cobaltstrike | 4087ca1abf51069b5d8c6240f8936ff9036f4405bed2feb3b0ba39f6fe8d128c

Analysis

max time kernel
104s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

337697db9f7d2b65bf91cb89fc763e7b
SHA1

0082926bd7b0081d314f8178b172f33e4f9b3219
SHA256

4087ca1abf51069b5d8c6240f8936ff9036f4405bed2feb3b0ba39f6fe8d128c
SHA512

9b049b9a624d6a15b173aeb54942f707a64e39f0807ab85524f5a903f9aad0cc3cf8df30a331155a7b1ff41579129d8b4b98ee146164a8d17498b7dcbf007683
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0005000000023185-4.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002425b-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425c-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425d-23.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425e-30.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425f-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024261-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024262-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024263-57.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024259-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024265-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024267-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024268-93.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426e-127.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426f-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024274-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024275-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024278-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024277-197.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427b-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024276-186.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427a-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024272-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024271-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024279-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024273-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024270-139.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426d-121.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426c-117.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426b-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024269-112.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426a-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024264-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024260-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5320-0-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp	xmrig
behavioral2/files/0x0005000000023185-4.dat	xmrig
behavioral2/memory/4220-7-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp	xmrig
behavioral2/files/0x000800000002425b-10.dat	xmrig
behavioral2/files/0x000700000002425c-11.dat	xmrig
behavioral2/files/0x000700000002425d-23.dat	xmrig
behavioral2/files/0x000700000002425e-30.dat	xmrig
behavioral2/memory/3528-32-0x00007FF690230000-0x00007FF690584000-memory.dmp	xmrig
behavioral2/files/0x000700000002425f-35.dat	xmrig
behavioral2/files/0x0007000000024261-43.dat	xmrig
behavioral2/files/0x0007000000024262-56.dat	xmrig
behavioral2/files/0x0007000000024263-57.dat	xmrig
behavioral2/memory/4220-69-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp	xmrig
behavioral2/files/0x0008000000024259-74.dat	xmrig
behavioral2/files/0x0007000000024265-81.dat	xmrig
behavioral2/files/0x0007000000024267-84.dat	xmrig
behavioral2/files/0x0007000000024268-93.dat	xmrig
behavioral2/memory/4556-101-0x00007FF6911B0000-0x00007FF691504000-memory.dmp	xmrig
behavioral2/files/0x000700000002426e-127.dat	xmrig
behavioral2/files/0x000700000002426f-135.dat	xmrig
behavioral2/files/0x0007000000024274-164.dat	xmrig
behavioral2/files/0x0007000000024275-166.dat	xmrig
behavioral2/files/0x0007000000024278-179.dat	xmrig
behavioral2/memory/4004-193-0x00007FF7E3690000-0x00007FF7E39E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024277-197.dat	xmrig
behavioral2/memory/444-196-0x00007FF6DCEB0000-0x00007FF6DD204000-memory.dmp	xmrig
behavioral2/memory/4836-195-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp	xmrig
behavioral2/memory/4688-194-0x00007FF60F550000-0x00007FF60F8A4000-memory.dmp	xmrig
behavioral2/memory/5024-192-0x00007FF773340000-0x00007FF773694000-memory.dmp	xmrig
behavioral2/memory/4972-191-0x00007FF7E1DC0000-0x00007FF7E2114000-memory.dmp	xmrig
behavioral2/memory/376-190-0x00007FF7BA6E0000-0x00007FF7BAA34000-memory.dmp	xmrig
behavioral2/memory/3240-189-0x00007FF6E90C0000-0x00007FF6E9414000-memory.dmp	xmrig
behavioral2/files/0x000700000002427b-188.dat	xmrig
behavioral2/files/0x0007000000024276-186.dat	xmrig
behavioral2/files/0x000700000002427a-185.dat	xmrig
behavioral2/files/0x0007000000024272-183.dat	xmrig
behavioral2/files/0x0007000000024271-181.dat	xmrig
behavioral2/files/0x0007000000024279-180.dat	xmrig
behavioral2/memory/2708-176-0x00007FF740C40000-0x00007FF740F94000-memory.dmp	xmrig
behavioral2/files/0x0007000000024273-161.dat	xmrig
behavioral2/memory/3532-160-0x00007FF7B5080000-0x00007FF7B53D4000-memory.dmp	xmrig
behavioral2/memory/4908-159-0x00007FF7A2E40000-0x00007FF7A3194000-memory.dmp	xmrig
behavioral2/memory/4964-155-0x00007FF793CE0000-0x00007FF794034000-memory.dmp	xmrig
behavioral2/memory/4692-154-0x00007FF698690000-0x00007FF6989E4000-memory.dmp	xmrig
behavioral2/memory/4580-149-0x00007FF745C70000-0x00007FF745FC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024270-139.dat	xmrig
behavioral2/files/0x000700000002426d-121.dat	xmrig
behavioral2/files/0x000700000002426c-117.dat	xmrig
behavioral2/files/0x000700000002426b-115.dat	xmrig
behavioral2/files/0x0007000000024269-112.dat	xmrig
behavioral2/files/0x000700000002426a-109.dat	xmrig
behavioral2/memory/4668-102-0x00007FF606B70000-0x00007FF606EC4000-memory.dmp	xmrig
behavioral2/memory/1544-98-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	xmrig
behavioral2/memory/4468-86-0x00007FF780450000-0x00007FF7807A4000-memory.dmp	xmrig
behavioral2/memory/3744-85-0x00007FF7B05E0000-0x00007FF7B0934000-memory.dmp	xmrig
behavioral2/files/0x0007000000024264-77.dat	xmrig
behavioral2/memory/384-76-0x00007FF61E250000-0x00007FF61E5A4000-memory.dmp	xmrig
behavioral2/memory/3696-73-0x00007FF664910000-0x00007FF664C64000-memory.dmp	xmrig
behavioral2/memory/3748-72-0x00007FF75C120000-0x00007FF75C474000-memory.dmp	xmrig
behavioral2/memory/848-71-0x00007FF6A47A0000-0x00007FF6A4AF4000-memory.dmp	xmrig
behavioral2/memory/1624-68-0x00007FF720A40000-0x00007FF720D94000-memory.dmp	xmrig
behavioral2/memory/5320-61-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp	xmrig
behavioral2/memory/5952-54-0x00007FF7CE0D0000-0x00007FF7CE424000-memory.dmp	xmrig
behavioral2/memory/1516-49-0x00007FF69CEF0000-0x00007FF69D244000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4220	BMDclIq.exe
3748	YCFOhkP.exe
3696	TArrHGJ.exe
4892	oyYaCTk.exe
3528	LkrnQSg.exe
1544	VBRFLFs.exe
4004	qqTCrOG.exe
1516	DYomDNu.exe
5952	BUBXmbC.exe
1624	fsXyaQZ.exe
848	YRGiDDX.exe
384	lWOeyQU.exe
3744	aTPCywN.exe
4468	TrcTWCh.exe
4556	zPllNJS.exe
4580	HbXsuid.exe
4668	XEmFfiG.exe
4688	KHZhgjc.exe
4692	axBaTfZ.exe
4964	yIICavu.exe
4908	QwlWHPq.exe
3532	cEPqBPI.exe
2708	NAeIZzY.exe
3240	kxmypyY.exe
376	qNYGyXI.exe
4836	wDxoSMM.exe
4972	LvUhEOy.exe
5024	eynGVWO.exe
444	KHqfDhg.exe
3080	oxMidBE.exe
5308	MxZfEHX.exe
908	cBmwAEK.exe
3692	CZwMZgb.exe
4032	JfKXTzO.exe
1040	JtyUnhJ.exe
2156	jIAvBuj.exe
3512	PvpWWlv.exe
1064	XxMsKZL.exe
3376	fMxlFvT.exe
5648	qtOlBwk.exe
2176	GnfZMXt.exe
4360	VGqIERN.exe
1760	SqkPSTp.exe
1664	AyrcUUC.exe
3092	kkaJVYF.exe
5312	APjGaUu.exe
5660	asJomEX.exe
2744	baxLGPq.exe
5224	EIgxwEM.exe
6132	ADTkvxW.exe
944	WJdrOSR.exe
1852	xcjImSK.exe
4616	jTLEOOZ.exe
5556	JmHdVhY.exe
4948	VeitdMv.exe
1740	rdIPkIa.exe
3720	CgOFrGe.exe
5896	xYbZEzH.exe
1648	UbRFLRH.exe
4480	OwgkmsL.exe
5608	QWVjjXI.exe
708	FSAbyLW.exe
4640	mdvGRdp.exe
4224	chsKKNz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5320-0-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp	upx
behavioral2/files/0x0005000000023185-4.dat	upx
behavioral2/memory/4220-7-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp	upx
behavioral2/files/0x000800000002425b-10.dat	upx
behavioral2/files/0x000700000002425c-11.dat	upx
behavioral2/files/0x000700000002425d-23.dat	upx
behavioral2/files/0x000700000002425e-30.dat	upx
behavioral2/memory/3528-32-0x00007FF690230000-0x00007FF690584000-memory.dmp	upx
behavioral2/files/0x000700000002425f-35.dat	upx
behavioral2/files/0x0007000000024261-43.dat	upx
behavioral2/files/0x0007000000024262-56.dat	upx
behavioral2/files/0x0007000000024263-57.dat	upx
behavioral2/memory/4220-69-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp	upx
behavioral2/files/0x0008000000024259-74.dat	upx
behavioral2/files/0x0007000000024265-81.dat	upx
behavioral2/files/0x0007000000024267-84.dat	upx
behavioral2/files/0x0007000000024268-93.dat	upx
behavioral2/memory/4556-101-0x00007FF6911B0000-0x00007FF691504000-memory.dmp	upx
behavioral2/files/0x000700000002426e-127.dat	upx
behavioral2/files/0x000700000002426f-135.dat	upx
behavioral2/files/0x0007000000024274-164.dat	upx
behavioral2/files/0x0007000000024275-166.dat	upx
behavioral2/files/0x0007000000024278-179.dat	upx
behavioral2/memory/4004-193-0x00007FF7E3690000-0x00007FF7E39E4000-memory.dmp	upx
behavioral2/files/0x0007000000024277-197.dat	upx
behavioral2/memory/444-196-0x00007FF6DCEB0000-0x00007FF6DD204000-memory.dmp	upx
behavioral2/memory/4836-195-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp	upx
behavioral2/memory/4688-194-0x00007FF60F550000-0x00007FF60F8A4000-memory.dmp	upx
behavioral2/memory/5024-192-0x00007FF773340000-0x00007FF773694000-memory.dmp	upx
behavioral2/memory/4972-191-0x00007FF7E1DC0000-0x00007FF7E2114000-memory.dmp	upx
behavioral2/memory/376-190-0x00007FF7BA6E0000-0x00007FF7BAA34000-memory.dmp	upx
behavioral2/memory/3240-189-0x00007FF6E90C0000-0x00007FF6E9414000-memory.dmp	upx
behavioral2/files/0x000700000002427b-188.dat	upx
behavioral2/files/0x0007000000024276-186.dat	upx
behavioral2/files/0x000700000002427a-185.dat	upx
behavioral2/files/0x0007000000024272-183.dat	upx
behavioral2/files/0x0007000000024271-181.dat	upx
behavioral2/files/0x0007000000024279-180.dat	upx
behavioral2/memory/2708-176-0x00007FF740C40000-0x00007FF740F94000-memory.dmp	upx
behavioral2/files/0x0007000000024273-161.dat	upx
behavioral2/memory/3532-160-0x00007FF7B5080000-0x00007FF7B53D4000-memory.dmp	upx
behavioral2/memory/4908-159-0x00007FF7A2E40000-0x00007FF7A3194000-memory.dmp	upx
behavioral2/memory/4964-155-0x00007FF793CE0000-0x00007FF794034000-memory.dmp	upx
behavioral2/memory/4692-154-0x00007FF698690000-0x00007FF6989E4000-memory.dmp	upx
behavioral2/memory/4580-149-0x00007FF745C70000-0x00007FF745FC4000-memory.dmp	upx
behavioral2/files/0x0007000000024270-139.dat	upx
behavioral2/files/0x000700000002426d-121.dat	upx
behavioral2/files/0x000700000002426c-117.dat	upx
behavioral2/files/0x000700000002426b-115.dat	upx
behavioral2/files/0x0007000000024269-112.dat	upx
behavioral2/files/0x000700000002426a-109.dat	upx
behavioral2/memory/4668-102-0x00007FF606B70000-0x00007FF606EC4000-memory.dmp	upx
behavioral2/memory/1544-98-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	upx
behavioral2/memory/4468-86-0x00007FF780450000-0x00007FF7807A4000-memory.dmp	upx
behavioral2/memory/3744-85-0x00007FF7B05E0000-0x00007FF7B0934000-memory.dmp	upx
behavioral2/files/0x0007000000024264-77.dat	upx
behavioral2/memory/384-76-0x00007FF61E250000-0x00007FF61E5A4000-memory.dmp	upx
behavioral2/memory/3696-73-0x00007FF664910000-0x00007FF664C64000-memory.dmp	upx
behavioral2/memory/3748-72-0x00007FF75C120000-0x00007FF75C474000-memory.dmp	upx
behavioral2/memory/848-71-0x00007FF6A47A0000-0x00007FF6A4AF4000-memory.dmp	upx
behavioral2/memory/1624-68-0x00007FF720A40000-0x00007FF720D94000-memory.dmp	upx
behavioral2/memory/5320-61-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp	upx
behavioral2/memory/5952-54-0x00007FF7CE0D0000-0x00007FF7CE424000-memory.dmp	upx
behavioral2/memory/1516-49-0x00007FF69CEF0000-0x00007FF69D244000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NAeIZzY.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tjPlQMI.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\psxtFHj.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RSUuewp.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MwNvCyP.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mQhVvbn.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\INByWds.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VreaFmU.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jIAvBuj.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yCtSJjQ.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ybfyAgW.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fiHbZOT.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QwlWHPq.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DLBYvhb.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cfNorqe.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KxzaeTO.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PjAbTfE.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JyEsBDl.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TJAThun.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vWZXNKf.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Nkjufom.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MqwEoZJ.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UlpMYmT.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ntNzXXK.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NmyEpuX.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\igMmeco.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\INzkhly.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PvpWWlv.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ViMjdIv.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HMXBaKS.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FiCJtCG.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bEOQOBg.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NBXXMiM.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LaDrrdM.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lupfseq.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qmIbCOj.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ywQgNok.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dYfydNu.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RFSVAaP.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qlMOGyO.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ihxVEbF.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ilpqwfL.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gzGIaqj.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KHqfDhg.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yfolAOl.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DgtAsyr.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YwTuvoP.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OwgkmsL.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qFKkKJA.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qjZusQl.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AWSYvsi.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HnSJuKW.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mLGoJuB.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WKSrNgI.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hNMkZHe.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iVyvmpc.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PKAKYkR.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MWwvVVa.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\npzrYyu.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XecxifS.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QWMDbdu.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vnEVNRT.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VBRFLFs.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RGYLwLM.exe	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5320 wrote to memory of 4220	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5320 wrote to memory of 4220	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5320 wrote to memory of 3748	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5320 wrote to memory of 3748	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5320 wrote to memory of 3696	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5320 wrote to memory of 3696	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5320 wrote to memory of 4892	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5320 wrote to memory of 4892	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5320 wrote to memory of 3528	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5320 wrote to memory of 3528	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5320 wrote to memory of 1544	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5320 wrote to memory of 1544	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5320 wrote to memory of 4004	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5320 wrote to memory of 4004	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5320 wrote to memory of 1516	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5320 wrote to memory of 1516	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5320 wrote to memory of 5952	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5320 wrote to memory of 5952	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5320 wrote to memory of 1624	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5320 wrote to memory of 1624	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5320 wrote to memory of 848	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5320 wrote to memory of 848	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5320 wrote to memory of 384	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5320 wrote to memory of 384	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5320 wrote to memory of 3744	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5320 wrote to memory of 3744	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5320 wrote to memory of 4468	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5320 wrote to memory of 4468	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5320 wrote to memory of 4556	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5320 wrote to memory of 4556	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5320 wrote to memory of 4580	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5320 wrote to memory of 4580	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5320 wrote to memory of 4668	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5320 wrote to memory of 4668	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5320 wrote to memory of 4688	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5320 wrote to memory of 4688	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5320 wrote to memory of 4692	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5320 wrote to memory of 4692	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5320 wrote to memory of 4964	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5320 wrote to memory of 4964	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5320 wrote to memory of 4908	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5320 wrote to memory of 4908	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5320 wrote to memory of 3532	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5320 wrote to memory of 3532	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5320 wrote to memory of 2708	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5320 wrote to memory of 2708	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5320 wrote to memory of 3240	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5320 wrote to memory of 3240	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5320 wrote to memory of 376	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5320 wrote to memory of 376	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5320 wrote to memory of 4836	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5320 wrote to memory of 4836	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5320 wrote to memory of 4972	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5320 wrote to memory of 4972	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5320 wrote to memory of 5024	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5320 wrote to memory of 5024	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5320 wrote to memory of 444	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5320 wrote to memory of 444	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5320 wrote to memory of 3080	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5320 wrote to memory of 3080	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5320 wrote to memory of 5308	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5320 wrote to memory of 5308	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5320 wrote to memory of 908	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5320 wrote to memory of 908	5320	2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-28_337697db9f7d2b65bf91cb89fc763e7b_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5320
- C:\Windows\System\BMDclIq.exe
  C:\Windows\System\BMDclIq.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\YCFOhkP.exe
  C:\Windows\System\YCFOhkP.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\TArrHGJ.exe
  C:\Windows\System\TArrHGJ.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\oyYaCTk.exe
  C:\Windows\System\oyYaCTk.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\LkrnQSg.exe
  C:\Windows\System\LkrnQSg.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\VBRFLFs.exe
  C:\Windows\System\VBRFLFs.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\qqTCrOG.exe
  C:\Windows\System\qqTCrOG.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\DYomDNu.exe
  C:\Windows\System\DYomDNu.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\BUBXmbC.exe
  C:\Windows\System\BUBXmbC.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\fsXyaQZ.exe
  C:\Windows\System\fsXyaQZ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\YRGiDDX.exe
  C:\Windows\System\YRGiDDX.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\lWOeyQU.exe
  C:\Windows\System\lWOeyQU.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\aTPCywN.exe
  C:\Windows\System\aTPCywN.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\TrcTWCh.exe
  C:\Windows\System\TrcTWCh.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\zPllNJS.exe
  C:\Windows\System\zPllNJS.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\HbXsuid.exe
  C:\Windows\System\HbXsuid.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\XEmFfiG.exe
  C:\Windows\System\XEmFfiG.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\KHZhgjc.exe
  C:\Windows\System\KHZhgjc.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\axBaTfZ.exe
  C:\Windows\System\axBaTfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\yIICavu.exe
  C:\Windows\System\yIICavu.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\QwlWHPq.exe
  C:\Windows\System\QwlWHPq.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\cEPqBPI.exe
  C:\Windows\System\cEPqBPI.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\NAeIZzY.exe
  C:\Windows\System\NAeIZzY.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\kxmypyY.exe
  C:\Windows\System\kxmypyY.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\qNYGyXI.exe
  C:\Windows\System\qNYGyXI.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\wDxoSMM.exe
  C:\Windows\System\wDxoSMM.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\LvUhEOy.exe
  C:\Windows\System\LvUhEOy.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\eynGVWO.exe
  C:\Windows\System\eynGVWO.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\KHqfDhg.exe
  C:\Windows\System\KHqfDhg.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\oxMidBE.exe
  C:\Windows\System\oxMidBE.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\MxZfEHX.exe
  C:\Windows\System\MxZfEHX.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\cBmwAEK.exe
  C:\Windows\System\cBmwAEK.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\CZwMZgb.exe
  C:\Windows\System\CZwMZgb.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\JfKXTzO.exe
  C:\Windows\System\JfKXTzO.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\JtyUnhJ.exe
  C:\Windows\System\JtyUnhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\jIAvBuj.exe
  C:\Windows\System\jIAvBuj.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\PvpWWlv.exe
  C:\Windows\System\PvpWWlv.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\XxMsKZL.exe
  C:\Windows\System\XxMsKZL.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\fMxlFvT.exe
  C:\Windows\System\fMxlFvT.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\qtOlBwk.exe
  C:\Windows\System\qtOlBwk.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\GnfZMXt.exe
  C:\Windows\System\GnfZMXt.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VGqIERN.exe
  C:\Windows\System\VGqIERN.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\SqkPSTp.exe
  C:\Windows\System\SqkPSTp.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\AyrcUUC.exe
  C:\Windows\System\AyrcUUC.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\kkaJVYF.exe
  C:\Windows\System\kkaJVYF.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\APjGaUu.exe
  C:\Windows\System\APjGaUu.exe
  2⤵
  - Executes dropped EXE
  PID:5312
- C:\Windows\System\asJomEX.exe
  C:\Windows\System\asJomEX.exe
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Windows\System\baxLGPq.exe
  C:\Windows\System\baxLGPq.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\EIgxwEM.exe
  C:\Windows\System\EIgxwEM.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\ADTkvxW.exe
  C:\Windows\System\ADTkvxW.exe
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Windows\System\WJdrOSR.exe
  C:\Windows\System\WJdrOSR.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\xcjImSK.exe
  C:\Windows\System\xcjImSK.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\jTLEOOZ.exe
  C:\Windows\System\jTLEOOZ.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\JmHdVhY.exe
  C:\Windows\System\JmHdVhY.exe
  2⤵
  - Executes dropped EXE
  PID:5556
- C:\Windows\System\VeitdMv.exe
  C:\Windows\System\VeitdMv.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\rdIPkIa.exe
  C:\Windows\System\rdIPkIa.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\CgOFrGe.exe
  C:\Windows\System\CgOFrGe.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\xYbZEzH.exe
  C:\Windows\System\xYbZEzH.exe
  2⤵
  - Executes dropped EXE
  PID:5896
- C:\Windows\System\UbRFLRH.exe
  C:\Windows\System\UbRFLRH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\OwgkmsL.exe
  C:\Windows\System\OwgkmsL.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\QWVjjXI.exe
  C:\Windows\System\QWVjjXI.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\FSAbyLW.exe
  C:\Windows\System\FSAbyLW.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\mdvGRdp.exe
  C:\Windows\System\mdvGRdp.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\chsKKNz.exe
  C:\Windows\System\chsKKNz.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\bbRaYlG.exe
  C:\Windows\System\bbRaYlG.exe
  2⤵
  PID:3192
- C:\Windows\System\ELZtBet.exe
  C:\Windows\System\ELZtBet.exe
  2⤵
  PID:3004
- C:\Windows\System\VcvHPvd.exe
  C:\Windows\System\VcvHPvd.exe
  2⤵
  PID:4244
- C:\Windows\System\qOEhtnf.exe
  C:\Windows\System\qOEhtnf.exe
  2⤵
  PID:2660
- C:\Windows\System\HgbVbSD.exe
  C:\Windows\System\HgbVbSD.exe
  2⤵
  PID:2328
- C:\Windows\System\siWoDSZ.exe
  C:\Windows\System\siWoDSZ.exe
  2⤵
  PID:5548
- C:\Windows\System\qVCMJwB.exe
  C:\Windows\System\qVCMJwB.exe
  2⤵
  PID:5504
- C:\Windows\System\xfYbEcB.exe
  C:\Windows\System\xfYbEcB.exe
  2⤵
  PID:5116
- C:\Windows\System\FJdSkbz.exe
  C:\Windows\System\FJdSkbz.exe
  2⤵
  PID:5368
- C:\Windows\System\zTEwPZL.exe
  C:\Windows\System\zTEwPZL.exe
  2⤵
  PID:2828
- C:\Windows\System\tFeMLNf.exe
  C:\Windows\System\tFeMLNf.exe
  2⤵
  PID:4664
- C:\Windows\System\NmnczMt.exe
  C:\Windows\System\NmnczMt.exe
  2⤵
  PID:4780
- C:\Windows\System\jCXAhCv.exe
  C:\Windows\System\jCXAhCv.exe
  2⤵
  PID:3700
- C:\Windows\System\WBGahMz.exe
  C:\Windows\System\WBGahMz.exe
  2⤵
  PID:1700
- C:\Windows\System\GywHzzF.exe
  C:\Windows\System\GywHzzF.exe
  2⤵
  PID:1420
- C:\Windows\System\uAnpMzS.exe
  C:\Windows\System\uAnpMzS.exe
  2⤵
  PID:5884
- C:\Windows\System\WrAcduN.exe
  C:\Windows\System\WrAcduN.exe
  2⤵
  PID:3040
- C:\Windows\System\JfoyRYL.exe
  C:\Windows\System\JfoyRYL.exe
  2⤵
  PID:1372
- C:\Windows\System\SWyHjGk.exe
  C:\Windows\System\SWyHjGk.exe
  2⤵
  PID:2688
- C:\Windows\System\KgDcGsi.exe
  C:\Windows\System\KgDcGsi.exe
  2⤵
  PID:5844
- C:\Windows\System\pesZDoC.exe
  C:\Windows\System\pesZDoC.exe
  2⤵
  PID:1496
- C:\Windows\System\TnMqVrg.exe
  C:\Windows\System\TnMqVrg.exe
  2⤵
  PID:1848
- C:\Windows\System\yOiAbNY.exe
  C:\Windows\System\yOiAbNY.exe
  2⤵
  PID:3808
- C:\Windows\System\VzlZfog.exe
  C:\Windows\System\VzlZfog.exe
  2⤵
  PID:4304
- C:\Windows\System\QymwhfV.exe
  C:\Windows\System\QymwhfV.exe
  2⤵
  PID:2116
- C:\Windows\System\DeuyVMB.exe
  C:\Windows\System\DeuyVMB.exe
  2⤵
  PID:2572
- C:\Windows\System\APVqHod.exe
  C:\Windows\System\APVqHod.exe
  2⤵
  PID:1668
- C:\Windows\System\rYyzDhL.exe
  C:\Windows\System\rYyzDhL.exe
  2⤵
  PID:2672
- C:\Windows\System\CNhDjqI.exe
  C:\Windows\System\CNhDjqI.exe
  2⤵
  PID:844
- C:\Windows\System\hOQYoDi.exe
  C:\Windows\System\hOQYoDi.exe
  2⤵
  PID:2780
- C:\Windows\System\EaVGlMF.exe
  C:\Windows\System\EaVGlMF.exe
  2⤵
  PID:5948
- C:\Windows\System\cJvFjsk.exe
  C:\Windows\System\cJvFjsk.exe
  2⤵
  PID:2324
- C:\Windows\System\AjpYUlP.exe
  C:\Windows\System\AjpYUlP.exe
  2⤵
  PID:4136
- C:\Windows\System\RJKEAul.exe
  C:\Windows\System\RJKEAul.exe
  2⤵
  PID:5692
- C:\Windows\System\LZmbcYa.exe
  C:\Windows\System\LZmbcYa.exe
  2⤵
  PID:768
- C:\Windows\System\EqvnkqG.exe
  C:\Windows\System\EqvnkqG.exe
  2⤵
  PID:3740
- C:\Windows\System\kdHYxHu.exe
  C:\Windows\System\kdHYxHu.exe
  2⤵
  PID:5756
- C:\Windows\System\pdQEnFd.exe
  C:\Windows\System\pdQEnFd.exe
  2⤵
  PID:5412
- C:\Windows\System\wAtXdyV.exe
  C:\Windows\System\wAtXdyV.exe
  2⤵
  PID:5160
- C:\Windows\System\kFygWAF.exe
  C:\Windows\System\kFygWAF.exe
  2⤵
  PID:1696
- C:\Windows\System\MqwEoZJ.exe
  C:\Windows\System\MqwEoZJ.exe
  2⤵
  PID:2808
- C:\Windows\System\jXaLzMK.exe
  C:\Windows\System\jXaLzMK.exe
  2⤵
  PID:5748
- C:\Windows\System\hgSpNEM.exe
  C:\Windows\System\hgSpNEM.exe
  2⤵
  PID:6068
- C:\Windows\System\cymFkdt.exe
  C:\Windows\System\cymFkdt.exe
  2⤵
  PID:2248
- C:\Windows\System\xSGJNzl.exe
  C:\Windows\System\xSGJNzl.exe
  2⤵
  PID:5804
- C:\Windows\System\xKrYqjn.exe
  C:\Windows\System\xKrYqjn.exe
  2⤵
  PID:5956
- C:\Windows\System\hGQkJJn.exe
  C:\Windows\System\hGQkJJn.exe
  2⤵
  PID:1300
- C:\Windows\System\whncsqP.exe
  C:\Windows\System\whncsqP.exe
  2⤵
  PID:5032
- C:\Windows\System\phaOuEr.exe
  C:\Windows\System\phaOuEr.exe
  2⤵
  PID:4520
- C:\Windows\System\DfmPpfT.exe
  C:\Windows\System\DfmPpfT.exe
  2⤵
  PID:4820
- C:\Windows\System\ZGnNnaq.exe
  C:\Windows\System\ZGnNnaq.exe
  2⤵
  PID:1944
- C:\Windows\System\sHRLGOv.exe
  C:\Windows\System\sHRLGOv.exe
  2⤵
  PID:3016
- C:\Windows\System\mDEjGmh.exe
  C:\Windows\System\mDEjGmh.exe
  2⤵
  PID:1792
- C:\Windows\System\rgsiQdh.exe
  C:\Windows\System\rgsiQdh.exe
  2⤵
  PID:5344
- C:\Windows\System\oxYBYQx.exe
  C:\Windows\System\oxYBYQx.exe
  2⤵
  PID:6040
- C:\Windows\System\wUQYzXk.exe
  C:\Windows\System\wUQYzXk.exe
  2⤵
  PID:5780
- C:\Windows\System\NpJKTIC.exe
  C:\Windows\System\NpJKTIC.exe
  2⤵
  PID:1676
- C:\Windows\System\ylHDKnr.exe
  C:\Windows\System\ylHDKnr.exe
  2⤵
  PID:4592
- C:\Windows\System\XtwVtmJ.exe
  C:\Windows\System\XtwVtmJ.exe
  2⤵
  PID:5104
- C:\Windows\System\IbNwaRa.exe
  C:\Windows\System\IbNwaRa.exe
  2⤵
  PID:2916
- C:\Windows\System\xPRuJSi.exe
  C:\Windows\System\xPRuJSi.exe
  2⤵
  PID:4312
- C:\Windows\System\sgeoTjb.exe
  C:\Windows\System\sgeoTjb.exe
  2⤵
  PID:3560
- C:\Windows\System\xBCzjtI.exe
  C:\Windows\System\xBCzjtI.exe
  2⤵
  PID:5664
- C:\Windows\System\qmkIAbI.exe
  C:\Windows\System\qmkIAbI.exe
  2⤵
  PID:2748
- C:\Windows\System\wBCaryL.exe
  C:\Windows\System\wBCaryL.exe
  2⤵
  PID:3712
- C:\Windows\System\owZwjtN.exe
  C:\Windows\System\owZwjtN.exe
  2⤵
  PID:6156
- C:\Windows\System\vQHoiWk.exe
  C:\Windows\System\vQHoiWk.exe
  2⤵
  PID:6188
- C:\Windows\System\aQSGxvA.exe
  C:\Windows\System\aQSGxvA.exe
  2⤵
  PID:6216
- C:\Windows\System\KoZPRWh.exe
  C:\Windows\System\KoZPRWh.exe
  2⤵
  PID:6244
- C:\Windows\System\RFSVAaP.exe
  C:\Windows\System\RFSVAaP.exe
  2⤵
  PID:6276
- C:\Windows\System\wiYljhy.exe
  C:\Windows\System\wiYljhy.exe
  2⤵
  PID:6304
- C:\Windows\System\DLBYvhb.exe
  C:\Windows\System\DLBYvhb.exe
  2⤵
  PID:6344
- C:\Windows\System\zkIobWK.exe
  C:\Windows\System\zkIobWK.exe
  2⤵
  PID:6364
- C:\Windows\System\mCGLlvk.exe
  C:\Windows\System\mCGLlvk.exe
  2⤵
  PID:6392
- C:\Windows\System\yYQeyAS.exe
  C:\Windows\System\yYQeyAS.exe
  2⤵
  PID:6440
- C:\Windows\System\qnXRBvq.exe
  C:\Windows\System\qnXRBvq.exe
  2⤵
  PID:6464
- C:\Windows\System\JoUPiSR.exe
  C:\Windows\System\JoUPiSR.exe
  2⤵
  PID:6520
- C:\Windows\System\ABMYDuG.exe
  C:\Windows\System\ABMYDuG.exe
  2⤵
  PID:6540
- C:\Windows\System\obCfSEB.exe
  C:\Windows\System\obCfSEB.exe
  2⤵
  PID:6568
- C:\Windows\System\lJnBtVd.exe
  C:\Windows\System\lJnBtVd.exe
  2⤵
  PID:6612
- C:\Windows\System\LiZOXGS.exe
  C:\Windows\System\LiZOXGS.exe
  2⤵
  PID:6632
- C:\Windows\System\AbIfkbN.exe
  C:\Windows\System\AbIfkbN.exe
  2⤵
  PID:6660
- C:\Windows\System\VPorNGr.exe
  C:\Windows\System\VPorNGr.exe
  2⤵
  PID:6692
- C:\Windows\System\MOkNzpw.exe
  C:\Windows\System\MOkNzpw.exe
  2⤵
  PID:6720
- C:\Windows\System\rnEomYd.exe
  C:\Windows\System\rnEomYd.exe
  2⤵
  PID:6756
- C:\Windows\System\lUxVMSa.exe
  C:\Windows\System\lUxVMSa.exe
  2⤵
  PID:6776
- C:\Windows\System\mLGoJuB.exe
  C:\Windows\System\mLGoJuB.exe
  2⤵
  PID:6804
- C:\Windows\System\qeSRkQA.exe
  C:\Windows\System\qeSRkQA.exe
  2⤵
  PID:6852
- C:\Windows\System\kpGEfaE.exe
  C:\Windows\System\kpGEfaE.exe
  2⤵
  PID:6888
- C:\Windows\System\rBFsufB.exe
  C:\Windows\System\rBFsufB.exe
  2⤵
  PID:6916
- C:\Windows\System\BWOzwDb.exe
  C:\Windows\System\BWOzwDb.exe
  2⤵
  PID:6944
- C:\Windows\System\itwWBFc.exe
  C:\Windows\System\itwWBFc.exe
  2⤵
  PID:6976
- C:\Windows\System\bKisJlf.exe
  C:\Windows\System\bKisJlf.exe
  2⤵
  PID:7008
- C:\Windows\System\hZnwCIt.exe
  C:\Windows\System\hZnwCIt.exe
  2⤵
  PID:7032
- C:\Windows\System\aivIwFR.exe
  C:\Windows\System\aivIwFR.exe
  2⤵
  PID:7060
- C:\Windows\System\JwyrNQo.exe
  C:\Windows\System\JwyrNQo.exe
  2⤵
  PID:7088
- C:\Windows\System\LsuZbGp.exe
  C:\Windows\System\LsuZbGp.exe
  2⤵
  PID:7120
- C:\Windows\System\JtLFfzX.exe
  C:\Windows\System\JtLFfzX.exe
  2⤵
  PID:7148
- C:\Windows\System\BpvOQAr.exe
  C:\Windows\System\BpvOQAr.exe
  2⤵
  PID:6212
- C:\Windows\System\PrBOvhr.exe
  C:\Windows\System\PrBOvhr.exe
  2⤵
  PID:6268
- C:\Windows\System\OvHDaDQ.exe
  C:\Windows\System\OvHDaDQ.exe
  2⤵
  PID:636
- C:\Windows\System\VCUSTFQ.exe
  C:\Windows\System\VCUSTFQ.exe
  2⤵
  PID:3752
- C:\Windows\System\SJBnhBB.exe
  C:\Windows\System\SJBnhBB.exe
  2⤵
  PID:2816
- C:\Windows\System\eEMIGes.exe
  C:\Windows\System\eEMIGes.exe
  2⤵
  PID:1416
- C:\Windows\System\jOJOgqi.exe
  C:\Windows\System\jOJOgqi.exe
  2⤵
  PID:6352
- C:\Windows\System\EcSmtVT.exe
  C:\Windows\System\EcSmtVT.exe
  2⤵
  PID:2304
- C:\Windows\System\QxXrWCP.exe
  C:\Windows\System\QxXrWCP.exe
  2⤵
  PID:3644
- C:\Windows\System\rkoRUuw.exe
  C:\Windows\System\rkoRUuw.exe
  2⤵
  PID:6388
- C:\Windows\System\GsIujQs.exe
  C:\Windows\System\GsIujQs.exe
  2⤵
  PID:6452
- C:\Windows\System\oCpRbnA.exe
  C:\Windows\System\oCpRbnA.exe
  2⤵
  PID:6552
- C:\Windows\System\uadZYXI.exe
  C:\Windows\System\uadZYXI.exe
  2⤵
  PID:6620
- C:\Windows\System\hAmJoAK.exe
  C:\Windows\System\hAmJoAK.exe
  2⤵
  PID:6672
- C:\Windows\System\tjPlQMI.exe
  C:\Windows\System\tjPlQMI.exe
  2⤵
  PID:6768
- C:\Windows\System\OmXuGfG.exe
  C:\Windows\System\OmXuGfG.exe
  2⤵
  PID:6912
- C:\Windows\System\EnpRGnv.exe
  C:\Windows\System\EnpRGnv.exe
  2⤵
  PID:6988
- C:\Windows\System\OgmObHF.exe
  C:\Windows\System\OgmObHF.exe
  2⤵
  PID:7028
- C:\Windows\System\qaCXTUI.exe
  C:\Windows\System\qaCXTUI.exe
  2⤵
  PID:7136
- C:\Windows\System\UvsqkUz.exe
  C:\Windows\System\UvsqkUz.exe
  2⤵
  PID:6828
- C:\Windows\System\kWtEsPd.exe
  C:\Windows\System\kWtEsPd.exe
  2⤵
  PID:6232
- C:\Windows\System\BSCutAp.exe
  C:\Windows\System\BSCutAp.exe
  2⤵
  PID:2524
- C:\Windows\System\GRDSMdH.exe
  C:\Windows\System\GRDSMdH.exe
  2⤵
  PID:6320
- C:\Windows\System\IKQFaQi.exe
  C:\Windows\System\IKQFaQi.exe
  2⤵
  PID:6208
- C:\Windows\System\SXYXlwa.exe
  C:\Windows\System\SXYXlwa.exe
  2⤵
  PID:5988
- C:\Windows\System\MVlaKrW.exe
  C:\Windows\System\MVlaKrW.exe
  2⤵
  PID:3708
- C:\Windows\System\BEOVElb.exe
  C:\Windows\System\BEOVElb.exe
  2⤵
  PID:6536
- C:\Windows\System\pvewTyR.exe
  C:\Windows\System\pvewTyR.exe
  2⤵
  PID:6704
- C:\Windows\System\TrEeSGc.exe
  C:\Windows\System\TrEeSGc.exe
  2⤵
  PID:2112
- C:\Windows\System\NXRmlbs.exe
  C:\Windows\System\NXRmlbs.exe
  2⤵
  PID:7156
- C:\Windows\System\qIOxOXB.exe
  C:\Windows\System\qIOxOXB.exe
  2⤵
  PID:6836
- C:\Windows\System\wgLcvvd.exe
  C:\Windows\System\wgLcvvd.exe
  2⤵
  PID:6588
- C:\Windows\System\BfplyHK.exe
  C:\Windows\System\BfplyHK.exe
  2⤵
  PID:5332
- C:\Windows\System\AvwWEeZ.exe
  C:\Windows\System\AvwWEeZ.exe
  2⤵
  PID:6412
- C:\Windows\System\ujvOhlj.exe
  C:\Windows\System\ujvOhlj.exe
  2⤵
  PID:1916
- C:\Windows\System\UlpMYmT.exe
  C:\Windows\System\UlpMYmT.exe
  2⤵
  PID:6748
- C:\Windows\System\oJZcUuo.exe
  C:\Windows\System\oJZcUuo.exe
  2⤵
  PID:6872
- C:\Windows\System\RGYLwLM.exe
  C:\Windows\System\RGYLwLM.exe
  2⤵
  PID:4120
- C:\Windows\System\IReZBBx.exe
  C:\Windows\System\IReZBBx.exe
  2⤵
  PID:6328
- C:\Windows\System\WFKbyPI.exe
  C:\Windows\System\WFKbyPI.exe
  2⤵
  PID:6596
- C:\Windows\System\bEOQOBg.exe
  C:\Windows\System\bEOQOBg.exe
  2⤵
  PID:4848
- C:\Windows\System\ytDoMCI.exe
  C:\Windows\System\ytDoMCI.exe
  2⤵
  PID:2508
- C:\Windows\System\KWbOJnx.exe
  C:\Windows\System\KWbOJnx.exe
  2⤵
  PID:7180
- C:\Windows\System\VGoAOri.exe
  C:\Windows\System\VGoAOri.exe
  2⤵
  PID:7200
- C:\Windows\System\ABzOmRW.exe
  C:\Windows\System\ABzOmRW.exe
  2⤵
  PID:7228
- C:\Windows\System\oGQvlOA.exe
  C:\Windows\System\oGQvlOA.exe
  2⤵
  PID:7256
- C:\Windows\System\aMKfZmv.exe
  C:\Windows\System\aMKfZmv.exe
  2⤵
  PID:7288
- C:\Windows\System\EKZZOUS.exe
  C:\Windows\System\EKZZOUS.exe
  2⤵
  PID:7312
- C:\Windows\System\wXblxNJ.exe
  C:\Windows\System\wXblxNJ.exe
  2⤵
  PID:7344
- C:\Windows\System\NadRXhr.exe
  C:\Windows\System\NadRXhr.exe
  2⤵
  PID:7372
- C:\Windows\System\QYZgewg.exe
  C:\Windows\System\QYZgewg.exe
  2⤵
  PID:7396
- C:\Windows\System\YKNiwlJ.exe
  C:\Windows\System\YKNiwlJ.exe
  2⤵
  PID:7420
- C:\Windows\System\rkVqDSc.exe
  C:\Windows\System\rkVqDSc.exe
  2⤵
  PID:7460
- C:\Windows\System\LUsFiSK.exe
  C:\Windows\System\LUsFiSK.exe
  2⤵
  PID:7488
- C:\Windows\System\qFKkKJA.exe
  C:\Windows\System\qFKkKJA.exe
  2⤵
  PID:7516
- C:\Windows\System\KYsWNjo.exe
  C:\Windows\System\KYsWNjo.exe
  2⤵
  PID:7540
- C:\Windows\System\aqxxvVs.exe
  C:\Windows\System\aqxxvVs.exe
  2⤵
  PID:7568
- C:\Windows\System\TbWEPrL.exe
  C:\Windows\System\TbWEPrL.exe
  2⤵
  PID:7596
- C:\Windows\System\TbHZOyJ.exe
  C:\Windows\System\TbHZOyJ.exe
  2⤵
  PID:7624
- C:\Windows\System\DaNHBBZ.exe
  C:\Windows\System\DaNHBBZ.exe
  2⤵
  PID:7652
- C:\Windows\System\jWRlioF.exe
  C:\Windows\System\jWRlioF.exe
  2⤵
  PID:7680
- C:\Windows\System\yCtSJjQ.exe
  C:\Windows\System\yCtSJjQ.exe
  2⤵
  PID:7712
- C:\Windows\System\lxJyzHv.exe
  C:\Windows\System\lxJyzHv.exe
  2⤵
  PID:7736
- C:\Windows\System\ZaqwIps.exe
  C:\Windows\System\ZaqwIps.exe
  2⤵
  PID:7764
- C:\Windows\System\kUpNdxm.exe
  C:\Windows\System\kUpNdxm.exe
  2⤵
  PID:7792
- C:\Windows\System\Alvzzpm.exe
  C:\Windows\System\Alvzzpm.exe
  2⤵
  PID:7820
- C:\Windows\System\kcpaBst.exe
  C:\Windows\System\kcpaBst.exe
  2⤵
  PID:7848
- C:\Windows\System\rVDDYhk.exe
  C:\Windows\System\rVDDYhk.exe
  2⤵
  PID:7876
- C:\Windows\System\IVLyFwF.exe
  C:\Windows\System\IVLyFwF.exe
  2⤵
  PID:7908
- C:\Windows\System\UPPAVtG.exe
  C:\Windows\System\UPPAVtG.exe
  2⤵
  PID:7932
- C:\Windows\System\tPUqJvE.exe
  C:\Windows\System\tPUqJvE.exe
  2⤵
  PID:7964
- C:\Windows\System\aRAawQP.exe
  C:\Windows\System\aRAawQP.exe
  2⤵
  PID:7992
- C:\Windows\System\vrQWONR.exe
  C:\Windows\System\vrQWONR.exe
  2⤵
  PID:8016
- C:\Windows\System\sHpTknq.exe
  C:\Windows\System\sHpTknq.exe
  2⤵
  PID:8044
- C:\Windows\System\gSTvvuP.exe
  C:\Windows\System\gSTvvuP.exe
  2⤵
  PID:8072
- C:\Windows\System\tIHtIKL.exe
  C:\Windows\System\tIHtIKL.exe
  2⤵
  PID:8108
- C:\Windows\System\tHiyXzW.exe
  C:\Windows\System\tHiyXzW.exe
  2⤵
  PID:8136
- C:\Windows\System\WvuDGfk.exe
  C:\Windows\System\WvuDGfk.exe
  2⤵
  PID:8164
- C:\Windows\System\UnDkvce.exe
  C:\Windows\System\UnDkvce.exe
  2⤵
  PID:5356
- C:\Windows\System\VqwHddF.exe
  C:\Windows\System\VqwHddF.exe
  2⤵
  PID:7240
- C:\Windows\System\cfNorqe.exe
  C:\Windows\System\cfNorqe.exe
  2⤵
  PID:7280
- C:\Windows\System\uuWjfnx.exe
  C:\Windows\System\uuWjfnx.exe
  2⤵
  PID:7352
- C:\Windows\System\ChifbAF.exe
  C:\Windows\System\ChifbAF.exe
  2⤵
  PID:7440
- C:\Windows\System\fFMNbyf.exe
  C:\Windows\System\fFMNbyf.exe
  2⤵
  PID:7480
- C:\Windows\System\HFRaAtS.exe
  C:\Windows\System\HFRaAtS.exe
  2⤵
  PID:7536
- C:\Windows\System\yfolAOl.exe
  C:\Windows\System\yfolAOl.exe
  2⤵
  PID:7608
- C:\Windows\System\huYpMKa.exe
  C:\Windows\System\huYpMKa.exe
  2⤵
  PID:7748
- C:\Windows\System\ijeUkjV.exe
  C:\Windows\System\ijeUkjV.exe
  2⤵
  PID:7944
- C:\Windows\System\xcelPoX.exe
  C:\Windows\System\xcelPoX.exe
  2⤵
  PID:8068
- C:\Windows\System\zcHDjnr.exe
  C:\Windows\System\zcHDjnr.exe
  2⤵
  PID:8124
- C:\Windows\System\aRhImXX.exe
  C:\Windows\System\aRhImXX.exe
  2⤵
  PID:7252
- C:\Windows\System\zkKeQds.exe
  C:\Windows\System\zkKeQds.exe
  2⤵
  PID:7468
- C:\Windows\System\rHucMZx.exe
  C:\Windows\System\rHucMZx.exe
  2⤵
  PID:7564
- C:\Windows\System\gvnhEkf.exe
  C:\Windows\System\gvnhEkf.exe
  2⤵
  PID:7888
- C:\Windows\System\XYoLhEY.exe
  C:\Windows\System\XYoLhEY.exe
  2⤵
  PID:8176
- C:\Windows\System\pdiMlej.exe
  C:\Windows\System\pdiMlej.exe
  2⤵
  PID:7504
- C:\Windows\System\oLYHNOT.exe
  C:\Windows\System\oLYHNOT.exe
  2⤵
  PID:8096
- C:\Windows\System\EQVlEZA.exe
  C:\Windows\System\EQVlEZA.exe
  2⤵
  PID:7664
- C:\Windows\System\GKPVUBD.exe
  C:\Windows\System\GKPVUBD.exe
  2⤵
  PID:8212
- C:\Windows\System\puwPhCs.exe
  C:\Windows\System\puwPhCs.exe
  2⤵
  PID:8244
- C:\Windows\System\ClFmaWH.exe
  C:\Windows\System\ClFmaWH.exe
  2⤵
  PID:8268
- C:\Windows\System\vobxLDE.exe
  C:\Windows\System\vobxLDE.exe
  2⤵
  PID:8296
- C:\Windows\System\eQDssQi.exe
  C:\Windows\System\eQDssQi.exe
  2⤵
  PID:8328
- C:\Windows\System\RbWrgMf.exe
  C:\Windows\System\RbWrgMf.exe
  2⤵
  PID:8352
- C:\Windows\System\MWWohfB.exe
  C:\Windows\System\MWWohfB.exe
  2⤵
  PID:8384
- C:\Windows\System\YmlSilM.exe
  C:\Windows\System\YmlSilM.exe
  2⤵
  PID:8412
- C:\Windows\System\QASWKqR.exe
  C:\Windows\System\QASWKqR.exe
  2⤵
  PID:8440
- C:\Windows\System\fYYzBgT.exe
  C:\Windows\System\fYYzBgT.exe
  2⤵
  PID:8472
- C:\Windows\System\yVbEBmp.exe
  C:\Windows\System\yVbEBmp.exe
  2⤵
  PID:8496
- C:\Windows\System\PfTFyfC.exe
  C:\Windows\System\PfTFyfC.exe
  2⤵
  PID:8524
- C:\Windows\System\DiyjQxR.exe
  C:\Windows\System\DiyjQxR.exe
  2⤵
  PID:8552
- C:\Windows\System\DVsTmKn.exe
  C:\Windows\System\DVsTmKn.exe
  2⤵
  PID:8580
- C:\Windows\System\InrDntG.exe
  C:\Windows\System\InrDntG.exe
  2⤵
  PID:8616
- C:\Windows\System\QfEDIZT.exe
  C:\Windows\System\QfEDIZT.exe
  2⤵
  PID:8636
- C:\Windows\System\uVCJxnp.exe
  C:\Windows\System\uVCJxnp.exe
  2⤵
  PID:8672
- C:\Windows\System\quJOTYt.exe
  C:\Windows\System\quJOTYt.exe
  2⤵
  PID:8692
- C:\Windows\System\rIzHtfP.exe
  C:\Windows\System\rIzHtfP.exe
  2⤵
  PID:8720
- C:\Windows\System\YVSiTlg.exe
  C:\Windows\System\YVSiTlg.exe
  2⤵
  PID:8752
- C:\Windows\System\qjZusQl.exe
  C:\Windows\System\qjZusQl.exe
  2⤵
  PID:8784
- C:\Windows\System\qSNWypa.exe
  C:\Windows\System\qSNWypa.exe
  2⤵
  PID:8812
- C:\Windows\System\vdtHkDw.exe
  C:\Windows\System\vdtHkDw.exe
  2⤵
  PID:8840
- C:\Windows\System\unmkNar.exe
  C:\Windows\System\unmkNar.exe
  2⤵
  PID:8864
- C:\Windows\System\MXuvlkn.exe
  C:\Windows\System\MXuvlkn.exe
  2⤵
  PID:8892
- C:\Windows\System\nEiMASf.exe
  C:\Windows\System\nEiMASf.exe
  2⤵
  PID:8924
- C:\Windows\System\OxukYsf.exe
  C:\Windows\System\OxukYsf.exe
  2⤵
  PID:8944
- C:\Windows\System\XhqNubv.exe
  C:\Windows\System\XhqNubv.exe
  2⤵
  PID:8972
- C:\Windows\System\cdUBuff.exe
  C:\Windows\System\cdUBuff.exe
  2⤵
  PID:9000
- C:\Windows\System\muBmHxw.exe
  C:\Windows\System\muBmHxw.exe
  2⤵
  PID:9028
- C:\Windows\System\erZCtwF.exe
  C:\Windows\System\erZCtwF.exe
  2⤵
  PID:9056
- C:\Windows\System\cELXGbF.exe
  C:\Windows\System\cELXGbF.exe
  2⤵
  PID:9092
- C:\Windows\System\hlzhWjB.exe
  C:\Windows\System\hlzhWjB.exe
  2⤵
  PID:9112
- C:\Windows\System\LVljosB.exe
  C:\Windows\System\LVljosB.exe
  2⤵
  PID:9148
- C:\Windows\System\vWZXNKf.exe
  C:\Windows\System\vWZXNKf.exe
  2⤵
  PID:9176
- C:\Windows\System\PCXlVNI.exe
  C:\Windows\System\PCXlVNI.exe
  2⤵
  PID:9204
- C:\Windows\System\xfbEWXL.exe
  C:\Windows\System\xfbEWXL.exe
  2⤵
  PID:8204
- C:\Windows\System\MBzXCsu.exe
  C:\Windows\System\MBzXCsu.exe
  2⤵
  PID:8264
- C:\Windows\System\yXmqIrm.exe
  C:\Windows\System\yXmqIrm.exe
  2⤵
  PID:8344
- C:\Windows\System\ishsVEI.exe
  C:\Windows\System\ishsVEI.exe
  2⤵
  PID:8404
- C:\Windows\System\qsjBJRs.exe
  C:\Windows\System\qsjBJRs.exe
  2⤵
  PID:8460
- C:\Windows\System\lbVPtgi.exe
  C:\Windows\System\lbVPtgi.exe
  2⤵
  PID:8536
- C:\Windows\System\eumZjMJ.exe
  C:\Windows\System\eumZjMJ.exe
  2⤵
  PID:8604
- C:\Windows\System\vJfZrbm.exe
  C:\Windows\System\vJfZrbm.exe
  2⤵
  PID:8680
- C:\Windows\System\YNeclrR.exe
  C:\Windows\System\YNeclrR.exe
  2⤵
  PID:8716
- C:\Windows\System\FYDfFQL.exe
  C:\Windows\System\FYDfFQL.exe
  2⤵
  PID:8792
- C:\Windows\System\HrZxmvp.exe
  C:\Windows\System\HrZxmvp.exe
  2⤵
  PID:8852
- C:\Windows\System\PzpqYSV.exe
  C:\Windows\System\PzpqYSV.exe
  2⤵
  PID:8912
- C:\Windows\System\yUKwlNS.exe
  C:\Windows\System\yUKwlNS.exe
  2⤵
  PID:8984
- C:\Windows\System\PIDOjVz.exe
  C:\Windows\System\PIDOjVz.exe
  2⤵
  PID:9048
- C:\Windows\System\TJhiIfk.exe
  C:\Windows\System\TJhiIfk.exe
  2⤵
  PID:9108
- C:\Windows\System\gJvoCuQ.exe
  C:\Windows\System\gJvoCuQ.exe
  2⤵
  PID:9184
- C:\Windows\System\eZpiVGl.exe
  C:\Windows\System\eZpiVGl.exe
  2⤵
  PID:8260
- C:\Windows\System\TbBsQgf.exe
  C:\Windows\System\TbBsQgf.exe
  2⤵
  PID:8396
- C:\Windows\System\dUkYHuW.exe
  C:\Windows\System\dUkYHuW.exe
  2⤵
  PID:8548
- C:\Windows\System\LIBrTgy.exe
  C:\Windows\System\LIBrTgy.exe
  2⤵
  PID:8704
- C:\Windows\System\yuIxGCm.exe
  C:\Windows\System\yuIxGCm.exe
  2⤵
  PID:8904
- C:\Windows\System\onVHtLL.exe
  C:\Windows\System\onVHtLL.exe
  2⤵
  PID:9012
- C:\Windows\System\AovFiNr.exe
  C:\Windows\System\AovFiNr.exe
  2⤵
  PID:9160
- C:\Windows\System\LPuxUbO.exe
  C:\Windows\System\LPuxUbO.exe
  2⤵
  PID:8380
- C:\Windows\System\WKSrNgI.exe
  C:\Windows\System\WKSrNgI.exe
  2⤵
  PID:8768
- C:\Windows\System\Zkqptuh.exe
  C:\Windows\System\Zkqptuh.exe
  2⤵
  PID:9104
- C:\Windows\System\CWAKKyY.exe
  C:\Windows\System\CWAKKyY.exe
  2⤵
  PID:9076
- C:\Windows\System\vyFufsc.exe
  C:\Windows\System\vyFufsc.exe
  2⤵
  PID:5028
- C:\Windows\System\agkJICH.exe
  C:\Windows\System\agkJICH.exe
  2⤵
  PID:4128
- C:\Windows\System\BmlQmNt.exe
  C:\Windows\System\BmlQmNt.exe
  2⤵
  PID:4696
- C:\Windows\System\qfgvJDb.exe
  C:\Windows\System\qfgvJDb.exe
  2⤵
  PID:4100
- C:\Windows\System\ezoxBoX.exe
  C:\Windows\System\ezoxBoX.exe
  2⤵
  PID:9220
- C:\Windows\System\fETObqr.exe
  C:\Windows\System\fETObqr.exe
  2⤵
  PID:9240
- C:\Windows\System\hNMkZHe.exe
  C:\Windows\System\hNMkZHe.exe
  2⤵
  PID:9268
- C:\Windows\System\yBbkyPW.exe
  C:\Windows\System\yBbkyPW.exe
  2⤵
  PID:9296
- C:\Windows\System\LfziIbx.exe
  C:\Windows\System\LfziIbx.exe
  2⤵
  PID:9324
- C:\Windows\System\dxbuBjg.exe
  C:\Windows\System\dxbuBjg.exe
  2⤵
  PID:9360
- C:\Windows\System\rNyIYEx.exe
  C:\Windows\System\rNyIYEx.exe
  2⤵
  PID:9380
- C:\Windows\System\bvCIEaY.exe
  C:\Windows\System\bvCIEaY.exe
  2⤵
  PID:9412
- C:\Windows\System\GGOcdTI.exe
  C:\Windows\System\GGOcdTI.exe
  2⤵
  PID:9436
- C:\Windows\System\Obhlqod.exe
  C:\Windows\System\Obhlqod.exe
  2⤵
  PID:9468
- C:\Windows\System\zQrvkSu.exe
  C:\Windows\System\zQrvkSu.exe
  2⤵
  PID:9496
- C:\Windows\System\nzcSQee.exe
  C:\Windows\System\nzcSQee.exe
  2⤵
  PID:9520
- C:\Windows\System\levcQAc.exe
  C:\Windows\System\levcQAc.exe
  2⤵
  PID:9552
- C:\Windows\System\IKmaiXB.exe
  C:\Windows\System\IKmaiXB.exe
  2⤵
  PID:9576
- C:\Windows\System\OMHkfqW.exe
  C:\Windows\System\OMHkfqW.exe
  2⤵
  PID:9604
- C:\Windows\System\pZwjzDX.exe
  C:\Windows\System\pZwjzDX.exe
  2⤵
  PID:9632
- C:\Windows\System\WyabyGd.exe
  C:\Windows\System\WyabyGd.exe
  2⤵
  PID:9660
- C:\Windows\System\xHTSfan.exe
  C:\Windows\System\xHTSfan.exe
  2⤵
  PID:9688
- C:\Windows\System\mgDiqIj.exe
  C:\Windows\System\mgDiqIj.exe
  2⤵
  PID:9716
- C:\Windows\System\dPKmEQL.exe
  C:\Windows\System\dPKmEQL.exe
  2⤵
  PID:9744
- C:\Windows\System\kktjogk.exe
  C:\Windows\System\kktjogk.exe
  2⤵
  PID:9772
- C:\Windows\System\BYCWmQc.exe
  C:\Windows\System\BYCWmQc.exe
  2⤵
  PID:9800
- C:\Windows\System\obfBLal.exe
  C:\Windows\System\obfBLal.exe
  2⤵
  PID:9828
- C:\Windows\System\KxzaeTO.exe
  C:\Windows\System\KxzaeTO.exe
  2⤵
  PID:9856
- C:\Windows\System\YLQFuZN.exe
  C:\Windows\System\YLQFuZN.exe
  2⤵
  PID:9900
- C:\Windows\System\OOJKSXI.exe
  C:\Windows\System\OOJKSXI.exe
  2⤵
  PID:9924
- C:\Windows\System\PZuigyr.exe
  C:\Windows\System\PZuigyr.exe
  2⤵
  PID:9956
- C:\Windows\System\ledDjpH.exe
  C:\Windows\System\ledDjpH.exe
  2⤵
  PID:9980
- C:\Windows\System\xOLSSuN.exe
  C:\Windows\System\xOLSSuN.exe
  2⤵
  PID:9996
- C:\Windows\System\jpyeBTY.exe
  C:\Windows\System\jpyeBTY.exe
  2⤵
  PID:10036
- C:\Windows\System\unmlBXY.exe
  C:\Windows\System\unmlBXY.exe
  2⤵
  PID:10064
- C:\Windows\System\IkmTRMJ.exe
  C:\Windows\System\IkmTRMJ.exe
  2⤵
  PID:10100
- C:\Windows\System\tMpvzoo.exe
  C:\Windows\System\tMpvzoo.exe
  2⤵
  PID:10136
- C:\Windows\System\iTQhHsL.exe
  C:\Windows\System\iTQhHsL.exe
  2⤵
  PID:10156
- C:\Windows\System\exTICuY.exe
  C:\Windows\System\exTICuY.exe
  2⤵
  PID:10188
- C:\Windows\System\ikJSUdy.exe
  C:\Windows\System\ikJSUdy.exe
  2⤵
  PID:10212
- C:\Windows\System\rXIcdIT.exe
  C:\Windows\System\rXIcdIT.exe
  2⤵
  PID:9232
- C:\Windows\System\fFVYOnQ.exe
  C:\Windows\System\fFVYOnQ.exe
  2⤵
  PID:9280
- C:\Windows\System\WQVgqaH.exe
  C:\Windows\System\WQVgqaH.exe
  2⤵
  PID:9368
- C:\Windows\System\VvVjush.exe
  C:\Windows\System\VvVjush.exe
  2⤵
  PID:9432
- C:\Windows\System\cnBQpKr.exe
  C:\Windows\System\cnBQpKr.exe
  2⤵
  PID:9484
- C:\Windows\System\KkRoYuZ.exe
  C:\Windows\System\KkRoYuZ.exe
  2⤵
  PID:9544
- C:\Windows\System\dvvpMhY.exe
  C:\Windows\System\dvvpMhY.exe
  2⤵
  PID:9600
- C:\Windows\System\HjHWwdO.exe
  C:\Windows\System\HjHWwdO.exe
  2⤵
  PID:9672
- C:\Windows\System\DkLJpuT.exe
  C:\Windows\System\DkLJpuT.exe
  2⤵
  PID:9736
- C:\Windows\System\qWMOxci.exe
  C:\Windows\System\qWMOxci.exe
  2⤵
  PID:9792
- C:\Windows\System\ecJqnLZ.exe
  C:\Windows\System\ecJqnLZ.exe
  2⤵
  PID:9848
- C:\Windows\System\yfzRNJP.exe
  C:\Windows\System\yfzRNJP.exe
  2⤵
  PID:9948
- C:\Windows\System\xiwsSwa.exe
  C:\Windows\System\xiwsSwa.exe
  2⤵
  PID:9992
- C:\Windows\System\qlMOGyO.exe
  C:\Windows\System\qlMOGyO.exe
  2⤵
  PID:10060
- C:\Windows\System\VSGwbqX.exe
  C:\Windows\System\VSGwbqX.exe
  2⤵
  PID:10108
- C:\Windows\System\gJMLepV.exe
  C:\Windows\System\gJMLepV.exe
  2⤵
  PID:10176
- C:\Windows\System\NuSRsoh.exe
  C:\Windows\System\NuSRsoh.exe
  2⤵
  PID:10236
- C:\Windows\System\vCxuEjE.exe
  C:\Windows\System\vCxuEjE.exe
  2⤵
  PID:9400
- C:\Windows\System\zcrmOGN.exe
  C:\Windows\System\zcrmOGN.exe
  2⤵
  PID:9568
- C:\Windows\System\MfWEJYr.exe
  C:\Windows\System\MfWEJYr.exe
  2⤵
  PID:9712
- C:\Windows\System\bTfdPMv.exe
  C:\Windows\System\bTfdPMv.exe
  2⤵
  PID:9840
- C:\Windows\System\rigWhne.exe
  C:\Windows\System\rigWhne.exe
  2⤵
  PID:9988
- C:\Windows\System\SQQXYgy.exe
  C:\Windows\System\SQQXYgy.exe
  2⤵
  PID:10144
- C:\Windows\System\psxtFHj.exe
  C:\Windows\System\psxtFHj.exe
  2⤵
  PID:9344
- C:\Windows\System\vvQCHGl.exe
  C:\Windows\System\vvQCHGl.exe
  2⤵
  PID:9652
- C:\Windows\System\SfOGWNi.exe
  C:\Windows\System\SfOGWNi.exe
  2⤵
  PID:10116
- C:\Windows\System\mfGzbMw.exe
  C:\Windows\System\mfGzbMw.exe
  2⤵
  PID:9656
- C:\Windows\System\sWqfPud.exe
  C:\Windows\System\sWqfPud.exe
  2⤵
  PID:9972
- C:\Windows\System\QxyZMfx.exe
  C:\Windows\System\QxyZMfx.exe
  2⤵
  PID:10268
- C:\Windows\System\uKHWJYC.exe
  C:\Windows\System\uKHWJYC.exe
  2⤵
  PID:10292
- C:\Windows\System\NzSygQX.exe
  C:\Windows\System\NzSygQX.exe
  2⤵
  PID:10312
- C:\Windows\System\rTVwZVl.exe
  C:\Windows\System\rTVwZVl.exe
  2⤵
  PID:10344
- C:\Windows\System\lnkpLRW.exe
  C:\Windows\System\lnkpLRW.exe
  2⤵
  PID:10376
- C:\Windows\System\vulvTRC.exe
  C:\Windows\System\vulvTRC.exe
  2⤵
  PID:10404
- C:\Windows\System\uOQhHQE.exe
  C:\Windows\System\uOQhHQE.exe
  2⤵
  PID:10428
- C:\Windows\System\dqNPgiV.exe
  C:\Windows\System\dqNPgiV.exe
  2⤵
  PID:10452
- C:\Windows\System\RmjrPMM.exe
  C:\Windows\System\RmjrPMM.exe
  2⤵
  PID:10480
- C:\Windows\System\gVXFZDi.exe
  C:\Windows\System\gVXFZDi.exe
  2⤵
  PID:10508
- C:\Windows\System\PKAKYkR.exe
  C:\Windows\System\PKAKYkR.exe
  2⤵
  PID:10536
- C:\Windows\System\DjfJiRl.exe
  C:\Windows\System\DjfJiRl.exe
  2⤵
  PID:10568
- C:\Windows\System\MiBsNnu.exe
  C:\Windows\System\MiBsNnu.exe
  2⤵
  PID:10592
- C:\Windows\System\WOSUBkp.exe
  C:\Windows\System\WOSUBkp.exe
  2⤵
  PID:10620
- C:\Windows\System\EgEaHHI.exe
  C:\Windows\System\EgEaHHI.exe
  2⤵
  PID:10648
- C:\Windows\System\IQoVdKF.exe
  C:\Windows\System\IQoVdKF.exe
  2⤵
  PID:10676
- C:\Windows\System\vrQRPBx.exe
  C:\Windows\System\vrQRPBx.exe
  2⤵
  PID:10708
- C:\Windows\System\RkolCwi.exe
  C:\Windows\System\RkolCwi.exe
  2⤵
  PID:10764
- C:\Windows\System\KGmbPpP.exe
  C:\Windows\System\KGmbPpP.exe
  2⤵
  PID:10792
- C:\Windows\System\CdBCVqt.exe
  C:\Windows\System\CdBCVqt.exe
  2⤵
  PID:10828
- C:\Windows\System\LXQtume.exe
  C:\Windows\System\LXQtume.exe
  2⤵
  PID:10860
- C:\Windows\System\KjLtFCL.exe
  C:\Windows\System\KjLtFCL.exe
  2⤵
  PID:10900
- C:\Windows\System\pZiHuCl.exe
  C:\Windows\System\pZiHuCl.exe
  2⤵
  PID:10932
- C:\Windows\System\FDWvJOK.exe
  C:\Windows\System\FDWvJOK.exe
  2⤵
  PID:10960
- C:\Windows\System\GwjVQpS.exe
  C:\Windows\System\GwjVQpS.exe
  2⤵
  PID:10988
- C:\Windows\System\SMGXJOS.exe
  C:\Windows\System\SMGXJOS.exe
  2⤵
  PID:11028
- C:\Windows\System\bkUecta.exe
  C:\Windows\System\bkUecta.exe
  2⤵
  PID:11048
- C:\Windows\System\MILsPsQ.exe
  C:\Windows\System\MILsPsQ.exe
  2⤵
  PID:11080
- C:\Windows\System\lxGXewj.exe
  C:\Windows\System\lxGXewj.exe
  2⤵
  PID:11108
- C:\Windows\System\KhbnXdL.exe
  C:\Windows\System\KhbnXdL.exe
  2⤵
  PID:11144
- C:\Windows\System\CvGKCGD.exe
  C:\Windows\System\CvGKCGD.exe
  2⤵
  PID:11164
- C:\Windows\System\XUmqVll.exe
  C:\Windows\System\XUmqVll.exe
  2⤵
  PID:11196
- C:\Windows\System\QdPdIzE.exe
  C:\Windows\System\QdPdIzE.exe
  2⤵
  PID:11224
- C:\Windows\System\CyVpXbl.exe
  C:\Windows\System\CyVpXbl.exe
  2⤵
  PID:11256
- C:\Windows\System\oQxycRt.exe
  C:\Windows\System\oQxycRt.exe
  2⤵
  PID:10276
- C:\Windows\System\FYCPWyt.exe
  C:\Windows\System\FYCPWyt.exe
  2⤵
  PID:10336
- C:\Windows\System\GDeiSLz.exe
  C:\Windows\System\GDeiSLz.exe
  2⤵
  PID:10396
- C:\Windows\System\NBXXMiM.exe
  C:\Windows\System\NBXXMiM.exe
  2⤵
  PID:10448
- C:\Windows\System\OTgnnQN.exe
  C:\Windows\System\OTgnnQN.exe
  2⤵
  PID:1068
- C:\Windows\System\HVXXGUa.exe
  C:\Windows\System\HVXXGUa.exe
  2⤵
  PID:10560
- C:\Windows\System\iUEgien.exe
  C:\Windows\System\iUEgien.exe
  2⤵
  PID:10640
- C:\Windows\System\HVupWIH.exe
  C:\Windows\System\HVupWIH.exe
  2⤵
  PID:10688
- C:\Windows\System\gJEPlfV.exe
  C:\Windows\System\gJEPlfV.exe
  2⤵
  PID:1368
- C:\Windows\System\fGmTPlv.exe
  C:\Windows\System\fGmTPlv.exe
  2⤵
  PID:10788
- C:\Windows\System\ZAxuKRa.exe
  C:\Windows\System\ZAxuKRa.exe
  2⤵
  PID:10836
- C:\Windows\System\OgvALIV.exe
  C:\Windows\System\OgvALIV.exe
  2⤵
  PID:10924
- C:\Windows\System\cqWkDgM.exe
  C:\Windows\System\cqWkDgM.exe
  2⤵
  PID:10984
- C:\Windows\System\PzxOdjH.exe
  C:\Windows\System\PzxOdjH.exe
  2⤵
  PID:11060
- C:\Windows\System\jyuUcDk.exe
  C:\Windows\System\jyuUcDk.exe
  2⤵
  PID:11128
- C:\Windows\System\fDnxLOX.exe
  C:\Windows\System\fDnxLOX.exe
  2⤵
  PID:11176
- C:\Windows\System\XerFvWf.exe
  C:\Windows\System\XerFvWf.exe
  2⤵
  PID:11236
- C:\Windows\System\MwNvCyP.exe
  C:\Windows\System\MwNvCyP.exe
  2⤵
  PID:10308
- C:\Windows\System\imXOUHq.exe
  C:\Windows\System\imXOUHq.exe
  2⤵
  PID:10444
- C:\Windows\System\wVGToFp.exe
  C:\Windows\System\wVGToFp.exe
  2⤵
  PID:10588
- C:\Windows\System\AScgQjz.exe
  C:\Windows\System\AScgQjz.exe
  2⤵
  PID:10700
- C:\Windows\System\yIdurCP.exe
  C:\Windows\System\yIdurCP.exe
  2⤵
  PID:2104
- C:\Windows\System\GSgCpuM.exe
  C:\Windows\System\GSgCpuM.exe
  2⤵
  PID:10972
- C:\Windows\System\assIEfQ.exe
  C:\Windows\System\assIEfQ.exe
  2⤵
  PID:1744
- C:\Windows\System\HDmxsoW.exe
  C:\Windows\System\HDmxsoW.exe
  2⤵
  PID:11216
- C:\Windows\System\cavdmHK.exe
  C:\Windows\System\cavdmHK.exe
  2⤵
  PID:1932
- C:\Windows\System\qQTtvYj.exe
  C:\Windows\System\qQTtvYj.exe
  2⤵
  PID:10668
- C:\Windows\System\yIporeQ.exe
  C:\Windows\System\yIporeQ.exe
  2⤵
  PID:10952
- C:\Windows\System\mFSNAqF.exe
  C:\Windows\System\mFSNAqF.exe
  2⤵
  PID:10252
- C:\Windows\System\lLEVhWX.exe
  C:\Windows\System\lLEVhWX.exe
  2⤵
  PID:10556
- C:\Windows\System\fKRNaMi.exe
  C:\Windows\System\fKRNaMi.exe
  2⤵
  PID:684
- C:\Windows\System\PBxqUVa.exe
  C:\Windows\System\PBxqUVa.exe
  2⤵
  PID:3656
- C:\Windows\System\FQyslyU.exe
  C:\Windows\System\FQyslyU.exe
  2⤵
  PID:11284
- C:\Windows\System\RhQpuss.exe
  C:\Windows\System\RhQpuss.exe
  2⤵
  PID:11312
- C:\Windows\System\uEMPiLJ.exe
  C:\Windows\System\uEMPiLJ.exe
  2⤵
  PID:11340
- C:\Windows\System\dTMNKdX.exe
  C:\Windows\System\dTMNKdX.exe
  2⤵
  PID:11360
- C:\Windows\System\uWNHykx.exe
  C:\Windows\System\uWNHykx.exe
  2⤵
  PID:11396
- C:\Windows\System\uLOJTNn.exe
  C:\Windows\System\uLOJTNn.exe
  2⤵
  PID:11424
- C:\Windows\System\ZNxTmTf.exe
  C:\Windows\System\ZNxTmTf.exe
  2⤵
  PID:11464
- C:\Windows\System\PZEEEdk.exe
  C:\Windows\System\PZEEEdk.exe
  2⤵
  PID:11520
- C:\Windows\System\mElvWPf.exe
  C:\Windows\System\mElvWPf.exe
  2⤵
  PID:11548
- C:\Windows\System\bOulnWU.exe
  C:\Windows\System\bOulnWU.exe
  2⤵
  PID:11576
- C:\Windows\System\lQmyuaW.exe
  C:\Windows\System\lQmyuaW.exe
  2⤵
  PID:11604
- C:\Windows\System\BubquIA.exe
  C:\Windows\System\BubquIA.exe
  2⤵
  PID:11632
- C:\Windows\System\UpFxTlU.exe
  C:\Windows\System\UpFxTlU.exe
  2⤵
  PID:11668
- C:\Windows\System\ikDhoKQ.exe
  C:\Windows\System\ikDhoKQ.exe
  2⤵
  PID:11732
- C:\Windows\System\ZESwKtM.exe
  C:\Windows\System\ZESwKtM.exe
  2⤵
  PID:11784
- C:\Windows\System\MWwvVVa.exe
  C:\Windows\System\MWwvVVa.exe
  2⤵
  PID:11832
- C:\Windows\System\uviczoP.exe
  C:\Windows\System\uviczoP.exe
  2⤵
  PID:11860
- C:\Windows\System\wzEKdiP.exe
  C:\Windows\System\wzEKdiP.exe
  2⤵
  PID:11888
- C:\Windows\System\hwmFZHR.exe
  C:\Windows\System\hwmFZHR.exe
  2⤵
  PID:11920
- C:\Windows\System\DDGJedm.exe
  C:\Windows\System\DDGJedm.exe
  2⤵
  PID:11952
- C:\Windows\System\fwFFuCm.exe
  C:\Windows\System\fwFFuCm.exe
  2⤵
  PID:11988
- C:\Windows\System\qKcGoZn.exe
  C:\Windows\System\qKcGoZn.exe
  2⤵
  PID:12052
- C:\Windows\System\npzrYyu.exe
  C:\Windows\System\npzrYyu.exe
  2⤵
  PID:12092
- C:\Windows\System\gIeutxZ.exe
  C:\Windows\System\gIeutxZ.exe
  2⤵
  PID:12136
- C:\Windows\System\QzXGeuk.exe
  C:\Windows\System\QzXGeuk.exe
  2⤵
  PID:12192
- C:\Windows\System\mWyOZYo.exe
  C:\Windows\System\mWyOZYo.exe
  2⤵
  PID:12224
- C:\Windows\System\etsLiVR.exe
  C:\Windows\System\etsLiVR.exe
  2⤵
  PID:12244
- C:\Windows\System\UVsAyRo.exe
  C:\Windows\System\UVsAyRo.exe
  2⤵
  PID:12272
- C:\Windows\System\RVRJPcw.exe
  C:\Windows\System\RVRJPcw.exe
  2⤵
  PID:11300
- C:\Windows\System\Nqtfqfa.exe
  C:\Windows\System\Nqtfqfa.exe
  2⤵
  PID:11348
- C:\Windows\System\WXvwedf.exe
  C:\Windows\System\WXvwedf.exe
  2⤵
  PID:11416
- C:\Windows\System\lSVstbj.exe
  C:\Windows\System\lSVstbj.exe
  2⤵
  PID:11532
- C:\Windows\System\CHLgIeB.exe
  C:\Windows\System\CHLgIeB.exe
  2⤵
  PID:10736
- C:\Windows\System\FHUUusj.exe
  C:\Windows\System\FHUUusj.exe
  2⤵
  PID:11560
- C:\Windows\System\nVoLqTF.exe
  C:\Windows\System\nVoLqTF.exe
  2⤵
  PID:11644
- C:\Windows\System\TCjfduK.exe
  C:\Windows\System\TCjfduK.exe
  2⤵
  PID:11652
- C:\Windows\System\sTjloCc.exe
  C:\Windows\System\sTjloCc.exe
  2⤵
  PID:11780
- C:\Windows\System\uNMOJLY.exe
  C:\Windows\System\uNMOJLY.exe
  2⤵
  PID:11880
- C:\Windows\System\TphkAjC.exe
  C:\Windows\System\TphkAjC.exe
  2⤵
  PID:11944
- C:\Windows\System\RMnORSB.exe
  C:\Windows\System\RMnORSB.exe
  2⤵
  PID:12044
- C:\Windows\System\AXXGEzo.exe
  C:\Windows\System\AXXGEzo.exe
  2⤵
  PID:12016
- C:\Windows\System\bFyGdvv.exe
  C:\Windows\System\bFyGdvv.exe
  2⤵
  PID:12084
- C:\Windows\System\qAutTLa.exe
  C:\Windows\System\qAutTLa.exe
  2⤵
  PID:12232
- C:\Windows\System\WWPnTmE.exe
  C:\Windows\System\WWPnTmE.exe
  2⤵
  PID:11996
- C:\Windows\System\rOWtHlA.exe
  C:\Windows\System\rOWtHlA.exe
  2⤵
  PID:11380
- C:\Windows\System\SMSGpYU.exe
  C:\Windows\System\SMSGpYU.exe
  2⤵
  PID:10920
- C:\Windows\System\RTwNMsZ.exe
  C:\Windows\System\RTwNMsZ.exe
  2⤵
  PID:11512
- C:\Windows\System\bKdCole.exe
  C:\Windows\System\bKdCole.exe
  2⤵
  PID:11776
- C:\Windows\System\KZOzOIC.exe
  C:\Windows\System\KZOzOIC.exe
  2⤵
  PID:11976
- C:\Windows\System\nUDohpE.exe
  C:\Windows\System\nUDohpE.exe
  2⤵
  PID:12048
- C:\Windows\System\VDyGNuA.exe
  C:\Windows\System\VDyGNuA.exe
  2⤵
  PID:12208
- C:\Windows\System\ZoxBWFq.exe
  C:\Windows\System\ZoxBWFq.exe
  2⤵
  PID:11408
- C:\Windows\System\QSoxhNq.exe
  C:\Windows\System\QSoxhNq.exe
  2⤵
  PID:4572
- C:\Windows\System\eGzDGph.exe
  C:\Windows\System\eGzDGph.exe
  2⤵
  PID:12144
- C:\Windows\System\uhTvASI.exe
  C:\Windows\System\uhTvASI.exe
  2⤵
  PID:11384
- C:\Windows\System\jzbUkmc.exe
  C:\Windows\System\jzbUkmc.exe
  2⤵
  PID:1788
- C:\Windows\System\wlqEviS.exe
  C:\Windows\System\wlqEviS.exe
  2⤵
  PID:12080
- C:\Windows\System\rALNJMb.exe
  C:\Windows\System\rALNJMb.exe
  2⤵
  PID:12316
- C:\Windows\System\ukwKLxO.exe
  C:\Windows\System\ukwKLxO.exe
  2⤵
  PID:12344
- C:\Windows\System\jeVVapB.exe
  C:\Windows\System\jeVVapB.exe
  2⤵
  PID:12372
- C:\Windows\System\YJpSlUe.exe
  C:\Windows\System\YJpSlUe.exe
  2⤵
  PID:12400
- C:\Windows\System\EewdEpX.exe
  C:\Windows\System\EewdEpX.exe
  2⤵
  PID:12428
- C:\Windows\System\GfRTmSD.exe
  C:\Windows\System\GfRTmSD.exe
  2⤵
  PID:12460
- C:\Windows\System\SuXrILX.exe
  C:\Windows\System\SuXrILX.exe
  2⤵
  PID:12504
- C:\Windows\System\tZfvwOM.exe
  C:\Windows\System\tZfvwOM.exe
  2⤵
  PID:12532
- C:\Windows\System\amsPBxS.exe
  C:\Windows\System\amsPBxS.exe
  2⤵
  PID:12560
- C:\Windows\System\cnzzwwS.exe
  C:\Windows\System\cnzzwwS.exe
  2⤵
  PID:12588
- C:\Windows\System\HngLwev.exe
  C:\Windows\System\HngLwev.exe
  2⤵
  PID:12616
- C:\Windows\System\FbdpOfy.exe
  C:\Windows\System\FbdpOfy.exe
  2⤵
  PID:12656
- C:\Windows\System\sOXdbtS.exe
  C:\Windows\System\sOXdbtS.exe
  2⤵
  PID:12672
- C:\Windows\System\gYckcvK.exe
  C:\Windows\System\gYckcvK.exe
  2⤵
  PID:12700
- C:\Windows\System\heoGXvP.exe
  C:\Windows\System\heoGXvP.exe
  2⤵
  PID:12728
- C:\Windows\System\eGoIiAA.exe
  C:\Windows\System\eGoIiAA.exe
  2⤵
  PID:12768
- C:\Windows\System\vQPylwJ.exe
  C:\Windows\System\vQPylwJ.exe
  2⤵
  PID:12784
- C:\Windows\System\gkDfTcS.exe
  C:\Windows\System\gkDfTcS.exe
  2⤵
  PID:12812
- C:\Windows\System\DlyJxUS.exe
  C:\Windows\System\DlyJxUS.exe
  2⤵
  PID:12840
- C:\Windows\System\vjtYHWI.exe
  C:\Windows\System\vjtYHWI.exe
  2⤵
  PID:12868
- C:\Windows\System\LGFVqRg.exe
  C:\Windows\System\LGFVqRg.exe
  2⤵
  PID:12896
- C:\Windows\System\jUtALuC.exe
  C:\Windows\System\jUtALuC.exe
  2⤵
  PID:12924
- C:\Windows\System\IroAIeb.exe
  C:\Windows\System\IroAIeb.exe
  2⤵
  PID:12952
- C:\Windows\System\ybfyAgW.exe
  C:\Windows\System\ybfyAgW.exe
  2⤵
  PID:12980
- C:\Windows\System\WgFDSbL.exe
  C:\Windows\System\WgFDSbL.exe
  2⤵
  PID:13008
- C:\Windows\System\NyHsIsW.exe
  C:\Windows\System\NyHsIsW.exe
  2⤵
  PID:13036
- C:\Windows\System\wiJxpKg.exe
  C:\Windows\System\wiJxpKg.exe
  2⤵
  PID:13064
- C:\Windows\System\fQPdJlU.exe
  C:\Windows\System\fQPdJlU.exe
  2⤵
  PID:13092
- C:\Windows\System\WjqomnZ.exe
  C:\Windows\System\WjqomnZ.exe
  2⤵
  PID:13120
- C:\Windows\System\ZmEITIt.exe
  C:\Windows\System\ZmEITIt.exe
  2⤵
  PID:13148
- C:\Windows\System\VqpTFkl.exe
  C:\Windows\System\VqpTFkl.exe
  2⤵
  PID:13176
- C:\Windows\System\FWbMtIE.exe
  C:\Windows\System\FWbMtIE.exe
  2⤵
  PID:13204
- C:\Windows\System\JgWtpqf.exe
  C:\Windows\System\JgWtpqf.exe
  2⤵
  PID:13232
- C:\Windows\System\ebhtKTN.exe
  C:\Windows\System\ebhtKTN.exe
  2⤵
  PID:13264
- C:\Windows\System\SkXvwuJ.exe
  C:\Windows\System\SkXvwuJ.exe
  2⤵
  PID:13292
- C:\Windows\System\mEkrEOW.exe
  C:\Windows\System\mEkrEOW.exe
  2⤵
  PID:12308
- C:\Windows\System\VyzbuLI.exe
  C:\Windows\System\VyzbuLI.exe
  2⤵
  PID:12368
- C:\Windows\System\dIPErcN.exe
  C:\Windows\System\dIPErcN.exe
  2⤵
  PID:12440
- C:\Windows\System\ZYhVuuf.exe
  C:\Windows\System\ZYhVuuf.exe
  2⤵
  PID:12524
- C:\Windows\System\wKmHGVc.exe
  C:\Windows\System\wKmHGVc.exe
  2⤵
  PID:12584
- C:\Windows\System\BibCIcI.exe
  C:\Windows\System\BibCIcI.exe
  2⤵
  PID:11760
- C:\Windows\System\bFpuruv.exe
  C:\Windows\System\bFpuruv.exe
  2⤵
  PID:11744
- C:\Windows\System\lyrYrhQ.exe
  C:\Windows\System\lyrYrhQ.exe
  2⤵
  PID:11940
- C:\Windows\System\fBoqWzk.exe
  C:\Windows\System\fBoqWzk.exe
  2⤵
  PID:12148
- C:\Windows\System\UyYDleI.exe
  C:\Windows\System\UyYDleI.exe
  2⤵
  PID:12204
- C:\Windows\System\taOVZGA.exe
  C:\Windows\System\taOVZGA.exe
  2⤵
  PID:12652
- C:\Windows\System\KUvlQko.exe
  C:\Windows\System\KUvlQko.exe
  2⤵
  PID:12692
- C:\Windows\System\QYSVWtD.exe
  C:\Windows\System\QYSVWtD.exe
  2⤵
  PID:12764
- C:\Windows\System\fPHhNWC.exe
  C:\Windows\System\fPHhNWC.exe
  2⤵
  PID:12824
- C:\Windows\System\IXFTYRf.exe
  C:\Windows\System\IXFTYRf.exe
  2⤵
  PID:12892
- C:\Windows\System\LPUqxKB.exe
  C:\Windows\System\LPUqxKB.exe
  2⤵
  PID:12972
- C:\Windows\System\IQptTWt.exe
  C:\Windows\System\IQptTWt.exe
  2⤵
  PID:13020
- C:\Windows\System\Xjqhegq.exe
  C:\Windows\System\Xjqhegq.exe
  2⤵
  PID:13084
- C:\Windows\System\PjAbTfE.exe
  C:\Windows\System\PjAbTfE.exe
  2⤵
  PID:13144
- C:\Windows\System\AEWxRgi.exe
  C:\Windows\System\AEWxRgi.exe
  2⤵
  PID:13216
- C:\Windows\System\EPCdrHt.exe
  C:\Windows\System\EPCdrHt.exe
  2⤵
  PID:13304
- C:\Windows\System\vfKdOFY.exe
  C:\Windows\System\vfKdOFY.exe
  2⤵
  PID:12364
- C:\Windows\System\dawQmlH.exe
  C:\Windows\System\dawQmlH.exe
  2⤵
  PID:12552
- C:\Windows\System\fjVICLN.exe
  C:\Windows\System\fjVICLN.exe
  2⤵
  PID:11748
- C:\Windows\System\trMQiiW.exe
  C:\Windows\System\trMQiiW.exe
  2⤵
  PID:12160
- C:\Windows\System\AuwilXk.exe
  C:\Windows\System\AuwilXk.exe
  2⤵
  PID:11656
- C:\Windows\System\xEXppwL.exe
  C:\Windows\System\xEXppwL.exe
  2⤵
  PID:12804
- C:\Windows\System\ubyDgAd.exe
  C:\Windows\System\ubyDgAd.exe
  2⤵
  PID:12976
- C:\Windows\System\FAeYopM.exe
  C:\Windows\System\FAeYopM.exe
  2⤵
  PID:13112
- C:\Windows\System\ylLSyOw.exe
  C:\Windows\System\ylLSyOw.exe
  2⤵
  PID:13260
- C:\Windows\System\lZJKHSi.exe
  C:\Windows\System\lZJKHSi.exe
  2⤵
  PID:12516
- C:\Windows\System\fjWMelB.exe
  C:\Windows\System\fjWMelB.exe
  2⤵
  PID:11752
- C:\Windows\System\onXtmSM.exe
  C:\Windows\System\onXtmSM.exe
  2⤵
  PID:12936
- C:\Windows\System\MCEVqzj.exe
  C:\Windows\System\MCEVqzj.exe
  2⤵
  PID:13248
- C:\Windows\System\BQCUTOC.exe
  C:\Windows\System\BQCUTOC.exe
  2⤵
  PID:12720
- C:\Windows\System\EonoTDx.exe
  C:\Windows\System\EonoTDx.exe
  2⤵
  PID:11972
- C:\Windows\System\OORKOAD.exe
  C:\Windows\System\OORKOAD.exe
  2⤵
  PID:13320
- C:\Windows\System\ozKVTQv.exe
  C:\Windows\System\ozKVTQv.exe
  2⤵
  PID:13348
- C:\Windows\System\oXJCHZn.exe
  C:\Windows\System\oXJCHZn.exe
  2⤵
  PID:13376
- C:\Windows\System\WDlCUZy.exe
  C:\Windows\System\WDlCUZy.exe
  2⤵
  PID:13404
- C:\Windows\System\Wqgddqx.exe
  C:\Windows\System\Wqgddqx.exe
  2⤵
  PID:13432
- C:\Windows\System\BWrcvTq.exe
  C:\Windows\System\BWrcvTq.exe
  2⤵
  PID:13460
- C:\Windows\System\sXcFAhk.exe
  C:\Windows\System\sXcFAhk.exe
  2⤵
  PID:13488
- C:\Windows\System\VRnbaoL.exe
  C:\Windows\System\VRnbaoL.exe
  2⤵
  PID:13516
- C:\Windows\System\SrsyAOk.exe
  C:\Windows\System\SrsyAOk.exe
  2⤵
  PID:13544
- C:\Windows\System\fqIvGku.exe
  C:\Windows\System\fqIvGku.exe
  2⤵
  PID:13572
- C:\Windows\System\pJiKQGU.exe
  C:\Windows\System\pJiKQGU.exe
  2⤵
  PID:13600
- C:\Windows\System\mQhVvbn.exe
  C:\Windows\System\mQhVvbn.exe
  2⤵
  PID:13628
- C:\Windows\System\rnTBPCu.exe
  C:\Windows\System\rnTBPCu.exe
  2⤵
  PID:13660
- C:\Windows\System\dKTrRXt.exe
  C:\Windows\System\dKTrRXt.exe
  2⤵
  PID:13684
- C:\Windows\System\BPiQDSU.exe
  C:\Windows\System\BPiQDSU.exe
  2⤵
  PID:13712
- C:\Windows\System\LVCjbDq.exe
  C:\Windows\System\LVCjbDq.exe
  2⤵
  PID:13740
- C:\Windows\System\DgtAsyr.exe
  C:\Windows\System\DgtAsyr.exe
  2⤵
  PID:13768
- C:\Windows\System\bxuheCz.exe
  C:\Windows\System\bxuheCz.exe
  2⤵
  PID:13796
- C:\Windows\System\nGLBXVb.exe
  C:\Windows\System\nGLBXVb.exe
  2⤵
  PID:13824
- C:\Windows\System\xIpuKUJ.exe
  C:\Windows\System\xIpuKUJ.exe
  2⤵
  PID:13852
- C:\Windows\System\ViMjdIv.exe
  C:\Windows\System\ViMjdIv.exe
  2⤵
  PID:13880
- C:\Windows\System\TqypVck.exe
  C:\Windows\System\TqypVck.exe
  2⤵
  PID:13908
- C:\Windows\System\LaDrrdM.exe
  C:\Windows\System\LaDrrdM.exe
  2⤵
  PID:13944
- C:\Windows\System\fiHbZOT.exe
  C:\Windows\System\fiHbZOT.exe
  2⤵
  PID:13964
- C:\Windows\System\SAYJfgw.exe
  C:\Windows\System\SAYJfgw.exe
  2⤵
  PID:13992
- C:\Windows\System\wlvAgFm.exe
  C:\Windows\System\wlvAgFm.exe
  2⤵
  PID:14020
- C:\Windows\System\QnFquzO.exe
  C:\Windows\System\QnFquzO.exe
  2⤵
  PID:14048
- C:\Windows\System\JfLmYpJ.exe
  C:\Windows\System\JfLmYpJ.exe
  2⤵
  PID:14076
- C:\Windows\System\xoloykd.exe
  C:\Windows\System\xoloykd.exe
  2⤵
  PID:14104
- C:\Windows\System\XzEGnUg.exe
  C:\Windows\System\XzEGnUg.exe
  2⤵
  PID:14132
- C:\Windows\System\UAxImZW.exe
  C:\Windows\System\UAxImZW.exe
  2⤵
  PID:14160
- C:\Windows\System\bDTBHUH.exe
  C:\Windows\System\bDTBHUH.exe
  2⤵
  PID:14188
- C:\Windows\System\ngzjztH.exe
  C:\Windows\System\ngzjztH.exe
  2⤵
  PID:14216
- C:\Windows\System\VFGlhVR.exe
  C:\Windows\System\VFGlhVR.exe
  2⤵
  PID:14244
- C:\Windows\System\QmsJIgT.exe
  C:\Windows\System\QmsJIgT.exe
  2⤵
  PID:14272
- C:\Windows\System\MxZNsht.exe
  C:\Windows\System\MxZNsht.exe
  2⤵
  PID:14300
- C:\Windows\System\xlZtUAl.exe
  C:\Windows\System\xlZtUAl.exe
  2⤵
  PID:14328
- C:\Windows\System\MhAsRVs.exe
  C:\Windows\System\MhAsRVs.exe
  2⤵
  PID:13360
- C:\Windows\System\GitHUrt.exe
  C:\Windows\System\GitHUrt.exe
  2⤵
  PID:13424
- C:\Windows\System\RaiTXRJ.exe
  C:\Windows\System\RaiTXRJ.exe
  2⤵
  PID:13484
- C:\Windows\System\RFOZBUg.exe
  C:\Windows\System\RFOZBUg.exe
  2⤵
  PID:13556
- C:\Windows\System\XZWozjY.exe
  C:\Windows\System\XZWozjY.exe
  2⤵
  PID:13620
- C:\Windows\System\YTMEBzR.exe
  C:\Windows\System\YTMEBzR.exe
  2⤵
  PID:13680
- C:\Windows\System\zYyWqfe.exe
  C:\Windows\System\zYyWqfe.exe
  2⤵
  PID:13752
- C:\Windows\System\IvnPojb.exe
  C:\Windows\System\IvnPojb.exe
  2⤵
  PID:720
- C:\Windows\System\TEpabxq.exe
  C:\Windows\System\TEpabxq.exe
  2⤵
  PID:5968
- C:\Windows\System\xmxhDvr.exe
  C:\Windows\System\xmxhDvr.exe
  2⤵
  PID:13872
- C:\Windows\System\IGyMqOb.exe
  C:\Windows\System\IGyMqOb.exe
  2⤵
  PID:13932
- C:\Windows\System\mtGINPq.exe
  C:\Windows\System\mtGINPq.exe
  2⤵
  PID:14004
- C:\Windows\System\zymDxOM.exe
  C:\Windows\System\zymDxOM.exe
  2⤵
  PID:14068
- C:\Windows\System\QLmFnkH.exe
  C:\Windows\System\QLmFnkH.exe
  2⤵
  PID:14128
- C:\Windows\System\UqGHlqE.exe
  C:\Windows\System\UqGHlqE.exe
  2⤵
  PID:14200
- C:\Windows\System\EiCmICI.exe
  C:\Windows\System\EiCmICI.exe
  2⤵
  PID:14268
- C:\Windows\System\NjAwkYw.exe
  C:\Windows\System\NjAwkYw.exe
  2⤵
  PID:14324
- C:\Windows\System\JyEsBDl.exe
  C:\Windows\System\JyEsBDl.exe
  2⤵
  PID:13452
- C:\Windows\System\vhIIYyb.exe
  C:\Windows\System\vhIIYyb.exe
  2⤵
  PID:13596
- C:\Windows\System\aSkUDhJ.exe
  C:\Windows\System\aSkUDhJ.exe
  2⤵
  PID:13736
- C:\Windows\System\dylEiCc.exe
  C:\Windows\System\dylEiCc.exe
  2⤵
  PID:13836
- C:\Windows\System\Ofwojjc.exe
  C:\Windows\System\Ofwojjc.exe
  2⤵
  PID:13984
- C:\Windows\System\YodXNDw.exe
  C:\Windows\System\YodXNDw.exe
  2⤵
  PID:14156
- C:\Windows\System\mHQvvDM.exe
  C:\Windows\System\mHQvvDM.exe
  2⤵
  PID:14292
- C:\Windows\System\bozzpJB.exe
  C:\Windows\System\bozzpJB.exe
  2⤵
  PID:13540
- C:\Windows\System\AMYDnwh.exe
  C:\Windows\System\AMYDnwh.exe
  2⤵
  PID:1640
- C:\Windows\System\LxDjCIx.exe
  C:\Windows\System\LxDjCIx.exe
  2⤵
  PID:14184
- C:\Windows\System\mmQypPZ.exe
  C:\Windows\System\mmQypPZ.exe
  2⤵
  PID:13808
- C:\Windows\System\qAkkiwH.exe
  C:\Windows\System\qAkkiwH.exe
  2⤵
  PID:13512
- C:\Windows\System\zGCDmNd.exe
  C:\Windows\System\zGCDmNd.exe
  2⤵
  PID:14352
- C:\Windows\System\sWnhiWd.exe
  C:\Windows\System\sWnhiWd.exe
  2⤵
  PID:14380
- C:\Windows\System\JyzjxMV.exe
  C:\Windows\System\JyzjxMV.exe
  2⤵
  PID:14408
- C:\Windows\System\sIiuPCD.exe
  C:\Windows\System\sIiuPCD.exe
  2⤵
  PID:14436
- C:\Windows\System\oNxXeol.exe
  C:\Windows\System\oNxXeol.exe
  2⤵
  PID:14464
- C:\Windows\System\nKGupVw.exe
  C:\Windows\System\nKGupVw.exe
  2⤵
  PID:14492
- C:\Windows\System\vUZQhyv.exe
  C:\Windows\System\vUZQhyv.exe
  2⤵
  PID:14520
- C:\Windows\System\PszdlSB.exe
  C:\Windows\System\PszdlSB.exe
  2⤵
  PID:14548
- C:\Windows\System\VcUcWQW.exe
  C:\Windows\System\VcUcWQW.exe
  2⤵
  PID:14576
- C:\Windows\System\sGOhOvn.exe
  C:\Windows\System\sGOhOvn.exe
  2⤵
  PID:14604
- C:\Windows\System\ihxVEbF.exe
  C:\Windows\System\ihxVEbF.exe
  2⤵
  PID:14632
- C:\Windows\System\dDgPYdb.exe
  C:\Windows\System\dDgPYdb.exe
  2⤵
  PID:14660
- C:\Windows\System\XXnAEDs.exe
  C:\Windows\System\XXnAEDs.exe
  2⤵
  PID:14688
- C:\Windows\System\occwjTF.exe
  C:\Windows\System\occwjTF.exe
  2⤵
  PID:14728
- C:\Windows\System\nkJoOqo.exe
  C:\Windows\System\nkJoOqo.exe
  2⤵
  PID:14744
- C:\Windows\System\lupfseq.exe
  C:\Windows\System\lupfseq.exe
  2⤵
  PID:14772
- C:\Windows\System\fzauiFq.exe
  C:\Windows\System\fzauiFq.exe
  2⤵
  PID:14800
- C:\Windows\System\HPXUOwy.exe
  C:\Windows\System\HPXUOwy.exe
  2⤵
  PID:14828
- C:\Windows\System\CiMlQGL.exe
  C:\Windows\System\CiMlQGL.exe
  2⤵
  PID:14856
- C:\Windows\System\imeQgqt.exe
  C:\Windows\System\imeQgqt.exe
  2⤵
  PID:14884
- C:\Windows\System\kqmemnG.exe
  C:\Windows\System\kqmemnG.exe
  2⤵
  PID:14912
- C:\Windows\System\jDUONUN.exe
  C:\Windows\System\jDUONUN.exe
  2⤵
  PID:14940
- C:\Windows\System\QiagrpH.exe
  C:\Windows\System\QiagrpH.exe
  2⤵
  PID:14968
- C:\Windows\System\sRpEEKH.exe
  C:\Windows\System\sRpEEKH.exe
  2⤵
  PID:14996
- C:\Windows\System\gZICnME.exe
  C:\Windows\System\gZICnME.exe
  2⤵
  PID:15024
- C:\Windows\System\wJIhWKw.exe
  C:\Windows\System\wJIhWKw.exe
  2⤵
  PID:15052
- C:\Windows\System\evajrtZ.exe
  C:\Windows\System\evajrtZ.exe
  2⤵
  PID:15080
- C:\Windows\System\ylhPsIU.exe
  C:\Windows\System\ylhPsIU.exe
  2⤵
  PID:15108
- C:\Windows\System\nokVLTW.exe
  C:\Windows\System\nokVLTW.exe
  2⤵
  PID:15136
- C:\Windows\System\UIgDkCR.exe
  C:\Windows\System\UIgDkCR.exe
  2⤵
  PID:15164
- C:\Windows\System\hmpbdfB.exe
  C:\Windows\System\hmpbdfB.exe
  2⤵
  PID:15192
- C:\Windows\System\xwXIPgM.exe
  C:\Windows\System\xwXIPgM.exe
  2⤵
  PID:15220
- C:\Windows\System\YlDxZLM.exe
  C:\Windows\System\YlDxZLM.exe
  2⤵
  PID:15248
- C:\Windows\System\CREXfix.exe
  C:\Windows\System\CREXfix.exe
  2⤵
  PID:15276
- C:\Windows\System\smdRtBy.exe
  C:\Windows\System\smdRtBy.exe
  2⤵
  PID:15328
- C:\Windows\System\qmIbCOj.exe
  C:\Windows\System\qmIbCOj.exe
  2⤵
  PID:15352
- C:\Windows\System\IXNHsvM.exe
  C:\Windows\System\IXNHsvM.exe
  2⤵
  PID:14624
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14624 -s 248
    3⤵
    PID:15268
- C:\Windows\System\fIceZLf.exe
  C:\Windows\System\fIceZLf.exe
  2⤵
  PID:14656
- C:\Windows\System\pngzdaa.exe
  C:\Windows\System\pngzdaa.exe
  2⤵
  PID:15296
- C:\Windows\System\sIpcISB.exe
  C:\Windows\System\sIpcISB.exe
  2⤵
  PID:14476
- C:\Windows\System\ioObiZn.exe
  C:\Windows\System\ioObiZn.exe
  2⤵
  PID:14756
- C:\Windows\System\cJdgSGs.exe
  C:\Windows\System\cJdgSGs.exe
  2⤵
  PID:15072
- C:\Windows\System\EfreeSt.exe
  C:\Windows\System\EfreeSt.exe
  2⤵
  PID:14420
- C:\Windows\System\dYfydNu.exe
  C:\Windows\System\dYfydNu.exe
  2⤵
  PID:1436
- C:\Windows\System\iVyvmpc.exe
  C:\Windows\System\iVyvmpc.exe
  2⤵
  PID:3812
- C:\Windows\System\XFoptpw.exe
  C:\Windows\System\XFoptpw.exe
  2⤵
  PID:5436
- C:\Windows\System\SyLWRIY.exe
  C:\Windows\System\SyLWRIY.exe
  2⤵
  PID:14708
- C:\Windows\System\gBPtmSr.exe
  C:\Windows\System\gBPtmSr.exe
  2⤵
  PID:14784
- C:\Windows\System\ZiWJlem.exe
  C:\Windows\System\ZiWJlem.exe
  2⤵
  PID:14868
- C:\Windows\System\XyqaCSg.exe
  C:\Windows\System\XyqaCSg.exe
  2⤵
  PID:14980
- C:\Windows\System\ghMxgTs.exe
  C:\Windows\System\ghMxgTs.exe
  2⤵
  PID:4624
- C:\Windows\System\kHmyXwY.exe
  C:\Windows\System\kHmyXwY.exe
  2⤵
  PID:15092
- C:\Windows\System\Urzfmlm.exe
  C:\Windows\System\Urzfmlm.exe
  2⤵
  PID:15216
- C:\Windows\System\AvENbtv.exe
  C:\Windows\System\AvENbtv.exe
  2⤵
  PID:4860
- C:\Windows\System\YWHoYjz.exe
  C:\Windows\System\YWHoYjz.exe
  2⤵
  PID:4760
- C:\Windows\System\owHLIfI.exe
  C:\Windows\System\owHLIfI.exe
  2⤵
  PID:14372
- C:\Windows\System\IfjdhFh.exe
  C:\Windows\System\IfjdhFh.exe
  2⤵
  PID:5384
- C:\Windows\System\UpmXiFA.exe
  C:\Windows\System\UpmXiFA.exe
  2⤵
  PID:14504
- C:\Windows\System\kkBjoFQ.exe
  C:\Windows\System\kkBjoFQ.exe
  2⤵
  PID:6036
- C:\Windows\System\zWXwGHS.exe
  C:\Windows\System\zWXwGHS.exe
  2⤵
  PID:14652
- C:\Windows\System\hxNPfMP.exe
  C:\Windows\System\hxNPfMP.exe
  2⤵
  PID:5348
- C:\Windows\System\QAgQYBr.exe
  C:\Windows\System\QAgQYBr.exe
  2⤵
  PID:14900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMDclIq.exe

Filesize
6.0MB

MD5
d230b43478d143c9e0c0292041efb05c

SHA1
bd18d2be43b0adf644898db134cb76d03fa520e7

SHA256
aade32ebebfe9fa344df15219cb293cf3bcaa9ae8b7c648b60c26beae40f8882

SHA512
8e4df6ab0d3f57c2bb3d4dbeac43f33765bd26df91946a47ccd68f950423c9e6464d4d211e45f3295c67f8239e53cdcc0ca262cf54dddcc443349122f210b477

Download Submit
C:\Windows\System\BUBXmbC.exe

Filesize
6.0MB

MD5
6e9b42842eb5138c46feada5d2a85c11

SHA1
fab81cc675f7d4182a0c7e533a6f0124b752156b

SHA256
81ae27fef8ad7fa509625ddc3ecf27f26dc5f12b4309c60e336c307ac69c9c2d

SHA512
a21c8a5e8816635ddc69851ec101157309a2db652269af227b6d75c91d97d1441c677986c7902d60f46ff2187b3e13c7954e0d04bf40257ae55d52e939f8a545

Download Submit
C:\Windows\System\CZwMZgb.exe

Filesize
6.1MB

MD5
ba1f0f80dc5d35e80c986dd3202093a5

SHA1
5a6601a471006c1b4c0afc68d173b848127e92e0

SHA256
025a24460948b14dae2128a551cb9ec87ac5806a39faf226091d096622d97697

SHA512
e76e516ccbc8acf949f5c5a7cba4f46df56f4d405bc194a281bf99e2b39fb05c3ffc20f7a8fa909a18c20b55c92e31ca6cb45b42d13d4c47a8507883e09d219c

Download Submit
C:\Windows\System\DYomDNu.exe

Filesize
6.0MB

MD5
a34b07cfbe2d1e0d11db2c4edc90e3bd

SHA1
d088e6983173310b114ddf6a701659e7076c91c6

SHA256
80bf9970543b01e39f99bf037748747a638249d7fbad83fae5fd6ef514ec293d

SHA512
d8853f45800553c6f1dddf2c33ef991bf5f3c53d4ac3c5eba57bddc31d7b471d819de8a30e6320ab687a358cd690b0089d5b7d10969e0e890f6381d8de12fb20

Download Submit
C:\Windows\System\HbXsuid.exe

Filesize
6.1MB

MD5
a48d3e60357471f6b680c942208af38d

SHA1
12f110c8185a3378bb101f5b6919d9a97320afab

SHA256
32e79f9f206ac53066b8f456c3101b10ec81bc623efe71a96b6ed4487dcabdbb

SHA512
c719cd43e7a1a479c277ff9ebda8b0715ae071b1e7d18c71507899a0f2da20a773c61d17b0553c8fe8fceb86c7cab9ad438c8412f682fd554173e8d931ef855d

Download Submit
C:\Windows\System\JfKXTzO.exe

Filesize
6.1MB

MD5
86c0e2dffe706c5a9a14f2ec934c8b9c

SHA1
dce2069e865783ae2bff139871355c0b9e42dc93

SHA256
485ea9480f0e13b77e632878dfde76621e87057f5c268149a75dbde6e193150a

SHA512
ac9cda672ca1c6a1f4b5e9bbc968ef78cebbef4eeec1b2600e40894274a8f6f2af58df0fc83e845e301f0e43c544e07e33847bf08f63e06568fc9c02b71331f2

Download Submit
C:\Windows\System\KHZhgjc.exe

Filesize
6.1MB

MD5
e3c41ce71f1ab71367d65eccbe5c3f40

SHA1
65b00ab0510d01a00c89c1cc29e7c1dda7132155

SHA256
9208f1c6aef324771f443bd6258ca287ecffac08b10c4a0f807dbe94d8bc47f6

SHA512
87715d498c8ff411c98c9f0505a9a379f6864c62d0a87a34cf242c95ec281a1c4d9683025601cc386b60aeeb85458afc38a06f8b3cae97d038504e411f354162

Download Submit
C:\Windows\System\KHqfDhg.exe

Filesize
6.1MB

MD5
ac4319e5a71186f8dcc67cf946e3a587

SHA1
6532d97cd23368341487a644bb6156b9a1ed6ad0

SHA256
7a47a75ea2e66da82844dc0ba35100f9b591a02f9f418b8ec9a7942db4caafe6

SHA512
320952b268ce9c3d75f88db28fd6fe468e1450e320b693317525815ccef2781ae03430ad1984070b99d984d8f653fab35988e7838c6a10d456af7b3a94f13b3d

Download Submit
C:\Windows\System\LkrnQSg.exe

Filesize
6.0MB

MD5
a6cfc709c9367e8635f502df4237c180

SHA1
e35109a7c27cd1d611ce2ea85ec558e383730921

SHA256
68c97d9e3ef012e7604e557e44945de097e0fcfbf166048f7ed646a9332d9c11

SHA512
ebfbf18f9e60eaf1ad55145448d7ce72c0e34cd9cd1d492a381c30b010233b8f64e06c381be64bb5d59f81aa8f02bec14860a62f23b1b5ae3e33bc07dfa6026d

Download Submit
C:\Windows\System\LvUhEOy.exe

Filesize
6.1MB

MD5
4198909ae3b4a0413c540effb7139097

SHA1
7a1ecb243e201a543199e114e86ab69391417276

SHA256
080e56e87c9c35da5e598e754f36eded3842ac94894820ac2b4768c66c7ac1fd

SHA512
c3dd5e40534e5c38adcfc030d6f27ce2b72e0ab03a0ce1caa530dbc578be90ede3c41b781a075158dbce97d312266eedd20f75d7b1f013468c077308ed72f16c

Download Submit
C:\Windows\System\MxZfEHX.exe

Filesize
6.1MB

MD5
f833aeef8e527aa06cef268fd57d6c0e

SHA1
a04abb3127a4d7bd9a93419c74f48939729ea403

SHA256
ae3b376221e934ad88ffe58707f6b11d1d759f979584ac23a9af9718780f2b5a

SHA512
bd84b80c097aab459f6c84d1328d1dc278b1d07f9f49a3603ea9e1ba7c6ca1c9bea77cf31a2a1227ad557eb55375811f551856067a3cb4d2e33b0a78db6d7ed9

Download Submit
C:\Windows\System\NAeIZzY.exe

Filesize
6.1MB

MD5
9fe3981e6a8a49c8696de014d2347c13

SHA1
e6b66864428742c88256c3c5d716febc867b4092

SHA256
c75b174e0a6b3dcb8956dde03f4366d27c469774aeb18b28a34505736f8de693

SHA512
b61af0b1a26061f93c1ae691d521696131c6ae456c3fc926f0ef2450f8af137caee6037ae97442f151d00d3e27f711c49465c1216435f7df59abf4bfba3f99c3

Download Submit
C:\Windows\System\QwlWHPq.exe

Filesize
6.1MB

MD5
2471719b3e41195a3a702b644a3f585e

SHA1
cba0a5c74ba76d65cd5e23717d11065473448512

SHA256
41c447585aabf688c5b146ce3acc4ee2daff112ed089754648b2f59eb65a0806

SHA512
2ab466530a6863873c4c64634eb08a3e15aa5ff9929681c29ec237b1496fa8cca431b86c39ee473b6fa63d32af632f2f249ea13a0004dd03468cc158baaaa3a4

Download Submit
C:\Windows\System\TArrHGJ.exe

Filesize
6.0MB

MD5
ebcc510419f66649be87fc44ffc909a8

SHA1
f114d116f81af8e64d3dc7161b73bf8bccf27a58

SHA256
62f7a41b5a574fc8a60cc11ba62ea14424f2f2478afbe72971c0cfa2a7a5f3a7

SHA512
8ff75d4020f2d2c9d8fff3e71d79a9501695b3e288e717330fed15e229c1b1ae3a6908c53bd1418741969d8aa4b8da8db674a50b8f4a67b55faff8fb8d82de14

Download Submit
C:\Windows\System\TrcTWCh.exe

Filesize
6.1MB

MD5
192dd747f8dfe73431d80b7d471fcf95

SHA1
a1d357fe34cf7ec2366ea5fe366f6f18d04403dc

SHA256
ccb9493d318741af783adfa935779f8246379db8ee0a148ede67e454eda1f570

SHA512
e539fc60b06f5bcc3877acf9cc1b80d339b3b9f848e2139c655a7b3f116fe8e6eb9a007f38f27ee8ae9ce443175efdb68fd286cdbd45032ba61bf99eb0ef5c21

Download Submit
C:\Windows\System\VBRFLFs.exe

Filesize
6.0MB

MD5
976f3458782b59c054c7f37e96acfbba

SHA1
9f55955d79a7d4b9513e2f4ff2d1991b7626a608

SHA256
007ee6503704caaae5ea303ea7a2ca81dc3aad15613ea13268a6aec9207f2468

SHA512
d441828bbb4ce0a404484cbfd1403c6156b8c1edef3c78649f7b7be6f9a8bb807682d2c1286a74fe5dbb2d937f7d6d8456ce49ca70de918511a902e63236ce4a

Download Submit
C:\Windows\System\XEmFfiG.exe

Filesize
6.1MB

MD5
014ec1858773a00e32aa9c4ff81ac03e

SHA1
31f836c50077abc24215ed8cd2e645606a41917d

SHA256
886ec1c192223fafe07f16be7d80a9884cabdb074f26d82f3886acf8b3a9801e

SHA512
0f2916dd3bfd0b98d6c265e1334dfc1cc47d7d4cf0eba3019d748d5e7c0600e5f2c2be7d0c6238ce38ec1c63537c2ece76f2e5db3d54c1ab4249f0ea07c096df

Download Submit
C:\Windows\System\YCFOhkP.exe

Filesize
6.0MB

MD5
b9ead25f01e0a2d208fb548382048ff7

SHA1
3ca2a9c959f901e37cb85e7a8879915d9400da17

SHA256
7cc515b840f03ecb60011a22a34296e1947e534af13ac4204394da45d93ac675

SHA512
e90fbe65120d15d5c3845e10907be513e864c2f9ab54cc523f7d854fe68a844db510804995d9c064af33c2be9b80b451886d45dcf9c71b1cc47698c14176d7b8

Download Submit
C:\Windows\System\YRGiDDX.exe

Filesize
6.1MB

MD5
0cdb02b373ad41a6e766b3b0c0531f73

SHA1
1c6195c9c097f88383b1ae8d379e01f6ea527ae7

SHA256
835af4651be61e71ba18c353602e21f2a22ffe7d211e941f1f0295fe4d18ba62

SHA512
0b5a73db0280c375c1aec4643eb183f090609b7499adb98588d1b51c15dbebf2c7e61a753371b6a5f15b5b57e8223a1b8d89808562e7a91512c9d38b7653e15b

Download Submit
C:\Windows\System\aTPCywN.exe

Filesize
6.1MB

MD5
8c55cd36e9b1074c878fb91bce1d74d6

SHA1
efb8001395558a68570918779af3b7d050a4c43c

SHA256
ec7ee67ea5667653124590b8b94aebbefbbc6a24a5e8815a53c5233864a3e40a

SHA512
e9ebd04da9e90968c76d3cc71fe3cf85987f372d6c2d08ac76d3c8261e1c67ab5a84816144423e5fc8f964bfaa49270e102a21f0011c174a0ec2af62626b0f75

Download Submit
C:\Windows\System\axBaTfZ.exe

Filesize
6.1MB

MD5
09fd8e23a2319cca9ce733c26a6157fa

SHA1
cfab59f85aac2c16d714587b970fdab4c2b3aeac

SHA256
e412b3ac80bc241ae7412ac82b5d89b5a00f6c837693af68e845f85e580b1441

SHA512
bbe853d8ea6347f119d3f272c376cc6226c6bea88a2d8740eece4438bb6c02772af5f94414f44c5fcd82144d1bc7953e8dee2fd80f5127eaf666f7dfad039c86

Download Submit
C:\Windows\System\cBmwAEK.exe

Filesize
6.1MB

MD5
bb8be2cec1369a3fed87ffc6f32824e6

SHA1
3553e6d0be4cf3b97f28fdf3c43b180ae5f069bb

SHA256
6a6b43f3465a69d8d5a5ea707a3f9b7d4015200438beedfe79bedc49b6cb425a

SHA512
20cd8e5ba62c92199158404fd069d698b44872fb717c064ceec38db2b1f06fb1eae928c5099098920ca6721d1d50ec46d0a3dd25ed29d7c50c838672272fe889

Download Submit
C:\Windows\System\cEPqBPI.exe

Filesize
6.1MB

MD5
e8eda99435bb398786772367ae91c372

SHA1
23b42eb8de799c8b427a0907407f134309f334aa

SHA256
7ad80493ca4d7f4152df817a82b0f03ffd7547571dbfd33c9be9aa165b471f09

SHA512
583955c8e2a1b4e2899ee1c5c80bfd29235c8c569c1a4a2db365dc19049b4d7c14358c998220a5f1344906824586c56607da4536c9cfd61a1b62879b64893879

Download Submit
C:\Windows\System\eynGVWO.exe

Filesize
6.1MB

MD5
ef821d145a11d3d9ccf2b070b6d70d83

SHA1
113fbce1e963c9f4f0655c41b7ee5360c58ccc36

SHA256
900a5c08cc59801be422e82e02ca743dea7baa7000bc0dea127140eb41115c09

SHA512
2321c980e5d376c7495120d8aec1ea114094596cae902197b8afb5fc5ca447d775dd0d5a5bc92cd88770bbc019a8a557dc43effa5e49ff684f4f72cd9a39470a

Download Submit
C:\Windows\System\fsXyaQZ.exe

Filesize
6.0MB

MD5
f079835c0d33ca0b6ce172e1698b46a4

SHA1
12bc696b2ec41212b98d57ef956c0dc8a160ad6f

SHA256
09acb9b9ca8b711c4af6009d528f2d640a0b0c22c90db01402946ce568fc97c9

SHA512
6453b2e1d3788f6b2906c8feea95f81713696ffc88685685dff44e23c6de73e772cffcb820f4f29667fe7b4633b33cfc5fc198f2ce39e51d07647a97abb9b48a

Download Submit
C:\Windows\System\kxmypyY.exe

Filesize
6.1MB

MD5
3701bf8b7218033bcb060e8b1249f8bd

SHA1
a601fa297f62b3a921a9e8616502feb237af3d32

SHA256
80c362d8c2889ab9a4f92a8099e1242eedc38f90f4b6e3943c6129ff939d5d40

SHA512
b5b729ae051332e8baa603a1ad41bb3994ccdc6f190f8afdb25f9f70f4c817ee801d6eabaf15a184a2d63b45903c49fbeb3bb19a2e966578c28f93b77528aa58

Download Submit
C:\Windows\System\lWOeyQU.exe

Filesize
6.1MB

MD5
c828082f127e29a772c22c83a5e3b7b8

SHA1
bbe4de5e25c69ee71e1f21fe6b7d27146ef810c4

SHA256
9a4d2d3b5448fba4cde1498f32b6c062e09997d186ad65e6e6d4336daa492093

SHA512
e03081e8d111fb9ee9159a9518a46e650d3c00f19f9ff342ea56c2b1eeeecd2d9c0a0808275bd5a730d2a5721459b4d8e230863b3d8092cc7dce290928f337f8

Download Submit
C:\Windows\System\oxMidBE.exe

Filesize
6.1MB

MD5
2c8ecc3d3f90e4205afb187c7acd1ea5

SHA1
9082aaf76256ff84b27253fbd519f0b2f5717f2a

SHA256
bc0f9a6b6b8a0093425a7e167496ed3ad148575e10e66b9a66b5477e356325c5

SHA512
5f49a73e7ca8141d62097c1c86d6c587cf82c67ebe15e90f9d4aa05ac44e243ac4668a57ec05cfa2e3d8150dfb85b63f5d9777adf5beb4ce64e705fece862fcd

Download Submit
C:\Windows\System\oyYaCTk.exe

Filesize
6.0MB

MD5
87dec94bec5fafc5a5640dedf4afe10d

SHA1
8626d5ddbc8ce3997af7aeff5825815ae99049bb

SHA256
5bbfe3f563e181559b2aeb5aa7d2e4d19b8eb8b2c0efa3eea6f1c86082629d83

SHA512
a033d0511915fac5346125f53899b14febe2abf05e19016599e9c412ca64d55907e61eb2e044fbde52d029a61da41a5696d76b7b15d84a3fbc4b8de834307799

Download Submit
C:\Windows\System\qNYGyXI.exe

Filesize
6.1MB

MD5
e4586950b9466f4a8e45eb8793fd7870

SHA1
f41f4461d4a81fa564507f806252bba831343efd

SHA256
976b12901b58e89cd6f328016a951b82357ab08755746e5ca26b6266f6c797ec

SHA512
c681d9efa6ac9325f1447eb2351b7a5bd9042e17a758aaf8502010a55c9fc10ade690a03be63b007af5203573469827f09f67e03ff71ce0a1c85d882e83dd856

Download Submit
C:\Windows\System\qqTCrOG.exe

Filesize
6.0MB

MD5
b6a68aa12fdfd003c62c6331cc72681c

SHA1
5f499d32330475b86754bfd5220a8204f613005f

SHA256
bb123462e047df3bb5606df33984f50a06fe65c15d34ecfa832ac299803e09b6

SHA512
caceed609f01c6e7e6dec3e7fc0dcb2ed8065891dffe919efb5440e539213e3c2a1f75e89d57fcb983a36c6750c95d24c10fea949ff63e12dd7aee3488e32247

Download Submit
C:\Windows\System\wDxoSMM.exe

Filesize
6.1MB

MD5
d34205c0862086963a6481a4a65d174a

SHA1
244670b33012a0dc7ac71dcd5ef26ed0ad5e3ffb

SHA256
8a86bae784dc661fd313d93586696f6b78098ea0d3f63e9cec58043b0b27d551

SHA512
f144794f076f68b84fa16b5ffc0d6c28ca52de8ef457c8ff7110eb639615c34f015a0ed50cfe92b79ef0f327c2b8e4f962a349d63f0ad5231849218898e4e1ad

Download Submit
C:\Windows\System\yIICavu.exe

Filesize
6.1MB

MD5
b77367e6abd1c8a3de0111a6d7289980

SHA1
5a4f6435c698910b80d480d833fb64396896944a

SHA256
cf209e31ad6a2d1e6bd0a2249de45c959e5121849205ba54a8fe8d95897917bb

SHA512
25d30be73e7847f779ee8ff1d558cd9145bf1cdbdb23f8f5bcd55c34ad215e5bb6d1e36afabec3314c46cf4744890afa4c72f6e2ddcd088ab07584f15b8bdbf3

Download Submit
C:\Windows\System\zPllNJS.exe

Filesize
6.1MB

MD5
4ab4660f66ba9a40c579468a80c05d52

SHA1
1e56f42d8a27b0d10a75a304e9239aa5a33fd067

SHA256
542c69e74ca1964e0d4f0e3e18c6dbf679d3f35a1d68b4cfe53fe8c09748bc41

SHA512
5ea06d0108655dccb9898e94878694ea0b3d8bfb412f15729edcdc2471b0b03a0a87533b2a201a586d552da96236985e8c99ab991004b7001cdda9ff060a1b60

Download Submit
memory/376-190-0x00007FF7BA6E0000-0x00007FF7BAA34000-memory.dmp

Filesize
3.3MB

Download
memory/384-2313-0x00007FF61E250000-0x00007FF61E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/384-463-0x00007FF61E250000-0x00007FF61E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/384-76-0x00007FF61E250000-0x00007FF61E5A4000-memory.dmp

Filesize
3.3MB

Download
memory/444-2475-0x00007FF6DCEB0000-0x00007FF6DD204000-memory.dmp

Filesize
3.3MB

Download
memory/444-196-0x00007FF6DCEB0000-0x00007FF6DD204000-memory.dmp

Filesize
3.3MB

Download
memory/848-71-0x00007FF6A47A0000-0x00007FF6A4AF4000-memory.dmp

Filesize
3.3MB

Download
memory/848-339-0x00007FF6A47A0000-0x00007FF6A4AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1516-204-0x00007FF69CEF0000-0x00007FF69D244000-memory.dmp

Filesize
3.3MB

Download
memory/1516-49-0x00007FF69CEF0000-0x00007FF69D244000-memory.dmp

Filesize
3.3MB

Download
memory/1544-41-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/1544-98-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/1624-68-0x00007FF720A40000-0x00007FF720D94000-memory.dmp

Filesize
3.3MB

Download
memory/1624-274-0x00007FF720A40000-0x00007FF720D94000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2403-0x00007FF740C40000-0x00007FF740F94000-memory.dmp

Filesize
3.3MB

Download
memory/2708-176-0x00007FF740C40000-0x00007FF740F94000-memory.dmp

Filesize
3.3MB

Download
memory/3240-189-0x00007FF6E90C0000-0x00007FF6E9414000-memory.dmp

Filesize
3.3MB

Download
memory/3240-747-0x00007FF6E90C0000-0x00007FF6E9414000-memory.dmp

Filesize
3.3MB

Download
memory/3528-32-0x00007FF690230000-0x00007FF690584000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2398-0x00007FF7B5080000-0x00007FF7B53D4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-160-0x00007FF7B5080000-0x00007FF7B53D4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-25-0x00007FF664910000-0x00007FF664C64000-memory.dmp

Filesize
3.3MB

Download
memory/3696-73-0x00007FF664910000-0x00007FF664C64000-memory.dmp

Filesize
3.3MB

Download
memory/3744-466-0x00007FF7B05E0000-0x00007FF7B0934000-memory.dmp

Filesize
3.3MB

Download
memory/3744-85-0x00007FF7B05E0000-0x00007FF7B0934000-memory.dmp

Filesize
3.3MB

Download
memory/3748-72-0x00007FF75C120000-0x00007FF75C474000-memory.dmp

Filesize
3.3MB

Download
memory/3748-14-0x00007FF75C120000-0x00007FF75C474000-memory.dmp

Filesize
3.3MB

Download
memory/4004-46-0x00007FF7E3690000-0x00007FF7E39E4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-193-0x00007FF7E3690000-0x00007FF7E39E4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2167-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp

Filesize
3.3MB

Download
memory/4220-69-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp

Filesize
3.3MB

Download
memory/4220-7-0x00007FF7FC1B0000-0x00007FF7FC504000-memory.dmp

Filesize
3.3MB

Download
memory/4468-594-0x00007FF780450000-0x00007FF7807A4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-86-0x00007FF780450000-0x00007FF7807A4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-101-0x00007FF6911B0000-0x00007FF691504000-memory.dmp

Filesize
3.3MB

Download
memory/4556-596-0x00007FF6911B0000-0x00007FF691504000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2392-0x00007FF745C70000-0x00007FF745FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-149-0x00007FF745C70000-0x00007FF745FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-665-0x00007FF745C70000-0x00007FF745FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-664-0x00007FF606B70000-0x00007FF606EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-102-0x00007FF606B70000-0x00007FF606EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-194-0x00007FF60F550000-0x00007FF60F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-154-0x00007FF698690000-0x00007FF6989E4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2394-0x00007FF698690000-0x00007FF6989E4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-195-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp

Filesize
3.3MB

Download
memory/4892-27-0x00007FF6C91E0000-0x00007FF6C9534000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2396-0x00007FF7A2E40000-0x00007FF7A3194000-memory.dmp

Filesize
3.3MB

Download
memory/4908-159-0x00007FF7A2E40000-0x00007FF7A3194000-memory.dmp

Filesize
3.3MB

Download
memory/4964-155-0x00007FF793CE0000-0x00007FF794034000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2395-0x00007FF793CE0000-0x00007FF794034000-memory.dmp

Filesize
3.3MB

Download
memory/4972-191-0x00007FF7E1DC0000-0x00007FF7E2114000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2452-0x00007FF773340000-0x00007FF773694000-memory.dmp

Filesize
3.3MB

Download
memory/5024-192-0x00007FF773340000-0x00007FF773694000-memory.dmp

Filesize
3.3MB

Download
memory/5320-61-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp

Filesize
3.3MB

Download
memory/5320-1-0x0000024B8D270000-0x0000024B8D280000-memory.dmp

Filesize
64KB

Download
memory/5320-0-0x00007FF67B0B0000-0x00007FF67B404000-memory.dmp

Filesize
3.3MB

Download
memory/5952-272-0x00007FF7CE0D0000-0x00007FF7CE424000-memory.dmp

Filesize
3.3MB

Download
memory/5952-54-0x00007FF7CE0D0000-0x00007FF7CE424000-memory.dmp

Filesize
3.3MB

Download