cobaltstrike | 77fa8033b96b19d43cc1b578663fb02b62111b5dd4411045fef6ea16cf249c48

Analysis

max time kernel
104s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.0MB
MD5

e0e0e6f6fc5c739c0fb7fe5d7f563c80
SHA1

1b1e93dd42dc714aa16554721067ea159e46a60a
SHA256

77fa8033b96b19d43cc1b578663fb02b62111b5dd4411045fef6ea16cf249c48
SHA512

bc5798a97f1498832c5862b2df4c4257147af40940c62478d198d9f2ef7870c08a3b9b16cafc1a42ce16f7833740cff18458de827a741c18af8b941829a2b33a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000241cd-5.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241e7-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241d5-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241ee-24.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241ef-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241f0-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241f1-44.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241f2-55.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000241ce-49.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000024207-59.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000024004-70.dat	cobalt_reflective_dll
behavioral1/files/0x000c00000002402f-72.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002421f-94.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002421e-89.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000024097-83.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024220-99.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000024032-106.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000002420e-115.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000024212-121.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000024223-125.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024225-133.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024226-142.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024227-145.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024228-152.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024232-170.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024231-165.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024233-176.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024234-184.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024236-187.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024237-196.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024239-206.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024238-201.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5824-0-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp	xmrig
behavioral1/files/0x00090000000241cd-5.dat	xmrig
behavioral1/memory/3020-10-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000241e7-9.dat	xmrig
behavioral1/files/0x00080000000241d5-11.dat	xmrig
behavioral1/memory/5304-12-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp	xmrig
behavioral1/files/0x00080000000241ee-24.dat	xmrig
behavioral1/files/0x00080000000241ef-28.dat	xmrig
behavioral1/files/0x00080000000241f0-36.dat	xmrig
behavioral1/memory/2828-40-0x00007FF762A30000-0x00007FF762D84000-memory.dmp	xmrig
behavioral1/files/0x00080000000241f1-44.dat	xmrig
behavioral1/memory/4668-53-0x00007FF600340000-0x00007FF600694000-memory.dmp	xmrig
behavioral1/files/0x00080000000241f2-55.dat	xmrig
behavioral1/memory/4684-54-0x00007FF770010000-0x00007FF770364000-memory.dmp	xmrig
behavioral1/files/0x00090000000241ce-49.dat	xmrig
behavioral1/memory/644-45-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp	xmrig
behavioral1/memory/5772-35-0x00007FF6D6AE0000-0x00007FF6D6E34000-memory.dmp	xmrig
behavioral1/memory/5236-32-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp	xmrig
behavioral1/memory/3512-33-0x00007FF7022C0000-0x00007FF702614000-memory.dmp	xmrig
behavioral1/files/0x000b000000024207-59.dat	xmrig
behavioral1/files/0x000c000000024004-70.dat	xmrig
behavioral1/files/0x000c00000002402f-72.dat	xmrig
behavioral1/memory/5824-66-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp	xmrig
behavioral1/memory/4784-63-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	xmrig
behavioral1/memory/5460-74-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp	xmrig
behavioral1/memory/2272-76-0x00007FF624DE0000-0x00007FF625134000-memory.dmp	xmrig
behavioral1/memory/3020-75-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp	xmrig
behavioral1/memory/5304-80-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp	xmrig
behavioral1/memory/3496-82-0x00007FF766A00000-0x00007FF766D54000-memory.dmp	xmrig
behavioral1/memory/6036-96-0x00007FF699030000-0x00007FF699384000-memory.dmp	xmrig
behavioral1/files/0x000800000002421f-94.dat	xmrig
behavioral1/files/0x000800000002421e-89.dat	xmrig
behavioral1/memory/5004-88-0x00007FF648940000-0x00007FF648C94000-memory.dmp	xmrig
behavioral1/files/0x000d000000024097-83.dat	xmrig
behavioral1/memory/5236-81-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp	xmrig
behavioral1/files/0x0008000000024220-99.dat	xmrig
behavioral1/files/0x000d000000024032-106.dat	xmrig
behavioral1/files/0x000a00000002420e-115.dat	xmrig
behavioral1/memory/4684-114-0x00007FF770010000-0x00007FF770364000-memory.dmp	xmrig
behavioral1/memory/908-108-0x00007FF63DE50000-0x00007FF63E1A4000-memory.dmp	xmrig
behavioral1/memory/644-107-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp	xmrig
behavioral1/memory/4668-100-0x00007FF600340000-0x00007FF600694000-memory.dmp	xmrig
behavioral1/memory/728-102-0x00007FF7535B0000-0x00007FF753904000-memory.dmp	xmrig
behavioral1/memory/5520-117-0x00007FF7B0640000-0x00007FF7B0994000-memory.dmp	xmrig
behavioral1/memory/2316-123-0x00007FF700720000-0x00007FF700A74000-memory.dmp	xmrig
behavioral1/files/0x0009000000024212-121.dat	xmrig
behavioral1/memory/5460-128-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp	xmrig
behavioral1/files/0x0009000000024223-125.dat	xmrig
behavioral1/memory/4784-127-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	xmrig
behavioral1/memory/6092-129-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000024225-133.dat	xmrig
behavioral1/memory/5652-135-0x00007FF792A20000-0x00007FF792D74000-memory.dmp	xmrig
behavioral1/files/0x0008000000024226-142.dat	xmrig
behavioral1/memory/5088-141-0x00007FF7E96D0000-0x00007FF7E9A24000-memory.dmp	xmrig
behavioral1/files/0x0008000000024227-145.dat	xmrig
behavioral1/memory/5808-151-0x00007FF7EA150000-0x00007FF7EA4A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000024228-152.dat	xmrig
behavioral1/memory/5712-160-0x00007FF67E930000-0x00007FF67EC84000-memory.dmp	xmrig
behavioral1/memory/728-168-0x00007FF7535B0000-0x00007FF753904000-memory.dmp	xmrig
behavioral1/files/0x0007000000024232-170.dat	xmrig
behavioral1/memory/6040-169-0x00007FF7C77A0000-0x00007FF7C7AF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024231-165.dat	xmrig
behavioral1/memory/4180-164-0x00007FF69BA80000-0x00007FF69BDD4000-memory.dmp	xmrig
behavioral1/memory/6036-161-0x00007FF699030000-0x00007FF699384000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3020	eVEFlAz.exe
5304	oxwExIU.exe
5236	NabaPuR.exe
5772	ewbpOOt.exe
3512	DMdDWrC.exe
2828	hqXIcty.exe
644	YuipzlV.exe
4668	bJubmpa.exe
4684	BkKicVc.exe
4784	kOKIine.exe
5460	DFKbKeT.exe
2272	feDKUWl.exe
3496	PzBfcBz.exe
5004	HunIbCZ.exe
6036	MQuwXXD.exe
728	HyOTpGk.exe
908	GlJrbSO.exe
5520	IgcdoMz.exe
2316	ndMPARK.exe
6092	ngplyWE.exe
5652	XQdRnwH.exe
5088	sitNzjI.exe
5808	ruunBrO.exe
5712	DuQzKGn.exe
4180	BecbzlD.exe
6040	ZradMFW.exe
5696	ZbTOoCH.exe
5260	VqEKJVM.exe
5480	oAqGOpk.exe
2476	omDJawL.exe
1008	lZnktio.exe
2424	QyEBFBE.exe
2752	lEwdEwH.exe
2172	bfTkpYa.exe
2816	QYmqcTE.exe
3220	ydTQGqo.exe
3736	BgRFeEA.exe
3640	EnPNgFT.exe
3104	mjITRxl.exe
5924	BrKRlQB.exe
4184	RWWzCEf.exe
1980	PLlPdMg.exe
6100	HetLlsw.exe
4564	bFURahg.exe
3684	NOYepfR.exe
5068	nYzgOiQ.exe
3356	oamWSjM.exe
1028	oLaLPzB.exe
2632	sPkBudA.exe
2276	cyqFubf.exe
5248	vwORsmc.exe
216	UZdIvHy.exe
1492	QVjiEGy.exe
5048	eSpJfTH.exe
3808	stZaQMl.exe
4808	BvKiCdA.exe
5804	GflQszW.exe
2116	mDuNDKl.exe
1664	FYfUrsA.exe
5532	qFOcpso.exe
5332	iyPGBrX.exe
972	guWWFqW.exe
3928	QuicFyU.exe
5392	MbWDYLa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5824-0-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp	upx
behavioral1/files/0x00090000000241cd-5.dat	upx
behavioral1/memory/3020-10-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp	upx
behavioral1/files/0x00080000000241e7-9.dat	upx
behavioral1/files/0x00080000000241d5-11.dat	upx
behavioral1/memory/5304-12-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp	upx
behavioral1/files/0x00080000000241ee-24.dat	upx
behavioral1/files/0x00080000000241ef-28.dat	upx
behavioral1/files/0x00080000000241f0-36.dat	upx
behavioral1/memory/2828-40-0x00007FF762A30000-0x00007FF762D84000-memory.dmp	upx
behavioral1/files/0x00080000000241f1-44.dat	upx
behavioral1/memory/4668-53-0x00007FF600340000-0x00007FF600694000-memory.dmp	upx
behavioral1/files/0x00080000000241f2-55.dat	upx
behavioral1/memory/4684-54-0x00007FF770010000-0x00007FF770364000-memory.dmp	upx
behavioral1/files/0x00090000000241ce-49.dat	upx
behavioral1/memory/644-45-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp	upx
behavioral1/memory/5772-35-0x00007FF6D6AE0000-0x00007FF6D6E34000-memory.dmp	upx
behavioral1/memory/5236-32-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp	upx
behavioral1/memory/3512-33-0x00007FF7022C0000-0x00007FF702614000-memory.dmp	upx
behavioral1/files/0x000b000000024207-59.dat	upx
behavioral1/files/0x000c000000024004-70.dat	upx
behavioral1/files/0x000c00000002402f-72.dat	upx
behavioral1/memory/5824-66-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp	upx
behavioral1/memory/4784-63-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	upx
behavioral1/memory/5460-74-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp	upx
behavioral1/memory/2272-76-0x00007FF624DE0000-0x00007FF625134000-memory.dmp	upx
behavioral1/memory/3020-75-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp	upx
behavioral1/memory/5304-80-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp	upx
behavioral1/memory/3496-82-0x00007FF766A00000-0x00007FF766D54000-memory.dmp	upx
behavioral1/memory/6036-96-0x00007FF699030000-0x00007FF699384000-memory.dmp	upx
behavioral1/files/0x000800000002421f-94.dat	upx
behavioral1/files/0x000800000002421e-89.dat	upx
behavioral1/memory/5004-88-0x00007FF648940000-0x00007FF648C94000-memory.dmp	upx
behavioral1/files/0x000d000000024097-83.dat	upx
behavioral1/memory/5236-81-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp	upx
behavioral1/files/0x0008000000024220-99.dat	upx
behavioral1/files/0x000d000000024032-106.dat	upx
behavioral1/files/0x000a00000002420e-115.dat	upx
behavioral1/memory/4684-114-0x00007FF770010000-0x00007FF770364000-memory.dmp	upx
behavioral1/memory/908-108-0x00007FF63DE50000-0x00007FF63E1A4000-memory.dmp	upx
behavioral1/memory/644-107-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp	upx
behavioral1/memory/4668-100-0x00007FF600340000-0x00007FF600694000-memory.dmp	upx
behavioral1/memory/728-102-0x00007FF7535B0000-0x00007FF753904000-memory.dmp	upx
behavioral1/memory/5520-117-0x00007FF7B0640000-0x00007FF7B0994000-memory.dmp	upx
behavioral1/memory/2316-123-0x00007FF700720000-0x00007FF700A74000-memory.dmp	upx
behavioral1/files/0x0009000000024212-121.dat	upx
behavioral1/memory/5460-128-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp	upx
behavioral1/files/0x0009000000024223-125.dat	upx
behavioral1/memory/4784-127-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	upx
behavioral1/memory/6092-129-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp	upx
behavioral1/files/0x0008000000024225-133.dat	upx
behavioral1/memory/5652-135-0x00007FF792A20000-0x00007FF792D74000-memory.dmp	upx
behavioral1/files/0x0008000000024226-142.dat	upx
behavioral1/memory/5088-141-0x00007FF7E96D0000-0x00007FF7E9A24000-memory.dmp	upx
behavioral1/files/0x0008000000024227-145.dat	upx
behavioral1/memory/5808-151-0x00007FF7EA150000-0x00007FF7EA4A4000-memory.dmp	upx
behavioral1/files/0x0008000000024228-152.dat	upx
behavioral1/memory/5712-160-0x00007FF67E930000-0x00007FF67EC84000-memory.dmp	upx
behavioral1/memory/728-168-0x00007FF7535B0000-0x00007FF753904000-memory.dmp	upx
behavioral1/files/0x0007000000024232-170.dat	upx
behavioral1/memory/6040-169-0x00007FF7C77A0000-0x00007FF7C7AF4000-memory.dmp	upx
behavioral1/files/0x0007000000024231-165.dat	upx
behavioral1/memory/4180-164-0x00007FF69BA80000-0x00007FF69BDD4000-memory.dmp	upx
behavioral1/memory/6036-161-0x00007FF699030000-0x00007FF699384000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UAJQwzK.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\chAldCQ.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RAfcYXa.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jkKQDHD.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UQwiNjW.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ydYmJYz.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NPbJKaj.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RKiKYPg.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fGdmJPU.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kUdZNrO.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zyUpLKg.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\pxllKBE.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tmmdbim.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tXZzssJ.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sTHcAzg.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oteCDRm.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xCrbeae.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KatUDcU.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QAyTkwi.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OdsSbBI.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GtpOpnr.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eIwRuVw.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hmWCVYM.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HTumBFI.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TcoHdSg.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TTDxiEj.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yduOSIo.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NaCMjxP.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nCjIPTu.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mWHOxeO.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rSzwlMX.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HyOTpGk.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RShvfLz.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zcoqIRU.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kvDfIeq.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DCeqfGZ.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aZBSBfT.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lVAeWGx.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BvKiCdA.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LxosUVO.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OdWPNgg.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ulidUAM.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xvAneVk.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TDnCgrl.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DwfuJeE.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jovYTBP.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RWWzCEf.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nGfhuGu.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rZlUiPY.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SgfVkXp.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eiwxrFI.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MjjUdFp.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WulslDY.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gCRNLtq.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kOKIine.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\selDypO.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NcUCKmI.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HaOsjDV.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GrNDwWo.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aAfdOpM.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xiDnTxK.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zanVzlf.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DuQzKGn.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eDCoHsl.exe	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5824 wrote to memory of 3020	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5824 wrote to memory of 3020	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5824 wrote to memory of 5304	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5824 wrote to memory of 5304	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5824 wrote to memory of 5236	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5824 wrote to memory of 5236	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5824 wrote to memory of 5772	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5824 wrote to memory of 5772	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5824 wrote to memory of 3512	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5824 wrote to memory of 3512	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5824 wrote to memory of 2828	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5824 wrote to memory of 2828	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5824 wrote to memory of 644	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5824 wrote to memory of 644	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5824 wrote to memory of 4668	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5824 wrote to memory of 4668	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5824 wrote to memory of 4684	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5824 wrote to memory of 4684	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5824 wrote to memory of 4784	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5824 wrote to memory of 4784	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5824 wrote to memory of 5460	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5824 wrote to memory of 5460	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5824 wrote to memory of 2272	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5824 wrote to memory of 2272	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5824 wrote to memory of 3496	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5824 wrote to memory of 3496	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5824 wrote to memory of 5004	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5824 wrote to memory of 5004	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5824 wrote to memory of 6036	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5824 wrote to memory of 6036	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5824 wrote to memory of 728	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5824 wrote to memory of 728	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5824 wrote to memory of 908	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5824 wrote to memory of 908	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5824 wrote to memory of 5520	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5824 wrote to memory of 5520	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5824 wrote to memory of 2316	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5824 wrote to memory of 2316	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5824 wrote to memory of 6092	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5824 wrote to memory of 6092	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5824 wrote to memory of 5652	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5824 wrote to memory of 5652	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5824 wrote to memory of 5088	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5824 wrote to memory of 5088	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5824 wrote to memory of 5808	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5824 wrote to memory of 5808	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5824 wrote to memory of 5712	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5824 wrote to memory of 5712	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5824 wrote to memory of 4180	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5824 wrote to memory of 4180	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5824 wrote to memory of 6040	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5824 wrote to memory of 6040	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5824 wrote to memory of 5696	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5824 wrote to memory of 5696	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5824 wrote to memory of 5260	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5824 wrote to memory of 5260	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5824 wrote to memory of 5480	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 5824 wrote to memory of 5480	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 5824 wrote to memory of 2476	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 5824 wrote to memory of 2476	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 5824 wrote to memory of 1008	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 5824 wrote to memory of 1008	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 5824 wrote to memory of 2424	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	126
PID 5824 wrote to memory of 2424	5824	2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	126

C:\Users\Admin\AppData\Local\Temp\2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_e0e0e6f6fc5c739c0fb7fe5d7f563c80_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5824
- C:\Windows\System\eVEFlAz.exe
  C:\Windows\System\eVEFlAz.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oxwExIU.exe
  C:\Windows\System\oxwExIU.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System\NabaPuR.exe
  C:\Windows\System\NabaPuR.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\ewbpOOt.exe
  C:\Windows\System\ewbpOOt.exe
  2⤵
  - Executes dropped EXE
  PID:5772
- C:\Windows\System\DMdDWrC.exe
  C:\Windows\System\DMdDWrC.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\hqXIcty.exe
  C:\Windows\System\hqXIcty.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\YuipzlV.exe
  C:\Windows\System\YuipzlV.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\bJubmpa.exe
  C:\Windows\System\bJubmpa.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\BkKicVc.exe
  C:\Windows\System\BkKicVc.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\kOKIine.exe
  C:\Windows\System\kOKIine.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\DFKbKeT.exe
  C:\Windows\System\DFKbKeT.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\feDKUWl.exe
  C:\Windows\System\feDKUWl.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\PzBfcBz.exe
  C:\Windows\System\PzBfcBz.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\HunIbCZ.exe
  C:\Windows\System\HunIbCZ.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\MQuwXXD.exe
  C:\Windows\System\MQuwXXD.exe
  2⤵
  - Executes dropped EXE
  PID:6036
- C:\Windows\System\HyOTpGk.exe
  C:\Windows\System\HyOTpGk.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\GlJrbSO.exe
  C:\Windows\System\GlJrbSO.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\IgcdoMz.exe
  C:\Windows\System\IgcdoMz.exe
  2⤵
  - Executes dropped EXE
  PID:5520
- C:\Windows\System\ndMPARK.exe
  C:\Windows\System\ndMPARK.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ngplyWE.exe
  C:\Windows\System\ngplyWE.exe
  2⤵
  - Executes dropped EXE
  PID:6092
- C:\Windows\System\XQdRnwH.exe
  C:\Windows\System\XQdRnwH.exe
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Windows\System\sitNzjI.exe
  C:\Windows\System\sitNzjI.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\ruunBrO.exe
  C:\Windows\System\ruunBrO.exe
  2⤵
  - Executes dropped EXE
  PID:5808
- C:\Windows\System\DuQzKGn.exe
  C:\Windows\System\DuQzKGn.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\BecbzlD.exe
  C:\Windows\System\BecbzlD.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\ZradMFW.exe
  C:\Windows\System\ZradMFW.exe
  2⤵
  - Executes dropped EXE
  PID:6040
- C:\Windows\System\ZbTOoCH.exe
  C:\Windows\System\ZbTOoCH.exe
  2⤵
  - Executes dropped EXE
  PID:5696
- C:\Windows\System\VqEKJVM.exe
  C:\Windows\System\VqEKJVM.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\oAqGOpk.exe
  C:\Windows\System\oAqGOpk.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\omDJawL.exe
  C:\Windows\System\omDJawL.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\lZnktio.exe
  C:\Windows\System\lZnktio.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\QyEBFBE.exe
  C:\Windows\System\QyEBFBE.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\lEwdEwH.exe
  C:\Windows\System\lEwdEwH.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\bfTkpYa.exe
  C:\Windows\System\bfTkpYa.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\QYmqcTE.exe
  C:\Windows\System\QYmqcTE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ydTQGqo.exe
  C:\Windows\System\ydTQGqo.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\BgRFeEA.exe
  C:\Windows\System\BgRFeEA.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\EnPNgFT.exe
  C:\Windows\System\EnPNgFT.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\mjITRxl.exe
  C:\Windows\System\mjITRxl.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\BrKRlQB.exe
  C:\Windows\System\BrKRlQB.exe
  2⤵
  - Executes dropped EXE
  PID:5924
- C:\Windows\System\RWWzCEf.exe
  C:\Windows\System\RWWzCEf.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\PLlPdMg.exe
  C:\Windows\System\PLlPdMg.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HetLlsw.exe
  C:\Windows\System\HetLlsw.exe
  2⤵
  - Executes dropped EXE
  PID:6100
- C:\Windows\System\bFURahg.exe
  C:\Windows\System\bFURahg.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\NOYepfR.exe
  C:\Windows\System\NOYepfR.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\nYzgOiQ.exe
  C:\Windows\System\nYzgOiQ.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\oamWSjM.exe
  C:\Windows\System\oamWSjM.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\oLaLPzB.exe
  C:\Windows\System\oLaLPzB.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\sPkBudA.exe
  C:\Windows\System\sPkBudA.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\cyqFubf.exe
  C:\Windows\System\cyqFubf.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\vwORsmc.exe
  C:\Windows\System\vwORsmc.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\UZdIvHy.exe
  C:\Windows\System\UZdIvHy.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\QVjiEGy.exe
  C:\Windows\System\QVjiEGy.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\eSpJfTH.exe
  C:\Windows\System\eSpJfTH.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\stZaQMl.exe
  C:\Windows\System\stZaQMl.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\BvKiCdA.exe
  C:\Windows\System\BvKiCdA.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\GflQszW.exe
  C:\Windows\System\GflQszW.exe
  2⤵
  - Executes dropped EXE
  PID:5804
- C:\Windows\System\mDuNDKl.exe
  C:\Windows\System\mDuNDKl.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\FYfUrsA.exe
  C:\Windows\System\FYfUrsA.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\qFOcpso.exe
  C:\Windows\System\qFOcpso.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\iyPGBrX.exe
  C:\Windows\System\iyPGBrX.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System\guWWFqW.exe
  C:\Windows\System\guWWFqW.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\QuicFyU.exe
  C:\Windows\System\QuicFyU.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\MbWDYLa.exe
  C:\Windows\System\MbWDYLa.exe
  2⤵
  - Executes dropped EXE
  PID:5392
- C:\Windows\System\AdnHlgo.exe
  C:\Windows\System\AdnHlgo.exe
  2⤵
  PID:2068
- C:\Windows\System\BppTtgo.exe
  C:\Windows\System\BppTtgo.exe
  2⤵
  PID:3452
- C:\Windows\System\RSDpYgI.exe
  C:\Windows\System\RSDpYgI.exe
  2⤵
  PID:4428
- C:\Windows\System\eljmruR.exe
  C:\Windows\System\eljmruR.exe
  2⤵
  PID:5076
- C:\Windows\System\vmWBZMg.exe
  C:\Windows\System\vmWBZMg.exe
  2⤵
  PID:432
- C:\Windows\System\TUbRGxG.exe
  C:\Windows\System\TUbRGxG.exe
  2⤵
  PID:3744
- C:\Windows\System\mShiACG.exe
  C:\Windows\System\mShiACG.exe
  2⤵
  PID:3164
- C:\Windows\System\mZFsVdd.exe
  C:\Windows\System\mZFsVdd.exe
  2⤵
  PID:696
- C:\Windows\System\RTRoncB.exe
  C:\Windows\System\RTRoncB.exe
  2⤵
  PID:5848
- C:\Windows\System\kVOFmqA.exe
  C:\Windows\System\kVOFmqA.exe
  2⤵
  PID:1036
- C:\Windows\System\txNhvkg.exe
  C:\Windows\System\txNhvkg.exe
  2⤵
  PID:5196
- C:\Windows\System\QrXhAHs.exe
  C:\Windows\System\QrXhAHs.exe
  2⤵
  PID:5612
- C:\Windows\System\VRkLKNz.exe
  C:\Windows\System\VRkLKNz.exe
  2⤵
  PID:3936
- C:\Windows\System\qOuAXQT.exe
  C:\Windows\System\qOuAXQT.exe
  2⤵
  PID:5492
- C:\Windows\System\ytfXdhV.exe
  C:\Windows\System\ytfXdhV.exe
  2⤵
  PID:6052
- C:\Windows\System\nRxCOxX.exe
  C:\Windows\System\nRxCOxX.exe
  2⤵
  PID:5604
- C:\Windows\System\cBwktiR.exe
  C:\Windows\System\cBwktiR.exe
  2⤵
  PID:1852
- C:\Windows\System\PgATRQQ.exe
  C:\Windows\System\PgATRQQ.exe
  2⤵
  PID:1976
- C:\Windows\System\TcoHdSg.exe
  C:\Windows\System\TcoHdSg.exe
  2⤵
  PID:2508
- C:\Windows\System\JbLDTpp.exe
  C:\Windows\System\JbLDTpp.exe
  2⤵
  PID:2340
- C:\Windows\System\oKAijcO.exe
  C:\Windows\System\oKAijcO.exe
  2⤵
  PID:1620
- C:\Windows\System\OUuFnPG.exe
  C:\Windows\System\OUuFnPG.exe
  2⤵
  PID:1404
- C:\Windows\System\ubHEGKv.exe
  C:\Windows\System\ubHEGKv.exe
  2⤵
  PID:3756
- C:\Windows\System\xjpUWbs.exe
  C:\Windows\System\xjpUWbs.exe
  2⤵
  PID:5640
- C:\Windows\System\NqMtxRv.exe
  C:\Windows\System\NqMtxRv.exe
  2⤵
  PID:4940
- C:\Windows\System\YGmqCyP.exe
  C:\Windows\System\YGmqCyP.exe
  2⤵
  PID:2152
- C:\Windows\System\HtOBUTP.exe
  C:\Windows\System\HtOBUTP.exe
  2⤵
  PID:5728
- C:\Windows\System\AcBtYbf.exe
  C:\Windows\System\AcBtYbf.exe
  2⤵
  PID:2120
- C:\Windows\System\MycvmDl.exe
  C:\Windows\System\MycvmDl.exe
  2⤵
  PID:5020
- C:\Windows\System\pXfxNrR.exe
  C:\Windows\System\pXfxNrR.exe
  2⤵
  PID:2516
- C:\Windows\System\DqFGKZh.exe
  C:\Windows\System\DqFGKZh.exe
  2⤵
  PID:4440
- C:\Windows\System\RspbyMU.exe
  C:\Windows\System\RspbyMU.exe
  2⤵
  PID:4536
- C:\Windows\System\RShvfLz.exe
  C:\Windows\System\RShvfLz.exe
  2⤵
  PID:1184
- C:\Windows\System\fmgoCMK.exe
  C:\Windows\System\fmgoCMK.exe
  2⤵
  PID:5056
- C:\Windows\System\HTumBFI.exe
  C:\Windows\System\HTumBFI.exe
  2⤵
  PID:6128
- C:\Windows\System\hweqBFk.exe
  C:\Windows\System\hweqBFk.exe
  2⤵
  PID:4636
- C:\Windows\System\mjcGzvp.exe
  C:\Windows\System\mjcGzvp.exe
  2⤵
  PID:2096
- C:\Windows\System\tLeexAH.exe
  C:\Windows\System\tLeexAH.exe
  2⤵
  PID:5108
- C:\Windows\System\sDYyszA.exe
  C:\Windows\System\sDYyszA.exe
  2⤵
  PID:5800
- C:\Windows\System\TKgYsQU.exe
  C:\Windows\System\TKgYsQU.exe
  2⤵
  PID:364
- C:\Windows\System\NtRXygZ.exe
  C:\Windows\System\NtRXygZ.exe
  2⤵
  PID:4380
- C:\Windows\System\YrzPYRl.exe
  C:\Windows\System\YrzPYRl.exe
  2⤵
  PID:5716
- C:\Windows\System\uDtJoAk.exe
  C:\Windows\System\uDtJoAk.exe
  2⤵
  PID:3704
- C:\Windows\System\gPwmSeI.exe
  C:\Windows\System\gPwmSeI.exe
  2⤵
  PID:4964
- C:\Windows\System\eDCoHsl.exe
  C:\Windows\System\eDCoHsl.exe
  2⤵
  PID:2084
- C:\Windows\System\ugOijRI.exe
  C:\Windows\System\ugOijRI.exe
  2⤵
  PID:2836
- C:\Windows\System\MBJNwoK.exe
  C:\Windows\System\MBJNwoK.exe
  2⤵
  PID:5036
- C:\Windows\System\ornqugu.exe
  C:\Windows\System\ornqugu.exe
  2⤵
  PID:1812
- C:\Windows\System\EhmzzYL.exe
  C:\Windows\System\EhmzzYL.exe
  2⤵
  PID:3308
- C:\Windows\System\ikxkHcM.exe
  C:\Windows\System\ikxkHcM.exe
  2⤵
  PID:1684
- C:\Windows\System\mhTyUnb.exe
  C:\Windows\System\mhTyUnb.exe
  2⤵
  PID:3664
- C:\Windows\System\AqaXHAv.exe
  C:\Windows\System\AqaXHAv.exe
  2⤵
  PID:2328
- C:\Windows\System\jDExWwn.exe
  C:\Windows\System\jDExWwn.exe
  2⤵
  PID:3976
- C:\Windows\System\bfgVvil.exe
  C:\Windows\System\bfgVvil.exe
  2⤵
  PID:2980
- C:\Windows\System\XCSGTYT.exe
  C:\Windows\System\XCSGTYT.exe
  2⤵
  PID:5228
- C:\Windows\System\eyPEyqF.exe
  C:\Windows\System\eyPEyqF.exe
  2⤵
  PID:5900
- C:\Windows\System\PXBsrIw.exe
  C:\Windows\System\PXBsrIw.exe
  2⤵
  PID:1372
- C:\Windows\System\zcoqIRU.exe
  C:\Windows\System\zcoqIRU.exe
  2⤵
  PID:3584
- C:\Windows\System\fKXKdOa.exe
  C:\Windows\System\fKXKdOa.exe
  2⤵
  PID:3748
- C:\Windows\System\djXBpiY.exe
  C:\Windows\System\djXBpiY.exe
  2⤵
  PID:1896
- C:\Windows\System\JfpgQwV.exe
  C:\Windows\System\JfpgQwV.exe
  2⤵
  PID:5040
- C:\Windows\System\YirJKGV.exe
  C:\Windows\System\YirJKGV.exe
  2⤵
  PID:4756
- C:\Windows\System\clavNjo.exe
  C:\Windows\System\clavNjo.exe
  2⤵
  PID:4432
- C:\Windows\System\aqxVLMk.exe
  C:\Windows\System\aqxVLMk.exe
  2⤵
  PID:2808
- C:\Windows\System\CZHlbhk.exe
  C:\Windows\System\CZHlbhk.exe
  2⤵
  PID:372
- C:\Windows\System\DCljqDx.exe
  C:\Windows\System\DCljqDx.exe
  2⤵
  PID:1300
- C:\Windows\System\eceBaNQ.exe
  C:\Windows\System\eceBaNQ.exe
  2⤵
  PID:1296
- C:\Windows\System\KOcUFrR.exe
  C:\Windows\System\KOcUFrR.exe
  2⤵
  PID:220
- C:\Windows\System\CejFIVo.exe
  C:\Windows\System\CejFIVo.exe
  2⤵
  PID:2544
- C:\Windows\System\qOpWGup.exe
  C:\Windows\System\qOpWGup.exe
  2⤵
  PID:6172
- C:\Windows\System\hSlLohe.exe
  C:\Windows\System\hSlLohe.exe
  2⤵
  PID:6212
- C:\Windows\System\DzrslZS.exe
  C:\Windows\System\DzrslZS.exe
  2⤵
  PID:6240
- C:\Windows\System\FWtusEs.exe
  C:\Windows\System\FWtusEs.exe
  2⤵
  PID:6268
- C:\Windows\System\aJCpztA.exe
  C:\Windows\System\aJCpztA.exe
  2⤵
  PID:6296
- C:\Windows\System\FwnGtCb.exe
  C:\Windows\System\FwnGtCb.exe
  2⤵
  PID:6324
- C:\Windows\System\qsTwVgS.exe
  C:\Windows\System\qsTwVgS.exe
  2⤵
  PID:6352
- C:\Windows\System\kIOfgWD.exe
  C:\Windows\System\kIOfgWD.exe
  2⤵
  PID:6380
- C:\Windows\System\dCHIRvk.exe
  C:\Windows\System\dCHIRvk.exe
  2⤵
  PID:6408
- C:\Windows\System\selDypO.exe
  C:\Windows\System\selDypO.exe
  2⤵
  PID:6432
- C:\Windows\System\oJsErPz.exe
  C:\Windows\System\oJsErPz.exe
  2⤵
  PID:6464
- C:\Windows\System\KipBRAc.exe
  C:\Windows\System\KipBRAc.exe
  2⤵
  PID:6492
- C:\Windows\System\YOPXvVr.exe
  C:\Windows\System\YOPXvVr.exe
  2⤵
  PID:6520
- C:\Windows\System\NcUCKmI.exe
  C:\Windows\System\NcUCKmI.exe
  2⤵
  PID:6548
- C:\Windows\System\UtfeboF.exe
  C:\Windows\System\UtfeboF.exe
  2⤵
  PID:6568
- C:\Windows\System\MpzlGlq.exe
  C:\Windows\System\MpzlGlq.exe
  2⤵
  PID:6604
- C:\Windows\System\sSrNiNk.exe
  C:\Windows\System\sSrNiNk.exe
  2⤵
  PID:6632
- C:\Windows\System\lgJSWyH.exe
  C:\Windows\System\lgJSWyH.exe
  2⤵
  PID:6660
- C:\Windows\System\chWnikt.exe
  C:\Windows\System\chWnikt.exe
  2⤵
  PID:6684
- C:\Windows\System\KpxMZHa.exe
  C:\Windows\System\KpxMZHa.exe
  2⤵
  PID:6716
- C:\Windows\System\KQiTlPA.exe
  C:\Windows\System\KQiTlPA.exe
  2⤵
  PID:6744
- C:\Windows\System\SwLDnPz.exe
  C:\Windows\System\SwLDnPz.exe
  2⤵
  PID:6772
- C:\Windows\System\yCbBlOM.exe
  C:\Windows\System\yCbBlOM.exe
  2⤵
  PID:6800
- C:\Windows\System\qOhyVsG.exe
  C:\Windows\System\qOhyVsG.exe
  2⤵
  PID:6828
- C:\Windows\System\NoRijwW.exe
  C:\Windows\System\NoRijwW.exe
  2⤵
  PID:6856
- C:\Windows\System\pXjCelJ.exe
  C:\Windows\System\pXjCelJ.exe
  2⤵
  PID:6884
- C:\Windows\System\oDNAzac.exe
  C:\Windows\System\oDNAzac.exe
  2⤵
  PID:6912
- C:\Windows\System\lsEOoPn.exe
  C:\Windows\System\lsEOoPn.exe
  2⤵
  PID:6940
- C:\Windows\System\tCUWXXs.exe
  C:\Windows\System\tCUWXXs.exe
  2⤵
  PID:6968
- C:\Windows\System\XEpUHaJ.exe
  C:\Windows\System\XEpUHaJ.exe
  2⤵
  PID:6996
- C:\Windows\System\XeyETdr.exe
  C:\Windows\System\XeyETdr.exe
  2⤵
  PID:7024
- C:\Windows\System\ZUaCZZT.exe
  C:\Windows\System\ZUaCZZT.exe
  2⤵
  PID:7052
- C:\Windows\System\tfOoUMV.exe
  C:\Windows\System\tfOoUMV.exe
  2⤵
  PID:7080
- C:\Windows\System\XDtmJuK.exe
  C:\Windows\System\XDtmJuK.exe
  2⤵
  PID:7108
- C:\Windows\System\bOtpnDB.exe
  C:\Windows\System\bOtpnDB.exe
  2⤵
  PID:7140
- C:\Windows\System\NHNAoVG.exe
  C:\Windows\System\NHNAoVG.exe
  2⤵
  PID:7156
- C:\Windows\System\OAouDWf.exe
  C:\Windows\System\OAouDWf.exe
  2⤵
  PID:6204
- C:\Windows\System\kKFhEIl.exe
  C:\Windows\System\kKFhEIl.exe
  2⤵
  PID:3412
- C:\Windows\System\CjNUEFk.exe
  C:\Windows\System\CjNUEFk.exe
  2⤵
  PID:2924
- C:\Windows\System\VVIFljC.exe
  C:\Windows\System\VVIFljC.exe
  2⤵
  PID:6360
- C:\Windows\System\hEHlOdG.exe
  C:\Windows\System\hEHlOdG.exe
  2⤵
  PID:6424
- C:\Windows\System\szmpQnH.exe
  C:\Windows\System\szmpQnH.exe
  2⤵
  PID:6488
- C:\Windows\System\HIfjlsx.exe
  C:\Windows\System\HIfjlsx.exe
  2⤵
  PID:6536
- C:\Windows\System\JTFIHdK.exe
  C:\Windows\System\JTFIHdK.exe
  2⤵
  PID:6628
- C:\Windows\System\ydYmJYz.exe
  C:\Windows\System\ydYmJYz.exe
  2⤵
  PID:6676
- C:\Windows\System\UIGStzf.exe
  C:\Windows\System\UIGStzf.exe
  2⤵
  PID:6724
- C:\Windows\System\MeoaObq.exe
  C:\Windows\System\MeoaObq.exe
  2⤵
  PID:6768
- C:\Windows\System\knQUzqd.exe
  C:\Windows\System\knQUzqd.exe
  2⤵
  PID:6824
- C:\Windows\System\TaceEua.exe
  C:\Windows\System\TaceEua.exe
  2⤵
  PID:6892
- C:\Windows\System\nXAGXpR.exe
  C:\Windows\System\nXAGXpR.exe
  2⤵
  PID:5932
- C:\Windows\System\NPbJKaj.exe
  C:\Windows\System\NPbJKaj.exe
  2⤵
  PID:7020
- C:\Windows\System\kejZwjZ.exe
  C:\Windows\System\kejZwjZ.exe
  2⤵
  PID:7068
- C:\Windows\System\xqgpZcg.exe
  C:\Windows\System\xqgpZcg.exe
  2⤵
  PID:7132
- C:\Windows\System\IDeDCUK.exe
  C:\Windows\System\IDeDCUK.exe
  2⤵
  PID:6208
- C:\Windows\System\QNWjTSj.exe
  C:\Windows\System\QNWjTSj.exe
  2⤵
  PID:6276
- C:\Windows\System\yqaoPZf.exe
  C:\Windows\System\yqaoPZf.exe
  2⤵
  PID:6416
- C:\Windows\System\YHlkoYD.exe
  C:\Windows\System\YHlkoYD.exe
  2⤵
  PID:6576
- C:\Windows\System\kznuwag.exe
  C:\Windows\System\kznuwag.exe
  2⤵
  PID:1172
- C:\Windows\System\TTDxiEj.exe
  C:\Windows\System\TTDxiEj.exe
  2⤵
  PID:6788
- C:\Windows\System\YRcgSEc.exe
  C:\Windows\System\YRcgSEc.exe
  2⤵
  PID:6900
- C:\Windows\System\cpczvKr.exe
  C:\Windows\System\cpczvKr.exe
  2⤵
  PID:7032
- C:\Windows\System\izdRYWa.exe
  C:\Windows\System\izdRYWa.exe
  2⤵
  PID:6184
- C:\Windows\System\PKCKSen.exe
  C:\Windows\System\PKCKSen.exe
  2⤵
  PID:3712
- C:\Windows\System\ugzskEN.exe
  C:\Windows\System\ugzskEN.exe
  2⤵
  PID:6668
- C:\Windows\System\UkrYcBL.exe
  C:\Windows\System\UkrYcBL.exe
  2⤵
  PID:2240
- C:\Windows\System\nGfhuGu.exe
  C:\Windows\System\nGfhuGu.exe
  2⤵
  PID:7152
- C:\Windows\System\OPEnskr.exe
  C:\Windows\System\OPEnskr.exe
  2⤵
  PID:5240
- C:\Windows\System\VBWueuL.exe
  C:\Windows\System\VBWueuL.exe
  2⤵
  PID:1820
- C:\Windows\System\mvUvgXo.exe
  C:\Windows\System\mvUvgXo.exe
  2⤵
  PID:6452
- C:\Windows\System\bzkSGoy.exe
  C:\Windows\System\bzkSGoy.exe
  2⤵
  PID:7184
- C:\Windows\System\fdpQYsP.exe
  C:\Windows\System\fdpQYsP.exe
  2⤵
  PID:7212
- C:\Windows\System\elAtmJg.exe
  C:\Windows\System\elAtmJg.exe
  2⤵
  PID:7240
- C:\Windows\System\BJAhBAA.exe
  C:\Windows\System\BJAhBAA.exe
  2⤵
  PID:7268
- C:\Windows\System\KGcgVCD.exe
  C:\Windows\System\KGcgVCD.exe
  2⤵
  PID:7296
- C:\Windows\System\czNVIlg.exe
  C:\Windows\System\czNVIlg.exe
  2⤵
  PID:7324
- C:\Windows\System\kJWXUbv.exe
  C:\Windows\System\kJWXUbv.exe
  2⤵
  PID:7352
- C:\Windows\System\MVZeZJm.exe
  C:\Windows\System\MVZeZJm.exe
  2⤵
  PID:7380
- C:\Windows\System\WuAzDSt.exe
  C:\Windows\System\WuAzDSt.exe
  2⤵
  PID:7408
- C:\Windows\System\GAfloWM.exe
  C:\Windows\System\GAfloWM.exe
  2⤵
  PID:7436
- C:\Windows\System\uKImRtS.exe
  C:\Windows\System\uKImRtS.exe
  2⤵
  PID:7464
- C:\Windows\System\XEqeKVN.exe
  C:\Windows\System\XEqeKVN.exe
  2⤵
  PID:7492
- C:\Windows\System\sZvYzUi.exe
  C:\Windows\System\sZvYzUi.exe
  2⤵
  PID:7520
- C:\Windows\System\yduOSIo.exe
  C:\Windows\System\yduOSIo.exe
  2⤵
  PID:7548
- C:\Windows\System\zhLUsiQ.exe
  C:\Windows\System\zhLUsiQ.exe
  2⤵
  PID:7576
- C:\Windows\System\RPAlEnb.exe
  C:\Windows\System\RPAlEnb.exe
  2⤵
  PID:7604
- C:\Windows\System\siwLDyV.exe
  C:\Windows\System\siwLDyV.exe
  2⤵
  PID:7632
- C:\Windows\System\VsONjfl.exe
  C:\Windows\System\VsONjfl.exe
  2⤵
  PID:7660
- C:\Windows\System\CvKbYEN.exe
  C:\Windows\System\CvKbYEN.exe
  2⤵
  PID:7688
- C:\Windows\System\xMkvvyq.exe
  C:\Windows\System\xMkvvyq.exe
  2⤵
  PID:7716
- C:\Windows\System\brHNjyp.exe
  C:\Windows\System\brHNjyp.exe
  2⤵
  PID:7744
- C:\Windows\System\uVhfcsm.exe
  C:\Windows\System\uVhfcsm.exe
  2⤵
  PID:7772
- C:\Windows\System\GBkVDtG.exe
  C:\Windows\System\GBkVDtG.exe
  2⤵
  PID:7800
- C:\Windows\System\VHDbbGy.exe
  C:\Windows\System\VHDbbGy.exe
  2⤵
  PID:7828
- C:\Windows\System\maehBrP.exe
  C:\Windows\System\maehBrP.exe
  2⤵
  PID:7856
- C:\Windows\System\JhfunLB.exe
  C:\Windows\System\JhfunLB.exe
  2⤵
  PID:7884
- C:\Windows\System\nKQEubq.exe
  C:\Windows\System\nKQEubq.exe
  2⤵
  PID:7912
- C:\Windows\System\CzHiRKL.exe
  C:\Windows\System\CzHiRKL.exe
  2⤵
  PID:7936
- C:\Windows\System\xrfWIva.exe
  C:\Windows\System\xrfWIva.exe
  2⤵
  PID:7956
- C:\Windows\System\RpeZjuz.exe
  C:\Windows\System\RpeZjuz.exe
  2⤵
  PID:7992
- C:\Windows\System\FmveMwq.exe
  C:\Windows\System\FmveMwq.exe
  2⤵
  PID:8020
- C:\Windows\System\niYXCeS.exe
  C:\Windows\System\niYXCeS.exe
  2⤵
  PID:8044
- C:\Windows\System\THXQAPf.exe
  C:\Windows\System\THXQAPf.exe
  2⤵
  PID:8076
- C:\Windows\System\rEDudBG.exe
  C:\Windows\System\rEDudBG.exe
  2⤵
  PID:8096
- C:\Windows\System\JVJgPzM.exe
  C:\Windows\System\JVJgPzM.exe
  2⤵
  PID:8132
- C:\Windows\System\snBdrLo.exe
  C:\Windows\System\snBdrLo.exe
  2⤵
  PID:8152
- C:\Windows\System\AdkOajL.exe
  C:\Windows\System\AdkOajL.exe
  2⤵
  PID:8180
- C:\Windows\System\grmfEYN.exe
  C:\Windows\System\grmfEYN.exe
  2⤵
  PID:7220
- C:\Windows\System\BAxLQTr.exe
  C:\Windows\System\BAxLQTr.exe
  2⤵
  PID:7292
- C:\Windows\System\RuGvLAH.exe
  C:\Windows\System\RuGvLAH.exe
  2⤵
  PID:7348
- C:\Windows\System\rZlUiPY.exe
  C:\Windows\System\rZlUiPY.exe
  2⤵
  PID:7396
- C:\Windows\System\JmEVSLV.exe
  C:\Windows\System\JmEVSLV.exe
  2⤵
  PID:7472
- C:\Windows\System\XtHNNAR.exe
  C:\Windows\System\XtHNNAR.exe
  2⤵
  PID:7536
- C:\Windows\System\oSpTMZT.exe
  C:\Windows\System\oSpTMZT.exe
  2⤵
  PID:7600
- C:\Windows\System\afnmOPt.exe
  C:\Windows\System\afnmOPt.exe
  2⤵
  PID:2132
- C:\Windows\System\tmmdbim.exe
  C:\Windows\System\tmmdbim.exe
  2⤵
  PID:7724
- C:\Windows\System\hheLzrU.exe
  C:\Windows\System\hheLzrU.exe
  2⤵
  PID:7788
- C:\Windows\System\WOsLTmm.exe
  C:\Windows\System\WOsLTmm.exe
  2⤵
  PID:7836
- C:\Windows\System\jFhHQRK.exe
  C:\Windows\System\jFhHQRK.exe
  2⤵
  PID:7892
- C:\Windows\System\aKiCnYG.exe
  C:\Windows\System\aKiCnYG.exe
  2⤵
  PID:7952
- C:\Windows\System\KixfPlm.exe
  C:\Windows\System\KixfPlm.exe
  2⤵
  PID:8032
- C:\Windows\System\lXwvZfV.exe
  C:\Windows\System\lXwvZfV.exe
  2⤵
  PID:8108
- C:\Windows\System\IRaCgSj.exe
  C:\Windows\System\IRaCgSj.exe
  2⤵
  PID:8148
- C:\Windows\System\VNYMxkM.exe
  C:\Windows\System\VNYMxkM.exe
  2⤵
  PID:7264
- C:\Windows\System\aBGMclC.exe
  C:\Windows\System\aBGMclC.exe
  2⤵
  PID:7460
- C:\Windows\System\zRLVgxO.exe
  C:\Windows\System\zRLVgxO.exe
  2⤵
  PID:7508
- C:\Windows\System\IsqHeHI.exe
  C:\Windows\System\IsqHeHI.exe
  2⤵
  PID:7648
- C:\Windows\System\nmOpdrE.exe
  C:\Windows\System\nmOpdrE.exe
  2⤵
  PID:7824
- C:\Windows\System\EXSSsoe.exe
  C:\Windows\System\EXSSsoe.exe
  2⤵
  PID:7944
- C:\Windows\System\bdnSYqo.exe
  C:\Windows\System\bdnSYqo.exe
  2⤵
  PID:8120
- C:\Windows\System\VBdIGUA.exe
  C:\Windows\System\VBdIGUA.exe
  2⤵
  PID:7304
- C:\Windows\System\ggooEzC.exe
  C:\Windows\System\ggooEzC.exe
  2⤵
  PID:7628
- C:\Windows\System\NzgdbSw.exe
  C:\Windows\System\NzgdbSw.exe
  2⤵
  PID:8004
- C:\Windows\System\IqaUpBe.exe
  C:\Windows\System\IqaUpBe.exe
  2⤵
  PID:7500
- C:\Windows\System\LxosUVO.exe
  C:\Windows\System\LxosUVO.exe
  2⤵
  PID:7192
- C:\Windows\System\RVQxqNv.exe
  C:\Windows\System\RVQxqNv.exe
  2⤵
  PID:4768
- C:\Windows\System\GAsuJNz.exe
  C:\Windows\System\GAsuJNz.exe
  2⤵
  PID:8220
- C:\Windows\System\ssDbDfz.exe
  C:\Windows\System\ssDbDfz.exe
  2⤵
  PID:8252
- C:\Windows\System\YiVlvdy.exe
  C:\Windows\System\YiVlvdy.exe
  2⤵
  PID:8276
- C:\Windows\System\abeJRjn.exe
  C:\Windows\System\abeJRjn.exe
  2⤵
  PID:8304
- C:\Windows\System\HptmcRo.exe
  C:\Windows\System\HptmcRo.exe
  2⤵
  PID:8332
- C:\Windows\System\NaCMjxP.exe
  C:\Windows\System\NaCMjxP.exe
  2⤵
  PID:8360
- C:\Windows\System\sxebgZb.exe
  C:\Windows\System\sxebgZb.exe
  2⤵
  PID:8388
- C:\Windows\System\oOpKXhS.exe
  C:\Windows\System\oOpKXhS.exe
  2⤵
  PID:8416
- C:\Windows\System\iZZvVgI.exe
  C:\Windows\System\iZZvVgI.exe
  2⤵
  PID:8452
- C:\Windows\System\eNiglSB.exe
  C:\Windows\System\eNiglSB.exe
  2⤵
  PID:8472
- C:\Windows\System\oVfXrjw.exe
  C:\Windows\System\oVfXrjw.exe
  2⤵
  PID:8500
- C:\Windows\System\OaEDXMw.exe
  C:\Windows\System\OaEDXMw.exe
  2⤵
  PID:8536
- C:\Windows\System\RAfcYXa.exe
  C:\Windows\System\RAfcYXa.exe
  2⤵
  PID:8564
- C:\Windows\System\fwxvozz.exe
  C:\Windows\System\fwxvozz.exe
  2⤵
  PID:8584
- C:\Windows\System\gNEaHNU.exe
  C:\Windows\System\gNEaHNU.exe
  2⤵
  PID:8624
- C:\Windows\System\slGaYal.exe
  C:\Windows\System\slGaYal.exe
  2⤵
  PID:8652
- C:\Windows\System\JutMLhZ.exe
  C:\Windows\System\JutMLhZ.exe
  2⤵
  PID:8676
- C:\Windows\System\SgfVkXp.exe
  C:\Windows\System\SgfVkXp.exe
  2⤵
  PID:8704
- C:\Windows\System\xXktDGP.exe
  C:\Windows\System\xXktDGP.exe
  2⤵
  PID:8728
- C:\Windows\System\FcfutWR.exe
  C:\Windows\System\FcfutWR.exe
  2⤵
  PID:8760
- C:\Windows\System\SnYtgco.exe
  C:\Windows\System\SnYtgco.exe
  2⤵
  PID:8788
- C:\Windows\System\XudOsQa.exe
  C:\Windows\System\XudOsQa.exe
  2⤵
  PID:8812
- C:\Windows\System\nCjIPTu.exe
  C:\Windows\System\nCjIPTu.exe
  2⤵
  PID:8844
- C:\Windows\System\wSdllma.exe
  C:\Windows\System\wSdllma.exe
  2⤵
  PID:8876
- C:\Windows\System\GmYJUsW.exe
  C:\Windows\System\GmYJUsW.exe
  2⤵
  PID:8896
- C:\Windows\System\rOeNtGH.exe
  C:\Windows\System\rOeNtGH.exe
  2⤵
  PID:8924
- C:\Windows\System\TamftSy.exe
  C:\Windows\System\TamftSy.exe
  2⤵
  PID:8952
- C:\Windows\System\yRFEaVO.exe
  C:\Windows\System\yRFEaVO.exe
  2⤵
  PID:8980
- C:\Windows\System\BsqcaQF.exe
  C:\Windows\System\BsqcaQF.exe
  2⤵
  PID:9008
- C:\Windows\System\DiHMeKu.exe
  C:\Windows\System\DiHMeKu.exe
  2⤵
  PID:9036
- C:\Windows\System\EVFOLmC.exe
  C:\Windows\System\EVFOLmC.exe
  2⤵
  PID:9064
- C:\Windows\System\lgLRrHk.exe
  C:\Windows\System\lgLRrHk.exe
  2⤵
  PID:9092
- C:\Windows\System\MyliSmj.exe
  C:\Windows\System\MyliSmj.exe
  2⤵
  PID:9136
- C:\Windows\System\cmBVKfN.exe
  C:\Windows\System\cmBVKfN.exe
  2⤵
  PID:9152
- C:\Windows\System\RPTkaZS.exe
  C:\Windows\System\RPTkaZS.exe
  2⤵
  PID:9180
- C:\Windows\System\LvpWPza.exe
  C:\Windows\System\LvpWPza.exe
  2⤵
  PID:9208
- C:\Windows\System\RKiKYPg.exe
  C:\Windows\System\RKiKYPg.exe
  2⤵
  PID:8240
- C:\Windows\System\VOKWFDc.exe
  C:\Windows\System\VOKWFDc.exe
  2⤵
  PID:8316
- C:\Windows\System\ULPmHmb.exe
  C:\Windows\System\ULPmHmb.exe
  2⤵
  PID:8372
- C:\Windows\System\ZOwmEtL.exe
  C:\Windows\System\ZOwmEtL.exe
  2⤵
  PID:8436
- C:\Windows\System\kRusDxJ.exe
  C:\Windows\System\kRusDxJ.exe
  2⤵
  PID:8496
- C:\Windows\System\JpUNiRK.exe
  C:\Windows\System\JpUNiRK.exe
  2⤵
  PID:8576
- C:\Windows\System\SXMYfUJ.exe
  C:\Windows\System\SXMYfUJ.exe
  2⤵
  PID:1648
- C:\Windows\System\heYHLeq.exe
  C:\Windows\System\heYHLeq.exe
  2⤵
  PID:8692
- C:\Windows\System\eIChhxr.exe
  C:\Windows\System\eIChhxr.exe
  2⤵
  PID:8752
- C:\Windows\System\YMLwUDk.exe
  C:\Windows\System\YMLwUDk.exe
  2⤵
  PID:8836
- C:\Windows\System\kReViKf.exe
  C:\Windows\System\kReViKf.exe
  2⤵
  PID:8892
- C:\Windows\System\NjCVRwH.exe
  C:\Windows\System\NjCVRwH.exe
  2⤵
  PID:8948
- C:\Windows\System\HMQZOZv.exe
  C:\Windows\System\HMQZOZv.exe
  2⤵
  PID:9020
- C:\Windows\System\tXZzssJ.exe
  C:\Windows\System\tXZzssJ.exe
  2⤵
  PID:9084
- C:\Windows\System\MnxTXhl.exe
  C:\Windows\System\MnxTXhl.exe
  2⤵
  PID:9148
- C:\Windows\System\uRUxMnB.exe
  C:\Windows\System\uRUxMnB.exe
  2⤵
  PID:8208
- C:\Windows\System\FYCwQHs.exe
  C:\Windows\System\FYCwQHs.exe
  2⤵
  PID:8400
- C:\Windows\System\wDQmtUy.exe
  C:\Windows\System\wDQmtUy.exe
  2⤵
  PID:8492
- C:\Windows\System\sTHcAzg.exe
  C:\Windows\System\sTHcAzg.exe
  2⤵
  PID:8660
- C:\Windows\System\AOXEipF.exe
  C:\Windows\System\AOXEipF.exe
  2⤵
  PID:8804
- C:\Windows\System\pIQmzjV.exe
  C:\Windows\System\pIQmzjV.exe
  2⤵
  PID:9004
- C:\Windows\System\eiwxrFI.exe
  C:\Windows\System\eiwxrFI.exe
  2⤵
  PID:9112
- C:\Windows\System\QQNwJDq.exe
  C:\Windows\System\QQNwJDq.exe
  2⤵
  PID:8296
- C:\Windows\System\rDDMHqh.exe
  C:\Windows\System\rDDMHqh.exe
  2⤵
  PID:8632
- C:\Windows\System\tkMuGTV.exe
  C:\Windows\System\tkMuGTV.exe
  2⤵
  PID:8936
- C:\Windows\System\YDCvbrU.exe
  C:\Windows\System\YDCvbrU.exe
  2⤵
  PID:8552
- C:\Windows\System\egftayI.exe
  C:\Windows\System\egftayI.exe
  2⤵
  PID:8464
- C:\Windows\System\bNcqpcq.exe
  C:\Windows\System\bNcqpcq.exe
  2⤵
  PID:9232
- C:\Windows\System\AggtbDv.exe
  C:\Windows\System\AggtbDv.exe
  2⤵
  PID:9260
- C:\Windows\System\oLXJwjh.exe
  C:\Windows\System\oLXJwjh.exe
  2⤵
  PID:9288
- C:\Windows\System\uuCDaaR.exe
  C:\Windows\System\uuCDaaR.exe
  2⤵
  PID:9316
- C:\Windows\System\iQqveYi.exe
  C:\Windows\System\iQqveYi.exe
  2⤵
  PID:9344
- C:\Windows\System\hrgFXfs.exe
  C:\Windows\System\hrgFXfs.exe
  2⤵
  PID:9372
- C:\Windows\System\twqlVww.exe
  C:\Windows\System\twqlVww.exe
  2⤵
  PID:9400
- C:\Windows\System\QCbhxUy.exe
  C:\Windows\System\QCbhxUy.exe
  2⤵
  PID:9428
- C:\Windows\System\rfkKhCT.exe
  C:\Windows\System\rfkKhCT.exe
  2⤵
  PID:9456
- C:\Windows\System\QBBuxbs.exe
  C:\Windows\System\QBBuxbs.exe
  2⤵
  PID:9484
- C:\Windows\System\JGDCaxs.exe
  C:\Windows\System\JGDCaxs.exe
  2⤵
  PID:9512
- C:\Windows\System\XNMDpwV.exe
  C:\Windows\System\XNMDpwV.exe
  2⤵
  PID:9540
- C:\Windows\System\MmeCMUx.exe
  C:\Windows\System\MmeCMUx.exe
  2⤵
  PID:9568
- C:\Windows\System\CufcXqS.exe
  C:\Windows\System\CufcXqS.exe
  2⤵
  PID:9596
- C:\Windows\System\mOunbbE.exe
  C:\Windows\System\mOunbbE.exe
  2⤵
  PID:9624
- C:\Windows\System\WZzoeIs.exe
  C:\Windows\System\WZzoeIs.exe
  2⤵
  PID:9652
- C:\Windows\System\LhXHUiQ.exe
  C:\Windows\System\LhXHUiQ.exe
  2⤵
  PID:9680
- C:\Windows\System\NjQLTAG.exe
  C:\Windows\System\NjQLTAG.exe
  2⤵
  PID:9708
- C:\Windows\System\zrAfsoz.exe
  C:\Windows\System\zrAfsoz.exe
  2⤵
  PID:9736
- C:\Windows\System\fGdmJPU.exe
  C:\Windows\System\fGdmJPU.exe
  2⤵
  PID:9764
- C:\Windows\System\bQhmDHQ.exe
  C:\Windows\System\bQhmDHQ.exe
  2⤵
  PID:9792
- C:\Windows\System\jbmhvSF.exe
  C:\Windows\System\jbmhvSF.exe
  2⤵
  PID:9824
- C:\Windows\System\znKMdLX.exe
  C:\Windows\System\znKMdLX.exe
  2⤵
  PID:9848
- C:\Windows\System\mHkqtDn.exe
  C:\Windows\System\mHkqtDn.exe
  2⤵
  PID:9876
- C:\Windows\System\jQwFlgG.exe
  C:\Windows\System\jQwFlgG.exe
  2⤵
  PID:9912
- C:\Windows\System\oEwIyxH.exe
  C:\Windows\System\oEwIyxH.exe
  2⤵
  PID:9932
- C:\Windows\System\wNxEOnH.exe
  C:\Windows\System\wNxEOnH.exe
  2⤵
  PID:10000
- C:\Windows\System\OMeBhzt.exe
  C:\Windows\System\OMeBhzt.exe
  2⤵
  PID:10024
- C:\Windows\System\NuopakT.exe
  C:\Windows\System\NuopakT.exe
  2⤵
  PID:10052
- C:\Windows\System\pVKfSHj.exe
  C:\Windows\System\pVKfSHj.exe
  2⤵
  PID:10088
- C:\Windows\System\QIpWxRw.exe
  C:\Windows\System\QIpWxRw.exe
  2⤵
  PID:10128
- C:\Windows\System\oteCDRm.exe
  C:\Windows\System\oteCDRm.exe
  2⤵
  PID:10160
- C:\Windows\System\nbDxovJ.exe
  C:\Windows\System\nbDxovJ.exe
  2⤵
  PID:10192
- C:\Windows\System\mxJTgdr.exe
  C:\Windows\System\mxJTgdr.exe
  2⤵
  PID:10216
- C:\Windows\System\gERdoMl.exe
  C:\Windows\System\gERdoMl.exe
  2⤵
  PID:9224
- C:\Windows\System\FBHONUo.exe
  C:\Windows\System\FBHONUo.exe
  2⤵
  PID:9308
- C:\Windows\System\UxeTDHo.exe
  C:\Windows\System\UxeTDHo.exe
  2⤵
  PID:9368
- C:\Windows\System\mCoZVhI.exe
  C:\Windows\System\mCoZVhI.exe
  2⤵
  PID:9448
- C:\Windows\System\svOcrKz.exe
  C:\Windows\System\svOcrKz.exe
  2⤵
  PID:9508
- C:\Windows\System\svfFoBb.exe
  C:\Windows\System\svfFoBb.exe
  2⤵
  PID:9580
- C:\Windows\System\OdWPNgg.exe
  C:\Windows\System\OdWPNgg.exe
  2⤵
  PID:9644
- C:\Windows\System\TGHPEyf.exe
  C:\Windows\System\TGHPEyf.exe
  2⤵
  PID:9728
- C:\Windows\System\yDQnmjx.exe
  C:\Windows\System\yDQnmjx.exe
  2⤵
  PID:9788
- C:\Windows\System\ZDJhmyI.exe
  C:\Windows\System\ZDJhmyI.exe
  2⤵
  PID:9844
- C:\Windows\System\KgeYwtY.exe
  C:\Windows\System\KgeYwtY.exe
  2⤵
  PID:9900
- C:\Windows\System\MjjUdFp.exe
  C:\Windows\System\MjjUdFp.exe
  2⤵
  PID:5380
- C:\Windows\System\xDlfZZw.exe
  C:\Windows\System\xDlfZZw.exe
  2⤵
  PID:9988
- C:\Windows\System\fazWsTS.exe
  C:\Windows\System\fazWsTS.exe
  2⤵
  PID:10076
- C:\Windows\System\kkwxtlI.exe
  C:\Windows\System\kkwxtlI.exe
  2⤵
  PID:10140
- C:\Windows\System\zDaBWxg.exe
  C:\Windows\System\zDaBWxg.exe
  2⤵
  PID:10208
- C:\Windows\System\SGaAVbZ.exe
  C:\Windows\System\SGaAVbZ.exe
  2⤵
  PID:9300
- C:\Windows\System\NcZUkxy.exe
  C:\Windows\System\NcZUkxy.exe
  2⤵
  PID:1164
- C:\Windows\System\EeTVkyb.exe
  C:\Windows\System\EeTVkyb.exe
  2⤵
  PID:9504
- C:\Windows\System\HaOsjDV.exe
  C:\Windows\System\HaOsjDV.exe
  2⤵
  PID:9620
- C:\Windows\System\UrtpmOs.exe
  C:\Windows\System\UrtpmOs.exe
  2⤵
  PID:2684
- C:\Windows\System\ODOHWTF.exe
  C:\Windows\System\ODOHWTF.exe
  2⤵
  PID:9888
- C:\Windows\System\ppQYZFw.exe
  C:\Windows\System\ppQYZFw.exe
  2⤵
  PID:9984
- C:\Windows\System\YyltfSN.exe
  C:\Windows\System\YyltfSN.exe
  2⤵
  PID:10180
- C:\Windows\System\lCulXBc.exe
  C:\Windows\System\lCulXBc.exe
  2⤵
  PID:9364
- C:\Windows\System\SnuAFhe.exe
  C:\Windows\System\SnuAFhe.exe
  2⤵
  PID:9696
- C:\Windows\System\lXVbPki.exe
  C:\Windows\System\lXVbPki.exe
  2⤵
  PID:10048
- C:\Windows\System\haMXYyh.exe
  C:\Windows\System\haMXYyh.exe
  2⤵
  PID:9356
- C:\Windows\System\ulidUAM.exe
  C:\Windows\System\ulidUAM.exe
  2⤵
  PID:2936
- C:\Windows\System\eZpxobj.exe
  C:\Windows\System\eZpxobj.exe
  2⤵
  PID:5700
- C:\Windows\System\JAFUngw.exe
  C:\Windows\System\JAFUngw.exe
  2⤵
  PID:10292
- C:\Windows\System\sCXPGWc.exe
  C:\Windows\System\sCXPGWc.exe
  2⤵
  PID:10328
- C:\Windows\System\UxncmFv.exe
  C:\Windows\System\UxncmFv.exe
  2⤵
  PID:10360
- C:\Windows\System\FRtxzUX.exe
  C:\Windows\System\FRtxzUX.exe
  2⤵
  PID:10384
- C:\Windows\System\YntrAJn.exe
  C:\Windows\System\YntrAJn.exe
  2⤵
  PID:10412
- C:\Windows\System\gOxxzMk.exe
  C:\Windows\System\gOxxzMk.exe
  2⤵
  PID:10440
- C:\Windows\System\jkKQDHD.exe
  C:\Windows\System\jkKQDHD.exe
  2⤵
  PID:10468
- C:\Windows\System\vxgmGbe.exe
  C:\Windows\System\vxgmGbe.exe
  2⤵
  PID:10496
- C:\Windows\System\aIcvhYQ.exe
  C:\Windows\System\aIcvhYQ.exe
  2⤵
  PID:10532
- C:\Windows\System\gjMnJyI.exe
  C:\Windows\System\gjMnJyI.exe
  2⤵
  PID:10552
- C:\Windows\System\cmpxhBC.exe
  C:\Windows\System\cmpxhBC.exe
  2⤵
  PID:10580
- C:\Windows\System\PIizxTC.exe
  C:\Windows\System\PIizxTC.exe
  2⤵
  PID:10608
- C:\Windows\System\ZSrtIbL.exe
  C:\Windows\System\ZSrtIbL.exe
  2⤵
  PID:10636
- C:\Windows\System\TpZFnCu.exe
  C:\Windows\System\TpZFnCu.exe
  2⤵
  PID:10664
- C:\Windows\System\MCdqmSu.exe
  C:\Windows\System\MCdqmSu.exe
  2⤵
  PID:10692
- C:\Windows\System\uPFkaLF.exe
  C:\Windows\System\uPFkaLF.exe
  2⤵
  PID:10720
- C:\Windows\System\eKqlJAC.exe
  C:\Windows\System\eKqlJAC.exe
  2⤵
  PID:10748
- C:\Windows\System\cBJcLsU.exe
  C:\Windows\System\cBJcLsU.exe
  2⤵
  PID:10776
- C:\Windows\System\vyeuKQg.exe
  C:\Windows\System\vyeuKQg.exe
  2⤵
  PID:10804
- C:\Windows\System\yRgIRKB.exe
  C:\Windows\System\yRgIRKB.exe
  2⤵
  PID:10832
- C:\Windows\System\WDiiAoR.exe
  C:\Windows\System\WDiiAoR.exe
  2⤵
  PID:10860
- C:\Windows\System\XASeYEq.exe
  C:\Windows\System\XASeYEq.exe
  2⤵
  PID:10888
- C:\Windows\System\CWSZrMR.exe
  C:\Windows\System\CWSZrMR.exe
  2⤵
  PID:10916
- C:\Windows\System\LCvHHDA.exe
  C:\Windows\System\LCvHHDA.exe
  2⤵
  PID:10944
- C:\Windows\System\alQWrOF.exe
  C:\Windows\System\alQWrOF.exe
  2⤵
  PID:10972
- C:\Windows\System\kvDfIeq.exe
  C:\Windows\System\kvDfIeq.exe
  2⤵
  PID:11000
- C:\Windows\System\NjeAOCe.exe
  C:\Windows\System\NjeAOCe.exe
  2⤵
  PID:11028
- C:\Windows\System\xvAneVk.exe
  C:\Windows\System\xvAneVk.exe
  2⤵
  PID:11056
- C:\Windows\System\luyxGWE.exe
  C:\Windows\System\luyxGWE.exe
  2⤵
  PID:11076
- C:\Windows\System\SefmYGx.exe
  C:\Windows\System\SefmYGx.exe
  2⤵
  PID:11104
- C:\Windows\System\nzWQwUy.exe
  C:\Windows\System\nzWQwUy.exe
  2⤵
  PID:11128
- C:\Windows\System\JnytrUP.exe
  C:\Windows\System\JnytrUP.exe
  2⤵
  PID:11168
- C:\Windows\System\ZDBdGIB.exe
  C:\Windows\System\ZDBdGIB.exe
  2⤵
  PID:11196
- C:\Windows\System\huriXTM.exe
  C:\Windows\System\huriXTM.exe
  2⤵
  PID:11224
- C:\Windows\System\UOarXHE.exe
  C:\Windows\System\UOarXHE.exe
  2⤵
  PID:11252
- C:\Windows\System\lGEctBt.exe
  C:\Windows\System\lGEctBt.exe
  2⤵
  PID:10256
- C:\Windows\System\zpODqBP.exe
  C:\Windows\System\zpODqBP.exe
  2⤵
  PID:10316
- C:\Windows\System\nPApxMn.exe
  C:\Windows\System\nPApxMn.exe
  2⤵
  PID:9960
- C:\Windows\System\VKNottu.exe
  C:\Windows\System\VKNottu.exe
  2⤵
  PID:10396
- C:\Windows\System\WQPAmvP.exe
  C:\Windows\System\WQPAmvP.exe
  2⤵
  PID:4812
- C:\Windows\System\LAMEEJA.exe
  C:\Windows\System\LAMEEJA.exe
  2⤵
  PID:10488
- C:\Windows\System\wMofKjG.exe
  C:\Windows\System\wMofKjG.exe
  2⤵
  PID:10544
- C:\Windows\System\DOALsOH.exe
  C:\Windows\System\DOALsOH.exe
  2⤵
  PID:3448
- C:\Windows\System\JaAIbFK.exe
  C:\Windows\System\JaAIbFK.exe
  2⤵
  PID:10648
- C:\Windows\System\NgHwxoe.exe
  C:\Windows\System\NgHwxoe.exe
  2⤵
  PID:10712
- C:\Windows\System\BZakLuf.exe
  C:\Windows\System\BZakLuf.exe
  2⤵
  PID:10772
- C:\Windows\System\cEmZTaI.exe
  C:\Windows\System\cEmZTaI.exe
  2⤵
  PID:10848
- C:\Windows\System\sRWtynV.exe
  C:\Windows\System\sRWtynV.exe
  2⤵
  PID:10908
- C:\Windows\System\fQvlnjD.exe
  C:\Windows\System\fQvlnjD.exe
  2⤵
  PID:10964
- C:\Windows\System\lRsMeUj.exe
  C:\Windows\System\lRsMeUj.exe
  2⤵
  PID:11024
- C:\Windows\System\DJpagDM.exe
  C:\Windows\System\DJpagDM.exe
  2⤵
  PID:11088
- C:\Windows\System\NlPGLCG.exe
  C:\Windows\System\NlPGLCG.exe
  2⤵
  PID:11164
- C:\Windows\System\hhRwQhr.exe
  C:\Windows\System\hhRwQhr.exe
  2⤵
  PID:11236
- C:\Windows\System\OdsSbBI.exe
  C:\Windows\System\OdsSbBI.exe
  2⤵
  PID:10344
- C:\Windows\System\ZkFEvjC.exe
  C:\Windows\System\ZkFEvjC.exe
  2⤵
  PID:10380
- C:\Windows\System\GtpOpnr.exe
  C:\Windows\System\GtpOpnr.exe
  2⤵
  PID:10508
- C:\Windows\System\RQjxrXv.exe
  C:\Windows\System\RQjxrXv.exe
  2⤵
  PID:5960
- C:\Windows\System\EepyXpO.exe
  C:\Windows\System\EepyXpO.exe
  2⤵
  PID:10688
- C:\Windows\System\oCFZuWS.exe
  C:\Windows\System\oCFZuWS.exe
  2⤵
  PID:10828
- C:\Windows\System\BNcwUbW.exe
  C:\Windows\System\BNcwUbW.exe
  2⤵
  PID:10988
- C:\Windows\System\txjAzSA.exe
  C:\Windows\System\txjAzSA.exe
  2⤵
  PID:11096
- C:\Windows\System\iLGpzjs.exe
  C:\Windows\System\iLGpzjs.exe
  2⤵
  PID:10308
- C:\Windows\System\faFGiRt.exe
  C:\Windows\System\faFGiRt.exe
  2⤵
  PID:10480
- C:\Windows\System\FDnrGfz.exe
  C:\Windows\System\FDnrGfz.exe
  2⤵
  PID:10628
- C:\Windows\System\bXQvnyC.exe
  C:\Windows\System\bXQvnyC.exe
  2⤵
  PID:11068
- C:\Windows\System\DZxANMi.exe
  C:\Windows\System\DZxANMi.exe
  2⤵
  PID:10464
- C:\Windows\System\cnZIvlT.exe
  C:\Windows\System\cnZIvlT.exe
  2⤵
  PID:11048
- C:\Windows\System\bUNgbMw.exe
  C:\Windows\System\bUNgbMw.exe
  2⤵
  PID:10376
- C:\Windows\System\hPvPKKl.exe
  C:\Windows\System\hPvPKKl.exe
  2⤵
  PID:11284
- C:\Windows\System\fMTWaua.exe
  C:\Windows\System\fMTWaua.exe
  2⤵
  PID:11316
- C:\Windows\System\fShBJhD.exe
  C:\Windows\System\fShBJhD.exe
  2⤵
  PID:11348
- C:\Windows\System\kpHSrqz.exe
  C:\Windows\System\kpHSrqz.exe
  2⤵
  PID:11376
- C:\Windows\System\xhlhDAn.exe
  C:\Windows\System\xhlhDAn.exe
  2⤵
  PID:11404
- C:\Windows\System\LCSHVEV.exe
  C:\Windows\System\LCSHVEV.exe
  2⤵
  PID:11432
- C:\Windows\System\LSRACYT.exe
  C:\Windows\System\LSRACYT.exe
  2⤵
  PID:11460
- C:\Windows\System\vzZkXfZ.exe
  C:\Windows\System\vzZkXfZ.exe
  2⤵
  PID:11488
- C:\Windows\System\nVMSdmC.exe
  C:\Windows\System\nVMSdmC.exe
  2⤵
  PID:11516
- C:\Windows\System\JHgrKUE.exe
  C:\Windows\System\JHgrKUE.exe
  2⤵
  PID:11544
- C:\Windows\System\QsIPqAm.exe
  C:\Windows\System\QsIPqAm.exe
  2⤵
  PID:11564
- C:\Windows\System\cHqjHFz.exe
  C:\Windows\System\cHqjHFz.exe
  2⤵
  PID:11600
- C:\Windows\System\lWdMAjr.exe
  C:\Windows\System\lWdMAjr.exe
  2⤵
  PID:11620
- C:\Windows\System\xBqROXQ.exe
  C:\Windows\System\xBqROXQ.exe
  2⤵
  PID:11656
- C:\Windows\System\ghKeyBV.exe
  C:\Windows\System\ghKeyBV.exe
  2⤵
  PID:11696
- C:\Windows\System\AoByniZ.exe
  C:\Windows\System\AoByniZ.exe
  2⤵
  PID:11712
- C:\Windows\System\YTxPqsL.exe
  C:\Windows\System\YTxPqsL.exe
  2⤵
  PID:11740
- C:\Windows\System\gAyYXdx.exe
  C:\Windows\System\gAyYXdx.exe
  2⤵
  PID:11760
- C:\Windows\System\KCxFcOU.exe
  C:\Windows\System\KCxFcOU.exe
  2⤵
  PID:11788
- C:\Windows\System\SntTyyT.exe
  C:\Windows\System\SntTyyT.exe
  2⤵
  PID:11816
- C:\Windows\System\MCabUXb.exe
  C:\Windows\System\MCabUXb.exe
  2⤵
  PID:11852
- C:\Windows\System\KEJDiaS.exe
  C:\Windows\System\KEJDiaS.exe
  2⤵
  PID:11880
- C:\Windows\System\eJPNvCI.exe
  C:\Windows\System\eJPNvCI.exe
  2⤵
  PID:11908
- C:\Windows\System\kJmWihZ.exe
  C:\Windows\System\kJmWihZ.exe
  2⤵
  PID:11924
- C:\Windows\System\wSjMWHu.exe
  C:\Windows\System\wSjMWHu.exe
  2⤵
  PID:11952
- C:\Windows\System\qDNmgYd.exe
  C:\Windows\System\qDNmgYd.exe
  2⤵
  PID:11980
- C:\Windows\System\RQrYwri.exe
  C:\Windows\System\RQrYwri.exe
  2⤵
  PID:12020
- C:\Windows\System\tuVagGm.exe
  C:\Windows\System\tuVagGm.exe
  2⤵
  PID:12048
- C:\Windows\System\jJgSfzA.exe
  C:\Windows\System\jJgSfzA.exe
  2⤵
  PID:12076
- C:\Windows\System\yUhQqVL.exe
  C:\Windows\System\yUhQqVL.exe
  2⤵
  PID:12104
- C:\Windows\System\kUdZNrO.exe
  C:\Windows\System\kUdZNrO.exe
  2⤵
  PID:12132
- C:\Windows\System\GOLYUQi.exe
  C:\Windows\System\GOLYUQi.exe
  2⤵
  PID:12160
- C:\Windows\System\teWqGQk.exe
  C:\Windows\System\teWqGQk.exe
  2⤵
  PID:12188
- C:\Windows\System\rjMOfZt.exe
  C:\Windows\System\rjMOfZt.exe
  2⤵
  PID:12216
- C:\Windows\System\QnYnQnO.exe
  C:\Windows\System\QnYnQnO.exe
  2⤵
  PID:12244
- C:\Windows\System\hjTBvyN.exe
  C:\Windows\System\hjTBvyN.exe
  2⤵
  PID:12272
- C:\Windows\System\gXQmtYX.exe
  C:\Windows\System\gXQmtYX.exe
  2⤵
  PID:11292
- C:\Windows\System\sJbrEfa.exe
  C:\Windows\System\sJbrEfa.exe
  2⤵
  PID:11364
- C:\Windows\System\wPmqQvP.exe
  C:\Windows\System\wPmqQvP.exe
  2⤵
  PID:11420
- C:\Windows\System\tVULuWj.exe
  C:\Windows\System\tVULuWj.exe
  2⤵
  PID:11480
- C:\Windows\System\KFiyWbK.exe
  C:\Windows\System\KFiyWbK.exe
  2⤵
  PID:11540
- C:\Windows\System\LepMqgv.exe
  C:\Windows\System\LepMqgv.exe
  2⤵
  PID:11612
- C:\Windows\System\lKaOcCW.exe
  C:\Windows\System\lKaOcCW.exe
  2⤵
  PID:11672
- C:\Windows\System\fdNHcvK.exe
  C:\Windows\System\fdNHcvK.exe
  2⤵
  PID:11736
- C:\Windows\System\qQAyQnG.exe
  C:\Windows\System\qQAyQnG.exe
  2⤵
  PID:11804
- C:\Windows\System\JPwiNvP.exe
  C:\Windows\System\JPwiNvP.exe
  2⤵
  PID:11872
- C:\Windows\System\IHdMZRe.exe
  C:\Windows\System\IHdMZRe.exe
  2⤵
  PID:2768
- C:\Windows\System\CGiQwtJ.exe
  C:\Windows\System\CGiQwtJ.exe
  2⤵
  PID:11992
- C:\Windows\System\sGalfTL.exe
  C:\Windows\System\sGalfTL.exe
  2⤵
  PID:844
- C:\Windows\System\FKPAtQH.exe
  C:\Windows\System\FKPAtQH.exe
  2⤵
  PID:12088
- C:\Windows\System\RLgUNoG.exe
  C:\Windows\System\RLgUNoG.exe
  2⤵
  PID:12152
- C:\Windows\System\kQDSraq.exe
  C:\Windows\System\kQDSraq.exe
  2⤵
  PID:12212
- C:\Windows\System\GuHSCKR.exe
  C:\Windows\System\GuHSCKR.exe
  2⤵
  PID:2088
- C:\Windows\System\jAFKPzs.exe
  C:\Windows\System\jAFKPzs.exe
  2⤵
  PID:11340
- C:\Windows\System\zGBOemU.exe
  C:\Windows\System\zGBOemU.exe
  2⤵
  PID:11592
- C:\Windows\System\IfLiIwN.exe
  C:\Windows\System\IfLiIwN.exe
  2⤵
  PID:11728
- C:\Windows\System\nBPIPfr.exe
  C:\Windows\System\nBPIPfr.exe
  2⤵
  PID:11900
- C:\Windows\System\PbsPYVO.exe
  C:\Windows\System\PbsPYVO.exe
  2⤵
  PID:4612
- C:\Windows\System\JXnZbpv.exe
  C:\Windows\System\JXnZbpv.exe
  2⤵
  PID:12116
- C:\Windows\System\ujTnQPM.exe
  C:\Windows\System\ujTnQPM.exe
  2⤵
  PID:12204
- C:\Windows\System\mWHOxeO.exe
  C:\Windows\System\mWHOxeO.exe
  2⤵
  PID:11324
- C:\Windows\System\LbaLLCp.exe
  C:\Windows\System\LbaLLCp.exe
  2⤵
  PID:11784
- C:\Windows\System\EJIQamX.exe
  C:\Windows\System\EJIQamX.exe
  2⤵
  PID:12068
- C:\Windows\System\meKTgds.exe
  C:\Windows\System\meKTgds.exe
  2⤵
  PID:11276
- C:\Windows\System\zyUpLKg.exe
  C:\Windows\System\zyUpLKg.exe
  2⤵
  PID:12184
- C:\Windows\System\hOGrDhc.exe
  C:\Windows\System\hOGrDhc.exe
  2⤵
  PID:1212
- C:\Windows\System\tVOuwHM.exe
  C:\Windows\System\tVOuwHM.exe
  2⤵
  PID:12316
- C:\Windows\System\jTisNUZ.exe
  C:\Windows\System\jTisNUZ.exe
  2⤵
  PID:12344
- C:\Windows\System\MpIIDeW.exe
  C:\Windows\System\MpIIDeW.exe
  2⤵
  PID:12372
- C:\Windows\System\bXLmVSU.exe
  C:\Windows\System\bXLmVSU.exe
  2⤵
  PID:12400
- C:\Windows\System\WulslDY.exe
  C:\Windows\System\WulslDY.exe
  2⤵
  PID:12428
- C:\Windows\System\PWilHVQ.exe
  C:\Windows\System\PWilHVQ.exe
  2⤵
  PID:12456
- C:\Windows\System\bhDtWkb.exe
  C:\Windows\System\bhDtWkb.exe
  2⤵
  PID:12484
- C:\Windows\System\TgwafXi.exe
  C:\Windows\System\TgwafXi.exe
  2⤵
  PID:12512
- C:\Windows\System\avKvube.exe
  C:\Windows\System\avKvube.exe
  2⤵
  PID:12540
- C:\Windows\System\xwvczLm.exe
  C:\Windows\System\xwvczLm.exe
  2⤵
  PID:12568
- C:\Windows\System\kRqPaUo.exe
  C:\Windows\System\kRqPaUo.exe
  2⤵
  PID:12596
- C:\Windows\System\EbeTOKg.exe
  C:\Windows\System\EbeTOKg.exe
  2⤵
  PID:12624
- C:\Windows\System\xQOfxDs.exe
  C:\Windows\System\xQOfxDs.exe
  2⤵
  PID:12652
- C:\Windows\System\PPSZLEX.exe
  C:\Windows\System\PPSZLEX.exe
  2⤵
  PID:12680
- C:\Windows\System\oIYgENn.exe
  C:\Windows\System\oIYgENn.exe
  2⤵
  PID:12708
- C:\Windows\System\dMXCVvg.exe
  C:\Windows\System\dMXCVvg.exe
  2⤵
  PID:12736
- C:\Windows\System\drozyvo.exe
  C:\Windows\System\drozyvo.exe
  2⤵
  PID:12772
- C:\Windows\System\IhbBQZe.exe
  C:\Windows\System\IhbBQZe.exe
  2⤵
  PID:12820
- C:\Windows\System\kqEAOlh.exe
  C:\Windows\System\kqEAOlh.exe
  2⤵
  PID:12864
- C:\Windows\System\GnivIeG.exe
  C:\Windows\System\GnivIeG.exe
  2⤵
  PID:12908
- C:\Windows\System\fuSabEt.exe
  C:\Windows\System\fuSabEt.exe
  2⤵
  PID:12944
- C:\Windows\System\DCeqfGZ.exe
  C:\Windows\System\DCeqfGZ.exe
  2⤵
  PID:12972
- C:\Windows\System\VBrluRK.exe
  C:\Windows\System\VBrluRK.exe
  2⤵
  PID:13004
- C:\Windows\System\XvwLLrh.exe
  C:\Windows\System\XvwLLrh.exe
  2⤵
  PID:13032
- C:\Windows\System\kTPGYtG.exe
  C:\Windows\System\kTPGYtG.exe
  2⤵
  PID:13064
- C:\Windows\System\TDnCgrl.exe
  C:\Windows\System\TDnCgrl.exe
  2⤵
  PID:13104
- C:\Windows\System\mggnarW.exe
  C:\Windows\System\mggnarW.exe
  2⤵
  PID:13132
- C:\Windows\System\WEtIBLb.exe
  C:\Windows\System\WEtIBLb.exe
  2⤵
  PID:13180
- C:\Windows\System\odwPltz.exe
  C:\Windows\System\odwPltz.exe
  2⤵
  PID:13208
- C:\Windows\System\XfaktcV.exe
  C:\Windows\System\XfaktcV.exe
  2⤵
  PID:13244
- C:\Windows\System\AFBrimR.exe
  C:\Windows\System\AFBrimR.exe
  2⤵
  PID:13276
- C:\Windows\System\waucrrT.exe
  C:\Windows\System\waucrrT.exe
  2⤵
  PID:13304
- C:\Windows\System\pxllKBE.exe
  C:\Windows\System\pxllKBE.exe
  2⤵
  PID:12336
- C:\Windows\System\bIlAlQQ.exe
  C:\Windows\System\bIlAlQQ.exe
  2⤵
  PID:12420
- C:\Windows\System\RdlJIhJ.exe
  C:\Windows\System\RdlJIhJ.exe
  2⤵
  PID:12476
- C:\Windows\System\liqRzzj.exe
  C:\Windows\System\liqRzzj.exe
  2⤵
  PID:12536
- C:\Windows\System\FNlfqJv.exe
  C:\Windows\System\FNlfqJv.exe
  2⤵
  PID:12616
- C:\Windows\System\VTQTXlf.exe
  C:\Windows\System\VTQTXlf.exe
  2⤵
  PID:12648
- C:\Windows\System\ewFvbxX.exe
  C:\Windows\System\ewFvbxX.exe
  2⤵
  PID:12676
- C:\Windows\System\MUetcVe.exe
  C:\Windows\System\MUetcVe.exe
  2⤵
  PID:12768
- C:\Windows\System\EOuJKaN.exe
  C:\Windows\System\EOuJKaN.exe
  2⤵
  PID:12956
- C:\Windows\System\pozwfzg.exe
  C:\Windows\System\pozwfzg.exe
  2⤵
  PID:13024
- C:\Windows\System\GbREmNM.exe
  C:\Windows\System\GbREmNM.exe
  2⤵
  PID:2056
- C:\Windows\System\DwfuJeE.exe
  C:\Windows\System\DwfuJeE.exe
  2⤵
  PID:13176
- C:\Windows\System\tmKnNYL.exe
  C:\Windows\System\tmKnNYL.exe
  2⤵
  PID:13256
- C:\Windows\System\neRHXmX.exe
  C:\Windows\System\neRHXmX.exe
  2⤵
  PID:12328
- C:\Windows\System\JUbdfFx.exe
  C:\Windows\System\JUbdfFx.exe
  2⤵
  PID:12564
- C:\Windows\System\EwXLKxh.exe
  C:\Windows\System\EwXLKxh.exe
  2⤵
  PID:12720
- C:\Windows\System\izeoKZP.exe
  C:\Windows\System\izeoKZP.exe
  2⤵
  PID:12984
- C:\Windows\System\RlkdqQn.exe
  C:\Windows\System\RlkdqQn.exe
  2⤵
  PID:2032
- C:\Windows\System\UAJQwzK.exe
  C:\Windows\System\UAJQwzK.exe
  2⤵
  PID:13296
- C:\Windows\System\EjblYss.exe
  C:\Windows\System\EjblYss.exe
  2⤵
  PID:12728
- C:\Windows\System\zueoBuB.exe
  C:\Windows\System\zueoBuB.exe
  2⤵
  PID:13236
- C:\Windows\System\bUDbjGn.exe
  C:\Windows\System\bUDbjGn.exe
  2⤵
  PID:13096
- C:\Windows\System\rejaTEn.exe
  C:\Windows\System\rejaTEn.exe
  2⤵
  PID:13320
- C:\Windows\System\znYGwRX.exe
  C:\Windows\System\znYGwRX.exe
  2⤵
  PID:13348
- C:\Windows\System\OrtftKD.exe
  C:\Windows\System\OrtftKD.exe
  2⤵
  PID:13376
- C:\Windows\System\tdPTKGS.exe
  C:\Windows\System\tdPTKGS.exe
  2⤵
  PID:13404
- C:\Windows\System\UQwiNjW.exe
  C:\Windows\System\UQwiNjW.exe
  2⤵
  PID:13432
- C:\Windows\System\ypmlCjd.exe
  C:\Windows\System\ypmlCjd.exe
  2⤵
  PID:13460
- C:\Windows\System\gCRNLtq.exe
  C:\Windows\System\gCRNLtq.exe
  2⤵
  PID:13488
- C:\Windows\System\ZAIYwwn.exe
  C:\Windows\System\ZAIYwwn.exe
  2⤵
  PID:13516
- C:\Windows\System\chAldCQ.exe
  C:\Windows\System\chAldCQ.exe
  2⤵
  PID:13552
- C:\Windows\System\QfPpial.exe
  C:\Windows\System\QfPpial.exe
  2⤵
  PID:13572
- C:\Windows\System\RGblede.exe
  C:\Windows\System\RGblede.exe
  2⤵
  PID:13608
- C:\Windows\System\sTwRStZ.exe
  C:\Windows\System\sTwRStZ.exe
  2⤵
  PID:13636
- C:\Windows\System\DFDbpBg.exe
  C:\Windows\System\DFDbpBg.exe
  2⤵
  PID:13676
- C:\Windows\System\uGEnZMn.exe
  C:\Windows\System\uGEnZMn.exe
  2⤵
  PID:13728
- C:\Windows\System\SNrBDVj.exe
  C:\Windows\System\SNrBDVj.exe
  2⤵
  PID:13772
- C:\Windows\System\PsLLFlq.exe
  C:\Windows\System\PsLLFlq.exe
  2⤵
  PID:13804
- C:\Windows\System\GrNDwWo.exe
  C:\Windows\System\GrNDwWo.exe
  2⤵
  PID:13836
- C:\Windows\System\QRRtmVX.exe
  C:\Windows\System\QRRtmVX.exe
  2⤵
  PID:13876
- C:\Windows\System\aAfdOpM.exe
  C:\Windows\System\aAfdOpM.exe
  2⤵
  PID:13896
- C:\Windows\System\DjiMTwb.exe
  C:\Windows\System\DjiMTwb.exe
  2⤵
  PID:13924
- C:\Windows\System\cpgTJTX.exe
  C:\Windows\System\cpgTJTX.exe
  2⤵
  PID:13952
- C:\Windows\System\tKZNmYJ.exe
  C:\Windows\System\tKZNmYJ.exe
  2⤵
  PID:13992
- C:\Windows\System\GWQEFYf.exe
  C:\Windows\System\GWQEFYf.exe
  2⤵
  PID:14084
- C:\Windows\System\WlMwBPB.exe
  C:\Windows\System\WlMwBPB.exe
  2⤵
  PID:14120
- C:\Windows\System\qrCLOwP.exe
  C:\Windows\System\qrCLOwP.exe
  2⤵
  PID:14152
- C:\Windows\System\uXStIyJ.exe
  C:\Windows\System\uXStIyJ.exe
  2⤵
  PID:14184
- C:\Windows\System\SzBvPUK.exe
  C:\Windows\System\SzBvPUK.exe
  2⤵
  PID:14204
- C:\Windows\System\bVzJjUH.exe
  C:\Windows\System\bVzJjUH.exe
  2⤵
  PID:14240
- C:\Windows\System\TWMbbsR.exe
  C:\Windows\System\TWMbbsR.exe
  2⤵
  PID:14312
- C:\Windows\System\ITiZuSo.exe
  C:\Windows\System\ITiZuSo.exe
  2⤵
  PID:3524
- C:\Windows\System\lYSUNoC.exe
  C:\Windows\System\lYSUNoC.exe
  2⤵
  PID:3968
- C:\Windows\System\aoDCXll.exe
  C:\Windows\System\aoDCXll.exe
  2⤵
  PID:13484
- C:\Windows\System\cBOJyWz.exe
  C:\Windows\System\cBOJyWz.exe
  2⤵
  PID:3692
- C:\Windows\System\wPlMkHU.exe
  C:\Windows\System\wPlMkHU.exe
  2⤵
  PID:13596
- C:\Windows\System\uPxfUjw.exe
  C:\Windows\System\uPxfUjw.exe
  2⤵
  PID:13672
- C:\Windows\System\rpwNUhu.exe
  C:\Windows\System\rpwNUhu.exe
  2⤵
  PID:13760
- C:\Windows\System\EWVlTuv.exe
  C:\Windows\System\EWVlTuv.exe
  2⤵
  PID:13800
- C:\Windows\System\bmJfMwQ.exe
  C:\Windows\System\bmJfMwQ.exe
  2⤵
  PID:13884
- C:\Windows\System\EWVqfho.exe
  C:\Windows\System\EWVqfho.exe
  2⤵
  PID:13888
- C:\Windows\System\UHPcvKo.exe
  C:\Windows\System\UHPcvKo.exe
  2⤵
  PID:13944
- C:\Windows\System\GGHvGbU.exe
  C:\Windows\System\GGHvGbU.exe
  2⤵
  PID:14112
- C:\Windows\System\aZBSBfT.exe
  C:\Windows\System\aZBSBfT.exe
  2⤵
  PID:14172
- C:\Windows\System\AMpNNfv.exe
  C:\Windows\System\AMpNNfv.exe
  2⤵
  PID:14252
- C:\Windows\System\THOXShY.exe
  C:\Windows\System\THOXShY.exe
  2⤵
  PID:1912
- C:\Windows\System\SnThpTG.exe
  C:\Windows\System\SnThpTG.exe
  2⤵
  PID:12644
- C:\Windows\System\lyoCdqN.exe
  C:\Windows\System\lyoCdqN.exe
  2⤵
  PID:13020
- C:\Windows\System\ruaYfVG.exe
  C:\Windows\System\ruaYfVG.exe
  2⤵
  PID:13160
- C:\Windows\System\lBOjudX.exe
  C:\Windows\System\lBOjudX.exe
  2⤵
  PID:12848
- C:\Windows\System\oFziELB.exe
  C:\Windows\System\oFziELB.exe
  2⤵
  PID:13360
- C:\Windows\System\ChrmZPB.exe
  C:\Windows\System\ChrmZPB.exe
  2⤵
  PID:13472
- C:\Windows\System\lMkPEKV.exe
  C:\Windows\System\lMkPEKV.exe
  2⤵
  PID:13588
- C:\Windows\System\oDUIFSj.exe
  C:\Windows\System\oDUIFSj.exe
  2⤵
  PID:13748
- C:\Windows\System\BKLSTBJ.exe
  C:\Windows\System\BKLSTBJ.exe
  2⤵
  PID:13860
- C:\Windows\System\DGaVmwq.exe
  C:\Windows\System\DGaVmwq.exe
  2⤵
  PID:13668
- C:\Windows\System\OPkiqKn.exe
  C:\Windows\System\OPkiqKn.exe
  2⤵
  PID:1952
- C:\Windows\System\giODhEt.exe
  C:\Windows\System\giODhEt.exe
  2⤵
  PID:4408
- C:\Windows\System\gsffbKk.exe
  C:\Windows\System\gsffbKk.exe
  2⤵
  PID:14220
- C:\Windows\System\jxsKBXb.exe
  C:\Windows\System\jxsKBXb.exe
  2⤵
  PID:4128
- C:\Windows\System\StTCUqt.exe
  C:\Windows\System\StTCUqt.exe
  2⤵
  PID:12932
- C:\Windows\System\vokDcnk.exe
  C:\Windows\System\vokDcnk.exe
  2⤵
  PID:13368
- C:\Windows\System\xiDnTxK.exe
  C:\Windows\System\xiDnTxK.exe
  2⤵
  PID:4852
- C:\Windows\System\AUheMSI.exe
  C:\Windows\System\AUheMSI.exe
  2⤵
  PID:10112
- C:\Windows\System\WZtqWBo.exe
  C:\Windows\System\WZtqWBo.exe
  2⤵
  PID:14100
- C:\Windows\System\CNUCUGo.exe
  C:\Windows\System\CNUCUGo.exe
  2⤵
  PID:14300
- C:\Windows\System\VtGfjVh.exe
  C:\Windows\System\VtGfjVh.exe
  2⤵
  PID:13444
- C:\Windows\System\IDpmOGH.exe
  C:\Windows\System\IDpmOGH.exe
  2⤵
  PID:14004
- C:\Windows\System\xctnjBb.exe
  C:\Windows\System\xctnjBb.exe
  2⤵
  PID:14224
- C:\Windows\System\OcSdRex.exe
  C:\Windows\System\OcSdRex.exe
  2⤵
  PID:13156
- C:\Windows\System\impmbeR.exe
  C:\Windows\System\impmbeR.exe
  2⤵
  PID:4864
- C:\Windows\System\DiuZeQS.exe
  C:\Windows\System\DiuZeQS.exe
  2⤵
  PID:13756
- C:\Windows\System\QOiPCKY.exe
  C:\Windows\System\QOiPCKY.exe
  2⤵
  PID:4860
- C:\Windows\System\DmfVmtZ.exe
  C:\Windows\System\DmfVmtZ.exe
  2⤵
  PID:14192
- C:\Windows\System\rfcUjZN.exe
  C:\Windows\System\rfcUjZN.exe
  2⤵
  PID:14040
- C:\Windows\System\MMobnZN.exe
  C:\Windows\System\MMobnZN.exe
  2⤵
  PID:4916
- C:\Windows\System\zIzSFPJ.exe
  C:\Windows\System\zIzSFPJ.exe
  2⤵
  PID:2928
- C:\Windows\System\bUVtUze.exe
  C:\Windows\System\bUVtUze.exe
  2⤵
  PID:13452
- C:\Windows\System\KNwPNmJ.exe
  C:\Windows\System\KNwPNmJ.exe
  2⤵
  PID:13740
- C:\Windows\System\WOXjGxY.exe
  C:\Windows\System\WOXjGxY.exe
  2⤵
  PID:12800
- C:\Windows\System\pEKqGbC.exe
  C:\Windows\System\pEKqGbC.exe
  2⤵
  PID:3200
- C:\Windows\System\TGCWyaP.exe
  C:\Windows\System\TGCWyaP.exe
  2⤵
  PID:3480
- C:\Windows\System\rSzwlMX.exe
  C:\Windows\System\rSzwlMX.exe
  2⤵
  PID:4848
- C:\Windows\System\iWvpsvr.exe
  C:\Windows\System\iWvpsvr.exe
  2⤵
  PID:5180
- C:\Windows\System\xCrbeae.exe
  C:\Windows\System\xCrbeae.exe
  2⤵
  PID:5580
- C:\Windows\System\UIhHgRg.exe
  C:\Windows\System\UIhHgRg.exe
  2⤵
  PID:2732
- C:\Windows\System\PjDAzvq.exe
  C:\Windows\System\PjDAzvq.exe
  2⤵
  PID:6048
- C:\Windows\System\obvtDqg.exe
  C:\Windows\System\obvtDqg.exe
  2⤵
  PID:14356
- C:\Windows\System\gPSpkmx.exe
  C:\Windows\System\gPSpkmx.exe
  2⤵
  PID:14388
- C:\Windows\System\lWUYeMa.exe
  C:\Windows\System\lWUYeMa.exe
  2⤵
  PID:14416
- C:\Windows\System\XMQxIcI.exe
  C:\Windows\System\XMQxIcI.exe
  2⤵
  PID:14444
- C:\Windows\System\bqJRykG.exe
  C:\Windows\System\bqJRykG.exe
  2⤵
  PID:14472
- C:\Windows\System\EUGqtQc.exe
  C:\Windows\System\EUGqtQc.exe
  2⤵
  PID:14500
- C:\Windows\System\drrwyul.exe
  C:\Windows\System\drrwyul.exe
  2⤵
  PID:14528
- C:\Windows\System\mZlFlOV.exe
  C:\Windows\System\mZlFlOV.exe
  2⤵
  PID:14560
- C:\Windows\System\IQNCFFj.exe
  C:\Windows\System\IQNCFFj.exe
  2⤵
  PID:14588
- C:\Windows\System\KkHmBdl.exe
  C:\Windows\System\KkHmBdl.exe
  2⤵
  PID:14616
- C:\Windows\System\hBsDVlA.exe
  C:\Windows\System\hBsDVlA.exe
  2⤵
  PID:14644
- C:\Windows\System\OjhHyah.exe
  C:\Windows\System\OjhHyah.exe
  2⤵
  PID:14672
- C:\Windows\System\BDSqydm.exe
  C:\Windows\System\BDSqydm.exe
  2⤵
  PID:14700
- C:\Windows\System\KtfbAYz.exe
  C:\Windows\System\KtfbAYz.exe
  2⤵
  PID:14728
- C:\Windows\System\tlcmFJc.exe
  C:\Windows\System\tlcmFJc.exe
  2⤵
  PID:14756
- C:\Windows\System\jovYTBP.exe
  C:\Windows\System\jovYTBP.exe
  2⤵
  PID:14784
- C:\Windows\System\zJcNzlZ.exe
  C:\Windows\System\zJcNzlZ.exe
  2⤵
  PID:14812
- C:\Windows\System\YHDiLKL.exe
  C:\Windows\System\YHDiLKL.exe
  2⤵
  PID:14840
- C:\Windows\System\sOpdMmi.exe
  C:\Windows\System\sOpdMmi.exe
  2⤵
  PID:14868
- C:\Windows\System\eIwRuVw.exe
  C:\Windows\System\eIwRuVw.exe
  2⤵
  PID:14896
- C:\Windows\System\XcVxJtm.exe
  C:\Windows\System\XcVxJtm.exe
  2⤵
  PID:14924
- C:\Windows\System\yuZAYom.exe
  C:\Windows\System\yuZAYom.exe
  2⤵
  PID:14952
- C:\Windows\System\hPvQAiV.exe
  C:\Windows\System\hPvQAiV.exe
  2⤵
  PID:14980
- C:\Windows\System\wACxsuv.exe
  C:\Windows\System\wACxsuv.exe
  2⤵
  PID:15008
- C:\Windows\System\znFVwdI.exe
  C:\Windows\System\znFVwdI.exe
  2⤵
  PID:15036
- C:\Windows\System\cjLNNLR.exe
  C:\Windows\System\cjLNNLR.exe
  2⤵
  PID:15064
- C:\Windows\System\VrCcQXh.exe
  C:\Windows\System\VrCcQXh.exe
  2⤵
  PID:15092
- C:\Windows\System\jLgQpEM.exe
  C:\Windows\System\jLgQpEM.exe
  2⤵
  PID:15120
- C:\Windows\System\gRGwfOv.exe
  C:\Windows\System\gRGwfOv.exe
  2⤵
  PID:15148
- C:\Windows\System\JfukyaD.exe
  C:\Windows\System\JfukyaD.exe
  2⤵
  PID:15176
- C:\Windows\System\ylwJARL.exe
  C:\Windows\System\ylwJARL.exe
  2⤵
  PID:15204
- C:\Windows\System\BFLpqyV.exe
  C:\Windows\System\BFLpqyV.exe
  2⤵
  PID:15232
- C:\Windows\System\lVAeWGx.exe
  C:\Windows\System\lVAeWGx.exe
  2⤵
  PID:15260
- C:\Windows\System\bxDCCQH.exe
  C:\Windows\System\bxDCCQH.exe
  2⤵
  PID:15288
- C:\Windows\System\tmInkUK.exe
  C:\Windows\System\tmInkUK.exe
  2⤵
  PID:15316
- C:\Windows\System\KatUDcU.exe
  C:\Windows\System\KatUDcU.exe
  2⤵
  PID:15344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BecbzlD.exe

Filesize
6.1MB

MD5
58e60e835626f4a09bb6dca4bd3b9bfd

SHA1
ab8160509bbe095b3b99682b3fcb017644e032ce

SHA256
d4f831bddabb7cc6cdceb3c1cc46d9daafcd44de87e2373c36b8373267f9fc7f

SHA512
1446e61650ce3b766d2b95c43b7ec3dcfb935159f05a3b3617ce5f626d3d5de3042c5bbc114e40d114e1e5de085467a9d905b5c6dceb317591f459564ce357b5

Download Submit
C:\Windows\System\BkKicVc.exe

Filesize
6.1MB

MD5
f8ea95697ffa54e6ec4bff8ab4fb64cf

SHA1
386250bb579d552ba977d56ca0af9fd7b63aa24e

SHA256
0440c90e50d75e5bb6955de75a337bd3316897e11317d38298876b452b006cc0

SHA512
91a156c90765b3d550f131aeff99d25dee0348db16127b16f91947ae84ebf08fd2dadca1c8929b83be79edf3cf4d0421c21e92707a45cb2c7e23962f5e2fb5f3

Download Submit
C:\Windows\System\DFKbKeT.exe

Filesize
6.1MB

MD5
eee7f9339d11a1ccf4a9a7b68c61ad09

SHA1
c27945779b35f1fcb3b45745c82755c52e056ea1

SHA256
af8f75c2561ed4af552007966773adcdc35f38a7bfbad078257a41b452281b09

SHA512
7777f1c6ec2a5ebff242d798a2ab4dfe1843b75bdf99dbecc6583765e367a858619e12d8b2240377da7b442a85ac07286d851788993a36c013c41775790302f5

Download Submit
C:\Windows\System\DMdDWrC.exe

Filesize
6.0MB

MD5
7e92eaa0f13be4a044f77a21dbcdc087

SHA1
f2b8648e4e68da9d7f081ba341155d2fd850759e

SHA256
6cdd1708c1583f221a0ad82e79e58378a9f278f262d31418dcdbdaa7a1e8d10b

SHA512
0243189b9f81c19c42b5af5e15b6ab13e18c001337bd1d859d9dfe81705d20126684da99334781fbb860c83e6cba03af9f1cf23ec58e06e4253143280f3bf826

Download Submit
C:\Windows\System\DuQzKGn.exe

Filesize
6.1MB

MD5
7637add0e69947dd1b34134ad660ccca

SHA1
f963c7a9334e485edcedff4d6c48e47d4eb5a709

SHA256
da917fb692a157d913d901f413baaa3e11b302c7acb560ad1a361637f4cc1b53

SHA512
83612aabae4526a43c1c0870ec016ea4d66674e0d122bca04cebaa76ac2d22359f9cd959ebe1bcf2cf46ca6d8cef7a4325a4e73913e53057a5d72bc5ecd40b49

Download Submit
C:\Windows\System\GlJrbSO.exe

Filesize
6.1MB

MD5
d2a9e9e99a2c93daeeb002d0455230c4

SHA1
f04c50b061dc2474d604d6b6b91ad022eab58ce2

SHA256
b2a1a7d49c8f17fb39ba31ec4c8f1474050563abe8a39ac7cd0c29d6d7106ee7

SHA512
786af059754379ed3bdb07e7fa56cb295c82fff7c9418912f3fa240120ad9c9a0153b7fd81b4e60b70be5a8041fb5fe0db6b047a05c9e9741856e9cb59115260

Download Submit
C:\Windows\System\HunIbCZ.exe

Filesize
6.1MB

MD5
52de53b6068e012b91cc534361588948

SHA1
4c03415cb8acc798dfb53ea55263423df1ef5567

SHA256
27adf7b645bb00f28ce8e0889bcddd99cb0a0f1375c4e0e25881e413293780f2

SHA512
3327db5d2da430160c80a22d06100771d61401cb880a3a17fe9820303a74c00e2e2f1f229bd113226d582055763612bbbac2e3883107794706aad1b9c5e758f4

Download Submit
C:\Windows\System\HyOTpGk.exe

Filesize
6.1MB

MD5
58f2f5459647a15f4d902ec32b97d7cc

SHA1
53d2779c1dc889b44a098688a6103303ccd219d4

SHA256
51743c88b2cbf5760bb4cf47115b23a06a19179ea6af10084ec97c5db1b694b8

SHA512
85b815681cdc5b174a390a97ad48500d7d1218425a187d50a95e526a6bd3846f86a6f65baa099b7b5a48af77fc905f38b08e64091c49cb0c093f4b6026862e6e

Download Submit
C:\Windows\System\IgcdoMz.exe

Filesize
6.1MB

MD5
3f618ef1087b810e24de6c6e0155ba8d

SHA1
0b3f20987682412a90c721584ef066e47dcbdfd3

SHA256
18f527514a114cdd680b5730010b1a98f5cd599f63fe25ebebc469d92e9b1eb8

SHA512
d106160ea00a705efc21ed32653de87ebf4b008e03bf9d22908fe6f3fcc8cb2458ede49124da83f09904ebe2b308da92977e5e872df3642d45a3c5af66272051

Download Submit
C:\Windows\System\MQuwXXD.exe

Filesize
6.1MB

MD5
9770fae6b39e8c7fbe4304825ec1aba7

SHA1
eea03c9aa8412dc3925f1b3ebe222ee8a395ef22

SHA256
5d79806caec9a503a8fcf1ce6323d108676f80c632db81426d34a984628ad074

SHA512
23cdbb3505207f448b9c5803875471b2fbf71e86c4b3571e758ce7166ca8c1c27c23a3218e7edfc0a925f3816dd37330b5b60ed1c2d33012e9792a4c8d3712b2

Download Submit
C:\Windows\System\NabaPuR.exe

Filesize
6.0MB

MD5
a336a6199373019ce4d3b8f36de0714c

SHA1
0f1d2f44cb19acefa8ca55fe0c5721a61cc98ac0

SHA256
cb5637957044d8ce7782e9c8bc4113324319c9fef85fe51c1d935b954837c0fc

SHA512
0adeb502f8212b45b438bad8137b3f77dc48c34c1dcc9fbef61fc7e3f5b6b2a350a4ecf7525e5a2b941f2fa5ccde67490397e74ced243a62a622a4477c5d6415

Download Submit
C:\Windows\System\PzBfcBz.exe

Filesize
6.1MB

MD5
ae5969808901d460eddf9054528e5f86

SHA1
5f8196a4878c0f49eba9e2072079d24b626eb095

SHA256
7d93ebef96aca9d6bb46e1afb7664b8dbbb8a6cbdfd53cb7c7aea700eb5600d3

SHA512
c056834557dcdb8f46f109b127d6ef0677a7b54a599eb91310da39420f8b7e5f972435b6e6445a7ad51afa773f8b6ffa8475ce771a172cd15b010c85ab44f720

Download Submit
C:\Windows\System\QyEBFBE.exe

Filesize
6.1MB

MD5
b1e5f14064a7d85f5b7a9b24b6e96352

SHA1
250227a2bfbf6b06ba4106f962ccca4f3856306c

SHA256
3f57ada102603ab08b4af203c92000af32506b7e3051e8f9c912d4ff96634c84

SHA512
0c0ca886886ea312def82d1093e2a9aa144202a2bb3d77c2c6f986148656f1d5e8f7935591e2118364560f015270b8c0d00e094560bb4ef9271e9f803f6bbd5b

Download Submit
C:\Windows\System\VqEKJVM.exe

Filesize
6.1MB

MD5
d7d074b610f6b734e2bbb1eac35b49f6

SHA1
7bf27af6b751638805c05c8d2da344fcaa27887e

SHA256
97d4bd78dd9dc18c41166dc977a47009ff856d21f188a4d474e6cc1165230727

SHA512
484b129e2d41d11ada644ecc603d41669d902852d3cecc8444ae049d25f64653a7d0b2f6294f4a3bbe2f1dc3331df251dc262003515c4d5e416e23dabb09ab14

Download Submit
C:\Windows\System\XQdRnwH.exe

Filesize
6.1MB

MD5
3a313935fc55b0257c8acc331c497c27

SHA1
0392c2166de9a51dd41b26a4df9244f4eb7f72f6

SHA256
e3642158211bc3362a7fd753874b9409a96d090cd9d8b8618a5e8da9929c0fa6

SHA512
02d8604b13843d3dbf6295c4c61ca3617522e75495cc0ff811b34dea40bb35de7994ddf57da1fee060d84807f60fa4a2fdcc86e28fae8b3f746bee8e1344f24f

Download Submit
C:\Windows\System\YuipzlV.exe

Filesize
6.1MB

MD5
d9d710ce73c838467aedf1d7489c0624

SHA1
42e525c2b51654a1f14ff7bebddb999000a73f5b

SHA256
a827949963d46018aa659ec258a24249d07121e45a031f532259d2f3bf10b2a6

SHA512
99e6e5ab681936516ba6122f340516ec8d7a17a33becd8d51abd2bb435b6a52b26f0010253b1bb7389d9b34e5f42264d4e682d765a37d5896191ef4c1615bfd9

Download Submit
C:\Windows\System\ZbTOoCH.exe

Filesize
6.1MB

MD5
447149a5a2801b38ab7bad99e6772f0f

SHA1
1eebe26b37131ca3c2b36f37dd4299539772deaa

SHA256
d0ad88da4ee7308dfe14d369f96cfb6db71f2c5ffb77320365fcc6a8ced771a2

SHA512
05a19beb7007178c4bc2b24875ba472856499f748df8f441ba86eccbfb16be80d370d74d1c2b2b34ee31ff1961e1d658553a5393a2749b5d5558c4978dd770a8

Download Submit
C:\Windows\System\ZradMFW.exe

Filesize
6.1MB

MD5
dfdd12680a410404fe6b0be2a9ddea7f

SHA1
31b918f88b8c8a9dd1aef7e3eee6c7485cff90d8

SHA256
4b0e8b55f7721773ef9bd0929b20c721453db3f0e725c67e9077c5e703a714ca

SHA512
7cde8eae3d37512dadb4773b0a9851dd36e20ef8fe34f0ab7e47c97637fc77e3863f55421dd0f9d2850434dfc570deb83ac4e99450c1b4af441d2dd56fd3c1d8

Download Submit
C:\Windows\System\bJubmpa.exe

Filesize
6.1MB

MD5
1f58d336c371ef4578bca6fe76ba18ee

SHA1
db16c8d12bc686c43b5d7d91a3dcb797ce648874

SHA256
fe22b9e4d23130efe3bf2a8af4395ce772d0c5ea5ac176c582d4281fcbb111a2

SHA512
3a6ff93d21a106122236b5a55dd21740bbb3d1701051d088cf967a9fa4c82774f381f6b583489c48ced86852b07d9a339dcb3bddb5f7bf029f79996ebbada162

Download Submit
C:\Windows\System\eVEFlAz.exe

Filesize
6.0MB

MD5
c1aadc124b4995b805cdb84b7c31122c

SHA1
e8e02b63ea6a46957e3c2e5e13af253af68db49b

SHA256
bbda0e73332b257a560333323447fed4741b7289ec82f255dd0f9fc2583f1591

SHA512
e6265dc3e0dc2abfb7df6d41689ff1cfc435a5d77079bf58d3f963f63388859db99bb2fdc3a56472b06bbdd804303182491b24b4709845f4c53ef039b2ee95ea

Download Submit
C:\Windows\System\ewbpOOt.exe

Filesize
6.0MB

MD5
e5db3ec3343a5439affbbed115714463

SHA1
aaf4dbfd10b96263c87cbed8bc328ff3b32842c2

SHA256
794efe8839335d72202e2f95451e112c6bf440d278c6f165db5ec08a4c78a613

SHA512
724df69154339c4a567c1c63991d69ea9c15c3a189ae1786429fb1cffdf6d97e257398e4f524a82f932ad1575b24345eae4be48ecbf6074e4e33a7e44b0375c0

Download Submit
C:\Windows\System\feDKUWl.exe

Filesize
6.1MB

MD5
10e495f4694cab31a1e2365d01b89f02

SHA1
2faadcb2ff74aacbdb62bc7665d242c0055959e7

SHA256
125e2b617189ae6787812df095f66224f61c59456f0260dfc6c1880429a11439

SHA512
5fae36034a6548ca68a4be5c92d718370303cd7336dd402d48ffb85943013af27ad289f7a0c24ae6666ce27adfdb523dca1cb6be2a8f26148b9af499fa8db678

Download Submit
C:\Windows\System\hqXIcty.exe

Filesize
6.1MB

MD5
05202075123c65bb0877e0f189910785

SHA1
58d42c68d13ab38769dc8dd8cf841b5e995f9a56

SHA256
9fed0251984f5961bf674c3563e3081bd2be84f3a4d5e5c4aa070d47c2bb925c

SHA512
7315a0f357714766e37599525dd9e6aed9971876c2261e2a0cbf53d7d504d3a153c5362027a16498132de1bbdbe446dfbe4bf479b5c409c8fab4496a1d546011

Download Submit
C:\Windows\System\kOKIine.exe

Filesize
6.1MB

MD5
5548c25a35b3260d0c5c4a499de0c025

SHA1
b272dcacf036da8caf880088df19193eea172b61

SHA256
1d29d6eab97982d8bd0c3638c69cb1c77de93f02c8d28986d713a121f35214be

SHA512
05e4782071845425d8ab974f2f348f1fd2e66d9fa648776633816c203268e50b82cec636101927273fb747b4b6cca292095a6221297b11110318d2ff5793aba3

Download Submit
C:\Windows\System\lZnktio.exe

Filesize
6.1MB

MD5
1ad9f008f154336182789a71f7f4b5e4

SHA1
c202bad56fdfe87fab23c04bf69696f921b1a1bd

SHA256
2944d96be92c630c5a22e9e6076b2cf7cb1aeae48abce84b242caa29b317f7af

SHA512
efdb5216a70026cdc23e8fca9ddf2d0d01bd84d6d96542d809692e0e632dc5dd769e6a54cd89a99d98d0260a095fd9a2e3eb161cb91419c1667f0c4ebb709d58

Download Submit
C:\Windows\System\ndMPARK.exe

Filesize
6.1MB

MD5
bf6178dbb83c2c464b5f8abc988b5bda

SHA1
45aefb535ca110ef0e3d6d4911045f8f10918c76

SHA256
b5f38c36b800c07efb93b1f3c80a6e6a84b42da0943671e0314bd2df56b4b7f7

SHA512
f848b42d168623a09b313ef80230c097353d2b4cec6b6894f48ea3565b4a27f325fc17a44ea736a6fb0499db721324a0b3a0e95dcdf97b19d36b35fdb6c09737

Download Submit
C:\Windows\System\ngplyWE.exe

Filesize
6.1MB

MD5
7b43a2ee3ff76aec0cc369318f36c5be

SHA1
db3af725f16d48fda7f557669fec119b2ef72fc8

SHA256
bcf8931000a80b12b2f96661535204b0320113138ef193822810354079c96a6e

SHA512
2fa51fb6dfa1c8453ebc164e5224a1b1e6355375e22a89b8a3654b106b727b6a2507d76194c348ca0b42146e6b9ce8a05df49798acc2aad10c5b8d7e3a8b97bc

Download Submit
C:\Windows\System\oAqGOpk.exe

Filesize
6.1MB

MD5
c3c76d2283a96a1c44e36f6ba26f0ff2

SHA1
be3013ac4248f774d8a33fcda7f60fdeaef294fa

SHA256
273b72897553fcb7bc8b1b26b6ac9fed3554cf8208704d42088b785916dd5427

SHA512
127ca6de53927f1e568d1627b55db63cd4defd282cfa6b425f93b66169bf83b13c7b9d0a0ae394e8e2d4541ec1510bbdcc9e5f438e13f700f1addfe0624b5177

Download Submit
C:\Windows\System\omDJawL.exe

Filesize
6.1MB

MD5
8aaaf6b608f1c9e07c3186a1e08ebc8c

SHA1
7302c30eff83289bbfaf2c77151ec751319094eb

SHA256
3125a5dab6dedb6c369477e7f263ea799509224cb628bb2c0a3e83d6f6a5aa18

SHA512
286bdb575eae5ce19c9c7a45f6566d61ddc76949ec6123a84ef0be72f1493df7679cd8ce302f6eda2c7829f0b0803e633a51aca46576d499367541bebc0d9e92

Download Submit
C:\Windows\System\oxwExIU.exe

Filesize
6.0MB

MD5
9b7cc1f7f325e1a4fc1fce824f7d5695

SHA1
23d6f643277d58577ce38df6d88e8ad79ff049a8

SHA256
ede50180d5980b481597023f28a11aa5c6022a92b6163ea7b556b62182381320

SHA512
35f26d7a2448d84f96ce6dc05b7a707c0d58a7cd8dcf0b89fdc9aa3647252445c99b240b9bcb64f85b68c2f79da73813d2bb7c1df6731182381d5a0354b06c83

Download Submit
C:\Windows\System\ruunBrO.exe

Filesize
6.1MB

MD5
95363ea1eaf255b5e42abbd54421608e

SHA1
13d7e6e04ac6e71c1726c5ecb69c8aaf6db95dab

SHA256
ac91fbaf4a7aee4fadd1a3697d604e11f5d5b0d4f3752c3e15d19b5ecd152bec

SHA512
af67423e1be5e340622265b65160e826cba1b261933c1a4d8b7e10fc56fdec5cfcbac709f7da338a56fe6ce2f647ee2fc20fb320634e4ca90f5e2a119c6a9464

Download Submit
C:\Windows\System\sitNzjI.exe

Filesize
6.1MB

MD5
d810a5a9062b812e43221b7b6f906ac2

SHA1
dd7a25139fb6fefd08774a730d86e9ef02cad53f

SHA256
396ab06beb4ee2fd96ac9c438ef39a14b8a1db38b01474fda5f25ca2fe069ef9

SHA512
04019b0249d15f88dad52288f541b220939e5c15676736f202c5f9a03010acdeb10a1ce5984bfa666aa74847a4e2cec378aac1fb26c00ee367a4fb7fd356ce8b

Download Submit
memory/644-1999-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp

Filesize
3.3MB

Download
memory/644-45-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp

Filesize
3.3MB

Download
memory/644-107-0x00007FF7EB410000-0x00007FF7EB764000-memory.dmp

Filesize
3.3MB

Download
memory/728-2294-0x00007FF7535B0000-0x00007FF753904000-memory.dmp

Filesize
3.3MB

Download
memory/728-168-0x00007FF7535B0000-0x00007FF753904000-memory.dmp

Filesize
3.3MB

Download
memory/728-102-0x00007FF7535B0000-0x00007FF753904000-memory.dmp

Filesize
3.3MB

Download
memory/908-108-0x00007FF63DE50000-0x00007FF63E1A4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2295-0x00007FF63DE50000-0x00007FF63E1A4000-memory.dmp

Filesize
3.3MB

Download
memory/908-173-0x00007FF63DE50000-0x00007FF63E1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-76-0x00007FF624DE0000-0x00007FF625134000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2089-0x00007FF624DE0000-0x00007FF625134000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2297-0x00007FF700720000-0x00007FF700A74000-memory.dmp

Filesize
3.3MB

Download
memory/2316-182-0x00007FF700720000-0x00007FF700A74000-memory.dmp

Filesize
3.3MB

Download
memory/2316-123-0x00007FF700720000-0x00007FF700A74000-memory.dmp

Filesize
3.3MB

Download
memory/2828-40-0x00007FF762A30000-0x00007FF762D84000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1993-0x00007FF762A30000-0x00007FF762D84000-memory.dmp

Filesize
3.3MB

Download
memory/3020-75-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-10-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1940-0x00007FF717F70000-0x00007FF7182C4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-149-0x00007FF766A00000-0x00007FF766D54000-memory.dmp

Filesize
3.3MB

Download
memory/3496-82-0x00007FF766A00000-0x00007FF766D54000-memory.dmp

Filesize
3.3MB

Download
memory/3512-33-0x00007FF7022C0000-0x00007FF702614000-memory.dmp

Filesize
3.3MB

Download
memory/3512-1986-0x00007FF7022C0000-0x00007FF702614000-memory.dmp

Filesize
3.3MB

Download
memory/4180-387-0x00007FF69BA80000-0x00007FF69BDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2303-0x00007FF69BA80000-0x00007FF69BDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-164-0x00007FF69BA80000-0x00007FF69BDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-53-0x00007FF600340000-0x00007FF600694000-memory.dmp

Filesize
3.3MB

Download
memory/4668-100-0x00007FF600340000-0x00007FF600694000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2001-0x00007FF600340000-0x00007FF600694000-memory.dmp

Filesize
3.3MB

Download
memory/4684-114-0x00007FF770010000-0x00007FF770364000-memory.dmp

Filesize
3.3MB

Download
memory/4684-54-0x00007FF770010000-0x00007FF770364000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2005-0x00007FF770010000-0x00007FF770364000-memory.dmp

Filesize
3.3MB

Download
memory/4784-63-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-127-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2085-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-153-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/5004-88-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/5088-217-0x00007FF7E96D0000-0x00007FF7E9A24000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2300-0x00007FF7E96D0000-0x00007FF7E9A24000-memory.dmp

Filesize
3.3MB

Download
memory/5088-141-0x00007FF7E96D0000-0x00007FF7E9A24000-memory.dmp

Filesize
3.3MB

Download
memory/5236-81-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp

Filesize
3.3MB

Download
memory/5236-32-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp

Filesize
3.3MB

Download
memory/5236-1985-0x00007FF60CDC0000-0x00007FF60D114000-memory.dmp

Filesize
3.3MB

Download
memory/5260-183-0x00007FF7CAC70000-0x00007FF7CAFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5260-2306-0x00007FF7CAC70000-0x00007FF7CAFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5260-617-0x00007FF7CAC70000-0x00007FF7CAFC4000-memory.dmp

Filesize
3.3MB

Download
memory/5304-80-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp

Filesize
3.3MB

Download
memory/5304-12-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp

Filesize
3.3MB

Download
memory/5304-1948-0x00007FF7AD1D0000-0x00007FF7AD524000-memory.dmp

Filesize
3.3MB

Download
memory/5460-128-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp

Filesize
3.3MB

Download
memory/5460-74-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp

Filesize
3.3MB

Download
memory/5460-2092-0x00007FF7A6320000-0x00007FF7A6674000-memory.dmp

Filesize
3.3MB

Download
memory/5480-193-0x00007FF604CE0000-0x00007FF605034000-memory.dmp

Filesize
3.3MB

Download
memory/5480-2307-0x00007FF604CE0000-0x00007FF605034000-memory.dmp

Filesize
3.3MB

Download
memory/5520-2296-0x00007FF7B0640000-0x00007FF7B0994000-memory.dmp

Filesize
3.3MB

Download
memory/5520-117-0x00007FF7B0640000-0x00007FF7B0994000-memory.dmp

Filesize
3.3MB

Download
memory/5652-135-0x00007FF792A20000-0x00007FF792D74000-memory.dmp

Filesize
3.3MB

Download
memory/5652-2299-0x00007FF792A20000-0x00007FF792D74000-memory.dmp

Filesize
3.3MB

Download
memory/5652-214-0x00007FF792A20000-0x00007FF792D74000-memory.dmp

Filesize
3.3MB

Download
memory/5696-178-0x00007FF7BDA20000-0x00007FF7BDD74000-memory.dmp

Filesize
3.3MB

Download
memory/5696-2305-0x00007FF7BDA20000-0x00007FF7BDD74000-memory.dmp

Filesize
3.3MB

Download
memory/5712-160-0x00007FF67E930000-0x00007FF67EC84000-memory.dmp

Filesize
3.3MB

Download
memory/5712-2302-0x00007FF67E930000-0x00007FF67EC84000-memory.dmp

Filesize
3.3MB

Download
memory/5772-35-0x00007FF6D6AE0000-0x00007FF6D6E34000-memory.dmp

Filesize
3.3MB

Download
memory/5772-1989-0x00007FF6D6AE0000-0x00007FF6D6E34000-memory.dmp

Filesize
3.3MB

Download
memory/5808-151-0x00007FF7EA150000-0x00007FF7EA4A4000-memory.dmp

Filesize
3.3MB

Download
memory/5808-2301-0x00007FF7EA150000-0x00007FF7EA4A4000-memory.dmp

Filesize
3.3MB

Download
memory/5824-1-0x0000022772C00000-0x0000022772C10000-memory.dmp

Filesize
64KB

Download
memory/5824-0-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp

Filesize
3.3MB

Download
memory/5824-66-0x00007FF63CDE0000-0x00007FF63D134000-memory.dmp

Filesize
3.3MB

Download
memory/6036-2293-0x00007FF699030000-0x00007FF699384000-memory.dmp

Filesize
3.3MB

Download
memory/6036-161-0x00007FF699030000-0x00007FF699384000-memory.dmp

Filesize
3.3MB

Download
memory/6036-96-0x00007FF699030000-0x00007FF699384000-memory.dmp

Filesize
3.3MB

Download
memory/6040-442-0x00007FF7C77A0000-0x00007FF7C7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/6040-169-0x00007FF7C77A0000-0x00007FF7C7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/6040-2304-0x00007FF7C77A0000-0x00007FF7C7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/6092-2298-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download
memory/6092-129-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download
memory/6092-191-0x00007FF764A70000-0x00007FF764DC4000-memory.dmp

Filesize
3.3MB

Download