cobaltstrike | 92ea5407f6f89ca184bf7199c09d7a9b0e32f4459c3981135a8c30b2168d69e7

Analysis

max time kernel
106s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

e9da4865880461f61ff75f02a7202a0f
SHA1

8ef3246660576cfa9939cc55edaf0fa7c6ac02d2
SHA256

92ea5407f6f89ca184bf7199c09d7a9b0e32f4459c3981135a8c30b2168d69e7
SHA512

479ab4e194af7dc6c05c92dcd8a1a95c5986a77145fcfb48cfe569b31fa323469c96462a1c508b0904be574a88dc694bd61cf010d3e7a9512de9583f32bf3aac
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000f000000022f40-6.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e1-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e2-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e3-20.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e5-38.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e8-56.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242eb-81.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ea-77.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e9-71.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e7-60.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e6-51.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000242de-41.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242e4-32.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ec-87.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ef-99.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ed-103.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f0-114.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f2-118.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f3-121.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f6-129.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f5-154.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f9-163.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f8-159.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f7-157.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f4-152.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242f1-140.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242fa-172.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242fb-178.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242fd-190.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242fc-192.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242fe-198.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000242ff-202.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3184-0-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp	xmrig
behavioral2/files/0x000f000000022f40-6.dat	xmrig
behavioral2/memory/4308-8-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e1-11.dat	xmrig
behavioral2/files/0x00070000000242e2-10.dat	xmrig
behavioral2/files/0x00070000000242e3-20.dat	xmrig
behavioral2/files/0x00070000000242e5-38.dat	xmrig
behavioral2/files/0x00070000000242e8-56.dat	xmrig
behavioral2/memory/4916-63-0x00007FF746340000-0x00007FF746694000-memory.dmp	xmrig
behavioral2/memory/4956-76-0x00007FF605D40000-0x00007FF606094000-memory.dmp	xmrig
behavioral2/memory/4700-83-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242eb-81.dat	xmrig
behavioral2/memory/1828-80-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp	xmrig
behavioral2/memory/4244-79-0x00007FF6C5700000-0x00007FF6C5A54000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ea-77.dat	xmrig
behavioral2/memory/4308-75-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e9-71.dat	xmrig
behavioral2/memory/4876-69-0x00007FF6D0DF0000-0x00007FF6D1144000-memory.dmp	xmrig
behavioral2/memory/3184-64-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e7-60.dat	xmrig
behavioral2/memory/5816-59-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e6-51.dat	xmrig
behavioral2/memory/5952-50-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp	xmrig
behavioral2/memory/5312-43-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp	xmrig
behavioral2/memory/5872-42-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp	xmrig
behavioral2/files/0x00080000000242de-41.dat	xmrig
behavioral2/memory/2160-33-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e4-32.dat	xmrig
behavioral2/memory/4756-22-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp	xmrig
behavioral2/memory/4700-21-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp	xmrig
behavioral2/memory/1828-14-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ec-87.dat	xmrig
behavioral2/memory/5416-91-0x00007FF65E260000-0x00007FF65E5B4000-memory.dmp	xmrig
behavioral2/memory/4756-90-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ef-99.dat	xmrig
behavioral2/files/0x00070000000242ed-103.dat	xmrig
behavioral2/memory/3996-102-0x00007FF7AEC00000-0x00007FF7AEF54000-memory.dmp	xmrig
behavioral2/memory/5872-101-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f0-114.dat	xmrig
behavioral2/files/0x00070000000242f2-118.dat	xmrig
behavioral2/files/0x00070000000242f3-121.dat	xmrig
behavioral2/files/0x00070000000242f6-129.dat	xmrig
behavioral2/memory/5816-132-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f5-154.dat	xmrig
behavioral2/memory/5288-160-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	xmrig
behavioral2/memory/4364-165-0x00007FF6D7930000-0x00007FF6D7C84000-memory.dmp	xmrig
behavioral2/memory/4796-169-0x00007FF75A3D0000-0x00007FF75A724000-memory.dmp	xmrig
behavioral2/memory/1164-168-0x00007FF6D61E0000-0x00007FF6D6534000-memory.dmp	xmrig
behavioral2/memory/4916-167-0x00007FF746340000-0x00007FF746694000-memory.dmp	xmrig
behavioral2/memory/5084-166-0x00007FF61C500000-0x00007FF61C854000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f9-163.dat	xmrig
behavioral2/memory/4192-161-0x00007FF7FF870000-0x00007FF7FFBC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f8-159.dat	xmrig
behavioral2/files/0x00070000000242f7-157.dat	xmrig
behavioral2/memory/5552-156-0x00007FF630950000-0x00007FF630CA4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f4-152.dat	xmrig
behavioral2/memory/1756-150-0x00007FF69EC80000-0x00007FF69EFD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f1-140.dat	xmrig
behavioral2/memory/1832-139-0x00007FF6B0400000-0x00007FF6B0754000-memory.dmp	xmrig
behavioral2/memory/5104-138-0x00007FF66FF40000-0x00007FF670294000-memory.dmp	xmrig
behavioral2/memory/5952-111-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp	xmrig
behavioral2/memory/2508-98-0x00007FF6714C0000-0x00007FF671814000-memory.dmp	xmrig
behavioral2/memory/5312-96-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp	xmrig
behavioral2/memory/2160-95-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4308	zuoiEot.exe
1828	TXXMfDj.exe
4700	zRZPSlc.exe
4756	PmwgaZF.exe
2160	fSjZDXn.exe
5872	ylCvNPE.exe
5312	UvyuxpQ.exe
5952	vPhzkWc.exe
5816	oMETCvR.exe
4916	DRTBfKG.exe
4876	vgIsgTe.exe
4956	iwJVcVf.exe
4244	YeJFYUC.exe
5416	jVLvkvx.exe
2508	YCBADHu.exe
3996	exhDewN.exe
5104	QzIWmAm.exe
5084	cIiqBMJ.exe
1832	meLexcS.exe
1756	XSuHwHF.exe
5552	bgLsUUf.exe
5288	VsYOLBh.exe
1164	nYXMlhT.exe
4192	WJXrIiD.exe
4364	fDoeWrO.exe
4796	PLZNcQT.exe
3052	qdrFOkH.exe
5992	UnstKXN.exe
2812	kuaGQBC.exe
5456	kWyJWZk.exe
2704	XqAEeQf.exe
5648	SOlqidf.exe
3908	zIgfINj.exe
1272	aylVJjT.exe
3916	AXrhUdf.exe
5824	pyeuGwg.exe
3540	WiqEVkh.exe
2888	UpaXNgg.exe
3680	Duizcxp.exe
5936	cqucEQJ.exe
1776	tqzgJwd.exe
6072	ddKxlET.exe
604	hGgcJAP.exe
5856	EvgpRNI.exe
4848	GPIKYKn.exe
2060	cPveKMG.exe
2000	cbLzmwL.exe
928	GNxHbEk.exe
2544	FBUflUL.exe
5284	mazJXgf.exe
772	KsxorQE.exe
5280	MHVXgaw.exe
4128	wVsfRab.exe
2072	EhzWsjy.exe
4484	EeRVOgK.exe
2192	jeDHgAm.exe
5760	gkuELAv.exe
4544	yuWRatx.exe
3456	tOdIyAJ.exe
752	TZVytiL.exe
3544	tOlNcrW.exe
2980	TlWPIMp.exe
3228	JOKjokr.exe
4816	gmzqbeY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3184-0-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp	upx
behavioral2/files/0x000f000000022f40-6.dat	upx
behavioral2/memory/4308-8-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp	upx
behavioral2/files/0x00070000000242e1-11.dat	upx
behavioral2/files/0x00070000000242e2-10.dat	upx
behavioral2/files/0x00070000000242e3-20.dat	upx
behavioral2/files/0x00070000000242e5-38.dat	upx
behavioral2/files/0x00070000000242e8-56.dat	upx
behavioral2/memory/4916-63-0x00007FF746340000-0x00007FF746694000-memory.dmp	upx
behavioral2/memory/4956-76-0x00007FF605D40000-0x00007FF606094000-memory.dmp	upx
behavioral2/memory/4700-83-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp	upx
behavioral2/files/0x00070000000242eb-81.dat	upx
behavioral2/memory/1828-80-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp	upx
behavioral2/memory/4244-79-0x00007FF6C5700000-0x00007FF6C5A54000-memory.dmp	upx
behavioral2/files/0x00070000000242ea-77.dat	upx
behavioral2/memory/4308-75-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp	upx
behavioral2/files/0x00070000000242e9-71.dat	upx
behavioral2/memory/4876-69-0x00007FF6D0DF0000-0x00007FF6D1144000-memory.dmp	upx
behavioral2/memory/3184-64-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp	upx
behavioral2/files/0x00070000000242e7-60.dat	upx
behavioral2/memory/5816-59-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp	upx
behavioral2/files/0x00070000000242e6-51.dat	upx
behavioral2/memory/5952-50-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp	upx
behavioral2/memory/5312-43-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp	upx
behavioral2/memory/5872-42-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp	upx
behavioral2/files/0x00080000000242de-41.dat	upx
behavioral2/memory/2160-33-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp	upx
behavioral2/files/0x00070000000242e4-32.dat	upx
behavioral2/memory/4756-22-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp	upx
behavioral2/memory/4700-21-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp	upx
behavioral2/memory/1828-14-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp	upx
behavioral2/files/0x00070000000242ec-87.dat	upx
behavioral2/memory/5416-91-0x00007FF65E260000-0x00007FF65E5B4000-memory.dmp	upx
behavioral2/memory/4756-90-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp	upx
behavioral2/files/0x00070000000242ef-99.dat	upx
behavioral2/files/0x00070000000242ed-103.dat	upx
behavioral2/memory/3996-102-0x00007FF7AEC00000-0x00007FF7AEF54000-memory.dmp	upx
behavioral2/memory/5872-101-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp	upx
behavioral2/files/0x00070000000242f0-114.dat	upx
behavioral2/files/0x00070000000242f2-118.dat	upx
behavioral2/files/0x00070000000242f3-121.dat	upx
behavioral2/files/0x00070000000242f6-129.dat	upx
behavioral2/memory/5816-132-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp	upx
behavioral2/files/0x00070000000242f5-154.dat	upx
behavioral2/memory/5288-160-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	upx
behavioral2/memory/4364-165-0x00007FF6D7930000-0x00007FF6D7C84000-memory.dmp	upx
behavioral2/memory/4796-169-0x00007FF75A3D0000-0x00007FF75A724000-memory.dmp	upx
behavioral2/memory/1164-168-0x00007FF6D61E0000-0x00007FF6D6534000-memory.dmp	upx
behavioral2/memory/4916-167-0x00007FF746340000-0x00007FF746694000-memory.dmp	upx
behavioral2/memory/5084-166-0x00007FF61C500000-0x00007FF61C854000-memory.dmp	upx
behavioral2/files/0x00070000000242f9-163.dat	upx
behavioral2/memory/4192-161-0x00007FF7FF870000-0x00007FF7FFBC4000-memory.dmp	upx
behavioral2/files/0x00070000000242f8-159.dat	upx
behavioral2/files/0x00070000000242f7-157.dat	upx
behavioral2/memory/5552-156-0x00007FF630950000-0x00007FF630CA4000-memory.dmp	upx
behavioral2/files/0x00070000000242f4-152.dat	upx
behavioral2/memory/1756-150-0x00007FF69EC80000-0x00007FF69EFD4000-memory.dmp	upx
behavioral2/files/0x00070000000242f1-140.dat	upx
behavioral2/memory/1832-139-0x00007FF6B0400000-0x00007FF6B0754000-memory.dmp	upx
behavioral2/memory/5104-138-0x00007FF66FF40000-0x00007FF670294000-memory.dmp	upx
behavioral2/memory/5952-111-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp	upx
behavioral2/memory/2508-98-0x00007FF6714C0000-0x00007FF671814000-memory.dmp	upx
behavioral2/memory/5312-96-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp	upx
behavioral2/memory/2160-95-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kyRyJuy.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JwTPJze.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VKBbFOZ.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bgwRcYv.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TMPtFFA.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ccfUxky.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EzDrIVp.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MEkikUb.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nYXMlhT.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fDoeWrO.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VnBZxCA.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EqzBjJV.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SOBzIMx.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zlyHXFA.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kLaLUnJ.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UnstKXN.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MHVXgaw.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rTTuwfM.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DQchAiF.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DlxFRHF.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TZVytiL.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yHxfJHF.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ydWJWDb.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IgSDtJz.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yBqkhxu.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JmUozlX.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wAKlzXa.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qlPWBQX.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kheuYVb.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wkNzCnI.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QliFNZI.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HRdSmXq.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QWWDZCu.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\knGlsLj.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\peVTWPy.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UpaXNgg.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ALqRWsw.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jPTXKsF.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TcPniyv.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aqppuRl.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MjUaZzl.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FeyqFcN.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wtSDtOQ.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ULysWpq.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pVWMIhd.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VGzgvOM.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dgHVTWm.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PzjzObo.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LzTZAkq.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HTwwtMb.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EbXfZUe.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KsxorQE.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DnsAMVi.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IDavUta.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JVwJolX.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VVSZmdP.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tRfiOEG.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NczrbzV.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rQsDTGo.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aEUuSzF.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PTaQpCb.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gkdpuji.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HIrEKYE.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GbSJpON.exe	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4308	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3184 wrote to memory of 4308	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3184 wrote to memory of 1828	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3184 wrote to memory of 1828	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3184 wrote to memory of 4700	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3184 wrote to memory of 4700	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3184 wrote to memory of 4756	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3184 wrote to memory of 4756	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3184 wrote to memory of 2160	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3184 wrote to memory of 2160	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3184 wrote to memory of 5312	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3184 wrote to memory of 5312	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3184 wrote to memory of 5872	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3184 wrote to memory of 5872	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3184 wrote to memory of 5952	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3184 wrote to memory of 5952	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 3184 wrote to memory of 5816	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3184 wrote to memory of 5816	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3184 wrote to memory of 4916	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3184 wrote to memory of 4916	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3184 wrote to memory of 4876	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3184 wrote to memory of 4876	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3184 wrote to memory of 4956	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3184 wrote to memory of 4956	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3184 wrote to memory of 4244	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3184 wrote to memory of 4244	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3184 wrote to memory of 5416	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3184 wrote to memory of 5416	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3184 wrote to memory of 2508	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3184 wrote to memory of 2508	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3184 wrote to memory of 3996	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3184 wrote to memory of 3996	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3184 wrote to memory of 5104	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3184 wrote to memory of 5104	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3184 wrote to memory of 5084	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3184 wrote to memory of 5084	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3184 wrote to memory of 1832	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3184 wrote to memory of 1832	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3184 wrote to memory of 1756	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3184 wrote to memory of 1756	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3184 wrote to memory of 5552	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3184 wrote to memory of 5552	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3184 wrote to memory of 1164	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3184 wrote to memory of 1164	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3184 wrote to memory of 5288	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3184 wrote to memory of 5288	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3184 wrote to memory of 4192	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3184 wrote to memory of 4192	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3184 wrote to memory of 4364	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3184 wrote to memory of 4364	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 3184 wrote to memory of 4796	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3184 wrote to memory of 4796	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 3184 wrote to memory of 3052	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3184 wrote to memory of 3052	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3184 wrote to memory of 5992	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3184 wrote to memory of 5992	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3184 wrote to memory of 2812	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3184 wrote to memory of 2812	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3184 wrote to memory of 5456	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3184 wrote to memory of 5456	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3184 wrote to memory of 2704	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3184 wrote to memory of 2704	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3184 wrote to memory of 5648	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3184 wrote to memory of 5648	3184	2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_e9da4865880461f61ff75f02a7202a0f_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Windows\System\zuoiEot.exe
  C:\Windows\System\zuoiEot.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\TXXMfDj.exe
  C:\Windows\System\TXXMfDj.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\zRZPSlc.exe
  C:\Windows\System\zRZPSlc.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\PmwgaZF.exe
  C:\Windows\System\PmwgaZF.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\fSjZDXn.exe
  C:\Windows\System\fSjZDXn.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\UvyuxpQ.exe
  C:\Windows\System\UvyuxpQ.exe
  2⤵
  - Executes dropped EXE
  PID:5312
- C:\Windows\System\ylCvNPE.exe
  C:\Windows\System\ylCvNPE.exe
  2⤵
  - Executes dropped EXE
  PID:5872
- C:\Windows\System\vPhzkWc.exe
  C:\Windows\System\vPhzkWc.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\oMETCvR.exe
  C:\Windows\System\oMETCvR.exe
  2⤵
  - Executes dropped EXE
  PID:5816
- C:\Windows\System\DRTBfKG.exe
  C:\Windows\System\DRTBfKG.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\vgIsgTe.exe
  C:\Windows\System\vgIsgTe.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\iwJVcVf.exe
  C:\Windows\System\iwJVcVf.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\YeJFYUC.exe
  C:\Windows\System\YeJFYUC.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\jVLvkvx.exe
  C:\Windows\System\jVLvkvx.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\YCBADHu.exe
  C:\Windows\System\YCBADHu.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\exhDewN.exe
  C:\Windows\System\exhDewN.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\QzIWmAm.exe
  C:\Windows\System\QzIWmAm.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\cIiqBMJ.exe
  C:\Windows\System\cIiqBMJ.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\meLexcS.exe
  C:\Windows\System\meLexcS.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\XSuHwHF.exe
  C:\Windows\System\XSuHwHF.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\bgLsUUf.exe
  C:\Windows\System\bgLsUUf.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System\nYXMlhT.exe
  C:\Windows\System\nYXMlhT.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\VsYOLBh.exe
  C:\Windows\System\VsYOLBh.exe
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System\WJXrIiD.exe
  C:\Windows\System\WJXrIiD.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\fDoeWrO.exe
  C:\Windows\System\fDoeWrO.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\PLZNcQT.exe
  C:\Windows\System\PLZNcQT.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\qdrFOkH.exe
  C:\Windows\System\qdrFOkH.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\UnstKXN.exe
  C:\Windows\System\UnstKXN.exe
  2⤵
  - Executes dropped EXE
  PID:5992
- C:\Windows\System\kuaGQBC.exe
  C:\Windows\System\kuaGQBC.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\kWyJWZk.exe
  C:\Windows\System\kWyJWZk.exe
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Windows\System\XqAEeQf.exe
  C:\Windows\System\XqAEeQf.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\SOlqidf.exe
  C:\Windows\System\SOlqidf.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\zIgfINj.exe
  C:\Windows\System\zIgfINj.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\aylVJjT.exe
  C:\Windows\System\aylVJjT.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\AXrhUdf.exe
  C:\Windows\System\AXrhUdf.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\pyeuGwg.exe
  C:\Windows\System\pyeuGwg.exe
  2⤵
  - Executes dropped EXE
  PID:5824
- C:\Windows\System\WiqEVkh.exe
  C:\Windows\System\WiqEVkh.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\UpaXNgg.exe
  C:\Windows\System\UpaXNgg.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\Duizcxp.exe
  C:\Windows\System\Duizcxp.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\cqucEQJ.exe
  C:\Windows\System\cqucEQJ.exe
  2⤵
  - Executes dropped EXE
  PID:5936
- C:\Windows\System\tqzgJwd.exe
  C:\Windows\System\tqzgJwd.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\ddKxlET.exe
  C:\Windows\System\ddKxlET.exe
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\System\hGgcJAP.exe
  C:\Windows\System\hGgcJAP.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\EvgpRNI.exe
  C:\Windows\System\EvgpRNI.exe
  2⤵
  - Executes dropped EXE
  PID:5856
- C:\Windows\System\GPIKYKn.exe
  C:\Windows\System\GPIKYKn.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\cPveKMG.exe
  C:\Windows\System\cPveKMG.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\cbLzmwL.exe
  C:\Windows\System\cbLzmwL.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\GNxHbEk.exe
  C:\Windows\System\GNxHbEk.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\FBUflUL.exe
  C:\Windows\System\FBUflUL.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\mazJXgf.exe
  C:\Windows\System\mazJXgf.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\KsxorQE.exe
  C:\Windows\System\KsxorQE.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\MHVXgaw.exe
  C:\Windows\System\MHVXgaw.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\wVsfRab.exe
  C:\Windows\System\wVsfRab.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\EhzWsjy.exe
  C:\Windows\System\EhzWsjy.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\EeRVOgK.exe
  C:\Windows\System\EeRVOgK.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\jeDHgAm.exe
  C:\Windows\System\jeDHgAm.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\gkuELAv.exe
  C:\Windows\System\gkuELAv.exe
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Windows\System\yuWRatx.exe
  C:\Windows\System\yuWRatx.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\tOdIyAJ.exe
  C:\Windows\System\tOdIyAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\TZVytiL.exe
  C:\Windows\System\TZVytiL.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\tOlNcrW.exe
  C:\Windows\System\tOlNcrW.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\TlWPIMp.exe
  C:\Windows\System\TlWPIMp.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\JOKjokr.exe
  C:\Windows\System\JOKjokr.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\gmzqbeY.exe
  C:\Windows\System\gmzqbeY.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\PysxYZU.exe
  C:\Windows\System\PysxYZU.exe
  2⤵
  PID:5328
- C:\Windows\System\dDegPvV.exe
  C:\Windows\System\dDegPvV.exe
  2⤵
  PID:4896
- C:\Windows\System\cLlKecI.exe
  C:\Windows\System\cLlKecI.exe
  2⤵
  PID:416
- C:\Windows\System\YlFGNGx.exe
  C:\Windows\System\YlFGNGx.exe
  2⤵
  PID:4776
- C:\Windows\System\fxLsXXj.exe
  C:\Windows\System\fxLsXXj.exe
  2⤵
  PID:2844
- C:\Windows\System\gpYRJyj.exe
  C:\Windows\System\gpYRJyj.exe
  2⤵
  PID:2732
- C:\Windows\System\YwCwFpp.exe
  C:\Windows\System\YwCwFpp.exe
  2⤵
  PID:4832
- C:\Windows\System\jpcLHol.exe
  C:\Windows\System\jpcLHol.exe
  2⤵
  PID:2744
- C:\Windows\System\cLMEIqd.exe
  C:\Windows\System\cLMEIqd.exe
  2⤵
  PID:5036
- C:\Windows\System\bwOlauH.exe
  C:\Windows\System\bwOlauH.exe
  2⤵
  PID:2324
- C:\Windows\System\hGvNTPI.exe
  C:\Windows\System\hGvNTPI.exe
  2⤵
  PID:5060
- C:\Windows\System\CjOWsbu.exe
  C:\Windows\System\CjOWsbu.exe
  2⤵
  PID:1400
- C:\Windows\System\EMjldDz.exe
  C:\Windows\System\EMjldDz.exe
  2⤵
  PID:4408
- C:\Windows\System\rABINyn.exe
  C:\Windows\System\rABINyn.exe
  2⤵
  PID:2292
- C:\Windows\System\XhIxfFh.exe
  C:\Windows\System\XhIxfFh.exe
  2⤵
  PID:3440
- C:\Windows\System\RgJzDkC.exe
  C:\Windows\System\RgJzDkC.exe
  2⤵
  PID:5092
- C:\Windows\System\BTaMhNa.exe
  C:\Windows\System\BTaMhNa.exe
  2⤵
  PID:3620
- C:\Windows\System\SIuMoFh.exe
  C:\Windows\System\SIuMoFh.exe
  2⤵
  PID:436
- C:\Windows\System\kyRyJuy.exe
  C:\Windows\System\kyRyJuy.exe
  2⤵
  PID:3188
- C:\Windows\System\QvTeRKo.exe
  C:\Windows\System\QvTeRKo.exe
  2⤵
  PID:5064
- C:\Windows\System\FeyqFcN.exe
  C:\Windows\System\FeyqFcN.exe
  2⤵
  PID:1156
- C:\Windows\System\QWWDZCu.exe
  C:\Windows\System\QWWDZCu.exe
  2⤵
  PID:4972
- C:\Windows\System\hLHrMDv.exe
  C:\Windows\System\hLHrMDv.exe
  2⤵
  PID:5116
- C:\Windows\System\qiyyiJe.exe
  C:\Windows\System\qiyyiJe.exe
  2⤵
  PID:440
- C:\Windows\System\tCDfFfW.exe
  C:\Windows\System\tCDfFfW.exe
  2⤵
  PID:2132
- C:\Windows\System\bbqlLwP.exe
  C:\Windows\System\bbqlLwP.exe
  2⤵
  PID:3732
- C:\Windows\System\YXkucZt.exe
  C:\Windows\System\YXkucZt.exe
  2⤵
  PID:2848
- C:\Windows\System\jnsKzBF.exe
  C:\Windows\System\jnsKzBF.exe
  2⤵
  PID:5204
- C:\Windows\System\oMdpApK.exe
  C:\Windows\System\oMdpApK.exe
  2⤵
  PID:4596
- C:\Windows\System\exWhkBf.exe
  C:\Windows\System\exWhkBf.exe
  2⤵
  PID:5336
- C:\Windows\System\gcNYOea.exe
  C:\Windows\System\gcNYOea.exe
  2⤵
  PID:2868
- C:\Windows\System\QkhMMGK.exe
  C:\Windows\System\QkhMMGK.exe
  2⤵
  PID:760
- C:\Windows\System\HFphKXt.exe
  C:\Windows\System\HFphKXt.exe
  2⤵
  PID:2780
- C:\Windows\System\ewXxozw.exe
  C:\Windows\System\ewXxozw.exe
  2⤵
  PID:5292
- C:\Windows\System\aeFtePK.exe
  C:\Windows\System\aeFtePK.exe
  2⤵
  PID:5296
- C:\Windows\System\jidrrTS.exe
  C:\Windows\System\jidrrTS.exe
  2⤵
  PID:5212
- C:\Windows\System\GlvtNJe.exe
  C:\Windows\System\GlvtNJe.exe
  2⤵
  PID:5460
- C:\Windows\System\lryWnfq.exe
  C:\Windows\System\lryWnfq.exe
  2⤵
  PID:376
- C:\Windows\System\Qfquwum.exe
  C:\Windows\System\Qfquwum.exe
  2⤵
  PID:2480
- C:\Windows\System\CxQVLlA.exe
  C:\Windows\System\CxQVLlA.exe
  2⤵
  PID:2100
- C:\Windows\System\MLTviLp.exe
  C:\Windows\System\MLTviLp.exe
  2⤵
  PID:3180
- C:\Windows\System\ZXSkCgi.exe
  C:\Windows\System\ZXSkCgi.exe
  2⤵
  PID:1356
- C:\Windows\System\PAgLxkv.exe
  C:\Windows\System\PAgLxkv.exe
  2⤵
  PID:3116
- C:\Windows\System\ktBvlGT.exe
  C:\Windows\System\ktBvlGT.exe
  2⤵
  PID:2204
- C:\Windows\System\wbReQYh.exe
  C:\Windows\System\wbReQYh.exe
  2⤵
  PID:4828
- C:\Windows\System\bhAsDnc.exe
  C:\Windows\System\bhAsDnc.exe
  2⤵
  PID:4884
- C:\Windows\System\prfbwrg.exe
  C:\Windows\System\prfbwrg.exe
  2⤵
  PID:3744
- C:\Windows\System\tQSlUdv.exe
  C:\Windows\System\tQSlUdv.exe
  2⤵
  PID:4980
- C:\Windows\System\zRzQqmN.exe
  C:\Windows\System\zRzQqmN.exe
  2⤵
  PID:5880
- C:\Windows\System\ygmgwzT.exe
  C:\Windows\System\ygmgwzT.exe
  2⤵
  PID:4864
- C:\Windows\System\nlKIecc.exe
  C:\Windows\System\nlKIecc.exe
  2⤵
  PID:1460
- C:\Windows\System\OwrsHfw.exe
  C:\Windows\System\OwrsHfw.exe
  2⤵
  PID:2552
- C:\Windows\System\DPknrKm.exe
  C:\Windows\System\DPknrKm.exe
  2⤵
  PID:3308
- C:\Windows\System\TnFHaSk.exe
  C:\Windows\System\TnFHaSk.exe
  2⤵
  PID:5636
- C:\Windows\System\rQsDTGo.exe
  C:\Windows\System\rQsDTGo.exe
  2⤵
  PID:1608
- C:\Windows\System\RFRbCpV.exe
  C:\Windows\System\RFRbCpV.exe
  2⤵
  PID:5240
- C:\Windows\System\OVlKpIg.exe
  C:\Windows\System\OVlKpIg.exe
  2⤵
  PID:1824
- C:\Windows\System\jNTfxzb.exe
  C:\Windows\System\jNTfxzb.exe
  2⤵
  PID:4412
- C:\Windows\System\wtSDtOQ.exe
  C:\Windows\System\wtSDtOQ.exe
  2⤵
  PID:3876
- C:\Windows\System\ZwJYOEM.exe
  C:\Windows\System\ZwJYOEM.exe
  2⤵
  PID:1928
- C:\Windows\System\gSKFfJW.exe
  C:\Windows\System\gSKFfJW.exe
  2⤵
  PID:980
- C:\Windows\System\ALqRWsw.exe
  C:\Windows\System\ALqRWsw.exe
  2⤵
  PID:5544
- C:\Windows\System\EBVfHoU.exe
  C:\Windows\System\EBVfHoU.exe
  2⤵
  PID:5356
- C:\Windows\System\aEUuSzF.exe
  C:\Windows\System\aEUuSzF.exe
  2⤵
  PID:1476
- C:\Windows\System\wcDTHBl.exe
  C:\Windows\System\wcDTHBl.exe
  2⤵
  PID:2256
- C:\Windows\System\LnPAOZa.exe
  C:\Windows\System\LnPAOZa.exe
  2⤵
  PID:4580
- C:\Windows\System\MEqWkFy.exe
  C:\Windows\System\MEqWkFy.exe
  2⤵
  PID:5712
- C:\Windows\System\DWeiEja.exe
  C:\Windows\System\DWeiEja.exe
  2⤵
  PID:3124
- C:\Windows\System\DnsAMVi.exe
  C:\Windows\System\DnsAMVi.exe
  2⤵
  PID:896
- C:\Windows\System\mwhcxnn.exe
  C:\Windows\System\mwhcxnn.exe
  2⤵
  PID:1432
- C:\Windows\System\fsmQyuK.exe
  C:\Windows\System\fsmQyuK.exe
  2⤵
  PID:1788
- C:\Windows\System\rGgHhwE.exe
  C:\Windows\System\rGgHhwE.exe
  2⤵
  PID:1048
- C:\Windows\System\eLQgpMN.exe
  C:\Windows\System\eLQgpMN.exe
  2⤵
  PID:2820
- C:\Windows\System\SjGyMDP.exe
  C:\Windows\System\SjGyMDP.exe
  2⤵
  PID:3412
- C:\Windows\System\zrjezMm.exe
  C:\Windows\System\zrjezMm.exe
  2⤵
  PID:4548
- C:\Windows\System\ZorWYIb.exe
  C:\Windows\System\ZorWYIb.exe
  2⤵
  PID:2984
- C:\Windows\System\QtGVENo.exe
  C:\Windows\System\QtGVENo.exe
  2⤵
  PID:4652
- C:\Windows\System\UlSDdBq.exe
  C:\Windows\System\UlSDdBq.exe
  2⤵
  PID:1708
- C:\Windows\System\tuGxDfJ.exe
  C:\Windows\System\tuGxDfJ.exe
  2⤵
  PID:5832
- C:\Windows\System\JwTPJze.exe
  C:\Windows\System\JwTPJze.exe
  2⤵
  PID:2716
- C:\Windows\System\MQzsJxK.exe
  C:\Windows\System\MQzsJxK.exe
  2⤵
  PID:616
- C:\Windows\System\gMvEdXB.exe
  C:\Windows\System\gMvEdXB.exe
  2⤵
  PID:2548
- C:\Windows\System\KZEOblV.exe
  C:\Windows\System\KZEOblV.exe
  2⤵
  PID:6156
- C:\Windows\System\ySDqmpv.exe
  C:\Windows\System\ySDqmpv.exe
  2⤵
  PID:6184
- C:\Windows\System\IDavUta.exe
  C:\Windows\System\IDavUta.exe
  2⤵
  PID:6208
- C:\Windows\System\QEZkNjz.exe
  C:\Windows\System\QEZkNjz.exe
  2⤵
  PID:6240
- C:\Windows\System\uwODqJe.exe
  C:\Windows\System\uwODqJe.exe
  2⤵
  PID:6268
- C:\Windows\System\yPvqDBx.exe
  C:\Windows\System\yPvqDBx.exe
  2⤵
  PID:6296
- C:\Windows\System\OfuqPfU.exe
  C:\Windows\System\OfuqPfU.exe
  2⤵
  PID:6324
- C:\Windows\System\MujGUzD.exe
  C:\Windows\System\MujGUzD.exe
  2⤵
  PID:6352
- C:\Windows\System\zihcMvq.exe
  C:\Windows\System\zihcMvq.exe
  2⤵
  PID:6380
- C:\Windows\System\RorVMPf.exe
  C:\Windows\System\RorVMPf.exe
  2⤵
  PID:6408
- C:\Windows\System\MhkgNzF.exe
  C:\Windows\System\MhkgNzF.exe
  2⤵
  PID:6436
- C:\Windows\System\uniJRlk.exe
  C:\Windows\System\uniJRlk.exe
  2⤵
  PID:6464
- C:\Windows\System\YkRnGAG.exe
  C:\Windows\System\YkRnGAG.exe
  2⤵
  PID:6492
- C:\Windows\System\qSRmYQk.exe
  C:\Windows\System\qSRmYQk.exe
  2⤵
  PID:6520
- C:\Windows\System\GgiqvxU.exe
  C:\Windows\System\GgiqvxU.exe
  2⤵
  PID:6548
- C:\Windows\System\uJSOFwV.exe
  C:\Windows\System\uJSOFwV.exe
  2⤵
  PID:6576
- C:\Windows\System\dRJdXCc.exe
  C:\Windows\System\dRJdXCc.exe
  2⤵
  PID:6604
- C:\Windows\System\jQjHcqK.exe
  C:\Windows\System\jQjHcqK.exe
  2⤵
  PID:6632
- C:\Windows\System\iMYLoXX.exe
  C:\Windows\System\iMYLoXX.exe
  2⤵
  PID:6660
- C:\Windows\System\YoAYpuE.exe
  C:\Windows\System\YoAYpuE.exe
  2⤵
  PID:6688
- C:\Windows\System\yHxfJHF.exe
  C:\Windows\System\yHxfJHF.exe
  2⤵
  PID:6716
- C:\Windows\System\RcOWvUL.exe
  C:\Windows\System\RcOWvUL.exe
  2⤵
  PID:6736
- C:\Windows\System\dKCskqi.exe
  C:\Windows\System\dKCskqi.exe
  2⤵
  PID:6752
- C:\Windows\System\wifnUur.exe
  C:\Windows\System\wifnUur.exe
  2⤵
  PID:6800
- C:\Windows\System\hFlmqSR.exe
  C:\Windows\System\hFlmqSR.exe
  2⤵
  PID:6832
- C:\Windows\System\ahVcdHo.exe
  C:\Windows\System\ahVcdHo.exe
  2⤵
  PID:6860
- C:\Windows\System\jPTXKsF.exe
  C:\Windows\System\jPTXKsF.exe
  2⤵
  PID:6888
- C:\Windows\System\PdthUOk.exe
  C:\Windows\System\PdthUOk.exe
  2⤵
  PID:6916
- C:\Windows\System\UpPLnbK.exe
  C:\Windows\System\UpPLnbK.exe
  2⤵
  PID:6944
- C:\Windows\System\QLIksVE.exe
  C:\Windows\System\QLIksVE.exe
  2⤵
  PID:6972
- C:\Windows\System\jjtIUgB.exe
  C:\Windows\System\jjtIUgB.exe
  2⤵
  PID:7000
- C:\Windows\System\KFVMAhi.exe
  C:\Windows\System\KFVMAhi.exe
  2⤵
  PID:7028
- C:\Windows\System\vWIZguD.exe
  C:\Windows\System\vWIZguD.exe
  2⤵
  PID:7056
- C:\Windows\System\JQBMygW.exe
  C:\Windows\System\JQBMygW.exe
  2⤵
  PID:7084
- C:\Windows\System\mwlPnok.exe
  C:\Windows\System\mwlPnok.exe
  2⤵
  PID:7112
- C:\Windows\System\IeFoVZP.exe
  C:\Windows\System\IeFoVZP.exe
  2⤵
  PID:7140
- C:\Windows\System\IbVwRUo.exe
  C:\Windows\System\IbVwRUo.exe
  2⤵
  PID:6152
- C:\Windows\System\vEAbFYe.exe
  C:\Windows\System\vEAbFYe.exe
  2⤵
  PID:6216
- C:\Windows\System\BZzbHDG.exe
  C:\Windows\System\BZzbHDG.exe
  2⤵
  PID:6276
- C:\Windows\System\PEaWzCI.exe
  C:\Windows\System\PEaWzCI.exe
  2⤵
  PID:6340
- C:\Windows\System\vjFvWpb.exe
  C:\Windows\System\vjFvWpb.exe
  2⤵
  PID:6404
- C:\Windows\System\dgHVTWm.exe
  C:\Windows\System\dgHVTWm.exe
  2⤵
  PID:6472
- C:\Windows\System\ymYhLGJ.exe
  C:\Windows\System\ymYhLGJ.exe
  2⤵
  PID:6516
- C:\Windows\System\LkZhToB.exe
  C:\Windows\System\LkZhToB.exe
  2⤵
  PID:6600
- C:\Windows\System\UOOVJvj.exe
  C:\Windows\System\UOOVJvj.exe
  2⤵
  PID:6668
- C:\Windows\System\VuZLruY.exe
  C:\Windows\System\VuZLruY.exe
  2⤵
  PID:6744
- C:\Windows\System\wnNLLcu.exe
  C:\Windows\System\wnNLLcu.exe
  2⤵
  PID:6788
- C:\Windows\System\JOApmhN.exe
  C:\Windows\System\JOApmhN.exe
  2⤵
  PID:6856
- C:\Windows\System\hhIOczI.exe
  C:\Windows\System\hhIOczI.exe
  2⤵
  PID:6924
- C:\Windows\System\UJBRjsc.exe
  C:\Windows\System\UJBRjsc.exe
  2⤵
  PID:6996
- C:\Windows\System\zGuwsEs.exe
  C:\Windows\System\zGuwsEs.exe
  2⤵
  PID:7044
- C:\Windows\System\aBZdJkY.exe
  C:\Windows\System\aBZdJkY.exe
  2⤵
  PID:7100
- C:\Windows\System\JakbOad.exe
  C:\Windows\System\JakbOad.exe
  2⤵
  PID:6172
- C:\Windows\System\PTaQpCb.exe
  C:\Windows\System\PTaQpCb.exe
  2⤵
  PID:6332
- C:\Windows\System\eBbiqzy.exe
  C:\Windows\System\eBbiqzy.exe
  2⤵
  PID:6444
- C:\Windows\System\OpwnHay.exe
  C:\Windows\System\OpwnHay.exe
  2⤵
  PID:6628
- C:\Windows\System\EQdciWO.exe
  C:\Windows\System\EQdciWO.exe
  2⤵
  PID:6772
- C:\Windows\System\SHzcYNw.exe
  C:\Windows\System\SHzcYNw.exe
  2⤵
  PID:6912
- C:\Windows\System\ATPilEM.exe
  C:\Windows\System\ATPilEM.exe
  2⤵
  PID:7080
- C:\Windows\System\gkdpuji.exe
  C:\Windows\System\gkdpuji.exe
  2⤵
  PID:6236
- C:\Windows\System\hYTUXIR.exe
  C:\Windows\System\hYTUXIR.exe
  2⤵
  PID:2492
- C:\Windows\System\YnSUpnt.exe
  C:\Windows\System\YnSUpnt.exe
  2⤵
  PID:6848
- C:\Windows\System\FbHnUAI.exe
  C:\Windows\System\FbHnUAI.exe
  2⤵
  PID:6248
- C:\Windows\System\yDQgkQb.exe
  C:\Windows\System\yDQgkQb.exe
  2⤵
  PID:6640
- C:\Windows\System\FMhEclI.exe
  C:\Windows\System\FMhEclI.exe
  2⤵
  PID:7180
- C:\Windows\System\HGOuHPv.exe
  C:\Windows\System\HGOuHPv.exe
  2⤵
  PID:7216
- C:\Windows\System\QBXWxgS.exe
  C:\Windows\System\QBXWxgS.exe
  2⤵
  PID:7268
- C:\Windows\System\ydzshUQ.exe
  C:\Windows\System\ydzshUQ.exe
  2⤵
  PID:7300
- C:\Windows\System\fSzhkuq.exe
  C:\Windows\System\fSzhkuq.exe
  2⤵
  PID:7328
- C:\Windows\System\PwRehLa.exe
  C:\Windows\System\PwRehLa.exe
  2⤵
  PID:7412
- C:\Windows\System\QVHIxCP.exe
  C:\Windows\System\QVHIxCP.exe
  2⤵
  PID:7468
- C:\Windows\System\RpeEvfu.exe
  C:\Windows\System\RpeEvfu.exe
  2⤵
  PID:7496
- C:\Windows\System\mwMyWjS.exe
  C:\Windows\System\mwMyWjS.exe
  2⤵
  PID:7528
- C:\Windows\System\UbyvWRq.exe
  C:\Windows\System\UbyvWRq.exe
  2⤵
  PID:7556
- C:\Windows\System\VnBZxCA.exe
  C:\Windows\System\VnBZxCA.exe
  2⤵
  PID:7592
- C:\Windows\System\YKceYMB.exe
  C:\Windows\System\YKceYMB.exe
  2⤵
  PID:7624
- C:\Windows\System\JmUozlX.exe
  C:\Windows\System\JmUozlX.exe
  2⤵
  PID:7644
- C:\Windows\System\RkwOqnV.exe
  C:\Windows\System\RkwOqnV.exe
  2⤵
  PID:7680
- C:\Windows\System\nkOSByI.exe
  C:\Windows\System\nkOSByI.exe
  2⤵
  PID:7708
- C:\Windows\System\KOyntKw.exe
  C:\Windows\System\KOyntKw.exe
  2⤵
  PID:7740
- C:\Windows\System\wAKlzXa.exe
  C:\Windows\System\wAKlzXa.exe
  2⤵
  PID:7764
- C:\Windows\System\FgUpxku.exe
  C:\Windows\System\FgUpxku.exe
  2⤵
  PID:7796
- C:\Windows\System\qlPWBQX.exe
  C:\Windows\System\qlPWBQX.exe
  2⤵
  PID:7824
- C:\Windows\System\xKuEgJA.exe
  C:\Windows\System\xKuEgJA.exe
  2⤵
  PID:7856
- C:\Windows\System\PzjzObo.exe
  C:\Windows\System\PzjzObo.exe
  2⤵
  PID:7884
- C:\Windows\System\XqGrvdO.exe
  C:\Windows\System\XqGrvdO.exe
  2⤵
  PID:7912
- C:\Windows\System\AftHhYQ.exe
  C:\Windows\System\AftHhYQ.exe
  2⤵
  PID:7940
- C:\Windows\System\wvZeNOM.exe
  C:\Windows\System\wvZeNOM.exe
  2⤵
  PID:7980
- C:\Windows\System\qSzTKxn.exe
  C:\Windows\System\qSzTKxn.exe
  2⤵
  PID:8012
- C:\Windows\System\SmMIiQm.exe
  C:\Windows\System\SmMIiQm.exe
  2⤵
  PID:8032
- C:\Windows\System\hOCwuCY.exe
  C:\Windows\System\hOCwuCY.exe
  2⤵
  PID:8060
- C:\Windows\System\uScZxYg.exe
  C:\Windows\System\uScZxYg.exe
  2⤵
  PID:8088
- C:\Windows\System\xAOtNai.exe
  C:\Windows\System\xAOtNai.exe
  2⤵
  PID:8116
- C:\Windows\System\gOITtCR.exe
  C:\Windows\System\gOITtCR.exe
  2⤵
  PID:8144
- C:\Windows\System\lHjyqJh.exe
  C:\Windows\System\lHjyqJh.exe
  2⤵
  PID:8172
- C:\Windows\System\GGNszwA.exe
  C:\Windows\System\GGNszwA.exe
  2⤵
  PID:7188
- C:\Windows\System\gGXfgmZ.exe
  C:\Windows\System\gGXfgmZ.exe
  2⤵
  PID:4736
- C:\Windows\System\TcSrtAx.exe
  C:\Windows\System\TcSrtAx.exe
  2⤵
  PID:7312
- C:\Windows\System\xRrwhgG.exe
  C:\Windows\System\xRrwhgG.exe
  2⤵
  PID:2700
- C:\Windows\System\ScovfUf.exe
  C:\Windows\System\ScovfUf.exe
  2⤵
  PID:7520
- C:\Windows\System\bhKMmtc.exe
  C:\Windows\System\bhKMmtc.exe
  2⤵
  PID:7584
- C:\Windows\System\Fatfjlz.exe
  C:\Windows\System\Fatfjlz.exe
  2⤵
  PID:3588
- C:\Windows\System\DCoGOzS.exe
  C:\Windows\System\DCoGOzS.exe
  2⤵
  PID:7692
- C:\Windows\System\ELNasvt.exe
  C:\Windows\System\ELNasvt.exe
  2⤵
  PID:7756
- C:\Windows\System\pAIsxaE.exe
  C:\Windows\System\pAIsxaE.exe
  2⤵
  PID:7832
- C:\Windows\System\ICREIHB.exe
  C:\Windows\System\ICREIHB.exe
  2⤵
  PID:7928
- C:\Windows\System\ctHVaYb.exe
  C:\Windows\System\ctHVaYb.exe
  2⤵
  PID:8024
- C:\Windows\System\oxLAqXv.exe
  C:\Windows\System\oxLAqXv.exe
  2⤵
  PID:8084
- C:\Windows\System\DlnNMOy.exe
  C:\Windows\System\DlnNMOy.exe
  2⤵
  PID:8156
- C:\Windows\System\zAkpyuz.exe
  C:\Windows\System\zAkpyuz.exe
  2⤵
  PID:1336
- C:\Windows\System\KIPGqDd.exe
  C:\Windows\System\KIPGqDd.exe
  2⤵
  PID:7428
- C:\Windows\System\HpTjdPF.exe
  C:\Windows\System\HpTjdPF.exe
  2⤵
  PID:7612
- C:\Windows\System\VRbWGDp.exe
  C:\Windows\System\VRbWGDp.exe
  2⤵
  PID:7732
- C:\Windows\System\PRYSKkr.exe
  C:\Windows\System\PRYSKkr.exe
  2⤵
  PID:7864
- C:\Windows\System\TPFNKNC.exe
  C:\Windows\System\TPFNKNC.exe
  2⤵
  PID:8112
- C:\Windows\System\ooENJRj.exe
  C:\Windows\System\ooENJRj.exe
  2⤵
  PID:2052
- C:\Windows\System\YWmwnOt.exe
  C:\Windows\System\YWmwnOt.exe
  2⤵
  PID:7640
- C:\Windows\System\ALkyDtY.exe
  C:\Windows\System\ALkyDtY.exe
  2⤵
  PID:8020
- C:\Windows\System\ApNvsZp.exe
  C:\Windows\System\ApNvsZp.exe
  2⤵
  PID:7400
- C:\Windows\System\yWCJJCg.exe
  C:\Windows\System\yWCJJCg.exe
  2⤵
  PID:8184
- C:\Windows\System\OBfGGTV.exe
  C:\Windows\System\OBfGGTV.exe
  2⤵
  PID:7580
- C:\Windows\System\FbZdJZz.exe
  C:\Windows\System\FbZdJZz.exe
  2⤵
  PID:8216
- C:\Windows\System\RcYgYIz.exe
  C:\Windows\System\RcYgYIz.exe
  2⤵
  PID:8244
- C:\Windows\System\OEweUdf.exe
  C:\Windows\System\OEweUdf.exe
  2⤵
  PID:8292
- C:\Windows\System\nwYdQJz.exe
  C:\Windows\System\nwYdQJz.exe
  2⤵
  PID:8336
- C:\Windows\System\oFKuoZc.exe
  C:\Windows\System\oFKuoZc.exe
  2⤵
  PID:8392
- C:\Windows\System\knGlsLj.exe
  C:\Windows\System\knGlsLj.exe
  2⤵
  PID:8424
- C:\Windows\System\YOHVJuV.exe
  C:\Windows\System\YOHVJuV.exe
  2⤵
  PID:8452
- C:\Windows\System\EaSWnAV.exe
  C:\Windows\System\EaSWnAV.exe
  2⤵
  PID:8484
- C:\Windows\System\tnpwgit.exe
  C:\Windows\System\tnpwgit.exe
  2⤵
  PID:8516
- C:\Windows\System\nxaVIoB.exe
  C:\Windows\System\nxaVIoB.exe
  2⤵
  PID:8544
- C:\Windows\System\VPoOiID.exe
  C:\Windows\System\VPoOiID.exe
  2⤵
  PID:8588
- C:\Windows\System\xenSlDr.exe
  C:\Windows\System\xenSlDr.exe
  2⤵
  PID:8620
- C:\Windows\System\HcEvCbe.exe
  C:\Windows\System\HcEvCbe.exe
  2⤵
  PID:8672
- C:\Windows\System\JVwJolX.exe
  C:\Windows\System\JVwJolX.exe
  2⤵
  PID:8688
- C:\Windows\System\afKSVpM.exe
  C:\Windows\System\afKSVpM.exe
  2⤵
  PID:8720
- C:\Windows\System\JxkxqRF.exe
  C:\Windows\System\JxkxqRF.exe
  2⤵
  PID:8752
- C:\Windows\System\SUTYnWN.exe
  C:\Windows\System\SUTYnWN.exe
  2⤵
  PID:8784
- C:\Windows\System\BsjunHK.exe
  C:\Windows\System\BsjunHK.exe
  2⤵
  PID:8816
- C:\Windows\System\AGKLOzb.exe
  C:\Windows\System\AGKLOzb.exe
  2⤵
  PID:8844
- C:\Windows\System\VWegbWx.exe
  C:\Windows\System\VWegbWx.exe
  2⤵
  PID:8868
- C:\Windows\System\YJLVecF.exe
  C:\Windows\System\YJLVecF.exe
  2⤵
  PID:8900
- C:\Windows\System\tOMMHjh.exe
  C:\Windows\System\tOMMHjh.exe
  2⤵
  PID:8928
- C:\Windows\System\WjDxDzn.exe
  C:\Windows\System\WjDxDzn.exe
  2⤵
  PID:8956
- C:\Windows\System\aSbKYGi.exe
  C:\Windows\System\aSbKYGi.exe
  2⤵
  PID:8988
- C:\Windows\System\lxQOiuE.exe
  C:\Windows\System\lxQOiuE.exe
  2⤵
  PID:9024
- C:\Windows\System\aPuRwyu.exe
  C:\Windows\System\aPuRwyu.exe
  2⤵
  PID:9040
- C:\Windows\System\kBXnOjF.exe
  C:\Windows\System\kBXnOjF.exe
  2⤵
  PID:9068
- C:\Windows\System\RKMpnnU.exe
  C:\Windows\System\RKMpnnU.exe
  2⤵
  PID:9096
- C:\Windows\System\JQgdUvn.exe
  C:\Windows\System\JQgdUvn.exe
  2⤵
  PID:9128
- C:\Windows\System\aBuiLSn.exe
  C:\Windows\System\aBuiLSn.exe
  2⤵
  PID:9152
- C:\Windows\System\QxMrDvE.exe
  C:\Windows\System\QxMrDvE.exe
  2⤵
  PID:9180
- C:\Windows\System\YWukEPA.exe
  C:\Windows\System\YWukEPA.exe
  2⤵
  PID:9208
- C:\Windows\System\QdGbSgR.exe
  C:\Windows\System\QdGbSgR.exe
  2⤵
  PID:8236
- C:\Windows\System\kheuYVb.exe
  C:\Windows\System\kheuYVb.exe
  2⤵
  PID:8344
- C:\Windows\System\jJCzmCe.exe
  C:\Windows\System\jJCzmCe.exe
  2⤵
  PID:8436
- C:\Windows\System\YNIxgBG.exe
  C:\Windows\System\YNIxgBG.exe
  2⤵
  PID:8508
- C:\Windows\System\UcAjJwF.exe
  C:\Windows\System\UcAjJwF.exe
  2⤵
  PID:8580
- C:\Windows\System\mQPfLiX.exe
  C:\Windows\System\mQPfLiX.exe
  2⤵
  PID:8640
- C:\Windows\System\TnLJzRu.exe
  C:\Windows\System\TnLJzRu.exe
  2⤵
  PID:8716
- C:\Windows\System\xyTdNDC.exe
  C:\Windows\System\xyTdNDC.exe
  2⤵
  PID:8796
- C:\Windows\System\inatEQN.exe
  C:\Windows\System\inatEQN.exe
  2⤵
  PID:8860
- C:\Windows\System\VVSZmdP.exe
  C:\Windows\System\VVSZmdP.exe
  2⤵
  PID:8920
- C:\Windows\System\rXvJBuE.exe
  C:\Windows\System\rXvJBuE.exe
  2⤵
  PID:8980
- C:\Windows\System\IbqGISO.exe
  C:\Windows\System\IbqGISO.exe
  2⤵
  PID:9052
- C:\Windows\System\kkyNqET.exe
  C:\Windows\System\kkyNqET.exe
  2⤵
  PID:9116
- C:\Windows\System\zxkskJa.exe
  C:\Windows\System\zxkskJa.exe
  2⤵
  PID:9176
- C:\Windows\System\lWtKaiA.exe
  C:\Windows\System\lWtKaiA.exe
  2⤵
  PID:8416
- C:\Windows\System\xGZVSpV.exe
  C:\Windows\System\xGZVSpV.exe
  2⤵
  PID:8496
- C:\Windows\System\tRfiOEG.exe
  C:\Windows\System\tRfiOEG.exe
  2⤵
  PID:8680
- C:\Windows\System\bTwiDgE.exe
  C:\Windows\System\bTwiDgE.exe
  2⤵
  PID:8836
- C:\Windows\System\ANcWgaS.exe
  C:\Windows\System\ANcWgaS.exe
  2⤵
  PID:8976
- C:\Windows\System\vValeVn.exe
  C:\Windows\System\vValeVn.exe
  2⤵
  PID:9144
- C:\Windows\System\aFQrTUE.exe
  C:\Windows\System\aFQrTUE.exe
  2⤵
  PID:3272
- C:\Windows\System\WLjQCiR.exe
  C:\Windows\System\WLjQCiR.exe
  2⤵
  PID:3956
- C:\Windows\System\twfluGT.exe
  C:\Windows\System\twfluGT.exe
  2⤵
  PID:6056
- C:\Windows\System\CVnwDoR.exe
  C:\Windows\System\CVnwDoR.exe
  2⤵
  PID:5404
- C:\Windows\System\EjqPusk.exe
  C:\Windows\System\EjqPusk.exe
  2⤵
  PID:7960
- C:\Windows\System\opieKYu.exe
  C:\Windows\System\opieKYu.exe
  2⤵
  PID:8280
- C:\Windows\System\NJLbStu.exe
  C:\Windows\System\NJLbStu.exe
  2⤵
  PID:8744
- C:\Windows\System\ePLAgyG.exe
  C:\Windows\System\ePLAgyG.exe
  2⤵
  PID:9092
- C:\Windows\System\kLskoCJ.exe
  C:\Windows\System\kLskoCJ.exe
  2⤵
  PID:4568
- C:\Windows\System\VKBbFOZ.exe
  C:\Windows\System\VKBbFOZ.exe
  2⤵
  PID:4292
- C:\Windows\System\CkWwhQe.exe
  C:\Windows\System\CkWwhQe.exe
  2⤵
  PID:8480
- C:\Windows\System\hBjCBNo.exe
  C:\Windows\System\hBjCBNo.exe
  2⤵
  PID:8968
- C:\Windows\System\XpbVJFG.exe
  C:\Windows\System\XpbVJFG.exe
  2⤵
  PID:3584
- C:\Windows\System\GAPiKGN.exe
  C:\Windows\System\GAPiKGN.exe
  2⤵
  PID:5436
- C:\Windows\System\KuueJXO.exe
  C:\Windows\System\KuueJXO.exe
  2⤵
  PID:9260
- C:\Windows\System\wqvNllW.exe
  C:\Windows\System\wqvNllW.exe
  2⤵
  PID:9296
- C:\Windows\System\QrnExEN.exe
  C:\Windows\System\QrnExEN.exe
  2⤵
  PID:9324
- C:\Windows\System\CtQhQWv.exe
  C:\Windows\System\CtQhQWv.exe
  2⤵
  PID:9352
- C:\Windows\System\iVvWoty.exe
  C:\Windows\System\iVvWoty.exe
  2⤵
  PID:9380
- C:\Windows\System\nUZIQDO.exe
  C:\Windows\System\nUZIQDO.exe
  2⤵
  PID:9408
- C:\Windows\System\ejCttPb.exe
  C:\Windows\System\ejCttPb.exe
  2⤵
  PID:9436
- C:\Windows\System\ydWJWDb.exe
  C:\Windows\System\ydWJWDb.exe
  2⤵
  PID:9464
- C:\Windows\System\bDsTqsi.exe
  C:\Windows\System\bDsTqsi.exe
  2⤵
  PID:9504
- C:\Windows\System\NkTlfUm.exe
  C:\Windows\System\NkTlfUm.exe
  2⤵
  PID:9520
- C:\Windows\System\ogoYlsO.exe
  C:\Windows\System\ogoYlsO.exe
  2⤵
  PID:9548
- C:\Windows\System\MKkkbXc.exe
  C:\Windows\System\MKkkbXc.exe
  2⤵
  PID:9576
- C:\Windows\System\XanEoNx.exe
  C:\Windows\System\XanEoNx.exe
  2⤵
  PID:9604
- C:\Windows\System\YSZMVcc.exe
  C:\Windows\System\YSZMVcc.exe
  2⤵
  PID:9636
- C:\Windows\System\FOgTNHu.exe
  C:\Windows\System\FOgTNHu.exe
  2⤵
  PID:9660
- C:\Windows\System\OAuXbiv.exe
  C:\Windows\System\OAuXbiv.exe
  2⤵
  PID:9688
- C:\Windows\System\HFPOgiL.exe
  C:\Windows\System\HFPOgiL.exe
  2⤵
  PID:9716
- C:\Windows\System\rvjzMqk.exe
  C:\Windows\System\rvjzMqk.exe
  2⤵
  PID:9744
- C:\Windows\System\SKjKMvo.exe
  C:\Windows\System\SKjKMvo.exe
  2⤵
  PID:9780
- C:\Windows\System\CiKZhwf.exe
  C:\Windows\System\CiKZhwf.exe
  2⤵
  PID:9800
- C:\Windows\System\XYxvrJg.exe
  C:\Windows\System\XYxvrJg.exe
  2⤵
  PID:9828
- C:\Windows\System\tEqsrKR.exe
  C:\Windows\System\tEqsrKR.exe
  2⤵
  PID:9856
- C:\Windows\System\bgwRcYv.exe
  C:\Windows\System\bgwRcYv.exe
  2⤵
  PID:9884
- C:\Windows\System\TMPtFFA.exe
  C:\Windows\System\TMPtFFA.exe
  2⤵
  PID:9912
- C:\Windows\System\GuHtxpb.exe
  C:\Windows\System\GuHtxpb.exe
  2⤵
  PID:9940
- C:\Windows\System\OylDULi.exe
  C:\Windows\System\OylDULi.exe
  2⤵
  PID:9968
- C:\Windows\System\IKCEnWb.exe
  C:\Windows\System\IKCEnWb.exe
  2⤵
  PID:9996
- C:\Windows\System\BpTrYbr.exe
  C:\Windows\System\BpTrYbr.exe
  2⤵
  PID:10024
- C:\Windows\System\sCYoguH.exe
  C:\Windows\System\sCYoguH.exe
  2⤵
  PID:10052
- C:\Windows\System\zOORPtQ.exe
  C:\Windows\System\zOORPtQ.exe
  2⤵
  PID:10080
- C:\Windows\System\FmMszki.exe
  C:\Windows\System\FmMszki.exe
  2⤵
  PID:10108
- C:\Windows\System\azPdVGU.exe
  C:\Windows\System\azPdVGU.exe
  2⤵
  PID:10136
- C:\Windows\System\WmcrYUV.exe
  C:\Windows\System\WmcrYUV.exe
  2⤵
  PID:10164
- C:\Windows\System\mjdtaPT.exe
  C:\Windows\System\mjdtaPT.exe
  2⤵
  PID:10212
- C:\Windows\System\wGusXII.exe
  C:\Windows\System\wGusXII.exe
  2⤵
  PID:9248
- C:\Windows\System\wfLLtjN.exe
  C:\Windows\System\wfLLtjN.exe
  2⤵
  PID:7484
- C:\Windows\System\TrFDNTO.exe
  C:\Windows\System\TrFDNTO.exe
  2⤵
  PID:9372
- C:\Windows\System\OqQoJOa.exe
  C:\Windows\System\OqQoJOa.exe
  2⤵
  PID:9448
- C:\Windows\System\YHlhEfW.exe
  C:\Windows\System\YHlhEfW.exe
  2⤵
  PID:9512
- C:\Windows\System\oyKvcEm.exe
  C:\Windows\System\oyKvcEm.exe
  2⤵
  PID:9616
- C:\Windows\System\OrtBkbS.exe
  C:\Windows\System\OrtBkbS.exe
  2⤵
  PID:9672
- C:\Windows\System\XYaLqWV.exe
  C:\Windows\System\XYaLqWV.exe
  2⤵
  PID:9728
- C:\Windows\System\LGQyEsG.exe
  C:\Windows\System\LGQyEsG.exe
  2⤵
  PID:9812
- C:\Windows\System\RFjNXMU.exe
  C:\Windows\System\RFjNXMU.exe
  2⤵
  PID:9880
- C:\Windows\System\TcPniyv.exe
  C:\Windows\System\TcPniyv.exe
  2⤵
  PID:10016
- C:\Windows\System\EjuOupd.exe
  C:\Windows\System\EjuOupd.exe
  2⤵
  PID:10092
- C:\Windows\System\UuXTLpH.exe
  C:\Windows\System\UuXTLpH.exe
  2⤵
  PID:10160
- C:\Windows\System\SqNAitl.exe
  C:\Windows\System\SqNAitl.exe
  2⤵
  PID:8568
- C:\Windows\System\VOJaSUG.exe
  C:\Windows\System\VOJaSUG.exe
  2⤵
  PID:8572
- C:\Windows\System\qLduZHV.exe
  C:\Windows\System\qLduZHV.exe
  2⤵
  PID:8356
- C:\Windows\System\JaVyuoJ.exe
  C:\Windows\System\JaVyuoJ.exe
  2⤵
  PID:10208
- C:\Windows\System\ULysWpq.exe
  C:\Windows\System\ULysWpq.exe
  2⤵
  PID:7244
- C:\Windows\System\zivIJXM.exe
  C:\Windows\System\zivIJXM.exe
  2⤵
  PID:9476
- C:\Windows\System\rJVWFLw.exe
  C:\Windows\System\rJVWFLw.exe
  2⤵
  PID:7208
- C:\Windows\System\rTnxlzd.exe
  C:\Windows\System\rTnxlzd.exe
  2⤵
  PID:9644
- C:\Windows\System\AqHgQcC.exe
  C:\Windows\System\AqHgQcC.exe
  2⤵
  PID:9792
- C:\Windows\System\bPUEfkv.exe
  C:\Windows\System\bPUEfkv.exe
  2⤵
  PID:10128
- C:\Windows\System\mijqRuo.exe
  C:\Windows\System\mijqRuo.exe
  2⤵
  PID:9960
- C:\Windows\System\tqRUSoF.exe
  C:\Windows\System\tqRUSoF.exe
  2⤵
  PID:8272
- C:\Windows\System\DByFDQO.exe
  C:\Windows\System\DByFDQO.exe
  2⤵
  PID:8276
- C:\Windows\System\yULLLsK.exe
  C:\Windows\System\yULLLsK.exe
  2⤵
  PID:7232
- C:\Windows\System\TpQqCEK.exe
  C:\Windows\System\TpQqCEK.exe
  2⤵
  PID:7776
- C:\Windows\System\KIUfaAL.exe
  C:\Windows\System\KIUfaAL.exe
  2⤵
  PID:9992
- C:\Windows\System\KVflNSa.exe
  C:\Windows\System\KVflNSa.exe
  2⤵
  PID:10176
- C:\Windows\System\wFPcSQd.exe
  C:\Windows\System\wFPcSQd.exe
  2⤵
  PID:9432
- C:\Windows\System\CJuYxJG.exe
  C:\Windows\System\CJuYxJG.exe
  2⤵
  PID:9280
- C:\Windows\System\YVxTzZa.exe
  C:\Windows\System\YVxTzZa.exe
  2⤵
  PID:9336
- C:\Windows\System\tdNMQtl.exe
  C:\Windows\System\tdNMQtl.exe
  2⤵
  PID:9788
- C:\Windows\System\dvMMmKC.exe
  C:\Windows\System\dvMMmKC.exe
  2⤵
  PID:9308
- C:\Windows\System\edAvjdC.exe
  C:\Windows\System\edAvjdC.exe
  2⤵
  PID:10104
- C:\Windows\System\lQTgzEz.exe
  C:\Windows\System\lQTgzEz.exe
  2⤵
  PID:9268
- C:\Windows\System\eBexquY.exe
  C:\Windows\System\eBexquY.exe
  2⤵
  PID:10256
- C:\Windows\System\jQsmnQD.exe
  C:\Windows\System\jQsmnQD.exe
  2⤵
  PID:10276
- C:\Windows\System\vnCDFEJ.exe
  C:\Windows\System\vnCDFEJ.exe
  2⤵
  PID:10304
- C:\Windows\System\EvFjhfd.exe
  C:\Windows\System\EvFjhfd.exe
  2⤵
  PID:10332
- C:\Windows\System\ZSCelqe.exe
  C:\Windows\System\ZSCelqe.exe
  2⤵
  PID:10360
- C:\Windows\System\gjBYNGV.exe
  C:\Windows\System\gjBYNGV.exe
  2⤵
  PID:10388
- C:\Windows\System\rLPQZFB.exe
  C:\Windows\System\rLPQZFB.exe
  2⤵
  PID:10416
- C:\Windows\System\jCUlGTg.exe
  C:\Windows\System\jCUlGTg.exe
  2⤵
  PID:10444
- C:\Windows\System\XoiZpaP.exe
  C:\Windows\System\XoiZpaP.exe
  2⤵
  PID:10472
- C:\Windows\System\HIrEKYE.exe
  C:\Windows\System\HIrEKYE.exe
  2⤵
  PID:10500
- C:\Windows\System\jpwYdWp.exe
  C:\Windows\System\jpwYdWp.exe
  2⤵
  PID:10528
- C:\Windows\System\JzBrZjD.exe
  C:\Windows\System\JzBrZjD.exe
  2⤵
  PID:10556
- C:\Windows\System\GzfBjET.exe
  C:\Windows\System\GzfBjET.exe
  2⤵
  PID:10584
- C:\Windows\System\LoRvFwl.exe
  C:\Windows\System\LoRvFwl.exe
  2⤵
  PID:10612
- C:\Windows\System\spSStQU.exe
  C:\Windows\System\spSStQU.exe
  2⤵
  PID:10640
- C:\Windows\System\IgSDtJz.exe
  C:\Windows\System\IgSDtJz.exe
  2⤵
  PID:10668
- C:\Windows\System\HVtZgWp.exe
  C:\Windows\System\HVtZgWp.exe
  2⤵
  PID:10696
- C:\Windows\System\pFeNHum.exe
  C:\Windows\System\pFeNHum.exe
  2⤵
  PID:10724
- C:\Windows\System\RjMKZWx.exe
  C:\Windows\System\RjMKZWx.exe
  2⤵
  PID:10760
- C:\Windows\System\rotfMob.exe
  C:\Windows\System\rotfMob.exe
  2⤵
  PID:10780
- C:\Windows\System\TfaOGwc.exe
  C:\Windows\System\TfaOGwc.exe
  2⤵
  PID:10808
- C:\Windows\System\RnKdnKl.exe
  C:\Windows\System\RnKdnKl.exe
  2⤵
  PID:10836
- C:\Windows\System\lWEnhSk.exe
  C:\Windows\System\lWEnhSk.exe
  2⤵
  PID:10864
- C:\Windows\System\fMlzvHn.exe
  C:\Windows\System\fMlzvHn.exe
  2⤵
  PID:10892
- C:\Windows\System\pVWMIhd.exe
  C:\Windows\System\pVWMIhd.exe
  2⤵
  PID:10920
- C:\Windows\System\zIZLBdN.exe
  C:\Windows\System\zIZLBdN.exe
  2⤵
  PID:10948
- C:\Windows\System\pftLlVu.exe
  C:\Windows\System\pftLlVu.exe
  2⤵
  PID:10976
- C:\Windows\System\McJlLyi.exe
  C:\Windows\System\McJlLyi.exe
  2⤵
  PID:11004
- C:\Windows\System\hcmVfLN.exe
  C:\Windows\System\hcmVfLN.exe
  2⤵
  PID:11032
- C:\Windows\System\UXhuuvu.exe
  C:\Windows\System\UXhuuvu.exe
  2⤵
  PID:11060
- C:\Windows\System\fyaPjKm.exe
  C:\Windows\System\fyaPjKm.exe
  2⤵
  PID:11088
- C:\Windows\System\gtMzvSF.exe
  C:\Windows\System\gtMzvSF.exe
  2⤵
  PID:11116
- C:\Windows\System\oRbSJRp.exe
  C:\Windows\System\oRbSJRp.exe
  2⤵
  PID:11144
- C:\Windows\System\XOSwHRa.exe
  C:\Windows\System\XOSwHRa.exe
  2⤵
  PID:11184
- C:\Windows\System\lCQiYWt.exe
  C:\Windows\System\lCQiYWt.exe
  2⤵
  PID:11204
- C:\Windows\System\drQdcat.exe
  C:\Windows\System\drQdcat.exe
  2⤵
  PID:11228
- C:\Windows\System\tPCEWJm.exe
  C:\Windows\System\tPCEWJm.exe
  2⤵
  PID:11256
- C:\Windows\System\YJxdFot.exe
  C:\Windows\System\YJxdFot.exe
  2⤵
  PID:10288
- C:\Windows\System\HnFtDDk.exe
  C:\Windows\System\HnFtDDk.exe
  2⤵
  PID:10352
- C:\Windows\System\shmyZBy.exe
  C:\Windows\System\shmyZBy.exe
  2⤵
  PID:10412
- C:\Windows\System\BUkrnck.exe
  C:\Windows\System\BUkrnck.exe
  2⤵
  PID:10484
- C:\Windows\System\pFMpNGQ.exe
  C:\Windows\System\pFMpNGQ.exe
  2⤵
  PID:10548
- C:\Windows\System\juDvItQ.exe
  C:\Windows\System\juDvItQ.exe
  2⤵
  PID:10608
- C:\Windows\System\EqzBjJV.exe
  C:\Windows\System\EqzBjJV.exe
  2⤵
  PID:10708
- C:\Windows\System\ItlfCXI.exe
  C:\Windows\System\ItlfCXI.exe
  2⤵
  PID:10768
- C:\Windows\System\eQRDKxk.exe
  C:\Windows\System\eQRDKxk.exe
  2⤵
  PID:10804
- C:\Windows\System\IcTgqkq.exe
  C:\Windows\System\IcTgqkq.exe
  2⤵
  PID:10888
- C:\Windows\System\tMbzoSg.exe
  C:\Windows\System\tMbzoSg.exe
  2⤵
  PID:10968
- C:\Windows\System\hmGfQit.exe
  C:\Windows\System\hmGfQit.exe
  2⤵
  PID:4272
- C:\Windows\System\EqRULws.exe
  C:\Windows\System\EqRULws.exe
  2⤵
  PID:11080
- C:\Windows\System\oeyTmhw.exe
  C:\Windows\System\oeyTmhw.exe
  2⤵
  PID:11156
- C:\Windows\System\yaHTqwQ.exe
  C:\Windows\System\yaHTqwQ.exe
  2⤵
  PID:11212
- C:\Windows\System\MlpepQY.exe
  C:\Windows\System\MlpepQY.exe
  2⤵
  PID:10268
- C:\Windows\System\zRNPrxO.exe
  C:\Windows\System\zRNPrxO.exe
  2⤵
  PID:10328
- C:\Windows\System\JNOqdqW.exe
  C:\Windows\System\JNOqdqW.exe
  2⤵
  PID:10468
- C:\Windows\System\vNNknMF.exe
  C:\Windows\System\vNNknMF.exe
  2⤵
  PID:10636
- C:\Windows\System\HospLTy.exe
  C:\Windows\System\HospLTy.exe
  2⤵
  PID:10692
- C:\Windows\System\EOMQcZu.exe
  C:\Windows\System\EOMQcZu.exe
  2⤵
  PID:10860
- C:\Windows\System\HOrxeRf.exe
  C:\Windows\System\HOrxeRf.exe
  2⤵
  PID:10932
- C:\Windows\System\IWZaIch.exe
  C:\Windows\System\IWZaIch.exe
  2⤵
  PID:11100
- C:\Windows\System\DfRRYfD.exe
  C:\Windows\System\DfRRYfD.exe
  2⤵
  PID:11240
- C:\Windows\System\HIXTNNl.exe
  C:\Windows\System\HIXTNNl.exe
  2⤵
  PID:10400
- C:\Windows\System\hzpLosN.exe
  C:\Windows\System\hzpLosN.exe
  2⤵
  PID:1780
- C:\Windows\System\iqnmQxs.exe
  C:\Windows\System\iqnmQxs.exe
  2⤵
  PID:10916
- C:\Windows\System\RFYGbMd.exe
  C:\Windows\System\RFYGbMd.exe
  2⤵
  PID:11224
- C:\Windows\System\RTiZgvZ.exe
  C:\Windows\System\RTiZgvZ.exe
  2⤵
  PID:10792
- C:\Windows\System\QcQgUkC.exe
  C:\Windows\System\QcQgUkC.exe
  2⤵
  PID:10596
- C:\Windows\System\JaTOAQS.exe
  C:\Windows\System\JaTOAQS.exe
  2⤵
  PID:11168
- C:\Windows\System\kKoesTN.exe
  C:\Windows\System\kKoesTN.exe
  2⤵
  PID:11284
- C:\Windows\System\aRkwVQN.exe
  C:\Windows\System\aRkwVQN.exe
  2⤵
  PID:11312
- C:\Windows\System\LzTZAkq.exe
  C:\Windows\System\LzTZAkq.exe
  2⤵
  PID:11340
- C:\Windows\System\rTTuwfM.exe
  C:\Windows\System\rTTuwfM.exe
  2⤵
  PID:11368
- C:\Windows\System\ccfUxky.exe
  C:\Windows\System\ccfUxky.exe
  2⤵
  PID:11396
- C:\Windows\System\mmyUxaW.exe
  C:\Windows\System\mmyUxaW.exe
  2⤵
  PID:11424
- C:\Windows\System\lGjgmqC.exe
  C:\Windows\System\lGjgmqC.exe
  2⤵
  PID:11452
- C:\Windows\System\MbjEfBg.exe
  C:\Windows\System\MbjEfBg.exe
  2⤵
  PID:11480
- C:\Windows\System\HSnXRgM.exe
  C:\Windows\System\HSnXRgM.exe
  2⤵
  PID:11508
- C:\Windows\System\wrNqZtd.exe
  C:\Windows\System\wrNqZtd.exe
  2⤵
  PID:11536
- C:\Windows\System\XCcNEQm.exe
  C:\Windows\System\XCcNEQm.exe
  2⤵
  PID:11564
- C:\Windows\System\GSoIDuQ.exe
  C:\Windows\System\GSoIDuQ.exe
  2⤵
  PID:11592
- C:\Windows\System\AuhChlJ.exe
  C:\Windows\System\AuhChlJ.exe
  2⤵
  PID:11620
- C:\Windows\System\PycAqoi.exe
  C:\Windows\System\PycAqoi.exe
  2⤵
  PID:11648
- C:\Windows\System\evrhOxV.exe
  C:\Windows\System\evrhOxV.exe
  2⤵
  PID:11680
- C:\Windows\System\qxqToTF.exe
  C:\Windows\System\qxqToTF.exe
  2⤵
  PID:11708
- C:\Windows\System\LSNUodX.exe
  C:\Windows\System\LSNUodX.exe
  2⤵
  PID:11740
- C:\Windows\System\xLYLkoC.exe
  C:\Windows\System\xLYLkoC.exe
  2⤵
  PID:11768
- C:\Windows\System\TZCWeEW.exe
  C:\Windows\System\TZCWeEW.exe
  2⤵
  PID:11796
- C:\Windows\System\DQchAiF.exe
  C:\Windows\System\DQchAiF.exe
  2⤵
  PID:11824
- C:\Windows\System\UzFwQdB.exe
  C:\Windows\System\UzFwQdB.exe
  2⤵
  PID:11852
- C:\Windows\System\CsxRfGe.exe
  C:\Windows\System\CsxRfGe.exe
  2⤵
  PID:11880
- C:\Windows\System\LJpDkGK.exe
  C:\Windows\System\LJpDkGK.exe
  2⤵
  PID:11908
- C:\Windows\System\QpBrtST.exe
  C:\Windows\System\QpBrtST.exe
  2⤵
  PID:11936
- C:\Windows\System\EeYWarG.exe
  C:\Windows\System\EeYWarG.exe
  2⤵
  PID:11964
- C:\Windows\System\gzmYkQZ.exe
  C:\Windows\System\gzmYkQZ.exe
  2⤵
  PID:11992
- C:\Windows\System\EROLsoE.exe
  C:\Windows\System\EROLsoE.exe
  2⤵
  PID:12020
- C:\Windows\System\mgVBfNs.exe
  C:\Windows\System\mgVBfNs.exe
  2⤵
  PID:12048
- C:\Windows\System\XVxZcjT.exe
  C:\Windows\System\XVxZcjT.exe
  2⤵
  PID:12076
- C:\Windows\System\ipalGau.exe
  C:\Windows\System\ipalGau.exe
  2⤵
  PID:12108
- C:\Windows\System\ZSNFjie.exe
  C:\Windows\System\ZSNFjie.exe
  2⤵
  PID:12124
- C:\Windows\System\UEZgGFq.exe
  C:\Windows\System\UEZgGFq.exe
  2⤵
  PID:12164
- C:\Windows\System\jLLqhjS.exe
  C:\Windows\System\jLLqhjS.exe
  2⤵
  PID:12192
- C:\Windows\System\peVTWPy.exe
  C:\Windows\System\peVTWPy.exe
  2⤵
  PID:12224
- C:\Windows\System\ivBcDWa.exe
  C:\Windows\System\ivBcDWa.exe
  2⤵
  PID:12240
- C:\Windows\System\AdBQXhO.exe
  C:\Windows\System\AdBQXhO.exe
  2⤵
  PID:12272
- C:\Windows\System\kFUqjtX.exe
  C:\Windows\System\kFUqjtX.exe
  2⤵
  PID:11304
- C:\Windows\System\XxTvLAm.exe
  C:\Windows\System\XxTvLAm.exe
  2⤵
  PID:11352
- C:\Windows\System\izwWXyI.exe
  C:\Windows\System\izwWXyI.exe
  2⤵
  PID:11436
- C:\Windows\System\HOqdfwk.exe
  C:\Windows\System\HOqdfwk.exe
  2⤵
  PID:11492
- C:\Windows\System\apHsPdr.exe
  C:\Windows\System\apHsPdr.exe
  2⤵
  PID:11560
- C:\Windows\System\RVtURhk.exe
  C:\Windows\System\RVtURhk.exe
  2⤵
  PID:11612
- C:\Windows\System\xbroVfn.exe
  C:\Windows\System\xbroVfn.exe
  2⤵
  PID:1528
- C:\Windows\System\ECCyYtz.exe
  C:\Windows\System\ECCyYtz.exe
  2⤵
  PID:11752
- C:\Windows\System\ufKrqWy.exe
  C:\Windows\System\ufKrqWy.exe
  2⤵
  PID:11820
- C:\Windows\System\GzZqwWH.exe
  C:\Windows\System\GzZqwWH.exe
  2⤵
  PID:11976
- C:\Windows\System\kYkfLLo.exe
  C:\Windows\System\kYkfLLo.exe
  2⤵
  PID:12032
- C:\Windows\System\fIqIBSq.exe
  C:\Windows\System\fIqIBSq.exe
  2⤵
  PID:7356
- C:\Windows\System\DznRXlH.exe
  C:\Windows\System\DznRXlH.exe
  2⤵
  PID:12096
- C:\Windows\System\XRQvFAw.exe
  C:\Windows\System\XRQvFAw.exe
  2⤵
  PID:12176
- C:\Windows\System\EUtXnMW.exe
  C:\Windows\System\EUtXnMW.exe
  2⤵
  PID:12204
- C:\Windows\System\HMoHQyY.exe
  C:\Windows\System\HMoHQyY.exe
  2⤵
  PID:11276
- C:\Windows\System\QkmdPSi.exe
  C:\Windows\System\QkmdPSi.exe
  2⤵
  PID:11332
- C:\Windows\System\qNnkdGn.exe
  C:\Windows\System\qNnkdGn.exe
  2⤵
  PID:11472
- C:\Windows\System\BYMNjFy.exe
  C:\Windows\System\BYMNjFy.exe
  2⤵
  PID:11448
- C:\Windows\System\YHFiAwA.exe
  C:\Windows\System\YHFiAwA.exe
  2⤵
  PID:4800
- C:\Windows\System\DOpxsYa.exe
  C:\Windows\System\DOpxsYa.exe
  2⤵
  PID:4908
- C:\Windows\System\KCuSbhY.exe
  C:\Windows\System\KCuSbhY.exe
  2⤵
  PID:11644
- C:\Windows\System\YPfkrVH.exe
  C:\Windows\System\YPfkrVH.exe
  2⤵
  PID:11872
- C:\Windows\System\lOavaSe.exe
  C:\Windows\System\lOavaSe.exe
  2⤵
  PID:12004
- C:\Windows\System\NczrbzV.exe
  C:\Windows\System\NczrbzV.exe
  2⤵
  PID:12072
- C:\Windows\System\KccuxKg.exe
  C:\Windows\System\KccuxKg.exe
  2⤵
  PID:12152
- C:\Windows\System\faJcGQn.exe
  C:\Windows\System\faJcGQn.exe
  2⤵
  PID:11280
- C:\Windows\System\qNyxxGL.exe
  C:\Windows\System\qNyxxGL.exe
  2⤵
  PID:12248
- C:\Windows\System\uNuizZF.exe
  C:\Windows\System\uNuizZF.exe
  2⤵
  PID:4960
- C:\Windows\System\XCQITBf.exe
  C:\Windows\System\XCQITBf.exe
  2⤵
  PID:11640
- C:\Windows\System\WvXKIwK.exe
  C:\Windows\System\WvXKIwK.exe
  2⤵
  PID:12136
- C:\Windows\System\VCpdmjY.exe
  C:\Windows\System\VCpdmjY.exe
  2⤵
  PID:11528
- C:\Windows\System\dfeDUDE.exe
  C:\Windows\System\dfeDUDE.exe
  2⤵
  PID:11816
- C:\Windows\System\jtYLQAB.exe
  C:\Windows\System\jtYLQAB.exe
  2⤵
  PID:11668
- C:\Windows\System\psymjJZ.exe
  C:\Windows\System\psymjJZ.exe
  2⤵
  PID:11464
- C:\Windows\System\EzDrIVp.exe
  C:\Windows\System\EzDrIVp.exe
  2⤵
  PID:12312
- C:\Windows\System\yKzHvUZ.exe
  C:\Windows\System\yKzHvUZ.exe
  2⤵
  PID:12340
- C:\Windows\System\RSvXrAo.exe
  C:\Windows\System\RSvXrAo.exe
  2⤵
  PID:12368
- C:\Windows\System\PHOpShb.exe
  C:\Windows\System\PHOpShb.exe
  2⤵
  PID:12396
- C:\Windows\System\vNRfUqC.exe
  C:\Windows\System\vNRfUqC.exe
  2⤵
  PID:12424
- C:\Windows\System\dWhooVA.exe
  C:\Windows\System\dWhooVA.exe
  2⤵
  PID:12452
- C:\Windows\System\HwmFdQU.exe
  C:\Windows\System\HwmFdQU.exe
  2⤵
  PID:12480
- C:\Windows\System\ZbFyHci.exe
  C:\Windows\System\ZbFyHci.exe
  2⤵
  PID:12520
- C:\Windows\System\Mpfkdnv.exe
  C:\Windows\System\Mpfkdnv.exe
  2⤵
  PID:12536
- C:\Windows\System\JbLVyxD.exe
  C:\Windows\System\JbLVyxD.exe
  2⤵
  PID:12564
- C:\Windows\System\VbMuwAS.exe
  C:\Windows\System\VbMuwAS.exe
  2⤵
  PID:12592
- C:\Windows\System\WcCZoLQ.exe
  C:\Windows\System\WcCZoLQ.exe
  2⤵
  PID:12620
- C:\Windows\System\GeXGRJh.exe
  C:\Windows\System\GeXGRJh.exe
  2⤵
  PID:12648
- C:\Windows\System\TcylDHw.exe
  C:\Windows\System\TcylDHw.exe
  2⤵
  PID:12676
- C:\Windows\System\DZHZsiR.exe
  C:\Windows\System\DZHZsiR.exe
  2⤵
  PID:12704
- C:\Windows\System\aMzWPMr.exe
  C:\Windows\System\aMzWPMr.exe
  2⤵
  PID:12732
- C:\Windows\System\ICSNpzA.exe
  C:\Windows\System\ICSNpzA.exe
  2⤵
  PID:12760
- C:\Windows\System\VmNhMGU.exe
  C:\Windows\System\VmNhMGU.exe
  2⤵
  PID:12788
- C:\Windows\System\xSModQL.exe
  C:\Windows\System\xSModQL.exe
  2⤵
  PID:12816
- C:\Windows\System\RLOISsS.exe
  C:\Windows\System\RLOISsS.exe
  2⤵
  PID:12844
- C:\Windows\System\iRtRSTY.exe
  C:\Windows\System\iRtRSTY.exe
  2⤵
  PID:12872
- C:\Windows\System\bIBVdDp.exe
  C:\Windows\System\bIBVdDp.exe
  2⤵
  PID:12900
- C:\Windows\System\YrpKpeU.exe
  C:\Windows\System\YrpKpeU.exe
  2⤵
  PID:12928
- C:\Windows\System\GbSJpON.exe
  C:\Windows\System\GbSJpON.exe
  2⤵
  PID:12956
- C:\Windows\System\ntncueH.exe
  C:\Windows\System\ntncueH.exe
  2⤵
  PID:12984
- C:\Windows\System\MEkikUb.exe
  C:\Windows\System\MEkikUb.exe
  2⤵
  PID:13012
- C:\Windows\System\nTmOsJG.exe
  C:\Windows\System\nTmOsJG.exe
  2⤵
  PID:13040
- C:\Windows\System\SnqbtHE.exe
  C:\Windows\System\SnqbtHE.exe
  2⤵
  PID:13068
- C:\Windows\System\ZTLNFJv.exe
  C:\Windows\System\ZTLNFJv.exe
  2⤵
  PID:13096
- C:\Windows\System\TOdNknN.exe
  C:\Windows\System\TOdNknN.exe
  2⤵
  PID:13124
- C:\Windows\System\CvRvyBG.exe
  C:\Windows\System\CvRvyBG.exe
  2⤵
  PID:13152
- C:\Windows\System\YGxcCjV.exe
  C:\Windows\System\YGxcCjV.exe
  2⤵
  PID:13180
- C:\Windows\System\eOuSZYu.exe
  C:\Windows\System\eOuSZYu.exe
  2⤵
  PID:13208
- C:\Windows\System\bWPwfCz.exe
  C:\Windows\System\bWPwfCz.exe
  2⤵
  PID:13236
- C:\Windows\System\wGVsGvz.exe
  C:\Windows\System\wGVsGvz.exe
  2⤵
  PID:13264
- C:\Windows\System\LuIMJXw.exe
  C:\Windows\System\LuIMJXw.exe
  2⤵
  PID:13292
- C:\Windows\System\SPMBsLk.exe
  C:\Windows\System\SPMBsLk.exe
  2⤵
  PID:12308
- C:\Windows\System\yTePzfP.exe
  C:\Windows\System\yTePzfP.exe
  2⤵
  PID:12380
- C:\Windows\System\DuHzpJz.exe
  C:\Windows\System\DuHzpJz.exe
  2⤵
  PID:12444
- C:\Windows\System\GUaRFyu.exe
  C:\Windows\System\GUaRFyu.exe
  2⤵
  PID:12516
- C:\Windows\System\gLuAGSU.exe
  C:\Windows\System\gLuAGSU.exe
  2⤵
  PID:12576
- C:\Windows\System\gvRvxBX.exe
  C:\Windows\System\gvRvxBX.exe
  2⤵
  PID:12640
- C:\Windows\System\MtsQVBC.exe
  C:\Windows\System\MtsQVBC.exe
  2⤵
  PID:12700
- C:\Windows\System\aqppuRl.exe
  C:\Windows\System\aqppuRl.exe
  2⤵
  PID:12772
- C:\Windows\System\FIyOhRA.exe
  C:\Windows\System\FIyOhRA.exe
  2⤵
  PID:12836
- C:\Windows\System\NHVqBPY.exe
  C:\Windows\System\NHVqBPY.exe
  2⤵
  PID:12896
- C:\Windows\System\iNOKzKS.exe
  C:\Windows\System\iNOKzKS.exe
  2⤵
  PID:12968
- C:\Windows\System\iVgHsEB.exe
  C:\Windows\System\iVgHsEB.exe
  2⤵
  PID:13032
- C:\Windows\System\IwLjdyq.exe
  C:\Windows\System\IwLjdyq.exe
  2⤵
  PID:13092
- C:\Windows\System\VOrshun.exe
  C:\Windows\System\VOrshun.exe
  2⤵
  PID:13164
- C:\Windows\System\pvrGTnF.exe
  C:\Windows\System\pvrGTnF.exe
  2⤵
  PID:13228
- C:\Windows\System\vsDFUPI.exe
  C:\Windows\System\vsDFUPI.exe
  2⤵
  PID:13288
- C:\Windows\System\yYYewOp.exe
  C:\Windows\System\yYYewOp.exe
  2⤵
  PID:12408
- C:\Windows\System\pffqdrb.exe
  C:\Windows\System\pffqdrb.exe
  2⤵
  PID:12556
- C:\Windows\System\wqIticQ.exe
  C:\Windows\System\wqIticQ.exe
  2⤵
  PID:12696
- C:\Windows\System\vXxuMzG.exe
  C:\Windows\System\vXxuMzG.exe
  2⤵
  PID:12864
- C:\Windows\System\njDNBaw.exe
  C:\Windows\System\njDNBaw.exe
  2⤵
  PID:13008
- C:\Windows\System\pRyrWab.exe
  C:\Windows\System\pRyrWab.exe
  2⤵
  PID:13148
- C:\Windows\System\draSWHt.exe
  C:\Windows\System\draSWHt.exe
  2⤵
  PID:12304
- C:\Windows\System\arFYTKs.exe
  C:\Windows\System\arFYTKs.exe
  2⤵
  PID:12532
- C:\Windows\System\uTCvwiy.exe
  C:\Windows\System\uTCvwiy.exe
  2⤵
  PID:12924
- C:\Windows\System\SOBzIMx.exe
  C:\Windows\System\SOBzIMx.exe
  2⤵
  PID:13276
- C:\Windows\System\WiVQitN.exe
  C:\Windows\System\WiVQitN.exe
  2⤵
  PID:12828
- C:\Windows\System\PzEDsoV.exe
  C:\Windows\System\PzEDsoV.exe
  2⤵
  PID:13220
- C:\Windows\System\jzImymF.exe
  C:\Windows\System\jzImymF.exe
  2⤵
  PID:13332
- C:\Windows\System\wkNzCnI.exe
  C:\Windows\System\wkNzCnI.exe
  2⤵
  PID:13360
- C:\Windows\System\ZxGkrhr.exe
  C:\Windows\System\ZxGkrhr.exe
  2⤵
  PID:13388
- C:\Windows\System\GXlJykv.exe
  C:\Windows\System\GXlJykv.exe
  2⤵
  PID:13416
- C:\Windows\System\mbsVquB.exe
  C:\Windows\System\mbsVquB.exe
  2⤵
  PID:13444
- C:\Windows\System\qVWGSnn.exe
  C:\Windows\System\qVWGSnn.exe
  2⤵
  PID:13472
- C:\Windows\System\praJwhe.exe
  C:\Windows\System\praJwhe.exe
  2⤵
  PID:13500
- C:\Windows\System\XqqGFWY.exe
  C:\Windows\System\XqqGFWY.exe
  2⤵
  PID:13528
- C:\Windows\System\QliFNZI.exe
  C:\Windows\System\QliFNZI.exe
  2⤵
  PID:13556
- C:\Windows\System\ZyQRItn.exe
  C:\Windows\System\ZyQRItn.exe
  2⤵
  PID:13584
- C:\Windows\System\mrQVdpp.exe
  C:\Windows\System\mrQVdpp.exe
  2⤵
  PID:13612
- C:\Windows\System\IDXFgJM.exe
  C:\Windows\System\IDXFgJM.exe
  2⤵
  PID:13640
- C:\Windows\System\HRdSmXq.exe
  C:\Windows\System\HRdSmXq.exe
  2⤵
  PID:13668
- C:\Windows\System\OFIScuy.exe
  C:\Windows\System\OFIScuy.exe
  2⤵
  PID:13696
- C:\Windows\System\jhihuWk.exe
  C:\Windows\System\jhihuWk.exe
  2⤵
  PID:13724
- C:\Windows\System\YFxUfhp.exe
  C:\Windows\System\YFxUfhp.exe
  2⤵
  PID:13752
- C:\Windows\System\YKQQLpz.exe
  C:\Windows\System\YKQQLpz.exe
  2⤵
  PID:13780
- C:\Windows\System\MLdvOOn.exe
  C:\Windows\System\MLdvOOn.exe
  2⤵
  PID:13808
- C:\Windows\System\ipHIoxY.exe
  C:\Windows\System\ipHIoxY.exe
  2⤵
  PID:13836
- C:\Windows\System\emYJmtj.exe
  C:\Windows\System\emYJmtj.exe
  2⤵
  PID:13864
- C:\Windows\System\sQtfmZO.exe
  C:\Windows\System\sQtfmZO.exe
  2⤵
  PID:13892
- C:\Windows\System\nKSVAgZ.exe
  C:\Windows\System\nKSVAgZ.exe
  2⤵
  PID:13924
- C:\Windows\System\nOHcsrH.exe
  C:\Windows\System\nOHcsrH.exe
  2⤵
  PID:13952
- C:\Windows\System\yaSFoFk.exe
  C:\Windows\System\yaSFoFk.exe
  2⤵
  PID:13980
- C:\Windows\System\yBqkhxu.exe
  C:\Windows\System\yBqkhxu.exe
  2⤵
  PID:14008
- C:\Windows\System\WbgBHdt.exe
  C:\Windows\System\WbgBHdt.exe
  2⤵
  PID:14036
- C:\Windows\System\tYEKxfZ.exe
  C:\Windows\System\tYEKxfZ.exe
  2⤵
  PID:14064
- C:\Windows\System\SjAvcmk.exe
  C:\Windows\System\SjAvcmk.exe
  2⤵
  PID:14092
- C:\Windows\System\crzwjcF.exe
  C:\Windows\System\crzwjcF.exe
  2⤵
  PID:14120
- C:\Windows\System\ejDCsDC.exe
  C:\Windows\System\ejDCsDC.exe
  2⤵
  PID:14148
- C:\Windows\System\kuROJKK.exe
  C:\Windows\System\kuROJKK.exe
  2⤵
  PID:14176
- C:\Windows\System\HTwwtMb.exe
  C:\Windows\System\HTwwtMb.exe
  2⤵
  PID:14204
- C:\Windows\System\mSkTtCw.exe
  C:\Windows\System\mSkTtCw.exe
  2⤵
  PID:14232
- C:\Windows\System\RZXnUnZ.exe
  C:\Windows\System\RZXnUnZ.exe
  2⤵
  PID:14260
- C:\Windows\System\qzWOWmV.exe
  C:\Windows\System\qzWOWmV.exe
  2⤵
  PID:14288
- C:\Windows\System\wYWMQYb.exe
  C:\Windows\System\wYWMQYb.exe
  2⤵
  PID:14316
- C:\Windows\System\ehKiQFe.exe
  C:\Windows\System\ehKiQFe.exe
  2⤵
  PID:13328
- C:\Windows\System\HqoLFmH.exe
  C:\Windows\System\HqoLFmH.exe
  2⤵
  PID:13380
- C:\Windows\System\ufVqGvM.exe
  C:\Windows\System\ufVqGvM.exe
  2⤵
  PID:13440
- C:\Windows\System\bNWSikM.exe
  C:\Windows\System\bNWSikM.exe
  2⤵
  PID:13512
- C:\Windows\System\RRXSorA.exe
  C:\Windows\System\RRXSorA.exe
  2⤵
  PID:13576
- C:\Windows\System\foVYPds.exe
  C:\Windows\System\foVYPds.exe
  2⤵
  PID:13636
- C:\Windows\System\YIdyYDT.exe
  C:\Windows\System\YIdyYDT.exe
  2⤵
  PID:13708
- C:\Windows\System\FVzvDPs.exe
  C:\Windows\System\FVzvDPs.exe
  2⤵
  PID:13772
- C:\Windows\System\RGcGGHG.exe
  C:\Windows\System\RGcGGHG.exe
  2⤵
  PID:13832
- C:\Windows\System\DOVIBFW.exe
  C:\Windows\System\DOVIBFW.exe
  2⤵
  PID:13888
- C:\Windows\System\VznGVeG.exe
  C:\Windows\System\VznGVeG.exe
  2⤵
  PID:4784
- C:\Windows\System\hGMAaCG.exe
  C:\Windows\System\hGMAaCG.exe
  2⤵
  PID:13944
- C:\Windows\System\swxRMNn.exe
  C:\Windows\System\swxRMNn.exe
  2⤵
  PID:14004
- C:\Windows\System\VkVFBvR.exe
  C:\Windows\System\VkVFBvR.exe
  2⤵
  PID:14076
- C:\Windows\System\AXEDdnC.exe
  C:\Windows\System\AXEDdnC.exe
  2⤵
  PID:14140
- C:\Windows\System\zQrSYcB.exe
  C:\Windows\System\zQrSYcB.exe
  2⤵
  PID:14200
- C:\Windows\System\NUREuqp.exe
  C:\Windows\System\NUREuqp.exe
  2⤵
  PID:14272
- C:\Windows\System\xxwMNhF.exe
  C:\Windows\System\xxwMNhF.exe
  2⤵
  PID:13316
- C:\Windows\System\takXvKC.exe
  C:\Windows\System\takXvKC.exe
  2⤵
  PID:13436
- C:\Windows\System\CoUaDyC.exe
  C:\Windows\System\CoUaDyC.exe
  2⤵
  PID:13604
- C:\Windows\System\YdsyKbz.exe
  C:\Windows\System\YdsyKbz.exe
  2⤵
  PID:13748
- C:\Windows\System\rrtAOKC.exe
  C:\Windows\System\rrtAOKC.exe
  2⤵
  PID:13884
- C:\Windows\System\qHUrUKx.exe
  C:\Windows\System\qHUrUKx.exe
  2⤵
  PID:13972
- C:\Windows\System\eizWYqm.exe
  C:\Windows\System\eizWYqm.exe
  2⤵
  PID:14116
- C:\Windows\System\wuKbGJA.exe
  C:\Windows\System\wuKbGJA.exe
  2⤵
  PID:14256
- C:\Windows\System\nhacbze.exe
  C:\Windows\System\nhacbze.exe
  2⤵
  PID:13496
- C:\Windows\System\rkKVVmS.exe
  C:\Windows\System\rkKVVmS.exe
  2⤵
  PID:13856
- C:\Windows\System\AMRfpjl.exe
  C:\Windows\System\AMRfpjl.exe
  2⤵
  PID:14104
- C:\Windows\System\meKdfNj.exe
  C:\Windows\System\meKdfNj.exe
  2⤵
  PID:13820
- C:\Windows\System\zMeFkaM.exe
  C:\Windows\System\zMeFkaM.exe
  2⤵
  PID:14060
- C:\Windows\System\qgyCaXE.exe
  C:\Windows\System\qgyCaXE.exe
  2⤵
  PID:14356
- C:\Windows\System\hzeqMoy.exe
  C:\Windows\System\hzeqMoy.exe
  2⤵
  PID:14384
- C:\Windows\System\vRDZYqG.exe
  C:\Windows\System\vRDZYqG.exe
  2⤵
  PID:14412
- C:\Windows\System\DlxFRHF.exe
  C:\Windows\System\DlxFRHF.exe
  2⤵
  PID:14440
- C:\Windows\System\VlKwHJO.exe
  C:\Windows\System\VlKwHJO.exe
  2⤵
  PID:14468
- C:\Windows\System\aSaUqjv.exe
  C:\Windows\System\aSaUqjv.exe
  2⤵
  PID:14496
- C:\Windows\System\zlyHXFA.exe
  C:\Windows\System\zlyHXFA.exe
  2⤵
  PID:14524
- C:\Windows\System\XmIXXoF.exe
  C:\Windows\System\XmIXXoF.exe
  2⤵
  PID:14556
- C:\Windows\System\LmORtUw.exe
  C:\Windows\System\LmORtUw.exe
  2⤵
  PID:14584
- C:\Windows\System\jFlWHow.exe
  C:\Windows\System\jFlWHow.exe
  2⤵
  PID:14612
- C:\Windows\System\GpGUzJw.exe
  C:\Windows\System\GpGUzJw.exe
  2⤵
  PID:14648
- C:\Windows\System\KNHrnsI.exe
  C:\Windows\System\KNHrnsI.exe
  2⤵
  PID:14680
- C:\Windows\System\EZnWACU.exe
  C:\Windows\System\EZnWACU.exe
  2⤵
  PID:14700
- C:\Windows\System\EAdouhU.exe
  C:\Windows\System\EAdouhU.exe
  2⤵
  PID:14724
- C:\Windows\System\FSbUEWC.exe
  C:\Windows\System\FSbUEWC.exe
  2⤵
  PID:14764
- C:\Windows\System\ViwMJog.exe
  C:\Windows\System\ViwMJog.exe
  2⤵
  PID:14792
- C:\Windows\System\LvLlVfY.exe
  C:\Windows\System\LvLlVfY.exe
  2⤵
  PID:14820
- C:\Windows\System\EbXfZUe.exe
  C:\Windows\System\EbXfZUe.exe
  2⤵
  PID:14848
- C:\Windows\System\tUsUiXV.exe
  C:\Windows\System\tUsUiXV.exe
  2⤵
  PID:14888
- C:\Windows\System\bQXaRDY.exe
  C:\Windows\System\bQXaRDY.exe
  2⤵
  PID:14904
- C:\Windows\System\JLYODPm.exe
  C:\Windows\System\JLYODPm.exe
  2⤵
  PID:14952
- C:\Windows\System\AWlLOXV.exe
  C:\Windows\System\AWlLOXV.exe
  2⤵
  PID:14980
- C:\Windows\System\xJGVxBx.exe
  C:\Windows\System\xJGVxBx.exe
  2⤵
  PID:15008
- C:\Windows\System\fcrnWpk.exe
  C:\Windows\System\fcrnWpk.exe
  2⤵
  PID:15044
- C:\Windows\System\yIfesoX.exe
  C:\Windows\System\yIfesoX.exe
  2⤵
  PID:15096
- C:\Windows\System\VGzgvOM.exe
  C:\Windows\System\VGzgvOM.exe
  2⤵
  PID:15120
- C:\Windows\System\JUPVBnU.exe
  C:\Windows\System\JUPVBnU.exe
  2⤵
  PID:15140
- C:\Windows\System\JEyrNoG.exe
  C:\Windows\System\JEyrNoG.exe
  2⤵
  PID:15168
- C:\Windows\System\lbFwIvQ.exe
  C:\Windows\System\lbFwIvQ.exe
  2⤵
  PID:15196
- C:\Windows\System\BZOvNcX.exe
  C:\Windows\System\BZOvNcX.exe
  2⤵
  PID:15224
- C:\Windows\System\RxmJWKY.exe
  C:\Windows\System\RxmJWKY.exe
  2⤵
  PID:15252
- C:\Windows\System\ulSkoEP.exe
  C:\Windows\System\ulSkoEP.exe
  2⤵
  PID:15280
- C:\Windows\System\akhwrvB.exe
  C:\Windows\System\akhwrvB.exe
  2⤵
  PID:15308
- C:\Windows\System\mepBtDi.exe
  C:\Windows\System\mepBtDi.exe
  2⤵
  PID:15336
- C:\Windows\System\QJSmIyh.exe
  C:\Windows\System\QJSmIyh.exe
  2⤵
  PID:4332
- C:\Windows\System\ZtrUKKP.exe
  C:\Windows\System\ZtrUKKP.exe
  2⤵
  PID:1640
- C:\Windows\System\PtjYwFC.exe
  C:\Windows\System\PtjYwFC.exe
  2⤵
  PID:14432
- C:\Windows\System\lAuuQNY.exe
  C:\Windows\System\lAuuQNY.exe
  2⤵
  PID:14492
- C:\Windows\System\mjSodlI.exe
  C:\Windows\System\mjSodlI.exe
  2⤵
  PID:14568
- C:\Windows\System\gfRYqQb.exe
  C:\Windows\System\gfRYqQb.exe
  2⤵
  PID:14628
- C:\Windows\System\hrjoUHT.exe
  C:\Windows\System\hrjoUHT.exe
  2⤵
  PID:14676
- C:\Windows\System\EflCLvV.exe
  C:\Windows\System\EflCLvV.exe
  2⤵
  PID:5452
- C:\Windows\System\fOtynNQ.exe
  C:\Windows\System\fOtynNQ.exe
  2⤵
  PID:14776
- C:\Windows\System\EsXqjBz.exe
  C:\Windows\System\EsXqjBz.exe
  2⤵
  PID:4152
- C:\Windows\System\SbMtzxz.exe
  C:\Windows\System\SbMtzxz.exe
  2⤵
  PID:4168
- C:\Windows\System\aGKsPZr.exe
  C:\Windows\System\aGKsPZr.exe
  2⤵
  PID:2108
- C:\Windows\System\RQlvqCD.exe
  C:\Windows\System\RQlvqCD.exe
  2⤵
  PID:948
- C:\Windows\System\PcWxmbg.exe
  C:\Windows\System\PcWxmbg.exe
  2⤵
  PID:14896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DRTBfKG.exe

Filesize
6.1MB

MD5
297a02130af3f9814924fee21fb9b0ed

SHA1
993386896786c5f51c3616a40a8da484c1e7d8a6

SHA256
a21e97aaf13a0cc123d5658b4e90924a86758e92d42d61bf8a203aff1bb29a30

SHA512
7c95dd493ce4e928951eb8ef16fe190e223531d4cdec087039db551f057fbee0291f72694e68d8c54fbb384cdeabffa6dea280f4cf917c380440104007673fae

Download Submit
C:\Windows\System\PLZNcQT.exe

Filesize
6.1MB

MD5
7af7c0b21f15ab10f80944bcad27cfd0

SHA1
94c2e18abb2774b663792dc69c2007374c0f10b4

SHA256
32b593efb97707fcd7c0f831240fa4b8b48e762057445b05826215f116a38404

SHA512
58e5884f51fe60ba9156f2da590623d8bc325fdaa715c04a1a01fcfd64a4bd6d4890edcd29e02fb9170f9225b351e8e0367fd35eebe4327e5474815a150ac692

Download Submit
C:\Windows\System\PmwgaZF.exe

Filesize
6.1MB

MD5
49e315fbf99f6742adf63c9123a1e15b

SHA1
0474348f0c5d4968cb8281378771fe1f2d5a8371

SHA256
bf5168b05b3065022dd40cebed56dccdb7376f1a6082504b0485924c4e55d0e0

SHA512
33580e116bc1bb6f0408e70461cd2cdc1bfc2887dddea21614b0e48640569504640ff5cf9799142ebfc1d0679584e659816d50de55b1fb9405e81a66589dc6ad

Download Submit
C:\Windows\System\QzIWmAm.exe

Filesize
6.1MB

MD5
9af1ac65b885383a61f9cc8dd22060b3

SHA1
ff8d1f9ca751167ce239158901d7106168d3bc32

SHA256
9838932f20c9e091bcbe21789b1aca3a336708356a931a77cdcb91f2d1fe38c1

SHA512
e87a008ffc0074d1f521ddb8ccb8346fc7d950d8140c5df3a792e343e6deec003e7354d3e0d61cf8194bcf1cbb2677f633bebfcd095fb681982a7b6ee2851a44

Download Submit
C:\Windows\System\SOlqidf.exe

Filesize
6.1MB

MD5
fe8173a6a137e3d2587f10c9ae4c6bb8

SHA1
a61c07ec1b20e44ac04d0e4d7952dcc4d355197a

SHA256
4b0fd874f52fcd964fcdac69a8f116f5db7dc64d56dba50fa97d72be8378cb0a

SHA512
e6088f156e803dbf204437764bd18a84af1c59f45b8df273a318565b5a48f7dcee441ef8c04c738c3a17a768518aec32af49516ff2a80a4b7edfdeac343f05aa

Download Submit
C:\Windows\System\TXXMfDj.exe

Filesize
6.1MB

MD5
37514361d3367473ac1b8016f2bc203c

SHA1
dc63ac709126114aa9c19047fd7dd329e10bd527

SHA256
cfb7ac42359716f06e22cccadaab54595618d4fbad5ef62fd0d4c9e4442801da

SHA512
a540eb7c41ebdc85e72006141f63cb788b056d19a24aec14e8e96cd98c70c033fe922a9365141f39ee8646e5772aecd8421c9ab3660e3bfda5e4d948536fb311

Download Submit
C:\Windows\System\UnstKXN.exe

Filesize
6.1MB

MD5
675bfff9a019acb3ded85c3d66212a96

SHA1
c7250196bc3a712a7f2aa6aaaddfa0eb96a78769

SHA256
b8729b7d4775f23e6a9b951805207b34d09e30c7ee00f0777fc25472c21daf77

SHA512
5726e21b6dc1936b22c0b2a1587b247354ef14ebb979172b67fc10a4aaa558585141f07714384bff9aa311198c01e9594fb1b24e841982ecb155722c19d090bd

Download Submit
C:\Windows\System\UvyuxpQ.exe

Filesize
6.1MB

MD5
64112793ee8acffd65ac086080178eb6

SHA1
cddd4c3a6f11677f914f24bab178bad2366d7123

SHA256
75186595d24d925e45357d2a018b991024cbc2f5b24507b9a48fbfd0e8d63317

SHA512
01ea2e69be49bdbdcb58ccb8f089a0e8773800334861146925f32c0f8df8f8c8d412431decd95721aa71bf9dc006706bc31af635073263fbd281269f53afaa8f

Download Submit
C:\Windows\System\VsYOLBh.exe

Filesize
6.1MB

MD5
4cee72905e1bf1a721d560c3e60ca40b

SHA1
6dbf6652b31375abfe98c025707a104c255a264f

SHA256
9b3b8fdada9a4f4b0d55e31b3c21b7f6aae6f1faa5bfb02247e0316c12fb2766

SHA512
85a6230bc8578a1115e36e7516773ac7b6812a00d71aa1f13eff7b78669525f4ed8302d0a0cff15410e9c6cb6bad38530c2e76f55d7634d5a0f55ec93bd90239

Download Submit
C:\Windows\System\WJXrIiD.exe

Filesize
6.1MB

MD5
4319c1de91c858c71c8b8d2fa7cf8806

SHA1
66f549bcc418f07abd2adc23adec21e7f322eca5

SHA256
345cb2bfe7f848f294c045fbf443fed6bd0162838ec1f039fd67eedd680bee1a

SHA512
7be717515b1fd4cf11dfa5e6c9724d7c35ea64e1b8e2aa1c932f7d43154b3e10fefeab8b198d623ea69342b9292419a79fe0d7dfaeac6614796ecc4b444a430f

Download Submit
C:\Windows\System\XSuHwHF.exe

Filesize
6.1MB

MD5
29f1bfab473649e4abfb29d3b921bd2d

SHA1
80b7369b6bc9ff3038ec894688c5af424bbd63c2

SHA256
3c96fdfd5171c7c75d3e1c361559f54bc26e26cad94f1646ee08034efe4549e1

SHA512
52bf5a9990c7be5ba8287f7e29b387ffff7efc6919b472be1dc7c0320d1249bf2ecd314a69e0ccfb1afb6d734260cceee555afe1b6577ee72e1289f996094fc7

Download Submit
C:\Windows\System\XqAEeQf.exe

Filesize
6.1MB

MD5
6b8e7387488b9750492fda7ad07fffea

SHA1
a2a0180072c497f4f3b6ed0ede60615910443306

SHA256
a6dbae44c12fa067b41370e0a0d5b2958044ee2f3f463b4942fa91eefb6b453c

SHA512
d714e8bed8bf5360a1fc6bfb63dcb86b4548407b9598ee27bb9cd123d8690e36c700805919ff4b3ae9ad633b5abddac05e07b0f6e118c382ceab1793357c6024

Download Submit
C:\Windows\System\YCBADHu.exe

Filesize
6.1MB

MD5
ef75c9d4ca6d1dfb448371cb21dc5397

SHA1
484467e82ec908b773abdc831c60a808efa345cd

SHA256
87cc68082dd57db97364371461c004078734420ee90bedfb9ef779ab8f50c93c

SHA512
d2103e2aee7104695c28adb3097dfd475826209c7a64afbfff55fe08783f87f0e1637d1f07f9018264a065f9fdaf608be295874863375de0d406b5997f6b348b

Download Submit
C:\Windows\System\YeJFYUC.exe

Filesize
6.1MB

MD5
0282036f15aaa6f6e0c0bf80eefee2dc

SHA1
0c6369e95a0f1b5564301d630d753d858d0e7345

SHA256
777bfeebf7075dcde102e59d97025ef56af38d76cb72c48b1007bb471c3fad30

SHA512
733cabffaf36610fd55df44921c03a4f052c5785b9f8b8c64811803f4e171462c050cff4637f8b58b6a525e73f4785740834ab12f30d3114ce31470211885b1a

Download Submit
C:\Windows\System\bgLsUUf.exe

Filesize
6.1MB

MD5
475c266c0419ac3518962aea07443cc5

SHA1
a2195f74495b288e28bd1c03e6ed62f426afd904

SHA256
0f4c1bd71238f0af6414d4d9bb02813cd64f78ad05a0cf48031031b0bb9925f4

SHA512
23feb145f6b10078713d3b5619ffc15f2f5823337145ee6a8e6d5764b42eb55ee848b54bf372cb6cbf2809be560abce27ee01c9a24f00781347abb4b2837214e

Download Submit
C:\Windows\System\cIiqBMJ.exe

Filesize
6.1MB

MD5
53942762ce010770df5ae1a3b3adfd13

SHA1
16e2e6290d76d4c9b74d20b2349824c17061b6d7

SHA256
108e2a0c3762f5373bf981449c714e6dd6553f00b22d634af3e940b7e22194c0

SHA512
5d65d5edba57ca465b1749e69004d9d8cc7f36460ed5513e5408c6f8ce72b216e1fbf0db8fb57aebd0b34dd89ef2d873c3827488da3a7affbe42561b4268228d

Download Submit
C:\Windows\System\exhDewN.exe

Filesize
6.1MB

MD5
b64df526fa46bc2d87f316c441184b17

SHA1
f7443a69724366868e2241c47cc3640031679b11

SHA256
41df32648f6a3913805d9a1f4bacb8a1131a2f0321cbd05a9630d3851ce84d96

SHA512
8f95ed33e90ea52f58498dd9787819c0bc2c5b892f0487bca57484b487bb7f8fa8877049ac3581957fcdfec7bd97611d9af444982209bb6df642aba62c2abcde

Download Submit
C:\Windows\System\fDoeWrO.exe

Filesize
6.1MB

MD5
2a493267df0557836e154ee134763a78

SHA1
5183f4820f01602b5952c24cad450f84261e5852

SHA256
7402ce7ff75adb57c4c13e8c2692f56a8fd806cd6e9e0c35ea0f58a68cc66ef5

SHA512
b3b7d11ea24e213b314f2d321265db77d3e439d62a98f9fdd2188011e8d7bba9d95a53dcd58036b4a718db4bd1d096e750704f31b649326d8fdac849481a8a18

Download Submit
C:\Windows\System\fSjZDXn.exe

Filesize
6.1MB

MD5
8c66b0daae537b8e335e3c6c55498c41

SHA1
3831fa6f3579b554e9380fa0a378b863b3b2bc9e

SHA256
352cf724aee56bada1a5612cb681d160c8d6e182a6fa2dc0100a391146f10482

SHA512
f3ef06cdab3b34a5eacc6237f98204c233c4e90591f0a22fc429a03d603ab1abbd9e9724195f42a0a60a69583edccf1d335455fb975773e96b7cfa955262a334

Download Submit
C:\Windows\System\iwJVcVf.exe

Filesize
6.1MB

MD5
52c5c6de23a977d76bac67b49203b20c

SHA1
0691cfe0ba7660a33fb26baa22976da5ca7229c9

SHA256
408ab4d8e358e8ef85a69920ed92e53ecbe497b5b680666af2089cdd0644cd93

SHA512
e5a39d9cc9edac6bfae1fb2dbeffde61b964f8283bfb64ab151bd138035d155efd8321f06b2e8e3a70bbdbd445fabf4f7012824f72eee9a60a891278576297c2

Download Submit
C:\Windows\System\jVLvkvx.exe

Filesize
6.1MB

MD5
f0a951897ded9c022c02cfa2ee3d2ecd

SHA1
6dfcd59056cd1dc7ac1c56b4e0dd5e886fe541bd

SHA256
3bd7f9c9f9924bcd5aaca7eddc3cee06614cc55e53cd4c6f354318c26a7382c2

SHA512
bad41f6f53f503b24b393555f8437ad8f5924e1d6e45ea8af120a4b90b7606aa7899c8d779a6d5c47a290de41a4f8ca50bba943d58202e34caf90aa5b7c7a4cc

Download Submit
C:\Windows\System\kWyJWZk.exe

Filesize
6.1MB

MD5
1f37133a1ee9446779abdfe2f2f05908

SHA1
1cca95dce43671ba163189a20e4a6295a4d6eaf4

SHA256
803c9e8b0907fd137b6561b35bc86b3f34cfa2626e3d8cf4031c561ed55c2b6a

SHA512
5aced4dd25c222026dab8f9bae4e1eab2448a185ebb735d9973e3a525d3b58f1c3e892f7d97cbb250aa997dfef7ff50a6d20a3850a18d962bde395d63d0ebff7

Download Submit
C:\Windows\System\kuaGQBC.exe

Filesize
6.1MB

MD5
f938f271d049dd0dd313966884607577

SHA1
71966c8548c1a03740bee2cdf3e42d61884d6ccf

SHA256
5351cd00ce311d71d9c98e83680912e14c83522e0aed559bd00830ec3e499e66

SHA512
be54cb4a2c47ca920e335e7509152c9c4792507a462b7f91ab3d30b0fecad0c689b07bf0ec111267aeb1f8d08bc09b9d317ba1cbe3f4331f56882076df821d4d

Download Submit
C:\Windows\System\meLexcS.exe

Filesize
6.1MB

MD5
15e488b0edc278fb8992c8f08f73c1aa

SHA1
79ca92370f3c95e295d6506ad2ec2f365cfe1c7a

SHA256
528b0574d544e5eea8cea397ccf8af241afe9a910b7c3247d8d162c95a745f57

SHA512
9d825a8fbe78d9570d428ac03e40da099b62158923fc5d9f098b1e289fab3b67c19e06453f714d3a29a1fad60b176e6324647541d9c90e866c6efc0f7a18f322

Download Submit
C:\Windows\System\nYXMlhT.exe

Filesize
6.1MB

MD5
62476f6e65bb85b241bac852f75d4fde

SHA1
bb402adebba16c07449571750135c35183a02f01

SHA256
21f817e8bc47601224de4e3f60ad1f5aa5c96013f059f0b27a92d6061a1b16c3

SHA512
67c2a2850eb8c3bedba6774a80a71600a6572f3b35f215da1cf9a3823e48c8f0806326e42d750575148d399cf96d171f794b762ec304ebd216c973e98a5cadaa

Download Submit
C:\Windows\System\oMETCvR.exe

Filesize
6.1MB

MD5
a38364ce724e3d23ec541bf89b269492

SHA1
e21de530fddd7d2cdc4bd77bf4661e87d0432747

SHA256
2fa4c158fdf77d593ae02808fa974c676eba75bc37802d33f93e27583e2274d1

SHA512
c5b1edad234d9f3f04bc34cc92987a4e0731297549f5c38cf16ff420c400740ee44f56daa2154ad201c1ef1812115feb8c064b2c6c2dbffa76d32893fbadd72a

Download Submit
C:\Windows\System\qdrFOkH.exe

Filesize
6.1MB

MD5
4bb9c6e9c47f267077d062b445259218

SHA1
5ad75e80a7125a2869750087bc83a8ce5b035cb9

SHA256
0de732ae94eef967f5f8521592076ec36922339e78b5afa4ca3584ff465f3718

SHA512
bb4b9d7d842003159fb71a98de27ba8025da35ed0029672c7286829b910e0b31db8663ce023a794858ffbbb5b7aa3137a24829261aece120de1371f1aca46b33

Download Submit
C:\Windows\System\vPhzkWc.exe

Filesize
6.1MB

MD5
0904e3d8c3ff446afb3844676f00f443

SHA1
235b431ad86f1f54189def74b28f40f1f4b445a0

SHA256
8e5c4e48ab289beaba84b11afa2f209e2e7677e33daaea29abf4b93ea6b3f1a2

SHA512
763af978a89b549ba0369c6a6a3a76f318997def75a67281413f7afa51ea03cca9ba7adcbd253072c3f5270dc95a21d6ad624b92b144091172c2befa0719adab

Download Submit
C:\Windows\System\vgIsgTe.exe

Filesize
6.1MB

MD5
90d493b06c65a5934cbb50a14530cd7d

SHA1
a6806e3839fe62635750b0549dab4cf1b0cb328b

SHA256
562fbf80918cd65ebb65bde8a4c8030e492d9b12f55a1e28718b40967f2824a7

SHA512
2f05295a81ca1b045ff34dee4f16dd57b401f20f46be8e70a850c60ffe849e5ffd1223ed9f278ea8114dc5c751096ee4fd51bbd54c3e3148d8910a58846aad9a

Download Submit
C:\Windows\System\ylCvNPE.exe

Filesize
6.1MB

MD5
93c49cc30bd03a5712d5ef4a17bbfede

SHA1
dbef4a182a052ddd05b0eb39da80e3ddd379ea63

SHA256
6ec28316c53986a70d3a87f5822c3ac720a755b596002b5084e3239f8ac99e9a

SHA512
5284da7ccb408d77ecf8702f409e1a9c955705e050efa2364ed66582efdc64775057cf51adef5f698efae4727b436afbb5cfc64c1c8e333d74f3d1c8091bfc0c

Download Submit
C:\Windows\System\zRZPSlc.exe

Filesize
6.1MB

MD5
b937d9024e5a8e35db581c530038cdc5

SHA1
a586ab0587cf2c5a9328bd4437cf08911008662b

SHA256
9cba1fb0bd6c30d362cfcff2acbbb5bd85a2a016bd019d1956a4480e454cf5f3

SHA512
8649c792e0023e7000fc86eab956ef3c013cc4d620363828ddc2602caff2e11055b1472552933d04ae88dfdf46facafb9c07c6afa805c68f05dbcc08e8831e71

Download Submit
C:\Windows\System\zuoiEot.exe

Filesize
6.1MB

MD5
da8fa8403e1800400becab512da32378

SHA1
937ca39a2c3cc58dfc0ef087bb4d46cb68505501

SHA256
f851d643a389dd85ecd78a0b26ccf4204ab2693e908d35ae66ba66df0ccac480

SHA512
86f1e22243e6532ba02af3f3fe04eb22e34ba8be261ca0c55386c15fa9a7c40060327ddd409707dd0d8d961d56f6491e3dd21371f14cd40564d2bb4a35095f58

Download Submit
memory/1164-168-0x00007FF6D61E0000-0x00007FF6D6534000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2211-0x00007FF6D61E0000-0x00007FF6D6534000-memory.dmp

Filesize
3.3MB

Download
memory/1756-150-0x00007FF69EC80000-0x00007FF69EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2206-0x00007FF69EC80000-0x00007FF69EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1828-80-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp

Filesize
3.3MB

Download
memory/1828-1617-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp

Filesize
3.3MB

Download
memory/1828-14-0x00007FF7FD0F0000-0x00007FF7FD444000-memory.dmp

Filesize
3.3MB

Download
memory/1832-139-0x00007FF6B0400000-0x00007FF6B0754000-memory.dmp

Filesize
3.3MB

Download
memory/1832-418-0x00007FF6B0400000-0x00007FF6B0754000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2201-0x00007FF6B0400000-0x00007FF6B0754000-memory.dmp

Filesize
3.3MB

Download
memory/2160-95-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-33-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1638-0x00007FF6E4D70000-0x00007FF6E50C4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-289-0x00007FF6714C0000-0x00007FF671814000-memory.dmp

Filesize
3.3MB

Download
memory/2508-98-0x00007FF6714C0000-0x00007FF671814000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2174-0x00007FF6714C0000-0x00007FF671814000-memory.dmp

Filesize
3.3MB

Download
memory/2812-733-0x00007FF60CD80000-0x00007FF60D0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-191-0x00007FF60CD80000-0x00007FF60D0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2361-0x00007FF60CD80000-0x00007FF60D0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-612-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp

Filesize
3.3MB

Download
memory/3052-176-0x00007FF657BB0000-0x00007FF657F04000-memory.dmp

Filesize
3.3MB

Download
memory/3184-0-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-1-0x000001BE0A310000-0x000001BE0A320000-memory.dmp

Filesize
64KB

Download
memory/3184-64-0x00007FF7B8350000-0x00007FF7B86A4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-102-0x00007FF7AEC00000-0x00007FF7AEF54000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2178-0x00007FF7AEC00000-0x00007FF7AEF54000-memory.dmp

Filesize
3.3MB

Download
memory/3996-352-0x00007FF7AEC00000-0x00007FF7AEF54000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2217-0x00007FF7FF870000-0x00007FF7FFBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-161-0x00007FF7FF870000-0x00007FF7FFBC4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-79-0x00007FF6C5700000-0x00007FF6C5A54000-memory.dmp

Filesize
3.3MB

Download
memory/4244-1664-0x00007FF6C5700000-0x00007FF6C5A54000-memory.dmp

Filesize
3.3MB

Download
memory/4244-185-0x00007FF6C5700000-0x00007FF6C5A54000-memory.dmp

Filesize
3.3MB

Download
memory/4308-75-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp

Filesize
3.3MB

Download
memory/4308-8-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp

Filesize
3.3MB

Download
memory/4308-1570-0x00007FF6EEFC0000-0x00007FF6EF314000-memory.dmp

Filesize
3.3MB

Download
memory/4364-165-0x00007FF6D7930000-0x00007FF6D7C84000-memory.dmp

Filesize
3.3MB

Download
memory/4364-2218-0x00007FF6D7930000-0x00007FF6D7C84000-memory.dmp

Filesize
3.3MB

Download
memory/4700-1634-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-83-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-21-0x00007FF7F2E90000-0x00007FF7F31E4000-memory.dmp

Filesize
3.3MB

Download
memory/4756-22-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4756-90-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4756-1631-0x00007FF78D160000-0x00007FF78D4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-169-0x00007FF75A3D0000-0x00007FF75A724000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2220-0x00007FF75A3D0000-0x00007FF75A724000-memory.dmp

Filesize
3.3MB

Download
memory/4876-69-0x00007FF6D0DF0000-0x00007FF6D1144000-memory.dmp

Filesize
3.3MB

Download
memory/4876-1663-0x00007FF6D0DF0000-0x00007FF6D1144000-memory.dmp

Filesize
3.3MB

Download
memory/4876-174-0x00007FF6D0DF0000-0x00007FF6D1144000-memory.dmp

Filesize
3.3MB

Download
memory/4916-167-0x00007FF746340000-0x00007FF746694000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1660-0x00007FF746340000-0x00007FF746694000-memory.dmp

Filesize
3.3MB

Download
memory/4916-63-0x00007FF746340000-0x00007FF746694000-memory.dmp

Filesize
3.3MB

Download
memory/4956-76-0x00007FF605D40000-0x00007FF606094000-memory.dmp

Filesize
3.3MB

Download
memory/4956-180-0x00007FF605D40000-0x00007FF606094000-memory.dmp

Filesize
3.3MB

Download
memory/4956-1665-0x00007FF605D40000-0x00007FF606094000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2202-0x00007FF61C500000-0x00007FF61C854000-memory.dmp

Filesize
3.3MB

Download
memory/5084-166-0x00007FF61C500000-0x00007FF61C854000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2179-0x00007FF66FF40000-0x00007FF670294000-memory.dmp

Filesize
3.3MB

Download
memory/5104-138-0x00007FF66FF40000-0x00007FF670294000-memory.dmp

Filesize
3.3MB

Download
memory/5288-160-0x00007FF7523C0000-0x00007FF752714000-memory.dmp

Filesize
3.3MB

Download
memory/5288-2209-0x00007FF7523C0000-0x00007FF752714000-memory.dmp

Filesize
3.3MB

Download
memory/5312-96-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp

Filesize
3.3MB

Download
memory/5312-1651-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp

Filesize
3.3MB

Download
memory/5312-43-0x00007FF6EDA20000-0x00007FF6EDD74000-memory.dmp

Filesize
3.3MB

Download
memory/5416-2164-0x00007FF65E260000-0x00007FF65E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5416-91-0x00007FF65E260000-0x00007FF65E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5552-156-0x00007FF630950000-0x00007FF630CA4000-memory.dmp

Filesize
3.3MB

Download
memory/5552-2210-0x00007FF630950000-0x00007FF630CA4000-memory.dmp

Filesize
3.3MB

Download
memory/5816-59-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp

Filesize
3.3MB

Download
memory/5816-132-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp

Filesize
3.3MB

Download
memory/5816-1659-0x00007FF6C0A30000-0x00007FF6C0D84000-memory.dmp

Filesize
3.3MB

Download
memory/5872-1648-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp

Filesize
3.3MB

Download
memory/5872-42-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp

Filesize
3.3MB

Download
memory/5872-101-0x00007FF6396F0000-0x00007FF639A44000-memory.dmp

Filesize
3.3MB

Download
memory/5952-1653-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp

Filesize
3.3MB

Download
memory/5952-50-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp

Filesize
3.3MB

Download
memory/5952-111-0x00007FF6987B0000-0x00007FF698B04000-memory.dmp

Filesize
3.3MB

Download
memory/5992-2355-0x00007FF6F3C50000-0x00007FF6F3FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5992-186-0x00007FF6F3C50000-0x00007FF6F3FA4000-memory.dmp

Filesize
3.3MB

Download