cobaltstrike | 0391067f197957e08ab9faed45e33de1a6363a7ae16b9962bef30c305cae9903

Analysis

max time kernel
104s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

dc18fd165d4d5eced695fa6b146e7f67
SHA1

80bb8e51e5b72bdea557f627781b01afaf286aaf
SHA256

0391067f197957e08ab9faed45e33de1a6363a7ae16b9962bef30c305cae9903
SHA512

41c0c539217fe7c731f52bf1bac08e040a71e164e646b741a089692987f69d7891201cbc0bdf2d19fb76253e92d364ed3e3d89167a27cb004b2180a131f3610c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000024276-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427d-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427e-12.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427f-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024280-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024281-38.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024283-44.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024282-55.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002427a-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024284-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024285-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024287-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024286-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024289-92.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428b-106.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428e-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024291-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024293-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024297-169.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002429a-181.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024299-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024298-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024296-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024295-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024294-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024292-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024290-135.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428f-130.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428d-126.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428c-124.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002428a-101.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024288-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4184-0-0x00007FF696660000-0x00007FF6969B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024276-4.dat	xmrig
behavioral2/memory/3828-8-0x00007FF6D37E0000-0x00007FF6D3B34000-memory.dmp	xmrig
behavioral2/files/0x000700000002427d-10.dat	xmrig
behavioral2/files/0x000700000002427e-12.dat	xmrig
behavioral2/memory/4256-14-0x00007FF7F8070000-0x00007FF7F83C4000-memory.dmp	xmrig
behavioral2/memory/1008-18-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp	xmrig
behavioral2/files/0x000700000002427f-22.dat	xmrig
behavioral2/memory/1480-25-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp	xmrig
behavioral2/files/0x0007000000024280-28.dat	xmrig
behavioral2/files/0x0007000000024281-38.dat	xmrig
behavioral2/files/0x0007000000024283-44.dat	xmrig
behavioral2/files/0x0007000000024282-55.dat	xmrig
behavioral2/files/0x000800000002427a-58.dat	xmrig
behavioral2/files/0x0007000000024284-62.dat	xmrig
behavioral2/files/0x0007000000024285-68.dat	xmrig
behavioral2/files/0x0007000000024287-74.dat	xmrig
behavioral2/files/0x0007000000024286-76.dat	xmrig
behavioral2/memory/4944-82-0x00007FF78CFD0000-0x00007FF78D324000-memory.dmp	xmrig
behavioral2/files/0x0007000000024289-92.dat	xmrig
behavioral2/files/0x000700000002428b-106.dat	xmrig
behavioral2/files/0x000700000002428e-113.dat	xmrig
behavioral2/memory/3980-122-0x00007FF609000000-0x00007FF609354000-memory.dmp	xmrig
behavioral2/files/0x0007000000024291-139.dat	xmrig
behavioral2/files/0x0007000000024293-150.dat	xmrig
behavioral2/files/0x0007000000024297-169.dat	xmrig
behavioral2/memory/1672-234-0x00007FF722DD0000-0x00007FF723124000-memory.dmp	xmrig
behavioral2/memory/984-244-0x00007FF7C7990000-0x00007FF7C7CE4000-memory.dmp	xmrig
behavioral2/memory/1204-300-0x00007FF7D26B0000-0x00007FF7D2A04000-memory.dmp	xmrig
behavioral2/memory/3500-301-0x00007FF617170000-0x00007FF6174C4000-memory.dmp	xmrig
behavioral2/memory/5192-308-0x00007FF733D60000-0x00007FF7340B4000-memory.dmp	xmrig
behavioral2/memory/2776-311-0x00007FF7CF4B0000-0x00007FF7CF804000-memory.dmp	xmrig
behavioral2/memory/548-320-0x00007FF759030000-0x00007FF759384000-memory.dmp	xmrig
behavioral2/memory/5636-319-0x00007FF7BFB90000-0x00007FF7BFEE4000-memory.dmp	xmrig
behavioral2/memory/4512-318-0x00007FF7BCF90000-0x00007FF7BD2E4000-memory.dmp	xmrig
behavioral2/memory/4344-317-0x00007FF69AAD0000-0x00007FF69AE24000-memory.dmp	xmrig
behavioral2/files/0x000700000002429a-181.dat	xmrig
behavioral2/files/0x0007000000024299-179.dat	xmrig
behavioral2/files/0x0007000000024298-174.dat	xmrig
behavioral2/files/0x0007000000024296-165.dat	xmrig
behavioral2/files/0x0007000000024295-157.dat	xmrig
behavioral2/files/0x0007000000024294-154.dat	xmrig
behavioral2/files/0x0007000000024292-143.dat	xmrig
behavioral2/files/0x0007000000024290-135.dat	xmrig
behavioral2/files/0x000700000002428f-130.dat	xmrig
behavioral2/files/0x000700000002428d-126.dat	xmrig
behavioral2/files/0x000700000002428c-124.dat	xmrig
behavioral2/memory/5972-118-0x00007FF7C9520000-0x00007FF7C9874000-memory.dmp	xmrig
behavioral2/memory/4884-111-0x00007FF7E6C70000-0x00007FF7E6FC4000-memory.dmp	xmrig
behavioral2/memory/964-105-0x00007FF7049A0000-0x00007FF704CF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002428a-101.dat	xmrig
behavioral2/memory/4184-100-0x00007FF696660000-0x00007FF6969B4000-memory.dmp	xmrig
behavioral2/memory/4804-98-0x00007FF6CEB70000-0x00007FF6CEEC4000-memory.dmp	xmrig
behavioral2/memory/5776-95-0x00007FF6BA410000-0x00007FF6BA764000-memory.dmp	xmrig
behavioral2/memory/2332-89-0x00007FF7B78B0000-0x00007FF7B7C04000-memory.dmp	xmrig
behavioral2/memory/1008-327-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp	xmrig
behavioral2/memory/1480-377-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp	xmrig
behavioral2/memory/4588-435-0x00007FF7C0DC0000-0x00007FF7C1114000-memory.dmp	xmrig
behavioral2/memory/4848-438-0x00007FF737730000-0x00007FF737A84000-memory.dmp	xmrig
behavioral2/memory/3740-83-0x00007FF6B30B0000-0x00007FF6B3404000-memory.dmp	xmrig
behavioral2/files/0x0007000000024288-80.dat	xmrig
behavioral2/memory/4560-491-0x00007FF68E710000-0x00007FF68EA64000-memory.dmp	xmrig
behavioral2/memory/4860-78-0x00007FF610D10000-0x00007FF611064000-memory.dmp	xmrig
behavioral2/memory/4848-66-0x00007FF737730000-0x00007FF737A84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3828	OXkVLPc.exe
4256	sFJXcsa.exe
1008	HpsKdIH.exe
1480	fXxNDFo.exe
4588	LrXueOh.exe
4560	pufyrSO.exe
4632	aXngUmc.exe
4732	lRMrbxN.exe
4860	HVxvqLB.exe
4848	lFXkVUo.exe
4944	DRLENll.exe
3740	qBefgjT.exe
5776	TOczfbD.exe
2332	teSiltn.exe
4804	lliYOja.exe
964	JPbMDaY.exe
4884	MtHevyc.exe
5972	hjeAijj.exe
4512	eeEMHCY.exe
3980	LyxaQhS.exe
5636	hsVVqLC.exe
1672	ltEGgqt.exe
548	WtzJvqL.exe
984	oKhMWGF.exe
1204	DSfmWrh.exe
3500	lRslsou.exe
5192	mKNyAjr.exe
2776	XLGPEPy.exe
4344	ueQMxDA.exe
4020	ARqdnTF.exe
2704	TrAGBjf.exe
2980	QbGEfdp.exe
1476	MMTUZvD.exe
2268	dbvNJRF.exe
1320	KcIOGRN.exe
5384	yaGrVCa.exe
5912	fJBhRcF.exe
4496	JlJZTWg.exe
5812	iqOiZRT.exe
3436	OjXiIWb.exe
5976	cmcGPPp.exe
1816	zEujRZO.exe
1360	VnKinnB.exe
5664	ZaacInN.exe
2812	kPholfX.exe
2804	LPERzIE.exe
3412	puXjHFP.exe
3584	OVvQKaO.exe
2932	YRltijr.exe
2996	SSdxXrn.exe
2916	ffdFtPE.exe
3968	NpthDoR.exe
5272	RcCCtmC.exe
3128	bcsxycP.exe
5580	XRtVhFW.exe
860	BtYHfLl.exe
4128	gWQFWSz.exe
1768	rdeEMFJ.exe
5276	sBiAJGP.exe
5704	lvmgQdv.exe
4072	gogZnHW.exe
5468	UTiPnyT.exe
5480	sTgpLuw.exe
3732	FIJmlKE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4184-0-0x00007FF696660000-0x00007FF6969B4000-memory.dmp	upx
behavioral2/files/0x0008000000024276-4.dat	upx
behavioral2/memory/3828-8-0x00007FF6D37E0000-0x00007FF6D3B34000-memory.dmp	upx
behavioral2/files/0x000700000002427d-10.dat	upx
behavioral2/files/0x000700000002427e-12.dat	upx
behavioral2/memory/4256-14-0x00007FF7F8070000-0x00007FF7F83C4000-memory.dmp	upx
behavioral2/memory/1008-18-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp	upx
behavioral2/files/0x000700000002427f-22.dat	upx
behavioral2/memory/1480-25-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp	upx
behavioral2/files/0x0007000000024280-28.dat	upx
behavioral2/files/0x0007000000024281-38.dat	upx
behavioral2/files/0x0007000000024283-44.dat	upx
behavioral2/files/0x0007000000024282-55.dat	upx
behavioral2/files/0x000800000002427a-58.dat	upx
behavioral2/files/0x0007000000024284-62.dat	upx
behavioral2/files/0x0007000000024285-68.dat	upx
behavioral2/files/0x0007000000024287-74.dat	upx
behavioral2/files/0x0007000000024286-76.dat	upx
behavioral2/memory/4944-82-0x00007FF78CFD0000-0x00007FF78D324000-memory.dmp	upx
behavioral2/files/0x0007000000024289-92.dat	upx
behavioral2/files/0x000700000002428b-106.dat	upx
behavioral2/files/0x000700000002428e-113.dat	upx
behavioral2/memory/3980-122-0x00007FF609000000-0x00007FF609354000-memory.dmp	upx
behavioral2/files/0x0007000000024291-139.dat	upx
behavioral2/files/0x0007000000024293-150.dat	upx
behavioral2/files/0x0007000000024297-169.dat	upx
behavioral2/memory/1672-234-0x00007FF722DD0000-0x00007FF723124000-memory.dmp	upx
behavioral2/memory/984-244-0x00007FF7C7990000-0x00007FF7C7CE4000-memory.dmp	upx
behavioral2/memory/1204-300-0x00007FF7D26B0000-0x00007FF7D2A04000-memory.dmp	upx
behavioral2/memory/3500-301-0x00007FF617170000-0x00007FF6174C4000-memory.dmp	upx
behavioral2/memory/5192-308-0x00007FF733D60000-0x00007FF7340B4000-memory.dmp	upx
behavioral2/memory/2776-311-0x00007FF7CF4B0000-0x00007FF7CF804000-memory.dmp	upx
behavioral2/memory/548-320-0x00007FF759030000-0x00007FF759384000-memory.dmp	upx
behavioral2/memory/5636-319-0x00007FF7BFB90000-0x00007FF7BFEE4000-memory.dmp	upx
behavioral2/memory/4512-318-0x00007FF7BCF90000-0x00007FF7BD2E4000-memory.dmp	upx
behavioral2/memory/4344-317-0x00007FF69AAD0000-0x00007FF69AE24000-memory.dmp	upx
behavioral2/files/0x000700000002429a-181.dat	upx
behavioral2/files/0x0007000000024299-179.dat	upx
behavioral2/files/0x0007000000024298-174.dat	upx
behavioral2/files/0x0007000000024296-165.dat	upx
behavioral2/files/0x0007000000024295-157.dat	upx
behavioral2/files/0x0007000000024294-154.dat	upx
behavioral2/files/0x0007000000024292-143.dat	upx
behavioral2/files/0x0007000000024290-135.dat	upx
behavioral2/files/0x000700000002428f-130.dat	upx
behavioral2/files/0x000700000002428d-126.dat	upx
behavioral2/files/0x000700000002428c-124.dat	upx
behavioral2/memory/5972-118-0x00007FF7C9520000-0x00007FF7C9874000-memory.dmp	upx
behavioral2/memory/4884-111-0x00007FF7E6C70000-0x00007FF7E6FC4000-memory.dmp	upx
behavioral2/memory/964-105-0x00007FF7049A0000-0x00007FF704CF4000-memory.dmp	upx
behavioral2/files/0x000700000002428a-101.dat	upx
behavioral2/memory/4184-100-0x00007FF696660000-0x00007FF6969B4000-memory.dmp	upx
behavioral2/memory/4804-98-0x00007FF6CEB70000-0x00007FF6CEEC4000-memory.dmp	upx
behavioral2/memory/5776-95-0x00007FF6BA410000-0x00007FF6BA764000-memory.dmp	upx
behavioral2/memory/2332-89-0x00007FF7B78B0000-0x00007FF7B7C04000-memory.dmp	upx
behavioral2/memory/1008-327-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp	upx
behavioral2/memory/1480-377-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp	upx
behavioral2/memory/4588-435-0x00007FF7C0DC0000-0x00007FF7C1114000-memory.dmp	upx
behavioral2/memory/4848-438-0x00007FF737730000-0x00007FF737A84000-memory.dmp	upx
behavioral2/memory/3740-83-0x00007FF6B30B0000-0x00007FF6B3404000-memory.dmp	upx
behavioral2/files/0x0007000000024288-80.dat	upx
behavioral2/memory/4560-491-0x00007FF68E710000-0x00007FF68EA64000-memory.dmp	upx
behavioral2/memory/4860-78-0x00007FF610D10000-0x00007FF611064000-memory.dmp	upx
behavioral2/memory/4848-66-0x00007FF737730000-0x00007FF737A84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vXuyQQP.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xpRlMUp.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aLgBJWL.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RdujkMP.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MtZjBAr.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QWpCcgn.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XCoeomY.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eUjweRd.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DweJBZN.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TcXiEUY.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TvvkVMP.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AQITDEJ.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NpHhpzf.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MRHnija.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wiWPBye.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fPQBAoE.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TiBwBVo.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gssYQHk.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hyqLtut.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YCKamME.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MBimHxu.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VzssudS.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oYLBVmE.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SzCAxpc.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WtzJvqL.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QbGEfdp.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\unnOYlb.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xEXkBIj.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\whtttrd.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dIUgxCs.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BZnDWjz.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tVukqKg.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\txoEcet.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DdLfEVR.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SASyeTk.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oGfeRYe.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rHxRCLz.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FNbFsvi.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YTlenhe.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BtYHfLl.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nGWrDRt.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iVUsMBh.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aLNIxcB.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mkwUBHH.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oSnOIcp.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hjeAijj.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dBIAbgz.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rYPPIgP.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GSRmKAo.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NLujpGW.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uqhlSoJ.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BiSIhcF.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JmkDduh.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lFXkVUo.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AyikLdl.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kePnIHI.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lRjIwNA.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UyiMOwJ.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GpOjdFH.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mMQxkhs.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pspWTSO.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GZcvlzD.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bqgTywr.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GtLDQFo.exe	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 3828	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4184 wrote to memory of 3828	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4184 wrote to memory of 4256	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4184 wrote to memory of 4256	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4184 wrote to memory of 1008	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4184 wrote to memory of 1008	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 4184 wrote to memory of 1480	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4184 wrote to memory of 1480	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4184 wrote to memory of 4588	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4184 wrote to memory of 4588	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4184 wrote to memory of 4560	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4184 wrote to memory of 4560	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4184 wrote to memory of 4632	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4184 wrote to memory of 4632	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4184 wrote to memory of 4732	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4184 wrote to memory of 4732	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 4184 wrote to memory of 4860	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4184 wrote to memory of 4860	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4184 wrote to memory of 4848	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4184 wrote to memory of 4848	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 4184 wrote to memory of 4944	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4184 wrote to memory of 4944	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4184 wrote to memory of 3740	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4184 wrote to memory of 3740	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4184 wrote to memory of 5776	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4184 wrote to memory of 5776	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4184 wrote to memory of 2332	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4184 wrote to memory of 2332	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4184 wrote to memory of 4804	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4184 wrote to memory of 4804	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4184 wrote to memory of 964	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4184 wrote to memory of 964	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4184 wrote to memory of 4884	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4184 wrote to memory of 4884	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4184 wrote to memory of 5972	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4184 wrote to memory of 5972	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4184 wrote to memory of 4512	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4184 wrote to memory of 4512	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4184 wrote to memory of 3980	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4184 wrote to memory of 3980	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4184 wrote to memory of 5636	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4184 wrote to memory of 5636	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4184 wrote to memory of 1672	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4184 wrote to memory of 1672	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4184 wrote to memory of 548	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4184 wrote to memory of 548	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4184 wrote to memory of 984	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4184 wrote to memory of 984	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4184 wrote to memory of 1204	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4184 wrote to memory of 1204	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 4184 wrote to memory of 3500	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4184 wrote to memory of 3500	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 4184 wrote to memory of 5192	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4184 wrote to memory of 5192	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4184 wrote to memory of 2776	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4184 wrote to memory of 2776	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4184 wrote to memory of 4344	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4184 wrote to memory of 4344	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4184 wrote to memory of 4020	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4184 wrote to memory of 4020	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4184 wrote to memory of 2704	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4184 wrote to memory of 2704	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4184 wrote to memory of 2980	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4184 wrote to memory of 2980	4184	2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119

C:\Users\Admin\AppData\Local\Temp\2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_dc18fd165d4d5eced695fa6b146e7f67_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Windows\System\OXkVLPc.exe
  C:\Windows\System\OXkVLPc.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\sFJXcsa.exe
  C:\Windows\System\sFJXcsa.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\HpsKdIH.exe
  C:\Windows\System\HpsKdIH.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\fXxNDFo.exe
  C:\Windows\System\fXxNDFo.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\LrXueOh.exe
  C:\Windows\System\LrXueOh.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\pufyrSO.exe
  C:\Windows\System\pufyrSO.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\aXngUmc.exe
  C:\Windows\System\aXngUmc.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\lRMrbxN.exe
  C:\Windows\System\lRMrbxN.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\HVxvqLB.exe
  C:\Windows\System\HVxvqLB.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\lFXkVUo.exe
  C:\Windows\System\lFXkVUo.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\DRLENll.exe
  C:\Windows\System\DRLENll.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\qBefgjT.exe
  C:\Windows\System\qBefgjT.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\TOczfbD.exe
  C:\Windows\System\TOczfbD.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\teSiltn.exe
  C:\Windows\System\teSiltn.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\lliYOja.exe
  C:\Windows\System\lliYOja.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\JPbMDaY.exe
  C:\Windows\System\JPbMDaY.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\MtHevyc.exe
  C:\Windows\System\MtHevyc.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\hjeAijj.exe
  C:\Windows\System\hjeAijj.exe
  2⤵
  - Executes dropped EXE
  PID:5972
- C:\Windows\System\eeEMHCY.exe
  C:\Windows\System\eeEMHCY.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\LyxaQhS.exe
  C:\Windows\System\LyxaQhS.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\hsVVqLC.exe
  C:\Windows\System\hsVVqLC.exe
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Windows\System\ltEGgqt.exe
  C:\Windows\System\ltEGgqt.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\WtzJvqL.exe
  C:\Windows\System\WtzJvqL.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\oKhMWGF.exe
  C:\Windows\System\oKhMWGF.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\DSfmWrh.exe
  C:\Windows\System\DSfmWrh.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\lRslsou.exe
  C:\Windows\System\lRslsou.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\mKNyAjr.exe
  C:\Windows\System\mKNyAjr.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\XLGPEPy.exe
  C:\Windows\System\XLGPEPy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ueQMxDA.exe
  C:\Windows\System\ueQMxDA.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\ARqdnTF.exe
  C:\Windows\System\ARqdnTF.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\TrAGBjf.exe
  C:\Windows\System\TrAGBjf.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QbGEfdp.exe
  C:\Windows\System\QbGEfdp.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MMTUZvD.exe
  C:\Windows\System\MMTUZvD.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\dbvNJRF.exe
  C:\Windows\System\dbvNJRF.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\KcIOGRN.exe
  C:\Windows\System\KcIOGRN.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\yaGrVCa.exe
  C:\Windows\System\yaGrVCa.exe
  2⤵
  - Executes dropped EXE
  PID:5384
- C:\Windows\System\fJBhRcF.exe
  C:\Windows\System\fJBhRcF.exe
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Windows\System\JlJZTWg.exe
  C:\Windows\System\JlJZTWg.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\iqOiZRT.exe
  C:\Windows\System\iqOiZRT.exe
  2⤵
  - Executes dropped EXE
  PID:5812
- C:\Windows\System\OjXiIWb.exe
  C:\Windows\System\OjXiIWb.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\cmcGPPp.exe
  C:\Windows\System\cmcGPPp.exe
  2⤵
  - Executes dropped EXE
  PID:5976
- C:\Windows\System\zEujRZO.exe
  C:\Windows\System\zEujRZO.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\VnKinnB.exe
  C:\Windows\System\VnKinnB.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\ZaacInN.exe
  C:\Windows\System\ZaacInN.exe
  2⤵
  - Executes dropped EXE
  PID:5664
- C:\Windows\System\kPholfX.exe
  C:\Windows\System\kPholfX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\LPERzIE.exe
  C:\Windows\System\LPERzIE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\puXjHFP.exe
  C:\Windows\System\puXjHFP.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\OVvQKaO.exe
  C:\Windows\System\OVvQKaO.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\YRltijr.exe
  C:\Windows\System\YRltijr.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\SSdxXrn.exe
  C:\Windows\System\SSdxXrn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ffdFtPE.exe
  C:\Windows\System\ffdFtPE.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\NpthDoR.exe
  C:\Windows\System\NpthDoR.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\RcCCtmC.exe
  C:\Windows\System\RcCCtmC.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\bcsxycP.exe
  C:\Windows\System\bcsxycP.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\XRtVhFW.exe
  C:\Windows\System\XRtVhFW.exe
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\System\BtYHfLl.exe
  C:\Windows\System\BtYHfLl.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\gWQFWSz.exe
  C:\Windows\System\gWQFWSz.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\rdeEMFJ.exe
  C:\Windows\System\rdeEMFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\sBiAJGP.exe
  C:\Windows\System\sBiAJGP.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\lvmgQdv.exe
  C:\Windows\System\lvmgQdv.exe
  2⤵
  - Executes dropped EXE
  PID:5704
- C:\Windows\System\gogZnHW.exe
  C:\Windows\System\gogZnHW.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\UTiPnyT.exe
  C:\Windows\System\UTiPnyT.exe
  2⤵
  - Executes dropped EXE
  PID:5468
- C:\Windows\System\sTgpLuw.exe
  C:\Windows\System\sTgpLuw.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\FIJmlKE.exe
  C:\Windows\System\FIJmlKE.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\SlJoCms.exe
  C:\Windows\System\SlJoCms.exe
  2⤵
  PID:1956
- C:\Windows\System\cwbrTpT.exe
  C:\Windows\System\cwbrTpT.exe
  2⤵
  PID:2936
- C:\Windows\System\wWYrBii.exe
  C:\Windows\System\wWYrBii.exe
  2⤵
  PID:1288
- C:\Windows\System\yYstpue.exe
  C:\Windows\System\yYstpue.exe
  2⤵
  PID:2476
- C:\Windows\System\YxXEtJY.exe
  C:\Windows\System\YxXEtJY.exe
  2⤵
  PID:2712
- C:\Windows\System\tEJxzvW.exe
  C:\Windows\System\tEJxzvW.exe
  2⤵
  PID:4200
- C:\Windows\System\IHHLzjZ.exe
  C:\Windows\System\IHHLzjZ.exe
  2⤵
  PID:5500
- C:\Windows\System\ALFPtRL.exe
  C:\Windows\System\ALFPtRL.exe
  2⤵
  PID:5152
- C:\Windows\System\unnOYlb.exe
  C:\Windows\System\unnOYlb.exe
  2⤵
  PID:3084
- C:\Windows\System\CPQEsix.exe
  C:\Windows\System\CPQEsix.exe
  2⤵
  PID:3300
- C:\Windows\System\CvJnNVb.exe
  C:\Windows\System\CvJnNVb.exe
  2⤵
  PID:4976
- C:\Windows\System\PxepupY.exe
  C:\Windows\System\PxepupY.exe
  2⤵
  PID:6092
- C:\Windows\System\EYaJhQf.exe
  C:\Windows\System\EYaJhQf.exe
  2⤵
  PID:5656
- C:\Windows\System\yEdWNkk.exe
  C:\Windows\System\yEdWNkk.exe
  2⤵
  PID:3480
- C:\Windows\System\fcRYMtw.exe
  C:\Windows\System\fcRYMtw.exe
  2⤵
  PID:2412
- C:\Windows\System\inwyjsk.exe
  C:\Windows\System\inwyjsk.exe
  2⤵
  PID:4656
- C:\Windows\System\imgPyuV.exe
  C:\Windows\System\imgPyuV.exe
  2⤵
  PID:4716
- C:\Windows\System\AbaGfVl.exe
  C:\Windows\System\AbaGfVl.exe
  2⤵
  PID:4840
- C:\Windows\System\ZGZFzrp.exe
  C:\Windows\System\ZGZFzrp.exe
  2⤵
  PID:4964
- C:\Windows\System\xiOOfBA.exe
  C:\Windows\System\xiOOfBA.exe
  2⤵
  PID:5552
- C:\Windows\System\tVukqKg.exe
  C:\Windows\System\tVukqKg.exe
  2⤵
  PID:6108
- C:\Windows\System\vXuyQQP.exe
  C:\Windows\System\vXuyQQP.exe
  2⤵
  PID:384
- C:\Windows\System\Wefvbpj.exe
  C:\Windows\System\Wefvbpj.exe
  2⤵
  PID:3940
- C:\Windows\System\mlPmaww.exe
  C:\Windows\System\mlPmaww.exe
  2⤵
  PID:3592
- C:\Windows\System\hRmPsba.exe
  C:\Windows\System\hRmPsba.exe
  2⤵
  PID:2040
- C:\Windows\System\rVQYskS.exe
  C:\Windows\System\rVQYskS.exe
  2⤵
  PID:1736
- C:\Windows\System\WWOQMOr.exe
  C:\Windows\System\WWOQMOr.exe
  2⤵
  PID:4292
- C:\Windows\System\VICjTDG.exe
  C:\Windows\System\VICjTDG.exe
  2⤵
  PID:392
- C:\Windows\System\yDXMdGl.exe
  C:\Windows\System\yDXMdGl.exe
  2⤵
  PID:1832
- C:\Windows\System\DLdodMi.exe
  C:\Windows\System\DLdodMi.exe
  2⤵
  PID:4048
- C:\Windows\System\SWPoclD.exe
  C:\Windows\System\SWPoclD.exe
  2⤵
  PID:1364
- C:\Windows\System\YPksQuc.exe
  C:\Windows\System\YPksQuc.exe
  2⤵
  PID:6112
- C:\Windows\System\pgyYrBR.exe
  C:\Windows\System\pgyYrBR.exe
  2⤵
  PID:5316
- C:\Windows\System\mpnPzGG.exe
  C:\Windows\System\mpnPzGG.exe
  2⤵
  PID:5220
- C:\Windows\System\qhyBVTW.exe
  C:\Windows\System\qhyBVTW.exe
  2⤵
  PID:3568
- C:\Windows\System\GmOwsjX.exe
  C:\Windows\System\GmOwsjX.exe
  2⤵
  PID:4180
- C:\Windows\System\WbxfsJl.exe
  C:\Windows\System\WbxfsJl.exe
  2⤵
  PID:5400
- C:\Windows\System\qNotpPK.exe
  C:\Windows\System\qNotpPK.exe
  2⤵
  PID:5304
- C:\Windows\System\eSxsfbA.exe
  C:\Windows\System\eSxsfbA.exe
  2⤵
  PID:4596
- C:\Windows\System\GRSjRTY.exe
  C:\Windows\System\GRSjRTY.exe
  2⤵
  PID:5264
- C:\Windows\System\ZtenErU.exe
  C:\Windows\System\ZtenErU.exe
  2⤵
  PID:4816
- C:\Windows\System\wDrvmNN.exe
  C:\Windows\System\wDrvmNN.exe
  2⤵
  PID:904
- C:\Windows\System\cyNwEvU.exe
  C:\Windows\System\cyNwEvU.exe
  2⤵
  PID:4548
- C:\Windows\System\UWdEuCq.exe
  C:\Windows\System\UWdEuCq.exe
  2⤵
  PID:3748
- C:\Windows\System\WkQYmxf.exe
  C:\Windows\System\WkQYmxf.exe
  2⤵
  PID:1052
- C:\Windows\System\bBaNkRi.exe
  C:\Windows\System\bBaNkRi.exe
  2⤵
  PID:3992
- C:\Windows\System\QPToLnX.exe
  C:\Windows\System\QPToLnX.exe
  2⤵
  PID:1020
- C:\Windows\System\nromCuG.exe
  C:\Windows\System\nromCuG.exe
  2⤵
  PID:5924
- C:\Windows\System\WgbCHWf.exe
  C:\Windows\System\WgbCHWf.exe
  2⤵
  PID:4720
- C:\Windows\System\TFmRjVx.exe
  C:\Windows\System\TFmRjVx.exe
  2⤵
  PID:4956
- C:\Windows\System\kzkAsVo.exe
  C:\Windows\System\kzkAsVo.exe
  2⤵
  PID:4896
- C:\Windows\System\TvjmjkG.exe
  C:\Windows\System\TvjmjkG.exe
  2⤵
  PID:2784
- C:\Windows\System\QnocxMt.exe
  C:\Windows\System\QnocxMt.exe
  2⤵
  PID:5288
- C:\Windows\System\ZEniLdL.exe
  C:\Windows\System\ZEniLdL.exe
  2⤵
  PID:4600
- C:\Windows\System\GfFOdhq.exe
  C:\Windows\System\GfFOdhq.exe
  2⤵
  PID:3420
- C:\Windows\System\BPoqSRq.exe
  C:\Windows\System\BPoqSRq.exe
  2⤵
  PID:1820
- C:\Windows\System\sdWEUjF.exe
  C:\Windows\System\sdWEUjF.exe
  2⤵
  PID:3576
- C:\Windows\System\xveTofl.exe
  C:\Windows\System\xveTofl.exe
  2⤵
  PID:436
- C:\Windows\System\zaoRBsT.exe
  C:\Windows\System\zaoRBsT.exe
  2⤵
  PID:5476
- C:\Windows\System\TxKveSH.exe
  C:\Windows\System\TxKveSH.exe
  2⤵
  PID:1664
- C:\Windows\System\WpKDSyO.exe
  C:\Windows\System\WpKDSyO.exe
  2⤵
  PID:5280
- C:\Windows\System\uStZUwU.exe
  C:\Windows\System\uStZUwU.exe
  2⤵
  PID:5668
- C:\Windows\System\dBIAbgz.exe
  C:\Windows\System\dBIAbgz.exe
  2⤵
  PID:4696
- C:\Windows\System\BdjlXWA.exe
  C:\Windows\System\BdjlXWA.exe
  2⤵
  PID:1940
- C:\Windows\System\wuwcFIn.exe
  C:\Windows\System\wuwcFIn.exe
  2⤵
  PID:3736
- C:\Windows\System\GOBnruP.exe
  C:\Windows\System\GOBnruP.exe
  2⤵
  PID:5028
- C:\Windows\System\hqFgmRO.exe
  C:\Windows\System\hqFgmRO.exe
  2⤵
  PID:1448
- C:\Windows\System\mTFUZjF.exe
  C:\Windows\System\mTFUZjF.exe
  2⤵
  PID:4552
- C:\Windows\System\TFTykBs.exe
  C:\Windows\System\TFTykBs.exe
  2⤵
  PID:3368
- C:\Windows\System\WiOdGTC.exe
  C:\Windows\System\WiOdGTC.exe
  2⤵
  PID:5308
- C:\Windows\System\zUtAtDz.exe
  C:\Windows\System\zUtAtDz.exe
  2⤵
  PID:1880
- C:\Windows\System\pAeOAOD.exe
  C:\Windows\System\pAeOAOD.exe
  2⤵
  PID:4892
- C:\Windows\System\iSAWppG.exe
  C:\Windows\System\iSAWppG.exe
  2⤵
  PID:3988
- C:\Windows\System\SsUPppt.exe
  C:\Windows\System\SsUPppt.exe
  2⤵
  PID:4524
- C:\Windows\System\EEAtjrz.exe
  C:\Windows\System\EEAtjrz.exe
  2⤵
  PID:872
- C:\Windows\System\txoEcet.exe
  C:\Windows\System\txoEcet.exe
  2⤵
  PID:4584
- C:\Windows\System\vvvfoOm.exe
  C:\Windows\System\vvvfoOm.exe
  2⤵
  PID:5932
- C:\Windows\System\QWmxlmS.exe
  C:\Windows\System\QWmxlmS.exe
  2⤵
  PID:6152
- C:\Windows\System\fjCzWui.exe
  C:\Windows\System\fjCzWui.exe
  2⤵
  PID:6180
- C:\Windows\System\vPWwgKl.exe
  C:\Windows\System\vPWwgKl.exe
  2⤵
  PID:6204
- C:\Windows\System\xEXkBIj.exe
  C:\Windows\System\xEXkBIj.exe
  2⤵
  PID:6228
- C:\Windows\System\fJujlLe.exe
  C:\Windows\System\fJujlLe.exe
  2⤵
  PID:6268
- C:\Windows\System\stRCFFA.exe
  C:\Windows\System\stRCFFA.exe
  2⤵
  PID:6324
- C:\Windows\System\UmEMNsT.exe
  C:\Windows\System\UmEMNsT.exe
  2⤵
  PID:6400
- C:\Windows\System\XpvLfOD.exe
  C:\Windows\System\XpvLfOD.exe
  2⤵
  PID:6420
- C:\Windows\System\pmivDAy.exe
  C:\Windows\System\pmivDAy.exe
  2⤵
  PID:6512
- C:\Windows\System\oIWKCuI.exe
  C:\Windows\System\oIWKCuI.exe
  2⤵
  PID:6560
- C:\Windows\System\fGaCTWQ.exe
  C:\Windows\System\fGaCTWQ.exe
  2⤵
  PID:6588
- C:\Windows\System\HgAFGtU.exe
  C:\Windows\System\HgAFGtU.exe
  2⤵
  PID:6656
- C:\Windows\System\ofLaEBf.exe
  C:\Windows\System\ofLaEBf.exe
  2⤵
  PID:6716
- C:\Windows\System\xAIBteU.exe
  C:\Windows\System\xAIBteU.exe
  2⤵
  PID:6756
- C:\Windows\System\VyllVhe.exe
  C:\Windows\System\VyllVhe.exe
  2⤵
  PID:6788
- C:\Windows\System\eUjweRd.exe
  C:\Windows\System\eUjweRd.exe
  2⤵
  PID:6812
- C:\Windows\System\kDuBBrL.exe
  C:\Windows\System\kDuBBrL.exe
  2⤵
  PID:6844
- C:\Windows\System\LKsMqPr.exe
  C:\Windows\System\LKsMqPr.exe
  2⤵
  PID:6872
- C:\Windows\System\nGWrDRt.exe
  C:\Windows\System\nGWrDRt.exe
  2⤵
  PID:6900
- C:\Windows\System\fAqdPKD.exe
  C:\Windows\System\fAqdPKD.exe
  2⤵
  PID:6928
- C:\Windows\System\CSjItPI.exe
  C:\Windows\System\CSjItPI.exe
  2⤵
  PID:6952
- C:\Windows\System\MElEJGy.exe
  C:\Windows\System\MElEJGy.exe
  2⤵
  PID:6984
- C:\Windows\System\eacICac.exe
  C:\Windows\System\eacICac.exe
  2⤵
  PID:7004
- C:\Windows\System\elOwUMy.exe
  C:\Windows\System\elOwUMy.exe
  2⤵
  PID:7028
- C:\Windows\System\XSSOuSc.exe
  C:\Windows\System\XSSOuSc.exe
  2⤵
  PID:7056
- C:\Windows\System\IsCMNYO.exe
  C:\Windows\System\IsCMNYO.exe
  2⤵
  PID:7088
- C:\Windows\System\NRdnekc.exe
  C:\Windows\System\NRdnekc.exe
  2⤵
  PID:7120
- C:\Windows\System\gXiysVm.exe
  C:\Windows\System\gXiysVm.exe
  2⤵
  PID:7152
- C:\Windows\System\YyIePKG.exe
  C:\Windows\System\YyIePKG.exe
  2⤵
  PID:6176
- C:\Windows\System\ZkQWWax.exe
  C:\Windows\System\ZkQWWax.exe
  2⤵
  PID:6240
- C:\Windows\System\AzyvPBD.exe
  C:\Windows\System\AzyvPBD.exe
  2⤵
  PID:6352
- C:\Windows\System\neknvTx.exe
  C:\Windows\System\neknvTx.exe
  2⤵
  PID:6476
- C:\Windows\System\cQCiboA.exe
  C:\Windows\System\cQCiboA.exe
  2⤵
  PID:6584
- C:\Windows\System\QJOHXTk.exe
  C:\Windows\System\QJOHXTk.exe
  2⤵
  PID:6696
- C:\Windows\System\PsJMYKh.exe
  C:\Windows\System\PsJMYKh.exe
  2⤵
  PID:6784
- C:\Windows\System\SBPBoQz.exe
  C:\Windows\System\SBPBoQz.exe
  2⤵
  PID:6832
- C:\Windows\System\fPQBAoE.exe
  C:\Windows\System\fPQBAoE.exe
  2⤵
  PID:6896
- C:\Windows\System\EFqHxvu.exe
  C:\Windows\System\EFqHxvu.exe
  2⤵
  PID:6980
- C:\Windows\System\nKWETCb.exe
  C:\Windows\System\nKWETCb.exe
  2⤵
  PID:7044
- C:\Windows\System\OUdvnii.exe
  C:\Windows\System\OUdvnii.exe
  2⤵
  PID:7108
- C:\Windows\System\sdsUExj.exe
  C:\Windows\System\sdsUExj.exe
  2⤵
  PID:6160
- C:\Windows\System\ORWskQr.exe
  C:\Windows\System\ORWskQr.exe
  2⤵
  PID:6380
- C:\Windows\System\oYBQeUK.exe
  C:\Windows\System\oYBQeUK.exe
  2⤵
  PID:6556
- C:\Windows\System\VFrGhKK.exe
  C:\Windows\System\VFrGhKK.exe
  2⤵
  PID:6840
- C:\Windows\System\RKVdouX.exe
  C:\Windows\System\RKVdouX.exe
  2⤵
  PID:6944
- C:\Windows\System\emOiDqS.exe
  C:\Windows\System\emOiDqS.exe
  2⤵
  PID:1648
- C:\Windows\System\JvLscSD.exe
  C:\Windows\System\JvLscSD.exe
  2⤵
  PID:5736
- C:\Windows\System\OUnJWxt.exe
  C:\Windows\System\OUnJWxt.exe
  2⤵
  PID:1472
- C:\Windows\System\xRqZAJR.exe
  C:\Windows\System\xRqZAJR.exe
  2⤵
  PID:1876
- C:\Windows\System\GDawjlV.exe
  C:\Windows\System\GDawjlV.exe
  2⤵
  PID:2572
- C:\Windows\System\kGVASKC.exe
  C:\Windows\System\kGVASKC.exe
  2⤵
  PID:7140
- C:\Windows\System\GxuyMIX.exe
  C:\Windows\System\GxuyMIX.exe
  2⤵
  PID:6684
- C:\Windows\System\EqHzVIV.exe
  C:\Windows\System\EqHzVIV.exe
  2⤵
  PID:2060
- C:\Windows\System\xpRlMUp.exe
  C:\Windows\System\xpRlMUp.exe
  2⤵
  PID:3664
- C:\Windows\System\ONkcBKE.exe
  C:\Windows\System\ONkcBKE.exe
  2⤵
  PID:3220
- C:\Windows\System\KfcXxCC.exe
  C:\Windows\System\KfcXxCC.exe
  2⤵
  PID:6296
- C:\Windows\System\olonwhi.exe
  C:\Windows\System\olonwhi.exe
  2⤵
  PID:908
- C:\Windows\System\AFZibBp.exe
  C:\Windows\System\AFZibBp.exe
  2⤵
  PID:7104
- C:\Windows\System\yILAEUZ.exe
  C:\Windows\System\yILAEUZ.exe
  2⤵
  PID:7188
- C:\Windows\System\DdLfEVR.exe
  C:\Windows\System\DdLfEVR.exe
  2⤵
  PID:7208
- C:\Windows\System\JoNSQsX.exe
  C:\Windows\System\JoNSQsX.exe
  2⤵
  PID:7248
- C:\Windows\System\FbHjyVl.exe
  C:\Windows\System\FbHjyVl.exe
  2⤵
  PID:7276
- C:\Windows\System\AqtNcGq.exe
  C:\Windows\System\AqtNcGq.exe
  2⤵
  PID:7304
- C:\Windows\System\SVZoMgz.exe
  C:\Windows\System\SVZoMgz.exe
  2⤵
  PID:7336
- C:\Windows\System\cFhRgLs.exe
  C:\Windows\System\cFhRgLs.exe
  2⤵
  PID:7360
- C:\Windows\System\vQGuLNN.exe
  C:\Windows\System\vQGuLNN.exe
  2⤵
  PID:7388
- C:\Windows\System\PhbGagN.exe
  C:\Windows\System\PhbGagN.exe
  2⤵
  PID:7444
- C:\Windows\System\lOkQflB.exe
  C:\Windows\System\lOkQflB.exe
  2⤵
  PID:7472
- C:\Windows\System\YXGhRWQ.exe
  C:\Windows\System\YXGhRWQ.exe
  2⤵
  PID:7504
- C:\Windows\System\GyevnDV.exe
  C:\Windows\System\GyevnDV.exe
  2⤵
  PID:7548
- C:\Windows\System\YnRXCiS.exe
  C:\Windows\System\YnRXCiS.exe
  2⤵
  PID:7572
- C:\Windows\System\cvlxZzN.exe
  C:\Windows\System\cvlxZzN.exe
  2⤵
  PID:7600
- C:\Windows\System\EBgbpXE.exe
  C:\Windows\System\EBgbpXE.exe
  2⤵
  PID:7628
- C:\Windows\System\OLmHBCk.exe
  C:\Windows\System\OLmHBCk.exe
  2⤵
  PID:7660
- C:\Windows\System\QWFnZpj.exe
  C:\Windows\System\QWFnZpj.exe
  2⤵
  PID:7684
- C:\Windows\System\mpfJKuJ.exe
  C:\Windows\System\mpfJKuJ.exe
  2⤵
  PID:7720
- C:\Windows\System\UYTgxer.exe
  C:\Windows\System\UYTgxer.exe
  2⤵
  PID:7740
- C:\Windows\System\qRuWHyg.exe
  C:\Windows\System\qRuWHyg.exe
  2⤵
  PID:7768
- C:\Windows\System\LchEXqi.exe
  C:\Windows\System\LchEXqi.exe
  2⤵
  PID:7804
- C:\Windows\System\oXrQcYW.exe
  C:\Windows\System\oXrQcYW.exe
  2⤵
  PID:7824
- C:\Windows\System\SzCAxpc.exe
  C:\Windows\System\SzCAxpc.exe
  2⤵
  PID:7852
- C:\Windows\System\JLnZeLQ.exe
  C:\Windows\System\JLnZeLQ.exe
  2⤵
  PID:7880
- C:\Windows\System\GwQlSDF.exe
  C:\Windows\System\GwQlSDF.exe
  2⤵
  PID:7912
- C:\Windows\System\iZUoTyB.exe
  C:\Windows\System\iZUoTyB.exe
  2⤵
  PID:7940
- C:\Windows\System\FabqdVu.exe
  C:\Windows\System\FabqdVu.exe
  2⤵
  PID:7972
- C:\Windows\System\lqTnVOv.exe
  C:\Windows\System\lqTnVOv.exe
  2⤵
  PID:8000
- C:\Windows\System\DksMXFc.exe
  C:\Windows\System\DksMXFc.exe
  2⤵
  PID:8020
- C:\Windows\System\wtChhrW.exe
  C:\Windows\System\wtChhrW.exe
  2⤵
  PID:8056
- C:\Windows\System\uXpMOAK.exe
  C:\Windows\System\uXpMOAK.exe
  2⤵
  PID:8080
- C:\Windows\System\fZlZeEg.exe
  C:\Windows\System\fZlZeEg.exe
  2⤵
  PID:8112
- C:\Windows\System\zgwQYul.exe
  C:\Windows\System\zgwQYul.exe
  2⤵
  PID:8140
- C:\Windows\System\rPougFx.exe
  C:\Windows\System\rPougFx.exe
  2⤵
  PID:8164
- C:\Windows\System\XnkpaPJ.exe
  C:\Windows\System\XnkpaPJ.exe
  2⤵
  PID:1612
- C:\Windows\System\qpqwWjM.exe
  C:\Windows\System\qpqwWjM.exe
  2⤵
  PID:7228
- C:\Windows\System\WABaLlY.exe
  C:\Windows\System\WABaLlY.exe
  2⤵
  PID:7292
- C:\Windows\System\vcXDaih.exe
  C:\Windows\System\vcXDaih.exe
  2⤵
  PID:7376
- C:\Windows\System\yDEVKWO.exe
  C:\Windows\System\yDEVKWO.exe
  2⤵
  PID:7464
- C:\Windows\System\horglhY.exe
  C:\Windows\System\horglhY.exe
  2⤵
  PID:7540
- C:\Windows\System\zvXSjXS.exe
  C:\Windows\System\zvXSjXS.exe
  2⤵
  PID:7620
- C:\Windows\System\ORppPAP.exe
  C:\Windows\System\ORppPAP.exe
  2⤵
  PID:7680
- C:\Windows\System\ygLkiTy.exe
  C:\Windows\System\ygLkiTy.exe
  2⤵
  PID:7732
- C:\Windows\System\ENFGSCC.exe
  C:\Windows\System\ENFGSCC.exe
  2⤵
  PID:7812
- C:\Windows\System\sRwhifE.exe
  C:\Windows\System\sRwhifE.exe
  2⤵
  PID:7892
- C:\Windows\System\DweJBZN.exe
  C:\Windows\System\DweJBZN.exe
  2⤵
  PID:7928
- C:\Windows\System\wqMwcrj.exe
  C:\Windows\System\wqMwcrj.exe
  2⤵
  PID:2800
- C:\Windows\System\roqTBVU.exe
  C:\Windows\System\roqTBVU.exe
  2⤵
  PID:8068
- C:\Windows\System\SASyeTk.exe
  C:\Windows\System\SASyeTk.exe
  2⤵
  PID:8128
- C:\Windows\System\TiBwBVo.exe
  C:\Windows\System\TiBwBVo.exe
  2⤵
  PID:7196
- C:\Windows\System\ZtJrSeg.exe
  C:\Windows\System\ZtJrSeg.exe
  2⤵
  PID:7344
- C:\Windows\System\nwsHlYi.exe
  C:\Windows\System\nwsHlYi.exe
  2⤵
  PID:7564
- C:\Windows\System\lFTKxIT.exe
  C:\Windows\System\lFTKxIT.exe
  2⤵
  PID:7648
- C:\Windows\System\fzRGudp.exe
  C:\Windows\System\fzRGudp.exe
  2⤵
  PID:7780
- C:\Windows\System\GiQyAVy.exe
  C:\Windows\System\GiQyAVy.exe
  2⤵
  PID:7980
- C:\Windows\System\pyGuZgc.exe
  C:\Windows\System\pyGuZgc.exe
  2⤵
  PID:8100
- C:\Windows\System\WlfKWba.exe
  C:\Windows\System\WlfKWba.exe
  2⤵
  PID:7264
- C:\Windows\System\OUdGFjb.exe
  C:\Windows\System\OUdGFjb.exe
  2⤵
  PID:7728
- C:\Windows\System\tNpmTPZ.exe
  C:\Windows\System\tNpmTPZ.exe
  2⤵
  PID:8016
- C:\Windows\System\QCGJQkW.exe
  C:\Windows\System\QCGJQkW.exe
  2⤵
  PID:7528
- C:\Windows\System\lRGJvLu.exe
  C:\Windows\System\lRGJvLu.exe
  2⤵
  PID:7436
- C:\Windows\System\DZMomPv.exe
  C:\Windows\System\DZMomPv.exe
  2⤵
  PID:8200
- C:\Windows\System\kxZOeef.exe
  C:\Windows\System\kxZOeef.exe
  2⤵
  PID:8228
- C:\Windows\System\tAnKDma.exe
  C:\Windows\System\tAnKDma.exe
  2⤵
  PID:8256
- C:\Windows\System\WukCRHO.exe
  C:\Windows\System\WukCRHO.exe
  2⤵
  PID:8284
- C:\Windows\System\hFsOjnX.exe
  C:\Windows\System\hFsOjnX.exe
  2⤵
  PID:8312
- C:\Windows\System\AKedjgE.exe
  C:\Windows\System\AKedjgE.exe
  2⤵
  PID:8348
- C:\Windows\System\xVCJGoS.exe
  C:\Windows\System\xVCJGoS.exe
  2⤵
  PID:8368
- C:\Windows\System\rYPPIgP.exe
  C:\Windows\System\rYPPIgP.exe
  2⤵
  PID:8400
- C:\Windows\System\oGfeRYe.exe
  C:\Windows\System\oGfeRYe.exe
  2⤵
  PID:8424
- C:\Windows\System\dYOnyyK.exe
  C:\Windows\System\dYOnyyK.exe
  2⤵
  PID:8468
- C:\Windows\System\VBcsoHL.exe
  C:\Windows\System\VBcsoHL.exe
  2⤵
  PID:8540
- C:\Windows\System\eOInSTr.exe
  C:\Windows\System\eOInSTr.exe
  2⤵
  PID:8616
- C:\Windows\System\eiLdkZT.exe
  C:\Windows\System\eiLdkZT.exe
  2⤵
  PID:8644
- C:\Windows\System\xCaOeaB.exe
  C:\Windows\System\xCaOeaB.exe
  2⤵
  PID:8664
- C:\Windows\System\fqzPjaF.exe
  C:\Windows\System\fqzPjaF.exe
  2⤵
  PID:8684
- C:\Windows\System\hsAUeWM.exe
  C:\Windows\System\hsAUeWM.exe
  2⤵
  PID:8744
- C:\Windows\System\dEiDUxS.exe
  C:\Windows\System\dEiDUxS.exe
  2⤵
  PID:8776
- C:\Windows\System\NcsPXNq.exe
  C:\Windows\System\NcsPXNq.exe
  2⤵
  PID:8796
- C:\Windows\System\yGxVmpx.exe
  C:\Windows\System\yGxVmpx.exe
  2⤵
  PID:8824
- C:\Windows\System\DJNzNtE.exe
  C:\Windows\System\DJNzNtE.exe
  2⤵
  PID:8864
- C:\Windows\System\XqlDiqf.exe
  C:\Windows\System\XqlDiqf.exe
  2⤵
  PID:8892
- C:\Windows\System\TcXiEUY.exe
  C:\Windows\System\TcXiEUY.exe
  2⤵
  PID:8916
- C:\Windows\System\roQuuHh.exe
  C:\Windows\System\roQuuHh.exe
  2⤵
  PID:8944
- C:\Windows\System\xHAtjSm.exe
  C:\Windows\System\xHAtjSm.exe
  2⤵
  PID:8972
- C:\Windows\System\eEvrUtC.exe
  C:\Windows\System\eEvrUtC.exe
  2⤵
  PID:9000
- C:\Windows\System\xvEEIKF.exe
  C:\Windows\System\xvEEIKF.exe
  2⤵
  PID:9032
- C:\Windows\System\IYAoqek.exe
  C:\Windows\System\IYAoqek.exe
  2⤵
  PID:9056
- C:\Windows\System\MgTMjDu.exe
  C:\Windows\System\MgTMjDu.exe
  2⤵
  PID:9088
- C:\Windows\System\HextqoP.exe
  C:\Windows\System\HextqoP.exe
  2⤵
  PID:9112
- C:\Windows\System\fRHvSIt.exe
  C:\Windows\System\fRHvSIt.exe
  2⤵
  PID:9148
- C:\Windows\System\WOqtcSr.exe
  C:\Windows\System\WOqtcSr.exe
  2⤵
  PID:9168
- C:\Windows\System\SJanzdR.exe
  C:\Windows\System\SJanzdR.exe
  2⤵
  PID:9196
- C:\Windows\System\lbrKciX.exe
  C:\Windows\System\lbrKciX.exe
  2⤵
  PID:8220
- C:\Windows\System\uxHYRck.exe
  C:\Windows\System\uxHYRck.exe
  2⤵
  PID:8296
- C:\Windows\System\rgKXaiZ.exe
  C:\Windows\System\rgKXaiZ.exe
  2⤵
  PID:8356
- C:\Windows\System\lRjIwNA.exe
  C:\Windows\System\lRjIwNA.exe
  2⤵
  PID:8420
- C:\Windows\System\MXAoyJI.exe
  C:\Windows\System\MXAoyJI.exe
  2⤵
  PID:8552
- C:\Windows\System\VeJbqNe.exe
  C:\Windows\System\VeJbqNe.exe
  2⤵
  PID:8680
- C:\Windows\System\GEehOwG.exe
  C:\Windows\System\GEehOwG.exe
  2⤵
  PID:8712
- C:\Windows\System\AyikLdl.exe
  C:\Windows\System\AyikLdl.exe
  2⤵
  PID:8792
- C:\Windows\System\PQritlz.exe
  C:\Windows\System\PQritlz.exe
  2⤵
  PID:8844
- C:\Windows\System\xqMaraI.exe
  C:\Windows\System\xqMaraI.exe
  2⤵
  PID:8908
- C:\Windows\System\IbterbR.exe
  C:\Windows\System\IbterbR.exe
  2⤵
  PID:8968
- C:\Windows\System\xJUvzRp.exe
  C:\Windows\System\xJUvzRp.exe
  2⤵
  PID:9048
- C:\Windows\System\cvFbCzn.exe
  C:\Windows\System\cvFbCzn.exe
  2⤵
  PID:9108
- C:\Windows\System\YnRrVDG.exe
  C:\Windows\System\YnRrVDG.exe
  2⤵
  PID:9160
- C:\Windows\System\iVUsMBh.exe
  C:\Windows\System\iVUsMBh.exe
  2⤵
  PID:8196
- C:\Windows\System\WhMKUXU.exe
  C:\Windows\System\WhMKUXU.exe
  2⤵
  PID:8388
- C:\Windows\System\fKAKRpS.exe
  C:\Windows\System\fKAKRpS.exe
  2⤵
  PID:8672
- C:\Windows\System\JIZlDII.exe
  C:\Windows\System\JIZlDII.exe
  2⤵
  PID:8820
- C:\Windows\System\KgUNWRp.exe
  C:\Windows\System\KgUNWRp.exe
  2⤵
  PID:4688
- C:\Windows\System\nCYwITY.exe
  C:\Windows\System\nCYwITY.exe
  2⤵
  PID:9132
- C:\Windows\System\ifidUSu.exe
  C:\Windows\System\ifidUSu.exe
  2⤵
  PID:8324
- C:\Windows\System\kWldpef.exe
  C:\Windows\System\kWldpef.exe
  2⤵
  PID:8760
- C:\Windows\System\wBOLlHd.exe
  C:\Windows\System\wBOLlHd.exe
  2⤵
  PID:9156
- C:\Windows\System\uslJBlz.exe
  C:\Windows\System\uslJBlz.exe
  2⤵
  PID:8872
- C:\Windows\System\qPXjwqw.exe
  C:\Windows\System\qPXjwqw.exe
  2⤵
  PID:9208
- C:\Windows\System\rHxRCLz.exe
  C:\Windows\System\rHxRCLz.exe
  2⤵
  PID:9248
- C:\Windows\System\ExBqPmC.exe
  C:\Windows\System\ExBqPmC.exe
  2⤵
  PID:9280
- C:\Windows\System\PjSVYhE.exe
  C:\Windows\System\PjSVYhE.exe
  2⤵
  PID:9308
- C:\Windows\System\TvvkVMP.exe
  C:\Windows\System\TvvkVMP.exe
  2⤵
  PID:9328
- C:\Windows\System\lHTIyGg.exe
  C:\Windows\System\lHTIyGg.exe
  2⤵
  PID:9360
- C:\Windows\System\LGrBFgs.exe
  C:\Windows\System\LGrBFgs.exe
  2⤵
  PID:9388
- C:\Windows\System\whtttrd.exe
  C:\Windows\System\whtttrd.exe
  2⤵
  PID:9428
- C:\Windows\System\gxZYRFK.exe
  C:\Windows\System\gxZYRFK.exe
  2⤵
  PID:9444
- C:\Windows\System\UVwXSqr.exe
  C:\Windows\System\UVwXSqr.exe
  2⤵
  PID:9484
- C:\Windows\System\MibQnts.exe
  C:\Windows\System\MibQnts.exe
  2⤵
  PID:9516
- C:\Windows\System\sOVcvCQ.exe
  C:\Windows\System\sOVcvCQ.exe
  2⤵
  PID:9532
- C:\Windows\System\sNPntLC.exe
  C:\Windows\System\sNPntLC.exe
  2⤵
  PID:9548
- C:\Windows\System\xHjQnAW.exe
  C:\Windows\System\xHjQnAW.exe
  2⤵
  PID:9588
- C:\Windows\System\QFpWLLo.exe
  C:\Windows\System\QFpWLLo.exe
  2⤵
  PID:9628
- C:\Windows\System\kfvovpk.exe
  C:\Windows\System\kfvovpk.exe
  2⤵
  PID:9664
- C:\Windows\System\JmRWfvQ.exe
  C:\Windows\System\JmRWfvQ.exe
  2⤵
  PID:9680
- C:\Windows\System\XktmwEY.exe
  C:\Windows\System\XktmwEY.exe
  2⤵
  PID:9708
- C:\Windows\System\ESLfDgu.exe
  C:\Windows\System\ESLfDgu.exe
  2⤵
  PID:9740
- C:\Windows\System\AdGgWXj.exe
  C:\Windows\System\AdGgWXj.exe
  2⤵
  PID:9772
- C:\Windows\System\IJEskHF.exe
  C:\Windows\System\IJEskHF.exe
  2⤵
  PID:9792
- C:\Windows\System\BZKabOU.exe
  C:\Windows\System\BZKabOU.exe
  2⤵
  PID:9820
- C:\Windows\System\jFMLoiy.exe
  C:\Windows\System\jFMLoiy.exe
  2⤵
  PID:9888
- C:\Windows\System\UTlvahH.exe
  C:\Windows\System\UTlvahH.exe
  2⤵
  PID:9912
- C:\Windows\System\gssYQHk.exe
  C:\Windows\System\gssYQHk.exe
  2⤵
  PID:9932
- C:\Windows\System\vBSqjpJ.exe
  C:\Windows\System\vBSqjpJ.exe
  2⤵
  PID:9984
- C:\Windows\System\fSyxaCS.exe
  C:\Windows\System\fSyxaCS.exe
  2⤵
  PID:10008
- C:\Windows\System\aqojFNX.exe
  C:\Windows\System\aqojFNX.exe
  2⤵
  PID:10044
- C:\Windows\System\MHdSRUx.exe
  C:\Windows\System\MHdSRUx.exe
  2⤵
  PID:10092
- C:\Windows\System\aTHLfHI.exe
  C:\Windows\System\aTHLfHI.exe
  2⤵
  PID:10116
- C:\Windows\System\QOaOyBR.exe
  C:\Windows\System\QOaOyBR.exe
  2⤵
  PID:10144
- C:\Windows\System\gWRMDRH.exe
  C:\Windows\System\gWRMDRH.exe
  2⤵
  PID:10180
- C:\Windows\System\nkPVQCA.exe
  C:\Windows\System\nkPVQCA.exe
  2⤵
  PID:10204
- C:\Windows\System\BAAiaSO.exe
  C:\Windows\System\BAAiaSO.exe
  2⤵
  PID:10232
- C:\Windows\System\RuzEuTR.exe
  C:\Windows\System\RuzEuTR.exe
  2⤵
  PID:9288
- C:\Windows\System\tDlhNzV.exe
  C:\Windows\System\tDlhNzV.exe
  2⤵
  PID:9352
- C:\Windows\System\AQITDEJ.exe
  C:\Windows\System\AQITDEJ.exe
  2⤵
  PID:9424
- C:\Windows\System\hGIDkba.exe
  C:\Windows\System\hGIDkba.exe
  2⤵
  PID:9468
- C:\Windows\System\ayxXfnV.exe
  C:\Windows\System\ayxXfnV.exe
  2⤵
  PID:9560
- C:\Windows\System\iwPnyNi.exe
  C:\Windows\System\iwPnyNi.exe
  2⤵
  PID:9612
- C:\Windows\System\NhbSfbH.exe
  C:\Windows\System\NhbSfbH.exe
  2⤵
  PID:9660
- C:\Windows\System\rALanLT.exe
  C:\Windows\System\rALanLT.exe
  2⤵
  PID:9720
- C:\Windows\System\kHWsqjr.exe
  C:\Windows\System\kHWsqjr.exe
  2⤵
  PID:9784
- C:\Windows\System\dBKXRse.exe
  C:\Windows\System\dBKXRse.exe
  2⤵
  PID:9816
- C:\Windows\System\mICMoWr.exe
  C:\Windows\System\mICMoWr.exe
  2⤵
  PID:212
- C:\Windows\System\qQTmHEe.exe
  C:\Windows\System\qQTmHEe.exe
  2⤵
  PID:2860
- C:\Windows\System\VpFCEil.exe
  C:\Windows\System\VpFCEil.exe
  2⤵
  PID:3064
- C:\Windows\System\sRufZjH.exe
  C:\Windows\System\sRufZjH.exe
  2⤵
  PID:5088
- C:\Windows\System\hLDAGdr.exe
  C:\Windows\System\hLDAGdr.exe
  2⤵
  PID:3648
- C:\Windows\System\xbqoMRX.exe
  C:\Windows\System\xbqoMRX.exe
  2⤵
  PID:10224
- C:\Windows\System\HTKmQby.exe
  C:\Windows\System\HTKmQby.exe
  2⤵
  PID:9324
- C:\Windows\System\rmCMInC.exe
  C:\Windows\System\rmCMInC.exe
  2⤵
  PID:9436
- C:\Windows\System\nJjPnAD.exe
  C:\Windows\System\nJjPnAD.exe
  2⤵
  PID:9676
- C:\Windows\System\iMbhFQT.exe
  C:\Windows\System\iMbhFQT.exe
  2⤵
  PID:6300
- C:\Windows\System\wynhQRl.exe
  C:\Windows\System\wynhQRl.exe
  2⤵
  PID:2516
- C:\Windows\System\xtaaxNu.exe
  C:\Windows\System\xtaaxNu.exe
  2⤵
  PID:10128
- C:\Windows\System\GnyUxhi.exe
  C:\Windows\System\GnyUxhi.exe
  2⤵
  PID:9228
- C:\Windows\System\LHYNMoU.exe
  C:\Windows\System\LHYNMoU.exe
  2⤵
  PID:9524
- C:\Windows\System\BokbywC.exe
  C:\Windows\System\BokbywC.exe
  2⤵
  PID:5612
- C:\Windows\System\nHRGzHS.exe
  C:\Windows\System\nHRGzHS.exe
  2⤵
  PID:10188
- C:\Windows\System\KBVrzNU.exe
  C:\Windows\System\KBVrzNU.exe
  2⤵
  PID:10164
- C:\Windows\System\iWtmyjU.exe
  C:\Windows\System\iWtmyjU.exe
  2⤵
  PID:10288
- C:\Windows\System\XcIfmzG.exe
  C:\Windows\System\XcIfmzG.exe
  2⤵
  PID:10308
- C:\Windows\System\wEhLVtg.exe
  C:\Windows\System\wEhLVtg.exe
  2⤵
  PID:10328
- C:\Windows\System\QbxnXDN.exe
  C:\Windows\System\QbxnXDN.exe
  2⤵
  PID:10408
- C:\Windows\System\eowigXp.exe
  C:\Windows\System\eowigXp.exe
  2⤵
  PID:10428
- C:\Windows\System\lhFHTjt.exe
  C:\Windows\System\lhFHTjt.exe
  2⤵
  PID:10500
- C:\Windows\System\grMyOfZ.exe
  C:\Windows\System\grMyOfZ.exe
  2⤵
  PID:10540
- C:\Windows\System\VrPjVUE.exe
  C:\Windows\System\VrPjVUE.exe
  2⤵
  PID:10568
- C:\Windows\System\cANLPBs.exe
  C:\Windows\System\cANLPBs.exe
  2⤵
  PID:10600
- C:\Windows\System\sVIBGex.exe
  C:\Windows\System\sVIBGex.exe
  2⤵
  PID:10652
- C:\Windows\System\IVXhWCg.exe
  C:\Windows\System\IVXhWCg.exe
  2⤵
  PID:10692
- C:\Windows\System\snecBsH.exe
  C:\Windows\System\snecBsH.exe
  2⤵
  PID:10724
- C:\Windows\System\GSRmKAo.exe
  C:\Windows\System\GSRmKAo.exe
  2⤵
  PID:10760
- C:\Windows\System\sqSbafC.exe
  C:\Windows\System\sqSbafC.exe
  2⤵
  PID:10788
- C:\Windows\System\mSOauRt.exe
  C:\Windows\System\mSOauRt.exe
  2⤵
  PID:10820
- C:\Windows\System\FityayF.exe
  C:\Windows\System\FityayF.exe
  2⤵
  PID:10852
- C:\Windows\System\OOIChha.exe
  C:\Windows\System\OOIChha.exe
  2⤵
  PID:10884
- C:\Windows\System\zIwHtnc.exe
  C:\Windows\System\zIwHtnc.exe
  2⤵
  PID:10916
- C:\Windows\System\XumlJYd.exe
  C:\Windows\System\XumlJYd.exe
  2⤵
  PID:10952
- C:\Windows\System\hQvjuAb.exe
  C:\Windows\System\hQvjuAb.exe
  2⤵
  PID:10984
- C:\Windows\System\CBTXcUf.exe
  C:\Windows\System\CBTXcUf.exe
  2⤵
  PID:11020
- C:\Windows\System\kopQBrN.exe
  C:\Windows\System\kopQBrN.exe
  2⤵
  PID:11060
- C:\Windows\System\JvfVYUJ.exe
  C:\Windows\System\JvfVYUJ.exe
  2⤵
  PID:11076
- C:\Windows\System\wGzwrTk.exe
  C:\Windows\System\wGzwrTk.exe
  2⤵
  PID:11104
- C:\Windows\System\vCzvyDN.exe
  C:\Windows\System\vCzvyDN.exe
  2⤵
  PID:11132
- C:\Windows\System\WKBraOu.exe
  C:\Windows\System\WKBraOu.exe
  2⤵
  PID:11160
- C:\Windows\System\XJAvNmn.exe
  C:\Windows\System\XJAvNmn.exe
  2⤵
  PID:11188
- C:\Windows\System\jGSxJNA.exe
  C:\Windows\System\jGSxJNA.exe
  2⤵
  PID:11216
- C:\Windows\System\GSjeTUL.exe
  C:\Windows\System\GSjeTUL.exe
  2⤵
  PID:11248
- C:\Windows\System\xHNrGCz.exe
  C:\Windows\System\xHNrGCz.exe
  2⤵
  PID:3492
- C:\Windows\System\saDWPmk.exe
  C:\Windows\System\saDWPmk.exe
  2⤵
  PID:10316
- C:\Windows\System\rFHTfRD.exe
  C:\Windows\System\rFHTfRD.exe
  2⤵
  PID:10380
- C:\Windows\System\DIfsoay.exe
  C:\Windows\System\DIfsoay.exe
  2⤵
  PID:10440
- C:\Windows\System\DDMqIHX.exe
  C:\Windows\System\DDMqIHX.exe
  2⤵
  PID:9880
- C:\Windows\System\VWQICev.exe
  C:\Windows\System\VWQICev.exe
  2⤵
  PID:10032
- C:\Windows\System\OTrQiLc.exe
  C:\Windows\System\OTrQiLc.exe
  2⤵
  PID:9868
- C:\Windows\System\OuixXAz.exe
  C:\Windows\System\OuixXAz.exe
  2⤵
  PID:3860
- C:\Windows\System\ashagTu.exe
  C:\Windows\System\ashagTu.exe
  2⤵
  PID:10644
- C:\Windows\System\VhwfMjD.exe
  C:\Windows\System\VhwfMjD.exe
  2⤵
  PID:10716
- C:\Windows\System\PGVjZAD.exe
  C:\Windows\System\PGVjZAD.exe
  2⤵
  PID:10780
- C:\Windows\System\xJIrzfK.exe
  C:\Windows\System\xJIrzfK.exe
  2⤵
  PID:10840
- C:\Windows\System\tPMAfkF.exe
  C:\Windows\System\tPMAfkF.exe
  2⤵
  PID:10896
- C:\Windows\System\nPJABDE.exe
  C:\Windows\System\nPJABDE.exe
  2⤵
  PID:11012
- C:\Windows\System\FoEKosV.exe
  C:\Windows\System\FoEKosV.exe
  2⤵
  PID:10624
- C:\Windows\System\FTZVclS.exe
  C:\Windows\System\FTZVclS.exe
  2⤵
  PID:11088
- C:\Windows\System\KLbCIyu.exe
  C:\Windows\System\KLbCIyu.exe
  2⤵
  PID:11152
- C:\Windows\System\hoVjzgx.exe
  C:\Windows\System\hoVjzgx.exe
  2⤵
  PID:11208
- C:\Windows\System\FNbFsvi.exe
  C:\Windows\System\FNbFsvi.exe
  2⤵
  PID:9700
- C:\Windows\System\GZcvlzD.exe
  C:\Windows\System\GZcvlzD.exe
  2⤵
  PID:4396
- C:\Windows\System\bqgTywr.exe
  C:\Windows\System\bqgTywr.exe
  2⤵
  PID:10064
- C:\Windows\System\tYgnPwU.exe
  C:\Windows\System\tYgnPwU.exe
  2⤵
  PID:10832
- C:\Windows\System\TxDugWK.exe
  C:\Windows\System\TxDugWK.exe
  2⤵
  PID:10944
- C:\Windows\System\ncvwAXd.exe
  C:\Windows\System\ncvwAXd.exe
  2⤵
  PID:10664
- C:\Windows\System\MHpYIFj.exe
  C:\Windows\System\MHpYIFj.exe
  2⤵
  PID:376
- C:\Windows\System\fhDMKuh.exe
  C:\Windows\System\fhDMKuh.exe
  2⤵
  PID:11128
- C:\Windows\System\TEgcYsX.exe
  C:\Windows\System\TEgcYsX.exe
  2⤵
  PID:10364
- C:\Windows\System\WRafHpn.exe
  C:\Windows\System\WRafHpn.exe
  2⤵
  PID:6460
- C:\Windows\System\YzqPoCI.exe
  C:\Windows\System\YzqPoCI.exe
  2⤵
  PID:10972
- C:\Windows\System\drqPlmz.exe
  C:\Windows\System\drqPlmz.exe
  2⤵
  PID:10004
- C:\Windows\System\UKQRHub.exe
  C:\Windows\System\UKQRHub.exe
  2⤵
  PID:9568
- C:\Windows\System\eCOhSWV.exe
  C:\Windows\System\eCOhSWV.exe
  2⤵
  PID:9896
- C:\Windows\System\apyIVNL.exe
  C:\Windows\System\apyIVNL.exe
  2⤵
  PID:5232
- C:\Windows\System\LmaXjtS.exe
  C:\Windows\System\LmaXjtS.exe
  2⤵
  PID:10772
- C:\Windows\System\fMeLYzK.exe
  C:\Windows\System\fMeLYzK.exe
  2⤵
  PID:10000
- C:\Windows\System\zwyOvQX.exe
  C:\Windows\System\zwyOvQX.exe
  2⤵
  PID:10404
- C:\Windows\System\SynfwIB.exe
  C:\Windows\System\SynfwIB.exe
  2⤵
  PID:9968
- C:\Windows\System\fdnezzs.exe
  C:\Windows\System\fdnezzs.exe
  2⤵
  PID:10676
- C:\Windows\System\GtLDQFo.exe
  C:\Windows\System\GtLDQFo.exe
  2⤵
  PID:11272
- C:\Windows\System\GGFQlXq.exe
  C:\Windows\System\GGFQlXq.exe
  2⤵
  PID:11300
- C:\Windows\System\PyHurKo.exe
  C:\Windows\System\PyHurKo.exe
  2⤵
  PID:11340
- C:\Windows\System\PyTghOc.exe
  C:\Windows\System\PyTghOc.exe
  2⤵
  PID:11356
- C:\Windows\System\FYtjXXk.exe
  C:\Windows\System\FYtjXXk.exe
  2⤵
  PID:11384
- C:\Windows\System\aLgBJWL.exe
  C:\Windows\System\aLgBJWL.exe
  2⤵
  PID:11412
- C:\Windows\System\QONARfQ.exe
  C:\Windows\System\QONARfQ.exe
  2⤵
  PID:11440
- C:\Windows\System\BDCciUw.exe
  C:\Windows\System\BDCciUw.exe
  2⤵
  PID:11468
- C:\Windows\System\TwDIenq.exe
  C:\Windows\System\TwDIenq.exe
  2⤵
  PID:11496
- C:\Windows\System\sbQWJZA.exe
  C:\Windows\System\sbQWJZA.exe
  2⤵
  PID:11536
- C:\Windows\System\EmOUAAN.exe
  C:\Windows\System\EmOUAAN.exe
  2⤵
  PID:11564
- C:\Windows\System\gEcryKb.exe
  C:\Windows\System\gEcryKb.exe
  2⤵
  PID:11580
- C:\Windows\System\LMYieIl.exe
  C:\Windows\System\LMYieIl.exe
  2⤵
  PID:11608
- C:\Windows\System\uQprfHh.exe
  C:\Windows\System\uQprfHh.exe
  2⤵
  PID:11636
- C:\Windows\System\wGIvMcb.exe
  C:\Windows\System\wGIvMcb.exe
  2⤵
  PID:11664
- C:\Windows\System\KpPJKOr.exe
  C:\Windows\System\KpPJKOr.exe
  2⤵
  PID:11692
- C:\Windows\System\stVbPhs.exe
  C:\Windows\System\stVbPhs.exe
  2⤵
  PID:11720
- C:\Windows\System\CGnOobN.exe
  C:\Windows\System\CGnOobN.exe
  2⤵
  PID:11748
- C:\Windows\System\uzFWflc.exe
  C:\Windows\System\uzFWflc.exe
  2⤵
  PID:11804
- C:\Windows\System\BgxxnVN.exe
  C:\Windows\System\BgxxnVN.exe
  2⤵
  PID:11844
- C:\Windows\System\ALNGabS.exe
  C:\Windows\System\ALNGabS.exe
  2⤵
  PID:11880
- C:\Windows\System\xJDKudw.exe
  C:\Windows\System\xJDKudw.exe
  2⤵
  PID:11940
- C:\Windows\System\AKaqdzr.exe
  C:\Windows\System\AKaqdzr.exe
  2⤵
  PID:11972
- C:\Windows\System\kVZRHqy.exe
  C:\Windows\System\kVZRHqy.exe
  2⤵
  PID:12004
- C:\Windows\System\dboKcFj.exe
  C:\Windows\System\dboKcFj.exe
  2⤵
  PID:12040
- C:\Windows\System\NLujpGW.exe
  C:\Windows\System\NLujpGW.exe
  2⤵
  PID:12076
- C:\Windows\System\UYSGxUw.exe
  C:\Windows\System\UYSGxUw.exe
  2⤵
  PID:12104
- C:\Windows\System\NpHhpzf.exe
  C:\Windows\System\NpHhpzf.exe
  2⤵
  PID:12136
- C:\Windows\System\vMvhsYp.exe
  C:\Windows\System\vMvhsYp.exe
  2⤵
  PID:12164
- C:\Windows\System\osQBque.exe
  C:\Windows\System\osQBque.exe
  2⤵
  PID:12208
- C:\Windows\System\tmvRmGg.exe
  C:\Windows\System\tmvRmGg.exe
  2⤵
  PID:12268
- C:\Windows\System\GPKekFD.exe
  C:\Windows\System\GPKekFD.exe
  2⤵
  PID:11292
- C:\Windows\System\RFDChlO.exe
  C:\Windows\System\RFDChlO.exe
  2⤵
  PID:11368
- C:\Windows\System\lViCYQd.exe
  C:\Windows\System\lViCYQd.exe
  2⤵
  PID:11452
- C:\Windows\System\RPFeBxf.exe
  C:\Windows\System\RPFeBxf.exe
  2⤵
  PID:11516
- C:\Windows\System\QVjAshb.exe
  C:\Windows\System\QVjAshb.exe
  2⤵
  PID:11548
- C:\Windows\System\jpEMJei.exe
  C:\Windows\System\jpEMJei.exe
  2⤵
  PID:11604
- C:\Windows\System\VAlbQwv.exe
  C:\Windows\System\VAlbQwv.exe
  2⤵
  PID:11676
- C:\Windows\System\PgTdNWD.exe
  C:\Windows\System\PgTdNWD.exe
  2⤵
  PID:11260
- C:\Windows\System\UyiMOwJ.exe
  C:\Windows\System\UyiMOwJ.exe
  2⤵
  PID:2216
- C:\Windows\System\wbNGFJZ.exe
  C:\Windows\System\wbNGFJZ.exe
  2⤵
  PID:11200
- C:\Windows\System\ALdftNA.exe
  C:\Windows\System\ALdftNA.exe
  2⤵
  PID:10588
- C:\Windows\System\qXveNRo.exe
  C:\Windows\System\qXveNRo.exe
  2⤵
  PID:11964
- C:\Windows\System\nlllWVH.exe
  C:\Windows\System\nlllWVH.exe
  2⤵
  PID:12036
- C:\Windows\System\pnxEUKN.exe
  C:\Windows\System\pnxEUKN.exe
  2⤵
  PID:11920
- C:\Windows\System\VENBcjv.exe
  C:\Windows\System\VENBcjv.exe
  2⤵
  PID:11904
- C:\Windows\System\MRHnija.exe
  C:\Windows\System\MRHnija.exe
  2⤵
  PID:12148
- C:\Windows\System\HYLOALa.exe
  C:\Windows\System\HYLOALa.exe
  2⤵
  PID:12220
- C:\Windows\System\odwUjDu.exe
  C:\Windows\System\odwUjDu.exe
  2⤵
  PID:7488
- C:\Windows\System\eJmajjw.exe
  C:\Windows\System\eJmajjw.exe
  2⤵
  PID:11424
- C:\Windows\System\ioSrbSY.exe
  C:\Windows\System\ioSrbSY.exe
  2⤵
  PID:12248
- C:\Windows\System\nnJkCVS.exe
  C:\Windows\System\nnJkCVS.exe
  2⤵
  PID:12232
- C:\Windows\System\UzCXgLY.exe
  C:\Windows\System\UzCXgLY.exe
  2⤵
  PID:4436
- C:\Windows\System\FMkZFTl.exe
  C:\Windows\System\FMkZFTl.exe
  2⤵
  PID:11704
- C:\Windows\System\IuNwGfM.exe
  C:\Windows\System\IuNwGfM.exe
  2⤵
  PID:10688
- C:\Windows\System\msBCxRw.exe
  C:\Windows\System\msBCxRw.exe
  2⤵
  PID:11184
- C:\Windows\System\aluRKUj.exe
  C:\Windows\System\aluRKUj.exe
  2⤵
  PID:11984
- C:\Windows\System\ryiUejW.exe
  C:\Windows\System\ryiUejW.exe
  2⤵
  PID:12032
- C:\Windows\System\DXaCQBo.exe
  C:\Windows\System\DXaCQBo.exe
  2⤵
  PID:11992
- C:\Windows\System\dIUgxCs.exe
  C:\Windows\System\dIUgxCs.exe
  2⤵
  PID:11960
- C:\Windows\System\aLNIxcB.exe
  C:\Windows\System\aLNIxcB.exe
  2⤵
  PID:12280
- C:\Windows\System\PBmvFyU.exe
  C:\Windows\System\PBmvFyU.exe
  2⤵
  PID:11484
- C:\Windows\System\YTlenhe.exe
  C:\Windows\System\YTlenhe.exe
  2⤵
  PID:11824
- C:\Windows\System\zOXzVkF.exe
  C:\Windows\System\zOXzVkF.exe
  2⤵
  PID:11284
- C:\Windows\System\OepzpoJ.exe
  C:\Windows\System\OepzpoJ.exe
  2⤵
  PID:4420
- C:\Windows\System\rJYUkVE.exe
  C:\Windows\System\rJYUkVE.exe
  2⤵
  PID:10268
- C:\Windows\System\ODsjCoP.exe
  C:\Windows\System\ODsjCoP.exe
  2⤵
  PID:12016
- C:\Windows\System\KrCpqSY.exe
  C:\Windows\System\KrCpqSY.exe
  2⤵
  PID:12132
- C:\Windows\System\NCJBhsZ.exe
  C:\Windows\System\NCJBhsZ.exe
  2⤵
  PID:11404
- C:\Windows\System\XsvKYjj.exe
  C:\Windows\System\XsvKYjj.exe
  2⤵
  PID:12192
- C:\Windows\System\wiWPBye.exe
  C:\Windows\System\wiWPBye.exe
  2⤵
  PID:9584
- C:\Windows\System\QlkMFgb.exe
  C:\Windows\System\QlkMFgb.exe
  2⤵
  PID:12204
- C:\Windows\System\mkwUBHH.exe
  C:\Windows\System\mkwUBHH.exe
  2⤵
  PID:11716
- C:\Windows\System\oJBcrgd.exe
  C:\Windows\System\oJBcrgd.exe
  2⤵
  PID:11836
- C:\Windows\System\SiRPVMn.exe
  C:\Windows\System\SiRPVMn.exe
  2⤵
  PID:12308
- C:\Windows\System\oENnEno.exe
  C:\Windows\System\oENnEno.exe
  2⤵
  PID:12336
- C:\Windows\System\tSGIics.exe
  C:\Windows\System\tSGIics.exe
  2⤵
  PID:12364
- C:\Windows\System\xxHkrpl.exe
  C:\Windows\System\xxHkrpl.exe
  2⤵
  PID:12392
- C:\Windows\System\BKfXVds.exe
  C:\Windows\System\BKfXVds.exe
  2⤵
  PID:12420
- C:\Windows\System\ipdGvzI.exe
  C:\Windows\System\ipdGvzI.exe
  2⤵
  PID:12448
- C:\Windows\System\vUfSpGE.exe
  C:\Windows\System\vUfSpGE.exe
  2⤵
  PID:12476
- C:\Windows\System\LwcmyBs.exe
  C:\Windows\System\LwcmyBs.exe
  2⤵
  PID:12504
- C:\Windows\System\ArUOIxb.exe
  C:\Windows\System\ArUOIxb.exe
  2⤵
  PID:12532
- C:\Windows\System\lTDdTbH.exe
  C:\Windows\System\lTDdTbH.exe
  2⤵
  PID:12560
- C:\Windows\System\mIkGvJd.exe
  C:\Windows\System\mIkGvJd.exe
  2⤵
  PID:12588
- C:\Windows\System\OEkyrfR.exe
  C:\Windows\System\OEkyrfR.exe
  2⤵
  PID:12616
- C:\Windows\System\xQXQKNz.exe
  C:\Windows\System\xQXQKNz.exe
  2⤵
  PID:12644
- C:\Windows\System\edctPdJ.exe
  C:\Windows\System\edctPdJ.exe
  2⤵
  PID:12672
- C:\Windows\System\KfCmPpD.exe
  C:\Windows\System\KfCmPpD.exe
  2⤵
  PID:12700
- C:\Windows\System\TOGTfOh.exe
  C:\Windows\System\TOGTfOh.exe
  2⤵
  PID:12728
- C:\Windows\System\YNRXaJS.exe
  C:\Windows\System\YNRXaJS.exe
  2⤵
  PID:12756
- C:\Windows\System\peCzlxZ.exe
  C:\Windows\System\peCzlxZ.exe
  2⤵
  PID:12784
- C:\Windows\System\AgtyIOc.exe
  C:\Windows\System\AgtyIOc.exe
  2⤵
  PID:12812
- C:\Windows\System\MqIpdik.exe
  C:\Windows\System\MqIpdik.exe
  2⤵
  PID:12840
- C:\Windows\System\bUJoeJS.exe
  C:\Windows\System\bUJoeJS.exe
  2⤵
  PID:12868
- C:\Windows\System\ZphFJMc.exe
  C:\Windows\System\ZphFJMc.exe
  2⤵
  PID:12896
- C:\Windows\System\oVDXVMy.exe
  C:\Windows\System\oVDXVMy.exe
  2⤵
  PID:12924
- C:\Windows\System\wAgtnwj.exe
  C:\Windows\System\wAgtnwj.exe
  2⤵
  PID:12952
- C:\Windows\System\UWKUlmE.exe
  C:\Windows\System\UWKUlmE.exe
  2⤵
  PID:12980
- C:\Windows\System\yEhNxHR.exe
  C:\Windows\System\yEhNxHR.exe
  2⤵
  PID:13008
- C:\Windows\System\jNNDQrI.exe
  C:\Windows\System\jNNDQrI.exe
  2⤵
  PID:13036
- C:\Windows\System\McJaZlz.exe
  C:\Windows\System\McJaZlz.exe
  2⤵
  PID:13064
- C:\Windows\System\gnuKftk.exe
  C:\Windows\System\gnuKftk.exe
  2⤵
  PID:13092
- C:\Windows\System\EOdpvjS.exe
  C:\Windows\System\EOdpvjS.exe
  2⤵
  PID:13120
- C:\Windows\System\FEyNEfr.exe
  C:\Windows\System\FEyNEfr.exe
  2⤵
  PID:13148
- C:\Windows\System\tPsFgMH.exe
  C:\Windows\System\tPsFgMH.exe
  2⤵
  PID:13176
- C:\Windows\System\ykgrOFu.exe
  C:\Windows\System\ykgrOFu.exe
  2⤵
  PID:13204
- C:\Windows\System\dttsqCb.exe
  C:\Windows\System\dttsqCb.exe
  2⤵
  PID:13232
- C:\Windows\System\PeygvMt.exe
  C:\Windows\System\PeygvMt.exe
  2⤵
  PID:13260
- C:\Windows\System\oSnOIcp.exe
  C:\Windows\System\oSnOIcp.exe
  2⤵
  PID:13288
- C:\Windows\System\kWPPTik.exe
  C:\Windows\System\kWPPTik.exe
  2⤵
  PID:12300
- C:\Windows\System\yZZWTRT.exe
  C:\Windows\System\yZZWTRT.exe
  2⤵
  PID:12360
- C:\Windows\System\EbUKjhZ.exe
  C:\Windows\System\EbUKjhZ.exe
  2⤵
  PID:12432
- C:\Windows\System\xAGBpOe.exe
  C:\Windows\System\xAGBpOe.exe
  2⤵
  PID:12496
- C:\Windows\System\hyqLtut.exe
  C:\Windows\System\hyqLtut.exe
  2⤵
  PID:12556
- C:\Windows\System\ynvQSVN.exe
  C:\Windows\System\ynvQSVN.exe
  2⤵
  PID:12628
- C:\Windows\System\ynfDLgc.exe
  C:\Windows\System\ynfDLgc.exe
  2⤵
  PID:12692
- C:\Windows\System\MJnWJBa.exe
  C:\Windows\System\MJnWJBa.exe
  2⤵
  PID:12752
- C:\Windows\System\LsgABZX.exe
  C:\Windows\System\LsgABZX.exe
  2⤵
  PID:12808
- C:\Windows\System\YzJGjbd.exe
  C:\Windows\System\YzJGjbd.exe
  2⤵
  PID:12880
- C:\Windows\System\mZUpKuA.exe
  C:\Windows\System\mZUpKuA.exe
  2⤵
  PID:12972
- C:\Windows\System\xnXYxyD.exe
  C:\Windows\System\xnXYxyD.exe
  2⤵
  PID:13000
- C:\Windows\System\apAqJHl.exe
  C:\Windows\System\apAqJHl.exe
  2⤵
  PID:13060
- C:\Windows\System\jFSYDRd.exe
  C:\Windows\System\jFSYDRd.exe
  2⤵
  PID:13132
- C:\Windows\System\JnuLpTX.exe
  C:\Windows\System\JnuLpTX.exe
  2⤵
  PID:13196
- C:\Windows\System\GpOjdFH.exe
  C:\Windows\System\GpOjdFH.exe
  2⤵
  PID:13256
- C:\Windows\System\BaotHHG.exe
  C:\Windows\System\BaotHHG.exe
  2⤵
  PID:12328
- C:\Windows\System\knKhxIZ.exe
  C:\Windows\System\knKhxIZ.exe
  2⤵
  PID:12472
- C:\Windows\System\qZwynfI.exe
  C:\Windows\System\qZwynfI.exe
  2⤵
  PID:12612
- C:\Windows\System\VsqibpF.exe
  C:\Windows\System\VsqibpF.exe
  2⤵
  PID:12780
- C:\Windows\System\elfZkAq.exe
  C:\Windows\System\elfZkAq.exe
  2⤵
  PID:12964
- C:\Windows\System\oItpMWz.exe
  C:\Windows\System\oItpMWz.exe
  2⤵
  PID:13112
- C:\Windows\System\OgLdCcp.exe
  C:\Windows\System\OgLdCcp.exe
  2⤵
  PID:13252
- C:\Windows\System\zAlfwAm.exe
  C:\Windows\System\zAlfwAm.exe
  2⤵
  PID:12544
- C:\Windows\System\LwwVuVx.exe
  C:\Windows\System\LwwVuVx.exe
  2⤵
  PID:12864
- C:\Windows\System\YbgijKy.exe
  C:\Windows\System\YbgijKy.exe
  2⤵
  PID:5596
- C:\Windows\System\LHlrEje.exe
  C:\Windows\System\LHlrEje.exe
  2⤵
  PID:12684
- C:\Windows\System\ZYVTIfq.exe
  C:\Windows\System\ZYVTIfq.exe
  2⤵
  PID:12416
- C:\Windows\System\hfCHtSZ.exe
  C:\Windows\System\hfCHtSZ.exe
  2⤵
  PID:13320
- C:\Windows\System\XALTnoT.exe
  C:\Windows\System\XALTnoT.exe
  2⤵
  PID:13348
- C:\Windows\System\RdujkMP.exe
  C:\Windows\System\RdujkMP.exe
  2⤵
  PID:13376
- C:\Windows\System\rUklUoA.exe
  C:\Windows\System\rUklUoA.exe
  2⤵
  PID:13420
- C:\Windows\System\BZnDWjz.exe
  C:\Windows\System\BZnDWjz.exe
  2⤵
  PID:13448
- C:\Windows\System\cyaJaaC.exe
  C:\Windows\System\cyaJaaC.exe
  2⤵
  PID:13476
- C:\Windows\System\IiOujRi.exe
  C:\Windows\System\IiOujRi.exe
  2⤵
  PID:13504
- C:\Windows\System\JPkMIJz.exe
  C:\Windows\System\JPkMIJz.exe
  2⤵
  PID:13536
- C:\Windows\System\njUjTIK.exe
  C:\Windows\System\njUjTIK.exe
  2⤵
  PID:13564
- C:\Windows\System\HdFkYlY.exe
  C:\Windows\System\HdFkYlY.exe
  2⤵
  PID:13596
- C:\Windows\System\FrSrsVv.exe
  C:\Windows\System\FrSrsVv.exe
  2⤵
  PID:13624
- C:\Windows\System\PdJZWlU.exe
  C:\Windows\System\PdJZWlU.exe
  2⤵
  PID:13652
- C:\Windows\System\KhgfzbN.exe
  C:\Windows\System\KhgfzbN.exe
  2⤵
  PID:13680
- C:\Windows\System\xiSCoqR.exe
  C:\Windows\System\xiSCoqR.exe
  2⤵
  PID:13712
- C:\Windows\System\ydoucte.exe
  C:\Windows\System\ydoucte.exe
  2⤵
  PID:13740
- C:\Windows\System\NtFbsZM.exe
  C:\Windows\System\NtFbsZM.exe
  2⤵
  PID:13768
- C:\Windows\System\akqmjlv.exe
  C:\Windows\System\akqmjlv.exe
  2⤵
  PID:13816
- C:\Windows\System\YCKamME.exe
  C:\Windows\System\YCKamME.exe
  2⤵
  PID:13836
- C:\Windows\System\SEhnvLO.exe
  C:\Windows\System\SEhnvLO.exe
  2⤵
  PID:13868
- C:\Windows\System\KjlZtLp.exe
  C:\Windows\System\KjlZtLp.exe
  2⤵
  PID:13896
- C:\Windows\System\TRUbnFK.exe
  C:\Windows\System\TRUbnFK.exe
  2⤵
  PID:13928
- C:\Windows\System\RHWWNdB.exe
  C:\Windows\System\RHWWNdB.exe
  2⤵
  PID:13960
- C:\Windows\System\tTUQmzM.exe
  C:\Windows\System\tTUQmzM.exe
  2⤵
  PID:13988
- C:\Windows\System\lLNRuaU.exe
  C:\Windows\System\lLNRuaU.exe
  2⤵
  PID:14020
- C:\Windows\System\NvmzZOB.exe
  C:\Windows\System\NvmzZOB.exe
  2⤵
  PID:14048
- C:\Windows\System\TaNBPld.exe
  C:\Windows\System\TaNBPld.exe
  2⤵
  PID:14084
- C:\Windows\System\CCIkueH.exe
  C:\Windows\System\CCIkueH.exe
  2⤵
  PID:14108
- C:\Windows\System\CsepcDB.exe
  C:\Windows\System\CsepcDB.exe
  2⤵
  PID:14136
- C:\Windows\System\MBimHxu.exe
  C:\Windows\System\MBimHxu.exe
  2⤵
  PID:14164
- C:\Windows\System\cjCXvJg.exe
  C:\Windows\System\cjCXvJg.exe
  2⤵
  PID:14196
- C:\Windows\System\CgbwwmT.exe
  C:\Windows\System\CgbwwmT.exe
  2⤵
  PID:14228
- C:\Windows\System\WQUtDle.exe
  C:\Windows\System\WQUtDle.exe
  2⤵
  PID:14260
- C:\Windows\System\MdAeihJ.exe
  C:\Windows\System\MdAeihJ.exe
  2⤵
  PID:14288
- C:\Windows\System\ushuDAZ.exe
  C:\Windows\System\ushuDAZ.exe
  2⤵
  PID:14320
- C:\Windows\System\JRZDxEw.exe
  C:\Windows\System\JRZDxEw.exe
  2⤵
  PID:13340
- C:\Windows\System\JjIHahQ.exe
  C:\Windows\System\JjIHahQ.exe
  2⤵
  PID:13400
- C:\Windows\System\gTbiVrk.exe
  C:\Windows\System\gTbiVrk.exe
  2⤵
  PID:13488
- C:\Windows\System\WapvShR.exe
  C:\Windows\System\WapvShR.exe
  2⤵
  PID:13576
- C:\Windows\System\PVEHxci.exe
  C:\Windows\System\PVEHxci.exe
  2⤵
  PID:13608
- C:\Windows\System\uqhlSoJ.exe
  C:\Windows\System\uqhlSoJ.exe
  2⤵
  PID:13708
- C:\Windows\System\JIfeWha.exe
  C:\Windows\System\JIfeWha.exe
  2⤵
  PID:13760
- C:\Windows\System\UWhnYKH.exe
  C:\Windows\System\UWhnYKH.exe
  2⤵
  PID:5436
- C:\Windows\System\NLWKFcd.exe
  C:\Windows\System\NLWKFcd.exe
  2⤵
  PID:13852
- C:\Windows\System\uFeLCsA.exe
  C:\Windows\System\uFeLCsA.exe
  2⤵
  PID:13912
- C:\Windows\System\dcEMtzk.exe
  C:\Windows\System\dcEMtzk.exe
  2⤵
  PID:13972
- C:\Windows\System\oujgJUz.exe
  C:\Windows\System\oujgJUz.exe
  2⤵
  PID:14016
- C:\Windows\System\CZKhrlw.exe
  C:\Windows\System\CZKhrlw.exe
  2⤵
  PID:14096
- C:\Windows\System\LYDeglA.exe
  C:\Windows\System\LYDeglA.exe
  2⤵
  PID:14160
- C:\Windows\System\KXcTZAP.exe
  C:\Windows\System\KXcTZAP.exe
  2⤵
  PID:952
- C:\Windows\System\UQwIXAr.exe
  C:\Windows\System\UQwIXAr.exe
  2⤵
  PID:14252
- C:\Windows\System\OfNXvVB.exe
  C:\Windows\System\OfNXvVB.exe
  2⤵
  PID:1244
- C:\Windows\System\UrPqadU.exe
  C:\Windows\System\UrPqadU.exe
  2⤵
  PID:14316
- C:\Windows\System\ZkSbRhb.exe
  C:\Windows\System\ZkSbRhb.exe
  2⤵
  PID:13444
- C:\Windows\System\CauJNWW.exe
  C:\Windows\System\CauJNWW.exe
  2⤵
  PID:6456
- C:\Windows\System\RfiRTaG.exe
  C:\Windows\System\RfiRTaG.exe
  2⤵
  PID:3456
- C:\Windows\System\AIltBdb.exe
  C:\Windows\System\AIltBdb.exe
  2⤵
  PID:3348
- C:\Windows\System\wwIJhvp.exe
  C:\Windows\System\wwIJhvp.exe
  2⤵
  PID:13812
- C:\Windows\System\BGQlPzQ.exe
  C:\Windows\System\BGQlPzQ.exe
  2⤵
  PID:2816
- C:\Windows\System\tvwDefq.exe
  C:\Windows\System\tvwDefq.exe
  2⤵
  PID:14000
- C:\Windows\System\nnYktSP.exe
  C:\Windows\System\nnYktSP.exe
  2⤵
  PID:4460
- C:\Windows\System\MtZjBAr.exe
  C:\Windows\System\MtZjBAr.exe
  2⤵
  PID:14192
- C:\Windows\System\wWaFRUC.exe
  C:\Windows\System\wWaFRUC.exe
  2⤵
  PID:5908
- C:\Windows\System\LMyRQgv.exe
  C:\Windows\System\LMyRQgv.exe
  2⤵
  PID:4156
- C:\Windows\System\vXaggXj.exe
  C:\Windows\System\vXaggXj.exe
  2⤵
  PID:13560
- C:\Windows\System\OphYQuM.exe
  C:\Windows\System\OphYQuM.exe
  2⤵
  PID:13644
- C:\Windows\System\qiJrOCY.exe
  C:\Windows\System\qiJrOCY.exe
  2⤵
  PID:13784
- C:\Windows\System\qRHIyVn.exe
  C:\Windows\System\qRHIyVn.exe
  2⤵
  PID:3676
- C:\Windows\System\gKaWuUl.exe
  C:\Windows\System\gKaWuUl.exe
  2⤵
  PID:3688
- C:\Windows\System\UDbGBVs.exe
  C:\Windows\System\UDbGBVs.exe
  2⤵
  PID:4880
- C:\Windows\System\TkxxZks.exe
  C:\Windows\System\TkxxZks.exe
  2⤵
  PID:4248
- C:\Windows\System\VfsEHXS.exe
  C:\Windows\System\VfsEHXS.exe
  2⤵
  PID:5416
- C:\Windows\System\BiSIhcF.exe
  C:\Windows\System\BiSIhcF.exe
  2⤵
  PID:4960
- C:\Windows\System\sTGrmCx.exe
  C:\Windows\System\sTGrmCx.exe
  2⤵
  PID:14132
- C:\Windows\System\JZbgGoG.exe
  C:\Windows\System\JZbgGoG.exe
  2⤵
  PID:6448
- C:\Windows\System\xZeeURm.exe
  C:\Windows\System\xZeeURm.exe
  2⤵
  PID:5604
- C:\Windows\System\WoKIpha.exe
  C:\Windows\System\WoKIpha.exe
  2⤵
  PID:1688
- C:\Windows\System\RxWhiOd.exe
  C:\Windows\System\RxWhiOd.exe
  2⤵
  PID:5360
- C:\Windows\System\hzxRbWQ.exe
  C:\Windows\System\hzxRbWQ.exe
  2⤵
  PID:14356
- C:\Windows\System\ZtWOtez.exe
  C:\Windows\System\ZtWOtez.exe
  2⤵
  PID:14384
- C:\Windows\System\sQuyoer.exe
  C:\Windows\System\sQuyoer.exe
  2⤵
  PID:14412
- C:\Windows\System\gDaOvvd.exe
  C:\Windows\System\gDaOvvd.exe
  2⤵
  PID:14440
- C:\Windows\System\CtyfYre.exe
  C:\Windows\System\CtyfYre.exe
  2⤵
  PID:14468
- C:\Windows\System\RFPfBSx.exe
  C:\Windows\System\RFPfBSx.exe
  2⤵
  PID:14496
- C:\Windows\System\UbJAbZX.exe
  C:\Windows\System\UbJAbZX.exe
  2⤵
  PID:14524
- C:\Windows\System\rIrJdSR.exe
  C:\Windows\System\rIrJdSR.exe
  2⤵
  PID:14552
- C:\Windows\System\ulOxxYO.exe
  C:\Windows\System\ulOxxYO.exe
  2⤵
  PID:14580
- C:\Windows\System\lJoxgXd.exe
  C:\Windows\System\lJoxgXd.exe
  2⤵
  PID:14608
- C:\Windows\System\OEfLTaK.exe
  C:\Windows\System\OEfLTaK.exe
  2⤵
  PID:14636
- C:\Windows\System\PgAHcUr.exe
  C:\Windows\System\PgAHcUr.exe
  2⤵
  PID:14664
- C:\Windows\System\gWkZnQn.exe
  C:\Windows\System\gWkZnQn.exe
  2⤵
  PID:14692
- C:\Windows\System\pHOeoQS.exe
  C:\Windows\System\pHOeoQS.exe
  2⤵
  PID:14736
- C:\Windows\System\zuLQTuN.exe
  C:\Windows\System\zuLQTuN.exe
  2⤵
  PID:14752
- C:\Windows\System\EFNqUVj.exe
  C:\Windows\System\EFNqUVj.exe
  2⤵
  PID:14780
- C:\Windows\System\xxpDGmJ.exe
  C:\Windows\System\xxpDGmJ.exe
  2⤵
  PID:14808
- C:\Windows\System\qOdXZVW.exe
  C:\Windows\System\qOdXZVW.exe
  2⤵
  PID:14836
- C:\Windows\System\pmjjVpB.exe
  C:\Windows\System\pmjjVpB.exe
  2⤵
  PID:14864
- C:\Windows\System\rPeKYHD.exe
  C:\Windows\System\rPeKYHD.exe
  2⤵
  PID:14892
- C:\Windows\System\KVYcJnV.exe
  C:\Windows\System\KVYcJnV.exe
  2⤵
  PID:14920
- C:\Windows\System\ZNyuCXU.exe
  C:\Windows\System\ZNyuCXU.exe
  2⤵
  PID:14948
- C:\Windows\System\aOSrsDG.exe
  C:\Windows\System\aOSrsDG.exe
  2⤵
  PID:14976
- C:\Windows\System\uKuhRvK.exe
  C:\Windows\System\uKuhRvK.exe
  2⤵
  PID:15004
- C:\Windows\System\jIXqstz.exe
  C:\Windows\System\jIXqstz.exe
  2⤵
  PID:15032
- C:\Windows\System\RVhjLrZ.exe
  C:\Windows\System\RVhjLrZ.exe
  2⤵
  PID:15060
- C:\Windows\System\kmakzMM.exe
  C:\Windows\System\kmakzMM.exe
  2⤵
  PID:15088
- C:\Windows\System\WvWiPWb.exe
  C:\Windows\System\WvWiPWb.exe
  2⤵
  PID:15116
- C:\Windows\System\ewnKmfW.exe
  C:\Windows\System\ewnKmfW.exe
  2⤵
  PID:15144
- C:\Windows\System\ytrpHPi.exe
  C:\Windows\System\ytrpHPi.exe
  2⤵
  PID:15172
- C:\Windows\System\TwtbQsF.exe
  C:\Windows\System\TwtbQsF.exe
  2⤵
  PID:15200
- C:\Windows\System\KzTwyeT.exe
  C:\Windows\System\KzTwyeT.exe
  2⤵
  PID:15228
- C:\Windows\System\QRIstPB.exe
  C:\Windows\System\QRIstPB.exe
  2⤵
  PID:15256
- C:\Windows\System\VzssudS.exe
  C:\Windows\System\VzssudS.exe
  2⤵
  PID:15284
- C:\Windows\System\XiNlJJp.exe
  C:\Windows\System\XiNlJJp.exe
  2⤵
  PID:15328
- C:\Windows\System\jbnuVLN.exe
  C:\Windows\System\jbnuVLN.exe
  2⤵
  PID:15344
- C:\Windows\System\UyuQvfw.exe
  C:\Windows\System\UyuQvfw.exe
  2⤵
  PID:1000
- C:\Windows\System\oYLBVmE.exe
  C:\Windows\System\oYLBVmE.exe
  2⤵
  PID:14408
- C:\Windows\System\mMQxkhs.exe
  C:\Windows\System\mMQxkhs.exe
  2⤵
  PID:14460
- C:\Windows\System\VdFNzcD.exe
  C:\Windows\System\VdFNzcD.exe
  2⤵
  PID:14520
- C:\Windows\System\yFdeQDv.exe
  C:\Windows\System\yFdeQDv.exe
  2⤵
  PID:14592
- C:\Windows\System\rkNQArd.exe
  C:\Windows\System\rkNQArd.exe
  2⤵
  PID:2184
- C:\Windows\System\otnhDaZ.exe
  C:\Windows\System\otnhDaZ.exe
  2⤵
  PID:14684
- C:\Windows\System\qzbuZxV.exe
  C:\Windows\System\qzbuZxV.exe
  2⤵
  PID:3020
- C:\Windows\System\NUThrcT.exe
  C:\Windows\System\NUThrcT.exe
  2⤵
  PID:3516
- C:\Windows\System\FCOGBAn.exe
  C:\Windows\System\FCOGBAn.exe
  2⤵
  PID:5268
- C:\Windows\System\WtbBPhe.exe
  C:\Windows\System\WtbBPhe.exe
  2⤵
  PID:1740
- C:\Windows\System\RFHRsVK.exe
  C:\Windows\System\RFHRsVK.exe
  2⤵
  PID:14744
- C:\Windows\System\CKGWxbW.exe
  C:\Windows\System\CKGWxbW.exe
  2⤵
  PID:14800
- C:\Windows\System\vbLgSWn.exe
  C:\Windows\System\vbLgSWn.exe
  2⤵
  PID:14848
- C:\Windows\System\WPSHkLJ.exe
  C:\Windows\System\WPSHkLJ.exe
  2⤵
  PID:14884
- C:\Windows\System\HwOobiz.exe
  C:\Windows\System\HwOobiz.exe
  2⤵
  PID:3684
- C:\Windows\System\gyfPTVT.exe
  C:\Windows\System\gyfPTVT.exe
  2⤵
  PID:14916
- C:\Windows\System\kprmzNz.exe
  C:\Windows\System\kprmzNz.exe
  2⤵
  PID:5984
- C:\Windows\System\QPImRoA.exe
  C:\Windows\System\QPImRoA.exe
  2⤵
  PID:2828
- C:\Windows\System\irOhBZr.exe
  C:\Windows\System\irOhBZr.exe
  2⤵
  PID:5816
- C:\Windows\System\SirPmUu.exe
  C:\Windows\System\SirPmUu.exe
  2⤵
  PID:15052
- C:\Windows\System\kePnIHI.exe
  C:\Windows\System\kePnIHI.exe
  2⤵
  PID:15084
- C:\Windows\System\NWKVlNQ.exe
  C:\Windows\System\NWKVlNQ.exe
  2⤵
  PID:15100
- C:\Windows\System\CtzbUnl.exe
  C:\Windows\System\CtzbUnl.exe
  2⤵
  PID:3416
- C:\Windows\System\eQhiJYn.exe
  C:\Windows\System\eQhiJYn.exe
  2⤵
  PID:15184
- C:\Windows\System\GhUTHmh.exe
  C:\Windows\System\GhUTHmh.exe
  2⤵
  PID:5012
- C:\Windows\System\sWrGidh.exe
  C:\Windows\System\sWrGidh.exe
  2⤵
  PID:15252
- C:\Windows\System\wPcSdRf.exe
  C:\Windows\System\wPcSdRf.exe
  2⤵
  PID:1680
- C:\Windows\System\iJTtVRo.exe
  C:\Windows\System\iJTtVRo.exe
  2⤵
  PID:2460
- C:\Windows\System\QdJhcwS.exe
  C:\Windows\System\QdJhcwS.exe
  2⤵
  PID:15340
- C:\Windows\System\pspWTSO.exe
  C:\Windows\System\pspWTSO.exe
  2⤵
  PID:5432
- C:\Windows\System\gTYkrgX.exe
  C:\Windows\System\gTYkrgX.exe
  2⤵
  PID:14436
- C:\Windows\System\MqGNnzN.exe
  C:\Windows\System\MqGNnzN.exe
  2⤵
  PID:5576
- C:\Windows\System\KqYcPET.exe
  C:\Windows\System\KqYcPET.exe
  2⤵
  PID:14564
- C:\Windows\System\lhCLpbY.exe
  C:\Windows\System\lhCLpbY.exe
  2⤵
  PID:14648
- C:\Windows\System\aSeHsbt.exe
  C:\Windows\System\aSeHsbt.exe
  2⤵
  PID:4348
- C:\Windows\System\kUYFbSb.exe
  C:\Windows\System\kUYFbSb.exe
  2⤵
  PID:1732
- C:\Windows\System\hZZdrYD.exe
  C:\Windows\System\hZZdrYD.exe
  2⤵
  PID:5988
- C:\Windows\System\RFIzsZw.exe
  C:\Windows\System\RFIzsZw.exe
  2⤵
  PID:3232
- C:\Windows\System\alApehM.exe
  C:\Windows\System\alApehM.exe
  2⤵
  PID:5488
- C:\Windows\System\jRLFfMr.exe
  C:\Windows\System\jRLFfMr.exe
  2⤵
  PID:5032
- C:\Windows\System\hcFupwJ.exe
  C:\Windows\System\hcFupwJ.exe
  2⤵
  PID:4856
- C:\Windows\System\PTkKINn.exe
  C:\Windows\System\PTkKINn.exe
  2⤵
  PID:3836
- C:\Windows\System\qkhNWtB.exe
  C:\Windows\System\qkhNWtB.exe
  2⤵
  PID:3448
- C:\Windows\System\gwbXiEN.exe
  C:\Windows\System\gwbXiEN.exe
  2⤵
  PID:15072
- C:\Windows\System\uVQdxyb.exe
  C:\Windows\System\uVQdxyb.exe
  2⤵
  PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ARqdnTF.exe

Filesize
6.1MB

MD5
c39d4ecf0c9f1950e03a22d31d78262a

SHA1
2b292527a2048d0d1b310707cc843d6fdfa9d29b

SHA256
edc0c055186a869e213fe31c05e4529b7ced78a3b9ae4345c6a308ffdf628a7b

SHA512
af3a74cb3089f49550a955e071a55159c55e89130fa2373a3b0536515077dbbd071e9486a6959592634e25b4f2f4bc46dfbfed37844283528ca31869bc995052

Download Submit
C:\Windows\System\DRLENll.exe

Filesize
6.0MB

MD5
24722f8496825dacae2e99ae41d7f40c

SHA1
2107bab61d4515f23cf73aa1bc3bdd08f4260a15

SHA256
fe0b04454108d2acb1a1d95d2056c13324a6dccd28115527f011dfedee81c784

SHA512
587c66fa5823397b211fb601426eb58b354050dbf2faa61de3b532a8d6d278365507a11bd0779bb3c5d5c850e40fcf9b4a94587b023ef5522b98d39179b23cd8

Download Submit
C:\Windows\System\DSfmWrh.exe

Filesize
6.0MB

MD5
0507435f16f0df969d5bd0134f8290b8

SHA1
8844850197491f1618063d8648b9b8b0b919faaf

SHA256
62c33a42e22e3a240e95aa8fde0e132473ecccaf9dd0f871a700ce02e8969786

SHA512
b9c7894d35e0fb9b7f29757a492dd48be7a0f42b5327388401f92b87573a9e1b4874359611885ac2439c90284981f9f884555a623a6508cc7905c375706d479b

Download Submit
C:\Windows\System\HVxvqLB.exe

Filesize
6.0MB

MD5
090c20642c4590d72bdfcba65704459d

SHA1
645a1d8526ff1bcd0cdf4d3f9dc93a32e17de126

SHA256
261d916ad4d4708e06370fbf2e8fd93770210a2e69e7fd6aabaa67de42ee8744

SHA512
71b62b1c592c15ac9bdd048f30221180d639dedbca9420d32501bb17c04edbd8e5eee9333b3e15eaac3deb7746765459b1a7bfd4c92c38294613eafa6d9a25d9

Download Submit
C:\Windows\System\HpsKdIH.exe

Filesize
6.0MB

MD5
e3e25ba15f5ab371fe979548cda11e23

SHA1
3c3d3e5ac2f623207eec50ee28af4f5c87bb656e

SHA256
aa11119b565b9a878a0af38465e148675f97279f960169e9181174ad0624e02d

SHA512
e061137b28941b96ceb4519bad004bcf9120e5beec5910e33cf77a50139ca73b1d3d02dbb6a5207fddb6d68f63f1436bc5a147ecb77d1ee4ab9ae701f918a4ee

Download Submit
C:\Windows\System\JPbMDaY.exe

Filesize
6.0MB

MD5
64ecded5707a2598e98efb31640f570b

SHA1
791ba88c8b77058852380d3758ae97b8109efb02

SHA256
5496d1fd950ec8a5671f22a5dd4bcbe210133f087e4575e989b0d74fabe28f94

SHA512
2589fd5bd9a4b3a6f569f28beda7e333b23778d3ddf0984e4b9d63c2ec3fc674726ffd868622768abde539e5224d8d365136dd16e2eab8fa4817dea1b328016e

Download Submit
C:\Windows\System\LrXueOh.exe

Filesize
6.0MB

MD5
198032cd0242ae23c44ddaa5971e2c35

SHA1
8e8c10a7a1d909655d56006b119f4fd1a0c14f85

SHA256
09d8890d883947a31730a3fa13e74e9b465970c7ba8486e9295b6a3d304b59a3

SHA512
8fc72b7fcb5712d9228877fa5e0dcdda1c849896b7d6475b30a771d9f7818156a56a7cb9d9a628e83fd6566919262608fb93be63f126fb6c0ea0d2c5fca752d6

Download Submit
C:\Windows\System\LyxaQhS.exe

Filesize
6.0MB

MD5
ebd9b18ae7a054bd25f996a77c3ee07a

SHA1
5de4cf6604fc60c08fb789c91cf406aa2f3fe508

SHA256
afd3fba73a7e8c93789c6ea42a07d87985cc30d5c04d4b20868c0a2a32b0fd64

SHA512
ec3082ced6d6b6f9edcc1b0528832d03f9b7ecf5dbe707319709a955da5bc68b0103bb07b74735053765c689302c67fdca16bf7d798cff544adde5f4cc7955a2

Download Submit
C:\Windows\System\MtHevyc.exe

Filesize
6.0MB

MD5
4f607e506ac89688e0f99f0a6d3e64de

SHA1
74491152e70269b13d7ed2b9172d97fa994d5188

SHA256
9439afb14b94dc125143d804ff23f1402a0c9c2f8317d9988c032ae1275fa1b3

SHA512
401a4c3908269619a732a0a53936fc806a3fd9d38336eadb040796e0173814d4ca1c963211f7cf5755fd52d67ac14773fba6983e3940bf3624b1f0d7805c1822

Download Submit
C:\Windows\System\OXkVLPc.exe

Filesize
6.0MB

MD5
759e369b59746b441a1fa6caa18536dc

SHA1
f9fe6500b89fd8b51de6700e94b2e3eb40a6f30b

SHA256
e46fb9e386da03073fa1521d43d49b9e505c51605517e3e98ab58f911584a1dc

SHA512
6985c7b019aaa33fe552a55c3161b870d32990685b4f1b15e2cbace9525b1006f05fd8101752395b5a02ae711fb5a3899cc6c85ef945efef595e32fb09c48b61

Download Submit
C:\Windows\System\QbGEfdp.exe

Filesize
6.1MB

MD5
c015235778dc208b77208f94481de3e9

SHA1
5d8607742afc801582abe304b3f7324e4123b9e3

SHA256
995110597cba8609ed4495f9356a0af543b2db83dde7d8291faf010bcf366331

SHA512
121e806e308ab31986ac43a4d91d6f28daaea3cf18c07ec8020bae32a8ab994f10cf2bc44ba58ba681d3731501dbf829773ddced4b7257ecb42cafaacecae5cd

Download Submit
C:\Windows\System\TOczfbD.exe

Filesize
6.0MB

MD5
5900286eb9f7c0e50a6ab0f2cb52d70e

SHA1
352fa6fccddc06e79d8e7d96991686689eef8c61

SHA256
7c514f033ee6069c1b921e21e0014ca659a06f2ef2dfb646442d1ad151f403da

SHA512
74dce611703dd64b0a9a791626133da4cfcc90b31ebd63bc0cfb6738b4c65c3e63d878381fc24c640c7a0401171b0513a6e12812a3573526cba6ce4da501b191

Download Submit
C:\Windows\System\TrAGBjf.exe

Filesize
6.1MB

MD5
04ef6d5fc150891538dbd2d44b734959

SHA1
35bfef9bd036bc8f93607b4c4e3351d3ddd4569e

SHA256
9b19b403b22383e0ea50b2222ae958e4c92978aa200025c8adc279b0047e925b

SHA512
3c88017b5e0901cb03f90858e83e147dab16305925be3e451168bd80c681d190468c210894edf5eb6772468b58dd957e1595775dfe9769d17ffdbf585fd5caf2

Download Submit
C:\Windows\System\WtzJvqL.exe

Filesize
6.0MB

MD5
0f5a23b89746e7c9997fbbd41f4a7a88

SHA1
e2873150f32e69e993b4fe818293a149357a1a50

SHA256
60a45d530be91185033d6f90a5afc97a7fca2286102db7db32792e1c22822338

SHA512
68efbb60342ec55543f93c2416052f36954ebc5013d3e7cbdea586aa332b45c1647a365d8060776f580364dff7660969e204b59232475e57bc4e068448d432a9

Download Submit
C:\Windows\System\XLGPEPy.exe

Filesize
6.1MB

MD5
7995c917a0860b129a77b402545e3b42

SHA1
c8690e7548085a6ccab6c7d8d0a6acab557ab1bc

SHA256
473a0921124b864856f7775f560d2bc77baa12d18db1e0768da55d4c7dc24ed5

SHA512
d07843ec656c88524c1be073f4f0da9d912bf8fadb01e02cc6e3b7eb0c86dbe2b6b9cca70360a51a6f62d5709b1adb12465c9fdb274b3b99bc9e591fa4fba3a2

Download Submit
C:\Windows\System\aXngUmc.exe

Filesize
6.0MB

MD5
c3541114bad8373ac4e1092ef1db6b78

SHA1
c3ec33493a21c5390fe996ebff24d641edd5ad73

SHA256
c87c7f3370b0b7ad23dd7aaea8d2d29cbcc3ed719b0261f1591c879181897601

SHA512
f738e01fc3ca40f58b0f72ee9cc233af60b33e6c083fa248f405fb64dd202a414178730e29d24856d86bfd53e5d9fff0bca91ddfaa902601c29ea8b44a34af39

Download Submit
C:\Windows\System\eeEMHCY.exe

Filesize
6.0MB

MD5
0354d7b1d72ec17f35b4a7506d2c34cb

SHA1
dd57cf90d76ab8744780ceda1413481328f014db

SHA256
73da5dedc876b7624ea75e3e0bfee4e0ff4eaf53f6f1fa962709b3e67171f183

SHA512
fb6dca160a0c30da7efa4f1d0a7c6a40d37de27293001f30290253086e3ac3b0ba7dc8c061aa8442d8d2abf5350d72fef25d2a2c9c1823028f2e966ee88dffdf

Download Submit
C:\Windows\System\fXxNDFo.exe

Filesize
6.0MB

MD5
4e1b27c2ddfaf72c92d855fd131a0cca

SHA1
b7d15931924f2bd4595730f4cb736fd74c65ece3

SHA256
c09e3c6408b2f720dff6be452ba0645fa35e396a29c6947a81adbc7607197f64

SHA512
53b7b39315a8849e0df3655f9a99a0db127dd29c2b781724f63d4faec4118ae25c73b5b344d2ef7d0cdcb692ad7db8c09ad92ab884eb744524ae2fb916b25aa6

Download Submit
C:\Windows\System\hjeAijj.exe

Filesize
6.0MB

MD5
91ba154645aaeebd266cc6277baf85ed

SHA1
ae8b8733c377581baf669a685afa871a53c85677

SHA256
f214ebf8c720669078df3cd54ff81d0000b1f2a5505026213bd19b13a47fb863

SHA512
49aeadb489bc9a0a33d8b8789f9c5be15e2e1c0a6bcbb3e6d7a8ac48366b05ccbb863d416922c84831a60486a2150137bd652e337b1eb4f6968653262efde3ed

Download Submit
C:\Windows\System\hsVVqLC.exe

Filesize
6.0MB

MD5
435c86bd8124166659b4e6a558f0d3a6

SHA1
0eb2a02985e6031d4d32eb88dfa90cbbab1a69fa

SHA256
ff778f2305de1076acf382d2995a4e8914961c3460c070b511f2882559867fbb

SHA512
b62574b2d4c118fc7753ef8f74f783d02af26983c5c0fad1232cfd02a2a896357a2340a040c0106d74ebb51365b6ad13ec0870ee9a4bb96199b9310aa5c4be5e

Download Submit
C:\Windows\System\lFXkVUo.exe

Filesize
6.0MB

MD5
65f8484c2ae176b0178f495e85eadf68

SHA1
159b8c9c4bfd0badf8de04efd495021d582ed23c

SHA256
ecaf2fe81d920916b49655ab5426ac8d114cb35cb935462a0823345263d1fcd5

SHA512
a5f15ca374fcc0691cf8142ff9a8071624f13a32bf26aae0099c31e12ad0ee95e5a855271e1e5ad8393d0eeb3ce5dffc70ce66d07cb2f60c2b5de2e1f13e24f4

Download Submit
C:\Windows\System\lRMrbxN.exe

Filesize
6.0MB

MD5
46f6fed87536a2037472d0fa9e1c5d40

SHA1
69f045015d4ad5d76fc040d4a75d8325fbe5f0de

SHA256
e6906b86645755fad878c7e6a157c406247fe8d0874b6e6117e4add231e44adc

SHA512
591a080fae053c979b427953efc0cb98f2ec503a98dd657a931cbe3ac1ccb3b08e33164ef421fae3f5f8c65f894e3cdcea9d00034b98e7209c88efab02df3ed2

Download Submit
C:\Windows\System\lRslsou.exe

Filesize
6.1MB

MD5
24dae62de1df782b387f6e8d8e0d8faf

SHA1
829d9d13e2d167b7a4d52ff5690fe7b77363551a

SHA256
b8b8fae2407ef8d231ba22172b4b1b3a62977b91ae3a0acfaf3ae1088762ec38

SHA512
3ea6ed0efd88a12ef5d676f08a7f79ba097f5e0755899434725dc5f2583d29da26f8695f75c7b0729e8ba62962657ca23cad34595808e29085a90aed4462890b

Download Submit
C:\Windows\System\lliYOja.exe

Filesize
6.0MB

MD5
1a80c344f671a86a67c61752784c9363

SHA1
f42b34b6841e05a2abad59c885d1a6b748c4f3f0

SHA256
e23efb555e399e7ea24f2a516e31cf4756bea604dc7b528d7675246f480b3329

SHA512
092a504a1d4321ede025e071e8853c5661995409806a8ac70ef597c2c3a0562b507811992117d4b9907ef8e824534cde2c84e0253fbf6dfdc6f17ca9a8088309

Download Submit
C:\Windows\System\ltEGgqt.exe

Filesize
6.0MB

MD5
28beba8b139f0e3d3a8f43fdcfa9c089

SHA1
bd0e5fbe7fd4b7571df74ca7891b3c40ed4aeb68

SHA256
b5877163d5d30e43ed387d7df7aaebde3ad00b9def74c9f21f67494c45d30d38

SHA512
cb5c49d6d67ae38a77b867ed43dd828fbc8c94dbcaecb2f2f0778b18d77a08b3bbab80902ad829ea1f1f61b6aa8ababcaf7ddc7f96e7964f7c8f0976a7fee3e3

Download Submit
C:\Windows\System\mKNyAjr.exe

Filesize
6.1MB

MD5
5bd7495e9e62d530053be3aed9dd7712

SHA1
c688e96e6ae50d72e6a73767bbc3b6de05884d71

SHA256
c2308b09cf96c48b13d8192dad6b4394fb57e4f3b67b52e18870c74426110168

SHA512
9c9aa139b9d57bee96a3b5ed33a5ca6215a4431f050ff9f8063be69620dbe4df07150b447f308cbce1c27128d551f88b7c8caa6ddb265c31a3a45d6a16454b24

Download Submit
C:\Windows\System\oKhMWGF.exe

Filesize
6.0MB

MD5
bd96c3eebb4ffa1063bbf73a5ca9e4c1

SHA1
acdfa5d54b0b203a1bb8f180bd3d134f3b7f38d9

SHA256
aec25a7fcdbb9724432a61d699b278b63398b169036df92d3197bccb95857135

SHA512
f511fa32974e3119878159509ed575092d560adbcd6477a641b11bd3fb565a60c638dc6cc7e3bfb88bf68340d72c89ccdca016dde0674beff03689509cfcf3f8

Download Submit
C:\Windows\System\pufyrSO.exe

Filesize
6.0MB

MD5
c7d72885c4bab11cb3ef88c14816f4a7

SHA1
44d1124ea635e9fc88f25ab07a5f77582f73111d

SHA256
3fd410a6cca53d20d52a926eed756cc713a899f54248151464f0da2dd4923863

SHA512
a3b0b261f10e26f30862e0e9d6594d40a5eabff03854cad538a03fc2e1a1aa888286e7274aa2b5413733eb4e048807a923fcb3072381f2aae5154ee1822b3977

Download Submit
C:\Windows\System\qBefgjT.exe

Filesize
6.0MB

MD5
981f9e483cd40a513cd24c3a6907ad8d

SHA1
7322faac48c915d8260a1110df39c318b00a9c46

SHA256
0adc35f51fcf6d914df21ceda556397363c6a7de9562ad216247fb68ca9e5b21

SHA512
cbf54db920e8a89874d72c5f8a2dc06c210d82c5acec67bdcae36c161479eab9b87e78b5b586e57b469092dfbb569fcd2702217a76ca21fb6d4e00fd421e3707

Download Submit
C:\Windows\System\sFJXcsa.exe

Filesize
6.0MB

MD5
6fb577de449b84ea5e7d36f74373293f

SHA1
284eb9f61be52b82c1a3b01eea13614824d63521

SHA256
65aa7e9a1755c619a2046dfe58fe46d1749f73cb0761301d0f9377d4904c6c66

SHA512
262e146110853afc424ea870f9e6cfdfcf939bb18f345ec6e449fd172b4a2e915b9e230e06e2b86ba6a650d8dbe91e65592da26afb47ce44564c9684f0cf8a0b

Download Submit
C:\Windows\System\teSiltn.exe

Filesize
6.0MB

MD5
2b0a359ffa8dbc844474dde728a604c3

SHA1
29201228e8235291377d7563587730bc97967400

SHA256
bc7309bbadcd4ee59f57b4c08e557f37e87d88f260655246e4433a95ba1fa894

SHA512
5c09b6158bef546888ed69b03577daed479c22d6ff2b05fdb7a060d072038294b072a7263587a5c0c31323ebc60ba98a51926f8ab13a7688c587ff72ed342be0

Download Submit
C:\Windows\System\ueQMxDA.exe

Filesize
6.1MB

MD5
306d1dc552dd151fd65359a1710085f2

SHA1
e9b9cf4d7420a0c2d96c287887970f681a429db0

SHA256
6de491144f535c3ec999cd3738465a7114ee72716204436b9b27ef3ffa6d51ec

SHA512
23e41988fc08e19b62b6486237615d1e2c03869a20201051833d5ebf8fae94ad9e186afd6f160b6c266c91edb9b9495d34552944c6e91587c281d46d20362d20

Download Submit
memory/548-1999-0x00007FF759030000-0x00007FF759384000-memory.dmp

Filesize
3.3MB

Download
memory/548-320-0x00007FF759030000-0x00007FF759384000-memory.dmp

Filesize
3.3MB

Download
memory/964-105-0x00007FF7049A0000-0x00007FF704CF4000-memory.dmp

Filesize
3.3MB

Download
memory/964-655-0x00007FF7049A0000-0x00007FF704CF4000-memory.dmp

Filesize
3.3MB

Download
memory/964-1957-0x00007FF7049A0000-0x00007FF704CF4000-memory.dmp

Filesize
3.3MB

Download
memory/984-244-0x00007FF7C7990000-0x00007FF7C7CE4000-memory.dmp

Filesize
3.3MB

Download
memory/984-2006-0x00007FF7C7990000-0x00007FF7C7CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-18-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp

Filesize
3.3MB

Download
memory/1008-327-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp

Filesize
3.3MB

Download
memory/1008-1845-0x00007FF6E22F0000-0x00007FF6E2644000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2012-0x00007FF7D26B0000-0x00007FF7D2A04000-memory.dmp

Filesize
3.3MB

Download
memory/1204-300-0x00007FF7D26B0000-0x00007FF7D2A04000-memory.dmp

Filesize
3.3MB

Download
memory/1480-25-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp

Filesize
3.3MB

Download
memory/1480-377-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1875-0x00007FF6C76B0000-0x00007FF6C7A04000-memory.dmp

Filesize
3.3MB

Download
memory/1672-234-0x00007FF722DD0000-0x00007FF723124000-memory.dmp

Filesize
3.3MB

Download
memory/1672-730-0x00007FF722DD0000-0x00007FF723124000-memory.dmp

Filesize
3.3MB

Download
memory/1672-1994-0x00007FF722DD0000-0x00007FF723124000-memory.dmp

Filesize
3.3MB

Download
memory/2332-89-0x00007FF7B78B0000-0x00007FF7B7C04000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1933-0x00007FF7B78B0000-0x00007FF7B7C04000-memory.dmp

Filesize
3.3MB

Download
memory/2776-311-0x00007FF7CF4B0000-0x00007FF7CF804000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2030-0x00007FF7CF4B0000-0x00007FF7CF804000-memory.dmp

Filesize
3.3MB

Download
memory/3500-301-0x00007FF617170000-0x00007FF6174C4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2015-0x00007FF617170000-0x00007FF6174C4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-1925-0x00007FF6B30B0000-0x00007FF6B3404000-memory.dmp

Filesize
3.3MB

Download
memory/3740-83-0x00007FF6B30B0000-0x00007FF6B3404000-memory.dmp

Filesize
3.3MB

Download
memory/3828-8-0x00007FF6D37E0000-0x00007FF6D3B34000-memory.dmp

Filesize
3.3MB

Download
memory/3828-1829-0x00007FF6D37E0000-0x00007FF6D3B34000-memory.dmp

Filesize
3.3MB

Download
memory/3980-729-0x00007FF609000000-0x00007FF609354000-memory.dmp

Filesize
3.3MB

Download
memory/3980-1986-0x00007FF609000000-0x00007FF609354000-memory.dmp

Filesize
3.3MB

Download
memory/3980-122-0x00007FF609000000-0x00007FF609354000-memory.dmp

Filesize
3.3MB

Download
memory/4184-100-0x00007FF696660000-0x00007FF6969B4000-memory.dmp

Filesize
3.3MB

Download
memory/4184-1-0x000001F913E00000-0x000001F913E10000-memory.dmp

Filesize
64KB

Download
memory/4184-0-0x00007FF696660000-0x00007FF6969B4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-1834-0x00007FF7F8070000-0x00007FF7F83C4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-14-0x00007FF7F8070000-0x00007FF7F83C4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-317-0x00007FF69AAD0000-0x00007FF69AE24000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2034-0x00007FF69AAD0000-0x00007FF69AE24000-memory.dmp

Filesize
3.3MB

Download
memory/4512-1988-0x00007FF7BCF90000-0x00007FF7BD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-318-0x00007FF7BCF90000-0x00007FF7BD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1895-0x00007FF68E710000-0x00007FF68EA64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-39-0x00007FF68E710000-0x00007FF68EA64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-491-0x00007FF68E710000-0x00007FF68EA64000-memory.dmp

Filesize
3.3MB

Download
memory/4588-1884-0x00007FF7C0DC0000-0x00007FF7C1114000-memory.dmp

Filesize
3.3MB

Download
memory/4588-30-0x00007FF7C0DC0000-0x00007FF7C1114000-memory.dmp

Filesize
3.3MB

Download
memory/4588-435-0x00007FF7C0DC0000-0x00007FF7C1114000-memory.dmp

Filesize
3.3MB

Download
memory/4632-1908-0x00007FF6D8F50000-0x00007FF6D92A4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-531-0x00007FF6D8F50000-0x00007FF6D92A4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-47-0x00007FF6D8F50000-0x00007FF6D92A4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-1904-0x00007FF65D230000-0x00007FF65D584000-memory.dmp

Filesize
3.3MB

Download
memory/4732-54-0x00007FF65D230000-0x00007FF65D584000-memory.dmp

Filesize
3.3MB

Download
memory/4804-1951-0x00007FF6CEB70000-0x00007FF6CEEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-98-0x00007FF6CEB70000-0x00007FF6CEEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-66-0x00007FF737730000-0x00007FF737A84000-memory.dmp

Filesize
3.3MB

Download
memory/4848-438-0x00007FF737730000-0x00007FF737A84000-memory.dmp

Filesize
3.3MB

Download
memory/4848-1913-0x00007FF737730000-0x00007FF737A84000-memory.dmp

Filesize
3.3MB

Download
memory/4860-78-0x00007FF610D10000-0x00007FF611064000-memory.dmp

Filesize
3.3MB

Download
memory/4860-1911-0x00007FF610D10000-0x00007FF611064000-memory.dmp

Filesize
3.3MB

Download
memory/4884-111-0x00007FF7E6C70000-0x00007FF7E6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-1960-0x00007FF7E6C70000-0x00007FF7E6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-724-0x00007FF7E6C70000-0x00007FF7E6FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1920-0x00007FF78CFD0000-0x00007FF78D324000-memory.dmp

Filesize
3.3MB

Download
memory/4944-82-0x00007FF78CFD0000-0x00007FF78D324000-memory.dmp

Filesize
3.3MB

Download
memory/5192-308-0x00007FF733D60000-0x00007FF7340B4000-memory.dmp

Filesize
3.3MB

Download
memory/5192-2019-0x00007FF733D60000-0x00007FF7340B4000-memory.dmp

Filesize
3.3MB

Download
memory/5636-319-0x00007FF7BFB90000-0x00007FF7BFEE4000-memory.dmp

Filesize
3.3MB

Download
memory/5636-1990-0x00007FF7BFB90000-0x00007FF7BFEE4000-memory.dmp

Filesize
3.3MB

Download
memory/5776-95-0x00007FF6BA410000-0x00007FF6BA764000-memory.dmp

Filesize
3.3MB

Download
memory/5776-1939-0x00007FF6BA410000-0x00007FF6BA764000-memory.dmp

Filesize
3.3MB

Download
memory/5972-725-0x00007FF7C9520000-0x00007FF7C9874000-memory.dmp

Filesize
3.3MB

Download
memory/5972-118-0x00007FF7C9520000-0x00007FF7C9874000-memory.dmp

Filesize
3.3MB

Download
memory/5972-1984-0x00007FF7C9520000-0x00007FF7C9874000-memory.dmp

Filesize
3.3MB

Download