cobaltstrike | 4e4c64f276f1220c6417dd1a1b6ec77877e60d1aa507f1c16203c4ba9961d68d

Analysis

max time kernel
105s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

2b8cbe9ec0b7faa70eeb1497d0e17bda
SHA1

6cff5cf0f73b9e31d0f1a491e85e2a83e3f31bf7
SHA256

4e4c64f276f1220c6417dd1a1b6ec77877e60d1aa507f1c16203c4ba9961d68d
SHA512

039f0b55996349199d2c1cd4821c352d96051bdd2e2f0f3e27a5d2134c31f618162f80c0e630adbee9de8b9cda88d7c194b4bee26cb5467fef417d2ecd87f039
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00040000000230be-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425f-16.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024260-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024261-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024262-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024263-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024264-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024265-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024266-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024268-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024269-71.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426b-84.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426a-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024267-59.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425e-14.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426c-95.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426e-108.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426f-111.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426d-101.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024271-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024274-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024273-146.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024272-141.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024270-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024275-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024277-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024279-166.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427a-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024278-175.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427b-190.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427d-194.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427e-197.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002427c-192.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/404-0-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp	xmrig
behavioral2/files/0x00040000000230be-4.dat	xmrig
behavioral2/files/0x000700000002425f-16.dat	xmrig
behavioral2/files/0x0007000000024260-22.dat	xmrig
behavioral2/files/0x0007000000024261-28.dat	xmrig
behavioral2/files/0x0007000000024262-31.dat	xmrig
behavioral2/files/0x0007000000024263-36.dat	xmrig
behavioral2/files/0x0007000000024264-41.dat	xmrig
behavioral2/files/0x0007000000024265-49.dat	xmrig
behavioral2/files/0x0007000000024266-52.dat	xmrig
behavioral2/files/0x0007000000024268-64.dat	xmrig
behavioral2/files/0x0007000000024269-71.dat	xmrig
behavioral2/memory/1740-76-0x00007FF7FC6F0000-0x00007FF7FCA44000-memory.dmp	xmrig
behavioral2/memory/1908-79-0x00007FF6B27E0000-0x00007FF6B2B34000-memory.dmp	xmrig
behavioral2/memory/3132-86-0x00007FF7694E0000-0x00007FF769834000-memory.dmp	xmrig
behavioral2/memory/6052-90-0x00007FF7DB150000-0x00007FF7DB4A4000-memory.dmp	xmrig
behavioral2/memory/5840-91-0x00007FF7A1760000-0x00007FF7A1AB4000-memory.dmp	xmrig
behavioral2/memory/4608-89-0x00007FF7D4270000-0x00007FF7D45C4000-memory.dmp	xmrig
behavioral2/memory/1920-88-0x00007FF6DF790000-0x00007FF6DFAE4000-memory.dmp	xmrig
behavioral2/memory/4500-87-0x00007FF70AB70000-0x00007FF70AEC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002426b-84.dat	xmrig
behavioral2/files/0x000700000002426a-82.dat	xmrig
behavioral2/memory/3712-81-0x00007FF75EE60000-0x00007FF75F1B4000-memory.dmp	xmrig
behavioral2/memory/3872-80-0x00007FF6D9740000-0x00007FF6D9A94000-memory.dmp	xmrig
behavioral2/memory/2348-78-0x00007FF69FA40000-0x00007FF69FD94000-memory.dmp	xmrig
behavioral2/memory/2284-77-0x00007FF7F3D30000-0x00007FF7F4084000-memory.dmp	xmrig
behavioral2/memory/5496-40-0x00007FF66A330000-0x00007FF66A684000-memory.dmp	xmrig
behavioral2/files/0x0007000000024267-59.dat	xmrig
behavioral2/memory/2264-19-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	xmrig
behavioral2/files/0x000700000002425e-14.dat	xmrig
behavioral2/memory/1844-6-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp	xmrig
behavioral2/files/0x000700000002426c-95.dat	xmrig
behavioral2/memory/4944-103-0x00007FF6D2640000-0x00007FF6D2994000-memory.dmp	xmrig
behavioral2/files/0x000700000002426e-108.dat	xmrig
behavioral2/files/0x000700000002426f-111.dat	xmrig
behavioral2/memory/4996-110-0x00007FF740C10000-0x00007FF740F64000-memory.dmp	xmrig
behavioral2/memory/4956-104-0x00007FF687D80000-0x00007FF6880D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002426d-101.dat	xmrig
behavioral2/memory/3784-115-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp	xmrig
behavioral2/memory/404-120-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024271-125.dat	xmrig
behavioral2/files/0x0007000000024274-143.dat	xmrig
behavioral2/memory/2904-144-0x00007FF6C7940000-0x00007FF6C7C94000-memory.dmp	xmrig
behavioral2/memory/2228-145-0x00007FF6F4AC0000-0x00007FF6F4E14000-memory.dmp	xmrig
behavioral2/files/0x0007000000024273-146.dat	xmrig
behavioral2/files/0x0007000000024272-141.dat	xmrig
behavioral2/memory/5828-140-0x00007FF61A060000-0x00007FF61A3B4000-memory.dmp	xmrig
behavioral2/memory/5436-132-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	xmrig
behavioral2/memory/2264-129-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	xmrig
behavioral2/memory/1844-127-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp	xmrig
behavioral2/files/0x0007000000024270-123.dat	xmrig
behavioral2/memory/1856-122-0x00007FF799C00000-0x00007FF799F54000-memory.dmp	xmrig
behavioral2/files/0x0007000000024275-152.dat	xmrig
behavioral2/memory/5548-160-0x00007FF61E2B0000-0x00007FF61E604000-memory.dmp	xmrig
behavioral2/memory/5676-161-0x00007FF6A21A0000-0x00007FF6A24F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024277-164.dat	xmrig
behavioral2/files/0x0007000000024279-166.dat	xmrig
behavioral2/files/0x000700000002427a-183.dat	xmrig
behavioral2/memory/3784-180-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp	xmrig
behavioral2/memory/5228-179-0x00007FF6981E0000-0x00007FF698534000-memory.dmp	xmrig
behavioral2/files/0x0007000000024278-175.dat	xmrig
behavioral2/memory/4996-170-0x00007FF740C10000-0x00007FF740F64000-memory.dmp	xmrig
behavioral2/memory/1384-173-0x00007FF7DA140000-0x00007FF7DA494000-memory.dmp	xmrig
behavioral2/files/0x000700000002427b-190.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1844	CXuAKrU.exe
2264	pXIHEkE.exe
5496	jFlTDOw.exe
6052	JnMqVHZ.exe
1740	LjMTLRM.exe
2284	XzgNqlE.exe
2348	ZgiDlwy.exe
1908	JDjMowN.exe
3872	dvhFpim.exe
3712	EWhLNqq.exe
3132	vOonRZh.exe
4500	kpzURXJ.exe
1920	lTntMcN.exe
5840	UtJavRk.exe
4608	tSJlQJp.exe
4944	VyYozMz.exe
4956	HdRswWI.exe
4996	PlcHovR.exe
3784	FSgElwu.exe
1856	avKiWzB.exe
5436	OnpTaDY.exe
5828	tPokfPO.exe
2904	SBcmpJy.exe
2228	pyAtxHg.exe
5548	CXiPXcf.exe
5676	hgXmisu.exe
1384	NeGLyyy.exe
5228	vtmWDCI.exe
5500	DnmVQCO.exe
708	eKdCcDC.exe
2644	cIkzStP.exe
5508	egIEUeN.exe
3580	wLwjads.exe
5752	pwWrcnT.exe
2788	jzItDEy.exe
2472	pHKcYse.exe
5764	Ncfkmbd.exe
3800	heCxUeE.exe
4692	kXAfXyb.exe
3140	PvuQenV.exe
3100	KsfHgoe.exe
2108	ePnktGj.exe
1728	TaHCSuh.exe
1648	ZhAHJmW.exe
2868	fgHGdsR.exe
544	KaoThaW.exe
2884	athTzFP.exe
3984	IuYFora.exe
1656	ASUcwOh.exe
5784	fRvgzqa.exe
5608	yHxYBGD.exe
640	lVSqPPM.exe
3744	KKXMNvQ.exe
5224	UcXiefr.exe
892	aRaLuWT.exe
5724	MQwBGhm.exe
516	rPZibLx.exe
6088	MdXKhpp.exe
4404	enWhjdw.exe
3488	wFpQcXq.exe
3536	eLfCgVH.exe
5128	FNjkxDD.exe
768	fXhGKHb.exe
2512	TlXpJbC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/404-0-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp	upx
behavioral2/files/0x00040000000230be-4.dat	upx
behavioral2/files/0x000700000002425f-16.dat	upx
behavioral2/files/0x0007000000024260-22.dat	upx
behavioral2/files/0x0007000000024261-28.dat	upx
behavioral2/files/0x0007000000024262-31.dat	upx
behavioral2/files/0x0007000000024263-36.dat	upx
behavioral2/files/0x0007000000024264-41.dat	upx
behavioral2/files/0x0007000000024265-49.dat	upx
behavioral2/files/0x0007000000024266-52.dat	upx
behavioral2/files/0x0007000000024268-64.dat	upx
behavioral2/files/0x0007000000024269-71.dat	upx
behavioral2/memory/1740-76-0x00007FF7FC6F0000-0x00007FF7FCA44000-memory.dmp	upx
behavioral2/memory/1908-79-0x00007FF6B27E0000-0x00007FF6B2B34000-memory.dmp	upx
behavioral2/memory/3132-86-0x00007FF7694E0000-0x00007FF769834000-memory.dmp	upx
behavioral2/memory/6052-90-0x00007FF7DB150000-0x00007FF7DB4A4000-memory.dmp	upx
behavioral2/memory/5840-91-0x00007FF7A1760000-0x00007FF7A1AB4000-memory.dmp	upx
behavioral2/memory/4608-89-0x00007FF7D4270000-0x00007FF7D45C4000-memory.dmp	upx
behavioral2/memory/1920-88-0x00007FF6DF790000-0x00007FF6DFAE4000-memory.dmp	upx
behavioral2/memory/4500-87-0x00007FF70AB70000-0x00007FF70AEC4000-memory.dmp	upx
behavioral2/files/0x000700000002426b-84.dat	upx
behavioral2/files/0x000700000002426a-82.dat	upx
behavioral2/memory/3712-81-0x00007FF75EE60000-0x00007FF75F1B4000-memory.dmp	upx
behavioral2/memory/3872-80-0x00007FF6D9740000-0x00007FF6D9A94000-memory.dmp	upx
behavioral2/memory/2348-78-0x00007FF69FA40000-0x00007FF69FD94000-memory.dmp	upx
behavioral2/memory/2284-77-0x00007FF7F3D30000-0x00007FF7F4084000-memory.dmp	upx
behavioral2/memory/5496-40-0x00007FF66A330000-0x00007FF66A684000-memory.dmp	upx
behavioral2/files/0x0007000000024267-59.dat	upx
behavioral2/memory/2264-19-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	upx
behavioral2/files/0x000700000002425e-14.dat	upx
behavioral2/memory/1844-6-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp	upx
behavioral2/files/0x000700000002426c-95.dat	upx
behavioral2/memory/4944-103-0x00007FF6D2640000-0x00007FF6D2994000-memory.dmp	upx
behavioral2/files/0x000700000002426e-108.dat	upx
behavioral2/files/0x000700000002426f-111.dat	upx
behavioral2/memory/4996-110-0x00007FF740C10000-0x00007FF740F64000-memory.dmp	upx
behavioral2/memory/4956-104-0x00007FF687D80000-0x00007FF6880D4000-memory.dmp	upx
behavioral2/files/0x000700000002426d-101.dat	upx
behavioral2/memory/3784-115-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp	upx
behavioral2/memory/404-120-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp	upx
behavioral2/files/0x0007000000024271-125.dat	upx
behavioral2/files/0x0007000000024274-143.dat	upx
behavioral2/memory/2904-144-0x00007FF6C7940000-0x00007FF6C7C94000-memory.dmp	upx
behavioral2/memory/2228-145-0x00007FF6F4AC0000-0x00007FF6F4E14000-memory.dmp	upx
behavioral2/files/0x0007000000024273-146.dat	upx
behavioral2/files/0x0007000000024272-141.dat	upx
behavioral2/memory/5828-140-0x00007FF61A060000-0x00007FF61A3B4000-memory.dmp	upx
behavioral2/memory/5436-132-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	upx
behavioral2/memory/2264-129-0x00007FF779D10000-0x00007FF77A064000-memory.dmp	upx
behavioral2/memory/1844-127-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp	upx
behavioral2/files/0x0007000000024270-123.dat	upx
behavioral2/memory/1856-122-0x00007FF799C00000-0x00007FF799F54000-memory.dmp	upx
behavioral2/files/0x0007000000024275-152.dat	upx
behavioral2/memory/5548-160-0x00007FF61E2B0000-0x00007FF61E604000-memory.dmp	upx
behavioral2/memory/5676-161-0x00007FF6A21A0000-0x00007FF6A24F4000-memory.dmp	upx
behavioral2/files/0x0007000000024277-164.dat	upx
behavioral2/files/0x0007000000024279-166.dat	upx
behavioral2/files/0x000700000002427a-183.dat	upx
behavioral2/memory/3784-180-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp	upx
behavioral2/memory/5228-179-0x00007FF6981E0000-0x00007FF698534000-memory.dmp	upx
behavioral2/files/0x0007000000024278-175.dat	upx
behavioral2/memory/4996-170-0x00007FF740C10000-0x00007FF740F64000-memory.dmp	upx
behavioral2/memory/1384-173-0x00007FF7DA140000-0x00007FF7DA494000-memory.dmp	upx
behavioral2/files/0x000700000002427b-190.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LJBcnnZ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AgTYdBg.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PvuQenV.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sJErgJs.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EuVCvGI.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wigVyQM.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xNZlqqj.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AvbluYn.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zokURoS.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HdRswWI.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ofOEMgk.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zlYawGE.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ipoaKoz.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FbiGBrl.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\myVoeGk.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EWoQIuJ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CcwkljJ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CXuAKrU.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tPokfPO.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VeubFTn.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\toETGfv.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hltpjgQ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SOJjZhk.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DBrbmVB.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gWPbDoL.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CGenMaR.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qbtOZGJ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pLdRufm.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZkQwLcX.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EVmhNPQ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eKdCcDC.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aRaLuWT.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fzrmvai.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dqBNmHo.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BZOYIoU.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FKObapu.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uyJcvgd.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cBIeZIw.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rPZibLx.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fXhqPQw.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SflfpkI.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lAVxJtI.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ATPbRcr.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HfgbsvT.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SdtrjZr.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jNVQvhB.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jOHVBum.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eRZzjgC.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AbuPLyf.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZjGvCVK.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ecZzEDg.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UEjaoRL.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Ksgiwvw.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GybQqPu.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jGGoyOF.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DhxHVNT.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SvUCOqh.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GdjafVJ.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ecpztJn.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\asKRbeH.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QYhlcnz.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\egIEUeN.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jeWjHJd.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UfWKmVK.exe	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 1844	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 404 wrote to memory of 1844	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 404 wrote to memory of 2264	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 404 wrote to memory of 2264	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 404 wrote to memory of 5496	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 404 wrote to memory of 5496	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 404 wrote to memory of 6052	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 404 wrote to memory of 6052	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 404 wrote to memory of 1740	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 404 wrote to memory of 1740	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 404 wrote to memory of 2284	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 404 wrote to memory of 2284	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 404 wrote to memory of 2348	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 404 wrote to memory of 2348	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 404 wrote to memory of 1908	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 404 wrote to memory of 1908	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 404 wrote to memory of 3872	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 404 wrote to memory of 3872	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 404 wrote to memory of 3712	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 404 wrote to memory of 3712	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 404 wrote to memory of 3132	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 404 wrote to memory of 3132	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 404 wrote to memory of 4500	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 404 wrote to memory of 4500	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 404 wrote to memory of 1920	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 404 wrote to memory of 1920	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 404 wrote to memory of 5840	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 404 wrote to memory of 5840	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 404 wrote to memory of 4608	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 404 wrote to memory of 4608	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 404 wrote to memory of 4944	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 404 wrote to memory of 4944	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 404 wrote to memory of 4956	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 404 wrote to memory of 4956	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 404 wrote to memory of 4996	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 404 wrote to memory of 4996	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 404 wrote to memory of 3784	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 404 wrote to memory of 3784	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 404 wrote to memory of 1856	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 404 wrote to memory of 1856	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 404 wrote to memory of 5436	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 404 wrote to memory of 5436	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 404 wrote to memory of 5828	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 404 wrote to memory of 5828	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 404 wrote to memory of 2904	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 404 wrote to memory of 2904	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 404 wrote to memory of 2228	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 404 wrote to memory of 2228	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 404 wrote to memory of 5548	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 404 wrote to memory of 5548	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 404 wrote to memory of 5676	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 404 wrote to memory of 5676	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 404 wrote to memory of 1384	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 404 wrote to memory of 1384	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 404 wrote to memory of 5228	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 404 wrote to memory of 5228	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 404 wrote to memory of 5500	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 404 wrote to memory of 5500	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 404 wrote to memory of 708	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 404 wrote to memory of 708	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 404 wrote to memory of 2644	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 404 wrote to memory of 2644	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 404 wrote to memory of 5508	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 404 wrote to memory of 5508	404	2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_2b8cbe9ec0b7faa70eeb1497d0e17bda_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\System\CXuAKrU.exe
  C:\Windows\System\CXuAKrU.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\pXIHEkE.exe
  C:\Windows\System\pXIHEkE.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\jFlTDOw.exe
  C:\Windows\System\jFlTDOw.exe
  2⤵
  - Executes dropped EXE
  PID:5496
- C:\Windows\System\JnMqVHZ.exe
  C:\Windows\System\JnMqVHZ.exe
  2⤵
  - Executes dropped EXE
  PID:6052
- C:\Windows\System\LjMTLRM.exe
  C:\Windows\System\LjMTLRM.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\XzgNqlE.exe
  C:\Windows\System\XzgNqlE.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ZgiDlwy.exe
  C:\Windows\System\ZgiDlwy.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\JDjMowN.exe
  C:\Windows\System\JDjMowN.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\dvhFpim.exe
  C:\Windows\System\dvhFpim.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\EWhLNqq.exe
  C:\Windows\System\EWhLNqq.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\vOonRZh.exe
  C:\Windows\System\vOonRZh.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\kpzURXJ.exe
  C:\Windows\System\kpzURXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\lTntMcN.exe
  C:\Windows\System\lTntMcN.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\UtJavRk.exe
  C:\Windows\System\UtJavRk.exe
  2⤵
  - Executes dropped EXE
  PID:5840
- C:\Windows\System\tSJlQJp.exe
  C:\Windows\System\tSJlQJp.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\VyYozMz.exe
  C:\Windows\System\VyYozMz.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\HdRswWI.exe
  C:\Windows\System\HdRswWI.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\PlcHovR.exe
  C:\Windows\System\PlcHovR.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\FSgElwu.exe
  C:\Windows\System\FSgElwu.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\avKiWzB.exe
  C:\Windows\System\avKiWzB.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\OnpTaDY.exe
  C:\Windows\System\OnpTaDY.exe
  2⤵
  - Executes dropped EXE
  PID:5436
- C:\Windows\System\tPokfPO.exe
  C:\Windows\System\tPokfPO.exe
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\System\SBcmpJy.exe
  C:\Windows\System\SBcmpJy.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\pyAtxHg.exe
  C:\Windows\System\pyAtxHg.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\CXiPXcf.exe
  C:\Windows\System\CXiPXcf.exe
  2⤵
  - Executes dropped EXE
  PID:5548
- C:\Windows\System\hgXmisu.exe
  C:\Windows\System\hgXmisu.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System\NeGLyyy.exe
  C:\Windows\System\NeGLyyy.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\vtmWDCI.exe
  C:\Windows\System\vtmWDCI.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\DnmVQCO.exe
  C:\Windows\System\DnmVQCO.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\eKdCcDC.exe
  C:\Windows\System\eKdCcDC.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\cIkzStP.exe
  C:\Windows\System\cIkzStP.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\egIEUeN.exe
  C:\Windows\System\egIEUeN.exe
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Windows\System\wLwjads.exe
  C:\Windows\System\wLwjads.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\pwWrcnT.exe
  C:\Windows\System\pwWrcnT.exe
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System\jzItDEy.exe
  C:\Windows\System\jzItDEy.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\pHKcYse.exe
  C:\Windows\System\pHKcYse.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\Ncfkmbd.exe
  C:\Windows\System\Ncfkmbd.exe
  2⤵
  - Executes dropped EXE
  PID:5764
- C:\Windows\System\heCxUeE.exe
  C:\Windows\System\heCxUeE.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\kXAfXyb.exe
  C:\Windows\System\kXAfXyb.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\PvuQenV.exe
  C:\Windows\System\PvuQenV.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\KsfHgoe.exe
  C:\Windows\System\KsfHgoe.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\ePnktGj.exe
  C:\Windows\System\ePnktGj.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\TaHCSuh.exe
  C:\Windows\System\TaHCSuh.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ZhAHJmW.exe
  C:\Windows\System\ZhAHJmW.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\fgHGdsR.exe
  C:\Windows\System\fgHGdsR.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\KaoThaW.exe
  C:\Windows\System\KaoThaW.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\athTzFP.exe
  C:\Windows\System\athTzFP.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\IuYFora.exe
  C:\Windows\System\IuYFora.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\ASUcwOh.exe
  C:\Windows\System\ASUcwOh.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\fRvgzqa.exe
  C:\Windows\System\fRvgzqa.exe
  2⤵
  - Executes dropped EXE
  PID:5784
- C:\Windows\System\yHxYBGD.exe
  C:\Windows\System\yHxYBGD.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\lVSqPPM.exe
  C:\Windows\System\lVSqPPM.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\KKXMNvQ.exe
  C:\Windows\System\KKXMNvQ.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\UcXiefr.exe
  C:\Windows\System\UcXiefr.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\aRaLuWT.exe
  C:\Windows\System\aRaLuWT.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\MQwBGhm.exe
  C:\Windows\System\MQwBGhm.exe
  2⤵
  - Executes dropped EXE
  PID:5724
- C:\Windows\System\rPZibLx.exe
  C:\Windows\System\rPZibLx.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\MdXKhpp.exe
  C:\Windows\System\MdXKhpp.exe
  2⤵
  - Executes dropped EXE
  PID:6088
- C:\Windows\System\enWhjdw.exe
  C:\Windows\System\enWhjdw.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\wFpQcXq.exe
  C:\Windows\System\wFpQcXq.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\eLfCgVH.exe
  C:\Windows\System\eLfCgVH.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\FNjkxDD.exe
  C:\Windows\System\FNjkxDD.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System\fXhGKHb.exe
  C:\Windows\System\fXhGKHb.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\TlXpJbC.exe
  C:\Windows\System\TlXpJbC.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\smlkldX.exe
  C:\Windows\System\smlkldX.exe
  2⤵
  PID:5952
- C:\Windows\System\fzrmvai.exe
  C:\Windows\System\fzrmvai.exe
  2⤵
  PID:4744
- C:\Windows\System\dyWgZmr.exe
  C:\Windows\System\dyWgZmr.exe
  2⤵
  PID:4572
- C:\Windows\System\jOHVBum.exe
  C:\Windows\System\jOHVBum.exe
  2⤵
  PID:5084
- C:\Windows\System\MFJezvN.exe
  C:\Windows\System\MFJezvN.exe
  2⤵
  PID:5276
- C:\Windows\System\EtnFIxH.exe
  C:\Windows\System\EtnFIxH.exe
  2⤵
  PID:2524
- C:\Windows\System\cogRSFK.exe
  C:\Windows\System\cogRSFK.exe
  2⤵
  PID:2856
- C:\Windows\System\VeubFTn.exe
  C:\Windows\System\VeubFTn.exe
  2⤵
  PID:3460
- C:\Windows\System\zJIyKQu.exe
  C:\Windows\System\zJIyKQu.exe
  2⤵
  PID:372
- C:\Windows\System\nfdcNnh.exe
  C:\Windows\System\nfdcNnh.exe
  2⤵
  PID:4672
- C:\Windows\System\gLLVxuY.exe
  C:\Windows\System\gLLVxuY.exe
  2⤵
  PID:4828
- C:\Windows\System\AkQBdus.exe
  C:\Windows\System\AkQBdus.exe
  2⤵
  PID:5208
- C:\Windows\System\gYqZxDA.exe
  C:\Windows\System\gYqZxDA.exe
  2⤵
  PID:3528
- C:\Windows\System\jGfPqOr.exe
  C:\Windows\System\jGfPqOr.exe
  2⤵
  PID:5628
- C:\Windows\System\CQOGWdc.exe
  C:\Windows\System\CQOGWdc.exe
  2⤵
  PID:4292
- C:\Windows\System\fUYBtCG.exe
  C:\Windows\System\fUYBtCG.exe
  2⤵
  PID:4984
- C:\Windows\System\UEQldBz.exe
  C:\Windows\System\UEQldBz.exe
  2⤵
  PID:5592
- C:\Windows\System\rbfhnHU.exe
  C:\Windows\System\rbfhnHU.exe
  2⤵
  PID:2488
- C:\Windows\System\InYrJrx.exe
  C:\Windows\System\InYrJrx.exe
  2⤵
  PID:5032
- C:\Windows\System\hxzswzE.exe
  C:\Windows\System\hxzswzE.exe
  2⤵
  PID:1052
- C:\Windows\System\aHOcspx.exe
  C:\Windows\System\aHOcspx.exe
  2⤵
  PID:1376
- C:\Windows\System\UxrpdvF.exe
  C:\Windows\System\UxrpdvF.exe
  2⤵
  PID:2684
- C:\Windows\System\diPZnCI.exe
  C:\Windows\System\diPZnCI.exe
  2⤵
  PID:5104
- C:\Windows\System\toETGfv.exe
  C:\Windows\System\toETGfv.exe
  2⤵
  PID:4592
- C:\Windows\System\MiaekSp.exe
  C:\Windows\System\MiaekSp.exe
  2⤵
  PID:928
- C:\Windows\System\pgZTCKH.exe
  C:\Windows\System\pgZTCKH.exe
  2⤵
  PID:1308
- C:\Windows\System\zavFvpK.exe
  C:\Windows\System\zavFvpK.exe
  2⤵
  PID:3820
- C:\Windows\System\DhwvHpx.exe
  C:\Windows\System\DhwvHpx.exe
  2⤵
  PID:5460
- C:\Windows\System\yiFzoNV.exe
  C:\Windows\System\yiFzoNV.exe
  2⤵
  PID:3444
- C:\Windows\System\hVQcYzD.exe
  C:\Windows\System\hVQcYzD.exe
  2⤵
  PID:5576
- C:\Windows\System\kGxpjnm.exe
  C:\Windows\System\kGxpjnm.exe
  2⤵
  PID:1164
- C:\Windows\System\uLnLAEr.exe
  C:\Windows\System\uLnLAEr.exe
  2⤵
  PID:1636
- C:\Windows\System\VYVZJhG.exe
  C:\Windows\System\VYVZJhG.exe
  2⤵
  PID:5936
- C:\Windows\System\zfPmpNp.exe
  C:\Windows\System\zfPmpNp.exe
  2⤵
  PID:2992
- C:\Windows\System\obcqOwJ.exe
  C:\Windows\System\obcqOwJ.exe
  2⤵
  PID:5244
- C:\Windows\System\XZHawWB.exe
  C:\Windows\System\XZHawWB.exe
  2⤵
  PID:2304
- C:\Windows\System\YumZFmg.exe
  C:\Windows\System\YumZFmg.exe
  2⤵
  PID:1468
- C:\Windows\System\EzDcrSK.exe
  C:\Windows\System\EzDcrSK.exe
  2⤵
  PID:3200
- C:\Windows\System\cseNHQI.exe
  C:\Windows\System\cseNHQI.exe
  2⤵
  PID:1816
- C:\Windows\System\nCQKxpK.exe
  C:\Windows\System\nCQKxpK.exe
  2⤵
  PID:5604
- C:\Windows\System\WeOeHDf.exe
  C:\Windows\System\WeOeHDf.exe
  2⤵
  PID:5268
- C:\Windows\System\sJErgJs.exe
  C:\Windows\System\sJErgJs.exe
  2⤵
  PID:4304
- C:\Windows\System\XUnVlyF.exe
  C:\Windows\System\XUnVlyF.exe
  2⤵
  PID:3424
- C:\Windows\System\HwpcDDZ.exe
  C:\Windows\System\HwpcDDZ.exe
  2⤵
  PID:1780
- C:\Windows\System\PRxhjmD.exe
  C:\Windows\System\PRxhjmD.exe
  2⤵
  PID:4964
- C:\Windows\System\LnCgDcy.exe
  C:\Windows\System\LnCgDcy.exe
  2⤵
  PID:4516
- C:\Windows\System\yBMPtUV.exe
  C:\Windows\System\yBMPtUV.exe
  2⤵
  PID:4892
- C:\Windows\System\AZQExnG.exe
  C:\Windows\System\AZQExnG.exe
  2⤵
  PID:5028
- C:\Windows\System\PTtbSxT.exe
  C:\Windows\System\PTtbSxT.exe
  2⤵
  PID:5320
- C:\Windows\System\EuVCvGI.exe
  C:\Windows\System\EuVCvGI.exe
  2⤵
  PID:844
- C:\Windows\System\hjIyhtl.exe
  C:\Windows\System\hjIyhtl.exe
  2⤵
  PID:1120
- C:\Windows\System\cZUiZmS.exe
  C:\Windows\System\cZUiZmS.exe
  2⤵
  PID:4536
- C:\Windows\System\sWBPqbb.exe
  C:\Windows\System\sWBPqbb.exe
  2⤵
  PID:6120
- C:\Windows\System\foTgwyR.exe
  C:\Windows\System\foTgwyR.exe
  2⤵
  PID:3916
- C:\Windows\System\OXBPmEl.exe
  C:\Windows\System\OXBPmEl.exe
  2⤵
  PID:1032
- C:\Windows\System\ftDSZAI.exe
  C:\Windows\System\ftDSZAI.exe
  2⤵
  PID:3484
- C:\Windows\System\iHVlGJX.exe
  C:\Windows\System\iHVlGJX.exe
  2⤵
  PID:1408
- C:\Windows\System\nTxEBWc.exe
  C:\Windows\System\nTxEBWc.exe
  2⤵
  PID:452
- C:\Windows\System\SMwVWHi.exe
  C:\Windows\System\SMwVWHi.exe
  2⤵
  PID:4688
- C:\Windows\System\BRePmPA.exe
  C:\Windows\System\BRePmPA.exe
  2⤵
  PID:3492
- C:\Windows\System\SVhkdMm.exe
  C:\Windows\System\SVhkdMm.exe
  2⤵
  PID:4564
- C:\Windows\System\RHumHwJ.exe
  C:\Windows\System\RHumHwJ.exe
  2⤵
  PID:1232
- C:\Windows\System\azkDjtV.exe
  C:\Windows\System\azkDjtV.exe
  2⤵
  PID:740
- C:\Windows\System\mmSChYT.exe
  C:\Windows\System\mmSChYT.exe
  2⤵
  PID:548
- C:\Windows\System\UVDakMw.exe
  C:\Windows\System\UVDakMw.exe
  2⤵
  PID:3432
- C:\Windows\System\lFLNZhk.exe
  C:\Windows\System\lFLNZhk.exe
  2⤵
  PID:5908
- C:\Windows\System\fdFRBie.exe
  C:\Windows\System\fdFRBie.exe
  2⤵
  PID:3256
- C:\Windows\System\dqBNmHo.exe
  C:\Windows\System\dqBNmHo.exe
  2⤵
  PID:4924
- C:\Windows\System\xsIVNtq.exe
  C:\Windows\System\xsIVNtq.exe
  2⤵
  PID:6116
- C:\Windows\System\fXhqPQw.exe
  C:\Windows\System\fXhqPQw.exe
  2⤵
  PID:4532
- C:\Windows\System\BZOYIoU.exe
  C:\Windows\System\BZOYIoU.exe
  2⤵
  PID:3120
- C:\Windows\System\ZQbBxyc.exe
  C:\Windows\System\ZQbBxyc.exe
  2⤵
  PID:1200
- C:\Windows\System\TcvOElc.exe
  C:\Windows\System\TcvOElc.exe
  2⤵
  PID:5200
- C:\Windows\System\chGIDUQ.exe
  C:\Windows\System\chGIDUQ.exe
  2⤵
  PID:4884
- C:\Windows\System\uihfHIF.exe
  C:\Windows\System\uihfHIF.exe
  2⤵
  PID:2888
- C:\Windows\System\XSYCSIV.exe
  C:\Windows\System\XSYCSIV.exe
  2⤵
  PID:6188
- C:\Windows\System\ZXHrgmm.exe
  C:\Windows\System\ZXHrgmm.exe
  2⤵
  PID:6212
- C:\Windows\System\lzNFSpE.exe
  C:\Windows\System\lzNFSpE.exe
  2⤵
  PID:6232
- C:\Windows\System\ZSSRgDc.exe
  C:\Windows\System\ZSSRgDc.exe
  2⤵
  PID:6280
- C:\Windows\System\lwRyhts.exe
  C:\Windows\System\lwRyhts.exe
  2⤵
  PID:6316
- C:\Windows\System\fiPaTvA.exe
  C:\Windows\System\fiPaTvA.exe
  2⤵
  PID:6344
- C:\Windows\System\kQMTcPX.exe
  C:\Windows\System\kQMTcPX.exe
  2⤵
  PID:6372
- C:\Windows\System\PmBYDmH.exe
  C:\Windows\System\PmBYDmH.exe
  2⤵
  PID:6400
- C:\Windows\System\PyHOGdJ.exe
  C:\Windows\System\PyHOGdJ.exe
  2⤵
  PID:6428
- C:\Windows\System\RYhhBbJ.exe
  C:\Windows\System\RYhhBbJ.exe
  2⤵
  PID:6456
- C:\Windows\System\tMVanQm.exe
  C:\Windows\System\tMVanQm.exe
  2⤵
  PID:6484
- C:\Windows\System\SzGNREH.exe
  C:\Windows\System\SzGNREH.exe
  2⤵
  PID:6512
- C:\Windows\System\gctzCSh.exe
  C:\Windows\System\gctzCSh.exe
  2⤵
  PID:6536
- C:\Windows\System\YyKnOyo.exe
  C:\Windows\System\YyKnOyo.exe
  2⤵
  PID:6568
- C:\Windows\System\ZivStVY.exe
  C:\Windows\System\ZivStVY.exe
  2⤵
  PID:6596
- C:\Windows\System\FdeLOtu.exe
  C:\Windows\System\FdeLOtu.exe
  2⤵
  PID:6624
- C:\Windows\System\OhRqMPf.exe
  C:\Windows\System\OhRqMPf.exe
  2⤵
  PID:6660
- C:\Windows\System\JAWgjBZ.exe
  C:\Windows\System\JAWgjBZ.exe
  2⤵
  PID:6676
- C:\Windows\System\XfTrMdZ.exe
  C:\Windows\System\XfTrMdZ.exe
  2⤵
  PID:6724
- C:\Windows\System\qwaoocH.exe
  C:\Windows\System\qwaoocH.exe
  2⤵
  PID:6744
- C:\Windows\System\qREFfrh.exe
  C:\Windows\System\qREFfrh.exe
  2⤵
  PID:6780
- C:\Windows\System\hAxVwYe.exe
  C:\Windows\System\hAxVwYe.exe
  2⤵
  PID:6804
- C:\Windows\System\FIutoIb.exe
  C:\Windows\System\FIutoIb.exe
  2⤵
  PID:6860
- C:\Windows\System\DAVynEg.exe
  C:\Windows\System\DAVynEg.exe
  2⤵
  PID:6888
- C:\Windows\System\YuDZFWe.exe
  C:\Windows\System\YuDZFWe.exe
  2⤵
  PID:6920
- C:\Windows\System\gbOimGy.exe
  C:\Windows\System\gbOimGy.exe
  2⤵
  PID:6956
- C:\Windows\System\bDLXqUV.exe
  C:\Windows\System\bDLXqUV.exe
  2⤵
  PID:6988
- C:\Windows\System\nEwZzIy.exe
  C:\Windows\System\nEwZzIy.exe
  2⤵
  PID:7020
- C:\Windows\System\sqbPPow.exe
  C:\Windows\System\sqbPPow.exe
  2⤵
  PID:7048
- C:\Windows\System\UJVNfFN.exe
  C:\Windows\System\UJVNfFN.exe
  2⤵
  PID:7076
- C:\Windows\System\mheAVYR.exe
  C:\Windows\System\mheAVYR.exe
  2⤵
  PID:7104
- C:\Windows\System\DUdQfJl.exe
  C:\Windows\System\DUdQfJl.exe
  2⤵
  PID:7132
- C:\Windows\System\bjeaaOn.exe
  C:\Windows\System\bjeaaOn.exe
  2⤵
  PID:7160
- C:\Windows\System\ADcjDhZ.exe
  C:\Windows\System\ADcjDhZ.exe
  2⤵
  PID:6224
- C:\Windows\System\SUQqloj.exe
  C:\Windows\System\SUQqloj.exe
  2⤵
  PID:6304
- C:\Windows\System\BFisXlh.exe
  C:\Windows\System\BFisXlh.exe
  2⤵
  PID:6368
- C:\Windows\System\RGKmpLi.exe
  C:\Windows\System\RGKmpLi.exe
  2⤵
  PID:6424
- C:\Windows\System\CrxjJtb.exe
  C:\Windows\System\CrxjJtb.exe
  2⤵
  PID:6500
- C:\Windows\System\ZRsnyJj.exe
  C:\Windows\System\ZRsnyJj.exe
  2⤵
  PID:6548
- C:\Windows\System\MdfPwMz.exe
  C:\Windows\System\MdfPwMz.exe
  2⤵
  PID:6612
- C:\Windows\System\tpPgzHx.exe
  C:\Windows\System\tpPgzHx.exe
  2⤵
  PID:6668
- C:\Windows\System\yQcxzXp.exe
  C:\Windows\System\yQcxzXp.exe
  2⤵
  PID:6064
- C:\Windows\System\gILwOCZ.exe
  C:\Windows\System\gILwOCZ.exe
  2⤵
  PID:6832
- C:\Windows\System\YYbwmTd.exe
  C:\Windows\System\YYbwmTd.exe
  2⤵
  PID:6868
- C:\Windows\System\fMOSSYu.exe
  C:\Windows\System\fMOSSYu.exe
  2⤵
  PID:6916
- C:\Windows\System\oetKqaT.exe
  C:\Windows\System\oetKqaT.exe
  2⤵
  PID:2360
- C:\Windows\System\ZKMVjXH.exe
  C:\Windows\System\ZKMVjXH.exe
  2⤵
  PID:7044
- C:\Windows\System\yYLjRwn.exe
  C:\Windows\System\yYLjRwn.exe
  2⤵
  PID:7100
- C:\Windows\System\pVcyxZy.exe
  C:\Windows\System\pVcyxZy.exe
  2⤵
  PID:6160
- C:\Windows\System\pWddVgR.exe
  C:\Windows\System\pWddVgR.exe
  2⤵
  PID:6248
- C:\Windows\System\hdJaqjb.exe
  C:\Windows\System\hdJaqjb.exe
  2⤵
  PID:6388
- C:\Windows\System\ofOEMgk.exe
  C:\Windows\System\ofOEMgk.exe
  2⤵
  PID:6528
- C:\Windows\System\VFHpPkf.exe
  C:\Windows\System\VFHpPkf.exe
  2⤵
  PID:2336
- C:\Windows\System\YvNMbFH.exe
  C:\Windows\System\YvNMbFH.exe
  2⤵
  PID:8
- C:\Windows\System\jcRCJnx.exe
  C:\Windows\System\jcRCJnx.exe
  2⤵
  PID:1196
- C:\Windows\System\hZRpkWR.exe
  C:\Windows\System\hZRpkWR.exe
  2⤵
  PID:7016
- C:\Windows\System\VSPLLOI.exe
  C:\Windows\System\VSPLLOI.exe
  2⤵
  PID:7096
- C:\Windows\System\QCJHOLC.exe
  C:\Windows\System\QCJHOLC.exe
  2⤵
  PID:6380
- C:\Windows\System\QGDonde.exe
  C:\Windows\System\QGDonde.exe
  2⤵
  PID:6740
- C:\Windows\System\SlIcvNn.exe
  C:\Windows\System\SlIcvNn.exe
  2⤵
  PID:1188
- C:\Windows\System\vkJxkIF.exe
  C:\Windows\System\vkJxkIF.exe
  2⤵
  PID:4940
- C:\Windows\System\zKemmfP.exe
  C:\Windows\System\zKemmfP.exe
  2⤵
  PID:4684
- C:\Windows\System\EmdrAFH.exe
  C:\Windows\System\EmdrAFH.exe
  2⤵
  PID:3420
- C:\Windows\System\VjTnkyH.exe
  C:\Windows\System\VjTnkyH.exe
  2⤵
  PID:6452
- C:\Windows\System\AiZVPcz.exe
  C:\Windows\System\AiZVPcz.exe
  2⤵
  PID:1872
- C:\Windows\System\OoNFGxs.exe
  C:\Windows\System\OoNFGxs.exe
  2⤵
  PID:7056
- C:\Windows\System\mtGMvqW.exe
  C:\Windows\System\mtGMvqW.exe
  2⤵
  PID:5216
- C:\Windows\System\vQnVnLO.exe
  C:\Windows\System\vQnVnLO.exe
  2⤵
  PID:3096
- C:\Windows\System\wOANMHC.exe
  C:\Windows\System\wOANMHC.exe
  2⤵
  PID:7188
- C:\Windows\System\dZhpebr.exe
  C:\Windows\System\dZhpebr.exe
  2⤵
  PID:7220
- C:\Windows\System\CGenMaR.exe
  C:\Windows\System\CGenMaR.exe
  2⤵
  PID:7252
- C:\Windows\System\morFXxd.exe
  C:\Windows\System\morFXxd.exe
  2⤵
  PID:7268
- C:\Windows\System\rMDGIcT.exe
  C:\Windows\System\rMDGIcT.exe
  2⤵
  PID:7300
- C:\Windows\System\mPRNgFq.exe
  C:\Windows\System\mPRNgFq.exe
  2⤵
  PID:7328
- C:\Windows\System\GSCIRMR.exe
  C:\Windows\System\GSCIRMR.exe
  2⤵
  PID:7368
- C:\Windows\System\KhhuvZf.exe
  C:\Windows\System\KhhuvZf.exe
  2⤵
  PID:7400
- C:\Windows\System\xefzRWr.exe
  C:\Windows\System\xefzRWr.exe
  2⤵
  PID:7432
- C:\Windows\System\zZGYAfR.exe
  C:\Windows\System\zZGYAfR.exe
  2⤵
  PID:7460
- C:\Windows\System\SGvJeQA.exe
  C:\Windows\System\SGvJeQA.exe
  2⤵
  PID:7484
- C:\Windows\System\jeWjHJd.exe
  C:\Windows\System\jeWjHJd.exe
  2⤵
  PID:7508
- C:\Windows\System\vheGKOO.exe
  C:\Windows\System\vheGKOO.exe
  2⤵
  PID:7536
- C:\Windows\System\OgVBFVU.exe
  C:\Windows\System\OgVBFVU.exe
  2⤵
  PID:7564
- C:\Windows\System\fpZPRWx.exe
  C:\Windows\System\fpZPRWx.exe
  2⤵
  PID:7600
- C:\Windows\System\jGGoyOF.exe
  C:\Windows\System\jGGoyOF.exe
  2⤵
  PID:7620
- C:\Windows\System\EdafhFz.exe
  C:\Windows\System\EdafhFz.exe
  2⤵
  PID:7648
- C:\Windows\System\QFpOgob.exe
  C:\Windows\System\QFpOgob.exe
  2⤵
  PID:7676
- C:\Windows\System\ATvWpTQ.exe
  C:\Windows\System\ATvWpTQ.exe
  2⤵
  PID:7704
- C:\Windows\System\CUgqvAD.exe
  C:\Windows\System\CUgqvAD.exe
  2⤵
  PID:7740
- C:\Windows\System\jcHIHop.exe
  C:\Windows\System\jcHIHop.exe
  2⤵
  PID:7768
- C:\Windows\System\UybBfft.exe
  C:\Windows\System\UybBfft.exe
  2⤵
  PID:7788
- C:\Windows\System\kkWkmki.exe
  C:\Windows\System\kkWkmki.exe
  2⤵
  PID:7820
- C:\Windows\System\FQZVoWu.exe
  C:\Windows\System\FQZVoWu.exe
  2⤵
  PID:7844
- C:\Windows\System\lhsYLHR.exe
  C:\Windows\System\lhsYLHR.exe
  2⤵
  PID:7880
- C:\Windows\System\gMLObQy.exe
  C:\Windows\System\gMLObQy.exe
  2⤵
  PID:7912
- C:\Windows\System\STpQOjZ.exe
  C:\Windows\System\STpQOjZ.exe
  2⤵
  PID:7932
- C:\Windows\System\HrEqvNU.exe
  C:\Windows\System\HrEqvNU.exe
  2⤵
  PID:7968
- C:\Windows\System\iyKSajG.exe
  C:\Windows\System\iyKSajG.exe
  2⤵
  PID:7988
- C:\Windows\System\dnFsbwH.exe
  C:\Windows\System\dnFsbwH.exe
  2⤵
  PID:8024
- C:\Windows\System\UZhSomW.exe
  C:\Windows\System\UZhSomW.exe
  2⤵
  PID:8044
- C:\Windows\System\ydofGQi.exe
  C:\Windows\System\ydofGQi.exe
  2⤵
  PID:8072
- C:\Windows\System\eRZzjgC.exe
  C:\Windows\System\eRZzjgC.exe
  2⤵
  PID:8108
- C:\Windows\System\LchcQgt.exe
  C:\Windows\System\LchcQgt.exe
  2⤵
  PID:8136
- C:\Windows\System\zDdjXph.exe
  C:\Windows\System\zDdjXph.exe
  2⤵
  PID:8164
- C:\Windows\System\QyVnCvM.exe
  C:\Windows\System\QyVnCvM.exe
  2⤵
  PID:8184
- C:\Windows\System\ZNQKquq.exe
  C:\Windows\System\ZNQKquq.exe
  2⤵
  PID:7248
- C:\Windows\System\plqnRfr.exe
  C:\Windows\System\plqnRfr.exe
  2⤵
  PID:7260
- C:\Windows\System\zNLlJdK.exe
  C:\Windows\System\zNLlJdK.exe
  2⤵
  PID:7356
- C:\Windows\System\OlmiXxm.exe
  C:\Windows\System\OlmiXxm.exe
  2⤵
  PID:7408
- C:\Windows\System\wigVyQM.exe
  C:\Windows\System\wigVyQM.exe
  2⤵
  PID:7468
- C:\Windows\System\UaNkTtN.exe
  C:\Windows\System\UaNkTtN.exe
  2⤵
  PID:7528
- C:\Windows\System\BbhVEkN.exe
  C:\Windows\System\BbhVEkN.exe
  2⤵
  PID:7612
- C:\Windows\System\riwVWOQ.exe
  C:\Windows\System\riwVWOQ.exe
  2⤵
  PID:7668
- C:\Windows\System\DhxHVNT.exe
  C:\Windows\System\DhxHVNT.exe
  2⤵
  PID:7724
- C:\Windows\System\uJzpkYs.exe
  C:\Windows\System\uJzpkYs.exe
  2⤵
  PID:7800
- C:\Windows\System\OvLGBVY.exe
  C:\Windows\System\OvLGBVY.exe
  2⤵
  PID:7888
- C:\Windows\System\gXQTeKG.exe
  C:\Windows\System\gXQTeKG.exe
  2⤵
  PID:7928
- C:\Windows\System\ApSIIhO.exe
  C:\Windows\System\ApSIIhO.exe
  2⤵
  PID:7984
- C:\Windows\System\ainLURL.exe
  C:\Windows\System\ainLURL.exe
  2⤵
  PID:8056
- C:\Windows\System\SGEDMKa.exe
  C:\Windows\System\SGEDMKa.exe
  2⤵
  PID:8120
- C:\Windows\System\McbQpeA.exe
  C:\Windows\System\McbQpeA.exe
  2⤵
  PID:7212
- C:\Windows\System\HytJRwx.exe
  C:\Windows\System\HytJRwx.exe
  2⤵
  PID:7348
- C:\Windows\System\WKUsphW.exe
  C:\Windows\System\WKUsphW.exe
  2⤵
  PID:7448
- C:\Windows\System\hJwrXsy.exe
  C:\Windows\System\hJwrXsy.exe
  2⤵
  PID:7644
- C:\Windows\System\oBhxqMM.exe
  C:\Windows\System\oBhxqMM.exe
  2⤵
  PID:7756
- C:\Windows\System\YuVhufS.exe
  C:\Windows\System\YuVhufS.exe
  2⤵
  PID:7900
- C:\Windows\System\NBJbEEY.exe
  C:\Windows\System\NBJbEEY.exe
  2⤵
  PID:8096
- C:\Windows\System\WhuNLWB.exe
  C:\Windows\System\WhuNLWB.exe
  2⤵
  PID:7276
- C:\Windows\System\ATfnczA.exe
  C:\Windows\System\ATfnczA.exe
  2⤵
  PID:7696
- C:\Windows\System\IJRJZaz.exe
  C:\Windows\System\IJRJZaz.exe
  2⤵
  PID:8012
- C:\Windows\System\TgdlGUK.exe
  C:\Windows\System\TgdlGUK.exe
  2⤵
  PID:7516
- C:\Windows\System\ZaMIVRm.exe
  C:\Windows\System\ZaMIVRm.exe
  2⤵
  PID:7828
- C:\Windows\System\UfWKmVK.exe
  C:\Windows\System\UfWKmVK.exe
  2⤵
  PID:8216
- C:\Windows\System\gzUUWSP.exe
  C:\Windows\System\gzUUWSP.exe
  2⤵
  PID:8244
- C:\Windows\System\RgOweFn.exe
  C:\Windows\System\RgOweFn.exe
  2⤵
  PID:8272
- C:\Windows\System\AbuPLyf.exe
  C:\Windows\System\AbuPLyf.exe
  2⤵
  PID:8292
- C:\Windows\System\XzkJewu.exe
  C:\Windows\System\XzkJewu.exe
  2⤵
  PID:8320
- C:\Windows\System\fWjLTOr.exe
  C:\Windows\System\fWjLTOr.exe
  2⤵
  PID:8356
- C:\Windows\System\bZHnqjx.exe
  C:\Windows\System\bZHnqjx.exe
  2⤵
  PID:8384
- C:\Windows\System\NZsDNRl.exe
  C:\Windows\System\NZsDNRl.exe
  2⤵
  PID:8404
- C:\Windows\System\gOPRTgy.exe
  C:\Windows\System\gOPRTgy.exe
  2⤵
  PID:8440
- C:\Windows\System\SvUCOqh.exe
  C:\Windows\System\SvUCOqh.exe
  2⤵
  PID:8460
- C:\Windows\System\RBRzvYP.exe
  C:\Windows\System\RBRzvYP.exe
  2⤵
  PID:8476
- C:\Windows\System\QtpbGTQ.exe
  C:\Windows\System\QtpbGTQ.exe
  2⤵
  PID:8504
- C:\Windows\System\CJvCwQA.exe
  C:\Windows\System\CJvCwQA.exe
  2⤵
  PID:8536
- C:\Windows\System\ypjrQHU.exe
  C:\Windows\System\ypjrQHU.exe
  2⤵
  PID:8572
- C:\Windows\System\iydgRZi.exe
  C:\Windows\System\iydgRZi.exe
  2⤵
  PID:8600
- C:\Windows\System\qwfQPdm.exe
  C:\Windows\System\qwfQPdm.exe
  2⤵
  PID:8660
- C:\Windows\System\ywWFRXy.exe
  C:\Windows\System\ywWFRXy.exe
  2⤵
  PID:8696
- C:\Windows\System\SflfpkI.exe
  C:\Windows\System\SflfpkI.exe
  2⤵
  PID:8724
- C:\Windows\System\dOsUdrK.exe
  C:\Windows\System\dOsUdrK.exe
  2⤵
  PID:8752
- C:\Windows\System\bQxuBWB.exe
  C:\Windows\System\bQxuBWB.exe
  2⤵
  PID:8784
- C:\Windows\System\dWFkigl.exe
  C:\Windows\System\dWFkigl.exe
  2⤵
  PID:8808
- C:\Windows\System\FOChmJF.exe
  C:\Windows\System\FOChmJF.exe
  2⤵
  PID:8836
- C:\Windows\System\mProFnG.exe
  C:\Windows\System\mProFnG.exe
  2⤵
  PID:8864
- C:\Windows\System\PxRpmOB.exe
  C:\Windows\System\PxRpmOB.exe
  2⤵
  PID:8892
- C:\Windows\System\xhezRmA.exe
  C:\Windows\System\xhezRmA.exe
  2⤵
  PID:8920
- C:\Windows\System\MWnPeSJ.exe
  C:\Windows\System\MWnPeSJ.exe
  2⤵
  PID:8948
- C:\Windows\System\fieIwmX.exe
  C:\Windows\System\fieIwmX.exe
  2⤵
  PID:8980
- C:\Windows\System\FDDUYSx.exe
  C:\Windows\System\FDDUYSx.exe
  2⤵
  PID:9008
- C:\Windows\System\JHpkOBX.exe
  C:\Windows\System\JHpkOBX.exe
  2⤵
  PID:9036
- C:\Windows\System\PFBmCZm.exe
  C:\Windows\System\PFBmCZm.exe
  2⤵
  PID:9068
- C:\Windows\System\fiAMIzl.exe
  C:\Windows\System\fiAMIzl.exe
  2⤵
  PID:9092
- C:\Windows\System\RbaeQKD.exe
  C:\Windows\System\RbaeQKD.exe
  2⤵
  PID:9120
- C:\Windows\System\KVuaKVc.exe
  C:\Windows\System\KVuaKVc.exe
  2⤵
  PID:9148
- C:\Windows\System\ErPzQhF.exe
  C:\Windows\System\ErPzQhF.exe
  2⤵
  PID:9176
- C:\Windows\System\zlYawGE.exe
  C:\Windows\System\zlYawGE.exe
  2⤵
  PID:9204
- C:\Windows\System\musibpn.exe
  C:\Windows\System\musibpn.exe
  2⤵
  PID:8224
- C:\Windows\System\xgUaHua.exe
  C:\Windows\System\xgUaHua.exe
  2⤵
  PID:8304
- C:\Windows\System\oReNtrx.exe
  C:\Windows\System\oReNtrx.exe
  2⤵
  PID:8368
- C:\Windows\System\MPsfXgR.exe
  C:\Windows\System\MPsfXgR.exe
  2⤵
  PID:8416
- C:\Windows\System\myWfgeW.exe
  C:\Windows\System\myWfgeW.exe
  2⤵
  PID:8472
- C:\Windows\System\FvzJpxR.exe
  C:\Windows\System\FvzJpxR.exe
  2⤵
  PID:8544
- C:\Windows\System\hRbAEMi.exe
  C:\Windows\System\hRbAEMi.exe
  2⤵
  PID:8620
- C:\Windows\System\TKITsmU.exe
  C:\Windows\System\TKITsmU.exe
  2⤵
  PID:6836
- C:\Windows\System\RXMNrqr.exe
  C:\Windows\System\RXMNrqr.exe
  2⤵
  PID:6828
- C:\Windows\System\ZazCxgp.exe
  C:\Windows\System\ZazCxgp.exe
  2⤵
  PID:8744
- C:\Windows\System\slRsRgZ.exe
  C:\Windows\System\slRsRgZ.exe
  2⤵
  PID:8804
- C:\Windows\System\vmGQaAq.exe
  C:\Windows\System\vmGQaAq.exe
  2⤵
  PID:8876
- C:\Windows\System\TGtcZtO.exe
  C:\Windows\System\TGtcZtO.exe
  2⤵
  PID:8960
- C:\Windows\System\vkOLRul.exe
  C:\Windows\System\vkOLRul.exe
  2⤵
  PID:9004
- C:\Windows\System\ksrODiF.exe
  C:\Windows\System\ksrODiF.exe
  2⤵
  PID:9076
- C:\Windows\System\KpYAdaM.exe
  C:\Windows\System\KpYAdaM.exe
  2⤵
  PID:9140
- C:\Windows\System\GLinBdr.exe
  C:\Windows\System\GLinBdr.exe
  2⤵
  PID:9200
- C:\Windows\System\MFqGKGe.exe
  C:\Windows\System\MFqGKGe.exe
  2⤵
  PID:8316
- C:\Windows\System\IaKlUHg.exe
  C:\Windows\System\IaKlUHg.exe
  2⤵
  PID:8468
- C:\Windows\System\KMkUzrl.exe
  C:\Windows\System\KMkUzrl.exe
  2⤵
  PID:8596
- C:\Windows\System\UXtzgOE.exe
  C:\Windows\System\UXtzgOE.exe
  2⤵
  PID:8708
- C:\Windows\System\FKObapu.exe
  C:\Windows\System\FKObapu.exe
  2⤵
  PID:8856
- C:\Windows\System\nCmRyOK.exe
  C:\Windows\System\nCmRyOK.exe
  2⤵
  PID:8992
- C:\Windows\System\RYzxjOP.exe
  C:\Windows\System\RYzxjOP.exe
  2⤵
  PID:9116
- C:\Windows\System\MWsylTH.exe
  C:\Windows\System\MWsylTH.exe
  2⤵
  PID:8392
- C:\Windows\System\nkFZGVF.exe
  C:\Windows\System\nkFZGVF.exe
  2⤵
  PID:8800
- C:\Windows\System\jwoWQuY.exe
  C:\Windows\System\jwoWQuY.exe
  2⤵
  PID:8976
- C:\Windows\System\WiTllHf.exe
  C:\Windows\System\WiTllHf.exe
  2⤵
  PID:8528
- C:\Windows\System\LEwhLek.exe
  C:\Windows\System\LEwhLek.exe
  2⤵
  PID:8260
- C:\Windows\System\ohecWxQ.exe
  C:\Windows\System\ohecWxQ.exe
  2⤵
  PID:9224
- C:\Windows\System\klKmmFU.exe
  C:\Windows\System\klKmmFU.exe
  2⤵
  PID:9252
- C:\Windows\System\AvTRahR.exe
  C:\Windows\System\AvTRahR.exe
  2⤵
  PID:9280
- C:\Windows\System\nZQikOo.exe
  C:\Windows\System\nZQikOo.exe
  2⤵
  PID:9308
- C:\Windows\System\oZyMULf.exe
  C:\Windows\System\oZyMULf.exe
  2⤵
  PID:9340
- C:\Windows\System\sAqFjWU.exe
  C:\Windows\System\sAqFjWU.exe
  2⤵
  PID:9364
- C:\Windows\System\UceJrZB.exe
  C:\Windows\System\UceJrZB.exe
  2⤵
  PID:9392
- C:\Windows\System\mAtkANf.exe
  C:\Windows\System\mAtkANf.exe
  2⤵
  PID:9420
- C:\Windows\System\pQMQCNe.exe
  C:\Windows\System\pQMQCNe.exe
  2⤵
  PID:9452
- C:\Windows\System\PxBLyCO.exe
  C:\Windows\System\PxBLyCO.exe
  2⤵
  PID:9476
- C:\Windows\System\ptAaOOD.exe
  C:\Windows\System\ptAaOOD.exe
  2⤵
  PID:9504
- C:\Windows\System\yudoZvU.exe
  C:\Windows\System\yudoZvU.exe
  2⤵
  PID:9532
- C:\Windows\System\iyvdiEn.exe
  C:\Windows\System\iyvdiEn.exe
  2⤵
  PID:9560
- C:\Windows\System\pBHimbb.exe
  C:\Windows\System\pBHimbb.exe
  2⤵
  PID:9596
- C:\Windows\System\cmDzElc.exe
  C:\Windows\System\cmDzElc.exe
  2⤵
  PID:9620
- C:\Windows\System\cWZnFCt.exe
  C:\Windows\System\cWZnFCt.exe
  2⤵
  PID:9644
- C:\Windows\System\IytUAKs.exe
  C:\Windows\System\IytUAKs.exe
  2⤵
  PID:9672
- C:\Windows\System\EfvaQvV.exe
  C:\Windows\System\EfvaQvV.exe
  2⤵
  PID:9700
- C:\Windows\System\lPsPCDq.exe
  C:\Windows\System\lPsPCDq.exe
  2⤵
  PID:9728
- C:\Windows\System\vrFOgJV.exe
  C:\Windows\System\vrFOgJV.exe
  2⤵
  PID:9756
- C:\Windows\System\BiLmEID.exe
  C:\Windows\System\BiLmEID.exe
  2⤵
  PID:9784
- C:\Windows\System\RMlIYTr.exe
  C:\Windows\System\RMlIYTr.exe
  2⤵
  PID:9820
- C:\Windows\System\nWEdHLo.exe
  C:\Windows\System\nWEdHLo.exe
  2⤵
  PID:9848
- C:\Windows\System\qNccfLy.exe
  C:\Windows\System\qNccfLy.exe
  2⤵
  PID:9868
- C:\Windows\System\DZjGfZD.exe
  C:\Windows\System\DZjGfZD.exe
  2⤵
  PID:9900
- C:\Windows\System\GdjafVJ.exe
  C:\Windows\System\GdjafVJ.exe
  2⤵
  PID:9924
- C:\Windows\System\xpYHepL.exe
  C:\Windows\System\xpYHepL.exe
  2⤵
  PID:9952
- C:\Windows\System\qBubuxF.exe
  C:\Windows\System\qBubuxF.exe
  2⤵
  PID:9984
- C:\Windows\System\PGMQAFS.exe
  C:\Windows\System\PGMQAFS.exe
  2⤵
  PID:10012
- C:\Windows\System\LJBcnnZ.exe
  C:\Windows\System\LJBcnnZ.exe
  2⤵
  PID:10036
- C:\Windows\System\ujJIlCq.exe
  C:\Windows\System\ujJIlCq.exe
  2⤵
  PID:10064
- C:\Windows\System\wIrkRRx.exe
  C:\Windows\System\wIrkRRx.exe
  2⤵
  PID:10092
- C:\Windows\System\tCjnCtk.exe
  C:\Windows\System\tCjnCtk.exe
  2⤵
  PID:10120
- C:\Windows\System\TqNbcSk.exe
  C:\Windows\System\TqNbcSk.exe
  2⤵
  PID:10152
- C:\Windows\System\pybFAtV.exe
  C:\Windows\System\pybFAtV.exe
  2⤵
  PID:10176
- C:\Windows\System\lAVxJtI.exe
  C:\Windows\System\lAVxJtI.exe
  2⤵
  PID:10208
- C:\Windows\System\uZZpKZq.exe
  C:\Windows\System\uZZpKZq.exe
  2⤵
  PID:10232
- C:\Windows\System\NFHiFut.exe
  C:\Windows\System\NFHiFut.exe
  2⤵
  PID:9276
- C:\Windows\System\YgFCTEW.exe
  C:\Windows\System\YgFCTEW.exe
  2⤵
  PID:9348
- C:\Windows\System\SfpKBdv.exe
  C:\Windows\System\SfpKBdv.exe
  2⤵
  PID:9412
- C:\Windows\System\HhlpzLC.exe
  C:\Windows\System\HhlpzLC.exe
  2⤵
  PID:9460
- C:\Windows\System\vTDZuwL.exe
  C:\Windows\System\vTDZuwL.exe
  2⤵
  PID:9524
- C:\Windows\System\ACXMxKN.exe
  C:\Windows\System\ACXMxKN.exe
  2⤵
  PID:9584
- C:\Windows\System\pBQDVLc.exe
  C:\Windows\System\pBQDVLc.exe
  2⤵
  PID:9664
- C:\Windows\System\PkrOrKq.exe
  C:\Windows\System\PkrOrKq.exe
  2⤵
  PID:9720
- C:\Windows\System\oqFvWQl.exe
  C:\Windows\System\oqFvWQl.exe
  2⤵
  PID:9796
- C:\Windows\System\dCLOOcE.exe
  C:\Windows\System\dCLOOcE.exe
  2⤵
  PID:9856
- C:\Windows\System\tJizyny.exe
  C:\Windows\System\tJizyny.exe
  2⤵
  PID:9916
- C:\Windows\System\cMXctMe.exe
  C:\Windows\System\cMXctMe.exe
  2⤵
  PID:9976
- C:\Windows\System\lWBTqHM.exe
  C:\Windows\System\lWBTqHM.exe
  2⤵
  PID:10048
- C:\Windows\System\xNZlqqj.exe
  C:\Windows\System\xNZlqqj.exe
  2⤵
  PID:10112
- C:\Windows\System\ipoaKoz.exe
  C:\Windows\System\ipoaKoz.exe
  2⤵
  PID:10172
- C:\Windows\System\tsPrsij.exe
  C:\Windows\System\tsPrsij.exe
  2⤵
  PID:9220
- C:\Windows\System\Iujmrpt.exe
  C:\Windows\System\Iujmrpt.exe
  2⤵
  PID:9388
- C:\Windows\System\SFCjUaZ.exe
  C:\Windows\System\SFCjUaZ.exe
  2⤵
  PID:9516
- C:\Windows\System\pKSABtX.exe
  C:\Windows\System\pKSABtX.exe
  2⤵
  PID:9692
- C:\Windows\System\ZjGvCVK.exe
  C:\Windows\System\ZjGvCVK.exe
  2⤵
  PID:9808
- C:\Windows\System\KIKzxiK.exe
  C:\Windows\System\KIKzxiK.exe
  2⤵
  PID:9964
- C:\Windows\System\QLMRnPz.exe
  C:\Windows\System\QLMRnPz.exe
  2⤵
  PID:10104
- C:\Windows\System\vaQeKUM.exe
  C:\Windows\System\vaQeKUM.exe
  2⤵
  PID:9300
- C:\Windows\System\LUlfDzd.exe
  C:\Windows\System\LUlfDzd.exe
  2⤵
  PID:9636
- C:\Windows\System\gMXYfQw.exe
  C:\Windows\System\gMXYfQw.exe
  2⤵
  PID:9944
- C:\Windows\System\dtGUnWc.exe
  C:\Windows\System\dtGUnWc.exe
  2⤵
  PID:4280
- C:\Windows\System\wxNnpar.exe
  C:\Windows\System\wxNnpar.exe
  2⤵
  PID:10088
- C:\Windows\System\antDfID.exe
  C:\Windows\System\antDfID.exe
  2⤵
  PID:10248
- C:\Windows\System\JmNelcd.exe
  C:\Windows\System\JmNelcd.exe
  2⤵
  PID:10284
- C:\Windows\System\WHgTjUZ.exe
  C:\Windows\System\WHgTjUZ.exe
  2⤵
  PID:10300
- C:\Windows\System\zavoYaF.exe
  C:\Windows\System\zavoYaF.exe
  2⤵
  PID:10352
- C:\Windows\System\ZYpKoCM.exe
  C:\Windows\System\ZYpKoCM.exe
  2⤵
  PID:10376
- C:\Windows\System\ljBYYBH.exe
  C:\Windows\System\ljBYYBH.exe
  2⤵
  PID:10404
- C:\Windows\System\GCvemUE.exe
  C:\Windows\System\GCvemUE.exe
  2⤵
  PID:10436
- C:\Windows\System\mPJeVzz.exe
  C:\Windows\System\mPJeVzz.exe
  2⤵
  PID:10468
- C:\Windows\System\xJyNjAj.exe
  C:\Windows\System\xJyNjAj.exe
  2⤵
  PID:10504
- C:\Windows\System\iWdMQiT.exe
  C:\Windows\System\iWdMQiT.exe
  2⤵
  PID:10536
- C:\Windows\System\kZzHmmV.exe
  C:\Windows\System\kZzHmmV.exe
  2⤵
  PID:10560
- C:\Windows\System\xoSMXyX.exe
  C:\Windows\System\xoSMXyX.exe
  2⤵
  PID:10600
- C:\Windows\System\jBATIcV.exe
  C:\Windows\System\jBATIcV.exe
  2⤵
  PID:10620
- C:\Windows\System\OCfNlRP.exe
  C:\Windows\System\OCfNlRP.exe
  2⤵
  PID:10672
- C:\Windows\System\GwrMdBa.exe
  C:\Windows\System\GwrMdBa.exe
  2⤵
  PID:10692
- C:\Windows\System\IJWCIZR.exe
  C:\Windows\System\IJWCIZR.exe
  2⤵
  PID:10736
- C:\Windows\System\hFgrofn.exe
  C:\Windows\System\hFgrofn.exe
  2⤵
  PID:10752
- C:\Windows\System\PNaxpmq.exe
  C:\Windows\System\PNaxpmq.exe
  2⤵
  PID:10792
- C:\Windows\System\jlerAmU.exe
  C:\Windows\System\jlerAmU.exe
  2⤵
  PID:10816
- C:\Windows\System\cgjxWYB.exe
  C:\Windows\System\cgjxWYB.exe
  2⤵
  PID:10836
- C:\Windows\System\qwnTgIQ.exe
  C:\Windows\System\qwnTgIQ.exe
  2⤵
  PID:10876
- C:\Windows\System\YjYvIgK.exe
  C:\Windows\System\YjYvIgK.exe
  2⤵
  PID:10892
- C:\Windows\System\aYaengF.exe
  C:\Windows\System\aYaengF.exe
  2⤵
  PID:10920
- C:\Windows\System\eabURhU.exe
  C:\Windows\System\eabURhU.exe
  2⤵
  PID:10948
- C:\Windows\System\kCvSytk.exe
  C:\Windows\System\kCvSytk.exe
  2⤵
  PID:10976
- C:\Windows\System\uyJcvgd.exe
  C:\Windows\System\uyJcvgd.exe
  2⤵
  PID:11004
- C:\Windows\System\ecZzEDg.exe
  C:\Windows\System\ecZzEDg.exe
  2⤵
  PID:11032
- C:\Windows\System\vtWwKpU.exe
  C:\Windows\System\vtWwKpU.exe
  2⤵
  PID:11060
- C:\Windows\System\FycLkFw.exe
  C:\Windows\System\FycLkFw.exe
  2⤵
  PID:11088
- C:\Windows\System\qIIWsqN.exe
  C:\Windows\System\qIIWsqN.exe
  2⤵
  PID:11116
- C:\Windows\System\pWXSESe.exe
  C:\Windows\System\pWXSESe.exe
  2⤵
  PID:11160
- C:\Windows\System\maLHeZx.exe
  C:\Windows\System\maLHeZx.exe
  2⤵
  PID:11176
- C:\Windows\System\KCIFjqK.exe
  C:\Windows\System\KCIFjqK.exe
  2⤵
  PID:11204
- C:\Windows\System\SsmFGHW.exe
  C:\Windows\System\SsmFGHW.exe
  2⤵
  PID:11232
- C:\Windows\System\fcqGBSf.exe
  C:\Windows\System\fcqGBSf.exe
  2⤵
  PID:11260
- C:\Windows\System\ZsjOWaV.exe
  C:\Windows\System\ZsjOWaV.exe
  2⤵
  PID:5656
- C:\Windows\System\UEjaoRL.exe
  C:\Windows\System\UEjaoRL.exe
  2⤵
  PID:10320
- C:\Windows\System\oVHfCnT.exe
  C:\Windows\System\oVHfCnT.exe
  2⤵
  PID:5688
- C:\Windows\System\AvbluYn.exe
  C:\Windows\System\AvbluYn.exe
  2⤵
  PID:9908
- C:\Windows\System\usbKZKN.exe
  C:\Windows\System\usbKZKN.exe
  2⤵
  PID:10452
- C:\Windows\System\cSqyaTg.exe
  C:\Windows\System\cSqyaTg.exe
  2⤵
  PID:10492
- C:\Windows\System\ebaudxH.exe
  C:\Windows\System\ebaudxH.exe
  2⤵
  PID:10548
- C:\Windows\System\wKRdcjn.exe
  C:\Windows\System\wKRdcjn.exe
  2⤵
  PID:2176
- C:\Windows\System\yFaxyYl.exe
  C:\Windows\System\yFaxyYl.exe
  2⤵
  PID:10660
- C:\Windows\System\ZAFusMi.exe
  C:\Windows\System\ZAFusMi.exe
  2⤵
  PID:10688
- C:\Windows\System\uGdvsDy.exe
  C:\Windows\System\uGdvsDy.exe
  2⤵
  PID:10760
- C:\Windows\System\vjxztBy.exe
  C:\Windows\System\vjxztBy.exe
  2⤵
  PID:10828
- C:\Windows\System\ffQjrnb.exe
  C:\Windows\System\ffQjrnb.exe
  2⤵
  PID:10872
- C:\Windows\System\cBIeZIw.exe
  C:\Windows\System\cBIeZIw.exe
  2⤵
  PID:10916
- C:\Windows\System\qBdQaQG.exe
  C:\Windows\System\qBdQaQG.exe
  2⤵
  PID:10988
- C:\Windows\System\nQqgMsc.exe
  C:\Windows\System\nQqgMsc.exe
  2⤵
  PID:11052
- C:\Windows\System\EltdwMr.exe
  C:\Windows\System\EltdwMr.exe
  2⤵
  PID:10420
- C:\Windows\System\aayoazJ.exe
  C:\Windows\System\aayoazJ.exe
  2⤵
  PID:11156
- C:\Windows\System\WiMYvNv.exe
  C:\Windows\System\WiMYvNv.exe
  2⤵
  PID:11200
- C:\Windows\System\bjpenJD.exe
  C:\Windows\System\bjpenJD.exe
  2⤵
  PID:11256
- C:\Windows\System\Nlbjfbo.exe
  C:\Windows\System\Nlbjfbo.exe
  2⤵
  PID:10552
- C:\Windows\System\csWTPeM.exe
  C:\Windows\System\csWTPeM.exe
  2⤵
  PID:5464
- C:\Windows\System\yEuUCVa.exe
  C:\Windows\System\yEuUCVa.exe
  2⤵
  PID:396
- C:\Windows\System\GmeSgGl.exe
  C:\Windows\System\GmeSgGl.exe
  2⤵
  PID:10592
- C:\Windows\System\qbtOZGJ.exe
  C:\Windows\System\qbtOZGJ.exe
  2⤵
  PID:4720
- C:\Windows\System\YCKEahZ.exe
  C:\Windows\System\YCKEahZ.exe
  2⤵
  PID:1936
- C:\Windows\System\kPCLaAs.exe
  C:\Windows\System\kPCLaAs.exe
  2⤵
  PID:10968
- C:\Windows\System\AzfWLZx.exe
  C:\Windows\System\AzfWLZx.exe
  2⤵
  PID:11084
- C:\Windows\System\jvVTVTk.exe
  C:\Windows\System\jvVTVTk.exe
  2⤵
  PID:11224
- C:\Windows\System\GKIcoMH.exe
  C:\Windows\System\GKIcoMH.exe
  2⤵
  PID:10340
- C:\Windows\System\vVCuqrJ.exe
  C:\Windows\System\vVCuqrJ.exe
  2⤵
  PID:1020
- C:\Windows\System\nGpGcIa.exe
  C:\Windows\System\nGpGcIa.exe
  2⤵
  PID:10888
- C:\Windows\System\jJUFWDy.exe
  C:\Windows\System\jJUFWDy.exe
  2⤵
  PID:11188
- C:\Windows\System\cSerLWM.exe
  C:\Windows\System\cSerLWM.exe
  2⤵
  PID:5304
- C:\Windows\System\ElLsNVc.exe
  C:\Windows\System\ElLsNVc.exe
  2⤵
  PID:5980
- C:\Windows\System\tKWzcmH.exe
  C:\Windows\System\tKWzcmH.exe
  2⤵
  PID:11168
- C:\Windows\System\NiewqDM.exe
  C:\Windows\System\NiewqDM.exe
  2⤵
  PID:11288
- C:\Windows\System\vnWzIFa.exe
  C:\Windows\System\vnWzIFa.exe
  2⤵
  PID:11316
- C:\Windows\System\FJelZbn.exe
  C:\Windows\System\FJelZbn.exe
  2⤵
  PID:11344
- C:\Windows\System\hltpjgQ.exe
  C:\Windows\System\hltpjgQ.exe
  2⤵
  PID:11372
- C:\Windows\System\VRlvzyS.exe
  C:\Windows\System\VRlvzyS.exe
  2⤵
  PID:11404
- C:\Windows\System\cKWPYNL.exe
  C:\Windows\System\cKWPYNL.exe
  2⤵
  PID:11436
- C:\Windows\System\hXTSRsp.exe
  C:\Windows\System\hXTSRsp.exe
  2⤵
  PID:11464
- C:\Windows\System\JxYhNuj.exe
  C:\Windows\System\JxYhNuj.exe
  2⤵
  PID:11484
- C:\Windows\System\HULrPKQ.exe
  C:\Windows\System\HULrPKQ.exe
  2⤵
  PID:11516
- C:\Windows\System\cczkYeA.exe
  C:\Windows\System\cczkYeA.exe
  2⤵
  PID:11540
- C:\Windows\System\bVWHVhC.exe
  C:\Windows\System\bVWHVhC.exe
  2⤵
  PID:11568
- C:\Windows\System\sqdUzHo.exe
  C:\Windows\System\sqdUzHo.exe
  2⤵
  PID:11596
- C:\Windows\System\hAmiWDJ.exe
  C:\Windows\System\hAmiWDJ.exe
  2⤵
  PID:11624
- C:\Windows\System\PVFXShR.exe
  C:\Windows\System\PVFXShR.exe
  2⤵
  PID:11652
- C:\Windows\System\elzbIjP.exe
  C:\Windows\System\elzbIjP.exe
  2⤵
  PID:11680
- C:\Windows\System\lHqKdUJ.exe
  C:\Windows\System\lHqKdUJ.exe
  2⤵
  PID:11708
- C:\Windows\System\qEVVjmf.exe
  C:\Windows\System\qEVVjmf.exe
  2⤵
  PID:11736
- C:\Windows\System\ATPbRcr.exe
  C:\Windows\System\ATPbRcr.exe
  2⤵
  PID:11764
- C:\Windows\System\SOpgiso.exe
  C:\Windows\System\SOpgiso.exe
  2⤵
  PID:11792
- C:\Windows\System\lvOojre.exe
  C:\Windows\System\lvOojre.exe
  2⤵
  PID:11820
- C:\Windows\System\tUgdMwn.exe
  C:\Windows\System\tUgdMwn.exe
  2⤵
  PID:11848
- C:\Windows\System\RVqmjNi.exe
  C:\Windows\System\RVqmjNi.exe
  2⤵
  PID:11884
- C:\Windows\System\vsqqmLS.exe
  C:\Windows\System\vsqqmLS.exe
  2⤵
  PID:11904
- C:\Windows\System\laiAehf.exe
  C:\Windows\System\laiAehf.exe
  2⤵
  PID:11932
- C:\Windows\System\TQjbngH.exe
  C:\Windows\System\TQjbngH.exe
  2⤵
  PID:11960
- C:\Windows\System\KvsQBuq.exe
  C:\Windows\System\KvsQBuq.exe
  2⤵
  PID:11988
- C:\Windows\System\SAIbTEo.exe
  C:\Windows\System\SAIbTEo.exe
  2⤵
  PID:12020
- C:\Windows\System\uNIoDyj.exe
  C:\Windows\System\uNIoDyj.exe
  2⤵
  PID:12048
- C:\Windows\System\BSujGyZ.exe
  C:\Windows\System\BSujGyZ.exe
  2⤵
  PID:12072
- C:\Windows\System\nEPbcgP.exe
  C:\Windows\System\nEPbcgP.exe
  2⤵
  PID:12104
- C:\Windows\System\HKsqTum.exe
  C:\Windows\System\HKsqTum.exe
  2⤵
  PID:12128
- C:\Windows\System\hUGrjNL.exe
  C:\Windows\System\hUGrjNL.exe
  2⤵
  PID:12156
- C:\Windows\System\MpxIrlx.exe
  C:\Windows\System\MpxIrlx.exe
  2⤵
  PID:12184
- C:\Windows\System\AgTYdBg.exe
  C:\Windows\System\AgTYdBg.exe
  2⤵
  PID:12212
- C:\Windows\System\lkaVUhI.exe
  C:\Windows\System\lkaVUhI.exe
  2⤵
  PID:12240
- C:\Windows\System\DunEDyH.exe
  C:\Windows\System\DunEDyH.exe
  2⤵
  PID:12272
- C:\Windows\System\Erqihym.exe
  C:\Windows\System\Erqihym.exe
  2⤵
  PID:11284
- C:\Windows\System\BnwgEei.exe
  C:\Windows\System\BnwgEei.exe
  2⤵
  PID:11356
- C:\Windows\System\PjdICgV.exe
  C:\Windows\System\PjdICgV.exe
  2⤵
  PID:976
- C:\Windows\System\eOhXSdD.exe
  C:\Windows\System\eOhXSdD.exe
  2⤵
  PID:11476
- C:\Windows\System\LSsZdRy.exe
  C:\Windows\System\LSsZdRy.exe
  2⤵
  PID:11536
- C:\Windows\System\bdUBeOk.exe
  C:\Windows\System\bdUBeOk.exe
  2⤵
  PID:11608
- C:\Windows\System\IaajuFU.exe
  C:\Windows\System\IaajuFU.exe
  2⤵
  PID:11672
- C:\Windows\System\LfqcTAT.exe
  C:\Windows\System\LfqcTAT.exe
  2⤵
  PID:11732
- C:\Windows\System\VYrKuXW.exe
  C:\Windows\System\VYrKuXW.exe
  2⤵
  PID:11804
- C:\Windows\System\TpeziHS.exe
  C:\Windows\System\TpeziHS.exe
  2⤵
  PID:11868
- C:\Windows\System\HfgbsvT.exe
  C:\Windows\System\HfgbsvT.exe
  2⤵
  PID:11928
- C:\Windows\System\MoyTNvi.exe
  C:\Windows\System\MoyTNvi.exe
  2⤵
  PID:12000
- C:\Windows\System\sByLiCW.exe
  C:\Windows\System\sByLiCW.exe
  2⤵
  PID:12064
- C:\Windows\System\FpOBYuH.exe
  C:\Windows\System\FpOBYuH.exe
  2⤵
  PID:12124
- C:\Windows\System\WjxVukF.exe
  C:\Windows\System\WjxVukF.exe
  2⤵
  PID:12196
- C:\Windows\System\XVyzlbs.exe
  C:\Windows\System\XVyzlbs.exe
  2⤵
  PID:12260
- C:\Windows\System\KrEUPoW.exe
  C:\Windows\System\KrEUPoW.exe
  2⤵
  PID:11340
- C:\Windows\System\eWFBoYB.exe
  C:\Windows\System\eWFBoYB.exe
  2⤵
  PID:11452
- C:\Windows\System\fnoIrXL.exe
  C:\Windows\System\fnoIrXL.exe
  2⤵
  PID:11592
- C:\Windows\System\kbBHvFt.exe
  C:\Windows\System\kbBHvFt.exe
  2⤵
  PID:11760
- C:\Windows\System\hNoHJfS.exe
  C:\Windows\System\hNoHJfS.exe
  2⤵
  PID:11896
- C:\Windows\System\NlyJGje.exe
  C:\Windows\System\NlyJGje.exe
  2⤵
  PID:11984
- C:\Windows\System\paBqCqV.exe
  C:\Windows\System\paBqCqV.exe
  2⤵
  PID:12112
- C:\Windows\System\WRZSavF.exe
  C:\Windows\System\WRZSavF.exe
  2⤵
  PID:12224
- C:\Windows\System\MeiJTvO.exe
  C:\Windows\System\MeiJTvO.exe
  2⤵
  PID:3456
- C:\Windows\System\SOJjZhk.exe
  C:\Windows\System\SOJjZhk.exe
  2⤵
  PID:11728
- C:\Windows\System\pLdRufm.exe
  C:\Windows\System\pLdRufm.exe
  2⤵
  PID:11956
- C:\Windows\System\RMfOppJ.exe
  C:\Windows\System\RMfOppJ.exe
  2⤵
  PID:12176
- C:\Windows\System\HhqosWf.exe
  C:\Windows\System\HhqosWf.exe
  2⤵
  PID:11564
- C:\Windows\System\gljiCoz.exe
  C:\Windows\System\gljiCoz.exe
  2⤵
  PID:12252
- C:\Windows\System\EKtABrA.exe
  C:\Windows\System\EKtABrA.exe
  2⤵
  PID:12120
- C:\Windows\System\uJXMYRR.exe
  C:\Windows\System\uJXMYRR.exe
  2⤵
  PID:12316
- C:\Windows\System\hwxJNdB.exe
  C:\Windows\System\hwxJNdB.exe
  2⤵
  PID:12344
- C:\Windows\System\xCaXvRR.exe
  C:\Windows\System\xCaXvRR.exe
  2⤵
  PID:12372
- C:\Windows\System\AfiPWSN.exe
  C:\Windows\System\AfiPWSN.exe
  2⤵
  PID:12400
- C:\Windows\System\IfTRAeA.exe
  C:\Windows\System\IfTRAeA.exe
  2⤵
  PID:12428
- C:\Windows\System\UTsBXVP.exe
  C:\Windows\System\UTsBXVP.exe
  2⤵
  PID:12456
- C:\Windows\System\GCxqlzP.exe
  C:\Windows\System\GCxqlzP.exe
  2⤵
  PID:12484
- C:\Windows\System\boEUMQF.exe
  C:\Windows\System\boEUMQF.exe
  2⤵
  PID:12512
- C:\Windows\System\YsDjaCt.exe
  C:\Windows\System\YsDjaCt.exe
  2⤵
  PID:12540
- C:\Windows\System\XtXXQnU.exe
  C:\Windows\System\XtXXQnU.exe
  2⤵
  PID:12568
- C:\Windows\System\djUCgBC.exe
  C:\Windows\System\djUCgBC.exe
  2⤵
  PID:12596
- C:\Windows\System\SXRxtYO.exe
  C:\Windows\System\SXRxtYO.exe
  2⤵
  PID:12624
- C:\Windows\System\AFAFflF.exe
  C:\Windows\System\AFAFflF.exe
  2⤵
  PID:12652
- C:\Windows\System\sVbHCVN.exe
  C:\Windows\System\sVbHCVN.exe
  2⤵
  PID:12680
- C:\Windows\System\DUqxhJX.exe
  C:\Windows\System\DUqxhJX.exe
  2⤵
  PID:12708
- C:\Windows\System\PLKxDvP.exe
  C:\Windows\System\PLKxDvP.exe
  2⤵
  PID:12736
- C:\Windows\System\TbbXCRf.exe
  C:\Windows\System\TbbXCRf.exe
  2⤵
  PID:12764
- C:\Windows\System\bMgOWoa.exe
  C:\Windows\System\bMgOWoa.exe
  2⤵
  PID:12792
- C:\Windows\System\UOSAEFv.exe
  C:\Windows\System\UOSAEFv.exe
  2⤵
  PID:12820
- C:\Windows\System\bEwTpnh.exe
  C:\Windows\System\bEwTpnh.exe
  2⤵
  PID:12860
- C:\Windows\System\Gmfsusn.exe
  C:\Windows\System\Gmfsusn.exe
  2⤵
  PID:12876
- C:\Windows\System\CWyEhtu.exe
  C:\Windows\System\CWyEhtu.exe
  2⤵
  PID:12904
- C:\Windows\System\ZkQwLcX.exe
  C:\Windows\System\ZkQwLcX.exe
  2⤵
  PID:12932
- C:\Windows\System\nSPzGFG.exe
  C:\Windows\System\nSPzGFG.exe
  2⤵
  PID:12960
- C:\Windows\System\FbiGBrl.exe
  C:\Windows\System\FbiGBrl.exe
  2⤵
  PID:12988
- C:\Windows\System\umUaoSZ.exe
  C:\Windows\System\umUaoSZ.exe
  2⤵
  PID:13016
- C:\Windows\System\ujAjDgm.exe
  C:\Windows\System\ujAjDgm.exe
  2⤵
  PID:13044
- C:\Windows\System\wyYSOIL.exe
  C:\Windows\System\wyYSOIL.exe
  2⤵
  PID:13072
- C:\Windows\System\rXjkzeL.exe
  C:\Windows\System\rXjkzeL.exe
  2⤵
  PID:13100
- C:\Windows\System\NuHKBeP.exe
  C:\Windows\System\NuHKBeP.exe
  2⤵
  PID:13128
- C:\Windows\System\iiPARda.exe
  C:\Windows\System\iiPARda.exe
  2⤵
  PID:13156
- C:\Windows\System\hcDwJWL.exe
  C:\Windows\System\hcDwJWL.exe
  2⤵
  PID:13184
- C:\Windows\System\hydfzUV.exe
  C:\Windows\System\hydfzUV.exe
  2⤵
  PID:13212
- C:\Windows\System\LbruncK.exe
  C:\Windows\System\LbruncK.exe
  2⤵
  PID:13240
- C:\Windows\System\FHFByFp.exe
  C:\Windows\System\FHFByFp.exe
  2⤵
  PID:13268
- C:\Windows\System\zUQPpLd.exe
  C:\Windows\System\zUQPpLd.exe
  2⤵
  PID:13296
- C:\Windows\System\OYfrSqI.exe
  C:\Windows\System\OYfrSqI.exe
  2⤵
  PID:12312
- C:\Windows\System\SdtrjZr.exe
  C:\Windows\System\SdtrjZr.exe
  2⤵
  PID:12384
- C:\Windows\System\seYeHGh.exe
  C:\Windows\System\seYeHGh.exe
  2⤵
  PID:12448
- C:\Windows\System\PGVRAWm.exe
  C:\Windows\System\PGVRAWm.exe
  2⤵
  PID:12508
- C:\Windows\System\qrelvun.exe
  C:\Windows\System\qrelvun.exe
  2⤵
  PID:12580
- C:\Windows\System\EMnPimZ.exe
  C:\Windows\System\EMnPimZ.exe
  2⤵
  PID:12644
- C:\Windows\System\eLImske.exe
  C:\Windows\System\eLImske.exe
  2⤵
  PID:12704
- C:\Windows\System\TnMrZjE.exe
  C:\Windows\System\TnMrZjE.exe
  2⤵
  PID:12776
- C:\Windows\System\myVoeGk.exe
  C:\Windows\System\myVoeGk.exe
  2⤵
  PID:12840
- C:\Windows\System\xYeXVwq.exe
  C:\Windows\System\xYeXVwq.exe
  2⤵
  PID:12900
- C:\Windows\System\hyNTXYc.exe
  C:\Windows\System\hyNTXYc.exe
  2⤵
  PID:12972
- C:\Windows\System\TXFgpUo.exe
  C:\Windows\System\TXFgpUo.exe
  2⤵
  PID:13040
- C:\Windows\System\OMzyjCp.exe
  C:\Windows\System\OMzyjCp.exe
  2⤵
  PID:13096
- C:\Windows\System\XkNmIta.exe
  C:\Windows\System\XkNmIta.exe
  2⤵
  PID:13168
- C:\Windows\System\goBItWE.exe
  C:\Windows\System\goBItWE.exe
  2⤵
  PID:13232
- C:\Windows\System\ojOVQrv.exe
  C:\Windows\System\ojOVQrv.exe
  2⤵
  PID:13292
- C:\Windows\System\pJNfUAA.exe
  C:\Windows\System\pJNfUAA.exe
  2⤵
  PID:12412
- C:\Windows\System\VbYdJFK.exe
  C:\Windows\System\VbYdJFK.exe
  2⤵
  PID:12560
- C:\Windows\System\zokURoS.exe
  C:\Windows\System\zokURoS.exe
  2⤵
  PID:12700
- C:\Windows\System\AVOMphc.exe
  C:\Windows\System\AVOMphc.exe
  2⤵
  PID:12868
- C:\Windows\System\TJFAxrK.exe
  C:\Windows\System\TJFAxrK.exe
  2⤵
  PID:13012
- C:\Windows\System\RNWUvEO.exe
  C:\Windows\System\RNWUvEO.exe
  2⤵
  PID:13152
- C:\Windows\System\ecpztJn.exe
  C:\Windows\System\ecpztJn.exe
  2⤵
  PID:12308
- C:\Windows\System\eifXtci.exe
  C:\Windows\System\eifXtci.exe
  2⤵
  PID:12672
- C:\Windows\System\dMBskgb.exe
  C:\Windows\System\dMBskgb.exe
  2⤵
  PID:13000
- C:\Windows\System\TgJFeKg.exe
  C:\Windows\System\TgJFeKg.exe
  2⤵
  PID:12476
- C:\Windows\System\vjTeERt.exe
  C:\Windows\System\vjTeERt.exe
  2⤵
  PID:13280
- C:\Windows\System\ElZmrkj.exe
  C:\Windows\System\ElZmrkj.exe
  2⤵
  PID:13328
- C:\Windows\System\wxMUyYT.exe
  C:\Windows\System\wxMUyYT.exe
  2⤵
  PID:13360
- C:\Windows\System\qFzjOpz.exe
  C:\Windows\System\qFzjOpz.exe
  2⤵
  PID:13392
- C:\Windows\System\wHgGUxq.exe
  C:\Windows\System\wHgGUxq.exe
  2⤵
  PID:13424
- C:\Windows\System\hIdazSq.exe
  C:\Windows\System\hIdazSq.exe
  2⤵
  PID:13440
- C:\Windows\System\IIUEBfd.exe
  C:\Windows\System\IIUEBfd.exe
  2⤵
  PID:13468
- C:\Windows\System\EWoQIuJ.exe
  C:\Windows\System\EWoQIuJ.exe
  2⤵
  PID:13540
- C:\Windows\System\LRjJDLP.exe
  C:\Windows\System\LRjJDLP.exe
  2⤵
  PID:13568
- C:\Windows\System\gUsoBoZ.exe
  C:\Windows\System\gUsoBoZ.exe
  2⤵
  PID:13596
- C:\Windows\System\iFomWPI.exe
  C:\Windows\System\iFomWPI.exe
  2⤵
  PID:13624
- C:\Windows\System\mBVrauj.exe
  C:\Windows\System\mBVrauj.exe
  2⤵
  PID:13652
- C:\Windows\System\kssosye.exe
  C:\Windows\System\kssosye.exe
  2⤵
  PID:13680
- C:\Windows\System\xeqwPPi.exe
  C:\Windows\System\xeqwPPi.exe
  2⤵
  PID:13708
- C:\Windows\System\NwMLmmd.exe
  C:\Windows\System\NwMLmmd.exe
  2⤵
  PID:13736
- C:\Windows\System\VSsXKdX.exe
  C:\Windows\System\VSsXKdX.exe
  2⤵
  PID:13768
- C:\Windows\System\AxRwaAQ.exe
  C:\Windows\System\AxRwaAQ.exe
  2⤵
  PID:13796
- C:\Windows\System\YXtkvjm.exe
  C:\Windows\System\YXtkvjm.exe
  2⤵
  PID:13824
- C:\Windows\System\jKHeLtQ.exe
  C:\Windows\System\jKHeLtQ.exe
  2⤵
  PID:13852
- C:\Windows\System\KrJlWsU.exe
  C:\Windows\System\KrJlWsU.exe
  2⤵
  PID:13880
- C:\Windows\System\tJfNoSI.exe
  C:\Windows\System\tJfNoSI.exe
  2⤵
  PID:13908
- C:\Windows\System\OQyRgEK.exe
  C:\Windows\System\OQyRgEK.exe
  2⤵
  PID:13936
- C:\Windows\System\jLmQFwC.exe
  C:\Windows\System\jLmQFwC.exe
  2⤵
  PID:13964
- C:\Windows\System\EwxSYEX.exe
  C:\Windows\System\EwxSYEX.exe
  2⤵
  PID:14004
- C:\Windows\System\uZEhmom.exe
  C:\Windows\System\uZEhmom.exe
  2⤵
  PID:14020
- C:\Windows\System\wqMzQzz.exe
  C:\Windows\System\wqMzQzz.exe
  2⤵
  PID:14048
- C:\Windows\System\Ksgiwvw.exe
  C:\Windows\System\Ksgiwvw.exe
  2⤵
  PID:14076
- C:\Windows\System\QsCtxDN.exe
  C:\Windows\System\QsCtxDN.exe
  2⤵
  PID:14104
- C:\Windows\System\GgHmkQS.exe
  C:\Windows\System\GgHmkQS.exe
  2⤵
  PID:14132
- C:\Windows\System\DbzXQTC.exe
  C:\Windows\System\DbzXQTC.exe
  2⤵
  PID:14160
- C:\Windows\System\OAycdfH.exe
  C:\Windows\System\OAycdfH.exe
  2⤵
  PID:14188
- C:\Windows\System\sIUacxe.exe
  C:\Windows\System\sIUacxe.exe
  2⤵
  PID:14216
- C:\Windows\System\vhTweUR.exe
  C:\Windows\System\vhTweUR.exe
  2⤵
  PID:14244
- C:\Windows\System\KaaSwar.exe
  C:\Windows\System\KaaSwar.exe
  2⤵
  PID:14272
- C:\Windows\System\ZTWkTcE.exe
  C:\Windows\System\ZTWkTcE.exe
  2⤵
  PID:14300
- C:\Windows\System\mxGZsam.exe
  C:\Windows\System\mxGZsam.exe
  2⤵
  PID:14328
- C:\Windows\System\RmsSybc.exe
  C:\Windows\System\RmsSybc.exe
  2⤵
  PID:5008
- C:\Windows\System\pNPeQIk.exe
  C:\Windows\System\pNPeQIk.exe
  2⤵
  PID:13380
- C:\Windows\System\Skmhlmg.exe
  C:\Windows\System\Skmhlmg.exe
  2⤵
  PID:13432
- C:\Windows\System\bpVCKEp.exe
  C:\Windows\System\bpVCKEp.exe
  2⤵
  PID:13484
- C:\Windows\System\IbwrFpU.exe
  C:\Windows\System\IbwrFpU.exe
  2⤵
  PID:1480
- C:\Windows\System\qbynRMT.exe
  C:\Windows\System\qbynRMT.exe
  2⤵
  PID:13512
- C:\Windows\System\wfOLPel.exe
  C:\Windows\System\wfOLPel.exe
  2⤵
  PID:1792
- C:\Windows\System\izwusWY.exe
  C:\Windows\System\izwusWY.exe
  2⤵
  PID:628
- C:\Windows\System\BysAZZC.exe
  C:\Windows\System\BysAZZC.exe
  2⤵
  PID:1560
- C:\Windows\System\JoPAHFI.exe
  C:\Windows\System\JoPAHFI.exe
  2⤵
  PID:13528
- C:\Windows\System\hntEplp.exe
  C:\Windows\System\hntEplp.exe
  2⤵
  PID:3028
- C:\Windows\System\KrRNVoA.exe
  C:\Windows\System\KrRNVoA.exe
  2⤵
  PID:3176
- C:\Windows\System\bDQziQf.exe
  C:\Windows\System\bDQziQf.exe
  2⤵
  PID:13620
- C:\Windows\System\xyKfysW.exe
  C:\Windows\System\xyKfysW.exe
  2⤵
  PID:13672
- C:\Windows\System\nYLylPk.exe
  C:\Windows\System\nYLylPk.exe
  2⤵
  PID:13720
- C:\Windows\System\YUnmPPm.exe
  C:\Windows\System\YUnmPPm.exe
  2⤵
  PID:13788
- C:\Windows\System\LgDawdD.exe
  C:\Windows\System\LgDawdD.exe
  2⤵
  PID:13864
- C:\Windows\System\snMQJCQ.exe
  C:\Windows\System\snMQJCQ.exe
  2⤵
  PID:3004
- C:\Windows\System\yCzzMAM.exe
  C:\Windows\System\yCzzMAM.exe
  2⤵
  PID:13928
- C:\Windows\System\lpzUOZQ.exe
  C:\Windows\System\lpzUOZQ.exe
  2⤵
  PID:13976
- C:\Windows\System\YftQUDj.exe
  C:\Windows\System\YftQUDj.exe
  2⤵
  PID:13988
- C:\Windows\System\TmQtrBL.exe
  C:\Windows\System\TmQtrBL.exe
  2⤵
  PID:14032
- C:\Windows\System\kxAqcuc.exe
  C:\Windows\System\kxAqcuc.exe
  2⤵
  PID:14072
- C:\Windows\System\TusCZIO.exe
  C:\Windows\System\TusCZIO.exe
  2⤵
  PID:14124
- C:\Windows\System\iwzRsFS.exe
  C:\Windows\System\iwzRsFS.exe
  2⤵
  PID:14156
- C:\Windows\System\txUHwuE.exe
  C:\Windows\System\txUHwuE.exe
  2⤵
  PID:14184
- C:\Windows\System\eHoiOXU.exe
  C:\Windows\System\eHoiOXU.exe
  2⤵
  PID:4652
- C:\Windows\System\JEYzJEa.exe
  C:\Windows\System\JEYzJEa.exe
  2⤵
  PID:14264
- C:\Windows\System\NaTrThx.exe
  C:\Windows\System\NaTrThx.exe
  2⤵
  PID:2420
- C:\Windows\System\RWHsMZP.exe
  C:\Windows\System\RWHsMZP.exe
  2⤵
  PID:3976
- C:\Windows\System\yiZmZwf.exe
  C:\Windows\System\yiZmZwf.exe
  2⤵
  PID:4992
- C:\Windows\System\DBrbmVB.exe
  C:\Windows\System\DBrbmVB.exe
  2⤵
  PID:4968
- C:\Windows\System\XzgZMmr.exe
  C:\Windows\System\XzgZMmr.exe
  2⤵
  PID:6100
- C:\Windows\System\cBUCJwJ.exe
  C:\Windows\System\cBUCJwJ.exe
  2⤵
  PID:13476
- C:\Windows\System\UHSupwt.exe
  C:\Windows\System\UHSupwt.exe
  2⤵
  PID:1664
- C:\Windows\System\zZsMRyY.exe
  C:\Windows\System\zZsMRyY.exe
  2⤵
  PID:4860
- C:\Windows\System\uEkdxId.exe
  C:\Windows\System\uEkdxId.exe
  2⤵
  PID:5616
- C:\Windows\System\KzuPxjE.exe
  C:\Windows\System\KzuPxjE.exe
  2⤵
  PID:4224
- C:\Windows\System\njararZ.exe
  C:\Windows\System\njararZ.exe
  2⤵
  PID:684
- C:\Windows\System\dzafaCF.exe
  C:\Windows\System\dzafaCF.exe
  2⤵
  PID:5380
- C:\Windows\System\XybRSbO.exe
  C:\Windows\System\XybRSbO.exe
  2⤵
  PID:13700
- C:\Windows\System\rtXDtMc.exe
  C:\Windows\System\rtXDtMc.exe
  2⤵
  PID:13816
- C:\Windows\System\ayVlFfV.exe
  C:\Windows\System\ayVlFfV.exe
  2⤵
  PID:1484
- C:\Windows\System\kgVfKoU.exe
  C:\Windows\System\kgVfKoU.exe
  2⤵
  PID:13920
- C:\Windows\System\geUdrhY.exe
  C:\Windows\System\geUdrhY.exe
  2⤵
  PID:14000
- C:\Windows\System\eMduabQ.exe
  C:\Windows\System\eMduabQ.exe
  2⤵
  PID:4324
- C:\Windows\System\qOvjPEk.exe
  C:\Windows\System\qOvjPEk.exe
  2⤵
  PID:1356
- C:\Windows\System\BYtrQQF.exe
  C:\Windows\System\BYtrQQF.exe
  2⤵
  PID:5528
- C:\Windows\System\enmNveZ.exe
  C:\Windows\System\enmNveZ.exe
  2⤵
  PID:4568
- C:\Windows\System\nEIgUsZ.exe
  C:\Windows\System\nEIgUsZ.exe
  2⤵
  PID:5932
- C:\Windows\System\oWPzrQh.exe
  C:\Windows\System\oWPzrQh.exe
  2⤵
  PID:1228
- C:\Windows\System\kmgJkBe.exe
  C:\Windows\System\kmgJkBe.exe
  2⤵
  PID:4816
- C:\Windows\System\CWMgOSW.exe
  C:\Windows\System\CWMgOSW.exe
  2⤵
  PID:3396
- C:\Windows\System\CAzedQE.exe
  C:\Windows\System\CAzedQE.exe
  2⤵
  PID:4896
- C:\Windows\System\xKtPgRB.exe
  C:\Windows\System\xKtPgRB.exe
  2⤵
  PID:2148
- C:\Windows\System\rUDfJEl.exe
  C:\Windows\System\rUDfJEl.exe
  2⤵
  PID:3688
- C:\Windows\System\CcwkljJ.exe
  C:\Windows\System\CcwkljJ.exe
  2⤵
  PID:13560
- C:\Windows\System\WEWJXNT.exe
  C:\Windows\System\WEWJXNT.exe
  2⤵
  PID:13580
- C:\Windows\System\tsTTWIP.exe
  C:\Windows\System\tsTTWIP.exe
  2⤵
  PID:2932
- C:\Windows\System\OZBOLvr.exe
  C:\Windows\System\OZBOLvr.exe
  2⤵
  PID:536
- C:\Windows\System\mbTOPgm.exe
  C:\Windows\System\mbTOPgm.exe
  2⤵
  PID:5864
- C:\Windows\System\fDfLPzm.exe
  C:\Windows\System\fDfLPzm.exe
  2⤵
  PID:14116
- C:\Windows\System\nnzCoGx.exe
  C:\Windows\System\nnzCoGx.exe
  2⤵
  PID:4424
- C:\Windows\System\OZGnvXq.exe
  C:\Windows\System\OZGnvXq.exe
  2⤵
  PID:6080
- C:\Windows\System\jKECWqH.exe
  C:\Windows\System\jKECWqH.exe
  2⤵
  PID:13416
- C:\Windows\System\KehCQzv.exe
  C:\Windows\System\KehCQzv.exe
  2⤵
  PID:3080
- C:\Windows\System\HyXDyjY.exe
  C:\Windows\System\HyXDyjY.exe
  2⤵
  PID:2608
- C:\Windows\System\wMUbCcV.exe
  C:\Windows\System\wMUbCcV.exe
  2⤵
  PID:4308
- C:\Windows\System\qcnWYtV.exe
  C:\Windows\System\qcnWYtV.exe
  2⤵
  PID:5088
- C:\Windows\System\SjYQcxQ.exe
  C:\Windows\System\SjYQcxQ.exe
  2⤵
  PID:5692
- C:\Windows\System\wWVezVo.exe
  C:\Windows\System\wWVezVo.exe
  2⤵
  PID:1420
- C:\Windows\System\GMfpqWK.exe
  C:\Windows\System\GMfpqWK.exe
  2⤵
  PID:1272
- C:\Windows\System\YoZZhxO.exe
  C:\Windows\System\YoZZhxO.exe
  2⤵
  PID:13664
- C:\Windows\System\WdWSxhY.exe
  C:\Windows\System\WdWSxhY.exe
  2⤵
  PID:764
- C:\Windows\System\gWPbDoL.exe
  C:\Windows\System\gWPbDoL.exe
  2⤵
  PID:4092
- C:\Windows\System\grMwlGT.exe
  C:\Windows\System\grMwlGT.exe
  2⤵
  PID:4416
- C:\Windows\System\wICQpyf.exe
  C:\Windows\System\wICQpyf.exe
  2⤵
  PID:5260
- C:\Windows\System\reppaoo.exe
  C:\Windows\System\reppaoo.exe
  2⤵
  PID:5112
- C:\Windows\System\kvHbMjU.exe
  C:\Windows\System\kvHbMjU.exe
  2⤵
  PID:636
- C:\Windows\System\KynqxJa.exe
  C:\Windows\System\KynqxJa.exe
  2⤵
  PID:14348
- C:\Windows\System\GybQqPu.exe
  C:\Windows\System\GybQqPu.exe
  2⤵
  PID:14376
- C:\Windows\System\mTJHQOr.exe
  C:\Windows\System\mTJHQOr.exe
  2⤵
  PID:14408
- C:\Windows\System\tQaJrkz.exe
  C:\Windows\System\tQaJrkz.exe
  2⤵
  PID:14460
- C:\Windows\System\GMpbMzf.exe
  C:\Windows\System\GMpbMzf.exe
  2⤵
  PID:14492
- C:\Windows\System\vWfNUAW.exe
  C:\Windows\System\vWfNUAW.exe
  2⤵
  PID:14520
- C:\Windows\System\zVjSPYa.exe
  C:\Windows\System\zVjSPYa.exe
  2⤵
  PID:14548
- C:\Windows\System\KAbeYPk.exe
  C:\Windows\System\KAbeYPk.exe
  2⤵
  PID:14568
- C:\Windows\System\WqfIWFp.exe
  C:\Windows\System\WqfIWFp.exe
  2⤵
  PID:14608
- C:\Windows\System\DbjnewR.exe
  C:\Windows\System\DbjnewR.exe
  2⤵
  PID:14632
- C:\Windows\System\WoNQHXH.exe
  C:\Windows\System\WoNQHXH.exe
  2⤵
  PID:14656
- C:\Windows\System\brenSCm.exe
  C:\Windows\System\brenSCm.exe
  2⤵
  PID:14688
- C:\Windows\System\njzDdtK.exe
  C:\Windows\System\njzDdtK.exe
  2⤵
  PID:14716
- C:\Windows\System\asKRbeH.exe
  C:\Windows\System\asKRbeH.exe
  2⤵
  PID:14756
- C:\Windows\System\mlrowFe.exe
  C:\Windows\System\mlrowFe.exe
  2⤵
  PID:14784
- C:\Windows\System\qLikgvl.exe
  C:\Windows\System\qLikgvl.exe
  2⤵
  PID:14824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CXiPXcf.exe

Filesize
6.1MB

MD5
bb28e91371d8bc2e857fef3afd76029c

SHA1
68bc0a07cdccba8f6fe9ed1b2b0b9c969399a727

SHA256
40645bf55936a2959fc5ea88b6d075c5a395fdab6c184586da5e8aec299ee485

SHA512
ffbe953168836216169fc4497ea4eda9bb335de94b2af86bb9da997ee7a769e77ad5e837b29550e9cdd2a54118e46cbc193293b944e6dc5b2e620f9e76ab3e33

Download Submit
C:\Windows\System\CXuAKrU.exe

Filesize
6.0MB

MD5
929a27ac9d4adac0be8db88240303a02

SHA1
282ea469a15fa2b87184122656503202c7c497a1

SHA256
7377d6e02ecacef9ded79786e82c11e86907e5b117a380f14aaed1f901ea6da7

SHA512
c94f32fc2df2ea2a946bfa9fbbc5582651540ca702e632f95544109bcd3cc206e3c04787365800a3c0b543ff6bf95704e6ef76a48663fc51503f08d9cd1b4bb0

Download Submit
C:\Windows\System\DnmVQCO.exe

Filesize
6.1MB

MD5
20fd4ab0183c64a1743aa9439c505ee9

SHA1
e619e4346cbf0b4115a91c2cee6bc1ef863b121f

SHA256
9991f0b656708a2d17fc70592e7c855f6d5da2c761d026c7ba067960526c7c57

SHA512
49316f710eb594e62f7a6e9e98d6fa630fea94fa24bfec2f569036b8dd4bb42e0eee7404188895ed9681c60fc6d891852fe8e5b0de99be58eb87e72338c332cb

Download Submit
C:\Windows\System\EWhLNqq.exe

Filesize
6.1MB

MD5
f126c77b8effa5f674c8b096ba2ce7d2

SHA1
1c74973e02204bf43f3c5ddc90b3ecefef110dba

SHA256
5d95813be4910aa72178412827d60843ab7a98db697a1befe02387b299262f5c

SHA512
96d18d79387f88136c0d7f101fad1d77b49fa31a369603ca73824b0ad9255d530c3e96a3b38257e873766ce227d1dd1b40aa2bd46ce064ece08dfe84152777c6

Download Submit
C:\Windows\System\FSgElwu.exe

Filesize
6.1MB

MD5
c10fe01470e91aeb37658ae15db7f7ab

SHA1
39a7e25fd5d0e57377bdb2bde5cf87e0ec38d572

SHA256
2b19f0f11ffc715f87cfa565dbab31c3a41b0acfca68d591bd6638a613ee289d

SHA512
ddb6c3c14d25272afda236a05a2071e24d47b0eb37611d8cb402ffd6fefb4253918cae823b24d40cea20dfc93aedb59bf307e072f8bf1c3fdbfb7e76b7f82a27

Download Submit
C:\Windows\System\HdRswWI.exe

Filesize
6.1MB

MD5
561dfbbf05460239f5d56214abdbccbb

SHA1
f12815cfdcfdfe1d5ab0542aa370221f3af817df

SHA256
f1540e5604d9a935e4c0aa10ae5aa01c484b5466991d717428e9ae4068283b04

SHA512
bad68d904cd5ea6c5806c30187d87b3395fbd72aa8240e56c9a2be50bc3744a1493a7ca1cad35a3e34c05f1a203a762efe77c6c832c4188354d673355d94dd32

Download Submit
C:\Windows\System\JDjMowN.exe

Filesize
6.1MB

MD5
ec9002785ef19e427a15b247b1396661

SHA1
fc6c8385ec644ef5abe81ca293474e3f69609d57

SHA256
7020ed15697adc1be055e5445075a5f71eb9df06b0d51864fa26a8ce08d1e56f

SHA512
0597b1dfa2b49d1665fb4538d6d24c04eab32e12b99af16485cb5646e7f7ec33fdabb16246f2aaa96236de458de5edc05a3fb8b6df98f6447f55f4a6c9317f99

Download Submit
C:\Windows\System\JnMqVHZ.exe

Filesize
6.1MB

MD5
0646e33a8f3a2b41034440f04fd54500

SHA1
366cb6b6d3fc361a47574cdedfb8d759ddf52fa5

SHA256
ba02fcbc4852dbd435760a8bc313054bce4e1f301b7e0fe14f737248c4b2a26f

SHA512
0f0cd318425a709bad66d8566f6cfbb76d0dbd76f7d77ee02a1f2d35b13451c5da38fa47314c2e2be70b1dfffefb502350e3b3162f50904e9cb3fb6c90251258

Download Submit
C:\Windows\System\LjMTLRM.exe

Filesize
6.1MB

MD5
55e6b6b39264f38509ba8efdb551857d

SHA1
fe3b41c66948ee1e3bfb37e5b1dbaee0f1a67e71

SHA256
0dbbb74e9dfcb7479d2c3d8828dffbdc508f1a9ce77c1d323272949f94eae93d

SHA512
f6a30560e32219c40cf3df51d23eed4f6acbe326684333f9c69a5658de1cea0bd663bace25f333875b2867de68772618bf2b05817562c2033efa66f7f75af1d8

Download Submit
C:\Windows\System\NeGLyyy.exe

Filesize
6.1MB

MD5
8d9f36c8ae1caa9aefa17893f1b3da93

SHA1
ef937202824522f9afd73647b206a6418ea39e76

SHA256
8e3393661c03f6d34a1c1ba3c0dbd90ebc1ae97070aef0b26bc5bc124d388ce8

SHA512
94731b9f7bd543d69e8fd0b5870a0f88d50a881fb9cb36a377882573c89e4e48f9fbe15dfd367983dbb15289756d0e6ff9194aecca9f746f1797149735688134

Download Submit
C:\Windows\System\OnpTaDY.exe

Filesize
6.1MB

MD5
0cda1a41f9028b7099d7db94d3682c2e

SHA1
3370da90ced425493bf7aee881f9540feee5de4a

SHA256
eaa840bd32c615befb39c98fe626ff24c2bce2b9d5073eac14841840adfc71c5

SHA512
75fc7f8d793aed516eb46df72d0a83979b4a13808511e89f1d5b94e82b9f34a53b6a9405b2ce71bcbe3a004d7ee51168dedd45f8686d8b15e0269234b6dc7b1a

Download Submit
C:\Windows\System\PlcHovR.exe

Filesize
6.1MB

MD5
57997b2b036a269cb6ef0c9d2ff791c8

SHA1
49b65c438e6a4f23ad2696ffe2b3a6eb46b937e3

SHA256
bc00bb6728d7090b1dba121f4c30fe5f93720cef22acfc93411ce101f15a7c5c

SHA512
a0c59d752dc60521ba92916b5760ae7ba2c96a9ba6c6cf3bd01707353f43a0bca94966ff19e37be55a1347640b59174dc82ecc69443199ca47dcaa5f8590da5c

Download Submit
C:\Windows\System\SBcmpJy.exe

Filesize
6.1MB

MD5
79fecd0db6fdadbf1376233a6aafa78f

SHA1
381b8963d95b9fb7094f11d8bb8bdc2a8fd63ffc

SHA256
678d9cfad0c686626e3aa0cc13c9097f1aab5eac7004613dac7ff1d5faac7738

SHA512
8103d5c3d4e9d32b999786edcb6d6e72b5d77c72e9591c50d8bebe5f1dedd8d39a7001f721988461f64358d8045fbbb076af2e40d32c2961c96192039ceecf1e

Download Submit
C:\Windows\System\UtJavRk.exe

Filesize
6.1MB

MD5
6a5714f72f61e454ba39f1bd3451d614

SHA1
207d32b6bb9040dd1a3815a2775bcd254b06e2e4

SHA256
28512f1423306465b276ab779602bef046767c1f85b5de5dbd6391b45b70c9c2

SHA512
63abc468806e2201d1a44a8729a676cfc29d31fe4142dce75b58ec0a19a93bf025b1692ceeb4b9fece318bb1d20c5241e09efbf876dd5bae71134a62576f390b

Download Submit
C:\Windows\System\VyYozMz.exe

Filesize
6.1MB

MD5
f19a7382bcb67333f6d1961a39660ae7

SHA1
b416a94c05fd49cff35a8bfef4f23ec69335aec0

SHA256
dbd34c8c27cf64a3957fa64289d39bb82c180ce666349b8fa10bfc8fcdf2cfa7

SHA512
8b1533f2f234aa71d519ec2b7a0975c30cf8961b7e6709bd0e900d2946f4fdd131ee51f8ab0591a9234321fe7b782169bbc71ece32db6bbe5d208f8a5f3c4627

Download Submit
C:\Windows\System\XzgNqlE.exe

Filesize
6.1MB

MD5
e78f133a7e892c825455e3779e6a4cdf

SHA1
c5764af01d70d75b8c35978255893d038cd42054

SHA256
a36c6c867ff1dd1dcd507515a850b67d33acb7a27eee013efea8237e4f46b0c0

SHA512
f70f3da314aa2fbb8cf3a6b2f3700127df8a32db12e168c6116fdb8f99ece0c9d9d9ef6046278946c9531cdb46a35de35a80018217b07c5176572f83086c5c83

Download Submit
C:\Windows\System\ZgiDlwy.exe

Filesize
6.1MB

MD5
ab893827a4288bafd4bfbb9868775060

SHA1
f5361a772d881c78ea270c09e2eefd7d13108089

SHA256
515fd36f915aa6a298cd23b5136666043c51e80551805846f1b179b8f3ac1e16

SHA512
f6164845ba70ac3f133186c1bcac3aefa085353a74281379d2c8d37bf88427cce6177261815b2c4c8edf3bb708e7828d5ce24f041a6f58311f599097f03a1a79

Download Submit
C:\Windows\System\avKiWzB.exe

Filesize
6.1MB

MD5
14b4cccf79cede13e265348c4f47e90c

SHA1
f30585cac67cbdce2e9e3015c302ea71534f9905

SHA256
058ee36c4d420f706f8e94549690d634fb85b12a13d29a09ef6d30001e20ea2e

SHA512
81a18afc6213b4352b0fdd60f79984ceed552487c49fdfc170f42b17da12465475e13fec7f403acfa42ff136c4ae8f9674dea37c64c6dc67a7300903f3d81dcb

Download Submit
C:\Windows\System\cIkzStP.exe

Filesize
6.1MB

MD5
d23b932abd40119a0ef9b2a7caad1690

SHA1
6e197c6ccd5e6b481e6fffdab0f5bfb8e667a481

SHA256
fa2341d64bb05fa5511884748d50ac484c89ea7f6b200fabb82dc98730e668fd

SHA512
ee5ce1a9a2155e166e333f0234e069523bda30b2d890fff8c60fb0b1415ff6930adc75c7c754da7b1afcdef917fb5485dbd58e9c06f2c8716f91e55d545ec041

Download Submit
C:\Windows\System\dvhFpim.exe

Filesize
6.1MB

MD5
7f4c1317b9a85b9407cd4ab07cbea533

SHA1
a59e758730592f3a974e95db215f800f7b4071b2

SHA256
7d224d0b2c27ab004ae8e7fed928d1c0d81c4e78992858dfc1f7f014f544e22e

SHA512
cde28c2519fda7a56ed105b1f832082e275ad6c14b137e7d15379daea4b7321287c5e486577db8f2a4e118f5a3a71711002d9393cb867846418333fa1b874c27

Download Submit
C:\Windows\System\eKdCcDC.exe

Filesize
6.1MB

MD5
a83b21bc5a88f392670b15024ba677ae

SHA1
d262288adc7663eb9fda7b85cce7d3ce5dba2798

SHA256
698849636034589abdb47aa0102dd63ea0e2fdc475f86bea63908ec5c3eafd9f

SHA512
01cc80d784eda63c4258358dc7aa44065c5c81ae9bb0d523c6e1fabb305e66f7c315df516991b3ad1afe798565af88a4e92c22c3019e36218509b0b2ce895fdb

Download Submit
C:\Windows\System\egIEUeN.exe

Filesize
6.1MB

MD5
3c63b670810ff86f73c937fe6a4ed184

SHA1
6b3109b60babb67ba7cdfcabdc8db3613dc60156

SHA256
2925dae6d3dcaa2e48747e06dc8d1798e5f1eb25c7df3e30190b0ea8f64690c3

SHA512
63fd48902e32b691a78d476e98a25ec1aa474635d7111088f106add60218d3e6cc14f3bb28ef53e1ce84bbf1726cd2f9cdbcb5d926a6b3129fd2969d81ab4371

Download Submit
C:\Windows\System\hgXmisu.exe

Filesize
6.1MB

MD5
318c2a8b38bc914924ebfc485242e6b0

SHA1
e821b86076f6e420260f437195a39478e13f42c6

SHA256
42cffdb33383fb85699cc80226a59a3aaaa86d0c202332f92f886ef092a7b145

SHA512
04ab3ee08a3e8c479f625de2f5c09ae674ece32d01f9b43b3196263747ceaeaf76da7f98b360c482079b47ba9492c4b5021edc092ef946a2da813ce87c240ed2

Download Submit
C:\Windows\System\jFlTDOw.exe

Filesize
6.1MB

MD5
f86dd2944b6558584dff3dad4dc0f39b

SHA1
9b7ca7b97202594e94d7a94dc643bac5a66e7c82

SHA256
5ae0d00a132ba2a781ffb3b1ab8f324c01eb66272dbd5db2c1e11ef01644d33a

SHA512
d91c2eb93a3022d8ef2f9f0dd1eb84c78138fbdcf0ba7bb9ebf11ca9d215b2f28100882aaf14b1537afb95b4a4b78e94d0a61bd33554a57087750631b1cb7d06

Download Submit
C:\Windows\System\kpzURXJ.exe

Filesize
6.1MB

MD5
37cf4b393d7ebfb9eb5a5ef2186c6b59

SHA1
750811cc32147d9b45c238b61889989aea22d9a0

SHA256
1417ecd9063a8b43feb82b556e29ece84c60d9f9cc81ec9ab6a0335775cbdcd4

SHA512
c2998418786b3b8f861f733023e0641d243558ae69fb5b8b810a857d6004fb4e43472840d8c5343d2942fa600405bcf7cb6772c4bc72055cbabdedb908421c14

Download Submit
C:\Windows\System\lTntMcN.exe

Filesize
6.1MB

MD5
7d1a2339378e0a2dfdd2b7e6471f9b03

SHA1
26d9606840938fb3336c0a12c08f5793d6a6f2f5

SHA256
249edc75d587e309a4316fdfa1390b4ba4385e270d156e909523e5228528747f

SHA512
eb5cf074a5331ee22bc0a635b686ad4b13aded4352a94ad4e2cedb117cc96e250bf41d06401ec8efba0bbefc9952eac80365f21549bc050e15a1998b40d6ee9f

Download Submit
C:\Windows\System\pXIHEkE.exe

Filesize
6.0MB

MD5
9516844866d98fe9239eaa726ee04d8a

SHA1
4762bd8b2db2ce5016db4e795cfdea4d2cdf1d4d

SHA256
398363dae0b448f81aa6c58ed64eff9ba9ce82c8bfe934e64357c685a7c2b748

SHA512
4dafc68b321ce6eb7b96b72a0c3d5d55fc033dcd5a4697ac7cc47f0a038cdc5f2f8948f5e6203d4917dd9daba2c42b66eaa7b166625cd30beef6b8df225425e3

Download Submit
C:\Windows\System\pyAtxHg.exe

Filesize
6.1MB

MD5
0f87b4e643f5a341785ab7ccaee6c187

SHA1
bd68f0c9efbb6a9c7c43e9be4be966fc963194df

SHA256
f92490cffb4bf67d894117caa6e2f33cd55dfdeec326a866e6e836063ff7027e

SHA512
267c9493ddfa29014bb66c0b9106b111405e461663c0d33024efd835a034768c76eef2de0b1c7cf90baf825b7808d706e54aeac0433c282c096c7e383e69c984

Download Submit
C:\Windows\System\tPokfPO.exe

Filesize
6.1MB

MD5
92993ce96e61c57796464e4363a83cf3

SHA1
6995f5ea9b165ad997519ecb1e53d3ec1344e570

SHA256
11ba7a1a7503038a0aad969cabfe24e67026121b3dabb4063ee36211816a0e7c

SHA512
b89bf91f3bc5583a7302c715e72b93f13f004f63d8466f1eae6623a3a5f2877889ec463b92a74f6934df82bc506bb487133cf469ea48a7beb3abb519f72c9f98

Download Submit
C:\Windows\System\tSJlQJp.exe

Filesize
6.1MB

MD5
8119ab7fb3eb3a0a1ad01c7affcc9633

SHA1
2d8901c60ab130827841db9f2cf7a5b2a7ab3775

SHA256
5162d1c1a80c15e7b452d828e4b4cb8607cf9312445a78baa748739fa8f4760e

SHA512
6cd0eecc4afa71b08e96e92418e46f0d22bf110fc8233524940f1d7c2de253605230243f5013f60a6124ebd1522b3b12e59a35007d5153305d68e989b35cbbda

Download Submit
C:\Windows\System\vOonRZh.exe

Filesize
6.1MB

MD5
c3e26d94fe7bf4d7f2f5f80ccc17da2f

SHA1
32958127087f41c4c7a35a7a95f84da24121fcb7

SHA256
9098d4028f9de6983ff2d6adb5e13795f89fac959867d72aec157523236705d4

SHA512
68c3a7a77912827d97da04a9a27e9ec3696c0e88a4336f7720c679728d8db5e0930a3186297c7bffdc96a79714ec0d7d86035a6c8d046473290bc093b37670bb

Download Submit
C:\Windows\System\vtmWDCI.exe

Filesize
6.1MB

MD5
3d8345435d6046270e6ea234edb89fd7

SHA1
214ed6545da78dcb9226588e0bf1c35eaffd60c5

SHA256
2d4cfdacccdcdd50dacb71149c533d3ec6a1bd012d17bff330e9c45876585936

SHA512
c6685f42f71eed0d4ae5e0a4abf7b622432b82f8aab9c5747faeb696674eaf9a7a4190fca8899ef01b96072b7d064cec5361a253b2e415dd2e846df5a303f9fb

Download Submit
C:\Windows\System\wLwjads.exe

Filesize
6.1MB

MD5
44ac3569d39878709d41ff0070935c7e

SHA1
7344e0d76fe1d4219f21e65e4201dd51da8b8be7

SHA256
ecaef9f953f110920f3d814e5fada51d0d757b8e517ef26b50a67ef72bde0b10

SHA512
8d81d5bed05f4de2e43f5a564dd89f19a3d43439339a080fc40e29e01ae8a27f1d14b93b2a10ef12c620bc79017933ecb84a740f12a701415377b58bae92570d

Download Submit
memory/404-120-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/404-0-0x00007FF62C7A0000-0x00007FF62CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/404-1-0x0000019DEF9F0000-0x0000019DEFA00000-memory.dmp

Filesize
64KB

Download
memory/1384-636-0x00007FF7DA140000-0x00007FF7DA494000-memory.dmp

Filesize
3.3MB

Download
memory/1384-173-0x00007FF7DA140000-0x00007FF7DA494000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2283-0x00007FF7DA140000-0x00007FF7DA494000-memory.dmp

Filesize
3.3MB

Download
memory/1740-76-0x00007FF7FC6F0000-0x00007FF7FCA44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1313-0x00007FF7FC6F0000-0x00007FF7FCA44000-memory.dmp

Filesize
3.3MB

Download
memory/1844-127-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp

Filesize
3.3MB

Download
memory/1844-6-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp

Filesize
3.3MB

Download
memory/1844-1300-0x00007FF7E10C0000-0x00007FF7E1414000-memory.dmp

Filesize
3.3MB

Download
memory/1856-1938-0x00007FF799C00000-0x00007FF799F54000-memory.dmp

Filesize
3.3MB

Download
memory/1856-202-0x00007FF799C00000-0x00007FF799F54000-memory.dmp

Filesize
3.3MB

Download
memory/1856-122-0x00007FF799C00000-0x00007FF799F54000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1334-0x00007FF6B27E0000-0x00007FF6B2B34000-memory.dmp

Filesize
3.3MB

Download
memory/1908-79-0x00007FF6B27E0000-0x00007FF6B2B34000-memory.dmp

Filesize
3.3MB

Download
memory/1920-88-0x00007FF6DF790000-0x00007FF6DFAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1347-0x00007FF6DF790000-0x00007FF6DFAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-145-0x00007FF6F4AC0000-0x00007FF6F4E14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-432-0x00007FF6F4AC0000-0x00007FF6F4E14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1941-0x00007FF6F4AC0000-0x00007FF6F4E14000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1303-0x00007FF779D10000-0x00007FF77A064000-memory.dmp

Filesize
3.3MB

Download
memory/2264-19-0x00007FF779D10000-0x00007FF77A064000-memory.dmp

Filesize
3.3MB

Download
memory/2264-129-0x00007FF779D10000-0x00007FF77A064000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1323-0x00007FF7F3D30000-0x00007FF7F4084000-memory.dmp

Filesize
3.3MB

Download
memory/2284-77-0x00007FF7F3D30000-0x00007FF7F4084000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1326-0x00007FF69FA40000-0x00007FF69FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2348-78-0x00007FF69FA40000-0x00007FF69FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1942-0x00007FF6C7940000-0x00007FF6C7C94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-372-0x00007FF6C7940000-0x00007FF6C7C94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-144-0x00007FF6C7940000-0x00007FF6C7C94000-memory.dmp

Filesize
3.3MB

Download
memory/3132-1341-0x00007FF7694E0000-0x00007FF769834000-memory.dmp

Filesize
3.3MB

Download
memory/3132-86-0x00007FF7694E0000-0x00007FF769834000-memory.dmp

Filesize
3.3MB

Download
memory/3712-81-0x00007FF75EE60000-0x00007FF75F1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-1336-0x00007FF75EE60000-0x00007FF75F1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-115-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp

Filesize
3.3MB

Download
memory/3784-1930-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp

Filesize
3.3MB

Download
memory/3784-180-0x00007FF72F4E0000-0x00007FF72F834000-memory.dmp

Filesize
3.3MB

Download
memory/3872-1330-0x00007FF6D9740000-0x00007FF6D9A94000-memory.dmp

Filesize
3.3MB

Download
memory/3872-80-0x00007FF6D9740000-0x00007FF6D9A94000-memory.dmp

Filesize
3.3MB

Download
memory/4500-87-0x00007FF70AB70000-0x00007FF70AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-1344-0x00007FF70AB70000-0x00007FF70AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-89-0x00007FF7D4270000-0x00007FF7D45C4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-1355-0x00007FF7D4270000-0x00007FF7D45C4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-103-0x00007FF6D2640000-0x00007FF6D2994000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1917-0x00007FF6D2640000-0x00007FF6D2994000-memory.dmp

Filesize
3.3MB

Download
memory/4956-104-0x00007FF687D80000-0x00007FF6880D4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-1921-0x00007FF687D80000-0x00007FF6880D4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-170-0x00007FF740C10000-0x00007FF740F64000-memory.dmp

Filesize
3.3MB

Download
memory/4996-1925-0x00007FF740C10000-0x00007FF740F64000-memory.dmp

Filesize
3.3MB

Download
memory/4996-110-0x00007FF740C10000-0x00007FF740F64000-memory.dmp

Filesize
3.3MB

Download
memory/5228-179-0x00007FF6981E0000-0x00007FF698534000-memory.dmp

Filesize
3.3MB

Download
memory/5228-2278-0x00007FF6981E0000-0x00007FF698534000-memory.dmp

Filesize
3.3MB

Download
memory/5436-1943-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/5436-132-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/5436-264-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/5496-40-0x00007FF66A330000-0x00007FF66A684000-memory.dmp

Filesize
3.3MB

Download
memory/5496-1306-0x00007FF66A330000-0x00007FF66A684000-memory.dmp

Filesize
3.3MB

Download
memory/5500-187-0x00007FF702170000-0x00007FF7024C4000-memory.dmp

Filesize
3.3MB

Download
memory/5500-2284-0x00007FF702170000-0x00007FF7024C4000-memory.dmp

Filesize
3.3MB

Download
memory/5548-160-0x00007FF61E2B0000-0x00007FF61E604000-memory.dmp

Filesize
3.3MB

Download
memory/5548-478-0x00007FF61E2B0000-0x00007FF61E604000-memory.dmp

Filesize
3.3MB

Download
memory/5548-2269-0x00007FF61E2B0000-0x00007FF61E604000-memory.dmp

Filesize
3.3MB

Download
memory/5676-161-0x00007FF6A21A0000-0x00007FF6A24F4000-memory.dmp

Filesize
3.3MB

Download
memory/5676-578-0x00007FF6A21A0000-0x00007FF6A24F4000-memory.dmp

Filesize
3.3MB

Download
memory/5676-2279-0x00007FF6A21A0000-0x00007FF6A24F4000-memory.dmp

Filesize
3.3MB

Download
memory/5828-265-0x00007FF61A060000-0x00007FF61A3B4000-memory.dmp

Filesize
3.3MB

Download
memory/5828-1944-0x00007FF61A060000-0x00007FF61A3B4000-memory.dmp

Filesize
3.3MB

Download
memory/5828-140-0x00007FF61A060000-0x00007FF61A3B4000-memory.dmp

Filesize
3.3MB

Download
memory/5840-91-0x00007FF7A1760000-0x00007FF7A1AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5840-1359-0x00007FF7A1760000-0x00007FF7A1AB4000-memory.dmp

Filesize
3.3MB

Download
memory/6052-90-0x00007FF7DB150000-0x00007FF7DB4A4000-memory.dmp

Filesize
3.3MB

Download
memory/6052-1312-0x00007FF7DB150000-0x00007FF7DB4A4000-memory.dmp

Filesize
3.3MB

Download