cobaltstrike | 3041cf39fd77e2e97ce1c6cc70ab6a6b5a0b0013a4055c816e96ad2bc2b23892

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2025 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c69d8f4463af1f839d6d3f0149b89a5a
SHA1

a7f8fd7083732241f5ce5d1237ef650dc2da9462
SHA256

3041cf39fd77e2e97ce1c6cc70ab6a6b5a0b0013a4055c816e96ad2bc2b23892
SHA512

a652c6e2c94d46183301bc848c6aa2c0dd1f9f337fb22c6c9830ed02516ff7b4dc30b4e17cb2f6e8ab15e3ebf5ffd72dc4485f61b3df9e5a3ee8ad8db7d9ef3a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b8a-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-11.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c6c-12.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023c78-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c84-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-139.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-151.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-165.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-210.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-208.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-205.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-203.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-185.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-156.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-142.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-136.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-122.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF7CDDC0000-0x00007FF7CE114000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b8a-5.dat	xmrig
behavioral2/memory/3140-8-0x00007FF61B9F0000-0x00007FF61BD44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c80-11.dat	xmrig
behavioral2/files/0x0009000000023c6c-12.dat	xmrig
behavioral2/memory/3728-14-0x00007FF7C8F90000-0x00007FF7C92E4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023c78-22.dat	xmrig
behavioral2/files/0x0007000000023c81-28.dat	xmrig
behavioral2/memory/1064-27-0x00007FF774300000-0x00007FF774654000-memory.dmp	xmrig
behavioral2/memory/1840-18-0x00007FF6C58C0000-0x00007FF6C5C14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c82-35.dat	xmrig
behavioral2/files/0x0007000000023c83-39.dat	xmrig
behavioral2/memory/2204-42-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c84-47.dat	xmrig
behavioral2/memory/3100-48-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c85-56.dat	xmrig
behavioral2/memory/5100-62-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c87-67.dat	xmrig
behavioral2/files/0x0007000000023c89-77.dat	xmrig
behavioral2/memory/852-95-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8c-100.dat	xmrig
behavioral2/memory/2204-110-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8f-119.dat	xmrig
behavioral2/memory/5100-131-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c92-139.dat	xmrig
behavioral2/files/0x0007000000023c94-151.dat	xmrig
behavioral2/files/0x0007000000023c96-165.dat	xmrig
behavioral2/files/0x0007000000023c98-180.dat	xmrig
behavioral2/files/0x0007000000023c9d-210.dat	xmrig
behavioral2/files/0x0007000000023c9b-208.dat	xmrig
behavioral2/files/0x0007000000023c9c-205.dat	xmrig
behavioral2/files/0x0007000000023c9a-203.dat	xmrig
behavioral2/files/0x0007000000023c99-198.dat	xmrig
behavioral2/memory/1516-197-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp	xmrig
behavioral2/memory/636-191-0x00007FF7213F0000-0x00007FF721744000-memory.dmp	xmrig
behavioral2/memory/2168-190-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c97-185.dat	xmrig
behavioral2/memory/2236-184-0x00007FF6454F0000-0x00007FF645844000-memory.dmp	xmrig
behavioral2/memory/5016-183-0x00007FF713660000-0x00007FF7139B4000-memory.dmp	xmrig
behavioral2/memory/1144-177-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	xmrig
behavioral2/memory/4512-176-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp	xmrig
behavioral2/memory/3200-175-0x00007FF652AB0000-0x00007FF652E04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c95-170.dat	xmrig
behavioral2/memory/852-169-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp	xmrig
behavioral2/memory/4196-168-0x00007FF633EF0000-0x00007FF634244000-memory.dmp	xmrig
behavioral2/memory/1372-162-0x00007FF727000000-0x00007FF727354000-memory.dmp	xmrig
behavioral2/memory/1280-161-0x00007FF796CE0000-0x00007FF797034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c93-156.dat	xmrig
behavioral2/memory/4788-155-0x00007FF682410000-0x00007FF682764000-memory.dmp	xmrig
behavioral2/memory/4164-154-0x00007FF7220D0000-0x00007FF722424000-memory.dmp	xmrig
behavioral2/memory/2120-148-0x00007FF656910000-0x00007FF656C64000-memory.dmp	xmrig
behavioral2/memory/1600-147-0x00007FF712C90000-0x00007FF712FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c91-142.dat	xmrig
behavioral2/memory/3520-138-0x00007FF739230000-0x00007FF739584000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-136.dat	xmrig
behavioral2/memory/4124-132-0x00007FF6AA7D0000-0x00007FF6AAB24000-memory.dmp	xmrig
behavioral2/memory/1516-125-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp	xmrig
behavioral2/memory/2072-124-0x00007FF74D570000-0x00007FF74D8C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8e-122.dat	xmrig
behavioral2/memory/2168-118-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp	xmrig
behavioral2/memory/3100-117-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8d-115.dat	xmrig
behavioral2/memory/5016-111-0x00007FF713660000-0x00007FF7139B4000-memory.dmp	xmrig
behavioral2/memory/4512-104-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3140	hBlTNgy.exe
3728	oPOwTCX.exe
1840	hAiZEhe.exe
1064	EGonyjV.exe
1508	PioXheX.exe
1228	ICRFCFG.exe
2204	vLmQDBC.exe
3100	tqlwXBk.exe
2072	nNCapiW.exe
5100	XeRlxDr.exe
2924	UOdDoxf.exe
1600	rEwreaR.exe
4788	qQLYorP.exe
1372	AQNAjBB.exe
852	XDfSxAn.exe
4512	leKDdlu.exe
5016	czqfNlL.exe
2168	FmjVzVK.exe
1516	ZYFpRiR.exe
4124	iIQdyhw.exe
3520	dyDbyWy.exe
2120	dmWCacS.exe
4164	zRdFXuP.exe
1280	gDqhYcT.exe
4196	MLqaBXu.exe
3200	HpFVErd.exe
1144	SsKgZHu.exe
2236	XpVVkKp.exe
636	ZifXzNM.exe
860	rQUbsLX.exe
4528	WkmoTvr.exe
540	vBEZqFJ.exe
1484	ukjWADC.exe
4728	fdVligZ.exe
5052	bkpPCPn.exe
2764	HHwUcOP.exe
4248	XoYbwmk.exe
3772	nwragyD.exe
4796	TfhtaFZ.exe
1684	qKMdwJq.exe
720	mdUcFzh.exe
4460	cOaXtxA.exe
2272	NLiWFOl.exe
1748	UtsAMmx.exe
3512	mBCFeJP.exe
4268	aDlwNUz.exe
3388	iGgAszi.exe
3320	LHHPqVX.exe
4644	ubVNDqZ.exe
2376	rqDRkKK.exe
4360	PzDZSAJ.exe
4992	bmiplfQ.exe
3616	elrIsly.exe
5000	RJezYnK.exe
2740	PTcizQq.exe
1348	wVmQaKn.exe
2144	nKqeNVT.exe
3936	gJoczvJ.exe
1080	DlKokeH.exe
1104	GeOryqg.exe
316	AdUdTyi.exe
3412	kAlCbkR.exe
452	uIRVFNE.exe
3424	xMlLKTO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF7CDDC0000-0x00007FF7CE114000-memory.dmp	upx
behavioral2/files/0x000c000000023b8a-5.dat	upx
behavioral2/memory/3140-8-0x00007FF61B9F0000-0x00007FF61BD44000-memory.dmp	upx
behavioral2/files/0x0007000000023c80-11.dat	upx
behavioral2/files/0x0009000000023c6c-12.dat	upx
behavioral2/memory/3728-14-0x00007FF7C8F90000-0x00007FF7C92E4000-memory.dmp	upx
behavioral2/files/0x000b000000023c78-22.dat	upx
behavioral2/files/0x0007000000023c81-28.dat	upx
behavioral2/memory/1064-27-0x00007FF774300000-0x00007FF774654000-memory.dmp	upx
behavioral2/memory/1840-18-0x00007FF6C58C0000-0x00007FF6C5C14000-memory.dmp	upx
behavioral2/files/0x0007000000023c82-35.dat	upx
behavioral2/files/0x0007000000023c83-39.dat	upx
behavioral2/memory/2204-42-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp	upx
behavioral2/files/0x0007000000023c84-47.dat	upx
behavioral2/memory/3100-48-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp	upx
behavioral2/files/0x0007000000023c85-56.dat	upx
behavioral2/memory/5100-62-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp	upx
behavioral2/files/0x0007000000023c87-67.dat	upx
behavioral2/files/0x0007000000023c89-77.dat	upx
behavioral2/memory/852-95-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-100.dat	upx
behavioral2/memory/2204-110-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp	upx
behavioral2/files/0x0007000000023c8f-119.dat	upx
behavioral2/memory/5100-131-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp	upx
behavioral2/files/0x0007000000023c92-139.dat	upx
behavioral2/files/0x0007000000023c94-151.dat	upx
behavioral2/files/0x0007000000023c96-165.dat	upx
behavioral2/files/0x0007000000023c98-180.dat	upx
behavioral2/files/0x0007000000023c9d-210.dat	upx
behavioral2/files/0x0007000000023c9b-208.dat	upx
behavioral2/files/0x0007000000023c9c-205.dat	upx
behavioral2/files/0x0007000000023c9a-203.dat	upx
behavioral2/files/0x0007000000023c99-198.dat	upx
behavioral2/memory/1516-197-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp	upx
behavioral2/memory/636-191-0x00007FF7213F0000-0x00007FF721744000-memory.dmp	upx
behavioral2/memory/2168-190-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-185.dat	upx
behavioral2/memory/2236-184-0x00007FF6454F0000-0x00007FF645844000-memory.dmp	upx
behavioral2/memory/5016-183-0x00007FF713660000-0x00007FF7139B4000-memory.dmp	upx
behavioral2/memory/1144-177-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp	upx
behavioral2/memory/4512-176-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp	upx
behavioral2/memory/3200-175-0x00007FF652AB0000-0x00007FF652E04000-memory.dmp	upx
behavioral2/files/0x0007000000023c95-170.dat	upx
behavioral2/memory/852-169-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp	upx
behavioral2/memory/4196-168-0x00007FF633EF0000-0x00007FF634244000-memory.dmp	upx
behavioral2/memory/1372-162-0x00007FF727000000-0x00007FF727354000-memory.dmp	upx
behavioral2/memory/1280-161-0x00007FF796CE0000-0x00007FF797034000-memory.dmp	upx
behavioral2/files/0x0007000000023c93-156.dat	upx
behavioral2/memory/4788-155-0x00007FF682410000-0x00007FF682764000-memory.dmp	upx
behavioral2/memory/4164-154-0x00007FF7220D0000-0x00007FF722424000-memory.dmp	upx
behavioral2/memory/2120-148-0x00007FF656910000-0x00007FF656C64000-memory.dmp	upx
behavioral2/memory/1600-147-0x00007FF712C90000-0x00007FF712FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-142.dat	upx
behavioral2/memory/3520-138-0x00007FF739230000-0x00007FF739584000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-136.dat	upx
behavioral2/memory/4124-132-0x00007FF6AA7D0000-0x00007FF6AAB24000-memory.dmp	upx
behavioral2/memory/1516-125-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp	upx
behavioral2/memory/2072-124-0x00007FF74D570000-0x00007FF74D8C4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8e-122.dat	upx
behavioral2/memory/2168-118-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp	upx
behavioral2/memory/3100-117-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp	upx
behavioral2/files/0x0007000000023c8d-115.dat	upx
behavioral2/memory/5016-111-0x00007FF713660000-0x00007FF7139B4000-memory.dmp	upx
behavioral2/memory/4512-104-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ksXttEP.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CljiVxx.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESwtDJf.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePFYfJs.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\daaotBi.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiwIGPP.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNcymuU.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYoSFhg.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjkIcxM.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnDASJn.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQdxiQK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjGAVBK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhHTbMK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRvAeqq.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSvnMIr.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRqRIXa.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsvBdJC.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmWCacS.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giprrqH.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGjKvXU.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOdDoxf.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjLAXqa.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNPgXlk.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXChkuJ.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfuitFs.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUWoVmd.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZBznyO.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjhxDwi.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfhtaFZ.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGgAszi.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzktMZX.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVJKipa.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYalmvX.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJejvQS.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQsfTrt.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffFsUtg.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shQEirA.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCfwKSY.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYbqGed.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNxAreo.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIbKRew.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZDBTHF.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrHMUrj.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjpYfjS.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNtbjyL.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjmdQdD.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSxnjcL.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHqvvTw.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSoCsPf.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QovxnJK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQahPXP.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNyAQZg.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGonyjV.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmjVzVK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVqIshG.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKuPywp.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUHyPvX.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJcVPeb.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRAPrRt.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEeBwkK.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyhCPeO.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\putSvKN.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRcCGux.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpWYLuI.exe	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15096	dwm.exe
Token: SeChangeNotifyPrivilege	15096	dwm.exe
Token: 33	15096	dwm.exe
Token: SeIncBasePriorityPrivilege	15096	dwm.exe
Token: SeShutdownPrivilege	15096	dwm.exe
Token: SeCreatePagefilePrivilege	15096	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 3140	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3904 wrote to memory of 3140	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3904 wrote to memory of 3728	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3904 wrote to memory of 3728	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3904 wrote to memory of 1840	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3904 wrote to memory of 1840	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3904 wrote to memory of 1064	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3904 wrote to memory of 1064	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3904 wrote to memory of 1508	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3904 wrote to memory of 1508	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3904 wrote to memory of 1228	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3904 wrote to memory of 1228	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3904 wrote to memory of 2204	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3904 wrote to memory of 2204	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3904 wrote to memory of 3100	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3904 wrote to memory of 3100	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3904 wrote to memory of 2072	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3904 wrote to memory of 2072	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3904 wrote to memory of 5100	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3904 wrote to memory of 5100	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3904 wrote to memory of 2924	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3904 wrote to memory of 2924	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3904 wrote to memory of 1600	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3904 wrote to memory of 1600	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3904 wrote to memory of 4788	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3904 wrote to memory of 4788	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3904 wrote to memory of 1372	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3904 wrote to memory of 1372	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3904 wrote to memory of 852	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3904 wrote to memory of 852	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3904 wrote to memory of 4512	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3904 wrote to memory of 4512	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3904 wrote to memory of 5016	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3904 wrote to memory of 5016	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3904 wrote to memory of 2168	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3904 wrote to memory of 2168	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3904 wrote to memory of 1516	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3904 wrote to memory of 1516	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3904 wrote to memory of 4124	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3904 wrote to memory of 4124	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3904 wrote to memory of 3520	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3904 wrote to memory of 3520	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3904 wrote to memory of 2120	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3904 wrote to memory of 2120	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3904 wrote to memory of 4164	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3904 wrote to memory of 4164	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3904 wrote to memory of 1280	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3904 wrote to memory of 1280	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3904 wrote to memory of 4196	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3904 wrote to memory of 4196	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3904 wrote to memory of 3200	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3904 wrote to memory of 3200	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3904 wrote to memory of 1144	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3904 wrote to memory of 1144	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3904 wrote to memory of 2236	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3904 wrote to memory of 2236	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3904 wrote to memory of 636	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3904 wrote to memory of 636	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 3904 wrote to memory of 860	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3904 wrote to memory of 860	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 3904 wrote to memory of 4528	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3904 wrote to memory of 4528	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 3904 wrote to memory of 540	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 3904 wrote to memory of 540	3904	2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_c69d8f4463af1f839d6d3f0149b89a5a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\System\hBlTNgy.exe
  C:\Windows\System\hBlTNgy.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\oPOwTCX.exe
  C:\Windows\System\oPOwTCX.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\hAiZEhe.exe
  C:\Windows\System\hAiZEhe.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\EGonyjV.exe
  C:\Windows\System\EGonyjV.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\PioXheX.exe
  C:\Windows\System\PioXheX.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\ICRFCFG.exe
  C:\Windows\System\ICRFCFG.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\vLmQDBC.exe
  C:\Windows\System\vLmQDBC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\tqlwXBk.exe
  C:\Windows\System\tqlwXBk.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\nNCapiW.exe
  C:\Windows\System\nNCapiW.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\XeRlxDr.exe
  C:\Windows\System\XeRlxDr.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\UOdDoxf.exe
  C:\Windows\System\UOdDoxf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\rEwreaR.exe
  C:\Windows\System\rEwreaR.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\qQLYorP.exe
  C:\Windows\System\qQLYorP.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\AQNAjBB.exe
  C:\Windows\System\AQNAjBB.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\XDfSxAn.exe
  C:\Windows\System\XDfSxAn.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\leKDdlu.exe
  C:\Windows\System\leKDdlu.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\czqfNlL.exe
  C:\Windows\System\czqfNlL.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\FmjVzVK.exe
  C:\Windows\System\FmjVzVK.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ZYFpRiR.exe
  C:\Windows\System\ZYFpRiR.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\iIQdyhw.exe
  C:\Windows\System\iIQdyhw.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\dyDbyWy.exe
  C:\Windows\System\dyDbyWy.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\dmWCacS.exe
  C:\Windows\System\dmWCacS.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\zRdFXuP.exe
  C:\Windows\System\zRdFXuP.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\gDqhYcT.exe
  C:\Windows\System\gDqhYcT.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\MLqaBXu.exe
  C:\Windows\System\MLqaBXu.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\HpFVErd.exe
  C:\Windows\System\HpFVErd.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\SsKgZHu.exe
  C:\Windows\System\SsKgZHu.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\XpVVkKp.exe
  C:\Windows\System\XpVVkKp.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\ZifXzNM.exe
  C:\Windows\System\ZifXzNM.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\rQUbsLX.exe
  C:\Windows\System\rQUbsLX.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\WkmoTvr.exe
  C:\Windows\System\WkmoTvr.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\vBEZqFJ.exe
  C:\Windows\System\vBEZqFJ.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\ukjWADC.exe
  C:\Windows\System\ukjWADC.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\fdVligZ.exe
  C:\Windows\System\fdVligZ.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\bkpPCPn.exe
  C:\Windows\System\bkpPCPn.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\HHwUcOP.exe
  C:\Windows\System\HHwUcOP.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XoYbwmk.exe
  C:\Windows\System\XoYbwmk.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\nwragyD.exe
  C:\Windows\System\nwragyD.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\TfhtaFZ.exe
  C:\Windows\System\TfhtaFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\qKMdwJq.exe
  C:\Windows\System\qKMdwJq.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\mdUcFzh.exe
  C:\Windows\System\mdUcFzh.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\cOaXtxA.exe
  C:\Windows\System\cOaXtxA.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\NLiWFOl.exe
  C:\Windows\System\NLiWFOl.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\UtsAMmx.exe
  C:\Windows\System\UtsAMmx.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\mBCFeJP.exe
  C:\Windows\System\mBCFeJP.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\aDlwNUz.exe
  C:\Windows\System\aDlwNUz.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\iGgAszi.exe
  C:\Windows\System\iGgAszi.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\LHHPqVX.exe
  C:\Windows\System\LHHPqVX.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\ubVNDqZ.exe
  C:\Windows\System\ubVNDqZ.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\rqDRkKK.exe
  C:\Windows\System\rqDRkKK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\PzDZSAJ.exe
  C:\Windows\System\PzDZSAJ.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\bmiplfQ.exe
  C:\Windows\System\bmiplfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\elrIsly.exe
  C:\Windows\System\elrIsly.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\RJezYnK.exe
  C:\Windows\System\RJezYnK.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\PTcizQq.exe
  C:\Windows\System\PTcizQq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\wVmQaKn.exe
  C:\Windows\System\wVmQaKn.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\nKqeNVT.exe
  C:\Windows\System\nKqeNVT.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gJoczvJ.exe
  C:\Windows\System\gJoczvJ.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\DlKokeH.exe
  C:\Windows\System\DlKokeH.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\GeOryqg.exe
  C:\Windows\System\GeOryqg.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\AdUdTyi.exe
  C:\Windows\System\AdUdTyi.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\kAlCbkR.exe
  C:\Windows\System\kAlCbkR.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\uIRVFNE.exe
  C:\Windows\System\uIRVFNE.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\xMlLKTO.exe
  C:\Windows\System\xMlLKTO.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\PVlkyXP.exe
  C:\Windows\System\PVlkyXP.exe
  2⤵
  PID:2208
- C:\Windows\System\OQdMmuo.exe
  C:\Windows\System\OQdMmuo.exe
  2⤵
  PID:4556
- C:\Windows\System\sZlJYZo.exe
  C:\Windows\System\sZlJYZo.exe
  2⤵
  PID:3360
- C:\Windows\System\FCMAyup.exe
  C:\Windows\System\FCMAyup.exe
  2⤵
  PID:4784
- C:\Windows\System\iKwTnNK.exe
  C:\Windows\System\iKwTnNK.exe
  2⤵
  PID:5064
- C:\Windows\System\mAKKiEC.exe
  C:\Windows\System\mAKKiEC.exe
  2⤵
  PID:4288
- C:\Windows\System\FNPgXlk.exe
  C:\Windows\System\FNPgXlk.exe
  2⤵
  PID:2844
- C:\Windows\System\MahOvZb.exe
  C:\Windows\System\MahOvZb.exe
  2⤵
  PID:3872
- C:\Windows\System\osfeGOZ.exe
  C:\Windows\System\osfeGOZ.exe
  2⤵
  PID:5140
- C:\Windows\System\SEOAPtb.exe
  C:\Windows\System\SEOAPtb.exe
  2⤵
  PID:5168
- C:\Windows\System\trThpmo.exe
  C:\Windows\System\trThpmo.exe
  2⤵
  PID:5196
- C:\Windows\System\Uvnnsiw.exe
  C:\Windows\System\Uvnnsiw.exe
  2⤵
  PID:5224
- C:\Windows\System\TvqmFqk.exe
  C:\Windows\System\TvqmFqk.exe
  2⤵
  PID:5252
- C:\Windows\System\YVzkDke.exe
  C:\Windows\System\YVzkDke.exe
  2⤵
  PID:5280
- C:\Windows\System\yOIHIHE.exe
  C:\Windows\System\yOIHIHE.exe
  2⤵
  PID:5308
- C:\Windows\System\RTutsBW.exe
  C:\Windows\System\RTutsBW.exe
  2⤵
  PID:5336
- C:\Windows\System\KKLgrKu.exe
  C:\Windows\System\KKLgrKu.exe
  2⤵
  PID:5364
- C:\Windows\System\ztPfnNS.exe
  C:\Windows\System\ztPfnNS.exe
  2⤵
  PID:5392
- C:\Windows\System\OtkJNJv.exe
  C:\Windows\System\OtkJNJv.exe
  2⤵
  PID:5420
- C:\Windows\System\NGTrVEs.exe
  C:\Windows\System\NGTrVEs.exe
  2⤵
  PID:5448
- C:\Windows\System\rOksQoa.exe
  C:\Windows\System\rOksQoa.exe
  2⤵
  PID:5476
- C:\Windows\System\WkpoLto.exe
  C:\Windows\System\WkpoLto.exe
  2⤵
  PID:5504
- C:\Windows\System\CUZWxRw.exe
  C:\Windows\System\CUZWxRw.exe
  2⤵
  PID:5532
- C:\Windows\System\cxjRxAY.exe
  C:\Windows\System\cxjRxAY.exe
  2⤵
  PID:5560
- C:\Windows\System\tDWrMyp.exe
  C:\Windows\System\tDWrMyp.exe
  2⤵
  PID:5588
- C:\Windows\System\YikXoic.exe
  C:\Windows\System\YikXoic.exe
  2⤵
  PID:5616
- C:\Windows\System\RRLxwKe.exe
  C:\Windows\System\RRLxwKe.exe
  2⤵
  PID:5644
- C:\Windows\System\BxmxMwU.exe
  C:\Windows\System\BxmxMwU.exe
  2⤵
  PID:5672
- C:\Windows\System\yXLuSwc.exe
  C:\Windows\System\yXLuSwc.exe
  2⤵
  PID:5700
- C:\Windows\System\HGBMNlX.exe
  C:\Windows\System\HGBMNlX.exe
  2⤵
  PID:5728
- C:\Windows\System\NucMnQq.exe
  C:\Windows\System\NucMnQq.exe
  2⤵
  PID:5756
- C:\Windows\System\mLSJFzT.exe
  C:\Windows\System\mLSJFzT.exe
  2⤵
  PID:5784
- C:\Windows\System\ecYVUcV.exe
  C:\Windows\System\ecYVUcV.exe
  2⤵
  PID:5812
- C:\Windows\System\tsdgNzZ.exe
  C:\Windows\System\tsdgNzZ.exe
  2⤵
  PID:5840
- C:\Windows\System\xHCxCGD.exe
  C:\Windows\System\xHCxCGD.exe
  2⤵
  PID:5868
- C:\Windows\System\ioIqXPZ.exe
  C:\Windows\System\ioIqXPZ.exe
  2⤵
  PID:5896
- C:\Windows\System\zAgbxiI.exe
  C:\Windows\System\zAgbxiI.exe
  2⤵
  PID:5924
- C:\Windows\System\HvqyQwl.exe
  C:\Windows\System\HvqyQwl.exe
  2⤵
  PID:5952
- C:\Windows\System\iYtYHhi.exe
  C:\Windows\System\iYtYHhi.exe
  2⤵
  PID:5980
- C:\Windows\System\cwFqEjf.exe
  C:\Windows\System\cwFqEjf.exe
  2⤵
  PID:6008
- C:\Windows\System\KvAkkHY.exe
  C:\Windows\System\KvAkkHY.exe
  2⤵
  PID:6036
- C:\Windows\System\hovaJsc.exe
  C:\Windows\System\hovaJsc.exe
  2⤵
  PID:6064
- C:\Windows\System\UUsMsxn.exe
  C:\Windows\System\UUsMsxn.exe
  2⤵
  PID:6092
- C:\Windows\System\yPhDIRM.exe
  C:\Windows\System\yPhDIRM.exe
  2⤵
  PID:6120
- C:\Windows\System\SqGBQDL.exe
  C:\Windows\System\SqGBQDL.exe
  2⤵
  PID:724
- C:\Windows\System\ePCEOjn.exe
  C:\Windows\System\ePCEOjn.exe
  2⤵
  PID:448
- C:\Windows\System\TWmTrRN.exe
  C:\Windows\System\TWmTrRN.exe
  2⤵
  PID:3692
- C:\Windows\System\jBjWrJA.exe
  C:\Windows\System\jBjWrJA.exe
  2⤵
  PID:1148
- C:\Windows\System\bjPbwRT.exe
  C:\Windows\System\bjPbwRT.exe
  2⤵
  PID:5124
- C:\Windows\System\NXChkuJ.exe
  C:\Windows\System\NXChkuJ.exe
  2⤵
  PID:5184
- C:\Windows\System\AmEUFaq.exe
  C:\Windows\System\AmEUFaq.exe
  2⤵
  PID:5244
- C:\Windows\System\cCKJPca.exe
  C:\Windows\System\cCKJPca.exe
  2⤵
  PID:5320
- C:\Windows\System\KdYaJsA.exe
  C:\Windows\System\KdYaJsA.exe
  2⤵
  PID:5380
- C:\Windows\System\domOwmq.exe
  C:\Windows\System\domOwmq.exe
  2⤵
  PID:5440
- C:\Windows\System\aEPBmsz.exe
  C:\Windows\System\aEPBmsz.exe
  2⤵
  PID:5516
- C:\Windows\System\jdlrMVL.exe
  C:\Windows\System\jdlrMVL.exe
  2⤵
  PID:5576
- C:\Windows\System\VhBuNwa.exe
  C:\Windows\System\VhBuNwa.exe
  2⤵
  PID:5636
- C:\Windows\System\vuUqdwx.exe
  C:\Windows\System\vuUqdwx.exe
  2⤵
  PID:5712
- C:\Windows\System\HezptPE.exe
  C:\Windows\System\HezptPE.exe
  2⤵
  PID:5772
- C:\Windows\System\FJejvQS.exe
  C:\Windows\System\FJejvQS.exe
  2⤵
  PID:5832
- C:\Windows\System\NgmvWcl.exe
  C:\Windows\System\NgmvWcl.exe
  2⤵
  PID:5908
- C:\Windows\System\NhsvqKA.exe
  C:\Windows\System\NhsvqKA.exe
  2⤵
  PID:5968
- C:\Windows\System\gvYvAYR.exe
  C:\Windows\System\gvYvAYR.exe
  2⤵
  PID:6028
- C:\Windows\System\dHqvvTw.exe
  C:\Windows\System\dHqvvTw.exe
  2⤵
  PID:6104
- C:\Windows\System\paTIxmJ.exe
  C:\Windows\System\paTIxmJ.exe
  2⤵
  PID:760
- C:\Windows\System\LpblVMP.exe
  C:\Windows\System\LpblVMP.exe
  2⤵
  PID:3620
- C:\Windows\System\BuDOYbs.exe
  C:\Windows\System\BuDOYbs.exe
  2⤵
  PID:5212
- C:\Windows\System\CVNfJWZ.exe
  C:\Windows\System\CVNfJWZ.exe
  2⤵
  PID:5352
- C:\Windows\System\zZAcWxq.exe
  C:\Windows\System\zZAcWxq.exe
  2⤵
  PID:5492
- C:\Windows\System\spmPtcm.exe
  C:\Windows\System\spmPtcm.exe
  2⤵
  PID:5664
- C:\Windows\System\wxjyixV.exe
  C:\Windows\System\wxjyixV.exe
  2⤵
  PID:5804
- C:\Windows\System\BtnFXHz.exe
  C:\Windows\System\BtnFXHz.exe
  2⤵
  PID:5944
- C:\Windows\System\hJOiKCI.exe
  C:\Windows\System\hJOiKCI.exe
  2⤵
  PID:6172
- C:\Windows\System\UqpzJNQ.exe
  C:\Windows\System\UqpzJNQ.exe
  2⤵
  PID:6200
- C:\Windows\System\tVtAOqz.exe
  C:\Windows\System\tVtAOqz.exe
  2⤵
  PID:6228
- C:\Windows\System\uBTtytL.exe
  C:\Windows\System\uBTtytL.exe
  2⤵
  PID:6256
- C:\Windows\System\KKgJknn.exe
  C:\Windows\System\KKgJknn.exe
  2⤵
  PID:6284
- C:\Windows\System\QZbQOry.exe
  C:\Windows\System\QZbQOry.exe
  2⤵
  PID:6312
- C:\Windows\System\CjOzumJ.exe
  C:\Windows\System\CjOzumJ.exe
  2⤵
  PID:6340
- C:\Windows\System\jxOVYSg.exe
  C:\Windows\System\jxOVYSg.exe
  2⤵
  PID:6368
- C:\Windows\System\AYKHSDe.exe
  C:\Windows\System\AYKHSDe.exe
  2⤵
  PID:6396
- C:\Windows\System\hoXCjoD.exe
  C:\Windows\System\hoXCjoD.exe
  2⤵
  PID:6424
- C:\Windows\System\uWSaUJH.exe
  C:\Windows\System\uWSaUJH.exe
  2⤵
  PID:6452
- C:\Windows\System\hiwIGPP.exe
  C:\Windows\System\hiwIGPP.exe
  2⤵
  PID:6480
- C:\Windows\System\hzFnLcY.exe
  C:\Windows\System\hzFnLcY.exe
  2⤵
  PID:6508
- C:\Windows\System\FwyhjSm.exe
  C:\Windows\System\FwyhjSm.exe
  2⤵
  PID:6536
- C:\Windows\System\mEDZVIU.exe
  C:\Windows\System\mEDZVIU.exe
  2⤵
  PID:6564
- C:\Windows\System\WmUeXuz.exe
  C:\Windows\System\WmUeXuz.exe
  2⤵
  PID:6592
- C:\Windows\System\MFXXKNS.exe
  C:\Windows\System\MFXXKNS.exe
  2⤵
  PID:6620
- C:\Windows\System\MrHuBgh.exe
  C:\Windows\System\MrHuBgh.exe
  2⤵
  PID:6648
- C:\Windows\System\SxgIUbF.exe
  C:\Windows\System\SxgIUbF.exe
  2⤵
  PID:6676
- C:\Windows\System\AYcxbDZ.exe
  C:\Windows\System\AYcxbDZ.exe
  2⤵
  PID:6704
- C:\Windows\System\eoDvRGh.exe
  C:\Windows\System\eoDvRGh.exe
  2⤵
  PID:6732
- C:\Windows\System\MtPcWXW.exe
  C:\Windows\System\MtPcWXW.exe
  2⤵
  PID:6760
- C:\Windows\System\ljwwJGF.exe
  C:\Windows\System\ljwwJGF.exe
  2⤵
  PID:6788
- C:\Windows\System\byPtcoO.exe
  C:\Windows\System\byPtcoO.exe
  2⤵
  PID:6816
- C:\Windows\System\rjiWulU.exe
  C:\Windows\System\rjiWulU.exe
  2⤵
  PID:6844
- C:\Windows\System\xMFnJUH.exe
  C:\Windows\System\xMFnJUH.exe
  2⤵
  PID:6872
- C:\Windows\System\RKuoXsK.exe
  C:\Windows\System\RKuoXsK.exe
  2⤵
  PID:6900
- C:\Windows\System\CwanNNm.exe
  C:\Windows\System\CwanNNm.exe
  2⤵
  PID:6928
- C:\Windows\System\mLnpenF.exe
  C:\Windows\System\mLnpenF.exe
  2⤵
  PID:6956
- C:\Windows\System\sFugKxn.exe
  C:\Windows\System\sFugKxn.exe
  2⤵
  PID:6984
- C:\Windows\System\dDXGLiQ.exe
  C:\Windows\System\dDXGLiQ.exe
  2⤵
  PID:7012
- C:\Windows\System\YRNDpgu.exe
  C:\Windows\System\YRNDpgu.exe
  2⤵
  PID:7040
- C:\Windows\System\EveTCWv.exe
  C:\Windows\System\EveTCWv.exe
  2⤵
  PID:7068
- C:\Windows\System\cOOLSye.exe
  C:\Windows\System\cOOLSye.exe
  2⤵
  PID:7096
- C:\Windows\System\FOmUAyr.exe
  C:\Windows\System\FOmUAyr.exe
  2⤵
  PID:7124
- C:\Windows\System\IAgNCFa.exe
  C:\Windows\System\IAgNCFa.exe
  2⤵
  PID:7152
- C:\Windows\System\lbyefDh.exe
  C:\Windows\System\lbyefDh.exe
  2⤵
  PID:6056
- C:\Windows\System\OhFPuSf.exe
  C:\Windows\System\OhFPuSf.exe
  2⤵
  PID:3864
- C:\Windows\System\ShhkAGA.exe
  C:\Windows\System\ShhkAGA.exe
  2⤵
  PID:5348
- C:\Windows\System\GvTqFnS.exe
  C:\Windows\System\GvTqFnS.exe
  2⤵
  PID:5740
- C:\Windows\System\ztbgHJY.exe
  C:\Windows\System\ztbgHJY.exe
  2⤵
  PID:6160
- C:\Windows\System\qgcvQXp.exe
  C:\Windows\System\qgcvQXp.exe
  2⤵
  PID:6220
- C:\Windows\System\zxYfOqF.exe
  C:\Windows\System\zxYfOqF.exe
  2⤵
  PID:6276
- C:\Windows\System\CzXATpD.exe
  C:\Windows\System\CzXATpD.exe
  2⤵
  PID:6352
- C:\Windows\System\MOsSiVq.exe
  C:\Windows\System\MOsSiVq.exe
  2⤵
  PID:6416
- C:\Windows\System\ypQMfGJ.exe
  C:\Windows\System\ypQMfGJ.exe
  2⤵
  PID:6492
- C:\Windows\System\njUUEjX.exe
  C:\Windows\System\njUUEjX.exe
  2⤵
  PID:6548
- C:\Windows\System\AYbqGed.exe
  C:\Windows\System\AYbqGed.exe
  2⤵
  PID:6608
- C:\Windows\System\cWZadqz.exe
  C:\Windows\System\cWZadqz.exe
  2⤵
  PID:6668
- C:\Windows\System\XfaOoCG.exe
  C:\Windows\System\XfaOoCG.exe
  2⤵
  PID:6744
- C:\Windows\System\ibHwvNw.exe
  C:\Windows\System\ibHwvNw.exe
  2⤵
  PID:6804
- C:\Windows\System\kSoCsPf.exe
  C:\Windows\System\kSoCsPf.exe
  2⤵
  PID:6864
- C:\Windows\System\ozYjaVJ.exe
  C:\Windows\System\ozYjaVJ.exe
  2⤵
  PID:6916
- C:\Windows\System\mDCfYJP.exe
  C:\Windows\System\mDCfYJP.exe
  2⤵
  PID:6972
- C:\Windows\System\eldtqkC.exe
  C:\Windows\System\eldtqkC.exe
  2⤵
  PID:7032
- C:\Windows\System\wKHwxsE.exe
  C:\Windows\System\wKHwxsE.exe
  2⤵
  PID:7108
- C:\Windows\System\oKCbjWF.exe
  C:\Windows\System\oKCbjWF.exe
  2⤵
  PID:5996
- C:\Windows\System\qHRnFQM.exe
  C:\Windows\System\qHRnFQM.exe
  2⤵
  PID:5156
- C:\Windows\System\hvSTygZ.exe
  C:\Windows\System\hvSTygZ.exe
  2⤵
  PID:5936
- C:\Windows\System\kOEiCpU.exe
  C:\Windows\System\kOEiCpU.exe
  2⤵
  PID:6324
- C:\Windows\System\cljLxEw.exe
  C:\Windows\System\cljLxEw.exe
  2⤵
  PID:6464
- C:\Windows\System\TYPXaTN.exe
  C:\Windows\System\TYPXaTN.exe
  2⤵
  PID:6584
- C:\Windows\System\UjLAXqa.exe
  C:\Windows\System\UjLAXqa.exe
  2⤵
  PID:6832
- C:\Windows\System\hxetFjh.exe
  C:\Windows\System\hxetFjh.exe
  2⤵
  PID:6948
- C:\Windows\System\vVrwZVL.exe
  C:\Windows\System\vVrwZVL.exe
  2⤵
  PID:7024
- C:\Windows\System\kURUkvH.exe
  C:\Windows\System\kURUkvH.exe
  2⤵
  PID:7196
- C:\Windows\System\bLesAkg.exe
  C:\Windows\System\bLesAkg.exe
  2⤵
  PID:7224
- C:\Windows\System\dRtHFpp.exe
  C:\Windows\System\dRtHFpp.exe
  2⤵
  PID:7252
- C:\Windows\System\sNxAreo.exe
  C:\Windows\System\sNxAreo.exe
  2⤵
  PID:7280
- C:\Windows\System\xyhCPeO.exe
  C:\Windows\System\xyhCPeO.exe
  2⤵
  PID:7308
- C:\Windows\System\mfHXXxu.exe
  C:\Windows\System\mfHXXxu.exe
  2⤵
  PID:7336
- C:\Windows\System\vjmdQdD.exe
  C:\Windows\System\vjmdQdD.exe
  2⤵
  PID:7364
- C:\Windows\System\LfuitFs.exe
  C:\Windows\System\LfuitFs.exe
  2⤵
  PID:7392
- C:\Windows\System\RLLHwgf.exe
  C:\Windows\System\RLLHwgf.exe
  2⤵
  PID:7424
- C:\Windows\System\ZQosJcp.exe
  C:\Windows\System\ZQosJcp.exe
  2⤵
  PID:7448
- C:\Windows\System\hgadyfm.exe
  C:\Windows\System\hgadyfm.exe
  2⤵
  PID:7488
- C:\Windows\System\hPlTGXv.exe
  C:\Windows\System\hPlTGXv.exe
  2⤵
  PID:7516
- C:\Windows\System\QjcUBgn.exe
  C:\Windows\System\QjcUBgn.exe
  2⤵
  PID:7544
- C:\Windows\System\vCmzswM.exe
  C:\Windows\System\vCmzswM.exe
  2⤵
  PID:7572
- C:\Windows\System\iEkQZmn.exe
  C:\Windows\System\iEkQZmn.exe
  2⤵
  PID:7600
- C:\Windows\System\aJmOSIk.exe
  C:\Windows\System\aJmOSIk.exe
  2⤵
  PID:7628
- C:\Windows\System\ysBCiwj.exe
  C:\Windows\System\ysBCiwj.exe
  2⤵
  PID:7656
- C:\Windows\System\yqRLkvV.exe
  C:\Windows\System\yqRLkvV.exe
  2⤵
  PID:7684
- C:\Windows\System\ggtkBVn.exe
  C:\Windows\System\ggtkBVn.exe
  2⤵
  PID:7712
- C:\Windows\System\kRvtRuY.exe
  C:\Windows\System\kRvtRuY.exe
  2⤵
  PID:7740
- C:\Windows\System\CrbUdKB.exe
  C:\Windows\System\CrbUdKB.exe
  2⤵
  PID:7768
- C:\Windows\System\yyGoSXI.exe
  C:\Windows\System\yyGoSXI.exe
  2⤵
  PID:7796
- C:\Windows\System\vljXZnr.exe
  C:\Windows\System\vljXZnr.exe
  2⤵
  PID:7824
- C:\Windows\System\cICKDHX.exe
  C:\Windows\System\cICKDHX.exe
  2⤵
  PID:7852
- C:\Windows\System\QjxIpEL.exe
  C:\Windows\System\QjxIpEL.exe
  2⤵
  PID:7880
- C:\Windows\System\giGANDK.exe
  C:\Windows\System\giGANDK.exe
  2⤵
  PID:7908
- C:\Windows\System\mSuUOeX.exe
  C:\Windows\System\mSuUOeX.exe
  2⤵
  PID:7936
- C:\Windows\System\gjjAnPI.exe
  C:\Windows\System\gjjAnPI.exe
  2⤵
  PID:7964
- C:\Windows\System\pNcymuU.exe
  C:\Windows\System\pNcymuU.exe
  2⤵
  PID:7992
- C:\Windows\System\dcnouKg.exe
  C:\Windows\System\dcnouKg.exe
  2⤵
  PID:8020
- C:\Windows\System\DHhCDPf.exe
  C:\Windows\System\DHhCDPf.exe
  2⤵
  PID:8048
- C:\Windows\System\qahhKDd.exe
  C:\Windows\System\qahhKDd.exe
  2⤵
  PID:8076
- C:\Windows\System\qEWowta.exe
  C:\Windows\System\qEWowta.exe
  2⤵
  PID:8104
- C:\Windows\System\cUDFwFp.exe
  C:\Windows\System\cUDFwFp.exe
  2⤵
  PID:8132
- C:\Windows\System\HLZTzBx.exe
  C:\Windows\System\HLZTzBx.exe
  2⤵
  PID:8160
- C:\Windows\System\GMJEPJU.exe
  C:\Windows\System\GMJEPJU.exe
  2⤵
  PID:8188
- C:\Windows\System\HKqFRlz.exe
  C:\Windows\System\HKqFRlz.exe
  2⤵
  PID:6136
- C:\Windows\System\AJfNPzD.exe
  C:\Windows\System\AJfNPzD.exe
  2⤵
  PID:6248
- C:\Windows\System\UdyjrIP.exe
  C:\Windows\System\UdyjrIP.exe
  2⤵
  PID:6524
- C:\Windows\System\tZEVMwc.exe
  C:\Windows\System\tZEVMwc.exe
  2⤵
  PID:6888
- C:\Windows\System\Bmpyufj.exe
  C:\Windows\System\Bmpyufj.exe
  2⤵
  PID:3420
- C:\Windows\System\slkIKEJ.exe
  C:\Windows\System\slkIKEJ.exe
  2⤵
  PID:7264
- C:\Windows\System\JGjKvXU.exe
  C:\Windows\System\JGjKvXU.exe
  2⤵
  PID:7324
- C:\Windows\System\GjkGwpr.exe
  C:\Windows\System\GjkGwpr.exe
  2⤵
  PID:7384
- C:\Windows\System\HJjeMFs.exe
  C:\Windows\System\HJjeMFs.exe
  2⤵
  PID:7460
- C:\Windows\System\QNeuknb.exe
  C:\Windows\System\QNeuknb.exe
  2⤵
  PID:7528
- C:\Windows\System\gYOnxKs.exe
  C:\Windows\System\gYOnxKs.exe
  2⤵
  PID:7584
- C:\Windows\System\nJbtmCw.exe
  C:\Windows\System\nJbtmCw.exe
  2⤵
  PID:7640
- C:\Windows\System\TQsfTrt.exe
  C:\Windows\System\TQsfTrt.exe
  2⤵
  PID:7700
- C:\Windows\System\zvAcGZp.exe
  C:\Windows\System\zvAcGZp.exe
  2⤵
  PID:7760
- C:\Windows\System\UuPVbys.exe
  C:\Windows\System\UuPVbys.exe
  2⤵
  PID:7836
- C:\Windows\System\WSxnjcL.exe
  C:\Windows\System\WSxnjcL.exe
  2⤵
  PID:7892
- C:\Windows\System\tQUaMXW.exe
  C:\Windows\System\tQUaMXW.exe
  2⤵
  PID:7952
- C:\Windows\System\hRoFKLj.exe
  C:\Windows\System\hRoFKLj.exe
  2⤵
  PID:8004
- C:\Windows\System\ZZbOLIG.exe
  C:\Windows\System\ZZbOLIG.exe
  2⤵
  PID:8064
- C:\Windows\System\QovxnJK.exe
  C:\Windows\System\QovxnJK.exe
  2⤵
  PID:8124
- C:\Windows\System\psmGRLH.exe
  C:\Windows\System\psmGRLH.exe
  2⤵
  PID:7084
- C:\Windows\System\LBnqwKI.exe
  C:\Windows\System\LBnqwKI.exe
  2⤵
  PID:6388
- C:\Windows\System\ThtEqwT.exe
  C:\Windows\System\ThtEqwT.exe
  2⤵
  PID:1836
- C:\Windows\System\DBqKBdA.exe
  C:\Windows\System\DBqKBdA.exe
  2⤵
  PID:7296
- C:\Windows\System\CtObuvs.exe
  C:\Windows\System\CtObuvs.exe
  2⤵
  PID:7440
- C:\Windows\System\camJjDH.exe
  C:\Windows\System\camJjDH.exe
  2⤵
  PID:3020
- C:\Windows\System\kNAGbRJ.exe
  C:\Windows\System\kNAGbRJ.exe
  2⤵
  PID:7676
- C:\Windows\System\putSvKN.exe
  C:\Windows\System\putSvKN.exe
  2⤵
  PID:7812
- C:\Windows\System\syQOIrz.exe
  C:\Windows\System\syQOIrz.exe
  2⤵
  PID:640
- C:\Windows\System\AVkVvkq.exe
  C:\Windows\System\AVkVvkq.exe
  2⤵
  PID:8036
- C:\Windows\System\YjkIcxM.exe
  C:\Windows\System\YjkIcxM.exe
  2⤵
  PID:8172
- C:\Windows\System\UYOVLUG.exe
  C:\Windows\System\UYOVLUG.exe
  2⤵
  PID:8204
- C:\Windows\System\SlEEwSu.exe
  C:\Windows\System\SlEEwSu.exe
  2⤵
  PID:8228
- C:\Windows\System\DQdxiQK.exe
  C:\Windows\System\DQdxiQK.exe
  2⤵
  PID:8260
- C:\Windows\System\mxdbcTc.exe
  C:\Windows\System\mxdbcTc.exe
  2⤵
  PID:8288
- C:\Windows\System\rchgmiP.exe
  C:\Windows\System\rchgmiP.exe
  2⤵
  PID:8316
- C:\Windows\System\kjOgZbo.exe
  C:\Windows\System\kjOgZbo.exe
  2⤵
  PID:8344
- C:\Windows\System\mhSXqdc.exe
  C:\Windows\System\mhSXqdc.exe
  2⤵
  PID:8372
- C:\Windows\System\WVesNit.exe
  C:\Windows\System\WVesNit.exe
  2⤵
  PID:8400
- C:\Windows\System\nAhPGzw.exe
  C:\Windows\System\nAhPGzw.exe
  2⤵
  PID:8428
- C:\Windows\System\ETlrhpU.exe
  C:\Windows\System\ETlrhpU.exe
  2⤵
  PID:8456
- C:\Windows\System\IHHNaUM.exe
  C:\Windows\System\IHHNaUM.exe
  2⤵
  PID:8484
- C:\Windows\System\tGYEAxh.exe
  C:\Windows\System\tGYEAxh.exe
  2⤵
  PID:8512
- C:\Windows\System\eKLZtrt.exe
  C:\Windows\System\eKLZtrt.exe
  2⤵
  PID:8540
- C:\Windows\System\vBvHERH.exe
  C:\Windows\System\vBvHERH.exe
  2⤵
  PID:8568
- C:\Windows\System\lXtkVNf.exe
  C:\Windows\System\lXtkVNf.exe
  2⤵
  PID:8596
- C:\Windows\System\UPuZxgg.exe
  C:\Windows\System\UPuZxgg.exe
  2⤵
  PID:8624
- C:\Windows\System\FiyNmIx.exe
  C:\Windows\System\FiyNmIx.exe
  2⤵
  PID:8648
- C:\Windows\System\NXJqboT.exe
  C:\Windows\System\NXJqboT.exe
  2⤵
  PID:8668
- C:\Windows\System\LLCqOcG.exe
  C:\Windows\System\LLCqOcG.exe
  2⤵
  PID:8696
- C:\Windows\System\eoXSBMV.exe
  C:\Windows\System\eoXSBMV.exe
  2⤵
  PID:8724
- C:\Windows\System\GroGDgp.exe
  C:\Windows\System\GroGDgp.exe
  2⤵
  PID:8752
- C:\Windows\System\VWQRpdE.exe
  C:\Windows\System\VWQRpdE.exe
  2⤵
  PID:8780
- C:\Windows\System\mJmdPNE.exe
  C:\Windows\System\mJmdPNE.exe
  2⤵
  PID:8808
- C:\Windows\System\byQTZMM.exe
  C:\Windows\System\byQTZMM.exe
  2⤵
  PID:8836
- C:\Windows\System\wPVYhJN.exe
  C:\Windows\System\wPVYhJN.exe
  2⤵
  PID:8864
- C:\Windows\System\HLwKmcd.exe
  C:\Windows\System\HLwKmcd.exe
  2⤵
  PID:8892
- C:\Windows\System\BfkIbfl.exe
  C:\Windows\System\BfkIbfl.exe
  2⤵
  PID:8920
- C:\Windows\System\VJJyxAZ.exe
  C:\Windows\System\VJJyxAZ.exe
  2⤵
  PID:8948
- C:\Windows\System\sKGewfn.exe
  C:\Windows\System\sKGewfn.exe
  2⤵
  PID:8976
- C:\Windows\System\eyJPeyf.exe
  C:\Windows\System\eyJPeyf.exe
  2⤵
  PID:9004
- C:\Windows\System\nBcOZeM.exe
  C:\Windows\System\nBcOZeM.exe
  2⤵
  PID:9032
- C:\Windows\System\jMPPrkC.exe
  C:\Windows\System\jMPPrkC.exe
  2⤵
  PID:9060
- C:\Windows\System\WtMMvWx.exe
  C:\Windows\System\WtMMvWx.exe
  2⤵
  PID:9088
- C:\Windows\System\pMgTvkn.exe
  C:\Windows\System\pMgTvkn.exe
  2⤵
  PID:9116
- C:\Windows\System\wgRFuFh.exe
  C:\Windows\System\wgRFuFh.exe
  2⤵
  PID:9144
- C:\Windows\System\tzmhyCk.exe
  C:\Windows\System\tzmhyCk.exe
  2⤵
  PID:9172
- C:\Windows\System\zkrwNvU.exe
  C:\Windows\System\zkrwNvU.exe
  2⤵
  PID:9200
- C:\Windows\System\PfHCLpj.exe
  C:\Windows\System\PfHCLpj.exe
  2⤵
  PID:7216
- C:\Windows\System\kdQBAYP.exe
  C:\Windows\System\kdQBAYP.exe
  2⤵
  PID:7508
- C:\Windows\System\kMzbNJx.exe
  C:\Windows\System\kMzbNJx.exe
  2⤵
  PID:7788
- C:\Windows\System\VoYDGaV.exe
  C:\Windows\System\VoYDGaV.exe
  2⤵
  PID:7976
- C:\Windows\System\RCEechb.exe
  C:\Windows\System\RCEechb.exe
  2⤵
  PID:5604
- C:\Windows\System\FUKAvyK.exe
  C:\Windows\System\FUKAvyK.exe
  2⤵
  PID:8244
- C:\Windows\System\DkXtYTI.exe
  C:\Windows\System\DkXtYTI.exe
  2⤵
  PID:8308
- C:\Windows\System\zOyPPVh.exe
  C:\Windows\System\zOyPPVh.exe
  2⤵
  PID:8360
- C:\Windows\System\JZaAsCG.exe
  C:\Windows\System\JZaAsCG.exe
  2⤵
  PID:8420
- C:\Windows\System\jYPJdAT.exe
  C:\Windows\System\jYPJdAT.exe
  2⤵
  PID:4100
- C:\Windows\System\pDIuQJx.exe
  C:\Windows\System\pDIuQJx.exe
  2⤵
  PID:8532
- C:\Windows\System\CFWtAxq.exe
  C:\Windows\System\CFWtAxq.exe
  2⤵
  PID:8588
- C:\Windows\System\ffFsUtg.exe
  C:\Windows\System\ffFsUtg.exe
  2⤵
  PID:8644
- C:\Windows\System\UfoNpLD.exe
  C:\Windows\System\UfoNpLD.exe
  2⤵
  PID:8688
- C:\Windows\System\ZcPabOd.exe
  C:\Windows\System\ZcPabOd.exe
  2⤵
  PID:8740
- C:\Windows\System\EgNmWYW.exe
  C:\Windows\System\EgNmWYW.exe
  2⤵
  PID:4236
- C:\Windows\System\RFvGivD.exe
  C:\Windows\System\RFvGivD.exe
  2⤵
  PID:8828
- C:\Windows\System\gjhimbM.exe
  C:\Windows\System\gjhimbM.exe
  2⤵
  PID:8880
- C:\Windows\System\XGPhBMi.exe
  C:\Windows\System\XGPhBMi.exe
  2⤵
  PID:8936
- C:\Windows\System\UxtndYF.exe
  C:\Windows\System\UxtndYF.exe
  2⤵
  PID:1592
- C:\Windows\System\HsCxliW.exe
  C:\Windows\System\HsCxliW.exe
  2⤵
  PID:9044
- C:\Windows\System\FxWlyTH.exe
  C:\Windows\System\FxWlyTH.exe
  2⤵
  PID:9104
- C:\Windows\System\RhORRRK.exe
  C:\Windows\System\RhORRRK.exe
  2⤵
  PID:9164
- C:\Windows\System\giprrqH.exe
  C:\Windows\System\giprrqH.exe
  2⤵
  PID:7360
- C:\Windows\System\pojFISZ.exe
  C:\Windows\System\pojFISZ.exe
  2⤵
  PID:7868
- C:\Windows\System\AOUAPqi.exe
  C:\Windows\System\AOUAPqi.exe
  2⤵
  PID:1612
- C:\Windows\System\grVsdYt.exe
  C:\Windows\System\grVsdYt.exe
  2⤵
  PID:8336
- C:\Windows\System\rfjPvvS.exe
  C:\Windows\System\rfjPvvS.exe
  2⤵
  PID:8500
- C:\Windows\System\grhFqZl.exe
  C:\Windows\System\grhFqZl.exe
  2⤵
  PID:4560
- C:\Windows\System\pEczzYa.exe
  C:\Windows\System\pEczzYa.exe
  2⤵
  PID:2356
- C:\Windows\System\EzwKWOz.exe
  C:\Windows\System\EzwKWOz.exe
  2⤵
  PID:8820
- C:\Windows\System\rcRRtoF.exe
  C:\Windows\System\rcRRtoF.exe
  2⤵
  PID:5072
- C:\Windows\System\tSVSMEq.exe
  C:\Windows\System\tSVSMEq.exe
  2⤵
  PID:2812
- C:\Windows\System\hDwPcVt.exe
  C:\Windows\System\hDwPcVt.exe
  2⤵
  PID:9212
- C:\Windows\System\wsXDeaE.exe
  C:\Windows\System\wsXDeaE.exe
  2⤵
  PID:2588
- C:\Windows\System\YJcVPeb.exe
  C:\Windows\System\YJcVPeb.exe
  2⤵
  PID:8560
- C:\Windows\System\ACuJlXI.exe
  C:\Windows\System\ACuJlXI.exe
  2⤵
  PID:9220
- C:\Windows\System\SVmKCHf.exe
  C:\Windows\System\SVmKCHf.exe
  2⤵
  PID:9248
- C:\Windows\System\vkEgQdx.exe
  C:\Windows\System\vkEgQdx.exe
  2⤵
  PID:9276
- C:\Windows\System\WDhjzqu.exe
  C:\Windows\System\WDhjzqu.exe
  2⤵
  PID:9304
- C:\Windows\System\yyFGydd.exe
  C:\Windows\System\yyFGydd.exe
  2⤵
  PID:9332
- C:\Windows\System\ycURLwK.exe
  C:\Windows\System\ycURLwK.exe
  2⤵
  PID:9360
- C:\Windows\System\BvGasvY.exe
  C:\Windows\System\BvGasvY.exe
  2⤵
  PID:9388
- C:\Windows\System\FHFFkAn.exe
  C:\Windows\System\FHFFkAn.exe
  2⤵
  PID:9416
- C:\Windows\System\glMsLeS.exe
  C:\Windows\System\glMsLeS.exe
  2⤵
  PID:9444
- C:\Windows\System\ZqPvQCs.exe
  C:\Windows\System\ZqPvQCs.exe
  2⤵
  PID:9472
- C:\Windows\System\EPPWXDB.exe
  C:\Windows\System\EPPWXDB.exe
  2⤵
  PID:9500
- C:\Windows\System\NgjNBOj.exe
  C:\Windows\System\NgjNBOj.exe
  2⤵
  PID:9528
- C:\Windows\System\dWjMXdn.exe
  C:\Windows\System\dWjMXdn.exe
  2⤵
  PID:9556
- C:\Windows\System\WZBQOhX.exe
  C:\Windows\System\WZBQOhX.exe
  2⤵
  PID:9584
- C:\Windows\System\xUzmrJE.exe
  C:\Windows\System\xUzmrJE.exe
  2⤵
  PID:9612
- C:\Windows\System\TzktMZX.exe
  C:\Windows\System\TzktMZX.exe
  2⤵
  PID:9640
- C:\Windows\System\hLZeIaB.exe
  C:\Windows\System\hLZeIaB.exe
  2⤵
  PID:9668
- C:\Windows\System\WQDcHkZ.exe
  C:\Windows\System\WQDcHkZ.exe
  2⤵
  PID:9696
- C:\Windows\System\WrNbLvN.exe
  C:\Windows\System\WrNbLvN.exe
  2⤵
  PID:9724
- C:\Windows\System\gZhzGPl.exe
  C:\Windows\System\gZhzGPl.exe
  2⤵
  PID:9752
- C:\Windows\System\NIzesqO.exe
  C:\Windows\System\NIzesqO.exe
  2⤵
  PID:9776
- C:\Windows\System\TToFDpl.exe
  C:\Windows\System\TToFDpl.exe
  2⤵
  PID:9808
- C:\Windows\System\bHbjeAg.exe
  C:\Windows\System\bHbjeAg.exe
  2⤵
  PID:9836
- C:\Windows\System\USjYDgw.exe
  C:\Windows\System\USjYDgw.exe
  2⤵
  PID:9864
- C:\Windows\System\XhHTbMK.exe
  C:\Windows\System\XhHTbMK.exe
  2⤵
  PID:9892
- C:\Windows\System\LIiFTGn.exe
  C:\Windows\System\LIiFTGn.exe
  2⤵
  PID:9920
- C:\Windows\System\shQEirA.exe
  C:\Windows\System\shQEirA.exe
  2⤵
  PID:9948
- C:\Windows\System\hUUegXU.exe
  C:\Windows\System\hUUegXU.exe
  2⤵
  PID:9976
- C:\Windows\System\kdfDCJF.exe
  C:\Windows\System\kdfDCJF.exe
  2⤵
  PID:10004
- C:\Windows\System\HQfkCmX.exe
  C:\Windows\System\HQfkCmX.exe
  2⤵
  PID:10032
- C:\Windows\System\MUWoVmd.exe
  C:\Windows\System\MUWoVmd.exe
  2⤵
  PID:10060
- C:\Windows\System\QNfKxGM.exe
  C:\Windows\System\QNfKxGM.exe
  2⤵
  PID:10084
- C:\Windows\System\cyveXAd.exe
  C:\Windows\System\cyveXAd.exe
  2⤵
  PID:10112
- C:\Windows\System\YqjoNSJ.exe
  C:\Windows\System\YqjoNSJ.exe
  2⤵
  PID:10140
- C:\Windows\System\oAVtcXv.exe
  C:\Windows\System\oAVtcXv.exe
  2⤵
  PID:10172
- C:\Windows\System\PtLUWcG.exe
  C:\Windows\System\PtLUWcG.exe
  2⤵
  PID:10200
- C:\Windows\System\ifQzgzA.exe
  C:\Windows\System\ifQzgzA.exe
  2⤵
  PID:10228
- C:\Windows\System\FBDHVdb.exe
  C:\Windows\System\FBDHVdb.exe
  2⤵
  PID:8908
- C:\Windows\System\yjeqwAy.exe
  C:\Windows\System\yjeqwAy.exe
  2⤵
  PID:9156
- C:\Windows\System\FwmoSYL.exe
  C:\Windows\System\FwmoSYL.exe
  2⤵
  PID:8444
- C:\Windows\System\LVHhRcq.exe
  C:\Windows\System\LVHhRcq.exe
  2⤵
  PID:9240
- C:\Windows\System\UMWEPCS.exe
  C:\Windows\System\UMWEPCS.exe
  2⤵
  PID:9316
- C:\Windows\System\QHTWqbO.exe
  C:\Windows\System\QHTWqbO.exe
  2⤵
  PID:9372
- C:\Windows\System\FuCKMsa.exe
  C:\Windows\System\FuCKMsa.exe
  2⤵
  PID:9432
- C:\Windows\System\lLgPIOd.exe
  C:\Windows\System\lLgPIOd.exe
  2⤵
  PID:4704
- C:\Windows\System\rwCrWin.exe
  C:\Windows\System\rwCrWin.exe
  2⤵
  PID:9548
- C:\Windows\System\HVfxaQQ.exe
  C:\Windows\System\HVfxaQQ.exe
  2⤵
  PID:9600
- C:\Windows\System\whPlCdg.exe
  C:\Windows\System\whPlCdg.exe
  2⤵
  PID:9656
- C:\Windows\System\vRcCGux.exe
  C:\Windows\System\vRcCGux.exe
  2⤵
  PID:9712
- C:\Windows\System\GRwIzYj.exe
  C:\Windows\System\GRwIzYj.exe
  2⤵
  PID:9772
- C:\Windows\System\FRnkIvB.exe
  C:\Windows\System\FRnkIvB.exe
  2⤵
  PID:9848
- C:\Windows\System\cnqHqCo.exe
  C:\Windows\System\cnqHqCo.exe
  2⤵
  PID:9988
- C:\Windows\System\qullJSZ.exe
  C:\Windows\System\qullJSZ.exe
  2⤵
  PID:10052
- C:\Windows\System\iIlnfjI.exe
  C:\Windows\System\iIlnfjI.exe
  2⤵
  PID:3164
- C:\Windows\System\sZMkJZL.exe
  C:\Windows\System\sZMkJZL.exe
  2⤵
  PID:3636
- C:\Windows\System\JfkbUpz.exe
  C:\Windows\System\JfkbUpz.exe
  2⤵
  PID:2532
- C:\Windows\System\fnflgBs.exe
  C:\Windows\System\fnflgBs.exe
  2⤵
  PID:9132
- C:\Windows\System\fiiPUjK.exe
  C:\Windows\System\fiiPUjK.exe
  2⤵
  PID:9268
- C:\Windows\System\EmmGsAL.exe
  C:\Windows\System\EmmGsAL.exe
  2⤵
  PID:3596
- C:\Windows\System\kKepsxe.exe
  C:\Windows\System\kKepsxe.exe
  2⤵
  PID:2716
- C:\Windows\System\JisCyve.exe
  C:\Windows\System\JisCyve.exe
  2⤵
  PID:2360
- C:\Windows\System\fxFUWyQ.exe
  C:\Windows\System\fxFUWyQ.exe
  2⤵
  PID:9628
- C:\Windows\System\CkTlmSq.exe
  C:\Windows\System\CkTlmSq.exe
  2⤵
  PID:9684
- C:\Windows\System\gOsIgmU.exe
  C:\Windows\System\gOsIgmU.exe
  2⤵
  PID:4160
- C:\Windows\System\huOPGZY.exe
  C:\Windows\System\huOPGZY.exe
  2⤵
  PID:432
- C:\Windows\System\paquNnG.exe
  C:\Windows\System\paquNnG.exe
  2⤵
  PID:1364
- C:\Windows\System\IyzKwkW.exe
  C:\Windows\System\IyzKwkW.exe
  2⤵
  PID:2380
- C:\Windows\System\bZBznyO.exe
  C:\Windows\System\bZBznyO.exe
  2⤵
  PID:9968
- C:\Windows\System\UPzNeYM.exe
  C:\Windows\System\UPzNeYM.exe
  2⤵
  PID:10104
- C:\Windows\System\ydPIZiH.exe
  C:\Windows\System\ydPIZiH.exe
  2⤵
  PID:10220
- C:\Windows\System\rmjuVCF.exe
  C:\Windows\System\rmjuVCF.exe
  2⤵
  PID:2852
- C:\Windows\System\LIzeCmv.exe
  C:\Windows\System\LIzeCmv.exe
  2⤵
  PID:9540
- C:\Windows\System\kBdJiNL.exe
  C:\Windows\System\kBdJiNL.exe
  2⤵
  PID:9688
- C:\Windows\System\zQpEJva.exe
  C:\Windows\System\zQpEJva.exe
  2⤵
  PID:1284
- C:\Windows\System\sPvHJNT.exe
  C:\Windows\System\sPvHJNT.exe
  2⤵
  PID:3368
- C:\Windows\System\MLcjmLF.exe
  C:\Windows\System\MLcjmLF.exe
  2⤵
  PID:9516
- C:\Windows\System\oZWIFiQ.exe
  C:\Windows\System\oZWIFiQ.exe
  2⤵
  PID:2488
- C:\Windows\System\BlcodeQ.exe
  C:\Windows\System\BlcodeQ.exe
  2⤵
  PID:1232
- C:\Windows\System\MVjHELc.exe
  C:\Windows\System\MVjHELc.exe
  2⤵
  PID:10296
- C:\Windows\System\ILCMQsf.exe
  C:\Windows\System\ILCMQsf.exe
  2⤵
  PID:10328
- C:\Windows\System\ZBMxgXB.exe
  C:\Windows\System\ZBMxgXB.exe
  2⤵
  PID:10352
- C:\Windows\System\kHoeqNl.exe
  C:\Windows\System\kHoeqNl.exe
  2⤵
  PID:10380
- C:\Windows\System\VhkZnAf.exe
  C:\Windows\System\VhkZnAf.exe
  2⤵
  PID:10412
- C:\Windows\System\gBleOfa.exe
  C:\Windows\System\gBleOfa.exe
  2⤵
  PID:10440
- C:\Windows\System\TvejAbb.exe
  C:\Windows\System\TvejAbb.exe
  2⤵
  PID:10468
- C:\Windows\System\XaRNBfb.exe
  C:\Windows\System\XaRNBfb.exe
  2⤵
  PID:10496
- C:\Windows\System\LNBqrdx.exe
  C:\Windows\System\LNBqrdx.exe
  2⤵
  PID:10520
- C:\Windows\System\holCEJM.exe
  C:\Windows\System\holCEJM.exe
  2⤵
  PID:10540
- C:\Windows\System\WgtDZzA.exe
  C:\Windows\System\WgtDZzA.exe
  2⤵
  PID:10580
- C:\Windows\System\AHQTekQ.exe
  C:\Windows\System\AHQTekQ.exe
  2⤵
  PID:10608
- C:\Windows\System\aMXtOul.exe
  C:\Windows\System\aMXtOul.exe
  2⤵
  PID:10628
- C:\Windows\System\hfKIFbE.exe
  C:\Windows\System\hfKIFbE.exe
  2⤵
  PID:10656
- C:\Windows\System\XaEJRrI.exe
  C:\Windows\System\XaEJRrI.exe
  2⤵
  PID:10692
- C:\Windows\System\xQywNrc.exe
  C:\Windows\System\xQywNrc.exe
  2⤵
  PID:10720
- C:\Windows\System\BJuTVkh.exe
  C:\Windows\System\BJuTVkh.exe
  2⤵
  PID:10748
- C:\Windows\System\JyClJja.exe
  C:\Windows\System\JyClJja.exe
  2⤵
  PID:10788
- C:\Windows\System\zIvYAgL.exe
  C:\Windows\System\zIvYAgL.exe
  2⤵
  PID:10816
- C:\Windows\System\HuKPdOg.exe
  C:\Windows\System\HuKPdOg.exe
  2⤵
  PID:10844
- C:\Windows\System\vUGxkND.exe
  C:\Windows\System\vUGxkND.exe
  2⤵
  PID:10872
- C:\Windows\System\dSeQkQW.exe
  C:\Windows\System\dSeQkQW.exe
  2⤵
  PID:10904
- C:\Windows\System\BsBTCCI.exe
  C:\Windows\System\BsBTCCI.exe
  2⤵
  PID:10932
- C:\Windows\System\LKuPywp.exe
  C:\Windows\System\LKuPywp.exe
  2⤵
  PID:10960
- C:\Windows\System\QVSuTXi.exe
  C:\Windows\System\QVSuTXi.exe
  2⤵
  PID:10988
- C:\Windows\System\DoKAERC.exe
  C:\Windows\System\DoKAERC.exe
  2⤵
  PID:11016
- C:\Windows\System\jIbKRew.exe
  C:\Windows\System\jIbKRew.exe
  2⤵
  PID:11048
- C:\Windows\System\xqFqHKe.exe
  C:\Windows\System\xqFqHKe.exe
  2⤵
  PID:11080
- C:\Windows\System\yiakTdk.exe
  C:\Windows\System\yiakTdk.exe
  2⤵
  PID:11108
- C:\Windows\System\SyHSsgh.exe
  C:\Windows\System\SyHSsgh.exe
  2⤵
  PID:11140
- C:\Windows\System\yxceKuE.exe
  C:\Windows\System\yxceKuE.exe
  2⤵
  PID:11168
- C:\Windows\System\yurhBHC.exe
  C:\Windows\System\yurhBHC.exe
  2⤵
  PID:11196
- C:\Windows\System\YzMwOMB.exe
  C:\Windows\System\YzMwOMB.exe
  2⤵
  PID:11248
- C:\Windows\System\nZZrQgd.exe
  C:\Windows\System\nZZrQgd.exe
  2⤵
  PID:10320
- C:\Windows\System\xYAvSCG.exe
  C:\Windows\System\xYAvSCG.exe
  2⤵
  PID:10432
- C:\Windows\System\ILPKvxG.exe
  C:\Windows\System\ILPKvxG.exe
  2⤵
  PID:10488
- C:\Windows\System\vloNcrl.exe
  C:\Windows\System\vloNcrl.exe
  2⤵
  PID:10552
- C:\Windows\System\QvWuznx.exe
  C:\Windows\System\QvWuznx.exe
  2⤵
  PID:10620
- C:\Windows\System\dJMbbxW.exe
  C:\Windows\System\dJMbbxW.exe
  2⤵
  PID:10688
- C:\Windows\System\LXloXhD.exe
  C:\Windows\System\LXloXhD.exe
  2⤵
  PID:10760
- C:\Windows\System\xywGAFM.exe
  C:\Windows\System\xywGAFM.exe
  2⤵
  PID:10812
- C:\Windows\System\ZKsjRpi.exe
  C:\Windows\System\ZKsjRpi.exe
  2⤵
  PID:10956
- C:\Windows\System\mQXkjwL.exe
  C:\Windows\System\mQXkjwL.exe
  2⤵
  PID:11064
- C:\Windows\System\OJdPPTx.exe
  C:\Windows\System\OJdPPTx.exe
  2⤵
  PID:11136
- C:\Windows\System\XUFvGox.exe
  C:\Windows\System\XUFvGox.exe
  2⤵
  PID:11212
- C:\Windows\System\SBlIxLg.exe
  C:\Windows\System\SBlIxLg.exe
  2⤵
  PID:10400
- C:\Windows\System\XeSHOxs.exe
  C:\Windows\System\XeSHOxs.exe
  2⤵
  PID:10684
- C:\Windows\System\QblTNhI.exe
  C:\Windows\System\QblTNhI.exe
  2⤵
  PID:10884
- C:\Windows\System\JzLSNSD.exe
  C:\Windows\System\JzLSNSD.exe
  2⤵
  PID:11236
- C:\Windows\System\HMyNGVG.exe
  C:\Windows\System\HMyNGVG.exe
  2⤵
  PID:4076
- C:\Windows\System\WlbzLLU.exe
  C:\Windows\System\WlbzLLU.exe
  2⤵
  PID:10616
- C:\Windows\System\sVcdqPU.exe
  C:\Windows\System\sVcdqPU.exe
  2⤵
  PID:11276
- C:\Windows\System\TgaNxdB.exe
  C:\Windows\System\TgaNxdB.exe
  2⤵
  PID:11304
- C:\Windows\System\gJWfCZy.exe
  C:\Windows\System\gJWfCZy.exe
  2⤵
  PID:11340
- C:\Windows\System\FdcyFId.exe
  C:\Windows\System\FdcyFId.exe
  2⤵
  PID:11372
- C:\Windows\System\oqeIQuq.exe
  C:\Windows\System\oqeIQuq.exe
  2⤵
  PID:11404
- C:\Windows\System\NvqRGyw.exe
  C:\Windows\System\NvqRGyw.exe
  2⤵
  PID:11432
- C:\Windows\System\MyFptGl.exe
  C:\Windows\System\MyFptGl.exe
  2⤵
  PID:11460
- C:\Windows\System\wAIlIwV.exe
  C:\Windows\System\wAIlIwV.exe
  2⤵
  PID:11488
- C:\Windows\System\OruXxdn.exe
  C:\Windows\System\OruXxdn.exe
  2⤵
  PID:11516
- C:\Windows\System\CeeVkoS.exe
  C:\Windows\System\CeeVkoS.exe
  2⤵
  PID:11548
- C:\Windows\System\TwjgOxC.exe
  C:\Windows\System\TwjgOxC.exe
  2⤵
  PID:11576
- C:\Windows\System\JZchbaC.exe
  C:\Windows\System\JZchbaC.exe
  2⤵
  PID:11604
- C:\Windows\System\WRvAeqq.exe
  C:\Windows\System\WRvAeqq.exe
  2⤵
  PID:11632
- C:\Windows\System\jHtAvRU.exe
  C:\Windows\System\jHtAvRU.exe
  2⤵
  PID:11668
- C:\Windows\System\gnEDgAc.exe
  C:\Windows\System\gnEDgAc.exe
  2⤵
  PID:11700
- C:\Windows\System\wRAPrRt.exe
  C:\Windows\System\wRAPrRt.exe
  2⤵
  PID:11728
- C:\Windows\System\OpWYLuI.exe
  C:\Windows\System\OpWYLuI.exe
  2⤵
  PID:11760
- C:\Windows\System\vrbMvYq.exe
  C:\Windows\System\vrbMvYq.exe
  2⤵
  PID:11788
- C:\Windows\System\ksXttEP.exe
  C:\Windows\System\ksXttEP.exe
  2⤵
  PID:11816
- C:\Windows\System\PZDBTHF.exe
  C:\Windows\System\PZDBTHF.exe
  2⤵
  PID:11844
- C:\Windows\System\RYYToGD.exe
  C:\Windows\System\RYYToGD.exe
  2⤵
  PID:11872
- C:\Windows\System\JQAQble.exe
  C:\Windows\System\JQAQble.exe
  2⤵
  PID:11904
- C:\Windows\System\ldjFKwW.exe
  C:\Windows\System\ldjFKwW.exe
  2⤵
  PID:11932
- C:\Windows\System\yxMKWrL.exe
  C:\Windows\System\yxMKWrL.exe
  2⤵
  PID:11960
- C:\Windows\System\lUYMIGB.exe
  C:\Windows\System\lUYMIGB.exe
  2⤵
  PID:11988
- C:\Windows\System\KmdKnnQ.exe
  C:\Windows\System\KmdKnnQ.exe
  2⤵
  PID:12024
- C:\Windows\System\BMGtyOn.exe
  C:\Windows\System\BMGtyOn.exe
  2⤵
  PID:12064
- C:\Windows\System\hMYgZzI.exe
  C:\Windows\System\hMYgZzI.exe
  2⤵
  PID:12092
- C:\Windows\System\NIMNUFH.exe
  C:\Windows\System\NIMNUFH.exe
  2⤵
  PID:12120
- C:\Windows\System\mlzOaao.exe
  C:\Windows\System\mlzOaao.exe
  2⤵
  PID:12152
- C:\Windows\System\pXJiNfE.exe
  C:\Windows\System\pXJiNfE.exe
  2⤵
  PID:12180
- C:\Windows\System\TnRSkcc.exe
  C:\Windows\System\TnRSkcc.exe
  2⤵
  PID:12208
- C:\Windows\System\qMvOMam.exe
  C:\Windows\System\qMvOMam.exe
  2⤵
  PID:12240
- C:\Windows\System\CljiVxx.exe
  C:\Windows\System\CljiVxx.exe
  2⤵
  PID:12268
- C:\Windows\System\WVSogzK.exe
  C:\Windows\System\WVSogzK.exe
  2⤵
  PID:11300
- C:\Windows\System\DqCcUYO.exe
  C:\Windows\System\DqCcUYO.exe
  2⤵
  PID:11324
- C:\Windows\System\KoZrjhl.exe
  C:\Windows\System\KoZrjhl.exe
  2⤵
  PID:11400
- C:\Windows\System\aBPFNql.exe
  C:\Windows\System\aBPFNql.exe
  2⤵
  PID:11452
- C:\Windows\System\fHylPdG.exe
  C:\Windows\System\fHylPdG.exe
  2⤵
  PID:11512
- C:\Windows\System\opwxctd.exe
  C:\Windows\System\opwxctd.exe
  2⤵
  PID:11588
- C:\Windows\System\WiareqN.exe
  C:\Windows\System\WiareqN.exe
  2⤵
  PID:11660
- C:\Windows\System\OmFXMFg.exe
  C:\Windows\System\OmFXMFg.exe
  2⤵
  PID:11696
- C:\Windows\System\olfAnzs.exe
  C:\Windows\System\olfAnzs.exe
  2⤵
  PID:11776
- C:\Windows\System\LTQFttJ.exe
  C:\Windows\System\LTQFttJ.exe
  2⤵
  PID:11836
- C:\Windows\System\qknhyyA.exe
  C:\Windows\System\qknhyyA.exe
  2⤵
  PID:11896
- C:\Windows\System\VSvnMIr.exe
  C:\Windows\System\VSvnMIr.exe
  2⤵
  PID:11972
- C:\Windows\System\kCqbGOv.exe
  C:\Windows\System\kCqbGOv.exe
  2⤵
  PID:12020
- C:\Windows\System\vNRnUig.exe
  C:\Windows\System\vNRnUig.exe
  2⤵
  PID:12076
- C:\Windows\System\jokQNyS.exe
  C:\Windows\System\jokQNyS.exe
  2⤵
  PID:12136
- C:\Windows\System\wJRCcSj.exe
  C:\Windows\System\wJRCcSj.exe
  2⤵
  PID:12176
- C:\Windows\System\BBWkrbi.exe
  C:\Windows\System\BBWkrbi.exe
  2⤵
  PID:12252
- C:\Windows\System\OftxRid.exe
  C:\Windows\System\OftxRid.exe
  2⤵
  PID:11268
- C:\Windows\System\aREalqE.exe
  C:\Windows\System\aREalqE.exe
  2⤵
  PID:4928
- C:\Windows\System\jwCXNNI.exe
  C:\Windows\System\jwCXNNI.exe
  2⤵
  PID:11508
- C:\Windows\System\ECPgILj.exe
  C:\Windows\System\ECPgILj.exe
  2⤵
  PID:11260
- C:\Windows\System\uoZXKAV.exe
  C:\Windows\System\uoZXKAV.exe
  2⤵
  PID:11800
- C:\Windows\System\SThignk.exe
  C:\Windows\System\SThignk.exe
  2⤵
  PID:11952
- C:\Windows\System\VfaFpiZ.exe
  C:\Windows\System\VfaFpiZ.exe
  2⤵
  PID:4552
- C:\Windows\System\IvqGIRd.exe
  C:\Windows\System\IvqGIRd.exe
  2⤵
  PID:12220
- C:\Windows\System\lNswqsI.exe
  C:\Windows\System\lNswqsI.exe
  2⤵
  PID:5104
- C:\Windows\System\IhWzFra.exe
  C:\Windows\System\IhWzFra.exe
  2⤵
  PID:456
- C:\Windows\System\IAKaiGN.exe
  C:\Windows\System\IAKaiGN.exe
  2⤵
  PID:11900
- C:\Windows\System\gJVqVqZ.exe
  C:\Windows\System\gJVqVqZ.exe
  2⤵
  PID:12172
- C:\Windows\System\pSqmOJH.exe
  C:\Windows\System\pSqmOJH.exe
  2⤵
  PID:11744
- C:\Windows\System\saDDSbC.exe
  C:\Windows\System\saDDSbC.exe
  2⤵
  PID:11500
- C:\Windows\System\lasBiod.exe
  C:\Windows\System\lasBiod.exe
  2⤵
  PID:12296
- C:\Windows\System\qPiSkVG.exe
  C:\Windows\System\qPiSkVG.exe
  2⤵
  PID:12324
- C:\Windows\System\sXAXqWT.exe
  C:\Windows\System\sXAXqWT.exe
  2⤵
  PID:12352
- C:\Windows\System\ZjhxDwi.exe
  C:\Windows\System\ZjhxDwi.exe
  2⤵
  PID:12380
- C:\Windows\System\ciWAcxc.exe
  C:\Windows\System\ciWAcxc.exe
  2⤵
  PID:12408
- C:\Windows\System\onLNoZw.exe
  C:\Windows\System\onLNoZw.exe
  2⤵
  PID:12436
- C:\Windows\System\dwkwUzC.exe
  C:\Windows\System\dwkwUzC.exe
  2⤵
  PID:12464
- C:\Windows\System\OUHyPvX.exe
  C:\Windows\System\OUHyPvX.exe
  2⤵
  PID:12492
- C:\Windows\System\ESwtDJf.exe
  C:\Windows\System\ESwtDJf.exe
  2⤵
  PID:12520
- C:\Windows\System\gYvkAPX.exe
  C:\Windows\System\gYvkAPX.exe
  2⤵
  PID:12552
- C:\Windows\System\ZdynGAW.exe
  C:\Windows\System\ZdynGAW.exe
  2⤵
  PID:12580
- C:\Windows\System\iVJKipa.exe
  C:\Windows\System\iVJKipa.exe
  2⤵
  PID:12608
- C:\Windows\System\eUpktrv.exe
  C:\Windows\System\eUpktrv.exe
  2⤵
  PID:12636
- C:\Windows\System\nENMcef.exe
  C:\Windows\System\nENMcef.exe
  2⤵
  PID:12664
- C:\Windows\System\dsjNVwI.exe
  C:\Windows\System\dsjNVwI.exe
  2⤵
  PID:12696
- C:\Windows\System\pQahPXP.exe
  C:\Windows\System\pQahPXP.exe
  2⤵
  PID:12724
- C:\Windows\System\jaRMYxL.exe
  C:\Windows\System\jaRMYxL.exe
  2⤵
  PID:12752
- C:\Windows\System\BRfXSVn.exe
  C:\Windows\System\BRfXSVn.exe
  2⤵
  PID:12780
- C:\Windows\System\OotModJ.exe
  C:\Windows\System\OotModJ.exe
  2⤵
  PID:12812
- C:\Windows\System\eyYBUIZ.exe
  C:\Windows\System\eyYBUIZ.exe
  2⤵
  PID:12840
- C:\Windows\System\jSxRdxe.exe
  C:\Windows\System\jSxRdxe.exe
  2⤵
  PID:12868
- C:\Windows\System\zTktZFJ.exe
  C:\Windows\System\zTktZFJ.exe
  2⤵
  PID:12896
- C:\Windows\System\CHMHSLR.exe
  C:\Windows\System\CHMHSLR.exe
  2⤵
  PID:12924
- C:\Windows\System\zPtpZEy.exe
  C:\Windows\System\zPtpZEy.exe
  2⤵
  PID:12952
- C:\Windows\System\lBWFdaw.exe
  C:\Windows\System\lBWFdaw.exe
  2⤵
  PID:12984
- C:\Windows\System\RbwZkWN.exe
  C:\Windows\System\RbwZkWN.exe
  2⤵
  PID:13012
- C:\Windows\System\mWYYtSK.exe
  C:\Windows\System\mWYYtSK.exe
  2⤵
  PID:13040
- C:\Windows\System\coinMeI.exe
  C:\Windows\System\coinMeI.exe
  2⤵
  PID:13080
- C:\Windows\System\MAfPzUA.exe
  C:\Windows\System\MAfPzUA.exe
  2⤵
  PID:13096
- C:\Windows\System\PxrYmhh.exe
  C:\Windows\System\PxrYmhh.exe
  2⤵
  PID:13124
- C:\Windows\System\XhhvuEh.exe
  C:\Windows\System\XhhvuEh.exe
  2⤵
  PID:13152
- C:\Windows\System\WsxsFKU.exe
  C:\Windows\System\WsxsFKU.exe
  2⤵
  PID:13184
- C:\Windows\System\fRrhrLI.exe
  C:\Windows\System\fRrhrLI.exe
  2⤵
  PID:13212
- C:\Windows\System\lHoCrzV.exe
  C:\Windows\System\lHoCrzV.exe
  2⤵
  PID:13240
- C:\Windows\System\UHGzbDx.exe
  C:\Windows\System\UHGzbDx.exe
  2⤵
  PID:13268
- C:\Windows\System\JxHddUa.exe
  C:\Windows\System\JxHddUa.exe
  2⤵
  PID:13296
- C:\Windows\System\tLHGJqt.exe
  C:\Windows\System\tLHGJqt.exe
  2⤵
  PID:12316
- C:\Windows\System\irWYHCQ.exe
  C:\Windows\System\irWYHCQ.exe
  2⤵
  PID:12376
- C:\Windows\System\RdLImYa.exe
  C:\Windows\System\RdLImYa.exe
  2⤵
  PID:12452
- C:\Windows\System\AJtQnWD.exe
  C:\Windows\System\AJtQnWD.exe
  2⤵
  PID:12512
- C:\Windows\System\QGIHFAy.exe
  C:\Windows\System\QGIHFAy.exe
  2⤵
  PID:12576
- C:\Windows\System\XtfCcHH.exe
  C:\Windows\System\XtfCcHH.exe
  2⤵
  PID:12632
- C:\Windows\System\CJICoyI.exe
  C:\Windows\System\CJICoyI.exe
  2⤵
  PID:12712
- C:\Windows\System\aDblnnT.exe
  C:\Windows\System\aDblnnT.exe
  2⤵
  PID:11056
- C:\Windows\System\ncAsJQI.exe
  C:\Windows\System\ncAsJQI.exe
  2⤵
  PID:12800
- C:\Windows\System\gqrlVxP.exe
  C:\Windows\System\gqrlVxP.exe
  2⤵
  PID:12888
- C:\Windows\System\JZINSGl.exe
  C:\Windows\System\JZINSGl.exe
  2⤵
  PID:12948
- C:\Windows\System\CqnoCEs.exe
  C:\Windows\System\CqnoCEs.exe
  2⤵
  PID:13024
- C:\Windows\System\AhRxZCf.exe
  C:\Windows\System\AhRxZCf.exe
  2⤵
  PID:13088
- C:\Windows\System\CZxtFEq.exe
  C:\Windows\System\CZxtFEq.exe
  2⤵
  PID:13144
- C:\Windows\System\DifJYRS.exe
  C:\Windows\System\DifJYRS.exe
  2⤵
  PID:13204
- C:\Windows\System\wjXEbIq.exe
  C:\Windows\System\wjXEbIq.exe
  2⤵
  PID:13264
- C:\Windows\System\FNyAQZg.exe
  C:\Windows\System\FNyAQZg.exe
  2⤵
  PID:12368
- C:\Windows\System\qljrGbx.exe
  C:\Windows\System\qljrGbx.exe
  2⤵
  PID:12504
- C:\Windows\System\SusgjAD.exe
  C:\Windows\System\SusgjAD.exe
  2⤵
  PID:12748
- C:\Windows\System\GrHMUrj.exe
  C:\Windows\System\GrHMUrj.exe
  2⤵
  PID:12824
- C:\Windows\System\NFsApCe.exe
  C:\Windows\System\NFsApCe.exe
  2⤵
  PID:12944
- C:\Windows\System\bLokWHt.exe
  C:\Windows\System\bLokWHt.exe
  2⤵
  PID:13116
- C:\Windows\System\pZqzqZx.exe
  C:\Windows\System\pZqzqZx.exe
  2⤵
  PID:13256
- C:\Windows\System\KXOnVrZ.exe
  C:\Windows\System\KXOnVrZ.exe
  2⤵
  PID:12488
- C:\Windows\System\JPydOaF.exe
  C:\Windows\System\JPydOaF.exe
  2⤵
  PID:4700
- C:\Windows\System\vmLMwtX.exe
  C:\Windows\System\vmLMwtX.exe
  2⤵
  PID:13076
- C:\Windows\System\jRqRIXa.exe
  C:\Windows\System\jRqRIXa.exe
  2⤵
  PID:12348
- C:\Windows\System\kNMsxsk.exe
  C:\Windows\System\kNMsxsk.exe
  2⤵
  PID:12936
- C:\Windows\System\dBGiwFg.exe
  C:\Windows\System\dBGiwFg.exe
  2⤵
  PID:12916
- C:\Windows\System\xMiMIRV.exe
  C:\Windows\System\xMiMIRV.exe
  2⤵
  PID:13328
- C:\Windows\System\OoEmnLv.exe
  C:\Windows\System\OoEmnLv.exe
  2⤵
  PID:13356
- C:\Windows\System\BVzrrcE.exe
  C:\Windows\System\BVzrrcE.exe
  2⤵
  PID:13384
- C:\Windows\System\vzcFiwz.exe
  C:\Windows\System\vzcFiwz.exe
  2⤵
  PID:13412
- C:\Windows\System\CRUuYNZ.exe
  C:\Windows\System\CRUuYNZ.exe
  2⤵
  PID:13440
- C:\Windows\System\vLlKjBS.exe
  C:\Windows\System\vLlKjBS.exe
  2⤵
  PID:13468
- C:\Windows\System\aUnsspI.exe
  C:\Windows\System\aUnsspI.exe
  2⤵
  PID:13496
- C:\Windows\System\jqDVLJa.exe
  C:\Windows\System\jqDVLJa.exe
  2⤵
  PID:13524
- C:\Windows\System\JFJrxdf.exe
  C:\Windows\System\JFJrxdf.exe
  2⤵
  PID:13552
- C:\Windows\System\jhjiacP.exe
  C:\Windows\System\jhjiacP.exe
  2⤵
  PID:13580
- C:\Windows\System\RJTtwpk.exe
  C:\Windows\System\RJTtwpk.exe
  2⤵
  PID:13608
- C:\Windows\System\vibXVOa.exe
  C:\Windows\System\vibXVOa.exe
  2⤵
  PID:13636
- C:\Windows\System\oQiqivk.exe
  C:\Windows\System\oQiqivk.exe
  2⤵
  PID:13672
- C:\Windows\System\yJCdemb.exe
  C:\Windows\System\yJCdemb.exe
  2⤵
  PID:13700
- C:\Windows\System\NaYdVAm.exe
  C:\Windows\System\NaYdVAm.exe
  2⤵
  PID:13728
- C:\Windows\System\SsvBdJC.exe
  C:\Windows\System\SsvBdJC.exe
  2⤵
  PID:13760
- C:\Windows\System\bQAgyxj.exe
  C:\Windows\System\bQAgyxj.exe
  2⤵
  PID:13788
- C:\Windows\System\UjGAVBK.exe
  C:\Windows\System\UjGAVBK.exe
  2⤵
  PID:13816
- C:\Windows\System\dtXgook.exe
  C:\Windows\System\dtXgook.exe
  2⤵
  PID:13844
- C:\Windows\System\BhrBiSW.exe
  C:\Windows\System\BhrBiSW.exe
  2⤵
  PID:13872
- C:\Windows\System\ohWuwwr.exe
  C:\Windows\System\ohWuwwr.exe
  2⤵
  PID:13900
- C:\Windows\System\XpCwdPu.exe
  C:\Windows\System\XpCwdPu.exe
  2⤵
  PID:13928
- C:\Windows\System\hQkxtSu.exe
  C:\Windows\System\hQkxtSu.exe
  2⤵
  PID:13956
- C:\Windows\System\CgzJDDa.exe
  C:\Windows\System\CgzJDDa.exe
  2⤵
  PID:13984
- C:\Windows\System\OULYCqA.exe
  C:\Windows\System\OULYCqA.exe
  2⤵
  PID:14012
- C:\Windows\System\xgrmCuy.exe
  C:\Windows\System\xgrmCuy.exe
  2⤵
  PID:14052
- C:\Windows\System\FlwvVNq.exe
  C:\Windows\System\FlwvVNq.exe
  2⤵
  PID:14068
- C:\Windows\System\GwwEuji.exe
  C:\Windows\System\GwwEuji.exe
  2⤵
  PID:14096
- C:\Windows\System\cqJHblj.exe
  C:\Windows\System\cqJHblj.exe
  2⤵
  PID:14124
- C:\Windows\System\wmuHXxW.exe
  C:\Windows\System\wmuHXxW.exe
  2⤵
  PID:14152
- C:\Windows\System\TyBIxvp.exe
  C:\Windows\System\TyBIxvp.exe
  2⤵
  PID:14180
- C:\Windows\System\DpXlafp.exe
  C:\Windows\System\DpXlafp.exe
  2⤵
  PID:14208
- C:\Windows\System\sLgsgXQ.exe
  C:\Windows\System\sLgsgXQ.exe
  2⤵
  PID:14236
- C:\Windows\System\nRKqeBW.exe
  C:\Windows\System\nRKqeBW.exe
  2⤵
  PID:14264
- C:\Windows\System\ePFYfJs.exe
  C:\Windows\System\ePFYfJs.exe
  2⤵
  PID:14292
- C:\Windows\System\tzgbTBU.exe
  C:\Windows\System\tzgbTBU.exe
  2⤵
  PID:14320
- C:\Windows\System\UnZLHSw.exe
  C:\Windows\System\UnZLHSw.exe
  2⤵
  PID:13340
- C:\Windows\System\zOfKuzL.exe
  C:\Windows\System\zOfKuzL.exe
  2⤵
  PID:13380
- C:\Windows\System\nOdbnql.exe
  C:\Windows\System\nOdbnql.exe
  2⤵
  PID:13456
- C:\Windows\System\dVqIshG.exe
  C:\Windows\System\dVqIshG.exe
  2⤵
  PID:13516
- C:\Windows\System\eQGzRsd.exe
  C:\Windows\System\eQGzRsd.exe
  2⤵
  PID:3732
- C:\Windows\System\EDbAAJw.exe
  C:\Windows\System\EDbAAJw.exe
  2⤵
  PID:13628
- C:\Windows\System\ElnDBGr.exe
  C:\Windows\System\ElnDBGr.exe
  2⤵
  PID:13692
- C:\Windows\System\VnGVZcZ.exe
  C:\Windows\System\VnGVZcZ.exe
  2⤵
  PID:13756
- C:\Windows\System\HDIPlHZ.exe
  C:\Windows\System\HDIPlHZ.exe
  2⤵
  PID:13828
- C:\Windows\System\RnFXBuC.exe
  C:\Windows\System\RnFXBuC.exe
  2⤵
  PID:13892
- C:\Windows\System\WnDASJn.exe
  C:\Windows\System\WnDASJn.exe
  2⤵
  PID:13952
- C:\Windows\System\uKllLVg.exe
  C:\Windows\System\uKllLVg.exe
  2⤵
  PID:4584
- C:\Windows\System\UvlmDlS.exe
  C:\Windows\System\UvlmDlS.exe
  2⤵
  PID:14008
- C:\Windows\System\GNgNDWk.exe
  C:\Windows\System\GNgNDWk.exe
  2⤵
  PID:14084
- C:\Windows\System\daaotBi.exe
  C:\Windows\System\daaotBi.exe
  2⤵
  PID:14144
- C:\Windows\System\MPXgvmo.exe
  C:\Windows\System\MPXgvmo.exe
  2⤵
  PID:14200
- C:\Windows\System\CVmTWBJ.exe
  C:\Windows\System\CVmTWBJ.exe
  2⤵
  PID:14260
- C:\Windows\System\baVxrYg.exe
  C:\Windows\System\baVxrYg.exe
  2⤵
  PID:12808
- C:\Windows\System\iCPqDPp.exe
  C:\Windows\System\iCPqDPp.exe
  2⤵
  PID:13432
- C:\Windows\System\scNsVsQ.exe
  C:\Windows\System\scNsVsQ.exe
  2⤵
  PID:13600
- C:\Windows\System\miYMzVd.exe
  C:\Windows\System\miYMzVd.exe
  2⤵
  PID:13744
- C:\Windows\System\TCHMctn.exe
  C:\Windows\System\TCHMctn.exe
  2⤵
  PID:13884
- C:\Windows\System\rllxigK.exe
  C:\Windows\System\rllxigK.exe
  2⤵
  PID:13976
- C:\Windows\System\pZQYMOi.exe
  C:\Windows\System\pZQYMOi.exe
  2⤵
  PID:14136
- C:\Windows\System\OEQUcai.exe
  C:\Windows\System\OEQUcai.exe
  2⤵
  PID:14304
- C:\Windows\System\beEzYZd.exe
  C:\Windows\System\beEzYZd.exe
  2⤵
  PID:13548
- C:\Windows\System\eqvNKoZ.exe
  C:\Windows\System\eqvNKoZ.exe
  2⤵
  PID:13868
- C:\Windows\System\kjIorJP.exe
  C:\Windows\System\kjIorJP.exe
  2⤵
  PID:14196
- C:\Windows\System\kPBFLxw.exe
  C:\Windows\System\kPBFLxw.exe
  2⤵
  PID:13808
- C:\Windows\System\qCkqktt.exe
  C:\Windows\System\qCkqktt.exe
  2⤵
  PID:13688
- C:\Windows\System\zadqMPD.exe
  C:\Windows\System\zadqMPD.exe
  2⤵
  PID:14352
- C:\Windows\System\vacaiwe.exe
  C:\Windows\System\vacaiwe.exe
  2⤵
  PID:14380
- C:\Windows\System\XfBMhgn.exe
  C:\Windows\System\XfBMhgn.exe
  2⤵
  PID:14408
- C:\Windows\System\tfpDcln.exe
  C:\Windows\System\tfpDcln.exe
  2⤵
  PID:14436
- C:\Windows\System\XGsRHDM.exe
  C:\Windows\System\XGsRHDM.exe
  2⤵
  PID:14464
- C:\Windows\System\upBvYzm.exe
  C:\Windows\System\upBvYzm.exe
  2⤵
  PID:14496
- C:\Windows\System\mpMREXj.exe
  C:\Windows\System\mpMREXj.exe
  2⤵
  PID:14524
- C:\Windows\System\IpQaXGW.exe
  C:\Windows\System\IpQaXGW.exe
  2⤵
  PID:14552
- C:\Windows\System\GJsFWvg.exe
  C:\Windows\System\GJsFWvg.exe
  2⤵
  PID:14584
- C:\Windows\System\TnKhsEE.exe
  C:\Windows\System\TnKhsEE.exe
  2⤵
  PID:14612
- C:\Windows\System\IxiZTOm.exe
  C:\Windows\System\IxiZTOm.exe
  2⤵
  PID:14640
- C:\Windows\System\TXcgZIF.exe
  C:\Windows\System\TXcgZIF.exe
  2⤵
  PID:14668
- C:\Windows\System\NCfwKSY.exe
  C:\Windows\System\NCfwKSY.exe
  2⤵
  PID:14696
- C:\Windows\System\YjpYfjS.exe
  C:\Windows\System\YjpYfjS.exe
  2⤵
  PID:14724
- C:\Windows\System\GunbwWj.exe
  C:\Windows\System\GunbwWj.exe
  2⤵
  PID:14752
- C:\Windows\System\sxfFDnl.exe
  C:\Windows\System\sxfFDnl.exe
  2⤵
  PID:14780
- C:\Windows\System\bfRVtBl.exe
  C:\Windows\System\bfRVtBl.exe
  2⤵
  PID:14808
- C:\Windows\System\BDDUyCa.exe
  C:\Windows\System\BDDUyCa.exe
  2⤵
  PID:14836
- C:\Windows\System\MjuUUhh.exe
  C:\Windows\System\MjuUUhh.exe
  2⤵
  PID:14864
- C:\Windows\System\IYalmvX.exe
  C:\Windows\System\IYalmvX.exe
  2⤵
  PID:14892
- C:\Windows\System\ZQwbjcK.exe
  C:\Windows\System\ZQwbjcK.exe
  2⤵
  PID:14920
- C:\Windows\System\vLoGZaN.exe
  C:\Windows\System\vLoGZaN.exe
  2⤵
  PID:14948
- C:\Windows\System\ADkmezm.exe
  C:\Windows\System\ADkmezm.exe
  2⤵
  PID:14976
- C:\Windows\System\fGqMwFc.exe
  C:\Windows\System\fGqMwFc.exe
  2⤵
  PID:15004
- C:\Windows\System\phpbKme.exe
  C:\Windows\System\phpbKme.exe
  2⤵
  PID:15032
- C:\Windows\System\BKeowVl.exe
  C:\Windows\System\BKeowVl.exe
  2⤵
  PID:15052
- C:\Windows\System\KCmtfXL.exe
  C:\Windows\System\KCmtfXL.exe
  2⤵
  PID:15168
- C:\Windows\System\ktXeeFv.exe
  C:\Windows\System\ktXeeFv.exe
  2⤵
  PID:15292

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AQNAjBB.exe

Filesize
6.0MB

MD5
d8f0fd4e7db13547af47e4bd6dba9b19

SHA1
0f4ce275df71da38d6c1dca4e7a29ba12ddf578b

SHA256
99fa8213212feb30302668dfa5625e7b606e6484a45193eae90b62fa7ad275ac

SHA512
5387b12c4412a3d71f10d26bc27e237aba3f16bd60fe39851417923e9d1cf5dee2a9ab7e50c20afe515d4ea03bb8e214cbe161aca59f7e06e69109f9b4d2ee38

Download Submit
C:\Windows\System\EGonyjV.exe

Filesize
6.0MB

MD5
30dc3519dd0774367ff35abd76197059

SHA1
d944b1155d160b6eac49dbef20870346886434bc

SHA256
fc40c14967439f84828a66a8f233efc1821505b02a406ee4f24e072beb822bfb

SHA512
3a6971874254bca06889567984389097f5d3a00c5194c19a0251332fc6159accb65b5c092bfd61a3b3048ef79ef8bc0ff7827da144e02dcc9bd4fea08faa9acd

Download Submit
C:\Windows\System\FmjVzVK.exe

Filesize
6.0MB

MD5
49b6d375c536b2dcf9f23bc386200f35

SHA1
51bc1b906224775c3a23686d0159fe22f2ba6bef

SHA256
2091df8887319f4e316287d57127d4547b0de246e22bb08d5f7f6a4753b31404

SHA512
3cf67ebcaf76c10c5d166b08543473725693bf72819451c593bae32887289d668a0cf1046e824f1923f9ac5dd0175a82b4e3b9ea6684d82258dbe6ee5e5d145b

Download Submit
C:\Windows\System\HpFVErd.exe

Filesize
6.0MB

MD5
43c1de5d49ecafd70322562921376bfa

SHA1
2dc65ff2de381998b2e9ff0b0315f76ad34d28cc

SHA256
1899de723ac71d70f6c7ecd9caa385d2e224c1603c3be8f632b243552faf644a

SHA512
3af0605171542bc05bb90cf8336310b73049037995da10030de8322683a72573dd4cf34fcfc0845431b1e4f5be59160b6306554ec357e7e8c70caad024b03774

Download Submit
C:\Windows\System\ICRFCFG.exe

Filesize
6.0MB

MD5
31dc190ed594d426c928e409da46f692

SHA1
77bc8639c02ffdd0ca41cf1aeaf435a1df604133

SHA256
06bb4a71664311b8ac18b10ec4d69be3c33cb84e9cfb71c1d8090f3f3b13298f

SHA512
e1f0b49e7cdd884189379ee79c1352379738f81f3ab49a3b30b0c8c3832ce46500c88ee746c36c31f7947ddbf77fe146916e16c9d42f1f82daa3aa3a7135bc15

Download Submit
C:\Windows\System\MLqaBXu.exe

Filesize
6.0MB

MD5
a430c9ffd516bd5973ded49256a7c5ce

SHA1
6fb02822d941bb4a12a8cf86fa168aece99ef3d1

SHA256
d2ca8dfd9a93f653278c897b7be17256ba717ec4c977dfdc68520bc2b112868d

SHA512
fa4298855bb8d6882a6d118bd7fcd3c71ff5b5a55517039da803d11531b277985886e5b993a0e2f5017c3e48430dce86707010220e9253fda76a36dcf6d2b9e0

Download Submit
C:\Windows\System\PioXheX.exe

Filesize
6.0MB

MD5
ba109ecc9aa6f3e54f59a06fbc444ee9

SHA1
ac93212b86187771916105a2a88a78dae41da40a

SHA256
7e97297adeebb989994652120bdcefef445e501eabf3c2b21227241ba095e93b

SHA512
39a393355244d99bdc8cc469a9a7b017601e63181587d0e207b968ecedeb2141c1ac5411d87def69f75bae3d18e528fe36af8406b6c26c8165c3c4d7fe3a369c

Download Submit
C:\Windows\System\SsKgZHu.exe

Filesize
6.0MB

MD5
52ac4f0c6964f99d2e72ea6a49dcf1a9

SHA1
0d63d1f639f5e1df9634e9f0992ba696a18b9feb

SHA256
9820271cf1bb4272a66622794705d0acb56395d20f1cbd4dfc500b3d5d8a123c

SHA512
06f92a0e17369b23f13232ad4125d44167ba3facfab78b2e7eac8a386bea8862238c244f5f4e0358f850cdadc239f3948a173c3fc65440ae587b327e3d326b6a

Download Submit
C:\Windows\System\UOdDoxf.exe

Filesize
6.0MB

MD5
b4708126b464485f39ae9321bede83e9

SHA1
07351ba9fb2c64269a8315e6ca77e3d54410f3b7

SHA256
9d6de2ae81539e795337321eba8290fbaf56d2f9a5e638e6e164e1f69c417a2f

SHA512
e2906c23bef5da1a6690c578b0390efad9391a3f9703de4b47430435f597ab8eca01359594a9e9f855975affd34f8eccca9b6230ca769f980df9def8c93011ce

Download Submit
C:\Windows\System\WkmoTvr.exe

Filesize
6.0MB

MD5
9812d7f5c6cb0652565cf0459d0c45f3

SHA1
e04e8317800a736dc162b2e9d02773a845776b6a

SHA256
43fc7aa337c9afff2716d042132063f1aedcabb8458577c750dd8eda56c3b1b2

SHA512
6b162b06465fe61bac7efc33fb932635b20e5ce8f5f23c0b5a9fef274162b9666b135f64d5f0af10dca1eac79f4e58c539ab523a2371e1575b16f1ff0059ea29

Download Submit
C:\Windows\System\XDfSxAn.exe

Filesize
6.0MB

MD5
7d670d4ec3109457351a0a74172c547a

SHA1
8b80ac349a3814bc807780cc955813984bea88c2

SHA256
91537022d12fcf5ffd6d33e5d14743fdfd125b5b93eaf4985f3f8e450a88df89

SHA512
b1e563770770a09b65fb972785bc1a17a7de9d01570dc98a92a1a7d8009ec1f2e4bf00813ba17292cebca9407cf8a53a600d697e3a1fed116e53dc2bfe423a44

Download Submit
C:\Windows\System\XeRlxDr.exe

Filesize
6.0MB

MD5
4114aa284208791d61ae4ba6a33be474

SHA1
2e5eb3c83471c802ac821935e1f29fc8004ac8e6

SHA256
b1ae622951e0b828b3e914f8a99a9e532954c7e48e101b85634d67f30d82eaf7

SHA512
8ef01a21d20eb72ee8446733272aedf8e6703a718cae2619c4ca7ed54b5a9fe4cdb70ba82dd44dac0ca481266f1382f0bdfd9eda6209a4078e31acea5c638af2

Download Submit
C:\Windows\System\XpVVkKp.exe

Filesize
6.0MB

MD5
eda89b01a5dda0baf4697f835f72b27a

SHA1
0cfa74d36270a2b72ec11b0db1532f976b88ff6f

SHA256
27b36461a54da43874f020a1344f83cd8d5e5e2fc7741b74988453b6210497e6

SHA512
547f43ab8b6f538d8faf4ad1793325f9380b5196e11ba48e50994011990b6c5ba6dd9cfd0276810fd103f10b7276db3bfd02d1278105adbe24cc7982b7ec6a15

Download Submit
C:\Windows\System\ZYFpRiR.exe

Filesize
6.0MB

MD5
4cacb5e6f090552cf9d21361b6b8e298

SHA1
2f9a3c4a54273f8547218de0195408cd01334c83

SHA256
33702cd94242262f3f3cd7ba249ca236b99516ecfabc550db38de58f66fc322c

SHA512
bbd1ede68b927f3033b1da8ff72d08f602b527f2df1773d41705bb186d6950a94f738c125cd9302f98dfc710517614696e061db85a07349595694a2a3b3ac1da

Download Submit
C:\Windows\System\ZifXzNM.exe

Filesize
6.0MB

MD5
66d97345842c10d084d009ac47ee6022

SHA1
146a2eb5b1fd69bdd4dcd9369a3371409cb98778

SHA256
be4732de6e4d8b05cbb796317f2c5524c755020b15c7bcdd2e73e217e21de920

SHA512
715c798ba5875146bdfe4364e141e119cf21ed3b0303c5d5d6c250ba019dc04309d8c90a1986f0b9d6f97a7d4f7651a26995a77fbfaa6de5d7ff41d2e2473345

Download Submit
C:\Windows\System\czqfNlL.exe

Filesize
6.0MB

MD5
460e33eff943f8f16c07a81203a289a1

SHA1
ce9b8625d93a6f507451fff850dbd05fb6c91275

SHA256
f8a5767f8ea498296fdca1ce6d004e67ffdbe219a0b0e99e8300df0bbceff72b

SHA512
c2634f8bbac4e6efe29b0006ba57dc5bf158d878444045ad1491f44908fa00ff6d75dd68f1cb3da93964166a99b0f59a7ea9b8f1d6d4b777f29daef03abb50ad

Download Submit
C:\Windows\System\dmWCacS.exe

Filesize
6.0MB

MD5
230632c4d6c036921c6e60093a90a133

SHA1
9d794b2f8cc34ec3ad6effbe4c11e219aa71693b

SHA256
794dfca9d69737e2e8a06395618455443eb63a5602bf4e93295d613aade101e1

SHA512
bcf08b98261405051ee3562cb09ad1d408f8c60835b0f9a9a9daaac1d3cd57597f383c6835afa72f4792169165223d8a04deb8a4e0b552c68cdddf7cdafbcc53

Download Submit
C:\Windows\System\dyDbyWy.exe

Filesize
6.0MB

MD5
7545532525a34e1ef39218564bcbeaa1

SHA1
271869f37cc8bc410d9022085b6bdfe762d37252

SHA256
db485d01180d7702fec3619d3ede5988889ffce4867c68de6c428791b16f19ba

SHA512
e5b1b199e9a34c1e9fd21c845cd666ef5ab72cc59ec06b2c71f44be4ecbff22120d8caa316c3cb93005da448359777f8c0394c3dba3c8b0267913473095768a3

Download Submit
C:\Windows\System\gDqhYcT.exe

Filesize
6.0MB

MD5
4617388f47d8844912564f23984c9490

SHA1
8393f32f8a3412cca973cbc7e146cb8b80ddd5cf

SHA256
4bd8f3dc1d2de73e13c6c54b11699cda88ad9069c3579cec1fe825f9fd66a63d

SHA512
71181714c24cc1dcb57f7bb032757eb81855e7ebe370d1b535c2e0f8b27c7c3f41c84c86c9a69ad10fb4a91b70fe6f1bf31f0b71320707461a21775180610a0b

Download Submit
C:\Windows\System\hAiZEhe.exe

Filesize
6.0MB

MD5
a33290c3cafc3fb6c87bf3f54cb526e2

SHA1
df7812dd2cf2b7a463d354ebbd5069d44a3b2b60

SHA256
f21dfc1b57abc566c74f68b9784701f8f84106abef4734883a75df842205bb0c

SHA512
bcae72c22d1c2b3de0f8886dbb07434415bdf9cf46ea9b36e9cf97c05e9040823950ca25f1145e2e14bab1a07934126095a5540dcd24af109eb0ef816165e4ae

Download Submit
C:\Windows\System\hBlTNgy.exe

Filesize
6.0MB

MD5
d85ee786b55f90d059c127592e571602

SHA1
fc5fb7a2ea4b619e523047ec183acc93ae534c4a

SHA256
d5a244ea11b983fe12789b7a6184a1fefb41548f7bd32062853ba94c45476e25

SHA512
985f5dd0e4338caeaf1d0ba19371149f98955d39b610181c9548485f0a9bb6610dadab0879ea17fe33f36f7d0c52aae201768f98d088808a4a0439e08412a71d

Download Submit
C:\Windows\System\iIQdyhw.exe

Filesize
6.0MB

MD5
b89c8304974e9102df3ff6f58dd6e581

SHA1
1c8f49a842bdd171bdf9330d6ce4951399ba839a

SHA256
7f081f1ab4b743843c466083b145562b6c9b0b32853e15412014bd135fb8ae7d

SHA512
2337d35c5c6dbf49cde8cb06582884e329590e4cbfab9600e79d560c31657f1bfd037100058a0ac0184bf4a8e686b77671834ef4476a3acd8612b833d74b9c6f

Download Submit
C:\Windows\System\leKDdlu.exe

Filesize
6.0MB

MD5
d50f6e21b6396ba6fc29d1eb6985a032

SHA1
0773b6ff0079a985c5be36b2bd75cc20687f1370

SHA256
7b372515bf5eb289087971d606d7eb56a0019527c1ff694c524668bafe70539f

SHA512
902db75f83ef658e4e01c36aeea5448373e7f7066d67fbd6d53105d24e95b400021871d3823c30f2ddf95fb9859ed9475520d70b0219b1e4babad9f9895d3b55

Download Submit
C:\Windows\System\nNCapiW.exe

Filesize
6.0MB

MD5
3bbbe2600610cb55233066011a7d62ef

SHA1
6d9d3de5c1f4de070cca17ffe9eeecce0c829f03

SHA256
11af3db20efaa9f30957442becc224a09c979a886aea51389782f391eeff37fd

SHA512
81589b069e0a262739c1f8b5b437c835e964cff5b7adbd9a9d1f783354158125cb04908672f3725a994944ec52fbee938e8d0762f0ca62cdfbcf5230e0f1c4a1

Download Submit
C:\Windows\System\oPOwTCX.exe

Filesize
6.0MB

MD5
7ae0e57c42262713a6c02dc6537fefac

SHA1
275f997c91ab7546f7f513f8ced96c0b2814ef06

SHA256
5836ec0bf748c1b1930b8df5718535bf41db56bf187a1860217e786f63f7688e

SHA512
42da4cc9549b0105a710a058114bf4b0578318b4353c4d8278f39d35b81b56d596055a2a6fef80aa401fea1c3009b503c5a70149a54b0a030a1f0f3bdafaf0e4

Download Submit
C:\Windows\System\qQLYorP.exe

Filesize
6.0MB

MD5
a7bfd036407bc0b2c13785c1391d045d

SHA1
2bbe41b0f1038b1a706c68a5bac5fc5bcf9540aa

SHA256
ca964d40f72c5617b766e77dd35da09464797dc45859cb69d558ba2d4baad7d2

SHA512
1264f7131b077f19c24ce6d0c15077d6727869e91e54231a78c1d8c36063cf241c781bc2e42d1647fb518fcf8289a6e41629c869f08f6506966ab7b05f8d020a

Download Submit
C:\Windows\System\rEwreaR.exe

Filesize
6.0MB

MD5
5f578a5eb0702362cf629331c19426ab

SHA1
f4c32b45b79269e4c6ea9f2b63d34089de1ba152

SHA256
d22b99f78b50160aa122bf4c1f42ad5e2024dcf6228407ba09d80e4512b320d1

SHA512
e06422fc326fc385f1348328e4f9d44893ee515bf50b11b2146e22771107b49bc31ce25f81a10b7acacafbd348ab7e170a5d56f408e19ba622b794662cad5bfc

Download Submit
C:\Windows\System\rQUbsLX.exe

Filesize
6.0MB

MD5
30a89d8b460e6f6a9e75d23df5c83d2d

SHA1
65faadb5964323884169175fc8b8cd3606f9e8ea

SHA256
c0926a7d20ec85382e790b70a2d7030d0bb006a0345dc4ccb63ba0c36e818d98

SHA512
4f672c5c6ae0e9c6151647b5c0fa34815004732e373d888d6d1e63b5e26202d15d9e9803f3bab85b7ee83054cd8534cf47a0baef1aaf0c1b9413d382b1c2000b

Download Submit
C:\Windows\System\tqlwXBk.exe

Filesize
6.0MB

MD5
b89f3ff4424c810e8a6f53038ff70342

SHA1
62681bda30b8cfc5c1ac8442317cb9e098c6c359

SHA256
7db96f2878da362d84b295299e43b4f6a5d7dda2782c00e718001d6de8dd700d

SHA512
24e51f104706ea757b4d33aad76f7c5421af6c48c3b7458e929079a4c1012a4685d1b07663153f82459121c27aca40fe6b211c68e3bde642ac865c9993e7465a

Download Submit
C:\Windows\System\ukjWADC.exe

Filesize
6.0MB

MD5
4544ecdeb990e0937ff68b48b0b16180

SHA1
00677dd762f3ac553f3fb31292184fc367938277

SHA256
a570787849167bee463e1910271ca7989ec7a7baeb73587a8f9f1beecc0680a7

SHA512
de0bf22980e3ae6281c380760b9c53a1a51735da662df0cb5204d0d45a4d40d54308246bddd0272406dd8e6cc1ebb5e7e35e64bedf5b3928e55c8342bd362a44

Download Submit
C:\Windows\System\vBEZqFJ.exe

Filesize
6.0MB

MD5
e2baf19a4da7d5361ac9d801e9c4bd04

SHA1
9ca25d0de6290250ffa5a984309f60fd8d099870

SHA256
fde8e31fe5f2a9d7302e420c1102cbf2f9f73def3c9bea767af064c5d764b4bb

SHA512
d328827473e1911f1f696a4b8462063675d4fba2a8affb2f381b8eb007455a7caae563ebb327b496f55c63f04162b6a39af7ba7562ec565b34660d67205b28ae

Download Submit
C:\Windows\System\vLmQDBC.exe

Filesize
6.0MB

MD5
b9065e574bbdfc873d6fd71fcee8671c

SHA1
8d06d9a3196f01be02385033bebf1a6aa61cbff1

SHA256
5d7c591fa9eaa9a9c1a0b7a427763b3307c8a279c4a46ee00d3e6e6c031bf470

SHA512
991b6cec01493850eb7e7923d458f810db255cb55add727ebd6cf07b5e001d5c0e514e4f7dd49bb8a3dad7dded513fb9c6d2a5b079dc9f935104406dfdcd15dc

Download Submit
C:\Windows\System\zRdFXuP.exe

Filesize
6.0MB

MD5
770c3c67e7055c745a0b2c24ba89745a

SHA1
cedb1f6a2cca07a3ed163cbd51757e34cff94b77

SHA256
162ff4536fbe9f708ac4053959cd95bb8469da163cd92148fab7b9e17445254c

SHA512
3fa0ce208492efc379f807a64f2c53ec6d7791ec8bd605fef4d78d24873bbf3899f48d58c9b600a597d8c15b4a8c070df989d548330ee19fa131c5dfbe47adf0

Download Submit
memory/636-191-0x00007FF7213F0000-0x00007FF721744000-memory.dmp

Filesize
3.3MB

Download
memory/636-2299-0x00007FF7213F0000-0x00007FF721744000-memory.dmp

Filesize
3.3MB

Download
memory/636-1890-0x00007FF7213F0000-0x00007FF721744000-memory.dmp

Filesize
3.3MB

Download
memory/852-2285-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp

Filesize
3.3MB

Download
memory/852-95-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp

Filesize
3.3MB

Download
memory/852-169-0x00007FF7C5D70000-0x00007FF7C60C4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-85-0x00007FF774300000-0x00007FF774654000-memory.dmp

Filesize
3.3MB

Download
memory/1064-27-0x00007FF774300000-0x00007FF774654000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2275-0x00007FF774300000-0x00007FF774654000-memory.dmp

Filesize
3.3MB

Download
memory/1144-177-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-1750-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-2297-0x00007FF752F70000-0x00007FF7532C4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-103-0x00007FF7FE640000-0x00007FF7FE994000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2277-0x00007FF7FE640000-0x00007FF7FE994000-memory.dmp

Filesize
3.3MB

Download
memory/1228-36-0x00007FF7FE640000-0x00007FF7FE994000-memory.dmp

Filesize
3.3MB

Download
memory/1280-161-0x00007FF796CE0000-0x00007FF797034000-memory.dmp

Filesize
3.3MB

Download
memory/1280-1476-0x00007FF796CE0000-0x00007FF797034000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2296-0x00007FF796CE0000-0x00007FF797034000-memory.dmp

Filesize
3.3MB

Download
memory/1372-162-0x00007FF727000000-0x00007FF727354000-memory.dmp

Filesize
3.3MB

Download
memory/1372-86-0x00007FF727000000-0x00007FF727354000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2284-0x00007FF727000000-0x00007FF727354000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2276-0x00007FF721720000-0x00007FF721A74000-memory.dmp

Filesize
3.3MB

Download
memory/1508-94-0x00007FF721720000-0x00007FF721A74000-memory.dmp

Filesize
3.3MB

Download
memory/1508-30-0x00007FF721720000-0x00007FF721A74000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2290-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1516-197-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1516-125-0x00007FF63F6B0000-0x00007FF63FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1600-75-0x00007FF712C90000-0x00007FF712FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2282-0x00007FF712C90000-0x00007FF712FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-147-0x00007FF712C90000-0x00007FF712FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2274-0x00007FF6C58C0000-0x00007FF6C5C14000-memory.dmp

Filesize
3.3MB

Download
memory/1840-18-0x00007FF6C58C0000-0x00007FF6C5C14000-memory.dmp

Filesize
3.3MB

Download
memory/1840-80-0x00007FF6C58C0000-0x00007FF6C5C14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-124-0x00007FF74D570000-0x00007FF74D8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-55-0x00007FF74D570000-0x00007FF74D8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2279-0x00007FF74D570000-0x00007FF74D8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2293-0x00007FF656910000-0x00007FF656C64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1421-0x00007FF656910000-0x00007FF656C64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-148-0x00007FF656910000-0x00007FF656C64000-memory.dmp

Filesize
3.3MB

Download
memory/2168-118-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2291-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp

Filesize
3.3MB

Download
memory/2168-190-0x00007FF77C5F0000-0x00007FF77C944000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2278-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp

Filesize
3.3MB

Download
memory/2204-110-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp

Filesize
3.3MB

Download
memory/2204-42-0x00007FF7B4EC0000-0x00007FF7B5214000-memory.dmp

Filesize
3.3MB

Download
memory/2236-184-0x00007FF6454F0000-0x00007FF645844000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2298-0x00007FF6454F0000-0x00007FF645844000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1816-0x00007FF6454F0000-0x00007FF645844000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2300-0x00007FF6E3900000-0x00007FF6E3C54000-memory.dmp

Filesize
3.3MB

Download
memory/2924-71-0x00007FF6E3900000-0x00007FF6E3C54000-memory.dmp

Filesize
3.3MB

Download
memory/3100-117-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2280-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp

Filesize
3.3MB

Download
memory/3100-48-0x00007FF7B8DC0000-0x00007FF7B9114000-memory.dmp

Filesize
3.3MB

Download
memory/3140-61-0x00007FF61B9F0000-0x00007FF61BD44000-memory.dmp

Filesize
3.3MB

Download
memory/3140-8-0x00007FF61B9F0000-0x00007FF61BD44000-memory.dmp

Filesize
3.3MB

Download
memory/3140-2272-0x00007FF61B9F0000-0x00007FF61BD44000-memory.dmp

Filesize
3.3MB

Download
memory/3200-1601-0x00007FF652AB0000-0x00007FF652E04000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2294-0x00007FF652AB0000-0x00007FF652E04000-memory.dmp

Filesize
3.3MB

Download
memory/3200-175-0x00007FF652AB0000-0x00007FF652E04000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2288-0x00007FF739230000-0x00007FF739584000-memory.dmp

Filesize
3.3MB

Download
memory/3520-138-0x00007FF739230000-0x00007FF739584000-memory.dmp

Filesize
3.3MB

Download
memory/3520-1353-0x00007FF739230000-0x00007FF739584000-memory.dmp

Filesize
3.3MB

Download
memory/3728-2273-0x00007FF7C8F90000-0x00007FF7C92E4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-14-0x00007FF7C8F90000-0x00007FF7C92E4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-70-0x00007FF7C8F90000-0x00007FF7C92E4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1-0x000002EA69A40000-0x000002EA69A50000-memory.dmp

Filesize
64KB

Download
memory/3904-0-0x00007FF7CDDC0000-0x00007FF7CE114000-memory.dmp

Filesize
3.3MB

Download
memory/3904-54-0x00007FF7CDDC0000-0x00007FF7CE114000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2289-0x00007FF6AA7D0000-0x00007FF6AAB24000-memory.dmp

Filesize
3.3MB

Download
memory/4124-1291-0x00007FF6AA7D0000-0x00007FF6AAB24000-memory.dmp

Filesize
3.3MB

Download
memory/4124-132-0x00007FF6AA7D0000-0x00007FF6AAB24000-memory.dmp

Filesize
3.3MB

Download
memory/4164-1422-0x00007FF7220D0000-0x00007FF722424000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2292-0x00007FF7220D0000-0x00007FF722424000-memory.dmp

Filesize
3.3MB

Download
memory/4164-154-0x00007FF7220D0000-0x00007FF722424000-memory.dmp

Filesize
3.3MB

Download
memory/4196-168-0x00007FF633EF0000-0x00007FF634244000-memory.dmp

Filesize
3.3MB

Download
memory/4196-1539-0x00007FF633EF0000-0x00007FF634244000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2295-0x00007FF633EF0000-0x00007FF634244000-memory.dmp

Filesize
3.3MB

Download
memory/4512-104-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-176-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2286-0x00007FF72F760000-0x00007FF72FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-81-0x00007FF682410000-0x00007FF682764000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2283-0x00007FF682410000-0x00007FF682764000-memory.dmp

Filesize
3.3MB

Download
memory/4788-155-0x00007FF682410000-0x00007FF682764000-memory.dmp

Filesize
3.3MB

Download
memory/5016-183-0x00007FF713660000-0x00007FF7139B4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2287-0x00007FF713660000-0x00007FF7139B4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-111-0x00007FF713660000-0x00007FF7139B4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-62-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2281-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp

Filesize
3.3MB

Download
memory/5100-131-0x00007FF64B0C0000-0x00007FF64B414000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads