cobaltstrike | ca6732b7502602e94008bcccfa4a4fece5b5444ddeb7ed0fb25067d027466c28

Analysis

max time kernel
104s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

e2fbd0aa94a7aeaed871049e2121c6ec
SHA1

49c36c333705a711caa7cf22ee0c3ecd888c9b74
SHA256

ca6732b7502602e94008bcccfa4a4fece5b5444ddeb7ed0fb25067d027466c28
SHA512

6e5a01842c38a82dffacdc4cb6ee7657b5b9db875f3c37a44eea197dc0b4ec5ff82e448b6b5719c65f8e3eeebdfcc8ee568f1d2ce2bf96d13db2f92515853143
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000236de-4.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422c-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422d-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422e-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024230-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422f-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024232-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024231-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024233-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024236-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024235-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024237-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024239-96.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423a-100.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024240-136.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423f-146.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024243-157.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024242-156.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024241-151.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423d-122.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423c-118.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024238-88.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024244-171.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024257-182.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024259-201.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002425a-205.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002425b-203.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024258-192.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024256-175.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024229-74.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1688-0-0x00007FF6B4BD0000-0x00007FF6B4F24000-memory.dmp	xmrig
behavioral1/files/0x00090000000236de-4.dat	xmrig
behavioral1/memory/5980-8-0x00007FF7F8160000-0x00007FF7F84B4000-memory.dmp	xmrig
behavioral1/files/0x000700000002422c-10.dat	xmrig
behavioral1/files/0x000700000002422d-11.dat	xmrig
behavioral1/memory/624-13-0x00007FF7B67F0000-0x00007FF7B6B44000-memory.dmp	xmrig
behavioral1/memory/5700-20-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp	xmrig
behavioral1/files/0x000700000002422e-22.dat	xmrig
behavioral1/memory/5384-25-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp	xmrig
behavioral1/memory/4560-32-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp	xmrig
behavioral1/files/0x0007000000024230-35.dat	xmrig
behavioral1/memory/4980-38-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp	xmrig
behavioral1/files/0x000700000002422f-30.dat	xmrig
behavioral1/memory/1808-50-0x00007FF70FCD0000-0x00007FF710024000-memory.dmp	xmrig
behavioral1/files/0x0007000000024232-47.dat	xmrig
behavioral1/files/0x0007000000024231-46.dat	xmrig
behavioral1/files/0x0007000000024233-53.dat	xmrig
behavioral1/memory/4292-56-0x00007FF7A55F0000-0x00007FF7A5944000-memory.dmp	xmrig
behavioral1/files/0x0007000000024236-62.dat	xmrig
behavioral1/files/0x0007000000024235-59.dat	xmrig
behavioral1/memory/4996-65-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp	xmrig
behavioral1/files/0x0007000000024237-80.dat	xmrig
behavioral1/memory/3460-83-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp	xmrig
behavioral1/memory/696-84-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp	xmrig
behavioral1/memory/5384-94-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp	xmrig
behavioral1/memory/1640-95-0x00007FF769740000-0x00007FF769A94000-memory.dmp	xmrig
behavioral1/files/0x0007000000024239-96.dat	xmrig
behavioral1/files/0x000700000002423a-100.dat	xmrig
behavioral1/memory/4784-115-0x00007FF6A0020000-0x00007FF6A0374000-memory.dmp	xmrig
behavioral1/files/0x000700000002423e-123.dat	xmrig
behavioral1/files/0x0007000000024240-136.dat	xmrig
behavioral1/files/0x000700000002423f-146.dat	xmrig
behavioral1/memory/4568-154-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp	xmrig
behavioral1/files/0x0007000000024243-157.dat	xmrig
behavioral1/files/0x0007000000024242-156.dat	xmrig
behavioral1/memory/620-155-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp	xmrig
behavioral1/memory/5164-153-0x00007FF65E0E0000-0x00007FF65E434000-memory.dmp	xmrig
behavioral1/files/0x0007000000024241-151.dat	xmrig
behavioral1/memory/5100-150-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp	xmrig
behavioral1/memory/4032-149-0x00007FF74ED00000-0x00007FF74F054000-memory.dmp	xmrig
behavioral1/memory/5296-143-0x00007FF7F65B0000-0x00007FF7F6904000-memory.dmp	xmrig
behavioral1/memory/4996-138-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp	xmrig
behavioral1/memory/5452-135-0x00007FF79FF60000-0x00007FF7A02B4000-memory.dmp	xmrig
behavioral1/memory/2020-130-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp	xmrig
behavioral1/memory/5704-125-0x00007FF793050000-0x00007FF7933A4000-memory.dmp	xmrig
behavioral1/files/0x000700000002423d-122.dat	xmrig
behavioral1/files/0x000700000002423c-118.dat	xmrig
behavioral1/memory/2124-112-0x00007FF6FEA70000-0x00007FF6FEDC4000-memory.dmp	xmrig
behavioral1/files/0x000700000002423b-111.dat	xmrig
behavioral1/memory/4980-110-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp	xmrig
behavioral1/memory/4696-104-0x00007FF7E70C0000-0x00007FF7E7414000-memory.dmp	xmrig
behavioral1/memory/696-158-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp	xmrig
behavioral1/memory/4560-101-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp	xmrig
behavioral1/memory/5600-90-0x00007FF7E3210000-0x00007FF7E3564000-memory.dmp	xmrig
behavioral1/memory/5700-87-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp	xmrig
behavioral1/files/0x0007000000024238-88.dat	xmrig
behavioral1/files/0x0007000000024244-171.dat	xmrig
behavioral1/files/0x0007000000024257-182.dat	xmrig
behavioral1/files/0x0007000000024259-201.dat	xmrig
behavioral1/files/0x000700000002425a-205.dat	xmrig
behavioral1/files/0x000700000002425b-203.dat	xmrig
behavioral1/memory/5704-200-0x00007FF793050000-0x00007FF7933A4000-memory.dmp	xmrig
behavioral1/memory/2020-260-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp	xmrig
behavioral1/memory/620-467-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5980	hdLrtEl.exe
624	nKQxeUO.exe
5700	RVkOUBH.exe
5384	ZyOoJDr.exe
4560	eNCoKiS.exe
4980	ERNCtCG.exe
4784	OakJITw.exe
1808	HdLsDyz.exe
4292	lWOCDMt.exe
4996	WovfoOo.exe
5100	ECCkzWU.exe
3460	qrIfkPg.exe
5600	HpTWsPM.exe
696	ecbjMMz.exe
1640	IkCeWpw.exe
4696	BuKOEwZ.exe
2124	YdowPCt.exe
5704	feRlFOX.exe
5452	IejhSUQ.exe
2020	PNuzlGw.exe
5296	LNIFNLS.exe
4032	rmNnfEU.exe
4568	rGflytJ.exe
5164	lxLrcHO.exe
620	CsTKply.exe
960	lfRDhUa.exe
3364	ZSHpDYc.exe
1736	EgrSmRG.exe
2596	XofmnBg.exe
5400	RxuMgnK.exe
5848	StCfLeq.exe
2972	taTLsQz.exe
3520	bJNULUV.exe
1292	fILDAfb.exe
4132	WBBKZRu.exe
5732	NweTwGf.exe
1140	CtvZpey.exe
4396	MKXGPtR.exe
2036	qZHMrdt.exe
4048	hLssOqm.exe
5304	AroIECF.exe
4892	VUhrmNW.exe
2168	TnUHHit.exe
5888	KjttBLV.exe
2604	giDWFjk.exe
5756	eotddBI.exe
5228	cRXXzCP.exe
1976	VuRSOhy.exe
228	GIeJynZ.exe
3684	gEUtede.exe
3348	vzFUHpO.exe
1288	QVzPGdN.exe
4508	gvsGqtc.exe
1132	ezIkODO.exe
376	grfaPJO.exe
5908	YLQNhzz.exe
2352	TFLMqYz.exe
4936	ITxVknd.exe
4944	UITukAq.exe
5308	mkKPTxV.exe
5092	pFKpOqT.exe
4492	CcMQjPo.exe
4732	ijcwdnA.exe
2304	PgReofX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1688-0-0x00007FF6B4BD0000-0x00007FF6B4F24000-memory.dmp	upx
behavioral1/files/0x00090000000236de-4.dat	upx
behavioral1/memory/5980-8-0x00007FF7F8160000-0x00007FF7F84B4000-memory.dmp	upx
behavioral1/files/0x000700000002422c-10.dat	upx
behavioral1/files/0x000700000002422d-11.dat	upx
behavioral1/memory/624-13-0x00007FF7B67F0000-0x00007FF7B6B44000-memory.dmp	upx
behavioral1/memory/5700-20-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp	upx
behavioral1/files/0x000700000002422e-22.dat	upx
behavioral1/memory/5384-25-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp	upx
behavioral1/memory/4560-32-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp	upx
behavioral1/files/0x0007000000024230-35.dat	upx
behavioral1/memory/4980-38-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp	upx
behavioral1/files/0x000700000002422f-30.dat	upx
behavioral1/memory/1808-50-0x00007FF70FCD0000-0x00007FF710024000-memory.dmp	upx
behavioral1/files/0x0007000000024232-47.dat	upx
behavioral1/files/0x0007000000024231-46.dat	upx
behavioral1/files/0x0007000000024233-53.dat	upx
behavioral1/memory/4292-56-0x00007FF7A55F0000-0x00007FF7A5944000-memory.dmp	upx
behavioral1/files/0x0007000000024236-62.dat	upx
behavioral1/files/0x0007000000024235-59.dat	upx
behavioral1/memory/4996-65-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp	upx
behavioral1/files/0x0007000000024237-80.dat	upx
behavioral1/memory/3460-83-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp	upx
behavioral1/memory/696-84-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp	upx
behavioral1/memory/5384-94-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp	upx
behavioral1/memory/1640-95-0x00007FF769740000-0x00007FF769A94000-memory.dmp	upx
behavioral1/files/0x0007000000024239-96.dat	upx
behavioral1/files/0x000700000002423a-100.dat	upx
behavioral1/memory/4784-115-0x00007FF6A0020000-0x00007FF6A0374000-memory.dmp	upx
behavioral1/files/0x000700000002423e-123.dat	upx
behavioral1/files/0x0007000000024240-136.dat	upx
behavioral1/files/0x000700000002423f-146.dat	upx
behavioral1/memory/4568-154-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp	upx
behavioral1/files/0x0007000000024243-157.dat	upx
behavioral1/files/0x0007000000024242-156.dat	upx
behavioral1/memory/620-155-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp	upx
behavioral1/memory/5164-153-0x00007FF65E0E0000-0x00007FF65E434000-memory.dmp	upx
behavioral1/files/0x0007000000024241-151.dat	upx
behavioral1/memory/5100-150-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp	upx
behavioral1/memory/4032-149-0x00007FF74ED00000-0x00007FF74F054000-memory.dmp	upx
behavioral1/memory/5296-143-0x00007FF7F65B0000-0x00007FF7F6904000-memory.dmp	upx
behavioral1/memory/4996-138-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp	upx
behavioral1/memory/5452-135-0x00007FF79FF60000-0x00007FF7A02B4000-memory.dmp	upx
behavioral1/memory/2020-130-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp	upx
behavioral1/memory/5704-125-0x00007FF793050000-0x00007FF7933A4000-memory.dmp	upx
behavioral1/files/0x000700000002423d-122.dat	upx
behavioral1/files/0x000700000002423c-118.dat	upx
behavioral1/memory/2124-112-0x00007FF6FEA70000-0x00007FF6FEDC4000-memory.dmp	upx
behavioral1/files/0x000700000002423b-111.dat	upx
behavioral1/memory/4980-110-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp	upx
behavioral1/memory/4696-104-0x00007FF7E70C0000-0x00007FF7E7414000-memory.dmp	upx
behavioral1/memory/696-158-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp	upx
behavioral1/memory/4560-101-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp	upx
behavioral1/memory/5600-90-0x00007FF7E3210000-0x00007FF7E3564000-memory.dmp	upx
behavioral1/memory/5700-87-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp	upx
behavioral1/files/0x0007000000024238-88.dat	upx
behavioral1/files/0x0007000000024244-171.dat	upx
behavioral1/files/0x0007000000024257-182.dat	upx
behavioral1/files/0x0007000000024259-201.dat	upx
behavioral1/files/0x000700000002425a-205.dat	upx
behavioral1/files/0x000700000002425b-203.dat	upx
behavioral1/memory/5704-200-0x00007FF793050000-0x00007FF7933A4000-memory.dmp	upx
behavioral1/memory/2020-260-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp	upx
behavioral1/memory/620-467-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PlKVmDk.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tyJvnwq.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GIeJynZ.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xgvcwAs.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HYWsqRz.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TsVEjbd.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eWmFzeE.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nfOQzuv.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xWQxZOP.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\exzlhMm.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AroIECF.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AozLouM.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RgjOhVT.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WcVDaap.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TiLJPxy.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WXRabIc.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZcrKRuI.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oCLSRvE.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XzWDJaq.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UFgsaDz.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DkJpOMt.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\znhAwPu.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jLymPnG.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FYzCJtW.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\izwwWjs.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YxBXKAZ.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NJTpxzs.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lTsbQKt.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kjLWIxV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hFjxROL.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yGOWWMH.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XMAPgxU.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SxNlhuO.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yLpbwNc.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LrSzFEG.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HmUaAcq.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\URCYWjk.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AnIgcWI.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GVpLuqT.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CsTKply.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JpfLmnj.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sNHvLXd.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tGvFZaj.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cFxjYES.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fDUafiU.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kIwYjcX.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cSXZlbV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VuRSOhy.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YwVrdtf.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VZhYIML.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MmbNQjA.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QxQbUrf.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ybkCyjU.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YokWmSV.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CcMQjPo.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gYbGWbK.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NJCBIFe.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nmGsTLm.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BFudrIB.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JtywvbW.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\liwkoMa.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FkXBEYW.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BrDcGLb.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tsVksen.exe	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 5980	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1688 wrote to memory of 5980	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1688 wrote to memory of 624	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1688 wrote to memory of 624	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1688 wrote to memory of 5700	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1688 wrote to memory of 5700	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1688 wrote to memory of 5384	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1688 wrote to memory of 5384	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1688 wrote to memory of 4560	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 1688 wrote to memory of 4560	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 1688 wrote to memory of 4980	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 1688 wrote to memory of 4980	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 1688 wrote to memory of 4784	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1688 wrote to memory of 4784	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1688 wrote to memory of 1808	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1688 wrote to memory of 1808	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1688 wrote to memory of 4292	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1688 wrote to memory of 4292	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1688 wrote to memory of 4996	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1688 wrote to memory of 4996	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1688 wrote to memory of 5100	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1688 wrote to memory of 5100	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 1688 wrote to memory of 3460	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1688 wrote to memory of 3460	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1688 wrote to memory of 5600	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1688 wrote to memory of 5600	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1688 wrote to memory of 696	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1688 wrote to memory of 696	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1688 wrote to memory of 1640	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1688 wrote to memory of 1640	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1688 wrote to memory of 4696	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1688 wrote to memory of 4696	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1688 wrote to memory of 2124	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1688 wrote to memory of 2124	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1688 wrote to memory of 5704	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 1688 wrote to memory of 5704	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 1688 wrote to memory of 5452	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1688 wrote to memory of 5452	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 1688 wrote to memory of 2020	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1688 wrote to memory of 2020	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1688 wrote to memory of 5296	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1688 wrote to memory of 5296	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 1688 wrote to memory of 4032	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1688 wrote to memory of 4032	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1688 wrote to memory of 4568	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1688 wrote to memory of 4568	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1688 wrote to memory of 5164	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1688 wrote to memory of 5164	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1688 wrote to memory of 620	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1688 wrote to memory of 620	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1688 wrote to memory of 960	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1688 wrote to memory of 960	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1688 wrote to memory of 3364	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1688 wrote to memory of 3364	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1688 wrote to memory of 1736	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1688 wrote to memory of 1736	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 1688 wrote to memory of 2596	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1688 wrote to memory of 2596	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 1688 wrote to memory of 5400	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1688 wrote to memory of 5400	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 1688 wrote to memory of 5848	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1688 wrote to memory of 5848	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1688 wrote to memory of 2972	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1688 wrote to memory of 2972	1688	2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122

C:\Users\Admin\AppData\Local\Temp\2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_e2fbd0aa94a7aeaed871049e2121c6ec_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\System\hdLrtEl.exe
  C:\Windows\System\hdLrtEl.exe
  2⤵
  - Executes dropped EXE
  PID:5980
- C:\Windows\System\nKQxeUO.exe
  C:\Windows\System\nKQxeUO.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\RVkOUBH.exe
  C:\Windows\System\RVkOUBH.exe
  2⤵
  - Executes dropped EXE
  PID:5700
- C:\Windows\System\ZyOoJDr.exe
  C:\Windows\System\ZyOoJDr.exe
  2⤵
  - Executes dropped EXE
  PID:5384
- C:\Windows\System\eNCoKiS.exe
  C:\Windows\System\eNCoKiS.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ERNCtCG.exe
  C:\Windows\System\ERNCtCG.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\OakJITw.exe
  C:\Windows\System\OakJITw.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\HdLsDyz.exe
  C:\Windows\System\HdLsDyz.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\lWOCDMt.exe
  C:\Windows\System\lWOCDMt.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\WovfoOo.exe
  C:\Windows\System\WovfoOo.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\ECCkzWU.exe
  C:\Windows\System\ECCkzWU.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\qrIfkPg.exe
  C:\Windows\System\qrIfkPg.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\HpTWsPM.exe
  C:\Windows\System\HpTWsPM.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\ecbjMMz.exe
  C:\Windows\System\ecbjMMz.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\IkCeWpw.exe
  C:\Windows\System\IkCeWpw.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BuKOEwZ.exe
  C:\Windows\System\BuKOEwZ.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\YdowPCt.exe
  C:\Windows\System\YdowPCt.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\feRlFOX.exe
  C:\Windows\System\feRlFOX.exe
  2⤵
  - Executes dropped EXE
  PID:5704
- C:\Windows\System\IejhSUQ.exe
  C:\Windows\System\IejhSUQ.exe
  2⤵
  - Executes dropped EXE
  PID:5452
- C:\Windows\System\PNuzlGw.exe
  C:\Windows\System\PNuzlGw.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\LNIFNLS.exe
  C:\Windows\System\LNIFNLS.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\rmNnfEU.exe
  C:\Windows\System\rmNnfEU.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\rGflytJ.exe
  C:\Windows\System\rGflytJ.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\lxLrcHO.exe
  C:\Windows\System\lxLrcHO.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\CsTKply.exe
  C:\Windows\System\CsTKply.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\lfRDhUa.exe
  C:\Windows\System\lfRDhUa.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\ZSHpDYc.exe
  C:\Windows\System\ZSHpDYc.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\EgrSmRG.exe
  C:\Windows\System\EgrSmRG.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\XofmnBg.exe
  C:\Windows\System\XofmnBg.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\RxuMgnK.exe
  C:\Windows\System\RxuMgnK.exe
  2⤵
  - Executes dropped EXE
  PID:5400
- C:\Windows\System\StCfLeq.exe
  C:\Windows\System\StCfLeq.exe
  2⤵
  - Executes dropped EXE
  PID:5848
- C:\Windows\System\taTLsQz.exe
  C:\Windows\System\taTLsQz.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\bJNULUV.exe
  C:\Windows\System\bJNULUV.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\fILDAfb.exe
  C:\Windows\System\fILDAfb.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\WBBKZRu.exe
  C:\Windows\System\WBBKZRu.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\NweTwGf.exe
  C:\Windows\System\NweTwGf.exe
  2⤵
  - Executes dropped EXE
  PID:5732
- C:\Windows\System\CtvZpey.exe
  C:\Windows\System\CtvZpey.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\MKXGPtR.exe
  C:\Windows\System\MKXGPtR.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\qZHMrdt.exe
  C:\Windows\System\qZHMrdt.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\hLssOqm.exe
  C:\Windows\System\hLssOqm.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\AroIECF.exe
  C:\Windows\System\AroIECF.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System\VUhrmNW.exe
  C:\Windows\System\VUhrmNW.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\TnUHHit.exe
  C:\Windows\System\TnUHHit.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KjttBLV.exe
  C:\Windows\System\KjttBLV.exe
  2⤵
  - Executes dropped EXE
  PID:5888
- C:\Windows\System\giDWFjk.exe
  C:\Windows\System\giDWFjk.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\eotddBI.exe
  C:\Windows\System\eotddBI.exe
  2⤵
  - Executes dropped EXE
  PID:5756
- C:\Windows\System\cRXXzCP.exe
  C:\Windows\System\cRXXzCP.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\VuRSOhy.exe
  C:\Windows\System\VuRSOhy.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\GIeJynZ.exe
  C:\Windows\System\GIeJynZ.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\gEUtede.exe
  C:\Windows\System\gEUtede.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\vzFUHpO.exe
  C:\Windows\System\vzFUHpO.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\QVzPGdN.exe
  C:\Windows\System\QVzPGdN.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\gvsGqtc.exe
  C:\Windows\System\gvsGqtc.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\ezIkODO.exe
  C:\Windows\System\ezIkODO.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\grfaPJO.exe
  C:\Windows\System\grfaPJO.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\YLQNhzz.exe
  C:\Windows\System\YLQNhzz.exe
  2⤵
  - Executes dropped EXE
  PID:5908
- C:\Windows\System\TFLMqYz.exe
  C:\Windows\System\TFLMqYz.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ITxVknd.exe
  C:\Windows\System\ITxVknd.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\UITukAq.exe
  C:\Windows\System\UITukAq.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\mkKPTxV.exe
  C:\Windows\System\mkKPTxV.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\pFKpOqT.exe
  C:\Windows\System\pFKpOqT.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\CcMQjPo.exe
  C:\Windows\System\CcMQjPo.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\ijcwdnA.exe
  C:\Windows\System\ijcwdnA.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\PgReofX.exe
  C:\Windows\System\PgReofX.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\yxtOYtF.exe
  C:\Windows\System\yxtOYtF.exe
  2⤵
  PID:1612
- C:\Windows\System\OEJmMku.exe
  C:\Windows\System\OEJmMku.exe
  2⤵
  PID:1412
- C:\Windows\System\LTHyFPj.exe
  C:\Windows\System\LTHyFPj.exe
  2⤵
  PID:4188
- C:\Windows\System\mokLKVY.exe
  C:\Windows\System\mokLKVY.exe
  2⤵
  PID:5792
- C:\Windows\System\xZCWyfb.exe
  C:\Windows\System\xZCWyfb.exe
  2⤵
  PID:3268
- C:\Windows\System\ZUybpwX.exe
  C:\Windows\System\ZUybpwX.exe
  2⤵
  PID:1740
- C:\Windows\System\HzPmhLN.exe
  C:\Windows\System\HzPmhLN.exe
  2⤵
  PID:5208
- C:\Windows\System\YcsTUGY.exe
  C:\Windows\System\YcsTUGY.exe
  2⤵
  PID:852
- C:\Windows\System\ZtgzCCJ.exe
  C:\Windows\System\ZtgzCCJ.exe
  2⤵
  PID:1620
- C:\Windows\System\paJUzGT.exe
  C:\Windows\System\paJUzGT.exe
  2⤵
  PID:3848
- C:\Windows\System\pdNlcSC.exe
  C:\Windows\System\pdNlcSC.exe
  2⤵
  PID:2572
- C:\Windows\System\teOOQfd.exe
  C:\Windows\System\teOOQfd.exe
  2⤵
  PID:5984
- C:\Windows\System\JpanDdr.exe
  C:\Windows\System\JpanDdr.exe
  2⤵
  PID:2692
- C:\Windows\System\sqtAbty.exe
  C:\Windows\System\sqtAbty.exe
  2⤵
  PID:1920
- C:\Windows\System\iiwfhvD.exe
  C:\Windows\System\iiwfhvD.exe
  2⤵
  PID:3452
- C:\Windows\System\fxoMjxC.exe
  C:\Windows\System\fxoMjxC.exe
  2⤵
  PID:5024
- C:\Windows\System\TynATqy.exe
  C:\Windows\System\TynATqy.exe
  2⤵
  PID:3616
- C:\Windows\System\umcEqBa.exe
  C:\Windows\System\umcEqBa.exe
  2⤵
  PID:5760
- C:\Windows\System\sQORjWA.exe
  C:\Windows\System\sQORjWA.exe
  2⤵
  PID:5356
- C:\Windows\System\BLktoYY.exe
  C:\Windows\System\BLktoYY.exe
  2⤵
  PID:5288
- C:\Windows\System\KTcwySe.exe
  C:\Windows\System\KTcwySe.exe
  2⤵
  PID:3928
- C:\Windows\System\RflWDNJ.exe
  C:\Windows\System\RflWDNJ.exe
  2⤵
  PID:1448
- C:\Windows\System\PJFIFks.exe
  C:\Windows\System\PJFIFks.exe
  2⤵
  PID:5812
- C:\Windows\System\enJULOy.exe
  C:\Windows\System\enJULOy.exe
  2⤵
  PID:1028
- C:\Windows\System\xWQxZOP.exe
  C:\Windows\System\xWQxZOP.exe
  2⤵
  PID:3780
- C:\Windows\System\xEwqoox.exe
  C:\Windows\System\xEwqoox.exe
  2⤵
  PID:5736
- C:\Windows\System\stkxcvO.exe
  C:\Windows\System\stkxcvO.exe
  2⤵
  PID:2184
- C:\Windows\System\GqMmkkd.exe
  C:\Windows\System\GqMmkkd.exe
  2⤵
  PID:1748
- C:\Windows\System\FefmxSa.exe
  C:\Windows\System\FefmxSa.exe
  2⤵
  PID:4260
- C:\Windows\System\neivQQM.exe
  C:\Windows\System\neivQQM.exe
  2⤵
  PID:3632
- C:\Windows\System\CBKpGyi.exe
  C:\Windows\System\CBKpGyi.exe
  2⤵
  PID:4972
- C:\Windows\System\PihVNvz.exe
  C:\Windows\System\PihVNvz.exe
  2⤵
  PID:5240
- C:\Windows\System\aKJIlQY.exe
  C:\Windows\System\aKJIlQY.exe
  2⤵
  PID:4692
- C:\Windows\System\Exopmrn.exe
  C:\Windows\System\Exopmrn.exe
  2⤵
  PID:2440
- C:\Windows\System\LCEryya.exe
  C:\Windows\System\LCEryya.exe
  2⤵
  PID:1816
- C:\Windows\System\AozLouM.exe
  C:\Windows\System\AozLouM.exe
  2⤵
  PID:4040
- C:\Windows\System\TlduTJS.exe
  C:\Windows\System\TlduTJS.exe
  2⤵
  PID:1036
- C:\Windows\System\DXzoCet.exe
  C:\Windows\System\DXzoCet.exe
  2⤵
  PID:4844
- C:\Windows\System\PBnopdo.exe
  C:\Windows\System\PBnopdo.exe
  2⤵
  PID:6096
- C:\Windows\System\UZlIejH.exe
  C:\Windows\System\UZlIejH.exe
  2⤵
  PID:3232
- C:\Windows\System\oqHDgwe.exe
  C:\Windows\System\oqHDgwe.exe
  2⤵
  PID:5028
- C:\Windows\System\xTJagvE.exe
  C:\Windows\System\xTJagvE.exe
  2⤵
  PID:2744
- C:\Windows\System\RnRXKDx.exe
  C:\Windows\System\RnRXKDx.exe
  2⤵
  PID:5552
- C:\Windows\System\NeImijs.exe
  C:\Windows\System\NeImijs.exe
  2⤵
  PID:1188
- C:\Windows\System\tyJBQhQ.exe
  C:\Windows\System\tyJBQhQ.exe
  2⤵
  PID:2192
- C:\Windows\System\cSXZlbV.exe
  C:\Windows\System\cSXZlbV.exe
  2⤵
  PID:4632
- C:\Windows\System\jFUEtza.exe
  C:\Windows\System\jFUEtza.exe
  2⤵
  PID:3220
- C:\Windows\System\tyJvnwq.exe
  C:\Windows\System\tyJvnwq.exe
  2⤵
  PID:820
- C:\Windows\System\nIUShKB.exe
  C:\Windows\System\nIUShKB.exe
  2⤵
  PID:1940
- C:\Windows\System\SMGFvMi.exe
  C:\Windows\System\SMGFvMi.exe
  2⤵
  PID:6152
- C:\Windows\System\usvtAsD.exe
  C:\Windows\System\usvtAsD.exe
  2⤵
  PID:6184
- C:\Windows\System\wQcCRiJ.exe
  C:\Windows\System\wQcCRiJ.exe
  2⤵
  PID:6208
- C:\Windows\System\IpuDZBP.exe
  C:\Windows\System\IpuDZBP.exe
  2⤵
  PID:6232
- C:\Windows\System\PemKNLH.exe
  C:\Windows\System\PemKNLH.exe
  2⤵
  PID:6252
- C:\Windows\System\simMvBb.exe
  C:\Windows\System\simMvBb.exe
  2⤵
  PID:6288
- C:\Windows\System\YQBXYLM.exe
  C:\Windows\System\YQBXYLM.exe
  2⤵
  PID:6328
- C:\Windows\System\yXtFfVW.exe
  C:\Windows\System\yXtFfVW.exe
  2⤵
  PID:6356
- C:\Windows\System\VZafehX.exe
  C:\Windows\System\VZafehX.exe
  2⤵
  PID:6392
- C:\Windows\System\IENFANv.exe
  C:\Windows\System\IENFANv.exe
  2⤵
  PID:6424
- C:\Windows\System\teteOpV.exe
  C:\Windows\System\teteOpV.exe
  2⤵
  PID:6448
- C:\Windows\System\zXJuUee.exe
  C:\Windows\System\zXJuUee.exe
  2⤵
  PID:6508
- C:\Windows\System\osZekJe.exe
  C:\Windows\System\osZekJe.exe
  2⤵
  PID:6552
- C:\Windows\System\rFGuPik.exe
  C:\Windows\System\rFGuPik.exe
  2⤵
  PID:6584
- C:\Windows\System\NtlAfzh.exe
  C:\Windows\System\NtlAfzh.exe
  2⤵
  PID:6608
- C:\Windows\System\vxrlNRo.exe
  C:\Windows\System\vxrlNRo.exe
  2⤵
  PID:6636
- C:\Windows\System\PcuNajv.exe
  C:\Windows\System\PcuNajv.exe
  2⤵
  PID:6672
- C:\Windows\System\SOeRZQT.exe
  C:\Windows\System\SOeRZQT.exe
  2⤵
  PID:6688
- C:\Windows\System\jZjXdRR.exe
  C:\Windows\System\jZjXdRR.exe
  2⤵
  PID:6716
- C:\Windows\System\LrSzFEG.exe
  C:\Windows\System\LrSzFEG.exe
  2⤵
  PID:6748
- C:\Windows\System\uDhlLgq.exe
  C:\Windows\System\uDhlLgq.exe
  2⤵
  PID:6780
- C:\Windows\System\bHLkcsK.exe
  C:\Windows\System\bHLkcsK.exe
  2⤵
  PID:6808
- C:\Windows\System\DRswErK.exe
  C:\Windows\System\DRswErK.exe
  2⤵
  PID:6836
- C:\Windows\System\NgbcnVY.exe
  C:\Windows\System\NgbcnVY.exe
  2⤵
  PID:6860
- C:\Windows\System\VaKSvqn.exe
  C:\Windows\System\VaKSvqn.exe
  2⤵
  PID:6896
- C:\Windows\System\wRwpRJG.exe
  C:\Windows\System\wRwpRJG.exe
  2⤵
  PID:6928
- C:\Windows\System\VlqNLAR.exe
  C:\Windows\System\VlqNLAR.exe
  2⤵
  PID:6948
- C:\Windows\System\tjccaCP.exe
  C:\Windows\System\tjccaCP.exe
  2⤵
  PID:6980
- C:\Windows\System\bfffUUd.exe
  C:\Windows\System\bfffUUd.exe
  2⤵
  PID:7008
- C:\Windows\System\HIzMCWW.exe
  C:\Windows\System\HIzMCWW.exe
  2⤵
  PID:7040
- C:\Windows\System\nqKwepd.exe
  C:\Windows\System\nqKwepd.exe
  2⤵
  PID:7064
- C:\Windows\System\OoXVNgl.exe
  C:\Windows\System\OoXVNgl.exe
  2⤵
  PID:7096
- C:\Windows\System\LoNQjDa.exe
  C:\Windows\System\LoNQjDa.exe
  2⤵
  PID:7124
- C:\Windows\System\yAbjhxW.exe
  C:\Windows\System\yAbjhxW.exe
  2⤵
  PID:7148
- C:\Windows\System\SYPtWYv.exe
  C:\Windows\System\SYPtWYv.exe
  2⤵
  PID:6164
- C:\Windows\System\TiUdsMX.exe
  C:\Windows\System\TiUdsMX.exe
  2⤵
  PID:6248
- C:\Windows\System\QMuBVIS.exe
  C:\Windows\System\QMuBVIS.exe
  2⤵
  PID:6300
- C:\Windows\System\nsxgBFm.exe
  C:\Windows\System\nsxgBFm.exe
  2⤵
  PID:6376
- C:\Windows\System\dOSWvqc.exe
  C:\Windows\System\dOSWvqc.exe
  2⤵
  PID:5132
- C:\Windows\System\kIiQgJo.exe
  C:\Windows\System\kIiQgJo.exe
  2⤵
  PID:6460
- C:\Windows\System\HrHXwvK.exe
  C:\Windows\System\HrHXwvK.exe
  2⤵
  PID:3936
- C:\Windows\System\hFEjOGC.exe
  C:\Windows\System\hFEjOGC.exe
  2⤵
  PID:2008
- C:\Windows\System\lQfzBNn.exe
  C:\Windows\System\lQfzBNn.exe
  2⤵
  PID:6564
- C:\Windows\System\SDhgDua.exe
  C:\Windows\System\SDhgDua.exe
  2⤵
  PID:2860
- C:\Windows\System\kjkQDSs.exe
  C:\Windows\System\kjkQDSs.exe
  2⤵
  PID:6652
- C:\Windows\System\tdYfEjO.exe
  C:\Windows\System\tdYfEjO.exe
  2⤵
  PID:6764
- C:\Windows\System\TADCGJl.exe
  C:\Windows\System\TADCGJl.exe
  2⤵
  PID:6868
- C:\Windows\System\ZYiUViP.exe
  C:\Windows\System\ZYiUViP.exe
  2⤵
  PID:6936
- C:\Windows\System\gYAugaJ.exe
  C:\Windows\System\gYAugaJ.exe
  2⤵
  PID:6964
- C:\Windows\System\WwLHiry.exe
  C:\Windows\System\WwLHiry.exe
  2⤵
  PID:7020
- C:\Windows\System\LPwoadw.exe
  C:\Windows\System\LPwoadw.exe
  2⤵
  PID:7132
- C:\Windows\System\iQWisLr.exe
  C:\Windows\System\iQWisLr.exe
  2⤵
  PID:6324
- C:\Windows\System\eEUCnhY.exe
  C:\Windows\System\eEUCnhY.exe
  2⤵
  PID:6440
- C:\Windows\System\sdAItfK.exe
  C:\Windows\System\sdAItfK.exe
  2⤵
  PID:4276
- C:\Windows\System\yZcCurO.exe
  C:\Windows\System\yZcCurO.exe
  2⤵
  PID:4520
- C:\Windows\System\olGKGIb.exe
  C:\Windows\System\olGKGIb.exe
  2⤵
  PID:6824
- C:\Windows\System\OnLkhcL.exe
  C:\Windows\System\OnLkhcL.exe
  2⤵
  PID:7016
- C:\Windows\System\dURmpwz.exe
  C:\Windows\System\dURmpwz.exe
  2⤵
  PID:6200
- C:\Windows\System\ZUkjmJV.exe
  C:\Windows\System\ZUkjmJV.exe
  2⤵
  PID:6120
- C:\Windows\System\ojXjbGh.exe
  C:\Windows\System\ojXjbGh.exe
  2⤵
  PID:2056
- C:\Windows\System\jLymPnG.exe
  C:\Windows\System\jLymPnG.exe
  2⤵
  PID:1932
- C:\Windows\System\vheCRNs.exe
  C:\Windows\System\vheCRNs.exe
  2⤵
  PID:7072
- C:\Windows\System\Ksoacpg.exe
  C:\Windows\System\Ksoacpg.exe
  2⤵
  PID:2628
- C:\Windows\System\YrzbOGY.exe
  C:\Windows\System\YrzbOGY.exe
  2⤵
  PID:6880
- C:\Windows\System\aIjLYSn.exe
  C:\Windows\System\aIjLYSn.exe
  2⤵
  PID:6348
- C:\Windows\System\oHwtJql.exe
  C:\Windows\System\oHwtJql.exe
  2⤵
  PID:7120
- C:\Windows\System\rHmCRxY.exe
  C:\Windows\System\rHmCRxY.exe
  2⤵
  PID:6576
- C:\Windows\System\adqkJiG.exe
  C:\Windows\System\adqkJiG.exe
  2⤵
  PID:7200
- C:\Windows\System\QhRSvID.exe
  C:\Windows\System\QhRSvID.exe
  2⤵
  PID:7232
- C:\Windows\System\YBeCkTr.exe
  C:\Windows\System\YBeCkTr.exe
  2⤵
  PID:7268
- C:\Windows\System\OKCXQCC.exe
  C:\Windows\System\OKCXQCC.exe
  2⤵
  PID:7296
- C:\Windows\System\xVozzdR.exe
  C:\Windows\System\xVozzdR.exe
  2⤵
  PID:7324
- C:\Windows\System\Mpzrjae.exe
  C:\Windows\System\Mpzrjae.exe
  2⤵
  PID:7348
- C:\Windows\System\GRXTfqp.exe
  C:\Windows\System\GRXTfqp.exe
  2⤵
  PID:7376
- C:\Windows\System\bHUlYGZ.exe
  C:\Windows\System\bHUlYGZ.exe
  2⤵
  PID:7404
- C:\Windows\System\KyvdeSr.exe
  C:\Windows\System\KyvdeSr.exe
  2⤵
  PID:7432
- C:\Windows\System\hBPdsEY.exe
  C:\Windows\System\hBPdsEY.exe
  2⤵
  PID:7460
- C:\Windows\System\tKmEwKf.exe
  C:\Windows\System\tKmEwKf.exe
  2⤵
  PID:7488
- C:\Windows\System\CEAMiPB.exe
  C:\Windows\System\CEAMiPB.exe
  2⤵
  PID:7516
- C:\Windows\System\csOGwtK.exe
  C:\Windows\System\csOGwtK.exe
  2⤵
  PID:7544
- C:\Windows\System\BtKzAyJ.exe
  C:\Windows\System\BtKzAyJ.exe
  2⤵
  PID:7576
- C:\Windows\System\oznmRNM.exe
  C:\Windows\System\oznmRNM.exe
  2⤵
  PID:7604
- C:\Windows\System\BCTwDag.exe
  C:\Windows\System\BCTwDag.exe
  2⤵
  PID:7632
- C:\Windows\System\HmUaAcq.exe
  C:\Windows\System\HmUaAcq.exe
  2⤵
  PID:7652
- C:\Windows\System\nmoAjmN.exe
  C:\Windows\System\nmoAjmN.exe
  2⤵
  PID:7680
- C:\Windows\System\YrJTBHy.exe
  C:\Windows\System\YrJTBHy.exe
  2⤵
  PID:7724
- C:\Windows\System\DITnYzm.exe
  C:\Windows\System\DITnYzm.exe
  2⤵
  PID:7748
- C:\Windows\System\RzMRCaC.exe
  C:\Windows\System\RzMRCaC.exe
  2⤵
  PID:7780
- C:\Windows\System\ALCAeJF.exe
  C:\Windows\System\ALCAeJF.exe
  2⤵
  PID:7808
- C:\Windows\System\lEdbuES.exe
  C:\Windows\System\lEdbuES.exe
  2⤵
  PID:7832
- C:\Windows\System\dHvssnk.exe
  C:\Windows\System\dHvssnk.exe
  2⤵
  PID:7864
- C:\Windows\System\brNLmjt.exe
  C:\Windows\System\brNLmjt.exe
  2⤵
  PID:7892
- C:\Windows\System\xpzufZX.exe
  C:\Windows\System\xpzufZX.exe
  2⤵
  PID:7924
- C:\Windows\System\VBXydLQ.exe
  C:\Windows\System\VBXydLQ.exe
  2⤵
  PID:7948
- C:\Windows\System\FYzCJtW.exe
  C:\Windows\System\FYzCJtW.exe
  2⤵
  PID:7968
- C:\Windows\System\FRpnALM.exe
  C:\Windows\System\FRpnALM.exe
  2⤵
  PID:7996
- C:\Windows\System\eYyohlc.exe
  C:\Windows\System\eYyohlc.exe
  2⤵
  PID:8024
- C:\Windows\System\DRTkCjM.exe
  C:\Windows\System\DRTkCjM.exe
  2⤵
  PID:8052
- C:\Windows\System\nVYJmui.exe
  C:\Windows\System\nVYJmui.exe
  2⤵
  PID:8092
- C:\Windows\System\iTOQFip.exe
  C:\Windows\System\iTOQFip.exe
  2⤵
  PID:8112
- C:\Windows\System\nowVmUJ.exe
  C:\Windows\System\nowVmUJ.exe
  2⤵
  PID:8156
- C:\Windows\System\rnCVgLk.exe
  C:\Windows\System\rnCVgLk.exe
  2⤵
  PID:8172
- C:\Windows\System\zfuQmRC.exe
  C:\Windows\System\zfuQmRC.exe
  2⤵
  PID:8188
- C:\Windows\System\rieAxhI.exe
  C:\Windows\System\rieAxhI.exe
  2⤵
  PID:7224
- C:\Windows\System\TfBDfLY.exe
  C:\Windows\System\TfBDfLY.exe
  2⤵
  PID:7332
- C:\Windows\System\rPHFrlH.exe
  C:\Windows\System\rPHFrlH.exe
  2⤵
  PID:7388
- C:\Windows\System\MZHFnDE.exe
  C:\Windows\System\MZHFnDE.exe
  2⤵
  PID:7452
- C:\Windows\System\hFjxROL.exe
  C:\Windows\System\hFjxROL.exe
  2⤵
  PID:7528
- C:\Windows\System\KbzZHuL.exe
  C:\Windows\System\KbzZHuL.exe
  2⤵
  PID:1796
- C:\Windows\System\hwayLnM.exe
  C:\Windows\System\hwayLnM.exe
  2⤵
  PID:7612
- C:\Windows\System\RAflzib.exe
  C:\Windows\System\RAflzib.exe
  2⤵
  PID:7704
- C:\Windows\System\sIEAbeE.exe
  C:\Windows\System\sIEAbeE.exe
  2⤵
  PID:7760
- C:\Windows\System\mcslKlc.exe
  C:\Windows\System\mcslKlc.exe
  2⤵
  PID:4768
- C:\Windows\System\DjAyXMM.exe
  C:\Windows\System\DjAyXMM.exe
  2⤵
  PID:7880
- C:\Windows\System\vaPxfhI.exe
  C:\Windows\System\vaPxfhI.exe
  2⤵
  PID:7956
- C:\Windows\System\CUKlGte.exe
  C:\Windows\System\CUKlGte.exe
  2⤵
  PID:7992
- C:\Windows\System\VZKtilK.exe
  C:\Windows\System\VZKtilK.exe
  2⤵
  PID:8044
- C:\Windows\System\RkitPbI.exe
  C:\Windows\System\RkitPbI.exe
  2⤵
  PID:8104
- C:\Windows\System\OTzTbTC.exe
  C:\Windows\System\OTzTbTC.exe
  2⤵
  PID:8180
- C:\Windows\System\IbfGTSa.exe
  C:\Windows\System\IbfGTSa.exe
  2⤵
  PID:4904
- C:\Windows\System\SRplCpT.exe
  C:\Windows\System\SRplCpT.exe
  2⤵
  PID:4060
- C:\Windows\System\cskYwUO.exe
  C:\Windows\System\cskYwUO.exe
  2⤵
  PID:6516
- C:\Windows\System\dutdsVm.exe
  C:\Windows\System\dutdsVm.exe
  2⤵
  PID:6020
- C:\Windows\System\dpcwWTP.exe
  C:\Windows\System\dpcwWTP.exe
  2⤵
  PID:4532
- C:\Windows\System\CsWLbUp.exe
  C:\Windows\System\CsWLbUp.exe
  2⤵
  PID:5060
- C:\Windows\System\vwdYzZl.exe
  C:\Windows\System\vwdYzZl.exe
  2⤵
  PID:1044
- C:\Windows\System\BrDcGLb.exe
  C:\Windows\System\BrDcGLb.exe
  2⤵
  PID:7788
- C:\Windows\System\JhPRRQG.exe
  C:\Windows\System\JhPRRQG.exe
  2⤵
  PID:7176
- C:\Windows\System\UDLQFkN.exe
  C:\Windows\System\UDLQFkN.exe
  2⤵
  PID:5236
- C:\Windows\System\nvMPXXs.exe
  C:\Windows\System\nvMPXXs.exe
  2⤵
  PID:8164
- C:\Windows\System\reBKguO.exe
  C:\Windows\System\reBKguO.exe
  2⤵
  PID:7368
- C:\Windows\System\OHqrAef.exe
  C:\Windows\System\OHqrAef.exe
  2⤵
  PID:7588
- C:\Windows\System\VreuqfV.exe
  C:\Windows\System\VreuqfV.exe
  2⤵
  PID:3036
- C:\Windows\System\YDzJISS.exe
  C:\Windows\System\YDzJISS.exe
  2⤵
  PID:7756
- C:\Windows\System\PihJHFt.exe
  C:\Windows\System\PihJHFt.exe
  2⤵
  PID:8016
- C:\Windows\System\UOAFJie.exe
  C:\Windows\System\UOAFJie.exe
  2⤵
  PID:6816
- C:\Windows\System\xaKvsfL.exe
  C:\Windows\System\xaKvsfL.exe
  2⤵
  PID:2316
- C:\Windows\System\izwwWjs.exe
  C:\Windows\System\izwwWjs.exe
  2⤵
  PID:7980
- C:\Windows\System\aYFhfpb.exe
  C:\Windows\System\aYFhfpb.exe
  2⤵
  PID:2876
- C:\Windows\System\sHpzEmw.exe
  C:\Windows\System\sHpzEmw.exe
  2⤵
  PID:3276
- C:\Windows\System\TVKoRJd.exe
  C:\Windows\System\TVKoRJd.exe
  2⤵
  PID:8200
- C:\Windows\System\zrEjzAV.exe
  C:\Windows\System\zrEjzAV.exe
  2⤵
  PID:8228
- C:\Windows\System\dAynynW.exe
  C:\Windows\System\dAynynW.exe
  2⤵
  PID:8264
- C:\Windows\System\lGXbNcb.exe
  C:\Windows\System\lGXbNcb.exe
  2⤵
  PID:8284
- C:\Windows\System\CAtbaNU.exe
  C:\Windows\System\CAtbaNU.exe
  2⤵
  PID:8320
- C:\Windows\System\oJQyWmj.exe
  C:\Windows\System\oJQyWmj.exe
  2⤵
  PID:8340
- C:\Windows\System\CjRFilv.exe
  C:\Windows\System\CjRFilv.exe
  2⤵
  PID:8376
- C:\Windows\System\BzOPYcL.exe
  C:\Windows\System\BzOPYcL.exe
  2⤵
  PID:8396
- C:\Windows\System\YwVrdtf.exe
  C:\Windows\System\YwVrdtf.exe
  2⤵
  PID:8432
- C:\Windows\System\RCnCgIk.exe
  C:\Windows\System\RCnCgIk.exe
  2⤵
  PID:8452
- C:\Windows\System\qdpalji.exe
  C:\Windows\System\qdpalji.exe
  2⤵
  PID:8480
- C:\Windows\System\VZhYIML.exe
  C:\Windows\System\VZhYIML.exe
  2⤵
  PID:8516
- C:\Windows\System\tmRoGEg.exe
  C:\Windows\System\tmRoGEg.exe
  2⤵
  PID:8544
- C:\Windows\System\tsVksen.exe
  C:\Windows\System\tsVksen.exe
  2⤵
  PID:8572
- C:\Windows\System\dhQQHHH.exe
  C:\Windows\System\dhQQHHH.exe
  2⤵
  PID:8604
- C:\Windows\System\PRyNdkk.exe
  C:\Windows\System\PRyNdkk.exe
  2⤵
  PID:8624
- C:\Windows\System\MmbNQjA.exe
  C:\Windows\System\MmbNQjA.exe
  2⤵
  PID:8652
- C:\Windows\System\fitALOR.exe
  C:\Windows\System\fitALOR.exe
  2⤵
  PID:8680
- C:\Windows\System\WcXUBAT.exe
  C:\Windows\System\WcXUBAT.exe
  2⤵
  PID:8708
- C:\Windows\System\kdQZaMm.exe
  C:\Windows\System\kdQZaMm.exe
  2⤵
  PID:8744
- C:\Windows\System\IBamOTC.exe
  C:\Windows\System\IBamOTC.exe
  2⤵
  PID:8764
- C:\Windows\System\xgvcwAs.exe
  C:\Windows\System\xgvcwAs.exe
  2⤵
  PID:8792
- C:\Windows\System\RaBBctv.exe
  C:\Windows\System\RaBBctv.exe
  2⤵
  PID:8828
- C:\Windows\System\zlfvjIg.exe
  C:\Windows\System\zlfvjIg.exe
  2⤵
  PID:8848
- C:\Windows\System\SpXJgdk.exe
  C:\Windows\System\SpXJgdk.exe
  2⤵
  PID:8876
- C:\Windows\System\vxvaNnR.exe
  C:\Windows\System\vxvaNnR.exe
  2⤵
  PID:8904
- C:\Windows\System\imdUGXK.exe
  C:\Windows\System\imdUGXK.exe
  2⤵
  PID:8940
- C:\Windows\System\OvDBrLD.exe
  C:\Windows\System\OvDBrLD.exe
  2⤵
  PID:8960
- C:\Windows\System\CmCWrNT.exe
  C:\Windows\System\CmCWrNT.exe
  2⤵
  PID:8996
- C:\Windows\System\cqhMsTQ.exe
  C:\Windows\System\cqhMsTQ.exe
  2⤵
  PID:9016
- C:\Windows\System\PWMfEfY.exe
  C:\Windows\System\PWMfEfY.exe
  2⤵
  PID:9044
- C:\Windows\System\xFMgzOl.exe
  C:\Windows\System\xFMgzOl.exe
  2⤵
  PID:9072
- C:\Windows\System\YfXWuEa.exe
  C:\Windows\System\YfXWuEa.exe
  2⤵
  PID:9112
- C:\Windows\System\JraVFsK.exe
  C:\Windows\System\JraVFsK.exe
  2⤵
  PID:9128
- C:\Windows\System\xBXnFMf.exe
  C:\Windows\System\xBXnFMf.exe
  2⤵
  PID:9164
- C:\Windows\System\LFPOLDF.exe
  C:\Windows\System\LFPOLDF.exe
  2⤵
  PID:9188
- C:\Windows\System\GheigPA.exe
  C:\Windows\System\GheigPA.exe
  2⤵
  PID:7264
- C:\Windows\System\WxYXfdP.exe
  C:\Windows\System\WxYXfdP.exe
  2⤵
  PID:8248
- C:\Windows\System\zFvaFXC.exe
  C:\Windows\System\zFvaFXC.exe
  2⤵
  PID:8304
- C:\Windows\System\BKZtHPh.exe
  C:\Windows\System\BKZtHPh.exe
  2⤵
  PID:8352
- C:\Windows\System\ABVgrLn.exe
  C:\Windows\System\ABVgrLn.exe
  2⤵
  PID:6132
- C:\Windows\System\icdyEUQ.exe
  C:\Windows\System\icdyEUQ.exe
  2⤵
  PID:8464
- C:\Windows\System\cCdLnin.exe
  C:\Windows\System\cCdLnin.exe
  2⤵
  PID:2416
- C:\Windows\System\cqdPdhd.exe
  C:\Windows\System\cqdPdhd.exe
  2⤵
  PID:8588
- C:\Windows\System\AhGsEag.exe
  C:\Windows\System\AhGsEag.exe
  2⤵
  PID:8636
- C:\Windows\System\IoOUwMK.exe
  C:\Windows\System\IoOUwMK.exe
  2⤵
  PID:864
- C:\Windows\System\FUEbsmm.exe
  C:\Windows\System\FUEbsmm.exe
  2⤵
  PID:8720
- C:\Windows\System\JpfLmnj.exe
  C:\Windows\System\JpfLmnj.exe
  2⤵
  PID:8784
- C:\Windows\System\VdnYRjH.exe
  C:\Windows\System\VdnYRjH.exe
  2⤵
  PID:8816
- C:\Windows\System\WDkzkWy.exe
  C:\Windows\System\WDkzkWy.exe
  2⤵
  PID:8916
- C:\Windows\System\zTsZnwe.exe
  C:\Windows\System\zTsZnwe.exe
  2⤵
  PID:8980
- C:\Windows\System\TQkbJos.exe
  C:\Windows\System\TQkbJos.exe
  2⤵
  PID:9012
- C:\Windows\System\BjPvzpU.exe
  C:\Windows\System\BjPvzpU.exe
  2⤵
  PID:9108
- C:\Windows\System\RtIERxQ.exe
  C:\Windows\System\RtIERxQ.exe
  2⤵
  PID:9148
- C:\Windows\System\GJVKeQv.exe
  C:\Windows\System\GJVKeQv.exe
  2⤵
  PID:5340
- C:\Windows\System\VaZscdo.exe
  C:\Windows\System\VaZscdo.exe
  2⤵
  PID:8332
- C:\Windows\System\utDGQvg.exe
  C:\Windows\System\utDGQvg.exe
  2⤵
  PID:8408
- C:\Windows\System\URCYWjk.exe
  C:\Windows\System\URCYWjk.exe
  2⤵
  PID:8560
- C:\Windows\System\egMrbPp.exe
  C:\Windows\System\egMrbPp.exe
  2⤵
  PID:1652
- C:\Windows\System\PoZUREb.exe
  C:\Windows\System\PoZUREb.exe
  2⤵
  PID:8812
- C:\Windows\System\BNNNygg.exe
  C:\Windows\System\BNNNygg.exe
  2⤵
  PID:5056
- C:\Windows\System\EMTrOvI.exe
  C:\Windows\System\EMTrOvI.exe
  2⤵
  PID:9008
- C:\Windows\System\hJOmtmx.exe
  C:\Windows\System\hJOmtmx.exe
  2⤵
  PID:9144
- C:\Windows\System\sOpsixj.exe
  C:\Windows\System\sOpsixj.exe
  2⤵
  PID:8276
- C:\Windows\System\VdncxzS.exe
  C:\Windows\System\VdncxzS.exe
  2⤵
  PID:4644
- C:\Windows\System\FIWncAO.exe
  C:\Windows\System\FIWncAO.exe
  2⤵
  PID:8868
- C:\Windows\System\vKvcxyg.exe
  C:\Windows\System\vKvcxyg.exe
  2⤵
  PID:9064
- C:\Windows\System\TRIZpkf.exe
  C:\Windows\System\TRIZpkf.exe
  2⤵
  PID:8524
- C:\Windows\System\ZMvuNjZ.exe
  C:\Windows\System\ZMvuNjZ.exe
  2⤵
  PID:9204
- C:\Windows\System\ymwoXmO.exe
  C:\Windows\System\ymwoXmO.exe
  2⤵
  PID:8972
- C:\Windows\System\IDDbsON.exe
  C:\Windows\System\IDDbsON.exe
  2⤵
  PID:9232
- C:\Windows\System\sNHvLXd.exe
  C:\Windows\System\sNHvLXd.exe
  2⤵
  PID:9260
- C:\Windows\System\FmrGJSn.exe
  C:\Windows\System\FmrGJSn.exe
  2⤵
  PID:9288
- C:\Windows\System\vZntOWO.exe
  C:\Windows\System\vZntOWO.exe
  2⤵
  PID:9324
- C:\Windows\System\AbzyGOb.exe
  C:\Windows\System\AbzyGOb.exe
  2⤵
  PID:9344
- C:\Windows\System\ZTjHfUs.exe
  C:\Windows\System\ZTjHfUs.exe
  2⤵
  PID:9372
- C:\Windows\System\oCLSRvE.exe
  C:\Windows\System\oCLSRvE.exe
  2⤵
  PID:9400
- C:\Windows\System\ahpoZsW.exe
  C:\Windows\System\ahpoZsW.exe
  2⤵
  PID:9436
- C:\Windows\System\NvvlcJU.exe
  C:\Windows\System\NvvlcJU.exe
  2⤵
  PID:9464
- C:\Windows\System\aAFtMoc.exe
  C:\Windows\System\aAFtMoc.exe
  2⤵
  PID:9484
- C:\Windows\System\TiFdLLc.exe
  C:\Windows\System\TiFdLLc.exe
  2⤵
  PID:9512
- C:\Windows\System\VPLbSGl.exe
  C:\Windows\System\VPLbSGl.exe
  2⤵
  PID:9540
- C:\Windows\System\lxqEQbp.exe
  C:\Windows\System\lxqEQbp.exe
  2⤵
  PID:9568
- C:\Windows\System\UFgsaDz.exe
  C:\Windows\System\UFgsaDz.exe
  2⤵
  PID:9596
- C:\Windows\System\TgNbzse.exe
  C:\Windows\System\TgNbzse.exe
  2⤵
  PID:9632
- C:\Windows\System\qVqmmll.exe
  C:\Windows\System\qVqmmll.exe
  2⤵
  PID:9652
- C:\Windows\System\DuYyoWo.exe
  C:\Windows\System\DuYyoWo.exe
  2⤵
  PID:9680
- C:\Windows\System\zlscIFA.exe
  C:\Windows\System\zlscIFA.exe
  2⤵
  PID:9716
- C:\Windows\System\mMDWpJp.exe
  C:\Windows\System\mMDWpJp.exe
  2⤵
  PID:9748
- C:\Windows\System\bLWEsVE.exe
  C:\Windows\System\bLWEsVE.exe
  2⤵
  PID:9768
- C:\Windows\System\wSLOCVf.exe
  C:\Windows\System\wSLOCVf.exe
  2⤵
  PID:9796
- C:\Windows\System\NYwqMKF.exe
  C:\Windows\System\NYwqMKF.exe
  2⤵
  PID:9824
- C:\Windows\System\iZCrmQv.exe
  C:\Windows\System\iZCrmQv.exe
  2⤵
  PID:9852
- C:\Windows\System\sPCLeVb.exe
  C:\Windows\System\sPCLeVb.exe
  2⤵
  PID:9880
- C:\Windows\System\yGOWWMH.exe
  C:\Windows\System\yGOWWMH.exe
  2⤵
  PID:9908
- C:\Windows\System\gCwOiNI.exe
  C:\Windows\System\gCwOiNI.exe
  2⤵
  PID:9936
- C:\Windows\System\qSAFiXI.exe
  C:\Windows\System\qSAFiXI.exe
  2⤵
  PID:9964
- C:\Windows\System\tGvFZaj.exe
  C:\Windows\System\tGvFZaj.exe
  2⤵
  PID:9992
- C:\Windows\System\HYWsqRz.exe
  C:\Windows\System\HYWsqRz.exe
  2⤵
  PID:10020
- C:\Windows\System\rljAWmx.exe
  C:\Windows\System\rljAWmx.exe
  2⤵
  PID:10052
- C:\Windows\System\wQozTJN.exe
  C:\Windows\System\wQozTJN.exe
  2⤵
  PID:10084
- C:\Windows\System\XMAPgxU.exe
  C:\Windows\System\XMAPgxU.exe
  2⤵
  PID:10104
- C:\Windows\System\ybIkCyn.exe
  C:\Windows\System\ybIkCyn.exe
  2⤵
  PID:10132
- C:\Windows\System\exzlhMm.exe
  C:\Windows\System\exzlhMm.exe
  2⤵
  PID:10160
- C:\Windows\System\ngqVPjk.exe
  C:\Windows\System\ngqVPjk.exe
  2⤵
  PID:10188
- C:\Windows\System\PidouXP.exe
  C:\Windows\System\PidouXP.exe
  2⤵
  PID:10216
- C:\Windows\System\dnmZYdJ.exe
  C:\Windows\System\dnmZYdJ.exe
  2⤵
  PID:9224
- C:\Windows\System\EHkQmyj.exe
  C:\Windows\System\EHkQmyj.exe
  2⤵
  PID:9280
- C:\Windows\System\gyxymGP.exe
  C:\Windows\System\gyxymGP.exe
  2⤵
  PID:9364
- C:\Windows\System\jLXrbAz.exe
  C:\Windows\System\jLXrbAz.exe
  2⤵
  PID:9396
- C:\Windows\System\ZdTCvZd.exe
  C:\Windows\System\ZdTCvZd.exe
  2⤵
  PID:9472
- C:\Windows\System\yvKIRXL.exe
  C:\Windows\System\yvKIRXL.exe
  2⤵
  PID:9508
- C:\Windows\System\YxBXKAZ.exe
  C:\Windows\System\YxBXKAZ.exe
  2⤵
  PID:9592
- C:\Windows\System\qVaGSlC.exe
  C:\Windows\System\qVaGSlC.exe
  2⤵
  PID:9640
- C:\Windows\System\DBpIpZj.exe
  C:\Windows\System\DBpIpZj.exe
  2⤵
  PID:9700
- C:\Windows\System\gmrbtdg.exe
  C:\Windows\System\gmrbtdg.exe
  2⤵
  PID:9760
- C:\Windows\System\QcxNUOR.exe
  C:\Windows\System\QcxNUOR.exe
  2⤵
  PID:9836
- C:\Windows\System\ZESzKSS.exe
  C:\Windows\System\ZESzKSS.exe
  2⤵
  PID:9892
- C:\Windows\System\aTvERoT.exe
  C:\Windows\System\aTvERoT.exe
  2⤵
  PID:9956
- C:\Windows\System\hbrlwMv.exe
  C:\Windows\System\hbrlwMv.exe
  2⤵
  PID:10016
- C:\Windows\System\snujwZh.exe
  C:\Windows\System\snujwZh.exe
  2⤵
  PID:10092
- C:\Windows\System\sjZtCtF.exe
  C:\Windows\System\sjZtCtF.exe
  2⤵
  PID:10152
- C:\Windows\System\uHqmztz.exe
  C:\Windows\System\uHqmztz.exe
  2⤵
  PID:10212
- C:\Windows\System\uoArTNu.exe
  C:\Windows\System\uoArTNu.exe
  2⤵
  PID:9308
- C:\Windows\System\iqehYYb.exe
  C:\Windows\System\iqehYYb.exe
  2⤵
  PID:9480
- C:\Windows\System\UFukZTB.exe
  C:\Windows\System\UFukZTB.exe
  2⤵
  PID:9588
- C:\Windows\System\cFxjYES.exe
  C:\Windows\System\cFxjYES.exe
  2⤵
  PID:9728
- C:\Windows\System\OeJTVcW.exe
  C:\Windows\System\OeJTVcW.exe
  2⤵
  PID:9872
- C:\Windows\System\TsVEjbd.exe
  C:\Windows\System\TsVEjbd.exe
  2⤵
  PID:10004
- C:\Windows\System\vllsTaT.exe
  C:\Windows\System\vllsTaT.exe
  2⤵
  PID:10144
- C:\Windows\System\aKokpoI.exe
  C:\Windows\System\aKokpoI.exe
  2⤵
  PID:3016
- C:\Windows\System\ICjrzyO.exe
  C:\Windows\System\ICjrzyO.exe
  2⤵
  PID:9620
- C:\Windows\System\iKNcnhX.exe
  C:\Windows\System\iKNcnhX.exe
  2⤵
  PID:9948
- C:\Windows\System\XbTOweL.exe
  C:\Windows\System\XbTOweL.exe
  2⤵
  PID:9272
- C:\Windows\System\SvPWssm.exe
  C:\Windows\System\SvPWssm.exe
  2⤵
  PID:10116
- C:\Windows\System\HqCmDyQ.exe
  C:\Windows\System\HqCmDyQ.exe
  2⤵
  PID:9920
- C:\Windows\System\iUaLkhr.exe
  C:\Windows\System\iUaLkhr.exe
  2⤵
  PID:10276
- C:\Windows\System\YkMKNuX.exe
  C:\Windows\System\YkMKNuX.exe
  2⤵
  PID:10308
- C:\Windows\System\vakmbxi.exe
  C:\Windows\System\vakmbxi.exe
  2⤵
  PID:10328
- C:\Windows\System\FxHKJyD.exe
  C:\Windows\System\FxHKJyD.exe
  2⤵
  PID:10368
- C:\Windows\System\hEpMNZJ.exe
  C:\Windows\System\hEpMNZJ.exe
  2⤵
  PID:10396
- C:\Windows\System\yxsCnyG.exe
  C:\Windows\System\yxsCnyG.exe
  2⤵
  PID:10416
- C:\Windows\System\lYzubxh.exe
  C:\Windows\System\lYzubxh.exe
  2⤵
  PID:10440
- C:\Windows\System\qAjIAEN.exe
  C:\Windows\System\qAjIAEN.exe
  2⤵
  PID:10468
- C:\Windows\System\uGQCEQL.exe
  C:\Windows\System\uGQCEQL.exe
  2⤵
  PID:10496
- C:\Windows\System\XXrnoIs.exe
  C:\Windows\System\XXrnoIs.exe
  2⤵
  PID:10524
- C:\Windows\System\WoVyImt.exe
  C:\Windows\System\WoVyImt.exe
  2⤵
  PID:10552
- C:\Windows\System\bRhDcvv.exe
  C:\Windows\System\bRhDcvv.exe
  2⤵
  PID:10584
- C:\Windows\System\RgjOhVT.exe
  C:\Windows\System\RgjOhVT.exe
  2⤵
  PID:10616
- C:\Windows\System\VjoHbur.exe
  C:\Windows\System\VjoHbur.exe
  2⤵
  PID:10636
- C:\Windows\System\lqYYHJI.exe
  C:\Windows\System\lqYYHJI.exe
  2⤵
  PID:10664
- C:\Windows\System\EjDTSaO.exe
  C:\Windows\System\EjDTSaO.exe
  2⤵
  PID:10692
- C:\Windows\System\tkIXgRe.exe
  C:\Windows\System\tkIXgRe.exe
  2⤵
  PID:10720
- C:\Windows\System\jsmaNsT.exe
  C:\Windows\System\jsmaNsT.exe
  2⤵
  PID:10748
- C:\Windows\System\QUZHmXx.exe
  C:\Windows\System\QUZHmXx.exe
  2⤵
  PID:10776
- C:\Windows\System\cwvYEXe.exe
  C:\Windows\System\cwvYEXe.exe
  2⤵
  PID:10804
- C:\Windows\System\lnxvyaY.exe
  C:\Windows\System\lnxvyaY.exe
  2⤵
  PID:10832
- C:\Windows\System\NOLfcLf.exe
  C:\Windows\System\NOLfcLf.exe
  2⤵
  PID:10860
- C:\Windows\System\VWCCbLt.exe
  C:\Windows\System\VWCCbLt.exe
  2⤵
  PID:10888
- C:\Windows\System\SyIPEDp.exe
  C:\Windows\System\SyIPEDp.exe
  2⤵
  PID:10928
- C:\Windows\System\UxCzFkd.exe
  C:\Windows\System\UxCzFkd.exe
  2⤵
  PID:10948
- C:\Windows\System\hgheTOv.exe
  C:\Windows\System\hgheTOv.exe
  2⤵
  PID:10976
- C:\Windows\System\jIkfEdt.exe
  C:\Windows\System\jIkfEdt.exe
  2⤵
  PID:11004
- C:\Windows\System\iVQKzTk.exe
  C:\Windows\System\iVQKzTk.exe
  2⤵
  PID:11032
- C:\Windows\System\otZetvL.exe
  C:\Windows\System\otZetvL.exe
  2⤵
  PID:11060
- C:\Windows\System\SsSJdhV.exe
  C:\Windows\System\SsSJdhV.exe
  2⤵
  PID:11096
- C:\Windows\System\aNWbJfQ.exe
  C:\Windows\System\aNWbJfQ.exe
  2⤵
  PID:11116
- C:\Windows\System\BitrPpf.exe
  C:\Windows\System\BitrPpf.exe
  2⤵
  PID:11148
- C:\Windows\System\uksNkIH.exe
  C:\Windows\System\uksNkIH.exe
  2⤵
  PID:11172
- C:\Windows\System\NlGLjoe.exe
  C:\Windows\System\NlGLjoe.exe
  2⤵
  PID:11200
- C:\Windows\System\LtvCxoA.exe
  C:\Windows\System\LtvCxoA.exe
  2⤵
  PID:11228
- C:\Windows\System\wdsyMUk.exe
  C:\Windows\System\wdsyMUk.exe
  2⤵
  PID:11256
- C:\Windows\System\rtIDICK.exe
  C:\Windows\System\rtIDICK.exe
  2⤵
  PID:10320
- C:\Windows\System\gbbNHYp.exe
  C:\Windows\System\gbbNHYp.exe
  2⤵
  PID:10352
- C:\Windows\System\JSACjhb.exe
  C:\Windows\System\JSACjhb.exe
  2⤵
  PID:10432
- C:\Windows\System\eDQJxXJ.exe
  C:\Windows\System\eDQJxXJ.exe
  2⤵
  PID:10492
- C:\Windows\System\ftxKgWV.exe
  C:\Windows\System\ftxKgWV.exe
  2⤵
  PID:10564
- C:\Windows\System\fDUafiU.exe
  C:\Windows\System\fDUafiU.exe
  2⤵
  PID:10628
- C:\Windows\System\lBVGCWO.exe
  C:\Windows\System\lBVGCWO.exe
  2⤵
  PID:10712
- C:\Windows\System\GUmymoI.exe
  C:\Windows\System\GUmymoI.exe
  2⤵
  PID:10760
- C:\Windows\System\gYbGWbK.exe
  C:\Windows\System\gYbGWbK.exe
  2⤵
  PID:10828
- C:\Windows\System\WxvicKd.exe
  C:\Windows\System\WxvicKd.exe
  2⤵
  PID:10884
- C:\Windows\System\KQZyyli.exe
  C:\Windows\System\KQZyyli.exe
  2⤵
  PID:10960
- C:\Windows\System\QxQbUrf.exe
  C:\Windows\System\QxQbUrf.exe
  2⤵
  PID:11024
- C:\Windows\System\RsWVWlh.exe
  C:\Windows\System\RsWVWlh.exe
  2⤵
  PID:11104
- C:\Windows\System\JgmJgha.exe
  C:\Windows\System\JgmJgha.exe
  2⤵
  PID:11156
- C:\Windows\System\BwntDjJ.exe
  C:\Windows\System\BwntDjJ.exe
  2⤵
  PID:11220
- C:\Windows\System\mxzPzft.exe
  C:\Windows\System\mxzPzft.exe
  2⤵
  PID:10316
- C:\Windows\System\ygDVOkr.exe
  C:\Windows\System\ygDVOkr.exe
  2⤵
  PID:10460
- C:\Windows\System\iZEYxqI.exe
  C:\Windows\System\iZEYxqI.exe
  2⤵
  PID:10604
- C:\Windows\System\wpVBesi.exe
  C:\Windows\System\wpVBesi.exe
  2⤵
  PID:10744
- C:\Windows\System\uYYloDz.exe
  C:\Windows\System\uYYloDz.exe
  2⤵
  PID:10912
- C:\Windows\System\pDfuLRX.exe
  C:\Windows\System\pDfuLRX.exe
  2⤵
  PID:11072
- C:\Windows\System\NJCBIFe.exe
  C:\Windows\System\NJCBIFe.exe
  2⤵
  PID:11212
- C:\Windows\System\PzEzgvQ.exe
  C:\Windows\System\PzEzgvQ.exe
  2⤵
  PID:10520
- C:\Windows\System\egTmuRV.exe
  C:\Windows\System\egTmuRV.exe
  2⤵
  PID:10880
- C:\Windows\System\KuxICHF.exe
  C:\Windows\System\KuxICHF.exe
  2⤵
  PID:11192
- C:\Windows\System\VfVuRFJ.exe
  C:\Windows\System\VfVuRFJ.exe
  2⤵
  PID:11016
- C:\Windows\System\AHLpOcy.exe
  C:\Windows\System\AHLpOcy.exe
  2⤵
  PID:10816
- C:\Windows\System\bvdEnlk.exe
  C:\Windows\System\bvdEnlk.exe
  2⤵
  PID:11288
- C:\Windows\System\AhisABu.exe
  C:\Windows\System\AhisABu.exe
  2⤵
  PID:11316
- C:\Windows\System\NKdbHfz.exe
  C:\Windows\System\NKdbHfz.exe
  2⤵
  PID:11344
- C:\Windows\System\oPvMEry.exe
  C:\Windows\System\oPvMEry.exe
  2⤵
  PID:11372
- C:\Windows\System\FCgzUZm.exe
  C:\Windows\System\FCgzUZm.exe
  2⤵
  PID:11400
- C:\Windows\System\scpvBfn.exe
  C:\Windows\System\scpvBfn.exe
  2⤵
  PID:11428
- C:\Windows\System\IeqjIDq.exe
  C:\Windows\System\IeqjIDq.exe
  2⤵
  PID:11456
- C:\Windows\System\hockNCJ.exe
  C:\Windows\System\hockNCJ.exe
  2⤵
  PID:11484
- C:\Windows\System\FjROUDf.exe
  C:\Windows\System\FjROUDf.exe
  2⤵
  PID:11512
- C:\Windows\System\CugbUvx.exe
  C:\Windows\System\CugbUvx.exe
  2⤵
  PID:11540
- C:\Windows\System\RvQTvve.exe
  C:\Windows\System\RvQTvve.exe
  2⤵
  PID:11568
- C:\Windows\System\kBGsgsq.exe
  C:\Windows\System\kBGsgsq.exe
  2⤵
  PID:11596
- C:\Windows\System\nZHPVFP.exe
  C:\Windows\System\nZHPVFP.exe
  2⤵
  PID:11624
- C:\Windows\System\VCwsCdl.exe
  C:\Windows\System\VCwsCdl.exe
  2⤵
  PID:11652
- C:\Windows\System\abdXdze.exe
  C:\Windows\System\abdXdze.exe
  2⤵
  PID:11680
- C:\Windows\System\HutiDlz.exe
  C:\Windows\System\HutiDlz.exe
  2⤵
  PID:11708
- C:\Windows\System\ESWdsrI.exe
  C:\Windows\System\ESWdsrI.exe
  2⤵
  PID:11736
- C:\Windows\System\YTPZlUO.exe
  C:\Windows\System\YTPZlUO.exe
  2⤵
  PID:11764
- C:\Windows\System\kanqIhl.exe
  C:\Windows\System\kanqIhl.exe
  2⤵
  PID:11800
- C:\Windows\System\iQljmdU.exe
  C:\Windows\System\iQljmdU.exe
  2⤵
  PID:11820
- C:\Windows\System\EhbKxKz.exe
  C:\Windows\System\EhbKxKz.exe
  2⤵
  PID:11860
- C:\Windows\System\aybGWEz.exe
  C:\Windows\System\aybGWEz.exe
  2⤵
  PID:11880
- C:\Windows\System\oCDLlwE.exe
  C:\Windows\System\oCDLlwE.exe
  2⤵
  PID:11912
- C:\Windows\System\cGmiysP.exe
  C:\Windows\System\cGmiysP.exe
  2⤵
  PID:11944
- C:\Windows\System\xWCKLWG.exe
  C:\Windows\System\xWCKLWG.exe
  2⤵
  PID:11964
- C:\Windows\System\WcVDaap.exe
  C:\Windows\System\WcVDaap.exe
  2⤵
  PID:11992
- C:\Windows\System\ZmEAgcC.exe
  C:\Windows\System\ZmEAgcC.exe
  2⤵
  PID:12020
- C:\Windows\System\CeihGBA.exe
  C:\Windows\System\CeihGBA.exe
  2⤵
  PID:12048
- C:\Windows\System\yEnKhRq.exe
  C:\Windows\System\yEnKhRq.exe
  2⤵
  PID:12084
- C:\Windows\System\XctTcNK.exe
  C:\Windows\System\XctTcNK.exe
  2⤵
  PID:12104
- C:\Windows\System\cTsqiQk.exe
  C:\Windows\System\cTsqiQk.exe
  2⤵
  PID:12132
- C:\Windows\System\OqGrSGU.exe
  C:\Windows\System\OqGrSGU.exe
  2⤵
  PID:12160
- C:\Windows\System\LhhchaG.exe
  C:\Windows\System\LhhchaG.exe
  2⤵
  PID:12212
- C:\Windows\System\ezKrzDC.exe
  C:\Windows\System\ezKrzDC.exe
  2⤵
  PID:12260
- C:\Windows\System\WzlGlWc.exe
  C:\Windows\System\WzlGlWc.exe
  2⤵
  PID:12276
- C:\Windows\System\PlKVmDk.exe
  C:\Windows\System\PlKVmDk.exe
  2⤵
  PID:11308
- C:\Windows\System\xmWhFog.exe
  C:\Windows\System\xmWhFog.exe
  2⤵
  PID:11420
- C:\Windows\System\vRPGpmP.exe
  C:\Windows\System\vRPGpmP.exe
  2⤵
  PID:11532
- C:\Windows\System\HlbZHjZ.exe
  C:\Windows\System\HlbZHjZ.exe
  2⤵
  PID:11620
- C:\Windows\System\VDdmRXx.exe
  C:\Windows\System\VDdmRXx.exe
  2⤵
  PID:11728
- C:\Windows\System\wMuHYST.exe
  C:\Windows\System\wMuHYST.exe
  2⤵
  PID:11784
- C:\Windows\System\WhJScuB.exe
  C:\Windows\System\WhJScuB.exe
  2⤵
  PID:11840
- C:\Windows\System\jVzSOkO.exe
  C:\Windows\System\jVzSOkO.exe
  2⤵
  PID:11928
- C:\Windows\System\pLQrcKR.exe
  C:\Windows\System\pLQrcKR.exe
  2⤵
  PID:11976
- C:\Windows\System\YxvnhVz.exe
  C:\Windows\System\YxvnhVz.exe
  2⤵
  PID:12040
- C:\Windows\System\LhTlHjo.exe
  C:\Windows\System\LhTlHjo.exe
  2⤵
  PID:12100
- C:\Windows\System\yEgiTXM.exe
  C:\Windows\System\yEgiTXM.exe
  2⤵
  PID:12156
- C:\Windows\System\SWthiYh.exe
  C:\Windows\System\SWthiYh.exe
  2⤵
  PID:12208
- C:\Windows\System\tNZdguM.exe
  C:\Windows\System\tNZdguM.exe
  2⤵
  PID:12268
- C:\Windows\System\bVbgOaU.exe
  C:\Windows\System\bVbgOaU.exe
  2⤵
  PID:11412
- C:\Windows\System\lVnnQbl.exe
  C:\Windows\System\lVnnQbl.exe
  2⤵
  PID:11616
- C:\Windows\System\uGfSzcd.exe
  C:\Windows\System\uGfSzcd.exe
  2⤵
  PID:4272
- C:\Windows\System\tFUMFGv.exe
  C:\Windows\System\tFUMFGv.exe
  2⤵
  PID:11580
- C:\Windows\System\gQvigwI.exe
  C:\Windows\System\gQvigwI.exe
  2⤵
  PID:11504
- C:\Windows\System\bGanppY.exe
  C:\Windows\System\bGanppY.exe
  2⤵
  PID:11872
- C:\Windows\System\LlScyGh.exe
  C:\Windows\System\LlScyGh.exe
  2⤵
  PID:4924
- C:\Windows\System\pgmmaFN.exe
  C:\Windows\System\pgmmaFN.exe
  2⤵
  PID:12124
- C:\Windows\System\YdXjJol.exe
  C:\Windows\System\YdXjJol.exe
  2⤵
  PID:12228
- C:\Windows\System\nEnbHxt.exe
  C:\Windows\System\nEnbHxt.exe
  2⤵
  PID:11524
- C:\Windows\System\nSmcQhh.exe
  C:\Windows\System\nSmcQhh.exe
  2⤵
  PID:11676
- C:\Windows\System\QlApAia.exe
  C:\Windows\System\QlApAia.exe
  2⤵
  PID:11952
- C:\Windows\System\PnknNUd.exe
  C:\Windows\System\PnknNUd.exe
  2⤵
  PID:12096
- C:\Windows\System\mcvwygo.exe
  C:\Windows\System\mcvwygo.exe
  2⤵
  PID:2156
- C:\Windows\System\iuNxKhB.exe
  C:\Windows\System\iuNxKhB.exe
  2⤵
  PID:12032
- C:\Windows\System\BDooXHl.exe
  C:\Windows\System\BDooXHl.exe
  2⤵
  PID:11480
- C:\Windows\System\RlklDTp.exe
  C:\Windows\System\RlklDTp.exe
  2⤵
  PID:12296
- C:\Windows\System\LcwAziP.exe
  C:\Windows\System\LcwAziP.exe
  2⤵
  PID:12324
- C:\Windows\System\oyOhZev.exe
  C:\Windows\System\oyOhZev.exe
  2⤵
  PID:12352
- C:\Windows\System\WnWwmWU.exe
  C:\Windows\System\WnWwmWU.exe
  2⤵
  PID:12380
- C:\Windows\System\WJVWdMW.exe
  C:\Windows\System\WJVWdMW.exe
  2⤵
  PID:12408
- C:\Windows\System\IkHrWww.exe
  C:\Windows\System\IkHrWww.exe
  2⤵
  PID:12436
- C:\Windows\System\pBPvQZP.exe
  C:\Windows\System\pBPvQZP.exe
  2⤵
  PID:12464
- C:\Windows\System\SuGCzjy.exe
  C:\Windows\System\SuGCzjy.exe
  2⤵
  PID:12500
- C:\Windows\System\xKNxqMq.exe
  C:\Windows\System\xKNxqMq.exe
  2⤵
  PID:12532
- C:\Windows\System\fmmYRYM.exe
  C:\Windows\System\fmmYRYM.exe
  2⤵
  PID:12556
- C:\Windows\System\WbqIXyn.exe
  C:\Windows\System\WbqIXyn.exe
  2⤵
  PID:12576
- C:\Windows\System\rAmcPgV.exe
  C:\Windows\System\rAmcPgV.exe
  2⤵
  PID:12608
- C:\Windows\System\PaEMsVg.exe
  C:\Windows\System\PaEMsVg.exe
  2⤵
  PID:12636
- C:\Windows\System\hwJBUvf.exe
  C:\Windows\System\hwJBUvf.exe
  2⤵
  PID:12664
- C:\Windows\System\xVTpqfJ.exe
  C:\Windows\System\xVTpqfJ.exe
  2⤵
  PID:12692
- C:\Windows\System\ybkCyjU.exe
  C:\Windows\System\ybkCyjU.exe
  2⤵
  PID:12720
- C:\Windows\System\QpekwQJ.exe
  C:\Windows\System\QpekwQJ.exe
  2⤵
  PID:12748
- C:\Windows\System\QWOJZHq.exe
  C:\Windows\System\QWOJZHq.exe
  2⤵
  PID:12776
- C:\Windows\System\ihNqOCY.exe
  C:\Windows\System\ihNqOCY.exe
  2⤵
  PID:12804
- C:\Windows\System\PoQVoCO.exe
  C:\Windows\System\PoQVoCO.exe
  2⤵
  PID:12844
- C:\Windows\System\pTpXatW.exe
  C:\Windows\System\pTpXatW.exe
  2⤵
  PID:12864
- C:\Windows\System\WcBZXpm.exe
  C:\Windows\System\WcBZXpm.exe
  2⤵
  PID:12892
- C:\Windows\System\UxIqPyI.exe
  C:\Windows\System\UxIqPyI.exe
  2⤵
  PID:12920
- C:\Windows\System\OVIIawN.exe
  C:\Windows\System\OVIIawN.exe
  2⤵
  PID:12956
- C:\Windows\System\lqWbNOk.exe
  C:\Windows\System\lqWbNOk.exe
  2⤵
  PID:12976
- C:\Windows\System\yzoGqUM.exe
  C:\Windows\System\yzoGqUM.exe
  2⤵
  PID:13012
- C:\Windows\System\qKGikxM.exe
  C:\Windows\System\qKGikxM.exe
  2⤵
  PID:13032
- C:\Windows\System\WLutGJv.exe
  C:\Windows\System\WLutGJv.exe
  2⤵
  PID:13068
- C:\Windows\System\fQoYvWm.exe
  C:\Windows\System\fQoYvWm.exe
  2⤵
  PID:13088
- C:\Windows\System\PetOnDf.exe
  C:\Windows\System\PetOnDf.exe
  2⤵
  PID:13116
- C:\Windows\System\XzWDJaq.exe
  C:\Windows\System\XzWDJaq.exe
  2⤵
  PID:13144
- C:\Windows\System\qRJMDKe.exe
  C:\Windows\System\qRJMDKe.exe
  2⤵
  PID:13172
- C:\Windows\System\iFyBZIr.exe
  C:\Windows\System\iFyBZIr.exe
  2⤵
  PID:13200
- C:\Windows\System\YokWmSV.exe
  C:\Windows\System\YokWmSV.exe
  2⤵
  PID:13228
- C:\Windows\System\GPkDrJG.exe
  C:\Windows\System\GPkDrJG.exe
  2⤵
  PID:13256
- C:\Windows\System\VXwIwqs.exe
  C:\Windows\System\VXwIwqs.exe
  2⤵
  PID:13284
- C:\Windows\System\FfEcoFQ.exe
  C:\Windows\System\FfEcoFQ.exe
  2⤵
  PID:12292
- C:\Windows\System\UUxkTNF.exe
  C:\Windows\System\UUxkTNF.exe
  2⤵
  PID:12348
- C:\Windows\System\BbIjqjx.exe
  C:\Windows\System\BbIjqjx.exe
  2⤵
  PID:12432
- C:\Windows\System\gHudsVL.exe
  C:\Windows\System\gHudsVL.exe
  2⤵
  PID:12484
- C:\Windows\System\ywLyPQc.exe
  C:\Windows\System\ywLyPQc.exe
  2⤵
  PID:12564
- C:\Windows\System\bvrInAD.exe
  C:\Windows\System\bvrInAD.exe
  2⤵
  PID:12628
- C:\Windows\System\PmmeOxB.exe
  C:\Windows\System\PmmeOxB.exe
  2⤵
  PID:12688
- C:\Windows\System\RipQSrp.exe
  C:\Windows\System\RipQSrp.exe
  2⤵
  PID:12740
- C:\Windows\System\EbDjNHA.exe
  C:\Windows\System\EbDjNHA.exe
  2⤵
  PID:12800
- C:\Windows\System\okAKtXZ.exe
  C:\Windows\System\okAKtXZ.exe
  2⤵
  PID:12876
- C:\Windows\System\DXtAHNq.exe
  C:\Windows\System\DXtAHNq.exe
  2⤵
  PID:12932
- C:\Windows\System\YzgtAMz.exe
  C:\Windows\System\YzgtAMz.exe
  2⤵
  PID:12996
- C:\Windows\System\wpRzApz.exe
  C:\Windows\System\wpRzApz.exe
  2⤵
  PID:4516
- C:\Windows\System\eWmFzeE.exe
  C:\Windows\System\eWmFzeE.exe
  2⤵
  PID:13108
- C:\Windows\System\hCWuHFd.exe
  C:\Windows\System\hCWuHFd.exe
  2⤵
  PID:13168
- C:\Windows\System\lQJeyDs.exe
  C:\Windows\System\lQJeyDs.exe
  2⤵
  PID:13240
- C:\Windows\System\ouuvmTS.exe
  C:\Windows\System\ouuvmTS.exe
  2⤵
  PID:13304
- C:\Windows\System\pVSBRDc.exe
  C:\Windows\System\pVSBRDc.exe
  2⤵
  PID:12404
- C:\Windows\System\aAYjoJn.exe
  C:\Windows\System\aAYjoJn.exe
  2⤵
  PID:12588
- C:\Windows\System\NJTpxzs.exe
  C:\Windows\System\NJTpxzs.exe
  2⤵
  PID:12712
- C:\Windows\System\yrQitNC.exe
  C:\Windows\System\yrQitNC.exe
  2⤵
  PID:12860
- C:\Windows\System\lrmFwLv.exe
  C:\Windows\System\lrmFwLv.exe
  2⤵
  PID:13024
- C:\Windows\System\AnIgcWI.exe
  C:\Windows\System\AnIgcWI.exe
  2⤵
  PID:13100
- C:\Windows\System\ZWyGMVz.exe
  C:\Windows\System\ZWyGMVz.exe
  2⤵
  PID:13268
- C:\Windows\System\TiLJPxy.exe
  C:\Windows\System\TiLJPxy.exe
  2⤵
  PID:12512
- C:\Windows\System\cCvBvLY.exe
  C:\Windows\System\cCvBvLY.exe
  2⤵
  PID:12964
- C:\Windows\System\UtYRgAc.exe
  C:\Windows\System\UtYRgAc.exe
  2⤵
  PID:13164
- C:\Windows\System\SAtLfJI.exe
  C:\Windows\System\SAtLfJI.exe
  2⤵
  PID:12768
- C:\Windows\System\jGGojqq.exe
  C:\Windows\System\jGGojqq.exe
  2⤵
  PID:12660
- C:\Windows\System\ghZKVjB.exe
  C:\Windows\System\ghZKVjB.exe
  2⤵
  PID:13328
- C:\Windows\System\ynQYODx.exe
  C:\Windows\System\ynQYODx.exe
  2⤵
  PID:13356
- C:\Windows\System\DkJpOMt.exe
  C:\Windows\System\DkJpOMt.exe
  2⤵
  PID:13372
- C:\Windows\System\RUIHxla.exe
  C:\Windows\System\RUIHxla.exe
  2⤵
  PID:13416
- C:\Windows\System\ikzZUUT.exe
  C:\Windows\System\ikzZUUT.exe
  2⤵
  PID:13440
- C:\Windows\System\elCyGZu.exe
  C:\Windows\System\elCyGZu.exe
  2⤵
  PID:13468
- C:\Windows\System\xwqNLpr.exe
  C:\Windows\System\xwqNLpr.exe
  2⤵
  PID:13532
- C:\Windows\System\QpYkNmb.exe
  C:\Windows\System\QpYkNmb.exe
  2⤵
  PID:13564
- C:\Windows\System\KChVpLM.exe
  C:\Windows\System\KChVpLM.exe
  2⤵
  PID:13604
- C:\Windows\System\VnGmfwS.exe
  C:\Windows\System\VnGmfwS.exe
  2⤵
  PID:13620
- C:\Windows\System\LvvNbdu.exe
  C:\Windows\System\LvvNbdu.exe
  2⤵
  PID:13648
- C:\Windows\System\zsUIiJQ.exe
  C:\Windows\System\zsUIiJQ.exe
  2⤵
  PID:13676
- C:\Windows\System\ajYGyqA.exe
  C:\Windows\System\ajYGyqA.exe
  2⤵
  PID:13708
- C:\Windows\System\jnrpyKC.exe
  C:\Windows\System\jnrpyKC.exe
  2⤵
  PID:13732
- C:\Windows\System\KlteAPl.exe
  C:\Windows\System\KlteAPl.exe
  2⤵
  PID:13760
- C:\Windows\System\sMTkhGz.exe
  C:\Windows\System\sMTkhGz.exe
  2⤵
  PID:13788
- C:\Windows\System\ZzZiVXy.exe
  C:\Windows\System\ZzZiVXy.exe
  2⤵
  PID:13824
- C:\Windows\System\kgYjObB.exe
  C:\Windows\System\kgYjObB.exe
  2⤵
  PID:13844
- C:\Windows\System\zYbVeIp.exe
  C:\Windows\System\zYbVeIp.exe
  2⤵
  PID:13872
- C:\Windows\System\GVpLuqT.exe
  C:\Windows\System\GVpLuqT.exe
  2⤵
  PID:13900
- C:\Windows\System\yEHCZZe.exe
  C:\Windows\System\yEHCZZe.exe
  2⤵
  PID:13928
- C:\Windows\System\bYmcaqo.exe
  C:\Windows\System\bYmcaqo.exe
  2⤵
  PID:13956
- C:\Windows\System\uVIBFJk.exe
  C:\Windows\System\uVIBFJk.exe
  2⤵
  PID:13992
- C:\Windows\System\LoTsXEW.exe
  C:\Windows\System\LoTsXEW.exe
  2⤵
  PID:14012
- C:\Windows\System\yotEWBN.exe
  C:\Windows\System\yotEWBN.exe
  2⤵
  PID:14040
- C:\Windows\System\JDJlWJJ.exe
  C:\Windows\System\JDJlWJJ.exe
  2⤵
  PID:14072
- C:\Windows\System\qKjStKP.exe
  C:\Windows\System\qKjStKP.exe
  2⤵
  PID:14096
- C:\Windows\System\aWOWquM.exe
  C:\Windows\System\aWOWquM.exe
  2⤵
  PID:14124
- C:\Windows\System\hgJNBNE.exe
  C:\Windows\System\hgJNBNE.exe
  2⤵
  PID:14152
- C:\Windows\System\TMYQKQI.exe
  C:\Windows\System\TMYQKQI.exe
  2⤵
  PID:14188
- C:\Windows\System\crsGpuT.exe
  C:\Windows\System\crsGpuT.exe
  2⤵
  PID:14208
- C:\Windows\System\JHXPtiM.exe
  C:\Windows\System\JHXPtiM.exe
  2⤵
  PID:14236
- C:\Windows\System\ZWJiFsJ.exe
  C:\Windows\System\ZWJiFsJ.exe
  2⤵
  PID:14264
- C:\Windows\System\XKWYhSM.exe
  C:\Windows\System\XKWYhSM.exe
  2⤵
  PID:14300
- C:\Windows\System\ezgcdxC.exe
  C:\Windows\System\ezgcdxC.exe
  2⤵
  PID:14320
- C:\Windows\System\abkIOYz.exe
  C:\Windows\System\abkIOYz.exe
  2⤵
  PID:13340
- C:\Windows\System\HlPuzQH.exe
  C:\Windows\System\HlPuzQH.exe
  2⤵
  PID:13404
- C:\Windows\System\OjUBVAN.exe
  C:\Windows\System\OjUBVAN.exe
  2⤵
  PID:13464
- C:\Windows\System\OTFxIrM.exe
  C:\Windows\System\OTFxIrM.exe
  2⤵
  PID:13556
- C:\Windows\System\lfaLsXi.exe
  C:\Windows\System\lfaLsXi.exe
  2⤵
  PID:11468
- C:\Windows\System\sgZxalP.exe
  C:\Windows\System\sgZxalP.exe
  2⤵
  PID:13588
- C:\Windows\System\DbrYwxv.exe
  C:\Windows\System\DbrYwxv.exe
  2⤵
  PID:13668
- C:\Windows\System\DGANmGq.exe
  C:\Windows\System\DGANmGq.exe
  2⤵
  PID:13728
- C:\Windows\System\TLefvnd.exe
  C:\Windows\System\TLefvnd.exe
  2⤵
  PID:13800
- C:\Windows\System\tOeszaD.exe
  C:\Windows\System\tOeszaD.exe
  2⤵
  PID:13856
- C:\Windows\System\Pbnozrn.exe
  C:\Windows\System\Pbnozrn.exe
  2⤵
  PID:13920
- C:\Windows\System\VSHoYKC.exe
  C:\Windows\System\VSHoYKC.exe
  2⤵
  PID:13980
- C:\Windows\System\aFYrkih.exe
  C:\Windows\System\aFYrkih.exe
  2⤵
  PID:5544
- C:\Windows\System\nmGsTLm.exe
  C:\Windows\System\nmGsTLm.exe
  2⤵
  PID:14036
- C:\Windows\System\vYpMPyn.exe
  C:\Windows\System\vYpMPyn.exe
  2⤵
  PID:14108
- C:\Windows\System\lTsbQKt.exe
  C:\Windows\System\lTsbQKt.exe
  2⤵
  PID:14172
- C:\Windows\System\upsqgSZ.exe
  C:\Windows\System\upsqgSZ.exe
  2⤵
  PID:14228
- C:\Windows\System\SxNlhuO.exe
  C:\Windows\System\SxNlhuO.exe
  2⤵
  PID:14332
- C:\Windows\System\GKfihJR.exe
  C:\Windows\System\GKfihJR.exe
  2⤵
  PID:11328
- C:\Windows\System\wgrLkwd.exe
  C:\Windows\System\wgrLkwd.exe
  2⤵
  PID:13644
- C:\Windows\System\BFudrIB.exe
  C:\Windows\System\BFudrIB.exe
  2⤵
  PID:13772
- C:\Windows\System\kiOscLc.exe
  C:\Windows\System\kiOscLc.exe
  2⤵
  PID:13840
- C:\Windows\System\klhyIUE.exe
  C:\Windows\System\klhyIUE.exe
  2⤵
  PID:13976
- C:\Windows\System\UuBueBL.exe
  C:\Windows\System\UuBueBL.exe
  2⤵
  PID:5216
- C:\Windows\System\cfFxOtI.exe
  C:\Windows\System\cfFxOtI.exe
  2⤵
  PID:14092
- C:\Windows\System\RfDRMCi.exe
  C:\Windows\System\RfDRMCi.exe
  2⤵
  PID:14220
- C:\Windows\System\nHhKgtp.exe
  C:\Windows\System\nHhKgtp.exe
  2⤵
  PID:3260
- C:\Windows\System\AjhkUTH.exe
  C:\Windows\System\AjhkUTH.exe
  2⤵
  PID:4820
- C:\Windows\System\JeVLWLO.exe
  C:\Windows\System\JeVLWLO.exe
  2⤵
  PID:13600
- C:\Windows\System\KuqppND.exe
  C:\Windows\System\KuqppND.exe
  2⤵
  PID:13836
- C:\Windows\System\BxJaHBM.exe
  C:\Windows\System\BxJaHBM.exe
  2⤵
  PID:1648
- C:\Windows\System\XstHQRV.exe
  C:\Windows\System\XstHQRV.exe
  2⤵
  PID:3696
- C:\Windows\System\DYhftmU.exe
  C:\Windows\System\DYhftmU.exe
  2⤵
  PID:4636
- C:\Windows\System\SCeSroQ.exe
  C:\Windows\System\SCeSroQ.exe
  2⤵
  PID:13832
- C:\Windows\System\WZTOWzn.exe
  C:\Windows\System\WZTOWzn.exe
  2⤵
  PID:4720
- C:\Windows\System\WXRabIc.exe
  C:\Windows\System\WXRabIc.exe
  2⤵
  PID:1416
- C:\Windows\System\UHLTTSu.exe
  C:\Windows\System\UHLTTSu.exe
  2⤵
  PID:13584
- C:\Windows\System\kMlAnDk.exe
  C:\Windows\System\kMlAnDk.exe
  2⤵
  PID:5432
- C:\Windows\System\aRBbstm.exe
  C:\Windows\System\aRBbstm.exe
  2⤵
  PID:6052
- C:\Windows\System\bFwjScD.exe
  C:\Windows\System\bFwjScD.exe
  2⤵
  PID:4564
- C:\Windows\System\xraFkhO.exe
  C:\Windows\System\xraFkhO.exe
  2⤵
  PID:2412
- C:\Windows\System\FgKxoSL.exe
  C:\Windows\System\FgKxoSL.exe
  2⤵
  PID:2852
- C:\Windows\System\qmXRhrS.exe
  C:\Windows\System\qmXRhrS.exe
  2⤵
  PID:14360
- C:\Windows\System\opVsHLa.exe
  C:\Windows\System\opVsHLa.exe
  2⤵
  PID:14396
- C:\Windows\System\YeNQpZg.exe
  C:\Windows\System\YeNQpZg.exe
  2⤵
  PID:14412
- C:\Windows\System\CPVjepG.exe
  C:\Windows\System\CPVjepG.exe
  2⤵
  PID:14428
- C:\Windows\System\JdSyGvQ.exe
  C:\Windows\System\JdSyGvQ.exe
  2⤵
  PID:14500
- C:\Windows\System\XzaRVgD.exe
  C:\Windows\System\XzaRVgD.exe
  2⤵
  PID:14528
- C:\Windows\System\BBRFnWc.exe
  C:\Windows\System\BBRFnWc.exe
  2⤵
  PID:14560
- C:\Windows\System\fVgKfFG.exe
  C:\Windows\System\fVgKfFG.exe
  2⤵
  PID:14596
- C:\Windows\System\jnWyAre.exe
  C:\Windows\System\jnWyAre.exe
  2⤵
  PID:14628
- C:\Windows\System\zqIQgnx.exe
  C:\Windows\System\zqIQgnx.exe
  2⤵
  PID:14664
- C:\Windows\System\SySVSPY.exe
  C:\Windows\System\SySVSPY.exe
  2⤵
  PID:14692
- C:\Windows\System\rJkcJTK.exe
  C:\Windows\System\rJkcJTK.exe
  2⤵
  PID:14720
- C:\Windows\System\WesPwAM.exe
  C:\Windows\System\WesPwAM.exe
  2⤵
  PID:14752
- C:\Windows\System\yUtHOVX.exe
  C:\Windows\System\yUtHOVX.exe
  2⤵
  PID:14780
- C:\Windows\System\WdrgVvr.exe
  C:\Windows\System\WdrgVvr.exe
  2⤵
  PID:14812
- C:\Windows\System\RfUamse.exe
  C:\Windows\System\RfUamse.exe
  2⤵
  PID:14840
- C:\Windows\System\vMzZuXq.exe
  C:\Windows\System\vMzZuXq.exe
  2⤵
  PID:14880
- C:\Windows\System\vbRCvRp.exe
  C:\Windows\System\vbRCvRp.exe
  2⤵
  PID:14896
- C:\Windows\System\hVxWLCo.exe
  C:\Windows\System\hVxWLCo.exe
  2⤵
  PID:14932
- C:\Windows\System\fnPPqzA.exe
  C:\Windows\System\fnPPqzA.exe
  2⤵
  PID:14972
- C:\Windows\System\OrHsiIY.exe
  C:\Windows\System\OrHsiIY.exe
  2⤵
  PID:15000
- C:\Windows\System\XnkUYqY.exe
  C:\Windows\System\XnkUYqY.exe
  2⤵
  PID:15040
- C:\Windows\System\FAULAWb.exe
  C:\Windows\System\FAULAWb.exe
  2⤵
  PID:15068
- C:\Windows\System\cuJdmNh.exe
  C:\Windows\System\cuJdmNh.exe
  2⤵
  PID:15252

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4632

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BuKOEwZ.exe

Filesize
6.0MB

MD5
43d9ab16ae7768097817286874855222

SHA1
491a52d239970a715300d975df6275e56ab3c040

SHA256
ddd4b8f371de0f0d0b88922b5aaf281341f121b82e9fbf90e112ad0e4ce2d0b8

SHA512
62f9ae7e13093e0a925c77ad41f3e16914df971b1f4171b82bfdeaf946869e48d674fca6f78d97eea30f2a1f7d5e2ed0508aa3ea3018843ec130f9dc18b8aa22

Download Submit
C:\Windows\System\CsTKply.exe

Filesize
6.0MB

MD5
1896e25aff028012c0935f21822c81fb

SHA1
f10c5664e0ae3940452c19d56baa7c968ba15d19

SHA256
5d0403415e57dca4f4f2231777be096ec53f3573a519e0422686a9467562eb64

SHA512
c75cfdf23ce19bd932c1cd718a220c0ad741440843a939cf199412f438f3dc264296ff964fe73bf94adf4c199950f0754cf3c052e6c9603aa9011a91479ac018

Download Submit
C:\Windows\System\ECCkzWU.exe

Filesize
6.0MB

MD5
6f40d02f55428dfe087832939f21a4f6

SHA1
481def05e4dfa353138db718ee0cfe2888914638

SHA256
c6ce3b76de1dd30bb9c478390b03044cf4c73fbcb078fc8a71cbd404ee072be7

SHA512
8771a2962edc90ceb24535cf2c40c1244b16325c477cd60a5986bb92eb836c56f597a4aecbf263d52e822af06ff91ec5cefd49da16a1482134fbaa1254d4ffff

Download Submit
C:\Windows\System\ERNCtCG.exe

Filesize
6.0MB

MD5
9582ca67d9238a91fd05b6520aa39f74

SHA1
020182432e2afe88628d002a7c6a78eaefeb3ad4

SHA256
8bd9c679ebe1223b06795856bbb5cda85f96511d41b7e9c35505ef8cd910302d

SHA512
ea77a527d6ce4a33b35b9838d7c1b8f5b511c9acd68f4b8b314152733cb75cae4ee52c2002112f0a5d45af39cfaed43670820987b98a86e3c4af7d8bf34c71b5

Download Submit
C:\Windows\System\EgrSmRG.exe

Filesize
6.0MB

MD5
96987b04fcf5bed9d40d172870f3f632

SHA1
d1ed22d53832b75fb459e1b9a43b90cf1fd8e12b

SHA256
b851e8724c2e8e5895a0843b891ca8ee29cf7d9766085d899d5ac08d50c82b8e

SHA512
3d2f84a5aebffe2e35b472bb24c8af2591103f85c2c03d6393742345570dc93f052d3e9662e7e7508d796a2bd46cbd6e09fbcf47ffc7acc5a5a5542ad95abb12

Download Submit
C:\Windows\System\HdLsDyz.exe

Filesize
6.0MB

MD5
4834993e77124bf0cdfc57da27e02d81

SHA1
1ff24c97df9fae4a0a2031516ce2b6a6a9f42533

SHA256
307a42725df934f26f5d4ea03de8bb148f726b99886d3f85aa08ed64ea92744f

SHA512
b4c16e6c230c33bf2e43873fae0c6705f6e02a84234a3653d88f83683e22c53bf9a4038488c58b0c1000bb3fea0dae999497f5d1889cce3eca4a686211fdada7

Download Submit
C:\Windows\System\HpTWsPM.exe

Filesize
6.0MB

MD5
03d68d257a528ba6e23eb50e4bde2c02

SHA1
f42b21fda2f9f22682937bf095c188a0d93c698d

SHA256
187898f1aa887264c9689429bae8acabbcc9cda9f4a69c87214f635b4fd9fa47

SHA512
89a2fe350fb7dde2cb6cb98b9ce0e16ed723a323beac50d9a453c9e57d066ac133a5ac8431d56b68c07899f413409251cee2b61c453ff9c4aa872f256ff00587

Download Submit
C:\Windows\System\IejhSUQ.exe

Filesize
6.0MB

MD5
ae3a91a69186696fee2d429732b6bf76

SHA1
355a690498b76bf2902b8d42080917252bccbc0b

SHA256
317524be3a00f7318f9b4e18aba969a49715aaa77a9defc7a35b871f85b79b83

SHA512
3d1db12349fceab1b57fc8becc1c4f2cab633c5300f7239988ce12d0363d1271464d3cd6c99e98fcfad020e0d0d0fda025bd5c1ec0f64affcbd2fee96b75dbd4

Download Submit
C:\Windows\System\IkCeWpw.exe

Filesize
6.0MB

MD5
72787ff6d7926f2588e98f77f53fc638

SHA1
acffafe040a9d23c2609d3a737073d8050f6a542

SHA256
fd32fa137ae51f093991a2412ccc41ad987775624ff07885190a4d6ad2aadd71

SHA512
bc832ba4314498dd25a9d3d7372effe5435e52e8d764b54758e8ddb28b215c80a847cab9c333397d2c4a35e1cc68ae7efe6f982d0b3374f52c26055e6fcebfa3

Download Submit
C:\Windows\System\LNIFNLS.exe

Filesize
6.0MB

MD5
c12e0e3a003e773ba6a3ad81a6668dbe

SHA1
dee9dc3f84d6fed7f421fdfd48af4157dd3e680d

SHA256
2916e7299a0979a87886a0526d58831e18f515ddefc212025d17ba934de18eae

SHA512
80bedf9a027b042aa983f0617bcc5307829ac34d7b4dae9c950bf93ac7ab7973dda15d853b45ce9265332ef9d1db3ae670294176f34cdca91a40c2e56d707c89

Download Submit
C:\Windows\System\OakJITw.exe

Filesize
6.0MB

MD5
cbfb6f69c78b7af08311cd7e81434fdd

SHA1
4a18add1638d9d89064bb7a953951dd5ce275aa9

SHA256
c43c1baa21a5da0664c8b2e533a805925417ac7a1fc2ac75742e90e17c2f33f6

SHA512
049206e2e34246937811ee7b85ea4747a01d05bc0af4bc3788408d1cce50b44b01dbc9ac75e616423c396c336f3829ddc580e20387a630721361f5e2f98b4294

Download Submit
C:\Windows\System\PNuzlGw.exe

Filesize
6.0MB

MD5
f0e68e7afb28af53202331528b2da488

SHA1
df2403c9df12d5c8ac3db12f74c9d47d52e7938d

SHA256
dba105eab500ab0318cb82b4c98c1d96f10cc303a15314eed871d69806b16619

SHA512
d11cc5372101bcd27bd360574a1fe8ab563737fde057078e317ed868debf7c4b2dcd10e6be81edf2a1f32e58eef4b06d1eaf66db15ad051ffbc57accd9139550

Download Submit
C:\Windows\System\RVkOUBH.exe

Filesize
6.0MB

MD5
8e56eecfce1aa650104f823fd97ceef6

SHA1
c0da2944f570da9f6478224e30edc284e2f51d79

SHA256
7f626128abb986d4020aaa22a09585e0e285f04e8b883f5d0c5c11e63ce20071

SHA512
b3241624601816247c6e7ba216e2a970a48f2d06bc7ec9077879192af1294857bd67bc870631a9a5fe2028e7ff1ac1c9af042f0f483f4af2a556acb12d726485

Download Submit
C:\Windows\System\RxuMgnK.exe

Filesize
6.0MB

MD5
b2de063ce62394620afa591f763cc229

SHA1
00b3933a13b3e8eb63a66bbfd8a04b48e1dc3a80

SHA256
0da22752eb8e8c2ba2cc113f4dc5d0b1adfee4a8f235395eff683f46dd1dfec1

SHA512
126090ac00137593f33dac48f95db42d7f1bbf013cb97c4fc66db6294d06488fcc01e56a50a288dada49397c228ca0f8b245303b7a40be6a78433f942de95595

Download Submit
C:\Windows\System\StCfLeq.exe

Filesize
6.0MB

MD5
4ad83dc4736ec7cd054e3f03be664777

SHA1
da83b832bdadbea2c9aefdf6445b6e170baaf881

SHA256
fc03b82e21f029c041702ea56d1ffbf01cb661de8080d1edafad512ccb89ce4b

SHA512
3efccda98a91d62f0784951513f6dc111bbbc70e1a4cd2fe489d019b2e48fd6659ed73a3b7d906db9bd58c35b8a34c54adbb8e98de681642ba4f40f310ba9932

Download Submit
C:\Windows\System\WovfoOo.exe

Filesize
6.0MB

MD5
bfd66fe0b93fa5cb5ad384a3babbe926

SHA1
c7c82950254ff5ea748ba8d5767b0f473fd050e6

SHA256
f2ea0428418df8d4c48985f12ef3755084df13a3626566ae2356b6e2b272a2f3

SHA512
fceaefe5fe1cbcf219658f1031e6a4e74a656133d21bb749fcd350425676c8f60b84375e412aeba483db47a36fcaeccede0bcd6dc90b6155d6e108d426b5b3ae

Download Submit
C:\Windows\System\XofmnBg.exe

Filesize
6.0MB

MD5
06faec6273d87838d7e2daec4f902361

SHA1
d9bb643bf20d8d86b185622e07ce554386b994d1

SHA256
241301f8e6812868c40ba349bcc5a53c2dd58f262cf40ffc884e4a1253f6bf2e

SHA512
cc939397d45e0a9419869cf0e98151ceb37f3e2b4dda31ae5da08400bb0ce81e983d64d61d8d5a29f9a3311139e2f0189b31059a5573dae5d75d01dc86ca549a

Download Submit
C:\Windows\System\YdowPCt.exe

Filesize
6.0MB

MD5
c146db763b2aae440bcd250b91dad4a9

SHA1
a9bcd087909043695cbf566e65c4598de7ebbdbd

SHA256
9f4a24828f068692427096b233f6aa48ad4f3a2249b362523ca6268e034bfc23

SHA512
1044ba48a7289544bf04a6a7bc80c77a5a949d0507bae20e19dd7e755c8af2899199929ca849ffc7584d8f3cb5ba85b19f860c781a43c27dd3db0671d1b479f8

Download Submit
C:\Windows\System\ZSHpDYc.exe

Filesize
6.0MB

MD5
5686c041ccf26d6ddb7a53df72aeafb1

SHA1
cb96c2cb24a0438a983c1367fa1faa30753c4fdf

SHA256
b8eccf3e3b7ec8f0bc9db49ee9aed840593c019274310023bd5bf9c7d5f3a9f5

SHA512
ec201c530de096391a3d7ab201fdf25fc5dbb52aa7283e62da8f4d156d5a9cef30f08c72e4fdb87f7abda4a207eb576d2c071ede70a7e3e5f9d8f6d9502185ac

Download Submit
C:\Windows\System\ZyOoJDr.exe

Filesize
6.0MB

MD5
51214b3437a01b96aeb1426698b9d81f

SHA1
c00e9114d93be5129d2dd8ed120109054158b5e3

SHA256
71f5c9933f9c71ae76b284323acfa3ce898d33375bdaf44ffad9651e8c261665

SHA512
0d0792f490e91f2946ccde6884041a0b94826047975387809730ac3058a211d2554de62ed1de2a3d030c4d298f1a18c698c064489137f68a383ba107addc7815

Download Submit
C:\Windows\System\eNCoKiS.exe

Filesize
6.0MB

MD5
b634d5f030dae4cf11081578fbd5dfb5

SHA1
2db668ffac3f6f9dd30909acfe9e223b085e92a7

SHA256
35d93a5c652bcd19e255f056e6a1af98d0664cf83f43709faf493784084bc8fb

SHA512
8908604e0469347baf52325a08f3079fd9833603fdcb230fd2a94d7d738c7f635362b2daa1e060b8ad1d1d0164883754d74056709d518a7e7f1e7c4c7da96b4c

Download Submit
C:\Windows\System\ecbjMMz.exe

Filesize
6.0MB

MD5
cdf8278135d232854dd48c1c9c4035d2

SHA1
bba3b13ecfd06e75d497c1bee773c2ff382e80b4

SHA256
9e37fe178195f1b8994559b2102c3e7a6744606e6fd26bd65b5b4cb7f5f673a5

SHA512
ddd4afd64372c667e3351ebed4cd1bf9e0629b5d95eff0c995a978c8b04cee4086e1d15a3202e409c38465645c8a7651066b54ce7573ccb9633323ba67a4bbfe

Download Submit
C:\Windows\System\feRlFOX.exe

Filesize
6.0MB

MD5
bbf4080be956d13ffe46fe19296014b0

SHA1
742f8f72eb8013526d729a4e0a4d54066ad33f57

SHA256
2b0bac9a57dbf3f65980e9952d7ae697c9776af03a37115b5431eb0da58c9aae

SHA512
4d348e77a0e038bd6d2fcf079bbb9b042ad571406c1b4f11158ae10a4fdf0765af973ae453aec4d14e2f43f537e3a437387550e201b98df1a15cd6901ec9db6e

Download Submit
C:\Windows\System\hdLrtEl.exe

Filesize
6.0MB

MD5
108c69160828af0ede8d910b9c833b63

SHA1
2355c86a6920367e9097bf4d030d65e44e8ca4f1

SHA256
f9ab03ee14e875ff27c48e0b22faade4e2d906488212e31bbfaaf06269a54ebb

SHA512
38d0d8056765bb250d5828f3045daee04180d603216ab90cfbc7a6731bec36947d74e745af17faf445697ce1dc0bf178883291448c6abd37d8968ba13e33e57c

Download Submit
C:\Windows\System\lWOCDMt.exe

Filesize
6.0MB

MD5
c3bc045a9eb08208ec3bb358766ae487

SHA1
e91910d0bd599fb03683d3c35e6ef2275c6a527d

SHA256
cfc83d8bf9f5dfb913a2a166a072d48f47bd175f83ffb46526e627c0ec877e10

SHA512
7343a13b477c202355d9ed368c171713a26dadd241f398fe40c53ee938ab0408a91614114686c0e120b8a2c1d2a72388a2d710ac01566d74fc8f9db611b047b7

Download Submit
C:\Windows\System\lfRDhUa.exe

Filesize
6.0MB

MD5
214cb225ecea8a1d3b71103f53aa4981

SHA1
d89ae2424a1d60cfc76251b84de1421e03b6edfe

SHA256
7f5fe5c2248c2f89a1dbe14a653c77ccd8b9678269186c6a774f41f054904aa5

SHA512
395ee15adb12f67359d159a101c9f8890e74f9234f5aea1fe49e68f666b7e5c9d003fd8a4ab0a1b74f03f0f09a5b7c594c838922a716c91e03304d6d50616509

Download Submit
C:\Windows\System\lxLrcHO.exe

Filesize
6.0MB

MD5
3548e4221190022e0d3e4cb3edc40a88

SHA1
fd772046c94581e0dd104c992fb3692be2137cff

SHA256
d95bc29e9760bbe8417cc6f3fd3738a133cea9b0a3991355aa1c69ba5a129cba

SHA512
d40b3979b7f4963a5d150ec1bc49a3c657e7dee8981af913c9a3e1bb0aa9f7d3d0dab55b7a613224db59d675124ac32af1c3a0224d0eccdf5bf7e3d421f6c5d0

Download Submit
C:\Windows\System\nKQxeUO.exe

Filesize
6.0MB

MD5
6a566f12828d9c099bdc7767fc8e2754

SHA1
67fcbe221a6a544bc0b391f28947dd3add0a3fa6

SHA256
a79204254ce38601eb81815c1bc2c0d91172534f56352efbec2cff19e12f8598

SHA512
97ba0b0fbfa172149c54e50e819db0ed802a73d5fda7e574bb63da9a21c5a2f22f1a4ae4b0a73094a7f52892592796126a3e5fc6fbfa29f63ec95fb3200ceb54

Download Submit
C:\Windows\System\qrIfkPg.exe

Filesize
6.0MB

MD5
acb71dfbcc4342819622ffafef3fdf75

SHA1
8f437775d4be59a4dc351e47de14e06f57e0a529

SHA256
57f10727d77084cd396153be5b5add4104e24cc9a9fc4c0bfb7c6133f3ad1897

SHA512
0ce627891bca873941c08b2fabcdb6c03111aee7ae177aabd87dd6f79063f22a65c5e9937be0312ac092b89675191cd0c5e49360b48354812b7582e4862452d5

Download Submit
C:\Windows\System\rGflytJ.exe

Filesize
6.0MB

MD5
2182853d369c1896cb9c5c3d332b420d

SHA1
e3d4eb67e106c64450270b34a8024bb084ccb24f

SHA256
fb2eee2e31ec9c5f81b1a73ccca76d1912a3f98988c10e1d202efddefd5cc888

SHA512
7158392b499f39b2b341365533896ba56d6b6130d250525c8304c809b208503ab4f1cb41f4c9a11ce181680346f4a8f451ff12f2aba638e42e57c39d23b178b9

Download Submit
C:\Windows\System\rmNnfEU.exe

Filesize
6.0MB

MD5
adffc08e0b832767322ed860d48acf42

SHA1
6ec79b34b2d04807012783d038372e17f8aba05f

SHA256
7558120126de3bfc178cde5dfbc913535118f4dd48396b9e1b6cd2ebb8953bfc

SHA512
9bc5322359064dcd1956449c76ce55a282b605baac1e700b361b8b73c090678db2b4bbd0d07996f032ff27e5017ca72531dcbcd93a793e3b98e2f9ad7239b7a7

Download Submit
C:\Windows\System\taTLsQz.exe

Filesize
6.0MB

MD5
82159f1d6d629ccbae20797c71d056d2

SHA1
63aa7e6980160f238f3dec4e27783f047e5d1778

SHA256
dabeafef1e378af98f2862b1b01edf0986e7c9f5ab7b01264ba3059116a738ba

SHA512
e1b4736594f9fa320081054b0634222ea6e347f46341e2da67daff8339bbb587e04375c1ded392fb5fbcf9f20cabf5dc020678597057509799291720a4735dcf

Download Submit
memory/620-2287-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp

Filesize
3.3MB

Download
memory/620-467-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp

Filesize
3.3MB

Download
memory/620-155-0x00007FF7989E0000-0x00007FF798D34000-memory.dmp

Filesize
3.3MB

Download
memory/624-13-0x00007FF7B67F0000-0x00007FF7B6B44000-memory.dmp

Filesize
3.3MB

Download
memory/624-77-0x00007FF7B67F0000-0x00007FF7B6B44000-memory.dmp

Filesize
3.3MB

Download
memory/696-84-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp

Filesize
3.3MB

Download
memory/696-2277-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp

Filesize
3.3MB

Download
memory/696-158-0x00007FF74DCE0000-0x00007FF74E034000-memory.dmp

Filesize
3.3MB

Download
memory/960-488-0x00007FF6FD9C0000-0x00007FF6FDD14000-memory.dmp

Filesize
3.3MB

Download
memory/960-2289-0x00007FF6FD9C0000-0x00007FF6FDD14000-memory.dmp

Filesize
3.3MB

Download
memory/960-168-0x00007FF6FD9C0000-0x00007FF6FDD14000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2278-0x00007FF769740000-0x00007FF769A94000-memory.dmp

Filesize
3.3MB

Download
memory/1640-95-0x00007FF769740000-0x00007FF769A94000-memory.dmp

Filesize
3.3MB

Download
memory/1640-173-0x00007FF769740000-0x00007FF769A94000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1-0x000001BE83170000-0x000001BE83180000-memory.dmp

Filesize
64KB

Download
memory/1688-64-0x00007FF6B4BD0000-0x00007FF6B4F24000-memory.dmp

Filesize
3.3MB

Download
memory/1688-0-0x00007FF6B4BD0000-0x00007FF6B4F24000-memory.dmp

Filesize
3.3MB

Download
memory/1736-188-0x00007FF660050000-0x00007FF6603A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2291-0x00007FF660050000-0x00007FF6603A4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-50-0x00007FF70FCD0000-0x00007FF710024000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2271-0x00007FF70FCD0000-0x00007FF710024000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2283-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp

Filesize
3.3MB

Download
memory/2020-130-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp

Filesize
3.3MB

Download
memory/2020-260-0x00007FF7A9300000-0x00007FF7A9654000-memory.dmp

Filesize
3.3MB

Download
memory/2124-196-0x00007FF6FEA70000-0x00007FF6FEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-112-0x00007FF6FEA70000-0x00007FF6FEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2280-0x00007FF6FEA70000-0x00007FF6FEDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-194-0x00007FF7B3C70000-0x00007FF7B3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-654-0x00007FF7B3C70000-0x00007FF7B3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2292-0x00007FF7B3C70000-0x00007FF7B3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2290-0x00007FF7D61E0000-0x00007FF7D6534000-memory.dmp

Filesize
3.3MB

Download
memory/3364-179-0x00007FF7D61E0000-0x00007FF7D6534000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2275-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp

Filesize
3.3MB

Download
memory/3460-83-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp

Filesize
3.3MB

Download
memory/4032-356-0x00007FF74ED00000-0x00007FF74F054000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2284-0x00007FF74ED00000-0x00007FF74F054000-memory.dmp

Filesize
3.3MB

Download
memory/4032-149-0x00007FF74ED00000-0x00007FF74F054000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2272-0x00007FF7A55F0000-0x00007FF7A5944000-memory.dmp

Filesize
3.3MB

Download
memory/4292-56-0x00007FF7A55F0000-0x00007FF7A5944000-memory.dmp

Filesize
3.3MB

Download
memory/4560-32-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp

Filesize
3.3MB

Download
memory/4560-101-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2268-0x00007FF6AC340000-0x00007FF6AC694000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2286-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp

Filesize
3.3MB

Download
memory/4568-461-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp

Filesize
3.3MB

Download
memory/4568-154-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2279-0x00007FF7E70C0000-0x00007FF7E7414000-memory.dmp

Filesize
3.3MB

Download
memory/4696-185-0x00007FF7E70C0000-0x00007FF7E7414000-memory.dmp

Filesize
3.3MB

Download
memory/4696-104-0x00007FF7E70C0000-0x00007FF7E7414000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2270-0x00007FF6A0020000-0x00007FF6A0374000-memory.dmp

Filesize
3.3MB

Download
memory/4784-115-0x00007FF6A0020000-0x00007FF6A0374000-memory.dmp

Filesize
3.3MB

Download
memory/4784-42-0x00007FF6A0020000-0x00007FF6A0374000-memory.dmp

Filesize
3.3MB

Download
memory/4980-110-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-38-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2269-0x00007FF795A70000-0x00007FF795DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-65-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2273-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp

Filesize
3.3MB

Download
memory/4996-138-0x00007FF758AF0000-0x00007FF758E44000-memory.dmp

Filesize
3.3MB

Download
memory/5100-67-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp

Filesize
3.3MB

Download
memory/5100-150-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2274-0x00007FF7D1500000-0x00007FF7D1854000-memory.dmp

Filesize
3.3MB

Download
memory/5164-2288-0x00007FF65E0E0000-0x00007FF65E434000-memory.dmp

Filesize
3.3MB

Download
memory/5164-358-0x00007FF65E0E0000-0x00007FF65E434000-memory.dmp

Filesize
3.3MB

Download
memory/5164-153-0x00007FF65E0E0000-0x00007FF65E434000-memory.dmp

Filesize
3.3MB

Download
memory/5296-143-0x00007FF7F65B0000-0x00007FF7F6904000-memory.dmp

Filesize
3.3MB

Download
memory/5296-354-0x00007FF7F65B0000-0x00007FF7F6904000-memory.dmp

Filesize
3.3MB

Download
memory/5296-2285-0x00007FF7F65B0000-0x00007FF7F6904000-memory.dmp

Filesize
3.3MB

Download
memory/5384-25-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp

Filesize
3.3MB

Download
memory/5384-2267-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp

Filesize
3.3MB

Download
memory/5384-94-0x00007FF63AD40000-0x00007FF63B094000-memory.dmp

Filesize
3.3MB

Download
memory/5452-2282-0x00007FF79FF60000-0x00007FF7A02B4000-memory.dmp

Filesize
3.3MB

Download
memory/5452-135-0x00007FF79FF60000-0x00007FF7A02B4000-memory.dmp

Filesize
3.3MB

Download
memory/5600-2276-0x00007FF7E3210000-0x00007FF7E3564000-memory.dmp

Filesize
3.3MB

Download
memory/5600-90-0x00007FF7E3210000-0x00007FF7E3564000-memory.dmp

Filesize
3.3MB

Download
memory/5700-87-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp

Filesize
3.3MB

Download
memory/5700-20-0x00007FF73AB00000-0x00007FF73AE54000-memory.dmp

Filesize
3.3MB

Download
memory/5704-2281-0x00007FF793050000-0x00007FF7933A4000-memory.dmp

Filesize
3.3MB

Download
memory/5704-200-0x00007FF793050000-0x00007FF7933A4000-memory.dmp

Filesize
3.3MB

Download
memory/5704-125-0x00007FF793050000-0x00007FF7933A4000-memory.dmp

Filesize
3.3MB

Download
memory/5980-8-0x00007FF7F8160000-0x00007FF7F84B4000-memory.dmp

Filesize
3.3MB

Download
memory/5980-71-0x00007FF7F8160000-0x00007FF7F84B4000-memory.dmp

Filesize
3.3MB

Download