cobaltstrike | f7fbe378dbccfe8757711235bdf01d96fd9be9ccbb9d2364a7101f876e501482

Analysis

max time kernel
103s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

d120abea42059d5aa9380655cbcf7085
SHA1

0339748d011c9787c57a9b0b7e24a552a82a4bf1
SHA256

f7fbe378dbccfe8757711235bdf01d96fd9be9ccbb9d2364a7101f876e501482
SHA512

0c54fbf8fd9784a633206a1b4b956b0140d0a7d45bee232f1abff606b5abbd3ccca321f84a032f641dff6dc6d1d5f92c68a830120d89d63e21c1015a72c42a2f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024085-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024089-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408a-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408b-22.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408c-31.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408d-39.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408e-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024092-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024093-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024091-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024090-52.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002408f-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024095-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024096-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024094-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024097-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024098-108.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409a-119.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409b-124.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409c-128.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409d-154.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a1-164.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a4-187.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a8-208.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a6-206.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a7-203.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a5-201.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a3-185.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a2-180.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240a0-167.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409f-158.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002409e-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024099-117.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3064-0-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024085-6.dat	xmrig
behavioral2/memory/4048-8-0x00007FF677220000-0x00007FF677574000-memory.dmp	xmrig
behavioral2/files/0x0007000000024089-10.dat	xmrig
behavioral2/files/0x000700000002408a-11.dat	xmrig
behavioral2/memory/4820-13-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	xmrig
behavioral2/memory/4548-20-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	xmrig
behavioral2/files/0x000700000002408b-22.dat	xmrig
behavioral2/files/0x000700000002408c-31.dat	xmrig
behavioral2/files/0x000700000002408d-39.dat	xmrig
behavioral2/files/0x000700000002408e-41.dat	xmrig
behavioral2/files/0x0007000000024092-62.dat	xmrig
behavioral2/memory/1580-70-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp	xmrig
behavioral2/files/0x0007000000024093-73.dat	xmrig
behavioral2/memory/4380-72-0x00007FF786180000-0x00007FF7864D4000-memory.dmp	xmrig
behavioral2/memory/2384-71-0x00007FF67C2F0000-0x00007FF67C644000-memory.dmp	xmrig
behavioral2/memory/4928-69-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp	xmrig
behavioral2/memory/4420-68-0x00007FF706FF0000-0x00007FF707344000-memory.dmp	xmrig
behavioral2/memory/1620-66-0x00007FF6B1CB0000-0x00007FF6B2004000-memory.dmp	xmrig
behavioral2/files/0x0007000000024091-57.dat	xmrig
behavioral2/files/0x0007000000024090-52.dat	xmrig
behavioral2/files/0x000700000002408f-47.dat	xmrig
behavioral2/memory/3316-36-0x00007FF6FD830000-0x00007FF6FDB84000-memory.dmp	xmrig
behavioral2/memory/5004-30-0x00007FF7EA2C0000-0x00007FF7EA614000-memory.dmp	xmrig
behavioral2/files/0x0007000000024095-89.dat	xmrig
behavioral2/files/0x0007000000024096-91.dat	xmrig
behavioral2/memory/4048-86-0x00007FF677220000-0x00007FF677574000-memory.dmp	xmrig
behavioral2/memory/2356-82-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp	xmrig
behavioral2/files/0x0007000000024094-81.dat	xmrig
behavioral2/memory/3064-80-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp	xmrig
behavioral2/memory/2600-24-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp	xmrig
behavioral2/memory/4820-94-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	xmrig
behavioral2/memory/1704-93-0x00007FF74FD70000-0x00007FF7500C4000-memory.dmp	xmrig
behavioral2/memory/4548-99-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	xmrig
behavioral2/files/0x0007000000024097-97.dat	xmrig
behavioral2/files/0x0007000000024098-108.dat	xmrig
behavioral2/memory/1892-107-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp	xmrig
behavioral2/memory/2600-106-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp	xmrig
behavioral2/memory/4988-102-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp	xmrig
behavioral2/memory/208-114-0x00007FF75D170000-0x00007FF75D4C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002409a-119.dat	xmrig
behavioral2/files/0x000700000002409b-124.dat	xmrig
behavioral2/files/0x000700000002409c-128.dat	xmrig
behavioral2/memory/2356-143-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp	xmrig
behavioral2/memory/4940-147-0x00007FF64E200000-0x00007FF64E554000-memory.dmp	xmrig
behavioral2/files/0x000700000002409d-154.dat	xmrig
behavioral2/files/0x00070000000240a1-164.dat	xmrig
behavioral2/memory/1892-173-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240a4-187.dat	xmrig
behavioral2/memory/3020-610-0x00007FF789F10000-0x00007FF78A264000-memory.dmp	xmrig
behavioral2/memory/4980-609-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp	xmrig
behavioral2/memory/4940-675-0x00007FF64E200000-0x00007FF64E554000-memory.dmp	xmrig
behavioral2/memory/1656-720-0x00007FF7A1AF0000-0x00007FF7A1E44000-memory.dmp	xmrig
behavioral2/memory/2212-849-0x00007FF7E3520000-0x00007FF7E3874000-memory.dmp	xmrig
behavioral2/memory/4840-779-0x00007FF72D260000-0x00007FF72D5B4000-memory.dmp	xmrig
behavioral2/memory/3096-1028-0x00007FF652D10000-0x00007FF653064000-memory.dmp	xmrig
behavioral2/memory/2672-965-0x00007FF788CE0000-0x00007FF789034000-memory.dmp	xmrig
behavioral2/memory/932-777-0x00007FF743C40000-0x00007FF743F94000-memory.dmp	xmrig
behavioral2/memory/4820-2084-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	xmrig
behavioral2/memory/4548-2088-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	xmrig
behavioral2/memory/4420-2122-0x00007FF706FF0000-0x00007FF707344000-memory.dmp	xmrig
behavioral2/memory/4928-2127-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp	xmrig
behavioral2/memory/1580-2131-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp	xmrig
behavioral2/memory/4380-2144-0x00007FF786180000-0x00007FF7864D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4048	pVtKzVs.exe
4820	yLJRpnC.exe
4548	SUYiNAG.exe
2600	koxGgnY.exe
5004	Bidqeub.exe
3316	YWkwxrK.exe
1620	XoJOoek.exe
2384	yonqDDY.exe
4420	qAJTHDD.exe
4928	RALqtwV.exe
1580	tMFUMtZ.exe
4380	NXDpwbM.exe
2356	aMevVoE.exe
1704	iPsyLhq.exe
3956	yIixXbw.exe
4988	DPPKuWd.exe
1892	yLkKCRN.exe
208	CmgJhJj.exe
3920	XTNVWuY.exe
2208	EqaMskX.exe
4980	mNUGOja.exe
3020	XMUUdPi.exe
4940	ZUPTLxN.exe
1656	JjOhTZC.exe
932	WEvjOvL.exe
4840	IdcUHcQ.exe
2212	QikTEzb.exe
2672	IpwyPUo.exe
3096	bJLRgvA.exe
2624	dCykIkn.exe
4768	YFeCzPy.exe
1488	BiUTtVw.exe
1492	sHVdrdd.exe
4480	qDZjEeM.exe
3844	cMzxata.exe
1904	kNPUlPT.exe
4124	dIJztzd.exe
1808	XuxCOAX.exe
1960	tENakQy.exe
4964	cVNwJmD.exe
720	fAXGyFa.exe
1556	ooBsXNh.exe
3668	HDsfGLd.exe
4528	sgKvSWT.exe
4656	OZMVvOO.exe
5080	yeXuTAr.exe
3528	EwHTMEp.exe
948	bAvYxOT.exe
1100	FIrTibf.exe
5044	JqOlKPD.exe
1112	xliLPwj.exe
2904	VHMRvaj.exe
4000	GqZjjNe.exe
4236	GyFzxFf.exe
856	cOjrbDY.exe
1088	wZucokU.exe
2284	WPLAIus.exe
1188	ZACtCZF.exe
1104	wruEvYA.exe
3612	uCFeEkC.exe
2232	CnntIgU.exe
1444	eylrsXx.exe
3556	aXqJMKc.exe
5140	hdIpWKf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3064-0-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp	upx
behavioral2/files/0x0008000000024085-6.dat	upx
behavioral2/memory/4048-8-0x00007FF677220000-0x00007FF677574000-memory.dmp	upx
behavioral2/files/0x0007000000024089-10.dat	upx
behavioral2/files/0x000700000002408a-11.dat	upx
behavioral2/memory/4820-13-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	upx
behavioral2/memory/4548-20-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	upx
behavioral2/files/0x000700000002408b-22.dat	upx
behavioral2/files/0x000700000002408c-31.dat	upx
behavioral2/files/0x000700000002408d-39.dat	upx
behavioral2/files/0x000700000002408e-41.dat	upx
behavioral2/files/0x0007000000024092-62.dat	upx
behavioral2/memory/1580-70-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp	upx
behavioral2/files/0x0007000000024093-73.dat	upx
behavioral2/memory/4380-72-0x00007FF786180000-0x00007FF7864D4000-memory.dmp	upx
behavioral2/memory/2384-71-0x00007FF67C2F0000-0x00007FF67C644000-memory.dmp	upx
behavioral2/memory/4928-69-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp	upx
behavioral2/memory/4420-68-0x00007FF706FF0000-0x00007FF707344000-memory.dmp	upx
behavioral2/memory/1620-66-0x00007FF6B1CB0000-0x00007FF6B2004000-memory.dmp	upx
behavioral2/files/0x0007000000024091-57.dat	upx
behavioral2/files/0x0007000000024090-52.dat	upx
behavioral2/files/0x000700000002408f-47.dat	upx
behavioral2/memory/3316-36-0x00007FF6FD830000-0x00007FF6FDB84000-memory.dmp	upx
behavioral2/memory/5004-30-0x00007FF7EA2C0000-0x00007FF7EA614000-memory.dmp	upx
behavioral2/files/0x0007000000024095-89.dat	upx
behavioral2/files/0x0007000000024096-91.dat	upx
behavioral2/memory/4048-86-0x00007FF677220000-0x00007FF677574000-memory.dmp	upx
behavioral2/memory/2356-82-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp	upx
behavioral2/files/0x0007000000024094-81.dat	upx
behavioral2/memory/3064-80-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp	upx
behavioral2/memory/2600-24-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp	upx
behavioral2/memory/4820-94-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	upx
behavioral2/memory/1704-93-0x00007FF74FD70000-0x00007FF7500C4000-memory.dmp	upx
behavioral2/memory/4548-99-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	upx
behavioral2/files/0x0007000000024097-97.dat	upx
behavioral2/files/0x0007000000024098-108.dat	upx
behavioral2/memory/1892-107-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp	upx
behavioral2/memory/2600-106-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp	upx
behavioral2/memory/4988-102-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp	upx
behavioral2/memory/208-114-0x00007FF75D170000-0x00007FF75D4C4000-memory.dmp	upx
behavioral2/files/0x000700000002409a-119.dat	upx
behavioral2/files/0x000700000002409b-124.dat	upx
behavioral2/files/0x000700000002409c-128.dat	upx
behavioral2/memory/2356-143-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp	upx
behavioral2/memory/4940-147-0x00007FF64E200000-0x00007FF64E554000-memory.dmp	upx
behavioral2/files/0x000700000002409d-154.dat	upx
behavioral2/files/0x00070000000240a1-164.dat	upx
behavioral2/memory/1892-173-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp	upx
behavioral2/files/0x00070000000240a4-187.dat	upx
behavioral2/memory/3020-610-0x00007FF789F10000-0x00007FF78A264000-memory.dmp	upx
behavioral2/memory/4980-609-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp	upx
behavioral2/memory/4940-675-0x00007FF64E200000-0x00007FF64E554000-memory.dmp	upx
behavioral2/memory/1656-720-0x00007FF7A1AF0000-0x00007FF7A1E44000-memory.dmp	upx
behavioral2/memory/2212-849-0x00007FF7E3520000-0x00007FF7E3874000-memory.dmp	upx
behavioral2/memory/4840-779-0x00007FF72D260000-0x00007FF72D5B4000-memory.dmp	upx
behavioral2/memory/3096-1028-0x00007FF652D10000-0x00007FF653064000-memory.dmp	upx
behavioral2/memory/2672-965-0x00007FF788CE0000-0x00007FF789034000-memory.dmp	upx
behavioral2/memory/932-777-0x00007FF743C40000-0x00007FF743F94000-memory.dmp	upx
behavioral2/memory/4820-2084-0x00007FF644760000-0x00007FF644AB4000-memory.dmp	upx
behavioral2/memory/4548-2088-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp	upx
behavioral2/memory/4420-2122-0x00007FF706FF0000-0x00007FF707344000-memory.dmp	upx
behavioral2/memory/4928-2127-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp	upx
behavioral2/memory/1580-2131-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp	upx
behavioral2/memory/4380-2144-0x00007FF786180000-0x00007FF7864D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SDhdGmj.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PwQtPRr.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pVtKzVs.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fjwtCUd.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\blKmlrm.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ePrwwSX.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XnCyTmr.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jLwXADt.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZRqsrBc.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UzRXtDR.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NTyepys.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fzeJhhn.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yLJRpnC.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nEuiZFO.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\znSiumU.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zkAsWRz.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZQdQRDs.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aawapIY.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zIWMuZu.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gQIqRvO.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vHkYzCX.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sJKdGjU.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\inHWxla.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NVmgCWW.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jqFxvII.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZACtCZF.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CHkPBky.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gdyIHDT.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wzgsZwX.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yeXuTAr.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Jcmwmdu.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dhrIYnS.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dMdGBQt.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lVACCUg.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MttYODL.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jQlBmPF.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\flozwiq.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NWTtbcz.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AqEzZth.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FntGwhZ.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jeftsVY.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cDMmVkn.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ghYCSZs.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KxkuebW.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\daiEdGQ.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BQtkDyG.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rWZezik.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NggJome.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SUYiNAG.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IPydxTo.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\InQgutz.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VffHGhT.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AslgevA.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BMpNeNa.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EPIJuHN.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BCtUTiG.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NORSiUe.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pNPFaQP.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wZucokU.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CagynFF.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VuweQAz.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EHlJuaz.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JBiYUQs.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WPkQZCS.exe	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 4048	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3064 wrote to memory of 4048	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3064 wrote to memory of 4820	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3064 wrote to memory of 4820	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3064 wrote to memory of 4548	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3064 wrote to memory of 4548	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3064 wrote to memory of 2600	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3064 wrote to memory of 2600	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3064 wrote to memory of 5004	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3064 wrote to memory of 5004	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3064 wrote to memory of 3316	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3064 wrote to memory of 3316	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3064 wrote to memory of 1620	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3064 wrote to memory of 1620	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3064 wrote to memory of 2384	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3064 wrote to memory of 2384	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3064 wrote to memory of 4420	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3064 wrote to memory of 4420	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3064 wrote to memory of 4928	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3064 wrote to memory of 4928	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3064 wrote to memory of 1580	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3064 wrote to memory of 1580	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3064 wrote to memory of 4380	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3064 wrote to memory of 4380	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3064 wrote to memory of 2356	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3064 wrote to memory of 2356	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3064 wrote to memory of 1704	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3064 wrote to memory of 1704	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3064 wrote to memory of 3956	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3064 wrote to memory of 3956	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3064 wrote to memory of 4988	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3064 wrote to memory of 4988	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3064 wrote to memory of 1892	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3064 wrote to memory of 1892	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3064 wrote to memory of 208	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3064 wrote to memory of 208	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3064 wrote to memory of 3920	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3064 wrote to memory of 3920	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3064 wrote to memory of 2208	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3064 wrote to memory of 2208	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3064 wrote to memory of 4980	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3064 wrote to memory of 4980	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3064 wrote to memory of 3020	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3064 wrote to memory of 3020	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3064 wrote to memory of 4940	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3064 wrote to memory of 4940	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3064 wrote to memory of 1656	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3064 wrote to memory of 1656	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3064 wrote to memory of 932	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3064 wrote to memory of 932	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3064 wrote to memory of 4840	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3064 wrote to memory of 4840	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3064 wrote to memory of 2212	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3064 wrote to memory of 2212	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3064 wrote to memory of 2672	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3064 wrote to memory of 2672	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3064 wrote to memory of 3096	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3064 wrote to memory of 3096	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3064 wrote to memory of 2624	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3064 wrote to memory of 2624	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3064 wrote to memory of 4768	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 3064 wrote to memory of 4768	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 3064 wrote to memory of 1488	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 3064 wrote to memory of 1488	3064	2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123

C:\Users\Admin\AppData\Local\Temp\2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_d120abea42059d5aa9380655cbcf7085_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\System\pVtKzVs.exe
  C:\Windows\System\pVtKzVs.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\yLJRpnC.exe
  C:\Windows\System\yLJRpnC.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\SUYiNAG.exe
  C:\Windows\System\SUYiNAG.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\koxGgnY.exe
  C:\Windows\System\koxGgnY.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\Bidqeub.exe
  C:\Windows\System\Bidqeub.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\YWkwxrK.exe
  C:\Windows\System\YWkwxrK.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\XoJOoek.exe
  C:\Windows\System\XoJOoek.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\yonqDDY.exe
  C:\Windows\System\yonqDDY.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qAJTHDD.exe
  C:\Windows\System\qAJTHDD.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\RALqtwV.exe
  C:\Windows\System\RALqtwV.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\tMFUMtZ.exe
  C:\Windows\System\tMFUMtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\NXDpwbM.exe
  C:\Windows\System\NXDpwbM.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\aMevVoE.exe
  C:\Windows\System\aMevVoE.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\iPsyLhq.exe
  C:\Windows\System\iPsyLhq.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\yIixXbw.exe
  C:\Windows\System\yIixXbw.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\DPPKuWd.exe
  C:\Windows\System\DPPKuWd.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\yLkKCRN.exe
  C:\Windows\System\yLkKCRN.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\CmgJhJj.exe
  C:\Windows\System\CmgJhJj.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\XTNVWuY.exe
  C:\Windows\System\XTNVWuY.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\EqaMskX.exe
  C:\Windows\System\EqaMskX.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\mNUGOja.exe
  C:\Windows\System\mNUGOja.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\XMUUdPi.exe
  C:\Windows\System\XMUUdPi.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\ZUPTLxN.exe
  C:\Windows\System\ZUPTLxN.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\JjOhTZC.exe
  C:\Windows\System\JjOhTZC.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\WEvjOvL.exe
  C:\Windows\System\WEvjOvL.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\IdcUHcQ.exe
  C:\Windows\System\IdcUHcQ.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\QikTEzb.exe
  C:\Windows\System\QikTEzb.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\IpwyPUo.exe
  C:\Windows\System\IpwyPUo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\bJLRgvA.exe
  C:\Windows\System\bJLRgvA.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\dCykIkn.exe
  C:\Windows\System\dCykIkn.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\YFeCzPy.exe
  C:\Windows\System\YFeCzPy.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\BiUTtVw.exe
  C:\Windows\System\BiUTtVw.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\sHVdrdd.exe
  C:\Windows\System\sHVdrdd.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\qDZjEeM.exe
  C:\Windows\System\qDZjEeM.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\cMzxata.exe
  C:\Windows\System\cMzxata.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\kNPUlPT.exe
  C:\Windows\System\kNPUlPT.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\dIJztzd.exe
  C:\Windows\System\dIJztzd.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\XuxCOAX.exe
  C:\Windows\System\XuxCOAX.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\tENakQy.exe
  C:\Windows\System\tENakQy.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\cVNwJmD.exe
  C:\Windows\System\cVNwJmD.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\fAXGyFa.exe
  C:\Windows\System\fAXGyFa.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\ooBsXNh.exe
  C:\Windows\System\ooBsXNh.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\HDsfGLd.exe
  C:\Windows\System\HDsfGLd.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\sgKvSWT.exe
  C:\Windows\System\sgKvSWT.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\OZMVvOO.exe
  C:\Windows\System\OZMVvOO.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\yeXuTAr.exe
  C:\Windows\System\yeXuTAr.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\EwHTMEp.exe
  C:\Windows\System\EwHTMEp.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\bAvYxOT.exe
  C:\Windows\System\bAvYxOT.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\FIrTibf.exe
  C:\Windows\System\FIrTibf.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\JqOlKPD.exe
  C:\Windows\System\JqOlKPD.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\xliLPwj.exe
  C:\Windows\System\xliLPwj.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\VHMRvaj.exe
  C:\Windows\System\VHMRvaj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\GqZjjNe.exe
  C:\Windows\System\GqZjjNe.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\GyFzxFf.exe
  C:\Windows\System\GyFzxFf.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\cOjrbDY.exe
  C:\Windows\System\cOjrbDY.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\wZucokU.exe
  C:\Windows\System\wZucokU.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\WPLAIus.exe
  C:\Windows\System\WPLAIus.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ZACtCZF.exe
  C:\Windows\System\ZACtCZF.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\wruEvYA.exe
  C:\Windows\System\wruEvYA.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\uCFeEkC.exe
  C:\Windows\System\uCFeEkC.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\CnntIgU.exe
  C:\Windows\System\CnntIgU.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\eylrsXx.exe
  C:\Windows\System\eylrsXx.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\aXqJMKc.exe
  C:\Windows\System\aXqJMKc.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\hdIpWKf.exe
  C:\Windows\System\hdIpWKf.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\pIEcLxJ.exe
  C:\Windows\System\pIEcLxJ.exe
  2⤵
  PID:5168
- C:\Windows\System\CaRWllw.exe
  C:\Windows\System\CaRWllw.exe
  2⤵
  PID:5196
- C:\Windows\System\CkAdmrC.exe
  C:\Windows\System\CkAdmrC.exe
  2⤵
  PID:5224
- C:\Windows\System\WlJizyM.exe
  C:\Windows\System\WlJizyM.exe
  2⤵
  PID:5252
- C:\Windows\System\RVOwOfP.exe
  C:\Windows\System\RVOwOfP.exe
  2⤵
  PID:5280
- C:\Windows\System\zIWMuZu.exe
  C:\Windows\System\zIWMuZu.exe
  2⤵
  PID:5308
- C:\Windows\System\cawYXVZ.exe
  C:\Windows\System\cawYXVZ.exe
  2⤵
  PID:5336
- C:\Windows\System\FHJNzDK.exe
  C:\Windows\System\FHJNzDK.exe
  2⤵
  PID:5376
- C:\Windows\System\nAumryr.exe
  C:\Windows\System\nAumryr.exe
  2⤵
  PID:5404
- C:\Windows\System\JNLcxzM.exe
  C:\Windows\System\JNLcxzM.exe
  2⤵
  PID:5420
- C:\Windows\System\gQIqRvO.exe
  C:\Windows\System\gQIqRvO.exe
  2⤵
  PID:5448
- C:\Windows\System\vHkYzCX.exe
  C:\Windows\System\vHkYzCX.exe
  2⤵
  PID:5488
- C:\Windows\System\NeFAbbo.exe
  C:\Windows\System\NeFAbbo.exe
  2⤵
  PID:5516
- C:\Windows\System\wEXOIkU.exe
  C:\Windows\System\wEXOIkU.exe
  2⤵
  PID:5532
- C:\Windows\System\NlpzkHD.exe
  C:\Windows\System\NlpzkHD.exe
  2⤵
  PID:5564
- C:\Windows\System\ItCJnjK.exe
  C:\Windows\System\ItCJnjK.exe
  2⤵
  PID:5588
- C:\Windows\System\MmMVneG.exe
  C:\Windows\System\MmMVneG.exe
  2⤵
  PID:5628
- C:\Windows\System\uIIMoMq.exe
  C:\Windows\System\uIIMoMq.exe
  2⤵
  PID:5656
- C:\Windows\System\ONfTFnI.exe
  C:\Windows\System\ONfTFnI.exe
  2⤵
  PID:5672
- C:\Windows\System\OFsvjRc.exe
  C:\Windows\System\OFsvjRc.exe
  2⤵
  PID:5700
- C:\Windows\System\CSAZZUg.exe
  C:\Windows\System\CSAZZUg.exe
  2⤵
  PID:5728
- C:\Windows\System\xZjUIsl.exe
  C:\Windows\System\xZjUIsl.exe
  2⤵
  PID:5756
- C:\Windows\System\lbADkha.exe
  C:\Windows\System\lbADkha.exe
  2⤵
  PID:5784
- C:\Windows\System\yqYsDGL.exe
  C:\Windows\System\yqYsDGL.exe
  2⤵
  PID:5812
- C:\Windows\System\agWkBfr.exe
  C:\Windows\System\agWkBfr.exe
  2⤵
  PID:5840
- C:\Windows\System\esJVzFq.exe
  C:\Windows\System\esJVzFq.exe
  2⤵
  PID:5868
- C:\Windows\System\mUzDuyL.exe
  C:\Windows\System\mUzDuyL.exe
  2⤵
  PID:5908
- C:\Windows\System\mNrWZQn.exe
  C:\Windows\System\mNrWZQn.exe
  2⤵
  PID:5936
- C:\Windows\System\nzevWvC.exe
  C:\Windows\System\nzevWvC.exe
  2⤵
  PID:5964
- C:\Windows\System\DcnerAN.exe
  C:\Windows\System\DcnerAN.exe
  2⤵
  PID:5980
- C:\Windows\System\KNeExjw.exe
  C:\Windows\System\KNeExjw.exe
  2⤵
  PID:6008
- C:\Windows\System\neOjBxq.exe
  C:\Windows\System\neOjBxq.exe
  2⤵
  PID:6036
- C:\Windows\System\sAYvbEX.exe
  C:\Windows\System\sAYvbEX.exe
  2⤵
  PID:6060
- C:\Windows\System\akvdJzg.exe
  C:\Windows\System\akvdJzg.exe
  2⤵
  PID:6092
- C:\Windows\System\AHQcxbQ.exe
  C:\Windows\System\AHQcxbQ.exe
  2⤵
  PID:6116
- C:\Windows\System\xsOQyAX.exe
  C:\Windows\System\xsOQyAX.exe
  2⤵
  PID:2840
- C:\Windows\System\kzZplOe.exe
  C:\Windows\System\kzZplOe.exe
  2⤵
  PID:4936
- C:\Windows\System\FJfBEwL.exe
  C:\Windows\System\FJfBEwL.exe
  2⤵
  PID:4172
- C:\Windows\System\blKmlrm.exe
  C:\Windows\System\blKmlrm.exe
  2⤵
  PID:728
- C:\Windows\System\kKBHCmb.exe
  C:\Windows\System\kKBHCmb.exe
  2⤵
  PID:5128
- C:\Windows\System\dXOLBsJ.exe
  C:\Windows\System\dXOLBsJ.exe
  2⤵
  PID:5160
- C:\Windows\System\HWYeORE.exe
  C:\Windows\System\HWYeORE.exe
  2⤵
  PID:5244
- C:\Windows\System\Jcmwmdu.exe
  C:\Windows\System\Jcmwmdu.exe
  2⤵
  PID:5320
- C:\Windows\System\vDdDoBw.exe
  C:\Windows\System\vDdDoBw.exe
  2⤵
  PID:760
- C:\Windows\System\FJdfrQI.exe
  C:\Windows\System\FJdfrQI.exe
  2⤵
  PID:5432
- C:\Windows\System\OaoPCEs.exe
  C:\Windows\System\OaoPCEs.exe
  2⤵
  PID:5472
- C:\Windows\System\DiiEyaB.exe
  C:\Windows\System\DiiEyaB.exe
  2⤵
  PID:5528
- C:\Windows\System\vShzSNT.exe
  C:\Windows\System\vShzSNT.exe
  2⤵
  PID:5600
- C:\Windows\System\fcfZXhh.exe
  C:\Windows\System\fcfZXhh.exe
  2⤵
  PID:5668
- C:\Windows\System\WfWdDNV.exe
  C:\Windows\System\WfWdDNV.exe
  2⤵
  PID:5724
- C:\Windows\System\QqMOcQJ.exe
  C:\Windows\System\QqMOcQJ.exe
  2⤵
  PID:5776
- C:\Windows\System\zXijyNN.exe
  C:\Windows\System\zXijyNN.exe
  2⤵
  PID:5852
- C:\Windows\System\czHsqLo.exe
  C:\Windows\System\czHsqLo.exe
  2⤵
  PID:5896
- C:\Windows\System\nRQzwdL.exe
  C:\Windows\System\nRQzwdL.exe
  2⤵
  PID:5956
- C:\Windows\System\WcWImTw.exe
  C:\Windows\System\WcWImTw.exe
  2⤵
  PID:6020
- C:\Windows\System\FTlxqgm.exe
  C:\Windows\System\FTlxqgm.exe
  2⤵
  PID:6076
- C:\Windows\System\cDEqBeY.exe
  C:\Windows\System\cDEqBeY.exe
  2⤵
  PID:6132
- C:\Windows\System\uupVyfP.exe
  C:\Windows\System\uupVyfP.exe
  2⤵
  PID:3952
- C:\Windows\System\QVELYZg.exe
  C:\Windows\System\QVELYZg.exe
  2⤵
  PID:1252
- C:\Windows\System\JBiYUQs.exe
  C:\Windows\System\JBiYUQs.exe
  2⤵
  PID:5300
- C:\Windows\System\KbTPsLI.exe
  C:\Windows\System\KbTPsLI.exe
  2⤵
  PID:2148
- C:\Windows\System\OcdDqbb.exe
  C:\Windows\System\OcdDqbb.exe
  2⤵
  PID:5620
- C:\Windows\System\shCjPbD.exe
  C:\Windows\System\shCjPbD.exe
  2⤵
  PID:5748
- C:\Windows\System\lGZEOsw.exe
  C:\Windows\System\lGZEOsw.exe
  2⤵
  PID:5824
- C:\Windows\System\AWfJjtA.exe
  C:\Windows\System\AWfJjtA.exe
  2⤵
  PID:5928
- C:\Windows\System\zJHBEBR.exe
  C:\Windows\System\zJHBEBR.exe
  2⤵
  PID:6104
- C:\Windows\System\qAaBWAr.exe
  C:\Windows\System\qAaBWAr.exe
  2⤵
  PID:4780
- C:\Windows\System\WNYiIOt.exe
  C:\Windows\System\WNYiIOt.exe
  2⤵
  PID:5396
- C:\Windows\System\CEWdqro.exe
  C:\Windows\System\CEWdqro.exe
  2⤵
  PID:5688
- C:\Windows\System\dFsfVLT.exe
  C:\Windows\System\dFsfVLT.exe
  2⤵
  PID:5924
- C:\Windows\System\TOHaaIc.exe
  C:\Windows\System\TOHaaIc.exe
  2⤵
  PID:6172
- C:\Windows\System\aPFtHGQ.exe
  C:\Windows\System\aPFtHGQ.exe
  2⤵
  PID:6200
- C:\Windows\System\HqolQBW.exe
  C:\Windows\System\HqolQBW.exe
  2⤵
  PID:6228
- C:\Windows\System\CjYxrkO.exe
  C:\Windows\System\CjYxrkO.exe
  2⤵
  PID:6244
- C:\Windows\System\thWdgOq.exe
  C:\Windows\System\thWdgOq.exe
  2⤵
  PID:6272
- C:\Windows\System\IpZiYGT.exe
  C:\Windows\System\IpZiYGT.exe
  2⤵
  PID:6296
- C:\Windows\System\dQjWhEc.exe
  C:\Windows\System\dQjWhEc.exe
  2⤵
  PID:6324
- C:\Windows\System\ukHpmcM.exe
  C:\Windows\System\ukHpmcM.exe
  2⤵
  PID:6356
- C:\Windows\System\sEFzSnb.exe
  C:\Windows\System\sEFzSnb.exe
  2⤵
  PID:6384
- C:\Windows\System\PHcConi.exe
  C:\Windows\System\PHcConi.exe
  2⤵
  PID:6408
- C:\Windows\System\WfwTdaM.exe
  C:\Windows\System\WfwTdaM.exe
  2⤵
  PID:6440
- C:\Windows\System\hTFMLhe.exe
  C:\Windows\System\hTFMLhe.exe
  2⤵
  PID:6468
- C:\Windows\System\iQebvrJ.exe
  C:\Windows\System\iQebvrJ.exe
  2⤵
  PID:6496
- C:\Windows\System\DKTNLfn.exe
  C:\Windows\System\DKTNLfn.exe
  2⤵
  PID:6524
- C:\Windows\System\klaaDDu.exe
  C:\Windows\System\klaaDDu.exe
  2⤵
  PID:6552
- C:\Windows\System\RBjgkKm.exe
  C:\Windows\System\RBjgkKm.exe
  2⤵
  PID:6592
- C:\Windows\System\tcFyChS.exe
  C:\Windows\System\tcFyChS.exe
  2⤵
  PID:6620
- C:\Windows\System\UuISrmX.exe
  C:\Windows\System\UuISrmX.exe
  2⤵
  PID:6644
- C:\Windows\System\mgJoIsa.exe
  C:\Windows\System\mgJoIsa.exe
  2⤵
  PID:6664
- C:\Windows\System\uPrszIv.exe
  C:\Windows\System\uPrszIv.exe
  2⤵
  PID:6704
- C:\Windows\System\QKtEmsK.exe
  C:\Windows\System\QKtEmsK.exe
  2⤵
  PID:6732
- C:\Windows\System\bYaLIdo.exe
  C:\Windows\System\bYaLIdo.exe
  2⤵
  PID:6772
- C:\Windows\System\MprmHRc.exe
  C:\Windows\System\MprmHRc.exe
  2⤵
  PID:6800
- C:\Windows\System\ZlFPsxm.exe
  C:\Windows\System\ZlFPsxm.exe
  2⤵
  PID:6816
- C:\Windows\System\IPydxTo.exe
  C:\Windows\System\IPydxTo.exe
  2⤵
  PID:6840
- C:\Windows\System\iDqEdhv.exe
  C:\Windows\System\iDqEdhv.exe
  2⤵
  PID:6868
- C:\Windows\System\ePrwwSX.exe
  C:\Windows\System\ePrwwSX.exe
  2⤵
  PID:6888
- C:\Windows\System\sJKdGjU.exe
  C:\Windows\System\sJKdGjU.exe
  2⤵
  PID:6920
- C:\Windows\System\NWTtbcz.exe
  C:\Windows\System\NWTtbcz.exe
  2⤵
  PID:6952
- C:\Windows\System\NtWwLmG.exe
  C:\Windows\System\NtWwLmG.exe
  2⤵
  PID:6972
- C:\Windows\System\kewocrD.exe
  C:\Windows\System\kewocrD.exe
  2⤵
  PID:7060
- C:\Windows\System\WHRsTom.exe
  C:\Windows\System\WHRsTom.exe
  2⤵
  PID:7076
- C:\Windows\System\wZXZHnQ.exe
  C:\Windows\System\wZXZHnQ.exe
  2⤵
  PID:5272
- C:\Windows\System\asqkXIk.exe
  C:\Windows\System\asqkXIk.exe
  2⤵
  PID:4764
- C:\Windows\System\vNOjhbW.exe
  C:\Windows\System\vNOjhbW.exe
  2⤵
  PID:6256
- C:\Windows\System\mMxNIAn.exe
  C:\Windows\System\mMxNIAn.exe
  2⤵
  PID:6320
- C:\Windows\System\wtqtVqP.exe
  C:\Windows\System\wtqtVqP.exe
  2⤵
  PID:1576
- C:\Windows\System\SgcjzJk.exe
  C:\Windows\System\SgcjzJk.exe
  2⤵
  PID:6516
- C:\Windows\System\aSPiiRe.exe
  C:\Windows\System\aSPiiRe.exe
  2⤵
  PID:6584
- C:\Windows\System\xGaAGUj.exe
  C:\Windows\System\xGaAGUj.exe
  2⤵
  PID:6696
- C:\Windows\System\dnNlcMm.exe
  C:\Windows\System\dnNlcMm.exe
  2⤵
  PID:6792
- C:\Windows\System\wwmOqmU.exe
  C:\Windows\System\wwmOqmU.exe
  2⤵
  PID:2344
- C:\Windows\System\lTMbdkY.exe
  C:\Windows\System\lTMbdkY.exe
  2⤵
  PID:3708
- C:\Windows\System\VBBSMqT.exe
  C:\Windows\System\VBBSMqT.exe
  2⤵
  PID:4400
- C:\Windows\System\pzZCwkg.exe
  C:\Windows\System\pzZCwkg.exe
  2⤵
  PID:1940
- C:\Windows\System\oqliPFh.exe
  C:\Windows\System\oqliPFh.exe
  2⤵
  PID:736
- C:\Windows\System\QGkggYy.exe
  C:\Windows\System\QGkggYy.exe
  2⤵
  PID:6192
- C:\Windows\System\jCLDNBZ.exe
  C:\Windows\System\jCLDNBZ.exe
  2⤵
  PID:1060
- C:\Windows\System\CUdpTkb.exe
  C:\Windows\System\CUdpTkb.exe
  2⤵
  PID:6544
- C:\Windows\System\QxijyXR.exe
  C:\Windows\System\QxijyXR.exe
  2⤵
  PID:3796
- C:\Windows\System\RqxZmXO.exe
  C:\Windows\System\RqxZmXO.exe
  2⤵
  PID:6880
- C:\Windows\System\ciuaNYY.exe
  C:\Windows\System\ciuaNYY.exe
  2⤵
  PID:4976
- C:\Windows\System\GwdbgMv.exe
  C:\Windows\System\GwdbgMv.exe
  2⤵
  PID:1484
- C:\Windows\System\MXvCVxM.exe
  C:\Windows\System\MXvCVxM.exe
  2⤵
  PID:1788
- C:\Windows\System\YMBQXgs.exe
  C:\Windows\System\YMBQXgs.exe
  2⤵
  PID:6856
- C:\Windows\System\dwMWlNO.exe
  C:\Windows\System\dwMWlNO.exe
  2⤵
  PID:3648
- C:\Windows\System\FdboPec.exe
  C:\Windows\System\FdboPec.exe
  2⤵
  PID:4868
- C:\Windows\System\qPkQlIO.exe
  C:\Windows\System\qPkQlIO.exe
  2⤵
  PID:7208
- C:\Windows\System\euTSNLh.exe
  C:\Windows\System\euTSNLh.exe
  2⤵
  PID:7248
- C:\Windows\System\pNPFaQP.exe
  C:\Windows\System\pNPFaQP.exe
  2⤵
  PID:7280
- C:\Windows\System\cCnyuIM.exe
  C:\Windows\System\cCnyuIM.exe
  2⤵
  PID:7296
- C:\Windows\System\GoTtild.exe
  C:\Windows\System\GoTtild.exe
  2⤵
  PID:7328
- C:\Windows\System\UfTLICJ.exe
  C:\Windows\System\UfTLICJ.exe
  2⤵
  PID:7352
- C:\Windows\System\OkLZlZj.exe
  C:\Windows\System\OkLZlZj.exe
  2⤵
  PID:7380
- C:\Windows\System\BtSTvER.exe
  C:\Windows\System\BtSTvER.exe
  2⤵
  PID:7408
- C:\Windows\System\cDMmVkn.exe
  C:\Windows\System\cDMmVkn.exe
  2⤵
  PID:7448
- C:\Windows\System\Kfljeda.exe
  C:\Windows\System\Kfljeda.exe
  2⤵
  PID:7504
- C:\Windows\System\AqEzZth.exe
  C:\Windows\System\AqEzZth.exe
  2⤵
  PID:7552
- C:\Windows\System\eXpNTxv.exe
  C:\Windows\System\eXpNTxv.exe
  2⤵
  PID:7580
- C:\Windows\System\kmKIieK.exe
  C:\Windows\System\kmKIieK.exe
  2⤵
  PID:7624
- C:\Windows\System\ybeiywd.exe
  C:\Windows\System\ybeiywd.exe
  2⤵
  PID:7660
- C:\Windows\System\LbOgRQC.exe
  C:\Windows\System\LbOgRQC.exe
  2⤵
  PID:7676
- C:\Windows\System\ZSYsJju.exe
  C:\Windows\System\ZSYsJju.exe
  2⤵
  PID:7708
- C:\Windows\System\mJLccdn.exe
  C:\Windows\System\mJLccdn.exe
  2⤵
  PID:7736
- C:\Windows\System\vnJZoYd.exe
  C:\Windows\System\vnJZoYd.exe
  2⤵
  PID:7764
- C:\Windows\System\ALRetFS.exe
  C:\Windows\System\ALRetFS.exe
  2⤵
  PID:7796
- C:\Windows\System\ubEwxKW.exe
  C:\Windows\System\ubEwxKW.exe
  2⤵
  PID:7820
- C:\Windows\System\ATNsMlI.exe
  C:\Windows\System\ATNsMlI.exe
  2⤵
  PID:7848
- C:\Windows\System\eziwUJY.exe
  C:\Windows\System\eziwUJY.exe
  2⤵
  PID:7884
- C:\Windows\System\JIKogRt.exe
  C:\Windows\System\JIKogRt.exe
  2⤵
  PID:7904
- C:\Windows\System\nciyRuX.exe
  C:\Windows\System\nciyRuX.exe
  2⤵
  PID:7944
- C:\Windows\System\LLqxZor.exe
  C:\Windows\System\LLqxZor.exe
  2⤵
  PID:7964
- C:\Windows\System\ZFVUkNP.exe
  C:\Windows\System\ZFVUkNP.exe
  2⤵
  PID:7996
- C:\Windows\System\SnnsFSl.exe
  C:\Windows\System\SnnsFSl.exe
  2⤵
  PID:8020
- C:\Windows\System\ItNLJUq.exe
  C:\Windows\System\ItNLJUq.exe
  2⤵
  PID:8052
- C:\Windows\System\jKtCwGc.exe
  C:\Windows\System\jKtCwGc.exe
  2⤵
  PID:8140
- C:\Windows\System\nAmUoZW.exe
  C:\Windows\System\nAmUoZW.exe
  2⤵
  PID:8164
- C:\Windows\System\ywOwtjY.exe
  C:\Windows\System\ywOwtjY.exe
  2⤵
  PID:7192
- C:\Windows\System\kJnvdgi.exe
  C:\Windows\System\kJnvdgi.exe
  2⤵
  PID:7188
- C:\Windows\System\CxQffHZ.exe
  C:\Windows\System\CxQffHZ.exe
  2⤵
  PID:7264
- C:\Windows\System\kFmhDet.exe
  C:\Windows\System\kFmhDet.exe
  2⤵
  PID:7320
- C:\Windows\System\ejrKJJo.exe
  C:\Windows\System\ejrKJJo.exe
  2⤵
  PID:7376
- C:\Windows\System\LpdMYDi.exe
  C:\Windows\System\LpdMYDi.exe
  2⤵
  PID:1612
- C:\Windows\System\UxBftIu.exe
  C:\Windows\System\UxBftIu.exe
  2⤵
  PID:7560
- C:\Windows\System\FSAhmrY.exe
  C:\Windows\System\FSAhmrY.exe
  2⤵
  PID:7468
- C:\Windows\System\LjQarti.exe
  C:\Windows\System\LjQarti.exe
  2⤵
  PID:7668
- C:\Windows\System\YrEUfnE.exe
  C:\Windows\System\YrEUfnE.exe
  2⤵
  PID:7784
- C:\Windows\System\cDWvEdo.exe
  C:\Windows\System\cDWvEdo.exe
  2⤵
  PID:7860
- C:\Windows\System\ABtflkG.exe
  C:\Windows\System\ABtflkG.exe
  2⤵
  PID:7924
- C:\Windows\System\vrvqqKB.exe
  C:\Windows\System\vrvqqKB.exe
  2⤵
  PID:7988
- C:\Windows\System\YfdlrCc.exe
  C:\Windows\System\YfdlrCc.exe
  2⤵
  PID:8048
- C:\Windows\System\IpnbsOx.exe
  C:\Windows\System\IpnbsOx.exe
  2⤵
  PID:8132
- C:\Windows\System\TLcyEUA.exe
  C:\Windows\System\TLcyEUA.exe
  2⤵
  PID:8188
- C:\Windows\System\AkLdMlg.exe
  C:\Windows\System\AkLdMlg.exe
  2⤵
  PID:8104
- C:\Windows\System\emJxgji.exe
  C:\Windows\System\emJxgji.exe
  2⤵
  PID:7288
- C:\Windows\System\SPgkpZp.exe
  C:\Windows\System\SPgkpZp.exe
  2⤵
  PID:7428
- C:\Windows\System\FocBRAW.exe
  C:\Windows\System\FocBRAW.exe
  2⤵
  PID:7528
- C:\Windows\System\hfecHFN.exe
  C:\Windows\System\hfecHFN.exe
  2⤵
  PID:7724
- C:\Windows\System\qlMQLuX.exe
  C:\Windows\System\qlMQLuX.exe
  2⤵
  PID:7976
- C:\Windows\System\EATsgVX.exe
  C:\Windows\System\EATsgVX.exe
  2⤵
  PID:8136
- C:\Windows\System\ihDtlXM.exe
  C:\Windows\System\ihDtlXM.exe
  2⤵
  PID:8084
- C:\Windows\System\aeDCimN.exe
  C:\Windows\System\aeDCimN.exe
  2⤵
  PID:4116
- C:\Windows\System\WPsitdb.exe
  C:\Windows\System\WPsitdb.exe
  2⤵
  PID:7920
- C:\Windows\System\jMxzuNT.exe
  C:\Windows\System\jMxzuNT.exe
  2⤵
  PID:8096
- C:\Windows\System\inHWxla.exe
  C:\Windows\System\inHWxla.exe
  2⤵
  PID:7892
- C:\Windows\System\zuqabjm.exe
  C:\Windows\System\zuqabjm.exe
  2⤵
  PID:8200
- C:\Windows\System\wDYNzJb.exe
  C:\Windows\System\wDYNzJb.exe
  2⤵
  PID:8220
- C:\Windows\System\RUggcri.exe
  C:\Windows\System\RUggcri.exe
  2⤵
  PID:8248
- C:\Windows\System\HNdiFMM.exe
  C:\Windows\System\HNdiFMM.exe
  2⤵
  PID:8276
- C:\Windows\System\nCooAng.exe
  C:\Windows\System\nCooAng.exe
  2⤵
  PID:8304
- C:\Windows\System\tfTtUFr.exe
  C:\Windows\System\tfTtUFr.exe
  2⤵
  PID:8340
- C:\Windows\System\lBhqPME.exe
  C:\Windows\System\lBhqPME.exe
  2⤵
  PID:8368
- C:\Windows\System\bVKrEEg.exe
  C:\Windows\System\bVKrEEg.exe
  2⤵
  PID:8396
- C:\Windows\System\slmXjmm.exe
  C:\Windows\System\slmXjmm.exe
  2⤵
  PID:8460
- C:\Windows\System\DIdGYiY.exe
  C:\Windows\System\DIdGYiY.exe
  2⤵
  PID:8496
- C:\Windows\System\BxbglSL.exe
  C:\Windows\System\BxbglSL.exe
  2⤵
  PID:8540
- C:\Windows\System\EAbWynm.exe
  C:\Windows\System\EAbWynm.exe
  2⤵
  PID:8568
- C:\Windows\System\pmNvRRk.exe
  C:\Windows\System\pmNvRRk.exe
  2⤵
  PID:8656
- C:\Windows\System\vPRQBIs.exe
  C:\Windows\System\vPRQBIs.exe
  2⤵
  PID:8692
- C:\Windows\System\SIFGHYF.exe
  C:\Windows\System\SIFGHYF.exe
  2⤵
  PID:8732
- C:\Windows\System\sPfUaCF.exe
  C:\Windows\System\sPfUaCF.exe
  2⤵
  PID:8780
- C:\Windows\System\MJeCCcA.exe
  C:\Windows\System\MJeCCcA.exe
  2⤵
  PID:8820
- C:\Windows\System\daiEdGQ.exe
  C:\Windows\System\daiEdGQ.exe
  2⤵
  PID:8856
- C:\Windows\System\UdrdZvi.exe
  C:\Windows\System\UdrdZvi.exe
  2⤵
  PID:8884
- C:\Windows\System\xHUHSDF.exe
  C:\Windows\System\xHUHSDF.exe
  2⤵
  PID:8912
- C:\Windows\System\nEuiZFO.exe
  C:\Windows\System\nEuiZFO.exe
  2⤵
  PID:8940
- C:\Windows\System\uqvMGkL.exe
  C:\Windows\System\uqvMGkL.exe
  2⤵
  PID:8972
- C:\Windows\System\fZVBLuo.exe
  C:\Windows\System\fZVBLuo.exe
  2⤵
  PID:9000
- C:\Windows\System\fGdCsRn.exe
  C:\Windows\System\fGdCsRn.exe
  2⤵
  PID:9028
- C:\Windows\System\QgjFury.exe
  C:\Windows\System\QgjFury.exe
  2⤵
  PID:9056
- C:\Windows\System\NMMWRXX.exe
  C:\Windows\System\NMMWRXX.exe
  2⤵
  PID:9088
- C:\Windows\System\feAlrnD.exe
  C:\Windows\System\feAlrnD.exe
  2⤵
  PID:9112
- C:\Windows\System\WPkQZCS.exe
  C:\Windows\System\WPkQZCS.exe
  2⤵
  PID:9140
- C:\Windows\System\HhpjSBq.exe
  C:\Windows\System\HhpjSBq.exe
  2⤵
  PID:9168
- C:\Windows\System\MasUqEX.exe
  C:\Windows\System\MasUqEX.exe
  2⤵
  PID:9196
- C:\Windows\System\jgDyjpw.exe
  C:\Windows\System\jgDyjpw.exe
  2⤵
  PID:8212
- C:\Windows\System\XZokaPT.exe
  C:\Windows\System\XZokaPT.exe
  2⤵
  PID:8272
- C:\Windows\System\cniSXiz.exe
  C:\Windows\System\cniSXiz.exe
  2⤵
  PID:7544
- C:\Windows\System\dhrIYnS.exe
  C:\Windows\System\dhrIYnS.exe
  2⤵
  PID:7536
- C:\Windows\System\aiwaVYZ.exe
  C:\Windows\System\aiwaVYZ.exe
  2⤵
  PID:8336
- C:\Windows\System\iADTENJ.exe
  C:\Windows\System\iADTENJ.exe
  2⤵
  PID:8380
- C:\Windows\System\OKQEXpB.exe
  C:\Windows\System\OKQEXpB.exe
  2⤵
  PID:8472
- C:\Windows\System\DdbQHtq.exe
  C:\Windows\System\DdbQHtq.exe
  2⤵
  PID:8520
- C:\Windows\System\ToYUFDn.exe
  C:\Windows\System\ToYUFDn.exe
  2⤵
  PID:8436
- C:\Windows\System\cRSdmuZ.exe
  C:\Windows\System\cRSdmuZ.exe
  2⤵
  PID:8480
- C:\Windows\System\umPRoCg.exe
  C:\Windows\System\umPRoCg.exe
  2⤵
  PID:8644
- C:\Windows\System\DSUcspg.exe
  C:\Windows\System\DSUcspg.exe
  2⤵
  PID:8604
- C:\Windows\System\bABVRHx.exe
  C:\Windows\System\bABVRHx.exe
  2⤵
  PID:8768
- C:\Windows\System\CDrLYRZ.exe
  C:\Windows\System\CDrLYRZ.exe
  2⤵
  PID:8740
- C:\Windows\System\uKeYkHp.exe
  C:\Windows\System\uKeYkHp.exe
  2⤵
  PID:9020
- C:\Windows\System\bllDDPa.exe
  C:\Windows\System\bllDDPa.exe
  2⤵
  PID:9068
- C:\Windows\System\bCILTxx.exe
  C:\Windows\System\bCILTxx.exe
  2⤵
  PID:9136
- C:\Windows\System\okJPDJk.exe
  C:\Windows\System\okJPDJk.exe
  2⤵
  PID:9192
- C:\Windows\System\hbtoGio.exe
  C:\Windows\System\hbtoGio.exe
  2⤵
  PID:7568
- C:\Windows\System\lmNuEBl.exe
  C:\Windows\System\lmNuEBl.exe
  2⤵
  PID:3344
- C:\Windows\System\BPPndrN.exe
  C:\Windows\System\BPPndrN.exe
  2⤵
  PID:848
- C:\Windows\System\epeVeOP.exe
  C:\Windows\System\epeVeOP.exe
  2⤵
  PID:3300
- C:\Windows\System\doFpHOD.exe
  C:\Windows\System\doFpHOD.exe
  2⤵
  PID:6264
- C:\Windows\System\uvQZVXM.exe
  C:\Windows\System\uvQZVXM.exe
  2⤵
  PID:3596
- C:\Windows\System\dqxPUbx.exe
  C:\Windows\System\dqxPUbx.exe
  2⤵
  PID:7524
- C:\Windows\System\poYSCwm.exe
  C:\Windows\System\poYSCwm.exe
  2⤵
  PID:8456
- C:\Windows\System\medVqnP.exe
  C:\Windows\System\medVqnP.exe
  2⤵
  PID:8560
- C:\Windows\System\lbZHVmy.exe
  C:\Windows\System\lbZHVmy.exe
  2⤵
  PID:8668
- C:\Windows\System\TEWxvXU.exe
  C:\Windows\System\TEWxvXU.exe
  2⤵
  PID:8684
- C:\Windows\System\cFJQhlS.exe
  C:\Windows\System\cFJQhlS.exe
  2⤵
  PID:3348
- C:\Windows\System\QJaRNAv.exe
  C:\Windows\System\QJaRNAv.exe
  2⤵
  PID:9160
- C:\Windows\System\VhsnczS.exe
  C:\Windows\System\VhsnczS.exe
  2⤵
  PID:3404
- C:\Windows\System\AvOVhRy.exe
  C:\Windows\System\AvOVhRy.exe
  2⤵
  PID:3996
- C:\Windows\System\uGRUebp.exe
  C:\Windows\System\uGRUebp.exe
  2⤵
  PID:7128
- C:\Windows\System\oCfeoFQ.exe
  C:\Windows\System\oCfeoFQ.exe
  2⤵
  PID:8452
- C:\Windows\System\ojlMFxE.exe
  C:\Windows\System\ojlMFxE.exe
  2⤵
  PID:8800
- C:\Windows\System\ibKdIZv.exe
  C:\Windows\System\ibKdIZv.exe
  2⤵
  PID:9132
- C:\Windows\System\XEjGDTp.exe
  C:\Windows\System\XEjGDTp.exe
  2⤵
  PID:7136
- C:\Windows\System\hQbihdc.exe
  C:\Windows\System\hQbihdc.exe
  2⤵
  PID:8564
- C:\Windows\System\ghYCSZs.exe
  C:\Windows\System\ghYCSZs.exe
  2⤵
  PID:3520
- C:\Windows\System\YIJtgaa.exe
  C:\Windows\System\YIJtgaa.exe
  2⤵
  PID:8260
- C:\Windows\System\bflfAzd.exe
  C:\Windows\System\bflfAzd.exe
  2⤵
  PID:9224
- C:\Windows\System\oOmXIuc.exe
  C:\Windows\System\oOmXIuc.exe
  2⤵
  PID:9256
- C:\Windows\System\zvSuKAN.exe
  C:\Windows\System\zvSuKAN.exe
  2⤵
  PID:9284
- C:\Windows\System\LFfOlza.exe
  C:\Windows\System\LFfOlza.exe
  2⤵
  PID:9312
- C:\Windows\System\IFMbvvD.exe
  C:\Windows\System\IFMbvvD.exe
  2⤵
  PID:9340
- C:\Windows\System\JikBrsU.exe
  C:\Windows\System\JikBrsU.exe
  2⤵
  PID:9368
- C:\Windows\System\ssUscJR.exe
  C:\Windows\System\ssUscJR.exe
  2⤵
  PID:9396
- C:\Windows\System\CSEiMjI.exe
  C:\Windows\System\CSEiMjI.exe
  2⤵
  PID:9424
- C:\Windows\System\KxkuebW.exe
  C:\Windows\System\KxkuebW.exe
  2⤵
  PID:9452
- C:\Windows\System\EJGPiJT.exe
  C:\Windows\System\EJGPiJT.exe
  2⤵
  PID:9480
- C:\Windows\System\NVmgCWW.exe
  C:\Windows\System\NVmgCWW.exe
  2⤵
  PID:9508
- C:\Windows\System\uTJvNlh.exe
  C:\Windows\System\uTJvNlh.exe
  2⤵
  PID:9536
- C:\Windows\System\sHoGBst.exe
  C:\Windows\System\sHoGBst.exe
  2⤵
  PID:9564
- C:\Windows\System\GQGNKvM.exe
  C:\Windows\System\GQGNKvM.exe
  2⤵
  PID:9604
- C:\Windows\System\WxHTbqi.exe
  C:\Windows\System\WxHTbqi.exe
  2⤵
  PID:9620
- C:\Windows\System\BIdqNVl.exe
  C:\Windows\System\BIdqNVl.exe
  2⤵
  PID:9648
- C:\Windows\System\GTSDOMY.exe
  C:\Windows\System\GTSDOMY.exe
  2⤵
  PID:9676
- C:\Windows\System\OFfmiEX.exe
  C:\Windows\System\OFfmiEX.exe
  2⤵
  PID:9704
- C:\Windows\System\QEKzpbw.exe
  C:\Windows\System\QEKzpbw.exe
  2⤵
  PID:9732
- C:\Windows\System\qHqbmXV.exe
  C:\Windows\System\qHqbmXV.exe
  2⤵
  PID:9760
- C:\Windows\System\rDFBxtU.exe
  C:\Windows\System\rDFBxtU.exe
  2⤵
  PID:9804
- C:\Windows\System\NJVdGxZ.exe
  C:\Windows\System\NJVdGxZ.exe
  2⤵
  PID:9828
- C:\Windows\System\pLBjXqh.exe
  C:\Windows\System\pLBjXqh.exe
  2⤵
  PID:9848
- C:\Windows\System\xaJYTdh.exe
  C:\Windows\System\xaJYTdh.exe
  2⤵
  PID:9876
- C:\Windows\System\tYULNBY.exe
  C:\Windows\System\tYULNBY.exe
  2⤵
  PID:9904
- C:\Windows\System\LMiCged.exe
  C:\Windows\System\LMiCged.exe
  2⤵
  PID:9932
- C:\Windows\System\bpPKKkn.exe
  C:\Windows\System\bpPKKkn.exe
  2⤵
  PID:9960
- C:\Windows\System\JkopDTQ.exe
  C:\Windows\System\JkopDTQ.exe
  2⤵
  PID:9988
- C:\Windows\System\vEXzfzT.exe
  C:\Windows\System\vEXzfzT.exe
  2⤵
  PID:10020
- C:\Windows\System\RPyUnAY.exe
  C:\Windows\System\RPyUnAY.exe
  2⤵
  PID:10048
- C:\Windows\System\GvokmDB.exe
  C:\Windows\System\GvokmDB.exe
  2⤵
  PID:10092
- C:\Windows\System\pHzSCuF.exe
  C:\Windows\System\pHzSCuF.exe
  2⤵
  PID:10112
- C:\Windows\System\gslRrTH.exe
  C:\Windows\System\gslRrTH.exe
  2⤵
  PID:10140
- C:\Windows\System\zRYBqSU.exe
  C:\Windows\System\zRYBqSU.exe
  2⤵
  PID:10168
- C:\Windows\System\XnCyTmr.exe
  C:\Windows\System\XnCyTmr.exe
  2⤵
  PID:10196
- C:\Windows\System\wdVcxrq.exe
  C:\Windows\System\wdVcxrq.exe
  2⤵
  PID:10224
- C:\Windows\System\GQwjgGG.exe
  C:\Windows\System\GQwjgGG.exe
  2⤵
  PID:9248
- C:\Windows\System\lIxWPde.exe
  C:\Windows\System\lIxWPde.exe
  2⤵
  PID:9296
- C:\Windows\System\FMLhphe.exe
  C:\Windows\System\FMLhphe.exe
  2⤵
  PID:9360
- C:\Windows\System\EOgMtPG.exe
  C:\Windows\System\EOgMtPG.exe
  2⤵
  PID:9420
- C:\Windows\System\HaRmGqz.exe
  C:\Windows\System\HaRmGqz.exe
  2⤵
  PID:9492
- C:\Windows\System\InQgutz.exe
  C:\Windows\System\InQgutz.exe
  2⤵
  PID:1436
- C:\Windows\System\kxsZZqK.exe
  C:\Windows\System\kxsZZqK.exe
  2⤵
  PID:9612
- C:\Windows\System\RlWBcdn.exe
  C:\Windows\System\RlWBcdn.exe
  2⤵
  PID:9672
- C:\Windows\System\uUTFazV.exe
  C:\Windows\System\uUTFazV.exe
  2⤵
  PID:9744
- C:\Windows\System\GMjNCkp.exe
  C:\Windows\System\GMjNCkp.exe
  2⤵
  PID:9784
- C:\Windows\System\GjscfnY.exe
  C:\Windows\System\GjscfnY.exe
  2⤵
  PID:9868
- C:\Windows\System\CHkPBky.exe
  C:\Windows\System\CHkPBky.exe
  2⤵
  PID:9952
- C:\Windows\System\fXtHIVT.exe
  C:\Windows\System\fXtHIVT.exe
  2⤵
  PID:9984
- C:\Windows\System\QBWLXvd.exe
  C:\Windows\System\QBWLXvd.exe
  2⤵
  PID:10040
- C:\Windows\System\tXIsuxF.exe
  C:\Windows\System\tXIsuxF.exe
  2⤵
  PID:7004
- C:\Windows\System\pfNuvIu.exe
  C:\Windows\System\pfNuvIu.exe
  2⤵
  PID:6152
- C:\Windows\System\vlYocSU.exe
  C:\Windows\System\vlYocSU.exe
  2⤵
  PID:10132
- C:\Windows\System\KyWYtCo.exe
  C:\Windows\System\KyWYtCo.exe
  2⤵
  PID:10160
- C:\Windows\System\vtDroBv.exe
  C:\Windows\System\vtDroBv.exe
  2⤵
  PID:10208
- C:\Windows\System\qnCwUMI.exe
  C:\Windows\System\qnCwUMI.exe
  2⤵
  PID:9268
- C:\Windows\System\MMbNvtJ.exe
  C:\Windows\System\MMbNvtJ.exe
  2⤵
  PID:9408
- C:\Windows\System\JILNNBC.exe
  C:\Windows\System\JILNNBC.exe
  2⤵
  PID:9552
- C:\Windows\System\IPMdikY.exe
  C:\Windows\System\IPMdikY.exe
  2⤵
  PID:9700
- C:\Windows\System\SlDiwMx.exe
  C:\Windows\System\SlDiwMx.exe
  2⤵
  PID:9844
- C:\Windows\System\FGnDXsx.exe
  C:\Windows\System\FGnDXsx.exe
  2⤵
  PID:1916
- C:\Windows\System\dHforcm.exe
  C:\Windows\System\dHforcm.exe
  2⤵
  PID:10124
- C:\Windows\System\OtcKlhE.exe
  C:\Windows\System\OtcKlhE.exe
  2⤵
  PID:2372
- C:\Windows\System\NTyepys.exe
  C:\Windows\System\NTyepys.exe
  2⤵
  PID:4136
- C:\Windows\System\XLRLVyU.exe
  C:\Windows\System\XLRLVyU.exe
  2⤵
  PID:9520
- C:\Windows\System\BQtkDyG.exe
  C:\Windows\System\BQtkDyG.exe
  2⤵
  PID:9800
- C:\Windows\System\gactDvW.exe
  C:\Windows\System\gactDvW.exe
  2⤵
  PID:10072
- C:\Windows\System\DkmxuNE.exe
  C:\Windows\System\DkmxuNE.exe
  2⤵
  PID:9356
- C:\Windows\System\CagynFF.exe
  C:\Windows\System\CagynFF.exe
  2⤵
  PID:10032
- C:\Windows\System\rxKjqZO.exe
  C:\Windows\System\rxKjqZO.exe
  2⤵
  PID:9916
- C:\Windows\System\ATwMZHl.exe
  C:\Windows\System\ATwMZHl.exe
  2⤵
  PID:10256
- C:\Windows\System\QwldcpL.exe
  C:\Windows\System\QwldcpL.exe
  2⤵
  PID:10284
- C:\Windows\System\GymjbVR.exe
  C:\Windows\System\GymjbVR.exe
  2⤵
  PID:10312
- C:\Windows\System\itBaFVm.exe
  C:\Windows\System\itBaFVm.exe
  2⤵
  PID:10340
- C:\Windows\System\iEIdCwf.exe
  C:\Windows\System\iEIdCwf.exe
  2⤵
  PID:10368
- C:\Windows\System\gseDGTe.exe
  C:\Windows\System\gseDGTe.exe
  2⤵
  PID:10396
- C:\Windows\System\tENzTEK.exe
  C:\Windows\System\tENzTEK.exe
  2⤵
  PID:10424
- C:\Windows\System\FntGwhZ.exe
  C:\Windows\System\FntGwhZ.exe
  2⤵
  PID:10452
- C:\Windows\System\VffHGhT.exe
  C:\Windows\System\VffHGhT.exe
  2⤵
  PID:10480
- C:\Windows\System\oRjKSkm.exe
  C:\Windows\System\oRjKSkm.exe
  2⤵
  PID:10508
- C:\Windows\System\MTqosbv.exe
  C:\Windows\System\MTqosbv.exe
  2⤵
  PID:10536
- C:\Windows\System\gfutdML.exe
  C:\Windows\System\gfutdML.exe
  2⤵
  PID:10564
- C:\Windows\System\UqCxjJl.exe
  C:\Windows\System\UqCxjJl.exe
  2⤵
  PID:10604
- C:\Windows\System\AslgevA.exe
  C:\Windows\System\AslgevA.exe
  2⤵
  PID:10620
- C:\Windows\System\BsfVwQO.exe
  C:\Windows\System\BsfVwQO.exe
  2⤵
  PID:10656
- C:\Windows\System\yUBAulv.exe
  C:\Windows\System\yUBAulv.exe
  2⤵
  PID:10716
- C:\Windows\System\ILGJOZV.exe
  C:\Windows\System\ILGJOZV.exe
  2⤵
  PID:10756
- C:\Windows\System\LIZcnjt.exe
  C:\Windows\System\LIZcnjt.exe
  2⤵
  PID:10780
- C:\Windows\System\VuweQAz.exe
  C:\Windows\System\VuweQAz.exe
  2⤵
  PID:10808
- C:\Windows\System\bmNbovP.exe
  C:\Windows\System\bmNbovP.exe
  2⤵
  PID:10824
- C:\Windows\System\zOpuLET.exe
  C:\Windows\System\zOpuLET.exe
  2⤵
  PID:10868
- C:\Windows\System\iSLcvKC.exe
  C:\Windows\System\iSLcvKC.exe
  2⤵
  PID:10900
- C:\Windows\System\dFQdgzS.exe
  C:\Windows\System\dFQdgzS.exe
  2⤵
  PID:10936
- C:\Windows\System\jSAXLnx.exe
  C:\Windows\System\jSAXLnx.exe
  2⤵
  PID:10964
- C:\Windows\System\ApJAmKV.exe
  C:\Windows\System\ApJAmKV.exe
  2⤵
  PID:10992
- C:\Windows\System\gCjOKIf.exe
  C:\Windows\System\gCjOKIf.exe
  2⤵
  PID:11020
- C:\Windows\System\biBFsoY.exe
  C:\Windows\System\biBFsoY.exe
  2⤵
  PID:11048
- C:\Windows\System\olEYXRd.exe
  C:\Windows\System\olEYXRd.exe
  2⤵
  PID:11076
- C:\Windows\System\BMpNeNa.exe
  C:\Windows\System\BMpNeNa.exe
  2⤵
  PID:11104
- C:\Windows\System\hJwZrzJ.exe
  C:\Windows\System\hJwZrzJ.exe
  2⤵
  PID:11132
- C:\Windows\System\OaTxcSv.exe
  C:\Windows\System\OaTxcSv.exe
  2⤵
  PID:11160
- C:\Windows\System\SEUTuwV.exe
  C:\Windows\System\SEUTuwV.exe
  2⤵
  PID:11188
- C:\Windows\System\jLwXADt.exe
  C:\Windows\System\jLwXADt.exe
  2⤵
  PID:11216
- C:\Windows\System\NfqknAX.exe
  C:\Windows\System\NfqknAX.exe
  2⤵
  PID:11244
- C:\Windows\System\tGNtacB.exe
  C:\Windows\System\tGNtacB.exe
  2⤵
  PID:10252
- C:\Windows\System\FcZugWH.exe
  C:\Windows\System\FcZugWH.exe
  2⤵
  PID:10328
- C:\Windows\System\vptpkBA.exe
  C:\Windows\System\vptpkBA.exe
  2⤵
  PID:10392
- C:\Windows\System\gdyIHDT.exe
  C:\Windows\System\gdyIHDT.exe
  2⤵
  PID:10464
- C:\Windows\System\znSiumU.exe
  C:\Windows\System\znSiumU.exe
  2⤵
  PID:10560
- C:\Windows\System\uddYTLo.exe
  C:\Windows\System\uddYTLo.exe
  2⤵
  PID:10588
- C:\Windows\System\gKQrDwC.exe
  C:\Windows\System\gKQrDwC.exe
  2⤵
  PID:10668
- C:\Windows\System\PLJWSwo.exe
  C:\Windows\System\PLJWSwo.exe
  2⤵
  PID:10708
- C:\Windows\System\xkaLjXH.exe
  C:\Windows\System\xkaLjXH.exe
  2⤵
  PID:10768
- C:\Windows\System\vBOKkew.exe
  C:\Windows\System\vBOKkew.exe
  2⤵
  PID:10848
- C:\Windows\System\uGBTeLE.exe
  C:\Windows\System\uGBTeLE.exe
  2⤵
  PID:3884
- C:\Windows\System\KNgPwfD.exe
  C:\Windows\System\KNgPwfD.exe
  2⤵
  PID:10932
- C:\Windows\System\oyeWryr.exe
  C:\Windows\System\oyeWryr.exe
  2⤵
  PID:3928
- C:\Windows\System\qCWqZlG.exe
  C:\Windows\System\qCWqZlG.exe
  2⤵
  PID:11060
- C:\Windows\System\koznpkS.exe
  C:\Windows\System\koznpkS.exe
  2⤵
  PID:11096
- C:\Windows\System\tEYsJKn.exe
  C:\Windows\System\tEYsJKn.exe
  2⤵
  PID:11172
- C:\Windows\System\OFEyldr.exe
  C:\Windows\System\OFEyldr.exe
  2⤵
  PID:3220
- C:\Windows\System\MahVkYE.exe
  C:\Windows\System\MahVkYE.exe
  2⤵
  PID:4924
- C:\Windows\System\CoOEzlM.exe
  C:\Windows\System\CoOEzlM.exe
  2⤵
  PID:10528
- C:\Windows\System\NORSiUe.exe
  C:\Windows\System\NORSiUe.exe
  2⤵
  PID:2332
- C:\Windows\System\HiSSvEC.exe
  C:\Windows\System\HiSSvEC.exe
  2⤵
  PID:10804
- C:\Windows\System\xqzafwG.exe
  C:\Windows\System\xqzafwG.exe
  2⤵
  PID:10912
- C:\Windows\System\THNyeiJ.exe
  C:\Windows\System\THNyeiJ.exe
  2⤵
  PID:1912
- C:\Windows\System\PPmBEBq.exe
  C:\Windows\System\PPmBEBq.exe
  2⤵
  PID:11156
- C:\Windows\System\xaZOIxW.exe
  C:\Windows\System\xaZOIxW.exe
  2⤵
  PID:10436
- C:\Windows\System\siaXmnR.exe
  C:\Windows\System\siaXmnR.exe
  2⤵
  PID:10736
- C:\Windows\System\iKpJPKY.exe
  C:\Windows\System\iKpJPKY.exe
  2⤵
  PID:11152
- C:\Windows\System\UhKuRoQ.exe
  C:\Windows\System\UhKuRoQ.exe
  2⤵
  PID:2180
- C:\Windows\System\RsubeKO.exe
  C:\Windows\System\RsubeKO.exe
  2⤵
  PID:11272
- C:\Windows\System\MeNkeiC.exe
  C:\Windows\System\MeNkeiC.exe
  2⤵
  PID:11304
- C:\Windows\System\zkAsWRz.exe
  C:\Windows\System\zkAsWRz.exe
  2⤵
  PID:11336
- C:\Windows\System\KPwxjpm.exe
  C:\Windows\System\KPwxjpm.exe
  2⤵
  PID:11364
- C:\Windows\System\GSIjeUu.exe
  C:\Windows\System\GSIjeUu.exe
  2⤵
  PID:11392
- C:\Windows\System\FatbHkJ.exe
  C:\Windows\System\FatbHkJ.exe
  2⤵
  PID:11424
- C:\Windows\System\ckTclNQ.exe
  C:\Windows\System\ckTclNQ.exe
  2⤵
  PID:11464
- C:\Windows\System\FjcAUGB.exe
  C:\Windows\System\FjcAUGB.exe
  2⤵
  PID:11492
- C:\Windows\System\mtVeQfP.exe
  C:\Windows\System\mtVeQfP.exe
  2⤵
  PID:11520
- C:\Windows\System\mAqoQsf.exe
  C:\Windows\System\mAqoQsf.exe
  2⤵
  PID:11560
- C:\Windows\System\HTveKsO.exe
  C:\Windows\System\HTveKsO.exe
  2⤵
  PID:11592
- C:\Windows\System\kmDPqQr.exe
  C:\Windows\System\kmDPqQr.exe
  2⤵
  PID:11624
- C:\Windows\System\dWLwwTk.exe
  C:\Windows\System\dWLwwTk.exe
  2⤵
  PID:11684
- C:\Windows\System\sBmOYSM.exe
  C:\Windows\System\sBmOYSM.exe
  2⤵
  PID:11728
- C:\Windows\System\ewlwZfe.exe
  C:\Windows\System\ewlwZfe.exe
  2⤵
  PID:11772
- C:\Windows\System\EWocsXi.exe
  C:\Windows\System\EWocsXi.exe
  2⤵
  PID:11812
- C:\Windows\System\QJsulol.exe
  C:\Windows\System\QJsulol.exe
  2⤵
  PID:11848
- C:\Windows\System\ShRKbnC.exe
  C:\Windows\System\ShRKbnC.exe
  2⤵
  PID:11892
- C:\Windows\System\XVYqBcr.exe
  C:\Windows\System\XVYqBcr.exe
  2⤵
  PID:11952
- C:\Windows\System\ifQVasW.exe
  C:\Windows\System\ifQVasW.exe
  2⤵
  PID:12000
- C:\Windows\System\AisMFwt.exe
  C:\Windows\System\AisMFwt.exe
  2⤵
  PID:12032
- C:\Windows\System\YIKiHcS.exe
  C:\Windows\System\YIKiHcS.exe
  2⤵
  PID:12064
- C:\Windows\System\TTFbuTf.exe
  C:\Windows\System\TTFbuTf.exe
  2⤵
  PID:12100
- C:\Windows\System\iCvmLaJ.exe
  C:\Windows\System\iCvmLaJ.exe
  2⤵
  PID:12128
- C:\Windows\System\EPIJuHN.exe
  C:\Windows\System\EPIJuHN.exe
  2⤵
  PID:12156
- C:\Windows\System\sAOfpnQ.exe
  C:\Windows\System\sAOfpnQ.exe
  2⤵
  PID:12184
- C:\Windows\System\ZRqsrBc.exe
  C:\Windows\System\ZRqsrBc.exe
  2⤵
  PID:12212
- C:\Windows\System\dTGrNFB.exe
  C:\Windows\System\dTGrNFB.exe
  2⤵
  PID:12240
- C:\Windows\System\BCtUTiG.exe
  C:\Windows\System\BCtUTiG.exe
  2⤵
  PID:12268
- C:\Windows\System\XWiDjut.exe
  C:\Windows\System\XWiDjut.exe
  2⤵
  PID:11288
- C:\Windows\System\UeXGbnu.exe
  C:\Windows\System\UeXGbnu.exe
  2⤵
  PID:11356
- C:\Windows\System\oHIbucO.exe
  C:\Windows\System\oHIbucO.exe
  2⤵
  PID:11420
- C:\Windows\System\Xdwwrdd.exe
  C:\Windows\System\Xdwwrdd.exe
  2⤵
  PID:11472
- C:\Windows\System\rzWIPna.exe
  C:\Windows\System\rzWIPna.exe
  2⤵
  PID:11544
- C:\Windows\System\rnKoMZG.exe
  C:\Windows\System\rnKoMZG.exe
  2⤵
  PID:11608
- C:\Windows\System\UcChMLU.exe
  C:\Windows\System\UcChMLU.exe
  2⤵
  PID:11680
- C:\Windows\System\edpXbza.exe
  C:\Windows\System\edpXbza.exe
  2⤵
  PID:11724
- C:\Windows\System\OBclmqO.exe
  C:\Windows\System\OBclmqO.exe
  2⤵
  PID:11800
- C:\Windows\System\IqrXzIN.exe
  C:\Windows\System\IqrXzIN.exe
  2⤵
  PID:11840
- C:\Windows\System\GjJWQyF.exe
  C:\Windows\System\GjJWQyF.exe
  2⤵
  PID:11756
- C:\Windows\System\KjbRxgf.exe
  C:\Windows\System\KjbRxgf.exe
  2⤵
  PID:11884
- C:\Windows\System\FKLkVyu.exe
  C:\Windows\System\FKLkVyu.exe
  2⤵
  PID:11968
- C:\Windows\System\GUgWDle.exe
  C:\Windows\System\GUgWDle.exe
  2⤵
  PID:12012
- C:\Windows\System\aJMiaiV.exe
  C:\Windows\System\aJMiaiV.exe
  2⤵
  PID:12052
- C:\Windows\System\iEuHXlt.exe
  C:\Windows\System\iEuHXlt.exe
  2⤵
  PID:12120
- C:\Windows\System\XSHLcwK.exe
  C:\Windows\System\XSHLcwK.exe
  2⤵
  PID:11948
- C:\Windows\System\wzgsZwX.exe
  C:\Windows\System\wzgsZwX.exe
  2⤵
  PID:12176
- C:\Windows\System\vRvImpJ.exe
  C:\Windows\System\vRvImpJ.exe
  2⤵
  PID:12236
- C:\Windows\System\dcFCQLN.exe
  C:\Windows\System\dcFCQLN.exe
  2⤵
  PID:11268
- C:\Windows\System\SVxYPxD.exe
  C:\Windows\System\SVxYPxD.exe
  2⤵
  PID:11448
- C:\Windows\System\JieqHgc.exe
  C:\Windows\System\JieqHgc.exe
  2⤵
  PID:11584
- C:\Windows\System\dVXHtai.exe
  C:\Windows\System\dVXHtai.exe
  2⤵
  PID:11644
- C:\Windows\System\vZDCBZA.exe
  C:\Windows\System\vZDCBZA.exe
  2⤵
  PID:11988
- C:\Windows\System\XEdKzOf.exe
  C:\Windows\System\XEdKzOf.exe
  2⤵
  PID:12112
- C:\Windows\System\NSpMuBN.exe
  C:\Windows\System\NSpMuBN.exe
  2⤵
  PID:12232
- C:\Windows\System\LZXKlkZ.exe
  C:\Windows\System\LZXKlkZ.exe
  2⤵
  PID:11444
- C:\Windows\System\HuqrdbD.exe
  C:\Windows\System\HuqrdbD.exe
  2⤵
  PID:12096
- C:\Windows\System\oXELfVY.exe
  C:\Windows\System\oXELfVY.exe
  2⤵
  PID:11416
- C:\Windows\System\gMOOEAd.exe
  C:\Windows\System\gMOOEAd.exe
  2⤵
  PID:10892
- C:\Windows\System\WMsBnfc.exe
  C:\Windows\System\WMsBnfc.exe
  2⤵
  PID:11808
- C:\Windows\System\PAlNfGe.exe
  C:\Windows\System\PAlNfGe.exe
  2⤵
  PID:11764
- C:\Windows\System\zVhIbgH.exe
  C:\Windows\System\zVhIbgH.exe
  2⤵
  PID:4704
- C:\Windows\System\tmsvKrF.exe
  C:\Windows\System\tmsvKrF.exe
  2⤵
  PID:12340
- C:\Windows\System\LRGkwvr.exe
  C:\Windows\System\LRGkwvr.exe
  2⤵
  PID:12380
- C:\Windows\System\ljrdtyU.exe
  C:\Windows\System\ljrdtyU.exe
  2⤵
  PID:12408
- C:\Windows\System\wLIpEQQ.exe
  C:\Windows\System\wLIpEQQ.exe
  2⤵
  PID:12436
- C:\Windows\System\dcvgJga.exe
  C:\Windows\System\dcvgJga.exe
  2⤵
  PID:12464
- C:\Windows\System\NipvJot.exe
  C:\Windows\System\NipvJot.exe
  2⤵
  PID:12492
- C:\Windows\System\pUKEOXZ.exe
  C:\Windows\System\pUKEOXZ.exe
  2⤵
  PID:12556
- C:\Windows\System\NAvNpRh.exe
  C:\Windows\System\NAvNpRh.exe
  2⤵
  PID:12584
- C:\Windows\System\rBRpvle.exe
  C:\Windows\System\rBRpvle.exe
  2⤵
  PID:12616
- C:\Windows\System\UJmUvFX.exe
  C:\Windows\System\UJmUvFX.exe
  2⤵
  PID:12644
- C:\Windows\System\pkQmNEQ.exe
  C:\Windows\System\pkQmNEQ.exe
  2⤵
  PID:12672
- C:\Windows\System\fQmJkIE.exe
  C:\Windows\System\fQmJkIE.exe
  2⤵
  PID:12700
- C:\Windows\System\kqfoCEr.exe
  C:\Windows\System\kqfoCEr.exe
  2⤵
  PID:12728
- C:\Windows\System\dMdGBQt.exe
  C:\Windows\System\dMdGBQt.exe
  2⤵
  PID:12776
- C:\Windows\System\ePMUIov.exe
  C:\Windows\System\ePMUIov.exe
  2⤵
  PID:12792
- C:\Windows\System\ZQdQRDs.exe
  C:\Windows\System\ZQdQRDs.exe
  2⤵
  PID:12820
- C:\Windows\System\EHlJuaz.exe
  C:\Windows\System\EHlJuaz.exe
  2⤵
  PID:12848
- C:\Windows\System\sQbhzBm.exe
  C:\Windows\System\sQbhzBm.exe
  2⤵
  PID:12884
- C:\Windows\System\wLyMvTD.exe
  C:\Windows\System\wLyMvTD.exe
  2⤵
  PID:12912
- C:\Windows\System\RVMUyZs.exe
  C:\Windows\System\RVMUyZs.exe
  2⤵
  PID:12940
- C:\Windows\System\RCuzSED.exe
  C:\Windows\System\RCuzSED.exe
  2⤵
  PID:12968
- C:\Windows\System\DSZVwAD.exe
  C:\Windows\System\DSZVwAD.exe
  2⤵
  PID:13000
- C:\Windows\System\nNkfrwZ.exe
  C:\Windows\System\nNkfrwZ.exe
  2⤵
  PID:13028
- C:\Windows\System\qfdeZXY.exe
  C:\Windows\System\qfdeZXY.exe
  2⤵
  PID:13056
- C:\Windows\System\lVACCUg.exe
  C:\Windows\System\lVACCUg.exe
  2⤵
  PID:13084
- C:\Windows\System\CcLotPn.exe
  C:\Windows\System\CcLotPn.exe
  2⤵
  PID:13112
- C:\Windows\System\cNOvSFM.exe
  C:\Windows\System\cNOvSFM.exe
  2⤵
  PID:13140
- C:\Windows\System\IgAycIh.exe
  C:\Windows\System\IgAycIh.exe
  2⤵
  PID:13168
- C:\Windows\System\RvHABNB.exe
  C:\Windows\System\RvHABNB.exe
  2⤵
  PID:13196
- C:\Windows\System\ucbujsH.exe
  C:\Windows\System\ucbujsH.exe
  2⤵
  PID:13224
- C:\Windows\System\XxwHnJX.exe
  C:\Windows\System\XxwHnJX.exe
  2⤵
  PID:13252
- C:\Windows\System\kjKdOFC.exe
  C:\Windows\System\kjKdOFC.exe
  2⤵
  PID:13280
- C:\Windows\System\EtDIMvF.exe
  C:\Windows\System\EtDIMvF.exe
  2⤵
  PID:13308
- C:\Windows\System\vosouBi.exe
  C:\Windows\System\vosouBi.exe
  2⤵
  PID:12392
- C:\Windows\System\qEbBIZX.exe
  C:\Windows\System\qEbBIZX.exe
  2⤵
  PID:12456
- C:\Windows\System\PptJlsJ.exe
  C:\Windows\System\PptJlsJ.exe
  2⤵
  PID:12552
- C:\Windows\System\zLQSZxY.exe
  C:\Windows\System\zLQSZxY.exe
  2⤵
  PID:12628
- C:\Windows\System\kdIbHNF.exe
  C:\Windows\System\kdIbHNF.exe
  2⤵
  PID:12668
- C:\Windows\System\uWVRajM.exe
  C:\Windows\System\uWVRajM.exe
  2⤵
  PID:12720
- C:\Windows\System\UDiSjBh.exe
  C:\Windows\System\UDiSjBh.exe
  2⤵
  PID:1372
- C:\Windows\System\lDwepxf.exe
  C:\Windows\System\lDwepxf.exe
  2⤵
  PID:10616
- C:\Windows\System\UkVkGKm.exe
  C:\Windows\System\UkVkGKm.exe
  2⤵
  PID:11872
- C:\Windows\System\tzbCjgl.exe
  C:\Windows\System\tzbCjgl.exe
  2⤵
  PID:3948
- C:\Windows\System\XRBOJCC.exe
  C:\Windows\System\XRBOJCC.exe
  2⤵
  PID:11148
- C:\Windows\System\fMwUUPU.exe
  C:\Windows\System\fMwUUPU.exe
  2⤵
  PID:12840
- C:\Windows\System\evmXNWa.exe
  C:\Windows\System\evmXNWa.exe
  2⤵
  PID:12908
- C:\Windows\System\qXLTYHS.exe
  C:\Windows\System\qXLTYHS.exe
  2⤵
  PID:12980
- C:\Windows\System\VvDKToB.exe
  C:\Windows\System\VvDKToB.exe
  2⤵
  PID:13040
- C:\Windows\System\bkaCQPa.exe
  C:\Windows\System\bkaCQPa.exe
  2⤵
  PID:452
- C:\Windows\System\OYOMaNK.exe
  C:\Windows\System\OYOMaNK.exe
  2⤵
  PID:13160
- C:\Windows\System\IqTjFUI.exe
  C:\Windows\System\IqTjFUI.exe
  2⤵
  PID:13220
- C:\Windows\System\FidhKVa.exe
  C:\Windows\System\FidhKVa.exe
  2⤵
  PID:13292
- C:\Windows\System\IOGBGgL.exe
  C:\Windows\System\IOGBGgL.exe
  2⤵
  PID:12420
- C:\Windows\System\SrFbxta.exe
  C:\Windows\System\SrFbxta.exe
  2⤵
  PID:12608
- C:\Windows\System\LXJCVJL.exe
  C:\Windows\System\LXJCVJL.exe
  2⤵
  PID:220
- C:\Windows\System\QffWgyp.exe
  C:\Windows\System\QffWgyp.exe
  2⤵
  PID:10740
- C:\Windows\System\pMiuFYh.exe
  C:\Windows\System\pMiuFYh.exe
  2⤵
  PID:12772
- C:\Windows\System\onAOuNx.exe
  C:\Windows\System\onAOuNx.exe
  2⤵
  PID:12904
- C:\Windows\System\jqFxvII.exe
  C:\Windows\System\jqFxvII.exe
  2⤵
  PID:13072
- C:\Windows\System\aHEzQmI.exe
  C:\Windows\System\aHEzQmI.exe
  2⤵
  PID:13216
- C:\Windows\System\Hkbdamj.exe
  C:\Windows\System\Hkbdamj.exe
  2⤵
  PID:12580
- C:\Windows\System\WlcXhTf.exe
  C:\Windows\System\WlcXhTf.exe
  2⤵
  PID:10248
- C:\Windows\System\IkkUAHj.exe
  C:\Windows\System\IkkUAHj.exe
  2⤵
  PID:12876
- C:\Windows\System\EweewCK.exe
  C:\Windows\System\EweewCK.exe
  2⤵
  PID:13188
- C:\Windows\System\uLFSpXO.exe
  C:\Windows\System\uLFSpXO.exe
  2⤵
  PID:264
- C:\Windows\System\RXfdZKj.exe
  C:\Windows\System\RXfdZKj.exe
  2⤵
  PID:12548
- C:\Windows\System\KCJYiQd.exe
  C:\Windows\System\KCJYiQd.exe
  2⤵
  PID:13156
- C:\Windows\System\AJPZyOE.exe
  C:\Windows\System\AJPZyOE.exe
  2⤵
  PID:13340
- C:\Windows\System\GvTOwPM.exe
  C:\Windows\System\GvTOwPM.exe
  2⤵
  PID:13368
- C:\Windows\System\GKcaiZo.exe
  C:\Windows\System\GKcaiZo.exe
  2⤵
  PID:13396
- C:\Windows\System\vdsbrLu.exe
  C:\Windows\System\vdsbrLu.exe
  2⤵
  PID:13424
- C:\Windows\System\KGcwxZY.exe
  C:\Windows\System\KGcwxZY.exe
  2⤵
  PID:13452
- C:\Windows\System\TvNfADQ.exe
  C:\Windows\System\TvNfADQ.exe
  2⤵
  PID:13480
- C:\Windows\System\vpAvARC.exe
  C:\Windows\System\vpAvARC.exe
  2⤵
  PID:13508
- C:\Windows\System\ZCATgIQ.exe
  C:\Windows\System\ZCATgIQ.exe
  2⤵
  PID:13536
- C:\Windows\System\qqCxSEX.exe
  C:\Windows\System\qqCxSEX.exe
  2⤵
  PID:13564
- C:\Windows\System\BDXypcC.exe
  C:\Windows\System\BDXypcC.exe
  2⤵
  PID:13592
- C:\Windows\System\wamOICa.exe
  C:\Windows\System\wamOICa.exe
  2⤵
  PID:13620
- C:\Windows\System\VvFseZl.exe
  C:\Windows\System\VvFseZl.exe
  2⤵
  PID:13648
- C:\Windows\System\DwRXyXZ.exe
  C:\Windows\System\DwRXyXZ.exe
  2⤵
  PID:13676
- C:\Windows\System\wqMQGFZ.exe
  C:\Windows\System\wqMQGFZ.exe
  2⤵
  PID:13704
- C:\Windows\System\MYusHjA.exe
  C:\Windows\System\MYusHjA.exe
  2⤵
  PID:13732
- C:\Windows\System\tFXkDZm.exe
  C:\Windows\System\tFXkDZm.exe
  2⤵
  PID:13760
- C:\Windows\System\ovFhxro.exe
  C:\Windows\System\ovFhxro.exe
  2⤵
  PID:13788
- C:\Windows\System\aWIQoVG.exe
  C:\Windows\System\aWIQoVG.exe
  2⤵
  PID:13816
- C:\Windows\System\FvIZFmN.exe
  C:\Windows\System\FvIZFmN.exe
  2⤵
  PID:13844
- C:\Windows\System\duwcvpy.exe
  C:\Windows\System\duwcvpy.exe
  2⤵
  PID:13872
- C:\Windows\System\BaCkyJm.exe
  C:\Windows\System\BaCkyJm.exe
  2⤵
  PID:13900
- C:\Windows\System\LkAXQIl.exe
  C:\Windows\System\LkAXQIl.exe
  2⤵
  PID:13928
- C:\Windows\System\RFvNAsb.exe
  C:\Windows\System\RFvNAsb.exe
  2⤵
  PID:13956
- C:\Windows\System\pAZWFJH.exe
  C:\Windows\System\pAZWFJH.exe
  2⤵
  PID:13984
- C:\Windows\System\EzjkQKU.exe
  C:\Windows\System\EzjkQKU.exe
  2⤵
  PID:14012
- C:\Windows\System\ocAvwiY.exe
  C:\Windows\System\ocAvwiY.exe
  2⤵
  PID:14040
- C:\Windows\System\lBGfANm.exe
  C:\Windows\System\lBGfANm.exe
  2⤵
  PID:14068
- C:\Windows\System\DOARUIq.exe
  C:\Windows\System\DOARUIq.exe
  2⤵
  PID:14096
- C:\Windows\System\NtQktfX.exe
  C:\Windows\System\NtQktfX.exe
  2⤵
  PID:14124
- C:\Windows\System\JBJpMqZ.exe
  C:\Windows\System\JBJpMqZ.exe
  2⤵
  PID:14152
- C:\Windows\System\tANFnzT.exe
  C:\Windows\System\tANFnzT.exe
  2⤵
  PID:14180
- C:\Windows\System\hfELJZo.exe
  C:\Windows\System\hfELJZo.exe
  2⤵
  PID:14208
- C:\Windows\System\SplFbUG.exe
  C:\Windows\System\SplFbUG.exe
  2⤵
  PID:14236
- C:\Windows\System\KNaOLIZ.exe
  C:\Windows\System\KNaOLIZ.exe
  2⤵
  PID:14264
- C:\Windows\System\JsJcmSW.exe
  C:\Windows\System\JsJcmSW.exe
  2⤵
  PID:14292
- C:\Windows\System\yaxnVzY.exe
  C:\Windows\System\yaxnVzY.exe
  2⤵
  PID:14320
- C:\Windows\System\wRegXSh.exe
  C:\Windows\System\wRegXSh.exe
  2⤵
  PID:13336
- C:\Windows\System\IxQkGco.exe
  C:\Windows\System\IxQkGco.exe
  2⤵
  PID:13408
- C:\Windows\System\AchuROw.exe
  C:\Windows\System\AchuROw.exe
  2⤵
  PID:13464
- C:\Windows\System\REQxkQR.exe
  C:\Windows\System\REQxkQR.exe
  2⤵
  PID:940
- C:\Windows\System\EbEJdHM.exe
  C:\Windows\System\EbEJdHM.exe
  2⤵
  PID:13584
- C:\Windows\System\abMqzWJ.exe
  C:\Windows\System\abMqzWJ.exe
  2⤵
  PID:13644
- C:\Windows\System\rWZezik.exe
  C:\Windows\System\rWZezik.exe
  2⤵
  PID:13700
- C:\Windows\System\pwIKOLw.exe
  C:\Windows\System\pwIKOLw.exe
  2⤵
  PID:3924
- C:\Windows\System\fJsryjI.exe
  C:\Windows\System\fJsryjI.exe
  2⤵
  PID:4992
- C:\Windows\System\nJqZxkW.exe
  C:\Windows\System\nJqZxkW.exe
  2⤵
  PID:13808
- C:\Windows\System\RVxfahN.exe
  C:\Windows\System\RVxfahN.exe
  2⤵
  PID:13868
- C:\Windows\System\AVTeBDj.exe
  C:\Windows\System\AVTeBDj.exe
  2⤵
  PID:13924
- C:\Windows\System\raSOPCf.exe
  C:\Windows\System\raSOPCf.exe
  2⤵
  PID:13996
- C:\Windows\System\SZaELKA.exe
  C:\Windows\System\SZaELKA.exe
  2⤵
  PID:14060
- C:\Windows\System\IpJkUid.exe
  C:\Windows\System\IpJkUid.exe
  2⤵
  PID:14120
- C:\Windows\System\zMXWfKc.exe
  C:\Windows\System\zMXWfKc.exe
  2⤵
  PID:14192
- C:\Windows\System\yvLedNo.exe
  C:\Windows\System\yvLedNo.exe
  2⤵
  PID:14256
- C:\Windows\System\OjqKKBu.exe
  C:\Windows\System\OjqKKBu.exe
  2⤵
  PID:14316
- C:\Windows\System\YPLuDfs.exe
  C:\Windows\System\YPLuDfs.exe
  2⤵
  PID:2352
- C:\Windows\System\RPepYUJ.exe
  C:\Windows\System\RPepYUJ.exe
  2⤵
  PID:13548
- C:\Windows\System\flQEjne.exe
  C:\Windows\System\flQEjne.exe
  2⤵
  PID:3980
- C:\Windows\System\WzwYStb.exe
  C:\Windows\System\WzwYStb.exe
  2⤵
  PID:4232
- C:\Windows\System\HbKfhCh.exe
  C:\Windows\System\HbKfhCh.exe
  2⤵
  PID:13856
- C:\Windows\System\Yvtulgb.exe
  C:\Windows\System\Yvtulgb.exe
  2⤵
  PID:13980
- C:\Windows\System\iIxuEwN.exe
  C:\Windows\System\iIxuEwN.exe
  2⤵
  PID:14116
- C:\Windows\System\UVUHOJk.exe
  C:\Windows\System\UVUHOJk.exe
  2⤵
  PID:14232
- C:\Windows\System\bsPpejK.exe
  C:\Windows\System\bsPpejK.exe
  2⤵
  PID:13392
- C:\Windows\System\IWlWHFP.exe
  C:\Windows\System\IWlWHFP.exe
  2⤵
  PID:13836
- C:\Windows\System\fzeJhhn.exe
  C:\Windows\System\fzeJhhn.exe
  2⤵
  PID:14304
- C:\Windows\System\SdPFFYY.exe
  C:\Windows\System\SdPFFYY.exe
  2⤵
  PID:12528
- C:\Windows\System\HniPTpP.exe
  C:\Windows\System\HniPTpP.exe
  2⤵
  PID:12988
- C:\Windows\System\YwLztXi.exe
  C:\Windows\System\YwLztXi.exe
  2⤵
  PID:13388
- C:\Windows\System\EpfSVQc.exe
  C:\Windows\System\EpfSVQc.exe
  2⤵
  PID:12368
- C:\Windows\System\NprLZQl.exe
  C:\Windows\System\NprLZQl.exe
  2⤵
  PID:12500
- C:\Windows\System\WheDBes.exe
  C:\Windows\System\WheDBes.exe
  2⤵
  PID:12304
- C:\Windows\System\qKuHjPu.exe
  C:\Windows\System\qKuHjPu.exe
  2⤵
  PID:12044
- C:\Windows\System\VvKhVpo.exe
  C:\Windows\System\VvKhVpo.exe
  2⤵
  PID:14372
- C:\Windows\System\wbDEYVI.exe
  C:\Windows\System\wbDEYVI.exe
  2⤵
  PID:14404
- C:\Windows\System\vBcsWWI.exe
  C:\Windows\System\vBcsWWI.exe
  2⤵
  PID:14436
- C:\Windows\System\cpSndeA.exe
  C:\Windows\System\cpSndeA.exe
  2⤵
  PID:14472
- C:\Windows\System\eoMgGFG.exe
  C:\Windows\System\eoMgGFG.exe
  2⤵
  PID:14500
- C:\Windows\System\puMFxSO.exe
  C:\Windows\System\puMFxSO.exe
  2⤵
  PID:14536
- C:\Windows\System\iveYoFk.exe
  C:\Windows\System\iveYoFk.exe
  2⤵
  PID:14564
- C:\Windows\System\EFWqGyx.exe
  C:\Windows\System\EFWqGyx.exe
  2⤵
  PID:14596
- C:\Windows\System\RJleuGa.exe
  C:\Windows\System\RJleuGa.exe
  2⤵
  PID:14632
- C:\Windows\System\OomlzWm.exe
  C:\Windows\System\OomlzWm.exe
  2⤵
  PID:14668
- C:\Windows\System\cTlYBue.exe
  C:\Windows\System\cTlYBue.exe
  2⤵
  PID:14700
- C:\Windows\System\JWheDOe.exe
  C:\Windows\System\JWheDOe.exe
  2⤵
  PID:14736
- C:\Windows\System\qyhAyNV.exe
  C:\Windows\System\qyhAyNV.exe
  2⤵
  PID:14784
- C:\Windows\System\jTjiVLi.exe
  C:\Windows\System\jTjiVLi.exe
  2⤵
  PID:14828
- C:\Windows\System\LNvTIqZ.exe
  C:\Windows\System\LNvTIqZ.exe
  2⤵
  PID:14864
- C:\Windows\System\voHuQcy.exe
  C:\Windows\System\voHuQcy.exe
  2⤵
  PID:14896
- C:\Windows\System\aJVyxsW.exe
  C:\Windows\System\aJVyxsW.exe
  2⤵
  PID:14928
- C:\Windows\System\iIZBRXF.exe
  C:\Windows\System\iIZBRXF.exe
  2⤵
  PID:14960
- C:\Windows\System\ZbHOVeU.exe
  C:\Windows\System\ZbHOVeU.exe
  2⤵
  PID:14996
- C:\Windows\System\CmZzCcT.exe
  C:\Windows\System\CmZzCcT.exe
  2⤵
  PID:15028
- C:\Windows\System\fnxkyAU.exe
  C:\Windows\System\fnxkyAU.exe
  2⤵
  PID:15056
- C:\Windows\System\zhhfncg.exe
  C:\Windows\System\zhhfncg.exe
  2⤵
  PID:15084
- C:\Windows\System\SDhdGmj.exe
  C:\Windows\System\SDhdGmj.exe
  2⤵
  PID:15116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BiUTtVw.exe

Filesize
6.1MB

MD5
907f1ae5c0e3ddcd0ad3d339d29b3085

SHA1
b47bc2399e5467fe612cb2c2a810e6f6aec3844a

SHA256
60f030bc062e9fa7b86eb3658615c020380e1ab9d0bfdbef67cee709456f39e4

SHA512
07342d307fb572a436a137b7fa498da5e7919a5f203fd6a57f7ee04c979bbc8dcfe1ad79ec6b805581546743ad3f0ff851da6f6a401aa49649dabaee9a334c3b

Download Submit
C:\Windows\System\Bidqeub.exe

Filesize
6.1MB

MD5
6553e5a4e543e4ea42bedc95083cddb4

SHA1
764d313fea9453a222491b88a2e8bb7949ba152f

SHA256
e7a73161eb82298ba96c72bcad1f8e8953e9c206b0b82571e04dce1dd0bc65a0

SHA512
4f8342e9f67349e302a836ad1cec0d3960cf1c766859f71349f84ec7910fa4fff83e8e3ce4bed1608c634493861dffdfa94f456793ebf24d39bea658b94b5289

Download Submit
C:\Windows\System\CmgJhJj.exe

Filesize
6.1MB

MD5
1d000810a23da5ea4f7002635ea44aea

SHA1
5e8ff5e911c74cd407a4941a36533810d5ba952b

SHA256
d0bde99a763fd34f3044a53f760b7874812b2f4d1e62e0f213703f3c441992e4

SHA512
3d493973c20dee5084d575a19b4deb1973e6cc411c90182358f8d1d6d128553f9e5280200db738169f0fb4bd00e98b347ca1c2d43bcdc71030f0ec79e6a6730e

Download Submit
C:\Windows\System\DPPKuWd.exe

Filesize
6.1MB

MD5
6546764b62354c6251e33186e68531c2

SHA1
d4dc83a43ec9e6801f1a97f1dd52b0ca21a83d92

SHA256
cb6defdae72b8601dfb5cd42b35bf0af87fec1a80f37f43772067f75607b5dce

SHA512
c1f72cd8389bd14e139580d1c5074dff0004508569b12d9d0fc77ad9418bfddf295c0105488d03fc6b39f45464aa72afc598c17d1b9913fe1a9ea5c4c8ea7423

Download Submit
C:\Windows\System\EqaMskX.exe

Filesize
6.1MB

MD5
877c7c6169a7ee9f10c5d1621f7287a3

SHA1
380bf40912ddcbfa1a1f99a0363770960a9d2ed7

SHA256
9c6e783ce36e6d5adca41951c2eb8ce2cf03cbee88d6729a09690669bf4fa62f

SHA512
c4c2fff24b620987de4ccc633b35da55ee64676591a603b958f9bad9d0e52e4e8cfcc02903c11bacb8c3bf0f0ff080a9a8d41ab8314791e2764e292d06f78dc5

Download Submit
C:\Windows\System\IdcUHcQ.exe

Filesize
6.1MB

MD5
d3774c15b482c916953e3d7504b0240f

SHA1
3c10c6b7b59c841be4b14765251eb7c67a44946c

SHA256
c2659fc8d7553d9640c2dabf7de0f70f5a0d51879b7b84ec4cb5ab5745bca47f

SHA512
6db8ef4d19b45a57bc04b18de57693b0091e24d56ad3daaf834babbe6bea953ff95b7604d62c765837936daefe077ac6e36faa60ef927891de02d3090250c798

Download Submit
C:\Windows\System\IpwyPUo.exe

Filesize
6.1MB

MD5
73aa0f854ad554536b9ca8ca2009d8e4

SHA1
1583f2a94aac0bf6c1f1d9e432dcd178a662180e

SHA256
422ce6971fa3a753f81e6711e265d6f01756360f2bc060b8a76e6188d28ca787

SHA512
47fd97b58847b8098ebc4242dba158df74e4c58d46e1b6c611b8220728c1e3bb3cfdda012d9a0c6b1159ed058489ab654fde8aec02d3c9a87f9d3ee2d84e402f

Download Submit
C:\Windows\System\JjOhTZC.exe

Filesize
6.1MB

MD5
f5bafa9851e2c3877d069f7c7768497b

SHA1
3d0c8bf797114b5bd3f24fba78b3ba3e7f58531e

SHA256
e1bf32d5071df3695e9ade04fc89b6c8ecaaa504e5a8f37545ec5443f5be7160

SHA512
476f429a70366d82fceab9342822f4221707acb96f8b0042d6ae9132104e8f1680928f3861a82ba802966ce43d3143e14edea5d9968614651d9a62fc9e83588c

Download Submit
C:\Windows\System\NXDpwbM.exe

Filesize
6.1MB

MD5
855ebabec7b57e6d1e0e8edfb0035e3c

SHA1
5a168a1672e1554e7b9047129e960f7db0d24bbe

SHA256
4d3afa427395db0a8a9ee0edeefd6eddafc020ccdc944120a68d8fb0f3469aec

SHA512
3cfed0a3f98396ebf10131efaec09a015f4ed619e2f025434d000b84665a709eb7260315ac569fece63df89782d4044da4689cf93cedcb55639715a7138a03be

Download Submit
C:\Windows\System\QikTEzb.exe

Filesize
6.1MB

MD5
1f71dab4618b74ee1d52c4032ef4dc88

SHA1
cfedf6019f91607c36d80a9e65efda9cceedcb1f

SHA256
6925fc80daa77da7df698fdc6fcb72f27426d5f53db3dde13e1826da3dcff4e1

SHA512
63b8e550432b3844286c0e082b6f07e67df81ee08202284375c8d1013e91c1c53d3989c8f55ba1029e0c66a04763cc3fa31db6a3053c775887490307816c8492

Download Submit
C:\Windows\System\RALqtwV.exe

Filesize
6.1MB

MD5
ce0fd1feae3a822ce57bf12d9432ae5e

SHA1
5a8ae66ccaa7afcd95a7c83b28f240b872f64dbf

SHA256
b53506cea8dee3ecc129abaf0c156018aeba8521ef0207ca87d2c7e996dcae5c

SHA512
5a6e00466719aa32589528e2b5838454d3599622521bdef50e63e107fada89336246ea63a8c27a31426c438168ddda76e105413760fc2dae433cf86a60e82077

Download Submit
C:\Windows\System\SUYiNAG.exe

Filesize
6.1MB

MD5
8d83e03d516af6e4356ee441c000bd9f

SHA1
21395fba8847b048c07b820ad9f9c603d1874a84

SHA256
1c3b52252db3efee524fbd2decbd764f038a9b308feba2876c5c2a380f91320d

SHA512
66abdfba5cd130ca369a0a5834037e7e6c79b439de34c7939b429e09788cd6f29309d97a30227a6bba892347827c28433f849afc9b69fd1845bf9142a339a104

Download Submit
C:\Windows\System\WEvjOvL.exe

Filesize
6.1MB

MD5
8dd5ed05657aeadc69103b906918ec95

SHA1
e36775b282a868aa5b6a6eb38a5d02a4d768685d

SHA256
a9fd5add3999aef0cfc707bb1c242343543960758c6856ee87e861834a0ce9b9

SHA512
ef7ef32843592148626477aca8f63dbd3166044719c533cf59750a760718b2660faa6bda01aa58a297f4f6f7c4f324928bca918ad5c29c1bf180c88044d3636a

Download Submit
C:\Windows\System\XMUUdPi.exe

Filesize
6.1MB

MD5
6fcba8d075f0a4145e08d6c263acf2f5

SHA1
9f74b59fe97275893bf57d1e867cdd7171734a76

SHA256
43e6d9ea9ab5818e3324aa1a8b2ca634012760f6c3e0c06beadf9b12a07d1820

SHA512
c5e35b61e1c3449968cc7dbb3213647f96f5ac0bb493da63dc23479d47f1e81400dad0d53904798b2380c0aba0cfaca56c6a96b2cb55bac9590052309fecdd5e

Download Submit
C:\Windows\System\XTNVWuY.exe

Filesize
6.1MB

MD5
e4251ec0fad9ef5e59fa2fe6d867bc9f

SHA1
3e44c4e836851d1bf009c0576c40a9c1c352ccd2

SHA256
bc16416c00def05b795966bfb5afe9ccd34f7e1552324b6a4287653af818657f

SHA512
14937d062cb9c43cae6f9642a6e4fa3b2fb245b9d240359863fe83f1a2a6fe773c9095c664eccb4b85fb07abee7f36d4cb29c3b0adfbd87082452d56f9dd63a9

Download Submit
C:\Windows\System\XoJOoek.exe

Filesize
6.1MB

MD5
cb45c1ee7abc644dc9cc56460d429255

SHA1
93e222c4f1f8f3b27cab7f60aff59cf9fe0f2c3b

SHA256
3fe2da1f77c712569d0daff947c34da67f52e51069e647a716250545045b43dd

SHA512
32883396d8827c9efec0fcfaca3d252f7b8ab5b5845c96ac8a40e640627351c954c9864678a3c5d33061b79d42e151851708adfc59f9737f1df095a625e8f878

Download Submit
C:\Windows\System\YFeCzPy.exe

Filesize
6.1MB

MD5
52697741ff6123ec048100d8a64d265f

SHA1
c516a2f2f8b93df9def0006993751dde11f77ca6

SHA256
d224a49380cc7c6b768546c0b501a370274761a6f246e0d0a58c924dc8a0221e

SHA512
cbb1bf7caefdec461501791fb3ba640bfc240292a886efdac6c062ee8076760271875ac740a4b56d930336a5d18a641b2ec301611dbc3f17cc9876d9982b9924

Download Submit
C:\Windows\System\YWkwxrK.exe

Filesize
6.1MB

MD5
d9207dda3a8d9e3fc17d5bcd1068d0e6

SHA1
75c1304bce02a3be7370f0353d90067d3ddebbc8

SHA256
94807d8bd13640bd9796c06cabc3deb96c304a8589a363bbb514b00d412c58c3

SHA512
21f0ecf3aedacaf263054b568cf91ba06c1f1f8e98848229805a6532f33b074aa1bcc108e5a96ca02de5d44beb38efcbdc78ed3b7a9538d8d6f4b036accc65ac

Download Submit
C:\Windows\System\ZUPTLxN.exe

Filesize
6.1MB

MD5
c9a58a20e0211279d2d657b69f7e4b00

SHA1
b53724b5adfd54f3908236a00702321f71a06ddb

SHA256
3ff3e48bf88534ee25dd8b54ce15e80f021fcaef88ee6cb0cb79577c921701c6

SHA512
e2c81ef92bd8c5d7236496b5140f99ab0b83b6a2c0ab0ecf2f16d5b3075fa3e0ab8445c88c11e53be7daffb743e1ddff01e7bea7099bdaa1379fda33d1fee04c

Download Submit
C:\Windows\System\aMevVoE.exe

Filesize
6.1MB

MD5
a1aeab3270d873522c0229acc08a7bdb

SHA1
cc6fb8d016436b055fee6791b4f4f6dd94d59fbb

SHA256
7f6d8458458d0dcac06eaa6604c1c483fbef8243219d90cc6f560be7b341f7d6

SHA512
79dcd8e93066c987ee40aba68beb452b49fad6827280fb234cc012121f7ec3e5ce80e5844c258402ffe6dfd1cb0cf3a09bed6a2bfb5baa40b69e0b9f59ea17a5

Download Submit
C:\Windows\System\bJLRgvA.exe

Filesize
6.1MB

MD5
434ae60c4b3f64af5ccce800e896d29a

SHA1
ace23224798c408ab85e29cf56605083b0aa8021

SHA256
89546278853a073af58263af57e2bcfc55b4b209449ae65141417c29737d734a

SHA512
142abf840f84890c74c5928dc9c904aa491fc639010cd53e833d186bf299c2acbf66bb7e5dc4981464a9c3130ed261df0a3af7a5016b4f5a44b99a3de20376a1

Download Submit
C:\Windows\System\dCykIkn.exe

Filesize
6.1MB

MD5
947370154cc2f958fc0a2d645f9a1a7f

SHA1
c0b0650f563bb2ce11de81e09074a69103c8ceeb

SHA256
d3ff5b8d3a14b75af45051f26aa897e74b53166fc300123e8e22683631460b30

SHA512
05623a3647810ee9e420d1631db743025c78a6dc7cfa3c3c5e8b07aeb1efc340ef3aeb1a35f5a3469233cafcd2007dfd676a3052bdacf0ece909723428d8accd

Download Submit
C:\Windows\System\iPsyLhq.exe

Filesize
6.1MB

MD5
b8c39ab061e256b116e9c941d4cfd70a

SHA1
3cd2788432dd88db758edaa69996b69a07047e4b

SHA256
716dcdc94588207d457ae237b596c22f1840e939449aebd38e48adb23e0ee410

SHA512
d972ce5c714ab7f4456ef56d6b6b5c2925144e307316423c6aa3069a2a3ab66a36a42365fac2d0bbe9aac217df80ec320c74e5641215be4109343a74bbce37ea

Download Submit
C:\Windows\System\koxGgnY.exe

Filesize
6.1MB

MD5
301687068e8e2fd83592d7ef354b93d4

SHA1
2cc364aafb74f7088b31b3e24532034e497ffe9c

SHA256
37945827b41f02d1ee20356b2c8c7918c8db8878cc104ccd1387ca47e9a5d133

SHA512
4cf07e8e1b51fc2db03863ec47fe133fd7e40aa719dddf588ff5c5814a8e6c0f73d9a2685845f2ec67ac34a13b7ba1529a2aef7b5e695ae42dc17803af594e48

Download Submit
C:\Windows\System\mNUGOja.exe

Filesize
6.1MB

MD5
fc08f57a1d707e61f00b98f14ff90973

SHA1
aa1b7bf406e557f91cd6f827388622f24fc579f7

SHA256
49a3e987703cd4a788522518c28342f51a0904b2a40a8727379ff499f4cbc4a6

SHA512
9538179d355a29aa3cdb744072a8c10272b154bfef9b6efdea7bed130ba4c2dabb4e7134569e07def85441347c909d985e4d7d20030d6ae411322f4d5dd50cfa

Download Submit
C:\Windows\System\pVtKzVs.exe

Filesize
6.1MB

MD5
945c9e3ae78a320ce1b7976c5dd64aea

SHA1
fbd51dd17b3ff9c9d5da9e36bba5b9e97f286938

SHA256
38dbe0848f65d9e2585f999b6052c7c5495a36f25f2431ec46fbace347b8d57e

SHA512
24a399d0ccce008f5d6ca6e6359fdc03775af62c91ec878ba21c19da4dc29f03b662cf653714069bc74baf3fdbc9c0387393bacd61f111f14368943f5792da3f

Download Submit
C:\Windows\System\qAJTHDD.exe

Filesize
6.1MB

MD5
5a53c703dd264c2809ce815b8ed69ad8

SHA1
1cf2578db11819e473c3e310ba15a0636e7808b6

SHA256
2dc51eb2970261daeff3e5e6e05ac39926cd6e28f63e620e45d70f68541cfc4d

SHA512
dcf4f62fc354398ff85f2726433fb7b8bebdd485498aa9253f7d2ddbd319c1495557d343cc44ec82f5f1944b3defad69113c74f1013a2ee8055dd763cb998a76

Download Submit
C:\Windows\System\sHVdrdd.exe

Filesize
6.1MB

MD5
115b0d9f90650633e85b5fca5badbf1b

SHA1
3e127bab931d8e0c9bf1b8e60fb852e87a5d7231

SHA256
1b3387ae0a00db57f30170ff96dd991d8017809523cce2a436853b729a442b0d

SHA512
bba77b615e23567c8247305051198af82fbd8e86ec609a559708a00ded3c47b04289b15825718d6662ca1db591b86ed9e6847620a40c8b0ac6150119b5a16051

Download Submit
C:\Windows\System\tMFUMtZ.exe

Filesize
6.1MB

MD5
6e5adcc4496e6992808c352d75b75a73

SHA1
bcd830a758af9ddfb08537f7b68108c61e283f8a

SHA256
8618770e83f60cf3ff3ccd0ea3b10a7b4f7d6e0a0e54e86396f4d882b218a48e

SHA512
ed8fa792230fa34f1c89c3e19fa6a692faedfdaf70a4d84c75419b8ccaa8d46affe0fa94116933cceb0c56430ad2d2b8b7a41610186b7d0f4a18daaee651302b

Download Submit
C:\Windows\System\yIixXbw.exe

Filesize
6.1MB

MD5
b2f45fb88a9825a2c42a9eb9973afa4a

SHA1
2eb50de97ebfa26352186691c62c61eb0687346d

SHA256
5febb544d40d60e5baf1ee99d3b7b7b4bc28b32a3d319ee54d0129ccc200729a

SHA512
bab00682521e22176e48d97cba4c84eeb72294193b3eba945016bcd1ffcdf6f1be811a1c48b142857ea9e61b5acdc8199827abb6b07b28e859baa264821e839f

Download Submit
C:\Windows\System\yLJRpnC.exe

Filesize
6.1MB

MD5
c3a6b40328a0df66c23376a45ecb20f7

SHA1
7e7da0d9b3c4fbe9ec20ffa6ea200d279e69441c

SHA256
c7cd14b17b0885733ab78035eeda801a7e2445ac634b1bebc62fcb8cb60144cb

SHA512
ed6ec4c70c5d3e42518abeda3048a82f40eace71098754491af011ebde98f419cc7aead3167c2fb450b0d32a4a2210adde0faeff57ed8bc0bf14ac9c423f7b54

Download Submit
C:\Windows\System\yLkKCRN.exe

Filesize
6.1MB

MD5
1cab73c5bb4d54aa652056ae1e30abb2

SHA1
9017e381793b9374282bcc7ad8810fc72ccb322b

SHA256
f5db489d3148d13bbdd07d782bb306e780a21ea5ecda193767c774beccef33f2

SHA512
ee94c7791d95e677d3d0dc0d44b34a02af834c51a4b5a56dc2c9388c00e3a468622169e9a893a379eaaf8d9dea3f8b06be3588d3e6ab1bfbcee43c2f47328c26

Download Submit
C:\Windows\System\yonqDDY.exe

Filesize
6.1MB

MD5
1cc03652dffaa5cdbd43f2bf2ab2c451

SHA1
256c71e09450672fed08b015dc2a6233bb6ad934

SHA256
5da17018e1d55bc06d1b9b900f0eb24049f626d99626329a9fe67ced788de512

SHA512
e2526741d4e040162cdbd76673e4f124e72a48a6a728a4b92ed645ff5c360aff5f3aa6e87421248443f2ece40dff07e70b99dcd4a6bbda6726753a9477574999

Download Submit
memory/208-2249-0x00007FF75D170000-0x00007FF75D4C4000-memory.dmp

Filesize
3.3MB

Download
memory/208-179-0x00007FF75D170000-0x00007FF75D4C4000-memory.dmp

Filesize
3.3MB

Download
memory/208-114-0x00007FF75D170000-0x00007FF75D4C4000-memory.dmp

Filesize
3.3MB

Download
memory/932-163-0x00007FF743C40000-0x00007FF743F94000-memory.dmp

Filesize
3.3MB

Download
memory/932-777-0x00007FF743C40000-0x00007FF743F94000-memory.dmp

Filesize
3.3MB

Download
memory/932-2256-0x00007FF743C40000-0x00007FF743F94000-memory.dmp

Filesize
3.3MB

Download
memory/1580-70-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2131-0x00007FF6C61F0000-0x00007FF6C6544000-memory.dmp

Filesize
3.3MB

Download
memory/1620-66-0x00007FF6B1CB0000-0x00007FF6B2004000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2116-0x00007FF6B1CB0000-0x00007FF6B2004000-memory.dmp

Filesize
3.3MB

Download
memory/1620-123-0x00007FF6B1CB0000-0x00007FF6B2004000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2255-0x00007FF7A1AF0000-0x00007FF7A1E44000-memory.dmp

Filesize
3.3MB

Download
memory/1656-153-0x00007FF7A1AF0000-0x00007FF7A1E44000-memory.dmp

Filesize
3.3MB

Download
memory/1656-720-0x00007FF7A1AF0000-0x00007FF7A1E44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-148-0x00007FF74FD70000-0x00007FF7500C4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-93-0x00007FF74FD70000-0x00007FF7500C4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-107-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-2248-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-173-0x00007FF6BA980000-0x00007FF6BACD4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2250-0x00007FF605C90000-0x00007FF605FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-131-0x00007FF605C90000-0x00007FF605FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-194-0x00007FF605C90000-0x00007FF605FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2258-0x00007FF7E3520000-0x00007FF7E3874000-memory.dmp

Filesize
3.3MB

Download
memory/2212-849-0x00007FF7E3520000-0x00007FF7E3874000-memory.dmp

Filesize
3.3MB

Download
memory/2212-178-0x00007FF7E3520000-0x00007FF7E3874000-memory.dmp

Filesize
3.3MB

Download
memory/2356-82-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp

Filesize
3.3MB

Download
memory/2356-143-0x00007FF639FB0000-0x00007FF63A304000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2115-0x00007FF67C2F0000-0x00007FF67C644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-71-0x00007FF67C2F0000-0x00007FF67C644000-memory.dmp

Filesize
3.3MB

Download
memory/2600-106-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-24-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2095-0x00007FF721BA0000-0x00007FF721EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-965-0x00007FF788CE0000-0x00007FF789034000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2259-0x00007FF788CE0000-0x00007FF789034000-memory.dmp

Filesize
3.3MB

Download
memory/2672-184-0x00007FF788CE0000-0x00007FF789034000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2254-0x00007FF789F10000-0x00007FF78A264000-memory.dmp

Filesize
3.3MB

Download
memory/3020-142-0x00007FF789F10000-0x00007FF78A264000-memory.dmp

Filesize
3.3MB

Download
memory/3020-610-0x00007FF789F10000-0x00007FF78A264000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1-0x0000023031050000-0x0000023031060000-memory.dmp

Filesize
64KB

Download
memory/3064-0-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-80-0x00007FF7A3880000-0x00007FF7A3BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-1028-0x00007FF652D10000-0x00007FF653064000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2260-0x00007FF652D10000-0x00007FF653064000-memory.dmp

Filesize
3.3MB

Download
memory/3096-195-0x00007FF652D10000-0x00007FF653064000-memory.dmp

Filesize
3.3MB

Download
memory/3316-122-0x00007FF6FD830000-0x00007FF6FDB84000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2112-0x00007FF6FD830000-0x00007FF6FDB84000-memory.dmp

Filesize
3.3MB

Download
memory/3316-36-0x00007FF6FD830000-0x00007FF6FDB84000-memory.dmp

Filesize
3.3MB

Download
memory/3920-190-0x00007FF6BA860000-0x00007FF6BABB4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-127-0x00007FF6BA860000-0x00007FF6BABB4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2251-0x00007FF6BA860000-0x00007FF6BABB4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2231-0x00007FF76E770000-0x00007FF76EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-98-0x00007FF76E770000-0x00007FF76EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-8-0x00007FF677220000-0x00007FF677574000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2077-0x00007FF677220000-0x00007FF677574000-memory.dmp

Filesize
3.3MB

Download
memory/4048-86-0x00007FF677220000-0x00007FF677574000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2144-0x00007FF786180000-0x00007FF7864D4000-memory.dmp

Filesize
3.3MB

Download
memory/4380-136-0x00007FF786180000-0x00007FF7864D4000-memory.dmp

Filesize
3.3MB

Download
memory/4380-72-0x00007FF786180000-0x00007FF7864D4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2122-0x00007FF706FF0000-0x00007FF707344000-memory.dmp

Filesize
3.3MB

Download
memory/4420-68-0x00007FF706FF0000-0x00007FF707344000-memory.dmp

Filesize
3.3MB

Download
memory/4548-20-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp

Filesize
3.3MB

Download
memory/4548-99-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2088-0x00007FF6A4130000-0x00007FF6A4484000-memory.dmp

Filesize
3.3MB

Download
memory/4820-13-0x00007FF644760000-0x00007FF644AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2084-0x00007FF644760000-0x00007FF644AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-94-0x00007FF644760000-0x00007FF644AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-779-0x00007FF72D260000-0x00007FF72D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2257-0x00007FF72D260000-0x00007FF72D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-172-0x00007FF72D260000-0x00007FF72D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-69-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2127-0x00007FF6B5190000-0x00007FF6B54E4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-675-0x00007FF64E200000-0x00007FF64E554000-memory.dmp

Filesize
3.3MB

Download
memory/4940-147-0x00007FF64E200000-0x00007FF64E554000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2253-0x00007FF64E200000-0x00007FF64E554000-memory.dmp

Filesize
3.3MB

Download
memory/4980-137-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-609-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2252-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2247-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-102-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-169-0x00007FF6A2860000-0x00007FF6A2BB4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-30-0x00007FF7EA2C0000-0x00007FF7EA614000-memory.dmp

Filesize
3.3MB

Download
memory/5004-113-0x00007FF7EA2C0000-0x00007FF7EA614000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2101-0x00007FF7EA2C0000-0x00007FF7EA614000-memory.dmp

Filesize
3.3MB

Download