cobaltstrike | 88e8ea199585bb5884e219577c94a51fc2dba25722baed034c8142cde374b7a7

Analysis

max time kernel
110s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

54f377459ccfa4f0f02063f6f5763d91
SHA1

9ce84f2cf879a2696ddecbf22d3c0f79dae9058b
SHA256

88e8ea199585bb5884e219577c94a51fc2dba25722baed034c8142cde374b7a7
SHA512

a81d1b4515f8b498986e2bf3eac6f32c41a7052f7193391c89c8eb2c2b352293d8878b27048be51c117d41d3351c68444578e82a60d42da8bdd424a76e1e4191
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0012000000023f8b-4.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dc-9.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240db-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dd-23.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240de-28.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240df-37.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e0-41.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e2-53.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e3-65.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e4-68.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e5-72.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000240d8-49.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e6-83.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e7-93.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e8-95.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240e9-109.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ea-113.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240eb-120.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ec-126.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ed-131.dat	cobalt_reflective_dll
behavioral2/files/0x00090000000227cc-138.dat	cobalt_reflective_dll
behavioral2/files/0x0005000000022b78-144.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000016916-160.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ee-157.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000016917-167.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e125-172.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001e123-178.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e34f-188.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e6b5-194.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001e6c2-200.dat	cobalt_reflective_dll
behavioral2/files/0x000800000001da70-205.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001da7a-209.dat	cobalt_reflective_dll
behavioral2/files/0x001000000001e08d-215.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1528-0-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp	xmrig
behavioral2/files/0x0012000000023f8b-4.dat	xmrig
behavioral2/files/0x00070000000240dc-9.dat	xmrig
behavioral2/files/0x00070000000240db-11.dat	xmrig
behavioral2/files/0x00070000000240dd-23.dat	xmrig
behavioral2/files/0x00070000000240de-28.dat	xmrig
behavioral2/files/0x00070000000240df-37.dat	xmrig
behavioral2/memory/548-36-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp	xmrig
behavioral2/memory/724-33-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp	xmrig
behavioral2/memory/1916-24-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp	xmrig
behavioral2/memory/3200-20-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp	xmrig
behavioral2/memory/4148-15-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp	xmrig
behavioral2/memory/8-10-0x00007FF622500000-0x00007FF622854000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e0-41.dat	xmrig
behavioral2/memory/3964-42-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e2-53.dat	xmrig
behavioral2/memory/8-59-0x00007FF622500000-0x00007FF622854000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e3-65.dat	xmrig
behavioral2/files/0x00070000000240e4-68.dat	xmrig
behavioral2/files/0x00070000000240e5-72.dat	xmrig
behavioral2/memory/2064-76-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp	xmrig
behavioral2/memory/1916-75-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp	xmrig
behavioral2/memory/3200-74-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp	xmrig
behavioral2/memory/3176-70-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp	xmrig
behavioral2/memory/3652-62-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp	xmrig
behavioral2/memory/4148-61-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp	xmrig
behavioral2/memory/2996-58-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	xmrig
behavioral2/memory/1528-56-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp	xmrig
behavioral2/files/0x00080000000240d8-49.dat	xmrig
behavioral2/memory/2852-48-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e6-83.dat	xmrig
behavioral2/memory/820-86-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp	xmrig
behavioral2/memory/548-87-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e7-93.dat	xmrig
behavioral2/files/0x00070000000240e8-95.dat	xmrig
behavioral2/memory/3964-97-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp	xmrig
behavioral2/files/0x00070000000240e9-109.dat	xmrig
behavioral2/files/0x00070000000240ea-113.dat	xmrig
behavioral2/memory/3096-112-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp	xmrig
behavioral2/memory/2996-111-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	xmrig
behavioral2/memory/1488-107-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	xmrig
behavioral2/memory/936-99-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp	xmrig
behavioral2/memory/2852-98-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp	xmrig
behavioral2/memory/2404-96-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp	xmrig
behavioral2/memory/724-84-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp	xmrig
behavioral2/memory/3176-119-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp	xmrig
behavioral2/memory/1588-122-0x00007FF645240000-0x00007FF645594000-memory.dmp	xmrig
behavioral2/files/0x00070000000240eb-120.dat	xmrig
behavioral2/memory/3652-115-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp	xmrig
behavioral2/memory/2064-123-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ec-126.dat	xmrig
behavioral2/memory/540-128-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp	xmrig
behavioral2/files/0x00070000000240ed-131.dat	xmrig
behavioral2/memory/3276-135-0x00007FF7A5F20000-0x00007FF7A6274000-memory.dmp	xmrig
behavioral2/files/0x00090000000227cc-138.dat	xmrig
behavioral2/memory/2404-140-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp	xmrig
behavioral2/memory/4476-141-0x00007FF6A4B00000-0x00007FF6A4E54000-memory.dmp	xmrig
behavioral2/files/0x0005000000022b78-144.dat	xmrig
behavioral2/memory/4484-145-0x00007FF669B10000-0x00007FF669E64000-memory.dmp	xmrig
behavioral2/memory/820-139-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp	xmrig
behavioral2/memory/936-153-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp	xmrig
behavioral2/files/0x0003000000016916-160.dat	xmrig
behavioral2/memory/3096-162-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp	xmrig
behavioral2/memory/1384-164-0x00007FF738040000-0x00007FF738394000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
8	IYCnWyN.exe
4148	psUPMym.exe
3200	YkHgynV.exe
1916	VcjiaNT.exe
724	DhvyUOm.exe
548	yklXzMM.exe
3964	ZUAXsiq.exe
2852	pGPPiix.exe
2996	wTAxFia.exe
3652	zcNRtDr.exe
3176	sksBSsE.exe
2064	uXRGOwJ.exe
820	DAikKgk.exe
2404	avGgRSQ.exe
936	TKNZrPf.exe
1488	TOFqrot.exe
3096	mcGvUXl.exe
1588	ybWnhyL.exe
540	xmErIsU.exe
3276	DBnzOup.exe
4476	jwRAHuV.exe
4484	qNpcLCO.exe
2932	oPgyDvx.exe
1384	zUORiSD.exe
3180	DPeSviT.exe
1320	AGhmAdF.exe
4080	NVoKdhk.exe
2288	ovMieDH.exe
2512	SiChlIL.exe
2000	OCVpaTL.exe
3788	fiZrQOV.exe
1200	ZSLDYnU.exe
3516	edwdDku.exe
5044	UbCUquD.exe
2232	QvUrlrT.exe
5004	KfQRNdE.exe
4696	PMKKFNM.exe
4940	kDinemo.exe
1540	VMvJsGo.exe
4236	JPVLlbE.exe
4360	VEMqVQY.exe
4116	dzoBHtM.exe
3684	KjTFtqY.exe
4304	MrvRXUp.exe
1480	LRsAAMI.exe
1060	VmQFIDd.exe
2088	rkRSXcA.exe
228	qgOsTDa.exe
4108	zRJXcdT.exe
3636	Juxnumv.exe
1820	YadCCMV.exe
5028	XlfgoqA.exe
4548	EuWPbYH.exe
468	XBRBYzZ.exe
816	pUntDjS.exe
1504	tJAAfKJ.exe
4844	TPBveCe.exe
1824	uHZHecR.exe
208	irnczEC.exe
1152	VCVWiaL.exe
2400	ZIokxnZ.exe
3928	aWgniwr.exe
2812	OEHtfvu.exe
3368	EIaHkum.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1528-0-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp	upx
behavioral2/files/0x0012000000023f8b-4.dat	upx
behavioral2/files/0x00070000000240dc-9.dat	upx
behavioral2/files/0x00070000000240db-11.dat	upx
behavioral2/files/0x00070000000240dd-23.dat	upx
behavioral2/files/0x00070000000240de-28.dat	upx
behavioral2/files/0x00070000000240df-37.dat	upx
behavioral2/memory/548-36-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp	upx
behavioral2/memory/724-33-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp	upx
behavioral2/memory/1916-24-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp	upx
behavioral2/memory/3200-20-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp	upx
behavioral2/memory/4148-15-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp	upx
behavioral2/memory/8-10-0x00007FF622500000-0x00007FF622854000-memory.dmp	upx
behavioral2/files/0x00070000000240e0-41.dat	upx
behavioral2/memory/3964-42-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp	upx
behavioral2/files/0x00070000000240e2-53.dat	upx
behavioral2/memory/8-59-0x00007FF622500000-0x00007FF622854000-memory.dmp	upx
behavioral2/files/0x00070000000240e3-65.dat	upx
behavioral2/files/0x00070000000240e4-68.dat	upx
behavioral2/files/0x00070000000240e5-72.dat	upx
behavioral2/memory/2064-76-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp	upx
behavioral2/memory/1916-75-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp	upx
behavioral2/memory/3200-74-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp	upx
behavioral2/memory/3176-70-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp	upx
behavioral2/memory/3652-62-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp	upx
behavioral2/memory/4148-61-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp	upx
behavioral2/memory/2996-58-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	upx
behavioral2/memory/1528-56-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp	upx
behavioral2/files/0x00080000000240d8-49.dat	upx
behavioral2/memory/2852-48-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp	upx
behavioral2/files/0x00070000000240e6-83.dat	upx
behavioral2/memory/820-86-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp	upx
behavioral2/memory/548-87-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp	upx
behavioral2/files/0x00070000000240e7-93.dat	upx
behavioral2/files/0x00070000000240e8-95.dat	upx
behavioral2/memory/3964-97-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp	upx
behavioral2/files/0x00070000000240e9-109.dat	upx
behavioral2/files/0x00070000000240ea-113.dat	upx
behavioral2/memory/3096-112-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp	upx
behavioral2/memory/2996-111-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp	upx
behavioral2/memory/1488-107-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	upx
behavioral2/memory/936-99-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp	upx
behavioral2/memory/2852-98-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp	upx
behavioral2/memory/2404-96-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp	upx
behavioral2/memory/724-84-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp	upx
behavioral2/memory/3176-119-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp	upx
behavioral2/memory/1588-122-0x00007FF645240000-0x00007FF645594000-memory.dmp	upx
behavioral2/files/0x00070000000240eb-120.dat	upx
behavioral2/memory/3652-115-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp	upx
behavioral2/memory/2064-123-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp	upx
behavioral2/files/0x00070000000240ec-126.dat	upx
behavioral2/memory/540-128-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp	upx
behavioral2/files/0x00070000000240ed-131.dat	upx
behavioral2/memory/3276-135-0x00007FF7A5F20000-0x00007FF7A6274000-memory.dmp	upx
behavioral2/files/0x00090000000227cc-138.dat	upx
behavioral2/memory/2404-140-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp	upx
behavioral2/memory/4476-141-0x00007FF6A4B00000-0x00007FF6A4E54000-memory.dmp	upx
behavioral2/files/0x0005000000022b78-144.dat	upx
behavioral2/memory/4484-145-0x00007FF669B10000-0x00007FF669E64000-memory.dmp	upx
behavioral2/memory/820-139-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp	upx
behavioral2/memory/936-153-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp	upx
behavioral2/files/0x0003000000016916-160.dat	upx
behavioral2/memory/3096-162-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp	upx
behavioral2/memory/1384-164-0x00007FF738040000-0x00007FF738394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zwgDlHM.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KHtbDqC.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WchLXXg.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CgmOgdp.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DAikKgk.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kDSOvrC.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NoiFqKW.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dxwNSrI.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\azaFwoD.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BrhedkU.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\isBUPjx.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LRsAAMI.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tJAAfKJ.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cLwGiPk.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JboaPEy.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EujRLYL.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QMqCjeH.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\euDVJuy.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vVdAaVJ.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zoHYzzn.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jIcetDe.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kIGdHrz.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qZzlVhj.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TrKfkBb.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ddfDDZl.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wTAxFia.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KWwTWYb.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\emwrwFY.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eEnIgBo.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GdNTxxr.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fkqhruC.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WQtvMYc.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Kilhtcq.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EsCTldL.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FViarXV.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\alaLaiF.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OFHfzly.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ofNotPf.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hiqsnvq.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nhajrfu.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FFkpNwE.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pkioxWk.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WRVfIzL.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DVVFxMf.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nfkyMGH.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KOgkLnJ.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SAYzSDk.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DePrTdN.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LjwRDzr.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cjJgbfb.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KJCdvDD.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RSYTQze.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uPoLpaC.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\leCcbbL.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gawemdx.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GtEuarg.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZzAHyYs.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\apBaFlx.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BmRbHcB.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qPqjsIG.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LZQDVCj.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ShweHLH.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VGlJcWu.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iZfvyfF.exe	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 8	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1528 wrote to memory of 8	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 1528 wrote to memory of 4148	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1528 wrote to memory of 4148	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 1528 wrote to memory of 3200	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1528 wrote to memory of 3200	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 1528 wrote to memory of 1916	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1528 wrote to memory of 1916	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 1528 wrote to memory of 724	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 1528 wrote to memory of 724	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 1528 wrote to memory of 548	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 1528 wrote to memory of 548	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 1528 wrote to memory of 3964	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1528 wrote to memory of 3964	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 1528 wrote to memory of 2852	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1528 wrote to memory of 2852	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 1528 wrote to memory of 2996	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 1528 wrote to memory of 2996	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 1528 wrote to memory of 3652	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1528 wrote to memory of 3652	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 1528 wrote to memory of 3176	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1528 wrote to memory of 3176	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 1528 wrote to memory of 2064	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1528 wrote to memory of 2064	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 1528 wrote to memory of 820	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1528 wrote to memory of 820	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 1528 wrote to memory of 2404	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1528 wrote to memory of 2404	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 1528 wrote to memory of 936	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1528 wrote to memory of 936	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 1528 wrote to memory of 1488	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1528 wrote to memory of 1488	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 1528 wrote to memory of 3096	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1528 wrote to memory of 3096	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 1528 wrote to memory of 1588	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1528 wrote to memory of 1588	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 1528 wrote to memory of 540	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1528 wrote to memory of 540	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 1528 wrote to memory of 3276	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1528 wrote to memory of 3276	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 1528 wrote to memory of 4476	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1528 wrote to memory of 4476	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 1528 wrote to memory of 4484	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1528 wrote to memory of 4484	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 1528 wrote to memory of 2932	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1528 wrote to memory of 2932	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 1528 wrote to memory of 1384	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1528 wrote to memory of 1384	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 1528 wrote to memory of 3180	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1528 wrote to memory of 3180	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 1528 wrote to memory of 1320	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1528 wrote to memory of 1320	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 1528 wrote to memory of 4080	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1528 wrote to memory of 4080	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 1528 wrote to memory of 2288	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1528 wrote to memory of 2288	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 1528 wrote to memory of 2512	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 1528 wrote to memory of 2512	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 1528 wrote to memory of 2000	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 1528 wrote to memory of 2000	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 1528 wrote to memory of 3788	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	126
PID 1528 wrote to memory of 3788	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	126
PID 1528 wrote to memory of 1200	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	127
PID 1528 wrote to memory of 1200	1528	2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	127

C:\Users\Admin\AppData\Local\Temp\2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_54f377459ccfa4f0f02063f6f5763d91_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\System\IYCnWyN.exe
  C:\Windows\System\IYCnWyN.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\psUPMym.exe
  C:\Windows\System\psUPMym.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\YkHgynV.exe
  C:\Windows\System\YkHgynV.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\VcjiaNT.exe
  C:\Windows\System\VcjiaNT.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\DhvyUOm.exe
  C:\Windows\System\DhvyUOm.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\yklXzMM.exe
  C:\Windows\System\yklXzMM.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\ZUAXsiq.exe
  C:\Windows\System\ZUAXsiq.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\pGPPiix.exe
  C:\Windows\System\pGPPiix.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\wTAxFia.exe
  C:\Windows\System\wTAxFia.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\zcNRtDr.exe
  C:\Windows\System\zcNRtDr.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\sksBSsE.exe
  C:\Windows\System\sksBSsE.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\uXRGOwJ.exe
  C:\Windows\System\uXRGOwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\DAikKgk.exe
  C:\Windows\System\DAikKgk.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\avGgRSQ.exe
  C:\Windows\System\avGgRSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\TKNZrPf.exe
  C:\Windows\System\TKNZrPf.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\TOFqrot.exe
  C:\Windows\System\TOFqrot.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mcGvUXl.exe
  C:\Windows\System\mcGvUXl.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\ybWnhyL.exe
  C:\Windows\System\ybWnhyL.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\xmErIsU.exe
  C:\Windows\System\xmErIsU.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\DBnzOup.exe
  C:\Windows\System\DBnzOup.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\jwRAHuV.exe
  C:\Windows\System\jwRAHuV.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\qNpcLCO.exe
  C:\Windows\System\qNpcLCO.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\oPgyDvx.exe
  C:\Windows\System\oPgyDvx.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\zUORiSD.exe
  C:\Windows\System\zUORiSD.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\DPeSviT.exe
  C:\Windows\System\DPeSviT.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\AGhmAdF.exe
  C:\Windows\System\AGhmAdF.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\NVoKdhk.exe
  C:\Windows\System\NVoKdhk.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\ovMieDH.exe
  C:\Windows\System\ovMieDH.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\SiChlIL.exe
  C:\Windows\System\SiChlIL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\OCVpaTL.exe
  C:\Windows\System\OCVpaTL.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\fiZrQOV.exe
  C:\Windows\System\fiZrQOV.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\ZSLDYnU.exe
  C:\Windows\System\ZSLDYnU.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\edwdDku.exe
  C:\Windows\System\edwdDku.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\UbCUquD.exe
  C:\Windows\System\UbCUquD.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\QvUrlrT.exe
  C:\Windows\System\QvUrlrT.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\KfQRNdE.exe
  C:\Windows\System\KfQRNdE.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\PMKKFNM.exe
  C:\Windows\System\PMKKFNM.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\kDinemo.exe
  C:\Windows\System\kDinemo.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\VMvJsGo.exe
  C:\Windows\System\VMvJsGo.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\JPVLlbE.exe
  C:\Windows\System\JPVLlbE.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\VEMqVQY.exe
  C:\Windows\System\VEMqVQY.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\dzoBHtM.exe
  C:\Windows\System\dzoBHtM.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\KjTFtqY.exe
  C:\Windows\System\KjTFtqY.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\MrvRXUp.exe
  C:\Windows\System\MrvRXUp.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\LRsAAMI.exe
  C:\Windows\System\LRsAAMI.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\VmQFIDd.exe
  C:\Windows\System\VmQFIDd.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\rkRSXcA.exe
  C:\Windows\System\rkRSXcA.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\qgOsTDa.exe
  C:\Windows\System\qgOsTDa.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\zRJXcdT.exe
  C:\Windows\System\zRJXcdT.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\Juxnumv.exe
  C:\Windows\System\Juxnumv.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\YadCCMV.exe
  C:\Windows\System\YadCCMV.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\XlfgoqA.exe
  C:\Windows\System\XlfgoqA.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\EuWPbYH.exe
  C:\Windows\System\EuWPbYH.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\XBRBYzZ.exe
  C:\Windows\System\XBRBYzZ.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\pUntDjS.exe
  C:\Windows\System\pUntDjS.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\tJAAfKJ.exe
  C:\Windows\System\tJAAfKJ.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\TPBveCe.exe
  C:\Windows\System\TPBveCe.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\uHZHecR.exe
  C:\Windows\System\uHZHecR.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\irnczEC.exe
  C:\Windows\System\irnczEC.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\VCVWiaL.exe
  C:\Windows\System\VCVWiaL.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ZIokxnZ.exe
  C:\Windows\System\ZIokxnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\aWgniwr.exe
  C:\Windows\System\aWgniwr.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\OEHtfvu.exe
  C:\Windows\System\OEHtfvu.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\EIaHkum.exe
  C:\Windows\System\EIaHkum.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\zcitOSK.exe
  C:\Windows\System\zcitOSK.exe
  2⤵
  PID:5132
- C:\Windows\System\KKeQvCq.exe
  C:\Windows\System\KKeQvCq.exe
  2⤵
  PID:5164
- C:\Windows\System\SnGNuig.exe
  C:\Windows\System\SnGNuig.exe
  2⤵
  PID:5216
- C:\Windows\System\somcema.exe
  C:\Windows\System\somcema.exe
  2⤵
  PID:5280
- C:\Windows\System\leCcbbL.exe
  C:\Windows\System\leCcbbL.exe
  2⤵
  PID:5344
- C:\Windows\System\wFhmffs.exe
  C:\Windows\System\wFhmffs.exe
  2⤵
  PID:5384
- C:\Windows\System\dFNlNav.exe
  C:\Windows\System\dFNlNav.exe
  2⤵
  PID:5400
- C:\Windows\System\NDLUsJP.exe
  C:\Windows\System\NDLUsJP.exe
  2⤵
  PID:5448
- C:\Windows\System\FUPUEvd.exe
  C:\Windows\System\FUPUEvd.exe
  2⤵
  PID:5480
- C:\Windows\System\TvpIiLU.exe
  C:\Windows\System\TvpIiLU.exe
  2⤵
  PID:5512
- C:\Windows\System\unariaB.exe
  C:\Windows\System\unariaB.exe
  2⤵
  PID:5536
- C:\Windows\System\cUGMWBl.exe
  C:\Windows\System\cUGMWBl.exe
  2⤵
  PID:5564
- C:\Windows\System\lMYLMDq.exe
  C:\Windows\System\lMYLMDq.exe
  2⤵
  PID:5596
- C:\Windows\System\WwJTqZF.exe
  C:\Windows\System\WwJTqZF.exe
  2⤵
  PID:5620
- C:\Windows\System\zicyAlB.exe
  C:\Windows\System\zicyAlB.exe
  2⤵
  PID:5648
- C:\Windows\System\URCGvfn.exe
  C:\Windows\System\URCGvfn.exe
  2⤵
  PID:5676
- C:\Windows\System\QaAioJl.exe
  C:\Windows\System\QaAioJl.exe
  2⤵
  PID:5704
- C:\Windows\System\zoHYzzn.exe
  C:\Windows\System\zoHYzzn.exe
  2⤵
  PID:5736
- C:\Windows\System\osXClVj.exe
  C:\Windows\System\osXClVj.exe
  2⤵
  PID:5768
- C:\Windows\System\DCyEvum.exe
  C:\Windows\System\DCyEvum.exe
  2⤵
  PID:5796
- C:\Windows\System\ouSFwOE.exe
  C:\Windows\System\ouSFwOE.exe
  2⤵
  PID:5828
- C:\Windows\System\QFglaWB.exe
  C:\Windows\System\QFglaWB.exe
  2⤵
  PID:5848
- C:\Windows\System\sgImTYd.exe
  C:\Windows\System\sgImTYd.exe
  2⤵
  PID:5888
- C:\Windows\System\KGEvbRt.exe
  C:\Windows\System\KGEvbRt.exe
  2⤵
  PID:5908
- C:\Windows\System\AMMviGu.exe
  C:\Windows\System\AMMviGu.exe
  2⤵
  PID:5944
- C:\Windows\System\BchuGmK.exe
  C:\Windows\System\BchuGmK.exe
  2⤵
  PID:5968
- C:\Windows\System\XqVaVEU.exe
  C:\Windows\System\XqVaVEU.exe
  2⤵
  PID:6000
- C:\Windows\System\aYkfWvm.exe
  C:\Windows\System\aYkfWvm.exe
  2⤵
  PID:6020
- C:\Windows\System\zgykGPs.exe
  C:\Windows\System\zgykGPs.exe
  2⤵
  PID:6052
- C:\Windows\System\WnvWUVH.exe
  C:\Windows\System\WnvWUVH.exe
  2⤵
  PID:6080
- C:\Windows\System\eNSVRqI.exe
  C:\Windows\System\eNSVRqI.exe
  2⤵
  PID:6112
- C:\Windows\System\lqmCTKs.exe
  C:\Windows\System\lqmCTKs.exe
  2⤵
  PID:6136
- C:\Windows\System\VpRFTKO.exe
  C:\Windows\System\VpRFTKO.exe
  2⤵
  PID:5208
- C:\Windows\System\DbnfaJX.exe
  C:\Windows\System\DbnfaJX.exe
  2⤵
  PID:5304
- C:\Windows\System\vTWmGcG.exe
  C:\Windows\System\vTWmGcG.exe
  2⤵
  PID:4896
- C:\Windows\System\ofNotPf.exe
  C:\Windows\System\ofNotPf.exe
  2⤵
  PID:5456
- C:\Windows\System\FgLFHbP.exe
  C:\Windows\System\FgLFHbP.exe
  2⤵
  PID:5508
- C:\Windows\System\OElrnCD.exe
  C:\Windows\System\OElrnCD.exe
  2⤵
  PID:5556
- C:\Windows\System\abgePZn.exe
  C:\Windows\System\abgePZn.exe
  2⤵
  PID:2872
- C:\Windows\System\VlQeMgG.exe
  C:\Windows\System\VlQeMgG.exe
  2⤵
  PID:1580
- C:\Windows\System\QYQMqpo.exe
  C:\Windows\System\QYQMqpo.exe
  2⤵
  PID:2968
- C:\Windows\System\ApuAIur.exe
  C:\Windows\System\ApuAIur.exe
  2⤵
  PID:4536
- C:\Windows\System\DuWDkxb.exe
  C:\Windows\System\DuWDkxb.exe
  2⤵
  PID:2992
- C:\Windows\System\gawemdx.exe
  C:\Windows\System\gawemdx.exe
  2⤵
  PID:5628
- C:\Windows\System\NntxoKS.exe
  C:\Windows\System\NntxoKS.exe
  2⤵
  PID:5712
- C:\Windows\System\SCMuEhn.exe
  C:\Windows\System\SCMuEhn.exe
  2⤵
  PID:5780
- C:\Windows\System\bsSkRMB.exe
  C:\Windows\System\bsSkRMB.exe
  2⤵
  PID:5856
- C:\Windows\System\ebAlvMC.exe
  C:\Windows\System\ebAlvMC.exe
  2⤵
  PID:5900
- C:\Windows\System\dAlokRy.exe
  C:\Windows\System\dAlokRy.exe
  2⤵
  PID:5976
- C:\Windows\System\PEhWOhe.exe
  C:\Windows\System\PEhWOhe.exe
  2⤵
  PID:3584
- C:\Windows\System\cyYfxbh.exe
  C:\Windows\System\cyYfxbh.exe
  2⤵
  PID:6108
- C:\Windows\System\KWwTWYb.exe
  C:\Windows\System\KWwTWYb.exe
  2⤵
  PID:5160
- C:\Windows\System\YMNkNgE.exe
  C:\Windows\System\YMNkNgE.exe
  2⤵
  PID:5372
- C:\Windows\System\kZdXtVM.exe
  C:\Windows\System\kZdXtVM.exe
  2⤵
  PID:4168
- C:\Windows\System\zDLZjIk.exe
  C:\Windows\System\zDLZjIk.exe
  2⤵
  PID:4272
- C:\Windows\System\xdaQejn.exe
  C:\Windows\System\xdaQejn.exe
  2⤵
  PID:3604
- C:\Windows\System\OXsrLly.exe
  C:\Windows\System\OXsrLly.exe
  2⤵
  PID:5576
- C:\Windows\System\dgyDAbQ.exe
  C:\Windows\System\dgyDAbQ.exe
  2⤵
  PID:5744
- C:\Windows\System\vIyjbIh.exe
  C:\Windows\System\vIyjbIh.exe
  2⤵
  PID:5868
- C:\Windows\System\hRZhlZQ.exe
  C:\Windows\System\hRZhlZQ.exe
  2⤵
  PID:6048
- C:\Windows\System\WXstlJG.exe
  C:\Windows\System\WXstlJG.exe
  2⤵
  PID:3124
- C:\Windows\System\XmvgHJd.exe
  C:\Windows\System\XmvgHJd.exe
  2⤵
  PID:3524
- C:\Windows\System\NAawEQd.exe
  C:\Windows\System\NAawEQd.exe
  2⤵
  PID:5724
- C:\Windows\System\boGfDRw.exe
  C:\Windows\System\boGfDRw.exe
  2⤵
  PID:5924
- C:\Windows\System\txyNPGp.exe
  C:\Windows\System\txyNPGp.exe
  2⤵
  PID:4776
- C:\Windows\System\OMjRJAb.exe
  C:\Windows\System\OMjRJAb.exe
  2⤵
  PID:4088
- C:\Windows\System\WgHOpCX.exe
  C:\Windows\System\WgHOpCX.exe
  2⤵
  PID:6160
- C:\Windows\System\iwRYvBV.exe
  C:\Windows\System\iwRYvBV.exe
  2⤵
  PID:6196
- C:\Windows\System\eykrRVI.exe
  C:\Windows\System\eykrRVI.exe
  2⤵
  PID:6220
- C:\Windows\System\aGqQZiL.exe
  C:\Windows\System\aGqQZiL.exe
  2⤵
  PID:6248
- C:\Windows\System\xbDWTYH.exe
  C:\Windows\System\xbDWTYH.exe
  2⤵
  PID:6284
- C:\Windows\System\Kilhtcq.exe
  C:\Windows\System\Kilhtcq.exe
  2⤵
  PID:6316
- C:\Windows\System\WerxMgi.exe
  C:\Windows\System\WerxMgi.exe
  2⤵
  PID:6352
- C:\Windows\System\plczuph.exe
  C:\Windows\System\plczuph.exe
  2⤵
  PID:6380
- C:\Windows\System\dlPaJVW.exe
  C:\Windows\System\dlPaJVW.exe
  2⤵
  PID:6408
- C:\Windows\System\aRLAfkz.exe
  C:\Windows\System\aRLAfkz.exe
  2⤵
  PID:6436
- C:\Windows\System\cLwGiPk.exe
  C:\Windows\System\cLwGiPk.exe
  2⤵
  PID:6456
- C:\Windows\System\RycYRnd.exe
  C:\Windows\System\RycYRnd.exe
  2⤵
  PID:6496
- C:\Windows\System\TXvweaM.exe
  C:\Windows\System\TXvweaM.exe
  2⤵
  PID:6524
- C:\Windows\System\jjyPTIh.exe
  C:\Windows\System\jjyPTIh.exe
  2⤵
  PID:6552
- C:\Windows\System\yDGwdjT.exe
  C:\Windows\System\yDGwdjT.exe
  2⤵
  PID:6580
- C:\Windows\System\SfbFVhO.exe
  C:\Windows\System\SfbFVhO.exe
  2⤵
  PID:6608
- C:\Windows\System\dChFGzo.exe
  C:\Windows\System\dChFGzo.exe
  2⤵
  PID:6636
- C:\Windows\System\iwucaFl.exe
  C:\Windows\System\iwucaFl.exe
  2⤵
  PID:6668
- C:\Windows\System\XrSLhzA.exe
  C:\Windows\System\XrSLhzA.exe
  2⤵
  PID:6692
- C:\Windows\System\hiqsnvq.exe
  C:\Windows\System\hiqsnvq.exe
  2⤵
  PID:6720
- C:\Windows\System\oWdBaal.exe
  C:\Windows\System\oWdBaal.exe
  2⤵
  PID:6748
- C:\Windows\System\nwtkZNv.exe
  C:\Windows\System\nwtkZNv.exe
  2⤵
  PID:6776
- C:\Windows\System\dbbqOlH.exe
  C:\Windows\System\dbbqOlH.exe
  2⤵
  PID:6804
- C:\Windows\System\vlXCDRj.exe
  C:\Windows\System\vlXCDRj.exe
  2⤵
  PID:6836
- C:\Windows\System\DfaZloh.exe
  C:\Windows\System\DfaZloh.exe
  2⤵
  PID:6864
- C:\Windows\System\MGQNcys.exe
  C:\Windows\System\MGQNcys.exe
  2⤵
  PID:6896
- C:\Windows\System\epqLMkd.exe
  C:\Windows\System\epqLMkd.exe
  2⤵
  PID:6924
- C:\Windows\System\VyelsNj.exe
  C:\Windows\System\VyelsNj.exe
  2⤵
  PID:6952
- C:\Windows\System\hBUlHkT.exe
  C:\Windows\System\hBUlHkT.exe
  2⤵
  PID:6976
- C:\Windows\System\zBvSRTR.exe
  C:\Windows\System\zBvSRTR.exe
  2⤵
  PID:7004
- C:\Windows\System\QXkGWbh.exe
  C:\Windows\System\QXkGWbh.exe
  2⤵
  PID:7028
- C:\Windows\System\TWjmqmc.exe
  C:\Windows\System\TWjmqmc.exe
  2⤵
  PID:7060
- C:\Windows\System\zuCFaTK.exe
  C:\Windows\System\zuCFaTK.exe
  2⤵
  PID:7088
- C:\Windows\System\iQrpTEd.exe
  C:\Windows\System\iQrpTEd.exe
  2⤵
  PID:7116
- C:\Windows\System\EsCTldL.exe
  C:\Windows\System\EsCTldL.exe
  2⤵
  PID:7148
- C:\Windows\System\UTABFOJ.exe
  C:\Windows\System\UTABFOJ.exe
  2⤵
  PID:7164
- C:\Windows\System\sztlwjA.exe
  C:\Windows\System\sztlwjA.exe
  2⤵
  PID:3640
- C:\Windows\System\rORtniJ.exe
  C:\Windows\System\rORtniJ.exe
  2⤵
  PID:6264
- C:\Windows\System\qwwwVBP.exe
  C:\Windows\System\qwwwVBP.exe
  2⤵
  PID:1560
- C:\Windows\System\RbeXdEC.exe
  C:\Windows\System\RbeXdEC.exe
  2⤵
  PID:4684
- C:\Windows\System\JboaPEy.exe
  C:\Windows\System\JboaPEy.exe
  2⤵
  PID:6300
- C:\Windows\System\YiGJKcF.exe
  C:\Windows\System\YiGJKcF.exe
  2⤵
  PID:6344
- C:\Windows\System\dohKngJ.exe
  C:\Windows\System\dohKngJ.exe
  2⤵
  PID:6416
- C:\Windows\System\fKACWvw.exe
  C:\Windows\System\fKACWvw.exe
  2⤵
  PID:6476
- C:\Windows\System\rSzzIOY.exe
  C:\Windows\System\rSzzIOY.exe
  2⤵
  PID:6560
- C:\Windows\System\AYxlelz.exe
  C:\Windows\System\AYxlelz.exe
  2⤵
  PID:6624
- C:\Windows\System\eJabCYH.exe
  C:\Windows\System\eJabCYH.exe
  2⤵
  PID:6700
- C:\Windows\System\uhwJZia.exe
  C:\Windows\System\uhwJZia.exe
  2⤵
  PID:6760
- C:\Windows\System\ytxhwAi.exe
  C:\Windows\System\ytxhwAi.exe
  2⤵
  PID:6824
- C:\Windows\System\NlLENdy.exe
  C:\Windows\System\NlLENdy.exe
  2⤵
  PID:6904
- C:\Windows\System\VAxaeyi.exe
  C:\Windows\System\VAxaeyi.exe
  2⤵
  PID:4284
- C:\Windows\System\Bbvjjbc.exe
  C:\Windows\System\Bbvjjbc.exe
  2⤵
  PID:7016
- C:\Windows\System\MsAjwNQ.exe
  C:\Windows\System\MsAjwNQ.exe
  2⤵
  PID:7080
- C:\Windows\System\vQiTZxd.exe
  C:\Windows\System\vQiTZxd.exe
  2⤵
  PID:7136
- C:\Windows\System\hILlrMN.exe
  C:\Windows\System\hILlrMN.exe
  2⤵
  PID:6232
- C:\Windows\System\qNuvFOf.exe
  C:\Windows\System\qNuvFOf.exe
  2⤵
  PID:1352
- C:\Windows\System\SgAXztd.exe
  C:\Windows\System\SgAXztd.exe
  2⤵
  PID:6392
- C:\Windows\System\VhJXGQP.exe
  C:\Windows\System\VhJXGQP.exe
  2⤵
  PID:6536
- C:\Windows\System\NqbSsQI.exe
  C:\Windows\System\NqbSsQI.exe
  2⤵
  PID:6712
- C:\Windows\System\AzKmRFW.exe
  C:\Windows\System\AzKmRFW.exe
  2⤵
  PID:6852
- C:\Windows\System\XBumzJL.exe
  C:\Windows\System\XBumzJL.exe
  2⤵
  PID:6984
- C:\Windows\System\biFTFyH.exe
  C:\Windows\System\biFTFyH.exe
  2⤵
  PID:7124
- C:\Windows\System\ADjjPZX.exe
  C:\Windows\System\ADjjPZX.exe
  2⤵
  PID:2324
- C:\Windows\System\mxOrSrs.exe
  C:\Windows\System\mxOrSrs.exe
  2⤵
  PID:6620
- C:\Windows\System\LZXXHLP.exe
  C:\Windows\System\LZXXHLP.exe
  2⤵
  PID:6916
- C:\Windows\System\ASmHewu.exe
  C:\Windows\System\ASmHewu.exe
  2⤵
  PID:6148
- C:\Windows\System\XWVCnHi.exe
  C:\Windows\System\XWVCnHi.exe
  2⤵
  PID:6796
- C:\Windows\System\YpjjMXQ.exe
  C:\Windows\System\YpjjMXQ.exe
  2⤵
  PID:7036
- C:\Windows\System\oltMzFJ.exe
  C:\Windows\System\oltMzFJ.exe
  2⤵
  PID:7180
- C:\Windows\System\RZFvChV.exe
  C:\Windows\System\RZFvChV.exe
  2⤵
  PID:7208
- C:\Windows\System\qerMNLW.exe
  C:\Windows\System\qerMNLW.exe
  2⤵
  PID:7232
- C:\Windows\System\kDSOvrC.exe
  C:\Windows\System\kDSOvrC.exe
  2⤵
  PID:7256
- C:\Windows\System\PKSEbCb.exe
  C:\Windows\System\PKSEbCb.exe
  2⤵
  PID:7288
- C:\Windows\System\kwlCGbT.exe
  C:\Windows\System\kwlCGbT.exe
  2⤵
  PID:7320
- C:\Windows\System\EujRLYL.exe
  C:\Windows\System\EujRLYL.exe
  2⤵
  PID:7340
- C:\Windows\System\cFlKWYD.exe
  C:\Windows\System\cFlKWYD.exe
  2⤵
  PID:7368
- C:\Windows\System\KFHNTav.exe
  C:\Windows\System\KFHNTav.exe
  2⤵
  PID:7396
- C:\Windows\System\wQAEaal.exe
  C:\Windows\System\wQAEaal.exe
  2⤵
  PID:7424
- C:\Windows\System\rIZwTrD.exe
  C:\Windows\System\rIZwTrD.exe
  2⤵
  PID:7452
- C:\Windows\System\mZNbbYD.exe
  C:\Windows\System\mZNbbYD.exe
  2⤵
  PID:7480
- C:\Windows\System\gjthKiV.exe
  C:\Windows\System\gjthKiV.exe
  2⤵
  PID:7508
- C:\Windows\System\xKPOmUj.exe
  C:\Windows\System\xKPOmUj.exe
  2⤵
  PID:7536
- C:\Windows\System\DnIBOtQ.exe
  C:\Windows\System\DnIBOtQ.exe
  2⤵
  PID:7564
- C:\Windows\System\NoiFqKW.exe
  C:\Windows\System\NoiFqKW.exe
  2⤵
  PID:7592
- C:\Windows\System\TpWOCKz.exe
  C:\Windows\System\TpWOCKz.exe
  2⤵
  PID:7620
- C:\Windows\System\NZQBNOJ.exe
  C:\Windows\System\NZQBNOJ.exe
  2⤵
  PID:7648
- C:\Windows\System\BWrkUvz.exe
  C:\Windows\System\BWrkUvz.exe
  2⤵
  PID:7676
- C:\Windows\System\apBaFlx.exe
  C:\Windows\System\apBaFlx.exe
  2⤵
  PID:7704
- C:\Windows\System\lfVxtSz.exe
  C:\Windows\System\lfVxtSz.exe
  2⤵
  PID:7732
- C:\Windows\System\lIRqHXE.exe
  C:\Windows\System\lIRqHXE.exe
  2⤵
  PID:7760
- C:\Windows\System\CJfmdhf.exe
  C:\Windows\System\CJfmdhf.exe
  2⤵
  PID:7788
- C:\Windows\System\MBdWRZV.exe
  C:\Windows\System\MBdWRZV.exe
  2⤵
  PID:7816
- C:\Windows\System\sLenWuw.exe
  C:\Windows\System\sLenWuw.exe
  2⤵
  PID:7844
- C:\Windows\System\aLnafMP.exe
  C:\Windows\System\aLnafMP.exe
  2⤵
  PID:7872
- C:\Windows\System\CBzpqTf.exe
  C:\Windows\System\CBzpqTf.exe
  2⤵
  PID:7900
- C:\Windows\System\hgmiRzi.exe
  C:\Windows\System\hgmiRzi.exe
  2⤵
  PID:7928
- C:\Windows\System\FRFYzCi.exe
  C:\Windows\System\FRFYzCi.exe
  2⤵
  PID:7956
- C:\Windows\System\YmmhjZt.exe
  C:\Windows\System\YmmhjZt.exe
  2⤵
  PID:7984
- C:\Windows\System\ETEKbgT.exe
  C:\Windows\System\ETEKbgT.exe
  2⤵
  PID:8012
- C:\Windows\System\ZuomptW.exe
  C:\Windows\System\ZuomptW.exe
  2⤵
  PID:8040
- C:\Windows\System\hpEmaUQ.exe
  C:\Windows\System\hpEmaUQ.exe
  2⤵
  PID:8068
- C:\Windows\System\vzFNWdt.exe
  C:\Windows\System\vzFNWdt.exe
  2⤵
  PID:8104
- C:\Windows\System\tuVGxQg.exe
  C:\Windows\System\tuVGxQg.exe
  2⤵
  PID:8124
- C:\Windows\System\jIcetDe.exe
  C:\Windows\System\jIcetDe.exe
  2⤵
  PID:8164
- C:\Windows\System\FsdYqNa.exe
  C:\Windows\System\FsdYqNa.exe
  2⤵
  PID:8180
- C:\Windows\System\kjoKXvX.exe
  C:\Windows\System\kjoKXvX.exe
  2⤵
  PID:7216
- C:\Windows\System\eorHuEI.exe
  C:\Windows\System\eorHuEI.exe
  2⤵
  PID:7308
- C:\Windows\System\kckYGPA.exe
  C:\Windows\System\kckYGPA.exe
  2⤵
  PID:7380
- C:\Windows\System\GlWxZEG.exe
  C:\Windows\System\GlWxZEG.exe
  2⤵
  PID:7444
- C:\Windows\System\EthGFwV.exe
  C:\Windows\System\EthGFwV.exe
  2⤵
  PID:7504
- C:\Windows\System\rrzItyb.exe
  C:\Windows\System\rrzItyb.exe
  2⤵
  PID:7616
- C:\Windows\System\DVVFxMf.exe
  C:\Windows\System\DVVFxMf.exe
  2⤵
  PID:7696
- C:\Windows\System\OfJimio.exe
  C:\Windows\System\OfJimio.exe
  2⤵
  PID:7756
- C:\Windows\System\QMqCjeH.exe
  C:\Windows\System\QMqCjeH.exe
  2⤵
  PID:7812
- C:\Windows\System\gEdwuoF.exe
  C:\Windows\System\gEdwuoF.exe
  2⤵
  PID:7888
- C:\Windows\System\dxwNSrI.exe
  C:\Windows\System\dxwNSrI.exe
  2⤵
  PID:7948
- C:\Windows\System\hSajzQk.exe
  C:\Windows\System\hSajzQk.exe
  2⤵
  PID:8008
- C:\Windows\System\emwrwFY.exe
  C:\Windows\System\emwrwFY.exe
  2⤵
  PID:8080
- C:\Windows\System\XyfSveC.exe
  C:\Windows\System\XyfSveC.exe
  2⤵
  PID:8144
- C:\Windows\System\EwQPauz.exe
  C:\Windows\System\EwQPauz.exe
  2⤵
  PID:7192
- C:\Windows\System\KcMfXjN.exe
  C:\Windows\System\KcMfXjN.exe
  2⤵
  PID:3660
- C:\Windows\System\sDjvUtw.exe
  C:\Windows\System\sDjvUtw.exe
  2⤵
  PID:7412
- C:\Windows\System\OUYbvcC.exe
  C:\Windows\System\OUYbvcC.exe
  2⤵
  PID:7612
- C:\Windows\System\UZVyJdN.exe
  C:\Windows\System\UZVyJdN.exe
  2⤵
  PID:7780
- C:\Windows\System\azaFwoD.exe
  C:\Windows\System\azaFwoD.exe
  2⤵
  PID:7916
- C:\Windows\System\qvGvfMP.exe
  C:\Windows\System\qvGvfMP.exe
  2⤵
  PID:8060
- C:\Windows\System\BGwQrLc.exe
  C:\Windows\System\BGwQrLc.exe
  2⤵
  PID:8176
- C:\Windows\System\JkcALme.exe
  C:\Windows\System\JkcALme.exe
  2⤵
  PID:7364
- C:\Windows\System\qJFdZtv.exe
  C:\Windows\System\qJFdZtv.exe
  2⤵
  PID:7868
- C:\Windows\System\yBnHKCG.exe
  C:\Windows\System\yBnHKCG.exe
  2⤵
  PID:8052
- C:\Windows\System\ToMhJXN.exe
  C:\Windows\System\ToMhJXN.exe
  2⤵
  PID:7360
- C:\Windows\System\FdtFpsM.exe
  C:\Windows\System\FdtFpsM.exe
  2⤵
  PID:1716
- C:\Windows\System\jNjUkGS.exe
  C:\Windows\System\jNjUkGS.exe
  2⤵
  PID:8004
- C:\Windows\System\ZThAjvx.exe
  C:\Windows\System\ZThAjvx.exe
  2⤵
  PID:8220
- C:\Windows\System\uKtFVCh.exe
  C:\Windows\System\uKtFVCh.exe
  2⤵
  PID:8248
- C:\Windows\System\tzuxDHM.exe
  C:\Windows\System\tzuxDHM.exe
  2⤵
  PID:8292
- C:\Windows\System\tCAPWDq.exe
  C:\Windows\System\tCAPWDq.exe
  2⤵
  PID:8308
- C:\Windows\System\JzPeaBf.exe
  C:\Windows\System\JzPeaBf.exe
  2⤵
  PID:8336
- C:\Windows\System\TDRMAbH.exe
  C:\Windows\System\TDRMAbH.exe
  2⤵
  PID:8364
- C:\Windows\System\auKPtEo.exe
  C:\Windows\System\auKPtEo.exe
  2⤵
  PID:8392
- C:\Windows\System\eEnIgBo.exe
  C:\Windows\System\eEnIgBo.exe
  2⤵
  PID:8420
- C:\Windows\System\fQNpFyp.exe
  C:\Windows\System\fQNpFyp.exe
  2⤵
  PID:8448
- C:\Windows\System\PisqnPb.exe
  C:\Windows\System\PisqnPb.exe
  2⤵
  PID:8476
- C:\Windows\System\EjNsQcs.exe
  C:\Windows\System\EjNsQcs.exe
  2⤵
  PID:8504
- C:\Windows\System\AHwUSCu.exe
  C:\Windows\System\AHwUSCu.exe
  2⤵
  PID:8536
- C:\Windows\System\nfkyMGH.exe
  C:\Windows\System\nfkyMGH.exe
  2⤵
  PID:8564
- C:\Windows\System\BmRbHcB.exe
  C:\Windows\System\BmRbHcB.exe
  2⤵
  PID:8592
- C:\Windows\System\BPOAbEd.exe
  C:\Windows\System\BPOAbEd.exe
  2⤵
  PID:8624
- C:\Windows\System\GNAZIFv.exe
  C:\Windows\System\GNAZIFv.exe
  2⤵
  PID:8652
- C:\Windows\System\pkiTiAM.exe
  C:\Windows\System\pkiTiAM.exe
  2⤵
  PID:8680
- C:\Windows\System\VzjXQMt.exe
  C:\Windows\System\VzjXQMt.exe
  2⤵
  PID:8708
- C:\Windows\System\gQsmpyb.exe
  C:\Windows\System\gQsmpyb.exe
  2⤵
  PID:8736
- C:\Windows\System\cWGxoEW.exe
  C:\Windows\System\cWGxoEW.exe
  2⤵
  PID:8764
- C:\Windows\System\qgOhkIj.exe
  C:\Windows\System\qgOhkIj.exe
  2⤵
  PID:8792
- C:\Windows\System\XFMhZMO.exe
  C:\Windows\System\XFMhZMO.exe
  2⤵
  PID:8828
- C:\Windows\System\KZFKoUu.exe
  C:\Windows\System\KZFKoUu.exe
  2⤵
  PID:8856
- C:\Windows\System\iasEvnk.exe
  C:\Windows\System\iasEvnk.exe
  2⤵
  PID:8884
- C:\Windows\System\Pcxulmx.exe
  C:\Windows\System\Pcxulmx.exe
  2⤵
  PID:8912
- C:\Windows\System\nhajrfu.exe
  C:\Windows\System\nhajrfu.exe
  2⤵
  PID:8940
- C:\Windows\System\oBXpQpM.exe
  C:\Windows\System\oBXpQpM.exe
  2⤵
  PID:8968
- C:\Windows\System\NDnITLP.exe
  C:\Windows\System\NDnITLP.exe
  2⤵
  PID:8996
- C:\Windows\System\BupywIw.exe
  C:\Windows\System\BupywIw.exe
  2⤵
  PID:9024
- C:\Windows\System\OxENYRM.exe
  C:\Windows\System\OxENYRM.exe
  2⤵
  PID:9052
- C:\Windows\System\KOgkLnJ.exe
  C:\Windows\System\KOgkLnJ.exe
  2⤵
  PID:9080
- C:\Windows\System\GTLiTga.exe
  C:\Windows\System\GTLiTga.exe
  2⤵
  PID:9108
- C:\Windows\System\sPoNBqB.exe
  C:\Windows\System\sPoNBqB.exe
  2⤵
  PID:9136
- C:\Windows\System\udayIyA.exe
  C:\Windows\System\udayIyA.exe
  2⤵
  PID:9164
- C:\Windows\System\nMiBsPy.exe
  C:\Windows\System\nMiBsPy.exe
  2⤵
  PID:9192
- C:\Windows\System\PgorsHz.exe
  C:\Windows\System\PgorsHz.exe
  2⤵
  PID:8204
- C:\Windows\System\XZSSzIH.exe
  C:\Windows\System\XZSSzIH.exe
  2⤵
  PID:8260
- C:\Windows\System\BDcVMBw.exe
  C:\Windows\System\BDcVMBw.exe
  2⤵
  PID:8324
- C:\Windows\System\cjJgbfb.exe
  C:\Windows\System\cjJgbfb.exe
  2⤵
  PID:8376
- C:\Windows\System\hckRAsa.exe
  C:\Windows\System\hckRAsa.exe
  2⤵
  PID:8440
- C:\Windows\System\NJrXIgf.exe
  C:\Windows\System\NJrXIgf.exe
  2⤵
  PID:8500
- C:\Windows\System\QqxTeTu.exe
  C:\Windows\System\QqxTeTu.exe
  2⤵
  PID:8576
- C:\Windows\System\OgNEYKZ.exe
  C:\Windows\System\OgNEYKZ.exe
  2⤵
  PID:8644
- C:\Windows\System\vhHsEtW.exe
  C:\Windows\System\vhHsEtW.exe
  2⤵
  PID:8704
- C:\Windows\System\GdNTxxr.exe
  C:\Windows\System\GdNTxxr.exe
  2⤵
  PID:8780
- C:\Windows\System\pnjefAk.exe
  C:\Windows\System\pnjefAk.exe
  2⤵
  PID:8848
- C:\Windows\System\RxjNjbl.exe
  C:\Windows\System\RxjNjbl.exe
  2⤵
  PID:8908
- C:\Windows\System\VQENInm.exe
  C:\Windows\System\VQENInm.exe
  2⤵
  PID:8984
- C:\Windows\System\GMRjeej.exe
  C:\Windows\System\GMRjeej.exe
  2⤵
  PID:9048
- C:\Windows\System\chglGXZ.exe
  C:\Windows\System\chglGXZ.exe
  2⤵
  PID:9120
- C:\Windows\System\prZrbAY.exe
  C:\Windows\System\prZrbAY.exe
  2⤵
  PID:9160
- C:\Windows\System\gybiuOi.exe
  C:\Windows\System\gybiuOi.exe
  2⤵
  PID:8232
- C:\Windows\System\jpsVnFp.exe
  C:\Windows\System\jpsVnFp.exe
  2⤵
  PID:8304
- C:\Windows\System\hNXoVpx.exe
  C:\Windows\System\hNXoVpx.exe
  2⤵
  PID:8472
- C:\Windows\System\kIGdHrz.exe
  C:\Windows\System\kIGdHrz.exe
  2⤵
  PID:8620
- C:\Windows\System\HWjHSfO.exe
  C:\Windows\System\HWjHSfO.exe
  2⤵
  PID:8760
- C:\Windows\System\hoOrJDb.exe
  C:\Windows\System\hoOrJDb.exe
  2⤵
  PID:8896
- C:\Windows\System\vaufqgb.exe
  C:\Windows\System\vaufqgb.exe
  2⤵
  PID:4872
- C:\Windows\System\JrpOgDs.exe
  C:\Windows\System\JrpOgDs.exe
  2⤵
  PID:9132
- C:\Windows\System\mZuizEE.exe
  C:\Windows\System\mZuizEE.exe
  2⤵
  PID:2564
- C:\Windows\System\Xpllhrs.exe
  C:\Windows\System\Xpllhrs.exe
  2⤵
  PID:8436
- C:\Windows\System\waisGcg.exe
  C:\Windows\System\waisGcg.exe
  2⤵
  PID:8820
- C:\Windows\System\CCUAorj.exe
  C:\Windows\System\CCUAorj.exe
  2⤵
  PID:9100
- C:\Windows\System\JyjLPpK.exe
  C:\Windows\System\JyjLPpK.exe
  2⤵
  PID:8416
- C:\Windows\System\zlDijuO.exe
  C:\Windows\System\zlDijuO.exe
  2⤵
  PID:4932
- C:\Windows\System\ygWsOUT.exe
  C:\Windows\System\ygWsOUT.exe
  2⤵
  PID:9228
- C:\Windows\System\QbddCMr.exe
  C:\Windows\System\QbddCMr.exe
  2⤵
  PID:9260
- C:\Windows\System\GZNiAdB.exe
  C:\Windows\System\GZNiAdB.exe
  2⤵
  PID:9280
- C:\Windows\System\acqVcfZ.exe
  C:\Windows\System\acqVcfZ.exe
  2⤵
  PID:9308
- C:\Windows\System\rcVYEWD.exe
  C:\Windows\System\rcVYEWD.exe
  2⤵
  PID:9336
- C:\Windows\System\oPPjBko.exe
  C:\Windows\System\oPPjBko.exe
  2⤵
  PID:9364
- C:\Windows\System\stVNArA.exe
  C:\Windows\System\stVNArA.exe
  2⤵
  PID:9392
- C:\Windows\System\XbIuvWx.exe
  C:\Windows\System\XbIuvWx.exe
  2⤵
  PID:9420
- C:\Windows\System\AGQaFit.exe
  C:\Windows\System\AGQaFit.exe
  2⤵
  PID:9448
- C:\Windows\System\McFWFSN.exe
  C:\Windows\System\McFWFSN.exe
  2⤵
  PID:9476
- C:\Windows\System\Weuwmsd.exe
  C:\Windows\System\Weuwmsd.exe
  2⤵
  PID:9504
- C:\Windows\System\pQyMHja.exe
  C:\Windows\System\pQyMHja.exe
  2⤵
  PID:9532
- C:\Windows\System\oRYNPka.exe
  C:\Windows\System\oRYNPka.exe
  2⤵
  PID:9560
- C:\Windows\System\xbnBdRi.exe
  C:\Windows\System\xbnBdRi.exe
  2⤵
  PID:9588
- C:\Windows\System\szeCjvH.exe
  C:\Windows\System\szeCjvH.exe
  2⤵
  PID:9616
- C:\Windows\System\mnjlaPA.exe
  C:\Windows\System\mnjlaPA.exe
  2⤵
  PID:9644
- C:\Windows\System\NZElNVe.exe
  C:\Windows\System\NZElNVe.exe
  2⤵
  PID:9672
- C:\Windows\System\DSnaWEq.exe
  C:\Windows\System\DSnaWEq.exe
  2⤵
  PID:9700
- C:\Windows\System\lECArEh.exe
  C:\Windows\System\lECArEh.exe
  2⤵
  PID:9728
- C:\Windows\System\naRuesZ.exe
  C:\Windows\System\naRuesZ.exe
  2⤵
  PID:9756
- C:\Windows\System\LDLRCnF.exe
  C:\Windows\System\LDLRCnF.exe
  2⤵
  PID:9784
- C:\Windows\System\ITSsYWF.exe
  C:\Windows\System\ITSsYWF.exe
  2⤵
  PID:9812
- C:\Windows\System\ztwWiHe.exe
  C:\Windows\System\ztwWiHe.exe
  2⤵
  PID:9856
- C:\Windows\System\pEOuyeb.exe
  C:\Windows\System\pEOuyeb.exe
  2⤵
  PID:9872
- C:\Windows\System\Qhfnnuh.exe
  C:\Windows\System\Qhfnnuh.exe
  2⤵
  PID:9900
- C:\Windows\System\hGvRDVf.exe
  C:\Windows\System\hGvRDVf.exe
  2⤵
  PID:9928
- C:\Windows\System\qrrYeUA.exe
  C:\Windows\System\qrrYeUA.exe
  2⤵
  PID:9956
- C:\Windows\System\CehlbTm.exe
  C:\Windows\System\CehlbTm.exe
  2⤵
  PID:9984
- C:\Windows\System\euDVJuy.exe
  C:\Windows\System\euDVJuy.exe
  2⤵
  PID:10016
- C:\Windows\System\jQpFLIn.exe
  C:\Windows\System\jQpFLIn.exe
  2⤵
  PID:10044
- C:\Windows\System\KzLjUrb.exe
  C:\Windows\System\KzLjUrb.exe
  2⤵
  PID:10072
- C:\Windows\System\TtltXru.exe
  C:\Windows\System\TtltXru.exe
  2⤵
  PID:10100
- C:\Windows\System\YlIMTPj.exe
  C:\Windows\System\YlIMTPj.exe
  2⤵
  PID:10128
- C:\Windows\System\ITGgwBX.exe
  C:\Windows\System\ITGgwBX.exe
  2⤵
  PID:10156
- C:\Windows\System\GqemOKw.exe
  C:\Windows\System\GqemOKw.exe
  2⤵
  PID:10184
- C:\Windows\System\eRWjzVK.exe
  C:\Windows\System\eRWjzVK.exe
  2⤵
  PID:10212
- C:\Windows\System\GtEuarg.exe
  C:\Windows\System\GtEuarg.exe
  2⤵
  PID:9224
- C:\Windows\System\MbTCOCn.exe
  C:\Windows\System\MbTCOCn.exe
  2⤵
  PID:9276
- C:\Windows\System\XZsHEYN.exe
  C:\Windows\System\XZsHEYN.exe
  2⤵
  PID:9352
- C:\Windows\System\ofkEuBe.exe
  C:\Windows\System\ofkEuBe.exe
  2⤵
  PID:9412
- C:\Windows\System\kSXQpLf.exe
  C:\Windows\System\kSXQpLf.exe
  2⤵
  PID:9472
- C:\Windows\System\eKgQyaC.exe
  C:\Windows\System\eKgQyaC.exe
  2⤵
  PID:9544
- C:\Windows\System\FFkpNwE.exe
  C:\Windows\System\FFkpNwE.exe
  2⤵
  PID:9608
- C:\Windows\System\svdKGXp.exe
  C:\Windows\System\svdKGXp.exe
  2⤵
  PID:9668
- C:\Windows\System\ToMMixg.exe
  C:\Windows\System\ToMMixg.exe
  2⤵
  PID:9744
- C:\Windows\System\BqOPWma.exe
  C:\Windows\System\BqOPWma.exe
  2⤵
  PID:9804
- C:\Windows\System\ScbNWlO.exe
  C:\Windows\System\ScbNWlO.exe
  2⤵
  PID:9868
- C:\Windows\System\REFSkfr.exe
  C:\Windows\System\REFSkfr.exe
  2⤵
  PID:9944
- C:\Windows\System\CWZNejs.exe
  C:\Windows\System\CWZNejs.exe
  2⤵
  PID:10008
- C:\Windows\System\npJXXPp.exe
  C:\Windows\System\npJXXPp.exe
  2⤵
  PID:10068
- C:\Windows\System\kIECVnL.exe
  C:\Windows\System\kIECVnL.exe
  2⤵
  PID:10144
- C:\Windows\System\qZzlVhj.exe
  C:\Windows\System\qZzlVhj.exe
  2⤵
  PID:10204
- C:\Windows\System\FViarXV.exe
  C:\Windows\System\FViarXV.exe
  2⤵
  PID:9272
- C:\Windows\System\kEmqStQ.exe
  C:\Windows\System\kEmqStQ.exe
  2⤵
  PID:9440
- C:\Windows\System\BrhedkU.exe
  C:\Windows\System\BrhedkU.exe
  2⤵
  PID:9584
- C:\Windows\System\SAYzSDk.exe
  C:\Windows\System\SAYzSDk.exe
  2⤵
  PID:9724
- C:\Windows\System\gzhTOgV.exe
  C:\Windows\System\gzhTOgV.exe
  2⤵
  PID:9916
- C:\Windows\System\rRAPRGz.exe
  C:\Windows\System\rRAPRGz.exe
  2⤵
  PID:10056
- C:\Windows\System\pzugBIe.exe
  C:\Windows\System\pzugBIe.exe
  2⤵
  PID:9236
- C:\Windows\System\QiTSwfB.exe
  C:\Windows\System\QiTSwfB.exe
  2⤵
  PID:9500
- C:\Windows\System\mySznrU.exe
  C:\Windows\System\mySznrU.exe
  2⤵
  PID:9836
- C:\Windows\System\eQzGouc.exe
  C:\Windows\System\eQzGouc.exe
  2⤵
  PID:9244
- C:\Windows\System\fIbbDwc.exe
  C:\Windows\System\fIbbDwc.exe
  2⤵
  PID:10004
- C:\Windows\System\XRbcPuH.exe
  C:\Windows\System\XRbcPuH.exe
  2⤵
  PID:9852
- C:\Windows\System\FyJtkUG.exe
  C:\Windows\System\FyJtkUG.exe
  2⤵
  PID:10268
- C:\Windows\System\wRCYxir.exe
  C:\Windows\System\wRCYxir.exe
  2⤵
  PID:10296
- C:\Windows\System\IYwxRBw.exe
  C:\Windows\System\IYwxRBw.exe
  2⤵
  PID:10324
- C:\Windows\System\SuOVkHh.exe
  C:\Windows\System\SuOVkHh.exe
  2⤵
  PID:10352
- C:\Windows\System\MAAngrj.exe
  C:\Windows\System\MAAngrj.exe
  2⤵
  PID:10380
- C:\Windows\System\iZNgaaC.exe
  C:\Windows\System\iZNgaaC.exe
  2⤵
  PID:10408
- C:\Windows\System\rCOEhki.exe
  C:\Windows\System\rCOEhki.exe
  2⤵
  PID:10436
- C:\Windows\System\cWmbRfa.exe
  C:\Windows\System\cWmbRfa.exe
  2⤵
  PID:10464
- C:\Windows\System\MCNtdkd.exe
  C:\Windows\System\MCNtdkd.exe
  2⤵
  PID:10492
- C:\Windows\System\ZwiPNcM.exe
  C:\Windows\System\ZwiPNcM.exe
  2⤵
  PID:10520
- C:\Windows\System\pkioxWk.exe
  C:\Windows\System\pkioxWk.exe
  2⤵
  PID:10548
- C:\Windows\System\ruEgAfM.exe
  C:\Windows\System\ruEgAfM.exe
  2⤵
  PID:10576
- C:\Windows\System\ZOuMqqE.exe
  C:\Windows\System\ZOuMqqE.exe
  2⤵
  PID:10604
- C:\Windows\System\kNEgQyO.exe
  C:\Windows\System\kNEgQyO.exe
  2⤵
  PID:10632
- C:\Windows\System\WxNdoxt.exe
  C:\Windows\System\WxNdoxt.exe
  2⤵
  PID:10660
- C:\Windows\System\xyKTKnp.exe
  C:\Windows\System\xyKTKnp.exe
  2⤵
  PID:10688
- C:\Windows\System\IYCNAMK.exe
  C:\Windows\System\IYCNAMK.exe
  2⤵
  PID:10716
- C:\Windows\System\IMgTygK.exe
  C:\Windows\System\IMgTygK.exe
  2⤵
  PID:10744
- C:\Windows\System\vVdAaVJ.exe
  C:\Windows\System\vVdAaVJ.exe
  2⤵
  PID:10772
- C:\Windows\System\YgfJLHR.exe
  C:\Windows\System\YgfJLHR.exe
  2⤵
  PID:10800
- C:\Windows\System\QloIhsZ.exe
  C:\Windows\System\QloIhsZ.exe
  2⤵
  PID:10828
- C:\Windows\System\NyvnmrP.exe
  C:\Windows\System\NyvnmrP.exe
  2⤵
  PID:10856
- C:\Windows\System\IGczTCH.exe
  C:\Windows\System\IGczTCH.exe
  2⤵
  PID:10884
- C:\Windows\System\hbuerDL.exe
  C:\Windows\System\hbuerDL.exe
  2⤵
  PID:10912
- C:\Windows\System\hrYFYXa.exe
  C:\Windows\System\hrYFYXa.exe
  2⤵
  PID:10940
- C:\Windows\System\AWKZpmm.exe
  C:\Windows\System\AWKZpmm.exe
  2⤵
  PID:10980
- C:\Windows\System\hjCPCjO.exe
  C:\Windows\System\hjCPCjO.exe
  2⤵
  PID:11000
- C:\Windows\System\HkufcZO.exe
  C:\Windows\System\HkufcZO.exe
  2⤵
  PID:11028
- C:\Windows\System\oqdAKZE.exe
  C:\Windows\System\oqdAKZE.exe
  2⤵
  PID:11056
- C:\Windows\System\bSeYApT.exe
  C:\Windows\System\bSeYApT.exe
  2⤵
  PID:11084
- C:\Windows\System\izDzwpm.exe
  C:\Windows\System\izDzwpm.exe
  2⤵
  PID:11112
- C:\Windows\System\zvtJMqE.exe
  C:\Windows\System\zvtJMqE.exe
  2⤵
  PID:11140
- C:\Windows\System\pPnoNPY.exe
  C:\Windows\System\pPnoNPY.exe
  2⤵
  PID:11168
- C:\Windows\System\rBZMbQN.exe
  C:\Windows\System\rBZMbQN.exe
  2⤵
  PID:11196
- C:\Windows\System\fkqhruC.exe
  C:\Windows\System\fkqhruC.exe
  2⤵
  PID:11224
- C:\Windows\System\AhunmtM.exe
  C:\Windows\System\AhunmtM.exe
  2⤵
  PID:11252
- C:\Windows\System\sLGUUap.exe
  C:\Windows\System\sLGUUap.exe
  2⤵
  PID:10280
- C:\Windows\System\bwpzWIX.exe
  C:\Windows\System\bwpzWIX.exe
  2⤵
  PID:10344
- C:\Windows\System\igYMqLX.exe
  C:\Windows\System\igYMqLX.exe
  2⤵
  PID:10404
- C:\Windows\System\kKDGwXN.exe
  C:\Windows\System\kKDGwXN.exe
  2⤵
  PID:10480
- C:\Windows\System\YPSUpLL.exe
  C:\Windows\System\YPSUpLL.exe
  2⤵
  PID:10540
- C:\Windows\System\skJYgfp.exe
  C:\Windows\System\skJYgfp.exe
  2⤵
  PID:10600
- C:\Windows\System\KVTPruX.exe
  C:\Windows\System\KVTPruX.exe
  2⤵
  PID:10628
- C:\Windows\System\KaCYUpW.exe
  C:\Windows\System\KaCYUpW.exe
  2⤵
  PID:10684
- C:\Windows\System\rpfbmTE.exe
  C:\Windows\System\rpfbmTE.exe
  2⤵
  PID:10760
- C:\Windows\System\YoGDvMR.exe
  C:\Windows\System\YoGDvMR.exe
  2⤵
  PID:10820
- C:\Windows\System\alaLaiF.exe
  C:\Windows\System\alaLaiF.exe
  2⤵
  PID:10880
- C:\Windows\System\pUAeWCo.exe
  C:\Windows\System\pUAeWCo.exe
  2⤵
  PID:10936
- C:\Windows\System\DvncsqR.exe
  C:\Windows\System\DvncsqR.exe
  2⤵
  PID:11012
- C:\Windows\System\CuPAHHr.exe
  C:\Windows\System\CuPAHHr.exe
  2⤵
  PID:11068
- C:\Windows\System\VFRurkd.exe
  C:\Windows\System\VFRurkd.exe
  2⤵
  PID:11132
- C:\Windows\System\kSWvQLx.exe
  C:\Windows\System\kSWvQLx.exe
  2⤵
  PID:11192
- C:\Windows\System\fYnwZzJ.exe
  C:\Windows\System\fYnwZzJ.exe
  2⤵
  PID:9660
- C:\Windows\System\YpcBXmj.exe
  C:\Windows\System\YpcBXmj.exe
  2⤵
  PID:10392
- C:\Windows\System\WwLICRU.exe
  C:\Windows\System\WwLICRU.exe
  2⤵
  PID:10516
- C:\Windows\System\tqVrqte.exe
  C:\Windows\System\tqVrqte.exe
  2⤵
  PID:4732
- C:\Windows\System\RqMycbx.exe
  C:\Windows\System\RqMycbx.exe
  2⤵
  PID:10740
- C:\Windows\System\enKFtpr.exe
  C:\Windows\System\enKFtpr.exe
  2⤵
  PID:10868
- C:\Windows\System\sMUOWFJ.exe
  C:\Windows\System\sMUOWFJ.exe
  2⤵
  PID:4952
- C:\Windows\System\MQSxubt.exe
  C:\Windows\System\MQSxubt.exe
  2⤵
  PID:11108
- C:\Windows\System\aidjbKl.exe
  C:\Windows\System\aidjbKl.exe
  2⤵
  PID:11248
- C:\Windows\System\unTiyoE.exe
  C:\Windows\System\unTiyoE.exe
  2⤵
  PID:2388
- C:\Windows\System\hILmiWh.exe
  C:\Windows\System\hILmiWh.exe
  2⤵
  PID:10848
- C:\Windows\System\EIWCCPt.exe
  C:\Windows\System\EIWCCPt.exe
  2⤵
  PID:11104
- C:\Windows\System\MqUZMEx.exe
  C:\Windows\System\MqUZMEx.exe
  2⤵
  PID:4228
- C:\Windows\System\WDWAolb.exe
  C:\Windows\System\WDWAolb.exe
  2⤵
  PID:11244
- C:\Windows\System\PpuQfWl.exe
  C:\Windows\System\PpuQfWl.exe
  2⤵
  PID:3536
- C:\Windows\System\KVewRCk.exe
  C:\Windows\System\KVewRCk.exe
  2⤵
  PID:11292
- C:\Windows\System\rvmnXVN.exe
  C:\Windows\System\rvmnXVN.exe
  2⤵
  PID:11320
- C:\Windows\System\rFEHOcL.exe
  C:\Windows\System\rFEHOcL.exe
  2⤵
  PID:11348
- C:\Windows\System\UBtKzJP.exe
  C:\Windows\System\UBtKzJP.exe
  2⤵
  PID:11380
- C:\Windows\System\YrTsTWg.exe
  C:\Windows\System\YrTsTWg.exe
  2⤵
  PID:11408
- C:\Windows\System\bAShOdU.exe
  C:\Windows\System\bAShOdU.exe
  2⤵
  PID:11436
- C:\Windows\System\UrndFTD.exe
  C:\Windows\System\UrndFTD.exe
  2⤵
  PID:11464
- C:\Windows\System\ildDAeP.exe
  C:\Windows\System\ildDAeP.exe
  2⤵
  PID:11492
- C:\Windows\System\QGjWDyY.exe
  C:\Windows\System\QGjWDyY.exe
  2⤵
  PID:11520
- C:\Windows\System\MHzaOMv.exe
  C:\Windows\System\MHzaOMv.exe
  2⤵
  PID:11548
- C:\Windows\System\zTCRJak.exe
  C:\Windows\System\zTCRJak.exe
  2⤵
  PID:11576
- C:\Windows\System\sFtKHql.exe
  C:\Windows\System\sFtKHql.exe
  2⤵
  PID:11604
- C:\Windows\System\WHgBJhG.exe
  C:\Windows\System\WHgBJhG.exe
  2⤵
  PID:11632
- C:\Windows\System\zwgDlHM.exe
  C:\Windows\System\zwgDlHM.exe
  2⤵
  PID:11660
- C:\Windows\System\WoTraom.exe
  C:\Windows\System\WoTraom.exe
  2⤵
  PID:11688
- C:\Windows\System\fKnFALN.exe
  C:\Windows\System\fKnFALN.exe
  2⤵
  PID:11716
- C:\Windows\System\wrvqAps.exe
  C:\Windows\System\wrvqAps.exe
  2⤵
  PID:11744
- C:\Windows\System\uyFExiB.exe
  C:\Windows\System\uyFExiB.exe
  2⤵
  PID:11772
- C:\Windows\System\DCxNCsg.exe
  C:\Windows\System\DCxNCsg.exe
  2⤵
  PID:11800
- C:\Windows\System\pAoepwz.exe
  C:\Windows\System\pAoepwz.exe
  2⤵
  PID:11828
- C:\Windows\System\vxpKEtj.exe
  C:\Windows\System\vxpKEtj.exe
  2⤵
  PID:11856
- C:\Windows\System\CGRlOsa.exe
  C:\Windows\System\CGRlOsa.exe
  2⤵
  PID:11884
- C:\Windows\System\csDZbPi.exe
  C:\Windows\System\csDZbPi.exe
  2⤵
  PID:11912
- C:\Windows\System\iGvfQrt.exe
  C:\Windows\System\iGvfQrt.exe
  2⤵
  PID:11940
- C:\Windows\System\PunLGdJ.exe
  C:\Windows\System\PunLGdJ.exe
  2⤵
  PID:11968
- C:\Windows\System\beRfuJT.exe
  C:\Windows\System\beRfuJT.exe
  2⤵
  PID:11996
- C:\Windows\System\XGpdygu.exe
  C:\Windows\System\XGpdygu.exe
  2⤵
  PID:12024
- C:\Windows\System\VxMtFnp.exe
  C:\Windows\System\VxMtFnp.exe
  2⤵
  PID:12052
- C:\Windows\System\CwLtFRe.exe
  C:\Windows\System\CwLtFRe.exe
  2⤵
  PID:12080
- C:\Windows\System\uByLorM.exe
  C:\Windows\System\uByLorM.exe
  2⤵
  PID:12108
- C:\Windows\System\wnyIlXX.exe
  C:\Windows\System\wnyIlXX.exe
  2⤵
  PID:12136
- C:\Windows\System\FKJIoYc.exe
  C:\Windows\System\FKJIoYc.exe
  2⤵
  PID:12164
- C:\Windows\System\KbuJagZ.exe
  C:\Windows\System\KbuJagZ.exe
  2⤵
  PID:12192
- C:\Windows\System\sHDRaGL.exe
  C:\Windows\System\sHDRaGL.exe
  2⤵
  PID:12220
- C:\Windows\System\KWEdgpV.exe
  C:\Windows\System\KWEdgpV.exe
  2⤵
  PID:12248
- C:\Windows\System\rPVSVdb.exe
  C:\Windows\System\rPVSVdb.exe
  2⤵
  PID:12276
- C:\Windows\System\mHtPJOO.exe
  C:\Windows\System\mHtPJOO.exe
  2⤵
  PID:11308
- C:\Windows\System\DtatHOt.exe
  C:\Windows\System\DtatHOt.exe
  2⤵
  PID:11372
- C:\Windows\System\IwNAuZA.exe
  C:\Windows\System\IwNAuZA.exe
  2⤵
  PID:11432
- C:\Windows\System\MYulnMr.exe
  C:\Windows\System\MYulnMr.exe
  2⤵
  PID:11504
- C:\Windows\System\DePrTdN.exe
  C:\Windows\System\DePrTdN.exe
  2⤵
  PID:11568
- C:\Windows\System\UORdNGt.exe
  C:\Windows\System\UORdNGt.exe
  2⤵
  PID:11628
- C:\Windows\System\LnqyNOr.exe
  C:\Windows\System\LnqyNOr.exe
  2⤵
  PID:11704
- C:\Windows\System\RrSfTTL.exe
  C:\Windows\System\RrSfTTL.exe
  2⤵
  PID:11764
- C:\Windows\System\KHtbDqC.exe
  C:\Windows\System\KHtbDqC.exe
  2⤵
  PID:11824
- C:\Windows\System\XCFtrEo.exe
  C:\Windows\System\XCFtrEo.exe
  2⤵
  PID:11896
- C:\Windows\System\bWYJmQm.exe
  C:\Windows\System\bWYJmQm.exe
  2⤵
  PID:11960
- C:\Windows\System\cYfjhzA.exe
  C:\Windows\System\cYfjhzA.exe
  2⤵
  PID:12020
- C:\Windows\System\KkCfcJt.exe
  C:\Windows\System\KkCfcJt.exe
  2⤵
  PID:12096
- C:\Windows\System\iOqpWfW.exe
  C:\Windows\System\iOqpWfW.exe
  2⤵
  PID:12160
- C:\Windows\System\fQGGeqp.exe
  C:\Windows\System\fQGGeqp.exe
  2⤵
  PID:12240
- C:\Windows\System\ybaMhJv.exe
  C:\Windows\System\ybaMhJv.exe
  2⤵
  PID:11284
- C:\Windows\System\WchLXXg.exe
  C:\Windows\System\WchLXXg.exe
  2⤵
  PID:11484
- C:\Windows\System\hlMvvid.exe
  C:\Windows\System\hlMvvid.exe
  2⤵
  PID:11600
- C:\Windows\System\TrKfkBb.exe
  C:\Windows\System\TrKfkBb.exe
  2⤵
  PID:11812
- C:\Windows\System\mhRwOAA.exe
  C:\Windows\System\mhRwOAA.exe
  2⤵
  PID:11932
- C:\Windows\System\szBiJlL.exe
  C:\Windows\System\szBiJlL.exe
  2⤵
  PID:3264
- C:\Windows\System\YRnSTCO.exe
  C:\Windows\System\YRnSTCO.exe
  2⤵
  PID:12216
- C:\Windows\System\ybjMxlu.exe
  C:\Windows\System\ybjMxlu.exe
  2⤵
  PID:11428
- C:\Windows\System\yAAHtbR.exe
  C:\Windows\System\yAAHtbR.exe
  2⤵
  PID:344
- C:\Windows\System\HfAcpxA.exe
  C:\Windows\System\HfAcpxA.exe
  2⤵
  PID:3568
- C:\Windows\System\KrHeSPO.exe
  C:\Windows\System\KrHeSPO.exe
  2⤵
  PID:3324
- C:\Windows\System\WAEXrmn.exe
  C:\Windows\System\WAEXrmn.exe
  2⤵
  PID:11876
- C:\Windows\System\NCiHcsx.exe
  C:\Windows\System\NCiHcsx.exe
  2⤵
  PID:11656
- C:\Windows\System\SFjtkFu.exe
  C:\Windows\System\SFjtkFu.exe
  2⤵
  PID:12296
- C:\Windows\System\IZODDXT.exe
  C:\Windows\System\IZODDXT.exe
  2⤵
  PID:12324
- C:\Windows\System\sKrJngG.exe
  C:\Windows\System\sKrJngG.exe
  2⤵
  PID:12340
- C:\Windows\System\iZEJwEq.exe
  C:\Windows\System\iZEJwEq.exe
  2⤵
  PID:12380
- C:\Windows\System\BwieIWK.exe
  C:\Windows\System\BwieIWK.exe
  2⤵
  PID:12408
- C:\Windows\System\iDoMRdm.exe
  C:\Windows\System\iDoMRdm.exe
  2⤵
  PID:12436
- C:\Windows\System\FJOvsQK.exe
  C:\Windows\System\FJOvsQK.exe
  2⤵
  PID:12464
- C:\Windows\System\ZFSPTHD.exe
  C:\Windows\System\ZFSPTHD.exe
  2⤵
  PID:12484
- C:\Windows\System\xSrmQkH.exe
  C:\Windows\System\xSrmQkH.exe
  2⤵
  PID:12520
- C:\Windows\System\ECigYIK.exe
  C:\Windows\System\ECigYIK.exe
  2⤵
  PID:12552
- C:\Windows\System\KXRxUUt.exe
  C:\Windows\System\KXRxUUt.exe
  2⤵
  PID:12596
- C:\Windows\System\hZSSXNY.exe
  C:\Windows\System\hZSSXNY.exe
  2⤵
  PID:12640
- C:\Windows\System\xXkjEbw.exe
  C:\Windows\System\xXkjEbw.exe
  2⤵
  PID:12676
- C:\Windows\System\ddfDDZl.exe
  C:\Windows\System\ddfDDZl.exe
  2⤵
  PID:12708
- C:\Windows\System\KEioteL.exe
  C:\Windows\System\KEioteL.exe
  2⤵
  PID:12736
- C:\Windows\System\tlrBSuO.exe
  C:\Windows\System\tlrBSuO.exe
  2⤵
  PID:12764
- C:\Windows\System\TsPGkzR.exe
  C:\Windows\System\TsPGkzR.exe
  2⤵
  PID:12796
- C:\Windows\System\fGkIApO.exe
  C:\Windows\System\fGkIApO.exe
  2⤵
  PID:12824
- C:\Windows\System\LjwRDzr.exe
  C:\Windows\System\LjwRDzr.exe
  2⤵
  PID:12852
- C:\Windows\System\ufNHQCJ.exe
  C:\Windows\System\ufNHQCJ.exe
  2⤵
  PID:12880
- C:\Windows\System\yvmbwIz.exe
  C:\Windows\System\yvmbwIz.exe
  2⤵
  PID:12912
- C:\Windows\System\SWDLeQp.exe
  C:\Windows\System\SWDLeQp.exe
  2⤵
  PID:12944
- C:\Windows\System\uCPJtyD.exe
  C:\Windows\System\uCPJtyD.exe
  2⤵
  PID:12972
- C:\Windows\System\UwADzUw.exe
  C:\Windows\System\UwADzUw.exe
  2⤵
  PID:12992
- C:\Windows\System\DWhxylS.exe
  C:\Windows\System\DWhxylS.exe
  2⤵
  PID:13036
- C:\Windows\System\bgkfOyy.exe
  C:\Windows\System\bgkfOyy.exe
  2⤵
  PID:13064
- C:\Windows\System\nfTsbrE.exe
  C:\Windows\System\nfTsbrE.exe
  2⤵
  PID:13092
- C:\Windows\System\wQVVLLB.exe
  C:\Windows\System\wQVVLLB.exe
  2⤵
  PID:13120
- C:\Windows\System\VwgRKqZ.exe
  C:\Windows\System\VwgRKqZ.exe
  2⤵
  PID:13148
- C:\Windows\System\ulOMQCv.exe
  C:\Windows\System\ulOMQCv.exe
  2⤵
  PID:13176
- C:\Windows\System\qPqjsIG.exe
  C:\Windows\System\qPqjsIG.exe
  2⤵
  PID:13204
- C:\Windows\System\RODsdGk.exe
  C:\Windows\System\RODsdGk.exe
  2⤵
  PID:13232
- C:\Windows\System\zegZsWs.exe
  C:\Windows\System\zegZsWs.exe
  2⤵
  PID:13260
- C:\Windows\System\mbTTPkR.exe
  C:\Windows\System\mbTTPkR.exe
  2⤵
  PID:13288
- C:\Windows\System\lJYqYNK.exe
  C:\Windows\System\lJYqYNK.exe
  2⤵
  PID:12292
- C:\Windows\System\xTGqzmW.exe
  C:\Windows\System\xTGqzmW.exe
  2⤵
  PID:12332
- C:\Windows\System\uHWsCKW.exe
  C:\Windows\System\uHWsCKW.exe
  2⤵
  PID:12404
- C:\Windows\System\KJCdvDD.exe
  C:\Windows\System\KJCdvDD.exe
  2⤵
  PID:12480
- C:\Windows\System\JULAYUQ.exe
  C:\Windows\System\JULAYUQ.exe
  2⤵
  PID:12516
- C:\Windows\System\DWmfQfw.exe
  C:\Windows\System\DWmfQfw.exe
  2⤵
  PID:12580
- C:\Windows\System\ovlwFZQ.exe
  C:\Windows\System\ovlwFZQ.exe
  2⤵
  PID:2480
- C:\Windows\System\PRmsYii.exe
  C:\Windows\System\PRmsYii.exe
  2⤵
  PID:7280
- C:\Windows\System\hXHfoCb.exe
  C:\Windows\System\hXHfoCb.exe
  2⤵
  PID:7252
- C:\Windows\System\gvPuOmw.exe
  C:\Windows\System\gvPuOmw.exe
  2⤵
  PID:12748
- C:\Windows\System\FENbUoE.exe
  C:\Windows\System\FENbUoE.exe
  2⤵
  PID:12812
- C:\Windows\System\YOsgcuL.exe
  C:\Windows\System\YOsgcuL.exe
  2⤵
  PID:12872
- C:\Windows\System\GWgxxiZ.exe
  C:\Windows\System\GWgxxiZ.exe
  2⤵
  PID:4976
- C:\Windows\System\pLlHiqj.exe
  C:\Windows\System\pLlHiqj.exe
  2⤵
  PID:11536
- C:\Windows\System\MXOmvyk.exe
  C:\Windows\System\MXOmvyk.exe
  2⤵
  PID:13012
- C:\Windows\System\HIJTvRz.exe
  C:\Windows\System\HIJTvRz.exe
  2⤵
  PID:13060
- C:\Windows\System\dnNteNx.exe
  C:\Windows\System\dnNteNx.exe
  2⤵
  PID:2008
- C:\Windows\System\bGSWaME.exe
  C:\Windows\System\bGSWaME.exe
  2⤵
  PID:13144
- C:\Windows\System\sFfsjeb.exe
  C:\Windows\System\sFfsjeb.exe
  2⤵
  PID:13216
- C:\Windows\System\RSYTQze.exe
  C:\Windows\System\RSYTQze.exe
  2⤵
  PID:13280
- C:\Windows\System\SWdNwrg.exe
  C:\Windows\System\SWdNwrg.exe
  2⤵
  PID:12336
- C:\Windows\System\QgkSPXb.exe
  C:\Windows\System\QgkSPXb.exe
  2⤵
  PID:12496
- C:\Windows\System\QcONZTM.exe
  C:\Windows\System\QcONZTM.exe
  2⤵
  PID:1596
- C:\Windows\System\gPDKTkc.exe
  C:\Windows\System\gPDKTkc.exe
  2⤵
  PID:9020
- C:\Windows\System\hZhseNU.exe
  C:\Windows\System\hZhseNU.exe
  2⤵
  PID:12840
- C:\Windows\System\HOuCDDT.exe
  C:\Windows\System\HOuCDDT.exe
  2⤵
  PID:11480
- C:\Windows\System\gdEOIFv.exe
  C:\Windows\System\gdEOIFv.exe
  2⤵
  PID:12016
- C:\Windows\System\slkKKCe.exe
  C:\Windows\System\slkKKCe.exe
  2⤵
  PID:12888
- C:\Windows\System\HIynxnt.exe
  C:\Windows\System\HIynxnt.exe
  2⤵
  PID:13200
- C:\Windows\System\QyxiIDj.exe
  C:\Windows\System\QyxiIDj.exe
  2⤵
  PID:12448
- C:\Windows\System\SLoMFDm.exe
  C:\Windows\System\SLoMFDm.exe
  2⤵
  PID:12636
- C:\Windows\System\CStzabB.exe
  C:\Windows\System\CStzabB.exe
  2⤵
  PID:1412
- C:\Windows\System\VILIlMV.exe
  C:\Windows\System\VILIlMV.exe
  2⤵
  PID:13088
- C:\Windows\System\DWDCeXZ.exe
  C:\Windows\System\DWDCeXZ.exe
  2⤵
  PID:13196
- C:\Windows\System\LMgrtDB.exe
  C:\Windows\System\LMgrtDB.exe
  2⤵
  PID:3268
- C:\Windows\System\FfzMZsP.exe
  C:\Windows\System\FfzMZsP.exe
  2⤵
  PID:12684
- C:\Windows\System\HWsZcSy.exe
  C:\Windows\System\HWsZcSy.exe
  2⤵
  PID:12784
- C:\Windows\System\hlKLtZI.exe
  C:\Windows\System\hlKLtZI.exe
  2⤵
  PID:1448
- C:\Windows\System\aMftWBQ.exe
  C:\Windows\System\aMftWBQ.exe
  2⤵
  PID:13328
- C:\Windows\System\mdErvhm.exe
  C:\Windows\System\mdErvhm.exe
  2⤵
  PID:13356
- C:\Windows\System\AHUnBOF.exe
  C:\Windows\System\AHUnBOF.exe
  2⤵
  PID:13384
- C:\Windows\System\SLbnNkO.exe
  C:\Windows\System\SLbnNkO.exe
  2⤵
  PID:13412
- C:\Windows\System\FXXtbbq.exe
  C:\Windows\System\FXXtbbq.exe
  2⤵
  PID:13440
- C:\Windows\System\ToipzSx.exe
  C:\Windows\System\ToipzSx.exe
  2⤵
  PID:13468
- C:\Windows\System\bfmxAAs.exe
  C:\Windows\System\bfmxAAs.exe
  2⤵
  PID:13496
- C:\Windows\System\sctlvjY.exe
  C:\Windows\System\sctlvjY.exe
  2⤵
  PID:13524
- C:\Windows\System\vBIvhHR.exe
  C:\Windows\System\vBIvhHR.exe
  2⤵
  PID:13552
- C:\Windows\System\gxpATqw.exe
  C:\Windows\System\gxpATqw.exe
  2⤵
  PID:13580
- C:\Windows\System\QVbcGWp.exe
  C:\Windows\System\QVbcGWp.exe
  2⤵
  PID:13608
- C:\Windows\System\mfLymGK.exe
  C:\Windows\System\mfLymGK.exe
  2⤵
  PID:13636
- C:\Windows\System\rsBPEQY.exe
  C:\Windows\System\rsBPEQY.exe
  2⤵
  PID:13664
- C:\Windows\System\iMqfgvO.exe
  C:\Windows\System\iMqfgvO.exe
  2⤵
  PID:13692
- C:\Windows\System\VjidyKw.exe
  C:\Windows\System\VjidyKw.exe
  2⤵
  PID:13720
- C:\Windows\System\gNibBuo.exe
  C:\Windows\System\gNibBuo.exe
  2⤵
  PID:13748
- C:\Windows\System\brbFztD.exe
  C:\Windows\System\brbFztD.exe
  2⤵
  PID:13764
- C:\Windows\System\qaSLFgW.exe
  C:\Windows\System\qaSLFgW.exe
  2⤵
  PID:13804
- C:\Windows\System\OFPtdQF.exe
  C:\Windows\System\OFPtdQF.exe
  2⤵
  PID:13844
- C:\Windows\System\rcDLIDh.exe
  C:\Windows\System\rcDLIDh.exe
  2⤵
  PID:13864
- C:\Windows\System\nskRHsB.exe
  C:\Windows\System\nskRHsB.exe
  2⤵
  PID:13892
- C:\Windows\System\CZzGiPw.exe
  C:\Windows\System\CZzGiPw.exe
  2⤵
  PID:13920
- C:\Windows\System\uPoLpaC.exe
  C:\Windows\System\uPoLpaC.exe
  2⤵
  PID:13948
- C:\Windows\System\LZQDVCj.exe
  C:\Windows\System\LZQDVCj.exe
  2⤵
  PID:13976
- C:\Windows\System\ZxZjzDS.exe
  C:\Windows\System\ZxZjzDS.exe
  2⤵
  PID:14004
- C:\Windows\System\VylZzyU.exe
  C:\Windows\System\VylZzyU.exe
  2⤵
  PID:14032
- C:\Windows\System\rxUxOJa.exe
  C:\Windows\System\rxUxOJa.exe
  2⤵
  PID:14060
- C:\Windows\System\eBIZNrH.exe
  C:\Windows\System\eBIZNrH.exe
  2⤵
  PID:14096
- C:\Windows\System\oGVWLXA.exe
  C:\Windows\System\oGVWLXA.exe
  2⤵
  PID:14124
- C:\Windows\System\ZVvXMMa.exe
  C:\Windows\System\ZVvXMMa.exe
  2⤵
  PID:14152
- C:\Windows\System\ULoMhht.exe
  C:\Windows\System\ULoMhht.exe
  2⤵
  PID:14212
- C:\Windows\System\YrKFYIV.exe
  C:\Windows\System\YrKFYIV.exe
  2⤵
  PID:14240
- C:\Windows\System\IVkYnUA.exe
  C:\Windows\System\IVkYnUA.exe
  2⤵
  PID:14268
- C:\Windows\System\MXxbusR.exe
  C:\Windows\System\MXxbusR.exe
  2⤵
  PID:14296
- C:\Windows\System\HAFxadC.exe
  C:\Windows\System\HAFxadC.exe
  2⤵
  PID:14324
- C:\Windows\System\rjYODYv.exe
  C:\Windows\System\rjYODYv.exe
  2⤵
  PID:13348
- C:\Windows\System\aNDfgau.exe
  C:\Windows\System\aNDfgau.exe
  2⤵
  PID:13424
- C:\Windows\System\bDoyrWv.exe
  C:\Windows\System\bDoyrWv.exe
  2⤵
  PID:13488
- C:\Windows\System\CgmOgdp.exe
  C:\Windows\System\CgmOgdp.exe
  2⤵
  PID:13544
- C:\Windows\System\fqljUrn.exe
  C:\Windows\System\fqljUrn.exe
  2⤵
  PID:13628
- C:\Windows\System\dnnWumZ.exe
  C:\Windows\System\dnnWumZ.exe
  2⤵
  PID:13716
- C:\Windows\System\KoZFYMZ.exe
  C:\Windows\System\KoZFYMZ.exe
  2⤵
  PID:13816
- C:\Windows\System\swEWYLE.exe
  C:\Windows\System\swEWYLE.exe
  2⤵
  PID:1988
- C:\Windows\System\TnCuYGV.exe
  C:\Windows\System\TnCuYGV.exe
  2⤵
  PID:13860
- C:\Windows\System\saglWrb.exe
  C:\Windows\System\saglWrb.exe
  2⤵
  PID:13916
- C:\Windows\System\EINcjkv.exe
  C:\Windows\System\EINcjkv.exe
  2⤵
  PID:13968
- C:\Windows\System\OFHfzly.exe
  C:\Windows\System\OFHfzly.exe
  2⤵
  PID:14048
- C:\Windows\System\pDOgSQD.exe
  C:\Windows\System\pDOgSQD.exe
  2⤵
  PID:14116
- C:\Windows\System\XBKeQrT.exe
  C:\Windows\System\XBKeQrT.exe
  2⤵
  PID:14208
- C:\Windows\System\dYWZKbG.exe
  C:\Windows\System\dYWZKbG.exe
  2⤵
  PID:14280
- C:\Windows\System\wbKmBUj.exe
  C:\Windows\System\wbKmBUj.exe
  2⤵
  PID:13316
- C:\Windows\System\cQpjCCY.exe
  C:\Windows\System\cQpjCCY.exe
  2⤵
  PID:13492
- C:\Windows\System\aVcRedf.exe
  C:\Windows\System\aVcRedf.exe
  2⤵
  PID:3432
- C:\Windows\System\isBUPjx.exe
  C:\Windows\System\isBUPjx.exe
  2⤵
  PID:3012
- C:\Windows\System\JHyzWdD.exe
  C:\Windows\System\JHyzWdD.exe
  2⤵
  PID:4700
- C:\Windows\System\kBHmEnt.exe
  C:\Windows\System\kBHmEnt.exe
  2⤵
  PID:13912
- C:\Windows\System\pNmZTsN.exe
  C:\Windows\System\pNmZTsN.exe
  2⤵
  PID:14204
- C:\Windows\System\rWHjAgJ.exe
  C:\Windows\System\rWHjAgJ.exe
  2⤵
  PID:2728
- C:\Windows\System\trIORXN.exe
  C:\Windows\System\trIORXN.exe
  2⤵
  PID:13688
- C:\Windows\System\MQYChBl.exe
  C:\Windows\System\MQYChBl.exe
  2⤵
  PID:1900
- C:\Windows\System\zvpJdcx.exe
  C:\Windows\System\zvpJdcx.exe
  2⤵
  PID:14144
- C:\Windows\System\MkCvfXm.exe
  C:\Windows\System\MkCvfXm.exe
  2⤵
  PID:2372
- C:\Windows\System\SewPDlT.exe
  C:\Windows\System\SewPDlT.exe
  2⤵
  PID:13744
- C:\Windows\System\fvlEbcy.exe
  C:\Windows\System\fvlEbcy.exe
  2⤵
  PID:14260
- C:\Windows\System\mrslpWs.exe
  C:\Windows\System\mrslpWs.exe
  2⤵
  PID:5060
- C:\Windows\System\BbFKBjj.exe
  C:\Windows\System\BbFKBjj.exe
  2⤵
  PID:3784
- C:\Windows\System\ShweHLH.exe
  C:\Windows\System\ShweHLH.exe
  2⤵
  PID:2768
- C:\Windows\System\SWsnEyC.exe
  C:\Windows\System\SWsnEyC.exe
  2⤵
  PID:2304
- C:\Windows\System\OxVQBgZ.exe
  C:\Windows\System\OxVQBgZ.exe
  2⤵
  PID:3656
- C:\Windows\System\lvSCYGT.exe
  C:\Windows\System\lvSCYGT.exe
  2⤵
  PID:4784
- C:\Windows\System\fJWyWAG.exe
  C:\Windows\System\fJWyWAG.exe
  2⤵
  PID:1512
- C:\Windows\System\htreMse.exe
  C:\Windows\System\htreMse.exe
  2⤵
  PID:3892
- C:\Windows\System\iwhbXXE.exe
  C:\Windows\System\iwhbXXE.exe
  2⤵
  PID:14352
- C:\Windows\System\EftctzO.exe
  C:\Windows\System\EftctzO.exe
  2⤵
  PID:14380
- C:\Windows\System\kECYDfF.exe
  C:\Windows\System\kECYDfF.exe
  2⤵
  PID:14408
- C:\Windows\System\JtafpKx.exe
  C:\Windows\System\JtafpKx.exe
  2⤵
  PID:14436
- C:\Windows\System\iPsQTJG.exe
  C:\Windows\System\iPsQTJG.exe
  2⤵
  PID:14464
- C:\Windows\System\VGlJcWu.exe
  C:\Windows\System\VGlJcWu.exe
  2⤵
  PID:14492
- C:\Windows\System\OzXxzIq.exe
  C:\Windows\System\OzXxzIq.exe
  2⤵
  PID:14520
- C:\Windows\System\dqQQjql.exe
  C:\Windows\System\dqQQjql.exe
  2⤵
  PID:14548
- C:\Windows\System\iZfvyfF.exe
  C:\Windows\System\iZfvyfF.exe
  2⤵
  PID:14576
- C:\Windows\System\ObCSkrr.exe
  C:\Windows\System\ObCSkrr.exe
  2⤵
  PID:14604
- C:\Windows\System\dcLcARM.exe
  C:\Windows\System\dcLcARM.exe
  2⤵
  PID:14640
- C:\Windows\System\OOWXCej.exe
  C:\Windows\System\OOWXCej.exe
  2⤵
  PID:14668
- C:\Windows\System\eqDOjjt.exe
  C:\Windows\System\eqDOjjt.exe
  2⤵
  PID:14696
- C:\Windows\System\ZzAHyYs.exe
  C:\Windows\System\ZzAHyYs.exe
  2⤵
  PID:14724
- C:\Windows\System\UGprPpy.exe
  C:\Windows\System\UGprPpy.exe
  2⤵
  PID:14752
- C:\Windows\System\WozrZmY.exe
  C:\Windows\System\WozrZmY.exe
  2⤵
  PID:14780
- C:\Windows\System\NOYHMQG.exe
  C:\Windows\System\NOYHMQG.exe
  2⤵
  PID:14808
- C:\Windows\System\eAazsin.exe
  C:\Windows\System\eAazsin.exe
  2⤵
  PID:14836
- C:\Windows\System\ljpVZnM.exe
  C:\Windows\System\ljpVZnM.exe
  2⤵
  PID:14868
- C:\Windows\System\CrrWKqf.exe
  C:\Windows\System\CrrWKqf.exe
  2⤵
  PID:14896
- C:\Windows\System\zZDojem.exe
  C:\Windows\System\zZDojem.exe
  2⤵
  PID:14924
- C:\Windows\System\bbJPrsR.exe
  C:\Windows\System\bbJPrsR.exe
  2⤵
  PID:14952
- C:\Windows\System\ZFYkxaa.exe
  C:\Windows\System\ZFYkxaa.exe
  2⤵
  PID:14980
- C:\Windows\System\HfQTzFH.exe
  C:\Windows\System\HfQTzFH.exe
  2⤵
  PID:15016
- C:\Windows\System\IlvuYOI.exe
  C:\Windows\System\IlvuYOI.exe
  2⤵
  PID:15044
- C:\Windows\System\iRLdUiQ.exe
  C:\Windows\System\iRLdUiQ.exe
  2⤵
  PID:15072
- C:\Windows\System\xfvGVAo.exe
  C:\Windows\System\xfvGVAo.exe
  2⤵
  PID:15100
- C:\Windows\System\FFGtFeJ.exe
  C:\Windows\System\FFGtFeJ.exe
  2⤵
  PID:15128
- C:\Windows\System\JyIIIdS.exe
  C:\Windows\System\JyIIIdS.exe
  2⤵
  PID:15156
- C:\Windows\System\blhhXqH.exe
  C:\Windows\System\blhhXqH.exe
  2⤵
  PID:15184
- C:\Windows\System\EGfvGxZ.exe
  C:\Windows\System\EGfvGxZ.exe
  2⤵
  PID:15216
- C:\Windows\System\anTcsBM.exe
  C:\Windows\System\anTcsBM.exe
  2⤵
  PID:15244
- C:\Windows\System\tEVhMpx.exe
  C:\Windows\System\tEVhMpx.exe
  2⤵
  PID:15264
- C:\Windows\System\knIKpZw.exe
  C:\Windows\System\knIKpZw.exe
  2⤵
  PID:15332
- C:\Windows\System\WRVfIzL.exe
  C:\Windows\System\WRVfIzL.exe
  2⤵
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AGhmAdF.exe

Filesize
6.1MB

MD5
0e769c141f4a6673a8c6441d8f4bd193

SHA1
7d2970151fcb55c47d6f4055979778d5a10c4e25

SHA256
5bcc5249931c18eee598e4d806d224e2dcd1a4afd9adec6fde5d293cf872f937

SHA512
09a1d30b019e1de2479ee1de35291c2bdcd0c620b4e09a249f099ea444726dd795d400fe14bacf380df8ff40c2f561b5d6f58f6ec535c0322d44dfc5a6c94601

Download Submit
C:\Windows\System\DAikKgk.exe

Filesize
6.1MB

MD5
4961dafdda03cf97cb06a0e057c538b5

SHA1
960d2676ef53b71814407417bcb023fe2bac3fe8

SHA256
040481fd614ab21211cb6af1ec6d4af45b74ed9c3d4c5bdf7e7aeb5b57d8eddc

SHA512
c192ef9f98a0ed86f1a4ac040e52e7c90b7b895229754085cf3fbae73dee61f4487b07cac1c74988edf8ab7e770f121907620469d44ac7f69b0fd678affcd76f

Download Submit
C:\Windows\System\DBnzOup.exe

Filesize
6.1MB

MD5
9f82e2df01afe689597832953db0f0dd

SHA1
0d6d953e4ee52a354b541dc35628265fc4b90628

SHA256
f21aabbbb8a2b90d2dd50ec61d13f15586244191e4baaa1db83f850316de12ca

SHA512
971e8ef49897273616f87e77ac764e9910093317fced418f5ea05b56a7c66f2baf8b9f819ca3b179e0b9eae7619a1e82e6b2ec7374a3476337fb55b4e5a69122

Download Submit
C:\Windows\System\DPeSviT.exe

Filesize
6.1MB

MD5
8eab49ccb75d6e7661250044e8b639b6

SHA1
6616b54db738da1d1cb4241071ea352624ee9fc7

SHA256
43434c6841e04859000cb6f8c341db7977ad02d504de148a0406e3985f55b0a7

SHA512
f3efc7d82cd82e5f353377c4f850e576a9484a707457d56c6557d285d51a1a5b9bddbcfb230b8c243b720eb08e4c3ba8d98ce0a9ff24cf05ff0d40d13d7dacdc

Download Submit
C:\Windows\System\DhvyUOm.exe

Filesize
6.1MB

MD5
9fa12e736ceb699db65d2d2cd7140be0

SHA1
fd5925d4c188fc98666d91dd9cd4e68e2c8cca33

SHA256
094141a5ee6bff6674113087d9f6c3b4606f97cbbc2ec0d24db6fd2c993faa33

SHA512
787db6ef5e54dce8feaa9b0ef7c4c99bd00846412f90d1bbfad013011f99110fa7b6292d66feaf274f2248955ac092894dc987494e7afcc73d0ee4a77483bde9

Download Submit
C:\Windows\System\IYCnWyN.exe

Filesize
6.1MB

MD5
db4a6e0ba989fc9555701404b6519b74

SHA1
b719028041a0764223ded21d923abf2f818da7bc

SHA256
2b6948f654e1cdf01bc0f708640cba42110e7d42ee673bcb9b93d0a563649f9a

SHA512
8d70ac286ba69f7464f6b0238a78d317ae920b300ab71848d9ce46f8d89f8704d31517359533a022754a1f991a95617d70031c7f7ab0838b0b2900ed0d40fb37

Download Submit
C:\Windows\System\NVoKdhk.exe

Filesize
6.1MB

MD5
f3552c54aba690f18b9a9a221b182053

SHA1
b96148aa86a6ee7d3049e72d992b555378f4d26d

SHA256
5c78d2e84eee032318f1b63561364fb6044139c1d7b0fd383d8afecbe0b670d9

SHA512
cb6c5522aed83826dd48d565dceba7d8a28e88553d032a86b95762aa361ce3c0d3906894da368738b70200dba96a5261587741ec4bdbcd410329e2e63ae09995

Download Submit
C:\Windows\System\OCVpaTL.exe

Filesize
6.1MB

MD5
2bc69f38d77e745bcfc1b7f3dc3ce5ed

SHA1
fc2fedf46079c0658f62d2190fa7bd872cd64483

SHA256
1cff8294ea34624ce132a8a7350851b54b02facdbe246a8b83fc37e33094bad3

SHA512
854deff816f6cb2381088ea95c91727b8ab8b5aecc3d278e9a1c82a85536f186a119ad64b0438cd3515f7a1ea2a528812c99ad8eb2c7378185939eed681d6622

Download Submit
C:\Windows\System\SiChlIL.exe

Filesize
6.1MB

MD5
3d7c5e6451faac5c1ca2bcbceeee42a8

SHA1
401fff7ac9777aabfe58b51f072202fad08635b3

SHA256
5d5a4d1c2a15dd5a7510dbc39c12feaa4c17faf7c239722e8a1477a8bef81d66

SHA512
3f79b4646e3d8e9ef76fd56e435075ade3439330d0acd9a684346993fb04a6c5179cd518bb83824e413909689ab1adc0e91fc3137cce8871a4e0597a989b3a06

Download Submit
C:\Windows\System\TKNZrPf.exe

Filesize
6.1MB

MD5
0fae717b9889e87a95b28340a979ed15

SHA1
8e6f489f24885da199e512297cbdabb08184b33a

SHA256
1132224a109f527bf3cb595914148acf94fd172bab8660130b81d23d8768f7f2

SHA512
11fd00d16dc78953ca4970ff685536a11b4324e827d4d2511f534b1077e329513aebe5d176f96a296aac51a954d239531bbd9cee3fd095e8bfd3cadad58f0616

Download Submit
C:\Windows\System\TOFqrot.exe

Filesize
6.1MB

MD5
1283aa7f44cd742e271d2d95ffaca43b

SHA1
cf630aa2b088ffe604cff98b4d7ab2d52029d32b

SHA256
c60d6bcf6f360e0c2e84ada35c3e796b3f29186d098c2fa67163cb25b1b2ed34

SHA512
03cc1211575b38297da3a2bd5ff745974cac589ef7cc24f7ed2754d5028e78024496f5b5e5ae71cbd5691bccd85083598d93312b1148066c34a68375da77403c

Download Submit
C:\Windows\System\VcjiaNT.exe

Filesize
6.1MB

MD5
568fda3b2952b24d41d371d25887e81e

SHA1
be4e0117828f7ad37b7851362947a9464e53e4da

SHA256
53baafc4a940906923d7f2684617866a321a438f736b0da7104cc5e0ab8d3050

SHA512
8e9b0526242b9a345f2ff2e7079c7cda0c83f79dc8abe0ea18b578f325882189b7fe177f184a66723cf6ba645fd415c59f88e55f2293fc0dee7953ce2bc58948

Download Submit
C:\Windows\System\YkHgynV.exe

Filesize
6.1MB

MD5
ca0439d46f07aa6c5b1248a5564a66ab

SHA1
6739b1614aec03ac4a8faee0633a4a6c93a66cca

SHA256
ff371bf68f01e9626d31eea148eb7be5eaec5c21a5086cdefa11c7325c666a8d

SHA512
d644d7835282b0f834ecd282b066ec034fff94fb38a05fe84f8858acdaa9bdefcd7c2e39cb6f0c904976e4a01ab3d4f64af1629c64add84005f29ac22076b860

Download Submit
C:\Windows\System\ZSLDYnU.exe

Filesize
6.1MB

MD5
28ced0328d68dc4af7367b2ee26c2e7e

SHA1
f8d608a7fd14b35aba3d4660fbba11135b4e6c15

SHA256
56b1c4fb7c7f68fd1182ff3395573959ac5a2ae9d113e959e70cee0886bbf5cb

SHA512
957c5b5d0cb7c0efed293f25af6e9efaec73d210d3963a53a3cc2940ab4b2e14332ee286711704bf52ce30a1b0df69a7988e59c3418b7e253513a128a4585658

Download Submit
C:\Windows\System\ZUAXsiq.exe

Filesize
6.1MB

MD5
136b7bc353a09de12068c461fbf67fff

SHA1
f751ee889e50dcf12f1f071535921abc2ee49897

SHA256
f41ce7955f7450f42f8bb481d2acff571d49a9237e30d9f027009689cd6f3714

SHA512
869638bc4cc5fa2a473c74629f3f81b56663d237b133e22a11425f504d0fa8f023c09adc73238eaf59f4556d8ddf19a6f4b46a45e4832907876e80051371b4dd

Download Submit
C:\Windows\System\avGgRSQ.exe

Filesize
6.1MB

MD5
00160b047b56dd1cba6af8a278ab2288

SHA1
f53e34d19b5563bfcbf7d21f38d740e244fa472f

SHA256
f9d71de48466d96dd21561c54c2d8df9087765506953ab100b71563e91861692

SHA512
c2bc3031f37b5f4f6b75fbcac2d47bd1ba784df0279a9dfd015eaf1793b74650afeae0ec7b1050378ae27c0835b9bf4ec255d6b9f67d144ad78cad3b8e59eb96

Download Submit
C:\Windows\System\edwdDku.exe

Filesize
6.1MB

MD5
d4795364a9ce0ded6641cc39cf9da3f9

SHA1
ab78d49a33afe89034a6f320ea5144ba0906d8a7

SHA256
6ee4b1639f4521a71d6c1718a44eb2b2cb79a72913430b2e859fdf0cfeb75a36

SHA512
8166a7f6e51244d842306fd1dc9dae9117df68c180b30a69184f5382721cf0fdec120bc8d583c84d1530cdb85d1d1410e966fb343f9d67db249210749fd517e2

Download Submit
C:\Windows\System\fiZrQOV.exe

Filesize
6.1MB

MD5
1820e602c6c811aa6c14866d3ed233e1

SHA1
b00a4836726939466b0cc0f8e871ca39f4007003

SHA256
3d7ed6a6ab5e4def66c91a86a2b5cfd03032a093e4445bad1ca478aac22873d7

SHA512
19558edd53696179a2fc9d350716c46b71405e0f5bb1268de8b7edff1ae93899cc404142c89301a60db910fbff555193407339ef6bfa21d93e16b4b182b95f22

Download Submit
C:\Windows\System\jwRAHuV.exe

Filesize
6.1MB

MD5
93a6c9b9bc7d51f6f1dea5f4922d9e7b

SHA1
4ae7b19201864fc92c169beb6228fe9494bf0ca1

SHA256
7433ba7d6578cb88911ffd11d318ff08092296de425c6c673ec751db66124460

SHA512
26f6a86db64ebffc584ce22a90baf8801b8a38bcfb5ba79d04cb5ed66a25a15d7c08ea60e8ac8863e38ff51acf6800e169edb5ea2bbd1bfcea803f403e495018

Download Submit
C:\Windows\System\mcGvUXl.exe

Filesize
6.1MB

MD5
910912b95b32b0b364a7fa55454c1826

SHA1
821863c1353096f68c3a158a60db6fd84ca70e3f

SHA256
cb0485da9e4b4db6667cde34daa06b1a0fb09d213f69646d88d6e4a1680bc60e

SHA512
9d64ed128f3e0c5cf08cb5d4be2e213b140167571d39cd25f1016dee95d984570b57bb08544f70a6d45c08d2a831915cb3158c705528a0868a23e37abfc402fe

Download Submit
C:\Windows\System\oPgyDvx.exe

Filesize
6.1MB

MD5
7882be2e292c30e8b392120d815cf4f2

SHA1
8e04f561ea0b347edc2b28ac5a6efba4b50a7e70

SHA256
8d6b96cb09efa86cc24f89e0342577327ad4033c74cc6345ec6e36dbb66d7f09

SHA512
ff31971593d0d5dce7bc82ee8bbe8962281bda1e4e099bf8816bae8df2c6e96663c436c85419b8919304e32ffc35aa7ed61c323c8ed3d953a14b0e4a21d0e46a

Download Submit
C:\Windows\System\ovMieDH.exe

Filesize
6.1MB

MD5
988ecd0ccf4a6407e85e42340dccb973

SHA1
cf5d20619a73bbe81a58b1ec81619069351d5a94

SHA256
2f03844fedfa1bad0e4786aef0689385791a07647ec07ec73a7d6fabef5a324b

SHA512
c1c3990eb92fe3678c611c273d974ff45ebf721d4b003180c5ce627c9ce0d6ab0b26f43c1a5e80d7e98cd599e4dc26897a03f8dd54fa06421655086a78e5510f

Download Submit
C:\Windows\System\pGPPiix.exe

Filesize
6.1MB

MD5
330f7abec017229c17eba2e979eb8610

SHA1
d7fa696025340de14a17da24f227e2ae26f60e4f

SHA256
cac10320bbc786558498a9b8264a222c6b7a3cf4c69deeb2eeeb8eddbafa92f9

SHA512
d616a7f0822a3fb3ca785b2754de86526e2e1b1d54289e69eac823689b6cfa03d269740cc05e8b46f0478f6723089220c8c2bd57fb800a51609d0c865bd00bfe

Download Submit
C:\Windows\System\psUPMym.exe

Filesize
6.1MB

MD5
8c4611bfb284ce0d6905179560d698a7

SHA1
9eda8c0bb1cd30ff8b572583bf720afe7d092cd7

SHA256
8a248eeb0858123bcb41f03e0cf630426cfeac8fa5b9eea64475f04116b48be7

SHA512
29042bc38d34b60116eaf17d6eb786a2ea6da78df771ac4d0e2d2a6af6771608c80bdecfeb2942a660098a57755608f719fabd6b8219603bedfb75ea04e93678

Download Submit
C:\Windows\System\qNpcLCO.exe

Filesize
6.1MB

MD5
44dcb7fc3897a43b4251ea9d3d2ff323

SHA1
e893fcea4022e1ff928f23be6ceb7cc6467e131e

SHA256
c7e6450dab5fe93a7fe43642d344e849dcdaed6691ae9df373674d68e34fb933

SHA512
d99dff23a2127376c686f941ba1fb56799120999285b489efac2f9c83448363def97dfb3a60ebd749034e28bcd8ff4a6beab57e7764151814ad72e0840bfdc70

Download Submit
C:\Windows\System\sksBSsE.exe

Filesize
6.1MB

MD5
41df1dd0675b9809935586f1027dacc5

SHA1
1f0d7bba4349d17345b82815d053ab6b1ce7a9a4

SHA256
7953dea4e4d37b51eeb0e55f2539d4eb0c7e38c064aeec9a2e98c88a5b835257

SHA512
cb3778a3f7002e0f64906b6c54be24b0ed645edb0c4152fa2bad897095bfb3907948431057f497a868dac8157ba61c5dd5a081a23043bbe84b51108a82845c69

Download Submit
C:\Windows\System\uXRGOwJ.exe

Filesize
6.1MB

MD5
17fcdb0b3d17d72e086ac65b051609da

SHA1
ea9d19d4693022c5c919ce04fe2caa647b75472e

SHA256
b5931c06ae1659e3eb6af76da2bc64293b21c409285e65e3f1c7389449306369

SHA512
06865a5475ef13eeaa9f95df5432e2e2b293a6bf1c2825252d001445d6eaabbf496e6e5d1619429525d253a0ae132aa859299c49b8e874c94beaee19925909c1

Download Submit
C:\Windows\System\wTAxFia.exe

Filesize
6.1MB

MD5
6c55fdf7ee324bfcdffca3d6e2f8c791

SHA1
5820f0fbccfc760caca5ec72112cc4a431abb03a

SHA256
6b8026a4eafb1c825f8ebb3acc5d2a3f5c7786f82c63f77582e2621649c09a67

SHA512
a8969a215773e960170b619a5859e062e6f5a0eab4d08310e4dcc41ade8b6c9e20bc23894cf8b7de7a33101cc7176682c2a86cce99ca4081e188f4f2c3bdabc9

Download Submit
C:\Windows\System\xmErIsU.exe

Filesize
6.1MB

MD5
d7862766250f49bf2a0a29fcc8f424b8

SHA1
45de27ae0495106414eb6cb490578d6fd4f9dba2

SHA256
a7aa5e1ef20f927d874664b3cb1879cede63cb791ed73d2803291aa5e9b54daa

SHA512
415572082d6bb96d6d549e197416739b7b1b108b85a36aef1ca0ec95c90cccd80d775f84410242855a3972fd93e6e08fb97b57af47619f6dbc5976afcbaad5a9

Download Submit
C:\Windows\System\ybWnhyL.exe

Filesize
6.1MB

MD5
d2020402cfe1007f90a0bfa62343592a

SHA1
c8111376724736d47b4d6caedc121f9af658f743

SHA256
eb6e240ec579d4dd5408690110a6c31068033fbbbe86d17173360fac538d0046

SHA512
2e0241f1c14c1ce7ea5cd7ec9cea3171678cae3bdd4c84e0ad41d4604b15206f2fdf6d7cdf35ce11e50a954719b732f8dda8e84f924509b966c0b104a6d01888

Download Submit
C:\Windows\System\yklXzMM.exe

Filesize
6.1MB

MD5
16046793be2c4142157177c62c411b53

SHA1
33e6c41aeee2e68b7d2c2a2a26d3b9217179b66d

SHA256
4564b739db044f48316566fa5e356cd7bcf5145cf9b65304a40daa9964f9aa28

SHA512
6c8978eb28362f501dac5db385670526ff3294388ac4391dd9cca4bf4ec194541f3eee9d4aa805bf5a7f7a67af3914497932156323f996356a0c7dce7f0e4d79

Download Submit
C:\Windows\System\zUORiSD.exe

Filesize
6.1MB

MD5
d61eab537057a28eb67c08710e4cb183

SHA1
fc3764aa7a83b9170c97df4495bb9f7dfbf4f46c

SHA256
5a8eec96796b81035f9571640b781fc3ec5a58427104b1783d8b3ed6e6cb726b

SHA512
8eb0d1a17c3aab1507447c07eaa94dabf1c83286740c9e5c8e95f6d5b7e1d619d12f843832a1a7b3d187643aaefb086692a99e4da73d20f518c12c7b032ad219

Download Submit
C:\Windows\System\zcNRtDr.exe

Filesize
6.1MB

MD5
dbb549816654907bad689271c2c441dd

SHA1
8766c32086cef3acf20a3e4d30fe459bc0b682b9

SHA256
e7e3027c1ff1c4dce52fa0da0a5533d7da3564f5fbb45e1b4881fed35b918aff

SHA512
ab283c847efd93e73bd3a994764b237aaafdc23b252a55a93b8dcfef96b8755834b52166263e466aa611f8b33dd7e27b0478b87b117ceb2a978106096b8cf0be

Download Submit
memory/8-10-0x00007FF622500000-0x00007FF622854000-memory.dmp

Filesize
3.3MB

Download
memory/8-59-0x00007FF622500000-0x00007FF622854000-memory.dmp

Filesize
3.3MB

Download
memory/8-1642-0x00007FF622500000-0x00007FF622854000-memory.dmp

Filesize
3.3MB

Download
memory/540-182-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp

Filesize
3.3MB

Download
memory/540-128-0x00007FF61FAD0000-0x00007FF61FE24000-memory.dmp

Filesize
3.3MB

Download
memory/548-87-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp

Filesize
3.3MB

Download
memory/548-1668-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp

Filesize
3.3MB

Download
memory/548-36-0x00007FF6D40E0000-0x00007FF6D4434000-memory.dmp

Filesize
3.3MB

Download
memory/724-1666-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp

Filesize
3.3MB

Download
memory/724-33-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp

Filesize
3.3MB

Download
memory/724-84-0x00007FF7BFE50000-0x00007FF7C01A4000-memory.dmp

Filesize
3.3MB

Download
memory/820-86-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp

Filesize
3.3MB

Download
memory/820-139-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp

Filesize
3.3MB

Download
memory/820-2082-0x00007FF6E2B60000-0x00007FF6E2EB4000-memory.dmp

Filesize
3.3MB

Download
memory/936-99-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp

Filesize
3.3MB

Download
memory/936-153-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp

Filesize
3.3MB

Download
memory/936-2087-0x00007FF7329D0000-0x00007FF732D24000-memory.dmp

Filesize
3.3MB

Download
memory/1320-175-0x00007FF6BD470000-0x00007FF6BD7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2296-0x00007FF6BD470000-0x00007FF6BD7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2294-0x00007FF738040000-0x00007FF738394000-memory.dmp

Filesize
3.3MB

Download
memory/1384-164-0x00007FF738040000-0x00007FF738394000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2095-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/1488-159-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/1488-107-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/1528-56-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1-0x0000020501000000-0x0000020501010000-memory.dmp

Filesize
64KB

Download
memory/1528-0-0x00007FF7C1830000-0x00007FF7C1B84000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2228-0x00007FF645240000-0x00007FF645594000-memory.dmp

Filesize
3.3MB

Download
memory/1588-174-0x00007FF645240000-0x00007FF645594000-memory.dmp

Filesize
3.3MB

Download
memory/1588-122-0x00007FF645240000-0x00007FF645594000-memory.dmp

Filesize
3.3MB

Download
memory/1916-24-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1660-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-75-0x00007FF7B4750000-0x00007FF7B4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1768-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-123-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-76-0x00007FF7126E0000-0x00007FF712A34000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2298-0x00007FF712070000-0x00007FF7123C4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-631-0x00007FF712070000-0x00007FF7123C4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-190-0x00007FF712070000-0x00007FF7123C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-96-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp

Filesize
3.3MB

Download
memory/2404-140-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2084-0x00007FF7D09F0000-0x00007FF7D0D44000-memory.dmp

Filesize
3.3MB

Download
memory/2512-701-0x00007FF6667A0000-0x00007FF666AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2299-0x00007FF6667A0000-0x00007FF666AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-193-0x00007FF6667A0000-0x00007FF666AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-98-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1742-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-48-0x00007FF615FA0000-0x00007FF6162F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-212-0x00007FF70ABC0000-0x00007FF70AF14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-154-0x00007FF70ABC0000-0x00007FF70AF14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2293-0x00007FF70ABC0000-0x00007FF70AF14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-58-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1754-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-111-0x00007FF7FD1A0000-0x00007FF7FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2092-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp

Filesize
3.3MB

Download
memory/3096-162-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp

Filesize
3.3MB

Download
memory/3096-112-0x00007FF7C26B0000-0x00007FF7C2A04000-memory.dmp

Filesize
3.3MB

Download
memory/3176-70-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp

Filesize
3.3MB

Download
memory/3176-1765-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp

Filesize
3.3MB

Download
memory/3176-119-0x00007FF7CB4F0000-0x00007FF7CB844000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2295-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-170-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp

Filesize
3.3MB

Download
memory/3200-1656-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp

Filesize
3.3MB

Download
memory/3200-74-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp

Filesize
3.3MB

Download
memory/3200-20-0x00007FF6F8A40000-0x00007FF6F8D94000-memory.dmp

Filesize
3.3MB

Download
memory/3276-135-0x00007FF7A5F20000-0x00007FF7A6274000-memory.dmp

Filesize
3.3MB

Download
memory/3652-62-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3652-1756-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3652-115-0x00007FF7F7A90000-0x00007FF7F7DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-1731-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp

Filesize
3.3MB

Download
memory/3964-97-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp

Filesize
3.3MB

Download
memory/3964-42-0x00007FF76A6E0000-0x00007FF76AA34000-memory.dmp

Filesize
3.3MB

Download
memory/4080-179-0x00007FF6996B0000-0x00007FF699A04000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2297-0x00007FF6996B0000-0x00007FF699A04000-memory.dmp

Filesize
3.3MB

Download
memory/4080-500-0x00007FF6996B0000-0x00007FF699A04000-memory.dmp

Filesize
3.3MB

Download
memory/4148-15-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp

Filesize
3.3MB

Download
memory/4148-61-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp

Filesize
3.3MB

Download
memory/4148-1655-0x00007FF6E1E00000-0x00007FF6E2154000-memory.dmp

Filesize
3.3MB

Download
memory/4476-192-0x00007FF6A4B00000-0x00007FF6A4E54000-memory.dmp

Filesize
3.3MB

Download
memory/4476-141-0x00007FF6A4B00000-0x00007FF6A4E54000-memory.dmp

Filesize
3.3MB

Download
memory/4484-196-0x00007FF669B10000-0x00007FF669E64000-memory.dmp

Filesize
3.3MB

Download
memory/4484-145-0x00007FF669B10000-0x00007FF669E64000-memory.dmp

Filesize
3.3MB

Download