cobaltstrike | 0bd16f58ce4f767f5af13c3ca6661a0e1b23ed2195b1af37635b746c029d940b

Analysis

max time kernel
125s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

3274488c82a8f49a502e1817a9e37b26
SHA1

1e4a75734361ce1d1723d7ea7b282701e12bc58e
SHA256

0bd16f58ce4f767f5af13c3ca6661a0e1b23ed2195b1af37635b746c029d940b
SHA512

e6b07973bb124df139262f437d3e8bf703d3d81de93c7438d9be9a8fba3dccdc6da76d39a4a1619057e29788c8a34bcfb3d5b39d46c4ff92a1cb1026299e9000
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000023f44-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002405e-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002405d-16.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002405f-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024060-28.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002405a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024062-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024063-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024064-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024065-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024066-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024067-75.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024068-82.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406b-112.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024075-150.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002407c-185.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002407a-183.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002407b-180.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024079-175.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024078-171.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024077-167.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024076-163.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024074-153.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024073-145.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024072-141.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024071-135.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024070-131.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406f-129.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406e-122.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406c-114.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002406a-97.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024069-93.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/4828-0-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp	xmrig
behavioral1/files/0x000e000000023f44-6.dat	xmrig
behavioral1/memory/4420-8-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp	xmrig
behavioral1/files/0x000700000002405e-10.dat	xmrig
behavioral1/files/0x000700000002405d-16.dat	xmrig
behavioral1/files/0x000700000002405f-22.dat	xmrig
behavioral1/memory/1676-21-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp	xmrig
behavioral1/memory/4996-26-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp	xmrig
behavioral1/memory/4904-14-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024060-28.dat	xmrig
behavioral1/memory/3824-32-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp	xmrig
behavioral1/files/0x000800000002405a-35.dat	xmrig
behavioral1/memory/2132-36-0x00007FF656130000-0x00007FF656484000-memory.dmp	xmrig
behavioral1/files/0x0007000000024062-41.dat	xmrig
behavioral1/memory/220-44-0x00007FF650AB0000-0x00007FF650E04000-memory.dmp	xmrig
behavioral1/memory/5032-51-0x00007FF770390000-0x00007FF7706E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024063-53.dat	xmrig
behavioral1/files/0x0007000000024064-55.dat	xmrig
behavioral1/files/0x0007000000024065-62.dat	xmrig
behavioral1/files/0x0007000000024066-68.dat	xmrig
behavioral1/files/0x0007000000024067-75.dat	xmrig
behavioral1/files/0x0007000000024068-82.dat	xmrig
behavioral1/memory/3824-95-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp	xmrig
behavioral1/files/0x000700000002406b-112.dat	xmrig
behavioral1/files/0x0007000000024075-150.dat	xmrig
behavioral1/memory/3424-1127-0x00007FF792950000-0x00007FF792CA4000-memory.dmp	xmrig
behavioral1/memory/4812-1128-0x00007FF782DE0000-0x00007FF783134000-memory.dmp	xmrig
behavioral1/memory/2492-1131-0x00007FF747E70000-0x00007FF7481C4000-memory.dmp	xmrig
behavioral1/memory/2184-1130-0x00007FF659890000-0x00007FF659BE4000-memory.dmp	xmrig
behavioral1/memory/1028-1133-0x00007FF760FC0000-0x00007FF761314000-memory.dmp	xmrig
behavioral1/memory/4816-1134-0x00007FF725000000-0x00007FF725354000-memory.dmp	xmrig
behavioral1/memory/2760-1137-0x00007FF632000000-0x00007FF632354000-memory.dmp	xmrig
behavioral1/files/0x000700000002407c-185.dat	xmrig
behavioral1/files/0x000700000002407a-183.dat	xmrig
behavioral1/files/0x000700000002407b-180.dat	xmrig
behavioral1/memory/4708-1138-0x00007FF623BF0000-0x00007FF623F44000-memory.dmp	xmrig
behavioral1/files/0x0007000000024079-175.dat	xmrig
behavioral1/files/0x0007000000024078-171.dat	xmrig
behavioral1/files/0x0007000000024077-167.dat	xmrig
behavioral1/files/0x0007000000024076-163.dat	xmrig
behavioral1/files/0x0007000000024074-153.dat	xmrig
behavioral1/files/0x0007000000024073-145.dat	xmrig
behavioral1/files/0x0007000000024072-141.dat	xmrig
behavioral1/files/0x0007000000024071-135.dat	xmrig
behavioral1/files/0x0007000000024070-131.dat	xmrig
behavioral1/files/0x000700000002406f-129.dat	xmrig
behavioral1/files/0x000700000002406e-122.dat	xmrig
behavioral1/files/0x000700000002406d-118.dat	xmrig
behavioral1/files/0x000700000002406c-114.dat	xmrig
behavioral1/memory/2132-106-0x00007FF656130000-0x00007FF656484000-memory.dmp	xmrig
behavioral1/files/0x000700000002406a-97.dat	xmrig
behavioral1/memory/2376-96-0x00007FF7A6260000-0x00007FF7A65B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024069-93.dat	xmrig
behavioral1/memory/2320-90-0x00007FF7F8270000-0x00007FF7F85C4000-memory.dmp	xmrig
behavioral1/memory/2312-89-0x00007FF6A7670000-0x00007FF6A79C4000-memory.dmp	xmrig
behavioral1/memory/2724-81-0x00007FF660580000-0x00007FF6608D4000-memory.dmp	xmrig
behavioral1/memory/4996-80-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp	xmrig
behavioral1/memory/3304-70-0x00007FF608FA0000-0x00007FF6092F4000-memory.dmp	xmrig
behavioral1/memory/1676-69-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp	xmrig
behavioral1/memory/3108-67-0x00007FF62CF10000-0x00007FF62D264000-memory.dmp	xmrig
behavioral1/memory/4904-66-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp	xmrig
behavioral1/memory/1408-60-0x00007FF63E480000-0x00007FF63E7D4000-memory.dmp	xmrig
behavioral1/memory/4420-57-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp	xmrig
behavioral1/memory/4828-48-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4420	SgwcIjB.exe
4904	wXWVHox.exe
1676	FtoVAZD.exe
4996	cbTOSUF.exe
3824	JBaOLWp.exe
2132	phgNZjT.exe
220	rMsfDLJ.exe
5032	cWQxzqd.exe
1408	XmFWBkk.exe
3108	zovAiEP.exe
3304	TBSntaP.exe
2724	yKOIcor.exe
2312	dwUrzMh.exe
2320	zcwkgiR.exe
2376	ExGbDTI.exe
3424	CBxNUnm.exe
1056	mJebOzm.exe
4812	wfSwqLC.exe
2184	eXKjYxz.exe
2492	FVDGNaf.exe
1028	JWUDMiW.exe
4816	KeDSPpv.exe
2760	yTcXOtv.exe
4708	XonoApp.exe
4340	hbmDRTK.exe
4068	kvNYXXD.exe
2144	tJmDMGo.exe
1920	zNGDXgg.exe
4636	NEbqNdu.exe
3996	iPapFhD.exe
4488	BSyWktm.exe
2768	OMGqbpD.exe
1108	kWnsnaq.exe
2272	KeyNuRs.exe
4664	RspSYVq.exe
3724	zRZXlQZ.exe
4988	MEMoyZA.exe
4980	FxVIaqn.exe
4888	GvwmvTG.exe
4252	gCbaQms.exe
3620	WooOUYL.exe
3616	ltytJjF.exe
4436	qKmtYIb.exe
2512	vFEPKjH.exe
4740	YIbslpv.exe
4280	TMWtFnx.exe
4800	WeDflXB.exe
3708	ukNEOeU.exe
2756	UrqUZle.exe
4152	yKOQBIL.exe
1792	nXcbNRx.exe
3252	cVeYUUQ.exe
1552	GRcJplV.exe
1696	qHStoBj.exe
888	WcAfRam.exe
3744	rXWbtVK.exe
4912	xIeZQRh.exe
4116	qjEJaUI.exe
3864	AtfwHxS.exe
4452	fwCkBGw.exe
3100	sYCAEOd.exe
8	vQEypjC.exe
2644	SEAbalu.exe
1852	rDjGKEM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4828-0-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp	upx
behavioral1/files/0x000e000000023f44-6.dat	upx
behavioral1/memory/4420-8-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp	upx
behavioral1/files/0x000700000002405e-10.dat	upx
behavioral1/files/0x000700000002405d-16.dat	upx
behavioral1/files/0x000700000002405f-22.dat	upx
behavioral1/memory/1676-21-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp	upx
behavioral1/memory/4996-26-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp	upx
behavioral1/memory/4904-14-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp	upx
behavioral1/files/0x0007000000024060-28.dat	upx
behavioral1/memory/3824-32-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp	upx
behavioral1/files/0x000800000002405a-35.dat	upx
behavioral1/memory/2132-36-0x00007FF656130000-0x00007FF656484000-memory.dmp	upx
behavioral1/files/0x0007000000024062-41.dat	upx
behavioral1/memory/220-44-0x00007FF650AB0000-0x00007FF650E04000-memory.dmp	upx
behavioral1/memory/5032-51-0x00007FF770390000-0x00007FF7706E4000-memory.dmp	upx
behavioral1/files/0x0007000000024063-53.dat	upx
behavioral1/files/0x0007000000024064-55.dat	upx
behavioral1/files/0x0007000000024065-62.dat	upx
behavioral1/files/0x0007000000024066-68.dat	upx
behavioral1/files/0x0007000000024067-75.dat	upx
behavioral1/files/0x0007000000024068-82.dat	upx
behavioral1/memory/3824-95-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp	upx
behavioral1/files/0x000700000002406b-112.dat	upx
behavioral1/files/0x0007000000024075-150.dat	upx
behavioral1/memory/3424-1127-0x00007FF792950000-0x00007FF792CA4000-memory.dmp	upx
behavioral1/memory/4812-1128-0x00007FF782DE0000-0x00007FF783134000-memory.dmp	upx
behavioral1/memory/2492-1131-0x00007FF747E70000-0x00007FF7481C4000-memory.dmp	upx
behavioral1/memory/2184-1130-0x00007FF659890000-0x00007FF659BE4000-memory.dmp	upx
behavioral1/memory/1028-1133-0x00007FF760FC0000-0x00007FF761314000-memory.dmp	upx
behavioral1/memory/4816-1134-0x00007FF725000000-0x00007FF725354000-memory.dmp	upx
behavioral1/memory/2760-1137-0x00007FF632000000-0x00007FF632354000-memory.dmp	upx
behavioral1/files/0x000700000002407c-185.dat	upx
behavioral1/files/0x000700000002407a-183.dat	upx
behavioral1/files/0x000700000002407b-180.dat	upx
behavioral1/memory/4708-1138-0x00007FF623BF0000-0x00007FF623F44000-memory.dmp	upx
behavioral1/files/0x0007000000024079-175.dat	upx
behavioral1/files/0x0007000000024078-171.dat	upx
behavioral1/files/0x0007000000024077-167.dat	upx
behavioral1/files/0x0007000000024076-163.dat	upx
behavioral1/files/0x0007000000024074-153.dat	upx
behavioral1/files/0x0007000000024073-145.dat	upx
behavioral1/files/0x0007000000024072-141.dat	upx
behavioral1/files/0x0007000000024071-135.dat	upx
behavioral1/files/0x0007000000024070-131.dat	upx
behavioral1/files/0x000700000002406f-129.dat	upx
behavioral1/files/0x000700000002406e-122.dat	upx
behavioral1/files/0x000700000002406d-118.dat	upx
behavioral1/files/0x000700000002406c-114.dat	upx
behavioral1/memory/2132-106-0x00007FF656130000-0x00007FF656484000-memory.dmp	upx
behavioral1/files/0x000700000002406a-97.dat	upx
behavioral1/memory/2376-96-0x00007FF7A6260000-0x00007FF7A65B4000-memory.dmp	upx
behavioral1/files/0x0007000000024069-93.dat	upx
behavioral1/memory/2320-90-0x00007FF7F8270000-0x00007FF7F85C4000-memory.dmp	upx
behavioral1/memory/2312-89-0x00007FF6A7670000-0x00007FF6A79C4000-memory.dmp	upx
behavioral1/memory/2724-81-0x00007FF660580000-0x00007FF6608D4000-memory.dmp	upx
behavioral1/memory/4996-80-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp	upx
behavioral1/memory/3304-70-0x00007FF608FA0000-0x00007FF6092F4000-memory.dmp	upx
behavioral1/memory/1676-69-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp	upx
behavioral1/memory/3108-67-0x00007FF62CF10000-0x00007FF62D264000-memory.dmp	upx
behavioral1/memory/4904-66-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp	upx
behavioral1/memory/1408-60-0x00007FF63E480000-0x00007FF63E7D4000-memory.dmp	upx
behavioral1/memory/4420-57-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp	upx
behavioral1/memory/4828-48-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YGkQIOR.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lkpoWVe.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VEhLufv.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nlfkAbm.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bGEnDyg.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cawfIKa.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BcMoMlS.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nHfvzNe.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VNtBboc.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ylPGKgA.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xzzWFxW.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mJebOzm.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eOQwOLx.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lyBnjXE.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fnnnBDx.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oqxbrZW.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aqKVmXc.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KAxgTIn.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aApLumC.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\swFoYDa.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rRLSyqk.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hWyfHvQ.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Lvildio.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GINoLHf.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sSBymPG.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kifaDXF.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kWnsnaq.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mrkQXDc.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\auaJnkG.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\poEIPXY.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZiIpoAv.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mJOvQtS.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BaUOfNk.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fwCkBGw.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\clASRnc.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xeuARxS.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vkMeBKS.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DmKfjis.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\feAyGMv.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RpyLLsx.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nQGpvvV.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VbjYzQH.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jrekOYF.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CMEDKUJ.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cEdbBvT.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\unCJcBl.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JYvNflm.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hBUYAZL.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cBUIjbQ.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wXWVHox.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\omrQJao.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TqFQsRu.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qTespaI.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cWQxzqd.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FVDGNaf.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TMWtFnx.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\otOmcaY.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VEITTWS.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wfCVcMj.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YoPinBq.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rVvXnLd.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yTcXOtv.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sYCAEOd.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jDnnARz.exe	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14532	dwm.exe
Token: SeChangeNotifyPrivilege	14532	dwm.exe
Token: 33	14532	dwm.exe
Token: SeIncBasePriorityPrivilege	14532	dwm.exe
Token: SeShutdownPrivilege	14532	dwm.exe
Token: SeCreatePagefilePrivilege	14532	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4420	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4828 wrote to memory of 4420	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4828 wrote to memory of 4904	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4828 wrote to memory of 4904	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4828 wrote to memory of 1676	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4828 wrote to memory of 1676	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4828 wrote to memory of 4996	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4828 wrote to memory of 4996	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4828 wrote to memory of 3824	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4828 wrote to memory of 3824	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4828 wrote to memory of 2132	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4828 wrote to memory of 2132	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4828 wrote to memory of 220	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4828 wrote to memory of 220	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4828 wrote to memory of 5032	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4828 wrote to memory of 5032	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4828 wrote to memory of 1408	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4828 wrote to memory of 1408	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4828 wrote to memory of 3108	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4828 wrote to memory of 3108	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4828 wrote to memory of 3304	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4828 wrote to memory of 3304	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4828 wrote to memory of 2724	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4828 wrote to memory of 2724	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4828 wrote to memory of 2312	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4828 wrote to memory of 2312	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4828 wrote to memory of 2320	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4828 wrote to memory of 2320	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4828 wrote to memory of 2376	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4828 wrote to memory of 2376	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4828 wrote to memory of 3424	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4828 wrote to memory of 3424	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4828 wrote to memory of 1056	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4828 wrote to memory of 1056	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4828 wrote to memory of 4812	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4828 wrote to memory of 4812	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4828 wrote to memory of 2184	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4828 wrote to memory of 2184	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4828 wrote to memory of 2492	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4828 wrote to memory of 2492	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4828 wrote to memory of 1028	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4828 wrote to memory of 1028	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4828 wrote to memory of 4816	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4828 wrote to memory of 4816	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4828 wrote to memory of 2760	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4828 wrote to memory of 2760	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4828 wrote to memory of 4708	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4828 wrote to memory of 4708	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4828 wrote to memory of 4340	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4828 wrote to memory of 4340	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4828 wrote to memory of 4068	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4828 wrote to memory of 4068	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4828 wrote to memory of 2144	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4828 wrote to memory of 2144	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4828 wrote to memory of 1920	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4828 wrote to memory of 1920	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4828 wrote to memory of 4636	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 4828 wrote to memory of 4636	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 4828 wrote to memory of 3996	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 4828 wrote to memory of 3996	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 4828 wrote to memory of 4488	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 4828 wrote to memory of 4488	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 4828 wrote to memory of 2768	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 4828 wrote to memory of 2768	4828	2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_3274488c82a8f49a502e1817a9e37b26_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\System\SgwcIjB.exe
  C:\Windows\System\SgwcIjB.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\wXWVHox.exe
  C:\Windows\System\wXWVHox.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\FtoVAZD.exe
  C:\Windows\System\FtoVAZD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\cbTOSUF.exe
  C:\Windows\System\cbTOSUF.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\JBaOLWp.exe
  C:\Windows\System\JBaOLWp.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\phgNZjT.exe
  C:\Windows\System\phgNZjT.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\rMsfDLJ.exe
  C:\Windows\System\rMsfDLJ.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\cWQxzqd.exe
  C:\Windows\System\cWQxzqd.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\XmFWBkk.exe
  C:\Windows\System\XmFWBkk.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\zovAiEP.exe
  C:\Windows\System\zovAiEP.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\TBSntaP.exe
  C:\Windows\System\TBSntaP.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\yKOIcor.exe
  C:\Windows\System\yKOIcor.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\dwUrzMh.exe
  C:\Windows\System\dwUrzMh.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\zcwkgiR.exe
  C:\Windows\System\zcwkgiR.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ExGbDTI.exe
  C:\Windows\System\ExGbDTI.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\CBxNUnm.exe
  C:\Windows\System\CBxNUnm.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\mJebOzm.exe
  C:\Windows\System\mJebOzm.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\wfSwqLC.exe
  C:\Windows\System\wfSwqLC.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\eXKjYxz.exe
  C:\Windows\System\eXKjYxz.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FVDGNaf.exe
  C:\Windows\System\FVDGNaf.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\JWUDMiW.exe
  C:\Windows\System\JWUDMiW.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\KeDSPpv.exe
  C:\Windows\System\KeDSPpv.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\yTcXOtv.exe
  C:\Windows\System\yTcXOtv.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XonoApp.exe
  C:\Windows\System\XonoApp.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\hbmDRTK.exe
  C:\Windows\System\hbmDRTK.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\kvNYXXD.exe
  C:\Windows\System\kvNYXXD.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\tJmDMGo.exe
  C:\Windows\System\tJmDMGo.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\zNGDXgg.exe
  C:\Windows\System\zNGDXgg.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\NEbqNdu.exe
  C:\Windows\System\NEbqNdu.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\iPapFhD.exe
  C:\Windows\System\iPapFhD.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\BSyWktm.exe
  C:\Windows\System\BSyWktm.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\OMGqbpD.exe
  C:\Windows\System\OMGqbpD.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\kWnsnaq.exe
  C:\Windows\System\kWnsnaq.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\KeyNuRs.exe
  C:\Windows\System\KeyNuRs.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\RspSYVq.exe
  C:\Windows\System\RspSYVq.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\zRZXlQZ.exe
  C:\Windows\System\zRZXlQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\MEMoyZA.exe
  C:\Windows\System\MEMoyZA.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\FxVIaqn.exe
  C:\Windows\System\FxVIaqn.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\GvwmvTG.exe
  C:\Windows\System\GvwmvTG.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\gCbaQms.exe
  C:\Windows\System\gCbaQms.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\WooOUYL.exe
  C:\Windows\System\WooOUYL.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\ltytJjF.exe
  C:\Windows\System\ltytJjF.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\qKmtYIb.exe
  C:\Windows\System\qKmtYIb.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\vFEPKjH.exe
  C:\Windows\System\vFEPKjH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\YIbslpv.exe
  C:\Windows\System\YIbslpv.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\TMWtFnx.exe
  C:\Windows\System\TMWtFnx.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\WeDflXB.exe
  C:\Windows\System\WeDflXB.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\ukNEOeU.exe
  C:\Windows\System\ukNEOeU.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\UrqUZle.exe
  C:\Windows\System\UrqUZle.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\yKOQBIL.exe
  C:\Windows\System\yKOQBIL.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\nXcbNRx.exe
  C:\Windows\System\nXcbNRx.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\cVeYUUQ.exe
  C:\Windows\System\cVeYUUQ.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\GRcJplV.exe
  C:\Windows\System\GRcJplV.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\qHStoBj.exe
  C:\Windows\System\qHStoBj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\WcAfRam.exe
  C:\Windows\System\WcAfRam.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\rXWbtVK.exe
  C:\Windows\System\rXWbtVK.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\xIeZQRh.exe
  C:\Windows\System\xIeZQRh.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\qjEJaUI.exe
  C:\Windows\System\qjEJaUI.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\AtfwHxS.exe
  C:\Windows\System\AtfwHxS.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\fwCkBGw.exe
  C:\Windows\System\fwCkBGw.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\sYCAEOd.exe
  C:\Windows\System\sYCAEOd.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\vQEypjC.exe
  C:\Windows\System\vQEypjC.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\SEAbalu.exe
  C:\Windows\System\SEAbalu.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rDjGKEM.exe
  C:\Windows\System\rDjGKEM.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\XCGKPNE.exe
  C:\Windows\System\XCGKPNE.exe
  2⤵
  PID:3612
- C:\Windows\System\JLfUiuz.exe
  C:\Windows\System\JLfUiuz.exe
  2⤵
  PID:1272
- C:\Windows\System\Noqzdgl.exe
  C:\Windows\System\Noqzdgl.exe
  2⤵
  PID:3524
- C:\Windows\System\unCJcBl.exe
  C:\Windows\System\unCJcBl.exe
  2⤵
  PID:432
- C:\Windows\System\LPOhREU.exe
  C:\Windows\System\LPOhREU.exe
  2⤵
  PID:2884
- C:\Windows\System\qwnXUzU.exe
  C:\Windows\System\qwnXUzU.exe
  2⤵
  PID:1700
- C:\Windows\System\YrDqcju.exe
  C:\Windows\System\YrDqcju.exe
  2⤵
  PID:5080
- C:\Windows\System\TVnmhpi.exe
  C:\Windows\System\TVnmhpi.exe
  2⤵
  PID:2340
- C:\Windows\System\bhCQIev.exe
  C:\Windows\System\bhCQIev.exe
  2⤵
  PID:3608
- C:\Windows\System\sRxuRiB.exe
  C:\Windows\System\sRxuRiB.exe
  2⤵
  PID:4000
- C:\Windows\System\JYvNflm.exe
  C:\Windows\System\JYvNflm.exe
  2⤵
  PID:4648
- C:\Windows\System\eXZajmT.exe
  C:\Windows\System\eXZajmT.exe
  2⤵
  PID:5124
- C:\Windows\System\omrQJao.exe
  C:\Windows\System\omrQJao.exe
  2⤵
  PID:5152
- C:\Windows\System\DktodKm.exe
  C:\Windows\System\DktodKm.exe
  2⤵
  PID:5180
- C:\Windows\System\uBmfuuN.exe
  C:\Windows\System\uBmfuuN.exe
  2⤵
  PID:5208
- C:\Windows\System\wJJIFfn.exe
  C:\Windows\System\wJJIFfn.exe
  2⤵
  PID:5236
- C:\Windows\System\YGkQIOR.exe
  C:\Windows\System\YGkQIOR.exe
  2⤵
  PID:5264
- C:\Windows\System\jBwvEHn.exe
  C:\Windows\System\jBwvEHn.exe
  2⤵
  PID:5292
- C:\Windows\System\quQcdnp.exe
  C:\Windows\System\quQcdnp.exe
  2⤵
  PID:5320
- C:\Windows\System\feAyGMv.exe
  C:\Windows\System\feAyGMv.exe
  2⤵
  PID:5348
- C:\Windows\System\dOVhAlB.exe
  C:\Windows\System\dOVhAlB.exe
  2⤵
  PID:5376
- C:\Windows\System\BhzSTPi.exe
  C:\Windows\System\BhzSTPi.exe
  2⤵
  PID:5404
- C:\Windows\System\sElViFO.exe
  C:\Windows\System\sElViFO.exe
  2⤵
  PID:5432
- C:\Windows\System\IIwtwYM.exe
  C:\Windows\System\IIwtwYM.exe
  2⤵
  PID:5460
- C:\Windows\System\IDsHroL.exe
  C:\Windows\System\IDsHroL.exe
  2⤵
  PID:5492
- C:\Windows\System\osNUVDQ.exe
  C:\Windows\System\osNUVDQ.exe
  2⤵
  PID:5516
- C:\Windows\System\aDCeNmd.exe
  C:\Windows\System\aDCeNmd.exe
  2⤵
  PID:5540
- C:\Windows\System\FiXYxOt.exe
  C:\Windows\System\FiXYxOt.exe
  2⤵
  PID:5572
- C:\Windows\System\VsPEqIO.exe
  C:\Windows\System\VsPEqIO.exe
  2⤵
  PID:5600
- C:\Windows\System\gPtkhsL.exe
  C:\Windows\System\gPtkhsL.exe
  2⤵
  PID:5628
- C:\Windows\System\kpXMdXP.exe
  C:\Windows\System\kpXMdXP.exe
  2⤵
  PID:5656
- C:\Windows\System\tyjAWpd.exe
  C:\Windows\System\tyjAWpd.exe
  2⤵
  PID:5684
- C:\Windows\System\CJgVRSt.exe
  C:\Windows\System\CJgVRSt.exe
  2⤵
  PID:5712
- C:\Windows\System\BFPagzU.exe
  C:\Windows\System\BFPagzU.exe
  2⤵
  PID:5740
- C:\Windows\System\rVvXnLd.exe
  C:\Windows\System\rVvXnLd.exe
  2⤵
  PID:5768
- C:\Windows\System\qvaVdAS.exe
  C:\Windows\System\qvaVdAS.exe
  2⤵
  PID:5796
- C:\Windows\System\SfzItGK.exe
  C:\Windows\System\SfzItGK.exe
  2⤵
  PID:5824
- C:\Windows\System\HSMEupp.exe
  C:\Windows\System\HSMEupp.exe
  2⤵
  PID:5852
- C:\Windows\System\hSJNgwx.exe
  C:\Windows\System\hSJNgwx.exe
  2⤵
  PID:5880
- C:\Windows\System\liKrdFr.exe
  C:\Windows\System\liKrdFr.exe
  2⤵
  PID:5908
- C:\Windows\System\hWyfHvQ.exe
  C:\Windows\System\hWyfHvQ.exe
  2⤵
  PID:5936
- C:\Windows\System\RLCQkvb.exe
  C:\Windows\System\RLCQkvb.exe
  2⤵
  PID:5964
- C:\Windows\System\oeGrnoF.exe
  C:\Windows\System\oeGrnoF.exe
  2⤵
  PID:5992
- C:\Windows\System\dGYBFVZ.exe
  C:\Windows\System\dGYBFVZ.exe
  2⤵
  PID:6020
- C:\Windows\System\wImQyWv.exe
  C:\Windows\System\wImQyWv.exe
  2⤵
  PID:6048
- C:\Windows\System\pEsBiAp.exe
  C:\Windows\System\pEsBiAp.exe
  2⤵
  PID:6076
- C:\Windows\System\gbuBCsG.exe
  C:\Windows\System\gbuBCsG.exe
  2⤵
  PID:6104
- C:\Windows\System\gBzITIk.exe
  C:\Windows\System\gBzITIk.exe
  2⤵
  PID:6132
- C:\Windows\System\zekCNvq.exe
  C:\Windows\System\zekCNvq.exe
  2⤵
  PID:4808
- C:\Windows\System\DXsuKvN.exe
  C:\Windows\System\DXsuKvN.exe
  2⤵
  PID:4284
- C:\Windows\System\dAmawCc.exe
  C:\Windows\System\dAmawCc.exe
  2⤵
  PID:3076
- C:\Windows\System\DgXmUgc.exe
  C:\Windows\System\DgXmUgc.exe
  2⤵
  PID:3312
- C:\Windows\System\FdvVRRf.exe
  C:\Windows\System\FdvVRRf.exe
  2⤵
  PID:5136
- C:\Windows\System\CwNTmhO.exe
  C:\Windows\System\CwNTmhO.exe
  2⤵
  PID:5196
- C:\Windows\System\IkKdBSv.exe
  C:\Windows\System\IkKdBSv.exe
  2⤵
  PID:5260
- C:\Windows\System\iKewEwP.exe
  C:\Windows\System\iKewEwP.exe
  2⤵
  PID:5312
- C:\Windows\System\iMmFybJ.exe
  C:\Windows\System\iMmFybJ.exe
  2⤵
  PID:5388
- C:\Windows\System\iIeqpGQ.exe
  C:\Windows\System\iIeqpGQ.exe
  2⤵
  PID:5448
- C:\Windows\System\BsBgezT.exe
  C:\Windows\System\BsBgezT.exe
  2⤵
  PID:5512
- C:\Windows\System\MlERzwM.exe
  C:\Windows\System\MlERzwM.exe
  2⤵
  PID:5564
- C:\Windows\System\qWqJnPW.exe
  C:\Windows\System\qWqJnPW.exe
  2⤵
  PID:5644
- C:\Windows\System\clASRnc.exe
  C:\Windows\System\clASRnc.exe
  2⤵
  PID:5704
- C:\Windows\System\qhRjhxg.exe
  C:\Windows\System\qhRjhxg.exe
  2⤵
  PID:5780
- C:\Windows\System\eFqRCJR.exe
  C:\Windows\System\eFqRCJR.exe
  2⤵
  PID:5840
- C:\Windows\System\KaCkvsW.exe
  C:\Windows\System\KaCkvsW.exe
  2⤵
  PID:5900
- C:\Windows\System\aZQwjLh.exe
  C:\Windows\System\aZQwjLh.exe
  2⤵
  PID:5976
- C:\Windows\System\tARzfCG.exe
  C:\Windows\System\tARzfCG.exe
  2⤵
  PID:6040
- C:\Windows\System\fljFmsD.exe
  C:\Windows\System\fljFmsD.exe
  2⤵
  PID:6124
- C:\Windows\System\xGnGRqd.exe
  C:\Windows\System\xGnGRqd.exe
  2⤵
  PID:4796
- C:\Windows\System\pfQaOwS.exe
  C:\Windows\System\pfQaOwS.exe
  2⤵
  PID:2708
- C:\Windows\System\NOBxJFr.exe
  C:\Windows\System\NOBxJFr.exe
  2⤵
  PID:5172
- C:\Windows\System\qgvZICD.exe
  C:\Windows\System\qgvZICD.exe
  2⤵
  PID:5360
- C:\Windows\System\RrupPef.exe
  C:\Windows\System\RrupPef.exe
  2⤵
  PID:5500
- C:\Windows\System\gYoaWcq.exe
  C:\Windows\System\gYoaWcq.exe
  2⤵
  PID:5672
- C:\Windows\System\WAwwTGw.exe
  C:\Windows\System\WAwwTGw.exe
  2⤵
  PID:5812
- C:\Windows\System\XXrUStf.exe
  C:\Windows\System\XXrUStf.exe
  2⤵
  PID:5952
- C:\Windows\System\usyIJam.exe
  C:\Windows\System\usyIJam.exe
  2⤵
  PID:3308
- C:\Windows\System\hokYKHt.exe
  C:\Windows\System\hokYKHt.exe
  2⤵
  PID:4656
- C:\Windows\System\FrVHJGa.exe
  C:\Windows\System\FrVHJGa.exe
  2⤵
  PID:6172
- C:\Windows\System\ibuZoui.exe
  C:\Windows\System\ibuZoui.exe
  2⤵
  PID:6200
- C:\Windows\System\EGGAZHd.exe
  C:\Windows\System\EGGAZHd.exe
  2⤵
  PID:6228
- C:\Windows\System\BBqjbdS.exe
  C:\Windows\System\BBqjbdS.exe
  2⤵
  PID:6264
- C:\Windows\System\aWiWbnJ.exe
  C:\Windows\System\aWiWbnJ.exe
  2⤵
  PID:6292
- C:\Windows\System\yTMCYfT.exe
  C:\Windows\System\yTMCYfT.exe
  2⤵
  PID:6324
- C:\Windows\System\fayhdKv.exe
  C:\Windows\System\fayhdKv.exe
  2⤵
  PID:6352
- C:\Windows\System\VDJjXPJ.exe
  C:\Windows\System\VDJjXPJ.exe
  2⤵
  PID:6380
- C:\Windows\System\FDkjSNq.exe
  C:\Windows\System\FDkjSNq.exe
  2⤵
  PID:6408
- C:\Windows\System\NxpdtPu.exe
  C:\Windows\System\NxpdtPu.exe
  2⤵
  PID:6436
- C:\Windows\System\saWPBjh.exe
  C:\Windows\System\saWPBjh.exe
  2⤵
  PID:6452
- C:\Windows\System\DVKiFTc.exe
  C:\Windows\System\DVKiFTc.exe
  2⤵
  PID:6480
- C:\Windows\System\inBjEVO.exe
  C:\Windows\System\inBjEVO.exe
  2⤵
  PID:6508
- C:\Windows\System\QDGBvEf.exe
  C:\Windows\System\QDGBvEf.exe
  2⤵
  PID:6536
- C:\Windows\System\JMDAMFp.exe
  C:\Windows\System\JMDAMFp.exe
  2⤵
  PID:6564
- C:\Windows\System\YAyfFBw.exe
  C:\Windows\System\YAyfFBw.exe
  2⤵
  PID:6592
- C:\Windows\System\poGiKVd.exe
  C:\Windows\System\poGiKVd.exe
  2⤵
  PID:6620
- C:\Windows\System\IgUcOgk.exe
  C:\Windows\System\IgUcOgk.exe
  2⤵
  PID:6648
- C:\Windows\System\qTAVeLc.exe
  C:\Windows\System\qTAVeLc.exe
  2⤵
  PID:6676
- C:\Windows\System\fhFxPwO.exe
  C:\Windows\System\fhFxPwO.exe
  2⤵
  PID:6704
- C:\Windows\System\FnafoBX.exe
  C:\Windows\System\FnafoBX.exe
  2⤵
  PID:6732
- C:\Windows\System\jDnnARz.exe
  C:\Windows\System\jDnnARz.exe
  2⤵
  PID:6760
- C:\Windows\System\gajmpBr.exe
  C:\Windows\System\gajmpBr.exe
  2⤵
  PID:6788
- C:\Windows\System\zbtVeQv.exe
  C:\Windows\System\zbtVeQv.exe
  2⤵
  PID:6816
- C:\Windows\System\lkkFNWF.exe
  C:\Windows\System\lkkFNWF.exe
  2⤵
  PID:6848
- C:\Windows\System\KAzJLCx.exe
  C:\Windows\System\KAzJLCx.exe
  2⤵
  PID:6872
- C:\Windows\System\iQLQqfb.exe
  C:\Windows\System\iQLQqfb.exe
  2⤵
  PID:6900
- C:\Windows\System\RenVGef.exe
  C:\Windows\System\RenVGef.exe
  2⤵
  PID:6928
- C:\Windows\System\NDuoPrK.exe
  C:\Windows\System\NDuoPrK.exe
  2⤵
  PID:6956
- C:\Windows\System\xVAnDFX.exe
  C:\Windows\System\xVAnDFX.exe
  2⤵
  PID:6984
- C:\Windows\System\IdRXRid.exe
  C:\Windows\System\IdRXRid.exe
  2⤵
  PID:7012
- C:\Windows\System\xvtBfJa.exe
  C:\Windows\System\xvtBfJa.exe
  2⤵
  PID:7040
- C:\Windows\System\xYJzroH.exe
  C:\Windows\System\xYJzroH.exe
  2⤵
  PID:7068
- C:\Windows\System\WvKyTpy.exe
  C:\Windows\System\WvKyTpy.exe
  2⤵
  PID:7096
- C:\Windows\System\EQRxcHa.exe
  C:\Windows\System\EQRxcHa.exe
  2⤵
  PID:7124
- C:\Windows\System\XyOmncJ.exe
  C:\Windows\System\XyOmncJ.exe
  2⤵
  PID:7152
- C:\Windows\System\XvUQiON.exe
  C:\Windows\System\XvUQiON.exe
  2⤵
  PID:5284
- C:\Windows\System\kaCkzyZ.exe
  C:\Windows\System\kaCkzyZ.exe
  2⤵
  PID:5616
- C:\Windows\System\PyWiXIt.exe
  C:\Windows\System\PyWiXIt.exe
  2⤵
  PID:6032
- C:\Windows\System\jQLSYje.exe
  C:\Windows\System\jQLSYje.exe
  2⤵
  PID:6160
- C:\Windows\System\fnnnBDx.exe
  C:\Windows\System\fnnnBDx.exe
  2⤵
  PID:6220
- C:\Windows\System\cawfIKa.exe
  C:\Windows\System\cawfIKa.exe
  2⤵
  PID:6288
- C:\Windows\System\SOBlEXp.exe
  C:\Windows\System\SOBlEXp.exe
  2⤵
  PID:6360
- C:\Windows\System\lPFhmKf.exe
  C:\Windows\System\lPFhmKf.exe
  2⤵
  PID:6424
- C:\Windows\System\pYrnFAm.exe
  C:\Windows\System\pYrnFAm.exe
  2⤵
  PID:6492
- C:\Windows\System\WBtnhXA.exe
  C:\Windows\System\WBtnhXA.exe
  2⤵
  PID:6524
- C:\Windows\System\ryaoNkT.exe
  C:\Windows\System\ryaoNkT.exe
  2⤵
  PID:6608
- C:\Windows\System\nwjhsjj.exe
  C:\Windows\System\nwjhsjj.exe
  2⤵
  PID:6688
- C:\Windows\System\MFvbXDX.exe
  C:\Windows\System\MFvbXDX.exe
  2⤵
  PID:6748
- C:\Windows\System\JcpeTGU.exe
  C:\Windows\System\JcpeTGU.exe
  2⤵
  PID:6804
- C:\Windows\System\iOufSXC.exe
  C:\Windows\System\iOufSXC.exe
  2⤵
  PID:6868
- C:\Windows\System\ujNmpAx.exe
  C:\Windows\System\ujNmpAx.exe
  2⤵
  PID:6940
- C:\Windows\System\llYxGLt.exe
  C:\Windows\System\llYxGLt.exe
  2⤵
  PID:7000
- C:\Windows\System\lXTFrwE.exe
  C:\Windows\System\lXTFrwE.exe
  2⤵
  PID:7060
- C:\Windows\System\zPtZebd.exe
  C:\Windows\System\zPtZebd.exe
  2⤵
  PID:7120
- C:\Windows\System\KtpkQaN.exe
  C:\Windows\System\KtpkQaN.exe
  2⤵
  PID:5424
- C:\Windows\System\tIJURzW.exe
  C:\Windows\System\tIJURzW.exe
  2⤵
  PID:2252
- C:\Windows\System\csQnJXJ.exe
  C:\Windows\System\csQnJXJ.exe
  2⤵
  PID:6280
- C:\Windows\System\xRpyuTk.exe
  C:\Windows\System\xRpyuTk.exe
  2⤵
  PID:6448
- C:\Windows\System\cnbRAFW.exe
  C:\Windows\System\cnbRAFW.exe
  2⤵
  PID:6576
- C:\Windows\System\HuauAjA.exe
  C:\Windows\System\HuauAjA.exe
  2⤵
  PID:6716
- C:\Windows\System\ySTbZtr.exe
  C:\Windows\System\ySTbZtr.exe
  2⤵
  PID:6844
- C:\Windows\System\jUBFTFC.exe
  C:\Windows\System\jUBFTFC.exe
  2⤵
  PID:6976
- C:\Windows\System\EqvpiCQ.exe
  C:\Windows\System\EqvpiCQ.exe
  2⤵
  PID:752
- C:\Windows\System\GVOXHkn.exe
  C:\Windows\System\GVOXHkn.exe
  2⤵
  PID:7172
- C:\Windows\System\IGoUUlM.exe
  C:\Windows\System\IGoUUlM.exe
  2⤵
  PID:7188
- C:\Windows\System\CWyAeVJ.exe
  C:\Windows\System\CWyAeVJ.exe
  2⤵
  PID:7216
- C:\Windows\System\XeBewef.exe
  C:\Windows\System\XeBewef.exe
  2⤵
  PID:7244
- C:\Windows\System\yjoPQnU.exe
  C:\Windows\System\yjoPQnU.exe
  2⤵
  PID:7272
- C:\Windows\System\fyKKBgQ.exe
  C:\Windows\System\fyKKBgQ.exe
  2⤵
  PID:7300
- C:\Windows\System\mrkQXDc.exe
  C:\Windows\System\mrkQXDc.exe
  2⤵
  PID:7328
- C:\Windows\System\fJefrLx.exe
  C:\Windows\System\fJefrLx.exe
  2⤵
  PID:7356
- C:\Windows\System\baCpirS.exe
  C:\Windows\System\baCpirS.exe
  2⤵
  PID:7384
- C:\Windows\System\REzjhoy.exe
  C:\Windows\System\REzjhoy.exe
  2⤵
  PID:7412
- C:\Windows\System\OMWzWjo.exe
  C:\Windows\System\OMWzWjo.exe
  2⤵
  PID:7440
- C:\Windows\System\ucfanty.exe
  C:\Windows\System\ucfanty.exe
  2⤵
  PID:7468
- C:\Windows\System\OneKBUh.exe
  C:\Windows\System\OneKBUh.exe
  2⤵
  PID:7496
- C:\Windows\System\qjEackC.exe
  C:\Windows\System\qjEackC.exe
  2⤵
  PID:7524
- C:\Windows\System\xigSopf.exe
  C:\Windows\System\xigSopf.exe
  2⤵
  PID:7552
- C:\Windows\System\VjqzkKt.exe
  C:\Windows\System\VjqzkKt.exe
  2⤵
  PID:7580
- C:\Windows\System\PRocOtA.exe
  C:\Windows\System\PRocOtA.exe
  2⤵
  PID:7608
- C:\Windows\System\GMGDUTj.exe
  C:\Windows\System\GMGDUTj.exe
  2⤵
  PID:7636
- C:\Windows\System\PIPCKVT.exe
  C:\Windows\System\PIPCKVT.exe
  2⤵
  PID:7664
- C:\Windows\System\eGnnFkc.exe
  C:\Windows\System\eGnnFkc.exe
  2⤵
  PID:7692
- C:\Windows\System\DTuYmOQ.exe
  C:\Windows\System\DTuYmOQ.exe
  2⤵
  PID:7720
- C:\Windows\System\auaJnkG.exe
  C:\Windows\System\auaJnkG.exe
  2⤵
  PID:7748
- C:\Windows\System\lLzGrLq.exe
  C:\Windows\System\lLzGrLq.exe
  2⤵
  PID:7776
- C:\Windows\System\AmwZGla.exe
  C:\Windows\System\AmwZGla.exe
  2⤵
  PID:7804
- C:\Windows\System\kuBAWZO.exe
  C:\Windows\System\kuBAWZO.exe
  2⤵
  PID:7832
- C:\Windows\System\CLoKHmt.exe
  C:\Windows\System\CLoKHmt.exe
  2⤵
  PID:7860
- C:\Windows\System\dVjukAO.exe
  C:\Windows\System\dVjukAO.exe
  2⤵
  PID:7888
- C:\Windows\System\BGglZkq.exe
  C:\Windows\System\BGglZkq.exe
  2⤵
  PID:7916
- C:\Windows\System\SVurFaa.exe
  C:\Windows\System\SVurFaa.exe
  2⤵
  PID:7944
- C:\Windows\System\DIRuWSO.exe
  C:\Windows\System\DIRuWSO.exe
  2⤵
  PID:7972
- C:\Windows\System\MsFwWZL.exe
  C:\Windows\System\MsFwWZL.exe
  2⤵
  PID:8000
- C:\Windows\System\TxxWPEX.exe
  C:\Windows\System\TxxWPEX.exe
  2⤵
  PID:8028
- C:\Windows\System\yfRFPwR.exe
  C:\Windows\System\yfRFPwR.exe
  2⤵
  PID:8056
- C:\Windows\System\IKqSMFk.exe
  C:\Windows\System\IKqSMFk.exe
  2⤵
  PID:8084
- C:\Windows\System\qJwXyvf.exe
  C:\Windows\System\qJwXyvf.exe
  2⤵
  PID:8112
- C:\Windows\System\LpdgnBI.exe
  C:\Windows\System\LpdgnBI.exe
  2⤵
  PID:8140
- C:\Windows\System\ITDAlyN.exe
  C:\Windows\System\ITDAlyN.exe
  2⤵
  PID:8168
- C:\Windows\System\qDgjmNu.exe
  C:\Windows\System\qDgjmNu.exe
  2⤵
  PID:6256
- C:\Windows\System\KcjSyah.exe
  C:\Windows\System\KcjSyah.exe
  2⤵
  PID:6640
- C:\Windows\System\uzvkVfG.exe
  C:\Windows\System\uzvkVfG.exe
  2⤵
  PID:4896
- C:\Windows\System\otOmcaY.exe
  C:\Windows\System\otOmcaY.exe
  2⤵
  PID:5756
- C:\Windows\System\zzmQWLA.exe
  C:\Windows\System\zzmQWLA.exe
  2⤵
  PID:7208
- C:\Windows\System\GkGCVXS.exe
  C:\Windows\System\GkGCVXS.exe
  2⤵
  PID:7264
- C:\Windows\System\IiwWQiM.exe
  C:\Windows\System\IiwWQiM.exe
  2⤵
  PID:1116
- C:\Windows\System\RpyLLsx.exe
  C:\Windows\System\RpyLLsx.exe
  2⤵
  PID:7372
- C:\Windows\System\qkgMWjN.exe
  C:\Windows\System\qkgMWjN.exe
  2⤵
  PID:7436
- C:\Windows\System\FaXJPQy.exe
  C:\Windows\System\FaXJPQy.exe
  2⤵
  PID:7488
- C:\Windows\System\ffgswJm.exe
  C:\Windows\System\ffgswJm.exe
  2⤵
  PID:7540
- C:\Windows\System\PYJzZlu.exe
  C:\Windows\System\PYJzZlu.exe
  2⤵
  PID:7620
- C:\Windows\System\rBNqZyG.exe
  C:\Windows\System\rBNqZyG.exe
  2⤵
  PID:7680
- C:\Windows\System\AVUSUMl.exe
  C:\Windows\System\AVUSUMl.exe
  2⤵
  PID:7736
- C:\Windows\System\yTkrlfr.exe
  C:\Windows\System\yTkrlfr.exe
  2⤵
  PID:7796
- C:\Windows\System\JHMWoAP.exe
  C:\Windows\System\JHMWoAP.exe
  2⤵
  PID:7872
- C:\Windows\System\schKkhz.exe
  C:\Windows\System\schKkhz.exe
  2⤵
  PID:7932
- C:\Windows\System\oowqRvX.exe
  C:\Windows\System\oowqRvX.exe
  2⤵
  PID:7992
- C:\Windows\System\sWkTJCs.exe
  C:\Windows\System\sWkTJCs.exe
  2⤵
  PID:8068
- C:\Windows\System\eOQwOLx.exe
  C:\Windows\System\eOQwOLx.exe
  2⤵
  PID:8128
- C:\Windows\System\uxdawfL.exe
  C:\Windows\System\uxdawfL.exe
  2⤵
  PID:3800
- C:\Windows\System\KhSzMIB.exe
  C:\Windows\System\KhSzMIB.exe
  2⤵
  PID:6780
- C:\Windows\System\gEqxgkg.exe
  C:\Windows\System\gEqxgkg.exe
  2⤵
  PID:7236
- C:\Windows\System\gEdSbXz.exe
  C:\Windows\System\gEdSbXz.exe
  2⤵
  PID:7344
- C:\Windows\System\nQGpvvV.exe
  C:\Windows\System\nQGpvvV.exe
  2⤵
  PID:4416
- C:\Windows\System\tBKNegI.exe
  C:\Windows\System\tBKNegI.exe
  2⤵
  PID:7648
- C:\Windows\System\EbANqBD.exe
  C:\Windows\System\EbANqBD.exe
  2⤵
  PID:7772
- C:\Windows\System\tKqvljF.exe
  C:\Windows\System\tKqvljF.exe
  2⤵
  PID:7984
- C:\Windows\System\hVSBiCx.exe
  C:\Windows\System\hVSBiCx.exe
  2⤵
  PID:8156
- C:\Windows\System\dFAhiYW.exe
  C:\Windows\System\dFAhiYW.exe
  2⤵
  PID:6520
- C:\Windows\System\pUUTOSY.exe
  C:\Windows\System\pUUTOSY.exe
  2⤵
  PID:7292
- C:\Windows\System\dyDKtCO.exe
  C:\Windows\System\dyDKtCO.exe
  2⤵
  PID:8216
- C:\Windows\System\WxDKyxq.exe
  C:\Windows\System\WxDKyxq.exe
  2⤵
  PID:8244
- C:\Windows\System\omnBAfL.exe
  C:\Windows\System\omnBAfL.exe
  2⤵
  PID:8272
- C:\Windows\System\jdaIqJd.exe
  C:\Windows\System\jdaIqJd.exe
  2⤵
  PID:8300
- C:\Windows\System\ysDYBnH.exe
  C:\Windows\System\ysDYBnH.exe
  2⤵
  PID:8328
- C:\Windows\System\lkpoWVe.exe
  C:\Windows\System\lkpoWVe.exe
  2⤵
  PID:8368
- C:\Windows\System\SZBQEMM.exe
  C:\Windows\System\SZBQEMM.exe
  2⤵
  PID:8396
- C:\Windows\System\RUlEqjr.exe
  C:\Windows\System\RUlEqjr.exe
  2⤵
  PID:8412
- C:\Windows\System\ttrgXFG.exe
  C:\Windows\System\ttrgXFG.exe
  2⤵
  PID:8428
- C:\Windows\System\xalEtAm.exe
  C:\Windows\System\xalEtAm.exe
  2⤵
  PID:8464
- C:\Windows\System\sxRmmMD.exe
  C:\Windows\System\sxRmmMD.exe
  2⤵
  PID:8496
- C:\Windows\System\kdJaLZb.exe
  C:\Windows\System\kdJaLZb.exe
  2⤵
  PID:8524
- C:\Windows\System\jCpXKiM.exe
  C:\Windows\System\jCpXKiM.exe
  2⤵
  PID:8552
- C:\Windows\System\EtwIDIY.exe
  C:\Windows\System\EtwIDIY.exe
  2⤵
  PID:8580
- C:\Windows\System\pkICnpM.exe
  C:\Windows\System\pkICnpM.exe
  2⤵
  PID:8608
- C:\Windows\System\ztZKDvz.exe
  C:\Windows\System\ztZKDvz.exe
  2⤵
  PID:8636
- C:\Windows\System\sUuvrRL.exe
  C:\Windows\System\sUuvrRL.exe
  2⤵
  PID:8676
- C:\Windows\System\OpUrePg.exe
  C:\Windows\System\OpUrePg.exe
  2⤵
  PID:8704
- C:\Windows\System\SBANzFw.exe
  C:\Windows\System\SBANzFw.exe
  2⤵
  PID:8720
- C:\Windows\System\HoOyZXm.exe
  C:\Windows\System\HoOyZXm.exe
  2⤵
  PID:8760
- C:\Windows\System\AHawOKb.exe
  C:\Windows\System\AHawOKb.exe
  2⤵
  PID:8788
- C:\Windows\System\mrRhgWE.exe
  C:\Windows\System\mrRhgWE.exe
  2⤵
  PID:8804
- C:\Windows\System\VNdjqPJ.exe
  C:\Windows\System\VNdjqPJ.exe
  2⤵
  PID:8832
- C:\Windows\System\xLmKGWD.exe
  C:\Windows\System\xLmKGWD.exe
  2⤵
  PID:8860
- C:\Windows\System\KozIFrQ.exe
  C:\Windows\System\KozIFrQ.exe
  2⤵
  PID:8888
- C:\Windows\System\GSaMzMa.exe
  C:\Windows\System\GSaMzMa.exe
  2⤵
  PID:8916
- C:\Windows\System\zTCWgjC.exe
  C:\Windows\System\zTCWgjC.exe
  2⤵
  PID:8944
- C:\Windows\System\fCjOTwx.exe
  C:\Windows\System\fCjOTwx.exe
  2⤵
  PID:8984
- C:\Windows\System\mZhASlA.exe
  C:\Windows\System\mZhASlA.exe
  2⤵
  PID:9012
- C:\Windows\System\VbjYzQH.exe
  C:\Windows\System\VbjYzQH.exe
  2⤵
  PID:9040
- C:\Windows\System\XRKalpg.exe
  C:\Windows\System\XRKalpg.exe
  2⤵
  PID:9056
- C:\Windows\System\TqFQsRu.exe
  C:\Windows\System\TqFQsRu.exe
  2⤵
  PID:9084
- C:\Windows\System\VYOWpYQ.exe
  C:\Windows\System\VYOWpYQ.exe
  2⤵
  PID:9112
- C:\Windows\System\lokNVIs.exe
  C:\Windows\System\lokNVIs.exe
  2⤵
  PID:9140
- C:\Windows\System\rbUkLwv.exe
  C:\Windows\System\rbUkLwv.exe
  2⤵
  PID:9168
- C:\Windows\System\ihyDevT.exe
  C:\Windows\System\ihyDevT.exe
  2⤵
  PID:9196
- C:\Windows\System\KHgMzqH.exe
  C:\Windows\System\KHgMzqH.exe
  2⤵
  PID:7536
- C:\Windows\System\stJTSvY.exe
  C:\Windows\System\stJTSvY.exe
  2⤵
  PID:7844
- C:\Windows\System\VliiOFM.exe
  C:\Windows\System\VliiOFM.exe
  2⤵
  PID:8180
- C:\Windows\System\eOUxZSY.exe
  C:\Windows\System\eOUxZSY.exe
  2⤵
  PID:8208
- C:\Windows\System\IQRVmfl.exe
  C:\Windows\System\IQRVmfl.exe
  2⤵
  PID:8284
- C:\Windows\System\sHuSjID.exe
  C:\Windows\System\sHuSjID.exe
  2⤵
  PID:8352
- C:\Windows\System\eglVAfj.exe
  C:\Windows\System\eglVAfj.exe
  2⤵
  PID:8408
- C:\Windows\System\BNAMqti.exe
  C:\Windows\System\BNAMqti.exe
  2⤵
  PID:8488
- C:\Windows\System\oqxbrZW.exe
  C:\Windows\System\oqxbrZW.exe
  2⤵
  PID:8536
- C:\Windows\System\xeuARxS.exe
  C:\Windows\System\xeuARxS.exe
  2⤵
  PID:8596
- C:\Windows\System\DHIQuSa.exe
  C:\Windows\System\DHIQuSa.exe
  2⤵
  PID:8664
- C:\Windows\System\WYjxvKE.exe
  C:\Windows\System\WYjxvKE.exe
  2⤵
  PID:8732
- C:\Windows\System\kupkLnr.exe
  C:\Windows\System\kupkLnr.exe
  2⤵
  PID:8796
- C:\Windows\System\BluGYDS.exe
  C:\Windows\System\BluGYDS.exe
  2⤵
  PID:8848
- C:\Windows\System\cSnudeU.exe
  C:\Windows\System\cSnudeU.exe
  2⤵
  PID:8908
- C:\Windows\System\wGBueWk.exe
  C:\Windows\System\wGBueWk.exe
  2⤵
  PID:8992
- C:\Windows\System\lGmraMY.exe
  C:\Windows\System\lGmraMY.exe
  2⤵
  PID:9032
- C:\Windows\System\IMHsgCb.exe
  C:\Windows\System\IMHsgCb.exe
  2⤵
  PID:9100
- C:\Windows\System\pZxRCbH.exe
  C:\Windows\System\pZxRCbH.exe
  2⤵
  PID:9160
- C:\Windows\System\vhrgebI.exe
  C:\Windows\System\vhrgebI.exe
  2⤵
  PID:9212
- C:\Windows\System\MgJcfys.exe
  C:\Windows\System\MgJcfys.exe
  2⤵
  PID:8096
- C:\Windows\System\hBUYAZL.exe
  C:\Windows\System\hBUYAZL.exe
  2⤵
  PID:8260
- C:\Windows\System\qiWnHWF.exe
  C:\Windows\System\qiWnHWF.exe
  2⤵
  PID:4292
- C:\Windows\System\DgnSqdn.exe
  C:\Windows\System\DgnSqdn.exe
  2⤵
  PID:8568
- C:\Windows\System\lyBnjXE.exe
  C:\Windows\System\lyBnjXE.exe
  2⤵
  PID:8696
- C:\Windows\System\aaFEKbg.exe
  C:\Windows\System\aaFEKbg.exe
  2⤵
  PID:8844
- C:\Windows\System\CSBiits.exe
  C:\Windows\System\CSBiits.exe
  2⤵
  PID:9000
- C:\Windows\System\LvYyKmi.exe
  C:\Windows\System\LvYyKmi.exe
  2⤵
  PID:9076
- C:\Windows\System\QhLHBIm.exe
  C:\Windows\System\QhLHBIm.exe
  2⤵
  PID:7708
- C:\Windows\System\nvvXiHo.exe
  C:\Windows\System\nvvXiHo.exe
  2⤵
  PID:2856
- C:\Windows\System\BuyIROZ.exe
  C:\Windows\System\BuyIROZ.exe
  2⤵
  PID:8512
- C:\Windows\System\URkltkS.exe
  C:\Windows\System\URkltkS.exe
  2⤵
  PID:3532
- C:\Windows\System\zRqqgjB.exe
  C:\Windows\System\zRqqgjB.exe
  2⤵
  PID:9024
- C:\Windows\System\hcgKgNz.exe
  C:\Windows\System\hcgKgNz.exe
  2⤵
  PID:2844
- C:\Windows\System\bSyMMqw.exe
  C:\Windows\System\bSyMMqw.exe
  2⤵
  PID:9244
- C:\Windows\System\jhvUTnS.exe
  C:\Windows\System\jhvUTnS.exe
  2⤵
  PID:9272
- C:\Windows\System\VEITTWS.exe
  C:\Windows\System\VEITTWS.exe
  2⤵
  PID:9300
- C:\Windows\System\pgsaCya.exe
  C:\Windows\System\pgsaCya.exe
  2⤵
  PID:9428
- C:\Windows\System\LRngNby.exe
  C:\Windows\System\LRngNby.exe
  2⤵
  PID:9448
- C:\Windows\System\pCeOWVN.exe
  C:\Windows\System\pCeOWVN.exe
  2⤵
  PID:9488
- C:\Windows\System\ptgVJoc.exe
  C:\Windows\System\ptgVJoc.exe
  2⤵
  PID:9524
- C:\Windows\System\qMXzcFs.exe
  C:\Windows\System\qMXzcFs.exe
  2⤵
  PID:9552
- C:\Windows\System\WAwPrRF.exe
  C:\Windows\System\WAwPrRF.exe
  2⤵
  PID:9596
- C:\Windows\System\BcMoMlS.exe
  C:\Windows\System\BcMoMlS.exe
  2⤵
  PID:9624
- C:\Windows\System\NKTNFAl.exe
  C:\Windows\System\NKTNFAl.exe
  2⤵
  PID:9652
- C:\Windows\System\AjAGEMA.exe
  C:\Windows\System\AjAGEMA.exe
  2⤵
  PID:9680
- C:\Windows\System\yAJBwqs.exe
  C:\Windows\System\yAJBwqs.exe
  2⤵
  PID:9708
- C:\Windows\System\YujzUWi.exe
  C:\Windows\System\YujzUWi.exe
  2⤵
  PID:9736
- C:\Windows\System\hrZbNDN.exe
  C:\Windows\System\hrZbNDN.exe
  2⤵
  PID:9752
- C:\Windows\System\dkUhXxB.exe
  C:\Windows\System\dkUhXxB.exe
  2⤵
  PID:9792
- C:\Windows\System\DUqtMKZ.exe
  C:\Windows\System\DUqtMKZ.exe
  2⤵
  PID:9808
- C:\Windows\System\cGYSgqr.exe
  C:\Windows\System\cGYSgqr.exe
  2⤵
  PID:9848
- C:\Windows\System\ecJbGoh.exe
  C:\Windows\System\ecJbGoh.exe
  2⤵
  PID:9876
- C:\Windows\System\DygDtLW.exe
  C:\Windows\System\DygDtLW.exe
  2⤵
  PID:9904
- C:\Windows\System\FHjTAMl.exe
  C:\Windows\System\FHjTAMl.exe
  2⤵
  PID:9932
- C:\Windows\System\suMvmdv.exe
  C:\Windows\System\suMvmdv.exe
  2⤵
  PID:9960
- C:\Windows\System\DHDSqrL.exe
  C:\Windows\System\DHDSqrL.exe
  2⤵
  PID:9992
- C:\Windows\System\xcQlTfe.exe
  C:\Windows\System\xcQlTfe.exe
  2⤵
  PID:10020
- C:\Windows\System\cYfRXQG.exe
  C:\Windows\System\cYfRXQG.exe
  2⤵
  PID:10048
- C:\Windows\System\ijuCvsu.exe
  C:\Windows\System\ijuCvsu.exe
  2⤵
  PID:10076
- C:\Windows\System\qaOOoaW.exe
  C:\Windows\System\qaOOoaW.exe
  2⤵
  PID:10104
- C:\Windows\System\nHfvzNe.exe
  C:\Windows\System\nHfvzNe.exe
  2⤵
  PID:10132
- C:\Windows\System\ZfBEiko.exe
  C:\Windows\System\ZfBEiko.exe
  2⤵
  PID:10160
- C:\Windows\System\AmgWHsc.exe
  C:\Windows\System\AmgWHsc.exe
  2⤵
  PID:10188
- C:\Windows\System\mPVnWWI.exe
  C:\Windows\System\mPVnWWI.exe
  2⤵
  PID:10216
- C:\Windows\System\WRAUUjz.exe
  C:\Windows\System\WRAUUjz.exe
  2⤵
  PID:1468
- C:\Windows\System\dVVrLQu.exe
  C:\Windows\System\dVVrLQu.exe
  2⤵
  PID:3104
- C:\Windows\System\UEpCeID.exe
  C:\Windows\System\UEpCeID.exe
  2⤵
  PID:9152
- C:\Windows\System\HjdKrCN.exe
  C:\Windows\System\HjdKrCN.exe
  2⤵
  PID:9232
- C:\Windows\System\ncbDnmR.exe
  C:\Windows\System\ncbDnmR.exe
  2⤵
  PID:1440
- C:\Windows\System\mmbamFv.exe
  C:\Windows\System\mmbamFv.exe
  2⤵
  PID:4276
- C:\Windows\System\oevkxRz.exe
  C:\Windows\System\oevkxRz.exe
  2⤵
  PID:4380
- C:\Windows\System\mvAMAhO.exe
  C:\Windows\System\mvAMAhO.exe
  2⤵
  PID:9396
- C:\Windows\System\jlDoHbV.exe
  C:\Windows\System\jlDoHbV.exe
  2⤵
  PID:9468
- C:\Windows\System\oMXjMhb.exe
  C:\Windows\System\oMXjMhb.exe
  2⤵
  PID:9412
- C:\Windows\System\tGOmCoQ.exe
  C:\Windows\System\tGOmCoQ.exe
  2⤵
  PID:9508
- C:\Windows\System\iGiFwpq.exe
  C:\Windows\System\iGiFwpq.exe
  2⤵
  PID:9496
- C:\Windows\System\gMeXoOO.exe
  C:\Windows\System\gMeXoOO.exe
  2⤵
  PID:9664
- C:\Windows\System\tmWzHww.exe
  C:\Windows\System\tmWzHww.exe
  2⤵
  PID:9728
- C:\Windows\System\VNtBboc.exe
  C:\Windows\System\VNtBboc.exe
  2⤵
  PID:9840
- C:\Windows\System\FVmjpSQ.exe
  C:\Windows\System\FVmjpSQ.exe
  2⤵
  PID:9872
- C:\Windows\System\NcOYVFC.exe
  C:\Windows\System\NcOYVFC.exe
  2⤵
  PID:3444
- C:\Windows\System\Kbkzvbh.exe
  C:\Windows\System\Kbkzvbh.exe
  2⤵
  PID:10012
- C:\Windows\System\qEzBdlc.exe
  C:\Windows\System\qEzBdlc.exe
  2⤵
  PID:10088
- C:\Windows\System\gdhgWEh.exe
  C:\Windows\System\gdhgWEh.exe
  2⤵
  PID:10156
- C:\Windows\System\QhQGuRR.exe
  C:\Windows\System\QhQGuRR.exe
  2⤵
  PID:10212
- C:\Windows\System\ylATajN.exe
  C:\Windows\System\ylATajN.exe
  2⤵
  PID:8936
- C:\Windows\System\DUGSBXo.exe
  C:\Windows\System\DUGSBXo.exe
  2⤵
  PID:9260
- C:\Windows\System\PpCYoAQ.exe
  C:\Windows\System\PpCYoAQ.exe
  2⤵
  PID:9360
- C:\Windows\System\KMQWvjS.exe
  C:\Windows\System\KMQWvjS.exe
  2⤵
  PID:9700
- C:\Windows\System\prdLCyO.exe
  C:\Windows\System\prdLCyO.exe
  2⤵
  PID:9788
- C:\Windows\System\wXxEbpk.exe
  C:\Windows\System\wXxEbpk.exe
  2⤵
  PID:10116
- C:\Windows\System\XyYGeCI.exe
  C:\Windows\System\XyYGeCI.exe
  2⤵
  PID:3572
- C:\Windows\System\VEhLufv.exe
  C:\Windows\System\VEhLufv.exe
  2⤵
  PID:3340
- C:\Windows\System\qXOhNwV.exe
  C:\Windows\System\qXOhNwV.exe
  2⤵
  PID:10200
- C:\Windows\System\zABmAQo.exe
  C:\Windows\System\zABmAQo.exe
  2⤵
  PID:10268
- C:\Windows\System\WBIBeAf.exe
  C:\Windows\System\WBIBeAf.exe
  2⤵
  PID:10304
- C:\Windows\System\YSUicYw.exe
  C:\Windows\System\YSUicYw.exe
  2⤵
  PID:10348
- C:\Windows\System\SlKlBVU.exe
  C:\Windows\System\SlKlBVU.exe
  2⤵
  PID:10376
- C:\Windows\System\BLGKuzQ.exe
  C:\Windows\System\BLGKuzQ.exe
  2⤵
  PID:10448
- C:\Windows\System\TgnldeZ.exe
  C:\Windows\System\TgnldeZ.exe
  2⤵
  PID:10468
- C:\Windows\System\TVaHytq.exe
  C:\Windows\System\TVaHytq.exe
  2⤵
  PID:10508
- C:\Windows\System\hTKpyhv.exe
  C:\Windows\System\hTKpyhv.exe
  2⤵
  PID:10540
- C:\Windows\System\fPieMxU.exe
  C:\Windows\System\fPieMxU.exe
  2⤵
  PID:10560
- C:\Windows\System\gAbfgcU.exe
  C:\Windows\System\gAbfgcU.exe
  2⤵
  PID:10584
- C:\Windows\System\TDisTse.exe
  C:\Windows\System\TDisTse.exe
  2⤵
  PID:10632
- C:\Windows\System\wvfMWvm.exe
  C:\Windows\System\wvfMWvm.exe
  2⤵
  PID:10672
- C:\Windows\System\eFEsSbP.exe
  C:\Windows\System\eFEsSbP.exe
  2⤵
  PID:10700
- C:\Windows\System\FVRMMet.exe
  C:\Windows\System\FVRMMet.exe
  2⤵
  PID:10736
- C:\Windows\System\YQvsiOY.exe
  C:\Windows\System\YQvsiOY.exe
  2⤵
  PID:10764
- C:\Windows\System\DYTgPpA.exe
  C:\Windows\System\DYTgPpA.exe
  2⤵
  PID:10816
- C:\Windows\System\mWTwKLX.exe
  C:\Windows\System\mWTwKLX.exe
  2⤵
  PID:10832
- C:\Windows\System\gyWLFyL.exe
  C:\Windows\System\gyWLFyL.exe
  2⤵
  PID:10868
- C:\Windows\System\wmGsTLx.exe
  C:\Windows\System\wmGsTLx.exe
  2⤵
  PID:10896
- C:\Windows\System\CTWqdfW.exe
  C:\Windows\System\CTWqdfW.exe
  2⤵
  PID:10924
- C:\Windows\System\uxEgIKe.exe
  C:\Windows\System\uxEgIKe.exe
  2⤵
  PID:10952
- C:\Windows\System\SRAIhPA.exe
  C:\Windows\System\SRAIhPA.exe
  2⤵
  PID:10984
- C:\Windows\System\lmaKSvD.exe
  C:\Windows\System\lmaKSvD.exe
  2⤵
  PID:11012
- C:\Windows\System\wVxWVpS.exe
  C:\Windows\System\wVxWVpS.exe
  2⤵
  PID:11040
- C:\Windows\System\LNUQCrS.exe
  C:\Windows\System\LNUQCrS.exe
  2⤵
  PID:11060
- C:\Windows\System\xrUEFHz.exe
  C:\Windows\System\xrUEFHz.exe
  2⤵
  PID:11100
- C:\Windows\System\ufJLJIv.exe
  C:\Windows\System\ufJLJIv.exe
  2⤵
  PID:11128
- C:\Windows\System\YnWcwkV.exe
  C:\Windows\System\YnWcwkV.exe
  2⤵
  PID:11156
- C:\Windows\System\pCzjPTA.exe
  C:\Windows\System\pCzjPTA.exe
  2⤵
  PID:11172
- C:\Windows\System\nlfkAbm.exe
  C:\Windows\System\nlfkAbm.exe
  2⤵
  PID:11212
- C:\Windows\System\GaZGRwG.exe
  C:\Windows\System\GaZGRwG.exe
  2⤵
  PID:11240
- C:\Windows\System\ylPGKgA.exe
  C:\Windows\System\ylPGKgA.exe
  2⤵
  PID:8692
- C:\Windows\System\gfARTXq.exe
  C:\Windows\System\gfARTXq.exe
  2⤵
  PID:10288
- C:\Windows\System\gLAqwQk.exe
  C:\Windows\System\gLAqwQk.exe
  2⤵
  PID:5000
- C:\Windows\System\LtIkCVl.exe
  C:\Windows\System\LtIkCVl.exe
  2⤵
  PID:10456
- C:\Windows\System\fcmPHfp.exe
  C:\Windows\System\fcmPHfp.exe
  2⤵
  PID:10548
- C:\Windows\System\RHyNOVM.exe
  C:\Windows\System\RHyNOVM.exe
  2⤵
  PID:10576
- C:\Windows\System\KAOBRrr.exe
  C:\Windows\System\KAOBRrr.exe
  2⤵
  PID:10664
- C:\Windows\System\gRGZXqY.exe
  C:\Windows\System\gRGZXqY.exe
  2⤵
  PID:10728
- C:\Windows\System\bGmSaOe.exe
  C:\Windows\System\bGmSaOe.exe
  2⤵
  PID:10824
- C:\Windows\System\hOQEHio.exe
  C:\Windows\System\hOQEHio.exe
  2⤵
  PID:10908
- C:\Windows\System\yYtYFzn.exe
  C:\Windows\System\yYtYFzn.exe
  2⤵
  PID:10972
- C:\Windows\System\IRNGWwv.exe
  C:\Windows\System\IRNGWwv.exe
  2⤵
  PID:11008
- C:\Windows\System\XgFaJqd.exe
  C:\Windows\System\XgFaJqd.exe
  2⤵
  PID:11096
- C:\Windows\System\sRWVzNH.exe
  C:\Windows\System\sRWVzNH.exe
  2⤵
  PID:11148
- C:\Windows\System\NEkkOPM.exe
  C:\Windows\System\NEkkOPM.exe
  2⤵
  PID:11208
- C:\Windows\System\MisnEDG.exe
  C:\Windows\System\MisnEDG.exe
  2⤵
  PID:10320
- C:\Windows\System\ULfvzeH.exe
  C:\Windows\System\ULfvzeH.exe
  2⤵
  PID:10464
- C:\Windows\System\sfUwDfi.exe
  C:\Windows\System\sfUwDfi.exe
  2⤵
  PID:10536
- C:\Windows\System\vIZjUqV.exe
  C:\Windows\System\vIZjUqV.exe
  2⤵
  PID:10760
- C:\Windows\System\OAtWRGv.exe
  C:\Windows\System\OAtWRGv.exe
  2⤵
  PID:10920
- C:\Windows\System\sJkUZcs.exe
  C:\Windows\System\sJkUZcs.exe
  2⤵
  PID:11076
- C:\Windows\System\dMtreLC.exe
  C:\Windows\System\dMtreLC.exe
  2⤵
  PID:11204
- C:\Windows\System\cLmutFr.exe
  C:\Windows\System\cLmutFr.exe
  2⤵
  PID:10936
- C:\Windows\System\OlHtSpY.exe
  C:\Windows\System\OlHtSpY.exe
  2⤵
  PID:10792
- C:\Windows\System\aqKVmXc.exe
  C:\Windows\System\aqKVmXc.exe
  2⤵
  PID:11168
- C:\Windows\System\YPbbQum.exe
  C:\Windows\System\YPbbQum.exe
  2⤵
  PID:10732
- C:\Windows\System\qTespaI.exe
  C:\Windows\System\qTespaI.exe
  2⤵
  PID:11112
- C:\Windows\System\njUdmOe.exe
  C:\Windows\System\njUdmOe.exe
  2⤵
  PID:11284
- C:\Windows\System\RPIEBJR.exe
  C:\Windows\System\RPIEBJR.exe
  2⤵
  PID:11312
- C:\Windows\System\VduTfHQ.exe
  C:\Windows\System\VduTfHQ.exe
  2⤵
  PID:11340
- C:\Windows\System\holftqq.exe
  C:\Windows\System\holftqq.exe
  2⤵
  PID:11364
- C:\Windows\System\ZEGEGsa.exe
  C:\Windows\System\ZEGEGsa.exe
  2⤵
  PID:11396
- C:\Windows\System\TpqUyBI.exe
  C:\Windows\System\TpqUyBI.exe
  2⤵
  PID:11428
- C:\Windows\System\vGELCRi.exe
  C:\Windows\System\vGELCRi.exe
  2⤵
  PID:11460
- C:\Windows\System\ipRYgDu.exe
  C:\Windows\System\ipRYgDu.exe
  2⤵
  PID:11480
- C:\Windows\System\vlcxaGP.exe
  C:\Windows\System\vlcxaGP.exe
  2⤵
  PID:11548
- C:\Windows\System\vkMeBKS.exe
  C:\Windows\System\vkMeBKS.exe
  2⤵
  PID:11572
- C:\Windows\System\COefyWZ.exe
  C:\Windows\System\COefyWZ.exe
  2⤵
  PID:11616
- C:\Windows\System\ydilsBr.exe
  C:\Windows\System\ydilsBr.exe
  2⤵
  PID:11648
- C:\Windows\System\TFOZOJI.exe
  C:\Windows\System\TFOZOJI.exe
  2⤵
  PID:11676
- C:\Windows\System\TpZEFJI.exe
  C:\Windows\System\TpZEFJI.exe
  2⤵
  PID:11708
- C:\Windows\System\nzpWyPs.exe
  C:\Windows\System\nzpWyPs.exe
  2⤵
  PID:11736
- C:\Windows\System\tCfmXsi.exe
  C:\Windows\System\tCfmXsi.exe
  2⤵
  PID:11764
- C:\Windows\System\IDinvTT.exe
  C:\Windows\System\IDinvTT.exe
  2⤵
  PID:11792
- C:\Windows\System\fEUlGSo.exe
  C:\Windows\System\fEUlGSo.exe
  2⤵
  PID:11820
- C:\Windows\System\qqxaNLL.exe
  C:\Windows\System\qqxaNLL.exe
  2⤵
  PID:11848
- C:\Windows\System\BJPGRvo.exe
  C:\Windows\System\BJPGRvo.exe
  2⤵
  PID:11876
- C:\Windows\System\FopXbRs.exe
  C:\Windows\System\FopXbRs.exe
  2⤵
  PID:11908
- C:\Windows\System\qJqgcUF.exe
  C:\Windows\System\qJqgcUF.exe
  2⤵
  PID:11940
- C:\Windows\System\eWxtYQk.exe
  C:\Windows\System\eWxtYQk.exe
  2⤵
  PID:11968
- C:\Windows\System\psHvvKa.exe
  C:\Windows\System\psHvvKa.exe
  2⤵
  PID:11996
- C:\Windows\System\viKGOov.exe
  C:\Windows\System\viKGOov.exe
  2⤵
  PID:12028
- C:\Windows\System\XcwUygI.exe
  C:\Windows\System\XcwUygI.exe
  2⤵
  PID:12048
- C:\Windows\System\ROPMSkf.exe
  C:\Windows\System\ROPMSkf.exe
  2⤵
  PID:12084
- C:\Windows\System\xYjXSyG.exe
  C:\Windows\System\xYjXSyG.exe
  2⤵
  PID:12104
- C:\Windows\System\pJSFfoR.exe
  C:\Windows\System\pJSFfoR.exe
  2⤵
  PID:12140
- C:\Windows\System\SAzkAca.exe
  C:\Windows\System\SAzkAca.exe
  2⤵
  PID:12184
- C:\Windows\System\DoaVsCS.exe
  C:\Windows\System\DoaVsCS.exe
  2⤵
  PID:12216
- C:\Windows\System\OTnzzEL.exe
  C:\Windows\System\OTnzzEL.exe
  2⤵
  PID:12240
- C:\Windows\System\BuoMFtP.exe
  C:\Windows\System\BuoMFtP.exe
  2⤵
  PID:12272
- C:\Windows\System\NcoLZBw.exe
  C:\Windows\System\NcoLZBw.exe
  2⤵
  PID:11296
- C:\Windows\System\TSwBlQS.exe
  C:\Windows\System\TSwBlQS.exe
  2⤵
  PID:11348
- C:\Windows\System\jSJghTc.exe
  C:\Windows\System\jSJghTc.exe
  2⤵
  PID:11420
- C:\Windows\System\eMNlCLV.exe
  C:\Windows\System\eMNlCLV.exe
  2⤵
  PID:11516
- C:\Windows\System\WbyuMze.exe
  C:\Windows\System\WbyuMze.exe
  2⤵
  PID:11468
- C:\Windows\System\RGLMzGd.exe
  C:\Windows\System\RGLMzGd.exe
  2⤵
  PID:11644
- C:\Windows\System\bWmYWrx.exe
  C:\Windows\System\bWmYWrx.exe
  2⤵
  PID:11720
- C:\Windows\System\TDRGfLh.exe
  C:\Windows\System\TDRGfLh.exe
  2⤵
  PID:11784
- C:\Windows\System\aCCAbgt.exe
  C:\Windows\System\aCCAbgt.exe
  2⤵
  PID:11836
- C:\Windows\System\bGEnDyg.exe
  C:\Windows\System\bGEnDyg.exe
  2⤵
  PID:11900
- C:\Windows\System\QtDKxUg.exe
  C:\Windows\System\QtDKxUg.exe
  2⤵
  PID:11980
- C:\Windows\System\nVAfDnY.exe
  C:\Windows\System\nVAfDnY.exe
  2⤵
  PID:12036
- C:\Windows\System\OnKjfCA.exe
  C:\Windows\System\OnKjfCA.exe
  2⤵
  PID:12092
- C:\Windows\System\wFALxVO.exe
  C:\Windows\System\wFALxVO.exe
  2⤵
  PID:12136
- C:\Windows\System\UzZVKGF.exe
  C:\Windows\System\UzZVKGF.exe
  2⤵
  PID:228
- C:\Windows\System\JmfCDZv.exe
  C:\Windows\System\JmfCDZv.exe
  2⤵
  PID:12284
- C:\Windows\System\EvGpvbr.exe
  C:\Windows\System\EvGpvbr.exe
  2⤵
  PID:11380
- C:\Windows\System\iBvqNVk.exe
  C:\Windows\System\iBvqNVk.exe
  2⤵
  PID:11492
- C:\Windows\System\jrekOYF.exe
  C:\Windows\System\jrekOYF.exe
  2⤵
  PID:11780
- C:\Windows\System\KAxgTIn.exe
  C:\Windows\System\KAxgTIn.exe
  2⤵
  PID:11844
- C:\Windows\System\QREosOQ.exe
  C:\Windows\System\QREosOQ.exe
  2⤵
  PID:11952
- C:\Windows\System\FECHfnP.exe
  C:\Windows\System\FECHfnP.exe
  2⤵
  PID:12112
- C:\Windows\System\rFHHDyP.exe
  C:\Windows\System\rFHHDyP.exe
  2⤵
  PID:11280
- C:\Windows\System\DudyGHj.exe
  C:\Windows\System\DudyGHj.exe
  2⤵
  PID:11704
- C:\Windows\System\QasyNTI.exe
  C:\Windows\System\QasyNTI.exe
  2⤵
  PID:12016
- C:\Windows\System\LpnVAny.exe
  C:\Windows\System\LpnVAny.exe
  2⤵
  PID:4232
- C:\Windows\System\PenzHaB.exe
  C:\Windows\System\PenzHaB.exe
  2⤵
  PID:11888
- C:\Windows\System\poEIPXY.exe
  C:\Windows\System\poEIPXY.exe
  2⤵
  PID:12312
- C:\Windows\System\iPJBLmx.exe
  C:\Windows\System\iPJBLmx.exe
  2⤵
  PID:12332
- C:\Windows\System\DVmwDdk.exe
  C:\Windows\System\DVmwDdk.exe
  2⤵
  PID:12368
- C:\Windows\System\fUptBNx.exe
  C:\Windows\System\fUptBNx.exe
  2⤵
  PID:12396
- C:\Windows\System\CMEDKUJ.exe
  C:\Windows\System\CMEDKUJ.exe
  2⤵
  PID:12412
- C:\Windows\System\DiFpsMR.exe
  C:\Windows\System\DiFpsMR.exe
  2⤵
  PID:12452
- C:\Windows\System\NzsJwfb.exe
  C:\Windows\System\NzsJwfb.exe
  2⤵
  PID:12480
- C:\Windows\System\rDSbdRW.exe
  C:\Windows\System\rDSbdRW.exe
  2⤵
  PID:12508
- C:\Windows\System\GsKslxW.exe
  C:\Windows\System\GsKslxW.exe
  2⤵
  PID:12536
- C:\Windows\System\owfJBFe.exe
  C:\Windows\System\owfJBFe.exe
  2⤵
  PID:12564
- C:\Windows\System\yrWksDJ.exe
  C:\Windows\System\yrWksDJ.exe
  2⤵
  PID:12580
- C:\Windows\System\oXkvuOK.exe
  C:\Windows\System\oXkvuOK.exe
  2⤵
  PID:12596
- C:\Windows\System\VCZWxwc.exe
  C:\Windows\System\VCZWxwc.exe
  2⤵
  PID:12616
- C:\Windows\System\hmifMHo.exe
  C:\Windows\System\hmifMHo.exe
  2⤵
  PID:12640
- C:\Windows\System\jrCpocw.exe
  C:\Windows\System\jrCpocw.exe
  2⤵
  PID:12676
- C:\Windows\System\cEdbBvT.exe
  C:\Windows\System\cEdbBvT.exe
  2⤵
  PID:12708
- C:\Windows\System\khyLpSe.exe
  C:\Windows\System\khyLpSe.exe
  2⤵
  PID:12736
- C:\Windows\System\xJBEBJu.exe
  C:\Windows\System\xJBEBJu.exe
  2⤵
  PID:12760
- C:\Windows\System\lBOmLKo.exe
  C:\Windows\System\lBOmLKo.exe
  2⤵
  PID:12776
- C:\Windows\System\Lvildio.exe
  C:\Windows\System\Lvildio.exe
  2⤵
  PID:12836
- C:\Windows\System\JVbsZtP.exe
  C:\Windows\System\JVbsZtP.exe
  2⤵
  PID:12888
- C:\Windows\System\cNTvYtv.exe
  C:\Windows\System\cNTvYtv.exe
  2⤵
  PID:12924
- C:\Windows\System\DlemXzZ.exe
  C:\Windows\System\DlemXzZ.exe
  2⤵
  PID:12964
- C:\Windows\System\dKiywwa.exe
  C:\Windows\System\dKiywwa.exe
  2⤵
  PID:13012
- C:\Windows\System\wbZOABC.exe
  C:\Windows\System\wbZOABC.exe
  2⤵
  PID:13040
- C:\Windows\System\aApLumC.exe
  C:\Windows\System\aApLumC.exe
  2⤵
  PID:13108
- C:\Windows\System\oBiqeuW.exe
  C:\Windows\System\oBiqeuW.exe
  2⤵
  PID:13152
- C:\Windows\System\IFtPWCe.exe
  C:\Windows\System\IFtPWCe.exe
  2⤵
  PID:13204
- C:\Windows\System\ZSWtZUx.exe
  C:\Windows\System\ZSWtZUx.exe
  2⤵
  PID:13228
- C:\Windows\System\WIFSbHi.exe
  C:\Windows\System\WIFSbHi.exe
  2⤵
  PID:13280
- C:\Windows\System\nPEmleD.exe
  C:\Windows\System\nPEmleD.exe
  2⤵
  PID:12296
- C:\Windows\System\wfCVcMj.exe
  C:\Windows\System\wfCVcMj.exe
  2⤵
  PID:12364
- C:\Windows\System\vsVYjHP.exe
  C:\Windows\System\vsVYjHP.exe
  2⤵
  PID:12444
- C:\Windows\System\PjaTUPw.exe
  C:\Windows\System\PjaTUPw.exe
  2⤵
  PID:12476
- C:\Windows\System\BpLqbPP.exe
  C:\Windows\System\BpLqbPP.exe
  2⤵
  PID:12528
- C:\Windows\System\jypmyWg.exe
  C:\Windows\System\jypmyWg.exe
  2⤵
  PID:12632
- C:\Windows\System\FfeOaRN.exe
  C:\Windows\System\FfeOaRN.exe
  2⤵
  PID:12656
- C:\Windows\System\zlkaqbg.exe
  C:\Windows\System\zlkaqbg.exe
  2⤵
  PID:12744
- C:\Windows\System\xzzWFxW.exe
  C:\Windows\System\xzzWFxW.exe
  2⤵
  PID:12768
- C:\Windows\System\yjvHIeW.exe
  C:\Windows\System\yjvHIeW.exe
  2⤵
  PID:12792
- C:\Windows\System\RIAPXbG.exe
  C:\Windows\System\RIAPXbG.exe
  2⤵
  PID:12936
- C:\Windows\System\TbhRgcn.exe
  C:\Windows\System\TbhRgcn.exe
  2⤵
  PID:13068
- C:\Windows\System\cBUIjbQ.exe
  C:\Windows\System\cBUIjbQ.exe
  2⤵
  PID:1756
- C:\Windows\System\ccrMjkz.exe
  C:\Windows\System\ccrMjkz.exe
  2⤵
  PID:13196
- C:\Windows\System\EOuFtcc.exe
  C:\Windows\System\EOuFtcc.exe
  2⤵
  PID:13272
- C:\Windows\System\MjYNmmh.exe
  C:\Windows\System\MjYNmmh.exe
  2⤵
  PID:9472
- C:\Windows\System\MfrONlr.exe
  C:\Windows\System\MfrONlr.exe
  2⤵
  PID:12308
- C:\Windows\System\GINoLHf.exe
  C:\Windows\System\GINoLHf.exe
  2⤵
  PID:12392
- C:\Windows\System\jscJGwY.exe
  C:\Windows\System\jscJGwY.exe
  2⤵
  PID:2816
- C:\Windows\System\mtqvius.exe
  C:\Windows\System\mtqvius.exe
  2⤵
  PID:12612
- C:\Windows\System\VTioecF.exe
  C:\Windows\System\VTioecF.exe
  2⤵
  PID:4348
- C:\Windows\System\XqwuCuH.exe
  C:\Windows\System\XqwuCuH.exe
  2⤵
  PID:12852
- C:\Windows\System\hkaUaEi.exe
  C:\Windows\System\hkaUaEi.exe
  2⤵
  PID:556
- C:\Windows\System\eWpZvJu.exe
  C:\Windows\System\eWpZvJu.exe
  2⤵
  PID:9316
- C:\Windows\System\MaZpdFX.exe
  C:\Windows\System\MaZpdFX.exe
  2⤵
  PID:4368
- C:\Windows\System\gSmjPDU.exe
  C:\Windows\System\gSmjPDU.exe
  2⤵
  PID:12672
- C:\Windows\System\mYpBWTI.exe
  C:\Windows\System\mYpBWTI.exe
  2⤵
  PID:13100
- C:\Windows\System\TMFEraP.exe
  C:\Windows\System\TMFEraP.exe
  2⤵
  PID:1236
- C:\Windows\System\bFqeikm.exe
  C:\Windows\System\bFqeikm.exe
  2⤵
  PID:13244
- C:\Windows\System\kmTnlbB.exe
  C:\Windows\System\kmTnlbB.exe
  2⤵
  PID:13316
- C:\Windows\System\HZlBsSV.exe
  C:\Windows\System\HZlBsSV.exe
  2⤵
  PID:13344
- C:\Windows\System\ZmuIKup.exe
  C:\Windows\System\ZmuIKup.exe
  2⤵
  PID:13360
- C:\Windows\System\UMSgkKS.exe
  C:\Windows\System\UMSgkKS.exe
  2⤵
  PID:13400
- C:\Windows\System\qmRxqpt.exe
  C:\Windows\System\qmRxqpt.exe
  2⤵
  PID:13428
- C:\Windows\System\NRkfPKg.exe
  C:\Windows\System\NRkfPKg.exe
  2⤵
  PID:13456
- C:\Windows\System\ZRIMjQB.exe
  C:\Windows\System\ZRIMjQB.exe
  2⤵
  PID:13484
- C:\Windows\System\wGEdZKz.exe
  C:\Windows\System\wGEdZKz.exe
  2⤵
  PID:13512
- C:\Windows\System\WYmOxZu.exe
  C:\Windows\System\WYmOxZu.exe
  2⤵
  PID:13540
- C:\Windows\System\KhuHYiT.exe
  C:\Windows\System\KhuHYiT.exe
  2⤵
  PID:13568
- C:\Windows\System\GFtGjVh.exe
  C:\Windows\System\GFtGjVh.exe
  2⤵
  PID:13596
- C:\Windows\System\pTvwaYw.exe
  C:\Windows\System\pTvwaYw.exe
  2⤵
  PID:13628
- C:\Windows\System\lfRErko.exe
  C:\Windows\System\lfRErko.exe
  2⤵
  PID:13656
- C:\Windows\System\ZiIpoAv.exe
  C:\Windows\System\ZiIpoAv.exe
  2⤵
  PID:13684
- C:\Windows\System\kwVwVRe.exe
  C:\Windows\System\kwVwVRe.exe
  2⤵
  PID:13712
- C:\Windows\System\dvTqNeJ.exe
  C:\Windows\System\dvTqNeJ.exe
  2⤵
  PID:13740
- C:\Windows\System\IxKKDfC.exe
  C:\Windows\System\IxKKDfC.exe
  2⤵
  PID:13768
- C:\Windows\System\XfHAGoU.exe
  C:\Windows\System\XfHAGoU.exe
  2⤵
  PID:13796
- C:\Windows\System\NntAMGG.exe
  C:\Windows\System\NntAMGG.exe
  2⤵
  PID:13824
- C:\Windows\System\YoPinBq.exe
  C:\Windows\System\YoPinBq.exe
  2⤵
  PID:13852
- C:\Windows\System\OjlzfgF.exe
  C:\Windows\System\OjlzfgF.exe
  2⤵
  PID:13880
- C:\Windows\System\rDvRodY.exe
  C:\Windows\System\rDvRodY.exe
  2⤵
  PID:13916
- C:\Windows\System\uFVjfoQ.exe
  C:\Windows\System\uFVjfoQ.exe
  2⤵
  PID:13944
- C:\Windows\System\oTJOQnx.exe
  C:\Windows\System\oTJOQnx.exe
  2⤵
  PID:13972
- C:\Windows\System\THsADoy.exe
  C:\Windows\System\THsADoy.exe
  2⤵
  PID:14000
- C:\Windows\System\lYwjkOF.exe
  C:\Windows\System\lYwjkOF.exe
  2⤵
  PID:14028
- C:\Windows\System\zpGArTa.exe
  C:\Windows\System\zpGArTa.exe
  2⤵
  PID:14056
- C:\Windows\System\WlYkeiC.exe
  C:\Windows\System\WlYkeiC.exe
  2⤵
  PID:14084
- C:\Windows\System\swFoYDa.exe
  C:\Windows\System\swFoYDa.exe
  2⤵
  PID:14112
- C:\Windows\System\kBgVFyH.exe
  C:\Windows\System\kBgVFyH.exe
  2⤵
  PID:14140
- C:\Windows\System\pbhstsR.exe
  C:\Windows\System\pbhstsR.exe
  2⤵
  PID:14168
- C:\Windows\System\frRgfex.exe
  C:\Windows\System\frRgfex.exe
  2⤵
  PID:14196
- C:\Windows\System\MxPDQhb.exe
  C:\Windows\System\MxPDQhb.exe
  2⤵
  PID:14224
- C:\Windows\System\jMbqjPB.exe
  C:\Windows\System\jMbqjPB.exe
  2⤵
  PID:14252
- C:\Windows\System\iIckPHc.exe
  C:\Windows\System\iIckPHc.exe
  2⤵
  PID:14280
- C:\Windows\System\sSBymPG.exe
  C:\Windows\System\sSBymPG.exe
  2⤵
  PID:14308
- C:\Windows\System\fUvAYlu.exe
  C:\Windows\System\fUvAYlu.exe
  2⤵
  PID:9540
- C:\Windows\System\LNrvDyh.exe
  C:\Windows\System\LNrvDyh.exe
  2⤵
  PID:13356
- C:\Windows\System\IAWUjxh.exe
  C:\Windows\System\IAWUjxh.exe
  2⤵
  PID:13448
- C:\Windows\System\JeuTZQo.exe
  C:\Windows\System\JeuTZQo.exe
  2⤵
  PID:13532
- C:\Windows\System\XsBdHMq.exe
  C:\Windows\System\XsBdHMq.exe
  2⤵
  PID:13588
- C:\Windows\System\UxWflbm.exe
  C:\Windows\System\UxWflbm.exe
  2⤵
  PID:13640
- C:\Windows\System\rRLSyqk.exe
  C:\Windows\System\rRLSyqk.exe
  2⤵
  PID:13724
- C:\Windows\System\rCCxGQR.exe
  C:\Windows\System\rCCxGQR.exe
  2⤵
  PID:13792
- C:\Windows\System\SWlPdoK.exe
  C:\Windows\System\SWlPdoK.exe
  2⤵
  PID:13864
- C:\Windows\System\kkGOUxH.exe
  C:\Windows\System\kkGOUxH.exe
  2⤵
  PID:1876
- C:\Windows\System\jEJlJJX.exe
  C:\Windows\System\jEJlJJX.exe
  2⤵
  PID:13904
- C:\Windows\System\prYnWdI.exe
  C:\Windows\System\prYnWdI.exe
  2⤵
  PID:13968
- C:\Windows\System\mJOvQtS.exe
  C:\Windows\System\mJOvQtS.exe
  2⤵
  PID:14040
- C:\Windows\System\TtgLZgB.exe
  C:\Windows\System\TtgLZgB.exe
  2⤵
  PID:14076
- C:\Windows\System\KwRqROS.exe
  C:\Windows\System\KwRqROS.exe
  2⤵
  PID:14136
- C:\Windows\System\cRuoqYY.exe
  C:\Windows\System\cRuoqYY.exe
  2⤵
  PID:14208
- C:\Windows\System\PEzCyep.exe
  C:\Windows\System\PEzCyep.exe
  2⤵
  PID:4612
- C:\Windows\System\hezndXF.exe
  C:\Windows\System\hezndXF.exe
  2⤵
  PID:4376
- C:\Windows\System\lRnFXcK.exe
  C:\Windows\System\lRnFXcK.exe
  2⤵
  PID:13552
- C:\Windows\System\vpDIXxQ.exe
  C:\Windows\System\vpDIXxQ.exe
  2⤵
  PID:13708
- C:\Windows\System\okhrVba.exe
  C:\Windows\System\okhrVba.exe
  2⤵
  PID:9480
- C:\Windows\System\xneBafY.exe
  C:\Windows\System\xneBafY.exe
  2⤵
  PID:9340
- C:\Windows\System\dwnwrRW.exe
  C:\Windows\System\dwnwrRW.exe
  2⤵
  PID:13844
- C:\Windows\System\CpfiHbe.exe
  C:\Windows\System\CpfiHbe.exe
  2⤵
  PID:13936
- C:\Windows\System\CTRpDOh.exe
  C:\Windows\System\CTRpDOh.exe
  2⤵
  PID:2564
- C:\Windows\System\vwDatzz.exe
  C:\Windows\System\vwDatzz.exe
  2⤵
  PID:224
- C:\Windows\System\SAPqEIu.exe
  C:\Windows\System\SAPqEIu.exe
  2⤵
  PID:13388
- C:\Windows\System\jgIeJuF.exe
  C:\Windows\System\jgIeJuF.exe
  2⤵
  PID:13680
- C:\Windows\System\DmKfjis.exe
  C:\Windows\System\DmKfjis.exe
  2⤵
  PID:4076
- C:\Windows\System\PVWhhZO.exe
  C:\Windows\System\PVWhhZO.exe
  2⤵
  PID:4476
- C:\Windows\System\kGfDuuW.exe
  C:\Windows\System\kGfDuuW.exe
  2⤵
  PID:14248
- C:\Windows\System\SjJFeFQ.exe
  C:\Windows\System\SjJFeFQ.exe
  2⤵
  PID:9648
- C:\Windows\System\oXQSugg.exe
  C:\Windows\System\oXQSugg.exe
  2⤵
  PID:13620
- C:\Windows\System\niHTzXl.exe
  C:\Windows\System\niHTzXl.exe
  2⤵
  PID:14348
- C:\Windows\System\kBoIECr.exe
  C:\Windows\System\kBoIECr.exe
  2⤵
  PID:14384
- C:\Windows\System\qOtPzUa.exe
  C:\Windows\System\qOtPzUa.exe
  2⤵
  PID:14416
- C:\Windows\System\mwevdXA.exe
  C:\Windows\System\mwevdXA.exe
  2⤵
  PID:14448
- C:\Windows\System\lYARcqv.exe
  C:\Windows\System\lYARcqv.exe
  2⤵
  PID:14488
- C:\Windows\System\rKLQRXi.exe
  C:\Windows\System\rKLQRXi.exe
  2⤵
  PID:14508
- C:\Windows\System\YwyemPU.exe
  C:\Windows\System\YwyemPU.exe
  2⤵
  PID:14536
- C:\Windows\System\msEsvKq.exe
  C:\Windows\System\msEsvKq.exe
  2⤵
  PID:14564
- C:\Windows\System\aAheWEl.exe
  C:\Windows\System\aAheWEl.exe
  2⤵
  PID:14592
- C:\Windows\System\HazyHDp.exe
  C:\Windows\System\HazyHDp.exe
  2⤵
  PID:14620
- C:\Windows\System\DHWrizZ.exe
  C:\Windows\System\DHWrizZ.exe
  2⤵
  PID:14648
- C:\Windows\System\ldKBcxf.exe
  C:\Windows\System\ldKBcxf.exe
  2⤵
  PID:14676
- C:\Windows\System\phNZVMT.exe
  C:\Windows\System\phNZVMT.exe
  2⤵
  PID:14708
- C:\Windows\System\zvMVfqh.exe
  C:\Windows\System\zvMVfqh.exe
  2⤵
  PID:14736
- C:\Windows\System\AXpRoGu.exe
  C:\Windows\System\AXpRoGu.exe
  2⤵
  PID:14764
- C:\Windows\System\DQKtvpn.exe
  C:\Windows\System\DQKtvpn.exe
  2⤵
  PID:14784
- C:\Windows\System\YBkEzor.exe
  C:\Windows\System\YBkEzor.exe
  2⤵
  PID:14820
- C:\Windows\System\rzjsyiU.exe
  C:\Windows\System\rzjsyiU.exe
  2⤵
  PID:14852
- C:\Windows\System\NMcCVIK.exe
  C:\Windows\System\NMcCVIK.exe
  2⤵
  PID:14896
- C:\Windows\System\dXhXNwt.exe
  C:\Windows\System\dXhXNwt.exe
  2⤵
  PID:14920
- C:\Windows\System\FcWNZiq.exe
  C:\Windows\System\FcWNZiq.exe
  2⤵
  PID:14940
- C:\Windows\System\wxfZttm.exe
  C:\Windows\System\wxfZttm.exe
  2⤵
  PID:14968
- C:\Windows\System\yOKAisO.exe
  C:\Windows\System\yOKAisO.exe
  2⤵
  PID:14984
- C:\Windows\System\YAesaul.exe
  C:\Windows\System\YAesaul.exe
  2⤵
  PID:15000
- C:\Windows\System\SuxUmZG.exe
  C:\Windows\System\SuxUmZG.exe
  2⤵
  PID:15064
- C:\Windows\System\HYVTTkm.exe
  C:\Windows\System\HYVTTkm.exe
  2⤵
  PID:15088
- C:\Windows\System\coTBgrp.exe
  C:\Windows\System\coTBgrp.exe
  2⤵
  PID:15120
- C:\Windows\System\dZLrOIQ.exe
  C:\Windows\System\dZLrOIQ.exe
  2⤵
  PID:15148
- C:\Windows\System\FmoqyFv.exe
  C:\Windows\System\FmoqyFv.exe
  2⤵
  PID:15184
- C:\Windows\System\EfSvHIo.exe
  C:\Windows\System\EfSvHIo.exe
  2⤵
  PID:15212
- C:\Windows\System\VWnEgHf.exe
  C:\Windows\System\VWnEgHf.exe
  2⤵
  PID:15240
- C:\Windows\System\JOoKVpI.exe
  C:\Windows\System\JOoKVpI.exe
  2⤵
  PID:15268
- C:\Windows\System\kifaDXF.exe
  C:\Windows\System\kifaDXF.exe
  2⤵
  PID:15296
- C:\Windows\System\xuCsnyh.exe
  C:\Windows\System\xuCsnyh.exe
  2⤵
  PID:15324
- C:\Windows\System\GGkgezZ.exe
  C:\Windows\System\GGkgezZ.exe
  2⤵
  PID:14368
- C:\Windows\System\EtEEdxQ.exe
  C:\Windows\System\EtEEdxQ.exe
  2⤵
  PID:14432
- C:\Windows\System\rgWWJxB.exe
  C:\Windows\System\rgWWJxB.exe
  2⤵
  PID:14404
- C:\Windows\System\REBlGzu.exe
  C:\Windows\System\REBlGzu.exe
  2⤵
  PID:14584
- C:\Windows\System\FxBZNvy.exe
  C:\Windows\System\FxBZNvy.exe
  2⤵
  PID:14644

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BSyWktm.exe

Filesize
6.0MB

MD5
0c9895efea216458dc308a0be048dc6f

SHA1
b3ccb13e5ad26ad87ae772fdbdda9d6168f85634

SHA256
c8eb51f0e2b90d2c32e265c1c9d11fa7b9187f4c3ecdb35ea812074c7a3dcfba

SHA512
c50f445777fdcfed16578be8f0c28aab6e99e9456ae20cb5ff394809cd7e4ec4a330f8656b0310f056dd5730b485e41cb73f1c5b275945053fc5980bd59b9868

Download Submit
C:\Windows\System\CBxNUnm.exe

Filesize
6.0MB

MD5
d16aa953f1c42e63db96178be6dd2ec8

SHA1
a4b71a5a0834875ab1e63915d46fcdf4f0075a4c

SHA256
0f173507dc9a5bafae860703170088a8117a82d0b5d1889b892eadae63583644

SHA512
a121b8b7263bf44088100d6f747074cb0feeb8fdbf561f21023740cb6b949ed1a9184c55fd359035e2893f77d7cac15b0ada455a6988735d3e3c2e4c0d228aed

Download Submit
C:\Windows\System\ExGbDTI.exe

Filesize
6.0MB

MD5
3d6d3f452365f37e500a567d7f145bc6

SHA1
e86a60af23b3632d25b83e93d1082d9068dcc9a1

SHA256
df78ab9bb759098750aa10bcca4c703a61d4de8261163b3be9b8f258e821f34a

SHA512
38cbb682e2e9416110b705a3a5655ad3ebb6203c0cf4df8fbb51651cd208c67fa03ae26ffee7d3166acbae66e265f8ec26a102fdcd30f4d5c2bd45524328fa7e

Download Submit
C:\Windows\System\FVDGNaf.exe

Filesize
6.0MB

MD5
95aefde1ceea738d4d6c0d019af2d4d3

SHA1
81e41a24629529f42ce00b58c7b7e15b07b9dc0d

SHA256
69453fc62bd75e78681a680d4085205f0ad7f28dbfdc0725aad439ace7587e38

SHA512
c18b889f8f60943079b4ace4e293e5c6fae72c4a494a3d9b379891d76e3e558c0c4d04461a12460fa319d480ffb5f0f9524ed6b914bd88569b06b9e9d2ab185e

Download Submit
C:\Windows\System\FtoVAZD.exe

Filesize
6.0MB

MD5
496deb2024077185d0daf3c6f137672a

SHA1
da36b9c096d4adf95407808296ea21f1d1381b50

SHA256
6226cb6dc41df78b089db266429f261650b699f4edfeb482fadc608faefb19d7

SHA512
3bee8808c2bf3c8c06b0c129e791675901b1009b62b85e189644cd4851f4e3810dac46e904d05cb8f794fa26df3120ddaeff18c07a749b5a885c74f95937f5b0

Download Submit
C:\Windows\System\JBaOLWp.exe

Filesize
6.0MB

MD5
ac3e87ae7eb688f2aa4b77ad889169bc

SHA1
178e0aa38067b5d9aa86ccec23ff87dd64827927

SHA256
8730e1d4fb8922a33a1fa2d76cd123e3ac305333b65be536ce694b9d3a664b48

SHA512
04c2c6a1560883be8773fc24ea784ce2468b53ecc24cd466978bc847ddb37f0902be2b9493f176971f6d495ca3f7231c6666128dcc97218d203cba5ce322f452

Download Submit
C:\Windows\System\JWUDMiW.exe

Filesize
6.0MB

MD5
4fde9579ff075af30dfee709a0d21977

SHA1
228f7c90af647d38aa47bb494d1c36c21da02c74

SHA256
ab634d3796cfb08408e584c6f456443ac3d7eb5161020332f74bf2c6b24a5e1e

SHA512
630d6d9be01f48ae1d4c45b00f53e1d964f5502ebfa7f0587867e212b00a42a04f11328841d7a2074f8f586ff2890c72889adbee0eead0440331932ee0ad04e9

Download Submit
C:\Windows\System\KeDSPpv.exe

Filesize
6.0MB

MD5
532b2ba7ebb82e93f2d878f6db8da3a5

SHA1
588da8d265db6a6609439068969f41938ce87a00

SHA256
74082e8f283b2f152a3ce68ae2cdec3ffd1be3d8dae43eb95d6b547d92f0d2fa

SHA512
35e60ed4e5061dc27e2065b52637686a1c61345ba0ce08fa08477c744f4596e2bcf4c80db5abd9bb6924206e061ba3944a062af415e7c212f4a44d08bea323b4

Download Submit
C:\Windows\System\NEbqNdu.exe

Filesize
6.0MB

MD5
45263abff2ea6f98fbd375bd2b89e0aa

SHA1
5fa5590e4740961da1282ca482e128b7331783c5

SHA256
54f8010e6d144276dab9c09c1b199f8f87487252ed1222f1771a18518a5fb4da

SHA512
893c99e03f4ce717b068a7327c8ff8c86a8da9843b254c49a721bca6cf6da321c8fdf00a92d83cb528e2ef2bbcfea5110bfdf50fa82fb14d7069f07dc2094b7e

Download Submit
C:\Windows\System\OMGqbpD.exe

Filesize
6.0MB

MD5
fd9c5380ca1591b53b9af3c1bf7a1a35

SHA1
3164bdbda21cf51b788241f59dec8bf7cdddbb35

SHA256
8c09841e956fa3e54a0b1113f9ba2cfb889abec63eec18755e9e602823da8898

SHA512
c6d747d315e6cccc41fbabf2cb30d9ac536adbc6f229a03f7da62dc846fd7fd0fd015b5f1366c6273b347f0fbe0164f832e924aa20c185a40fc833a9d3b6d649

Download Submit
C:\Windows\System\SgwcIjB.exe

Filesize
6.0MB

MD5
ec89e2d2b8ed4078400b7278817f150c

SHA1
55854188db086ace4854943f154361689b1256d3

SHA256
fa351a8562625fe30d76c7496318a26110e9a3b09026ee1c23efffca0f506340

SHA512
bd8f8a75357ae51fdf64e8dcbe3a71cdb75012744b1371cf3510a49ea527e14ce31989f2ff31b5120a9b271ec6798491d2b437e6929a1aee03eddd1c4142336f

Download Submit
C:\Windows\System\TBSntaP.exe

Filesize
6.0MB

MD5
4b8b602f862441a0413402fdb0986cc3

SHA1
674c55652d6672b21240075fa7fbecec1c7162fa

SHA256
bebeb4b43cfd92ac216c2be2cbb6c2193e1c4bd6336724836c3acb3688f36f37

SHA512
91706ee278a92025bb3c7f25ad123ff2b33a9a7ea66b9d4847387a927c255058cbaedc318781724d0066e6144d9d3c069f4d1108d7e108f709b4785e9571b09c

Download Submit
C:\Windows\System\XmFWBkk.exe

Filesize
6.0MB

MD5
9b45c3965d9fa3db723b966ff86e62d2

SHA1
b83ee9a1ed3fcc51b65516966245fcb00f542f4c

SHA256
f81c46517db26e098ec62e94aa1a3211a640b4d6eecb88272df9eeb0e40bd4db

SHA512
d53027b5207feaffdd3e6fd372173d4de425e872c895ea0c5198fbc0789a3a2708086f036fa91bbc053e91a2ab8c45ad189710dc8096755aad794b07294a5464

Download Submit
C:\Windows\System\XonoApp.exe

Filesize
6.0MB

MD5
039df596d0d4fc31550adcadfdba68f5

SHA1
76e2f1f6927e160e3aa1882b6b205b73b33559d8

SHA256
f5c6795c9c4098dd036513410c8f3f9578cbf77d237a880c1fd5f87dbf9afac5

SHA512
b47293d1cb8dde5cd7bcbc43181b5168caaac31b47aba098592394927794ec7d3b3dc8320e2a7895621d1ea9812734c01a4364c16f17026d712e7d34705cf429

Download Submit
C:\Windows\System\cWQxzqd.exe

Filesize
6.0MB

MD5
160af4d931ba6745f2577c93a508ecac

SHA1
bc426ed1016b896550b0b1c27ee3b4d4943dfd62

SHA256
0aa5206e8d5ac00157739ed26da601cc55d6a0595af3b71d6c6b6f047ae5bcda

SHA512
d3ebd870a656beff1b0886f488b40bf9fa628b148a0ea574f00ce828cf5ab18fa77f8c77ce8d7f4d30525c488b752aec0a8aabcded23ebaff08f070cc810e1d9

Download Submit
C:\Windows\System\cbTOSUF.exe

Filesize
6.0MB

MD5
70bb5c9f78f7b1a1965d7fe899c8f5ba

SHA1
05feb1c3cdf8f3db7438203e9b1a0ef35568ecdc

SHA256
5fa3c5f181969557e3f2e0a93e1309c4150fa317be706a5bc8ff839be001bac4

SHA512
d285533d9c3edcbd7b375b3f130e292188165bc683e12107a5b7e15b8012e6180c34d082e7f80f93228c3b9a7d8c9192a43d30ea2270e64830a49f69d31a293e

Download Submit
C:\Windows\System\dwUrzMh.exe

Filesize
6.0MB

MD5
31b677277be32fafef06e305d614ad2f

SHA1
17646ae12b8e769879451a7dcee52ed1bed9790b

SHA256
5cfd151377f9fea303e5dcb19e8e12fd4906c9e36eddaba81b1b774ec5ab3894

SHA512
6b246b46a626bbccfbdbcc319b9deb8b9cd79c8ed86b4971c9ca9b0bc729ab6278a8c7da1e54bb6f9793136778ef0f115252771e3b0a8b46521ac1c707214f36

Download Submit
C:\Windows\System\eXKjYxz.exe

Filesize
6.0MB

MD5
bc1c4e745f8a400db083ed271c71f006

SHA1
9580ecaca556f4613e4b1012c0c78c3fead9b73f

SHA256
156863ac9c20420da254805962db169f485a1448e64e9307ca5d8121edf5381f

SHA512
5b09e4ec48c9594bc4b6c544c0e144de29677f47c342225adabd83fc8cde23cfe8253b40837b4865827fd6b644ffae3897934844bb0574989ae7706267f5f3b5

Download Submit
C:\Windows\System\hbmDRTK.exe

Filesize
6.0MB

MD5
b5adedd9069ca147ecde0f01ff7952c5

SHA1
aafbde7b73e04a032a0cba99dea411a88cfab22c

SHA256
768778ad4ca857c274d6a1700f78bc7ab35f5bda73f78abc5d8e61eb33d24bb8

SHA512
cbe5cfa0c4ac0db088eb8567989c66e9a9e4e48c7dead0b31bb35a821e8a5931e09db1cd3e315b1c2ad56f2ef8c2c1d4ce033d06263b983ba5545d23d15dfe03

Download Submit
C:\Windows\System\iPapFhD.exe

Filesize
6.0MB

MD5
3a60fd8958228032d546d7c98b879bd2

SHA1
9f384d225f18d4158e999067ad41d29a17788cf8

SHA256
a5f63525e30734d59467aa96594d571bb64c1e69399c446fff1f5ac722e1ff67

SHA512
f5bc02839ee2412baf28add29cbfc09bc1b3581d07cc7f6bcaafd2a3a3b6e57786331484ffb1d3c5ee15d12982461ef9d81872c563aca65827568ba820b008f9

Download Submit
C:\Windows\System\kWnsnaq.exe

Filesize
6.0MB

MD5
b573cf14818cc4b25282a1d76b06fd95

SHA1
d12b4cf163a064c79c890b6a776a84cc2f0b2321

SHA256
e41faf783d01f02b979e909c73fd79da389db8dd49db37d714a97a2457bf318b

SHA512
208df06f39a6c275aeac3cfca04cba854e5de569d063fcef647532b641581aca971a980fac83db41a569b0e05dd7e82fa3a88e95abb78672f35dba2e39ddcb2e

Download Submit
C:\Windows\System\kvNYXXD.exe

Filesize
6.0MB

MD5
f883971cee954c7ead3db1e5894efa55

SHA1
221ba9735dff7e304739d4b9800fab63ab26ac1f

SHA256
39aea90effdee3423cbe10da5bd4900d9bfe8ae4d2c16fb519220b4c1c0fcbef

SHA512
68d83cfcf8610a6adfa43a4da7ae4b832940dee7db46260bf46023a6f333b701f40ff9007484a33d3ff82c9e5facb5b686a8ca7cf4bdf22fc9d38a4af3587166

Download Submit
C:\Windows\System\mJebOzm.exe

Filesize
6.0MB

MD5
a7d571545e8c9a5ee27672a9c0b3ebef

SHA1
0d2f293d97fffd5a3cddd64bdf34e3e64cfbc75e

SHA256
ab8d98acb94624e26547c82b185524ef8029bd339ffd9d1dcb11f06aa10a7ae2

SHA512
9b247e9d8efc0768fe24da35e72aa7889fb4a6c9e964133f8aa18e2ac5497bb625f08f0b9a7d9742376f890dd5edf74623f51330d944631936b6d12c70d0b3e7

Download Submit
C:\Windows\System\phgNZjT.exe

Filesize
6.0MB

MD5
56d31b2a1326640a77310feb26290c13

SHA1
4199eda4b82ebe42ace9f1d4f0ba91fe6aad0464

SHA256
4a8514d6ebb25f4e96316a29b24e2d3a0bcc28a9c6705e551a62db6bb9ac4b66

SHA512
daa66a8716c7de10eee90ea93a7e399e2baaae1eee207aa87bbb7f563fc4a98786a51339ee04b702fe942cd2c0221d72ef78b5dfc456334e13ddd935cae8d201

Download Submit
C:\Windows\System\rMsfDLJ.exe

Filesize
6.0MB

MD5
f2318f0c5a4075e4b4b95b8a1d56c2ea

SHA1
116e6bc3910876c49d37dfe6175d20dfb403a5e6

SHA256
329f30ea4cc381c5918a5e2c2d70b5f5a78054e8855f311fbb016a1c02d219d0

SHA512
f56b91274046054d7432d1af89f57d7318ba576cdda28dd22a6c00f855836eaa29b58d3d4d1e511a2e7c9f497e5b33c10e2cb7b71ec3987a5c35d6f0f60d223a

Download Submit
C:\Windows\System\tJmDMGo.exe

Filesize
6.0MB

MD5
b3375c35fb1d3a61d4c278302661f2c0

SHA1
6ff09f486a047d128eb236385c5bc14b8524d519

SHA256
139c1c44708c91b4e966e8ae63b80faeacfd79a8378da16489b8e133aec92606

SHA512
8f1f534887d8e79c3796c0863b758081d57cc96b4c0d500a8f0a51aaebc9ca8114e45e846fff83c8d33a294dda64ec9e741bf8b5a3fdb6cbd946f2cb9f79a083

Download Submit
C:\Windows\System\wXWVHox.exe

Filesize
6.0MB

MD5
ee695a4513737a313a612d76f0d7804b

SHA1
f8c0d6a9c16caac6c62f023014c91f602a323e09

SHA256
4e1998bf5f78d263776c805565a42bf35aef7cd9b4759884b7e864df3959064a

SHA512
962592eff77b9d89ad939a889cdf53c8fad038c64fbfeea1a4ffaa092826c70d63730074af9598694ea9e93afdb5238e8c86a6dfa78f81e6096da7250de76948

Download Submit
C:\Windows\System\wfSwqLC.exe

Filesize
6.0MB

MD5
499ad6843fcdf103a99d5ea52574f74e

SHA1
272b649e183e68c29557dc39cd3d8d0818ddd371

SHA256
49873ff1e42d39e451a5b5edc566f2c36393949bb0937bba5704971bf47f60b1

SHA512
3904e617ed53578fdcfacb36a2b3a39503b27e9b96b7e327d4c993dd5c67496c26150d0cc385d4e21452285023a0a3d0ccbe9c05dab0d3622532715090d195f0

Download Submit
C:\Windows\System\yKOIcor.exe

Filesize
6.0MB

MD5
e31d86463d427e05d7a4e3e7a759ea93

SHA1
af0b71989974a13c3a40fb7ff2939e024cf9a384

SHA256
2a37abd65f1b8a25ccd4052d6bd2e8ffd3c6902f752616f5dc3c7671ce009797

SHA512
17caf39e78322e6f90219734f893920cac8bb60f2515a2da97756d85d84a8a19fa6af801969adb71e8591deb5332f479fc76fe3b3455d88e4b9e8aa5fbeb32e0

Download Submit
C:\Windows\System\yTcXOtv.exe

Filesize
6.0MB

MD5
7309d6ad6c1a3a4ed938cd9a5521bb02

SHA1
549f99aa3f63609822dbdb03621b642ca0254faa

SHA256
c9ae02409c5ebbb3d65dbb11391b0278f1469a73969540fdf46f953539033237

SHA512
74b5837c041a2aaeb7028563497917e864bc85d0684dbc05d015346931ef4979575305645476c8b9ac19cc0989eff12d020eb6f3ffa9a3d6c6102f571d1d7b9b

Download Submit
C:\Windows\System\zNGDXgg.exe

Filesize
6.0MB

MD5
557af81cb2f47d056626cf3b69eeaab2

SHA1
a2d711369094c6deb8ec434235089cbf55ef94a3

SHA256
a04c624680052f48eace47b67647ee8b7180e706fe3ef08afdceefc22d2bbfe9

SHA512
9f310cd8744dfcb36f30a0e8575a7c6701c8bb908657bf3deec69e0a182cd379a670e2731443d3be666a43a796bbbe43fccd785c66cffdfe574d10f0f571d16c

Download Submit
C:\Windows\System\zcwkgiR.exe

Filesize
6.0MB

MD5
b4628e8eedf19d46b2115b41ab8c7a0e

SHA1
56556e758ed609177b082c3b4614b71c27526bb5

SHA256
1dd9380c61fc0a1acffe05d3b560374e3dbb17832270a7df62c39d99864a71fc

SHA512
764d699ac84afbac1c79431159d98f97eb40f220fb709041f7e4b261f917d910ca37871899fbc7391ab6634e8c2479c21a83154486bf7a06efc6b619d4aa0661

Download Submit
C:\Windows\System\zovAiEP.exe

Filesize
6.0MB

MD5
cf2d8bc7dbc8a2be202c88070667d5b5

SHA1
72bedc809a5e46eecf4d2947c90b98314ae6324c

SHA256
9005201b75985f475ce0a8ade56849528a06ca281ff2a14b2b91e50464c729cd

SHA512
80db56a4858d9820ad740c44bb6389fa732291cc8c4ed6bfecefbe7ab9e319ce846791a10218cf70258d221b2f48993ef0d5be397591dcda5ef71ca5fecdbfe9

Download Submit
memory/220-44-0x00007FF650AB0000-0x00007FF650E04000-memory.dmp

Filesize
3.3MB

Download
memory/220-2209-0x00007FF650AB0000-0x00007FF650E04000-memory.dmp

Filesize
3.3MB

Download
memory/1028-1133-0x00007FF760FC0000-0x00007FF761314000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2221-0x00007FF760FC0000-0x00007FF761314000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2220-0x00007FF680DD0000-0x00007FF681124000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1149-0x00007FF680DD0000-0x00007FF681124000-memory.dmp

Filesize
3.3MB

Download
memory/1408-60-0x00007FF63E480000-0x00007FF63E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2212-0x00007FF63E480000-0x00007FF63E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2107-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-69-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-21-0x00007FF6A4B60000-0x00007FF6A4EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1144-0x00007FF6F03C0000-0x00007FF6F0714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2230-0x00007FF6F03C0000-0x00007FF6F0714000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2208-0x00007FF656130000-0x00007FF656484000-memory.dmp

Filesize
3.3MB

Download
memory/2132-36-0x00007FF656130000-0x00007FF656484000-memory.dmp

Filesize
3.3MB

Download
memory/2132-106-0x00007FF656130000-0x00007FF656484000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1143-0x00007FF63CE10000-0x00007FF63D164000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2224-0x00007FF63CE10000-0x00007FF63D164000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1130-0x00007FF659890000-0x00007FF659BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2223-0x00007FF659890000-0x00007FF659BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2215-0x00007FF6A7670000-0x00007FF6A79C4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1511-0x00007FF6A7670000-0x00007FF6A79C4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-89-0x00007FF6A7670000-0x00007FF6A79C4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1563-0x00007FF7F8270000-0x00007FF7F85C4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-90-0x00007FF7F8270000-0x00007FF7F85C4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2214-0x00007FF7F8270000-0x00007FF7F85C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-96-0x00007FF7A6260000-0x00007FF7A65B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1633-0x00007FF7A6260000-0x00007FF7A65B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2217-0x00007FF7A6260000-0x00007FF7A65B4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1131-0x00007FF747E70000-0x00007FF7481C4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2222-0x00007FF747E70000-0x00007FF7481C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1508-0x00007FF660580000-0x00007FF6608D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-81-0x00007FF660580000-0x00007FF6608D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2216-0x00007FF660580000-0x00007FF6608D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1137-0x00007FF632000000-0x00007FF632354000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2228-0x00007FF632000000-0x00007FF632354000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2211-0x00007FF62CF10000-0x00007FF62D264000-memory.dmp

Filesize
3.3MB

Download
memory/3108-67-0x00007FF62CF10000-0x00007FF62D264000-memory.dmp

Filesize
3.3MB

Download
memory/3304-70-0x00007FF608FA0000-0x00007FF6092F4000-memory.dmp

Filesize
3.3MB

Download
memory/3304-1438-0x00007FF608FA0000-0x00007FF6092F4000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2213-0x00007FF608FA0000-0x00007FF6092F4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-1127-0x00007FF792950000-0x00007FF792CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2218-0x00007FF792950000-0x00007FF792CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-1636-0x00007FF792950000-0x00007FF792CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3824-32-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp

Filesize
3.3MB

Download
memory/3824-2207-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp

Filesize
3.3MB

Download
memory/3824-95-0x00007FF7F41F0000-0x00007FF7F4544000-memory.dmp

Filesize
3.3MB

Download
memory/4068-1142-0x00007FF65BD40000-0x00007FF65C094000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2225-0x00007FF65BD40000-0x00007FF65C094000-memory.dmp

Filesize
3.3MB

Download
memory/4340-1141-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4340-2227-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2065-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-8-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-57-0x00007FF6C2CA0000-0x00007FF6C2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-1145-0x00007FF621E90000-0x00007FF6221E4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2231-0x00007FF621E90000-0x00007FF6221E4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-1138-0x00007FF623BF0000-0x00007FF623F44000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2226-0x00007FF623BF0000-0x00007FF623F44000-memory.dmp

Filesize
3.3MB

Download
memory/4812-1128-0x00007FF782DE0000-0x00007FF783134000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2219-0x00007FF782DE0000-0x00007FF783134000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2229-0x00007FF725000000-0x00007FF725354000-memory.dmp

Filesize
3.3MB

Download
memory/4816-1134-0x00007FF725000000-0x00007FF725354000-memory.dmp

Filesize
3.3MB

Download
memory/4828-48-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp

Filesize
3.3MB

Download
memory/4828-1-0x000001EC37C00000-0x000001EC37C10000-memory.dmp

Filesize
64KB

Download
memory/4828-0-0x00007FF7EC7A0000-0x00007FF7ECAF4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-14-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2098-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-66-0x00007FF7C45A0000-0x00007FF7C48F4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-80-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2111-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp

Filesize
3.3MB

Download
memory/4996-26-0x00007FF6E6040000-0x00007FF6E6394000-memory.dmp

Filesize
3.3MB

Download
memory/5032-51-0x00007FF770390000-0x00007FF7706E4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2210-0x00007FF770390000-0x00007FF7706E4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1229-0x00007FF770390000-0x00007FF7706E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads