cobaltstrike | f312417f18119e689f090905cf1960684cef7394a869b76923b91e883a29cf91

Analysis

max time kernel
103s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

29115ff3765f527d7d2eed602ff5d0f7
SHA1

1bb092658ac2880660b40f794415225a18e38135
SHA256

f312417f18119e689f090905cf1960684cef7394a869b76923b91e883a29cf91
SHA512

691a265bff45cca8a3ebef22cc2c2319f1348cfc6dce6be997ddd482aff2e574aa8af04b16502c7cfa1e8e285f519ee25b9348235abbf3eb0f0cb2762410b01c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024306-7.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430a-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430c-23.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430e-32.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430d-33.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430b-21.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002430f-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024311-47.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024307-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024312-60.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024149-68.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024147-72.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002414b-83.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000024180-90.dat	cobalt_reflective_dll
behavioral2/files/0x0005000000022b82-95.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002417e-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024313-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024316-133.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024314-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024315-141.dat	cobalt_reflective_dll
behavioral2/files/0x000c00000002417f-115.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000024148-104.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002431c-153.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002431e-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024322-182.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024321-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024323-193.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024320-174.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002431f-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024317-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024324-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024325-201.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5464-0-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp	xmrig
behavioral2/files/0x0008000000024306-7.dat	xmrig
behavioral2/memory/3516-6-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp	xmrig
behavioral2/files/0x000700000002430a-11.dat	xmrig
behavioral2/memory/4512-18-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002430c-23.dat	xmrig
behavioral2/files/0x000700000002430e-32.dat	xmrig
behavioral2/memory/2720-38-0x00007FF792260000-0x00007FF7925B4000-memory.dmp	xmrig
behavioral2/memory/2572-35-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp	xmrig
behavioral2/files/0x000700000002430d-33.dat	xmrig
behavioral2/memory/4424-27-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002430b-21.dat	xmrig
behavioral2/memory/228-12-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002430f-40.dat	xmrig
behavioral2/memory/5360-42-0x00007FF752800000-0x00007FF752B54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024311-47.dat	xmrig
behavioral2/files/0x0008000000024307-55.dat	xmrig
behavioral2/memory/4928-54-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp	xmrig
behavioral2/memory/2404-50-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp	xmrig
behavioral2/files/0x0007000000024312-60.dat	xmrig
behavioral2/memory/4960-63-0x00007FF622EE0000-0x00007FF623234000-memory.dmp	xmrig
behavioral2/memory/5464-62-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp	xmrig
behavioral2/memory/3516-67-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp	xmrig
behavioral2/files/0x000b000000024149-68.dat	xmrig
behavioral2/memory/1500-69-0x00007FF693110000-0x00007FF693464000-memory.dmp	xmrig
behavioral2/files/0x000b000000024147-72.dat	xmrig
behavioral2/memory/4512-81-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp	xmrig
behavioral2/files/0x000b00000002414b-83.dat	xmrig
behavioral2/memory/1300-82-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	xmrig
behavioral2/memory/5084-80-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp	xmrig
behavioral2/memory/228-76-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp	xmrig
behavioral2/memory/2572-86-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp	xmrig
behavioral2/memory/4424-85-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp	xmrig
behavioral2/files/0x000c000000024180-90.dat	xmrig
behavioral2/files/0x0005000000022b82-95.dat	xmrig
behavioral2/memory/5360-103-0x00007FF752800000-0x00007FF752B54000-memory.dmp	xmrig
behavioral2/memory/2208-106-0x00007FF7B8B50000-0x00007FF7B8EA4000-memory.dmp	xmrig
behavioral2/files/0x000b00000002417e-113.dat	xmrig
behavioral2/files/0x0007000000024313-120.dat	xmrig
behavioral2/memory/5012-125-0x00007FF7CAD90000-0x00007FF7CB0E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024316-133.dat	xmrig
behavioral2/memory/2680-137-0x00007FF712EA0000-0x00007FF7131F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024314-139.dat	xmrig
behavioral2/files/0x0007000000024315-141.dat	xmrig
behavioral2/memory/5236-138-0x00007FF729050000-0x00007FF7293A4000-memory.dmp	xmrig
behavioral2/memory/4428-136-0x00007FF6DBFB0000-0x00007FF6DC304000-memory.dmp	xmrig
behavioral2/memory/4928-135-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp	xmrig
behavioral2/memory/2136-134-0x00007FF7AC720000-0x00007FF7ACA74000-memory.dmp	xmrig
behavioral2/memory/4180-131-0x00007FF7E5530000-0x00007FF7E5884000-memory.dmp	xmrig
behavioral2/memory/2404-122-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp	xmrig
behavioral2/files/0x000c00000002417f-115.dat	xmrig
behavioral2/files/0x000c000000024148-104.dat	xmrig
behavioral2/memory/2148-98-0x00007FF758230000-0x00007FF758584000-memory.dmp	xmrig
behavioral2/memory/2720-96-0x00007FF792260000-0x00007FF7925B4000-memory.dmp	xmrig
behavioral2/memory/4824-92-0x00007FF6FE9C0000-0x00007FF6FED14000-memory.dmp	xmrig
behavioral2/files/0x000800000002431c-153.dat	xmrig
behavioral2/files/0x000800000002431e-157.dat	xmrig
behavioral2/memory/5084-161-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp	xmrig
behavioral2/memory/5592-168-0x00007FF728270000-0x00007FF7285C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024322-182.dat	xmrig
behavioral2/files/0x0007000000024321-187.dat	xmrig
behavioral2/files/0x0007000000024323-193.dat	xmrig
behavioral2/memory/2920-190-0x00007FF7C6D50000-0x00007FF7C70A4000-memory.dmp	xmrig
behavioral2/memory/1300-189-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3516	ZQNXdQD.exe
228	aMkLQmq.exe
4512	MpYcOxK.exe
4424	IUbOhEB.exe
2572	jvRNkiJ.exe
2720	sytyYMn.exe
5360	LKMHDAK.exe
2404	OiwCHba.exe
4928	hVXnKgD.exe
4960	SpguphP.exe
1500	XOHPxSY.exe
5084	bisDnmO.exe
1300	PQFWqjm.exe
4824	FhkEqJp.exe
2148	TJcMkIg.exe
2208	IFypfoX.exe
5012	HmlUUGv.exe
2136	eBnYaXU.exe
4180	LfRVoeg.exe
4428	McjhZco.exe
5236	AzUHqfn.exe
2680	yVcAyFg.exe
5592	xDqSlxm.exe
3776	kHkJQfI.exe
3772	XtwdosW.exe
1064	Jstptwl.exe
116	kRerXLw.exe
5108	BeDbMxo.exe
2920	OcSNdHz.exe
2392	dCshtxr.exe
5404	aGdhvMp.exe
1508	PgAjtgP.exe
1580	lLjUylr.exe
3948	lCZSdoi.exe
4800	YQkDPll.exe
5524	EigiTsp.exe
3236	NuwSHNt.exe
1448	wyVLeXC.exe
2476	HsWXwbC.exe
2712	XdNdcLJ.exe
5796	tnPvxnp.exe
3940	zNCpjKl.exe
4020	KkTBMXA.exe
4332	ogSzbir.exe
4292	SruWWce.exe
6024	JpCaqsV.exe
5940	BAbOBPI.exe
5700	EpEVwlT.exe
4036	wbuRxbF.exe
5240	VftjCme.exe
4440	LuvORNi.exe
5652	mcpTfRD.exe
3952	lrYVAdO.exe
5440	fWAlYUM.exe
4108	ChwBTig.exe
2652	ICLJlld.exe
3620	XRLOKnj.exe
1784	kknQBnI.exe
4312	wAqrvTZ.exe
3348	xezAjdU.exe
4712	tThSoqt.exe
5648	GvOpVaR.exe
4788	VbkvAfK.exe
5776	LhHVFSZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5464-0-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp	upx
behavioral2/files/0x0008000000024306-7.dat	upx
behavioral2/memory/3516-6-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp	upx
behavioral2/files/0x000700000002430a-11.dat	upx
behavioral2/memory/4512-18-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp	upx
behavioral2/files/0x000700000002430c-23.dat	upx
behavioral2/files/0x000700000002430e-32.dat	upx
behavioral2/memory/2720-38-0x00007FF792260000-0x00007FF7925B4000-memory.dmp	upx
behavioral2/memory/2572-35-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp	upx
behavioral2/files/0x000700000002430d-33.dat	upx
behavioral2/memory/4424-27-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp	upx
behavioral2/files/0x000700000002430b-21.dat	upx
behavioral2/memory/228-12-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp	upx
behavioral2/files/0x000700000002430f-40.dat	upx
behavioral2/memory/5360-42-0x00007FF752800000-0x00007FF752B54000-memory.dmp	upx
behavioral2/files/0x0007000000024311-47.dat	upx
behavioral2/files/0x0008000000024307-55.dat	upx
behavioral2/memory/4928-54-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp	upx
behavioral2/memory/2404-50-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp	upx
behavioral2/files/0x0007000000024312-60.dat	upx
behavioral2/memory/4960-63-0x00007FF622EE0000-0x00007FF623234000-memory.dmp	upx
behavioral2/memory/5464-62-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp	upx
behavioral2/memory/3516-67-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp	upx
behavioral2/files/0x000b000000024149-68.dat	upx
behavioral2/memory/1500-69-0x00007FF693110000-0x00007FF693464000-memory.dmp	upx
behavioral2/files/0x000b000000024147-72.dat	upx
behavioral2/memory/4512-81-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp	upx
behavioral2/files/0x000b00000002414b-83.dat	upx
behavioral2/memory/1300-82-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	upx
behavioral2/memory/5084-80-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp	upx
behavioral2/memory/228-76-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp	upx
behavioral2/memory/2572-86-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp	upx
behavioral2/memory/4424-85-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp	upx
behavioral2/files/0x000c000000024180-90.dat	upx
behavioral2/files/0x0005000000022b82-95.dat	upx
behavioral2/memory/5360-103-0x00007FF752800000-0x00007FF752B54000-memory.dmp	upx
behavioral2/memory/2208-106-0x00007FF7B8B50000-0x00007FF7B8EA4000-memory.dmp	upx
behavioral2/files/0x000b00000002417e-113.dat	upx
behavioral2/files/0x0007000000024313-120.dat	upx
behavioral2/memory/5012-125-0x00007FF7CAD90000-0x00007FF7CB0E4000-memory.dmp	upx
behavioral2/files/0x0007000000024316-133.dat	upx
behavioral2/memory/2680-137-0x00007FF712EA0000-0x00007FF7131F4000-memory.dmp	upx
behavioral2/files/0x0007000000024314-139.dat	upx
behavioral2/files/0x0007000000024315-141.dat	upx
behavioral2/memory/5236-138-0x00007FF729050000-0x00007FF7293A4000-memory.dmp	upx
behavioral2/memory/4428-136-0x00007FF6DBFB0000-0x00007FF6DC304000-memory.dmp	upx
behavioral2/memory/4928-135-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp	upx
behavioral2/memory/2136-134-0x00007FF7AC720000-0x00007FF7ACA74000-memory.dmp	upx
behavioral2/memory/4180-131-0x00007FF7E5530000-0x00007FF7E5884000-memory.dmp	upx
behavioral2/memory/2404-122-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp	upx
behavioral2/files/0x000c00000002417f-115.dat	upx
behavioral2/files/0x000c000000024148-104.dat	upx
behavioral2/memory/2148-98-0x00007FF758230000-0x00007FF758584000-memory.dmp	upx
behavioral2/memory/2720-96-0x00007FF792260000-0x00007FF7925B4000-memory.dmp	upx
behavioral2/memory/4824-92-0x00007FF6FE9C0000-0x00007FF6FED14000-memory.dmp	upx
behavioral2/files/0x000800000002431c-153.dat	upx
behavioral2/files/0x000800000002431e-157.dat	upx
behavioral2/memory/5084-161-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp	upx
behavioral2/memory/5592-168-0x00007FF728270000-0x00007FF7285C4000-memory.dmp	upx
behavioral2/files/0x0007000000024322-182.dat	upx
behavioral2/files/0x0007000000024321-187.dat	upx
behavioral2/files/0x0007000000024323-193.dat	upx
behavioral2/memory/2920-190-0x00007FF7C6D50000-0x00007FF7C70A4000-memory.dmp	upx
behavioral2/memory/1300-189-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VGqMxXS.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kmbpmnK.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MEBwYAc.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mdnYHKF.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mEgZHSY.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZstFSuz.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hmPOSVn.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fOqmSce.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RiAGkLK.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eexJFsk.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jpzozoO.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KhQpOqX.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LJSgjJo.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cipRdKY.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LZlanwp.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GqSjuLq.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xFXouRC.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FDXFmbp.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TRNrDGC.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jgvGHPZ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jMfIuCm.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VItmtxJ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZlZQbBP.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OzCAUFo.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lcdmeVa.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JYNIBaL.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lskaauL.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KDJtXdZ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Ddthugh.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QdjrsxB.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kfqOYAQ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gnfqFSF.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uVignvd.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xBWaRYu.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ULxuguX.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ybtQfxQ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yrmarmL.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WwfuVDn.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OGCEXRs.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ublbFfy.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JwFqzII.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PxNZjDA.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\woCmlcB.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pLawiEE.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yvCWruI.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yVcAyFg.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ANrbkaV.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LrYhcCA.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\grntFpu.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wSYnbLB.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DHWlwAx.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dzsZmLI.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ozFrrcw.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cBEUGTO.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BUfcXQn.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HInOUxN.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vcpVCrd.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VYZHbNJ.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XtdIMcl.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vlXmwCX.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oplCDsy.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zYYPfge.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UyEhoLs.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HxZQDJd.exe	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5464 wrote to memory of 3516	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5464 wrote to memory of 3516	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5464 wrote to memory of 228	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5464 wrote to memory of 228	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5464 wrote to memory of 4512	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5464 wrote to memory of 4512	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5464 wrote to memory of 4424	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5464 wrote to memory of 4424	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5464 wrote to memory of 2572	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5464 wrote to memory of 2572	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5464 wrote to memory of 2720	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5464 wrote to memory of 2720	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5464 wrote to memory of 5360	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5464 wrote to memory of 5360	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5464 wrote to memory of 2404	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5464 wrote to memory of 2404	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5464 wrote to memory of 4928	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5464 wrote to memory of 4928	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5464 wrote to memory of 4960	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5464 wrote to memory of 4960	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5464 wrote to memory of 1500	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5464 wrote to memory of 1500	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5464 wrote to memory of 5084	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5464 wrote to memory of 5084	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5464 wrote to memory of 1300	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5464 wrote to memory of 1300	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5464 wrote to memory of 4824	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5464 wrote to memory of 4824	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5464 wrote to memory of 2148	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5464 wrote to memory of 2148	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5464 wrote to memory of 2208	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5464 wrote to memory of 2208	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5464 wrote to memory of 5012	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5464 wrote to memory of 5012	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5464 wrote to memory of 2136	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5464 wrote to memory of 2136	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5464 wrote to memory of 4180	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5464 wrote to memory of 4180	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5464 wrote to memory of 4428	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5464 wrote to memory of 4428	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5464 wrote to memory of 5236	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5464 wrote to memory of 5236	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5464 wrote to memory of 2680	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5464 wrote to memory of 2680	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5464 wrote to memory of 5592	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5464 wrote to memory of 5592	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5464 wrote to memory of 3776	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5464 wrote to memory of 3776	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5464 wrote to memory of 3772	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5464 wrote to memory of 3772	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5464 wrote to memory of 1064	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5464 wrote to memory of 1064	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5464 wrote to memory of 116	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5464 wrote to memory of 116	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5464 wrote to memory of 5108	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5464 wrote to memory of 5108	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5464 wrote to memory of 2920	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5464 wrote to memory of 2920	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5464 wrote to memory of 2392	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 5464 wrote to memory of 2392	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 5464 wrote to memory of 5404	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5464 wrote to memory of 5404	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5464 wrote to memory of 1508	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 5464 wrote to memory of 1508	5464	2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125

C:\Users\Admin\AppData\Local\Temp\2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_29115ff3765f527d7d2eed602ff5d0f7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5464
- C:\Windows\System\ZQNXdQD.exe
  C:\Windows\System\ZQNXdQD.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\aMkLQmq.exe
  C:\Windows\System\aMkLQmq.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\MpYcOxK.exe
  C:\Windows\System\MpYcOxK.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\IUbOhEB.exe
  C:\Windows\System\IUbOhEB.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\jvRNkiJ.exe
  C:\Windows\System\jvRNkiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\sytyYMn.exe
  C:\Windows\System\sytyYMn.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\LKMHDAK.exe
  C:\Windows\System\LKMHDAK.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System\OiwCHba.exe
  C:\Windows\System\OiwCHba.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\hVXnKgD.exe
  C:\Windows\System\hVXnKgD.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\SpguphP.exe
  C:\Windows\System\SpguphP.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\XOHPxSY.exe
  C:\Windows\System\XOHPxSY.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\bisDnmO.exe
  C:\Windows\System\bisDnmO.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\PQFWqjm.exe
  C:\Windows\System\PQFWqjm.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\FhkEqJp.exe
  C:\Windows\System\FhkEqJp.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\TJcMkIg.exe
  C:\Windows\System\TJcMkIg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\IFypfoX.exe
  C:\Windows\System\IFypfoX.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HmlUUGv.exe
  C:\Windows\System\HmlUUGv.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\eBnYaXU.exe
  C:\Windows\System\eBnYaXU.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\LfRVoeg.exe
  C:\Windows\System\LfRVoeg.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\McjhZco.exe
  C:\Windows\System\McjhZco.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\AzUHqfn.exe
  C:\Windows\System\AzUHqfn.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\yVcAyFg.exe
  C:\Windows\System\yVcAyFg.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xDqSlxm.exe
  C:\Windows\System\xDqSlxm.exe
  2⤵
  - Executes dropped EXE
  PID:5592
- C:\Windows\System\kHkJQfI.exe
  C:\Windows\System\kHkJQfI.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\XtwdosW.exe
  C:\Windows\System\XtwdosW.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\Jstptwl.exe
  C:\Windows\System\Jstptwl.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\kRerXLw.exe
  C:\Windows\System\kRerXLw.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\BeDbMxo.exe
  C:\Windows\System\BeDbMxo.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\OcSNdHz.exe
  C:\Windows\System\OcSNdHz.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\dCshtxr.exe
  C:\Windows\System\dCshtxr.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\aGdhvMp.exe
  C:\Windows\System\aGdhvMp.exe
  2⤵
  - Executes dropped EXE
  PID:5404
- C:\Windows\System\PgAjtgP.exe
  C:\Windows\System\PgAjtgP.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\lLjUylr.exe
  C:\Windows\System\lLjUylr.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\lCZSdoi.exe
  C:\Windows\System\lCZSdoi.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\YQkDPll.exe
  C:\Windows\System\YQkDPll.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\EigiTsp.exe
  C:\Windows\System\EigiTsp.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\NuwSHNt.exe
  C:\Windows\System\NuwSHNt.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\wyVLeXC.exe
  C:\Windows\System\wyVLeXC.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\HsWXwbC.exe
  C:\Windows\System\HsWXwbC.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\XdNdcLJ.exe
  C:\Windows\System\XdNdcLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\tnPvxnp.exe
  C:\Windows\System\tnPvxnp.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System\zNCpjKl.exe
  C:\Windows\System\zNCpjKl.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\KkTBMXA.exe
  C:\Windows\System\KkTBMXA.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\ogSzbir.exe
  C:\Windows\System\ogSzbir.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\SruWWce.exe
  C:\Windows\System\SruWWce.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\JpCaqsV.exe
  C:\Windows\System\JpCaqsV.exe
  2⤵
  - Executes dropped EXE
  PID:6024
- C:\Windows\System\BAbOBPI.exe
  C:\Windows\System\BAbOBPI.exe
  2⤵
  - Executes dropped EXE
  PID:5940
- C:\Windows\System\EpEVwlT.exe
  C:\Windows\System\EpEVwlT.exe
  2⤵
  - Executes dropped EXE
  PID:5700
- C:\Windows\System\wbuRxbF.exe
  C:\Windows\System\wbuRxbF.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\VftjCme.exe
  C:\Windows\System\VftjCme.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System\LuvORNi.exe
  C:\Windows\System\LuvORNi.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\mcpTfRD.exe
  C:\Windows\System\mcpTfRD.exe
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Windows\System\lrYVAdO.exe
  C:\Windows\System\lrYVAdO.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\fWAlYUM.exe
  C:\Windows\System\fWAlYUM.exe
  2⤵
  - Executes dropped EXE
  PID:5440
- C:\Windows\System\ChwBTig.exe
  C:\Windows\System\ChwBTig.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\ICLJlld.exe
  C:\Windows\System\ICLJlld.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XRLOKnj.exe
  C:\Windows\System\XRLOKnj.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\kknQBnI.exe
  C:\Windows\System\kknQBnI.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\wAqrvTZ.exe
  C:\Windows\System\wAqrvTZ.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\xezAjdU.exe
  C:\Windows\System\xezAjdU.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\tThSoqt.exe
  C:\Windows\System\tThSoqt.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\GvOpVaR.exe
  C:\Windows\System\GvOpVaR.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\VbkvAfK.exe
  C:\Windows\System\VbkvAfK.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\LhHVFSZ.exe
  C:\Windows\System\LhHVFSZ.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\MmdSUSi.exe
  C:\Windows\System\MmdSUSi.exe
  2⤵
  PID:4104
- C:\Windows\System\dxtPtBY.exe
  C:\Windows\System\dxtPtBY.exe
  2⤵
  PID:3404
- C:\Windows\System\BTfsTCr.exe
  C:\Windows\System\BTfsTCr.exe
  2⤵
  PID:2280
- C:\Windows\System\GHNIaxt.exe
  C:\Windows\System\GHNIaxt.exe
  2⤵
  PID:5264
- C:\Windows\System\LLaXQQn.exe
  C:\Windows\System\LLaXQQn.exe
  2⤵
  PID:5596
- C:\Windows\System\CutdKyV.exe
  C:\Windows\System\CutdKyV.exe
  2⤵
  PID:1992
- C:\Windows\System\shxjRdg.exe
  C:\Windows\System\shxjRdg.exe
  2⤵
  PID:1816
- C:\Windows\System\aCgogFH.exe
  C:\Windows\System\aCgogFH.exe
  2⤵
  PID:3564
- C:\Windows\System\xKaWmPH.exe
  C:\Windows\System\xKaWmPH.exe
  2⤵
  PID:736
- C:\Windows\System\SnVqiIK.exe
  C:\Windows\System\SnVqiIK.exe
  2⤵
  PID:4844
- C:\Windows\System\YaKUJUJ.exe
  C:\Windows\System\YaKUJUJ.exe
  2⤵
  PID:5064
- C:\Windows\System\TRNrDGC.exe
  C:\Windows\System\TRNrDGC.exe
  2⤵
  PID:1696
- C:\Windows\System\WOXkViI.exe
  C:\Windows\System\WOXkViI.exe
  2⤵
  PID:1912
- C:\Windows\System\UnHJlXi.exe
  C:\Windows\System\UnHJlXi.exe
  2⤵
  PID:3196
- C:\Windows\System\MxVrNAh.exe
  C:\Windows\System\MxVrNAh.exe
  2⤵
  PID:4432
- C:\Windows\System\zKbXudz.exe
  C:\Windows\System\zKbXudz.exe
  2⤵
  PID:3028
- C:\Windows\System\KULhFhM.exe
  C:\Windows\System\KULhFhM.exe
  2⤵
  PID:2932
- C:\Windows\System\rHEqUgF.exe
  C:\Windows\System\rHEqUgF.exe
  2⤵
  PID:1948
- C:\Windows\System\jgvGHPZ.exe
  C:\Windows\System\jgvGHPZ.exe
  2⤵
  PID:4532
- C:\Windows\System\cNNAZUD.exe
  C:\Windows\System\cNNAZUD.exe
  2⤵
  PID:2288
- C:\Windows\System\lskaauL.exe
  C:\Windows\System\lskaauL.exe
  2⤵
  PID:1780
- C:\Windows\System\sBDljwa.exe
  C:\Windows\System\sBDljwa.exe
  2⤵
  PID:6012
- C:\Windows\System\PfpmHAW.exe
  C:\Windows\System\PfpmHAW.exe
  2⤵
  PID:388
- C:\Windows\System\WsdSCTR.exe
  C:\Windows\System\WsdSCTR.exe
  2⤵
  PID:4156
- C:\Windows\System\BstTMBn.exe
  C:\Windows\System\BstTMBn.exe
  2⤵
  PID:4448
- C:\Windows\System\wQPkcyU.exe
  C:\Windows\System\wQPkcyU.exe
  2⤵
  PID:1560
- C:\Windows\System\ccmIBll.exe
  C:\Windows\System\ccmIBll.exe
  2⤵
  PID:3892
- C:\Windows\System\FnaqwPZ.exe
  C:\Windows\System\FnaqwPZ.exe
  2⤵
  PID:464
- C:\Windows\System\LHFlgvE.exe
  C:\Windows\System\LHFlgvE.exe
  2⤵
  PID:3912
- C:\Windows\System\EWVGWhF.exe
  C:\Windows\System\EWVGWhF.exe
  2⤵
  PID:3136
- C:\Windows\System\DrEpiNS.exe
  C:\Windows\System\DrEpiNS.exe
  2⤵
  PID:5884
- C:\Windows\System\TZBSTiV.exe
  C:\Windows\System\TZBSTiV.exe
  2⤵
  PID:5936
- C:\Windows\System\qwtBQfy.exe
  C:\Windows\System\qwtBQfy.exe
  2⤵
  PID:4164
- C:\Windows\System\CEggRsU.exe
  C:\Windows\System\CEggRsU.exe
  2⤵
  PID:1988
- C:\Windows\System\fOqmSce.exe
  C:\Windows\System\fOqmSce.exe
  2⤵
  PID:2276
- C:\Windows\System\bAsrGVs.exe
  C:\Windows\System\bAsrGVs.exe
  2⤵
  PID:1640
- C:\Windows\System\RUyoYLV.exe
  C:\Windows\System\RUyoYLV.exe
  2⤵
  PID:5072
- C:\Windows\System\XtjAwdX.exe
  C:\Windows\System\XtjAwdX.exe
  2⤵
  PID:3300
- C:\Windows\System\jMfIuCm.exe
  C:\Windows\System\jMfIuCm.exe
  2⤵
  PID:4656
- C:\Windows\System\SBEmJaG.exe
  C:\Windows\System\SBEmJaG.exe
  2⤵
  PID:2188
- C:\Windows\System\tJqCawu.exe
  C:\Windows\System\tJqCawu.exe
  2⤵
  PID:2132
- C:\Windows\System\LmcFFQG.exe
  C:\Windows\System\LmcFFQG.exe
  2⤵
  PID:4936
- C:\Windows\System\jjPkJBD.exe
  C:\Windows\System\jjPkJBD.exe
  2⤵
  PID:4184
- C:\Windows\System\bBbbQxI.exe
  C:\Windows\System\bBbbQxI.exe
  2⤵
  PID:4912
- C:\Windows\System\bJsLsID.exe
  C:\Windows\System\bJsLsID.exe
  2⤵
  PID:6068
- C:\Windows\System\DYdLBQj.exe
  C:\Windows\System\DYdLBQj.exe
  2⤵
  PID:4212
- C:\Windows\System\PbOOcvk.exe
  C:\Windows\System\PbOOcvk.exe
  2⤵
  PID:2900
- C:\Windows\System\TsHPtul.exe
  C:\Windows\System\TsHPtul.exe
  2⤵
  PID:2552
- C:\Windows\System\sAiEJqk.exe
  C:\Windows\System\sAiEJqk.exe
  2⤵
  PID:320
- C:\Windows\System\wBtErsv.exe
  C:\Windows\System\wBtErsv.exe
  2⤵
  PID:4076
- C:\Windows\System\WzltkTY.exe
  C:\Windows\System\WzltkTY.exe
  2⤵
  PID:1976
- C:\Windows\System\HNBPmWt.exe
  C:\Windows\System\HNBPmWt.exe
  2⤵
  PID:2328
- C:\Windows\System\OhVFZMw.exe
  C:\Windows\System\OhVFZMw.exe
  2⤵
  PID:4460
- C:\Windows\System\mWlcczG.exe
  C:\Windows\System\mWlcczG.exe
  2⤵
  PID:4564
- C:\Windows\System\wfwctzt.exe
  C:\Windows\System\wfwctzt.exe
  2⤵
  PID:4840
- C:\Windows\System\GTqEfmS.exe
  C:\Windows\System\GTqEfmS.exe
  2⤵
  PID:5644
- C:\Windows\System\cBEUGTO.exe
  C:\Windows\System\cBEUGTO.exe
  2⤵
  PID:4580
- C:\Windows\System\kfWcyoB.exe
  C:\Windows\System\kfWcyoB.exe
  2⤵
  PID:3848
- C:\Windows\System\RhXcrAQ.exe
  C:\Windows\System\RhXcrAQ.exe
  2⤵
  PID:5448
- C:\Windows\System\IljezdT.exe
  C:\Windows\System\IljezdT.exe
  2⤵
  PID:5248
- C:\Windows\System\JqDpvLq.exe
  C:\Windows\System\JqDpvLq.exe
  2⤵
  PID:4488
- C:\Windows\System\NPoaoMQ.exe
  C:\Windows\System\NPoaoMQ.exe
  2⤵
  PID:220
- C:\Windows\System\PKhtRQK.exe
  C:\Windows\System\PKhtRQK.exe
  2⤵
  PID:3048
- C:\Windows\System\wYBRZrm.exe
  C:\Windows\System\wYBRZrm.exe
  2⤵
  PID:440
- C:\Windows\System\KuJpIIw.exe
  C:\Windows\System\KuJpIIw.exe
  2⤵
  PID:4072
- C:\Windows\System\ZqwQpHi.exe
  C:\Windows\System\ZqwQpHi.exe
  2⤵
  PID:4624
- C:\Windows\System\SlhFKyz.exe
  C:\Windows\System\SlhFKyz.exe
  2⤵
  PID:3532
- C:\Windows\System\ktQyfyn.exe
  C:\Windows\System\ktQyfyn.exe
  2⤵
  PID:5580
- C:\Windows\System\DQwCzNd.exe
  C:\Windows\System\DQwCzNd.exe
  2⤵
  PID:4724
- C:\Windows\System\jQGAmIF.exe
  C:\Windows\System\jQGAmIF.exe
  2⤵
  PID:4940
- C:\Windows\System\JmVwYed.exe
  C:\Windows\System\JmVwYed.exe
  2⤵
  PID:6156
- C:\Windows\System\cSJQQSB.exe
  C:\Windows\System\cSJQQSB.exe
  2⤵
  PID:6180
- C:\Windows\System\lxoEnPJ.exe
  C:\Windows\System\lxoEnPJ.exe
  2⤵
  PID:6220
- C:\Windows\System\PubzOBZ.exe
  C:\Windows\System\PubzOBZ.exe
  2⤵
  PID:6248
- C:\Windows\System\SfnvgCi.exe
  C:\Windows\System\SfnvgCi.exe
  2⤵
  PID:6276
- C:\Windows\System\pgRqJnI.exe
  C:\Windows\System\pgRqJnI.exe
  2⤵
  PID:6304
- C:\Windows\System\CQcPzmd.exe
  C:\Windows\System\CQcPzmd.exe
  2⤵
  PID:6332
- C:\Windows\System\ljhXMOp.exe
  C:\Windows\System\ljhXMOp.exe
  2⤵
  PID:6360
- C:\Windows\System\QTTVLwI.exe
  C:\Windows\System\QTTVLwI.exe
  2⤵
  PID:6388
- C:\Windows\System\XLTGQgj.exe
  C:\Windows\System\XLTGQgj.exe
  2⤵
  PID:6416
- C:\Windows\System\oplCDsy.exe
  C:\Windows\System\oplCDsy.exe
  2⤵
  PID:6444
- C:\Windows\System\RiAGkLK.exe
  C:\Windows\System\RiAGkLK.exe
  2⤵
  PID:6472
- C:\Windows\System\tlTcWDi.exe
  C:\Windows\System\tlTcWDi.exe
  2⤵
  PID:6500
- C:\Windows\System\zqwWDVQ.exe
  C:\Windows\System\zqwWDVQ.exe
  2⤵
  PID:6528
- C:\Windows\System\DwCSNfH.exe
  C:\Windows\System\DwCSNfH.exe
  2⤵
  PID:6556
- C:\Windows\System\pIetYcn.exe
  C:\Windows\System\pIetYcn.exe
  2⤵
  PID:6592
- C:\Windows\System\QOZRxrQ.exe
  C:\Windows\System\QOZRxrQ.exe
  2⤵
  PID:6620
- C:\Windows\System\iuXADNx.exe
  C:\Windows\System\iuXADNx.exe
  2⤵
  PID:6696
- C:\Windows\System\FEzhIDr.exe
  C:\Windows\System\FEzhIDr.exe
  2⤵
  PID:6760
- C:\Windows\System\QBQgqmz.exe
  C:\Windows\System\QBQgqmz.exe
  2⤵
  PID:6804
- C:\Windows\System\pvJLSYS.exe
  C:\Windows\System\pvJLSYS.exe
  2⤵
  PID:6820
- C:\Windows\System\EPqoxlt.exe
  C:\Windows\System\EPqoxlt.exe
  2⤵
  PID:6876
- C:\Windows\System\evbDnec.exe
  C:\Windows\System\evbDnec.exe
  2⤵
  PID:6912
- C:\Windows\System\vELOFCi.exe
  C:\Windows\System\vELOFCi.exe
  2⤵
  PID:6940
- C:\Windows\System\yuMZufi.exe
  C:\Windows\System\yuMZufi.exe
  2⤵
  PID:6964
- C:\Windows\System\VjgPpXT.exe
  C:\Windows\System\VjgPpXT.exe
  2⤵
  PID:6996
- C:\Windows\System\OMuSqpD.exe
  C:\Windows\System\OMuSqpD.exe
  2⤵
  PID:7024
- C:\Windows\System\VGqMxXS.exe
  C:\Windows\System\VGqMxXS.exe
  2⤵
  PID:7052
- C:\Windows\System\rVbaFxS.exe
  C:\Windows\System\rVbaFxS.exe
  2⤵
  PID:7080
- C:\Windows\System\ihtfhHK.exe
  C:\Windows\System\ihtfhHK.exe
  2⤵
  PID:7108
- C:\Windows\System\aHNcBTa.exe
  C:\Windows\System\aHNcBTa.exe
  2⤵
  PID:7136
- C:\Windows\System\mXiBucm.exe
  C:\Windows\System\mXiBucm.exe
  2⤵
  PID:7164
- C:\Windows\System\DPAciBk.exe
  C:\Windows\System\DPAciBk.exe
  2⤵
  PID:6200
- C:\Windows\System\eexJFsk.exe
  C:\Windows\System\eexJFsk.exe
  2⤵
  PID:6284
- C:\Windows\System\RaVIfGp.exe
  C:\Windows\System\RaVIfGp.exe
  2⤵
  PID:6340
- C:\Windows\System\pfLLbQk.exe
  C:\Windows\System\pfLLbQk.exe
  2⤵
  PID:6404
- C:\Windows\System\NTdoaeC.exe
  C:\Windows\System\NTdoaeC.exe
  2⤵
  PID:6480
- C:\Windows\System\RNoumAr.exe
  C:\Windows\System\RNoumAr.exe
  2⤵
  PID:6516
- C:\Windows\System\KMglCid.exe
  C:\Windows\System\KMglCid.exe
  2⤵
  PID:6600
- C:\Windows\System\IKgcRNP.exe
  C:\Windows\System\IKgcRNP.exe
  2⤵
  PID:6740
- C:\Windows\System\xBWaRYu.exe
  C:\Windows\System\xBWaRYu.exe
  2⤵
  PID:6848
- C:\Windows\System\wLbvgRs.exe
  C:\Windows\System\wLbvgRs.exe
  2⤵
  PID:6928
- C:\Windows\System\IgSjKlK.exe
  C:\Windows\System\IgSjKlK.exe
  2⤵
  PID:6984
- C:\Windows\System\hYIvbZs.exe
  C:\Windows\System\hYIvbZs.exe
  2⤵
  PID:7060
- C:\Windows\System\bhMWZAF.exe
  C:\Windows\System\bhMWZAF.exe
  2⤵
  PID:7116
- C:\Windows\System\kAubqPd.exe
  C:\Windows\System\kAubqPd.exe
  2⤵
  PID:6208
- C:\Windows\System\RVMOeQO.exe
  C:\Windows\System\RVMOeQO.exe
  2⤵
  PID:6348
- C:\Windows\System\FwaScLR.exe
  C:\Windows\System\FwaScLR.exe
  2⤵
  PID:6468
- C:\Windows\System\kHoUgAY.exe
  C:\Windows\System\kHoUgAY.exe
  2⤵
  PID:6676
- C:\Windows\System\oVMdfJS.exe
  C:\Windows\System\oVMdfJS.exe
  2⤵
  PID:6920
- C:\Windows\System\YPyZiXC.exe
  C:\Windows\System\YPyZiXC.exe
  2⤵
  PID:7032
- C:\Windows\System\VmQhNnL.exe
  C:\Windows\System\VmQhNnL.exe
  2⤵
  PID:2864
- C:\Windows\System\DjzoRPn.exe
  C:\Windows\System\DjzoRPn.exe
  2⤵
  PID:6452
- C:\Windows\System\LinsNmX.exe
  C:\Windows\System\LinsNmX.exe
  2⤵
  PID:6948
- C:\Windows\System\WGsORLT.exe
  C:\Windows\System\WGsORLT.exe
  2⤵
  PID:6376
- C:\Windows\System\nCKmnIC.exe
  C:\Windows\System\nCKmnIC.exe
  2⤵
  PID:7132
- C:\Windows\System\ANrbkaV.exe
  C:\Windows\System\ANrbkaV.exe
  2⤵
  PID:7176
- C:\Windows\System\yUVyAyu.exe
  C:\Windows\System\yUVyAyu.exe
  2⤵
  PID:7208
- C:\Windows\System\gpZHKjI.exe
  C:\Windows\System\gpZHKjI.exe
  2⤵
  PID:7232
- C:\Windows\System\WdkDgAg.exe
  C:\Windows\System\WdkDgAg.exe
  2⤵
  PID:7268
- C:\Windows\System\NQxZxRr.exe
  C:\Windows\System\NQxZxRr.exe
  2⤵
  PID:7296
- C:\Windows\System\QZvYJJs.exe
  C:\Windows\System\QZvYJJs.exe
  2⤵
  PID:7312
- C:\Windows\System\RVdGiIz.exe
  C:\Windows\System\RVdGiIz.exe
  2⤵
  PID:7348
- C:\Windows\System\rdweDjP.exe
  C:\Windows\System\rdweDjP.exe
  2⤵
  PID:7380
- C:\Windows\System\gaKUsYs.exe
  C:\Windows\System\gaKUsYs.exe
  2⤵
  PID:7408
- C:\Windows\System\XjRdvJH.exe
  C:\Windows\System\XjRdvJH.exe
  2⤵
  PID:7436
- C:\Windows\System\ErbapTp.exe
  C:\Windows\System\ErbapTp.exe
  2⤵
  PID:7464
- C:\Windows\System\pxYRJJt.exe
  C:\Windows\System\pxYRJJt.exe
  2⤵
  PID:7488
- C:\Windows\System\ZZucTVH.exe
  C:\Windows\System\ZZucTVH.exe
  2⤵
  PID:7516
- C:\Windows\System\qsypUYo.exe
  C:\Windows\System\qsypUYo.exe
  2⤵
  PID:7544
- C:\Windows\System\LrYhcCA.exe
  C:\Windows\System\LrYhcCA.exe
  2⤵
  PID:7576
- C:\Windows\System\iSccVOm.exe
  C:\Windows\System\iSccVOm.exe
  2⤵
  PID:7608
- C:\Windows\System\nIAKKGJ.exe
  C:\Windows\System\nIAKKGJ.exe
  2⤵
  PID:7636
- C:\Windows\System\gRgThvf.exe
  C:\Windows\System\gRgThvf.exe
  2⤵
  PID:7668
- C:\Windows\System\NFPWHMb.exe
  C:\Windows\System\NFPWHMb.exe
  2⤵
  PID:7696
- C:\Windows\System\EdFfEJn.exe
  C:\Windows\System\EdFfEJn.exe
  2⤵
  PID:7724
- C:\Windows\System\cfiEjdc.exe
  C:\Windows\System\cfiEjdc.exe
  2⤵
  PID:7752
- C:\Windows\System\qRjblvH.exe
  C:\Windows\System\qRjblvH.exe
  2⤵
  PID:7784
- C:\Windows\System\CCqdHbE.exe
  C:\Windows\System\CCqdHbE.exe
  2⤵
  PID:7816
- C:\Windows\System\pKtqIUl.exe
  C:\Windows\System\pKtqIUl.exe
  2⤵
  PID:7844
- C:\Windows\System\sYBwZfx.exe
  C:\Windows\System\sYBwZfx.exe
  2⤵
  PID:7876
- C:\Windows\System\fsUELyW.exe
  C:\Windows\System\fsUELyW.exe
  2⤵
  PID:7912
- C:\Windows\System\VItmtxJ.exe
  C:\Windows\System\VItmtxJ.exe
  2⤵
  PID:7928
- C:\Windows\System\FTOqTgj.exe
  C:\Windows\System\FTOqTgj.exe
  2⤵
  PID:7960
- C:\Windows\System\rnmPSPj.exe
  C:\Windows\System\rnmPSPj.exe
  2⤵
  PID:7996
- C:\Windows\System\yOeSLpK.exe
  C:\Windows\System\yOeSLpK.exe
  2⤵
  PID:8024
- C:\Windows\System\VPSzZzy.exe
  C:\Windows\System\VPSzZzy.exe
  2⤵
  PID:8044
- C:\Windows\System\pIdKhAl.exe
  C:\Windows\System\pIdKhAl.exe
  2⤵
  PID:8080
- C:\Windows\System\pXXlzVD.exe
  C:\Windows\System\pXXlzVD.exe
  2⤵
  PID:8108
- C:\Windows\System\TJdhKqO.exe
  C:\Windows\System\TJdhKqO.exe
  2⤵
  PID:8144
- C:\Windows\System\USpKicy.exe
  C:\Windows\System\USpKicy.exe
  2⤵
  PID:6244
- C:\Windows\System\BUeiXll.exe
  C:\Windows\System\BUeiXll.exe
  2⤵
  PID:7264
- C:\Windows\System\YkKwMJO.exe
  C:\Windows\System\YkKwMJO.exe
  2⤵
  PID:7284
- C:\Windows\System\cdBiSKi.exe
  C:\Windows\System\cdBiSKi.exe
  2⤵
  PID:7340
- C:\Windows\System\grntFpu.exe
  C:\Windows\System\grntFpu.exe
  2⤵
  PID:7432
- C:\Windows\System\EXeppPv.exe
  C:\Windows\System\EXeppPv.exe
  2⤵
  PID:7504
- C:\Windows\System\DklMzhM.exe
  C:\Windows\System\DklMzhM.exe
  2⤵
  PID:7592
- C:\Windows\System\fPgBoRB.exe
  C:\Windows\System\fPgBoRB.exe
  2⤵
  PID:7676
- C:\Windows\System\DZUuuZO.exe
  C:\Windows\System\DZUuuZO.exe
  2⤵
  PID:7732
- C:\Windows\System\zNxCEAx.exe
  C:\Windows\System\zNxCEAx.exe
  2⤵
  PID:7768
- C:\Windows\System\dXCdaVR.exe
  C:\Windows\System\dXCdaVR.exe
  2⤵
  PID:7884
- C:\Windows\System\SrZUtLI.exe
  C:\Windows\System\SrZUtLI.exe
  2⤵
  PID:7940
- C:\Windows\System\qvSdGLM.exe
  C:\Windows\System\qvSdGLM.exe
  2⤵
  PID:1604
- C:\Windows\System\sqXlrTV.exe
  C:\Windows\System\sqXlrTV.exe
  2⤵
  PID:4736
- C:\Windows\System\ShemyJe.exe
  C:\Windows\System\ShemyJe.exe
  2⤵
  PID:7984
- C:\Windows\System\GkOxbiC.exe
  C:\Windows\System\GkOxbiC.exe
  2⤵
  PID:8056
- C:\Windows\System\GXitMua.exe
  C:\Windows\System\GXitMua.exe
  2⤵
  PID:8140
- C:\Windows\System\zYYPfge.exe
  C:\Windows\System\zYYPfge.exe
  2⤵
  PID:7248
- C:\Windows\System\IUtVSwv.exe
  C:\Windows\System\IUtVSwv.exe
  2⤵
  PID:7388
- C:\Windows\System\cCSGUVH.exe
  C:\Windows\System\cCSGUVH.exe
  2⤵
  PID:7528
- C:\Windows\System\AgJplYY.exe
  C:\Windows\System\AgJplYY.exe
  2⤵
  PID:7704
- C:\Windows\System\ShnoOgr.exe
  C:\Windows\System\ShnoOgr.exe
  2⤵
  PID:7908
- C:\Windows\System\ImsuYTm.exe
  C:\Windows\System\ImsuYTm.exe
  2⤵
  PID:2684
- C:\Windows\System\ggDgfEz.exe
  C:\Windows\System\ggDgfEz.exe
  2⤵
  PID:8032
- C:\Windows\System\fIkiMbB.exe
  C:\Windows\System\fIkiMbB.exe
  2⤵
  PID:7188
- C:\Windows\System\GWXoEFI.exe
  C:\Windows\System\GWXoEFI.exe
  2⤵
  PID:7556
- C:\Windows\System\llZlPBG.exe
  C:\Windows\System\llZlPBG.exe
  2⤵
  PID:7764
- C:\Windows\System\pqjmfMm.exe
  C:\Windows\System\pqjmfMm.exe
  2⤵
  PID:8092
- C:\Windows\System\cnaEemM.exe
  C:\Windows\System\cnaEemM.exe
  2⤵
  PID:2212
- C:\Windows\System\kskKUDS.exe
  C:\Windows\System\kskKUDS.exe
  2⤵
  PID:8200
- C:\Windows\System\tmBMgtm.exe
  C:\Windows\System\tmBMgtm.exe
  2⤵
  PID:8224
- C:\Windows\System\pBvxyxO.exe
  C:\Windows\System\pBvxyxO.exe
  2⤵
  PID:8252
- C:\Windows\System\ULxuguX.exe
  C:\Windows\System\ULxuguX.exe
  2⤵
  PID:8272
- C:\Windows\System\EETLWjX.exe
  C:\Windows\System\EETLWjX.exe
  2⤵
  PID:8312
- C:\Windows\System\wITeeeI.exe
  C:\Windows\System\wITeeeI.exe
  2⤵
  PID:8344
- C:\Windows\System\HclpZkb.exe
  C:\Windows\System\HclpZkb.exe
  2⤵
  PID:8372
- C:\Windows\System\sjYFHie.exe
  C:\Windows\System\sjYFHie.exe
  2⤵
  PID:8400
- C:\Windows\System\TAdsZXb.exe
  C:\Windows\System\TAdsZXb.exe
  2⤵
  PID:8428
- C:\Windows\System\HBLYhae.exe
  C:\Windows\System\HBLYhae.exe
  2⤵
  PID:8452
- C:\Windows\System\fxgQCXQ.exe
  C:\Windows\System\fxgQCXQ.exe
  2⤵
  PID:8484
- C:\Windows\System\enWAdUT.exe
  C:\Windows\System\enWAdUT.exe
  2⤵
  PID:8512
- C:\Windows\System\sOHefUA.exe
  C:\Windows\System\sOHefUA.exe
  2⤵
  PID:8540
- C:\Windows\System\tEcXIcY.exe
  C:\Windows\System\tEcXIcY.exe
  2⤵
  PID:8572
- C:\Windows\System\fEfwUtK.exe
  C:\Windows\System\fEfwUtK.exe
  2⤵
  PID:8600
- C:\Windows\System\hzhjMYe.exe
  C:\Windows\System\hzhjMYe.exe
  2⤵
  PID:8628
- C:\Windows\System\OzDovOx.exe
  C:\Windows\System\OzDovOx.exe
  2⤵
  PID:8656
- C:\Windows\System\tMmsOHc.exe
  C:\Windows\System\tMmsOHc.exe
  2⤵
  PID:8676
- C:\Windows\System\qnIJBks.exe
  C:\Windows\System\qnIJBks.exe
  2⤵
  PID:8704
- C:\Windows\System\lnNSkZi.exe
  C:\Windows\System\lnNSkZi.exe
  2⤵
  PID:8740
- C:\Windows\System\ZdJGPWI.exe
  C:\Windows\System\ZdJGPWI.exe
  2⤵
  PID:8760
- C:\Windows\System\siGVnCp.exe
  C:\Windows\System\siGVnCp.exe
  2⤵
  PID:8796
- C:\Windows\System\TGxQZpE.exe
  C:\Windows\System\TGxQZpE.exe
  2⤵
  PID:8824
- C:\Windows\System\yQdEsyU.exe
  C:\Windows\System\yQdEsyU.exe
  2⤵
  PID:8852
- C:\Windows\System\oyYxYNq.exe
  C:\Windows\System\oyYxYNq.exe
  2⤵
  PID:8880
- C:\Windows\System\sQRjpDM.exe
  C:\Windows\System\sQRjpDM.exe
  2⤵
  PID:8908
- C:\Windows\System\GvehiGG.exe
  C:\Windows\System\GvehiGG.exe
  2⤵
  PID:8932
- C:\Windows\System\ziPqQQg.exe
  C:\Windows\System\ziPqQQg.exe
  2⤵
  PID:8964
- C:\Windows\System\YtDuzuf.exe
  C:\Windows\System\YtDuzuf.exe
  2⤵
  PID:8992
- C:\Windows\System\GwBhhgA.exe
  C:\Windows\System\GwBhhgA.exe
  2⤵
  PID:9020
- C:\Windows\System\ADGHqlC.exe
  C:\Windows\System\ADGHqlC.exe
  2⤵
  PID:9048
- C:\Windows\System\tAEAijr.exe
  C:\Windows\System\tAEAijr.exe
  2⤵
  PID:9080
- C:\Windows\System\ZXHhOqt.exe
  C:\Windows\System\ZXHhOqt.exe
  2⤵
  PID:9104
- C:\Windows\System\nczcaor.exe
  C:\Windows\System\nczcaor.exe
  2⤵
  PID:9136
- C:\Windows\System\LEQBevk.exe
  C:\Windows\System\LEQBevk.exe
  2⤵
  PID:9164
- C:\Windows\System\Szfizsz.exe
  C:\Windows\System\Szfizsz.exe
  2⤵
  PID:9192
- C:\Windows\System\BPcxpJD.exe
  C:\Windows\System\BPcxpJD.exe
  2⤵
  PID:8196
- C:\Windows\System\iQHAdoL.exe
  C:\Windows\System\iQHAdoL.exe
  2⤵
  PID:8264
- C:\Windows\System\VTyhYlj.exe
  C:\Windows\System\VTyhYlj.exe
  2⤵
  PID:8328
- C:\Windows\System\cbTgoPu.exe
  C:\Windows\System\cbTgoPu.exe
  2⤵
  PID:8408
- C:\Windows\System\VeZQOHS.exe
  C:\Windows\System\VeZQOHS.exe
  2⤵
  PID:8468
- C:\Windows\System\tEaLxSS.exe
  C:\Windows\System\tEaLxSS.exe
  2⤵
  PID:8528
- C:\Windows\System\aZVXyAb.exe
  C:\Windows\System\aZVXyAb.exe
  2⤵
  PID:8608
- C:\Windows\System\xvPoaoR.exe
  C:\Windows\System\xvPoaoR.exe
  2⤵
  PID:8668
- C:\Windows\System\LDewfGD.exe
  C:\Windows\System\LDewfGD.exe
  2⤵
  PID:8724
- C:\Windows\System\lDAsNjx.exe
  C:\Windows\System\lDAsNjx.exe
  2⤵
  PID:8756
- C:\Windows\System\moinSPL.exe
  C:\Windows\System\moinSPL.exe
  2⤵
  PID:8832
- C:\Windows\System\uTfzCKC.exe
  C:\Windows\System\uTfzCKC.exe
  2⤵
  PID:8916
- C:\Windows\System\kVWhthN.exe
  C:\Windows\System\kVWhthN.exe
  2⤵
  PID:8972
- C:\Windows\System\JoRtBTI.exe
  C:\Windows\System\JoRtBTI.exe
  2⤵
  PID:9032
- C:\Windows\System\tESspDJ.exe
  C:\Windows\System\tESspDJ.exe
  2⤵
  PID:9112
- C:\Windows\System\wYLzPyP.exe
  C:\Windows\System\wYLzPyP.exe
  2⤵
  PID:9172
- C:\Windows\System\WIfoZOr.exe
  C:\Windows\System\WIfoZOr.exe
  2⤵
  PID:9204
- C:\Windows\System\zfsZyGo.exe
  C:\Windows\System\zfsZyGo.exe
  2⤵
  PID:8292
- C:\Windows\System\rLjJOHb.exe
  C:\Windows\System\rLjJOHb.exe
  2⤵
  PID:8416
- C:\Windows\System\VFYigSH.exe
  C:\Windows\System\VFYigSH.exe
  2⤵
  PID:8556
- C:\Windows\System\Dsxqphj.exe
  C:\Windows\System\Dsxqphj.exe
  2⤵
  PID:8696
- C:\Windows\System\nLMhdWC.exe
  C:\Windows\System\nLMhdWC.exe
  2⤵
  PID:8804
- C:\Windows\System\JjxAaxQ.exe
  C:\Windows\System\JjxAaxQ.exe
  2⤵
  PID:8980
- C:\Windows\System\CDmCLYa.exe
  C:\Windows\System\CDmCLYa.exe
  2⤵
  PID:9124
- C:\Windows\System\tHplFmC.exe
  C:\Windows\System\tHplFmC.exe
  2⤵
  PID:8236
- C:\Windows\System\FkhfgZt.exe
  C:\Windows\System\FkhfgZt.exe
  2⤵
  PID:8616
- C:\Windows\System\WcjDnqu.exe
  C:\Windows\System\WcjDnqu.exe
  2⤵
  PID:8888
- C:\Windows\System\vovoPnx.exe
  C:\Windows\System\vovoPnx.exe
  2⤵
  PID:9176
- C:\Windows\System\ZlaJxwX.exe
  C:\Windows\System\ZlaJxwX.exe
  2⤵
  PID:8748
- C:\Windows\System\hhaVpsw.exe
  C:\Windows\System\hhaVpsw.exe
  2⤵
  PID:8380
- C:\Windows\System\pCcuUGP.exe
  C:\Windows\System\pCcuUGP.exe
  2⤵
  PID:9240
- C:\Windows\System\nvxHXav.exe
  C:\Windows\System\nvxHXav.exe
  2⤵
  PID:9268
- C:\Windows\System\MnVNcop.exe
  C:\Windows\System\MnVNcop.exe
  2⤵
  PID:9304
- C:\Windows\System\JEDEbCc.exe
  C:\Windows\System\JEDEbCc.exe
  2⤵
  PID:9328
- C:\Windows\System\KdsylPf.exe
  C:\Windows\System\KdsylPf.exe
  2⤵
  PID:9360
- C:\Windows\System\UyEhoLs.exe
  C:\Windows\System\UyEhoLs.exe
  2⤵
  PID:9388
- C:\Windows\System\FiOqwHt.exe
  C:\Windows\System\FiOqwHt.exe
  2⤵
  PID:9420
- C:\Windows\System\NOwTsxt.exe
  C:\Windows\System\NOwTsxt.exe
  2⤵
  PID:9452
- C:\Windows\System\wXsVMjy.exe
  C:\Windows\System\wXsVMjy.exe
  2⤵
  PID:9484
- C:\Windows\System\vjVxFJU.exe
  C:\Windows\System\vjVxFJU.exe
  2⤵
  PID:9512
- C:\Windows\System\UOgItNw.exe
  C:\Windows\System\UOgItNw.exe
  2⤵
  PID:9532
- C:\Windows\System\aPTPsdq.exe
  C:\Windows\System\aPTPsdq.exe
  2⤵
  PID:9560
- C:\Windows\System\PGoetgX.exe
  C:\Windows\System\PGoetgX.exe
  2⤵
  PID:9588
- C:\Windows\System\FnAYXlI.exe
  C:\Windows\System\FnAYXlI.exe
  2⤵
  PID:9616
- C:\Windows\System\dTqkaum.exe
  C:\Windows\System\dTqkaum.exe
  2⤵
  PID:9652
- C:\Windows\System\eGgdsCK.exe
  C:\Windows\System\eGgdsCK.exe
  2⤵
  PID:9684
- C:\Windows\System\OPyJFrs.exe
  C:\Windows\System\OPyJFrs.exe
  2⤵
  PID:9712
- C:\Windows\System\EAbmNiX.exe
  C:\Windows\System\EAbmNiX.exe
  2⤵
  PID:9732
- C:\Windows\System\fKyWtdO.exe
  C:\Windows\System\fKyWtdO.exe
  2⤵
  PID:9768
- C:\Windows\System\ZlZQbBP.exe
  C:\Windows\System\ZlZQbBP.exe
  2⤵
  PID:9796
- C:\Windows\System\nOYRmXI.exe
  C:\Windows\System\nOYRmXI.exe
  2⤵
  PID:9816
- C:\Windows\System\jXJGZXh.exe
  C:\Windows\System\jXJGZXh.exe
  2⤵
  PID:9844
- C:\Windows\System\iMwZpHB.exe
  C:\Windows\System\iMwZpHB.exe
  2⤵
  PID:9876
- C:\Windows\System\KDJtXdZ.exe
  C:\Windows\System\KDJtXdZ.exe
  2⤵
  PID:9904
- C:\Windows\System\xXnchQH.exe
  C:\Windows\System\xXnchQH.exe
  2⤵
  PID:9932
- C:\Windows\System\xDdDXUO.exe
  C:\Windows\System\xDdDXUO.exe
  2⤵
  PID:9964
- C:\Windows\System\LYxoOWa.exe
  C:\Windows\System\LYxoOWa.exe
  2⤵
  PID:9996
- C:\Windows\System\zNSEvEx.exe
  C:\Windows\System\zNSEvEx.exe
  2⤵
  PID:10024
- C:\Windows\System\kbusKhk.exe
  C:\Windows\System\kbusKhk.exe
  2⤵
  PID:10044
- C:\Windows\System\vOgnilk.exe
  C:\Windows\System\vOgnilk.exe
  2⤵
  PID:10072
- C:\Windows\System\tRBkNBs.exe
  C:\Windows\System\tRBkNBs.exe
  2⤵
  PID:10108
- C:\Windows\System\tHvbWcx.exe
  C:\Windows\System\tHvbWcx.exe
  2⤵
  PID:10136
- C:\Windows\System\ozubJcX.exe
  C:\Windows\System\ozubJcX.exe
  2⤵
  PID:10188
- C:\Windows\System\HGthhlz.exe
  C:\Windows\System\HGthhlz.exe
  2⤵
  PID:10220
- C:\Windows\System\HnIqysS.exe
  C:\Windows\System\HnIqysS.exe
  2⤵
  PID:9224
- C:\Windows\System\poaitxQ.exe
  C:\Windows\System\poaitxQ.exe
  2⤵
  PID:9284
- C:\Windows\System\SAvQwxz.exe
  C:\Windows\System\SAvQwxz.exe
  2⤵
  PID:9432
- C:\Windows\System\ocdZKbr.exe
  C:\Windows\System\ocdZKbr.exe
  2⤵
  PID:9500
- C:\Windows\System\pfEQLYc.exe
  C:\Windows\System\pfEQLYc.exe
  2⤵
  PID:9552
- C:\Windows\System\uiDyEri.exe
  C:\Windows\System\uiDyEri.exe
  2⤵
  PID:9612
- C:\Windows\System\NQwSzuB.exe
  C:\Windows\System\NQwSzuB.exe
  2⤵
  PID:9700
- C:\Windows\System\ZrGJDLe.exe
  C:\Windows\System\ZrGJDLe.exe
  2⤵
  PID:9756
- C:\Windows\System\kOcnSGJ.exe
  C:\Windows\System\kOcnSGJ.exe
  2⤵
  PID:9856
- C:\Windows\System\PxNZjDA.exe
  C:\Windows\System\PxNZjDA.exe
  2⤵
  PID:9916
- C:\Windows\System\RTTBwwt.exe
  C:\Windows\System\RTTBwwt.exe
  2⤵
  PID:9980
- C:\Windows\System\YAtKZEk.exe
  C:\Windows\System\YAtKZEk.exe
  2⤵
  PID:10036
- C:\Windows\System\rytxtRY.exe
  C:\Windows\System\rytxtRY.exe
  2⤵
  PID:10116
- C:\Windows\System\QOVstGE.exe
  C:\Windows\System\QOVstGE.exe
  2⤵
  PID:6008
- C:\Windows\System\lyhNmuf.exe
  C:\Windows\System\lyhNmuf.exe
  2⤵
  PID:10212
- C:\Windows\System\VtjUXkj.exe
  C:\Windows\System\VtjUXkj.exe
  2⤵
  PID:9396
- C:\Windows\System\ShncPrd.exe
  C:\Windows\System\ShncPrd.exe
  2⤵
  PID:9524
- C:\Windows\System\GqSjuLq.exe
  C:\Windows\System\GqSjuLq.exe
  2⤵
  PID:9692
- C:\Windows\System\dTkkCmO.exe
  C:\Windows\System\dTkkCmO.exe
  2⤵
  PID:3844
- C:\Windows\System\bGSYGSV.exe
  C:\Windows\System\bGSYGSV.exe
  2⤵
  PID:9948
- C:\Windows\System\jGCDprd.exe
  C:\Windows\System\jGCDprd.exe
  2⤵
  PID:10084
- C:\Windows\System\lTMjThY.exe
  C:\Windows\System\lTMjThY.exe
  2⤵
  PID:1052
- C:\Windows\System\WrJCAAV.exe
  C:\Windows\System\WrJCAAV.exe
  2⤵
  PID:9580
- C:\Windows\System\zxgDsOB.exe
  C:\Windows\System\zxgDsOB.exe
  2⤵
  PID:9752
- C:\Windows\System\CsczOtE.exe
  C:\Windows\System\CsczOtE.exe
  2⤵
  PID:5492
- C:\Windows\System\eTHLDIp.exe
  C:\Windows\System\eTHLDIp.exe
  2⤵
  PID:2088
- C:\Windows\System\atvcUlt.exe
  C:\Windows\System\atvcUlt.exe
  2⤵
  PID:1628
- C:\Windows\System\rGOeGyf.exe
  C:\Windows\System\rGOeGyf.exe
  2⤵
  PID:10244
- C:\Windows\System\YcMMMlz.exe
  C:\Windows\System\YcMMMlz.exe
  2⤵
  PID:10272
- C:\Windows\System\TfkOjsJ.exe
  C:\Windows\System\TfkOjsJ.exe
  2⤵
  PID:10308
- C:\Windows\System\OzCAUFo.exe
  C:\Windows\System\OzCAUFo.exe
  2⤵
  PID:10336
- C:\Windows\System\axqIkzi.exe
  C:\Windows\System\axqIkzi.exe
  2⤵
  PID:10368
- C:\Windows\System\IbkdwFA.exe
  C:\Windows\System\IbkdwFA.exe
  2⤵
  PID:10388
- C:\Windows\System\HxZQDJd.exe
  C:\Windows\System\HxZQDJd.exe
  2⤵
  PID:10428
- C:\Windows\System\YujfzDK.exe
  C:\Windows\System\YujfzDK.exe
  2⤵
  PID:10444
- C:\Windows\System\ZZLCTKn.exe
  C:\Windows\System\ZZLCTKn.exe
  2⤵
  PID:10472
- C:\Windows\System\TvAzgEq.exe
  C:\Windows\System\TvAzgEq.exe
  2⤵
  PID:10500
- C:\Windows\System\ZtdKUxm.exe
  C:\Windows\System\ZtdKUxm.exe
  2⤵
  PID:10528
- C:\Windows\System\imGbojw.exe
  C:\Windows\System\imGbojw.exe
  2⤵
  PID:10564
- C:\Windows\System\nwQOrve.exe
  C:\Windows\System\nwQOrve.exe
  2⤵
  PID:10584
- C:\Windows\System\RsYQxNM.exe
  C:\Windows\System\RsYQxNM.exe
  2⤵
  PID:10612
- C:\Windows\System\QuFEAJP.exe
  C:\Windows\System\QuFEAJP.exe
  2⤵
  PID:10640
- C:\Windows\System\WnGUbDh.exe
  C:\Windows\System\WnGUbDh.exe
  2⤵
  PID:10668
- C:\Windows\System\NMumaYm.exe
  C:\Windows\System\NMumaYm.exe
  2⤵
  PID:10696
- C:\Windows\System\seFQqkS.exe
  C:\Windows\System\seFQqkS.exe
  2⤵
  PID:10724
- C:\Windows\System\rXOquxN.exe
  C:\Windows\System\rXOquxN.exe
  2⤵
  PID:10752
- C:\Windows\System\qvmrTOd.exe
  C:\Windows\System\qvmrTOd.exe
  2⤵
  PID:10780
- C:\Windows\System\PDOdEEu.exe
  C:\Windows\System\PDOdEEu.exe
  2⤵
  PID:10808
- C:\Windows\System\FPKwuLM.exe
  C:\Windows\System\FPKwuLM.exe
  2⤵
  PID:10836
- C:\Windows\System\Ddthugh.exe
  C:\Windows\System\Ddthugh.exe
  2⤵
  PID:10876
- C:\Windows\System\ntTSAPl.exe
  C:\Windows\System\ntTSAPl.exe
  2⤵
  PID:10904
- C:\Windows\System\JKntcnl.exe
  C:\Windows\System\JKntcnl.exe
  2⤵
  PID:10932
- C:\Windows\System\sKjUHpS.exe
  C:\Windows\System\sKjUHpS.exe
  2⤵
  PID:10952
- C:\Windows\System\AcVjGbU.exe
  C:\Windows\System\AcVjGbU.exe
  2⤵
  PID:10980
- C:\Windows\System\xbOZOFU.exe
  C:\Windows\System\xbOZOFU.exe
  2⤵
  PID:11008
- C:\Windows\System\KOfagUG.exe
  C:\Windows\System\KOfagUG.exe
  2⤵
  PID:11036
- C:\Windows\System\IcWngYi.exe
  C:\Windows\System\IcWngYi.exe
  2⤵
  PID:11064
- C:\Windows\System\oPptkqn.exe
  C:\Windows\System\oPptkqn.exe
  2⤵
  PID:11092
- C:\Windows\System\YheVAeE.exe
  C:\Windows\System\YheVAeE.exe
  2⤵
  PID:11120
- C:\Windows\System\ScyzBOq.exe
  C:\Windows\System\ScyzBOq.exe
  2⤵
  PID:11148
- C:\Windows\System\QdjrsxB.exe
  C:\Windows\System\QdjrsxB.exe
  2⤵
  PID:11180
- C:\Windows\System\FoTmKQN.exe
  C:\Windows\System\FoTmKQN.exe
  2⤵
  PID:11212
- C:\Windows\System\hntajPW.exe
  C:\Windows\System\hntajPW.exe
  2⤵
  PID:11232
- C:\Windows\System\XUMIgmE.exe
  C:\Windows\System\XUMIgmE.exe
  2⤵
  PID:10008
- C:\Windows\System\OrbZaGg.exe
  C:\Windows\System\OrbZaGg.exe
  2⤵
  PID:10292
- C:\Windows\System\aNvBZFs.exe
  C:\Windows\System\aNvBZFs.exe
  2⤵
  PID:10352
- C:\Windows\System\Njkuoql.exe
  C:\Windows\System\Njkuoql.exe
  2⤵
  PID:10436
- C:\Windows\System\KtxwItk.exe
  C:\Windows\System\KtxwItk.exe
  2⤵
  PID:10496
- C:\Windows\System\ovMPCpn.exe
  C:\Windows\System\ovMPCpn.exe
  2⤵
  PID:10548
- C:\Windows\System\HfwZwdF.exe
  C:\Windows\System\HfwZwdF.exe
  2⤵
  PID:10608
- C:\Windows\System\yrabPSD.exe
  C:\Windows\System\yrabPSD.exe
  2⤵
  PID:10680
- C:\Windows\System\NGNudMe.exe
  C:\Windows\System\NGNudMe.exe
  2⤵
  PID:10744
- C:\Windows\System\OyYLpZD.exe
  C:\Windows\System\OyYLpZD.exe
  2⤵
  PID:10828
- C:\Windows\System\ufzwgeY.exe
  C:\Windows\System\ufzwgeY.exe
  2⤵
  PID:10864
- C:\Windows\System\kdQqKlI.exe
  C:\Windows\System\kdQqKlI.exe
  2⤵
  PID:10940
- C:\Windows\System\nlmDDBL.exe
  C:\Windows\System\nlmDDBL.exe
  2⤵
  PID:11000
- C:\Windows\System\lGgVxMQ.exe
  C:\Windows\System\lGgVxMQ.exe
  2⤵
  PID:11056
- C:\Windows\System\CSlOidb.exe
  C:\Windows\System\CSlOidb.exe
  2⤵
  PID:11112
- C:\Windows\System\yEavVvS.exe
  C:\Windows\System\yEavVvS.exe
  2⤵
  PID:1480
- C:\Windows\System\VLEJNKt.exe
  C:\Windows\System\VLEJNKt.exe
  2⤵
  PID:11224
- C:\Windows\System\UnqQvGH.exe
  C:\Windows\System\UnqQvGH.exe
  2⤵
  PID:10288
- C:\Windows\System\XHiCUTk.exe
  C:\Windows\System\XHiCUTk.exe
  2⤵
  PID:10424
- C:\Windows\System\mFJKuCO.exe
  C:\Windows\System\mFJKuCO.exe
  2⤵
  PID:2812
- C:\Windows\System\ybtQfxQ.exe
  C:\Windows\System\ybtQfxQ.exe
  2⤵
  PID:10708
- C:\Windows\System\ifQEGBJ.exe
  C:\Windows\System\ifQEGBJ.exe
  2⤵
  PID:10844
- C:\Windows\System\fWUpHNI.exe
  C:\Windows\System\fWUpHNI.exe
  2⤵
  PID:10992
- C:\Windows\System\xbvNVWS.exe
  C:\Windows\System\xbvNVWS.exe
  2⤵
  PID:11160
- C:\Windows\System\MuquZdC.exe
  C:\Windows\System\MuquZdC.exe
  2⤵
  PID:10256
- C:\Windows\System\DmuLuHa.exe
  C:\Windows\System\DmuLuHa.exe
  2⤵
  PID:3476
- C:\Windows\System\cTPpaSE.exe
  C:\Windows\System\cTPpaSE.exe
  2⤵
  PID:10800
- C:\Windows\System\xFXouRC.exe
  C:\Windows\System\xFXouRC.exe
  2⤵
  PID:11104
- C:\Windows\System\kEHZNRc.exe
  C:\Windows\System\kEHZNRc.exe
  2⤵
  PID:10916
- C:\Windows\System\riSuYDx.exe
  C:\Windows\System\riSuYDx.exe
  2⤵
  PID:11296
- C:\Windows\System\RgiCvsc.exe
  C:\Windows\System\RgiCvsc.exe
  2⤵
  PID:11348
- C:\Windows\System\RKPAULU.exe
  C:\Windows\System\RKPAULU.exe
  2⤵
  PID:11372
- C:\Windows\System\kLelCEK.exe
  C:\Windows\System\kLelCEK.exe
  2⤵
  PID:11396
- C:\Windows\System\mYRebwL.exe
  C:\Windows\System\mYRebwL.exe
  2⤵
  PID:11420
- C:\Windows\System\CeViSqm.exe
  C:\Windows\System\CeViSqm.exe
  2⤵
  PID:11452
- C:\Windows\System\xgyPuMP.exe
  C:\Windows\System\xgyPuMP.exe
  2⤵
  PID:11476
- C:\Windows\System\nlIxysS.exe
  C:\Windows\System\nlIxysS.exe
  2⤵
  PID:11516
- C:\Windows\System\getvpys.exe
  C:\Windows\System\getvpys.exe
  2⤵
  PID:11540
- C:\Windows\System\BkbBANO.exe
  C:\Windows\System\BkbBANO.exe
  2⤵
  PID:11568
- C:\Windows\System\VWrrMsW.exe
  C:\Windows\System\VWrrMsW.exe
  2⤵
  PID:11596
- C:\Windows\System\TdYXxKP.exe
  C:\Windows\System\TdYXxKP.exe
  2⤵
  PID:11620
- C:\Windows\System\cGZhxjk.exe
  C:\Windows\System\cGZhxjk.exe
  2⤵
  PID:11644
- C:\Windows\System\wSYnbLB.exe
  C:\Windows\System\wSYnbLB.exe
  2⤵
  PID:11672
- C:\Windows\System\kmbpmnK.exe
  C:\Windows\System\kmbpmnK.exe
  2⤵
  PID:11704
- C:\Windows\System\nCdWPSt.exe
  C:\Windows\System\nCdWPSt.exe
  2⤵
  PID:11728
- C:\Windows\System\lnRIDGj.exe
  C:\Windows\System\lnRIDGj.exe
  2⤵
  PID:11756
- C:\Windows\System\XXUSOkf.exe
  C:\Windows\System\XXUSOkf.exe
  2⤵
  PID:11792
- C:\Windows\System\MPIihnO.exe
  C:\Windows\System\MPIihnO.exe
  2⤵
  PID:11812
- C:\Windows\System\EhwskuL.exe
  C:\Windows\System\EhwskuL.exe
  2⤵
  PID:11840
- C:\Windows\System\BxcUyAZ.exe
  C:\Windows\System\BxcUyAZ.exe
  2⤵
  PID:11872
- C:\Windows\System\uuwzAtP.exe
  C:\Windows\System\uuwzAtP.exe
  2⤵
  PID:11904
- C:\Windows\System\FXCqbPh.exe
  C:\Windows\System\FXCqbPh.exe
  2⤵
  PID:11924
- C:\Windows\System\tKcFjam.exe
  C:\Windows\System\tKcFjam.exe
  2⤵
  PID:11952
- C:\Windows\System\IOnqTol.exe
  C:\Windows\System\IOnqTol.exe
  2⤵
  PID:11980
- C:\Windows\System\FsVoqxl.exe
  C:\Windows\System\FsVoqxl.exe
  2⤵
  PID:12016
- C:\Windows\System\fQLvjUp.exe
  C:\Windows\System\fQLvjUp.exe
  2⤵
  PID:12040
- C:\Windows\System\rBxyyBg.exe
  C:\Windows\System\rBxyyBg.exe
  2⤵
  PID:12068
- C:\Windows\System\eAtnOhW.exe
  C:\Windows\System\eAtnOhW.exe
  2⤵
  PID:12092
- C:\Windows\System\XducZHh.exe
  C:\Windows\System\XducZHh.exe
  2⤵
  PID:12120
- C:\Windows\System\TujdqYa.exe
  C:\Windows\System\TujdqYa.exe
  2⤵
  PID:12148
- C:\Windows\System\yrmarmL.exe
  C:\Windows\System\yrmarmL.exe
  2⤵
  PID:12192
- C:\Windows\System\XUqpMRI.exe
  C:\Windows\System\XUqpMRI.exe
  2⤵
  PID:12208
- C:\Windows\System\cQDUgFj.exe
  C:\Windows\System\cQDUgFj.exe
  2⤵
  PID:12236
- C:\Windows\System\UgHisAo.exe
  C:\Windows\System\UgHisAo.exe
  2⤵
  PID:12264
- C:\Windows\System\HVSfRrc.exe
  C:\Windows\System\HVSfRrc.exe
  2⤵
  PID:11292
- C:\Windows\System\uYHRRav.exe
  C:\Windows\System\uYHRRav.exe
  2⤵
  PID:9280
- C:\Windows\System\DHWlwAx.exe
  C:\Windows\System\DHWlwAx.exe
  2⤵
  PID:11340
- C:\Windows\System\vFVoprN.exe
  C:\Windows\System\vFVoprN.exe
  2⤵
  PID:11388
- C:\Windows\System\tfzkgzh.exe
  C:\Windows\System\tfzkgzh.exe
  2⤵
  PID:11460
- C:\Windows\System\CpThWTV.exe
  C:\Windows\System\CpThWTV.exe
  2⤵
  PID:11524
- C:\Windows\System\uHlYxMK.exe
  C:\Windows\System\uHlYxMK.exe
  2⤵
  PID:11580
- C:\Windows\System\IjVavZl.exe
  C:\Windows\System\IjVavZl.exe
  2⤵
  PID:11656
- C:\Windows\System\QgkeIZE.exe
  C:\Windows\System\QgkeIZE.exe
  2⤵
  PID:11720
- C:\Windows\System\FDXFmbp.exe
  C:\Windows\System\FDXFmbp.exe
  2⤵
  PID:11780
- C:\Windows\System\idosgnD.exe
  C:\Windows\System\idosgnD.exe
  2⤵
  PID:11852
- C:\Windows\System\iGOsaXi.exe
  C:\Windows\System\iGOsaXi.exe
  2⤵
  PID:11916
- C:\Windows\System\QjElQcF.exe
  C:\Windows\System\QjElQcF.exe
  2⤵
  PID:11976
- C:\Windows\System\xVfgfIT.exe
  C:\Windows\System\xVfgfIT.exe
  2⤵
  PID:12048
- C:\Windows\System\AlBosRs.exe
  C:\Windows\System\AlBosRs.exe
  2⤵
  PID:12112
- C:\Windows\System\sXpUlPZ.exe
  C:\Windows\System\sXpUlPZ.exe
  2⤵
  PID:12172
- C:\Windows\System\gQoSfxa.exe
  C:\Windows\System\gQoSfxa.exe
  2⤵
  PID:12276
- C:\Windows\System\ydXXjMM.exe
  C:\Windows\System\ydXXjMM.exe
  2⤵
  PID:10160
- C:\Windows\System\lnMnpNW.exe
  C:\Windows\System\lnMnpNW.exe
  2⤵
  PID:11384
- C:\Windows\System\uuqgMKp.exe
  C:\Windows\System\uuqgMKp.exe
  2⤵
  PID:11552
- C:\Windows\System\eOrdwPz.exe
  C:\Windows\System\eOrdwPz.exe
  2⤵
  PID:11696
- C:\Windows\System\ESZAEgH.exe
  C:\Windows\System\ESZAEgH.exe
  2⤵
  PID:11836
- C:\Windows\System\LjgKnOy.exe
  C:\Windows\System\LjgKnOy.exe
  2⤵
  PID:12004
- C:\Windows\System\WwfuVDn.exe
  C:\Windows\System\WwfuVDn.exe
  2⤵
  PID:12160
- C:\Windows\System\beVunUZ.exe
  C:\Windows\System\beVunUZ.exe
  2⤵
  PID:11288
- C:\Windows\System\Fpqopns.exe
  C:\Windows\System\Fpqopns.exe
  2⤵
  PID:11640
- C:\Windows\System\YAeZIKQ.exe
  C:\Windows\System\YAeZIKQ.exe
  2⤵
  PID:11912
- C:\Windows\System\QrQEhZJ.exe
  C:\Windows\System\QrQEhZJ.exe
  2⤵
  PID:12260
- C:\Windows\System\jLeqvyu.exe
  C:\Windows\System\jLeqvyu.exe
  2⤵
  PID:12080
- C:\Windows\System\AiFstZW.exe
  C:\Windows\System\AiFstZW.exe
  2⤵
  PID:12228
- C:\Windows\System\aslbLGy.exe
  C:\Windows\System\aslbLGy.exe
  2⤵
  PID:12308
- C:\Windows\System\opNlTAV.exe
  C:\Windows\System\opNlTAV.exe
  2⤵
  PID:12336
- C:\Windows\System\hjzyBuR.exe
  C:\Windows\System\hjzyBuR.exe
  2⤵
  PID:12364
- C:\Windows\System\AJBNGta.exe
  C:\Windows\System\AJBNGta.exe
  2⤵
  PID:12392
- C:\Windows\System\icTWhyL.exe
  C:\Windows\System\icTWhyL.exe
  2⤵
  PID:12420
- C:\Windows\System\JCxnaaK.exe
  C:\Windows\System\JCxnaaK.exe
  2⤵
  PID:12448
- C:\Windows\System\fRcGEJt.exe
  C:\Windows\System\fRcGEJt.exe
  2⤵
  PID:12476
- C:\Windows\System\LYXkgwV.exe
  C:\Windows\System\LYXkgwV.exe
  2⤵
  PID:12504
- C:\Windows\System\ZJwXOuE.exe
  C:\Windows\System\ZJwXOuE.exe
  2⤵
  PID:12532
- C:\Windows\System\OGCEXRs.exe
  C:\Windows\System\OGCEXRs.exe
  2⤵
  PID:12560
- C:\Windows\System\FUbzNNV.exe
  C:\Windows\System\FUbzNNV.exe
  2⤵
  PID:12588
- C:\Windows\System\MEBwYAc.exe
  C:\Windows\System\MEBwYAc.exe
  2⤵
  PID:12616
- C:\Windows\System\AzigFMD.exe
  C:\Windows\System\AzigFMD.exe
  2⤵
  PID:12644
- C:\Windows\System\xYhKubE.exe
  C:\Windows\System\xYhKubE.exe
  2⤵
  PID:12672
- C:\Windows\System\aALvAbE.exe
  C:\Windows\System\aALvAbE.exe
  2⤵
  PID:12700
- C:\Windows\System\GHEXpUv.exe
  C:\Windows\System\GHEXpUv.exe
  2⤵
  PID:12728
- C:\Windows\System\ydCauJO.exe
  C:\Windows\System\ydCauJO.exe
  2⤵
  PID:12756
- C:\Windows\System\TwYvFqX.exe
  C:\Windows\System\TwYvFqX.exe
  2⤵
  PID:12784
- C:\Windows\System\NubKtBO.exe
  C:\Windows\System\NubKtBO.exe
  2⤵
  PID:12812
- C:\Windows\System\ybYJyLH.exe
  C:\Windows\System\ybYJyLH.exe
  2⤵
  PID:12840
- C:\Windows\System\zPNfdkh.exe
  C:\Windows\System\zPNfdkh.exe
  2⤵
  PID:12868
- C:\Windows\System\fziGkvy.exe
  C:\Windows\System\fziGkvy.exe
  2⤵
  PID:12896
- C:\Windows\System\lHHUNDn.exe
  C:\Windows\System\lHHUNDn.exe
  2⤵
  PID:12924
- C:\Windows\System\gArZEbe.exe
  C:\Windows\System\gArZEbe.exe
  2⤵
  PID:12952
- C:\Windows\System\hryJHIE.exe
  C:\Windows\System\hryJHIE.exe
  2⤵
  PID:12980
- C:\Windows\System\OZqfbqH.exe
  C:\Windows\System\OZqfbqH.exe
  2⤵
  PID:13008
- C:\Windows\System\WxUVRep.exe
  C:\Windows\System\WxUVRep.exe
  2⤵
  PID:13036
- C:\Windows\System\RpKqjtj.exe
  C:\Windows\System\RpKqjtj.exe
  2⤵
  PID:13064
- C:\Windows\System\rgSsFDe.exe
  C:\Windows\System\rgSsFDe.exe
  2⤵
  PID:13092
- C:\Windows\System\ZSjJqLm.exe
  C:\Windows\System\ZSjJqLm.exe
  2⤵
  PID:13120
- C:\Windows\System\HKEppQt.exe
  C:\Windows\System\HKEppQt.exe
  2⤵
  PID:13148
- C:\Windows\System\cOgvCZO.exe
  C:\Windows\System\cOgvCZO.exe
  2⤵
  PID:13176
- C:\Windows\System\rzDWvKr.exe
  C:\Windows\System\rzDWvKr.exe
  2⤵
  PID:13204
- C:\Windows\System\gZiRNoz.exe
  C:\Windows\System\gZiRNoz.exe
  2⤵
  PID:13248
- C:\Windows\System\lcdmeVa.exe
  C:\Windows\System\lcdmeVa.exe
  2⤵
  PID:13264
- C:\Windows\System\cOmzXNu.exe
  C:\Windows\System\cOmzXNu.exe
  2⤵
  PID:13292
- C:\Windows\System\mGofVta.exe
  C:\Windows\System\mGofVta.exe
  2⤵
  PID:12292
- C:\Windows\System\pWDOgRn.exe
  C:\Windows\System\pWDOgRn.exe
  2⤵
  PID:12348
- C:\Windows\System\hSrtwqa.exe
  C:\Windows\System\hSrtwqa.exe
  2⤵
  PID:3396
- C:\Windows\System\EjHnbmN.exe
  C:\Windows\System\EjHnbmN.exe
  2⤵
  PID:12440
- C:\Windows\System\xNXufjQ.exe
  C:\Windows\System\xNXufjQ.exe
  2⤵
  PID:12500
- C:\Windows\System\nsTGOfU.exe
  C:\Windows\System\nsTGOfU.exe
  2⤵
  PID:12572
- C:\Windows\System\KwMykWI.exe
  C:\Windows\System\KwMykWI.exe
  2⤵
  PID:12636
- C:\Windows\System\pXzFeUf.exe
  C:\Windows\System\pXzFeUf.exe
  2⤵
  PID:5196
- C:\Windows\System\HMHdgIL.exe
  C:\Windows\System\HMHdgIL.exe
  2⤵
  PID:12696
- C:\Windows\System\mdnYHKF.exe
  C:\Windows\System\mdnYHKF.exe
  2⤵
  PID:12768
- C:\Windows\System\RmZikeo.exe
  C:\Windows\System\RmZikeo.exe
  2⤵
  PID:12832
- C:\Windows\System\yefvWxU.exe
  C:\Windows\System\yefvWxU.exe
  2⤵
  PID:12892
- C:\Windows\System\cGCawOi.exe
  C:\Windows\System\cGCawOi.exe
  2⤵
  PID:12964
- C:\Windows\System\juvRbmc.exe
  C:\Windows\System\juvRbmc.exe
  2⤵
  PID:13028
- C:\Windows\System\WcFmnkw.exe
  C:\Windows\System\WcFmnkw.exe
  2⤵
  PID:13088
- C:\Windows\System\iYObylC.exe
  C:\Windows\System\iYObylC.exe
  2⤵
  PID:13160
- C:\Windows\System\UZQmKCA.exe
  C:\Windows\System\UZQmKCA.exe
  2⤵
  PID:13224
- C:\Windows\System\lxUOHjN.exe
  C:\Windows\System\lxUOHjN.exe
  2⤵
  PID:13288
- C:\Windows\System\jpzozoO.exe
  C:\Windows\System\jpzozoO.exe
  2⤵
  PID:3040
- C:\Windows\System\BUfcXQn.exe
  C:\Windows\System\BUfcXQn.exe
  2⤵
  PID:12488
- C:\Windows\System\ublbFfy.exe
  C:\Windows\System\ublbFfy.exe
  2⤵
  PID:12628
- C:\Windows\System\nWxFJyc.exe
  C:\Windows\System\nWxFJyc.exe
  2⤵
  PID:12724
- C:\Windows\System\qsbVvAj.exe
  C:\Windows\System\qsbVvAj.exe
  2⤵
  PID:12880
- C:\Windows\System\dkozLuO.exe
  C:\Windows\System\dkozLuO.exe
  2⤵
  PID:13020
- C:\Windows\System\ItuaqVo.exe
  C:\Windows\System\ItuaqVo.exe
  2⤵
  PID:13188
- C:\Windows\System\JYNIBaL.exe
  C:\Windows\System\JYNIBaL.exe
  2⤵
  PID:12328
- C:\Windows\System\iXAAMtc.exe
  C:\Windows\System\iXAAMtc.exe
  2⤵
  PID:12612
- C:\Windows\System\ZVTafRY.exe
  C:\Windows\System\ZVTafRY.exe
  2⤵
  PID:12944
- C:\Windows\System\CybuBfd.exe
  C:\Windows\System\CybuBfd.exe
  2⤵
  PID:13284
- C:\Windows\System\lIyZdUK.exe
  C:\Windows\System\lIyZdUK.exe
  2⤵
  PID:12860
- C:\Windows\System\FhEWJpm.exe
  C:\Windows\System\FhEWJpm.exe
  2⤵
  PID:13256
- C:\Windows\System\QXuecFF.exe
  C:\Windows\System\QXuecFF.exe
  2⤵
  PID:13332
- C:\Windows\System\XDgjaoI.exe
  C:\Windows\System\XDgjaoI.exe
  2⤵
  PID:13360
- C:\Windows\System\kKFCzQo.exe
  C:\Windows\System\kKFCzQo.exe
  2⤵
  PID:13388
- C:\Windows\System\HuZxdIo.exe
  C:\Windows\System\HuZxdIo.exe
  2⤵
  PID:13416
- C:\Windows\System\WNZALDw.exe
  C:\Windows\System\WNZALDw.exe
  2⤵
  PID:13444
- C:\Windows\System\ftadBQr.exe
  C:\Windows\System\ftadBQr.exe
  2⤵
  PID:13472
- C:\Windows\System\LTiTZYP.exe
  C:\Windows\System\LTiTZYP.exe
  2⤵
  PID:13500
- C:\Windows\System\DRjziZi.exe
  C:\Windows\System\DRjziZi.exe
  2⤵
  PID:13528
- C:\Windows\System\YQqQZMh.exe
  C:\Windows\System\YQqQZMh.exe
  2⤵
  PID:13556
- C:\Windows\System\yNKPenF.exe
  C:\Windows\System\yNKPenF.exe
  2⤵
  PID:13584
- C:\Windows\System\VZCbMsl.exe
  C:\Windows\System\VZCbMsl.exe
  2⤵
  PID:13616
- C:\Windows\System\NTHuMiu.exe
  C:\Windows\System\NTHuMiu.exe
  2⤵
  PID:13640
- C:\Windows\System\NWAtJcV.exe
  C:\Windows\System\NWAtJcV.exe
  2⤵
  PID:13696
- C:\Windows\System\HtslcCo.exe
  C:\Windows\System\HtslcCo.exe
  2⤵
  PID:13740
- C:\Windows\System\qWKmxAU.exe
  C:\Windows\System\qWKmxAU.exe
  2⤵
  PID:13788
- C:\Windows\System\ENaEsNr.exe
  C:\Windows\System\ENaEsNr.exe
  2⤵
  PID:13816
- C:\Windows\System\UOOQEBd.exe
  C:\Windows\System\UOOQEBd.exe
  2⤵
  PID:13844
- C:\Windows\System\wBEEpCL.exe
  C:\Windows\System\wBEEpCL.exe
  2⤵
  PID:13876
- C:\Windows\System\AxNJVxe.exe
  C:\Windows\System\AxNJVxe.exe
  2⤵
  PID:13912
- C:\Windows\System\jwQrerU.exe
  C:\Windows\System\jwQrerU.exe
  2⤵
  PID:13944
- C:\Windows\System\zmLDCfy.exe
  C:\Windows\System\zmLDCfy.exe
  2⤵
  PID:13980
- C:\Windows\System\woCmlcB.exe
  C:\Windows\System\woCmlcB.exe
  2⤵
  PID:14008
- C:\Windows\System\dzsZmLI.exe
  C:\Windows\System\dzsZmLI.exe
  2⤵
  PID:14044
- C:\Windows\System\gweMdUv.exe
  C:\Windows\System\gweMdUv.exe
  2⤵
  PID:14088
- C:\Windows\System\RiVSSfj.exe
  C:\Windows\System\RiVSSfj.exe
  2⤵
  PID:14120
- C:\Windows\System\wcPSvdo.exe
  C:\Windows\System\wcPSvdo.exe
  2⤵
  PID:14156
- C:\Windows\System\mEgZHSY.exe
  C:\Windows\System\mEgZHSY.exe
  2⤵
  PID:14184
- C:\Windows\System\heBvJRz.exe
  C:\Windows\System\heBvJRz.exe
  2⤵
  PID:14212
- C:\Windows\System\kGnZRLd.exe
  C:\Windows\System\kGnZRLd.exe
  2⤵
  PID:14240
- C:\Windows\System\ZYsXYAO.exe
  C:\Windows\System\ZYsXYAO.exe
  2⤵
  PID:14268
- C:\Windows\System\eTQpYTT.exe
  C:\Windows\System\eTQpYTT.exe
  2⤵
  PID:14288
- C:\Windows\System\vSMspAB.exe
  C:\Windows\System\vSMspAB.exe
  2⤵
  PID:14324
- C:\Windows\System\eAfGceB.exe
  C:\Windows\System\eAfGceB.exe
  2⤵
  PID:13324
- C:\Windows\System\ecXzGJc.exe
  C:\Windows\System\ecXzGJc.exe
  2⤵
  PID:13408
- C:\Windows\System\ixMTsHQ.exe
  C:\Windows\System\ixMTsHQ.exe
  2⤵
  PID:13428
- C:\Windows\System\yGyBCxz.exe
  C:\Windows\System\yGyBCxz.exe
  2⤵
  PID:13540
- C:\Windows\System\QjDdhZX.exe
  C:\Windows\System\QjDdhZX.exe
  2⤵
  PID:13608
- C:\Windows\System\LeYfzXx.exe
  C:\Windows\System\LeYfzXx.exe
  2⤵
  PID:13732
- C:\Windows\System\PljcvDG.exe
  C:\Windows\System\PljcvDG.exe
  2⤵
  PID:13812
- C:\Windows\System\jbbaCcx.exe
  C:\Windows\System\jbbaCcx.exe
  2⤵
  PID:5908
- C:\Windows\System\GxyayLh.exe
  C:\Windows\System\GxyayLh.exe
  2⤵
  PID:13896
- C:\Windows\System\VAkRePv.exe
  C:\Windows\System\VAkRePv.exe
  2⤵
  PID:13972
- C:\Windows\System\KDVRNZD.exe
  C:\Windows\System\KDVRNZD.exe
  2⤵
  PID:14004
- C:\Windows\System\LZkvXHn.exe
  C:\Windows\System\LZkvXHn.exe
  2⤵
  PID:14076
- C:\Windows\System\FmXWiLj.exe
  C:\Windows\System\FmXWiLj.exe
  2⤵
  PID:14148
- C:\Windows\System\EGyEMzX.exe
  C:\Windows\System\EGyEMzX.exe
  2⤵
  PID:14252
- C:\Windows\System\UCCxcIf.exe
  C:\Windows\System\UCCxcIf.exe
  2⤵
  PID:14312
- C:\Windows\System\kfqOYAQ.exe
  C:\Windows\System\kfqOYAQ.exe
  2⤵
  PID:13400
- C:\Windows\System\abEVsgA.exe
  C:\Windows\System\abEVsgA.exe
  2⤵
  PID:13464
- C:\Windows\System\AbOiaVa.exe
  C:\Windows\System\AbOiaVa.exe
  2⤵
  PID:13580
- C:\Windows\System\ozFrrcw.exe
  C:\Windows\System\ozFrrcw.exe
  2⤵
  PID:13752
- C:\Windows\System\yoFNhzl.exe
  C:\Windows\System\yoFNhzl.exe
  2⤵
  PID:4340
- C:\Windows\System\ZZJUPJV.exe
  C:\Windows\System\ZZJUPJV.exe
  2⤵
  PID:5624
- C:\Windows\System\VqCTIVZ.exe
  C:\Windows\System\VqCTIVZ.exe
  2⤵
  PID:14228
- C:\Windows\System\xYOtvgC.exe
  C:\Windows\System\xYOtvgC.exe
  2⤵
  PID:1336
- C:\Windows\System\UIGrcwS.exe
  C:\Windows\System\UIGrcwS.exe
  2⤵
  PID:5256
- C:\Windows\System\BPBEQYF.exe
  C:\Windows\System\BPBEQYF.exe
  2⤵
  PID:4092
- C:\Windows\System\CzptWOY.exe
  C:\Windows\System\CzptWOY.exe
  2⤵
  PID:14112
- C:\Windows\System\aEpgPre.exe
  C:\Windows\System\aEpgPre.exe
  2⤵
  PID:4828
- C:\Windows\System\bEHQQjW.exe
  C:\Windows\System\bEHQQjW.exe
  2⤵
  PID:14300
- C:\Windows\System\pLawiEE.exe
  C:\Windows\System\pLawiEE.exe
  2⤵
  PID:14340
- C:\Windows\System\WOJhzGe.exe
  C:\Windows\System\WOJhzGe.exe
  2⤵
  PID:14356
- C:\Windows\System\zwNBqSs.exe
  C:\Windows\System\zwNBqSs.exe
  2⤵
  PID:14388
- C:\Windows\System\UCduuod.exe
  C:\Windows\System\UCduuod.exe
  2⤵
  PID:14444
- C:\Windows\System\ZuGotgU.exe
  C:\Windows\System\ZuGotgU.exe
  2⤵
  PID:14480
- C:\Windows\System\qqeVOih.exe
  C:\Windows\System\qqeVOih.exe
  2⤵
  PID:14496
- C:\Windows\System\KhQpOqX.exe
  C:\Windows\System\KhQpOqX.exe
  2⤵
  PID:14540
- C:\Windows\System\ZstFSuz.exe
  C:\Windows\System\ZstFSuz.exe
  2⤵
  PID:14568
- C:\Windows\System\NUffUjF.exe
  C:\Windows\System\NUffUjF.exe
  2⤵
  PID:14600
- C:\Windows\System\gnfqFSF.exe
  C:\Windows\System\gnfqFSF.exe
  2⤵
  PID:14628
- C:\Windows\System\aFpwTWp.exe
  C:\Windows\System\aFpwTWp.exe
  2⤵
  PID:14660
- C:\Windows\System\HKGvEVp.exe
  C:\Windows\System\HKGvEVp.exe
  2⤵
  PID:14692
- C:\Windows\System\GoqmXTp.exe
  C:\Windows\System\GoqmXTp.exe
  2⤵
  PID:14720
- C:\Windows\System\VPIfutH.exe
  C:\Windows\System\VPIfutH.exe
  2⤵
  PID:14748
- C:\Windows\System\REwvzJo.exe
  C:\Windows\System\REwvzJo.exe
  2⤵
  PID:14776
- C:\Windows\System\iDJajUd.exe
  C:\Windows\System\iDJajUd.exe
  2⤵
  PID:14812
- C:\Windows\System\AjQcRvd.exe
  C:\Windows\System\AjQcRvd.exe
  2⤵
  PID:14840
- C:\Windows\System\IVrRfro.exe
  C:\Windows\System\IVrRfro.exe
  2⤵
  PID:14872
- C:\Windows\System\HInOUxN.exe
  C:\Windows\System\HInOUxN.exe
  2⤵
  PID:14900
- C:\Windows\System\DjNKTGX.exe
  C:\Windows\System\DjNKTGX.exe
  2⤵
  PID:14928
- C:\Windows\System\syvBGdI.exe
  C:\Windows\System\syvBGdI.exe
  2⤵
  PID:14956
- C:\Windows\System\LjNLAjd.exe
  C:\Windows\System\LjNLAjd.exe
  2⤵
  PID:14984
- C:\Windows\System\QrUgwOE.exe
  C:\Windows\System\QrUgwOE.exe
  2⤵
  PID:15016
- C:\Windows\System\mCjZuxV.exe
  C:\Windows\System\mCjZuxV.exe
  2⤵
  PID:15044
- C:\Windows\System\txTMpQD.exe
  C:\Windows\System\txTMpQD.exe
  2⤵
  PID:15076
- C:\Windows\System\uULrFcp.exe
  C:\Windows\System\uULrFcp.exe
  2⤵
  PID:15108
- C:\Windows\System\WOTMsSK.exe
  C:\Windows\System\WOTMsSK.exe
  2⤵
  PID:15136
- C:\Windows\System\CCtKbTU.exe
  C:\Windows\System\CCtKbTU.exe
  2⤵
  PID:15164
- C:\Windows\System\KEjLlQn.exe
  C:\Windows\System\KEjLlQn.exe
  2⤵
  PID:15192
- C:\Windows\System\ScLatSi.exe
  C:\Windows\System\ScLatSi.exe
  2⤵
  PID:15220
- C:\Windows\System\mptMFVZ.exe
  C:\Windows\System\mptMFVZ.exe
  2⤵
  PID:15252
- C:\Windows\System\UrbydYB.exe
  C:\Windows\System\UrbydYB.exe
  2⤵
  PID:15280
- C:\Windows\System\INCqgJy.exe
  C:\Windows\System\INCqgJy.exe
  2⤵
  PID:15308
- C:\Windows\System\JcwUNrS.exe
  C:\Windows\System\JcwUNrS.exe
  2⤵
  PID:15336
- C:\Windows\System\UZoyfgu.exe
  C:\Windows\System\UZoyfgu.exe
  2⤵
  PID:5228
- C:\Windows\System\fqThIor.exe
  C:\Windows\System\fqThIor.exe
  2⤵
  PID:14464
- C:\Windows\System\azJDlmM.exe
  C:\Windows\System\azJDlmM.exe
  2⤵
  PID:14556
- C:\Windows\System\vcpVCrd.exe
  C:\Windows\System\vcpVCrd.exe
  2⤵
  PID:14620
- C:\Windows\System\qfZsxae.exe
  C:\Windows\System\qfZsxae.exe
  2⤵
  PID:14712
- C:\Windows\System\cyCxsyw.exe
  C:\Windows\System\cyCxsyw.exe
  2⤵
  PID:14772
- C:\Windows\System\klvWkJj.exe
  C:\Windows\System\klvWkJj.exe
  2⤵
  PID:14852
- C:\Windows\System\EOutQMM.exe
  C:\Windows\System\EOutQMM.exe
  2⤵
  PID:14896
- C:\Windows\System\EnBMAGt.exe
  C:\Windows\System\EnBMAGt.exe
  2⤵
  PID:14952
- C:\Windows\System\zhTRsnt.exe
  C:\Windows\System\zhTRsnt.exe
  2⤵
  PID:13660
- C:\Windows\System\pzjlsso.exe
  C:\Windows\System\pzjlsso.exe
  2⤵
  PID:6104
- C:\Windows\System\gpnWUMH.exe
  C:\Windows\System\gpnWUMH.exe
  2⤵
  PID:15104
- C:\Windows\System\NYXNABr.exe
  C:\Windows\System\NYXNABr.exe
  2⤵
  PID:15272
- C:\Windows\System\bnGMUIR.exe
  C:\Windows\System\bnGMUIR.exe
  2⤵
  PID:14768
- C:\Windows\System\ZLwHhtr.exe
  C:\Windows\System\ZLwHhtr.exe
  2⤵
  PID:14832
- C:\Windows\System\lPBhOZU.exe
  C:\Windows\System\lPBhOZU.exe
  2⤵
  PID:14940
- C:\Windows\System\rAnDNoL.exe
  C:\Windows\System\rAnDNoL.exe
  2⤵
  PID:14456
- C:\Windows\System\cipRdKY.exe
  C:\Windows\System\cipRdKY.exe
  2⤵
  PID:15008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AzUHqfn.exe

Filesize
6.1MB

MD5
84cc95a03aadc3a13433d659140b1f2c

SHA1
c7a9e366d02f77128fd306580d520d4106a75c04

SHA256
6e100f3b891b9bea846e866dac822e76eee762febfc4a958456b8f24ec3632ef

SHA512
7956bd8eeee26879d2a286996953c4b357590d0c63fa179d2dc5a1b1f4ecae14915765a4a22e4f6aac607ffeb5b29390a297fceae1ea721ffcb16ce7bf222656

Download Submit
C:\Windows\System\BeDbMxo.exe

Filesize
6.1MB

MD5
7dac41d98c3f4b1b6ea835403daf463c

SHA1
3df4870a5962d0563a84878d0e65f04d70bdd772

SHA256
1fc7b884eb1509578efab0fb39b49c4e2a8a47231beed04c491738b59bfcd4c4

SHA512
049b0c5a9fb7b3f507ab2cec171868349f0a516e0e71e46646fe2add6e6a99e88df80c885a8bc766cfc73b169076e72bfd6ddb9364fc28e464c93a9e91b7762c

Download Submit
C:\Windows\System\FhkEqJp.exe

Filesize
6.1MB

MD5
9a4983f761d223d00540ce633f999c97

SHA1
94cc695a485e1388c061c213fb1345c2db59b698

SHA256
653b67d1284620b7ef90ca7a9eff7ecefb027b2bbc01cc9a7b9e8ca8c04f79b5

SHA512
0003394b757ef6a117bbcf8606c7fb814f673423a75d501dc0ee504293e947e32221db2d47b75e85c5e1c117fe8f283ee203d76b009f780cf26389bb676832f2

Download Submit
C:\Windows\System\HmlUUGv.exe

Filesize
6.1MB

MD5
b009b541049d22aae67dd380158c6f48

SHA1
a82abab508e6c5e5f0ca572bb398b4e1fffc7608

SHA256
2d09000ea852e68ebbcbcae827a9e4f3016e1e295235674cbf2fcae7c14462d1

SHA512
44501a841d13e14d260394e7d562be1c8d820d956de2fd63443747277d33e6380fbfe5a5aaf874d049d4dfc848029fe4d0d23f18c03b97eccd4610ed904dd04a

Download Submit
C:\Windows\System\IFypfoX.exe

Filesize
6.1MB

MD5
26ee74895ef3d8d832f733f4952d3b46

SHA1
49decbca0071e57d61cbf4c4d79587e4e219465e

SHA256
bd832f368b80d679181b12edf2eb1d779416fe05c44757402cc098b4d9088302

SHA512
4336386b207fb80c98a2e7af2351f98ec27dca508d13cd52cec5f9e633f9a03a902590f3640ee75960a445ac0a4e0575a74daff6d566e393dcd37027d59a920d

Download Submit
C:\Windows\System\IUbOhEB.exe

Filesize
6.1MB

MD5
4b5ac5a7d146ee17c1e04e1c2acc68b2

SHA1
f639c353705d7e0c6a8a365ae92f0e301a90275e

SHA256
5b7791fdc456b9377f19ff10070852404e0efd5ac2be734425e23e0263c4dfd0

SHA512
b6e9b1a949fe501d6ff8a9f771c8ad4715f6caf15364a663f0d67e2d1d3ab8eac69dfc3de27bc1a19f7e86dd54216101b8fa1ff68e70bc126b0a1172c78c123d

Download Submit
C:\Windows\System\Jstptwl.exe

Filesize
6.1MB

MD5
c76c086b9fd8450b7f87ea0882ec3e46

SHA1
eef2743334f182ba69a4034a4194f202336089d0

SHA256
3b84069a8b9aeba0b185f7c74ad270b4321a99a85937e20b6cf4a0929ae2584c

SHA512
b83c3e1ce189cdff90dad04ce25cb97072e9de1c489695e7679f3ca142d95d032b9d8e5e82bfa41f58a9d360e9e6a6aa85dd186865e3d6682662d39551516f4b

Download Submit
C:\Windows\System\LKMHDAK.exe

Filesize
6.1MB

MD5
13fb038a42d0766928c84fc88dadb490

SHA1
627c2c3459ddf79f9e760b5a11f88e8be1c1e450

SHA256
2e06c0dbb24162d94e1c8bd97473577d7a8564998f8775e91b90364a551f4274

SHA512
eb0b0c8e8a4131bf8cb27711f3e42874ffe991908eafa3969499602a84bf2fb56dc106e74211ddefee4678c9bdda5d50375f4bce046f89e93ddded25537c54b3

Download Submit
C:\Windows\System\LfRVoeg.exe

Filesize
6.1MB

MD5
de8d8c6da64939abdef949861aad3770

SHA1
c41ab0c9864d88f0a034c4f8110473c1db8a0b64

SHA256
e4cd0d1f1248bdbd536869a49439f1ebba212f5691f9f52f5abc34b72ec82609

SHA512
d44b130f42d59dd96a2c89a9e0bb3d4419694af4a0a7aea59947b9e06d1dc1b6dfd165047ed18f968033042fe47837e134bc8bc399878bfc62eb7a11734e5991

Download Submit
C:\Windows\System\McjhZco.exe

Filesize
6.1MB

MD5
a0c5a7f4bd8bbbcdb6e0e69e4b5d3c6c

SHA1
364fc0979cfa89ae6114a9953f7a807115e93e91

SHA256
95a1fb477adf1bae71e4a917b2a66c4762deffa9aebb7a49bde6cd906a0b53cb

SHA512
17f20336e3601cd616c865a9136b637c74bb0b82059fbf4a8406acc91c6f661afc4d689c3c07896fb717c533bc60e13c68b489dea4e052a6b471de0a85eddf9d

Download Submit
C:\Windows\System\MpYcOxK.exe

Filesize
6.1MB

MD5
a3940177ffeeddfbf12f709c76fa4967

SHA1
d45e5ec390e302bc6d0357c3f3d4d0cb837d7b50

SHA256
209224549ed14e161ab576146bc89aba8631ad695d8f4670c65f56d1abc8f133

SHA512
910dfdfbcd6e10c526454f2384b4933d3ae15b835341e2eabfd3e093206393aad5a0530c2d5ae68836b0c100b9068935c478d0fc934cb33cba5cfaafcd96cd41

Download Submit
C:\Windows\System\OcSNdHz.exe

Filesize
6.1MB

MD5
5b0d875dccfd5beb8ff92421953dee39

SHA1
b046cd1ff9b3c1c565ad2abbfab769865831533b

SHA256
307bf97dc532923dd8842b6a9aa97fcfa49722cc1842750a7015b897095945b0

SHA512
8be205d0705cd3b7d57611f4b1d6abc387aa0f827c107f1240c32bf2492cd15a5754ed4b98b40dbd65733f6129a39f7393f796e7b4fc798fe27924ad3d56f87b

Download Submit
C:\Windows\System\OiwCHba.exe

Filesize
6.1MB

MD5
1e0e4329850e02673f06c7ae7ca0e939

SHA1
71a3c7b2c1639db9f463d20c9c1598b8f0e0b08b

SHA256
b593a9025be6c6c0703af436ea907dfb1453386ac9efd7aca8542041e5ad5eb7

SHA512
6ac18b7370ca3beedda3bbbec63371c384137911da15cfd78717f92ec044b6ceb2a2366c2697a170a161fdfc1607885146a804189a7d1934a33859f3e4ea8e84

Download Submit
C:\Windows\System\PQFWqjm.exe

Filesize
6.1MB

MD5
40627846fc10229b73ea6cb0a038c700

SHA1
3624f3f7dd000f391a234ce6d690126cbbe1a04f

SHA256
debb73c1efc206acbfe28f8333d9a07783018b6fcdbf6637a8846356000bf323

SHA512
6e400e79c3812ebc6f95e59edf05df48ebf84dc1da561e87d10269f76725ae692b970583b9bc4dacf5289964198b9cad01a90d67d9a8e838c512b3bdd671883c

Download Submit
C:\Windows\System\PgAjtgP.exe

Filesize
6.1MB

MD5
1df77ab0a2e33573ccdb402734083aea

SHA1
5855e03877a3213e5326005742b1612776cb2f1c

SHA256
5b19066d6fa08a87dac927ef1200e9ef65f379f6231714e8f5d1969bcde26343

SHA512
4e65acefb5516219942d6aa4af29fc87d5ac0b38f6e1e22f3c5a1f01ec002e6966ee0262a9333f2b02e9bcde23ab6305df48ac8ca4bcd98fde8b072dc0cdf0e2

Download Submit
C:\Windows\System\SpguphP.exe

Filesize
6.1MB

MD5
2fe0d41edfbdb2f01f2aeb1c67d91e0f

SHA1
1c1f2688dc036b1cc9cd90630c10de8fa86b51a7

SHA256
6d6c75ed78779f8dd19f214f6f61368bc31bea3fc1943daf922f8878e2bc0f5e

SHA512
c74774d6632b304d610b3f56507061f7bff10c8be4552584d8e0f6c5c92d86c44985ede7826d4a13ec2d406bc917abd4e672163f950014f76b38c9deb5e80fc4

Download Submit
C:\Windows\System\TJcMkIg.exe

Filesize
6.1MB

MD5
24bb74f926035046e414ec88dca49efb

SHA1
f8815ede62e9c8623c5668bcf01dfebc453ce7a2

SHA256
b877edf2ee14e6a4a8c7f8e1cdd78bedb6cf19cbf3985f2bbb2dd7d620e3936f

SHA512
df05b6466d59f7baf7673c68ac529a0e94819df0f90f9c0d3fe6a7ce34390d5e40f8e43766defc7ada052c554a68d9565299d53c77fbf8c695ada04f37d1d877

Download Submit
C:\Windows\System\XOHPxSY.exe

Filesize
6.1MB

MD5
0935d77a4dd2394e7d3744a8cad3938a

SHA1
0ee24476d35da4a4ebfe4e12355ab7e52f137d25

SHA256
0af9b8584fd0c29cdc4d036b22d868423a5e0e9b38ef044a36edcc49f5802fa2

SHA512
dc600a19f2ed1580dde0ac18da88fda0f5a2733f3c5a680313f89c5a0a93a00323b611b131be62b55a834e9423aa2bfeff07df38a8f699b8fd94ecbad4dbd349

Download Submit
C:\Windows\System\XtwdosW.exe

Filesize
6.1MB

MD5
0c77d0977e4f3cd1642abcb24eaf15fd

SHA1
e936f14fd855dc89110de854a435da2c4aef9fc5

SHA256
e350e1b046bdc97c7a3867d5f052d5701f0e62264d9ad334e2771ed54229e79d

SHA512
e98312c56df337dfe3d2d254ead316200c0257c565e43e52e09880fd653e0d80b65dd810ea266521299a37f42d990f4c595b9e01d8bb436f61dc117338ed94a7

Download Submit
C:\Windows\System\ZQNXdQD.exe

Filesize
6.0MB

MD5
3caa850bfde7e98a4754b3b81489341b

SHA1
542e7fcb06c8dae898af5b32ab8993f1feb337c0

SHA256
6dccdc43a34872b8024676953be4d6e1f1026e1411d54f97ede45590c527c24e

SHA512
63dffa3b5b2c2fda03752ebcfef67cde7fff507c7e88aaef5d3e6627c394c7c179cee535dc80d1088bd92e46d4127babdb1bcfbadadb8ff0186992b6ab8b3886

Download Submit
C:\Windows\System\aGdhvMp.exe

Filesize
6.1MB

MD5
df33bccacd20285133cebc7d14fa3f11

SHA1
706a689c5f1a843d8c14f7e2363dede5fcf0251a

SHA256
3d0b5b3b707ed58a42d87fc7d790a4d36bf092c626a82a4a9a476b8bd8361c52

SHA512
4487933ac2bf9f2934910f3e1dfcbf9e8a5c2d54b8e6459d40eb0199886d45706bdf724c4153cad26f38e14d2f8d38c6302c1222b475e77f176e24469f5d9ff6

Download Submit
C:\Windows\System\aMkLQmq.exe

Filesize
6.0MB

MD5
f32dcc3f95372c4c0dc9729c1a6707d2

SHA1
43146d23b50ae46df0d52d3e55fd7e4d227b3a9c

SHA256
df3f3ea8c2c5f291846bcaa1b0bed45657f8573e6f4007181dad79f6db51ae64

SHA512
66f0bb8fa9a7f1b3b943dccd6716cbe3dd2ec5a6a8917d25f3d429066d1f43765fc5a200c119b86e50bd2062185ff5578fe65a5c05cae2a93e339482a5f4d50e

Download Submit
C:\Windows\System\bisDnmO.exe

Filesize
6.1MB

MD5
3684f48ba6bf65a66b7dbf6983542981

SHA1
7dd7802c31390ea6e244d32003febb174b19e588

SHA256
59a8ff7f080a36c32c42d16f29bbbff355f65474a7336b1632daad28231b4dab

SHA512
cedf7e69c9fff993eadecda1cef7b187402c46fb29b880316c73b3beb85bdb75713df330a46906b7dca28c04c1ec7079ffe7560c2916852984829071206c749a

Download Submit
C:\Windows\System\dCshtxr.exe

Filesize
6.1MB

MD5
3915910d37eae11f912df0093bb80fc6

SHA1
18dc6c5d7f71baed5acfe81e88191372f819cb62

SHA256
8abf1078f5934700c1d8585709ab33703513f6dfb946a96b85a049df886e3114

SHA512
0457b4b5c8a09e87737c082029ad0178389c40c1f757846bb0cf1b9de4842887b021b842d1316c541d64d0562f22bf7cd1d99c454bfd9acc3baca79081f58df7

Download Submit
C:\Windows\System\eBnYaXU.exe

Filesize
6.1MB

MD5
513acbf176ae145a0d790c2836885915

SHA1
c6b54063d86ad33fa4f69623d9486e8e4dd6880d

SHA256
42b23df5dc0bd15271809a094c2fada5c1dc0498480a1090319e01bcb4c73f10

SHA512
ca0695e8cccf9d8e918cdefdd648ffc9c3ee30e70304fbefecdad2b1ad5ea1dfa9c9aae2b95a1c41e0479e422c18ba2f4697d201cdef3bd456ef127a557bf159

Download Submit
C:\Windows\System\hVXnKgD.exe

Filesize
6.1MB

MD5
f8e794193ac96153b113feace69d6b6c

SHA1
0aa689c3769310fceb1fc13a54f11d7a5b382a5c

SHA256
4f00e101334793beb352dc3e414993233e1967e4bfe16abaf5631144bc1f4ea1

SHA512
add2ddc5d6936d963cd332e52f45326c2af0d887ef408999fae40fd3d818e732529464da5bd7501a3626f156941c285e174299fd97efb2df0627d1fcd95a7a7f

Download Submit
C:\Windows\System\jvRNkiJ.exe

Filesize
6.1MB

MD5
b678bc7a919fad147a37974ddc86f9f4

SHA1
51dc50c8878dbcf767d4f5a37ebc8e0e0fd5fa3f

SHA256
dab3f838def3dd8ead4c91ee2600440af306e4428b492d489763689bf2b3124c

SHA512
0f25d2364d37b2df264589a132e1e9f6e668c52f1e453cf1f210df2efc485917244a4a5785b33615bc854e094138366850ae67da13d9736848a235392562ad45

Download Submit
C:\Windows\System\kHkJQfI.exe

Filesize
6.1MB

MD5
6c50d858904cf89fc7fc600e42f22a73

SHA1
b5a98b840586ff44b26068782fd87cb7e05f4bdd

SHA256
7f9312ff272b5ad981b6621220c96bd308bcb1d6e86584e5a4e8e1d323e01fb1

SHA512
52eee7fc2e63aa76448a7740442e97c8c317922bc5e5a4a79eb63d9d32df3b5c68732e1db8467351bd81c6e14db834a39f08ec25257497c632b4f51873fbc37c

Download Submit
C:\Windows\System\kRerXLw.exe

Filesize
6.1MB

MD5
790ca150619183bcee9b028d3a1fd796

SHA1
f7bcf6e3cbf4a0024f26eb022ebbb07b0f608023

SHA256
ba3ac2ebdbf27847a97b50daa3a93555dd4f20e3b620feb07a2238256c6e2573

SHA512
bbf4f31551ef13f7b213fc88c36efbd0953f787f2948b097982d0cb30de5d87e9164a7010626e75415db3c06f0b31e58265103e688ece5026593c2a731ddba26

Download Submit
C:\Windows\System\sytyYMn.exe

Filesize
6.1MB

MD5
700a5c2743c2ceb8d9f214e8a7ebedc2

SHA1
200235bd92a1414d1fd97008ef6cf4a36d030e5f

SHA256
1b32bdb029d8ec1ed239c0aa0340fcddfd4060071a9d0466867c7ae147e5e5c7

SHA512
ae87fc9b1fa9410f8b0e48b469c975bfd98739aec017782b15627ac5f040f8f955235b21d9d20525912ba0bf36fa38bc486db88fcbaf0c35176e0f1fb54e6dc7

Download Submit
C:\Windows\System\xDqSlxm.exe

Filesize
6.1MB

MD5
9afc3adbe393eb6628c9b50ee1ac3ba9

SHA1
500d2fe57a9f86e28bdcbb94bf15bffd054736cb

SHA256
9debff0a4e1d321cc4ee5cd4032d4905f94c1c77e4b9c93cdf76486af89e28e5

SHA512
1002b3ffbdce7267ea8cbbee28fbf2ef225781a7077a513638a169f10abdd5b2986c72e821bd789c8f864ddcb844f3bc32fcba91b217600890e570390cc9c398

Download Submit
C:\Windows\System\yVcAyFg.exe

Filesize
6.1MB

MD5
0cc4a0ec7aa498ec1f3167499827c94b

SHA1
4810f53f5d8d9c39729be8b6e2194d44107b774c

SHA256
ba1c90f880752b10fc4a5f1a9a3fd1bdf6c3fdf09c29c3bf4ab3fe382a96222a

SHA512
405005f9307a4559775231d74ea34fd275cf5944af840f01e02625fda542336553ce66b851c8b5ef21a32348d9c93035e31da82ed0be5940d924be35e0a21236

Download Submit
memory/116-2270-0x00007FF6D1420000-0x00007FF6D1774000-memory.dmp

Filesize
3.3MB

Download
memory/116-560-0x00007FF6D1420000-0x00007FF6D1774000-memory.dmp

Filesize
3.3MB

Download
memory/116-179-0x00007FF6D1420000-0x00007FF6D1774000-memory.dmp

Filesize
3.3MB

Download
memory/228-76-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

Filesize
3.3MB

Download
memory/228-12-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

Filesize
3.3MB

Download
memory/228-1983-0x00007FF7BB4A0000-0x00007FF7BB7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2269-0x00007FF75BD50000-0x00007FF75C0A4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-183-0x00007FF75BD50000-0x00007FF75C0A4000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2111-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/1300-189-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/1300-82-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/1500-150-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/1500-69-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2099-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/2136-134-0x00007FF7AC720000-0x00007FF7ACA74000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2260-0x00007FF7AC720000-0x00007FF7ACA74000-memory.dmp

Filesize
3.3MB

Download
memory/2148-301-0x00007FF758230000-0x00007FF758584000-memory.dmp

Filesize
3.3MB

Download
memory/2148-98-0x00007FF758230000-0x00007FF758584000-memory.dmp

Filesize
3.3MB

Download
memory/2208-106-0x00007FF7B8B50000-0x00007FF7B8EA4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2042-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp

Filesize
3.3MB

Download
memory/2404-122-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp

Filesize
3.3MB

Download
memory/2404-50-0x00007FF7A5300000-0x00007FF7A5654000-memory.dmp

Filesize
3.3MB

Download
memory/2572-35-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1996-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-86-0x00007FF794AC0000-0x00007FF794E14000-memory.dmp

Filesize
3.3MB

Download
memory/2680-488-0x00007FF712EA0000-0x00007FF7131F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2265-0x00007FF712EA0000-0x00007FF7131F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-137-0x00007FF712EA0000-0x00007FF7131F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-96-0x00007FF792260000-0x00007FF7925B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1999-0x00007FF792260000-0x00007FF7925B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-38-0x00007FF792260000-0x00007FF7925B4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-759-0x00007FF7C6D50000-0x00007FF7C70A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2272-0x00007FF7C6D50000-0x00007FF7C70A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-190-0x00007FF7C6D50000-0x00007FF7C70A4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-6-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp

Filesize
3.3MB

Download
memory/3516-67-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp

Filesize
3.3MB

Download
memory/3516-1978-0x00007FF65C3F0000-0x00007FF65C744000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2268-0x00007FF635D20000-0x00007FF636074000-memory.dmp

Filesize
3.3MB

Download
memory/3772-172-0x00007FF635D20000-0x00007FF636074000-memory.dmp

Filesize
3.3MB

Download
memory/3776-169-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2267-0x00007FF7A7E60000-0x00007FF7A81B4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2262-0x00007FF7E5530000-0x00007FF7E5884000-memory.dmp

Filesize
3.3MB

Download
memory/4180-131-0x00007FF7E5530000-0x00007FF7E5884000-memory.dmp

Filesize
3.3MB

Download
memory/4424-85-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-27-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-1992-0x00007FF7C1470000-0x00007FF7C17C4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-136-0x00007FF6DBFB0000-0x00007FF6DC304000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2264-0x00007FF6DBFB0000-0x00007FF6DC304000-memory.dmp

Filesize
3.3MB

Download
memory/4428-485-0x00007FF6DBFB0000-0x00007FF6DC304000-memory.dmp

Filesize
3.3MB

Download
memory/4512-18-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-81-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-1986-0x00007FF7E9C90000-0x00007FF7E9FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-92-0x00007FF6FE9C0000-0x00007FF6FED14000-memory.dmp

Filesize
3.3MB

Download
memory/4928-54-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp

Filesize
3.3MB

Download
memory/4928-135-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2055-0x00007FF762BF0000-0x00007FF762F44000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2084-0x00007FF622EE0000-0x00007FF623234000-memory.dmp

Filesize
3.3MB

Download
memory/4960-63-0x00007FF622EE0000-0x00007FF623234000-memory.dmp

Filesize
3.3MB

Download
memory/5012-125-0x00007FF7CAD90000-0x00007FF7CB0E4000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2261-0x00007FF7CAD90000-0x00007FF7CB0E4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-80-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp

Filesize
3.3MB

Download
memory/5084-161-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2106-0x00007FF7CDE10000-0x00007FF7CE164000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2271-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-687-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-184-0x00007FF76DB50000-0x00007FF76DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/5236-138-0x00007FF729050000-0x00007FF7293A4000-memory.dmp

Filesize
3.3MB

Download
memory/5236-2263-0x00007FF729050000-0x00007FF7293A4000-memory.dmp

Filesize
3.3MB

Download
memory/5236-557-0x00007FF729050000-0x00007FF7293A4000-memory.dmp

Filesize
3.3MB

Download
memory/5360-103-0x00007FF752800000-0x00007FF752B54000-memory.dmp

Filesize
3.3MB

Download
memory/5360-2037-0x00007FF752800000-0x00007FF752B54000-memory.dmp

Filesize
3.3MB

Download
memory/5360-42-0x00007FF752800000-0x00007FF752B54000-memory.dmp

Filesize
3.3MB

Download
memory/5464-0-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp

Filesize
3.3MB

Download
memory/5464-1-0x000001A01CF20000-0x000001A01CF30000-memory.dmp

Filesize
64KB

Download
memory/5464-62-0x00007FF6E9D30000-0x00007FF6EA084000-memory.dmp

Filesize
3.3MB

Download
memory/5592-168-0x00007FF728270000-0x00007FF7285C4000-memory.dmp

Filesize
3.3MB

Download
memory/5592-2266-0x00007FF728270000-0x00007FF7285C4000-memory.dmp

Filesize
3.3MB

Download