cobaltstrike | 5dbb43290e9f6f233c78e828fb78312d8335eea2602221411671fd81badb0d40

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

4da956991b24c888ac15e6d8ef67a1a7
SHA1

4d349d8844c5334f335c517903db49bb5d1b1ed1
SHA256

5dbb43290e9f6f233c78e828fb78312d8335eea2602221411671fd81badb0d40
SHA512

3ebd238c4d6a466e7ab3bd7a8f629bed6950cde8b618ae21a3b14768ef1d300836eefd22bc12c8ec965be32193736b3ac2c55783ea3ecf3ce1bdf5f7b3250673
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000024062-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024123-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024122-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024124-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024125-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024127-34.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002411f-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024128-49.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002412b-62.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002412d-82.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002412c-78.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002412a-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024129-60.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023f5a-96.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002412e-89.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023f5c-102.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023f6e-111.dat	cobalt_reflective_dll
behavioral2/files/0x0010000000023f77-133.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023f7c-153.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023f7a-147.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023f76-138.dat	cobalt_reflective_dll
behavioral2/files/0x0033000000023f71-131.dat	cobalt_reflective_dll
behavioral2/files/0x0035000000023f70-126.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002414d-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024132-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024150-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024151-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024154-208.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024153-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024152-204.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002414f-187.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002414e-174.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4680-0-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp	xmrig
behavioral2/files/0x000a000000024062-5.dat	xmrig
behavioral2/files/0x0007000000024123-9.dat	xmrig
behavioral2/memory/3000-12-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024122-13.dat	xmrig
behavioral2/memory/3808-6-0x00007FF65A000000-0x00007FF65A354000-memory.dmp	xmrig
behavioral2/memory/4296-18-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp	xmrig
behavioral2/files/0x0007000000024124-23.dat	xmrig
behavioral2/memory/4244-24-0x00007FF632300000-0x00007FF632654000-memory.dmp	xmrig
behavioral2/files/0x0007000000024125-28.dat	xmrig
behavioral2/files/0x0007000000024127-34.dat	xmrig
behavioral2/memory/1736-35-0x00007FF785F10000-0x00007FF786264000-memory.dmp	xmrig
behavioral2/memory/3484-30-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp	xmrig
behavioral2/files/0x000800000002411f-40.dat	xmrig
behavioral2/memory/3724-43-0x00007FF677700000-0x00007FF677A54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024128-49.dat	xmrig
behavioral2/memory/2324-48-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp	xmrig
behavioral2/memory/3912-56-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002412b-62.dat	xmrig
behavioral2/memory/3808-71-0x00007FF65A000000-0x00007FF65A354000-memory.dmp	xmrig
behavioral2/memory/3000-77-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp	xmrig
behavioral2/files/0x000700000002412d-82.dat	xmrig
behavioral2/memory/316-81-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp	xmrig
behavioral2/files/0x000700000002412c-78.dat	xmrig
behavioral2/memory/3308-76-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002412a-73.dat	xmrig
behavioral2/memory/2292-70-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp	xmrig
behavioral2/memory/4292-66-0x00007FF69D120000-0x00007FF69D474000-memory.dmp	xmrig
behavioral2/memory/4680-65-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp	xmrig
behavioral2/files/0x0007000000024129-60.dat	xmrig
behavioral2/memory/4244-88-0x00007FF632300000-0x00007FF632654000-memory.dmp	xmrig
behavioral2/memory/2076-95-0x00007FF7AD5C0000-0x00007FF7AD914000-memory.dmp	xmrig
behavioral2/files/0x000b000000023f5a-96.dat	xmrig
behavioral2/memory/3484-94-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp	xmrig
behavioral2/memory/1744-92-0x00007FF6FA820000-0x00007FF6FAB74000-memory.dmp	xmrig
behavioral2/files/0x000700000002412e-89.dat	xmrig
behavioral2/memory/4296-86-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp	xmrig
behavioral2/memory/1736-98-0x00007FF785F10000-0x00007FF786264000-memory.dmp	xmrig
behavioral2/files/0x000b000000023f5c-102.dat	xmrig
behavioral2/memory/3724-105-0x00007FF677700000-0x00007FF677A54000-memory.dmp	xmrig
behavioral2/files/0x000c000000023f6e-111.dat	xmrig
behavioral2/memory/3912-117-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp	xmrig
behavioral2/files/0x0010000000023f77-133.dat	xmrig
behavioral2/files/0x000d000000023f7c-153.dat	xmrig
behavioral2/memory/5064-152-0x00007FF73CBF0000-0x00007FF73CF44000-memory.dmp	xmrig
behavioral2/files/0x000e000000023f7a-147.dat	xmrig
behavioral2/memory/4452-146-0x00007FF60A6F0000-0x00007FF60AA44000-memory.dmp	xmrig
behavioral2/memory/316-145-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp	xmrig
behavioral2/files/0x000c000000023f76-138.dat	xmrig
behavioral2/memory/680-137-0x00007FF6F0010000-0x00007FF6F0364000-memory.dmp	xmrig
behavioral2/memory/8-136-0x00007FF66AC30000-0x00007FF66AF84000-memory.dmp	xmrig
behavioral2/memory/1500-135-0x00007FF6A82F0000-0x00007FF6A8644000-memory.dmp	xmrig
behavioral2/files/0x0033000000023f71-131.dat	xmrig
behavioral2/memory/3308-129-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp	xmrig
behavioral2/memory/4292-128-0x00007FF69D120000-0x00007FF69D474000-memory.dmp	xmrig
behavioral2/memory/2444-127-0x00007FF619390000-0x00007FF6196E4000-memory.dmp	xmrig
behavioral2/files/0x0035000000023f70-126.dat	xmrig
behavioral2/memory/2292-120-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp	xmrig
behavioral2/memory/1300-112-0x00007FF69BCF0000-0x00007FF69C044000-memory.dmp	xmrig
behavioral2/memory/2324-109-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp	xmrig
behavioral2/memory/1964-106-0x00007FF6C57B0000-0x00007FF6C5B04000-memory.dmp	xmrig
behavioral2/files/0x000700000002414d-162.dat	xmrig
behavioral2/files/0x0007000000024132-157.dat	xmrig
behavioral2/memory/2304-164-0x00007FF7444A0000-0x00007FF7447F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3808	CYwwqLd.exe
3000	ZLIpLKf.exe
4296	jVKRirM.exe
4244	wyeafeZ.exe
3484	wusvuPp.exe
1736	jNHQMZj.exe
3724	GijeZBG.exe
2324	elGgqOE.exe
3912	jgQkmVO.exe
4292	hIoMcKl.exe
2292	ucVoKtu.exe
3308	tsjgmGG.exe
316	OeASFFw.exe
1744	QINVsqk.exe
2076	djGQGMz.exe
1964	SovHlxB.exe
1300	BSikuKj.exe
2444	punsoSc.exe
1500	vvpmJdB.exe
680	nmrSLUN.exe
8	OXwErLg.exe
4452	fLiohXZ.exe
5064	rxjJOkl.exe
1968	TJMBskV.exe
2304	VfeCotH.exe
4576	CDfdauv.exe
3244	UgdVLKf.exe
4804	OqXTIpT.exe
3044	awxaqMw.exe
4872	BsjNUko.exe
2148	RCdlyFw.exe
3404	EHaMmfq.exe
1764	vLRGgJY.exe
1536	GAlKeuO.exe
2440	kbJIXNB.exe
836	elrTwvX.exe
4844	muSYHFq.exe
3512	bktJzvt.exe
2336	PArZhHJ.exe
5052	CPbwlfn.exe
3680	agNLSSV.exe
1740	sPWUnsb.exe
4984	uGTVTHQ.exe
2908	djHRJqD.exe
2272	hrzWxLF.exe
5076	ZaTAUka.exe
1884	alHaiiI.exe
1456	cFsmeej.exe
212	rzltsFI.exe
4792	hfzUuRD.exe
3996	JOHFeTb.exe
2540	nBmfotm.exe
4692	jxsOEBZ.exe
1384	QUeokxu.exe
2328	hIKKzpD.exe
996	ugAQrsT.exe
3532	gqDYRWs.exe
3976	XLCASvX.exe
3444	vTISKok.exe
4476	aXaIdSh.exe
4400	SRXpKQu.exe
4136	ATfygxa.exe
4896	nucytHV.exe
4988	KZaMqtc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4680-0-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp	upx
behavioral2/files/0x000a000000024062-5.dat	upx
behavioral2/files/0x0007000000024123-9.dat	upx
behavioral2/memory/3000-12-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp	upx
behavioral2/files/0x0007000000024122-13.dat	upx
behavioral2/memory/3808-6-0x00007FF65A000000-0x00007FF65A354000-memory.dmp	upx
behavioral2/memory/4296-18-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp	upx
behavioral2/files/0x0007000000024124-23.dat	upx
behavioral2/memory/4244-24-0x00007FF632300000-0x00007FF632654000-memory.dmp	upx
behavioral2/files/0x0007000000024125-28.dat	upx
behavioral2/files/0x0007000000024127-34.dat	upx
behavioral2/memory/1736-35-0x00007FF785F10000-0x00007FF786264000-memory.dmp	upx
behavioral2/memory/3484-30-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp	upx
behavioral2/files/0x000800000002411f-40.dat	upx
behavioral2/memory/3724-43-0x00007FF677700000-0x00007FF677A54000-memory.dmp	upx
behavioral2/files/0x0007000000024128-49.dat	upx
behavioral2/memory/2324-48-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp	upx
behavioral2/memory/3912-56-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp	upx
behavioral2/files/0x000700000002412b-62.dat	upx
behavioral2/memory/3808-71-0x00007FF65A000000-0x00007FF65A354000-memory.dmp	upx
behavioral2/memory/3000-77-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp	upx
behavioral2/files/0x000700000002412d-82.dat	upx
behavioral2/memory/316-81-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp	upx
behavioral2/files/0x000700000002412c-78.dat	upx
behavioral2/memory/3308-76-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp	upx
behavioral2/files/0x000700000002412a-73.dat	upx
behavioral2/memory/2292-70-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp	upx
behavioral2/memory/4292-66-0x00007FF69D120000-0x00007FF69D474000-memory.dmp	upx
behavioral2/memory/4680-65-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp	upx
behavioral2/files/0x0007000000024129-60.dat	upx
behavioral2/memory/4244-88-0x00007FF632300000-0x00007FF632654000-memory.dmp	upx
behavioral2/memory/2076-95-0x00007FF7AD5C0000-0x00007FF7AD914000-memory.dmp	upx
behavioral2/files/0x000b000000023f5a-96.dat	upx
behavioral2/memory/3484-94-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp	upx
behavioral2/memory/1744-92-0x00007FF6FA820000-0x00007FF6FAB74000-memory.dmp	upx
behavioral2/files/0x000700000002412e-89.dat	upx
behavioral2/memory/4296-86-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp	upx
behavioral2/memory/1736-98-0x00007FF785F10000-0x00007FF786264000-memory.dmp	upx
behavioral2/files/0x000b000000023f5c-102.dat	upx
behavioral2/memory/3724-105-0x00007FF677700000-0x00007FF677A54000-memory.dmp	upx
behavioral2/files/0x000c000000023f6e-111.dat	upx
behavioral2/memory/3912-117-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp	upx
behavioral2/files/0x0010000000023f77-133.dat	upx
behavioral2/files/0x000d000000023f7c-153.dat	upx
behavioral2/memory/5064-152-0x00007FF73CBF0000-0x00007FF73CF44000-memory.dmp	upx
behavioral2/files/0x000e000000023f7a-147.dat	upx
behavioral2/memory/4452-146-0x00007FF60A6F0000-0x00007FF60AA44000-memory.dmp	upx
behavioral2/memory/316-145-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp	upx
behavioral2/files/0x000c000000023f76-138.dat	upx
behavioral2/memory/680-137-0x00007FF6F0010000-0x00007FF6F0364000-memory.dmp	upx
behavioral2/memory/8-136-0x00007FF66AC30000-0x00007FF66AF84000-memory.dmp	upx
behavioral2/memory/1500-135-0x00007FF6A82F0000-0x00007FF6A8644000-memory.dmp	upx
behavioral2/files/0x0033000000023f71-131.dat	upx
behavioral2/memory/3308-129-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp	upx
behavioral2/memory/4292-128-0x00007FF69D120000-0x00007FF69D474000-memory.dmp	upx
behavioral2/memory/2444-127-0x00007FF619390000-0x00007FF6196E4000-memory.dmp	upx
behavioral2/files/0x0035000000023f70-126.dat	upx
behavioral2/memory/2292-120-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp	upx
behavioral2/memory/1300-112-0x00007FF69BCF0000-0x00007FF69C044000-memory.dmp	upx
behavioral2/memory/2324-109-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp	upx
behavioral2/memory/1964-106-0x00007FF6C57B0000-0x00007FF6C5B04000-memory.dmp	upx
behavioral2/files/0x000700000002414d-162.dat	upx
behavioral2/files/0x0007000000024132-157.dat	upx
behavioral2/memory/2304-164-0x00007FF7444A0000-0x00007FF7447F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UXNtyIK.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\knvQWIq.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WxRAuVr.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nqxsMJl.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hruBlxC.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qlcYvcx.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JgdPQfu.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\quOndBx.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MwZoTiq.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qBwxwiO.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xdwYPYX.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JqNTwJs.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tpBkVZL.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EDNxcpm.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CrqOZtw.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gObUKHQ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PAZAWQI.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fPqbOgf.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BNmluMA.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IdYebGq.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DajkfCw.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gotxTeS.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TAFGeVi.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EIvYQXH.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZLIpLKf.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dZxdxJE.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TVuFgrY.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WwMoBZW.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FCCDYDw.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tGXFdeP.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EIIjTMQ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UxKUbBM.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RPbpTFU.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JgnPxeC.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PsiDuQI.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZQOqTSF.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NLFmTwQ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pwxoxph.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fLiohXZ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UEPRhpQ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FikQPwH.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ezUfyjr.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bIuexvh.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cbTgLlK.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SrcmMoo.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tRjtIcv.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SJhehQw.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iobtFfM.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TvlbZwD.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yqxOpLT.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NsvzFKh.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VtmeTVT.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NgSKXUw.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gaMfNel.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UVnhaUq.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gHNdoSY.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kxUGKfQ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OXwErLg.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cFsmeej.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jIrnBJy.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\twbfkpL.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EmYNKYJ.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ktWIIoS.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xVBipvt.exe	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 3808	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4680 wrote to memory of 3808	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 4680 wrote to memory of 3000	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4680 wrote to memory of 3000	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 4680 wrote to memory of 4296	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4680 wrote to memory of 4296	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 4680 wrote to memory of 4244	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4680 wrote to memory of 4244	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 4680 wrote to memory of 3484	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4680 wrote to memory of 3484	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 4680 wrote to memory of 1736	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4680 wrote to memory of 1736	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 4680 wrote to memory of 3724	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4680 wrote to memory of 3724	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 4680 wrote to memory of 2324	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4680 wrote to memory of 2324	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 4680 wrote to memory of 3912	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4680 wrote to memory of 3912	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 4680 wrote to memory of 4292	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4680 wrote to memory of 4292	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 4680 wrote to memory of 2292	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4680 wrote to memory of 2292	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 4680 wrote to memory of 3308	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4680 wrote to memory of 3308	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 4680 wrote to memory of 316	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4680 wrote to memory of 316	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 4680 wrote to memory of 1744	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4680 wrote to memory of 1744	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 4680 wrote to memory of 2076	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4680 wrote to memory of 2076	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 4680 wrote to memory of 1964	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4680 wrote to memory of 1964	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 4680 wrote to memory of 1300	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4680 wrote to memory of 1300	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 4680 wrote to memory of 2444	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4680 wrote to memory of 2444	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 4680 wrote to memory of 1500	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4680 wrote to memory of 1500	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 4680 wrote to memory of 680	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4680 wrote to memory of 680	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 4680 wrote to memory of 8	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4680 wrote to memory of 8	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 4680 wrote to memory of 4452	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4680 wrote to memory of 4452	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 4680 wrote to memory of 5064	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4680 wrote to memory of 5064	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 4680 wrote to memory of 1968	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4680 wrote to memory of 1968	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 4680 wrote to memory of 2304	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4680 wrote to memory of 2304	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 4680 wrote to memory of 4576	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4680 wrote to memory of 4576	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 4680 wrote to memory of 3244	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4680 wrote to memory of 3244	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 4680 wrote to memory of 4804	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4680 wrote to memory of 4804	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 4680 wrote to memory of 3044	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4680 wrote to memory of 3044	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 4680 wrote to memory of 4872	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 4680 wrote to memory of 4872	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 4680 wrote to memory of 2148	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 4680 wrote to memory of 2148	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 4680 wrote to memory of 3404	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 4680 wrote to memory of 3404	4680	2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123

C:\Users\Admin\AppData\Local\Temp\2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_4da956991b24c888ac15e6d8ef67a1a7_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Windows\System\CYwwqLd.exe
  C:\Windows\System\CYwwqLd.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\ZLIpLKf.exe
  C:\Windows\System\ZLIpLKf.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\jVKRirM.exe
  C:\Windows\System\jVKRirM.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\wyeafeZ.exe
  C:\Windows\System\wyeafeZ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\wusvuPp.exe
  C:\Windows\System\wusvuPp.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\jNHQMZj.exe
  C:\Windows\System\jNHQMZj.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\GijeZBG.exe
  C:\Windows\System\GijeZBG.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\elGgqOE.exe
  C:\Windows\System\elGgqOE.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\jgQkmVO.exe
  C:\Windows\System\jgQkmVO.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\hIoMcKl.exe
  C:\Windows\System\hIoMcKl.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\ucVoKtu.exe
  C:\Windows\System\ucVoKtu.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\tsjgmGG.exe
  C:\Windows\System\tsjgmGG.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\OeASFFw.exe
  C:\Windows\System\OeASFFw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\QINVsqk.exe
  C:\Windows\System\QINVsqk.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\djGQGMz.exe
  C:\Windows\System\djGQGMz.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\SovHlxB.exe
  C:\Windows\System\SovHlxB.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\BSikuKj.exe
  C:\Windows\System\BSikuKj.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\punsoSc.exe
  C:\Windows\System\punsoSc.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\vvpmJdB.exe
  C:\Windows\System\vvpmJdB.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\nmrSLUN.exe
  C:\Windows\System\nmrSLUN.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\OXwErLg.exe
  C:\Windows\System\OXwErLg.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\fLiohXZ.exe
  C:\Windows\System\fLiohXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\rxjJOkl.exe
  C:\Windows\System\rxjJOkl.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\TJMBskV.exe
  C:\Windows\System\TJMBskV.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VfeCotH.exe
  C:\Windows\System\VfeCotH.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\CDfdauv.exe
  C:\Windows\System\CDfdauv.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\UgdVLKf.exe
  C:\Windows\System\UgdVLKf.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\OqXTIpT.exe
  C:\Windows\System\OqXTIpT.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\awxaqMw.exe
  C:\Windows\System\awxaqMw.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\BsjNUko.exe
  C:\Windows\System\BsjNUko.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\RCdlyFw.exe
  C:\Windows\System\RCdlyFw.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\EHaMmfq.exe
  C:\Windows\System\EHaMmfq.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\vLRGgJY.exe
  C:\Windows\System\vLRGgJY.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\GAlKeuO.exe
  C:\Windows\System\GAlKeuO.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\kbJIXNB.exe
  C:\Windows\System\kbJIXNB.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\elrTwvX.exe
  C:\Windows\System\elrTwvX.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\muSYHFq.exe
  C:\Windows\System\muSYHFq.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\bktJzvt.exe
  C:\Windows\System\bktJzvt.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\PArZhHJ.exe
  C:\Windows\System\PArZhHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\CPbwlfn.exe
  C:\Windows\System\CPbwlfn.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\agNLSSV.exe
  C:\Windows\System\agNLSSV.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\sPWUnsb.exe
  C:\Windows\System\sPWUnsb.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\uGTVTHQ.exe
  C:\Windows\System\uGTVTHQ.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\djHRJqD.exe
  C:\Windows\System\djHRJqD.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hrzWxLF.exe
  C:\Windows\System\hrzWxLF.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ZaTAUka.exe
  C:\Windows\System\ZaTAUka.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\alHaiiI.exe
  C:\Windows\System\alHaiiI.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\cFsmeej.exe
  C:\Windows\System\cFsmeej.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\rzltsFI.exe
  C:\Windows\System\rzltsFI.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\hfzUuRD.exe
  C:\Windows\System\hfzUuRD.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\JOHFeTb.exe
  C:\Windows\System\JOHFeTb.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\nBmfotm.exe
  C:\Windows\System\nBmfotm.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\jxsOEBZ.exe
  C:\Windows\System\jxsOEBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\QUeokxu.exe
  C:\Windows\System\QUeokxu.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\hIKKzpD.exe
  C:\Windows\System\hIKKzpD.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\ugAQrsT.exe
  C:\Windows\System\ugAQrsT.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\gqDYRWs.exe
  C:\Windows\System\gqDYRWs.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\XLCASvX.exe
  C:\Windows\System\XLCASvX.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\vTISKok.exe
  C:\Windows\System\vTISKok.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\aXaIdSh.exe
  C:\Windows\System\aXaIdSh.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\SRXpKQu.exe
  C:\Windows\System\SRXpKQu.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\ATfygxa.exe
  C:\Windows\System\ATfygxa.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\nucytHV.exe
  C:\Windows\System\nucytHV.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\KZaMqtc.exe
  C:\Windows\System\KZaMqtc.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\bUDHOBl.exe
  C:\Windows\System\bUDHOBl.exe
  2⤵
  PID:1276
- C:\Windows\System\bamlJpN.exe
  C:\Windows\System\bamlJpN.exe
  2⤵
  PID:3944
- C:\Windows\System\qiPGLey.exe
  C:\Windows\System\qiPGLey.exe
  2⤵
  PID:1364
- C:\Windows\System\OyorlIH.exe
  C:\Windows\System\OyorlIH.exe
  2⤵
  PID:1980
- C:\Windows\System\oTFuIgQ.exe
  C:\Windows\System\oTFuIgQ.exe
  2⤵
  PID:1236
- C:\Windows\System\VQQgyqf.exe
  C:\Windows\System\VQQgyqf.exe
  2⤵
  PID:440
- C:\Windows\System\VDyWFJC.exe
  C:\Windows\System\VDyWFJC.exe
  2⤵
  PID:3536
- C:\Windows\System\IuVoLUJ.exe
  C:\Windows\System\IuVoLUJ.exe
  2⤵
  PID:3048
- C:\Windows\System\RPbpTFU.exe
  C:\Windows\System\RPbpTFU.exe
  2⤵
  PID:4508
- C:\Windows\System\MRHTSla.exe
  C:\Windows\System\MRHTSla.exe
  2⤵
  PID:1656
- C:\Windows\System\xxfNzav.exe
  C:\Windows\System\xxfNzav.exe
  2⤵
  PID:4080
- C:\Windows\System\kBlcIrJ.exe
  C:\Windows\System\kBlcIrJ.exe
  2⤵
  PID:264
- C:\Windows\System\WlphdXU.exe
  C:\Windows\System\WlphdXU.exe
  2⤵
  PID:2404
- C:\Windows\System\iuKnmwc.exe
  C:\Windows\System\iuKnmwc.exe
  2⤵
  PID:3460
- C:\Windows\System\bfgBccT.exe
  C:\Windows\System\bfgBccT.exe
  2⤵
  PID:5152
- C:\Windows\System\hXtePHO.exe
  C:\Windows\System\hXtePHO.exe
  2⤵
  PID:5176
- C:\Windows\System\hPOuooD.exe
  C:\Windows\System\hPOuooD.exe
  2⤵
  PID:5204
- C:\Windows\System\AkRdKUF.exe
  C:\Windows\System\AkRdKUF.exe
  2⤵
  PID:5232
- C:\Windows\System\WpDNgJI.exe
  C:\Windows\System\WpDNgJI.exe
  2⤵
  PID:5264
- C:\Windows\System\rewUAuk.exe
  C:\Windows\System\rewUAuk.exe
  2⤵
  PID:5300
- C:\Windows\System\DaUHFSp.exe
  C:\Windows\System\DaUHFSp.exe
  2⤵
  PID:5324
- C:\Windows\System\IwpkRPB.exe
  C:\Windows\System\IwpkRPB.exe
  2⤵
  PID:5352
- C:\Windows\System\uRlulYy.exe
  C:\Windows\System\uRlulYy.exe
  2⤵
  PID:5380
- C:\Windows\System\OFTBdCA.exe
  C:\Windows\System\OFTBdCA.exe
  2⤵
  PID:5408
- C:\Windows\System\UVLwnBv.exe
  C:\Windows\System\UVLwnBv.exe
  2⤵
  PID:5436
- C:\Windows\System\UEPRhpQ.exe
  C:\Windows\System\UEPRhpQ.exe
  2⤵
  PID:5488
- C:\Windows\System\WQvzNIf.exe
  C:\Windows\System\WQvzNIf.exe
  2⤵
  PID:5528
- C:\Windows\System\NODYcSj.exe
  C:\Windows\System\NODYcSj.exe
  2⤵
  PID:5548
- C:\Windows\System\YrvhfkH.exe
  C:\Windows\System\YrvhfkH.exe
  2⤵
  PID:5584
- C:\Windows\System\wprcRuC.exe
  C:\Windows\System\wprcRuC.exe
  2⤵
  PID:5616
- C:\Windows\System\jfAWRkY.exe
  C:\Windows\System\jfAWRkY.exe
  2⤵
  PID:5648
- C:\Windows\System\skIOkMN.exe
  C:\Windows\System\skIOkMN.exe
  2⤵
  PID:5676
- C:\Windows\System\NFRilvm.exe
  C:\Windows\System\NFRilvm.exe
  2⤵
  PID:5708
- C:\Windows\System\ByNYvWn.exe
  C:\Windows\System\ByNYvWn.exe
  2⤵
  PID:5736
- C:\Windows\System\RbcDPtC.exe
  C:\Windows\System\RbcDPtC.exe
  2⤵
  PID:5768
- C:\Windows\System\UXNtyIK.exe
  C:\Windows\System\UXNtyIK.exe
  2⤵
  PID:5796
- C:\Windows\System\qILLqES.exe
  C:\Windows\System\qILLqES.exe
  2⤵
  PID:5828
- C:\Windows\System\RlACzwT.exe
  C:\Windows\System\RlACzwT.exe
  2⤵
  PID:5856
- C:\Windows\System\EmBEEQV.exe
  C:\Windows\System\EmBEEQV.exe
  2⤵
  PID:5872
- C:\Windows\System\ZgAGVpK.exe
  C:\Windows\System\ZgAGVpK.exe
  2⤵
  PID:5904
- C:\Windows\System\bYTnaQw.exe
  C:\Windows\System\bYTnaQw.exe
  2⤵
  PID:5940
- C:\Windows\System\GGRbaeR.exe
  C:\Windows\System\GGRbaeR.exe
  2⤵
  PID:5968
- C:\Windows\System\JgdPQfu.exe
  C:\Windows\System\JgdPQfu.exe
  2⤵
  PID:5992
- C:\Windows\System\vHntipK.exe
  C:\Windows\System\vHntipK.exe
  2⤵
  PID:6024
- C:\Windows\System\TSqqcNI.exe
  C:\Windows\System\TSqqcNI.exe
  2⤵
  PID:6048
- C:\Windows\System\CUTBGXv.exe
  C:\Windows\System\CUTBGXv.exe
  2⤵
  PID:6076
- C:\Windows\System\RXywOua.exe
  C:\Windows\System\RXywOua.exe
  2⤵
  PID:6104
- C:\Windows\System\HByZRjt.exe
  C:\Windows\System\HByZRjt.exe
  2⤵
  PID:5040
- C:\Windows\System\YXmkzSL.exe
  C:\Windows\System\YXmkzSL.exe
  2⤵
  PID:5140
- C:\Windows\System\esvaHkL.exe
  C:\Windows\System\esvaHkL.exe
  2⤵
  PID:5188
- C:\Windows\System\SrcmMoo.exe
  C:\Windows\System\SrcmMoo.exe
  2⤵
  PID:5240
- C:\Windows\System\TKcCzfU.exe
  C:\Windows\System\TKcCzfU.exe
  2⤵
  PID:5332
- C:\Windows\System\geccmGS.exe
  C:\Windows\System\geccmGS.exe
  2⤵
  PID:5388
- C:\Windows\System\yovcyUI.exe
  C:\Windows\System\yovcyUI.exe
  2⤵
  PID:5468
- C:\Windows\System\aRXxMux.exe
  C:\Windows\System\aRXxMux.exe
  2⤵
  PID:5540
- C:\Windows\System\aolSTyK.exe
  C:\Windows\System\aolSTyK.exe
  2⤵
  PID:5604
- C:\Windows\System\tRjtIcv.exe
  C:\Windows\System\tRjtIcv.exe
  2⤵
  PID:5660
- C:\Windows\System\UuqLmBd.exe
  C:\Windows\System\UuqLmBd.exe
  2⤵
  PID:5744
- C:\Windows\System\oNXwIXV.exe
  C:\Windows\System\oNXwIXV.exe
  2⤵
  PID:5784
- C:\Windows\System\gXtQpFJ.exe
  C:\Windows\System\gXtQpFJ.exe
  2⤵
  PID:5864
- C:\Windows\System\pjDldxT.exe
  C:\Windows\System\pjDldxT.exe
  2⤵
  PID:5936
- C:\Windows\System\BcurdUE.exe
  C:\Windows\System\BcurdUE.exe
  2⤵
  PID:5984
- C:\Windows\System\NKBrrJL.exe
  C:\Windows\System\NKBrrJL.exe
  2⤵
  PID:6056
- C:\Windows\System\GfXykkT.exe
  C:\Windows\System\GfXykkT.exe
  2⤵
  PID:6116
- C:\Windows\System\JgnPxeC.exe
  C:\Windows\System\JgnPxeC.exe
  2⤵
  PID:5160
- C:\Windows\System\IAbGwFG.exe
  C:\Windows\System\IAbGwFG.exe
  2⤵
  PID:5296
- C:\Windows\System\IKTTOWW.exe
  C:\Windows\System\IKTTOWW.exe
  2⤵
  PID:5432
- C:\Windows\System\RmjNNpF.exe
  C:\Windows\System\RmjNNpF.exe
  2⤵
  PID:3348
- C:\Windows\System\kqzyvRp.exe
  C:\Windows\System\kqzyvRp.exe
  2⤵
  PID:5756
- C:\Windows\System\woUCESr.exe
  C:\Windows\System\woUCESr.exe
  2⤵
  PID:5108
- C:\Windows\System\FikQPwH.exe
  C:\Windows\System\FikQPwH.exe
  2⤵
  PID:6064
- C:\Windows\System\gOwlBDH.exe
  C:\Windows\System\gOwlBDH.exe
  2⤵
  PID:5228
- C:\Windows\System\tLZcfND.exe
  C:\Windows\System\tLZcfND.exe
  2⤵
  PID:5568
- C:\Windows\System\OFviOZa.exe
  C:\Windows\System\OFviOZa.exe
  2⤵
  PID:5964
- C:\Windows\System\codaAMJ.exe
  C:\Windows\System\codaAMJ.exe
  2⤵
  PID:4752
- C:\Windows\System\cOVHgfk.exe
  C:\Windows\System\cOVHgfk.exe
  2⤵
  PID:5688
- C:\Windows\System\UUHjbha.exe
  C:\Windows\System\UUHjbha.exe
  2⤵
  PID:5536
- C:\Windows\System\uNWKktl.exe
  C:\Windows\System\uNWKktl.exe
  2⤵
  PID:6172
- C:\Windows\System\ezUfyjr.exe
  C:\Windows\System\ezUfyjr.exe
  2⤵
  PID:6200
- C:\Windows\System\oFXULKy.exe
  C:\Windows\System\oFXULKy.exe
  2⤵
  PID:6224
- C:\Windows\System\SJhehQw.exe
  C:\Windows\System\SJhehQw.exe
  2⤵
  PID:6256
- C:\Windows\System\PcyJmvY.exe
  C:\Windows\System\PcyJmvY.exe
  2⤵
  PID:6280
- C:\Windows\System\shCEcHk.exe
  C:\Windows\System\shCEcHk.exe
  2⤵
  PID:6308
- C:\Windows\System\zWzMEbE.exe
  C:\Windows\System\zWzMEbE.exe
  2⤵
  PID:6328
- C:\Windows\System\fcsFrlH.exe
  C:\Windows\System\fcsFrlH.exe
  2⤵
  PID:6364
- C:\Windows\System\fOnRNKd.exe
  C:\Windows\System\fOnRNKd.exe
  2⤵
  PID:6448
- C:\Windows\System\CvxgGWY.exe
  C:\Windows\System\CvxgGWY.exe
  2⤵
  PID:6508
- C:\Windows\System\EcaSkMt.exe
  C:\Windows\System\EcaSkMt.exe
  2⤵
  PID:6552
- C:\Windows\System\rsLThYy.exe
  C:\Windows\System\rsLThYy.exe
  2⤵
  PID:6584
- C:\Windows\System\MQUURiv.exe
  C:\Windows\System\MQUURiv.exe
  2⤵
  PID:6624
- C:\Windows\System\zYSRgqS.exe
  C:\Windows\System\zYSRgqS.exe
  2⤵
  PID:6656
- C:\Windows\System\WidTzer.exe
  C:\Windows\System\WidTzer.exe
  2⤵
  PID:6696
- C:\Windows\System\MMgrUFP.exe
  C:\Windows\System\MMgrUFP.exe
  2⤵
  PID:6724
- C:\Windows\System\crlzZXc.exe
  C:\Windows\System\crlzZXc.exe
  2⤵
  PID:6752
- C:\Windows\System\quOndBx.exe
  C:\Windows\System\quOndBx.exe
  2⤵
  PID:6780
- C:\Windows\System\fDpYGRu.exe
  C:\Windows\System\fDpYGRu.exe
  2⤵
  PID:6812
- C:\Windows\System\ErSzeIV.exe
  C:\Windows\System\ErSzeIV.exe
  2⤵
  PID:6840
- C:\Windows\System\cQZShCu.exe
  C:\Windows\System\cQZShCu.exe
  2⤵
  PID:6864
- C:\Windows\System\Rveekqt.exe
  C:\Windows\System\Rveekqt.exe
  2⤵
  PID:6896
- C:\Windows\System\YBWoYku.exe
  C:\Windows\System\YBWoYku.exe
  2⤵
  PID:6920
- C:\Windows\System\ZxsGOoc.exe
  C:\Windows\System\ZxsGOoc.exe
  2⤵
  PID:6948
- C:\Windows\System\loRhCPZ.exe
  C:\Windows\System\loRhCPZ.exe
  2⤵
  PID:6980
- C:\Windows\System\ftKxiku.exe
  C:\Windows\System\ftKxiku.exe
  2⤵
  PID:7004
- C:\Windows\System\PAZAWQI.exe
  C:\Windows\System\PAZAWQI.exe
  2⤵
  PID:7032
- C:\Windows\System\VAYcpQq.exe
  C:\Windows\System\VAYcpQq.exe
  2⤵
  PID:7060
- C:\Windows\System\jLZlCEN.exe
  C:\Windows\System\jLZlCEN.exe
  2⤵
  PID:7088
- C:\Windows\System\HdfPunN.exe
  C:\Windows\System\HdfPunN.exe
  2⤵
  PID:7120
- C:\Windows\System\SFKmKuV.exe
  C:\Windows\System\SFKmKuV.exe
  2⤵
  PID:7140
- C:\Windows\System\TrWKgbO.exe
  C:\Windows\System\TrWKgbO.exe
  2⤵
  PID:6160
- C:\Windows\System\hjynXev.exe
  C:\Windows\System\hjynXev.exe
  2⤵
  PID:6196
- C:\Windows\System\xiMTlIB.exe
  C:\Windows\System\xiMTlIB.exe
  2⤵
  PID:6288
- C:\Windows\System\ugdrtox.exe
  C:\Windows\System\ugdrtox.exe
  2⤵
  PID:6356
- C:\Windows\System\aHSFFpG.exe
  C:\Windows\System\aHSFFpG.exe
  2⤵
  PID:6472
- C:\Windows\System\XcHgJvd.exe
  C:\Windows\System\XcHgJvd.exe
  2⤵
  PID:6592
- C:\Windows\System\lrlnHto.exe
  C:\Windows\System\lrlnHto.exe
  2⤵
  PID:6668
- C:\Windows\System\khsTZAe.exe
  C:\Windows\System\khsTZAe.exe
  2⤵
  PID:6736
- C:\Windows\System\EQwilMK.exe
  C:\Windows\System\EQwilMK.exe
  2⤵
  PID:6808
- C:\Windows\System\hABWDyO.exe
  C:\Windows\System\hABWDyO.exe
  2⤵
  PID:6876
- C:\Windows\System\xnqKRtn.exe
  C:\Windows\System\xnqKRtn.exe
  2⤵
  PID:6932
- C:\Windows\System\SCGIkAe.exe
  C:\Windows\System\SCGIkAe.exe
  2⤵
  PID:6996
- C:\Windows\System\LcabqlT.exe
  C:\Windows\System\LcabqlT.exe
  2⤵
  PID:7072
- C:\Windows\System\Yzzvzfx.exe
  C:\Windows\System\Yzzvzfx.exe
  2⤵
  PID:7132
- C:\Windows\System\VpKWnQM.exe
  C:\Windows\System\VpKWnQM.exe
  2⤵
  PID:7164
- C:\Windows\System\fUntXWx.exe
  C:\Windows\System\fUntXWx.exe
  2⤵
  PID:6316
- C:\Windows\System\DoeKdmv.exe
  C:\Windows\System\DoeKdmv.exe
  2⤵
  PID:6572
- C:\Windows\System\LKrVBqy.exe
  C:\Windows\System\LKrVBqy.exe
  2⤵
  PID:6760
- C:\Windows\System\ZjXmryl.exe
  C:\Windows\System\ZjXmryl.exe
  2⤵
  PID:6908
- C:\Windows\System\VsNTDnJ.exe
  C:\Windows\System\VsNTDnJ.exe
  2⤵
  PID:7068
- C:\Windows\System\tIepLuH.exe
  C:\Windows\System\tIepLuH.exe
  2⤵
  PID:6192
- C:\Windows\System\dZxdxJE.exe
  C:\Windows\System\dZxdxJE.exe
  2⤵
  PID:6788
- C:\Windows\System\uhYbZzF.exe
  C:\Windows\System\uhYbZzF.exe
  2⤵
  PID:6960
- C:\Windows\System\GiFdkku.exe
  C:\Windows\System\GiFdkku.exe
  2⤵
  PID:6520
- C:\Windows\System\mNAQjLb.exe
  C:\Windows\System\mNAQjLb.exe
  2⤵
  PID:7128
- C:\Windows\System\cwayddb.exe
  C:\Windows\System\cwayddb.exe
  2⤵
  PID:7196
- C:\Windows\System\ycvsRRX.exe
  C:\Windows\System\ycvsRRX.exe
  2⤵
  PID:7228
- C:\Windows\System\oFvFYmE.exe
  C:\Windows\System\oFvFYmE.exe
  2⤵
  PID:7256
- C:\Windows\System\tvEUJLh.exe
  C:\Windows\System\tvEUJLh.exe
  2⤵
  PID:7284
- C:\Windows\System\noHkimz.exe
  C:\Windows\System\noHkimz.exe
  2⤵
  PID:7312
- C:\Windows\System\ZunjrTS.exe
  C:\Windows\System\ZunjrTS.exe
  2⤵
  PID:7340
- C:\Windows\System\FMfDUSb.exe
  C:\Windows\System\FMfDUSb.exe
  2⤵
  PID:7372
- C:\Windows\System\CxktVAa.exe
  C:\Windows\System\CxktVAa.exe
  2⤵
  PID:7396
- C:\Windows\System\jIrnBJy.exe
  C:\Windows\System\jIrnBJy.exe
  2⤵
  PID:7424
- C:\Windows\System\PsiDuQI.exe
  C:\Windows\System\PsiDuQI.exe
  2⤵
  PID:7452
- C:\Windows\System\NFyzLpj.exe
  C:\Windows\System\NFyzLpj.exe
  2⤵
  PID:7484
- C:\Windows\System\ZYFcliV.exe
  C:\Windows\System\ZYFcliV.exe
  2⤵
  PID:7508
- C:\Windows\System\FYAwafR.exe
  C:\Windows\System\FYAwafR.exe
  2⤵
  PID:7528
- C:\Windows\System\dxdmGEL.exe
  C:\Windows\System\dxdmGEL.exe
  2⤵
  PID:7556
- C:\Windows\System\RnoqcnA.exe
  C:\Windows\System\RnoqcnA.exe
  2⤵
  PID:7584
- C:\Windows\System\TAZeDOv.exe
  C:\Windows\System\TAZeDOv.exe
  2⤵
  PID:7620
- C:\Windows\System\TNGAQjN.exe
  C:\Windows\System\TNGAQjN.exe
  2⤵
  PID:7648
- C:\Windows\System\EJUwPnW.exe
  C:\Windows\System\EJUwPnW.exe
  2⤵
  PID:7692
- C:\Windows\System\ZBpOoHw.exe
  C:\Windows\System\ZBpOoHw.exe
  2⤵
  PID:7720
- C:\Windows\System\MwZoTiq.exe
  C:\Windows\System\MwZoTiq.exe
  2⤵
  PID:7748
- C:\Windows\System\MmIwfmc.exe
  C:\Windows\System\MmIwfmc.exe
  2⤵
  PID:7788
- C:\Windows\System\sdtTgta.exe
  C:\Windows\System\sdtTgta.exe
  2⤵
  PID:7820
- C:\Windows\System\fPqbOgf.exe
  C:\Windows\System\fPqbOgf.exe
  2⤵
  PID:7836
- C:\Windows\System\AbGZrzy.exe
  C:\Windows\System\AbGZrzy.exe
  2⤵
  PID:7852
- C:\Windows\System\VelthOu.exe
  C:\Windows\System\VelthOu.exe
  2⤵
  PID:7880
- C:\Windows\System\idRrLVx.exe
  C:\Windows\System\idRrLVx.exe
  2⤵
  PID:7920
- C:\Windows\System\ypSVOeh.exe
  C:\Windows\System\ypSVOeh.exe
  2⤵
  PID:7948
- C:\Windows\System\MmKKSjc.exe
  C:\Windows\System\MmKKSjc.exe
  2⤵
  PID:7976
- C:\Windows\System\qzlvkqg.exe
  C:\Windows\System\qzlvkqg.exe
  2⤵
  PID:8012
- C:\Windows\System\DRdIFrG.exe
  C:\Windows\System\DRdIFrG.exe
  2⤵
  PID:8040
- C:\Windows\System\ZcxVZGq.exe
  C:\Windows\System\ZcxVZGq.exe
  2⤵
  PID:8068
- C:\Windows\System\jFVZSsA.exe
  C:\Windows\System\jFVZSsA.exe
  2⤵
  PID:8096
- C:\Windows\System\OGUFFEX.exe
  C:\Windows\System\OGUFFEX.exe
  2⤵
  PID:8124
- C:\Windows\System\TkgTgnL.exe
  C:\Windows\System\TkgTgnL.exe
  2⤵
  PID:8152
- C:\Windows\System\kmKGEIw.exe
  C:\Windows\System\kmKGEIw.exe
  2⤵
  PID:8180
- C:\Windows\System\tAScAgl.exe
  C:\Windows\System\tAScAgl.exe
  2⤵
  PID:7204
- C:\Windows\System\AvVPmLs.exe
  C:\Windows\System\AvVPmLs.exe
  2⤵
  PID:7276
- C:\Windows\System\kYdcpsH.exe
  C:\Windows\System\kYdcpsH.exe
  2⤵
  PID:7328
- C:\Windows\System\hbDNBug.exe
  C:\Windows\System\hbDNBug.exe
  2⤵
  PID:7384
- C:\Windows\System\SYRqBel.exe
  C:\Windows\System\SYRqBel.exe
  2⤵
  PID:7460
- C:\Windows\System\sDanQGs.exe
  C:\Windows\System\sDanQGs.exe
  2⤵
  PID:7520
- C:\Windows\System\mJrMmgM.exe
  C:\Windows\System\mJrMmgM.exe
  2⤵
  PID:7576
- C:\Windows\System\rqjBGiD.exe
  C:\Windows\System\rqjBGiD.exe
  2⤵
  PID:1096
- C:\Windows\System\NknjTTp.exe
  C:\Windows\System\NknjTTp.exe
  2⤵
  PID:1596
- C:\Windows\System\bXLNNbh.exe
  C:\Windows\System\bXLNNbh.exe
  2⤵
  PID:5020
- C:\Windows\System\EqBXrcK.exe
  C:\Windows\System\EqBXrcK.exe
  2⤵
  PID:7700
- C:\Windows\System\iobtFfM.exe
  C:\Windows\System\iobtFfM.exe
  2⤵
  PID:7784
- C:\Windows\System\LalPpCn.exe
  C:\Windows\System\LalPpCn.exe
  2⤵
  PID:7848
- C:\Windows\System\hJyqPTA.exe
  C:\Windows\System\hJyqPTA.exe
  2⤵
  PID:7900
- C:\Windows\System\xBDRtYN.exe
  C:\Windows\System\xBDRtYN.exe
  2⤵
  PID:7988
- C:\Windows\System\FWDSmTU.exe
  C:\Windows\System\FWDSmTU.exe
  2⤵
  PID:8024
- C:\Windows\System\LcDzwTu.exe
  C:\Windows\System\LcDzwTu.exe
  2⤵
  PID:8088
- C:\Windows\System\DuYeFXT.exe
  C:\Windows\System\DuYeFXT.exe
  2⤵
  PID:8148
- C:\Windows\System\YMtPkxO.exe
  C:\Windows\System\YMtPkxO.exe
  2⤵
  PID:7216
- C:\Windows\System\DxmxJOV.exe
  C:\Windows\System\DxmxJOV.exe
  2⤵
  PID:7360
- C:\Windows\System\wHuZTEp.exe
  C:\Windows\System\wHuZTEp.exe
  2⤵
  PID:7496
- C:\Windows\System\TVuFgrY.exe
  C:\Windows\System\TVuFgrY.exe
  2⤵
  PID:7640
- C:\Windows\System\ZUEiHVs.exe
  C:\Windows\System\ZUEiHVs.exe
  2⤵
  PID:4492
- C:\Windows\System\jfeYwLJ.exe
  C:\Windows\System\jfeYwLJ.exe
  2⤵
  PID:7832
- C:\Windows\System\VpjdRxc.exe
  C:\Windows\System\VpjdRxc.exe
  2⤵
  PID:7968
- C:\Windows\System\UATRuqN.exe
  C:\Windows\System\UATRuqN.exe
  2⤵
  PID:8116
- C:\Windows\System\melDxlV.exe
  C:\Windows\System\melDxlV.exe
  2⤵
  PID:7324
- C:\Windows\System\rjJXneY.exe
  C:\Windows\System\rjJXneY.exe
  2⤵
  PID:7632
- C:\Windows\System\MKdHECQ.exe
  C:\Windows\System\MKdHECQ.exe
  2⤵
  PID:7960
- C:\Windows\System\SSSnNyb.exe
  C:\Windows\System\SSSnNyb.exe
  2⤵
  PID:7192
- C:\Windows\System\xAFBOVA.exe
  C:\Windows\System\xAFBOVA.exe
  2⤵
  PID:7816
- C:\Windows\System\XWmhlyn.exe
  C:\Windows\System\XWmhlyn.exe
  2⤵
  PID:7768
- C:\Windows\System\zUhvTvA.exe
  C:\Windows\System\zUhvTvA.exe
  2⤵
  PID:8208
- C:\Windows\System\npSSXbD.exe
  C:\Windows\System\npSSXbD.exe
  2⤵
  PID:8236
- C:\Windows\System\SrVbzSR.exe
  C:\Windows\System\SrVbzSR.exe
  2⤵
  PID:8264
- C:\Windows\System\DrLUKPr.exe
  C:\Windows\System\DrLUKPr.exe
  2⤵
  PID:8292
- C:\Windows\System\bIuexvh.exe
  C:\Windows\System\bIuexvh.exe
  2⤵
  PID:8320
- C:\Windows\System\sofywvz.exe
  C:\Windows\System\sofywvz.exe
  2⤵
  PID:8348
- C:\Windows\System\BNmluMA.exe
  C:\Windows\System\BNmluMA.exe
  2⤵
  PID:8376
- C:\Windows\System\WwMoBZW.exe
  C:\Windows\System\WwMoBZW.exe
  2⤵
  PID:8404
- C:\Windows\System\ZcfDUHu.exe
  C:\Windows\System\ZcfDUHu.exe
  2⤵
  PID:8432
- C:\Windows\System\fFuzEjU.exe
  C:\Windows\System\fFuzEjU.exe
  2⤵
  PID:8460
- C:\Windows\System\lPLAhLA.exe
  C:\Windows\System\lPLAhLA.exe
  2⤵
  PID:8488
- C:\Windows\System\vYMNeaA.exe
  C:\Windows\System\vYMNeaA.exe
  2⤵
  PID:8516
- C:\Windows\System\lmlUHWu.exe
  C:\Windows\System\lmlUHWu.exe
  2⤵
  PID:8544
- C:\Windows\System\fQoAuWR.exe
  C:\Windows\System\fQoAuWR.exe
  2⤵
  PID:8572
- C:\Windows\System\uUciqbY.exe
  C:\Windows\System\uUciqbY.exe
  2⤵
  PID:8600
- C:\Windows\System\qBwxwiO.exe
  C:\Windows\System\qBwxwiO.exe
  2⤵
  PID:8628
- C:\Windows\System\bYJXESx.exe
  C:\Windows\System\bYJXESx.exe
  2⤵
  PID:8656
- C:\Windows\System\TvlbZwD.exe
  C:\Windows\System\TvlbZwD.exe
  2⤵
  PID:8684
- C:\Windows\System\fWMMpME.exe
  C:\Windows\System\fWMMpME.exe
  2⤵
  PID:8712
- C:\Windows\System\KlcxrVs.exe
  C:\Windows\System\KlcxrVs.exe
  2⤵
  PID:8740
- C:\Windows\System\zRTCvGb.exe
  C:\Windows\System\zRTCvGb.exe
  2⤵
  PID:8768
- C:\Windows\System\btnUDMs.exe
  C:\Windows\System\btnUDMs.exe
  2⤵
  PID:8796
- C:\Windows\System\XozsMMK.exe
  C:\Windows\System\XozsMMK.exe
  2⤵
  PID:8824
- C:\Windows\System\vyoafwO.exe
  C:\Windows\System\vyoafwO.exe
  2⤵
  PID:8852
- C:\Windows\System\lesvQJH.exe
  C:\Windows\System\lesvQJH.exe
  2⤵
  PID:8880
- C:\Windows\System\LmdtUsX.exe
  C:\Windows\System\LmdtUsX.exe
  2⤵
  PID:8908
- C:\Windows\System\ZBsKkFd.exe
  C:\Windows\System\ZBsKkFd.exe
  2⤵
  PID:8948
- C:\Windows\System\jsKfxLK.exe
  C:\Windows\System\jsKfxLK.exe
  2⤵
  PID:8964
- C:\Windows\System\xrTTAdC.exe
  C:\Windows\System\xrTTAdC.exe
  2⤵
  PID:8992
- C:\Windows\System\wWtnbBW.exe
  C:\Windows\System\wWtnbBW.exe
  2⤵
  PID:9020
- C:\Windows\System\kwdcQAM.exe
  C:\Windows\System\kwdcQAM.exe
  2⤵
  PID:9048
- C:\Windows\System\cbTgLlK.exe
  C:\Windows\System\cbTgLlK.exe
  2⤵
  PID:9076
- C:\Windows\System\dmaJBWH.exe
  C:\Windows\System\dmaJBWH.exe
  2⤵
  PID:9104
- C:\Windows\System\MagJEzM.exe
  C:\Windows\System\MagJEzM.exe
  2⤵
  PID:9132
- C:\Windows\System\sKToiFz.exe
  C:\Windows\System\sKToiFz.exe
  2⤵
  PID:9160
- C:\Windows\System\OWmFDRr.exe
  C:\Windows\System\OWmFDRr.exe
  2⤵
  PID:9188
- C:\Windows\System\VfNaAqq.exe
  C:\Windows\System\VfNaAqq.exe
  2⤵
  PID:4444
- C:\Windows\System\EzxkDWV.exe
  C:\Windows\System\EzxkDWV.exe
  2⤵
  PID:8248
- C:\Windows\System\kQwOIce.exe
  C:\Windows\System\kQwOIce.exe
  2⤵
  PID:8360
- C:\Windows\System\rCGPMAc.exe
  C:\Windows\System\rCGPMAc.exe
  2⤵
  PID:8452
- C:\Windows\System\lqqzDfw.exe
  C:\Windows\System\lqqzDfw.exe
  2⤵
  PID:8512
- C:\Windows\System\hIzKJnX.exe
  C:\Windows\System\hIzKJnX.exe
  2⤵
  PID:8584
- C:\Windows\System\WXKuovq.exe
  C:\Windows\System\WXKuovq.exe
  2⤵
  PID:8696
- C:\Windows\System\JzHttci.exe
  C:\Windows\System\JzHttci.exe
  2⤵
  PID:8764
- C:\Windows\System\hqxoahH.exe
  C:\Windows\System\hqxoahH.exe
  2⤵
  PID:8820
- C:\Windows\System\mXVnzKj.exe
  C:\Windows\System\mXVnzKj.exe
  2⤵
  PID:8876
- C:\Windows\System\iUKKFMD.exe
  C:\Windows\System\iUKKFMD.exe
  2⤵
  PID:1900
- C:\Windows\System\zSFTKbh.exe
  C:\Windows\System\zSFTKbh.exe
  2⤵
  PID:9004
- C:\Windows\System\cUigYpO.exe
  C:\Windows\System\cUigYpO.exe
  2⤵
  PID:9068
- C:\Windows\System\GQRVsmT.exe
  C:\Windows\System\GQRVsmT.exe
  2⤵
  PID:9144
- C:\Windows\System\viUMaLt.exe
  C:\Windows\System\viUMaLt.exe
  2⤵
  PID:1360
- C:\Windows\System\YfoNGMi.exe
  C:\Windows\System\YfoNGMi.exe
  2⤵
  PID:1636
- C:\Windows\System\gYyhBPR.exe
  C:\Windows\System\gYyhBPR.exe
  2⤵
  PID:8344
- C:\Windows\System\AIXrGSm.exe
  C:\Windows\System\AIXrGSm.exe
  2⤵
  PID:8564
- C:\Windows\System\rmbgSbT.exe
  C:\Windows\System\rmbgSbT.exe
  2⤵
  PID:8760
- C:\Windows\System\kZgllnz.exe
  C:\Windows\System\kZgllnz.exe
  2⤵
  PID:8904
- C:\Windows\System\SPeDZat.exe
  C:\Windows\System\SPeDZat.exe
  2⤵
  PID:9044
- C:\Windows\System\nCqAlwP.exe
  C:\Windows\System\nCqAlwP.exe
  2⤵
  PID:9124
- C:\Windows\System\aSKPXvX.exe
  C:\Windows\System\aSKPXvX.exe
  2⤵
  PID:8284
- C:\Windows\System\KhzOleb.exe
  C:\Windows\System\KhzOleb.exe
  2⤵
  PID:1020
- C:\Windows\System\FWvVTZX.exe
  C:\Windows\System\FWvVTZX.exe
  2⤵
  PID:4488
- C:\Windows\System\UPlZFun.exe
  C:\Windows\System\UPlZFun.exe
  2⤵
  PID:9200
- C:\Windows\System\UAVAyoZ.exe
  C:\Windows\System\UAVAyoZ.exe
  2⤵
  PID:8816
- C:\Windows\System\MWqEarU.exe
  C:\Windows\System\MWqEarU.exe
  2⤵
  PID:8752
- C:\Windows\System\yqxOpLT.exe
  C:\Windows\System\yqxOpLT.exe
  2⤵
  PID:2964
- C:\Windows\System\KBOwOho.exe
  C:\Windows\System\KBOwOho.exe
  2⤵
  PID:9236
- C:\Windows\System\tOnDDaq.exe
  C:\Windows\System\tOnDDaq.exe
  2⤵
  PID:9268
- C:\Windows\System\reVQIrO.exe
  C:\Windows\System\reVQIrO.exe
  2⤵
  PID:9300
- C:\Windows\System\DTDsOXW.exe
  C:\Windows\System\DTDsOXW.exe
  2⤵
  PID:9328
- C:\Windows\System\LtFSHQI.exe
  C:\Windows\System\LtFSHQI.exe
  2⤵
  PID:9356
- C:\Windows\System\wLFMcrF.exe
  C:\Windows\System\wLFMcrF.exe
  2⤵
  PID:9384
- C:\Windows\System\imzGEes.exe
  C:\Windows\System\imzGEes.exe
  2⤵
  PID:9412
- C:\Windows\System\SoUAuLj.exe
  C:\Windows\System\SoUAuLj.exe
  2⤵
  PID:9440
- C:\Windows\System\PSlWLUx.exe
  C:\Windows\System\PSlWLUx.exe
  2⤵
  PID:9468
- C:\Windows\System\ZHyWYSr.exe
  C:\Windows\System\ZHyWYSr.exe
  2⤵
  PID:9492
- C:\Windows\System\bqZNzrM.exe
  C:\Windows\System\bqZNzrM.exe
  2⤵
  PID:9524
- C:\Windows\System\zACtFny.exe
  C:\Windows\System\zACtFny.exe
  2⤵
  PID:9552
- C:\Windows\System\VQwSjBC.exe
  C:\Windows\System\VQwSjBC.exe
  2⤵
  PID:9568
- C:\Windows\System\uLSJVle.exe
  C:\Windows\System\uLSJVle.exe
  2⤵
  PID:9608
- C:\Windows\System\VsgpeGh.exe
  C:\Windows\System\VsgpeGh.exe
  2⤵
  PID:9636
- C:\Windows\System\ypfbEFN.exe
  C:\Windows\System\ypfbEFN.exe
  2⤵
  PID:9664
- C:\Windows\System\ZKmJxKw.exe
  C:\Windows\System\ZKmJxKw.exe
  2⤵
  PID:9692
- C:\Windows\System\iNUJDQl.exe
  C:\Windows\System\iNUJDQl.exe
  2⤵
  PID:9720
- C:\Windows\System\uzJlkJA.exe
  C:\Windows\System\uzJlkJA.exe
  2⤵
  PID:9748
- C:\Windows\System\AiVkEpu.exe
  C:\Windows\System\AiVkEpu.exe
  2⤵
  PID:9780
- C:\Windows\System\iQXQJMq.exe
  C:\Windows\System\iQXQJMq.exe
  2⤵
  PID:9808
- C:\Windows\System\twbfkpL.exe
  C:\Windows\System\twbfkpL.exe
  2⤵
  PID:9836
- C:\Windows\System\otyWKrd.exe
  C:\Windows\System\otyWKrd.exe
  2⤵
  PID:9868
- C:\Windows\System\DWoNaBO.exe
  C:\Windows\System\DWoNaBO.exe
  2⤵
  PID:9908
- C:\Windows\System\bDNFlWx.exe
  C:\Windows\System\bDNFlWx.exe
  2⤵
  PID:9924
- C:\Windows\System\vkXrUDX.exe
  C:\Windows\System\vkXrUDX.exe
  2⤵
  PID:9940
- C:\Windows\System\eYZQxTS.exe
  C:\Windows\System\eYZQxTS.exe
  2⤵
  PID:9980
- C:\Windows\System\dgAZLay.exe
  C:\Windows\System\dgAZLay.exe
  2⤵
  PID:10008
- C:\Windows\System\DixeAAM.exe
  C:\Windows\System\DixeAAM.exe
  2⤵
  PID:10068
- C:\Windows\System\uJYdwgR.exe
  C:\Windows\System\uJYdwgR.exe
  2⤵
  PID:10096
- C:\Windows\System\LyNFHmy.exe
  C:\Windows\System\LyNFHmy.exe
  2⤵
  PID:10132
- C:\Windows\System\DcZzauW.exe
  C:\Windows\System\DcZzauW.exe
  2⤵
  PID:10160
- C:\Windows\System\ejIbTTD.exe
  C:\Windows\System\ejIbTTD.exe
  2⤵
  PID:10188
- C:\Windows\System\HztwDnF.exe
  C:\Windows\System\HztwDnF.exe
  2⤵
  PID:10216
- C:\Windows\System\kejTpmr.exe
  C:\Windows\System\kejTpmr.exe
  2⤵
  PID:9228
- C:\Windows\System\CQVFvym.exe
  C:\Windows\System\CQVFvym.exe
  2⤵
  PID:9296
- C:\Windows\System\mcWHNUj.exe
  C:\Windows\System\mcWHNUj.exe
  2⤵
  PID:9348
- C:\Windows\System\rpcXgdV.exe
  C:\Windows\System\rpcXgdV.exe
  2⤵
  PID:4276
- C:\Windows\System\jJwRIDb.exe
  C:\Windows\System\jJwRIDb.exe
  2⤵
  PID:9460
- C:\Windows\System\SAglLLP.exe
  C:\Windows\System\SAglLLP.exe
  2⤵
  PID:9508
- C:\Windows\System\vQXrzkf.exe
  C:\Windows\System\vQXrzkf.exe
  2⤵
  PID:9564
- C:\Windows\System\XrDGOaM.exe
  C:\Windows\System\XrDGOaM.exe
  2⤵
  PID:9628
- C:\Windows\System\SkGeoBY.exe
  C:\Windows\System\SkGeoBY.exe
  2⤵
  PID:9676
- C:\Windows\System\LAuVoZw.exe
  C:\Windows\System\LAuVoZw.exe
  2⤵
  PID:9744
- C:\Windows\System\ktNStHp.exe
  C:\Windows\System\ktNStHp.exe
  2⤵
  PID:9776
- C:\Windows\System\lAoIbYd.exe
  C:\Windows\System\lAoIbYd.exe
  2⤵
  PID:9848
- C:\Windows\System\ckCRqfz.exe
  C:\Windows\System\ckCRqfz.exe
  2⤵
  PID:9892
- C:\Windows\System\dpLDDZC.exe
  C:\Windows\System\dpLDDZC.exe
  2⤵
  PID:5092
- C:\Windows\System\fhWnlHC.exe
  C:\Windows\System\fhWnlHC.exe
  2⤵
  PID:10004
- C:\Windows\System\JzjtoVf.exe
  C:\Windows\System\JzjtoVf.exe
  2⤵
  PID:10108
- C:\Windows\System\eyzUnlq.exe
  C:\Windows\System\eyzUnlq.exe
  2⤵
  PID:9768
- C:\Windows\System\wURUljb.exe
  C:\Windows\System\wURUljb.exe
  2⤵
  PID:8312
- C:\Windows\System\ilnbnzQ.exe
  C:\Windows\System\ilnbnzQ.exe
  2⤵
  PID:10200
- C:\Windows\System\BgwgYgO.exe
  C:\Windows\System\BgwgYgO.exe
  2⤵
  PID:9256
- C:\Windows\System\YattYoL.exe
  C:\Windows\System\YattYoL.exe
  2⤵
  PID:9396
- C:\Windows\System\dCXphCS.exe
  C:\Windows\System\dCXphCS.exe
  2⤵
  PID:9480
- C:\Windows\System\MSUiAGE.exe
  C:\Windows\System\MSUiAGE.exe
  2⤵
  PID:1832
- C:\Windows\System\Acraplg.exe
  C:\Windows\System\Acraplg.exe
  2⤵
  PID:5060
- C:\Windows\System\NsvzFKh.exe
  C:\Windows\System\NsvzFKh.exe
  2⤵
  PID:9880
- C:\Windows\System\JcEuqxx.exe
  C:\Windows\System\JcEuqxx.exe
  2⤵
  PID:9992
- C:\Windows\System\UKtOjck.exe
  C:\Windows\System\UKtOjck.exe
  2⤵
  PID:10124
- C:\Windows\System\tRLodFz.exe
  C:\Windows\System\tRLodFz.exe
  2⤵
  PID:10208
- C:\Windows\System\dpBnBhf.exe
  C:\Windows\System\dpBnBhf.exe
  2⤵
  PID:9488
- C:\Windows\System\yMHstFO.exe
  C:\Windows\System\yMHstFO.exe
  2⤵
  PID:9732
- C:\Windows\System\wXKxZAA.exe
  C:\Windows\System\wXKxZAA.exe
  2⤵
  PID:10088
- C:\Windows\System\UhhmpiR.exe
  C:\Windows\System\UhhmpiR.exe
  2⤵
  PID:9376
- C:\Windows\System\vJhotyK.exe
  C:\Windows\System\vJhotyK.exe
  2⤵
  PID:4924
- C:\Windows\System\GDhpwno.exe
  C:\Windows\System\GDhpwno.exe
  2⤵
  PID:9284
- C:\Windows\System\EOMQJzN.exe
  C:\Windows\System\EOMQJzN.exe
  2⤵
  PID:10260
- C:\Windows\System\QqphuUK.exe
  C:\Windows\System\QqphuUK.exe
  2⤵
  PID:10276
- C:\Windows\System\FCCDYDw.exe
  C:\Windows\System\FCCDYDw.exe
  2⤵
  PID:10316
- C:\Windows\System\MInyHGk.exe
  C:\Windows\System\MInyHGk.exe
  2⤵
  PID:10344
- C:\Windows\System\zVjFTFZ.exe
  C:\Windows\System\zVjFTFZ.exe
  2⤵
  PID:10372
- C:\Windows\System\vitXVCY.exe
  C:\Windows\System\vitXVCY.exe
  2⤵
  PID:10400
- C:\Windows\System\EhhEkXF.exe
  C:\Windows\System\EhhEkXF.exe
  2⤵
  PID:10444
- C:\Windows\System\MUGlAhp.exe
  C:\Windows\System\MUGlAhp.exe
  2⤵
  PID:10468
- C:\Windows\System\kVaKTya.exe
  C:\Windows\System\kVaKTya.exe
  2⤵
  PID:10488
- C:\Windows\System\DHjKXWA.exe
  C:\Windows\System\DHjKXWA.exe
  2⤵
  PID:10516
- C:\Windows\System\QlTrlar.exe
  C:\Windows\System\QlTrlar.exe
  2⤵
  PID:10544
- C:\Windows\System\KyfFTWx.exe
  C:\Windows\System\KyfFTWx.exe
  2⤵
  PID:10572
- C:\Windows\System\KQnbyNo.exe
  C:\Windows\System\KQnbyNo.exe
  2⤵
  PID:10600
- C:\Windows\System\LzjtutX.exe
  C:\Windows\System\LzjtutX.exe
  2⤵
  PID:10628
- C:\Windows\System\COXWHHh.exe
  C:\Windows\System\COXWHHh.exe
  2⤵
  PID:10656
- C:\Windows\System\BufYflQ.exe
  C:\Windows\System\BufYflQ.exe
  2⤵
  PID:10684
- C:\Windows\System\eJKmKzs.exe
  C:\Windows\System\eJKmKzs.exe
  2⤵
  PID:10712
- C:\Windows\System\wtpzYJY.exe
  C:\Windows\System\wtpzYJY.exe
  2⤵
  PID:10736
- C:\Windows\System\wLbuJHG.exe
  C:\Windows\System\wLbuJHG.exe
  2⤵
  PID:10768
- C:\Windows\System\ijrZEcZ.exe
  C:\Windows\System\ijrZEcZ.exe
  2⤵
  PID:10796
- C:\Windows\System\CbKSfgd.exe
  C:\Windows\System\CbKSfgd.exe
  2⤵
  PID:10824
- C:\Windows\System\beiQymH.exe
  C:\Windows\System\beiQymH.exe
  2⤵
  PID:10852
- C:\Windows\System\WkKpLWv.exe
  C:\Windows\System\WkKpLWv.exe
  2⤵
  PID:10880
- C:\Windows\System\NgSKXUw.exe
  C:\Windows\System\NgSKXUw.exe
  2⤵
  PID:10900
- C:\Windows\System\bXCorez.exe
  C:\Windows\System\bXCorez.exe
  2⤵
  PID:10936
- C:\Windows\System\taRIWiG.exe
  C:\Windows\System\taRIWiG.exe
  2⤵
  PID:10964
- C:\Windows\System\WkuiEMw.exe
  C:\Windows\System\WkuiEMw.exe
  2⤵
  PID:10992
- C:\Windows\System\VWOcKJx.exe
  C:\Windows\System\VWOcKJx.exe
  2⤵
  PID:11020
- C:\Windows\System\kfRMsEw.exe
  C:\Windows\System\kfRMsEw.exe
  2⤵
  PID:11048
- C:\Windows\System\ZLEPWml.exe
  C:\Windows\System\ZLEPWml.exe
  2⤵
  PID:11072
- C:\Windows\System\buybFOW.exe
  C:\Windows\System\buybFOW.exe
  2⤵
  PID:11104
- C:\Windows\System\nwtLsnY.exe
  C:\Windows\System\nwtLsnY.exe
  2⤵
  PID:11132
- C:\Windows\System\wuZIDtw.exe
  C:\Windows\System\wuZIDtw.exe
  2⤵
  PID:11160
- C:\Windows\System\weVgjqE.exe
  C:\Windows\System\weVgjqE.exe
  2⤵
  PID:11188
- C:\Windows\System\tGXFdeP.exe
  C:\Windows\System\tGXFdeP.exe
  2⤵
  PID:11216
- C:\Windows\System\tPsYyQO.exe
  C:\Windows\System\tPsYyQO.exe
  2⤵
  PID:11244
- C:\Windows\System\gaMfNel.exe
  C:\Windows\System\gaMfNel.exe
  2⤵
  PID:10256
- C:\Windows\System\LRFBuuk.exe
  C:\Windows\System\LRFBuuk.exe
  2⤵
  PID:10328
- C:\Windows\System\ntDpaoK.exe
  C:\Windows\System\ntDpaoK.exe
  2⤵
  PID:3240
- C:\Windows\System\TWfNcFo.exe
  C:\Windows\System\TWfNcFo.exe
  2⤵
  PID:4252
- C:\Windows\System\EIIjTMQ.exe
  C:\Windows\System\EIIjTMQ.exe
  2⤵
  PID:10484
- C:\Windows\System\IwjfAmr.exe
  C:\Windows\System\IwjfAmr.exe
  2⤵
  PID:10556
- C:\Windows\System\NYQBzIQ.exe
  C:\Windows\System\NYQBzIQ.exe
  2⤵
  PID:10620
- C:\Windows\System\knvQWIq.exe
  C:\Windows\System\knvQWIq.exe
  2⤵
  PID:10680
- C:\Windows\System\UVnhaUq.exe
  C:\Windows\System\UVnhaUq.exe
  2⤵
  PID:10752
- C:\Windows\System\zyfNMcm.exe
  C:\Windows\System\zyfNMcm.exe
  2⤵
  PID:10816
- C:\Windows\System\WxRAuVr.exe
  C:\Windows\System\WxRAuVr.exe
  2⤵
  PID:10876
- C:\Windows\System\uDBqKHk.exe
  C:\Windows\System\uDBqKHk.exe
  2⤵
  PID:10948
- C:\Windows\System\YtEEUkr.exe
  C:\Windows\System\YtEEUkr.exe
  2⤵
  PID:11012
- C:\Windows\System\dfjJVbh.exe
  C:\Windows\System\dfjJVbh.exe
  2⤵
  PID:11080
- C:\Windows\System\wRDJQWZ.exe
  C:\Windows\System\wRDJQWZ.exe
  2⤵
  PID:11144
- C:\Windows\System\NdvurMH.exe
  C:\Windows\System\NdvurMH.exe
  2⤵
  PID:11204
- C:\Windows\System\lNmIZBL.exe
  C:\Windows\System\lNmIZBL.exe
  2⤵
  PID:10252
- C:\Windows\System\atAVVZn.exe
  C:\Windows\System\atAVVZn.exe
  2⤵
  PID:10396
- C:\Windows\System\WPuexHD.exe
  C:\Windows\System\WPuexHD.exe
  2⤵
  PID:10536
- C:\Windows\System\UxKUbBM.exe
  C:\Windows\System\UxKUbBM.exe
  2⤵
  PID:10676
- C:\Windows\System\JBsAdFA.exe
  C:\Windows\System\JBsAdFA.exe
  2⤵
  PID:10844
- C:\Windows\System\azzCbAw.exe
  C:\Windows\System\azzCbAw.exe
  2⤵
  PID:10988
- C:\Windows\System\dehBlTB.exe
  C:\Windows\System\dehBlTB.exe
  2⤵
  PID:11124
- C:\Windows\System\YXqfUBh.exe
  C:\Windows\System\YXqfUBh.exe
  2⤵
  PID:10308
- C:\Windows\System\SxfmiDe.exe
  C:\Windows\System\SxfmiDe.exe
  2⤵
  PID:10668
- C:\Windows\System\WxMFlrC.exe
  C:\Windows\System\WxMFlrC.exe
  2⤵
  PID:10976
- C:\Windows\System\dinnhrZ.exe
  C:\Windows\System\dinnhrZ.exe
  2⤵
  PID:10932
- C:\Windows\System\RLbBnlh.exe
  C:\Windows\System\RLbBnlh.exe
  2⤵
  PID:10792
- C:\Windows\System\xQLvaJP.exe
  C:\Windows\System\xQLvaJP.exe
  2⤵
  PID:11272
- C:\Windows\System\xdwYPYX.exe
  C:\Windows\System\xdwYPYX.exe
  2⤵
  PID:11300
- C:\Windows\System\rhxkpRa.exe
  C:\Windows\System\rhxkpRa.exe
  2⤵
  PID:11328
- C:\Windows\System\ztEewvx.exe
  C:\Windows\System\ztEewvx.exe
  2⤵
  PID:11356
- C:\Windows\System\hHpvMnC.exe
  C:\Windows\System\hHpvMnC.exe
  2⤵
  PID:11384
- C:\Windows\System\hIZQXqX.exe
  C:\Windows\System\hIZQXqX.exe
  2⤵
  PID:11412
- C:\Windows\System\KobAIJt.exe
  C:\Windows\System\KobAIJt.exe
  2⤵
  PID:11440
- C:\Windows\System\YCPxcMG.exe
  C:\Windows\System\YCPxcMG.exe
  2⤵
  PID:11468
- C:\Windows\System\IGSUmRX.exe
  C:\Windows\System\IGSUmRX.exe
  2⤵
  PID:11496
- C:\Windows\System\NkZoMRi.exe
  C:\Windows\System\NkZoMRi.exe
  2⤵
  PID:11524
- C:\Windows\System\etniNwP.exe
  C:\Windows\System\etniNwP.exe
  2⤵
  PID:11552
- C:\Windows\System\MESwxTt.exe
  C:\Windows\System\MESwxTt.exe
  2⤵
  PID:11580
- C:\Windows\System\qJxxwgx.exe
  C:\Windows\System\qJxxwgx.exe
  2⤵
  PID:11608
- C:\Windows\System\gDqNrGM.exe
  C:\Windows\System\gDqNrGM.exe
  2⤵
  PID:11636
- C:\Windows\System\EmYNKYJ.exe
  C:\Windows\System\EmYNKYJ.exe
  2⤵
  PID:11664
- C:\Windows\System\mEphKpj.exe
  C:\Windows\System\mEphKpj.exe
  2⤵
  PID:11692
- C:\Windows\System\cuSOGpX.exe
  C:\Windows\System\cuSOGpX.exe
  2⤵
  PID:11720
- C:\Windows\System\ojBZTbx.exe
  C:\Windows\System\ojBZTbx.exe
  2⤵
  PID:11748
- C:\Windows\System\rTFaaDV.exe
  C:\Windows\System\rTFaaDV.exe
  2⤵
  PID:11776
- C:\Windows\System\CQHKsuc.exe
  C:\Windows\System\CQHKsuc.exe
  2⤵
  PID:11804
- C:\Windows\System\BpKujff.exe
  C:\Windows\System\BpKujff.exe
  2⤵
  PID:11832
- C:\Windows\System\mWFZUFo.exe
  C:\Windows\System\mWFZUFo.exe
  2⤵
  PID:11860
- C:\Windows\System\QaKxNDz.exe
  C:\Windows\System\QaKxNDz.exe
  2⤵
  PID:11888
- C:\Windows\System\sCMzVnE.exe
  C:\Windows\System\sCMzVnE.exe
  2⤵
  PID:11916
- C:\Windows\System\ZQOqTSF.exe
  C:\Windows\System\ZQOqTSF.exe
  2⤵
  PID:11944
- C:\Windows\System\JMsRoHo.exe
  C:\Windows\System\JMsRoHo.exe
  2⤵
  PID:11972
- C:\Windows\System\EVEKSeh.exe
  C:\Windows\System\EVEKSeh.exe
  2⤵
  PID:12000
- C:\Windows\System\JeNyUns.exe
  C:\Windows\System\JeNyUns.exe
  2⤵
  PID:12028
- C:\Windows\System\tpBkVZL.exe
  C:\Windows\System\tpBkVZL.exe
  2⤵
  PID:12056
- C:\Windows\System\LNyiqqM.exe
  C:\Windows\System\LNyiqqM.exe
  2⤵
  PID:12084
- C:\Windows\System\geoUZdO.exe
  C:\Windows\System\geoUZdO.exe
  2⤵
  PID:12112
- C:\Windows\System\LztiBlA.exe
  C:\Windows\System\LztiBlA.exe
  2⤵
  PID:12140
- C:\Windows\System\AMCyoYB.exe
  C:\Windows\System\AMCyoYB.exe
  2⤵
  PID:12168
- C:\Windows\System\mLJQSxb.exe
  C:\Windows\System\mLJQSxb.exe
  2⤵
  PID:12196
- C:\Windows\System\vbOGKfe.exe
  C:\Windows\System\vbOGKfe.exe
  2⤵
  PID:12224
- C:\Windows\System\FPyFslJ.exe
  C:\Windows\System\FPyFslJ.exe
  2⤵
  PID:12252
- C:\Windows\System\FDUXZYu.exe
  C:\Windows\System\FDUXZYu.exe
  2⤵
  PID:12280
- C:\Windows\System\uuCHKnm.exe
  C:\Windows\System\uuCHKnm.exe
  2⤵
  PID:11312
- C:\Windows\System\uSSioSp.exe
  C:\Windows\System\uSSioSp.exe
  2⤵
  PID:11376
- C:\Windows\System\jtrVUuO.exe
  C:\Windows\System\jtrVUuO.exe
  2⤵
  PID:11436
- C:\Windows\System\VTiRArb.exe
  C:\Windows\System\VTiRArb.exe
  2⤵
  PID:11492
- C:\Windows\System\NBFptHR.exe
  C:\Windows\System\NBFptHR.exe
  2⤵
  PID:11548
- C:\Windows\System\wMNBCFz.exe
  C:\Windows\System\wMNBCFz.exe
  2⤵
  PID:11604
- C:\Windows\System\IdYebGq.exe
  C:\Windows\System\IdYebGq.exe
  2⤵
  PID:11676
- C:\Windows\System\EjQzRFd.exe
  C:\Windows\System\EjQzRFd.exe
  2⤵
  PID:11740
- C:\Windows\System\LLyldPg.exe
  C:\Windows\System\LLyldPg.exe
  2⤵
  PID:11796
- C:\Windows\System\WFRekfc.exe
  C:\Windows\System\WFRekfc.exe
  2⤵
  PID:2320
- C:\Windows\System\ktWIIoS.exe
  C:\Windows\System\ktWIIoS.exe
  2⤵
  PID:11908
- C:\Windows\System\hGQyzPN.exe
  C:\Windows\System\hGQyzPN.exe
  2⤵
  PID:11968
- C:\Windows\System\mzcAdlM.exe
  C:\Windows\System\mzcAdlM.exe
  2⤵
  PID:12020
- C:\Windows\System\enlAhAO.exe
  C:\Windows\System\enlAhAO.exe
  2⤵
  PID:12080
- C:\Windows\System\qIEglRY.exe
  C:\Windows\System\qIEglRY.exe
  2⤵
  PID:12152
- C:\Windows\System\NLFmTwQ.exe
  C:\Windows\System\NLFmTwQ.exe
  2⤵
  PID:12216
- C:\Windows\System\fpmYmsk.exe
  C:\Windows\System\fpmYmsk.exe
  2⤵
  PID:12276
- C:\Windows\System\gKWWgAO.exe
  C:\Windows\System\gKWWgAO.exe
  2⤵
  PID:11404
- C:\Windows\System\XsINheB.exe
  C:\Windows\System\XsINheB.exe
  2⤵
  PID:11536
- C:\Windows\System\LkUPVIF.exe
  C:\Windows\System\LkUPVIF.exe
  2⤵
  PID:11656
- C:\Windows\System\xVBipvt.exe
  C:\Windows\System\xVBipvt.exe
  2⤵
  PID:11824
- C:\Windows\System\pGEIWFw.exe
  C:\Windows\System\pGEIWFw.exe
  2⤵
  PID:11956
- C:\Windows\System\eGUgjws.exe
  C:\Windows\System\eGUgjws.exe
  2⤵
  PID:12136
- C:\Windows\System\LIbbwfG.exe
  C:\Windows\System\LIbbwfG.exe
  2⤵
  PID:12272
- C:\Windows\System\vhyodtu.exe
  C:\Windows\System\vhyodtu.exe
  2⤵
  PID:2784
- C:\Windows\System\AnEzMTZ.exe
  C:\Windows\System\AnEzMTZ.exe
  2⤵
  PID:11788
- C:\Windows\System\qFxhjLw.exe
  C:\Windows\System\qFxhjLw.exe
  2⤵
  PID:12068
- C:\Windows\System\DajkfCw.exe
  C:\Windows\System\DajkfCw.exe
  2⤵
  PID:11900
- C:\Windows\System\DNRUjCc.exe
  C:\Windows\System\DNRUjCc.exe
  2⤵
  PID:11660
- C:\Windows\System\tbMcsHe.exe
  C:\Windows\System\tbMcsHe.exe
  2⤵
  PID:12304
- C:\Windows\System\XbScHeK.exe
  C:\Windows\System\XbScHeK.exe
  2⤵
  PID:12332
- C:\Windows\System\PXENfGu.exe
  C:\Windows\System\PXENfGu.exe
  2⤵
  PID:12360
- C:\Windows\System\pYwIOLQ.exe
  C:\Windows\System\pYwIOLQ.exe
  2⤵
  PID:12388
- C:\Windows\System\SknBGSS.exe
  C:\Windows\System\SknBGSS.exe
  2⤵
  PID:12416
- C:\Windows\System\XLMJhbN.exe
  C:\Windows\System\XLMJhbN.exe
  2⤵
  PID:12444
- C:\Windows\System\pYsXVkn.exe
  C:\Windows\System\pYsXVkn.exe
  2⤵
  PID:12472
- C:\Windows\System\UROIEvV.exe
  C:\Windows\System\UROIEvV.exe
  2⤵
  PID:12500
- C:\Windows\System\TQzkKhp.exe
  C:\Windows\System\TQzkKhp.exe
  2⤵
  PID:12528
- C:\Windows\System\ajSBqJp.exe
  C:\Windows\System\ajSBqJp.exe
  2⤵
  PID:12556
- C:\Windows\System\CRCvvAt.exe
  C:\Windows\System\CRCvvAt.exe
  2⤵
  PID:12584
- C:\Windows\System\kWGtwkD.exe
  C:\Windows\System\kWGtwkD.exe
  2⤵
  PID:12612
- C:\Windows\System\oqbOsIu.exe
  C:\Windows\System\oqbOsIu.exe
  2⤵
  PID:12640
- C:\Windows\System\lFTliiw.exe
  C:\Windows\System\lFTliiw.exe
  2⤵
  PID:12668
- C:\Windows\System\CbFUFJV.exe
  C:\Windows\System\CbFUFJV.exe
  2⤵
  PID:12696
- C:\Windows\System\KJcssYC.exe
  C:\Windows\System\KJcssYC.exe
  2⤵
  PID:12724
- C:\Windows\System\VqrtzDn.exe
  C:\Windows\System\VqrtzDn.exe
  2⤵
  PID:12752
- C:\Windows\System\QaGdTOs.exe
  C:\Windows\System\QaGdTOs.exe
  2⤵
  PID:12780
- C:\Windows\System\aiXFnjH.exe
  C:\Windows\System\aiXFnjH.exe
  2⤵
  PID:12808
- C:\Windows\System\dZtWvKk.exe
  C:\Windows\System\dZtWvKk.exe
  2⤵
  PID:12836
- C:\Windows\System\OgTyhCU.exe
  C:\Windows\System\OgTyhCU.exe
  2⤵
  PID:12868
- C:\Windows\System\ejiIbSP.exe
  C:\Windows\System\ejiIbSP.exe
  2⤵
  PID:12912
- C:\Windows\System\bebnhdY.exe
  C:\Windows\System\bebnhdY.exe
  2⤵
  PID:12932
- C:\Windows\System\CWigtrh.exe
  C:\Windows\System\CWigtrh.exe
  2⤵
  PID:12960
- C:\Windows\System\cAueutX.exe
  C:\Windows\System\cAueutX.exe
  2⤵
  PID:12988
- C:\Windows\System\WteVesv.exe
  C:\Windows\System\WteVesv.exe
  2⤵
  PID:13016
- C:\Windows\System\RyRtLPY.exe
  C:\Windows\System\RyRtLPY.exe
  2⤵
  PID:13044
- C:\Windows\System\sBhIqCI.exe
  C:\Windows\System\sBhIqCI.exe
  2⤵
  PID:13072
- C:\Windows\System\VUrDESm.exe
  C:\Windows\System\VUrDESm.exe
  2⤵
  PID:13100
- C:\Windows\System\edBYEfC.exe
  C:\Windows\System\edBYEfC.exe
  2⤵
  PID:13132
- C:\Windows\System\VPdyQCD.exe
  C:\Windows\System\VPdyQCD.exe
  2⤵
  PID:13164
- C:\Windows\System\gWrFDfu.exe
  C:\Windows\System\gWrFDfu.exe
  2⤵
  PID:13192
- C:\Windows\System\QJBOZXD.exe
  C:\Windows\System\QJBOZXD.exe
  2⤵
  PID:13220
- C:\Windows\System\tfqPlAV.exe
  C:\Windows\System\tfqPlAV.exe
  2⤵
  PID:13248
- C:\Windows\System\MPJrarh.exe
  C:\Windows\System\MPJrarh.exe
  2⤵
  PID:13276
- C:\Windows\System\AeHOcQK.exe
  C:\Windows\System\AeHOcQK.exe
  2⤵
  PID:13304
- C:\Windows\System\SMrlwqX.exe
  C:\Windows\System\SMrlwqX.exe
  2⤵
  PID:12316
- C:\Windows\System\NQkdOPu.exe
  C:\Windows\System\NQkdOPu.exe
  2⤵
  PID:12372
- C:\Windows\System\zDpFgMF.exe
  C:\Windows\System\zDpFgMF.exe
  2⤵
  PID:12440
- C:\Windows\System\iDtwlaw.exe
  C:\Windows\System\iDtwlaw.exe
  2⤵
  PID:2432
- C:\Windows\System\euPhaYc.exe
  C:\Windows\System\euPhaYc.exe
  2⤵
  PID:12596
- C:\Windows\System\tIoiMyS.exe
  C:\Windows\System\tIoiMyS.exe
  2⤵
  PID:12636
- C:\Windows\System\HbKoggR.exe
  C:\Windows\System\HbKoggR.exe
  2⤵
  PID:12708
- C:\Windows\System\ibyQbkA.exe
  C:\Windows\System\ibyQbkA.exe
  2⤵
  PID:12772
- C:\Windows\System\YFvFuQc.exe
  C:\Windows\System\YFvFuQc.exe
  2⤵
  PID:12832
- C:\Windows\System\VtmeTVT.exe
  C:\Windows\System\VtmeTVT.exe
  2⤵
  PID:12860
- C:\Windows\System\KQajmsQ.exe
  C:\Windows\System\KQajmsQ.exe
  2⤵
  PID:12928
- C:\Windows\System\YHrgRNT.exe
  C:\Windows\System\YHrgRNT.exe
  2⤵
  PID:13028
- C:\Windows\System\UvDbDPc.exe
  C:\Windows\System\UvDbDPc.exe
  2⤵
  PID:13092
- C:\Windows\System\YBokCpK.exe
  C:\Windows\System\YBokCpK.exe
  2⤵
  PID:13156
- C:\Windows\System\gTjEGIX.exe
  C:\Windows\System\gTjEGIX.exe
  2⤵
  PID:13212
- C:\Windows\System\PHHuElT.exe
  C:\Windows\System\PHHuElT.exe
  2⤵
  PID:13300
- C:\Windows\System\njlYjzI.exe
  C:\Windows\System\njlYjzI.exe
  2⤵
  PID:12520
- C:\Windows\System\oXeJwQR.exe
  C:\Windows\System\oXeJwQR.exe
  2⤵
  PID:12624
- C:\Windows\System\ONzpFvW.exe
  C:\Windows\System\ONzpFvW.exe
  2⤵
  PID:2436
- C:\Windows\System\pHuPVED.exe
  C:\Windows\System\pHuPVED.exe
  2⤵
  PID:3788
- C:\Windows\System\DFQxgRG.exe
  C:\Windows\System\DFQxgRG.exe
  2⤵
  PID:1248
- C:\Windows\System\RrgSAub.exe
  C:\Windows\System\RrgSAub.exe
  2⤵
  PID:12924
- C:\Windows\System\ibTHXnU.exe
  C:\Windows\System\ibTHXnU.exe
  2⤵
  PID:13068
- C:\Windows\System\PexzaXP.exe
  C:\Windows\System\PexzaXP.exe
  2⤵
  PID:1992
- C:\Windows\System\QFGJrSp.exe
  C:\Windows\System\QFGJrSp.exe
  2⤵
  PID:4032
- C:\Windows\System\LectslN.exe
  C:\Windows\System\LectslN.exe
  2⤵
  PID:12468
- C:\Windows\System\PRlPahq.exe
  C:\Windows\System\PRlPahq.exe
  2⤵
  PID:400
- C:\Windows\System\CNbquLG.exe
  C:\Windows\System\CNbquLG.exe
  2⤵
  PID:2956
- C:\Windows\System\xbHwnbs.exe
  C:\Windows\System\xbHwnbs.exe
  2⤵
  PID:2200
- C:\Windows\System\QKcvWJA.exe
  C:\Windows\System\QKcvWJA.exe
  2⤵
  PID:13240
- C:\Windows\System\UeruKFr.exe
  C:\Windows\System\UeruKFr.exe
  2⤵
  PID:3060
- C:\Windows\System\hXLErZM.exe
  C:\Windows\System\hXLErZM.exe
  2⤵
  PID:4860
- C:\Windows\System\yYBEEua.exe
  C:\Windows\System\yYBEEua.exe
  2⤵
  PID:3476
- C:\Windows\System\Jrptjna.exe
  C:\Windows\System\Jrptjna.exe
  2⤵
  PID:13328
- C:\Windows\System\oiwLWYo.exe
  C:\Windows\System\oiwLWYo.exe
  2⤵
  PID:13356
- C:\Windows\System\EHpWvsn.exe
  C:\Windows\System\EHpWvsn.exe
  2⤵
  PID:13400
- C:\Windows\System\HdPyBkR.exe
  C:\Windows\System\HdPyBkR.exe
  2⤵
  PID:13436
- C:\Windows\System\uexwazW.exe
  C:\Windows\System\uexwazW.exe
  2⤵
  PID:13468
- C:\Windows\System\gbjowha.exe
  C:\Windows\System\gbjowha.exe
  2⤵
  PID:13508
- C:\Windows\System\jcuQrSo.exe
  C:\Windows\System\jcuQrSo.exe
  2⤵
  PID:13536
- C:\Windows\System\Yfkcpyn.exe
  C:\Windows\System\Yfkcpyn.exe
  2⤵
  PID:13564
- C:\Windows\System\TglcQsc.exe
  C:\Windows\System\TglcQsc.exe
  2⤵
  PID:13592
- C:\Windows\System\GOejfYA.exe
  C:\Windows\System\GOejfYA.exe
  2⤵
  PID:13620
- C:\Windows\System\UHIOdsj.exe
  C:\Windows\System\UHIOdsj.exe
  2⤵
  PID:13652
- C:\Windows\System\yUSMGJX.exe
  C:\Windows\System\yUSMGJX.exe
  2⤵
  PID:13688
- C:\Windows\System\qBCGSZz.exe
  C:\Windows\System\qBCGSZz.exe
  2⤵
  PID:13720
- C:\Windows\System\ribRFYd.exe
  C:\Windows\System\ribRFYd.exe
  2⤵
  PID:13736
- C:\Windows\System\yjQqYia.exe
  C:\Windows\System\yjQqYia.exe
  2⤵
  PID:13752
- C:\Windows\System\OWnQtBQ.exe
  C:\Windows\System\OWnQtBQ.exe
  2⤵
  PID:13780
- C:\Windows\System\XbIgLCT.exe
  C:\Windows\System\XbIgLCT.exe
  2⤵
  PID:13844
- C:\Windows\System\XorxmiX.exe
  C:\Windows\System\XorxmiX.exe
  2⤵
  PID:13872
- C:\Windows\System\pFtUNdb.exe
  C:\Windows\System\pFtUNdb.exe
  2⤵
  PID:13904
- C:\Windows\System\gygqjVg.exe
  C:\Windows\System\gygqjVg.exe
  2⤵
  PID:13940
- C:\Windows\System\EGtywrH.exe
  C:\Windows\System\EGtywrH.exe
  2⤵
  PID:13968
- C:\Windows\System\BiiFruj.exe
  C:\Windows\System\BiiFruj.exe
  2⤵
  PID:13996
- C:\Windows\System\XgsPImr.exe
  C:\Windows\System\XgsPImr.exe
  2⤵
  PID:14024
- C:\Windows\System\gWBQZmG.exe
  C:\Windows\System\gWBQZmG.exe
  2⤵
  PID:14052
- C:\Windows\System\MxdRMVG.exe
  C:\Windows\System\MxdRMVG.exe
  2⤵
  PID:14080
- C:\Windows\System\byWfnvh.exe
  C:\Windows\System\byWfnvh.exe
  2⤵
  PID:14108
- C:\Windows\System\QUPPwzC.exe
  C:\Windows\System\QUPPwzC.exe
  2⤵
  PID:14136
- C:\Windows\System\MLlitxn.exe
  C:\Windows\System\MLlitxn.exe
  2⤵
  PID:14164
- C:\Windows\System\ngcrOdw.exe
  C:\Windows\System\ngcrOdw.exe
  2⤵
  PID:14192
- C:\Windows\System\qBGSMnx.exe
  C:\Windows\System\qBGSMnx.exe
  2⤵
  PID:14220
- C:\Windows\System\xIhoXqd.exe
  C:\Windows\System\xIhoXqd.exe
  2⤵
  PID:14248
- C:\Windows\System\XPmlUJa.exe
  C:\Windows\System\XPmlUJa.exe
  2⤵
  PID:14276
- C:\Windows\System\TRhcRSg.exe
  C:\Windows\System\TRhcRSg.exe
  2⤵
  PID:14304
- C:\Windows\System\NcCWrEQ.exe
  C:\Windows\System\NcCWrEQ.exe
  2⤵
  PID:14332
- C:\Windows\System\ltnwgMi.exe
  C:\Windows\System\ltnwgMi.exe
  2⤵
  PID:12344
- C:\Windows\System\ouRhTmD.exe
  C:\Windows\System\ouRhTmD.exe
  2⤵
  PID:13464
- C:\Windows\System\EYVjMgT.exe
  C:\Windows\System\EYVjMgT.exe
  2⤵
  PID:8652
- C:\Windows\System\NDPZVTw.exe
  C:\Windows\System\NDPZVTw.exe
  2⤵
  PID:13604
- C:\Windows\System\BKSEywO.exe
  C:\Windows\System\BKSEywO.exe
  2⤵
  PID:2716
- C:\Windows\System\jOXGPnN.exe
  C:\Windows\System\jOXGPnN.exe
  2⤵
  PID:13732
- C:\Windows\System\BDaoTnV.exe
  C:\Windows\System\BDaoTnV.exe
  2⤵
  PID:13800
- C:\Windows\System\EDNxcpm.exe
  C:\Windows\System\EDNxcpm.exe
  2⤵
  PID:13856
- C:\Windows\System\HExWjYP.exe
  C:\Windows\System\HExWjYP.exe
  2⤵
  PID:13916
- C:\Windows\System\dSamTLh.exe
  C:\Windows\System\dSamTLh.exe
  2⤵
  PID:13272
- C:\Windows\System\PuZiOfL.exe
  C:\Windows\System\PuZiOfL.exe
  2⤵
  PID:14044
- C:\Windows\System\aeSpvBJ.exe
  C:\Windows\System\aeSpvBJ.exe
  2⤵
  PID:14100
- C:\Windows\System\OYtIjCU.exe
  C:\Windows\System\OYtIjCU.exe
  2⤵
  PID:14176
- C:\Windows\System\nEFrYUL.exe
  C:\Windows\System\nEFrYUL.exe
  2⤵
  PID:14240
- C:\Windows\System\hjUREir.exe
  C:\Windows\System\hjUREir.exe
  2⤵
  PID:14296
- C:\Windows\System\ONgMMnr.exe
  C:\Windows\System\ONgMMnr.exe
  2⤵
  PID:804
- C:\Windows\System\OjICFnE.exe
  C:\Windows\System\OjICFnE.exe
  2⤵
  PID:12920
- C:\Windows\System\YmEvbBd.exe
  C:\Windows\System\YmEvbBd.exe
  2⤵
  PID:13504
- C:\Windows\System\mHnGdWm.exe
  C:\Windows\System\mHnGdWm.exe
  2⤵
  PID:13668
- C:\Windows\System\VkcjHAZ.exe
  C:\Windows\System\VkcjHAZ.exe
  2⤵
  PID:13840
- C:\Windows\System\znMtpOz.exe
  C:\Windows\System\znMtpOz.exe
  2⤵
  PID:13964
- C:\Windows\System\NDvkkPN.exe
  C:\Windows\System\NDvkkPN.exe
  2⤵
  PID:14156
- C:\Windows\System\KdKknEU.exe
  C:\Windows\System\KdKknEU.exe
  2⤵
  PID:12828
- C:\Windows\System\LBhfhrM.exe
  C:\Windows\System\LBhfhrM.exe
  2⤵
  PID:13340
- C:\Windows\System\nvgFwrf.exe
  C:\Windows\System\nvgFwrf.exe
  2⤵
  PID:13632
- C:\Windows\System\pOuIQyA.exe
  C:\Windows\System\pOuIQyA.exe
  2⤵
  PID:14016
- C:\Windows\System\zNXQEyO.exe
  C:\Windows\System\zNXQEyO.exe
  2⤵
  PID:4768
- C:\Windows\System\cnOLfJD.exe
  C:\Windows\System\cnOLfJD.exe
  2⤵
  PID:13952
- C:\Windows\System\wFPwMrq.exe
  C:\Windows\System\wFPwMrq.exe
  2⤵
  PID:14328
- C:\Windows\System\LtppJcz.exe
  C:\Windows\System\LtppJcz.exe
  2⤵
  PID:1644
- C:\Windows\System\HuacObJ.exe
  C:\Windows\System\HuacObJ.exe
  2⤵
  PID:756
- C:\Windows\System\rlnGbEZ.exe
  C:\Windows\System\rlnGbEZ.exe
  2⤵
  PID:14364
- C:\Windows\System\tFWaqPi.exe
  C:\Windows\System\tFWaqPi.exe
  2⤵
  PID:14412
- C:\Windows\System\utfbUPT.exe
  C:\Windows\System\utfbUPT.exe
  2⤵
  PID:14468
- C:\Windows\System\LOtUubK.exe
  C:\Windows\System\LOtUubK.exe
  2⤵
  PID:14504
- C:\Windows\System\KjVchmu.exe
  C:\Windows\System\KjVchmu.exe
  2⤵
  PID:14536
- C:\Windows\System\BkCrDWr.exe
  C:\Windows\System\BkCrDWr.exe
  2⤵
  PID:14572
- C:\Windows\System\pYsvuzs.exe
  C:\Windows\System\pYsvuzs.exe
  2⤵
  PID:14600
- C:\Windows\System\RmwgveG.exe
  C:\Windows\System\RmwgveG.exe
  2⤵
  PID:14628
- C:\Windows\System\Dstgkmj.exe
  C:\Windows\System\Dstgkmj.exe
  2⤵
  PID:14660
- C:\Windows\System\gHHRtWt.exe
  C:\Windows\System\gHHRtWt.exe
  2⤵
  PID:14688
- C:\Windows\System\HRgqunQ.exe
  C:\Windows\System\HRgqunQ.exe
  2⤵
  PID:14720
- C:\Windows\System\SgtgPTD.exe
  C:\Windows\System\SgtgPTD.exe
  2⤵
  PID:14752
- C:\Windows\System\jkcoQhV.exe
  C:\Windows\System\jkcoQhV.exe
  2⤵
  PID:14780
- C:\Windows\System\nfQNKMO.exe
  C:\Windows\System\nfQNKMO.exe
  2⤵
  PID:14828
- C:\Windows\System\nqxsMJl.exe
  C:\Windows\System\nqxsMJl.exe
  2⤵
  PID:14868
- C:\Windows\System\LNWoPTu.exe
  C:\Windows\System\LNWoPTu.exe
  2⤵
  PID:14916
- C:\Windows\System\gotxTeS.exe
  C:\Windows\System\gotxTeS.exe
  2⤵
  PID:14960
- C:\Windows\System\lBDSgqk.exe
  C:\Windows\System\lBDSgqk.exe
  2⤵
  PID:14988
- C:\Windows\System\bGCRYVb.exe
  C:\Windows\System\bGCRYVb.exe
  2⤵
  PID:15020
- C:\Windows\System\DryNUMO.exe
  C:\Windows\System\DryNUMO.exe
  2⤵
  PID:15056
- C:\Windows\System\DMykIKR.exe
  C:\Windows\System\DMykIKR.exe
  2⤵
  PID:15092
- C:\Windows\System\SqOsvcj.exe
  C:\Windows\System\SqOsvcj.exe
  2⤵
  PID:15132
- C:\Windows\System\TAFGeVi.exe
  C:\Windows\System\TAFGeVi.exe
  2⤵
  PID:15172
- C:\Windows\System\CrqOZtw.exe
  C:\Windows\System\CrqOZtw.exe
  2⤵
  PID:15216
- C:\Windows\System\eqCGhee.exe
  C:\Windows\System\eqCGhee.exe
  2⤵
  PID:15248
- C:\Windows\System\xAJLAmd.exe
  C:\Windows\System\xAJLAmd.exe
  2⤵
  PID:15300
- C:\Windows\System\vbgymLs.exe
  C:\Windows\System\vbgymLs.exe
  2⤵
  PID:15320
- C:\Windows\System\OBcldGk.exe
  C:\Windows\System\OBcldGk.exe
  2⤵
  PID:15348
- C:\Windows\System\keTJPbI.exe
  C:\Windows\System\keTJPbI.exe
  2⤵
  PID:14356
- C:\Windows\System\uVixzRO.exe
  C:\Windows\System\uVixzRO.exe
  2⤵
  PID:14456
- C:\Windows\System\RmvGauJ.exe
  C:\Windows\System\RmvGauJ.exe
  2⤵
  PID:14496
- C:\Windows\System\IZPrZEw.exe
  C:\Windows\System\IZPrZEw.exe
  2⤵
  PID:2776
- C:\Windows\System\JZWxFTX.exe
  C:\Windows\System\JZWxFTX.exe
  2⤵
  PID:14620
- C:\Windows\System\toDeqtB.exe
  C:\Windows\System\toDeqtB.exe
  2⤵
  PID:14656
- C:\Windows\System\ZhXwlKx.exe
  C:\Windows\System\ZhXwlKx.exe
  2⤵
  PID:14716
- C:\Windows\System\TAxKDSH.exe
  C:\Windows\System\TAxKDSH.exe
  2⤵
  PID:14448
- C:\Windows\System\SBJhDaB.exe
  C:\Windows\System\SBJhDaB.exe
  2⤵
  PID:3928
- C:\Windows\System\acSmfmy.exe
  C:\Windows\System\acSmfmy.exe
  2⤵
  PID:13532
- C:\Windows\System\fwWcetX.exe
  C:\Windows\System\fwWcetX.exe
  2⤵
  PID:14860
- C:\Windows\System\QJrhYNC.exe
  C:\Windows\System\QJrhYNC.exe
  2⤵
  PID:14928
- C:\Windows\System\HWXoYAt.exe
  C:\Windows\System\HWXoYAt.exe
  2⤵
  PID:14984
- C:\Windows\System\PupSxWu.exe
  C:\Windows\System\PupSxWu.exe
  2⤵
  PID:4192
- C:\Windows\System\cIwdjnc.exe
  C:\Windows\System\cIwdjnc.exe
  2⤵
  PID:15068
- C:\Windows\System\DPdhBkN.exe
  C:\Windows\System\DPdhBkN.exe
  2⤵
  PID:15148
- C:\Windows\System\gHNdoSY.exe
  C:\Windows\System\gHNdoSY.exe
  2⤵
  PID:15228
- C:\Windows\System\BoqtXEz.exe
  C:\Windows\System\BoqtXEz.exe
  2⤵
  PID:2276
- C:\Windows\System\NlgMMUu.exe
  C:\Windows\System\NlgMMUu.exe
  2⤵
  PID:12844
- C:\Windows\System\JVIdabt.exe
  C:\Windows\System\JVIdabt.exe
  2⤵
  PID:2068
- C:\Windows\System\qvJpVbk.exe
  C:\Windows\System\qvJpVbk.exe
  2⤵
  PID:15332
- C:\Windows\System\VPwqSMP.exe
  C:\Windows\System\VPwqSMP.exe
  2⤵
  PID:14340
- C:\Windows\System\XPJWoLT.exe
  C:\Windows\System\XPJWoLT.exe
  2⤵
  PID:3768
- C:\Windows\System\uQkRzom.exe
  C:\Windows\System\uQkRzom.exe
  2⤵
  PID:4884
- C:\Windows\System\qlcYvcx.exe
  C:\Windows\System\qlcYvcx.exe
  2⤵
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BSikuKj.exe

Filesize
6.1MB

MD5
5503a6c39191c468ee571f709c38822b

SHA1
3783cdc17f89e891e98f1c8965a9b70d456db27a

SHA256
13d53663bd986f23227352231a68289b653cea18d6099470498564a6be9a935f

SHA512
e894ae83e5fd2f2f07ed6736a19106ffe09880c99c292059ea9c4415c67240b725263828cbd84f06aec86cd90a2360875d218067379c9f58f92ee2fd4364da5d

Download Submit
C:\Windows\System\BsjNUko.exe

Filesize
6.1MB

MD5
33703e29e023c5029a5c52149b96365d

SHA1
7a27896ca4582687f0f422de4552aa263c74da49

SHA256
ce283254dcef22dec810b2294020b4f45f4d314d578e03cb843b1466a7d48a7d

SHA512
51ca8a862cd530c19040ba6d680adb18cfdbbcf09c912a3e14949c070fea1a6c7352790b4e3d424ca5d4e749826bb4953c563d27daa9e2522cc72de76393fe12

Download Submit
C:\Windows\System\CDfdauv.exe

Filesize
6.1MB

MD5
dab7898248d4e67e7181744bced83db1

SHA1
8daa1be60b2ee12a751fe145d247bba5a0eeb0b6

SHA256
802d7f57227ef29c257f6db47c1b7f9531f3bdae2cd9c8cab8d6106a4d2b6926

SHA512
a8859aa15490956deaa9ae0a65c7ebead665bddf5c9c4c8e1e29b00d53e9f22116a9a10a7cf95a9b4bef6304acb17b22f35a86a8a523568573eca5241fdcc693

Download Submit
C:\Windows\System\CYwwqLd.exe

Filesize
6.1MB

MD5
4f7be5830f91b0b97441c0e6e51328ce

SHA1
808588e9815c2301fdadb0af21be01ce8d8a7b1b

SHA256
697a3744f78abed6a1ef8e80bb6878f42214c66a30818ae61b621df385b6f133

SHA512
4187e6d61d04c3d74c539f750a3979a9d719395a05da4f545bb95838d4862d193fec95de974d47a9b632c7ed8a16601bf3945a2d53aa522d63adcd595f2cc670

Download Submit
C:\Windows\System\EHaMmfq.exe

Filesize
6.1MB

MD5
08d598c43e9ec552bf0854798943e0b2

SHA1
a02c21b869e992c5e430ec4e994f08d76cf4ab63

SHA256
434d2d749ab949b5cb964115b480e8cb514a8a5aa86ffd25363322be1c6001d1

SHA512
4ebc43aa6164d0d0d170adcaa2903517a7c9668f42329bfa78a93d922ab7f2a381cad6d55e9164e6e4dba054aa43e296c70c38c41ef5064fb3a6cfba9e4542de

Download Submit
C:\Windows\System\GijeZBG.exe

Filesize
6.1MB

MD5
d86998ac9027826d8a48c7a4fd4f9d69

SHA1
bfdd208d9777bebfbbe4d7065929a979ac4a8f95

SHA256
75d241178afd57923042dbfd25580a7bc5e790354d29d2a58cf8ac3c14b86525

SHA512
bcac1b13f76be99349085a1a0796a7c332fd6e744df98298529d751101f4d22cb54a61b1b522140d988446b020f981ecda9870544f0a7feec5c207b5e482c0c7

Download Submit
C:\Windows\System\OXwErLg.exe

Filesize
6.1MB

MD5
1d3a0c101c4d81929116917f3ac86b02

SHA1
5e71a12ebb48db9fd9fb3bbbda1a3009e16900cb

SHA256
39eee2c5437c070279e9885c10dbf97c2259840d63654362cc3fd5173a56dce4

SHA512
60ea6212efd90f8f316278af42450f2240715b2ce04bd3f950fc265817cf6eb067860197d6faf3e9c56cfd2ab3fc8801fbff5757dbd6d7fe76b4b9b6e14db335

Download Submit
C:\Windows\System\OeASFFw.exe

Filesize
6.1MB

MD5
a49ed52af72f86624093f332dedb407e

SHA1
2b8df8023bea0368f4997f902c91bb47cafd6f5c

SHA256
49f123a3535b2a733092c5e71d888d94458a3510d29500471e9fb36888ffda70

SHA512
5dc18d2a61cff0930b6266411d14008bcc9c89f808ae0cd6b529c85d7fe7d9d6cd9ac7e1e65ebe0a6614e4d0a5e854b0372c1f19ed4a133cede03307266c2a29

Download Submit
C:\Windows\System\OqXTIpT.exe

Filesize
6.1MB

MD5
f4e818ae16ad3e298f4680dc04488a05

SHA1
7ae1ab0bda3f7f3933b6db86984b3851af996c7e

SHA256
10bfefd251950ea9120a3a335f90ec1ca9a44c3bc70219ae8f9f500925360a83

SHA512
ab53d21699378df387246d5c7067d09d2a0cd57599089299eef22cf736c38685ae9095e86f70b138043dd65445b3f768f21e60bf9e2d4e32600ff5988e3d399c

Download Submit
C:\Windows\System\QINVsqk.exe

Filesize
6.1MB

MD5
e779902d4b7ebf0b76c99393306bf058

SHA1
19d8c8ea486be1bba29048337bc10f0949e3c8c0

SHA256
7e072bec310e679bfc98d99091bbd66a73c4e0cb453ee741fb44b712c18d2798

SHA512
8e807f81092567c5088136610185f026b9577efddfe0a2367a41602cab84ba4e173519e6e702f4147c979c82d57bdf5c79ad7c90d31b92142e125fc6955809b9

Download Submit
C:\Windows\System\RCdlyFw.exe

Filesize
6.1MB

MD5
5ac1c02f43f2f62bb4e32ab865014181

SHA1
cd28dfbff5e66977580307ef7c5303ef8aea2b52

SHA256
1024c055088cd6067890d6ca675d6b377f6678366d6670cee64e2a2572e5eeba

SHA512
dd8f2455ae2ae8bc01a2b911faee03e4dd5ca79c94e8c5e7e7196508f43903e4381f8971d78dddbaf8825bbf6da4f9b563a2de9023a0eda9b6410525af066412

Download Submit
C:\Windows\System\SovHlxB.exe

Filesize
6.1MB

MD5
c559c380d7552566f6f1578dcbeae2b7

SHA1
cf9e1dbda37836a96071063815e34a6580e45ff5

SHA256
f8989d7e857b90d286c083540edfb3dcf26992b9d5b0ee53334e1121e0248966

SHA512
59652a934ca02741fc886624060e9f484b4f34427967e6ec5cbf2b810294c22c5fadd6afeaea675bd6d18b09d4ed03480d0a3c8b3e52f450ba2f49002e67ef42

Download Submit
C:\Windows\System\TJMBskV.exe

Filesize
6.1MB

MD5
b77a8e24dce8f1ba00b391f919359a31

SHA1
6174969c7f7d499fdbf1deb7b9d3233571a2c346

SHA256
ef4257e1e7691d985802ee0f36f0034051fa67fd9e5505a4fe79411a95c1c744

SHA512
5fe13ee3c9a6d07f54009cdc32584048a47851100a18703082e104aa085c4e4905eb1a4091824c2cc97d7857b2bf2583e45ce0e5bac6a3b69e36c2f9cdb9ccac

Download Submit
C:\Windows\System\UgdVLKf.exe

Filesize
6.1MB

MD5
884f9704406f9d71f86a063a5b994454

SHA1
0d35c32a551c46131785c7ea0ee535179e38dba1

SHA256
fcddf9987d1ee34f593cd4d96a57f225c508607b0f69599a31e1d2706ee2d9e3

SHA512
766cba2b81ad1d617e1f227bf60b69c7d27f1a8175f48e2b9e613a2eadd9569a8672beeec154a7a2b42258f8d402efa124b7eafaa6d9a06596637a7c9f42b6a6

Download Submit
C:\Windows\System\VfeCotH.exe

Filesize
6.1MB

MD5
b8c8af981c396ebbaf826951ca25e282

SHA1
4d2170f3df5251f6a313eb937de04493e761e765

SHA256
dd3e8ba4b9b5e1280c38d825d9706fec900e0955abe2edf7787cb20cfa088e15

SHA512
d03cd00b10f7540bb68d38ecfda73b261ab43c6bea6d44b82317c829ae5000faee12e168a9c73f9a5b0d22827a4581c22bd50b2b792938bd491c2ed2f1f086a2

Download Submit
C:\Windows\System\ZLIpLKf.exe

Filesize
6.1MB

MD5
6c491591124aae8f73b116bb94a409ae

SHA1
83cacdf82c0ba21adba0b66f5ec1c48262cc3c31

SHA256
12997ae32f6b97cb7e15d3bdaf15fad891503f8053a4ea9bbe346f4c076fd78c

SHA512
1957f17b2f5a4c3d916a6769a63cb3599aed04fc8284a723bafd6c29df0a1e7a0aa20a15c9b32b40779617260aa01273e12f20cb6d18a2757bc7ea6394bb11cd

Download Submit
C:\Windows\System\awxaqMw.exe

Filesize
6.1MB

MD5
6446716749eba403c87c545a7c022bbc

SHA1
d44fe99b3e6a6a5d3b3324b27acc29fcc99baa46

SHA256
068e1e77661406ac80bb63313219fe49aac918868de32987c84cbed52d44ce62

SHA512
ebb2aa6b374cf48c4b76a9971e32791e47e48eea652e30518f4693c8f546bbfbd2c89a0ec54ba9442cfd340eae8ca45b2bc3d4c49a32edc7b81f4e42fd7ae176

Download Submit
C:\Windows\System\djGQGMz.exe

Filesize
6.1MB

MD5
dde13bfea71ee4e7c560c2bfa78722e2

SHA1
6a6ccbc4780c348ddf9f4cdf44eb1c499c9f75fd

SHA256
3fe2b2be438088f6112d2b37cb7fd38be5a8a5acbea3df90e88e43601beb55b1

SHA512
b65ea5fb908f0e5f2d21012259df5e3fc02bc0b56232c4149859ae0be7c822089d4f978f7c1afb6d11883ee1e01a2ac098252a3203ff24f98f17179c9d720b2e

Download Submit
C:\Windows\System\elGgqOE.exe

Filesize
6.1MB

MD5
9cc21c01111b69bf2888d580d6b78ae8

SHA1
3a0d94e014f0290731f717bed4c20f57cad5b302

SHA256
9578cff6d550ab609cbc5bb550b00fb23cd6472593795f0da69ffb64890894e4

SHA512
a5d4228475506ee21c548c29213f0f63ad668f4159321cc85b5356e3af25c704bf54954cb1788ad841cc14673fe4e40d6b280f79d7926c4fbd5bda8bcc881deb

Download Submit
C:\Windows\System\fLiohXZ.exe

Filesize
6.1MB

MD5
9670d759be48e45b4a3dbdd6d33a9d1e

SHA1
0ba0548d1a55fafbd126c90b0440d44d38f61f84

SHA256
753e8570f4d29f0444b381caada30740d9b4b3d5b39841ee8f2ae29bb826d7c4

SHA512
79f4f724234bea57324fd76ec66fe82dc0f85126d927b3bf2ef88a400f28635d5e1b1499d015a9949a02b81154e167d202ebe160ac83d57b1762c4c3dbc9086e

Download Submit
C:\Windows\System\hIoMcKl.exe

Filesize
6.1MB

MD5
7b97cf753c2616c08b8f158031764a12

SHA1
c74b962a0ba7bb1a6aa352cd0504e767f145e571

SHA256
aa2332b410533a838f442d0772abc8282d4869473e4a1bba50fb455e87ffd784

SHA512
fd7dc1bf5a1bebca2ad765c2f7f0da0181241491922e7e52c47b469395a6681933e9bc80705a5b9cfe8c5ba36903f61d7a3401f5d6948417a8b16a985007a98d

Download Submit
C:\Windows\System\jNHQMZj.exe

Filesize
6.1MB

MD5
8a4e480cb9f6d98d6ddc438c2bbf81c9

SHA1
f2ca5c5d1cde1839631b7e0f976f7c2e404df5cf

SHA256
1ab9c24aa27569be1f213c3e7c6eafa2080b54b579eef07a8b5154d8d65b67e7

SHA512
d26ca3c00a8006cdf4622311f49c739a290b0fc6326e34d8b69bd3288106cc69ed142c7f5cb8c7e56b765e240b950be061bbcadb5ddf505f3f804354bbf83bf8

Download Submit
C:\Windows\System\jVKRirM.exe

Filesize
6.1MB

MD5
dd0c0cfb1c8335c49deeaee4b717316f

SHA1
aa0a4eb96318a0968cbd5de4dc075d1d2a866720

SHA256
da352accc7b5aff17c9b0d0f07fb80876a70e7a469b7e184c6caf366dd4f83a4

SHA512
05c2739ccd886b9c3836d1c2c343618f19279440e0351901c744d34613b661e0fe3e63c4b7f3078b39f7c8ba7465d92944e0780b0b8e44e7816d07e2e0518202

Download Submit
C:\Windows\System\jgQkmVO.exe

Filesize
6.1MB

MD5
a4cf531dc4a6ab4ec826b99ab1b7e63f

SHA1
946697e278829befe753fc8d1d5a692a49685651

SHA256
cc8da36b5f6c9c676b77ae5036b2ec5750bb714a6026e952cc6c2f38695d4a7c

SHA512
cd722ec40dde333d2314d099c7f6db4d45e1be7940b52b24fae49a33d73e670d5655056cf712d906d1ede3bdcf94dccc7b5cd2fb0380222a3ee9437d414d4f8b

Download Submit
C:\Windows\System\nmrSLUN.exe

Filesize
6.1MB

MD5
e8bbbb3d94278df5a5268819880e9cbf

SHA1
436af92f6572e38c28038b26137ea61b4b0ef1fe

SHA256
b802171c2e03456c48635d39a6f28dd5ee4afb975fcd6d70bbf99a6d0a117ee6

SHA512
2740ae43705e80650e3ac70f530dd0f3cbfccbbc5357d661b94cd084b7065d3e6eacbcae97919442893adf0bf7a9f4107feb3c379a51a7af4b9bbacdb0779f64

Download Submit
C:\Windows\System\punsoSc.exe

Filesize
6.1MB

MD5
ffb6f1da4f7627215b96098284de6412

SHA1
93038cb3961671177993124ae39f318a40365109

SHA256
114e55bcc36211361137d3b2aaed9f54efb92dc2881041066e2d001b15f84e1a

SHA512
f6509d6a3aaf83cb6efca356d8f82ef90afcdf3cf03d29c6c70d2101e8b48c9db78453a89aa1c8ea4945f7b8be9f7ecea4b1ca88d55eb11ff3f2d45d2d869dee

Download Submit
C:\Windows\System\rxjJOkl.exe

Filesize
6.1MB

MD5
650063aa6d5e2a311787707450d89b4a

SHA1
f70aabfe94a93dee37c2764a9544ace005b39899

SHA256
e38bb77af0ab2083c260c7c42f59c17c03f4319c6432ca6f8309187a6d607fea

SHA512
d10d087bb84dfb34c57b480a7e6d5897501d8b69c30c48977816ed2934791d8c6fb71092d7547827c2bd3b8f466b82c1a75a5ad86c5001efe7a8f11a9803c4a3

Download Submit
C:\Windows\System\tsjgmGG.exe

Filesize
6.1MB

MD5
0f6ec0f76ceee601de914480b0bdba59

SHA1
b9de16bb587d033def861ff578b06bac22474a1b

SHA256
4af638f6903a244a8ea5ca5ebc7b95f144f664cec8ae057c2b1288d16265d638

SHA512
c8e75d0720d16c84f328ae561eff2a751d482ec11be2e573e99b76d0fcd7930d83a765325b2f5b4b85f3b22d2bdebb70d9f94a7f7191da39343ac90fc1181c5d

Download Submit
C:\Windows\System\ucVoKtu.exe

Filesize
6.1MB

MD5
898b431c703dab20ca7f1c5e0b0c92a7

SHA1
d7549a3511fe2857aa87af485c8e78f3b0c9b8eb

SHA256
300452c568fdff6ebe76c4baad44d9735c9a98f936031c5424fd7dc22dd75cfc

SHA512
18e50d0048e201be788e0cdff4f55e51277a67746152fd7802b9d5956e98b3d1d3036eba1bcf4d54ef2c8b800b430e21436f53f394d6c84b8e6ae170798eb187

Download Submit
C:\Windows\System\vvpmJdB.exe

Filesize
6.1MB

MD5
2e758e04e62a3a27a73de341721a7b76

SHA1
67f75fc6e77425008ce13e7690d66dc9f81e364b

SHA256
f7d6961b723287c3e2f3f5371378a5c1febd905ebebda87a3b1dcbde4890c766

SHA512
6bb0887173c85687db723b4cd5cc8ae568d181e24b28d3ec01cf947f7af629741fa6e55d481e15aaecb10a1f470f0f125d48127072afadfbec5a9adbf53f1425

Download Submit
C:\Windows\System\wusvuPp.exe

Filesize
6.1MB

MD5
5da5087fb1a336028140d4290e13957a

SHA1
6931a81ab78734aea4e3892aaf8b0079d0129de2

SHA256
4894ffd24bdd1d7c872c47812c9d5e706690f046f01a29e2dff835231d088ec8

SHA512
e7d2167a8b068a681e0a3d2c55be30cde6d4f2a41d28df1747b71f8ad02f37cda2d266b7a6a4454dfabea5dc18768c926fb3311cc088c6daf53ef3b25ff45f49

Download Submit
C:\Windows\System\wyeafeZ.exe

Filesize
6.1MB

MD5
734a09e6a36b4f05312f990c1ebbfba6

SHA1
f3ce5fd9c3e6df21f8805486165e227352ba597e

SHA256
6873365113ce2c9dcb9ada1298eee1cceb08b41bc18c72faad453303fd01b7ae

SHA512
b52f43804f6b09f9bd7d0b00300c1174a2ac6b61746c7aba4be28f0f5eae2fea8f4146e1302a34ecd7d8e2203d1fa231cbd7bc23e3a44ae9bd4b73a63197472c

Download Submit
memory/8-215-0x00007FF66AC30000-0x00007FF66AF84000-memory.dmp

Filesize
3.3MB

Download
memory/8-136-0x00007FF66AC30000-0x00007FF66AF84000-memory.dmp

Filesize
3.3MB

Download
memory/316-145-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp

Filesize
3.3MB

Download
memory/316-81-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp

Filesize
3.3MB

Download
memory/316-1887-0x00007FF6A41E0000-0x00007FF6A4534000-memory.dmp

Filesize
3.3MB

Download
memory/680-137-0x00007FF6F0010000-0x00007FF6F0364000-memory.dmp

Filesize
3.3MB

Download
memory/680-264-0x00007FF6F0010000-0x00007FF6F0364000-memory.dmp

Filesize
3.3MB

Download
memory/1300-184-0x00007FF69BCF0000-0x00007FF69C044000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2254-0x00007FF69BCF0000-0x00007FF69C044000-memory.dmp

Filesize
3.3MB

Download
memory/1300-112-0x00007FF69BCF0000-0x00007FF69C044000-memory.dmp

Filesize
3.3MB

Download
memory/1500-135-0x00007FF6A82F0000-0x00007FF6A8644000-memory.dmp

Filesize
3.3MB

Download
memory/1736-98-0x00007FF785F10000-0x00007FF786264000-memory.dmp

Filesize
3.3MB

Download
memory/1736-35-0x00007FF785F10000-0x00007FF786264000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1819-0x00007FF785F10000-0x00007FF786264000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2025-0x00007FF6FA820000-0x00007FF6FAB74000-memory.dmp

Filesize
3.3MB

Download
memory/1744-92-0x00007FF6FA820000-0x00007FF6FAB74000-memory.dmp

Filesize
3.3MB

Download
memory/1744-158-0x00007FF6FA820000-0x00007FF6FAB74000-memory.dmp

Filesize
3.3MB

Download
memory/1964-106-0x00007FF6C57B0000-0x00007FF6C5B04000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2248-0x00007FF6C57B0000-0x00007FF6C5B04000-memory.dmp

Filesize
3.3MB

Download
memory/1968-163-0x00007FF7A94C0000-0x00007FF7A9814000-memory.dmp

Filesize
3.3MB

Download
memory/1968-390-0x00007FF7A94C0000-0x00007FF7A9814000-memory.dmp

Filesize
3.3MB

Download
memory/2076-159-0x00007FF7AD5C0000-0x00007FF7AD914000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2032-0x00007FF7AD5C0000-0x00007FF7AD914000-memory.dmp

Filesize
3.3MB

Download
memory/2076-95-0x00007FF7AD5C0000-0x00007FF7AD914000-memory.dmp

Filesize
3.3MB

Download
memory/2292-120-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-70-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-1886-0x00007FF67DD50000-0x00007FF67E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2404-0x00007FF7444A0000-0x00007FF7447F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-506-0x00007FF7444A0000-0x00007FF7447F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-164-0x00007FF7444A0000-0x00007FF7447F4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1863-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp

Filesize
3.3MB

Download
memory/2324-109-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp

Filesize
3.3MB

Download
memory/2324-48-0x00007FF7AB1F0000-0x00007FF7AB544000-memory.dmp

Filesize
3.3MB

Download
memory/2444-193-0x00007FF619390000-0x00007FF6196E4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2273-0x00007FF619390000-0x00007FF6196E4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-127-0x00007FF619390000-0x00007FF6196E4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1765-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-77-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-12-0x00007FF7D67F0000-0x00007FF7D6B44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2408-0x00007FF638B00000-0x00007FF638E54000-memory.dmp

Filesize
3.3MB

Download
memory/3044-755-0x00007FF638B00000-0x00007FF638E54000-memory.dmp

Filesize
3.3MB

Download
memory/3044-200-0x00007FF638B00000-0x00007FF638E54000-memory.dmp

Filesize
3.3MB

Download
memory/3244-573-0x00007FF683FE0000-0x00007FF684334000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2406-0x00007FF683FE0000-0x00007FF684334000-memory.dmp

Filesize
3.3MB

Download
memory/3244-183-0x00007FF683FE0000-0x00007FF684334000-memory.dmp

Filesize
3.3MB

Download
memory/3308-1883-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-76-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-129-0x00007FF694F60000-0x00007FF6952B4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-30-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-1816-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-94-0x00007FF78A890000-0x00007FF78ABE4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-105-0x00007FF677700000-0x00007FF677A54000-memory.dmp

Filesize
3.3MB

Download
memory/3724-1862-0x00007FF677700000-0x00007FF677A54000-memory.dmp

Filesize
3.3MB

Download
memory/3724-43-0x00007FF677700000-0x00007FF677A54000-memory.dmp

Filesize
3.3MB

Download
memory/3808-71-0x00007FF65A000000-0x00007FF65A354000-memory.dmp

Filesize
3.3MB

Download
memory/3808-6-0x00007FF65A000000-0x00007FF65A354000-memory.dmp

Filesize
3.3MB

Download
memory/3808-1761-0x00007FF65A000000-0x00007FF65A354000-memory.dmp

Filesize
3.3MB

Download
memory/3912-1871-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-56-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-117-0x00007FF743CA0000-0x00007FF743FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-24-0x00007FF632300000-0x00007FF632654000-memory.dmp

Filesize
3.3MB

Download
memory/4244-88-0x00007FF632300000-0x00007FF632654000-memory.dmp

Filesize
3.3MB

Download
memory/4244-1795-0x00007FF632300000-0x00007FF632654000-memory.dmp

Filesize
3.3MB

Download
memory/4292-66-0x00007FF69D120000-0x00007FF69D474000-memory.dmp

Filesize
3.3MB

Download
memory/4292-128-0x00007FF69D120000-0x00007FF69D474000-memory.dmp

Filesize
3.3MB

Download
memory/4292-1879-0x00007FF69D120000-0x00007FF69D474000-memory.dmp

Filesize
3.3MB

Download
memory/4296-86-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp

Filesize
3.3MB

Download
memory/4296-18-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp

Filesize
3.3MB

Download
memory/4296-1790-0x00007FF67AD00000-0x00007FF67B054000-memory.dmp

Filesize
3.3MB

Download
memory/4452-323-0x00007FF60A6F0000-0x00007FF60AA44000-memory.dmp

Filesize
3.3MB

Download
memory/4452-146-0x00007FF60A6F0000-0x00007FF60AA44000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2288-0x00007FF60A6F0000-0x00007FF60AA44000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2405-0x00007FF787550000-0x00007FF7878A4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-172-0x00007FF787550000-0x00007FF7878A4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-572-0x00007FF787550000-0x00007FF7878A4000-memory.dmp

Filesize
3.3MB

Download
memory/4680-0-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp

Filesize
3.3MB

Download
memory/4680-65-0x00007FF6A5B20000-0x00007FF6A5E74000-memory.dmp

Filesize
3.3MB

Download
memory/4680-1-0x0000019BFC270000-0x0000019BFC280000-memory.dmp

Filesize
64KB

Download
memory/4804-194-0x00007FF638B30000-0x00007FF638E84000-memory.dmp

Filesize
3.3MB

Download
memory/4804-699-0x00007FF638B30000-0x00007FF638E84000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2407-0x00007FF638B30000-0x00007FF638E84000-memory.dmp

Filesize
3.3MB

Download
memory/5064-152-0x00007FF73CBF0000-0x00007FF73CF44000-memory.dmp

Filesize
3.3MB

Download
memory/5064-389-0x00007FF73CBF0000-0x00007FF73CF44000-memory.dmp

Filesize
3.3MB

Download