cobaltstrike | 377a0987fe4f3775e3c0dcf167af24f2d75c61ca733de0128dd886fc0bfdec64

Analysis

max time kernel
107s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
Size

6.1MB
MD5

bc9343f2ed7a22ce04fb1240562740c5
SHA1

63a5e644ed2b7526b524f4b4a5c5125ed2ff9bc7
SHA256

377a0987fe4f3775e3c0dcf167af24f2d75c61ca733de0128dd886fc0bfdec64
SHA512

9d4b8464e4000d2c9d0ca83e425095aeac7d907dce25afdeca856acfcc598d3d408ad105fbcfde7875413611bea41fb03e9ffee2ae122af0b0953017ad920f4d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0011000000022ed7-5.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002426c-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024268-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002426e-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002426f-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002426d-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024270-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000024269-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024271-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024274-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024275-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024276-76.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024277-82.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024278-87.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427c-116.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427d-123.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427f-133.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024280-151.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024281-153.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000024163-147.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427e-139.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427a-110.dat	cobalt_reflective_dll
behavioral1/files/0x000700000002427b-109.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024279-103.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024282-163.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000024125-169.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000024127-176.dat	cobalt_reflective_dll
behavioral1/files/0x0037000000024157-182.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000024167-192.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024283-197.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024284-202.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024287-210.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000024286-207.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2196-0-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp	xmrig
behavioral1/files/0x0011000000022ed7-5.dat	xmrig
behavioral1/memory/2892-8-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp	xmrig
behavioral1/files/0x000700000002426c-11.dat	xmrig
behavioral1/files/0x0008000000024268-12.dat	xmrig
behavioral1/memory/1304-15-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp	xmrig
behavioral1/files/0x000700000002426e-26.dat	xmrig
behavioral1/memory/2616-27-0x00007FF736370000-0x00007FF7366C4000-memory.dmp	xmrig
behavioral1/files/0x000700000002426f-37.dat	xmrig
behavioral1/memory/5200-36-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp	xmrig
behavioral1/memory/4160-32-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	xmrig
behavioral1/files/0x000700000002426d-30.dat	xmrig
behavioral1/memory/1188-21-0x00007FF7451E0000-0x00007FF745534000-memory.dmp	xmrig
behavioral1/files/0x0007000000024270-41.dat	xmrig
behavioral1/memory/508-42-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp	xmrig
behavioral1/files/0x0008000000024269-47.dat	xmrig
behavioral1/memory/3064-50-0x00007FF7141D0000-0x00007FF714524000-memory.dmp	xmrig
behavioral1/memory/2196-51-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp	xmrig
behavioral1/memory/2892-57-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp	xmrig
behavioral1/memory/3344-58-0x00007FF721B50000-0x00007FF721EA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024271-55.dat	xmrig
behavioral1/memory/4704-63-0x00007FF630970000-0x00007FF630CC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024274-64.dat	xmrig
behavioral1/memory/1304-62-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp	xmrig
behavioral1/memory/4796-71-0x00007FF7771E0000-0x00007FF777534000-memory.dmp	xmrig
behavioral1/files/0x0007000000024275-72.dat	xmrig
behavioral1/memory/2616-70-0x00007FF736370000-0x00007FF7366C4000-memory.dmp	xmrig
behavioral1/memory/1188-69-0x00007FF7451E0000-0x00007FF745534000-memory.dmp	xmrig
behavioral1/files/0x0007000000024276-76.dat	xmrig
behavioral1/files/0x0007000000024277-82.dat	xmrig
behavioral1/files/0x0007000000024278-87.dat	xmrig
behavioral1/memory/1704-104-0x00007FF607620000-0x00007FF607974000-memory.dmp	xmrig
behavioral1/files/0x000700000002427c-116.dat	xmrig
behavioral1/memory/4952-119-0x00007FF645BE0000-0x00007FF645F34000-memory.dmp	xmrig
behavioral1/files/0x000700000002427d-123.dat	xmrig
behavioral1/files/0x000700000002427f-133.dat	xmrig
behavioral1/memory/4704-141-0x00007FF630970000-0x00007FF630CC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024280-151.dat	xmrig
behavioral1/memory/3172-156-0x00007FF688A80000-0x00007FF688DD4000-memory.dmp	xmrig
behavioral1/memory/4796-155-0x00007FF7771E0000-0x00007FF777534000-memory.dmp	xmrig
behavioral1/files/0x0007000000024281-153.dat	xmrig
behavioral1/memory/4488-150-0x00007FF7132D0000-0x00007FF713624000-memory.dmp	xmrig
behavioral1/memory/2900-149-0x00007FF791B60000-0x00007FF791EB4000-memory.dmp	xmrig
behavioral1/files/0x000c000000024163-147.dat	xmrig
behavioral1/memory/2520-144-0x00007FF6D9EF0000-0x00007FF6DA244000-memory.dmp	xmrig
behavioral1/files/0x000700000002427e-139.dat	xmrig
behavioral1/memory/2632-132-0x00007FF67B6C0000-0x00007FF67BA14000-memory.dmp	xmrig
behavioral1/memory/4832-120-0x00007FF6A39A0000-0x00007FF6A3CF4000-memory.dmp	xmrig
behavioral1/memory/788-117-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp	xmrig
behavioral1/files/0x000700000002427a-110.dat	xmrig
behavioral1/files/0x000700000002427b-109.dat	xmrig
behavioral1/memory/508-108-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp	xmrig
behavioral1/files/0x0007000000024279-103.dat	xmrig
behavioral1/memory/5596-100-0x00007FF71CD30000-0x00007FF71D084000-memory.dmp	xmrig
behavioral1/memory/5744-96-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp	xmrig
behavioral1/memory/5200-93-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp	xmrig
behavioral1/memory/6060-86-0x00007FF7B57C0000-0x00007FF7B5B14000-memory.dmp	xmrig
behavioral1/memory/4160-85-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	xmrig
behavioral1/memory/5004-77-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	xmrig
behavioral1/memory/5004-159-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000024282-163.dat	xmrig
behavioral1/memory/3796-162-0x00007FF76ABD0000-0x00007FF76AF24000-memory.dmp	xmrig
behavioral1/memory/5744-167-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp	xmrig
behavioral1/memory/1416-172-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	WmQXreS.exe
1304	euBsosK.exe
1188	YAMoQVj.exe
2616	soOFQdS.exe
4160	kumdGfd.exe
5200	gOkCMem.exe
508	iUViSwc.exe
3064	ZrVwOer.exe
3344	XotYSTS.exe
4704	SujVznH.exe
4796	sUZGbCC.exe
5004	NVPeRPt.exe
6060	KhtKbYe.exe
5744	kpLFZeN.exe
5596	cApwVBZ.exe
1704	jipXxYF.exe
788	zahbykX.exe
4952	XdNYVrb.exe
4832	DWxYNUY.exe
2632	hXMlxQq.exe
2520	dSpvMSB.exe
2900	vJVcHcd.exe
3172	uhxpoFQ.exe
4488	UWpiyPF.exe
3796	VzzNpvp.exe
1416	zLAFjsv.exe
2548	XLOQtOy.exe
392	jfarOpQ.exe
2380	bQstmcs.exe
5100	WoFSseB.exe
5460	yyyTvWG.exe
5208	OpZHLLR.exe
1876	HhOafqc.exe
856	ySAngiI.exe
2624	WOEFkfb.exe
4276	KIdevQs.exe
2364	doykwkP.exe
3012	hfeDKTr.exe
5416	CuVRvWp.exe
4128	KMjVSAd.exe
4596	PsvMkNZ.exe
5508	EFizLHQ.exe
5776	JjNZrGg.exe
2160	ikhHeJa.exe
4472	rDXkspg.exe
2324	elJZYHR.exe
4540	IpnKSIZ.exe
5752	cQTEuGV.exe
2896	lHUpSlc.exe
3492	SlvCRoJ.exe
4460	KCWsKhh.exe
2228	ltGBoIY.exe
5324	teIXVAL.exe
1532	kYKQUhd.exe
5612	rDwFxKN.exe
2920	RYSuVzv.exe
2472	gqxYJfd.exe
4696	aHeaQOH.exe
408	CuTHnKe.exe
5012	mYoXdVX.exe
4772	AbJfOIf.exe
2780	NYxPjGt.exe
4476	TBKPwSc.exe
6036	eWFxWNx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2196-0-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp	upx
behavioral1/files/0x0011000000022ed7-5.dat	upx
behavioral1/memory/2892-8-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp	upx
behavioral1/files/0x000700000002426c-11.dat	upx
behavioral1/files/0x0008000000024268-12.dat	upx
behavioral1/memory/1304-15-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp	upx
behavioral1/files/0x000700000002426e-26.dat	upx
behavioral1/memory/2616-27-0x00007FF736370000-0x00007FF7366C4000-memory.dmp	upx
behavioral1/files/0x000700000002426f-37.dat	upx
behavioral1/memory/5200-36-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp	upx
behavioral1/memory/4160-32-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	upx
behavioral1/files/0x000700000002426d-30.dat	upx
behavioral1/memory/1188-21-0x00007FF7451E0000-0x00007FF745534000-memory.dmp	upx
behavioral1/files/0x0007000000024270-41.dat	upx
behavioral1/memory/508-42-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp	upx
behavioral1/files/0x0008000000024269-47.dat	upx
behavioral1/memory/3064-50-0x00007FF7141D0000-0x00007FF714524000-memory.dmp	upx
behavioral1/memory/2196-51-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp	upx
behavioral1/memory/2892-57-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp	upx
behavioral1/memory/3344-58-0x00007FF721B50000-0x00007FF721EA4000-memory.dmp	upx
behavioral1/files/0x0007000000024271-55.dat	upx
behavioral1/memory/4704-63-0x00007FF630970000-0x00007FF630CC4000-memory.dmp	upx
behavioral1/files/0x0007000000024274-64.dat	upx
behavioral1/memory/1304-62-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp	upx
behavioral1/memory/4796-71-0x00007FF7771E0000-0x00007FF777534000-memory.dmp	upx
behavioral1/files/0x0007000000024275-72.dat	upx
behavioral1/memory/2616-70-0x00007FF736370000-0x00007FF7366C4000-memory.dmp	upx
behavioral1/memory/1188-69-0x00007FF7451E0000-0x00007FF745534000-memory.dmp	upx
behavioral1/files/0x0007000000024276-76.dat	upx
behavioral1/files/0x0007000000024277-82.dat	upx
behavioral1/files/0x0007000000024278-87.dat	upx
behavioral1/memory/1704-104-0x00007FF607620000-0x00007FF607974000-memory.dmp	upx
behavioral1/files/0x000700000002427c-116.dat	upx
behavioral1/memory/4952-119-0x00007FF645BE0000-0x00007FF645F34000-memory.dmp	upx
behavioral1/files/0x000700000002427d-123.dat	upx
behavioral1/files/0x000700000002427f-133.dat	upx
behavioral1/memory/4704-141-0x00007FF630970000-0x00007FF630CC4000-memory.dmp	upx
behavioral1/files/0x0007000000024280-151.dat	upx
behavioral1/memory/3172-156-0x00007FF688A80000-0x00007FF688DD4000-memory.dmp	upx
behavioral1/memory/4796-155-0x00007FF7771E0000-0x00007FF777534000-memory.dmp	upx
behavioral1/files/0x0007000000024281-153.dat	upx
behavioral1/memory/4488-150-0x00007FF7132D0000-0x00007FF713624000-memory.dmp	upx
behavioral1/memory/2900-149-0x00007FF791B60000-0x00007FF791EB4000-memory.dmp	upx
behavioral1/files/0x000c000000024163-147.dat	upx
behavioral1/memory/2520-144-0x00007FF6D9EF0000-0x00007FF6DA244000-memory.dmp	upx
behavioral1/files/0x000700000002427e-139.dat	upx
behavioral1/memory/2632-132-0x00007FF67B6C0000-0x00007FF67BA14000-memory.dmp	upx
behavioral1/memory/4832-120-0x00007FF6A39A0000-0x00007FF6A3CF4000-memory.dmp	upx
behavioral1/memory/788-117-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp	upx
behavioral1/files/0x000700000002427a-110.dat	upx
behavioral1/files/0x000700000002427b-109.dat	upx
behavioral1/memory/508-108-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp	upx
behavioral1/files/0x0007000000024279-103.dat	upx
behavioral1/memory/5596-100-0x00007FF71CD30000-0x00007FF71D084000-memory.dmp	upx
behavioral1/memory/5744-96-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp	upx
behavioral1/memory/5200-93-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp	upx
behavioral1/memory/6060-86-0x00007FF7B57C0000-0x00007FF7B5B14000-memory.dmp	upx
behavioral1/memory/4160-85-0x00007FF667DC0000-0x00007FF668114000-memory.dmp	upx
behavioral1/memory/5004-77-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	upx
behavioral1/memory/5004-159-0x00007FF720790000-0x00007FF720AE4000-memory.dmp	upx
behavioral1/files/0x0007000000024282-163.dat	upx
behavioral1/memory/3796-162-0x00007FF76ABD0000-0x00007FF76AF24000-memory.dmp	upx
behavioral1/memory/5744-167-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp	upx
behavioral1/memory/1416-172-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YFLTdFB.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dRhupeV.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bfIjUYT.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iAaYuRz.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\htHZwCL.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rDwFxKN.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\lHdjeFD.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KPSfPrY.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wYcUZxd.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vESTPBX.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\sMaCupG.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GIReyAc.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\IkeaQxp.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZgVfytT.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\gqxYJfd.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dssKgNs.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cSMotHF.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bYkKfQN.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ScvooyB.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\eqtqfXO.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kYKQUhd.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\mYoXdVX.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\wSSRhZD.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kjvqkDK.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\SxxFbIF.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rZsqYOj.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bfECEkt.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\iTmDdnY.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XotYSTS.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MiFZazI.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\GEYPUrm.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MgUKmmH.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\kmNDUCl.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\qlAdmQm.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\vwXLawL.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\xgiHohD.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\jFLFBHv.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\cUAJxaG.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XELTYSp.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\bTlhaSC.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KjWSkFY.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\rgPjiSB.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\XdNYVrb.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\zLAFjsv.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AswQgCp.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\EFygpsM.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\WAfDrqR.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\LaVtMCy.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BqzdecE.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\OWHSZen.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\QEOztKC.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\dRISkPJ.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uWKXxxK.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\aGHgvKj.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\TaLPMOf.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\MvSiZYe.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\prZZxRj.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\ZdFqjxw.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\AmVfeaT.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\VUcNGCa.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\uhxpoFQ.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\BNSGoIC.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\KYYPYjz.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
File created	C:\Windows\System\YAMoQVj.exe	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2892	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2196 wrote to memory of 2892	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	88
PID 2196 wrote to memory of 1304	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2196 wrote to memory of 1304	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	89
PID 2196 wrote to memory of 1188	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2196 wrote to memory of 1188	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	90
PID 2196 wrote to memory of 2616	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2196 wrote to memory of 2616	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	91
PID 2196 wrote to memory of 4160	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2196 wrote to memory of 4160	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	92
PID 2196 wrote to memory of 5200	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2196 wrote to memory of 5200	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	93
PID 2196 wrote to memory of 508	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2196 wrote to memory of 508	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	94
PID 2196 wrote to memory of 3064	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 2196 wrote to memory of 3064	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	95
PID 2196 wrote to memory of 3344	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 2196 wrote to memory of 3344	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	96
PID 2196 wrote to memory of 4704	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2196 wrote to memory of 4704	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	99
PID 2196 wrote to memory of 4796	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2196 wrote to memory of 4796	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	100
PID 2196 wrote to memory of 5004	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2196 wrote to memory of 5004	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	101
PID 2196 wrote to memory of 6060	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 2196 wrote to memory of 6060	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	103
PID 2196 wrote to memory of 5744	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2196 wrote to memory of 5744	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	104
PID 2196 wrote to memory of 5596	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2196 wrote to memory of 5596	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	105
PID 2196 wrote to memory of 1704	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2196 wrote to memory of 1704	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	106
PID 2196 wrote to memory of 788	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2196 wrote to memory of 788	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	107
PID 2196 wrote to memory of 4952	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2196 wrote to memory of 4952	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	108
PID 2196 wrote to memory of 4832	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2196 wrote to memory of 4832	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	109
PID 2196 wrote to memory of 2632	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2196 wrote to memory of 2632	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	110
PID 2196 wrote to memory of 2520	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2196 wrote to memory of 2520	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	111
PID 2196 wrote to memory of 2900	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2196 wrote to memory of 2900	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	112
PID 2196 wrote to memory of 3172	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2196 wrote to memory of 3172	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	113
PID 2196 wrote to memory of 4488	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2196 wrote to memory of 4488	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	114
PID 2196 wrote to memory of 3796	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2196 wrote to memory of 3796	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	115
PID 2196 wrote to memory of 1416	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2196 wrote to memory of 1416	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	116
PID 2196 wrote to memory of 2548	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 2196 wrote to memory of 2548	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	119
PID 2196 wrote to memory of 392	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 2196 wrote to memory of 392	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	120
PID 2196 wrote to memory of 2380	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 2196 wrote to memory of 2380	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	121
PID 2196 wrote to memory of 5100	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 2196 wrote to memory of 5100	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	122
PID 2196 wrote to memory of 5460	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 2196 wrote to memory of 5460	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	124
PID 2196 wrote to memory of 5208	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125
PID 2196 wrote to memory of 5208	2196	2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe	125

C:\Users\Admin\AppData\Local\Temp\2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-08_bc9343f2ed7a22ce04fb1240562740c5_amadey_cobalt-strike_cobaltstrike_poet-rat_smoke-loader.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\System\WmQXreS.exe
  C:\Windows\System\WmQXreS.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\euBsosK.exe
  C:\Windows\System\euBsosK.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\YAMoQVj.exe
  C:\Windows\System\YAMoQVj.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\soOFQdS.exe
  C:\Windows\System\soOFQdS.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\kumdGfd.exe
  C:\Windows\System\kumdGfd.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\gOkCMem.exe
  C:\Windows\System\gOkCMem.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\iUViSwc.exe
  C:\Windows\System\iUViSwc.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\ZrVwOer.exe
  C:\Windows\System\ZrVwOer.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\XotYSTS.exe
  C:\Windows\System\XotYSTS.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\SujVznH.exe
  C:\Windows\System\SujVznH.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\sUZGbCC.exe
  C:\Windows\System\sUZGbCC.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\NVPeRPt.exe
  C:\Windows\System\NVPeRPt.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\KhtKbYe.exe
  C:\Windows\System\KhtKbYe.exe
  2⤵
  - Executes dropped EXE
  PID:6060
- C:\Windows\System\kpLFZeN.exe
  C:\Windows\System\kpLFZeN.exe
  2⤵
  - Executes dropped EXE
  PID:5744
- C:\Windows\System\cApwVBZ.exe
  C:\Windows\System\cApwVBZ.exe
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Windows\System\jipXxYF.exe
  C:\Windows\System\jipXxYF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\zahbykX.exe
  C:\Windows\System\zahbykX.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\XdNYVrb.exe
  C:\Windows\System\XdNYVrb.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\DWxYNUY.exe
  C:\Windows\System\DWxYNUY.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\hXMlxQq.exe
  C:\Windows\System\hXMlxQq.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\dSpvMSB.exe
  C:\Windows\System\dSpvMSB.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\vJVcHcd.exe
  C:\Windows\System\vJVcHcd.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\uhxpoFQ.exe
  C:\Windows\System\uhxpoFQ.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\UWpiyPF.exe
  C:\Windows\System\UWpiyPF.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\VzzNpvp.exe
  C:\Windows\System\VzzNpvp.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\zLAFjsv.exe
  C:\Windows\System\zLAFjsv.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\XLOQtOy.exe
  C:\Windows\System\XLOQtOy.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\jfarOpQ.exe
  C:\Windows\System\jfarOpQ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\bQstmcs.exe
  C:\Windows\System\bQstmcs.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\WoFSseB.exe
  C:\Windows\System\WoFSseB.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\yyyTvWG.exe
  C:\Windows\System\yyyTvWG.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\OpZHLLR.exe
  C:\Windows\System\OpZHLLR.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\HhOafqc.exe
  C:\Windows\System\HhOafqc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ySAngiI.exe
  C:\Windows\System\ySAngiI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\WOEFkfb.exe
  C:\Windows\System\WOEFkfb.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\KIdevQs.exe
  C:\Windows\System\KIdevQs.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\doykwkP.exe
  C:\Windows\System\doykwkP.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\hfeDKTr.exe
  C:\Windows\System\hfeDKTr.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\CuVRvWp.exe
  C:\Windows\System\CuVRvWp.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\KMjVSAd.exe
  C:\Windows\System\KMjVSAd.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\PsvMkNZ.exe
  C:\Windows\System\PsvMkNZ.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\EFizLHQ.exe
  C:\Windows\System\EFizLHQ.exe
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Windows\System\JjNZrGg.exe
  C:\Windows\System\JjNZrGg.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\ikhHeJa.exe
  C:\Windows\System\ikhHeJa.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\rDXkspg.exe
  C:\Windows\System\rDXkspg.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\elJZYHR.exe
  C:\Windows\System\elJZYHR.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\IpnKSIZ.exe
  C:\Windows\System\IpnKSIZ.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\cQTEuGV.exe
  C:\Windows\System\cQTEuGV.exe
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System\lHUpSlc.exe
  C:\Windows\System\lHUpSlc.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\SlvCRoJ.exe
  C:\Windows\System\SlvCRoJ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\KCWsKhh.exe
  C:\Windows\System\KCWsKhh.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\ltGBoIY.exe
  C:\Windows\System\ltGBoIY.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\teIXVAL.exe
  C:\Windows\System\teIXVAL.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System\kYKQUhd.exe
  C:\Windows\System\kYKQUhd.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\rDwFxKN.exe
  C:\Windows\System\rDwFxKN.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System\RYSuVzv.exe
  C:\Windows\System\RYSuVzv.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\gqxYJfd.exe
  C:\Windows\System\gqxYJfd.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\aHeaQOH.exe
  C:\Windows\System\aHeaQOH.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\CuTHnKe.exe
  C:\Windows\System\CuTHnKe.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\mYoXdVX.exe
  C:\Windows\System\mYoXdVX.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\AbJfOIf.exe
  C:\Windows\System\AbJfOIf.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\NYxPjGt.exe
  C:\Windows\System\NYxPjGt.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\TBKPwSc.exe
  C:\Windows\System\TBKPwSc.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\eWFxWNx.exe
  C:\Windows\System\eWFxWNx.exe
  2⤵
  - Executes dropped EXE
  PID:6036
- C:\Windows\System\rVpTnLl.exe
  C:\Windows\System\rVpTnLl.exe
  2⤵
  PID:4900
- C:\Windows\System\OYaRceo.exe
  C:\Windows\System\OYaRceo.exe
  2⤵
  PID:4880
- C:\Windows\System\pmYYbqt.exe
  C:\Windows\System\pmYYbqt.exe
  2⤵
  PID:4552
- C:\Windows\System\GsFlhUC.exe
  C:\Windows\System\GsFlhUC.exe
  2⤵
  PID:1268
- C:\Windows\System\ReRVZvC.exe
  C:\Windows\System\ReRVZvC.exe
  2⤵
  PID:2348
- C:\Windows\System\QEOztKC.exe
  C:\Windows\System\QEOztKC.exe
  2⤵
  PID:4656
- C:\Windows\System\zXoiANV.exe
  C:\Windows\System\zXoiANV.exe
  2⤵
  PID:4784
- C:\Windows\System\qlWsPZJ.exe
  C:\Windows\System\qlWsPZJ.exe
  2⤵
  PID:1672
- C:\Windows\System\yXejrfj.exe
  C:\Windows\System\yXejrfj.exe
  2⤵
  PID:5076
- C:\Windows\System\Xmutrxw.exe
  C:\Windows\System\Xmutrxw.exe
  2⤵
  PID:1664
- C:\Windows\System\WmPqtwT.exe
  C:\Windows\System\WmPqtwT.exe
  2⤵
  PID:1020
- C:\Windows\System\oyvByJG.exe
  C:\Windows\System\oyvByJG.exe
  2⤵
  PID:2484
- C:\Windows\System\dssKgNs.exe
  C:\Windows\System\dssKgNs.exe
  2⤵
  PID:6016
- C:\Windows\System\cSMotHF.exe
  C:\Windows\System\cSMotHF.exe
  2⤵
  PID:4932
- C:\Windows\System\EJnQyqW.exe
  C:\Windows\System\EJnQyqW.exe
  2⤵
  PID:2248
- C:\Windows\System\CyFBsnk.exe
  C:\Windows\System\CyFBsnk.exe
  2⤵
  PID:3396
- C:\Windows\System\TfzjANa.exe
  C:\Windows\System\TfzjANa.exe
  2⤵
  PID:5056
- C:\Windows\System\VZmNGcX.exe
  C:\Windows\System\VZmNGcX.exe
  2⤵
  PID:5972
- C:\Windows\System\EpwCXOe.exe
  C:\Windows\System\EpwCXOe.exe
  2⤵
  PID:1896
- C:\Windows\System\ErqqmLY.exe
  C:\Windows\System\ErqqmLY.exe
  2⤵
  PID:2116
- C:\Windows\System\vwXLawL.exe
  C:\Windows\System\vwXLawL.exe
  2⤵
  PID:4620
- C:\Windows\System\CdoABad.exe
  C:\Windows\System\CdoABad.exe
  2⤵
  PID:620
- C:\Windows\System\DjIRdaK.exe
  C:\Windows\System\DjIRdaK.exe
  2⤵
  PID:5336
- C:\Windows\System\nvCBMyO.exe
  C:\Windows\System\nvCBMyO.exe
  2⤵
  PID:5400
- C:\Windows\System\IpDwgDX.exe
  C:\Windows\System\IpDwgDX.exe
  2⤵
  PID:3944
- C:\Windows\System\CfZGACE.exe
  C:\Windows\System\CfZGACE.exe
  2⤵
  PID:2132
- C:\Windows\System\bJNBxBe.exe
  C:\Windows\System\bJNBxBe.exe
  2⤵
  PID:5944
- C:\Windows\System\eMAravu.exe
  C:\Windows\System\eMAravu.exe
  2⤵
  PID:5888
- C:\Windows\System\difxbkx.exe
  C:\Windows\System\difxbkx.exe
  2⤵
  PID:2404
- C:\Windows\System\uEoNPTu.exe
  C:\Windows\System\uEoNPTu.exe
  2⤵
  PID:4220
- C:\Windows\System\WNeyhuG.exe
  C:\Windows\System\WNeyhuG.exe
  2⤵
  PID:2220
- C:\Windows\System\qrIAIwC.exe
  C:\Windows\System\qrIAIwC.exe
  2⤵
  PID:4224
- C:\Windows\System\BysrVzJ.exe
  C:\Windows\System\BysrVzJ.exe
  2⤵
  PID:2796
- C:\Windows\System\bYkKfQN.exe
  C:\Windows\System\bYkKfQN.exe
  2⤵
  PID:5624
- C:\Windows\System\JQXbxkQ.exe
  C:\Windows\System\JQXbxkQ.exe
  2⤵
  PID:2288
- C:\Windows\System\gSSGBGW.exe
  C:\Windows\System\gSSGBGW.exe
  2⤵
  PID:5904
- C:\Windows\System\tBKZDqR.exe
  C:\Windows\System\tBKZDqR.exe
  2⤵
  PID:1144
- C:\Windows\System\lDNxcew.exe
  C:\Windows\System\lDNxcew.exe
  2⤵
  PID:984
- C:\Windows\System\qpDPlJi.exe
  C:\Windows\System\qpDPlJi.exe
  2⤵
  PID:5436
- C:\Windows\System\laJnhzu.exe
  C:\Windows\System\laJnhzu.exe
  2⤵
  PID:1792
- C:\Windows\System\YPjVUbh.exe
  C:\Windows\System\YPjVUbh.exe
  2⤵
  PID:5980
- C:\Windows\System\kSmbfjy.exe
  C:\Windows\System\kSmbfjy.exe
  2⤵
  PID:5068
- C:\Windows\System\eyLFCTK.exe
  C:\Windows\System\eyLFCTK.exe
  2⤵
  PID:4760
- C:\Windows\System\vVctuRz.exe
  C:\Windows\System\vVctuRz.exe
  2⤵
  PID:4980
- C:\Windows\System\pyMSvKt.exe
  C:\Windows\System\pyMSvKt.exe
  2⤵
  PID:2600
- C:\Windows\System\FuVKMGu.exe
  C:\Windows\System\FuVKMGu.exe
  2⤵
  PID:624
- C:\Windows\System\xgiHohD.exe
  C:\Windows\System\xgiHohD.exe
  2⤵
  PID:5132
- C:\Windows\System\DRHBlPp.exe
  C:\Windows\System\DRHBlPp.exe
  2⤵
  PID:3924
- C:\Windows\System\yiExhFF.exe
  C:\Windows\System\yiExhFF.exe
  2⤵
  PID:5632
- C:\Windows\System\yJjRgRV.exe
  C:\Windows\System\yJjRgRV.exe
  2⤵
  PID:5840
- C:\Windows\System\twadGoT.exe
  C:\Windows\System\twadGoT.exe
  2⤵
  PID:2076
- C:\Windows\System\QYerCSE.exe
  C:\Windows\System\QYerCSE.exe
  2⤵
  PID:2508
- C:\Windows\System\ONPzfgK.exe
  C:\Windows\System\ONPzfgK.exe
  2⤵
  PID:2144
- C:\Windows\System\UOWlgDu.exe
  C:\Windows\System\UOWlgDu.exe
  2⤵
  PID:2468
- C:\Windows\System\LNdISYH.exe
  C:\Windows\System\LNdISYH.exe
  2⤵
  PID:4000
- C:\Windows\System\RcJvNen.exe
  C:\Windows\System\RcJvNen.exe
  2⤵
  PID:1192
- C:\Windows\System\yMMdcov.exe
  C:\Windows\System\yMMdcov.exe
  2⤵
  PID:4020
- C:\Windows\System\tMCXKHp.exe
  C:\Windows\System\tMCXKHp.exe
  2⤵
  PID:4972
- C:\Windows\System\measYnk.exe
  C:\Windows\System\measYnk.exe
  2⤵
  PID:4564
- C:\Windows\System\QRFycMZ.exe
  C:\Windows\System\QRFycMZ.exe
  2⤵
  PID:3004
- C:\Windows\System\wgypuEz.exe
  C:\Windows\System\wgypuEz.exe
  2⤵
  PID:936
- C:\Windows\System\kYLwSoq.exe
  C:\Windows\System\kYLwSoq.exe
  2⤵
  PID:544
- C:\Windows\System\DqKMfFP.exe
  C:\Windows\System\DqKMfFP.exe
  2⤵
  PID:2712
- C:\Windows\System\ilIlYUb.exe
  C:\Windows\System\ilIlYUb.exe
  2⤵
  PID:3724
- C:\Windows\System\qcktDgL.exe
  C:\Windows\System\qcktDgL.exe
  2⤵
  PID:5300
- C:\Windows\System\VVUWhFo.exe
  C:\Windows\System\VVUWhFo.exe
  2⤵
  PID:436
- C:\Windows\System\SodwvTB.exe
  C:\Windows\System\SodwvTB.exe
  2⤵
  PID:748
- C:\Windows\System\hBLKVFl.exe
  C:\Windows\System\hBLKVFl.exe
  2⤵
  PID:6148
- C:\Windows\System\dRISkPJ.exe
  C:\Windows\System\dRISkPJ.exe
  2⤵
  PID:6184
- C:\Windows\System\lbpRcVC.exe
  C:\Windows\System\lbpRcVC.exe
  2⤵
  PID:6208
- C:\Windows\System\pfuXFNK.exe
  C:\Windows\System\pfuXFNK.exe
  2⤵
  PID:6228
- C:\Windows\System\uWKXxxK.exe
  C:\Windows\System\uWKXxxK.exe
  2⤵
  PID:6280
- C:\Windows\System\yKCLHVH.exe
  C:\Windows\System\yKCLHVH.exe
  2⤵
  PID:6304
- C:\Windows\System\TRxUsQH.exe
  C:\Windows\System\TRxUsQH.exe
  2⤵
  PID:6320
- C:\Windows\System\CfZetvi.exe
  C:\Windows\System\CfZetvi.exe
  2⤵
  PID:6364
- C:\Windows\System\wsIvSSW.exe
  C:\Windows\System\wsIvSSW.exe
  2⤵
  PID:6392
- C:\Windows\System\UBklaWA.exe
  C:\Windows\System\UBklaWA.exe
  2⤵
  PID:6420
- C:\Windows\System\yQnIQXi.exe
  C:\Windows\System\yQnIQXi.exe
  2⤵
  PID:6460
- C:\Windows\System\CiQuVOK.exe
  C:\Windows\System\CiQuVOK.exe
  2⤵
  PID:6488
- C:\Windows\System\BgBObLh.exe
  C:\Windows\System\BgBObLh.exe
  2⤵
  PID:6516
- C:\Windows\System\xUXkdkd.exe
  C:\Windows\System\xUXkdkd.exe
  2⤵
  PID:6540
- C:\Windows\System\xNAmHWO.exe
  C:\Windows\System\xNAmHWO.exe
  2⤵
  PID:6572
- C:\Windows\System\YLmIihT.exe
  C:\Windows\System\YLmIihT.exe
  2⤵
  PID:6604
- C:\Windows\System\JQjcGZJ.exe
  C:\Windows\System\JQjcGZJ.exe
  2⤵
  PID:6632
- C:\Windows\System\XNSONfM.exe
  C:\Windows\System\XNSONfM.exe
  2⤵
  PID:6660
- C:\Windows\System\uqyKWEl.exe
  C:\Windows\System\uqyKWEl.exe
  2⤵
  PID:6680
- C:\Windows\System\ixMrMSI.exe
  C:\Windows\System\ixMrMSI.exe
  2⤵
  PID:6700
- C:\Windows\System\FrTwiol.exe
  C:\Windows\System\FrTwiol.exe
  2⤵
  PID:6744
- C:\Windows\System\lzhgnNk.exe
  C:\Windows\System\lzhgnNk.exe
  2⤵
  PID:6764
- C:\Windows\System\kxJGiti.exe
  C:\Windows\System\kxJGiti.exe
  2⤵
  PID:6800
- C:\Windows\System\yBEmCBo.exe
  C:\Windows\System\yBEmCBo.exe
  2⤵
  PID:6832
- C:\Windows\System\mNAohAE.exe
  C:\Windows\System\mNAohAE.exe
  2⤵
  PID:6856
- C:\Windows\System\pqLdFBg.exe
  C:\Windows\System\pqLdFBg.exe
  2⤵
  PID:6888
- C:\Windows\System\cxuhJGI.exe
  C:\Windows\System\cxuhJGI.exe
  2⤵
  PID:6916
- C:\Windows\System\DMArTxD.exe
  C:\Windows\System\DMArTxD.exe
  2⤵
  PID:6944
- C:\Windows\System\RLDgPmE.exe
  C:\Windows\System\RLDgPmE.exe
  2⤵
  PID:6972
- C:\Windows\System\QrcxRLd.exe
  C:\Windows\System\QrcxRLd.exe
  2⤵
  PID:7000
- C:\Windows\System\LPfxCjg.exe
  C:\Windows\System\LPfxCjg.exe
  2⤵
  PID:7028
- C:\Windows\System\fJyBwpw.exe
  C:\Windows\System\fJyBwpw.exe
  2⤵
  PID:7056
- C:\Windows\System\IJIIDjT.exe
  C:\Windows\System\IJIIDjT.exe
  2⤵
  PID:7084
- C:\Windows\System\sOBFfBN.exe
  C:\Windows\System\sOBFfBN.exe
  2⤵
  PID:7108
- C:\Windows\System\TouElEu.exe
  C:\Windows\System\TouElEu.exe
  2⤵
  PID:7140
- C:\Windows\System\jZwnpqz.exe
  C:\Windows\System\jZwnpqz.exe
  2⤵
  PID:6008
- C:\Windows\System\nCcAGPV.exe
  C:\Windows\System\nCcAGPV.exe
  2⤵
  PID:6164
- C:\Windows\System\ryGoICC.exe
  C:\Windows\System\ryGoICC.exe
  2⤵
  PID:6264
- C:\Windows\System\TOBeVIa.exe
  C:\Windows\System\TOBeVIa.exe
  2⤵
  PID:6332
- C:\Windows\System\yVFRmpu.exe
  C:\Windows\System\yVFRmpu.exe
  2⤵
  PID:6384
- C:\Windows\System\hYQRePY.exe
  C:\Windows\System\hYQRePY.exe
  2⤵
  PID:6468
- C:\Windows\System\trqzHgF.exe
  C:\Windows\System\trqzHgF.exe
  2⤵
  PID:6532
- C:\Windows\System\twzpeny.exe
  C:\Windows\System\twzpeny.exe
  2⤵
  PID:6596
- C:\Windows\System\PEwRVQu.exe
  C:\Windows\System\PEwRVQu.exe
  2⤵
  PID:6648
- C:\Windows\System\xBjbFdX.exe
  C:\Windows\System\xBjbFdX.exe
  2⤵
  PID:6720
- C:\Windows\System\ElVXArm.exe
  C:\Windows\System\ElVXArm.exe
  2⤵
  PID:6788
- C:\Windows\System\kMyonrG.exe
  C:\Windows\System\kMyonrG.exe
  2⤵
  PID:6840
- C:\Windows\System\aGHgvKj.exe
  C:\Windows\System\aGHgvKj.exe
  2⤵
  PID:6912
- C:\Windows\System\ZHAqMwH.exe
  C:\Windows\System\ZHAqMwH.exe
  2⤵
  PID:6960
- C:\Windows\System\CbBuihA.exe
  C:\Windows\System\CbBuihA.exe
  2⤵
  PID:7036
- C:\Windows\System\RdsobUw.exe
  C:\Windows\System\RdsobUw.exe
  2⤵
  PID:7100
- C:\Windows\System\wkYxxZF.exe
  C:\Windows\System\wkYxxZF.exe
  2⤵
  PID:2400
- C:\Windows\System\xPwMGVh.exe
  C:\Windows\System\xPwMGVh.exe
  2⤵
  PID:6292
- C:\Windows\System\MiFZazI.exe
  C:\Windows\System\MiFZazI.exe
  2⤵
  PID:6408
- C:\Windows\System\rfeDdcY.exe
  C:\Windows\System\rfeDdcY.exe
  2⤵
  PID:6552
- C:\Windows\System\prZZxRj.exe
  C:\Windows\System\prZZxRj.exe
  2⤵
  PID:6692
- C:\Windows\System\HDQSPeH.exe
  C:\Windows\System\HDQSPeH.exe
  2⤵
  PID:6904
- C:\Windows\System\WIIaWFF.exe
  C:\Windows\System\WIIaWFF.exe
  2⤵
  PID:7064
- C:\Windows\System\QFcQHVY.exe
  C:\Windows\System\QFcQHVY.exe
  2⤵
  PID:7164
- C:\Windows\System\RUROqDC.exe
  C:\Windows\System\RUROqDC.exe
  2⤵
  PID:6612
- C:\Windows\System\sGfVXky.exe
  C:\Windows\System\sGfVXky.exe
  2⤵
  PID:7016
- C:\Windows\System\xMZclrW.exe
  C:\Windows\System\xMZclrW.exe
  2⤵
  PID:4352
- C:\Windows\System\TMqanEm.exe
  C:\Windows\System\TMqanEm.exe
  2⤵
  PID:5332
- C:\Windows\System\JvmMNZU.exe
  C:\Windows\System\JvmMNZU.exe
  2⤵
  PID:6404
- C:\Windows\System\BGmFBJZ.exe
  C:\Windows\System\BGmFBJZ.exe
  2⤵
  PID:5292
- C:\Windows\System\kDkGMMi.exe
  C:\Windows\System\kDkGMMi.exe
  2⤵
  PID:6676
- C:\Windows\System\DWjOnCx.exe
  C:\Windows\System\DWjOnCx.exe
  2⤵
  PID:5524
- C:\Windows\System\hbumZDf.exe
  C:\Windows\System\hbumZDf.exe
  2⤵
  PID:7172
- C:\Windows\System\OeLSktB.exe
  C:\Windows\System\OeLSktB.exe
  2⤵
  PID:7220
- C:\Windows\System\zpTROio.exe
  C:\Windows\System\zpTROio.exe
  2⤵
  PID:7248
- C:\Windows\System\BmtcKsY.exe
  C:\Windows\System\BmtcKsY.exe
  2⤵
  PID:7284
- C:\Windows\System\qvYSGjX.exe
  C:\Windows\System\qvYSGjX.exe
  2⤵
  PID:7300
- C:\Windows\System\pfYxiZX.exe
  C:\Windows\System\pfYxiZX.exe
  2⤵
  PID:7332
- C:\Windows\System\PiQpcEz.exe
  C:\Windows\System\PiQpcEz.exe
  2⤵
  PID:7356
- C:\Windows\System\cygKiNP.exe
  C:\Windows\System\cygKiNP.exe
  2⤵
  PID:7392
- C:\Windows\System\VUulwtL.exe
  C:\Windows\System\VUulwtL.exe
  2⤵
  PID:7412
- C:\Windows\System\KFhzzfg.exe
  C:\Windows\System\KFhzzfg.exe
  2⤵
  PID:7440
- C:\Windows\System\MWqXViA.exe
  C:\Windows\System\MWqXViA.exe
  2⤵
  PID:7476
- C:\Windows\System\pnOLBwX.exe
  C:\Windows\System\pnOLBwX.exe
  2⤵
  PID:7496
- C:\Windows\System\EchelMm.exe
  C:\Windows\System\EchelMm.exe
  2⤵
  PID:7524
- C:\Windows\System\ulDxNij.exe
  C:\Windows\System\ulDxNij.exe
  2⤵
  PID:7552
- C:\Windows\System\fAsxUKK.exe
  C:\Windows\System\fAsxUKK.exe
  2⤵
  PID:7584
- C:\Windows\System\UshKTDF.exe
  C:\Windows\System\UshKTDF.exe
  2⤵
  PID:7608
- C:\Windows\System\ClGuTsa.exe
  C:\Windows\System\ClGuTsa.exe
  2⤵
  PID:7644
- C:\Windows\System\CpkXlEe.exe
  C:\Windows\System\CpkXlEe.exe
  2⤵
  PID:7664
- C:\Windows\System\mSVTlmq.exe
  C:\Windows\System\mSVTlmq.exe
  2⤵
  PID:7696
- C:\Windows\System\iuqKdVf.exe
  C:\Windows\System\iuqKdVf.exe
  2⤵
  PID:7720
- C:\Windows\System\pEznMVZ.exe
  C:\Windows\System\pEznMVZ.exe
  2⤵
  PID:7748
- C:\Windows\System\DDWwbXm.exe
  C:\Windows\System\DDWwbXm.exe
  2⤵
  PID:7780
- C:\Windows\System\JFvAgyB.exe
  C:\Windows\System\JFvAgyB.exe
  2⤵
  PID:7812
- C:\Windows\System\qaCsCsi.exe
  C:\Windows\System\qaCsCsi.exe
  2⤵
  PID:7832
- C:\Windows\System\tkrGXGQ.exe
  C:\Windows\System\tkrGXGQ.exe
  2⤵
  PID:7860
- C:\Windows\System\reuACEh.exe
  C:\Windows\System\reuACEh.exe
  2⤵
  PID:7888
- C:\Windows\System\wSSRhZD.exe
  C:\Windows\System\wSSRhZD.exe
  2⤵
  PID:7920
- C:\Windows\System\HyrrHnN.exe
  C:\Windows\System\HyrrHnN.exe
  2⤵
  PID:7952
- C:\Windows\System\YYpOIIV.exe
  C:\Windows\System\YYpOIIV.exe
  2⤵
  PID:7972
- C:\Windows\System\MZdUzax.exe
  C:\Windows\System\MZdUzax.exe
  2⤵
  PID:8000
- C:\Windows\System\bVBFoMn.exe
  C:\Windows\System\bVBFoMn.exe
  2⤵
  PID:8036
- C:\Windows\System\dixlCBU.exe
  C:\Windows\System\dixlCBU.exe
  2⤵
  PID:8056
- C:\Windows\System\MpnNJmA.exe
  C:\Windows\System\MpnNJmA.exe
  2⤵
  PID:8084
- C:\Windows\System\fVbwPQv.exe
  C:\Windows\System\fVbwPQv.exe
  2⤵
  PID:8116
- C:\Windows\System\qWyZiRT.exe
  C:\Windows\System\qWyZiRT.exe
  2⤵
  PID:8140
- C:\Windows\System\pNtVvit.exe
  C:\Windows\System\pNtVvit.exe
  2⤵
  PID:8168
- C:\Windows\System\BdwxMrQ.exe
  C:\Windows\System\BdwxMrQ.exe
  2⤵
  PID:4604
- C:\Windows\System\dnTfhoF.exe
  C:\Windows\System\dnTfhoF.exe
  2⤵
  PID:7244
- C:\Windows\System\JuwERyr.exe
  C:\Windows\System\JuwERyr.exe
  2⤵
  PID:7296
- C:\Windows\System\WeLmMSr.exe
  C:\Windows\System\WeLmMSr.exe
  2⤵
  PID:7376
- C:\Windows\System\LMbhpel.exe
  C:\Windows\System\LMbhpel.exe
  2⤵
  PID:7424
- C:\Windows\System\aMHsSIf.exe
  C:\Windows\System\aMHsSIf.exe
  2⤵
  PID:7516
- C:\Windows\System\YKVzywP.exe
  C:\Windows\System\YKVzywP.exe
  2⤵
  PID:7572
- C:\Windows\System\plOOgCG.exe
  C:\Windows\System\plOOgCG.exe
  2⤵
  PID:7632
- C:\Windows\System\rBoIlCZ.exe
  C:\Windows\System\rBoIlCZ.exe
  2⤵
  PID:7704
- C:\Windows\System\bfIjUYT.exe
  C:\Windows\System\bfIjUYT.exe
  2⤵
  PID:7760
- C:\Windows\System\WgsxXjn.exe
  C:\Windows\System\WgsxXjn.exe
  2⤵
  PID:7824
- C:\Windows\System\fhkgJLK.exe
  C:\Windows\System\fhkgJLK.exe
  2⤵
  PID:7884
- C:\Windows\System\vESTPBX.exe
  C:\Windows\System\vESTPBX.exe
  2⤵
  PID:7964
- C:\Windows\System\MpjVsxh.exe
  C:\Windows\System\MpjVsxh.exe
  2⤵
  PID:8020
- C:\Windows\System\MxIGXyG.exe
  C:\Windows\System\MxIGXyG.exe
  2⤵
  PID:8076
- C:\Windows\System\IKDzsSC.exe
  C:\Windows\System\IKDzsSC.exe
  2⤵
  PID:8152
- C:\Windows\System\bstVsXF.exe
  C:\Windows\System\bstVsXF.exe
  2⤵
  PID:7208
- C:\Windows\System\SVhoQOh.exe
  C:\Windows\System\SVhoQOh.exe
  2⤵
  PID:7348
- C:\Windows\System\DuqrICh.exe
  C:\Windows\System\DuqrICh.exe
  2⤵
  PID:7492
- C:\Windows\System\qbPdokh.exe
  C:\Windows\System\qbPdokh.exe
  2⤵
  PID:7656
- C:\Windows\System\PmChATx.exe
  C:\Windows\System\PmChATx.exe
  2⤵
  PID:7800
- C:\Windows\System\WGKFAdI.exe
  C:\Windows\System\WGKFAdI.exe
  2⤵
  PID:7996
- C:\Windows\System\SsUFTpy.exe
  C:\Windows\System\SsUFTpy.exe
  2⤵
  PID:8124
- C:\Windows\System\gGDKSsO.exe
  C:\Windows\System\gGDKSsO.exe
  2⤵
  PID:7452
- C:\Windows\System\IWLLbso.exe
  C:\Windows\System\IWLLbso.exe
  2⤵
  PID:7716
- C:\Windows\System\mgoRLMs.exe
  C:\Windows\System\mgoRLMs.exe
  2⤵
  PID:8068
- C:\Windows\System\ibMZaGl.exe
  C:\Windows\System\ibMZaGl.exe
  2⤵
  PID:7604
- C:\Windows\System\KGbUBOl.exe
  C:\Windows\System\KGbUBOl.exe
  2⤵
  PID:7548
- C:\Windows\System\ZEYWYhs.exe
  C:\Windows\System\ZEYWYhs.exe
  2⤵
  PID:8208
- C:\Windows\System\AswQgCp.exe
  C:\Windows\System\AswQgCp.exe
  2⤵
  PID:8236
- C:\Windows\System\tCrgUih.exe
  C:\Windows\System\tCrgUih.exe
  2⤵
  PID:8264
- C:\Windows\System\nSwSRsw.exe
  C:\Windows\System\nSwSRsw.exe
  2⤵
  PID:8292
- C:\Windows\System\BNSGoIC.exe
  C:\Windows\System\BNSGoIC.exe
  2⤵
  PID:8320
- C:\Windows\System\zKpCkEk.exe
  C:\Windows\System\zKpCkEk.exe
  2⤵
  PID:8348
- C:\Windows\System\gcHHUro.exe
  C:\Windows\System\gcHHUro.exe
  2⤵
  PID:8412
- C:\Windows\System\UMwZEGL.exe
  C:\Windows\System\UMwZEGL.exe
  2⤵
  PID:8440
- C:\Windows\System\FbLKWWk.exe
  C:\Windows\System\FbLKWWk.exe
  2⤵
  PID:8468
- C:\Windows\System\zhlMlUl.exe
  C:\Windows\System\zhlMlUl.exe
  2⤵
  PID:8504
- C:\Windows\System\IIXPVSP.exe
  C:\Windows\System\IIXPVSP.exe
  2⤵
  PID:8536
- C:\Windows\System\QvDvxrl.exe
  C:\Windows\System\QvDvxrl.exe
  2⤵
  PID:8564
- C:\Windows\System\ezkHeIf.exe
  C:\Windows\System\ezkHeIf.exe
  2⤵
  PID:8596
- C:\Windows\System\UvMKzdN.exe
  C:\Windows\System\UvMKzdN.exe
  2⤵
  PID:8640
- C:\Windows\System\iyTwdOr.exe
  C:\Windows\System\iyTwdOr.exe
  2⤵
  PID:8656
- C:\Windows\System\KamjrCR.exe
  C:\Windows\System\KamjrCR.exe
  2⤵
  PID:8688
- C:\Windows\System\bpXXxYo.exe
  C:\Windows\System\bpXXxYo.exe
  2⤵
  PID:8716
- C:\Windows\System\qapyiAl.exe
  C:\Windows\System\qapyiAl.exe
  2⤵
  PID:8744
- C:\Windows\System\wxPieaM.exe
  C:\Windows\System\wxPieaM.exe
  2⤵
  PID:8776
- C:\Windows\System\yKSSClq.exe
  C:\Windows\System\yKSSClq.exe
  2⤵
  PID:8804
- C:\Windows\System\KSaIQhn.exe
  C:\Windows\System\KSaIQhn.exe
  2⤵
  PID:8832
- C:\Windows\System\JxyQcxg.exe
  C:\Windows\System\JxyQcxg.exe
  2⤵
  PID:8860
- C:\Windows\System\sKfjVTh.exe
  C:\Windows\System\sKfjVTh.exe
  2⤵
  PID:8888
- C:\Windows\System\yMMreZX.exe
  C:\Windows\System\yMMreZX.exe
  2⤵
  PID:8916
- C:\Windows\System\slGynux.exe
  C:\Windows\System\slGynux.exe
  2⤵
  PID:8944
- C:\Windows\System\pvpAjPU.exe
  C:\Windows\System\pvpAjPU.exe
  2⤵
  PID:8972
- C:\Windows\System\aQKTtqU.exe
  C:\Windows\System\aQKTtqU.exe
  2⤵
  PID:9000
- C:\Windows\System\mLLxFTY.exe
  C:\Windows\System\mLLxFTY.exe
  2⤵
  PID:9036
- C:\Windows\System\RqcfmXh.exe
  C:\Windows\System\RqcfmXh.exe
  2⤵
  PID:9056
- C:\Windows\System\aBzxHgf.exe
  C:\Windows\System\aBzxHgf.exe
  2⤵
  PID:9084
- C:\Windows\System\RucQOpE.exe
  C:\Windows\System\RucQOpE.exe
  2⤵
  PID:9112
- C:\Windows\System\JkJUpIy.exe
  C:\Windows\System\JkJUpIy.exe
  2⤵
  PID:9140
- C:\Windows\System\oKskfcy.exe
  C:\Windows\System\oKskfcy.exe
  2⤵
  PID:9176
- C:\Windows\System\TmOhiBf.exe
  C:\Windows\System\TmOhiBf.exe
  2⤵
  PID:9196
- C:\Windows\System\LHpnoaE.exe
  C:\Windows\System\LHpnoaE.exe
  2⤵
  PID:8204
- C:\Windows\System\vSsIbMF.exe
  C:\Windows\System\vSsIbMF.exe
  2⤵
  PID:8276
- C:\Windows\System\kxqsqas.exe
  C:\Windows\System\kxqsqas.exe
  2⤵
  PID:8332
- C:\Windows\System\SKQevMy.exe
  C:\Windows\System\SKQevMy.exe
  2⤵
  PID:2800
- C:\Windows\System\MgmNnVW.exe
  C:\Windows\System\MgmNnVW.exe
  2⤵
  PID:8432
- C:\Windows\System\EFygpsM.exe
  C:\Windows\System\EFygpsM.exe
  2⤵
  PID:8496
- C:\Windows\System\vZlDFWw.exe
  C:\Windows\System\vZlDFWw.exe
  2⤵
  PID:8560
- C:\Windows\System\SRTIczp.exe
  C:\Windows\System\SRTIczp.exe
  2⤵
  PID:5364
- C:\Windows\System\ITHYfAk.exe
  C:\Windows\System\ITHYfAk.exe
  2⤵
  PID:8668
- C:\Windows\System\SRaUXxI.exe
  C:\Windows\System\SRaUXxI.exe
  2⤵
  PID:8736
- C:\Windows\System\DImXVKR.exe
  C:\Windows\System\DImXVKR.exe
  2⤵
  PID:8796
- C:\Windows\System\OjuKgCz.exe
  C:\Windows\System\OjuKgCz.exe
  2⤵
  PID:8856
- C:\Windows\System\wHCLclJ.exe
  C:\Windows\System\wHCLclJ.exe
  2⤵
  PID:8912
- C:\Windows\System\ulnXHVM.exe
  C:\Windows\System\ulnXHVM.exe
  2⤵
  PID:8984
- C:\Windows\System\KMNutfF.exe
  C:\Windows\System\KMNutfF.exe
  2⤵
  PID:9044
- C:\Windows\System\tJCFLlj.exe
  C:\Windows\System\tJCFLlj.exe
  2⤵
  PID:9096
- C:\Windows\System\VVZpgqY.exe
  C:\Windows\System\VVZpgqY.exe
  2⤵
  PID:9152
- C:\Windows\System\UPfOFdq.exe
  C:\Windows\System\UPfOFdq.exe
  2⤵
  PID:7260
- C:\Windows\System\wnQegCk.exe
  C:\Windows\System\wnQegCk.exe
  2⤵
  PID:8316
- C:\Windows\System\LfNwJuX.exe
  C:\Windows\System\LfNwJuX.exe
  2⤵
  PID:8480
- C:\Windows\System\YPArLxj.exe
  C:\Windows\System\YPArLxj.exe
  2⤵
  PID:8612
- C:\Windows\System\opEbwqH.exe
  C:\Windows\System\opEbwqH.exe
  2⤵
  PID:8740
- C:\Windows\System\PRtOVac.exe
  C:\Windows\System\PRtOVac.exe
  2⤵
  PID:8880
- C:\Windows\System\TdCIxeE.exe
  C:\Windows\System\TdCIxeE.exe
  2⤵
  PID:9020
- C:\Windows\System\gdtEzJR.exe
  C:\Windows\System\gdtEzJR.exe
  2⤵
  PID:9136
- C:\Windows\System\gmVufwk.exe
  C:\Windows\System\gmVufwk.exe
  2⤵
  PID:852
- C:\Windows\System\GrcqXbv.exe
  C:\Windows\System\GrcqXbv.exe
  2⤵
  PID:8700
- C:\Windows\System\UzILMRo.exe
  C:\Windows\System\UzILMRo.exe
  2⤵
  PID:8968
- C:\Windows\System\neLdFkn.exe
  C:\Windows\System\neLdFkn.exe
  2⤵
  PID:8528
- C:\Windows\System\fzJbeYK.exe
  C:\Windows\System\fzJbeYK.exe
  2⤵
  PID:8304
- C:\Windows\System\jRUgqgl.exe
  C:\Windows\System\jRUgqgl.exe
  2⤵
  PID:9232
- C:\Windows\System\ahRulgM.exe
  C:\Windows\System\ahRulgM.exe
  2⤵
  PID:9272
- C:\Windows\System\IWVVuJe.exe
  C:\Windows\System\IWVVuJe.exe
  2⤵
  PID:9288
- C:\Windows\System\EFMFRAh.exe
  C:\Windows\System\EFMFRAh.exe
  2⤵
  PID:9316
- C:\Windows\System\jFgpjtn.exe
  C:\Windows\System\jFgpjtn.exe
  2⤵
  PID:9344
- C:\Windows\System\yGpcSUq.exe
  C:\Windows\System\yGpcSUq.exe
  2⤵
  PID:9372
- C:\Windows\System\ciTeOaj.exe
  C:\Windows\System\ciTeOaj.exe
  2⤵
  PID:9400
- C:\Windows\System\ssFaBio.exe
  C:\Windows\System\ssFaBio.exe
  2⤵
  PID:9428
- C:\Windows\System\uGtwGeN.exe
  C:\Windows\System\uGtwGeN.exe
  2⤵
  PID:9456
- C:\Windows\System\inKcEpY.exe
  C:\Windows\System\inKcEpY.exe
  2⤵
  PID:9484
- C:\Windows\System\NoFlzhS.exe
  C:\Windows\System\NoFlzhS.exe
  2⤵
  PID:9512
- C:\Windows\System\aKdqJHS.exe
  C:\Windows\System\aKdqJHS.exe
  2⤵
  PID:9540
- C:\Windows\System\wNEAkQz.exe
  C:\Windows\System\wNEAkQz.exe
  2⤵
  PID:9568
- C:\Windows\System\cCPyYTW.exe
  C:\Windows\System\cCPyYTW.exe
  2⤵
  PID:9596
- C:\Windows\System\IPGijXO.exe
  C:\Windows\System\IPGijXO.exe
  2⤵
  PID:9628
- C:\Windows\System\uUOOlrV.exe
  C:\Windows\System\uUOOlrV.exe
  2⤵
  PID:9656
- C:\Windows\System\VpuxOsv.exe
  C:\Windows\System\VpuxOsv.exe
  2⤵
  PID:9684
- C:\Windows\System\utWgfpP.exe
  C:\Windows\System\utWgfpP.exe
  2⤵
  PID:9712
- C:\Windows\System\ABrgCsC.exe
  C:\Windows\System\ABrgCsC.exe
  2⤵
  PID:9740
- C:\Windows\System\GYPJnmb.exe
  C:\Windows\System\GYPJnmb.exe
  2⤵
  PID:9768
- C:\Windows\System\ryiEEuI.exe
  C:\Windows\System\ryiEEuI.exe
  2⤵
  PID:9796
- C:\Windows\System\dUFPghO.exe
  C:\Windows\System\dUFPghO.exe
  2⤵
  PID:9824
- C:\Windows\System\CDLpOae.exe
  C:\Windows\System\CDLpOae.exe
  2⤵
  PID:9852
- C:\Windows\System\bqshqkZ.exe
  C:\Windows\System\bqshqkZ.exe
  2⤵
  PID:9888
- C:\Windows\System\hnCMlRG.exe
  C:\Windows\System\hnCMlRG.exe
  2⤵
  PID:9912
- C:\Windows\System\tnZjRfI.exe
  C:\Windows\System\tnZjRfI.exe
  2⤵
  PID:9940
- C:\Windows\System\oEoHnOd.exe
  C:\Windows\System\oEoHnOd.exe
  2⤵
  PID:9968
- C:\Windows\System\kjvqkDK.exe
  C:\Windows\System\kjvqkDK.exe
  2⤵
  PID:9996
- C:\Windows\System\kazEgeD.exe
  C:\Windows\System\kazEgeD.exe
  2⤵
  PID:10024
- C:\Windows\System\NWkQCYV.exe
  C:\Windows\System\NWkQCYV.exe
  2⤵
  PID:10052
- C:\Windows\System\hGkLCte.exe
  C:\Windows\System\hGkLCte.exe
  2⤵
  PID:10080
- C:\Windows\System\qjtsgSU.exe
  C:\Windows\System\qjtsgSU.exe
  2⤵
  PID:10108
- C:\Windows\System\gEvRBJH.exe
  C:\Windows\System\gEvRBJH.exe
  2⤵
  PID:10136
- C:\Windows\System\DSypuXx.exe
  C:\Windows\System\DSypuXx.exe
  2⤵
  PID:10164
- C:\Windows\System\hUubZiV.exe
  C:\Windows\System\hUubZiV.exe
  2⤵
  PID:10204
- C:\Windows\System\Hiwuojo.exe
  C:\Windows\System\Hiwuojo.exe
  2⤵
  PID:10232
- C:\Windows\System\lHdjeFD.exe
  C:\Windows\System\lHdjeFD.exe
  2⤵
  PID:9132
- C:\Windows\System\TaLPMOf.exe
  C:\Windows\System\TaLPMOf.exe
  2⤵
  PID:9284
- C:\Windows\System\xlkdvZA.exe
  C:\Windows\System\xlkdvZA.exe
  2⤵
  PID:9356
- C:\Windows\System\YxWwedB.exe
  C:\Windows\System\YxWwedB.exe
  2⤵
  PID:9420
- C:\Windows\System\ZHUmXpn.exe
  C:\Windows\System\ZHUmXpn.exe
  2⤵
  PID:9480
- C:\Windows\System\REEMjaG.exe
  C:\Windows\System\REEMjaG.exe
  2⤵
  PID:9552
- C:\Windows\System\WAfDrqR.exe
  C:\Windows\System\WAfDrqR.exe
  2⤵
  PID:9620
- C:\Windows\System\Jfmdqtw.exe
  C:\Windows\System\Jfmdqtw.exe
  2⤵
  PID:9680
- C:\Windows\System\jFLFBHv.exe
  C:\Windows\System\jFLFBHv.exe
  2⤵
  PID:9752
- C:\Windows\System\eQbybvj.exe
  C:\Windows\System\eQbybvj.exe
  2⤵
  PID:9816
- C:\Windows\System\SxxFbIF.exe
  C:\Windows\System\SxxFbIF.exe
  2⤵
  PID:9876
- C:\Windows\System\KqjaDVS.exe
  C:\Windows\System\KqjaDVS.exe
  2⤵
  PID:9952
- C:\Windows\System\ilrIpcs.exe
  C:\Windows\System\ilrIpcs.exe
  2⤵
  PID:10016
- C:\Windows\System\qXpZnGk.exe
  C:\Windows\System\qXpZnGk.exe
  2⤵
  PID:10076
- C:\Windows\System\LaVtMCy.exe
  C:\Windows\System\LaVtMCy.exe
  2⤵
  PID:10148
- C:\Windows\System\wasOsIM.exe
  C:\Windows\System\wasOsIM.exe
  2⤵
  PID:10216
- C:\Windows\System\cUAJxaG.exe
  C:\Windows\System\cUAJxaG.exe
  2⤵
  PID:9280
- C:\Windows\System\NbClpHZ.exe
  C:\Windows\System\NbClpHZ.exe
  2⤵
  PID:9452
- C:\Windows\System\AuSUjTQ.exe
  C:\Windows\System\AuSUjTQ.exe
  2⤵
  PID:9592
- C:\Windows\System\cwDTvyV.exe
  C:\Windows\System\cwDTvyV.exe
  2⤵
  PID:9736
- C:\Windows\System\EJvxOYv.exe
  C:\Windows\System\EJvxOYv.exe
  2⤵
  PID:9932
- C:\Windows\System\vKlPEEO.exe
  C:\Windows\System\vKlPEEO.exe
  2⤵
  PID:2952
- C:\Windows\System\LTAwnks.exe
  C:\Windows\System\LTAwnks.exe
  2⤵
  PID:10176
- C:\Windows\System\gSneABN.exe
  C:\Windows\System\gSneABN.exe
  2⤵
  PID:9256
- C:\Windows\System\jbKdwvU.exe
  C:\Windows\System\jbKdwvU.exe
  2⤵
  PID:1752
- C:\Windows\System\IeiftBg.exe
  C:\Windows\System\IeiftBg.exe
  2⤵
  PID:9864
- C:\Windows\System\nYjANXO.exe
  C:\Windows\System\nYjANXO.exe
  2⤵
  PID:10132
- C:\Windows\System\kQBkexm.exe
  C:\Windows\System\kQBkexm.exe
  2⤵
  PID:4672
- C:\Windows\System\yPGcgrL.exe
  C:\Windows\System\yPGcgrL.exe
  2⤵
  PID:9536
- C:\Windows\System\ScvooyB.exe
  C:\Windows\System\ScvooyB.exe
  2⤵
  PID:10248
- C:\Windows\System\UclwmGj.exe
  C:\Windows\System\UclwmGj.exe
  2⤵
  PID:10284
- C:\Windows\System\MusTzCN.exe
  C:\Windows\System\MusTzCN.exe
  2⤵
  PID:10304
- C:\Windows\System\sxDonmS.exe
  C:\Windows\System\sxDonmS.exe
  2⤵
  PID:10332
- C:\Windows\System\KHXbWUj.exe
  C:\Windows\System\KHXbWUj.exe
  2⤵
  PID:10360
- C:\Windows\System\QCYQYir.exe
  C:\Windows\System\QCYQYir.exe
  2⤵
  PID:10388
- C:\Windows\System\ikJdMUZ.exe
  C:\Windows\System\ikJdMUZ.exe
  2⤵
  PID:10416
- C:\Windows\System\QCiAecW.exe
  C:\Windows\System\QCiAecW.exe
  2⤵
  PID:10448
- C:\Windows\System\ZgywjDq.exe
  C:\Windows\System\ZgywjDq.exe
  2⤵
  PID:10476
- C:\Windows\System\PQulBTa.exe
  C:\Windows\System\PQulBTa.exe
  2⤵
  PID:10504
- C:\Windows\System\bMDljzt.exe
  C:\Windows\System\bMDljzt.exe
  2⤵
  PID:10532
- C:\Windows\System\EVvsnJc.exe
  C:\Windows\System\EVvsnJc.exe
  2⤵
  PID:10560
- C:\Windows\System\JtNTUjc.exe
  C:\Windows\System\JtNTUjc.exe
  2⤵
  PID:10588
- C:\Windows\System\piJgusv.exe
  C:\Windows\System\piJgusv.exe
  2⤵
  PID:10616
- C:\Windows\System\fgLTzTV.exe
  C:\Windows\System\fgLTzTV.exe
  2⤵
  PID:10644
- C:\Windows\System\YfilyyJ.exe
  C:\Windows\System\YfilyyJ.exe
  2⤵
  PID:10672
- C:\Windows\System\QbDdiai.exe
  C:\Windows\System\QbDdiai.exe
  2⤵
  PID:10700
- C:\Windows\System\AmybtNM.exe
  C:\Windows\System\AmybtNM.exe
  2⤵
  PID:10728
- C:\Windows\System\NBUMyve.exe
  C:\Windows\System\NBUMyve.exe
  2⤵
  PID:10756
- C:\Windows\System\rpmHqAb.exe
  C:\Windows\System\rpmHqAb.exe
  2⤵
  PID:10784
- C:\Windows\System\ZIRLQIQ.exe
  C:\Windows\System\ZIRLQIQ.exe
  2⤵
  PID:10812
- C:\Windows\System\YFLTdFB.exe
  C:\Windows\System\YFLTdFB.exe
  2⤵
  PID:10840
- C:\Windows\System\JdiEAOn.exe
  C:\Windows\System\JdiEAOn.exe
  2⤵
  PID:10868
- C:\Windows\System\Wdcorej.exe
  C:\Windows\System\Wdcorej.exe
  2⤵
  PID:10896
- C:\Windows\System\VmgiUvT.exe
  C:\Windows\System\VmgiUvT.exe
  2⤵
  PID:10924
- C:\Windows\System\MgdoUoa.exe
  C:\Windows\System\MgdoUoa.exe
  2⤵
  PID:10952
- C:\Windows\System\NqLMMla.exe
  C:\Windows\System\NqLMMla.exe
  2⤵
  PID:10980
- C:\Windows\System\ulbBbGz.exe
  C:\Windows\System\ulbBbGz.exe
  2⤵
  PID:11008
- C:\Windows\System\hLzkkTD.exe
  C:\Windows\System\hLzkkTD.exe
  2⤵
  PID:11036
- C:\Windows\System\FBkmmnT.exe
  C:\Windows\System\FBkmmnT.exe
  2⤵
  PID:11064
- C:\Windows\System\wOSKlKi.exe
  C:\Windows\System\wOSKlKi.exe
  2⤵
  PID:11092
- C:\Windows\System\pDBoaxw.exe
  C:\Windows\System\pDBoaxw.exe
  2⤵
  PID:11120
- C:\Windows\System\dRVEHhB.exe
  C:\Windows\System\dRVEHhB.exe
  2⤵
  PID:11148
- C:\Windows\System\LGhoBAq.exe
  C:\Windows\System\LGhoBAq.exe
  2⤵
  PID:11176
- C:\Windows\System\vxgIifU.exe
  C:\Windows\System\vxgIifU.exe
  2⤵
  PID:11204
- C:\Windows\System\yXnSHhD.exe
  C:\Windows\System\yXnSHhD.exe
  2⤵
  PID:11232
- C:\Windows\System\CjUFIOE.exe
  C:\Windows\System\CjUFIOE.exe
  2⤵
  PID:11260
- C:\Windows\System\utyVgVg.exe
  C:\Windows\System\utyVgVg.exe
  2⤵
  PID:10296
- C:\Windows\System\gtFFpFm.exe
  C:\Windows\System\gtFFpFm.exe
  2⤵
  PID:10356
- C:\Windows\System\YlWDhbq.exe
  C:\Windows\System\YlWDhbq.exe
  2⤵
  PID:10428
- C:\Windows\System\LjFIMPg.exe
  C:\Windows\System\LjFIMPg.exe
  2⤵
  PID:10496
- C:\Windows\System\JCdfuPz.exe
  C:\Windows\System\JCdfuPz.exe
  2⤵
  PID:10556
- C:\Windows\System\sMaCupG.exe
  C:\Windows\System\sMaCupG.exe
  2⤵
  PID:10628
- C:\Windows\System\plgYDoU.exe
  C:\Windows\System\plgYDoU.exe
  2⤵
  PID:10684
- C:\Windows\System\PylkJDD.exe
  C:\Windows\System\PylkJDD.exe
  2⤵
  PID:10748
- C:\Windows\System\SWMfiDD.exe
  C:\Windows\System\SWMfiDD.exe
  2⤵
  PID:10808
- C:\Windows\System\zkCcOQd.exe
  C:\Windows\System\zkCcOQd.exe
  2⤵
  PID:10860
- C:\Windows\System\AbnXRTq.exe
  C:\Windows\System\AbnXRTq.exe
  2⤵
  PID:10920
- C:\Windows\System\WdVsMQG.exe
  C:\Windows\System\WdVsMQG.exe
  2⤵
  PID:10972
- C:\Windows\System\GXifTUs.exe
  C:\Windows\System\GXifTUs.exe
  2⤵
  PID:5020
- C:\Windows\System\CItArcU.exe
  C:\Windows\System\CItArcU.exe
  2⤵
  PID:11084
- C:\Windows\System\IhbdfeO.exe
  C:\Windows\System\IhbdfeO.exe
  2⤵
  PID:11132
- C:\Windows\System\BHKQcUn.exe
  C:\Windows\System\BHKQcUn.exe
  2⤵
  PID:11200
- C:\Windows\System\GEYPUrm.exe
  C:\Windows\System\GEYPUrm.exe
  2⤵
  PID:11256
- C:\Windows\System\YrQhZaH.exe
  C:\Windows\System\YrQhZaH.exe
  2⤵
  PID:10384
- C:\Windows\System\meeVdla.exe
  C:\Windows\System\meeVdla.exe
  2⤵
  PID:10544
- C:\Windows\System\eqtqfXO.exe
  C:\Windows\System\eqtqfXO.exe
  2⤵
  PID:10668
- C:\Windows\System\nRaqSio.exe
  C:\Windows\System\nRaqSio.exe
  2⤵
  PID:4652
- C:\Windows\System\anGQLrI.exe
  C:\Windows\System\anGQLrI.exe
  2⤵
  PID:10916
- C:\Windows\System\PlPDOwr.exe
  C:\Windows\System\PlPDOwr.exe
  2⤵
  PID:11048
- C:\Windows\System\IqqUtQk.exe
  C:\Windows\System\IqqUtQk.exe
  2⤵
  PID:11172
- C:\Windows\System\bwfiynE.exe
  C:\Windows\System\bwfiynE.exe
  2⤵
  PID:10352
- C:\Windows\System\XJjDRpO.exe
  C:\Windows\System\XJjDRpO.exe
  2⤵
  PID:10664
- C:\Windows\System\WmThUgc.exe
  C:\Windows\System\WmThUgc.exe
  2⤵
  PID:10964
- C:\Windows\System\ieQxftA.exe
  C:\Windows\System\ieQxftA.exe
  2⤵
  PID:11244
- C:\Windows\System\ianEKCZ.exe
  C:\Windows\System\ianEKCZ.exe
  2⤵
  PID:5084
- C:\Windows\System\TaQMVwq.exe
  C:\Windows\System\TaQMVwq.exe
  2⤵
  PID:10804
- C:\Windows\System\ILmqJlE.exe
  C:\Windows\System\ILmqJlE.exe
  2⤵
  PID:11288
- C:\Windows\System\AQLkSWg.exe
  C:\Windows\System\AQLkSWg.exe
  2⤵
  PID:11308
- C:\Windows\System\mNMCDmP.exe
  C:\Windows\System\mNMCDmP.exe
  2⤵
  PID:11336
- C:\Windows\System\xILxHZe.exe
  C:\Windows\System\xILxHZe.exe
  2⤵
  PID:11364
- C:\Windows\System\vDNCaiP.exe
  C:\Windows\System\vDNCaiP.exe
  2⤵
  PID:11400
- C:\Windows\System\XELTYSp.exe
  C:\Windows\System\XELTYSp.exe
  2⤵
  PID:11420
- C:\Windows\System\KAxiarh.exe
  C:\Windows\System\KAxiarh.exe
  2⤵
  PID:11448
- C:\Windows\System\YZSgKUX.exe
  C:\Windows\System\YZSgKUX.exe
  2⤵
  PID:11476
- C:\Windows\System\wsasAbn.exe
  C:\Windows\System\wsasAbn.exe
  2⤵
  PID:11504
- C:\Windows\System\rZsqYOj.exe
  C:\Windows\System\rZsqYOj.exe
  2⤵
  PID:11532
- C:\Windows\System\xIgBiuW.exe
  C:\Windows\System\xIgBiuW.exe
  2⤵
  PID:11560
- C:\Windows\System\MnTdAZx.exe
  C:\Windows\System\MnTdAZx.exe
  2⤵
  PID:11588
- C:\Windows\System\wRVTNnQ.exe
  C:\Windows\System\wRVTNnQ.exe
  2⤵
  PID:11616
- C:\Windows\System\GIReyAc.exe
  C:\Windows\System\GIReyAc.exe
  2⤵
  PID:11644
- C:\Windows\System\avmwIEn.exe
  C:\Windows\System\avmwIEn.exe
  2⤵
  PID:11672
- C:\Windows\System\PJtPyJP.exe
  C:\Windows\System\PJtPyJP.exe
  2⤵
  PID:11700
- C:\Windows\System\mbhbMzA.exe
  C:\Windows\System\mbhbMzA.exe
  2⤵
  PID:11728
- C:\Windows\System\PYIAaOH.exe
  C:\Windows\System\PYIAaOH.exe
  2⤵
  PID:11756
- C:\Windows\System\kLblgAr.exe
  C:\Windows\System\kLblgAr.exe
  2⤵
  PID:11784
- C:\Windows\System\NlasOWh.exe
  C:\Windows\System\NlasOWh.exe
  2⤵
  PID:11812
- C:\Windows\System\RXgFIlM.exe
  C:\Windows\System\RXgFIlM.exe
  2⤵
  PID:11840
- C:\Windows\System\gHoYVUd.exe
  C:\Windows\System\gHoYVUd.exe
  2⤵
  PID:11856
- C:\Windows\System\IQEOllg.exe
  C:\Windows\System\IQEOllg.exe
  2⤵
  PID:11884
- C:\Windows\System\tDDcxjD.exe
  C:\Windows\System\tDDcxjD.exe
  2⤵
  PID:11920
- C:\Windows\System\EniRUrZ.exe
  C:\Windows\System\EniRUrZ.exe
  2⤵
  PID:11948
- C:\Windows\System\Gywuqlp.exe
  C:\Windows\System\Gywuqlp.exe
  2⤵
  PID:11980
- C:\Windows\System\gDYwzdp.exe
  C:\Windows\System\gDYwzdp.exe
  2⤵
  PID:12040
- C:\Windows\System\nGhKaFJ.exe
  C:\Windows\System\nGhKaFJ.exe
  2⤵
  PID:12068
- C:\Windows\System\YCYEuvm.exe
  C:\Windows\System\YCYEuvm.exe
  2⤵
  PID:12104
- C:\Windows\System\eewrZxz.exe
  C:\Windows\System\eewrZxz.exe
  2⤵
  PID:12132
- C:\Windows\System\PcKEEOT.exe
  C:\Windows\System\PcKEEOT.exe
  2⤵
  PID:12160
- C:\Windows\System\eygBRnf.exe
  C:\Windows\System\eygBRnf.exe
  2⤵
  PID:12188
- C:\Windows\System\iLyshyJ.exe
  C:\Windows\System\iLyshyJ.exe
  2⤵
  PID:12216
- C:\Windows\System\mtvpEai.exe
  C:\Windows\System\mtvpEai.exe
  2⤵
  PID:12244
- C:\Windows\System\bTlhaSC.exe
  C:\Windows\System\bTlhaSC.exe
  2⤵
  PID:12272
- C:\Windows\System\iKyArHz.exe
  C:\Windows\System\iKyArHz.exe
  2⤵
  PID:11296
- C:\Windows\System\jMaClci.exe
  C:\Windows\System\jMaClci.exe
  2⤵
  PID:11356
- C:\Windows\System\NghPBUF.exe
  C:\Windows\System\NghPBUF.exe
  2⤵
  PID:11412
- C:\Windows\System\QBdBUHl.exe
  C:\Windows\System\QBdBUHl.exe
  2⤵
  PID:11472
- C:\Windows\System\OYiPoum.exe
  C:\Windows\System\OYiPoum.exe
  2⤵
  PID:11544
- C:\Windows\System\SPiqSeS.exe
  C:\Windows\System\SPiqSeS.exe
  2⤵
  PID:11608
- C:\Windows\System\iAaYuRz.exe
  C:\Windows\System\iAaYuRz.exe
  2⤵
  PID:11668
- C:\Windows\System\ORDATQn.exe
  C:\Windows\System\ORDATQn.exe
  2⤵
  PID:11740
- C:\Windows\System\uKXTNeL.exe
  C:\Windows\System\uKXTNeL.exe
  2⤵
  PID:11804
- C:\Windows\System\jVdDcFV.exe
  C:\Windows\System\jVdDcFV.exe
  2⤵
  PID:11876
- C:\Windows\System\aVIXnOf.exe
  C:\Windows\System\aVIXnOf.exe
  2⤵
  PID:11940
- C:\Windows\System\PYWOoFf.exe
  C:\Windows\System\PYWOoFf.exe
  2⤵
  PID:12032
- C:\Windows\System\wduTDcT.exe
  C:\Windows\System\wduTDcT.exe
  2⤵
  PID:8488
- C:\Windows\System\eAjECTk.exe
  C:\Windows\System\eAjECTk.exe
  2⤵
  PID:8632
- C:\Windows\System\VvHUKru.exe
  C:\Windows\System\VvHUKru.exe
  2⤵
  PID:12128
- C:\Windows\System\oRHTGyf.exe
  C:\Windows\System\oRHTGyf.exe
  2⤵
  PID:12200
- C:\Windows\System\qDwJWze.exe
  C:\Windows\System\qDwJWze.exe
  2⤵
  PID:12264
- C:\Windows\System\FvnPYYl.exe
  C:\Windows\System\FvnPYYl.exe
  2⤵
  PID:11348
- C:\Windows\System\JFFIIeQ.exe
  C:\Windows\System\JFFIIeQ.exe
  2⤵
  PID:11500
- C:\Windows\System\UMexoqD.exe
  C:\Windows\System\UMexoqD.exe
  2⤵
  PID:11656
- C:\Windows\System\gEIHadE.exe
  C:\Windows\System\gEIHadE.exe
  2⤵
  PID:11796
- C:\Windows\System\aKptBhQ.exe
  C:\Windows\System\aKptBhQ.exe
  2⤵
  PID:11964
- C:\Windows\System\eSMTjRd.exe
  C:\Windows\System\eSMTjRd.exe
  2⤵
  PID:8396
- C:\Windows\System\hrHsQrL.exe
  C:\Windows\System\hrHsQrL.exe
  2⤵
  PID:12184
- C:\Windows\System\KYYPYjz.exe
  C:\Windows\System\KYYPYjz.exe
  2⤵
  PID:3060
- C:\Windows\System\PBRAIfi.exe
  C:\Windows\System\PBRAIfi.exe
  2⤵
  PID:11768
- C:\Windows\System\tHWusQd.exe
  C:\Windows\System\tHWusQd.exe
  2⤵
  PID:8360
- C:\Windows\System\QprCxgW.exe
  C:\Windows\System\QprCxgW.exe
  2⤵
  PID:11572
- C:\Windows\System\SlYCBuu.exe
  C:\Windows\System\SlYCBuu.exe
  2⤵
  PID:11320
- C:\Windows\System\ffQQvcY.exe
  C:\Windows\System\ffQQvcY.exe
  2⤵
  PID:4388
- C:\Windows\System\SCqvZCu.exe
  C:\Windows\System\SCqvZCu.exe
  2⤵
  PID:12312
- C:\Windows\System\wqAfEvk.exe
  C:\Windows\System\wqAfEvk.exe
  2⤵
  PID:12340
- C:\Windows\System\RuyjFAU.exe
  C:\Windows\System\RuyjFAU.exe
  2⤵
  PID:12368
- C:\Windows\System\IkeaQxp.exe
  C:\Windows\System\IkeaQxp.exe
  2⤵
  PID:12396
- C:\Windows\System\gSsrmZT.exe
  C:\Windows\System\gSsrmZT.exe
  2⤵
  PID:12436
- C:\Windows\System\DdjZFyR.exe
  C:\Windows\System\DdjZFyR.exe
  2⤵
  PID:12452
- C:\Windows\System\nMYHuRC.exe
  C:\Windows\System\nMYHuRC.exe
  2⤵
  PID:12480
- C:\Windows\System\TSGUtZV.exe
  C:\Windows\System\TSGUtZV.exe
  2⤵
  PID:12508
- C:\Windows\System\KGyKKsh.exe
  C:\Windows\System\KGyKKsh.exe
  2⤵
  PID:12536
- C:\Windows\System\JELOAYT.exe
  C:\Windows\System\JELOAYT.exe
  2⤵
  PID:12564
- C:\Windows\System\XEZphyK.exe
  C:\Windows\System\XEZphyK.exe
  2⤵
  PID:12592
- C:\Windows\System\ZbGnkei.exe
  C:\Windows\System\ZbGnkei.exe
  2⤵
  PID:12620
- C:\Windows\System\KPSfPrY.exe
  C:\Windows\System\KPSfPrY.exe
  2⤵
  PID:12648
- C:\Windows\System\dRhupeV.exe
  C:\Windows\System\dRhupeV.exe
  2⤵
  PID:12676
- C:\Windows\System\ADGlnsy.exe
  C:\Windows\System\ADGlnsy.exe
  2⤵
  PID:12704
- C:\Windows\System\ArRZUqb.exe
  C:\Windows\System\ArRZUqb.exe
  2⤵
  PID:12732
- C:\Windows\System\OthYIKt.exe
  C:\Windows\System\OthYIKt.exe
  2⤵
  PID:12760
- C:\Windows\System\ffPOhxr.exe
  C:\Windows\System\ffPOhxr.exe
  2⤵
  PID:12800
- C:\Windows\System\ZdFqjxw.exe
  C:\Windows\System\ZdFqjxw.exe
  2⤵
  PID:12820
- C:\Windows\System\ILrEwge.exe
  C:\Windows\System\ILrEwge.exe
  2⤵
  PID:12848
- C:\Windows\System\pTQqWdE.exe
  C:\Windows\System\pTQqWdE.exe
  2⤵
  PID:12876
- C:\Windows\System\uGYfYFa.exe
  C:\Windows\System\uGYfYFa.exe
  2⤵
  PID:12904
- C:\Windows\System\cesNDRn.exe
  C:\Windows\System\cesNDRn.exe
  2⤵
  PID:12932
- C:\Windows\System\ZPmsiZp.exe
  C:\Windows\System\ZPmsiZp.exe
  2⤵
  PID:12964
- C:\Windows\System\MgUKmmH.exe
  C:\Windows\System\MgUKmmH.exe
  2⤵
  PID:12992
- C:\Windows\System\SDoSKHS.exe
  C:\Windows\System\SDoSKHS.exe
  2⤵
  PID:13024
- C:\Windows\System\AXmnyjz.exe
  C:\Windows\System\AXmnyjz.exe
  2⤵
  PID:13052
- C:\Windows\System\TBOmJgA.exe
  C:\Windows\System\TBOmJgA.exe
  2⤵
  PID:13080
- C:\Windows\System\vywqEQf.exe
  C:\Windows\System\vywqEQf.exe
  2⤵
  PID:13104
- C:\Windows\System\BchQvNx.exe
  C:\Windows\System\BchQvNx.exe
  2⤵
  PID:13148
- C:\Windows\System\YSwudgk.exe
  C:\Windows\System\YSwudgk.exe
  2⤵
  PID:13176
- C:\Windows\System\MMBGgvC.exe
  C:\Windows\System\MMBGgvC.exe
  2⤵
  PID:13204
- C:\Windows\System\LzorioE.exe
  C:\Windows\System\LzorioE.exe
  2⤵
  PID:13232
- C:\Windows\System\CLnUpPD.exe
  C:\Windows\System\CLnUpPD.exe
  2⤵
  PID:13260
- C:\Windows\System\UrNxdgM.exe
  C:\Windows\System\UrNxdgM.exe
  2⤵
  PID:13288
- C:\Windows\System\hvMuFDp.exe
  C:\Windows\System\hvMuFDp.exe
  2⤵
  PID:12304
- C:\Windows\System\KjWSkFY.exe
  C:\Windows\System\KjWSkFY.exe
  2⤵
  PID:12364
- C:\Windows\System\ioDxGRy.exe
  C:\Windows\System\ioDxGRy.exe
  2⤵
  PID:12420
- C:\Windows\System\nbjDSsV.exe
  C:\Windows\System\nbjDSsV.exe
  2⤵
  PID:12500
- C:\Windows\System\XcXzGlf.exe
  C:\Windows\System\XcXzGlf.exe
  2⤵
  PID:12560
- C:\Windows\System\ZHNlOjo.exe
  C:\Windows\System\ZHNlOjo.exe
  2⤵
  PID:12632
- C:\Windows\System\RbPppUe.exe
  C:\Windows\System\RbPppUe.exe
  2⤵
  PID:12696
- C:\Windows\System\xxKjLGy.exe
  C:\Windows\System\xxKjLGy.exe
  2⤵
  PID:12756
- C:\Windows\System\fLdBGxM.exe
  C:\Windows\System\fLdBGxM.exe
  2⤵
  PID:12812
- C:\Windows\System\EjMKuFe.exe
  C:\Windows\System\EjMKuFe.exe
  2⤵
  PID:12872
- C:\Windows\System\kOIXesV.exe
  C:\Windows\System\kOIXesV.exe
  2⤵
  PID:12944
- C:\Windows\System\olfVNVH.exe
  C:\Windows\System\olfVNVH.exe
  2⤵
  PID:12984
- C:\Windows\System\cRHnGQM.exe
  C:\Windows\System\cRHnGQM.exe
  2⤵
  PID:13016
- C:\Windows\System\aRnKkAk.exe
  C:\Windows\System\aRnKkAk.exe
  2⤵
  PID:4172
- C:\Windows\System\NQZuVvq.exe
  C:\Windows\System\NQZuVvq.exe
  2⤵
  PID:13000
- C:\Windows\System\NctaPYI.exe
  C:\Windows\System\NctaPYI.exe
  2⤵
  PID:13168
- C:\Windows\System\mYTLVRp.exe
  C:\Windows\System\mYTLVRp.exe
  2⤵
  PID:13228
- C:\Windows\System\aOlGqpw.exe
  C:\Windows\System\aOlGqpw.exe
  2⤵
  PID:13300
- C:\Windows\System\WYvOdFj.exe
  C:\Windows\System\WYvOdFj.exe
  2⤵
  PID:12476
- C:\Windows\System\RjapXgT.exe
  C:\Windows\System\RjapXgT.exe
  2⤵
  PID:12556
- C:\Windows\System\UKCOdrj.exe
  C:\Windows\System\UKCOdrj.exe
  2⤵
  PID:12724
- C:\Windows\System\NbQDpcR.exe
  C:\Windows\System\NbQDpcR.exe
  2⤵
  PID:12860
- C:\Windows\System\jkkaHsp.exe
  C:\Windows\System\jkkaHsp.exe
  2⤵
  PID:12976
- C:\Windows\System\jDexBsL.exe
  C:\Windows\System\jDexBsL.exe
  2⤵
  PID:13096
- C:\Windows\System\lxKxvBc.exe
  C:\Windows\System\lxKxvBc.exe
  2⤵
  PID:13216
- C:\Windows\System\vyDTuIF.exe
  C:\Windows\System\vyDTuIF.exe
  2⤵
  PID:12464
- C:\Windows\System\QIpSuRL.exe
  C:\Windows\System\QIpSuRL.exe
  2⤵
  PID:12796
- C:\Windows\System\TGwrCRI.exe
  C:\Windows\System\TGwrCRI.exe
  2⤵
  PID:13076
- C:\Windows\System\WmbWvzR.exe
  C:\Windows\System\WmbWvzR.exe
  2⤵
  PID:12360
- C:\Windows\System\eYSwTWz.exe
  C:\Windows\System\eYSwTWz.exe
  2⤵
  PID:13112
- C:\Windows\System\lShgVVn.exe
  C:\Windows\System\lShgVVn.exe
  2⤵
  PID:13012
- C:\Windows\System\nvRCPOB.exe
  C:\Windows\System\nvRCPOB.exe
  2⤵
  PID:13348
- C:\Windows\System\JWVrpge.exe
  C:\Windows\System\JWVrpge.exe
  2⤵
  PID:13368
- C:\Windows\System\dvtBOdH.exe
  C:\Windows\System\dvtBOdH.exe
  2⤵
  PID:13396
- C:\Windows\System\IruJUch.exe
  C:\Windows\System\IruJUch.exe
  2⤵
  PID:13424
- C:\Windows\System\ehrhzbn.exe
  C:\Windows\System\ehrhzbn.exe
  2⤵
  PID:13452
- C:\Windows\System\lqyHUcd.exe
  C:\Windows\System\lqyHUcd.exe
  2⤵
  PID:13480
- C:\Windows\System\ivKkIpj.exe
  C:\Windows\System\ivKkIpj.exe
  2⤵
  PID:13508
- C:\Windows\System\bPeDanz.exe
  C:\Windows\System\bPeDanz.exe
  2⤵
  PID:13536
- C:\Windows\System\fVxaACT.exe
  C:\Windows\System\fVxaACT.exe
  2⤵
  PID:13564
- C:\Windows\System\kStIpEV.exe
  C:\Windows\System\kStIpEV.exe
  2⤵
  PID:13592
- C:\Windows\System\eNYIJCp.exe
  C:\Windows\System\eNYIJCp.exe
  2⤵
  PID:13620
- C:\Windows\System\FwCCeXk.exe
  C:\Windows\System\FwCCeXk.exe
  2⤵
  PID:13648
- C:\Windows\System\UjHbNbU.exe
  C:\Windows\System\UjHbNbU.exe
  2⤵
  PID:13676
- C:\Windows\System\xOZopmA.exe
  C:\Windows\System\xOZopmA.exe
  2⤵
  PID:13704
- C:\Windows\System\OanxBpg.exe
  C:\Windows\System\OanxBpg.exe
  2⤵
  PID:13732
- C:\Windows\System\atIzjSd.exe
  C:\Windows\System\atIzjSd.exe
  2⤵
  PID:13760
- C:\Windows\System\jKJCnDu.exe
  C:\Windows\System\jKJCnDu.exe
  2⤵
  PID:13788
- C:\Windows\System\FTwoHtT.exe
  C:\Windows\System\FTwoHtT.exe
  2⤵
  PID:13816
- C:\Windows\System\CSgkALJ.exe
  C:\Windows\System\CSgkALJ.exe
  2⤵
  PID:13844
- C:\Windows\System\dczRzvj.exe
  C:\Windows\System\dczRzvj.exe
  2⤵
  PID:13872
- C:\Windows\System\TdodXoB.exe
  C:\Windows\System\TdodXoB.exe
  2⤵
  PID:13916
- C:\Windows\System\laubIHn.exe
  C:\Windows\System\laubIHn.exe
  2⤵
  PID:13932
- C:\Windows\System\IkVrCNm.exe
  C:\Windows\System\IkVrCNm.exe
  2⤵
  PID:13968
- C:\Windows\System\UqNsiWF.exe
  C:\Windows\System\UqNsiWF.exe
  2⤵
  PID:13988
- C:\Windows\System\ZcuKNrO.exe
  C:\Windows\System\ZcuKNrO.exe
  2⤵
  PID:14016
- C:\Windows\System\gOJRsAN.exe
  C:\Windows\System\gOJRsAN.exe
  2⤵
  PID:14044
- C:\Windows\System\uBUEtBK.exe
  C:\Windows\System\uBUEtBK.exe
  2⤵
  PID:14072
- C:\Windows\System\LDrrkQe.exe
  C:\Windows\System\LDrrkQe.exe
  2⤵
  PID:14100
- C:\Windows\System\VcQTOSv.exe
  C:\Windows\System\VcQTOSv.exe
  2⤵
  PID:14128
- C:\Windows\System\Ctorctt.exe
  C:\Windows\System\Ctorctt.exe
  2⤵
  PID:14156
- C:\Windows\System\uxfmAcV.exe
  C:\Windows\System\uxfmAcV.exe
  2⤵
  PID:14184
- C:\Windows\System\oHyXpBd.exe
  C:\Windows\System\oHyXpBd.exe
  2⤵
  PID:14212
- C:\Windows\System\sSmvGfm.exe
  C:\Windows\System\sSmvGfm.exe
  2⤵
  PID:14240
- C:\Windows\System\vXwIwsl.exe
  C:\Windows\System\vXwIwsl.exe
  2⤵
  PID:14268
- C:\Windows\System\pBbxYQZ.exe
  C:\Windows\System\pBbxYQZ.exe
  2⤵
  PID:14296
- C:\Windows\System\YgnCiKk.exe
  C:\Windows\System\YgnCiKk.exe
  2⤵
  PID:14324
- C:\Windows\System\rgPjiSB.exe
  C:\Windows\System\rgPjiSB.exe
  2⤵
  PID:13336
- C:\Windows\System\ugZYrYi.exe
  C:\Windows\System\ugZYrYi.exe
  2⤵
  PID:1132
- C:\Windows\System\CLyXpag.exe
  C:\Windows\System\CLyXpag.exe
  2⤵
  PID:13448
- C:\Windows\System\zjWBsWe.exe
  C:\Windows\System\zjWBsWe.exe
  2⤵
  PID:13500
- C:\Windows\System\uQjJUFE.exe
  C:\Windows\System\uQjJUFE.exe
  2⤵
  PID:13584
- C:\Windows\System\kfDZDxe.exe
  C:\Windows\System\kfDZDxe.exe
  2⤵
  PID:13660
- C:\Windows\System\ZhDwfVT.exe
  C:\Windows\System\ZhDwfVT.exe
  2⤵
  PID:13724
- C:\Windows\System\TBkaKig.exe
  C:\Windows\System\TBkaKig.exe
  2⤵
  PID:13784
- C:\Windows\System\MXJiHTV.exe
  C:\Windows\System\MXJiHTV.exe
  2⤵
  PID:13856
- C:\Windows\System\htHZwCL.exe
  C:\Windows\System\htHZwCL.exe
  2⤵
  PID:13896
- C:\Windows\System\duhuohj.exe
  C:\Windows\System\duhuohj.exe
  2⤵
  PID:13980
- C:\Windows\System\KWAVCMr.exe
  C:\Windows\System\KWAVCMr.exe
  2⤵
  PID:14040
- C:\Windows\System\FZtAujm.exe
  C:\Windows\System\FZtAujm.exe
  2⤵
  PID:14112
- C:\Windows\System\DiRQaWR.exe
  C:\Windows\System\DiRQaWR.exe
  2⤵
  PID:1800
- C:\Windows\System\vytTlaD.exe
  C:\Windows\System\vytTlaD.exe
  2⤵
  PID:14152
- C:\Windows\System\uAzxWvf.exe
  C:\Windows\System\uAzxWvf.exe
  2⤵
  PID:14224
- C:\Windows\System\tYpzFDQ.exe
  C:\Windows\System\tYpzFDQ.exe
  2⤵
  PID:14292
- C:\Windows\System\WQgTvVZ.exe
  C:\Windows\System\WQgTvVZ.exe
  2⤵
  PID:13332
- C:\Windows\System\JpLmiDq.exe
  C:\Windows\System\JpLmiDq.exe
  2⤵
  PID:13476
- C:\Windows\System\wQwjLqF.exe
  C:\Windows\System\wQwjLqF.exe
  2⤵
  PID:13604
- C:\Windows\System\BqzdecE.exe
  C:\Windows\System\BqzdecE.exe
  2⤵
  PID:13772
- C:\Windows\System\kmNDUCl.exe
  C:\Windows\System\kmNDUCl.exe
  2⤵
  PID:13892
- C:\Windows\System\oMpvJBq.exe
  C:\Windows\System\oMpvJBq.exe
  2⤵
  PID:13976
- C:\Windows\System\dAiLfZB.exe
  C:\Windows\System\dAiLfZB.exe
  2⤵
  PID:14068
- C:\Windows\System\wJJfQpo.exe
  C:\Windows\System\wJJfQpo.exe
  2⤵
  PID:232
- C:\Windows\System\LAibgkJ.exe
  C:\Windows\System\LAibgkJ.exe
  2⤵
  PID:14280
- C:\Windows\System\bfECEkt.exe
  C:\Windows\System\bfECEkt.exe
  2⤵
  PID:708
- C:\Windows\System\VBhdoPR.exe
  C:\Windows\System\VBhdoPR.exe
  2⤵
  PID:13840
- C:\Windows\System\NupnzLX.exe
  C:\Windows\System\NupnzLX.exe
  2⤵
  PID:14036
- C:\Windows\System\EoeZmcw.exe
  C:\Windows\System\EoeZmcw.exe
  2⤵
  PID:4244
- C:\Windows\System\QuWcKBl.exe
  C:\Windows\System\QuWcKBl.exe
  2⤵
  PID:14008
- C:\Windows\System\HVLIvUh.exe
  C:\Windows\System\HVLIvUh.exe
  2⤵
  PID:13956
- C:\Windows\System\AmVfeaT.exe
  C:\Windows\System\AmVfeaT.exe
  2⤵
  PID:14352
- C:\Windows\System\qBuKfsf.exe
  C:\Windows\System\qBuKfsf.exe
  2⤵
  PID:14380
- C:\Windows\System\PlordMK.exe
  C:\Windows\System\PlordMK.exe
  2⤵
  PID:14408
- C:\Windows\System\VlarWPY.exe
  C:\Windows\System\VlarWPY.exe
  2⤵
  PID:14436
- C:\Windows\System\VrPJeQT.exe
  C:\Windows\System\VrPJeQT.exe
  2⤵
  PID:14464
- C:\Windows\System\HufWuoc.exe
  C:\Windows\System\HufWuoc.exe
  2⤵
  PID:14492
- C:\Windows\System\lKiMMqh.exe
  C:\Windows\System\lKiMMqh.exe
  2⤵
  PID:14520
- C:\Windows\System\CvhoxqW.exe
  C:\Windows\System\CvhoxqW.exe
  2⤵
  PID:14548
- C:\Windows\System\kvEEULE.exe
  C:\Windows\System\kvEEULE.exe
  2⤵
  PID:14576
- C:\Windows\System\GDpiTms.exe
  C:\Windows\System\GDpiTms.exe
  2⤵
  PID:14604
- C:\Windows\System\Hdojlnb.exe
  C:\Windows\System\Hdojlnb.exe
  2⤵
  PID:14636
- C:\Windows\System\onFLubt.exe
  C:\Windows\System\onFLubt.exe
  2⤵
  PID:14664
- C:\Windows\System\JYwMafF.exe
  C:\Windows\System\JYwMafF.exe
  2⤵
  PID:14696
- C:\Windows\System\XbLehQl.exe
  C:\Windows\System\XbLehQl.exe
  2⤵
  PID:14724
- C:\Windows\System\DTwtwyp.exe
  C:\Windows\System\DTwtwyp.exe
  2⤵
  PID:14776
- C:\Windows\System\BugAJoR.exe
  C:\Windows\System\BugAJoR.exe
  2⤵
  PID:14792
- C:\Windows\System\UGBgvUJ.exe
  C:\Windows\System\UGBgvUJ.exe
  2⤵
  PID:14820
- C:\Windows\System\EwCusOT.exe
  C:\Windows\System\EwCusOT.exe
  2⤵
  PID:14848
- C:\Windows\System\cwVCoWw.exe
  C:\Windows\System\cwVCoWw.exe
  2⤵
  PID:14876
- C:\Windows\System\cDhdXui.exe
  C:\Windows\System\cDhdXui.exe
  2⤵
  PID:14912
- C:\Windows\System\biUGHCl.exe
  C:\Windows\System\biUGHCl.exe
  2⤵
  PID:14944
- C:\Windows\System\OWHSZen.exe
  C:\Windows\System\OWHSZen.exe
  2⤵
  PID:14976
- C:\Windows\System\Jabuiam.exe
  C:\Windows\System\Jabuiam.exe
  2⤵
  PID:14996
- C:\Windows\System\CQaHdYA.exe
  C:\Windows\System\CQaHdYA.exe
  2⤵
  PID:15024
- C:\Windows\System\pBVjRUQ.exe
  C:\Windows\System\pBVjRUQ.exe
  2⤵
  PID:15048
- C:\Windows\System\QorgtbK.exe
  C:\Windows\System\QorgtbK.exe
  2⤵
  PID:15100
- C:\Windows\System\JJNPJIH.exe
  C:\Windows\System\JJNPJIH.exe
  2⤵
  PID:15124
- C:\Windows\System\qlAdmQm.exe
  C:\Windows\System\qlAdmQm.exe
  2⤵
  PID:15216
- C:\Windows\System\ZgVfytT.exe
  C:\Windows\System\ZgVfytT.exe
  2⤵
  PID:15252
- C:\Windows\System\ewHDCIc.exe
  C:\Windows\System\ewHDCIc.exe
  2⤵
  PID:15268
- C:\Windows\System\caILpKY.exe
  C:\Windows\System\caILpKY.exe
  2⤵
  PID:15284
- C:\Windows\System\btiVSKC.exe
  C:\Windows\System\btiVSKC.exe
  2⤵
  PID:15300
- C:\Windows\System\nbQfDFA.exe
  C:\Windows\System\nbQfDFA.exe
  2⤵
  PID:15356
- C:\Windows\System\FCrZhID.exe
  C:\Windows\System\FCrZhID.exe
  2⤵
  PID:14476
- C:\Windows\System\UjVwgUt.exe
  C:\Windows\System\UjVwgUt.exe
  2⤵
  PID:14544
- C:\Windows\System\AWBFkkJ.exe
  C:\Windows\System\AWBFkkJ.exe
  2⤵
  PID:2088
- C:\Windows\System\UxiFQPr.exe
  C:\Windows\System\UxiFQPr.exe
  2⤵
  PID:2448
- C:\Windows\System\aLIPriB.exe
  C:\Windows\System\aLIPriB.exe
  2⤵
  PID:6092
- C:\Windows\System\yBTStJq.exe
  C:\Windows\System\yBTStJq.exe
  2⤵
  PID:14672
- C:\Windows\System\GZanNjr.exe
  C:\Windows\System\GZanNjr.exe
  2⤵
  PID:14832
- C:\Windows\System\PvKoLxG.exe
  C:\Windows\System\PvKoLxG.exe
  2⤵
  PID:992
- C:\Windows\System\QAHHuJD.exe
  C:\Windows\System\QAHHuJD.exe
  2⤵
  PID:4820
- C:\Windows\System\BBBXwsS.exe
  C:\Windows\System\BBBXwsS.exe
  2⤵
  PID:4868
- C:\Windows\System\dHjPDaW.exe
  C:\Windows\System\dHjPDaW.exe
  2⤵
  PID:14988
- C:\Windows\System\ybjpNId.exe
  C:\Windows\System\ybjpNId.exe
  2⤵
  PID:5060
- C:\Windows\System\uJJvyds.exe
  C:\Windows\System\uJJvyds.exe
  2⤵
  PID:15068
- C:\Windows\System\eAlRFvn.exe
  C:\Windows\System\eAlRFvn.exe
  2⤵
  PID:15096
- C:\Windows\System\mtRRdDX.exe
  C:\Windows\System\mtRRdDX.exe
  2⤵
  PID:14960
- C:\Windows\System\UdTRYHs.exe
  C:\Windows\System\UdTRYHs.exe
  2⤵
  PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DWxYNUY.exe

Filesize
6.1MB

MD5
f8a7059a143894de0de656197842c9fe

SHA1
8373687f4ef4d69dc922cf9b22c0e67edef244b7

SHA256
aece83261bad6e3f605113e304db1ed258dab3d448d8fc7ff2cb60b376276f12

SHA512
25ce17da0753fa7052727f2b0b31810faca6dc43420853c81106500c381b61758fda892b8b03bf28270709505da50bf7295e8b7849b714b59abb8d5e807e5962

Download Submit
C:\Windows\System\HhOafqc.exe

Filesize
6.1MB

MD5
099f620e56e197c8d1b7b14c3b2a4a8e

SHA1
5374ba9c43c0f12c38152521a3c76a11562dc87d

SHA256
1a16edbd95bcf798c0c30f97d2412beab7035d4840560cc77cf0cbd29beee492

SHA512
bdcfed079cc823c62332cb7cdc1c7dde7e3a748cccb6ae1f7391f9314a2214aace0000a0f3a1ceb10fc47ac191ff0d2f4590b033b4f2cd219522453255d2090e

Download Submit
C:\Windows\System\KhtKbYe.exe

Filesize
6.1MB

MD5
14141118a47f02d72a13112fa2f3ac53

SHA1
579b8bc1cd4fbe0b989a8080a8518d2b33afb494

SHA256
6ca40af8d2c9eebca6ff169aa13fd7b3e10bbe4eb528d9a27a6d68d81edbb35c

SHA512
d3f30c687dbdf915c725fcc24dbc9c17b2d5cedbb275b6aec37a8cad9cf37cc23efe352f6c1aae6e0707c61a481dddc424c45f8f054f5097d806670e6ee028a9

Download Submit
C:\Windows\System\NVPeRPt.exe

Filesize
6.1MB

MD5
b13bc36eaea1068cb14ab06fbfb048d2

SHA1
8f25bcd22e3801dda2984e8e57d6a5174dadbe4e

SHA256
9e0f282b71ed8955f90c19bb1b904a55d7701c7405f3ef9dc4cba16edfa49fec

SHA512
2e7eb73f677f9b92b5feb0c5871cbf435e48ada1b3b0c1b9968b1238b009962ec25afdbb69af09b632a8dbcfdb85dfd02f4f85cb25d768628f3baa9ac14afe23

Download Submit
C:\Windows\System\OpZHLLR.exe

Filesize
6.1MB

MD5
354a0dcb9b05f93a87cc2d59f327ccf4

SHA1
3847227ef154e59d60bd5c12b30a8970d2b0a044

SHA256
203041de47254a0a07e5877a23f073cc97dce0db401fc48cb8bc761b6c3763f0

SHA512
418828ec7f0914b590ecdd1b9792b87e1b911112f9fe03b6572336f1b92db53bfa875a89531416d546a02047478d66f0faddb3b40c70f7eecaff258bd409b8ad

Download Submit
C:\Windows\System\SujVznH.exe

Filesize
6.1MB

MD5
ba2a7dd16430000372f9c30740ea1e4c

SHA1
5670871852ae0e09aa129089820f2fb1fc1eb160

SHA256
5dee5d512c081fb00e58679941899a774ab354ca6a088bda828f6e6fd6549b95

SHA512
0c713c204fd7f201f3a3e8279c5855e144c7a05b7c3156598f626b3081025b0232548407ffca629edd18bcc3c567238ded265e422f2ebdb92883f9c02a5a14ff

Download Submit
C:\Windows\System\UWpiyPF.exe

Filesize
6.1MB

MD5
f2c5b2c678fd577d93898361ae8389bf

SHA1
6665d054b37151585d32ff80f027fe331f4ee36b

SHA256
5f17c25db9683a865402cd258776a810dfdbdacbdf6beb5b09e2865cf85c04a6

SHA512
e1ecdc41072baf2ece6f6e8bfcd66439481a9cbe2989a3660228852a364cf0df952e709b1fd4e9c9d9afd5cab1862e8aa6bd82f38e5d7845c7695c4ea88b3d25

Download Submit
C:\Windows\System\VzzNpvp.exe

Filesize
6.1MB

MD5
cd857f9154a3963456d76b95cfbfeb2a

SHA1
8e562fec8f085fe178c3cae981b2af6f727a768d

SHA256
090d201ff89ddc035b834ecf72a905d2a7a52542ca1c3008ed2288881f39de48

SHA512
fb181be0340975950d4fd2784b631c81e555aa717076755937b5b5e9c9b6f06b0fe1f5baf0df19dff9f800bc54dc023083785ef8eb840fc3dc38cbfdfb365072

Download Submit
C:\Windows\System\WmQXreS.exe

Filesize
6.1MB

MD5
9809a92cceeae845154a3123a715b318

SHA1
a889808e08eca9a034642f59542cba5f4b607e8f

SHA256
668ef1a8b205ab8bb63358e7b45798f2aa9904a06d6b6a2c1014eb2a277a16b6

SHA512
05594c6397b6f82dbaf23e5167e33f726875029ce66a8a1f65c46e6765c87203486ae74fcde45e8270982b0fad610f6fc721241cf7db45392045d101134cc5b0

Download Submit
C:\Windows\System\WoFSseB.exe

Filesize
6.1MB

MD5
aff524d96acddba5e86079b01ac7ebce

SHA1
39955b34b8b463059ccea9b740fd1d8eef090bba

SHA256
f91c4e4f9531c2c8d48ebb8e79891c8ba8af5e3d4ba7754b4b13b0a05b70f185

SHA512
e5dbb3b9bf8adb9eeb61f6ac67ebe4605617b327399ecfe200aba808286f7c8142722e037c078e16d95300b4145304d583b4f233589fb80f25e7535e44ea4277

Download Submit
C:\Windows\System\XLOQtOy.exe

Filesize
6.1MB

MD5
ebdd5a44d3b523a94cf431eab3c67322

SHA1
5e0ebd063f9f19d969a1a23890663f6e5386c9c6

SHA256
f5f63297a0e489f4582c1837e875ff64434781c363f7c38e918f7a980616a5c1

SHA512
aa3376cafff57ffbb83ff24e25b280fcf57790f5c00d2d4f5b4d1019e66aba009fe6d47da292225457b33a74c94d112c9b4419cb2dcf9acff7508fbabf2b29a9

Download Submit
C:\Windows\System\XdNYVrb.exe

Filesize
6.1MB

MD5
82beb268148580dbdb6a437978d0b668

SHA1
09aec368e89d8066eba966846d937a6521d9d4ed

SHA256
305a0d6c0ae29cdf82e0aaf759f4e072c1b5787aba3b69bda096ad3fe1d6fa92

SHA512
a52afb07d17dd36c030562ef0f5b7d6c70175b74004a2c33d5ef5a9a876852ad5577015f6705e11982df0c44e9b0526a404d0098df0a817cdedef39e25678fe7

Download Submit
C:\Windows\System\XotYSTS.exe

Filesize
6.1MB

MD5
c6e95a614655bff775a2f3a9d29b7f97

SHA1
b03df876aa352c4cf96bdbc4f8dcffb32cdbbd75

SHA256
080fa96bddd11f701de4ce392358ee6417689f37717aeb198ec8d030a3bda859

SHA512
437aa64cc930fdcc36c696cef33a52552babf7dd2c6ceb6e866b5c60bd8462f9e7a11c3e58cbee28e89fa1da12a51ebfa57fef6fde3be3dac10c3f08cd0d387e

Download Submit
C:\Windows\System\YAMoQVj.exe

Filesize
6.1MB

MD5
62e4360da10b0c7ec3a20f810ab47bc2

SHA1
4ebbd7823182205c53df97c005f76b2432d3e2af

SHA256
56c6d3e6b2c4b5f4e6fea32efc4b8df8e98fb68c043d3738ffc8201621be1fcd

SHA512
6cdbafd79104aab5e0776d3c1ed32f1792d053968e567eeb576ddf23fdf25739f75465ffc1006fa24e432fede9f68cbcd432137c759b662b9a8da26121cfff9e

Download Submit
C:\Windows\System\ZrVwOer.exe

Filesize
6.1MB

MD5
aee3c626d5db0af173c8a99e02b8ddca

SHA1
b2f3c4d2d573daeb5bf1b0c01f42f32f7d1e088d

SHA256
aef06d767590a9f09ff5723eeb325c031010c3a276c6105e0a0fb5a43cfd67a3

SHA512
eb544f88eb5ea174b263f74dbf97120060b9346b8c10c4f62122b9f4da472b3b6c536300ca81b13cec9733db9a58e566e3a34cd60ac1240441f0e39d3c843bbd

Download Submit
C:\Windows\System\bQstmcs.exe

Filesize
6.1MB

MD5
e70e93bdf6e6ca140c0225b632f76bbc

SHA1
db59e60ca6063c05459327cac270a6a3dff52ea9

SHA256
7c1ff155f08d8d087170632b99e078549f2ef3fdac7146e9c57ee5a17cf6d7f8

SHA512
b575c8c7538492f9bbc7fb950799675afd52a009fb67998726ab15faa225b9c4d5c55636282a87fb0219cdb2adbca3a5f1a87682a2dcfccee7f561d9bb806cc7

Download Submit
C:\Windows\System\cApwVBZ.exe

Filesize
6.1MB

MD5
246ce8ea4f18532e885895065cf1bf11

SHA1
d18f585e2f8d37142980f3809b36a3bd06d20fb0

SHA256
4e01d6a07fdfd0e63d7b8c1be8864bd43379af8b19cdb1911588ee9f6f929754

SHA512
9effcfea4f50f843cedd3ee6edf2781e0ef2175fe183933c452437f22d72256a3f52a9aa7f8e5299227fcd7d4cb105df640368b25cfb4aeee5cd3c94d5d788e5

Download Submit
C:\Windows\System\dSpvMSB.exe

Filesize
6.1MB

MD5
57452b11e2f037b82224fac1b110fb39

SHA1
74394f1a5ecd427d58dbfd6b4368b518174ccfab

SHA256
36368b7faeca0d8fd8834f02bc2f83a3312c761c4e0ea0cc3f0c86c82b7b6a2f

SHA512
45a8a6f2eacbfe52379382aa8cb0f5cbd35f4b9f6c45ee798bac54fe26d67217618e507ad71354d1d3f1d0f9b94b0f9478ea3bb07cf6c5c83bdd5ca367072a13

Download Submit
C:\Windows\System\euBsosK.exe

Filesize
6.1MB

MD5
69bf81dce25b149d14c7deb00e08f55c

SHA1
f77bb882d604f2641fbaf2bd3b43b0f85f4fdc08

SHA256
e44471525d8ea586db018337e26bf66da9d3df819e855c1942c80cba1332988d

SHA512
9850986c2a9517c131332e02c2d9f3886afba81c24ffe64e4976fb1e5d78e7ee846dbd2419f29b1c33c3f3f7b456e45b806b50cef9240181234f49abb6594447

Download Submit
C:\Windows\System\gOkCMem.exe

Filesize
6.1MB

MD5
cf6eb038691c122d1eacb1c0e89e4d88

SHA1
b2ae0cf92aa4d75b1ad5e9a889f5643ad620db19

SHA256
a7223441e9fa363dc2260b1c97909ea4b2a60cfc0d01516b494eec496e11a186

SHA512
51c27fe3d140a62426f86c3136e3c4d27815c85a15b8416c32fcb3bd9069671c74423b1b4cf49cc2030076fb7fc9f42976101abc92d6670393c5c8da87988dcf

Download Submit
C:\Windows\System\hXMlxQq.exe

Filesize
6.1MB

MD5
07ab8327d5f2f4adc3dd74c68efd519e

SHA1
0d60ecbb6c92b26c634edd42d6256259de34ac46

SHA256
fe5e7c7c2f1fc3aec4d3b576bb13c555d38f206dd30abb6a0eb10c51bb61bfd0

SHA512
efc6d7aa99d6064add89311249b13324c9739cd02de0d3412610f5db3b082c7d66eb47ae4cc558a08838e4febe95fc26bd637640b602c51299eff9383de226b0

Download Submit
C:\Windows\System\iUViSwc.exe

Filesize
6.1MB

MD5
26dd9bc15029eeb3830606b087014ea2

SHA1
9379818be9db0a8c21ab1645a7fa94162cf9d288

SHA256
da14721bc2be88dbd31c200dd52c09a959ca550b0d4662741fed37ccf025e5cf

SHA512
86e0ec7429d732dd819efe4a3423cc7484c3d5a84eb790337a57b842a599eb533f338d9fbf08cbb55b54d46fdbec10c4cc0052fb34784ecb4a3d342583cb6a1a

Download Submit
C:\Windows\System\jfarOpQ.exe

Filesize
6.1MB

MD5
ca536032bb194f2e4319989b3e290254

SHA1
abd92f6fa36608b2bb6740113eb923e04db6670f

SHA256
38c65256ae791c70896471eccd848a03b5e7d24b4395c3e8a142d3df454b526b

SHA512
d2af13ad6060922ee0e52312bfd9df996ee1b295235f1ea574265e7c8123259169b80001e1b10627fa69d8d63c855868d83c2e581f1ddc7deaf0862a827ad052

Download Submit
C:\Windows\System\jipXxYF.exe

Filesize
6.1MB

MD5
ff60735eb496353004182bf5d9597f6c

SHA1
67c0c409a581cbe0f1cb0f0b9d71528ddde9e943

SHA256
28a94368a5c33e1b717239a555c76698cb4bfd2cea8311d0759433fbee93b8e7

SHA512
bc31d23feacbc55a6b055cf198c88c1594fa09576bc3f307ae7882da1ef869a8010ea3c468d2a053d52f92f60a0ac04efb76c56ce47a3bff21d58c23a98350c8

Download Submit
C:\Windows\System\kpLFZeN.exe

Filesize
6.1MB

MD5
03b427fb321146c500493dcdfcb79579

SHA1
8f2a182dbbc5463ff7c68856734ca28af61d1b57

SHA256
5fd13bbe74229c32e0c831fbbde592bc040eac074ed0ec46a7dc78bcc1f868e3

SHA512
793faf68b209b27952a55a2b197c1d5499b14955c6bca69195e5b946985c96236a06b6c06be1fcc846286db5735faff708ea8fedb6ed45d186d763a310248d5d

Download Submit
C:\Windows\System\kumdGfd.exe

Filesize
6.1MB

MD5
b06126eb3d34a9bc9ac2f641bdf0e9aa

SHA1
605953ff04cfff5a3f241869c4b9d7a55f8aefdd

SHA256
6f1921f425ce7b7fb4e7cc7d7b82e4da39b75aff071865c09c6f6211c47e6410

SHA512
0464a32e7e5ed854b243d42e1cc5737b42b7d805c9002e14267f36dee8e044772b222ec009162f910ef3d2ce55495f1a80bfb80dcf68445b101dfb1e763d0672

Download Submit
C:\Windows\System\sUZGbCC.exe

Filesize
6.1MB

MD5
b2078893d6672c2482fde3b9f0ae7672

SHA1
58c9c7d07c34b78dd0205c0b89a41c8b7fdfe000

SHA256
4c10fb035e55f5dc4bacf37569ecb243ce8d2f12de0c88f6edce9a407fec54b9

SHA512
a1b3630826da9c4d058a8acc09efde6ac7d6e3b626182ecf2726d3cb4f0bcf85cf10c9e1fb8605ef153a728a58d848379c50ef7ea70f913a0f5a695dd4141100

Download Submit
C:\Windows\System\soOFQdS.exe

Filesize
6.1MB

MD5
d47d1cc94f52993777bc8de506dd9e59

SHA1
551bd88527efab746ca212b7cb10a8e931d02f82

SHA256
65482fda2ab4281c2dc5c471c6691e031ae37681e6fc4e73c643ad165d26449e

SHA512
0004632cf3b414ec94560594a12f404ca7d7fdc257ee04eb1dabcbf7ab8d9a77e00592194168e59454fae12e692ae36113a27673f9a3b7badd2e876bbf62ddd7

Download Submit
C:\Windows\System\uhxpoFQ.exe

Filesize
6.1MB

MD5
40f5fc4953cd25d522e665b8183e641a

SHA1
ad6fc5aab3f392925b667ee8a5d0d25a8811f4fe

SHA256
207f3b783d67d80f2d5bff9e5a220e2b4486ae0d50bf63860b7e62b11aee1af8

SHA512
0fdd113afec25e31f74fd2148ca2821bd1e98de0939351d7fd5c2567f9c11f729560395fdf449e2bb8eb071c5d56e3de86ff0f381754ccfe361ae81604f10ef1

Download Submit
C:\Windows\System\vJVcHcd.exe

Filesize
6.1MB

MD5
69455c30efdf9f5e1bcee5ec4e1b4358

SHA1
0d1ac9beed7e462c92326591a9ad2205539e4a7f

SHA256
9feea0a450ef99a7aa1869d88715a87c84276b78c7d10eabc9c781d90bc4a3fa

SHA512
615a13025efefe567e8b019f10cb83b66cab43a46278bfb6322a4f6fffe39d1b007d2362066cd9f5ed6b2bf89fa7a39073f5f6dee52210715e57c78658900e51

Download Submit
C:\Windows\System\yyyTvWG.exe

Filesize
6.1MB

MD5
eb5e21c6f8bd6932b4ee67fe3537abc4

SHA1
fe17d448d1d590056c4378067e165fd212b844cb

SHA256
0c58192b014f130c39fc100bb30dc32d5370b01b8b6c8376c6066cc2bcbf5bff

SHA512
336ef2e9ff0201057175e071e61709aa954068619c4e904c1150e019da0aa9d15b2e8276b0ed034adbf1ee3215d27810eae1aa5709acd14d28582d6e3a0b8559

Download Submit
C:\Windows\System\zLAFjsv.exe

Filesize
6.1MB

MD5
66deb6780999a341d19df373ee71dc51

SHA1
d3a87fd9aef050954bc678636de24dc477c1503a

SHA256
2681ae39a3e441d0e89e2d598db8a0f10b54864cde6f280f7b67afcceb5cb273

SHA512
c602432a295fb7fa8530ace56aa04a89db2c74ec01d13c6bc55f18272a3f9ef85a51bcdfd53a333af52f93011194bbfa20faf9956e1e34a8e98f9e9cd02c642a

Download Submit
C:\Windows\System\zahbykX.exe

Filesize
6.1MB

MD5
8d14d76e646d54240d4ee62eef3c82b8

SHA1
604b57d26022a08e3cfbdc3ae6604f26ca459846

SHA256
c6f4744571127968265168af75a38929ce788ef88f641c23be1747e9b5b32248

SHA512
2c3a475a1cae76c6ff5963409d9858617d9515f2e58fd14f6d85d2f6dc336bba276856e4c3f94fdc0e513f492c3e730d344ceb1885611e9dc101144cc621030c

Download Submit
memory/392-563-0x00007FF672D50000-0x00007FF6730A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-189-0x00007FF672D50000-0x00007FF6730A4000-memory.dmp

Filesize
3.3MB

Download
memory/392-2326-0x00007FF672D50000-0x00007FF6730A4000-memory.dmp

Filesize
3.3MB

Download
memory/508-2005-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp

Filesize
3.3MB

Download
memory/508-42-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp

Filesize
3.3MB

Download
memory/508-108-0x00007FF60E9E0000-0x00007FF60ED34000-memory.dmp

Filesize
3.3MB

Download
memory/788-117-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp

Filesize
3.3MB

Download
memory/788-2166-0x00007FF6A0F70000-0x00007FF6A12C4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-1762-0x00007FF7451E0000-0x00007FF745534000-memory.dmp

Filesize
3.3MB

Download
memory/1188-21-0x00007FF7451E0000-0x00007FF745534000-memory.dmp

Filesize
3.3MB

Download
memory/1188-69-0x00007FF7451E0000-0x00007FF745534000-memory.dmp

Filesize
3.3MB

Download
memory/1304-15-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp

Filesize
3.3MB

Download
memory/1304-1757-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp

Filesize
3.3MB

Download
memory/1304-62-0x00007FF7E6710000-0x00007FF7E6A64000-memory.dmp

Filesize
3.3MB

Download
memory/1416-2324-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp

Filesize
3.3MB

Download
memory/1416-172-0x00007FF6EADE0000-0x00007FF6EB134000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2165-0x00007FF607620000-0x00007FF607974000-memory.dmp

Filesize
3.3MB

Download
memory/1704-179-0x00007FF607620000-0x00007FF607974000-memory.dmp

Filesize
3.3MB

Download
memory/1704-104-0x00007FF607620000-0x00007FF607974000-memory.dmp

Filesize
3.3MB

Download
memory/2196-51-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp

Filesize
3.3MB

Download
memory/2196-0-0x00007FF6D28B0000-0x00007FF6D2C04000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1-0x0000023A508E0000-0x0000023A508F0000-memory.dmp

Filesize
64KB

Download
memory/2380-689-0x00007FF634C30000-0x00007FF634F84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2327-0x00007FF634C30000-0x00007FF634F84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-191-0x00007FF634C30000-0x00007FF634F84000-memory.dmp

Filesize
3.3MB

Download
memory/2520-225-0x00007FF6D9EF0000-0x00007FF6DA244000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2192-0x00007FF6D9EF0000-0x00007FF6DA244000-memory.dmp

Filesize
3.3MB

Download
memory/2520-144-0x00007FF6D9EF0000-0x00007FF6DA244000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2325-0x00007FF701FF0000-0x00007FF702344000-memory.dmp

Filesize
3.3MB

Download
memory/2548-183-0x00007FF701FF0000-0x00007FF702344000-memory.dmp

Filesize
3.3MB

Download
memory/2616-70-0x00007FF736370000-0x00007FF7366C4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1772-0x00007FF736370000-0x00007FF7366C4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-27-0x00007FF736370000-0x00007FF7366C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-132-0x00007FF67B6C0000-0x00007FF67BA14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2191-0x00007FF67B6C0000-0x00007FF67BA14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-194-0x00007FF67B6C0000-0x00007FF67BA14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-57-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1740-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-8-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-228-0x00007FF791B60000-0x00007FF791EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-149-0x00007FF791B60000-0x00007FF791EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2190-0x00007FF791B60000-0x00007FF791EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-50-0x00007FF7141D0000-0x00007FF714524000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2011-0x00007FF7141D0000-0x00007FF714524000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2194-0x00007FF688A80000-0x00007FF688DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3172-156-0x00007FF688A80000-0x00007FF688DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3344-2126-0x00007FF721B50000-0x00007FF721EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3344-58-0x00007FF721B50000-0x00007FF721EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3796-381-0x00007FF76ABD0000-0x00007FF76AF24000-memory.dmp

Filesize
3.3MB

Download
memory/3796-162-0x00007FF76ABD0000-0x00007FF76AF24000-memory.dmp

Filesize
3.3MB

Download
memory/4160-32-0x00007FF667DC0000-0x00007FF668114000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1773-0x00007FF667DC0000-0x00007FF668114000-memory.dmp

Filesize
3.3MB

Download
memory/4160-85-0x00007FF667DC0000-0x00007FF668114000-memory.dmp

Filesize
3.3MB

Download
memory/4488-230-0x00007FF7132D0000-0x00007FF713624000-memory.dmp

Filesize
3.3MB

Download
memory/4488-150-0x00007FF7132D0000-0x00007FF713624000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2196-0x00007FF7132D0000-0x00007FF713624000-memory.dmp

Filesize
3.3MB

Download
memory/4704-63-0x00007FF630970000-0x00007FF630CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2132-0x00007FF630970000-0x00007FF630CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-141-0x00007FF630970000-0x00007FF630CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-155-0x00007FF7771E0000-0x00007FF777534000-memory.dmp

Filesize
3.3MB

Download
memory/4796-71-0x00007FF7771E0000-0x00007FF777534000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2140-0x00007FF7771E0000-0x00007FF777534000-memory.dmp

Filesize
3.3MB

Download
memory/4832-190-0x00007FF6A39A0000-0x00007FF6A3CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-120-0x00007FF6A39A0000-0x00007FF6A3CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2177-0x00007FF6A39A0000-0x00007FF6A3CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4952-175-0x00007FF645BE0000-0x00007FF645F34000-memory.dmp

Filesize
3.3MB

Download
memory/4952-119-0x00007FF645BE0000-0x00007FF645F34000-memory.dmp

Filesize
3.3MB

Download
memory/4952-2178-0x00007FF645BE0000-0x00007FF645F34000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2144-0x00007FF720790000-0x00007FF720AE4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-77-0x00007FF720790000-0x00007FF720AE4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-159-0x00007FF720790000-0x00007FF720AE4000-memory.dmp

Filesize
3.3MB

Download
memory/5200-93-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp

Filesize
3.3MB

Download
memory/5200-36-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp

Filesize
3.3MB

Download
memory/5200-1776-0x00007FF6B7090000-0x00007FF6B73E4000-memory.dmp

Filesize
3.3MB

Download
memory/5596-2173-0x00007FF71CD30000-0x00007FF71D084000-memory.dmp

Filesize
3.3MB

Download
memory/5596-100-0x00007FF71CD30000-0x00007FF71D084000-memory.dmp

Filesize
3.3MB

Download
memory/5596-171-0x00007FF71CD30000-0x00007FF71D084000-memory.dmp

Filesize
3.3MB

Download
memory/5744-2160-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/5744-167-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/5744-96-0x00007FF76B760000-0x00007FF76BAB4000-memory.dmp

Filesize
3.3MB

Download
memory/6060-161-0x00007FF7B57C0000-0x00007FF7B5B14000-memory.dmp

Filesize
3.3MB

Download
memory/6060-2157-0x00007FF7B57C0000-0x00007FF7B5B14000-memory.dmp

Filesize
3.3MB

Download
memory/6060-86-0x00007FF7B57C0000-0x00007FF7B5B14000-memory.dmp

Filesize
3.3MB

Download