cobaltstrike | 6b817fa81f1d76daa8632884f028ed0615be1c807a711dc4ca06cd6280593b15

Analysis

max time kernel
125s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

38391ef41d27b4ef95a3ed7c0bb169c0
SHA1

2325a41e1f9e32e9048c512bd631bc931e2128a6
SHA256

6b817fa81f1d76daa8632884f028ed0615be1c807a711dc4ca06cd6280593b15
SHA512

416ac44e6b196d7c617d2f8369c3bab2b573f0851fd8c29940aea064ac9bf9a9a37ed6e249d72ad5e752585852cbfbfaf6952e6a2af144ed640930f22a3629ea
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0004000000022791-4.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422c-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422b-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422d-23.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422e-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024228-31.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002422f-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024231-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024232-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024230-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024233-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024234-75.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024235-80.dat	cobalt_reflective_dll
behavioral1/files/0x000c00000002404f-87.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000024051-94.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000024052-100.dat	cobalt_reflective_dll
behavioral1/files/0x000b00000002405e-106.dat	cobalt_reflective_dll
behavioral1/files/0x000c0000000240a4-113.dat	cobalt_reflective_dll
behavioral1/files/0x000c0000000240b0-129.dat	cobalt_reflective_dll
behavioral1/files/0x000c0000000240b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x000b0000000240af-127.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024236-140.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423a-146.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423b-153.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423d-164.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423e-168.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024241-184.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024240-198.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024242-196.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423f-182.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002423c-166.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024243-204.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/5852-0-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp	xmrig
behavioral1/files/0x0004000000022791-4.dat	xmrig
behavioral1/memory/2940-6-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp	xmrig
behavioral1/files/0x000700000002422c-10.dat	xmrig
behavioral1/memory/3784-15-0x00007FF776270000-0x00007FF7765C4000-memory.dmp	xmrig
behavioral1/memory/2192-18-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp	xmrig
behavioral1/files/0x000700000002422b-12.dat	xmrig
behavioral1/files/0x000700000002422d-23.dat	xmrig
behavioral1/files/0x000700000002422e-32.dat	xmrig
behavioral1/files/0x0008000000024228-31.dat	xmrig
behavioral1/files/0x000700000002422f-36.dat	xmrig
behavioral1/memory/3644-44-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	xmrig
behavioral1/files/0x0007000000024231-52.dat	xmrig
behavioral1/memory/2384-53-0x00007FF6104D0000-0x00007FF610824000-memory.dmp	xmrig
behavioral1/files/0x0007000000024232-58.dat	xmrig
behavioral1/memory/4316-59-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp	xmrig
behavioral1/memory/860-57-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp	xmrig
behavioral1/memory/5156-56-0x00007FF730FF0000-0x00007FF731344000-memory.dmp	xmrig
behavioral1/files/0x0007000000024230-45.dat	xmrig
behavioral1/memory/2924-39-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	xmrig
behavioral1/memory/4304-33-0x00007FF644390000-0x00007FF6446E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024233-64.dat	xmrig
behavioral1/memory/5852-67-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp	xmrig
behavioral1/memory/2940-73-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024234-75.dat	xmrig
behavioral1/memory/4684-74-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	xmrig
behavioral1/memory/2640-69-0x00007FF7692B0000-0x00007FF769604000-memory.dmp	xmrig
behavioral1/memory/3784-81-0x00007FF776270000-0x00007FF7765C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024235-80.dat	xmrig
behavioral1/memory/2192-86-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp	xmrig
behavioral1/files/0x000c00000002404f-87.dat	xmrig
behavioral1/memory/4836-90-0x00007FF6A1F40000-0x00007FF6A2294000-memory.dmp	xmrig
behavioral1/memory/2924-88-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	xmrig
behavioral1/memory/4700-83-0x00007FF64A2D0000-0x00007FF64A624000-memory.dmp	xmrig
behavioral1/files/0x000d000000024051-94.dat	xmrig
behavioral1/files/0x000c000000024052-100.dat	xmrig
behavioral1/memory/3228-101-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp	xmrig
behavioral1/memory/2384-96-0x00007FF6104D0000-0x00007FF610824000-memory.dmp	xmrig
behavioral1/memory/3644-95-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	xmrig
behavioral1/files/0x000b00000002405e-106.dat	xmrig
behavioral1/files/0x000c0000000240a4-113.dat	xmrig
behavioral1/files/0x000c0000000240b0-129.dat	xmrig
behavioral1/files/0x000c0000000240b1-136.dat	xmrig
behavioral1/memory/2540-135-0x00007FF6BF4D0000-0x00007FF6BF824000-memory.dmp	xmrig
behavioral1/memory/4684-134-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	xmrig
behavioral1/memory/560-133-0x00007FF78F860000-0x00007FF78FBB4000-memory.dmp	xmrig
behavioral1/files/0x000b0000000240af-127.dat	xmrig
behavioral1/memory/4568-125-0x00007FF72C4A0000-0x00007FF72C7F4000-memory.dmp	xmrig
behavioral1/memory/3464-116-0x00007FF736B10000-0x00007FF736E64000-memory.dmp	xmrig
behavioral1/memory/4920-110-0x00007FF7BAA80000-0x00007FF7BADD4000-memory.dmp	xmrig
behavioral1/memory/4316-107-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp	xmrig
behavioral1/memory/4956-105-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024236-140.dat	xmrig
behavioral1/memory/5536-144-0x00007FF621D00000-0x00007FF622054000-memory.dmp	xmrig
behavioral1/files/0x000700000002423a-146.dat	xmrig
behavioral1/files/0x000700000002423b-153.dat	xmrig
behavioral1/memory/3708-162-0x00007FF784900000-0x00007FF784C54000-memory.dmp	xmrig
behavioral1/files/0x000700000002423d-164.dat	xmrig
behavioral1/files/0x000700000002423e-168.dat	xmrig
behavioral1/files/0x0007000000024241-184.dat	xmrig
behavioral1/memory/4956-190-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp	xmrig
behavioral1/memory/4156-194-0x00007FF7D9B50000-0x00007FF7D9EA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024240-198.dat	xmrig
behavioral1/files/0x0007000000024242-196.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2940	OxbRlGl.exe
3784	vuqXlJn.exe
2192	JKUhVbJ.exe
4304	VgRhfVY.exe
3644	cfqkGWP.exe
2924	PUsPeyF.exe
2384	IaosywH.exe
5156	whVQszw.exe
860	CEiRAiZ.exe
4316	nUEqHcz.exe
2640	gjylifi.exe
4684	tMrKeQO.exe
4700	peegSUF.exe
4836	XeXKtcB.exe
3228	RGQcenF.exe
4956	YiPPXql.exe
4920	TrSMbFG.exe
3464	ehZJBCz.exe
4568	bliflAk.exe
560	mOMnGhR.exe
2540	ArZRDHy.exe
5536	DpQPiya.exe
3064	NwPhywC.exe
3708	EVrWXEi.exe
4328	jqMYYRw.exe
6068	Zguglgt.exe
5916	RngWnKn.exe
5188	mHWUUtf.exe
4156	jrgiial.exe
5084	SYJcUcH.exe
3580	vIsXhPV.exe
3212	IzdTWSp.exe
5364	VEpmgzK.exe
2928	gYQQwrL.exe
316	KTOanLO.exe
4040	naLweFX.exe
748	WwtZKkk.exe
944	ozBokNK.exe
2488	NczmvMw.exe
5748	niwysrQ.exe
2136	OstYAPV.exe
5740	JLKBqEt.exe
4656	OBBMsuP.exe
6116	ATNidJy.exe
4376	VvCdpnW.exe
1636	fGfFOfb.exe
5796	VzcGiZv.exe
5044	klvkLKq.exe
5140	mAjYSuV.exe
6012	LBVBdha.exe
6016	cceqklZ.exe
1348	tfvCxCm.exe
3840	sxLdvFI.exe
616	kWheYiV.exe
2452	UQoKYiK.exe
116	WbnoPMu.exe
5816	XNAlYlH.exe
2984	rSmahrz.exe
1180	HIRQZLg.exe
5396	pXkBEdp.exe
4412	ryiwwfO.exe
5256	olRvxin.exe
1568	yubBUsm.exe
5168	FCZPEto.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5852-0-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp	upx
behavioral1/files/0x0004000000022791-4.dat	upx
behavioral1/memory/2940-6-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp	upx
behavioral1/files/0x000700000002422c-10.dat	upx
behavioral1/memory/3784-15-0x00007FF776270000-0x00007FF7765C4000-memory.dmp	upx
behavioral1/memory/2192-18-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp	upx
behavioral1/files/0x000700000002422b-12.dat	upx
behavioral1/files/0x000700000002422d-23.dat	upx
behavioral1/files/0x000700000002422e-32.dat	upx
behavioral1/files/0x0008000000024228-31.dat	upx
behavioral1/files/0x000700000002422f-36.dat	upx
behavioral1/memory/3644-44-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	upx
behavioral1/files/0x0007000000024231-52.dat	upx
behavioral1/memory/2384-53-0x00007FF6104D0000-0x00007FF610824000-memory.dmp	upx
behavioral1/files/0x0007000000024232-58.dat	upx
behavioral1/memory/4316-59-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp	upx
behavioral1/memory/860-57-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp	upx
behavioral1/memory/5156-56-0x00007FF730FF0000-0x00007FF731344000-memory.dmp	upx
behavioral1/files/0x0007000000024230-45.dat	upx
behavioral1/memory/2924-39-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	upx
behavioral1/memory/4304-33-0x00007FF644390000-0x00007FF6446E4000-memory.dmp	upx
behavioral1/files/0x0007000000024233-64.dat	upx
behavioral1/memory/5852-67-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp	upx
behavioral1/memory/2940-73-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp	upx
behavioral1/files/0x0007000000024234-75.dat	upx
behavioral1/memory/4684-74-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	upx
behavioral1/memory/2640-69-0x00007FF7692B0000-0x00007FF769604000-memory.dmp	upx
behavioral1/memory/3784-81-0x00007FF776270000-0x00007FF7765C4000-memory.dmp	upx
behavioral1/files/0x0007000000024235-80.dat	upx
behavioral1/memory/2192-86-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp	upx
behavioral1/files/0x000c00000002404f-87.dat	upx
behavioral1/memory/4836-90-0x00007FF6A1F40000-0x00007FF6A2294000-memory.dmp	upx
behavioral1/memory/2924-88-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp	upx
behavioral1/memory/4700-83-0x00007FF64A2D0000-0x00007FF64A624000-memory.dmp	upx
behavioral1/files/0x000d000000024051-94.dat	upx
behavioral1/files/0x000c000000024052-100.dat	upx
behavioral1/memory/3228-101-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp	upx
behavioral1/memory/2384-96-0x00007FF6104D0000-0x00007FF610824000-memory.dmp	upx
behavioral1/memory/3644-95-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp	upx
behavioral1/files/0x000b00000002405e-106.dat	upx
behavioral1/files/0x000c0000000240a4-113.dat	upx
behavioral1/files/0x000c0000000240b0-129.dat	upx
behavioral1/files/0x000c0000000240b1-136.dat	upx
behavioral1/memory/2540-135-0x00007FF6BF4D0000-0x00007FF6BF824000-memory.dmp	upx
behavioral1/memory/4684-134-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp	upx
behavioral1/memory/560-133-0x00007FF78F860000-0x00007FF78FBB4000-memory.dmp	upx
behavioral1/files/0x000b0000000240af-127.dat	upx
behavioral1/memory/4568-125-0x00007FF72C4A0000-0x00007FF72C7F4000-memory.dmp	upx
behavioral1/memory/3464-116-0x00007FF736B10000-0x00007FF736E64000-memory.dmp	upx
behavioral1/memory/4920-110-0x00007FF7BAA80000-0x00007FF7BADD4000-memory.dmp	upx
behavioral1/memory/4316-107-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp	upx
behavioral1/memory/4956-105-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp	upx
behavioral1/files/0x0007000000024236-140.dat	upx
behavioral1/memory/5536-144-0x00007FF621D00000-0x00007FF622054000-memory.dmp	upx
behavioral1/files/0x000700000002423a-146.dat	upx
behavioral1/files/0x000700000002423b-153.dat	upx
behavioral1/memory/3708-162-0x00007FF784900000-0x00007FF784C54000-memory.dmp	upx
behavioral1/files/0x000700000002423d-164.dat	upx
behavioral1/files/0x000700000002423e-168.dat	upx
behavioral1/files/0x0007000000024241-184.dat	upx
behavioral1/memory/4956-190-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp	upx
behavioral1/memory/4156-194-0x00007FF7D9B50000-0x00007FF7D9EA4000-memory.dmp	upx
behavioral1/files/0x0007000000024240-198.dat	upx
behavioral1/files/0x0007000000024242-196.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UGBsTZB.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EyXISUJ.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gYQQwrL.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ChJjJVn.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UNxjrhY.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZpebcbV.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\FJyFZRB.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nqLKOTO.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SFiEdVe.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xjfWfkf.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cbQguKn.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xkTuQfS.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QwiCFxc.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xmwSSUA.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\brDDWsn.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WjqsloD.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yTbxpHL.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wLDQBOW.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\JyosjfG.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\yhKuFfk.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cmFNqbV.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HxYZWDd.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\hKVvWxw.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\odYNqjZ.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vOAOJFM.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Sacwcrj.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dExubCe.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eSmMdJF.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wMESdFT.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\Eezdyic.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\CSNNGTz.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AAYoyFN.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NEIRlDH.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PuGPtrs.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\oZfAyEY.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ECWMzhQ.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dfARFpI.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EynydMs.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wRkUJis.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zUfPevs.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\PdVrKyk.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MMqxlXB.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\NIPlYSN.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\froaLCC.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XlTXNXG.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SzcVCdf.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OKyJIHC.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\scrYubD.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zhQRvPU.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iNBkurR.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OnxhVcm.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\nBxIWfT.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\UhGmpeX.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SmOyzil.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\HWsabRH.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZgZEnwW.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\POuQnEQ.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AYkSUad.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TKmLfVk.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\fTyLfVv.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WMpPPvZ.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bUzGQnh.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xwIirCB.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dhFiddU.exe	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5852 wrote to memory of 2940	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5852 wrote to memory of 2940	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	87
PID 5852 wrote to memory of 3784	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5852 wrote to memory of 3784	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 5852 wrote to memory of 2192	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5852 wrote to memory of 2192	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 5852 wrote to memory of 4304	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5852 wrote to memory of 4304	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 5852 wrote to memory of 3644	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5852 wrote to memory of 3644	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 5852 wrote to memory of 2924	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5852 wrote to memory of 2924	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 5852 wrote to memory of 2384	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5852 wrote to memory of 2384	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 5852 wrote to memory of 5156	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5852 wrote to memory of 5156	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 5852 wrote to memory of 860	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5852 wrote to memory of 860	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 5852 wrote to memory of 4316	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5852 wrote to memory of 4316	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 5852 wrote to memory of 2640	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5852 wrote to memory of 2640	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	97
PID 5852 wrote to memory of 4684	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5852 wrote to memory of 4684	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 5852 wrote to memory of 4700	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5852 wrote to memory of 4700	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 5852 wrote to memory of 4836	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5852 wrote to memory of 4836	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 5852 wrote to memory of 3228	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5852 wrote to memory of 3228	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 5852 wrote to memory of 4956	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5852 wrote to memory of 4956	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 5852 wrote to memory of 4920	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5852 wrote to memory of 4920	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 5852 wrote to memory of 3464	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5852 wrote to memory of 3464	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 5852 wrote to memory of 4568	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5852 wrote to memory of 4568	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 5852 wrote to memory of 560	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5852 wrote to memory of 560	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 5852 wrote to memory of 2540	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5852 wrote to memory of 2540	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 5852 wrote to memory of 5536	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5852 wrote to memory of 5536	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 5852 wrote to memory of 3064	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5852 wrote to memory of 3064	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 5852 wrote to memory of 3708	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5852 wrote to memory of 3708	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 5852 wrote to memory of 4328	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5852 wrote to memory of 4328	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 5852 wrote to memory of 6068	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5852 wrote to memory of 6068	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 5852 wrote to memory of 5916	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5852 wrote to memory of 5916	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 5852 wrote to memory of 5188	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5852 wrote to memory of 5188	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	117
PID 5852 wrote to memory of 3580	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5852 wrote to memory of 3580	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	118
PID 5852 wrote to memory of 4156	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5852 wrote to memory of 4156	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 5852 wrote to memory of 5084	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5852 wrote to memory of 5084	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 5852 wrote to memory of 3212	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 5852 wrote to memory of 3212	5852	2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_38391ef41d27b4ef95a3ed7c0bb169c0_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5852
- C:\Windows\System\OxbRlGl.exe
  C:\Windows\System\OxbRlGl.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\vuqXlJn.exe
  C:\Windows\System\vuqXlJn.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\JKUhVbJ.exe
  C:\Windows\System\JKUhVbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\VgRhfVY.exe
  C:\Windows\System\VgRhfVY.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\cfqkGWP.exe
  C:\Windows\System\cfqkGWP.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\PUsPeyF.exe
  C:\Windows\System\PUsPeyF.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\IaosywH.exe
  C:\Windows\System\IaosywH.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\whVQszw.exe
  C:\Windows\System\whVQszw.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\CEiRAiZ.exe
  C:\Windows\System\CEiRAiZ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\nUEqHcz.exe
  C:\Windows\System\nUEqHcz.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\gjylifi.exe
  C:\Windows\System\gjylifi.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\tMrKeQO.exe
  C:\Windows\System\tMrKeQO.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\peegSUF.exe
  C:\Windows\System\peegSUF.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\XeXKtcB.exe
  C:\Windows\System\XeXKtcB.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\RGQcenF.exe
  C:\Windows\System\RGQcenF.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\YiPPXql.exe
  C:\Windows\System\YiPPXql.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\TrSMbFG.exe
  C:\Windows\System\TrSMbFG.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\ehZJBCz.exe
  C:\Windows\System\ehZJBCz.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\bliflAk.exe
  C:\Windows\System\bliflAk.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\mOMnGhR.exe
  C:\Windows\System\mOMnGhR.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\ArZRDHy.exe
  C:\Windows\System\ArZRDHy.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\DpQPiya.exe
  C:\Windows\System\DpQPiya.exe
  2⤵
  - Executes dropped EXE
  PID:5536
- C:\Windows\System\NwPhywC.exe
  C:\Windows\System\NwPhywC.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\EVrWXEi.exe
  C:\Windows\System\EVrWXEi.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\jqMYYRw.exe
  C:\Windows\System\jqMYYRw.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\Zguglgt.exe
  C:\Windows\System\Zguglgt.exe
  2⤵
  - Executes dropped EXE
  PID:6068
- C:\Windows\System\RngWnKn.exe
  C:\Windows\System\RngWnKn.exe
  2⤵
  - Executes dropped EXE
  PID:5916
- C:\Windows\System\mHWUUtf.exe
  C:\Windows\System\mHWUUtf.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\vIsXhPV.exe
  C:\Windows\System\vIsXhPV.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\jrgiial.exe
  C:\Windows\System\jrgiial.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\SYJcUcH.exe
  C:\Windows\System\SYJcUcH.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\IzdTWSp.exe
  C:\Windows\System\IzdTWSp.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\VEpmgzK.exe
  C:\Windows\System\VEpmgzK.exe
  2⤵
  - Executes dropped EXE
  PID:5364
- C:\Windows\System\gYQQwrL.exe
  C:\Windows\System\gYQQwrL.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\KTOanLO.exe
  C:\Windows\System\KTOanLO.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\naLweFX.exe
  C:\Windows\System\naLweFX.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\WwtZKkk.exe
  C:\Windows\System\WwtZKkk.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ozBokNK.exe
  C:\Windows\System\ozBokNK.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\NczmvMw.exe
  C:\Windows\System\NczmvMw.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\niwysrQ.exe
  C:\Windows\System\niwysrQ.exe
  2⤵
  - Executes dropped EXE
  PID:5748
- C:\Windows\System\OstYAPV.exe
  C:\Windows\System\OstYAPV.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\JLKBqEt.exe
  C:\Windows\System\JLKBqEt.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\OBBMsuP.exe
  C:\Windows\System\OBBMsuP.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\ATNidJy.exe
  C:\Windows\System\ATNidJy.exe
  2⤵
  - Executes dropped EXE
  PID:6116
- C:\Windows\System\VvCdpnW.exe
  C:\Windows\System\VvCdpnW.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\fGfFOfb.exe
  C:\Windows\System\fGfFOfb.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VzcGiZv.exe
  C:\Windows\System\VzcGiZv.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System\klvkLKq.exe
  C:\Windows\System\klvkLKq.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\mAjYSuV.exe
  C:\Windows\System\mAjYSuV.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\LBVBdha.exe
  C:\Windows\System\LBVBdha.exe
  2⤵
  - Executes dropped EXE
  PID:6012
- C:\Windows\System\cceqklZ.exe
  C:\Windows\System\cceqklZ.exe
  2⤵
  - Executes dropped EXE
  PID:6016
- C:\Windows\System\tfvCxCm.exe
  C:\Windows\System\tfvCxCm.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\sxLdvFI.exe
  C:\Windows\System\sxLdvFI.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\kWheYiV.exe
  C:\Windows\System\kWheYiV.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\UQoKYiK.exe
  C:\Windows\System\UQoKYiK.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\WbnoPMu.exe
  C:\Windows\System\WbnoPMu.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\XNAlYlH.exe
  C:\Windows\System\XNAlYlH.exe
  2⤵
  - Executes dropped EXE
  PID:5816
- C:\Windows\System\rSmahrz.exe
  C:\Windows\System\rSmahrz.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\HIRQZLg.exe
  C:\Windows\System\HIRQZLg.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\pXkBEdp.exe
  C:\Windows\System\pXkBEdp.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\ryiwwfO.exe
  C:\Windows\System\ryiwwfO.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\olRvxin.exe
  C:\Windows\System\olRvxin.exe
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Windows\System\yubBUsm.exe
  C:\Windows\System\yubBUsm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\FCZPEto.exe
  C:\Windows\System\FCZPEto.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\gPiKnKP.exe
  C:\Windows\System\gPiKnKP.exe
  2⤵
  PID:4852
- C:\Windows\System\dyappvb.exe
  C:\Windows\System\dyappvb.exe
  2⤵
  PID:2744
- C:\Windows\System\SzcVCdf.exe
  C:\Windows\System\SzcVCdf.exe
  2⤵
  PID:5288
- C:\Windows\System\xFpxpSW.exe
  C:\Windows\System\xFpxpSW.exe
  2⤵
  PID:1800
- C:\Windows\System\EHHKpzQ.exe
  C:\Windows\System\EHHKpzQ.exe
  2⤵
  PID:3092
- C:\Windows\System\EPVgvbf.exe
  C:\Windows\System\EPVgvbf.exe
  2⤵
  PID:1920
- C:\Windows\System\udNaPSr.exe
  C:\Windows\System\udNaPSr.exe
  2⤵
  PID:2324
- C:\Windows\System\HQsYvWv.exe
  C:\Windows\System\HQsYvWv.exe
  2⤵
  PID:2000
- C:\Windows\System\rRlrxcP.exe
  C:\Windows\System\rRlrxcP.exe
  2⤵
  PID:1752
- C:\Windows\System\ZKQHrrd.exe
  C:\Windows\System\ZKQHrrd.exe
  2⤵
  PID:4764
- C:\Windows\System\XJHwJND.exe
  C:\Windows\System\XJHwJND.exe
  2⤵
  PID:1808
- C:\Windows\System\aKtXhLN.exe
  C:\Windows\System\aKtXhLN.exe
  2⤵
  PID:552
- C:\Windows\System\pXGKwcw.exe
  C:\Windows\System\pXGKwcw.exe
  2⤵
  PID:4776
- C:\Windows\System\PXEnQRd.exe
  C:\Windows\System\PXEnQRd.exe
  2⤵
  PID:4484
- C:\Windows\System\gqgBltO.exe
  C:\Windows\System\gqgBltO.exe
  2⤵
  PID:4476
- C:\Windows\System\SgUzpYd.exe
  C:\Windows\System\SgUzpYd.exe
  2⤵
  PID:5008
- C:\Windows\System\ePJAScN.exe
  C:\Windows\System\ePJAScN.exe
  2⤵
  PID:5020
- C:\Windows\System\mVKogmU.exe
  C:\Windows\System\mVKogmU.exe
  2⤵
  PID:2376
- C:\Windows\System\bowECJF.exe
  C:\Windows\System\bowECJF.exe
  2⤵
  PID:4888
- C:\Windows\System\piGcLcl.exe
  C:\Windows\System\piGcLcl.exe
  2⤵
  PID:1556
- C:\Windows\System\gWlHalT.exe
  C:\Windows\System\gWlHalT.exe
  2⤵
  PID:1828
- C:\Windows\System\aJyPQbq.exe
  C:\Windows\System\aJyPQbq.exe
  2⤵
  PID:5940
- C:\Windows\System\xZtXxfv.exe
  C:\Windows\System\xZtXxfv.exe
  2⤵
  PID:3576
- C:\Windows\System\VzuDnWq.exe
  C:\Windows\System\VzuDnWq.exe
  2⤵
  PID:4896
- C:\Windows\System\CxhyMHI.exe
  C:\Windows\System\CxhyMHI.exe
  2⤵
  PID:2460
- C:\Windows\System\FGcYsDM.exe
  C:\Windows\System\FGcYsDM.exe
  2⤵
  PID:840
- C:\Windows\System\mCTQEfa.exe
  C:\Windows\System\mCTQEfa.exe
  2⤵
  PID:3976
- C:\Windows\System\QwiCFxc.exe
  C:\Windows\System\QwiCFxc.exe
  2⤵
  PID:2332
- C:\Windows\System\VpNTeFJ.exe
  C:\Windows\System\VpNTeFJ.exe
  2⤵
  PID:2956
- C:\Windows\System\IGWzUkD.exe
  C:\Windows\System\IGWzUkD.exe
  2⤵
  PID:3184
- C:\Windows\System\OptxoKB.exe
  C:\Windows\System\OptxoKB.exe
  2⤵
  PID:2168
- C:\Windows\System\ezCUhpx.exe
  C:\Windows\System\ezCUhpx.exe
  2⤵
  PID:4252
- C:\Windows\System\zfCUuVQ.exe
  C:\Windows\System\zfCUuVQ.exe
  2⤵
  PID:1484
- C:\Windows\System\bCEjHMb.exe
  C:\Windows\System\bCEjHMb.exe
  2⤵
  PID:5108
- C:\Windows\System\cmFNqbV.exe
  C:\Windows\System\cmFNqbV.exe
  2⤵
  PID:632
- C:\Windows\System\qnhkpvR.exe
  C:\Windows\System\qnhkpvR.exe
  2⤵
  PID:2800
- C:\Windows\System\dkvWMdX.exe
  C:\Windows\System\dkvWMdX.exe
  2⤵
  PID:1760
- C:\Windows\System\xmwSSUA.exe
  C:\Windows\System\xmwSSUA.exe
  2⤵
  PID:5864
- C:\Windows\System\lyVTOCB.exe
  C:\Windows\System\lyVTOCB.exe
  2⤵
  PID:3764
- C:\Windows\System\KySUQFD.exe
  C:\Windows\System\KySUQFD.exe
  2⤵
  PID:3140
- C:\Windows\System\dUFBnoo.exe
  C:\Windows\System\dUFBnoo.exe
  2⤵
  PID:5040
- C:\Windows\System\uJjGaDB.exe
  C:\Windows\System\uJjGaDB.exe
  2⤵
  PID:1416
- C:\Windows\System\brDDWsn.exe
  C:\Windows\System\brDDWsn.exe
  2⤵
  PID:4160
- C:\Windows\System\qUklnOG.exe
  C:\Windows\System\qUklnOG.exe
  2⤵
  PID:5588
- C:\Windows\System\ipmRlOq.exe
  C:\Windows\System\ipmRlOq.exe
  2⤵
  PID:3412
- C:\Windows\System\IRMZYwl.exe
  C:\Windows\System\IRMZYwl.exe
  2⤵
  PID:3980
- C:\Windows\System\AHKZVpb.exe
  C:\Windows\System\AHKZVpb.exe
  2⤵
  PID:1660
- C:\Windows\System\hySYQoc.exe
  C:\Windows\System\hySYQoc.exe
  2⤵
  PID:2500
- C:\Windows\System\NEIRlDH.exe
  C:\Windows\System\NEIRlDH.exe
  2⤵
  PID:1132
- C:\Windows\System\PuGPtrs.exe
  C:\Windows\System\PuGPtrs.exe
  2⤵
  PID:732
- C:\Windows\System\lscAzlo.exe
  C:\Windows\System\lscAzlo.exe
  2⤵
  PID:4220
- C:\Windows\System\DELUovm.exe
  C:\Windows\System\DELUovm.exe
  2⤵
  PID:5840
- C:\Windows\System\bIBvLzY.exe
  C:\Windows\System\bIBvLzY.exe
  2⤵
  PID:5076
- C:\Windows\System\WGUrnMw.exe
  C:\Windows\System\WGUrnMw.exe
  2⤵
  PID:2992
- C:\Windows\System\SIzAigc.exe
  C:\Windows\System\SIzAigc.exe
  2⤵
  PID:1144
- C:\Windows\System\EeFspdi.exe
  C:\Windows\System\EeFspdi.exe
  2⤵
  PID:4032
- C:\Windows\System\MLZaibb.exe
  C:\Windows\System\MLZaibb.exe
  2⤵
  PID:4536
- C:\Windows\System\WMMqISN.exe
  C:\Windows\System\WMMqISN.exe
  2⤵
  PID:4780
- C:\Windows\System\anVOWhu.exe
  C:\Windows\System\anVOWhu.exe
  2⤵
  PID:4532
- C:\Windows\System\xeQikAn.exe
  C:\Windows\System\xeQikAn.exe
  2⤵
  PID:1604
- C:\Windows\System\ZEimbnW.exe
  C:\Windows\System\ZEimbnW.exe
  2⤵
  PID:1472
- C:\Windows\System\ICAoiom.exe
  C:\Windows\System\ICAoiom.exe
  2⤵
  PID:4180
- C:\Windows\System\SrVbsDn.exe
  C:\Windows\System\SrVbsDn.exe
  2⤵
  PID:3536
- C:\Windows\System\fCjwmtG.exe
  C:\Windows\System\fCjwmtG.exe
  2⤵
  PID:2032
- C:\Windows\System\OLloGuJ.exe
  C:\Windows\System\OLloGuJ.exe
  2⤵
  PID:6132
- C:\Windows\System\VFFPlis.exe
  C:\Windows\System\VFFPlis.exe
  2⤵
  PID:244
- C:\Windows\System\VLnyDfT.exe
  C:\Windows\System\VLnyDfT.exe
  2⤵
  PID:5800
- C:\Windows\System\cOtPlfv.exe
  C:\Windows\System\cOtPlfv.exe
  2⤵
  PID:2856
- C:\Windows\System\OXOrXgy.exe
  C:\Windows\System\OXOrXgy.exe
  2⤵
  PID:4508
- C:\Windows\System\yrCihDB.exe
  C:\Windows\System\yrCihDB.exe
  2⤵
  PID:1228
- C:\Windows\System\LyialQJ.exe
  C:\Windows\System\LyialQJ.exe
  2⤵
  PID:4800
- C:\Windows\System\khBPJDy.exe
  C:\Windows\System\khBPJDy.exe
  2⤵
  PID:4240
- C:\Windows\System\skZPDoz.exe
  C:\Windows\System\skZPDoz.exe
  2⤵
  PID:5092
- C:\Windows\System\AHKnHvb.exe
  C:\Windows\System\AHKnHvb.exe
  2⤵
  PID:3620
- C:\Windows\System\OyqTXkt.exe
  C:\Windows\System\OyqTXkt.exe
  2⤵
  PID:4400
- C:\Windows\System\CeUetcq.exe
  C:\Windows\System\CeUetcq.exe
  2⤵
  PID:5208
- C:\Windows\System\PDWdPJL.exe
  C:\Windows\System\PDWdPJL.exe
  2⤵
  PID:1960
- C:\Windows\System\HQtKdOB.exe
  C:\Windows\System\HQtKdOB.exe
  2⤵
  PID:8
- C:\Windows\System\eLERQqd.exe
  C:\Windows\System\eLERQqd.exe
  2⤵
  PID:2300
- C:\Windows\System\qkQreXV.exe
  C:\Windows\System\qkQreXV.exe
  2⤵
  PID:4848
- C:\Windows\System\FoUWHzf.exe
  C:\Windows\System\FoUWHzf.exe
  2⤵
  PID:2932
- C:\Windows\System\jQSkywa.exe
  C:\Windows\System\jQSkywa.exe
  2⤵
  PID:6152
- C:\Windows\System\ZViMDIw.exe
  C:\Windows\System\ZViMDIw.exe
  2⤵
  PID:6180
- C:\Windows\System\rXxMCCd.exe
  C:\Windows\System\rXxMCCd.exe
  2⤵
  PID:6200
- C:\Windows\System\nhZFRwx.exe
  C:\Windows\System\nhZFRwx.exe
  2⤵
  PID:6236
- C:\Windows\System\IewkceT.exe
  C:\Windows\System\IewkceT.exe
  2⤵
  PID:6264
- C:\Windows\System\EIkkRlH.exe
  C:\Windows\System\EIkkRlH.exe
  2⤵
  PID:6292
- C:\Windows\System\fEkdUlT.exe
  C:\Windows\System\fEkdUlT.exe
  2⤵
  PID:6320
- C:\Windows\System\tFWvtZS.exe
  C:\Windows\System\tFWvtZS.exe
  2⤵
  PID:6348
- C:\Windows\System\zAwXHml.exe
  C:\Windows\System\zAwXHml.exe
  2⤵
  PID:6376
- C:\Windows\System\wMESdFT.exe
  C:\Windows\System\wMESdFT.exe
  2⤵
  PID:6400
- C:\Windows\System\OKyJIHC.exe
  C:\Windows\System\OKyJIHC.exe
  2⤵
  PID:6432
- C:\Windows\System\kgNsaVO.exe
  C:\Windows\System\kgNsaVO.exe
  2⤵
  PID:6460
- C:\Windows\System\ihYOzBs.exe
  C:\Windows\System\ihYOzBs.exe
  2⤵
  PID:6480
- C:\Windows\System\SXZIxnZ.exe
  C:\Windows\System\SXZIxnZ.exe
  2⤵
  PID:6508
- C:\Windows\System\qTmpnxG.exe
  C:\Windows\System\qTmpnxG.exe
  2⤵
  PID:6544
- C:\Windows\System\oPofKld.exe
  C:\Windows\System\oPofKld.exe
  2⤵
  PID:6576
- C:\Windows\System\gDzzNFE.exe
  C:\Windows\System\gDzzNFE.exe
  2⤵
  PID:6604
- C:\Windows\System\TPzPZwx.exe
  C:\Windows\System\TPzPZwx.exe
  2⤵
  PID:6632
- C:\Windows\System\pOYHZhl.exe
  C:\Windows\System\pOYHZhl.exe
  2⤵
  PID:6660
- C:\Windows\System\qvMYiXH.exe
  C:\Windows\System\qvMYiXH.exe
  2⤵
  PID:6688
- C:\Windows\System\mfgBZpt.exe
  C:\Windows\System\mfgBZpt.exe
  2⤵
  PID:6716
- C:\Windows\System\gleSDbw.exe
  C:\Windows\System\gleSDbw.exe
  2⤵
  PID:6740
- C:\Windows\System\gxGOUwD.exe
  C:\Windows\System\gxGOUwD.exe
  2⤵
  PID:6772
- C:\Windows\System\PtisNoO.exe
  C:\Windows\System\PtisNoO.exe
  2⤵
  PID:6796
- C:\Windows\System\IdybCEZ.exe
  C:\Windows\System\IdybCEZ.exe
  2⤵
  PID:6828
- C:\Windows\System\xjfWfkf.exe
  C:\Windows\System\xjfWfkf.exe
  2⤵
  PID:6856
- C:\Windows\System\YWTHbfF.exe
  C:\Windows\System\YWTHbfF.exe
  2⤵
  PID:6884
- C:\Windows\System\gjFmalN.exe
  C:\Windows\System\gjFmalN.exe
  2⤵
  PID:6912
- C:\Windows\System\KgezoUt.exe
  C:\Windows\System\KgezoUt.exe
  2⤵
  PID:6940
- C:\Windows\System\HxYZWDd.exe
  C:\Windows\System\HxYZWDd.exe
  2⤵
  PID:6968
- C:\Windows\System\AKXEKIb.exe
  C:\Windows\System\AKXEKIb.exe
  2⤵
  PID:6984
- C:\Windows\System\POuQnEQ.exe
  C:\Windows\System\POuQnEQ.exe
  2⤵
  PID:7020
- C:\Windows\System\NnphlPS.exe
  C:\Windows\System\NnphlPS.exe
  2⤵
  PID:7048
- C:\Windows\System\QDVfaqm.exe
  C:\Windows\System\QDVfaqm.exe
  2⤵
  PID:7088
- C:\Windows\System\NZQkfKd.exe
  C:\Windows\System\NZQkfKd.exe
  2⤵
  PID:7136
- C:\Windows\System\capeKKY.exe
  C:\Windows\System\capeKKY.exe
  2⤵
  PID:2552
- C:\Windows\System\AYkSUad.exe
  C:\Windows\System\AYkSUad.exe
  2⤵
  PID:6272
- C:\Windows\System\rZaLmmW.exe
  C:\Windows\System\rZaLmmW.exe
  2⤵
  PID:6384
- C:\Windows\System\HVLjLmT.exe
  C:\Windows\System\HVLjLmT.exe
  2⤵
  PID:6440
- C:\Windows\System\lOKmOAb.exe
  C:\Windows\System\lOKmOAb.exe
  2⤵
  PID:6468
- C:\Windows\System\nqGhKSX.exe
  C:\Windows\System\nqGhKSX.exe
  2⤵
  PID:6564
- C:\Windows\System\nQvMTvI.exe
  C:\Windows\System\nQvMTvI.exe
  2⤵
  PID:6624
- C:\Windows\System\cbQguKn.exe
  C:\Windows\System\cbQguKn.exe
  2⤵
  PID:6704
- C:\Windows\System\FdVxhVv.exe
  C:\Windows\System\FdVxhVv.exe
  2⤵
  PID:6768
- C:\Windows\System\jkTScVF.exe
  C:\Windows\System\jkTScVF.exe
  2⤵
  PID:6836
- C:\Windows\System\NSwXCZi.exe
  C:\Windows\System\NSwXCZi.exe
  2⤵
  PID:6900
- C:\Windows\System\yNQlMqd.exe
  C:\Windows\System\yNQlMqd.exe
  2⤵
  PID:6976
- C:\Windows\System\bsBNfUQ.exe
  C:\Windows\System\bsBNfUQ.exe
  2⤵
  PID:3308
- C:\Windows\System\vYjphmN.exe
  C:\Windows\System\vYjphmN.exe
  2⤵
  PID:5624
- C:\Windows\System\CeQavKf.exe
  C:\Windows\System\CeQavKf.exe
  2⤵
  PID:7128
- C:\Windows\System\LJSbeGq.exe
  C:\Windows\System\LJSbeGq.exe
  2⤵
  PID:6300
- C:\Windows\System\JGNZNPY.exe
  C:\Windows\System\JGNZNPY.exe
  2⤵
  PID:6408
- C:\Windows\System\CsNnNio.exe
  C:\Windows\System\CsNnNio.exe
  2⤵
  PID:4048
- C:\Windows\System\AHdUdUS.exe
  C:\Windows\System\AHdUdUS.exe
  2⤵
  PID:6684
- C:\Windows\System\yqdbDha.exe
  C:\Windows\System\yqdbDha.exe
  2⤵
  PID:6808
- C:\Windows\System\kHShIkC.exe
  C:\Windows\System\kHShIkC.exe
  2⤵
  PID:6948
- C:\Windows\System\FrHwHLt.exe
  C:\Windows\System\FrHwHLt.exe
  2⤵
  PID:7056
- C:\Windows\System\gOQqIsY.exe
  C:\Windows\System\gOQqIsY.exe
  2⤵
  PID:6224
- C:\Windows\System\xyfvUhS.exe
  C:\Windows\System\xyfvUhS.exe
  2⤵
  PID:5812
- C:\Windows\System\WGogJjM.exe
  C:\Windows\System\WGogJjM.exe
  2⤵
  PID:6892
- C:\Windows\System\WCzzAWH.exe
  C:\Windows\System\WCzzAWH.exe
  2⤵
  PID:6364
- C:\Windows\System\FJRKiWr.exe
  C:\Windows\System\FJRKiWr.exe
  2⤵
  PID:2108
- C:\Windows\System\XMnbnzy.exe
  C:\Windows\System\XMnbnzy.exe
  2⤵
  PID:7176
- C:\Windows\System\fWdGJpP.exe
  C:\Windows\System\fWdGJpP.exe
  2⤵
  PID:7204
- C:\Windows\System\OGdsreI.exe
  C:\Windows\System\OGdsreI.exe
  2⤵
  PID:7232
- C:\Windows\System\tCGJLsj.exe
  C:\Windows\System\tCGJLsj.exe
  2⤵
  PID:7260
- C:\Windows\System\FdkZHTr.exe
  C:\Windows\System\FdkZHTr.exe
  2⤵
  PID:7288
- C:\Windows\System\GWTAwQI.exe
  C:\Windows\System\GWTAwQI.exe
  2⤵
  PID:7316
- C:\Windows\System\WcCQWRI.exe
  C:\Windows\System\WcCQWRI.exe
  2⤵
  PID:7344
- C:\Windows\System\bUzGQnh.exe
  C:\Windows\System\bUzGQnh.exe
  2⤵
  PID:7372
- C:\Windows\System\zEtbflE.exe
  C:\Windows\System\zEtbflE.exe
  2⤵
  PID:7400
- C:\Windows\System\brASvti.exe
  C:\Windows\System\brASvti.exe
  2⤵
  PID:7424
- C:\Windows\System\CxGbKeZ.exe
  C:\Windows\System\CxGbKeZ.exe
  2⤵
  PID:7448
- C:\Windows\System\oZfAyEY.exe
  C:\Windows\System\oZfAyEY.exe
  2⤵
  PID:7476
- C:\Windows\System\YBerdAE.exe
  C:\Windows\System\YBerdAE.exe
  2⤵
  PID:7504
- C:\Windows\System\AXsNqdX.exe
  C:\Windows\System\AXsNqdX.exe
  2⤵
  PID:7532
- C:\Windows\System\nmIQUWE.exe
  C:\Windows\System\nmIQUWE.exe
  2⤵
  PID:7564
- C:\Windows\System\FyeVMXP.exe
  C:\Windows\System\FyeVMXP.exe
  2⤵
  PID:7592
- C:\Windows\System\AZASZrX.exe
  C:\Windows\System\AZASZrX.exe
  2⤵
  PID:7624
- C:\Windows\System\dtexkNQ.exe
  C:\Windows\System\dtexkNQ.exe
  2⤵
  PID:7644
- C:\Windows\System\mDQPOUG.exe
  C:\Windows\System\mDQPOUG.exe
  2⤵
  PID:7672
- C:\Windows\System\xwIirCB.exe
  C:\Windows\System\xwIirCB.exe
  2⤵
  PID:7700
- C:\Windows\System\YlYwYqL.exe
  C:\Windows\System\YlYwYqL.exe
  2⤵
  PID:7728
- C:\Windows\System\UWspAnY.exe
  C:\Windows\System\UWspAnY.exe
  2⤵
  PID:7756
- C:\Windows\System\PdVrKyk.exe
  C:\Windows\System\PdVrKyk.exe
  2⤵
  PID:7784
- C:\Windows\System\nBxIWfT.exe
  C:\Windows\System\nBxIWfT.exe
  2⤵
  PID:7812
- C:\Windows\System\zjhoUoc.exe
  C:\Windows\System\zjhoUoc.exe
  2⤵
  PID:7840
- C:\Windows\System\imLhAIK.exe
  C:\Windows\System\imLhAIK.exe
  2⤵
  PID:7880
- C:\Windows\System\cZxPtVS.exe
  C:\Windows\System\cZxPtVS.exe
  2⤵
  PID:7896
- C:\Windows\System\KfPVhIs.exe
  C:\Windows\System\KfPVhIs.exe
  2⤵
  PID:7936
- C:\Windows\System\xRmckQe.exe
  C:\Windows\System\xRmckQe.exe
  2⤵
  PID:7956
- C:\Windows\System\krSztWe.exe
  C:\Windows\System\krSztWe.exe
  2⤵
  PID:7984
- C:\Windows\System\SFpLVcB.exe
  C:\Windows\System\SFpLVcB.exe
  2⤵
  PID:8012
- C:\Windows\System\pbDEsdT.exe
  C:\Windows\System\pbDEsdT.exe
  2⤵
  PID:8040
- C:\Windows\System\cGfAjBK.exe
  C:\Windows\System\cGfAjBK.exe
  2⤵
  PID:8068
- C:\Windows\System\RkENOLY.exe
  C:\Windows\System\RkENOLY.exe
  2⤵
  PID:8104
- C:\Windows\System\ZLbLRwB.exe
  C:\Windows\System\ZLbLRwB.exe
  2⤵
  PID:8124
- C:\Windows\System\ByMCQVG.exe
  C:\Windows\System\ByMCQVG.exe
  2⤵
  PID:8152
- C:\Windows\System\jwintNG.exe
  C:\Windows\System\jwintNG.exe
  2⤵
  PID:8180
- C:\Windows\System\ibVMhnl.exe
  C:\Windows\System\ibVMhnl.exe
  2⤵
  PID:7200
- C:\Windows\System\xHRDiGt.exe
  C:\Windows\System\xHRDiGt.exe
  2⤵
  PID:7280
- C:\Windows\System\EsBdjPe.exe
  C:\Windows\System\EsBdjPe.exe
  2⤵
  PID:7360
- C:\Windows\System\jbWnJVZ.exe
  C:\Windows\System\jbWnJVZ.exe
  2⤵
  PID:7516
- C:\Windows\System\FmgPwsE.exe
  C:\Windows\System\FmgPwsE.exe
  2⤵
  PID:7640
- C:\Windows\System\tSNxhyC.exe
  C:\Windows\System\tSNxhyC.exe
  2⤵
  PID:7768
- C:\Windows\System\iJkivzM.exe
  C:\Windows\System\iJkivzM.exe
  2⤵
  PID:7836
- C:\Windows\System\kERVmyu.exe
  C:\Windows\System\kERVmyu.exe
  2⤵
  PID:7864
- C:\Windows\System\OprwPst.exe
  C:\Windows\System\OprwPst.exe
  2⤵
  PID:7976
- C:\Windows\System\lfnLzZZ.exe
  C:\Windows\System\lfnLzZZ.exe
  2⤵
  PID:8036
- C:\Windows\System\EystKnc.exe
  C:\Windows\System\EystKnc.exe
  2⤵
  PID:8080
- C:\Windows\System\SfvCGYM.exe
  C:\Windows\System\SfvCGYM.exe
  2⤵
  PID:8144
- C:\Windows\System\oeiIZpb.exe
  C:\Windows\System\oeiIZpb.exe
  2⤵
  PID:7012
- C:\Windows\System\emgvBbj.exe
  C:\Windows\System\emgvBbj.exe
  2⤵
  PID:7332
- C:\Windows\System\QQcnXDP.exe
  C:\Windows\System\QQcnXDP.exe
  2⤵
  PID:7608
- C:\Windows\System\ZRABBVc.exe
  C:\Windows\System\ZRABBVc.exe
  2⤵
  PID:7908
- C:\Windows\System\SrWqPzr.exe
  C:\Windows\System\SrWqPzr.exe
  2⤵
  PID:8024
- C:\Windows\System\LaUtfJX.exe
  C:\Windows\System\LaUtfJX.exe
  2⤵
  PID:3416
- C:\Windows\System\NWDUXcO.exe
  C:\Windows\System\NWDUXcO.exe
  2⤵
  PID:7472
- C:\Windows\System\aZXXsjP.exe
  C:\Windows\System\aZXXsjP.exe
  2⤵
  PID:7876
- C:\Windows\System\YDMJJjv.exe
  C:\Windows\System\YDMJJjv.exe
  2⤵
  PID:7296
- C:\Windows\System\Eezdyic.exe
  C:\Windows\System\Eezdyic.exe
  2⤵
  PID:8176
- C:\Windows\System\bWwRpRf.exe
  C:\Windows\System\bWwRpRf.exe
  2⤵
  PID:8216
- C:\Windows\System\wYEKoYt.exe
  C:\Windows\System\wYEKoYt.exe
  2⤵
  PID:8244
- C:\Windows\System\jcIXPmU.exe
  C:\Windows\System\jcIXPmU.exe
  2⤵
  PID:8272
- C:\Windows\System\EyuaIZX.exe
  C:\Windows\System\EyuaIZX.exe
  2⤵
  PID:8292
- C:\Windows\System\HAHGpRk.exe
  C:\Windows\System\HAHGpRk.exe
  2⤵
  PID:8332
- C:\Windows\System\SPYnUNg.exe
  C:\Windows\System\SPYnUNg.exe
  2⤵
  PID:8352
- C:\Windows\System\ZdtRtKH.exe
  C:\Windows\System\ZdtRtKH.exe
  2⤵
  PID:8380
- C:\Windows\System\HkaoxWT.exe
  C:\Windows\System\HkaoxWT.exe
  2⤵
  PID:8408
- C:\Windows\System\nOQWvdL.exe
  C:\Windows\System\nOQWvdL.exe
  2⤵
  PID:8436
- C:\Windows\System\WUIZVEz.exe
  C:\Windows\System\WUIZVEz.exe
  2⤵
  PID:8464
- C:\Windows\System\jXvuzhP.exe
  C:\Windows\System\jXvuzhP.exe
  2⤵
  PID:8492
- C:\Windows\System\jwhnJcP.exe
  C:\Windows\System\jwhnJcP.exe
  2⤵
  PID:8520
- C:\Windows\System\VZvvcrD.exe
  C:\Windows\System\VZvvcrD.exe
  2⤵
  PID:8548
- C:\Windows\System\IIEVDeO.exe
  C:\Windows\System\IIEVDeO.exe
  2⤵
  PID:8576
- C:\Windows\System\xZfifdV.exe
  C:\Windows\System\xZfifdV.exe
  2⤵
  PID:8604
- C:\Windows\System\ABTXwvH.exe
  C:\Windows\System\ABTXwvH.exe
  2⤵
  PID:8632
- C:\Windows\System\StpCOQh.exe
  C:\Windows\System\StpCOQh.exe
  2⤵
  PID:8660
- C:\Windows\System\pBUuANs.exe
  C:\Windows\System\pBUuANs.exe
  2⤵
  PID:8688
- C:\Windows\System\vhVOafF.exe
  C:\Windows\System\vhVOafF.exe
  2⤵
  PID:8720
- C:\Windows\System\vsMbqia.exe
  C:\Windows\System\vsMbqia.exe
  2⤵
  PID:8748
- C:\Windows\System\vCwQoyB.exe
  C:\Windows\System\vCwQoyB.exe
  2⤵
  PID:8776
- C:\Windows\System\njVrXJt.exe
  C:\Windows\System\njVrXJt.exe
  2⤵
  PID:8804
- C:\Windows\System\aztZjIy.exe
  C:\Windows\System\aztZjIy.exe
  2⤵
  PID:8832
- C:\Windows\System\qfMzoUI.exe
  C:\Windows\System\qfMzoUI.exe
  2⤵
  PID:8860
- C:\Windows\System\jMjNtBa.exe
  C:\Windows\System\jMjNtBa.exe
  2⤵
  PID:8888
- C:\Windows\System\rhscHaB.exe
  C:\Windows\System\rhscHaB.exe
  2⤵
  PID:8916
- C:\Windows\System\HHivxvh.exe
  C:\Windows\System\HHivxvh.exe
  2⤵
  PID:8932
- C:\Windows\System\XvuWcSK.exe
  C:\Windows\System\XvuWcSK.exe
  2⤵
  PID:8956
- C:\Windows\System\lmcvrSf.exe
  C:\Windows\System\lmcvrSf.exe
  2⤵
  PID:8988
- C:\Windows\System\McjuXmx.exe
  C:\Windows\System\McjuXmx.exe
  2⤵
  PID:9028
- C:\Windows\System\bplkweh.exe
  C:\Windows\System\bplkweh.exe
  2⤵
  PID:9048
- C:\Windows\System\aAqAkgQ.exe
  C:\Windows\System\aAqAkgQ.exe
  2⤵
  PID:9092
- C:\Windows\System\wqMMaGK.exe
  C:\Windows\System\wqMMaGK.exe
  2⤵
  PID:9148
- C:\Windows\System\aqnejDW.exe
  C:\Windows\System\aqnejDW.exe
  2⤵
  PID:9188
- C:\Windows\System\WjqsloD.exe
  C:\Windows\System\WjqsloD.exe
  2⤵
  PID:9212
- C:\Windows\System\DYMRMmK.exe
  C:\Windows\System\DYMRMmK.exe
  2⤵
  PID:8252
- C:\Windows\System\yLfxIqH.exe
  C:\Windows\System\yLfxIqH.exe
  2⤵
  PID:8312
- C:\Windows\System\SAxsDHu.exe
  C:\Windows\System\SAxsDHu.exe
  2⤵
  PID:8376
- C:\Windows\System\akPEiiP.exe
  C:\Windows\System\akPEiiP.exe
  2⤵
  PID:8448
- C:\Windows\System\rajxkeU.exe
  C:\Windows\System\rajxkeU.exe
  2⤵
  PID:8512
- C:\Windows\System\PHGxFkW.exe
  C:\Windows\System\PHGxFkW.exe
  2⤵
  PID:8572
- C:\Windows\System\kfAMITW.exe
  C:\Windows\System\kfAMITW.exe
  2⤵
  PID:8652
- C:\Windows\System\OTbvPtG.exe
  C:\Windows\System\OTbvPtG.exe
  2⤵
  PID:8716
- C:\Windows\System\jPXiWqP.exe
  C:\Windows\System\jPXiWqP.exe
  2⤵
  PID:8772
- C:\Windows\System\cvlhSLk.exe
  C:\Windows\System\cvlhSLk.exe
  2⤵
  PID:8852
- C:\Windows\System\tUNTWxr.exe
  C:\Windows\System\tUNTWxr.exe
  2⤵
  PID:8944
- C:\Windows\System\tUDjrAl.exe
  C:\Windows\System\tUDjrAl.exe
  2⤵
  PID:9044
- C:\Windows\System\xWwZDcS.exe
  C:\Windows\System\xWwZDcS.exe
  2⤵
  PID:9168
- C:\Windows\System\WoPQPYI.exe
  C:\Windows\System\WoPQPYI.exe
  2⤵
  PID:6308
- C:\Windows\System\XzHMLej.exe
  C:\Windows\System\XzHMLej.exe
  2⤵
  PID:7112
- C:\Windows\System\ZZEngwb.exe
  C:\Windows\System\ZZEngwb.exe
  2⤵
  PID:8280
- C:\Windows\System\soDWpEF.exe
  C:\Windows\System\soDWpEF.exe
  2⤵
  PID:8428
- C:\Windows\System\DrIGLHV.exe
  C:\Windows\System\DrIGLHV.exe
  2⤵
  PID:8628
- C:\Windows\System\koVogvQ.exe
  C:\Windows\System\koVogvQ.exe
  2⤵
  PID:8760
- C:\Windows\System\gNjIhKU.exe
  C:\Windows\System\gNjIhKU.exe
  2⤵
  PID:8924
- C:\Windows\System\nqrFsOh.exe
  C:\Windows\System\nqrFsOh.exe
  2⤵
  PID:9112
- C:\Windows\System\ECWMzhQ.exe
  C:\Windows\System\ECWMzhQ.exe
  2⤵
  PID:9208
- C:\Windows\System\IOLpCex.exe
  C:\Windows\System\IOLpCex.exe
  2⤵
  PID:8568
- C:\Windows\System\YwdkIYK.exe
  C:\Windows\System\YwdkIYK.exe
  2⤵
  PID:5204
- C:\Windows\System\XVneqGs.exe
  C:\Windows\System\XVneqGs.exe
  2⤵
  PID:3852
- C:\Windows\System\ZtPPKGw.exe
  C:\Windows\System\ZtPPKGw.exe
  2⤵
  PID:3812
- C:\Windows\System\AcNnCIY.exe
  C:\Windows\System\AcNnCIY.exe
  2⤵
  PID:9088
- C:\Windows\System\MtObdlA.exe
  C:\Windows\System\MtObdlA.exe
  2⤵
  PID:7720
- C:\Windows\System\dhFiddU.exe
  C:\Windows\System\dhFiddU.exe
  2⤵
  PID:2712
- C:\Windows\System\scrYubD.exe
  C:\Windows\System\scrYubD.exe
  2⤵
  PID:8372
- C:\Windows\System\DbwnRDS.exe
  C:\Windows\System\DbwnRDS.exe
  2⤵
  PID:7068
- C:\Windows\System\ZBbqIHO.exe
  C:\Windows\System\ZBbqIHO.exe
  2⤵
  PID:9232
- C:\Windows\System\GzlbWPO.exe
  C:\Windows\System\GzlbWPO.exe
  2⤵
  PID:9260
- C:\Windows\System\cYFYqQH.exe
  C:\Windows\System\cYFYqQH.exe
  2⤵
  PID:9288
- C:\Windows\System\nlXnIPO.exe
  C:\Windows\System\nlXnIPO.exe
  2⤵
  PID:9316
- C:\Windows\System\SCThWrA.exe
  C:\Windows\System\SCThWrA.exe
  2⤵
  PID:9344
- C:\Windows\System\FViYemb.exe
  C:\Windows\System\FViYemb.exe
  2⤵
  PID:9372
- C:\Windows\System\yxVzHbn.exe
  C:\Windows\System\yxVzHbn.exe
  2⤵
  PID:9400
- C:\Windows\System\rtxfSny.exe
  C:\Windows\System\rtxfSny.exe
  2⤵
  PID:9428
- C:\Windows\System\yTbxpHL.exe
  C:\Windows\System\yTbxpHL.exe
  2⤵
  PID:9456
- C:\Windows\System\QcNTlxl.exe
  C:\Windows\System\QcNTlxl.exe
  2⤵
  PID:9484
- C:\Windows\System\ArEGmTW.exe
  C:\Windows\System\ArEGmTW.exe
  2⤵
  PID:9512
- C:\Windows\System\LuebyEQ.exe
  C:\Windows\System\LuebyEQ.exe
  2⤵
  PID:9540
- C:\Windows\System\PpCZxgD.exe
  C:\Windows\System\PpCZxgD.exe
  2⤵
  PID:9568
- C:\Windows\System\WdPXpOs.exe
  C:\Windows\System\WdPXpOs.exe
  2⤵
  PID:9596
- C:\Windows\System\JgCcxan.exe
  C:\Windows\System\JgCcxan.exe
  2⤵
  PID:9624
- C:\Windows\System\eqSwMET.exe
  C:\Windows\System\eqSwMET.exe
  2⤵
  PID:9652
- C:\Windows\System\ChJjJVn.exe
  C:\Windows\System\ChJjJVn.exe
  2⤵
  PID:9680
- C:\Windows\System\Xnwhvdj.exe
  C:\Windows\System\Xnwhvdj.exe
  2⤵
  PID:9708
- C:\Windows\System\KzmuXAx.exe
  C:\Windows\System\KzmuXAx.exe
  2⤵
  PID:9736
- C:\Windows\System\sHEMMBH.exe
  C:\Windows\System\sHEMMBH.exe
  2⤵
  PID:9764
- C:\Windows\System\GLsPUGi.exe
  C:\Windows\System\GLsPUGi.exe
  2⤵
  PID:9792
- C:\Windows\System\cFmUlZz.exe
  C:\Windows\System\cFmUlZz.exe
  2⤵
  PID:9824
- C:\Windows\System\sqhASGb.exe
  C:\Windows\System\sqhASGb.exe
  2⤵
  PID:9848
- C:\Windows\System\dfARFpI.exe
  C:\Windows\System\dfARFpI.exe
  2⤵
  PID:9876
- C:\Windows\System\FEHdGtH.exe
  C:\Windows\System\FEHdGtH.exe
  2⤵
  PID:9904
- C:\Windows\System\nXgEYRG.exe
  C:\Windows\System\nXgEYRG.exe
  2⤵
  PID:9932
- C:\Windows\System\PAokVZD.exe
  C:\Windows\System\PAokVZD.exe
  2⤵
  PID:9960
- C:\Windows\System\WREIKwG.exe
  C:\Windows\System\WREIKwG.exe
  2⤵
  PID:10000
- C:\Windows\System\VBvWvgr.exe
  C:\Windows\System\VBvWvgr.exe
  2⤵
  PID:10020
- C:\Windows\System\NOFpjgW.exe
  C:\Windows\System\NOFpjgW.exe
  2⤵
  PID:10044
- C:\Windows\System\XERYyEo.exe
  C:\Windows\System\XERYyEo.exe
  2⤵
  PID:10072
- C:\Windows\System\LTQeLBw.exe
  C:\Windows\System\LTQeLBw.exe
  2⤵
  PID:10100
- C:\Windows\System\hJQxsvx.exe
  C:\Windows\System\hJQxsvx.exe
  2⤵
  PID:10128
- C:\Windows\System\rjDJJQX.exe
  C:\Windows\System\rjDJJQX.exe
  2⤵
  PID:10156
- C:\Windows\System\MvoYCqB.exe
  C:\Windows\System\MvoYCqB.exe
  2⤵
  PID:10184
- C:\Windows\System\FViFfCj.exe
  C:\Windows\System\FViFfCj.exe
  2⤵
  PID:10212
- C:\Windows\System\wFrikMM.exe
  C:\Windows\System\wFrikMM.exe
  2⤵
  PID:9012
- C:\Windows\System\aACXfFA.exe
  C:\Windows\System\aACXfFA.exe
  2⤵
  PID:9284
- C:\Windows\System\bAycTdu.exe
  C:\Windows\System\bAycTdu.exe
  2⤵
  PID:9336
- C:\Windows\System\ZYPDRUI.exe
  C:\Windows\System\ZYPDRUI.exe
  2⤵
  PID:9384
- C:\Windows\System\EynydMs.exe
  C:\Windows\System\EynydMs.exe
  2⤵
  PID:9424
- C:\Windows\System\LExsjlM.exe
  C:\Windows\System\LExsjlM.exe
  2⤵
  PID:9476
- C:\Windows\System\AIyfOOV.exe
  C:\Windows\System\AIyfOOV.exe
  2⤵
  PID:9532
- C:\Windows\System\tUasDZi.exe
  C:\Windows\System\tUasDZi.exe
  2⤵
  PID:9592
- C:\Windows\System\sSnpLaQ.exe
  C:\Windows\System\sSnpLaQ.exe
  2⤵
  PID:9664
- C:\Windows\System\LFlxIIa.exe
  C:\Windows\System\LFlxIIa.exe
  2⤵
  PID:2632
- C:\Windows\System\MTVmamc.exe
  C:\Windows\System\MTVmamc.exe
  2⤵
  PID:9776
- C:\Windows\System\hmFUCmz.exe
  C:\Windows\System\hmFUCmz.exe
  2⤵
  PID:9840
- C:\Windows\System\yTHqxqq.exe
  C:\Windows\System\yTHqxqq.exe
  2⤵
  PID:9900
- C:\Windows\System\OBIecLr.exe
  C:\Windows\System\OBIecLr.exe
  2⤵
  PID:9972
- C:\Windows\System\dVgcSDs.exe
  C:\Windows\System\dVgcSDs.exe
  2⤵
  PID:10036
- C:\Windows\System\MMqxlXB.exe
  C:\Windows\System\MMqxlXB.exe
  2⤵
  PID:10096
- C:\Windows\System\UNxjrhY.exe
  C:\Windows\System\UNxjrhY.exe
  2⤵
  PID:10168
- C:\Windows\System\hKVvWxw.exe
  C:\Windows\System\hKVvWxw.exe
  2⤵
  PID:10208
- C:\Windows\System\xCzNmEq.exe
  C:\Windows\System\xCzNmEq.exe
  2⤵
  PID:9308
- C:\Windows\System\ZciosTA.exe
  C:\Windows\System\ZciosTA.exe
  2⤵
  PID:9368
- C:\Windows\System\BhHalOT.exe
  C:\Windows\System\BhHalOT.exe
  2⤵
  PID:9496
- C:\Windows\System\zhQRvPU.exe
  C:\Windows\System\zhQRvPU.exe
  2⤵
  PID:9692
- C:\Windows\System\NmbvHsF.exe
  C:\Windows\System\NmbvHsF.exe
  2⤵
  PID:9816
- C:\Windows\System\DScQSVm.exe
  C:\Windows\System\DScQSVm.exe
  2⤵
  PID:9928
- C:\Windows\System\HvIUKDS.exe
  C:\Windows\System\HvIUKDS.exe
  2⤵
  PID:10084
- C:\Windows\System\TKmLfVk.exe
  C:\Windows\System\TKmLfVk.exe
  2⤵
  PID:4860
- C:\Windows\System\qCBLeig.exe
  C:\Windows\System\qCBLeig.exe
  2⤵
  PID:9468
- C:\Windows\System\ynaLAFW.exe
  C:\Windows\System\ynaLAFW.exe
  2⤵
  PID:9732
- C:\Windows\System\VBJBxUE.exe
  C:\Windows\System\VBJBxUE.exe
  2⤵
  PID:10064
- C:\Windows\System\IIibJAI.exe
  C:\Windows\System\IIibJAI.exe
  2⤵
  PID:4556
- C:\Windows\System\BZAgoNZ.exe
  C:\Windows\System\BZAgoNZ.exe
  2⤵
  PID:4004
- C:\Windows\System\ZWWwMPp.exe
  C:\Windows\System\ZWWwMPp.exe
  2⤵
  PID:10028
- C:\Windows\System\LzRzJCJ.exe
  C:\Windows\System\LzRzJCJ.exe
  2⤵
  PID:10268
- C:\Windows\System\RskFqIP.exe
  C:\Windows\System\RskFqIP.exe
  2⤵
  PID:10296
- C:\Windows\System\fgFIyyk.exe
  C:\Windows\System\fgFIyyk.exe
  2⤵
  PID:10324
- C:\Windows\System\ECWrXqs.exe
  C:\Windows\System\ECWrXqs.exe
  2⤵
  PID:10352
- C:\Windows\System\rpQwyWb.exe
  C:\Windows\System\rpQwyWb.exe
  2⤵
  PID:10380
- C:\Windows\System\VSJNANF.exe
  C:\Windows\System\VSJNANF.exe
  2⤵
  PID:10416
- C:\Windows\System\xqRzVVh.exe
  C:\Windows\System\xqRzVVh.exe
  2⤵
  PID:10436
- C:\Windows\System\UYGJlwI.exe
  C:\Windows\System\UYGJlwI.exe
  2⤵
  PID:10464
- C:\Windows\System\MqaShGk.exe
  C:\Windows\System\MqaShGk.exe
  2⤵
  PID:10492
- C:\Windows\System\fTyLfVv.exe
  C:\Windows\System\fTyLfVv.exe
  2⤵
  PID:10520
- C:\Windows\System\teBCdgS.exe
  C:\Windows\System\teBCdgS.exe
  2⤵
  PID:10548
- C:\Windows\System\yAwcdvY.exe
  C:\Windows\System\yAwcdvY.exe
  2⤵
  PID:10576
- C:\Windows\System\wlPsItn.exe
  C:\Windows\System\wlPsItn.exe
  2⤵
  PID:10604
- C:\Windows\System\rrttUbK.exe
  C:\Windows\System\rrttUbK.exe
  2⤵
  PID:10632
- C:\Windows\System\AWJRSlP.exe
  C:\Windows\System\AWJRSlP.exe
  2⤵
  PID:10660
- C:\Windows\System\rnKSxyG.exe
  C:\Windows\System\rnKSxyG.exe
  2⤵
  PID:10688
- C:\Windows\System\KwlHWXJ.exe
  C:\Windows\System\KwlHWXJ.exe
  2⤵
  PID:10716
- C:\Windows\System\rurgJDq.exe
  C:\Windows\System\rurgJDq.exe
  2⤵
  PID:10744
- C:\Windows\System\WMpPPvZ.exe
  C:\Windows\System\WMpPPvZ.exe
  2⤵
  PID:10772
- C:\Windows\System\eGyxMQD.exe
  C:\Windows\System\eGyxMQD.exe
  2⤵
  PID:10800
- C:\Windows\System\crHDrnZ.exe
  C:\Windows\System\crHDrnZ.exe
  2⤵
  PID:10828
- C:\Windows\System\uUSouXt.exe
  C:\Windows\System\uUSouXt.exe
  2⤵
  PID:10856
- C:\Windows\System\xQMQAqB.exe
  C:\Windows\System\xQMQAqB.exe
  2⤵
  PID:10884
- C:\Windows\System\GkbWdAR.exe
  C:\Windows\System\GkbWdAR.exe
  2⤵
  PID:10912
- C:\Windows\System\WCCxXpP.exe
  C:\Windows\System\WCCxXpP.exe
  2⤵
  PID:10940
- C:\Windows\System\qrDaJlo.exe
  C:\Windows\System\qrDaJlo.exe
  2⤵
  PID:10968
- C:\Windows\System\QFsbuAr.exe
  C:\Windows\System\QFsbuAr.exe
  2⤵
  PID:10996
- C:\Windows\System\DeOxRvB.exe
  C:\Windows\System\DeOxRvB.exe
  2⤵
  PID:11024
- C:\Windows\System\qHxunnH.exe
  C:\Windows\System\qHxunnH.exe
  2⤵
  PID:11052
- C:\Windows\System\vvUUfdK.exe
  C:\Windows\System\vvUUfdK.exe
  2⤵
  PID:11080
- C:\Windows\System\UlBVhBq.exe
  C:\Windows\System\UlBVhBq.exe
  2⤵
  PID:11108
- C:\Windows\System\iiqtDKg.exe
  C:\Windows\System\iiqtDKg.exe
  2⤵
  PID:11136
- C:\Windows\System\YnHlUhX.exe
  C:\Windows\System\YnHlUhX.exe
  2⤵
  PID:11164
- C:\Windows\System\TtUdlyc.exe
  C:\Windows\System\TtUdlyc.exe
  2⤵
  PID:11192
- C:\Windows\System\JouTgjo.exe
  C:\Windows\System\JouTgjo.exe
  2⤵
  PID:11220
- C:\Windows\System\lOKowIy.exe
  C:\Windows\System\lOKowIy.exe
  2⤵
  PID:11248
- C:\Windows\System\vJehWnn.exe
  C:\Windows\System\vJehWnn.exe
  2⤵
  PID:10264
- C:\Windows\System\sObDPfA.exe
  C:\Windows\System\sObDPfA.exe
  2⤵
  PID:10336
- C:\Windows\System\oBEHtQF.exe
  C:\Windows\System\oBEHtQF.exe
  2⤵
  PID:10400
- C:\Windows\System\GjeQDXN.exe
  C:\Windows\System\GjeQDXN.exe
  2⤵
  PID:10460
- C:\Windows\System\XpvRWYG.exe
  C:\Windows\System\XpvRWYG.exe
  2⤵
  PID:10532
- C:\Windows\System\KrVRdUj.exe
  C:\Windows\System\KrVRdUj.exe
  2⤵
  PID:10596
- C:\Windows\System\ItWZRRB.exe
  C:\Windows\System\ItWZRRB.exe
  2⤵
  PID:10656
- C:\Windows\System\InwryQW.exe
  C:\Windows\System\InwryQW.exe
  2⤵
  PID:10728
- C:\Windows\System\wRZJSsB.exe
  C:\Windows\System\wRZJSsB.exe
  2⤵
  PID:1128
- C:\Windows\System\LApFIdk.exe
  C:\Windows\System\LApFIdk.exe
  2⤵
  PID:10848
- C:\Windows\System\jIydTmu.exe
  C:\Windows\System\jIydTmu.exe
  2⤵
  PID:10908
- C:\Windows\System\RchzmQq.exe
  C:\Windows\System\RchzmQq.exe
  2⤵
  PID:10980
- C:\Windows\System\giXUaoG.exe
  C:\Windows\System\giXUaoG.exe
  2⤵
  PID:11020
- C:\Windows\System\OVFWZeo.exe
  C:\Windows\System\OVFWZeo.exe
  2⤵
  PID:11100
- C:\Windows\System\YWneBwJ.exe
  C:\Windows\System\YWneBwJ.exe
  2⤵
  PID:11160
- C:\Windows\System\vMZYUnS.exe
  C:\Windows\System\vMZYUnS.exe
  2⤵
  PID:11232
- C:\Windows\System\WMMYhtD.exe
  C:\Windows\System\WMMYhtD.exe
  2⤵
  PID:10292
- C:\Windows\System\qXIOeym.exe
  C:\Windows\System\qXIOeym.exe
  2⤵
  PID:10448
- C:\Windows\System\EsLqFBY.exe
  C:\Windows\System\EsLqFBY.exe
  2⤵
  PID:10644
- C:\Windows\System\IfbYDnt.exe
  C:\Windows\System\IfbYDnt.exe
  2⤵
  PID:10756
- C:\Windows\System\uXkSVDI.exe
  C:\Windows\System\uXkSVDI.exe
  2⤵
  PID:10988
- C:\Windows\System\yXxklTi.exe
  C:\Windows\System\yXxklTi.exe
  2⤵
  PID:11092
- C:\Windows\System\qaZnyTt.exe
  C:\Windows\System\qaZnyTt.exe
  2⤵
  PID:11212
- C:\Windows\System\YgkcBWA.exe
  C:\Windows\System\YgkcBWA.exe
  2⤵
  PID:10428
- C:\Windows\System\roNsOHe.exe
  C:\Windows\System\roNsOHe.exe
  2⤵
  PID:10624
- C:\Windows\System\KDSsaFE.exe
  C:\Windows\System\KDSsaFE.exe
  2⤵
  PID:10904
- C:\Windows\System\yPbeYCF.exe
  C:\Windows\System\yPbeYCF.exe
  2⤵
  PID:10364
- C:\Windows\System\cyHYwzk.exe
  C:\Windows\System\cyHYwzk.exe
  2⤵
  PID:10964
- C:\Windows\System\gGTkqJY.exe
  C:\Windows\System\gGTkqJY.exe
  2⤵
  PID:6060
- C:\Windows\System\LTZNHvE.exe
  C:\Windows\System\LTZNHvE.exe
  2⤵
  PID:11284
- C:\Windows\System\JtUtUuG.exe
  C:\Windows\System\JtUtUuG.exe
  2⤵
  PID:11312
- C:\Windows\System\odYNqjZ.exe
  C:\Windows\System\odYNqjZ.exe
  2⤵
  PID:11340
- C:\Windows\System\dzhHQXs.exe
  C:\Windows\System\dzhHQXs.exe
  2⤵
  PID:11368
- C:\Windows\System\BNqCgJM.exe
  C:\Windows\System\BNqCgJM.exe
  2⤵
  PID:11396
- C:\Windows\System\rGPaGje.exe
  C:\Windows\System\rGPaGje.exe
  2⤵
  PID:11424
- C:\Windows\System\iJdMHkv.exe
  C:\Windows\System\iJdMHkv.exe
  2⤵
  PID:11452
- C:\Windows\System\Vgedurj.exe
  C:\Windows\System\Vgedurj.exe
  2⤵
  PID:11480
- C:\Windows\System\pUrnQyC.exe
  C:\Windows\System\pUrnQyC.exe
  2⤵
  PID:11508
- C:\Windows\System\AYHVcAF.exe
  C:\Windows\System\AYHVcAF.exe
  2⤵
  PID:11536
- C:\Windows\System\CwLWUpw.exe
  C:\Windows\System\CwLWUpw.exe
  2⤵
  PID:11564
- C:\Windows\System\rtYlzmu.exe
  C:\Windows\System\rtYlzmu.exe
  2⤵
  PID:11592
- C:\Windows\System\DYrTwIQ.exe
  C:\Windows\System\DYrTwIQ.exe
  2⤵
  PID:11620
- C:\Windows\System\VOJnMCM.exe
  C:\Windows\System\VOJnMCM.exe
  2⤵
  PID:11648
- C:\Windows\System\LmzAGcC.exe
  C:\Windows\System\LmzAGcC.exe
  2⤵
  PID:11676
- C:\Windows\System\CSNNGTz.exe
  C:\Windows\System\CSNNGTz.exe
  2⤵
  PID:11704
- C:\Windows\System\wLDQBOW.exe
  C:\Windows\System\wLDQBOW.exe
  2⤵
  PID:11732
- C:\Windows\System\amwzAuU.exe
  C:\Windows\System\amwzAuU.exe
  2⤵
  PID:11760
- C:\Windows\System\vOAOJFM.exe
  C:\Windows\System\vOAOJFM.exe
  2⤵
  PID:11800
- C:\Windows\System\cGBlHjN.exe
  C:\Windows\System\cGBlHjN.exe
  2⤵
  PID:11824
- C:\Windows\System\VOKiWMv.exe
  C:\Windows\System\VOKiWMv.exe
  2⤵
  PID:11844
- C:\Windows\System\ycJmijm.exe
  C:\Windows\System\ycJmijm.exe
  2⤵
  PID:11872
- C:\Windows\System\IzoNDFI.exe
  C:\Windows\System\IzoNDFI.exe
  2⤵
  PID:11912
- C:\Windows\System\rdqLgZJ.exe
  C:\Windows\System\rdqLgZJ.exe
  2⤵
  PID:11932
- C:\Windows\System\cnoDLXY.exe
  C:\Windows\System\cnoDLXY.exe
  2⤵
  PID:11960
- C:\Windows\System\bdhfmlD.exe
  C:\Windows\System\bdhfmlD.exe
  2⤵
  PID:11992
- C:\Windows\System\fyYhVLh.exe
  C:\Windows\System\fyYhVLh.exe
  2⤵
  PID:12012
- C:\Windows\System\lcRztQG.exe
  C:\Windows\System\lcRztQG.exe
  2⤵
  PID:12040
- C:\Windows\System\KFtUnNQ.exe
  C:\Windows\System\KFtUnNQ.exe
  2⤵
  PID:12084
- C:\Windows\System\lQfoZDi.exe
  C:\Windows\System\lQfoZDi.exe
  2⤵
  PID:12128
- C:\Windows\System\QaISPje.exe
  C:\Windows\System\QaISPje.exe
  2⤵
  PID:12152
- C:\Windows\System\BasbGtC.exe
  C:\Windows\System\BasbGtC.exe
  2⤵
  PID:12180
- C:\Windows\System\JyosjfG.exe
  C:\Windows\System\JyosjfG.exe
  2⤵
  PID:12208
- C:\Windows\System\QnPOIFO.exe
  C:\Windows\System\QnPOIFO.exe
  2⤵
  PID:12236
- C:\Windows\System\ZpebcbV.exe
  C:\Windows\System\ZpebcbV.exe
  2⤵
  PID:12264
- C:\Windows\System\MCMgvJm.exe
  C:\Windows\System\MCMgvJm.exe
  2⤵
  PID:11276
- C:\Windows\System\YOrZvMa.exe
  C:\Windows\System\YOrZvMa.exe
  2⤵
  PID:11336
- C:\Windows\System\HYylgKD.exe
  C:\Windows\System\HYylgKD.exe
  2⤵
  PID:11408
- C:\Windows\System\maEgzjy.exe
  C:\Windows\System\maEgzjy.exe
  2⤵
  PID:11472
- C:\Windows\System\OCULGQi.exe
  C:\Windows\System\OCULGQi.exe
  2⤵
  PID:11532
- C:\Windows\System\jYnZKNt.exe
  C:\Windows\System\jYnZKNt.exe
  2⤵
  PID:11604
- C:\Windows\System\tWdjwdD.exe
  C:\Windows\System\tWdjwdD.exe
  2⤵
  PID:11668
- C:\Windows\System\lVfVYdX.exe
  C:\Windows\System\lVfVYdX.exe
  2⤵
  PID:11728
- C:\Windows\System\chtZCDl.exe
  C:\Windows\System\chtZCDl.exe
  2⤵
  PID:11784
- C:\Windows\System\xIjazdf.exe
  C:\Windows\System\xIjazdf.exe
  2⤵
  PID:11864
- C:\Windows\System\IggYtIq.exe
  C:\Windows\System\IggYtIq.exe
  2⤵
  PID:11920
- C:\Windows\System\sGHFObs.exe
  C:\Windows\System\sGHFObs.exe
  2⤵
  PID:11972
- C:\Windows\System\LBbMjSj.exe
  C:\Windows\System\LBbMjSj.exe
  2⤵
  PID:12008
- C:\Windows\System\rjcwHDg.exe
  C:\Windows\System\rjcwHDg.exe
  2⤵
  PID:1008
- C:\Windows\System\wMdAnhE.exe
  C:\Windows\System\wMdAnhE.exe
  2⤵
  PID:12020
- C:\Windows\System\YkJjZOe.exe
  C:\Windows\System\YkJjZOe.exe
  2⤵
  PID:12112
- C:\Windows\System\qaEGFpB.exe
  C:\Windows\System\qaEGFpB.exe
  2⤵
  PID:12192
- C:\Windows\System\JaGxaNz.exe
  C:\Windows\System\JaGxaNz.exe
  2⤵
  PID:12256
- C:\Windows\System\LTdXFGa.exe
  C:\Windows\System\LTdXFGa.exe
  2⤵
  PID:11324
- C:\Windows\System\STkwjWI.exe
  C:\Windows\System\STkwjWI.exe
  2⤵
  PID:11464
- C:\Windows\System\VUYHdOU.exe
  C:\Windows\System\VUYHdOU.exe
  2⤵
  PID:11632
- C:\Windows\System\nvztfhv.exe
  C:\Windows\System\nvztfhv.exe
  2⤵
  PID:11780
- C:\Windows\System\nyEqaYH.exe
  C:\Windows\System\nyEqaYH.exe
  2⤵
  PID:5444
- C:\Windows\System\iWOMMWR.exe
  C:\Windows\System\iWOMMWR.exe
  2⤵
  PID:1536
- C:\Windows\System\enkgmfi.exe
  C:\Windows\System\enkgmfi.exe
  2⤵
  PID:12000
- C:\Windows\System\LTHoRoH.exe
  C:\Windows\System\LTHoRoH.exe
  2⤵
  PID:12136
- C:\Windows\System\mvnThSQ.exe
  C:\Windows\System\mvnThSQ.exe
  2⤵
  PID:6136
- C:\Windows\System\eFKhzNx.exe
  C:\Windows\System\eFKhzNx.exe
  2⤵
  PID:11584
- C:\Windows\System\IFXjcGt.exe
  C:\Windows\System\IFXjcGt.exe
  2⤵
  PID:11896
- C:\Windows\System\CBlCWDx.exe
  C:\Windows\System\CBlCWDx.exe
  2⤵
  PID:11984
- C:\Windows\System\htpvLAE.exe
  C:\Windows\System\htpvLAE.exe
  2⤵
  PID:11388
- C:\Windows\System\gAudDIU.exe
  C:\Windows\System\gAudDIU.exe
  2⤵
  PID:12052
- C:\Windows\System\hNMmJht.exe
  C:\Windows\System\hNMmJht.exe
  2⤵
  PID:11956
- C:\Windows\System\FRAMRja.exe
  C:\Windows\System\FRAMRja.exe
  2⤵
  PID:12304
- C:\Windows\System\kvRMwQF.exe
  C:\Windows\System\kvRMwQF.exe
  2⤵
  PID:12332
- C:\Windows\System\KtPiNqY.exe
  C:\Windows\System\KtPiNqY.exe
  2⤵
  PID:12360
- C:\Windows\System\dPLTBbA.exe
  C:\Windows\System\dPLTBbA.exe
  2⤵
  PID:12388
- C:\Windows\System\UFTbsYK.exe
  C:\Windows\System\UFTbsYK.exe
  2⤵
  PID:12416
- C:\Windows\System\AAYoyFN.exe
  C:\Windows\System\AAYoyFN.exe
  2⤵
  PID:12444
- C:\Windows\System\OsHeFyb.exe
  C:\Windows\System\OsHeFyb.exe
  2⤵
  PID:12472
- C:\Windows\System\IzgDtcf.exe
  C:\Windows\System\IzgDtcf.exe
  2⤵
  PID:12500
- C:\Windows\System\GqOXxgh.exe
  C:\Windows\System\GqOXxgh.exe
  2⤵
  PID:12528
- C:\Windows\System\DuBrntk.exe
  C:\Windows\System\DuBrntk.exe
  2⤵
  PID:12556
- C:\Windows\System\JYCJeTi.exe
  C:\Windows\System\JYCJeTi.exe
  2⤵
  PID:12584
- C:\Windows\System\RdXhkvP.exe
  C:\Windows\System\RdXhkvP.exe
  2⤵
  PID:12612
- C:\Windows\System\XrNlBqf.exe
  C:\Windows\System\XrNlBqf.exe
  2⤵
  PID:12640
- C:\Windows\System\veiSINX.exe
  C:\Windows\System\veiSINX.exe
  2⤵
  PID:12668
- C:\Windows\System\UHmanqs.exe
  C:\Windows\System\UHmanqs.exe
  2⤵
  PID:12696
- C:\Windows\System\uUNrnYk.exe
  C:\Windows\System\uUNrnYk.exe
  2⤵
  PID:12724
- C:\Windows\System\kxtijRX.exe
  C:\Windows\System\kxtijRX.exe
  2⤵
  PID:12752
- C:\Windows\System\ryeSIit.exe
  C:\Windows\System\ryeSIit.exe
  2⤵
  PID:12780
- C:\Windows\System\jUtrdjf.exe
  C:\Windows\System\jUtrdjf.exe
  2⤵
  PID:12808
- C:\Windows\System\LAKLngj.exe
  C:\Windows\System\LAKLngj.exe
  2⤵
  PID:12836
- C:\Windows\System\sKHVkCM.exe
  C:\Windows\System\sKHVkCM.exe
  2⤵
  PID:12864
- C:\Windows\System\PFGeKDr.exe
  C:\Windows\System\PFGeKDr.exe
  2⤵
  PID:12892
- C:\Windows\System\nWLwSjP.exe
  C:\Windows\System\nWLwSjP.exe
  2⤵
  PID:12920
- C:\Windows\System\NIPlYSN.exe
  C:\Windows\System\NIPlYSN.exe
  2⤵
  PID:12948
- C:\Windows\System\pHWDMYE.exe
  C:\Windows\System\pHWDMYE.exe
  2⤵
  PID:12976
- C:\Windows\System\lchyQBs.exe
  C:\Windows\System\lchyQBs.exe
  2⤵
  PID:13004
- C:\Windows\System\dVdjGpM.exe
  C:\Windows\System\dVdjGpM.exe
  2⤵
  PID:13032
- C:\Windows\System\VnSjhYK.exe
  C:\Windows\System\VnSjhYK.exe
  2⤵
  PID:13068
- C:\Windows\System\ZRbetev.exe
  C:\Windows\System\ZRbetev.exe
  2⤵
  PID:13096
- C:\Windows\System\xpkWUBI.exe
  C:\Windows\System\xpkWUBI.exe
  2⤵
  PID:13124
- C:\Windows\System\ViXsZCo.exe
  C:\Windows\System\ViXsZCo.exe
  2⤵
  PID:13156
- C:\Windows\System\zHxjQvO.exe
  C:\Windows\System\zHxjQvO.exe
  2⤵
  PID:13172
- C:\Windows\System\sOTgGIv.exe
  C:\Windows\System\sOTgGIv.exe
  2⤵
  PID:13216
- C:\Windows\System\eAgyiCk.exe
  C:\Windows\System\eAgyiCk.exe
  2⤵
  PID:13236
- C:\Windows\System\urBxfDq.exe
  C:\Windows\System\urBxfDq.exe
  2⤵
  PID:13276
- C:\Windows\System\QoRITIx.exe
  C:\Windows\System\QoRITIx.exe
  2⤵
  PID:13300
- C:\Windows\System\ZMESaQf.exe
  C:\Windows\System\ZMESaQf.exe
  2⤵
  PID:12412
- C:\Windows\System\guLimPF.exe
  C:\Windows\System\guLimPF.exe
  2⤵
  PID:12484
- C:\Windows\System\bxXsEWH.exe
  C:\Windows\System\bxXsEWH.exe
  2⤵
  PID:12568
- C:\Windows\System\itsomkq.exe
  C:\Windows\System\itsomkq.exe
  2⤵
  PID:12652
- C:\Windows\System\CBGGfJF.exe
  C:\Windows\System\CBGGfJF.exe
  2⤵
  PID:12716
- C:\Windows\System\FJyFZRB.exe
  C:\Windows\System\FJyFZRB.exe
  2⤵
  PID:12776
- C:\Windows\System\FEfuWzT.exe
  C:\Windows\System\FEfuWzT.exe
  2⤵
  PID:12832
- C:\Windows\System\iNKVFrG.exe
  C:\Windows\System\iNKVFrG.exe
  2⤵
  PID:12912
- C:\Windows\System\vZSXYmV.exe
  C:\Windows\System\vZSXYmV.exe
  2⤵
  PID:13000
- C:\Windows\System\fSyBFjD.exe
  C:\Windows\System\fSyBFjD.exe
  2⤵
  PID:13080
- C:\Windows\System\QBSwtoN.exe
  C:\Windows\System\QBSwtoN.exe
  2⤵
  PID:13140
- C:\Windows\System\bgyctLn.exe
  C:\Windows\System\bgyctLn.exe
  2⤵
  PID:13244
- C:\Windows\System\XFsGEri.exe
  C:\Windows\System\XFsGEri.exe
  2⤵
  PID:13296
- C:\Windows\System\uXqyjln.exe
  C:\Windows\System\uXqyjln.exe
  2⤵
  PID:12692
- C:\Windows\System\KKzxKnQ.exe
  C:\Windows\System\KKzxKnQ.exe
  2⤵
  PID:1520
- C:\Windows\System\rqsmfhi.exe
  C:\Windows\System\rqsmfhi.exe
  2⤵
  PID:12988
- C:\Windows\System\KiwzkBZ.exe
  C:\Windows\System\KiwzkBZ.exe
  2⤵
  PID:13136
- C:\Windows\System\DpKShvu.exe
  C:\Windows\System\DpKShvu.exe
  2⤵
  PID:12400
- C:\Windows\System\PKxyIpF.exe
  C:\Windows\System\PKxyIpF.exe
  2⤵
  PID:12904
- C:\Windows\System\HAGfuvR.exe
  C:\Windows\System\HAGfuvR.exe
  2⤵
  PID:13288
- C:\Windows\System\MlNedPR.exe
  C:\Windows\System\MlNedPR.exe
  2⤵
  PID:13320
- C:\Windows\System\uHMJphS.exe
  C:\Windows\System\uHMJphS.exe
  2⤵
  PID:13348
- C:\Windows\System\REIKaUh.exe
  C:\Windows\System\REIKaUh.exe
  2⤵
  PID:13376
- C:\Windows\System\ISugsLB.exe
  C:\Windows\System\ISugsLB.exe
  2⤵
  PID:13404
- C:\Windows\System\fuDiWoP.exe
  C:\Windows\System\fuDiWoP.exe
  2⤵
  PID:13440
- C:\Windows\System\LBsoxab.exe
  C:\Windows\System\LBsoxab.exe
  2⤵
  PID:13468
- C:\Windows\System\sBJkmsR.exe
  C:\Windows\System\sBJkmsR.exe
  2⤵
  PID:13496
- C:\Windows\System\yhKuFfk.exe
  C:\Windows\System\yhKuFfk.exe
  2⤵
  PID:13532
- C:\Windows\System\MWqNhda.exe
  C:\Windows\System\MWqNhda.exe
  2⤵
  PID:13548
- C:\Windows\System\oywDMoA.exe
  C:\Windows\System\oywDMoA.exe
  2⤵
  PID:13580
- C:\Windows\System\PsDZidd.exe
  C:\Windows\System\PsDZidd.exe
  2⤵
  PID:13616
- C:\Windows\System\Gvpmtrd.exe
  C:\Windows\System\Gvpmtrd.exe
  2⤵
  PID:13656
- C:\Windows\System\OhJQYzO.exe
  C:\Windows\System\OhJQYzO.exe
  2⤵
  PID:13688
- C:\Windows\System\xkTuQfS.exe
  C:\Windows\System\xkTuQfS.exe
  2⤵
  PID:13720
- C:\Windows\System\pyTdkKg.exe
  C:\Windows\System\pyTdkKg.exe
  2⤵
  PID:13748
- C:\Windows\System\GMaYjfQ.exe
  C:\Windows\System\GMaYjfQ.exe
  2⤵
  PID:13780
- C:\Windows\System\sKxtwQw.exe
  C:\Windows\System\sKxtwQw.exe
  2⤵
  PID:13812
- C:\Windows\System\AASVXQi.exe
  C:\Windows\System\AASVXQi.exe
  2⤵
  PID:13848
- C:\Windows\System\IuULabz.exe
  C:\Windows\System\IuULabz.exe
  2⤵
  PID:13876
- C:\Windows\System\spBjDNy.exe
  C:\Windows\System\spBjDNy.exe
  2⤵
  PID:13904
- C:\Windows\System\fuiScwo.exe
  C:\Windows\System\fuiScwo.exe
  2⤵
  PID:13936
- C:\Windows\System\WhWmEGT.exe
  C:\Windows\System\WhWmEGT.exe
  2⤵
  PID:13964
- C:\Windows\System\xpGkvtK.exe
  C:\Windows\System\xpGkvtK.exe
  2⤵
  PID:13992
- C:\Windows\System\WlleCWt.exe
  C:\Windows\System\WlleCWt.exe
  2⤵
  PID:14040
- C:\Windows\System\zmKMNIi.exe
  C:\Windows\System\zmKMNIi.exe
  2⤵
  PID:14080
- C:\Windows\System\UUtwFBb.exe
  C:\Windows\System\UUtwFBb.exe
  2⤵
  PID:14108
- C:\Windows\System\YxgmDWv.exe
  C:\Windows\System\YxgmDWv.exe
  2⤵
  PID:14140
- C:\Windows\System\fpjdMmb.exe
  C:\Windows\System\fpjdMmb.exe
  2⤵
  PID:14172
- C:\Windows\System\yJNupyk.exe
  C:\Windows\System\yJNupyk.exe
  2⤵
  PID:14204
- C:\Windows\System\ZzFmdjM.exe
  C:\Windows\System\ZzFmdjM.exe
  2⤵
  PID:14232
- C:\Windows\System\yUOpRas.exe
  C:\Windows\System\yUOpRas.exe
  2⤵
  PID:14260
- C:\Windows\System\GLwCtmi.exe
  C:\Windows\System\GLwCtmi.exe
  2⤵
  PID:14288
- C:\Windows\System\YXpIHuD.exe
  C:\Windows\System\YXpIHuD.exe
  2⤵
  PID:14316
- C:\Windows\System\ZlMBgVV.exe
  C:\Windows\System\ZlMBgVV.exe
  2⤵
  PID:13316
- C:\Windows\System\nzVcAhb.exe
  C:\Windows\System\nzVcAhb.exe
  2⤵
  PID:13372
- C:\Windows\System\FIAVObq.exe
  C:\Windows\System\FIAVObq.exe
  2⤵
  PID:13452
- C:\Windows\System\nYNNmpK.exe
  C:\Windows\System\nYNNmpK.exe
  2⤵
  PID:13524
- C:\Windows\System\POrlIPj.exe
  C:\Windows\System\POrlIPj.exe
  2⤵
  PID:13568
- C:\Windows\System\QPlwBLd.exe
  C:\Windows\System\QPlwBLd.exe
  2⤵
  PID:13652
- C:\Windows\System\DDsKkSC.exe
  C:\Windows\System\DDsKkSC.exe
  2⤵
  PID:13716
- C:\Windows\System\nIfWWvy.exe
  C:\Windows\System\nIfWWvy.exe
  2⤵
  PID:13792
- C:\Windows\System\wRkUJis.exe
  C:\Windows\System\wRkUJis.exe
  2⤵
  PID:13896
- C:\Windows\System\YgpqbQg.exe
  C:\Windows\System\YgpqbQg.exe
  2⤵
  PID:13976
- C:\Windows\System\yyDWiPP.exe
  C:\Windows\System\yyDWiPP.exe
  2⤵
  PID:14052
- C:\Windows\System\xXkiWPt.exe
  C:\Windows\System\xXkiWPt.exe
  2⤵
  PID:14132
- C:\Windows\System\gCQRYlI.exe
  C:\Windows\System\gCQRYlI.exe
  2⤵
  PID:14224
- C:\Windows\System\MVUttxC.exe
  C:\Windows\System\MVUttxC.exe
  2⤵
  PID:1812
- C:\Windows\System\BYiUWWo.exe
  C:\Windows\System\BYiUWWo.exe
  2⤵
  PID:12876
- C:\Windows\System\eranQQy.exe
  C:\Windows\System\eranQQy.exe
  2⤵
  PID:13608
- C:\Windows\System\ykZcquz.exe
  C:\Windows\System\ykZcquz.exe
  2⤵
  PID:13680
- C:\Windows\System\jdfYdLG.exe
  C:\Windows\System\jdfYdLG.exe
  2⤵
  PID:5408
- C:\Windows\System\RNXkmjd.exe
  C:\Windows\System\RNXkmjd.exe
  2⤵
  PID:13932
- C:\Windows\System\UhGmpeX.exe
  C:\Windows\System\UhGmpeX.exe
  2⤵
  PID:14100
- C:\Windows\System\vXaLrXU.exe
  C:\Windows\System\vXaLrXU.exe
  2⤵
  PID:5664
- C:\Windows\System\RAciFhn.exe
  C:\Windows\System\RAciFhn.exe
  2⤵
  PID:1340
- C:\Windows\System\FIOjkKe.exe
  C:\Windows\System\FIOjkKe.exe
  2⤵
  PID:4284
- C:\Windows\System\mWzxrUN.exe
  C:\Windows\System\mWzxrUN.exe
  2⤵
  PID:14312
- C:\Windows\System\JJlviLa.exe
  C:\Windows\System\JJlviLa.exe
  2⤵
  PID:13480
- C:\Windows\System\UlemyRV.exe
  C:\Windows\System\UlemyRV.exe
  2⤵
  PID:13916
- C:\Windows\System\QZNjzLo.exe
  C:\Windows\System\QZNjzLo.exe
  2⤵
  PID:12352
- C:\Windows\System\bALcFiw.exe
  C:\Windows\System\bALcFiw.exe
  2⤵
  PID:12636
- C:\Windows\System\HDiucfN.exe
  C:\Windows\System\HDiucfN.exe
  2⤵
  PID:3144
- C:\Windows\System\MKlmtoH.exe
  C:\Windows\System\MKlmtoH.exe
  2⤵
  PID:12456
- C:\Windows\System\yVirNZe.exe
  C:\Windows\System\yVirNZe.exe
  2⤵
  PID:14128
- C:\Windows\System\ETcpzZV.exe
  C:\Windows\System\ETcpzZV.exe
  2⤵
  PID:4416
- C:\Windows\System\SpNKZTC.exe
  C:\Windows\System\SpNKZTC.exe
  2⤵
  PID:13772
- C:\Windows\System\CRxDAwT.exe
  C:\Windows\System\CRxDAwT.exe
  2⤵
  PID:13956
- C:\Windows\System\zUfPevs.exe
  C:\Windows\System\zUfPevs.exe
  2⤵
  PID:1168
- C:\Windows\System\JGgrJuC.exe
  C:\Windows\System\JGgrJuC.exe
  2⤵
  PID:1204
- C:\Windows\System\SUzKSeS.exe
  C:\Windows\System\SUzKSeS.exe
  2⤵
  PID:4344
- C:\Windows\System\vDNAKDq.exe
  C:\Windows\System\vDNAKDq.exe
  2⤵
  PID:13432
- C:\Windows\System\xIKdWLe.exe
  C:\Windows\System\xIKdWLe.exe
  2⤵
  PID:14252
- C:\Windows\System\LcxcqeR.exe
  C:\Windows\System\LcxcqeR.exe
  2⤵
  PID:3504
- C:\Windows\System\JtIZGrZ.exe
  C:\Windows\System\JtIZGrZ.exe
  2⤵
  PID:4348
- C:\Windows\System\CSCEYRr.exe
  C:\Windows\System\CSCEYRr.exe
  2⤵
  PID:13492
- C:\Windows\System\NFrfTJE.exe
  C:\Windows\System\NFrfTJE.exe
  2⤵
  PID:3460
- C:\Windows\System\QEWQEzo.exe
  C:\Windows\System\QEWQEzo.exe
  2⤵
  PID:5136
- C:\Windows\System\ADhdSGH.exe
  C:\Windows\System\ADhdSGH.exe
  2⤵
  PID:812
- C:\Windows\System\kNwJANg.exe
  C:\Windows\System\kNwJANg.exe
  2⤵
  PID:4564
- C:\Windows\System\WFbukXR.exe
  C:\Windows\System\WFbukXR.exe
  2⤵
  PID:1724
- C:\Windows\System\HTcWAGa.exe
  C:\Windows\System\HTcWAGa.exe
  2⤵
  PID:12296
- C:\Windows\System\knAFlan.exe
  C:\Windows\System\knAFlan.exe
  2⤵
  PID:1072
- C:\Windows\System\xacZhIc.exe
  C:\Windows\System\xacZhIc.exe
  2⤵
  PID:5620
- C:\Windows\System\Sacwcrj.exe
  C:\Windows\System\Sacwcrj.exe
  2⤵
  PID:2248
- C:\Windows\System\dExubCe.exe
  C:\Windows\System\dExubCe.exe
  2⤵
  PID:444
- C:\Windows\System\XQlJHYM.exe
  C:\Windows\System\XQlJHYM.exe
  2⤵
  PID:1056
- C:\Windows\System\tIhUMgD.exe
  C:\Windows\System\tIhUMgD.exe
  2⤵
  PID:12468
- C:\Windows\System\IlDgSdG.exe
  C:\Windows\System\IlDgSdG.exe
  2⤵
  PID:4652
- C:\Windows\System\JLPVSjX.exe
  C:\Windows\System\JLPVSjX.exe
  2⤵
  PID:4112
- C:\Windows\System\ocrozzM.exe
  C:\Windows\System\ocrozzM.exe
  2⤵
  PID:3300
- C:\Windows\System\XBptIqA.exe
  C:\Windows\System\XBptIqA.exe
  2⤵
  PID:5228
- C:\Windows\System\bCANGXF.exe
  C:\Windows\System\bCANGXF.exe
  2⤵
  PID:13768
- C:\Windows\System\FXmMywi.exe
  C:\Windows\System\FXmMywi.exe
  2⤵
  PID:100
- C:\Windows\System\BZymwHh.exe
  C:\Windows\System\BZymwHh.exe
  2⤵
  PID:1380
- C:\Windows\System\xgXktEY.exe
  C:\Windows\System\xgXktEY.exe
  2⤵
  PID:14344
- C:\Windows\System\CiQQzme.exe
  C:\Windows\System\CiQQzme.exe
  2⤵
  PID:14384
- C:\Windows\System\yALPwbU.exe
  C:\Windows\System\yALPwbU.exe
  2⤵
  PID:14400
- C:\Windows\System\EnMzqxZ.exe
  C:\Windows\System\EnMzqxZ.exe
  2⤵
  PID:14428
- C:\Windows\System\GwfpXtn.exe
  C:\Windows\System\GwfpXtn.exe
  2⤵
  PID:14456
- C:\Windows\System\crHlcks.exe
  C:\Windows\System\crHlcks.exe
  2⤵
  PID:14484
- C:\Windows\System\SSNwbmt.exe
  C:\Windows\System\SSNwbmt.exe
  2⤵
  PID:14512
- C:\Windows\System\vSApcxH.exe
  C:\Windows\System\vSApcxH.exe
  2⤵
  PID:14540
- C:\Windows\System\PCHZSYo.exe
  C:\Windows\System\PCHZSYo.exe
  2⤵
  PID:14568
- C:\Windows\System\JKhqIrY.exe
  C:\Windows\System\JKhqIrY.exe
  2⤵
  PID:14596
- C:\Windows\System\qTguwiV.exe
  C:\Windows\System\qTguwiV.exe
  2⤵
  PID:14624
- C:\Windows\System\KfAxNpW.exe
  C:\Windows\System\KfAxNpW.exe
  2⤵
  PID:14652
- C:\Windows\System\QLXviLS.exe
  C:\Windows\System\QLXviLS.exe
  2⤵
  PID:14680
- C:\Windows\System\zaifzRP.exe
  C:\Windows\System\zaifzRP.exe
  2⤵
  PID:14708
- C:\Windows\System\XOurGMx.exe
  C:\Windows\System\XOurGMx.exe
  2⤵
  PID:14736
- C:\Windows\System\qInoepU.exe
  C:\Windows\System\qInoepU.exe
  2⤵
  PID:14764
- C:\Windows\System\xmZFIgr.exe
  C:\Windows\System\xmZFIgr.exe
  2⤵
  PID:14792
- C:\Windows\System\eSmMdJF.exe
  C:\Windows\System\eSmMdJF.exe
  2⤵
  PID:14820
- C:\Windows\System\SmOyzil.exe
  C:\Windows\System\SmOyzil.exe
  2⤵
  PID:14848
- C:\Windows\System\SXFVJtv.exe
  C:\Windows\System\SXFVJtv.exe
  2⤵
  PID:14876
- C:\Windows\System\jhImdBO.exe
  C:\Windows\System\jhImdBO.exe
  2⤵
  PID:14904
- C:\Windows\System\froaLCC.exe
  C:\Windows\System\froaLCC.exe
  2⤵
  PID:14932
- C:\Windows\System\iNBkurR.exe
  C:\Windows\System\iNBkurR.exe
  2⤵
  PID:14960
- C:\Windows\System\gXMtYzM.exe
  C:\Windows\System\gXMtYzM.exe
  2⤵
  PID:14988
- C:\Windows\System\VcGrkOL.exe
  C:\Windows\System\VcGrkOL.exe
  2⤵
  PID:15016
- C:\Windows\System\CAWVzlh.exe
  C:\Windows\System\CAWVzlh.exe
  2⤵
  PID:15044
- C:\Windows\System\DcCHsFV.exe
  C:\Windows\System\DcCHsFV.exe
  2⤵
  PID:15072
- C:\Windows\System\rfcKHJk.exe
  C:\Windows\System\rfcKHJk.exe
  2⤵
  PID:15100
- C:\Windows\System\LOOTlPm.exe
  C:\Windows\System\LOOTlPm.exe
  2⤵
  PID:15128
- C:\Windows\System\itzyUEM.exe
  C:\Windows\System\itzyUEM.exe
  2⤵
  PID:15156
- C:\Windows\System\dxpWFwo.exe
  C:\Windows\System\dxpWFwo.exe
  2⤵
  PID:15184
- C:\Windows\System\OwlyjUN.exe
  C:\Windows\System\OwlyjUN.exe
  2⤵
  PID:15212
- C:\Windows\System\tImMVVM.exe
  C:\Windows\System\tImMVVM.exe
  2⤵
  PID:15240
- C:\Windows\System\OJVPtJT.exe
  C:\Windows\System\OJVPtJT.exe
  2⤵
  PID:15268
- C:\Windows\System\EyXISUJ.exe
  C:\Windows\System\EyXISUJ.exe
  2⤵
  PID:14448
- C:\Windows\System\pXtpTwL.exe
  C:\Windows\System\pXtpTwL.exe
  2⤵
  PID:14616
- C:\Windows\System\CRIlfwN.exe
  C:\Windows\System\CRIlfwN.exe
  2⤵
  PID:2148
- C:\Windows\System\QSJQyUB.exe
  C:\Windows\System\QSJQyUB.exe
  2⤵
  PID:14720
- C:\Windows\System\sRyZoGQ.exe
  C:\Windows\System\sRyZoGQ.exe
  2⤵
  PID:3660
- C:\Windows\System\SFiEdVe.exe
  C:\Windows\System\SFiEdVe.exe
  2⤵
  PID:14832
- C:\Windows\System\RjDcuxS.exe
  C:\Windows\System\RjDcuxS.exe
  2⤵
  PID:14944
- C:\Windows\System\BxWpTdY.exe
  C:\Windows\System\BxWpTdY.exe
  2⤵
  PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArZRDHy.exe

Filesize
6.1MB

MD5
11eb06af15ea1b93b44d95180a3d8191

SHA1
820deae59f3dd2927263bee845cb09fe78020580

SHA256
97592fbad2aa207cfea227575ff020807fdeb155aadc374d32cc72fe5902d35b

SHA512
caa2f6b0d3628fd474c72c5f37a3da99df272e7b4a84ba23d3478e35f62695152caa9218c50a087978c302a592ec7776f31ec1443139f7ff2956547cb749559d

Download Submit
C:\Windows\System\CEiRAiZ.exe

Filesize
6.1MB

MD5
96dceae89781562a9ceb27568206ba9e

SHA1
3d5d5f36f7277dde89061b0dbc4a33b249f230ee

SHA256
9747bed88245ec7758644223cf0913f08a5a5ded6232d6e79684e9ea40398ad1

SHA512
16fb66fe56df87e98017e968989101f85705baab7631d21cf193ee74032631d1d23fb8b4e37232e419f8555a4ab3c055035af9ba56099a44fdef908379dad130

Download Submit
C:\Windows\System\DpQPiya.exe

Filesize
6.1MB

MD5
788366609c452e030128b9afaa3de5c3

SHA1
e83af837a06674952d29d649f4a4899cd9ac6b14

SHA256
3a5a7a5d239583433f89fb580a8cf72811b6637fc83a820875740161c8cd83a0

SHA512
0fa2c4146a9cedccc88823320f246fadd2986062d67d05f877ba37b40e816b7d31b88fc021ed4704c83426140fb2bcb8324238bb2e18e7cd58ca6c36b2326287

Download Submit
C:\Windows\System\EVrWXEi.exe

Filesize
6.1MB

MD5
ace47c3f7b238d782c333dc2091f3de6

SHA1
3a3cf1ea54cbde61ac1210a339c81ff6082462d6

SHA256
83134a3cc812e55f7fd29007936a254c580aa8e20c8a8fc5b59cc0ca4a8f491e

SHA512
690b25508e02b968335d1c310799c76c9f073cb491b5456357987cb3fa7d61891adcd30e34edad53fa89f7c0e620877f3ffb7dd163fd08585533a0a79a5c37a8

Download Submit
C:\Windows\System\IaosywH.exe

Filesize
6.1MB

MD5
852d9f168c7748b3956dce07deaa748f

SHA1
301ae2790aa681637e5db1b4cf277b86ddf55edf

SHA256
280476c3fad6e22a90057cdd59ced4cad37d4b680bbd4a4c0e461e533f1c4bf1

SHA512
497114757c34d6c73fd04b9393320fb954fe580aa01e2453e543839bb00dff191791e30f73554d93f037e36d9dcf579df361cba3f06a1e9c776b0b4784ca2482

Download Submit
C:\Windows\System\IzdTWSp.exe

Filesize
6.1MB

MD5
92bc3416662b9227ad86613cc06b1597

SHA1
b6406be380ad9394ee02d529a3e764b17d64d8d4

SHA256
000b1bea830eca8c9dcbc8eb50bc34650436951517cd14b6f292cd6763b9405e

SHA512
ad32ad2695ad5e1502b815408a7d55c63a89137069d210486948bc55c041f1e6898748857d9b5a18f310ffc63c333ee9ba37ba00ce1bbb0afec4aa2e3ec9320b

Download Submit
C:\Windows\System\JKUhVbJ.exe

Filesize
6.1MB

MD5
30840ad581bc587a3ce820f090d019bc

SHA1
51457bea5880ca44ff0b437828ee9b321e1c361b

SHA256
0a7a7368dcea0e043eeedee5f114c722b224a07fbfbb8f5c16278157496e4068

SHA512
d3bcbd9ceeeacb67f737dd1ad1f60a22f037bea21428eb590160e0bc9ddcc910e58ff42c6f68fec1977adb83052639351704e6029a79295cb48e9fbb64c84dfd

Download Submit
C:\Windows\System\NwPhywC.exe

Filesize
6.1MB

MD5
842c449e5cd0cb400d6db35f1c2e7085

SHA1
51050356d4607078d9cb60a9c1d0155d7c5af244

SHA256
862824cc603983e9479a33e7488fa5a4125db5cac80c72d0e97a1f5374b79dca

SHA512
87947705c227ca561ec46127259d996627769bfe074ccf984e33322898ad685e9b6b2ef8e6714fab4cf6ade15f8e2c7830bfee8108fc5797666f6464fffae674

Download Submit
C:\Windows\System\OxbRlGl.exe

Filesize
6.1MB

MD5
901a2a317051240e265eb0f60c4a79d5

SHA1
e5fafdf37732d0384660b97e244cd2f89ac7c96d

SHA256
9045a5aa27218f330c1dd777e91c727c371fe6c3aceb42e9980e25ac9db84415

SHA512
2e6f48de4c9802083fc6832ab72e52b8a3135e5b08cbb1a08b3f2c797ba9eee142a343b2bcaaf2aa9ef34bb631553e3935314656adfb9cf83ad8d83db9ccccc5

Download Submit
C:\Windows\System\PUsPeyF.exe

Filesize
6.1MB

MD5
427d873231da2742aad223f25d909253

SHA1
5646c5b1d182a8b2f5fa4e39646c90576d8223eb

SHA256
b46748f6439967cd1769692b5c04e537d2ab5272520e8a520c96bb89eccc1ae4

SHA512
ef54866c5d76db42515756c3dfaaf35512d65bd682711bc998cee3154529527920f7ec7bc85d6284290649bacc6070453c3b5caa78d6d8adf7a136702fc72c78

Download Submit
C:\Windows\System\RGQcenF.exe

Filesize
6.1MB

MD5
14691664cfdfaf2bb409727196666715

SHA1
59ce2f4b1a3eb451c581269c107806af0a8a5039

SHA256
79d2beb7bba1b4aab69774d4b7cfa0c28922f9203f7f078fe6b7b1abd1aa7f3d

SHA512
98e5da6d9e67d7e92d3cc7de5fd57f9f99ab61f5f7eb56940a786ca09c71594eb64a615f1cbccdaf7e8a31f03d2df69ab8b446e7266ae2475df1a47089a43bb1

Download Submit
C:\Windows\System\RngWnKn.exe

Filesize
6.1MB

MD5
67c3bb1cbefdd7c220324d640766a0ed

SHA1
aad5dd13dbfeb784eac05abdcd5bc9d2af831758

SHA256
4778a3dc17914ff9040e54c53f956921399f042664bc60f38a0df16afa1e2094

SHA512
6d00c34f526090b545fb5343008bb2381667051388e64ffda7565514d8d9e3a394e12a3459e3ee57b46f9d7ea6392ce7a1eddedeb90970d60f88305962e765dd

Download Submit
C:\Windows\System\SYJcUcH.exe

Filesize
6.1MB

MD5
df1a057d670b471a9fbd85066552b5ae

SHA1
134c04e6653f38bf9b61b19bd503d380afd3c620

SHA256
4a641720a276064a320afc98d77d234b2d8bc6f58f72ff253e45dd6d7663cd40

SHA512
35e2b92fb3d183c4be67cab0ef6eb1e30e9cc2512d1c0d3516b88e59df08ad7a517b39946006eec3ff2c35f0123407737b8eb180c7212bac1de084250fa8629d

Download Submit
C:\Windows\System\TrSMbFG.exe

Filesize
6.1MB

MD5
aaaa7b96c13f3fcd124516d51f7c8dbe

SHA1
85c7fde3ad5ace251744e8207aae9a4b1df56acf

SHA256
afd23aa35645cb0fb0d49fa75fdc7616d7fc35688b651d0c22fc342863f1a4b2

SHA512
bb75dd3f26d755c6df8813e69e232fa5ed2670ff72fa38c752f33de4974568659cd6a33975c83459b88bcdd8dc0b13890ef63f0e22431499727943fda2ec99f5

Download Submit
C:\Windows\System\VgRhfVY.exe

Filesize
6.1MB

MD5
fb017c0af20ac46cacc59107a93d3043

SHA1
3f6a52cdc050e1973a10d0e4efafaf908f866ece

SHA256
46f8e72cefd8db848e8bfa2070caf49b8a93e07b75e2a484181b3449f102a6c3

SHA512
140adef33076a68a99df8b2c9585ae6de8edb53c291b286764f7dfeb40f801d8bee472189552313d5262a383b5def1b207bbcd7513e4c6ac50bec9540e6528c4

Download Submit
C:\Windows\System\XeXKtcB.exe

Filesize
6.1MB

MD5
6e06ce0a564287b1715b6f4981399f75

SHA1
e0bcb65186d54bc3832fe552440e16d70d102874

SHA256
6a91783dd2ec7920e41bcdf26fdf887a54df3f9a0e201d8a8c23b719fa9454e1

SHA512
91d08400e178c60b7cc65126c1706db86ec94121d31989cacc58f1d54a1588854149d88a99d31be4829de7f96df0e0cf91631dd58bd6a6148c0d7f027083aa53

Download Submit
C:\Windows\System\YiPPXql.exe

Filesize
6.1MB

MD5
1e6ba55d96b790a348e8c58a7216b5e6

SHA1
fa7e2110ad3c3b8861a73b84516aaae41dd25410

SHA256
d09cb790130a279679639d585cf4df55f9042b2191e65e73112807a36f8f08b6

SHA512
bda7ecb8898327821594f41aeea01ea04f753c7055f0fffae782f37bce42ef2a4f400c71b598394bea0bb1597ba419740d908a78463ea58c82f50729e23a161d

Download Submit
C:\Windows\System\Zguglgt.exe

Filesize
6.1MB

MD5
1244a78730a3ef857e4e2c17e041f4d9

SHA1
fec3f511435bb8eb2e7d3fa61d00ef965867d86b

SHA256
e5d41cf1b26dfd5bfbfcb3e74b1d051196e412cfc2d0e22adfe9c8db5d7796aa

SHA512
19cc5dcebca9c9371609781b8f7d49c68eaea4d61a5cdcc3a5079cc7ec82275967ad27df45ea6c237c4eac0277955d3cbae6014004ace3c6a1047f4072ed027b

Download Submit
C:\Windows\System\bliflAk.exe

Filesize
6.1MB

MD5
b10dc7fe9bfc28368c9646d7503b9498

SHA1
f2504df934c9158dbff3ace5414a62d7d37d9829

SHA256
d07b61af8365c5a162f38ab0a40fc62fa6f0d7419e4140dffd71135a670235b6

SHA512
ae23e1d4592e1659c112deffaa0306d254882dbf0030ff885258d2282eac0371682f8642598d3a5c4799738e3b9f59f598446bdddb39aa6f14f1e0aef36080e9

Download Submit
C:\Windows\System\cfqkGWP.exe

Filesize
6.1MB

MD5
627dd4db2f79cb6f5f50086aa08712df

SHA1
659206a89572366bb7422043237a70a7974bc163

SHA256
44a92127571ef782bf687da30affa063b84de86781fd78b23373625169106071

SHA512
e4b20e089449f8176e76990f248a8eaf72f20589db1d44355805a6b004a251cd84610ba6fedbe05d1bed13144b1f01383e3155eba23c29e1da0bb1a5d5480966

Download Submit
C:\Windows\System\ehZJBCz.exe

Filesize
6.1MB

MD5
b637ad37a138613f56dcba5da98cf2e7

SHA1
2cf10fa9bead34e6f8b6afb6226cd3901365015f

SHA256
1f825e0c6367d6ade9c7b590ac41976fe442b24ba22b388f34184b6586bf4a3b

SHA512
92ec42024f7121bbb781c9b2e68a79d12e6958d38051f405f38f5b768ef63894784448b5f65beac095de1899aacd519275b1bf6a8a88fee865567d409f1cb72e

Download Submit
C:\Windows\System\gjylifi.exe

Filesize
6.1MB

MD5
2226b5aac096ff5b14001ba5f099301e

SHA1
d65fbe1f2cc76c9c8add125d547f3647b5786088

SHA256
03ff24f91211800b6ad62be771a434c5a3e2b0ae53629130eb7a772f7f85b879

SHA512
7272ff158ebdb8b28495ff5d8de97e525f607d9bd82c98f3c815439992f2e5ee11c100393a718ff53dbd3def70334180b6c2aefde5dddf4d90cbe48f70677dd7

Download Submit
C:\Windows\System\jqMYYRw.exe

Filesize
6.1MB

MD5
63b727fed9d5fd261017b65e7a0a9950

SHA1
a9189201d243ccc4fe3d0f0c3c80eddc006570ca

SHA256
01b7d492850dc32fe0218408ceeba4ea4a19373eac1dfabcae47563bc2fef13b

SHA512
9bda02b5ae53dcf817b09c0af5f5bd28d102f70677176ef478432dd87fcd105a566b0bd65109a68d581b2b82e74a0f306fd7ad6814fb99a44dbc07150ee7a3bc

Download Submit
C:\Windows\System\jrgiial.exe

Filesize
6.1MB

MD5
717d61f9917e0c3b052a893c58b482b3

SHA1
c668322d62e8c391ab13cc2c355773ec48620b73

SHA256
7c67a68699a3e2e1b36c9537357672b90f66b5df0ce7d09a9acf9a61e5bb5db8

SHA512
1786ba3d3f280b3c6e963bb42f2eed687ac0fed305fa59f3ed4d4af950882fcc1caa37fc025a48c6f043a730fe5c2125a95f83acc33359c925e721fabb8cd754

Download Submit
C:\Windows\System\mHWUUtf.exe

Filesize
6.1MB

MD5
6c93514473ba38503758709f8dc1faf6

SHA1
c178e0ba6928d9ca9c8b0510fc0fed59ac9d3d14

SHA256
4ed70340b5fe744315a2b8277368852d561dc2227c8387deef8050b431bb5dad

SHA512
d2f6f5ce45eec39a220e6c61fae78d2c9f5541e7fb22e85c73903aaead7c5ae254572fc2eaebb2972b7c98bb8f00230708355f396b3256eee0b7b000caf3f36b

Download Submit
C:\Windows\System\mOMnGhR.exe

Filesize
6.1MB

MD5
e4ff12f5fe7ad0a4d11e0f9be6d5f076

SHA1
3f44472cbbe106966471a8001d5cd58a70ab9419

SHA256
1f96f897b3e33335c5ccf522c60bd7210190f7796d83e07d559471ef9e1edd4e

SHA512
73d8f5895f4bb3c985f25c5bd2e25de27d010396edaecf835d0c6bfeb4fe526ac9939058d65b7d3a5fa3c0ea22dc014a31d64b403551f5cd2285961483d8a2dc

Download Submit
C:\Windows\System\nUEqHcz.exe

Filesize
6.1MB

MD5
f6f71e057982dc7bc7b5b6eceed2b52a

SHA1
1a7e04d8931a573393b7e3c45c7890a2875ad3d6

SHA256
0d3ac67c2e6bb2f5bb2411ef35f144a3cf3a2822def27532de7362036ba0313c

SHA512
1b2aad60f0f1129c1a77c04399dccb01447b9e2f6a2c961cfaa6ee4b95cdf6bc12f598285b4d96bc9a7abd35322cc5597bde2c314e45f3bfa5e6fc8408c9da9f

Download Submit
C:\Windows\System\peegSUF.exe

Filesize
6.1MB

MD5
b998c466b45aa1c322a6befd3dae4a77

SHA1
2f2d4ed96327277980b7d7531287c2573d1eb48c

SHA256
6dbcba6c49b5b5c213e272965171166d68890418930e6ae50f626b9eba52af43

SHA512
44a1ea4f543b5466d55918e9eadf649c351a550fcb141e6d532b9ce11a7750e0c646fa2dff9360a1881bd69cd3f4257d7fb879814fe8984b44fdb2de6ed37112

Download Submit
C:\Windows\System\tMrKeQO.exe

Filesize
6.1MB

MD5
b68cad6847cc67cf58e495a812c487c9

SHA1
d0c0ebbb95609aa4626c6fcbb15f2101fb6464a1

SHA256
c740269b6d7b075bf0ac57a5681d6efe9f7f09bef8fd973211d309ca9852beb5

SHA512
bf6c2cd644de2fc0a68ae8587e651bb24114d5fc725046c9a0f737d978bc7e13eb838183ea1d834559e472e1687eaad47171b5e83ba599e5da140b38245bb6cb

Download Submit
C:\Windows\System\vIsXhPV.exe

Filesize
6.1MB

MD5
e62d6a63ce153ccdbd09d08bea4b7111

SHA1
90b9a81f046c0840c1585a228b67cbb97db2d9b2

SHA256
dd4d9119fcb23fb329b4b4f931bc8e13a1366bc81a23a0c7ce5eea84cb9823e4

SHA512
0aa6e944e861359b158b282d659589ba8bf9bf190d6c4ed7c177c8d17b9493e05d6191baba0d5c63bd258e3e37b6e61e29a1999e0aa3befa5574a72c77907b96

Download Submit
C:\Windows\System\vuqXlJn.exe

Filesize
6.1MB

MD5
e224989371f8a2a3b9815bbc9bafe48f

SHA1
a2a3333cb3c54784a33a3b5ef3291d43721e025e

SHA256
e5a70ae35b82229068952e3cc3dc5e1c58eada63cedc2895888133240cf1070d

SHA512
d7b27686173a99c0b18a48985ac4146462aab0f0779bc1768f794689f03393275f96284614f90b0917ef5db42c8efca3f058e6849e130e5af0895b99933fc5c3

Download Submit
C:\Windows\System\whVQszw.exe

Filesize
6.1MB

MD5
c04ebae41e6c90892c4ed612248c88b2

SHA1
ebd472924c283c5880e72bd6ae99b88c3dc749bf

SHA256
c77f0e35b6d984d29340daf69e2b39a9b0637bfe3c5e2a433eda48a2d5006a72

SHA512
9c8495a8716bc111e74eef84d296b8976352992cc0abd27ab6c417a52d6d00bdeecc2f0a881923dc9ded9fe255ebbf22e028f06162aab2143249693e3dea6a47

Download Submit
memory/560-2040-0x00007FF78F860000-0x00007FF78FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/560-205-0x00007FF78F860000-0x00007FF78FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/560-133-0x00007FF78F860000-0x00007FF78FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/860-1603-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp

Filesize
3.3MB

Download
memory/860-57-0x00007FF7EB260000-0x00007FF7EB5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-86-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-18-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1481-0x00007FF7EFF50000-0x00007FF7F02A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-96-0x00007FF6104D0000-0x00007FF610824000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1595-0x00007FF6104D0000-0x00007FF610824000-memory.dmp

Filesize
3.3MB

Download
memory/2384-53-0x00007FF6104D0000-0x00007FF610824000-memory.dmp

Filesize
3.3MB

Download
memory/2540-289-0x00007FF6BF4D0000-0x00007FF6BF824000-memory.dmp

Filesize
3.3MB

Download
memory/2540-135-0x00007FF6BF4D0000-0x00007FF6BF824000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2041-0x00007FF6BF4D0000-0x00007FF6BF824000-memory.dmp

Filesize
3.3MB

Download
memory/2640-69-0x00007FF7692B0000-0x00007FF769604000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1815-0x00007FF7692B0000-0x00007FF769604000-memory.dmp

Filesize
3.3MB

Download
memory/2924-88-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-39-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1592-0x00007FF6B2890000-0x00007FF6B2BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-73-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1462-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-6-0x00007FF705B90000-0x00007FF705EE4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-467-0x00007FF65EF50000-0x00007FF65F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-151-0x00007FF65EF50000-0x00007FF65F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-101-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2019-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-158-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-202-0x00007FF736B10000-0x00007FF736E64000-memory.dmp

Filesize
3.3MB

Download
memory/3464-116-0x00007FF736B10000-0x00007FF736E64000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2028-0x00007FF736B10000-0x00007FF736E64000-memory.dmp

Filesize
3.3MB

Download
memory/3644-1590-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/3644-44-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/3644-95-0x00007FF7B51E0000-0x00007FF7B5534000-memory.dmp

Filesize
3.3MB

Download
memory/3708-162-0x00007FF784900000-0x00007FF784C54000-memory.dmp

Filesize
3.3MB

Download
memory/3784-81-0x00007FF776270000-0x00007FF7765C4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-1477-0x00007FF776270000-0x00007FF7765C4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-15-0x00007FF776270000-0x00007FF7765C4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-194-0x00007FF7D9B50000-0x00007FF7D9EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-1579-0x00007FF644390000-0x00007FF6446E4000-memory.dmp

Filesize
3.3MB

Download
memory/4304-33-0x00007FF644390000-0x00007FF6446E4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-59-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp

Filesize
3.3MB

Download
memory/4316-1606-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp

Filesize
3.3MB

Download
memory/4316-107-0x00007FF6BA340000-0x00007FF6BA694000-memory.dmp

Filesize
3.3MB

Download
memory/4328-585-0x00007FF78B2B0000-0x00007FF78B604000-memory.dmp

Filesize
3.3MB

Download
memory/4328-171-0x00007FF78B2B0000-0x00007FF78B604000-memory.dmp

Filesize
3.3MB

Download
memory/4568-222-0x00007FF72C4A0000-0x00007FF72C7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2037-0x00007FF72C4A0000-0x00007FF72C7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-125-0x00007FF72C4A0000-0x00007FF72C7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-1819-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp

Filesize
3.3MB

Download
memory/4684-74-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp

Filesize
3.3MB

Download
memory/4684-134-0x00007FF6717B0000-0x00007FF671B04000-memory.dmp

Filesize
3.3MB

Download
memory/4700-83-0x00007FF64A2D0000-0x00007FF64A624000-memory.dmp

Filesize
3.3MB

Download
memory/4700-1890-0x00007FF64A2D0000-0x00007FF64A624000-memory.dmp

Filesize
3.3MB

Download
memory/4836-150-0x00007FF6A1F40000-0x00007FF6A2294000-memory.dmp

Filesize
3.3MB

Download
memory/4836-2014-0x00007FF6A1F40000-0x00007FF6A2294000-memory.dmp

Filesize
3.3MB

Download
memory/4836-90-0x00007FF6A1F40000-0x00007FF6A2294000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2029-0x00007FF7BAA80000-0x00007FF7BADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-195-0x00007FF7BAA80000-0x00007FF7BADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-110-0x00007FF7BAA80000-0x00007FF7BADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-190-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-105-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2022-0x00007FF74C270000-0x00007FF74C5C4000-memory.dmp

Filesize
3.3MB

Download
memory/5156-1601-0x00007FF730FF0000-0x00007FF731344000-memory.dmp

Filesize
3.3MB

Download
memory/5156-56-0x00007FF730FF0000-0x00007FF731344000-memory.dmp

Filesize
3.3MB

Download
memory/5188-193-0x00007FF7BDD00000-0x00007FF7BE054000-memory.dmp

Filesize
3.3MB

Download
memory/5536-144-0x00007FF621D00000-0x00007FF622054000-memory.dmp

Filesize
3.3MB

Download
memory/5536-407-0x00007FF621D00000-0x00007FF622054000-memory.dmp

Filesize
3.3MB

Download
memory/5852-1-0x000001396C130000-0x000001396C140000-memory.dmp

Filesize
64KB

Download
memory/5852-67-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5852-0-0x00007FF70F770000-0x00007FF70FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5916-525-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/5916-180-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/5916-2345-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/6068-169-0x00007FF7CE620000-0x00007FF7CE974000-memory.dmp

Filesize
3.3MB

Download
memory/6068-468-0x00007FF7CE620000-0x00007FF7CE974000-memory.dmp

Filesize
3.3MB

Download
memory/6068-2337-0x00007FF7CE620000-0x00007FF7CE974000-memory.dmp

Filesize
3.3MB

Download