cobaltstrike | c3c68322b8cbf311637953f81554c1b48e55701ba99b34545e18c9a822d6fb31

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

5e0c3b9c5fbcdf87aea34f2fab1ac432
SHA1

afe273dede9e2efeba2a120f39154f0eb8775b83
SHA256

c3c68322b8cbf311637953f81554c1b48e55701ba99b34545e18c9a822d6fb31
SHA512

775d63647c7ef9a1c0e89638691bdd7b8ffad90bda048c134184beee95fc9c7674943a86459169480866576b0ed5fc8a7ff1dd3077e05c67555f03c4f87ba9ad
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6li:RWWBibf56utgpPFotBER/mQ32lUO

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024248-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024249-19.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424a-24.dat	cobalt_reflective_dll
behavioral2/files/0x01ad0000000221a8-7.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424b-28.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024246-36.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424c-46.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424e-50.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424d-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024251-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024250-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024253-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024255-108.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024256-121.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425a-140.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425d-148.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425c-146.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425b-144.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024259-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024258-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024257-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024254-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024252-99.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002424f-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024262-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024264-223.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024263-220.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024260-215.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024266-214.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024265-207.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425f-212.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024261-202.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425e-191.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1540-153-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp	xmrig
behavioral2/memory/5328-152-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	xmrig
behavioral2/memory/4512-151-0x00007FF737AA0000-0x00007FF737DF1000-memory.dmp	xmrig
behavioral2/memory/3232-150-0x00007FF70D5A0000-0x00007FF70D8F1000-memory.dmp	xmrig
behavioral2/memory/1144-127-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp	xmrig
behavioral2/memory/884-114-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp	xmrig
behavioral2/memory/3336-88-0x00007FF653780000-0x00007FF653AD1000-memory.dmp	xmrig
behavioral2/memory/3948-79-0x00007FF779A10000-0x00007FF779D61000-memory.dmp	xmrig
behavioral2/memory/6140-74-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp	xmrig
behavioral2/memory/2328-69-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp	xmrig
behavioral2/memory/3380-63-0x00007FF64FF20000-0x00007FF650271000-memory.dmp	xmrig
behavioral2/memory/3892-57-0x00007FF7ABEB0000-0x00007FF7AC201000-memory.dmp	xmrig
behavioral2/memory/5528-168-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp	xmrig
behavioral2/memory/2816-167-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp	xmrig
behavioral2/memory/1576-229-0x00007FF7EF9A0000-0x00007FF7EFCF1000-memory.dmp	xmrig
behavioral2/memory/1652-235-0x00007FF6240A0000-0x00007FF6243F1000-memory.dmp	xmrig
behavioral2/memory/5836-195-0x00007FF6D81E0000-0x00007FF6D8531000-memory.dmp	xmrig
behavioral2/memory/2528-178-0x00007FF6244C0000-0x00007FF624811000-memory.dmp	xmrig
behavioral2/memory/4540-176-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp	xmrig
behavioral2/memory/4624-173-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp	xmrig
behavioral2/memory/4700-172-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp	xmrig
behavioral2/memory/4616-170-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp	xmrig
behavioral2/memory/4672-171-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp	xmrig
behavioral2/memory/2608-169-0x00007FF69D220000-0x00007FF69D571000-memory.dmp	xmrig
behavioral2/memory/4484-165-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp	xmrig
behavioral2/memory/456-162-0x00007FF625600000-0x00007FF625951000-memory.dmp	xmrig
behavioral2/memory/5504-175-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp	xmrig
behavioral2/memory/2724-166-0x00007FF642530000-0x00007FF642881000-memory.dmp	xmrig
behavioral2/memory/3276-986-0x00007FF761510000-0x00007FF761861000-memory.dmp	xmrig
behavioral2/memory/760-987-0x00007FF7044E0000-0x00007FF704831000-memory.dmp	xmrig
behavioral2/memory/2328-1969-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp	xmrig
behavioral2/memory/6140-1981-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp	xmrig
behavioral2/memory/3336-1992-0x00007FF653780000-0x00007FF653AD1000-memory.dmp	xmrig
behavioral2/memory/3948-1989-0x00007FF779A10000-0x00007FF779D61000-memory.dmp	xmrig
behavioral2/memory/884-2234-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp	xmrig
behavioral2/memory/4484-2304-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp	xmrig
behavioral2/memory/2816-2312-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp	xmrig
behavioral2/memory/5528-2323-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp	xmrig
behavioral2/memory/4616-2321-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp	xmrig
behavioral2/memory/4672-2325-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp	xmrig
behavioral2/memory/2724-2327-0x00007FF642530000-0x00007FF642881000-memory.dmp	xmrig
behavioral2/memory/4700-2331-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp	xmrig
behavioral2/memory/2528-2356-0x00007FF6244C0000-0x00007FF624811000-memory.dmp	xmrig
behavioral2/memory/3232-2358-0x00007FF70D5A0000-0x00007FF70D8F1000-memory.dmp	xmrig
behavioral2/memory/5328-2355-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	xmrig
behavioral2/memory/4540-2349-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp	xmrig
behavioral2/memory/5504-2338-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp	xmrig
behavioral2/memory/4624-2336-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp	xmrig
behavioral2/memory/4512-2340-0x00007FF737AA0000-0x00007FF737DF1000-memory.dmp	xmrig
behavioral2/memory/2608-2317-0x00007FF69D220000-0x00007FF69D571000-memory.dmp	xmrig
behavioral2/memory/1540-2293-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp	xmrig
behavioral2/memory/3380-2265-0x00007FF64FF20000-0x00007FF650271000-memory.dmp	xmrig
behavioral2/memory/456-2253-0x00007FF625600000-0x00007FF625951000-memory.dmp	xmrig
behavioral2/memory/1144-2244-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp	xmrig
behavioral2/memory/1652-2599-0x00007FF6240A0000-0x00007FF6243F1000-memory.dmp	xmrig
behavioral2/memory/1576-2601-0x00007FF7EF9A0000-0x00007FF7EFCF1000-memory.dmp	xmrig
behavioral2/memory/3276-2603-0x00007FF761510000-0x00007FF761861000-memory.dmp	xmrig
behavioral2/memory/760-2623-0x00007FF7044E0000-0x00007FF704831000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2328	jnQkKqf.exe
6140	nfbofuO.exe
3948	fVuBkxo.exe
3336	PqbGPZL.exe
884	TFQdXaV.exe
1144	rZNhrzx.exe
456	qfOfCuG.exe
1540	qSXUKKI.exe
3380	GeYGoMB.exe
4484	EUGAHPh.exe
2724	fUobPyk.exe
2816	HTzsyYO.exe
5528	qabXCBW.exe
2608	xDvvfOa.exe
4616	LaYfxSf.exe
4672	xbWrxop.exe
4700	LqEJbQK.exe
4624	WzAofPy.exe
4512	sXwghqa.exe
5504	MNdfazr.exe
4540	HJJtnqN.exe
5328	QoyvMnP.exe
2528	PQZrHjl.exe
3232	LrFaTqA.exe
5836	aZeQIyX.exe
1652	uMHGBEc.exe
3276	pXZFkaY.exe
760	PEhOKCR.exe
1576	XEzsyee.exe
388	XOZxgTa.exe
2032	lkhFqZc.exe
3860	eoQsqXB.exe
3536	ahocHCq.exe
1812	GKKoKSh.exe
1164	gEGGHlq.exe
3988	qjHLjkv.exe
2916	lDxufVr.exe
1328	aVybLEo.exe
5116	WsjRGRr.exe
5712	bkyZTRp.exe
4352	bLyKhHo.exe
4468	eMRWDRO.exe
1208	DOntGpA.exe
5668	tJLXmwo.exe
6132	LENsqBy.exe
5544	TEtPaTt.exe
2384	EApTkfm.exe
2352	AuSxhsv.exe
1160	MTxpQdD.exe
3648	ZldXgRa.exe
5700	FufpZfX.exe
2500	NtfKYPG.exe
3620	dQoxPZO.exe
2492	NakupgA.exe
3752	VRNcput.exe
3428	BmLsVwt.exe
3996	waDVxuD.exe
4168	suSilKb.exe
5216	MuUhice.exe
5652	CREnivA.exe
2612	JnQbuOe.exe
5456	UEAYNWw.exe
1852	YtHOqCC.exe
5816	CudIEMe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3892-0-0x00007FF7ABEB0000-0x00007FF7AC201000-memory.dmp	upx
behavioral2/memory/2328-6-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp	upx
behavioral2/memory/6140-12-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp	upx
behavioral2/files/0x0008000000024248-13.dat	upx
behavioral2/files/0x0007000000024249-19.dat	upx
behavioral2/memory/3336-23-0x00007FF653780000-0x00007FF653AD1000-memory.dmp	upx
behavioral2/files/0x000700000002424a-24.dat	upx
behavioral2/memory/3948-18-0x00007FF779A10000-0x00007FF779D61000-memory.dmp	upx
behavioral2/files/0x01ad0000000221a8-7.dat	upx
behavioral2/files/0x000700000002424b-28.dat	upx
behavioral2/memory/884-32-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp	upx
behavioral2/files/0x0008000000024246-36.dat	upx
behavioral2/memory/1144-37-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp	upx
behavioral2/files/0x000700000002424c-46.dat	upx
behavioral2/files/0x000700000002424e-50.dat	upx
behavioral2/files/0x000700000002424d-60.dat	upx
behavioral2/files/0x0007000000024251-70.dat	upx
behavioral2/files/0x0007000000024250-76.dat	upx
behavioral2/files/0x0007000000024253-96.dat	upx
behavioral2/memory/4616-102-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp	upx
behavioral2/files/0x0007000000024255-108.dat	upx
behavioral2/files/0x0007000000024256-121.dat	upx
behavioral2/files/0x000700000002425a-140.dat	upx
behavioral2/files/0x000700000002425d-148.dat	upx
behavioral2/memory/1540-153-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp	upx
behavioral2/memory/5328-152-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	upx
behavioral2/memory/4512-151-0x00007FF737AA0000-0x00007FF737DF1000-memory.dmp	upx
behavioral2/memory/3232-150-0x00007FF70D5A0000-0x00007FF70D8F1000-memory.dmp	upx
behavioral2/files/0x000700000002425c-146.dat	upx
behavioral2/files/0x000700000002425b-144.dat	upx
behavioral2/memory/2528-143-0x00007FF6244C0000-0x00007FF624811000-memory.dmp	upx
behavioral2/memory/4540-142-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp	upx
behavioral2/files/0x0007000000024259-138.dat	upx
behavioral2/files/0x0007000000024258-136.dat	upx
behavioral2/memory/5504-135-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp	upx
behavioral2/memory/4624-134-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp	upx
behavioral2/files/0x0007000000024257-129.dat	upx
behavioral2/memory/1144-127-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp	upx
behavioral2/memory/4700-126-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp	upx
behavioral2/memory/884-114-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp	upx
behavioral2/memory/4672-112-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp	upx
behavioral2/files/0x0007000000024254-104.dat	upx
behavioral2/files/0x0007000000024252-99.dat	upx
behavioral2/memory/2608-91-0x00007FF69D220000-0x00007FF69D571000-memory.dmp	upx
behavioral2/memory/3336-88-0x00007FF653780000-0x00007FF653AD1000-memory.dmp	upx
behavioral2/memory/5528-81-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp	upx
behavioral2/memory/3948-79-0x00007FF779A10000-0x00007FF779D61000-memory.dmp	upx
behavioral2/memory/2816-78-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp	upx
behavioral2/memory/6140-74-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp	upx
behavioral2/memory/2724-73-0x00007FF642530000-0x00007FF642881000-memory.dmp	upx
behavioral2/memory/2328-69-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp	upx
behavioral2/memory/4484-66-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp	upx
behavioral2/files/0x000700000002424f-64.dat	upx
behavioral2/memory/3380-63-0x00007FF64FF20000-0x00007FF650271000-memory.dmp	upx
behavioral2/memory/3892-57-0x00007FF7ABEB0000-0x00007FF7AC201000-memory.dmp	upx
behavioral2/memory/1540-51-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp	upx
behavioral2/memory/456-42-0x00007FF625600000-0x00007FF625951000-memory.dmp	upx
behavioral2/memory/5528-168-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp	upx
behavioral2/memory/2816-167-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp	upx
behavioral2/files/0x0007000000024262-203.dat	upx
behavioral2/memory/3276-209-0x00007FF761510000-0x00007FF761861000-memory.dmp	upx
behavioral2/memory/1576-229-0x00007FF7EF9A0000-0x00007FF7EFCF1000-memory.dmp	upx
behavioral2/memory/1652-235-0x00007FF6240A0000-0x00007FF6243F1000-memory.dmp	upx
behavioral2/files/0x0007000000024264-223.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rpWGjaf.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQpfdkw.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQAafln.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLqTbBy.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOsqVpk.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFYLNwc.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NakupgA.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sENIExd.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdlroue.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaImqey.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaIebGY.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeZcMAw.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMpNHFr.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYYhGzv.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTlElGE.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSRHokJ.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQZrHjl.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVdswrz.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjDCsaN.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvxwWvw.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoVQtZj.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HueiuEG.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnUFwbA.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvnvLDm.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXwghqa.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSEISnA.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxOWQvZ.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWOzEVf.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoOcitF.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlhPbKm.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfyONnz.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqyWLra.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVybLEo.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYanSrU.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmtnUJx.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpULMEn.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZeJQKV.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwWEOLJ.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xaJJZJI.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEmtnkp.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBVOGGu.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOfflbz.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLJKFND.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxlbHCv.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtDbhBF.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIomgMi.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZZMpjy.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLjPTdt.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWYkYEN.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNiVBNg.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhKGhrp.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwyOrST.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKEwFeR.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDCreaL.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EApTkfm.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYIJiQT.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhrphZq.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgOzeJb.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdXgICa.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGbVntU.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEakugm.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFQdXaV.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlunCxS.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHafMNH.exe	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 2328	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3892 wrote to memory of 2328	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3892 wrote to memory of 6140	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3892 wrote to memory of 6140	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3892 wrote to memory of 3948	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3892 wrote to memory of 3948	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3892 wrote to memory of 3336	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3892 wrote to memory of 3336	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3892 wrote to memory of 884	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3892 wrote to memory of 884	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3892 wrote to memory of 1144	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3892 wrote to memory of 1144	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3892 wrote to memory of 456	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3892 wrote to memory of 456	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3892 wrote to memory of 1540	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3892 wrote to memory of 1540	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3892 wrote to memory of 3380	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3892 wrote to memory of 3380	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3892 wrote to memory of 4484	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3892 wrote to memory of 4484	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3892 wrote to memory of 2724	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3892 wrote to memory of 2724	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3892 wrote to memory of 2816	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3892 wrote to memory of 2816	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3892 wrote to memory of 5528	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3892 wrote to memory of 5528	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3892 wrote to memory of 2608	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3892 wrote to memory of 2608	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3892 wrote to memory of 4616	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3892 wrote to memory of 4616	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3892 wrote to memory of 4672	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3892 wrote to memory of 4672	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3892 wrote to memory of 4700	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3892 wrote to memory of 4700	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3892 wrote to memory of 4624	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3892 wrote to memory of 4624	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3892 wrote to memory of 4512	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3892 wrote to memory of 4512	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3892 wrote to memory of 5504	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3892 wrote to memory of 5504	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3892 wrote to memory of 4540	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3892 wrote to memory of 4540	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3892 wrote to memory of 5328	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3892 wrote to memory of 5328	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3892 wrote to memory of 2528	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3892 wrote to memory of 2528	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3892 wrote to memory of 3232	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3892 wrote to memory of 3232	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3892 wrote to memory of 5836	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3892 wrote to memory of 5836	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3892 wrote to memory of 1652	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3892 wrote to memory of 1652	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3892 wrote to memory of 3276	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3892 wrote to memory of 3276	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3892 wrote to memory of 760	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3892 wrote to memory of 760	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3892 wrote to memory of 1576	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3892 wrote to memory of 1576	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3892 wrote to memory of 388	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3892 wrote to memory of 388	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3892 wrote to memory of 2032	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3892 wrote to memory of 2032	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	119
PID 3892 wrote to memory of 3860	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	120
PID 3892 wrote to memory of 3860	3892	2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_5e0c3b9c5fbcdf87aea34f2fab1ac432_amadey_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Windows\System\jnQkKqf.exe
  C:\Windows\System\jnQkKqf.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nfbofuO.exe
  C:\Windows\System\nfbofuO.exe
  2⤵
  - Executes dropped EXE
  PID:6140
- C:\Windows\System\fVuBkxo.exe
  C:\Windows\System\fVuBkxo.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\PqbGPZL.exe
  C:\Windows\System\PqbGPZL.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\TFQdXaV.exe
  C:\Windows\System\TFQdXaV.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\rZNhrzx.exe
  C:\Windows\System\rZNhrzx.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\qfOfCuG.exe
  C:\Windows\System\qfOfCuG.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\qSXUKKI.exe
  C:\Windows\System\qSXUKKI.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\GeYGoMB.exe
  C:\Windows\System\GeYGoMB.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\EUGAHPh.exe
  C:\Windows\System\EUGAHPh.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\fUobPyk.exe
  C:\Windows\System\fUobPyk.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\HTzsyYO.exe
  C:\Windows\System\HTzsyYO.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\qabXCBW.exe
  C:\Windows\System\qabXCBW.exe
  2⤵
  - Executes dropped EXE
  PID:5528
- C:\Windows\System\xDvvfOa.exe
  C:\Windows\System\xDvvfOa.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\LaYfxSf.exe
  C:\Windows\System\LaYfxSf.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\xbWrxop.exe
  C:\Windows\System\xbWrxop.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\LqEJbQK.exe
  C:\Windows\System\LqEJbQK.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\WzAofPy.exe
  C:\Windows\System\WzAofPy.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\sXwghqa.exe
  C:\Windows\System\sXwghqa.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\MNdfazr.exe
  C:\Windows\System\MNdfazr.exe
  2⤵
  - Executes dropped EXE
  PID:5504
- C:\Windows\System\HJJtnqN.exe
  C:\Windows\System\HJJtnqN.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\QoyvMnP.exe
  C:\Windows\System\QoyvMnP.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\PQZrHjl.exe
  C:\Windows\System\PQZrHjl.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\LrFaTqA.exe
  C:\Windows\System\LrFaTqA.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\aZeQIyX.exe
  C:\Windows\System\aZeQIyX.exe
  2⤵
  - Executes dropped EXE
  PID:5836
- C:\Windows\System\uMHGBEc.exe
  C:\Windows\System\uMHGBEc.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\pXZFkaY.exe
  C:\Windows\System\pXZFkaY.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\PEhOKCR.exe
  C:\Windows\System\PEhOKCR.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\XEzsyee.exe
  C:\Windows\System\XEzsyee.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\XOZxgTa.exe
  C:\Windows\System\XOZxgTa.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\lkhFqZc.exe
  C:\Windows\System\lkhFqZc.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\eoQsqXB.exe
  C:\Windows\System\eoQsqXB.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\ahocHCq.exe
  C:\Windows\System\ahocHCq.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\gEGGHlq.exe
  C:\Windows\System\gEGGHlq.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\GKKoKSh.exe
  C:\Windows\System\GKKoKSh.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\qjHLjkv.exe
  C:\Windows\System\qjHLjkv.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\lDxufVr.exe
  C:\Windows\System\lDxufVr.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\aVybLEo.exe
  C:\Windows\System\aVybLEo.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\WsjRGRr.exe
  C:\Windows\System\WsjRGRr.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\bkyZTRp.exe
  C:\Windows\System\bkyZTRp.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\bLyKhHo.exe
  C:\Windows\System\bLyKhHo.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\eMRWDRO.exe
  C:\Windows\System\eMRWDRO.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\DOntGpA.exe
  C:\Windows\System\DOntGpA.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\tJLXmwo.exe
  C:\Windows\System\tJLXmwo.exe
  2⤵
  - Executes dropped EXE
  PID:5668
- C:\Windows\System\LENsqBy.exe
  C:\Windows\System\LENsqBy.exe
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Windows\System\TEtPaTt.exe
  C:\Windows\System\TEtPaTt.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\EApTkfm.exe
  C:\Windows\System\EApTkfm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\MTxpQdD.exe
  C:\Windows\System\MTxpQdD.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\AuSxhsv.exe
  C:\Windows\System\AuSxhsv.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZldXgRa.exe
  C:\Windows\System\ZldXgRa.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\FufpZfX.exe
  C:\Windows\System\FufpZfX.exe
  2⤵
  - Executes dropped EXE
  PID:5700
- C:\Windows\System\NtfKYPG.exe
  C:\Windows\System\NtfKYPG.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\dQoxPZO.exe
  C:\Windows\System\dQoxPZO.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\NakupgA.exe
  C:\Windows\System\NakupgA.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\VRNcput.exe
  C:\Windows\System\VRNcput.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\BmLsVwt.exe
  C:\Windows\System\BmLsVwt.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\waDVxuD.exe
  C:\Windows\System\waDVxuD.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\suSilKb.exe
  C:\Windows\System\suSilKb.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\MuUhice.exe
  C:\Windows\System\MuUhice.exe
  2⤵
  - Executes dropped EXE
  PID:5216
- C:\Windows\System\CREnivA.exe
  C:\Windows\System\CREnivA.exe
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Windows\System\JnQbuOe.exe
  C:\Windows\System\JnQbuOe.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UEAYNWw.exe
  C:\Windows\System\UEAYNWw.exe
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Windows\System\YtHOqCC.exe
  C:\Windows\System\YtHOqCC.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\CudIEMe.exe
  C:\Windows\System\CudIEMe.exe
  2⤵
  - Executes dropped EXE
  PID:5816
- C:\Windows\System\CFAbHUu.exe
  C:\Windows\System\CFAbHUu.exe
  2⤵
  PID:4496
- C:\Windows\System\NUxLVWr.exe
  C:\Windows\System\NUxLVWr.exe
  2⤵
  PID:4396
- C:\Windows\System\cVsxnOa.exe
  C:\Windows\System\cVsxnOa.exe
  2⤵
  PID:2296
- C:\Windows\System\pJZSVCM.exe
  C:\Windows\System\pJZSVCM.exe
  2⤵
  PID:1388
- C:\Windows\System\JGTCoFc.exe
  C:\Windows\System\JGTCoFc.exe
  2⤵
  PID:3164
- C:\Windows\System\vuWUqeF.exe
  C:\Windows\System\vuWUqeF.exe
  2⤵
  PID:3632
- C:\Windows\System\GanARuJ.exe
  C:\Windows\System\GanARuJ.exe
  2⤵
  PID:1612
- C:\Windows\System\FfxoDlN.exe
  C:\Windows\System\FfxoDlN.exe
  2⤵
  PID:5496
- C:\Windows\System\vPMBTNt.exe
  C:\Windows\System\vPMBTNt.exe
  2⤵
  PID:5832
- C:\Windows\System\cwWEOLJ.exe
  C:\Windows\System\cwWEOLJ.exe
  2⤵
  PID:5800
- C:\Windows\System\ZpqGvhj.exe
  C:\Windows\System\ZpqGvhj.exe
  2⤵
  PID:2680
- C:\Windows\System\bUkxhxg.exe
  C:\Windows\System\bUkxhxg.exe
  2⤵
  PID:4564
- C:\Windows\System\wlxFfdm.exe
  C:\Windows\System\wlxFfdm.exe
  2⤵
  PID:4640
- C:\Windows\System\ffeeOmq.exe
  C:\Windows\System\ffeeOmq.exe
  2⤵
  PID:4300
- C:\Windows\System\sewwsrc.exe
  C:\Windows\System\sewwsrc.exe
  2⤵
  PID:3328
- C:\Windows\System\XunPxOi.exe
  C:\Windows\System\XunPxOi.exe
  2⤵
  PID:4856
- C:\Windows\System\oeIPhJv.exe
  C:\Windows\System\oeIPhJv.exe
  2⤵
  PID:5016
- C:\Windows\System\VgJMEyc.exe
  C:\Windows\System\VgJMEyc.exe
  2⤵
  PID:5440
- C:\Windows\System\bFmfdNW.exe
  C:\Windows\System\bFmfdNW.exe
  2⤵
  PID:768
- C:\Windows\System\qhlJqwZ.exe
  C:\Windows\System\qhlJqwZ.exe
  2⤵
  PID:3644
- C:\Windows\System\ozJVuQo.exe
  C:\Windows\System\ozJVuQo.exe
  2⤵
  PID:4868
- C:\Windows\System\RjTCndp.exe
  C:\Windows\System\RjTCndp.exe
  2⤵
  PID:5736
- C:\Windows\System\iOAVDIn.exe
  C:\Windows\System\iOAVDIn.exe
  2⤵
  PID:1976
- C:\Windows\System\avKyvgm.exe
  C:\Windows\System\avKyvgm.exe
  2⤵
  PID:4904
- C:\Windows\System\CeHEIiX.exe
  C:\Windows\System\CeHEIiX.exe
  2⤵
  PID:540
- C:\Windows\System\sENIExd.exe
  C:\Windows\System\sENIExd.exe
  2⤵
  PID:4772
- C:\Windows\System\MEzxfWN.exe
  C:\Windows\System\MEzxfWN.exe
  2⤵
  PID:4568
- C:\Windows\System\vFLsCXW.exe
  C:\Windows\System\vFLsCXW.exe
  2⤵
  PID:320
- C:\Windows\System\hzYvdCb.exe
  C:\Windows\System\hzYvdCb.exe
  2⤵
  PID:3604
- C:\Windows\System\wKWJoLl.exe
  C:\Windows\System\wKWJoLl.exe
  2⤵
  PID:5568
- C:\Windows\System\TToRhxM.exe
  C:\Windows\System\TToRhxM.exe
  2⤵
  PID:1948
- C:\Windows\System\cJKXfPC.exe
  C:\Windows\System\cJKXfPC.exe
  2⤵
  PID:376
- C:\Windows\System\WiHMjMD.exe
  C:\Windows\System\WiHMjMD.exe
  2⤵
  PID:804
- C:\Windows\System\VXPgNZr.exe
  C:\Windows\System\VXPgNZr.exe
  2⤵
  PID:2344
- C:\Windows\System\VTDzVhy.exe
  C:\Windows\System\VTDzVhy.exe
  2⤵
  PID:64
- C:\Windows\System\OpDIDBz.exe
  C:\Windows\System\OpDIDBz.exe
  2⤵
  PID:1684
- C:\Windows\System\cGNsejM.exe
  C:\Windows\System\cGNsejM.exe
  2⤵
  PID:732
- C:\Windows\System\ERlooff.exe
  C:\Windows\System\ERlooff.exe
  2⤵
  PID:5424
- C:\Windows\System\mcNSisH.exe
  C:\Windows\System\mcNSisH.exe
  2⤵
  PID:5872
- C:\Windows\System\lRXnnNK.exe
  C:\Windows\System\lRXnnNK.exe
  2⤵
  PID:5600
- C:\Windows\System\xaJJZJI.exe
  C:\Windows\System\xaJJZJI.exe
  2⤵
  PID:5756
- C:\Windows\System\vOxfEQs.exe
  C:\Windows\System\vOxfEQs.exe
  2⤵
  PID:1416
- C:\Windows\System\VVuhorx.exe
  C:\Windows\System\VVuhorx.exe
  2⤵
  PID:1048
- C:\Windows\System\BfUFyPz.exe
  C:\Windows\System\BfUFyPz.exe
  2⤵
  PID:1056
- C:\Windows\System\QIbuePu.exe
  C:\Windows\System\QIbuePu.exe
  2⤵
  PID:3500
- C:\Windows\System\JFUdaNB.exe
  C:\Windows\System\JFUdaNB.exe
  2⤵
  PID:5308
- C:\Windows\System\yQjJOEu.exe
  C:\Windows\System\yQjJOEu.exe
  2⤵
  PID:2920
- C:\Windows\System\bYLhNjy.exe
  C:\Windows\System\bYLhNjy.exe
  2⤵
  PID:1292
- C:\Windows\System\WCkxeNj.exe
  C:\Windows\System\WCkxeNj.exe
  2⤵
  PID:2200
- C:\Windows\System\XvQKEpA.exe
  C:\Windows\System\XvQKEpA.exe
  2⤵
  PID:5648
- C:\Windows\System\yolWlLv.exe
  C:\Windows\System\yolWlLv.exe
  2⤵
  PID:5552
- C:\Windows\System\RUtVWlL.exe
  C:\Windows\System\RUtVWlL.exe
  2⤵
  PID:5000
- C:\Windows\System\rpWGjaf.exe
  C:\Windows\System\rpWGjaf.exe
  2⤵
  PID:3692
- C:\Windows\System\dALDiKd.exe
  C:\Windows\System\dALDiKd.exe
  2⤵
  PID:5748
- C:\Windows\System\QgvaWRQ.exe
  C:\Windows\System\QgvaWRQ.exe
  2⤵
  PID:2908
- C:\Windows\System\LCGjULX.exe
  C:\Windows\System\LCGjULX.exe
  2⤵
  PID:5520
- C:\Windows\System\AYIJiQT.exe
  C:\Windows\System\AYIJiQT.exe
  2⤵
  PID:2664
- C:\Windows\System\ugVAhiG.exe
  C:\Windows\System\ugVAhiG.exe
  2⤵
  PID:1180
- C:\Windows\System\ApMubfB.exe
  C:\Windows\System\ApMubfB.exe
  2⤵
  PID:624
- C:\Windows\System\tvilbar.exe
  C:\Windows\System\tvilbar.exe
  2⤵
  PID:4832
- C:\Windows\System\LqgpRvj.exe
  C:\Windows\System\LqgpRvj.exe
  2⤵
  PID:4012
- C:\Windows\System\oBZIyBQ.exe
  C:\Windows\System\oBZIyBQ.exe
  2⤵
  PID:4668
- C:\Windows\System\YHxwwjl.exe
  C:\Windows\System\YHxwwjl.exe
  2⤵
  PID:1468
- C:\Windows\System\wBQcLsh.exe
  C:\Windows\System\wBQcLsh.exe
  2⤵
  PID:5752
- C:\Windows\System\UFwpmjz.exe
  C:\Windows\System\UFwpmjz.exe
  2⤵
  PID:2536
- C:\Windows\System\Vnisekk.exe
  C:\Windows\System\Vnisekk.exe
  2⤵
  PID:3188
- C:\Windows\System\GzUYler.exe
  C:\Windows\System\GzUYler.exe
  2⤵
  PID:5196
- C:\Windows\System\zjAZQLo.exe
  C:\Windows\System\zjAZQLo.exe
  2⤵
  PID:744
- C:\Windows\System\QzIpIzo.exe
  C:\Windows\System\QzIpIzo.exe
  2⤵
  PID:5840
- C:\Windows\System\WKLfFNO.exe
  C:\Windows\System\WKLfFNO.exe
  2⤵
  PID:3448
- C:\Windows\System\NTJilUV.exe
  C:\Windows\System\NTJilUV.exe
  2⤵
  PID:3544
- C:\Windows\System\ZkxZLtG.exe
  C:\Windows\System\ZkxZLtG.exe
  2⤵
  PID:2164
- C:\Windows\System\orTgMKf.exe
  C:\Windows\System\orTgMKf.exe
  2⤵
  PID:3144
- C:\Windows\System\SIXiYBs.exe
  C:\Windows\System\SIXiYBs.exe
  2⤵
  PID:2068
- C:\Windows\System\guLCZja.exe
  C:\Windows\System\guLCZja.exe
  2⤵
  PID:464
- C:\Windows\System\OvmWxyY.exe
  C:\Windows\System\OvmWxyY.exe
  2⤵
  PID:432
- C:\Windows\System\LRSlXAH.exe
  C:\Windows\System\LRSlXAH.exe
  2⤵
  PID:1404
- C:\Windows\System\MmCgyHH.exe
  C:\Windows\System\MmCgyHH.exe
  2⤵
  PID:2828
- C:\Windows\System\EBXgVNw.exe
  C:\Windows\System\EBXgVNw.exe
  2⤵
  PID:4472
- C:\Windows\System\itGMgzf.exe
  C:\Windows\System\itGMgzf.exe
  2⤵
  PID:5772
- C:\Windows\System\UdYhcCK.exe
  C:\Windows\System\UdYhcCK.exe
  2⤵
  PID:3140
- C:\Windows\System\lWftkoa.exe
  C:\Windows\System\lWftkoa.exe
  2⤵
  PID:2728
- C:\Windows\System\DorHsie.exe
  C:\Windows\System\DorHsie.exe
  2⤵
  PID:2716
- C:\Windows\System\bjWVfbN.exe
  C:\Windows\System\bjWVfbN.exe
  2⤵
  PID:5684
- C:\Windows\System\CCQUAsY.exe
  C:\Windows\System\CCQUAsY.exe
  2⤵
  PID:4724
- C:\Windows\System\rloIHkR.exe
  C:\Windows\System\rloIHkR.exe
  2⤵
  PID:1820
- C:\Windows\System\UmHAZpv.exe
  C:\Windows\System\UmHAZpv.exe
  2⤵
  PID:2484
- C:\Windows\System\KDwgSIg.exe
  C:\Windows\System\KDwgSIg.exe
  2⤵
  PID:3820
- C:\Windows\System\WSEISnA.exe
  C:\Windows\System\WSEISnA.exe
  2⤵
  PID:772
- C:\Windows\System\rlunCxS.exe
  C:\Windows\System\rlunCxS.exe
  2⤵
  PID:992
- C:\Windows\System\Mxbnewi.exe
  C:\Windows\System\Mxbnewi.exe
  2⤵
  PID:548
- C:\Windows\System\BEqmDcS.exe
  C:\Windows\System\BEqmDcS.exe
  2⤵
  PID:6176
- C:\Windows\System\NGYwUhk.exe
  C:\Windows\System\NGYwUhk.exe
  2⤵
  PID:6192
- C:\Windows\System\AIyAJQS.exe
  C:\Windows\System\AIyAJQS.exe
  2⤵
  PID:6212
- C:\Windows\System\RxQpKmi.exe
  C:\Windows\System\RxQpKmi.exe
  2⤵
  PID:6232
- C:\Windows\System\DGSEsjv.exe
  C:\Windows\System\DGSEsjv.exe
  2⤵
  PID:6256
- C:\Windows\System\mVdswrz.exe
  C:\Windows\System\mVdswrz.exe
  2⤵
  PID:6284
- C:\Windows\System\ARGTOFI.exe
  C:\Windows\System\ARGTOFI.exe
  2⤵
  PID:6308
- C:\Windows\System\dtqEbOk.exe
  C:\Windows\System\dtqEbOk.exe
  2⤵
  PID:6340
- C:\Windows\System\cGbEEje.exe
  C:\Windows\System\cGbEEje.exe
  2⤵
  PID:6368
- C:\Windows\System\bRgkQEW.exe
  C:\Windows\System\bRgkQEW.exe
  2⤵
  PID:6404
- C:\Windows\System\JIAwaKb.exe
  C:\Windows\System\JIAwaKb.exe
  2⤵
  PID:6440
- C:\Windows\System\wKXfvgc.exe
  C:\Windows\System\wKXfvgc.exe
  2⤵
  PID:6468
- C:\Windows\System\HjqrTjw.exe
  C:\Windows\System\HjqrTjw.exe
  2⤵
  PID:6504
- C:\Windows\System\lPJjSlL.exe
  C:\Windows\System\lPJjSlL.exe
  2⤵
  PID:6532
- C:\Windows\System\ZqTeAaB.exe
  C:\Windows\System\ZqTeAaB.exe
  2⤵
  PID:6564
- C:\Windows\System\hIomgMi.exe
  C:\Windows\System\hIomgMi.exe
  2⤵
  PID:6596
- C:\Windows\System\wESSSWl.exe
  C:\Windows\System\wESSSWl.exe
  2⤵
  PID:6632
- C:\Windows\System\ugjBqjr.exe
  C:\Windows\System\ugjBqjr.exe
  2⤵
  PID:6664
- C:\Windows\System\VJMELwg.exe
  C:\Windows\System\VJMELwg.exe
  2⤵
  PID:6688
- C:\Windows\System\wKkzdCZ.exe
  C:\Windows\System\wKkzdCZ.exe
  2⤵
  PID:6724
- C:\Windows\System\XZbUhrV.exe
  C:\Windows\System\XZbUhrV.exe
  2⤵
  PID:6744
- C:\Windows\System\oEmtnkp.exe
  C:\Windows\System\oEmtnkp.exe
  2⤵
  PID:6776
- C:\Windows\System\NFaKIwq.exe
  C:\Windows\System\NFaKIwq.exe
  2⤵
  PID:6800
- C:\Windows\System\NnRGsyf.exe
  C:\Windows\System\NnRGsyf.exe
  2⤵
  PID:6836
- C:\Windows\System\TaTzSQu.exe
  C:\Windows\System\TaTzSQu.exe
  2⤵
  PID:6868
- C:\Windows\System\GHxtTWZ.exe
  C:\Windows\System\GHxtTWZ.exe
  2⤵
  PID:6892
- C:\Windows\System\XmCLsZQ.exe
  C:\Windows\System\XmCLsZQ.exe
  2⤵
  PID:6912
- C:\Windows\System\FKapgVd.exe
  C:\Windows\System\FKapgVd.exe
  2⤵
  PID:6952
- C:\Windows\System\uWoHfwS.exe
  C:\Windows\System\uWoHfwS.exe
  2⤵
  PID:6972
- C:\Windows\System\PxVJIAl.exe
  C:\Windows\System\PxVJIAl.exe
  2⤵
  PID:7004
- C:\Windows\System\SYvMZJp.exe
  C:\Windows\System\SYvMZJp.exe
  2⤵
  PID:7048
- C:\Windows\System\dBphrBA.exe
  C:\Windows\System\dBphrBA.exe
  2⤵
  PID:7068
- C:\Windows\System\aHFzpuP.exe
  C:\Windows\System\aHFzpuP.exe
  2⤵
  PID:7092
- C:\Windows\System\dVmATvo.exe
  C:\Windows\System\dVmATvo.exe
  2⤵
  PID:7120
- C:\Windows\System\TcKXgUy.exe
  C:\Windows\System\TcKXgUy.exe
  2⤵
  PID:7152
- C:\Windows\System\HQWFnsS.exe
  C:\Windows\System\HQWFnsS.exe
  2⤵
  PID:6168
- C:\Windows\System\IgFCBfc.exe
  C:\Windows\System\IgFCBfc.exe
  2⤵
  PID:6208
- C:\Windows\System\xDVqqSF.exe
  C:\Windows\System\xDVqqSF.exe
  2⤵
  PID:6156
- C:\Windows\System\CScarNd.exe
  C:\Windows\System\CScarNd.exe
  2⤵
  PID:6296
- C:\Windows\System\QpOrSIs.exe
  C:\Windows\System\QpOrSIs.exe
  2⤵
  PID:6360
- C:\Windows\System\PvSncVC.exe
  C:\Windows\System\PvSncVC.exe
  2⤵
  PID:6356
- C:\Windows\System\dgEpwTv.exe
  C:\Windows\System\dgEpwTv.exe
  2⤵
  PID:6484
- C:\Windows\System\QUkRNtG.exe
  C:\Windows\System\QUkRNtG.exe
  2⤵
  PID:6556
- C:\Windows\System\bejvPqI.exe
  C:\Windows\System\bejvPqI.exe
  2⤵
  PID:6616
- C:\Windows\System\XxvPLtL.exe
  C:\Windows\System\XxvPLtL.exe
  2⤵
  PID:6684
- C:\Windows\System\gekqFby.exe
  C:\Windows\System\gekqFby.exe
  2⤵
  PID:2968
- C:\Windows\System\JyqiiTf.exe
  C:\Windows\System\JyqiiTf.exe
  2⤵
  PID:6828
- C:\Windows\System\IceUTrV.exe
  C:\Windows\System\IceUTrV.exe
  2⤵
  PID:6880
- C:\Windows\System\hNnfyIq.exe
  C:\Windows\System\hNnfyIq.exe
  2⤵
  PID:6948
- C:\Windows\System\MStLmRH.exe
  C:\Windows\System\MStLmRH.exe
  2⤵
  PID:7020
- C:\Windows\System\cHSvrYj.exe
  C:\Windows\System\cHSvrYj.exe
  2⤵
  PID:7084
- C:\Windows\System\bzLryPO.exe
  C:\Windows\System\bzLryPO.exe
  2⤵
  PID:7144
- C:\Windows\System\fYanSrU.exe
  C:\Windows\System\fYanSrU.exe
  2⤵
  PID:6240
- C:\Windows\System\XiJmEJk.exe
  C:\Windows\System\XiJmEJk.exe
  2⤵
  PID:6336
- C:\Windows\System\CcUQLFA.exe
  C:\Windows\System\CcUQLFA.exe
  2⤵
  PID:6476
- C:\Windows\System\cbCGGOW.exe
  C:\Windows\System\cbCGGOW.exe
  2⤵
  PID:6656
- C:\Windows\System\nwOutmj.exe
  C:\Windows\System\nwOutmj.exe
  2⤵
  PID:6768
- C:\Windows\System\COxTdLP.exe
  C:\Windows\System\COxTdLP.exe
  2⤵
  PID:6940
- C:\Windows\System\fyNbTzv.exe
  C:\Windows\System\fyNbTzv.exe
  2⤵
  PID:7076
- C:\Windows\System\ZRiRszh.exe
  C:\Windows\System\ZRiRszh.exe
  2⤵
  PID:4520
- C:\Windows\System\EQpbhDj.exe
  C:\Windows\System\EQpbhDj.exe
  2⤵
  PID:6412
- C:\Windows\System\otlDVNT.exe
  C:\Windows\System\otlDVNT.exe
  2⤵
  PID:6736
- C:\Windows\System\TnlEEjg.exe
  C:\Windows\System\TnlEEjg.exe
  2⤵
  PID:7060
- C:\Windows\System\OjVDwVb.exe
  C:\Windows\System\OjVDwVb.exe
  2⤵
  PID:6576
- C:\Windows\System\OVYcOKs.exe
  C:\Windows\System\OVYcOKs.exe
  2⤵
  PID:6204
- C:\Windows\System\yBVOGGu.exe
  C:\Windows\System\yBVOGGu.exe
  2⤵
  PID:7176
- C:\Windows\System\eFrjwpl.exe
  C:\Windows\System\eFrjwpl.exe
  2⤵
  PID:7204
- C:\Windows\System\NBDFYsu.exe
  C:\Windows\System\NBDFYsu.exe
  2⤵
  PID:7232
- C:\Windows\System\DowzERM.exe
  C:\Windows\System\DowzERM.exe
  2⤵
  PID:7260
- C:\Windows\System\VHHfmrJ.exe
  C:\Windows\System\VHHfmrJ.exe
  2⤵
  PID:7288
- C:\Windows\System\XZbENju.exe
  C:\Windows\System\XZbENju.exe
  2⤵
  PID:7316
- C:\Windows\System\TjDCsaN.exe
  C:\Windows\System\TjDCsaN.exe
  2⤵
  PID:7344
- C:\Windows\System\uKQtOJH.exe
  C:\Windows\System\uKQtOJH.exe
  2⤵
  PID:7380
- C:\Windows\System\YFMNZcP.exe
  C:\Windows\System\YFMNZcP.exe
  2⤵
  PID:7400
- C:\Windows\System\hRbFpzm.exe
  C:\Windows\System\hRbFpzm.exe
  2⤵
  PID:7428
- C:\Windows\System\iPxkZUI.exe
  C:\Windows\System\iPxkZUI.exe
  2⤵
  PID:7456
- C:\Windows\System\zlgBKDd.exe
  C:\Windows\System\zlgBKDd.exe
  2⤵
  PID:7484
- C:\Windows\System\wYWxQds.exe
  C:\Windows\System\wYWxQds.exe
  2⤵
  PID:7512
- C:\Windows\System\MdAuDLL.exe
  C:\Windows\System\MdAuDLL.exe
  2⤵
  PID:7540
- C:\Windows\System\dgklYoz.exe
  C:\Windows\System\dgklYoz.exe
  2⤵
  PID:7568
- C:\Windows\System\SvfugCM.exe
  C:\Windows\System\SvfugCM.exe
  2⤵
  PID:7596
- C:\Windows\System\BJplgGz.exe
  C:\Windows\System\BJplgGz.exe
  2⤵
  PID:7628
- C:\Windows\System\hLYVtkI.exe
  C:\Windows\System\hLYVtkI.exe
  2⤵
  PID:7656
- C:\Windows\System\oXKxFsu.exe
  C:\Windows\System\oXKxFsu.exe
  2⤵
  PID:7684
- C:\Windows\System\YTlElGE.exe
  C:\Windows\System\YTlElGE.exe
  2⤵
  PID:7712
- C:\Windows\System\QkEcmaW.exe
  C:\Windows\System\QkEcmaW.exe
  2⤵
  PID:7744
- C:\Windows\System\lHKzeCl.exe
  C:\Windows\System\lHKzeCl.exe
  2⤵
  PID:7772
- C:\Windows\System\IvuDRPE.exe
  C:\Windows\System\IvuDRPE.exe
  2⤵
  PID:7796
- C:\Windows\System\tOapCEE.exe
  C:\Windows\System\tOapCEE.exe
  2⤵
  PID:7828
- C:\Windows\System\yBDGSka.exe
  C:\Windows\System\yBDGSka.exe
  2⤵
  PID:7856
- C:\Windows\System\tmtnUJx.exe
  C:\Windows\System\tmtnUJx.exe
  2⤵
  PID:7884
- C:\Windows\System\qTReYxE.exe
  C:\Windows\System\qTReYxE.exe
  2⤵
  PID:7912
- C:\Windows\System\CXMFcZc.exe
  C:\Windows\System\CXMFcZc.exe
  2⤵
  PID:7940
- C:\Windows\System\NZSgwci.exe
  C:\Windows\System\NZSgwci.exe
  2⤵
  PID:7968
- C:\Windows\System\ebfqHKV.exe
  C:\Windows\System\ebfqHKV.exe
  2⤵
  PID:7996
- C:\Windows\System\LNgZrBb.exe
  C:\Windows\System\LNgZrBb.exe
  2⤵
  PID:8024
- C:\Windows\System\nuskcyS.exe
  C:\Windows\System\nuskcyS.exe
  2⤵
  PID:8056
- C:\Windows\System\YZLpkpy.exe
  C:\Windows\System\YZLpkpy.exe
  2⤵
  PID:8084
- C:\Windows\System\GyTCbIO.exe
  C:\Windows\System\GyTCbIO.exe
  2⤵
  PID:8112
- C:\Windows\System\VowXHxd.exe
  C:\Windows\System\VowXHxd.exe
  2⤵
  PID:8140
- C:\Windows\System\wYouDRz.exe
  C:\Windows\System\wYouDRz.exe
  2⤵
  PID:8168
- C:\Windows\System\iFpnjWW.exe
  C:\Windows\System\iFpnjWW.exe
  2⤵
  PID:7172
- C:\Windows\System\sCceuIe.exe
  C:\Windows\System\sCceuIe.exe
  2⤵
  PID:7244
- C:\Windows\System\ckyhjJO.exe
  C:\Windows\System\ckyhjJO.exe
  2⤵
  PID:7312
- C:\Windows\System\SiYNhfi.exe
  C:\Windows\System\SiYNhfi.exe
  2⤵
  PID:7424
- C:\Windows\System\yTZLyCz.exe
  C:\Windows\System\yTZLyCz.exe
  2⤵
  PID:7532
- C:\Windows\System\ClRLzun.exe
  C:\Windows\System\ClRLzun.exe
  2⤵
  PID:7608
- C:\Windows\System\dQpfdkw.exe
  C:\Windows\System\dQpfdkw.exe
  2⤵
  PID:7676
- C:\Windows\System\JcIgtft.exe
  C:\Windows\System\JcIgtft.exe
  2⤵
  PID:7740
- C:\Windows\System\vAAMARx.exe
  C:\Windows\System\vAAMARx.exe
  2⤵
  PID:7812
- C:\Windows\System\RIALaLP.exe
  C:\Windows\System\RIALaLP.exe
  2⤵
  PID:7896
- C:\Windows\System\hGOQdCM.exe
  C:\Windows\System\hGOQdCM.exe
  2⤵
  PID:7980
- C:\Windows\System\qdlroue.exe
  C:\Windows\System\qdlroue.exe
  2⤵
  PID:8048
- C:\Windows\System\GHafMNH.exe
  C:\Windows\System\GHafMNH.exe
  2⤵
  PID:8152
- C:\Windows\System\bzWUCKA.exe
  C:\Windows\System\bzWUCKA.exe
  2⤵
  PID:7304
- C:\Windows\System\FDWnNSx.exe
  C:\Windows\System\FDWnNSx.exe
  2⤵
  PID:5148
- C:\Windows\System\RMRgDNR.exe
  C:\Windows\System\RMRgDNR.exe
  2⤵
  PID:7588
- C:\Windows\System\liZThEP.exe
  C:\Windows\System\liZThEP.exe
  2⤵
  PID:7868
- C:\Windows\System\oPLgFID.exe
  C:\Windows\System\oPLgFID.exe
  2⤵
  PID:8104
- C:\Windows\System\GfrpAtn.exe
  C:\Windows\System\GfrpAtn.exe
  2⤵
  PID:7308
- C:\Windows\System\ukXKJKU.exe
  C:\Windows\System\ukXKJKU.exe
  2⤵
  PID:7736
- C:\Windows\System\erMRpNH.exe
  C:\Windows\System\erMRpNH.exe
  2⤵
  PID:1436
- C:\Windows\System\iOqRpTv.exe
  C:\Windows\System\iOqRpTv.exe
  2⤵
  PID:7200
- C:\Windows\System\FXFnguC.exe
  C:\Windows\System\FXFnguC.exe
  2⤵
  PID:8224
- C:\Windows\System\btEDmZB.exe
  C:\Windows\System\btEDmZB.exe
  2⤵
  PID:8248
- C:\Windows\System\yqyudzN.exe
  C:\Windows\System\yqyudzN.exe
  2⤵
  PID:8272
- C:\Windows\System\kxOWQvZ.exe
  C:\Windows\System\kxOWQvZ.exe
  2⤵
  PID:8288
- C:\Windows\System\IuiwJpQ.exe
  C:\Windows\System\IuiwJpQ.exe
  2⤵
  PID:8324
- C:\Windows\System\WGLVadQ.exe
  C:\Windows\System\WGLVadQ.exe
  2⤵
  PID:8344
- C:\Windows\System\MKJqTFz.exe
  C:\Windows\System\MKJqTFz.exe
  2⤵
  PID:8372
- C:\Windows\System\EdMykLr.exe
  C:\Windows\System\EdMykLr.exe
  2⤵
  PID:8404
- C:\Windows\System\RIHAeaV.exe
  C:\Windows\System\RIHAeaV.exe
  2⤵
  PID:8444
- C:\Windows\System\oSFrDqR.exe
  C:\Windows\System\oSFrDqR.exe
  2⤵
  PID:8476
- C:\Windows\System\XQeGOLB.exe
  C:\Windows\System\XQeGOLB.exe
  2⤵
  PID:8516
- C:\Windows\System\gVfDscT.exe
  C:\Windows\System\gVfDscT.exe
  2⤵
  PID:8536
- C:\Windows\System\xSvaEUX.exe
  C:\Windows\System\xSvaEUX.exe
  2⤵
  PID:8572
- C:\Windows\System\rQgRusi.exe
  C:\Windows\System\rQgRusi.exe
  2⤵
  PID:8600
- C:\Windows\System\CqTAdSp.exe
  C:\Windows\System\CqTAdSp.exe
  2⤵
  PID:8616
- C:\Windows\System\YlakpTn.exe
  C:\Windows\System\YlakpTn.exe
  2⤵
  PID:8648
- C:\Windows\System\TjrxkJO.exe
  C:\Windows\System\TjrxkJO.exe
  2⤵
  PID:8688
- C:\Windows\System\AHDgAXX.exe
  C:\Windows\System\AHDgAXX.exe
  2⤵
  PID:8716
- C:\Windows\System\vWOzEVf.exe
  C:\Windows\System\vWOzEVf.exe
  2⤵
  PID:8744
- C:\Windows\System\pKqIBOE.exe
  C:\Windows\System\pKqIBOE.exe
  2⤵
  PID:8760
- C:\Windows\System\XFyKuCo.exe
  C:\Windows\System\XFyKuCo.exe
  2⤵
  PID:8796
- C:\Windows\System\rlBWnPx.exe
  C:\Windows\System\rlBWnPx.exe
  2⤵
  PID:8828
- C:\Windows\System\OvxwWvw.exe
  C:\Windows\System\OvxwWvw.exe
  2⤵
  PID:8868
- C:\Windows\System\AFkjQgH.exe
  C:\Windows\System\AFkjQgH.exe
  2⤵
  PID:8888
- C:\Windows\System\kHYKuIs.exe
  C:\Windows\System\kHYKuIs.exe
  2⤵
  PID:8932
- C:\Windows\System\yxBxYbb.exe
  C:\Windows\System\yxBxYbb.exe
  2⤵
  PID:8948
- C:\Windows\System\wEXzmmA.exe
  C:\Windows\System\wEXzmmA.exe
  2⤵
  PID:8972
- C:\Windows\System\iSUiEOT.exe
  C:\Windows\System\iSUiEOT.exe
  2⤵
  PID:9004
- C:\Windows\System\FXKNKvQ.exe
  C:\Windows\System\FXKNKvQ.exe
  2⤵
  PID:9036
- C:\Windows\System\GpULMEn.exe
  C:\Windows\System\GpULMEn.exe
  2⤵
  PID:9056
- C:\Windows\System\jEXoMJw.exe
  C:\Windows\System\jEXoMJw.exe
  2⤵
  PID:9092
- C:\Windows\System\ChYvIdM.exe
  C:\Windows\System\ChYvIdM.exe
  2⤵
  PID:9124
- C:\Windows\System\uuwgEmS.exe
  C:\Windows\System\uuwgEmS.exe
  2⤵
  PID:9160
- C:\Windows\System\fRuRlYf.exe
  C:\Windows\System\fRuRlYf.exe
  2⤵
  PID:9188
- C:\Windows\System\nDoGFIg.exe
  C:\Windows\System\nDoGFIg.exe
  2⤵
  PID:2936
- C:\Windows\System\cUVxNKd.exe
  C:\Windows\System\cUVxNKd.exe
  2⤵
  PID:8216
- C:\Windows\System\amybRcj.exe
  C:\Windows\System\amybRcj.exe
  2⤵
  PID:8312
- C:\Windows\System\LIHdcPz.exe
  C:\Windows\System\LIHdcPz.exe
  2⤵
  PID:8260
- C:\Windows\System\hSiElqH.exe
  C:\Windows\System\hSiElqH.exe
  2⤵
  PID:8384
- C:\Windows\System\rTogfYs.exe
  C:\Windows\System\rTogfYs.exe
  2⤵
  PID:8424
- C:\Windows\System\yieUlEq.exe
  C:\Windows\System\yieUlEq.exe
  2⤵
  PID:8504
- C:\Windows\System\GNibPlS.exe
  C:\Windows\System\GNibPlS.exe
  2⤵
  PID:8592
- C:\Windows\System\NNVstKm.exe
  C:\Windows\System\NNVstKm.exe
  2⤵
  PID:8668
- C:\Windows\System\XSvgMik.exe
  C:\Windows\System\XSvgMik.exe
  2⤵
  PID:8712
- C:\Windows\System\lLJAmZL.exe
  C:\Windows\System\lLJAmZL.exe
  2⤵
  PID:8780
- C:\Windows\System\BgTHjHk.exe
  C:\Windows\System\BgTHjHk.exe
  2⤵
  PID:8852
- C:\Windows\System\ceRrQQj.exe
  C:\Windows\System\ceRrQQj.exe
  2⤵
  PID:8912
- C:\Windows\System\PYyBWrX.exe
  C:\Windows\System\PYyBWrX.exe
  2⤵
  PID:8992
- C:\Windows\System\NhHsdUr.exe
  C:\Windows\System\NhHsdUr.exe
  2⤵
  PID:9020
- C:\Windows\System\ATiqnjK.exe
  C:\Windows\System\ATiqnjK.exe
  2⤵
  PID:9080
- C:\Windows\System\VUwuUkp.exe
  C:\Windows\System\VUwuUkp.exe
  2⤵
  PID:6992
- C:\Windows\System\NOLNmVn.exe
  C:\Windows\System\NOLNmVn.exe
  2⤵
  PID:1740
- C:\Windows\System\kJBuxoP.exe
  C:\Windows\System\kJBuxoP.exe
  2⤵
  PID:8240
- C:\Windows\System\DpPbAVR.exe
  C:\Windows\System\DpPbAVR.exe
  2⤵
  PID:8460
- C:\Windows\System\xAVsicc.exe
  C:\Windows\System\xAVsicc.exe
  2⤵
  PID:8568
- C:\Windows\System\KxOpitE.exe
  C:\Windows\System\KxOpitE.exe
  2⤵
  PID:8708
- C:\Windows\System\SOmSMyf.exe
  C:\Windows\System\SOmSMyf.exe
  2⤵
  PID:8880
- C:\Windows\System\UxWjjNv.exe
  C:\Windows\System\UxWjjNv.exe
  2⤵
  PID:8984
- C:\Windows\System\OxGsXnZ.exe
  C:\Windows\System\OxGsXnZ.exe
  2⤵
  PID:9156
- C:\Windows\System\kiEGuJd.exe
  C:\Windows\System\kiEGuJd.exe
  2⤵
  PID:8532
- C:\Windows\System\ZDOvAqg.exe
  C:\Windows\System\ZDOvAqg.exe
  2⤵
  PID:8700
- C:\Windows\System\AODSZim.exe
  C:\Windows\System\AODSZim.exe
  2⤵
  PID:9012
- C:\Windows\System\YoVQtZj.exe
  C:\Windows\System\YoVQtZj.exe
  2⤵
  PID:6076
- C:\Windows\System\ZMHqIbF.exe
  C:\Windows\System\ZMHqIbF.exe
  2⤵
  PID:5572
- C:\Windows\System\AUkstdI.exe
  C:\Windows\System\AUkstdI.exe
  2⤵
  PID:8
- C:\Windows\System\GLhqepM.exe
  C:\Windows\System\GLhqepM.exe
  2⤵
  PID:9068
- C:\Windows\System\XKroCOt.exe
  C:\Windows\System\XKroCOt.exe
  2⤵
  PID:5468
- C:\Windows\System\OEtybqn.exe
  C:\Windows\System\OEtybqn.exe
  2⤵
  PID:1064
- C:\Windows\System\ABYvVfy.exe
  C:\Windows\System\ABYvVfy.exe
  2⤵
  PID:9132
- C:\Windows\System\ypyemwK.exe
  C:\Windows\System\ypyemwK.exe
  2⤵
  PID:5264
- C:\Windows\System\PfurTAF.exe
  C:\Windows\System\PfurTAF.exe
  2⤵
  PID:1808
- C:\Windows\System\iHZQBmC.exe
  C:\Windows\System\iHZQBmC.exe
  2⤵
  PID:9228
- C:\Windows\System\syPjKsR.exe
  C:\Windows\System\syPjKsR.exe
  2⤵
  PID:9256
- C:\Windows\System\qhrphZq.exe
  C:\Windows\System\qhrphZq.exe
  2⤵
  PID:9280
- C:\Windows\System\kTglCoz.exe
  C:\Windows\System\kTglCoz.exe
  2⤵
  PID:9300
- C:\Windows\System\BptsCjR.exe
  C:\Windows\System\BptsCjR.exe
  2⤵
  PID:9316
- C:\Windows\System\BWAQHtY.exe
  C:\Windows\System\BWAQHtY.exe
  2⤵
  PID:9348
- C:\Windows\System\PFxUzHn.exe
  C:\Windows\System\PFxUzHn.exe
  2⤵
  PID:9376
- C:\Windows\System\lPDAMbT.exe
  C:\Windows\System\lPDAMbT.exe
  2⤵
  PID:9416
- C:\Windows\System\OoOcitF.exe
  C:\Windows\System\OoOcitF.exe
  2⤵
  PID:9436
- C:\Windows\System\fhBpxnW.exe
  C:\Windows\System\fhBpxnW.exe
  2⤵
  PID:9472
- C:\Windows\System\mvxNJBk.exe
  C:\Windows\System\mvxNJBk.exe
  2⤵
  PID:9492
- C:\Windows\System\FkmQcCF.exe
  C:\Windows\System\FkmQcCF.exe
  2⤵
  PID:9516
- C:\Windows\System\qWzXmsG.exe
  C:\Windows\System\qWzXmsG.exe
  2⤵
  PID:9548
- C:\Windows\System\evaUoba.exe
  C:\Windows\System\evaUoba.exe
  2⤵
  PID:9592
- C:\Windows\System\PNrefMl.exe
  C:\Windows\System\PNrefMl.exe
  2⤵
  PID:9616
- C:\Windows\System\DxvHTfs.exe
  C:\Windows\System\DxvHTfs.exe
  2⤵
  PID:9648
- C:\Windows\System\pkYQMds.exe
  C:\Windows\System\pkYQMds.exe
  2⤵
  PID:9672
- C:\Windows\System\PlmXwAl.exe
  C:\Windows\System\PlmXwAl.exe
  2⤵
  PID:9704
- C:\Windows\System\yEHsZnH.exe
  C:\Windows\System\yEHsZnH.exe
  2⤵
  PID:9728
- C:\Windows\System\PyyiWJN.exe
  C:\Windows\System\PyyiWJN.exe
  2⤵
  PID:9768
- C:\Windows\System\fWEPJhi.exe
  C:\Windows\System\fWEPJhi.exe
  2⤵
  PID:9796
- C:\Windows\System\DQthqyZ.exe
  C:\Windows\System\DQthqyZ.exe
  2⤵
  PID:9836
- C:\Windows\System\GvHRnEt.exe
  C:\Windows\System\GvHRnEt.exe
  2⤵
  PID:9860
- C:\Windows\System\ifiUchu.exe
  C:\Windows\System\ifiUchu.exe
  2⤵
  PID:9900
- C:\Windows\System\SaImqey.exe
  C:\Windows\System\SaImqey.exe
  2⤵
  PID:9916
- C:\Windows\System\xILxaAt.exe
  C:\Windows\System\xILxaAt.exe
  2⤵
  PID:9956
- C:\Windows\System\lMiWZBZ.exe
  C:\Windows\System\lMiWZBZ.exe
  2⤵
  PID:9976
- C:\Windows\System\nkdcqeB.exe
  C:\Windows\System\nkdcqeB.exe
  2⤵
  PID:10012
- C:\Windows\System\Dddaiwt.exe
  C:\Windows\System\Dddaiwt.exe
  2⤵
  PID:10036
- C:\Windows\System\CIFvTqC.exe
  C:\Windows\System\CIFvTqC.exe
  2⤵
  PID:10072
- C:\Windows\System\SkdqlUO.exe
  C:\Windows\System\SkdqlUO.exe
  2⤵
  PID:10100
- C:\Windows\System\rrGMEOx.exe
  C:\Windows\System\rrGMEOx.exe
  2⤵
  PID:10128
- C:\Windows\System\UfdKppc.exe
  C:\Windows\System\UfdKppc.exe
  2⤵
  PID:10156
- C:\Windows\System\DfQdTPa.exe
  C:\Windows\System\DfQdTPa.exe
  2⤵
  PID:10200
- C:\Windows\System\giVprjl.exe
  C:\Windows\System\giVprjl.exe
  2⤵
  PID:10220
- C:\Windows\System\sTCBcPr.exe
  C:\Windows\System\sTCBcPr.exe
  2⤵
  PID:9236
- C:\Windows\System\PjYjWrZ.exe
  C:\Windows\System\PjYjWrZ.exe
  2⤵
  PID:5044
- C:\Windows\System\AnNAhvB.exe
  C:\Windows\System\AnNAhvB.exe
  2⤵
  PID:9292
- C:\Windows\System\nQiFuWA.exe
  C:\Windows\System\nQiFuWA.exe
  2⤵
  PID:9368
- C:\Windows\System\cZjstMb.exe
  C:\Windows\System\cZjstMb.exe
  2⤵
  PID:9432
- C:\Windows\System\fWcKKRF.exe
  C:\Windows\System\fWcKKRF.exe
  2⤵
  PID:9528
- C:\Windows\System\BVJrOvY.exe
  C:\Windows\System\BVJrOvY.exe
  2⤵
  PID:9636
- C:\Windows\System\BSXBrHk.exe
  C:\Windows\System\BSXBrHk.exe
  2⤵
  PID:9664
- C:\Windows\System\OaRzVfn.exe
  C:\Windows\System\OaRzVfn.exe
  2⤵
  PID:9756
- C:\Windows\System\UulRhyf.exe
  C:\Windows\System\UulRhyf.exe
  2⤵
  PID:9784
- C:\Windows\System\fxzhIYL.exe
  C:\Windows\System\fxzhIYL.exe
  2⤵
  PID:9816
- C:\Windows\System\Hzpzldh.exe
  C:\Windows\System\Hzpzldh.exe
  2⤵
  PID:9868
- C:\Windows\System\tXWfeZd.exe
  C:\Windows\System\tXWfeZd.exe
  2⤵
  PID:9912
- C:\Windows\System\HueiuEG.exe
  C:\Windows\System\HueiuEG.exe
  2⤵
  PID:9968
- C:\Windows\System\qDOgVmD.exe
  C:\Windows\System\qDOgVmD.exe
  2⤵
  PID:10020
- C:\Windows\System\UvlniFU.exe
  C:\Windows\System\UvlniFU.exe
  2⤵
  PID:10096
- C:\Windows\System\nKykvUB.exe
  C:\Windows\System\nKykvUB.exe
  2⤵
  PID:10196
- C:\Windows\System\gaIebGY.exe
  C:\Windows\System\gaIebGY.exe
  2⤵
  PID:8400
- C:\Windows\System\msfeMek.exe
  C:\Windows\System\msfeMek.exe
  2⤵
  PID:9372
- C:\Windows\System\KfIBTLv.exe
  C:\Windows\System\KfIBTLv.exe
  2⤵
  PID:9612
- C:\Windows\System\jSBIzkf.exe
  C:\Windows\System\jSBIzkf.exe
  2⤵
  PID:9748
- C:\Windows\System\isZvlMa.exe
  C:\Windows\System\isZvlMa.exe
  2⤵
  PID:9668
- C:\Windows\System\rLThrlZ.exe
  C:\Windows\System\rLThrlZ.exe
  2⤵
  PID:9908
- C:\Windows\System\HigCCoz.exe
  C:\Windows\System\HigCCoz.exe
  2⤵
  PID:10000
- C:\Windows\System\nYFWxum.exe
  C:\Windows\System\nYFWxum.exe
  2⤵
  PID:9272
- C:\Windows\System\yXqkiAJ.exe
  C:\Windows\System\yXqkiAJ.exe
  2⤵
  PID:9560
- C:\Windows\System\lNhfoQj.exe
  C:\Windows\System\lNhfoQj.exe
  2⤵
  PID:9808
- C:\Windows\System\RCdqkUu.exe
  C:\Windows\System\RCdqkUu.exe
  2⤵
  PID:9892
- C:\Windows\System\QgOzeJb.exe
  C:\Windows\System\QgOzeJb.exe
  2⤵
  PID:9780
- C:\Windows\System\GDWabWz.exe
  C:\Windows\System\GDWabWz.exe
  2⤵
  PID:8848
- C:\Windows\System\uqDdTsw.exe
  C:\Windows\System\uqDdTsw.exe
  2⤵
  PID:9452
- C:\Windows\System\VhsYyzs.exe
  C:\Windows\System\VhsYyzs.exe
  2⤵
  PID:10064
- C:\Windows\System\AprnwNQ.exe
  C:\Windows\System\AprnwNQ.exe
  2⤵
  PID:10264
- C:\Windows\System\ofYWEFC.exe
  C:\Windows\System\ofYWEFC.exe
  2⤵
  PID:10296
- C:\Windows\System\CGowZcC.exe
  C:\Windows\System\CGowZcC.exe
  2⤵
  PID:10324
- C:\Windows\System\TZZMpjy.exe
  C:\Windows\System\TZZMpjy.exe
  2⤵
  PID:10352
- C:\Windows\System\BVGSSyZ.exe
  C:\Windows\System\BVGSSyZ.exe
  2⤵
  PID:10380
- C:\Windows\System\suhnRnq.exe
  C:\Windows\System\suhnRnq.exe
  2⤵
  PID:10408
- C:\Windows\System\flLMepA.exe
  C:\Windows\System\flLMepA.exe
  2⤵
  PID:10436
- C:\Windows\System\pWQXSVi.exe
  C:\Windows\System\pWQXSVi.exe
  2⤵
  PID:10464
- C:\Windows\System\yInBqMA.exe
  C:\Windows\System\yInBqMA.exe
  2⤵
  PID:10492
- C:\Windows\System\VgGMehg.exe
  C:\Windows\System\VgGMehg.exe
  2⤵
  PID:10520
- C:\Windows\System\yRcoJrv.exe
  C:\Windows\System\yRcoJrv.exe
  2⤵
  PID:10548
- C:\Windows\System\TMBSsSf.exe
  C:\Windows\System\TMBSsSf.exe
  2⤵
  PID:10576
- C:\Windows\System\qPXpTxt.exe
  C:\Windows\System\qPXpTxt.exe
  2⤵
  PID:10604
- C:\Windows\System\yfAFNWr.exe
  C:\Windows\System\yfAFNWr.exe
  2⤵
  PID:10632
- C:\Windows\System\hGgjzUQ.exe
  C:\Windows\System\hGgjzUQ.exe
  2⤵
  PID:10660
- C:\Windows\System\aUXxamq.exe
  C:\Windows\System\aUXxamq.exe
  2⤵
  PID:10688
- C:\Windows\System\NysIgaY.exe
  C:\Windows\System\NysIgaY.exe
  2⤵
  PID:10716
- C:\Windows\System\KaDqRHs.exe
  C:\Windows\System\KaDqRHs.exe
  2⤵
  PID:10744
- C:\Windows\System\uVlnxHi.exe
  C:\Windows\System\uVlnxHi.exe
  2⤵
  PID:10772
- C:\Windows\System\tXeyzaN.exe
  C:\Windows\System\tXeyzaN.exe
  2⤵
  PID:10800
- C:\Windows\System\tzupxzA.exe
  C:\Windows\System\tzupxzA.exe
  2⤵
  PID:10828
- C:\Windows\System\xinttbh.exe
  C:\Windows\System\xinttbh.exe
  2⤵
  PID:10856
- C:\Windows\System\LEbxRKX.exe
  C:\Windows\System\LEbxRKX.exe
  2⤵
  PID:10884
- C:\Windows\System\BjYxAeo.exe
  C:\Windows\System\BjYxAeo.exe
  2⤵
  PID:10912
- C:\Windows\System\HITONgs.exe
  C:\Windows\System\HITONgs.exe
  2⤵
  PID:10944
- C:\Windows\System\rXwceOl.exe
  C:\Windows\System\rXwceOl.exe
  2⤵
  PID:10964
- C:\Windows\System\QeDcAeC.exe
  C:\Windows\System\QeDcAeC.exe
  2⤵
  PID:10988
- C:\Windows\System\ZPNvcOg.exe
  C:\Windows\System\ZPNvcOg.exe
  2⤵
  PID:11024
- C:\Windows\System\uBdGfAz.exe
  C:\Windows\System\uBdGfAz.exe
  2⤵
  PID:11044
- C:\Windows\System\MlOAXrv.exe
  C:\Windows\System\MlOAXrv.exe
  2⤵
  PID:11076
- C:\Windows\System\HemxLDr.exe
  C:\Windows\System\HemxLDr.exe
  2⤵
  PID:11108
- C:\Windows\System\IQvpiVh.exe
  C:\Windows\System\IQvpiVh.exe
  2⤵
  PID:11132
- C:\Windows\System\tRzNwFa.exe
  C:\Windows\System\tRzNwFa.exe
  2⤵
  PID:11168
- C:\Windows\System\oMTQbWT.exe
  C:\Windows\System\oMTQbWT.exe
  2⤵
  PID:11196
- C:\Windows\System\nrMiDYf.exe
  C:\Windows\System\nrMiDYf.exe
  2⤵
  PID:11252
- C:\Windows\System\MnIKKnq.exe
  C:\Windows\System\MnIKKnq.exe
  2⤵
  PID:10256
- C:\Windows\System\heWTRCD.exe
  C:\Windows\System\heWTRCD.exe
  2⤵
  PID:10308
- C:\Windows\System\yXpvLYl.exe
  C:\Windows\System\yXpvLYl.exe
  2⤵
  PID:10364
- C:\Windows\System\cTXzYgL.exe
  C:\Windows\System\cTXzYgL.exe
  2⤵
  PID:10432
- C:\Windows\System\LjZnnJK.exe
  C:\Windows\System\LjZnnJK.exe
  2⤵
  PID:10512
- C:\Windows\System\rgRQvnT.exe
  C:\Windows\System\rgRQvnT.exe
  2⤵
  PID:10596
- C:\Windows\System\faZTbmX.exe
  C:\Windows\System\faZTbmX.exe
  2⤵
  PID:10656
- C:\Windows\System\EqWhLfn.exe
  C:\Windows\System\EqWhLfn.exe
  2⤵
  PID:10712
- C:\Windows\System\qjfuKZw.exe
  C:\Windows\System\qjfuKZw.exe
  2⤵
  PID:10784
- C:\Windows\System\aiGXVpG.exe
  C:\Windows\System\aiGXVpG.exe
  2⤵
  PID:10852
- C:\Windows\System\YCqbIoy.exe
  C:\Windows\System\YCqbIoy.exe
  2⤵
  PID:10932
- C:\Windows\System\GHWzbTl.exe
  C:\Windows\System\GHWzbTl.exe
  2⤵
  PID:10976
- C:\Windows\System\lhnINTy.exe
  C:\Windows\System\lhnINTy.exe
  2⤵
  PID:11040
- C:\Windows\System\mmvsvsD.exe
  C:\Windows\System\mmvsvsD.exe
  2⤵
  PID:11128
- C:\Windows\System\GbRzetH.exe
  C:\Windows\System\GbRzetH.exe
  2⤵
  PID:11164
- C:\Windows\System\ImKCGNl.exe
  C:\Windows\System\ImKCGNl.exe
  2⤵
  PID:11216
- C:\Windows\System\TnlsJsO.exe
  C:\Windows\System\TnlsJsO.exe
  2⤵
  PID:10320
- C:\Windows\System\jcevtJz.exe
  C:\Windows\System\jcevtJz.exe
  2⤵
  PID:10392
- C:\Windows\System\fYyMquY.exe
  C:\Windows\System\fYyMquY.exe
  2⤵
  PID:10532
- C:\Windows\System\EoqFSeL.exe
  C:\Windows\System\EoqFSeL.exe
  2⤵
  PID:10768
- C:\Windows\System\lWmvUep.exe
  C:\Windows\System\lWmvUep.exe
  2⤵
  PID:10756
- C:\Windows\System\mdXgICa.exe
  C:\Windows\System\mdXgICa.exe
  2⤵
  PID:10904
- C:\Windows\System\ybKHUZP.exe
  C:\Windows\System\ybKHUZP.exe
  2⤵
  PID:11092
- C:\Windows\System\rmsVOAt.exe
  C:\Windows\System\rmsVOAt.exe
  2⤵
  PID:10248
- C:\Windows\System\yGYPnIM.exe
  C:\Windows\System\yGYPnIM.exe
  2⤵
  PID:10568
- C:\Windows\System\ZKsrEwA.exe
  C:\Windows\System\ZKsrEwA.exe
  2⤵
  PID:10684
- C:\Windows\System\VrIzqeb.exe
  C:\Windows\System\VrIzqeb.exe
  2⤵
  PID:10460
- C:\Windows\System\kAzrZAo.exe
  C:\Windows\System\kAzrZAo.exe
  2⤵
  PID:10400
- C:\Windows\System\ulzheId.exe
  C:\Windows\System\ulzheId.exe
  2⤵
  PID:11280
- C:\Windows\System\oGStfvy.exe
  C:\Windows\System\oGStfvy.exe
  2⤵
  PID:11296
- C:\Windows\System\sYeuAhs.exe
  C:\Windows\System\sYeuAhs.exe
  2⤵
  PID:11332
- C:\Windows\System\fzqdrbA.exe
  C:\Windows\System\fzqdrbA.exe
  2⤵
  PID:11364
- C:\Windows\System\xbWiDsn.exe
  C:\Windows\System\xbWiDsn.exe
  2⤵
  PID:11388
- C:\Windows\System\XTXuYQn.exe
  C:\Windows\System\XTXuYQn.exe
  2⤵
  PID:11420
- C:\Windows\System\URBxkaC.exe
  C:\Windows\System\URBxkaC.exe
  2⤵
  PID:11448
- C:\Windows\System\RxhYZgI.exe
  C:\Windows\System\RxhYZgI.exe
  2⤵
  PID:11476
- C:\Windows\System\mXGXtoA.exe
  C:\Windows\System\mXGXtoA.exe
  2⤵
  PID:11504
- C:\Windows\System\iaXepKZ.exe
  C:\Windows\System\iaXepKZ.exe
  2⤵
  PID:11532
- C:\Windows\System\RKHfaYi.exe
  C:\Windows\System\RKHfaYi.exe
  2⤵
  PID:11560
- C:\Windows\System\AcwNdxN.exe
  C:\Windows\System\AcwNdxN.exe
  2⤵
  PID:11588
- C:\Windows\System\FCbVDZe.exe
  C:\Windows\System\FCbVDZe.exe
  2⤵
  PID:11616
- C:\Windows\System\xnSAWfC.exe
  C:\Windows\System\xnSAWfC.exe
  2⤵
  PID:11648
- C:\Windows\System\XExBAws.exe
  C:\Windows\System\XExBAws.exe
  2⤵
  PID:11676
- C:\Windows\System\GRWXIdW.exe
  C:\Windows\System\GRWXIdW.exe
  2⤵
  PID:11704
- C:\Windows\System\gRlcOfy.exe
  C:\Windows\System\gRlcOfy.exe
  2⤵
  PID:11732
- C:\Windows\System\SiXubfJ.exe
  C:\Windows\System\SiXubfJ.exe
  2⤵
  PID:11760
- C:\Windows\System\XHvGsPX.exe
  C:\Windows\System\XHvGsPX.exe
  2⤵
  PID:11788
- C:\Windows\System\aTPTnzX.exe
  C:\Windows\System\aTPTnzX.exe
  2⤵
  PID:11816
- C:\Windows\System\TuprQPS.exe
  C:\Windows\System\TuprQPS.exe
  2⤵
  PID:11844
- C:\Windows\System\eIcAwom.exe
  C:\Windows\System\eIcAwom.exe
  2⤵
  PID:11872
- C:\Windows\System\QtTUkRb.exe
  C:\Windows\System\QtTUkRb.exe
  2⤵
  PID:11888
- C:\Windows\System\MDKVQda.exe
  C:\Windows\System\MDKVQda.exe
  2⤵
  PID:11904
- C:\Windows\System\BDFVCIj.exe
  C:\Windows\System\BDFVCIj.exe
  2⤵
  PID:11932
- C:\Windows\System\VKEwFeR.exe
  C:\Windows\System\VKEwFeR.exe
  2⤵
  PID:11960
- C:\Windows\System\odQpihR.exe
  C:\Windows\System\odQpihR.exe
  2⤵
  PID:12024
- C:\Windows\System\yxnPThi.exe
  C:\Windows\System\yxnPThi.exe
  2⤵
  PID:12040
- C:\Windows\System\mQAafln.exe
  C:\Windows\System\mQAafln.exe
  2⤵
  PID:12068
- C:\Windows\System\yMGmxFk.exe
  C:\Windows\System\yMGmxFk.exe
  2⤵
  PID:12096
- C:\Windows\System\PGbVntU.exe
  C:\Windows\System\PGbVntU.exe
  2⤵
  PID:12124
- C:\Windows\System\RMAtwfz.exe
  C:\Windows\System\RMAtwfz.exe
  2⤵
  PID:12152
- C:\Windows\System\ZLjPTdt.exe
  C:\Windows\System\ZLjPTdt.exe
  2⤵
  PID:12180
- C:\Windows\System\ycsEtrI.exe
  C:\Windows\System\ycsEtrI.exe
  2⤵
  PID:12208
- C:\Windows\System\jXEzrEJ.exe
  C:\Windows\System\jXEzrEJ.exe
  2⤵
  PID:12236
- C:\Windows\System\LVdusct.exe
  C:\Windows\System\LVdusct.exe
  2⤵
  PID:12264
- C:\Windows\System\QdbecYy.exe
  C:\Windows\System\QdbecYy.exe
  2⤵
  PID:11272
- C:\Windows\System\fSMTIoT.exe
  C:\Windows\System\fSMTIoT.exe
  2⤵
  PID:11340
- C:\Windows\System\sOfflbz.exe
  C:\Windows\System\sOfflbz.exe
  2⤵
  PID:11404
- C:\Windows\System\yTKKLNh.exe
  C:\Windows\System\yTKKLNh.exe
  2⤵
  PID:11468
- C:\Windows\System\iUSValk.exe
  C:\Windows\System\iUSValk.exe
  2⤵
  PID:11528
- C:\Windows\System\SEakugm.exe
  C:\Windows\System\SEakugm.exe
  2⤵
  PID:11584
- C:\Windows\System\vKTfoNT.exe
  C:\Windows\System\vKTfoNT.exe
  2⤵
  PID:11660
- C:\Windows\System\CjPIAJW.exe
  C:\Windows\System\CjPIAJW.exe
  2⤵
  PID:11724
- C:\Windows\System\AmRZFqZ.exe
  C:\Windows\System\AmRZFqZ.exe
  2⤵
  PID:11800
- C:\Windows\System\kWHpgTO.exe
  C:\Windows\System\kWHpgTO.exe
  2⤵
  PID:11856
- C:\Windows\System\TEXffUQ.exe
  C:\Windows\System\TEXffUQ.exe
  2⤵
  PID:11896
- C:\Windows\System\MyzMqQJ.exe
  C:\Windows\System\MyzMqQJ.exe
  2⤵
  PID:11924
- C:\Windows\System\rveUPDX.exe
  C:\Windows\System\rveUPDX.exe
  2⤵
  PID:11996
- C:\Windows\System\tlEodGL.exe
  C:\Windows\System\tlEodGL.exe
  2⤵
  PID:12052
- C:\Windows\System\pUdyhue.exe
  C:\Windows\System\pUdyhue.exe
  2⤵
  PID:12144
- C:\Windows\System\eREYUyG.exe
  C:\Windows\System\eREYUyG.exe
  2⤵
  PID:12200
- C:\Windows\System\OVGPJHj.exe
  C:\Windows\System\OVGPJHj.exe
  2⤵
  PID:12276
- C:\Windows\System\sDCreaL.exe
  C:\Windows\System\sDCreaL.exe
  2⤵
  PID:11432
- C:\Windows\System\jWYkYEN.exe
  C:\Windows\System\jWYkYEN.exe
  2⤵
  PID:11572
- C:\Windows\System\hRWdXTo.exe
  C:\Windows\System\hRWdXTo.exe
  2⤵
  PID:11716
- C:\Windows\System\NOpjamw.exe
  C:\Windows\System\NOpjamw.exe
  2⤵
  PID:11916
- C:\Windows\System\wUQFZPs.exe
  C:\Windows\System\wUQFZPs.exe
  2⤵
  PID:12036
- C:\Windows\System\oYDgEUp.exe
  C:\Windows\System\oYDgEUp.exe
  2⤵
  PID:12228
- C:\Windows\System\ufxhkWb.exe
  C:\Windows\System\ufxhkWb.exe
  2⤵
  PID:11460
- C:\Windows\System\nNLagFg.exe
  C:\Windows\System\nNLagFg.exe
  2⤵
  PID:11780
- C:\Windows\System\sJYGuOu.exe
  C:\Windows\System\sJYGuOu.exe
  2⤵
  PID:12192
- C:\Windows\System\IZVEyiR.exe
  C:\Windows\System\IZVEyiR.exe
  2⤵
  PID:11784
- C:\Windows\System\oSchdEv.exe
  C:\Windows\System\oSchdEv.exe
  2⤵
  PID:12116
- C:\Windows\System\Higkabr.exe
  C:\Windows\System\Higkabr.exe
  2⤵
  PID:12308
- C:\Windows\System\allTPWD.exe
  C:\Windows\System\allTPWD.exe
  2⤵
  PID:12336
- C:\Windows\System\FLqTbBy.exe
  C:\Windows\System\FLqTbBy.exe
  2⤵
  PID:12364
- C:\Windows\System\OxWrTvq.exe
  C:\Windows\System\OxWrTvq.exe
  2⤵
  PID:12392
- C:\Windows\System\rEjpnKD.exe
  C:\Windows\System\rEjpnKD.exe
  2⤵
  PID:12420
- C:\Windows\System\lbiPUdR.exe
  C:\Windows\System\lbiPUdR.exe
  2⤵
  PID:12448
- C:\Windows\System\gEtARpr.exe
  C:\Windows\System\gEtARpr.exe
  2⤵
  PID:12476
- C:\Windows\System\PbMXgfC.exe
  C:\Windows\System\PbMXgfC.exe
  2⤵
  PID:12504
- C:\Windows\System\jAqVoKm.exe
  C:\Windows\System\jAqVoKm.exe
  2⤵
  PID:12532
- C:\Windows\System\JAQiUhp.exe
  C:\Windows\System\JAQiUhp.exe
  2⤵
  PID:12560
- C:\Windows\System\WJWLglg.exe
  C:\Windows\System\WJWLglg.exe
  2⤵
  PID:12584
- C:\Windows\System\OTTIMSv.exe
  C:\Windows\System\OTTIMSv.exe
  2⤵
  PID:12600
- C:\Windows\System\HrtbeAQ.exe
  C:\Windows\System\HrtbeAQ.exe
  2⤵
  PID:12616
- C:\Windows\System\eDCFQCH.exe
  C:\Windows\System\eDCFQCH.exe
  2⤵
  PID:12636
- C:\Windows\System\CsxtrbL.exe
  C:\Windows\System\CsxtrbL.exe
  2⤵
  PID:12684
- C:\Windows\System\GHcPpTh.exe
  C:\Windows\System\GHcPpTh.exe
  2⤵
  PID:12708
- C:\Windows\System\veScCLS.exe
  C:\Windows\System\veScCLS.exe
  2⤵
  PID:12748
- C:\Windows\System\yjiDElU.exe
  C:\Windows\System\yjiDElU.exe
  2⤵
  PID:12784
- C:\Windows\System\AtCcGOa.exe
  C:\Windows\System\AtCcGOa.exe
  2⤵
  PID:12816
- C:\Windows\System\kywAhBc.exe
  C:\Windows\System\kywAhBc.exe
  2⤵
  PID:12844
- C:\Windows\System\IzQrPie.exe
  C:\Windows\System\IzQrPie.exe
  2⤵
  PID:12884
- C:\Windows\System\fdtxabN.exe
  C:\Windows\System\fdtxabN.exe
  2⤵
  PID:12904
- C:\Windows\System\lyXmpjT.exe
  C:\Windows\System\lyXmpjT.exe
  2⤵
  PID:12936
- C:\Windows\System\sNiVBNg.exe
  C:\Windows\System\sNiVBNg.exe
  2⤵
  PID:12964
- C:\Windows\System\bjPrwym.exe
  C:\Windows\System\bjPrwym.exe
  2⤵
  PID:12992
- C:\Windows\System\HTmpSFQ.exe
  C:\Windows\System\HTmpSFQ.exe
  2⤵
  PID:13028
- C:\Windows\System\KsLysEt.exe
  C:\Windows\System\KsLysEt.exe
  2⤵
  PID:13056
- C:\Windows\System\yYNDSnl.exe
  C:\Windows\System\yYNDSnl.exe
  2⤵
  PID:13084
- C:\Windows\System\WYDCMQE.exe
  C:\Windows\System\WYDCMQE.exe
  2⤵
  PID:13112
- C:\Windows\System\nPljWQf.exe
  C:\Windows\System\nPljWQf.exe
  2⤵
  PID:13140
- C:\Windows\System\RlpqsIO.exe
  C:\Windows\System\RlpqsIO.exe
  2⤵
  PID:13168
- C:\Windows\System\fNKQZwh.exe
  C:\Windows\System\fNKQZwh.exe
  2⤵
  PID:13196
- C:\Windows\System\zCVzkTR.exe
  C:\Windows\System\zCVzkTR.exe
  2⤵
  PID:13224
- C:\Windows\System\WrRYYaT.exe
  C:\Windows\System\WrRYYaT.exe
  2⤵
  PID:13252
- C:\Windows\System\mtTLSsD.exe
  C:\Windows\System\mtTLSsD.exe
  2⤵
  PID:13280
- C:\Windows\System\VrAMgij.exe
  C:\Windows\System\VrAMgij.exe
  2⤵
  PID:13308
- C:\Windows\System\zpyHaNx.exe
  C:\Windows\System\zpyHaNx.exe
  2⤵
  PID:12348
- C:\Windows\System\GwlBCEr.exe
  C:\Windows\System\GwlBCEr.exe
  2⤵
  PID:12412
- C:\Windows\System\JQRPMWc.exe
  C:\Windows\System\JQRPMWc.exe
  2⤵
  PID:12472
- C:\Windows\System\nnUFwbA.exe
  C:\Windows\System\nnUFwbA.exe
  2⤵
  PID:12528
- C:\Windows\System\mdtWkgu.exe
  C:\Windows\System\mdtWkgu.exe
  2⤵
  PID:12576
- C:\Windows\System\lKrsDFK.exe
  C:\Windows\System\lKrsDFK.exe
  2⤵
  PID:12608
- C:\Windows\System\JTHgIuv.exe
  C:\Windows\System\JTHgIuv.exe
  2⤵
  PID:12648
- C:\Windows\System\xYjnZZq.exe
  C:\Windows\System\xYjnZZq.exe
  2⤵
  PID:12764
- C:\Windows\System\JgoMlPc.exe
  C:\Windows\System\JgoMlPc.exe
  2⤵
  PID:12812
- C:\Windows\System\wCvIOks.exe
  C:\Windows\System\wCvIOks.exe
  2⤵
  PID:12916
- C:\Windows\System\uNHPTtN.exe
  C:\Windows\System\uNHPTtN.exe
  2⤵
  PID:12956
- C:\Windows\System\egLqqqg.exe
  C:\Windows\System\egLqqqg.exe
  2⤵
  PID:13016
- C:\Windows\System\zTAojfJ.exe
  C:\Windows\System\zTAojfJ.exe
  2⤵
  PID:13096
- C:\Windows\System\fSRHokJ.exe
  C:\Windows\System\fSRHokJ.exe
  2⤵
  PID:13188
- C:\Windows\System\EaKTvGx.exe
  C:\Windows\System\EaKTvGx.exe
  2⤵
  PID:13248
- C:\Windows\System\GMroVaM.exe
  C:\Windows\System\GMroVaM.exe
  2⤵
  PID:13300
- C:\Windows\System\lWblupK.exe
  C:\Windows\System\lWblupK.exe
  2⤵
  PID:12376
- C:\Windows\System\jzXkicj.exe
  C:\Windows\System\jzXkicj.exe
  2⤵
  PID:12524
- C:\Windows\System\mKKwknk.exe
  C:\Windows\System\mKKwknk.exe
  2⤵
  PID:12768
- C:\Windows\System\JUxdklH.exe
  C:\Windows\System\JUxdklH.exe
  2⤵
  PID:12808
- C:\Windows\System\NKTMbRn.exe
  C:\Windows\System\NKTMbRn.exe
  2⤵
  PID:12836
- C:\Windows\System\ubOOiQw.exe
  C:\Windows\System\ubOOiQw.exe
  2⤵
  PID:13072
- C:\Windows\System\SlHLUuk.exe
  C:\Windows\System\SlHLUuk.exe
  2⤵
  PID:13216
- C:\Windows\System\adUaovx.exe
  C:\Windows\System\adUaovx.exe
  2⤵
  PID:12628
- C:\Windows\System\zmHeRvv.exe
  C:\Windows\System\zmHeRvv.exe
  2⤵
  PID:12440
- C:\Windows\System\rVSKCfZ.exe
  C:\Windows\System\rVSKCfZ.exe
  2⤵
  PID:13040
- C:\Windows\System\tBvpMbt.exe
  C:\Windows\System\tBvpMbt.exe
  2⤵
  PID:12800
- C:\Windows\System\IOsqVpk.exe
  C:\Windows\System\IOsqVpk.exe
  2⤵
  PID:13320
- C:\Windows\System\SnXIEdZ.exe
  C:\Windows\System\SnXIEdZ.exe
  2⤵
  PID:13344
- C:\Windows\System\gfowcFV.exe
  C:\Windows\System\gfowcFV.exe
  2⤵
  PID:13364
- C:\Windows\System\XCNiSuQ.exe
  C:\Windows\System\XCNiSuQ.exe
  2⤵
  PID:13380
- C:\Windows\System\rLkjfLM.exe
  C:\Windows\System\rLkjfLM.exe
  2⤵
  PID:13396
- C:\Windows\System\nPEvZjQ.exe
  C:\Windows\System\nPEvZjQ.exe
  2⤵
  PID:13416
- C:\Windows\System\RiLCwxM.exe
  C:\Windows\System\RiLCwxM.exe
  2⤵
  PID:13432
- C:\Windows\System\bVIKDNi.exe
  C:\Windows\System\bVIKDNi.exe
  2⤵
  PID:13452
- C:\Windows\System\DPrtxTm.exe
  C:\Windows\System\DPrtxTm.exe
  2⤵
  PID:13476
- C:\Windows\System\ueQgNnc.exe
  C:\Windows\System\ueQgNnc.exe
  2⤵
  PID:13500
- C:\Windows\System\jLJKFND.exe
  C:\Windows\System\jLJKFND.exe
  2⤵
  PID:13528
- C:\Windows\System\wAjBSqD.exe
  C:\Windows\System\wAjBSqD.exe
  2⤵
  PID:13564
- C:\Windows\System\yzPFPut.exe
  C:\Windows\System\yzPFPut.exe
  2⤵
  PID:13592
- C:\Windows\System\oKkujMY.exe
  C:\Windows\System\oKkujMY.exe
  2⤵
  PID:13632
- C:\Windows\System\kDBzWVw.exe
  C:\Windows\System\kDBzWVw.exe
  2⤵
  PID:13664
- C:\Windows\System\gueZAvZ.exe
  C:\Windows\System\gueZAvZ.exe
  2⤵
  PID:13708
- C:\Windows\System\FUvmYVa.exe
  C:\Windows\System\FUvmYVa.exe
  2⤵
  PID:13744
- C:\Windows\System\LvMKMau.exe
  C:\Windows\System\LvMKMau.exe
  2⤵
  PID:13764
- C:\Windows\System\SoJItbZ.exe
  C:\Windows\System\SoJItbZ.exe
  2⤵
  PID:13796
- C:\Windows\System\aLGPnHN.exe
  C:\Windows\System\aLGPnHN.exe
  2⤵
  PID:13820
- C:\Windows\System\GhKGhrp.exe
  C:\Windows\System\GhKGhrp.exe
  2⤵
  PID:13844
- C:\Windows\System\FrnHiBc.exe
  C:\Windows\System\FrnHiBc.exe
  2⤵
  PID:13864
- C:\Windows\System\mfgUwlj.exe
  C:\Windows\System\mfgUwlj.exe
  2⤵
  PID:13900
- C:\Windows\System\mubcPTl.exe
  C:\Windows\System\mubcPTl.exe
  2⤵
  PID:13932
- C:\Windows\System\LBBdrBI.exe
  C:\Windows\System\LBBdrBI.exe
  2⤵
  PID:13972
- C:\Windows\System\mMUjMat.exe
  C:\Windows\System\mMUjMat.exe
  2⤵
  PID:14016
- C:\Windows\System\ATMydVd.exe
  C:\Windows\System\ATMydVd.exe
  2⤵
  PID:14056
- C:\Windows\System\hckilNZ.exe
  C:\Windows\System\hckilNZ.exe
  2⤵
  PID:14076
- C:\Windows\System\foxNJDt.exe
  C:\Windows\System\foxNJDt.exe
  2⤵
  PID:14108
- C:\Windows\System\WnypmQw.exe
  C:\Windows\System\WnypmQw.exe
  2⤵
  PID:14136
- C:\Windows\System\VebmWSh.exe
  C:\Windows\System\VebmWSh.exe
  2⤵
  PID:14156
- C:\Windows\System\SfnOKIr.exe
  C:\Windows\System\SfnOKIr.exe
  2⤵
  PID:14176
- C:\Windows\System\AwFIMFJ.exe
  C:\Windows\System\AwFIMFJ.exe
  2⤵
  PID:14196
- C:\Windows\System\HeZcMAw.exe
  C:\Windows\System\HeZcMAw.exe
  2⤵
  PID:14212
- C:\Windows\System\lMKbLWV.exe
  C:\Windows\System\lMKbLWV.exe
  2⤵
  PID:14232
- C:\Windows\System\LxYJAnJ.exe
  C:\Windows\System\LxYJAnJ.exe
  2⤵
  PID:14256
- C:\Windows\System\IlhPbKm.exe
  C:\Windows\System\IlhPbKm.exe
  2⤵
  PID:14284
- C:\Windows\System\ZLqDuIV.exe
  C:\Windows\System\ZLqDuIV.exe
  2⤵
  PID:14304
- C:\Windows\System\qCXpHvc.exe
  C:\Windows\System\qCXpHvc.exe
  2⤵
  PID:14332
- C:\Windows\System\BQXHxLy.exe
  C:\Windows\System\BQXHxLy.exe
  2⤵
  PID:8132
- C:\Windows\System\rBDnFZR.exe
  C:\Windows\System\rBDnFZR.exe
  2⤵
  PID:13392
- C:\Windows\System\LLWImWY.exe
  C:\Windows\System\LLWImWY.exe
  2⤵
  PID:13440
- C:\Windows\System\DrcUwPl.exe
  C:\Windows\System\DrcUwPl.exe
  2⤵
  PID:13536
- C:\Windows\System\PxlbHCv.exe
  C:\Windows\System\PxlbHCv.exe
  2⤵
  PID:13648
- C:\Windows\System\RzEtZcK.exe
  C:\Windows\System\RzEtZcK.exe
  2⤵
  PID:13688
- C:\Windows\System\iwKOSiN.exe
  C:\Windows\System\iwKOSiN.exe
  2⤵
  PID:13876
- C:\Windows\System\AvxeTYV.exe
  C:\Windows\System\AvxeTYV.exe
  2⤵
  PID:13896
- C:\Windows\System\spcaNvv.exe
  C:\Windows\System\spcaNvv.exe
  2⤵
  PID:13960
- C:\Windows\System\DMbLbJc.exe
  C:\Windows\System\DMbLbJc.exe
  2⤵
  PID:14004
- C:\Windows\System\PjLXPcT.exe
  C:\Windows\System\PjLXPcT.exe
  2⤵
  PID:14084
- C:\Windows\System\wejCQXV.exe
  C:\Windows\System\wejCQXV.exe
  2⤵
  PID:14068
- C:\Windows\System\NdWhstc.exe
  C:\Windows\System\NdWhstc.exe
  2⤵
  PID:14128
- C:\Windows\System\bvxihIV.exe
  C:\Windows\System\bvxihIV.exe
  2⤵
  PID:13068
- C:\Windows\System\HNADERb.exe
  C:\Windows\System\HNADERb.exe
  2⤵
  PID:14268
- C:\Windows\System\KXDndaQ.exe
  C:\Windows\System\KXDndaQ.exe
  2⤵
  PID:14300
- C:\Windows\System\EtYMUCh.exe
  C:\Windows\System\EtYMUCh.exe
  2⤵
  PID:13404
- C:\Windows\System\YdVwDQQ.exe
  C:\Windows\System\YdVwDQQ.exe
  2⤵
  PID:13424
- C:\Windows\System\qwyOrST.exe
  C:\Windows\System\qwyOrST.exe
  2⤵
  PID:13736
- C:\Windows\System\GwYbZXP.exe
  C:\Windows\System\GwYbZXP.exe
  2⤵
  PID:13516
- C:\Windows\System\GrVnXie.exe
  C:\Windows\System\GrVnXie.exe
  2⤵
  PID:13916
- C:\Windows\System\rnhBUun.exe
  C:\Windows\System\rnhBUun.exe
  2⤵
  PID:13924
- C:\Windows\System\bWeZPRc.exe
  C:\Windows\System\bWeZPRc.exe
  2⤵
  PID:14036
- C:\Windows\System\ghuTOCn.exe
  C:\Windows\System\ghuTOCn.exe
  2⤵
  PID:14204
- C:\Windows\System\GNJVexf.exe
  C:\Windows\System\GNJVexf.exe
  2⤵
  PID:13372
- C:\Windows\System\WNITrPL.exe
  C:\Windows\System\WNITrPL.exe
  2⤵
  PID:13720
- C:\Windows\System\ydkKKVb.exe
  C:\Windows\System\ydkKKVb.exe
  2⤵
  PID:12516
- C:\Windows\System\QLvJWFq.exe
  C:\Windows\System\QLvJWFq.exe
  2⤵
  PID:14356
- C:\Windows\System\KmNXUbm.exe
  C:\Windows\System\KmNXUbm.exe
  2⤵
  PID:14372
- C:\Windows\System\sVsFaBL.exe
  C:\Windows\System\sVsFaBL.exe
  2⤵
  PID:14400
- C:\Windows\System\DRWtraY.exe
  C:\Windows\System\DRWtraY.exe
  2⤵
  PID:14436
- C:\Windows\System\BvnvLDm.exe
  C:\Windows\System\BvnvLDm.exe
  2⤵
  PID:14452
- C:\Windows\System\UxYLCyk.exe
  C:\Windows\System\UxYLCyk.exe
  2⤵
  PID:14484
- C:\Windows\System\fTFXDkl.exe
  C:\Windows\System\fTFXDkl.exe
  2⤵
  PID:14520
- C:\Windows\System\RAgdKOy.exe
  C:\Windows\System\RAgdKOy.exe
  2⤵
  PID:14548
- C:\Windows\System\saSyjhK.exe
  C:\Windows\System\saSyjhK.exe
  2⤵
  PID:14576
- C:\Windows\System\fVCtfNF.exe
  C:\Windows\System\fVCtfNF.exe
  2⤵
  PID:14672
- C:\Windows\System\OvaDQcX.exe
  C:\Windows\System\OvaDQcX.exe
  2⤵
  PID:14692
- C:\Windows\System\gviIcgb.exe
  C:\Windows\System\gviIcgb.exe
  2⤵
  PID:14708
- C:\Windows\System\TAenaOJ.exe
  C:\Windows\System\TAenaOJ.exe
  2⤵
  PID:14728
- C:\Windows\System\SXPsiLc.exe
  C:\Windows\System\SXPsiLc.exe
  2⤵
  PID:14748
- C:\Windows\System\UbhBYUO.exe
  C:\Windows\System\UbhBYUO.exe
  2⤵
  PID:14764
- C:\Windows\System\sFBJFvK.exe
  C:\Windows\System\sFBJFvK.exe
  2⤵
  PID:14784
- C:\Windows\System\sjplsuB.exe
  C:\Windows\System\sjplsuB.exe
  2⤵
  PID:15000
- C:\Windows\System\WWJEMXk.exe
  C:\Windows\System\WWJEMXk.exe
  2⤵
  PID:15036
- C:\Windows\System\BlnjpeT.exe
  C:\Windows\System\BlnjpeT.exe
  2⤵
  PID:15076
- C:\Windows\System\cGafjJJ.exe
  C:\Windows\System\cGafjJJ.exe
  2⤵
  PID:15092
- C:\Windows\System\aitkISu.exe
  C:\Windows\System\aitkISu.exe
  2⤵
  PID:15112
- C:\Windows\System\dAHNHCF.exe
  C:\Windows\System\dAHNHCF.exe
  2⤵
  PID:15144
- C:\Windows\System\OMRgDCG.exe
  C:\Windows\System\OMRgDCG.exe
  2⤵
  PID:15188
- C:\Windows\System\KUqHeJG.exe
  C:\Windows\System\KUqHeJG.exe
  2⤵
  PID:15292
- C:\Windows\System\IfyONnz.exe
  C:\Windows\System\IfyONnz.exe
  2⤵
  PID:15324
- C:\Windows\System\HGzHUIY.exe
  C:\Windows\System\HGzHUIY.exe
  2⤵
  PID:15348
- C:\Windows\System\sYrxEuV.exe
  C:\Windows\System\sYrxEuV.exe
  2⤵
  PID:13704
- C:\Windows\System\ZFLMddf.exe
  C:\Windows\System\ZFLMddf.exe
  2⤵
  PID:5056
- C:\Windows\System\jQBfWOQ.exe
  C:\Windows\System\jQBfWOQ.exe
  2⤵
  PID:13336
- C:\Windows\System\atNqHvs.exe
  C:\Windows\System\atNqHvs.exe
  2⤵
  PID:5796
- C:\Windows\System\nVfurcU.exe
  C:\Windows\System\nVfurcU.exe
  2⤵
  PID:14388
- C:\Windows\System\xMNqGgj.exe
  C:\Windows\System\xMNqGgj.exe
  2⤵
  PID:3148
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3148 -s 248
    3⤵
    PID:15052
- C:\Windows\System\WZOZTct.exe
  C:\Windows\System\WZOZTct.exe
  2⤵
  PID:14444
- C:\Windows\System\hueYCCy.exe
  C:\Windows\System\hueYCCy.exe
  2⤵
  PID:14632
- C:\Windows\System\oDZXDmS.exe
  C:\Windows\System\oDZXDmS.exe
  2⤵
  PID:12596
- C:\Windows\System\nrSfxMs.exe
  C:\Windows\System\nrSfxMs.exe
  2⤵
  PID:14544
- C:\Windows\System\WycYUtv.exe
  C:\Windows\System\WycYUtv.exe
  2⤵
  PID:5236
- C:\Windows\System\BfVsBMV.exe
  C:\Windows\System\BfVsBMV.exe
  2⤵
  PID:14624
- C:\Windows\System\yEJQzDe.exe
  C:\Windows\System\yEJQzDe.exe
  2⤵
  PID:14848
- C:\Windows\System\KHipKQv.exe
  C:\Windows\System\KHipKQv.exe
  2⤵
  PID:4828
- C:\Windows\System\EOdkdyY.exe
  C:\Windows\System\EOdkdyY.exe
  2⤵
  PID:15320
- C:\Windows\System\HAfyfhR.exe
  C:\Windows\System\HAfyfhR.exe
  2⤵
  PID:15152
- C:\Windows\System\kKrluJp.exe
  C:\Windows\System\kKrluJp.exe
  2⤵
  PID:3116
- C:\Windows\System\TurRgOM.exe
  C:\Windows\System\TurRgOM.exe
  2⤵
  PID:15280
- C:\Windows\System\uZeJQKV.exe
  C:\Windows\System\uZeJQKV.exe
  2⤵
  PID:15216
- C:\Windows\System\KOLCOVK.exe
  C:\Windows\System\KOLCOVK.exe
  2⤵
  PID:15256
- C:\Windows\System\jAUFdvV.exe
  C:\Windows\System\jAUFdvV.exe
  2⤵
  PID:5808
- C:\Windows\System\BcVEuLz.exe
  C:\Windows\System\BcVEuLz.exe
  2⤵
  PID:12468
- C:\Windows\System\OMktilG.exe
  C:\Windows\System\OMktilG.exe
  2⤵
  PID:12500
- C:\Windows\System\GcTgagl.exe
  C:\Windows\System\GcTgagl.exe
  2⤵
  PID:14396
- C:\Windows\System\VfTZfOM.exe
  C:\Windows\System\VfTZfOM.exe
  2⤵
  PID:14496
- C:\Windows\System\XJAKjGE.exe
  C:\Windows\System\XJAKjGE.exe
  2⤵
  PID:14560
- C:\Windows\System\AtDbhBF.exe
  C:\Windows\System\AtDbhBF.exe
  2⤵
  PID:14612
- C:\Windows\System\jMpNHFr.exe
  C:\Windows\System\jMpNHFr.exe
  2⤵
  PID:14700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EUGAHPh.exe

Filesize
5.2MB

MD5
3856368be5aedc71a95bbbeb1cb8b6b7

SHA1
584f87784df1a00a1497926e3e8d7500364d2460

SHA256
2c44c9bbf9e634f90b3ebea36ff57c0e845e64af29fbae1fd6d7ff3a5a8338a3

SHA512
8cbba77689a2ac9494b9aeb4980b15a601d04f3e61d8c472fbf5b5a0f79b527e1f70421fbeebebb145f89229b4853fb2fb6f7ae71956c93361f7e486691e2279

Download Submit
C:\Windows\System\GeYGoMB.exe

Filesize
5.2MB

MD5
64d0af6d296f3ac32fa367871628252d

SHA1
d42c7875ac7ed52e7f41e1149e4a9f179d44a95b

SHA256
63d0bf92f91258b59fded8cb7354fb7e85d1e0e434d19edabb67bb74abca7fb8

SHA512
0cf5e23a0fa42060c82c8663278f095dbb817b641f671a6c54d75312a32e7a5a2da36197cefd6a2b649fe177f6f7542851caff9f05903119ea2402a1b651b71c

Download Submit
C:\Windows\System\HJJtnqN.exe

Filesize
5.2MB

MD5
9ad51a23d42cb11ebf6d90157c179a69

SHA1
b095ab243eaaa5f405bcd3c398e1b1c3eff59769

SHA256
b82d7a61bc4c4db70f4b2111108d89f5357d40fa2557f85302f2a42cd04ffce1

SHA512
fc7104289c27004c5378cbbf6c98dda954dcce5f9992e1174da5116d40945679efcd74f62a00e99d8b648e75e47fd30f324af1013da19e15e44c23534aab4310

Download Submit
C:\Windows\System\HTzsyYO.exe

Filesize
5.2MB

MD5
e577980cd9e922c6aefecee92005bf30

SHA1
f607d2ee17fbff9fa2c67abd673adb8c982b57c4

SHA256
ba3f0f4a1e5bf1c68401cf72acafdcc40975b01fe14ceb1816ca620dfce6853d

SHA512
96aecbf38840c6403ff2b9ff9d10067c265004e71e36b6990a86a7c1f99e1820fbb74eefa964058c05fbf01e871b6fed3ee8a1465b3c5e45c7afe3b372acdbac

Download Submit
C:\Windows\System\LaYfxSf.exe

Filesize
5.2MB

MD5
101ac8420f647773c73481b6ecb92f89

SHA1
fb00107ed97d7f4d1a3a792e659dff46eddcd641

SHA256
a63a8d0c6a90f3831ff4896da9e0d0b5f8440cc6894f83cd5294618cb8ff691e

SHA512
4e2cf846cfb08a4b2f6636f5cfb771a8c1f4d2c94fe280a3c14a6c65db347352d46efdfb443582114bb4f8d99251c81f0e7645c5df5fcb632fef940c67286b6d

Download Submit
C:\Windows\System\LqEJbQK.exe

Filesize
5.2MB

MD5
634df88714b13c14d634b2e91d7e4003

SHA1
fecc5c44dc37d0561a0e052623cc185c8a8fcf69

SHA256
01e83cf446f59dc217929858a8c5a22e11281bdf64ca02edc2077d4f569269b8

SHA512
852f3c220b3474340b1de7e07b886ea246c9b83cf28a24bfe936571ee9a6725d65b5111c3818d63e67c7ad551fd7cb743e0d5fcee968f21c175b3ba036a95419

Download Submit
C:\Windows\System\LrFaTqA.exe

Filesize
5.2MB

MD5
07aef0e2108ecae57d0bf82799a23f40

SHA1
fbe6900b1a348db999f576491f44cead6522db70

SHA256
07b22e08a9932821b679eec1f92a38c33679150a1f1d428def24865045b680a5

SHA512
b6f0be90b913b1eb8f2654fa09f9d7830ec517361a49f020cc70a1ef761fbfa7e9b60fdc39a0fd9a6d39e4402d8fc0365be4cd66340a89919d80337f5cea2dd0

Download Submit
C:\Windows\System\MNdfazr.exe

Filesize
5.2MB

MD5
8eafcb1d4fbf5dc49d038600e829788d

SHA1
88e8e4d3e007fdd44da8490e701dc819779facaa

SHA256
b5c80ca180c2d9e87d3dc3b1cd82236421efa6098225128292c5de6249d7815b

SHA512
a2121641e0522b054916c4158260a716632dec2d4c1681684889dc5bef23fb365ea50c7358a95e40dd696cfcf13d03926df41a253d811c63cb58f199d8741eb1

Download Submit
C:\Windows\System\PEhOKCR.exe

Filesize
5.2MB

MD5
7560459dae3ae596664d52f2f3fef337

SHA1
4ee8a105a9dca7459ad03d59798c2ec506c184ce

SHA256
22bcda3a38c73f040a52eee78ad0915b27663055e35c9f3e1bceeb967e57808b

SHA512
3e37c3290ba3fd3ecc5471e50c3cf082a5be6eb17786ab09f1b750dcb805e054b4e4e02170342ce8c391b4d7bf6a9b3c095fc7c099cd8a359e6c520b9fc9a8cb

Download Submit
C:\Windows\System\PQZrHjl.exe

Filesize
5.2MB

MD5
37483e58c440c5d6ab799099c4476a53

SHA1
db216c6f74195a751a00ce3d222088b6b79ddeb6

SHA256
d047b5a87f56ba6f51ae3b44727502800e1a269b5ddcfdad114f95987b4992dc

SHA512
414e140aac6df3590dc31e245a75da10e0d484ba0ab0d51cd497a63ee4e0d598567c5ada60a70742db1dd6188c225aebfb933517bdb12e667e232b41a66f0f81

Download Submit
C:\Windows\System\PqbGPZL.exe

Filesize
5.2MB

MD5
387345261ccef866e3ee463fd6b9d3bf

SHA1
c5a337ace7437deca774e31d72e8c34d6515943a

SHA256
560960f70dd8194bfc4fd458ccac522f2fbf9b60a12493aed94080fc68daddc8

SHA512
359d71b65158ed7722d1fc7e130b3ac4d303fe7060f5ec3a8af1fb0967faae375366903d19c6905196a912750d9020bc66e9aa9a98c87a90a136ca0b48f3954e

Download Submit
C:\Windows\System\QoyvMnP.exe

Filesize
5.2MB

MD5
aa395e07dbfb7eb0837f29bf42032714

SHA1
3a7d814ed7c6fc2b7124df623a208d47ef3342f1

SHA256
3ef61c1e19e59c242d23198c3ae8f9ff6c9f662decc11e9707ca7d8693ed0605

SHA512
b6a811d3005dcf051eaeffbfe50c380ab1fc8cc3f30b6d8027109642535011f42752400e0fa7c293ab9a74ba28ac9ef11877cded593446cb71707d0e2fbe92d2

Download Submit
C:\Windows\System\TFQdXaV.exe

Filesize
5.2MB

MD5
1c5f8564b360298ed2603fbeb751bd96

SHA1
bd384ae813908bc3d5e0e6617c4400d16aad1d20

SHA256
8cc8a11e8546738649e8eb9c21b9e7927363b612cc5cc8e4d78b7733208c5dea

SHA512
e7a6d95b80069d6be61314e6088105fcb635522774ae7995291a35481f024f67427443130c1c176a14657b2a736789dd501776b731ce5b907e73bf260ac3b4c4

Download Submit
C:\Windows\System\WzAofPy.exe

Filesize
5.2MB

MD5
3110aa418d81beac0aa37b25972fe344

SHA1
a380c7a02224d6eb15af171e21a5a9bd74a7c608

SHA256
0045999a87b36ddcb433d7f571c1778f92e7d77441c6138532732e33ed7dbb4f

SHA512
4fc46119c0d21c71e96385a754dd9a64f39f6b6ed110b05956df0410011b54fd3c3caff7d5ebf07d30e61025f9bdf5024f8abdfdc0500ed6f62872834f32336a

Download Submit
C:\Windows\System\XEzsyee.exe

Filesize
5.2MB

MD5
5b1762b36cedf5058e587064b6717ad6

SHA1
a70a02732197c298e6f7a2a4b4785ce1f2aa0dbf

SHA256
84e8683b00b7a88abcb59a1dc372a2d17791ea123995ba5d936c8f69cc72d5c6

SHA512
625035ecbb2c7c33da23157992ed946c960608214f67ce314b71ae351f24bebb390b7e75a632be91721025267f646af4517086447905241491b0103c15c441e6

Download Submit
C:\Windows\System\XOZxgTa.exe

Filesize
5.2MB

MD5
7adab7c5a12b85861d755a3a97fcf9df

SHA1
74995eafd644bbccc54b473444b52cb795f21d6b

SHA256
6452ae9bcb2705ba889cfe1ba06b4db91087b9a35022f55b1353dc2210e0e94a

SHA512
5477db6e090591a2014af9df25b3551e969a4d6f84ac6fd1da283e925d37972e18f2fa192371b7fb21f75631942b83318bf8a84112cb94c137f06f22c9814e76

Download Submit
C:\Windows\System\aZeQIyX.exe

Filesize
5.2MB

MD5
784133c1adef8d555fd3c94f08b4b605

SHA1
04b79cda7a23ad258cd7b16fc15f4df216856750

SHA256
90f0d4807caddfc2e34940569a74fb57f8640eb189d875736f102d5dd7802783

SHA512
6c6dd3b52cf55932e27ba9cfc3caf1f4f2112e1cad9115fca933375d6d6522f6f29cfc66608f998955da9980c6bd9f8127edc1add262bc8ad8503e66c971907e

Download Submit
C:\Windows\System\ahocHCq.exe

Filesize
5.2MB

MD5
775a8055a86962cd83d2ad8b45353e91

SHA1
6b32b86e200e4acf35a75aae5bd1761eea867bb1

SHA256
231e95c11372068c96f938f01145ec57bd0e24695042b8e0b586e8ef630a581b

SHA512
47076636848ba0fca3bb3c64fcd6bc0f9c89950885a5a34f49f963a20ca556675c195a4ae9cbfb56f801e6d968ced91a4bd8e897d97b519e01d193769274766f

Download Submit
C:\Windows\System\eoQsqXB.exe

Filesize
5.2MB

MD5
67fc79327c5aa0b07fc4f342f111f51e

SHA1
eea18ef176271da782dc167b74d5d00cc67d6832

SHA256
9945c3d725601813046c412b46cd0b009d65a5432a44adb2906b73f443a2fbe3

SHA512
790430a2c299550db9c36fa9416b485171f6ee42d75f51dd99384c992c3fd87aff53b34927d1c84b85fc8ead3c9fd3c3d6205aff3136bb8061c37f9ddf204aa8

Download Submit
C:\Windows\System\fUobPyk.exe

Filesize
5.2MB

MD5
c0c354ff690d4093ac6a1025634742d4

SHA1
6008c3c86c2abc4b3210f1fde6e163f5b48f091f

SHA256
2082933a71d30fe6ea560ab1816f18814bc837dbc952d8d21a445c9fc812ef78

SHA512
391fb01effa083e309891875e1d431e333d4177c47c9f5601414dee2a14b5181c78f8d12e718ae81302ed7e6eead27803a19d4febb266676240fc8a110e17bdb

Download Submit
C:\Windows\System\fVuBkxo.exe

Filesize
5.2MB

MD5
ae0fbca5c1d72af746fa0d9442205df3

SHA1
234a655573f16b2c85977e2a0c5e866a71639881

SHA256
62ba11cbd20636cc1a3dd72790067aad6c0d05410d43c317694ce8f1d4cd5014

SHA512
5435895f8887efcb1deb70fb2192dbe533dc2e97a26e23888fbde5454d560d75b43f0e824d95162cba08021954a2117458b6822ae18e5d991399bba6f1cd910a

Download Submit
C:\Windows\System\jnQkKqf.exe

Filesize
5.2MB

MD5
52ce454228da5e058bc9846b9947629c

SHA1
adf1667244127b476176c904fdc3871faccdc85b

SHA256
f146f3ce50eb423dd5423804e1e484759d406a952958ed66c561b007e6367b58

SHA512
e12fccbbc4f8917f75d9b576e7c3c4c67dd7c63023126ffa3290730da123632c68dad22167dcbd0b6b7340a46a0267d7e099e87a2e3db7e423073507568fa6ee

Download Submit
C:\Windows\System\lkhFqZc.exe

Filesize
5.2MB

MD5
9f11a2c9b8e2adf95aaead295034c706

SHA1
56da16da5239f076d6e80814e7cbd2eea68f8efe

SHA256
8f526e214b20a7a5e149011060df0e42ce34e52afb0e6009cde5d862cf107c7c

SHA512
dc483b36dac97b0519ad7ee40b659d59d2840496ea82a645945cc4c34f6b57c791b2e9f0fdc9b3b84ad669f7a0b2aaa2e000a4184711a85a5583678b0e5ac35b

Download Submit
C:\Windows\System\nfbofuO.exe

Filesize
5.2MB

MD5
62b33be2a13aa5e603d6cc603787e98a

SHA1
4d61c2ff25bd53e5ca94706e2fb09534efd589d4

SHA256
65d97080bab313fa2695f11ee879b4541ca12610918ccd5d96faf7a34c4fdc2a

SHA512
7fb7363b75e09f2c6d7d9a7f354485d4bf1a79e05506b6e6c65471b46ce5f79ed8894dc0c70fbca28520d33458ac97687e5488a9f34ab144b3a88164824bf1fd

Download Submit
C:\Windows\System\pXZFkaY.exe

Filesize
5.2MB

MD5
3e75a525982b415d39aef3ca6f6b64fc

SHA1
c4432e41b47e3d8ca952ba9e734fb4e8978bc2b7

SHA256
845202bf1a7763a5da207e2764406663eebb4402e9c5439a0f7d4bd552a63b4e

SHA512
d1d6714a02012377d5bb668edacbb23255fd6a26bf336fe5c2cba21d7aecfaead2845cf7fb968fee143dcd6bb9508c87e839bf8962ad0cb2b599bfc53d568339

Download Submit
C:\Windows\System\qSXUKKI.exe

Filesize
5.2MB

MD5
b2785aec5235b07ddcd6a7d012563165

SHA1
24da310445126e4d0e182f558c26639cdb1d4e4a

SHA256
7c4b94e4c8748a55e4a29fd8d0443994025f185d6cfad632d2029b6171a9512d

SHA512
67b120b093f24438d22303bf3c5a652dd4e5999b95a26689f1dbb011df5026f9731a3275358b0a3b26420a3119b290bbba29dac4d6426f98d65e36bfb7f9405e

Download Submit
C:\Windows\System\qabXCBW.exe

Filesize
5.2MB

MD5
aa8baeaccb574c442083b6ebf616c408

SHA1
0edefb5055648df5383755548319f62a4dc42e25

SHA256
5b2ede84971779bf623cf6c8c3b2f5ae79b67a99ed4dbb68e9bdfb1c803a2fd5

SHA512
9017988ef12af1400c4b7a34510587534b8269c33efd0a2c96c7b09c4bb9a350fdb4dc38acc91726acbbb802d20189ff89257df173da4d58884878fed885c7e8

Download Submit
C:\Windows\System\qfOfCuG.exe

Filesize
5.2MB

MD5
acebb0a841aa89bff6fb116345016d04

SHA1
bf5351873684aaf12d8d4aaca5cfc38b153238db

SHA256
c28937cef1577059a4950a10a808796f454cd00b2df09cb7f48c489a2880a425

SHA512
674eb1a8a5ada2d6a686b425901625d5bb37c69a15c53dc4a44e6ef9c72307431ff2915cb2a474b5a4943e0c5f493a368a6bdfaf343f0c379a8643432a865869

Download Submit
C:\Windows\System\rZNhrzx.exe

Filesize
5.2MB

MD5
e13fdc709f456ca1b49a5634bc49ad2c

SHA1
63e7842fbaf6b2cba05505fca2a4564eea689953

SHA256
1da44ca23474320b23e19912a5b6f4273a291b7fe950ac84b96bf6659f2f34f5

SHA512
c72f6e1425ae7faa65d9b9e75816bb4091f86f33d8943b23c4de284fdba06708e325199eb542cfb03318340710d584779ad3b786c04604a4df76e9d4a90c5c03

Download Submit
C:\Windows\System\sXwghqa.exe

Filesize
5.2MB

MD5
451b1f5edda7632728809b443398405d

SHA1
608e85eefc6b2763e95d9cb6f40d03a08a7d983d

SHA256
c1af7ac3be1123b11f1a499a16622cfb9172071ca922c5fd5f20cd0d45517049

SHA512
2bcb06573c9cf11744ceb0b659d4e902f398e2fecb62452337293ce0be34e36e8fb781e507a1cb6095989316cd4802ce1f62dc8e92a2710e5c1b64534a154c81

Download Submit
C:\Windows\System\uMHGBEc.exe

Filesize
5.2MB

MD5
89aea05473f81866928f652467f8da0f

SHA1
3283449d0541bb061a43c6b78581cbc90ee5de2e

SHA256
dcc126c8a815a7af250642e0dc1069852f8c896a1d063e3dd5d3035120d1e432

SHA512
7b3b5a38b85f879c277fc85e00e1604767fcd73086fdf9688216597b3b97774e2a08cef30fbc0e9170608f061cf0c9e166503ebfed7c3001c29affadad1820b8

Download Submit
C:\Windows\System\xDvvfOa.exe

Filesize
5.2MB

MD5
2c2713f0c7cf87ce594f8c3131837cd6

SHA1
7f86de679d0b8995f6cc79b5d9bbf2614d2d4744

SHA256
5b852ef59eccc4dc1e129321862ed678431b235da4188ebdef5fe34a5ae697a2

SHA512
d3d539735aeada0ced612a5dcf1b436f448ac9d0daa6ca6ff1e30f7ad9bf9114404ab5f4fd1a46fabfc4b0ba22cb3ed3e6f69667615fa222379386522b9a98e0

Download Submit
C:\Windows\System\xbWrxop.exe

Filesize
5.2MB

MD5
f202a90a9707d6be18e90dd58b4ebf40

SHA1
fc73126dbe93e804ce5826bc79de2da795885bc4

SHA256
1b0149008684eddc72ab202cf960ef49b3226a28e4a99b2db08ccfa85ab65be4

SHA512
7b8afdadcec79e55e46a6cefc551b7e5cd93a493f7c62fbadc8192845e581f43f7e9f6626a10aa10f2f03a537fe452e1e279cbd5ad379d3c05ee470d35c86fdc

Download Submit
memory/456-2253-0x00007FF625600000-0x00007FF625951000-memory.dmp

Filesize
3.3MB

Download
memory/456-162-0x00007FF625600000-0x00007FF625951000-memory.dmp

Filesize
3.3MB

Download
memory/456-42-0x00007FF625600000-0x00007FF625951000-memory.dmp

Filesize
3.3MB

Download
memory/760-2623-0x00007FF7044E0000-0x00007FF704831000-memory.dmp

Filesize
3.3MB

Download
memory/760-217-0x00007FF7044E0000-0x00007FF704831000-memory.dmp

Filesize
3.3MB

Download
memory/760-987-0x00007FF7044E0000-0x00007FF704831000-memory.dmp

Filesize
3.3MB

Download
memory/884-2234-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp

Filesize
3.3MB

Download
memory/884-32-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp

Filesize
3.3MB

Download
memory/884-114-0x00007FF7D16C0000-0x00007FF7D1A11000-memory.dmp

Filesize
3.3MB

Download
memory/1144-127-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp

Filesize
3.3MB

Download
memory/1144-37-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp

Filesize
3.3MB

Download
memory/1144-2244-0x00007FF6B3370000-0x00007FF6B36C1000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2293-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp

Filesize
3.3MB

Download
memory/1540-153-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp

Filesize
3.3MB

Download
memory/1540-51-0x00007FF77D050000-0x00007FF77D3A1000-memory.dmp

Filesize
3.3MB

Download
memory/1576-229-0x00007FF7EF9A0000-0x00007FF7EFCF1000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2601-0x00007FF7EF9A0000-0x00007FF7EFCF1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-235-0x00007FF6240A0000-0x00007FF6243F1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2599-0x00007FF6240A0000-0x00007FF6243F1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1969-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-69-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-6-0x00007FF64D1A0000-0x00007FF64D4F1000-memory.dmp

Filesize
3.3MB

Download
memory/2528-143-0x00007FF6244C0000-0x00007FF624811000-memory.dmp

Filesize
3.3MB

Download
memory/2528-178-0x00007FF6244C0000-0x00007FF624811000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2356-0x00007FF6244C0000-0x00007FF624811000-memory.dmp

Filesize
3.3MB

Download
memory/2608-169-0x00007FF69D220000-0x00007FF69D571000-memory.dmp

Filesize
3.3MB

Download
memory/2608-91-0x00007FF69D220000-0x00007FF69D571000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2317-0x00007FF69D220000-0x00007FF69D571000-memory.dmp

Filesize
3.3MB

Download
memory/2724-73-0x00007FF642530000-0x00007FF642881000-memory.dmp

Filesize
3.3MB

Download
memory/2724-166-0x00007FF642530000-0x00007FF642881000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2327-0x00007FF642530000-0x00007FF642881000-memory.dmp

Filesize
3.3MB

Download
memory/2816-78-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp

Filesize
3.3MB

Download
memory/2816-167-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2312-0x00007FF7E2590000-0x00007FF7E28E1000-memory.dmp

Filesize
3.3MB

Download
memory/3232-150-0x00007FF70D5A0000-0x00007FF70D8F1000-memory.dmp

Filesize
3.3MB

Download
memory/3232-2358-0x00007FF70D5A0000-0x00007FF70D8F1000-memory.dmp

Filesize
3.3MB

Download
memory/3276-209-0x00007FF761510000-0x00007FF761861000-memory.dmp

Filesize
3.3MB

Download
memory/3276-986-0x00007FF761510000-0x00007FF761861000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2603-0x00007FF761510000-0x00007FF761861000-memory.dmp

Filesize
3.3MB

Download
memory/3336-88-0x00007FF653780000-0x00007FF653AD1000-memory.dmp

Filesize
3.3MB

Download
memory/3336-1992-0x00007FF653780000-0x00007FF653AD1000-memory.dmp

Filesize
3.3MB

Download
memory/3336-23-0x00007FF653780000-0x00007FF653AD1000-memory.dmp

Filesize
3.3MB

Download
memory/3380-63-0x00007FF64FF20000-0x00007FF650271000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2265-0x00007FF64FF20000-0x00007FF650271000-memory.dmp

Filesize
3.3MB

Download
memory/3892-0-0x00007FF7ABEB0000-0x00007FF7AC201000-memory.dmp

Filesize
3.3MB

Download
memory/3892-57-0x00007FF7ABEB0000-0x00007FF7AC201000-memory.dmp

Filesize
3.3MB

Download
memory/3892-1-0x000002B6D9B00000-0x000002B6D9B10000-memory.dmp

Filesize
64KB

Download
memory/3948-18-0x00007FF779A10000-0x00007FF779D61000-memory.dmp

Filesize
3.3MB

Download
memory/3948-79-0x00007FF779A10000-0x00007FF779D61000-memory.dmp

Filesize
3.3MB

Download
memory/3948-1989-0x00007FF779A10000-0x00007FF779D61000-memory.dmp

Filesize
3.3MB

Download
memory/4484-66-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp

Filesize
3.3MB

Download
memory/4484-165-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2304-0x00007FF6E8CF0000-0x00007FF6E9041000-memory.dmp

Filesize
3.3MB

Download
memory/4512-151-0x00007FF737AA0000-0x00007FF737DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2340-0x00007FF737AA0000-0x00007FF737DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4540-176-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2349-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp

Filesize
3.3MB

Download
memory/4540-142-0x00007FF64E690000-0x00007FF64E9E1000-memory.dmp

Filesize
3.3MB

Download
memory/4616-102-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp

Filesize
3.3MB

Download
memory/4616-170-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2321-0x00007FF6FB930000-0x00007FF6FBC81000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2336-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp

Filesize
3.3MB

Download
memory/4624-134-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp

Filesize
3.3MB

Download
memory/4624-173-0x00007FF682C80000-0x00007FF682FD1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-171-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-112-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-2325-0x00007FF7D7590000-0x00007FF7D78E1000-memory.dmp

Filesize
3.3MB

Download
memory/4700-172-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp

Filesize
3.3MB

Download
memory/4700-126-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2331-0x00007FF77A5B0000-0x00007FF77A901000-memory.dmp

Filesize
3.3MB

Download
memory/5328-152-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp

Filesize
3.3MB

Download
memory/5328-2355-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp

Filesize
3.3MB

Download
memory/5504-2338-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp

Filesize
3.3MB

Download
memory/5504-175-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp

Filesize
3.3MB

Download
memory/5504-135-0x00007FF7C3FA0000-0x00007FF7C42F1000-memory.dmp

Filesize
3.3MB

Download
memory/5528-2323-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp

Filesize
3.3MB

Download
memory/5528-81-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp

Filesize
3.3MB

Download
memory/5528-168-0x00007FF6B6DC0000-0x00007FF6B7111000-memory.dmp

Filesize
3.3MB

Download
memory/5836-195-0x00007FF6D81E0000-0x00007FF6D8531000-memory.dmp

Filesize
3.3MB

Download
memory/6140-1981-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp

Filesize
3.3MB

Download
memory/6140-74-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp

Filesize
3.3MB

Download
memory/6140-12-0x00007FF6A1E10000-0x00007FF6A2161000-memory.dmp

Filesize
3.3MB

Download