cobaltstrike | f72835f6efb993d2fd639c377c685ae9f92f71bc983555a37ef4090c3b5ddd8c

Analysis

max time kernel
105s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

532a72550d2c4db8e5aee6fc86a02a28
SHA1

8cc168c31996899c9b24c0615b9fd70170ac99b3
SHA256

f72835f6efb993d2fd639c377c685ae9f92f71bc983555a37ef4090c3b5ddd8c
SHA512

a6c5129a7f79e063b8d5a3bed91c4b5555247b0461ca1a5f557c8c7973da9d8015d2d341ef2874dc2cf0a6a9b4426819f2e0239b234cad402c59bc7ce4f2efe8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000242e1-4.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e5-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e6-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e7-23.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000242e2-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e8-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242eb-50.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ec-61.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ed-60.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f2-89.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f7-114.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f9-124.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242fb-152.dat	cobalt_reflective_dll
behavioral1/files/0x000b00000002413a-150.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242fa-149.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f8-119.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f6-109.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f5-104.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f4-99.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f3-94.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f1-84.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242f0-79.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ee-77.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ef-74.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e9-45.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000024138-164.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000024160-173.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242fe-184.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024300-198.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ff-190.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242fd-178.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242fc-167.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5900-0-0x00007FF639290000-0x00007FF6395E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000242e1-4.dat	xmrig
behavioral1/files/0x00070000000242e5-11.dat	xmrig
behavioral1/memory/3556-17-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e6-18.dat	xmrig
behavioral1/memory/5528-20-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp	xmrig
behavioral1/memory/3484-9-0x00007FF6251E0000-0x00007FF625534000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e7-23.dat	xmrig
behavioral1/memory/948-24-0x00007FF691C20000-0x00007FF691F74000-memory.dmp	xmrig
behavioral1/files/0x00080000000242e2-27.dat	xmrig
behavioral1/memory/3792-38-0x00007FF657D40000-0x00007FF658094000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e8-36.dat	xmrig
behavioral1/memory/2984-34-0x00007FF787DC0000-0x00007FF788114000-memory.dmp	xmrig
behavioral1/memory/2892-42-0x00007FF6EDE00000-0x00007FF6EE154000-memory.dmp	xmrig
behavioral1/memory/5900-48-0x00007FF639290000-0x00007FF6395E4000-memory.dmp	xmrig
behavioral1/memory/4548-49-0x00007FF642800000-0x00007FF642B54000-memory.dmp	xmrig
behavioral1/files/0x00070000000242eb-50.dat	xmrig
behavioral1/files/0x00070000000242ec-61.dat	xmrig
behavioral1/files/0x00070000000242ed-60.dat	xmrig
behavioral1/memory/4676-65-0x00007FF67D200000-0x00007FF67D554000-memory.dmp	xmrig
behavioral1/files/0x00070000000242f2-89.dat	xmrig
behavioral1/files/0x00070000000242f7-114.dat	xmrig
behavioral1/files/0x00070000000242f9-124.dat	xmrig
behavioral1/memory/5528-133-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp	xmrig
behavioral1/memory/4884-137-0x00007FF6F55E0000-0x00007FF6F5934000-memory.dmp	xmrig
behavioral1/memory/4868-141-0x00007FF77BFF0000-0x00007FF77C344000-memory.dmp	xmrig
behavioral1/memory/3480-145-0x00007FF6E8380000-0x00007FF6E86D4000-memory.dmp	xmrig
behavioral1/memory/948-155-0x00007FF691C20000-0x00007FF691F74000-memory.dmp	xmrig
behavioral1/memory/4692-157-0x00007FF6AE010000-0x00007FF6AE364000-memory.dmp	xmrig
behavioral1/memory/4444-156-0x00007FF7AD930000-0x00007FF7ADC84000-memory.dmp	xmrig
behavioral1/files/0x00070000000242fb-152.dat	xmrig
behavioral1/files/0x000b00000002413a-150.dat	xmrig
behavioral1/files/0x00070000000242fa-149.dat	xmrig
behavioral1/memory/4892-146-0x00007FF7F6570000-0x00007FF7F68C4000-memory.dmp	xmrig
behavioral1/memory/3096-144-0x00007FF730BA0000-0x00007FF730EF4000-memory.dmp	xmrig
behavioral1/memory/4224-143-0x00007FF711F40000-0x00007FF712294000-memory.dmp	xmrig
behavioral1/memory/3824-142-0x00007FF692300000-0x00007FF692654000-memory.dmp	xmrig
behavioral1/memory/4816-140-0x00007FF678410000-0x00007FF678764000-memory.dmp	xmrig
behavioral1/memory/4736-139-0x00007FF6BFBB0000-0x00007FF6BFF04000-memory.dmp	xmrig
behavioral1/memory/4720-138-0x00007FF6B3BB0000-0x00007FF6B3F04000-memory.dmp	xmrig
behavioral1/memory/1404-136-0x00007FF77A130000-0x00007FF77A484000-memory.dmp	xmrig
behavioral1/memory/4060-135-0x00007FF730EE0000-0x00007FF731234000-memory.dmp	xmrig
behavioral1/memory/4508-134-0x00007FF60D500000-0x00007FF60D854000-memory.dmp	xmrig
behavioral1/files/0x00070000000242f8-119.dat	xmrig
behavioral1/files/0x00070000000242f6-109.dat	xmrig
behavioral1/files/0x00070000000242f5-104.dat	xmrig
behavioral1/files/0x00070000000242f4-99.dat	xmrig
behavioral1/files/0x00070000000242f3-94.dat	xmrig
behavioral1/files/0x00070000000242f1-84.dat	xmrig
behavioral1/files/0x00070000000242f0-79.dat	xmrig
behavioral1/files/0x00070000000242ee-77.dat	xmrig
behavioral1/files/0x00070000000242ef-74.dat	xmrig
behavioral1/memory/4604-59-0x00007FF726DF0000-0x00007FF727144000-memory.dmp	xmrig
behavioral1/memory/3556-57-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	xmrig
behavioral1/memory/3484-55-0x00007FF6251E0000-0x00007FF625534000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e9-45.dat	xmrig
behavioral1/memory/3792-162-0x00007FF657D40000-0x00007FF658094000-memory.dmp	xmrig
behavioral1/files/0x000b000000024138-164.dat	xmrig
behavioral1/files/0x000f000000024160-173.dat	xmrig
behavioral1/files/0x00070000000242fe-184.dat	xmrig
behavioral1/files/0x0007000000024300-198.dat	xmrig
behavioral1/memory/5688-195-0x00007FF6EF140000-0x00007FF6EF494000-memory.dmp	xmrig
behavioral1/files/0x00070000000242ff-190.dat	xmrig
behavioral1/memory/4548-186-0x00007FF642800000-0x00007FF642B54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3484	snYROBr.exe
3556	Ylzzpft.exe
5528	uQUjQOl.exe
948	vnOLhsU.exe
2984	TMGqrYS.exe
3792	yJyNAKe.exe
2892	hKKejpl.exe
4548	iSYEioX.exe
4604	oCHpCTv.exe
4676	HtxOEuR.exe
4508	ygMmBAx.exe
4060	FLaCCSG.exe
4892	lXQdmfk.exe
1404	iNKBVHL.exe
4884	LBXXnfx.exe
4720	AwdaouO.exe
4736	SbomtWA.exe
4816	ofCYzFP.exe
4868	xNZUsty.exe
3824	bRTyZxS.exe
4224	QQZcwuN.exe
3096	zWGeMIm.exe
3480	kVTlKZZ.exe
4444	HsNBWRt.exe
4692	RSfujyY.exe
1140	yIQHpTo.exe
380	LPBMuxK.exe
1628	yXtYlIl.exe
5688	XETtzei.exe
3152	KtDwYme.exe
5068	veoMaAw.exe
5244	XyGIywN.exe
320	XgsZapz.exe
508	FdSRxSb.exe
2100	ALycUjw.exe
5308	SqmnFGU.exe
1228	ALenruF.exe
2536	vZfdUCf.exe
5612	kFBiXNp.exe
5848	wHbAXWR.exe
5376	vPehInv.exe
4984	nFogguB.exe
312	ECVUeBK.exe
5580	lHhfDPO.exe
4924	bPkppTe.exe
2932	wiMIRju.exe
4920	QvxegRu.exe
4652	MxkPQkP.exe
6124	TFlnBtp.exe
5316	ispneIz.exe
444	QQZewnT.exe
3988	urRNKTU.exe
5860	vdEJcHP.exe
5712	PfLbgao.exe
980	QpJTZcw.exe
2248	ezRKDaB.exe
5544	aTwDeTm.exe
5524	DIIkcqS.exe
1216	iFZwvcF.exe
5440	NCumOGD.exe
2700	JnwioCB.exe
4196	xXlJTMY.exe
1452	ChqHDIX.exe
2652	dJpdKVI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5900-0-0x00007FF639290000-0x00007FF6395E4000-memory.dmp	upx
behavioral1/files/0x00080000000242e1-4.dat	upx
behavioral1/files/0x00070000000242e5-11.dat	upx
behavioral1/memory/3556-17-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	upx
behavioral1/files/0x00070000000242e6-18.dat	upx
behavioral1/memory/5528-20-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp	upx
behavioral1/memory/3484-9-0x00007FF6251E0000-0x00007FF625534000-memory.dmp	upx
behavioral1/files/0x00070000000242e7-23.dat	upx
behavioral1/memory/948-24-0x00007FF691C20000-0x00007FF691F74000-memory.dmp	upx
behavioral1/files/0x00080000000242e2-27.dat	upx
behavioral1/memory/3792-38-0x00007FF657D40000-0x00007FF658094000-memory.dmp	upx
behavioral1/files/0x00070000000242e8-36.dat	upx
behavioral1/memory/2984-34-0x00007FF787DC0000-0x00007FF788114000-memory.dmp	upx
behavioral1/memory/2892-42-0x00007FF6EDE00000-0x00007FF6EE154000-memory.dmp	upx
behavioral1/memory/5900-48-0x00007FF639290000-0x00007FF6395E4000-memory.dmp	upx
behavioral1/memory/4548-49-0x00007FF642800000-0x00007FF642B54000-memory.dmp	upx
behavioral1/files/0x00070000000242eb-50.dat	upx
behavioral1/files/0x00070000000242ec-61.dat	upx
behavioral1/files/0x00070000000242ed-60.dat	upx
behavioral1/memory/4676-65-0x00007FF67D200000-0x00007FF67D554000-memory.dmp	upx
behavioral1/files/0x00070000000242f2-89.dat	upx
behavioral1/files/0x00070000000242f7-114.dat	upx
behavioral1/files/0x00070000000242f9-124.dat	upx
behavioral1/memory/5528-133-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp	upx
behavioral1/memory/4884-137-0x00007FF6F55E0000-0x00007FF6F5934000-memory.dmp	upx
behavioral1/memory/4868-141-0x00007FF77BFF0000-0x00007FF77C344000-memory.dmp	upx
behavioral1/memory/3480-145-0x00007FF6E8380000-0x00007FF6E86D4000-memory.dmp	upx
behavioral1/memory/948-155-0x00007FF691C20000-0x00007FF691F74000-memory.dmp	upx
behavioral1/memory/4692-157-0x00007FF6AE010000-0x00007FF6AE364000-memory.dmp	upx
behavioral1/memory/4444-156-0x00007FF7AD930000-0x00007FF7ADC84000-memory.dmp	upx
behavioral1/files/0x00070000000242fb-152.dat	upx
behavioral1/files/0x000b00000002413a-150.dat	upx
behavioral1/files/0x00070000000242fa-149.dat	upx
behavioral1/memory/4892-146-0x00007FF7F6570000-0x00007FF7F68C4000-memory.dmp	upx
behavioral1/memory/3096-144-0x00007FF730BA0000-0x00007FF730EF4000-memory.dmp	upx
behavioral1/memory/4224-143-0x00007FF711F40000-0x00007FF712294000-memory.dmp	upx
behavioral1/memory/3824-142-0x00007FF692300000-0x00007FF692654000-memory.dmp	upx
behavioral1/memory/4816-140-0x00007FF678410000-0x00007FF678764000-memory.dmp	upx
behavioral1/memory/4736-139-0x00007FF6BFBB0000-0x00007FF6BFF04000-memory.dmp	upx
behavioral1/memory/4720-138-0x00007FF6B3BB0000-0x00007FF6B3F04000-memory.dmp	upx
behavioral1/memory/1404-136-0x00007FF77A130000-0x00007FF77A484000-memory.dmp	upx
behavioral1/memory/4060-135-0x00007FF730EE0000-0x00007FF731234000-memory.dmp	upx
behavioral1/memory/4508-134-0x00007FF60D500000-0x00007FF60D854000-memory.dmp	upx
behavioral1/files/0x00070000000242f8-119.dat	upx
behavioral1/files/0x00070000000242f6-109.dat	upx
behavioral1/files/0x00070000000242f5-104.dat	upx
behavioral1/files/0x00070000000242f4-99.dat	upx
behavioral1/files/0x00070000000242f3-94.dat	upx
behavioral1/files/0x00070000000242f1-84.dat	upx
behavioral1/files/0x00070000000242f0-79.dat	upx
behavioral1/files/0x00070000000242ee-77.dat	upx
behavioral1/files/0x00070000000242ef-74.dat	upx
behavioral1/memory/4604-59-0x00007FF726DF0000-0x00007FF727144000-memory.dmp	upx
behavioral1/memory/3556-57-0x00007FF7444F0000-0x00007FF744844000-memory.dmp	upx
behavioral1/memory/3484-55-0x00007FF6251E0000-0x00007FF625534000-memory.dmp	upx
behavioral1/files/0x00070000000242e9-45.dat	upx
behavioral1/memory/3792-162-0x00007FF657D40000-0x00007FF658094000-memory.dmp	upx
behavioral1/files/0x000b000000024138-164.dat	upx
behavioral1/files/0x000f000000024160-173.dat	upx
behavioral1/files/0x00070000000242fe-184.dat	upx
behavioral1/files/0x0007000000024300-198.dat	upx
behavioral1/memory/5688-195-0x00007FF6EF140000-0x00007FF6EF494000-memory.dmp	upx
behavioral1/files/0x00070000000242ff-190.dat	upx
behavioral1/memory/4548-186-0x00007FF642800000-0x00007FF642B54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QpJTZcw.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dDKvVjw.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TaCqylH.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\abXIdUU.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\arYfsIv.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vkaCIAk.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Ylzzpft.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yJcrUrW.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MOTcAMR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LPpvgwq.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BcxLdoh.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GWWGdNz.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mMbMaLD.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zZlSahR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HgjBLME.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LcKdfRl.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wYOcqMj.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ikFidAz.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IuhnoAZ.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SaKZHEp.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wHbAXWR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RcpvGwx.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qjiXWfY.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fGCuhqN.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HItzrSA.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UicDbBR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HJtybaL.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NmTPmia.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KmHQEfz.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vDZpYdV.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BOOxUee.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CnFPKoN.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZEsqtLQ.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vZfdUCf.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PhUBgga.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LzNwqFj.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dQxEHXp.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AsvJxLa.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KGkjiTW.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ISSZgWi.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\enCtLAd.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nFogguB.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uwMvjUt.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pbMVAau.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KyJqjSf.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ePuRoIW.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yQuzEsB.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ljuoZdM.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gwJGobM.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qtQgLDo.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OsTbQqE.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lMKktqT.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hfwbfrR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YfJbwlp.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aXlNOQw.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zoPYdSo.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tgLZnVD.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rWNHODM.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xpyPQuE.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vfCUHkm.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pvTOVBX.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tkjqYBZ.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZjnZWTw.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xGYWrGR.exe	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5900 wrote to memory of 3484	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5900 wrote to memory of 3484	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5900 wrote to memory of 3556	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5900 wrote to memory of 3556	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5900 wrote to memory of 5528	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5900 wrote to memory of 5528	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5900 wrote to memory of 948	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5900 wrote to memory of 948	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5900 wrote to memory of 2984	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5900 wrote to memory of 2984	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5900 wrote to memory of 3792	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5900 wrote to memory of 3792	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5900 wrote to memory of 2892	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5900 wrote to memory of 2892	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5900 wrote to memory of 4548	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5900 wrote to memory of 4548	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5900 wrote to memory of 4604	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5900 wrote to memory of 4604	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5900 wrote to memory of 4676	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5900 wrote to memory of 4676	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 5900 wrote to memory of 4508	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5900 wrote to memory of 4508	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5900 wrote to memory of 4060	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5900 wrote to memory of 4060	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5900 wrote to memory of 4892	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5900 wrote to memory of 4892	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5900 wrote to memory of 1404	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5900 wrote to memory of 1404	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5900 wrote to memory of 4884	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5900 wrote to memory of 4884	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5900 wrote to memory of 4720	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5900 wrote to memory of 4720	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5900 wrote to memory of 4736	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5900 wrote to memory of 4736	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5900 wrote to memory of 4816	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5900 wrote to memory of 4816	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5900 wrote to memory of 4868	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5900 wrote to memory of 4868	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5900 wrote to memory of 3824	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5900 wrote to memory of 3824	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5900 wrote to memory of 4224	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5900 wrote to memory of 4224	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5900 wrote to memory of 3096	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5900 wrote to memory of 3096	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5900 wrote to memory of 3480	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5900 wrote to memory of 3480	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5900 wrote to memory of 4444	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5900 wrote to memory of 4444	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5900 wrote to memory of 4692	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5900 wrote to memory of 4692	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5900 wrote to memory of 1140	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5900 wrote to memory of 1140	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5900 wrote to memory of 380	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5900 wrote to memory of 380	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5900 wrote to memory of 1628	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5900 wrote to memory of 1628	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5900 wrote to memory of 5688	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5900 wrote to memory of 5688	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5900 wrote to memory of 3152	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5900 wrote to memory of 3152	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5900 wrote to memory of 5068	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5900 wrote to memory of 5068	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5900 wrote to memory of 5244	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5900 wrote to memory of 5244	5900	2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_532a72550d2c4db8e5aee6fc86a02a28_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5900
- C:\Windows\System\snYROBr.exe
  C:\Windows\System\snYROBr.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\Ylzzpft.exe
  C:\Windows\System\Ylzzpft.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\uQUjQOl.exe
  C:\Windows\System\uQUjQOl.exe
  2⤵
  - Executes dropped EXE
  PID:5528
- C:\Windows\System\vnOLhsU.exe
  C:\Windows\System\vnOLhsU.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\TMGqrYS.exe
  C:\Windows\System\TMGqrYS.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yJyNAKe.exe
  C:\Windows\System\yJyNAKe.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\hKKejpl.exe
  C:\Windows\System\hKKejpl.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\iSYEioX.exe
  C:\Windows\System\iSYEioX.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\oCHpCTv.exe
  C:\Windows\System\oCHpCTv.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\HtxOEuR.exe
  C:\Windows\System\HtxOEuR.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\ygMmBAx.exe
  C:\Windows\System\ygMmBAx.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\FLaCCSG.exe
  C:\Windows\System\FLaCCSG.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\lXQdmfk.exe
  C:\Windows\System\lXQdmfk.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\iNKBVHL.exe
  C:\Windows\System\iNKBVHL.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\LBXXnfx.exe
  C:\Windows\System\LBXXnfx.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\AwdaouO.exe
  C:\Windows\System\AwdaouO.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\SbomtWA.exe
  C:\Windows\System\SbomtWA.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\ofCYzFP.exe
  C:\Windows\System\ofCYzFP.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\xNZUsty.exe
  C:\Windows\System\xNZUsty.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\bRTyZxS.exe
  C:\Windows\System\bRTyZxS.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\QQZcwuN.exe
  C:\Windows\System\QQZcwuN.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\zWGeMIm.exe
  C:\Windows\System\zWGeMIm.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\kVTlKZZ.exe
  C:\Windows\System\kVTlKZZ.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\HsNBWRt.exe
  C:\Windows\System\HsNBWRt.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\RSfujyY.exe
  C:\Windows\System\RSfujyY.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\yIQHpTo.exe
  C:\Windows\System\yIQHpTo.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\LPBMuxK.exe
  C:\Windows\System\LPBMuxK.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\yXtYlIl.exe
  C:\Windows\System\yXtYlIl.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\XETtzei.exe
  C:\Windows\System\XETtzei.exe
  2⤵
  - Executes dropped EXE
  PID:5688
- C:\Windows\System\KtDwYme.exe
  C:\Windows\System\KtDwYme.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\veoMaAw.exe
  C:\Windows\System\veoMaAw.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\XyGIywN.exe
  C:\Windows\System\XyGIywN.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System\XgsZapz.exe
  C:\Windows\System\XgsZapz.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\FdSRxSb.exe
  C:\Windows\System\FdSRxSb.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\ALycUjw.exe
  C:\Windows\System\ALycUjw.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\SqmnFGU.exe
  C:\Windows\System\SqmnFGU.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\ALenruF.exe
  C:\Windows\System\ALenruF.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\vZfdUCf.exe
  C:\Windows\System\vZfdUCf.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\kFBiXNp.exe
  C:\Windows\System\kFBiXNp.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System\wHbAXWR.exe
  C:\Windows\System\wHbAXWR.exe
  2⤵
  - Executes dropped EXE
  PID:5848
- C:\Windows\System\vPehInv.exe
  C:\Windows\System\vPehInv.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System\nFogguB.exe
  C:\Windows\System\nFogguB.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\ECVUeBK.exe
  C:\Windows\System\ECVUeBK.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\lHhfDPO.exe
  C:\Windows\System\lHhfDPO.exe
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\System\bPkppTe.exe
  C:\Windows\System\bPkppTe.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\wiMIRju.exe
  C:\Windows\System\wiMIRju.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\QvxegRu.exe
  C:\Windows\System\QvxegRu.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\MxkPQkP.exe
  C:\Windows\System\MxkPQkP.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\TFlnBtp.exe
  C:\Windows\System\TFlnBtp.exe
  2⤵
  - Executes dropped EXE
  PID:6124
- C:\Windows\System\ispneIz.exe
  C:\Windows\System\ispneIz.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\QQZewnT.exe
  C:\Windows\System\QQZewnT.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\urRNKTU.exe
  C:\Windows\System\urRNKTU.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\vdEJcHP.exe
  C:\Windows\System\vdEJcHP.exe
  2⤵
  - Executes dropped EXE
  PID:5860
- C:\Windows\System\PfLbgao.exe
  C:\Windows\System\PfLbgao.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\QpJTZcw.exe
  C:\Windows\System\QpJTZcw.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\ezRKDaB.exe
  C:\Windows\System\ezRKDaB.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\aTwDeTm.exe
  C:\Windows\System\aTwDeTm.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\DIIkcqS.exe
  C:\Windows\System\DIIkcqS.exe
  2⤵
  - Executes dropped EXE
  PID:5524
- C:\Windows\System\iFZwvcF.exe
  C:\Windows\System\iFZwvcF.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\NCumOGD.exe
  C:\Windows\System\NCumOGD.exe
  2⤵
  - Executes dropped EXE
  PID:5440
- C:\Windows\System\JnwioCB.exe
  C:\Windows\System\JnwioCB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\xXlJTMY.exe
  C:\Windows\System\xXlJTMY.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\ChqHDIX.exe
  C:\Windows\System\ChqHDIX.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\dJpdKVI.exe
  C:\Windows\System\dJpdKVI.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\kTvkPbe.exe
  C:\Windows\System\kTvkPbe.exe
  2⤵
  PID:5184
- C:\Windows\System\lygBUaR.exe
  C:\Windows\System\lygBUaR.exe
  2⤵
  PID:5552
- C:\Windows\System\PXgmOsm.exe
  C:\Windows\System\PXgmOsm.exe
  2⤵
  PID:4404
- C:\Windows\System\HZVbniU.exe
  C:\Windows\System\HZVbniU.exe
  2⤵
  PID:228
- C:\Windows\System\WjMZNvn.exe
  C:\Windows\System\WjMZNvn.exe
  2⤵
  PID:2192
- C:\Windows\System\mMbMaLD.exe
  C:\Windows\System\mMbMaLD.exe
  2⤵
  PID:4080
- C:\Windows\System\kyqZEZr.exe
  C:\Windows\System\kyqZEZr.exe
  2⤵
  PID:2440
- C:\Windows\System\zoPYdSo.exe
  C:\Windows\System\zoPYdSo.exe
  2⤵
  PID:1120
- C:\Windows\System\FFiadiX.exe
  C:\Windows\System\FFiadiX.exe
  2⤵
  PID:2940
- C:\Windows\System\bPHlsHe.exe
  C:\Windows\System\bPHlsHe.exe
  2⤵
  PID:2544
- C:\Windows\System\XUpmVFx.exe
  C:\Windows\System\XUpmVFx.exe
  2⤵
  PID:5392
- C:\Windows\System\DFGbsIB.exe
  C:\Windows\System\DFGbsIB.exe
  2⤵
  PID:5312
- C:\Windows\System\TtrEdnn.exe
  C:\Windows\System\TtrEdnn.exe
  2⤵
  PID:5744
- C:\Windows\System\ljuoZdM.exe
  C:\Windows\System\ljuoZdM.exe
  2⤵
  PID:4908
- C:\Windows\System\ZKfeleK.exe
  C:\Windows\System\ZKfeleK.exe
  2⤵
  PID:3060
- C:\Windows\System\rtkokjI.exe
  C:\Windows\System\rtkokjI.exe
  2⤵
  PID:2620
- C:\Windows\System\gPLBhDY.exe
  C:\Windows\System\gPLBhDY.exe
  2⤵
  PID:3616
- C:\Windows\System\wCbFBNQ.exe
  C:\Windows\System\wCbFBNQ.exe
  2⤵
  PID:5472
- C:\Windows\System\bSfUwnf.exe
  C:\Windows\System\bSfUwnf.exe
  2⤵
  PID:4612
- C:\Windows\System\QBfoosc.exe
  C:\Windows\System\QBfoosc.exe
  2⤵
  PID:4260
- C:\Windows\System\icytwlu.exe
  C:\Windows\System\icytwlu.exe
  2⤵
  PID:2900
- C:\Windows\System\eBSNdgs.exe
  C:\Windows\System\eBSNdgs.exe
  2⤵
  PID:4516
- C:\Windows\System\rxINARk.exe
  C:\Windows\System\rxINARk.exe
  2⤵
  PID:5684
- C:\Windows\System\scAHBHs.exe
  C:\Windows\System\scAHBHs.exe
  2⤵
  PID:4364
- C:\Windows\System\ByPBidK.exe
  C:\Windows\System\ByPBidK.exe
  2⤵
  PID:4844
- C:\Windows\System\pprmpDr.exe
  C:\Windows\System\pprmpDr.exe
  2⤵
  PID:4644
- C:\Windows\System\xOQEjQR.exe
  C:\Windows\System\xOQEjQR.exe
  2⤵
  PID:3884
- C:\Windows\System\DaTnieB.exe
  C:\Windows\System\DaTnieB.exe
  2⤵
  PID:2076
- C:\Windows\System\sFWeZHG.exe
  C:\Windows\System\sFWeZHG.exe
  2⤵
  PID:4452
- C:\Windows\System\AQwFTDo.exe
  C:\Windows\System\AQwFTDo.exe
  2⤵
  PID:5820
- C:\Windows\System\fjnXvBa.exe
  C:\Windows\System\fjnXvBa.exe
  2⤵
  PID:3420
- C:\Windows\System\RNZMYxX.exe
  C:\Windows\System\RNZMYxX.exe
  2⤵
  PID:5780
- C:\Windows\System\XipjHGl.exe
  C:\Windows\System\XipjHGl.exe
  2⤵
  PID:4372
- C:\Windows\System\HIlzJeH.exe
  C:\Windows\System\HIlzJeH.exe
  2⤵
  PID:5660
- C:\Windows\System\xGYWrGR.exe
  C:\Windows\System\xGYWrGR.exe
  2⤵
  PID:2108
- C:\Windows\System\GraFPvH.exe
  C:\Windows\System\GraFPvH.exe
  2⤵
  PID:3460
- C:\Windows\System\eTwPwLA.exe
  C:\Windows\System\eTwPwLA.exe
  2⤵
  PID:4220
- C:\Windows\System\LzNOaKP.exe
  C:\Windows\System\LzNOaKP.exe
  2⤵
  PID:2576
- C:\Windows\System\htJWLqU.exe
  C:\Windows\System\htJWLqU.exe
  2⤵
  PID:220
- C:\Windows\System\yJcrUrW.exe
  C:\Windows\System\yJcrUrW.exe
  2⤵
  PID:1708
- C:\Windows\System\dDKvVjw.exe
  C:\Windows\System\dDKvVjw.exe
  2⤵
  PID:5548
- C:\Windows\System\ZDGJjVg.exe
  C:\Windows\System\ZDGJjVg.exe
  2⤵
  PID:804
- C:\Windows\System\cvshxUY.exe
  C:\Windows\System\cvshxUY.exe
  2⤵
  PID:3112
- C:\Windows\System\lxOxHOy.exe
  C:\Windows\System\lxOxHOy.exe
  2⤵
  PID:5512
- C:\Windows\System\RZaIpXp.exe
  C:\Windows\System\RZaIpXp.exe
  2⤵
  PID:2360
- C:\Windows\System\MIkMjuv.exe
  C:\Windows\System\MIkMjuv.exe
  2⤵
  PID:6080
- C:\Windows\System\tGSvinC.exe
  C:\Windows\System\tGSvinC.exe
  2⤵
  PID:2328
- C:\Windows\System\ivIXfXj.exe
  C:\Windows\System\ivIXfXj.exe
  2⤵
  PID:4416
- C:\Windows\System\BXmVBZs.exe
  C:\Windows\System\BXmVBZs.exe
  2⤵
  PID:5092
- C:\Windows\System\HeRjiYr.exe
  C:\Windows\System\HeRjiYr.exe
  2⤵
  PID:4640
- C:\Windows\System\jPqNBJo.exe
  C:\Windows\System\jPqNBJo.exe
  2⤵
  PID:5336
- C:\Windows\System\mljBmcO.exe
  C:\Windows\System\mljBmcO.exe
  2⤵
  PID:3568
- C:\Windows\System\bWKfwEe.exe
  C:\Windows\System\bWKfwEe.exe
  2⤵
  PID:5516
- C:\Windows\System\hkJQeJA.exe
  C:\Windows\System\hkJQeJA.exe
  2⤵
  PID:2000
- C:\Windows\System\hpektxt.exe
  C:\Windows\System\hpektxt.exe
  2⤵
  PID:4292
- C:\Windows\System\vbvPrUL.exe
  C:\Windows\System\vbvPrUL.exe
  2⤵
  PID:376
- C:\Windows\System\gwJGobM.exe
  C:\Windows\System\gwJGobM.exe
  2⤵
  PID:6092
- C:\Windows\System\pqYJcHf.exe
  C:\Windows\System\pqYJcHf.exe
  2⤵
  PID:5968
- C:\Windows\System\WWJlqlZ.exe
  C:\Windows\System\WWJlqlZ.exe
  2⤵
  PID:3264
- C:\Windows\System\wlkNCVY.exe
  C:\Windows\System\wlkNCVY.exe
  2⤵
  PID:4580
- C:\Windows\System\HzeKATR.exe
  C:\Windows\System\HzeKATR.exe
  2⤵
  PID:4948
- C:\Windows\System\peJepHf.exe
  C:\Windows\System\peJepHf.exe
  2⤵
  PID:4912
- C:\Windows\System\NYnlNck.exe
  C:\Windows\System\NYnlNck.exe
  2⤵
  PID:1780
- C:\Windows\System\ttoPUAY.exe
  C:\Windows\System\ttoPUAY.exe
  2⤵
  PID:5492
- C:\Windows\System\DTWZcbH.exe
  C:\Windows\System\DTWZcbH.exe
  2⤵
  PID:2136
- C:\Windows\System\DIKKldc.exe
  C:\Windows\System\DIKKldc.exe
  2⤵
  PID:1064
- C:\Windows\System\qtQgLDo.exe
  C:\Windows\System\qtQgLDo.exe
  2⤵
  PID:2464
- C:\Windows\System\aLLkCaW.exe
  C:\Windows\System\aLLkCaW.exe
  2⤵
  PID:4780
- C:\Windows\System\mAXLpmc.exe
  C:\Windows\System\mAXLpmc.exe
  2⤵
  PID:3972
- C:\Windows\System\dsLDEXS.exe
  C:\Windows\System\dsLDEXS.exe
  2⤵
  PID:6136
- C:\Windows\System\eVSpSTH.exe
  C:\Windows\System\eVSpSTH.exe
  2⤵
  PID:5152
- C:\Windows\System\ilnubrm.exe
  C:\Windows\System\ilnubrm.exe
  2⤵
  PID:5036
- C:\Windows\System\AZyEhIV.exe
  C:\Windows\System\AZyEhIV.exe
  2⤵
  PID:5840
- C:\Windows\System\LCCkuBL.exe
  C:\Windows\System\LCCkuBL.exe
  2⤵
  PID:5468
- C:\Windows\System\BTddzSa.exe
  C:\Windows\System\BTddzSa.exe
  2⤵
  PID:4152
- C:\Windows\System\Tuzxmht.exe
  C:\Windows\System\Tuzxmht.exe
  2⤵
  PID:184
- C:\Windows\System\SSgBjbm.exe
  C:\Windows\System\SSgBjbm.exe
  2⤵
  PID:4764
- C:\Windows\System\TlGxJFb.exe
  C:\Windows\System\TlGxJFb.exe
  2⤵
  PID:6156
- C:\Windows\System\MHRSPvJ.exe
  C:\Windows\System\MHRSPvJ.exe
  2⤵
  PID:6184
- C:\Windows\System\TvJZSZm.exe
  C:\Windows\System\TvJZSZm.exe
  2⤵
  PID:6212
- C:\Windows\System\SDSSCWR.exe
  C:\Windows\System\SDSSCWR.exe
  2⤵
  PID:6240
- C:\Windows\System\tXhhfNJ.exe
  C:\Windows\System\tXhhfNJ.exe
  2⤵
  PID:6268
- C:\Windows\System\HoOKmdr.exe
  C:\Windows\System\HoOKmdr.exe
  2⤵
  PID:6296
- C:\Windows\System\MOTcAMR.exe
  C:\Windows\System\MOTcAMR.exe
  2⤵
  PID:6324
- C:\Windows\System\wrBNAUD.exe
  C:\Windows\System\wrBNAUD.exe
  2⤵
  PID:6352
- C:\Windows\System\noWdTaf.exe
  C:\Windows\System\noWdTaf.exe
  2⤵
  PID:6376
- C:\Windows\System\AqxTKLK.exe
  C:\Windows\System\AqxTKLK.exe
  2⤵
  PID:6408
- C:\Windows\System\NjNtXCi.exe
  C:\Windows\System\NjNtXCi.exe
  2⤵
  PID:6436
- C:\Windows\System\bLoMKSR.exe
  C:\Windows\System\bLoMKSR.exe
  2⤵
  PID:6464
- C:\Windows\System\FcTdMHC.exe
  C:\Windows\System\FcTdMHC.exe
  2⤵
  PID:6492
- C:\Windows\System\DIJiiPf.exe
  C:\Windows\System\DIJiiPf.exe
  2⤵
  PID:6520
- C:\Windows\System\gIoLRin.exe
  C:\Windows\System\gIoLRin.exe
  2⤵
  PID:6548
- C:\Windows\System\uwMvjUt.exe
  C:\Windows\System\uwMvjUt.exe
  2⤵
  PID:6576
- C:\Windows\System\KfBGDGI.exe
  C:\Windows\System\KfBGDGI.exe
  2⤵
  PID:6604
- C:\Windows\System\BotHlJd.exe
  C:\Windows\System\BotHlJd.exe
  2⤵
  PID:6632
- C:\Windows\System\rJNHBiJ.exe
  C:\Windows\System\rJNHBiJ.exe
  2⤵
  PID:6660
- C:\Windows\System\RkJqQGl.exe
  C:\Windows\System\RkJqQGl.exe
  2⤵
  PID:6688
- C:\Windows\System\lmKgcVe.exe
  C:\Windows\System\lmKgcVe.exe
  2⤵
  PID:6716
- C:\Windows\System\QzYMRRm.exe
  C:\Windows\System\QzYMRRm.exe
  2⤵
  PID:6744
- C:\Windows\System\ILmVmGI.exe
  C:\Windows\System\ILmVmGI.exe
  2⤵
  PID:6772
- C:\Windows\System\IJhLYEf.exe
  C:\Windows\System\IJhLYEf.exe
  2⤵
  PID:6800
- C:\Windows\System\BUHARFk.exe
  C:\Windows\System\BUHARFk.exe
  2⤵
  PID:6828
- C:\Windows\System\oUFvzBk.exe
  C:\Windows\System\oUFvzBk.exe
  2⤵
  PID:6856
- C:\Windows\System\tgLZnVD.exe
  C:\Windows\System\tgLZnVD.exe
  2⤵
  PID:6900
- C:\Windows\System\NzBqTCD.exe
  C:\Windows\System\NzBqTCD.exe
  2⤵
  PID:6936
- C:\Windows\System\fgyNYZX.exe
  C:\Windows\System\fgyNYZX.exe
  2⤵
  PID:6976
- C:\Windows\System\kLsZDTK.exe
  C:\Windows\System\kLsZDTK.exe
  2⤵
  PID:7000
- C:\Windows\System\zimInIb.exe
  C:\Windows\System\zimInIb.exe
  2⤵
  PID:7032
- C:\Windows\System\wNiVELr.exe
  C:\Windows\System\wNiVELr.exe
  2⤵
  PID:7064
- C:\Windows\System\EejCpKj.exe
  C:\Windows\System\EejCpKj.exe
  2⤵
  PID:7092
- C:\Windows\System\sNaaNnM.exe
  C:\Windows\System\sNaaNnM.exe
  2⤵
  PID:7124
- C:\Windows\System\YTuZZbT.exe
  C:\Windows\System\YTuZZbT.exe
  2⤵
  PID:7152
- C:\Windows\System\GVPsODM.exe
  C:\Windows\System\GVPsODM.exe
  2⤵
  PID:6172
- C:\Windows\System\cCmfEdw.exe
  C:\Windows\System\cCmfEdw.exe
  2⤵
  PID:6228
- C:\Windows\System\rtkrkDk.exe
  C:\Windows\System\rtkrkDk.exe
  2⤵
  PID:6304
- C:\Windows\System\RcpvGwx.exe
  C:\Windows\System\RcpvGwx.exe
  2⤵
  PID:6368
- C:\Windows\System\PmZJzdN.exe
  C:\Windows\System\PmZJzdN.exe
  2⤵
  PID:6432
- C:\Windows\System\FtfTIvG.exe
  C:\Windows\System\FtfTIvG.exe
  2⤵
  PID:6500
- C:\Windows\System\XqLCiHT.exe
  C:\Windows\System\XqLCiHT.exe
  2⤵
  PID:6572
- C:\Windows\System\RpasaDV.exe
  C:\Windows\System\RpasaDV.exe
  2⤵
  PID:6628
- C:\Windows\System\zZlSahR.exe
  C:\Windows\System\zZlSahR.exe
  2⤵
  PID:6696
- C:\Windows\System\LGthaxY.exe
  C:\Windows\System\LGthaxY.exe
  2⤵
  PID:6768
- C:\Windows\System\DtiRNyl.exe
  C:\Windows\System\DtiRNyl.exe
  2⤵
  PID:6816
- C:\Windows\System\OEplHWb.exe
  C:\Windows\System\OEplHWb.exe
  2⤵
  PID:6892
- C:\Windows\System\ZFeKCwc.exe
  C:\Windows\System\ZFeKCwc.exe
  2⤵
  PID:6964
- C:\Windows\System\AZCBHbP.exe
  C:\Windows\System\AZCBHbP.exe
  2⤵
  PID:7020
- C:\Windows\System\DkrQvza.exe
  C:\Windows\System\DkrQvza.exe
  2⤵
  PID:7072
- C:\Windows\System\GShnYzo.exe
  C:\Windows\System\GShnYzo.exe
  2⤵
  PID:7140
- C:\Windows\System\YXAeaKK.exe
  C:\Windows\System\YXAeaKK.exe
  2⤵
  PID:6284
- C:\Windows\System\NJNzFlE.exe
  C:\Windows\System\NJNzFlE.exe
  2⤵
  PID:6452
- C:\Windows\System\AxLlSvJ.exe
  C:\Windows\System\AxLlSvJ.exe
  2⤵
  PID:6592
- C:\Windows\System\UCRChkd.exe
  C:\Windows\System\UCRChkd.exe
  2⤵
  PID:6752
- C:\Windows\System\HbsMwtp.exe
  C:\Windows\System\HbsMwtp.exe
  2⤵
  PID:6912
- C:\Windows\System\qzuwUVi.exe
  C:\Windows\System\qzuwUVi.exe
  2⤵
  PID:7052
- C:\Windows\System\WZeSBko.exe
  C:\Windows\System\WZeSBko.exe
  2⤵
  PID:6236
- C:\Windows\System\RTtIQhS.exe
  C:\Windows\System\RTtIQhS.exe
  2⤵
  PID:6556
- C:\Windows\System\dtJwhTZ.exe
  C:\Windows\System\dtJwhTZ.exe
  2⤵
  PID:6956
- C:\Windows\System\HMqtejf.exe
  C:\Windows\System\HMqtejf.exe
  2⤵
  PID:6388
- C:\Windows\System\QTxupDJ.exe
  C:\Windows\System\QTxupDJ.exe
  2⤵
  PID:7132
- C:\Windows\System\PcPRFbn.exe
  C:\Windows\System\PcPRFbn.exe
  2⤵
  PID:7176
- C:\Windows\System\lxPiPTo.exe
  C:\Windows\System\lxPiPTo.exe
  2⤵
  PID:7232
- C:\Windows\System\TjpeNGj.exe
  C:\Windows\System\TjpeNGj.exe
  2⤵
  PID:7260
- C:\Windows\System\fxwLODF.exe
  C:\Windows\System\fxwLODF.exe
  2⤵
  PID:7288
- C:\Windows\System\sdjFvGw.exe
  C:\Windows\System\sdjFvGw.exe
  2⤵
  PID:7324
- C:\Windows\System\KnYITfQ.exe
  C:\Windows\System\KnYITfQ.exe
  2⤵
  PID:7356
- C:\Windows\System\rGpMGmN.exe
  C:\Windows\System\rGpMGmN.exe
  2⤵
  PID:7388
- C:\Windows\System\DpzcXrr.exe
  C:\Windows\System\DpzcXrr.exe
  2⤵
  PID:7404
- C:\Windows\System\KmHQEfz.exe
  C:\Windows\System\KmHQEfz.exe
  2⤵
  PID:7432
- C:\Windows\System\yEaUFrH.exe
  C:\Windows\System\yEaUFrH.exe
  2⤵
  PID:7460
- C:\Windows\System\rbZGduv.exe
  C:\Windows\System\rbZGduv.exe
  2⤵
  PID:7492
- C:\Windows\System\wKyNxDc.exe
  C:\Windows\System\wKyNxDc.exe
  2⤵
  PID:7520
- C:\Windows\System\HgjBLME.exe
  C:\Windows\System\HgjBLME.exe
  2⤵
  PID:7548
- C:\Windows\System\IYYtnRm.exe
  C:\Windows\System\IYYtnRm.exe
  2⤵
  PID:7576
- C:\Windows\System\etBOpaw.exe
  C:\Windows\System\etBOpaw.exe
  2⤵
  PID:7608
- C:\Windows\System\OsTbQqE.exe
  C:\Windows\System\OsTbQqE.exe
  2⤵
  PID:7632
- C:\Windows\System\LPpvgwq.exe
  C:\Windows\System\LPpvgwq.exe
  2⤵
  PID:7664
- C:\Windows\System\kFTeiZM.exe
  C:\Windows\System\kFTeiZM.exe
  2⤵
  PID:7692
- C:\Windows\System\eSJJMgF.exe
  C:\Windows\System\eSJJMgF.exe
  2⤵
  PID:7720
- C:\Windows\System\uSAUfvq.exe
  C:\Windows\System\uSAUfvq.exe
  2⤵
  PID:7752
- C:\Windows\System\mQnhIoq.exe
  C:\Windows\System\mQnhIoq.exe
  2⤵
  PID:7776
- C:\Windows\System\umSGjYK.exe
  C:\Windows\System\umSGjYK.exe
  2⤵
  PID:7812
- C:\Windows\System\PywUVQt.exe
  C:\Windows\System\PywUVQt.exe
  2⤵
  PID:7836
- C:\Windows\System\riBgtkj.exe
  C:\Windows\System\riBgtkj.exe
  2⤵
  PID:7864
- C:\Windows\System\dcaGKfm.exe
  C:\Windows\System\dcaGKfm.exe
  2⤵
  PID:7896
- C:\Windows\System\TiWGOaJ.exe
  C:\Windows\System\TiWGOaJ.exe
  2⤵
  PID:7924
- C:\Windows\System\ZRoDtqr.exe
  C:\Windows\System\ZRoDtqr.exe
  2⤵
  PID:7952
- C:\Windows\System\hYJIouv.exe
  C:\Windows\System\hYJIouv.exe
  2⤵
  PID:8008
- C:\Windows\System\sqompbo.exe
  C:\Windows\System\sqompbo.exe
  2⤵
  PID:8068
- C:\Windows\System\EnMGabf.exe
  C:\Windows\System\EnMGabf.exe
  2⤵
  PID:8140
- C:\Windows\System\GDvYUdF.exe
  C:\Windows\System\GDvYUdF.exe
  2⤵
  PID:8172
- C:\Windows\System\NsZogmc.exe
  C:\Windows\System\NsZogmc.exe
  2⤵
  PID:8188
- C:\Windows\System\voOAtPq.exe
  C:\Windows\System\voOAtPq.exe
  2⤵
  PID:7224
- C:\Windows\System\MWbFRPJ.exe
  C:\Windows\System\MWbFRPJ.exe
  2⤵
  PID:7316
- C:\Windows\System\dwakENv.exe
  C:\Windows\System\dwakENv.exe
  2⤵
  PID:7400
- C:\Windows\System\hRaGAyv.exe
  C:\Windows\System\hRaGAyv.exe
  2⤵
  PID:7480
- C:\Windows\System\jhdXRSq.exe
  C:\Windows\System\jhdXRSq.exe
  2⤵
  PID:7504
- C:\Windows\System\ezndELa.exe
  C:\Windows\System\ezndELa.exe
  2⤵
  PID:7568
- C:\Windows\System\OdxSNdv.exe
  C:\Windows\System\OdxSNdv.exe
  2⤵
  PID:7644
- C:\Windows\System\vEzdKtg.exe
  C:\Windows\System\vEzdKtg.exe
  2⤵
  PID:7684
- C:\Windows\System\jOWaXxG.exe
  C:\Windows\System\jOWaXxG.exe
  2⤵
  PID:7768
- C:\Windows\System\UUHhEfn.exe
  C:\Windows\System\UUHhEfn.exe
  2⤵
  PID:7820
- C:\Windows\System\BPoKiGN.exe
  C:\Windows\System\BPoKiGN.exe
  2⤵
  PID:7876
- C:\Windows\System\kDslXIu.exe
  C:\Windows\System\kDslXIu.exe
  2⤵
  PID:7948
- C:\Windows\System\YNLQUNG.exe
  C:\Windows\System\YNLQUNG.exe
  2⤵
  PID:8064
- C:\Windows\System\OZdrZZW.exe
  C:\Windows\System\OZdrZZW.exe
  2⤵
  PID:8184
- C:\Windows\System\yZYwyzk.exe
  C:\Windows\System\yZYwyzk.exe
  2⤵
  PID:7296
- C:\Windows\System\IeRoSTN.exe
  C:\Windows\System\IeRoSTN.exe
  2⤵
  PID:7452
- C:\Windows\System\CjmycRv.exe
  C:\Windows\System\CjmycRv.exe
  2⤵
  PID:7616
- C:\Windows\System\wVQmLtj.exe
  C:\Windows\System\wVQmLtj.exe
  2⤵
  PID:7740
- C:\Windows\System\xYSIWdi.exe
  C:\Windows\System\xYSIWdi.exe
  2⤵
  PID:7920
- C:\Windows\System\XrfspIJ.exe
  C:\Windows\System\XrfspIJ.exe
  2⤵
  PID:8124
- C:\Windows\System\juIXTjT.exe
  C:\Windows\System\juIXTjT.exe
  2⤵
  PID:7384
- C:\Windows\System\hXWNVfa.exe
  C:\Windows\System\hXWNVfa.exe
  2⤵
  PID:7732
- C:\Windows\System\wsbbIAK.exe
  C:\Windows\System\wsbbIAK.exe
  2⤵
  PID:5408
- C:\Windows\System\skXFDGi.exe
  C:\Windows\System\skXFDGi.exe
  2⤵
  PID:7856
- C:\Windows\System\wxmtpwq.exe
  C:\Windows\System\wxmtpwq.exe
  2⤵
  PID:8000
- C:\Windows\System\sVrcKNB.exe
  C:\Windows\System\sVrcKNB.exe
  2⤵
  PID:8212
- C:\Windows\System\iCNuERn.exe
  C:\Windows\System\iCNuERn.exe
  2⤵
  PID:8240
- C:\Windows\System\phGxUKn.exe
  C:\Windows\System\phGxUKn.exe
  2⤵
  PID:8268
- C:\Windows\System\wQhILOb.exe
  C:\Windows\System\wQhILOb.exe
  2⤵
  PID:8308
- C:\Windows\System\dJrUmhm.exe
  C:\Windows\System\dJrUmhm.exe
  2⤵
  PID:8328
- C:\Windows\System\ocFKmsn.exe
  C:\Windows\System\ocFKmsn.exe
  2⤵
  PID:8356
- C:\Windows\System\DmobQAl.exe
  C:\Windows\System\DmobQAl.exe
  2⤵
  PID:8384
- C:\Windows\System\seiZNkX.exe
  C:\Windows\System\seiZNkX.exe
  2⤵
  PID:8412
- C:\Windows\System\hBHiufi.exe
  C:\Windows\System\hBHiufi.exe
  2⤵
  PID:8440
- C:\Windows\System\qVsVWCo.exe
  C:\Windows\System\qVsVWCo.exe
  2⤵
  PID:8468
- C:\Windows\System\MeexyYT.exe
  C:\Windows\System\MeexyYT.exe
  2⤵
  PID:8496
- C:\Windows\System\OUbQuHV.exe
  C:\Windows\System\OUbQuHV.exe
  2⤵
  PID:8524
- C:\Windows\System\JUWLNDp.exe
  C:\Windows\System\JUWLNDp.exe
  2⤵
  PID:8552
- C:\Windows\System\JrPzYKM.exe
  C:\Windows\System\JrPzYKM.exe
  2⤵
  PID:8580
- C:\Windows\System\fvdpCNK.exe
  C:\Windows\System\fvdpCNK.exe
  2⤵
  PID:8624
- C:\Windows\System\PbWudfu.exe
  C:\Windows\System\PbWudfu.exe
  2⤵
  PID:8648
- C:\Windows\System\dCweCzc.exe
  C:\Windows\System\dCweCzc.exe
  2⤵
  PID:8668
- C:\Windows\System\WbsgAxB.exe
  C:\Windows\System\WbsgAxB.exe
  2⤵
  PID:8696
- C:\Windows\System\vDuhYhF.exe
  C:\Windows\System\vDuhYhF.exe
  2⤵
  PID:8724
- C:\Windows\System\qPvtejh.exe
  C:\Windows\System\qPvtejh.exe
  2⤵
  PID:8752
- C:\Windows\System\cVbTUeR.exe
  C:\Windows\System\cVbTUeR.exe
  2⤵
  PID:8780
- C:\Windows\System\EcZbJWy.exe
  C:\Windows\System\EcZbJWy.exe
  2⤵
  PID:8808
- C:\Windows\System\pDvAgVi.exe
  C:\Windows\System\pDvAgVi.exe
  2⤵
  PID:8828
- C:\Windows\System\oyShgAr.exe
  C:\Windows\System\oyShgAr.exe
  2⤵
  PID:8852
- C:\Windows\System\zdfJtXL.exe
  C:\Windows\System\zdfJtXL.exe
  2⤵
  PID:8892
- C:\Windows\System\ptVtJPA.exe
  C:\Windows\System\ptVtJPA.exe
  2⤵
  PID:8920
- C:\Windows\System\qjiXWfY.exe
  C:\Windows\System\qjiXWfY.exe
  2⤵
  PID:8980
- C:\Windows\System\aUmeaZn.exe
  C:\Windows\System\aUmeaZn.exe
  2⤵
  PID:9012
- C:\Windows\System\BcxLdoh.exe
  C:\Windows\System\BcxLdoh.exe
  2⤵
  PID:9044
- C:\Windows\System\rzozJIv.exe
  C:\Windows\System\rzozJIv.exe
  2⤵
  PID:9080
- C:\Windows\System\HzkwgMo.exe
  C:\Windows\System\HzkwgMo.exe
  2⤵
  PID:9100
- C:\Windows\System\VddbeOe.exe
  C:\Windows\System\VddbeOe.exe
  2⤵
  PID:9128
- C:\Windows\System\CMKkDPT.exe
  C:\Windows\System\CMKkDPT.exe
  2⤵
  PID:9156
- C:\Windows\System\pzJkJNT.exe
  C:\Windows\System\pzJkJNT.exe
  2⤵
  PID:9184
- C:\Windows\System\uLwDSqz.exe
  C:\Windows\System\uLwDSqz.exe
  2⤵
  PID:9212
- C:\Windows\System\UtfOlkk.exe
  C:\Windows\System\UtfOlkk.exe
  2⤵
  PID:8252
- C:\Windows\System\xbnztCV.exe
  C:\Windows\System\xbnztCV.exe
  2⤵
  PID:5872
- C:\Windows\System\eXaLTdO.exe
  C:\Windows\System\eXaLTdO.exe
  2⤵
  PID:8376
- C:\Windows\System\fUtLPVd.exe
  C:\Windows\System\fUtLPVd.exe
  2⤵
  PID:8436
- C:\Windows\System\CSBVTBK.exe
  C:\Windows\System\CSBVTBK.exe
  2⤵
  PID:8516
- C:\Windows\System\ESGNxHD.exe
  C:\Windows\System\ESGNxHD.exe
  2⤵
  PID:8576
- C:\Windows\System\aWtHcWO.exe
  C:\Windows\System\aWtHcWO.exe
  2⤵
  PID:8636
- C:\Windows\System\mwmSQCU.exe
  C:\Windows\System\mwmSQCU.exe
  2⤵
  PID:8688
- C:\Windows\System\LhqMjeR.exe
  C:\Windows\System\LhqMjeR.exe
  2⤵
  PID:8748
- C:\Windows\System\QZWGaqd.exe
  C:\Windows\System\QZWGaqd.exe
  2⤵
  PID:8804
- C:\Windows\System\MtqcNyf.exe
  C:\Windows\System\MtqcNyf.exe
  2⤵
  PID:8864
- C:\Windows\System\EqFiPkf.exe
  C:\Windows\System\EqFiPkf.exe
  2⤵
  PID:8932
- C:\Windows\System\DZDukNA.exe
  C:\Windows\System\DZDukNA.exe
  2⤵
  PID:9036
- C:\Windows\System\yIqBrct.exe
  C:\Windows\System\yIqBrct.exe
  2⤵
  PID:7188
- C:\Windows\System\DMlDiPO.exe
  C:\Windows\System\DMlDiPO.exe
  2⤵
  PID:9068
- C:\Windows\System\UroZxDw.exe
  C:\Windows\System\UroZxDw.exe
  2⤵
  PID:9124
- C:\Windows\System\PvmDYEf.exe
  C:\Windows\System\PvmDYEf.exe
  2⤵
  PID:9196
- C:\Windows\System\LaUFAQG.exe
  C:\Windows\System\LaUFAQG.exe
  2⤵
  PID:8292
- C:\Windows\System\ytcmRpP.exe
  C:\Windows\System\ytcmRpP.exe
  2⤵
  PID:8432
- C:\Windows\System\RRaHOwA.exe
  C:\Windows\System\RRaHOwA.exe
  2⤵
  PID:8572
- C:\Windows\System\ZqyBnKB.exe
  C:\Windows\System\ZqyBnKB.exe
  2⤵
  PID:8716
- C:\Windows\System\zgEgjuR.exe
  C:\Windows\System\zgEgjuR.exe
  2⤵
  PID:5100
- C:\Windows\System\ZclVWqK.exe
  C:\Windows\System\ZclVWqK.exe
  2⤵
  PID:4852
- C:\Windows\System\arftQPL.exe
  C:\Windows\System\arftQPL.exe
  2⤵
  PID:4728
- C:\Windows\System\pbMVAau.exe
  C:\Windows\System\pbMVAau.exe
  2⤵
  PID:8916
- C:\Windows\System\zEINYmM.exe
  C:\Windows\System\zEINYmM.exe
  2⤵
  PID:9064
- C:\Windows\System\bhCllAR.exe
  C:\Windows\System\bhCllAR.exe
  2⤵
  PID:9152
- C:\Windows\System\gcVFAhO.exe
  C:\Windows\System\gcVFAhO.exe
  2⤵
  PID:8352
- C:\Windows\System\PsbhlCN.exe
  C:\Windows\System\PsbhlCN.exe
  2⤵
  PID:8664
- C:\Windows\System\ZwvUqgN.exe
  C:\Windows\System\ZwvUqgN.exe
  2⤵
  PID:4972
- C:\Windows\System\JqAtobX.exe
  C:\Windows\System\JqAtobX.exe
  2⤵
  PID:5064
- C:\Windows\System\TAFQknw.exe
  C:\Windows\System\TAFQknw.exe
  2⤵
  PID:4596
- C:\Windows\System\hPiEpsT.exe
  C:\Windows\System\hPiEpsT.exe
  2⤵
  PID:8280
- C:\Windows\System\cNmuDBp.exe
  C:\Windows\System\cNmuDBp.exe
  2⤵
  PID:3284
- C:\Windows\System\KyJqjSf.exe
  C:\Windows\System\KyJqjSf.exe
  2⤵
  PID:9024
- C:\Windows\System\fLIXPdM.exe
  C:\Windows\System\fLIXPdM.exe
  2⤵
  PID:3144
- C:\Windows\System\FwWfhDw.exe
  C:\Windows\System\FwWfhDw.exe
  2⤵
  PID:5200
- C:\Windows\System\pUlpXjY.exe
  C:\Windows\System\pUlpXjY.exe
  2⤵
  PID:9224
- C:\Windows\System\QsCxIQQ.exe
  C:\Windows\System\QsCxIQQ.exe
  2⤵
  PID:9252
- C:\Windows\System\LEERqkT.exe
  C:\Windows\System\LEERqkT.exe
  2⤵
  PID:9280
- C:\Windows\System\wJJXwpe.exe
  C:\Windows\System\wJJXwpe.exe
  2⤵
  PID:9308
- C:\Windows\System\eIgbfkL.exe
  C:\Windows\System\eIgbfkL.exe
  2⤵
  PID:9336
- C:\Windows\System\jSKYFLb.exe
  C:\Windows\System\jSKYFLb.exe
  2⤵
  PID:9364
- C:\Windows\System\hAKecAa.exe
  C:\Windows\System\hAKecAa.exe
  2⤵
  PID:9392
- C:\Windows\System\mAhAHeb.exe
  C:\Windows\System\mAhAHeb.exe
  2⤵
  PID:9420
- C:\Windows\System\ZTwvNOL.exe
  C:\Windows\System\ZTwvNOL.exe
  2⤵
  PID:9448
- C:\Windows\System\jajfghV.exe
  C:\Windows\System\jajfghV.exe
  2⤵
  PID:9476
- C:\Windows\System\AcGSopX.exe
  C:\Windows\System\AcGSopX.exe
  2⤵
  PID:9504
- C:\Windows\System\qFVDkqu.exe
  C:\Windows\System\qFVDkqu.exe
  2⤵
  PID:9532
- C:\Windows\System\fGCuhqN.exe
  C:\Windows\System\fGCuhqN.exe
  2⤵
  PID:9560
- C:\Windows\System\OiSOnWD.exe
  C:\Windows\System\OiSOnWD.exe
  2⤵
  PID:9588
- C:\Windows\System\RPNMnwf.exe
  C:\Windows\System\RPNMnwf.exe
  2⤵
  PID:9616
- C:\Windows\System\cJCIsOS.exe
  C:\Windows\System\cJCIsOS.exe
  2⤵
  PID:9644
- C:\Windows\System\jSKrmoW.exe
  C:\Windows\System\jSKrmoW.exe
  2⤵
  PID:9672
- C:\Windows\System\KUMHzhF.exe
  C:\Windows\System\KUMHzhF.exe
  2⤵
  PID:9700
- C:\Windows\System\QBDrVRg.exe
  C:\Windows\System\QBDrVRg.exe
  2⤵
  PID:9728
- C:\Windows\System\qbQWbLs.exe
  C:\Windows\System\qbQWbLs.exe
  2⤵
  PID:9756
- C:\Windows\System\XixBVFu.exe
  C:\Windows\System\XixBVFu.exe
  2⤵
  PID:9784
- C:\Windows\System\ePuRoIW.exe
  C:\Windows\System\ePuRoIW.exe
  2⤵
  PID:9812
- C:\Windows\System\rWNHODM.exe
  C:\Windows\System\rWNHODM.exe
  2⤵
  PID:9840
- C:\Windows\System\TKgyeco.exe
  C:\Windows\System\TKgyeco.exe
  2⤵
  PID:9868
- C:\Windows\System\WoXxPBN.exe
  C:\Windows\System\WoXxPBN.exe
  2⤵
  PID:9896
- C:\Windows\System\nkeNVWS.exe
  C:\Windows\System\nkeNVWS.exe
  2⤵
  PID:9924
- C:\Windows\System\ILfXUMg.exe
  C:\Windows\System\ILfXUMg.exe
  2⤵
  PID:9952
- C:\Windows\System\RrbmduA.exe
  C:\Windows\System\RrbmduA.exe
  2⤵
  PID:9980
- C:\Windows\System\lLZdBHt.exe
  C:\Windows\System\lLZdBHt.exe
  2⤵
  PID:10008
- C:\Windows\System\iuvcYlI.exe
  C:\Windows\System\iuvcYlI.exe
  2⤵
  PID:10036
- C:\Windows\System\Fqekpoi.exe
  C:\Windows\System\Fqekpoi.exe
  2⤵
  PID:10064
- C:\Windows\System\MckPNVI.exe
  C:\Windows\System\MckPNVI.exe
  2⤵
  PID:10092
- C:\Windows\System\lknTcnU.exe
  C:\Windows\System\lknTcnU.exe
  2⤵
  PID:10120
- C:\Windows\System\dJHIENa.exe
  C:\Windows\System\dJHIENa.exe
  2⤵
  PID:10148
- C:\Windows\System\JkigYlz.exe
  C:\Windows\System\JkigYlz.exe
  2⤵
  PID:10180
- C:\Windows\System\rbUktRH.exe
  C:\Windows\System\rbUktRH.exe
  2⤵
  PID:10204
- C:\Windows\System\IISlQWW.exe
  C:\Windows\System\IISlQWW.exe
  2⤵
  PID:10232
- C:\Windows\System\TDghPrK.exe
  C:\Windows\System\TDghPrK.exe
  2⤵
  PID:9264
- C:\Windows\System\RCcVuea.exe
  C:\Windows\System\RCcVuea.exe
  2⤵
  PID:3208
- C:\Windows\System\yIcbezw.exe
  C:\Windows\System\yIcbezw.exe
  2⤵
  PID:9376
- C:\Windows\System\wSOgWWi.exe
  C:\Windows\System\wSOgWWi.exe
  2⤵
  PID:9440
- C:\Windows\System\Tyexybl.exe
  C:\Windows\System\Tyexybl.exe
  2⤵
  PID:9500
- C:\Windows\System\rQQffRv.exe
  C:\Windows\System\rQQffRv.exe
  2⤵
  PID:9572
- C:\Windows\System\CovdbzA.exe
  C:\Windows\System\CovdbzA.exe
  2⤵
  PID:9636
- C:\Windows\System\DkzFUUf.exe
  C:\Windows\System\DkzFUUf.exe
  2⤵
  PID:9696
- C:\Windows\System\anKrPLu.exe
  C:\Windows\System\anKrPLu.exe
  2⤵
  PID:9768
- C:\Windows\System\wvMQsJG.exe
  C:\Windows\System\wvMQsJG.exe
  2⤵
  PID:9832
- C:\Windows\System\GtqkRlI.exe
  C:\Windows\System\GtqkRlI.exe
  2⤵
  PID:9920
- C:\Windows\System\PkBpxkQ.exe
  C:\Windows\System\PkBpxkQ.exe
  2⤵
  PID:9972
- C:\Windows\System\sXpDqQj.exe
  C:\Windows\System\sXpDqQj.exe
  2⤵
  PID:10056
- C:\Windows\System\MqLLwIl.exe
  C:\Windows\System\MqLLwIl.exe
  2⤵
  PID:10088
- C:\Windows\System\gLGjEqc.exe
  C:\Windows\System\gLGjEqc.exe
  2⤵
  PID:10132
- C:\Windows\System\BIBRULD.exe
  C:\Windows\System\BIBRULD.exe
  2⤵
  PID:10224
- C:\Windows\System\kHibpsX.exe
  C:\Windows\System\kHibpsX.exe
  2⤵
  PID:9320
- C:\Windows\System\xqMTLJu.exe
  C:\Windows\System\xqMTLJu.exe
  2⤵
  PID:9496
- C:\Windows\System\NfYbyPG.exe
  C:\Windows\System\NfYbyPG.exe
  2⤵
  PID:9664
- C:\Windows\System\EpNWFQY.exe
  C:\Windows\System\EpNWFQY.exe
  2⤵
  PID:9808
- C:\Windows\System\aejVtjg.exe
  C:\Windows\System\aejVtjg.exe
  2⤵
  PID:9944
- C:\Windows\System\DsztdBO.exe
  C:\Windows\System\DsztdBO.exe
  2⤵
  PID:10116
- C:\Windows\System\FcJHFmT.exe
  C:\Windows\System\FcJHFmT.exe
  2⤵
  PID:9244
- C:\Windows\System\SdYRVjZ.exe
  C:\Windows\System\SdYRVjZ.exe
  2⤵
  PID:9468
- C:\Windows\System\lGilwlO.exe
  C:\Windows\System\lGilwlO.exe
  2⤵
  PID:9796
- C:\Windows\System\MtuCMGG.exe
  C:\Windows\System\MtuCMGG.exe
  2⤵
  PID:10160
- C:\Windows\System\IypKmrP.exe
  C:\Windows\System\IypKmrP.exe
  2⤵
  PID:9724
- C:\Windows\System\XxMfDoV.exe
  C:\Windows\System\XxMfDoV.exe
  2⤵
  PID:9628
- C:\Windows\System\oWkSzZJ.exe
  C:\Windows\System\oWkSzZJ.exe
  2⤵
  PID:10256
- C:\Windows\System\yJZJjZA.exe
  C:\Windows\System\yJZJjZA.exe
  2⤵
  PID:10284
- C:\Windows\System\mEklRXC.exe
  C:\Windows\System\mEklRXC.exe
  2⤵
  PID:10312
- C:\Windows\System\KoRkisX.exe
  C:\Windows\System\KoRkisX.exe
  2⤵
  PID:10340
- C:\Windows\System\Xwbttoq.exe
  C:\Windows\System\Xwbttoq.exe
  2⤵
  PID:10368
- C:\Windows\System\OLTBpaI.exe
  C:\Windows\System\OLTBpaI.exe
  2⤵
  PID:10396
- C:\Windows\System\lpwINnS.exe
  C:\Windows\System\lpwINnS.exe
  2⤵
  PID:10424
- C:\Windows\System\WSpTmSj.exe
  C:\Windows\System\WSpTmSj.exe
  2⤵
  PID:10452
- C:\Windows\System\vSpUowy.exe
  C:\Windows\System\vSpUowy.exe
  2⤵
  PID:10480
- C:\Windows\System\cZlsxfn.exe
  C:\Windows\System\cZlsxfn.exe
  2⤵
  PID:10520
- C:\Windows\System\KwcVcVG.exe
  C:\Windows\System\KwcVcVG.exe
  2⤵
  PID:10536
- C:\Windows\System\sfpWwvb.exe
  C:\Windows\System\sfpWwvb.exe
  2⤵
  PID:10564
- C:\Windows\System\kdBdwac.exe
  C:\Windows\System\kdBdwac.exe
  2⤵
  PID:10592
- C:\Windows\System\GlEXlbX.exe
  C:\Windows\System\GlEXlbX.exe
  2⤵
  PID:10620
- C:\Windows\System\jdecRDm.exe
  C:\Windows\System\jdecRDm.exe
  2⤵
  PID:10648
- C:\Windows\System\UGhMmKE.exe
  C:\Windows\System\UGhMmKE.exe
  2⤵
  PID:10676
- C:\Windows\System\WkTJyBH.exe
  C:\Windows\System\WkTJyBH.exe
  2⤵
  PID:10704
- C:\Windows\System\dnxcVFi.exe
  C:\Windows\System\dnxcVFi.exe
  2⤵
  PID:10732
- C:\Windows\System\fYGdeQk.exe
  C:\Windows\System\fYGdeQk.exe
  2⤵
  PID:10760
- C:\Windows\System\klERJyQ.exe
  C:\Windows\System\klERJyQ.exe
  2⤵
  PID:10788
- C:\Windows\System\vFRvNMr.exe
  C:\Windows\System\vFRvNMr.exe
  2⤵
  PID:10816
- C:\Windows\System\MELxyrE.exe
  C:\Windows\System\MELxyrE.exe
  2⤵
  PID:10844
- C:\Windows\System\AvKOozn.exe
  C:\Windows\System\AvKOozn.exe
  2⤵
  PID:10872
- C:\Windows\System\XPidVLa.exe
  C:\Windows\System\XPidVLa.exe
  2⤵
  PID:10900
- C:\Windows\System\jeaILlF.exe
  C:\Windows\System\jeaILlF.exe
  2⤵
  PID:10928
- C:\Windows\System\qbVFrXj.exe
  C:\Windows\System\qbVFrXj.exe
  2⤵
  PID:10956
- C:\Windows\System\SjkYzQP.exe
  C:\Windows\System\SjkYzQP.exe
  2⤵
  PID:10992
- C:\Windows\System\MHOtxOW.exe
  C:\Windows\System\MHOtxOW.exe
  2⤵
  PID:11012
- C:\Windows\System\vDZpYdV.exe
  C:\Windows\System\vDZpYdV.exe
  2⤵
  PID:11040
- C:\Windows\System\AOAFJju.exe
  C:\Windows\System\AOAFJju.exe
  2⤵
  PID:11068
- C:\Windows\System\xPjHUXs.exe
  C:\Windows\System\xPjHUXs.exe
  2⤵
  PID:11096
- C:\Windows\System\CQtJpgt.exe
  C:\Windows\System\CQtJpgt.exe
  2⤵
  PID:11136
- C:\Windows\System\SzJFkvE.exe
  C:\Windows\System\SzJFkvE.exe
  2⤵
  PID:11152
- C:\Windows\System\GIZgWOb.exe
  C:\Windows\System\GIZgWOb.exe
  2⤵
  PID:11180
- C:\Windows\System\UoMgspi.exe
  C:\Windows\System\UoMgspi.exe
  2⤵
  PID:11208
- C:\Windows\System\AWlgUZF.exe
  C:\Windows\System\AWlgUZF.exe
  2⤵
  PID:11236
- C:\Windows\System\fswZAEA.exe
  C:\Windows\System\fswZAEA.exe
  2⤵
  PID:9432
- C:\Windows\System\cEMkwdd.exe
  C:\Windows\System\cEMkwdd.exe
  2⤵
  PID:10304
- C:\Windows\System\fLxKkfe.exe
  C:\Windows\System\fLxKkfe.exe
  2⤵
  PID:10380
- C:\Windows\System\vWQFKgk.exe
  C:\Windows\System\vWQFKgk.exe
  2⤵
  PID:10436
- C:\Windows\System\nEKQydN.exe
  C:\Windows\System\nEKQydN.exe
  2⤵
  PID:10500
- C:\Windows\System\AlXVqEr.exe
  C:\Windows\System\AlXVqEr.exe
  2⤵
  PID:10560
- C:\Windows\System\TyBvImR.exe
  C:\Windows\System\TyBvImR.exe
  2⤵
  PID:10632
- C:\Windows\System\RdyBtHB.exe
  C:\Windows\System\RdyBtHB.exe
  2⤵
  PID:10696
- C:\Windows\System\LgOcoVt.exe
  C:\Windows\System\LgOcoVt.exe
  2⤵
  PID:10756
- C:\Windows\System\DicBNud.exe
  C:\Windows\System\DicBNud.exe
  2⤵
  PID:10828
- C:\Windows\System\qIZdVjJ.exe
  C:\Windows\System\qIZdVjJ.exe
  2⤵
  PID:10892
- C:\Windows\System\AbDyixp.exe
  C:\Windows\System\AbDyixp.exe
  2⤵
  PID:10952
- C:\Windows\System\dzAlLNS.exe
  C:\Windows\System\dzAlLNS.exe
  2⤵
  PID:11024
- C:\Windows\System\MSqTAom.exe
  C:\Windows\System\MSqTAom.exe
  2⤵
  PID:11088
- C:\Windows\System\HVZQquu.exe
  C:\Windows\System\HVZQquu.exe
  2⤵
  PID:11148
- C:\Windows\System\xpyPQuE.exe
  C:\Windows\System\xpyPQuE.exe
  2⤵
  PID:11220
- C:\Windows\System\chAoUsg.exe
  C:\Windows\System\chAoUsg.exe
  2⤵
  PID:10280
- C:\Windows\System\OflBYMp.exe
  C:\Windows\System\OflBYMp.exe
  2⤵
  PID:10420
- C:\Windows\System\JycJcZE.exe
  C:\Windows\System\JycJcZE.exe
  2⤵
  PID:10588
- C:\Windows\System\HBJQDwn.exe
  C:\Windows\System\HBJQDwn.exe
  2⤵
  PID:10744
- C:\Windows\System\GlhijBm.exe
  C:\Windows\System\GlhijBm.exe
  2⤵
  PID:10884
- C:\Windows\System\uYpzeaK.exe
  C:\Windows\System\uYpzeaK.exe
  2⤵
  PID:11052
- C:\Windows\System\XjVBIke.exe
  C:\Windows\System\XjVBIke.exe
  2⤵
  PID:11200
- C:\Windows\System\yZVpcLL.exe
  C:\Windows\System\yZVpcLL.exe
  2⤵
  PID:10416
- C:\Windows\System\ggFjbfN.exe
  C:\Windows\System\ggFjbfN.exe
  2⤵
  PID:10808
- C:\Windows\System\FzhdUkV.exe
  C:\Windows\System\FzhdUkV.exe
  2⤵
  PID:11144
- C:\Windows\System\aJjyMiP.exe
  C:\Windows\System\aJjyMiP.exe
  2⤵
  PID:10724
- C:\Windows\System\kQVUiAh.exe
  C:\Windows\System\kQVUiAh.exe
  2⤵
  PID:11116
- C:\Windows\System\bJecunT.exe
  C:\Windows\System\bJecunT.exe
  2⤵
  PID:11284
- C:\Windows\System\CbevBZj.exe
  C:\Windows\System\CbevBZj.exe
  2⤵
  PID:11312
- C:\Windows\System\aWBNwIO.exe
  C:\Windows\System\aWBNwIO.exe
  2⤵
  PID:11340
- C:\Windows\System\xlteOFt.exe
  C:\Windows\System\xlteOFt.exe
  2⤵
  PID:11368
- C:\Windows\System\LcKdfRl.exe
  C:\Windows\System\LcKdfRl.exe
  2⤵
  PID:11396
- C:\Windows\System\NIPbgdf.exe
  C:\Windows\System\NIPbgdf.exe
  2⤵
  PID:11424
- C:\Windows\System\BOOxUee.exe
  C:\Windows\System\BOOxUee.exe
  2⤵
  PID:11452
- C:\Windows\System\nYoLeah.exe
  C:\Windows\System\nYoLeah.exe
  2⤵
  PID:11480
- C:\Windows\System\qWDNNNR.exe
  C:\Windows\System\qWDNNNR.exe
  2⤵
  PID:11508
- C:\Windows\System\figvbjI.exe
  C:\Windows\System\figvbjI.exe
  2⤵
  PID:11536
- C:\Windows\System\WedeTEj.exe
  C:\Windows\System\WedeTEj.exe
  2⤵
  PID:11564
- C:\Windows\System\AJYHbXC.exe
  C:\Windows\System\AJYHbXC.exe
  2⤵
  PID:11592
- C:\Windows\System\fXpzwHR.exe
  C:\Windows\System\fXpzwHR.exe
  2⤵
  PID:11620
- C:\Windows\System\TylVJjb.exe
  C:\Windows\System\TylVJjb.exe
  2⤵
  PID:11648
- C:\Windows\System\sotyDVY.exe
  C:\Windows\System\sotyDVY.exe
  2⤵
  PID:11676
- C:\Windows\System\gXrMETd.exe
  C:\Windows\System\gXrMETd.exe
  2⤵
  PID:11704
- C:\Windows\System\lMKktqT.exe
  C:\Windows\System\lMKktqT.exe
  2⤵
  PID:11732
- C:\Windows\System\FlJJCwZ.exe
  C:\Windows\System\FlJJCwZ.exe
  2⤵
  PID:11760
- C:\Windows\System\IzDgwCo.exe
  C:\Windows\System\IzDgwCo.exe
  2⤵
  PID:11788
- C:\Windows\System\LEmlKUc.exe
  C:\Windows\System\LEmlKUc.exe
  2⤵
  PID:11816
- C:\Windows\System\EZeLNEd.exe
  C:\Windows\System\EZeLNEd.exe
  2⤵
  PID:11844
- C:\Windows\System\irvqFWj.exe
  C:\Windows\System\irvqFWj.exe
  2⤵
  PID:11872
- C:\Windows\System\DwogmBc.exe
  C:\Windows\System\DwogmBc.exe
  2⤵
  PID:11900
- C:\Windows\System\wYOcqMj.exe
  C:\Windows\System\wYOcqMj.exe
  2⤵
  PID:11928
- C:\Windows\System\qYasVvT.exe
  C:\Windows\System\qYasVvT.exe
  2⤵
  PID:11956
- C:\Windows\System\mQPfvBk.exe
  C:\Windows\System\mQPfvBk.exe
  2⤵
  PID:11984
- C:\Windows\System\ENoyvuy.exe
  C:\Windows\System\ENoyvuy.exe
  2⤵
  PID:12012
- C:\Windows\System\yvUBajF.exe
  C:\Windows\System\yvUBajF.exe
  2⤵
  PID:12040
- C:\Windows\System\UzNwGpt.exe
  C:\Windows\System\UzNwGpt.exe
  2⤵
  PID:12068
- C:\Windows\System\jUBNIPq.exe
  C:\Windows\System\jUBNIPq.exe
  2⤵
  PID:12096
- C:\Windows\System\wVNsMDh.exe
  C:\Windows\System\wVNsMDh.exe
  2⤵
  PID:12124
- C:\Windows\System\FmdeNVi.exe
  C:\Windows\System\FmdeNVi.exe
  2⤵
  PID:12148
- C:\Windows\System\XeTsCSX.exe
  C:\Windows\System\XeTsCSX.exe
  2⤵
  PID:12172
- C:\Windows\System\accAYkB.exe
  C:\Windows\System\accAYkB.exe
  2⤵
  PID:12216
- C:\Windows\System\ySuSvVb.exe
  C:\Windows\System\ySuSvVb.exe
  2⤵
  PID:12240
- C:\Windows\System\GVPlMNR.exe
  C:\Windows\System\GVPlMNR.exe
  2⤵
  PID:12276
- C:\Windows\System\jDJsXdH.exe
  C:\Windows\System\jDJsXdH.exe
  2⤵
  PID:11304
- C:\Windows\System\SsmWBfP.exe
  C:\Windows\System\SsmWBfP.exe
  2⤵
  PID:11364
- C:\Windows\System\LattzxZ.exe
  C:\Windows\System\LattzxZ.exe
  2⤵
  PID:11436
- C:\Windows\System\uksqWSE.exe
  C:\Windows\System\uksqWSE.exe
  2⤵
  PID:11500
- C:\Windows\System\hdWoctX.exe
  C:\Windows\System\hdWoctX.exe
  2⤵
  PID:11560
- C:\Windows\System\MbSFmdt.exe
  C:\Windows\System\MbSFmdt.exe
  2⤵
  PID:11632
- C:\Windows\System\cvkLUZh.exe
  C:\Windows\System\cvkLUZh.exe
  2⤵
  PID:11696
- C:\Windows\System\KGkjiTW.exe
  C:\Windows\System\KGkjiTW.exe
  2⤵
  PID:11756
- C:\Windows\System\VjbbHrc.exe
  C:\Windows\System\VjbbHrc.exe
  2⤵
  PID:11856
- C:\Windows\System\mYKEBcz.exe
  C:\Windows\System\mYKEBcz.exe
  2⤵
  PID:11892
- C:\Windows\System\BgxzZeQ.exe
  C:\Windows\System\BgxzZeQ.exe
  2⤵
  PID:11952
- C:\Windows\System\ZYQtGLT.exe
  C:\Windows\System\ZYQtGLT.exe
  2⤵
  PID:12024
- C:\Windows\System\dyqtAYz.exe
  C:\Windows\System\dyqtAYz.exe
  2⤵
  PID:12088
- C:\Windows\System\TSQXBRM.exe
  C:\Windows\System\TSQXBRM.exe
  2⤵
  PID:12136
- C:\Windows\System\PJasseg.exe
  C:\Windows\System\PJasseg.exe
  2⤵
  PID:12132
- C:\Windows\System\zheXtLP.exe
  C:\Windows\System\zheXtLP.exe
  2⤵
  PID:12232
- C:\Windows\System\WggIRgt.exe
  C:\Windows\System\WggIRgt.exe
  2⤵
  PID:11296
- C:\Windows\System\YVsaNAl.exe
  C:\Windows\System\YVsaNAl.exe
  2⤵
  PID:11420
- C:\Windows\System\HJApCmH.exe
  C:\Windows\System\HJApCmH.exe
  2⤵
  PID:11588
- C:\Windows\System\GXetvwm.exe
  C:\Windows\System\GXetvwm.exe
  2⤵
  PID:11744
- C:\Windows\System\tJyhNCX.exe
  C:\Windows\System\tJyhNCX.exe
  2⤵
  PID:11884
- C:\Windows\System\XJbywZU.exe
  C:\Windows\System\XJbywZU.exe
  2⤵
  PID:12008
- C:\Windows\System\NoLbyyN.exe
  C:\Windows\System\NoLbyyN.exe
  2⤵
  PID:12160
- C:\Windows\System\QSiKIpX.exe
  C:\Windows\System\QSiKIpX.exe
  2⤵
  PID:11268
- C:\Windows\System\UkOYxJL.exe
  C:\Windows\System\UkOYxJL.exe
  2⤵
  PID:11556
- C:\Windows\System\TaCqylH.exe
  C:\Windows\System\TaCqylH.exe
  2⤵
  PID:11940
- C:\Windows\System\CnFPKoN.exe
  C:\Windows\System\CnFPKoN.exe
  2⤵
  PID:12228
- C:\Windows\System\fGslDFS.exe
  C:\Windows\System\fGslDFS.exe
  2⤵
  PID:11868
- C:\Windows\System\RHAQNvj.exe
  C:\Windows\System\RHAQNvj.exe
  2⤵
  PID:12204
- C:\Windows\System\CxiybDr.exe
  C:\Windows\System\CxiybDr.exe
  2⤵
  PID:12308
- C:\Windows\System\uKHBaCC.exe
  C:\Windows\System\uKHBaCC.exe
  2⤵
  PID:12336
- C:\Windows\System\iqSKWZM.exe
  C:\Windows\System\iqSKWZM.exe
  2⤵
  PID:12364
- C:\Windows\System\XBuIIyv.exe
  C:\Windows\System\XBuIIyv.exe
  2⤵
  PID:12392
- C:\Windows\System\EvstWkF.exe
  C:\Windows\System\EvstWkF.exe
  2⤵
  PID:12420
- C:\Windows\System\hfwbfrR.exe
  C:\Windows\System\hfwbfrR.exe
  2⤵
  PID:12448
- C:\Windows\System\pjNxVSM.exe
  C:\Windows\System\pjNxVSM.exe
  2⤵
  PID:12476
- C:\Windows\System\riRQOYi.exe
  C:\Windows\System\riRQOYi.exe
  2⤵
  PID:12504
- C:\Windows\System\AbLXNSj.exe
  C:\Windows\System\AbLXNSj.exe
  2⤵
  PID:12532
- C:\Windows\System\DhXuYze.exe
  C:\Windows\System\DhXuYze.exe
  2⤵
  PID:12560
- C:\Windows\System\SaulCBQ.exe
  C:\Windows\System\SaulCBQ.exe
  2⤵
  PID:12588
- C:\Windows\System\LXMsrnF.exe
  C:\Windows\System\LXMsrnF.exe
  2⤵
  PID:12616
- C:\Windows\System\txbWsWL.exe
  C:\Windows\System\txbWsWL.exe
  2⤵
  PID:12644
- C:\Windows\System\AHkAFSU.exe
  C:\Windows\System\AHkAFSU.exe
  2⤵
  PID:12672
- C:\Windows\System\qPCDtle.exe
  C:\Windows\System\qPCDtle.exe
  2⤵
  PID:12700
- C:\Windows\System\KLwltCV.exe
  C:\Windows\System\KLwltCV.exe
  2⤵
  PID:12728
- C:\Windows\System\vfCUHkm.exe
  C:\Windows\System\vfCUHkm.exe
  2⤵
  PID:12756
- C:\Windows\System\ikFidAz.exe
  C:\Windows\System\ikFidAz.exe
  2⤵
  PID:12792
- C:\Windows\System\ZuZbDUm.exe
  C:\Windows\System\ZuZbDUm.exe
  2⤵
  PID:12816
- C:\Windows\System\OINTjUC.exe
  C:\Windows\System\OINTjUC.exe
  2⤵
  PID:12840
- C:\Windows\System\EVsDbOu.exe
  C:\Windows\System\EVsDbOu.exe
  2⤵
  PID:12880
- C:\Windows\System\txaigwK.exe
  C:\Windows\System\txaigwK.exe
  2⤵
  PID:12908
- C:\Windows\System\WGcqdSD.exe
  C:\Windows\System\WGcqdSD.exe
  2⤵
  PID:12936
- C:\Windows\System\ISSZgWi.exe
  C:\Windows\System\ISSZgWi.exe
  2⤵
  PID:12964
- C:\Windows\System\VUZSDlK.exe
  C:\Windows\System\VUZSDlK.exe
  2⤵
  PID:13004
- C:\Windows\System\aOYPylN.exe
  C:\Windows\System\aOYPylN.exe
  2⤵
  PID:13020
- C:\Windows\System\qclfgiG.exe
  C:\Windows\System\qclfgiG.exe
  2⤵
  PID:13048
- C:\Windows\System\ioPDnCh.exe
  C:\Windows\System\ioPDnCh.exe
  2⤵
  PID:13084
- C:\Windows\System\nEyEaKe.exe
  C:\Windows\System\nEyEaKe.exe
  2⤵
  PID:13104
- C:\Windows\System\FkPVVFI.exe
  C:\Windows\System\FkPVVFI.exe
  2⤵
  PID:13132
- C:\Windows\System\TraWkFu.exe
  C:\Windows\System\TraWkFu.exe
  2⤵
  PID:13160
- C:\Windows\System\Gtocgzo.exe
  C:\Windows\System\Gtocgzo.exe
  2⤵
  PID:13188
- C:\Windows\System\JYedCdQ.exe
  C:\Windows\System\JYedCdQ.exe
  2⤵
  PID:13216
- C:\Windows\System\YfJbwlp.exe
  C:\Windows\System\YfJbwlp.exe
  2⤵
  PID:13244
- C:\Windows\System\ywFzQIX.exe
  C:\Windows\System\ywFzQIX.exe
  2⤵
  PID:13272
- C:\Windows\System\EkQTFGl.exe
  C:\Windows\System\EkQTFGl.exe
  2⤵
  PID:13300
- C:\Windows\System\SeiLgCh.exe
  C:\Windows\System\SeiLgCh.exe
  2⤵
  PID:12348
- C:\Windows\System\ihIKLZy.exe
  C:\Windows\System\ihIKLZy.exe
  2⤵
  PID:12388
- C:\Windows\System\yQuzEsB.exe
  C:\Windows\System\yQuzEsB.exe
  2⤵
  PID:12460
- C:\Windows\System\ZHpVNjq.exe
  C:\Windows\System\ZHpVNjq.exe
  2⤵
  PID:12524
- C:\Windows\System\eAspWVB.exe
  C:\Windows\System\eAspWVB.exe
  2⤵
  PID:12584
- C:\Windows\System\xmuPPtk.exe
  C:\Windows\System\xmuPPtk.exe
  2⤵
  PID:12656
- C:\Windows\System\qIWqQKA.exe
  C:\Windows\System\qIWqQKA.exe
  2⤵
  PID:12724
- C:\Windows\System\DYqeYOW.exe
  C:\Windows\System\DYqeYOW.exe
  2⤵
  PID:12780
- C:\Windows\System\HItzrSA.exe
  C:\Windows\System\HItzrSA.exe
  2⤵
  PID:12824
- C:\Windows\System\SLPaNEI.exe
  C:\Windows\System\SLPaNEI.exe
  2⤵
  PID:12872
- C:\Windows\System\jSGwsdI.exe
  C:\Windows\System\jSGwsdI.exe
  2⤵
  PID:12948
- C:\Windows\System\UicDbBR.exe
  C:\Windows\System\UicDbBR.exe
  2⤵
  PID:13016
- C:\Windows\System\MOztfho.exe
  C:\Windows\System\MOztfho.exe
  2⤵
  PID:13060
- C:\Windows\System\jkhwPuB.exe
  C:\Windows\System\jkhwPuB.exe
  2⤵
  PID:13124
- C:\Windows\System\samLjmk.exe
  C:\Windows\System\samLjmk.exe
  2⤵
  PID:13156
- C:\Windows\System\IphIIMi.exe
  C:\Windows\System\IphIIMi.exe
  2⤵
  PID:13212
- C:\Windows\System\zyMiHMD.exe
  C:\Windows\System\zyMiHMD.exe
  2⤵
  PID:12376
- C:\Windows\System\RAnuxVo.exe
  C:\Windows\System\RAnuxVo.exe
  2⤵
  PID:12580
- C:\Windows\System\aXlNOQw.exe
  C:\Windows\System\aXlNOQw.exe
  2⤵
  PID:12712
- C:\Windows\System\SVEwokk.exe
  C:\Windows\System\SVEwokk.exe
  2⤵
  PID:12804
- C:\Windows\System\HJtybaL.exe
  C:\Windows\System\HJtybaL.exe
  2⤵
  PID:4684
- C:\Windows\System\wXXXXJv.exe
  C:\Windows\System\wXXXXJv.exe
  2⤵
  PID:5624
- C:\Windows\System\CarQwuI.exe
  C:\Windows\System\CarQwuI.exe
  2⤵
  PID:13012
- C:\Windows\System\AmMhpwZ.exe
  C:\Windows\System\AmMhpwZ.exe
  2⤵
  PID:13208
- C:\Windows\System\tfZrDrA.exe
  C:\Windows\System\tfZrDrA.exe
  2⤵
  PID:13144
- C:\Windows\System\BundxXV.exe
  C:\Windows\System\BundxXV.exe
  2⤵
  PID:13000
- C:\Windows\System\SxscjCq.exe
  C:\Windows\System\SxscjCq.exe
  2⤵
  PID:3696
- C:\Windows\System\BGFsyqx.exe
  C:\Windows\System\BGFsyqx.exe
  2⤵
  PID:4824
- C:\Windows\System\wTbyKfe.exe
  C:\Windows\System\wTbyKfe.exe
  2⤵
  PID:2468
- C:\Windows\System\ebEAiAt.exe
  C:\Windows\System\ebEAiAt.exe
  2⤵
  PID:13336
- C:\Windows\System\mLaSXfU.exe
  C:\Windows\System\mLaSXfU.exe
  2⤵
  PID:13412
- C:\Windows\System\oBUqvYs.exe
  C:\Windows\System\oBUqvYs.exe
  2⤵
  PID:13436
- C:\Windows\System\YkKRfXn.exe
  C:\Windows\System\YkKRfXn.exe
  2⤵
  PID:13464
- C:\Windows\System\PJZSPak.exe
  C:\Windows\System\PJZSPak.exe
  2⤵
  PID:13492
- C:\Windows\System\rQvTDmy.exe
  C:\Windows\System\rQvTDmy.exe
  2⤵
  PID:13520
- C:\Windows\System\LCygBxU.exe
  C:\Windows\System\LCygBxU.exe
  2⤵
  PID:13548
- C:\Windows\System\ThyIrjA.exe
  C:\Windows\System\ThyIrjA.exe
  2⤵
  PID:13576
- C:\Windows\System\ZDMtAey.exe
  C:\Windows\System\ZDMtAey.exe
  2⤵
  PID:13604
- C:\Windows\System\LEbtGtO.exe
  C:\Windows\System\LEbtGtO.exe
  2⤵
  PID:13632
- C:\Windows\System\oBHsUop.exe
  C:\Windows\System\oBHsUop.exe
  2⤵
  PID:13660
- C:\Windows\System\stjeWuS.exe
  C:\Windows\System\stjeWuS.exe
  2⤵
  PID:13696
- C:\Windows\System\fTvIExB.exe
  C:\Windows\System\fTvIExB.exe
  2⤵
  PID:13716
- C:\Windows\System\MhLdEPX.exe
  C:\Windows\System\MhLdEPX.exe
  2⤵
  PID:13744
- C:\Windows\System\ivqjVss.exe
  C:\Windows\System\ivqjVss.exe
  2⤵
  PID:13772
- C:\Windows\System\whWdJvR.exe
  C:\Windows\System\whWdJvR.exe
  2⤵
  PID:13800
- C:\Windows\System\JwIiYWu.exe
  C:\Windows\System\JwIiYWu.exe
  2⤵
  PID:13828
- C:\Windows\System\WdfCtmx.exe
  C:\Windows\System\WdfCtmx.exe
  2⤵
  PID:13856
- C:\Windows\System\QEZGAYS.exe
  C:\Windows\System\QEZGAYS.exe
  2⤵
  PID:13884
- C:\Windows\System\rpvKPKZ.exe
  C:\Windows\System\rpvKPKZ.exe
  2⤵
  PID:13912
- C:\Windows\System\iuwxcqS.exe
  C:\Windows\System\iuwxcqS.exe
  2⤵
  PID:13940
- C:\Windows\System\kjcUkhQ.exe
  C:\Windows\System\kjcUkhQ.exe
  2⤵
  PID:13968
- C:\Windows\System\xAVHTku.exe
  C:\Windows\System\xAVHTku.exe
  2⤵
  PID:13996
- C:\Windows\System\esWnkkO.exe
  C:\Windows\System\esWnkkO.exe
  2⤵
  PID:14024
- C:\Windows\System\BMLfsDz.exe
  C:\Windows\System\BMLfsDz.exe
  2⤵
  PID:14052
- C:\Windows\System\cZNVKYM.exe
  C:\Windows\System\cZNVKYM.exe
  2⤵
  PID:14080
- C:\Windows\System\hTGZzul.exe
  C:\Windows\System\hTGZzul.exe
  2⤵
  PID:14108
- C:\Windows\System\YuWmWKd.exe
  C:\Windows\System\YuWmWKd.exe
  2⤵
  PID:14136
- C:\Windows\System\KiBYytt.exe
  C:\Windows\System\KiBYytt.exe
  2⤵
  PID:14164
- C:\Windows\System\jpFZFWi.exe
  C:\Windows\System\jpFZFWi.exe
  2⤵
  PID:14192
- C:\Windows\System\nIphuHT.exe
  C:\Windows\System\nIphuHT.exe
  2⤵
  PID:14220
- C:\Windows\System\DYwwRhN.exe
  C:\Windows\System\DYwwRhN.exe
  2⤵
  PID:14248
- C:\Windows\System\nKWMglK.exe
  C:\Windows\System\nKWMglK.exe
  2⤵
  PID:14276
- C:\Windows\System\pvTOVBX.exe
  C:\Windows\System\pvTOVBX.exe
  2⤵
  PID:14304
- C:\Windows\System\NqZsmLi.exe
  C:\Windows\System\NqZsmLi.exe
  2⤵
  PID:14332
- C:\Windows\System\KiUvKpq.exe
  C:\Windows\System\KiUvKpq.exe
  2⤵
  PID:12892
- C:\Windows\System\DJDPTPs.exe
  C:\Windows\System\DJDPTPs.exe
  2⤵
  PID:5672
- C:\Windows\System\vPFmtaF.exe
  C:\Windows\System\vPFmtaF.exe
  2⤵
  PID:4660
- C:\Windows\System\IesgILP.exe
  C:\Windows\System\IesgILP.exe
  2⤵
  PID:13368
- C:\Windows\System\jVrHDfz.exe
  C:\Windows\System\jVrHDfz.exe
  2⤵
  PID:12812
- C:\Windows\System\MaNxQAD.exe
  C:\Windows\System\MaNxQAD.exe
  2⤵
  PID:672
- C:\Windows\System\winKyXD.exe
  C:\Windows\System\winKyXD.exe
  2⤵
  PID:812
- C:\Windows\System\abXIdUU.exe
  C:\Windows\System\abXIdUU.exe
  2⤵
  PID:2512
- C:\Windows\System\ESaBMjS.exe
  C:\Windows\System\ESaBMjS.exe
  2⤵
  PID:4092
- C:\Windows\System\ufWSKUu.exe
  C:\Windows\System\ufWSKUu.exe
  2⤵
  PID:13448
- C:\Windows\System\ePZOpbR.exe
  C:\Windows\System\ePZOpbR.exe
  2⤵
  PID:13504
- C:\Windows\System\ZaKxxct.exe
  C:\Windows\System\ZaKxxct.exe
  2⤵
  PID:13568
- C:\Windows\System\FiUkJqR.exe
  C:\Windows\System\FiUkJqR.exe
  2⤵
  PID:13628
- C:\Windows\System\AchSeim.exe
  C:\Windows\System\AchSeim.exe
  2⤵
  PID:13704
- C:\Windows\System\sDiwygS.exe
  C:\Windows\System\sDiwygS.exe
  2⤵
  PID:13764
- C:\Windows\System\nZpKPNj.exe
  C:\Windows\System\nZpKPNj.exe
  2⤵
  PID:13824
- C:\Windows\System\aVWlZcy.exe
  C:\Windows\System\aVWlZcy.exe
  2⤵
  PID:13896
- C:\Windows\System\tcrIgNf.exe
  C:\Windows\System\tcrIgNf.exe
  2⤵
  PID:13960
- C:\Windows\System\jlyAzEK.exe
  C:\Windows\System\jlyAzEK.exe
  2⤵
  PID:14020
- C:\Windows\System\FydxAFA.exe
  C:\Windows\System\FydxAFA.exe
  2⤵
  PID:14128
- C:\Windows\System\eNyvuZw.exe
  C:\Windows\System\eNyvuZw.exe
  2⤵
  PID:14160
- C:\Windows\System\zssGCnd.exe
  C:\Windows\System\zssGCnd.exe
  2⤵
  PID:14232
- C:\Windows\System\arYfsIv.exe
  C:\Windows\System\arYfsIv.exe
  2⤵
  PID:14296
- C:\Windows\System\pvYkUun.exe
  C:\Windows\System\pvYkUun.exe
  2⤵
  PID:12292
- C:\Windows\System\gmVavNx.exe
  C:\Windows\System\gmVavNx.exe
  2⤵
  PID:13316
- C:\Windows\System\PhUBgga.exe
  C:\Windows\System\PhUBgga.exe
  2⤵
  PID:4724
- C:\Windows\System\OzaHNbF.exe
  C:\Windows\System\OzaHNbF.exe
  2⤵
  PID:32
- C:\Windows\System\MpBuDrZ.exe
  C:\Windows\System\MpBuDrZ.exe
  2⤵
  PID:13460
- C:\Windows\System\FeOjNWR.exe
  C:\Windows\System\FeOjNWR.exe
  2⤵
  PID:13616
- C:\Windows\System\DHFyprY.exe
  C:\Windows\System\DHFyprY.exe
  2⤵
  PID:13756
- C:\Windows\System\xgZwUrD.exe
  C:\Windows\System\xgZwUrD.exe
  2⤵
  PID:5080
- C:\Windows\System\iHvDdZq.exe
  C:\Windows\System\iHvDdZq.exe
  2⤵
  PID:13880
- C:\Windows\System\wUyRqqU.exe
  C:\Windows\System\wUyRqqU.exe
  2⤵
  PID:14048
- C:\Windows\System\MiyOAcV.exe
  C:\Windows\System\MiyOAcV.exe
  2⤵
  PID:14212
- C:\Windows\System\GMDAvqc.exe
  C:\Windows\System\GMDAvqc.exe
  2⤵
  PID:13292
- C:\Windows\System\NGjtrQk.exe
  C:\Windows\System\NGjtrQk.exe
  2⤵
  PID:5864
- C:\Windows\System\WKwvWVG.exe
  C:\Windows\System\WKwvWVG.exe
  2⤵
  PID:13560
- C:\Windows\System\IzhjDuZ.exe
  C:\Windows\System\IzhjDuZ.exe
  2⤵
  PID:2104
- C:\Windows\System\ixdNPPL.exe
  C:\Windows\System\ixdNPPL.exe
  2⤵
  PID:14076
- C:\Windows\System\RVhMrcp.exe
  C:\Windows\System\RVhMrcp.exe
  2⤵
  PID:13096
- C:\Windows\System\vYNGOCC.exe
  C:\Windows\System\vYNGOCC.exe
  2⤵
  PID:5008
- C:\Windows\System\IPlUkmr.exe
  C:\Windows\System\IPlUkmr.exe
  2⤵
  PID:1132
- C:\Windows\System\vFFbeZY.exe
  C:\Windows\System\vFFbeZY.exe
  2⤵
  PID:3980
- C:\Windows\System\VPwZKBR.exe
  C:\Windows\System\VPwZKBR.exe
  2⤵
  PID:14364
- C:\Windows\System\zzyucMt.exe
  C:\Windows\System\zzyucMt.exe
  2⤵
  PID:14392
- C:\Windows\System\AFJmepZ.exe
  C:\Windows\System\AFJmepZ.exe
  2⤵
  PID:14420
- C:\Windows\System\VoMeAHO.exe
  C:\Windows\System\VoMeAHO.exe
  2⤵
  PID:14448
- C:\Windows\System\LvnAcFb.exe
  C:\Windows\System\LvnAcFb.exe
  2⤵
  PID:14476
- C:\Windows\System\XHQJyKz.exe
  C:\Windows\System\XHQJyKz.exe
  2⤵
  PID:14504
- C:\Windows\System\popSziA.exe
  C:\Windows\System\popSziA.exe
  2⤵
  PID:14532
- C:\Windows\System\DiNIAPX.exe
  C:\Windows\System\DiNIAPX.exe
  2⤵
  PID:14560
- C:\Windows\System\suYCroZ.exe
  C:\Windows\System\suYCroZ.exe
  2⤵
  PID:14588
- C:\Windows\System\OBDphYY.exe
  C:\Windows\System\OBDphYY.exe
  2⤵
  PID:14616
- C:\Windows\System\tkjqYBZ.exe
  C:\Windows\System\tkjqYBZ.exe
  2⤵
  PID:14644
- C:\Windows\System\tNmBZvf.exe
  C:\Windows\System\tNmBZvf.exe
  2⤵
  PID:14672
- C:\Windows\System\MtrSNXt.exe
  C:\Windows\System\MtrSNXt.exe
  2⤵
  PID:14700
- C:\Windows\System\NTPLtaE.exe
  C:\Windows\System\NTPLtaE.exe
  2⤵
  PID:14728
- C:\Windows\System\sxCsfEz.exe
  C:\Windows\System\sxCsfEz.exe
  2⤵
  PID:14760
- C:\Windows\System\XmqztLl.exe
  C:\Windows\System\XmqztLl.exe
  2⤵
  PID:14788
- C:\Windows\System\TzRDWFD.exe
  C:\Windows\System\TzRDWFD.exe
  2⤵
  PID:14816
- C:\Windows\System\TEuzhuL.exe
  C:\Windows\System\TEuzhuL.exe
  2⤵
  PID:14844
- C:\Windows\System\LzNwqFj.exe
  C:\Windows\System\LzNwqFj.exe
  2⤵
  PID:14872
- C:\Windows\System\zKIHPwM.exe
  C:\Windows\System\zKIHPwM.exe
  2⤵
  PID:14900
- C:\Windows\System\bMnVZhj.exe
  C:\Windows\System\bMnVZhj.exe
  2⤵
  PID:14928
- C:\Windows\System\PFvnuwQ.exe
  C:\Windows\System\PFvnuwQ.exe
  2⤵
  PID:14956
- C:\Windows\System\vkaCIAk.exe
  C:\Windows\System\vkaCIAk.exe
  2⤵
  PID:14984
- C:\Windows\System\sPyIkwc.exe
  C:\Windows\System\sPyIkwc.exe
  2⤵
  PID:15012
- C:\Windows\System\OsHLjZG.exe
  C:\Windows\System\OsHLjZG.exe
  2⤵
  PID:15052
- C:\Windows\System\HbxSNqO.exe
  C:\Windows\System\HbxSNqO.exe
  2⤵
  PID:15068
- C:\Windows\System\qxRrooe.exe
  C:\Windows\System\qxRrooe.exe
  2⤵
  PID:15096
- C:\Windows\System\pTMHFmg.exe
  C:\Windows\System\pTMHFmg.exe
  2⤵
  PID:15124
- C:\Windows\System\dQxEHXp.exe
  C:\Windows\System\dQxEHXp.exe
  2⤵
  PID:15152
- C:\Windows\System\FyRmYlG.exe
  C:\Windows\System\FyRmYlG.exe
  2⤵
  PID:15180
- C:\Windows\System\Bnwngqd.exe
  C:\Windows\System\Bnwngqd.exe
  2⤵
  PID:15208
- C:\Windows\System\BamfNth.exe
  C:\Windows\System\BamfNth.exe
  2⤵
  PID:15236
- C:\Windows\System\FqnMJeL.exe
  C:\Windows\System\FqnMJeL.exe
  2⤵
  PID:15264
- C:\Windows\System\TnioMWI.exe
  C:\Windows\System\TnioMWI.exe
  2⤵
  PID:15292
- C:\Windows\System\ivnXXer.exe
  C:\Windows\System\ivnXXer.exe
  2⤵
  PID:15320
- C:\Windows\System\XgxfcMd.exe
  C:\Windows\System\XgxfcMd.exe
  2⤵
  PID:15348
- C:\Windows\System\KOtbMZj.exe
  C:\Windows\System\KOtbMZj.exe
  2⤵
  PID:14384
- C:\Windows\System\CKJPdYk.exe
  C:\Windows\System\CKJPdYk.exe
  2⤵
  PID:14444
- C:\Windows\System\TvlHRkI.exe
  C:\Windows\System\TvlHRkI.exe
  2⤵
  PID:14516
- C:\Windows\System\VZQOXck.exe
  C:\Windows\System\VZQOXck.exe
  2⤵
  PID:14580
- C:\Windows\System\IuhnoAZ.exe
  C:\Windows\System\IuhnoAZ.exe
  2⤵
  PID:14640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AwdaouO.exe

Filesize
6.1MB

MD5
752c995dad1bc85f0e04b125c54ddfa0

SHA1
35dd67b7dc9adf9104615621fbcf2f46679a5483

SHA256
ab6fb0ae60c1ec4c2d1948b19948d162492dfe685d3746577b92287023d3a52c

SHA512
2e07e214850f938c6b73fb74966d97b03b9e5a08511d14095903131cba4f9619b87aa5b92164fa71fd1d1b1cd566ffa855038eb9fa08603eeb51d08d3570df63

Download Submit
C:\Windows\System\FLaCCSG.exe

Filesize
6.1MB

MD5
d007856802e2232968df37d2bb828c4c

SHA1
99b57c2d36b1fee317fa2e623d75e2ab1f933547

SHA256
89bb92fb2f7faf655d84e443877fa447de2e4e7034cc479cab342eac36fec436

SHA512
1faddba354254da30716243e6dc2f7fde5f3c1727c0c6fca0e7e537a1102ce18f344957c9326aff54b9e37e3d3f5314a55e1dc33434f41699f1cd5df574388ff

Download Submit
C:\Windows\System\HsNBWRt.exe

Filesize
6.1MB

MD5
4efd5af88c236ce9ebef7eb370107aa2

SHA1
1c65995861de1f553dac4dd07b9b528a2574ab9a

SHA256
554f148d5812ffa26bc597a015545c1d26ca48dacf44c515bf74c56bcf585d45

SHA512
a41c894dea5e821a7444a92267cb1f204dc4a9819a1dc6b64ce23704b4f2610c30ec53e79bac2a0920b6c6b27756b3019423fd3eddeefa96aaf4332cae0d7130

Download Submit
C:\Windows\System\HtxOEuR.exe

Filesize
6.1MB

MD5
39b8e54421a7765633ec1c6ba3a3046f

SHA1
daf2a5b22c61566549a24a72c4a5e35230e5fc17

SHA256
47164d4b1bb875efa67abc30a72a7904ba9d82908058d177858e3f86f4150342

SHA512
9d4b277e737f6e60a61496c1ae1c7fd6c53bacf7aa45c316e4dbd0acf474c59c563dca0599fccf1ecfcd621bf6af4be9eb211b923ee60df6f34c5b2b83811757

Download Submit
C:\Windows\System\KtDwYme.exe

Filesize
6.1MB

MD5
f70b5eb2ab61467c334011c11d0f893f

SHA1
6a6b171fb15684ee280faabf592dd35f95a7d991

SHA256
f841083fe8ce9792e21703f3c9d271616649a9cf6caf03ed8f8f38c215a161f0

SHA512
c1efb7ea7d5040193f74ec78d44ba813f7e7b38888d26c54ff99aae5457221784be078ec36922b02aa7d281422dfe3dd1f5947662da4a551da02b5d114d8c78a

Download Submit
C:\Windows\System\LBXXnfx.exe

Filesize
6.1MB

MD5
5b023cdbbaccf2888fe9580642652d5c

SHA1
63b5890eef9df480f7aa918c24edefb10301982c

SHA256
e2cabe046bafe6b5dfa33d7cffc0220775a18dba90414f19de89fba0a33f450b

SHA512
371c93a1acc5db494b4ac1ab2508853cc018839bcdc34ccc12eefdb6410e3667dc4c5389cfc10e56d1e76383564d52f5c80101f6594a5aa780966ce737259ada

Download Submit
C:\Windows\System\LPBMuxK.exe

Filesize
6.1MB

MD5
f4c9f7ac835b50851335ce8d2aa27090

SHA1
fc17b86612a88affb0f8e6574726a1b6cc3c6723

SHA256
bcf4e9e232939ee0f42bc169041683bbc45d0c16a9f490aff60a3685b3852302

SHA512
23d21f0626c2e1ab6ec82061d7629369b909c5fd09992dbc2f06d0bcdd4270d8efbdec44462f84876606efa30d37dd6324001004c0741e62447cc07883671aac

Download Submit
C:\Windows\System\QQZcwuN.exe

Filesize
6.1MB

MD5
3e0069c6e81bed1877335d45c00e3364

SHA1
29a1a8dab08244d2f2456284cc3de5b836a82b9b

SHA256
0748dfd0d957ee3ccf4691474cccafbd8da782fbafbe51966a37dc1ed7c70b90

SHA512
44d5638b98ed86643fa9fd6c48b64087bdeee4ab7253893354ab19cc10bc3f17c38116de6db64ce2c667c333e78e4dc401dff84e6cfdae36af327c5a14c7ab80

Download Submit
C:\Windows\System\RSfujyY.exe

Filesize
6.1MB

MD5
a76ae14e80221e6ee64afa421895cc1b

SHA1
ba71c539074cafb3e5b6cbcc870d37d8f20eddee

SHA256
9b74560bca3ed17767ac04c4346a54ecacee7e9df54d79edfea10d40c1083798

SHA512
7b5f837870eeb3b7a6d773c9657fe0a1a1d20876c8f89c123d96dd9e5da07bde41616f106fef24155101434615c3a468b8bb11735bc46d8d96487dea2ca29253

Download Submit
C:\Windows\System\SbomtWA.exe

Filesize
6.1MB

MD5
d6c00b15d16b8a413725ea19744cc623

SHA1
ef6f854b53d96df0024f3b7753ba1619f6dc329d

SHA256
74dc6f664e82a17234d380026ce723a1d1ba5d574aba2e278f952f87a3f4a555

SHA512
c232855fc4a67b0eacf7ef684d0be38f7b521956f2357d867a0d72c7dd7ffcc0c31eb0f8199714a1b19db09eddf9cf380fbdcaa58eeaf48be4b08f8ce733b072

Download Submit
C:\Windows\System\TMGqrYS.exe

Filesize
6.1MB

MD5
89cef236da0894fd96261e7a88ad69fa

SHA1
b60cef73d43b92f9bc149da1bf0565b81687b4d6

SHA256
b26a0b4eb0443883af6c10764390ace1e73fb78dc2ddd63ee4e06696c01e1825

SHA512
2dff558e0485aa88851618e503399669b0809654602403202b0756751d31cb028b6a55b5760b41b538889e0b0b6582de46bf9a89cfbc4d1c497567cd74770731

Download Submit
C:\Windows\System\XETtzei.exe

Filesize
6.1MB

MD5
7aa83cc3d5fd0bf88c59385d2fb4c7bf

SHA1
2393ddbd34ba80eb8dc1f687262abb7293c59f38

SHA256
776392eda9a9381124f8482921b55024fe0617576cd8af04d04c162a26d1d996

SHA512
f615b9f0d19b5004a903ce3ec54e043297e7b5117148a35cb473470f3bbc208f1c4d1ba5c4871d50f90e3b049449e4bc6f718569989151d7b760c47f36761b99

Download Submit
C:\Windows\System\XyGIywN.exe

Filesize
6.1MB

MD5
d31bc0db4e38482d71a6b7271272b93f

SHA1
e67dd59703d5c2859e24966af496553af73a6f89

SHA256
a73c52341e5b52cf300ec34fab54f9f4833da6af8f34e30a7ed50e2147136510

SHA512
ab74ab1179e994bc5ba42ce01311a2cd83ce79edb7521e8591aad7eba0a4fbda544109a838bdfece4bb5b3069d161298474afbbe8685155d9e731e89fbcf35b0

Download Submit
C:\Windows\System\Ylzzpft.exe

Filesize
6.1MB

MD5
3bb809408c7f9d6fe5116ef97c142eed

SHA1
25ecfffd990c11f2a8431e3f05e4dc59a5288440

SHA256
1ae27f95c68091e1e939f67d395de3a001707ea2dd8f424752a1beb835b83c39

SHA512
f910064f8482648ea0bc64ddce877820f48430704a601e173a9976a624e84801f803b68764f6c64a0e596d3ba4a2386555e00809b3b4710060f628594b5773dd

Download Submit
C:\Windows\System\bRTyZxS.exe

Filesize
6.1MB

MD5
c1b04eaf810d2d25405ac71fc8243a96

SHA1
480d076149c242de9df266dcc432ad22b4775092

SHA256
7bd1a04e1bab1eb0a9b09b0f7a302b0cc202a498a019c21276d9e3c6d0eeb600

SHA512
43c06d9829f53c8542589fdacd8c31b3abdeb8e5ae0fe384c602bd65426092ad03b704d001208a72112fc18009f67d5e1c2eef85c4478781320ec3a629f49d89

Download Submit
C:\Windows\System\hKKejpl.exe

Filesize
6.1MB

MD5
a839ec2d974f0534ce0b8e6a1425bd02

SHA1
4ba619dab2dd36fb64ed5018b162ae96b9cccab3

SHA256
264311aa2f0222e59a014a8b1423be90a448c7c3bcf38a3c4b6e74ebdd110aae

SHA512
dda97b73b41733c2550b774db056c6945f030ebb3b5b173e5093b37eba651557dec306ce80d2ec253375cc2b595bb717f4071df02d27b2e209222e5743899005

Download Submit
C:\Windows\System\iNKBVHL.exe

Filesize
6.1MB

MD5
c64bd3054bcbe115cd5941b826c1f5f5

SHA1
3e76e4d0702e493600e50dbff555a887499d751e

SHA256
10c5cafb9ad83f1f91d8eed621e8c490d9ede5459ddb0c1804db2d2f155771e1

SHA512
25bb4ac064a8595f13cc7b56b75d7ce90e94a821007e0126b729b29017f53f30593f5fb6a7626e3493936af4e8491703af670d752df33e1e58c834ffaa7f8de2

Download Submit
C:\Windows\System\iSYEioX.exe

Filesize
6.1MB

MD5
a1796146d1e375254f7197be29ce9878

SHA1
8d6e85dc1dd0f5cc70b79dcbba8cd305f7bf4f5a

SHA256
612e7b3868d5aba667efbfa40d7e53f4ba8c5b0a40291e815c634d28de81607e

SHA512
48a46e2c596ab356cb0f34ade9b54d612b87c9a303882737ba8959c0383dd4804032513a105c60b5150f007bc831d12db61ae5f483e366525f88325cd2523125

Download Submit
C:\Windows\System\kVTlKZZ.exe

Filesize
6.1MB

MD5
e8fe9bee8c067bc241d7b7ca9c13f5a3

SHA1
737eb829790481039587ec24e753dc5166496a9d

SHA256
65f9bad4b6e2493deef362dabf9db033e98b9765ad11968cb33547cd19b783e6

SHA512
4848c8d870a9d129380b3e77d527bcd4d1f16aa3aa62fd4e6fb712443cbf64595b9e8e099cd2ede1d2c5a6768021a855c4c7d9fc54cb47aac9c2756f9527978f

Download Submit
C:\Windows\System\lXQdmfk.exe

Filesize
6.1MB

MD5
3f74498b04e13cfefd2f120e24be4cb6

SHA1
e47268888ccbf4a78a3b64c27cc75ab3e1d7c2ee

SHA256
c1afa90c5523e2c101b1871cf2248805fd030a69340ba9a50f0691f7ba5bab15

SHA512
717f6b37904239e4281fe8209d9608f69ac9054b2584754e8cdd05040af83de522c28ab4757d3db98b401eeef1eff749567e8d43c487b98572a9203360cef18f

Download Submit
C:\Windows\System\oCHpCTv.exe

Filesize
6.1MB

MD5
9720b10b9ebb22e1f0b0a4a1003384b5

SHA1
c954cde4d74bd7d652683953988f9c49549acf31

SHA256
1b10add63d9f74a3bd5236a4624f5e48282bbd94fd34330d966df6223d1d7331

SHA512
dcfb1751a6c326bb97c67de990bb092d5c9f9a4fd5eccfa6e310da487dc28fc0cd4bb5a99134316c821c3f7e8fd81055cab62590412bd8bacebe1f55174c4608

Download Submit
C:\Windows\System\ofCYzFP.exe

Filesize
6.1MB

MD5
1e18299df34886a51aadb0ccdc71bdba

SHA1
96b71a71040610ff8c7fb6bb26a98f91394946cd

SHA256
e619f647c79d784b86257ae885c36bb7a096d561a9301f68cd4a220bd3f0db1c

SHA512
bf5a3c95993fd362304186aae9b3195b1298409049290ea2f6b9332266a0d8f0ad86e5fb2da078c8e2b10be1d0b56995990e58d3ca4ed9a68aad8d96b33e48bd

Download Submit
C:\Windows\System\snYROBr.exe

Filesize
6.1MB

MD5
4afe8e460b909598fec501229f6fe860

SHA1
c6bd9598255e9b1998cb05e980b807a850167a0e

SHA256
c57ac0a4fa8f583f8755f64a5f21dbf44b8f8b9dd41d4533de52a9b357f4f8a5

SHA512
e08a320caa04b85c9f2e27e232a16f50e8712b5ab97e5b47fade62e29ff71364f32a2b2653dd69a4b1015e890993a561b3031d6091ec9402771cbac2c71e9e57

Download Submit
C:\Windows\System\uQUjQOl.exe

Filesize
6.1MB

MD5
a058365d83fbccdc11d217e668aa278e

SHA1
6dfbd583245d5ce743bc5ce1f79e46923024bfe3

SHA256
5cdcda7694d3faf0140a805ecbfe8105f01cf8772d9b883a87fbc53d1acf2955

SHA512
de7975f31beaad526741f28b6555b86d4e3a1f0341c64f2e594c291ef28ae96aea10004fa806816fb684894c00c8c7d0e9c53784a5d513497f5aac3e13ede4c1

Download Submit
C:\Windows\System\veoMaAw.exe

Filesize
6.1MB

MD5
1f045ddbf1804e88c9f8fd5fb194c340

SHA1
6110902a55cdcf0f7a3ddb4fae4b039796554d71

SHA256
cfbbcbf44d3b3db5cdda9c0a244b022a330851b8995fd5a2906800e23881d9fc

SHA512
03664f7a17d845ebc5e0a1f864016c89961684d744ce09c124f8d91718bc05de3a94984426dc7861b6d771125611b5e934490b5bc464f8363ff4e6173bafdda1

Download Submit
C:\Windows\System\vnOLhsU.exe

Filesize
6.1MB

MD5
009e9679ab2c06a89687d114ba9ca620

SHA1
cd70a3254ae3d556161ad90b0f5e31b55bba9010

SHA256
4df29d0cc021cf995c51537ceada41eb9a897514ecb6db0b61b593aacd2319f3

SHA512
9cadff46752f21ae8927a9d5d0ee70528b80929b1f0208a4fa1e4942a1d483205a177ee5a9b5ccbb1cc9a62066de116fc3be59966714761f557f6e3c63bdb613

Download Submit
C:\Windows\System\xNZUsty.exe

Filesize
6.1MB

MD5
15336927580efe35afc9a653d770f358

SHA1
52026d802cc0ebed6c41f153f1ce18c22f8755d1

SHA256
9f4fd7c5e198f384f3e948da05a29f84b2d1ab2f70223ced80125a1add394ecb

SHA512
1aff70e6d697edc018ec8d5e1598c2f41a46b5401ff0145543e7a593d3259c1e8ffea0587f6bd109ee4ffad91b5ab1767920e31d68f63ec9a5de6bf18bf413c8

Download Submit
C:\Windows\System\yIQHpTo.exe

Filesize
6.1MB

MD5
1bbcc9a0658fc13b6e87e01e1f7b4b0a

SHA1
990284dd08365b19cecf30895c68271e030bf87c

SHA256
530316d266e4b588b422463b1446d60a12c481a0e9f16b9b1bfcad1a6c576bae

SHA512
ad851cca9614a742d705aba199d128ae2fb979c4ecb22abf41741eb2408542ad5497d277120fb10682041308c539efb0164824a7085d4a34fb26868334b2bb68

Download Submit
C:\Windows\System\yJyNAKe.exe

Filesize
6.1MB

MD5
e5c12a31f1bbc3e19045126041cf8f4f

SHA1
a8792a04f57561bbac0c925415d0113dbe38ab7d

SHA256
07896d9f14ee518dad6765298de073fda999a639d335c3313f1111ea0c7f87c2

SHA512
8a205d0526a03d6086a88ae3c5522493cb74355cdc727bad14937d656a17c64527c91d0077ec739033b33744affc0946c1aec1f533ec96f1407bcfde7a3ce862

Download Submit
C:\Windows\System\yXtYlIl.exe

Filesize
6.1MB

MD5
a3fa91be23b4c9cc0095e4a5453fbe23

SHA1
1ccf94be6b220fd851f5fbd6b94a44300ace9a0f

SHA256
88e0c41bc3f8d6f36764383d633b7b644794496b1879d7e5eb8ef751bbed18c0

SHA512
7cacf13d8be7c62eb98ff90d2b997a32e97862a1db65fb2edd4cba36a663c1d7c2fd617fcb73fd399fc90f2229d58f54ad84ae36cb82e19449bc0213a53e2c05

Download Submit
C:\Windows\System\ygMmBAx.exe

Filesize
6.1MB

MD5
ed400d4295f8f7fabe5dbd8d8d0292b3

SHA1
20d47c7249486af9074d1106167a216c31085b94

SHA256
6b5a93c98b047965cbffea253f82dc06c089a14e218cb3dd6e03f1fdc62098ce

SHA512
a9743b17de24118a963c1886ffcf57e78b4885bf05a79d3b48d6403b922f453f1fb208c81c7e219edd9b3ae82a40ffbce71f828826cd37ec99ff34c762ff4287

Download Submit
C:\Windows\System\zWGeMIm.exe

Filesize
6.1MB

MD5
a2adc36e7fa1b8dbadb1e59aa51347ff

SHA1
b242c2270a1f8736d4ee09b15f938dabd1963807

SHA256
c68b37df2e288edbae9f066fce988dd87d861dc5306e8d16cc3a4e6a14ba9ba3

SHA512
42d79bacf38f13ee40a49ea63ff92e2d295d48b1aef458af71e177e9f3ec6f0cf701e649cf20d1e665f165716700ced0626f984a0f8777e7f1c4ffe50466e0a1

Download Submit
memory/380-613-0x00007FF7F0330000-0x00007FF7F0684000-memory.dmp

Filesize
3.3MB

Download
memory/380-2318-0x00007FF7F0330000-0x00007FF7F0684000-memory.dmp

Filesize
3.3MB

Download
memory/380-174-0x00007FF7F0330000-0x00007FF7F0684000-memory.dmp

Filesize
3.3MB

Download
memory/948-155-0x00007FF691C20000-0x00007FF691F74000-memory.dmp

Filesize
3.3MB

Download
memory/948-24-0x00007FF691C20000-0x00007FF691F74000-memory.dmp

Filesize
3.3MB

Download
memory/948-1737-0x00007FF691C20000-0x00007FF691F74000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2316-0x00007FF7AF7E0000-0x00007FF7AFB34000-memory.dmp

Filesize
3.3MB

Download
memory/1140-170-0x00007FF7AF7E0000-0x00007FF7AFB34000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1853-0x00007FF77A130000-0x00007FF77A484000-memory.dmp

Filesize
3.3MB

Download
memory/1404-136-0x00007FF77A130000-0x00007FF77A484000-memory.dmp

Filesize
3.3MB

Download
memory/1628-674-0x00007FF6F3850000-0x00007FF6F3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-185-0x00007FF6F3850000-0x00007FF6F3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2319-0x00007FF6F3850000-0x00007FF6F3BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-169-0x00007FF6EDE00000-0x00007FF6EE154000-memory.dmp

Filesize
3.3MB

Download
memory/2892-42-0x00007FF6EDE00000-0x00007FF6EE154000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1817-0x00007FF6EDE00000-0x00007FF6EE154000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1740-0x00007FF787DC0000-0x00007FF788114000-memory.dmp

Filesize
3.3MB

Download
memory/2984-34-0x00007FF787DC0000-0x00007FF788114000-memory.dmp

Filesize
3.3MB

Download
memory/3096-1856-0x00007FF730BA0000-0x00007FF730EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-144-0x00007FF730BA0000-0x00007FF730EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-145-0x00007FF6E8380000-0x00007FF6E86D4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-346-0x00007FF6E8380000-0x00007FF6E86D4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-1890-0x00007FF6E8380000-0x00007FF6E86D4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-1580-0x00007FF6251E0000-0x00007FF625534000-memory.dmp

Filesize
3.3MB

Download
memory/3484-55-0x00007FF6251E0000-0x00007FF625534000-memory.dmp

Filesize
3.3MB

Download
memory/3484-9-0x00007FF6251E0000-0x00007FF625534000-memory.dmp

Filesize
3.3MB

Download
memory/3556-1588-0x00007FF7444F0000-0x00007FF744844000-memory.dmp

Filesize
3.3MB

Download
memory/3556-57-0x00007FF7444F0000-0x00007FF744844000-memory.dmp

Filesize
3.3MB

Download
memory/3556-17-0x00007FF7444F0000-0x00007FF744844000-memory.dmp

Filesize
3.3MB

Download
memory/3792-38-0x00007FF657D40000-0x00007FF658094000-memory.dmp

Filesize
3.3MB

Download
memory/3792-1741-0x00007FF657D40000-0x00007FF658094000-memory.dmp

Filesize
3.3MB

Download
memory/3792-162-0x00007FF657D40000-0x00007FF658094000-memory.dmp

Filesize
3.3MB

Download
memory/3824-142-0x00007FF692300000-0x00007FF692654000-memory.dmp

Filesize
3.3MB

Download
memory/3824-1861-0x00007FF692300000-0x00007FF692654000-memory.dmp

Filesize
3.3MB

Download
memory/4060-1843-0x00007FF730EE0000-0x00007FF731234000-memory.dmp

Filesize
3.3MB

Download
memory/4060-135-0x00007FF730EE0000-0x00007FF731234000-memory.dmp

Filesize
3.3MB

Download
memory/4224-143-0x00007FF711F40000-0x00007FF712294000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1863-0x00007FF711F40000-0x00007FF712294000-memory.dmp

Filesize
3.3MB

Download
memory/4444-156-0x00007FF7AD930000-0x00007FF7ADC84000-memory.dmp

Filesize
3.3MB

Download
memory/4444-1893-0x00007FF7AD930000-0x00007FF7ADC84000-memory.dmp

Filesize
3.3MB

Download
memory/4508-134-0x00007FF60D500000-0x00007FF60D854000-memory.dmp

Filesize
3.3MB

Download
memory/4508-1844-0x00007FF60D500000-0x00007FF60D854000-memory.dmp

Filesize
3.3MB

Download
memory/4548-49-0x00007FF642800000-0x00007FF642B54000-memory.dmp

Filesize
3.3MB

Download
memory/4548-186-0x00007FF642800000-0x00007FF642B54000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1827-0x00007FF642800000-0x00007FF642B54000-memory.dmp

Filesize
3.3MB

Download
memory/4604-59-0x00007FF726DF0000-0x00007FF727144000-memory.dmp

Filesize
3.3MB

Download
memory/4604-200-0x00007FF726DF0000-0x00007FF727144000-memory.dmp

Filesize
3.3MB

Download
memory/4604-1833-0x00007FF726DF0000-0x00007FF727144000-memory.dmp

Filesize
3.3MB

Download
memory/4676-269-0x00007FF67D200000-0x00007FF67D554000-memory.dmp

Filesize
3.3MB

Download
memory/4676-1837-0x00007FF67D200000-0x00007FF67D554000-memory.dmp

Filesize
3.3MB

Download
memory/4676-65-0x00007FF67D200000-0x00007FF67D554000-memory.dmp

Filesize
3.3MB

Download
memory/4692-157-0x00007FF6AE010000-0x00007FF6AE364000-memory.dmp

Filesize
3.3MB

Download
memory/4692-1895-0x00007FF6AE010000-0x00007FF6AE364000-memory.dmp

Filesize
3.3MB

Download
memory/4720-138-0x00007FF6B3BB0000-0x00007FF6B3F04000-memory.dmp

Filesize
3.3MB

Download
memory/4720-1868-0x00007FF6B3BB0000-0x00007FF6B3F04000-memory.dmp

Filesize
3.3MB

Download
memory/4736-1858-0x00007FF6BFBB0000-0x00007FF6BFF04000-memory.dmp

Filesize
3.3MB

Download
memory/4736-139-0x00007FF6BFBB0000-0x00007FF6BFF04000-memory.dmp

Filesize
3.3MB

Download
memory/4816-1859-0x00007FF678410000-0x00007FF678764000-memory.dmp

Filesize
3.3MB

Download
memory/4816-140-0x00007FF678410000-0x00007FF678764000-memory.dmp

Filesize
3.3MB

Download
memory/4868-1864-0x00007FF77BFF0000-0x00007FF77C344000-memory.dmp

Filesize
3.3MB

Download
memory/4868-141-0x00007FF77BFF0000-0x00007FF77C344000-memory.dmp

Filesize
3.3MB

Download
memory/4884-137-0x00007FF6F55E0000-0x00007FF6F5934000-memory.dmp

Filesize
3.3MB

Download
memory/4884-1865-0x00007FF6F55E0000-0x00007FF6F5934000-memory.dmp

Filesize
3.3MB

Download
memory/4892-146-0x00007FF7F6570000-0x00007FF7F68C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-1848-0x00007FF7F6570000-0x00007FF7F68C4000-memory.dmp

Filesize
3.3MB

Download
memory/5528-20-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp

Filesize
3.3MB

Download
memory/5528-1591-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp

Filesize
3.3MB

Download
memory/5528-133-0x00007FF7BD900000-0x00007FF7BDC54000-memory.dmp

Filesize
3.3MB

Download
memory/5688-195-0x00007FF6EF140000-0x00007FF6EF494000-memory.dmp

Filesize
3.3MB

Download
memory/5688-2317-0x00007FF6EF140000-0x00007FF6EF494000-memory.dmp

Filesize
3.3MB

Download
memory/5900-48-0x00007FF639290000-0x00007FF6395E4000-memory.dmp

Filesize
3.3MB

Download
memory/5900-0-0x00007FF639290000-0x00007FF6395E4000-memory.dmp

Filesize
3.3MB

Download
memory/5900-1-0x000001C5A1840000-0x000001C5A1850000-memory.dmp

Filesize
64KB

Download