cobaltstrike | f9342ea737f506c3b54a987d9f461f073d500c4af96b5042f6bed794d864c158

Analysis

max time kernel
102s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

3d4582ae792dd65d7a5761e089b3c6e7
SHA1

00f9e0c36900d5f0729b939091e430edbe70233f
SHA256

f9342ea737f506c3b54a987d9f461f073d500c4af96b5042f6bed794d864c158
SHA512

0f62910b83f91fdc203b70c97a47e7986ef0c47876c62331026fb999c409c1deb9b0398885f2d1aa517e88d93e374bdb8c6c8238a3ed2e6a62093cc407adcf52
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a0000000236de-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024234-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024233-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024235-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024236-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024237-34.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024230-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024239-52.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423a-60.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423b-67.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423c-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024238-51.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e6b5-92.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423e-99.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e6bb-98.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423d-81.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002423f-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024241-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024240-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024242-128.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024099-143.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000024243-149.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024247-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024249-168.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024248-166.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024094-135.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424a-174.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424b-179.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424c-190.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424d-195.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424e-199.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424f-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024250-208.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2016-0-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	xmrig
behavioral2/files/0x000a0000000236de-4.dat	xmrig
behavioral2/memory/4760-6-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024234-9.dat	xmrig
behavioral2/memory/3020-12-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024233-13.dat	xmrig
behavioral2/memory/5944-18-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024235-23.dat	xmrig
behavioral2/memory/4688-26-0x00007FF7F24F0000-0x00007FF7F2844000-memory.dmp	xmrig
behavioral2/files/0x0007000000024236-29.dat	xmrig
behavioral2/memory/4712-30-0x00007FF755410000-0x00007FF755764000-memory.dmp	xmrig
behavioral2/files/0x0007000000024237-34.dat	xmrig
behavioral2/memory/4776-37-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp	xmrig
behavioral2/files/0x0008000000024230-40.dat	xmrig
behavioral2/memory/4916-42-0x00007FF745330000-0x00007FF745684000-memory.dmp	xmrig
behavioral2/memory/5388-48-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024239-52.dat	xmrig
behavioral2/memory/3764-56-0x00007FF68C280000-0x00007FF68C5D4000-memory.dmp	xmrig
behavioral2/memory/2016-61-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002423a-60.dat	xmrig
behavioral2/files/0x000700000002423b-67.dat	xmrig
behavioral2/memory/3020-74-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002423c-76.dat	xmrig
behavioral2/memory/4892-75-0x00007FF666570000-0x00007FF6668C4000-memory.dmp	xmrig
behavioral2/memory/4888-72-0x00007FF6465C0000-0x00007FF646914000-memory.dmp	xmrig
behavioral2/memory/4760-71-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp	xmrig
behavioral2/memory/5012-63-0x00007FF6DE910000-0x00007FF6DEC64000-memory.dmp	xmrig
behavioral2/files/0x0007000000024238-51.dat	xmrig
behavioral2/memory/5944-82-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp	xmrig
behavioral2/files/0x000600000001e6b5-92.dat	xmrig
behavioral2/files/0x000700000002423e-99.dat	xmrig
behavioral2/memory/1920-101-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp	xmrig
behavioral2/memory/4776-100-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp	xmrig
behavioral2/files/0x000700000001e6bb-98.dat	xmrig
behavioral2/memory/1140-97-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp	xmrig
behavioral2/memory/4712-96-0x00007FF755410000-0x00007FF755764000-memory.dmp	xmrig
behavioral2/memory/5360-90-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp	xmrig
behavioral2/memory/5060-83-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002423d-81.dat	xmrig
behavioral2/memory/4916-105-0x00007FF745330000-0x00007FF745684000-memory.dmp	xmrig
behavioral2/files/0x000700000002423f-108.dat	xmrig
behavioral2/memory/5388-113-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp	xmrig
behavioral2/memory/1996-119-0x00007FF625620000-0x00007FF625974000-memory.dmp	xmrig
behavioral2/files/0x0007000000024241-123.dat	xmrig
behavioral2/files/0x0007000000024240-121.dat	xmrig
behavioral2/memory/1608-118-0x00007FF6DF580000-0x00007FF6DF8D4000-memory.dmp	xmrig
behavioral2/memory/5712-115-0x00007FF78F0E0000-0x00007FF78F434000-memory.dmp	xmrig
behavioral2/files/0x0007000000024242-128.dat	xmrig
behavioral2/memory/4456-129-0x00007FF6753E0000-0x00007FF675734000-memory.dmp	xmrig
behavioral2/memory/4892-134-0x00007FF666570000-0x00007FF6668C4000-memory.dmp	xmrig
behavioral2/files/0x000b000000024099-143.dat	xmrig
behavioral2/files/0x000a000000024243-149.dat	xmrig
behavioral2/memory/3680-151-0x00007FF6D27D0000-0x00007FF6D2B24000-memory.dmp	xmrig
behavioral2/files/0x0008000000024247-153.dat	xmrig
behavioral2/memory/1920-164-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp	xmrig
behavioral2/files/0x0007000000024249-168.dat	xmrig
behavioral2/files/0x0007000000024248-166.dat	xmrig
behavioral2/memory/5492-159-0x00007FF6165F0000-0x00007FF616944000-memory.dmp	xmrig
behavioral2/memory/1140-157-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp	xmrig
behavioral2/memory/3516-144-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp	xmrig
behavioral2/memory/5360-142-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp	xmrig
behavioral2/memory/5060-141-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp	xmrig
behavioral2/memory/1792-139-0x00007FF70BAC0000-0x00007FF70BE14000-memory.dmp	xmrig
behavioral2/files/0x000b000000024094-135.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4760	OMFEYdz.exe
3020	yYUWVZX.exe
5944	MBaYLzR.exe
4688	fOCYmvB.exe
4712	HAiKoDa.exe
4776	yRHVouQ.exe
4916	NYXqiBK.exe
5388	qNmunBN.exe
3764	gbtlbiY.exe
5012	TcdNuRn.exe
4888	uuBFzEd.exe
4892	ecspxln.exe
5060	hiHxvhE.exe
5360	XTgoUll.exe
1140	hMznvaN.exe
1920	jYFznWx.exe
5712	WDMYQCL.exe
1608	VpLMSLX.exe
1996	XNaJZTK.exe
4456	ZTtfHEv.exe
1792	hDtqUpZ.exe
3516	dSnNfQW.exe
3680	TKvxNnP.exe
5492	tpMEmPm.exe
5512	dIiLgXZ.exe
3604	gAUcakp.exe
432	hCmoBoR.exe
5300	eKmVraO.exe
3456	MTzhkGz.exe
2812	geFwiqD.exe
4520	UBTIhFl.exe
3924	aoxNTQW.exe
2548	bJLbQvE.exe
944	NSSxBDT.exe
1568	Zpmsoxl.exe
6032	zmDAMEJ.exe
5524	wLyAjIx.exe
3704	fZDwGsH.exe
4592	AmxXFdt.exe
4852	VLdLZsY.exe
3360	FDBBxFA.exe
4240	critgJv.exe
3640	yJberqo.exe
2252	YFpODJy.exe
5620	MZwwvWO.exe
2304	IOEYwZE.exe
2332	bbgLatB.exe
2264	WbcNJxc.exe
5540	AUylFii.exe
3104	hBriHQu.exe
3572	FldxLiW.exe
4384	MZXCUIW.exe
3960	aWiYHgn.exe
5464	jqLSinr.exe
5956	MGmbJQk.exe
4652	kFdbkqI.exe
4944	mQZVqAS.exe
4568	oaCjPND.exe
1720	roRcXzR.exe
4968	DaeJEIl.exe
4836	wIlaYkv.exe
4984	HUiyHbs.exe
6040	cndWtDL.exe
2192	QVlIcNH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2016-0-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	upx
behavioral2/files/0x000a0000000236de-4.dat	upx
behavioral2/memory/4760-6-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp	upx
behavioral2/files/0x0007000000024234-9.dat	upx
behavioral2/memory/3020-12-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp	upx
behavioral2/files/0x0007000000024233-13.dat	upx
behavioral2/memory/5944-18-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp	upx
behavioral2/files/0x0007000000024235-23.dat	upx
behavioral2/memory/4688-26-0x00007FF7F24F0000-0x00007FF7F2844000-memory.dmp	upx
behavioral2/files/0x0007000000024236-29.dat	upx
behavioral2/memory/4712-30-0x00007FF755410000-0x00007FF755764000-memory.dmp	upx
behavioral2/files/0x0007000000024237-34.dat	upx
behavioral2/memory/4776-37-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp	upx
behavioral2/files/0x0008000000024230-40.dat	upx
behavioral2/memory/4916-42-0x00007FF745330000-0x00007FF745684000-memory.dmp	upx
behavioral2/memory/5388-48-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp	upx
behavioral2/files/0x0007000000024239-52.dat	upx
behavioral2/memory/3764-56-0x00007FF68C280000-0x00007FF68C5D4000-memory.dmp	upx
behavioral2/memory/2016-61-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	upx
behavioral2/files/0x000700000002423a-60.dat	upx
behavioral2/files/0x000700000002423b-67.dat	upx
behavioral2/memory/3020-74-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp	upx
behavioral2/files/0x000700000002423c-76.dat	upx
behavioral2/memory/4892-75-0x00007FF666570000-0x00007FF6668C4000-memory.dmp	upx
behavioral2/memory/4888-72-0x00007FF6465C0000-0x00007FF646914000-memory.dmp	upx
behavioral2/memory/4760-71-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp	upx
behavioral2/memory/5012-63-0x00007FF6DE910000-0x00007FF6DEC64000-memory.dmp	upx
behavioral2/files/0x0007000000024238-51.dat	upx
behavioral2/memory/5944-82-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp	upx
behavioral2/files/0x000600000001e6b5-92.dat	upx
behavioral2/files/0x000700000002423e-99.dat	upx
behavioral2/memory/1920-101-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp	upx
behavioral2/memory/4776-100-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp	upx
behavioral2/files/0x000700000001e6bb-98.dat	upx
behavioral2/memory/1140-97-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp	upx
behavioral2/memory/4712-96-0x00007FF755410000-0x00007FF755764000-memory.dmp	upx
behavioral2/memory/5360-90-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp	upx
behavioral2/memory/5060-83-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp	upx
behavioral2/files/0x000700000002423d-81.dat	upx
behavioral2/memory/4916-105-0x00007FF745330000-0x00007FF745684000-memory.dmp	upx
behavioral2/files/0x000700000002423f-108.dat	upx
behavioral2/memory/5388-113-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp	upx
behavioral2/memory/1996-119-0x00007FF625620000-0x00007FF625974000-memory.dmp	upx
behavioral2/files/0x0007000000024241-123.dat	upx
behavioral2/files/0x0007000000024240-121.dat	upx
behavioral2/memory/1608-118-0x00007FF6DF580000-0x00007FF6DF8D4000-memory.dmp	upx
behavioral2/memory/5712-115-0x00007FF78F0E0000-0x00007FF78F434000-memory.dmp	upx
behavioral2/files/0x0007000000024242-128.dat	upx
behavioral2/memory/4456-129-0x00007FF6753E0000-0x00007FF675734000-memory.dmp	upx
behavioral2/memory/4892-134-0x00007FF666570000-0x00007FF6668C4000-memory.dmp	upx
behavioral2/files/0x000b000000024099-143.dat	upx
behavioral2/files/0x000a000000024243-149.dat	upx
behavioral2/memory/3680-151-0x00007FF6D27D0000-0x00007FF6D2B24000-memory.dmp	upx
behavioral2/files/0x0008000000024247-153.dat	upx
behavioral2/memory/1920-164-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp	upx
behavioral2/files/0x0007000000024249-168.dat	upx
behavioral2/files/0x0007000000024248-166.dat	upx
behavioral2/memory/5492-159-0x00007FF6165F0000-0x00007FF616944000-memory.dmp	upx
behavioral2/memory/1140-157-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp	upx
behavioral2/memory/3516-144-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp	upx
behavioral2/memory/5360-142-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp	upx
behavioral2/memory/5060-141-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp	upx
behavioral2/memory/1792-139-0x00007FF70BAC0000-0x00007FF70BE14000-memory.dmp	upx
behavioral2/files/0x000b000000024094-135.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cXXbWEz.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QHmJptt.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bhQibYV.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JlZtjQo.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NaKYGcz.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RXKgXis.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QBhKkkL.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zgGhmAZ.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\piSDLvf.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dKJjVKu.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MZwwvWO.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xQmgxzA.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rWLxGJN.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FRmAjub.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fTkwZQM.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BNizQRj.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JtmVcNm.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FGgdREX.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\roRcXzR.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DMMxtCM.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Bybmyov.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SHxMAfT.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SvbBVcp.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JCWTJMy.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BeucObN.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rAYyIFL.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HnQbcIy.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IOEYwZE.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XQoEtrb.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BtawrcS.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qcDycmO.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fAnnPSH.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pAFwCBH.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WkVxbxk.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yyGHfQJ.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SJqWhZR.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lQRTZuf.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vqbxoRM.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dGJYJbH.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EuaQJIE.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IKSMXXl.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fNkpkOn.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GAPIXBF.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SuVAGcP.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DIpLgum.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uVPCuVJ.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ldtEehh.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FDBBxFA.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HUiyHbs.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ktioaZU.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vvdnakr.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CLoOlAA.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OnFNmku.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Gnyuilt.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YyvGGqc.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RRymBjv.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZIEhkNz.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YrQVped.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jhAYnTc.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YrIsnuH.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dwfePrU.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qcVrlTq.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ADekwjD.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QCUBElC.exe	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 4760	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2016 wrote to memory of 4760	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2016 wrote to memory of 3020	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2016 wrote to memory of 3020	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2016 wrote to memory of 5944	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2016 wrote to memory of 5944	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2016 wrote to memory of 4688	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2016 wrote to memory of 4688	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2016 wrote to memory of 4712	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2016 wrote to memory of 4712	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2016 wrote to memory of 4776	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2016 wrote to memory of 4776	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2016 wrote to memory of 4916	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2016 wrote to memory of 4916	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2016 wrote to memory of 5388	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 2016 wrote to memory of 5388	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 2016 wrote to memory of 3764	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 2016 wrote to memory of 3764	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 2016 wrote to memory of 5012	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2016 wrote to memory of 5012	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2016 wrote to memory of 4888	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2016 wrote to memory of 4888	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2016 wrote to memory of 4892	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2016 wrote to memory of 4892	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2016 wrote to memory of 5060	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 2016 wrote to memory of 5060	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 2016 wrote to memory of 5360	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2016 wrote to memory of 5360	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2016 wrote to memory of 1140	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2016 wrote to memory of 1140	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2016 wrote to memory of 1920	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2016 wrote to memory of 1920	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2016 wrote to memory of 5712	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2016 wrote to memory of 5712	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2016 wrote to memory of 1608	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2016 wrote to memory of 1608	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2016 wrote to memory of 1996	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2016 wrote to memory of 1996	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2016 wrote to memory of 4456	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2016 wrote to memory of 4456	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2016 wrote to memory of 1792	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2016 wrote to memory of 1792	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2016 wrote to memory of 3516	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2016 wrote to memory of 3516	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2016 wrote to memory of 3680	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2016 wrote to memory of 3680	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2016 wrote to memory of 5492	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2016 wrote to memory of 5492	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2016 wrote to memory of 5512	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2016 wrote to memory of 5512	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2016 wrote to memory of 3604	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2016 wrote to memory of 3604	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2016 wrote to memory of 432	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 2016 wrote to memory of 432	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 2016 wrote to memory of 5300	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 2016 wrote to memory of 5300	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 2016 wrote to memory of 3456	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 2016 wrote to memory of 3456	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 2016 wrote to memory of 2812	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 2016 wrote to memory of 2812	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 2016 wrote to memory of 4520	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 2016 wrote to memory of 4520	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 2016 wrote to memory of 3924	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 2016 wrote to memory of 3924	2016	2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_3d4582ae792dd65d7a5761e089b3c6e7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\System\OMFEYdz.exe
  C:\Windows\System\OMFEYdz.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\yYUWVZX.exe
  C:\Windows\System\yYUWVZX.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\MBaYLzR.exe
  C:\Windows\System\MBaYLzR.exe
  2⤵
  - Executes dropped EXE
  PID:5944
- C:\Windows\System\fOCYmvB.exe
  C:\Windows\System\fOCYmvB.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\HAiKoDa.exe
  C:\Windows\System\HAiKoDa.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\yRHVouQ.exe
  C:\Windows\System\yRHVouQ.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\NYXqiBK.exe
  C:\Windows\System\NYXqiBK.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\qNmunBN.exe
  C:\Windows\System\qNmunBN.exe
  2⤵
  - Executes dropped EXE
  PID:5388
- C:\Windows\System\gbtlbiY.exe
  C:\Windows\System\gbtlbiY.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\TcdNuRn.exe
  C:\Windows\System\TcdNuRn.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\uuBFzEd.exe
  C:\Windows\System\uuBFzEd.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\ecspxln.exe
  C:\Windows\System\ecspxln.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\hiHxvhE.exe
  C:\Windows\System\hiHxvhE.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\XTgoUll.exe
  C:\Windows\System\XTgoUll.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System\hMznvaN.exe
  C:\Windows\System\hMznvaN.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\jYFznWx.exe
  C:\Windows\System\jYFznWx.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\WDMYQCL.exe
  C:\Windows\System\WDMYQCL.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\VpLMSLX.exe
  C:\Windows\System\VpLMSLX.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\XNaJZTK.exe
  C:\Windows\System\XNaJZTK.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ZTtfHEv.exe
  C:\Windows\System\ZTtfHEv.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\hDtqUpZ.exe
  C:\Windows\System\hDtqUpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\dSnNfQW.exe
  C:\Windows\System\dSnNfQW.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\TKvxNnP.exe
  C:\Windows\System\TKvxNnP.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\tpMEmPm.exe
  C:\Windows\System\tpMEmPm.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\System\dIiLgXZ.exe
  C:\Windows\System\dIiLgXZ.exe
  2⤵
  - Executes dropped EXE
  PID:5512
- C:\Windows\System\gAUcakp.exe
  C:\Windows\System\gAUcakp.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\hCmoBoR.exe
  C:\Windows\System\hCmoBoR.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\eKmVraO.exe
  C:\Windows\System\eKmVraO.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System\MTzhkGz.exe
  C:\Windows\System\MTzhkGz.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\geFwiqD.exe
  C:\Windows\System\geFwiqD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\UBTIhFl.exe
  C:\Windows\System\UBTIhFl.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\aoxNTQW.exe
  C:\Windows\System\aoxNTQW.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\bJLbQvE.exe
  C:\Windows\System\bJLbQvE.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\NSSxBDT.exe
  C:\Windows\System\NSSxBDT.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\Zpmsoxl.exe
  C:\Windows\System\Zpmsoxl.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\zmDAMEJ.exe
  C:\Windows\System\zmDAMEJ.exe
  2⤵
  - Executes dropped EXE
  PID:6032
- C:\Windows\System\wLyAjIx.exe
  C:\Windows\System\wLyAjIx.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\fZDwGsH.exe
  C:\Windows\System\fZDwGsH.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\AmxXFdt.exe
  C:\Windows\System\AmxXFdt.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\VLdLZsY.exe
  C:\Windows\System\VLdLZsY.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\FDBBxFA.exe
  C:\Windows\System\FDBBxFA.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\critgJv.exe
  C:\Windows\System\critgJv.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\yJberqo.exe
  C:\Windows\System\yJberqo.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\YFpODJy.exe
  C:\Windows\System\YFpODJy.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\MZwwvWO.exe
  C:\Windows\System\MZwwvWO.exe
  2⤵
  - Executes dropped EXE
  PID:5620
- C:\Windows\System\IOEYwZE.exe
  C:\Windows\System\IOEYwZE.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\bbgLatB.exe
  C:\Windows\System\bbgLatB.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\WbcNJxc.exe
  C:\Windows\System\WbcNJxc.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\AUylFii.exe
  C:\Windows\System\AUylFii.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System\hBriHQu.exe
  C:\Windows\System\hBriHQu.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\FldxLiW.exe
  C:\Windows\System\FldxLiW.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\MZXCUIW.exe
  C:\Windows\System\MZXCUIW.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\aWiYHgn.exe
  C:\Windows\System\aWiYHgn.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\jqLSinr.exe
  C:\Windows\System\jqLSinr.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\MGmbJQk.exe
  C:\Windows\System\MGmbJQk.exe
  2⤵
  - Executes dropped EXE
  PID:5956
- C:\Windows\System\kFdbkqI.exe
  C:\Windows\System\kFdbkqI.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\mQZVqAS.exe
  C:\Windows\System\mQZVqAS.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\oaCjPND.exe
  C:\Windows\System\oaCjPND.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\roRcXzR.exe
  C:\Windows\System\roRcXzR.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\DaeJEIl.exe
  C:\Windows\System\DaeJEIl.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\wIlaYkv.exe
  C:\Windows\System\wIlaYkv.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\HUiyHbs.exe
  C:\Windows\System\HUiyHbs.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\cndWtDL.exe
  C:\Windows\System\cndWtDL.exe
  2⤵
  - Executes dropped EXE
  PID:6040
- C:\Windows\System\QVlIcNH.exe
  C:\Windows\System\QVlIcNH.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\PvLcHWG.exe
  C:\Windows\System\PvLcHWG.exe
  2⤵
  PID:4880
- C:\Windows\System\CVJSHZq.exe
  C:\Windows\System\CVJSHZq.exe
  2⤵
  PID:3608
- C:\Windows\System\bKaHGIg.exe
  C:\Windows\System\bKaHGIg.exe
  2⤵
  PID:1080
- C:\Windows\System\nXCaRtq.exe
  C:\Windows\System\nXCaRtq.exe
  2⤵
  PID:1580
- C:\Windows\System\HLCPbFH.exe
  C:\Windows\System\HLCPbFH.exe
  2⤵
  PID:5028
- C:\Windows\System\AeswCCD.exe
  C:\Windows\System\AeswCCD.exe
  2⤵
  PID:4860
- C:\Windows\System\DMMxtCM.exe
  C:\Windows\System\DMMxtCM.exe
  2⤵
  PID:4272
- C:\Windows\System\bRTceeo.exe
  C:\Windows\System\bRTceeo.exe
  2⤵
  PID:2600
- C:\Windows\System\fAnnPSH.exe
  C:\Windows\System\fAnnPSH.exe
  2⤵
  PID:3400
- C:\Windows\System\wlNoozc.exe
  C:\Windows\System\wlNoozc.exe
  2⤵
  PID:3492
- C:\Windows\System\SpxACdB.exe
  C:\Windows\System\SpxACdB.exe
  2⤵
  PID:5700
- C:\Windows\System\ktioaZU.exe
  C:\Windows\System\ktioaZU.exe
  2⤵
  PID:3156
- C:\Windows\System\ZpRVpmS.exe
  C:\Windows\System\ZpRVpmS.exe
  2⤵
  PID:4500
- C:\Windows\System\KsXseYI.exe
  C:\Windows\System\KsXseYI.exe
  2⤵
  PID:5544
- C:\Windows\System\zIxCuQl.exe
  C:\Windows\System\zIxCuQl.exe
  2⤵
  PID:1260
- C:\Windows\System\LTdawvn.exe
  C:\Windows\System\LTdawvn.exe
  2⤵
  PID:3084
- C:\Windows\System\gglqGtv.exe
  C:\Windows\System\gglqGtv.exe
  2⤵
  PID:2904
- C:\Windows\System\pAFwCBH.exe
  C:\Windows\System\pAFwCBH.exe
  2⤵
  PID:4492
- C:\Windows\System\THeagAL.exe
  C:\Windows\System\THeagAL.exe
  2⤵
  PID:5784
- C:\Windows\System\gIWaRWk.exe
  C:\Windows\System\gIWaRWk.exe
  2⤵
  PID:1328
- C:\Windows\System\zLgZUFZ.exe
  C:\Windows\System\zLgZUFZ.exe
  2⤵
  PID:5848
- C:\Windows\System\DhvfhWr.exe
  C:\Windows\System\DhvfhWr.exe
  2⤵
  PID:4020
- C:\Windows\System\bcowlXD.exe
  C:\Windows\System\bcowlXD.exe
  2⤵
  PID:3208
- C:\Windows\System\tODxbyt.exe
  C:\Windows\System\tODxbyt.exe
  2⤵
  PID:4528
- C:\Windows\System\SQggBqf.exe
  C:\Windows\System\SQggBqf.exe
  2⤵
  PID:1104
- C:\Windows\System\ZhUwYib.exe
  C:\Windows\System\ZhUwYib.exe
  2⤵
  PID:4496
- C:\Windows\System\JEhPfce.exe
  C:\Windows\System\JEhPfce.exe
  2⤵
  PID:880
- C:\Windows\System\eRNLMMq.exe
  C:\Windows\System\eRNLMMq.exe
  2⤵
  PID:1508
- C:\Windows\System\nRKYDxY.exe
  C:\Windows\System\nRKYDxY.exe
  2⤵
  PID:5132
- C:\Windows\System\oORsFwB.exe
  C:\Windows\System\oORsFwB.exe
  2⤵
  PID:5216
- C:\Windows\System\bqRinSf.exe
  C:\Windows\System\bqRinSf.exe
  2⤵
  PID:2988
- C:\Windows\System\sblTJry.exe
  C:\Windows\System\sblTJry.exe
  2⤵
  PID:844
- C:\Windows\System\nOteMqI.exe
  C:\Windows\System\nOteMqI.exe
  2⤵
  PID:1548
- C:\Windows\System\BVASpyI.exe
  C:\Windows\System\BVASpyI.exe
  2⤵
  PID:5704
- C:\Windows\System\sRHgNpa.exe
  C:\Windows\System\sRHgNpa.exe
  2⤵
  PID:6128
- C:\Windows\System\jNDXhko.exe
  C:\Windows\System\jNDXhko.exe
  2⤵
  PID:3168
- C:\Windows\System\vvdnakr.exe
  C:\Windows\System\vvdnakr.exe
  2⤵
  PID:6092
- C:\Windows\System\gAbPkCI.exe
  C:\Windows\System\gAbPkCI.exe
  2⤵
  PID:1876
- C:\Windows\System\khIQKTm.exe
  C:\Windows\System\khIQKTm.exe
  2⤵
  PID:4872
- C:\Windows\System\mdnJmTp.exe
  C:\Windows\System\mdnJmTp.exe
  2⤵
  PID:4564
- C:\Windows\System\ObkEheL.exe
  C:\Windows\System\ObkEheL.exe
  2⤵
  PID:4268
- C:\Windows\System\cQijiMN.exe
  C:\Windows\System\cQijiMN.exe
  2⤵
  PID:4544
- C:\Windows\System\YYSDWYA.exe
  C:\Windows\System\YYSDWYA.exe
  2⤵
  PID:5792
- C:\Windows\System\bMduiBW.exe
  C:\Windows\System\bMduiBW.exe
  2⤵
  PID:5104
- C:\Windows\System\wTLsjnl.exe
  C:\Windows\System\wTLsjnl.exe
  2⤵
  PID:2584
- C:\Windows\System\sPFzIkK.exe
  C:\Windows\System\sPFzIkK.exe
  2⤵
  PID:5552
- C:\Windows\System\RfuWeaT.exe
  C:\Windows\System\RfuWeaT.exe
  2⤵
  PID:5020
- C:\Windows\System\ACTbyIi.exe
  C:\Windows\System\ACTbyIi.exe
  2⤵
  PID:6132
- C:\Windows\System\mLQzgLn.exe
  C:\Windows\System\mLQzgLn.exe
  2⤵
  PID:5624
- C:\Windows\System\RHqLkOI.exe
  C:\Windows\System\RHqLkOI.exe
  2⤵
  PID:740
- C:\Windows\System\aBVnEel.exe
  C:\Windows\System\aBVnEel.exe
  2⤵
  PID:2384
- C:\Windows\System\CLoOlAA.exe
  C:\Windows\System\CLoOlAA.exe
  2⤵
  PID:5052
- C:\Windows\System\PSZqqBv.exe
  C:\Windows\System\PSZqqBv.exe
  2⤵
  PID:5236
- C:\Windows\System\RKDAEgB.exe
  C:\Windows\System\RKDAEgB.exe
  2⤵
  PID:2244
- C:\Windows\System\aEmQTIb.exe
  C:\Windows\System\aEmQTIb.exe
  2⤵
  PID:4924
- C:\Windows\System\UxppHwF.exe
  C:\Windows\System\UxppHwF.exe
  2⤵
  PID:4356
- C:\Windows\System\kPtEOED.exe
  C:\Windows\System\kPtEOED.exe
  2⤵
  PID:5820
- C:\Windows\System\QHddEAV.exe
  C:\Windows\System\QHddEAV.exe
  2⤵
  PID:4080
- C:\Windows\System\iSyqVoW.exe
  C:\Windows\System\iSyqVoW.exe
  2⤵
  PID:5780
- C:\Windows\System\sJOdTrk.exe
  C:\Windows\System\sJOdTrk.exe
  2⤵
  PID:4800
- C:\Windows\System\PsyWpvf.exe
  C:\Windows\System\PsyWpvf.exe
  2⤵
  PID:5844
- C:\Windows\System\NAkosNF.exe
  C:\Windows\System\NAkosNF.exe
  2⤵
  PID:224
- C:\Windows\System\CePozKa.exe
  C:\Windows\System\CePozKa.exe
  2⤵
  PID:6068
- C:\Windows\System\hKEQdyc.exe
  C:\Windows\System\hKEQdyc.exe
  2⤵
  PID:4840
- C:\Windows\System\fdaGvTj.exe
  C:\Windows\System\fdaGvTj.exe
  2⤵
  PID:1960
- C:\Windows\System\TfvNgoK.exe
  C:\Windows\System\TfvNgoK.exe
  2⤵
  PID:3276
- C:\Windows\System\XQoEtrb.exe
  C:\Windows\System\XQoEtrb.exe
  2⤵
  PID:2504
- C:\Windows\System\OnFNmku.exe
  C:\Windows\System\OnFNmku.exe
  2⤵
  PID:6172
- C:\Windows\System\YPPtETc.exe
  C:\Windows\System\YPPtETc.exe
  2⤵
  PID:6204
- C:\Windows\System\ZiVDtnx.exe
  C:\Windows\System\ZiVDtnx.exe
  2⤵
  PID:6228
- C:\Windows\System\EuaQJIE.exe
  C:\Windows\System\EuaQJIE.exe
  2⤵
  PID:6260
- C:\Windows\System\BNizQRj.exe
  C:\Windows\System\BNizQRj.exe
  2⤵
  PID:6284
- C:\Windows\System\mvVYJzY.exe
  C:\Windows\System\mvVYJzY.exe
  2⤵
  PID:6316
- C:\Windows\System\XGcVucl.exe
  C:\Windows\System\XGcVucl.exe
  2⤵
  PID:6344
- C:\Windows\System\PEXsVrN.exe
  C:\Windows\System\PEXsVrN.exe
  2⤵
  PID:6372
- C:\Windows\System\RQFpYNn.exe
  C:\Windows\System\RQFpYNn.exe
  2⤵
  PID:6396
- C:\Windows\System\qFSieBL.exe
  C:\Windows\System\qFSieBL.exe
  2⤵
  PID:6428
- C:\Windows\System\cEeIGPB.exe
  C:\Windows\System\cEeIGPB.exe
  2⤵
  PID:6452
- C:\Windows\System\dKrlqwv.exe
  C:\Windows\System\dKrlqwv.exe
  2⤵
  PID:6484
- C:\Windows\System\wnqvxwt.exe
  C:\Windows\System\wnqvxwt.exe
  2⤵
  PID:6504
- C:\Windows\System\ZkPDyku.exe
  C:\Windows\System\ZkPDyku.exe
  2⤵
  PID:6540
- C:\Windows\System\REZChnK.exe
  C:\Windows\System\REZChnK.exe
  2⤵
  PID:6564
- C:\Windows\System\AljMPEc.exe
  C:\Windows\System\AljMPEc.exe
  2⤵
  PID:6596
- C:\Windows\System\eQONzZn.exe
  C:\Windows\System\eQONzZn.exe
  2⤵
  PID:6624
- C:\Windows\System\ycuKqIF.exe
  C:\Windows\System\ycuKqIF.exe
  2⤵
  PID:6648
- C:\Windows\System\dyfNDRK.exe
  C:\Windows\System\dyfNDRK.exe
  2⤵
  PID:6676
- C:\Windows\System\KpOzRMp.exe
  C:\Windows\System\KpOzRMp.exe
  2⤵
  PID:6704
- C:\Windows\System\GskDfYk.exe
  C:\Windows\System\GskDfYk.exe
  2⤵
  PID:6736
- C:\Windows\System\qSmBzWH.exe
  C:\Windows\System\qSmBzWH.exe
  2⤵
  PID:6820
- C:\Windows\System\wZJxMeu.exe
  C:\Windows\System\wZJxMeu.exe
  2⤵
  PID:6896
- C:\Windows\System\KXFUwbL.exe
  C:\Windows\System\KXFUwbL.exe
  2⤵
  PID:6940
- C:\Windows\System\YCnFinE.exe
  C:\Windows\System\YCnFinE.exe
  2⤵
  PID:6956
- C:\Windows\System\XnUcysW.exe
  C:\Windows\System\XnUcysW.exe
  2⤵
  PID:6996
- C:\Windows\System\sBIEQWh.exe
  C:\Windows\System\sBIEQWh.exe
  2⤵
  PID:7060
- C:\Windows\System\xCaUmvO.exe
  C:\Windows\System\xCaUmvO.exe
  2⤵
  PID:7092
- C:\Windows\System\TkPrSlA.exe
  C:\Windows\System\TkPrSlA.exe
  2⤵
  PID:7128
- C:\Windows\System\HBkQVla.exe
  C:\Windows\System\HBkQVla.exe
  2⤵
  PID:7152
- C:\Windows\System\DlvdzAq.exe
  C:\Windows\System\DlvdzAq.exe
  2⤵
  PID:6184
- C:\Windows\System\RRymBjv.exe
  C:\Windows\System\RRymBjv.exe
  2⤵
  PID:6236
- C:\Windows\System\JOSJyVc.exe
  C:\Windows\System\JOSJyVc.exe
  2⤵
  PID:6336
- C:\Windows\System\qjVYjiI.exe
  C:\Windows\System\qjVYjiI.exe
  2⤵
  PID:6380
- C:\Windows\System\ZIEhkNz.exe
  C:\Windows\System\ZIEhkNz.exe
  2⤵
  PID:6460
- C:\Windows\System\rbkdBpt.exe
  C:\Windows\System\rbkdBpt.exe
  2⤵
  PID:6520
- C:\Windows\System\YrQVped.exe
  C:\Windows\System\YrQVped.exe
  2⤵
  PID:2236
- C:\Windows\System\KWkONjH.exe
  C:\Windows\System\KWkONjH.exe
  2⤵
  PID:6612
- C:\Windows\System\ZOQqHOS.exe
  C:\Windows\System\ZOQqHOS.exe
  2⤵
  PID:6688
- C:\Windows\System\cQrHMMs.exe
  C:\Windows\System\cQrHMMs.exe
  2⤵
  PID:6732
- C:\Windows\System\Gnyuilt.exe
  C:\Windows\System\Gnyuilt.exe
  2⤵
  PID:6868
- C:\Windows\System\qlhOlOV.exe
  C:\Windows\System\qlhOlOV.exe
  2⤵
  PID:6976
- C:\Windows\System\UjypWYm.exe
  C:\Windows\System\UjypWYm.exe
  2⤵
  PID:7040
- C:\Windows\System\SuFEucK.exe
  C:\Windows\System\SuFEucK.exe
  2⤵
  PID:7116
- C:\Windows\System\PFzXiCE.exe
  C:\Windows\System\PFzXiCE.exe
  2⤵
  PID:7032
- C:\Windows\System\uQSUkpb.exe
  C:\Windows\System\uQSUkpb.exe
  2⤵
  PID:7104
- C:\Windows\System\SdrJcvl.exe
  C:\Windows\System\SdrJcvl.exe
  2⤵
  PID:1728
- C:\Windows\System\cRIaMuI.exe
  C:\Windows\System\cRIaMuI.exe
  2⤵
  PID:6368
- C:\Windows\System\oAFQYdc.exe
  C:\Windows\System\oAFQYdc.exe
  2⤵
  PID:6472
- C:\Windows\System\hgeNMJM.exe
  C:\Windows\System\hgeNMJM.exe
  2⤵
  PID:6604
- C:\Windows\System\elrpWtd.exe
  C:\Windows\System\elrpWtd.exe
  2⤵
  PID:6792
- C:\Windows\System\WkVxbxk.exe
  C:\Windows\System\WkVxbxk.exe
  2⤵
  PID:6984
- C:\Windows\System\CtLMghm.exe
  C:\Windows\System\CtLMghm.exe
  2⤵
  PID:7140
- C:\Windows\System\OpRXOle.exe
  C:\Windows\System\OpRXOle.exe
  2⤵
  PID:6776
- C:\Windows\System\SkdpIKc.exe
  C:\Windows\System\SkdpIKc.exe
  2⤵
  PID:2020
- C:\Windows\System\qtWeqQD.exe
  C:\Windows\System\qtWeqQD.exe
  2⤵
  PID:6656
- C:\Windows\System\NOHVAuZ.exe
  C:\Windows\System\NOHVAuZ.exe
  2⤵
  PID:7072
- C:\Windows\System\YxpPCgO.exe
  C:\Windows\System\YxpPCgO.exe
  2⤵
  PID:6256
- C:\Windows\System\OypmaIQ.exe
  C:\Windows\System\OypmaIQ.exe
  2⤵
  PID:2764
- C:\Windows\System\MrMebmD.exe
  C:\Windows\System\MrMebmD.exe
  2⤵
  PID:648
- C:\Windows\System\yCpmGxt.exe
  C:\Windows\System\yCpmGxt.exe
  2⤵
  PID:7188
- C:\Windows\System\HOkVtZG.exe
  C:\Windows\System\HOkVtZG.exe
  2⤵
  PID:7220
- C:\Windows\System\eNYcERd.exe
  C:\Windows\System\eNYcERd.exe
  2⤵
  PID:7248
- C:\Windows\System\wjkuuVq.exe
  C:\Windows\System\wjkuuVq.exe
  2⤵
  PID:7276
- C:\Windows\System\EiNqkDT.exe
  C:\Windows\System\EiNqkDT.exe
  2⤵
  PID:7304
- C:\Windows\System\iDTBpuK.exe
  C:\Windows\System\iDTBpuK.exe
  2⤵
  PID:7332
- C:\Windows\System\UYWZRcJ.exe
  C:\Windows\System\UYWZRcJ.exe
  2⤵
  PID:7364
- C:\Windows\System\RbXaXWt.exe
  C:\Windows\System\RbXaXWt.exe
  2⤵
  PID:7392
- C:\Windows\System\IBIUxWN.exe
  C:\Windows\System\IBIUxWN.exe
  2⤵
  PID:7416
- C:\Windows\System\nSzYAtw.exe
  C:\Windows\System\nSzYAtw.exe
  2⤵
  PID:7448
- C:\Windows\System\jgNryDH.exe
  C:\Windows\System\jgNryDH.exe
  2⤵
  PID:7464
- C:\Windows\System\dUjTOdp.exe
  C:\Windows\System\dUjTOdp.exe
  2⤵
  PID:7500
- C:\Windows\System\ZBXfvdN.exe
  C:\Windows\System\ZBXfvdN.exe
  2⤵
  PID:7520
- C:\Windows\System\UqIpesJ.exe
  C:\Windows\System\UqIpesJ.exe
  2⤵
  PID:7556
- C:\Windows\System\czecmTY.exe
  C:\Windows\System\czecmTY.exe
  2⤵
  PID:7584
- C:\Windows\System\NaKYGcz.exe
  C:\Windows\System\NaKYGcz.exe
  2⤵
  PID:7604
- C:\Windows\System\yuGiUfv.exe
  C:\Windows\System\yuGiUfv.exe
  2⤵
  PID:7632
- C:\Windows\System\lOZpDke.exe
  C:\Windows\System\lOZpDke.exe
  2⤵
  PID:7660
- C:\Windows\System\fpDNzWu.exe
  C:\Windows\System\fpDNzWu.exe
  2⤵
  PID:7692
- C:\Windows\System\fYrQgzV.exe
  C:\Windows\System\fYrQgzV.exe
  2⤵
  PID:7720
- C:\Windows\System\HyPMGFQ.exe
  C:\Windows\System\HyPMGFQ.exe
  2⤵
  PID:7748
- C:\Windows\System\rhHkMpu.exe
  C:\Windows\System\rhHkMpu.exe
  2⤵
  PID:7780
- C:\Windows\System\Bybmyov.exe
  C:\Windows\System\Bybmyov.exe
  2⤵
  PID:7816
- C:\Windows\System\cRHlbJd.exe
  C:\Windows\System\cRHlbJd.exe
  2⤵
  PID:7836
- C:\Windows\System\cXXbWEz.exe
  C:\Windows\System\cXXbWEz.exe
  2⤵
  PID:7872
- C:\Windows\System\ZTkdLvx.exe
  C:\Windows\System\ZTkdLvx.exe
  2⤵
  PID:7912
- C:\Windows\System\wexHjVk.exe
  C:\Windows\System\wexHjVk.exe
  2⤵
  PID:7928
- C:\Windows\System\heQftsQ.exe
  C:\Windows\System\heQftsQ.exe
  2⤵
  PID:7944
- C:\Windows\System\uruzBnc.exe
  C:\Windows\System\uruzBnc.exe
  2⤵
  PID:7972
- C:\Windows\System\ZaEmQow.exe
  C:\Windows\System\ZaEmQow.exe
  2⤵
  PID:8016
- C:\Windows\System\SKTYFKK.exe
  C:\Windows\System\SKTYFKK.exe
  2⤵
  PID:8044
- C:\Windows\System\HUEeeeU.exe
  C:\Windows\System\HUEeeeU.exe
  2⤵
  PID:8084
- C:\Windows\System\fBPgemh.exe
  C:\Windows\System\fBPgemh.exe
  2⤵
  PID:8116
- C:\Windows\System\KffLfCG.exe
  C:\Windows\System\KffLfCG.exe
  2⤵
  PID:8140
- C:\Windows\System\KiNWdpM.exe
  C:\Windows\System\KiNWdpM.exe
  2⤵
  PID:8156
- C:\Windows\System\fOftMUE.exe
  C:\Windows\System\fOftMUE.exe
  2⤵
  PID:7196
- C:\Windows\System\TCemlTv.exe
  C:\Windows\System\TCemlTv.exe
  2⤵
  PID:7264
- C:\Windows\System\TzgjfbC.exe
  C:\Windows\System\TzgjfbC.exe
  2⤵
  PID:5840
- C:\Windows\System\gcyIwVb.exe
  C:\Windows\System\gcyIwVb.exe
  2⤵
  PID:7428
- C:\Windows\System\dAHlRTu.exe
  C:\Windows\System\dAHlRTu.exe
  2⤵
  PID:7476
- C:\Windows\System\AuLfsaW.exe
  C:\Windows\System\AuLfsaW.exe
  2⤵
  PID:7540
- C:\Windows\System\NrcFXVe.exe
  C:\Windows\System\NrcFXVe.exe
  2⤵
  PID:7628
- C:\Windows\System\jhAYnTc.exe
  C:\Windows\System\jhAYnTc.exe
  2⤵
  PID:7684
- C:\Windows\System\UwvoxvA.exe
  C:\Windows\System\UwvoxvA.exe
  2⤵
  PID:7740
- C:\Windows\System\LQyxYSh.exe
  C:\Windows\System\LQyxYSh.exe
  2⤵
  PID:7812
- C:\Windows\System\AYMiPLF.exe
  C:\Windows\System\AYMiPLF.exe
  2⤵
  PID:7884
- C:\Windows\System\OlgqVUs.exe
  C:\Windows\System\OlgqVUs.exe
  2⤵
  PID:7936
- C:\Windows\System\WATnfvT.exe
  C:\Windows\System\WATnfvT.exe
  2⤵
  PID:7988
- C:\Windows\System\XaygFnz.exe
  C:\Windows\System\XaygFnz.exe
  2⤵
  PID:8068
- C:\Windows\System\GDvFuTx.exe
  C:\Windows\System\GDvFuTx.exe
  2⤵
  PID:8100
- C:\Windows\System\AvCRUCf.exe
  C:\Windows\System\AvCRUCf.exe
  2⤵
  PID:7180
- C:\Windows\System\DHwaTzD.exe
  C:\Windows\System\DHwaTzD.exe
  2⤵
  PID:1136
- C:\Windows\System\wTeLoby.exe
  C:\Windows\System\wTeLoby.exe
  2⤵
  PID:1560
- C:\Windows\System\MVFeSQI.exe
  C:\Windows\System\MVFeSQI.exe
  2⤵
  PID:2168
- C:\Windows\System\SubHyjc.exe
  C:\Windows\System\SubHyjc.exe
  2⤵
  PID:7380
- C:\Windows\System\KngxjLo.exe
  C:\Windows\System\KngxjLo.exe
  2⤵
  PID:7532
- C:\Windows\System\FCMtxJj.exe
  C:\Windows\System\FCMtxJj.exe
  2⤵
  PID:7652
- C:\Windows\System\rBNRwuD.exe
  C:\Windows\System\rBNRwuD.exe
  2⤵
  PID:7828
- C:\Windows\System\kFYTbey.exe
  C:\Windows\System\kFYTbey.exe
  2⤵
  PID:8036
- C:\Windows\System\TdTzOmZ.exe
  C:\Windows\System\TdTzOmZ.exe
  2⤵
  PID:8132
- C:\Windows\System\sNkoaOY.exe
  C:\Windows\System\sNkoaOY.exe
  2⤵
  PID:5904
- C:\Windows\System\GqKStoC.exe
  C:\Windows\System\GqKStoC.exe
  2⤵
  PID:7444
- C:\Windows\System\aDOHpcB.exe
  C:\Windows\System\aDOHpcB.exe
  2⤵
  PID:7644
- C:\Windows\System\pOKvXaC.exe
  C:\Windows\System\pOKvXaC.exe
  2⤵
  PID:8092
- C:\Windows\System\JAImGsC.exe
  C:\Windows\System\JAImGsC.exe
  2⤵
  PID:7460
- C:\Windows\System\pVjeoHr.exe
  C:\Windows\System\pVjeoHr.exe
  2⤵
  PID:7240
- C:\Windows\System\xgGKPBV.exe
  C:\Windows\System\xgGKPBV.exe
  2⤵
  PID:5368
- C:\Windows\System\vXqqjtt.exe
  C:\Windows\System\vXqqjtt.exe
  2⤵
  PID:8216
- C:\Windows\System\SHxMAfT.exe
  C:\Windows\System\SHxMAfT.exe
  2⤵
  PID:8256
- C:\Windows\System\lgAWtIc.exe
  C:\Windows\System\lgAWtIc.exe
  2⤵
  PID:8284
- C:\Windows\System\XRvkemT.exe
  C:\Windows\System\XRvkemT.exe
  2⤵
  PID:8304
- C:\Windows\System\YjkYZJB.exe
  C:\Windows\System\YjkYZJB.exe
  2⤵
  PID:8332
- C:\Windows\System\kTwuyCI.exe
  C:\Windows\System\kTwuyCI.exe
  2⤵
  PID:8360
- C:\Windows\System\oCpMYLW.exe
  C:\Windows\System\oCpMYLW.exe
  2⤵
  PID:8396
- C:\Windows\System\gTBjSpc.exe
  C:\Windows\System\gTBjSpc.exe
  2⤵
  PID:8416
- C:\Windows\System\EJNzrZx.exe
  C:\Windows\System\EJNzrZx.exe
  2⤵
  PID:8452
- C:\Windows\System\IKSMXXl.exe
  C:\Windows\System\IKSMXXl.exe
  2⤵
  PID:8472
- C:\Windows\System\LrFJJAr.exe
  C:\Windows\System\LrFJJAr.exe
  2⤵
  PID:8500
- C:\Windows\System\ZMJbMoG.exe
  C:\Windows\System\ZMJbMoG.exe
  2⤵
  PID:8532
- C:\Windows\System\lZhWYIq.exe
  C:\Windows\System\lZhWYIq.exe
  2⤵
  PID:8564
- C:\Windows\System\pTUirxO.exe
  C:\Windows\System\pTUirxO.exe
  2⤵
  PID:8588
- C:\Windows\System\QHmJptt.exe
  C:\Windows\System\QHmJptt.exe
  2⤵
  PID:8620
- C:\Windows\System\qmbWHtm.exe
  C:\Windows\System\qmbWHtm.exe
  2⤵
  PID:8648
- C:\Windows\System\fQJNIUK.exe
  C:\Windows\System\fQJNIUK.exe
  2⤵
  PID:8676
- C:\Windows\System\nfwCnFr.exe
  C:\Windows\System\nfwCnFr.exe
  2⤵
  PID:8696
- C:\Windows\System\cbRcxpK.exe
  C:\Windows\System\cbRcxpK.exe
  2⤵
  PID:8724
- C:\Windows\System\RgXfvQD.exe
  C:\Windows\System\RgXfvQD.exe
  2⤵
  PID:8760
- C:\Windows\System\RzFDmzk.exe
  C:\Windows\System\RzFDmzk.exe
  2⤵
  PID:8784
- C:\Windows\System\PfgtUbi.exe
  C:\Windows\System\PfgtUbi.exe
  2⤵
  PID:8808
- C:\Windows\System\vKehbIp.exe
  C:\Windows\System\vKehbIp.exe
  2⤵
  PID:8844
- C:\Windows\System\uoPsmnH.exe
  C:\Windows\System\uoPsmnH.exe
  2⤵
  PID:8864
- C:\Windows\System\wyADhkd.exe
  C:\Windows\System\wyADhkd.exe
  2⤵
  PID:8892
- C:\Windows\System\zmlgycK.exe
  C:\Windows\System\zmlgycK.exe
  2⤵
  PID:8920
- C:\Windows\System\fZDqNou.exe
  C:\Windows\System\fZDqNou.exe
  2⤵
  PID:8952
- C:\Windows\System\QiybTiu.exe
  C:\Windows\System\QiybTiu.exe
  2⤵
  PID:8984
- C:\Windows\System\HpmnXcE.exe
  C:\Windows\System\HpmnXcE.exe
  2⤵
  PID:9012
- C:\Windows\System\IXZCpCm.exe
  C:\Windows\System\IXZCpCm.exe
  2⤵
  PID:9032
- C:\Windows\System\MwCEeeo.exe
  C:\Windows\System\MwCEeeo.exe
  2⤵
  PID:9060
- C:\Windows\System\KfhEGUW.exe
  C:\Windows\System\KfhEGUW.exe
  2⤵
  PID:9096
- C:\Windows\System\BIupuEp.exe
  C:\Windows\System\BIupuEp.exe
  2⤵
  PID:9116
- C:\Windows\System\oVafRJP.exe
  C:\Windows\System\oVafRJP.exe
  2⤵
  PID:9144
- C:\Windows\System\YdgLvvz.exe
  C:\Windows\System\YdgLvvz.exe
  2⤵
  PID:9176
- C:\Windows\System\WefhWRG.exe
  C:\Windows\System\WefhWRG.exe
  2⤵
  PID:9208
- C:\Windows\System\CGjpSmN.exe
  C:\Windows\System\CGjpSmN.exe
  2⤵
  PID:8212
- C:\Windows\System\YyvGGqc.exe
  C:\Windows\System\YyvGGqc.exe
  2⤵
  PID:8292
- C:\Windows\System\LjFLpwv.exe
  C:\Windows\System\LjFLpwv.exe
  2⤵
  PID:8344
- C:\Windows\System\zIPiHmd.exe
  C:\Windows\System\zIPiHmd.exe
  2⤵
  PID:8408
- C:\Windows\System\GCcThEx.exe
  C:\Windows\System\GCcThEx.exe
  2⤵
  PID:8468
- C:\Windows\System\czfkDrM.exe
  C:\Windows\System\czfkDrM.exe
  2⤵
  PID:8552
- C:\Windows\System\ooOXwnF.exe
  C:\Windows\System\ooOXwnF.exe
  2⤵
  PID:8604
- C:\Windows\System\whhjOtd.exe
  C:\Windows\System\whhjOtd.exe
  2⤵
  PID:8684
- C:\Windows\System\uZGVyyH.exe
  C:\Windows\System\uZGVyyH.exe
  2⤵
  PID:8736
- C:\Windows\System\lbnzLiB.exe
  C:\Windows\System\lbnzLiB.exe
  2⤵
  PID:8800
- C:\Windows\System\RBFqMWM.exe
  C:\Windows\System\RBFqMWM.exe
  2⤵
  PID:8884
- C:\Windows\System\HrPTicB.exe
  C:\Windows\System\HrPTicB.exe
  2⤵
  PID:8944
- C:\Windows\System\PILclku.exe
  C:\Windows\System\PILclku.exe
  2⤵
  PID:9000
- C:\Windows\System\MlPJZuz.exe
  C:\Windows\System\MlPJZuz.exe
  2⤵
  PID:9072
- C:\Windows\System\cMSRyBt.exe
  C:\Windows\System\cMSRyBt.exe
  2⤵
  PID:9140
- C:\Windows\System\CucTTxk.exe
  C:\Windows\System\CucTTxk.exe
  2⤵
  PID:9192
- C:\Windows\System\thMtwFy.exe
  C:\Windows\System\thMtwFy.exe
  2⤵
  PID:8300
- C:\Windows\System\xQmgxzA.exe
  C:\Windows\System\xQmgxzA.exe
  2⤵
  PID:4156
- C:\Windows\System\nQFjTnD.exe
  C:\Windows\System\nQFjTnD.exe
  2⤵
  PID:8524
- C:\Windows\System\YQxmJxB.exe
  C:\Windows\System\YQxmJxB.exe
  2⤵
  PID:8656
- C:\Windows\System\RxTapDS.exe
  C:\Windows\System\RxTapDS.exe
  2⤵
  PID:8828
- C:\Windows\System\qcVrlTq.exe
  C:\Windows\System\qcVrlTq.exe
  2⤵
  PID:8968
- C:\Windows\System\dDSfgbq.exe
  C:\Windows\System\dDSfgbq.exe
  2⤵
  PID:9164
- C:\Windows\System\pSIoSYs.exe
  C:\Windows\System\pSIoSYs.exe
  2⤵
  PID:8436
- C:\Windows\System\RtYINXP.exe
  C:\Windows\System\RtYINXP.exe
  2⤵
  PID:8596
- C:\Windows\System\RyyoBIA.exe
  C:\Windows\System\RyyoBIA.exe
  2⤵
  PID:8916
- C:\Windows\System\LruILiG.exe
  C:\Windows\System\LruILiG.exe
  2⤵
  PID:8580
- C:\Windows\System\SvbBVcp.exe
  C:\Windows\System\SvbBVcp.exe
  2⤵
  PID:2480
- C:\Windows\System\SfHzXQc.exe
  C:\Windows\System\SfHzXQc.exe
  2⤵
  PID:9224
- C:\Windows\System\iPCdogl.exe
  C:\Windows\System\iPCdogl.exe
  2⤵
  PID:9260
- C:\Windows\System\BNsOJBl.exe
  C:\Windows\System\BNsOJBl.exe
  2⤵
  PID:9280
- C:\Windows\System\FsERhlb.exe
  C:\Windows\System\FsERhlb.exe
  2⤵
  PID:9312
- C:\Windows\System\zVqahQo.exe
  C:\Windows\System\zVqahQo.exe
  2⤵
  PID:9340
- C:\Windows\System\ZQCmJNU.exe
  C:\Windows\System\ZQCmJNU.exe
  2⤵
  PID:9364
- C:\Windows\System\bubsFOx.exe
  C:\Windows\System\bubsFOx.exe
  2⤵
  PID:9392
- C:\Windows\System\qneZlyW.exe
  C:\Windows\System\qneZlyW.exe
  2⤵
  PID:9420
- C:\Windows\System\pmGEDMC.exe
  C:\Windows\System\pmGEDMC.exe
  2⤵
  PID:9448
- C:\Windows\System\CcxRkQv.exe
  C:\Windows\System\CcxRkQv.exe
  2⤵
  PID:9480
- C:\Windows\System\ntQzrwh.exe
  C:\Windows\System\ntQzrwh.exe
  2⤵
  PID:9504
- C:\Windows\System\IgkyPJt.exe
  C:\Windows\System\IgkyPJt.exe
  2⤵
  PID:9540
- C:\Windows\System\YrIsnuH.exe
  C:\Windows\System\YrIsnuH.exe
  2⤵
  PID:9560
- C:\Windows\System\VMrIVlc.exe
  C:\Windows\System\VMrIVlc.exe
  2⤵
  PID:9596
- C:\Windows\System\zLAGMqu.exe
  C:\Windows\System\zLAGMqu.exe
  2⤵
  PID:9624
- C:\Windows\System\WbREQie.exe
  C:\Windows\System\WbREQie.exe
  2⤵
  PID:9652
- C:\Windows\System\rcQEckf.exe
  C:\Windows\System\rcQEckf.exe
  2⤵
  PID:9676
- C:\Windows\System\vGOksqF.exe
  C:\Windows\System\vGOksqF.exe
  2⤵
  PID:9700
- C:\Windows\System\vOpxBYP.exe
  C:\Windows\System\vOpxBYP.exe
  2⤵
  PID:9728
- C:\Windows\System\wOkEUdw.exe
  C:\Windows\System\wOkEUdw.exe
  2⤵
  PID:9756
- C:\Windows\System\aAKRyet.exe
  C:\Windows\System\aAKRyet.exe
  2⤵
  PID:9784
- C:\Windows\System\IrwEqsR.exe
  C:\Windows\System\IrwEqsR.exe
  2⤵
  PID:9824
- C:\Windows\System\ZAwJJfc.exe
  C:\Windows\System\ZAwJJfc.exe
  2⤵
  PID:9844
- C:\Windows\System\UnzNILR.exe
  C:\Windows\System\UnzNILR.exe
  2⤵
  PID:9872
- C:\Windows\System\NvztzuH.exe
  C:\Windows\System\NvztzuH.exe
  2⤵
  PID:9900
- C:\Windows\System\DrMcvdj.exe
  C:\Windows\System\DrMcvdj.exe
  2⤵
  PID:9936
- C:\Windows\System\ytbABmM.exe
  C:\Windows\System\ytbABmM.exe
  2⤵
  PID:9956
- C:\Windows\System\RJaiqiE.exe
  C:\Windows\System\RJaiqiE.exe
  2⤵
  PID:9992
- C:\Windows\System\TxMjyIX.exe
  C:\Windows\System\TxMjyIX.exe
  2⤵
  PID:10020
- C:\Windows\System\XZKDMsQ.exe
  C:\Windows\System\XZKDMsQ.exe
  2⤵
  PID:10048
- C:\Windows\System\ZnZuzMJ.exe
  C:\Windows\System\ZnZuzMJ.exe
  2⤵
  PID:10068
- C:\Windows\System\TRiMSWc.exe
  C:\Windows\System\TRiMSWc.exe
  2⤵
  PID:10104
- C:\Windows\System\NyAMMTi.exe
  C:\Windows\System\NyAMMTi.exe
  2⤵
  PID:10128
- C:\Windows\System\YufQFgG.exe
  C:\Windows\System\YufQFgG.exe
  2⤵
  PID:10164
- C:\Windows\System\rWLxGJN.exe
  C:\Windows\System\rWLxGJN.exe
  2⤵
  PID:10184
- C:\Windows\System\YrIPhqP.exe
  C:\Windows\System\YrIPhqP.exe
  2⤵
  PID:10224
- C:\Windows\System\nEqshOi.exe
  C:\Windows\System\nEqshOi.exe
  2⤵
  PID:9220
- C:\Windows\System\yyGHfQJ.exe
  C:\Windows\System\yyGHfQJ.exe
  2⤵
  PID:9292
- C:\Windows\System\sGNsxbm.exe
  C:\Windows\System\sGNsxbm.exe
  2⤵
  PID:9384
- C:\Windows\System\YfPXtYD.exe
  C:\Windows\System\YfPXtYD.exe
  2⤵
  PID:9440
- C:\Windows\System\tzfPxMx.exe
  C:\Windows\System\tzfPxMx.exe
  2⤵
  PID:9492
- C:\Windows\System\DNUPiut.exe
  C:\Windows\System\DNUPiut.exe
  2⤵
  PID:9572
- C:\Windows\System\NYiCcCt.exe
  C:\Windows\System\NYiCcCt.exe
  2⤵
  PID:9640
- C:\Windows\System\YZfkfLv.exe
  C:\Windows\System\YZfkfLv.exe
  2⤵
  PID:9684
- C:\Windows\System\IgNWtJV.exe
  C:\Windows\System\IgNWtJV.exe
  2⤵
  PID:9748
- C:\Windows\System\UAeMkLT.exe
  C:\Windows\System\UAeMkLT.exe
  2⤵
  PID:9840
- C:\Windows\System\yaXOseO.exe
  C:\Windows\System\yaXOseO.exe
  2⤵
  PID:9892
- C:\Windows\System\AvCucwv.exe
  C:\Windows\System\AvCucwv.exe
  2⤵
  PID:9952
- C:\Windows\System\cvgYeHl.exe
  C:\Windows\System\cvgYeHl.exe
  2⤵
  PID:10056
- C:\Windows\System\vagzfNB.exe
  C:\Windows\System\vagzfNB.exe
  2⤵
  PID:10092
- C:\Windows\System\pTSJuJq.exe
  C:\Windows\System\pTSJuJq.exe
  2⤵
  PID:10172
- C:\Windows\System\AYwMasv.exe
  C:\Windows\System\AYwMasv.exe
  2⤵
  PID:9272
- C:\Windows\System\jpkUHst.exe
  C:\Windows\System\jpkUHst.exe
  2⤵
  PID:9348
- C:\Windows\System\CWicUoB.exe
  C:\Windows\System\CWicUoB.exe
  2⤵
  PID:9584
- C:\Windows\System\OZxMTGc.exe
  C:\Windows\System\OZxMTGc.exe
  2⤵
  PID:9668
- C:\Windows\System\FmQnSWY.exe
  C:\Windows\System\FmQnSWY.exe
  2⤵
  PID:9920
- C:\Windows\System\cOdrnPI.exe
  C:\Windows\System\cOdrnPI.exe
  2⤵
  PID:10004
- C:\Windows\System\YYGpllV.exe
  C:\Windows\System\YYGpllV.exe
  2⤵
  PID:10148
- C:\Windows\System\RuLBpBS.exe
  C:\Windows\System\RuLBpBS.exe
  2⤵
  PID:9460
- C:\Windows\System\wQRNYwp.exe
  C:\Windows\System\wQRNYwp.exe
  2⤵
  PID:9796
- C:\Windows\System\JtmVcNm.exe
  C:\Windows\System\JtmVcNm.exe
  2⤵
  PID:9380
- C:\Windows\System\GdRvfAR.exe
  C:\Windows\System\GdRvfAR.exe
  2⤵
  PID:9664
- C:\Windows\System\zjdhACw.exe
  C:\Windows\System\zjdhACw.exe
  2⤵
  PID:10248
- C:\Windows\System\bEmOrNp.exe
  C:\Windows\System\bEmOrNp.exe
  2⤵
  PID:10276
- C:\Windows\System\THxbGGj.exe
  C:\Windows\System\THxbGGj.exe
  2⤵
  PID:10304
- C:\Windows\System\SJqWhZR.exe
  C:\Windows\System\SJqWhZR.exe
  2⤵
  PID:10332
- C:\Windows\System\fsaanBv.exe
  C:\Windows\System\fsaanBv.exe
  2⤵
  PID:10360
- C:\Windows\System\OumXMot.exe
  C:\Windows\System\OumXMot.exe
  2⤵
  PID:10388
- C:\Windows\System\xOATikU.exe
  C:\Windows\System\xOATikU.exe
  2⤵
  PID:10416
- C:\Windows\System\ADekwjD.exe
  C:\Windows\System\ADekwjD.exe
  2⤵
  PID:10444
- C:\Windows\System\ycSTQmX.exe
  C:\Windows\System\ycSTQmX.exe
  2⤵
  PID:10480
- C:\Windows\System\tXRcHJQ.exe
  C:\Windows\System\tXRcHJQ.exe
  2⤵
  PID:10500
- C:\Windows\System\KUQrCFi.exe
  C:\Windows\System\KUQrCFi.exe
  2⤵
  PID:10528
- C:\Windows\System\sSkdqrr.exe
  C:\Windows\System\sSkdqrr.exe
  2⤵
  PID:10556
- C:\Windows\System\lQRTZuf.exe
  C:\Windows\System\lQRTZuf.exe
  2⤵
  PID:10584
- C:\Windows\System\uTUFWTX.exe
  C:\Windows\System\uTUFWTX.exe
  2⤵
  PID:10612
- C:\Windows\System\KYfdckd.exe
  C:\Windows\System\KYfdckd.exe
  2⤵
  PID:10648
- C:\Windows\System\GqxrRUT.exe
  C:\Windows\System\GqxrRUT.exe
  2⤵
  PID:10676
- C:\Windows\System\EdneYIR.exe
  C:\Windows\System\EdneYIR.exe
  2⤵
  PID:10696
- C:\Windows\System\PqGMfOC.exe
  C:\Windows\System\PqGMfOC.exe
  2⤵
  PID:10732
- C:\Windows\System\VZuZTyw.exe
  C:\Windows\System\VZuZTyw.exe
  2⤵
  PID:10752
- C:\Windows\System\dwfePrU.exe
  C:\Windows\System\dwfePrU.exe
  2⤵
  PID:10780
- C:\Windows\System\vqbxoRM.exe
  C:\Windows\System\vqbxoRM.exe
  2⤵
  PID:10808
- C:\Windows\System\edYkDKw.exe
  C:\Windows\System\edYkDKw.exe
  2⤵
  PID:10836
- C:\Windows\System\VwwGHRf.exe
  C:\Windows\System\VwwGHRf.exe
  2⤵
  PID:10864
- C:\Windows\System\ynZRCco.exe
  C:\Windows\System\ynZRCco.exe
  2⤵
  PID:10892
- C:\Windows\System\yNbYrJo.exe
  C:\Windows\System\yNbYrJo.exe
  2⤵
  PID:10920
- C:\Windows\System\nCVNZGM.exe
  C:\Windows\System\nCVNZGM.exe
  2⤵
  PID:10956
- C:\Windows\System\rkoBxXJ.exe
  C:\Windows\System\rkoBxXJ.exe
  2⤵
  PID:10980
- C:\Windows\System\WHTBKeJ.exe
  C:\Windows\System\WHTBKeJ.exe
  2⤵
  PID:11004
- C:\Windows\System\TaOLIHm.exe
  C:\Windows\System\TaOLIHm.exe
  2⤵
  PID:11040
- C:\Windows\System\BeucObN.exe
  C:\Windows\System\BeucObN.exe
  2⤵
  PID:11060
- C:\Windows\System\yPKoJQL.exe
  C:\Windows\System\yPKoJQL.exe
  2⤵
  PID:11088
- C:\Windows\System\mccBZEt.exe
  C:\Windows\System\mccBZEt.exe
  2⤵
  PID:11116
- C:\Windows\System\ZhMLUmn.exe
  C:\Windows\System\ZhMLUmn.exe
  2⤵
  PID:11144
- C:\Windows\System\evmCZKm.exe
  C:\Windows\System\evmCZKm.exe
  2⤵
  PID:11172
- C:\Windows\System\fVTYsML.exe
  C:\Windows\System\fVTYsML.exe
  2⤵
  PID:11208
- C:\Windows\System\sNPdbDT.exe
  C:\Windows\System\sNPdbDT.exe
  2⤵
  PID:11228
- C:\Windows\System\fNkpkOn.exe
  C:\Windows\System\fNkpkOn.exe
  2⤵
  PID:11256
- C:\Windows\System\dGJYJbH.exe
  C:\Windows\System\dGJYJbH.exe
  2⤵
  PID:10288
- C:\Windows\System\uwafsWJ.exe
  C:\Windows\System\uwafsWJ.exe
  2⤵
  PID:10356
- C:\Windows\System\ZnjpMVK.exe
  C:\Windows\System\ZnjpMVK.exe
  2⤵
  PID:10412
- C:\Windows\System\prtiCXH.exe
  C:\Windows\System\prtiCXH.exe
  2⤵
  PID:10488
- C:\Windows\System\dYRNjZl.exe
  C:\Windows\System\dYRNjZl.exe
  2⤵
  PID:10548
- C:\Windows\System\RmVZjbO.exe
  C:\Windows\System\RmVZjbO.exe
  2⤵
  PID:10608
- C:\Windows\System\KaZNjYs.exe
  C:\Windows\System\KaZNjYs.exe
  2⤵
  PID:10688
- C:\Windows\System\bhQibYV.exe
  C:\Windows\System\bhQibYV.exe
  2⤵
  PID:10744
- C:\Windows\System\MHAYRZk.exe
  C:\Windows\System\MHAYRZk.exe
  2⤵
  PID:10804
- C:\Windows\System\CqoUupJ.exe
  C:\Windows\System\CqoUupJ.exe
  2⤵
  PID:10876
- C:\Windows\System\TCDuQoO.exe
  C:\Windows\System\TCDuQoO.exe
  2⤵
  PID:10944
- C:\Windows\System\ryWGpuq.exe
  C:\Windows\System\ryWGpuq.exe
  2⤵
  PID:11016
- C:\Windows\System\ugMfdnx.exe
  C:\Windows\System\ugMfdnx.exe
  2⤵
  PID:11072
- C:\Windows\System\raDCOZw.exe
  C:\Windows\System\raDCOZw.exe
  2⤵
  PID:11136
- C:\Windows\System\BtawrcS.exe
  C:\Windows\System\BtawrcS.exe
  2⤵
  PID:11220
- C:\Windows\System\XuDXgIr.exe
  C:\Windows\System\XuDXgIr.exe
  2⤵
  PID:10244
- C:\Windows\System\dpsgxPT.exe
  C:\Windows\System\dpsgxPT.exe
  2⤵
  PID:10384
- C:\Windows\System\AgYnGYL.exe
  C:\Windows\System\AgYnGYL.exe
  2⤵
  PID:10524
- C:\Windows\System\YBFCyfa.exe
  C:\Windows\System\YBFCyfa.exe
  2⤵
  PID:10664
- C:\Windows\System\YZylMtY.exe
  C:\Windows\System\YZylMtY.exe
  2⤵
  PID:10832
- C:\Windows\System\XuBtbbD.exe
  C:\Windows\System\XuBtbbD.exe
  2⤵
  PID:10988
- C:\Windows\System\hoVOxVR.exe
  C:\Windows\System\hoVOxVR.exe
  2⤵
  PID:11128
- C:\Windows\System\hoznKOH.exe
  C:\Windows\System\hoznKOH.exe
  2⤵
  PID:10316
- C:\Windows\System\WRTVuBH.exe
  C:\Windows\System\WRTVuBH.exe
  2⤵
  PID:10636
- C:\Windows\System\iAndamE.exe
  C:\Windows\System\iAndamE.exe
  2⤵
  PID:11192
- C:\Windows\System\bFwdkEs.exe
  C:\Windows\System\bFwdkEs.exe
  2⤵
  PID:1276
- C:\Windows\System\QwXkkqj.exe
  C:\Windows\System\QwXkkqj.exe
  2⤵
  PID:3836
- C:\Windows\System\fmJeOCT.exe
  C:\Windows\System\fmJeOCT.exe
  2⤵
  PID:11268
- C:\Windows\System\GAPIXBF.exe
  C:\Windows\System\GAPIXBF.exe
  2⤵
  PID:11316
- C:\Windows\System\BpuDIbL.exe
  C:\Windows\System\BpuDIbL.exe
  2⤵
  PID:11356
- C:\Windows\System\VSqiYff.exe
  C:\Windows\System\VSqiYff.exe
  2⤵
  PID:11408
- C:\Windows\System\ReONInN.exe
  C:\Windows\System\ReONInN.exe
  2⤵
  PID:11456
- C:\Windows\System\nDHcRIB.exe
  C:\Windows\System\nDHcRIB.exe
  2⤵
  PID:11476
- C:\Windows\System\WeCEYFe.exe
  C:\Windows\System\WeCEYFe.exe
  2⤵
  PID:11512
- C:\Windows\System\nOIXeXK.exe
  C:\Windows\System\nOIXeXK.exe
  2⤵
  PID:11532
- C:\Windows\System\UQoyXef.exe
  C:\Windows\System\UQoyXef.exe
  2⤵
  PID:11560
- C:\Windows\System\FHjxojW.exe
  C:\Windows\System\FHjxojW.exe
  2⤵
  PID:11588
- C:\Windows\System\tPVgcNL.exe
  C:\Windows\System\tPVgcNL.exe
  2⤵
  PID:11616
- C:\Windows\System\wqXROKx.exe
  C:\Windows\System\wqXROKx.exe
  2⤵
  PID:11644
- C:\Windows\System\TvQwNvB.exe
  C:\Windows\System\TvQwNvB.exe
  2⤵
  PID:11672
- C:\Windows\System\zEQHrCD.exe
  C:\Windows\System\zEQHrCD.exe
  2⤵
  PID:11700
- C:\Windows\System\vDWyJKi.exe
  C:\Windows\System\vDWyJKi.exe
  2⤵
  PID:11732
- C:\Windows\System\QFaVpyZ.exe
  C:\Windows\System\QFaVpyZ.exe
  2⤵
  PID:11756
- C:\Windows\System\RJlSeXC.exe
  C:\Windows\System\RJlSeXC.exe
  2⤵
  PID:11792
- C:\Windows\System\ZlpqxQu.exe
  C:\Windows\System\ZlpqxQu.exe
  2⤵
  PID:11812
- C:\Windows\System\wWWPsnq.exe
  C:\Windows\System\wWWPsnq.exe
  2⤵
  PID:11840
- C:\Windows\System\DVIfXNS.exe
  C:\Windows\System\DVIfXNS.exe
  2⤵
  PID:11868
- C:\Windows\System\HpcFORF.exe
  C:\Windows\System\HpcFORF.exe
  2⤵
  PID:11900
- C:\Windows\System\rsJUDMW.exe
  C:\Windows\System\rsJUDMW.exe
  2⤵
  PID:11924
- C:\Windows\System\wiWfhtM.exe
  C:\Windows\System\wiWfhtM.exe
  2⤵
  PID:11960
- C:\Windows\System\QdJMyXI.exe
  C:\Windows\System\QdJMyXI.exe
  2⤵
  PID:11980
- C:\Windows\System\tclnfEn.exe
  C:\Windows\System\tclnfEn.exe
  2⤵
  PID:12008
- C:\Windows\System\UCNuNoD.exe
  C:\Windows\System\UCNuNoD.exe
  2⤵
  PID:12036
- C:\Windows\System\yZvOCCW.exe
  C:\Windows\System\yZvOCCW.exe
  2⤵
  PID:12064
- C:\Windows\System\oaGpNlK.exe
  C:\Windows\System\oaGpNlK.exe
  2⤵
  PID:12096
- C:\Windows\System\RXKgXis.exe
  C:\Windows\System\RXKgXis.exe
  2⤵
  PID:12120
- C:\Windows\System\YSVGDZj.exe
  C:\Windows\System\YSVGDZj.exe
  2⤵
  PID:12152
- C:\Windows\System\oMAYSJl.exe
  C:\Windows\System\oMAYSJl.exe
  2⤵
  PID:12180
- C:\Windows\System\zElIqnr.exe
  C:\Windows\System\zElIqnr.exe
  2⤵
  PID:12216
- C:\Windows\System\xNnDzsw.exe
  C:\Windows\System\xNnDzsw.exe
  2⤵
  PID:12240
- C:\Windows\System\dzVdzJw.exe
  C:\Windows\System\dzVdzJw.exe
  2⤵
  PID:12280
- C:\Windows\System\NRxtgHB.exe
  C:\Windows\System\NRxtgHB.exe
  2⤵
  PID:11312
- C:\Windows\System\qInhfEX.exe
  C:\Windows\System\qInhfEX.exe
  2⤵
  PID:11404
- C:\Windows\System\YsbadpV.exe
  C:\Windows\System\YsbadpV.exe
  2⤵
  PID:2064
- C:\Windows\System\QsXBOFw.exe
  C:\Windows\System\QsXBOFw.exe
  2⤵
  PID:11384
- C:\Windows\System\lrCGYPz.exe
  C:\Windows\System\lrCGYPz.exe
  2⤵
  PID:11348
- C:\Windows\System\Fketjsg.exe
  C:\Windows\System\Fketjsg.exe
  2⤵
  PID:5992
- C:\Windows\System\gfuOUvO.exe
  C:\Windows\System\gfuOUvO.exe
  2⤵
  PID:11600
- C:\Windows\System\AtSEYML.exe
  C:\Windows\System\AtSEYML.exe
  2⤵
  PID:11640
- C:\Windows\System\OZIZFUG.exe
  C:\Windows\System\OZIZFUG.exe
  2⤵
  PID:11712
- C:\Windows\System\YeijZoF.exe
  C:\Windows\System\YeijZoF.exe
  2⤵
  PID:11776
- C:\Windows\System\OmsIhQB.exe
  C:\Windows\System\OmsIhQB.exe
  2⤵
  PID:11824
- C:\Windows\System\rXKstsf.exe
  C:\Windows\System\rXKstsf.exe
  2⤵
  PID:11888
- C:\Windows\System\uSUpIGr.exe
  C:\Windows\System\uSUpIGr.exe
  2⤵
  PID:11948
- C:\Windows\System\MxiOgqV.exe
  C:\Windows\System\MxiOgqV.exe
  2⤵
  PID:12000
- C:\Windows\System\EQktrmU.exe
  C:\Windows\System\EQktrmU.exe
  2⤵
  PID:12060
- C:\Windows\System\wxwipVA.exe
  C:\Windows\System\wxwipVA.exe
  2⤵
  PID:12112
- C:\Windows\System\aGUhuBU.exe
  C:\Windows\System\aGUhuBU.exe
  2⤵
  PID:12176
- C:\Windows\System\avXFjlc.exe
  C:\Windows\System\avXFjlc.exe
  2⤵
  PID:11280
- C:\Windows\System\XnTPadw.exe
  C:\Windows\System\XnTPadw.exe
  2⤵
  PID:1836
- C:\Windows\System\CZtgJAK.exe
  C:\Windows\System\CZtgJAK.exe
  2⤵
  PID:11464
- C:\Windows\System\BxMBLsT.exe
  C:\Windows\System\BxMBLsT.exe
  2⤵
  PID:11584
- C:\Windows\System\ThaxHNg.exe
  C:\Windows\System\ThaxHNg.exe
  2⤵
  PID:11696
- C:\Windows\System\VUmazUp.exe
  C:\Windows\System\VUmazUp.exe
  2⤵
  PID:11852
- C:\Windows\System\WSAJiRK.exe
  C:\Windows\System\WSAJiRK.exe
  2⤵
  PID:11976
- C:\Windows\System\KaHKRqr.exe
  C:\Windows\System\KaHKRqr.exe
  2⤵
  PID:12088
- C:\Windows\System\QCUBElC.exe
  C:\Windows\System\QCUBElC.exe
  2⤵
  PID:10512
- C:\Windows\System\EYojqIv.exe
  C:\Windows\System\EYojqIv.exe
  2⤵
  PID:11428
- C:\Windows\System\aYxBmkp.exe
  C:\Windows\System\aYxBmkp.exe
  2⤵
  PID:11692
- C:\Windows\System\ojacFnX.exe
  C:\Windows\System\ojacFnX.exe
  2⤵
  PID:12028
- C:\Windows\System\PIeiwWZ.exe
  C:\Windows\System\PIeiwWZ.exe
  2⤵
  PID:11400
- C:\Windows\System\SgoOifN.exe
  C:\Windows\System\SgoOifN.exe
  2⤵
  PID:11944
- C:\Windows\System\iSugXnu.exe
  C:\Windows\System\iSugXnu.exe
  2⤵
  PID:11668
- C:\Windows\System\HDAmNWe.exe
  C:\Windows\System\HDAmNWe.exe
  2⤵
  PID:12304
- C:\Windows\System\zqDqUpz.exe
  C:\Windows\System\zqDqUpz.exe
  2⤵
  PID:12332
- C:\Windows\System\FGgdREX.exe
  C:\Windows\System\FGgdREX.exe
  2⤵
  PID:12364
- C:\Windows\System\SuVAGcP.exe
  C:\Windows\System\SuVAGcP.exe
  2⤵
  PID:12388
- C:\Windows\System\qkopnKP.exe
  C:\Windows\System\qkopnKP.exe
  2⤵
  PID:12416
- C:\Windows\System\oScAHpi.exe
  C:\Windows\System\oScAHpi.exe
  2⤵
  PID:12448
- C:\Windows\System\VsrRofu.exe
  C:\Windows\System\VsrRofu.exe
  2⤵
  PID:12472
- C:\Windows\System\Cwnrhnw.exe
  C:\Windows\System\Cwnrhnw.exe
  2⤵
  PID:12500
- C:\Windows\System\VWjGWHw.exe
  C:\Windows\System\VWjGWHw.exe
  2⤵
  PID:12528
- C:\Windows\System\sFTNSqp.exe
  C:\Windows\System\sFTNSqp.exe
  2⤵
  PID:12556
- C:\Windows\System\HzpvFaw.exe
  C:\Windows\System\HzpvFaw.exe
  2⤵
  PID:12572
- C:\Windows\System\ksgRGZR.exe
  C:\Windows\System\ksgRGZR.exe
  2⤵
  PID:12592
- C:\Windows\System\DNFHHxp.exe
  C:\Windows\System\DNFHHxp.exe
  2⤵
  PID:12636
- C:\Windows\System\YAMXcSU.exe
  C:\Windows\System\YAMXcSU.exe
  2⤵
  PID:12668
- C:\Windows\System\wpnBICN.exe
  C:\Windows\System\wpnBICN.exe
  2⤵
  PID:12696
- C:\Windows\System\wUliHGC.exe
  C:\Windows\System\wUliHGC.exe
  2⤵
  PID:12756
- C:\Windows\System\cdhfVjH.exe
  C:\Windows\System\cdhfVjH.exe
  2⤵
  PID:12788
- C:\Windows\System\LsigIXq.exe
  C:\Windows\System\LsigIXq.exe
  2⤵
  PID:12808
- C:\Windows\System\BGTwMDa.exe
  C:\Windows\System\BGTwMDa.exe
  2⤵
  PID:12844
- C:\Windows\System\DIpLgum.exe
  C:\Windows\System\DIpLgum.exe
  2⤵
  PID:12860
- C:\Windows\System\CnovsVn.exe
  C:\Windows\System\CnovsVn.exe
  2⤵
  PID:12900
- C:\Windows\System\ofTsZwn.exe
  C:\Windows\System\ofTsZwn.exe
  2⤵
  PID:12928
- C:\Windows\System\sWAOkwn.exe
  C:\Windows\System\sWAOkwn.exe
  2⤵
  PID:12952
- C:\Windows\System\SGjtoQK.exe
  C:\Windows\System\SGjtoQK.exe
  2⤵
  PID:12984
- C:\Windows\System\GAlhmdI.exe
  C:\Windows\System\GAlhmdI.exe
  2⤵
  PID:13004
- C:\Windows\System\FTpkGow.exe
  C:\Windows\System\FTpkGow.exe
  2⤵
  PID:13040
- C:\Windows\System\QBhKkkL.exe
  C:\Windows\System\QBhKkkL.exe
  2⤵
  PID:13068
- C:\Windows\System\TBhoarv.exe
  C:\Windows\System\TBhoarv.exe
  2⤵
  PID:13084
- C:\Windows\System\VTCzHSS.exe
  C:\Windows\System\VTCzHSS.exe
  2⤵
  PID:13128
- C:\Windows\System\QUsqSVt.exe
  C:\Windows\System\QUsqSVt.exe
  2⤵
  PID:13156
- C:\Windows\System\DofULkO.exe
  C:\Windows\System\DofULkO.exe
  2⤵
  PID:13184
- C:\Windows\System\GWpFkra.exe
  C:\Windows\System\GWpFkra.exe
  2⤵
  PID:13224
- C:\Windows\System\ANxpnqD.exe
  C:\Windows\System\ANxpnqD.exe
  2⤵
  PID:13240
- C:\Windows\System\fZYdPgI.exe
  C:\Windows\System\fZYdPgI.exe
  2⤵
  PID:13268
- C:\Windows\System\fgJRJHP.exe
  C:\Windows\System\fgJRJHP.exe
  2⤵
  PID:13296
- C:\Windows\System\DlxRZoj.exe
  C:\Windows\System\DlxRZoj.exe
  2⤵
  PID:12292
- C:\Windows\System\uNyYGtC.exe
  C:\Windows\System\uNyYGtC.exe
  2⤵
  PID:12376
- C:\Windows\System\KeUneiN.exe
  C:\Windows\System\KeUneiN.exe
  2⤵
  PID:12404
- C:\Windows\System\jubPzQT.exe
  C:\Windows\System\jubPzQT.exe
  2⤵
  PID:12464
- C:\Windows\System\QeNFsad.exe
  C:\Windows\System\QeNFsad.exe
  2⤵
  PID:12548
- C:\Windows\System\JIimqAL.exe
  C:\Windows\System\JIimqAL.exe
  2⤵
  PID:12628
- C:\Windows\System\yQEksco.exe
  C:\Windows\System\yQEksco.exe
  2⤵
  PID:12680
- C:\Windows\System\OQuAqCW.exe
  C:\Windows\System\OQuAqCW.exe
  2⤵
  PID:12780
- C:\Windows\System\ZCYQlwA.exe
  C:\Windows\System\ZCYQlwA.exe
  2⤵
  PID:12836
- C:\Windows\System\WtrdrMP.exe
  C:\Windows\System\WtrdrMP.exe
  2⤵
  PID:12236
- C:\Windows\System\KsHsnAI.exe
  C:\Windows\System\KsHsnAI.exe
  2⤵
  PID:12872
- C:\Windows\System\zgGhmAZ.exe
  C:\Windows\System\zgGhmAZ.exe
  2⤵
  PID:12936
- C:\Windows\System\MLpWMyK.exe
  C:\Windows\System\MLpWMyK.exe
  2⤵
  PID:12996
- C:\Windows\System\DuItAQM.exe
  C:\Windows\System\DuItAQM.exe
  2⤵
  PID:13060
- C:\Windows\System\echmldl.exe
  C:\Windows\System\echmldl.exe
  2⤵
  PID:13112
- C:\Windows\System\fowwvkp.exe
  C:\Windows\System\fowwvkp.exe
  2⤵
  PID:13180
- C:\Windows\System\KTSXXcL.exe
  C:\Windows\System\KTSXXcL.exe
  2⤵
  PID:5528
- C:\Windows\System\sugYJtp.exe
  C:\Windows\System\sugYJtp.exe
  2⤵
  PID:13276
- C:\Windows\System\kZgWHWh.exe
  C:\Windows\System\kZgWHWh.exe
  2⤵
  PID:12344
- C:\Windows\System\uVPCuVJ.exe
  C:\Windows\System\uVPCuVJ.exe
  2⤵
  PID:12436
- C:\Windows\System\GHJOBLd.exe
  C:\Windows\System\GHJOBLd.exe
  2⤵
  PID:12664
- C:\Windows\System\pMjfRKt.exe
  C:\Windows\System\pMjfRKt.exe
  2⤵
  PID:12824
- C:\Windows\System\TfKGggc.exe
  C:\Windows\System\TfKGggc.exe
  2⤵
  PID:12852
- C:\Windows\System\ARsudNz.exe
  C:\Windows\System\ARsudNz.exe
  2⤵
  PID:13032
- C:\Windows\System\ClfozPx.exe
  C:\Windows\System\ClfozPx.exe
  2⤵
  PID:5044
- C:\Windows\System\ZMIsoOh.exe
  C:\Windows\System\ZMIsoOh.exe
  2⤵
  PID:13264
- C:\Windows\System\rAYyIFL.exe
  C:\Windows\System\rAYyIFL.exe
  2⤵
  PID:12356
- C:\Windows\System\cBTnyVV.exe
  C:\Windows\System\cBTnyVV.exe
  2⤵
  PID:1924
- C:\Windows\System\MksJasW.exe
  C:\Windows\System\MksJasW.exe
  2⤵
  PID:12972
- C:\Windows\System\XhtCJDK.exe
  C:\Windows\System\XhtCJDK.exe
  2⤵
  PID:13220
- C:\Windows\System\wsnRcEJ.exe
  C:\Windows\System\wsnRcEJ.exe
  2⤵
  PID:12144
- C:\Windows\System\iOdipjS.exe
  C:\Windows\System\iOdipjS.exe
  2⤵
  PID:12552
- C:\Windows\System\psnkZtw.exe
  C:\Windows\System\psnkZtw.exe
  2⤵
  PID:13208
- C:\Windows\System\FFOpLYN.exe
  C:\Windows\System\FFOpLYN.exe
  2⤵
  PID:13340
- C:\Windows\System\deSiziF.exe
  C:\Windows\System\deSiziF.exe
  2⤵
  PID:13356
- C:\Windows\System\JCWTJMy.exe
  C:\Windows\System\JCWTJMy.exe
  2⤵
  PID:13396
- C:\Windows\System\hClPoKG.exe
  C:\Windows\System\hClPoKG.exe
  2⤵
  PID:13424
- C:\Windows\System\yaIeuZF.exe
  C:\Windows\System\yaIeuZF.exe
  2⤵
  PID:13452
- C:\Windows\System\iKGIoij.exe
  C:\Windows\System\iKGIoij.exe
  2⤵
  PID:13480
- C:\Windows\System\HnQbcIy.exe
  C:\Windows\System\HnQbcIy.exe
  2⤵
  PID:13508
- C:\Windows\System\EqImJFN.exe
  C:\Windows\System\EqImJFN.exe
  2⤵
  PID:13536
- C:\Windows\System\nVRfvdW.exe
  C:\Windows\System\nVRfvdW.exe
  2⤵
  PID:13564
- C:\Windows\System\gHQgfRL.exe
  C:\Windows\System\gHQgfRL.exe
  2⤵
  PID:13592
- C:\Windows\System\zzqQsNH.exe
  C:\Windows\System\zzqQsNH.exe
  2⤵
  PID:13620
- C:\Windows\System\IAoKzZv.exe
  C:\Windows\System\IAoKzZv.exe
  2⤵
  PID:13648
- C:\Windows\System\SjRMBpJ.exe
  C:\Windows\System\SjRMBpJ.exe
  2⤵
  PID:13676
- C:\Windows\System\DWIYiPL.exe
  C:\Windows\System\DWIYiPL.exe
  2⤵
  PID:13708
- C:\Windows\System\IDsYUEc.exe
  C:\Windows\System\IDsYUEc.exe
  2⤵
  PID:13732
- C:\Windows\System\GsKOqac.exe
  C:\Windows\System\GsKOqac.exe
  2⤵
  PID:13760
- C:\Windows\System\bSmvhOV.exe
  C:\Windows\System\bSmvhOV.exe
  2⤵
  PID:13788
- C:\Windows\System\hhnmOYD.exe
  C:\Windows\System\hhnmOYD.exe
  2⤵
  PID:13824
- C:\Windows\System\iPPQCZS.exe
  C:\Windows\System\iPPQCZS.exe
  2⤵
  PID:13844
- C:\Windows\System\obzxSnp.exe
  C:\Windows\System\obzxSnp.exe
  2⤵
  PID:13872
- C:\Windows\System\LTQVhBm.exe
  C:\Windows\System\LTQVhBm.exe
  2⤵
  PID:13900
- C:\Windows\System\yjVzoXd.exe
  C:\Windows\System\yjVzoXd.exe
  2⤵
  PID:13928
- C:\Windows\System\kTSWNdx.exe
  C:\Windows\System\kTSWNdx.exe
  2⤵
  PID:13956
- C:\Windows\System\cuZVpae.exe
  C:\Windows\System\cuZVpae.exe
  2⤵
  PID:13984
- C:\Windows\System\xZZaukB.exe
  C:\Windows\System\xZZaukB.exe
  2⤵
  PID:14024
- C:\Windows\System\bdowJGL.exe
  C:\Windows\System\bdowJGL.exe
  2⤵
  PID:14040
- C:\Windows\System\piSDLvf.exe
  C:\Windows\System\piSDLvf.exe
  2⤵
  PID:14068
- C:\Windows\System\ofDQAzB.exe
  C:\Windows\System\ofDQAzB.exe
  2⤵
  PID:14096
- C:\Windows\System\JeuOQCo.exe
  C:\Windows\System\JeuOQCo.exe
  2⤵
  PID:14124
- C:\Windows\System\swxAgKH.exe
  C:\Windows\System\swxAgKH.exe
  2⤵
  PID:14152
- C:\Windows\System\KsQFIku.exe
  C:\Windows\System\KsQFIku.exe
  2⤵
  PID:14180
- C:\Windows\System\CgTpoHR.exe
  C:\Windows\System\CgTpoHR.exe
  2⤵
  PID:14208
- C:\Windows\System\ftKulTg.exe
  C:\Windows\System\ftKulTg.exe
  2⤵
  PID:14236
- C:\Windows\System\ltfiXTr.exe
  C:\Windows\System\ltfiXTr.exe
  2⤵
  PID:14276
- C:\Windows\System\FDTPHyO.exe
  C:\Windows\System\FDTPHyO.exe
  2⤵
  PID:14292
- C:\Windows\System\FRmAjub.exe
  C:\Windows\System\FRmAjub.exe
  2⤵
  PID:14320
- C:\Windows\System\kcmhyCc.exe
  C:\Windows\System\kcmhyCc.exe
  2⤵
  PID:13336
- C:\Windows\System\KIRJJla.exe
  C:\Windows\System\KIRJJla.exe
  2⤵
  PID:1244
- C:\Windows\System\TnnhbgW.exe
  C:\Windows\System\TnnhbgW.exe
  2⤵
  PID:2052
- C:\Windows\System\nYmjTsj.exe
  C:\Windows\System\nYmjTsj.exe
  2⤵
  PID:13492
- C:\Windows\System\pjexbyl.exe
  C:\Windows\System\pjexbyl.exe
  2⤵
  PID:13548
- C:\Windows\System\ScjjEwv.exe
  C:\Windows\System\ScjjEwv.exe
  2⤵
  PID:13640
- C:\Windows\System\lgVrGyn.exe
  C:\Windows\System\lgVrGyn.exe
  2⤵
  PID:13696
- C:\Windows\System\ldtEehh.exe
  C:\Windows\System\ldtEehh.exe
  2⤵
  PID:13836
- C:\Windows\System\hjhAyhn.exe
  C:\Windows\System\hjhAyhn.exe
  2⤵
  PID:4300
- C:\Windows\System\CfWqHHs.exe
  C:\Windows\System\CfWqHHs.exe
  2⤵
  PID:14008
- C:\Windows\System\BhQfzjG.exe
  C:\Windows\System\BhQfzjG.exe
  2⤵
  PID:14092
- C:\Windows\System\NwPeNay.exe
  C:\Windows\System\NwPeNay.exe
  2⤵
  PID:14176
- C:\Windows\System\PUMFMOh.exe
  C:\Windows\System\PUMFMOh.exe
  2⤵
  PID:4248
- C:\Windows\System\NCxNXhv.exe
  C:\Windows\System\NCxNXhv.exe
  2⤵
  PID:14304
- C:\Windows\System\hVMarBX.exe
  C:\Windows\System\hVMarBX.exe
  2⤵
  PID:1992
- C:\Windows\System\EUlGTzY.exe
  C:\Windows\System\EUlGTzY.exe
  2⤵
  PID:13448
- C:\Windows\System\gwuuAEP.exe
  C:\Windows\System\gwuuAEP.exe
  2⤵
  PID:13672
- C:\Windows\System\ZinHkEM.exe
  C:\Windows\System\ZinHkEM.exe
  2⤵
  PID:13968
- C:\Windows\System\MdyCTls.exe
  C:\Windows\System\MdyCTls.exe
  2⤵
  PID:14120
- C:\Windows\System\dKJjVKu.exe
  C:\Windows\System\dKJjVKu.exe
  2⤵
  PID:14284
- C:\Windows\System\pPPLrut.exe
  C:\Windows\System\pPPLrut.exe
  2⤵
  PID:13504
- C:\Windows\System\BaEUiXB.exe
  C:\Windows\System\BaEUiXB.exe
  2⤵
  PID:14020
- C:\Windows\System\RXnSjzW.exe
  C:\Windows\System\RXnSjzW.exe
  2⤵
  PID:14204
- C:\Windows\System\ebXtcUb.exe
  C:\Windows\System\ebXtcUb.exe
  2⤵
  PID:14364
- C:\Windows\System\dwQYVve.exe
  C:\Windows\System\dwQYVve.exe
  2⤵
  PID:14380
- C:\Windows\System\wxwdaUS.exe
  C:\Windows\System\wxwdaUS.exe
  2⤵
  PID:14432
- C:\Windows\System\UXLljBg.exe
  C:\Windows\System\UXLljBg.exe
  2⤵
  PID:14456
- C:\Windows\System\SARcVHr.exe
  C:\Windows\System\SARcVHr.exe
  2⤵
  PID:14488
- C:\Windows\System\gcgwIPK.exe
  C:\Windows\System\gcgwIPK.exe
  2⤵
  PID:14516
- C:\Windows\System\srvCyCN.exe
  C:\Windows\System\srvCyCN.exe
  2⤵
  PID:14544
- C:\Windows\System\JWkdoCI.exe
  C:\Windows\System\JWkdoCI.exe
  2⤵
  PID:14584
- C:\Windows\System\JlZtjQo.exe
  C:\Windows\System\JlZtjQo.exe
  2⤵
  PID:14616
- C:\Windows\System\gjvkuUe.exe
  C:\Windows\System\gjvkuUe.exe
  2⤵
  PID:14644
- C:\Windows\System\ommXjvs.exe
  C:\Windows\System\ommXjvs.exe
  2⤵
  PID:14680
- C:\Windows\System\ZQGiaJJ.exe
  C:\Windows\System\ZQGiaJJ.exe
  2⤵
  PID:14708
- C:\Windows\System\qEsPFBT.exe
  C:\Windows\System\qEsPFBT.exe
  2⤵
  PID:14736
- C:\Windows\System\BIszMWW.exe
  C:\Windows\System\BIszMWW.exe
  2⤵
  PID:14768
- C:\Windows\System\qcDycmO.exe
  C:\Windows\System\qcDycmO.exe
  2⤵
  PID:14808
- C:\Windows\System\lTUPMWG.exe
  C:\Windows\System\lTUPMWG.exe
  2⤵
  PID:14848
- C:\Windows\System\udNRvvf.exe
  C:\Windows\System\udNRvvf.exe
  2⤵
  PID:14876
- C:\Windows\System\MrHHlun.exe
  C:\Windows\System\MrHHlun.exe
  2⤵
  PID:14904
- C:\Windows\System\WDBwBuX.exe
  C:\Windows\System\WDBwBuX.exe
  2⤵
  PID:14932
- C:\Windows\System\hNLNYgZ.exe
  C:\Windows\System\hNLNYgZ.exe
  2⤵
  PID:14960
- C:\Windows\System\hqXBZpM.exe
  C:\Windows\System\hqXBZpM.exe
  2⤵
  PID:14988
- C:\Windows\System\HIJvWkE.exe
  C:\Windows\System\HIJvWkE.exe
  2⤵
  PID:15016
- C:\Windows\System\PAteXDD.exe
  C:\Windows\System\PAteXDD.exe
  2⤵
  PID:15044
- C:\Windows\System\TGCWlGL.exe
  C:\Windows\System\TGCWlGL.exe
  2⤵
  PID:15072
- C:\Windows\System\UBOjDwt.exe
  C:\Windows\System\UBOjDwt.exe
  2⤵
  PID:15100
- C:\Windows\System\ZPpPsRA.exe
  C:\Windows\System\ZPpPsRA.exe
  2⤵
  PID:15128
- C:\Windows\System\SaweLTA.exe
  C:\Windows\System\SaweLTA.exe
  2⤵
  PID:15156
- C:\Windows\System\xPhLZMU.exe
  C:\Windows\System\xPhLZMU.exe
  2⤵
  PID:15184
- C:\Windows\System\BKWyKaz.exe
  C:\Windows\System\BKWyKaz.exe
  2⤵
  PID:15212
- C:\Windows\System\guPxmqt.exe
  C:\Windows\System\guPxmqt.exe
  2⤵
  PID:15240
- C:\Windows\System\faLRHtx.exe
  C:\Windows\System\faLRHtx.exe
  2⤵
  PID:15268
- C:\Windows\System\SqOztcS.exe
  C:\Windows\System\SqOztcS.exe
  2⤵
  PID:15296
- C:\Windows\System\CEIIkqH.exe
  C:\Windows\System\CEIIkqH.exe
  2⤵
  PID:15324
- C:\Windows\System\PsyQBuG.exe
  C:\Windows\System\PsyQBuG.exe
  2⤵
  PID:15352
- C:\Windows\System\YTqXzcV.exe
  C:\Windows\System\YTqXzcV.exe
  2⤵
  PID:14372
- C:\Windows\System\ytGrbnw.exe
  C:\Windows\System\ytGrbnw.exe
  2⤵
  PID:14500
- C:\Windows\System\fOhhIzR.exe
  C:\Windows\System\fOhhIzR.exe
  2⤵
  PID:14596
- C:\Windows\System\XXLApas.exe
  C:\Windows\System\XXLApas.exe
  2⤵
  PID:14676
- C:\Windows\System\AoZfwed.exe
  C:\Windows\System\AoZfwed.exe
  2⤵
  PID:3880
- C:\Windows\System\RrsPdAo.exe
  C:\Windows\System\RrsPdAo.exe
  2⤵
  PID:14824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\HAiKoDa.exe

Filesize
6.0MB

MD5
a1acacff12c498d375b56394e4197250

SHA1
ee4854126cb4dc60e9d2318aeb72bbc07a18b466

SHA256
31bb9715c652c0da7fc573282507c6199aaa4bcbaedf16ac083af98ac111e5bf

SHA512
9eee335d63ecaf2f003c6d7cba823e99d5771dfd37b1c4d6edd26fe7bc55c5b10472bafadcdcaba46ac78e8a2ffb8e2a9ebf7198327ca3c48b59dda59dce7616

Download Submit
C:\Windows\System\MBaYLzR.exe

Filesize
6.0MB

MD5
ca58aacb2cb33ac53aaf8dd9c80e3b91

SHA1
5feec9f1d4bd03ddcca896938f4f98d354e48ec6

SHA256
bb3fefb8380227181476a06a606498e7b68565919d0b1dbc5b818e43afd6c94c

SHA512
8044daf47df4604442abc8f4db7bf1a823a21e127672d2e48460cb3549b6add231717eb63d2970a255911c65f7a2ebfcf922a9f00db92c19e97a85bf5631e339

Download Submit
C:\Windows\System\MTzhkGz.exe

Filesize
6.1MB

MD5
e2e2e42f43853302a44bf33ccd55f05a

SHA1
dc86f12373990becb6574a64c600b87234de8bf1

SHA256
496bf097618dd73122da74fe3334caec2aac235718a388d9c7daf6498cd77fc3

SHA512
7d7a36023b4a9edbfaf8bde0c4b49ba3950ebe01897b9f53f39b456990ce910863cfaccd6f0a7392f20a6cbec60be35288ce927d80d567473b285eb4fd97a6bb

Download Submit
C:\Windows\System\NYXqiBK.exe

Filesize
6.0MB

MD5
fe922cd736d27fbce133d001696d83db

SHA1
b29ef19a5e21ed23d02cb2ff7e04eb35debb5754

SHA256
166987e187ad90409504fcd1ff934874f6bc97d8dbf553f12f57a2e48a208569

SHA512
575800ba3b31974d2967fa1e599f160fe084dd7f57a967bf5506c2f9fbc42911e0d71ca8d1e1da0e7e5e23348513e8d68dd1ba1670b537e3b3d2aac796bd4ecc

Download Submit
C:\Windows\System\OMFEYdz.exe

Filesize
6.0MB

MD5
3249af3ee0b3649316662ac10ed7c0d6

SHA1
b3111ea3a3695fd595c8bed135fb1639b352b356

SHA256
e935328f87094335eb29b30017086d2e7d704c4aba4e06fa96b2f5776f64421e

SHA512
8c1858992180d8866d99e8028888e68ce0ec99df786afa8bc4e897967074e1139bdd4c03146a05d502981bd33db5476bbafa2c8c31b93e47cd3eef452696ac99

Download Submit
C:\Windows\System\TKvxNnP.exe

Filesize
6.1MB

MD5
2801954637f59c483fc51d4637dd9b68

SHA1
5937eb26aee7eb9831e8487b7b422c93e56e3980

SHA256
166fddaa08e4d82ebad26a3806e63081efb2ab1e5b3c0e0e10c7d07a902e34a5

SHA512
e686c366284ba71a925b9ca4675c5e55bfb9e72e94b9ea8a479a2b020299950726d9e419978f58e22e87c7ec782a5fc806ad5e62f49cca1c7b5d72b6ad7e9896

Download Submit
C:\Windows\System\TcdNuRn.exe

Filesize
6.1MB

MD5
b145fd850bb8680a79cd3e4c03c74279

SHA1
d96f914a2a84f327525745177be713e0c84eeac6

SHA256
6d3d034f6a5d093d5949af2e26e6f0f560f40264b9fc15b1886284c9a8ffcfaa

SHA512
481abf308a8d6bb59566d2dc1b08292de70e057c6ef94b4be068e9c77e267c1a11a87fcd4622e44d8d855310ec638ba5f7ff2e947b8bd4942e8f010f87c226f1

Download Submit
C:\Windows\System\UBTIhFl.exe

Filesize
6.1MB

MD5
3d97e56901f31778ed78e7730009f1d5

SHA1
337ed7ed3143f19cf54d072b4ae646efa8f2627b

SHA256
58c9a1e4cae977ae6f5bd757f8ad8da193c743af44c03b1e9072b1060d4251ca

SHA512
c92d54a304fabd197fa1edb5c12b76c799ece7d3ba3966d399f9fa1eeab46fc3a2990a4c3d34a4a76fa250a7242c5e42e2569a6ca52b18a8376efb5d5826af30

Download Submit
C:\Windows\System\VpLMSLX.exe

Filesize
6.1MB

MD5
4440b8bfbeaab20bcf513035d41f0070

SHA1
92f77745cbdec9af2bc93dc77beb9166ad776bdc

SHA256
e09ed168b5cc48c47f4f5d28c0be822b35757029d3af5123be4efdb640ac229b

SHA512
aa8fab3ab472d1adf4cf97a2b02ec0aed4ec2f80156fdfca83a2c3ebfc1942764b4c9291e95511617efe3bef3c151fd9a7c1fda5fac9bc142b71907abae04d3e

Download Submit
C:\Windows\System\WDMYQCL.exe

Filesize
6.1MB

MD5
2e99bbc2559375ce490691f62c882298

SHA1
2f2e8c04b68ed3bb477ded153c5aa2044f92ff76

SHA256
f4ac836108e0da37faf246159cb57e5ca49bde790528dc2d4d2dca47ce849f54

SHA512
2235544c5c00694eab56424c3c6e0df373b6e124a32966ce877afd2946fc9c17d57960d90a4642b14e427ed61842b4fb59ca81aaaf052b3d4c0831dc2daece22

Download Submit
C:\Windows\System\XNaJZTK.exe

Filesize
6.1MB

MD5
2158db971d3a74a2904f74a9d8d4ab99

SHA1
cb790ab835f5ea2414dccaba807fa85e2631646c

SHA256
80513735b8fde04b20075412cae152eece2b85c4ab0f0cbebcb2455f01a81c7d

SHA512
1db9077763ba5961e79395c8aa1ffa845b84e6883ed210846067af1572b87e30e1cea42278a7ea7fd2aa143e3bcb0aaf5205db2d7c41b4ea33f83beb549f3e6e

Download Submit
C:\Windows\System\XTgoUll.exe

Filesize
6.1MB

MD5
e87bfc9ef562f42d8dd27fd76c141b8b

SHA1
44934d468460258a0bc33e9ad91e3ff2c2ca9ff7

SHA256
57f3dcefce7c707d1139e66710df2df61fd6bd749bf7796e6fcedfe1ddbf2676

SHA512
7a729718236e13f0653d1096722b83af17ce6fe99db7518a9e4bf007377a21443b0d0aedc28f39a2c3f16a0220450789d6e3bee2dbaf9497a04ddf9aaddf5e0d

Download Submit
C:\Windows\System\ZTtfHEv.exe

Filesize
6.1MB

MD5
228b3000d9487a9b1c6048932f1bf691

SHA1
95dacecd85d2b1033bcb9bf5eaf6f0c111c6df26

SHA256
2667452e1211c1fec120f13eb550d80a752ba1b3ffe90359db50e39fa635babe

SHA512
51052fb28a8b7ae050dd8b0e3cbec4b4e8cc714692917e590e3ba91c8ded1da98538814e54721f6f892e35508b5ef4bc0c0520aca3414a0f08b5c7f13c4da6fe

Download Submit
C:\Windows\System\aoxNTQW.exe

Filesize
6.1MB

MD5
114bd7bf5d35dda50e36de45a26dcfc3

SHA1
8efab76d549f2bd4f3ada8d233e8c5c793fa838f

SHA256
5c86469167e74b09f826ecdfc2258a6d12060cc30b4894633ecd54a969c5ffe2

SHA512
62262479f62fa8dbe46858405ebde8ad26be5c3eb738bea48a8a54497e99da7827b4acb2c5cd0410c01269687eab0383e6721984534e4c5754eeea5de74fecbd

Download Submit
C:\Windows\System\bJLbQvE.exe

Filesize
6.1MB

MD5
e97af487c786ab6e9fc313540ee02802

SHA1
fd7e0e1d52ad15302069c4d6692f9080592d2d0a

SHA256
bbd6c4a4c0eaacc5b18b24a3fdbdde2f9143c6883d2d32e79b1f5a497fa84561

SHA512
59e634373ac8b7dd7f690772723534fd53dc6e9869d88a90a09196c7b67bb0e7c45d3a8ca7514a4d23ebe23e454c72ef7da94d61b2902e90804c420b4b8c52ac

Download Submit
C:\Windows\System\dIiLgXZ.exe

Filesize
6.1MB

MD5
93e3bc411313b462739d5246f94a68ee

SHA1
5bdb0b9c33b218bf4281854b01a3c9cda4499b79

SHA256
27d0aec60dfd6836d59cb9ef52bb4695604f3bebcc807c6682b333e211eee7d0

SHA512
c083adce13dfc83f9de16c9cd8904e36abe9283e9c1a8d5905988294a1a6a968e758872d0bf1d1126495c8ce343106694efcce447eb017f1fb528c63ef5aa5e0

Download Submit
C:\Windows\System\dSnNfQW.exe

Filesize
6.1MB

MD5
1582df2c91d321db2bcf7c5d34183779

SHA1
ec5c28ba2a99936c7b38d61064b6c054cefa0824

SHA256
da9f091751fb8359aaa867f151aea1b78e296ca18fbcb4b5f1e68ad28b7b120f

SHA512
897e2823337d0bdf4a1f3423b0470caaa73de5d65618f02518a512be638ae158488c8a144fea4054e1e7559b90f7b6151122ae0e11db56d03b74e92c80393e7d

Download Submit
C:\Windows\System\eKmVraO.exe

Filesize
6.1MB

MD5
31e3276f8c103c1ddb83b68d7e5f0bef

SHA1
365b4a323864bdcdf25ad7d68fe3f3d47382ba94

SHA256
2ce34ea3146fc0c4c9b086c9c389b9e5b916e3311d389eb9d2cd2a2bc93b29be

SHA512
973240d5376a94a60e009b6eefc1d3c70b18c37c00c9cf2a62c2310ef35d9c5ba510df93658fca88c0f810cf66fe479fc3a36769b471ca3f03133ab81836f511

Download Submit
C:\Windows\System\ecspxln.exe

Filesize
6.1MB

MD5
a199ba41ad03609dfc9d443bc6ab2dd6

SHA1
b4772101d11717c49c6bdd7141780717b1673641

SHA256
11c40551a61a7f824e1795c7f8b885563fe8a22e7d36f88b6a324419e874dfb4

SHA512
1aa9740f9d6ee841bcc4622735ad5c43d0f56db0f8c1f9b4fb61563a32e363d4432051b2929890d7ff683fc9a71358c3867e44a72f5a3687663a137f95df1c7c

Download Submit
C:\Windows\System\fOCYmvB.exe

Filesize
6.0MB

MD5
d6eadc0f1827bd8747b9bb5658986710

SHA1
4824b2eb97051fe057528e3ab7dbe35afce0270a

SHA256
a76cc3ddc293b1e7caaa30534f602f06828c4a35ac0e029ad1b350864ff725d6

SHA512
e683966df71326bc2c2ae9f39b4e20fcdb12c4ea6375379869c04012a3b916b1f8512cdd2007978e1fd01a76f8019a9eaca92cbab1fe4d62c7b4a7b82eeba667

Download Submit
C:\Windows\System\gAUcakp.exe

Filesize
6.1MB

MD5
7d44d54a621e4507dd2816f12814b89a

SHA1
59bd829a8494fb8f510c34c8d616964b12101b35

SHA256
899df3efc7288add13c876c0f74482bf86637596ed652b11470dc02531989510

SHA512
29f100ecb10136e5f95364bc16e0c78befac3b00bffa235f774726c8d80c0cec5a0cee7e49afa555e52a3c36154b9db5d5f3216ff9bcca472f4e86dff8653c6a

Download Submit
C:\Windows\System\gbtlbiY.exe

Filesize
6.0MB

MD5
b52b93eea9e59d0ac64f2906ccf89993

SHA1
18f8e71cf30c20949fb4215a9e0ca793b7285283

SHA256
ed6ba53dfefb390e909edd968add97d4706e4b6484b7e43decfe04f626636d69

SHA512
46eb07e83349609cd5a54c041fefeb971daac2ba3060ff7ad15150a74331410210d3e29f1c3d322b533424e93883b845ab8151cfb8f114835ba230c3970c6ac3

Download Submit
C:\Windows\System\geFwiqD.exe

Filesize
6.1MB

MD5
83543bdd026dff53189d80872472f9ed

SHA1
35d0cb908ab1313bf35a0fa16364d03835ca848a

SHA256
01c50302e2166ee7bd2132fb6e2e4abe5c18f43e5169a491c5357182847876eb

SHA512
bfa0eecae3a602d14acd1e8441a8fcf720703c4e786a03e54f4501edc80db4b83dcfe46524391719fdbfd8bb9caba929d5327719d162fdb1829ed06150e1cfdc

Download Submit
C:\Windows\System\hCmoBoR.exe

Filesize
6.1MB

MD5
042d1ea06614f81914a1c714618d1099

SHA1
b29a218e1450cffa99b016bc4a01faed0a810d1f

SHA256
74cfffc852654cfabbeddbabcf27e166e5332c47c9abdfec4d4f0418237b5a4c

SHA512
e69f6756f0e25f000771951ddf8b03f02b83e64e9dccc7d8bd359b2c68de85fdc934041bc99f8c25fd470b1e8742d826149ee6c1918a9fd788349a7b64f7cd79

Download Submit
C:\Windows\System\hDtqUpZ.exe

Filesize
6.1MB

MD5
82697ee0b8d105488f985d20b5f8afad

SHA1
29e9bb889cb29f99a32a9941b57f1604debf5b13

SHA256
caf22706c3d6848cb5230c6ebf507f2831d4ff054f8defbdd8fe2ad524366e69

SHA512
ab2e2075d6f1dff05067759879ab6b09afc0bcb3c9f73b30e8280eba2196040de0bfddf473ba79cade6de44b3ca526baa821bd9ee6f8c5d9614d1bd08d76f56c

Download Submit
C:\Windows\System\hMznvaN.exe

Filesize
6.1MB

MD5
3bdca108fcce5cff1044000c1d475b7a

SHA1
cb32c8c98baa4bea81d7376ea9d6e47a70895175

SHA256
2b89c66c4a186fd69c4e98af36533af1489233903fa2e19ceec7ccad32edb8ed

SHA512
1ab811708a4002625066caf36527ee5ce13be21fdd5e09ac6775a7cd2a8811b7edb411a1713eca41a265f451d01db782b8765f1898443573b88c1c72cefc1ab2

Download Submit
C:\Windows\System\hiHxvhE.exe

Filesize
6.1MB

MD5
f2267d4c5eab9a399e441d3574be28d4

SHA1
f4710d57ed3139097e23c2de0a8ee44d54566bb8

SHA256
c05d43ff53463fe28c430ea7b3677d2c41797fa53ce8126cb145e06c6fd85d35

SHA512
c8d7f87cd32a6569f954fe3df376b3c7b023f70fa94daa24fb8696a9074759a90c6bcc0ece7c70938532cdba091f4bd82466f9d248d462e01911f41b21110a37

Download Submit
C:\Windows\System\jYFznWx.exe

Filesize
6.1MB

MD5
a38cdfff8b8394067e9a40587280c867

SHA1
bf1bb44176ba7a49d81b93bbc17a82ca2c3b750f

SHA256
36188219e9acdfb2aa3da2920eefc5931288ef68ced2864667d08d2e6e73f788

SHA512
5827809467265c2e5f9f910b893f93d1979a31a1b462531ee8804aab31c235a4b085c64232ec65dca173c5af28fd90fc979a34f48aed7d55822d5e53d5571ef0

Download Submit
C:\Windows\System\qNmunBN.exe

Filesize
6.0MB

MD5
81414c0860de0368226f86fab3c2fab0

SHA1
ff7098a61298f5c36d5f3d41a5632321dd1eff64

SHA256
0e31da5af0116c6a0f8c11de8596f2f4744f9ad5549d3430fb7ee827e4fc576e

SHA512
f8c5ddc478207c3ce6a21e710971c7a13bc2d5537a2f1ca02c8e42cc7263c0cfb94a34de5a9ad1da9845e2ff1287798ff2b5fad9078ec2f0fbc1b118c4944381

Download Submit
C:\Windows\System\tpMEmPm.exe

Filesize
6.1MB

MD5
ea41d79f08db31fc0b3e2838e7961060

SHA1
2482091df4b7f2b95f5c3db039672ef0b7f65d5f

SHA256
42a53534a69e5804954edcc88b3d17b0e0fe138b3ca30e3af3c2ba55c723cdef

SHA512
7d7ee2c609f2d069d0a676893fee3e44a88319959787b5e1d1b5b296f546e08543e999e4ca4246f6f5ca2327c73fb0f3e9f25c69c65655fe5c8c368c278f6b9d

Download Submit
C:\Windows\System\uuBFzEd.exe

Filesize
6.1MB

MD5
daa1dbb7c24f9d2fd5a1c2f661dea27e

SHA1
2384144796497a3d72e829b58af8de871f74707c

SHA256
ac8fc2b36a44636abcb22a82be962bb17c94ae00938b6dcff83e89aa027e1d2a

SHA512
018914a6b08939567698114d6d6ad85c847975fff176a327a7064bcb7eb41f6a3d7a7d5722def9bc826f79d9f299d640953b116148d31967375d3899b65440e6

Download Submit
C:\Windows\System\yRHVouQ.exe

Filesize
6.0MB

MD5
1ac83b64bd869b04ce8bde317be223d9

SHA1
a998f2df673d3fcc1cee5ba5a144e537af4cac25

SHA256
3b2a2eea12bb91ded9c294f3e0c56e8ffc6bad20d1dac87c15dc30577beb15ff

SHA512
70d3fc209c64a55ffdcc6f9bce1498d25b7d77302951cb1fd0d47d27f533ada285a2f68a545d630a63d80809bc703c6ec4b770da48d2e5e16658e29ce5f13755

Download Submit
C:\Windows\System\yYUWVZX.exe

Filesize
6.0MB

MD5
e060bc1f0f65cc1b6ce2b0d6f431b70d

SHA1
82fffe8c947adb7948de3622309b076a56a56b69

SHA256
1546f3dcae425443354155f57058228d76543ed7c45ab435b6b55f451d492d13

SHA512
6b4d86f14f07102d6a24703abea7092141d654557913dbd47af38c92670012931ba62920bbfc4b0c5540255dcfc3317868a24cbf4f26af48447e28a46cf11fa4

Download Submit
memory/432-603-0x00007FF726DD0000-0x00007FF727124000-memory.dmp

Filesize
3.3MB

Download
memory/432-175-0x00007FF726DD0000-0x00007FF727124000-memory.dmp

Filesize
3.3MB

Download
memory/432-2214-0x00007FF726DD0000-0x00007FF727124000-memory.dmp

Filesize
3.3MB

Download
memory/1140-157-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2203-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp

Filesize
3.3MB

Download
memory/1140-97-0x00007FF6DEAF0000-0x00007FF6DEE44000-memory.dmp

Filesize
3.3MB

Download
memory/1608-118-0x00007FF6DF580000-0x00007FF6DF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2205-0x00007FF6DF580000-0x00007FF6DF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-181-0x00007FF6DF580000-0x00007FF6DF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-235-0x00007FF70BAC0000-0x00007FF70BE14000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2208-0x00007FF70BAC0000-0x00007FF70BE14000-memory.dmp

Filesize
3.3MB

Download
memory/1792-139-0x00007FF70BAC0000-0x00007FF70BE14000-memory.dmp

Filesize
3.3MB

Download
memory/1920-164-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp

Filesize
3.3MB

Download
memory/1920-101-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2202-0x00007FF64F4C0000-0x00007FF64F814000-memory.dmp

Filesize
3.3MB

Download
memory/1996-184-0x00007FF625620000-0x00007FF625974000-memory.dmp

Filesize
3.3MB

Download
memory/1996-119-0x00007FF625620000-0x00007FF625974000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2206-0x00007FF625620000-0x00007FF625974000-memory.dmp

Filesize
3.3MB

Download
memory/2016-61-0x00007FF650460000-0x00007FF6507B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1-0x000001B48EFF0000-0x000001B48F000000-memory.dmp

Filesize
64KB

Download
memory/2016-0-0x00007FF650460000-0x00007FF6507B4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2189-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-12-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-74-0x00007FF748BA0000-0x00007FF748EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-189-0x00007FF6BED00000-0x00007FF6BF054000-memory.dmp

Filesize
3.3MB

Download
memory/3456-745-0x00007FF6BED00000-0x00007FF6BF054000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2216-0x00007FF6BED00000-0x00007FF6BF054000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2209-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp

Filesize
3.3MB

Download
memory/3516-287-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp

Filesize
3.3MB

Download
memory/3516-144-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2213-0x00007FF616030000-0x00007FF616384000-memory.dmp

Filesize
3.3MB

Download
memory/3604-171-0x00007FF616030000-0x00007FF616384000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2210-0x00007FF6D27D0000-0x00007FF6D2B24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-345-0x00007FF6D27D0000-0x00007FF6D2B24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-151-0x00007FF6D27D0000-0x00007FF6D2B24000-memory.dmp

Filesize
3.3MB

Download
memory/3764-56-0x00007FF68C280000-0x00007FF68C5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2196-0x00007FF68C280000-0x00007FF68C5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4456-2207-0x00007FF6753E0000-0x00007FF675734000-memory.dmp

Filesize
3.3MB

Download
memory/4456-202-0x00007FF6753E0000-0x00007FF675734000-memory.dmp

Filesize
3.3MB

Download
memory/4456-129-0x00007FF6753E0000-0x00007FF675734000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2191-0x00007FF7F24F0000-0x00007FF7F2844000-memory.dmp

Filesize
3.3MB

Download
memory/4688-26-0x00007FF7F24F0000-0x00007FF7F2844000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2192-0x00007FF755410000-0x00007FF755764000-memory.dmp

Filesize
3.3MB

Download
memory/4712-30-0x00007FF755410000-0x00007FF755764000-memory.dmp

Filesize
3.3MB

Download
memory/4712-96-0x00007FF755410000-0x00007FF755764000-memory.dmp

Filesize
3.3MB

Download
memory/4760-6-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2188-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp

Filesize
3.3MB

Download
memory/4760-71-0x00007FF6B4550000-0x00007FF6B48A4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-100-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2193-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp

Filesize
3.3MB

Download
memory/4776-37-0x00007FF6D90D0000-0x00007FF6D9424000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2198-0x00007FF6465C0000-0x00007FF646914000-memory.dmp

Filesize
3.3MB

Download
memory/4888-72-0x00007FF6465C0000-0x00007FF646914000-memory.dmp

Filesize
3.3MB

Download
memory/4892-134-0x00007FF666570000-0x00007FF6668C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-75-0x00007FF666570000-0x00007FF6668C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2199-0x00007FF666570000-0x00007FF6668C4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2194-0x00007FF745330000-0x00007FF745684000-memory.dmp

Filesize
3.3MB

Download
memory/4916-105-0x00007FF745330000-0x00007FF745684000-memory.dmp

Filesize
3.3MB

Download
memory/4916-42-0x00007FF745330000-0x00007FF745684000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2197-0x00007FF6DE910000-0x00007FF6DEC64000-memory.dmp

Filesize
3.3MB

Download
memory/5012-63-0x00007FF6DE910000-0x00007FF6DEC64000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2200-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-83-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-141-0x00007FF6D8D60000-0x00007FF6D90B4000-memory.dmp

Filesize
3.3MB

Download
memory/5300-2215-0x00007FF74E4B0000-0x00007FF74E804000-memory.dmp

Filesize
3.3MB

Download
memory/5300-604-0x00007FF74E4B0000-0x00007FF74E804000-memory.dmp

Filesize
3.3MB

Download
memory/5300-188-0x00007FF74E4B0000-0x00007FF74E804000-memory.dmp

Filesize
3.3MB

Download
memory/5360-2201-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp

Filesize
3.3MB

Download
memory/5360-90-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp

Filesize
3.3MB

Download
memory/5360-142-0x00007FF7D5490000-0x00007FF7D57E4000-memory.dmp

Filesize
3.3MB

Download
memory/5388-113-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp

Filesize
3.3MB

Download
memory/5388-2195-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp

Filesize
3.3MB

Download
memory/5388-48-0x00007FF6A9D60000-0x00007FF6AA0B4000-memory.dmp

Filesize
3.3MB

Download
memory/5492-159-0x00007FF6165F0000-0x00007FF616944000-memory.dmp

Filesize
3.3MB

Download
memory/5492-2211-0x00007FF6165F0000-0x00007FF616944000-memory.dmp

Filesize
3.3MB

Download
memory/5492-409-0x00007FF6165F0000-0x00007FF616944000-memory.dmp

Filesize
3.3MB

Download
memory/5512-170-0x00007FF6E67E0000-0x00007FF6E6B34000-memory.dmp

Filesize
3.3MB

Download
memory/5512-2212-0x00007FF6E67E0000-0x00007FF6E6B34000-memory.dmp

Filesize
3.3MB

Download
memory/5512-473-0x00007FF6E67E0000-0x00007FF6E6B34000-memory.dmp

Filesize
3.3MB

Download
memory/5712-115-0x00007FF78F0E0000-0x00007FF78F434000-memory.dmp

Filesize
3.3MB

Download
memory/5712-2204-0x00007FF78F0E0000-0x00007FF78F434000-memory.dmp

Filesize
3.3MB

Download
memory/5944-82-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/5944-2190-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/5944-18-0x00007FF67A460000-0x00007FF67A7B4000-memory.dmp

Filesize
3.3MB

Download