cobaltstrike | cccc3c2c95f6f3a9035c1dbc6a14a724ab2aa2673b9033968bc32fc0ef01b9a2

Analysis

max time kernel
103s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

51c6f4bc42896e5a5a5f2f30a18b9bb3
SHA1

debd922089f148c2a2c2da66a50a523bf4c7f6d8
SHA256

cccc3c2c95f6f3a9035c1dbc6a14a724ab2aa2673b9033968bc32fc0ef01b9a2
SHA512

e0f6f36bf576f3e054f4ea674e8723a4df5e300168a1d9f2a4a558a1c1f555fefe8a19875236dc4b2bd041ae878f9044ecaf6c38aa4f77f9bf8c8263edf5122a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00050000000227cb-5.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242cb-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242cc-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242cd-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242ce-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000242c8-35.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242cf-41.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d0-46.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d1-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d3-66.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d2-62.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d4-70.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d6-78.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d7-87.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d8-93.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242d9-100.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242db-111.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242dd-132.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242df-137.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e1-156.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e0-154.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242de-142.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242dc-128.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242da-112.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e2-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016918-170.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000022edd-175.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000024106-180.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000002410a-192.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000024109-191.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000002413f-202.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000242e3-207.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3992-0-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000227cb-5.dat	xmrig
behavioral1/files/0x00070000000242cb-11.dat	xmrig
behavioral1/files/0x00070000000242cc-20.dat	xmrig
behavioral1/memory/1028-24-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242cd-25.dat	xmrig
behavioral1/memory/1288-18-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp	xmrig
behavioral1/memory/5220-14-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp	xmrig
behavioral1/memory/4220-6-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp	xmrig
behavioral1/files/0x00070000000242ce-28.dat	xmrig
behavioral1/files/0x00080000000242c8-35.dat	xmrig
behavioral1/files/0x00070000000242cf-41.dat	xmrig
behavioral1/files/0x00070000000242d0-46.dat	xmrig
behavioral1/files/0x00070000000242d1-51.dat	xmrig
behavioral1/memory/2508-60-0x00007FF644550000-0x00007FF6448A4000-memory.dmp	xmrig
behavioral1/memory/4440-64-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp	xmrig
behavioral1/memory/972-68-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242d3-66.dat	xmrig
behavioral1/memory/5104-65-0x00007FF7F4B50000-0x00007FF7F4EA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242d2-62.dat	xmrig
behavioral1/memory/3588-61-0x00007FF7BA8B0000-0x00007FF7BAC04000-memory.dmp	xmrig
behavioral1/memory/3336-49-0x00007FF613CB0000-0x00007FF614004000-memory.dmp	xmrig
behavioral1/memory/5188-31-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242d4-70.dat	xmrig
behavioral1/files/0x00070000000242d6-78.dat	xmrig
behavioral1/memory/4220-79-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp	xmrig
behavioral1/memory/4944-80-0x00007FF691B20000-0x00007FF691E74000-memory.dmp	xmrig
behavioral1/memory/4836-74-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp	xmrig
behavioral1/memory/3992-73-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp	xmrig
behavioral1/memory/5220-83-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp	xmrig
behavioral1/memory/4560-89-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp	xmrig
behavioral1/memory/1288-88-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp	xmrig
behavioral1/files/0x00070000000242d7-87.dat	xmrig
behavioral1/files/0x00070000000242d8-93.dat	xmrig
behavioral1/files/0x00070000000242d9-100.dat	xmrig
behavioral1/memory/4780-101-0x00007FF61B090000-0x00007FF61B3E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242db-111.dat	xmrig
behavioral1/memory/5360-116-0x00007FF6C56E0000-0x00007FF6C5A34000-memory.dmp	xmrig
behavioral1/memory/4440-123-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp	xmrig
behavioral1/files/0x00070000000242dd-132.dat	xmrig
behavioral1/files/0x00070000000242df-137.dat	xmrig
behavioral1/memory/4836-140-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp	xmrig
behavioral1/memory/6000-152-0x00007FF737700000-0x00007FF737A54000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e1-156.dat	xmrig
behavioral1/files/0x00070000000242e0-154.dat	xmrig
behavioral1/memory/3592-153-0x00007FF766B10000-0x00007FF766E64000-memory.dmp	xmrig
behavioral1/files/0x00070000000242de-142.dat	xmrig
behavioral1/memory/4944-141-0x00007FF691B20000-0x00007FF691E74000-memory.dmp	xmrig
behavioral1/memory/4604-139-0x00007FF7B3270000-0x00007FF7B35C4000-memory.dmp	xmrig
behavioral1/memory/1156-138-0x00007FF681450000-0x00007FF6817A4000-memory.dmp	xmrig
behavioral1/memory/852-131-0x00007FF7D7460000-0x00007FF7D77B4000-memory.dmp	xmrig
behavioral1/memory/972-130-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242dc-128.dat	xmrig
behavioral1/memory/1648-125-0x00007FF7C09D0000-0x00007FF7C0D24000-memory.dmp	xmrig
behavioral1/memory/944-124-0x00007FF7F4F90000-0x00007FF7F52E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242da-112.dat	xmrig
behavioral1/memory/3336-110-0x00007FF613CB0000-0x00007FF614004000-memory.dmp	xmrig
behavioral1/memory/5188-107-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp	xmrig
behavioral1/memory/5008-95-0x00007FF6581C0000-0x00007FF658514000-memory.dmp	xmrig
behavioral1/memory/1028-94-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e2-161.dat	xmrig
behavioral1/memory/4560-160-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp	xmrig
behavioral1/memory/5008-162-0x00007FF6581C0000-0x00007FF658514000-memory.dmp	xmrig
behavioral1/memory/4304-167-0x00007FF666E40000-0x00007FF667194000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4220	qCJWiXo.exe
5220	OZtjhxg.exe
1288	SoEXXsm.exe
1028	vxEPGCr.exe
5188	vchqMwH.exe
3336	mOXCTMC.exe
5104	tuNCQes.exe
2508	qfsiliT.exe
3588	wYvyjdj.exe
4440	VdnSgVt.exe
972	lsPQUQP.exe
4836	IPJSBfC.exe
4944	cVnkjTt.exe
4560	UmQKYzL.exe
5008	maBpqzb.exe
4780	SSrjdoS.exe
5360	jkDRiam.exe
944	NbLFrDq.exe
852	pGcjJQy.exe
1648	eBCRYeD.exe
1156	NNhiuof.exe
4604	BgSORFV.exe
6000	ywfstcv.exe
3592	yUCrBtu.exe
3476	hzdAimE.exe
4304	AoEPCLk.exe
5256	zoPLNui.exe
3256	xylheNT.exe
4528	EwqcSyz.exe
2612	wLEeJZL.exe
6112	gWybYKx.exe
1152	GNaQTNc.exe
1340	fLjTCqI.exe
5920	fCpUEJM.exe
5852	WYrzezF.exe
3028	nuYgkLa.exe
2372	kCQEgTv.exe
4508	CJKplPz.exe
2088	iNeJDCE.exe
4316	BAkLPml.exe
392	aPkkcdB.exe
2564	cOVPZSS.exe
1416	IYsQEzK.exe
4988	QJbUdQL.exe
2868	tNluwpu.exe
4128	AmfpUyT.exe
5532	PQuEYZJ.exe
1208	tMSWIUh.exe
3160	DfbQHoY.exe
3504	cipQtIh.exe
2324	sXKdtRs.exe
2304	ixMZEgV.exe
5912	WeAeLgr.exe
5800	dpwwQro.exe
2676	RVdDoYs.exe
4340	zksyXNy.exe
5712	bGUGxXd.exe
1532	YjdRDLT.exe
2472	kpSTFjE.exe
5356	FwlMxzW.exe
2644	bbmweAi.exe
4708	FGshakI.exe
1836	kaFcEvd.exe
5544	cVYIEBX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3992-0-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp	upx
behavioral1/files/0x00050000000227cb-5.dat	upx
behavioral1/files/0x00070000000242cb-11.dat	upx
behavioral1/files/0x00070000000242cc-20.dat	upx
behavioral1/memory/1028-24-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp	upx
behavioral1/files/0x00070000000242cd-25.dat	upx
behavioral1/memory/1288-18-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp	upx
behavioral1/memory/5220-14-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp	upx
behavioral1/memory/4220-6-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp	upx
behavioral1/files/0x00070000000242ce-28.dat	upx
behavioral1/files/0x00080000000242c8-35.dat	upx
behavioral1/files/0x00070000000242cf-41.dat	upx
behavioral1/files/0x00070000000242d0-46.dat	upx
behavioral1/files/0x00070000000242d1-51.dat	upx
behavioral1/memory/2508-60-0x00007FF644550000-0x00007FF6448A4000-memory.dmp	upx
behavioral1/memory/4440-64-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp	upx
behavioral1/memory/972-68-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp	upx
behavioral1/files/0x00070000000242d3-66.dat	upx
behavioral1/memory/5104-65-0x00007FF7F4B50000-0x00007FF7F4EA4000-memory.dmp	upx
behavioral1/files/0x00070000000242d2-62.dat	upx
behavioral1/memory/3588-61-0x00007FF7BA8B0000-0x00007FF7BAC04000-memory.dmp	upx
behavioral1/memory/3336-49-0x00007FF613CB0000-0x00007FF614004000-memory.dmp	upx
behavioral1/memory/5188-31-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp	upx
behavioral1/files/0x00070000000242d4-70.dat	upx
behavioral1/files/0x00070000000242d6-78.dat	upx
behavioral1/memory/4220-79-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp	upx
behavioral1/memory/4944-80-0x00007FF691B20000-0x00007FF691E74000-memory.dmp	upx
behavioral1/memory/4836-74-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp	upx
behavioral1/memory/3992-73-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp	upx
behavioral1/memory/5220-83-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp	upx
behavioral1/memory/4560-89-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp	upx
behavioral1/memory/1288-88-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp	upx
behavioral1/files/0x00070000000242d7-87.dat	upx
behavioral1/files/0x00070000000242d8-93.dat	upx
behavioral1/files/0x00070000000242d9-100.dat	upx
behavioral1/memory/4780-101-0x00007FF61B090000-0x00007FF61B3E4000-memory.dmp	upx
behavioral1/files/0x00070000000242db-111.dat	upx
behavioral1/memory/5360-116-0x00007FF6C56E0000-0x00007FF6C5A34000-memory.dmp	upx
behavioral1/memory/4440-123-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp	upx
behavioral1/files/0x00070000000242dd-132.dat	upx
behavioral1/files/0x00070000000242df-137.dat	upx
behavioral1/memory/4836-140-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp	upx
behavioral1/memory/6000-152-0x00007FF737700000-0x00007FF737A54000-memory.dmp	upx
behavioral1/files/0x00070000000242e1-156.dat	upx
behavioral1/files/0x00070000000242e0-154.dat	upx
behavioral1/memory/3592-153-0x00007FF766B10000-0x00007FF766E64000-memory.dmp	upx
behavioral1/files/0x00070000000242de-142.dat	upx
behavioral1/memory/4944-141-0x00007FF691B20000-0x00007FF691E74000-memory.dmp	upx
behavioral1/memory/4604-139-0x00007FF7B3270000-0x00007FF7B35C4000-memory.dmp	upx
behavioral1/memory/1156-138-0x00007FF681450000-0x00007FF6817A4000-memory.dmp	upx
behavioral1/memory/852-131-0x00007FF7D7460000-0x00007FF7D77B4000-memory.dmp	upx
behavioral1/memory/972-130-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp	upx
behavioral1/files/0x00070000000242dc-128.dat	upx
behavioral1/memory/1648-125-0x00007FF7C09D0000-0x00007FF7C0D24000-memory.dmp	upx
behavioral1/memory/944-124-0x00007FF7F4F90000-0x00007FF7F52E4000-memory.dmp	upx
behavioral1/files/0x00070000000242da-112.dat	upx
behavioral1/memory/3336-110-0x00007FF613CB0000-0x00007FF614004000-memory.dmp	upx
behavioral1/memory/5188-107-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp	upx
behavioral1/memory/5008-95-0x00007FF6581C0000-0x00007FF658514000-memory.dmp	upx
behavioral1/memory/1028-94-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp	upx
behavioral1/files/0x00070000000242e2-161.dat	upx
behavioral1/memory/4560-160-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp	upx
behavioral1/memory/5008-162-0x00007FF6581C0000-0x00007FF658514000-memory.dmp	upx
behavioral1/memory/4304-167-0x00007FF666E40000-0x00007FF667194000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GyzFYhe.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kqVcPXz.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dBmkOXK.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xGoGCZJ.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MJKSwuR.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uLLBYVX.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zxuKRqu.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\edeiHtm.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oXoFxKE.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DuDzhiY.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OACBgQA.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KFmBCbH.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RhiNyrI.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aTJkJmO.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AJFlaIs.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mHwdeWr.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gTZIkNg.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zoPLNui.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rhEnTXf.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rqzpGyy.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pOGygwS.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FpZOiLe.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dxFKczd.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jizCnTs.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FGshakI.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UxjOTJY.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QLhDhNn.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KzzEFaZ.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LhFEWYg.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pIhfVjf.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cNBpZIl.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yTZqXMT.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kyPiUqf.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rtYFABa.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ksRENFQ.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HlSVVml.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\knvgsFV.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LkUbVga.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EDfgZuy.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BNEBavQ.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TdxRoAx.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NucJLyr.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HpNeoLu.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mXVzypo.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cOVPZSS.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SakQJJd.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dOvHnUS.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CzjOaAn.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jWiXefi.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fFSpyHx.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MzYUdYT.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bQPXwkw.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uzsnsXe.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sXKdtRs.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PASGqIp.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pHBUwmf.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xiIrxJL.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eAmbvea.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ETZTsEs.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TxyOUuE.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wKgfZaV.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fVsyvXC.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GPdAlyM.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZKsGqmN.exe	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 4220	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3992 wrote to memory of 4220	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 3992 wrote to memory of 5220	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3992 wrote to memory of 5220	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 3992 wrote to memory of 1288	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3992 wrote to memory of 1288	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 3992 wrote to memory of 1028	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3992 wrote to memory of 1028	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 3992 wrote to memory of 5188	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3992 wrote to memory of 5188	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 3992 wrote to memory of 3336	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3992 wrote to memory of 3336	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 3992 wrote to memory of 5104	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3992 wrote to memory of 5104	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 3992 wrote to memory of 2508	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3992 wrote to memory of 2508	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 3992 wrote to memory of 3588	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3992 wrote to memory of 3588	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 3992 wrote to memory of 4440	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3992 wrote to memory of 4440	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 3992 wrote to memory of 972	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3992 wrote to memory of 972	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	98
PID 3992 wrote to memory of 4836	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3992 wrote to memory of 4836	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 3992 wrote to memory of 4944	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3992 wrote to memory of 4944	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 3992 wrote to memory of 4560	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3992 wrote to memory of 4560	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 3992 wrote to memory of 5008	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3992 wrote to memory of 5008	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 3992 wrote to memory of 4780	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3992 wrote to memory of 4780	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 3992 wrote to memory of 5360	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3992 wrote to memory of 5360	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 3992 wrote to memory of 944	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3992 wrote to memory of 944	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 3992 wrote to memory of 852	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3992 wrote to memory of 852	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 3992 wrote to memory of 1648	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3992 wrote to memory of 1648	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 3992 wrote to memory of 1156	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3992 wrote to memory of 1156	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 3992 wrote to memory of 4604	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3992 wrote to memory of 4604	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 3992 wrote to memory of 6000	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3992 wrote to memory of 6000	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 3992 wrote to memory of 3592	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3992 wrote to memory of 3592	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 3992 wrote to memory of 3476	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3992 wrote to memory of 3476	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 3992 wrote to memory of 4304	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3992 wrote to memory of 4304	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 3992 wrote to memory of 5256	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3992 wrote to memory of 5256	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 3992 wrote to memory of 3256	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3992 wrote to memory of 3256	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 3992 wrote to memory of 4528	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 3992 wrote to memory of 4528	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 3992 wrote to memory of 2612	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 3992 wrote to memory of 2612	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 3992 wrote to memory of 6112	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 3992 wrote to memory of 6112	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 3992 wrote to memory of 1152	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 3992 wrote to memory of 1152	3992	2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125

C:\Users\Admin\AppData\Local\Temp\2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_51c6f4bc42896e5a5a5f2f30a18b9bb3_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\System\qCJWiXo.exe
  C:\Windows\System\qCJWiXo.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\OZtjhxg.exe
  C:\Windows\System\OZtjhxg.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\SoEXXsm.exe
  C:\Windows\System\SoEXXsm.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\vxEPGCr.exe
  C:\Windows\System\vxEPGCr.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\vchqMwH.exe
  C:\Windows\System\vchqMwH.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\mOXCTMC.exe
  C:\Windows\System\mOXCTMC.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\tuNCQes.exe
  C:\Windows\System\tuNCQes.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\qfsiliT.exe
  C:\Windows\System\qfsiliT.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\wYvyjdj.exe
  C:\Windows\System\wYvyjdj.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\VdnSgVt.exe
  C:\Windows\System\VdnSgVt.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\lsPQUQP.exe
  C:\Windows\System\lsPQUQP.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\IPJSBfC.exe
  C:\Windows\System\IPJSBfC.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\cVnkjTt.exe
  C:\Windows\System\cVnkjTt.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\UmQKYzL.exe
  C:\Windows\System\UmQKYzL.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\maBpqzb.exe
  C:\Windows\System\maBpqzb.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\SSrjdoS.exe
  C:\Windows\System\SSrjdoS.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\jkDRiam.exe
  C:\Windows\System\jkDRiam.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System\NbLFrDq.exe
  C:\Windows\System\NbLFrDq.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\pGcjJQy.exe
  C:\Windows\System\pGcjJQy.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\eBCRYeD.exe
  C:\Windows\System\eBCRYeD.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NNhiuof.exe
  C:\Windows\System\NNhiuof.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BgSORFV.exe
  C:\Windows\System\BgSORFV.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\ywfstcv.exe
  C:\Windows\System\ywfstcv.exe
  2⤵
  - Executes dropped EXE
  PID:6000
- C:\Windows\System\yUCrBtu.exe
  C:\Windows\System\yUCrBtu.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\hzdAimE.exe
  C:\Windows\System\hzdAimE.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\AoEPCLk.exe
  C:\Windows\System\AoEPCLk.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\zoPLNui.exe
  C:\Windows\System\zoPLNui.exe
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Windows\System\xylheNT.exe
  C:\Windows\System\xylheNT.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\EwqcSyz.exe
  C:\Windows\System\EwqcSyz.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\wLEeJZL.exe
  C:\Windows\System\wLEeJZL.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\gWybYKx.exe
  C:\Windows\System\gWybYKx.exe
  2⤵
  - Executes dropped EXE
  PID:6112
- C:\Windows\System\GNaQTNc.exe
  C:\Windows\System\GNaQTNc.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\fLjTCqI.exe
  C:\Windows\System\fLjTCqI.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\fCpUEJM.exe
  C:\Windows\System\fCpUEJM.exe
  2⤵
  - Executes dropped EXE
  PID:5920
- C:\Windows\System\WYrzezF.exe
  C:\Windows\System\WYrzezF.exe
  2⤵
  - Executes dropped EXE
  PID:5852
- C:\Windows\System\nuYgkLa.exe
  C:\Windows\System\nuYgkLa.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\kCQEgTv.exe
  C:\Windows\System\kCQEgTv.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CJKplPz.exe
  C:\Windows\System\CJKplPz.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\iNeJDCE.exe
  C:\Windows\System\iNeJDCE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\BAkLPml.exe
  C:\Windows\System\BAkLPml.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\aPkkcdB.exe
  C:\Windows\System\aPkkcdB.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\cOVPZSS.exe
  C:\Windows\System\cOVPZSS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\IYsQEzK.exe
  C:\Windows\System\IYsQEzK.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\QJbUdQL.exe
  C:\Windows\System\QJbUdQL.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\tNluwpu.exe
  C:\Windows\System\tNluwpu.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\AmfpUyT.exe
  C:\Windows\System\AmfpUyT.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\PQuEYZJ.exe
  C:\Windows\System\PQuEYZJ.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\tMSWIUh.exe
  C:\Windows\System\tMSWIUh.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\DfbQHoY.exe
  C:\Windows\System\DfbQHoY.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\cipQtIh.exe
  C:\Windows\System\cipQtIh.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\sXKdtRs.exe
  C:\Windows\System\sXKdtRs.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ixMZEgV.exe
  C:\Windows\System\ixMZEgV.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\WeAeLgr.exe
  C:\Windows\System\WeAeLgr.exe
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Windows\System\dpwwQro.exe
  C:\Windows\System\dpwwQro.exe
  2⤵
  - Executes dropped EXE
  PID:5800
- C:\Windows\System\RVdDoYs.exe
  C:\Windows\System\RVdDoYs.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\zksyXNy.exe
  C:\Windows\System\zksyXNy.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\bGUGxXd.exe
  C:\Windows\System\bGUGxXd.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\YjdRDLT.exe
  C:\Windows\System\YjdRDLT.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\kpSTFjE.exe
  C:\Windows\System\kpSTFjE.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\FwlMxzW.exe
  C:\Windows\System\FwlMxzW.exe
  2⤵
  - Executes dropped EXE
  PID:5356
- C:\Windows\System\bbmweAi.exe
  C:\Windows\System\bbmweAi.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\FGshakI.exe
  C:\Windows\System\FGshakI.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\kaFcEvd.exe
  C:\Windows\System\kaFcEvd.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\cVYIEBX.exe
  C:\Windows\System\cVYIEBX.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\btONVpx.exe
  C:\Windows\System\btONVpx.exe
  2⤵
  PID:2516
- C:\Windows\System\RdmxzLj.exe
  C:\Windows\System\RdmxzLj.exe
  2⤵
  PID:3500
- C:\Windows\System\PASGqIp.exe
  C:\Windows\System\PASGqIp.exe
  2⤵
  PID:1476
- C:\Windows\System\LkUbVga.exe
  C:\Windows\System\LkUbVga.exe
  2⤵
  PID:968
- C:\Windows\System\FigKvMg.exe
  C:\Windows\System\FigKvMg.exe
  2⤵
  PID:3484
- C:\Windows\System\elTtrNY.exe
  C:\Windows\System\elTtrNY.exe
  2⤵
  PID:884
- C:\Windows\System\hHLtlUS.exe
  C:\Windows\System\hHLtlUS.exe
  2⤵
  PID:4824
- C:\Windows\System\GyzFYhe.exe
  C:\Windows\System\GyzFYhe.exe
  2⤵
  PID:1932
- C:\Windows\System\GsncRtV.exe
  C:\Windows\System\GsncRtV.exe
  2⤵
  PID:1592
- C:\Windows\System\HrmuLyy.exe
  C:\Windows\System\HrmuLyy.exe
  2⤵
  PID:5556
- C:\Windows\System\CGlgyDO.exe
  C:\Windows\System\CGlgyDO.exe
  2⤵
  PID:2840
- C:\Windows\System\rnxTlvZ.exe
  C:\Windows\System\rnxTlvZ.exe
  2⤵
  PID:4632
- C:\Windows\System\SkBcNMo.exe
  C:\Windows\System\SkBcNMo.exe
  2⤵
  PID:5184
- C:\Windows\System\IxYjexi.exe
  C:\Windows\System\IxYjexi.exe
  2⤵
  PID:5528
- C:\Windows\System\FledYRV.exe
  C:\Windows\System\FledYRV.exe
  2⤵
  PID:4992
- C:\Windows\System\JBnKtnC.exe
  C:\Windows\System\JBnKtnC.exe
  2⤵
  PID:4352
- C:\Windows\System\UNHTzgh.exe
  C:\Windows\System\UNHTzgh.exe
  2⤵
  PID:3468
- C:\Windows\System\lXbkusI.exe
  C:\Windows\System\lXbkusI.exe
  2⤵
  PID:1728
- C:\Windows\System\QpnZkVu.exe
  C:\Windows\System\QpnZkVu.exe
  2⤵
  PID:640
- C:\Windows\System\dBmkOXK.exe
  C:\Windows\System\dBmkOXK.exe
  2⤵
  PID:2832
- C:\Windows\System\PbJyZim.exe
  C:\Windows\System\PbJyZim.exe
  2⤵
  PID:4888
- C:\Windows\System\WZcMpDS.exe
  C:\Windows\System\WZcMpDS.exe
  2⤵
  PID:4152
- C:\Windows\System\kbkDooM.exe
  C:\Windows\System\kbkDooM.exe
  2⤵
  PID:2096
- C:\Windows\System\IgnwdSA.exe
  C:\Windows\System\IgnwdSA.exe
  2⤵
  PID:5700
- C:\Windows\System\UlbxTsu.exe
  C:\Windows\System\UlbxTsu.exe
  2⤵
  PID:2356
- C:\Windows\System\gITZMQs.exe
  C:\Windows\System\gITZMQs.exe
  2⤵
  PID:4256
- C:\Windows\System\OjENuQN.exe
  C:\Windows\System\OjENuQN.exe
  2⤵
  PID:3656
- C:\Windows\System\mgXiYiN.exe
  C:\Windows\System\mgXiYiN.exe
  2⤵
  PID:3012
- C:\Windows\System\voORACh.exe
  C:\Windows\System\voORACh.exe
  2⤵
  PID:1664
- C:\Windows\System\mtkjBhO.exe
  C:\Windows\System\mtkjBhO.exe
  2⤵
  PID:2396
- C:\Windows\System\YzxacAy.exe
  C:\Windows\System\YzxacAy.exe
  2⤵
  PID:5016
- C:\Windows\System\lrzncmf.exe
  C:\Windows\System\lrzncmf.exe
  2⤵
  PID:1048
- C:\Windows\System\SwGhxDj.exe
  C:\Windows\System\SwGhxDj.exe
  2⤵
  PID:860
- C:\Windows\System\GVBmzbn.exe
  C:\Windows\System\GVBmzbn.exe
  2⤵
  PID:3988
- C:\Windows\System\vIwlSLX.exe
  C:\Windows\System\vIwlSLX.exe
  2⤵
  PID:4956
- C:\Windows\System\ajuazAY.exe
  C:\Windows\System\ajuazAY.exe
  2⤵
  PID:5764
- C:\Windows\System\xGoGCZJ.exe
  C:\Windows\System\xGoGCZJ.exe
  2⤵
  PID:2580
- C:\Windows\System\ZjQPxfk.exe
  C:\Windows\System\ZjQPxfk.exe
  2⤵
  PID:3984
- C:\Windows\System\XRYJqcP.exe
  C:\Windows\System\XRYJqcP.exe
  2⤵
  PID:3380
- C:\Windows\System\yTZqXMT.exe
  C:\Windows\System\yTZqXMT.exe
  2⤵
  PID:5860
- C:\Windows\System\NLbzheY.exe
  C:\Windows\System\NLbzheY.exe
  2⤵
  PID:5004
- C:\Windows\System\MJKSwuR.exe
  C:\Windows\System\MJKSwuR.exe
  2⤵
  PID:396
- C:\Windows\System\bPuGlgu.exe
  C:\Windows\System\bPuGlgu.exe
  2⤵
  PID:4936
- C:\Windows\System\MUKLsdX.exe
  C:\Windows\System\MUKLsdX.exe
  2⤵
  PID:4776
- C:\Windows\System\HDSqumF.exe
  C:\Windows\System\HDSqumF.exe
  2⤵
  PID:868
- C:\Windows\System\RlUnwZH.exe
  C:\Windows\System\RlUnwZH.exe
  2⤵
  PID:4772
- C:\Windows\System\FxJiiix.exe
  C:\Windows\System\FxJiiix.exe
  2⤵
  PID:848
- C:\Windows\System\mEDHkFD.exe
  C:\Windows\System\mEDHkFD.exe
  2⤵
  PID:1248
- C:\Windows\System\vWNBUSR.exe
  C:\Windows\System\vWNBUSR.exe
  2⤵
  PID:4872
- C:\Windows\System\QKgTypu.exe
  C:\Windows\System\QKgTypu.exe
  2⤵
  PID:5148
- C:\Windows\System\HcHylZs.exe
  C:\Windows\System\HcHylZs.exe
  2⤵
  PID:3228
- C:\Windows\System\RjSvyoj.exe
  C:\Windows\System\RjSvyoj.exe
  2⤵
  PID:5540
- C:\Windows\System\eRxTOvH.exe
  C:\Windows\System\eRxTOvH.exe
  2⤵
  PID:6016
- C:\Windows\System\FcgUdcf.exe
  C:\Windows\System\FcgUdcf.exe
  2⤵
  PID:2376
- C:\Windows\System\wMdSGEi.exe
  C:\Windows\System\wMdSGEi.exe
  2⤵
  PID:5500
- C:\Windows\System\oXoFxKE.exe
  C:\Windows\System\oXoFxKE.exe
  2⤵
  PID:1616
- C:\Windows\System\cJiNwOz.exe
  C:\Windows\System\cJiNwOz.exe
  2⤵
  PID:4408
- C:\Windows\System\yDdFNPC.exe
  C:\Windows\System\yDdFNPC.exe
  2⤵
  PID:2300
- C:\Windows\System\uBQnxMo.exe
  C:\Windows\System\uBQnxMo.exe
  2⤵
  PID:4320
- C:\Windows\System\vjHSNyx.exe
  C:\Windows\System\vjHSNyx.exe
  2⤵
  PID:2140
- C:\Windows\System\GuxMqQU.exe
  C:\Windows\System\GuxMqQU.exe
  2⤵
  PID:4564
- C:\Windows\System\MMcGIJw.exe
  C:\Windows\System\MMcGIJw.exe
  2⤵
  PID:3892
- C:\Windows\System\oOiBkMk.exe
  C:\Windows\System\oOiBkMk.exe
  2⤵
  PID:1792
- C:\Windows\System\loLwYIX.exe
  C:\Windows\System\loLwYIX.exe
  2⤵
  PID:5688
- C:\Windows\System\eocyeVf.exe
  C:\Windows\System\eocyeVf.exe
  2⤵
  PID:1984
- C:\Windows\System\sjifnGh.exe
  C:\Windows\System\sjifnGh.exe
  2⤵
  PID:3648
- C:\Windows\System\zbKEHYQ.exe
  C:\Windows\System\zbKEHYQ.exe
  2⤵
  PID:740
- C:\Windows\System\pvwPRML.exe
  C:\Windows\System\pvwPRML.exe
  2⤵
  PID:3564
- C:\Windows\System\ITQwpjg.exe
  C:\Windows\System\ITQwpjg.exe
  2⤵
  PID:3236
- C:\Windows\System\UxjOTJY.exe
  C:\Windows\System\UxjOTJY.exe
  2⤵
  PID:2780
- C:\Windows\System\YLASazd.exe
  C:\Windows\System\YLASazd.exe
  2⤵
  PID:5908
- C:\Windows\System\bMPEdrt.exe
  C:\Windows\System\bMPEdrt.exe
  2⤵
  PID:1384
- C:\Windows\System\ysqAhcB.exe
  C:\Windows\System\ysqAhcB.exe
  2⤵
  PID:6160
- C:\Windows\System\evkqREm.exe
  C:\Windows\System\evkqREm.exe
  2⤵
  PID:6188
- C:\Windows\System\ICsznJA.exe
  C:\Windows\System\ICsznJA.exe
  2⤵
  PID:6216
- C:\Windows\System\UmzCaxl.exe
  C:\Windows\System\UmzCaxl.exe
  2⤵
  PID:6244
- C:\Windows\System\cRYEcZc.exe
  C:\Windows\System\cRYEcZc.exe
  2⤵
  PID:6272
- C:\Windows\System\HExhoCP.exe
  C:\Windows\System\HExhoCP.exe
  2⤵
  PID:6296
- C:\Windows\System\LAjuboh.exe
  C:\Windows\System\LAjuboh.exe
  2⤵
  PID:6324
- C:\Windows\System\pHBUwmf.exe
  C:\Windows\System\pHBUwmf.exe
  2⤵
  PID:6352
- C:\Windows\System\QqGGExJ.exe
  C:\Windows\System\QqGGExJ.exe
  2⤵
  PID:6380
- C:\Windows\System\ZWxLkal.exe
  C:\Windows\System\ZWxLkal.exe
  2⤵
  PID:6408
- C:\Windows\System\ESHBxGR.exe
  C:\Windows\System\ESHBxGR.exe
  2⤵
  PID:6428
- C:\Windows\System\CMVBBug.exe
  C:\Windows\System\CMVBBug.exe
  2⤵
  PID:6460
- C:\Windows\System\CfHdEPA.exe
  C:\Windows\System\CfHdEPA.exe
  2⤵
  PID:6500
- C:\Windows\System\ZquHfnY.exe
  C:\Windows\System\ZquHfnY.exe
  2⤵
  PID:6524
- C:\Windows\System\YrcfIZr.exe
  C:\Windows\System\YrcfIZr.exe
  2⤵
  PID:6556
- C:\Windows\System\hqmLtQF.exe
  C:\Windows\System\hqmLtQF.exe
  2⤵
  PID:6584
- C:\Windows\System\GshERHJ.exe
  C:\Windows\System\GshERHJ.exe
  2⤵
  PID:6612
- C:\Windows\System\wKgfZaV.exe
  C:\Windows\System\wKgfZaV.exe
  2⤵
  PID:6640
- C:\Windows\System\uUbqNbT.exe
  C:\Windows\System\uUbqNbT.exe
  2⤵
  PID:6668
- C:\Windows\System\JPhUbBs.exe
  C:\Windows\System\JPhUbBs.exe
  2⤵
  PID:6696
- C:\Windows\System\bZTOWCL.exe
  C:\Windows\System\bZTOWCL.exe
  2⤵
  PID:6728
- C:\Windows\System\aLDNqvu.exe
  C:\Windows\System\aLDNqvu.exe
  2⤵
  PID:6756
- C:\Windows\System\fdAJIYs.exe
  C:\Windows\System\fdAJIYs.exe
  2⤵
  PID:6788
- C:\Windows\System\YkmVrLp.exe
  C:\Windows\System\YkmVrLp.exe
  2⤵
  PID:6808
- C:\Windows\System\hpyRGew.exe
  C:\Windows\System\hpyRGew.exe
  2⤵
  PID:6844
- C:\Windows\System\pKvjImN.exe
  C:\Windows\System\pKvjImN.exe
  2⤵
  PID:6868
- C:\Windows\System\EViudPO.exe
  C:\Windows\System\EViudPO.exe
  2⤵
  PID:6896
- C:\Windows\System\UkHlfUX.exe
  C:\Windows\System\UkHlfUX.exe
  2⤵
  PID:6924
- C:\Windows\System\yvdevKo.exe
  C:\Windows\System\yvdevKo.exe
  2⤵
  PID:6956
- C:\Windows\System\jkeWphS.exe
  C:\Windows\System\jkeWphS.exe
  2⤵
  PID:6980
- C:\Windows\System\nZVeWdc.exe
  C:\Windows\System\nZVeWdc.exe
  2⤵
  PID:7012
- C:\Windows\System\nbgQiOG.exe
  C:\Windows\System\nbgQiOG.exe
  2⤵
  PID:7036
- C:\Windows\System\PvmDGNF.exe
  C:\Windows\System\PvmDGNF.exe
  2⤵
  PID:7060
- C:\Windows\System\xiIrxJL.exe
  C:\Windows\System\xiIrxJL.exe
  2⤵
  PID:7096
- C:\Windows\System\HIivJIj.exe
  C:\Windows\System\HIivJIj.exe
  2⤵
  PID:7120
- C:\Windows\System\CMhijvI.exe
  C:\Windows\System\CMhijvI.exe
  2⤵
  PID:7148
- C:\Windows\System\GbHJLHc.exe
  C:\Windows\System\GbHJLHc.exe
  2⤵
  PID:6176
- C:\Windows\System\KssyhXt.exe
  C:\Windows\System\KssyhXt.exe
  2⤵
  PID:6228
- C:\Windows\System\KaUmSEA.exe
  C:\Windows\System\KaUmSEA.exe
  2⤵
  PID:6284
- C:\Windows\System\sGWHSOV.exe
  C:\Windows\System\sGWHSOV.exe
  2⤵
  PID:6360
- C:\Windows\System\CtiXayp.exe
  C:\Windows\System\CtiXayp.exe
  2⤵
  PID:6420
- C:\Windows\System\AzpttKj.exe
  C:\Windows\System\AzpttKj.exe
  2⤵
  PID:6436
- C:\Windows\System\IQWuYyL.exe
  C:\Windows\System\IQWuYyL.exe
  2⤵
  PID:6572
- C:\Windows\System\lIfvWuf.exe
  C:\Windows\System\lIfvWuf.exe
  2⤵
  PID:6680
- C:\Windows\System\vucDDKP.exe
  C:\Windows\System\vucDDKP.exe
  2⤵
  PID:6752
- C:\Windows\System\DAjlWjM.exe
  C:\Windows\System\DAjlWjM.exe
  2⤵
  PID:8
- C:\Windows\System\RkhyIOu.exe
  C:\Windows\System\RkhyIOu.exe
  2⤵
  PID:3408
- C:\Windows\System\elVIZzR.exe
  C:\Windows\System\elVIZzR.exe
  2⤵
  PID:1376
- C:\Windows\System\LwEMIbn.exe
  C:\Windows\System\LwEMIbn.exe
  2⤵
  PID:6800
- C:\Windows\System\NqjEoXs.exe
  C:\Windows\System\NqjEoXs.exe
  2⤵
  PID:6904
- C:\Windows\System\EwjqztA.exe
  C:\Windows\System\EwjqztA.exe
  2⤵
  PID:6988
- C:\Windows\System\fRtVWmG.exe
  C:\Windows\System\fRtVWmG.exe
  2⤵
  PID:7048
- C:\Windows\System\uCNwJIm.exe
  C:\Windows\System\uCNwJIm.exe
  2⤵
  PID:7136
- C:\Windows\System\GqfgXYk.exe
  C:\Windows\System\GqfgXYk.exe
  2⤵
  PID:6204
- C:\Windows\System\pRXbcTB.exe
  C:\Windows\System\pRXbcTB.exe
  2⤵
  PID:6336
- C:\Windows\System\DCGEeTH.exe
  C:\Windows\System\DCGEeTH.exe
  2⤵
  PID:6532
- C:\Windows\System\gLgoqjy.exe
  C:\Windows\System\gLgoqjy.exe
  2⤵
  PID:6708
- C:\Windows\System\boTcSwv.exe
  C:\Windows\System\boTcSwv.exe
  2⤵
  PID:1840
- C:\Windows\System\ZnPUnsa.exe
  C:\Windows\System\ZnPUnsa.exe
  2⤵
  PID:6856
- C:\Windows\System\XnzZWrt.exe
  C:\Windows\System\XnzZWrt.exe
  2⤵
  PID:7008
- C:\Windows\System\DuDzhiY.exe
  C:\Windows\System\DuDzhiY.exe
  2⤵
  PID:7128
- C:\Windows\System\eAmbvea.exe
  C:\Windows\System\eAmbvea.exe
  2⤵
  PID:6416
- C:\Windows\System\xUpblxC.exe
  C:\Windows\System\xUpblxC.exe
  2⤵
  PID:6764
- C:\Windows\System\QghGmpz.exe
  C:\Windows\System\QghGmpz.exe
  2⤵
  PID:6952
- C:\Windows\System\VgANxkP.exe
  C:\Windows\System\VgANxkP.exe
  2⤵
  PID:6540
- C:\Windows\System\hiTZaaS.exe
  C:\Windows\System\hiTZaaS.exe
  2⤵
  PID:400
- C:\Windows\System\iYEmusu.exe
  C:\Windows\System\iYEmusu.exe
  2⤵
  PID:7176
- C:\Windows\System\ECGGDZL.exe
  C:\Windows\System\ECGGDZL.exe
  2⤵
  PID:7204
- C:\Windows\System\fVsyvXC.exe
  C:\Windows\System\fVsyvXC.exe
  2⤵
  PID:7232
- C:\Windows\System\JHNFLwZ.exe
  C:\Windows\System\JHNFLwZ.exe
  2⤵
  PID:7260
- C:\Windows\System\TLIVeKS.exe
  C:\Windows\System\TLIVeKS.exe
  2⤵
  PID:7288
- C:\Windows\System\haMuNSb.exe
  C:\Windows\System\haMuNSb.exe
  2⤵
  PID:7308
- C:\Windows\System\XrIiSUv.exe
  C:\Windows\System\XrIiSUv.exe
  2⤵
  PID:7336
- C:\Windows\System\uHkVJHV.exe
  C:\Windows\System\uHkVJHV.exe
  2⤵
  PID:7364
- C:\Windows\System\phgBJXB.exe
  C:\Windows\System\phgBJXB.exe
  2⤵
  PID:7392
- C:\Windows\System\uzsnsXe.exe
  C:\Windows\System\uzsnsXe.exe
  2⤵
  PID:7420
- C:\Windows\System\pJHbplC.exe
  C:\Windows\System\pJHbplC.exe
  2⤵
  PID:7448
- C:\Windows\System\rcvvwln.exe
  C:\Windows\System\rcvvwln.exe
  2⤵
  PID:7480
- C:\Windows\System\faEngoI.exe
  C:\Windows\System\faEngoI.exe
  2⤵
  PID:7508
- C:\Windows\System\sTaFvhb.exe
  C:\Windows\System\sTaFvhb.exe
  2⤵
  PID:7544
- C:\Windows\System\yvOUzFm.exe
  C:\Windows\System\yvOUzFm.exe
  2⤵
  PID:7564
- C:\Windows\System\pxKUgkw.exe
  C:\Windows\System\pxKUgkw.exe
  2⤵
  PID:7592
- C:\Windows\System\aUPmPyt.exe
  C:\Windows\System\aUPmPyt.exe
  2⤵
  PID:7620
- C:\Windows\System\KSebifa.exe
  C:\Windows\System\KSebifa.exe
  2⤵
  PID:7648
- C:\Windows\System\fRmtiiJ.exe
  C:\Windows\System\fRmtiiJ.exe
  2⤵
  PID:7680
- C:\Windows\System\RBqDPrD.exe
  C:\Windows\System\RBqDPrD.exe
  2⤵
  PID:7704
- C:\Windows\System\kyPiUqf.exe
  C:\Windows\System\kyPiUqf.exe
  2⤵
  PID:7732
- C:\Windows\System\BPzSJQz.exe
  C:\Windows\System\BPzSJQz.exe
  2⤵
  PID:7760
- C:\Windows\System\qKQxDAy.exe
  C:\Windows\System\qKQxDAy.exe
  2⤵
  PID:7788
- C:\Windows\System\ipvcxYW.exe
  C:\Windows\System\ipvcxYW.exe
  2⤵
  PID:7816
- C:\Windows\System\yVGOWLM.exe
  C:\Windows\System\yVGOWLM.exe
  2⤵
  PID:7844
- C:\Windows\System\deYmcFx.exe
  C:\Windows\System\deYmcFx.exe
  2⤵
  PID:7872
- C:\Windows\System\jbIyrIR.exe
  C:\Windows\System\jbIyrIR.exe
  2⤵
  PID:7900
- C:\Windows\System\YFviuWS.exe
  C:\Windows\System\YFviuWS.exe
  2⤵
  PID:7928
- C:\Windows\System\uiqsSwa.exe
  C:\Windows\System\uiqsSwa.exe
  2⤵
  PID:7956
- C:\Windows\System\MilNEVs.exe
  C:\Windows\System\MilNEVs.exe
  2⤵
  PID:7984
- C:\Windows\System\DToYxLP.exe
  C:\Windows\System\DToYxLP.exe
  2⤵
  PID:8016
- C:\Windows\System\SakQJJd.exe
  C:\Windows\System\SakQJJd.exe
  2⤵
  PID:8040
- C:\Windows\System\ATzXHpu.exe
  C:\Windows\System\ATzXHpu.exe
  2⤵
  PID:8068
- C:\Windows\System\QcznOIH.exe
  C:\Windows\System\QcznOIH.exe
  2⤵
  PID:8096
- C:\Windows\System\pizHrQH.exe
  C:\Windows\System\pizHrQH.exe
  2⤵
  PID:8124
- C:\Windows\System\EjQarqY.exe
  C:\Windows\System\EjQarqY.exe
  2⤵
  PID:8152
- C:\Windows\System\ifTfZJM.exe
  C:\Windows\System\ifTfZJM.exe
  2⤵
  PID:8188
- C:\Windows\System\mbuNSoP.exe
  C:\Windows\System\mbuNSoP.exe
  2⤵
  PID:7212
- C:\Windows\System\QByZsUB.exe
  C:\Windows\System\QByZsUB.exe
  2⤵
  PID:7276
- C:\Windows\System\pnDqDYk.exe
  C:\Windows\System\pnDqDYk.exe
  2⤵
  PID:7332
- C:\Windows\System\EGStdAW.exe
  C:\Windows\System\EGStdAW.exe
  2⤵
  PID:7412
- C:\Windows\System\xaMLeld.exe
  C:\Windows\System\xaMLeld.exe
  2⤵
  PID:7488
- C:\Windows\System\JhAfQOr.exe
  C:\Windows\System\JhAfQOr.exe
  2⤵
  PID:7532
- C:\Windows\System\NjyAdwC.exe
  C:\Windows\System\NjyAdwC.exe
  2⤵
  PID:7588
- C:\Windows\System\GzxPOms.exe
  C:\Windows\System\GzxPOms.exe
  2⤵
  PID:7668
- C:\Windows\System\hgcqJti.exe
  C:\Windows\System\hgcqJti.exe
  2⤵
  PID:7724
- C:\Windows\System\lXdtRyp.exe
  C:\Windows\System\lXdtRyp.exe
  2⤵
  PID:7784
- C:\Windows\System\FDuaTvy.exe
  C:\Windows\System\FDuaTvy.exe
  2⤵
  PID:7868
- C:\Windows\System\mgwzkKI.exe
  C:\Windows\System\mgwzkKI.exe
  2⤵
  PID:7920
- C:\Windows\System\OACBgQA.exe
  C:\Windows\System\OACBgQA.exe
  2⤵
  PID:8008
- C:\Windows\System\KBjrqwI.exe
  C:\Windows\System\KBjrqwI.exe
  2⤵
  PID:8052
- C:\Windows\System\LYOfmdL.exe
  C:\Windows\System\LYOfmdL.exe
  2⤵
  PID:8116
- C:\Windows\System\aQnWxdX.exe
  C:\Windows\System\aQnWxdX.exe
  2⤵
  PID:8176
- C:\Windows\System\yigCMKn.exe
  C:\Windows\System\yigCMKn.exe
  2⤵
  PID:7328
- C:\Windows\System\ETZTsEs.exe
  C:\Windows\System\ETZTsEs.exe
  2⤵
  PID:7460
- C:\Windows\System\ESBEkHg.exe
  C:\Windows\System\ESBEkHg.exe
  2⤵
  PID:7496
- C:\Windows\System\XCGkykc.exe
  C:\Windows\System\XCGkykc.exe
  2⤵
  PID:7716
- C:\Windows\System\DiuUrbR.exe
  C:\Windows\System\DiuUrbR.exe
  2⤵
  PID:7892
- C:\Windows\System\rHWQQKM.exe
  C:\Windows\System\rHWQQKM.exe
  2⤵
  PID:8092
- C:\Windows\System\uMZOpBk.exe
  C:\Windows\System\uMZOpBk.exe
  2⤵
  PID:7196
- C:\Windows\System\NUuNkBh.exe
  C:\Windows\System\NUuNkBh.exe
  2⤵
  PID:1556
- C:\Windows\System\CacjdEZ.exe
  C:\Windows\System\CacjdEZ.exe
  2⤵
  PID:7700
- C:\Windows\System\CcqDyqK.exe
  C:\Windows\System\CcqDyqK.exe
  2⤵
  PID:8164
- C:\Windows\System\EKnnRIm.exe
  C:\Windows\System\EKnnRIm.exe
  2⤵
  PID:7840
- C:\Windows\System\ZMXvEjA.exe
  C:\Windows\System\ZMXvEjA.exe
  2⤵
  PID:7560
- C:\Windows\System\eukElfj.exe
  C:\Windows\System\eukElfj.exe
  2⤵
  PID:8208
- C:\Windows\System\DqHIIUN.exe
  C:\Windows\System\DqHIIUN.exe
  2⤵
  PID:8240
- C:\Windows\System\tyQRrdR.exe
  C:\Windows\System\tyQRrdR.exe
  2⤵
  PID:8264
- C:\Windows\System\WCskLyd.exe
  C:\Windows\System\WCskLyd.exe
  2⤵
  PID:8292
- C:\Windows\System\BsCKFRG.exe
  C:\Windows\System\BsCKFRG.exe
  2⤵
  PID:8324
- C:\Windows\System\AlzoIhD.exe
  C:\Windows\System\AlzoIhD.exe
  2⤵
  PID:8360
- C:\Windows\System\ndFZkdW.exe
  C:\Windows\System\ndFZkdW.exe
  2⤵
  PID:8380
- C:\Windows\System\iyvTXsz.exe
  C:\Windows\System\iyvTXsz.exe
  2⤵
  PID:8412
- C:\Windows\System\NzfSVOT.exe
  C:\Windows\System\NzfSVOT.exe
  2⤵
  PID:8436
- C:\Windows\System\FycAAOw.exe
  C:\Windows\System\FycAAOw.exe
  2⤵
  PID:8464
- C:\Windows\System\kZQwHJl.exe
  C:\Windows\System\kZQwHJl.exe
  2⤵
  PID:8500
- C:\Windows\System\BashJVC.exe
  C:\Windows\System\BashJVC.exe
  2⤵
  PID:8528
- C:\Windows\System\rhEnTXf.exe
  C:\Windows\System\rhEnTXf.exe
  2⤵
  PID:8548
- C:\Windows\System\eKTWOFN.exe
  C:\Windows\System\eKTWOFN.exe
  2⤵
  PID:8576
- C:\Windows\System\fTKHmWM.exe
  C:\Windows\System\fTKHmWM.exe
  2⤵
  PID:8604
- C:\Windows\System\rtYFABa.exe
  C:\Windows\System\rtYFABa.exe
  2⤵
  PID:8636
- C:\Windows\System\msvwGit.exe
  C:\Windows\System\msvwGit.exe
  2⤵
  PID:8660
- C:\Windows\System\EDfgZuy.exe
  C:\Windows\System\EDfgZuy.exe
  2⤵
  PID:8692
- C:\Windows\System\LHprRJL.exe
  C:\Windows\System\LHprRJL.exe
  2⤵
  PID:8716
- C:\Windows\System\nfNHGzM.exe
  C:\Windows\System\nfNHGzM.exe
  2⤵
  PID:8744
- C:\Windows\System\SgyOSpY.exe
  C:\Windows\System\SgyOSpY.exe
  2⤵
  PID:8772
- C:\Windows\System\uQuvxXy.exe
  C:\Windows\System\uQuvxXy.exe
  2⤵
  PID:8800
- C:\Windows\System\CWEXYHM.exe
  C:\Windows\System\CWEXYHM.exe
  2⤵
  PID:8828
- C:\Windows\System\MusSKXq.exe
  C:\Windows\System\MusSKXq.exe
  2⤵
  PID:8860
- C:\Windows\System\QLhDhNn.exe
  C:\Windows\System\QLhDhNn.exe
  2⤵
  PID:8888
- C:\Windows\System\VBRgZND.exe
  C:\Windows\System\VBRgZND.exe
  2⤵
  PID:8912
- C:\Windows\System\nrUDogE.exe
  C:\Windows\System\nrUDogE.exe
  2⤵
  PID:8944
- C:\Windows\System\DGmnYRt.exe
  C:\Windows\System\DGmnYRt.exe
  2⤵
  PID:8968
- C:\Windows\System\aTruMzO.exe
  C:\Windows\System\aTruMzO.exe
  2⤵
  PID:9000
- C:\Windows\System\ivGDkKj.exe
  C:\Windows\System\ivGDkKj.exe
  2⤵
  PID:9032
- C:\Windows\System\AvNrjFq.exe
  C:\Windows\System\AvNrjFq.exe
  2⤵
  PID:9052
- C:\Windows\System\hYbugeW.exe
  C:\Windows\System\hYbugeW.exe
  2⤵
  PID:9080
- C:\Windows\System\cEhluHz.exe
  C:\Windows\System\cEhluHz.exe
  2⤵
  PID:9108
- C:\Windows\System\dOQNZuF.exe
  C:\Windows\System\dOQNZuF.exe
  2⤵
  PID:9136
- C:\Windows\System\SvDnIQR.exe
  C:\Windows\System\SvDnIQR.exe
  2⤵
  PID:9168
- C:\Windows\System\gdpRCAd.exe
  C:\Windows\System\gdpRCAd.exe
  2⤵
  PID:9192
- C:\Windows\System\JhcvqFN.exe
  C:\Windows\System\JhcvqFN.exe
  2⤵
  PID:8200
- C:\Windows\System\lcaFHMs.exe
  C:\Windows\System\lcaFHMs.exe
  2⤵
  PID:8260
- C:\Windows\System\TxyOUuE.exe
  C:\Windows\System\TxyOUuE.exe
  2⤵
  PID:8340
- C:\Windows\System\KmsTJFV.exe
  C:\Windows\System\KmsTJFV.exe
  2⤵
  PID:8428
- C:\Windows\System\DLltSsE.exe
  C:\Windows\System\DLltSsE.exe
  2⤵
  PID:8488
- C:\Windows\System\rXeRDev.exe
  C:\Windows\System\rXeRDev.exe
  2⤵
  PID:8540
- C:\Windows\System\ZLlnnLX.exe
  C:\Windows\System\ZLlnnLX.exe
  2⤵
  PID:8600
- C:\Windows\System\tvZZitb.exe
  C:\Windows\System\tvZZitb.exe
  2⤵
  PID:8672
- C:\Windows\System\kqVcPXz.exe
  C:\Windows\System\kqVcPXz.exe
  2⤵
  PID:3428
- C:\Windows\System\xmeDWXt.exe
  C:\Windows\System\xmeDWXt.exe
  2⤵
  PID:8784
- C:\Windows\System\FqWgUTb.exe
  C:\Windows\System\FqWgUTb.exe
  2⤵
  PID:8876
- C:\Windows\System\qHXYUvc.exe
  C:\Windows\System\qHXYUvc.exe
  2⤵
  PID:8908
- C:\Windows\System\PjriGJg.exe
  C:\Windows\System\PjriGJg.exe
  2⤵
  PID:8980
- C:\Windows\System\jiiCqZV.exe
  C:\Windows\System\jiiCqZV.exe
  2⤵
  PID:9064
- C:\Windows\System\unYUSsH.exe
  C:\Windows\System\unYUSsH.exe
  2⤵
  PID:9120
- C:\Windows\System\xEYOHwv.exe
  C:\Windows\System\xEYOHwv.exe
  2⤵
  PID:9176
- C:\Windows\System\JYLwcaa.exe
  C:\Windows\System\JYLwcaa.exe
  2⤵
  PID:8248
- C:\Windows\System\TSNryyS.exe
  C:\Windows\System\TSNryyS.exe
  2⤵
  PID:8420
- C:\Windows\System\tqNvAqt.exe
  C:\Windows\System\tqNvAqt.exe
  2⤵
  PID:8568
- C:\Windows\System\dOvHnUS.exe
  C:\Windows\System\dOvHnUS.exe
  2⤵
  PID:8712
- C:\Windows\System\JKBUkyX.exe
  C:\Windows\System\JKBUkyX.exe
  2⤵
  PID:8868
- C:\Windows\System\LKckair.exe
  C:\Windows\System\LKckair.exe
  2⤵
  PID:9040
- C:\Windows\System\kPrefDV.exe
  C:\Windows\System\kPrefDV.exe
  2⤵
  PID:9160
- C:\Windows\System\kxyVHLu.exe
  C:\Windows\System\kxyVHLu.exe
  2⤵
  PID:8376
- C:\Windows\System\ZOaySLC.exe
  C:\Windows\System\ZOaySLC.exe
  2⤵
  PID:8764
- C:\Windows\System\OYEKHXP.exe
  C:\Windows\System\OYEKHXP.exe
  2⤵
  PID:1324
- C:\Windows\System\FkZoDWt.exe
  C:\Windows\System\FkZoDWt.exe
  2⤵
  PID:8700
- C:\Windows\System\EiPYJOV.exe
  C:\Windows\System\EiPYJOV.exe
  2⤵
  PID:9092
- C:\Windows\System\YWOivvA.exe
  C:\Windows\System\YWOivvA.exe
  2⤵
  PID:9240
- C:\Windows\System\zSyJraj.exe
  C:\Windows\System\zSyJraj.exe
  2⤵
  PID:9268
- C:\Windows\System\DScznDn.exe
  C:\Windows\System\DScznDn.exe
  2⤵
  PID:9296
- C:\Windows\System\cGIBzkN.exe
  C:\Windows\System\cGIBzkN.exe
  2⤵
  PID:9336
- C:\Windows\System\TrgOwIe.exe
  C:\Windows\System\TrgOwIe.exe
  2⤵
  PID:9352
- C:\Windows\System\DmxCMAw.exe
  C:\Windows\System\DmxCMAw.exe
  2⤵
  PID:9380
- C:\Windows\System\xuvlKja.exe
  C:\Windows\System\xuvlKja.exe
  2⤵
  PID:9408
- C:\Windows\System\ghYNAyy.exe
  C:\Windows\System\ghYNAyy.exe
  2⤵
  PID:9444
- C:\Windows\System\uDCzVHB.exe
  C:\Windows\System\uDCzVHB.exe
  2⤵
  PID:9464
- C:\Windows\System\eIvMakt.exe
  C:\Windows\System\eIvMakt.exe
  2⤵
  PID:9492
- C:\Windows\System\DbgeOvg.exe
  C:\Windows\System\DbgeOvg.exe
  2⤵
  PID:9524
- C:\Windows\System\VyXAPdi.exe
  C:\Windows\System\VyXAPdi.exe
  2⤵
  PID:9548
- C:\Windows\System\euoEjYY.exe
  C:\Windows\System\euoEjYY.exe
  2⤵
  PID:9576
- C:\Windows\System\zGEsVXx.exe
  C:\Windows\System\zGEsVXx.exe
  2⤵
  PID:9604
- C:\Windows\System\CzjOaAn.exe
  C:\Windows\System\CzjOaAn.exe
  2⤵
  PID:9636
- C:\Windows\System\NNEkroI.exe
  C:\Windows\System\NNEkroI.exe
  2⤵
  PID:9660
- C:\Windows\System\ZvkifAd.exe
  C:\Windows\System\ZvkifAd.exe
  2⤵
  PID:9688
- C:\Windows\System\NnZtSHr.exe
  C:\Windows\System\NnZtSHr.exe
  2⤵
  PID:9724
- C:\Windows\System\DyPMTxs.exe
  C:\Windows\System\DyPMTxs.exe
  2⤵
  PID:9744
- C:\Windows\System\uFnigxf.exe
  C:\Windows\System\uFnigxf.exe
  2⤵
  PID:9772
- C:\Windows\System\brSFtzl.exe
  C:\Windows\System\brSFtzl.exe
  2⤵
  PID:9804
- C:\Windows\System\AtYVDdE.exe
  C:\Windows\System\AtYVDdE.exe
  2⤵
  PID:9828
- C:\Windows\System\MGDidKA.exe
  C:\Windows\System\MGDidKA.exe
  2⤵
  PID:9864
- C:\Windows\System\XyDhxEb.exe
  C:\Windows\System\XyDhxEb.exe
  2⤵
  PID:9884
- C:\Windows\System\GZZlrGI.exe
  C:\Windows\System\GZZlrGI.exe
  2⤵
  PID:9912
- C:\Windows\System\sJXCGrU.exe
  C:\Windows\System\sJXCGrU.exe
  2⤵
  PID:9948
- C:\Windows\System\tJMeuRf.exe
  C:\Windows\System\tJMeuRf.exe
  2⤵
  PID:9968
- C:\Windows\System\XXyblcD.exe
  C:\Windows\System\XXyblcD.exe
  2⤵
  PID:9996
- C:\Windows\System\RrbdnWL.exe
  C:\Windows\System\RrbdnWL.exe
  2⤵
  PID:10024
- C:\Windows\System\nTsbvUN.exe
  C:\Windows\System\nTsbvUN.exe
  2⤵
  PID:10052
- C:\Windows\System\XfwmUaL.exe
  C:\Windows\System\XfwmUaL.exe
  2⤵
  PID:10080
- C:\Windows\System\WbnYQHJ.exe
  C:\Windows\System\WbnYQHJ.exe
  2⤵
  PID:10116
- C:\Windows\System\CkSEThV.exe
  C:\Windows\System\CkSEThV.exe
  2⤵
  PID:10136
- C:\Windows\System\KFmBCbH.exe
  C:\Windows\System\KFmBCbH.exe
  2⤵
  PID:10172
- C:\Windows\System\CqGlzzb.exe
  C:\Windows\System\CqGlzzb.exe
  2⤵
  PID:10200
- C:\Windows\System\deLYztF.exe
  C:\Windows\System\deLYztF.exe
  2⤵
  PID:10220
- C:\Windows\System\RKnpsry.exe
  C:\Windows\System\RKnpsry.exe
  2⤵
  PID:9236
- C:\Windows\System\cMOmSic.exe
  C:\Windows\System\cMOmSic.exe
  2⤵
  PID:9292
- C:\Windows\System\uBACzQU.exe
  C:\Windows\System\uBACzQU.exe
  2⤵
  PID:9364
- C:\Windows\System\kZEVPOf.exe
  C:\Windows\System\kZEVPOf.exe
  2⤵
  PID:9428
- C:\Windows\System\DVJYrsh.exe
  C:\Windows\System\DVJYrsh.exe
  2⤵
  PID:9488
- C:\Windows\System\GLOvgdO.exe
  C:\Windows\System\GLOvgdO.exe
  2⤵
  PID:9560
- C:\Windows\System\DCfkjkY.exe
  C:\Windows\System\DCfkjkY.exe
  2⤵
  PID:9624
- C:\Windows\System\iPMlSVo.exe
  C:\Windows\System\iPMlSVo.exe
  2⤵
  PID:9684
- C:\Windows\System\YGUkTwz.exe
  C:\Windows\System\YGUkTwz.exe
  2⤵
  PID:9756
- C:\Windows\System\AFGyomi.exe
  C:\Windows\System\AFGyomi.exe
  2⤵
  PID:9820
- C:\Windows\System\ezJUEPU.exe
  C:\Windows\System\ezJUEPU.exe
  2⤵
  PID:9880
- C:\Windows\System\WwTQvML.exe
  C:\Windows\System\WwTQvML.exe
  2⤵
  PID:9960
- C:\Windows\System\UePotsp.exe
  C:\Windows\System\UePotsp.exe
  2⤵
  PID:10020
- C:\Windows\System\RhjLVht.exe
  C:\Windows\System\RhjLVht.exe
  2⤵
  PID:10076
- C:\Windows\System\fVWJLVt.exe
  C:\Windows\System\fVWJLVt.exe
  2⤵
  PID:10148
- C:\Windows\System\KzzEFaZ.exe
  C:\Windows\System\KzzEFaZ.exe
  2⤵
  PID:10216
- C:\Windows\System\cpwJDZF.exe
  C:\Windows\System\cpwJDZF.exe
  2⤵
  PID:9288
- C:\Windows\System\BuhNoTv.exe
  C:\Windows\System\BuhNoTv.exe
  2⤵
  PID:9456
- C:\Windows\System\zhnFDJq.exe
  C:\Windows\System\zhnFDJq.exe
  2⤵
  PID:9600
- C:\Windows\System\clFqPNv.exe
  C:\Windows\System\clFqPNv.exe
  2⤵
  PID:9784
- C:\Windows\System\rqzpGyy.exe
  C:\Windows\System\rqzpGyy.exe
  2⤵
  PID:9908
- C:\Windows\System\kznHyeO.exe
  C:\Windows\System\kznHyeO.exe
  2⤵
  PID:10064
- C:\Windows\System\SHtzRHn.exe
  C:\Windows\System\SHtzRHn.exe
  2⤵
  PID:10208
- C:\Windows\System\xmKezLA.exe
  C:\Windows\System\xmKezLA.exe
  2⤵
  PID:9404
- C:\Windows\System\wAwCjNz.exe
  C:\Windows\System\wAwCjNz.exe
  2⤵
  PID:9812
- C:\Windows\System\xgCqhCJ.exe
  C:\Windows\System\xgCqhCJ.exe
  2⤵
  PID:10132
- C:\Windows\System\WFVRHIU.exe
  C:\Windows\System\WFVRHIU.exe
  2⤵
  PID:9712
- C:\Windows\System\oSQkctu.exe
  C:\Windows\System\oSQkctu.exe
  2⤵
  PID:9280
- C:\Windows\System\PCHCmZr.exe
  C:\Windows\System\PCHCmZr.exe
  2⤵
  PID:10260
- C:\Windows\System\snwZWDA.exe
  C:\Windows\System\snwZWDA.exe
  2⤵
  PID:10288
- C:\Windows\System\VlbGYQy.exe
  C:\Windows\System\VlbGYQy.exe
  2⤵
  PID:10316
- C:\Windows\System\MdgCBcr.exe
  C:\Windows\System\MdgCBcr.exe
  2⤵
  PID:10344
- C:\Windows\System\VBcAdQw.exe
  C:\Windows\System\VBcAdQw.exe
  2⤵
  PID:10372
- C:\Windows\System\SISWjtb.exe
  C:\Windows\System\SISWjtb.exe
  2⤵
  PID:10404
- C:\Windows\System\QCHUXtR.exe
  C:\Windows\System\QCHUXtR.exe
  2⤵
  PID:10428
- C:\Windows\System\uerawHU.exe
  C:\Windows\System\uerawHU.exe
  2⤵
  PID:10468
- C:\Windows\System\emwMfKl.exe
  C:\Windows\System\emwMfKl.exe
  2⤵
  PID:10484
- C:\Windows\System\jRbLfSe.exe
  C:\Windows\System\jRbLfSe.exe
  2⤵
  PID:10512
- C:\Windows\System\BNEBavQ.exe
  C:\Windows\System\BNEBavQ.exe
  2⤵
  PID:10540
- C:\Windows\System\suqUpPs.exe
  C:\Windows\System\suqUpPs.exe
  2⤵
  PID:10576
- C:\Windows\System\yJRwpiw.exe
  C:\Windows\System\yJRwpiw.exe
  2⤵
  PID:10636
- C:\Windows\System\IppMFTf.exe
  C:\Windows\System\IppMFTf.exe
  2⤵
  PID:10656
- C:\Windows\System\ZhGtJeO.exe
  C:\Windows\System\ZhGtJeO.exe
  2⤵
  PID:10692
- C:\Windows\System\XDVRgTM.exe
  C:\Windows\System\XDVRgTM.exe
  2⤵
  PID:10740
- C:\Windows\System\HGIUMgE.exe
  C:\Windows\System\HGIUMgE.exe
  2⤵
  PID:10772
- C:\Windows\System\ztVqSEs.exe
  C:\Windows\System\ztVqSEs.exe
  2⤵
  PID:10800
- C:\Windows\System\exJWGri.exe
  C:\Windows\System\exJWGri.exe
  2⤵
  PID:10828
- C:\Windows\System\TWoKmyc.exe
  C:\Windows\System\TWoKmyc.exe
  2⤵
  PID:10860
- C:\Windows\System\ZwfMPIi.exe
  C:\Windows\System\ZwfMPIi.exe
  2⤵
  PID:10888
- C:\Windows\System\NLiVaBD.exe
  C:\Windows\System\NLiVaBD.exe
  2⤵
  PID:10916
- C:\Windows\System\WYgEFFF.exe
  C:\Windows\System\WYgEFFF.exe
  2⤵
  PID:10944
- C:\Windows\System\OAIKWAk.exe
  C:\Windows\System\OAIKWAk.exe
  2⤵
  PID:10976
- C:\Windows\System\LXlNuye.exe
  C:\Windows\System\LXlNuye.exe
  2⤵
  PID:11000
- C:\Windows\System\EDLPJJN.exe
  C:\Windows\System\EDLPJJN.exe
  2⤵
  PID:11028
- C:\Windows\System\GrwtJks.exe
  C:\Windows\System\GrwtJks.exe
  2⤵
  PID:11056
- C:\Windows\System\yAOtslO.exe
  C:\Windows\System\yAOtslO.exe
  2⤵
  PID:11084
- C:\Windows\System\ksRENFQ.exe
  C:\Windows\System\ksRENFQ.exe
  2⤵
  PID:11112
- C:\Windows\System\LoJvQck.exe
  C:\Windows\System\LoJvQck.exe
  2⤵
  PID:11148
- C:\Windows\System\CMssoKw.exe
  C:\Windows\System\CMssoKw.exe
  2⤵
  PID:11168
- C:\Windows\System\xkKGfJI.exe
  C:\Windows\System\xkKGfJI.exe
  2⤵
  PID:11196
- C:\Windows\System\HAgMcYZ.exe
  C:\Windows\System\HAgMcYZ.exe
  2⤵
  PID:11228
- C:\Windows\System\byLlmdE.exe
  C:\Windows\System\byLlmdE.exe
  2⤵
  PID:11256
- C:\Windows\System\AmRlSRj.exe
  C:\Windows\System\AmRlSRj.exe
  2⤵
  PID:10300
- C:\Windows\System\hgskFoG.exe
  C:\Windows\System\hgskFoG.exe
  2⤵
  PID:10384
- C:\Windows\System\ddEpkIG.exe
  C:\Windows\System\ddEpkIG.exe
  2⤵
  PID:10420
- C:\Windows\System\tnCIieS.exe
  C:\Windows\System\tnCIieS.exe
  2⤵
  PID:10480
- C:\Windows\System\tfTMNif.exe
  C:\Windows\System\tfTMNif.exe
  2⤵
  PID:10536
- C:\Windows\System\TdxRoAx.exe
  C:\Windows\System\TdxRoAx.exe
  2⤵
  PID:3456
- C:\Windows\System\GPdAlyM.exe
  C:\Windows\System\GPdAlyM.exe
  2⤵
  PID:10644
- C:\Windows\System\ygDcIts.exe
  C:\Windows\System\ygDcIts.exe
  2⤵
  PID:10736
- C:\Windows\System\kelGjME.exe
  C:\Windows\System\kelGjME.exe
  2⤵
  PID:10796
- C:\Windows\System\qjmeaUe.exe
  C:\Windows\System\qjmeaUe.exe
  2⤵
  PID:10856
- C:\Windows\System\RrYnrir.exe
  C:\Windows\System\RrYnrir.exe
  2⤵
  PID:10880
- C:\Windows\System\GdzKWLk.exe
  C:\Windows\System\GdzKWLk.exe
  2⤵
  PID:10940
- C:\Windows\System\zSBcart.exe
  C:\Windows\System\zSBcart.exe
  2⤵
  PID:10996
- C:\Windows\System\CLxXkRR.exe
  C:\Windows\System\CLxXkRR.exe
  2⤵
  PID:11068
- C:\Windows\System\aNDbEYQ.exe
  C:\Windows\System\aNDbEYQ.exe
  2⤵
  PID:3168
- C:\Windows\System\krOrWay.exe
  C:\Windows\System\krOrWay.exe
  2⤵
  PID:11180
- C:\Windows\System\YEvERMg.exe
  C:\Windows\System\YEvERMg.exe
  2⤵
  PID:11248
- C:\Windows\System\DrvOEBY.exe
  C:\Windows\System\DrvOEBY.exe
  2⤵
  PID:10336
- C:\Windows\System\RXvlcVk.exe
  C:\Windows\System\RXvlcVk.exe
  2⤵
  PID:10476
- C:\Windows\System\lNcrMiV.exe
  C:\Windows\System\lNcrMiV.exe
  2⤵
  PID:3128
- C:\Windows\System\pOGygwS.exe
  C:\Windows\System\pOGygwS.exe
  2⤵
  PID:10784
- C:\Windows\System\wCYXWds.exe
  C:\Windows\System\wCYXWds.exe
  2⤵
  PID:6100
- C:\Windows\System\ylprttL.exe
  C:\Windows\System\ylprttL.exe
  2⤵
  PID:11024
- C:\Windows\System\GODytSd.exe
  C:\Windows\System\GODytSd.exe
  2⤵
  PID:10272
- C:\Windows\System\uLLBYVX.exe
  C:\Windows\System\uLLBYVX.exe
  2⤵
  PID:10448
- C:\Windows\System\ZTOMwpU.exe
  C:\Windows\System\ZTOMwpU.exe
  2⤵
  PID:10764
- C:\Windows\System\LhFEWYg.exe
  C:\Windows\System\LhFEWYg.exe
  2⤵
  PID:11124
- C:\Windows\System\Cdzjcyu.exe
  C:\Windows\System\Cdzjcyu.exe
  2⤵
  PID:11136
- C:\Windows\System\LgqISTr.exe
  C:\Windows\System\LgqISTr.exe
  2⤵
  PID:3996
- C:\Windows\System\BNXqtRK.exe
  C:\Windows\System\BNXqtRK.exe
  2⤵
  PID:10668
- C:\Windows\System\eeYSWRz.exe
  C:\Windows\System\eeYSWRz.exe
  2⤵
  PID:11224
- C:\Windows\System\ajXQvpe.exe
  C:\Windows\System\ajXQvpe.exe
  2⤵
  PID:11280
- C:\Windows\System\FpZOiLe.exe
  C:\Windows\System\FpZOiLe.exe
  2⤵
  PID:11308
- C:\Windows\System\TFnhnCP.exe
  C:\Windows\System\TFnhnCP.exe
  2⤵
  PID:11336
- C:\Windows\System\XhiuNwX.exe
  C:\Windows\System\XhiuNwX.exe
  2⤵
  PID:11364
- C:\Windows\System\iGwKYso.exe
  C:\Windows\System\iGwKYso.exe
  2⤵
  PID:11392
- C:\Windows\System\cndSKPU.exe
  C:\Windows\System\cndSKPU.exe
  2⤵
  PID:11420
- C:\Windows\System\duPKihq.exe
  C:\Windows\System\duPKihq.exe
  2⤵
  PID:11448
- C:\Windows\System\kmxyZLy.exe
  C:\Windows\System\kmxyZLy.exe
  2⤵
  PID:11476
- C:\Windows\System\pUddjYa.exe
  C:\Windows\System\pUddjYa.exe
  2⤵
  PID:11504
- C:\Windows\System\mHwdeWr.exe
  C:\Windows\System\mHwdeWr.exe
  2⤵
  PID:11532
- C:\Windows\System\tKspsaP.exe
  C:\Windows\System\tKspsaP.exe
  2⤵
  PID:11560
- C:\Windows\System\vWsLlYI.exe
  C:\Windows\System\vWsLlYI.exe
  2⤵
  PID:11588
- C:\Windows\System\DQVgSeC.exe
  C:\Windows\System\DQVgSeC.exe
  2⤵
  PID:11616
- C:\Windows\System\BivKbpg.exe
  C:\Windows\System\BivKbpg.exe
  2⤵
  PID:11644
- C:\Windows\System\SnPeNqJ.exe
  C:\Windows\System\SnPeNqJ.exe
  2⤵
  PID:11676
- C:\Windows\System\zmYwKWD.exe
  C:\Windows\System\zmYwKWD.exe
  2⤵
  PID:11700
- C:\Windows\System\aCiSdEI.exe
  C:\Windows\System\aCiSdEI.exe
  2⤵
  PID:11728
- C:\Windows\System\cTOCuom.exe
  C:\Windows\System\cTOCuom.exe
  2⤵
  PID:11756
- C:\Windows\System\iAKTixe.exe
  C:\Windows\System\iAKTixe.exe
  2⤵
  PID:11836
- C:\Windows\System\MovNwyT.exe
  C:\Windows\System\MovNwyT.exe
  2⤵
  PID:11864
- C:\Windows\System\UpjqBGs.exe
  C:\Windows\System\UpjqBGs.exe
  2⤵
  PID:11892
- C:\Windows\System\snmdggB.exe
  C:\Windows\System\snmdggB.exe
  2⤵
  PID:11928
- C:\Windows\System\HsmTmFd.exe
  C:\Windows\System\HsmTmFd.exe
  2⤵
  PID:11948
- C:\Windows\System\GpxSJoK.exe
  C:\Windows\System\GpxSJoK.exe
  2⤵
  PID:11976
- C:\Windows\System\cAQTknd.exe
  C:\Windows\System\cAQTknd.exe
  2⤵
  PID:12004
- C:\Windows\System\RAMyoVv.exe
  C:\Windows\System\RAMyoVv.exe
  2⤵
  PID:12032
- C:\Windows\System\fxdXjcu.exe
  C:\Windows\System\fxdXjcu.exe
  2⤵
  PID:12060
- C:\Windows\System\sfkyFwA.exe
  C:\Windows\System\sfkyFwA.exe
  2⤵
  PID:12088
- C:\Windows\System\KgOptSZ.exe
  C:\Windows\System\KgOptSZ.exe
  2⤵
  PID:12116
- C:\Windows\System\ugyVeqA.exe
  C:\Windows\System\ugyVeqA.exe
  2⤵
  PID:12152
- C:\Windows\System\UQuGAKq.exe
  C:\Windows\System\UQuGAKq.exe
  2⤵
  PID:12172
- C:\Windows\System\nUwNSpi.exe
  C:\Windows\System\nUwNSpi.exe
  2⤵
  PID:12200
- C:\Windows\System\VMNAgjV.exe
  C:\Windows\System\VMNAgjV.exe
  2⤵
  PID:12228
- C:\Windows\System\SuTRWtk.exe
  C:\Windows\System\SuTRWtk.exe
  2⤵
  PID:12256
- C:\Windows\System\HGVCnqc.exe
  C:\Windows\System\HGVCnqc.exe
  2⤵
  PID:12284
- C:\Windows\System\yyrYoKS.exe
  C:\Windows\System\yyrYoKS.exe
  2⤵
  PID:11320
- C:\Windows\System\hfdcHUZ.exe
  C:\Windows\System\hfdcHUZ.exe
  2⤵
  PID:11384
- C:\Windows\System\BMTWRkq.exe
  C:\Windows\System\BMTWRkq.exe
  2⤵
  PID:11444
- C:\Windows\System\OUAxQlP.exe
  C:\Windows\System\OUAxQlP.exe
  2⤵
  PID:11496
- C:\Windows\System\cZohraw.exe
  C:\Windows\System\cZohraw.exe
  2⤵
  PID:11552
- C:\Windows\System\qgmjvZn.exe
  C:\Windows\System\qgmjvZn.exe
  2⤵
  PID:11636
- C:\Windows\System\suGRDlJ.exe
  C:\Windows\System\suGRDlJ.exe
  2⤵
  PID:11696
- C:\Windows\System\VrAPnJS.exe
  C:\Windows\System\VrAPnJS.exe
  2⤵
  PID:11748
- C:\Windows\System\KjFiocS.exe
  C:\Windows\System\KjFiocS.exe
  2⤵
  PID:11792
- C:\Windows\System\WUKvZjh.exe
  C:\Windows\System\WUKvZjh.exe
  2⤵
  PID:12140
- C:\Windows\System\RnaznTB.exe
  C:\Windows\System\RnaznTB.exe
  2⤵
  PID:12212
- C:\Windows\System\zMAeIbj.exe
  C:\Windows\System\zMAeIbj.exe
  2⤵
  PID:12276
- C:\Windows\System\IYzERfp.exe
  C:\Windows\System\IYzERfp.exe
  2⤵
  PID:11376
- C:\Windows\System\jWiXefi.exe
  C:\Windows\System\jWiXefi.exe
  2⤵
  PID:4904
- C:\Windows\System\nXlMPux.exe
  C:\Windows\System\nXlMPux.exe
  2⤵
  PID:11664
- C:\Windows\System\lfCanPZ.exe
  C:\Windows\System\lfCanPZ.exe
  2⤵
  PID:11788
- C:\Windows\System\ezDUYhu.exe
  C:\Windows\System\ezDUYhu.exe
  2⤵
  PID:12128
- C:\Windows\System\wlXLjTB.exe
  C:\Windows\System\wlXLjTB.exe
  2⤵
  PID:11940
- C:\Windows\System\URfLQLC.exe
  C:\Windows\System\URfLQLC.exe
  2⤵
  PID:11996
- C:\Windows\System\pNSTjGs.exe
  C:\Windows\System\pNSTjGs.exe
  2⤵
  PID:12028
- C:\Windows\System\dOOCxau.exe
  C:\Windows\System\dOOCxau.exe
  2⤵
  PID:11848
- C:\Windows\System\UUakuCr.exe
  C:\Windows\System\UUakuCr.exe
  2⤵
  PID:12252
- C:\Windows\System\gTZIkNg.exe
  C:\Windows\System\gTZIkNg.exe
  2⤵
  PID:4852
- C:\Windows\System\bsdndWN.exe
  C:\Windows\System\bsdndWN.exe
  2⤵
  PID:11724
- C:\Windows\System\ILDxvvB.exe
  C:\Windows\System\ILDxvvB.exe
  2⤵
  PID:11904
- C:\Windows\System\uBDiLNL.exe
  C:\Windows\System\uBDiLNL.exe
  2⤵
  PID:12108
- C:\Windows\System\ihNjIhp.exe
  C:\Windows\System\ihNjIhp.exe
  2⤵
  PID:1404
- C:\Windows\System\GJcpWQr.exe
  C:\Windows\System\GJcpWQr.exe
  2⤵
  PID:11656
- C:\Windows\System\bGRwiUl.exe
  C:\Windows\System\bGRwiUl.exe
  2⤵
  PID:12316
- C:\Windows\System\AVIribq.exe
  C:\Windows\System\AVIribq.exe
  2⤵
  PID:12344
- C:\Windows\System\fZDPEUV.exe
  C:\Windows\System\fZDPEUV.exe
  2⤵
  PID:12372
- C:\Windows\System\RhiNyrI.exe
  C:\Windows\System\RhiNyrI.exe
  2⤵
  PID:12400
- C:\Windows\System\CDWzoHZ.exe
  C:\Windows\System\CDWzoHZ.exe
  2⤵
  PID:12428
- C:\Windows\System\aTJkJmO.exe
  C:\Windows\System\aTJkJmO.exe
  2⤵
  PID:12456
- C:\Windows\System\AudcEhT.exe
  C:\Windows\System\AudcEhT.exe
  2⤵
  PID:12484
- C:\Windows\System\NLFhPWj.exe
  C:\Windows\System\NLFhPWj.exe
  2⤵
  PID:12516
- C:\Windows\System\GGbCMvJ.exe
  C:\Windows\System\GGbCMvJ.exe
  2⤵
  PID:12544
- C:\Windows\System\AtpzpOi.exe
  C:\Windows\System\AtpzpOi.exe
  2⤵
  PID:12572
- C:\Windows\System\plLHLKy.exe
  C:\Windows\System\plLHLKy.exe
  2⤵
  PID:12600
- C:\Windows\System\pSuUAMj.exe
  C:\Windows\System\pSuUAMj.exe
  2⤵
  PID:12628
- C:\Windows\System\ldsJcaf.exe
  C:\Windows\System\ldsJcaf.exe
  2⤵
  PID:12656
- C:\Windows\System\ccMWPOj.exe
  C:\Windows\System\ccMWPOj.exe
  2⤵
  PID:12696
- C:\Windows\System\Bguinze.exe
  C:\Windows\System\Bguinze.exe
  2⤵
  PID:12716
- C:\Windows\System\apDusmd.exe
  C:\Windows\System\apDusmd.exe
  2⤵
  PID:12740
- C:\Windows\System\qlIpUyZ.exe
  C:\Windows\System\qlIpUyZ.exe
  2⤵
  PID:12768
- C:\Windows\System\NkuZGVo.exe
  C:\Windows\System\NkuZGVo.exe
  2⤵
  PID:12796
- C:\Windows\System\YiPquuI.exe
  C:\Windows\System\YiPquuI.exe
  2⤵
  PID:12824
- C:\Windows\System\oeiFtBG.exe
  C:\Windows\System\oeiFtBG.exe
  2⤵
  PID:12852
- C:\Windows\System\HtHevEr.exe
  C:\Windows\System\HtHevEr.exe
  2⤵
  PID:12880
- C:\Windows\System\zXEkiWz.exe
  C:\Windows\System\zXEkiWz.exe
  2⤵
  PID:12908
- C:\Windows\System\fFSpyHx.exe
  C:\Windows\System\fFSpyHx.exe
  2⤵
  PID:12936
- C:\Windows\System\DiLzRJF.exe
  C:\Windows\System\DiLzRJF.exe
  2⤵
  PID:12964
- C:\Windows\System\MzYUdYT.exe
  C:\Windows\System\MzYUdYT.exe
  2⤵
  PID:12992
- C:\Windows\System\EmTLslJ.exe
  C:\Windows\System\EmTLslJ.exe
  2⤵
  PID:13020
- C:\Windows\System\HLvQwkT.exe
  C:\Windows\System\HLvQwkT.exe
  2⤵
  PID:13048
- C:\Windows\System\zOIvHys.exe
  C:\Windows\System\zOIvHys.exe
  2⤵
  PID:13076
- C:\Windows\System\dxFKczd.exe
  C:\Windows\System\dxFKczd.exe
  2⤵
  PID:13108
- C:\Windows\System\PFbMKeE.exe
  C:\Windows\System\PFbMKeE.exe
  2⤵
  PID:13132
- C:\Windows\System\CCylHjY.exe
  C:\Windows\System\CCylHjY.exe
  2⤵
  PID:13160
- C:\Windows\System\jizCnTs.exe
  C:\Windows\System\jizCnTs.exe
  2⤵
  PID:13188
- C:\Windows\System\xQNDVRF.exe
  C:\Windows\System\xQNDVRF.exe
  2⤵
  PID:13216
- C:\Windows\System\fZcZVlC.exe
  C:\Windows\System\fZcZVlC.exe
  2⤵
  PID:13244
- C:\Windows\System\dKNbHrM.exe
  C:\Windows\System\dKNbHrM.exe
  2⤵
  PID:13272
- C:\Windows\System\gYiEmNk.exe
  C:\Windows\System\gYiEmNk.exe
  2⤵
  PID:13300
- C:\Windows\System\spXnuQW.exe
  C:\Windows\System\spXnuQW.exe
  2⤵
  PID:10704
- C:\Windows\System\UzjQkJq.exe
  C:\Windows\System\UzjQkJq.exe
  2⤵
  PID:10760
- C:\Windows\System\dWyDZyt.exe
  C:\Windows\System\dWyDZyt.exe
  2⤵
  PID:12340
- C:\Windows\System\CgJUmbc.exe
  C:\Windows\System\CgJUmbc.exe
  2⤵
  PID:12412
- C:\Windows\System\dLkDidi.exe
  C:\Windows\System\dLkDidi.exe
  2⤵
  PID:12476
- C:\Windows\System\TOCOZex.exe
  C:\Windows\System\TOCOZex.exe
  2⤵
  PID:12504
- C:\Windows\System\XOLdxZc.exe
  C:\Windows\System\XOLdxZc.exe
  2⤵
  PID:12612
- C:\Windows\System\PvOOxkv.exe
  C:\Windows\System\PvOOxkv.exe
  2⤵
  PID:12652
- C:\Windows\System\oZhkVmh.exe
  C:\Windows\System\oZhkVmh.exe
  2⤵
  PID:12732
- C:\Windows\System\xsSVZQX.exe
  C:\Windows\System\xsSVZQX.exe
  2⤵
  PID:12780
- C:\Windows\System\wnFRvsR.exe
  C:\Windows\System\wnFRvsR.exe
  2⤵
  PID:12844
- C:\Windows\System\FbhTWcF.exe
  C:\Windows\System\FbhTWcF.exe
  2⤵
  PID:12928
- C:\Windows\System\EoWVdwf.exe
  C:\Windows\System\EoWVdwf.exe
  2⤵
  PID:12976
- C:\Windows\System\WskZoId.exe
  C:\Windows\System\WskZoId.exe
  2⤵
  PID:13040
- C:\Windows\System\EdeRxdg.exe
  C:\Windows\System\EdeRxdg.exe
  2⤵
  PID:13100
- C:\Windows\System\LjEqozI.exe
  C:\Windows\System\LjEqozI.exe
  2⤵
  PID:13184
- C:\Windows\System\HWIzaEQ.exe
  C:\Windows\System\HWIzaEQ.exe
  2⤵
  PID:13236
- C:\Windows\System\FVCPseO.exe
  C:\Windows\System\FVCPseO.exe
  2⤵
  PID:13284
- C:\Windows\System\bRiKvih.exe
  C:\Windows\System\bRiKvih.exe
  2⤵
  PID:10616
- C:\Windows\System\SiRrvHU.exe
  C:\Windows\System\SiRrvHU.exe
  2⤵
  PID:12368
- C:\Windows\System\KSDrltu.exe
  C:\Windows\System\KSDrltu.exe
  2⤵
  PID:12528
- C:\Windows\System\PLioGmB.exe
  C:\Windows\System\PLioGmB.exe
  2⤵
  PID:12648
- C:\Windows\System\RjOcZPA.exe
  C:\Windows\System\RjOcZPA.exe
  2⤵
  PID:880
- C:\Windows\System\VtwbPgU.exe
  C:\Windows\System\VtwbPgU.exe
  2⤵
  PID:12948
- C:\Windows\System\ZUrOzaN.exe
  C:\Windows\System\ZUrOzaN.exe
  2⤵
  PID:13032
- C:\Windows\System\NucJLyr.exe
  C:\Windows\System\NucJLyr.exe
  2⤵
  PID:13156
- C:\Windows\System\kIudswi.exe
  C:\Windows\System\kIudswi.exe
  2⤵
  PID:13292
- C:\Windows\System\ocvuVQa.exe
  C:\Windows\System\ocvuVQa.exe
  2⤵
  PID:12568
- C:\Windows\System\TTRffYZ.exe
  C:\Windows\System\TTRffYZ.exe
  2⤵
  PID:12760
- C:\Windows\System\zdyMgxj.exe
  C:\Windows\System\zdyMgxj.exe
  2⤵
  PID:12900
- C:\Windows\System\AclJzbB.exe
  C:\Windows\System\AclJzbB.exe
  2⤵
  PID:4920
- C:\Windows\System\hRVShRb.exe
  C:\Windows\System\hRVShRb.exe
  2⤵
  PID:1720
- C:\Windows\System\GLPPxHv.exe
  C:\Windows\System\GLPPxHv.exe
  2⤵
  PID:13128
- C:\Windows\System\YpVDKpK.exe
  C:\Windows\System\YpVDKpK.exe
  2⤵
  PID:13016
- C:\Windows\System\MACkcse.exe
  C:\Windows\System\MACkcse.exe
  2⤵
  PID:13328
- C:\Windows\System\dnEkHAE.exe
  C:\Windows\System\dnEkHAE.exe
  2⤵
  PID:13356
- C:\Windows\System\hfTfPdK.exe
  C:\Windows\System\hfTfPdK.exe
  2⤵
  PID:13392
- C:\Windows\System\nMWDWAO.exe
  C:\Windows\System\nMWDWAO.exe
  2⤵
  PID:13420
- C:\Windows\System\mvuiJVQ.exe
  C:\Windows\System\mvuiJVQ.exe
  2⤵
  PID:13448
- C:\Windows\System\ISUvEIW.exe
  C:\Windows\System\ISUvEIW.exe
  2⤵
  PID:13468
- C:\Windows\System\LSCeCEK.exe
  C:\Windows\System\LSCeCEK.exe
  2⤵
  PID:13496
- C:\Windows\System\xMztBBO.exe
  C:\Windows\System\xMztBBO.exe
  2⤵
  PID:13524
- C:\Windows\System\OYOqiWk.exe
  C:\Windows\System\OYOqiWk.exe
  2⤵
  PID:13552
- C:\Windows\System\ipFdpuZ.exe
  C:\Windows\System\ipFdpuZ.exe
  2⤵
  PID:13580
- C:\Windows\System\bQPXwkw.exe
  C:\Windows\System\bQPXwkw.exe
  2⤵
  PID:13608
- C:\Windows\System\FBGsmGP.exe
  C:\Windows\System\FBGsmGP.exe
  2⤵
  PID:13636
- C:\Windows\System\jdoIPvI.exe
  C:\Windows\System\jdoIPvI.exe
  2⤵
  PID:13664
- C:\Windows\System\RQvhOxb.exe
  C:\Windows\System\RQvhOxb.exe
  2⤵
  PID:13692
- C:\Windows\System\zxuKRqu.exe
  C:\Windows\System\zxuKRqu.exe
  2⤵
  PID:13720
- C:\Windows\System\rZscuMz.exe
  C:\Windows\System\rZscuMz.exe
  2⤵
  PID:13748
- C:\Windows\System\HJPUSLw.exe
  C:\Windows\System\HJPUSLw.exe
  2⤵
  PID:13776
- C:\Windows\System\ZKsGqmN.exe
  C:\Windows\System\ZKsGqmN.exe
  2⤵
  PID:13804
- C:\Windows\System\Ilrftme.exe
  C:\Windows\System\Ilrftme.exe
  2⤵
  PID:13840
- C:\Windows\System\ynAZQwF.exe
  C:\Windows\System\ynAZQwF.exe
  2⤵
  PID:13860
- C:\Windows\System\fFGTRtB.exe
  C:\Windows\System\fFGTRtB.exe
  2⤵
  PID:13888
- C:\Windows\System\hEjsTVM.exe
  C:\Windows\System\hEjsTVM.exe
  2⤵
  PID:13916
- C:\Windows\System\yMXSlCY.exe
  C:\Windows\System\yMXSlCY.exe
  2⤵
  PID:13944
- C:\Windows\System\nyHYwgA.exe
  C:\Windows\System\nyHYwgA.exe
  2⤵
  PID:13972
- C:\Windows\System\gCopvHw.exe
  C:\Windows\System\gCopvHw.exe
  2⤵
  PID:14000
- C:\Windows\System\ExngyZe.exe
  C:\Windows\System\ExngyZe.exe
  2⤵
  PID:14028
- C:\Windows\System\elBnwCt.exe
  C:\Windows\System\elBnwCt.exe
  2⤵
  PID:14056
- C:\Windows\System\HpNeoLu.exe
  C:\Windows\System\HpNeoLu.exe
  2⤵
  PID:14084
- C:\Windows\System\YhLiYkl.exe
  C:\Windows\System\YhLiYkl.exe
  2⤵
  PID:14112
- C:\Windows\System\LmqoOPu.exe
  C:\Windows\System\LmqoOPu.exe
  2⤵
  PID:14140
- C:\Windows\System\eyllKWO.exe
  C:\Windows\System\eyllKWO.exe
  2⤵
  PID:14168
- C:\Windows\System\GTqhuzR.exe
  C:\Windows\System\GTqhuzR.exe
  2⤵
  PID:14196
- C:\Windows\System\CTFnCJj.exe
  C:\Windows\System\CTFnCJj.exe
  2⤵
  PID:14224
- C:\Windows\System\OfjCfxV.exe
  C:\Windows\System\OfjCfxV.exe
  2⤵
  PID:14252
- C:\Windows\System\EpqOayV.exe
  C:\Windows\System\EpqOayV.exe
  2⤵
  PID:14280
- C:\Windows\System\UakZlOG.exe
  C:\Windows\System\UakZlOG.exe
  2⤵
  PID:14308
- C:\Windows\System\oPYufjo.exe
  C:\Windows\System\oPYufjo.exe
  2⤵
  PID:12892
- C:\Windows\System\bPwKcxj.exe
  C:\Windows\System\bPwKcxj.exe
  2⤵
  PID:13376
- C:\Windows\System\myNgodg.exe
  C:\Windows\System\myNgodg.exe
  2⤵
  PID:13436
- C:\Windows\System\PUFcNAa.exe
  C:\Windows\System\PUFcNAa.exe
  2⤵
  PID:13516
- C:\Windows\System\XoayVxc.exe
  C:\Windows\System\XoayVxc.exe
  2⤵
  PID:13572
- C:\Windows\System\jcMgvaL.exe
  C:\Windows\System\jcMgvaL.exe
  2⤵
  PID:13632
- C:\Windows\System\bfJcHkP.exe
  C:\Windows\System\bfJcHkP.exe
  2⤵
  PID:13704
- C:\Windows\System\bfsDRNB.exe
  C:\Windows\System\bfsDRNB.exe
  2⤵
  PID:13768
- C:\Windows\System\oxqHwfs.exe
  C:\Windows\System\oxqHwfs.exe
  2⤵
  PID:13828
- C:\Windows\System\vHWooRY.exe
  C:\Windows\System\vHWooRY.exe
  2⤵
  PID:13900
- C:\Windows\System\erwQXkZ.exe
  C:\Windows\System\erwQXkZ.exe
  2⤵
  PID:13964
- C:\Windows\System\ZFUltrN.exe
  C:\Windows\System\ZFUltrN.exe
  2⤵
  PID:14024
- C:\Windows\System\HlSVVml.exe
  C:\Windows\System\HlSVVml.exe
  2⤵
  PID:14096
- C:\Windows\System\AJFlaIs.exe
  C:\Windows\System\AJFlaIs.exe
  2⤵
  PID:14160
- C:\Windows\System\eyYcqTk.exe
  C:\Windows\System\eyYcqTk.exe
  2⤵
  PID:14220
- C:\Windows\System\TpPQlaK.exe
  C:\Windows\System\TpPQlaK.exe
  2⤵
  PID:14292
- C:\Windows\System\BvmOuro.exe
  C:\Windows\System\BvmOuro.exe
  2⤵
  PID:13352
- C:\Windows\System\sSWceRB.exe
  C:\Windows\System\sSWceRB.exe
  2⤵
  PID:4388
- C:\Windows\System\enMtWCQ.exe
  C:\Windows\System\enMtWCQ.exe
  2⤵
  PID:13488
- C:\Windows\System\iHAyTFA.exe
  C:\Windows\System\iHAyTFA.exe
  2⤵
  PID:13628
- C:\Windows\System\MZwFnOY.exe
  C:\Windows\System\MZwFnOY.exe
  2⤵
  PID:13796
- C:\Windows\System\PpLquvW.exe
  C:\Windows\System\PpLquvW.exe
  2⤵
  PID:13940
- C:\Windows\System\xvxLdTG.exe
  C:\Windows\System\xvxLdTG.exe
  2⤵
  PID:14080
- C:\Windows\System\WPGdpfb.exe
  C:\Windows\System\WPGdpfb.exe
  2⤵
  PID:14248
- C:\Windows\System\YdCtasn.exe
  C:\Windows\System\YdCtasn.exe
  2⤵
  PID:1092
- C:\Windows\System\UtDAlyo.exe
  C:\Windows\System\UtDAlyo.exe
  2⤵
  PID:13620
- C:\Windows\System\GJanJfY.exe
  C:\Windows\System\GJanJfY.exe
  2⤵
  PID:14012
- C:\Windows\System\pIhfVjf.exe
  C:\Windows\System\pIhfVjf.exe
  2⤵
  PID:5612
- C:\Windows\System\aTETvqE.exe
  C:\Windows\System\aTETvqE.exe
  2⤵
  PID:13428
- C:\Windows\System\GhZVxiB.exe
  C:\Windows\System\GhZVxiB.exe
  2⤵
  PID:14152
- C:\Windows\System\wvkBfsI.exe
  C:\Windows\System\wvkBfsI.exe
  2⤵
  PID:14208
- C:\Windows\System\fdBTxPd.exe
  C:\Windows\System\fdBTxPd.exe
  2⤵
  PID:5164
- C:\Windows\System\TRlhzWj.exe
  C:\Windows\System\TRlhzWj.exe
  2⤵
  PID:13928
- C:\Windows\System\OXxAZCC.exe
  C:\Windows\System\OXxAZCC.exe
  2⤵
  PID:14364
- C:\Windows\System\iFeqmjI.exe
  C:\Windows\System\iFeqmjI.exe
  2⤵
  PID:14392
- C:\Windows\System\PEedQVr.exe
  C:\Windows\System\PEedQVr.exe
  2⤵
  PID:14420
- C:\Windows\System\knvgsFV.exe
  C:\Windows\System\knvgsFV.exe
  2⤵
  PID:14448
- C:\Windows\System\mXVzypo.exe
  C:\Windows\System\mXVzypo.exe
  2⤵
  PID:14476
- C:\Windows\System\TERHXIF.exe
  C:\Windows\System\TERHXIF.exe
  2⤵
  PID:14504
- C:\Windows\System\WXxVYfa.exe
  C:\Windows\System\WXxVYfa.exe
  2⤵
  PID:14532
- C:\Windows\System\cMMmtuh.exe
  C:\Windows\System\cMMmtuh.exe
  2⤵
  PID:14560
- C:\Windows\System\lmHhLOK.exe
  C:\Windows\System\lmHhLOK.exe
  2⤵
  PID:14588
- C:\Windows\System\EbaZOsB.exe
  C:\Windows\System\EbaZOsB.exe
  2⤵
  PID:14616
- C:\Windows\System\HXIwEZR.exe
  C:\Windows\System\HXIwEZR.exe
  2⤵
  PID:14644
- C:\Windows\System\cjCqQyr.exe
  C:\Windows\System\cjCqQyr.exe
  2⤵
  PID:14672
- C:\Windows\System\HMocaLt.exe
  C:\Windows\System\HMocaLt.exe
  2⤵
  PID:14708
- C:\Windows\System\DIxTeKH.exe
  C:\Windows\System\DIxTeKH.exe
  2⤵
  PID:14728
- C:\Windows\System\YSWzCKQ.exe
  C:\Windows\System\YSWzCKQ.exe
  2⤵
  PID:14756
- C:\Windows\System\KLITfxR.exe
  C:\Windows\System\KLITfxR.exe
  2⤵
  PID:14784
- C:\Windows\System\KxVJIXy.exe
  C:\Windows\System\KxVJIXy.exe
  2⤵
  PID:14812
- C:\Windows\System\YaAOZtQ.exe
  C:\Windows\System\YaAOZtQ.exe
  2⤵
  PID:14840
- C:\Windows\System\iSPOfoS.exe
  C:\Windows\System\iSPOfoS.exe
  2⤵
  PID:14868
- C:\Windows\System\RkvztgL.exe
  C:\Windows\System\RkvztgL.exe
  2⤵
  PID:14904
- C:\Windows\System\RXrSrPT.exe
  C:\Windows\System\RXrSrPT.exe
  2⤵
  PID:14944
- C:\Windows\System\aBpDoKg.exe
  C:\Windows\System\aBpDoKg.exe
  2⤵
  PID:14984
- C:\Windows\System\yaAvTla.exe
  C:\Windows\System\yaAvTla.exe
  2⤵
  PID:15024
- C:\Windows\System\VqgmtOf.exe
  C:\Windows\System\VqgmtOf.exe
  2⤵
  PID:15064
- C:\Windows\System\aMyIaGV.exe
  C:\Windows\System\aMyIaGV.exe
  2⤵
  PID:15104
- C:\Windows\System\cNBpZIl.exe
  C:\Windows\System\cNBpZIl.exe
  2⤵
  PID:15144
- C:\Windows\System\OjUclQh.exe
  C:\Windows\System\OjUclQh.exe
  2⤵
  PID:15180
- C:\Windows\System\UJnmfPh.exe
  C:\Windows\System\UJnmfPh.exe
  2⤵
  PID:15208
- C:\Windows\System\gozzyzJ.exe
  C:\Windows\System\gozzyzJ.exe
  2⤵
  PID:15236
- C:\Windows\System\xQxjmxe.exe
  C:\Windows\System\xQxjmxe.exe
  2⤵
  PID:15264
- C:\Windows\System\aFEKHGv.exe
  C:\Windows\System\aFEKHGv.exe
  2⤵
  PID:15280
- C:\Windows\System\oHxIpCK.exe
  C:\Windows\System\oHxIpCK.exe
  2⤵
  PID:15332
- C:\Windows\System\hMZLLok.exe
  C:\Windows\System\hMZLLok.exe
  2⤵
  PID:15348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AoEPCLk.exe

Filesize
6.1MB

MD5
b6fc6bfc52daae9a7b31d23acdcab0de

SHA1
4cff0c659eab3e546d9b9db18c68bbec89409d81

SHA256
70b8124eb0ea8e484c459a1fa89005b1d716860cf1e92337650d94f9b41a9fb2

SHA512
56993c979553d8ef77b32fabe853b688c1eb92eb1b8a6eb593af58e81f3befa8ff9263e8b9c43676844b4b256ed04a197aa70618c4195da90ed412b5bc917309

Download Submit
C:\Windows\System\BgSORFV.exe

Filesize
6.1MB

MD5
5135bf28c8fc85675fa6047565ca75ca

SHA1
3cdbb573de5f2f999bd9a010db6509831db5507b

SHA256
61945c5ce60f4916d8c8bba3565f55c96ff6a1e1fb4aeb912117a4e5d8a03717

SHA512
9df30043e70086639db5f1ba0ee793f2927899d31da5a30ec792879c0b2600a0b29997d4675ae9865d0fc845a51aa52996bba3a57c8a7545daadd7a60166d64e

Download Submit
C:\Windows\System\EwqcSyz.exe

Filesize
6.1MB

MD5
1d62fe187e69434780849c5a69aff8f3

SHA1
7093b32d14063eb2a62990de818763358bd2441a

SHA256
b0a6f5149a2ca80572f8c9b1edc225b072442bc42541767254a26038add0e97e

SHA512
24078572e89c81558412bb872e99f9cb46b46c74d28f25adf779160d8b7507effbfa0af21bbfa62c821a9548100f7e44074407e5be30485fbac2428a937dc288

Download Submit
C:\Windows\System\GNaQTNc.exe

Filesize
6.1MB

MD5
a2bb84670dbaaeed20e00cd3bc579068

SHA1
781f324b2d8ecaf34653f375cedd8b3621121711

SHA256
5f7ff9b6a972f148fba33cd72a720410a50b43063b59a4b37773f09e4faeaf69

SHA512
2d912998ce4d3a8a3d1754162050b6c89e9fc8af1e3f939ad8e5306ba0d5b5cf84078af958c492eb6df2942bb084dc86ebb6089c75fc5d2ec7281e41f2eea282

Download Submit
C:\Windows\System\IPJSBfC.exe

Filesize
6.1MB

MD5
6097ab142e81fd977208c6c308ca46b6

SHA1
364e31e90fc40abaf5c9c27225639594d3f27426

SHA256
3d6cc7066279b8940d6fc3a9c25d400a43ed734edf27e8769bd0ced774a1f1c3

SHA512
28f8163c2435ca55a381ffd17b3c20ca18e8882d319d919f4482cc6ef0506cdf68a83da547545ec433459a6dd10d86801d5032b20f55dd31d8ff69741da137df

Download Submit
C:\Windows\System\NNhiuof.exe

Filesize
6.1MB

MD5
02d94b4e6d50c19c095888f56c4822f9

SHA1
76c15de6f5f4d279508d5a652b97273809292529

SHA256
e1d77f6a4855675eea7ab50e3173707eec1f606c4f04aebab4c4f8a1ade8ba65

SHA512
be2b8b59569653e71b97d9c7f79067e4248ea1447a130803b0ca6a9ec0438f523725462f639c6ed8cd06a26a483ce9ac27a63a2079b9e6ce0eccdf07acf05078

Download Submit
C:\Windows\System\NbLFrDq.exe

Filesize
6.1MB

MD5
0af74f5d88ba95746e1b9a6b160595ed

SHA1
cf30b214b1e24808400860477e1ad761d9334a7e

SHA256
3884344a4d47a0387bd7906f8a84a6d52c04e745d27d3d2056ef9b9ff96ef8d8

SHA512
fed66a500f0f87ee5d36391ad04a1d6797e7d5a88ca5495784d1f9af5eca0231262cea5f1722d3f0e8084d9a5223583e3a2e757a5fb7ac8b841a85da3dac323c

Download Submit
C:\Windows\System\OZtjhxg.exe

Filesize
6.1MB

MD5
ec26bfbc638b4c31c13a4f0af5da722f

SHA1
b07e2d5e682ac71ae80dd3c972a806699e1fdf62

SHA256
beb2fc561402b5515c2114a5c385cdb84ab2f945986fb26c347de0e7cfb25b0d

SHA512
a605bb01a32734779cb5844fcfc4f60d1054786ab336004423dd45c99a604f9da0a83cf897f3e876469f80f5d3fb79128c8582b8b26ddc4df4c7a766373ba7f0

Download Submit
C:\Windows\System\SSrjdoS.exe

Filesize
6.1MB

MD5
1c44ffd5699de2eae61b97bb6ed17d46

SHA1
dc3416fdf2d6c3309facf698ab87ed66fa098f13

SHA256
96d660836afb48b3b2fdac2936ba5b13ac226d639ff168a842584edf72644f8f

SHA512
9e880e5e5008cd3571c01aa6b23db1b35e63e7466a5dbb570d43ca7ca485893828769c9d2ea5ca2f456de7bd791ff3384e31060582e5f5333a7e21e41d3520af

Download Submit
C:\Windows\System\SoEXXsm.exe

Filesize
6.1MB

MD5
b89adf93e78f6819fe4709551990735b

SHA1
b3e4646b30cc315b8cdc3b0177b1e3c0f1eab13c

SHA256
c401aa2ab9f050ffc457dc000756f2270b2622d94d114c605883f5ab0fe88d25

SHA512
c26a1ac6e631e94a04394f7765eb070fe5d663ba921bfd1bf5ede80926bed2ff6f1e5df89b00286f4fb49d52f071c5d77c4c71935f41661ab84101eac72dd82c

Download Submit
C:\Windows\System\UmQKYzL.exe

Filesize
6.1MB

MD5
3a176e144297e618446404b82413f446

SHA1
f2d6e8a88a6e6a17e263f17e6c69f8096c6adb6a

SHA256
e57e778040f3c580a70051424dc1cdd5db91c8db814a0be65b41659698081e0d

SHA512
cec40f037ff7aec2da91983418b31df5ab69aa104a2d39ebc4cb495c761ff8de87d1aee6d090fb4da693925184be3f08132de030dc9d6c1b3a8492ea5a64f5fe

Download Submit
C:\Windows\System\VdnSgVt.exe

Filesize
6.1MB

MD5
12c80d35288115ef556d00a42480d13a

SHA1
99295419659c349d9455097dcc78ab4a50bd6a34

SHA256
b9da02d4388248c5a605cb789bcc4533945251f36b480c269bc342d6fb04e9b6

SHA512
7b003bd20634ce40dc59796f4fe5524f581cfc828555f9690d3fe554a4bf1b6aa2d89a470df8d8b35f5158284bde6e7b0418f1320e8eae2042c40a261fdc3e3c

Download Submit
C:\Windows\System\cVnkjTt.exe

Filesize
6.1MB

MD5
5bb0fc5a59a47e99aba8cc729f12a7ac

SHA1
d6d6165dee814f437df27555350d83f79572bd87

SHA256
572625b2105115dc29363a03799a250669a68dbfff26693a727cd41943f7c17a

SHA512
3b8ee7f0fed4d385de3332d9735de2e57b81c755ab8fa51bb2e1464b2192a4865c50fa9d1d6d513f2509a917643a7f3b01dd241fe7eb13679b2b2bdc4959f7c6

Download Submit
C:\Windows\System\eBCRYeD.exe

Filesize
6.1MB

MD5
3cca7637ec848e49b9703047aeaf4e8c

SHA1
f887dd0c2f40ef48593c91316e7de911eec7a8b5

SHA256
a6eeef14268c21cf0f9a9c1626f23e94928a95f1c2e29088a2b8b8ca47a57d8e

SHA512
cff9d10c6a506d11094a48e48472d447f45a8b2f3ebc2e126fc0073a3248b13c27175307397321615e603b417e16ba5da67f58d87b420d37334b103da0a4bd1b

Download Submit
C:\Windows\System\gWybYKx.exe

Filesize
6.1MB

MD5
f7e6df804de39edccd0c423b6c74141a

SHA1
0f5e228634c4a7f9c4ad4f02340895ee764b26cb

SHA256
e2657e81892ceecb246e3126e77e1addcf0ba439eaedc11066b35d4b89503370

SHA512
f62004af4caa57c71b9640fa731cee502585586dc17641ca70e58d0c6a49f06428eab9d9f71a1911ca52a9ae7c5329acf35f2af10d5afab17b5dbc44f1f22998

Download Submit
C:\Windows\System\hzdAimE.exe

Filesize
6.1MB

MD5
d518a4409db39cce6e2f7362ba3e5bd2

SHA1
36730a8dab713789a3f7649f6614bf57e5a5a1f4

SHA256
a128aac924b78f40d7eb8d05993060c9f23475926c0f3efe1e12a729c3cc6f3b

SHA512
01cb1cad13a9f8952c41ca71bdbe87a7e2f4f591295b065ca24be5f3fcf2e887f50c3906d55972b388372adb84ef1c426322f475246474cce65174ce5ddf1131

Download Submit
C:\Windows\System\jkDRiam.exe

Filesize
6.1MB

MD5
a5d9fabd25c719b0267b8eccec848e60

SHA1
fec44d0fe807812d069fe38c1879fdee933878dc

SHA256
7389531f66121515893dd9a9fdc12bd8cee766451c007691eb439f5633ec1099

SHA512
912ba8f73837ac59a6e9f4c0f8fbcad521a73261f3a4bf2cb12b873e279382e7696c30e363934b8c1644a5e9b568c25baca7c5f72236d8aea56704a89fff379b

Download Submit
C:\Windows\System\lsPQUQP.exe

Filesize
6.1MB

MD5
f56b9ddfc3a8462315b807fc151abbaf

SHA1
84126c5255dcb08e79b478dcf0b04b290dd83e6e

SHA256
85b131cfa57228c55abee23f12b92c74f1ccb75bf2f47805d42f2c4baf2f1937

SHA512
efbcabf75706660bcae92c93585e54c640f4db5d207a57ceed4ae960afe66256ee8d9f64b2139fadc9fe458c5980608ced829666012549821f4d727580ef1b3f

Download Submit
C:\Windows\System\mOXCTMC.exe

Filesize
6.1MB

MD5
07848d0250b9d6fa2aea148157ab5c25

SHA1
e03a11ec2dcb0903f0f5c0d1f639c917d584b278

SHA256
233e06e33a84377afd50e681d1a06eabbfb55008e5edeaff2b1dc153b91f270b

SHA512
95a203036cf94134ecd5c0fa377026839d333b7cf2c005ce98cd7686bba4dd0d565341939babb19a96b793cba77461c03cee3897a6d2aa83ed6d2ad0ac9e23ec

Download Submit
C:\Windows\System\maBpqzb.exe

Filesize
6.1MB

MD5
13884e5d427f60cf9c4bb76bca7192c3

SHA1
a2fcf9195d7e5c6fc7b776da5e7efb85cac08174

SHA256
cab1f388c13b5700ec71560d2e1e59b61043b19ff8d181413fcda6fbb9b91c84

SHA512
3cff7043803c52e930ed344588b19b9aa3ed37ca9f192e08602f41b544c02536e057c7ec912daff179cec04a51772af802dd44c476e6f63716211f6607afb198

Download Submit
C:\Windows\System\pGcjJQy.exe

Filesize
6.1MB

MD5
4897ee293d11c7a2701d3828fc11ea8a

SHA1
af859164b60bdf1ff25777c4b222d48a57d39bc9

SHA256
883e83f430f95ddcab2c939562ba340c26492b7aec171caf241575bb8a52707a

SHA512
29375135e39eda77e68aba0632e5185a7827b007657957642745f4c3f01be3c10cb786ce1d53123b1b676301866711d34a4ae45bbb1ffcd871397ca4060a04a5

Download Submit
C:\Windows\System\qCJWiXo.exe

Filesize
6.1MB

MD5
1c035ad2d24c1b238760438e303d0c18

SHA1
f6196d806ee702f77fcca4efa5d42110bfcfe68e

SHA256
a073d9135af773faee641f74fc65f250dd6b0d4876a3c85d176455fe56f5ed31

SHA512
f75a6ed88cbaf44e94bdc4e0c677644a3c4b724ee5195a046137fc72be05155644c6eb1db92def4790d425c79b085fa5b4e5563300e484ec8f14989e34fcfc56

Download Submit
C:\Windows\System\qfsiliT.exe

Filesize
6.1MB

MD5
d42cd1b0537304379f0cadb4b5593eb1

SHA1
b988d920418fcdca287096faee773231324dab3a

SHA256
00fb3a42a8c9655c29beaf6f3585855a721543c0aea60cf95630420dba3aab25

SHA512
7485442a6c5e0725e1f62d8066ea6c2e3ecdecf50e22057237b5910bf70fcd4cd9e6b2477fbb410aecebccc4a2e0ca157ba8af24b0516fd4d4c6c4f555cfc158

Download Submit
C:\Windows\System\tuNCQes.exe

Filesize
6.1MB

MD5
6b5ed02ffb5fe29e2270d5c2034d6982

SHA1
f4453558519b38ff65c3dc77841e3a91b3eaf3b6

SHA256
02e945d26be0c16d883f5f997156925900f39ffb1c240130b58dc99f308b48d1

SHA512
ae64c1b5472f40fcf66b7c42070f502d536f754b8475a016160b65f0eebc640becdba8d48f4c5102e0d9f4c37b998eabb51fe1a31af6c241239e60542e645f23

Download Submit
C:\Windows\System\vchqMwH.exe

Filesize
6.1MB

MD5
a510528107aa70572ea2f8cf79fba1bd

SHA1
cb2475b5fbefe163089fdde6057b7604334e9610

SHA256
55b8cd33980393a5d108069c636271fb95d877b8c6b6bf43b71dde1c6a6cdbb4

SHA512
0dcc7320a184711bf2f70767a44930d434420cbcfe09bb8946a35ca289a320f93782beb26cc0ff46a87d97cea441181f61bff08bade1d9f6bbfdd14bd78520a8

Download Submit
C:\Windows\System\vxEPGCr.exe

Filesize
6.1MB

MD5
8d031ae9a729ab11595ee9870cba4fae

SHA1
ecbc6af2feabc65da444a0d5f8465b66f335b376

SHA256
2cbed7a480b74078941c1b659cc01c3f6bfbb8be007c5e238c4f664121521843

SHA512
cae8bc2d21fe0c62fb07a221ef07a443b16cdc6143678c12c1fab49e77c09cd3184d5636411fe02a0cff9e3dc3cc6758a93d066b8496e3e1e2784566cf032e32

Download Submit
C:\Windows\System\wLEeJZL.exe

Filesize
6.1MB

MD5
50f2865274a41400df5843867cca6d46

SHA1
bb480628095f0df73c5c5a8d966773255c717ee3

SHA256
84c10f223be3d87bc6d94475440e48765d02934deabecefc71eee7f6b9b890ad

SHA512
c6c0a3ab96347a96d177a8c3ccfabaf08f901f5f179b0e6bee9101651d769de8dbbcc9813d54c0a16fdb1a589a4126c58e74204ed5ca1b88ba754f69e9b1b520

Download Submit
C:\Windows\System\wYvyjdj.exe

Filesize
6.1MB

MD5
eb1f8120c3919a13a7d64906441a0433

SHA1
6d1f7d5da76cf1146554617ddf81aa3dca2daf6d

SHA256
093d8ac0635e3f1c8e129dd241cfc7174f8f06cf7827a906dbdb79284e6c8bb5

SHA512
0317d9d8722e2789fb722810d5a9a5c1a226d224ff78c5a93cff21b1b631975f2ab24fed2438e84236fc1ba2fc291cf7db65738e166b0be912a5da3be966662f

Download Submit
C:\Windows\System\xylheNT.exe

Filesize
6.1MB

MD5
a5a8f521c7293a2e9f65b49cc6c40b14

SHA1
c424354f50f1220c777c4757e376d0874de4b7f4

SHA256
36964829e63e998638b40af35a3f28d5a151ad319728ed9c7d8ba53037a9c5f7

SHA512
9725bd3a217a0eed3bdf85b3660208c308c7f74d2267620f1f059caf4f31b4e717dde00068ba162e08c20e89e3774d17388d7f3fcf81dd8abb611f8c4201e42d

Download Submit
C:\Windows\System\yUCrBtu.exe

Filesize
6.1MB

MD5
3bc9394a6aa0d8f353fdf78c009c0b03

SHA1
3f91015a92881273275c2e8774536b085edbd9bc

SHA256
81a837ac9ba6f6dd8f69f6b670a084ece245a092f5eea76a786d61b46976c535

SHA512
da12b3ecea7f16cb4bc99a81366debf12fc1a7773d72122ea51b30e8ef2b4124ba08af744e519572674fbd75614c87f9fce3561b07b79d9ca5f7ec53f8cddafc

Download Submit
C:\Windows\System\ywfstcv.exe

Filesize
6.1MB

MD5
5bc1a948ef906afef440fb4508dab199

SHA1
dae9d836f840a1bba2cfe4cd8e9e8b385b814326

SHA256
b09d47abb675babcb1730afd5507ab7998e154ad82b950fa0e98d82fd9a92727

SHA512
7fb45859524c1b231a57eb87fc58f6c3f16872caf0b9aa2b579b79a24b59812a11b7d0264e9b5cdd53ebfb388bdf795fff5f938a937cbec9aee6caa937a56412

Download Submit
C:\Windows\System\zoPLNui.exe

Filesize
6.1MB

MD5
395b69ec6419c25f3c0ba0ae667af234

SHA1
947af612626215804723ac3c50f9c30cd888b58a

SHA256
10dd8c3c4187399b06d8a5262813e58d9e8a1347f27eb4c0de643c9b202eeb43

SHA512
9b614f6b1db1db682c7b1463a19aba6b8d7b93dab87206a31be7cafdda40e99677a9876b981bfac43a9dd8b5927ca7b1f3110e6c1660c2a219c0cf9d4b7d89f8

Download Submit
memory/852-2261-0x00007FF7D7460000-0x00007FF7D77B4000-memory.dmp

Filesize
3.3MB

Download
memory/852-131-0x00007FF7D7460000-0x00007FF7D77B4000-memory.dmp

Filesize
3.3MB

Download
memory/944-124-0x00007FF7F4F90000-0x00007FF7F52E4000-memory.dmp

Filesize
3.3MB

Download
memory/944-2260-0x00007FF7F4F90000-0x00007FF7F52E4000-memory.dmp

Filesize
3.3MB

Download
memory/972-2253-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp

Filesize
3.3MB

Download
memory/972-130-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp

Filesize
3.3MB

Download
memory/972-68-0x00007FF634D60000-0x00007FF6350B4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2182-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-94-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp

Filesize
3.3MB

Download
memory/1028-24-0x00007FF795D80000-0x00007FF7960D4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-197-0x00007FF681450000-0x00007FF6817A4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-138-0x00007FF681450000-0x00007FF6817A4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2263-0x00007FF681450000-0x00007FF6817A4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-18-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1288-88-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2181-0x00007FF77CBD0000-0x00007FF77CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-184-0x00007FF7C09D0000-0x00007FF7C0D24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-2262-0x00007FF7C09D0000-0x00007FF7C0D24000-memory.dmp

Filesize
3.3MB

Download
memory/1648-125-0x00007FF7C09D0000-0x00007FF7C0D24000-memory.dmp

Filesize
3.3MB

Download
memory/2508-60-0x00007FF644550000-0x00007FF6448A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2250-0x00007FF644550000-0x00007FF6448A4000-memory.dmp

Filesize
3.3MB

Download
memory/3256-2270-0x00007FF676820000-0x00007FF676B74000-memory.dmp

Filesize
3.3MB

Download
memory/3256-188-0x00007FF676820000-0x00007FF676B74000-memory.dmp

Filesize
3.3MB

Download
memory/3336-110-0x00007FF613CB0000-0x00007FF614004000-memory.dmp

Filesize
3.3MB

Download
memory/3336-49-0x00007FF613CB0000-0x00007FF614004000-memory.dmp

Filesize
3.3MB

Download
memory/3476-164-0x00007FF669340000-0x00007FF669694000-memory.dmp

Filesize
3.3MB

Download
memory/3476-487-0x00007FF669340000-0x00007FF669694000-memory.dmp

Filesize
3.3MB

Download
memory/3476-2267-0x00007FF669340000-0x00007FF669694000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2251-0x00007FF7BA8B0000-0x00007FF7BAC04000-memory.dmp

Filesize
3.3MB

Download
memory/3588-61-0x00007FF7BA8B0000-0x00007FF7BAC04000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2265-0x00007FF766B10000-0x00007FF766E64000-memory.dmp

Filesize
3.3MB

Download
memory/3592-285-0x00007FF766B10000-0x00007FF766E64000-memory.dmp

Filesize
3.3MB

Download
memory/3592-153-0x00007FF766B10000-0x00007FF766E64000-memory.dmp

Filesize
3.3MB

Download
memory/3992-0-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-73-0x00007FF6776A0000-0x00007FF6779F4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1-0x00000118C06F0000-0x00000118C0700000-memory.dmp

Filesize
64KB

Download
memory/4220-79-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp

Filesize
3.3MB

Download
memory/4220-6-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2177-0x00007FF7EBD10000-0x00007FF7EC064000-memory.dmp

Filesize
3.3MB

Download
memory/4304-167-0x00007FF666E40000-0x00007FF667194000-memory.dmp

Filesize
3.3MB

Download
memory/4304-553-0x00007FF666E40000-0x00007FF667194000-memory.dmp

Filesize
3.3MB

Download
memory/4304-2268-0x00007FF666E40000-0x00007FF667194000-memory.dmp

Filesize
3.3MB

Download
memory/4440-64-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2252-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp

Filesize
3.3MB

Download
memory/4440-123-0x00007FF76EEC0000-0x00007FF76F214000-memory.dmp

Filesize
3.3MB

Download
memory/4528-757-0x00007FF6554A0000-0x00007FF6557F4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-189-0x00007FF6554A0000-0x00007FF6557F4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2271-0x00007FF6554A0000-0x00007FF6557F4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2256-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-89-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-160-0x00007FF7CFC80000-0x00007FF7CFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-198-0x00007FF7B3270000-0x00007FF7B35C4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-139-0x00007FF7B3270000-0x00007FF7B35C4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2264-0x00007FF7B3270000-0x00007FF7B35C4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-166-0x00007FF61B090000-0x00007FF61B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-101-0x00007FF61B090000-0x00007FF61B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2258-0x00007FF61B090000-0x00007FF61B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-74-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-140-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-2254-0x00007FF727E50000-0x00007FF7281A4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2255-0x00007FF691B20000-0x00007FF691E74000-memory.dmp

Filesize
3.3MB

Download
memory/4944-141-0x00007FF691B20000-0x00007FF691E74000-memory.dmp

Filesize
3.3MB

Download
memory/4944-80-0x00007FF691B20000-0x00007FF691E74000-memory.dmp

Filesize
3.3MB

Download
memory/5008-95-0x00007FF6581C0000-0x00007FF658514000-memory.dmp

Filesize
3.3MB

Download
memory/5008-162-0x00007FF6581C0000-0x00007FF658514000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2257-0x00007FF6581C0000-0x00007FF658514000-memory.dmp

Filesize
3.3MB

Download
memory/5104-65-0x00007FF7F4B50000-0x00007FF7F4EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5188-31-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp

Filesize
3.3MB

Download
memory/5188-107-0x00007FF68A850000-0x00007FF68ABA4000-memory.dmp

Filesize
3.3MB

Download
memory/5220-2178-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/5220-83-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/5220-14-0x00007FF68EDA0000-0x00007FF68F0F4000-memory.dmp

Filesize
3.3MB

Download
memory/5256-619-0x00007FF7AA240000-0x00007FF7AA594000-memory.dmp

Filesize
3.3MB

Download
memory/5256-176-0x00007FF7AA240000-0x00007FF7AA594000-memory.dmp

Filesize
3.3MB

Download
memory/5256-2269-0x00007FF7AA240000-0x00007FF7AA594000-memory.dmp

Filesize
3.3MB

Download
memory/5360-116-0x00007FF6C56E0000-0x00007FF6C5A34000-memory.dmp

Filesize
3.3MB

Download
memory/5360-2259-0x00007FF6C56E0000-0x00007FF6C5A34000-memory.dmp

Filesize
3.3MB

Download
memory/6000-2266-0x00007FF737700000-0x00007FF737A54000-memory.dmp

Filesize
3.3MB

Download
memory/6000-284-0x00007FF737700000-0x00007FF737A54000-memory.dmp

Filesize
3.3MB

Download
memory/6000-152-0x00007FF737700000-0x00007FF737A54000-memory.dmp

Filesize
3.3MB

Download