cobaltstrike | 774f9d6135f7fc5058a9e9d9f6fb4716d5683033b007062c911daab9020dfc9a

Analysis

max time kernel
102s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

0e5e406b03e035f95a8c2e867b565c5d
SHA1

e62c43ae538d830b1875a4bd496c7552b8b3447e
SHA256

774f9d6135f7fc5058a9e9d9f6fb4716d5683033b007062c911daab9020dfc9a
SHA512

14600130aa254cacd159a5ed183840467f2fd9d8a0f06e1f0927652c19461400437f41c22b16252fd00847074d1514e076cb68fc8b5b7f142b21205493348792
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000d000000023f37-4.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002401a-11.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002401b-19.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002401c-21.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002401d-28.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000024001-34.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000024033-41.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002403a-51.dat	cobalt_reflective_dll
behavioral2/files/0x0016000000024034-50.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002403e-61.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404a-68.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404c-83.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404d-87.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404e-92.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404f-101.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024050-106.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024053-121.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024054-128.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002405d-143.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024052-120.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000024051-119.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002404b-82.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002405e-147.dat	cobalt_reflective_dll
behavioral2/files/0x00330000000231ee-152.dat	cobalt_reflective_dll
behavioral2/files/0x00240000000238be-163.dat	cobalt_reflective_dll
behavioral2/files/0x000f000000023c3a-174.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024060-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024061-204.dat	cobalt_reflective_dll
behavioral2/files/0x001a000000023d58-196.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002405f-188.dat	cobalt_reflective_dll
behavioral2/files/0x00420000000238cd-186.dat	cobalt_reflective_dll
behavioral2/files/0x00410000000238ca-173.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp	xmrig
behavioral2/files/0x000d000000023f37-4.dat	xmrig
behavioral2/memory/2708-8-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp	xmrig
behavioral2/files/0x000800000002401a-11.dat	xmrig
behavioral2/files/0x000800000002401b-19.dat	xmrig
behavioral2/files/0x000800000002401c-21.dat	xmrig
behavioral2/memory/1848-24-0x00007FF68D000000-0x00007FF68D354000-memory.dmp	xmrig
behavioral2/memory/456-23-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp	xmrig
behavioral2/memory/4924-16-0x00007FF660270000-0x00007FF6605C4000-memory.dmp	xmrig
behavioral2/files/0x000800000002401d-28.dat	xmrig
behavioral2/memory/1784-30-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp	xmrig
behavioral2/files/0x0009000000024001-34.dat	xmrig
behavioral2/memory/1512-36-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp	xmrig
behavioral2/files/0x000b000000024033-41.dat	xmrig
behavioral2/files/0x000800000002403a-51.dat	xmrig
behavioral2/files/0x0016000000024034-50.dat	xmrig
behavioral2/memory/3672-53-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp	xmrig
behavioral2/memory/4960-54-0x00007FF63B010000-0x00007FF63B364000-memory.dmp	xmrig
behavioral2/memory/4472-49-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp	xmrig
behavioral2/memory/2036-42-0x00007FF677290000-0x00007FF6775E4000-memory.dmp	xmrig
behavioral2/memory/2708-55-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp	xmrig
behavioral2/files/0x000800000002403e-61.dat	xmrig
behavioral2/files/0x000800000002404a-68.dat	xmrig
behavioral2/memory/456-72-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp	xmrig
behavioral2/memory/4064-76-0x00007FF638730000-0x00007FF638A84000-memory.dmp	xmrig
behavioral2/memory/3064-79-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp	xmrig
behavioral2/memory/1784-81-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp	xmrig
behavioral2/files/0x000800000002404c-83.dat	xmrig
behavioral2/files/0x000800000002404d-87.dat	xmrig
behavioral2/files/0x000800000002404e-92.dat	xmrig
behavioral2/files/0x000800000002404f-101.dat	xmrig
behavioral2/files/0x0008000000024050-106.dat	xmrig
behavioral2/memory/972-116-0x00007FF7C0660000-0x00007FF7C09B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024053-121.dat	xmrig
behavioral2/files/0x0008000000024054-128.dat	xmrig
behavioral2/memory/2100-136-0x00007FF6DF890000-0x00007FF6DFBE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002405d-143.dat	xmrig
behavioral2/memory/620-142-0x00007FF796FB0000-0x00007FF797304000-memory.dmp	xmrig
behavioral2/memory/4880-139-0x00007FF631980000-0x00007FF631CD4000-memory.dmp	xmrig
behavioral2/memory/4960-137-0x00007FF63B010000-0x00007FF63B364000-memory.dmp	xmrig
behavioral2/memory/808-130-0x00007FF71B700000-0x00007FF71BA54000-memory.dmp	xmrig
behavioral2/memory/4472-129-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp	xmrig
behavioral2/memory/4760-124-0x00007FF61A2D0000-0x00007FF61A624000-memory.dmp	xmrig
behavioral2/memory/2380-123-0x00007FF7B1DE0000-0x00007FF7B2134000-memory.dmp	xmrig
behavioral2/files/0x0008000000024052-120.dat	xmrig
behavioral2/memory/2036-118-0x00007FF677290000-0x00007FF6775E4000-memory.dmp	xmrig
behavioral2/files/0x0008000000024051-119.dat	xmrig
behavioral2/memory/2872-114-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp	xmrig
behavioral2/memory/1168-110-0x00007FF786D20000-0x00007FF787074000-memory.dmp	xmrig
behavioral2/memory/3844-91-0x00007FF795DB0000-0x00007FF796104000-memory.dmp	xmrig
behavioral2/memory/1512-90-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp	xmrig
behavioral2/files/0x000800000002404b-82.dat	xmrig
behavioral2/memory/408-80-0x00007FF6421A0000-0x00007FF6424F4000-memory.dmp	xmrig
behavioral2/memory/4880-70-0x00007FF631980000-0x00007FF631CD4000-memory.dmp	xmrig
behavioral2/memory/4924-62-0x00007FF660270000-0x00007FF6605C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002405e-147.dat	xmrig
behavioral2/memory/3064-150-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp	xmrig
behavioral2/files/0x00330000000231ee-152.dat	xmrig
behavioral2/memory/3368-157-0x00007FF6E3E80000-0x00007FF6E41D4000-memory.dmp	xmrig
behavioral2/memory/3584-154-0x00007FF7E8600000-0x00007FF7E8954000-memory.dmp	xmrig
behavioral2/files/0x00240000000238be-163.dat	xmrig
behavioral2/files/0x000f000000023c3a-174.dat	xmrig
behavioral2/memory/3844-183-0x00007FF795DB0000-0x00007FF796104000-memory.dmp	xmrig
behavioral2/memory/4884-193-0x00007FF7BB7F0000-0x00007FF7BBB44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2708	TniLjbW.exe
4924	mGFXsiB.exe
456	wIyhuIv.exe
1848	WoVNmto.exe
1784	EhtCNuP.exe
1512	PbqGFVH.exe
2036	EjfaoNB.exe
4472	lRbvLdw.exe
4960	Xdbncaf.exe
4880	dlmEsMD.exe
4064	vJjgHHa.exe
3064	cdqlxhf.exe
408	xfDquxw.exe
3844	XODRXLi.exe
1168	snNKoKP.exe
2380	pkgGfTD.exe
2872	XPSVjMZ.exe
4760	MzVpEUw.exe
972	QFTSFVN.exe
808	fCxFMGv.exe
2100	yoZcrMI.exe
620	BcbzxCP.exe
3584	nUOsuJC.exe
3368	yJXpxlB.exe
3792	XarifUK.exe
1596	SjbIAGH.exe
4884	eAuwhqL.exe
1036	OHBfyEw.exe
4452	tRsHuWl.exe
1440	XMMsdxc.exe
1660	CjSeOOr.exe
4972	JiBCgxr.exe
3052	vABuIJX.exe
1428	OkZDEIW.exe
3076	zlgGFcc.exe
3884	IsgBceJ.exe
2136	IIXlrJd.exe
2288	zxSSzeu.exe
4672	ZWlLfBA.exe
1744	eWOAYYh.exe
4788	elwndat.exe
2860	hafsNgj.exe
5096	eRYcnRM.exe
2336	NHxdTNr.exe
4496	WzRddNb.exe
2112	HNXFHmU.exe
4236	CjcGBat.exe
3952	nFbyNxq.exe
2516	ONFUGuU.exe
3892	OKXLHyx.exe
5016	WAZCkSH.exe
3376	BJZnlwE.exe
1576	LvrbVfo.exe
1084	vMfzNMk.exe
4720	VNveRqV.exe
812	digvwDP.exe
3256	DkAbFio.exe
1104	nmjizyf.exe
2624	NHqMIPd.exe
2060	yRpqPQb.exe
2148	diwQnWU.exe
3832	AsraGhD.exe
4184	WdNntfn.exe
2888	DngEmeD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp	upx
behavioral2/files/0x000d000000023f37-4.dat	upx
behavioral2/memory/2708-8-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp	upx
behavioral2/files/0x000800000002401a-11.dat	upx
behavioral2/files/0x000800000002401b-19.dat	upx
behavioral2/files/0x000800000002401c-21.dat	upx
behavioral2/memory/1848-24-0x00007FF68D000000-0x00007FF68D354000-memory.dmp	upx
behavioral2/memory/456-23-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp	upx
behavioral2/memory/4924-16-0x00007FF660270000-0x00007FF6605C4000-memory.dmp	upx
behavioral2/files/0x000800000002401d-28.dat	upx
behavioral2/memory/1784-30-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp	upx
behavioral2/files/0x0009000000024001-34.dat	upx
behavioral2/memory/1512-36-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp	upx
behavioral2/files/0x000b000000024033-41.dat	upx
behavioral2/files/0x000800000002403a-51.dat	upx
behavioral2/files/0x0016000000024034-50.dat	upx
behavioral2/memory/3672-53-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp	upx
behavioral2/memory/4960-54-0x00007FF63B010000-0x00007FF63B364000-memory.dmp	upx
behavioral2/memory/4472-49-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp	upx
behavioral2/memory/2036-42-0x00007FF677290000-0x00007FF6775E4000-memory.dmp	upx
behavioral2/memory/2708-55-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp	upx
behavioral2/files/0x000800000002403e-61.dat	upx
behavioral2/files/0x000800000002404a-68.dat	upx
behavioral2/memory/456-72-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp	upx
behavioral2/memory/4064-76-0x00007FF638730000-0x00007FF638A84000-memory.dmp	upx
behavioral2/memory/3064-79-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp	upx
behavioral2/memory/1784-81-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp	upx
behavioral2/files/0x000800000002404c-83.dat	upx
behavioral2/files/0x000800000002404d-87.dat	upx
behavioral2/files/0x000800000002404e-92.dat	upx
behavioral2/files/0x000800000002404f-101.dat	upx
behavioral2/files/0x0008000000024050-106.dat	upx
behavioral2/memory/972-116-0x00007FF7C0660000-0x00007FF7C09B4000-memory.dmp	upx
behavioral2/files/0x0008000000024053-121.dat	upx
behavioral2/files/0x0008000000024054-128.dat	upx
behavioral2/memory/2100-136-0x00007FF6DF890000-0x00007FF6DFBE4000-memory.dmp	upx
behavioral2/files/0x000700000002405d-143.dat	upx
behavioral2/memory/620-142-0x00007FF796FB0000-0x00007FF797304000-memory.dmp	upx
behavioral2/memory/4880-139-0x00007FF631980000-0x00007FF631CD4000-memory.dmp	upx
behavioral2/memory/4960-137-0x00007FF63B010000-0x00007FF63B364000-memory.dmp	upx
behavioral2/memory/808-130-0x00007FF71B700000-0x00007FF71BA54000-memory.dmp	upx
behavioral2/memory/4472-129-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp	upx
behavioral2/memory/4760-124-0x00007FF61A2D0000-0x00007FF61A624000-memory.dmp	upx
behavioral2/memory/2380-123-0x00007FF7B1DE0000-0x00007FF7B2134000-memory.dmp	upx
behavioral2/files/0x0008000000024052-120.dat	upx
behavioral2/memory/2036-118-0x00007FF677290000-0x00007FF6775E4000-memory.dmp	upx
behavioral2/files/0x0008000000024051-119.dat	upx
behavioral2/memory/2872-114-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp	upx
behavioral2/memory/1168-110-0x00007FF786D20000-0x00007FF787074000-memory.dmp	upx
behavioral2/memory/3844-91-0x00007FF795DB0000-0x00007FF796104000-memory.dmp	upx
behavioral2/memory/1512-90-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp	upx
behavioral2/files/0x000800000002404b-82.dat	upx
behavioral2/memory/408-80-0x00007FF6421A0000-0x00007FF6424F4000-memory.dmp	upx
behavioral2/memory/4880-70-0x00007FF631980000-0x00007FF631CD4000-memory.dmp	upx
behavioral2/memory/4924-62-0x00007FF660270000-0x00007FF6605C4000-memory.dmp	upx
behavioral2/files/0x000700000002405e-147.dat	upx
behavioral2/memory/3064-150-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp	upx
behavioral2/files/0x00330000000231ee-152.dat	upx
behavioral2/memory/3368-157-0x00007FF6E3E80000-0x00007FF6E41D4000-memory.dmp	upx
behavioral2/memory/3584-154-0x00007FF7E8600000-0x00007FF7E8954000-memory.dmp	upx
behavioral2/files/0x00240000000238be-163.dat	upx
behavioral2/files/0x000f000000023c3a-174.dat	upx
behavioral2/memory/3844-183-0x00007FF795DB0000-0x00007FF796104000-memory.dmp	upx
behavioral2/memory/4884-193-0x00007FF7BB7F0000-0x00007FF7BBB44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tRsHuWl.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mBfkcfn.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\evMizCR.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ffuWbAa.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\afYKFXc.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RhHZxAd.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GHkiXHG.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VDGiQfi.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ymdtSBK.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SqnnRyG.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gcLheES.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BcbzxCP.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zxSSzeu.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\elwndat.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\digvwDP.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IvIqPBc.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YKWrEkZ.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EmWDDrJ.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pkgGfTD.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UYjqwpe.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FJPkvkT.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KFTpevV.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UboIEEx.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XDZUdHz.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kydyPsn.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yazaPTA.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iefIkoL.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FrhPqeJ.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CpWouJh.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WUDNdCH.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ovWtwdG.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rFPLuUA.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QRHEHMm.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ijcjMMq.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ONFUGuU.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EjfaoNB.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cpqLFdM.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KOnCXZN.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VvRAHUn.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nhvUjso.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rNktHkB.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AMekebS.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EhtCNuP.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AclxihK.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uECZTZz.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bphKnjp.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QuiYcIO.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PjutSaq.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QkxYSyQ.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\olBPtQj.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wIyhuIv.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aAJBHfz.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sZfOfaQ.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hEibCuD.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TQtOguL.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sAvikTX.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TquMAzf.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qINiNLd.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JncaqQa.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NvSqevR.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BLWnGDx.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SvYRHcn.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JQGunzb.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jcAweaR.exe	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 2708	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3672 wrote to memory of 2708	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3672 wrote to memory of 4924	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3672 wrote to memory of 4924	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3672 wrote to memory of 456	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3672 wrote to memory of 456	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3672 wrote to memory of 1848	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3672 wrote to memory of 1848	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3672 wrote to memory of 1784	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3672 wrote to memory of 1784	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3672 wrote to memory of 1512	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3672 wrote to memory of 1512	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3672 wrote to memory of 2036	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3672 wrote to memory of 2036	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3672 wrote to memory of 4472	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3672 wrote to memory of 4472	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3672 wrote to memory of 4960	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3672 wrote to memory of 4960	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3672 wrote to memory of 4880	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3672 wrote to memory of 4880	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3672 wrote to memory of 4064	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3672 wrote to memory of 4064	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3672 wrote to memory of 3064	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3672 wrote to memory of 3064	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 3672 wrote to memory of 408	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3672 wrote to memory of 408	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 3672 wrote to memory of 3844	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3672 wrote to memory of 3844	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3672 wrote to memory of 1168	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3672 wrote to memory of 1168	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3672 wrote to memory of 2380	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3672 wrote to memory of 2380	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3672 wrote to memory of 2872	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3672 wrote to memory of 2872	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3672 wrote to memory of 4760	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3672 wrote to memory of 4760	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3672 wrote to memory of 972	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3672 wrote to memory of 972	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3672 wrote to memory of 808	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3672 wrote to memory of 808	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3672 wrote to memory of 2100	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3672 wrote to memory of 2100	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3672 wrote to memory of 620	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3672 wrote to memory of 620	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3672 wrote to memory of 3584	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3672 wrote to memory of 3584	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3672 wrote to memory of 3368	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3672 wrote to memory of 3368	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3672 wrote to memory of 1596	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3672 wrote to memory of 1596	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3672 wrote to memory of 3792	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3672 wrote to memory of 3792	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3672 wrote to memory of 4884	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3672 wrote to memory of 4884	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3672 wrote to memory of 1036	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3672 wrote to memory of 1036	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 3672 wrote to memory of 4452	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3672 wrote to memory of 4452	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3672 wrote to memory of 1440	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3672 wrote to memory of 1440	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3672 wrote to memory of 1660	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3672 wrote to memory of 1660	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 3672 wrote to memory of 4972	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 3672 wrote to memory of 4972	3672	2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123

C:\Users\Admin\AppData\Local\Temp\2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_0e5e406b03e035f95a8c2e867b565c5d_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\System\TniLjbW.exe
  C:\Windows\System\TniLjbW.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\mGFXsiB.exe
  C:\Windows\System\mGFXsiB.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\wIyhuIv.exe
  C:\Windows\System\wIyhuIv.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\WoVNmto.exe
  C:\Windows\System\WoVNmto.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\EhtCNuP.exe
  C:\Windows\System\EhtCNuP.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\PbqGFVH.exe
  C:\Windows\System\PbqGFVH.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\EjfaoNB.exe
  C:\Windows\System\EjfaoNB.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\lRbvLdw.exe
  C:\Windows\System\lRbvLdw.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\Xdbncaf.exe
  C:\Windows\System\Xdbncaf.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\dlmEsMD.exe
  C:\Windows\System\dlmEsMD.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\vJjgHHa.exe
  C:\Windows\System\vJjgHHa.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\cdqlxhf.exe
  C:\Windows\System\cdqlxhf.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\xfDquxw.exe
  C:\Windows\System\xfDquxw.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\XODRXLi.exe
  C:\Windows\System\XODRXLi.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\snNKoKP.exe
  C:\Windows\System\snNKoKP.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\pkgGfTD.exe
  C:\Windows\System\pkgGfTD.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\XPSVjMZ.exe
  C:\Windows\System\XPSVjMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\MzVpEUw.exe
  C:\Windows\System\MzVpEUw.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\QFTSFVN.exe
  C:\Windows\System\QFTSFVN.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\fCxFMGv.exe
  C:\Windows\System\fCxFMGv.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\yoZcrMI.exe
  C:\Windows\System\yoZcrMI.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\BcbzxCP.exe
  C:\Windows\System\BcbzxCP.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\nUOsuJC.exe
  C:\Windows\System\nUOsuJC.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\yJXpxlB.exe
  C:\Windows\System\yJXpxlB.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\SjbIAGH.exe
  C:\Windows\System\SjbIAGH.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\XarifUK.exe
  C:\Windows\System\XarifUK.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\eAuwhqL.exe
  C:\Windows\System\eAuwhqL.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\OHBfyEw.exe
  C:\Windows\System\OHBfyEw.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\tRsHuWl.exe
  C:\Windows\System\tRsHuWl.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\XMMsdxc.exe
  C:\Windows\System\XMMsdxc.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\CjSeOOr.exe
  C:\Windows\System\CjSeOOr.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\JiBCgxr.exe
  C:\Windows\System\JiBCgxr.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\vABuIJX.exe
  C:\Windows\System\vABuIJX.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\OkZDEIW.exe
  C:\Windows\System\OkZDEIW.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\zlgGFcc.exe
  C:\Windows\System\zlgGFcc.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\IsgBceJ.exe
  C:\Windows\System\IsgBceJ.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\IIXlrJd.exe
  C:\Windows\System\IIXlrJd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\zxSSzeu.exe
  C:\Windows\System\zxSSzeu.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ZWlLfBA.exe
  C:\Windows\System\ZWlLfBA.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\eWOAYYh.exe
  C:\Windows\System\eWOAYYh.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\elwndat.exe
  C:\Windows\System\elwndat.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\hafsNgj.exe
  C:\Windows\System\hafsNgj.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\eRYcnRM.exe
  C:\Windows\System\eRYcnRM.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\NHxdTNr.exe
  C:\Windows\System\NHxdTNr.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\WzRddNb.exe
  C:\Windows\System\WzRddNb.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\HNXFHmU.exe
  C:\Windows\System\HNXFHmU.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\CjcGBat.exe
  C:\Windows\System\CjcGBat.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\nFbyNxq.exe
  C:\Windows\System\nFbyNxq.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\ONFUGuU.exe
  C:\Windows\System\ONFUGuU.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\OKXLHyx.exe
  C:\Windows\System\OKXLHyx.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\WAZCkSH.exe
  C:\Windows\System\WAZCkSH.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\BJZnlwE.exe
  C:\Windows\System\BJZnlwE.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\LvrbVfo.exe
  C:\Windows\System\LvrbVfo.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\vMfzNMk.exe
  C:\Windows\System\vMfzNMk.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\VNveRqV.exe
  C:\Windows\System\VNveRqV.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\digvwDP.exe
  C:\Windows\System\digvwDP.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\DkAbFio.exe
  C:\Windows\System\DkAbFio.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\nmjizyf.exe
  C:\Windows\System\nmjizyf.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\NHqMIPd.exe
  C:\Windows\System\NHqMIPd.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\yRpqPQb.exe
  C:\Windows\System\yRpqPQb.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\diwQnWU.exe
  C:\Windows\System\diwQnWU.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\AsraGhD.exe
  C:\Windows\System\AsraGhD.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\WdNntfn.exe
  C:\Windows\System\WdNntfn.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\DngEmeD.exe
  C:\Windows\System\DngEmeD.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\RcknCJN.exe
  C:\Windows\System\RcknCJN.exe
  2⤵
  PID:3696
- C:\Windows\System\IpGUCGl.exe
  C:\Windows\System\IpGUCGl.exe
  2⤵
  PID:4736
- C:\Windows\System\kJHMTgg.exe
  C:\Windows\System\kJHMTgg.exe
  2⤵
  PID:4744
- C:\Windows\System\YlwPYhA.exe
  C:\Windows\System\YlwPYhA.exe
  2⤵
  PID:2368
- C:\Windows\System\KkeDiYk.exe
  C:\Windows\System\KkeDiYk.exe
  2⤵
  PID:3980
- C:\Windows\System\MzvEONa.exe
  C:\Windows\System\MzvEONa.exe
  2⤵
  PID:4212
- C:\Windows\System\vfHmehS.exe
  C:\Windows\System\vfHmehS.exe
  2⤵
  PID:2776
- C:\Windows\System\Xjknlpq.exe
  C:\Windows\System\Xjknlpq.exe
  2⤵
  PID:1708
- C:\Windows\System\aLOahaO.exe
  C:\Windows\System\aLOahaO.exe
  2⤵
  PID:464
- C:\Windows\System\lqXadip.exe
  C:\Windows\System\lqXadip.exe
  2⤵
  PID:3240
- C:\Windows\System\TiajEvP.exe
  C:\Windows\System\TiajEvP.exe
  2⤵
  PID:1408
- C:\Windows\System\ugwKzXw.exe
  C:\Windows\System\ugwKzXw.exe
  2⤵
  PID:2140
- C:\Windows\System\qGpxOCL.exe
  C:\Windows\System\qGpxOCL.exe
  2⤵
  PID:4952
- C:\Windows\System\hYUFSgk.exe
  C:\Windows\System\hYUFSgk.exe
  2⤵
  PID:2696
- C:\Windows\System\riFDlKm.exe
  C:\Windows\System\riFDlKm.exe
  2⤵
  PID:4540
- C:\Windows\System\IpcUipn.exe
  C:\Windows\System\IpcUipn.exe
  2⤵
  PID:224
- C:\Windows\System\TUCDdqa.exe
  C:\Windows\System\TUCDdqa.exe
  2⤵
  PID:4244
- C:\Windows\System\UxYQOKS.exe
  C:\Windows\System\UxYQOKS.exe
  2⤵
  PID:2316
- C:\Windows\System\ZvBVnWW.exe
  C:\Windows\System\ZvBVnWW.exe
  2⤵
  PID:2372
- C:\Windows\System\euotrMP.exe
  C:\Windows\System\euotrMP.exe
  2⤵
  PID:5128
- C:\Windows\System\KlAZOnW.exe
  C:\Windows\System\KlAZOnW.exe
  2⤵
  PID:5152
- C:\Windows\System\hRKrhqh.exe
  C:\Windows\System\hRKrhqh.exe
  2⤵
  PID:5180
- C:\Windows\System\uaxQrim.exe
  C:\Windows\System\uaxQrim.exe
  2⤵
  PID:5208
- C:\Windows\System\bGSaSXi.exe
  C:\Windows\System\bGSaSXi.exe
  2⤵
  PID:5236
- C:\Windows\System\FrhPqeJ.exe
  C:\Windows\System\FrhPqeJ.exe
  2⤵
  PID:5260
- C:\Windows\System\TqfWAUc.exe
  C:\Windows\System\TqfWAUc.exe
  2⤵
  PID:5288
- C:\Windows\System\uOktTeH.exe
  C:\Windows\System\uOktTeH.exe
  2⤵
  PID:5320
- C:\Windows\System\LzCofKI.exe
  C:\Windows\System\LzCofKI.exe
  2⤵
  PID:5352
- C:\Windows\System\BTDgpFX.exe
  C:\Windows\System\BTDgpFX.exe
  2⤵
  PID:5404
- C:\Windows\System\RDUwvGu.exe
  C:\Windows\System\RDUwvGu.exe
  2⤵
  PID:5432
- C:\Windows\System\zfgTuxU.exe
  C:\Windows\System\zfgTuxU.exe
  2⤵
  PID:5476
- C:\Windows\System\mhbRpws.exe
  C:\Windows\System\mhbRpws.exe
  2⤵
  PID:5496
- C:\Windows\System\bTQGjYQ.exe
  C:\Windows\System\bTQGjYQ.exe
  2⤵
  PID:5528
- C:\Windows\System\fMUqHah.exe
  C:\Windows\System\fMUqHah.exe
  2⤵
  PID:5556
- C:\Windows\System\XysvzGY.exe
  C:\Windows\System\XysvzGY.exe
  2⤵
  PID:5584
- C:\Windows\System\dFUvqTk.exe
  C:\Windows\System\dFUvqTk.exe
  2⤵
  PID:5616
- C:\Windows\System\oVhUaqv.exe
  C:\Windows\System\oVhUaqv.exe
  2⤵
  PID:5644
- C:\Windows\System\PFocwHk.exe
  C:\Windows\System\PFocwHk.exe
  2⤵
  PID:5668
- C:\Windows\System\RPASeYp.exe
  C:\Windows\System\RPASeYp.exe
  2⤵
  PID:5696
- C:\Windows\System\AclxihK.exe
  C:\Windows\System\AclxihK.exe
  2⤵
  PID:5720
- C:\Windows\System\WduwAoQ.exe
  C:\Windows\System\WduwAoQ.exe
  2⤵
  PID:5756
- C:\Windows\System\vVwpUte.exe
  C:\Windows\System\vVwpUte.exe
  2⤵
  PID:5780
- C:\Windows\System\UZkaDly.exe
  C:\Windows\System\UZkaDly.exe
  2⤵
  PID:5804
- C:\Windows\System\zzzwPtN.exe
  C:\Windows\System\zzzwPtN.exe
  2⤵
  PID:5840
- C:\Windows\System\HfdSikR.exe
  C:\Windows\System\HfdSikR.exe
  2⤵
  PID:5864
- C:\Windows\System\ecTrneL.exe
  C:\Windows\System\ecTrneL.exe
  2⤵
  PID:5896
- C:\Windows\System\jXNkKyi.exe
  C:\Windows\System\jXNkKyi.exe
  2⤵
  PID:5928
- C:\Windows\System\FgUjLrz.exe
  C:\Windows\System\FgUjLrz.exe
  2⤵
  PID:5952
- C:\Windows\System\khlTchH.exe
  C:\Windows\System\khlTchH.exe
  2⤵
  PID:5984
- C:\Windows\System\SJQDauz.exe
  C:\Windows\System\SJQDauz.exe
  2⤵
  PID:6000
- C:\Windows\System\rCVCLMI.exe
  C:\Windows\System\rCVCLMI.exe
  2⤵
  PID:6036
- C:\Windows\System\rVJiInC.exe
  C:\Windows\System\rVJiInC.exe
  2⤵
  PID:6060
- C:\Windows\System\AfSsnNz.exe
  C:\Windows\System\AfSsnNz.exe
  2⤵
  PID:6096
- C:\Windows\System\CgrAQsc.exe
  C:\Windows\System\CgrAQsc.exe
  2⤵
  PID:6124
- C:\Windows\System\FrRtYJa.exe
  C:\Windows\System\FrRtYJa.exe
  2⤵
  PID:5140
- C:\Windows\System\iXliJzf.exe
  C:\Windows\System\iXliJzf.exe
  2⤵
  PID:5192
- C:\Windows\System\vqxwYsW.exe
  C:\Windows\System\vqxwYsW.exe
  2⤵
  PID:5252
- C:\Windows\System\wNjdvxV.exe
  C:\Windows\System\wNjdvxV.exe
  2⤵
  PID:5332
- C:\Windows\System\urVUdKT.exe
  C:\Windows\System\urVUdKT.exe
  2⤵
  PID:5420
- C:\Windows\System\QLRtfov.exe
  C:\Windows\System\QLRtfov.exe
  2⤵
  PID:1344
- C:\Windows\System\kZyWLaO.exe
  C:\Windows\System\kZyWLaO.exe
  2⤵
  PID:2064
- C:\Windows\System\CpWouJh.exe
  C:\Windows\System\CpWouJh.exe
  2⤵
  PID:4900
- C:\Windows\System\eRjkBCj.exe
  C:\Windows\System\eRjkBCj.exe
  2⤵
  PID:2788
- C:\Windows\System\OQCZqdq.exe
  C:\Windows\System\OQCZqdq.exe
  2⤵
  PID:5460
- C:\Windows\System\AzUbRZA.exe
  C:\Windows\System\AzUbRZA.exe
  2⤵
  PID:4504
- C:\Windows\System\Zxvnqaf.exe
  C:\Windows\System\Zxvnqaf.exe
  2⤵
  PID:5548
- C:\Windows\System\wKGluEv.exe
  C:\Windows\System\wKGluEv.exe
  2⤵
  PID:5624
- C:\Windows\System\wVdaafg.exe
  C:\Windows\System\wVdaafg.exe
  2⤵
  PID:5704
- C:\Windows\System\PUodcVz.exe
  C:\Windows\System\PUodcVz.exe
  2⤵
  PID:5748
- C:\Windows\System\zyuaTPj.exe
  C:\Windows\System\zyuaTPj.exe
  2⤵
  PID:5820
- C:\Windows\System\IRljDnM.exe
  C:\Windows\System\IRljDnM.exe
  2⤵
  PID:5904
- C:\Windows\System\RFOaQIT.exe
  C:\Windows\System\RFOaQIT.exe
  2⤵
  PID:5936
- C:\Windows\System\bFgJert.exe
  C:\Windows\System\bFgJert.exe
  2⤵
  PID:6024
- C:\Windows\System\EDkmLWh.exe
  C:\Windows\System\EDkmLWh.exe
  2⤵
  PID:6104
- C:\Windows\System\uNuEHbe.exe
  C:\Windows\System\uNuEHbe.exe
  2⤵
  PID:5124
- C:\Windows\System\BxRbcNm.exe
  C:\Windows\System\BxRbcNm.exe
  2⤵
  PID:5244
- C:\Windows\System\iyzjbrx.exe
  C:\Windows\System\iyzjbrx.exe
  2⤵
  PID:2124
- C:\Windows\System\xUUNriM.exe
  C:\Windows\System\xUUNriM.exe
  2⤵
  PID:4412
- C:\Windows\System\fBbpXLV.exe
  C:\Windows\System\fBbpXLV.exe
  2⤵
  PID:5484
- C:\Windows\System\oyhMHul.exe
  C:\Windows\System\oyhMHul.exe
  2⤵
  PID:5568
- C:\Windows\System\NIXiPVL.exe
  C:\Windows\System\NIXiPVL.exe
  2⤵
  PID:5772
- C:\Windows\System\kNokSAf.exe
  C:\Windows\System\kNokSAf.exe
  2⤵
  PID:5924
- C:\Windows\System\OKMJwZO.exe
  C:\Windows\System\OKMJwZO.exe
  2⤵
  PID:6052
- C:\Windows\System\GZpcaXk.exe
  C:\Windows\System\GZpcaXk.exe
  2⤵
  PID:2088
- C:\Windows\System\FfvMjhD.exe
  C:\Windows\System\FfvMjhD.exe
  2⤵
  PID:5604
- C:\Windows\System\mBfkcfn.exe
  C:\Windows\System\mBfkcfn.exe
  2⤵
  PID:4424
- C:\Windows\System\KuCxcvL.exe
  C:\Windows\System\KuCxcvL.exe
  2⤵
  PID:5380
- C:\Windows\System\LfOekjF.exe
  C:\Windows\System\LfOekjF.exe
  2⤵
  PID:1588
- C:\Windows\System\RjRCngH.exe
  C:\Windows\System\RjRCngH.exe
  2⤵
  PID:6188
- C:\Windows\System\WcoInHM.exe
  C:\Windows\System\WcoInHM.exe
  2⤵
  PID:6276
- C:\Windows\System\NcfVOkN.exe
  C:\Windows\System\NcfVOkN.exe
  2⤵
  PID:6308
- C:\Windows\System\qXxdFZp.exe
  C:\Windows\System\qXxdFZp.exe
  2⤵
  PID:6336
- C:\Windows\System\IOsranU.exe
  C:\Windows\System\IOsranU.exe
  2⤵
  PID:6360
- C:\Windows\System\oxXMlxY.exe
  C:\Windows\System\oxXMlxY.exe
  2⤵
  PID:6400
- C:\Windows\System\CDzYSuW.exe
  C:\Windows\System\CDzYSuW.exe
  2⤵
  PID:6428
- C:\Windows\System\MsJixFc.exe
  C:\Windows\System\MsJixFc.exe
  2⤵
  PID:6460
- C:\Windows\System\FiZGRwm.exe
  C:\Windows\System\FiZGRwm.exe
  2⤵
  PID:6496
- C:\Windows\System\EMEiPzP.exe
  C:\Windows\System\EMEiPzP.exe
  2⤵
  PID:6528
- C:\Windows\System\aAJBHfz.exe
  C:\Windows\System\aAJBHfz.exe
  2⤵
  PID:6560
- C:\Windows\System\UYjqwpe.exe
  C:\Windows\System\UYjqwpe.exe
  2⤵
  PID:6584
- C:\Windows\System\PYnaAfo.exe
  C:\Windows\System\PYnaAfo.exe
  2⤵
  PID:6620
- C:\Windows\System\wUhpklH.exe
  C:\Windows\System\wUhpklH.exe
  2⤵
  PID:6648
- C:\Windows\System\DzuQBcz.exe
  C:\Windows\System\DzuQBcz.exe
  2⤵
  PID:6680
- C:\Windows\System\NjNoKKa.exe
  C:\Windows\System\NjNoKKa.exe
  2⤵
  PID:6712
- C:\Windows\System\UNrxHoU.exe
  C:\Windows\System\UNrxHoU.exe
  2⤵
  PID:6748
- C:\Windows\System\oteQNNL.exe
  C:\Windows\System\oteQNNL.exe
  2⤵
  PID:6772
- C:\Windows\System\BOMukRy.exe
  C:\Windows\System\BOMukRy.exe
  2⤵
  PID:6800
- C:\Windows\System\wOrnaif.exe
  C:\Windows\System\wOrnaif.exe
  2⤵
  PID:6820
- C:\Windows\System\LYOlsuO.exe
  C:\Windows\System\LYOlsuO.exe
  2⤵
  PID:6848
- C:\Windows\System\niGlXGS.exe
  C:\Windows\System\niGlXGS.exe
  2⤵
  PID:6880
- C:\Windows\System\nFEWbME.exe
  C:\Windows\System\nFEWbME.exe
  2⤵
  PID:6916
- C:\Windows\System\uwpvroS.exe
  C:\Windows\System\uwpvroS.exe
  2⤵
  PID:6940
- C:\Windows\System\ItkWOoz.exe
  C:\Windows\System\ItkWOoz.exe
  2⤵
  PID:6968
- C:\Windows\System\CJWsGdH.exe
  C:\Windows\System\CJWsGdH.exe
  2⤵
  PID:6996
- C:\Windows\System\cpqLFdM.exe
  C:\Windows\System\cpqLFdM.exe
  2⤵
  PID:7024
- C:\Windows\System\evMizCR.exe
  C:\Windows\System\evMizCR.exe
  2⤵
  PID:7052
- C:\Windows\System\BcpGbWq.exe
  C:\Windows\System\BcpGbWq.exe
  2⤵
  PID:7076
- C:\Windows\System\WwlYAmJ.exe
  C:\Windows\System\WwlYAmJ.exe
  2⤵
  PID:7104
- C:\Windows\System\yJdjftj.exe
  C:\Windows\System\yJdjftj.exe
  2⤵
  PID:7136
- C:\Windows\System\CyHnRhN.exe
  C:\Windows\System\CyHnRhN.exe
  2⤵
  PID:7164
- C:\Windows\System\wvhlvIB.exe
  C:\Windows\System\wvhlvIB.exe
  2⤵
  PID:6284
- C:\Windows\System\JpAaUUX.exe
  C:\Windows\System\JpAaUUX.exe
  2⤵
  PID:6324
- C:\Windows\System\fIArjgL.exe
  C:\Windows\System\fIArjgL.exe
  2⤵
  PID:6372
- C:\Windows\System\bzTBCtx.exe
  C:\Windows\System\bzTBCtx.exe
  2⤵
  PID:6452
- C:\Windows\System\bQBHtaJ.exe
  C:\Windows\System\bQBHtaJ.exe
  2⤵
  PID:6544
- C:\Windows\System\yYoORCn.exe
  C:\Windows\System\yYoORCn.exe
  2⤵
  PID:6316
- C:\Windows\System\QokVtfP.exe
  C:\Windows\System\QokVtfP.exe
  2⤵
  PID:6628
- C:\Windows\System\GGwpESf.exe
  C:\Windows\System\GGwpESf.exe
  2⤵
  PID:6692
- C:\Windows\System\wGnTYOk.exe
  C:\Windows\System\wGnTYOk.exe
  2⤵
  PID:6756
- C:\Windows\System\FWNZbVo.exe
  C:\Windows\System\FWNZbVo.exe
  2⤵
  PID:6812
- C:\Windows\System\zVNViTN.exe
  C:\Windows\System\zVNViTN.exe
  2⤵
  PID:6888
- C:\Windows\System\VkGgcmt.exe
  C:\Windows\System\VkGgcmt.exe
  2⤵
  PID:6948
- C:\Windows\System\AZCWUxB.exe
  C:\Windows\System\AZCWUxB.exe
  2⤵
  PID:7004
- C:\Windows\System\HNwvPGE.exe
  C:\Windows\System\HNwvPGE.exe
  2⤵
  PID:1064
- C:\Windows\System\ijjXvKr.exe
  C:\Windows\System\ijjXvKr.exe
  2⤵
  PID:7120
- C:\Windows\System\ONIewOO.exe
  C:\Windows\System\ONIewOO.exe
  2⤵
  PID:6228
- C:\Windows\System\yRVULdF.exe
  C:\Windows\System\yRVULdF.exe
  2⤵
  PID:6356
- C:\Windows\System\zSOsvVw.exe
  C:\Windows\System\zSOsvVw.exe
  2⤵
  PID:6524
- C:\Windows\System\Zcqovyw.exe
  C:\Windows\System\Zcqovyw.exe
  2⤵
  PID:6596
- C:\Windows\System\OaMpexY.exe
  C:\Windows\System\OaMpexY.exe
  2⤵
  PID:6740
- C:\Windows\System\VHGTrip.exe
  C:\Windows\System\VHGTrip.exe
  2⤵
  PID:6872
- C:\Windows\System\WUDNdCH.exe
  C:\Windows\System\WUDNdCH.exe
  2⤵
  PID:7012
- C:\Windows\System\Kjwjzpi.exe
  C:\Windows\System\Kjwjzpi.exe
  2⤵
  PID:3056
- C:\Windows\System\fBHzeDS.exe
  C:\Windows\System\fBHzeDS.exe
  2⤵
  PID:6416
- C:\Windows\System\okIhBRl.exe
  C:\Windows\System\okIhBRl.exe
  2⤵
  PID:6704
- C:\Windows\System\UZYXecT.exe
  C:\Windows\System\UZYXecT.exe
  2⤵
  PID:7152
- C:\Windows\System\axzoGsN.exe
  C:\Windows\System\axzoGsN.exe
  2⤵
  PID:6672
- C:\Windows\System\cTNYcjl.exe
  C:\Windows\System\cTNYcjl.exe
  2⤵
  PID:6296
- C:\Windows\System\YfuJCqb.exe
  C:\Windows\System\YfuJCqb.exe
  2⤵
  PID:7208
- C:\Windows\System\RFuBXla.exe
  C:\Windows\System\RFuBXla.exe
  2⤵
  PID:7236
- C:\Windows\System\AquNtmh.exe
  C:\Windows\System\AquNtmh.exe
  2⤵
  PID:7276
- C:\Windows\System\TquMAzf.exe
  C:\Windows\System\TquMAzf.exe
  2⤵
  PID:7304
- C:\Windows\System\bxwhoyC.exe
  C:\Windows\System\bxwhoyC.exe
  2⤵
  PID:7320
- C:\Windows\System\xnNoXVr.exe
  C:\Windows\System\xnNoXVr.exe
  2⤵
  PID:7344
- C:\Windows\System\cQrfbOb.exe
  C:\Windows\System\cQrfbOb.exe
  2⤵
  PID:7388
- C:\Windows\System\SJXTeJu.exe
  C:\Windows\System\SJXTeJu.exe
  2⤵
  PID:7412
- C:\Windows\System\ezxEVcn.exe
  C:\Windows\System\ezxEVcn.exe
  2⤵
  PID:7448
- C:\Windows\System\QbkgWUT.exe
  C:\Windows\System\QbkgWUT.exe
  2⤵
  PID:7476
- C:\Windows\System\TuGFWHI.exe
  C:\Windows\System\TuGFWHI.exe
  2⤵
  PID:7504
- C:\Windows\System\QxQcGWf.exe
  C:\Windows\System\QxQcGWf.exe
  2⤵
  PID:7520
- C:\Windows\System\lppuUWk.exe
  C:\Windows\System\lppuUWk.exe
  2⤵
  PID:7544
- C:\Windows\System\VusImvT.exe
  C:\Windows\System\VusImvT.exe
  2⤵
  PID:7564
- C:\Windows\System\mviFYbh.exe
  C:\Windows\System\mviFYbh.exe
  2⤵
  PID:7588
- C:\Windows\System\EPFxKdG.exe
  C:\Windows\System\EPFxKdG.exe
  2⤵
  PID:7628
- C:\Windows\System\WUSufHr.exe
  C:\Windows\System\WUSufHr.exe
  2⤵
  PID:7672
- C:\Windows\System\PiUPUpK.exe
  C:\Windows\System\PiUPUpK.exe
  2⤵
  PID:7720
- C:\Windows\System\aGDzbNS.exe
  C:\Windows\System\aGDzbNS.exe
  2⤵
  PID:7764
- C:\Windows\System\uziCLJt.exe
  C:\Windows\System\uziCLJt.exe
  2⤵
  PID:7800
- C:\Windows\System\jnnGqBc.exe
  C:\Windows\System\jnnGqBc.exe
  2⤵
  PID:7828
- C:\Windows\System\hWMlEUE.exe
  C:\Windows\System\hWMlEUE.exe
  2⤵
  PID:7856
- C:\Windows\System\WskJwnx.exe
  C:\Windows\System\WskJwnx.exe
  2⤵
  PID:7884
- C:\Windows\System\FMtjqdl.exe
  C:\Windows\System\FMtjqdl.exe
  2⤵
  PID:7912
- C:\Windows\System\eNzqUja.exe
  C:\Windows\System\eNzqUja.exe
  2⤵
  PID:7940
- C:\Windows\System\lnMnKAT.exe
  C:\Windows\System\lnMnKAT.exe
  2⤵
  PID:7968
- C:\Windows\System\gmecMjr.exe
  C:\Windows\System\gmecMjr.exe
  2⤵
  PID:7996
- C:\Windows\System\uVnYgbs.exe
  C:\Windows\System\uVnYgbs.exe
  2⤵
  PID:8024
- C:\Windows\System\uECZTZz.exe
  C:\Windows\System\uECZTZz.exe
  2⤵
  PID:8068
- C:\Windows\System\uWhcknC.exe
  C:\Windows\System\uWhcknC.exe
  2⤵
  PID:8084
- C:\Windows\System\IKcjbpC.exe
  C:\Windows\System\IKcjbpC.exe
  2⤵
  PID:8112
- C:\Windows\System\qINiNLd.exe
  C:\Windows\System\qINiNLd.exe
  2⤵
  PID:8140
- C:\Windows\System\Gaimkzb.exe
  C:\Windows\System\Gaimkzb.exe
  2⤵
  PID:8168
- C:\Windows\System\PzmpDsr.exe
  C:\Windows\System\PzmpDsr.exe
  2⤵
  PID:7200
- C:\Windows\System\QqJySnd.exe
  C:\Windows\System\QqJySnd.exe
  2⤵
  PID:7272
- C:\Windows\System\atOCBCH.exe
  C:\Windows\System\atOCBCH.exe
  2⤵
  PID:7352
- C:\Windows\System\LfbLRVo.exe
  C:\Windows\System\LfbLRVo.exe
  2⤵
  PID:7396
- C:\Windows\System\uGpGUqT.exe
  C:\Windows\System\uGpGUqT.exe
  2⤵
  PID:1328
- C:\Windows\System\wHEsHVR.exe
  C:\Windows\System\wHEsHVR.exe
  2⤵
  PID:4328
- C:\Windows\System\ELRcBEe.exe
  C:\Windows\System\ELRcBEe.exe
  2⤵
  PID:6288
- C:\Windows\System\ihUhABY.exe
  C:\Windows\System\ihUhABY.exe
  2⤵
  PID:7488
- C:\Windows\System\XjMcsQr.exe
  C:\Windows\System\XjMcsQr.exe
  2⤵
  PID:7540
- C:\Windows\System\TjAmlhb.exe
  C:\Windows\System\TjAmlhb.exe
  2⤵
  PID:7636
- C:\Windows\System\QWMbMXr.exe
  C:\Windows\System\QWMbMXr.exe
  2⤵
  PID:7664
- C:\Windows\System\nnFvGcx.exe
  C:\Windows\System\nnFvGcx.exe
  2⤵
  PID:7776
- C:\Windows\System\agIgDTA.exe
  C:\Windows\System\agIgDTA.exe
  2⤵
  PID:6132
- C:\Windows\System\uQZmRVW.exe
  C:\Windows\System\uQZmRVW.exe
  2⤵
  PID:5888
- C:\Windows\System\UyEbJOr.exe
  C:\Windows\System\UyEbJOr.exe
  2⤵
  PID:7876
- C:\Windows\System\xweZiEi.exe
  C:\Windows\System\xweZiEi.exe
  2⤵
  PID:7936
- C:\Windows\System\tnFNPaV.exe
  C:\Windows\System\tnFNPaV.exe
  2⤵
  PID:8016
- C:\Windows\System\ykXYstK.exe
  C:\Windows\System\ykXYstK.exe
  2⤵
  PID:8076
- C:\Windows\System\jyPQOHQ.exe
  C:\Windows\System\jyPQOHQ.exe
  2⤵
  PID:8136
- C:\Windows\System\yporgAx.exe
  C:\Windows\System\yporgAx.exe
  2⤵
  PID:7228
- C:\Windows\System\KdMUtsy.exe
  C:\Windows\System\KdMUtsy.exe
  2⤵
  PID:7372
- C:\Windows\System\okjVGoI.exe
  C:\Windows\System\okjVGoI.exe
  2⤵
  PID:4320
- C:\Windows\System\RuCqmSL.exe
  C:\Windows\System\RuCqmSL.exe
  2⤵
  PID:7472
- C:\Windows\System\tOlFXAd.exe
  C:\Windows\System\tOlFXAd.exe
  2⤵
  PID:7648
- C:\Windows\System\ZfIhOmg.exe
  C:\Windows\System\ZfIhOmg.exe
  2⤵
  PID:5996
- C:\Windows\System\dIzVQYj.exe
  C:\Windows\System\dIzVQYj.exe
  2⤵
  PID:7852
- C:\Windows\System\hxpfamV.exe
  C:\Windows\System\hxpfamV.exe
  2⤵
  PID:8036
- C:\Windows\System\AeTUuKw.exe
  C:\Windows\System\AeTUuKw.exe
  2⤵
  PID:8188
- C:\Windows\System\PjxYNAp.exe
  C:\Windows\System\PjxYNAp.exe
  2⤵
  PID:4408
- C:\Windows\System\ymjFppG.exe
  C:\Windows\System\ymjFppG.exe
  2⤵
  PID:7704
- C:\Windows\System\MokISIP.exe
  C:\Windows\System\MokISIP.exe
  2⤵
  PID:7988
- C:\Windows\System\LondSSp.exe
  C:\Windows\System\LondSSp.exe
  2⤵
  PID:1676
- C:\Windows\System\JncaqQa.exe
  C:\Windows\System\JncaqQa.exe
  2⤵
  PID:7456
- C:\Windows\System\PwdCZCf.exe
  C:\Windows\System\PwdCZCf.exe
  2⤵
  PID:7932
- C:\Windows\System\Djzklqw.exe
  C:\Windows\System\Djzklqw.exe
  2⤵
  PID:8220
- C:\Windows\System\jzChQOe.exe
  C:\Windows\System\jzChQOe.exe
  2⤵
  PID:8248
- C:\Windows\System\zviHRSI.exe
  C:\Windows\System\zviHRSI.exe
  2⤵
  PID:8276
- C:\Windows\System\jhDzaPH.exe
  C:\Windows\System\jhDzaPH.exe
  2⤵
  PID:8304
- C:\Windows\System\MfkAHOV.exe
  C:\Windows\System\MfkAHOV.exe
  2⤵
  PID:8332
- C:\Windows\System\FgTcBUZ.exe
  C:\Windows\System\FgTcBUZ.exe
  2⤵
  PID:8360
- C:\Windows\System\rbwIrRz.exe
  C:\Windows\System\rbwIrRz.exe
  2⤵
  PID:8388
- C:\Windows\System\xvreFxM.exe
  C:\Windows\System\xvreFxM.exe
  2⤵
  PID:8416
- C:\Windows\System\JPHlkfw.exe
  C:\Windows\System\JPHlkfw.exe
  2⤵
  PID:8444
- C:\Windows\System\yiwSuYH.exe
  C:\Windows\System\yiwSuYH.exe
  2⤵
  PID:8476
- C:\Windows\System\JZlVWbu.exe
  C:\Windows\System\JZlVWbu.exe
  2⤵
  PID:8500
- C:\Windows\System\srUorjx.exe
  C:\Windows\System\srUorjx.exe
  2⤵
  PID:8528
- C:\Windows\System\aRxXzJq.exe
  C:\Windows\System\aRxXzJq.exe
  2⤵
  PID:8560
- C:\Windows\System\RtRMDyZ.exe
  C:\Windows\System\RtRMDyZ.exe
  2⤵
  PID:8584
- C:\Windows\System\ovWtwdG.exe
  C:\Windows\System\ovWtwdG.exe
  2⤵
  PID:8612
- C:\Windows\System\CFqWlfd.exe
  C:\Windows\System\CFqWlfd.exe
  2⤵
  PID:8640
- C:\Windows\System\HJLZaEq.exe
  C:\Windows\System\HJLZaEq.exe
  2⤵
  PID:8668
- C:\Windows\System\wwqTYLR.exe
  C:\Windows\System\wwqTYLR.exe
  2⤵
  PID:8696
- C:\Windows\System\xknYBGz.exe
  C:\Windows\System\xknYBGz.exe
  2⤵
  PID:8724
- C:\Windows\System\CTWxVJf.exe
  C:\Windows\System\CTWxVJf.exe
  2⤵
  PID:8752
- C:\Windows\System\tqbCkAp.exe
  C:\Windows\System\tqbCkAp.exe
  2⤵
  PID:8780
- C:\Windows\System\RsVpFzd.exe
  C:\Windows\System\RsVpFzd.exe
  2⤵
  PID:8808
- C:\Windows\System\sfdhVfj.exe
  C:\Windows\System\sfdhVfj.exe
  2⤵
  PID:8836
- C:\Windows\System\uHTawOS.exe
  C:\Windows\System\uHTawOS.exe
  2⤵
  PID:8864
- C:\Windows\System\jTqcnOp.exe
  C:\Windows\System\jTqcnOp.exe
  2⤵
  PID:8892
- C:\Windows\System\aqrMgDU.exe
  C:\Windows\System\aqrMgDU.exe
  2⤵
  PID:8920
- C:\Windows\System\ZsgurAg.exe
  C:\Windows\System\ZsgurAg.exe
  2⤵
  PID:8948
- C:\Windows\System\nLqhMMH.exe
  C:\Windows\System\nLqhMMH.exe
  2⤵
  PID:8976
- C:\Windows\System\phtaPBp.exe
  C:\Windows\System\phtaPBp.exe
  2⤵
  PID:9004
- C:\Windows\System\XtWxfqq.exe
  C:\Windows\System\XtWxfqq.exe
  2⤵
  PID:9032
- C:\Windows\System\CxpGhsp.exe
  C:\Windows\System\CxpGhsp.exe
  2⤵
  PID:9060
- C:\Windows\System\QneZXFM.exe
  C:\Windows\System\QneZXFM.exe
  2⤵
  PID:9088
- C:\Windows\System\OSmzkrn.exe
  C:\Windows\System\OSmzkrn.exe
  2⤵
  PID:9116
- C:\Windows\System\MKcgnQo.exe
  C:\Windows\System\MKcgnQo.exe
  2⤵
  PID:9144
- C:\Windows\System\yNnrVzm.exe
  C:\Windows\System\yNnrVzm.exe
  2⤵
  PID:9180
- C:\Windows\System\IyEToaz.exe
  C:\Windows\System\IyEToaz.exe
  2⤵
  PID:9200
- C:\Windows\System\PPZgoHB.exe
  C:\Windows\System\PPZgoHB.exe
  2⤵
  PID:8216
- C:\Windows\System\kIoJleR.exe
  C:\Windows\System\kIoJleR.exe
  2⤵
  PID:8288
- C:\Windows\System\CiXKHDz.exe
  C:\Windows\System\CiXKHDz.exe
  2⤵
  PID:8344
- C:\Windows\System\JUnvAMN.exe
  C:\Windows\System\JUnvAMN.exe
  2⤵
  PID:4312
- C:\Windows\System\PCLDheN.exe
  C:\Windows\System\PCLDheN.exe
  2⤵
  PID:8436
- C:\Windows\System\WgZrAjq.exe
  C:\Windows\System\WgZrAjq.exe
  2⤵
  PID:8496
- C:\Windows\System\eInKfgK.exe
  C:\Windows\System\eInKfgK.exe
  2⤵
  PID:8568
- C:\Windows\System\lBJqgyd.exe
  C:\Windows\System\lBJqgyd.exe
  2⤵
  PID:3852
- C:\Windows\System\NvSqevR.exe
  C:\Windows\System\NvSqevR.exe
  2⤵
  PID:2784
- C:\Windows\System\hHdWWDh.exe
  C:\Windows\System\hHdWWDh.exe
  2⤵
  PID:8708
- C:\Windows\System\YjEzGjA.exe
  C:\Windows\System\YjEzGjA.exe
  2⤵
  PID:8772
- C:\Windows\System\voBpkKZ.exe
  C:\Windows\System\voBpkKZ.exe
  2⤵
  PID:8832
- C:\Windows\System\LIbdCEg.exe
  C:\Windows\System\LIbdCEg.exe
  2⤵
  PID:8904
- C:\Windows\System\oYBHUxe.exe
  C:\Windows\System\oYBHUxe.exe
  2⤵
  PID:8960
- C:\Windows\System\kKDCcae.exe
  C:\Windows\System\kKDCcae.exe
  2⤵
  PID:9024
- C:\Windows\System\GWtttVr.exe
  C:\Windows\System\GWtttVr.exe
  2⤵
  PID:9072
- C:\Windows\System\FJPkvkT.exe
  C:\Windows\System\FJPkvkT.exe
  2⤵
  PID:9112
- C:\Windows\System\kBlFRya.exe
  C:\Windows\System\kBlFRya.exe
  2⤵
  PID:9188
- C:\Windows\System\KFTpevV.exe
  C:\Windows\System\KFTpevV.exe
  2⤵
  PID:8268
- C:\Windows\System\nMFLsNQ.exe
  C:\Windows\System\nMFLsNQ.exe
  2⤵
  PID:2864
- C:\Windows\System\LBYGTYE.exe
  C:\Windows\System\LBYGTYE.exe
  2⤵
  PID:4864
- C:\Windows\System\XwFEHsU.exe
  C:\Windows\System\XwFEHsU.exe
  2⤵
  PID:8624
- C:\Windows\System\aZurpfW.exe
  C:\Windows\System\aZurpfW.exe
  2⤵
  PID:8736
- C:\Windows\System\ZQsAbSC.exe
  C:\Windows\System\ZQsAbSC.exe
  2⤵
  PID:8884
- C:\Windows\System\FcxwQiZ.exe
  C:\Windows\System\FcxwQiZ.exe
  2⤵
  PID:9016
- C:\Windows\System\dqoeLdy.exe
  C:\Windows\System\dqoeLdy.exe
  2⤵
  PID:9136
- C:\Windows\System\zdNjEQP.exe
  C:\Windows\System\zdNjEQP.exe
  2⤵
  PID:8352
- C:\Windows\System\MWCXpMq.exe
  C:\Windows\System\MWCXpMq.exe
  2⤵
  PID:8604
- C:\Windows\System\zABugcL.exe
  C:\Windows\System\zABugcL.exe
  2⤵
  PID:8940
- C:\Windows\System\swuoMHa.exe
  C:\Windows\System\swuoMHa.exe
  2⤵
  PID:8212
- C:\Windows\System\mshvVbg.exe
  C:\Windows\System\mshvVbg.exe
  2⤵
  PID:8856
- C:\Windows\System\RnkdKfJ.exe
  C:\Windows\System\RnkdKfJ.exe
  2⤵
  PID:8692
- C:\Windows\System\cnjCzIj.exe
  C:\Windows\System\cnjCzIj.exe
  2⤵
  PID:9224
- C:\Windows\System\nzRKKgN.exe
  C:\Windows\System\nzRKKgN.exe
  2⤵
  PID:9244
- C:\Windows\System\rjGJcbD.exe
  C:\Windows\System\rjGJcbD.exe
  2⤵
  PID:9272
- C:\Windows\System\hoDLclb.exe
  C:\Windows\System\hoDLclb.exe
  2⤵
  PID:9300
- C:\Windows\System\VKoVkCH.exe
  C:\Windows\System\VKoVkCH.exe
  2⤵
  PID:9328
- C:\Windows\System\VmmqjoP.exe
  C:\Windows\System\VmmqjoP.exe
  2⤵
  PID:9356
- C:\Windows\System\NFrTbeE.exe
  C:\Windows\System\NFrTbeE.exe
  2⤵
  PID:9384
- C:\Windows\System\HhPEcRP.exe
  C:\Windows\System\HhPEcRP.exe
  2⤵
  PID:9412
- C:\Windows\System\meQWLva.exe
  C:\Windows\System\meQWLva.exe
  2⤵
  PID:9440
- C:\Windows\System\XTeMhkJ.exe
  C:\Windows\System\XTeMhkJ.exe
  2⤵
  PID:9468
- C:\Windows\System\OvKPTPO.exe
  C:\Windows\System\OvKPTPO.exe
  2⤵
  PID:9496
- C:\Windows\System\NWENDLx.exe
  C:\Windows\System\NWENDLx.exe
  2⤵
  PID:9524
- C:\Windows\System\PvhLyiW.exe
  C:\Windows\System\PvhLyiW.exe
  2⤵
  PID:9552
- C:\Windows\System\XpnlWmy.exe
  C:\Windows\System\XpnlWmy.exe
  2⤵
  PID:9580
- C:\Windows\System\FzyprrN.exe
  C:\Windows\System\FzyprrN.exe
  2⤵
  PID:9608
- C:\Windows\System\bnAQDGP.exe
  C:\Windows\System\bnAQDGP.exe
  2⤵
  PID:9636
- C:\Windows\System\KOnCXZN.exe
  C:\Windows\System\KOnCXZN.exe
  2⤵
  PID:9664
- C:\Windows\System\QoriAaS.exe
  C:\Windows\System\QoriAaS.exe
  2⤵
  PID:9692
- C:\Windows\System\GHYAfXd.exe
  C:\Windows\System\GHYAfXd.exe
  2⤵
  PID:9732
- C:\Windows\System\bHrAMLC.exe
  C:\Windows\System\bHrAMLC.exe
  2⤵
  PID:9748
- C:\Windows\System\fvVpTgB.exe
  C:\Windows\System\fvVpTgB.exe
  2⤵
  PID:9776
- C:\Windows\System\PvqXtiC.exe
  C:\Windows\System\PvqXtiC.exe
  2⤵
  PID:9804
- C:\Windows\System\wXofcUQ.exe
  C:\Windows\System\wXofcUQ.exe
  2⤵
  PID:9832
- C:\Windows\System\jmYGGfm.exe
  C:\Windows\System\jmYGGfm.exe
  2⤵
  PID:9860
- C:\Windows\System\NgAypMl.exe
  C:\Windows\System\NgAypMl.exe
  2⤵
  PID:9888
- C:\Windows\System\nNvpzZY.exe
  C:\Windows\System\nNvpzZY.exe
  2⤵
  PID:9916
- C:\Windows\System\vewnLpr.exe
  C:\Windows\System\vewnLpr.exe
  2⤵
  PID:9944
- C:\Windows\System\qyTwNdH.exe
  C:\Windows\System\qyTwNdH.exe
  2⤵
  PID:9972
- C:\Windows\System\lwaWfGl.exe
  C:\Windows\System\lwaWfGl.exe
  2⤵
  PID:10000
- C:\Windows\System\GAwOlDd.exe
  C:\Windows\System\GAwOlDd.exe
  2⤵
  PID:10028
- C:\Windows\System\qsWDDDv.exe
  C:\Windows\System\qsWDDDv.exe
  2⤵
  PID:10056
- C:\Windows\System\MGSYLBu.exe
  C:\Windows\System\MGSYLBu.exe
  2⤵
  PID:10084
- C:\Windows\System\rFPLuUA.exe
  C:\Windows\System\rFPLuUA.exe
  2⤵
  PID:10112
- C:\Windows\System\trNcwjV.exe
  C:\Windows\System\trNcwjV.exe
  2⤵
  PID:10140
- C:\Windows\System\XDZUdHz.exe
  C:\Windows\System\XDZUdHz.exe
  2⤵
  PID:10168
- C:\Windows\System\zQAcXMD.exe
  C:\Windows\System\zQAcXMD.exe
  2⤵
  PID:10196
- C:\Windows\System\sEQpQpm.exe
  C:\Windows\System\sEQpQpm.exe
  2⤵
  PID:10224
- C:\Windows\System\kUzHtTM.exe
  C:\Windows\System\kUzHtTM.exe
  2⤵
  PID:9240
- C:\Windows\System\SsDBmYj.exe
  C:\Windows\System\SsDBmYj.exe
  2⤵
  PID:9312
- C:\Windows\System\PryjmuH.exe
  C:\Windows\System\PryjmuH.exe
  2⤵
  PID:9376
- C:\Windows\System\vYutWtc.exe
  C:\Windows\System\vYutWtc.exe
  2⤵
  PID:9432
- C:\Windows\System\pMGhukP.exe
  C:\Windows\System\pMGhukP.exe
  2⤵
  PID:9508
- C:\Windows\System\yDhheJu.exe
  C:\Windows\System\yDhheJu.exe
  2⤵
  PID:9572
- C:\Windows\System\ffuWbAa.exe
  C:\Windows\System\ffuWbAa.exe
  2⤵
  PID:9632
- C:\Windows\System\LDLQTfM.exe
  C:\Windows\System\LDLQTfM.exe
  2⤵
  PID:9712
- C:\Windows\System\YuOiLqE.exe
  C:\Windows\System\YuOiLqE.exe
  2⤵
  PID:9768
- C:\Windows\System\OMjGZKx.exe
  C:\Windows\System\OMjGZKx.exe
  2⤵
  PID:9844
- C:\Windows\System\sZfOfaQ.exe
  C:\Windows\System\sZfOfaQ.exe
  2⤵
  PID:9908
- C:\Windows\System\TzOGrjn.exe
  C:\Windows\System\TzOGrjn.exe
  2⤵
  PID:9984
- C:\Windows\System\XKezBzD.exe
  C:\Windows\System\XKezBzD.exe
  2⤵
  PID:10040
- C:\Windows\System\YqKBriD.exe
  C:\Windows\System\YqKBriD.exe
  2⤵
  PID:10104
- C:\Windows\System\WTqVEea.exe
  C:\Windows\System\WTqVEea.exe
  2⤵
  PID:10192
- C:\Windows\System\NHkSrOU.exe
  C:\Windows\System\NHkSrOU.exe
  2⤵
  PID:9340
- C:\Windows\System\nthvbYw.exe
  C:\Windows\System\nthvbYw.exe
  2⤵
  PID:9424
- C:\Windows\System\ddsUzNi.exe
  C:\Windows\System\ddsUzNi.exe
  2⤵
  PID:9564
- C:\Windows\System\kzBJNuR.exe
  C:\Windows\System\kzBJNuR.exe
  2⤵
  PID:9716
- C:\Windows\System\QXJIdyJ.exe
  C:\Windows\System\QXJIdyJ.exe
  2⤵
  PID:9828
- C:\Windows\System\bphKnjp.exe
  C:\Windows\System\bphKnjp.exe
  2⤵
  PID:9940
- C:\Windows\System\LJRsWqY.exe
  C:\Windows\System\LJRsWqY.exe
  2⤵
  PID:10080
- C:\Windows\System\aXyAQOK.exe
  C:\Windows\System\aXyAQOK.exe
  2⤵
  PID:9232
- C:\Windows\System\SmcmVJt.exe
  C:\Windows\System\SmcmVJt.exe
  2⤵
  PID:9404
- C:\Windows\System\rLtovsX.exe
  C:\Windows\System\rLtovsX.exe
  2⤵
  PID:9788
- C:\Windows\System\DaEeubn.exe
  C:\Windows\System\DaEeubn.exe
  2⤵
  PID:10096
- C:\Windows\System\HippkOO.exe
  C:\Windows\System\HippkOO.exe
  2⤵
  PID:9296
- C:\Windows\System\VvRAHUn.exe
  C:\Windows\System\VvRAHUn.exe
  2⤵
  PID:4692
- C:\Windows\System\oDgleqw.exe
  C:\Windows\System\oDgleqw.exe
  2⤵
  PID:9548
- C:\Windows\System\kavpkls.exe
  C:\Windows\System\kavpkls.exe
  2⤵
  PID:10268
- C:\Windows\System\HMBMnWU.exe
  C:\Windows\System\HMBMnWU.exe
  2⤵
  PID:10296
- C:\Windows\System\xLQqyIi.exe
  C:\Windows\System\xLQqyIi.exe
  2⤵
  PID:10324
- C:\Windows\System\NiinZAT.exe
  C:\Windows\System\NiinZAT.exe
  2⤵
  PID:10352
- C:\Windows\System\oaJUPTo.exe
  C:\Windows\System\oaJUPTo.exe
  2⤵
  PID:10380
- C:\Windows\System\BLWnGDx.exe
  C:\Windows\System\BLWnGDx.exe
  2⤵
  PID:10408
- C:\Windows\System\badtDFU.exe
  C:\Windows\System\badtDFU.exe
  2⤵
  PID:10436
- C:\Windows\System\keeWtlx.exe
  C:\Windows\System\keeWtlx.exe
  2⤵
  PID:10464
- C:\Windows\System\CXxKaqg.exe
  C:\Windows\System\CXxKaqg.exe
  2⤵
  PID:10492
- C:\Windows\System\ZHIQArm.exe
  C:\Windows\System\ZHIQArm.exe
  2⤵
  PID:10520
- C:\Windows\System\bXAPADl.exe
  C:\Windows\System\bXAPADl.exe
  2⤵
  PID:10548
- C:\Windows\System\XcqDDOg.exe
  C:\Windows\System\XcqDDOg.exe
  2⤵
  PID:10576
- C:\Windows\System\NcGEKQV.exe
  C:\Windows\System\NcGEKQV.exe
  2⤵
  PID:10604
- C:\Windows\System\aoWggaW.exe
  C:\Windows\System\aoWggaW.exe
  2⤵
  PID:10632
- C:\Windows\System\AelCoeJ.exe
  C:\Windows\System\AelCoeJ.exe
  2⤵
  PID:10660
- C:\Windows\System\TlmFdAJ.exe
  C:\Windows\System\TlmFdAJ.exe
  2⤵
  PID:10688
- C:\Windows\System\NlhyJcH.exe
  C:\Windows\System\NlhyJcH.exe
  2⤵
  PID:10716
- C:\Windows\System\NdNOXpa.exe
  C:\Windows\System\NdNOXpa.exe
  2⤵
  PID:10744
- C:\Windows\System\rzlxdVX.exe
  C:\Windows\System\rzlxdVX.exe
  2⤵
  PID:10772
- C:\Windows\System\igrjRGx.exe
  C:\Windows\System\igrjRGx.exe
  2⤵
  PID:10800
- C:\Windows\System\SvYRHcn.exe
  C:\Windows\System\SvYRHcn.exe
  2⤵
  PID:10828
- C:\Windows\System\qRgwtgE.exe
  C:\Windows\System\qRgwtgE.exe
  2⤵
  PID:10856
- C:\Windows\System\CHReygv.exe
  C:\Windows\System\CHReygv.exe
  2⤵
  PID:10884
- C:\Windows\System\iXlMOnp.exe
  C:\Windows\System\iXlMOnp.exe
  2⤵
  PID:10912
- C:\Windows\System\hyIpFDH.exe
  C:\Windows\System\hyIpFDH.exe
  2⤵
  PID:10940
- C:\Windows\System\hEibCuD.exe
  C:\Windows\System\hEibCuD.exe
  2⤵
  PID:10968
- C:\Windows\System\AvzLNNa.exe
  C:\Windows\System\AvzLNNa.exe
  2⤵
  PID:10996
- C:\Windows\System\xCSDODO.exe
  C:\Windows\System\xCSDODO.exe
  2⤵
  PID:11024
- C:\Windows\System\udRJDWX.exe
  C:\Windows\System\udRJDWX.exe
  2⤵
  PID:11052
- C:\Windows\System\QgrkcAt.exe
  C:\Windows\System\QgrkcAt.exe
  2⤵
  PID:11080
- C:\Windows\System\pCkDMWY.exe
  C:\Windows\System\pCkDMWY.exe
  2⤵
  PID:11108
- C:\Windows\System\vDGhYjz.exe
  C:\Windows\System\vDGhYjz.exe
  2⤵
  PID:11136
- C:\Windows\System\unhzTVA.exe
  C:\Windows\System\unhzTVA.exe
  2⤵
  PID:11164
- C:\Windows\System\vooiRGZ.exe
  C:\Windows\System\vooiRGZ.exe
  2⤵
  PID:11192
- C:\Windows\System\CvVGlHy.exe
  C:\Windows\System\CvVGlHy.exe
  2⤵
  PID:11220
- C:\Windows\System\HPRcCIL.exe
  C:\Windows\System\HPRcCIL.exe
  2⤵
  PID:11248
- C:\Windows\System\tOEfanC.exe
  C:\Windows\System\tOEfanC.exe
  2⤵
  PID:10264
- C:\Windows\System\VWfTlVY.exe
  C:\Windows\System\VWfTlVY.exe
  2⤵
  PID:10316
- C:\Windows\System\brZAaMo.exe
  C:\Windows\System\brZAaMo.exe
  2⤵
  PID:10392
- C:\Windows\System\FuLjFpP.exe
  C:\Windows\System\FuLjFpP.exe
  2⤵
  PID:10456
- C:\Windows\System\QuiYcIO.exe
  C:\Windows\System\QuiYcIO.exe
  2⤵
  PID:10516
- C:\Windows\System\ThmnmID.exe
  C:\Windows\System\ThmnmID.exe
  2⤵
  PID:10588
- C:\Windows\System\zPIcmKl.exe
  C:\Windows\System\zPIcmKl.exe
  2⤵
  PID:10672
- C:\Windows\System\tvcWTxD.exe
  C:\Windows\System\tvcWTxD.exe
  2⤵
  PID:10712
- C:\Windows\System\XXLUrin.exe
  C:\Windows\System\XXLUrin.exe
  2⤵
  PID:10784
- C:\Windows\System\JRyWWdl.exe
  C:\Windows\System\JRyWWdl.exe
  2⤵
  PID:10848
- C:\Windows\System\igIbjbU.exe
  C:\Windows\System\igIbjbU.exe
  2⤵
  PID:10908
- C:\Windows\System\drAjDqO.exe
  C:\Windows\System\drAjDqO.exe
  2⤵
  PID:10964
- C:\Windows\System\wOjaPuR.exe
  C:\Windows\System\wOjaPuR.exe
  2⤵
  PID:11036
- C:\Windows\System\HyuInFF.exe
  C:\Windows\System\HyuInFF.exe
  2⤵
  PID:11100
- C:\Windows\System\reMloDY.exe
  C:\Windows\System\reMloDY.exe
  2⤵
  PID:11160
- C:\Windows\System\IAgunAB.exe
  C:\Windows\System\IAgunAB.exe
  2⤵
  PID:11232
- C:\Windows\System\DSDQzGA.exe
  C:\Windows\System\DSDQzGA.exe
  2⤵
  PID:10320
- C:\Windows\System\HQGFWlG.exe
  C:\Windows\System\HQGFWlG.exe
  2⤵
  PID:10448
- C:\Windows\System\cBPkyyI.exe
  C:\Windows\System\cBPkyyI.exe
  2⤵
  PID:10616
- C:\Windows\System\EFYYQlP.exe
  C:\Windows\System\EFYYQlP.exe
  2⤵
  PID:10764
- C:\Windows\System\cxXtIYN.exe
  C:\Windows\System\cxXtIYN.exe
  2⤵
  PID:10840
- C:\Windows\System\ynIhPRy.exe
  C:\Windows\System\ynIhPRy.exe
  2⤵
  PID:3248
- C:\Windows\System\oOvJPyx.exe
  C:\Windows\System\oOvJPyx.exe
  2⤵
  PID:11216
- C:\Windows\System\YuzMinp.exe
  C:\Windows\System\YuzMinp.exe
  2⤵
  PID:10512
- C:\Windows\System\thHvpxg.exe
  C:\Windows\System\thHvpxg.exe
  2⤵
  PID:10708
- C:\Windows\System\YKfQrgi.exe
  C:\Windows\System\YKfQrgi.exe
  2⤵
  PID:10992
- C:\Windows\System\kydyPsn.exe
  C:\Windows\System\kydyPsn.exe
  2⤵
  PID:10572
- C:\Windows\System\BQLHnsy.exe
  C:\Windows\System\BQLHnsy.exe
  2⤵
  PID:2284
- C:\Windows\System\jQrGoBp.exe
  C:\Windows\System\jQrGoBp.exe
  2⤵
  PID:10372
- C:\Windows\System\GcaGtck.exe
  C:\Windows\System\GcaGtck.exe
  2⤵
  PID:11292
- C:\Windows\System\IQaRVOz.exe
  C:\Windows\System\IQaRVOz.exe
  2⤵
  PID:11320
- C:\Windows\System\zsYHuWc.exe
  C:\Windows\System\zsYHuWc.exe
  2⤵
  PID:11348
- C:\Windows\System\PkQvzQL.exe
  C:\Windows\System\PkQvzQL.exe
  2⤵
  PID:11376
- C:\Windows\System\evGgCox.exe
  C:\Windows\System\evGgCox.exe
  2⤵
  PID:11404
- C:\Windows\System\mxdVTlR.exe
  C:\Windows\System\mxdVTlR.exe
  2⤵
  PID:11432
- C:\Windows\System\CqYDfBG.exe
  C:\Windows\System\CqYDfBG.exe
  2⤵
  PID:11460
- C:\Windows\System\stbUhWh.exe
  C:\Windows\System\stbUhWh.exe
  2⤵
  PID:11488
- C:\Windows\System\yjsjltT.exe
  C:\Windows\System\yjsjltT.exe
  2⤵
  PID:11516
- C:\Windows\System\fYnRQnq.exe
  C:\Windows\System\fYnRQnq.exe
  2⤵
  PID:11544
- C:\Windows\System\lLEFhnP.exe
  C:\Windows\System\lLEFhnP.exe
  2⤵
  PID:11572
- C:\Windows\System\QVvKobY.exe
  C:\Windows\System\QVvKobY.exe
  2⤵
  PID:11600
- C:\Windows\System\GXuvpZU.exe
  C:\Windows\System\GXuvpZU.exe
  2⤵
  PID:11628
- C:\Windows\System\otKCWJy.exe
  C:\Windows\System\otKCWJy.exe
  2⤵
  PID:11656
- C:\Windows\System\xYKyjeo.exe
  C:\Windows\System\xYKyjeo.exe
  2⤵
  PID:11684
- C:\Windows\System\BvCVLKR.exe
  C:\Windows\System\BvCVLKR.exe
  2⤵
  PID:11712
- C:\Windows\System\knlpKMb.exe
  C:\Windows\System\knlpKMb.exe
  2⤵
  PID:11740
- C:\Windows\System\aVFrNqr.exe
  C:\Windows\System\aVFrNqr.exe
  2⤵
  PID:11768
- C:\Windows\System\afYKFXc.exe
  C:\Windows\System\afYKFXc.exe
  2⤵
  PID:11796
- C:\Windows\System\ABFVrXF.exe
  C:\Windows\System\ABFVrXF.exe
  2⤵
  PID:11824
- C:\Windows\System\ISQkHhM.exe
  C:\Windows\System\ISQkHhM.exe
  2⤵
  PID:11852
- C:\Windows\System\VZdyHxp.exe
  C:\Windows\System\VZdyHxp.exe
  2⤵
  PID:11880
- C:\Windows\System\euUBhsY.exe
  C:\Windows\System\euUBhsY.exe
  2⤵
  PID:11908
- C:\Windows\System\JaMiPaH.exe
  C:\Windows\System\JaMiPaH.exe
  2⤵
  PID:11944
- C:\Windows\System\SKkuHwz.exe
  C:\Windows\System\SKkuHwz.exe
  2⤵
  PID:11972
- C:\Windows\System\PLwLMni.exe
  C:\Windows\System\PLwLMni.exe
  2⤵
  PID:12000
- C:\Windows\System\TWrBflE.exe
  C:\Windows\System\TWrBflE.exe
  2⤵
  PID:12028
- C:\Windows\System\VjtJlQV.exe
  C:\Windows\System\VjtJlQV.exe
  2⤵
  PID:12056
- C:\Windows\System\PjutSaq.exe
  C:\Windows\System\PjutSaq.exe
  2⤵
  PID:12084
- C:\Windows\System\RnwHJFw.exe
  C:\Windows\System\RnwHJFw.exe
  2⤵
  PID:12112
- C:\Windows\System\otMEunQ.exe
  C:\Windows\System\otMEunQ.exe
  2⤵
  PID:12140
- C:\Windows\System\evkexXa.exe
  C:\Windows\System\evkexXa.exe
  2⤵
  PID:12168
- C:\Windows\System\FvqnLAt.exe
  C:\Windows\System\FvqnLAt.exe
  2⤵
  PID:12196
- C:\Windows\System\PHzofIk.exe
  C:\Windows\System\PHzofIk.exe
  2⤵
  PID:12224
- C:\Windows\System\EBJsnPm.exe
  C:\Windows\System\EBJsnPm.exe
  2⤵
  PID:12264
- C:\Windows\System\cBJjIuh.exe
  C:\Windows\System\cBJjIuh.exe
  2⤵
  PID:10896
- C:\Windows\System\mCudOIL.exe
  C:\Windows\System\mCudOIL.exe
  2⤵
  PID:11304
- C:\Windows\System\xOCfWNo.exe
  C:\Windows\System\xOCfWNo.exe
  2⤵
  PID:11360
- C:\Windows\System\IJdutBe.exe
  C:\Windows\System\IJdutBe.exe
  2⤵
  PID:11452
- C:\Windows\System\dgVCThK.exe
  C:\Windows\System\dgVCThK.exe
  2⤵
  PID:11564
- C:\Windows\System\SLdAlEg.exe
  C:\Windows\System\SLdAlEg.exe
  2⤵
  PID:11624
- C:\Windows\System\nERjTnm.exe
  C:\Windows\System\nERjTnm.exe
  2⤵
  PID:11708
- C:\Windows\System\bgeqVRS.exe
  C:\Windows\System\bgeqVRS.exe
  2⤵
  PID:11780
- C:\Windows\System\knIZbSj.exe
  C:\Windows\System\knIZbSj.exe
  2⤵
  PID:5060
- C:\Windows\System\XaJEWMb.exe
  C:\Windows\System\XaJEWMb.exe
  2⤵
  PID:11904
- C:\Windows\System\TcISGQl.exe
  C:\Windows\System\TcISGQl.exe
  2⤵
  PID:11984
- C:\Windows\System\beuyWhf.exe
  C:\Windows\System\beuyWhf.exe
  2⤵
  PID:12040
- C:\Windows\System\ZZWPGPo.exe
  C:\Windows\System\ZZWPGPo.exe
  2⤵
  PID:12104
- C:\Windows\System\dDASusc.exe
  C:\Windows\System\dDASusc.exe
  2⤵
  PID:12180
- C:\Windows\System\onFKWHW.exe
  C:\Windows\System\onFKWHW.exe
  2⤵
  PID:12236
- C:\Windows\System\PrGiaKG.exe
  C:\Windows\System\PrGiaKG.exe
  2⤵
  PID:2716
- C:\Windows\System\VMmdUut.exe
  C:\Windows\System\VMmdUut.exe
  2⤵
  PID:11284
- C:\Windows\System\xJdKsIe.exe
  C:\Windows\System\xJdKsIe.exe
  2⤵
  PID:11400
- C:\Windows\System\uvEgfsN.exe
  C:\Windows\System\uvEgfsN.exe
  2⤵
  PID:11528
- C:\Windows\System\eaasPNs.exe
  C:\Windows\System\eaasPNs.exe
  2⤵
  PID:12276
- C:\Windows\System\rQXXFQk.exe
  C:\Windows\System\rQXXFQk.exe
  2⤵
  PID:4604
- C:\Windows\System\ImNaquX.exe
  C:\Windows\System\ImNaquX.exe
  2⤵
  PID:3984
- C:\Windows\System\XSGhfdY.exe
  C:\Windows\System\XSGhfdY.exe
  2⤵
  PID:11508
- C:\Windows\System\GpLMhAn.exe
  C:\Windows\System\GpLMhAn.exe
  2⤵
  PID:2744
- C:\Windows\System\uyPqeLo.exe
  C:\Windows\System\uyPqeLo.exe
  2⤵
  PID:11732
- C:\Windows\System\pPCAUZZ.exe
  C:\Windows\System\pPCAUZZ.exe
  2⤵
  PID:3364
- C:\Windows\System\QkxYSyQ.exe
  C:\Windows\System\QkxYSyQ.exe
  2⤵
  PID:12068
- C:\Windows\System\qOkzxQi.exe
  C:\Windows\System\qOkzxQi.exe
  2⤵
  PID:12216
- C:\Windows\System\sVRuvPH.exe
  C:\Windows\System\sVRuvPH.exe
  2⤵
  PID:11288
- C:\Windows\System\yCWPPjK.exe
  C:\Windows\System\yCWPPjK.exe
  2⤵
  PID:11612
- C:\Windows\System\XXMnqeX.exe
  C:\Windows\System\XXMnqeX.exe
  2⤵
  PID:2980
- C:\Windows\System\miOYSNp.exe
  C:\Windows\System\miOYSNp.exe
  2⤵
  PID:4784
- C:\Windows\System\qTDIeYg.exe
  C:\Windows\System\qTDIeYg.exe
  2⤵
  PID:12012
- C:\Windows\System\ArOrcoT.exe
  C:\Windows\System\ArOrcoT.exe
  2⤵
  PID:12284
- C:\Windows\System\uLIsvyI.exe
  C:\Windows\System\uLIsvyI.exe
  2⤵
  PID:11680
- C:\Windows\System\PQKROAT.exe
  C:\Windows\System\PQKROAT.exe
  2⤵
  PID:12132
- C:\Windows\System\XvzybPk.exe
  C:\Windows\System\XvzybPk.exe
  2⤵
  PID:11820
- C:\Windows\System\hhxGSsp.exe
  C:\Windows\System\hhxGSsp.exe
  2⤵
  PID:12296
- C:\Windows\System\WmfxKeZ.exe
  C:\Windows\System\WmfxKeZ.exe
  2⤵
  PID:12324
- C:\Windows\System\stdGFOu.exe
  C:\Windows\System\stdGFOu.exe
  2⤵
  PID:12352
- C:\Windows\System\PwMFTCx.exe
  C:\Windows\System\PwMFTCx.exe
  2⤵
  PID:12380
- C:\Windows\System\dGJIlnw.exe
  C:\Windows\System\dGJIlnw.exe
  2⤵
  PID:12408
- C:\Windows\System\inGiflA.exe
  C:\Windows\System\inGiflA.exe
  2⤵
  PID:12436
- C:\Windows\System\rzGqfqt.exe
  C:\Windows\System\rzGqfqt.exe
  2⤵
  PID:12464
- C:\Windows\System\LAJDEuJ.exe
  C:\Windows\System\LAJDEuJ.exe
  2⤵
  PID:12492
- C:\Windows\System\JINjhhV.exe
  C:\Windows\System\JINjhhV.exe
  2⤵
  PID:12520
- C:\Windows\System\lsjrGRD.exe
  C:\Windows\System\lsjrGRD.exe
  2⤵
  PID:12548
- C:\Windows\System\IyzesJf.exe
  C:\Windows\System\IyzesJf.exe
  2⤵
  PID:12576
- C:\Windows\System\eMnYFIx.exe
  C:\Windows\System\eMnYFIx.exe
  2⤵
  PID:12604
- C:\Windows\System\aYpLORI.exe
  C:\Windows\System\aYpLORI.exe
  2⤵
  PID:12632
- C:\Windows\System\yazaPTA.exe
  C:\Windows\System\yazaPTA.exe
  2⤵
  PID:12660
- C:\Windows\System\QRHEHMm.exe
  C:\Windows\System\QRHEHMm.exe
  2⤵
  PID:12688
- C:\Windows\System\Xsujoyj.exe
  C:\Windows\System\Xsujoyj.exe
  2⤵
  PID:12716
- C:\Windows\System\pbQCcvk.exe
  C:\Windows\System\pbQCcvk.exe
  2⤵
  PID:12744
- C:\Windows\System\RkSoFwo.exe
  C:\Windows\System\RkSoFwo.exe
  2⤵
  PID:12772
- C:\Windows\System\iujvMvu.exe
  C:\Windows\System\iujvMvu.exe
  2⤵
  PID:12800
- C:\Windows\System\cmWDECD.exe
  C:\Windows\System\cmWDECD.exe
  2⤵
  PID:12828
- C:\Windows\System\uDJZmrC.exe
  C:\Windows\System\uDJZmrC.exe
  2⤵
  PID:12856
- C:\Windows\System\OHjrKdx.exe
  C:\Windows\System\OHjrKdx.exe
  2⤵
  PID:12884
- C:\Windows\System\oQaZxpY.exe
  C:\Windows\System\oQaZxpY.exe
  2⤵
  PID:12912
- C:\Windows\System\XdqgKDR.exe
  C:\Windows\System\XdqgKDR.exe
  2⤵
  PID:12940
- C:\Windows\System\RhHZxAd.exe
  C:\Windows\System\RhHZxAd.exe
  2⤵
  PID:12968
- C:\Windows\System\UQlBDYF.exe
  C:\Windows\System\UQlBDYF.exe
  2⤵
  PID:12996
- C:\Windows\System\CjHJDqG.exe
  C:\Windows\System\CjHJDqG.exe
  2⤵
  PID:13024
- C:\Windows\System\ONTZPPV.exe
  C:\Windows\System\ONTZPPV.exe
  2⤵
  PID:13052
- C:\Windows\System\nHMBsFd.exe
  C:\Windows\System\nHMBsFd.exe
  2⤵
  PID:13080
- C:\Windows\System\McijdiF.exe
  C:\Windows\System\McijdiF.exe
  2⤵
  PID:13108
- C:\Windows\System\nhvUjso.exe
  C:\Windows\System\nhvUjso.exe
  2⤵
  PID:13136
- C:\Windows\System\DKXxhib.exe
  C:\Windows\System\DKXxhib.exe
  2⤵
  PID:13164
- C:\Windows\System\mLmaLtC.exe
  C:\Windows\System\mLmaLtC.exe
  2⤵
  PID:13192
- C:\Windows\System\WfPdJgx.exe
  C:\Windows\System\WfPdJgx.exe
  2⤵
  PID:13220
- C:\Windows\System\cjSqcGp.exe
  C:\Windows\System\cjSqcGp.exe
  2⤵
  PID:13248
- C:\Windows\System\VAiDdcW.exe
  C:\Windows\System\VAiDdcW.exe
  2⤵
  PID:13276
- C:\Windows\System\bEloRFV.exe
  C:\Windows\System\bEloRFV.exe
  2⤵
  PID:13304
- C:\Windows\System\yEMAFHr.exe
  C:\Windows\System\yEMAFHr.exe
  2⤵
  PID:12336
- C:\Windows\System\USIyXoY.exe
  C:\Windows\System\USIyXoY.exe
  2⤵
  PID:12400
- C:\Windows\System\gwVPRcb.exe
  C:\Windows\System\gwVPRcb.exe
  2⤵
  PID:12456
- C:\Windows\System\xsYpolV.exe
  C:\Windows\System\xsYpolV.exe
  2⤵
  PID:12532
- C:\Windows\System\pYGtqFi.exe
  C:\Windows\System\pYGtqFi.exe
  2⤵
  PID:12596
- C:\Windows\System\ARiSWdI.exe
  C:\Windows\System\ARiSWdI.exe
  2⤵
  PID:12644
- C:\Windows\System\KPqNCaQ.exe
  C:\Windows\System\KPqNCaQ.exe
  2⤵
  PID:12708
- C:\Windows\System\TEEmgNd.exe
  C:\Windows\System\TEEmgNd.exe
  2⤵
  PID:12768
- C:\Windows\System\iPwhLLC.exe
  C:\Windows\System\iPwhLLC.exe
  2⤵
  PID:12840
- C:\Windows\System\KMqOHRD.exe
  C:\Windows\System\KMqOHRD.exe
  2⤵
  PID:12904
- C:\Windows\System\nanAOZG.exe
  C:\Windows\System\nanAOZG.exe
  2⤵
  PID:12964
- C:\Windows\System\ggZYwkA.exe
  C:\Windows\System\ggZYwkA.exe
  2⤵
  PID:13036
- C:\Windows\System\VUToZwy.exe
  C:\Windows\System\VUToZwy.exe
  2⤵
  PID:13100
- C:\Windows\System\eeKEwla.exe
  C:\Windows\System\eeKEwla.exe
  2⤵
  PID:13160
- C:\Windows\System\ijcjMMq.exe
  C:\Windows\System\ijcjMMq.exe
  2⤵
  PID:13232
- C:\Windows\System\KNlnvyS.exe
  C:\Windows\System\KNlnvyS.exe
  2⤵
  PID:13296
- C:\Windows\System\nCOyZgR.exe
  C:\Windows\System\nCOyZgR.exe
  2⤵
  PID:12392
- C:\Windows\System\XNwplgl.exe
  C:\Windows\System\XNwplgl.exe
  2⤵
  PID:12560
- C:\Windows\System\ftyzqRm.exe
  C:\Windows\System\ftyzqRm.exe
  2⤵
  PID:12684
- C:\Windows\System\NvUtsDo.exe
  C:\Windows\System\NvUtsDo.exe
  2⤵
  PID:12824
- C:\Windows\System\yWqGdyt.exe
  C:\Windows\System\yWqGdyt.exe
  2⤵
  PID:12992
- C:\Windows\System\gDmNelo.exe
  C:\Windows\System\gDmNelo.exe
  2⤵
  PID:13148
- C:\Windows\System\UAHTuzM.exe
  C:\Windows\System\UAHTuzM.exe
  2⤵
  PID:13288
- C:\Windows\System\JxMAfvA.exe
  C:\Windows\System\JxMAfvA.exe
  2⤵
  PID:3260
- C:\Windows\System\YsFjOYT.exe
  C:\Windows\System\YsFjOYT.exe
  2⤵
  PID:12952
- C:\Windows\System\PLgSSLy.exe
  C:\Windows\System\PLgSSLy.exe
  2⤵
  PID:13272
- C:\Windows\System\gcKVYpH.exe
  C:\Windows\System\gcKVYpH.exe
  2⤵
  PID:12896
- C:\Windows\System\eQGiuws.exe
  C:\Windows\System\eQGiuws.exe
  2⤵
  PID:2404
- C:\Windows\System\lFffxBM.exe
  C:\Windows\System\lFffxBM.exe
  2⤵
  PID:2104
- C:\Windows\System\ymdtSBK.exe
  C:\Windows\System\ymdtSBK.exe
  2⤵
  PID:13320
- C:\Windows\System\GQiXzgO.exe
  C:\Windows\System\GQiXzgO.exe
  2⤵
  PID:13348
- C:\Windows\System\PXCAyUO.exe
  C:\Windows\System\PXCAyUO.exe
  2⤵
  PID:13376
- C:\Windows\System\mMtuMun.exe
  C:\Windows\System\mMtuMun.exe
  2⤵
  PID:13404
- C:\Windows\System\EwjItqE.exe
  C:\Windows\System\EwjItqE.exe
  2⤵
  PID:13432
- C:\Windows\System\HYiWdyU.exe
  C:\Windows\System\HYiWdyU.exe
  2⤵
  PID:13460
- C:\Windows\System\ABvCoyD.exe
  C:\Windows\System\ABvCoyD.exe
  2⤵
  PID:13488
- C:\Windows\System\bEURJQB.exe
  C:\Windows\System\bEURJQB.exe
  2⤵
  PID:13516
- C:\Windows\System\IvIqPBc.exe
  C:\Windows\System\IvIqPBc.exe
  2⤵
  PID:13544
- C:\Windows\System\zvZUARA.exe
  C:\Windows\System\zvZUARA.exe
  2⤵
  PID:13572
- C:\Windows\System\Unyrmwl.exe
  C:\Windows\System\Unyrmwl.exe
  2⤵
  PID:13600
- C:\Windows\System\JCEbbbP.exe
  C:\Windows\System\JCEbbbP.exe
  2⤵
  PID:13628
- C:\Windows\System\nqPlKAv.exe
  C:\Windows\System\nqPlKAv.exe
  2⤵
  PID:13656
- C:\Windows\System\mKaxUMN.exe
  C:\Windows\System\mKaxUMN.exe
  2⤵
  PID:13684
- C:\Windows\System\BvfRUIu.exe
  C:\Windows\System\BvfRUIu.exe
  2⤵
  PID:13712
- C:\Windows\System\KWxYDQR.exe
  C:\Windows\System\KWxYDQR.exe
  2⤵
  PID:13740
- C:\Windows\System\CNxNMfx.exe
  C:\Windows\System\CNxNMfx.exe
  2⤵
  PID:13768
- C:\Windows\System\SqnnRyG.exe
  C:\Windows\System\SqnnRyG.exe
  2⤵
  PID:13796
- C:\Windows\System\lvUyjrA.exe
  C:\Windows\System\lvUyjrA.exe
  2⤵
  PID:13824
- C:\Windows\System\lpoAPzz.exe
  C:\Windows\System\lpoAPzz.exe
  2⤵
  PID:13852
- C:\Windows\System\dDtIGqm.exe
  C:\Windows\System\dDtIGqm.exe
  2⤵
  PID:13880
- C:\Windows\System\mbmrLQo.exe
  C:\Windows\System\mbmrLQo.exe
  2⤵
  PID:13908
- C:\Windows\System\euCzCQd.exe
  C:\Windows\System\euCzCQd.exe
  2⤵
  PID:13936
- C:\Windows\System\kecXggl.exe
  C:\Windows\System\kecXggl.exe
  2⤵
  PID:13964
- C:\Windows\System\GHkiXHG.exe
  C:\Windows\System\GHkiXHG.exe
  2⤵
  PID:13992
- C:\Windows\System\gillYAt.exe
  C:\Windows\System\gillYAt.exe
  2⤵
  PID:14020
- C:\Windows\System\slIbQqR.exe
  C:\Windows\System\slIbQqR.exe
  2⤵
  PID:14048
- C:\Windows\System\dNROAVy.exe
  C:\Windows\System\dNROAVy.exe
  2⤵
  PID:14076
- C:\Windows\System\FuuDniU.exe
  C:\Windows\System\FuuDniU.exe
  2⤵
  PID:14104
- C:\Windows\System\jqnjaBs.exe
  C:\Windows\System\jqnjaBs.exe
  2⤵
  PID:14132
- C:\Windows\System\PDdnZYR.exe
  C:\Windows\System\PDdnZYR.exe
  2⤵
  PID:14160
- C:\Windows\System\ACqcJkW.exe
  C:\Windows\System\ACqcJkW.exe
  2⤵
  PID:14188
- C:\Windows\System\uKRKyQO.exe
  C:\Windows\System\uKRKyQO.exe
  2⤵
  PID:14228
- C:\Windows\System\uPskthM.exe
  C:\Windows\System\uPskthM.exe
  2⤵
  PID:14244
- C:\Windows\System\ITqCBmd.exe
  C:\Windows\System\ITqCBmd.exe
  2⤵
  PID:14272
- C:\Windows\System\WSBuwCq.exe
  C:\Windows\System\WSBuwCq.exe
  2⤵
  PID:14300
- C:\Windows\System\NPThJRK.exe
  C:\Windows\System\NPThJRK.exe
  2⤵
  PID:14328
- C:\Windows\System\ptmMwAs.exe
  C:\Windows\System\ptmMwAs.exe
  2⤵
  PID:13344
- C:\Windows\System\jPrYXLx.exe
  C:\Windows\System\jPrYXLx.exe
  2⤵
  PID:208
- C:\Windows\System\RGoHocV.exe
  C:\Windows\System\RGoHocV.exe
  2⤵
  PID:3404
- C:\Windows\System\qbxOoxr.exe
  C:\Windows\System\qbxOoxr.exe
  2⤵
  PID:13444
- C:\Windows\System\TsbXXEO.exe
  C:\Windows\System\TsbXXEO.exe
  2⤵
  PID:956
- C:\Windows\System\ljnEFxe.exe
  C:\Windows\System\ljnEFxe.exe
  2⤵
  PID:4340
- C:\Windows\System\jjiZbTn.exe
  C:\Windows\System\jjiZbTn.exe
  2⤵
  PID:5068
- C:\Windows\System\voGCJcN.exe
  C:\Windows\System\voGCJcN.exe
  2⤵
  PID:13592
- C:\Windows\System\BXJeTnW.exe
  C:\Windows\System\BXJeTnW.exe
  2⤵
  PID:13640
- C:\Windows\System\tWXVePq.exe
  C:\Windows\System\tWXVePq.exe
  2⤵
  PID:13680
- C:\Windows\System\mbsIsuq.exe
  C:\Windows\System\mbsIsuq.exe
  2⤵
  PID:13708
- C:\Windows\System\zGHseXR.exe
  C:\Windows\System\zGHseXR.exe
  2⤵
  PID:1972
- C:\Windows\System\bmKiMgr.exe
  C:\Windows\System\bmKiMgr.exe
  2⤵
  PID:13788
- C:\Windows\System\ixlDriu.exe
  C:\Windows\System\ixlDriu.exe
  2⤵
  PID:13836
- C:\Windows\System\iefIkoL.exe
  C:\Windows\System\iefIkoL.exe
  2⤵
  PID:13932
- C:\Windows\System\zqypnLm.exe
  C:\Windows\System\zqypnLm.exe
  2⤵
  PID:2272
- C:\Windows\System\bwmopYh.exe
  C:\Windows\System\bwmopYh.exe
  2⤵
  PID:13984
- C:\Windows\System\tQBDFEr.exe
  C:\Windows\System\tQBDFEr.exe
  2⤵
  PID:14040
- C:\Windows\System\QLGEJhq.exe
  C:\Windows\System\QLGEJhq.exe
  2⤵
  PID:14100
- C:\Windows\System\KLchSna.exe
  C:\Windows\System\KLchSna.exe
  2⤵
  PID:14172
- C:\Windows\System\KCgMAez.exe
  C:\Windows\System\KCgMAez.exe
  2⤵
  PID:996
- C:\Windows\System\xsNLHFY.exe
  C:\Windows\System\xsNLHFY.exe
  2⤵
  PID:1336
- C:\Windows\System\olBPtQj.exe
  C:\Windows\System\olBPtQj.exe
  2⤵
  PID:3800
- C:\Windows\System\cWkINtP.exe
  C:\Windows\System\cWkINtP.exe
  2⤵
  PID:4524
- C:\Windows\System\jMwkasz.exe
  C:\Windows\System\jMwkasz.exe
  2⤵
  PID:13340
- C:\Windows\System\lBBhKNX.exe
  C:\Windows\System\lBBhKNX.exe
  2⤵
  PID:13372
- C:\Windows\System\HlcnRWt.exe
  C:\Windows\System\HlcnRWt.exe
  2⤵
  PID:13428
- C:\Windows\System\MKbfOqv.exe
  C:\Windows\System\MKbfOqv.exe
  2⤵
  PID:1760
- C:\Windows\System\IxxHBUE.exe
  C:\Windows\System\IxxHBUE.exe
  2⤵
  PID:5056
- C:\Windows\System\llXJpkM.exe
  C:\Windows\System\llXJpkM.exe
  2⤵
  PID:2144
- C:\Windows\System\ngWbJkK.exe
  C:\Windows\System\ngWbJkK.exe
  2⤵
  PID:2176
- C:\Windows\System\NZdLYdO.exe
  C:\Windows\System\NZdLYdO.exe
  2⤵
  PID:4844
- C:\Windows\System\VDCJWsd.exe
  C:\Windows\System\VDCJWsd.exe
  2⤵
  PID:13872
- C:\Windows\System\gcLheES.exe
  C:\Windows\System\gcLheES.exe
  2⤵
  PID:13976
- C:\Windows\System\JRzWWph.exe
  C:\Windows\System\JRzWWph.exe
  2⤵
  PID:14156
- C:\Windows\System\dMoGKRd.exe
  C:\Windows\System\dMoGKRd.exe
  2⤵
  PID:5344
- C:\Windows\System\oYEXexV.exe
  C:\Windows\System\oYEXexV.exe
  2⤵
  PID:2480
- C:\Windows\System\ebgyYee.exe
  C:\Windows\System\ebgyYee.exe
  2⤵
  PID:5444
- C:\Windows\System\xioDXTT.exe
  C:\Windows\System\xioDXTT.exe
  2⤵
  PID:4488
- C:\Windows\System\ZorVHOq.exe
  C:\Windows\System\ZorVHOq.exe
  2⤵
  PID:2184
- C:\Windows\System\rHeblCK.exe
  C:\Windows\System\rHeblCK.exe
  2⤵
  PID:5524
- C:\Windows\System\fJFVLNI.exe
  C:\Windows\System\fJFVLNI.exe
  2⤵
  PID:13668
- C:\Windows\System\IyYaYgB.exe
  C:\Windows\System\IyYaYgB.exe
  2⤵
  PID:13752
- C:\Windows\System\YKWrEkZ.exe
  C:\Windows\System\YKWrEkZ.exe
  2⤵
  PID:13876
- C:\Windows\System\cDNBcSl.exe
  C:\Windows\System\cDNBcSl.exe
  2⤵
  PID:14152
- C:\Windows\System\XacWOCJ.exe
  C:\Windows\System\XacWOCJ.exe
  2⤵
  PID:5336
- C:\Windows\System\OTjUztZ.exe
  C:\Windows\System\OTjUztZ.exe
  2⤵
  PID:1956
- C:\Windows\System\YEtdRXb.exe
  C:\Windows\System\YEtdRXb.exe
  2⤵
  PID:5768
- C:\Windows\System\TQtOguL.exe
  C:\Windows\System\TQtOguL.exe
  2⤵
  PID:5836
- C:\Windows\System\JSNxvqG.exe
  C:\Windows\System\JSNxvqG.exe
  2⤵
  PID:5872
- C:\Windows\System\xRnsPun.exe
  C:\Windows\System\xRnsPun.exe
  2⤵
  PID:5920
- C:\Windows\System\YiEnXtH.exe
  C:\Windows\System\YiEnXtH.exe
  2⤵
  PID:14180
- C:\Windows\System\mAwEaUb.exe
  C:\Windows\System\mAwEaUb.exe
  2⤵
  PID:5400
- C:\Windows\System\IloQpCE.exe
  C:\Windows\System\IloQpCE.exe
  2⤵
  PID:6008
- C:\Windows\System\wRmObFU.exe
  C:\Windows\System\wRmObFU.exe
  2⤵
  PID:6116
- C:\Windows\System\fYBBAnr.exe
  C:\Windows\System\fYBBAnr.exe
  2⤵
  PID:3472
- C:\Windows\System\gKmmHVm.exe
  C:\Windows\System\gKmmHVm.exe
  2⤵
  PID:5172
- C:\Windows\System\rNktHkB.exe
  C:\Windows\System\rNktHkB.exe
  2⤵
  PID:5224
- C:\Windows\System\LHKlKrr.exe
  C:\Windows\System\LHKlKrr.exe
  2⤵
  PID:4988
- C:\Windows\System\VDGiQfi.exe
  C:\Windows\System\VDGiQfi.exe
  2⤵
  PID:3284
- C:\Windows\System\CanbymY.exe
  C:\Windows\System\CanbymY.exe
  2⤵
  PID:4356
- C:\Windows\System\ETgTKSo.exe
  C:\Windows\System\ETgTKSo.exe
  2⤵
  PID:5540
- C:\Windows\System\AMekebS.exe
  C:\Windows\System\AMekebS.exe
  2⤵
  PID:14128
- C:\Windows\System\qZnqVZI.exe
  C:\Windows\System\qZnqVZI.exe
  2⤵
  PID:432
- C:\Windows\System\XmBpnUs.exe
  C:\Windows\System\XmBpnUs.exe
  2⤵
  PID:6012
- C:\Windows\System\qKFekim.exe
  C:\Windows\System\qKFekim.exe
  2⤵
  PID:6088
- C:\Windows\System\BWjKvRj.exe
  C:\Windows\System\BWjKvRj.exe
  2⤵
  PID:5580
- C:\Windows\System\DjGyHei.exe
  C:\Windows\System\DjGyHei.exe
  2⤵
  PID:5228
- C:\Windows\System\ElYaFar.exe
  C:\Windows\System\ElYaFar.exe
  2⤵
  PID:3504
- C:\Windows\System\mwLnMVi.exe
  C:\Windows\System\mwLnMVi.exe
  2⤵
  PID:5660
- C:\Windows\System\uiXuvQp.exe
  C:\Windows\System\uiXuvQp.exe
  2⤵
  PID:5884
- C:\Windows\System\bATgIWy.exe
  C:\Windows\System\bATgIWy.exe
  2⤵
  PID:896
- C:\Windows\System\lQZsDCK.exe
  C:\Windows\System\lQZsDCK.exe
  2⤵
  PID:2260
- C:\Windows\System\reErbTg.exe
  C:\Windows\System\reErbTg.exe
  2⤵
  PID:4216
- C:\Windows\System\Hztjxnt.exe
  C:\Windows\System\Hztjxnt.exe
  2⤵
  PID:2856
- C:\Windows\System\myAkPTt.exe
  C:\Windows\System\myAkPTt.exe
  2⤵
  PID:4888
- C:\Windows\System\zywYpwn.exe
  C:\Windows\System\zywYpwn.exe
  2⤵
  PID:6184
- C:\Windows\System\OeaOdcE.exe
  C:\Windows\System\OeaOdcE.exe
  2⤵
  PID:6268
- C:\Windows\System\EStAPrt.exe
  C:\Windows\System\EStAPrt.exe
  2⤵
  PID:14544
- C:\Windows\System\jFZnLVO.exe
  C:\Windows\System\jFZnLVO.exe
  2⤵
  PID:14560
- C:\Windows\System\TpnbSCQ.exe
  C:\Windows\System\TpnbSCQ.exe
  2⤵
  PID:14588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BcbzxCP.exe

Filesize
6.0MB

MD5
14fb2b0179e700d67a0dcac05037c050

SHA1
829bb1da1727c877c00e8cfaf618448af462ebcc

SHA256
0a285e8083e2376fcfd4383e7c7a9ce50cb46da882ceb217a6933e957d49fc39

SHA512
045df3dfb340737681b4ff7d085526ebc3101926420b5405ca35ed43f5a5a74fae0d8dba273a0dd971ede2d8cd5c1a54998736f95a94c0412f11a23889354651

Download Submit
C:\Windows\System\CjSeOOr.exe

Filesize
6.0MB

MD5
e2ce68dbbe0a3c496c302e49619c4392

SHA1
377af14efa6692edb47bbafb757ec89e316e7ef2

SHA256
aff0183d6ede3c6fa4a70fbb54074f8031ff1bdee1b14107f8bff7059b010083

SHA512
ba92321e72238c119dddc0b8de993415d0e0628df5866917c18287287c4152b831141f5aa6bfbe5efb1fc9c520b92307fa242b6867802d3550a80fc205fbf1b0

Download Submit
C:\Windows\System\EhtCNuP.exe

Filesize
6.0MB

MD5
bceff64ac2fe1c6e18dc961b0d11d37b

SHA1
b231538966fc0c295f3bc54b8c561a087f62fb32

SHA256
54c887be1f50ad08d14256b799d288cdedc351514a87d99f220d084c209064f0

SHA512
f917d3d07416153d6062e65dbb0fd4f8fc23ebdb8d1f51ede60ca9299b201ceb5f4a518cfe3fa6da9fc72bfadf54a9e2f205ef5b6d9fe4a699e1fd15c6ad0ff6

Download Submit
C:\Windows\System\EjfaoNB.exe

Filesize
6.0MB

MD5
6e0b1920cd71a0482e754bf5943af85f

SHA1
eebf6f59d261dbafe7228f6e761e0ad53748caa0

SHA256
8342e23ca6ca037f5c9f745d8dc32d1ab22492ed20b1445c75dda597bbd2af1f

SHA512
c44b70120f55e5c99c1a8937440f22328314e9945f1b60da9aeccb75343ff2472d331fd0c8f0e176cc7e618fb49a22686fa022fb99ffdf738cfcbc13764048bf

Download Submit
C:\Windows\System\JiBCgxr.exe

Filesize
6.0MB

MD5
2d80b58c5cb62459fbf3f97ac6ffbbce

SHA1
9fc089fc1803c7cde0ab007189092622b9a8936e

SHA256
874a22b260ec9427c8a43d9b36065ec93ff0fed6c41ea9816691d826387cbc31

SHA512
03af12c2796c1b588b81f6307d5077f6d2ff8780e271085b76b95da540db91ab1ed4ed01faf8d884ec3aa8f1fcf25545a75cc18fbe6bb24eb5a9ee9abd7f9491

Download Submit
C:\Windows\System\MzVpEUw.exe

Filesize
6.0MB

MD5
cbd83b4a03da2131424a9274bcebde3e

SHA1
b667ec5523672c7185e437592e4194d43d4114f9

SHA256
65a94f9a645702277aa6742ec32836580500ba8c88b51993770ea17d80b412b6

SHA512
27ba313894cd89ef187ee5c1df71e6f91f8b0108b4f55aa47587b85b2eaf03c727c402d57ca62de7fe5c47db894e40bf0c7a4ecd60a602599b890a1ad6eb8553

Download Submit
C:\Windows\System\OHBfyEw.exe

Filesize
6.0MB

MD5
123da05e503cc30e71f11b969270eda8

SHA1
0561332b72a0c74e53826708eac77b3abdec10b6

SHA256
5c5559186c17d3cb7389c5705d52336527d1c22c32edaa7dc6c74599efb94e8f

SHA512
bd128b776a2b16628a6ed63d2f31f810e41dbb1fb0d90389c4806b85afe946a341a66fa1609f88ac987c36cb75c8743b6f19de9103244b59df3b707b539dfcee

Download Submit
C:\Windows\System\PbqGFVH.exe

Filesize
6.0MB

MD5
24f15d0c5ff04631eaf280dfd576e032

SHA1
51ed8adcbadd3bc03b72c3646594b5669904e874

SHA256
bbf2b1b4ce67d9e2f70f94604225fdd1d1d97178663d089dc80f648fbb974cea

SHA512
6d20b0368e16cd54019c7bbf5a91520c2cb86cddcdb8a85e6f1fe8acdedb9bacea939b72b75247bc82e3ac04ecf53bcf9c89dedae9eb47a585753c2333ca90f1

Download Submit
C:\Windows\System\QFTSFVN.exe

Filesize
6.0MB

MD5
4cadb644e2d70d4f23826cf29a8a6f7d

SHA1
be1d55fbb3b30910b370795b71fe52ad42a78a53

SHA256
66768e1ff6d799b5ffbc840dd25c8da0a988ee0fe7abbf26d2ade01b35b78f66

SHA512
e8b82792aedc200d74d800b59294d94107a7e68102bdf805e26f98fe3151e122f1411c2f6f675ee4ed32d53867e39336e0388b7d089fc28f7ae41888dc7a311f

Download Submit
C:\Windows\System\SjbIAGH.exe

Filesize
6.0MB

MD5
0b2b64030a02c2b38ba4a5acad3007e5

SHA1
6cc3689ad0f0c037db64db1a67cb04e5cb90bbd0

SHA256
a480dce47745941c15ea0e777121b2c69eab92d609312c564a6c493ca8607cc6

SHA512
75b5506a51a6b2b736b62b84f1bbf5feb1340faf16132638682ac634a4c2ada412661883c9a5dcdd5953643a63ea6cfe0193cb2b8b940e8d69a72149386ecebe

Download Submit
C:\Windows\System\TniLjbW.exe

Filesize
6.0MB

MD5
90446ea653223648baec8897b6195d3f

SHA1
a18f590034a35a9cbd482939fb7b19a701a5ad01

SHA256
c777c56959e1d6c64c9930621a2883e8f45d43c7a012e84237a8ff8823d86998

SHA512
bd930bf7eb8b489b8b2de89dad5a6b746762a492b9a2cbb102a4830a4c3af32fc14be3d4f2d16760c7044944d6124d198faceb28bbf038ae25f6ee768521111b

Download Submit
C:\Windows\System\WoVNmto.exe

Filesize
6.0MB

MD5
0093dcb2f65ddba67cb4034751b7f11c

SHA1
9d3d72cc555b506155ae61cfd240cee1c7271b8e

SHA256
b071868f5c304ac9443cb9b00cfcc2e7a63bb61cde338550f80a79d7d5e228bf

SHA512
de10f01393649f190b8d8ed1980148bba82fd170b4d4493edafa1f90553b0c867ef53a42c836d3d52e5e095e17e5554ba8b911480e51df46a0800adcde67b1bb

Download Submit
C:\Windows\System\XMMsdxc.exe

Filesize
6.0MB

MD5
82735f6c85273a723db9654e501af592

SHA1
f7e601b921d973ce58c73f4851ded62b92bc4880

SHA256
9532764764b17320dc71f9b0ff5ad3c03c48541933ce6a65dafa300a08cff187

SHA512
c107da1252392622b8f183480b138e449302590b73b1e54cbd88cbb4007c37aa16b67fd2b11f47699674fc00b0fe04ee6b992629bad2ccc2471ec67dd5dec720

Download Submit
C:\Windows\System\XODRXLi.exe

Filesize
6.0MB

MD5
8d4735b3ab913b960fb1153f6a1dd317

SHA1
a1da5134f37acfe289179f189c8fb9cfc54ee421

SHA256
984a2daabdeb783f23a0c8f6b6c0f34f0122942b11525c2b0404cb35df2b0648

SHA512
492f25976ad7a7612ac1efca37514ae1287a8b07fa885606df025d05ad68d1040bfc33b3e01501082118273760996365c98273ae7e4189afa14ceed71cb6b050

Download Submit
C:\Windows\System\XPSVjMZ.exe

Filesize
6.0MB

MD5
c2225d2ccfe11a1d0e5cac0404e80b25

SHA1
af021c2b88921fd0ac5e1a833122eb5bf243250d

SHA256
8bd943375f18e7441e35b4d0c606c01bbfe4bad99bc55879ce52ce3b0ca51e01

SHA512
a2bdb436df71f9737b6870add2f01037e269edd3118709cbee93c4674658ed28b7150d704e8fa01a60c85c1c45740e7e220a1cc223f1240745b607b801794738

Download Submit
C:\Windows\System\XarifUK.exe

Filesize
6.0MB

MD5
4b7b5a952c71b8b265416f7d4ecaa3cc

SHA1
23a7aaa2c14d1d73bdafb91a19aa221d1a758a50

SHA256
0cba10334b43e2fac9113ec2a7b1b805b4c77bb7be6912fcde1c2734a13f0246

SHA512
9f1cd5976c3315fdd03f48a59bdd8b63864bc7a9ce2ffe5402f017dced9b5339d719b1fdaf3d9887716b3d460cb988b5f009e2786bf1f3569debe922736ba5c1

Download Submit
C:\Windows\System\Xdbncaf.exe

Filesize
6.0MB

MD5
f4167e0d5f86ba3403b3fd58bab81630

SHA1
6c55527aa2d1d77057995f0a23eb63d9aacfb59e

SHA256
e0db0036e122be353e073dc55da764d03c2dbc934f9fa9928b98b94345e44727

SHA512
2d8d937cca114cd49fc6dc264410741af8f99b276f8be0b35b838a1a6258a33650ad3806ddfd37e533c0d885185b547c1620169de5e3d7495710ac1e722b9aa5

Download Submit
C:\Windows\System\cdqlxhf.exe

Filesize
6.0MB

MD5
b826871a14fb6a72609275f46e7733fe

SHA1
0b4b8605f57551faed8f9defdddaaa4030b6ca49

SHA256
ce6babc252043ac399dca9e8c120f253d4b75e8d3bc420fbbbb2a66cee76b97a

SHA512
5637abc933ef026b410a9073fd3627d164e022656e8e5d146765a03f9677d457162b1777928c61d88e3fc0a21658bd83d1f6c591467ccb9620b9875ed62d916c

Download Submit
C:\Windows\System\dlmEsMD.exe

Filesize
6.0MB

MD5
9b6971341c7e6ce0ecfd61d171cba118

SHA1
19f739215f5e413eda78538e21baa30a03959f43

SHA256
62cd0ffce5d8d0d2aba5e90fcf1e6942c7ca08292b1d37333e95df58b386959a

SHA512
a7592b47a424cd3211ea8a3f6fe183cea3dbd7875a97682aefd1474ea56a5c0f3a5e53bf2671847afb72ac72d2e5ab4042139f3aab8dca992053f3e61df80184

Download Submit
C:\Windows\System\eAuwhqL.exe

Filesize
6.0MB

MD5
12891541c023d5ec5e9bdedd671967fd

SHA1
f462b0fff98a571f8c46ab7f35e2d4da9f26d40c

SHA256
f579189bf352e2cda47771a75520f97fbe34d97efcd3d955c1cf0a85b23617d8

SHA512
559aef82b33517c02d5d9c5183013ebe47274073436fede12522d34115eac4b73ef629a6f2f3f0e1909e352be4345cbbd1b70adfb96de109401904cb3c81bf76

Download Submit
C:\Windows\System\fCxFMGv.exe

Filesize
6.0MB

MD5
54e9b19b4cbf4eaaf2aef1f2bab38f1a

SHA1
97064aab874fe670a195ce8515865ea178ec05aa

SHA256
97da03043ad3dffddb29f14a366bbc02cf52a73344b374370aff0403098489cd

SHA512
9d66319196810d289e59a5ac9a30d7c8be3dcb8285e0f0129f1c66253b294eb04077b1e7b71f6a139ac27ad30bdaafe62886dddec4372623a01b2a15cb21ae78

Download Submit
C:\Windows\System\lRbvLdw.exe

Filesize
6.0MB

MD5
9e06511517941198c802e3cfe135e826

SHA1
58bf3f3b1dd1c8e9257261b17f5a5992405b4968

SHA256
1f8431f9386b29a208354e074051dd0f932ef435ed6d9bc80e0f29abe752f52d

SHA512
6f853118edfc6d145a1e2515690a2e2711871c483d7d844509e511328f8f01a76d77999913bcbc63b7c4345dcd04014d32dc145cd4a1ba98f72f4fda4266dd52

Download Submit
C:\Windows\System\mGFXsiB.exe

Filesize
6.0MB

MD5
715c44a426cfec7fafdd298d94043e3e

SHA1
04bfd50c9b5977623cfe7f175d5850d88714d18d

SHA256
bf11f71add536eb6dbf6bfe48222eb9b6281ce5f2dae8de05c8c7eceb01f45b2

SHA512
0981d6729ffbde86780bbec0d8b9744f06323723fa5969aefc6faebd87ab1464909c190224b3c230c3a74d9765cb041cd279df22f841cac387e206b258bb41ed

Download Submit
C:\Windows\System\nUOsuJC.exe

Filesize
6.0MB

MD5
b1f8a6bd716d51f3ac96cd258ce03454

SHA1
94482130c8714e78521e3c221e163f27486a87d7

SHA256
d3ebeca30037d382e95776947c836d6e2c5ff965dfecebf5e9f3ac8b55ccdedd

SHA512
7902d0e73986f96d74a5c7f19d2f240b36a009c7c5a1ee4e6fb71e1db69f22804c6046e65d241a581ad08a7fb7584f2e2beead101288d40b5c0660e16ad28927

Download Submit
C:\Windows\System\pkgGfTD.exe

Filesize
6.0MB

MD5
fdc4f61603a93173650f3e46365c7cf3

SHA1
c0fea19c481d75eddde25657c82f0e65e9027bd3

SHA256
4468c6dd1b0c4bd9a2cb7de954726dfb4896f8cd9ecb08aed4730a4b72dfb988

SHA512
e13f68d60a95d769771ed1e65121659620a4d17e7b50d64d7ea0b9da8e2b858fcf1f7a1f185ecf1f51505a9cfe5711309295b15add7846103dd6f20dcdd0b46f

Download Submit
C:\Windows\System\snNKoKP.exe

Filesize
6.0MB

MD5
620bd65b9a0da6c5dcde9a9f5616b645

SHA1
c2e08e29e8d2ae559e0d64e5b591fe79b05c6fa5

SHA256
60de43e62eca8b7ecc5ce4db9a97bece1fd5892eba45133d38038350be4e0e22

SHA512
1b70ee2d412642690be0c7e33eadc9fe407252a8753f1c3ea4f5b91f31e78cb8e006b98c28abc6337974498313c6bf97711042a7bb00aad6ec2d6f76bbca1f56

Download Submit
C:\Windows\System\tRsHuWl.exe

Filesize
6.0MB

MD5
a88560c09d4d10f9b1315f770360f541

SHA1
3d7611ad06e9f012886bddb797c78ad4f681a618

SHA256
78124a7a6ebbaf66a7a1d4cee05e5b1b1e521dcf6b5c6570ade1b9433898b1bd

SHA512
173a248a475fef38e0377dbb5493f9dcf8dbb318dc589992e60ee35e3cca315e7f14bc2820b4e176b393fa51b7fb4396b9a5aa79328460d325444368c9c15326

Download Submit
C:\Windows\System\vJjgHHa.exe

Filesize
6.0MB

MD5
6bd66ef43d5f0c055215631251cf8430

SHA1
2fcce8a502fd8679be6a9827204e12dc1d4e5457

SHA256
8225abdd1c65d5e25f31a0b302c04829d227995fa071fefd7db92134287ea7a2

SHA512
099670c72a8ada53c3f7e5512331629ef80ee0cedb685b9801881f8e8805c5bb5d6b3f1f4d1fb2cb4b3ffa749ac4fab3e3d4c9f7ce0b49fb1211cec62410cd5f

Download Submit
C:\Windows\System\wIyhuIv.exe

Filesize
6.0MB

MD5
97b8262981e54ff8161064c93814f372

SHA1
b234cfedb8b60e981b528aa9aa82bd1f76039b89

SHA256
1ac5484b43a893dce158595dd14d9b9fcab56811d53e3846d341015bdab47535

SHA512
fef6bcadbd31004c3084569caf4d67632d6ca8cafd0e0842dcf163f3606e3b2ce6d6acd38612b4cbf3ae622636756bf1a1a9d40a19507c7438fc6d06fa9ee69f

Download Submit
C:\Windows\System\xfDquxw.exe

Filesize
6.0MB

MD5
3a077617d29203b55761894987bd568d

SHA1
7b29e555af6f3be57f924d225d3cdffe844384d0

SHA256
a4524435a38791c5e3aac80be4fffbe526b73087aef459ecc000b5469c901cbe

SHA512
cf5b271dd473f5182611cb8609189b79fbce3ce28543c1364e8cc6d47b0ac50c4afd711c9d9d6e03c7f7852fd0ff9bfc73c3de745b0a3ae8fd8a5235cca5f1e0

Download Submit
C:\Windows\System\yJXpxlB.exe

Filesize
6.0MB

MD5
d6fe3052170310e3120bd39bc178dac8

SHA1
c8fe910e0213f92294f303352d8845d2e331abb0

SHA256
c37b90e954ed7ad0402224ab2382227c9c6ff61cf49d066447f607066a22049f

SHA512
bcdbf92eab4248dcc52f7e72d678a1cc28dad721716ee8291b368c63476c3d2dbe9014029f0af8b70b262d9c04c7a8a4903ed0c5634f168afa48a9eec9790ac0

Download Submit
C:\Windows\System\yoZcrMI.exe

Filesize
6.0MB

MD5
a6d6cde986d87ff527452c3eda532079

SHA1
935d674a0378309911809a42e2f7f2a2a7d06ce9

SHA256
8f797b716426e0255dba82ca0c42be98684f0019315a5e2ab9f2b7045c60aea0

SHA512
c5db7cd2c82e8a4c4c513c98ae9c72f45e415937ee35fc1ffbc14b229ff0811fafc50732f1c8ea6a4f7bbf23569e600365b129b32e9d5ae01d7d979307867a4a

Download Submit
memory/408-80-0x00007FF6421A0000-0x00007FF6424F4000-memory.dmp

Filesize
3.3MB

Download
memory/408-1678-0x00007FF6421A0000-0x00007FF6424F4000-memory.dmp

Filesize
3.3MB

Download
memory/408-164-0x00007FF6421A0000-0x00007FF6424F4000-memory.dmp

Filesize
3.3MB

Download
memory/456-1308-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp

Filesize
3.3MB

Download
memory/456-72-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp

Filesize
3.3MB

Download
memory/456-23-0x00007FF7EFB00000-0x00007FF7EFE54000-memory.dmp

Filesize
3.3MB

Download
memory/620-142-0x00007FF796FB0000-0x00007FF797304000-memory.dmp

Filesize
3.3MB

Download
memory/620-342-0x00007FF796FB0000-0x00007FF797304000-memory.dmp

Filesize
3.3MB

Download
memory/620-1691-0x00007FF796FB0000-0x00007FF797304000-memory.dmp

Filesize
3.3MB

Download
memory/808-130-0x00007FF71B700000-0x00007FF71BA54000-memory.dmp

Filesize
3.3MB

Download
memory/808-1699-0x00007FF71B700000-0x00007FF71BA54000-memory.dmp

Filesize
3.3MB

Download
memory/808-220-0x00007FF71B700000-0x00007FF71BA54000-memory.dmp

Filesize
3.3MB

Download
memory/972-1692-0x00007FF7C0660000-0x00007FF7C09B4000-memory.dmp

Filesize
3.3MB

Download
memory/972-116-0x00007FF7C0660000-0x00007FF7C09B4000-memory.dmp

Filesize
3.3MB

Download
memory/972-198-0x00007FF7C0660000-0x00007FF7C09B4000-memory.dmp

Filesize
3.3MB

Download
memory/1036-578-0x00007FF6C3FF0000-0x00007FF6C4344000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2290-0x00007FF6C3FF0000-0x00007FF6C4344000-memory.dmp

Filesize
3.3MB

Download
memory/1036-178-0x00007FF6C3FF0000-0x00007FF6C4344000-memory.dmp

Filesize
3.3MB

Download
memory/1168-110-0x00007FF786D20000-0x00007FF787074000-memory.dmp

Filesize
3.3MB

Download
memory/1168-184-0x00007FF786D20000-0x00007FF787074000-memory.dmp

Filesize
3.3MB

Download
memory/1168-1684-0x00007FF786D20000-0x00007FF787074000-memory.dmp

Filesize
3.3MB

Download
memory/1512-90-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp

Filesize
3.3MB

Download
memory/1512-1353-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp

Filesize
3.3MB

Download
memory/1512-36-0x00007FF7C8610000-0x00007FF7C8964000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2247-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp

Filesize
3.3MB

Download
memory/1596-177-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp

Filesize
3.3MB

Download
memory/1784-81-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp

Filesize
3.3MB

Download
memory/1784-1335-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp

Filesize
3.3MB

Download
memory/1784-30-0x00007FF73C0C0000-0x00007FF73C414000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1305-0x00007FF68D000000-0x00007FF68D354000-memory.dmp

Filesize
3.3MB

Download
memory/1848-24-0x00007FF68D000000-0x00007FF68D354000-memory.dmp

Filesize
3.3MB

Download
memory/2036-118-0x00007FF677290000-0x00007FF6775E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-42-0x00007FF677290000-0x00007FF6775E4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1526-0x00007FF677290000-0x00007FF6775E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-136-0x00007FF6DF890000-0x00007FF6DFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-287-0x00007FF6DF890000-0x00007FF6DFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1697-0x00007FF6DF890000-0x00007FF6DFBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1688-0x00007FF7B1DE0000-0x00007FF7B2134000-memory.dmp

Filesize
3.3MB

Download
memory/2380-123-0x00007FF7B1DE0000-0x00007FF7B2134000-memory.dmp

Filesize
3.3MB

Download
memory/2708-55-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp

Filesize
3.3MB

Download
memory/2708-8-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1289-0x00007FF6359C0000-0x00007FF635D14000-memory.dmp

Filesize
3.3MB

Download
memory/2872-114-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1693-0x00007FF6A96E0000-0x00007FF6A9A34000-memory.dmp

Filesize
3.3MB

Download
memory/3064-150-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1683-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-79-0x00007FF6C0780000-0x00007FF6C0AD4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-523-0x00007FF6E3E80000-0x00007FF6E41D4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2243-0x00007FF6E3E80000-0x00007FF6E41D4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-157-0x00007FF6E3E80000-0x00007FF6E41D4000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2238-0x00007FF7E8600000-0x00007FF7E8954000-memory.dmp

Filesize
3.3MB

Download
memory/3584-154-0x00007FF7E8600000-0x00007FF7E8954000-memory.dmp

Filesize
3.3MB

Download
memory/3672-53-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp

Filesize
3.3MB

Download
memory/3672-0-0x00007FF78AB00000-0x00007FF78AE54000-memory.dmp

Filesize
3.3MB

Download
memory/3672-1-0x0000014CBA180000-0x0000014CBA190000-memory.dmp

Filesize
64KB

Download
memory/3792-576-0x00007FF70A800000-0x00007FF70AB54000-memory.dmp

Filesize
3.3MB

Download
memory/3792-169-0x00007FF70A800000-0x00007FF70AB54000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2252-0x00007FF70A800000-0x00007FF70AB54000-memory.dmp

Filesize
3.3MB

Download
memory/3844-183-0x00007FF795DB0000-0x00007FF796104000-memory.dmp

Filesize
3.3MB

Download
memory/3844-1682-0x00007FF795DB0000-0x00007FF796104000-memory.dmp

Filesize
3.3MB

Download
memory/3844-91-0x00007FF795DB0000-0x00007FF796104000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1669-0x00007FF638730000-0x00007FF638A84000-memory.dmp

Filesize
3.3MB

Download
memory/4064-76-0x00007FF638730000-0x00007FF638A84000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2263-0x00007FF784790000-0x00007FF784AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-194-0x00007FF784790000-0x00007FF784AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-691-0x00007FF784790000-0x00007FF784AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4472-1662-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp

Filesize
3.3MB

Download
memory/4472-129-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp

Filesize
3.3MB

Download
memory/4472-49-0x00007FF7A74C0000-0x00007FF7A7814000-memory.dmp

Filesize
3.3MB

Download
memory/4760-1698-0x00007FF61A2D0000-0x00007FF61A624000-memory.dmp

Filesize
3.3MB

Download
memory/4760-218-0x00007FF61A2D0000-0x00007FF61A624000-memory.dmp

Filesize
3.3MB

Download
memory/4760-124-0x00007FF61A2D0000-0x00007FF61A624000-memory.dmp

Filesize
3.3MB

Download
memory/4880-70-0x00007FF631980000-0x00007FF631CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-139-0x00007FF631980000-0x00007FF631CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1668-0x00007FF631980000-0x00007FF631CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-193-0x00007FF7BB7F0000-0x00007FF7BBB44000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2259-0x00007FF7BB7F0000-0x00007FF7BBB44000-memory.dmp

Filesize
3.3MB

Download
memory/4924-62-0x00007FF660270000-0x00007FF6605C4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-1301-0x00007FF660270000-0x00007FF6605C4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-16-0x00007FF660270000-0x00007FF6605C4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-54-0x00007FF63B010000-0x00007FF63B364000-memory.dmp

Filesize
3.3MB

Download
memory/4960-137-0x00007FF63B010000-0x00007FF63B364000-memory.dmp

Filesize
3.3MB

Download
memory/4960-1663-0x00007FF63B010000-0x00007FF63B364000-memory.dmp

Filesize
3.3MB

Download