6.0MB

MD5
2063c84c9d7d37ba4235af9811b46f58

SHA1
b1f2a420d48626adebde179ce09db71f109ef881

SHA256
d77c38c92b3b88349a9b7a7be4732d280b81572f054e201881f74990a0c17245

SHA512
0f5ea90f4107a545f02228f421065ddba176d4002174c1eac2399736146e8659e429121950a189fcf8c2501740beb2f8adc6532c446b10ebb51b706fe066d51c

Download Submit
C:\Windows\System\QkcxMQu.exe

Filesize
6.0MB

MD5
dc641ed10a2539c21ee6fcb5e9963ac7

SHA1
7674860a46a5902544c90dc0c326b6e142194679

SHA256
40b117682d12b37935d3ace5bc965ed03de60cdaf7a1ceccf874e5f3e59ef5f6

SHA512
5a0c115ab1ac66f714b8d89d8de7b30268fa4b41c3e7fc0849a011ba2f3000e7d4449f35a19fa79e141438280e1b1039eaf840a6d6b6e648586dd06415932d85

Download Submit
C:\Windows\System\QyfowDw.exe

Filesize
6.0MB

MD5
9559e294518d5f2116db56f8fa91a3af

SHA1
69dd5a410504b9a808f5ef11ec4827da06d16d73

SHA256
50b9063edd8b174b36cb693a1750375070bf13f8677165cb93e9dbf273e42d87

SHA512
55d4f45a76ad64be724e1e2b590993894ee2afa3a03b82c51416da1762a042b6f6c4f2054a4639c8d56be4e5d2f339e7ae8c13f101be835b5e91c596a15c16f7

Download Submit
C:\Windows\System\VRGdpmX.exe

Filesize
6.0MB

MD5
3b2c384a154029420c594a8eda84e54d

SHA1
d2b7fb1e8cf3d858622708c5087078707ce4b3b9

SHA256
dc82caf511b0c32a59e67c6e9908695c32465418afb177c2426af533ac75d818

SHA512
ee3589ce39db4f5f6e07d70725409cb514800c21e71529d01c6402adc21848b3667e1511d246218680f6a2f9b4d6d7b7e845112b60a0013145e076b5f2f7d4b5

Download Submit
C:\Windows\System\WONPSJy.exe

Filesize
6.0MB

MD5
f213afdc7f7813ed9e8b019d5d33a8c6

SHA1
1db4d028b8676728a9348c44d0dd3a2f33c75feb

SHA256
f52988c0ac3519858ddba014b9080fd5125db3057bd059bbc9b56b628cf10ebe

SHA512
023a6030ecf01684407d8dda352631f906f1b763f3f1e9eea4dd5abd6f79fc7ee51c46cd92b102acd197d4eca8a0aa677d85810840b034e92b251ae95f91f042

Download Submit
C:\Windows\System\XWmjLuw.exe

Filesize
6.0MB

MD5
d97de18b3d2cea26c677b6d308415142

SHA1
49740feaf68e0f3e6fc6240156ca9de57a7a54a3

SHA256
e72dec743d49dd84543807b510114a93ee014005e8f6ba04914604779399a997

SHA512
0c1cd424c3999d09f02b7ee9c78b955c3e4075632cae7ec7c82fe73574ab4946b4ee8c77da24d90bdeace935568d9398e1cb96330315b2f2f8f403c4cc310b4a

Download Submit
C:\Windows\System\aXnFdJj.exe

Filesize
6.0MB

MD5
2edfbd69fa2e8a626797eb158e3b5864

SHA1
4cf200fb8436ffbcc7c7be9d2cb2471f9f62713c

SHA256
f0474f5b3b94b7c489c68bec6d558324906bc28e29566921d4e41537f008251b

SHA512
2fb4bc0c84d44a0339e42982f018d4e433fb24774d1caac285b2f40c0a04fa186d4f6eed66261c9afd44ff2945eaeca5ee18d5ee2421e416b0cbb26d85f756a7

Download Submit
C:\Windows\System\blEIgEH.exe

Filesize
6.0MB

MD5
462331202a553f0cab797b2a30c7a290

SHA1
6fec9c5d6bdd7112990af1cd47f0e8491760bda5

SHA256
3fc1b47b94bbdbd90fa409bd59cb1340600f43e4fd2179196a6b75c8b1ac75ff

SHA512
96c948001cc1319a54edffc243023dcc12edf8507aa4a629d73b2d9ba599ebdaa1afa37eb85c9f3518ba00029f2034daba9e6775858e654ea77b0414596ac998

Download Submit
C:\Windows\System\fPcnQlv.exe

Filesize
6.0MB

MD5
836b419e3eaf11f187f2b6e40043a29a

SHA1
4e79f04e57c90bbd8f06bf3620b572d98a029b87

SHA256
5c495f0e9e109ab667548e53990cee6c6fea066138c390ae2df4a31d0454aa12

SHA512
3584edabe4c9ce7382cc33408bf5b97141a64f8b516733708d5a86fac4380d78b57da0f6a9b2456ece2bb0097b564326c79054c2eb250c099609c88011521697

Download Submit
C:\Windows\System\fUKyyON.exe

Filesize
6.0MB

MD5
14f531d32fee6a764261fd12afa11211

SHA1
223b3ed2a3d34da51595bf9ff894708edbec50a5

SHA256
49edbaee515e21cb5a67619313f3554f623b36553f5d26780d2eb8e936709cec

SHA512
2c26acd3e1102e26a6606794f07036930e0aa48a00f3413bb2f760f922ad44bb193e562dabdf704d6a6f230304c2b6133e2c0a41b1955017ca21caeb9c069f3f

Download Submit
C:\Windows\System\kBgcorp.exe

Filesize
6.0MB

MD5
735434924a2a6c5c1ab9359d47e15b35

SHA1
1e0546aeb2c88f3be18aa9dbcd203405244019e0

SHA256
6fb6d9f9db93fed162ac7d9e6f5f5f42c3fea71aff6363b74ffabb080c261d4f

SHA512
85f9b72dc68d01521a288f3ad4f83f24741138be1b1c690797dee059f14881111f4310332ec6215fec57bc0596c787f2021907574f487256327689b71228dcf4

Download Submit
C:\Windows\System\kyqQFQb.exe

Filesize
6.0MB

MD5
041efa4994406a905a02a125cc941458

SHA1
92e654fa5cbe74f47e4ee2b6594eac77d76c7d9b

SHA256
42598db1bbb9d4e4f29c79ee553b5f3c57ad296b8e58b0c6719341714e631ebc

SHA512
63213f9892671b25750b2e0b94f70f27070bebe999763122f719e22680583738fc7c2e68e6420467a0117df990b4f4d7aa31aba7884d4c01f533b4fa6160a80e

Download Submit
C:\Windows\System\mDHujLh.exe

Filesize
6.0MB

MD5
fc3faf2620f5c99007c9941347dc7f48

SHA1
83d96e23c8efc9e19df7aa4a03e0e78fb249c180

SHA256
27d11cc0c63cfa1c3f2d23c69e757c77e435ae29d2d52a110d4d677a6ffa3cca

SHA512
c1faaa698d273961635d404cb7ef61e1a0b9da747377ca0e3d3364b0e6a5e8463c39176b1baccb243823f756316c799a5a007a809e97e0ec19a53db6fb014c37

Download Submit
C:\Windows\System\msuHZTW.exe

Filesize
6.0MB

MD5
3c99942173c9fc55978d7bd612e2e1a4

SHA1
f47f17aa96f001dd6c3a00b06855412117ede74e

SHA256
295b40471d05bdeeb6b6fffd3e724009baf202682f6b9177f29852678821a256

SHA512
9a238f62a2faf6fe8f28c4cb0aadc064ad8fc0ee765c2f96d21fa3a5d203663071c964fa5d73a06d7cead9cbe0bb956a6c211750b221d05d0df2ce1d4cb832d5

Download Submit
C:\Windows\System\mzwwuEh.exe

Filesize
6.0MB

MD5
dcb243c5c8e3d60044e52bec9d19bc3e

SHA1
15895210218bb11ca3e71f416fea938118cce549

SHA256
2e49c8df945a1153b8530a07a90e71fcaaaa22daae2c1370613bc9cc7a65fd47

SHA512
7b6ba5c031825f091448e0a0d8ed890dad68a800d518619ac88320306316dca5fdd6b94fde1c3e7e046c57ae43f051fcf5f17140f90945bb864041afd9047fc6

Download Submit
C:\Windows\System\pjkrgcT.exe

Filesize
6.0MB

MD5
70d4afb5d146ed9d6380988ccb21efdb

SHA1
02dd447dc3a9c14a106df8d66e5ea3a734e4e609

SHA256
48827fae7999d5c691db53124f10e2b436da1644c01b7d30061ac50225a9ea96

SHA512
baecb00bc65f851c161de4979cad27552b2c2f7d8b53fcf07285d56d1005ef5661b52358079d3215d9fb684d3002b8941e66e82152861e507bb6490e0dd0399a

Download Submit
C:\Windows\System\rLVOduz.exe

Filesize
6.0MB

MD5
c9aa20e71f6faab9077e8fa875572015

SHA1
e3e7d9243843627cb3783fd785438224d5534028

SHA256
3e902b0f501d3a44df83a6e4d37182b6bf278dd60db1c283fabfbf090930ea40

SHA512
23360d6d58172c747e0ced0035f8709707967390ed260fdaa762b36e95f68c61727ad690141ba257071a7317b0a31f0b0b140120f005bc0e6c8edee600234d6b

Download Submit
C:\Windows\System\sNrwHbu.exe

Filesize
6.0MB

MD5
a0a92903403243548f78d1e70e5165e2

SHA1
cf335388eb83c3e3ae22fff7088fce08e80a7710

SHA256
d6f3af840361914be3f52e6835967f1351d4a165107f4032866f0a7d4b5b5123

SHA512
62412ce82aa588690ae205eb50d6ec869539f92f1208596f2aeb7bc83ab2cf4bccb3ee7a21eb5808da66ed99c2d6cb45a5fa62b85be059fb623d90dcb8d61796

Download Submit
C:\Windows\System\sbQFgsG.exe

Filesize
6.0MB

MD5
0404c5c8ea1febb382f093eb9eea88a7

SHA1
edd211e3a220dfae51332a82b568deb587222727

SHA256
814d635ad61e828b52e31111ce1c2735b8026061b2e8da447fc8a04aaee8aff8

SHA512
c0bf70fe8e4d0db4c7b70cbc8995962981786cdeb51395c7e878ad965d43dd5bf3ff9d145f656b11be1cbee314d60c08f49de522a80c3af86d78f074c77ec979

Download Submit
C:\Windows\System\syAWXEl.exe

Filesize
6.0MB

MD5
1f122e7ffcd6bc0f065461c012bb9d0e

SHA1
fef64ed8c9aedd6971be782c979d137340f794f4

SHA256
d340ed983fd15eac55001eb649dc0ab314f211a32e6fbacebff7bdb3879b146d

SHA512
ada9bfe9dd4f20ab66a6fd358ce725e3938ea32dca2a91ecc24a65e760bd9f4585ae3bd8604c820a9ba87f3b6cc0aa902045f7eb41803b8560cdca10d688f444

Download Submit
C:\Windows\System\vuQyHZL.exe

Filesize
6.0MB

MD5
ba9364360bdb7e953d9a836b8ebd8d64

SHA1
4fdc54dcd97b652edcfdef7e94d400c7699a5609

SHA256
05b396f983647706f5cb868309e6b5088d5d5ad1c51b75baec9b22971bbcfc0e

SHA512
506a912586d6034855258d73d2aa11a736611895de9ae55794d401a2390727e7c83563de20a43d941f7504487f2888b9a79521453fff7ea71df97c8d437339fb

Download Submit
C:\Windows\System\wzMBfvW.exe

Filesize
6.0MB

MD5
1cf32cf995bdb4dcecbe10637d9236a5

SHA1
1a03d57726e7ac945195c2560a88d9e28a1eabbe

SHA256
8a4e48a7ee6c9baa6b4c5116d5cac8b51e21e04d0ba3f8e7f1703b7456254855

SHA512
556e9eec07a63fa17549640b73a83839563e8e71c44caeec25afaaa49b3868806b1adac658be5efae4417902244c3485a68eb80facb6ef00910845eebf8db4b1

Download Submit
C:\Windows\System\xJHInNL.exe

Filesize
6.0MB

MD5
115995da08ad86f1ac8c67f11055bb9c

SHA1
7ce881068d5fde71cf66cacdbd0f50a2b038249a

SHA256
2b9cccdc40efe6390cf1546296d21370b8b9110a04ea10282e27a11a832e6778

SHA512
ceb29b2a7cc59cd3f8bf6845569234dd0158b834eae5e1dba50ee8180bf023d7d836170a9b00000a6c38f5e80b535676fb03149771f91271005d1e592a8fcebf

Download Submit
C:\Windows\System\xtxqumU.exe

Filesize
6.0MB

MD5
960605e6c5c202d4c4c7bb78af6f4318

SHA1
74c20459f4371e0ff31ae496c2f4da1e3b57b9fc

SHA256
ed5dca4e323e2fa23040907f1644d8228d864c55dda0a7637bf189d173f32007

SHA512
07c9e3fd067cb54890a0d24bea33e8118ecc47ef8e15459777e7937c604bf8309fb68708a3f05dd124931abc5eff1b5bf2d96a659f7dfd36fd202ab06ff45f5a

Download Submit
C:\Windows\System\zrXcXqY.exe

Filesize
6.0MB

MD5
f7b838f8616fa1392e1f0b8ff9b93c95

SHA1
5fbebfed9f9a0c8bf7311b61d24fa1e7823c75f6

SHA256
d2389e87815b0f1af8f67e2cbd2464a43a6327ea9e6556e7818640bf5e32f8cd

SHA512
87f8116a4daf6763aec88cdcb15b847339be5c3cb52bc73f9db8ff0c4fa95827f1f9e693ca437b2b949331a0962b9ec6ca1060428e5febe8f39bd6fb1936c5ac

Download Submit
memory/436-19-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp

Filesize
3.3MB

Download
memory/436-83-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp

Filesize
3.3MB

Download
memory/436-1756-0x00007FF7D7260000-0x00007FF7D75B4000-memory.dmp

Filesize
3.3MB

Download
memory/804-255-0x00007FF7521C0000-0x00007FF752514000-memory.dmp

Filesize
3.3MB

Download
memory/804-1949-0x00007FF7521C0000-0x00007FF752514000-memory.dmp

Filesize
3.3MB

Download
memory/804-147-0x00007FF7521C0000-0x00007FF752514000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2409-0x00007FF7E9EE0000-0x00007FF7EA234000-memory.dmp

Filesize
3.3MB

Download
memory/1932-201-0x00007FF7E9EE0000-0x00007FF7EA234000-memory.dmp

Filesize
3.3MB

Download
memory/1932-650-0x00007FF7E9EE0000-0x00007FF7EA234000-memory.dmp

Filesize
3.3MB

Download
memory/2412-135-0x00007FF6CE9F0000-0x00007FF6CED44000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1939-0x00007FF6CE9F0000-0x00007FF6CED44000-memory.dmp

Filesize
3.3MB

Download
memory/2412-209-0x00007FF6CE9F0000-0x00007FF6CED44000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1802-0x00007FF6AE7B0000-0x00007FF6AEB04000-memory.dmp

Filesize
3.3MB

Download
memory/2580-38-0x00007FF6AE7B0000-0x00007FF6AEB04000-memory.dmp

Filesize
3.3MB

Download
memory/2868-254-0x00007FF628CF0000-0x00007FF629044000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1935-0x00007FF628CF0000-0x00007FF629044000-memory.dmp

Filesize
3.3MB

Download
memory/2868-124-0x00007FF628CF0000-0x00007FF629044000-memory.dmp

Filesize
3.3MB

Download
memory/3236-184-0x00007FF7D7F80000-0x00007FF7D82D4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2408-0x00007FF7D7F80000-0x00007FF7D82D4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-591-0x00007FF7D7F80000-0x00007FF7D82D4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-1940-0x00007FF71EFD0000-0x00007FF71F324000-memory.dmp

Filesize
3.3MB

Download
memory/3552-208-0x00007FF71EFD0000-0x00007FF71F324000-memory.dmp

Filesize
3.3MB

Download
memory/3552-118-0x00007FF71EFD0000-0x00007FF71F324000-memory.dmp

Filesize
3.3MB

Download
memory/3628-141-0x00007FF7224D0000-0x00007FF722824000-memory.dmp

Filesize
3.3MB

Download
memory/3628-1953-0x00007FF7224D0000-0x00007FF722824000-memory.dmp

Filesize
3.3MB

Download
memory/3628-304-0x00007FF7224D0000-0x00007FF722824000-memory.dmp

Filesize
3.3MB

Download
memory/3676-88-0x00007FF695100000-0x00007FF695454000-memory.dmp

Filesize
3.3MB

Download
memory/3676-23-0x00007FF695100000-0x00007FF695454000-memory.dmp

Filesize
3.3MB

Download
memory/3676-1762-0x00007FF695100000-0x00007FF695454000-memory.dmp

Filesize
3.3MB

Download
memory/4440-0-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp

Filesize
3.3MB

Download
memory/4440-60-0x00007FF6ED3B0000-0x00007FF6ED704000-memory.dmp

Filesize
3.3MB

Download
memory/4440-1-0x00000276C48A0000-0x00000276C48B0000-memory.dmp

Filesize
64KB

Download
memory/4476-151-0x00007FF7E5B80000-0x00007FF7E5ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-1951-0x00007FF7E5B80000-0x00007FF7E5ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4516-1869-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp

Filesize
3.3MB

Download
memory/4516-49-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp

Filesize
3.3MB

Download
memory/4516-123-0x00007FF6A5E40000-0x00007FF6A6194000-memory.dmp

Filesize
3.3MB

Download
memory/4608-1896-0x00007FF6666C0000-0x00007FF666A14000-memory.dmp

Filesize
3.3MB

Download
memory/4608-160-0x00007FF6666C0000-0x00007FF666A14000-memory.dmp

Filesize
3.3MB

Download
memory/4608-75-0x00007FF6666C0000-0x00007FF666A14000-memory.dmp

Filesize
3.3MB

Download
memory/4680-1875-0x00007FF741EE0000-0x00007FF742234000-memory.dmp

Filesize
3.3MB

Download
memory/4680-136-0x00007FF741EE0000-0x00007FF742234000-memory.dmp

Filesize
3.3MB

Download
memory/4680-55-0x00007FF741EE0000-0x00007FF742234000-memory.dmp

Filesize
3.3MB

Download
memory/4716-61-0x00007FF730950000-0x00007FF730CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-148-0x00007FF730950000-0x00007FF730CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-1883-0x00007FF730950000-0x00007FF730CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-42-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1809-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp

Filesize
3.3MB

Download
memory/4732-110-0x00007FF7D66F0000-0x00007FF7D6A44000-memory.dmp

Filesize
3.3MB

Download
memory/4756-1898-0x00007FF6AC230000-0x00007FF6AC584000-memory.dmp

Filesize
3.3MB

Download
memory/4756-91-0x00007FF6AC230000-0x00007FF6AC584000-memory.dmp

Filesize
3.3MB

Download
memory/4756-174-0x00007FF6AC230000-0x00007FF6AC584000-memory.dmp

Filesize
3.3MB

Download
memory/4832-73-0x00007FF7E0CC0000-0x00007FF7E1014000-memory.dmp

Filesize
3.3MB

Download
memory/4832-1888-0x00007FF7E0CC0000-0x00007FF7E1014000-memory.dmp

Filesize
3.3MB

Download
memory/4864-96-0x00007FF7D02C0000-0x00007FF7D0614000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1911-0x00007FF7D02C0000-0x00007FF7D0614000-memory.dmp

Filesize
3.3MB

Download
memory/4864-183-0x00007FF7D02C0000-0x00007FF7D0614000-memory.dmp

Filesize
3.3MB

Download
memory/4960-1897-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp

Filesize
3.3MB

Download
memory/4960-167-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp

Filesize
3.3MB

Download
memory/4960-85-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp

Filesize
3.3MB

Download
memory/4984-192-0x00007FF72C0A0000-0x00007FF72C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-103-0x00007FF72C0A0000-0x00007FF72C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-1918-0x00007FF72C0A0000-0x00007FF72C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/5332-1750-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp

Filesize
3.3MB

Download
memory/5332-74-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp

Filesize
3.3MB

Download
memory/5332-13-0x00007FF78CC30000-0x00007FF78CF84000-memory.dmp

Filesize
3.3MB

Download
memory/5368-1797-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5368-95-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5368-31-0x00007FF67EC70000-0x00007FF67EFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5444-1930-0x00007FF743F00000-0x00007FF744254000-memory.dmp

Filesize
3.3MB

Download
memory/5444-115-0x00007FF743F00000-0x00007FF744254000-memory.dmp

Filesize
3.3MB

Download
memory/5444-195-0x00007FF743F00000-0x00007FF744254000-memory.dmp

Filesize
3.3MB

Download
memory/5464-8-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp

Filesize
3.3MB

Download
memory/5464-1744-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp

Filesize
3.3MB

Download
memory/5464-67-0x00007FF6F76F0000-0x00007FF6F7A44000-memory.dmp

Filesize
3.3MB

Download
memory/5604-166-0x00007FF723D80000-0x00007FF7240D4000-memory.dmp

Filesize
3.3MB

Download
memory/5604-2405-0x00007FF723D80000-0x00007FF7240D4000-memory.dmp

Filesize
3.3MB

Download
memory/5832-393-0x00007FF7B9EE0000-0x00007FF7BA234000-memory.dmp

Filesize
3.3MB

Download
memory/5832-154-0x00007FF7B9EE0000-0x00007FF7BA234000-memory.dmp

Filesize
3.3MB

Download
memory/5832-1955-0x00007FF7B9EE0000-0x00007FF7BA234000-memory.dmp

Filesize
3.3MB

Download
memory/6020-477-0x00007FF770A20000-0x00007FF770D74000-memory.dmp

Filesize
3.3MB

Download
memory/6020-2407-0x00007FF770A20000-0x00007FF770D74000-memory.dmp

Filesize
3.3MB

Download
memory/6020-182-0x00007FF770A20000-0x00007FF770D74000-memory.dmp

Filesize
3.3MB

Download
memory/6100-170-0x00007FF733310000-0x00007FF733664000-memory.dmp

Filesize
3.3MB

Download
memory/6100-2406-0x00007FF733310000-0x00007FF733664000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads