cobaltstrike | d973445ebda99d869e44a77c438a90d86dccd0e3e4843bab67fe8ad969e4e844

Analysis

max time kernel
102s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

472edd7b86ec9705574b8fc6e70869bf
SHA1

1bafe33b2d1a045f86b287ea47893cf50483e27b
SHA256

d973445ebda99d869e44a77c438a90d86dccd0e3e4843bab67fe8ad969e4e844
SHA512

d07ac837ee87a21cf10666889a85614ebbfc46a9343eadef83cd2fd5b3b57207fd7eee03a9eef9eb5c9ed491058c3a0d7bd8102dd0c54e789e79efc65d8b9478
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00080000000242c5-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ca-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242c9-12.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000242c6-22.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cc-28.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cd-34.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ce-41.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d0-54.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242cf-48.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d1-63.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d2-68.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e6d4-77.dat	cobalt_reflective_dll
behavioral2/files/0x000b00000002410f-86.dat	cobalt_reflective_dll
behavioral2/files/0x000f00000001e6a4-87.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000024146-95.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d4-102.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d5-107.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000024148-114.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000242d6-124.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d7-129.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d8-134.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242db-152.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242dc-157.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242df-172.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e2-187.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e4-191.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e3-186.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e1-182.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e0-177.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242de-167.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242dd-162.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242da-147.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242d9-142.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1436-0-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp	xmrig
behavioral2/files/0x00080000000242c5-5.dat	xmrig
behavioral2/memory/2848-7-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ca-10.dat	xmrig
behavioral2/files/0x00070000000242c9-12.dat	xmrig
behavioral2/memory/464-13-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp	xmrig
behavioral2/memory/4016-18-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp	xmrig
behavioral2/files/0x00080000000242c6-22.dat	xmrig
behavioral2/memory/4732-25-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cc-28.dat	xmrig
behavioral2/memory/4424-30-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cd-34.dat	xmrig
behavioral2/memory/4484-38-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ce-41.dat	xmrig
behavioral2/memory/4644-42-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp	xmrig
behavioral2/memory/1436-50-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d0-54.dat	xmrig
behavioral2/memory/2848-55-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp	xmrig
behavioral2/memory/1804-56-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp	xmrig
behavioral2/memory/2144-51-0x00007FF768EC0000-0x00007FF769214000-memory.dmp	xmrig
behavioral2/files/0x00070000000242cf-48.dat	xmrig
behavioral2/memory/4492-64-0x00007FF737EC0000-0x00007FF738214000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d1-63.dat	xmrig
behavioral2/memory/464-62-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d2-68.dat	xmrig
behavioral2/memory/4016-75-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp	xmrig
behavioral2/files/0x000700000001e6d4-77.dat	xmrig
behavioral2/memory/4980-76-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp	xmrig
behavioral2/memory/4916-69-0x00007FF7B1E00000-0x00007FF7B2154000-memory.dmp	xmrig
behavioral2/memory/4732-81-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp	xmrig
behavioral2/files/0x000b00000002410f-86.dat	xmrig
behavioral2/files/0x000f00000001e6a4-87.dat	xmrig
behavioral2/memory/2928-91-0x00007FF7339C0000-0x00007FF733D14000-memory.dmp	xmrig
behavioral2/memory/4784-89-0x00007FF6FFA40000-0x00007FF6FFD94000-memory.dmp	xmrig
behavioral2/memory/4424-85-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp	xmrig
behavioral2/files/0x000c000000024146-95.dat	xmrig
behavioral2/files/0x00070000000242d4-102.dat	xmrig
behavioral2/files/0x00070000000242d5-107.dat	xmrig
behavioral2/memory/3992-106-0x00007FF74AC30000-0x00007FF74AF84000-memory.dmp	xmrig
behavioral2/memory/4316-110-0x00007FF7B1C00000-0x00007FF7B1F54000-memory.dmp	xmrig
behavioral2/memory/4644-103-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp	xmrig
behavioral2/memory/384-97-0x00007FF733140000-0x00007FF733494000-memory.dmp	xmrig
behavioral2/memory/4484-96-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp	xmrig
behavioral2/files/0x000d000000024148-114.dat	xmrig
behavioral2/memory/3492-119-0x00007FF642C80000-0x00007FF642FD4000-memory.dmp	xmrig
behavioral2/files/0x00080000000242d6-124.dat	xmrig
behavioral2/memory/4492-123-0x00007FF737EC0000-0x00007FF738214000-memory.dmp	xmrig
behavioral2/memory/1804-118-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp	xmrig
behavioral2/files/0x00070000000242d7-129.dat	xmrig
behavioral2/files/0x00070000000242d8-134.dat	xmrig
behavioral2/files/0x00070000000242db-152.dat	xmrig
behavioral2/files/0x00070000000242dc-157.dat	xmrig
behavioral2/files/0x00070000000242df-172.dat	xmrig
behavioral2/files/0x00070000000242e2-187.dat	xmrig
behavioral2/memory/3996-306-0x00007FF7A2060000-0x00007FF7A23B4000-memory.dmp	xmrig
behavioral2/memory/1728-307-0x00007FF615E30000-0x00007FF616184000-memory.dmp	xmrig
behavioral2/memory/2568-315-0x00007FF7CD190000-0x00007FF7CD4E4000-memory.dmp	xmrig
behavioral2/memory/5348-312-0x00007FF7126C0000-0x00007FF712A14000-memory.dmp	xmrig
behavioral2/memory/6064-311-0x00007FF6D7600000-0x00007FF6D7954000-memory.dmp	xmrig
behavioral2/memory/3784-309-0x00007FF6BA3E0000-0x00007FF6BA734000-memory.dmp	xmrig
behavioral2/memory/3316-303-0x00007FF61AE30000-0x00007FF61B184000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e4-191.dat	xmrig
behavioral2/files/0x00070000000242e3-186.dat	xmrig
behavioral2/files/0x00070000000242e1-182.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2848	qiQIWab.exe
464	pYSCgXi.exe
4016	bmbcStE.exe
4732	MzipCcR.exe
4424	WIcRyOC.exe
4484	gNgulZk.exe
4644	OoOjjsG.exe
2144	lIWYnsv.exe
1804	SBIGTvG.exe
4492	elYvLXE.exe
4916	VanFAoK.exe
4980	Treoevz.exe
4784	vFYQBcy.exe
2928	VgJYBZl.exe
384	zfOtKRw.exe
3992	vXrtPBJ.exe
4316	YqbkCIS.exe
3492	QWmbdxJ.exe
3316	SCMDVfn.exe
1208	DBIfgvV.exe
3996	oURfkuH.exe
1728	kxDydzt.exe
3784	NtqfuZN.exe
6064	YEoLGDi.exe
5348	eiNMdvU.exe
2568	LhVspxo.exe
4452	RKEIFxI.exe
5344	cPcZJfG.exe
4448	oyzzDNv.exe
3632	ldupVKi.exe
1112	LFmSvsc.exe
1640	IHhqjkT.exe
2180	fDxEGeg.exe
4000	CUjUEZq.exe
5892	MdQkhBP.exe
1356	dzrUtqX.exe
2096	GiXTdFS.exe
3732	QcjRQkI.exe
5084	bCldXdo.exe
5312	HmJtfxy.exe
4040	yTXMfug.exe
5668	gInYsDi.exe
3648	urgYxKd.exe
3680	GMPWFMA.exe
5696	Tgagldn.exe
1764	ZiIoyzA.exe
2216	xslHBHh.exe
3828	OQSSAmN.exe
4524	QRElVNF.exe
5320	gLZiHUl.exe
764	CyMpYzj.exe
3960	ozCvGbN.exe
1072	siLKjRN.exe
2388	uNuKjvP.exe
4988	HNfDTrX.exe
4328	oadywJt.exe
4356	ojwhYxR.exe
5576	gXVSAzY.exe
2608	KSrzoRw.exe
1520	DgBGQbt.exe
4456	vZjciVo.exe
3964	RuXSQNx.exe
4532	HTVEEaf.exe
4436	PBvwkBV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1436-0-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp	upx
behavioral2/files/0x00080000000242c5-5.dat	upx
behavioral2/memory/2848-7-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp	upx
behavioral2/files/0x00070000000242ca-10.dat	upx
behavioral2/files/0x00070000000242c9-12.dat	upx
behavioral2/memory/464-13-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp	upx
behavioral2/memory/4016-18-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp	upx
behavioral2/files/0x00080000000242c6-22.dat	upx
behavioral2/memory/4732-25-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp	upx
behavioral2/files/0x00070000000242cc-28.dat	upx
behavioral2/memory/4424-30-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp	upx
behavioral2/files/0x00070000000242cd-34.dat	upx
behavioral2/memory/4484-38-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp	upx
behavioral2/files/0x00070000000242ce-41.dat	upx
behavioral2/memory/4644-42-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp	upx
behavioral2/memory/1436-50-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp	upx
behavioral2/files/0x00070000000242d0-54.dat	upx
behavioral2/memory/2848-55-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp	upx
behavioral2/memory/1804-56-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp	upx
behavioral2/memory/2144-51-0x00007FF768EC0000-0x00007FF769214000-memory.dmp	upx
behavioral2/files/0x00070000000242cf-48.dat	upx
behavioral2/memory/4492-64-0x00007FF737EC0000-0x00007FF738214000-memory.dmp	upx
behavioral2/files/0x00070000000242d1-63.dat	upx
behavioral2/memory/464-62-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp	upx
behavioral2/files/0x00070000000242d2-68.dat	upx
behavioral2/memory/4016-75-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp	upx
behavioral2/files/0x000700000001e6d4-77.dat	upx
behavioral2/memory/4980-76-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp	upx
behavioral2/memory/4916-69-0x00007FF7B1E00000-0x00007FF7B2154000-memory.dmp	upx
behavioral2/memory/4732-81-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp	upx
behavioral2/files/0x000b00000002410f-86.dat	upx
behavioral2/files/0x000f00000001e6a4-87.dat	upx
behavioral2/memory/2928-91-0x00007FF7339C0000-0x00007FF733D14000-memory.dmp	upx
behavioral2/memory/4784-89-0x00007FF6FFA40000-0x00007FF6FFD94000-memory.dmp	upx
behavioral2/memory/4424-85-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp	upx
behavioral2/files/0x000c000000024146-95.dat	upx
behavioral2/files/0x00070000000242d4-102.dat	upx
behavioral2/files/0x00070000000242d5-107.dat	upx
behavioral2/memory/3992-106-0x00007FF74AC30000-0x00007FF74AF84000-memory.dmp	upx
behavioral2/memory/4316-110-0x00007FF7B1C00000-0x00007FF7B1F54000-memory.dmp	upx
behavioral2/memory/4644-103-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp	upx
behavioral2/memory/384-97-0x00007FF733140000-0x00007FF733494000-memory.dmp	upx
behavioral2/memory/4484-96-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp	upx
behavioral2/files/0x000d000000024148-114.dat	upx
behavioral2/memory/3492-119-0x00007FF642C80000-0x00007FF642FD4000-memory.dmp	upx
behavioral2/files/0x00080000000242d6-124.dat	upx
behavioral2/memory/4492-123-0x00007FF737EC0000-0x00007FF738214000-memory.dmp	upx
behavioral2/memory/1804-118-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp	upx
behavioral2/files/0x00070000000242d7-129.dat	upx
behavioral2/files/0x00070000000242d8-134.dat	upx
behavioral2/files/0x00070000000242db-152.dat	upx
behavioral2/files/0x00070000000242dc-157.dat	upx
behavioral2/files/0x00070000000242df-172.dat	upx
behavioral2/files/0x00070000000242e2-187.dat	upx
behavioral2/memory/3996-306-0x00007FF7A2060000-0x00007FF7A23B4000-memory.dmp	upx
behavioral2/memory/1728-307-0x00007FF615E30000-0x00007FF616184000-memory.dmp	upx
behavioral2/memory/2568-315-0x00007FF7CD190000-0x00007FF7CD4E4000-memory.dmp	upx
behavioral2/memory/5348-312-0x00007FF7126C0000-0x00007FF712A14000-memory.dmp	upx
behavioral2/memory/6064-311-0x00007FF6D7600000-0x00007FF6D7954000-memory.dmp	upx
behavioral2/memory/3784-309-0x00007FF6BA3E0000-0x00007FF6BA734000-memory.dmp	upx
behavioral2/memory/3316-303-0x00007FF61AE30000-0x00007FF61B184000-memory.dmp	upx
behavioral2/files/0x00070000000242e4-191.dat	upx
behavioral2/files/0x00070000000242e3-186.dat	upx
behavioral2/files/0x00070000000242e1-182.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IemeZZh.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MlQZrlC.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lGZUlMi.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gUINIms.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\injMRNH.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KpusyFA.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MAKIkUN.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VQWKcHg.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\elYvLXE.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sqwUCsE.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QQSqNlN.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yponYkd.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bdjzRba.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EcfwjyN.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dTutgCg.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oLeosWJ.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SBIGTvG.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\msxZQGX.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BILHUBE.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cgacDvO.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BKhLgwa.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OldWuWb.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CxCLUjv.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GmSxYLf.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SCMDVfn.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LMBEuLI.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bdBiMvX.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KTwMnQv.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aEqqKMn.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FpUFUMT.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ldupVKi.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GuOfayw.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OIQHABr.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ygygdfn.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BVcPjzP.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UGOAFYl.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lEnyRyY.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HdUyXRq.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XCFuYSl.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QvCtEmz.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rrIaSSy.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DBFDiKh.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WZubHPA.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AebRHtj.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ztUkFYq.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bbnQtML.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BYOoJLR.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UNOQrCK.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lnTHtcX.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xkuBhud.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vCHVQKX.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QKXAkHk.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KDMiSpo.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TXAaQpD.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LoMcuSM.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oyzzDNv.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gXVSAzY.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vZjciVo.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bSOqfjl.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GOTksCQ.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jzQSQrn.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QZfoEiV.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LdAiqXb.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mYolxgu.exe	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 2848	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1436 wrote to memory of 2848	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1436 wrote to memory of 464	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1436 wrote to memory of 464	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1436 wrote to memory of 4016	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1436 wrote to memory of 4016	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1436 wrote to memory of 4732	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1436 wrote to memory of 4732	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1436 wrote to memory of 4424	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1436 wrote to memory of 4424	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1436 wrote to memory of 4484	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1436 wrote to memory of 4484	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1436 wrote to memory of 4644	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 1436 wrote to memory of 4644	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 1436 wrote to memory of 2144	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1436 wrote to memory of 2144	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1436 wrote to memory of 1804	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1436 wrote to memory of 1804	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1436 wrote to memory of 4492	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1436 wrote to memory of 4492	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1436 wrote to memory of 4916	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1436 wrote to memory of 4916	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1436 wrote to memory of 4980	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1436 wrote to memory of 4980	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1436 wrote to memory of 4784	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1436 wrote to memory of 4784	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1436 wrote to memory of 2928	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1436 wrote to memory of 2928	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1436 wrote to memory of 384	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1436 wrote to memory of 384	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1436 wrote to memory of 3992	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1436 wrote to memory of 3992	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1436 wrote to memory of 4316	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1436 wrote to memory of 4316	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1436 wrote to memory of 3492	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1436 wrote to memory of 3492	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1436 wrote to memory of 3316	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1436 wrote to memory of 3316	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1436 wrote to memory of 1208	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1436 wrote to memory of 1208	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1436 wrote to memory of 3996	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1436 wrote to memory of 3996	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1436 wrote to memory of 1728	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1436 wrote to memory of 1728	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1436 wrote to memory of 3784	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1436 wrote to memory of 3784	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1436 wrote to memory of 6064	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1436 wrote to memory of 6064	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1436 wrote to memory of 5348	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1436 wrote to memory of 5348	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1436 wrote to memory of 2568	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1436 wrote to memory of 2568	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1436 wrote to memory of 4452	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1436 wrote to memory of 4452	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1436 wrote to memory of 5344	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1436 wrote to memory of 5344	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1436 wrote to memory of 4448	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1436 wrote to memory of 4448	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1436 wrote to memory of 3632	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 1436 wrote to memory of 3632	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 1436 wrote to memory of 1112	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 1436 wrote to memory of 1112	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 1436 wrote to memory of 1640	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 1436 wrote to memory of 1640	1436	2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125

C:\Users\Admin\AppData\Local\Temp\2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_472edd7b86ec9705574b8fc6e70869bf_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\System\qiQIWab.exe
  C:\Windows\System\qiQIWab.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\pYSCgXi.exe
  C:\Windows\System\pYSCgXi.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\bmbcStE.exe
  C:\Windows\System\bmbcStE.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\MzipCcR.exe
  C:\Windows\System\MzipCcR.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\WIcRyOC.exe
  C:\Windows\System\WIcRyOC.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\gNgulZk.exe
  C:\Windows\System\gNgulZk.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\OoOjjsG.exe
  C:\Windows\System\OoOjjsG.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\lIWYnsv.exe
  C:\Windows\System\lIWYnsv.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SBIGTvG.exe
  C:\Windows\System\SBIGTvG.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\elYvLXE.exe
  C:\Windows\System\elYvLXE.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\VanFAoK.exe
  C:\Windows\System\VanFAoK.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\Treoevz.exe
  C:\Windows\System\Treoevz.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\vFYQBcy.exe
  C:\Windows\System\vFYQBcy.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\VgJYBZl.exe
  C:\Windows\System\VgJYBZl.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\zfOtKRw.exe
  C:\Windows\System\zfOtKRw.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\vXrtPBJ.exe
  C:\Windows\System\vXrtPBJ.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\YqbkCIS.exe
  C:\Windows\System\YqbkCIS.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\QWmbdxJ.exe
  C:\Windows\System\QWmbdxJ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\SCMDVfn.exe
  C:\Windows\System\SCMDVfn.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\DBIfgvV.exe
  C:\Windows\System\DBIfgvV.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\oURfkuH.exe
  C:\Windows\System\oURfkuH.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\kxDydzt.exe
  C:\Windows\System\kxDydzt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NtqfuZN.exe
  C:\Windows\System\NtqfuZN.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\YEoLGDi.exe
  C:\Windows\System\YEoLGDi.exe
  2⤵
  - Executes dropped EXE
  PID:6064
- C:\Windows\System\eiNMdvU.exe
  C:\Windows\System\eiNMdvU.exe
  2⤵
  - Executes dropped EXE
  PID:5348
- C:\Windows\System\LhVspxo.exe
  C:\Windows\System\LhVspxo.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\RKEIFxI.exe
  C:\Windows\System\RKEIFxI.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\cPcZJfG.exe
  C:\Windows\System\cPcZJfG.exe
  2⤵
  - Executes dropped EXE
  PID:5344
- C:\Windows\System\oyzzDNv.exe
  C:\Windows\System\oyzzDNv.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\ldupVKi.exe
  C:\Windows\System\ldupVKi.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\LFmSvsc.exe
  C:\Windows\System\LFmSvsc.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\IHhqjkT.exe
  C:\Windows\System\IHhqjkT.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\fDxEGeg.exe
  C:\Windows\System\fDxEGeg.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\CUjUEZq.exe
  C:\Windows\System\CUjUEZq.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\MdQkhBP.exe
  C:\Windows\System\MdQkhBP.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System\dzrUtqX.exe
  C:\Windows\System\dzrUtqX.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\GiXTdFS.exe
  C:\Windows\System\GiXTdFS.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\QcjRQkI.exe
  C:\Windows\System\QcjRQkI.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\bCldXdo.exe
  C:\Windows\System\bCldXdo.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\HmJtfxy.exe
  C:\Windows\System\HmJtfxy.exe
  2⤵
  - Executes dropped EXE
  PID:5312
- C:\Windows\System\yTXMfug.exe
  C:\Windows\System\yTXMfug.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\gInYsDi.exe
  C:\Windows\System\gInYsDi.exe
  2⤵
  - Executes dropped EXE
  PID:5668
- C:\Windows\System\urgYxKd.exe
  C:\Windows\System\urgYxKd.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\GMPWFMA.exe
  C:\Windows\System\GMPWFMA.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\Tgagldn.exe
  C:\Windows\System\Tgagldn.exe
  2⤵
  - Executes dropped EXE
  PID:5696
- C:\Windows\System\ZiIoyzA.exe
  C:\Windows\System\ZiIoyzA.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\xslHBHh.exe
  C:\Windows\System\xslHBHh.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\OQSSAmN.exe
  C:\Windows\System\OQSSAmN.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\QRElVNF.exe
  C:\Windows\System\QRElVNF.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\gLZiHUl.exe
  C:\Windows\System\gLZiHUl.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\CyMpYzj.exe
  C:\Windows\System\CyMpYzj.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\ozCvGbN.exe
  C:\Windows\System\ozCvGbN.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\siLKjRN.exe
  C:\Windows\System\siLKjRN.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\uNuKjvP.exe
  C:\Windows\System\uNuKjvP.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\HNfDTrX.exe
  C:\Windows\System\HNfDTrX.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\oadywJt.exe
  C:\Windows\System\oadywJt.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ojwhYxR.exe
  C:\Windows\System\ojwhYxR.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\gXVSAzY.exe
  C:\Windows\System\gXVSAzY.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\System\KSrzoRw.exe
  C:\Windows\System\KSrzoRw.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\DgBGQbt.exe
  C:\Windows\System\DgBGQbt.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\vZjciVo.exe
  C:\Windows\System\vZjciVo.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\RuXSQNx.exe
  C:\Windows\System\RuXSQNx.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\HTVEEaf.exe
  C:\Windows\System\HTVEEaf.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\PBvwkBV.exe
  C:\Windows\System\PBvwkBV.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\VMmLwtC.exe
  C:\Windows\System\VMmLwtC.exe
  2⤵
  PID:4600
- C:\Windows\System\yPcKiRc.exe
  C:\Windows\System\yPcKiRc.exe
  2⤵
  PID:4624
- C:\Windows\System\DiPRrdD.exe
  C:\Windows\System\DiPRrdD.exe
  2⤵
  PID:2632
- C:\Windows\System\weFlajp.exe
  C:\Windows\System\weFlajp.exe
  2⤵
  PID:4528
- C:\Windows\System\iYCdJBr.exe
  C:\Windows\System\iYCdJBr.exe
  2⤵
  PID:4672
- C:\Windows\System\dCbatWG.exe
  C:\Windows\System\dCbatWG.exe
  2⤵
  PID:5912
- C:\Windows\System\VzcBAUp.exe
  C:\Windows\System\VzcBAUp.exe
  2⤵
  PID:3948
- C:\Windows\System\ZoDFaud.exe
  C:\Windows\System\ZoDFaud.exe
  2⤵
  PID:836
- C:\Windows\System\oNTELsB.exe
  C:\Windows\System\oNTELsB.exe
  2⤵
  PID:1088
- C:\Windows\System\BCrzMFr.exe
  C:\Windows\System\BCrzMFr.exe
  2⤵
  PID:5896
- C:\Windows\System\lKAuSPk.exe
  C:\Windows\System\lKAuSPk.exe
  2⤵
  PID:5920
- C:\Windows\System\qIoByPM.exe
  C:\Windows\System\qIoByPM.exe
  2⤵
  PID:3892
- C:\Windows\System\RReDfiC.exe
  C:\Windows\System\RReDfiC.exe
  2⤵
  PID:5176
- C:\Windows\System\HKguzzJ.exe
  C:\Windows\System\HKguzzJ.exe
  2⤵
  PID:3860
- C:\Windows\System\SWEQgwJ.exe
  C:\Windows\System\SWEQgwJ.exe
  2⤵
  PID:2920
- C:\Windows\System\VKHscyo.exe
  C:\Windows\System\VKHscyo.exe
  2⤵
  PID:6112
- C:\Windows\System\iVHmfvH.exe
  C:\Windows\System\iVHmfvH.exe
  2⤵
  PID:1268
- C:\Windows\System\ItnYOtp.exe
  C:\Windows\System\ItnYOtp.exe
  2⤵
  PID:5512
- C:\Windows\System\LLMOkuW.exe
  C:\Windows\System\LLMOkuW.exe
  2⤵
  PID:5736
- C:\Windows\System\EDyLJgc.exe
  C:\Windows\System\EDyLJgc.exe
  2⤵
  PID:1016
- C:\Windows\System\KfUDOWG.exe
  C:\Windows\System\KfUDOWG.exe
  2⤵
  PID:3460
- C:\Windows\System\cnztNIE.exe
  C:\Windows\System\cnztNIE.exe
  2⤵
  PID:3988
- C:\Windows\System\AebRHtj.exe
  C:\Windows\System\AebRHtj.exe
  2⤵
  PID:5684
- C:\Windows\System\TbTyRTa.exe
  C:\Windows\System\TbTyRTa.exe
  2⤵
  PID:4232
- C:\Windows\System\rbPntou.exe
  C:\Windows\System\rbPntou.exe
  2⤵
  PID:1896
- C:\Windows\System\GuOfayw.exe
  C:\Windows\System\GuOfayw.exe
  2⤵
  PID:6016
- C:\Windows\System\lKEvfEL.exe
  C:\Windows\System\lKEvfEL.exe
  2⤵
  PID:1964
- C:\Windows\System\HOMbRDq.exe
  C:\Windows\System\HOMbRDq.exe
  2⤵
  PID:1296
- C:\Windows\System\CVrrhRB.exe
  C:\Windows\System\CVrrhRB.exe
  2⤵
  PID:5336
- C:\Windows\System\SloMjkZ.exe
  C:\Windows\System\SloMjkZ.exe
  2⤵
  PID:1956
- C:\Windows\System\RxJgAmr.exe
  C:\Windows\System\RxJgAmr.exe
  2⤵
  PID:3640
- C:\Windows\System\vUKZDaA.exe
  C:\Windows\System\vUKZDaA.exe
  2⤵
  PID:2660
- C:\Windows\System\FcAzEbW.exe
  C:\Windows\System\FcAzEbW.exe
  2⤵
  PID:4840
- C:\Windows\System\cNLlyMn.exe
  C:\Windows\System\cNLlyMn.exe
  2⤵
  PID:3728
- C:\Windows\System\gNCmQah.exe
  C:\Windows\System\gNCmQah.exe
  2⤵
  PID:936
- C:\Windows\System\oCbrpmB.exe
  C:\Windows\System\oCbrpmB.exe
  2⤵
  PID:3464
- C:\Windows\System\Akpiuco.exe
  C:\Windows\System\Akpiuco.exe
  2⤵
  PID:5488
- C:\Windows\System\DZbJheQ.exe
  C:\Windows\System\DZbJheQ.exe
  2⤵
  PID:5780
- C:\Windows\System\bjDdzfP.exe
  C:\Windows\System\bjDdzfP.exe
  2⤵
  PID:3340
- C:\Windows\System\uecjOmz.exe
  C:\Windows\System\uecjOmz.exe
  2⤵
  PID:4952
- C:\Windows\System\gcCQNdL.exe
  C:\Windows\System\gcCQNdL.exe
  2⤵
  PID:1484
- C:\Windows\System\pohPPVj.exe
  C:\Windows\System\pohPPVj.exe
  2⤵
  PID:2176
- C:\Windows\System\IGFfZRJ.exe
  C:\Windows\System\IGFfZRJ.exe
  2⤵
  PID:5704
- C:\Windows\System\HHQijDJ.exe
  C:\Windows\System\HHQijDJ.exe
  2⤵
  PID:2084
- C:\Windows\System\mUHHbom.exe
  C:\Windows\System\mUHHbom.exe
  2⤵
  PID:436
- C:\Windows\System\vyaAyTB.exe
  C:\Windows\System\vyaAyTB.exe
  2⤵
  PID:5024
- C:\Windows\System\nCNGjSM.exe
  C:\Windows\System\nCNGjSM.exe
  2⤵
  PID:5988
- C:\Windows\System\SqTQIjm.exe
  C:\Windows\System\SqTQIjm.exe
  2⤵
  PID:2912
- C:\Windows\System\EqEPhlh.exe
  C:\Windows\System\EqEPhlh.exe
  2⤵
  PID:5528
- C:\Windows\System\gzUVBsV.exe
  C:\Windows\System\gzUVBsV.exe
  2⤵
  PID:1224
- C:\Windows\System\PfjqcsO.exe
  C:\Windows\System\PfjqcsO.exe
  2⤵
  PID:2940
- C:\Windows\System\nxqAfNv.exe
  C:\Windows\System\nxqAfNv.exe
  2⤵
  PID:4468
- C:\Windows\System\LrOJMph.exe
  C:\Windows\System\LrOJMph.exe
  2⤵
  PID:4416
- C:\Windows\System\wyXJqAx.exe
  C:\Windows\System\wyXJqAx.exe
  2⤵
  PID:2700
- C:\Windows\System\rrIaSSy.exe
  C:\Windows\System\rrIaSSy.exe
  2⤵
  PID:728
- C:\Windows\System\bSOqfjl.exe
  C:\Windows\System\bSOqfjl.exe
  2⤵
  PID:1304
- C:\Windows\System\aaqdmNL.exe
  C:\Windows\System\aaqdmNL.exe
  2⤵
  PID:6104
- C:\Windows\System\RfzgYwQ.exe
  C:\Windows\System\RfzgYwQ.exe
  2⤵
  PID:4724
- C:\Windows\System\XCgNJEs.exe
  C:\Windows\System\XCgNJEs.exe
  2⤵
  PID:1696
- C:\Windows\System\mQhqpem.exe
  C:\Windows\System\mQhqpem.exe
  2⤵
  PID:5080
- C:\Windows\System\tVmBgnh.exe
  C:\Windows\System\tVmBgnh.exe
  2⤵
  PID:1664
- C:\Windows\System\DjQiDRR.exe
  C:\Windows\System\DjQiDRR.exe
  2⤵
  PID:6168
- C:\Windows\System\IemeZZh.exe
  C:\Windows\System\IemeZZh.exe
  2⤵
  PID:6200
- C:\Windows\System\oBtKfqk.exe
  C:\Windows\System\oBtKfqk.exe
  2⤵
  PID:6228
- C:\Windows\System\LkGGpSi.exe
  C:\Windows\System\LkGGpSi.exe
  2⤵
  PID:6256
- C:\Windows\System\bUAIxJk.exe
  C:\Windows\System\bUAIxJk.exe
  2⤵
  PID:6284
- C:\Windows\System\jCzbCIV.exe
  C:\Windows\System\jCzbCIV.exe
  2⤵
  PID:6312
- C:\Windows\System\SJHMefp.exe
  C:\Windows\System\SJHMefp.exe
  2⤵
  PID:6336
- C:\Windows\System\GScvKDi.exe
  C:\Windows\System\GScvKDi.exe
  2⤵
  PID:6368
- C:\Windows\System\HOQPils.exe
  C:\Windows\System\HOQPils.exe
  2⤵
  PID:6392
- C:\Windows\System\mNJuGdt.exe
  C:\Windows\System\mNJuGdt.exe
  2⤵
  PID:6424
- C:\Windows\System\Udwwvoa.exe
  C:\Windows\System\Udwwvoa.exe
  2⤵
  PID:6452
- C:\Windows\System\fsRHqic.exe
  C:\Windows\System\fsRHqic.exe
  2⤵
  PID:6476
- C:\Windows\System\YMWxSGu.exe
  C:\Windows\System\YMWxSGu.exe
  2⤵
  PID:6512
- C:\Windows\System\QgqQxvK.exe
  C:\Windows\System\QgqQxvK.exe
  2⤵
  PID:6528
- C:\Windows\System\ztUkFYq.exe
  C:\Windows\System\ztUkFYq.exe
  2⤵
  PID:6564
- C:\Windows\System\sqwUCsE.exe
  C:\Windows\System\sqwUCsE.exe
  2⤵
  PID:6596
- C:\Windows\System\afqxMmW.exe
  C:\Windows\System\afqxMmW.exe
  2⤵
  PID:6624
- C:\Windows\System\PokfKAn.exe
  C:\Windows\System\PokfKAn.exe
  2⤵
  PID:6652
- C:\Windows\System\eycZfpi.exe
  C:\Windows\System\eycZfpi.exe
  2⤵
  PID:6680
- C:\Windows\System\iqxEzDh.exe
  C:\Windows\System\iqxEzDh.exe
  2⤵
  PID:6716
- C:\Windows\System\QBIQNfs.exe
  C:\Windows\System\QBIQNfs.exe
  2⤵
  PID:6744
- C:\Windows\System\QldIZll.exe
  C:\Windows\System\QldIZll.exe
  2⤵
  PID:6772
- C:\Windows\System\GBoQVGB.exe
  C:\Windows\System\GBoQVGB.exe
  2⤵
  PID:6800
- C:\Windows\System\ATXZtdr.exe
  C:\Windows\System\ATXZtdr.exe
  2⤵
  PID:6828
- C:\Windows\System\IoeZwRd.exe
  C:\Windows\System\IoeZwRd.exe
  2⤵
  PID:6856
- C:\Windows\System\ExKLgyq.exe
  C:\Windows\System\ExKLgyq.exe
  2⤵
  PID:6884
- C:\Windows\System\xESiFLB.exe
  C:\Windows\System\xESiFLB.exe
  2⤵
  PID:6912
- C:\Windows\System\KAYxwjt.exe
  C:\Windows\System\KAYxwjt.exe
  2⤵
  PID:6940
- C:\Windows\System\plgIcaW.exe
  C:\Windows\System\plgIcaW.exe
  2⤵
  PID:6968
- C:\Windows\System\VMKEntE.exe
  C:\Windows\System\VMKEntE.exe
  2⤵
  PID:6996
- C:\Windows\System\ggPxkNL.exe
  C:\Windows\System\ggPxkNL.exe
  2⤵
  PID:7016
- C:\Windows\System\PawOooa.exe
  C:\Windows\System\PawOooa.exe
  2⤵
  PID:7056
- C:\Windows\System\BkMytIF.exe
  C:\Windows\System\BkMytIF.exe
  2⤵
  PID:7088
- C:\Windows\System\scLikqX.exe
  C:\Windows\System\scLikqX.exe
  2⤵
  PID:7104
- C:\Windows\System\yrUOIaU.exe
  C:\Windows\System\yrUOIaU.exe
  2⤵
  PID:7136
- C:\Windows\System\dcqTBgQ.exe
  C:\Windows\System\dcqTBgQ.exe
  2⤵
  PID:7164
- C:\Windows\System\AeFEvun.exe
  C:\Windows\System\AeFEvun.exe
  2⤵
  PID:6224
- C:\Windows\System\kqZNUfG.exe
  C:\Windows\System\kqZNUfG.exe
  2⤵
  PID:6272
- C:\Windows\System\BoyLgTn.exe
  C:\Windows\System\BoyLgTn.exe
  2⤵
  PID:6400
- C:\Windows\System\VsXTmml.exe
  C:\Windows\System\VsXTmml.exe
  2⤵
  PID:452
- C:\Windows\System\dsRaJBY.exe
  C:\Windows\System\dsRaJBY.exe
  2⤵
  PID:408
- C:\Windows\System\pqvlabU.exe
  C:\Windows\System\pqvlabU.exe
  2⤵
  PID:4412
- C:\Windows\System\OIQHABr.exe
  C:\Windows\System\OIQHABr.exe
  2⤵
  PID:3360
- C:\Windows\System\cwHFKmT.exe
  C:\Windows\System\cwHFKmT.exe
  2⤵
  PID:5384
- C:\Windows\System\msxZQGX.exe
  C:\Windows\System\msxZQGX.exe
  2⤵
  PID:5164
- C:\Windows\System\iyMVPMz.exe
  C:\Windows\System\iyMVPMz.exe
  2⤵
  PID:3536
- C:\Windows\System\BZwiUXf.exe
  C:\Windows\System\BZwiUXf.exe
  2⤵
  PID:6508
- C:\Windows\System\wKLpIrn.exe
  C:\Windows\System\wKLpIrn.exe
  2⤵
  PID:6552
- C:\Windows\System\HlzJlQa.exe
  C:\Windows\System\HlzJlQa.exe
  2⤵
  PID:6620
- C:\Windows\System\bcmBYHl.exe
  C:\Windows\System\bcmBYHl.exe
  2⤵
  PID:6696
- C:\Windows\System\hhgspal.exe
  C:\Windows\System\hhgspal.exe
  2⤵
  PID:6760
- C:\Windows\System\XjAttSx.exe
  C:\Windows\System\XjAttSx.exe
  2⤵
  PID:6836
- C:\Windows\System\vbExpgL.exe
  C:\Windows\System\vbExpgL.exe
  2⤵
  PID:6872
- C:\Windows\System\MWaNNon.exe
  C:\Windows\System\MWaNNon.exe
  2⤵
  PID:6948
- C:\Windows\System\YyQQkvy.exe
  C:\Windows\System\YyQQkvy.exe
  2⤵
  PID:7012
- C:\Windows\System\TeWHqEM.exe
  C:\Windows\System\TeWHqEM.exe
  2⤵
  PID:7076
- C:\Windows\System\UXzBlnM.exe
  C:\Windows\System\UXzBlnM.exe
  2⤵
  PID:7148
- C:\Windows\System\QQSqNlN.exe
  C:\Windows\System\QQSqNlN.exe
  2⤵
  PID:6236
- C:\Windows\System\VEIvcUL.exe
  C:\Windows\System\VEIvcUL.exe
  2⤵
  PID:1124
- C:\Windows\System\OoaSTiG.exe
  C:\Windows\System\OoaSTiG.exe
  2⤵
  PID:6440
- C:\Windows\System\ygygdfn.exe
  C:\Windows\System\ygygdfn.exe
  2⤵
  PID:5816
- C:\Windows\System\hytxLVK.exe
  C:\Windows\System\hytxLVK.exe
  2⤵
  PID:2288
- C:\Windows\System\jILjGXr.exe
  C:\Windows\System\jILjGXr.exe
  2⤵
  PID:6524
- C:\Windows\System\mbtZMoe.exe
  C:\Windows\System\mbtZMoe.exe
  2⤵
  PID:6724
- C:\Windows\System\bUsjTfR.exe
  C:\Windows\System\bUsjTfR.exe
  2⤵
  PID:6852
- C:\Windows\System\SBloZpz.exe
  C:\Windows\System\SBloZpz.exe
  2⤵
  PID:6928
- C:\Windows\System\tOLvKeV.exe
  C:\Windows\System\tOLvKeV.exe
  2⤵
  PID:7096
- C:\Windows\System\RImZmAW.exe
  C:\Windows\System\RImZmAW.exe
  2⤵
  PID:6404
- C:\Windows\System\wavwrdz.exe
  C:\Windows\System\wavwrdz.exe
  2⤵
  PID:976
- C:\Windows\System\bIxMPep.exe
  C:\Windows\System\bIxMPep.exe
  2⤵
  PID:6592
- C:\Windows\System\RbfTJNa.exe
  C:\Windows\System\RbfTJNa.exe
  2⤵
  PID:6956
- C:\Windows\System\BILHUBE.exe
  C:\Windows\System\BILHUBE.exe
  2⤵
  PID:3744
- C:\Windows\System\nKLHSsm.exe
  C:\Windows\System\nKLHSsm.exe
  2⤵
  PID:6796
- C:\Windows\System\YWEMmmW.exe
  C:\Windows\System\YWEMmmW.exe
  2⤵
  PID:6484
- C:\Windows\System\fcSRpRZ.exe
  C:\Windows\System\fcSRpRZ.exe
  2⤵
  PID:7156
- C:\Windows\System\kmSVxKI.exe
  C:\Windows\System\kmSVxKI.exe
  2⤵
  PID:7196
- C:\Windows\System\PoyOWXe.exe
  C:\Windows\System\PoyOWXe.exe
  2⤵
  PID:7224
- C:\Windows\System\AextiRO.exe
  C:\Windows\System\AextiRO.exe
  2⤵
  PID:7252
- C:\Windows\System\GEnCcTE.exe
  C:\Windows\System\GEnCcTE.exe
  2⤵
  PID:7280
- C:\Windows\System\yponYkd.exe
  C:\Windows\System\yponYkd.exe
  2⤵
  PID:7308
- C:\Windows\System\rDiIhKo.exe
  C:\Windows\System\rDiIhKo.exe
  2⤵
  PID:7344
- C:\Windows\System\KNPWnum.exe
  C:\Windows\System\KNPWnum.exe
  2⤵
  PID:7376
- C:\Windows\System\KnakvQz.exe
  C:\Windows\System\KnakvQz.exe
  2⤵
  PID:7404
- C:\Windows\System\TnGyfBk.exe
  C:\Windows\System\TnGyfBk.exe
  2⤵
  PID:7428
- C:\Windows\System\LOelusF.exe
  C:\Windows\System\LOelusF.exe
  2⤵
  PID:7456
- C:\Windows\System\cgacDvO.exe
  C:\Windows\System\cgacDvO.exe
  2⤵
  PID:7484
- C:\Windows\System\dpjcmki.exe
  C:\Windows\System\dpjcmki.exe
  2⤵
  PID:7512
- C:\Windows\System\JgHaOkj.exe
  C:\Windows\System\JgHaOkj.exe
  2⤵
  PID:7540
- C:\Windows\System\HcfQPgC.exe
  C:\Windows\System\HcfQPgC.exe
  2⤵
  PID:7568
- C:\Windows\System\mYolxgu.exe
  C:\Windows\System\mYolxgu.exe
  2⤵
  PID:7596
- C:\Windows\System\XqDJaRb.exe
  C:\Windows\System\XqDJaRb.exe
  2⤵
  PID:7628
- C:\Windows\System\moPsnyo.exe
  C:\Windows\System\moPsnyo.exe
  2⤵
  PID:7652
- C:\Windows\System\YUfjIFu.exe
  C:\Windows\System\YUfjIFu.exe
  2⤵
  PID:7684
- C:\Windows\System\gbrjwan.exe
  C:\Windows\System\gbrjwan.exe
  2⤵
  PID:7712
- C:\Windows\System\KpZDTEA.exe
  C:\Windows\System\KpZDTEA.exe
  2⤵
  PID:7740
- C:\Windows\System\YUhTwbh.exe
  C:\Windows\System\YUhTwbh.exe
  2⤵
  PID:7768
- C:\Windows\System\JCTpiQK.exe
  C:\Windows\System\JCTpiQK.exe
  2⤵
  PID:7804
- C:\Windows\System\BachUfQ.exe
  C:\Windows\System\BachUfQ.exe
  2⤵
  PID:7828
- C:\Windows\System\NWPqyGy.exe
  C:\Windows\System\NWPqyGy.exe
  2⤵
  PID:7852
- C:\Windows\System\rMqWdra.exe
  C:\Windows\System\rMqWdra.exe
  2⤵
  PID:7880
- C:\Windows\System\VorxdUd.exe
  C:\Windows\System\VorxdUd.exe
  2⤵
  PID:7908
- C:\Windows\System\vMpTlmC.exe
  C:\Windows\System\vMpTlmC.exe
  2⤵
  PID:7936
- C:\Windows\System\HdUyXRq.exe
  C:\Windows\System\HdUyXRq.exe
  2⤵
  PID:7964
- C:\Windows\System\GGueXTw.exe
  C:\Windows\System\GGueXTw.exe
  2⤵
  PID:7992
- C:\Windows\System\vPajNdW.exe
  C:\Windows\System\vPajNdW.exe
  2⤵
  PID:8020
- C:\Windows\System\ERWhcLJ.exe
  C:\Windows\System\ERWhcLJ.exe
  2⤵
  PID:8052
- C:\Windows\System\czQdXPC.exe
  C:\Windows\System\czQdXPC.exe
  2⤵
  PID:8076
- C:\Windows\System\uoTxnQE.exe
  C:\Windows\System\uoTxnQE.exe
  2⤵
  PID:8104
- C:\Windows\System\DCVNfBt.exe
  C:\Windows\System\DCVNfBt.exe
  2⤵
  PID:8136
- C:\Windows\System\jEjESmp.exe
  C:\Windows\System\jEjESmp.exe
  2⤵
  PID:8160
- C:\Windows\System\QOOqhMJ.exe
  C:\Windows\System\QOOqhMJ.exe
  2⤵
  PID:8188
- C:\Windows\System\qZlamiv.exe
  C:\Windows\System\qZlamiv.exe
  2⤵
  PID:7244
- C:\Windows\System\RzLScjo.exe
  C:\Windows\System\RzLScjo.exe
  2⤵
  PID:7304
- C:\Windows\System\UQjINFy.exe
  C:\Windows\System\UQjINFy.exe
  2⤵
  PID:7384
- C:\Windows\System\HFuKsND.exe
  C:\Windows\System\HFuKsND.exe
  2⤵
  PID:7452
- C:\Windows\System\TsKAEMm.exe
  C:\Windows\System\TsKAEMm.exe
  2⤵
  PID:7508
- C:\Windows\System\HJQAbvA.exe
  C:\Windows\System\HJQAbvA.exe
  2⤵
  PID:7588
- C:\Windows\System\EOiOoYo.exe
  C:\Windows\System\EOiOoYo.exe
  2⤵
  PID:7636
- C:\Windows\System\qmxscap.exe
  C:\Windows\System\qmxscap.exe
  2⤵
  PID:7724
- C:\Windows\System\uNmLJNd.exe
  C:\Windows\System\uNmLJNd.exe
  2⤵
  PID:7764
- C:\Windows\System\VWmsECX.exe
  C:\Windows\System\VWmsECX.exe
  2⤵
  PID:7820
- C:\Windows\System\HJsGgul.exe
  C:\Windows\System\HJsGgul.exe
  2⤵
  PID:7900
- C:\Windows\System\PGSbvUY.exe
  C:\Windows\System\PGSbvUY.exe
  2⤵
  PID:7976
- C:\Windows\System\TuUawgm.exe
  C:\Windows\System\TuUawgm.exe
  2⤵
  PID:8016
- C:\Windows\System\XCFuYSl.exe
  C:\Windows\System\XCFuYSl.exe
  2⤵
  PID:8100
- C:\Windows\System\SvInfyH.exe
  C:\Windows\System\SvInfyH.exe
  2⤵
  PID:8172
- C:\Windows\System\mXkjvME.exe
  C:\Windows\System\mXkjvME.exe
  2⤵
  PID:7264
- C:\Windows\System\uhIvtAI.exe
  C:\Windows\System\uhIvtAI.exe
  2⤵
  PID:7416
- C:\Windows\System\YAqIyuy.exe
  C:\Windows\System\YAqIyuy.exe
  2⤵
  PID:7556
- C:\Windows\System\uirfhWi.exe
  C:\Windows\System\uirfhWi.exe
  2⤵
  PID:7732
- C:\Windows\System\VgqhkmI.exe
  C:\Windows\System\VgqhkmI.exe
  2⤵
  PID:7872
- C:\Windows\System\qDvJygv.exe
  C:\Windows\System\qDvJygv.exe
  2⤵
  PID:8044
- C:\Windows\System\UpsiKDM.exe
  C:\Windows\System\UpsiKDM.exe
  2⤵
  PID:8144
- C:\Windows\System\ifXGqrg.exe
  C:\Windows\System\ifXGqrg.exe
  2⤵
  PID:7476
- C:\Windows\System\qMxfkMT.exe
  C:\Windows\System\qMxfkMT.exe
  2⤵
  PID:7788
- C:\Windows\System\cEiJYpV.exe
  C:\Windows\System\cEiJYpV.exe
  2⤵
  PID:8128
- C:\Windows\System\pEGwxlG.exe
  C:\Windows\System\pEGwxlG.exe
  2⤵
  PID:7932
- C:\Windows\System\pazabxg.exe
  C:\Windows\System\pazabxg.exe
  2⤵
  PID:7752
- C:\Windows\System\WflUpRC.exe
  C:\Windows\System\WflUpRC.exe
  2⤵
  PID:8220
- C:\Windows\System\yzxMgGx.exe
  C:\Windows\System\yzxMgGx.exe
  2⤵
  PID:8240
- C:\Windows\System\SoONnuS.exe
  C:\Windows\System\SoONnuS.exe
  2⤵
  PID:8260
- C:\Windows\System\XKsrwSk.exe
  C:\Windows\System\XKsrwSk.exe
  2⤵
  PID:8304
- C:\Windows\System\yjtsTXT.exe
  C:\Windows\System\yjtsTXT.exe
  2⤵
  PID:8332
- C:\Windows\System\zojAboQ.exe
  C:\Windows\System\zojAboQ.exe
  2⤵
  PID:8360
- C:\Windows\System\OzlPuXO.exe
  C:\Windows\System\OzlPuXO.exe
  2⤵
  PID:8388
- C:\Windows\System\qhFWPQN.exe
  C:\Windows\System\qhFWPQN.exe
  2⤵
  PID:8424
- C:\Windows\System\TKclVuW.exe
  C:\Windows\System\TKclVuW.exe
  2⤵
  PID:8444
- C:\Windows\System\qCxtiHf.exe
  C:\Windows\System\qCxtiHf.exe
  2⤵
  PID:8472
- C:\Windows\System\aAxdYtZ.exe
  C:\Windows\System\aAxdYtZ.exe
  2⤵
  PID:8500
- C:\Windows\System\wUBXzQp.exe
  C:\Windows\System\wUBXzQp.exe
  2⤵
  PID:8528
- C:\Windows\System\nlKVeMz.exe
  C:\Windows\System\nlKVeMz.exe
  2⤵
  PID:8556
- C:\Windows\System\eaHVsFW.exe
  C:\Windows\System\eaHVsFW.exe
  2⤵
  PID:8584
- C:\Windows\System\bbnQtML.exe
  C:\Windows\System\bbnQtML.exe
  2⤵
  PID:8612
- C:\Windows\System\Cmlbtjf.exe
  C:\Windows\System\Cmlbtjf.exe
  2⤵
  PID:8640
- C:\Windows\System\BsYGqrj.exe
  C:\Windows\System\BsYGqrj.exe
  2⤵
  PID:8668
- C:\Windows\System\kvJadbA.exe
  C:\Windows\System\kvJadbA.exe
  2⤵
  PID:8700
- C:\Windows\System\WJuFqHx.exe
  C:\Windows\System\WJuFqHx.exe
  2⤵
  PID:8724
- C:\Windows\System\nbSRPLe.exe
  C:\Windows\System\nbSRPLe.exe
  2⤵
  PID:8752
- C:\Windows\System\RxVNaPK.exe
  C:\Windows\System\RxVNaPK.exe
  2⤵
  PID:8780
- C:\Windows\System\VGDZnsH.exe
  C:\Windows\System\VGDZnsH.exe
  2⤵
  PID:8808
- C:\Windows\System\noRsmVT.exe
  C:\Windows\System\noRsmVT.exe
  2⤵
  PID:8840
- C:\Windows\System\oDDDIcZ.exe
  C:\Windows\System\oDDDIcZ.exe
  2⤵
  PID:8868
- C:\Windows\System\zbKkHVv.exe
  C:\Windows\System\zbKkHVv.exe
  2⤵
  PID:8900
- C:\Windows\System\OyZZOnC.exe
  C:\Windows\System\OyZZOnC.exe
  2⤵
  PID:8920
- C:\Windows\System\NoSgVIy.exe
  C:\Windows\System\NoSgVIy.exe
  2⤵
  PID:8948
- C:\Windows\System\qwFLNZA.exe
  C:\Windows\System\qwFLNZA.exe
  2⤵
  PID:8976
- C:\Windows\System\WOICuUq.exe
  C:\Windows\System\WOICuUq.exe
  2⤵
  PID:9004
- C:\Windows\System\LEqouDn.exe
  C:\Windows\System\LEqouDn.exe
  2⤵
  PID:9032
- C:\Windows\System\gtiHkTP.exe
  C:\Windows\System\gtiHkTP.exe
  2⤵
  PID:9060
- C:\Windows\System\BaPZzpq.exe
  C:\Windows\System\BaPZzpq.exe
  2⤵
  PID:9088
- C:\Windows\System\TTFxsZn.exe
  C:\Windows\System\TTFxsZn.exe
  2⤵
  PID:9116
- C:\Windows\System\RyNunnJ.exe
  C:\Windows\System\RyNunnJ.exe
  2⤵
  PID:9144
- C:\Windows\System\PBpObwK.exe
  C:\Windows\System\PBpObwK.exe
  2⤵
  PID:9172
- C:\Windows\System\PKqSYuJ.exe
  C:\Windows\System\PKqSYuJ.exe
  2⤵
  PID:9200
- C:\Windows\System\tSrfCis.exe
  C:\Windows\System\tSrfCis.exe
  2⤵
  PID:8216
- C:\Windows\System\jKvgCDq.exe
  C:\Windows\System\jKvgCDq.exe
  2⤵
  PID:8288
- C:\Windows\System\pYFHLva.exe
  C:\Windows\System\pYFHLva.exe
  2⤵
  PID:8352
- C:\Windows\System\TUendsT.exe
  C:\Windows\System\TUendsT.exe
  2⤵
  PID:8412
- C:\Windows\System\BeoOxyH.exe
  C:\Windows\System\BeoOxyH.exe
  2⤵
  PID:8484
- C:\Windows\System\tDTmIDP.exe
  C:\Windows\System\tDTmIDP.exe
  2⤵
  PID:8576
- C:\Windows\System\qodVuhX.exe
  C:\Windows\System\qodVuhX.exe
  2⤵
  PID:8632
- C:\Windows\System\QKWCJOX.exe
  C:\Windows\System\QKWCJOX.exe
  2⤵
  PID:8680
- C:\Windows\System\GadVTLd.exe
  C:\Windows\System\GadVTLd.exe
  2⤵
  PID:8744
- C:\Windows\System\ARHcuCF.exe
  C:\Windows\System\ARHcuCF.exe
  2⤵
  PID:8804
- C:\Windows\System\QZjEWnz.exe
  C:\Windows\System\QZjEWnz.exe
  2⤵
  PID:8876
- C:\Windows\System\DQAyywi.exe
  C:\Windows\System\DQAyywi.exe
  2⤵
  PID:8940
- C:\Windows\System\YBeVfTg.exe
  C:\Windows\System\YBeVfTg.exe
  2⤵
  PID:9000
- C:\Windows\System\BKhLgwa.exe
  C:\Windows\System\BKhLgwa.exe
  2⤵
  PID:9072
- C:\Windows\System\PFIqpza.exe
  C:\Windows\System\PFIqpza.exe
  2⤵
  PID:9136
- C:\Windows\System\aKyUNlj.exe
  C:\Windows\System\aKyUNlj.exe
  2⤵
  PID:9196
- C:\Windows\System\HZYXPKe.exe
  C:\Windows\System\HZYXPKe.exe
  2⤵
  PID:8328
- C:\Windows\System\TEUeUTu.exe
  C:\Windows\System\TEUeUTu.exe
  2⤵
  PID:8664
- C:\Windows\System\bifhQaQ.exe
  C:\Windows\System\bifhQaQ.exe
  2⤵
  PID:8800
- C:\Windows\System\fjQRABe.exe
  C:\Windows\System\fjQRABe.exe
  2⤵
  PID:8968
- C:\Windows\System\BzumrES.exe
  C:\Windows\System\BzumrES.exe
  2⤵
  PID:9164
- C:\Windows\System\UZkgrwF.exe
  C:\Windows\System\UZkgrwF.exe
  2⤵
  PID:1440
- C:\Windows\System\DxVHClI.exe
  C:\Windows\System\DxVHClI.exe
  2⤵
  PID:8792
- C:\Windows\System\NTRDmoe.exe
  C:\Windows\System\NTRDmoe.exe
  2⤵
  PID:9192
- C:\Windows\System\UYzmibl.exe
  C:\Windows\System\UYzmibl.exe
  2⤵
  PID:8932
- C:\Windows\System\jhiZFVh.exe
  C:\Windows\System\jhiZFVh.exe
  2⤵
  PID:9224
- C:\Windows\System\YGvJZXS.exe
  C:\Windows\System\YGvJZXS.exe
  2⤵
  PID:9256
- C:\Windows\System\exncLaZ.exe
  C:\Windows\System\exncLaZ.exe
  2⤵
  PID:9288
- C:\Windows\System\oIERbIu.exe
  C:\Windows\System\oIERbIu.exe
  2⤵
  PID:9316
- C:\Windows\System\vTLHaAP.exe
  C:\Windows\System\vTLHaAP.exe
  2⤵
  PID:9348
- C:\Windows\System\bqDpugw.exe
  C:\Windows\System\bqDpugw.exe
  2⤵
  PID:9376
- C:\Windows\System\xDsIIbF.exe
  C:\Windows\System\xDsIIbF.exe
  2⤵
  PID:9412
- C:\Windows\System\URpGJXi.exe
  C:\Windows\System\URpGJXi.exe
  2⤵
  PID:9440
- C:\Windows\System\FdsQLve.exe
  C:\Windows\System\FdsQLve.exe
  2⤵
  PID:9468
- C:\Windows\System\yunaatZ.exe
  C:\Windows\System\yunaatZ.exe
  2⤵
  PID:9496
- C:\Windows\System\TRxlMEc.exe
  C:\Windows\System\TRxlMEc.exe
  2⤵
  PID:9524
- C:\Windows\System\fxvRYkE.exe
  C:\Windows\System\fxvRYkE.exe
  2⤵
  PID:9552
- C:\Windows\System\bdjzRba.exe
  C:\Windows\System\bdjzRba.exe
  2⤵
  PID:9584
- C:\Windows\System\JkczEgo.exe
  C:\Windows\System\JkczEgo.exe
  2⤵
  PID:9608
- C:\Windows\System\EtbXsUc.exe
  C:\Windows\System\EtbXsUc.exe
  2⤵
  PID:9636
- C:\Windows\System\hESFNuh.exe
  C:\Windows\System\hESFNuh.exe
  2⤵
  PID:9664
- C:\Windows\System\axBKAJb.exe
  C:\Windows\System\axBKAJb.exe
  2⤵
  PID:9692
- C:\Windows\System\llpYvBd.exe
  C:\Windows\System\llpYvBd.exe
  2⤵
  PID:9720
- C:\Windows\System\LjhlBok.exe
  C:\Windows\System\LjhlBok.exe
  2⤵
  PID:9748
- C:\Windows\System\GAxJOQm.exe
  C:\Windows\System\GAxJOQm.exe
  2⤵
  PID:9776
- C:\Windows\System\DxWZgtg.exe
  C:\Windows\System\DxWZgtg.exe
  2⤵
  PID:9804
- C:\Windows\System\YzLAVEL.exe
  C:\Windows\System\YzLAVEL.exe
  2⤵
  PID:9832
- C:\Windows\System\tMRwvea.exe
  C:\Windows\System\tMRwvea.exe
  2⤵
  PID:9860
- C:\Windows\System\vlocMMV.exe
  C:\Windows\System\vlocMMV.exe
  2⤵
  PID:9896
- C:\Windows\System\FWROHdw.exe
  C:\Windows\System\FWROHdw.exe
  2⤵
  PID:9920
- C:\Windows\System\LIdrjAR.exe
  C:\Windows\System\LIdrjAR.exe
  2⤵
  PID:9948
- C:\Windows\System\kfRJDHH.exe
  C:\Windows\System\kfRJDHH.exe
  2⤵
  PID:9976
- C:\Windows\System\lhGEMXf.exe
  C:\Windows\System\lhGEMXf.exe
  2⤵
  PID:10004
- C:\Windows\System\rwvRZHm.exe
  C:\Windows\System\rwvRZHm.exe
  2⤵
  PID:10036
- C:\Windows\System\QBluqvd.exe
  C:\Windows\System\QBluqvd.exe
  2⤵
  PID:10064
- C:\Windows\System\BYOoJLR.exe
  C:\Windows\System\BYOoJLR.exe
  2⤵
  PID:10108
- C:\Windows\System\kxedhdS.exe
  C:\Windows\System\kxedhdS.exe
  2⤵
  PID:10156
- C:\Windows\System\vPXjKKb.exe
  C:\Windows\System\vPXjKKb.exe
  2⤵
  PID:10188
- C:\Windows\System\qOsMbtm.exe
  C:\Windows\System\qOsMbtm.exe
  2⤵
  PID:10216
- C:\Windows\System\ErLpIoJ.exe
  C:\Windows\System\ErLpIoJ.exe
  2⤵
  PID:9220
- C:\Windows\System\pNHYatO.exe
  C:\Windows\System\pNHYatO.exe
  2⤵
  PID:9300
- C:\Windows\System\GITrPcO.exe
  C:\Windows\System\GITrPcO.exe
  2⤵
  PID:9340
- C:\Windows\System\ftmmxOh.exe
  C:\Windows\System\ftmmxOh.exe
  2⤵
  PID:9396
- C:\Windows\System\UZuKeKn.exe
  C:\Windows\System\UZuKeKn.exe
  2⤵
  PID:9464
- C:\Windows\System\IObLCdQ.exe
  C:\Windows\System\IObLCdQ.exe
  2⤵
  PID:9520
- C:\Windows\System\InawPjP.exe
  C:\Windows\System\InawPjP.exe
  2⤵
  PID:9572
- C:\Windows\System\aIqURHm.exe
  C:\Windows\System\aIqURHm.exe
  2⤵
  PID:9632
- C:\Windows\System\PTonOwd.exe
  C:\Windows\System\PTonOwd.exe
  2⤵
  PID:9704
- C:\Windows\System\DErBvDf.exe
  C:\Windows\System\DErBvDf.exe
  2⤵
  PID:9772
- C:\Windows\System\Axihyfd.exe
  C:\Windows\System\Axihyfd.exe
  2⤵
  PID:9828
- C:\Windows\System\EcfwjyN.exe
  C:\Windows\System\EcfwjyN.exe
  2⤵
  PID:9908
- C:\Windows\System\skPPHkM.exe
  C:\Windows\System\skPPHkM.exe
  2⤵
  PID:9964
- C:\Windows\System\ooryrst.exe
  C:\Windows\System\ooryrst.exe
  2⤵
  PID:10032
- C:\Windows\System\HLZYpSr.exe
  C:\Windows\System\HLZYpSr.exe
  2⤵
  PID:10092
- C:\Windows\System\NHLoAcb.exe
  C:\Windows\System\NHLoAcb.exe
  2⤵
  PID:10184
- C:\Windows\System\JrXGAbI.exe
  C:\Windows\System\JrXGAbI.exe
  2⤵
  PID:9100
- C:\Windows\System\VGuxcOq.exe
  C:\Windows\System\VGuxcOq.exe
  2⤵
  PID:8440
- C:\Windows\System\SGNsEsn.exe
  C:\Windows\System\SGNsEsn.exe
  2⤵
  PID:900
- C:\Windows\System\yOptLol.exe
  C:\Windows\System\yOptLol.exe
  2⤵
  PID:9368
- C:\Windows\System\fSWqkwp.exe
  C:\Windows\System\fSWqkwp.exe
  2⤵
  PID:9432
- C:\Windows\System\ZWeMruR.exe
  C:\Windows\System\ZWeMruR.exe
  2⤵
  PID:9620
- C:\Windows\System\PNlMpxe.exe
  C:\Windows\System\PNlMpxe.exe
  2⤵
  PID:9732
- C:\Windows\System\HASSuDi.exe
  C:\Windows\System\HASSuDi.exe
  2⤵
  PID:9872
- C:\Windows\System\SrPcjAG.exe
  C:\Windows\System\SrPcjAG.exe
  2⤵
  PID:9944
- C:\Windows\System\BcupblT.exe
  C:\Windows\System\BcupblT.exe
  2⤵
  PID:10152
- C:\Windows\System\kuvEGNH.exe
  C:\Windows\System\kuvEGNH.exe
  2⤵
  PID:8468
- C:\Windows\System\vCHVQKX.exe
  C:\Windows\System\vCHVQKX.exe
  2⤵
  PID:9404
- C:\Windows\System\DAYaHrm.exe
  C:\Windows\System\DAYaHrm.exe
  2⤵
  PID:9660
- C:\Windows\System\MbCOVwE.exe
  C:\Windows\System\MbCOVwE.exe
  2⤵
  PID:9916
- C:\Windows\System\Rjnspwz.exe
  C:\Windows\System\Rjnspwz.exe
  2⤵
  PID:9336
- C:\Windows\System\tKWRfae.exe
  C:\Windows\System\tKWRfae.exe
  2⤵
  PID:9760
- C:\Windows\System\KkHfzHw.exe
  C:\Windows\System\KkHfzHw.exe
  2⤵
  PID:9564
- C:\Windows\System\eGxFKWJ.exe
  C:\Windows\System\eGxFKWJ.exe
  2⤵
  PID:10248
- C:\Windows\System\AiQmMLl.exe
  C:\Windows\System\AiQmMLl.exe
  2⤵
  PID:10276
- C:\Windows\System\VYIAPOd.exe
  C:\Windows\System\VYIAPOd.exe
  2⤵
  PID:10304
- C:\Windows\System\DBFDiKh.exe
  C:\Windows\System\DBFDiKh.exe
  2⤵
  PID:10332
- C:\Windows\System\MlQZrlC.exe
  C:\Windows\System\MlQZrlC.exe
  2⤵
  PID:10360
- C:\Windows\System\SrRhlhz.exe
  C:\Windows\System\SrRhlhz.exe
  2⤵
  PID:10388
- C:\Windows\System\wLzRvBQ.exe
  C:\Windows\System\wLzRvBQ.exe
  2⤵
  PID:10416
- C:\Windows\System\THolLsJ.exe
  C:\Windows\System\THolLsJ.exe
  2⤵
  PID:10444
- C:\Windows\System\WimWZEM.exe
  C:\Windows\System\WimWZEM.exe
  2⤵
  PID:10480
- C:\Windows\System\FrbiILj.exe
  C:\Windows\System\FrbiILj.exe
  2⤵
  PID:10512
- C:\Windows\System\zAIvuXN.exe
  C:\Windows\System\zAIvuXN.exe
  2⤵
  PID:10528
- C:\Windows\System\cHLZvnl.exe
  C:\Windows\System\cHLZvnl.exe
  2⤵
  PID:10556
- C:\Windows\System\aKOqsIE.exe
  C:\Windows\System\aKOqsIE.exe
  2⤵
  PID:10584
- C:\Windows\System\uhTsmFS.exe
  C:\Windows\System\uhTsmFS.exe
  2⤵
  PID:10612
- C:\Windows\System\oTzQxYo.exe
  C:\Windows\System\oTzQxYo.exe
  2⤵
  PID:10640
- C:\Windows\System\mrbDdhu.exe
  C:\Windows\System\mrbDdhu.exe
  2⤵
  PID:10668
- C:\Windows\System\SGHSxsA.exe
  C:\Windows\System\SGHSxsA.exe
  2⤵
  PID:10696
- C:\Windows\System\lGZUlMi.exe
  C:\Windows\System\lGZUlMi.exe
  2⤵
  PID:10724
- C:\Windows\System\uiDxOYP.exe
  C:\Windows\System\uiDxOYP.exe
  2⤵
  PID:10752
- C:\Windows\System\bmxBpge.exe
  C:\Windows\System\bmxBpge.exe
  2⤵
  PID:10780
- C:\Windows\System\OoyiiLU.exe
  C:\Windows\System\OoyiiLU.exe
  2⤵
  PID:10808
- C:\Windows\System\BLhxYof.exe
  C:\Windows\System\BLhxYof.exe
  2⤵
  PID:10836
- C:\Windows\System\AQLSjfU.exe
  C:\Windows\System\AQLSjfU.exe
  2⤵
  PID:10864
- C:\Windows\System\tqGASPa.exe
  C:\Windows\System\tqGASPa.exe
  2⤵
  PID:10892
- C:\Windows\System\GoWWkAp.exe
  C:\Windows\System\GoWWkAp.exe
  2⤵
  PID:10920
- C:\Windows\System\aIXwVZK.exe
  C:\Windows\System\aIXwVZK.exe
  2⤵
  PID:10948
- C:\Windows\System\rLtNNCz.exe
  C:\Windows\System\rLtNNCz.exe
  2⤵
  PID:10976
- C:\Windows\System\nCQUQkR.exe
  C:\Windows\System\nCQUQkR.exe
  2⤵
  PID:11004
- C:\Windows\System\HsrhDOr.exe
  C:\Windows\System\HsrhDOr.exe
  2⤵
  PID:11032
- C:\Windows\System\TcMosNT.exe
  C:\Windows\System\TcMosNT.exe
  2⤵
  PID:11060
- C:\Windows\System\aaVROlU.exe
  C:\Windows\System\aaVROlU.exe
  2⤵
  PID:11088
- C:\Windows\System\ULeZaIM.exe
  C:\Windows\System\ULeZaIM.exe
  2⤵
  PID:11116
- C:\Windows\System\vnVoWNs.exe
  C:\Windows\System\vnVoWNs.exe
  2⤵
  PID:11144
- C:\Windows\System\lxrgHFR.exe
  C:\Windows\System\lxrgHFR.exe
  2⤵
  PID:11172
- C:\Windows\System\KKsEQor.exe
  C:\Windows\System\KKsEQor.exe
  2⤵
  PID:11200
- C:\Windows\System\kiPMTik.exe
  C:\Windows\System\kiPMTik.exe
  2⤵
  PID:11228
- C:\Windows\System\QkdsBCc.exe
  C:\Windows\System\QkdsBCc.exe
  2⤵
  PID:11256
- C:\Windows\System\RxdTuLf.exe
  C:\Windows\System\RxdTuLf.exe
  2⤵
  PID:10288
- C:\Windows\System\RbFRLhp.exe
  C:\Windows\System\RbFRLhp.exe
  2⤵
  PID:10352
- C:\Windows\System\tRoOlVo.exe
  C:\Windows\System\tRoOlVo.exe
  2⤵
  PID:10412
- C:\Windows\System\JjHBPXk.exe
  C:\Windows\System\JjHBPXk.exe
  2⤵
  PID:10488
- C:\Windows\System\VHcPtwg.exe
  C:\Windows\System\VHcPtwg.exe
  2⤵
  PID:10548
- C:\Windows\System\CFdJFHq.exe
  C:\Windows\System\CFdJFHq.exe
  2⤵
  PID:10608
- C:\Windows\System\HvlHPdZ.exe
  C:\Windows\System\HvlHPdZ.exe
  2⤵
  PID:10684
- C:\Windows\System\jiczJza.exe
  C:\Windows\System\jiczJza.exe
  2⤵
  PID:10744
- C:\Windows\System\dCzquVA.exe
  C:\Windows\System\dCzquVA.exe
  2⤵
  PID:10804
- C:\Windows\System\LMBEuLI.exe
  C:\Windows\System\LMBEuLI.exe
  2⤵
  PID:10876
- C:\Windows\System\NUMnxba.exe
  C:\Windows\System\NUMnxba.exe
  2⤵
  PID:10940
- C:\Windows\System\CgWfYfz.exe
  C:\Windows\System\CgWfYfz.exe
  2⤵
  PID:4564
- C:\Windows\System\gUINIms.exe
  C:\Windows\System\gUINIms.exe
  2⤵
  PID:11052
- C:\Windows\System\uTeRvAi.exe
  C:\Windows\System\uTeRvAi.exe
  2⤵
  PID:4688
- C:\Windows\System\aPujFSS.exe
  C:\Windows\System\aPujFSS.exe
  2⤵
  PID:11156
- C:\Windows\System\pWLYXjB.exe
  C:\Windows\System\pWLYXjB.exe
  2⤵
  PID:11220
- C:\Windows\System\GOTksCQ.exe
  C:\Windows\System\GOTksCQ.exe
  2⤵
  PID:10268
- C:\Windows\System\qqIDAhZ.exe
  C:\Windows\System\qqIDAhZ.exe
  2⤵
  PID:10408
- C:\Windows\System\qttOeoD.exe
  C:\Windows\System\qttOeoD.exe
  2⤵
  PID:10576
- C:\Windows\System\odriKib.exe
  C:\Windows\System\odriKib.exe
  2⤵
  PID:10720
- C:\Windows\System\VnYHyUy.exe
  C:\Windows\System\VnYHyUy.exe
  2⤵
  PID:10860
- C:\Windows\System\uVRukGQ.exe
  C:\Windows\System\uVRukGQ.exe
  2⤵
  PID:11024
- C:\Windows\System\xysDDqR.exe
  C:\Windows\System\xysDDqR.exe
  2⤵
  PID:2816
- C:\Windows\System\OldWuWb.exe
  C:\Windows\System\OldWuWb.exe
  2⤵
  PID:11216
- C:\Windows\System\XGYcWCL.exe
  C:\Windows\System\XGYcWCL.exe
  2⤵
  PID:10384
- C:\Windows\System\wWImKGE.exe
  C:\Windows\System\wWImKGE.exe
  2⤵
  PID:10712
- C:\Windows\System\fhNFWxj.exe
  C:\Windows\System\fhNFWxj.exe
  2⤵
  PID:11080
- C:\Windows\System\jdxOabT.exe
  C:\Windows\System\jdxOabT.exe
  2⤵
  PID:5740
- C:\Windows\System\kZbxNzb.exe
  C:\Windows\System\kZbxNzb.exe
  2⤵
  PID:4568
- C:\Windows\System\uwilBfk.exe
  C:\Windows\System\uwilBfk.exe
  2⤵
  PID:10636
- C:\Windows\System\xYuMZtw.exe
  C:\Windows\System\xYuMZtw.exe
  2⤵
  PID:11284
- C:\Windows\System\FNGYkcf.exe
  C:\Windows\System\FNGYkcf.exe
  2⤵
  PID:11312
- C:\Windows\System\qmKlZqS.exe
  C:\Windows\System\qmKlZqS.exe
  2⤵
  PID:11340
- C:\Windows\System\sQJkORQ.exe
  C:\Windows\System\sQJkORQ.exe
  2⤵
  PID:11368
- C:\Windows\System\UNOQrCK.exe
  C:\Windows\System\UNOQrCK.exe
  2⤵
  PID:11396
- C:\Windows\System\SkuqYDv.exe
  C:\Windows\System\SkuqYDv.exe
  2⤵
  PID:11424
- C:\Windows\System\tEvZSJA.exe
  C:\Windows\System\tEvZSJA.exe
  2⤵
  PID:11452
- C:\Windows\System\ZSxFpNd.exe
  C:\Windows\System\ZSxFpNd.exe
  2⤵
  PID:11480
- C:\Windows\System\nHbqApk.exe
  C:\Windows\System\nHbqApk.exe
  2⤵
  PID:11508
- C:\Windows\System\wLonXnc.exe
  C:\Windows\System\wLonXnc.exe
  2⤵
  PID:11536
- C:\Windows\System\aKBWZoJ.exe
  C:\Windows\System\aKBWZoJ.exe
  2⤵
  PID:11576
- C:\Windows\System\RbmEujz.exe
  C:\Windows\System\RbmEujz.exe
  2⤵
  PID:11592
- C:\Windows\System\iCzNoUg.exe
  C:\Windows\System\iCzNoUg.exe
  2⤵
  PID:11620
- C:\Windows\System\zgKhdXY.exe
  C:\Windows\System\zgKhdXY.exe
  2⤵
  PID:11648
- C:\Windows\System\LKHnfBL.exe
  C:\Windows\System\LKHnfBL.exe
  2⤵
  PID:11676
- C:\Windows\System\PCAZJAC.exe
  C:\Windows\System\PCAZJAC.exe
  2⤵
  PID:11704
- C:\Windows\System\BqRRtmI.exe
  C:\Windows\System\BqRRtmI.exe
  2⤵
  PID:11732
- C:\Windows\System\KVOhTqM.exe
  C:\Windows\System\KVOhTqM.exe
  2⤵
  PID:11760
- C:\Windows\System\wCcGnzt.exe
  C:\Windows\System\wCcGnzt.exe
  2⤵
  PID:11788
- C:\Windows\System\PGhmOkv.exe
  C:\Windows\System\PGhmOkv.exe
  2⤵
  PID:11816
- C:\Windows\System\pthSwUd.exe
  C:\Windows\System\pthSwUd.exe
  2⤵
  PID:11844
- C:\Windows\System\rQXmtIZ.exe
  C:\Windows\System\rQXmtIZ.exe
  2⤵
  PID:11872
- C:\Windows\System\ycyoAFL.exe
  C:\Windows\System\ycyoAFL.exe
  2⤵
  PID:11900
- C:\Windows\System\GVmHarb.exe
  C:\Windows\System\GVmHarb.exe
  2⤵
  PID:11928
- C:\Windows\System\BtmHAgH.exe
  C:\Windows\System\BtmHAgH.exe
  2⤵
  PID:11956
- C:\Windows\System\jKrpolF.exe
  C:\Windows\System\jKrpolF.exe
  2⤵
  PID:11984
- C:\Windows\System\ntJUwWd.exe
  C:\Windows\System\ntJUwWd.exe
  2⤵
  PID:12012
- C:\Windows\System\TucKoFw.exe
  C:\Windows\System\TucKoFw.exe
  2⤵
  PID:12040
- C:\Windows\System\WSLeLxT.exe
  C:\Windows\System\WSLeLxT.exe
  2⤵
  PID:12068
- C:\Windows\System\cbYvjQF.exe
  C:\Windows\System\cbYvjQF.exe
  2⤵
  PID:12096
- C:\Windows\System\pxxlyok.exe
  C:\Windows\System\pxxlyok.exe
  2⤵
  PID:12124
- C:\Windows\System\FlfohYc.exe
  C:\Windows\System\FlfohYc.exe
  2⤵
  PID:12152
- C:\Windows\System\DopMZQY.exe
  C:\Windows\System\DopMZQY.exe
  2⤵
  PID:12180
- C:\Windows\System\CCqcxXt.exe
  C:\Windows\System\CCqcxXt.exe
  2⤵
  PID:12208
- C:\Windows\System\NpVjbxa.exe
  C:\Windows\System\NpVjbxa.exe
  2⤵
  PID:12236
- C:\Windows\System\FCHWsge.exe
  C:\Windows\System\FCHWsge.exe
  2⤵
  PID:12264
- C:\Windows\System\ZSfuRoH.exe
  C:\Windows\System\ZSfuRoH.exe
  2⤵
  PID:11276
- C:\Windows\System\mwPwUSB.exe
  C:\Windows\System\mwPwUSB.exe
  2⤵
  PID:11332
- C:\Windows\System\onwObrj.exe
  C:\Windows\System\onwObrj.exe
  2⤵
  PID:11392
- C:\Windows\System\szvchSh.exe
  C:\Windows\System\szvchSh.exe
  2⤵
  PID:11472
- C:\Windows\System\injMRNH.exe
  C:\Windows\System\injMRNH.exe
  2⤵
  PID:11500
- C:\Windows\System\QKXAkHk.exe
  C:\Windows\System\QKXAkHk.exe
  2⤵
  PID:5044
- C:\Windows\System\OCVOokM.exe
  C:\Windows\System\OCVOokM.exe
  2⤵
  PID:11560
- C:\Windows\System\DcukXLW.exe
  C:\Windows\System\DcukXLW.exe
  2⤵
  PID:11640
- C:\Windows\System\utcjucQ.exe
  C:\Windows\System\utcjucQ.exe
  2⤵
  PID:11700
- C:\Windows\System\maDPtAm.exe
  C:\Windows\System\maDPtAm.exe
  2⤵
  PID:11772
- C:\Windows\System\TWFSvBv.exe
  C:\Windows\System\TWFSvBv.exe
  2⤵
  PID:11836
- C:\Windows\System\ZajIdzb.exe
  C:\Windows\System\ZajIdzb.exe
  2⤵
  PID:11896
- C:\Windows\System\GQOtAHt.exe
  C:\Windows\System\GQOtAHt.exe
  2⤵
  PID:11968
- C:\Windows\System\WRbdWgV.exe
  C:\Windows\System\WRbdWgV.exe
  2⤵
  PID:12032
- C:\Windows\System\yNxrYDd.exe
  C:\Windows\System\yNxrYDd.exe
  2⤵
  PID:12092
- C:\Windows\System\ZeJZxop.exe
  C:\Windows\System\ZeJZxop.exe
  2⤵
  PID:12168
- C:\Windows\System\dTutgCg.exe
  C:\Windows\System\dTutgCg.exe
  2⤵
  PID:12228
- C:\Windows\System\roopiSh.exe
  C:\Windows\System\roopiSh.exe
  2⤵
  PID:11272
- C:\Windows\System\EaIfxQR.exe
  C:\Windows\System\EaIfxQR.exe
  2⤵
  PID:11440
- C:\Windows\System\pkMUqxQ.exe
  C:\Windows\System\pkMUqxQ.exe
  2⤵
  PID:4864
- C:\Windows\System\bdBiMvX.exe
  C:\Windows\System\bdBiMvX.exe
  2⤵
  PID:11636
- C:\Windows\System\VDSakuL.exe
  C:\Windows\System\VDSakuL.exe
  2⤵
  PID:11804
- C:\Windows\System\UqGDwbL.exe
  C:\Windows\System\UqGDwbL.exe
  2⤵
  PID:11948
- C:\Windows\System\UJpogbq.exe
  C:\Windows\System\UJpogbq.exe
  2⤵
  PID:12088
- C:\Windows\System\VSpLVRX.exe
  C:\Windows\System\VSpLVRX.exe
  2⤵
  PID:12256
- C:\Windows\System\gxKqJYb.exe
  C:\Windows\System\gxKqJYb.exe
  2⤵
  PID:11504
- C:\Windows\System\NGRMykC.exe
  C:\Windows\System\NGRMykC.exe
  2⤵
  PID:11756
- C:\Windows\System\LtNhNzO.exe
  C:\Windows\System\LtNhNzO.exe
  2⤵
  PID:12192
- C:\Windows\System\iAMcijp.exe
  C:\Windows\System\iAMcijp.exe
  2⤵
  PID:11696
- C:\Windows\System\IYCiGMc.exe
  C:\Windows\System\IYCiGMc.exe
  2⤵
  PID:11616
- C:\Windows\System\KqRKvKw.exe
  C:\Windows\System\KqRKvKw.exe
  2⤵
  PID:12304
- C:\Windows\System\VUPvCPp.exe
  C:\Windows\System\VUPvCPp.exe
  2⤵
  PID:12332
- C:\Windows\System\KpusyFA.exe
  C:\Windows\System\KpusyFA.exe
  2⤵
  PID:12360
- C:\Windows\System\oLeosWJ.exe
  C:\Windows\System\oLeosWJ.exe
  2⤵
  PID:12388
- C:\Windows\System\SsNgEIZ.exe
  C:\Windows\System\SsNgEIZ.exe
  2⤵
  PID:12416
- C:\Windows\System\HJCFiis.exe
  C:\Windows\System\HJCFiis.exe
  2⤵
  PID:12444
- C:\Windows\System\NUXNSfO.exe
  C:\Windows\System\NUXNSfO.exe
  2⤵
  PID:12472
- C:\Windows\System\wPdoBMM.exe
  C:\Windows\System\wPdoBMM.exe
  2⤵
  PID:12500
- C:\Windows\System\JRkluCO.exe
  C:\Windows\System\JRkluCO.exe
  2⤵
  PID:12528
- C:\Windows\System\YnRwzwY.exe
  C:\Windows\System\YnRwzwY.exe
  2⤵
  PID:12556
- C:\Windows\System\gJnsHcP.exe
  C:\Windows\System\gJnsHcP.exe
  2⤵
  PID:12596
- C:\Windows\System\TThOLBT.exe
  C:\Windows\System\TThOLBT.exe
  2⤵
  PID:12612
- C:\Windows\System\UVfuQWy.exe
  C:\Windows\System\UVfuQWy.exe
  2⤵
  PID:12640
- C:\Windows\System\bvOnxyw.exe
  C:\Windows\System\bvOnxyw.exe
  2⤵
  PID:12668
- C:\Windows\System\mWKjqyN.exe
  C:\Windows\System\mWKjqyN.exe
  2⤵
  PID:12696
- C:\Windows\System\dSBEMuo.exe
  C:\Windows\System\dSBEMuo.exe
  2⤵
  PID:12724
- C:\Windows\System\vZtNkBp.exe
  C:\Windows\System\vZtNkBp.exe
  2⤵
  PID:12752
- C:\Windows\System\MARhNuv.exe
  C:\Windows\System\MARhNuv.exe
  2⤵
  PID:12780
- C:\Windows\System\uaTZOGx.exe
  C:\Windows\System\uaTZOGx.exe
  2⤵
  PID:12828
- C:\Windows\System\QFZIoEd.exe
  C:\Windows\System\QFZIoEd.exe
  2⤵
  PID:12880
- C:\Windows\System\IzXkjNB.exe
  C:\Windows\System\IzXkjNB.exe
  2⤵
  PID:12912
- C:\Windows\System\dyvbAIb.exe
  C:\Windows\System\dyvbAIb.exe
  2⤵
  PID:12956
- C:\Windows\System\LtFTGbg.exe
  C:\Windows\System\LtFTGbg.exe
  2⤵
  PID:12988
- C:\Windows\System\Fnapplr.exe
  C:\Windows\System\Fnapplr.exe
  2⤵
  PID:13020
- C:\Windows\System\SoLyZfx.exe
  C:\Windows\System\SoLyZfx.exe
  2⤵
  PID:13048
- C:\Windows\System\WsyrOfk.exe
  C:\Windows\System\WsyrOfk.exe
  2⤵
  PID:13076
- C:\Windows\System\BgvCcLX.exe
  C:\Windows\System\BgvCcLX.exe
  2⤵
  PID:13116
- C:\Windows\System\lbMMLiB.exe
  C:\Windows\System\lbMMLiB.exe
  2⤵
  PID:13156
- C:\Windows\System\fgqGJbn.exe
  C:\Windows\System\fgqGJbn.exe
  2⤵
  PID:13184
- C:\Windows\System\MgGTMrT.exe
  C:\Windows\System\MgGTMrT.exe
  2⤵
  PID:13216
- C:\Windows\System\zyfONFm.exe
  C:\Windows\System\zyfONFm.exe
  2⤵
  PID:13260
- C:\Windows\System\GiGREuv.exe
  C:\Windows\System\GiGREuv.exe
  2⤵
  PID:13288
- C:\Windows\System\FlCapPz.exe
  C:\Windows\System\FlCapPz.exe
  2⤵
  PID:12296
- C:\Windows\System\LEMkeoz.exe
  C:\Windows\System\LEMkeoz.exe
  2⤵
  PID:12356
- C:\Windows\System\jzQSQrn.exe
  C:\Windows\System\jzQSQrn.exe
  2⤵
  PID:12432
- C:\Windows\System\WtsRbcI.exe
  C:\Windows\System\WtsRbcI.exe
  2⤵
  PID:12492
- C:\Windows\System\QPwdIKn.exe
  C:\Windows\System\QPwdIKn.exe
  2⤵
  PID:12576
- C:\Windows\System\VvjVjpr.exe
  C:\Windows\System\VvjVjpr.exe
  2⤵
  PID:12636
- C:\Windows\System\MAKIkUN.exe
  C:\Windows\System\MAKIkUN.exe
  2⤵
  PID:12712
- C:\Windows\System\TSpZWAP.exe
  C:\Windows\System\TSpZWAP.exe
  2⤵
  PID:12776
- C:\Windows\System\DDFlLtq.exe
  C:\Windows\System\DDFlLtq.exe
  2⤵
  PID:12900
- C:\Windows\System\YbaUYoM.exe
  C:\Windows\System\YbaUYoM.exe
  2⤵
  PID:12984
- C:\Windows\System\tdXkLLY.exe
  C:\Windows\System\tdXkLLY.exe
  2⤵
  PID:13060
- C:\Windows\System\CuJhLcF.exe
  C:\Windows\System\CuJhLcF.exe
  2⤵
  PID:13152
- C:\Windows\System\srpHOcl.exe
  C:\Windows\System\srpHOcl.exe
  2⤵
  PID:13256
- C:\Windows\System\jVedQpe.exe
  C:\Windows\System\jVedQpe.exe
  2⤵
  PID:12344
- C:\Windows\System\RIcqcrD.exe
  C:\Windows\System\RIcqcrD.exe
  2⤵
  PID:12520
- C:\Windows\System\JAFaRzy.exe
  C:\Windows\System\JAFaRzy.exe
  2⤵
  PID:12680
- C:\Windows\System\RJEztyR.exe
  C:\Windows\System\RJEztyR.exe
  2⤵
  PID:12896
- C:\Windows\System\bBQqeBJ.exe
  C:\Windows\System\bBQqeBJ.exe
  2⤵
  PID:13148
- C:\Windows\System\wIxQORG.exe
  C:\Windows\System\wIxQORG.exe
  2⤵
  PID:12412
- C:\Windows\System\ugqvDhy.exe
  C:\Windows\System\ugqvDhy.exe
  2⤵
  PID:12876
- C:\Windows\System\BRLfLYq.exe
  C:\Windows\System\BRLfLYq.exe
  2⤵
  PID:12632
- C:\Windows\System\zJHxBEb.exe
  C:\Windows\System\zJHxBEb.exe
  2⤵
  PID:13324
- C:\Windows\System\ASSACUH.exe
  C:\Windows\System\ASSACUH.exe
  2⤵
  PID:13352
- C:\Windows\System\aTueFeA.exe
  C:\Windows\System\aTueFeA.exe
  2⤵
  PID:13380
- C:\Windows\System\tTlMAfZ.exe
  C:\Windows\System\tTlMAfZ.exe
  2⤵
  PID:13408
- C:\Windows\System\KXYJWVc.exe
  C:\Windows\System\KXYJWVc.exe
  2⤵
  PID:13436
- C:\Windows\System\KFpuUOc.exe
  C:\Windows\System\KFpuUOc.exe
  2⤵
  PID:13464
- C:\Windows\System\BaAIhXW.exe
  C:\Windows\System\BaAIhXW.exe
  2⤵
  PID:13492
- C:\Windows\System\jDhTfOC.exe
  C:\Windows\System\jDhTfOC.exe
  2⤵
  PID:13520
- C:\Windows\System\ATBSvyv.exe
  C:\Windows\System\ATBSvyv.exe
  2⤵
  PID:13548
- C:\Windows\System\TiyVFcU.exe
  C:\Windows\System\TiyVFcU.exe
  2⤵
  PID:13576
- C:\Windows\System\EfFJKZK.exe
  C:\Windows\System\EfFJKZK.exe
  2⤵
  PID:13604
- C:\Windows\System\KDMiSpo.exe
  C:\Windows\System\KDMiSpo.exe
  2⤵
  PID:13632
- C:\Windows\System\PUfTwZO.exe
  C:\Windows\System\PUfTwZO.exe
  2⤵
  PID:13660
- C:\Windows\System\GtJsJRK.exe
  C:\Windows\System\GtJsJRK.exe
  2⤵
  PID:13688
- C:\Windows\System\jfQvWQh.exe
  C:\Windows\System\jfQvWQh.exe
  2⤵
  PID:13716
- C:\Windows\System\ZUljJgA.exe
  C:\Windows\System\ZUljJgA.exe
  2⤵
  PID:13756
- C:\Windows\System\QZfoEiV.exe
  C:\Windows\System\QZfoEiV.exe
  2⤵
  PID:13780
- C:\Windows\System\LdAiqXb.exe
  C:\Windows\System\LdAiqXb.exe
  2⤵
  PID:13820
- C:\Windows\System\tzUhHxJ.exe
  C:\Windows\System\tzUhHxJ.exe
  2⤵
  PID:13836
- C:\Windows\System\gQsGIjR.exe
  C:\Windows\System\gQsGIjR.exe
  2⤵
  PID:13864
- C:\Windows\System\oCuksVI.exe
  C:\Windows\System\oCuksVI.exe
  2⤵
  PID:13924
- C:\Windows\System\wyFHSNv.exe
  C:\Windows\System\wyFHSNv.exe
  2⤵
  PID:13984
- C:\Windows\System\TkFFGXI.exe
  C:\Windows\System\TkFFGXI.exe
  2⤵
  PID:14012
- C:\Windows\System\eUeBAUp.exe
  C:\Windows\System\eUeBAUp.exe
  2⤵
  PID:14056
- C:\Windows\System\wdxDLUo.exe
  C:\Windows\System\wdxDLUo.exe
  2⤵
  PID:14092
- C:\Windows\System\rAjjVCM.exe
  C:\Windows\System\rAjjVCM.exe
  2⤵
  PID:14120
- C:\Windows\System\sOzbpYt.exe
  C:\Windows\System\sOzbpYt.exe
  2⤵
  PID:14164
- C:\Windows\System\aqGHLKJ.exe
  C:\Windows\System\aqGHLKJ.exe
  2⤵
  PID:14192
- C:\Windows\System\yFgJANf.exe
  C:\Windows\System\yFgJANf.exe
  2⤵
  PID:14220
- C:\Windows\System\gjckQqZ.exe
  C:\Windows\System\gjckQqZ.exe
  2⤵
  PID:14256
- C:\Windows\System\hEgdsyf.exe
  C:\Windows\System\hEgdsyf.exe
  2⤵
  PID:14288
- C:\Windows\System\LlcsBGX.exe
  C:\Windows\System\LlcsBGX.exe
  2⤵
  PID:14316
- C:\Windows\System\zjtkUcE.exe
  C:\Windows\System\zjtkUcE.exe
  2⤵
  PID:13336
- C:\Windows\System\IKwZJun.exe
  C:\Windows\System\IKwZJun.exe
  2⤵
  PID:13400
- C:\Windows\System\hXTJaNi.exe
  C:\Windows\System\hXTJaNi.exe
  2⤵
  PID:13460
- C:\Windows\System\VQWKcHg.exe
  C:\Windows\System\VQWKcHg.exe
  2⤵
  PID:13516
- C:\Windows\System\TqfxPKB.exe
  C:\Windows\System\TqfxPKB.exe
  2⤵
  PID:13592
- C:\Windows\System\SRKjMek.exe
  C:\Windows\System\SRKjMek.exe
  2⤵
  PID:13652
- C:\Windows\System\BVcPjzP.exe
  C:\Windows\System\BVcPjzP.exe
  2⤵
  PID:13708
- C:\Windows\System\uGSrccs.exe
  C:\Windows\System\uGSrccs.exe
  2⤵
  PID:1288
- C:\Windows\System\WldDgex.exe
  C:\Windows\System\WldDgex.exe
  2⤵
  PID:4056
- C:\Windows\System\pGRvCmz.exe
  C:\Windows\System\pGRvCmz.exe
  2⤵
  PID:13100
- C:\Windows\System\riwiGWt.exe
  C:\Windows\System\riwiGWt.exe
  2⤵
  PID:13112
- C:\Windows\System\lnTHtcX.exe
  C:\Windows\System\lnTHtcX.exe
  2⤵
  PID:13212
- C:\Windows\System\SsDZKOs.exe
  C:\Windows\System\SsDZKOs.exe
  2⤵
  PID:12744
- C:\Windows\System\yapOmkg.exe
  C:\Windows\System\yapOmkg.exe
  2⤵
  PID:13816
- C:\Windows\System\fwRcwpe.exe
  C:\Windows\System\fwRcwpe.exe
  2⤵
  PID:13848
- C:\Windows\System\qeRcGTr.exe
  C:\Windows\System\qeRcGTr.exe
  2⤵
  PID:13940
- C:\Windows\System\WPrwKyX.exe
  C:\Windows\System\WPrwKyX.exe
  2⤵
  PID:14044
- C:\Windows\System\qrWSpGZ.exe
  C:\Windows\System\qrWSpGZ.exe
  2⤵
  PID:14188
- C:\Windows\System\ntyicqq.exe
  C:\Windows\System\ntyicqq.exe
  2⤵
  PID:14272
- C:\Windows\System\sBNphiz.exe
  C:\Windows\System\sBNphiz.exe
  2⤵
  PID:13376
- C:\Windows\System\zeRwkOz.exe
  C:\Windows\System\zeRwkOz.exe
  2⤵
  PID:13680
- C:\Windows\System\RUoFbek.exe
  C:\Windows\System\RUoFbek.exe
  2⤵
  PID:4680
- C:\Windows\System\FXvGriN.exe
  C:\Windows\System\FXvGriN.exe
  2⤵
  PID:12848
- C:\Windows\System\TTnFwaZ.exe
  C:\Windows\System\TTnFwaZ.exe
  2⤵
  PID:13144
- C:\Windows\System\ZqMUUDj.exe
  C:\Windows\System\ZqMUUDj.exe
  2⤵
  PID:13792
- C:\Windows\System\csVBhKQ.exe
  C:\Windows\System\csVBhKQ.exe
  2⤵
  PID:14232
- C:\Windows\System\CxCLUjv.exe
  C:\Windows\System\CxCLUjv.exe
  2⤵
  PID:14052
- C:\Windows\System\fyrlpdc.exe
  C:\Windows\System\fyrlpdc.exe
  2⤵
  PID:14064
- C:\Windows\System\mIOILqC.exe
  C:\Windows\System\mIOILqC.exe
  2⤵
  PID:14248
- C:\Windows\System\KNnTYFh.exe
  C:\Windows\System\KNnTYFh.exe
  2⤵
  PID:13452
- C:\Windows\System\ERhqmrx.exe
  C:\Windows\System\ERhqmrx.exe
  2⤵
  PID:13744
- C:\Windows\System\LKhLlmK.exe
  C:\Windows\System\LKhLlmK.exe
  2⤵
  PID:13768
- C:\Windows\System\FPcQpdA.exe
  C:\Windows\System\FPcQpdA.exe
  2⤵
  PID:13796
- C:\Windows\System\JwTfWct.exe
  C:\Windows\System\JwTfWct.exe
  2⤵
  PID:13888
- C:\Windows\System\FToiWLp.exe
  C:\Windows\System\FToiWLp.exe
  2⤵
  PID:14028
- C:\Windows\System\CaYTKCp.exe
  C:\Windows\System\CaYTKCp.exe
  2⤵
  PID:13876
- C:\Windows\System\pcnWrxz.exe
  C:\Windows\System\pcnWrxz.exe
  2⤵
  PID:14088
- C:\Windows\System\LoPJunh.exe
  C:\Windows\System\LoPJunh.exe
  2⤵
  PID:12860
- C:\Windows\System\SMbgiaT.exe
  C:\Windows\System\SMbgiaT.exe
  2⤵
  PID:13932
- C:\Windows\System\TXAaQpD.exe
  C:\Windows\System\TXAaQpD.exe
  2⤵
  PID:14040
- C:\Windows\System\IOBRqku.exe
  C:\Windows\System\IOBRqku.exe
  2⤵
  PID:13140
- C:\Windows\System\kopghcn.exe
  C:\Windows\System\kopghcn.exe
  2⤵
  PID:12768
- C:\Windows\System\ikLYLYU.exe
  C:\Windows\System\ikLYLYU.exe
  2⤵
  PID:3580
- C:\Windows\System\NdzQSMn.exe
  C:\Windows\System\NdzQSMn.exe
  2⤵
  PID:948
- C:\Windows\System\oOBXDZw.exe
  C:\Windows\System\oOBXDZw.exe
  2⤵
  PID:14148
- C:\Windows\System\IkfMTjB.exe
  C:\Windows\System\IkfMTjB.exe
  2⤵
  PID:14004
- C:\Windows\System\VstVGBI.exe
  C:\Windows\System\VstVGBI.exe
  2⤵
  PID:14008
- C:\Windows\System\eeMSCZq.exe
  C:\Windows\System\eeMSCZq.exe
  2⤵
  PID:14344
- C:\Windows\System\JiiwoZF.exe
  C:\Windows\System\JiiwoZF.exe
  2⤵
  PID:14372
- C:\Windows\System\dICZILC.exe
  C:\Windows\System\dICZILC.exe
  2⤵
  PID:14400
- C:\Windows\System\cFvLtYS.exe
  C:\Windows\System\cFvLtYS.exe
  2⤵
  PID:14428
- C:\Windows\System\HVwKULX.exe
  C:\Windows\System\HVwKULX.exe
  2⤵
  PID:14456
- C:\Windows\System\usSJUsJ.exe
  C:\Windows\System\usSJUsJ.exe
  2⤵
  PID:14484
- C:\Windows\System\BLNVUbr.exe
  C:\Windows\System\BLNVUbr.exe
  2⤵
  PID:14512
- C:\Windows\System\WZubHPA.exe
  C:\Windows\System\WZubHPA.exe
  2⤵
  PID:14540
- C:\Windows\System\JBwRVsp.exe
  C:\Windows\System\JBwRVsp.exe
  2⤵
  PID:14568
- C:\Windows\System\QdMZbpn.exe
  C:\Windows\System\QdMZbpn.exe
  2⤵
  PID:14608
- C:\Windows\System\cPSNtxS.exe
  C:\Windows\System\cPSNtxS.exe
  2⤵
  PID:14624
- C:\Windows\System\utbWZaz.exe
  C:\Windows\System\utbWZaz.exe
  2⤵
  PID:14652
- C:\Windows\System\sXruvvq.exe
  C:\Windows\System\sXruvvq.exe
  2⤵
  PID:14676
- C:\Windows\System\SddYHtB.exe
  C:\Windows\System\SddYHtB.exe
  2⤵
  PID:14716
- C:\Windows\System\BWzjRey.exe
  C:\Windows\System\BWzjRey.exe
  2⤵
  PID:14740
- C:\Windows\System\Rvvnmcv.exe
  C:\Windows\System\Rvvnmcv.exe
  2⤵
  PID:14768
- C:\Windows\System\lzywvdK.exe
  C:\Windows\System\lzywvdK.exe
  2⤵
  PID:14800
- C:\Windows\System\ZxLoZfF.exe
  C:\Windows\System\ZxLoZfF.exe
  2⤵
  PID:14828
- C:\Windows\System\hUoauzF.exe
  C:\Windows\System\hUoauzF.exe
  2⤵
  PID:14856
- C:\Windows\System\iDOWjDR.exe
  C:\Windows\System\iDOWjDR.exe
  2⤵
  PID:14884
- C:\Windows\System\QZSUxeu.exe
  C:\Windows\System\QZSUxeu.exe
  2⤵
  PID:14912
- C:\Windows\System\VqHWFuG.exe
  C:\Windows\System\VqHWFuG.exe
  2⤵
  PID:14940
- C:\Windows\System\NyroMep.exe
  C:\Windows\System\NyroMep.exe
  2⤵
  PID:14968
- C:\Windows\System\OUFgifb.exe
  C:\Windows\System\OUFgifb.exe
  2⤵
  PID:14996
- C:\Windows\System\LoMcuSM.exe
  C:\Windows\System\LoMcuSM.exe
  2⤵
  PID:15024
- C:\Windows\System\YrGByDd.exe
  C:\Windows\System\YrGByDd.exe
  2⤵
  PID:15052
- C:\Windows\System\sPxFJlf.exe
  C:\Windows\System\sPxFJlf.exe
  2⤵
  PID:15080
- C:\Windows\System\mNBTIjs.exe
  C:\Windows\System\mNBTIjs.exe
  2⤵
  PID:15108
- C:\Windows\System\kCJCGgZ.exe
  C:\Windows\System\kCJCGgZ.exe
  2⤵
  PID:15136
- C:\Windows\System\wUNfncj.exe
  C:\Windows\System\wUNfncj.exe
  2⤵
  PID:15164
- C:\Windows\System\ONfCdGZ.exe
  C:\Windows\System\ONfCdGZ.exe
  2⤵
  PID:15192
- C:\Windows\System\ikMljmq.exe
  C:\Windows\System\ikMljmq.exe
  2⤵
  PID:15220
- C:\Windows\System\oiQmeUh.exe
  C:\Windows\System\oiQmeUh.exe
  2⤵
  PID:15300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DBIfgvV.exe

Filesize
6.0MB

MD5
bd9a4cca4e58d38695ce161cc799d9eb

SHA1
4004cd663d4c929340c84bce13b2a4bd6266e3b7

SHA256
8378a8f65ac8c81e3be78e6ffc04bb76178eee9ae959b57b427ef7d53eef7091

SHA512
db3603937aea2709741b3254390b62401947784baeb88a3098664a95c3dd86ecf4c3e2e9f53b4fb67fa4ae6005124c3cd93ad9c6ab7c3eacac5999c61f84a1f3

Download Submit
C:\Windows\System\IHhqjkT.exe

Filesize
6.0MB

MD5
c9b64740e0a64221ced83a23417a1823

SHA1
86fa8028730734462d9e386d292e8026742172c4

SHA256
953009409855f633c698c04cef72fe81845f21784e450baad48b36cbec3f22bb

SHA512
a2c1adaf1060bbe851d52d06016b93c10278b5480bc60b90c47f30c444140b6e3827b5c1c9360f46a3b965bd9a36709083e75f8d5a0ec7e971662ce80677e739

Download Submit
C:\Windows\System\LFmSvsc.exe

Filesize
6.0MB

MD5
279964db176c3ec641c81892050b45c0

SHA1
a2b4bbab22ff2905ca361b8e44fe5023e80af31a

SHA256
748b04bced3ffc8f0a8ccfc4ab0e4212d048e0d2981426c4b5ba399d7d4666ce

SHA512
358f934fd4bd7d1bd2911b95322de48a77009c51b052ddbe502d97e17596636028d2d1fecb7c69f03689ad7a3003a99fa01129dcc29104eaf5873b305c2a21ab

Download Submit
C:\Windows\System\LhVspxo.exe

Filesize
6.0MB

MD5
bfd57075c5a7a0acd388a482e0c115c4

SHA1
7c844588f15fd3ddf71d77d2ae9fd3f0b18edbda

SHA256
123d2c2270a091074a33b1a54884616393322574e27c94d44cbc5dd15c161303

SHA512
ffdd205beec58b01a11736a2f41181aa967c4cb15e10862f4729a4fb00f4005a9ebeb7bc2e2d9541967fee1f4addc6f79e705c46e31b2786faa7c3ad93270ead

Download Submit
C:\Windows\System\MzipCcR.exe

Filesize
6.0MB

MD5
fe5717fbaead12c14ab93c59d9f3ffd8

SHA1
6a5989bb5efa5f67c01e058cfca06633dbf51809

SHA256
6b09967eb854cdf258be1c3fba3aa0e6baf2dd2b4308e5c81c3a07aa5c8faaa0

SHA512
c2bb1b673642a79006047c0bebb3d6482a92e1c69b0c7c6de3a14b21e120e5794d1177111ad6627a44022375cffcf4f629be07357ccad69844e501fe78f67928

Download Submit
C:\Windows\System\NtqfuZN.exe

Filesize
6.0MB

MD5
c6685bbbcec9227ebc22ea13b79b8e50

SHA1
52e26bf61ed587ce1c393a114e1dcdd335433ca4

SHA256
cd1891f26e9dd3bd0356b6c4eade5092dad57ff85ff5b01ee78cc2773a67413c

SHA512
8c85dbfd900c790f39782f46ce04ab11221aae9689f1dfcbe9af6fd7ba66ceec277285c0e85ecd030a88899a3ef31b0335899285b55d95b53c7ad8747808cf2e

Download Submit
C:\Windows\System\OoOjjsG.exe

Filesize
6.0MB

MD5
acd9d7de0fd4e04b97b726da7963b35c

SHA1
bd39a4e01c8bb163e4745d9f3d0e60956a544204

SHA256
3d93f8c87811ac1a93b299fa740ef9fd2f993022e26708206336e119816e90f9

SHA512
45f64d5fd5ee13398b1f0339a00994813dead78eca390933933ea3b178b0d0ff57935a2da96d08a4b30ccd565d41e2f0535e5e7ba03f7bff6cc9dfcd2ee39599

Download Submit
C:\Windows\System\QWmbdxJ.exe

Filesize
6.0MB

MD5
9c609041771f0c36f776274285a152cf

SHA1
4071e0669468cebcc1f5d16220d36f7baa92f44c

SHA256
685a3946418b7f5df6465cc25c0a1595735ada3e6361ac307bbcfae931b743a2

SHA512
b508a5c462bbb31a01cd93d91d50b06d657988f28818a3d86456de6b4891ac0a350d3f05af4937346e923630cd04bbd75331e3995d57adb74e4f05ae4ed885b4

Download Submit
C:\Windows\System\RKEIFxI.exe

Filesize
6.0MB

MD5
7b7567cd6cf458c0ea0e77af8ee50b33

SHA1
5a2ad118f8167c8b05226dab388eea0648f25595

SHA256
4f16905c3c5cadb5038904f9354c5ac065276f8c213b62c449a04782c4f6f3da

SHA512
44abaf084fb503d473aaf5e6203127a23b1ebfa2aa6ff9f7c1885c82c2c25a5ae5daa34e43dd39b0152f4d308b0f176f869a07122c9dc3cda9d5cb591f94cd3c

Download Submit
C:\Windows\System\SBIGTvG.exe

Filesize
6.0MB

MD5
8bef311e10d7f368771af828d01ba322

SHA1
58a24423a94d5985afc452751df63eff9c244a46

SHA256
7564724e0cccbe6eba689bb20bbe084a3ffdbd46631a625bc36bc811b805f67a

SHA512
0ed43cd8d9d4dc181ec76874c495b9a5cba3970f4985138f41e508d74f31ce28ac4e5912f09b125669f33063cdfce4e5be1c908d699a92124977c2add54ec251

Download Submit
C:\Windows\System\SCMDVfn.exe

Filesize
6.0MB

MD5
94972a5bc6ee83a7a268b488987de678

SHA1
2ab591af8b442e7bbaf5dc7dd8618e061e3b02de

SHA256
1773b785c98544e58b30875efb1c59cb79383ad84abcfb15d74553a1ac527b25

SHA512
cc7fa31bf2e5d4b8d60ef31b479dbfc4ff15fcadc997275fd7cd5b08d60604b2aa6a18a3a88ac3eb336946f5356c6148bb827b0c9ff1a60bf88e6439af124d94

Download Submit
C:\Windows\System\Treoevz.exe

Filesize
6.0MB

MD5
9bb13c2f207cdbedab48ac6d9ca2f689

SHA1
ec9824865d40061a58e68616e28fc3b779d7ce72

SHA256
064e6f0daee310dca4a2c1fc3c607cc00773aa35383a1c20c21ed290ba8d5905

SHA512
0e1eb9f213b43c6c95d089a611b221bef136e0bdbb06cb9003139e58325bf45e84f36139950dfafa2f1e9f1153e532f05f22db6d037e9f12e0dffeabc49bc500

Download Submit
C:\Windows\System\VanFAoK.exe

Filesize
6.0MB

MD5
c8ae8fe2c32a48b831ddbfd25b20630c

SHA1
bd0b80d15ea21f031b970fd09a46c7e6b4bb068f

SHA256
4b62adb0d3648f2e00258b3e180204c10d907e389aac93d27a1a42d97af1d54d

SHA512
9a7064b4e968597240e7a22f3a75281851604b8fe92cba87c92421c7bec26c77b01ae282ed883ef0f98f5b0027089798f10f16aa7e784f3db709a0e6c4903762

Download Submit
C:\Windows\System\VgJYBZl.exe

Filesize
6.0MB

MD5
97a81c5cd4e74e334357bc8447ea661a

SHA1
53e1611e78bdf005abd6ef393c7a8aa5a3a0951f

SHA256
c55e23310f19b1d1f5792f840e198e9889119694b82fe34c1694e0e9a155015f

SHA512
a397c225e6090bcebbf4f008625ebcb910319e4dd2ddbdcda4d87cbdf1df8c0e2468c7385bbb735aedeb6146b5e553764b25896f7aaeff602535d159de648074

Download Submit
C:\Windows\System\WIcRyOC.exe

Filesize
6.0MB

MD5
8ece9f638126d9127a6daecf97747736

SHA1
63da8ca924d5221e024e061f81422392d219d6be

SHA256
86fd5cc8ced8dbe017089adeabb3c3a9d7e1c6071fb9ed8f9ee6c1d6716e02d5

SHA512
899977849d0db36f1a88019876351f75c0192dd15885d221e4161bec7f75bb30b6deb6f05898887a0b74d35bb291a456d34d5f182c44de94ddd8e02a8b085486

Download Submit
C:\Windows\System\YEoLGDi.exe

Filesize
6.0MB

MD5
83fad828268b80e69f5159fe2876c560

SHA1
4e054431be42067336c67daad0b52b47cd5f490e

SHA256
7f22f12ad2414943974d3363ff902d30d39686f49bee56b4eae1d35c6b156ea7

SHA512
aa972f6765182a941c7ef83b0fbf63564d749a52567c8900cf8b19638fa9bf3debc98c6f1fc10709b3c68872632c85a51e0e139ae0cbcd946088dbf1f06cc2f1

Download Submit
C:\Windows\System\YqbkCIS.exe

Filesize
6.0MB

MD5
b597718ba5f92fb66ab03b8e75f867bb

SHA1
939ebe4c2228eb7a4b7ba3eb21d88bcf629e56be

SHA256
823dd56ba9c97738a4e4d71ee6643bd970c08b82644014fd580b927f99569e5b

SHA512
a943dd671575c43a21490271752dada230d6ec2eba0de50e0b6fc1f5871035ac8606ce4df60e75e806908ba76ac699aa5845dd06398541c9f054cf72ed14cb04

Download Submit
C:\Windows\System\bmbcStE.exe

Filesize
6.0MB

MD5
a007d89e93bfd5f90d449864f8a4d6d5

SHA1
d4c22e6e4f3c4035ecde722f03a46f22880f2c24

SHA256
aca5947556a40bd0644e9f2b83afc0e6876e61ab4798c5aa21ea3f62266a13ef

SHA512
11dc5f2b001ed393de433d77d5209cd052b15bef1bd72539a2a53134a7409de86ccb6289d2e06714629f80bc0d290298cc22eeb9d9cfecbb3d28ff7af0b23f90

Download Submit
C:\Windows\System\cPcZJfG.exe

Filesize
6.0MB

MD5
9de3cfc611d127f15189343bf5b1b46b

SHA1
a9838f220f1a05af03cec306768bf69f2166c5b5

SHA256
07bf393d1ff13224f2948d4710ad4ed57be5e843746e236046a6e9837729ca72

SHA512
20d2d5662356a530a58c6ec284b2499eacdb8e9442ca73073c648664d121de348f82f438cf30b601e8793b182041af647c0fb9a95f0a473b6a30b736d162c709

Download Submit
C:\Windows\System\eiNMdvU.exe

Filesize
6.0MB

MD5
6777ade4369bbc0dde795be90a42c292

SHA1
c3e4542c30019453868dcea1ea7e2b616b918ce7

SHA256
3369d7143bac0f84882d5c24b9a839503a202d627e219336050f659717192609

SHA512
7f9b00a3a39035d01777f946ec5af50274f433304a423f909e2ad049fdb78093ff329d86d5bfc6cc027069d933d39a1117acd889cc09b8f7f0ddea554c199b4d

Download Submit
C:\Windows\System\elYvLXE.exe

Filesize
6.0MB

MD5
faff104a35d38a5fe8f4bd2e9283c071

SHA1
734955ebb33ef1488674ecf1be3c5a939b00c69f

SHA256
90316b2a311a7b9a6d0cf2adb56899d0f27bc0dc3188d0773626b4d12ef7d2e2

SHA512
5cc2fed0a6b2539d172e9335d21f9ec2cbaf6cc4f9bbc2442ae3cbc044dd436fc5f4ad40633a2204e37f6723c7f97704c9d8209e954b212742e3f890b33e4a18

Download Submit
C:\Windows\System\fDxEGeg.exe

Filesize
6.0MB

MD5
d56f9dc7fd229f5e7cad2f7401bcfb1a

SHA1
9db50dfa313427078401165aa689da35ae94f145

SHA256
875cabfba7ba1cee5311e1e9a5d418f629ea511322c52b03603b0ec087b83edc

SHA512
5e7f2f300c5757c7ebf54e961845a7d4cb1729fc71b75ac5cc59d1c910409794d4da5fd848a84f5b1caedd465d7edd113389c1daf8f878dc56022f464336a6b7

Download Submit
C:\Windows\System\gNgulZk.exe

Filesize
6.0MB

MD5
af68f810e3a33a0da9388546e8dd3bc4

SHA1
216d0fce067d72d36ee8916bdd2198193f6bb29c

SHA256
1c112965eb5eb390a1373a5855b82990ecabeb396c1c83eeb3b0c56e3ffd8cea

SHA512
0c8b8541c95e24f3d49b90ad43adb3f0e3bc777f42d4a31d19252f3dfbf5bdc1a05d2442c218813864aaecff9e8d444a1dc70c541ae34a06faf4b9798a5630d3

Download Submit
C:\Windows\System\kxDydzt.exe

Filesize
6.0MB

MD5
44cb2d7516bcc569b3a8971ae0453724

SHA1
541149c4d52b830b68a92424f0203caaa49dee0c

SHA256
571f6898481554711a6259c45b98db570924e9bc0f4428ab749e317eff47f335

SHA512
e906027c7f827919a028303349c0d4b8376ef802d232c907b0b4165d3aaa228d24d5ded0daefbec161e2e3157039eea199bbfe2d847c79968a7de33dc51db1ce

Download Submit
C:\Windows\System\lIWYnsv.exe

Filesize
6.0MB

MD5
92e1301800d6d7e8e7bc3be93b82b415

SHA1
aae4a901758a1fa16205758ed78cee014071ecf7

SHA256
83d96cddb6397ade6f586b7f7c1f416b20c8a6423c422ab5c02828b621ca053a

SHA512
7cce46e8684e560598a677bd51c83a34ae12da18f79e4878485907f31ee85596148d45013679909869de72c32dc366bf78909fc58b214b630c157e11473ea970

Download Submit
C:\Windows\System\ldupVKi.exe

Filesize
6.0MB

MD5
646f652387f1e78c90a7fd392829f1b7

SHA1
7e466efa9d8d09510df8e02d99c562f0dcc65a97

SHA256
a26380a965b57e86ba6bd786b27c5ec67f8d4cfede98b1f59a7027d9ef0c8ac1

SHA512
5dedc3903bf2e96bcc096d08f531e732dfd803d72b5fbd516e78287ef26ec8109a8b394cdc7ba0321909ceb52f57973ea093370aded231ef0aa187ccb7b2521c

Download Submit
C:\Windows\System\oURfkuH.exe

Filesize
6.0MB

MD5
8d166063eaa4f084807ffdbf5520fb6a

SHA1
24c4e17b0a5b6ef82d9dd75535eca03360d68fdd

SHA256
920b295da4d159a4986a92508ef46040e623b993df226d73e806cd97a95904a0

SHA512
97e1487386746260486dd756f38097c58228e2266f9f78993f4ac1d8d13d6acc5fe28d581d5ab73c0e754dea445c597e4f6dfe1a65d8cc5d76e4f9c6293f0ad6

Download Submit
C:\Windows\System\oyzzDNv.exe

Filesize
6.0MB

MD5
13553783865bc422032aad60ba34fbe6

SHA1
fb49c39db73cbcd274b282317aab56bc3cf3d78d

SHA256
8ac71b42366cf10f495c5bb890046c9c3ccf0291c9ff468f67e2813f88dccb31

SHA512
67d08ed51a3231b06ffbfb72dbaeb1bd63f4e99d2924007dbf5692523f41cad576221542a92bbdede1ec275ddbbf4696237a024e01ed9f77ffb8448d6b3eaaf8

Download Submit
C:\Windows\System\pYSCgXi.exe

Filesize
6.0MB

MD5
e305924b2d0607b0fa2c770601fa6ede

SHA1
194b0d5a37e431b10e6f212e0889628980105037

SHA256
2411f224b2fce18436d674500f656ed75f0d34c75dcc4bef69a1672baa3ee186

SHA512
a660c0e21e54762121f576d5d0151e929aece2964f400b7d9023362c5ef666bc792e51074c48632eebd68bcd7f69503eb0f4442f0551f27763df5167774d3161

Download Submit
C:\Windows\System\qiQIWab.exe

Filesize
6.0MB

MD5
e4de79252e79c4cc8f35f231d6f14224

SHA1
d6eec4d412d62dd5d180ee78bb22094caae9c6b0

SHA256
09d65585b034f5ca25c4ac0561fcf5e33879c1de0d92c5f3e1e6a3939bf2b22b

SHA512
429047edaec62594d7b8f0c5ca93f7bb088ea65fdce131f3ef156ef4708c97207431465a7f1c5b0355bf4c2d8481d4e656abfc04faee763d53f20de8125703fe

Download Submit
C:\Windows\System\vFYQBcy.exe

Filesize
6.0MB

MD5
0134d15056cd36a8c61c1981db82e79b

SHA1
ac5efd2ba4b03dfd376860032777a7e0185aaf31

SHA256
db47b4ef919f96c177cc2ac03da57ce97f19e2d0d342ec3b78b72337513444d9

SHA512
54e33c1c16daa22348d18ce972220aa2cd72df87615294ee423b0ad38119f93eea195895d7511dd806ab517525d850c11a47c39204ea074263a6d6c8ca971884

Download Submit
C:\Windows\System\vXrtPBJ.exe

Filesize
6.0MB

MD5
0ebfb7377441a7d1fcb542c98a3220ac

SHA1
a76d078d9664f68367ddd2ad1c0fd480bddc5cd5

SHA256
ccdb49197fcb3b37fc02c40a288b5ef6f56d2fcb79e97668885edb6e139e335d

SHA512
25714cd15c259c771bd04481810d133c67ff4ea2acb61371d194db60a9014ed0a8ae27ddd3e5cf146c520a6e394cbc68c4cd2197049cbf09cac8d3a9848f8c6e

Download Submit
C:\Windows\System\zfOtKRw.exe

Filesize
6.0MB

MD5
024c2b27fa949f27a418e29f5beffb75

SHA1
188ed9c604b8bc2355340ed5aed43fda770b6020

SHA256
50e5c83caf028563fa63860b8b75e8152a004864abce1e6091211cbe0b72b894

SHA512
4ef8b370bd2eb2185fd87bd6c6eb94607cf008590cb591910ff86fa74f75564222c27229262d857f5f5ca9aa1361db377c9ff69c8012cb3a71a652f3500474d7

Download Submit
memory/384-2263-0x00007FF733140000-0x00007FF733494000-memory.dmp

Filesize
3.3MB

Download
memory/384-626-0x00007FF733140000-0x00007FF733494000-memory.dmp

Filesize
3.3MB

Download
memory/384-97-0x00007FF733140000-0x00007FF733494000-memory.dmp

Filesize
3.3MB

Download
memory/464-13-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp

Filesize
3.3MB

Download
memory/464-62-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp

Filesize
3.3MB

Download
memory/464-1892-0x00007FF60C2C0000-0x00007FF60C614000-memory.dmp

Filesize
3.3MB

Download
memory/1208-392-0x00007FF7DBC90000-0x00007FF7DBFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-2268-0x00007FF7DBC90000-0x00007FF7DBFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-50-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1-0x000001A4308A0000-0x000001A4308B0000-memory.dmp

Filesize
64KB

Download
memory/1436-0-0x00007FF7857F0000-0x00007FF785B44000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2270-0x00007FF615E30000-0x00007FF616184000-memory.dmp

Filesize
3.3MB

Download
memory/1728-307-0x00007FF615E30000-0x00007FF616184000-memory.dmp

Filesize
3.3MB

Download
memory/1804-56-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp

Filesize
3.3MB

Download
memory/1804-118-0x00007FF7909B0000-0x00007FF790D04000-memory.dmp

Filesize
3.3MB

Download
memory/2144-51-0x00007FF768EC0000-0x00007FF769214000-memory.dmp

Filesize
3.3MB

Download
memory/2568-2274-0x00007FF7CD190000-0x00007FF7CD4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-315-0x00007FF7CD190000-0x00007FF7CD4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1887-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-55-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-7-0x00007FF6A7550000-0x00007FF6A78A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-571-0x00007FF7339C0000-0x00007FF733D14000-memory.dmp

Filesize
3.3MB

Download
memory/2928-91-0x00007FF7339C0000-0x00007FF733D14000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2261-0x00007FF7339C0000-0x00007FF733D14000-memory.dmp

Filesize
3.3MB

Download
memory/3316-829-0x00007FF61AE30000-0x00007FF61B184000-memory.dmp

Filesize
3.3MB

Download
memory/3316-303-0x00007FF61AE30000-0x00007FF61B184000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2267-0x00007FF61AE30000-0x00007FF61B184000-memory.dmp

Filesize
3.3MB

Download
memory/3492-119-0x00007FF642C80000-0x00007FF642FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2266-0x00007FF642C80000-0x00007FF642FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-309-0x00007FF6BA3E0000-0x00007FF6BA734000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2271-0x00007FF6BA3E0000-0x00007FF6BA734000-memory.dmp

Filesize
3.3MB

Download
memory/3992-106-0x00007FF74AC30000-0x00007FF74AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2264-0x00007FF74AC30000-0x00007FF74AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3992-629-0x00007FF74AC30000-0x00007FF74AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3996-306-0x00007FF7A2060000-0x00007FF7A23B4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2269-0x00007FF7A2060000-0x00007FF7A23B4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-18-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4016-1960-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4016-75-0x00007FF6C6FD0000-0x00007FF6C7324000-memory.dmp

Filesize
3.3MB

Download
memory/4316-110-0x00007FF7B1C00000-0x00007FF7B1F54000-memory.dmp

Filesize
3.3MB

Download
memory/4316-754-0x00007FF7B1C00000-0x00007FF7B1F54000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2265-0x00007FF7B1C00000-0x00007FF7B1F54000-memory.dmp

Filesize
3.3MB

Download
memory/4424-85-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-1971-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-30-0x00007FF6BF650000-0x00007FF6BF9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-388-0x00007FF7052B0000-0x00007FF705604000-memory.dmp

Filesize
3.3MB

Download
memory/4448-2277-0x00007FF7052B0000-0x00007FF705604000-memory.dmp

Filesize
3.3MB

Download
memory/4452-384-0x00007FF7F2540000-0x00007FF7F2894000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2275-0x00007FF7F2540000-0x00007FF7F2894000-memory.dmp

Filesize
3.3MB

Download
memory/4484-96-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-38-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2119-0x00007FF7D3160000-0x00007FF7D34B4000-memory.dmp

Filesize
3.3MB

Download
memory/4492-64-0x00007FF737EC0000-0x00007FF738214000-memory.dmp

Filesize
3.3MB

Download
memory/4492-123-0x00007FF737EC0000-0x00007FF738214000-memory.dmp

Filesize
3.3MB

Download
memory/4644-103-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2133-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-42-0x00007FF707B50000-0x00007FF707EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1964-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-81-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-25-0x00007FF60CB80000-0x00007FF60CED4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2262-0x00007FF6FFA40000-0x00007FF6FFD94000-memory.dmp

Filesize
3.3MB

Download
memory/4784-89-0x00007FF6FFA40000-0x00007FF6FFD94000-memory.dmp

Filesize
3.3MB

Download
memory/4784-448-0x00007FF6FFA40000-0x00007FF6FFD94000-memory.dmp

Filesize
3.3MB

Download
memory/4916-69-0x00007FF7B1E00000-0x00007FF7B2154000-memory.dmp

Filesize
3.3MB

Download
memory/4916-390-0x00007FF7B1E00000-0x00007FF7B2154000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2247-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp

Filesize
3.3MB

Download
memory/4980-76-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp

Filesize
3.3MB

Download
memory/4980-409-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp

Filesize
3.3MB

Download
memory/5344-2276-0x00007FF6393C0000-0x00007FF639714000-memory.dmp

Filesize
3.3MB

Download
memory/5344-387-0x00007FF6393C0000-0x00007FF639714000-memory.dmp

Filesize
3.3MB

Download
memory/5348-312-0x00007FF7126C0000-0x00007FF712A14000-memory.dmp

Filesize
3.3MB

Download
memory/5348-2273-0x00007FF7126C0000-0x00007FF712A14000-memory.dmp

Filesize
3.3MB

Download
memory/6064-2272-0x00007FF6D7600000-0x00007FF6D7954000-memory.dmp

Filesize
3.3MB

Download
memory/6064-311-0x00007FF6D7600000-0x00007FF6D7954000-memory.dmp

Filesize
3.3MB

Download