cobaltstrike | e271f978f6b7bf43ab387a736512738611934cefbe2a436b7bda981229126ad0

Analysis

max time kernel
102s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

e9fe519c1e81059bbb5666f45ab0c6d7
SHA1

b4070f2d149badee7c4a126cd639a12e0f148e32
SHA256

e271f978f6b7bf43ab387a736512738611934cefbe2a436b7bda981229126ad0
SHA512

118fb8b60efe49e6893a7c1b59d5f9b7c89f53c772aabf9dcdcd65242d3606147ecbb76c487de6401d38221a1a5b99d8a2fd7b5a3d7f6ecea3e810c132329898
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000024282-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024287-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024286-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024288-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024289-30.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428a-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428b-40.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428c-49.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428d-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024283-56.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002428f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024291-84.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024294-98.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024295-105.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429c-143.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429b-142.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429f-161.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a0-175.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429e-168.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429a-157.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002429d-153.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024299-137.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024298-133.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024297-131.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024296-117.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024293-101.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024292-90.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024290-70.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a1-182.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a2-190.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a3-195.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a5-199.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242a6-202.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2656-0-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000024282-6.dat	xmrig
behavioral1/memory/1144-8-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024287-10.dat	xmrig
behavioral1/files/0x0007000000024286-15.dat	xmrig
behavioral1/files/0x0007000000024288-23.dat	xmrig
behavioral1/files/0x0007000000024289-30.dat	xmrig
behavioral1/files/0x000700000002428a-36.dat	xmrig
behavioral1/files/0x000700000002428b-40.dat	xmrig
behavioral1/memory/4340-46-0x00007FF78B640000-0x00007FF78B994000-memory.dmp	xmrig
behavioral1/files/0x000700000002428c-49.dat	xmrig
behavioral1/memory/2804-48-0x00007FF7084B0000-0x00007FF708804000-memory.dmp	xmrig
behavioral1/memory/3056-42-0x00007FF604BF0000-0x00007FF604F44000-memory.dmp	xmrig
behavioral1/memory/5948-35-0x00007FF7565B0000-0x00007FF756904000-memory.dmp	xmrig
behavioral1/memory/5772-25-0x00007FF6610F0000-0x00007FF661444000-memory.dmp	xmrig
behavioral1/files/0x000700000002428d-53.dat	xmrig
behavioral1/files/0x0008000000024283-56.dat	xmrig
behavioral1/files/0x000700000002428f-69.dat	xmrig
behavioral1/memory/4888-75-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp	xmrig
behavioral1/memory/2320-80-0x00007FF60DFD0000-0x00007FF60E324000-memory.dmp	xmrig
behavioral1/files/0x0007000000024291-84.dat	xmrig
behavioral1/memory/5772-83-0x00007FF6610F0000-0x00007FF661444000-memory.dmp	xmrig
behavioral1/memory/4900-89-0x00007FF65C600000-0x00007FF65C954000-memory.dmp	xmrig
behavioral1/files/0x0007000000024294-98.dat	xmrig
behavioral1/files/0x0007000000024295-105.dat	xmrig
behavioral1/memory/2804-114-0x00007FF7084B0000-0x00007FF708804000-memory.dmp	xmrig
behavioral1/files/0x000700000002429c-143.dat	xmrig
behavioral1/files/0x000700000002429b-142.dat	xmrig
behavioral1/files/0x000700000002429f-161.dat	xmrig
behavioral1/memory/4220-177-0x00007FF6AD980000-0x00007FF6ADCD4000-memory.dmp	xmrig
behavioral1/memory/2040-179-0x00007FF710AE0000-0x00007FF710E34000-memory.dmp	xmrig
behavioral1/memory/4888-178-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242a0-175.dat	xmrig
behavioral1/memory/816-174-0x00007FF784ED0000-0x00007FF785224000-memory.dmp	xmrig
behavioral1/memory/396-173-0x00007FF6ACB00000-0x00007FF6ACE54000-memory.dmp	xmrig
behavioral1/memory/2744-170-0x00007FF6CC490000-0x00007FF6CC7E4000-memory.dmp	xmrig
behavioral1/files/0x000700000002429e-168.dat	xmrig
behavioral1/memory/4144-165-0x00007FF7A13D0000-0x00007FF7A1724000-memory.dmp	xmrig
behavioral1/files/0x000700000002429a-157.dat	xmrig
behavioral1/files/0x000700000002429d-153.dat	xmrig
behavioral1/memory/4404-151-0x00007FF77DE60000-0x00007FF77E1B4000-memory.dmp	xmrig
behavioral1/memory/4548-145-0x00007FF71E650000-0x00007FF71E9A4000-memory.dmp	xmrig
behavioral1/memory/5100-140-0x00007FF6353D0000-0x00007FF635724000-memory.dmp	xmrig
behavioral1/files/0x0007000000024299-137.dat	xmrig
behavioral1/memory/4304-144-0x00007FF65BF60000-0x00007FF65C2B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024298-133.dat	xmrig
behavioral1/files/0x0007000000024297-131.dat	xmrig
behavioral1/files/0x0007000000024296-117.dat	xmrig
behavioral1/memory/2692-116-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp	xmrig
behavioral1/memory/5084-115-0x00007FF694750000-0x00007FF694AA4000-memory.dmp	xmrig
behavioral1/memory/2100-111-0x00007FF7C6030000-0x00007FF7C6384000-memory.dmp	xmrig
behavioral1/memory/5364-107-0x00007FF63F390000-0x00007FF63F6E4000-memory.dmp	xmrig
behavioral1/memory/4340-106-0x00007FF78B640000-0x00007FF78B994000-memory.dmp	xmrig
behavioral1/files/0x0007000000024293-101.dat	xmrig
behavioral1/memory/5580-95-0x00007FF67CCD0000-0x00007FF67D024000-memory.dmp	xmrig
behavioral1/files/0x0007000000024292-90.dat	xmrig
behavioral1/memory/4856-82-0x00007FF7FA070000-0x00007FF7FA3C4000-memory.dmp	xmrig
behavioral1/memory/2820-79-0x00007FF765800000-0x00007FF765B54000-memory.dmp	xmrig
behavioral1/memory/4608-73-0x00007FF684D80000-0x00007FF6850D4000-memory.dmp	xmrig
behavioral1/memory/1144-72-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024290-70.dat	xmrig
behavioral1/memory/1600-67-0x00007FF7F3EA0000-0x00007FF7F41F4000-memory.dmp	xmrig
behavioral1/memory/2656-62-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp	xmrig
behavioral1/memory/2692-61-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1144	aplzdde.exe
2820	VVhMOZW.exe
2320	gVyVUXL.exe
5772	XaqMcQk.exe
5948	MFJEirN.exe
3056	OvzxDsL.exe
4340	avazTzj.exe
2804	gxrbZOG.exe
2692	njCYzJv.exe
1600	AjazGQh.exe
4608	zEtXdOk.exe
4888	tFxBqcc.exe
4856	PfPiKvL.exe
4900	OWTSBeB.exe
5580	PoyuJtg.exe
5364	lCIOzZA.exe
2100	XzeBIsG.exe
5084	YHPpqWR.exe
5100	SNCgPxj.exe
4144	cnnHwYh.exe
4304	UJnXScf.exe
4548	OTOFnUa.exe
2744	EHshVYa.exe
4404	niFvlIy.exe
4220	jLZuNyZ.exe
396	MXSjmQq.exe
816	ixpldZo.exe
2040	eLlTrtO.exe
3884	lAtilsK.exe
5952	Vzyjijw.exe
5740	hAbMeod.exe
2640	LyiojJj.exe
1552	OaeOmLq.exe
5536	fqkBIYm.exe
2992	EUnlmHE.exe
1936	BSxTniU.exe
2416	ylVlida.exe
4904	DzjbWmb.exe
1964	kWfZoYb.exe
2264	iIxQlQj.exe
1592	mtkFGcr.exe
2160	qVxwOLZ.exe
3484	yVJuYvJ.exe
5916	xDBKMcM.exe
4080	rmDanjI.exe
5808	zfizxRa.exe
2592	BiQYoqP.exe
3796	pqCiMym.exe
3972	kAvdSqH.exe
2336	dtbbAMa.exe
3284	iekaKom.exe
3128	fgvtCwz.exe
6132	yWRZgsP.exe
5340	vHCRlKz.exe
6016	pmNxvfa.exe
5488	UOoKNUI.exe
4348	uTpfYYm.exe
216	cVrbsgz.exe
2316	qoTOxEy.exe
4560	xJeWqff.exe
3896	nkuMDiN.exe
4412	QgVrHzg.exe
4712	DGxUjho.exe
4928	nfvhSBk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp	upx
behavioral1/files/0x0008000000024282-6.dat	upx
behavioral1/memory/1144-8-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp	upx
behavioral1/files/0x0007000000024287-10.dat	upx
behavioral1/files/0x0007000000024286-15.dat	upx
behavioral1/files/0x0007000000024288-23.dat	upx
behavioral1/files/0x0007000000024289-30.dat	upx
behavioral1/files/0x000700000002428a-36.dat	upx
behavioral1/files/0x000700000002428b-40.dat	upx
behavioral1/memory/4340-46-0x00007FF78B640000-0x00007FF78B994000-memory.dmp	upx
behavioral1/files/0x000700000002428c-49.dat	upx
behavioral1/memory/2804-48-0x00007FF7084B0000-0x00007FF708804000-memory.dmp	upx
behavioral1/memory/3056-42-0x00007FF604BF0000-0x00007FF604F44000-memory.dmp	upx
behavioral1/memory/5948-35-0x00007FF7565B0000-0x00007FF756904000-memory.dmp	upx
behavioral1/memory/5772-25-0x00007FF6610F0000-0x00007FF661444000-memory.dmp	upx
behavioral1/files/0x000700000002428d-53.dat	upx
behavioral1/files/0x0008000000024283-56.dat	upx
behavioral1/files/0x000700000002428f-69.dat	upx
behavioral1/memory/4888-75-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp	upx
behavioral1/memory/2320-80-0x00007FF60DFD0000-0x00007FF60E324000-memory.dmp	upx
behavioral1/files/0x0007000000024291-84.dat	upx
behavioral1/memory/5772-83-0x00007FF6610F0000-0x00007FF661444000-memory.dmp	upx
behavioral1/memory/4900-89-0x00007FF65C600000-0x00007FF65C954000-memory.dmp	upx
behavioral1/files/0x0007000000024294-98.dat	upx
behavioral1/files/0x0007000000024295-105.dat	upx
behavioral1/memory/2804-114-0x00007FF7084B0000-0x00007FF708804000-memory.dmp	upx
behavioral1/files/0x000700000002429c-143.dat	upx
behavioral1/files/0x000700000002429b-142.dat	upx
behavioral1/files/0x000700000002429f-161.dat	upx
behavioral1/memory/4220-177-0x00007FF6AD980000-0x00007FF6ADCD4000-memory.dmp	upx
behavioral1/memory/2040-179-0x00007FF710AE0000-0x00007FF710E34000-memory.dmp	upx
behavioral1/memory/4888-178-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp	upx
behavioral1/files/0x00070000000242a0-175.dat	upx
behavioral1/memory/816-174-0x00007FF784ED0000-0x00007FF785224000-memory.dmp	upx
behavioral1/memory/396-173-0x00007FF6ACB00000-0x00007FF6ACE54000-memory.dmp	upx
behavioral1/memory/2744-170-0x00007FF6CC490000-0x00007FF6CC7E4000-memory.dmp	upx
behavioral1/files/0x000700000002429e-168.dat	upx
behavioral1/memory/4144-165-0x00007FF7A13D0000-0x00007FF7A1724000-memory.dmp	upx
behavioral1/files/0x000700000002429a-157.dat	upx
behavioral1/files/0x000700000002429d-153.dat	upx
behavioral1/memory/4404-151-0x00007FF77DE60000-0x00007FF77E1B4000-memory.dmp	upx
behavioral1/memory/4548-145-0x00007FF71E650000-0x00007FF71E9A4000-memory.dmp	upx
behavioral1/memory/5100-140-0x00007FF6353D0000-0x00007FF635724000-memory.dmp	upx
behavioral1/files/0x0007000000024299-137.dat	upx
behavioral1/memory/4304-144-0x00007FF65BF60000-0x00007FF65C2B4000-memory.dmp	upx
behavioral1/files/0x0007000000024298-133.dat	upx
behavioral1/files/0x0007000000024297-131.dat	upx
behavioral1/files/0x0007000000024296-117.dat	upx
behavioral1/memory/2692-116-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp	upx
behavioral1/memory/5084-115-0x00007FF694750000-0x00007FF694AA4000-memory.dmp	upx
behavioral1/memory/2100-111-0x00007FF7C6030000-0x00007FF7C6384000-memory.dmp	upx
behavioral1/memory/5364-107-0x00007FF63F390000-0x00007FF63F6E4000-memory.dmp	upx
behavioral1/memory/4340-106-0x00007FF78B640000-0x00007FF78B994000-memory.dmp	upx
behavioral1/files/0x0007000000024293-101.dat	upx
behavioral1/memory/5580-95-0x00007FF67CCD0000-0x00007FF67D024000-memory.dmp	upx
behavioral1/files/0x0007000000024292-90.dat	upx
behavioral1/memory/4856-82-0x00007FF7FA070000-0x00007FF7FA3C4000-memory.dmp	upx
behavioral1/memory/2820-79-0x00007FF765800000-0x00007FF765B54000-memory.dmp	upx
behavioral1/memory/4608-73-0x00007FF684D80000-0x00007FF6850D4000-memory.dmp	upx
behavioral1/memory/1144-72-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp	upx
behavioral1/files/0x0007000000024290-70.dat	upx
behavioral1/memory/1600-67-0x00007FF7F3EA0000-0x00007FF7F41F4000-memory.dmp	upx
behavioral1/memory/2656-62-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp	upx
behavioral1/memory/2692-61-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SNCgPxj.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ElWbEDX.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UCapIPG.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HvkjTxp.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jgQGseR.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JcJSoZj.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dqLRZZf.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FPsKToD.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XrVonYz.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hCCHtHS.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GFWYIyg.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IRBLNfP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yBfkdST.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NZkttiP.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gCDhLrZ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PfPiKvL.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mFZatYB.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wsnLhxE.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wXnOzvv.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dQTTmbx.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vcTVmLm.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FCqwwAc.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sfJPacJ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cRJtFcG.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QVNhNxi.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QhlqImH.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EbgQdKp.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dPNaavd.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hHdugmJ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aWeZVpF.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eZGbiKd.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\excVzWl.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GiYDtsF.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lAtilsK.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vxsoUDi.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kFUKuTi.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KnJVVYV.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HHHutpg.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wXJeqyh.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OTOFnUa.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\adXcbXD.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RJAWVUN.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vLvkXmF.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MZCLjpR.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CvrVfpJ.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jRhYzbm.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\krWSqsN.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ylVlida.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nizvoFt.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cQeXVAB.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YaNaJhK.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gmdysVc.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NKTEWRi.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GmaueUo.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vxvpWlX.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FBVoTwg.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kWfZoYb.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UrQPrvy.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JdsTerH.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PTWtmBf.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UMNDvEp.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rhTXjAp.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ImThdHh.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YbsghzY.exe	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1144	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 2656 wrote to memory of 1144	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 2656 wrote to memory of 2820	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2656 wrote to memory of 2820	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2656 wrote to memory of 2320	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2656 wrote to memory of 2320	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2656 wrote to memory of 5772	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2656 wrote to memory of 5772	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2656 wrote to memory of 5948	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2656 wrote to memory of 5948	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2656 wrote to memory of 3056	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2656 wrote to memory of 3056	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2656 wrote to memory of 4340	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2656 wrote to memory of 4340	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2656 wrote to memory of 2804	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2656 wrote to memory of 2804	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2656 wrote to memory of 2692	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 2656 wrote to memory of 2692	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 2656 wrote to memory of 1600	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 2656 wrote to memory of 1600	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 2656 wrote to memory of 4888	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 2656 wrote to memory of 4888	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 2656 wrote to memory of 4608	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2656 wrote to memory of 4608	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2656 wrote to memory of 4856	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2656 wrote to memory of 4856	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2656 wrote to memory of 4900	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2656 wrote to memory of 4900	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2656 wrote to memory of 5580	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 2656 wrote to memory of 5580	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 2656 wrote to memory of 5364	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 2656 wrote to memory of 5364	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 2656 wrote to memory of 2100	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2656 wrote to memory of 2100	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2656 wrote to memory of 5084	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2656 wrote to memory of 5084	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2656 wrote to memory of 5100	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2656 wrote to memory of 5100	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2656 wrote to memory of 4144	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2656 wrote to memory of 4144	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2656 wrote to memory of 4304	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2656 wrote to memory of 4304	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2656 wrote to memory of 4548	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2656 wrote to memory of 4548	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2656 wrote to memory of 2744	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2656 wrote to memory of 2744	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2656 wrote to memory of 4404	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2656 wrote to memory of 4404	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2656 wrote to memory of 4220	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2656 wrote to memory of 4220	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2656 wrote to memory of 396	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2656 wrote to memory of 396	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2656 wrote to memory of 816	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2656 wrote to memory of 816	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2656 wrote to memory of 2040	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2656 wrote to memory of 2040	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2656 wrote to memory of 3884	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2656 wrote to memory of 3884	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2656 wrote to memory of 5952	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 2656 wrote to memory of 5952	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 2656 wrote to memory of 5740	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 2656 wrote to memory of 5740	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 2656 wrote to memory of 2640	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 2656 wrote to memory of 2640	2656	2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_e9fe519c1e81059bbb5666f45ab0c6d7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\System\aplzdde.exe
  C:\Windows\System\aplzdde.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\VVhMOZW.exe
  C:\Windows\System\VVhMOZW.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\gVyVUXL.exe
  C:\Windows\System\gVyVUXL.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\XaqMcQk.exe
  C:\Windows\System\XaqMcQk.exe
  2⤵
  - Executes dropped EXE
  PID:5772
- C:\Windows\System\MFJEirN.exe
  C:\Windows\System\MFJEirN.exe
  2⤵
  - Executes dropped EXE
  PID:5948
- C:\Windows\System\OvzxDsL.exe
  C:\Windows\System\OvzxDsL.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\avazTzj.exe
  C:\Windows\System\avazTzj.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\gxrbZOG.exe
  C:\Windows\System\gxrbZOG.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\njCYzJv.exe
  C:\Windows\System\njCYzJv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\AjazGQh.exe
  C:\Windows\System\AjazGQh.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\tFxBqcc.exe
  C:\Windows\System\tFxBqcc.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\zEtXdOk.exe
  C:\Windows\System\zEtXdOk.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\PfPiKvL.exe
  C:\Windows\System\PfPiKvL.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\OWTSBeB.exe
  C:\Windows\System\OWTSBeB.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\PoyuJtg.exe
  C:\Windows\System\PoyuJtg.exe
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\System\lCIOzZA.exe
  C:\Windows\System\lCIOzZA.exe
  2⤵
  - Executes dropped EXE
  PID:5364
- C:\Windows\System\XzeBIsG.exe
  C:\Windows\System\XzeBIsG.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\YHPpqWR.exe
  C:\Windows\System\YHPpqWR.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\SNCgPxj.exe
  C:\Windows\System\SNCgPxj.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\cnnHwYh.exe
  C:\Windows\System\cnnHwYh.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\UJnXScf.exe
  C:\Windows\System\UJnXScf.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\OTOFnUa.exe
  C:\Windows\System\OTOFnUa.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\EHshVYa.exe
  C:\Windows\System\EHshVYa.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\niFvlIy.exe
  C:\Windows\System\niFvlIy.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\jLZuNyZ.exe
  C:\Windows\System\jLZuNyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\MXSjmQq.exe
  C:\Windows\System\MXSjmQq.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\ixpldZo.exe
  C:\Windows\System\ixpldZo.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\eLlTrtO.exe
  C:\Windows\System\eLlTrtO.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\lAtilsK.exe
  C:\Windows\System\lAtilsK.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\Vzyjijw.exe
  C:\Windows\System\Vzyjijw.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\hAbMeod.exe
  C:\Windows\System\hAbMeod.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\LyiojJj.exe
  C:\Windows\System\LyiojJj.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\OaeOmLq.exe
  C:\Windows\System\OaeOmLq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\fqkBIYm.exe
  C:\Windows\System\fqkBIYm.exe
  2⤵
  - Executes dropped EXE
  PID:5536
- C:\Windows\System\EUnlmHE.exe
  C:\Windows\System\EUnlmHE.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\BSxTniU.exe
  C:\Windows\System\BSxTniU.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\ylVlida.exe
  C:\Windows\System\ylVlida.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\DzjbWmb.exe
  C:\Windows\System\DzjbWmb.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\kWfZoYb.exe
  C:\Windows\System\kWfZoYb.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\iIxQlQj.exe
  C:\Windows\System\iIxQlQj.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\mtkFGcr.exe
  C:\Windows\System\mtkFGcr.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qVxwOLZ.exe
  C:\Windows\System\qVxwOLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\yVJuYvJ.exe
  C:\Windows\System\yVJuYvJ.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\xDBKMcM.exe
  C:\Windows\System\xDBKMcM.exe
  2⤵
  - Executes dropped EXE
  PID:5916
- C:\Windows\System\rmDanjI.exe
  C:\Windows\System\rmDanjI.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\zfizxRa.exe
  C:\Windows\System\zfizxRa.exe
  2⤵
  - Executes dropped EXE
  PID:5808
- C:\Windows\System\BiQYoqP.exe
  C:\Windows\System\BiQYoqP.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\pqCiMym.exe
  C:\Windows\System\pqCiMym.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\kAvdSqH.exe
  C:\Windows\System\kAvdSqH.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\dtbbAMa.exe
  C:\Windows\System\dtbbAMa.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\iekaKom.exe
  C:\Windows\System\iekaKom.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\fgvtCwz.exe
  C:\Windows\System\fgvtCwz.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\yWRZgsP.exe
  C:\Windows\System\yWRZgsP.exe
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Windows\System\vHCRlKz.exe
  C:\Windows\System\vHCRlKz.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\pmNxvfa.exe
  C:\Windows\System\pmNxvfa.exe
  2⤵
  - Executes dropped EXE
  PID:6016
- C:\Windows\System\UOoKNUI.exe
  C:\Windows\System\UOoKNUI.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\uTpfYYm.exe
  C:\Windows\System\uTpfYYm.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\cVrbsgz.exe
  C:\Windows\System\cVrbsgz.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\qoTOxEy.exe
  C:\Windows\System\qoTOxEy.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\xJeWqff.exe
  C:\Windows\System\xJeWqff.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\nkuMDiN.exe
  C:\Windows\System\nkuMDiN.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\QgVrHzg.exe
  C:\Windows\System\QgVrHzg.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\DGxUjho.exe
  C:\Windows\System\DGxUjho.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\nfvhSBk.exe
  C:\Windows\System\nfvhSBk.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\HUJVXfB.exe
  C:\Windows\System\HUJVXfB.exe
  2⤵
  PID:4140
- C:\Windows\System\fZuMbFF.exe
  C:\Windows\System\fZuMbFF.exe
  2⤵
  PID:3892
- C:\Windows\System\GPPoZAA.exe
  C:\Windows\System\GPPoZAA.exe
  2⤵
  PID:5684
- C:\Windows\System\IWOXvEP.exe
  C:\Windows\System\IWOXvEP.exe
  2⤵
  PID:6012
- C:\Windows\System\dMGpvUa.exe
  C:\Windows\System\dMGpvUa.exe
  2⤵
  PID:3044
- C:\Windows\System\VkJeLPS.exe
  C:\Windows\System\VkJeLPS.exe
  2⤵
  PID:3228
- C:\Windows\System\KRqSeLa.exe
  C:\Windows\System\KRqSeLa.exe
  2⤵
  PID:6088
- C:\Windows\System\kwMPVCB.exe
  C:\Windows\System\kwMPVCB.exe
  2⤵
  PID:2140
- C:\Windows\System\uJeoxzz.exe
  C:\Windows\System\uJeoxzz.exe
  2⤵
  PID:4312
- C:\Windows\System\aTspRsZ.exe
  C:\Windows\System\aTspRsZ.exe
  2⤵
  PID:4204
- C:\Windows\System\MeoRLFM.exe
  C:\Windows\System\MeoRLFM.exe
  2⤵
  PID:5888
- C:\Windows\System\fujpNgt.exe
  C:\Windows\System\fujpNgt.exe
  2⤵
  PID:6060
- C:\Windows\System\sguqGMS.exe
  C:\Windows\System\sguqGMS.exe
  2⤵
  PID:5756
- C:\Windows\System\eNQxovH.exe
  C:\Windows\System\eNQxovH.exe
  2⤵
  PID:5076
- C:\Windows\System\PqWNCvV.exe
  C:\Windows\System\PqWNCvV.exe
  2⤵
  PID:5788
- C:\Windows\System\hmdSMjw.exe
  C:\Windows\System\hmdSMjw.exe
  2⤵
  PID:3788
- C:\Windows\System\PABosqR.exe
  C:\Windows\System\PABosqR.exe
  2⤵
  PID:2356
- C:\Windows\System\dsQuvoA.exe
  C:\Windows\System\dsQuvoA.exe
  2⤵
  PID:4748
- C:\Windows\System\dBsSteH.exe
  C:\Windows\System\dBsSteH.exe
  2⤵
  PID:5396
- C:\Windows\System\FTsCDZq.exe
  C:\Windows\System\FTsCDZq.exe
  2⤵
  PID:2532
- C:\Windows\System\DjHDZHg.exe
  C:\Windows\System\DjHDZHg.exe
  2⤵
  PID:5232
- C:\Windows\System\AqbVKWY.exe
  C:\Windows\System\AqbVKWY.exe
  2⤵
  PID:4108
- C:\Windows\System\DXxikVW.exe
  C:\Windows\System\DXxikVW.exe
  2⤵
  PID:1940
- C:\Windows\System\ilaociR.exe
  C:\Windows\System\ilaociR.exe
  2⤵
  PID:2220
- C:\Windows\System\dnScnNK.exe
  C:\Windows\System\dnScnNK.exe
  2⤵
  PID:5860
- C:\Windows\System\ugBKKkn.exe
  C:\Windows\System\ugBKKkn.exe
  2⤵
  PID:4832
- C:\Windows\System\djRTfmo.exe
  C:\Windows\System\djRTfmo.exe
  2⤵
  PID:5376
- C:\Windows\System\mkTTPRo.exe
  C:\Windows\System\mkTTPRo.exe
  2⤵
  PID:5484
- C:\Windows\System\kdPDAXG.exe
  C:\Windows\System\kdPDAXG.exe
  2⤵
  PID:5596
- C:\Windows\System\oUAGFJr.exe
  C:\Windows\System\oUAGFJr.exe
  2⤵
  PID:3148
- C:\Windows\System\jshFhRW.exe
  C:\Windows\System\jshFhRW.exe
  2⤵
  PID:3708
- C:\Windows\System\cqOHnZO.exe
  C:\Windows\System\cqOHnZO.exe
  2⤵
  PID:4948
- C:\Windows\System\iTKBzbS.exe
  C:\Windows\System\iTKBzbS.exe
  2⤵
  PID:5108
- C:\Windows\System\JQfztLf.exe
  C:\Windows\System\JQfztLf.exe
  2⤵
  PID:2972
- C:\Windows\System\BIuSXbs.exe
  C:\Windows\System\BIuSXbs.exe
  2⤵
  PID:4864
- C:\Windows\System\QrmAxkZ.exe
  C:\Windows\System\QrmAxkZ.exe
  2⤵
  PID:2120
- C:\Windows\System\cQeXVAB.exe
  C:\Windows\System\cQeXVAB.exe
  2⤵
  PID:3160
- C:\Windows\System\UOaCOGP.exe
  C:\Windows\System\UOaCOGP.exe
  2⤵
  PID:5548
- C:\Windows\System\kXLPsQa.exe
  C:\Windows\System\kXLPsQa.exe
  2⤵
  PID:4416
- C:\Windows\System\hVInFbw.exe
  C:\Windows\System\hVInFbw.exe
  2⤵
  PID:2888
- C:\Windows\System\tzjhiae.exe
  C:\Windows\System\tzjhiae.exe
  2⤵
  PID:4880
- C:\Windows\System\tVfPUUp.exe
  C:\Windows\System\tVfPUUp.exe
  2⤵
  PID:3464
- C:\Windows\System\rGEzcJV.exe
  C:\Windows\System\rGEzcJV.exe
  2⤵
  PID:4176
- C:\Windows\System\ulKkKrd.exe
  C:\Windows\System\ulKkKrd.exe
  2⤵
  PID:5716
- C:\Windows\System\zKPuznC.exe
  C:\Windows\System\zKPuznC.exe
  2⤵
  PID:5940
- C:\Windows\System\rsqaCKI.exe
  C:\Windows\System\rsqaCKI.exe
  2⤵
  PID:2728
- C:\Windows\System\nRwBgaR.exe
  C:\Windows\System\nRwBgaR.exe
  2⤵
  PID:1684
- C:\Windows\System\OGXCgVe.exe
  C:\Windows\System\OGXCgVe.exe
  2⤵
  PID:3924
- C:\Windows\System\uOrmqng.exe
  C:\Windows\System\uOrmqng.exe
  2⤵
  PID:532
- C:\Windows\System\dbiuVRY.exe
  C:\Windows\System\dbiuVRY.exe
  2⤵
  PID:4848
- C:\Windows\System\ENVCZks.exe
  C:\Windows\System\ENVCZks.exe
  2⤵
  PID:5388
- C:\Windows\System\mFZatYB.exe
  C:\Windows\System\mFZatYB.exe
  2⤵
  PID:1556
- C:\Windows\System\KVZNaFR.exe
  C:\Windows\System\KVZNaFR.exe
  2⤵
  PID:860
- C:\Windows\System\DrJyrPf.exe
  C:\Windows\System\DrJyrPf.exe
  2⤵
  PID:2288
- C:\Windows\System\wCENjMl.exe
  C:\Windows\System\wCENjMl.exe
  2⤵
  PID:4576
- C:\Windows\System\KjnCpZe.exe
  C:\Windows\System\KjnCpZe.exe
  2⤵
  PID:6044
- C:\Windows\System\FPsKToD.exe
  C:\Windows\System\FPsKToD.exe
  2⤵
  PID:4440
- C:\Windows\System\QOVPytZ.exe
  C:\Windows\System\QOVPytZ.exe
  2⤵
  PID:3124
- C:\Windows\System\viXogyw.exe
  C:\Windows\System\viXogyw.exe
  2⤵
  PID:3512
- C:\Windows\System\tVcOzvF.exe
  C:\Windows\System\tVcOzvF.exe
  2⤵
  PID:6180
- C:\Windows\System\ygWUeds.exe
  C:\Windows\System\ygWUeds.exe
  2⤵
  PID:6208
- C:\Windows\System\ogNgTlb.exe
  C:\Windows\System\ogNgTlb.exe
  2⤵
  PID:6236
- C:\Windows\System\bvgbaVv.exe
  C:\Windows\System\bvgbaVv.exe
  2⤵
  PID:6268
- C:\Windows\System\Wiroohj.exe
  C:\Windows\System\Wiroohj.exe
  2⤵
  PID:6288
- C:\Windows\System\Syatoyv.exe
  C:\Windows\System\Syatoyv.exe
  2⤵
  PID:6324
- C:\Windows\System\ImThdHh.exe
  C:\Windows\System\ImThdHh.exe
  2⤵
  PID:6352
- C:\Windows\System\adXcbXD.exe
  C:\Windows\System\adXcbXD.exe
  2⤵
  PID:6376
- C:\Windows\System\hhUeInx.exe
  C:\Windows\System\hhUeInx.exe
  2⤵
  PID:6412
- C:\Windows\System\UznCYIy.exe
  C:\Windows\System\UznCYIy.exe
  2⤵
  PID:6444
- C:\Windows\System\tEZryhg.exe
  C:\Windows\System\tEZryhg.exe
  2⤵
  PID:6468
- C:\Windows\System\qhxwvvD.exe
  C:\Windows\System\qhxwvvD.exe
  2⤵
  PID:6500
- C:\Windows\System\fnRZqrh.exe
  C:\Windows\System\fnRZqrh.exe
  2⤵
  PID:6524
- C:\Windows\System\DNUnFGi.exe
  C:\Windows\System\DNUnFGi.exe
  2⤵
  PID:6552
- C:\Windows\System\fzakWPG.exe
  C:\Windows\System\fzakWPG.exe
  2⤵
  PID:6580
- C:\Windows\System\fkyzxAR.exe
  C:\Windows\System\fkyzxAR.exe
  2⤵
  PID:6612
- C:\Windows\System\QvGmgjG.exe
  C:\Windows\System\QvGmgjG.exe
  2⤵
  PID:6640
- C:\Windows\System\kOsAuXm.exe
  C:\Windows\System\kOsAuXm.exe
  2⤵
  PID:6668
- C:\Windows\System\POrYixl.exe
  C:\Windows\System\POrYixl.exe
  2⤵
  PID:6692
- C:\Windows\System\DDmkexe.exe
  C:\Windows\System\DDmkexe.exe
  2⤵
  PID:6760
- C:\Windows\System\nnqzTrt.exe
  C:\Windows\System\nnqzTrt.exe
  2⤵
  PID:6784
- C:\Windows\System\UHiDLxv.exe
  C:\Windows\System\UHiDLxv.exe
  2⤵
  PID:6828
- C:\Windows\System\BwlfEFN.exe
  C:\Windows\System\BwlfEFN.exe
  2⤵
  PID:6884
- C:\Windows\System\GFWYIyg.exe
  C:\Windows\System\GFWYIyg.exe
  2⤵
  PID:6948
- C:\Windows\System\LVfYVXm.exe
  C:\Windows\System\LVfYVXm.exe
  2⤵
  PID:6980
- C:\Windows\System\LaPwtVb.exe
  C:\Windows\System\LaPwtVb.exe
  2⤵
  PID:7012
- C:\Windows\System\WumjQIS.exe
  C:\Windows\System\WumjQIS.exe
  2⤵
  PID:7028
- C:\Windows\System\GCvvVrY.exe
  C:\Windows\System\GCvvVrY.exe
  2⤵
  PID:7080
- C:\Windows\System\fsDqsye.exe
  C:\Windows\System\fsDqsye.exe
  2⤵
  PID:7116
- C:\Windows\System\pqcKrUq.exe
  C:\Windows\System\pqcKrUq.exe
  2⤵
  PID:7144
- C:\Windows\System\XRbejHW.exe
  C:\Windows\System\XRbejHW.exe
  2⤵
  PID:6156
- C:\Windows\System\vVkOxMP.exe
  C:\Windows\System\vVkOxMP.exe
  2⤵
  PID:6216
- C:\Windows\System\uDbXSpd.exe
  C:\Windows\System\uDbXSpd.exe
  2⤵
  PID:4516
- C:\Windows\System\bbBWMRH.exe
  C:\Windows\System\bbBWMRH.exe
  2⤵
  PID:4532
- C:\Windows\System\UrQPrvy.exe
  C:\Windows\System\UrQPrvy.exe
  2⤵
  PID:5832
- C:\Windows\System\JeBJcrq.exe
  C:\Windows\System\JeBJcrq.exe
  2⤵
  PID:4640
- C:\Windows\System\wlGUDXn.exe
  C:\Windows\System\wlGUDXn.exe
  2⤵
  PID:6248
- C:\Windows\System\iSIHjML.exe
  C:\Windows\System\iSIHjML.exe
  2⤵
  PID:4952
- C:\Windows\System\hGKfXka.exe
  C:\Windows\System\hGKfXka.exe
  2⤵
  PID:6336
- C:\Windows\System\dBbBxsN.exe
  C:\Windows\System\dBbBxsN.exe
  2⤵
  PID:6424
- C:\Windows\System\ovQZJep.exe
  C:\Windows\System\ovQZJep.exe
  2⤵
  PID:6476
- C:\Windows\System\MwKRtlN.exe
  C:\Windows\System\MwKRtlN.exe
  2⤵
  PID:6516
- C:\Windows\System\vimBoXX.exe
  C:\Windows\System\vimBoXX.exe
  2⤵
  PID:6592
- C:\Windows\System\kCwQrwP.exe
  C:\Windows\System\kCwQrwP.exe
  2⤵
  PID:6636
- C:\Windows\System\givHuTQ.exe
  C:\Windows\System\givHuTQ.exe
  2⤵
  PID:6740
- C:\Windows\System\yGoUQNJ.exe
  C:\Windows\System\yGoUQNJ.exe
  2⤵
  PID:5244
- C:\Windows\System\UdsODQX.exe
  C:\Windows\System\UdsODQX.exe
  2⤵
  PID:6928
- C:\Windows\System\TvKFEdr.exe
  C:\Windows\System\TvKFEdr.exe
  2⤵
  PID:7000
- C:\Windows\System\rNQEOSx.exe
  C:\Windows\System\rNQEOSx.exe
  2⤵
  PID:7076
- C:\Windows\System\uhnqrdm.exe
  C:\Windows\System\uhnqrdm.exe
  2⤵
  PID:7152
- C:\Windows\System\towIFbC.exe
  C:\Windows\System\towIFbC.exe
  2⤵
  PID:6228
- C:\Windows\System\hHtJnuQ.exe
  C:\Windows\System\hHtJnuQ.exe
  2⤵
  PID:3184
- C:\Windows\System\mDUAxfg.exe
  C:\Windows\System\mDUAxfg.exe
  2⤵
  PID:1476
- C:\Windows\System\AiRadEo.exe
  C:\Windows\System\AiRadEo.exe
  2⤵
  PID:5992
- C:\Windows\System\UhdibQz.exe
  C:\Windows\System\UhdibQz.exe
  2⤵
  PID:6420
- C:\Windows\System\xnwHoiM.exe
  C:\Windows\System\xnwHoiM.exe
  2⤵
  PID:6536
- C:\Windows\System\GkJuuzH.exe
  C:\Windows\System\GkJuuzH.exe
  2⤵
  PID:2440
- C:\Windows\System\IvRfYzh.exe
  C:\Windows\System\IvRfYzh.exe
  2⤵
  PID:6844
- C:\Windows\System\wdojQfL.exe
  C:\Windows\System\wdojQfL.exe
  2⤵
  PID:7108
- C:\Windows\System\zvSOlBI.exe
  C:\Windows\System\zvSOlBI.exe
  2⤵
  PID:4984
- C:\Windows\System\jMtKlVO.exe
  C:\Windows\System\jMtKlVO.exe
  2⤵
  PID:6384
- C:\Windows\System\IRBLNfP.exe
  C:\Windows\System\IRBLNfP.exe
  2⤵
  PID:6664
- C:\Windows\System\CLLkwAF.exe
  C:\Windows\System\CLLkwAF.exe
  2⤵
  PID:6200
- C:\Windows\System\SROrgez.exe
  C:\Windows\System\SROrgez.exe
  2⤵
  PID:6608
- C:\Windows\System\RTClTHG.exe
  C:\Windows\System\RTClTHG.exe
  2⤵
  PID:3304
- C:\Windows\System\nTyZONg.exe
  C:\Windows\System\nTyZONg.exe
  2⤵
  PID:7176
- C:\Windows\System\VaHlave.exe
  C:\Windows\System\VaHlave.exe
  2⤵
  PID:7224
- C:\Windows\System\AupgLJx.exe
  C:\Windows\System\AupgLJx.exe
  2⤵
  PID:7252
- C:\Windows\System\jWjRPgd.exe
  C:\Windows\System\jWjRPgd.exe
  2⤵
  PID:7284
- C:\Windows\System\smJZHFJ.exe
  C:\Windows\System\smJZHFJ.exe
  2⤵
  PID:7312
- C:\Windows\System\YuQYUaD.exe
  C:\Windows\System\YuQYUaD.exe
  2⤵
  PID:7336
- C:\Windows\System\iDrtKDz.exe
  C:\Windows\System\iDrtKDz.exe
  2⤵
  PID:7360
- C:\Windows\System\whzwELL.exe
  C:\Windows\System\whzwELL.exe
  2⤵
  PID:7388
- C:\Windows\System\eyIZOam.exe
  C:\Windows\System\eyIZOam.exe
  2⤵
  PID:7416
- C:\Windows\System\ypyHgsq.exe
  C:\Windows\System\ypyHgsq.exe
  2⤵
  PID:7444
- C:\Windows\System\jfpsvvx.exe
  C:\Windows\System\jfpsvvx.exe
  2⤵
  PID:7476
- C:\Windows\System\ACFjPPY.exe
  C:\Windows\System\ACFjPPY.exe
  2⤵
  PID:7504
- C:\Windows\System\rIbihYA.exe
  C:\Windows\System\rIbihYA.exe
  2⤵
  PID:7536
- C:\Windows\System\LPzwvox.exe
  C:\Windows\System\LPzwvox.exe
  2⤵
  PID:7568
- C:\Windows\System\IhwNcKo.exe
  C:\Windows\System\IhwNcKo.exe
  2⤵
  PID:7584
- C:\Windows\System\iOripOW.exe
  C:\Windows\System\iOripOW.exe
  2⤵
  PID:7616
- C:\Windows\System\mbywLtN.exe
  C:\Windows\System\mbywLtN.exe
  2⤵
  PID:7636
- C:\Windows\System\JIgVbun.exe
  C:\Windows\System\JIgVbun.exe
  2⤵
  PID:7660
- C:\Windows\System\TyNpEjy.exe
  C:\Windows\System\TyNpEjy.exe
  2⤵
  PID:7700
- C:\Windows\System\gzCBCpo.exe
  C:\Windows\System\gzCBCpo.exe
  2⤵
  PID:7744
- C:\Windows\System\FMIUBEx.exe
  C:\Windows\System\FMIUBEx.exe
  2⤵
  PID:7760
- C:\Windows\System\XEZyRPb.exe
  C:\Windows\System\XEZyRPb.exe
  2⤵
  PID:7804
- C:\Windows\System\vxsoUDi.exe
  C:\Windows\System\vxsoUDi.exe
  2⤵
  PID:7832
- C:\Windows\System\dqIyada.exe
  C:\Windows\System\dqIyada.exe
  2⤵
  PID:7856
- C:\Windows\System\LcrGVIv.exe
  C:\Windows\System\LcrGVIv.exe
  2⤵
  PID:7888
- C:\Windows\System\FBLpsbM.exe
  C:\Windows\System\FBLpsbM.exe
  2⤵
  PID:7912
- C:\Windows\System\uHgStgP.exe
  C:\Windows\System\uHgStgP.exe
  2⤵
  PID:7936
- C:\Windows\System\rPbpgcx.exe
  C:\Windows\System\rPbpgcx.exe
  2⤵
  PID:7964
- C:\Windows\System\pzEICkB.exe
  C:\Windows\System\pzEICkB.exe
  2⤵
  PID:7992
- C:\Windows\System\SLZAMzi.exe
  C:\Windows\System\SLZAMzi.exe
  2⤵
  PID:8028
- C:\Windows\System\IwjuTdr.exe
  C:\Windows\System\IwjuTdr.exe
  2⤵
  PID:8048
- C:\Windows\System\nBBibZX.exe
  C:\Windows\System\nBBibZX.exe
  2⤵
  PID:8084
- C:\Windows\System\EYfFEpy.exe
  C:\Windows\System\EYfFEpy.exe
  2⤵
  PID:8104
- C:\Windows\System\lxNPfNc.exe
  C:\Windows\System\lxNPfNc.exe
  2⤵
  PID:8140
- C:\Windows\System\AzvIsiT.exe
  C:\Windows\System\AzvIsiT.exe
  2⤵
  PID:8168
- C:\Windows\System\DIVxgKR.exe
  C:\Windows\System\DIVxgKR.exe
  2⤵
  PID:4728
- C:\Windows\System\ELIghVf.exe
  C:\Windows\System\ELIghVf.exe
  2⤵
  PID:7216
- C:\Windows\System\gNYwerz.exe
  C:\Windows\System\gNYwerz.exe
  2⤵
  PID:7268
- C:\Windows\System\YRdJwoI.exe
  C:\Windows\System\YRdJwoI.exe
  2⤵
  PID:7320
- C:\Windows\System\sZEAJwZ.exe
  C:\Windows\System\sZEAJwZ.exe
  2⤵
  PID:7384
- C:\Windows\System\XnXQdEK.exe
  C:\Windows\System\XnXQdEK.exe
  2⤵
  PID:7468
- C:\Windows\System\GhUOlEv.exe
  C:\Windows\System\GhUOlEv.exe
  2⤵
  PID:7520
- C:\Windows\System\pPbAYgd.exe
  C:\Windows\System\pPbAYgd.exe
  2⤵
  PID:4044
- C:\Windows\System\IrZJMGp.exe
  C:\Windows\System\IrZJMGp.exe
  2⤵
  PID:7632
- C:\Windows\System\jrqGMMU.exe
  C:\Windows\System\jrqGMMU.exe
  2⤵
  PID:7720
- C:\Windows\System\dRpPuSz.exe
  C:\Windows\System\dRpPuSz.exe
  2⤵
  PID:1444
- C:\Windows\System\ZBIElTH.exe
  C:\Windows\System\ZBIElTH.exe
  2⤵
  PID:1852
- C:\Windows\System\tPggxRV.exe
  C:\Windows\System\tPggxRV.exe
  2⤵
  PID:3880
- C:\Windows\System\MljwJSz.exe
  C:\Windows\System\MljwJSz.exe
  2⤵
  PID:7788
- C:\Windows\System\PyLhnFv.exe
  C:\Windows\System\PyLhnFv.exe
  2⤵
  PID:7868
- C:\Windows\System\AvMgYmK.exe
  C:\Windows\System\AvMgYmK.exe
  2⤵
  PID:7904
- C:\Windows\System\VvEjGaM.exe
  C:\Windows\System\VvEjGaM.exe
  2⤵
  PID:7960
- C:\Windows\System\gFolWdo.exe
  C:\Windows\System\gFolWdo.exe
  2⤵
  PID:8044
- C:\Windows\System\uQjXReY.exe
  C:\Windows\System\uQjXReY.exe
  2⤵
  PID:8100
- C:\Windows\System\QZchAPO.exe
  C:\Windows\System\QZchAPO.exe
  2⤵
  PID:8176
- C:\Windows\System\nOHBunZ.exe
  C:\Windows\System\nOHBunZ.exe
  2⤵
  PID:7204
- C:\Windows\System\kFUKuTi.exe
  C:\Windows\System\kFUKuTi.exe
  2⤵
  PID:7296
- C:\Windows\System\VFySkUC.exe
  C:\Windows\System\VFySkUC.exe
  2⤵
  PID:7496
- C:\Windows\System\XbtxmzS.exe
  C:\Windows\System\XbtxmzS.exe
  2⤵
  PID:7600
- C:\Windows\System\yBfkdST.exe
  C:\Windows\System\yBfkdST.exe
  2⤵
  PID:612
- C:\Windows\System\ptEIRra.exe
  C:\Windows\System\ptEIRra.exe
  2⤵
  PID:2764
- C:\Windows\System\TUdygiq.exe
  C:\Windows\System\TUdygiq.exe
  2⤵
  PID:7896
- C:\Windows\System\YbsghzY.exe
  C:\Windows\System\YbsghzY.exe
  2⤵
  PID:8016
- C:\Windows\System\WcncxXj.exe
  C:\Windows\System\WcncxXj.exe
  2⤵
  PID:8128
- C:\Windows\System\sfJPacJ.exe
  C:\Windows\System\sfJPacJ.exe
  2⤵
  PID:7300
- C:\Windows\System\WDrRkGg.exe
  C:\Windows\System\WDrRkGg.exe
  2⤵
  PID:7564
- C:\Windows\System\dAEZLFb.exe
  C:\Windows\System\dAEZLFb.exe
  2⤵
  PID:3860
- C:\Windows\System\wxubbxH.exe
  C:\Windows\System\wxubbxH.exe
  2⤵
  PID:2868
- C:\Windows\System\MsmIRMr.exe
  C:\Windows\System\MsmIRMr.exe
  2⤵
  PID:7436
- C:\Windows\System\SSITTAe.exe
  C:\Windows\System\SSITTAe.exe
  2⤵
  PID:4668
- C:\Windows\System\UmeIRqt.exe
  C:\Windows\System\UmeIRqt.exe
  2⤵
  PID:2092
- C:\Windows\System\mgYxfrB.exe
  C:\Windows\System\mgYxfrB.exe
  2⤵
  PID:8204
- C:\Windows\System\SCsJpaB.exe
  C:\Windows\System\SCsJpaB.exe
  2⤵
  PID:8236
- C:\Windows\System\vZleUaT.exe
  C:\Windows\System\vZleUaT.exe
  2⤵
  PID:8264
- C:\Windows\System\YnioeEq.exe
  C:\Windows\System\YnioeEq.exe
  2⤵
  PID:8292
- C:\Windows\System\QVlHlVA.exe
  C:\Windows\System\QVlHlVA.exe
  2⤵
  PID:8312
- C:\Windows\System\lcYnLnz.exe
  C:\Windows\System\lcYnLnz.exe
  2⤵
  PID:8348
- C:\Windows\System\Osgewvh.exe
  C:\Windows\System\Osgewvh.exe
  2⤵
  PID:8368
- C:\Windows\System\jjiVrRs.exe
  C:\Windows\System\jjiVrRs.exe
  2⤵
  PID:8404
- C:\Windows\System\wbOpNKi.exe
  C:\Windows\System\wbOpNKi.exe
  2⤵
  PID:8432
- C:\Windows\System\ntfchgF.exe
  C:\Windows\System\ntfchgF.exe
  2⤵
  PID:8460
- C:\Windows\System\nmeiqbE.exe
  C:\Windows\System\nmeiqbE.exe
  2⤵
  PID:8488
- C:\Windows\System\YaNaJhK.exe
  C:\Windows\System\YaNaJhK.exe
  2⤵
  PID:8508
- C:\Windows\System\IHWUyNk.exe
  C:\Windows\System\IHWUyNk.exe
  2⤵
  PID:8548
- C:\Windows\System\WQYVKXb.exe
  C:\Windows\System\WQYVKXb.exe
  2⤵
  PID:8576
- C:\Windows\System\gxdBAEv.exe
  C:\Windows\System\gxdBAEv.exe
  2⤵
  PID:8592
- C:\Windows\System\dSxkoan.exe
  C:\Windows\System\dSxkoan.exe
  2⤵
  PID:8628
- C:\Windows\System\YgCnRTB.exe
  C:\Windows\System\YgCnRTB.exe
  2⤵
  PID:8656
- C:\Windows\System\VCKZONt.exe
  C:\Windows\System\VCKZONt.exe
  2⤵
  PID:8684
- C:\Windows\System\gzxezqh.exe
  C:\Windows\System\gzxezqh.exe
  2⤵
  PID:8712
- C:\Windows\System\PRCBfRZ.exe
  C:\Windows\System\PRCBfRZ.exe
  2⤵
  PID:8740
- C:\Windows\System\mGSNpVh.exe
  C:\Windows\System\mGSNpVh.exe
  2⤵
  PID:8760
- C:\Windows\System\ZyRUoMp.exe
  C:\Windows\System\ZyRUoMp.exe
  2⤵
  PID:8788
- C:\Windows\System\wsnLhxE.exe
  C:\Windows\System\wsnLhxE.exe
  2⤵
  PID:8824
- C:\Windows\System\vrZvKQR.exe
  C:\Windows\System\vrZvKQR.exe
  2⤵
  PID:8844
- C:\Windows\System\oogYqFL.exe
  C:\Windows\System\oogYqFL.exe
  2⤵
  PID:8884
- C:\Windows\System\jSkmtbO.exe
  C:\Windows\System\jSkmtbO.exe
  2⤵
  PID:8908
- C:\Windows\System\GNPjGgS.exe
  C:\Windows\System\GNPjGgS.exe
  2⤵
  PID:8940
- C:\Windows\System\nRrTIAq.exe
  C:\Windows\System\nRrTIAq.exe
  2⤵
  PID:8968
- C:\Windows\System\ZQUcqoA.exe
  C:\Windows\System\ZQUcqoA.exe
  2⤵
  PID:8988
- C:\Windows\System\VSlhneO.exe
  C:\Windows\System\VSlhneO.exe
  2⤵
  PID:9020
- C:\Windows\System\ePuyqkh.exe
  C:\Windows\System\ePuyqkh.exe
  2⤵
  PID:9052
- C:\Windows\System\hpOGMaR.exe
  C:\Windows\System\hpOGMaR.exe
  2⤵
  PID:9076
- C:\Windows\System\SNyHKGM.exe
  C:\Windows\System\SNyHKGM.exe
  2⤵
  PID:9104
- C:\Windows\System\NKTEWRi.exe
  C:\Windows\System\NKTEWRi.exe
  2⤵
  PID:9128
- C:\Windows\System\FZgzpMG.exe
  C:\Windows\System\FZgzpMG.exe
  2⤵
  PID:9160
- C:\Windows\System\bzXIgJd.exe
  C:\Windows\System\bzXIgJd.exe
  2⤵
  PID:9188
- C:\Windows\System\ANCnqzA.exe
  C:\Windows\System\ANCnqzA.exe
  2⤵
  PID:9212
- C:\Windows\System\sXuXYii.exe
  C:\Windows\System\sXuXYii.exe
  2⤵
  PID:8272
- C:\Windows\System\JeWhiKs.exe
  C:\Windows\System\JeWhiKs.exe
  2⤵
  PID:8308
- C:\Windows\System\yrhAmow.exe
  C:\Windows\System\yrhAmow.exe
  2⤵
  PID:8364
- C:\Windows\System\TbSKiMZ.exe
  C:\Windows\System\TbSKiMZ.exe
  2⤵
  PID:8448
- C:\Windows\System\MMODvQW.exe
  C:\Windows\System\MMODvQW.exe
  2⤵
  PID:8520
- C:\Windows\System\FiExsas.exe
  C:\Windows\System\FiExsas.exe
  2⤵
  PID:8532
- C:\Windows\System\QhlqImH.exe
  C:\Windows\System\QhlqImH.exe
  2⤵
  PID:8616
- C:\Windows\System\BkEOQbh.exe
  C:\Windows\System\BkEOQbh.exe
  2⤵
  PID:8664
- C:\Windows\System\AdocWeH.exe
  C:\Windows\System\AdocWeH.exe
  2⤵
  PID:8724
- C:\Windows\System\WLVNzpz.exe
  C:\Windows\System\WLVNzpz.exe
  2⤵
  PID:4320
- C:\Windows\System\aYjJVBh.exe
  C:\Windows\System\aYjJVBh.exe
  2⤵
  PID:8836
- C:\Windows\System\ElWbEDX.exe
  C:\Windows\System\ElWbEDX.exe
  2⤵
  PID:1868
- C:\Windows\System\MAbRmyo.exe
  C:\Windows\System\MAbRmyo.exe
  2⤵
  PID:8948
- C:\Windows\System\TvRMWla.exe
  C:\Windows\System\TvRMWla.exe
  2⤵
  PID:9008
- C:\Windows\System\ANafqYs.exe
  C:\Windows\System\ANafqYs.exe
  2⤵
  PID:9068
- C:\Windows\System\gOtmfVS.exe
  C:\Windows\System\gOtmfVS.exe
  2⤵
  PID:9148
- C:\Windows\System\hnkAYnZ.exe
  C:\Windows\System\hnkAYnZ.exe
  2⤵
  PID:9196
- C:\Windows\System\eKbBcmI.exe
  C:\Windows\System\eKbBcmI.exe
  2⤵
  PID:8300
- C:\Windows\System\dKGiLDm.exe
  C:\Windows\System\dKGiLDm.exe
  2⤵
  PID:8416
- C:\Windows\System\kGRRuTY.exe
  C:\Windows\System\kGRRuTY.exe
  2⤵
  PID:8544
- C:\Windows\System\PvEqHhY.exe
  C:\Windows\System\PvEqHhY.exe
  2⤵
  PID:8640
- C:\Windows\System\jeNIAEa.exe
  C:\Windows\System\jeNIAEa.exe
  2⤵
  PID:8812
- C:\Windows\System\SnoRSRF.exe
  C:\Windows\System\SnoRSRF.exe
  2⤵
  PID:8924
- C:\Windows\System\KZxSPoQ.exe
  C:\Windows\System\KZxSPoQ.exe
  2⤵
  PID:9096
- C:\Windows\System\AEMymrw.exe
  C:\Windows\System\AEMymrw.exe
  2⤵
  PID:9176
- C:\Windows\System\LrrITBv.exe
  C:\Windows\System\LrrITBv.exe
  2⤵
  PID:8360
- C:\Windows\System\VYpHJDI.exe
  C:\Windows\System\VYpHJDI.exe
  2⤵
  PID:8748
- C:\Windows\System\ChGhwXi.exe
  C:\Windows\System\ChGhwXi.exe
  2⤵
  PID:9000
- C:\Windows\System\RJAWVUN.exe
  C:\Windows\System\RJAWVUN.exe
  2⤵
  PID:8356
- C:\Windows\System\tahUfJM.exe
  C:\Windows\System\tahUfJM.exe
  2⤵
  PID:9124
- C:\Windows\System\SatfzAv.exe
  C:\Windows\System\SatfzAv.exe
  2⤵
  PID:8556
- C:\Windows\System\rRpAXZp.exe
  C:\Windows\System\rRpAXZp.exe
  2⤵
  PID:9240
- C:\Windows\System\vLvkXmF.exe
  C:\Windows\System\vLvkXmF.exe
  2⤵
  PID:9260
- C:\Windows\System\rswYCwH.exe
  C:\Windows\System\rswYCwH.exe
  2⤵
  PID:9288
- C:\Windows\System\FJLaKjS.exe
  C:\Windows\System\FJLaKjS.exe
  2⤵
  PID:9316
- C:\Windows\System\nizvoFt.exe
  C:\Windows\System\nizvoFt.exe
  2⤵
  PID:9352
- C:\Windows\System\nXQFfme.exe
  C:\Windows\System\nXQFfme.exe
  2⤵
  PID:9372
- C:\Windows\System\xFWSYBU.exe
  C:\Windows\System\xFWSYBU.exe
  2⤵
  PID:9400
- C:\Windows\System\ipCZsgp.exe
  C:\Windows\System\ipCZsgp.exe
  2⤵
  PID:9428
- C:\Windows\System\aAmhuYC.exe
  C:\Windows\System\aAmhuYC.exe
  2⤵
  PID:9464
- C:\Windows\System\luBJxuo.exe
  C:\Windows\System\luBJxuo.exe
  2⤵
  PID:9492
- C:\Windows\System\kFpevel.exe
  C:\Windows\System\kFpevel.exe
  2⤵
  PID:9524
- C:\Windows\System\rKiqNEc.exe
  C:\Windows\System\rKiqNEc.exe
  2⤵
  PID:9544
- C:\Windows\System\MZCLjpR.exe
  C:\Windows\System\MZCLjpR.exe
  2⤵
  PID:9572
- C:\Windows\System\BFhykNQ.exe
  C:\Windows\System\BFhykNQ.exe
  2⤵
  PID:9608
- C:\Windows\System\MehqRda.exe
  C:\Windows\System\MehqRda.exe
  2⤵
  PID:9628
- C:\Windows\System\QyJjgLS.exe
  C:\Windows\System\QyJjgLS.exe
  2⤵
  PID:9668
- C:\Windows\System\QGGrPjT.exe
  C:\Windows\System\QGGrPjT.exe
  2⤵
  PID:9700
- C:\Windows\System\GLgvIkE.exe
  C:\Windows\System\GLgvIkE.exe
  2⤵
  PID:9720
- C:\Windows\System\ZhoqTKT.exe
  C:\Windows\System\ZhoqTKT.exe
  2⤵
  PID:9748
- C:\Windows\System\JZPluNY.exe
  C:\Windows\System\JZPluNY.exe
  2⤵
  PID:9784
- C:\Windows\System\eKNZdlg.exe
  C:\Windows\System\eKNZdlg.exe
  2⤵
  PID:9812
- C:\Windows\System\SYhjmrE.exe
  C:\Windows\System\SYhjmrE.exe
  2⤵
  PID:9840
- C:\Windows\System\EqUNsXs.exe
  C:\Windows\System\EqUNsXs.exe
  2⤵
  PID:9860
- C:\Windows\System\jKsEKaa.exe
  C:\Windows\System\jKsEKaa.exe
  2⤵
  PID:9888
- C:\Windows\System\YPLfFQy.exe
  C:\Windows\System\YPLfFQy.exe
  2⤵
  PID:9924
- C:\Windows\System\kbYkWbN.exe
  C:\Windows\System\kbYkWbN.exe
  2⤵
  PID:9948
- C:\Windows\System\yuzFizd.exe
  C:\Windows\System\yuzFizd.exe
  2⤵
  PID:9972
- C:\Windows\System\lmTEEOf.exe
  C:\Windows\System\lmTEEOf.exe
  2⤵
  PID:10000
- C:\Windows\System\XrVonYz.exe
  C:\Windows\System\XrVonYz.exe
  2⤵
  PID:10028
- C:\Windows\System\xuDGwUD.exe
  C:\Windows\System\xuDGwUD.exe
  2⤵
  PID:10056
- C:\Windows\System\GYNfPVt.exe
  C:\Windows\System\GYNfPVt.exe
  2⤵
  PID:10084
- C:\Windows\System\xgtrfSq.exe
  C:\Windows\System\xgtrfSq.exe
  2⤵
  PID:10112
- C:\Windows\System\SaUfdCc.exe
  C:\Windows\System\SaUfdCc.exe
  2⤵
  PID:10140
- C:\Windows\System\jBPrltM.exe
  C:\Windows\System\jBPrltM.exe
  2⤵
  PID:10168
- C:\Windows\System\riKIGQP.exe
  C:\Windows\System\riKIGQP.exe
  2⤵
  PID:10208
- C:\Windows\System\eYGawyW.exe
  C:\Windows\System\eYGawyW.exe
  2⤵
  PID:10236
- C:\Windows\System\DdhEaAg.exe
  C:\Windows\System\DdhEaAg.exe
  2⤵
  PID:9272
- C:\Windows\System\bUVjZNW.exe
  C:\Windows\System\bUVjZNW.exe
  2⤵
  PID:9312
- C:\Windows\System\cFvdXgR.exe
  C:\Windows\System\cFvdXgR.exe
  2⤵
  PID:9396
- C:\Windows\System\MxMLHeJ.exe
  C:\Windows\System\MxMLHeJ.exe
  2⤵
  PID:9448
- C:\Windows\System\RcUHnDT.exe
  C:\Windows\System\RcUHnDT.exe
  2⤵
  PID:9532
- C:\Windows\System\gUbpQXq.exe
  C:\Windows\System\gUbpQXq.exe
  2⤵
  PID:9568
- C:\Windows\System\VJuRaHw.exe
  C:\Windows\System\VJuRaHw.exe
  2⤵
  PID:9640
- C:\Windows\System\XqWRCyV.exe
  C:\Windows\System\XqWRCyV.exe
  2⤵
  PID:9712
- C:\Windows\System\uDiVJzo.exe
  C:\Windows\System\uDiVJzo.exe
  2⤵
  PID:9772
- C:\Windows\System\SeKWqzN.exe
  C:\Windows\System\SeKWqzN.exe
  2⤵
  PID:9848
- C:\Windows\System\lrxCfCI.exe
  C:\Windows\System\lrxCfCI.exe
  2⤵
  PID:9900
- C:\Windows\System\ytMIYmt.exe
  C:\Windows\System\ytMIYmt.exe
  2⤵
  PID:9964
- C:\Windows\System\tgCCprz.exe
  C:\Windows\System\tgCCprz.exe
  2⤵
  PID:10052
- C:\Windows\System\TveXFnw.exe
  C:\Windows\System\TveXFnw.exe
  2⤵
  PID:10124
- C:\Windows\System\sbECUft.exe
  C:\Windows\System\sbECUft.exe
  2⤵
  PID:10164
- C:\Windows\System\oBgkdai.exe
  C:\Windows\System\oBgkdai.exe
  2⤵
  PID:9248
- C:\Windows\System\OfAWiUs.exe
  C:\Windows\System\OfAWiUs.exe
  2⤵
  PID:9364
- C:\Windows\System\kuzqRRt.exe
  C:\Windows\System\kuzqRRt.exe
  2⤵
  PID:1356
- C:\Windows\System\xCAKPrg.exe
  C:\Windows\System\xCAKPrg.exe
  2⤵
  PID:9676
- C:\Windows\System\RlmAjyO.exe
  C:\Windows\System\RlmAjyO.exe
  2⤵
  PID:9828
- C:\Windows\System\zwDnQhK.exe
  C:\Windows\System\zwDnQhK.exe
  2⤵
  PID:10012
- C:\Windows\System\JezbtyV.exe
  C:\Windows\System\JezbtyV.exe
  2⤵
  PID:10152
- C:\Windows\System\XILqnLq.exe
  C:\Windows\System\XILqnLq.exe
  2⤵
  PID:9308
- C:\Windows\System\EbgQdKp.exe
  C:\Windows\System\EbgQdKp.exe
  2⤵
  PID:9624
- C:\Windows\System\CsOQEjj.exe
  C:\Windows\System\CsOQEjj.exe
  2⤵
  PID:10076
- C:\Windows\System\rVnAREz.exe
  C:\Windows\System\rVnAREz.exe
  2⤵
  PID:9620
- C:\Windows\System\oOTWlEt.exe
  C:\Windows\System\oOTWlEt.exe
  2⤵
  PID:9476
- C:\Windows\System\VOeuzBX.exe
  C:\Windows\System\VOeuzBX.exe
  2⤵
  PID:10256
- C:\Windows\System\UMEaybs.exe
  C:\Windows\System\UMEaybs.exe
  2⤵
  PID:10284
- C:\Windows\System\psLoGpn.exe
  C:\Windows\System\psLoGpn.exe
  2⤵
  PID:10312
- C:\Windows\System\KYwIpDX.exe
  C:\Windows\System\KYwIpDX.exe
  2⤵
  PID:10340
- C:\Windows\System\uWgcvaN.exe
  C:\Windows\System\uWgcvaN.exe
  2⤵
  PID:10368
- C:\Windows\System\KnJVVYV.exe
  C:\Windows\System\KnJVVYV.exe
  2⤵
  PID:10396
- C:\Windows\System\pFNYOtR.exe
  C:\Windows\System\pFNYOtR.exe
  2⤵
  PID:10424
- C:\Windows\System\tGDNxnV.exe
  C:\Windows\System\tGDNxnV.exe
  2⤵
  PID:10452
- C:\Windows\System\BfhYeOp.exe
  C:\Windows\System\BfhYeOp.exe
  2⤵
  PID:10480
- C:\Windows\System\bhRazxF.exe
  C:\Windows\System\bhRazxF.exe
  2⤵
  PID:10520
- C:\Windows\System\ThVYPRN.exe
  C:\Windows\System\ThVYPRN.exe
  2⤵
  PID:10536
- C:\Windows\System\yiggKrk.exe
  C:\Windows\System\yiggKrk.exe
  2⤵
  PID:10572
- C:\Windows\System\KDaJvzE.exe
  C:\Windows\System\KDaJvzE.exe
  2⤵
  PID:10592
- C:\Windows\System\wXnOzvv.exe
  C:\Windows\System\wXnOzvv.exe
  2⤵
  PID:10620
- C:\Windows\System\dQTTmbx.exe
  C:\Windows\System\dQTTmbx.exe
  2⤵
  PID:10648
- C:\Windows\System\xLGpdAn.exe
  C:\Windows\System\xLGpdAn.exe
  2⤵
  PID:10676
- C:\Windows\System\uNWMPBE.exe
  C:\Windows\System\uNWMPBE.exe
  2⤵
  PID:10704
- C:\Windows\System\cRJtFcG.exe
  C:\Windows\System\cRJtFcG.exe
  2⤵
  PID:10740
- C:\Windows\System\wHVejAm.exe
  C:\Windows\System\wHVejAm.exe
  2⤵
  PID:10772
- C:\Windows\System\IzpjuJI.exe
  C:\Windows\System\IzpjuJI.exe
  2⤵
  PID:10800
- C:\Windows\System\GgRovgl.exe
  C:\Windows\System\GgRovgl.exe
  2⤵
  PID:10832
- C:\Windows\System\dlPJqKM.exe
  C:\Windows\System\dlPJqKM.exe
  2⤵
  PID:10860
- C:\Windows\System\GeCyEWQ.exe
  C:\Windows\System\GeCyEWQ.exe
  2⤵
  PID:10880
- C:\Windows\System\jOxDQNp.exe
  C:\Windows\System\jOxDQNp.exe
  2⤵
  PID:10908
- C:\Windows\System\UgCVDBl.exe
  C:\Windows\System\UgCVDBl.exe
  2⤵
  PID:10936
- C:\Windows\System\TjtUgbZ.exe
  C:\Windows\System\TjtUgbZ.exe
  2⤵
  PID:10964
- C:\Windows\System\DidrpoE.exe
  C:\Windows\System\DidrpoE.exe
  2⤵
  PID:11000
- C:\Windows\System\xNFVbcL.exe
  C:\Windows\System\xNFVbcL.exe
  2⤵
  PID:11028
- C:\Windows\System\sfHPBEP.exe
  C:\Windows\System\sfHPBEP.exe
  2⤵
  PID:11048
- C:\Windows\System\efqJmSu.exe
  C:\Windows\System\efqJmSu.exe
  2⤵
  PID:11084
- C:\Windows\System\MuCxfJx.exe
  C:\Windows\System\MuCxfJx.exe
  2⤵
  PID:11108
- C:\Windows\System\fRsCweg.exe
  C:\Windows\System\fRsCweg.exe
  2⤵
  PID:11132
- C:\Windows\System\QopkgyO.exe
  C:\Windows\System\QopkgyO.exe
  2⤵
  PID:11160
- C:\Windows\System\qotHoLq.exe
  C:\Windows\System\qotHoLq.exe
  2⤵
  PID:11188
- C:\Windows\System\CcSeyYZ.exe
  C:\Windows\System\CcSeyYZ.exe
  2⤵
  PID:11224
- C:\Windows\System\YDyEfRn.exe
  C:\Windows\System\YDyEfRn.exe
  2⤵
  PID:11244
- C:\Windows\System\wqzVHvH.exe
  C:\Windows\System\wqzVHvH.exe
  2⤵
  PID:10252
- C:\Windows\System\SpSBlfH.exe
  C:\Windows\System\SpSBlfH.exe
  2⤵
  PID:10324
- C:\Windows\System\VQTQRwk.exe
  C:\Windows\System\VQTQRwk.exe
  2⤵
  PID:10388
- C:\Windows\System\QNXLxRp.exe
  C:\Windows\System\QNXLxRp.exe
  2⤵
  PID:10448
- C:\Windows\System\dXkwQvx.exe
  C:\Windows\System\dXkwQvx.exe
  2⤵
  PID:10516
- C:\Windows\System\zRPKiho.exe
  C:\Windows\System\zRPKiho.exe
  2⤵
  PID:10588
- C:\Windows\System\GNLBtcF.exe
  C:\Windows\System\GNLBtcF.exe
  2⤵
  PID:10644
- C:\Windows\System\vcTVmLm.exe
  C:\Windows\System\vcTVmLm.exe
  2⤵
  PID:10728
- C:\Windows\System\WRMjkhQ.exe
  C:\Windows\System\WRMjkhQ.exe
  2⤵
  PID:10784
- C:\Windows\System\FeBaRUg.exe
  C:\Windows\System\FeBaRUg.exe
  2⤵
  PID:10848
- C:\Windows\System\KdsYyGD.exe
  C:\Windows\System\KdsYyGD.exe
  2⤵
  PID:10920
- C:\Windows\System\AqYXSvX.exe
  C:\Windows\System\AqYXSvX.exe
  2⤵
  PID:10984
- C:\Windows\System\kTQlRoa.exe
  C:\Windows\System\kTQlRoa.exe
  2⤵
  PID:11044
- C:\Windows\System\IxzTHTp.exe
  C:\Windows\System\IxzTHTp.exe
  2⤵
  PID:11116
- C:\Windows\System\lKRhVzK.exe
  C:\Windows\System\lKRhVzK.exe
  2⤵
  PID:11180
- C:\Windows\System\JdsTerH.exe
  C:\Windows\System\JdsTerH.exe
  2⤵
  PID:11240
- C:\Windows\System\OcywwmY.exe
  C:\Windows\System\OcywwmY.exe
  2⤵
  PID:10352
- C:\Windows\System\JtOVIcA.exe
  C:\Windows\System\JtOVIcA.exe
  2⤵
  PID:10504
- C:\Windows\System\ouyArSM.exe
  C:\Windows\System\ouyArSM.exe
  2⤵
  PID:4372
- C:\Windows\System\glVohmp.exe
  C:\Windows\System\glVohmp.exe
  2⤵
  PID:1924
- C:\Windows\System\IQxaDWD.exe
  C:\Windows\System\IQxaDWD.exe
  2⤵
  PID:10960
- C:\Windows\System\jEhUBkm.exe
  C:\Windows\System\jEhUBkm.exe
  2⤵
  PID:11072
- C:\Windows\System\CrtouJO.exe
  C:\Windows\System\CrtouJO.exe
  2⤵
  PID:11232
- C:\Windows\System\xpJIgvH.exe
  C:\Windows\System\xpJIgvH.exe
  2⤵
  PID:10444
- C:\Windows\System\GmaueUo.exe
  C:\Windows\System\GmaueUo.exe
  2⤵
  PID:10840
- C:\Windows\System\XCArCUI.exe
  C:\Windows\System\XCArCUI.exe
  2⤵
  PID:11172
- C:\Windows\System\vdCwlbG.exe
  C:\Windows\System\vdCwlbG.exe
  2⤵
  PID:10756
- C:\Windows\System\XEraBzV.exe
  C:\Windows\System\XEraBzV.exe
  2⤵
  PID:10632
- C:\Windows\System\YNEHaqj.exe
  C:\Windows\System\YNEHaqj.exe
  2⤵
  PID:11284
- C:\Windows\System\UIHieLZ.exe
  C:\Windows\System\UIHieLZ.exe
  2⤵
  PID:11312
- C:\Windows\System\UntfYks.exe
  C:\Windows\System\UntfYks.exe
  2⤵
  PID:11340
- C:\Windows\System\RtkVURA.exe
  C:\Windows\System\RtkVURA.exe
  2⤵
  PID:11368
- C:\Windows\System\iogTAQS.exe
  C:\Windows\System\iogTAQS.exe
  2⤵
  PID:11396
- C:\Windows\System\iasltkD.exe
  C:\Windows\System\iasltkD.exe
  2⤵
  PID:11424
- C:\Windows\System\qrdbBvy.exe
  C:\Windows\System\qrdbBvy.exe
  2⤵
  PID:11484
- C:\Windows\System\xeWPQYR.exe
  C:\Windows\System\xeWPQYR.exe
  2⤵
  PID:11512
- C:\Windows\System\UuCWDRz.exe
  C:\Windows\System\UuCWDRz.exe
  2⤵
  PID:11544
- C:\Windows\System\GqYVxvm.exe
  C:\Windows\System\GqYVxvm.exe
  2⤵
  PID:11576
- C:\Windows\System\jzxuLQu.exe
  C:\Windows\System\jzxuLQu.exe
  2⤵
  PID:11620
- C:\Windows\System\nPvbfmt.exe
  C:\Windows\System\nPvbfmt.exe
  2⤵
  PID:11652
- C:\Windows\System\FozFZpl.exe
  C:\Windows\System\FozFZpl.exe
  2⤵
  PID:11696
- C:\Windows\System\psmkaZm.exe
  C:\Windows\System\psmkaZm.exe
  2⤵
  PID:11720
- C:\Windows\System\SnNKdXE.exe
  C:\Windows\System\SnNKdXE.exe
  2⤵
  PID:11740
- C:\Windows\System\GrGDQPP.exe
  C:\Windows\System\GrGDQPP.exe
  2⤵
  PID:11768
- C:\Windows\System\cHhwafh.exe
  C:\Windows\System\cHhwafh.exe
  2⤵
  PID:11816
- C:\Windows\System\SNUNYjc.exe
  C:\Windows\System\SNUNYjc.exe
  2⤵
  PID:11872
- C:\Windows\System\KcvMEsk.exe
  C:\Windows\System\KcvMEsk.exe
  2⤵
  PID:11916
- C:\Windows\System\GkGBqqb.exe
  C:\Windows\System\GkGBqqb.exe
  2⤵
  PID:11956
- C:\Windows\System\tvnFMqo.exe
  C:\Windows\System\tvnFMqo.exe
  2⤵
  PID:11984
- C:\Windows\System\oDXkRqL.exe
  C:\Windows\System\oDXkRqL.exe
  2⤵
  PID:12016
- C:\Windows\System\iAqqjqd.exe
  C:\Windows\System\iAqqjqd.exe
  2⤵
  PID:12052
- C:\Windows\System\uQpsjQi.exe
  C:\Windows\System\uQpsjQi.exe
  2⤵
  PID:12088
- C:\Windows\System\ppKVCvn.exe
  C:\Windows\System\ppKVCvn.exe
  2⤵
  PID:12116
- C:\Windows\System\cnzCoDZ.exe
  C:\Windows\System\cnzCoDZ.exe
  2⤵
  PID:12160
- C:\Windows\System\HLTVupS.exe
  C:\Windows\System\HLTVupS.exe
  2⤵
  PID:12188
- C:\Windows\System\jMdLYka.exe
  C:\Windows\System\jMdLYka.exe
  2⤵
  PID:12224
- C:\Windows\System\pXroOxE.exe
  C:\Windows\System\pXroOxE.exe
  2⤵
  PID:12256
- C:\Windows\System\lBNFcgg.exe
  C:\Windows\System\lBNFcgg.exe
  2⤵
  PID:12280
- C:\Windows\System\KiBBahl.exe
  C:\Windows\System\KiBBahl.exe
  2⤵
  PID:11324
- C:\Windows\System\oMwcjra.exe
  C:\Windows\System\oMwcjra.exe
  2⤵
  PID:4768
- C:\Windows\System\UCapIPG.exe
  C:\Windows\System\UCapIPG.exe
  2⤵
  PID:3116
- C:\Windows\System\OJlpQPR.exe
  C:\Windows\System\OJlpQPR.exe
  2⤵
  PID:11472
- C:\Windows\System\lyrBVfe.exe
  C:\Windows\System\lyrBVfe.exe
  2⤵
  PID:11536
- C:\Windows\System\MDBldzK.exe
  C:\Windows\System\MDBldzK.exe
  2⤵
  PID:11632
- C:\Windows\System\ZZTEiWF.exe
  C:\Windows\System\ZZTEiWF.exe
  2⤵
  PID:11676
- C:\Windows\System\nbUpyrW.exe
  C:\Windows\System\nbUpyrW.exe
  2⤵
  PID:11732
- C:\Windows\System\xchGwxM.exe
  C:\Windows\System\xchGwxM.exe
  2⤵
  PID:11812
- C:\Windows\System\QAhJyXt.exe
  C:\Windows\System\QAhJyXt.exe
  2⤵
  PID:11928
- C:\Windows\System\ibJHskC.exe
  C:\Windows\System\ibJHskC.exe
  2⤵
  PID:11980
- C:\Windows\System\YuVVKJO.exe
  C:\Windows\System\YuVVKJO.exe
  2⤵
  PID:12012
- C:\Windows\System\jgwxZBb.exe
  C:\Windows\System\jgwxZBb.exe
  2⤵
  PID:12100
- C:\Windows\System\HvkjTxp.exe
  C:\Windows\System\HvkjTxp.exe
  2⤵
  PID:12220
- C:\Windows\System\oweVHdw.exe
  C:\Windows\System\oweVHdw.exe
  2⤵
  PID:11364
- C:\Windows\System\UIlpjIc.exe
  C:\Windows\System\UIlpjIc.exe
  2⤵
  PID:11468
- C:\Windows\System\JgWbzXK.exe
  C:\Windows\System\JgWbzXK.exe
  2⤵
  PID:11532
- C:\Windows\System\sWYKgUh.exe
  C:\Windows\System\sWYKgUh.exe
  2⤵
  PID:4060
- C:\Windows\System\TYehxWr.exe
  C:\Windows\System\TYehxWr.exe
  2⤵
  PID:11728
- C:\Windows\System\CvrVfpJ.exe
  C:\Windows\System\CvrVfpJ.exe
  2⤵
  PID:11912
- C:\Windows\System\gCyyojM.exe
  C:\Windows\System\gCyyojM.exe
  2⤵
  PID:12180
- C:\Windows\System\sGtyXVa.exe
  C:\Windows\System\sGtyXVa.exe
  2⤵
  PID:696
- C:\Windows\System\uDjRTcz.exe
  C:\Windows\System\uDjRTcz.exe
  2⤵
  PID:5504
- C:\Windows\System\BOEQptv.exe
  C:\Windows\System\BOEQptv.exe
  2⤵
  PID:3644
- C:\Windows\System\vToiOSc.exe
  C:\Windows\System\vToiOSc.exe
  2⤵
  PID:2344
- C:\Windows\System\QmLgdBN.exe
  C:\Windows\System\QmLgdBN.exe
  2⤵
  PID:2448
- C:\Windows\System\XuWIyvf.exe
  C:\Windows\System\XuWIyvf.exe
  2⤵
  PID:12296
- C:\Windows\System\iATmfar.exe
  C:\Windows\System\iATmfar.exe
  2⤵
  PID:12312
- C:\Windows\System\khEzHtK.exe
  C:\Windows\System\khEzHtK.exe
  2⤵
  PID:12356
- C:\Windows\System\GiQsKWJ.exe
  C:\Windows\System\GiQsKWJ.exe
  2⤵
  PID:12384
- C:\Windows\System\mEYpgDA.exe
  C:\Windows\System\mEYpgDA.exe
  2⤵
  PID:12428
- C:\Windows\System\cBDAPAU.exe
  C:\Windows\System\cBDAPAU.exe
  2⤵
  PID:12452
- C:\Windows\System\iBhwfPr.exe
  C:\Windows\System\iBhwfPr.exe
  2⤵
  PID:12488
- C:\Windows\System\jgQGseR.exe
  C:\Windows\System\jgQGseR.exe
  2⤵
  PID:12504
- C:\Windows\System\oaMbDXb.exe
  C:\Windows\System\oaMbDXb.exe
  2⤵
  PID:12544
- C:\Windows\System\XUhSaeX.exe
  C:\Windows\System\XUhSaeX.exe
  2⤵
  PID:12572
- C:\Windows\System\sYstBjF.exe
  C:\Windows\System\sYstBjF.exe
  2⤵
  PID:12600
- C:\Windows\System\SqLqMcT.exe
  C:\Windows\System\SqLqMcT.exe
  2⤵
  PID:12632
- C:\Windows\System\szwwlst.exe
  C:\Windows\System\szwwlst.exe
  2⤵
  PID:12664
- C:\Windows\System\rkKpsEy.exe
  C:\Windows\System\rkKpsEy.exe
  2⤵
  PID:12692
- C:\Windows\System\xRRAiTl.exe
  C:\Windows\System\xRRAiTl.exe
  2⤵
  PID:12724
- C:\Windows\System\dDfkWal.exe
  C:\Windows\System\dDfkWal.exe
  2⤵
  PID:12752
- C:\Windows\System\svFzebq.exe
  C:\Windows\System\svFzebq.exe
  2⤵
  PID:12780
- C:\Windows\System\pGHxrYt.exe
  C:\Windows\System\pGHxrYt.exe
  2⤵
  PID:12808
- C:\Windows\System\rXIvKgG.exe
  C:\Windows\System\rXIvKgG.exe
  2⤵
  PID:12840
- C:\Windows\System\CcpMXLz.exe
  C:\Windows\System\CcpMXLz.exe
  2⤵
  PID:12868
- C:\Windows\System\mReWghY.exe
  C:\Windows\System\mReWghY.exe
  2⤵
  PID:12896
- C:\Windows\System\ifLdEgo.exe
  C:\Windows\System\ifLdEgo.exe
  2⤵
  PID:12928
- C:\Windows\System\rmfplNt.exe
  C:\Windows\System\rmfplNt.exe
  2⤵
  PID:12960
- C:\Windows\System\gkqApOn.exe
  C:\Windows\System\gkqApOn.exe
  2⤵
  PID:12988
- C:\Windows\System\DmCXPRJ.exe
  C:\Windows\System\DmCXPRJ.exe
  2⤵
  PID:13016
- C:\Windows\System\bYCRHoS.exe
  C:\Windows\System\bYCRHoS.exe
  2⤵
  PID:13044
- C:\Windows\System\xAncZkW.exe
  C:\Windows\System\xAncZkW.exe
  2⤵
  PID:13072
- C:\Windows\System\DWyQGRw.exe
  C:\Windows\System\DWyQGRw.exe
  2⤵
  PID:13104
- C:\Windows\System\HHHutpg.exe
  C:\Windows\System\HHHutpg.exe
  2⤵
  PID:13136
- C:\Windows\System\UrBSkPH.exe
  C:\Windows\System\UrBSkPH.exe
  2⤵
  PID:13164
- C:\Windows\System\omaDitU.exe
  C:\Windows\System\omaDitU.exe
  2⤵
  PID:13200
- C:\Windows\System\qIuUATn.exe
  C:\Windows\System\qIuUATn.exe
  2⤵
  PID:13240
- C:\Windows\System\LkEnUah.exe
  C:\Windows\System\LkEnUah.exe
  2⤵
  PID:13268
- C:\Windows\System\gnhpYhL.exe
  C:\Windows\System\gnhpYhL.exe
  2⤵
  PID:13284
- C:\Windows\System\rzrGFjU.exe
  C:\Windows\System\rzrGFjU.exe
  2⤵
  PID:12076
- C:\Windows\System\PTWtmBf.exe
  C:\Windows\System\PTWtmBf.exe
  2⤵
  PID:3336
- C:\Windows\System\dMnJwnA.exe
  C:\Windows\System\dMnJwnA.exe
  2⤵
  PID:12400
- C:\Windows\System\BCJQkbe.exe
  C:\Windows\System\BCJQkbe.exe
  2⤵
  PID:628
- C:\Windows\System\WGXGFKj.exe
  C:\Windows\System\WGXGFKj.exe
  2⤵
  PID:12480
- C:\Windows\System\GlKpxpj.exe
  C:\Windows\System\GlKpxpj.exe
  2⤵
  PID:5736
- C:\Windows\System\EWtFPUR.exe
  C:\Windows\System\EWtFPUR.exe
  2⤵
  PID:12616
- C:\Windows\System\EvFANsy.exe
  C:\Windows\System\EvFANsy.exe
  2⤵
  PID:12688
- C:\Windows\System\NGpGDDL.exe
  C:\Windows\System\NGpGDDL.exe
  2⤵
  PID:12716
- C:\Windows\System\mYoMzkV.exe
  C:\Windows\System\mYoMzkV.exe
  2⤵
  PID:12804
- C:\Windows\System\kjTBaTI.exe
  C:\Windows\System\kjTBaTI.exe
  2⤵
  PID:12856
- C:\Windows\System\AsUAebc.exe
  C:\Windows\System\AsUAebc.exe
  2⤵
  PID:2036
- C:\Windows\System\ExHShoZ.exe
  C:\Windows\System\ExHShoZ.exe
  2⤵
  PID:12984
- C:\Windows\System\NMlpdhk.exe
  C:\Windows\System\NMlpdhk.exe
  2⤵
  PID:13056
- C:\Windows\System\keReTgO.exe
  C:\Windows\System\keReTgO.exe
  2⤵
  PID:13116
- C:\Windows\System\EfsdDmh.exe
  C:\Windows\System\EfsdDmh.exe
  2⤵
  PID:13184
- C:\Windows\System\ClswjjJ.exe
  C:\Windows\System\ClswjjJ.exe
  2⤵
  PID:13264
- C:\Windows\System\KaoaoVO.exe
  C:\Windows\System\KaoaoVO.exe
  2⤵
  PID:13304
- C:\Windows\System\ozotqEp.exe
  C:\Windows\System\ozotqEp.exe
  2⤵
  PID:4680
- C:\Windows\System\YEaIIBY.exe
  C:\Windows\System\YEaIIBY.exe
  2⤵
  PID:12564
- C:\Windows\System\DXPfRCf.exe
  C:\Windows\System\DXPfRCf.exe
  2⤵
  PID:12704
- C:\Windows\System\QVNhNxi.exe
  C:\Windows\System\QVNhNxi.exe
  2⤵
  PID:12748
- C:\Windows\System\umFDXon.exe
  C:\Windows\System\umFDXon.exe
  2⤵
  PID:12948
- C:\Windows\System\vxvpWlX.exe
  C:\Windows\System\vxvpWlX.exe
  2⤵
  PID:13100
- C:\Windows\System\nJBGOru.exe
  C:\Windows\System\nJBGOru.exe
  2⤵
  PID:13260
- C:\Windows\System\WkVFGFv.exe
  C:\Windows\System\WkVFGFv.exe
  2⤵
  PID:12348
- C:\Windows\System\iKEkzBk.exe
  C:\Windows\System\iKEkzBk.exe
  2⤵
  PID:12940
- C:\Windows\System\JVlWVOq.exe
  C:\Windows\System\JVlWVOq.exe
  2⤵
  PID:13176
- C:\Windows\System\dPNaavd.exe
  C:\Windows\System\dPNaavd.exe
  2⤵
  PID:12660
- C:\Windows\System\cOfAkcG.exe
  C:\Windows\System\cOfAkcG.exe
  2⤵
  PID:13096
- C:\Windows\System\vitAvgD.exe
  C:\Windows\System\vitAvgD.exe
  2⤵
  PID:12436
- C:\Windows\System\LscamdC.exe
  C:\Windows\System\LscamdC.exe
  2⤵
  PID:13036
- C:\Windows\System\LSFpKMy.exe
  C:\Windows\System\LSFpKMy.exe
  2⤵
  PID:12380
- C:\Windows\System\tjSZkig.exe
  C:\Windows\System\tjSZkig.exe
  2⤵
  PID:13332
- C:\Windows\System\BLphetK.exe
  C:\Windows\System\BLphetK.exe
  2⤵
  PID:13364
- C:\Windows\System\iXglnxM.exe
  C:\Windows\System\iXglnxM.exe
  2⤵
  PID:13388
- C:\Windows\System\DZLdtKO.exe
  C:\Windows\System\DZLdtKO.exe
  2⤵
  PID:13416
- C:\Windows\System\zWXIBOh.exe
  C:\Windows\System\zWXIBOh.exe
  2⤵
  PID:13444
- C:\Windows\System\AFujPEm.exe
  C:\Windows\System\AFujPEm.exe
  2⤵
  PID:13472
- C:\Windows\System\cnnIjyz.exe
  C:\Windows\System\cnnIjyz.exe
  2⤵
  PID:13504
- C:\Windows\System\hHdugmJ.exe
  C:\Windows\System\hHdugmJ.exe
  2⤵
  PID:13528
- C:\Windows\System\dbOhdaA.exe
  C:\Windows\System\dbOhdaA.exe
  2⤵
  PID:13556
- C:\Windows\System\pNIRzCe.exe
  C:\Windows\System\pNIRzCe.exe
  2⤵
  PID:13584
- C:\Windows\System\AzEEpss.exe
  C:\Windows\System\AzEEpss.exe
  2⤵
  PID:13612
- C:\Windows\System\XHQiWiV.exe
  C:\Windows\System\XHQiWiV.exe
  2⤵
  PID:13640
- C:\Windows\System\nHSZCco.exe
  C:\Windows\System\nHSZCco.exe
  2⤵
  PID:13668
- C:\Windows\System\EnRDUCw.exe
  C:\Windows\System\EnRDUCw.exe
  2⤵
  PID:13696
- C:\Windows\System\ZUhuije.exe
  C:\Windows\System\ZUhuije.exe
  2⤵
  PID:13724
- C:\Windows\System\kpkzAXh.exe
  C:\Windows\System\kpkzAXh.exe
  2⤵
  PID:13752
- C:\Windows\System\tBjlhqn.exe
  C:\Windows\System\tBjlhqn.exe
  2⤵
  PID:13780
- C:\Windows\System\SaiNorM.exe
  C:\Windows\System\SaiNorM.exe
  2⤵
  PID:13808
- C:\Windows\System\VURScWm.exe
  C:\Windows\System\VURScWm.exe
  2⤵
  PID:13836
- C:\Windows\System\etsiFtD.exe
  C:\Windows\System\etsiFtD.exe
  2⤵
  PID:13864
- C:\Windows\System\DExZZJn.exe
  C:\Windows\System\DExZZJn.exe
  2⤵
  PID:13884
- C:\Windows\System\roAxKzV.exe
  C:\Windows\System\roAxKzV.exe
  2⤵
  PID:13920
- C:\Windows\System\XgEzYbr.exe
  C:\Windows\System\XgEzYbr.exe
  2⤵
  PID:13948
- C:\Windows\System\FBVoTwg.exe
  C:\Windows\System\FBVoTwg.exe
  2⤵
  PID:13976
- C:\Windows\System\yYScHeW.exe
  C:\Windows\System\yYScHeW.exe
  2⤵
  PID:14004
- C:\Windows\System\vmcxAna.exe
  C:\Windows\System\vmcxAna.exe
  2⤵
  PID:14036
- C:\Windows\System\cNIIBwu.exe
  C:\Windows\System\cNIIBwu.exe
  2⤵
  PID:14060
- C:\Windows\System\lFZhmhY.exe
  C:\Windows\System\lFZhmhY.exe
  2⤵
  PID:14112
- C:\Windows\System\yelLYOL.exe
  C:\Windows\System\yelLYOL.exe
  2⤵
  PID:14144
- C:\Windows\System\VVgZEFT.exe
  C:\Windows\System\VVgZEFT.exe
  2⤵
  PID:14184
- C:\Windows\System\vbKZtib.exe
  C:\Windows\System\vbKZtib.exe
  2⤵
  PID:14216
- C:\Windows\System\kNFKgdm.exe
  C:\Windows\System\kNFKgdm.exe
  2⤵
  PID:14252
- C:\Windows\System\aWeZVpF.exe
  C:\Windows\System\aWeZVpF.exe
  2⤵
  PID:14284
- C:\Windows\System\QFqYLIM.exe
  C:\Windows\System\QFqYLIM.exe
  2⤵
  PID:14328
- C:\Windows\System\NwfeTuo.exe
  C:\Windows\System\NwfeTuo.exe
  2⤵
  PID:13380
- C:\Windows\System\hOxkVir.exe
  C:\Windows\System\hOxkVir.exe
  2⤵
  PID:13436
- C:\Windows\System\VcmhWeR.exe
  C:\Windows\System\VcmhWeR.exe
  2⤵
  PID:13492
- C:\Windows\System\BQVUkyg.exe
  C:\Windows\System\BQVUkyg.exe
  2⤵
  PID:13568
- C:\Windows\System\AhJsukB.exe
  C:\Windows\System\AhJsukB.exe
  2⤵
  PID:13636
- C:\Windows\System\SpFnDSf.exe
  C:\Windows\System\SpFnDSf.exe
  2⤵
  PID:13692
- C:\Windows\System\PpbrKOT.exe
  C:\Windows\System\PpbrKOT.exe
  2⤵
  PID:13736
- C:\Windows\System\eZGbiKd.exe
  C:\Windows\System\eZGbiKd.exe
  2⤵
  PID:13792
- C:\Windows\System\hCCHtHS.exe
  C:\Windows\System\hCCHtHS.exe
  2⤵
  PID:13848
- C:\Windows\System\xtVyGBE.exe
  C:\Windows\System\xtVyGBE.exe
  2⤵
  PID:4580
- C:\Windows\System\fnyNTXX.exe
  C:\Windows\System\fnyNTXX.exe
  2⤵
  PID:13960
- C:\Windows\System\vulUkRm.exe
  C:\Windows\System\vulUkRm.exe
  2⤵
  PID:3908
- C:\Windows\System\SQOKIXH.exe
  C:\Windows\System\SQOKIXH.exe
  2⤵
  PID:14140
- C:\Windows\System\JcJSoZj.exe
  C:\Windows\System\JcJSoZj.exe
  2⤵
  PID:14296
- C:\Windows\System\rdIqiXF.exe
  C:\Windows\System\rdIqiXF.exe
  2⤵
  PID:13484
- C:\Windows\System\XSNCaqU.exe
  C:\Windows\System\XSNCaqU.exe
  2⤵
  PID:13716
- C:\Windows\System\gmdysVc.exe
  C:\Windows\System\gmdysVc.exe
  2⤵
  PID:13904
- C:\Windows\System\IOQRUHu.exe
  C:\Windows\System\IOQRUHu.exe
  2⤵
  PID:13944
- C:\Windows\System\BOIzBWA.exe
  C:\Windows\System\BOIzBWA.exe
  2⤵
  PID:14260
- C:\Windows\System\OjWJMyD.exe
  C:\Windows\System\OjWJMyD.exe
  2⤵
  PID:11460
- C:\Windows\System\KTPljvm.exe
  C:\Windows\System\KTPljvm.exe
  2⤵
  PID:11640
- C:\Windows\System\zlWiuMj.exe
  C:\Windows\System\zlWiuMj.exe
  2⤵
  PID:13764
- C:\Windows\System\mKAahbm.exe
  C:\Windows\System\mKAahbm.exe
  2⤵
  PID:11840
- C:\Windows\System\vuUPcbf.exe
  C:\Windows\System\vuUPcbf.exe
  2⤵
  PID:11936
- C:\Windows\System\mOvfjnB.exe
  C:\Windows\System\mOvfjnB.exe
  2⤵
  PID:12072
- C:\Windows\System\tjGamLx.exe
  C:\Windows\System\tjGamLx.exe
  2⤵
  PID:12460
- C:\Windows\System\RjdWVPm.exe
  C:\Windows\System\RjdWVPm.exe
  2⤵
  PID:14028
- C:\Windows\System\scpAjJP.exe
  C:\Windows\System\scpAjJP.exe
  2⤵
  PID:11572
- C:\Windows\System\LchHBHL.exe
  C:\Windows\System\LchHBHL.exe
  2⤵
  PID:12048
- C:\Windows\System\GQnLXMt.exe
  C:\Windows\System\GQnLXMt.exe
  2⤵
  PID:11844
- C:\Windows\System\zccYvBa.exe
  C:\Windows\System\zccYvBa.exe
  2⤵
  PID:11444
- C:\Windows\System\DvCqdAq.exe
  C:\Windows\System\DvCqdAq.exe
  2⤵
  PID:11904
- C:\Windows\System\dqLRZZf.exe
  C:\Windows\System\dqLRZZf.exe
  2⤵
  PID:14352
- C:\Windows\System\jRhYzbm.exe
  C:\Windows\System\jRhYzbm.exe
  2⤵
  PID:14380
- C:\Windows\System\srMmthQ.exe
  C:\Windows\System\srMmthQ.exe
  2⤵
  PID:14408
- C:\Windows\System\aulSldN.exe
  C:\Windows\System\aulSldN.exe
  2⤵
  PID:14436
- C:\Windows\System\wHhqNFZ.exe
  C:\Windows\System\wHhqNFZ.exe
  2⤵
  PID:14464
- C:\Windows\System\qkYadGl.exe
  C:\Windows\System\qkYadGl.exe
  2⤵
  PID:14492
- C:\Windows\System\XEUxWyG.exe
  C:\Windows\System\XEUxWyG.exe
  2⤵
  PID:14520
- C:\Windows\System\YrbYeuk.exe
  C:\Windows\System\YrbYeuk.exe
  2⤵
  PID:14556
- C:\Windows\System\SBBCRAV.exe
  C:\Windows\System\SBBCRAV.exe
  2⤵
  PID:14588
- C:\Windows\System\MyMtwGm.exe
  C:\Windows\System\MyMtwGm.exe
  2⤵
  PID:14616
- C:\Windows\System\NJGQtTf.exe
  C:\Windows\System\NJGQtTf.exe
  2⤵
  PID:14648
- C:\Windows\System\lMXvgVV.exe
  C:\Windows\System\lMXvgVV.exe
  2⤵
  PID:14684
- C:\Windows\System\JBXkVQM.exe
  C:\Windows\System\JBXkVQM.exe
  2⤵
  PID:14712
- C:\Windows\System\VmGHAHd.exe
  C:\Windows\System\VmGHAHd.exe
  2⤵
  PID:14740
- C:\Windows\System\lDdbTbZ.exe
  C:\Windows\System\lDdbTbZ.exe
  2⤵
  PID:14768
- C:\Windows\System\tLNQkzu.exe
  C:\Windows\System\tLNQkzu.exe
  2⤵
  PID:14796
- C:\Windows\System\XzxpLBj.exe
  C:\Windows\System\XzxpLBj.exe
  2⤵
  PID:14824
- C:\Windows\System\IgxARTC.exe
  C:\Windows\System\IgxARTC.exe
  2⤵
  PID:14852
- C:\Windows\System\WCdwYRm.exe
  C:\Windows\System\WCdwYRm.exe
  2⤵
  PID:14880
- C:\Windows\System\PrfDAdJ.exe
  C:\Windows\System\PrfDAdJ.exe
  2⤵
  PID:14908
- C:\Windows\System\qsNGoQZ.exe
  C:\Windows\System\qsNGoQZ.exe
  2⤵
  PID:14936
- C:\Windows\System\llUXhBZ.exe
  C:\Windows\System\llUXhBZ.exe
  2⤵
  PID:14964
- C:\Windows\System\UCJGkNB.exe
  C:\Windows\System\UCJGkNB.exe
  2⤵
  PID:14992
- C:\Windows\System\excVzWl.exe
  C:\Windows\System\excVzWl.exe
  2⤵
  PID:15020
- C:\Windows\System\lZFxQFg.exe
  C:\Windows\System\lZFxQFg.exe
  2⤵
  PID:15052
- C:\Windows\System\UvEFTki.exe
  C:\Windows\System\UvEFTki.exe
  2⤵
  PID:15076
- C:\Windows\System\XPNtrND.exe
  C:\Windows\System\XPNtrND.exe
  2⤵
  PID:15104
- C:\Windows\System\UMNDvEp.exe
  C:\Windows\System\UMNDvEp.exe
  2⤵
  PID:15132
- C:\Windows\System\oPKDTRN.exe
  C:\Windows\System\oPKDTRN.exe
  2⤵
  PID:15160
- C:\Windows\System\NZkttiP.exe
  C:\Windows\System\NZkttiP.exe
  2⤵
  PID:15188
- C:\Windows\System\PtJaMLB.exe
  C:\Windows\System\PtJaMLB.exe
  2⤵
  PID:15216
- C:\Windows\System\BflEmaz.exe
  C:\Windows\System\BflEmaz.exe
  2⤵
  PID:15244
- C:\Windows\System\SZOMtQR.exe
  C:\Windows\System\SZOMtQR.exe
  2⤵
  PID:15272
- C:\Windows\System\ygHvfTr.exe
  C:\Windows\System\ygHvfTr.exe
  2⤵
  PID:15320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AjazGQh.exe

Filesize
6.1MB

MD5
763276801d43cd5385f961ae90a9c679

SHA1
404e65be0ae97fb99022a9ccb8202c57fa628ccd

SHA256
7210c85c43c27c1db19ecbeda9b29df66490495f7ec3e5482a5eee051b4ef039

SHA512
cd488d60af4bc9ca25d2e0700177fff1899af6c83f176757e62d83fc5dcddfc167111785e4b831cfe2f7c826a62d86712d04072dea11104307a538a664c4a050

Download Submit
C:\Windows\System\EHshVYa.exe

Filesize
6.1MB

MD5
ab16cc5336a14577f5a8dda4ac1853c4

SHA1
5f7e5dca6d28df48c53853e661fa56e0f8b5a3e7

SHA256
f85d46ab21026eb07e7c8afa9c68bd141f9b48cce719ce98bd20594a1e1b34c2

SHA512
45f9648adbc5951f1f793d09f059a4d6bb6a41a2748e57ac5970fb487f3de48023bf65de260b266b2862848b5b42e43b89cd24d573257b95f99ba2f337ff5578

Download Submit
C:\Windows\System\LyiojJj.exe

Filesize
6.1MB

MD5
3e80d805437e91ac62e32f848fb6642a

SHA1
b8bd48b1b44eddceaaf3933ecfbe95b672c16696

SHA256
b094318cc34effbcd6404a34c0911807a00f0413c0e9e0b7393cf4667fe0813c

SHA512
9f1360fbef71df999c14b8e5956512607ba9a4a4ae40bea0bc6386b68cc10716d2f5b79c44e42b5a236b77e154ec4e0d2f786f31b0d899152233aae616819ded

Download Submit
C:\Windows\System\MFJEirN.exe

Filesize
6.1MB

MD5
772ed553b8abdb85de92ed63be64c57c

SHA1
e65baaacd9c8db47da4daf115a243088726e6e68

SHA256
262223d3c73780210f309ede08f450700b900cf7f897dccf54643441e0e9f32f

SHA512
03f0f2462941016a9322c4f1a0ff47da783f13a14d85f8608a236f0e6864edbd34082251208273ea51dafdc0e92c59f8694bc8ceec12abdfc9db05c86cb4e7eb

Download Submit
C:\Windows\System\MXSjmQq.exe

Filesize
6.1MB

MD5
165bd9ed8d800c4f411b69406168dabc

SHA1
f03b8ccd58f0bbcc12b1554a7d7be4ba75a7977c

SHA256
6930b4213d63b88f4da4633cc461297aa905ad374f5e802b9f25037d4b4e7fe4

SHA512
17d94235ee682489c2da65ef988518fb1e631af089bc0d0241337ddfd97d112ceab36aa04b80f8de4b384f612f82fc648b2021b23ea8481f8e47e86f3d4aafb4

Download Submit
C:\Windows\System\OTOFnUa.exe

Filesize
6.1MB

MD5
2393ecaf75dd5d276c0202eefc1e525b

SHA1
d1e24be12702f8da4d6a21ffe72504e82e96d106

SHA256
0cf808e0edcfccb9be214cb75980259248facf21fb63d3e886d50aa49458db3e

SHA512
b455f69ab8ed0a3f0b81bb0b02902c25dff6b6dd963f4546ffa06c4e61ae1c128bc8a807d11558cb2ce60aaf7427b7259f5be42ecc23c9e9385188795246b99d

Download Submit
C:\Windows\System\OWTSBeB.exe

Filesize
6.1MB

MD5
1dcff49a35a8b93c157f349ddbec7f04

SHA1
ca5064c946e260d4b0ffda64c3533d6588ddccb2

SHA256
526f1f990f510b718ec1d69853ed102435a5bb6429c4d7fd8026a61fbd111d8d

SHA512
88f0131bd9465433aeeb96fb4caeea30146328226ebc3af467fb3f683c74d4e58d19804011d404f01f79850eae6c2fabb3cf05a9b569ebf357b5fbca99be2fd1

Download Submit
C:\Windows\System\OaeOmLq.exe

Filesize
6.1MB

MD5
be15d7747ab6d0fa3839bb20105d53c0

SHA1
8f0785c5c859aed84021b988dd33b849f621b181

SHA256
6efcdabc196ac05d4ef5d21467818224b0179f727e86b36f160210376502ebc8

SHA512
d55e021d4080e227aaed507a9d4292ba97964436074243c596aa7e071202f6948d2b2c8056c631a72045caf104acd9cfb6394b3b09b6eebacaf1be0dd9c54af1

Download Submit
C:\Windows\System\OvzxDsL.exe

Filesize
6.1MB

MD5
a5ca6a827fc6f6d8acf30790eaede5db

SHA1
7d4aef41a1ddc2d62aa19e377ebbba2308289a21

SHA256
a3d1d65f3d955a52ee448f4926046595e7a0da065a157c8d3a9e105110481535

SHA512
31eee032389dc8a786ed29d9e641bb6a977868aab82838d165792c31a55bcfab5907b7e7d92efa58eb389e35d5961ac1d45b8f4e98cf3606015b30f2689f3c82

Download Submit
C:\Windows\System\PfPiKvL.exe

Filesize
6.1MB

MD5
ce7e51c3a7ebad59be64b76aedc36d59

SHA1
8f85fb0f1574fea163224bc3cec9e732b6e4475f

SHA256
f2c32db7a1b98c8017a70f17877e66ef298428ce736f6120a06d266711b113dc

SHA512
d942e68bf2afab42248acb36895a8522a5fa364f197ad12bf57ae62ff9069681b1989dd503a2ed32067b3aaaefb89ffc74d530cac32cde5dad086561775196ac

Download Submit
C:\Windows\System\PoyuJtg.exe

Filesize
6.1MB

MD5
5a06d28b49bebc362f95879ef9779a45

SHA1
f8ca51ae248e9a82c20a025e9ba2dacac883fc62

SHA256
589903c8b971eae6e4a0482bbb48694711f75f659a4676c6abd7a4ec9c90446c

SHA512
7d6625c05e061f9a9ea9dc591a132de6c287aee705f3826c37fa0750ed7f1a8a08d9e77ab9425817e8da4eae3bb7b11c897b28b9b47769020c65bd53fdcc3518

Download Submit
C:\Windows\System\SNCgPxj.exe

Filesize
6.1MB

MD5
600b138eb2aef3ad2006e1ea29341991

SHA1
a401716644928d341cf506f6814b3551ade9a498

SHA256
2f66f02b568b965c1d7d5d26f6366d24888fe88eb61234e0f337516329a02e0d

SHA512
73bbce5ab02488c3ab1f5af970224ac2e921fe32a6f3accb6742e8e8aedb032d3353991147940cf37135eeec88bc4b6450c553bbcfeff27cd661a230c5627e3d

Download Submit
C:\Windows\System\UJnXScf.exe

Filesize
6.1MB

MD5
7c0a71f1f0da1c0d0eb62f145cf16c1f

SHA1
0c20552dce938761e0a8c387d88aacbd646b2032

SHA256
8e1b00ebc3beae496dae4dc1f348593a6bb2de4329e1f6dea7c332c751b1a239

SHA512
87545d01093f41c7c082d66bc6cd66b6fc3f05c96a7b8d74120856e367cd80c01112ea14d3ba4f73cd2e93a1a551a5b3c53515220d4196d07a0823133c568624

Download Submit
C:\Windows\System\VVhMOZW.exe

Filesize
6.1MB

MD5
d1ddf3873d8b6590797ed436daa1be13

SHA1
5933d1ebf2ef5ade5d1617ec7ab3ca3af8645b98

SHA256
13fb07e6a7047327908538d910f66c426defed5c3fb7a1d7a96492b600f22e1b

SHA512
d0388472033c452d6864e384cc42bf92e6c171265691799f3cd08ea7ed651e0d13644bbe308553c52eaf7276fa529238279f005fe98464ec73cef3ceeb2cb960

Download Submit
C:\Windows\System\Vzyjijw.exe

Filesize
6.1MB

MD5
83a8f746966420ffa75572992a5100d3

SHA1
9dda084a28db3d771ad94d74d7513c4a391f26ef

SHA256
f1063a5f962323ab0fd70f9fc3c53cf61f6608c61fb11b4c1d692be3bc05721c

SHA512
160cfb8c39cb2e52819be2661865b90e4a3c383006450d10e260d5b82b08bd95c0335a4a01284e7e01565d25988e14dbfc219d1c19d57821ace4cea029c3f119

Download Submit
C:\Windows\System\XaqMcQk.exe

Filesize
6.1MB

MD5
1577a89700364aa863ef7cfd42017d0a

SHA1
5bfe5ce857148e980113f90f5abfb4acbd24a7fa

SHA256
cfe70ca104c1bdf04bf9092b58facbbd1a392a9fa522acaf368442626d2d77f6

SHA512
83ba5c6453e4044c9f78cfd5b6dbc88ee6ec6b2f85bad4be384c6f89897e4fd076f4b1ca301352b2d0d97f22773cec9202b129809911216f00fea3e8c77cd4cd

Download Submit
C:\Windows\System\XzeBIsG.exe

Filesize
6.1MB

MD5
0f866b7f9d213ae87ee5dc08f7503aa3

SHA1
01316d4cd7d0577a2a7a1f2caaed6abcbeff7299

SHA256
b887482b655df985e0d3d454cc0bbbc4e2933dce2c267719a0c239a5b795dae9

SHA512
7e2dd0e06f68ee73b2f36fd29c23c5751fd287f9109149a0291cb957d116b4a5790bc045894ed8c0c487d51bc56a5bb601b7cfe272a93458b59f166318fd06d9

Download Submit
C:\Windows\System\YHPpqWR.exe

Filesize
6.1MB

MD5
7bd095da45e9c3a31e73b2b12198bbe7

SHA1
ef68afe9f398c623a413f54301d05120ff7f5847

SHA256
f541488a2e69b4669a633724be740d7b20dbf0a8d023265c29f4139ba35ae513

SHA512
1e6283cc05bcfabca95db831ea5c8e4bd16f2abfdda57290f444a12b4445e2c33d1880c10db73ab0eae6737160db10a3c3bb1998170161afaa78a737de34d4e4

Download Submit
C:\Windows\System\aplzdde.exe

Filesize
6.1MB

MD5
ec3d14e234f06c51f1406633a9b18089

SHA1
042fa87cd66a1f8b33b24ea90a629aa1b3515cc2

SHA256
69ab1827d80ba782bca904fb4f9f29c10edb6b969007f3651f06af973fef1963

SHA512
246fc23c087def183e14b50b08591153b653ab6517a1569793266d0b37e1ffe7d5bcd6a0faa95c5e25ee86fcb5a4538321ff9532ee1c894d0c9a559d89cbafa7

Download Submit
C:\Windows\System\avazTzj.exe

Filesize
6.1MB

MD5
ee1d242cf76634eb567104f726daa179

SHA1
90730aad9247f42621fc7560967be35e1a123863

SHA256
9fa4f522f926811881ca2058bdf8bedfebdfb442b765f14b9de11e5fb677252f

SHA512
608d3551292940c10f850d06ba8c3abfe58b05e37a6d9a17cd15e650984b1ca41f4fbd192e5aa99c96a764ffa03ff06aa7d5d2bd7f58a0d798ca8e571ed43bf3

Download Submit
C:\Windows\System\cnnHwYh.exe

Filesize
6.1MB

MD5
749de08b173fbf83ff08e3177dfe5c05

SHA1
bb998c38b7546f35cc4511290929b2be93578233

SHA256
a176377c6bd81b61cc40931bbe11d9a5b79af5f956a32285b36ca29b9f27fa54

SHA512
465d0e122bac37bb2f41bb7cbe3b24da5af38519ccb120b0a7bf7e2f01fe5d9ac818e203f5624578aa22d0765c14eff34566071e0b3d979e68883be1534152e9

Download Submit
C:\Windows\System\eLlTrtO.exe

Filesize
6.1MB

MD5
dc64a3d50d78783a34386302cc8df21f

SHA1
398ec99291eaab6de2193e085c58eab2dd32b5e9

SHA256
b1617ecb0219c47c570b61a62900e8abf91741123ab0aded6a5a2d15c43ce641

SHA512
6cc25d960cad0633ca2cd7d5be53bb66f0c7e19f119e6bf7efde8977afb4e0ff0b1126757d89795a3a5cfd5b139a2d331fd9ebcedcfa0e569e5377a4e1436d28

Download Submit
C:\Windows\System\gVyVUXL.exe

Filesize
6.1MB

MD5
82022ce15f92708521589e94386a402f

SHA1
75ccda9d65f1f3ab192cb50c26a6e4c7a0c48ef5

SHA256
cfe13fb9e027bc453e3169a089be4eadbdf9479f581e4b4901882126cdf5329c

SHA512
41e61c95f48f10e385f1c4107a69b33f663911f24494ea900e53b1d0dcce506ec1b87b14938abd42136ac9a08ce0f70dccc86e3a7946ac8073a8a51a984a0dca

Download Submit
C:\Windows\System\gxrbZOG.exe

Filesize
6.1MB

MD5
e9fad45813fe94adb619f43894417c8f

SHA1
10e54a49e1a317c9a1dccc8283f552deda2bb647

SHA256
2bd1d8920dab560e872a958cdd7262668e04e77a5c63cded4d013136f231b49d

SHA512
3a1c7ae75d2536ae97db3c0b5eccf64634a8644810838238e94a3403b4445bd932683db6c0a8d2d04fb1d943baa60d938d1a25c01a326421cb883fdc9c6d827c

Download Submit
C:\Windows\System\hAbMeod.exe

Filesize
6.1MB

MD5
6ff70a89f6d1034bcd45eded43591f0b

SHA1
a137b68c48695e923033e9034340c1e56fb968f2

SHA256
785fafacd349bca47054fafb19ff1bda942cf54204a02a07b7d301b8b4ccaf68

SHA512
34f8238411c9497462c02ec947d412a3ee82850578850aac34d41c46882ad312c2677ba5e6a8343d86a6148fae22fa44967ef66966ea6cf6bf6ad662b0328b9b

Download Submit
C:\Windows\System\ixpldZo.exe

Filesize
6.1MB

MD5
1407e62879d2eb3d0a23e323990c95e0

SHA1
b5cd161a2364f4a90fc98124f97cb2cf49bbcdf9

SHA256
4bf03b8a462ec11b670e86ab5f903d15e9e63c7ebc4b11d84899d47c1118c892

SHA512
ed01f21346b6682c0e603db9fade18ecac8a4a1fbec65be7c3331608c86339e766950046af2a6ba9e15e8375a22b64181f73481dc88fb8e450954d7bb15e9789

Download Submit
C:\Windows\System\jLZuNyZ.exe

Filesize
6.1MB

MD5
e6115d253038bf6560755c0e0e8402df

SHA1
3d9497d7ac6f07b24616823f82709ef5f0b917d8

SHA256
9b8aff807e74809ade67115dfc67c4531800d0dde482986f0280078e1fcec028

SHA512
3fe96c820a6e8e5a793fc82c940f0f0ebdec871a2471d417111d575f7e9e095de43a46821c357b06d4d5f774f5dbb7974be2c96703e5dcb806a88502e4d38f9c

Download Submit
C:\Windows\System\lAtilsK.exe

Filesize
6.1MB

MD5
8d0bf765abb4cefc4095f930ec897cf7

SHA1
eda12719eb4902814f2361b2887223add3494463

SHA256
8c2ce463f3db3f2053a11d2b413dab07793ad8ad6609dcf03161d436eba35810

SHA512
c7baa1a99bbcfdf7e8207db1777c68a5b466ae8423efb5a2040e5cd9ccbea4eff0a730d1f626a4984bfb4c99eb7bf11083dd219f7ebcc540e167696f36343fa0

Download Submit
C:\Windows\System\lCIOzZA.exe

Filesize
6.1MB

MD5
827827ae7a2400f582ec48892ea33734

SHA1
121870ff3181f8956236fb2e958ee57744f8bd86

SHA256
477afe99517332eca6daa128fa7a0ea690ba45966f7e3458fd29cc4ac67bf694

SHA512
3ecca315feae3d1a728154c2359523e6a5be19ef8e7cdfd49e201b576ff09c962de8228dd6f97802d16022f8b44a262e3412f14cbddf1f2c9bbbb5b7482c7b39

Download Submit
C:\Windows\System\niFvlIy.exe

Filesize
6.1MB

MD5
590d6a2042c822ae51f49b10fbc400c6

SHA1
558af09945ec81f5fe6bdd71470e7cae046d89e2

SHA256
3227f031cebb5b908af3026222deab2908d4778c45a884993f005c39cc6b9284

SHA512
cf60edfc5cf3ca6dcf16aacc2c40557a3da29e52dd49f3c37b1484ff6b26819504de7e5b9d117c40a67d9e56d27dad791aded8721d6ca2be2da7430935e2f358

Download Submit
C:\Windows\System\njCYzJv.exe

Filesize
6.1MB

MD5
d489c124886d65019da058e8ec992f55

SHA1
d85ff959868db561e721478b181bd6d08f9a20dd

SHA256
942ed215d8dcdb1feee43fdc265be7f3d1d9a971b98f6a2243249507e2fa43a6

SHA512
17ade22d8cc2c32ebe9247164b643bb04fc79168b01d5c273ebe2fc70188f47f23473f8b0c3355ffbd29851a28ffbb52b4df009f9eaf202bfcc5d9f781031fff

Download Submit
C:\Windows\System\tFxBqcc.exe

Filesize
6.1MB

MD5
e3d8286293f720398e16a95216c5d3df

SHA1
0d4b53b75dbd86dca5c09ffd21a753f95ac96be9

SHA256
1a6326f1bb233b90f29ca1c54238315aff8f46768f3ba3744f337c22e868683a

SHA512
a0f5d10eba43190d25a2b2ce21c1596eae085211c97e83291222996f388b82a2cc49f8557b5308151f7c70fecdd86ac2942646eb5fd790e357d95ca571831b8b

Download Submit
C:\Windows\System\zEtXdOk.exe

Filesize
6.1MB

MD5
5a73c2b8662b929733e0786c2a7cc855

SHA1
7c91e9139aeb12dba302358fd89ff26b5a9b7f8c

SHA256
79130b42458e0a7a56adf62f82676f6ae0d1a5665510354f475a9137f28f5794

SHA512
8f0c4afe25bf2ab29fc438ff58d90dfc3b7d5c6b08260a2dec2c45c54714212d2e0aa34f65dbf2b7eb4436fbe63291d0ec1634543e1075f8252dd3efafe43352

Download Submit
memory/396-173-0x00007FF6ACB00000-0x00007FF6ACE54000-memory.dmp

Filesize
3.3MB

Download
memory/396-2235-0x00007FF6ACB00000-0x00007FF6ACE54000-memory.dmp

Filesize
3.3MB

Download
memory/816-174-0x00007FF784ED0000-0x00007FF785224000-memory.dmp

Filesize
3.3MB

Download
memory/816-2236-0x00007FF784ED0000-0x00007FF785224000-memory.dmp

Filesize
3.3MB

Download
memory/1144-8-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-72-0x00007FF6AE260000-0x00007FF6AE5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-67-0x00007FF7F3EA0000-0x00007FF7F41F4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2218-0x00007FF7F3EA0000-0x00007FF7F41F4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2237-0x00007FF710AE0000-0x00007FF710E34000-memory.dmp

Filesize
3.3MB

Download
memory/2040-179-0x00007FF710AE0000-0x00007FF710E34000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2226-0x00007FF7C6030000-0x00007FF7C6384000-memory.dmp

Filesize
3.3MB

Download
memory/2100-111-0x00007FF7C6030000-0x00007FF7C6384000-memory.dmp

Filesize
3.3MB

Download
memory/2100-351-0x00007FF7C6030000-0x00007FF7C6384000-memory.dmp

Filesize
3.3MB

Download
memory/2320-17-0x00007FF60DFD0000-0x00007FF60E324000-memory.dmp

Filesize
3.3MB

Download
memory/2320-80-0x00007FF60DFD0000-0x00007FF60E324000-memory.dmp

Filesize
3.3MB

Download
memory/2656-62-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1-0x0000021AC7610000-0x0000021AC7620000-memory.dmp

Filesize
64KB

Download
memory/2656-0-0x00007FF7B0770000-0x00007FF7B0AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-61-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp

Filesize
3.3MB

Download
memory/2692-116-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2219-0x00007FF7DE900000-0x00007FF7DEC54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-170-0x00007FF6CC490000-0x00007FF6CC7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2231-0x00007FF6CC490000-0x00007FF6CC7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-114-0x00007FF7084B0000-0x00007FF708804000-memory.dmp

Filesize
3.3MB

Download
memory/2804-48-0x00007FF7084B0000-0x00007FF708804000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2217-0x00007FF7084B0000-0x00007FF708804000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2212-0x00007FF765800000-0x00007FF765B54000-memory.dmp

Filesize
3.3MB

Download
memory/2820-16-0x00007FF765800000-0x00007FF765B54000-memory.dmp

Filesize
3.3MB

Download
memory/2820-79-0x00007FF765800000-0x00007FF765B54000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2215-0x00007FF604BF0000-0x00007FF604F44000-memory.dmp

Filesize
3.3MB

Download
memory/3056-42-0x00007FF604BF0000-0x00007FF604F44000-memory.dmp

Filesize
3.3MB

Download
memory/3884-186-0x00007FF638030000-0x00007FF638384000-memory.dmp

Filesize
3.3MB

Download
memory/3884-793-0x00007FF638030000-0x00007FF638384000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2238-0x00007FF638030000-0x00007FF638384000-memory.dmp

Filesize
3.3MB

Download
memory/4144-165-0x00007FF7A13D0000-0x00007FF7A1724000-memory.dmp

Filesize
3.3MB

Download
memory/4144-2229-0x00007FF7A13D0000-0x00007FF7A1724000-memory.dmp

Filesize
3.3MB

Download
memory/4220-177-0x00007FF6AD980000-0x00007FF6ADCD4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2234-0x00007FF6AD980000-0x00007FF6ADCD4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-144-0x00007FF65BF60000-0x00007FF65C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-2230-0x00007FF65BF60000-0x00007FF65C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-477-0x00007FF65BF60000-0x00007FF65C2B4000-memory.dmp

Filesize
3.3MB

Download
memory/4340-106-0x00007FF78B640000-0x00007FF78B994000-memory.dmp

Filesize
3.3MB

Download
memory/4340-2216-0x00007FF78B640000-0x00007FF78B994000-memory.dmp

Filesize
3.3MB

Download
memory/4340-46-0x00007FF78B640000-0x00007FF78B994000-memory.dmp

Filesize
3.3MB

Download
memory/4404-539-0x00007FF77DE60000-0x00007FF77E1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2232-0x00007FF77DE60000-0x00007FF77E1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-151-0x00007FF77DE60000-0x00007FF77E1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2233-0x00007FF71E650000-0x00007FF71E9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-538-0x00007FF71E650000-0x00007FF71E9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-145-0x00007FF71E650000-0x00007FF71E9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-73-0x00007FF684D80000-0x00007FF6850D4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2220-0x00007FF684D80000-0x00007FF6850D4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-185-0x00007FF7FA070000-0x00007FF7FA3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-82-0x00007FF7FA070000-0x00007FF7FA3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2222-0x00007FF7FA070000-0x00007FF7FA3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2221-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-75-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-178-0x00007FF79A460000-0x00007FF79A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-235-0x00007FF65C600000-0x00007FF65C954000-memory.dmp

Filesize
3.3MB

Download
memory/4900-89-0x00007FF65C600000-0x00007FF65C954000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2223-0x00007FF65C600000-0x00007FF65C954000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2227-0x00007FF694750000-0x00007FF694AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-115-0x00007FF694750000-0x00007FF694AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-473-0x00007FF694750000-0x00007FF694AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-476-0x00007FF6353D0000-0x00007FF635724000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2228-0x00007FF6353D0000-0x00007FF635724000-memory.dmp

Filesize
3.3MB

Download
memory/5100-140-0x00007FF6353D0000-0x00007FF635724000-memory.dmp

Filesize
3.3MB

Download
memory/5364-107-0x00007FF63F390000-0x00007FF63F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/5364-350-0x00007FF63F390000-0x00007FF63F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/5364-2224-0x00007FF63F390000-0x00007FF63F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/5580-2225-0x00007FF67CCD0000-0x00007FF67D024000-memory.dmp

Filesize
3.3MB

Download
memory/5580-298-0x00007FF67CCD0000-0x00007FF67D024000-memory.dmp

Filesize
3.3MB

Download
memory/5580-95-0x00007FF67CCD0000-0x00007FF67D024000-memory.dmp

Filesize
3.3MB

Download
memory/5772-2213-0x00007FF6610F0000-0x00007FF661444000-memory.dmp

Filesize
3.3MB

Download
memory/5772-83-0x00007FF6610F0000-0x00007FF661444000-memory.dmp

Filesize
3.3MB

Download
memory/5772-25-0x00007FF6610F0000-0x00007FF661444000-memory.dmp

Filesize
3.3MB

Download
memory/5948-2214-0x00007FF7565B0000-0x00007FF756904000-memory.dmp

Filesize
3.3MB

Download
memory/5948-35-0x00007FF7565B0000-0x00007FF756904000-memory.dmp

Filesize
3.3MB

Download