cobaltstrike | 869ba85a6ca0a1b904c3961f2b2d2d7dda1448c4c62598c5b2654888f304b42f

Analysis

max time kernel
115s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-01-2025 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

01581275668b1d9a0293cb8cf222bb1e
SHA1

92bf66f58233f03d9de435288d268ef22d87ce8e
SHA256

869ba85a6ca0a1b904c3961f2b2d2d7dda1448c4c62598c5b2654888f304b42f
SHA512

54330a39c89621c64172d14ac65060814b80e8bc679f8da230c799b29aac5801c221278c5ce532d0b8a505585b38d27eef2afc6e27d5620965c0c6f240b61ac0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b92-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9a-16.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-23.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9d-36.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9e-41.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9f-46.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bae-61.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb7-66.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbc-72.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-55.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc4-105.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc7-114.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc8-119.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bca-132.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bf9-144.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bc9-131.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bc2-102.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbe-94.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c05-207.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1f-209.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1e-205.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c1d-202.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c17-200.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c04-197.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c03-195.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfe-186.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfd-176.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfc-161.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfb-167.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bfa-155.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bbd-86.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b96-80.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/440-0-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b92-5.dat	xmrig
behavioral2/memory/3968-8-0x00007FF6EE7C0000-0x00007FF6EEB14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b99-10.dat	xmrig
behavioral2/files/0x000a000000023b9a-16.dat	xmrig
behavioral2/memory/3272-20-0x00007FF72E500000-0x00007FF72E854000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9b-23.dat	xmrig
behavioral2/memory/2200-24-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9d-36.dat	xmrig
behavioral2/files/0x000b000000023b9e-41.dat	xmrig
behavioral2/files/0x000b000000023b9f-46.dat	xmrig
behavioral2/files/0x000e000000023bae-61.dat	xmrig
behavioral2/files/0x0008000000023bb7-66.dat	xmrig
behavioral2/files/0x0009000000023bbc-72.dat	xmrig
behavioral2/memory/4088-73-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp	xmrig
behavioral2/memory/212-74-0x00007FF7450C0000-0x00007FF745414000-memory.dmp	xmrig
behavioral2/memory/3936-69-0x00007FF769550000-0x00007FF7698A4000-memory.dmp	xmrig
behavioral2/memory/2444-65-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp	xmrig
behavioral2/memory/440-59-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba7-55.dat	xmrig
behavioral2/memory/4436-54-0x00007FF752340000-0x00007FF752694000-memory.dmp	xmrig
behavioral2/memory/2392-52-0x00007FF791270000-0x00007FF7915C4000-memory.dmp	xmrig
behavioral2/memory/992-82-0x00007FF74C100000-0x00007FF74C454000-memory.dmp	xmrig
behavioral2/memory/536-90-0x00007FF612EC0000-0x00007FF613214000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bc4-105.dat	xmrig
behavioral2/files/0x0008000000023bc7-114.dat	xmrig
behavioral2/memory/2392-116-0x00007FF791270000-0x00007FF7915C4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bc8-119.dat	xmrig
behavioral2/memory/3668-128-0x00007FF7B6260000-0x00007FF7B65B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bca-132.dat	xmrig
behavioral2/memory/212-139-0x00007FF7450C0000-0x00007FF745414000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bf9-144.dat	xmrig
behavioral2/memory/812-143-0x00007FF69CFF0000-0x00007FF69D344000-memory.dmp	xmrig
behavioral2/memory/2780-138-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	xmrig
behavioral2/memory/3936-134-0x00007FF769550000-0x00007FF7698A4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bc9-131.dat	xmrig
behavioral2/memory/1820-129-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	xmrig
behavioral2/memory/2444-124-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp	xmrig
behavioral2/memory/4436-123-0x00007FF752340000-0x00007FF752694000-memory.dmp	xmrig
behavioral2/memory/2680-117-0x00007FF7240E0000-0x00007FF724434000-memory.dmp	xmrig
behavioral2/memory/4264-108-0x00007FF6B3340000-0x00007FF6B3694000-memory.dmp	xmrig
behavioral2/memory/2664-107-0x00007FF605E10000-0x00007FF606164000-memory.dmp	xmrig
behavioral2/files/0x000e000000023bc2-102.dat	xmrig
behavioral2/memory/3220-101-0x00007FF69DB80000-0x00007FF69DED4000-memory.dmp	xmrig
behavioral2/memory/4700-97-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp	xmrig
behavioral2/memory/4268-96-0x00007FF758B20000-0x00007FF758E74000-memory.dmp	xmrig
behavioral2/files/0x0009000000023bbe-94.dat	xmrig
behavioral2/memory/2200-89-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp	xmrig
behavioral2/memory/1820-191-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c05-207.dat	xmrig
behavioral2/files/0x0008000000023c1f-209.dat	xmrig
behavioral2/files/0x0008000000023c1e-205.dat	xmrig
behavioral2/memory/2780-204-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c1d-202.dat	xmrig
behavioral2/files/0x0008000000023c17-200.dat	xmrig
behavioral2/files/0x0008000000023c04-197.dat	xmrig
behavioral2/files/0x0008000000023c03-195.dat	xmrig
behavioral2/memory/436-194-0x00007FF707180000-0x00007FF7074D4000-memory.dmp	xmrig
behavioral2/memory/2272-182-0x00007FF75EFA0000-0x00007FF75F2F4000-memory.dmp	xmrig
behavioral2/memory/4876-181-0x00007FF7FDDB0000-0x00007FF7FE104000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bfe-186.dat	xmrig
behavioral2/files/0x0008000000023bfd-176.dat	xmrig
behavioral2/memory/4432-173-0x00007FF6AB1C0000-0x00007FF6AB514000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bfc-161.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3968	vNOoRPJ.exe
4088	IqihhOu.exe
3272	wnrQHNe.exe
2200	DSCMIwo.exe
4268	KoIzpXB.exe
2336	wgWDFeJ.exe
2664	iLfsCYt.exe
2392	ZEFypbw.exe
4436	CUywRRo.exe
2444	IFdxbFd.exe
3936	zMeKgkm.exe
212	cfWhgFM.exe
992	ybLRBug.exe
536	nbDwLer.exe
4700	puCseSs.exe
3220	OxnXEni.exe
4264	TjeuKta.exe
2680	CRlEWrI.exe
3668	kWVYAne.exe
1820	yBQhlMb.exe
2780	tkLHJFX.exe
812	InVVDsB.exe
1500	NKgaHzX.exe
1876	LkivehP.exe
1332	bOASfkn.exe
4432	PhGRybH.exe
4876	ZQsVupx.exe
2272	sOxmrPg.exe
436	lxBWktB.exe
3156	qzZiZtq.exe
4108	KauNcWm.exe
4684	pvcfjtN.exe
2624	NnSyOEW.exe
4180	ARvmvrj.exe
2184	nkcyYHA.exe
3128	qubLhvx.exe
1772	bZCupMQ.exe
720	NDMYdZM.exe
2836	xvVIzmg.exe
1176	XRhJHpW.exe
2876	OnsCBGP.exe
4112	KMYvKQU.exe
4184	cbzkyNK.exe
1320	ylSzLWB.exe
3696	ZAqzhRa.exe
2312	nOoybsp.exe
3732	pgsfQrE.exe
4988	zFUDkNt.exe
3104	zXwLJHv.exe
4920	AimxGoj.exe
3636	uVqnpjm.exe
3872	VVTUqid.exe
2292	azSuZvu.exe
4460	zcVOJQE.exe
2432	hcOvZTV.exe
2092	nvlvTgY.exe
1496	eWAFRJK.exe
2584	fAdKsVg.exe
1264	dzFufSU.exe
8	VUjuFcJ.exe
2684	jQEkTJt.exe
2552	PFBDxWD.exe
2832	DLZsMYd.exe
2316	qseTynE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/440-0-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp	upx
behavioral2/files/0x000c000000023b92-5.dat	upx
behavioral2/memory/3968-8-0x00007FF6EE7C0000-0x00007FF6EEB14000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-10.dat	upx
behavioral2/files/0x000a000000023b9a-16.dat	upx
behavioral2/memory/3272-20-0x00007FF72E500000-0x00007FF72E854000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-23.dat	upx
behavioral2/memory/2200-24-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp	upx
behavioral2/files/0x000b000000023b9d-36.dat	upx
behavioral2/files/0x000b000000023b9e-41.dat	upx
behavioral2/files/0x000b000000023b9f-46.dat	upx
behavioral2/files/0x000e000000023bae-61.dat	upx
behavioral2/files/0x0008000000023bb7-66.dat	upx
behavioral2/files/0x0009000000023bbc-72.dat	upx
behavioral2/memory/4088-73-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp	upx
behavioral2/memory/212-74-0x00007FF7450C0000-0x00007FF745414000-memory.dmp	upx
behavioral2/memory/3936-69-0x00007FF769550000-0x00007FF7698A4000-memory.dmp	upx
behavioral2/memory/2444-65-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp	upx
behavioral2/memory/440-59-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-55.dat	upx
behavioral2/memory/4436-54-0x00007FF752340000-0x00007FF752694000-memory.dmp	upx
behavioral2/memory/2392-52-0x00007FF791270000-0x00007FF7915C4000-memory.dmp	upx
behavioral2/memory/992-82-0x00007FF74C100000-0x00007FF74C454000-memory.dmp	upx
behavioral2/memory/536-90-0x00007FF612EC0000-0x00007FF613214000-memory.dmp	upx
behavioral2/files/0x0008000000023bc4-105.dat	upx
behavioral2/files/0x0008000000023bc7-114.dat	upx
behavioral2/memory/2392-116-0x00007FF791270000-0x00007FF7915C4000-memory.dmp	upx
behavioral2/files/0x0008000000023bc8-119.dat	upx
behavioral2/memory/3668-128-0x00007FF7B6260000-0x00007FF7B65B4000-memory.dmp	upx
behavioral2/files/0x0008000000023bca-132.dat	upx
behavioral2/memory/212-139-0x00007FF7450C0000-0x00007FF745414000-memory.dmp	upx
behavioral2/files/0x0008000000023bf9-144.dat	upx
behavioral2/memory/812-143-0x00007FF69CFF0000-0x00007FF69D344000-memory.dmp	upx
behavioral2/memory/2780-138-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	upx
behavioral2/memory/3936-134-0x00007FF769550000-0x00007FF7698A4000-memory.dmp	upx
behavioral2/files/0x0008000000023bc9-131.dat	upx
behavioral2/memory/1820-129-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	upx
behavioral2/memory/2444-124-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp	upx
behavioral2/memory/4436-123-0x00007FF752340000-0x00007FF752694000-memory.dmp	upx
behavioral2/memory/2680-117-0x00007FF7240E0000-0x00007FF724434000-memory.dmp	upx
behavioral2/memory/4264-108-0x00007FF6B3340000-0x00007FF6B3694000-memory.dmp	upx
behavioral2/memory/2664-107-0x00007FF605E10000-0x00007FF606164000-memory.dmp	upx
behavioral2/files/0x000e000000023bc2-102.dat	upx
behavioral2/memory/3220-101-0x00007FF69DB80000-0x00007FF69DED4000-memory.dmp	upx
behavioral2/memory/4700-97-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp	upx
behavioral2/memory/4268-96-0x00007FF758B20000-0x00007FF758E74000-memory.dmp	upx
behavioral2/files/0x0009000000023bbe-94.dat	upx
behavioral2/memory/2200-89-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp	upx
behavioral2/memory/1820-191-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	upx
behavioral2/files/0x0008000000023c05-207.dat	upx
behavioral2/files/0x0008000000023c1f-209.dat	upx
behavioral2/files/0x0008000000023c1e-205.dat	upx
behavioral2/memory/2780-204-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	upx
behavioral2/files/0x0008000000023c1d-202.dat	upx
behavioral2/files/0x0008000000023c17-200.dat	upx
behavioral2/files/0x0008000000023c04-197.dat	upx
behavioral2/files/0x0008000000023c03-195.dat	upx
behavioral2/memory/436-194-0x00007FF707180000-0x00007FF7074D4000-memory.dmp	upx
behavioral2/memory/2272-182-0x00007FF75EFA0000-0x00007FF75F2F4000-memory.dmp	upx
behavioral2/memory/4876-181-0x00007FF7FDDB0000-0x00007FF7FE104000-memory.dmp	upx
behavioral2/files/0x0008000000023bfe-186.dat	upx
behavioral2/files/0x0008000000023bfd-176.dat	upx
behavioral2/memory/4432-173-0x00007FF6AB1C0000-0x00007FF6AB514000-memory.dmp	upx
behavioral2/files/0x0008000000023bfc-161.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cfWhgFM.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyuWRLx.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fipwZeQ.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zckLyPB.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgaOMat.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkarFIX.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXXEieN.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVTUqid.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdmcfjZ.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuIhhXi.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onbFEnK.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjeuKta.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coOCgmE.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFakhDB.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsSUnmd.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSfljYN.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIkwxNl.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CubrFvD.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbajYpC.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEvBWfI.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdsYUKQ.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmaXoXr.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loTkqSK.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLjQvTO.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPHVlZh.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIVNMlI.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZGGRWT.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSNFiCW.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFzHJNc.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuUnOCf.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBUfMIk.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhAMgHi.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ensgvNE.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xanrAAo.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXdtvsI.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgsfQrE.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gukaIMe.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAJjCaD.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbpCrTX.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAoOHZr.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBKkoaj.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deHOxUn.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTTXBjY.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQsVupx.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLFhlSS.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqnKyrJ.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzOuKFE.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WowtKXK.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTwbMuy.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDGYFxa.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsqcZlL.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcHUjWr.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lisqyFC.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auNYMpc.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOMZrLa.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIQJqXs.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMiSwme.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkIwNlg.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeDykww.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvYwekY.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WywRHPF.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbgnTxr.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmHaKoJ.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdPEFwh.exe	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15308	dwm.exe
Token: SeChangeNotifyPrivilege	15308	dwm.exe
Token: 33	15308	dwm.exe
Token: SeIncBasePriorityPrivilege	15308	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 3968	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 440 wrote to memory of 3968	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 440 wrote to memory of 4088	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 440 wrote to memory of 4088	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 440 wrote to memory of 3272	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 440 wrote to memory of 3272	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 440 wrote to memory of 2200	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 440 wrote to memory of 2200	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 440 wrote to memory of 4268	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 440 wrote to memory of 4268	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 440 wrote to memory of 2336	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 440 wrote to memory of 2336	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 440 wrote to memory of 2664	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 440 wrote to memory of 2664	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 440 wrote to memory of 2392	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 440 wrote to memory of 2392	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 440 wrote to memory of 4436	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 440 wrote to memory of 4436	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 440 wrote to memory of 2444	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 440 wrote to memory of 2444	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 440 wrote to memory of 3936	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 440 wrote to memory of 3936	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 440 wrote to memory of 212	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 440 wrote to memory of 212	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 440 wrote to memory of 992	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 440 wrote to memory of 992	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 440 wrote to memory of 536	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 440 wrote to memory of 536	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 440 wrote to memory of 4700	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 440 wrote to memory of 4700	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 440 wrote to memory of 3220	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 440 wrote to memory of 3220	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 440 wrote to memory of 4264	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 440 wrote to memory of 4264	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 440 wrote to memory of 2680	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 440 wrote to memory of 2680	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 440 wrote to memory of 3668	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 440 wrote to memory of 3668	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 440 wrote to memory of 1820	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 440 wrote to memory of 1820	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 440 wrote to memory of 2780	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 440 wrote to memory of 2780	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 440 wrote to memory of 812	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 440 wrote to memory of 812	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 440 wrote to memory of 1500	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 440 wrote to memory of 1500	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 440 wrote to memory of 1876	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 440 wrote to memory of 1876	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 440 wrote to memory of 1332	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 440 wrote to memory of 1332	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 440 wrote to memory of 4432	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 440 wrote to memory of 4432	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 440 wrote to memory of 4876	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 440 wrote to memory of 4876	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 440 wrote to memory of 2272	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 440 wrote to memory of 2272	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 440 wrote to memory of 436	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 440 wrote to memory of 436	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 440 wrote to memory of 3156	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 440 wrote to memory of 3156	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 440 wrote to memory of 4108	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 440 wrote to memory of 4108	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 440 wrote to memory of 4684	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 440 wrote to memory of 4684	440	2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_01581275668b1d9a0293cb8cf222bb1e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:440
- C:\Windows\System\vNOoRPJ.exe
  C:\Windows\System\vNOoRPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\IqihhOu.exe
  C:\Windows\System\IqihhOu.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\wnrQHNe.exe
  C:\Windows\System\wnrQHNe.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\DSCMIwo.exe
  C:\Windows\System\DSCMIwo.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\KoIzpXB.exe
  C:\Windows\System\KoIzpXB.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\wgWDFeJ.exe
  C:\Windows\System\wgWDFeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\iLfsCYt.exe
  C:\Windows\System\iLfsCYt.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZEFypbw.exe
  C:\Windows\System\ZEFypbw.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\CUywRRo.exe
  C:\Windows\System\CUywRRo.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\IFdxbFd.exe
  C:\Windows\System\IFdxbFd.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\zMeKgkm.exe
  C:\Windows\System\zMeKgkm.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\cfWhgFM.exe
  C:\Windows\System\cfWhgFM.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\ybLRBug.exe
  C:\Windows\System\ybLRBug.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\nbDwLer.exe
  C:\Windows\System\nbDwLer.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\puCseSs.exe
  C:\Windows\System\puCseSs.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\OxnXEni.exe
  C:\Windows\System\OxnXEni.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\TjeuKta.exe
  C:\Windows\System\TjeuKta.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\CRlEWrI.exe
  C:\Windows\System\CRlEWrI.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\kWVYAne.exe
  C:\Windows\System\kWVYAne.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\yBQhlMb.exe
  C:\Windows\System\yBQhlMb.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\tkLHJFX.exe
  C:\Windows\System\tkLHJFX.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\InVVDsB.exe
  C:\Windows\System\InVVDsB.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\NKgaHzX.exe
  C:\Windows\System\NKgaHzX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\LkivehP.exe
  C:\Windows\System\LkivehP.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\bOASfkn.exe
  C:\Windows\System\bOASfkn.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\PhGRybH.exe
  C:\Windows\System\PhGRybH.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\ZQsVupx.exe
  C:\Windows\System\ZQsVupx.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\sOxmrPg.exe
  C:\Windows\System\sOxmrPg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\lxBWktB.exe
  C:\Windows\System\lxBWktB.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\qzZiZtq.exe
  C:\Windows\System\qzZiZtq.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\KauNcWm.exe
  C:\Windows\System\KauNcWm.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\pvcfjtN.exe
  C:\Windows\System\pvcfjtN.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\NnSyOEW.exe
  C:\Windows\System\NnSyOEW.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ARvmvrj.exe
  C:\Windows\System\ARvmvrj.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\nkcyYHA.exe
  C:\Windows\System\nkcyYHA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\qubLhvx.exe
  C:\Windows\System\qubLhvx.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\bZCupMQ.exe
  C:\Windows\System\bZCupMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\NDMYdZM.exe
  C:\Windows\System\NDMYdZM.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\xvVIzmg.exe
  C:\Windows\System\xvVIzmg.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XRhJHpW.exe
  C:\Windows\System\XRhJHpW.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\OnsCBGP.exe
  C:\Windows\System\OnsCBGP.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\KMYvKQU.exe
  C:\Windows\System\KMYvKQU.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\cbzkyNK.exe
  C:\Windows\System\cbzkyNK.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\ylSzLWB.exe
  C:\Windows\System\ylSzLWB.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ZAqzhRa.exe
  C:\Windows\System\ZAqzhRa.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\nOoybsp.exe
  C:\Windows\System\nOoybsp.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pgsfQrE.exe
  C:\Windows\System\pgsfQrE.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\zFUDkNt.exe
  C:\Windows\System\zFUDkNt.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\zXwLJHv.exe
  C:\Windows\System\zXwLJHv.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\AimxGoj.exe
  C:\Windows\System\AimxGoj.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\uVqnpjm.exe
  C:\Windows\System\uVqnpjm.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\VVTUqid.exe
  C:\Windows\System\VVTUqid.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\azSuZvu.exe
  C:\Windows\System\azSuZvu.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\zcVOJQE.exe
  C:\Windows\System\zcVOJQE.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\hcOvZTV.exe
  C:\Windows\System\hcOvZTV.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\nvlvTgY.exe
  C:\Windows\System\nvlvTgY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\eWAFRJK.exe
  C:\Windows\System\eWAFRJK.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\fAdKsVg.exe
  C:\Windows\System\fAdKsVg.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\dzFufSU.exe
  C:\Windows\System\dzFufSU.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\VUjuFcJ.exe
  C:\Windows\System\VUjuFcJ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\jQEkTJt.exe
  C:\Windows\System\jQEkTJt.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\PFBDxWD.exe
  C:\Windows\System\PFBDxWD.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\DLZsMYd.exe
  C:\Windows\System\DLZsMYd.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\qseTynE.exe
  C:\Windows\System\qseTynE.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\MHnjRhL.exe
  C:\Windows\System\MHnjRhL.exe
  2⤵
  PID:4372
- C:\Windows\System\RsUNjys.exe
  C:\Windows\System\RsUNjys.exe
  2⤵
  PID:5072
- C:\Windows\System\ndJOnMn.exe
  C:\Windows\System\ndJOnMn.exe
  2⤵
  PID:2564
- C:\Windows\System\vMUpkbm.exe
  C:\Windows\System\vMUpkbm.exe
  2⤵
  PID:2228
- C:\Windows\System\QagqdvK.exe
  C:\Windows\System\QagqdvK.exe
  2⤵
  PID:1208
- C:\Windows\System\XXGqqon.exe
  C:\Windows\System\XXGqqon.exe
  2⤵
  PID:1356
- C:\Windows\System\daDztnT.exe
  C:\Windows\System\daDztnT.exe
  2⤵
  PID:4532
- C:\Windows\System\RtbkNzE.exe
  C:\Windows\System\RtbkNzE.exe
  2⤵
  PID:4172
- C:\Windows\System\FUXEDdo.exe
  C:\Windows\System\FUXEDdo.exe
  2⤵
  PID:4528
- C:\Windows\System\ONFsziE.exe
  C:\Windows\System\ONFsziE.exe
  2⤵
  PID:4652
- C:\Windows\System\hAXLkcH.exe
  C:\Windows\System\hAXLkcH.exe
  2⤵
  PID:2580
- C:\Windows\System\sbBMLSK.exe
  C:\Windows\System\sbBMLSK.exe
  2⤵
  PID:3060
- C:\Windows\System\meerfWO.exe
  C:\Windows\System\meerfWO.exe
  2⤵
  PID:1384
- C:\Windows\System\iciIdsu.exe
  C:\Windows\System\iciIdsu.exe
  2⤵
  PID:60
- C:\Windows\System\Aursdhm.exe
  C:\Windows\System\Aursdhm.exe
  2⤵
  PID:1756
- C:\Windows\System\TeOmyeO.exe
  C:\Windows\System\TeOmyeO.exe
  2⤵
  PID:2736
- C:\Windows\System\izAZwQS.exe
  C:\Windows\System\izAZwQS.exe
  2⤵
  PID:3564
- C:\Windows\System\tQpXuat.exe
  C:\Windows\System\tQpXuat.exe
  2⤵
  PID:2972
- C:\Windows\System\ArHftjK.exe
  C:\Windows\System\ArHftjK.exe
  2⤵
  PID:2696
- C:\Windows\System\zLFhlSS.exe
  C:\Windows\System\zLFhlSS.exe
  2⤵
  PID:3112
- C:\Windows\System\kOMZrLa.exe
  C:\Windows\System\kOMZrLa.exe
  2⤵
  PID:4356
- C:\Windows\System\pkLxzGF.exe
  C:\Windows\System\pkLxzGF.exe
  2⤵
  PID:1392
- C:\Windows\System\DoWoyww.exe
  C:\Windows\System\DoWoyww.exe
  2⤵
  PID:556
- C:\Windows\System\QWukFpi.exe
  C:\Windows\System\QWukFpi.exe
  2⤵
  PID:4724
- C:\Windows\System\RmTHUlx.exe
  C:\Windows\System\RmTHUlx.exe
  2⤵
  PID:4904
- C:\Windows\System\pzVduYB.exe
  C:\Windows\System\pzVduYB.exe
  2⤵
  PID:208
- C:\Windows\System\bCfCmWN.exe
  C:\Windows\System\bCfCmWN.exe
  2⤵
  PID:4456
- C:\Windows\System\rgOOGSo.exe
  C:\Windows\System\rgOOGSo.exe
  2⤵
  PID:4480
- C:\Windows\System\oQxyuRZ.exe
  C:\Windows\System\oQxyuRZ.exe
  2⤵
  PID:3824
- C:\Windows\System\QoFnGlj.exe
  C:\Windows\System\QoFnGlj.exe
  2⤵
  PID:3528
- C:\Windows\System\ucZSequ.exe
  C:\Windows\System\ucZSequ.exe
  2⤵
  PID:3084
- C:\Windows\System\kvkUarH.exe
  C:\Windows\System\kvkUarH.exe
  2⤵
  PID:2248
- C:\Windows\System\AATnhZJ.exe
  C:\Windows\System\AATnhZJ.exe
  2⤵
  PID:1444
- C:\Windows\System\XbGSwfz.exe
  C:\Windows\System\XbGSwfz.exe
  2⤵
  PID:2468
- C:\Windows\System\JODdgHO.exe
  C:\Windows\System\JODdgHO.exe
  2⤵
  PID:1072
- C:\Windows\System\dyFoQPF.exe
  C:\Windows\System\dyFoQPF.exe
  2⤵
  PID:3768
- C:\Windows\System\GdmcfjZ.exe
  C:\Windows\System\GdmcfjZ.exe
  2⤵
  PID:1472
- C:\Windows\System\KdEmcGr.exe
  C:\Windows\System\KdEmcGr.exe
  2⤵
  PID:5096
- C:\Windows\System\knoFXvG.exe
  C:\Windows\System\knoFXvG.exe
  2⤵
  PID:2672
- C:\Windows\System\eWQTPuS.exe
  C:\Windows\System\eWQTPuS.exe
  2⤵
  PID:5136
- C:\Windows\System\RoWjXYe.exe
  C:\Windows\System\RoWjXYe.exe
  2⤵
  PID:5156
- C:\Windows\System\xLjQvTO.exe
  C:\Windows\System\xLjQvTO.exe
  2⤵
  PID:5188
- C:\Windows\System\DxfCbws.exe
  C:\Windows\System\DxfCbws.exe
  2⤵
  PID:5220
- C:\Windows\System\eVbEHVK.exe
  C:\Windows\System\eVbEHVK.exe
  2⤵
  PID:5244
- C:\Windows\System\JnWIkii.exe
  C:\Windows\System\JnWIkii.exe
  2⤵
  PID:5268
- C:\Windows\System\zoZTBIk.exe
  C:\Windows\System\zoZTBIk.exe
  2⤵
  PID:5300
- C:\Windows\System\qvpKKhv.exe
  C:\Windows\System\qvpKKhv.exe
  2⤵
  PID:5332
- C:\Windows\System\lEaPrLJ.exe
  C:\Windows\System\lEaPrLJ.exe
  2⤵
  PID:5356
- C:\Windows\System\MCzJGhE.exe
  C:\Windows\System\MCzJGhE.exe
  2⤵
  PID:5384
- C:\Windows\System\hJLkWIW.exe
  C:\Windows\System\hJLkWIW.exe
  2⤵
  PID:5404
- C:\Windows\System\RPKfeQh.exe
  C:\Windows\System\RPKfeQh.exe
  2⤵
  PID:5444
- C:\Windows\System\TRAcVIV.exe
  C:\Windows\System\TRAcVIV.exe
  2⤵
  PID:5472
- C:\Windows\System\iGPWgUx.exe
  C:\Windows\System\iGPWgUx.exe
  2⤵
  PID:5488
- C:\Windows\System\xcTxvpt.exe
  C:\Windows\System\xcTxvpt.exe
  2⤵
  PID:5528
- C:\Windows\System\PPHVlZh.exe
  C:\Windows\System\PPHVlZh.exe
  2⤵
  PID:5560
- C:\Windows\System\kcakFUq.exe
  C:\Windows\System\kcakFUq.exe
  2⤵
  PID:5588
- C:\Windows\System\HHkELYQ.exe
  C:\Windows\System\HHkELYQ.exe
  2⤵
  PID:5612
- C:\Windows\System\GAooFgS.exe
  C:\Windows\System\GAooFgS.exe
  2⤵
  PID:5652
- C:\Windows\System\sHkNBJR.exe
  C:\Windows\System\sHkNBJR.exe
  2⤵
  PID:5684
- C:\Windows\System\rvKkpgJ.exe
  C:\Windows\System\rvKkpgJ.exe
  2⤵
  PID:5716
- C:\Windows\System\JPRYpJj.exe
  C:\Windows\System\JPRYpJj.exe
  2⤵
  PID:5744
- C:\Windows\System\mmEZHLA.exe
  C:\Windows\System\mmEZHLA.exe
  2⤵
  PID:5784
- C:\Windows\System\ikFfpca.exe
  C:\Windows\System\ikFfpca.exe
  2⤵
  PID:5808
- C:\Windows\System\BGZuTra.exe
  C:\Windows\System\BGZuTra.exe
  2⤵
  PID:5840
- C:\Windows\System\gWIbeRc.exe
  C:\Windows\System\gWIbeRc.exe
  2⤵
  PID:5856
- C:\Windows\System\zyRBPLE.exe
  C:\Windows\System\zyRBPLE.exe
  2⤵
  PID:5896
- C:\Windows\System\wLOpjJz.exe
  C:\Windows\System\wLOpjJz.exe
  2⤵
  PID:5916
- C:\Windows\System\gKvxBuI.exe
  C:\Windows\System\gKvxBuI.exe
  2⤵
  PID:5948
- C:\Windows\System\AvTeZct.exe
  C:\Windows\System\AvTeZct.exe
  2⤵
  PID:5972
- C:\Windows\System\pwjbEsM.exe
  C:\Windows\System\pwjbEsM.exe
  2⤵
  PID:6004
- C:\Windows\System\XXQZOtM.exe
  C:\Windows\System\XXQZOtM.exe
  2⤵
  PID:6036
- C:\Windows\System\KdIuMdi.exe
  C:\Windows\System\KdIuMdi.exe
  2⤵
  PID:6064
- C:\Windows\System\HOrzOga.exe
  C:\Windows\System\HOrzOga.exe
  2⤵
  PID:6092
- C:\Windows\System\qFIMicj.exe
  C:\Windows\System\qFIMicj.exe
  2⤵
  PID:6116
- C:\Windows\System\CYXrIlV.exe
  C:\Windows\System\CYXrIlV.exe
  2⤵
  PID:5128
- C:\Windows\System\YLEyofC.exe
  C:\Windows\System\YLEyofC.exe
  2⤵
  PID:5176
- C:\Windows\System\oXDkKsQ.exe
  C:\Windows\System\oXDkKsQ.exe
  2⤵
  PID:3468
- C:\Windows\System\dydagdj.exe
  C:\Windows\System\dydagdj.exe
  2⤵
  PID:5308
- C:\Windows\System\SgGWSDf.exe
  C:\Windows\System\SgGWSDf.exe
  2⤵
  PID:5344
- C:\Windows\System\pOYInCH.exe
  C:\Windows\System\pOYInCH.exe
  2⤵
  PID:5416
- C:\Windows\System\UMTykBU.exe
  C:\Windows\System\UMTykBU.exe
  2⤵
  PID:5484
- C:\Windows\System\RvAeCay.exe
  C:\Windows\System\RvAeCay.exe
  2⤵
  PID:5568
- C:\Windows\System\ZInuCVz.exe
  C:\Windows\System\ZInuCVz.exe
  2⤵
  PID:5636
- C:\Windows\System\PueUzIH.exe
  C:\Windows\System\PueUzIH.exe
  2⤵
  PID:5704
- C:\Windows\System\SDreFTe.exe
  C:\Windows\System\SDreFTe.exe
  2⤵
  PID:5764
- C:\Windows\System\VXpunLs.exe
  C:\Windows\System\VXpunLs.exe
  2⤵
  PID:5820
- C:\Windows\System\hMNHKIM.exe
  C:\Windows\System\hMNHKIM.exe
  2⤵
  PID:5884
- C:\Windows\System\UHUNTZG.exe
  C:\Windows\System\UHUNTZG.exe
  2⤵
  PID:5956
- C:\Windows\System\qMtvKyW.exe
  C:\Windows\System\qMtvKyW.exe
  2⤵
  PID:5996
- C:\Windows\System\YMaIZub.exe
  C:\Windows\System\YMaIZub.exe
  2⤵
  PID:6060
- C:\Windows\System\PgerOAj.exe
  C:\Windows\System\PgerOAj.exe
  2⤵
  PID:4780
- C:\Windows\System\JAcZKUf.exe
  C:\Windows\System\JAcZKUf.exe
  2⤵
  PID:5604
- C:\Windows\System\VvcCzBJ.exe
  C:\Windows\System\VvcCzBJ.exe
  2⤵
  PID:5320
- C:\Windows\System\HdnvlIQ.exe
  C:\Windows\System\HdnvlIQ.exe
  2⤵
  PID:5480
- C:\Windows\System\WkIwNlg.exe
  C:\Windows\System\WkIwNlg.exe
  2⤵
  PID:5664
- C:\Windows\System\XLSdBlp.exe
  C:\Windows\System\XLSdBlp.exe
  2⤵
  PID:5732
- C:\Windows\System\eedvBBr.exe
  C:\Windows\System\eedvBBr.exe
  2⤵
  PID:5908
- C:\Windows\System\kUFuBZp.exe
  C:\Windows\System\kUFuBZp.exe
  2⤵
  PID:6024
- C:\Windows\System\ZYWrcpN.exe
  C:\Windows\System\ZYWrcpN.exe
  2⤵
  PID:2488
- C:\Windows\System\TjsDExH.exe
  C:\Windows\System\TjsDExH.exe
  2⤵
  PID:4596
- C:\Windows\System\XwgVIHI.exe
  C:\Windows\System\XwgVIHI.exe
  2⤵
  PID:5692
- C:\Windows\System\GYJKZhO.exe
  C:\Windows\System\GYJKZhO.exe
  2⤵
  PID:1788
- C:\Windows\System\GgHUNCO.exe
  C:\Windows\System\GgHUNCO.exe
  2⤵
  PID:5516
- C:\Windows\System\JOChOYp.exe
  C:\Windows\System\JOChOYp.exe
  2⤵
  PID:5800
- C:\Windows\System\vrVnDob.exe
  C:\Windows\System\vrVnDob.exe
  2⤵
  PID:5368
- C:\Windows\System\CIVygkm.exe
  C:\Windows\System\CIVygkm.exe
  2⤵
  PID:6180
- C:\Windows\System\wGeCdoW.exe
  C:\Windows\System\wGeCdoW.exe
  2⤵
  PID:6212
- C:\Windows\System\VSVylfy.exe
  C:\Windows\System\VSVylfy.exe
  2⤵
  PID:6236
- C:\Windows\System\qoISiof.exe
  C:\Windows\System\qoISiof.exe
  2⤵
  PID:6268
- C:\Windows\System\OyGmdbB.exe
  C:\Windows\System\OyGmdbB.exe
  2⤵
  PID:6300
- C:\Windows\System\yPgrWbd.exe
  C:\Windows\System\yPgrWbd.exe
  2⤵
  PID:6328
- C:\Windows\System\kRXEOxv.exe
  C:\Windows\System\kRXEOxv.exe
  2⤵
  PID:6352
- C:\Windows\System\UOlNlOX.exe
  C:\Windows\System\UOlNlOX.exe
  2⤵
  PID:6384
- C:\Windows\System\lCfsGwy.exe
  C:\Windows\System\lCfsGwy.exe
  2⤵
  PID:6412
- C:\Windows\System\dXLCHvM.exe
  C:\Windows\System\dXLCHvM.exe
  2⤵
  PID:6436
- C:\Windows\System\GyGNyRH.exe
  C:\Windows\System\GyGNyRH.exe
  2⤵
  PID:6464
- C:\Windows\System\coOCgmE.exe
  C:\Windows\System\coOCgmE.exe
  2⤵
  PID:6492
- C:\Windows\System\IpFlziZ.exe
  C:\Windows\System\IpFlziZ.exe
  2⤵
  PID:6524
- C:\Windows\System\oLIOyPk.exe
  C:\Windows\System\oLIOyPk.exe
  2⤵
  PID:6548
- C:\Windows\System\qRyVThY.exe
  C:\Windows\System\qRyVThY.exe
  2⤵
  PID:6576
- C:\Windows\System\opGpCqU.exe
  C:\Windows\System\opGpCqU.exe
  2⤵
  PID:6600
- C:\Windows\System\afYNSRZ.exe
  C:\Windows\System\afYNSRZ.exe
  2⤵
  PID:6640
- C:\Windows\System\EtOcWuC.exe
  C:\Windows\System\EtOcWuC.exe
  2⤵
  PID:6664
- C:\Windows\System\OIygyQg.exe
  C:\Windows\System\OIygyQg.exe
  2⤵
  PID:6692
- C:\Windows\System\ENJpKOe.exe
  C:\Windows\System\ENJpKOe.exe
  2⤵
  PID:6724
- C:\Windows\System\XYcKHsv.exe
  C:\Windows\System\XYcKHsv.exe
  2⤵
  PID:6748
- C:\Windows\System\saEgfeO.exe
  C:\Windows\System\saEgfeO.exe
  2⤵
  PID:6776
- C:\Windows\System\aHPZQoY.exe
  C:\Windows\System\aHPZQoY.exe
  2⤵
  PID:6804
- C:\Windows\System\kWqqNZD.exe
  C:\Windows\System\kWqqNZD.exe
  2⤵
  PID:6836
- C:\Windows\System\WGpCsFD.exe
  C:\Windows\System\WGpCsFD.exe
  2⤵
  PID:6860
- C:\Windows\System\LIirvfh.exe
  C:\Windows\System\LIirvfh.exe
  2⤵
  PID:6892
- C:\Windows\System\sBuABYQ.exe
  C:\Windows\System\sBuABYQ.exe
  2⤵
  PID:6916
- C:\Windows\System\izpCEvb.exe
  C:\Windows\System\izpCEvb.exe
  2⤵
  PID:6948
- C:\Windows\System\zNMuoTs.exe
  C:\Windows\System\zNMuoTs.exe
  2⤵
  PID:6980
- C:\Windows\System\ORlhASU.exe
  C:\Windows\System\ORlhASU.exe
  2⤵
  PID:7008
- C:\Windows\System\MpHtXno.exe
  C:\Windows\System\MpHtXno.exe
  2⤵
  PID:7040
- C:\Windows\System\BBZTrlW.exe
  C:\Windows\System\BBZTrlW.exe
  2⤵
  PID:7072
- C:\Windows\System\oXtnpbS.exe
  C:\Windows\System\oXtnpbS.exe
  2⤵
  PID:7100
- C:\Windows\System\HKpJvws.exe
  C:\Windows\System\HKpJvws.exe
  2⤵
  PID:7132
- C:\Windows\System\vdcZTqh.exe
  C:\Windows\System\vdcZTqh.exe
  2⤵
  PID:7160
- C:\Windows\System\wwuKgSz.exe
  C:\Windows\System\wwuKgSz.exe
  2⤵
  PID:6208
- C:\Windows\System\odButyQ.exe
  C:\Windows\System\odButyQ.exe
  2⤵
  PID:6244
- C:\Windows\System\gukaIMe.exe
  C:\Windows\System\gukaIMe.exe
  2⤵
  PID:6324
- C:\Windows\System\NBUfMIk.exe
  C:\Windows\System\NBUfMIk.exe
  2⤵
  PID:6372
- C:\Windows\System\qnGBNCx.exe
  C:\Windows\System\qnGBNCx.exe
  2⤵
  PID:6456
- C:\Windows\System\fYptuTU.exe
  C:\Windows\System\fYptuTU.exe
  2⤵
  PID:6532
- C:\Windows\System\AsWeXQk.exe
  C:\Windows\System\AsWeXQk.exe
  2⤵
  PID:6592
- C:\Windows\System\PtdJnUS.exe
  C:\Windows\System\PtdJnUS.exe
  2⤵
  PID:6652
- C:\Windows\System\oLWEioW.exe
  C:\Windows\System\oLWEioW.exe
  2⤵
  PID:6716
- C:\Windows\System\xqnKyrJ.exe
  C:\Windows\System\xqnKyrJ.exe
  2⤵
  PID:6768
- C:\Windows\System\WhFhMOu.exe
  C:\Windows\System\WhFhMOu.exe
  2⤵
  PID:6828
- C:\Windows\System\BPkmpHm.exe
  C:\Windows\System\BPkmpHm.exe
  2⤵
  PID:6900
- C:\Windows\System\XaNKfyl.exe
  C:\Windows\System\XaNKfyl.exe
  2⤵
  PID:6960
- C:\Windows\System\FFmYPiq.exe
  C:\Windows\System\FFmYPiq.exe
  2⤵
  PID:7024
- C:\Windows\System\kMPQFPo.exe
  C:\Windows\System\kMPQFPo.exe
  2⤵
  PID:7112
- C:\Windows\System\gamjYlV.exe
  C:\Windows\System\gamjYlV.exe
  2⤵
  PID:6168
- C:\Windows\System\PJNXMHr.exe
  C:\Windows\System\PJNXMHr.exe
  2⤵
  PID:6360
- C:\Windows\System\YUFcJem.exe
  C:\Windows\System\YUFcJem.exe
  2⤵
  PID:6520
- C:\Windows\System\KNoJafw.exe
  C:\Windows\System\KNoJafw.exe
  2⤵
  PID:6620
- C:\Windows\System\xarGsNH.exe
  C:\Windows\System\xarGsNH.exe
  2⤵
  PID:6740
- C:\Windows\System\wUbUPlr.exe
  C:\Windows\System\wUbUPlr.exe
  2⤵
  PID:6924
- C:\Windows\System\OYujNrX.exe
  C:\Windows\System\OYujNrX.exe
  2⤵
  PID:7080
- C:\Windows\System\iMmtkvV.exe
  C:\Windows\System\iMmtkvV.exe
  2⤵
  PID:6220
- C:\Windows\System\lpcoqWR.exe
  C:\Windows\System\lpcoqWR.exe
  2⤵
  PID:6588
- C:\Windows\System\BGpDFAv.exe
  C:\Windows\System\BGpDFAv.exe
  2⤵
  PID:6972
- C:\Windows\System\uAvVUAT.exe
  C:\Windows\System\uAvVUAT.exe
  2⤵
  PID:2276
- C:\Windows\System\VCvFIRN.exe
  C:\Windows\System\VCvFIRN.exe
  2⤵
  PID:6956
- C:\Windows\System\rhCoNnq.exe
  C:\Windows\System\rhCoNnq.exe
  2⤵
  PID:7144
- C:\Windows\System\kiRYZIn.exe
  C:\Windows\System\kiRYZIn.exe
  2⤵
  PID:7192
- C:\Windows\System\ocicwea.exe
  C:\Windows\System\ocicwea.exe
  2⤵
  PID:7224
- C:\Windows\System\fCslKZR.exe
  C:\Windows\System\fCslKZR.exe
  2⤵
  PID:7248
- C:\Windows\System\dZzrNsY.exe
  C:\Windows\System\dZzrNsY.exe
  2⤵
  PID:7280
- C:\Windows\System\QIJnUrF.exe
  C:\Windows\System\QIJnUrF.exe
  2⤵
  PID:7308
- C:\Windows\System\smMPPBw.exe
  C:\Windows\System\smMPPBw.exe
  2⤵
  PID:7332
- C:\Windows\System\uYjOrPx.exe
  C:\Windows\System\uYjOrPx.exe
  2⤵
  PID:7360
- C:\Windows\System\ZqbtANw.exe
  C:\Windows\System\ZqbtANw.exe
  2⤵
  PID:7388
- C:\Windows\System\YzRzFrF.exe
  C:\Windows\System\YzRzFrF.exe
  2⤵
  PID:7416
- C:\Windows\System\uLWjxWK.exe
  C:\Windows\System\uLWjxWK.exe
  2⤵
  PID:7444
- C:\Windows\System\yuQFjyI.exe
  C:\Windows\System\yuQFjyI.exe
  2⤵
  PID:7472
- C:\Windows\System\nIVNMlI.exe
  C:\Windows\System\nIVNMlI.exe
  2⤵
  PID:7504
- C:\Windows\System\XqnlLxl.exe
  C:\Windows\System\XqnlLxl.exe
  2⤵
  PID:7520
- C:\Windows\System\tHQwkqg.exe
  C:\Windows\System\tHQwkqg.exe
  2⤵
  PID:7556
- C:\Windows\System\JFakhDB.exe
  C:\Windows\System\JFakhDB.exe
  2⤵
  PID:7588
- C:\Windows\System\algulze.exe
  C:\Windows\System\algulze.exe
  2⤵
  PID:7620
- C:\Windows\System\ZTHEPgq.exe
  C:\Windows\System\ZTHEPgq.exe
  2⤵
  PID:7644
- C:\Windows\System\AFHPaMw.exe
  C:\Windows\System\AFHPaMw.exe
  2⤵
  PID:7668
- C:\Windows\System\qEKXXLx.exe
  C:\Windows\System\qEKXXLx.exe
  2⤵
  PID:7700
- C:\Windows\System\vyuWRLx.exe
  C:\Windows\System\vyuWRLx.exe
  2⤵
  PID:7732
- C:\Windows\System\hysNHsy.exe
  C:\Windows\System\hysNHsy.exe
  2⤵
  PID:7756
- C:\Windows\System\prUxssN.exe
  C:\Windows\System\prUxssN.exe
  2⤵
  PID:7784
- C:\Windows\System\mhUwzPY.exe
  C:\Windows\System\mhUwzPY.exe
  2⤵
  PID:7808
- C:\Windows\System\MHbExPj.exe
  C:\Windows\System\MHbExPj.exe
  2⤵
  PID:7836
- C:\Windows\System\QoxCSAI.exe
  C:\Windows\System\QoxCSAI.exe
  2⤵
  PID:7872
- C:\Windows\System\YeDykww.exe
  C:\Windows\System\YeDykww.exe
  2⤵
  PID:7900
- C:\Windows\System\roUliyr.exe
  C:\Windows\System\roUliyr.exe
  2⤵
  PID:7920
- C:\Windows\System\jGeslBa.exe
  C:\Windows\System\jGeslBa.exe
  2⤵
  PID:7948
- C:\Windows\System\pjNxTzP.exe
  C:\Windows\System\pjNxTzP.exe
  2⤵
  PID:7996
- C:\Windows\System\RPujyRe.exe
  C:\Windows\System\RPujyRe.exe
  2⤵
  PID:8024
- C:\Windows\System\DvPHcaq.exe
  C:\Windows\System\DvPHcaq.exe
  2⤵
  PID:8052
- C:\Windows\System\dDYTajH.exe
  C:\Windows\System\dDYTajH.exe
  2⤵
  PID:8088
- C:\Windows\System\OKOqhrG.exe
  C:\Windows\System\OKOqhrG.exe
  2⤵
  PID:8108
- C:\Windows\System\DlxPTgz.exe
  C:\Windows\System\DlxPTgz.exe
  2⤵
  PID:8136
- C:\Windows\System\bIPWacT.exe
  C:\Windows\System\bIPWacT.exe
  2⤵
  PID:8164
- C:\Windows\System\ywZznJH.exe
  C:\Windows\System\ywZznJH.exe
  2⤵
  PID:6608
- C:\Windows\System\aAJjCaD.exe
  C:\Windows\System\aAJjCaD.exe
  2⤵
  PID:7232
- C:\Windows\System\eBBAQNO.exe
  C:\Windows\System\eBBAQNO.exe
  2⤵
  PID:7300
- C:\Windows\System\eGwUxww.exe
  C:\Windows\System\eGwUxww.exe
  2⤵
  PID:7352
- C:\Windows\System\fQveIab.exe
  C:\Windows\System\fQveIab.exe
  2⤵
  PID:7424
- C:\Windows\System\kuWGgBY.exe
  C:\Windows\System\kuWGgBY.exe
  2⤵
  PID:6676
- C:\Windows\System\DgBJRJv.exe
  C:\Windows\System\DgBJRJv.exe
  2⤵
  PID:7544
- C:\Windows\System\QnQBLcy.exe
  C:\Windows\System\QnQBLcy.exe
  2⤵
  PID:7604
- C:\Windows\System\nWzLYMR.exe
  C:\Windows\System\nWzLYMR.exe
  2⤵
  PID:7660
- C:\Windows\System\ROGmjWm.exe
  C:\Windows\System\ROGmjWm.exe
  2⤵
  PID:7720
- C:\Windows\System\tHLIqyp.exe
  C:\Windows\System\tHLIqyp.exe
  2⤵
  PID:7800
- C:\Windows\System\XHtMAgn.exe
  C:\Windows\System\XHtMAgn.exe
  2⤵
  PID:3928
- C:\Windows\System\IqYITmD.exe
  C:\Windows\System\IqYITmD.exe
  2⤵
  PID:7944
- C:\Windows\System\vJReRFL.exe
  C:\Windows\System\vJReRFL.exe
  2⤵
  PID:8036
- C:\Windows\System\MhlvaHV.exe
  C:\Windows\System\MhlvaHV.exe
  2⤵
  PID:8096
- C:\Windows\System\fwHZUvv.exe
  C:\Windows\System\fwHZUvv.exe
  2⤵
  PID:8156
- C:\Windows\System\ZMAmUpW.exe
  C:\Windows\System\ZMAmUpW.exe
  2⤵
  PID:7220
- C:\Windows\System\fipwZeQ.exe
  C:\Windows\System\fipwZeQ.exe
  2⤵
  PID:7344
- C:\Windows\System\trLUzAA.exe
  C:\Windows\System\trLUzAA.exe
  2⤵
  PID:7540
- C:\Windows\System\ObNvccY.exe
  C:\Windows\System\ObNvccY.exe
  2⤵
  PID:7680
- C:\Windows\System\YsSfKur.exe
  C:\Windows\System\YsSfKur.exe
  2⤵
  PID:7828
- C:\Windows\System\pYKIGTa.exe
  C:\Windows\System\pYKIGTa.exe
  2⤵
  PID:7932
- C:\Windows\System\ajmXBfC.exe
  C:\Windows\System\ajmXBfC.exe
  2⤵
  PID:8064
- C:\Windows\System\hsSUnmd.exe
  C:\Windows\System\hsSUnmd.exe
  2⤵
  PID:8184
- C:\Windows\System\zckLyPB.exe
  C:\Windows\System\zckLyPB.exe
  2⤵
  PID:7460
- C:\Windows\System\dfQJaSH.exe
  C:\Windows\System\dfQJaSH.exe
  2⤵
  PID:7772
- C:\Windows\System\xJlplGW.exe
  C:\Windows\System\xJlplGW.exe
  2⤵
  PID:8120
- C:\Windows\System\aljcpmf.exe
  C:\Windows\System\aljcpmf.exe
  2⤵
  PID:7880
- C:\Windows\System\SbpCrTX.exe
  C:\Windows\System\SbpCrTX.exe
  2⤵
  PID:4056
- C:\Windows\System\yLBAESi.exe
  C:\Windows\System\yLBAESi.exe
  2⤵
  PID:8220
- C:\Windows\System\kjdREBK.exe
  C:\Windows\System\kjdREBK.exe
  2⤵
  PID:8240
- C:\Windows\System\vZtwbAF.exe
  C:\Windows\System\vZtwbAF.exe
  2⤵
  PID:8276
- C:\Windows\System\XMeOqsZ.exe
  C:\Windows\System\XMeOqsZ.exe
  2⤵
  PID:8296
- C:\Windows\System\FMBpJDP.exe
  C:\Windows\System\FMBpJDP.exe
  2⤵
  PID:8324
- C:\Windows\System\qrHiTSq.exe
  C:\Windows\System\qrHiTSq.exe
  2⤵
  PID:8352
- C:\Windows\System\RPrTWHY.exe
  C:\Windows\System\RPrTWHY.exe
  2⤵
  PID:8388
- C:\Windows\System\DylWTuf.exe
  C:\Windows\System\DylWTuf.exe
  2⤵
  PID:8408
- C:\Windows\System\zBVTHCu.exe
  C:\Windows\System\zBVTHCu.exe
  2⤵
  PID:8436
- C:\Windows\System\ozXHQZf.exe
  C:\Windows\System\ozXHQZf.exe
  2⤵
  PID:8464
- C:\Windows\System\WRTdrns.exe
  C:\Windows\System\WRTdrns.exe
  2⤵
  PID:8504
- C:\Windows\System\tHMzctA.exe
  C:\Windows\System\tHMzctA.exe
  2⤵
  PID:8524
- C:\Windows\System\djvJaCW.exe
  C:\Windows\System\djvJaCW.exe
  2⤵
  PID:8556
- C:\Windows\System\vSfljYN.exe
  C:\Windows\System\vSfljYN.exe
  2⤵
  PID:8580
- C:\Windows\System\WUNBheR.exe
  C:\Windows\System\WUNBheR.exe
  2⤵
  PID:8616
- C:\Windows\System\LcBPWjl.exe
  C:\Windows\System\LcBPWjl.exe
  2⤵
  PID:8648
- C:\Windows\System\pfeuaMo.exe
  C:\Windows\System\pfeuaMo.exe
  2⤵
  PID:8668
- C:\Windows\System\faNRGTX.exe
  C:\Windows\System\faNRGTX.exe
  2⤵
  PID:8696
- C:\Windows\System\SZtWQSL.exe
  C:\Windows\System\SZtWQSL.exe
  2⤵
  PID:8732
- C:\Windows\System\tkcaGZc.exe
  C:\Windows\System\tkcaGZc.exe
  2⤵
  PID:8752
- C:\Windows\System\MPpqPcO.exe
  C:\Windows\System\MPpqPcO.exe
  2⤵
  PID:8780
- C:\Windows\System\eLJanbW.exe
  C:\Windows\System\eLJanbW.exe
  2⤵
  PID:8808
- C:\Windows\System\bmZegIB.exe
  C:\Windows\System\bmZegIB.exe
  2⤵
  PID:8844
- C:\Windows\System\InWzlma.exe
  C:\Windows\System\InWzlma.exe
  2⤵
  PID:8864
- C:\Windows\System\jOYVoaB.exe
  C:\Windows\System\jOYVoaB.exe
  2⤵
  PID:8892
- C:\Windows\System\vFArsMt.exe
  C:\Windows\System\vFArsMt.exe
  2⤵
  PID:8920
- C:\Windows\System\NIkwxNl.exe
  C:\Windows\System\NIkwxNl.exe
  2⤵
  PID:8952
- C:\Windows\System\fwKKolk.exe
  C:\Windows\System\fwKKolk.exe
  2⤵
  PID:8976
- C:\Windows\System\dxEFaHf.exe
  C:\Windows\System\dxEFaHf.exe
  2⤵
  PID:9004
- C:\Windows\System\inZStTb.exe
  C:\Windows\System\inZStTb.exe
  2⤵
  PID:9032
- C:\Windows\System\FHyMihP.exe
  C:\Windows\System\FHyMihP.exe
  2⤵
  PID:9060
- C:\Windows\System\TdVtIja.exe
  C:\Windows\System\TdVtIja.exe
  2⤵
  PID:9088
- C:\Windows\System\bXJvBjf.exe
  C:\Windows\System\bXJvBjf.exe
  2⤵
  PID:9116
- C:\Windows\System\UijPBRU.exe
  C:\Windows\System\UijPBRU.exe
  2⤵
  PID:9144
- C:\Windows\System\IdanVBz.exe
  C:\Windows\System\IdanVBz.exe
  2⤵
  PID:9172
- C:\Windows\System\wsmzxCY.exe
  C:\Windows\System\wsmzxCY.exe
  2⤵
  PID:9208
- C:\Windows\System\hACNvKL.exe
  C:\Windows\System\hACNvKL.exe
  2⤵
  PID:8208
- C:\Windows\System\InSNEYM.exe
  C:\Windows\System\InSNEYM.exe
  2⤵
  PID:8264
- C:\Windows\System\rvYwekY.exe
  C:\Windows\System\rvYwekY.exe
  2⤵
  PID:8336
- C:\Windows\System\qhsyUqZ.exe
  C:\Windows\System\qhsyUqZ.exe
  2⤵
  PID:8404
- C:\Windows\System\JrSGRku.exe
  C:\Windows\System\JrSGRku.exe
  2⤵
  PID:8460
- C:\Windows\System\cMsQLdq.exe
  C:\Windows\System\cMsQLdq.exe
  2⤵
  PID:8548
- C:\Windows\System\zNcxjOV.exe
  C:\Windows\System\zNcxjOV.exe
  2⤵
  PID:8604
- C:\Windows\System\ywnUzPy.exe
  C:\Windows\System\ywnUzPy.exe
  2⤵
  PID:8708
- C:\Windows\System\fEyAPNv.exe
  C:\Windows\System\fEyAPNv.exe
  2⤵
  PID:8748
- C:\Windows\System\oBOIcMQ.exe
  C:\Windows\System\oBOIcMQ.exe
  2⤵
  PID:8832
- C:\Windows\System\jeGulVu.exe
  C:\Windows\System\jeGulVu.exe
  2⤵
  PID:8888
- C:\Windows\System\QlaJcCh.exe
  C:\Windows\System\QlaJcCh.exe
  2⤵
  PID:8944
- C:\Windows\System\PuOAknE.exe
  C:\Windows\System\PuOAknE.exe
  2⤵
  PID:9028
- C:\Windows\System\QXenzMJ.exe
  C:\Windows\System\QXenzMJ.exe
  2⤵
  PID:9080
- C:\Windows\System\wSByesi.exe
  C:\Windows\System\wSByesi.exe
  2⤵
  PID:9140
- C:\Windows\System\PzIrFxl.exe
  C:\Windows\System\PzIrFxl.exe
  2⤵
  PID:7408
- C:\Windows\System\ESMUdSr.exe
  C:\Windows\System\ESMUdSr.exe
  2⤵
  PID:8320
- C:\Windows\System\ycSqvkA.exe
  C:\Windows\System\ycSqvkA.exe
  2⤵
  PID:8448
- C:\Windows\System\lGyEBMC.exe
  C:\Windows\System\lGyEBMC.exe
  2⤵
  PID:8600
- C:\Windows\System\FhAMgHi.exe
  C:\Windows\System\FhAMgHi.exe
  2⤵
  PID:8776
- C:\Windows\System\DxOmzlM.exe
  C:\Windows\System\DxOmzlM.exe
  2⤵
  PID:8996
- C:\Windows\System\YikYFTp.exe
  C:\Windows\System\YikYFTp.exe
  2⤵
  PID:9108
- C:\Windows\System\FnUuJDm.exe
  C:\Windows\System\FnUuJDm.exe
  2⤵
  PID:7692
- C:\Windows\System\Uclpzmb.exe
  C:\Windows\System\Uclpzmb.exe
  2⤵
  PID:8592
- C:\Windows\System\afLfumL.exe
  C:\Windows\System\afLfumL.exe
  2⤵
  PID:9052
- C:\Windows\System\szALnjk.exe
  C:\Windows\System\szALnjk.exe
  2⤵
  PID:8516
- C:\Windows\System\YyAegvP.exe
  C:\Windows\System\YyAegvP.exe
  2⤵
  PID:9164
- C:\Windows\System\bdPEFwh.exe
  C:\Windows\System\bdPEFwh.exe
  2⤵
  PID:9244
- C:\Windows\System\rpyOFQD.exe
  C:\Windows\System\rpyOFQD.exe
  2⤵
  PID:9272
- C:\Windows\System\qqjrkpn.exe
  C:\Windows\System\qqjrkpn.exe
  2⤵
  PID:9292
- C:\Windows\System\JEkbbHF.exe
  C:\Windows\System\JEkbbHF.exe
  2⤵
  PID:9320
- C:\Windows\System\xFGHRYh.exe
  C:\Windows\System\xFGHRYh.exe
  2⤵
  PID:9352
- C:\Windows\System\jnfbqoB.exe
  C:\Windows\System\jnfbqoB.exe
  2⤵
  PID:9384
- C:\Windows\System\MBKkoaj.exe
  C:\Windows\System\MBKkoaj.exe
  2⤵
  PID:9404
- C:\Windows\System\oKzbCaW.exe
  C:\Windows\System\oKzbCaW.exe
  2⤵
  PID:9436
- C:\Windows\System\oVFEwQW.exe
  C:\Windows\System\oVFEwQW.exe
  2⤵
  PID:9452
- C:\Windows\System\WwuKucx.exe
  C:\Windows\System\WwuKucx.exe
  2⤵
  PID:9504
- C:\Windows\System\gDnWSRw.exe
  C:\Windows\System\gDnWSRw.exe
  2⤵
  PID:9528
- C:\Windows\System\HqYIalp.exe
  C:\Windows\System\HqYIalp.exe
  2⤵
  PID:9556
- C:\Windows\System\SQMzWHy.exe
  C:\Windows\System\SQMzWHy.exe
  2⤵
  PID:9600
- C:\Windows\System\ovOhAkD.exe
  C:\Windows\System\ovOhAkD.exe
  2⤵
  PID:9660
- C:\Windows\System\cvsIgSR.exe
  C:\Windows\System\cvsIgSR.exe
  2⤵
  PID:9692
- C:\Windows\System\ensgvNE.exe
  C:\Windows\System\ensgvNE.exe
  2⤵
  PID:9712
- C:\Windows\System\WywRHPF.exe
  C:\Windows\System\WywRHPF.exe
  2⤵
  PID:9740
- C:\Windows\System\JlxtOwL.exe
  C:\Windows\System\JlxtOwL.exe
  2⤵
  PID:9772
- C:\Windows\System\VDynqLk.exe
  C:\Windows\System\VDynqLk.exe
  2⤵
  PID:9796
- C:\Windows\System\DVLqAFf.exe
  C:\Windows\System\DVLqAFf.exe
  2⤵
  PID:9832
- C:\Windows\System\GolhEOr.exe
  C:\Windows\System\GolhEOr.exe
  2⤵
  PID:9852
- C:\Windows\System\cGdvzUr.exe
  C:\Windows\System\cGdvzUr.exe
  2⤵
  PID:9888
- C:\Windows\System\HhfdXRm.exe
  C:\Windows\System\HhfdXRm.exe
  2⤵
  PID:9908
- C:\Windows\System\IAPiTgU.exe
  C:\Windows\System\IAPiTgU.exe
  2⤵
  PID:9936
- C:\Windows\System\uuXiEiP.exe
  C:\Windows\System\uuXiEiP.exe
  2⤵
  PID:9972
- C:\Windows\System\WeEGAfg.exe
  C:\Windows\System\WeEGAfg.exe
  2⤵
  PID:9992
- C:\Windows\System\TbgnTxr.exe
  C:\Windows\System\TbgnTxr.exe
  2⤵
  PID:10020
- C:\Windows\System\kecjbvA.exe
  C:\Windows\System\kecjbvA.exe
  2⤵
  PID:10048
- C:\Windows\System\xanrAAo.exe
  C:\Windows\System\xanrAAo.exe
  2⤵
  PID:10076
- C:\Windows\System\YPFiMdQ.exe
  C:\Windows\System\YPFiMdQ.exe
  2⤵
  PID:10104
- C:\Windows\System\rUwQewD.exe
  C:\Windows\System\rUwQewD.exe
  2⤵
  PID:10148
- C:\Windows\System\OMeaacS.exe
  C:\Windows\System\OMeaacS.exe
  2⤵
  PID:10164
- C:\Windows\System\KSccala.exe
  C:\Windows\System\KSccala.exe
  2⤵
  PID:10192
- C:\Windows\System\MJAKHCE.exe
  C:\Windows\System\MJAKHCE.exe
  2⤵
  PID:8236
- C:\Windows\System\SWZbnQx.exe
  C:\Windows\System\SWZbnQx.exe
  2⤵
  PID:9312
- C:\Windows\System\zxFJrLI.exe
  C:\Windows\System\zxFJrLI.exe
  2⤵
  PID:9464
- C:\Windows\System\CuIhhXi.exe
  C:\Windows\System\CuIhhXi.exe
  2⤵
  PID:9588
- C:\Windows\System\OeBHssA.exe
  C:\Windows\System\OeBHssA.exe
  2⤵
  PID:9808
- C:\Windows\System\auATSWk.exe
  C:\Windows\System\auATSWk.exe
  2⤵
  PID:9876
- C:\Windows\System\sVZvuCz.exe
  C:\Windows\System\sVZvuCz.exe
  2⤵
  PID:9928
- C:\Windows\System\bRkpQqN.exe
  C:\Windows\System\bRkpQqN.exe
  2⤵
  PID:10032
- C:\Windows\System\aprHHuX.exe
  C:\Windows\System\aprHHuX.exe
  2⤵
  PID:10100
- C:\Windows\System\rrFwaRm.exe
  C:\Windows\System\rrFwaRm.exe
  2⤵
  PID:10236
- C:\Windows\System\WGHYiUR.exe
  C:\Windows\System\WGHYiUR.exe
  2⤵
  PID:9488
- C:\Windows\System\hfPnklZ.exe
  C:\Windows\System\hfPnklZ.exe
  2⤵
  PID:9788
- C:\Windows\System\beAKXpl.exe
  C:\Windows\System\beAKXpl.exe
  2⤵
  PID:9948
- C:\Windows\System\rUveDeF.exe
  C:\Windows\System\rUveDeF.exe
  2⤵
  PID:10088
- C:\Windows\System\jXQmzBA.exe
  C:\Windows\System\jXQmzBA.exe
  2⤵
  PID:3740
- C:\Windows\System\CubrFvD.exe
  C:\Windows\System\CubrFvD.exe
  2⤵
  PID:9984
- C:\Windows\System\KEjpNID.exe
  C:\Windows\System\KEjpNID.exe
  2⤵
  PID:9900
- C:\Windows\System\uVqDxzi.exe
  C:\Windows\System\uVqDxzi.exe
  2⤵
  PID:10244
- C:\Windows\System\SgSUVKC.exe
  C:\Windows\System\SgSUVKC.exe
  2⤵
  PID:10272
- C:\Windows\System\kwMvcQG.exe
  C:\Windows\System\kwMvcQG.exe
  2⤵
  PID:10308
- C:\Windows\System\bpBJxLS.exe
  C:\Windows\System\bpBJxLS.exe
  2⤵
  PID:10328
- C:\Windows\System\HeGyEoP.exe
  C:\Windows\System\HeGyEoP.exe
  2⤵
  PID:10356
- C:\Windows\System\gOkHqDz.exe
  C:\Windows\System\gOkHqDz.exe
  2⤵
  PID:10384
- C:\Windows\System\fpplGKn.exe
  C:\Windows\System\fpplGKn.exe
  2⤵
  PID:10412
- C:\Windows\System\DzOuKFE.exe
  C:\Windows\System\DzOuKFE.exe
  2⤵
  PID:10440
- C:\Windows\System\XnNNkdR.exe
  C:\Windows\System\XnNNkdR.exe
  2⤵
  PID:10468
- C:\Windows\System\sNctEBo.exe
  C:\Windows\System\sNctEBo.exe
  2⤵
  PID:10496
- C:\Windows\System\ceegWBB.exe
  C:\Windows\System\ceegWBB.exe
  2⤵
  PID:10532
- C:\Windows\System\RGzNyeY.exe
  C:\Windows\System\RGzNyeY.exe
  2⤵
  PID:10552
- C:\Windows\System\fKMELkZ.exe
  C:\Windows\System\fKMELkZ.exe
  2⤵
  PID:10580
- C:\Windows\System\xLulwvd.exe
  C:\Windows\System\xLulwvd.exe
  2⤵
  PID:10608
- C:\Windows\System\xVnnHuL.exe
  C:\Windows\System\xVnnHuL.exe
  2⤵
  PID:10640
- C:\Windows\System\XAoOHZr.exe
  C:\Windows\System\XAoOHZr.exe
  2⤵
  PID:10680
- C:\Windows\System\RkANcih.exe
  C:\Windows\System\RkANcih.exe
  2⤵
  PID:10696
- C:\Windows\System\FZZHrwO.exe
  C:\Windows\System\FZZHrwO.exe
  2⤵
  PID:10724
- C:\Windows\System\PTiCFCX.exe
  C:\Windows\System\PTiCFCX.exe
  2⤵
  PID:10752
- C:\Windows\System\CBMtLfV.exe
  C:\Windows\System\CBMtLfV.exe
  2⤵
  PID:10780
- C:\Windows\System\CcmvTyP.exe
  C:\Windows\System\CcmvTyP.exe
  2⤵
  PID:10808
- C:\Windows\System\jyAoUIK.exe
  C:\Windows\System\jyAoUIK.exe
  2⤵
  PID:10836
- C:\Windows\System\SzRFiQp.exe
  C:\Windows\System\SzRFiQp.exe
  2⤵
  PID:10864
- C:\Windows\System\NNXWzqn.exe
  C:\Windows\System\NNXWzqn.exe
  2⤵
  PID:10892
- C:\Windows\System\CZGGRWT.exe
  C:\Windows\System\CZGGRWT.exe
  2⤵
  PID:10920
- C:\Windows\System\xjkYmAP.exe
  C:\Windows\System\xjkYmAP.exe
  2⤵
  PID:10948
- C:\Windows\System\amdlhgT.exe
  C:\Windows\System\amdlhgT.exe
  2⤵
  PID:10984
- C:\Windows\System\YqwammJ.exe
  C:\Windows\System\YqwammJ.exe
  2⤵
  PID:11004
- C:\Windows\System\wIQJqXs.exe
  C:\Windows\System\wIQJqXs.exe
  2⤵
  PID:11032
- C:\Windows\System\WowtKXK.exe
  C:\Windows\System\WowtKXK.exe
  2⤵
  PID:11060
- C:\Windows\System\DbajYpC.exe
  C:\Windows\System\DbajYpC.exe
  2⤵
  PID:11088
- C:\Windows\System\MTwbMuy.exe
  C:\Windows\System\MTwbMuy.exe
  2⤵
  PID:11116
- C:\Windows\System\DKVNpZF.exe
  C:\Windows\System\DKVNpZF.exe
  2⤵
  PID:11144
- C:\Windows\System\ykPpoGz.exe
  C:\Windows\System\ykPpoGz.exe
  2⤵
  PID:11172
- C:\Windows\System\TdgtEmg.exe
  C:\Windows\System\TdgtEmg.exe
  2⤵
  PID:11200
- C:\Windows\System\mtbIzul.exe
  C:\Windows\System\mtbIzul.exe
  2⤵
  PID:11228
- C:\Windows\System\HbtKFaU.exe
  C:\Windows\System\HbtKFaU.exe
  2⤵
  PID:11256
- C:\Windows\System\kSxADvK.exe
  C:\Windows\System\kSxADvK.exe
  2⤵
  PID:10292
- C:\Windows\System\xcfOQsP.exe
  C:\Windows\System\xcfOQsP.exe
  2⤵
  PID:10352
- C:\Windows\System\dSwRtvd.exe
  C:\Windows\System\dSwRtvd.exe
  2⤵
  PID:10424
- C:\Windows\System\NUmcGkd.exe
  C:\Windows\System\NUmcGkd.exe
  2⤵
  PID:10480
- C:\Windows\System\RopJOpc.exe
  C:\Windows\System\RopJOpc.exe
  2⤵
  PID:10564
- C:\Windows\System\QSNFiCW.exe
  C:\Windows\System\QSNFiCW.exe
  2⤵
  PID:10632
- C:\Windows\System\LclCSsZ.exe
  C:\Windows\System\LclCSsZ.exe
  2⤵
  PID:10688
- C:\Windows\System\siogBDF.exe
  C:\Windows\System\siogBDF.exe
  2⤵
  PID:10748
- C:\Windows\System\vLuijNQ.exe
  C:\Windows\System\vLuijNQ.exe
  2⤵
  PID:10804
- C:\Windows\System\LWdiMAr.exe
  C:\Windows\System\LWdiMAr.exe
  2⤵
  PID:10884
- C:\Windows\System\oxYreUb.exe
  C:\Windows\System\oxYreUb.exe
  2⤵
  PID:10932
- C:\Windows\System\iWIDIkL.exe
  C:\Windows\System\iWIDIkL.exe
  2⤵
  PID:10996
- C:\Windows\System\jgaOMat.exe
  C:\Windows\System\jgaOMat.exe
  2⤵
  PID:11072
- C:\Windows\System\cEvBWfI.exe
  C:\Windows\System\cEvBWfI.exe
  2⤵
  PID:11128
- C:\Windows\System\onbFEnK.exe
  C:\Windows\System\onbFEnK.exe
  2⤵
  PID:11196
- C:\Windows\System\PtWMhDH.exe
  C:\Windows\System\PtWMhDH.exe
  2⤵
  PID:11248
- C:\Windows\System\EAKDXQQ.exe
  C:\Windows\System\EAKDXQQ.exe
  2⤵
  PID:10348
- C:\Windows\System\apvQTgZ.exe
  C:\Windows\System\apvQTgZ.exe
  2⤵
  PID:10464
- C:\Windows\System\vYdfKjy.exe
  C:\Windows\System\vYdfKjy.exe
  2⤵
  PID:10652
- C:\Windows\System\oBZgcfy.exe
  C:\Windows\System\oBZgcfy.exe
  2⤵
  PID:2128
- C:\Windows\System\EKpEhkk.exe
  C:\Windows\System\EKpEhkk.exe
  2⤵
  PID:11044
- C:\Windows\System\bjEsuqf.exe
  C:\Windows\System\bjEsuqf.exe
  2⤵
  PID:10268
- C:\Windows\System\YftoDHI.exe
  C:\Windows\System\YftoDHI.exe
  2⤵
  PID:10592
- C:\Windows\System\RgMWYuh.exe
  C:\Windows\System\RgMWYuh.exe
  2⤵
  PID:11024
- C:\Windows\System\foGgoJt.exe
  C:\Windows\System\foGgoJt.exe
  2⤵
  PID:10540
- C:\Windows\System\aDGYFxa.exe
  C:\Windows\System\aDGYFxa.exe
  2⤵
  PID:10992
- C:\Windows\System\aChzEEh.exe
  C:\Windows\System\aChzEEh.exe
  2⤵
  PID:11284
- C:\Windows\System\FuUjyvT.exe
  C:\Windows\System\FuUjyvT.exe
  2⤵
  PID:11312
- C:\Windows\System\StmxGuS.exe
  C:\Windows\System\StmxGuS.exe
  2⤵
  PID:11340
- C:\Windows\System\MRQghdj.exe
  C:\Windows\System\MRQghdj.exe
  2⤵
  PID:11368
- C:\Windows\System\YrBeUli.exe
  C:\Windows\System\YrBeUli.exe
  2⤵
  PID:11396
- C:\Windows\System\rpDAzGY.exe
  C:\Windows\System\rpDAzGY.exe
  2⤵
  PID:11424
- C:\Windows\System\ekiEWiy.exe
  C:\Windows\System\ekiEWiy.exe
  2⤵
  PID:11464
- C:\Windows\System\rdUzjHA.exe
  C:\Windows\System\rdUzjHA.exe
  2⤵
  PID:11484
- C:\Windows\System\YmbIOFD.exe
  C:\Windows\System\YmbIOFD.exe
  2⤵
  PID:11512
- C:\Windows\System\UMQiPUm.exe
  C:\Windows\System\UMQiPUm.exe
  2⤵
  PID:11540
- C:\Windows\System\TejoBza.exe
  C:\Windows\System\TejoBza.exe
  2⤵
  PID:11568
- C:\Windows\System\BEgaLTE.exe
  C:\Windows\System\BEgaLTE.exe
  2⤵
  PID:11596
- C:\Windows\System\yUnjuIC.exe
  C:\Windows\System\yUnjuIC.exe
  2⤵
  PID:11636
- C:\Windows\System\teIPMXt.exe
  C:\Windows\System\teIPMXt.exe
  2⤵
  PID:11656
- C:\Windows\System\pmcPCOz.exe
  C:\Windows\System\pmcPCOz.exe
  2⤵
  PID:11684
- C:\Windows\System\lMiSwme.exe
  C:\Windows\System\lMiSwme.exe
  2⤵
  PID:11712
- C:\Windows\System\vAqgghd.exe
  C:\Windows\System\vAqgghd.exe
  2⤵
  PID:11740
- C:\Windows\System\OgnbvQA.exe
  C:\Windows\System\OgnbvQA.exe
  2⤵
  PID:11768
- C:\Windows\System\iGuKXFs.exe
  C:\Windows\System\iGuKXFs.exe
  2⤵
  PID:11796
- C:\Windows\System\FBfbLPY.exe
  C:\Windows\System\FBfbLPY.exe
  2⤵
  PID:11824
- C:\Windows\System\jSnvfql.exe
  C:\Windows\System\jSnvfql.exe
  2⤵
  PID:11852
- C:\Windows\System\zFrFzIZ.exe
  C:\Windows\System\zFrFzIZ.exe
  2⤵
  PID:11880
- C:\Windows\System\RkKAAhx.exe
  C:\Windows\System\RkKAAhx.exe
  2⤵
  PID:11908
- C:\Windows\System\BgLrDsu.exe
  C:\Windows\System\BgLrDsu.exe
  2⤵
  PID:11936
- C:\Windows\System\zSptNOE.exe
  C:\Windows\System\zSptNOE.exe
  2⤵
  PID:11964
- C:\Windows\System\FmHaKoJ.exe
  C:\Windows\System\FmHaKoJ.exe
  2⤵
  PID:11992
- C:\Windows\System\afjAccZ.exe
  C:\Windows\System\afjAccZ.exe
  2⤵
  PID:12020
- C:\Windows\System\DQWViVH.exe
  C:\Windows\System\DQWViVH.exe
  2⤵
  PID:12068
- C:\Windows\System\CosGrmU.exe
  C:\Windows\System\CosGrmU.exe
  2⤵
  PID:12112
- C:\Windows\System\VjWgqLd.exe
  C:\Windows\System\VjWgqLd.exe
  2⤵
  PID:12140
- C:\Windows\System\VWZMQPy.exe
  C:\Windows\System\VWZMQPy.exe
  2⤵
  PID:12168
- C:\Windows\System\KLysEYD.exe
  C:\Windows\System\KLysEYD.exe
  2⤵
  PID:12208
- C:\Windows\System\TiBSowv.exe
  C:\Windows\System\TiBSowv.exe
  2⤵
  PID:12240
- C:\Windows\System\LFnTcby.exe
  C:\Windows\System\LFnTcby.exe
  2⤵
  PID:12268
- C:\Windows\System\HHuhHAX.exe
  C:\Windows\System\HHuhHAX.exe
  2⤵
  PID:11280
- C:\Windows\System\bsqcZlL.exe
  C:\Windows\System\bsqcZlL.exe
  2⤵
  PID:11352
- C:\Windows\System\WHQlCpz.exe
  C:\Windows\System\WHQlCpz.exe
  2⤵
  PID:11408
- C:\Windows\System\XjjJBGM.exe
  C:\Windows\System\XjjJBGM.exe
  2⤵
  PID:11476
- C:\Windows\System\pyMQxFe.exe
  C:\Windows\System\pyMQxFe.exe
  2⤵
  PID:11552
- C:\Windows\System\upGVvrZ.exe
  C:\Windows\System\upGVvrZ.exe
  2⤵
  PID:11620
- C:\Windows\System\fYCqgfq.exe
  C:\Windows\System\fYCqgfq.exe
  2⤵
  PID:11680
- C:\Windows\System\RYnNlzs.exe
  C:\Windows\System\RYnNlzs.exe
  2⤵
  PID:11752
- C:\Windows\System\DoGgnot.exe
  C:\Windows\System\DoGgnot.exe
  2⤵
  PID:11816
- C:\Windows\System\yvHqZkj.exe
  C:\Windows\System\yvHqZkj.exe
  2⤵
  PID:11876
- C:\Windows\System\xAUejIn.exe
  C:\Windows\System\xAUejIn.exe
  2⤵
  PID:11948
- C:\Windows\System\wxhlNiC.exe
  C:\Windows\System\wxhlNiC.exe
  2⤵
  PID:12004
- C:\Windows\System\DKONBit.exe
  C:\Windows\System\DKONBit.exe
  2⤵
  PID:4444
- C:\Windows\System\etKFtkU.exe
  C:\Windows\System\etKFtkU.exe
  2⤵
  PID:1156
- C:\Windows\System\EyAuPat.exe
  C:\Windows\System\EyAuPat.exe
  2⤵
  PID:12152
- C:\Windows\System\YMPPZRm.exe
  C:\Windows\System\YMPPZRm.exe
  2⤵
  PID:12220
- C:\Windows\System\KfJAmaO.exe
  C:\Windows\System\KfJAmaO.exe
  2⤵
  PID:3808
- C:\Windows\System\ejmzhCw.exe
  C:\Windows\System\ejmzhCw.exe
  2⤵
  PID:11276
- C:\Windows\System\kEkDQXo.exe
  C:\Windows\System\kEkDQXo.exe
  2⤵
  PID:11392
- C:\Windows\System\MiRbjHo.exe
  C:\Windows\System\MiRbjHo.exe
  2⤵
  PID:11532
- C:\Windows\System\dgoylhx.exe
  C:\Windows\System\dgoylhx.exe
  2⤵
  PID:11668
- C:\Windows\System\OIAEKjV.exe
  C:\Windows\System\OIAEKjV.exe
  2⤵
  PID:11780
- C:\Windows\System\LMbYMfQ.exe
  C:\Windows\System\LMbYMfQ.exe
  2⤵
  PID:11928
- C:\Windows\System\yybopyk.exe
  C:\Windows\System\yybopyk.exe
  2⤵
  PID:12044
- C:\Windows\System\vCZkAIB.exe
  C:\Windows\System\vCZkAIB.exe
  2⤵
  PID:1016
- C:\Windows\System\FxZouOY.exe
  C:\Windows\System\FxZouOY.exe
  2⤵
  PID:2688
- C:\Windows\System\XmUvqZX.exe
  C:\Windows\System\XmUvqZX.exe
  2⤵
  PID:2752
- C:\Windows\System\XducbCP.exe
  C:\Windows\System\XducbCP.exe
  2⤵
  PID:3684
- C:\Windows\System\qjdwazI.exe
  C:\Windows\System\qjdwazI.exe
  2⤵
  PID:2756
- C:\Windows\System\HrgyxlR.exe
  C:\Windows\System\HrgyxlR.exe
  2⤵
  PID:11524
- C:\Windows\System\VGcQgnJ.exe
  C:\Windows\System\VGcQgnJ.exe
  2⤵
  PID:12296
- C:\Windows\System\CiJovxV.exe
  C:\Windows\System\CiJovxV.exe
  2⤵
  PID:12344
- C:\Windows\System\PpMTQeX.exe
  C:\Windows\System\PpMTQeX.exe
  2⤵
  PID:12364
- C:\Windows\System\VMeoTup.exe
  C:\Windows\System\VMeoTup.exe
  2⤵
  PID:12404
- C:\Windows\System\PMfDHYa.exe
  C:\Windows\System\PMfDHYa.exe
  2⤵
  PID:12440
- C:\Windows\System\rlIRoQE.exe
  C:\Windows\System\rlIRoQE.exe
  2⤵
  PID:12468
- C:\Windows\System\cKSjXPQ.exe
  C:\Windows\System\cKSjXPQ.exe
  2⤵
  PID:12496
- C:\Windows\System\RTeUTEO.exe
  C:\Windows\System\RTeUTEO.exe
  2⤵
  PID:12524
- C:\Windows\System\UfgkIoJ.exe
  C:\Windows\System\UfgkIoJ.exe
  2⤵
  PID:12552
- C:\Windows\System\zkarFIX.exe
  C:\Windows\System\zkarFIX.exe
  2⤵
  PID:12580
- C:\Windows\System\BihrrnQ.exe
  C:\Windows\System\BihrrnQ.exe
  2⤵
  PID:12608
- C:\Windows\System\BcWepkH.exe
  C:\Windows\System\BcWepkH.exe
  2⤵
  PID:12636
- C:\Windows\System\wGhydDA.exe
  C:\Windows\System\wGhydDA.exe
  2⤵
  PID:12664
- C:\Windows\System\DsxbbVr.exe
  C:\Windows\System\DsxbbVr.exe
  2⤵
  PID:12692
- C:\Windows\System\deHOxUn.exe
  C:\Windows\System\deHOxUn.exe
  2⤵
  PID:12720
- C:\Windows\System\jnItZXh.exe
  C:\Windows\System\jnItZXh.exe
  2⤵
  PID:12748
- C:\Windows\System\rxIsJwu.exe
  C:\Windows\System\rxIsJwu.exe
  2⤵
  PID:12776
- C:\Windows\System\NsYidQX.exe
  C:\Windows\System\NsYidQX.exe
  2⤵
  PID:12804
- C:\Windows\System\NWIOaIm.exe
  C:\Windows\System\NWIOaIm.exe
  2⤵
  PID:12832
- C:\Windows\System\aNouDYk.exe
  C:\Windows\System\aNouDYk.exe
  2⤵
  PID:12860
- C:\Windows\System\amGNrnp.exe
  C:\Windows\System\amGNrnp.exe
  2⤵
  PID:12888
- C:\Windows\System\riQVJaJ.exe
  C:\Windows\System\riQVJaJ.exe
  2⤵
  PID:12916
- C:\Windows\System\DvUlWan.exe
  C:\Windows\System\DvUlWan.exe
  2⤵
  PID:12944
- C:\Windows\System\CcHUjWr.exe
  C:\Windows\System\CcHUjWr.exe
  2⤵
  PID:12972
- C:\Windows\System\NpouqOP.exe
  C:\Windows\System\NpouqOP.exe
  2⤵
  PID:13000
- C:\Windows\System\ijXewfd.exe
  C:\Windows\System\ijXewfd.exe
  2⤵
  PID:13028
- C:\Windows\System\fyBojNc.exe
  C:\Windows\System\fyBojNc.exe
  2⤵
  PID:13056
- C:\Windows\System\uIDDJNR.exe
  C:\Windows\System\uIDDJNR.exe
  2⤵
  PID:13084
- C:\Windows\System\ixmWUTs.exe
  C:\Windows\System\ixmWUTs.exe
  2⤵
  PID:13112
- C:\Windows\System\pXICnXJ.exe
  C:\Windows\System\pXICnXJ.exe
  2⤵
  PID:13140
- C:\Windows\System\RJONjzY.exe
  C:\Windows\System\RJONjzY.exe
  2⤵
  PID:13168
- C:\Windows\System\iPWWcEd.exe
  C:\Windows\System\iPWWcEd.exe
  2⤵
  PID:13196
- C:\Windows\System\arakNFn.exe
  C:\Windows\System\arakNFn.exe
  2⤵
  PID:13224
- C:\Windows\System\dzrdHzp.exe
  C:\Windows\System\dzrdHzp.exe
  2⤵
  PID:13252
- C:\Windows\System\VIEJTPo.exe
  C:\Windows\System\VIEJTPo.exe
  2⤵
  PID:13280
- C:\Windows\System\EzOlMwN.exe
  C:\Windows\System\EzOlMwN.exe
  2⤵
  PID:12136
- C:\Windows\System\LIgudVZ.exe
  C:\Windows\System\LIgudVZ.exe
  2⤵
  PID:12352
- C:\Windows\System\fAjaTBU.exe
  C:\Windows\System\fAjaTBU.exe
  2⤵
  PID:12460
- C:\Windows\System\AjrSlCS.exe
  C:\Windows\System\AjrSlCS.exe
  2⤵
  PID:12520
- C:\Windows\System\tRfhdKn.exe
  C:\Windows\System\tRfhdKn.exe
  2⤵
  PID:12592
- C:\Windows\System\BvXetxc.exe
  C:\Windows\System\BvXetxc.exe
  2⤵
  PID:12656
- C:\Windows\System\avTWrEX.exe
  C:\Windows\System\avTWrEX.exe
  2⤵
  PID:12712
- C:\Windows\System\oEFjddi.exe
  C:\Windows\System\oEFjddi.exe
  2⤵
  PID:12772
- C:\Windows\System\oiaJSwj.exe
  C:\Windows\System\oiaJSwj.exe
  2⤵
  PID:12828
- C:\Windows\System\QDFHYGO.exe
  C:\Windows\System\QDFHYGO.exe
  2⤵
  PID:12900
- C:\Windows\System\whmRnMR.exe
  C:\Windows\System\whmRnMR.exe
  2⤵
  PID:1596
- C:\Windows\System\DiTueWA.exe
  C:\Windows\System\DiTueWA.exe
  2⤵
  PID:12992
- C:\Windows\System\LLlsBRq.exe
  C:\Windows\System\LLlsBRq.exe
  2⤵
  PID:13068
- C:\Windows\System\YHGjyTt.exe
  C:\Windows\System\YHGjyTt.exe
  2⤵
  PID:13080
- C:\Windows\System\HZwbJrV.exe
  C:\Windows\System\HZwbJrV.exe
  2⤵
  PID:13152
- C:\Windows\System\tEPuHLF.exe
  C:\Windows\System\tEPuHLF.exe
  2⤵
  PID:13216
- C:\Windows\System\qYlQhtz.exe
  C:\Windows\System\qYlQhtz.exe
  2⤵
  PID:13264
- C:\Windows\System\uUMhUEX.exe
  C:\Windows\System\uUMhUEX.exe
  2⤵
  PID:13308
- C:\Windows\System\JQAsFuY.exe
  C:\Windows\System\JQAsFuY.exe
  2⤵
  PID:12488
- C:\Windows\System\cFzHJNc.exe
  C:\Windows\System\cFzHJNc.exe
  2⤵
  PID:400
- C:\Windows\System\UKEjcDS.exe
  C:\Windows\System\UKEjcDS.exe
  2⤵
  PID:12740
- C:\Windows\System\OJCArvw.exe
  C:\Windows\System\OJCArvw.exe
  2⤵
  PID:12856
- C:\Windows\System\GSpoieB.exe
  C:\Windows\System\GSpoieB.exe
  2⤵
  PID:12968
- C:\Windows\System\HcYkmuy.exe
  C:\Windows\System\HcYkmuy.exe
  2⤵
  PID:13076
- C:\Windows\System\DPvlvFM.exe
  C:\Windows\System\DPvlvFM.exe
  2⤵
  PID:13208
- C:\Windows\System\XtGdVRb.exe
  C:\Windows\System\XtGdVRb.exe
  2⤵
  PID:12452
- C:\Windows\System\BUUBrto.exe
  C:\Windows\System\BUUBrto.exe
  2⤵
  PID:12688
- C:\Windows\System\lisqyFC.exe
  C:\Windows\System\lisqyFC.exe
  2⤵
  PID:5052
- C:\Windows\System\mmUMhZR.exe
  C:\Windows\System\mmUMhZR.exe
  2⤵
  PID:13192
- C:\Windows\System\jYLbOyU.exe
  C:\Windows\System\jYLbOyU.exe
  2⤵
  PID:4564
- C:\Windows\System\dmJgLTI.exe
  C:\Windows\System\dmJgLTI.exe
  2⤵
  PID:12620
- C:\Windows\System\ioRRFAI.exe
  C:\Windows\System\ioRRFAI.exe
  2⤵
  PID:4576
- C:\Windows\System\QgAmPqP.exe
  C:\Windows\System\QgAmPqP.exe
  2⤵
  PID:13332
- C:\Windows\System\HJUpetX.exe
  C:\Windows\System\HJUpetX.exe
  2⤵
  PID:13360
- C:\Windows\System\uyhLWJX.exe
  C:\Windows\System\uyhLWJX.exe
  2⤵
  PID:13388
- C:\Windows\System\GypsBww.exe
  C:\Windows\System\GypsBww.exe
  2⤵
  PID:13416
- C:\Windows\System\khzuAqo.exe
  C:\Windows\System\khzuAqo.exe
  2⤵
  PID:13456
- C:\Windows\System\LkKuzat.exe
  C:\Windows\System\LkKuzat.exe
  2⤵
  PID:13480
- C:\Windows\System\HrHkHtN.exe
  C:\Windows\System\HrHkHtN.exe
  2⤵
  PID:13500
- C:\Windows\System\IaiGYYg.exe
  C:\Windows\System\IaiGYYg.exe
  2⤵
  PID:13536
- C:\Windows\System\INOXtoc.exe
  C:\Windows\System\INOXtoc.exe
  2⤵
  PID:13564
- C:\Windows\System\oSRIgCz.exe
  C:\Windows\System\oSRIgCz.exe
  2⤵
  PID:13592
- C:\Windows\System\lTTigzA.exe
  C:\Windows\System\lTTigzA.exe
  2⤵
  PID:13620
- C:\Windows\System\hXXEieN.exe
  C:\Windows\System\hXXEieN.exe
  2⤵
  PID:13648
- C:\Windows\System\aFgAOgm.exe
  C:\Windows\System\aFgAOgm.exe
  2⤵
  PID:13676
- C:\Windows\System\KAsXBiK.exe
  C:\Windows\System\KAsXBiK.exe
  2⤵
  PID:13704
- C:\Windows\System\xXlgcpy.exe
  C:\Windows\System\xXlgcpy.exe
  2⤵
  PID:13732
- C:\Windows\System\eVSmlok.exe
  C:\Windows\System\eVSmlok.exe
  2⤵
  PID:13760
- C:\Windows\System\nDiUYoe.exe
  C:\Windows\System\nDiUYoe.exe
  2⤵
  PID:13800
- C:\Windows\System\WZCbLVu.exe
  C:\Windows\System\WZCbLVu.exe
  2⤵
  PID:13816
- C:\Windows\System\wdGDYSh.exe
  C:\Windows\System\wdGDYSh.exe
  2⤵
  PID:13844
- C:\Windows\System\cXvBttP.exe
  C:\Windows\System\cXvBttP.exe
  2⤵
  PID:13872
- C:\Windows\System\VcnaAsk.exe
  C:\Windows\System\VcnaAsk.exe
  2⤵
  PID:13900
- C:\Windows\System\bRHFcpx.exe
  C:\Windows\System\bRHFcpx.exe
  2⤵
  PID:13928
- C:\Windows\System\xTRORkh.exe
  C:\Windows\System\xTRORkh.exe
  2⤵
  PID:13956
- C:\Windows\System\nwRclHI.exe
  C:\Windows\System\nwRclHI.exe
  2⤵
  PID:13984
- C:\Windows\System\aBCgNMh.exe
  C:\Windows\System\aBCgNMh.exe
  2⤵
  PID:14012
- C:\Windows\System\XGkjBVw.exe
  C:\Windows\System\XGkjBVw.exe
  2⤵
  PID:14040
- C:\Windows\System\EgvBuJH.exe
  C:\Windows\System\EgvBuJH.exe
  2⤵
  PID:14072
- C:\Windows\System\XqzIvOe.exe
  C:\Windows\System\XqzIvOe.exe
  2⤵
  PID:14100
- C:\Windows\System\XVzgkhz.exe
  C:\Windows\System\XVzgkhz.exe
  2⤵
  PID:14128
- C:\Windows\System\EpPgkJt.exe
  C:\Windows\System\EpPgkJt.exe
  2⤵
  PID:14156
- C:\Windows\System\VfSgVcb.exe
  C:\Windows\System\VfSgVcb.exe
  2⤵
  PID:14184
- C:\Windows\System\VpIchDu.exe
  C:\Windows\System\VpIchDu.exe
  2⤵
  PID:14212
- C:\Windows\System\TnaUJJq.exe
  C:\Windows\System\TnaUJJq.exe
  2⤵
  PID:14240
- C:\Windows\System\iMzrTSx.exe
  C:\Windows\System\iMzrTSx.exe
  2⤵
  PID:14268
- C:\Windows\System\OBTWyMa.exe
  C:\Windows\System\OBTWyMa.exe
  2⤵
  PID:14296
- C:\Windows\System\AxTOfCr.exe
  C:\Windows\System\AxTOfCr.exe
  2⤵
  PID:14324
- C:\Windows\System\RoDMfvy.exe
  C:\Windows\System\RoDMfvy.exe
  2⤵
  PID:13352
- C:\Windows\System\HLyDXHq.exe
  C:\Windows\System\HLyDXHq.exe
  2⤵
  PID:13412
- C:\Windows\System\FOpvFVs.exe
  C:\Windows\System\FOpvFVs.exe
  2⤵
  PID:13468
- C:\Windows\System\CbTPymP.exe
  C:\Windows\System\CbTPymP.exe
  2⤵
  PID:13532
- C:\Windows\System\FlVKxgJ.exe
  C:\Windows\System\FlVKxgJ.exe
  2⤵
  PID:13588
- C:\Windows\System\JBNrREF.exe
  C:\Windows\System\JBNrREF.exe
  2⤵
  PID:13644
- C:\Windows\System\vmkjGNL.exe
  C:\Windows\System\vmkjGNL.exe
  2⤵
  PID:13700
- C:\Windows\System\LUVVXsq.exe
  C:\Windows\System\LUVVXsq.exe
  2⤵
  PID:13772
- C:\Windows\System\JUWfSgw.exe
  C:\Windows\System\JUWfSgw.exe
  2⤵
  PID:13828
- C:\Windows\System\fmrrqPE.exe
  C:\Windows\System\fmrrqPE.exe
  2⤵
  PID:13884
- C:\Windows\System\AWfYhiZ.exe
  C:\Windows\System\AWfYhiZ.exe
  2⤵
  PID:13912
- C:\Windows\System\bdsYUKQ.exe
  C:\Windows\System\bdsYUKQ.exe
  2⤵
  PID:13976
- C:\Windows\System\TSWqjWF.exe
  C:\Windows\System\TSWqjWF.exe
  2⤵
  PID:14036
- C:\Windows\System\pmaXoXr.exe
  C:\Windows\System\pmaXoXr.exe
  2⤵
  PID:14112
- C:\Windows\System\ZblbaAf.exe
  C:\Windows\System\ZblbaAf.exe
  2⤵
  PID:3524
- C:\Windows\System\EXitHMN.exe
  C:\Windows\System\EXitHMN.exe
  2⤵
  PID:10212
- C:\Windows\System\AvfDyxY.exe
  C:\Windows\System\AvfDyxY.exe
  2⤵
  PID:9576
- C:\Windows\System\CcuCoZn.exe
  C:\Windows\System\CcuCoZn.exe
  2⤵
  PID:9620
- C:\Windows\System\LpogPjs.exe
  C:\Windows\System\LpogPjs.exe
  2⤵
  PID:3424
- C:\Windows\System\auNYMpc.exe
  C:\Windows\System\auNYMpc.exe
  2⤵
  PID:14260
- C:\Windows\System\YTKIuIq.exe
  C:\Windows\System\YTKIuIq.exe
  2⤵
  PID:13380
- C:\Windows\System\yzjoItj.exe
  C:\Windows\System\yzjoItj.exe
  2⤵
  PID:13492
- C:\Windows\System\uTTXBjY.exe
  C:\Windows\System\uTTXBjY.exe
  2⤵
  PID:13576
- C:\Windows\System\kDIPPNL.exe
  C:\Windows\System\kDIPPNL.exe
  2⤵
  PID:13696
- C:\Windows\System\aETyQjq.exe
  C:\Windows\System\aETyQjq.exe
  2⤵
  PID:13840
- C:\Windows\System\JmbYWHy.exe
  C:\Windows\System\JmbYWHy.exe
  2⤵
  PID:13952
- C:\Windows\System\lYvRfuj.exe
  C:\Windows\System\lYvRfuj.exe
  2⤵
  PID:4568
- C:\Windows\System\bzpXVfK.exe
  C:\Windows\System\bzpXVfK.exe
  2⤵
  PID:9580
- C:\Windows\System\MJCyBBT.exe
  C:\Windows\System\MJCyBBT.exe
  2⤵
  PID:14180
- C:\Windows\System\gEMmsDt.exe
  C:\Windows\System\gEMmsDt.exe
  2⤵
  PID:14308
- C:\Windows\System\JJcAqBo.exe
  C:\Windows\System\JJcAqBo.exe
  2⤵
  PID:13560
- C:\Windows\System\XuuQaEH.exe
  C:\Windows\System\XuuQaEH.exe
  2⤵
  PID:13892
- C:\Windows\System\NCOMwCX.exe
  C:\Windows\System\NCOMwCX.exe
  2⤵
  PID:9636
- C:\Windows\System\nPxvgUM.exe
  C:\Windows\System\nPxvgUM.exe
  2⤵
  PID:3404
- C:\Windows\System\NtbBRgX.exe
  C:\Windows\System\NtbBRgX.exe
  2⤵
  PID:14024
- C:\Windows\System\pgVZliw.exe
  C:\Windows\System\pgVZliw.exe
  2⤵
  PID:13808
- C:\Windows\System\XbZrSLI.exe
  C:\Windows\System\XbZrSLI.exe
  2⤵
  PID:14344
- C:\Windows\System\yapDXPz.exe
  C:\Windows\System\yapDXPz.exe
  2⤵
  PID:14372
- C:\Windows\System\KOFHKUL.exe
  C:\Windows\System\KOFHKUL.exe
  2⤵
  PID:14400
- C:\Windows\System\NZHQtOH.exe
  C:\Windows\System\NZHQtOH.exe
  2⤵
  PID:14428
- C:\Windows\System\jKjnCbC.exe
  C:\Windows\System\jKjnCbC.exe
  2⤵
  PID:14456
- C:\Windows\System\dzIvWIA.exe
  C:\Windows\System\dzIvWIA.exe
  2⤵
  PID:14484
- C:\Windows\System\OuUnOCf.exe
  C:\Windows\System\OuUnOCf.exe
  2⤵
  PID:14512
- C:\Windows\System\sPeOLtk.exe
  C:\Windows\System\sPeOLtk.exe
  2⤵
  PID:14540
- C:\Windows\System\XFtHXHv.exe
  C:\Windows\System\XFtHXHv.exe
  2⤵
  PID:14568
- C:\Windows\System\JIyKuvY.exe
  C:\Windows\System\JIyKuvY.exe
  2⤵
  PID:14596
- C:\Windows\System\skwPOeX.exe
  C:\Windows\System\skwPOeX.exe
  2⤵
  PID:14624
- C:\Windows\System\GgrDdEi.exe
  C:\Windows\System\GgrDdEi.exe
  2⤵
  PID:14652
- C:\Windows\System\ViBQIgy.exe
  C:\Windows\System\ViBQIgy.exe
  2⤵
  PID:14684
- C:\Windows\System\YSruHrt.exe
  C:\Windows\System\YSruHrt.exe
  2⤵
  PID:14712
- C:\Windows\System\ZdGatmG.exe
  C:\Windows\System\ZdGatmG.exe
  2⤵
  PID:14740
- C:\Windows\System\AZwpLXY.exe
  C:\Windows\System\AZwpLXY.exe
  2⤵
  PID:14768
- C:\Windows\System\dURCTyx.exe
  C:\Windows\System\dURCTyx.exe
  2⤵
  PID:14808
- C:\Windows\System\KVAYOtc.exe
  C:\Windows\System\KVAYOtc.exe
  2⤵
  PID:14824
- C:\Windows\System\HyKvvGA.exe
  C:\Windows\System\HyKvvGA.exe
  2⤵
  PID:14852
- C:\Windows\System\ybqmJVt.exe
  C:\Windows\System\ybqmJVt.exe
  2⤵
  PID:14880
- C:\Windows\System\CbUqPvK.exe
  C:\Windows\System\CbUqPvK.exe
  2⤵
  PID:14908
- C:\Windows\System\ifxOUYu.exe
  C:\Windows\System\ifxOUYu.exe
  2⤵
  PID:14936
- C:\Windows\System\GPAWfuD.exe
  C:\Windows\System\GPAWfuD.exe
  2⤵
  PID:14964
- C:\Windows\System\rxnEopd.exe
  C:\Windows\System\rxnEopd.exe
  2⤵
  PID:14992
- C:\Windows\System\rxDRrCG.exe
  C:\Windows\System\rxDRrCG.exe
  2⤵
  PID:15028
- C:\Windows\System\GfAVRQN.exe
  C:\Windows\System\GfAVRQN.exe
  2⤵
  PID:15048

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 94eaca98d6f3693097b87fbb08dcda8b 2A6ptEMmt0a9n3dFIAb5rg.0.1.0.0.0
1⤵
PID:9576

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ARvmvrj.exe

Filesize
6.0MB

MD5
464a55e8fc50496b18c0faae421243e3

SHA1
26081ee0037b9ba6515b2194f40370c388bc2247

SHA256
74c12aec2df528bfe8bf8c999ec2dbd0b3e529647dce40e056617f494de132bb

SHA512
3cd0ea1ef1d31f6e87db6275c82ba4c1a2b24c43662e8cbb1900e6686432c90ecc69f5a3832ed2aef489ac013de06b2ed38935ac951449c68c55a607f2daac49

Download Submit
C:\Windows\System\CRlEWrI.exe

Filesize
6.0MB

MD5
95f98914cdac8d14c22079f87ac249fa

SHA1
35614fd824234b1d5c7bb770be93888061743d1c

SHA256
80b540996429a1ceff884192de358b7b2d3844b3204b90dd45546d70b988a37c

SHA512
fc620faa772c9bc95ace16600f9ce965cc7b631468610a1e56fda7da8fc7f139f551fc55a6a5b8cccf57441d43b83ac84e657a051cfcd3184b7ee6614b13b4a0

Download Submit
C:\Windows\System\CUywRRo.exe

Filesize
6.0MB

MD5
497b500b76ffb25650c9bd2eafc6f39d

SHA1
ed986547b57f9f81dece727ad980f7a72085e24c

SHA256
9977b76d0a313656e681629a65259dc970e37c05d842a1f1b3e00b25fc89c8d1

SHA512
312ae338f1c3d4d25a37714bbf559076af0cdf1cb2ca297345cfa8767594a2036aae4845d0f9b56d5bd17bb0b705698ff1ae693f5d1a83a4c727cbe910091b40

Download Submit
C:\Windows\System\DSCMIwo.exe

Filesize
6.0MB

MD5
c84731165461234e96531127fb4eeb98

SHA1
f2b28b1d272895f9ec0703440bc912ebeb0ea32b

SHA256
bb5f682d5d6680e5bf1e11b1d64c51448d6269a209b0f8ee2dfedadb0c0354d4

SHA512
351b2b5e976a13945e39960c326d931dd38848413814e3cdc6d0c2f721f602d6916a31b973e13781608572fc4e722c5f6fe62e5295d48f258f4cd0376bced430

Download Submit
C:\Windows\System\IFdxbFd.exe

Filesize
6.0MB

MD5
1767da754c88c57a36895618e8481dd7

SHA1
0a2fe57847e841824fddb99d8b1a197047122718

SHA256
1851dec09e060ea5f1579caf48450e4b67710106bd9d6f5e3d9fe7a3a521cdc0

SHA512
768e0ae348e2ef427d4fb0c4883a6e6ccef99ca6b4ba12a3fc332a81e89cc01d31f8dace0aebfba6cd8f1043de2ce393ab9a91310568fb80d76fa91a25400d54

Download Submit
C:\Windows\System\InVVDsB.exe

Filesize
6.0MB

MD5
4a9da8bd60d28423a439a45e2c11229a

SHA1
55a2aacb112f13e17c47bad5b056d3fca372542c

SHA256
206a32b9515e63a4ce0efef79707a607af605be35e66dd579dda329666a02b4d

SHA512
507bd40c4c16dabe5664bc13156bf4c35dadce749a638be4b190e8c3ca5182f1f73f5aae4109a87ea98c018fe1f1d7d878fc86cd0864903ea665443f4860a100

Download Submit
C:\Windows\System\IqihhOu.exe

Filesize
6.0MB

MD5
6f07414733d283d9e06c2b22bce42874

SHA1
4be692b6ad18a7e6e5eaa3750f3b698f8280756f

SHA256
d4980ef536b96679c256fca6e9ea91d67b9ecbc530ae4d1b25576118736f9987

SHA512
1a2f8c3ca657ae681addb421f9b5b3a01f43994919ec018e215748b9ac3cac6e319b45f556a6f4c85ad6592f4ffd914487f7b8f4e84902ed8ca2ab1ed336282e

Download Submit
C:\Windows\System\KauNcWm.exe

Filesize
6.0MB

MD5
243d36a30b801f8bfd1783cc0c949ff7

SHA1
be6bee39e7553ef884acf5058366e526cc912740

SHA256
ad595972142ea1a871464871f82897c1ec598af6c532f34170e31b9ee37ef6c9

SHA512
562583c181de8a12b0120854a8309de563e83c64ffdf2be910dcb2136c6f57b47a4acf2b2311d4bf89576873e9e851603c40714e2166498425a1dea1aa0f0d4f

Download Submit
C:\Windows\System\KoIzpXB.exe

Filesize
6.0MB

MD5
09c5dbe7ae863cc282625f553abdef2a

SHA1
0550cea2588fc6cdde56c1de23fefeda1ced0b26

SHA256
aadce11c2f59cce7a1a193dd299a2b3656be959e6966712b1f383eaa8a82cc4b

SHA512
e48bfd94c7428b6b198727cea6487c0b4ab11a071a1ec9b49c4487aaa42c2ecb36d35403cdb1ac1a2a025c7a5abb41209d2c9e3da11c27e53b1da48686fc8b8f

Download Submit
C:\Windows\System\LkivehP.exe

Filesize
6.0MB

MD5
3f7aaada3f784efdd8606ed03de7b9fe

SHA1
dfed4024e65fd8b0434cb281d027464d31e4a210

SHA256
cafdfdd361b46fd65ed010f7ea2d30e4412fe8eb1cf588bfc31e4d0105206889

SHA512
bd82cb5bbd5bfd71d1b34c6db9f51c36c8f16e7cb1503cdca2e765205e1f34a5ec028ab5e3e843fc44db91f225cee2b94085692ac91474a40f048c68003f7c65

Download Submit
C:\Windows\System\NKgaHzX.exe

Filesize
6.0MB

MD5
c22e030e843ca68cb267570ee5c1ce35

SHA1
bc80d27638a564e63976b6f2c17dbc0014b5dcac

SHA256
386c8bfdffd93ae39ef9e4294f69eb290dbb32b5c296b3e0c94bc9d26d815a97

SHA512
cd63a59590854dd68b4c5c32a126bf50a805839bedfd69debfb2cebcd372f2260875467ed57111cc3003b71e4946a4b01c429ddc357f3e844edce90c519b4821

Download Submit
C:\Windows\System\NnSyOEW.exe

Filesize
6.0MB

MD5
1d39d713297692ab5d3f683aa6a6f648

SHA1
4c95534801bc5c0700e444d07cb3477c9286e465

SHA256
d809eb0d9747ddea2ccd9b5e07462f1c10893e3df716ca41b77a5abfa2acec82

SHA512
fdbbe27dd8e32c4ca20fc548dc8e46ba9ed9a9c85776c97343562244788e18981ff3922d6385d21240700659f370955a58d9eea74a309e8035eae359dd8516a6

Download Submit
C:\Windows\System\OxnXEni.exe

Filesize
6.0MB

MD5
ed89fc551a84f584946d499f18599542

SHA1
3d829d8b855634e5da98d52db19f617c6eb05b75

SHA256
833b2ef2787e37515f9467cef9b8b757f0550df1e451655eb21d5c3252f432cf

SHA512
618e4030d545e3bce834aeff0fc775000836a30d8e5c61cd2e3581e87e098725156287d4174c2d5a815fc625fa911138f41f39b216c19650836515dceafc5d46

Download Submit
C:\Windows\System\PhGRybH.exe

Filesize
6.0MB

MD5
fc9dea33e99838c7173a682bf435a0c5

SHA1
1e2b04fc1ed0b7b57d875f42569d1018b0f6b434

SHA256
4e8460d3b1de15b56b59c20aeb64927127924f1f28f8b203cce0e76f0af5f71d

SHA512
f73c19cb4edb2c5698d78b1de35ca415794c944c37725b03faacdf3f6862f9bde0ebb28371cc062157b66e9042312587c3b5318f98964bde54a0afe74bc0a0fb

Download Submit
C:\Windows\System\TjeuKta.exe

Filesize
6.0MB

MD5
11620efd734f3df25b2b8c12fa0a73d0

SHA1
40f90b49ae79c45b41ceb3994c25e97c0758eff0

SHA256
1acadff1b0360634212dd77fbd9cb6a29696e585d18b3ffcd43f95e1f31ab2d6

SHA512
1ff3093b46f0e9d4a86a056ca37f5bfde9462aa7c342d6f6fd74f7c1648f7ef7127595b694673fd19ef77e28c319c72810acdfdb162331b607da021b2c7b620c

Download Submit
C:\Windows\System\ZEFypbw.exe

Filesize
6.0MB

MD5
791e468d859dd65c599d828e082f5363

SHA1
336c2977e48fc35ed49bd001aedf072095b87015

SHA256
7cf2712c8b3dc21deb245ffd92221a4818593d337a706a9cf8a79a865d124201

SHA512
16d088fc2ec927925cc4a354df76ba93168cef4ad7e1e2ad4e67b039a9870c28fa9894112a74615173e4358ba835b18302b4dc2c31b25bf4ee4f152f53430e18

Download Submit
C:\Windows\System\ZQsVupx.exe

Filesize
6.0MB

MD5
62d710c00bd681fde4fcbf11d7f158a2

SHA1
7e9d5b9b0ee24f0e13bab8a365d082b3fed5cc99

SHA256
afcf041dfd5ec2fabd8762dadaf3d19165efdb8081743ad35a725ee14a6374bd

SHA512
8b8534d8eb3d23a3c0dd0e227f40d1859d7195a815aa5e6b7a5c1db7e386829aa644069ea476aad94b91bb92a3965977ca89a5ba9d543dfcc670af31fa801ed8

Download Submit
C:\Windows\System\bOASfkn.exe

Filesize
6.0MB

MD5
982f444c0057d659dfa70e12d6151e15

SHA1
3c41cb5d7109265df6668d8c73558b9803e23c90

SHA256
dc5179aa8bd35b58ef31a4ebf873f22fa96078ad7282705271d978216fe95bdb

SHA512
79d98e34e38f452687d783dd5c49fa6e6468161b6845897d73ca236f4efd079d002de2300fb65237b45319eb1a287d17b4e710e43ebf6d0c735e773dc15fa802

Download Submit
C:\Windows\System\cfWhgFM.exe

Filesize
6.0MB

MD5
3ef1d3bd667ae32a53021666375ead36

SHA1
8eb175f89ee64bfef4bdf7900f42bfd628344a7e

SHA256
f6c4d6d4ba3adf2b184ee1fbd09df8b56c7e495d41cc3ed4020b83a479750722

SHA512
f4308208ef2af2d17558515203c994e9a79b67be3ae8797cb0ca06c977da9780664eefa3b917380786d78410f203b5e3d49e49013e77f9a9b501bd3c9f6ec208

Download Submit
C:\Windows\System\iLfsCYt.exe

Filesize
6.0MB

MD5
ed01df6d90601191d55e714ddc13a078

SHA1
e81e6ee9ec4cdfc02cb7f2668d8b9a16e1738280

SHA256
c3105dd6cda784c43661985c87f798d94119f0f4b13fc1a6668acdaf9fcfe5db

SHA512
7d4954bff9f39aeda85ca277feaee69b628323baf1468f49bd1529104e57faf590a6197b797ff4f7a95081f512046ac2ed67a3b57dbaf3e3810b290f405c5c40

Download Submit
C:\Windows\System\kWVYAne.exe

Filesize
6.0MB

MD5
cd745dcdaf48e3bd1112a43fcfbd0b52

SHA1
e10ceea6bb5df622bbb71a37752824c42a107a50

SHA256
a84ebab5c3c598efc8153c718aaf55d0b54c03da0581ac27a215d266fe53b336

SHA512
6290b965a0699b05989f1af14b97e6343fc6e129aef6c8b967fb47bd2da0ed8ea88836926fa9ed25a1635cd7877189055774ca0ff5c1b5a8cbf9fd55e7c62447

Download Submit
C:\Windows\System\lxBWktB.exe

Filesize
6.0MB

MD5
9f5d4d3a844fd772fc25a54749bf0800

SHA1
fa2ee082676412883ce6a226664b476dc22ae44e

SHA256
205f8ffc1136eadc94a710042818eeb9f05b5248031a2c18c6e0dde7670aa204

SHA512
15fbef84667dd957b2cd352a8fb690f43ac0918e7cc008f1a0ae3361a7a7f22c83e47653b49578bfca5ed738ea0b0b29178fb5505b79f54ebe9837b392da99ea

Download Submit
C:\Windows\System\nbDwLer.exe

Filesize
6.0MB

MD5
3f0f365d1d0d6d118e1fa1473e787438

SHA1
0c175fa633966be7ec493ab9a2229a4c9ca40ba7

SHA256
0da0728d7abd015d5727dd12875595b4758246a3b4a694843c34ee4eb352c91f

SHA512
9152a843e8622310c9035d62de258f8349506ec0997da6b59fee975fea1c952092d5d5ad5602798ec3bcfaaceb858656590568ac97e1965dec37767ffa44fa42

Download Submit
C:\Windows\System\puCseSs.exe

Filesize
6.0MB

MD5
d086edf52cee64527c3cd105d9ab6052

SHA1
2a115fe47472a90db71df03367880068a44c4be3

SHA256
6993dc910bdb23f72e0f377b4062ef129be203249c27092a9c92da14a5441790

SHA512
c80b148669a6a58be56643ff3b01239742d80adc5d9dae9e75cb3210a4a16d0967c6690c92ddd3f91fdb4faa3dd4d99623eccc16e0e690134a8f7e837a02252f

Download Submit
C:\Windows\System\pvcfjtN.exe

Filesize
6.0MB

MD5
bf0c55294184a1d115bd5318c0df433d

SHA1
402d468bd768fad435545ece659e1d3e36db9135

SHA256
46377c574867db9ecce9778c351c1811c1f253d581535095346945d1d27c1864

SHA512
5f1bd4f9edf14996aa1eb1a9678835fbae5d1e10c36284670409d2e4ba9b5875abf254aac00c0e4be824d2b170e59d767959fd3c7722db336cc064509de88c2c

Download Submit
C:\Windows\System\qzZiZtq.exe

Filesize
6.0MB

MD5
9605bad47256fa6af2203286a360257d

SHA1
ba876135448df7160ab8b2df1fbf62a4d2b93970

SHA256
02f3816d900345567d6433175ed57c9d077da71aaf28ce605058aef2e3be8b93

SHA512
2d81ab27aad2d325f40784a876186b3aa22407f62be7d1f7eafb2ad474582a8cc08769e680e2dcda7d4198ec4da7f589a9a6eed536bc9e1a8ab52b8d70f4a89b

Download Submit
C:\Windows\System\sOxmrPg.exe

Filesize
6.0MB

MD5
52a2714e9d8c30f1fc1df74263560382

SHA1
95b9465ebcc76a717fc8ead147348539df088b7b

SHA256
1e664933edae09015ca8761b794f36be205c0f1316897443dede05f32d934155

SHA512
fe077b3734618119975926e4ed649912509f7af5189c3763ec3391d867f9c3eea07e4deacef42f18af06a4f25c08c3dd19b7acdae2af1e7efa42bfa1cc9d718a

Download Submit
C:\Windows\System\tkLHJFX.exe

Filesize
6.0MB

MD5
3936750a68d2bb388da32a56c5ba8a82

SHA1
182d074de96278dc2427fca22fd1f8f3ca10db55

SHA256
67dd2536a8a3e76c4b7276b8d7896b27f0c65787f59828e5acc238211a8598c3

SHA512
438fc318139d6e96a402759605e12e700efbd72fe5b5a06590fd23b5231394e73c657bb9746f005922907d8ca20c2628a4624bb6144bbd11bccd2d7885e09635

Download Submit
C:\Windows\System\vNOoRPJ.exe

Filesize
6.0MB

MD5
86d9307ad48214fba614539b70418765

SHA1
f6e32a08732880a58a054d8ecf2b1b4c0bf49d92

SHA256
0edd29aef2a2ed2302431410eb9a0cdbc002af9b8843be6b80f0e9be2d1c86c7

SHA512
f7690e5d217e8576affae6554ab341cd285e155a836ca4b5f685b9be579f09c04c6c0c224e90d4fa9db6e9823e32e6de699006120f0529409221c101bb6141e1

Download Submit
C:\Windows\System\wgWDFeJ.exe

Filesize
6.0MB

MD5
0fb534ed6b13d6fbe8e4291268e55936

SHA1
d71c48e3ddcf3f7b407062b8c0dce5ac87088f36

SHA256
9767037b8607b78119969db12827e36164cf64fe442bfee270b3edd01af4cbf1

SHA512
8d04a2c6d3ccce85855c06edb9d6d5a3c4817f224b48985dde6cb5885ec46422c4a94715fd581594208dfc086c2db8acf1a7d4266d00729aa655d7d0d9be19ba

Download Submit
C:\Windows\System\wnrQHNe.exe

Filesize
6.0MB

MD5
d7f7020e84abc4cb5796c2181582ee88

SHA1
20df65eaf8e2dbe26c414a959951636261bd6677

SHA256
2c6700dbad48eacfaafd7a58f2b81043c3691904283a6910f60c4785f9d6350e

SHA512
7b0e6dcf9d1d13ce89ab22320313d886d9847b81a83dfa077fcab58349b0f815d5af6c809f88d94589b19b4656fba857aa4f40eec314305b8b3c668b0e653a15

Download Submit
C:\Windows\System\yBQhlMb.exe

Filesize
6.0MB

MD5
fe302c4cc801c271489217435cf62a70

SHA1
f3552d717bfa0dffac1eccad5b73669bb915b374

SHA256
41ba1db2f02993fe822dd4469ca27e8f0bdaa8d75787fa9452fc3ef05a66996c

SHA512
a554a03c022aa51d2731e133980bcd3eec6a9e80619a8f8aceaac680d91a8f71986540840c2c286549c890a007e592389ab2267eafa0fbbff7b85cadc1376b39

Download Submit
C:\Windows\System\ybLRBug.exe

Filesize
6.0MB

MD5
54c1d435e3e13f530a2f61da3ff04fa9

SHA1
b40e844810854adfb2c988d03339b1e1b6266713

SHA256
47c2e987c2f4cecd2a7d56c980826b537b129fedbaf3704be291e23a04585161

SHA512
75fcf9edc00dbe0d31895526b258971d87e249be65321f062c3ed7bb8c5a5b29a620c7b3057d0c392524ced17b1627b570649c943a9ab426e77692618021cc63

Download Submit
C:\Windows\System\zMeKgkm.exe

Filesize
6.0MB

MD5
ea8c3f0528564aecb337482e27ca4b14

SHA1
7ebb03ad4086ffe6027588709bcc6adccd9c8fe4

SHA256
15c371f650b17f7a3f9c88840b8264efd669859ee4e278e940c4c12c4b2c759e

SHA512
eaf12d2fada37ca14cd05b7f2ef07d9de690ae724b341d4cec22ac3f75b6426c3a52f326787d3cd7220be08e01634311b59fb5def1cfd5fb8d26b48c01df1924

Download Submit
memory/212-74-0x00007FF7450C0000-0x00007FF745414000-memory.dmp

Filesize
3.3MB

Download
memory/212-139-0x00007FF7450C0000-0x00007FF745414000-memory.dmp

Filesize
3.3MB

Download
memory/212-2251-0x00007FF7450C0000-0x00007FF745414000-memory.dmp

Filesize
3.3MB

Download
memory/436-194-0x00007FF707180000-0x00007FF7074D4000-memory.dmp

Filesize
3.3MB

Download
memory/436-732-0x00007FF707180000-0x00007FF7074D4000-memory.dmp

Filesize
3.3MB

Download
memory/436-2268-0x00007FF707180000-0x00007FF7074D4000-memory.dmp

Filesize
3.3MB

Download
memory/440-1-0x000002623E420000-0x000002623E430000-memory.dmp

Filesize
64KB

Download
memory/440-59-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp

Filesize
3.3MB

Download
memory/440-0-0x00007FF6CD730000-0x00007FF6CDA84000-memory.dmp

Filesize
3.3MB

Download
memory/536-2253-0x00007FF612EC0000-0x00007FF613214000-memory.dmp

Filesize
3.3MB

Download
memory/536-90-0x00007FF612EC0000-0x00007FF613214000-memory.dmp

Filesize
3.3MB

Download
memory/812-143-0x00007FF69CFF0000-0x00007FF69D344000-memory.dmp

Filesize
3.3MB

Download
memory/812-2261-0x00007FF69CFF0000-0x00007FF69D344000-memory.dmp

Filesize
3.3MB

Download
memory/812-214-0x00007FF69CFF0000-0x00007FF69D344000-memory.dmp

Filesize
3.3MB

Download
memory/992-2252-0x00007FF74C100000-0x00007FF74C454000-memory.dmp

Filesize
3.3MB

Download
memory/992-146-0x00007FF74C100000-0x00007FF74C454000-memory.dmp

Filesize
3.3MB

Download
memory/992-82-0x00007FF74C100000-0x00007FF74C454000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2263-0x00007FF665EF0000-0x00007FF666244000-memory.dmp

Filesize
3.3MB

Download
memory/1332-166-0x00007FF665EF0000-0x00007FF666244000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2262-0x00007FF6557D0000-0x00007FF655B24000-memory.dmp

Filesize
3.3MB

Download
memory/1500-153-0x00007FF6557D0000-0x00007FF655B24000-memory.dmp

Filesize
3.3MB

Download
memory/1500-369-0x00007FF6557D0000-0x00007FF655B24000-memory.dmp

Filesize
3.3MB

Download
memory/1820-191-0x00007FF6243D0000-0x00007FF624724000-memory.dmp

Filesize
3.3MB

Download
memory/1820-129-0x00007FF6243D0000-0x00007FF624724000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2259-0x00007FF6243D0000-0x00007FF624724000-memory.dmp

Filesize
3.3MB

Download
memory/1876-423-0x00007FF6A5CC0000-0x00007FF6A6014000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2264-0x00007FF6A5CC0000-0x00007FF6A6014000-memory.dmp

Filesize
3.3MB

Download
memory/1876-157-0x00007FF6A5CC0000-0x00007FF6A6014000-memory.dmp

Filesize
3.3MB

Download
memory/2200-89-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2243-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp

Filesize
3.3MB

Download
memory/2200-24-0x00007FF7C8A10000-0x00007FF7C8D64000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2267-0x00007FF75EFA0000-0x00007FF75F2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-182-0x00007FF75EFA0000-0x00007FF75F2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-668-0x00007FF75EFA0000-0x00007FF75F2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2245-0x00007FF7764E0000-0x00007FF776834000-memory.dmp

Filesize
3.3MB

Download
memory/2336-38-0x00007FF7764E0000-0x00007FF776834000-memory.dmp

Filesize
3.3MB

Download
memory/2392-52-0x00007FF791270000-0x00007FF7915C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-116-0x00007FF791270000-0x00007FF7915C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2247-0x00007FF791270000-0x00007FF7915C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2249-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-65-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-124-0x00007FF6F73A0000-0x00007FF6F76F4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-44-0x00007FF605E10000-0x00007FF606164000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2246-0x00007FF605E10000-0x00007FF606164000-memory.dmp

Filesize
3.3MB

Download
memory/2664-107-0x00007FF605E10000-0x00007FF606164000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2257-0x00007FF7240E0000-0x00007FF724434000-memory.dmp

Filesize
3.3MB

Download
memory/2680-117-0x00007FF7240E0000-0x00007FF724434000-memory.dmp

Filesize
3.3MB

Download
memory/2780-138-0x00007FF67C430000-0x00007FF67C784000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2260-0x00007FF67C430000-0x00007FF67C784000-memory.dmp

Filesize
3.3MB

Download
memory/2780-204-0x00007FF67C430000-0x00007FF67C784000-memory.dmp

Filesize
3.3MB

Download
memory/3220-160-0x00007FF69DB80000-0x00007FF69DED4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2255-0x00007FF69DB80000-0x00007FF69DED4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-101-0x00007FF69DB80000-0x00007FF69DED4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-20-0x00007FF72E500000-0x00007FF72E854000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2242-0x00007FF72E500000-0x00007FF72E854000-memory.dmp

Filesize
3.3MB

Download
memory/3272-81-0x00007FF72E500000-0x00007FF72E854000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2258-0x00007FF7B6260000-0x00007FF7B65B4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-128-0x00007FF7B6260000-0x00007FF7B65B4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-69-0x00007FF769550000-0x00007FF7698A4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-134-0x00007FF769550000-0x00007FF7698A4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2250-0x00007FF769550000-0x00007FF7698A4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2240-0x00007FF6EE7C0000-0x00007FF6EEB14000-memory.dmp

Filesize
3.3MB

Download
memory/3968-8-0x00007FF6EE7C0000-0x00007FF6EEB14000-memory.dmp

Filesize
3.3MB

Download
memory/4088-14-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2241-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-73-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-108-0x00007FF6B3340000-0x00007FF6B3694000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2256-0x00007FF6B3340000-0x00007FF6B3694000-memory.dmp

Filesize
3.3MB

Download
memory/4264-165-0x00007FF6B3340000-0x00007FF6B3694000-memory.dmp

Filesize
3.3MB

Download
memory/4268-96-0x00007FF758B20000-0x00007FF758E74000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2244-0x00007FF758B20000-0x00007FF758E74000-memory.dmp

Filesize
3.3MB

Download
memory/4268-30-0x00007FF758B20000-0x00007FF758E74000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2265-0x00007FF6AB1C0000-0x00007FF6AB514000-memory.dmp

Filesize
3.3MB

Download
memory/4432-481-0x00007FF6AB1C0000-0x00007FF6AB514000-memory.dmp

Filesize
3.3MB

Download
memory/4432-173-0x00007FF6AB1C0000-0x00007FF6AB514000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2248-0x00007FF752340000-0x00007FF752694000-memory.dmp

Filesize
3.3MB

Download
memory/4436-54-0x00007FF752340000-0x00007FF752694000-memory.dmp

Filesize
3.3MB

Download
memory/4436-123-0x00007FF752340000-0x00007FF752694000-memory.dmp

Filesize
3.3MB

Download
memory/4700-97-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2254-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-181-0x00007FF7FDDB0000-0x00007FF7FE104000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2266-0x00007FF7FDDB0000-0x00007FF7FE104000-memory.dmp

Filesize
3.3MB

Download
memory/4876-609-0x00007FF7FDDB0000-0x00007FF7FE104000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads