cobaltstrike | bc7ffa4b303ec94712cfa621d3ec881f17b9b513ad3d47f47da1365a3750f2f1

Analysis

max time kernel
105s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

ba29787de0fc27581fbb8044237d3ebb
SHA1

8cf0d2ef1f126fc0534e2a8f78db2504a73cc535
SHA256

bc7ffa4b303ec94712cfa621d3ec881f17b9b513ad3d47f47da1365a3750f2f1
SHA512

afb1b8f2cf137de8ece2e6ee14e65a885ce7458aa315e72ab39aa98201160ca8c9cef4f2b1cfe2bf4321bc132d4902164d4a6ff5faa0d90f0a870f4b97cf1cd2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00040000000227b2-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024323-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024324-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024325-23.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002417b-28.dat	cobalt_reflective_dll
behavioral2/files/0x000e0000000241a8-33.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024320-43.dat	cobalt_reflective_dll
behavioral2/files/0x000d0000000241a5-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024326-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024327-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024328-69.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e6d3-75.dat	cobalt_reflective_dll
behavioral2/files/0x000c0000000241a2-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024329-89.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432c-106.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432e-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024334-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024335-169.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024338-189.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002433b-213.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002433a-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024339-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024337-195.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024336-186.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024333-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024332-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024331-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024330-144.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432f-137.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432d-124.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432b-112.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002432a-100.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4248-0-0x00007FF701A00000-0x00007FF701D54000-memory.dmp	xmrig
behavioral2/files/0x00040000000227b2-4.dat	xmrig
behavioral2/memory/3444-6-0x00007FF61F210000-0x00007FF61F564000-memory.dmp	xmrig
behavioral2/files/0x0007000000024323-11.dat	xmrig
behavioral2/memory/4244-15-0x00007FF660450000-0x00007FF6607A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024324-16.dat	xmrig
behavioral2/memory/324-20-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024325-23.dat	xmrig
behavioral2/memory/6000-26-0x00007FF7E1700000-0x00007FF7E1A54000-memory.dmp	xmrig
behavioral2/files/0x000b00000002417b-28.dat	xmrig
behavioral2/memory/5496-32-0x00007FF60CBE0000-0x00007FF60CF34000-memory.dmp	xmrig
behavioral2/files/0x000e0000000241a8-33.dat	xmrig
behavioral2/memory/5844-34-0x00007FF7A9790000-0x00007FF7A9AE4000-memory.dmp	xmrig
behavioral2/memory/5208-42-0x00007FF670970000-0x00007FF670CC4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024320-43.dat	xmrig
behavioral2/files/0x000d0000000241a5-47.dat	xmrig
behavioral2/files/0x0007000000024326-60.dat	xmrig
behavioral2/files/0x0007000000024327-64.dat	xmrig
behavioral2/memory/4648-63-0x00007FF6534C0000-0x00007FF653814000-memory.dmp	xmrig
behavioral2/memory/4244-62-0x00007FF660450000-0x00007FF6607A4000-memory.dmp	xmrig
behavioral2/memory/4396-58-0x00007FF629E60000-0x00007FF62A1B4000-memory.dmp	xmrig
behavioral2/memory/3444-56-0x00007FF61F210000-0x00007FF61F564000-memory.dmp	xmrig
behavioral2/memory/4468-51-0x00007FF77DA50000-0x00007FF77DDA4000-memory.dmp	xmrig
behavioral2/memory/4248-48-0x00007FF701A00000-0x00007FF701D54000-memory.dmp	xmrig
behavioral2/memory/324-66-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024328-69.dat	xmrig
behavioral2/memory/4684-70-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp	xmrig
behavioral2/files/0x000700000001e6d3-75.dat	xmrig
behavioral2/memory/4552-77-0x00007FF77A810000-0x00007FF77AB64000-memory.dmp	xmrig
behavioral2/files/0x000c0000000241a2-81.dat	xmrig
behavioral2/memory/3556-86-0x00007FF659200000-0x00007FF659554000-memory.dmp	xmrig
behavioral2/files/0x0007000000024329-89.dat	xmrig
behavioral2/memory/3116-91-0x00007FF629670000-0x00007FF6299C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002432c-106.dat	xmrig
behavioral2/memory/4760-127-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp	xmrig
behavioral2/files/0x000700000002432e-131.dat	xmrig
behavioral2/memory/4684-136-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp	xmrig
behavioral2/memory/3556-153-0x00007FF659200000-0x00007FF659554000-memory.dmp	xmrig
behavioral2/files/0x0007000000024334-162.dat	xmrig
behavioral2/files/0x0007000000024335-169.dat	xmrig
behavioral2/files/0x0007000000024338-189.dat	xmrig
behavioral2/memory/944-770-0x00007FF716270000-0x00007FF7165C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002433b-213.dat	xmrig
behavioral2/files/0x000700000002433a-209.dat	xmrig
behavioral2/files/0x0007000000024339-205.dat	xmrig
behavioral2/memory/2212-200-0x00007FF75CF60000-0x00007FF75D2B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024337-195.dat	xmrig
behavioral2/memory/4948-194-0x00007FF613D80000-0x00007FF6140D4000-memory.dmp	xmrig
behavioral2/memory/4760-193-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp	xmrig
behavioral2/memory/4080-192-0x00007FF73A860000-0x00007FF73ABB4000-memory.dmp	xmrig
behavioral2/memory/4884-188-0x00007FF70C1E0000-0x00007FF70C534000-memory.dmp	xmrig
behavioral2/files/0x0007000000024336-186.dat	xmrig
behavioral2/memory/1312-182-0x00007FF6C0ED0000-0x00007FF6C1224000-memory.dmp	xmrig
behavioral2/memory/3112-174-0x00007FF6AC240000-0x00007FF6AC594000-memory.dmp	xmrig
behavioral2/memory/4852-173-0x00007FF6E6EE0000-0x00007FF6E7234000-memory.dmp	xmrig
behavioral2/memory/5696-172-0x00007FF6786F0000-0x00007FF678A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024333-167.dat	xmrig
behavioral2/memory/2600-166-0x00007FF6E0E00000-0x00007FF6E1154000-memory.dmp	xmrig
behavioral2/memory/2460-165-0x00007FF74C730000-0x00007FF74CA84000-memory.dmp	xmrig
behavioral2/memory/408-161-0x00007FF7301E0000-0x00007FF730534000-memory.dmp	xmrig
behavioral2/memory/3116-160-0x00007FF629670000-0x00007FF6299C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024332-158.dat	xmrig
behavioral2/memory/4712-154-0x00007FF728040000-0x00007FF728394000-memory.dmp	xmrig
behavioral2/files/0x0007000000024331-148.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3444	JcowXAN.exe
4244	gGRIHZJ.exe
324	xfCWOcB.exe
6000	NXPnyva.exe
5496	QJUYFjk.exe
5844	uUHBllu.exe
5208	vmSjwhm.exe
4468	mMgKefQ.exe
4396	NKntetR.exe
4648	pGtPSVD.exe
4684	jqbIVnL.exe
4552	zbcJUhW.exe
3556	QoKgwtL.exe
3116	jXRqhua.exe
2460	MkgNrCI.exe
2600	vsOVkdx.exe
4852	BKvbCDm.exe
4884	YbnIpvE.exe
4760	UZjzopg.exe
4948	aRioCfa.exe
944	ZFmWbaM.exe
2996	EJFNmpZ.exe
4712	JTcTRre.exe
408	XSvagAB.exe
5696	AFvajrF.exe
3112	XSfkcoh.exe
1312	tUywjYJ.exe
4080	qdDfSVP.exe
2212	uYgVpIC.exe
1076	zaIPNXu.exe
4344	ZrtszsC.exe
4212	iaizyDi.exe
5464	UUEvjuw.exe
5216	ZsESANh.exe
3648	vOZRahx.exe
6116	tuiluXq.exe
2940	DHcJfKt.exe
4488	kbFVKiq.exe
5616	ESxBjqc.exe
712	UnaqYAQ.exe
2900	LbHXWkx.exe
4576	mtWIsbw.exe
5740	pPtxWKV.exe
2592	SMIljfB.exe
2328	jSqhceg.exe
4584	anBxavG.exe
1372	SkujMiS.exe
432	ttcYIWV.exe
4060	MxKGnKr.exe
5820	WjtmzgU.exe
2132	sThXBgJ.exe
3812	shRbMCB.exe
2420	nZPAHOo.exe
1144	nPWBnQc.exe
1360	kmetUOB.exe
2676	xrHvPjO.exe
5108	kkPKMdY.exe
2284	pVzoImm.exe
5788	gxvwRvs.exe
4452	PsQCHjV.exe
460	aQbsSPK.exe
3316	xdyeeaa.exe
4504	fVHCEiF.exe
868	rMkXlFQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4248-0-0x00007FF701A00000-0x00007FF701D54000-memory.dmp	upx
behavioral2/files/0x00040000000227b2-4.dat	upx
behavioral2/memory/3444-6-0x00007FF61F210000-0x00007FF61F564000-memory.dmp	upx
behavioral2/files/0x0007000000024323-11.dat	upx
behavioral2/memory/4244-15-0x00007FF660450000-0x00007FF6607A4000-memory.dmp	upx
behavioral2/files/0x0007000000024324-16.dat	upx
behavioral2/memory/324-20-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp	upx
behavioral2/files/0x0007000000024325-23.dat	upx
behavioral2/memory/6000-26-0x00007FF7E1700000-0x00007FF7E1A54000-memory.dmp	upx
behavioral2/files/0x000b00000002417b-28.dat	upx
behavioral2/memory/5496-32-0x00007FF60CBE0000-0x00007FF60CF34000-memory.dmp	upx
behavioral2/files/0x000e0000000241a8-33.dat	upx
behavioral2/memory/5844-34-0x00007FF7A9790000-0x00007FF7A9AE4000-memory.dmp	upx
behavioral2/memory/5208-42-0x00007FF670970000-0x00007FF670CC4000-memory.dmp	upx
behavioral2/files/0x0008000000024320-43.dat	upx
behavioral2/files/0x000d0000000241a5-47.dat	upx
behavioral2/files/0x0007000000024326-60.dat	upx
behavioral2/files/0x0007000000024327-64.dat	upx
behavioral2/memory/4648-63-0x00007FF6534C0000-0x00007FF653814000-memory.dmp	upx
behavioral2/memory/4244-62-0x00007FF660450000-0x00007FF6607A4000-memory.dmp	upx
behavioral2/memory/4396-58-0x00007FF629E60000-0x00007FF62A1B4000-memory.dmp	upx
behavioral2/memory/3444-56-0x00007FF61F210000-0x00007FF61F564000-memory.dmp	upx
behavioral2/memory/4468-51-0x00007FF77DA50000-0x00007FF77DDA4000-memory.dmp	upx
behavioral2/memory/4248-48-0x00007FF701A00000-0x00007FF701D54000-memory.dmp	upx
behavioral2/memory/324-66-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp	upx
behavioral2/files/0x0007000000024328-69.dat	upx
behavioral2/memory/4684-70-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp	upx
behavioral2/files/0x000700000001e6d3-75.dat	upx
behavioral2/memory/4552-77-0x00007FF77A810000-0x00007FF77AB64000-memory.dmp	upx
behavioral2/files/0x000c0000000241a2-81.dat	upx
behavioral2/memory/3556-86-0x00007FF659200000-0x00007FF659554000-memory.dmp	upx
behavioral2/files/0x0007000000024329-89.dat	upx
behavioral2/memory/3116-91-0x00007FF629670000-0x00007FF6299C4000-memory.dmp	upx
behavioral2/files/0x000700000002432c-106.dat	upx
behavioral2/memory/4760-127-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp	upx
behavioral2/files/0x000700000002432e-131.dat	upx
behavioral2/memory/4684-136-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp	upx
behavioral2/memory/3556-153-0x00007FF659200000-0x00007FF659554000-memory.dmp	upx
behavioral2/files/0x0007000000024334-162.dat	upx
behavioral2/files/0x0007000000024335-169.dat	upx
behavioral2/files/0x0007000000024338-189.dat	upx
behavioral2/memory/944-770-0x00007FF716270000-0x00007FF7165C4000-memory.dmp	upx
behavioral2/files/0x000700000002433b-213.dat	upx
behavioral2/files/0x000700000002433a-209.dat	upx
behavioral2/files/0x0007000000024339-205.dat	upx
behavioral2/memory/2212-200-0x00007FF75CF60000-0x00007FF75D2B4000-memory.dmp	upx
behavioral2/files/0x0007000000024337-195.dat	upx
behavioral2/memory/4948-194-0x00007FF613D80000-0x00007FF6140D4000-memory.dmp	upx
behavioral2/memory/4760-193-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp	upx
behavioral2/memory/4080-192-0x00007FF73A860000-0x00007FF73ABB4000-memory.dmp	upx
behavioral2/memory/4884-188-0x00007FF70C1E0000-0x00007FF70C534000-memory.dmp	upx
behavioral2/files/0x0007000000024336-186.dat	upx
behavioral2/memory/1312-182-0x00007FF6C0ED0000-0x00007FF6C1224000-memory.dmp	upx
behavioral2/memory/3112-174-0x00007FF6AC240000-0x00007FF6AC594000-memory.dmp	upx
behavioral2/memory/4852-173-0x00007FF6E6EE0000-0x00007FF6E7234000-memory.dmp	upx
behavioral2/memory/5696-172-0x00007FF6786F0000-0x00007FF678A44000-memory.dmp	upx
behavioral2/files/0x0007000000024333-167.dat	upx
behavioral2/memory/2600-166-0x00007FF6E0E00000-0x00007FF6E1154000-memory.dmp	upx
behavioral2/memory/2460-165-0x00007FF74C730000-0x00007FF74CA84000-memory.dmp	upx
behavioral2/memory/408-161-0x00007FF7301E0000-0x00007FF730534000-memory.dmp	upx
behavioral2/memory/3116-160-0x00007FF629670000-0x00007FF6299C4000-memory.dmp	upx
behavioral2/files/0x0007000000024332-158.dat	upx
behavioral2/memory/4712-154-0x00007FF728040000-0x00007FF728394000-memory.dmp	upx
behavioral2/files/0x0007000000024331-148.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EscjVVG.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bNbqITA.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jJcrdAl.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jyNephk.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RrHIvXQ.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pGtPSVD.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uYgVpIC.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EaDWhSU.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AIyppUc.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MxrNoJe.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xfCWOcB.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WdnbuoG.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PokxqBN.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JyVhlOO.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HPeTaCH.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mpmrhFy.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UDJfPEo.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HSQgJyC.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\psZcCBM.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NUyJfpl.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ECtobXG.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UyPZAuY.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NVmAZlH.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IWCCwwT.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WjtmzgU.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dCpCrbA.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KBeXXEe.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aEijXBn.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pkGNZeK.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bjpHDGa.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BmstbdL.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aRioCfa.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VaELXZZ.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SGAtAAe.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WKAGtbN.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZrtszsC.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kXaZCWp.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tqkEsHO.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PWrXedB.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aUxTNfG.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nSaahOe.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fxqNJfl.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EBmQReH.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kbFVKiq.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KMxTJiN.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FmAyZNi.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ogxiZhK.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UspdEvz.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gGRIHZJ.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hZPWMRj.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XVtIheK.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\anHkNVZ.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TLHTdpD.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KyytCVO.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ukDxiJv.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\agUPvPf.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nkIyoBf.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gSqUhEt.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UnaqYAQ.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EGTccXy.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IFVJlOy.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gXQmOBT.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\blDhfGf.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mNnZZFW.exe	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 3444	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 4248 wrote to memory of 3444	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 4248 wrote to memory of 4244	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4248 wrote to memory of 4244	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4248 wrote to memory of 324	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4248 wrote to memory of 324	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4248 wrote to memory of 6000	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4248 wrote to memory of 6000	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4248 wrote to memory of 5496	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4248 wrote to memory of 5496	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4248 wrote to memory of 5844	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4248 wrote to memory of 5844	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4248 wrote to memory of 5208	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4248 wrote to memory of 5208	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4248 wrote to memory of 4468	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4248 wrote to memory of 4468	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4248 wrote to memory of 4396	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4248 wrote to memory of 4396	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4248 wrote to memory of 4648	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4248 wrote to memory of 4648	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4248 wrote to memory of 4684	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4248 wrote to memory of 4684	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4248 wrote to memory of 4552	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4248 wrote to memory of 4552	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4248 wrote to memory of 3556	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4248 wrote to memory of 3556	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4248 wrote to memory of 3116	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4248 wrote to memory of 3116	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4248 wrote to memory of 2460	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4248 wrote to memory of 2460	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4248 wrote to memory of 2600	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4248 wrote to memory of 2600	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4248 wrote to memory of 4852	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4248 wrote to memory of 4852	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4248 wrote to memory of 4884	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4248 wrote to memory of 4884	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4248 wrote to memory of 4760	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4248 wrote to memory of 4760	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4248 wrote to memory of 4948	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4248 wrote to memory of 4948	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4248 wrote to memory of 944	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4248 wrote to memory of 944	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4248 wrote to memory of 2996	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4248 wrote to memory of 2996	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4248 wrote to memory of 4712	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4248 wrote to memory of 4712	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4248 wrote to memory of 408	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4248 wrote to memory of 408	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4248 wrote to memory of 5696	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4248 wrote to memory of 5696	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4248 wrote to memory of 3112	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4248 wrote to memory of 3112	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4248 wrote to memory of 1312	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4248 wrote to memory of 1312	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4248 wrote to memory of 4080	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4248 wrote to memory of 4080	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4248 wrote to memory of 2212	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4248 wrote to memory of 2212	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4248 wrote to memory of 1076	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4248 wrote to memory of 1076	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4248 wrote to memory of 4344	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4248 wrote to memory of 4344	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4248 wrote to memory of 4212	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4248 wrote to memory of 4212	4248	2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_ba29787de0fc27581fbb8044237d3ebb_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\System\JcowXAN.exe
  C:\Windows\System\JcowXAN.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\gGRIHZJ.exe
  C:\Windows\System\gGRIHZJ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\xfCWOcB.exe
  C:\Windows\System\xfCWOcB.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\NXPnyva.exe
  C:\Windows\System\NXPnyva.exe
  2⤵
  - Executes dropped EXE
  PID:6000
- C:\Windows\System\QJUYFjk.exe
  C:\Windows\System\QJUYFjk.exe
  2⤵
  - Executes dropped EXE
  PID:5496
- C:\Windows\System\uUHBllu.exe
  C:\Windows\System\uUHBllu.exe
  2⤵
  - Executes dropped EXE
  PID:5844
- C:\Windows\System\vmSjwhm.exe
  C:\Windows\System\vmSjwhm.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\mMgKefQ.exe
  C:\Windows\System\mMgKefQ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\NKntetR.exe
  C:\Windows\System\NKntetR.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\pGtPSVD.exe
  C:\Windows\System\pGtPSVD.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\jqbIVnL.exe
  C:\Windows\System\jqbIVnL.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\zbcJUhW.exe
  C:\Windows\System\zbcJUhW.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\QoKgwtL.exe
  C:\Windows\System\QoKgwtL.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\jXRqhua.exe
  C:\Windows\System\jXRqhua.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\MkgNrCI.exe
  C:\Windows\System\MkgNrCI.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\vsOVkdx.exe
  C:\Windows\System\vsOVkdx.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\BKvbCDm.exe
  C:\Windows\System\BKvbCDm.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\YbnIpvE.exe
  C:\Windows\System\YbnIpvE.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\UZjzopg.exe
  C:\Windows\System\UZjzopg.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\aRioCfa.exe
  C:\Windows\System\aRioCfa.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ZFmWbaM.exe
  C:\Windows\System\ZFmWbaM.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\EJFNmpZ.exe
  C:\Windows\System\EJFNmpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\JTcTRre.exe
  C:\Windows\System\JTcTRre.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\XSvagAB.exe
  C:\Windows\System\XSvagAB.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\AFvajrF.exe
  C:\Windows\System\AFvajrF.exe
  2⤵
  - Executes dropped EXE
  PID:5696
- C:\Windows\System\XSfkcoh.exe
  C:\Windows\System\XSfkcoh.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\tUywjYJ.exe
  C:\Windows\System\tUywjYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\qdDfSVP.exe
  C:\Windows\System\qdDfSVP.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\uYgVpIC.exe
  C:\Windows\System\uYgVpIC.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zaIPNXu.exe
  C:\Windows\System\zaIPNXu.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ZrtszsC.exe
  C:\Windows\System\ZrtszsC.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\iaizyDi.exe
  C:\Windows\System\iaizyDi.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\UUEvjuw.exe
  C:\Windows\System\UUEvjuw.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\ZsESANh.exe
  C:\Windows\System\ZsESANh.exe
  2⤵
  - Executes dropped EXE
  PID:5216
- C:\Windows\System\vOZRahx.exe
  C:\Windows\System\vOZRahx.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\tuiluXq.exe
  C:\Windows\System\tuiluXq.exe
  2⤵
  - Executes dropped EXE
  PID:6116
- C:\Windows\System\DHcJfKt.exe
  C:\Windows\System\DHcJfKt.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\kbFVKiq.exe
  C:\Windows\System\kbFVKiq.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\ESxBjqc.exe
  C:\Windows\System\ESxBjqc.exe
  2⤵
  - Executes dropped EXE
  PID:5616
- C:\Windows\System\UnaqYAQ.exe
  C:\Windows\System\UnaqYAQ.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\LbHXWkx.exe
  C:\Windows\System\LbHXWkx.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\mtWIsbw.exe
  C:\Windows\System\mtWIsbw.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\pPtxWKV.exe
  C:\Windows\System\pPtxWKV.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\SMIljfB.exe
  C:\Windows\System\SMIljfB.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\jSqhceg.exe
  C:\Windows\System\jSqhceg.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\anBxavG.exe
  C:\Windows\System\anBxavG.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\SkujMiS.exe
  C:\Windows\System\SkujMiS.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ttcYIWV.exe
  C:\Windows\System\ttcYIWV.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\MxKGnKr.exe
  C:\Windows\System\MxKGnKr.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\WjtmzgU.exe
  C:\Windows\System\WjtmzgU.exe
  2⤵
  - Executes dropped EXE
  PID:5820
- C:\Windows\System\sThXBgJ.exe
  C:\Windows\System\sThXBgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\shRbMCB.exe
  C:\Windows\System\shRbMCB.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\nZPAHOo.exe
  C:\Windows\System\nZPAHOo.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\nPWBnQc.exe
  C:\Windows\System\nPWBnQc.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\kmetUOB.exe
  C:\Windows\System\kmetUOB.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\xrHvPjO.exe
  C:\Windows\System\xrHvPjO.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\kkPKMdY.exe
  C:\Windows\System\kkPKMdY.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\pVzoImm.exe
  C:\Windows\System\pVzoImm.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\gxvwRvs.exe
  C:\Windows\System\gxvwRvs.exe
  2⤵
  - Executes dropped EXE
  PID:5788
- C:\Windows\System\PsQCHjV.exe
  C:\Windows\System\PsQCHjV.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\aQbsSPK.exe
  C:\Windows\System\aQbsSPK.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\xdyeeaa.exe
  C:\Windows\System\xdyeeaa.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\fVHCEiF.exe
  C:\Windows\System\fVHCEiF.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\rMkXlFQ.exe
  C:\Windows\System\rMkXlFQ.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\UatrpMo.exe
  C:\Windows\System\UatrpMo.exe
  2⤵
  PID:5936
- C:\Windows\System\NTtmkkL.exe
  C:\Windows\System\NTtmkkL.exe
  2⤵
  PID:4236
- C:\Windows\System\UqaeAJi.exe
  C:\Windows\System\UqaeAJi.exe
  2⤵
  PID:3320
- C:\Windows\System\vMdMksY.exe
  C:\Windows\System\vMdMksY.exe
  2⤵
  PID:216
- C:\Windows\System\YxVNOEU.exe
  C:\Windows\System\YxVNOEU.exe
  2⤵
  PID:6032
- C:\Windows\System\cNvFRfo.exe
  C:\Windows\System\cNvFRfo.exe
  2⤵
  PID:2348
- C:\Windows\System\dktJffb.exe
  C:\Windows\System\dktJffb.exe
  2⤵
  PID:3296
- C:\Windows\System\uYwDTHZ.exe
  C:\Windows\System\uYwDTHZ.exe
  2⤵
  PID:1484
- C:\Windows\System\pHafkwM.exe
  C:\Windows\System\pHafkwM.exe
  2⤵
  PID:4356
- C:\Windows\System\SedxjiD.exe
  C:\Windows\System\SedxjiD.exe
  2⤵
  PID:4800
- C:\Windows\System\UIBghpc.exe
  C:\Windows\System\UIBghpc.exe
  2⤵
  PID:4700
- C:\Windows\System\iztAwFF.exe
  C:\Windows\System\iztAwFF.exe
  2⤵
  PID:4952
- C:\Windows\System\ZZvSLSO.exe
  C:\Windows\System\ZZvSLSO.exe
  2⤵
  PID:1960
- C:\Windows\System\ceixLaE.exe
  C:\Windows\System\ceixLaE.exe
  2⤵
  PID:1624
- C:\Windows\System\ogzfhhb.exe
  C:\Windows\System\ogzfhhb.exe
  2⤵
  PID:4516
- C:\Windows\System\LkdHxIU.exe
  C:\Windows\System\LkdHxIU.exe
  2⤵
  PID:4532
- C:\Windows\System\TLVoHIn.exe
  C:\Windows\System\TLVoHIn.exe
  2⤵
  PID:4388
- C:\Windows\System\EaDWhSU.exe
  C:\Windows\System\EaDWhSU.exe
  2⤵
  PID:1644
- C:\Windows\System\REnlTMq.exe
  C:\Windows\System\REnlTMq.exe
  2⤵
  PID:4748
- C:\Windows\System\pAgZmoE.exe
  C:\Windows\System\pAgZmoE.exe
  2⤵
  PID:1580
- C:\Windows\System\UixiTOC.exe
  C:\Windows\System\UixiTOC.exe
  2⤵
  PID:5240
- C:\Windows\System\BdHUsxy.exe
  C:\Windows\System\BdHUsxy.exe
  2⤵
  PID:3140
- C:\Windows\System\jtSgdoS.exe
  C:\Windows\System\jtSgdoS.exe
  2⤵
  PID:4796
- C:\Windows\System\OEFrdZl.exe
  C:\Windows\System\OEFrdZl.exe
  2⤵
  PID:4524
- C:\Windows\System\YTgSqwU.exe
  C:\Windows\System\YTgSqwU.exe
  2⤵
  PID:1540
- C:\Windows\System\IFzyuyB.exe
  C:\Windows\System\IFzyuyB.exe
  2⤵
  PID:756
- C:\Windows\System\nwnxHzu.exe
  C:\Windows\System\nwnxHzu.exe
  2⤵
  PID:2744
- C:\Windows\System\ehYNLXy.exe
  C:\Windows\System\ehYNLXy.exe
  2⤵
  PID:852
- C:\Windows\System\jvRkMCX.exe
  C:\Windows\System\jvRkMCX.exe
  2⤵
  PID:1512
- C:\Windows\System\cxIocaf.exe
  C:\Windows\System\cxIocaf.exe
  2⤵
  PID:3760
- C:\Windows\System\gmKAgwD.exe
  C:\Windows\System\gmKAgwD.exe
  2⤵
  PID:2532
- C:\Windows\System\xWHlSqH.exe
  C:\Windows\System\xWHlSqH.exe
  2⤵
  PID:5980
- C:\Windows\System\DavzJjS.exe
  C:\Windows\System\DavzJjS.exe
  2⤵
  PID:2032
- C:\Windows\System\TPwZqyv.exe
  C:\Windows\System\TPwZqyv.exe
  2⤵
  PID:5204
- C:\Windows\System\bXwjJIW.exe
  C:\Windows\System\bXwjJIW.exe
  2⤵
  PID:5760
- C:\Windows\System\zcGzhGn.exe
  C:\Windows\System\zcGzhGn.exe
  2⤵
  PID:5636
- C:\Windows\System\GvTesAA.exe
  C:\Windows\System\GvTesAA.exe
  2⤵
  PID:1284
- C:\Windows\System\OpSzqRM.exe
  C:\Windows\System\OpSzqRM.exe
  2⤵
  PID:4964
- C:\Windows\System\ATVCxve.exe
  C:\Windows\System\ATVCxve.exe
  2⤵
  PID:5412
- C:\Windows\System\pwBpXrC.exe
  C:\Windows\System\pwBpXrC.exe
  2⤵
  PID:5352
- C:\Windows\System\JHWsfKp.exe
  C:\Windows\System\JHWsfKp.exe
  2⤵
  PID:4312
- C:\Windows\System\mZIOlkW.exe
  C:\Windows\System\mZIOlkW.exe
  2⤵
  PID:4580
- C:\Windows\System\JwUNaxI.exe
  C:\Windows\System\JwUNaxI.exe
  2⤵
  PID:5872
- C:\Windows\System\YvKHqmO.exe
  C:\Windows\System\YvKHqmO.exe
  2⤵
  PID:3944
- C:\Windows\System\hZPWMRj.exe
  C:\Windows\System\hZPWMRj.exe
  2⤵
  PID:2360
- C:\Windows\System\pBJSAfZ.exe
  C:\Windows\System\pBJSAfZ.exe
  2⤵
  PID:1280
- C:\Windows\System\OoIHnWY.exe
  C:\Windows\System\OoIHnWY.exe
  2⤵
  PID:5264
- C:\Windows\System\kEhvdzb.exe
  C:\Windows\System\kEhvdzb.exe
  2⤵
  PID:4728
- C:\Windows\System\qvvcwVM.exe
  C:\Windows\System\qvvcwVM.exe
  2⤵
  PID:620
- C:\Windows\System\foEmxGp.exe
  C:\Windows\System\foEmxGp.exe
  2⤵
  PID:4956
- C:\Windows\System\psZcCBM.exe
  C:\Windows\System\psZcCBM.exe
  2⤵
  PID:4764
- C:\Windows\System\XXOVUBP.exe
  C:\Windows\System\XXOVUBP.exe
  2⤵
  PID:3224
- C:\Windows\System\YSvMTPY.exe
  C:\Windows\System\YSvMTPY.exe
  2⤵
  PID:4068
- C:\Windows\System\kXaZCWp.exe
  C:\Windows\System\kXaZCWp.exe
  2⤵
  PID:3752
- C:\Windows\System\gglZWTH.exe
  C:\Windows\System\gglZWTH.exe
  2⤵
  PID:1816
- C:\Windows\System\GdovGmu.exe
  C:\Windows\System\GdovGmu.exe
  2⤵
  PID:3404
- C:\Windows\System\hMZZFWM.exe
  C:\Windows\System\hMZZFWM.exe
  2⤵
  PID:1988
- C:\Windows\System\dIJPiks.exe
  C:\Windows\System\dIJPiks.exe
  2⤵
  PID:4824
- C:\Windows\System\whmZpLD.exe
  C:\Windows\System\whmZpLD.exe
  2⤵
  PID:6072
- C:\Windows\System\cCNmOZe.exe
  C:\Windows\System\cCNmOZe.exe
  2⤵
  PID:3136
- C:\Windows\System\UlKomHU.exe
  C:\Windows\System\UlKomHU.exe
  2⤵
  PID:4520
- C:\Windows\System\QXGKfNJ.exe
  C:\Windows\System\QXGKfNJ.exe
  2⤵
  PID:3252
- C:\Windows\System\WdnbuoG.exe
  C:\Windows\System\WdnbuoG.exe
  2⤵
  PID:2040
- C:\Windows\System\IseVpUP.exe
  C:\Windows\System\IseVpUP.exe
  2⤵
  PID:3160
- C:\Windows\System\IpeQAbu.exe
  C:\Windows\System\IpeQAbu.exe
  2⤵
  PID:3544
- C:\Windows\System\zIlUjEZ.exe
  C:\Windows\System\zIlUjEZ.exe
  2⤵
  PID:5260
- C:\Windows\System\ZJsrleo.exe
  C:\Windows\System\ZJsrleo.exe
  2⤵
  PID:5608
- C:\Windows\System\BWorIod.exe
  C:\Windows\System\BWorIod.exe
  2⤵
  PID:4892
- C:\Windows\System\OddhXGY.exe
  C:\Windows\System\OddhXGY.exe
  2⤵
  PID:6152
- C:\Windows\System\anHkNVZ.exe
  C:\Windows\System\anHkNVZ.exe
  2⤵
  PID:6180
- C:\Windows\System\zExOQwC.exe
  C:\Windows\System\zExOQwC.exe
  2⤵
  PID:6208
- C:\Windows\System\gqKREMj.exe
  C:\Windows\System\gqKREMj.exe
  2⤵
  PID:6236
- C:\Windows\System\oGZWUuV.exe
  C:\Windows\System\oGZWUuV.exe
  2⤵
  PID:6264
- C:\Windows\System\dCpCrbA.exe
  C:\Windows\System\dCpCrbA.exe
  2⤵
  PID:6292
- C:\Windows\System\TpNkcTW.exe
  C:\Windows\System\TpNkcTW.exe
  2⤵
  PID:6320
- C:\Windows\System\CEveJXL.exe
  C:\Windows\System\CEveJXL.exe
  2⤵
  PID:6348
- C:\Windows\System\TOcFpMJ.exe
  C:\Windows\System\TOcFpMJ.exe
  2⤵
  PID:6376
- C:\Windows\System\pOfFPVQ.exe
  C:\Windows\System\pOfFPVQ.exe
  2⤵
  PID:6404
- C:\Windows\System\kNDspOV.exe
  C:\Windows\System\kNDspOV.exe
  2⤵
  PID:6432
- C:\Windows\System\ACzyuFE.exe
  C:\Windows\System\ACzyuFE.exe
  2⤵
  PID:6460
- C:\Windows\System\tKFnilf.exe
  C:\Windows\System\tKFnilf.exe
  2⤵
  PID:6488
- C:\Windows\System\KMxTJiN.exe
  C:\Windows\System\KMxTJiN.exe
  2⤵
  PID:6516
- C:\Windows\System\TGLEqrx.exe
  C:\Windows\System\TGLEqrx.exe
  2⤵
  PID:6544
- C:\Windows\System\grzoDwp.exe
  C:\Windows\System\grzoDwp.exe
  2⤵
  PID:6572
- C:\Windows\System\EfvJPYx.exe
  C:\Windows\System\EfvJPYx.exe
  2⤵
  PID:6600
- C:\Windows\System\WihMAhq.exe
  C:\Windows\System\WihMAhq.exe
  2⤵
  PID:6628
- C:\Windows\System\IBinHTZ.exe
  C:\Windows\System\IBinHTZ.exe
  2⤵
  PID:6656
- C:\Windows\System\vghtWOu.exe
  C:\Windows\System\vghtWOu.exe
  2⤵
  PID:6684
- C:\Windows\System\PWycmYV.exe
  C:\Windows\System\PWycmYV.exe
  2⤵
  PID:6712
- C:\Windows\System\frONndt.exe
  C:\Windows\System\frONndt.exe
  2⤵
  PID:6740
- C:\Windows\System\yzbRnzo.exe
  C:\Windows\System\yzbRnzo.exe
  2⤵
  PID:6768
- C:\Windows\System\ebNdhgo.exe
  C:\Windows\System\ebNdhgo.exe
  2⤵
  PID:6796
- C:\Windows\System\FmAyZNi.exe
  C:\Windows\System\FmAyZNi.exe
  2⤵
  PID:6828
- C:\Windows\System\RqQLYAT.exe
  C:\Windows\System\RqQLYAT.exe
  2⤵
  PID:6852
- C:\Windows\System\rKInXQr.exe
  C:\Windows\System\rKInXQr.exe
  2⤵
  PID:6880
- C:\Windows\System\lBGXGyp.exe
  C:\Windows\System\lBGXGyp.exe
  2⤵
  PID:6908
- C:\Windows\System\CmeBJwb.exe
  C:\Windows\System\CmeBJwb.exe
  2⤵
  PID:6936
- C:\Windows\System\OuDFkJh.exe
  C:\Windows\System\OuDFkJh.exe
  2⤵
  PID:6964
- C:\Windows\System\hfymUsw.exe
  C:\Windows\System\hfymUsw.exe
  2⤵
  PID:6992
- C:\Windows\System\NzfPqQb.exe
  C:\Windows\System\NzfPqQb.exe
  2⤵
  PID:7020
- C:\Windows\System\HqIXEKy.exe
  C:\Windows\System\HqIXEKy.exe
  2⤵
  PID:7048
- C:\Windows\System\UDJfPEo.exe
  C:\Windows\System\UDJfPEo.exe
  2⤵
  PID:7076
- C:\Windows\System\LFdBhUL.exe
  C:\Windows\System\LFdBhUL.exe
  2⤵
  PID:7104
- C:\Windows\System\fQeJFXY.exe
  C:\Windows\System\fQeJFXY.exe
  2⤵
  PID:7132
- C:\Windows\System\CIBmZLA.exe
  C:\Windows\System\CIBmZLA.exe
  2⤵
  PID:7160
- C:\Windows\System\fAUztfk.exe
  C:\Windows\System\fAUztfk.exe
  2⤵
  PID:5592
- C:\Windows\System\WFudpUQ.exe
  C:\Windows\System\WFudpUQ.exe
  2⤵
  PID:4548
- C:\Windows\System\lKkgaAN.exe
  C:\Windows\System\lKkgaAN.exe
  2⤵
  PID:6196
- C:\Windows\System\oULLQKC.exe
  C:\Windows\System\oULLQKC.exe
  2⤵
  PID:6256
- C:\Windows\System\AbHePOG.exe
  C:\Windows\System\AbHePOG.exe
  2⤵
  PID:6332
- C:\Windows\System\GiOFrpJ.exe
  C:\Windows\System\GiOFrpJ.exe
  2⤵
  PID:6392
- C:\Windows\System\wKcWycs.exe
  C:\Windows\System\wKcWycs.exe
  2⤵
  PID:6452
- C:\Windows\System\ANFoEoD.exe
  C:\Windows\System\ANFoEoD.exe
  2⤵
  PID:6528
- C:\Windows\System\RghKOYa.exe
  C:\Windows\System\RghKOYa.exe
  2⤵
  PID:3400
- C:\Windows\System\AggUjrL.exe
  C:\Windows\System\AggUjrL.exe
  2⤵
  PID:6640
- C:\Windows\System\ZwPJSqL.exe
  C:\Windows\System\ZwPJSqL.exe
  2⤵
  PID:6700
- C:\Windows\System\PFmHjJB.exe
  C:\Windows\System\PFmHjJB.exe
  2⤵
  PID:6760
- C:\Windows\System\YFXCzWY.exe
  C:\Windows\System\YFXCzWY.exe
  2⤵
  PID:6836
- C:\Windows\System\buYzHyD.exe
  C:\Windows\System\buYzHyD.exe
  2⤵
  PID:6896
- C:\Windows\System\cvQSJyk.exe
  C:\Windows\System\cvQSJyk.exe
  2⤵
  PID:6952
- C:\Windows\System\iNsOsuG.exe
  C:\Windows\System\iNsOsuG.exe
  2⤵
  PID:7008
- C:\Windows\System\nmpFTof.exe
  C:\Windows\System\nmpFTof.exe
  2⤵
  PID:7060
- C:\Windows\System\isPyJDg.exe
  C:\Windows\System\isPyJDg.exe
  2⤵
  PID:7120
- C:\Windows\System\eqzlvOZ.exe
  C:\Windows\System\eqzlvOZ.exe
  2⤵
  PID:5768
- C:\Windows\System\aBJhCQr.exe
  C:\Windows\System\aBJhCQr.exe
  2⤵
  PID:6224
- C:\Windows\System\vKvYHGu.exe
  C:\Windows\System\vKvYHGu.exe
  2⤵
  PID:6364
- C:\Windows\System\lWHvCRu.exe
  C:\Windows\System\lWHvCRu.exe
  2⤵
  PID:6500
- C:\Windows\System\TLHTdpD.exe
  C:\Windows\System\TLHTdpD.exe
  2⤵
  PID:6612
- C:\Windows\System\GdQLtNS.exe
  C:\Windows\System\GdQLtNS.exe
  2⤵
  PID:6732
- C:\Windows\System\HUGazpP.exe
  C:\Windows\System\HUGazpP.exe
  2⤵
  PID:6868
- C:\Windows\System\rLiHRpP.exe
  C:\Windows\System\rLiHRpP.exe
  2⤵
  PID:2336
- C:\Windows\System\feYQdMg.exe
  C:\Windows\System\feYQdMg.exe
  2⤵
  PID:7092
- C:\Windows\System\RXQePli.exe
  C:\Windows\System\RXQePli.exe
  2⤵
  PID:6168
- C:\Windows\System\QWwJEBx.exe
  C:\Windows\System\QWwJEBx.exe
  2⤵
  PID:7192
- C:\Windows\System\sEuFbgU.exe
  C:\Windows\System\sEuFbgU.exe
  2⤵
  PID:7220
- C:\Windows\System\TIqGMuB.exe
  C:\Windows\System\TIqGMuB.exe
  2⤵
  PID:7248
- C:\Windows\System\HSQgJyC.exe
  C:\Windows\System\HSQgJyC.exe
  2⤵
  PID:7276
- C:\Windows\System\FYvArCJ.exe
  C:\Windows\System\FYvArCJ.exe
  2⤵
  PID:7304
- C:\Windows\System\zVAADow.exe
  C:\Windows\System\zVAADow.exe
  2⤵
  PID:7332
- C:\Windows\System\hSulZpQ.exe
  C:\Windows\System\hSulZpQ.exe
  2⤵
  PID:7360
- C:\Windows\System\QCnwDUd.exe
  C:\Windows\System\QCnwDUd.exe
  2⤵
  PID:7388
- C:\Windows\System\SQkQdED.exe
  C:\Windows\System\SQkQdED.exe
  2⤵
  PID:7416
- C:\Windows\System\ffsHWPJ.exe
  C:\Windows\System\ffsHWPJ.exe
  2⤵
  PID:7444
- C:\Windows\System\UwnZnvU.exe
  C:\Windows\System\UwnZnvU.exe
  2⤵
  PID:7472
- C:\Windows\System\jlVPmFS.exe
  C:\Windows\System\jlVPmFS.exe
  2⤵
  PID:7500
- C:\Windows\System\hiZqszX.exe
  C:\Windows\System\hiZqszX.exe
  2⤵
  PID:7528
- C:\Windows\System\iEFCdMp.exe
  C:\Windows\System\iEFCdMp.exe
  2⤵
  PID:7556
- C:\Windows\System\CoGhWzd.exe
  C:\Windows\System\CoGhWzd.exe
  2⤵
  PID:7584
- C:\Windows\System\VmTVmWI.exe
  C:\Windows\System\VmTVmWI.exe
  2⤵
  PID:7612
- C:\Windows\System\DAEjqzl.exe
  C:\Windows\System\DAEjqzl.exe
  2⤵
  PID:7640
- C:\Windows\System\tCNUeuz.exe
  C:\Windows\System\tCNUeuz.exe
  2⤵
  PID:7676
- C:\Windows\System\afpvCdo.exe
  C:\Windows\System\afpvCdo.exe
  2⤵
  PID:7708
- C:\Windows\System\qSdQvct.exe
  C:\Windows\System\qSdQvct.exe
  2⤵
  PID:7736
- C:\Windows\System\YYMINle.exe
  C:\Windows\System\YYMINle.exe
  2⤵
  PID:7764
- C:\Windows\System\eCWGTYO.exe
  C:\Windows\System\eCWGTYO.exe
  2⤵
  PID:7800
- C:\Windows\System\NtHDlxo.exe
  C:\Windows\System\NtHDlxo.exe
  2⤵
  PID:7888
- C:\Windows\System\lPSpXhh.exe
  C:\Windows\System\lPSpXhh.exe
  2⤵
  PID:7916
- C:\Windows\System\GHlcuhm.exe
  C:\Windows\System\GHlcuhm.exe
  2⤵
  PID:7944
- C:\Windows\System\FnzUMCa.exe
  C:\Windows\System\FnzUMCa.exe
  2⤵
  PID:7972
- C:\Windows\System\mAslujz.exe
  C:\Windows\System\mAslujz.exe
  2⤵
  PID:8000
- C:\Windows\System\pvidzUe.exe
  C:\Windows\System\pvidzUe.exe
  2⤵
  PID:8036
- C:\Windows\System\uvUpFUA.exe
  C:\Windows\System\uvUpFUA.exe
  2⤵
  PID:8056
- C:\Windows\System\EHXUKtj.exe
  C:\Windows\System\EHXUKtj.exe
  2⤵
  PID:8084
- C:\Windows\System\mfNGYxa.exe
  C:\Windows\System\mfNGYxa.exe
  2⤵
  PID:8112
- C:\Windows\System\lAEHMSG.exe
  C:\Windows\System\lAEHMSG.exe
  2⤵
  PID:8144
- C:\Windows\System\NCIpODr.exe
  C:\Windows\System\NCIpODr.exe
  2⤵
  PID:8168
- C:\Windows\System\KBeXXEe.exe
  C:\Windows\System\KBeXXEe.exe
  2⤵
  PID:8184
- C:\Windows\System\sfCNALP.exe
  C:\Windows\System\sfCNALP.exe
  2⤵
  PID:6672
- C:\Windows\System\nWhzNHu.exe
  C:\Windows\System\nWhzNHu.exe
  2⤵
  PID:6728
- C:\Windows\System\yCAtBmQ.exe
  C:\Windows\System\yCAtBmQ.exe
  2⤵
  PID:7088
- C:\Windows\System\NUyJfpl.exe
  C:\Windows\System\NUyJfpl.exe
  2⤵
  PID:7180
- C:\Windows\System\CnXWBtr.exe
  C:\Windows\System\CnXWBtr.exe
  2⤵
  PID:7232
- C:\Windows\System\RdRwQNe.exe
  C:\Windows\System\RdRwQNe.exe
  2⤵
  PID:7292
- C:\Windows\System\HHlTTve.exe
  C:\Windows\System\HHlTTve.exe
  2⤵
  PID:5252
- C:\Windows\System\JYhNdsY.exe
  C:\Windows\System\JYhNdsY.exe
  2⤵
  PID:6084
- C:\Windows\System\GUBtHqn.exe
  C:\Windows\System\GUBtHqn.exe
  2⤵
  PID:7460
- C:\Windows\System\OSvCBRx.exe
  C:\Windows\System\OSvCBRx.exe
  2⤵
  PID:7544
- C:\Windows\System\dzdavgQ.exe
  C:\Windows\System\dzdavgQ.exe
  2⤵
  PID:7596
- C:\Windows\System\hPBNjzv.exe
  C:\Windows\System\hPBNjzv.exe
  2⤵
  PID:7632
- C:\Windows\System\jppTiHW.exe
  C:\Windows\System\jppTiHW.exe
  2⤵
  PID:7672
- C:\Windows\System\jALTCEn.exe
  C:\Windows\System\jALTCEn.exe
  2⤵
  PID:7724
- C:\Windows\System\BgoOxel.exe
  C:\Windows\System\BgoOxel.exe
  2⤵
  PID:7792
- C:\Windows\System\mZJvBxi.exe
  C:\Windows\System\mZJvBxi.exe
  2⤵
  PID:4324
- C:\Windows\System\HYXmvnm.exe
  C:\Windows\System\HYXmvnm.exe
  2⤵
  PID:2148
- C:\Windows\System\nwTykds.exe
  C:\Windows\System\nwTykds.exe
  2⤵
  PID:4828
- C:\Windows\System\brgIwhz.exe
  C:\Windows\System\brgIwhz.exe
  2⤵
  PID:5500
- C:\Windows\System\KyPTlRM.exe
  C:\Windows\System\KyPTlRM.exe
  2⤵
  PID:4152
- C:\Windows\System\aPdGCaS.exe
  C:\Windows\System\aPdGCaS.exe
  2⤵
  PID:1592
- C:\Windows\System\TMWaFaT.exe
  C:\Windows\System\TMWaFaT.exe
  2⤵
  PID:7900
- C:\Windows\System\tqkEsHO.exe
  C:\Windows\System\tqkEsHO.exe
  2⤵
  PID:7964
- C:\Windows\System\fHEtbxI.exe
  C:\Windows\System\fHEtbxI.exe
  2⤵
  PID:8044
- C:\Windows\System\LFWFIfg.exe
  C:\Windows\System\LFWFIfg.exe
  2⤵
  PID:8076
- C:\Windows\System\tzmsrPt.exe
  C:\Windows\System\tzmsrPt.exe
  2⤵
  PID:8164
- C:\Windows\System\MvroCHz.exe
  C:\Windows\System\MvroCHz.exe
  2⤵
  PID:6444
- C:\Windows\System\LzxMeVe.exe
  C:\Windows\System\LzxMeVe.exe
  2⤵
  PID:4036
- C:\Windows\System\QKocsSV.exe
  C:\Windows\System\QKocsSV.exe
  2⤵
  PID:7288
- C:\Windows\System\eJRTrdb.exe
  C:\Windows\System\eJRTrdb.exe
  2⤵
  PID:1952
- C:\Windows\System\BmFRftr.exe
  C:\Windows\System\BmFRftr.exe
  2⤵
  PID:7568
- C:\Windows\System\VWPdorN.exe
  C:\Windows\System\VWPdorN.exe
  2⤵
  PID:7720
- C:\Windows\System\cxGgcCw.exe
  C:\Windows\System\cxGgcCw.exe
  2⤵
  PID:7816
- C:\Windows\System\JeMgIec.exe
  C:\Windows\System\JeMgIec.exe
  2⤵
  PID:2056
- C:\Windows\System\DePafOK.exe
  C:\Windows\System\DePafOK.exe
  2⤵
  PID:2984
- C:\Windows\System\dUNAdJH.exe
  C:\Windows\System\dUNAdJH.exe
  2⤵
  PID:5276
- C:\Windows\System\MahTieT.exe
  C:\Windows\System\MahTieT.exe
  2⤵
  PID:7960
- C:\Windows\System\uRhPkly.exe
  C:\Windows\System\uRhPkly.exe
  2⤵
  PID:8152
- C:\Windows\System\yCzwRRc.exe
  C:\Windows\System\yCzwRRc.exe
  2⤵
  PID:7488
- C:\Windows\System\GOFlFHX.exe
  C:\Windows\System\GOFlFHX.exe
  2⤵
  PID:7776
- C:\Windows\System\AdKgjmV.exe
  C:\Windows\System\AdKgjmV.exe
  2⤵
  PID:2612
- C:\Windows\System\kOZKgAs.exe
  C:\Windows\System\kOZKgAs.exe
  2⤵
  PID:8176
- C:\Windows\System\mLgQDaW.exe
  C:\Windows\System\mLgQDaW.exe
  2⤵
  PID:7652
- C:\Windows\System\ocxpHGF.exe
  C:\Windows\System\ocxpHGF.exe
  2⤵
  PID:8200
- C:\Windows\System\kmnQCuD.exe
  C:\Windows\System\kmnQCuD.exe
  2⤵
  PID:8240
- C:\Windows\System\JliJFqQ.exe
  C:\Windows\System\JliJFqQ.exe
  2⤵
  PID:8284
- C:\Windows\System\rzUwdYq.exe
  C:\Windows\System\rzUwdYq.exe
  2⤵
  PID:8332
- C:\Windows\System\aEijXBn.exe
  C:\Windows\System\aEijXBn.exe
  2⤵
  PID:8380
- C:\Windows\System\KyytCVO.exe
  C:\Windows\System\KyytCVO.exe
  2⤵
  PID:8440
- C:\Windows\System\dvwrLnv.exe
  C:\Windows\System\dvwrLnv.exe
  2⤵
  PID:8476
- C:\Windows\System\KZwDZyU.exe
  C:\Windows\System\KZwDZyU.exe
  2⤵
  PID:8504
- C:\Windows\System\xEPnKrF.exe
  C:\Windows\System\xEPnKrF.exe
  2⤵
  PID:8524
- C:\Windows\System\LFhLKsj.exe
  C:\Windows\System\LFhLKsj.exe
  2⤵
  PID:8548
- C:\Windows\System\awONcVZ.exe
  C:\Windows\System\awONcVZ.exe
  2⤵
  PID:8588
- C:\Windows\System\ySSvCFr.exe
  C:\Windows\System\ySSvCFr.exe
  2⤵
  PID:8616
- C:\Windows\System\XmqeKAP.exe
  C:\Windows\System\XmqeKAP.exe
  2⤵
  PID:8640
- C:\Windows\System\OiMLVRa.exe
  C:\Windows\System\OiMLVRa.exe
  2⤵
  PID:8668
- C:\Windows\System\PJzQeaI.exe
  C:\Windows\System\PJzQeaI.exe
  2⤵
  PID:8712
- C:\Windows\System\JEAaGxI.exe
  C:\Windows\System\JEAaGxI.exe
  2⤵
  PID:8728
- C:\Windows\System\IRGvovn.exe
  C:\Windows\System\IRGvovn.exe
  2⤵
  PID:8752
- C:\Windows\System\XgDaDhC.exe
  C:\Windows\System\XgDaDhC.exe
  2⤵
  PID:8780
- C:\Windows\System\EGTccXy.exe
  C:\Windows\System\EGTccXy.exe
  2⤵
  PID:8820
- C:\Windows\System\OLMtLAV.exe
  C:\Windows\System\OLMtLAV.exe
  2⤵
  PID:8864
- C:\Windows\System\VJIfaWg.exe
  C:\Windows\System\VJIfaWg.exe
  2⤵
  PID:8904
- C:\Windows\System\xlhtFSe.exe
  C:\Windows\System\xlhtFSe.exe
  2⤵
  PID:8928
- C:\Windows\System\zyCqnvK.exe
  C:\Windows\System\zyCqnvK.exe
  2⤵
  PID:8956
- C:\Windows\System\nEtnZCQ.exe
  C:\Windows\System\nEtnZCQ.exe
  2⤵
  PID:8984
- C:\Windows\System\ebxJtDi.exe
  C:\Windows\System\ebxJtDi.exe
  2⤵
  PID:9012
- C:\Windows\System\KtDroGs.exe
  C:\Windows\System\KtDroGs.exe
  2⤵
  PID:9044
- C:\Windows\System\YBCJTor.exe
  C:\Windows\System\YBCJTor.exe
  2⤵
  PID:9068
- C:\Windows\System\RgTnNQR.exe
  C:\Windows\System\RgTnNQR.exe
  2⤵
  PID:9096
- C:\Windows\System\EscjVVG.exe
  C:\Windows\System\EscjVVG.exe
  2⤵
  PID:9124
- C:\Windows\System\ywFwHmm.exe
  C:\Windows\System\ywFwHmm.exe
  2⤵
  PID:9152
- C:\Windows\System\ffqpzOa.exe
  C:\Windows\System\ffqpzOa.exe
  2⤵
  PID:9180
- C:\Windows\System\ftzqkJr.exe
  C:\Windows\System\ftzqkJr.exe
  2⤵
  PID:9208
- C:\Windows\System\zlJSDvn.exe
  C:\Windows\System\zlJSDvn.exe
  2⤵
  PID:8252
- C:\Windows\System\NznHDrc.exe
  C:\Windows\System\NznHDrc.exe
  2⤵
  PID:8368
- C:\Windows\System\FKMrhwl.exe
  C:\Windows\System\FKMrhwl.exe
  2⤵
  PID:8468
- C:\Windows\System\xzyMRVa.exe
  C:\Windows\System\xzyMRVa.exe
  2⤵
  PID:8540
- C:\Windows\System\lCtJQGv.exe
  C:\Windows\System\lCtJQGv.exe
  2⤵
  PID:8608
- C:\Windows\System\QwUahuY.exe
  C:\Windows\System\QwUahuY.exe
  2⤵
  PID:8680
- C:\Windows\System\PviHqwz.exe
  C:\Windows\System\PviHqwz.exe
  2⤵
  PID:8744
- C:\Windows\System\wbdHBrP.exe
  C:\Windows\System\wbdHBrP.exe
  2⤵
  PID:8808
- C:\Windows\System\HgdYsoK.exe
  C:\Windows\System\HgdYsoK.exe
  2⤵
  PID:8876
- C:\Windows\System\bGglmRm.exe
  C:\Windows\System\bGglmRm.exe
  2⤵
  PID:8948
- C:\Windows\System\RzqgkKX.exe
  C:\Windows\System\RzqgkKX.exe
  2⤵
  PID:9008
- C:\Windows\System\vvFqyGA.exe
  C:\Windows\System\vvFqyGA.exe
  2⤵
  PID:9084
- C:\Windows\System\FeGMLUQ.exe
  C:\Windows\System\FeGMLUQ.exe
  2⤵
  PID:9144
- C:\Windows\System\VaELXZZ.exe
  C:\Windows\System\VaELXZZ.exe
  2⤵
  PID:9204
- C:\Windows\System\rtREHry.exe
  C:\Windows\System\rtREHry.exe
  2⤵
  PID:8456
- C:\Windows\System\XFOalSb.exe
  C:\Windows\System\XFOalSb.exe
  2⤵
  PID:8600
- C:\Windows\System\YbABBmt.exe
  C:\Windows\System\YbABBmt.exe
  2⤵
  PID:8708
- C:\Windows\System\wMAxBsl.exe
  C:\Windows\System\wMAxBsl.exe
  2⤵
  PID:8888
- C:\Windows\System\ECtobXG.exe
  C:\Windows\System\ECtobXG.exe
  2⤵
  PID:9060
- C:\Windows\System\urrexwg.exe
  C:\Windows\System\urrexwg.exe
  2⤵
  PID:9200
- C:\Windows\System\CNBoKuw.exe
  C:\Windows\System\CNBoKuw.exe
  2⤵
  PID:8664
- C:\Windows\System\bNbqITA.exe
  C:\Windows\System\bNbqITA.exe
  2⤵
  PID:9004
- C:\Windows\System\ogxiZhK.exe
  C:\Windows\System\ogxiZhK.exe
  2⤵
  PID:8568
- C:\Windows\System\zHakrzw.exe
  C:\Windows\System\zHakrzw.exe
  2⤵
  PID:8976
- C:\Windows\System\IShMzvy.exe
  C:\Windows\System\IShMzvy.exe
  2⤵
  PID:9236
- C:\Windows\System\yWRuodl.exe
  C:\Windows\System\yWRuodl.exe
  2⤵
  PID:9264
- C:\Windows\System\RnpOten.exe
  C:\Windows\System\RnpOten.exe
  2⤵
  PID:9292
- C:\Windows\System\eKinyNZ.exe
  C:\Windows\System\eKinyNZ.exe
  2⤵
  PID:9320
- C:\Windows\System\lmiQimJ.exe
  C:\Windows\System\lmiQimJ.exe
  2⤵
  PID:9348
- C:\Windows\System\vNHbryW.exe
  C:\Windows\System\vNHbryW.exe
  2⤵
  PID:9376
- C:\Windows\System\dQOPbiY.exe
  C:\Windows\System\dQOPbiY.exe
  2⤵
  PID:9404
- C:\Windows\System\AfeOOxp.exe
  C:\Windows\System\AfeOOxp.exe
  2⤵
  PID:9436
- C:\Windows\System\awkwkea.exe
  C:\Windows\System\awkwkea.exe
  2⤵
  PID:9464
- C:\Windows\System\yBrRMDI.exe
  C:\Windows\System\yBrRMDI.exe
  2⤵
  PID:9492
- C:\Windows\System\yCAtwqV.exe
  C:\Windows\System\yCAtwqV.exe
  2⤵
  PID:9520
- C:\Windows\System\SoEOuBh.exe
  C:\Windows\System\SoEOuBh.exe
  2⤵
  PID:9548
- C:\Windows\System\HzLJpui.exe
  C:\Windows\System\HzLJpui.exe
  2⤵
  PID:9576
- C:\Windows\System\orvDuiU.exe
  C:\Windows\System\orvDuiU.exe
  2⤵
  PID:9628
- C:\Windows\System\nBgrcMA.exe
  C:\Windows\System\nBgrcMA.exe
  2⤵
  PID:9668
- C:\Windows\System\SczaeVb.exe
  C:\Windows\System\SczaeVb.exe
  2⤵
  PID:9696
- C:\Windows\System\Yhrtpqd.exe
  C:\Windows\System\Yhrtpqd.exe
  2⤵
  PID:9724
- C:\Windows\System\tWUVFLA.exe
  C:\Windows\System\tWUVFLA.exe
  2⤵
  PID:9752
- C:\Windows\System\ZAFcdYh.exe
  C:\Windows\System\ZAFcdYh.exe
  2⤵
  PID:9780
- C:\Windows\System\SGAtAAe.exe
  C:\Windows\System\SGAtAAe.exe
  2⤵
  PID:9824
- C:\Windows\System\lFWXatL.exe
  C:\Windows\System\lFWXatL.exe
  2⤵
  PID:9844
- C:\Windows\System\qKPhUYi.exe
  C:\Windows\System\qKPhUYi.exe
  2⤵
  PID:9872
- C:\Windows\System\xUIQDgJ.exe
  C:\Windows\System\xUIQDgJ.exe
  2⤵
  PID:9900
- C:\Windows\System\pHqenHE.exe
  C:\Windows\System\pHqenHE.exe
  2⤵
  PID:9928
- C:\Windows\System\HTkOCvD.exe
  C:\Windows\System\HTkOCvD.exe
  2⤵
  PID:9956
- C:\Windows\System\LGqhJYa.exe
  C:\Windows\System\LGqhJYa.exe
  2⤵
  PID:9984
- C:\Windows\System\aGEtkdy.exe
  C:\Windows\System\aGEtkdy.exe
  2⤵
  PID:10012
- C:\Windows\System\jJcrdAl.exe
  C:\Windows\System\jJcrdAl.exe
  2⤵
  PID:10048
- C:\Windows\System\HiGlTMZ.exe
  C:\Windows\System\HiGlTMZ.exe
  2⤵
  PID:10076
- C:\Windows\System\lbGJXJy.exe
  C:\Windows\System\lbGJXJy.exe
  2⤵
  PID:10140
- C:\Windows\System\PWrXedB.exe
  C:\Windows\System\PWrXedB.exe
  2⤵
  PID:10168
- C:\Windows\System\OYexYsw.exe
  C:\Windows\System\OYexYsw.exe
  2⤵
  PID:10196
- C:\Windows\System\wsyFnus.exe
  C:\Windows\System\wsyFnus.exe
  2⤵
  PID:10232
- C:\Windows\System\ukDxiJv.exe
  C:\Windows\System\ukDxiJv.exe
  2⤵
  PID:9284
- C:\Windows\System\gdeWiAt.exe
  C:\Windows\System\gdeWiAt.exe
  2⤵
  PID:4572
- C:\Windows\System\zeiFRUP.exe
  C:\Windows\System\zeiFRUP.exe
  2⤵
  PID:9396
- C:\Windows\System\GdMzOir.exe
  C:\Windows\System\GdMzOir.exe
  2⤵
  PID:9456
- C:\Windows\System\ncYrKyu.exe
  C:\Windows\System\ncYrKyu.exe
  2⤵
  PID:9516
- C:\Windows\System\vhmIYup.exe
  C:\Windows\System\vhmIYup.exe
  2⤵
  PID:9596
- C:\Windows\System\CjofNza.exe
  C:\Windows\System\CjofNza.exe
  2⤵
  PID:9688
- C:\Windows\System\nyDbXhV.exe
  C:\Windows\System\nyDbXhV.exe
  2⤵
  PID:9748
- C:\Windows\System\SrKBVWg.exe
  C:\Windows\System\SrKBVWg.exe
  2⤵
  PID:2756
- C:\Windows\System\pYybTdc.exe
  C:\Windows\System\pYybTdc.exe
  2⤵
  PID:5548
- C:\Windows\System\sMNwjMR.exe
  C:\Windows\System\sMNwjMR.exe
  2⤵
  PID:6128
- C:\Windows\System\fMPyWbD.exe
  C:\Windows\System\fMPyWbD.exe
  2⤵
  PID:8016
- C:\Windows\System\DnYWGdf.exe
  C:\Windows\System\DnYWGdf.exe
  2⤵
  PID:5332
- C:\Windows\System\DwbLSdK.exe
  C:\Windows\System\DwbLSdK.exe
  2⤵
  PID:9892
- C:\Windows\System\jyNephk.exe
  C:\Windows\System\jyNephk.exe
  2⤵
  PID:9952
- C:\Windows\System\dEqBrBE.exe
  C:\Windows\System\dEqBrBE.exe
  2⤵
  PID:10024
- C:\Windows\System\rVrTwfx.exe
  C:\Windows\System\rVrTwfx.exe
  2⤵
  PID:10060
- C:\Windows\System\ZEMtfXb.exe
  C:\Windows\System\ZEMtfXb.exe
  2⤵
  PID:2160
- C:\Windows\System\lOMHWtd.exe
  C:\Windows\System\lOMHWtd.exe
  2⤵
  PID:10184
- C:\Windows\System\uSkaPmr.exe
  C:\Windows\System\uSkaPmr.exe
  2⤵
  PID:9256
- C:\Windows\System\hCgCCxX.exe
  C:\Windows\System\hCgCCxX.exe
  2⤵
  PID:9432
- C:\Windows\System\IFVJlOy.exe
  C:\Windows\System\IFVJlOy.exe
  2⤵
  PID:9512
- C:\Windows\System\kesBPCn.exe
  C:\Windows\System\kesBPCn.exe
  2⤵
  PID:9680
- C:\Windows\System\jbtyxgq.exe
  C:\Windows\System\jbtyxgq.exe
  2⤵
  PID:224
- C:\Windows\System\omNFPNg.exe
  C:\Windows\System\omNFPNg.exe
  2⤵
  PID:1676
- C:\Windows\System\cGcFPdF.exe
  C:\Windows\System\cGcFPdF.exe
  2⤵
  PID:9808
- C:\Windows\System\GhGJYSA.exe
  C:\Windows\System\GhGJYSA.exe
  2⤵
  PID:4284
- C:\Windows\System\yBstRjy.exe
  C:\Windows\System\yBstRjy.exe
  2⤵
  PID:10088
- C:\Windows\System\XcAULQk.exe
  C:\Windows\System\XcAULQk.exe
  2⤵
  PID:10152
- C:\Windows\System\xDPuzvu.exe
  C:\Windows\System\xDPuzvu.exe
  2⤵
  PID:9316
- C:\Windows\System\gXQmOBT.exe
  C:\Windows\System\gXQmOBT.exe
  2⤵
  PID:3532
- C:\Windows\System\xzIwVjK.exe
  C:\Windows\System\xzIwVjK.exe
  2⤵
  PID:4928
- C:\Windows\System\kcWwQMx.exe
  C:\Windows\System\kcWwQMx.exe
  2⤵
  PID:9980
- C:\Windows\System\SkouBhV.exe
  C:\Windows\System\SkouBhV.exe
  2⤵
  PID:10220
- C:\Windows\System\yWloIxX.exe
  C:\Windows\System\yWloIxX.exe
  2⤵
  PID:5940
- C:\Windows\System\kUJVoQo.exe
  C:\Windows\System\kUJVoQo.exe
  2⤵
  PID:9508
- C:\Windows\System\TgrHqfJ.exe
  C:\Windows\System\TgrHqfJ.exe
  2⤵
  PID:10164
- C:\Windows\System\OzkCQgq.exe
  C:\Windows\System\OzkCQgq.exe
  2⤵
  PID:10272
- C:\Windows\System\pmqMcGI.exe
  C:\Windows\System\pmqMcGI.exe
  2⤵
  PID:10300
- C:\Windows\System\HPeTaCH.exe
  C:\Windows\System\HPeTaCH.exe
  2⤵
  PID:10328
- C:\Windows\System\LVloAIQ.exe
  C:\Windows\System\LVloAIQ.exe
  2⤵
  PID:10360
- C:\Windows\System\ADYBKoq.exe
  C:\Windows\System\ADYBKoq.exe
  2⤵
  PID:10388
- C:\Windows\System\yxxvpBU.exe
  C:\Windows\System\yxxvpBU.exe
  2⤵
  PID:10420
- C:\Windows\System\zUdwBqz.exe
  C:\Windows\System\zUdwBqz.exe
  2⤵
  PID:10448
- C:\Windows\System\AIyppUc.exe
  C:\Windows\System\AIyppUc.exe
  2⤵
  PID:10476
- C:\Windows\System\sIhKipM.exe
  C:\Windows\System\sIhKipM.exe
  2⤵
  PID:10504
- C:\Windows\System\EnQxSIu.exe
  C:\Windows\System\EnQxSIu.exe
  2⤵
  PID:10532
- C:\Windows\System\KZdaoPB.exe
  C:\Windows\System\KZdaoPB.exe
  2⤵
  PID:10560
- C:\Windows\System\PokxqBN.exe
  C:\Windows\System\PokxqBN.exe
  2⤵
  PID:10588
- C:\Windows\System\dbTXdLO.exe
  C:\Windows\System\dbTXdLO.exe
  2⤵
  PID:10676
- C:\Windows\System\JnTgHyB.exe
  C:\Windows\System\JnTgHyB.exe
  2⤵
  PID:10708
- C:\Windows\System\mqzWDVJ.exe
  C:\Windows\System\mqzWDVJ.exe
  2⤵
  PID:10788
- C:\Windows\System\VydUKJq.exe
  C:\Windows\System\VydUKJq.exe
  2⤵
  PID:10808
- C:\Windows\System\iMiPJBA.exe
  C:\Windows\System\iMiPJBA.exe
  2⤵
  PID:10856
- C:\Windows\System\CmXmnCp.exe
  C:\Windows\System\CmXmnCp.exe
  2⤵
  PID:10884
- C:\Windows\System\fXQBzIj.exe
  C:\Windows\System\fXQBzIj.exe
  2⤵
  PID:10912
- C:\Windows\System\HRWOQXI.exe
  C:\Windows\System\HRWOQXI.exe
  2⤵
  PID:10940
- C:\Windows\System\paMajco.exe
  C:\Windows\System\paMajco.exe
  2⤵
  PID:10968
- C:\Windows\System\LAtoRIY.exe
  C:\Windows\System\LAtoRIY.exe
  2⤵
  PID:10996
- C:\Windows\System\VJldtOE.exe
  C:\Windows\System\VJldtOE.exe
  2⤵
  PID:11016
- C:\Windows\System\CfqlodG.exe
  C:\Windows\System\CfqlodG.exe
  2⤵
  PID:11056
- C:\Windows\System\fcFbbnC.exe
  C:\Windows\System\fcFbbnC.exe
  2⤵
  PID:11092
- C:\Windows\System\eXRDzrF.exe
  C:\Windows\System\eXRDzrF.exe
  2⤵
  PID:11148
- C:\Windows\System\gBKRJyy.exe
  C:\Windows\System\gBKRJyy.exe
  2⤵
  PID:11180
- C:\Windows\System\acIetco.exe
  C:\Windows\System\acIetco.exe
  2⤵
  PID:11208
- C:\Windows\System\OAkYoar.exe
  C:\Windows\System\OAkYoar.exe
  2⤵
  PID:11236
- C:\Windows\System\oOKRXMv.exe
  C:\Windows\System\oOKRXMv.exe
  2⤵
  PID:5952
- C:\Windows\System\hHdmhuS.exe
  C:\Windows\System\hHdmhuS.exe
  2⤵
  PID:10296
- C:\Windows\System\yalOaAi.exe
  C:\Windows\System\yalOaAi.exe
  2⤵
  PID:10376
- C:\Windows\System\sZSEWQD.exe
  C:\Windows\System\sZSEWQD.exe
  2⤵
  PID:10436
- C:\Windows\System\nAgfVOj.exe
  C:\Windows\System\nAgfVOj.exe
  2⤵
  PID:5040
- C:\Windows\System\UHloSMy.exe
  C:\Windows\System\UHloSMy.exe
  2⤵
  PID:10524
- C:\Windows\System\HDCCWYL.exe
  C:\Windows\System\HDCCWYL.exe
  2⤵
  PID:10624
- C:\Windows\System\zoEvRXT.exe
  C:\Windows\System\zoEvRXT.exe
  2⤵
  PID:10696
- C:\Windows\System\LGguvZq.exe
  C:\Windows\System\LGguvZq.exe
  2⤵
  PID:10840
- C:\Windows\System\dXZEMDW.exe
  C:\Windows\System\dXZEMDW.exe
  2⤵
  PID:10904
- C:\Windows\System\bKqSvyT.exe
  C:\Windows\System\bKqSvyT.exe
  2⤵
  PID:10964
- C:\Windows\System\LiIRUhb.exe
  C:\Windows\System\LiIRUhb.exe
  2⤵
  PID:11044
- C:\Windows\System\bQYyxWB.exe
  C:\Windows\System\bQYyxWB.exe
  2⤵
  PID:3748
- C:\Windows\System\ygmXhWq.exe
  C:\Windows\System\ygmXhWq.exe
  2⤵
  PID:10224
- C:\Windows\System\DCniXIP.exe
  C:\Windows\System\DCniXIP.exe
  2⤵
  PID:2760
- C:\Windows\System\qttSJUB.exe
  C:\Windows\System\qttSJUB.exe
  2⤵
  PID:11200
- C:\Windows\System\yNDdgzJ.exe
  C:\Windows\System\yNDdgzJ.exe
  2⤵
  PID:11256
- C:\Windows\System\rUvGikF.exe
  C:\Windows\System\rUvGikF.exe
  2⤵
  PID:5116
- C:\Windows\System\uWfIACq.exe
  C:\Windows\System\uWfIACq.exe
  2⤵
  PID:10472
- C:\Windows\System\WRBFAlR.exe
  C:\Windows\System\WRBFAlR.exe
  2⤵
  PID:10580
- C:\Windows\System\HbcTBMU.exe
  C:\Windows\System\HbcTBMU.exe
  2⤵
  PID:10868
- C:\Windows\System\MJhfoHX.exe
  C:\Windows\System\MJhfoHX.exe
  2⤵
  PID:11004
- C:\Windows\System\kqXfvxq.exe
  C:\Windows\System\kqXfvxq.exe
  2⤵
  PID:10124
- C:\Windows\System\GNBiRdM.exe
  C:\Windows\System\GNBiRdM.exe
  2⤵
  PID:11228
- C:\Windows\System\aUxTNfG.exe
  C:\Windows\System\aUxTNfG.exe
  2⤵
  PID:10416
- C:\Windows\System\OiHwuYi.exe
  C:\Windows\System\OiHwuYi.exe
  2⤵
  PID:10816
- C:\Windows\System\ZefKqfV.exe
  C:\Windows\System\ZefKqfV.exe
  2⤵
  PID:9248
- C:\Windows\System\DrlEeJp.exe
  C:\Windows\System\DrlEeJp.exe
  2⤵
  PID:10704
- C:\Windows\System\TKMsQxj.exe
  C:\Windows\System\TKMsQxj.exe
  2⤵
  PID:10552
- C:\Windows\System\krpFWbf.exe
  C:\Windows\System\krpFWbf.exe
  2⤵
  PID:11280
- C:\Windows\System\SujsWnA.exe
  C:\Windows\System\SujsWnA.exe
  2⤵
  PID:11308
- C:\Windows\System\pQGtNNn.exe
  C:\Windows\System\pQGtNNn.exe
  2⤵
  PID:11336
- C:\Windows\System\VcpbgoB.exe
  C:\Windows\System\VcpbgoB.exe
  2⤵
  PID:11364
- C:\Windows\System\CWAFjeL.exe
  C:\Windows\System\CWAFjeL.exe
  2⤵
  PID:11392
- C:\Windows\System\RimWddj.exe
  C:\Windows\System\RimWddj.exe
  2⤵
  PID:11420
- C:\Windows\System\unWAzgT.exe
  C:\Windows\System\unWAzgT.exe
  2⤵
  PID:11448
- C:\Windows\System\WENLmsV.exe
  C:\Windows\System\WENLmsV.exe
  2⤵
  PID:11476
- C:\Windows\System\ZxLSbja.exe
  C:\Windows\System\ZxLSbja.exe
  2⤵
  PID:11504
- C:\Windows\System\EKPCVoO.exe
  C:\Windows\System\EKPCVoO.exe
  2⤵
  PID:11532
- C:\Windows\System\AzTdwnH.exe
  C:\Windows\System\AzTdwnH.exe
  2⤵
  PID:11560
- C:\Windows\System\VAquVAp.exe
  C:\Windows\System\VAquVAp.exe
  2⤵
  PID:11600
- C:\Windows\System\HRnOLuf.exe
  C:\Windows\System\HRnOLuf.exe
  2⤵
  PID:11616
- C:\Windows\System\dgoTAPw.exe
  C:\Windows\System\dgoTAPw.exe
  2⤵
  PID:11644
- C:\Windows\System\exejeVi.exe
  C:\Windows\System\exejeVi.exe
  2⤵
  PID:11672
- C:\Windows\System\flEMdFV.exe
  C:\Windows\System\flEMdFV.exe
  2⤵
  PID:11700
- C:\Windows\System\loKTqxS.exe
  C:\Windows\System\loKTqxS.exe
  2⤵
  PID:11728
- C:\Windows\System\hbgooGz.exe
  C:\Windows\System\hbgooGz.exe
  2⤵
  PID:11756
- C:\Windows\System\bVPvyTP.exe
  C:\Windows\System\bVPvyTP.exe
  2⤵
  PID:11784
- C:\Windows\System\wVuKLwm.exe
  C:\Windows\System\wVuKLwm.exe
  2⤵
  PID:11812
- C:\Windows\System\LoojKEf.exe
  C:\Windows\System\LoojKEf.exe
  2⤵
  PID:11840
- C:\Windows\System\JtxiIyD.exe
  C:\Windows\System\JtxiIyD.exe
  2⤵
  PID:11868
- C:\Windows\System\XVtIheK.exe
  C:\Windows\System\XVtIheK.exe
  2⤵
  PID:11896
- C:\Windows\System\hkjzzmq.exe
  C:\Windows\System\hkjzzmq.exe
  2⤵
  PID:11924
- C:\Windows\System\IbzEUhM.exe
  C:\Windows\System\IbzEUhM.exe
  2⤵
  PID:11952
- C:\Windows\System\LmWVhYp.exe
  C:\Windows\System\LmWVhYp.exe
  2⤵
  PID:11992
- C:\Windows\System\NgikqYe.exe
  C:\Windows\System\NgikqYe.exe
  2⤵
  PID:12012
- C:\Windows\System\rwLPrWW.exe
  C:\Windows\System\rwLPrWW.exe
  2⤵
  PID:12040
- C:\Windows\System\LlxXdCx.exe
  C:\Windows\System\LlxXdCx.exe
  2⤵
  PID:12068
- C:\Windows\System\gjoRRfI.exe
  C:\Windows\System\gjoRRfI.exe
  2⤵
  PID:12096
- C:\Windows\System\uibcNcq.exe
  C:\Windows\System\uibcNcq.exe
  2⤵
  PID:12124
- C:\Windows\System\bCnCOvf.exe
  C:\Windows\System\bCnCOvf.exe
  2⤵
  PID:12152
- C:\Windows\System\CBhKqDt.exe
  C:\Windows\System\CBhKqDt.exe
  2⤵
  PID:12180
- C:\Windows\System\qOSVtZl.exe
  C:\Windows\System\qOSVtZl.exe
  2⤵
  PID:12208
- C:\Windows\System\iNFFyQO.exe
  C:\Windows\System\iNFFyQO.exe
  2⤵
  PID:12236
- C:\Windows\System\NKDfyix.exe
  C:\Windows\System\NKDfyix.exe
  2⤵
  PID:12264
- C:\Windows\System\mymXqAo.exe
  C:\Windows\System\mymXqAo.exe
  2⤵
  PID:11272
- C:\Windows\System\bERSALv.exe
  C:\Windows\System\bERSALv.exe
  2⤵
  PID:4480
- C:\Windows\System\cNuSNuQ.exe
  C:\Windows\System\cNuSNuQ.exe
  2⤵
  PID:11408
- C:\Windows\System\SHuwRaX.exe
  C:\Windows\System\SHuwRaX.exe
  2⤵
  PID:11468
- C:\Windows\System\PCwldYx.exe
  C:\Windows\System\PCwldYx.exe
  2⤵
  PID:11528
- C:\Windows\System\stCMASZ.exe
  C:\Windows\System\stCMASZ.exe
  2⤵
  PID:11608
- C:\Windows\System\agUPvPf.exe
  C:\Windows\System\agUPvPf.exe
  2⤵
  PID:11664
- C:\Windows\System\SeISMxb.exe
  C:\Windows\System\SeISMxb.exe
  2⤵
  PID:11740
- C:\Windows\System\XHzRBag.exe
  C:\Windows\System\XHzRBag.exe
  2⤵
  PID:5356
- C:\Windows\System\RjrfMXb.exe
  C:\Windows\System\RjrfMXb.exe
  2⤵
  PID:11880
- C:\Windows\System\GRVsaZS.exe
  C:\Windows\System\GRVsaZS.exe
  2⤵
  PID:11944
- C:\Windows\System\BZatYbH.exe
  C:\Windows\System\BZatYbH.exe
  2⤵
  PID:12004
- C:\Windows\System\MOkULcC.exe
  C:\Windows\System\MOkULcC.exe
  2⤵
  PID:4404
- C:\Windows\System\KPkPslb.exe
  C:\Windows\System\KPkPslb.exe
  2⤵
  PID:3652
- C:\Windows\System\ZAtkHHy.exe
  C:\Windows\System\ZAtkHHy.exe
  2⤵
  PID:12036
- C:\Windows\System\veyKIAH.exe
  C:\Windows\System\veyKIAH.exe
  2⤵
  PID:12108
- C:\Windows\System\YCCRRNW.exe
  C:\Windows\System\YCCRRNW.exe
  2⤵
  PID:12172
- C:\Windows\System\pFZnWwN.exe
  C:\Windows\System\pFZnWwN.exe
  2⤵
  PID:12232
- C:\Windows\System\SHWPdLq.exe
  C:\Windows\System\SHWPdLq.exe
  2⤵
  PID:12284
- C:\Windows\System\jWnqLXO.exe
  C:\Windows\System\jWnqLXO.exe
  2⤵
  PID:11416
- C:\Windows\System\nqnQnXU.exe
  C:\Windows\System\nqnQnXU.exe
  2⤵
  PID:11584
- C:\Windows\System\oLWTsQW.exe
  C:\Windows\System\oLWTsQW.exe
  2⤵
  PID:11768
- C:\Windows\System\yjsXEak.exe
  C:\Windows\System\yjsXEak.exe
  2⤵
  PID:11860
- C:\Windows\System\qplHbfD.exe
  C:\Windows\System\qplHbfD.exe
  2⤵
  PID:8136
- C:\Windows\System\tEKJNwF.exe
  C:\Windows\System\tEKJNwF.exe
  2⤵
  PID:1028
- C:\Windows\System\MjZpIbu.exe
  C:\Windows\System\MjZpIbu.exe
  2⤵
  PID:12148
- C:\Windows\System\MxrNoJe.exe
  C:\Windows\System\MxrNoJe.exe
  2⤵
  PID:10408
- C:\Windows\System\TYwrnJT.exe
  C:\Windows\System\TYwrnJT.exe
  2⤵
  PID:11668
- C:\Windows\System\Nbltzxh.exe
  C:\Windows\System\Nbltzxh.exe
  2⤵
  PID:11988
- C:\Windows\System\DOhqKUW.exe
  C:\Windows\System\DOhqKUW.exe
  2⤵
  PID:12136
- C:\Windows\System\pkGNZeK.exe
  C:\Windows\System\pkGNZeK.exe
  2⤵
  PID:11824
- C:\Windows\System\UHmweep.exe
  C:\Windows\System\UHmweep.exe
  2⤵
  PID:1456
- C:\Windows\System\DufXpiQ.exe
  C:\Windows\System\DufXpiQ.exe
  2⤵
  PID:3888
- C:\Windows\System\cAjugsf.exe
  C:\Windows\System\cAjugsf.exe
  2⤵
  PID:12316
- C:\Windows\System\KQKXPwD.exe
  C:\Windows\System\KQKXPwD.exe
  2⤵
  PID:12344
- C:\Windows\System\iZLiwSy.exe
  C:\Windows\System\iZLiwSy.exe
  2⤵
  PID:12372
- C:\Windows\System\JmiljWs.exe
  C:\Windows\System\JmiljWs.exe
  2⤵
  PID:12400
- C:\Windows\System\UspdEvz.exe
  C:\Windows\System\UspdEvz.exe
  2⤵
  PID:12428
- C:\Windows\System\yyEuKne.exe
  C:\Windows\System\yyEuKne.exe
  2⤵
  PID:12456
- C:\Windows\System\jYsIvyI.exe
  C:\Windows\System\jYsIvyI.exe
  2⤵
  PID:12484
- C:\Windows\System\avyuGAq.exe
  C:\Windows\System\avyuGAq.exe
  2⤵
  PID:12512
- C:\Windows\System\AHIZSjd.exe
  C:\Windows\System\AHIZSjd.exe
  2⤵
  PID:12540
- C:\Windows\System\PqMyMFH.exe
  C:\Windows\System\PqMyMFH.exe
  2⤵
  PID:12568
- C:\Windows\System\EGDgxPm.exe
  C:\Windows\System\EGDgxPm.exe
  2⤵
  PID:12596
- C:\Windows\System\WKyJMUE.exe
  C:\Windows\System\WKyJMUE.exe
  2⤵
  PID:12624
- C:\Windows\System\mPdsYCR.exe
  C:\Windows\System\mPdsYCR.exe
  2⤵
  PID:12652
- C:\Windows\System\viKalUa.exe
  C:\Windows\System\viKalUa.exe
  2⤵
  PID:12680
- C:\Windows\System\nIGdCcW.exe
  C:\Windows\System\nIGdCcW.exe
  2⤵
  PID:12708
- C:\Windows\System\bjpHDGa.exe
  C:\Windows\System\bjpHDGa.exe
  2⤵
  PID:12736
- C:\Windows\System\LowluZk.exe
  C:\Windows\System\LowluZk.exe
  2⤵
  PID:12764
- C:\Windows\System\kYAHHVD.exe
  C:\Windows\System\kYAHHVD.exe
  2⤵
  PID:12792
- C:\Windows\System\eFxoCDk.exe
  C:\Windows\System\eFxoCDk.exe
  2⤵
  PID:12820
- C:\Windows\System\HONooIa.exe
  C:\Windows\System\HONooIa.exe
  2⤵
  PID:12848
- C:\Windows\System\WTbqPVh.exe
  C:\Windows\System\WTbqPVh.exe
  2⤵
  PID:12876
- C:\Windows\System\UyPZAuY.exe
  C:\Windows\System\UyPZAuY.exe
  2⤵
  PID:12904
- C:\Windows\System\OxJjmAO.exe
  C:\Windows\System\OxJjmAO.exe
  2⤵
  PID:12932
- C:\Windows\System\UtdnrNu.exe
  C:\Windows\System\UtdnrNu.exe
  2⤵
  PID:12960
- C:\Windows\System\ImxdJxF.exe
  C:\Windows\System\ImxdJxF.exe
  2⤵
  PID:12988
- C:\Windows\System\lKyrmMx.exe
  C:\Windows\System\lKyrmMx.exe
  2⤵
  PID:13016
- C:\Windows\System\mEDUssS.exe
  C:\Windows\System\mEDUssS.exe
  2⤵
  PID:13044
- C:\Windows\System\ZMyyHJx.exe
  C:\Windows\System\ZMyyHJx.exe
  2⤵
  PID:13072
- C:\Windows\System\psEajCU.exe
  C:\Windows\System\psEajCU.exe
  2⤵
  PID:13100
- C:\Windows\System\PmBzXIN.exe
  C:\Windows\System\PmBzXIN.exe
  2⤵
  PID:13128
- C:\Windows\System\iTcfyjX.exe
  C:\Windows\System\iTcfyjX.exe
  2⤵
  PID:13156
- C:\Windows\System\QaQVwPs.exe
  C:\Windows\System\QaQVwPs.exe
  2⤵
  PID:13184
- C:\Windows\System\hVAWTvd.exe
  C:\Windows\System\hVAWTvd.exe
  2⤵
  PID:13212
- C:\Windows\System\TzszWXj.exe
  C:\Windows\System\TzszWXj.exe
  2⤵
  PID:13240
- C:\Windows\System\SaXMcsA.exe
  C:\Windows\System\SaXMcsA.exe
  2⤵
  PID:13268
- C:\Windows\System\fNPHztQ.exe
  C:\Windows\System\fNPHztQ.exe
  2⤵
  PID:13296
- C:\Windows\System\oUnhYON.exe
  C:\Windows\System\oUnhYON.exe
  2⤵
  PID:12312
- C:\Windows\System\aiHcMUA.exe
  C:\Windows\System\aiHcMUA.exe
  2⤵
  PID:12384
- C:\Windows\System\cGkgetm.exe
  C:\Windows\System\cGkgetm.exe
  2⤵
  PID:4424
- C:\Windows\System\MYWIbco.exe
  C:\Windows\System\MYWIbco.exe
  2⤵
  PID:12496
- C:\Windows\System\VQrHUCo.exe
  C:\Windows\System\VQrHUCo.exe
  2⤵
  PID:12552
- C:\Windows\System\thzinEd.exe
  C:\Windows\System\thzinEd.exe
  2⤵
  PID:3308
- C:\Windows\System\pOiMXde.exe
  C:\Windows\System\pOiMXde.exe
  2⤵
  PID:12668
- C:\Windows\System\LMxuVkt.exe
  C:\Windows\System\LMxuVkt.exe
  2⤵
  PID:12728
- C:\Windows\System\heNPvEt.exe
  C:\Windows\System\heNPvEt.exe
  2⤵
  PID:12784
- C:\Windows\System\OjziYbl.exe
  C:\Windows\System\OjziYbl.exe
  2⤵
  PID:12844
- C:\Windows\System\ELTRpQc.exe
  C:\Windows\System\ELTRpQc.exe
  2⤵
  PID:12916
- C:\Windows\System\IuKRndd.exe
  C:\Windows\System\IuKRndd.exe
  2⤵
  PID:12980
- C:\Windows\System\OOFpHkl.exe
  C:\Windows\System\OOFpHkl.exe
  2⤵
  PID:13040
- C:\Windows\System\zuHjPsq.exe
  C:\Windows\System\zuHjPsq.exe
  2⤵
  PID:13112
- C:\Windows\System\kFAAoex.exe
  C:\Windows\System\kFAAoex.exe
  2⤵
  PID:13176
- C:\Windows\System\nHIOtlX.exe
  C:\Windows\System\nHIOtlX.exe
  2⤵
  PID:13232
- C:\Windows\System\PVBtseh.exe
  C:\Windows\System\PVBtseh.exe
  2⤵
  PID:13292
- C:\Windows\System\rxbpikR.exe
  C:\Windows\System\rxbpikR.exe
  2⤵
  PID:12416
- C:\Windows\System\pbWgvuH.exe
  C:\Windows\System\pbWgvuH.exe
  2⤵
  PID:2784
- C:\Windows\System\UIfhqvX.exe
  C:\Windows\System\UIfhqvX.exe
  2⤵
  PID:12608
- C:\Windows\System\xftbqQo.exe
  C:\Windows\System\xftbqQo.exe
  2⤵
  PID:12756
- C:\Windows\System\VznHbdm.exe
  C:\Windows\System\VznHbdm.exe
  2⤵
  PID:12896
- C:\Windows\System\BVFhZLQ.exe
  C:\Windows\System\BVFhZLQ.exe
  2⤵
  PID:13036
- C:\Windows\System\CJYKMwn.exe
  C:\Windows\System\CJYKMwn.exe
  2⤵
  PID:13208
- C:\Windows\System\sXbuLIC.exe
  C:\Windows\System\sXbuLIC.exe
  2⤵
  PID:12308
- C:\Windows\System\HGxQdla.exe
  C:\Windows\System\HGxQdla.exe
  2⤵
  PID:2024
- C:\Windows\System\SPHQWjz.exe
  C:\Windows\System\SPHQWjz.exe
  2⤵
  PID:12872
- C:\Windows\System\QLEvQus.exe
  C:\Windows\System\QLEvQus.exe
  2⤵
  PID:13168
- C:\Windows\System\lQLSiFW.exe
  C:\Windows\System\lQLSiFW.exe
  2⤵
  PID:12588
- C:\Windows\System\JyVhlOO.exe
  C:\Windows\System\JyVhlOO.exe
  2⤵
  PID:13288
- C:\Windows\System\jSPIxWj.exe
  C:\Windows\System\jSPIxWj.exe
  2⤵
  PID:13152
- C:\Windows\System\CeLZsSw.exe
  C:\Windows\System\CeLZsSw.exe
  2⤵
  PID:13340
- C:\Windows\System\UMpnsJy.exe
  C:\Windows\System\UMpnsJy.exe
  2⤵
  PID:13368
- C:\Windows\System\uwsunch.exe
  C:\Windows\System\uwsunch.exe
  2⤵
  PID:13396
- C:\Windows\System\xlXbyTy.exe
  C:\Windows\System\xlXbyTy.exe
  2⤵
  PID:13424
- C:\Windows\System\lzFjjCs.exe
  C:\Windows\System\lzFjjCs.exe
  2⤵
  PID:13452
- C:\Windows\System\gFjgING.exe
  C:\Windows\System\gFjgING.exe
  2⤵
  PID:13488
- C:\Windows\System\XxjLjHb.exe
  C:\Windows\System\XxjLjHb.exe
  2⤵
  PID:13508
- C:\Windows\System\PSNznCf.exe
  C:\Windows\System\PSNznCf.exe
  2⤵
  PID:13536
- C:\Windows\System\gUMLNwe.exe
  C:\Windows\System\gUMLNwe.exe
  2⤵
  PID:13564
- C:\Windows\System\bsDHNRR.exe
  C:\Windows\System\bsDHNRR.exe
  2⤵
  PID:13592
- C:\Windows\System\VmwKtbA.exe
  C:\Windows\System\VmwKtbA.exe
  2⤵
  PID:13620
- C:\Windows\System\OETriUk.exe
  C:\Windows\System\OETriUk.exe
  2⤵
  PID:13648
- C:\Windows\System\LLMUFEJ.exe
  C:\Windows\System\LLMUFEJ.exe
  2⤵
  PID:13676
- C:\Windows\System\GduYrFO.exe
  C:\Windows\System\GduYrFO.exe
  2⤵
  PID:13704
- C:\Windows\System\QnMsObu.exe
  C:\Windows\System\QnMsObu.exe
  2⤵
  PID:13732
- C:\Windows\System\NVmAZlH.exe
  C:\Windows\System\NVmAZlH.exe
  2⤵
  PID:13760
- C:\Windows\System\QchfhYx.exe
  C:\Windows\System\QchfhYx.exe
  2⤵
  PID:13788
- C:\Windows\System\BmstbdL.exe
  C:\Windows\System\BmstbdL.exe
  2⤵
  PID:13816
- C:\Windows\System\DfPqSMv.exe
  C:\Windows\System\DfPqSMv.exe
  2⤵
  PID:13844
- C:\Windows\System\KDIKLBZ.exe
  C:\Windows\System\KDIKLBZ.exe
  2⤵
  PID:13872
- C:\Windows\System\pHVemUF.exe
  C:\Windows\System\pHVemUF.exe
  2⤵
  PID:13900
- C:\Windows\System\GYhiRNc.exe
  C:\Windows\System\GYhiRNc.exe
  2⤵
  PID:13928
- C:\Windows\System\HTeZjXm.exe
  C:\Windows\System\HTeZjXm.exe
  2⤵
  PID:13956
- C:\Windows\System\DpmjiCh.exe
  C:\Windows\System\DpmjiCh.exe
  2⤵
  PID:13984
- C:\Windows\System\CWKnrAd.exe
  C:\Windows\System\CWKnrAd.exe
  2⤵
  PID:14012
- C:\Windows\System\rkHGjSi.exe
  C:\Windows\System\rkHGjSi.exe
  2⤵
  PID:14040
- C:\Windows\System\uuLxVRF.exe
  C:\Windows\System\uuLxVRF.exe
  2⤵
  PID:14068
- C:\Windows\System\SOdyBoy.exe
  C:\Windows\System\SOdyBoy.exe
  2⤵
  PID:14096
- C:\Windows\System\JnKiQUj.exe
  C:\Windows\System\JnKiQUj.exe
  2⤵
  PID:14124
- C:\Windows\System\BVRFZQL.exe
  C:\Windows\System\BVRFZQL.exe
  2⤵
  PID:14152
- C:\Windows\System\riSVNkZ.exe
  C:\Windows\System\riSVNkZ.exe
  2⤵
  PID:14180
- C:\Windows\System\EAbVDaS.exe
  C:\Windows\System\EAbVDaS.exe
  2⤵
  PID:14208
- C:\Windows\System\OTgcFPE.exe
  C:\Windows\System\OTgcFPE.exe
  2⤵
  PID:14236
- C:\Windows\System\MwlAJSf.exe
  C:\Windows\System\MwlAJSf.exe
  2⤵
  PID:14264
- C:\Windows\System\YUMgJxl.exe
  C:\Windows\System\YUMgJxl.exe
  2⤵
  PID:14292
- C:\Windows\System\iQJMfnr.exe
  C:\Windows\System\iQJMfnr.exe
  2⤵
  PID:14320
- C:\Windows\System\RaCNblS.exe
  C:\Windows\System\RaCNblS.exe
  2⤵
  PID:13336
- C:\Windows\System\ywFkkai.exe
  C:\Windows\System\ywFkkai.exe
  2⤵
  PID:13408
- C:\Windows\System\nSaahOe.exe
  C:\Windows\System\nSaahOe.exe
  2⤵
  PID:13472
- C:\Windows\System\KSMQusJ.exe
  C:\Windows\System\KSMQusJ.exe
  2⤵
  PID:13532
- C:\Windows\System\kBlTysG.exe
  C:\Windows\System\kBlTysG.exe
  2⤵
  PID:13604
- C:\Windows\System\PuLRnbv.exe
  C:\Windows\System\PuLRnbv.exe
  2⤵
  PID:4652
- C:\Windows\System\oFsjaQE.exe
  C:\Windows\System\oFsjaQE.exe
  2⤵
  PID:13660
- C:\Windows\System\ciPqYEM.exe
  C:\Windows\System\ciPqYEM.exe
  2⤵
  PID:13728
- C:\Windows\System\QuDPyTa.exe
  C:\Windows\System\QuDPyTa.exe
  2⤵
  PID:13772
- C:\Windows\System\UPAQAIZ.exe
  C:\Windows\System\UPAQAIZ.exe
  2⤵
  PID:13868
- C:\Windows\System\zGRxsEs.exe
  C:\Windows\System\zGRxsEs.exe
  2⤵
  PID:13948
- C:\Windows\System\Hrdrlro.exe
  C:\Windows\System\Hrdrlro.exe
  2⤵
  PID:14008
- C:\Windows\System\MSYfDrl.exe
  C:\Windows\System\MSYfDrl.exe
  2⤵
  PID:14080
- C:\Windows\System\GRVuosS.exe
  C:\Windows\System\GRVuosS.exe
  2⤵
  PID:14144
- C:\Windows\System\ppIKUvL.exe
  C:\Windows\System\ppIKUvL.exe
  2⤵
  PID:14204
- C:\Windows\System\ERzgZtF.exe
  C:\Windows\System\ERzgZtF.exe
  2⤵
  PID:14276
- C:\Windows\System\nkIyoBf.exe
  C:\Windows\System\nkIyoBf.exe
  2⤵
  PID:13324
- C:\Windows\System\AnAGozX.exe
  C:\Windows\System\AnAGozX.exe
  2⤵
  PID:13464
- C:\Windows\System\RrHIvXQ.exe
  C:\Windows\System\RrHIvXQ.exe
  2⤵
  PID:5372
- C:\Windows\System\RKlsyNt.exe
  C:\Windows\System\RKlsyNt.exe
  2⤵
  PID:13700
- C:\Windows\System\yLlzEcV.exe
  C:\Windows\System\yLlzEcV.exe
  2⤵
  PID:13724
- C:\Windows\System\gSqUhEt.exe
  C:\Windows\System\gSqUhEt.exe
  2⤵
  PID:13912
- C:\Windows\System\vMrwYga.exe
  C:\Windows\System\vMrwYga.exe
  2⤵
  PID:13920
- C:\Windows\System\RkVBDbg.exe
  C:\Windows\System\RkVBDbg.exe
  2⤵
  PID:14060
- C:\Windows\System\xkslQAa.exe
  C:\Windows\System\xkslQAa.exe
  2⤵
  PID:14200
- C:\Windows\System\kwyxAzn.exe
  C:\Windows\System\kwyxAzn.exe
  2⤵
  PID:13388
- C:\Windows\System\UGlkxgr.exe
  C:\Windows\System\UGlkxgr.exe
  2⤵
  PID:13644
- C:\Windows\System\JpqrOEd.exe
  C:\Windows\System\JpqrOEd.exe
  2⤵
  PID:13836
- C:\Windows\System\VOkwYHA.exe
  C:\Windows\System\VOkwYHA.exe
  2⤵
  PID:14312
- C:\Windows\System\kYFvyGw.exe
  C:\Windows\System\kYFvyGw.exe
  2⤵
  PID:13588
- C:\Windows\System\rBzTHrM.exe
  C:\Windows\System\rBzTHrM.exe
  2⤵
  PID:14196
- C:\Windows\System\TnucXHv.exe
  C:\Windows\System\TnucXHv.exe
  2⤵
  PID:13560
- C:\Windows\System\bkJHark.exe
  C:\Windows\System\bkJHark.exe
  2⤵
  PID:14356
- C:\Windows\System\urpGuPk.exe
  C:\Windows\System\urpGuPk.exe
  2⤵
  PID:14384
- C:\Windows\System\EZeypUV.exe
  C:\Windows\System\EZeypUV.exe
  2⤵
  PID:14412
- C:\Windows\System\DtEDmSY.exe
  C:\Windows\System\DtEDmSY.exe
  2⤵
  PID:14440
- C:\Windows\System\koxEDFN.exe
  C:\Windows\System\koxEDFN.exe
  2⤵
  PID:14468
- C:\Windows\System\fzdIobH.exe
  C:\Windows\System\fzdIobH.exe
  2⤵
  PID:14496
- C:\Windows\System\AicyPLE.exe
  C:\Windows\System\AicyPLE.exe
  2⤵
  PID:14524
- C:\Windows\System\QCkPTvx.exe
  C:\Windows\System\QCkPTvx.exe
  2⤵
  PID:14552
- C:\Windows\System\TkXfBoC.exe
  C:\Windows\System\TkXfBoC.exe
  2⤵
  PID:14584
- C:\Windows\System\fxCzcNB.exe
  C:\Windows\System\fxCzcNB.exe
  2⤵
  PID:14608
- C:\Windows\System\oUUjvRg.exe
  C:\Windows\System\oUUjvRg.exe
  2⤵
  PID:14636
- C:\Windows\System\ZhJpgYS.exe
  C:\Windows\System\ZhJpgYS.exe
  2⤵
  PID:14664
- C:\Windows\System\TFAHQVA.exe
  C:\Windows\System\TFAHQVA.exe
  2⤵
  PID:14692
- C:\Windows\System\IWCCwwT.exe
  C:\Windows\System\IWCCwwT.exe
  2⤵
  PID:14720
- C:\Windows\System\djhgUEP.exe
  C:\Windows\System\djhgUEP.exe
  2⤵
  PID:14748
- C:\Windows\System\ImfXilW.exe
  C:\Windows\System\ImfXilW.exe
  2⤵
  PID:14776
- C:\Windows\System\ymjujlK.exe
  C:\Windows\System\ymjujlK.exe
  2⤵
  PID:14804
- C:\Windows\System\ylTzoSz.exe
  C:\Windows\System\ylTzoSz.exe
  2⤵
  PID:14832
- C:\Windows\System\aVGZzZW.exe
  C:\Windows\System\aVGZzZW.exe
  2⤵
  PID:14856
- C:\Windows\System\qYkJLtE.exe
  C:\Windows\System\qYkJLtE.exe
  2⤵
  PID:14892
- C:\Windows\System\colYDRy.exe
  C:\Windows\System\colYDRy.exe
  2⤵
  PID:14920
- C:\Windows\System\mpmrhFy.exe
  C:\Windows\System\mpmrhFy.exe
  2⤵
  PID:14948
- C:\Windows\System\uOkriba.exe
  C:\Windows\System\uOkriba.exe
  2⤵
  PID:14968
- C:\Windows\System\WKAGtbN.exe
  C:\Windows\System\WKAGtbN.exe
  2⤵
  PID:15020
- C:\Windows\System\KyilxIN.exe
  C:\Windows\System\KyilxIN.exe
  2⤵
  PID:15036
- C:\Windows\System\qEFhnWu.exe
  C:\Windows\System\qEFhnWu.exe
  2⤵
  PID:15064
- C:\Windows\System\BiQSxXx.exe
  C:\Windows\System\BiQSxXx.exe
  2⤵
  PID:15092
- C:\Windows\System\nxJmOGB.exe
  C:\Windows\System\nxJmOGB.exe
  2⤵
  PID:15120
- C:\Windows\System\WkHKzDE.exe
  C:\Windows\System\WkHKzDE.exe
  2⤵
  PID:15148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFvajrF.exe

Filesize
6.0MB

MD5
3be44ef0c744d225edded216dcf2b825

SHA1
03353d289943daaa859bad1aa2e8c2f1e354fe18

SHA256
f2b8b634c154d02b9eb8a4574cef531282111f251f2805d329589cdd519654ff

SHA512
e8ddc3abdded15681a757ca54e6ccbe3ea7b3b61111b179452440079b5a7b0a57509d1162b5baafbb882d6d21369ed505abdeb404200e09963532170a6e3895e

Download Submit
C:\Windows\System\BKvbCDm.exe

Filesize
6.0MB

MD5
2657101a621fdd7d9b83fbd22246ba66

SHA1
69307264f96a71d798ea59f559674b012fe3ce2e

SHA256
f2c6743cb1f06ed729f503db639492e4c53b7ecb06faa02ad79b79c38ad9a4a3

SHA512
084fc4b286203a71c0fb31140184fcb35c09c220aa39c7e5c226a839b922956cbe9c70fedfd2b865f768caadb5328feb88bbb2f6a159989995016aab74b4ca6d

Download Submit
C:\Windows\System\EJFNmpZ.exe

Filesize
6.0MB

MD5
70eff665dd88e5c85ec9752d431dfb67

SHA1
26d5f7fd45738aeeebf730f89abfa4bfea9fe13b

SHA256
77251c666ffc91eab88fc3a886e14c221d64bb84ae7c9b7325d539496218894d

SHA512
7d51d291c4637e8bbf22c9f60b740d2a68d3a836a5ef3be0bf0175f16d81fbf53741599e1593aed92a7f7cba928b3914c844b2d5f3595d8b1d9d46796e628248

Download Submit
C:\Windows\System\JTcTRre.exe

Filesize
6.0MB

MD5
ef411b3d9ea81b1955cce42e14d495e0

SHA1
d4bb1918c249640ab07bf6c8761f4ef1083ee13b

SHA256
0ba6cc49f05d7cadce0367ea65c91ca0cde3b6a56c9e57cca6861684ad1ac5b9

SHA512
137ad3ee205051ab51fc59d673c7e821ad2382c1cf5ab02818863525e6b0c44dc471e2e35d1b1e630e0040100ccbd703b96569c9bf41948efdbc072d9701c27d

Download Submit
C:\Windows\System\JcowXAN.exe

Filesize
6.0MB

MD5
a89941a660b0de889f21eced753c0a2d

SHA1
afc6e46a8c95e1f3616a6325d4105e336b32a442

SHA256
82edf34056c87c2d475adcefbe34dc2f31e3dc3d8cbfac4929c25a2331ff9673

SHA512
7bcec22aa774c556f39c3a45f9e8bf907551bebdb3516623e6bb6e219f17efc78c26ca0c8f06251c2a20c2d9f079a8addec2e02f7e6981faa77fcb242197c576

Download Submit
C:\Windows\System\MkgNrCI.exe

Filesize
6.0MB

MD5
99d07e142acea29071f3a7b5dfdc983c

SHA1
a4848813b642413c1ee1e47bc782aa697b5363d1

SHA256
01745b8ffb9abe36f31f71fd17f296baa3d67be1882adf9ccd3aee06554167e8

SHA512
7534e52ce3fb8731ad72ecd6ba7292cfa4a82907f3da8703eae980aa3ba467ba4dbfb5d429fa2d8369364567688bbb51cca6daaf9d5ec0f3aa39aebd8626be3e

Download Submit
C:\Windows\System\NKntetR.exe

Filesize
6.0MB

MD5
e87cc66b49c7a71cb6d4ac560d4cd575

SHA1
9da6cbb4723999ee3f06d7040036beee5b9272df

SHA256
11ee245355072eeabc09f76e1f4824e43f3d869dd3643cda30b964d76e1f760d

SHA512
b519df1c8f0a4e14a4e0793e2fe954dd55e8fbbad98ff7a513e4119194fb8e95ccd1b84b6ad7df148ee729c81452d2c99860305403b33f6ae2c0a30d8ad3f981

Download Submit
C:\Windows\System\NXPnyva.exe

Filesize
6.0MB

MD5
eb36e25d8b7b90e87bc18ea3050a07b2

SHA1
2aa7b7483e4e6dbb3b47dc88fba8c37b5a3655c8

SHA256
2d53e56e4d4a6950a86fc310905f9e7651e2a9564c99662e1c016fd4044ecff8

SHA512
a3358dce006a69213c07ea68f9e78651696b9c1b851afaa9f296dfa40a000c742cb82721ed42cd0f9ee13566b4b2add19721c58bd05dc988ae1d7e855ec07c3d

Download Submit
C:\Windows\System\QJUYFjk.exe

Filesize
6.0MB

MD5
b41eeff4d308af9db9640bf1d8feba10

SHA1
0c0dc9adbf711bd8c8ffe4d033a564cdbee09297

SHA256
7e364f86683e11abe108feb321e67b7e45e55e09cd62ea69096f9d78b4e70d48

SHA512
1d3f4b482738560447b62f96333a24bfdfb50354bc8d099158e980a8b1a98ac7fdd80ac178ef3aed5ab84a459db4571ee3a0fabb0669b986dec5183633edfc13

Download Submit
C:\Windows\System\QoKgwtL.exe

Filesize
6.0MB

MD5
d2cb84613fcdb369d05bbba9e8193454

SHA1
a35eda17366a9dc8ac08424b73d4bf05ebc40162

SHA256
8ce8eb7393084f96cf70f82b00ea3a963b809cb1f9e279fe4db0de1969dfcdfe

SHA512
ad4d1520ce4672b4f75d53451357813873601abc8b247a1f126753b48b4605f536b65ca2e47e3650008d2436746b9389e0985c2101e87cb392598679e5aa7383

Download Submit
C:\Windows\System\UZjzopg.exe

Filesize
6.0MB

MD5
729fdd1833a2bb6ed81fea3b03ddc16d

SHA1
3676d8b7665c43b9e92e522c423ed1237def3c9c

SHA256
23672819ff988186643f401a131b730be151a3dd88a1b9a7feac8031443e0124

SHA512
d06c34eba8c9ff295482d8c6cec97fe42e9b3cec69fffaa74ae3428c8c207748e41aab4a994125852caa9f98aa4b7310ffca468d436ace3d7d389bc31b2b53d5

Download Submit
C:\Windows\System\XSfkcoh.exe

Filesize
6.0MB

MD5
c2acf9977196fd7fb392b5349ff288f9

SHA1
8fdbba97eed9be24b1101ee11fec8549c09ab6bf

SHA256
88f215099d92b11656a9fded014036cd1c1a00b3e09abff4224460d5bd11ed5d

SHA512
c9daa319894dce099f98e3af91fd2442754bf390018e7b3370eaa2c4f176732be08f1a159df194fa91a0b559aa13ecf63aaf4f746322105f7246f69b13b906f9

Download Submit
C:\Windows\System\XSvagAB.exe

Filesize
6.0MB

MD5
52084bace274073bbc4f0daa7557dd57

SHA1
9b5f359c337a958392cd0ce50c57958eb62a82c2

SHA256
ac4aaba6bc8a9a20087f6e8e7412586a1221baccd61be99238312d7c017d9ba4

SHA512
9ffcb28a02712571826293a60d2feeb81e5c98a763a4e957fd57d86bc33bd8d6d187f95ea1476e0c510fe736e4f1cdf0e68db663b3e2d59c460bf91eeeb70b81

Download Submit
C:\Windows\System\YbnIpvE.exe

Filesize
6.0MB

MD5
cda725f19c6d39e8e978d56edd2f35bd

SHA1
beb592cb5a398b8d3c7f3c40b89622448946b1c6

SHA256
dfbeed56c54f837468dc223158bc6d7849a70193fd208cf45aea57adb1bf0935

SHA512
59855c6e8b468204b51d7bc82d59fbd5fecfd2629eb97afcf00a5ad5bf0626235746ab20ac50fb67164e298ccfff27839554c00dc7ce442b9216a496d28048e1

Download Submit
C:\Windows\System\ZFmWbaM.exe

Filesize
6.0MB

MD5
be5dc432c7f36a82c6438c89c20737e1

SHA1
397677119ea6a369cf4f9d4dfd60d73bd295c6a1

SHA256
67ded0a9dc921fa8352625dfd02ff01e74b56f4ae4a2cbfa1a594f57d613ef3a

SHA512
a31b53374e9dd1b13563635e07b40ac3a38fe5c939dd78712d2384a21404c49984fbf31f13300fa104b05708e5dbb305dbe8969708e198fc6df115e781e84ccd

Download Submit
C:\Windows\System\ZrtszsC.exe

Filesize
6.0MB

MD5
bf355010bcfe576f589bcacde88d80ec

SHA1
a64399df123a8421944d1056b26b399eb75f52f9

SHA256
2816b0e7858e6fa6a9d0f8ba7f8e1e2c04385e9f4f7935a2c12575e13743f445

SHA512
2d111729e7d4ed7418942886db7f7b9d4971e790a28be540b3fde40f295fc08a643a6ec3685363bd42c917496ab46f0dc8fe301d4d04b4a70c706294a571df13

Download Submit
C:\Windows\System\aRioCfa.exe

Filesize
6.0MB

MD5
25dbc5f88169ad5e2c28440771a446c0

SHA1
662db9afc305a89c52c39cf42aabdb5413a0e551

SHA256
bb5fe4b4a1ee28c8f8fc3afc53bcc09e711374cadb1c433bee23ec8f1b830a20

SHA512
158a6c0374d25632ba307a654df03d8cb12056afdefbe57ba548fabac14f091611fee2aa6cd5a5b01020bf5135daa6109619713a780b348d19a99cc41ebc8792

Download Submit
C:\Windows\System\gGRIHZJ.exe

Filesize
6.0MB

MD5
fdfffa1d575c865332033dd34d85046b

SHA1
279abe8dddeb9e0b01bfdf175bed297984a0340f

SHA256
aebf646372cf6f4ed74cc308ecd5e51fd2d672e46284cd55f53b30bf7cc712fe

SHA512
cc14bf0205330358fc3397a3a7bd8a2af8c9958fc44d6be2ec825376d95f191358e5b1ec397df3b65e694b51fc156e5486c21768e5f46689a2093f9236b0b7b7

Download Submit
C:\Windows\System\iaizyDi.exe

Filesize
6.0MB

MD5
fa56831734e8a0554b7980d933a6299e

SHA1
74a0fa497cbe732f11e7ff05cb99cf11d62feb2f

SHA256
9ca7bcae148c30c8309f16c8d90754eabf582938b9361230c6033fe767b7c3e0

SHA512
83b0878b350781ce28596550dc30282a0ff3b59e512281dc28dde6d9d680b451b9e4a4c658b6f3cde02ec967d057d11f4954d9555a320d9ababbf4791d442d6c

Download Submit
C:\Windows\System\jXRqhua.exe

Filesize
6.0MB

MD5
3616db33f1d70ece8a92a800329235f8

SHA1
9067b3069f3733433879b2e6335c482129256974

SHA256
1cbd4a4ed19368778092667f1ebdc20689e0f793671f5461e5643c4248eefb32

SHA512
ff264fb2b438654c856fee97ae03abac79382a29a7933f4ecf0450350b1e7e72fb4c8dd6a2902bd3ebf2a263c84bb8e2a7ddea50e4cdf32cdcde206ae03ccf6e

Download Submit
C:\Windows\System\jqbIVnL.exe

Filesize
6.0MB

MD5
fa16ef714a7879de898ca6c8dd09a72f

SHA1
5cc95dca1f5b93daf5c7b43aaef932838b4cce69

SHA256
44f9bce8fd7f6acc93942cbccbc3a2159ae157e72752f96600028b5b3dd5a764

SHA512
c91e2ff8263a6eba751d9967bb19eac44313e6fe25cc20fe968b3f44123cb19dbb792d08c9047bda8f00ae62025d89d24a000196822e1054e507af9c90cdc40e

Download Submit
C:\Windows\System\mMgKefQ.exe

Filesize
6.0MB

MD5
ff366978da8c452eab2df3c3b18d22e4

SHA1
531ade5e61382c85af49237b609563dea50e26c5

SHA256
1d1cc5a4f82c848a1865303637bae1d23e13a14dd6ea7c318080e055719d7d7c

SHA512
e218764ff667b1ef3ab61cccc0fefdf4eecbd72809b30c890e5b05b0612875eddbfbed6a239f30b5767842b7848f9f86e37464433cb57de3902ac5a5b75d3460

Download Submit
C:\Windows\System\pGtPSVD.exe

Filesize
6.0MB

MD5
933eb857ce6b540486fae9bb34e7492c

SHA1
707d138bc14d5fbc485dce23ed931f9b30b36617

SHA256
ac8a80a4ae65283f87183d2b629ad9d6ead01255cea6013e450f2a33a3538173

SHA512
ed7b0a00d6197ccda07bc250a2672139df0abcd1bc74fdf29d0846ca53c0e1599bb932f994de30d4750a4d91f4d70c0fb1ae080a40d9374ba165c49b089dafca

Download Submit
C:\Windows\System\qdDfSVP.exe

Filesize
6.0MB

MD5
9a51f5cb5bb3c9c84b7dfbba8c59b72f

SHA1
b352fe696574b5507eb5d3d257f8d6a94b011205

SHA256
3515f9d4a9c563a40dab9d8f705ae9422f26c7f5f7f5de12fc0c4cf598dce695

SHA512
53d74cefd7f1083617afcf17ac18cc89b4872d80bf6f385dbdf474927e974f08feae40becddc74a63a86e9f2dcd714ce4860249e0d58135537bba910230b79e9

Download Submit
C:\Windows\System\tUywjYJ.exe

Filesize
6.0MB

MD5
8746e5716741624b34e772cf2a47ac91

SHA1
00af4ada6567ace85df6dc3e91bf5c4ea4e63e39

SHA256
f7746f00ee1abc573869bff41dd0f1dcb674b36d9dce66191162219b1e9cd767

SHA512
47702726a46d24556512c2920b50ef2e087fa56b033132986e0f52921b8762cea278fd2a01573417ab708e2e9964b06a7c010aec6f51fae40a9e7f3419d32a16

Download Submit
C:\Windows\System\uUHBllu.exe

Filesize
6.0MB

MD5
4fd33165c86e4abf7124156b22354621

SHA1
ebac1d8cafe43640e43a286e46181834953c39dd

SHA256
fb48fb915d67698f19d1e2f5f39eb3e51446d598266f3a805ea9272fdf0aa8e3

SHA512
c1f42229812c22672409ffd29214dc8473a24385e5d5bc12db4932c8cb95aa6a1e58a42c4d869bd57bd5dd4539a2259cf4d26b08f96db70ca93f93c6711a9482

Download Submit
C:\Windows\System\uYgVpIC.exe

Filesize
6.0MB

MD5
c1d5ba953c6f77903345abca4bb76eff

SHA1
8204571c9f5b687feaac6c117b4ae8040854b8ee

SHA256
fb87ab5aec7408354915c9f2b1be936af29cddac53f89d60c66f7261ed832a24

SHA512
c57bba95bfec7e4f09a0d8cb412478cf28a1a5ad332082597727ee55fcf215c794c66cc706ad9177f66dd307045e673ff37d7cded9cd65e828c4a66a9d94590f

Download Submit
C:\Windows\System\vmSjwhm.exe

Filesize
6.0MB

MD5
fb17c0baac2307926f18d01f9c1d5b85

SHA1
0d3300e8031debd5d4d55683ac8a9bed1f37283f

SHA256
b9c5bac47e24d7f47c43a909d63a21e12725a335bf01fcc490166ada3b9f8e00

SHA512
12593a89b8098e9be5d5b45e8c51d75d09e9a50e5f36b2c3725233d59d137509a683ac0ccd9b1899cc687bf2aa52df77618fb25ea863c80e108c4484faf23c6f

Download Submit
C:\Windows\System\vsOVkdx.exe

Filesize
6.0MB

MD5
45eba7f376a6a1c5f369dffe79cb6d6d

SHA1
b5414d418d8243a2f215dbdbcc5016a6f47c15cd

SHA256
3539e5646d3bf40c39192c9145a63dcac4b6212956628a3e794cb97b42175943

SHA512
225630e272b207862b1fe69dd81245ad524320b82cdd921a1c1fd75cbb2614dbd7decce69f5eb13a014b5ca4da637d729063dce6973b2178b2c92e5169679586

Download Submit
C:\Windows\System\xfCWOcB.exe

Filesize
6.0MB

MD5
2f87e6b83f187b1c0d4685bdad78dd26

SHA1
badf52326639f6730eaa56c722513bc107a782f9

SHA256
4cbdd887c70c7af756556bf04d7d4125d8830ff43e4febfca4ab9efd18d8ca0a

SHA512
2eed774a4554f2fb210f9a25ac6548a864d7e5fdff6fc35bfb66f54c69c7a1c1c377b45bfbfdf016304c2afc385fea081b71d1e2fe4e17f6fd1b4e36eaa7a75d

Download Submit
C:\Windows\System\zaIPNXu.exe

Filesize
6.0MB

MD5
18635bc175e2ddade22859b2e96753c4

SHA1
5feac23bfd1673bb55e971c720a453ff228a5c24

SHA256
b107cf163b961585b6b54e32f8547118dcf63d8e112fb242c4f12c37dfa96bc3

SHA512
0db9cb44bac4a8183f3a9f54ae0367644425ae2c139c81915b0dfe1ab0b4fb5e373137de85b45664f8da79ed2cf10751f90dfb51a077a50e3bcc277628fc25b4

Download Submit
C:\Windows\System\zbcJUhW.exe

Filesize
6.0MB

MD5
6e55747392c97a984be11b44be00b07f

SHA1
a109d1f981ebce0e0447a6254d6595dda07f5706

SHA256
e012d6ecb8ea1f4b3f1c3c68645a64817217cc3d982616341282d013fc3db522

SHA512
9122dec181f1f21bec28d5cf606fd7f1580dadc8888a2e71069c30a9cbe4e105367f804497d6b1e5b00769d18bbf29a424e1e5dbfc307fd034bdddf2fe57d1a3

Download Submit
memory/324-2045-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp

Filesize
3.3MB

Download
memory/324-20-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp

Filesize
3.3MB

Download
memory/324-66-0x00007FF6C1250000-0x00007FF6C15A4000-memory.dmp

Filesize
3.3MB

Download
memory/408-2257-0x00007FF7301E0000-0x00007FF730534000-memory.dmp

Filesize
3.3MB

Download
memory/408-919-0x00007FF7301E0000-0x00007FF730534000-memory.dmp

Filesize
3.3MB

Download
memory/408-161-0x00007FF7301E0000-0x00007FF730534000-memory.dmp

Filesize
3.3MB

Download
memory/944-770-0x00007FF716270000-0x00007FF7165C4000-memory.dmp

Filesize
3.3MB

Download
memory/944-2253-0x00007FF716270000-0x00007FF7165C4000-memory.dmp

Filesize
3.3MB

Download
memory/944-140-0x00007FF716270000-0x00007FF7165C4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1191-0x00007FF6C0ED0000-0x00007FF6C1224000-memory.dmp

Filesize
3.3MB

Download
memory/1312-182-0x00007FF6C0ED0000-0x00007FF6C1224000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2260-0x00007FF6C0ED0000-0x00007FF6C1224000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1331-0x00007FF75CF60000-0x00007FF75D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2262-0x00007FF75CF60000-0x00007FF75D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-200-0x00007FF75CF60000-0x00007FF75D2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-165-0x00007FF74C730000-0x00007FF74CA84000-memory.dmp

Filesize
3.3MB

Download
memory/2460-97-0x00007FF74C730000-0x00007FF74CA84000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2248-0x00007FF74C730000-0x00007FF74CA84000-memory.dmp

Filesize
3.3MB

Download
memory/2600-166-0x00007FF6E0E00000-0x00007FF6E1154000-memory.dmp

Filesize
3.3MB

Download
memory/2600-109-0x00007FF6E0E00000-0x00007FF6E1154000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2249-0x00007FF6E0E00000-0x00007FF6E1154000-memory.dmp

Filesize
3.3MB

Download
memory/2996-142-0x00007FF68D4D0000-0x00007FF68D824000-memory.dmp

Filesize
3.3MB

Download
memory/2996-849-0x00007FF68D4D0000-0x00007FF68D824000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2255-0x00007FF68D4D0000-0x00007FF68D824000-memory.dmp

Filesize
3.3MB

Download
memory/3112-1130-0x00007FF6AC240000-0x00007FF6AC594000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2259-0x00007FF6AC240000-0x00007FF6AC594000-memory.dmp

Filesize
3.3MB

Download
memory/3112-174-0x00007FF6AC240000-0x00007FF6AC594000-memory.dmp

Filesize
3.3MB

Download
memory/3116-91-0x00007FF629670000-0x00007FF6299C4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-160-0x00007FF629670000-0x00007FF6299C4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2247-0x00007FF629670000-0x00007FF6299C4000-memory.dmp

Filesize
3.3MB

Download
memory/3444-6-0x00007FF61F210000-0x00007FF61F564000-memory.dmp

Filesize
3.3MB

Download
memory/3444-56-0x00007FF61F210000-0x00007FF61F564000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2036-0x00007FF61F210000-0x00007FF61F564000-memory.dmp

Filesize
3.3MB

Download
memory/3556-86-0x00007FF659200000-0x00007FF659554000-memory.dmp

Filesize
3.3MB

Download
memory/3556-153-0x00007FF659200000-0x00007FF659554000-memory.dmp

Filesize
3.3MB

Download
memory/3556-2246-0x00007FF659200000-0x00007FF659554000-memory.dmp

Filesize
3.3MB

Download
memory/4080-1194-0x00007FF73A860000-0x00007FF73ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2261-0x00007FF73A860000-0x00007FF73ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-192-0x00007FF73A860000-0x00007FF73ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-62-0x00007FF660450000-0x00007FF6607A4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-15-0x00007FF660450000-0x00007FF6607A4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-2040-0x00007FF660450000-0x00007FF6607A4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-48-0x00007FF701A00000-0x00007FF701D54000-memory.dmp

Filesize
3.3MB

Download
memory/4248-1-0x00000215D11B0000-0x00000215D11C0000-memory.dmp

Filesize
64KB

Download
memory/4248-0-0x00007FF701A00000-0x00007FF701D54000-memory.dmp

Filesize
3.3MB

Download
memory/4396-111-0x00007FF629E60000-0x00007FF62A1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-58-0x00007FF629E60000-0x00007FF62A1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-110-0x00007FF77DA50000-0x00007FF77DDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2241-0x00007FF77DA50000-0x00007FF77DDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-51-0x00007FF77DA50000-0x00007FF77DDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2245-0x00007FF77A810000-0x00007FF77AB64000-memory.dmp

Filesize
3.3MB

Download
memory/4552-141-0x00007FF77A810000-0x00007FF77AB64000-memory.dmp

Filesize
3.3MB

Download
memory/4552-77-0x00007FF77A810000-0x00007FF77AB64000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2243-0x00007FF6534C0000-0x00007FF653814000-memory.dmp

Filesize
3.3MB

Download
memory/4648-63-0x00007FF6534C0000-0x00007FF653814000-memory.dmp

Filesize
3.3MB

Download
memory/4648-126-0x00007FF6534C0000-0x00007FF653814000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2244-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-136-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-70-0x00007FF6F3580000-0x00007FF6F38D4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-154-0x00007FF728040000-0x00007FF728394000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2256-0x00007FF728040000-0x00007FF728394000-memory.dmp

Filesize
3.3MB

Download
memory/4712-918-0x00007FF728040000-0x00007FF728394000-memory.dmp

Filesize
3.3MB

Download
memory/4760-193-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp

Filesize
3.3MB

Download
memory/4760-127-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2252-0x00007FF75F2D0000-0x00007FF75F624000-memory.dmp

Filesize
3.3MB

Download
memory/4852-173-0x00007FF6E6EE0000-0x00007FF6E7234000-memory.dmp

Filesize
3.3MB

Download
memory/4852-117-0x00007FF6E6EE0000-0x00007FF6E7234000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2250-0x00007FF6E6EE0000-0x00007FF6E7234000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2251-0x00007FF70C1E0000-0x00007FF70C534000-memory.dmp

Filesize
3.3MB

Download
memory/4884-118-0x00007FF70C1E0000-0x00007FF70C534000-memory.dmp

Filesize
3.3MB

Download
memory/4884-188-0x00007FF70C1E0000-0x00007FF70C534000-memory.dmp

Filesize
3.3MB

Download
memory/4948-194-0x00007FF613D80000-0x00007FF6140D4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2254-0x00007FF613D80000-0x00007FF6140D4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-133-0x00007FF613D80000-0x00007FF6140D4000-memory.dmp

Filesize
3.3MB

Download
memory/5208-105-0x00007FF670970000-0x00007FF670CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5208-42-0x00007FF670970000-0x00007FF670CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5496-2178-0x00007FF60CBE0000-0x00007FF60CF34000-memory.dmp

Filesize
3.3MB

Download
memory/5496-32-0x00007FF60CBE0000-0x00007FF60CF34000-memory.dmp

Filesize
3.3MB

Download
memory/5496-83-0x00007FF60CBE0000-0x00007FF60CF34000-memory.dmp

Filesize
3.3MB

Download
memory/5696-172-0x00007FF6786F0000-0x00007FF678A44000-memory.dmp

Filesize
3.3MB

Download
memory/5696-2258-0x00007FF6786F0000-0x00007FF678A44000-memory.dmp

Filesize
3.3MB

Download
memory/5696-981-0x00007FF6786F0000-0x00007FF678A44000-memory.dmp

Filesize
3.3MB

Download
memory/5844-90-0x00007FF7A9790000-0x00007FF7A9AE4000-memory.dmp

Filesize
3.3MB

Download
memory/5844-34-0x00007FF7A9790000-0x00007FF7A9AE4000-memory.dmp

Filesize
3.3MB

Download
memory/6000-2165-0x00007FF7E1700000-0x00007FF7E1A54000-memory.dmp

Filesize
3.3MB

Download
memory/6000-26-0x00007FF7E1700000-0x00007FF7E1A54000-memory.dmp

Filesize
3.3MB

Download
memory/6000-76-0x00007FF7E1700000-0x00007FF7E1A54000-memory.dmp

Filesize
3.3MB

Download