cobaltstrike | c9e73252327161735aaa9459a3e3d65a988763e2a328acb0a30ed9953e98ca1c

Analysis

max time kernel
103s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

ac01a5aae4b7feffec04b7d3a5a58a72
SHA1

6de7a59d011dd7391e047251ccf29bd26a96aba4
SHA256

c9e73252327161735aaa9459a3e3d65a988763e2a328acb0a30ed9953e98ca1c
SHA512

21df0014fc1dc1feede49e25d4190e959f5b33455f61d246e22d3d7f0151503f2e71bc31724c324fd62e81c35062413f40cf4cd79a95b3c9bda3a7a484add984
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000241f7-4.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000241fb-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000241fc-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000241fd-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000241fe-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024200-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024201-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000241ff-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024202-53.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000241f8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024204-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024205-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024206-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024207-85.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024208-95.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002420d-108.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024209-103.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002420e-115.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002420f-122.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024210-129.dat	cobalt_reflective_dll
behavioral1/files/0x000c00000002404b-132.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000002404d-141.dat	cobalt_reflective_dll
behavioral1/files/0x000b00000002406c-150.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024217-159.dat	cobalt_reflective_dll
behavioral1/files/0x000800000002421a-168.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002421d-189.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002421c-187.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002421b-185.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000024218-167.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002421e-195.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422e-199.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422f-207.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5180-0-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp	xmrig
behavioral1/files/0x00080000000241f7-4.dat	xmrig
behavioral1/files/0x00070000000241fb-11.dat	xmrig
behavioral1/files/0x00070000000241fc-9.dat	xmrig
behavioral1/files/0x00070000000241fd-18.dat	xmrig
behavioral1/memory/5920-26-0x00007FF60D040000-0x00007FF60D394000-memory.dmp	xmrig
behavioral1/files/0x00070000000241fe-29.dat	xmrig
behavioral1/files/0x0007000000024200-41.dat	xmrig
behavioral1/files/0x0007000000024201-47.dat	xmrig
behavioral1/memory/2504-48-0x00007FF740EF0000-0x00007FF741244000-memory.dmp	xmrig
behavioral1/memory/3896-42-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp	xmrig
behavioral1/files/0x00070000000241ff-39.dat	xmrig
behavioral1/memory/5168-34-0x00007FF746CB0000-0x00007FF747004000-memory.dmp	xmrig
behavioral1/memory/1044-30-0x00007FF600CD0000-0x00007FF601024000-memory.dmp	xmrig
behavioral1/memory/5104-23-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp	xmrig
behavioral1/memory/1836-21-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp	xmrig
behavioral1/memory/4984-10-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp	xmrig
behavioral1/files/0x0007000000024202-53.dat	xmrig
behavioral1/memory/5336-56-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp	xmrig
behavioral1/files/0x00080000000241f8-60.dat	xmrig
behavioral1/memory/4384-63-0x00007FF64F500000-0x00007FF64F854000-memory.dmp	xmrig
behavioral1/memory/5180-62-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp	xmrig
behavioral1/files/0x0007000000024204-66.dat	xmrig
behavioral1/memory/4984-67-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp	xmrig
behavioral1/memory/4372-69-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp	xmrig
behavioral1/memory/1836-68-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024205-72.dat	xmrig
behavioral1/memory/4736-77-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	xmrig
behavioral1/memory/5104-76-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp	xmrig
behavioral1/memory/5796-82-0x00007FF677440000-0x00007FF677794000-memory.dmp	xmrig
behavioral1/files/0x0007000000024206-80.dat	xmrig
behavioral1/files/0x0007000000024207-85.dat	xmrig
behavioral1/memory/4540-88-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	xmrig
behavioral1/memory/1044-86-0x00007FF600CD0000-0x00007FF601024000-memory.dmp	xmrig
behavioral1/memory/5168-92-0x00007FF746CB0000-0x00007FF747004000-memory.dmp	xmrig
behavioral1/files/0x0007000000024208-95.dat	xmrig
behavioral1/memory/3896-98-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp	xmrig
behavioral1/memory/5596-99-0x00007FF775470000-0x00007FF7757C4000-memory.dmp	xmrig
behavioral1/files/0x000700000002420d-108.dat	xmrig
behavioral1/memory/1556-111-0x00007FF64DD90000-0x00007FF64E0E4000-memory.dmp	xmrig
behavioral1/memory/560-106-0x00007FF652600000-0x00007FF652954000-memory.dmp	xmrig
behavioral1/memory/2504-104-0x00007FF740EF0000-0x00007FF741244000-memory.dmp	xmrig
behavioral1/files/0x0007000000024209-103.dat	xmrig
behavioral1/files/0x000700000002420e-115.dat	xmrig
behavioral1/memory/5336-116-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp	xmrig
behavioral1/files/0x000700000002420f-122.dat	xmrig
behavioral1/memory/4368-123-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp	xmrig
behavioral1/memory/5472-117-0x00007FF6AE620000-0x00007FF6AE974000-memory.dmp	xmrig
behavioral1/memory/4372-128-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024210-129.dat	xmrig
behavioral1/files/0x000c00000002404b-132.dat	xmrig
behavioral1/files/0x000d00000002404d-141.dat	xmrig
behavioral1/memory/6088-138-0x00007FF684CF0000-0x00007FF685044000-memory.dmp	xmrig
behavioral1/memory/4736-137-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	xmrig
behavioral1/memory/1416-144-0x00007FF639110000-0x00007FF639464000-memory.dmp	xmrig
behavioral1/memory/3356-149-0x00007FF6CE450000-0x00007FF6CE7A4000-memory.dmp	xmrig
behavioral1/files/0x000b00000002406c-150.dat	xmrig
behavioral1/memory/5796-145-0x00007FF677440000-0x00007FF677794000-memory.dmp	xmrig
behavioral1/memory/4540-152-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	xmrig
behavioral1/memory/1708-153-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp	xmrig
behavioral1/files/0x0007000000024217-159.dat	xmrig
behavioral1/memory/5160-166-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp	xmrig
behavioral1/files/0x000800000002421a-168.dat	xmrig
behavioral1/memory/4368-180-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4984	NhgXbPp.exe
1836	RhHGumA.exe
5920	ETmEAau.exe
5104	PQhuDJj.exe
1044	lOwGbHj.exe
5168	QYXngca.exe
3896	OjSaezT.exe
2504	UCkLhfk.exe
5336	fMNMNHZ.exe
4384	yZPtsVm.exe
4372	HaKNSmz.exe
4736	EHTfSIj.exe
5796	CpUQOzt.exe
4540	sSgmUGq.exe
5596	beFYjQh.exe
560	UiWtFfW.exe
1556	wFeKxZh.exe
5472	yWbJhNm.exe
4368	JalJzBk.exe
6088	vJjZvHF.exe
1416	plaRqYR.exe
3356	RzJTBkC.exe
1708	gGSwvbY.exe
1756	RaJtDAl.exe
5160	fmTCevs.exe
4896	nUuHUae.exe
5228	PgtUDqn.exe
3048	sAFhBxD.exe
4028	BUWJxBJ.exe
1984	FYWpdKN.exe
5324	aDvAKtX.exe
3504	WywgksB.exe
5832	tZMJfLd.exe
3144	sfAHXhJ.exe
1944	HlSRVlG.exe
5140	TlBLUhL.exe
4196	daKmVvT.exe
2564	uJzjAjZ.exe
5604	uwnRqpe.exe
5776	yhJTYvy.exe
5520	lOIlLQO.exe
5276	LYYuVXv.exe
640	ASLxkBs.exe
1808	rjjCFWZ.exe
3596	cWxuwtH.exe
1056	DEgFbNL.exe
3452	YvftbOa.exe
5124	hwCphfV.exe
5408	GpHcXLQ.exe
6112	fbzgkvl.exe
1048	qbNBHIS.exe
5664	WXFhWju.exe
444	wMxbTxB.exe
4088	hUCAGpd.exe
5016	wHPhnZB.exe
4904	VExTEKo.exe
2660	QlXqnhA.exe
5556	SxLlQwB.exe
1188	GqWEmpG.exe
3584	Vnzsrls.exe
2156	BUqcFxo.exe
5960	feqVlYU.exe
4472	YUySMJT.exe
4676	qacJcWo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5180-0-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp	upx
behavioral1/files/0x00080000000241f7-4.dat	upx
behavioral1/files/0x00070000000241fb-11.dat	upx
behavioral1/files/0x00070000000241fc-9.dat	upx
behavioral1/files/0x00070000000241fd-18.dat	upx
behavioral1/memory/5920-26-0x00007FF60D040000-0x00007FF60D394000-memory.dmp	upx
behavioral1/files/0x00070000000241fe-29.dat	upx
behavioral1/files/0x0007000000024200-41.dat	upx
behavioral1/files/0x0007000000024201-47.dat	upx
behavioral1/memory/2504-48-0x00007FF740EF0000-0x00007FF741244000-memory.dmp	upx
behavioral1/memory/3896-42-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp	upx
behavioral1/files/0x00070000000241ff-39.dat	upx
behavioral1/memory/5168-34-0x00007FF746CB0000-0x00007FF747004000-memory.dmp	upx
behavioral1/memory/1044-30-0x00007FF600CD0000-0x00007FF601024000-memory.dmp	upx
behavioral1/memory/5104-23-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp	upx
behavioral1/memory/1836-21-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp	upx
behavioral1/memory/4984-10-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp	upx
behavioral1/files/0x0007000000024202-53.dat	upx
behavioral1/memory/5336-56-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp	upx
behavioral1/files/0x00080000000241f8-60.dat	upx
behavioral1/memory/4384-63-0x00007FF64F500000-0x00007FF64F854000-memory.dmp	upx
behavioral1/memory/5180-62-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp	upx
behavioral1/files/0x0007000000024204-66.dat	upx
behavioral1/memory/4984-67-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp	upx
behavioral1/memory/4372-69-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp	upx
behavioral1/memory/1836-68-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp	upx
behavioral1/files/0x0007000000024205-72.dat	upx
behavioral1/memory/4736-77-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	upx
behavioral1/memory/5104-76-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp	upx
behavioral1/memory/5796-82-0x00007FF677440000-0x00007FF677794000-memory.dmp	upx
behavioral1/files/0x0007000000024206-80.dat	upx
behavioral1/files/0x0007000000024207-85.dat	upx
behavioral1/memory/4540-88-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	upx
behavioral1/memory/1044-86-0x00007FF600CD0000-0x00007FF601024000-memory.dmp	upx
behavioral1/memory/5168-92-0x00007FF746CB0000-0x00007FF747004000-memory.dmp	upx
behavioral1/files/0x0007000000024208-95.dat	upx
behavioral1/memory/3896-98-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp	upx
behavioral1/memory/5596-99-0x00007FF775470000-0x00007FF7757C4000-memory.dmp	upx
behavioral1/files/0x000700000002420d-108.dat	upx
behavioral1/memory/1556-111-0x00007FF64DD90000-0x00007FF64E0E4000-memory.dmp	upx
behavioral1/memory/560-106-0x00007FF652600000-0x00007FF652954000-memory.dmp	upx
behavioral1/memory/2504-104-0x00007FF740EF0000-0x00007FF741244000-memory.dmp	upx
behavioral1/files/0x0007000000024209-103.dat	upx
behavioral1/files/0x000700000002420e-115.dat	upx
behavioral1/memory/5336-116-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp	upx
behavioral1/files/0x000700000002420f-122.dat	upx
behavioral1/memory/4368-123-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp	upx
behavioral1/memory/5472-117-0x00007FF6AE620000-0x00007FF6AE974000-memory.dmp	upx
behavioral1/memory/4372-128-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp	upx
behavioral1/files/0x0007000000024210-129.dat	upx
behavioral1/files/0x000c00000002404b-132.dat	upx
behavioral1/files/0x000d00000002404d-141.dat	upx
behavioral1/memory/6088-138-0x00007FF684CF0000-0x00007FF685044000-memory.dmp	upx
behavioral1/memory/4736-137-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	upx
behavioral1/memory/1416-144-0x00007FF639110000-0x00007FF639464000-memory.dmp	upx
behavioral1/memory/3356-149-0x00007FF6CE450000-0x00007FF6CE7A4000-memory.dmp	upx
behavioral1/files/0x000b00000002406c-150.dat	upx
behavioral1/memory/5796-145-0x00007FF677440000-0x00007FF677794000-memory.dmp	upx
behavioral1/memory/4540-152-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp	upx
behavioral1/memory/1708-153-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp	upx
behavioral1/files/0x0007000000024217-159.dat	upx
behavioral1/memory/5160-166-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp	upx
behavioral1/files/0x000800000002421a-168.dat	upx
behavioral1/memory/4368-180-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cWHCwEp.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ozKYqtO.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nyBlBzy.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ppAxNTA.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qbNBHIS.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\beFYjQh.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ORimbtt.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fjdwCDC.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dITuNQJ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VtFhYQF.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kVYMMon.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xrlNDjH.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SuMiKYB.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CzDJeel.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\usmnlMS.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ueAHdkj.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rGdwDId.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\RAZzyXP.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FLEByju.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iYyimCw.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NQiMPKU.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xkpvDTy.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XEyqakd.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OjkrxNI.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JHdZRlm.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\onpToVf.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mwKbxUN.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VGDwLYO.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nUuHUae.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZdMePbu.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BADYKjO.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jSOveir.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DFBiDWJ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CWxJmwk.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BNSECKR.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xmQaySP.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MCCYoSz.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qUPtaUZ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OiOABgl.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jwdqMLv.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uKGUVfn.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BsFTZgS.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AFDPbZy.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\DJuArTP.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fMNMNHZ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hUCAGpd.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oACjeyY.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SzyOojd.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SvZEbFJ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NzNEiCf.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ASLxkBs.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lOwGbHj.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UciYetC.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fEYQDvo.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CFJWJWI.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WyyJbrF.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\euIifHp.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EJMobWP.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iIIgbnq.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yPNdofx.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YAbNHkJ.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\tattkzT.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZSVZmdf.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FsyxxuY.exe	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5180 wrote to memory of 4984	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5180 wrote to memory of 4984	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	86
PID 5180 wrote to memory of 1836	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5180 wrote to memory of 1836	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5180 wrote to memory of 5920	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5180 wrote to memory of 5920	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5180 wrote to memory of 5104	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5180 wrote to memory of 5104	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5180 wrote to memory of 1044	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5180 wrote to memory of 1044	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5180 wrote to memory of 5168	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5180 wrote to memory of 5168	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5180 wrote to memory of 3896	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5180 wrote to memory of 3896	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5180 wrote to memory of 2504	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5180 wrote to memory of 2504	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5180 wrote to memory of 5336	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5180 wrote to memory of 5336	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5180 wrote to memory of 4384	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5180 wrote to memory of 4384	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5180 wrote to memory of 4372	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5180 wrote to memory of 4372	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5180 wrote to memory of 4736	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5180 wrote to memory of 4736	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5180 wrote to memory of 5796	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5180 wrote to memory of 5796	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5180 wrote to memory of 4540	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5180 wrote to memory of 4540	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 5180 wrote to memory of 5596	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5180 wrote to memory of 5596	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	102
PID 5180 wrote to memory of 560	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5180 wrote to memory of 560	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5180 wrote to memory of 1556	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5180 wrote to memory of 1556	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5180 wrote to memory of 5472	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5180 wrote to memory of 5472	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5180 wrote to memory of 4368	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5180 wrote to memory of 4368	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5180 wrote to memory of 6088	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5180 wrote to memory of 6088	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5180 wrote to memory of 1416	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5180 wrote to memory of 1416	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5180 wrote to memory of 3356	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5180 wrote to memory of 3356	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5180 wrote to memory of 1708	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5180 wrote to memory of 1708	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5180 wrote to memory of 1756	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5180 wrote to memory of 1756	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5180 wrote to memory of 5160	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5180 wrote to memory of 5160	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5180 wrote to memory of 4896	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5180 wrote to memory of 4896	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5180 wrote to memory of 5228	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5180 wrote to memory of 5228	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5180 wrote to memory of 3048	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5180 wrote to memory of 3048	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5180 wrote to memory of 4028	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 5180 wrote to memory of 4028	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 5180 wrote to memory of 1984	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5180 wrote to memory of 1984	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 5180 wrote to memory of 5324	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 5180 wrote to memory of 5324	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	123
PID 5180 wrote to memory of 3504	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 5180 wrote to memory of 3504	5180	2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124

C:\Users\Admin\AppData\Local\Temp\2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_ac01a5aae4b7feffec04b7d3a5a58a72_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5180
- C:\Windows\System\NhgXbPp.exe
  C:\Windows\System\NhgXbPp.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\RhHGumA.exe
  C:\Windows\System\RhHGumA.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\ETmEAau.exe
  C:\Windows\System\ETmEAau.exe
  2⤵
  - Executes dropped EXE
  PID:5920
- C:\Windows\System\PQhuDJj.exe
  C:\Windows\System\PQhuDJj.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\lOwGbHj.exe
  C:\Windows\System\lOwGbHj.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\QYXngca.exe
  C:\Windows\System\QYXngca.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\OjSaezT.exe
  C:\Windows\System\OjSaezT.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\UCkLhfk.exe
  C:\Windows\System\UCkLhfk.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\fMNMNHZ.exe
  C:\Windows\System\fMNMNHZ.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System\yZPtsVm.exe
  C:\Windows\System\yZPtsVm.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\HaKNSmz.exe
  C:\Windows\System\HaKNSmz.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\EHTfSIj.exe
  C:\Windows\System\EHTfSIj.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\CpUQOzt.exe
  C:\Windows\System\CpUQOzt.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System\sSgmUGq.exe
  C:\Windows\System\sSgmUGq.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\beFYjQh.exe
  C:\Windows\System\beFYjQh.exe
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Windows\System\UiWtFfW.exe
  C:\Windows\System\UiWtFfW.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\wFeKxZh.exe
  C:\Windows\System\wFeKxZh.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\yWbJhNm.exe
  C:\Windows\System\yWbJhNm.exe
  2⤵
  - Executes dropped EXE
  PID:5472
- C:\Windows\System\JalJzBk.exe
  C:\Windows\System\JalJzBk.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\vJjZvHF.exe
  C:\Windows\System\vJjZvHF.exe
  2⤵
  - Executes dropped EXE
  PID:6088
- C:\Windows\System\plaRqYR.exe
  C:\Windows\System\plaRqYR.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\RzJTBkC.exe
  C:\Windows\System\RzJTBkC.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\gGSwvbY.exe
  C:\Windows\System\gGSwvbY.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RaJtDAl.exe
  C:\Windows\System\RaJtDAl.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\fmTCevs.exe
  C:\Windows\System\fmTCevs.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\nUuHUae.exe
  C:\Windows\System\nUuHUae.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\PgtUDqn.exe
  C:\Windows\System\PgtUDqn.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\sAFhBxD.exe
  C:\Windows\System\sAFhBxD.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\BUWJxBJ.exe
  C:\Windows\System\BUWJxBJ.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\FYWpdKN.exe
  C:\Windows\System\FYWpdKN.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\aDvAKtX.exe
  C:\Windows\System\aDvAKtX.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System\WywgksB.exe
  C:\Windows\System\WywgksB.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\tZMJfLd.exe
  C:\Windows\System\tZMJfLd.exe
  2⤵
  - Executes dropped EXE
  PID:5832
- C:\Windows\System\sfAHXhJ.exe
  C:\Windows\System\sfAHXhJ.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\HlSRVlG.exe
  C:\Windows\System\HlSRVlG.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\TlBLUhL.exe
  C:\Windows\System\TlBLUhL.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\daKmVvT.exe
  C:\Windows\System\daKmVvT.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\uJzjAjZ.exe
  C:\Windows\System\uJzjAjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\uwnRqpe.exe
  C:\Windows\System\uwnRqpe.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System\yhJTYvy.exe
  C:\Windows\System\yhJTYvy.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\lOIlLQO.exe
  C:\Windows\System\lOIlLQO.exe
  2⤵
  - Executes dropped EXE
  PID:5520
- C:\Windows\System\LYYuVXv.exe
  C:\Windows\System\LYYuVXv.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\ASLxkBs.exe
  C:\Windows\System\ASLxkBs.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\rjjCFWZ.exe
  C:\Windows\System\rjjCFWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\cWxuwtH.exe
  C:\Windows\System\cWxuwtH.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\DEgFbNL.exe
  C:\Windows\System\DEgFbNL.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\YvftbOa.exe
  C:\Windows\System\YvftbOa.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\hwCphfV.exe
  C:\Windows\System\hwCphfV.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\GpHcXLQ.exe
  C:\Windows\System\GpHcXLQ.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System\fbzgkvl.exe
  C:\Windows\System\fbzgkvl.exe
  2⤵
  - Executes dropped EXE
  PID:6112
- C:\Windows\System\qbNBHIS.exe
  C:\Windows\System\qbNBHIS.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\WXFhWju.exe
  C:\Windows\System\WXFhWju.exe
  2⤵
  - Executes dropped EXE
  PID:5664
- C:\Windows\System\wMxbTxB.exe
  C:\Windows\System\wMxbTxB.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\hUCAGpd.exe
  C:\Windows\System\hUCAGpd.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\wHPhnZB.exe
  C:\Windows\System\wHPhnZB.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\VExTEKo.exe
  C:\Windows\System\VExTEKo.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\QlXqnhA.exe
  C:\Windows\System\QlXqnhA.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\SxLlQwB.exe
  C:\Windows\System\SxLlQwB.exe
  2⤵
  - Executes dropped EXE
  PID:5556
- C:\Windows\System\GqWEmpG.exe
  C:\Windows\System\GqWEmpG.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\Vnzsrls.exe
  C:\Windows\System\Vnzsrls.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\BUqcFxo.exe
  C:\Windows\System\BUqcFxo.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\feqVlYU.exe
  C:\Windows\System\feqVlYU.exe
  2⤵
  - Executes dropped EXE
  PID:5960
- C:\Windows\System\YUySMJT.exe
  C:\Windows\System\YUySMJT.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\qacJcWo.exe
  C:\Windows\System\qacJcWo.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\dZUNXFJ.exe
  C:\Windows\System\dZUNXFJ.exe
  2⤵
  PID:2864
- C:\Windows\System\LUoVBWj.exe
  C:\Windows\System\LUoVBWj.exe
  2⤵
  PID:4572
- C:\Windows\System\ORimbtt.exe
  C:\Windows\System\ORimbtt.exe
  2⤵
  PID:4524
- C:\Windows\System\Unkwqov.exe
  C:\Windows\System\Unkwqov.exe
  2⤵
  PID:4588
- C:\Windows\System\YwfOajy.exe
  C:\Windows\System\YwfOajy.exe
  2⤵
  PID:4116
- C:\Windows\System\tCyKMkJ.exe
  C:\Windows\System\tCyKMkJ.exe
  2⤵
  PID:4316
- C:\Windows\System\ltLTdds.exe
  C:\Windows\System\ltLTdds.exe
  2⤵
  PID:4620
- C:\Windows\System\ilLaWCW.exe
  C:\Windows\System\ilLaWCW.exe
  2⤵
  PID:6068
- C:\Windows\System\pEfxvsf.exe
  C:\Windows\System\pEfxvsf.exe
  2⤵
  PID:2312
- C:\Windows\System\xndhIPx.exe
  C:\Windows\System\xndhIPx.exe
  2⤵
  PID:208
- C:\Windows\System\oPDcBYX.exe
  C:\Windows\System\oPDcBYX.exe
  2⤵
  PID:748
- C:\Windows\System\QCOkkiu.exe
  C:\Windows\System\QCOkkiu.exe
  2⤵
  PID:5820
- C:\Windows\System\rGdwDId.exe
  C:\Windows\System\rGdwDId.exe
  2⤵
  PID:2088
- C:\Windows\System\CswrgcN.exe
  C:\Windows\System\CswrgcN.exe
  2⤵
  PID:3568
- C:\Windows\System\CPzCeEV.exe
  C:\Windows\System\CPzCeEV.exe
  2⤵
  PID:5240
- C:\Windows\System\fOSrPyr.exe
  C:\Windows\System\fOSrPyr.exe
  2⤵
  PID:2044
- C:\Windows\System\ZGpvbKq.exe
  C:\Windows\System\ZGpvbKq.exe
  2⤵
  PID:1816
- C:\Windows\System\RAZzyXP.exe
  C:\Windows\System\RAZzyXP.exe
  2⤵
  PID:4932
- C:\Windows\System\uOGoqJC.exe
  C:\Windows\System\uOGoqJC.exe
  2⤵
  PID:5356
- C:\Windows\System\noQxZkI.exe
  C:\Windows\System\noQxZkI.exe
  2⤵
  PID:5780
- C:\Windows\System\FasOutp.exe
  C:\Windows\System\FasOutp.exe
  2⤵
  PID:5660
- C:\Windows\System\jLIOajO.exe
  C:\Windows\System\jLIOajO.exe
  2⤵
  PID:916
- C:\Windows\System\RSMidir.exe
  C:\Windows\System\RSMidir.exe
  2⤵
  PID:5100
- C:\Windows\System\UAwmxxY.exe
  C:\Windows\System\UAwmxxY.exe
  2⤵
  PID:3600
- C:\Windows\System\PgeEjKT.exe
  C:\Windows\System\PgeEjKT.exe
  2⤵
  PID:236
- C:\Windows\System\YzqLMLw.exe
  C:\Windows\System\YzqLMLw.exe
  2⤵
  PID:1428
- C:\Windows\System\XDQxwfR.exe
  C:\Windows\System\XDQxwfR.exe
  2⤵
  PID:3728
- C:\Windows\System\eKuiaMD.exe
  C:\Windows\System\eKuiaMD.exe
  2⤵
  PID:1668
- C:\Windows\System\vVDiIFG.exe
  C:\Windows\System\vVDiIFG.exe
  2⤵
  PID:4940
- C:\Windows\System\xkovUlW.exe
  C:\Windows\System\xkovUlW.exe
  2⤵
  PID:2204
- C:\Windows\System\WtpHvcP.exe
  C:\Windows\System\WtpHvcP.exe
  2⤵
  PID:2664
- C:\Windows\System\dsTDLUO.exe
  C:\Windows\System\dsTDLUO.exe
  2⤵
  PID:2956
- C:\Windows\System\hhqgoLh.exe
  C:\Windows\System\hhqgoLh.exe
  2⤵
  PID:4980
- C:\Windows\System\uAoRAnJ.exe
  C:\Windows\System\uAoRAnJ.exe
  2⤵
  PID:1236
- C:\Windows\System\edtZeTt.exe
  C:\Windows\System\edtZeTt.exe
  2⤵
  PID:3812
- C:\Windows\System\BtaLAyn.exe
  C:\Windows\System\BtaLAyn.exe
  2⤵
  PID:4592
- C:\Windows\System\vEquETN.exe
  C:\Windows\System\vEquETN.exe
  2⤵
  PID:4544
- C:\Windows\System\kwoPZgg.exe
  C:\Windows\System\kwoPZgg.exe
  2⤵
  PID:4636
- C:\Windows\System\bNFpEeZ.exe
  C:\Windows\System\bNFpEeZ.exe
  2⤵
  PID:5448
- C:\Windows\System\oVTMKAI.exe
  C:\Windows\System\oVTMKAI.exe
  2⤵
  PID:912
- C:\Windows\System\lAjRVxc.exe
  C:\Windows\System\lAjRVxc.exe
  2⤵
  PID:3640
- C:\Windows\System\RiLGlNw.exe
  C:\Windows\System\RiLGlNw.exe
  2⤵
  PID:1540
- C:\Windows\System\sLWbVzq.exe
  C:\Windows\System\sLWbVzq.exe
  2⤵
  PID:772
- C:\Windows\System\tpfTqkx.exe
  C:\Windows\System\tpfTqkx.exe
  2⤵
  PID:5864
- C:\Windows\System\ikkrrZP.exe
  C:\Windows\System\ikkrrZP.exe
  2⤵
  PID:2776
- C:\Windows\System\jpRemDg.exe
  C:\Windows\System\jpRemDg.exe
  2⤵
  PID:4000
- C:\Windows\System\iIIgbnq.exe
  C:\Windows\System\iIIgbnq.exe
  2⤵
  PID:5932
- C:\Windows\System\nzDCHbh.exe
  C:\Windows\System\nzDCHbh.exe
  2⤵
  PID:4888
- C:\Windows\System\HCljCiR.exe
  C:\Windows\System\HCljCiR.exe
  2⤵
  PID:4108
- C:\Windows\System\fjdwCDC.exe
  C:\Windows\System\fjdwCDC.exe
  2⤵
  PID:2000
- C:\Windows\System\wBKSYCQ.exe
  C:\Windows\System\wBKSYCQ.exe
  2⤵
  PID:5560
- C:\Windows\System\yDENVSI.exe
  C:\Windows\System\yDENVSI.exe
  2⤵
  PID:4560
- C:\Windows\System\rkRAbDz.exe
  C:\Windows\System\rkRAbDz.exe
  2⤵
  PID:5232
- C:\Windows\System\cgPElqg.exe
  C:\Windows\System\cgPElqg.exe
  2⤵
  PID:3480
- C:\Windows\System\vCZyIrR.exe
  C:\Windows\System\vCZyIrR.exe
  2⤵
  PID:2880
- C:\Windows\System\BUfKUxU.exe
  C:\Windows\System\BUfKUxU.exe
  2⤵
  PID:6136
- C:\Windows\System\ZWPLWHd.exe
  C:\Windows\System\ZWPLWHd.exe
  2⤵
  PID:5248
- C:\Windows\System\mrcpPqR.exe
  C:\Windows\System\mrcpPqR.exe
  2⤵
  PID:6024
- C:\Windows\System\ggjtXIy.exe
  C:\Windows\System\ggjtXIy.exe
  2⤵
  PID:4944
- C:\Windows\System\FLEByju.exe
  C:\Windows\System\FLEByju.exe
  2⤵
  PID:4112
- C:\Windows\System\wOOPaPh.exe
  C:\Windows\System\wOOPaPh.exe
  2⤵
  PID:5480
- C:\Windows\System\ZdMePbu.exe
  C:\Windows\System\ZdMePbu.exe
  2⤵
  PID:2116
- C:\Windows\System\rKPVuur.exe
  C:\Windows\System\rKPVuur.exe
  2⤵
  PID:4392
- C:\Windows\System\IAMYyDb.exe
  C:\Windows\System\IAMYyDb.exe
  2⤵
  PID:3748
- C:\Windows\System\RyspSDI.exe
  C:\Windows\System\RyspSDI.exe
  2⤵
  PID:3120
- C:\Windows\System\CKopPmc.exe
  C:\Windows\System\CKopPmc.exe
  2⤵
  PID:4864
- C:\Windows\System\mTsttaN.exe
  C:\Windows\System\mTsttaN.exe
  2⤵
  PID:3340
- C:\Windows\System\BADYKjO.exe
  C:\Windows\System\BADYKjO.exe
  2⤵
  PID:864
- C:\Windows\System\JCcOZDr.exe
  C:\Windows\System\JCcOZDr.exe
  2⤵
  PID:2396
- C:\Windows\System\jSOveir.exe
  C:\Windows\System\jSOveir.exe
  2⤵
  PID:880
- C:\Windows\System\QkpKySg.exe
  C:\Windows\System\QkpKySg.exe
  2⤵
  PID:6116
- C:\Windows\System\puVhqJN.exe
  C:\Windows\System\puVhqJN.exe
  2⤵
  PID:4596
- C:\Windows\System\ClWZXFj.exe
  C:\Windows\System\ClWZXFj.exe
  2⤵
  PID:5116
- C:\Windows\System\SEiKQKo.exe
  C:\Windows\System\SEiKQKo.exe
  2⤵
  PID:1316
- C:\Windows\System\vooXWfM.exe
  C:\Windows\System\vooXWfM.exe
  2⤵
  PID:2300
- C:\Windows\System\MHKTXDD.exe
  C:\Windows\System\MHKTXDD.exe
  2⤵
  PID:5112
- C:\Windows\System\qJwXEuJ.exe
  C:\Windows\System\qJwXEuJ.exe
  2⤵
  PID:6172
- C:\Windows\System\gTefuuT.exe
  C:\Windows\System\gTefuuT.exe
  2⤵
  PID:6200
- C:\Windows\System\oACjeyY.exe
  C:\Windows\System\oACjeyY.exe
  2⤵
  PID:6228
- C:\Windows\System\josQcWE.exe
  C:\Windows\System\josQcWE.exe
  2⤵
  PID:6252
- C:\Windows\System\OUGPjHt.exe
  C:\Windows\System\OUGPjHt.exe
  2⤵
  PID:6280
- C:\Windows\System\eeSEWKw.exe
  C:\Windows\System\eeSEWKw.exe
  2⤵
  PID:6308
- C:\Windows\System\tpffoHI.exe
  C:\Windows\System\tpffoHI.exe
  2⤵
  PID:6336
- C:\Windows\System\DYezZca.exe
  C:\Windows\System\DYezZca.exe
  2⤵
  PID:6364
- C:\Windows\System\SnmnWfi.exe
  C:\Windows\System\SnmnWfi.exe
  2⤵
  PID:6396
- C:\Windows\System\OjkrxNI.exe
  C:\Windows\System\OjkrxNI.exe
  2⤵
  PID:6420
- C:\Windows\System\qPLawAs.exe
  C:\Windows\System\qPLawAs.exe
  2⤵
  PID:6448
- C:\Windows\System\haOjTfg.exe
  C:\Windows\System\haOjTfg.exe
  2⤵
  PID:6476
- C:\Windows\System\uDywJvJ.exe
  C:\Windows\System\uDywJvJ.exe
  2⤵
  PID:6504
- C:\Windows\System\DFBiDWJ.exe
  C:\Windows\System\DFBiDWJ.exe
  2⤵
  PID:6536
- C:\Windows\System\IAyvQOo.exe
  C:\Windows\System\IAyvQOo.exe
  2⤵
  PID:6564
- C:\Windows\System\cNHizKq.exe
  C:\Windows\System\cNHizKq.exe
  2⤵
  PID:6588
- C:\Windows\System\koTEWRr.exe
  C:\Windows\System\koTEWRr.exe
  2⤵
  PID:6620
- C:\Windows\System\sRObpmy.exe
  C:\Windows\System\sRObpmy.exe
  2⤵
  PID:6648
- C:\Windows\System\BHEnVSX.exe
  C:\Windows\System\BHEnVSX.exe
  2⤵
  PID:6676
- C:\Windows\System\adFBJRL.exe
  C:\Windows\System\adFBJRL.exe
  2⤵
  PID:6700
- C:\Windows\System\BWFdkhP.exe
  C:\Windows\System\BWFdkhP.exe
  2⤵
  PID:6732
- C:\Windows\System\eboGkGS.exe
  C:\Windows\System\eboGkGS.exe
  2⤵
  PID:6760
- C:\Windows\System\bUCeWbx.exe
  C:\Windows\System\bUCeWbx.exe
  2⤵
  PID:6792
- C:\Windows\System\xjQkhiV.exe
  C:\Windows\System\xjQkhiV.exe
  2⤵
  PID:6820
- C:\Windows\System\flReCsA.exe
  C:\Windows\System\flReCsA.exe
  2⤵
  PID:6852
- C:\Windows\System\tEKmTEt.exe
  C:\Windows\System\tEKmTEt.exe
  2⤵
  PID:6876
- C:\Windows\System\IWDIMXl.exe
  C:\Windows\System\IWDIMXl.exe
  2⤵
  PID:6908
- C:\Windows\System\EkEikCc.exe
  C:\Windows\System\EkEikCc.exe
  2⤵
  PID:6936
- C:\Windows\System\YIKwXtW.exe
  C:\Windows\System\YIKwXtW.exe
  2⤵
  PID:6960
- C:\Windows\System\EraHdVK.exe
  C:\Windows\System\EraHdVK.exe
  2⤵
  PID:6984
- C:\Windows\System\BvUafrd.exe
  C:\Windows\System\BvUafrd.exe
  2⤵
  PID:7020
- C:\Windows\System\uEMtIlU.exe
  C:\Windows\System\uEMtIlU.exe
  2⤵
  PID:7048
- C:\Windows\System\ueTEuFo.exe
  C:\Windows\System\ueTEuFo.exe
  2⤵
  PID:7076
- C:\Windows\System\OKaAHEj.exe
  C:\Windows\System\OKaAHEj.exe
  2⤵
  PID:7108
- C:\Windows\System\IyZGoHk.exe
  C:\Windows\System\IyZGoHk.exe
  2⤵
  PID:7136
- C:\Windows\System\adaMEvN.exe
  C:\Windows\System\adaMEvN.exe
  2⤵
  PID:7164
- C:\Windows\System\PZckOtE.exe
  C:\Windows\System\PZckOtE.exe
  2⤵
  PID:6192
- C:\Windows\System\EStEkcE.exe
  C:\Windows\System\EStEkcE.exe
  2⤵
  PID:6260
- C:\Windows\System\EuCiEKD.exe
  C:\Windows\System\EuCiEKD.exe
  2⤵
  PID:6328
- C:\Windows\System\OPMYuXp.exe
  C:\Windows\System\OPMYuXp.exe
  2⤵
  PID:6392
- C:\Windows\System\PUTZStC.exe
  C:\Windows\System\PUTZStC.exe
  2⤵
  PID:6468
- C:\Windows\System\KNJGpNK.exe
  C:\Windows\System\KNJGpNK.exe
  2⤵
  PID:6524
- C:\Windows\System\CWxJmwk.exe
  C:\Windows\System\CWxJmwk.exe
  2⤵
  PID:6616
- C:\Windows\System\KWNZzZA.exe
  C:\Windows\System\KWNZzZA.exe
  2⤵
  PID:6672
- C:\Windows\System\OcUGcJM.exe
  C:\Windows\System\OcUGcJM.exe
  2⤵
  PID:6740
- C:\Windows\System\gJkYOlh.exe
  C:\Windows\System\gJkYOlh.exe
  2⤵
  PID:6812
- C:\Windows\System\gxTvULD.exe
  C:\Windows\System\gxTvULD.exe
  2⤵
  PID:6868
- C:\Windows\System\oguIaRn.exe
  C:\Windows\System\oguIaRn.exe
  2⤵
  PID:6920
- C:\Windows\System\CHhDaqv.exe
  C:\Windows\System\CHhDaqv.exe
  2⤵
  PID:6916
- C:\Windows\System\GsTeKof.exe
  C:\Windows\System\GsTeKof.exe
  2⤵
  PID:7060
- C:\Windows\System\aRkXIim.exe
  C:\Windows\System\aRkXIim.exe
  2⤵
  PID:7132
- C:\Windows\System\fFfGQMv.exe
  C:\Windows\System\fFfGQMv.exe
  2⤵
  PID:6208
- C:\Windows\System\ZQNLWDS.exe
  C:\Windows\System\ZQNLWDS.exe
  2⤵
  PID:6300
- C:\Windows\System\LDPFBAt.exe
  C:\Windows\System\LDPFBAt.exe
  2⤵
  PID:6440
- C:\Windows\System\bPAsDUV.exe
  C:\Windows\System\bPAsDUV.exe
  2⤵
  PID:6600
- C:\Windows\System\uaQHBQE.exe
  C:\Windows\System\uaQHBQE.exe
  2⤵
  PID:6752
- C:\Windows\System\ErgefBA.exe
  C:\Windows\System\ErgefBA.exe
  2⤵
  PID:6900
- C:\Windows\System\MqqHhov.exe
  C:\Windows\System\MqqHhov.exe
  2⤵
  PID:7028
- C:\Windows\System\bUnLlCi.exe
  C:\Windows\System\bUnLlCi.exe
  2⤵
  PID:6236
- C:\Windows\System\iXJBFSU.exe
  C:\Windows\System\iXJBFSU.exe
  2⤵
  PID:6488
- C:\Windows\System\fcGWNVx.exe
  C:\Windows\System\fcGWNVx.exe
  2⤵
  PID:6848
- C:\Windows\System\AxueQOp.exe
  C:\Windows\System\AxueQOp.exe
  2⤵
  PID:6372
- C:\Windows\System\LYHSkcF.exe
  C:\Windows\System\LYHSkcF.exe
  2⤵
  PID:6320
- C:\Windows\System\TxvNMsH.exe
  C:\Windows\System\TxvNMsH.exe
  2⤵
  PID:7176
- C:\Windows\System\rwaeMKa.exe
  C:\Windows\System\rwaeMKa.exe
  2⤵
  PID:7200
- C:\Windows\System\RqLpeyw.exe
  C:\Windows\System\RqLpeyw.exe
  2⤵
  PID:7228
- C:\Windows\System\uGdiVMh.exe
  C:\Windows\System\uGdiVMh.exe
  2⤵
  PID:7260
- C:\Windows\System\FuYOxna.exe
  C:\Windows\System\FuYOxna.exe
  2⤵
  PID:7284
- C:\Windows\System\TnbhQDE.exe
  C:\Windows\System\TnbhQDE.exe
  2⤵
  PID:7304
- C:\Windows\System\YHJGeaW.exe
  C:\Windows\System\YHJGeaW.exe
  2⤵
  PID:7340
- C:\Windows\System\qoKtWxA.exe
  C:\Windows\System\qoKtWxA.exe
  2⤵
  PID:7368
- C:\Windows\System\yZkXqLi.exe
  C:\Windows\System\yZkXqLi.exe
  2⤵
  PID:7404
- C:\Windows\System\BuNQROT.exe
  C:\Windows\System\BuNQROT.exe
  2⤵
  PID:7428
- C:\Windows\System\AlIeGTZ.exe
  C:\Windows\System\AlIeGTZ.exe
  2⤵
  PID:7460
- C:\Windows\System\DKqXBNE.exe
  C:\Windows\System\DKqXBNE.exe
  2⤵
  PID:7488
- C:\Windows\System\cWHdFWM.exe
  C:\Windows\System\cWHdFWM.exe
  2⤵
  PID:7516
- C:\Windows\System\dITuNQJ.exe
  C:\Windows\System\dITuNQJ.exe
  2⤵
  PID:7540
- C:\Windows\System\wzCqVdU.exe
  C:\Windows\System\wzCqVdU.exe
  2⤵
  PID:7572
- C:\Windows\System\ihvuVSX.exe
  C:\Windows\System\ihvuVSX.exe
  2⤵
  PID:7592
- C:\Windows\System\pFhwLkg.exe
  C:\Windows\System\pFhwLkg.exe
  2⤵
  PID:7620
- C:\Windows\System\OnRVtnR.exe
  C:\Windows\System\OnRVtnR.exe
  2⤵
  PID:7656
- C:\Windows\System\zHRirsU.exe
  C:\Windows\System\zHRirsU.exe
  2⤵
  PID:7676
- C:\Windows\System\QbfZIox.exe
  C:\Windows\System\QbfZIox.exe
  2⤵
  PID:7704
- C:\Windows\System\sKpwvwC.exe
  C:\Windows\System\sKpwvwC.exe
  2⤵
  PID:7732
- C:\Windows\System\cdoccbk.exe
  C:\Windows\System\cdoccbk.exe
  2⤵
  PID:7760
- C:\Windows\System\MCCYoSz.exe
  C:\Windows\System\MCCYoSz.exe
  2⤵
  PID:7792
- C:\Windows\System\dCiDWLV.exe
  C:\Windows\System\dCiDWLV.exe
  2⤵
  PID:7816
- C:\Windows\System\CxncgFO.exe
  C:\Windows\System\CxncgFO.exe
  2⤵
  PID:7852
- C:\Windows\System\ASqCkiH.exe
  C:\Windows\System\ASqCkiH.exe
  2⤵
  PID:7872
- C:\Windows\System\WdwCEXd.exe
  C:\Windows\System\WdwCEXd.exe
  2⤵
  PID:7900
- C:\Windows\System\BNSECKR.exe
  C:\Windows\System\BNSECKR.exe
  2⤵
  PID:7928
- C:\Windows\System\aSjHFdn.exe
  C:\Windows\System\aSjHFdn.exe
  2⤵
  PID:7964
- C:\Windows\System\etaBcpO.exe
  C:\Windows\System\etaBcpO.exe
  2⤵
  PID:7992
- C:\Windows\System\ybXsJWt.exe
  C:\Windows\System\ybXsJWt.exe
  2⤵
  PID:8016
- C:\Windows\System\UepycQg.exe
  C:\Windows\System\UepycQg.exe
  2⤵
  PID:8040
- C:\Windows\System\HkxiMpd.exe
  C:\Windows\System\HkxiMpd.exe
  2⤵
  PID:8068
- C:\Windows\System\POsRIHJ.exe
  C:\Windows\System\POsRIHJ.exe
  2⤵
  PID:8108
- C:\Windows\System\NIZxOYN.exe
  C:\Windows\System\NIZxOYN.exe
  2⤵
  PID:8128
- C:\Windows\System\GtGKvuw.exe
  C:\Windows\System\GtGKvuw.exe
  2⤵
  PID:8156
- C:\Windows\System\zWoCgtB.exe
  C:\Windows\System\zWoCgtB.exe
  2⤵
  PID:8184
- C:\Windows\System\swXepzt.exe
  C:\Windows\System\swXepzt.exe
  2⤵
  PID:7212
- C:\Windows\System\vknEaGm.exe
  C:\Windows\System\vknEaGm.exe
  2⤵
  PID:7268
- C:\Windows\System\auMfQzj.exe
  C:\Windows\System\auMfQzj.exe
  2⤵
  PID:7336
- C:\Windows\System\VtFhYQF.exe
  C:\Windows\System\VtFhYQF.exe
  2⤵
  PID:7388
- C:\Windows\System\FgEmJBF.exe
  C:\Windows\System\FgEmJBF.exe
  2⤵
  PID:7448
- C:\Windows\System\jfQqaQa.exe
  C:\Windows\System\jfQqaQa.exe
  2⤵
  PID:7524
- C:\Windows\System\VDYCaBJ.exe
  C:\Windows\System\VDYCaBJ.exe
  2⤵
  PID:7584
- C:\Windows\System\hAFFrLV.exe
  C:\Windows\System\hAFFrLV.exe
  2⤵
  PID:7644
- C:\Windows\System\iLpXqxF.exe
  C:\Windows\System\iLpXqxF.exe
  2⤵
  PID:7728
- C:\Windows\System\syrwkWa.exe
  C:\Windows\System\syrwkWa.exe
  2⤵
  PID:7804
- C:\Windows\System\qdNyETk.exe
  C:\Windows\System\qdNyETk.exe
  2⤵
  PID:7840
- C:\Windows\System\DPEtJSu.exe
  C:\Windows\System\DPEtJSu.exe
  2⤵
  PID:7912
- C:\Windows\System\IcbyiuV.exe
  C:\Windows\System\IcbyiuV.exe
  2⤵
  PID:7976
- C:\Windows\System\DpKjnxf.exe
  C:\Windows\System\DpKjnxf.exe
  2⤵
  PID:8036
- C:\Windows\System\BlWWpJv.exe
  C:\Windows\System\BlWWpJv.exe
  2⤵
  PID:8120
- C:\Windows\System\ohZFpjs.exe
  C:\Windows\System\ohZFpjs.exe
  2⤵
  PID:8180
- C:\Windows\System\ALOgwSG.exe
  C:\Windows\System\ALOgwSG.exe
  2⤵
  PID:984
- C:\Windows\System\BbQJDWa.exe
  C:\Windows\System\BbQJDWa.exe
  2⤵
  PID:7444
- C:\Windows\System\yrTLtEm.exe
  C:\Windows\System\yrTLtEm.exe
  2⤵
  PID:7560
- C:\Windows\System\OolzgIw.exe
  C:\Windows\System\OolzgIw.exe
  2⤵
  PID:7700
- C:\Windows\System\wWnqRIq.exe
  C:\Windows\System\wWnqRIq.exe
  2⤵
  PID:7892
- C:\Windows\System\UciYetC.exe
  C:\Windows\System\UciYetC.exe
  2⤵
  PID:8024
- C:\Windows\System\CpeeOpj.exe
  C:\Windows\System\CpeeOpj.exe
  2⤵
  PID:7240
- C:\Windows\System\pijsYIU.exe
  C:\Windows\System\pijsYIU.exe
  2⤵
  PID:7500
- C:\Windows\System\fvGiUYr.exe
  C:\Windows\System\fvGiUYr.exe
  2⤵
  PID:7836
- C:\Windows\System\UJUnvEu.exe
  C:\Windows\System\UJUnvEu.exe
  2⤵
  PID:7380
- C:\Windows\System\JHdZRlm.exe
  C:\Windows\System\JHdZRlm.exe
  2⤵
  PID:8088
- C:\Windows\System\qLIkvXC.exe
  C:\Windows\System\qLIkvXC.exe
  2⤵
  PID:7812
- C:\Windows\System\tmiCgSc.exe
  C:\Windows\System\tmiCgSc.exe
  2⤵
  PID:8216
- C:\Windows\System\KPalDxH.exe
  C:\Windows\System\KPalDxH.exe
  2⤵
  PID:8244
- C:\Windows\System\cCdbdVR.exe
  C:\Windows\System\cCdbdVR.exe
  2⤵
  PID:8272
- C:\Windows\System\VmInJRZ.exe
  C:\Windows\System\VmInJRZ.exe
  2⤵
  PID:8300
- C:\Windows\System\fEYQDvo.exe
  C:\Windows\System\fEYQDvo.exe
  2⤵
  PID:8332
- C:\Windows\System\UivQVXF.exe
  C:\Windows\System\UivQVXF.exe
  2⤵
  PID:8364
- C:\Windows\System\AxogcxY.exe
  C:\Windows\System\AxogcxY.exe
  2⤵
  PID:8384
- C:\Windows\System\CbjFhNR.exe
  C:\Windows\System\CbjFhNR.exe
  2⤵
  PID:8412
- C:\Windows\System\uZsaYOx.exe
  C:\Windows\System\uZsaYOx.exe
  2⤵
  PID:8440
- C:\Windows\System\NoBvobF.exe
  C:\Windows\System\NoBvobF.exe
  2⤵
  PID:8468
- C:\Windows\System\TJLnAFG.exe
  C:\Windows\System\TJLnAFG.exe
  2⤵
  PID:8496
- C:\Windows\System\AJaCCiZ.exe
  C:\Windows\System\AJaCCiZ.exe
  2⤵
  PID:8524
- C:\Windows\System\zWwinQY.exe
  C:\Windows\System\zWwinQY.exe
  2⤵
  PID:8552
- C:\Windows\System\aLuOAqj.exe
  C:\Windows\System\aLuOAqj.exe
  2⤵
  PID:8580
- C:\Windows\System\GoTEFvX.exe
  C:\Windows\System\GoTEFvX.exe
  2⤵
  PID:8608
- C:\Windows\System\qqHUYcE.exe
  C:\Windows\System\qqHUYcE.exe
  2⤵
  PID:8648
- C:\Windows\System\tZCGfFQ.exe
  C:\Windows\System\tZCGfFQ.exe
  2⤵
  PID:8668
- C:\Windows\System\qaVCHsR.exe
  C:\Windows\System\qaVCHsR.exe
  2⤵
  PID:8696
- C:\Windows\System\qUPtaUZ.exe
  C:\Windows\System\qUPtaUZ.exe
  2⤵
  PID:8724
- C:\Windows\System\UpICAXF.exe
  C:\Windows\System\UpICAXF.exe
  2⤵
  PID:8760
- C:\Windows\System\PNbBHcH.exe
  C:\Windows\System\PNbBHcH.exe
  2⤵
  PID:8780
- C:\Windows\System\rPSmDQx.exe
  C:\Windows\System\rPSmDQx.exe
  2⤵
  PID:8808
- C:\Windows\System\UvskhZi.exe
  C:\Windows\System\UvskhZi.exe
  2⤵
  PID:8836
- C:\Windows\System\acGZJrZ.exe
  C:\Windows\System\acGZJrZ.exe
  2⤵
  PID:8864
- C:\Windows\System\LhbqWmH.exe
  C:\Windows\System\LhbqWmH.exe
  2⤵
  PID:8900
- C:\Windows\System\uPXltxb.exe
  C:\Windows\System\uPXltxb.exe
  2⤵
  PID:8928
- C:\Windows\System\BgRqpRn.exe
  C:\Windows\System\BgRqpRn.exe
  2⤵
  PID:8948
- C:\Windows\System\GfFYuCH.exe
  C:\Windows\System\GfFYuCH.exe
  2⤵
  PID:8980
- C:\Windows\System\wfyPSDY.exe
  C:\Windows\System\wfyPSDY.exe
  2⤵
  PID:9004
- C:\Windows\System\kuaYsAw.exe
  C:\Windows\System\kuaYsAw.exe
  2⤵
  PID:9032
- C:\Windows\System\thsVZfo.exe
  C:\Windows\System\thsVZfo.exe
  2⤵
  PID:9060
- C:\Windows\System\UiKchMt.exe
  C:\Windows\System\UiKchMt.exe
  2⤵
  PID:9096
- C:\Windows\System\OaQzueL.exe
  C:\Windows\System\OaQzueL.exe
  2⤵
  PID:9116
- C:\Windows\System\kQHJCjN.exe
  C:\Windows\System\kQHJCjN.exe
  2⤵
  PID:9148
- C:\Windows\System\kVYMMon.exe
  C:\Windows\System\kVYMMon.exe
  2⤵
  PID:9184
- C:\Windows\System\NWYXkwO.exe
  C:\Windows\System\NWYXkwO.exe
  2⤵
  PID:9200
- C:\Windows\System\kVDrtjB.exe
  C:\Windows\System\kVDrtjB.exe
  2⤵
  PID:8228
- C:\Windows\System\IyEMDaR.exe
  C:\Windows\System\IyEMDaR.exe
  2⤵
  PID:8312
- C:\Windows\System\BxOUnpf.exe
  C:\Windows\System\BxOUnpf.exe
  2⤵
  PID:8352
- C:\Windows\System\crzpscH.exe
  C:\Windows\System\crzpscH.exe
  2⤵
  PID:8424
- C:\Windows\System\IGMvoaO.exe
  C:\Windows\System\IGMvoaO.exe
  2⤵
  PID:8488
- C:\Windows\System\NPbYNXt.exe
  C:\Windows\System\NPbYNXt.exe
  2⤵
  PID:8572
- C:\Windows\System\nJdNoUx.exe
  C:\Windows\System\nJdNoUx.exe
  2⤵
  PID:8624
- C:\Windows\System\apDkqCW.exe
  C:\Windows\System\apDkqCW.exe
  2⤵
  PID:8692
- C:\Windows\System\mvuDvMO.exe
  C:\Windows\System\mvuDvMO.exe
  2⤵
  PID:8768
- C:\Windows\System\ReYUzHj.exe
  C:\Windows\System\ReYUzHj.exe
  2⤵
  PID:8824
- C:\Windows\System\pEVEHED.exe
  C:\Windows\System\pEVEHED.exe
  2⤵
  PID:8908
- C:\Windows\System\qCjkZeL.exe
  C:\Windows\System\qCjkZeL.exe
  2⤵
  PID:8960
- C:\Windows\System\pDDCGHN.exe
  C:\Windows\System\pDDCGHN.exe
  2⤵
  PID:9028
- C:\Windows\System\cjanCBB.exe
  C:\Windows\System\cjanCBB.exe
  2⤵
  PID:9180
- C:\Windows\System\DfgvrHL.exe
  C:\Windows\System\DfgvrHL.exe
  2⤵
  PID:8208
- C:\Windows\System\fspQWrB.exe
  C:\Windows\System\fspQWrB.exe
  2⤵
  PID:8348
- C:\Windows\System\nnEqXdJ.exe
  C:\Windows\System\nnEqXdJ.exe
  2⤵
  PID:8544
- C:\Windows\System\lKcxkaY.exe
  C:\Windows\System\lKcxkaY.exe
  2⤵
  PID:8800
- C:\Windows\System\HuRGHgX.exe
  C:\Windows\System\HuRGHgX.exe
  2⤵
  PID:8940
- C:\Windows\System\Ssuidsu.exe
  C:\Windows\System\Ssuidsu.exe
  2⤵
  PID:5684
- C:\Windows\System\mVlXXAY.exe
  C:\Windows\System\mVlXXAY.exe
  2⤵
  PID:9196
- C:\Windows\System\dCkExBc.exe
  C:\Windows\System\dCkExBc.exe
  2⤵
  PID:8536
- C:\Windows\System\ILiYMLa.exe
  C:\Windows\System\ILiYMLa.exe
  2⤵
  PID:9016
- C:\Windows\System\RVZUrvN.exe
  C:\Windows\System\RVZUrvN.exe
  2⤵
  PID:8408
- C:\Windows\System\XEfoliH.exe
  C:\Windows\System\XEfoliH.exe
  2⤵
  PID:8916
- C:\Windows\System\SAhEibP.exe
  C:\Windows\System\SAhEibP.exe
  2⤵
  PID:1988
- C:\Windows\System\sFVkVQh.exe
  C:\Windows\System\sFVkVQh.exe
  2⤵
  PID:9240
- C:\Windows\System\lvKuzKP.exe
  C:\Windows\System\lvKuzKP.exe
  2⤵
  PID:9256
- C:\Windows\System\UERJovG.exe
  C:\Windows\System\UERJovG.exe
  2⤵
  PID:9288
- C:\Windows\System\SSxLOoB.exe
  C:\Windows\System\SSxLOoB.exe
  2⤵
  PID:9316
- C:\Windows\System\tWBCWhU.exe
  C:\Windows\System\tWBCWhU.exe
  2⤵
  PID:9344
- C:\Windows\System\GeiNxYE.exe
  C:\Windows\System\GeiNxYE.exe
  2⤵
  PID:9372
- C:\Windows\System\KROSQlU.exe
  C:\Windows\System\KROSQlU.exe
  2⤵
  PID:9400
- C:\Windows\System\aFPaQhc.exe
  C:\Windows\System\aFPaQhc.exe
  2⤵
  PID:9428
- C:\Windows\System\caVzRxR.exe
  C:\Windows\System\caVzRxR.exe
  2⤵
  PID:9460
- C:\Windows\System\QijRivS.exe
  C:\Windows\System\QijRivS.exe
  2⤵
  PID:9488
- C:\Windows\System\Izdbafn.exe
  C:\Windows\System\Izdbafn.exe
  2⤵
  PID:9512
- C:\Windows\System\Goaqsfo.exe
  C:\Windows\System\Goaqsfo.exe
  2⤵
  PID:9544
- C:\Windows\System\XVPJlkT.exe
  C:\Windows\System\XVPJlkT.exe
  2⤵
  PID:9572
- C:\Windows\System\FwwsPPT.exe
  C:\Windows\System\FwwsPPT.exe
  2⤵
  PID:9600
- C:\Windows\System\NgGVWzG.exe
  C:\Windows\System\NgGVWzG.exe
  2⤵
  PID:9628
- C:\Windows\System\CzEGtMK.exe
  C:\Windows\System\CzEGtMK.exe
  2⤵
  PID:9656
- C:\Windows\System\QTxecFr.exe
  C:\Windows\System\QTxecFr.exe
  2⤵
  PID:9688
- C:\Windows\System\yQSvLYH.exe
  C:\Windows\System\yQSvLYH.exe
  2⤵
  PID:9716
- C:\Windows\System\CKWoYFb.exe
  C:\Windows\System\CKWoYFb.exe
  2⤵
  PID:9748
- C:\Windows\System\QrdRIDI.exe
  C:\Windows\System\QrdRIDI.exe
  2⤵
  PID:9780
- C:\Windows\System\FGcYBYc.exe
  C:\Windows\System\FGcYBYc.exe
  2⤵
  PID:9808
- C:\Windows\System\KIphVAQ.exe
  C:\Windows\System\KIphVAQ.exe
  2⤵
  PID:9836
- C:\Windows\System\elkVfke.exe
  C:\Windows\System\elkVfke.exe
  2⤵
  PID:9864
- C:\Windows\System\kEhoiaD.exe
  C:\Windows\System\kEhoiaD.exe
  2⤵
  PID:9896
- C:\Windows\System\aQytdIo.exe
  C:\Windows\System\aQytdIo.exe
  2⤵
  PID:9920
- C:\Windows\System\VJKNTEL.exe
  C:\Windows\System\VJKNTEL.exe
  2⤵
  PID:9956
- C:\Windows\System\UUdXbDg.exe
  C:\Windows\System\UUdXbDg.exe
  2⤵
  PID:9976
- C:\Windows\System\jyXNtfw.exe
  C:\Windows\System\jyXNtfw.exe
  2⤵
  PID:10004
- C:\Windows\System\NFVrGnA.exe
  C:\Windows\System\NFVrGnA.exe
  2⤵
  PID:10036
- C:\Windows\System\HHqCHrI.exe
  C:\Windows\System\HHqCHrI.exe
  2⤵
  PID:10060
- C:\Windows\System\uKAQZFK.exe
  C:\Windows\System\uKAQZFK.exe
  2⤵
  PID:10088
- C:\Windows\System\pNkdjXb.exe
  C:\Windows\System\pNkdjXb.exe
  2⤵
  PID:10116
- C:\Windows\System\zGFAdaV.exe
  C:\Windows\System\zGFAdaV.exe
  2⤵
  PID:10144
- C:\Windows\System\ggQBcKk.exe
  C:\Windows\System\ggQBcKk.exe
  2⤵
  PID:10172
- C:\Windows\System\bQGtnKF.exe
  C:\Windows\System\bQGtnKF.exe
  2⤵
  PID:10212
- C:\Windows\System\yFjGkZE.exe
  C:\Windows\System\yFjGkZE.exe
  2⤵
  PID:10228
- C:\Windows\System\tmLcCKp.exe
  C:\Windows\System\tmLcCKp.exe
  2⤵
  PID:9252
- C:\Windows\System\ZuwBEQc.exe
  C:\Windows\System\ZuwBEQc.exe
  2⤵
  PID:2980
- C:\Windows\System\rfPGerY.exe
  C:\Windows\System\rfPGerY.exe
  2⤵
  PID:9368
- C:\Windows\System\SukgMnR.exe
  C:\Windows\System\SukgMnR.exe
  2⤵
  PID:9440
- C:\Windows\System\GnFNmEY.exe
  C:\Windows\System\GnFNmEY.exe
  2⤵
  PID:9496
- C:\Windows\System\LntqOPH.exe
  C:\Windows\System\LntqOPH.exe
  2⤵
  PID:6120
- C:\Windows\System\tnmZKoK.exe
  C:\Windows\System\tnmZKoK.exe
  2⤵
  PID:9592
- C:\Windows\System\ikXUCcb.exe
  C:\Windows\System\ikXUCcb.exe
  2⤵
  PID:9668
- C:\Windows\System\JACaLLf.exe
  C:\Windows\System\JACaLLf.exe
  2⤵
  PID:9728
- C:\Windows\System\NVZsgZg.exe
  C:\Windows\System\NVZsgZg.exe
  2⤵
  PID:9800
- C:\Windows\System\OZNcRzN.exe
  C:\Windows\System\OZNcRzN.exe
  2⤵
  PID:9856
- C:\Windows\System\npQocNF.exe
  C:\Windows\System\npQocNF.exe
  2⤵
  PID:9916
- C:\Windows\System\FKpGrTF.exe
  C:\Windows\System\FKpGrTF.exe
  2⤵
  PID:9996
- C:\Windows\System\cnWFKlk.exe
  C:\Windows\System\cnWFKlk.exe
  2⤵
  PID:10044
- C:\Windows\System\reSFtSI.exe
  C:\Windows\System\reSFtSI.exe
  2⤵
  PID:10108
- C:\Windows\System\YOiBSfi.exe
  C:\Windows\System\YOiBSfi.exe
  2⤵
  PID:10168
- C:\Windows\System\JhLrrAm.exe
  C:\Windows\System\JhLrrAm.exe
  2⤵
  PID:4256
- C:\Windows\System\gOALLVX.exe
  C:\Windows\System\gOALLVX.exe
  2⤵
  PID:9360
- C:\Windows\System\ZQzeUGa.exe
  C:\Windows\System\ZQzeUGa.exe
  2⤵
  PID:9504
- C:\Windows\System\zFitRjf.exe
  C:\Windows\System\zFitRjf.exe
  2⤵
  PID:9624
- C:\Windows\System\lYyJIKh.exe
  C:\Windows\System\lYyJIKh.exe
  2⤵
  PID:9796
- C:\Windows\System\pVpDQLE.exe
  C:\Windows\System\pVpDQLE.exe
  2⤵
  PID:9940
- C:\Windows\System\ZQRXIlL.exe
  C:\Windows\System\ZQRXIlL.exe
  2⤵
  PID:10072
- C:\Windows\System\UmpSdAA.exe
  C:\Windows\System\UmpSdAA.exe
  2⤵
  PID:10220
- C:\Windows\System\OPOvfdM.exe
  C:\Windows\System\OPOvfdM.exe
  2⤵
  PID:9476
- C:\Windows\System\DrpTyDy.exe
  C:\Windows\System\DrpTyDy.exe
  2⤵
  PID:9832
- C:\Windows\System\axYIvEB.exe
  C:\Windows\System\axYIvEB.exe
  2⤵
  PID:10208
- C:\Windows\System\RKhNRLp.exe
  C:\Windows\System\RKhNRLp.exe
  2⤵
  PID:9756
- C:\Windows\System\VuMAJcY.exe
  C:\Windows\System\VuMAJcY.exe
  2⤵
  PID:10136
- C:\Windows\System\vElupoX.exe
  C:\Windows\System\vElupoX.exe
  2⤵
  PID:10260
- C:\Windows\System\iAqdjSt.exe
  C:\Windows\System\iAqdjSt.exe
  2⤵
  PID:10288
- C:\Windows\System\yplwPCh.exe
  C:\Windows\System\yplwPCh.exe
  2⤵
  PID:10324
- C:\Windows\System\mwKbxUN.exe
  C:\Windows\System\mwKbxUN.exe
  2⤵
  PID:10344
- C:\Windows\System\FViTddg.exe
  C:\Windows\System\FViTddg.exe
  2⤵
  PID:10372
- C:\Windows\System\OERifqS.exe
  C:\Windows\System\OERifqS.exe
  2⤵
  PID:10404
- C:\Windows\System\JoqUPwo.exe
  C:\Windows\System\JoqUPwo.exe
  2⤵
  PID:10432
- C:\Windows\System\mGIXGLu.exe
  C:\Windows\System\mGIXGLu.exe
  2⤵
  PID:10460
- C:\Windows\System\zPHPgTS.exe
  C:\Windows\System\zPHPgTS.exe
  2⤵
  PID:10484
- C:\Windows\System\cgcpESX.exe
  C:\Windows\System\cgcpESX.exe
  2⤵
  PID:10520
- C:\Windows\System\LNgXyet.exe
  C:\Windows\System\LNgXyet.exe
  2⤵
  PID:10560
- C:\Windows\System\zbVlzqH.exe
  C:\Windows\System\zbVlzqH.exe
  2⤵
  PID:10612
- C:\Windows\System\tlRJjNp.exe
  C:\Windows\System\tlRJjNp.exe
  2⤵
  PID:10640
- C:\Windows\System\SQBRDpO.exe
  C:\Windows\System\SQBRDpO.exe
  2⤵
  PID:10668
- C:\Windows\System\kyKmnnj.exe
  C:\Windows\System\kyKmnnj.exe
  2⤵
  PID:10696
- C:\Windows\System\UtVNLod.exe
  C:\Windows\System\UtVNLod.exe
  2⤵
  PID:10724
- C:\Windows\System\iLibrqJ.exe
  C:\Windows\System\iLibrqJ.exe
  2⤵
  PID:10752
- C:\Windows\System\xmQaySP.exe
  C:\Windows\System\xmQaySP.exe
  2⤵
  PID:10784
- C:\Windows\System\aMqSbqK.exe
  C:\Windows\System\aMqSbqK.exe
  2⤵
  PID:10816
- C:\Windows\System\aNpldbq.exe
  C:\Windows\System\aNpldbq.exe
  2⤵
  PID:10836
- C:\Windows\System\pSlcZWk.exe
  C:\Windows\System\pSlcZWk.exe
  2⤵
  PID:10864
- C:\Windows\System\gTtjJTD.exe
  C:\Windows\System\gTtjJTD.exe
  2⤵
  PID:10892
- C:\Windows\System\SoTXFdL.exe
  C:\Windows\System\SoTXFdL.exe
  2⤵
  PID:10920
- C:\Windows\System\FTNGoAz.exe
  C:\Windows\System\FTNGoAz.exe
  2⤵
  PID:10948
- C:\Windows\System\hiCfawo.exe
  C:\Windows\System\hiCfawo.exe
  2⤵
  PID:10976
- C:\Windows\System\ShTrQUp.exe
  C:\Windows\System\ShTrQUp.exe
  2⤵
  PID:11004
- C:\Windows\System\GXvEikI.exe
  C:\Windows\System\GXvEikI.exe
  2⤵
  PID:11036
- C:\Windows\System\JTaFAUL.exe
  C:\Windows\System\JTaFAUL.exe
  2⤵
  PID:11072
- C:\Windows\System\VnZYnGK.exe
  C:\Windows\System\VnZYnGK.exe
  2⤵
  PID:11092
- C:\Windows\System\MqtfOGm.exe
  C:\Windows\System\MqtfOGm.exe
  2⤵
  PID:11120
- C:\Windows\System\jiBWhEU.exe
  C:\Windows\System\jiBWhEU.exe
  2⤵
  PID:11148
- C:\Windows\System\bDqEtyO.exe
  C:\Windows\System\bDqEtyO.exe
  2⤵
  PID:11176
- C:\Windows\System\UgvoJrt.exe
  C:\Windows\System\UgvoJrt.exe
  2⤵
  PID:11212
- C:\Windows\System\ROTuozY.exe
  C:\Windows\System\ROTuozY.exe
  2⤵
  PID:11232
- C:\Windows\System\sebZHyS.exe
  C:\Windows\System\sebZHyS.exe
  2⤵
  PID:11260
- C:\Windows\System\ZJrOSjy.exe
  C:\Windows\System\ZJrOSjy.exe
  2⤵
  PID:10304
- C:\Windows\System\jgRHYVC.exe
  C:\Windows\System\jgRHYVC.exe
  2⤵
  PID:10364
- C:\Windows\System\iCEnBqm.exe
  C:\Windows\System\iCEnBqm.exe
  2⤵
  PID:10428
- C:\Windows\System\OiOABgl.exe
  C:\Windows\System\OiOABgl.exe
  2⤵
  PID:10480
- C:\Windows\System\YlwvddC.exe
  C:\Windows\System\YlwvddC.exe
  2⤵
  PID:10572
- C:\Windows\System\ZUrVhdj.exe
  C:\Windows\System\ZUrVhdj.exe
  2⤵
  PID:8484
- C:\Windows\System\wIXWITg.exe
  C:\Windows\System\wIXWITg.exe
  2⤵
  PID:10624
- C:\Windows\System\yRfHMII.exe
  C:\Windows\System\yRfHMII.exe
  2⤵
  PID:10688
- C:\Windows\System\OcMVcVs.exe
  C:\Windows\System\OcMVcVs.exe
  2⤵
  PID:10748
- C:\Windows\System\hUdgymn.exe
  C:\Windows\System\hUdgymn.exe
  2⤵
  PID:10824
- C:\Windows\System\NDQoIwK.exe
  C:\Windows\System\NDQoIwK.exe
  2⤵
  PID:10888
- C:\Windows\System\owuoZpr.exe
  C:\Windows\System\owuoZpr.exe
  2⤵
  PID:10944
- C:\Windows\System\osrpOvd.exe
  C:\Windows\System\osrpOvd.exe
  2⤵
  PID:11044
- C:\Windows\System\CxGRhzG.exe
  C:\Windows\System\CxGRhzG.exe
  2⤵
  PID:11104
- C:\Windows\System\STXJdhA.exe
  C:\Windows\System\STXJdhA.exe
  2⤵
  PID:11168
- C:\Windows\System\oqYwIKJ.exe
  C:\Windows\System\oqYwIKJ.exe
  2⤵
  PID:11220
- C:\Windows\System\XBThsVX.exe
  C:\Windows\System\XBThsVX.exe
  2⤵
  PID:4532
- C:\Windows\System\SzyOojd.exe
  C:\Windows\System\SzyOojd.exe
  2⤵
  PID:4408
- C:\Windows\System\bymZGzO.exe
  C:\Windows\System\bymZGzO.exe
  2⤵
  PID:10532
- C:\Windows\System\muThGBW.exe
  C:\Windows\System\muThGBW.exe
  2⤵
  PID:10604
- C:\Windows\System\pdZIYgM.exe
  C:\Windows\System\pdZIYgM.exe
  2⤵
  PID:10736
- C:\Windows\System\EsnStcY.exe
  C:\Windows\System\EsnStcY.exe
  2⤵
  PID:10880
- C:\Windows\System\KZzQQsv.exe
  C:\Windows\System\KZzQQsv.exe
  2⤵
  PID:11028
- C:\Windows\System\InkJjaP.exe
  C:\Windows\System\InkJjaP.exe
  2⤵
  PID:11188
- C:\Windows\System\bvblBtB.exe
  C:\Windows\System\bvblBtB.exe
  2⤵
  PID:10360
- C:\Windows\System\mAvnUQo.exe
  C:\Windows\System\mAvnUQo.exe
  2⤵
  PID:10608
- C:\Windows\System\igGODEG.exe
  C:\Windows\System\igGODEG.exe
  2⤵
  PID:10848
- C:\Windows\System\WnDuHrI.exe
  C:\Windows\System\WnDuHrI.exe
  2⤵
  PID:11140
- C:\Windows\System\wOqzFJL.exe
  C:\Windows\System\wOqzFJL.exe
  2⤵
  PID:4476
- C:\Windows\System\hCkkYZq.exe
  C:\Windows\System\hCkkYZq.exe
  2⤵
  PID:9532
- C:\Windows\System\lrbVSuM.exe
  C:\Windows\System\lrbVSuM.exe
  2⤵
  PID:11280
- C:\Windows\System\CFJWJWI.exe
  C:\Windows\System\CFJWJWI.exe
  2⤵
  PID:11296
- C:\Windows\System\rrUaaWw.exe
  C:\Windows\System\rrUaaWw.exe
  2⤵
  PID:11324
- C:\Windows\System\yPNdofx.exe
  C:\Windows\System\yPNdofx.exe
  2⤵
  PID:11352
- C:\Windows\System\xrlNDjH.exe
  C:\Windows\System\xrlNDjH.exe
  2⤵
  PID:11380
- C:\Windows\System\WpUfOkF.exe
  C:\Windows\System\WpUfOkF.exe
  2⤵
  PID:11408
- C:\Windows\System\htNKHCg.exe
  C:\Windows\System\htNKHCg.exe
  2⤵
  PID:11444
- C:\Windows\System\dIAcAnN.exe
  C:\Windows\System\dIAcAnN.exe
  2⤵
  PID:11464
- C:\Windows\System\lUbSaiO.exe
  C:\Windows\System\lUbSaiO.exe
  2⤵
  PID:11492
- C:\Windows\System\fgPnVwA.exe
  C:\Windows\System\fgPnVwA.exe
  2⤵
  PID:11520
- C:\Windows\System\yuHoaLS.exe
  C:\Windows\System\yuHoaLS.exe
  2⤵
  PID:11552
- C:\Windows\System\yWsfTVc.exe
  C:\Windows\System\yWsfTVc.exe
  2⤵
  PID:11576
- C:\Windows\System\PxsoJip.exe
  C:\Windows\System\PxsoJip.exe
  2⤵
  PID:11604
- C:\Windows\System\jwdqMLv.exe
  C:\Windows\System\jwdqMLv.exe
  2⤵
  PID:11632
- C:\Windows\System\pydDysS.exe
  C:\Windows\System\pydDysS.exe
  2⤵
  PID:11664
- C:\Windows\System\KQKyFIB.exe
  C:\Windows\System\KQKyFIB.exe
  2⤵
  PID:11688
- C:\Windows\System\mJNsyMQ.exe
  C:\Windows\System\mJNsyMQ.exe
  2⤵
  PID:11716
- C:\Windows\System\UDMRkHb.exe
  C:\Windows\System\UDMRkHb.exe
  2⤵
  PID:11744
- C:\Windows\System\IVffPVX.exe
  C:\Windows\System\IVffPVX.exe
  2⤵
  PID:11772
- C:\Windows\System\ajoHGhx.exe
  C:\Windows\System\ajoHGhx.exe
  2⤵
  PID:11800
- C:\Windows\System\qyyCwGO.exe
  C:\Windows\System\qyyCwGO.exe
  2⤵
  PID:11828
- C:\Windows\System\yvPRHiC.exe
  C:\Windows\System\yvPRHiC.exe
  2⤵
  PID:11856
- C:\Windows\System\hSYnWZu.exe
  C:\Windows\System\hSYnWZu.exe
  2⤵
  PID:11892
- C:\Windows\System\sVMnIYL.exe
  C:\Windows\System\sVMnIYL.exe
  2⤵
  PID:11916
- C:\Windows\System\uKGUVfn.exe
  C:\Windows\System\uKGUVfn.exe
  2⤵
  PID:11940
- C:\Windows\System\iAEhUjS.exe
  C:\Windows\System\iAEhUjS.exe
  2⤵
  PID:11968
- C:\Windows\System\cWHCwEp.exe
  C:\Windows\System\cWHCwEp.exe
  2⤵
  PID:11996
- C:\Windows\System\GNLqvqA.exe
  C:\Windows\System\GNLqvqA.exe
  2⤵
  PID:12024
- C:\Windows\System\hYwFdCs.exe
  C:\Windows\System\hYwFdCs.exe
  2⤵
  PID:12060
- C:\Windows\System\SvZEbFJ.exe
  C:\Windows\System\SvZEbFJ.exe
  2⤵
  PID:12080
- C:\Windows\System\sPBDFYA.exe
  C:\Windows\System\sPBDFYA.exe
  2⤵
  PID:12112
- C:\Windows\System\YAbNHkJ.exe
  C:\Windows\System\YAbNHkJ.exe
  2⤵
  PID:12136
- C:\Windows\System\tzKQddY.exe
  C:\Windows\System\tzKQddY.exe
  2⤵
  PID:12164
- C:\Windows\System\NRTTIqX.exe
  C:\Windows\System\NRTTIqX.exe
  2⤵
  PID:12192
- C:\Windows\System\WgHiYLd.exe
  C:\Windows\System\WgHiYLd.exe
  2⤵
  PID:12220
- C:\Windows\System\WyyJbrF.exe
  C:\Windows\System\WyyJbrF.exe
  2⤵
  PID:12248
- C:\Windows\System\FPOySIS.exe
  C:\Windows\System\FPOySIS.exe
  2⤵
  PID:12276
- C:\Windows\System\QpDVNzi.exe
  C:\Windows\System\QpDVNzi.exe
  2⤵
  PID:11308
- C:\Windows\System\UddgveY.exe
  C:\Windows\System\UddgveY.exe
  2⤵
  PID:4704
- C:\Windows\System\byrbiSt.exe
  C:\Windows\System\byrbiSt.exe
  2⤵
  PID:11404
- C:\Windows\System\gzfwJvy.exe
  C:\Windows\System\gzfwJvy.exe
  2⤵
  PID:11460
- C:\Windows\System\roQXUAi.exe
  C:\Windows\System\roQXUAi.exe
  2⤵
  PID:11532
- C:\Windows\System\bFKGWCQ.exe
  C:\Windows\System\bFKGWCQ.exe
  2⤵
  PID:11596
- C:\Windows\System\vLbcIIO.exe
  C:\Windows\System\vLbcIIO.exe
  2⤵
  PID:11680
- C:\Windows\System\ELLJCVO.exe
  C:\Windows\System\ELLJCVO.exe
  2⤵
  PID:11728
- C:\Windows\System\uRPUGuT.exe
  C:\Windows\System\uRPUGuT.exe
  2⤵
  PID:11792
- C:\Windows\System\IgPTkAF.exe
  C:\Windows\System\IgPTkAF.exe
  2⤵
  PID:11876
- C:\Windows\System\PYHSKwM.exe
  C:\Windows\System\PYHSKwM.exe
  2⤵
  PID:11924
- C:\Windows\System\wkMhTyJ.exe
  C:\Windows\System\wkMhTyJ.exe
  2⤵
  PID:11992
- C:\Windows\System\TjGSvzD.exe
  C:\Windows\System\TjGSvzD.exe
  2⤵
  PID:12048
- C:\Windows\System\EubljUO.exe
  C:\Windows\System\EubljUO.exe
  2⤵
  PID:12124
- C:\Windows\System\xUupICs.exe
  C:\Windows\System\xUupICs.exe
  2⤵
  PID:12184
- C:\Windows\System\damyHPd.exe
  C:\Windows\System\damyHPd.exe
  2⤵
  PID:12244
- C:\Windows\System\rLLiygi.exe
  C:\Windows\System\rLLiygi.exe
  2⤵
  PID:11344
- C:\Windows\System\myiIVAA.exe
  C:\Windows\System\myiIVAA.exe
  2⤵
  PID:11488
- C:\Windows\System\jrbHnlC.exe
  C:\Windows\System\jrbHnlC.exe
  2⤵
  PID:11588
- C:\Windows\System\xRIsZTb.exe
  C:\Windows\System\xRIsZTb.exe
  2⤵
  PID:11756
- C:\Windows\System\vlHgyDt.exe
  C:\Windows\System\vlHgyDt.exe
  2⤵
  PID:11904
- C:\Windows\System\AZVdQBQ.exe
  C:\Windows\System\AZVdQBQ.exe
  2⤵
  PID:12044
- C:\Windows\System\oMcPOPy.exe
  C:\Windows\System\oMcPOPy.exe
  2⤵
  PID:12212
- C:\Windows\System\BsFTZgS.exe
  C:\Windows\System\BsFTZgS.exe
  2⤵
  PID:11516
- C:\Windows\System\EDDHVRz.exe
  C:\Windows\System\EDDHVRz.exe
  2⤵
  PID:11712
- C:\Windows\System\UuandLX.exe
  C:\Windows\System\UuandLX.exe
  2⤵
  PID:12020
- C:\Windows\System\KdYUetr.exe
  C:\Windows\System\KdYUetr.exe
  2⤵
  PID:11392
- C:\Windows\System\Oihhdaw.exe
  C:\Windows\System\Oihhdaw.exe
  2⤵
  PID:12176
- C:\Windows\System\NfaXVSK.exe
  C:\Windows\System\NfaXVSK.exe
  2⤵
  PID:11964
- C:\Windows\System\zLbLkkv.exe
  C:\Windows\System\zLbLkkv.exe
  2⤵
  PID:12316
- C:\Windows\System\AFDPbZy.exe
  C:\Windows\System\AFDPbZy.exe
  2⤵
  PID:12344
- C:\Windows\System\XANVsDS.exe
  C:\Windows\System\XANVsDS.exe
  2⤵
  PID:12384
- C:\Windows\System\IFItwWa.exe
  C:\Windows\System\IFItwWa.exe
  2⤵
  PID:12400
- C:\Windows\System\yvSJTWG.exe
  C:\Windows\System\yvSJTWG.exe
  2⤵
  PID:12428
- C:\Windows\System\OLivSqG.exe
  C:\Windows\System\OLivSqG.exe
  2⤵
  PID:12456
- C:\Windows\System\QbUIzWj.exe
  C:\Windows\System\QbUIzWj.exe
  2⤵
  PID:12488
- C:\Windows\System\ozKYqtO.exe
  C:\Windows\System\ozKYqtO.exe
  2⤵
  PID:12512
- C:\Windows\System\heSMsQP.exe
  C:\Windows\System\heSMsQP.exe
  2⤵
  PID:12540
- C:\Windows\System\AquJbZQ.exe
  C:\Windows\System\AquJbZQ.exe
  2⤵
  PID:12568
- C:\Windows\System\sYQJBmW.exe
  C:\Windows\System\sYQJBmW.exe
  2⤵
  PID:12596
- C:\Windows\System\stoqtRh.exe
  C:\Windows\System\stoqtRh.exe
  2⤵
  PID:12624
- C:\Windows\System\UCjqMxt.exe
  C:\Windows\System\UCjqMxt.exe
  2⤵
  PID:12652
- C:\Windows\System\WJfiYls.exe
  C:\Windows\System\WJfiYls.exe
  2⤵
  PID:12680
- C:\Windows\System\YEAinLZ.exe
  C:\Windows\System\YEAinLZ.exe
  2⤵
  PID:12708
- C:\Windows\System\hvauiYG.exe
  C:\Windows\System\hvauiYG.exe
  2⤵
  PID:12736
- C:\Windows\System\VCyULOy.exe
  C:\Windows\System\VCyULOy.exe
  2⤵
  PID:12764
- C:\Windows\System\IvmiFRr.exe
  C:\Windows\System\IvmiFRr.exe
  2⤵
  PID:12792
- C:\Windows\System\HeVUBHE.exe
  C:\Windows\System\HeVUBHE.exe
  2⤵
  PID:12820
- C:\Windows\System\opeMJYr.exe
  C:\Windows\System\opeMJYr.exe
  2⤵
  PID:12848
- C:\Windows\System\wIdFQYV.exe
  C:\Windows\System\wIdFQYV.exe
  2⤵
  PID:12876
- C:\Windows\System\yhlBTep.exe
  C:\Windows\System\yhlBTep.exe
  2⤵
  PID:12904
- C:\Windows\System\nyBlBzy.exe
  C:\Windows\System\nyBlBzy.exe
  2⤵
  PID:12932
- C:\Windows\System\IXFociX.exe
  C:\Windows\System\IXFociX.exe
  2⤵
  PID:12960
- C:\Windows\System\zupxucK.exe
  C:\Windows\System\zupxucK.exe
  2⤵
  PID:12988
- C:\Windows\System\cHXcHvv.exe
  C:\Windows\System\cHXcHvv.exe
  2⤵
  PID:13016
- C:\Windows\System\xavYOxp.exe
  C:\Windows\System\xavYOxp.exe
  2⤵
  PID:13044
- C:\Windows\System\XHfVJYf.exe
  C:\Windows\System\XHfVJYf.exe
  2⤵
  PID:13072
- C:\Windows\System\QuiTIqS.exe
  C:\Windows\System\QuiTIqS.exe
  2⤵
  PID:13100
- C:\Windows\System\raTkfwE.exe
  C:\Windows\System\raTkfwE.exe
  2⤵
  PID:13128
- C:\Windows\System\LzISuRY.exe
  C:\Windows\System\LzISuRY.exe
  2⤵
  PID:13156
- C:\Windows\System\qJtCjma.exe
  C:\Windows\System\qJtCjma.exe
  2⤵
  PID:13184
- C:\Windows\System\CJPZvxT.exe
  C:\Windows\System\CJPZvxT.exe
  2⤵
  PID:13212
- C:\Windows\System\bHpkWyd.exe
  C:\Windows\System\bHpkWyd.exe
  2⤵
  PID:13240
- C:\Windows\System\PccwFGR.exe
  C:\Windows\System\PccwFGR.exe
  2⤵
  PID:13276
- C:\Windows\System\vLfRpTQ.exe
  C:\Windows\System\vLfRpTQ.exe
  2⤵
  PID:13296
- C:\Windows\System\WJIuVZD.exe
  C:\Windows\System\WJIuVZD.exe
  2⤵
  PID:12340
- C:\Windows\System\QNLTkqB.exe
  C:\Windows\System\QNLTkqB.exe
  2⤵
  PID:12368
- C:\Windows\System\WeFynYl.exe
  C:\Windows\System\WeFynYl.exe
  2⤵
  PID:12448
- C:\Windows\System\iYyimCw.exe
  C:\Windows\System\iYyimCw.exe
  2⤵
  PID:12508
- C:\Windows\System\kIVKXqa.exe
  C:\Windows\System\kIVKXqa.exe
  2⤵
  PID:12580
- C:\Windows\System\ewUkqEW.exe
  C:\Windows\System\ewUkqEW.exe
  2⤵
  PID:12620
- C:\Windows\System\bEDBoBN.exe
  C:\Windows\System\bEDBoBN.exe
  2⤵
  PID:12692
- C:\Windows\System\VGDwLYO.exe
  C:\Windows\System\VGDwLYO.exe
  2⤵
  PID:12756
- C:\Windows\System\VMjiqGV.exe
  C:\Windows\System\VMjiqGV.exe
  2⤵
  PID:12816
- C:\Windows\System\BUAOohY.exe
  C:\Windows\System\BUAOohY.exe
  2⤵
  PID:12916
- C:\Windows\System\ikSJlHP.exe
  C:\Windows\System\ikSJlHP.exe
  2⤵
  PID:12956
- C:\Windows\System\uJwjYbs.exe
  C:\Windows\System\uJwjYbs.exe
  2⤵
  PID:5076
- C:\Windows\System\RHkWMbh.exe
  C:\Windows\System\RHkWMbh.exe
  2⤵
  PID:13064
- C:\Windows\System\LvcMPTs.exe
  C:\Windows\System\LvcMPTs.exe
  2⤵
  PID:13148
- C:\Windows\System\izSVUSX.exe
  C:\Windows\System\izSVUSX.exe
  2⤵
  PID:13196
- C:\Windows\System\maNuBYb.exe
  C:\Windows\System\maNuBYb.exe
  2⤵
  PID:13236
- C:\Windows\System\JNPzIZj.exe
  C:\Windows\System\JNPzIZj.exe
  2⤵
  PID:13292
- C:\Windows\System\xXDePeQ.exe
  C:\Windows\System\xXDePeQ.exe
  2⤵
  PID:12376
- C:\Windows\System\ppAxNTA.exe
  C:\Windows\System\ppAxNTA.exe
  2⤵
  PID:12536
- C:\Windows\System\mdLYbIF.exe
  C:\Windows\System\mdLYbIF.exe
  2⤵
  PID:12672
- C:\Windows\System\cbzrYAG.exe
  C:\Windows\System\cbzrYAG.exe
  2⤵
  PID:12812
- C:\Windows\System\iPwfXCl.exe
  C:\Windows\System\iPwfXCl.exe
  2⤵
  PID:12984
- C:\Windows\System\jFFVkWF.exe
  C:\Windows\System\jFFVkWF.exe
  2⤵
  PID:13112
- C:\Windows\System\MuDNSZD.exe
  C:\Windows\System\MuDNSZD.exe
  2⤵
  PID:13260
- C:\Windows\System\WEFLkSk.exe
  C:\Windows\System\WEFLkSk.exe
  2⤵
  PID:12444
- C:\Windows\System\fyoScwX.exe
  C:\Windows\System\fyoScwX.exe
  2⤵
  PID:12872
- C:\Windows\System\QILZTQB.exe
  C:\Windows\System\QILZTQB.exe
  2⤵
  PID:13092
- C:\Windows\System\IZQBmNW.exe
  C:\Windows\System\IZQBmNW.exe
  2⤵
  PID:12732
- C:\Windows\System\fgezgAU.exe
  C:\Windows\System\fgezgAU.exe
  2⤵
  PID:13028
- C:\Windows\System\nVveKNI.exe
  C:\Windows\System\nVveKNI.exe
  2⤵
  PID:3820
- C:\Windows\System\tyFHDpU.exe
  C:\Windows\System\tyFHDpU.exe
  2⤵
  PID:13324
- C:\Windows\System\MRfABMr.exe
  C:\Windows\System\MRfABMr.exe
  2⤵
  PID:13352
- C:\Windows\System\YMZdnnF.exe
  C:\Windows\System\YMZdnnF.exe
  2⤵
  PID:13380
- C:\Windows\System\YagXlga.exe
  C:\Windows\System\YagXlga.exe
  2⤵
  PID:13424
- C:\Windows\System\plfywEU.exe
  C:\Windows\System\plfywEU.exe
  2⤵
  PID:13468
- C:\Windows\System\PrOQIRr.exe
  C:\Windows\System\PrOQIRr.exe
  2⤵
  PID:13492
- C:\Windows\System\UXZPbne.exe
  C:\Windows\System\UXZPbne.exe
  2⤵
  PID:13520
- C:\Windows\System\gdqzKvY.exe
  C:\Windows\System\gdqzKvY.exe
  2⤵
  PID:13548
- C:\Windows\System\ofdsLiz.exe
  C:\Windows\System\ofdsLiz.exe
  2⤵
  PID:13576
- C:\Windows\System\ypduxrL.exe
  C:\Windows\System\ypduxrL.exe
  2⤵
  PID:13608
- C:\Windows\System\gWTFWgk.exe
  C:\Windows\System\gWTFWgk.exe
  2⤵
  PID:13636
- C:\Windows\System\cAhRJlF.exe
  C:\Windows\System\cAhRJlF.exe
  2⤵
  PID:13660
- C:\Windows\System\DJuArTP.exe
  C:\Windows\System\DJuArTP.exe
  2⤵
  PID:13688
- C:\Windows\System\yIMteYw.exe
  C:\Windows\System\yIMteYw.exe
  2⤵
  PID:13716
- C:\Windows\System\KFFHBmL.exe
  C:\Windows\System\KFFHBmL.exe
  2⤵
  PID:13756
- C:\Windows\System\kSmKNqx.exe
  C:\Windows\System\kSmKNqx.exe
  2⤵
  PID:13780
- C:\Windows\System\ojrQAAx.exe
  C:\Windows\System\ojrQAAx.exe
  2⤵
  PID:13800
- C:\Windows\System\wecKjfw.exe
  C:\Windows\System\wecKjfw.exe
  2⤵
  PID:13828
- C:\Windows\System\LhMmqrK.exe
  C:\Windows\System\LhMmqrK.exe
  2⤵
  PID:13864
- C:\Windows\System\AmkqfwK.exe
  C:\Windows\System\AmkqfwK.exe
  2⤵
  PID:13892
- C:\Windows\System\aFumtMx.exe
  C:\Windows\System\aFumtMx.exe
  2⤵
  PID:13912
- C:\Windows\System\nbwmeAP.exe
  C:\Windows\System\nbwmeAP.exe
  2⤵
  PID:13940
- C:\Windows\System\hkrGeCJ.exe
  C:\Windows\System\hkrGeCJ.exe
  2⤵
  PID:13968
- C:\Windows\System\ngvGCJe.exe
  C:\Windows\System\ngvGCJe.exe
  2⤵
  PID:13996
- C:\Windows\System\iyvRknp.exe
  C:\Windows\System\iyvRknp.exe
  2⤵
  PID:14032
- C:\Windows\System\SuMiKYB.exe
  C:\Windows\System\SuMiKYB.exe
  2⤵
  PID:14052
- C:\Windows\System\EsbTXGp.exe
  C:\Windows\System\EsbTXGp.exe
  2⤵
  PID:14080
- C:\Windows\System\KJgOxuZ.exe
  C:\Windows\System\KJgOxuZ.exe
  2⤵
  PID:14108
- C:\Windows\System\WXZxqtx.exe
  C:\Windows\System\WXZxqtx.exe
  2⤵
  PID:14136
- C:\Windows\System\PPTcrRn.exe
  C:\Windows\System\PPTcrRn.exe
  2⤵
  PID:14168
- C:\Windows\System\tattkzT.exe
  C:\Windows\System\tattkzT.exe
  2⤵
  PID:14196
- C:\Windows\System\ZHTewOR.exe
  C:\Windows\System\ZHTewOR.exe
  2⤵
  PID:14224
- C:\Windows\System\pLTjJCG.exe
  C:\Windows\System\pLTjJCG.exe
  2⤵
  PID:14256
- C:\Windows\System\QEFWsUC.exe
  C:\Windows\System\QEFWsUC.exe
  2⤵
  PID:14280
- C:\Windows\System\dDHXXcy.exe
  C:\Windows\System\dDHXXcy.exe
  2⤵
  PID:14308
- C:\Windows\System\hmHVsSw.exe
  C:\Windows\System\hmHVsSw.exe
  2⤵
  PID:3244
- C:\Windows\System\NQiMPKU.exe
  C:\Windows\System\NQiMPKU.exe
  2⤵
  PID:13348
- C:\Windows\System\GBkPZoc.exe
  C:\Windows\System\GBkPZoc.exe
  2⤵
  PID:13320
- C:\Windows\System\onpToVf.exe
  C:\Windows\System\onpToVf.exe
  2⤵
  PID:13396
- C:\Windows\System\rlAIzEP.exe
  C:\Windows\System\rlAIzEP.exe
  2⤵
  PID:13456
- C:\Windows\System\dmwnhET.exe
  C:\Windows\System\dmwnhET.exe
  2⤵
  PID:13504
- C:\Windows\System\fexJfHD.exe
  C:\Windows\System\fexJfHD.exe
  2⤵
  PID:13572
- C:\Windows\System\JLwdshD.exe
  C:\Windows\System\JLwdshD.exe
  2⤵
  PID:13628
- C:\Windows\System\xVmMsZf.exe
  C:\Windows\System\xVmMsZf.exe
  2⤵
  PID:13704
- C:\Windows\System\nXgBXih.exe
  C:\Windows\System\nXgBXih.exe
  2⤵
  PID:13788
- C:\Windows\System\xJzRziz.exe
  C:\Windows\System\xJzRziz.exe
  2⤵
  PID:13824
- C:\Windows\System\GCBzOhW.exe
  C:\Windows\System\GCBzOhW.exe
  2⤵
  PID:13900
- C:\Windows\System\myigKtZ.exe
  C:\Windows\System\myigKtZ.exe
  2⤵
  PID:13980
- C:\Windows\System\PsYOIQP.exe
  C:\Windows\System\PsYOIQP.exe
  2⤵
  PID:14044
- C:\Windows\System\yJuzFOc.exe
  C:\Windows\System\yJuzFOc.exe
  2⤵
  PID:14092
- C:\Windows\System\izOjoLw.exe
  C:\Windows\System\izOjoLw.exe
  2⤵
  PID:14180
- C:\Windows\System\rFsAwFP.exe
  C:\Windows\System\rFsAwFP.exe
  2⤵
  PID:2360
- C:\Windows\System\zMvWMdZ.exe
  C:\Windows\System\zMvWMdZ.exe
  2⤵
  PID:14220
- C:\Windows\System\cJjaWDY.exe
  C:\Windows\System\cJjaWDY.exe
  2⤵
  PID:14272
- C:\Windows\System\NLqfSWn.exe
  C:\Windows\System\NLqfSWn.exe
  2⤵
  PID:14332
- C:\Windows\System\nBTzcDF.exe
  C:\Windows\System\nBTzcDF.exe
  2⤵
  PID:13400
- C:\Windows\System\pHlaxYm.exe
  C:\Windows\System\pHlaxYm.exe
  2⤵
  PID:2852
- C:\Windows\System\uVtOzpc.exe
  C:\Windows\System\uVtOzpc.exe
  2⤵
  PID:2796
- C:\Windows\System\mOLTeLi.exe
  C:\Windows\System\mOLTeLi.exe
  2⤵
  PID:2288
- C:\Windows\System\EblblvB.exe
  C:\Windows\System\EblblvB.exe
  2⤵
  PID:13740
- C:\Windows\System\YEDlJHq.exe
  C:\Windows\System\YEDlJHq.exe
  2⤵
  PID:13880
- C:\Windows\System\XJmqhQR.exe
  C:\Windows\System\XJmqhQR.exe
  2⤵
  PID:14016
- C:\Windows\System\KnBYuEs.exe
  C:\Windows\System\KnBYuEs.exe
  2⤵
  PID:14184
- C:\Windows\System\ZgScYab.exe
  C:\Windows\System\ZgScYab.exe
  2⤵
  PID:14244
- C:\Windows\System\jpvoQLx.exe
  C:\Windows\System\jpvoQLx.exe
  2⤵
  PID:13344
- C:\Windows\System\OXlrzky.exe
  C:\Windows\System\OXlrzky.exe
  2⤵
  PID:13532
- C:\Windows\System\swyByZB.exe
  C:\Windows\System\swyByZB.exe
  2⤵
  PID:13752
- C:\Windows\System\ETLKehU.exe
  C:\Windows\System\ETLKehU.exe
  2⤵
  PID:14008
- C:\Windows\System\bvtkIbt.exe
  C:\Windows\System\bvtkIbt.exe
  2⤵
  PID:14304
- C:\Windows\System\aFDioIv.exe
  C:\Windows\System\aFDioIv.exe
  2⤵
  PID:13684
- C:\Windows\System\epNffmE.exe
  C:\Windows\System\epNffmE.exe
  2⤵
  PID:14192
- C:\Windows\System\CPipZWZ.exe
  C:\Windows\System\CPipZWZ.exe
  2⤵
  PID:14188
- C:\Windows\System\pjuFech.exe
  C:\Windows\System\pjuFech.exe
  2⤵
  PID:14352
- C:\Windows\System\eYJPBvC.exe
  C:\Windows\System\eYJPBvC.exe
  2⤵
  PID:14380
- C:\Windows\System\mMqYsUP.exe
  C:\Windows\System\mMqYsUP.exe
  2⤵
  PID:14408
- C:\Windows\System\DLbygEd.exe
  C:\Windows\System\DLbygEd.exe
  2⤵
  PID:14436
- C:\Windows\System\xuPeTsd.exe
  C:\Windows\System\xuPeTsd.exe
  2⤵
  PID:14464
- C:\Windows\System\euIifHp.exe
  C:\Windows\System\euIifHp.exe
  2⤵
  PID:14492
- C:\Windows\System\OwtkUCY.exe
  C:\Windows\System\OwtkUCY.exe
  2⤵
  PID:14520
- C:\Windows\System\SYYxIwk.exe
  C:\Windows\System\SYYxIwk.exe
  2⤵
  PID:14548
- C:\Windows\System\hKXqwYY.exe
  C:\Windows\System\hKXqwYY.exe
  2⤵
  PID:14596
- C:\Windows\System\BLQFsbl.exe
  C:\Windows\System\BLQFsbl.exe
  2⤵
  PID:14612
- C:\Windows\System\JRLEbMr.exe
  C:\Windows\System\JRLEbMr.exe
  2⤵
  PID:14640
- C:\Windows\System\ionwmVd.exe
  C:\Windows\System\ionwmVd.exe
  2⤵
  PID:14668
- C:\Windows\System\jkiTgSp.exe
  C:\Windows\System\jkiTgSp.exe
  2⤵
  PID:14696
- C:\Windows\System\RoCNKdh.exe
  C:\Windows\System\RoCNKdh.exe
  2⤵
  PID:14724
- C:\Windows\System\rKWxrTD.exe
  C:\Windows\System\rKWxrTD.exe
  2⤵
  PID:14752
- C:\Windows\System\BIoQdYq.exe
  C:\Windows\System\BIoQdYq.exe
  2⤵
  PID:14780
- C:\Windows\System\CCfpbFz.exe
  C:\Windows\System\CCfpbFz.exe
  2⤵
  PID:14808
- C:\Windows\System\jofMzRs.exe
  C:\Windows\System\jofMzRs.exe
  2⤵
  PID:14836
- C:\Windows\System\TRZvezh.exe
  C:\Windows\System\TRZvezh.exe
  2⤵
  PID:14864
- C:\Windows\System\ZVdJEIN.exe
  C:\Windows\System\ZVdJEIN.exe
  2⤵
  PID:14892
- C:\Windows\System\KlZrtXL.exe
  C:\Windows\System\KlZrtXL.exe
  2⤵
  PID:14924
- C:\Windows\System\ANJoVuD.exe
  C:\Windows\System\ANJoVuD.exe
  2⤵
  PID:14960
- C:\Windows\System\RZzESFK.exe
  C:\Windows\System\RZzESFK.exe
  2⤵
  PID:14980
- C:\Windows\System\lCvEqcK.exe
  C:\Windows\System\lCvEqcK.exe
  2⤵
  PID:15008
- C:\Windows\System\rKbFuma.exe
  C:\Windows\System\rKbFuma.exe
  2⤵
  PID:15036
- C:\Windows\System\iEiHgLA.exe
  C:\Windows\System\iEiHgLA.exe
  2⤵
  PID:15064
- C:\Windows\System\CJIlAtC.exe
  C:\Windows\System\CJIlAtC.exe
  2⤵
  PID:15104
- C:\Windows\System\OPgAqoq.exe
  C:\Windows\System\OPgAqoq.exe
  2⤵
  PID:15148
- C:\Windows\System\TRFWEKg.exe
  C:\Windows\System\TRFWEKg.exe
  2⤵
  PID:15184
- C:\Windows\System\ZTPOexn.exe
  C:\Windows\System\ZTPOexn.exe
  2⤵
  PID:15224
- C:\Windows\System\MQRzkHy.exe
  C:\Windows\System\MQRzkHy.exe
  2⤵
  PID:15264
- C:\Windows\System\iYXcvZQ.exe
  C:\Windows\System\iYXcvZQ.exe
  2⤵
  PID:15292
- C:\Windows\System\DBiPLez.exe
  C:\Windows\System\DBiPLez.exe
  2⤵
  PID:15324
- C:\Windows\System\eMKJvnA.exe
  C:\Windows\System\eMKJvnA.exe
  2⤵
  PID:14348
- C:\Windows\System\NtloKZN.exe
  C:\Windows\System\NtloKZN.exe
  2⤵
  PID:14400
- C:\Windows\System\WfwkyDU.exe
  C:\Windows\System\WfwkyDU.exe
  2⤵
  PID:14460
- C:\Windows\System\xpImdCQ.exe
  C:\Windows\System\xpImdCQ.exe
  2⤵
  PID:14504
- C:\Windows\System\zeHhXlV.exe
  C:\Windows\System\zeHhXlV.exe
  2⤵
  PID:14544
- C:\Windows\System\CzDJeel.exe
  C:\Windows\System\CzDJeel.exe
  2⤵
  PID:14636
- C:\Windows\System\usmnlMS.exe
  C:\Windows\System\usmnlMS.exe
  2⤵
  PID:14716
- C:\Windows\System\HnZRBSF.exe
  C:\Windows\System\HnZRBSF.exe
  2⤵
  PID:14804
- C:\Windows\System\kPCUkwq.exe
  C:\Windows\System\kPCUkwq.exe
  2⤵
  PID:14876
- C:\Windows\System\QdvTPGB.exe
  C:\Windows\System\QdvTPGB.exe
  2⤵
  PID:14904
- C:\Windows\System\xkpvDTy.exe
  C:\Windows\System\xkpvDTy.exe
  2⤵
  PID:15004
- C:\Windows\System\bXlYjZm.exe
  C:\Windows\System\bXlYjZm.exe
  2⤵
  PID:15160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BUWJxBJ.exe

Filesize
6.1MB

MD5
152ea5ecbd661dd2729bb5002bf9d679

SHA1
99627bb688fcb4480bc42f041619fc9a0021d019

SHA256
9e84074938db996724abdbf8a77fae39d353cd406ef58465609aa17a53b1f527

SHA512
6b39d038bd940e6c2f15f1b70878911d9cdf844d2ce4eaf55b4d2f06099494c6cdce69210b078b88848924786c7fef44715d8159a7b04a5788305b3c9110c5e1

Download Submit
C:\Windows\System\CpUQOzt.exe

Filesize
6.1MB

MD5
9d253318dbc300be5b4b028f168f2274

SHA1
13410b02908cc77eb2b42448c491aeadd0256bd3

SHA256
3ed563bcf36477ca8733aabeb3d73eec01a73f036508fc01a5cbf70e0826d1a0

SHA512
6239ea67b5eb8dfe0169965a5d0fba7c68c3ffb9b04e12b073d6b6a833b43957e5224606dab86ea78cb39c1d23b6a07ac3d97519166334d776fac0fcfd34f75b

Download Submit
C:\Windows\System\EHTfSIj.exe

Filesize
6.1MB

MD5
cd7cef9b625d20ff3c70c26d0edd9ce9

SHA1
027b2eec682a7b32d96944efc6c77434bce383f4

SHA256
dba105135cc6b236bcba718596a29445ab466bb941bcac304ce449d97d27c7aa

SHA512
6653031b24047b193f0f87059c214ebb040a7fd4b657f0fc35dc3d673717ad2ddfa2454b9d56fb28596e42e229cfc06cc6fda444ec20ceb42f99491c93714f74

Download Submit
C:\Windows\System\ETmEAau.exe

Filesize
6.1MB

MD5
6b4b8c8cf9d554ab90e588125a06a5e7

SHA1
3e235682a7d512fa079b7bd22e757903e6af1300

SHA256
618ada8fe59309f32aeedad750e6a5f5349f6da77f48ac5a2ff568164a4a29d9

SHA512
ab7c587657530ace2b6992094d325b0285fd6112a64e9581007a9b703e221b38ddebe3c2708ca95e490e6685002448efa2b6edf1fd75aa74d8fc13324034e250

Download Submit
C:\Windows\System\FYWpdKN.exe

Filesize
6.1MB

MD5
2a6c29f6a2b3c34649dd9602fb267899

SHA1
7bab07238a8d109ac7f9e1d97826928b91edf4ca

SHA256
bbfc6ab35decdee529ca1eacb58c79ed36d3de9236d558279ab177d064fbca29

SHA512
7f97f7b042dcf25deb714d73980b68b73f5302813a06285b4c4120d7f3a10c7c43167dca02ed2e468252b76d94e8905bf343609a01d5fb7be8e5804f1a4e52e3

Download Submit
C:\Windows\System\HaKNSmz.exe

Filesize
6.1MB

MD5
057273edf71055fc221c24f10cbfbe2a

SHA1
7fa27ccfde581a67010de297b86ceaf3bddcb436

SHA256
71821ca1a1482f48b6c6ee21fe0e6691e4363828fad4d7f4a756eda01041793d

SHA512
a1ecd1868e6ea57325fe9052d4c7d208492cae0c69c3ce773924e9901183c9eb7b173d234cdacd603e6676dcb4539c5765fc5d362db4d7619f010812f691d86d

Download Submit
C:\Windows\System\JalJzBk.exe

Filesize
6.1MB

MD5
8e848dc7553aff0d43ee02ee3e8e9d79

SHA1
bce42a541d75bc79612326486f58de353f46046a

SHA256
98152a25a8438308dced932f3111197720de655df68fc1ead28a60d06022fa69

SHA512
d70705830f7cffd4474441d4b999c3701832edbea1123d41ac8a0269a7182937f838ad38f8d259b20b7f9206b26f6fadd2f94483f717e9abcf1c774169ccc204

Download Submit
C:\Windows\System\NhgXbPp.exe

Filesize
6.1MB

MD5
ac7158bfb6d48a478ddb16a94eead121

SHA1
2668513922b8f4d7ce45ebe8b4c96818314ef55d

SHA256
03a1e5fdd85296467ded1b3e1d63ecc293418078a3925c343ca60338f95ccdad

SHA512
4f2c50e242bb03e94ccc15ab3b76a53fbf9a76e293b82cf30553032ccec87851c2880e6bc70c485e2ea45ca61383f601d289d41bd424c531657b350640e8af12

Download Submit
C:\Windows\System\OjSaezT.exe

Filesize
6.1MB

MD5
673f1733c17b237f722aed4ad8584d77

SHA1
7038512b295df6e22ffc6bd4d4cbf76be1be1e78

SHA256
114522837f470a0d554d14e820f5cae6f5a59405ca5cef1a347b0ff869249567

SHA512
22d79852ceac858d1c705912feb7a3ac71fff5ddfc4903a25f8abb23eb3abd9d283fe6b379da3f2d8aeebf6ced2db5a3243afadf9b9f88c7afaa5fb40a11ff8f

Download Submit
C:\Windows\System\PQhuDJj.exe

Filesize
6.1MB

MD5
562699bc0a57fc27f7cd0925e543e8b3

SHA1
99d57841f0df76b9629047fb0021329c3d775dd1

SHA256
a78c01bc6ad8bd6a01ada89114a88a2e5d5e0962d1d8285a5eadba64592b8101

SHA512
13668102b3c44a1e770f0bc3d58bc4a52ede480c7e073bd1f641fb303bbe4290b3ec796b7dd644cbd20af9c98d4ce3a1593a8a767407d3a22cca4e28de109719

Download Submit
C:\Windows\System\PgtUDqn.exe

Filesize
6.1MB

MD5
a16036a27136dfa7e095ce37d6b3fe1b

SHA1
91c0aba996d20c83839196daaeb7fc05c021a340

SHA256
a13e3618490dbfb91c9dd3b3f8da3042f51ffce09e6828ba434bba2aea405c19

SHA512
efa68eb962c55e5efc65da866a5baff346961bbbd2b824b4e7c24b82a35305093f82abceeae49ab4228a29c18b995d5f035f968a20f9f9a11abb8f9540f9bd04

Download Submit
C:\Windows\System\QYXngca.exe

Filesize
6.1MB

MD5
6fac33d311f03c988c6032c865d26a08

SHA1
8db2b5f189511ca9b33571f0811f0bc26d07ff6b

SHA256
69bc52f48b1afd1b39883006ef1a0965773e20a6aa9fcb74c3e161583c2e21f6

SHA512
651e98fd3dc9fb8c40e103cae3dfa89aa3ab5c6ac636a417525309b28556b02ea5c377e9a739bc40da6db0fec37d2c1b2aefacbe25942508e73536bfbfab4bda

Download Submit
C:\Windows\System\RaJtDAl.exe

Filesize
6.1MB

MD5
0c5b38de1463d45d545c42cb11424d2c

SHA1
aec3e5b60eb08c177886829ac83c22025537dd82

SHA256
8a990cdfbb02870082402a72fedf0c29a343ebdaab6570c3400e283e018dbc62

SHA512
3b82383067cd58454faeee88827f86a12956eb3d36b39ff8afa035ab2744cf82cd4e3d502b00af1b899c5649d0d80c1fea5aac8fa522dedbfc31000c31df80ab

Download Submit
C:\Windows\System\RhHGumA.exe

Filesize
6.1MB

MD5
262d8ce70163dfcd032858ea9bc35a33

SHA1
8a44b7e0a5d675fb4856222592000e3c25c8dbe8

SHA256
4a57e2114df4229ebcd45c85685789bc101b16268d84871ee154125e98b1364b

SHA512
9208384d35ba312c34b144d5314f7072fed6e03758c72f78c546d512b4a73ea95c7fed6c5de5aac239a3693c7f499dc34df9627c44125cbf7559e24ae4c7b411

Download Submit
C:\Windows\System\RzJTBkC.exe

Filesize
6.1MB

MD5
567ef41e9524c27ee05f04c3f25c27fd

SHA1
28f2963170d35a0337049438d748db5848bff4dd

SHA256
140e70ed0558438de4701021e6df1a4a52ad4f02cfef409d998ca8b1b5ad60f8

SHA512
57cc1ddc4b9168b830c988e41bf0daee5286c8a34b18faf4946d65296e4a04213b00b87c50b638996701b0253d606ec3776e7998fda64b1f8527c8384aa389f3

Download Submit
C:\Windows\System\UCkLhfk.exe

Filesize
6.1MB

MD5
cd1cd62dbf291ac6cfd2662918bb09e5

SHA1
a9693d77d7f2229eb30d0c1180568a16b86d64f5

SHA256
20a7a86970d615316037ad2e92d71c03f457ec05cea442e033c4ac67fa953892

SHA512
cb4fe0b86b77345a5130ad750ad737adab6478afe7b88b34ff3af3731cb27d3d2503b4e1a3bfa7a5a8af40e54efe4ca555da00e46a0f49a503ffae74e3113e0b

Download Submit
C:\Windows\System\UiWtFfW.exe

Filesize
6.1MB

MD5
0f7d7ad9b2eba63ab997d34ddfc2259e

SHA1
53eb60b530b4fd4fd57d1be24abdb27da2820862

SHA256
99c6f1d724723cf75f25474797a7be84e369deb2338f9ad32ac9250b26fe24ee

SHA512
a86e618daf8c00aff04f326f1b0bcf8356e6fb76eeb577111a381c7ec6fd8f94adb1f858fc89e86593d2eb19d0858f61c5b3c886a6eecfff6b809adfb0f87c95

Download Submit
C:\Windows\System\WywgksB.exe

Filesize
6.1MB

MD5
ca31b8bbe95332f81563cc9bcb6f667d

SHA1
5c13767dfa44e5e876d0e67eaef7a0999f31be9d

SHA256
428a78ba2c50ddd9a75bfa650809af28422230e1228c6be2e5f65edbff2db260

SHA512
7aadcaeb83cb490062c964dc4c69ec1a3639647444927b7040b7251c80508aad0ea00590eae57fdc8d0b8a8ebc92b9229fd8749d1aaab63dc5760581e3ad5815

Download Submit
C:\Windows\System\aDvAKtX.exe

Filesize
6.1MB

MD5
21b18819ad653df93a396ef99b8a5883

SHA1
0b9d84796634df8c58b9203dd769ef99ed514330

SHA256
4dc070dd14402474b6a17017e1c05edee099623a92d3ae18895bac74359b8c22

SHA512
de18769a287178e1ecbe5d096f419e3cc3204f1ad456c630f6d63f97055c43b230f2d87e88be4454d89c821443e82b99685ba8e5e883a1c6585556ee11f200d7

Download Submit
C:\Windows\System\beFYjQh.exe

Filesize
6.1MB

MD5
2c913909aadaef5bbf5c4c0cea2ea347

SHA1
b2bebad1c77a6c21f4a1431b037847db84410cad

SHA256
3aabe9da6d660aab7c2cfb6964682eb59be2b43a7dfc49402b06bcf42a445dbd

SHA512
c86cce3aed8d7dd7eb67c6990aeef11c7a760bbb7c39b0282f579ab6849b19e6767a9061eeec76b6b9983bba1177d306527e1e7e6072c57d546073c76cb593f4

Download Submit
C:\Windows\System\fMNMNHZ.exe

Filesize
6.1MB

MD5
1e7b905faf287fd1ec6b4a003886b3cf

SHA1
db8bc19a50b8d98b509e0a4bf86b93efd37bc7ca

SHA256
956a334990114c4810c5bcc8373c711ef20eaa79d030422fb80f7de70ab8683c

SHA512
eab60cb2e6e0403bc19231b347bcf1d907dffe8b115453609ddd912862f1d44e8dd5674f5be1679e0a83adffcd083d1c169c8896c313a7f03d3cd856bddc4f3f

Download Submit
C:\Windows\System\fmTCevs.exe

Filesize
6.1MB

MD5
012a25a2252fa4ec82e9f6c8bc93635f

SHA1
c03a51e6499da12cf00524c999f6b47c6e5025a3

SHA256
c7a76b0503cc6f357d2cf8ed0f13be28dd201e8b567a71cd7f0fb2ef2019f45e

SHA512
f9076feae533b52fb7c0df1a03c70df2e88f474b78ef4163171750ed3ed5dff9bfdfe1fdb6ca481fd4bb3dbfa35e59c3a472e0169cce25c0b4862fd186e199a6

Download Submit
C:\Windows\System\gGSwvbY.exe

Filesize
6.1MB

MD5
d73b390003cae946888f68a5d6af95be

SHA1
dc2349049c675f880eec06155da76218021c2a53

SHA256
a8f30c4075b291a270f546933217a61501334b3019ef9dbe49561970df2e06be

SHA512
23142322c8ecc77b87f6a177e70b500e17d72163b840bdac882b98a0dc64f849475b463fd9cf80d61b376f18052346f1fec2db4d53eb285815e288f94c772f12

Download Submit
C:\Windows\System\lOwGbHj.exe

Filesize
6.1MB

MD5
62b219e1ee04affaa512ae1d287e437e

SHA1
08d26160eeb4c0bef9a1acf482fbc83c3182d315

SHA256
91a791620e89dfd42662224002f0f6bf72ca62f2a7edd646f024ef8648cc02b4

SHA512
99e2c35df96bedba786d8fed359b8ff1d531945e1ab0a37096a2aff4a1648dbfef41659948c16baedae3c2342eed5dafe9a2708d43ea25e09655060c83be6b1e

Download Submit
C:\Windows\System\nUuHUae.exe

Filesize
6.1MB

MD5
006025e96b2bc1c3b329dc597cdc4a65

SHA1
7c9e637351bfeec3aeaf70b8239c982e0f8789ec

SHA256
af0ae32a113419e566a6457fe653c2813f1e1b2cc6e3f2acb67d6ca7f4e43fd8

SHA512
29bebbe7b2fa74c86b7b0e9aff5ce72a9871f318ee60253f66793e223a903a6bc0d784bd8a4af18c96acc88f9368cad879f5ab1e73c06221df17aab22dddb25e

Download Submit
C:\Windows\System\plaRqYR.exe

Filesize
6.1MB

MD5
68fba7637bdd1f9f71cf072b48c96edc

SHA1
182de5110bb6cb7ad001924a8afd68710fef2996

SHA256
a488666475ca0b6390f11c68619ec3feecdb3161e61d8dea5c9a91b62bcd2f87

SHA512
0f2d38da8d2c3488e254fc633db522b587c9f712c9f8742a2b173070c1f4b2d514c75fc5db676314c34793f253349e9f44571abad99a40eb45cdea0f16348717

Download Submit
C:\Windows\System\sAFhBxD.exe

Filesize
6.1MB

MD5
98df9ba7a8114a93f014828181d58aa1

SHA1
e97795694822019e73a969cf8b15c65d72286e58

SHA256
5752aa739f8c3587a5d7294a20e4b716c782bd08869c2e6d2a9d253ef7168811

SHA512
9c364e91bdbe68e1cd31c8da11d4d54a049a4f0c93157035779e1dc58c6861b7eb220422399ef12b22e5ccc74f982ef89755ee639f12a2b0e40b914c70bbe1ce

Download Submit
C:\Windows\System\sSgmUGq.exe

Filesize
6.1MB

MD5
3548ec31de81cc43b87108ac57143671

SHA1
d5c852e3bb869df6d803f1862662af690a6bdd37

SHA256
710bd977507afa5c703cb16560436a3d6b77c65328b159935eb4111242d1dc2c

SHA512
361cfb70769550fcb22ff2b4193b091680cf1102916cc35e6c5ef4d897dda90009d990b9de03d4b5689cf9617f73e94f03c1593aa74185268194040221cec814

Download Submit
C:\Windows\System\vJjZvHF.exe

Filesize
6.1MB

MD5
b9b6f13880d39832817a88c2d77d75da

SHA1
98792c13295bcd41a5287de02722ff7a0194861b

SHA256
081f99eeb3dd1f544d7fd2bc83353c6f4ca27839cf36b1fefefe0544e9b0164b

SHA512
c4abf02f6fee3107d87b73b489d2f6bed4df3c2f99dbba2207f89a0721241e04070dc8fa808476e469e49d7ac76f570b0a302957492889a2cbdb35df5040d754

Download Submit
C:\Windows\System\wFeKxZh.exe

Filesize
6.1MB

MD5
75d479431a15ffce54b8e508d2bf5b9b

SHA1
50c82ac4634e58a09d822ab2cdfe490b072fd09b

SHA256
468d56b959546a70d1c28b567089e9b4c827336eebaa28288e8e3a0ef76222cc

SHA512
744d8f36e790d65cb91f1c0303fefde2fceb5fb0515c32734aaf981966299a5cc649d6f5f3b211b2e2871767b9bff5056daeef7eb0134e9df804ae923adcce16

Download Submit
C:\Windows\System\yWbJhNm.exe

Filesize
6.1MB

MD5
2104e111629eef599e3b2ef017af7a67

SHA1
fa1fc72c561d3792ac68a0995f3d0fa7661275be

SHA256
9f8cfd329618aad9b8b2954b346f17ca004bf39660ea9152c8bb81ad777e8de0

SHA512
dfad92df01bffdf27a67fea25b367dc3d1cfab00fd84c6d7f36387b0583af2a4e4486cb20c80cc606a198ce27a9cfc9c4c05ab6ae2a27a130ff23e0e740b03f3

Download Submit
C:\Windows\System\yZPtsVm.exe

Filesize
6.1MB

MD5
06226d2acd496fc8169190482ea6e8a8

SHA1
5e9763f2979aed45b6c74133666174698f66ce56

SHA256
115a7444b096c411b5efa7f60b51b9f28e545bad66547a67d07a6b22184566f8

SHA512
d6336f07e317e725083cc5ac561815da9aa46292e20d9469b5b95105d6e7fc5482f5e1da4d42b973074aad394fe1dfa48024d5bd18cbbb673761875da1416242

Download Submit
memory/560-106-0x00007FF652600000-0x00007FF652954000-memory.dmp

Filesize
3.3MB

Download
memory/560-2331-0x00007FF652600000-0x00007FF652954000-memory.dmp

Filesize
3.3MB

Download
memory/1044-86-0x00007FF600CD0000-0x00007FF601024000-memory.dmp

Filesize
3.3MB

Download
memory/1044-1905-0x00007FF600CD0000-0x00007FF601024000-memory.dmp

Filesize
3.3MB

Download
memory/1044-30-0x00007FF600CD0000-0x00007FF601024000-memory.dmp

Filesize
3.3MB

Download
memory/1416-144-0x00007FF639110000-0x00007FF639464000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2336-0x00007FF639110000-0x00007FF639464000-memory.dmp

Filesize
3.3MB

Download
memory/1556-111-0x00007FF64DD90000-0x00007FF64E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-165-0x00007FF64DD90000-0x00007FF64E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-153-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2338-0x00007FF68E6B0000-0x00007FF68EA04000-memory.dmp

Filesize
3.3MB

Download
memory/1756-481-0x00007FF600120000-0x00007FF600474000-memory.dmp

Filesize
3.3MB

Download
memory/1756-164-0x00007FF600120000-0x00007FF600474000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2339-0x00007FF600120000-0x00007FF600474000-memory.dmp

Filesize
3.3MB

Download
memory/1836-21-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-1892-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-68-0x00007FF72C260000-0x00007FF72C5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-104-0x00007FF740EF0000-0x00007FF741244000-memory.dmp

Filesize
3.3MB

Download
memory/2504-1907-0x00007FF740EF0000-0x00007FF741244000-memory.dmp

Filesize
3.3MB

Download
memory/2504-48-0x00007FF740EF0000-0x00007FF741244000-memory.dmp

Filesize
3.3MB

Download
memory/3048-182-0x00007FF6C4E40000-0x00007FF6C5194000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2344-0x00007FF6C4E40000-0x00007FF6C5194000-memory.dmp

Filesize
3.3MB

Download
memory/3048-738-0x00007FF6C4E40000-0x00007FF6C5194000-memory.dmp

Filesize
3.3MB

Download
memory/3356-149-0x00007FF6CE450000-0x00007FF6CE7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3356-2337-0x00007FF6CE450000-0x00007FF6CE7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3896-42-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3896-98-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3896-1906-0x00007FF6D9F50000-0x00007FF6DA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4028-234-0x00007FF6F6D60000-0x00007FF6F70B4000-memory.dmp

Filesize
3.3MB

Download
memory/4028-2342-0x00007FF6F6D60000-0x00007FF6F70B4000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2334-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp

Filesize
3.3MB

Download
memory/4368-180-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp

Filesize
3.3MB

Download
memory/4368-123-0x00007FF6CAAF0000-0x00007FF6CAE44000-memory.dmp

Filesize
3.3MB

Download
memory/4372-69-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2218-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-128-0x00007FF78B850000-0x00007FF78BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4384-63-0x00007FF64F500000-0x00007FF64F854000-memory.dmp

Filesize
3.3MB

Download
memory/4384-2141-0x00007FF64F500000-0x00007FF64F854000-memory.dmp

Filesize
3.3MB

Download
memory/4540-152-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2232-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp

Filesize
3.3MB

Download
memory/4540-88-0x00007FF76BB20000-0x00007FF76BE74000-memory.dmp

Filesize
3.3MB

Download
memory/4736-137-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2223-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-77-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-175-0x00007FF6902C0000-0x00007FF690614000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2340-0x00007FF6902C0000-0x00007FF690614000-memory.dmp

Filesize
3.3MB

Download
memory/4984-1886-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp

Filesize
3.3MB

Download
memory/4984-67-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp

Filesize
3.3MB

Download
memory/4984-10-0x00007FF6316F0000-0x00007FF631A44000-memory.dmp

Filesize
3.3MB

Download
memory/5104-23-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-76-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-1900-0x00007FF7E74A0000-0x00007FF7E77F4000-memory.dmp

Filesize
3.3MB

Download
memory/5160-166-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5160-611-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5160-2341-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5168-34-0x00007FF746CB0000-0x00007FF747004000-memory.dmp

Filesize
3.3MB

Download
memory/5168-92-0x00007FF746CB0000-0x00007FF747004000-memory.dmp

Filesize
3.3MB

Download
memory/5168-1903-0x00007FF746CB0000-0x00007FF747004000-memory.dmp

Filesize
3.3MB

Download
memory/5180-0-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp

Filesize
3.3MB

Download
memory/5180-1-0x00000268AF8A0000-0x00000268AF8B0000-memory.dmp

Filesize
64KB

Download
memory/5180-62-0x00007FF6D0200000-0x00007FF6D0554000-memory.dmp

Filesize
3.3MB

Download
memory/5228-737-0x00007FF7D40F0000-0x00007FF7D4444000-memory.dmp

Filesize
3.3MB

Download
memory/5228-2343-0x00007FF7D40F0000-0x00007FF7D4444000-memory.dmp

Filesize
3.3MB

Download
memory/5228-181-0x00007FF7D40F0000-0x00007FF7D4444000-memory.dmp

Filesize
3.3MB

Download
memory/5336-56-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp

Filesize
3.3MB

Download
memory/5336-2140-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp

Filesize
3.3MB

Download
memory/5336-116-0x00007FF639FD0000-0x00007FF63A324000-memory.dmp

Filesize
3.3MB

Download
memory/5472-2333-0x00007FF6AE620000-0x00007FF6AE974000-memory.dmp

Filesize
3.3MB

Download
memory/5472-117-0x00007FF6AE620000-0x00007FF6AE974000-memory.dmp

Filesize
3.3MB

Download
memory/5472-174-0x00007FF6AE620000-0x00007FF6AE974000-memory.dmp

Filesize
3.3MB

Download
memory/5596-99-0x00007FF775470000-0x00007FF7757C4000-memory.dmp

Filesize
3.3MB

Download
memory/5796-2229-0x00007FF677440000-0x00007FF677794000-memory.dmp

Filesize
3.3MB

Download
memory/5796-82-0x00007FF677440000-0x00007FF677794000-memory.dmp

Filesize
3.3MB

Download
memory/5796-145-0x00007FF677440000-0x00007FF677794000-memory.dmp

Filesize
3.3MB

Download
memory/5920-1896-0x00007FF60D040000-0x00007FF60D394000-memory.dmp

Filesize
3.3MB

Download
memory/5920-26-0x00007FF60D040000-0x00007FF60D394000-memory.dmp

Filesize
3.3MB

Download
memory/6088-2335-0x00007FF684CF0000-0x00007FF685044000-memory.dmp

Filesize
3.3MB

Download
memory/6088-138-0x00007FF684CF0000-0x00007FF685044000-memory.dmp

Filesize
3.3MB

Download