cobaltstrike | b2737b39b356f056cedce23cbbb2940c2b314c47e14fe63d04e3909988ed4f9e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38792e140ab43b0354df88fa02dbc00e
SHA1

497fd4d56cdd8fda5155e0723c9cd6b5ba61bfa4
SHA256

b2737b39b356f056cedce23cbbb2940c2b314c47e14fe63d04e3909988ed4f9e
SHA512

efd80b1b273b7ffee9302f541fdd409951c23b4666f83878b9935e2043ff432b2bbb345b80c67ed060a77b0ca9c5d545d53b7ea314cc420aa300779609d377ff
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000d000000023ae0-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3d-11.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b3c-12.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b3a-23.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3e-28.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e7b6-34.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e7a0-41.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e696-49.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e81b-58.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e863-67.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e868-70.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e9ad-81.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001ea0c-99.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001ea10-106.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001eaaf-113.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001eab5-120.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b41-141.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b42-150.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b44-161.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b4b-207.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b4c-212.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b4a-210.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b49-205.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b48-200.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b47-194.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b46-189.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b45-181.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b43-167.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b3f-142.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022a89-137.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9d4-102.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9c0-92.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9ab-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1740-0-0x00007FF613160000-0x00007FF6134B4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023ae0-4.dat	xmrig
behavioral2/memory/1388-8-0x00007FF6D5640000-0x00007FF6D5994000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b3d-11.dat	xmrig
behavioral2/files/0x000b000000023b3c-12.dat	xmrig
behavioral2/memory/4180-14-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp	xmrig
behavioral2/memory/1964-18-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b3a-23.dat	xmrig
behavioral2/memory/3152-24-0x00007FF6B2D40000-0x00007FF6B3094000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b3e-28.dat	xmrig
behavioral2/memory/1448-32-0x00007FF692A50000-0x00007FF692DA4000-memory.dmp	xmrig
behavioral2/files/0x000300000001e7b6-34.dat	xmrig
behavioral2/memory/2316-36-0x00007FF6B45B0000-0x00007FF6B4904000-memory.dmp	xmrig
behavioral2/files/0x000500000001e7a0-41.dat	xmrig
behavioral2/memory/2960-44-0x00007FF6232A0000-0x00007FF6235F4000-memory.dmp	xmrig
behavioral2/files/0x000500000001e696-49.dat	xmrig
behavioral2/memory/1708-54-0x00007FF775630000-0x00007FF775984000-memory.dmp	xmrig
behavioral2/files/0x000300000001e81b-58.dat	xmrig
behavioral2/memory/4756-61-0x00007FF601B10000-0x00007FF601E64000-memory.dmp	xmrig
behavioral2/files/0x000200000001e863-67.dat	xmrig
behavioral2/files/0x000200000001e868-70.dat	xmrig
behavioral2/memory/1964-75-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp	xmrig
behavioral2/files/0x000300000001e9ad-81.dat	xmrig
behavioral2/files/0x000200000001ea0c-99.dat	xmrig
behavioral2/files/0x000200000001ea10-106.dat	xmrig
behavioral2/files/0x000200000001eaaf-113.dat	xmrig
behavioral2/files/0x000200000001eab5-120.dat	xmrig
behavioral2/memory/3960-130-0x00007FF6B6900000-0x00007FF6B6C54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b41-141.dat	xmrig
behavioral2/files/0x000a000000023b42-150.dat	xmrig
behavioral2/files/0x000a000000023b44-161.dat	xmrig
behavioral2/files/0x000a000000023b4b-207.dat	xmrig
behavioral2/files/0x000a000000023b4c-212.dat	xmrig
behavioral2/files/0x000a000000023b4a-210.dat	xmrig
behavioral2/files/0x000a000000023b49-205.dat	xmrig
behavioral2/files/0x000a000000023b48-200.dat	xmrig
behavioral2/memory/4368-196-0x00007FF6859D0000-0x00007FF685D24000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b47-194.dat	xmrig
behavioral2/files/0x000a000000023b46-189.dat	xmrig
behavioral2/memory/1820-188-0x00007FF78D4D0000-0x00007FF78D824000-memory.dmp	xmrig
behavioral2/memory/3264-187-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp	xmrig
behavioral2/memory/1060-186-0x00007FF6E1440000-0x00007FF6E1794000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b45-181.dat	xmrig
behavioral2/memory/2428-180-0x00007FF773570000-0x00007FF7738C4000-memory.dmp	xmrig
behavioral2/memory/4312-179-0x00007FF6BA0E0000-0x00007FF6BA434000-memory.dmp	xmrig
behavioral2/memory/4588-173-0x00007FF7F5F50000-0x00007FF7F62A4000-memory.dmp	xmrig
behavioral2/memory/3948-172-0x00007FF6A5570000-0x00007FF6A58C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b43-167.dat	xmrig
behavioral2/memory/548-166-0x00007FF6214A0000-0x00007FF6217F4000-memory.dmp	xmrig
behavioral2/memory/5080-165-0x00007FF778440000-0x00007FF778794000-memory.dmp	xmrig
behavioral2/memory/4596-164-0x00007FF720FB0000-0x00007FF721304000-memory.dmp	xmrig
behavioral2/memory/3608-160-0x00007FF76A760000-0x00007FF76AAB4000-memory.dmp	xmrig
behavioral2/memory/2228-154-0x00007FF612210000-0x00007FF612564000-memory.dmp	xmrig
behavioral2/memory/4068-153-0x00007FF7F0EB0000-0x00007FF7F1204000-memory.dmp	xmrig
behavioral2/memory/4484-145-0x00007FF7AE110000-0x00007FF7AE464000-memory.dmp	xmrig
behavioral2/memory/2232-144-0x00007FF664D30000-0x00007FF665084000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b3f-142.dat	xmrig
behavioral2/memory/3708-140-0x00007FF6679A0000-0x00007FF667CF4000-memory.dmp	xmrig
behavioral2/memory/2252-139-0x00007FF6D9C70000-0x00007FF6D9FC4000-memory.dmp	xmrig
behavioral2/files/0x0002000000022a89-137.dat	xmrig
behavioral2/memory/2140-131-0x00007FF79F7B0000-0x00007FF79FB04000-memory.dmp	xmrig
behavioral2/memory/3264-124-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp	xmrig
behavioral2/memory/2428-123-0x00007FF773570000-0x00007FF7738C4000-memory.dmp	xmrig
behavioral2/memory/4756-117-0x00007FF601B10000-0x00007FF601E64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1388	tioFlsk.exe
4180	KZjREVG.exe
1964	AqGNlwV.exe
3152	gYSgmUS.exe
1448	ZOUBeOc.exe
2316	OSyEKhT.exe
2960	CDiXItT.exe
1708	OinbrvP.exe
4756	qEaIsQy.exe
3960	DzfCxiz.exe
2252	mxAzJhh.exe
2232	dcnjkRz.exe
4068	pIWIbmT.exe
3608	zEoClxx.exe
5080	kzlfVeP.exe
3948	mMukOzV.exe
4588	AsRvgku.exe
2428	yMDQWgc.exe
3264	CGthaJT.exe
2140	MjsBVPW.exe
3708	OZRImWL.exe
4484	SzVpKlS.exe
2228	yVvlueL.exe
4596	dqnupFB.exe
548	dSSQEnF.exe
4312	IEcvVrw.exe
1060	WBfkrnY.exe
1820	MeulZnL.exe
4368	vHGYDgY.exe
4284	MNFVyLn.exe
652	SboiJBv.exe
1400	DQOgyrz.exe
2564	gZKkaOS.exe
3488	ecgYJUa.exe
4212	CKYxOTw.exe
1488	rWPKTZi.exe
2624	YjLlAus.exe
4220	uSjCNay.exe
4604	zmbTNTV.exe
2972	CwDPszi.exe
3848	bgLhpIG.exe
5096	XouoxSV.exe
1420	FGsIRvS.exe
2816	zejztiZ.exe
3300	ZgvbeZy.exe
4392	zFrgUTP.exe
3200	OaDLzEJ.exe
3884	EsIZAgC.exe
4692	uwzynBK.exe
4668	kNoScOy.exe
2992	SGYJjBg.exe
4840	DnePIfP.exe
1004	EgJvRGh.exe
1936	qgyeKcV.exe
1792	yCuVTvI.exe
3852	yHTNilt.exe
4760	eqcbHIT.exe
4464	CqPaGQs.exe
3092	vQTRoEl.exe
852	DkavlaG.exe
5148	VySKKGr.exe
5176	dLyXhMU.exe
5204	LITJhdR.exe
5232	FuCDqHK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1740-0-0x00007FF613160000-0x00007FF6134B4000-memory.dmp	upx
behavioral2/files/0x000d000000023ae0-4.dat	upx
behavioral2/memory/1388-8-0x00007FF6D5640000-0x00007FF6D5994000-memory.dmp	upx
behavioral2/files/0x000a000000023b3d-11.dat	upx
behavioral2/files/0x000b000000023b3c-12.dat	upx
behavioral2/memory/4180-14-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp	upx
behavioral2/memory/1964-18-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp	upx
behavioral2/files/0x000b000000023b3a-23.dat	upx
behavioral2/memory/3152-24-0x00007FF6B2D40000-0x00007FF6B3094000-memory.dmp	upx
behavioral2/files/0x000a000000023b3e-28.dat	upx
behavioral2/memory/1448-32-0x00007FF692A50000-0x00007FF692DA4000-memory.dmp	upx
behavioral2/files/0x000300000001e7b6-34.dat	upx
behavioral2/memory/2316-36-0x00007FF6B45B0000-0x00007FF6B4904000-memory.dmp	upx
behavioral2/files/0x000500000001e7a0-41.dat	upx
behavioral2/memory/2960-44-0x00007FF6232A0000-0x00007FF6235F4000-memory.dmp	upx
behavioral2/files/0x000500000001e696-49.dat	upx
behavioral2/memory/1708-54-0x00007FF775630000-0x00007FF775984000-memory.dmp	upx
behavioral2/files/0x000300000001e81b-58.dat	upx
behavioral2/memory/4756-61-0x00007FF601B10000-0x00007FF601E64000-memory.dmp	upx
behavioral2/files/0x000200000001e863-67.dat	upx
behavioral2/files/0x000200000001e868-70.dat	upx
behavioral2/memory/1964-75-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp	upx
behavioral2/files/0x000300000001e9ad-81.dat	upx
behavioral2/files/0x000200000001ea0c-99.dat	upx
behavioral2/files/0x000200000001ea10-106.dat	upx
behavioral2/files/0x000200000001eaaf-113.dat	upx
behavioral2/files/0x000200000001eab5-120.dat	upx
behavioral2/memory/3960-130-0x00007FF6B6900000-0x00007FF6B6C54000-memory.dmp	upx
behavioral2/files/0x000a000000023b41-141.dat	upx
behavioral2/files/0x000a000000023b42-150.dat	upx
behavioral2/files/0x000a000000023b44-161.dat	upx
behavioral2/files/0x000a000000023b4b-207.dat	upx
behavioral2/files/0x000a000000023b4c-212.dat	upx
behavioral2/files/0x000a000000023b4a-210.dat	upx
behavioral2/files/0x000a000000023b49-205.dat	upx
behavioral2/files/0x000a000000023b48-200.dat	upx
behavioral2/memory/4368-196-0x00007FF6859D0000-0x00007FF685D24000-memory.dmp	upx
behavioral2/files/0x000a000000023b47-194.dat	upx
behavioral2/files/0x000a000000023b46-189.dat	upx
behavioral2/memory/1820-188-0x00007FF78D4D0000-0x00007FF78D824000-memory.dmp	upx
behavioral2/memory/3264-187-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp	upx
behavioral2/memory/1060-186-0x00007FF6E1440000-0x00007FF6E1794000-memory.dmp	upx
behavioral2/files/0x000a000000023b45-181.dat	upx
behavioral2/memory/2428-180-0x00007FF773570000-0x00007FF7738C4000-memory.dmp	upx
behavioral2/memory/4312-179-0x00007FF6BA0E0000-0x00007FF6BA434000-memory.dmp	upx
behavioral2/memory/4588-173-0x00007FF7F5F50000-0x00007FF7F62A4000-memory.dmp	upx
behavioral2/memory/3948-172-0x00007FF6A5570000-0x00007FF6A58C4000-memory.dmp	upx
behavioral2/files/0x000a000000023b43-167.dat	upx
behavioral2/memory/548-166-0x00007FF6214A0000-0x00007FF6217F4000-memory.dmp	upx
behavioral2/memory/5080-165-0x00007FF778440000-0x00007FF778794000-memory.dmp	upx
behavioral2/memory/4596-164-0x00007FF720FB0000-0x00007FF721304000-memory.dmp	upx
behavioral2/memory/3608-160-0x00007FF76A760000-0x00007FF76AAB4000-memory.dmp	upx
behavioral2/memory/2228-154-0x00007FF612210000-0x00007FF612564000-memory.dmp	upx
behavioral2/memory/4068-153-0x00007FF7F0EB0000-0x00007FF7F1204000-memory.dmp	upx
behavioral2/memory/4484-145-0x00007FF7AE110000-0x00007FF7AE464000-memory.dmp	upx
behavioral2/memory/2232-144-0x00007FF664D30000-0x00007FF665084000-memory.dmp	upx
behavioral2/files/0x000b000000023b3f-142.dat	upx
behavioral2/memory/3708-140-0x00007FF6679A0000-0x00007FF667CF4000-memory.dmp	upx
behavioral2/memory/2252-139-0x00007FF6D9C70000-0x00007FF6D9FC4000-memory.dmp	upx
behavioral2/files/0x0002000000022a89-137.dat	upx
behavioral2/memory/2140-131-0x00007FF79F7B0000-0x00007FF79FB04000-memory.dmp	upx
behavioral2/memory/3264-124-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp	upx
behavioral2/memory/2428-123-0x00007FF773570000-0x00007FF7738C4000-memory.dmp	upx
behavioral2/memory/4756-117-0x00007FF601B10000-0x00007FF601E64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DnePIfP.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFRWZZq.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icMPHGG.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJAZPJM.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYfFYRA.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqoItpI.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukmmdhm.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyGWXGw.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIWIbmT.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuCDqHK.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCxmZFB.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRfMBHT.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiDNbUF.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHUKRcj.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SncYMgy.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmJtCEN.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfSrxgo.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XacCtuR.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaaezHA.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqcCJQT.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPINOdn.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyJHtDf.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYPipTF.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhrrdCy.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWZNoQK.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwUdgbM.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttjJFSy.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDiXItT.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgLhpIG.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJxnnCu.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNvQviM.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsMGqUd.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEVszQc.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMBjFKP.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCEhJPS.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjLlAus.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBOwCfw.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTWEyuP.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnagPDv.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgXzyEo.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLpRYtd.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxBDOBw.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whhRfrP.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHogklb.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvyzhNX.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKLOtYQ.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxqbcAK.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCUoNMf.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVTiYim.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMiUfKA.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHcRgcx.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMGzIsO.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEPMCkt.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGQwwjl.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtnGgAj.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUVMItR.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzVpKlS.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFzydSy.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFaAwwL.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlNCFDq.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhXoGXZ.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAkFuJI.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZVmLzw.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZviTREO.exe	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15236	dwm.exe
Token: SeChangeNotifyPrivilege	15236	dwm.exe
Token: 33	15236	dwm.exe
Token: SeIncBasePriorityPrivilege	15236	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1388	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1740 wrote to memory of 1388	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1740 wrote to memory of 4180	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1740 wrote to memory of 4180	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1740 wrote to memory of 1964	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1740 wrote to memory of 1964	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1740 wrote to memory of 3152	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1740 wrote to memory of 3152	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1740 wrote to memory of 1448	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1740 wrote to memory of 1448	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1740 wrote to memory of 2316	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1740 wrote to memory of 2316	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1740 wrote to memory of 2960	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1740 wrote to memory of 2960	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1740 wrote to memory of 1708	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1740 wrote to memory of 1708	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1740 wrote to memory of 4756	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1740 wrote to memory of 4756	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1740 wrote to memory of 3960	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1740 wrote to memory of 3960	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1740 wrote to memory of 2252	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1740 wrote to memory of 2252	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1740 wrote to memory of 2232	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1740 wrote to memory of 2232	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1740 wrote to memory of 4068	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1740 wrote to memory of 4068	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1740 wrote to memory of 3608	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1740 wrote to memory of 3608	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1740 wrote to memory of 5080	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1740 wrote to memory of 5080	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1740 wrote to memory of 3948	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1740 wrote to memory of 3948	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1740 wrote to memory of 4588	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1740 wrote to memory of 4588	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1740 wrote to memory of 2428	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1740 wrote to memory of 2428	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1740 wrote to memory of 3264	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1740 wrote to memory of 3264	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1740 wrote to memory of 2140	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1740 wrote to memory of 2140	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1740 wrote to memory of 3708	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1740 wrote to memory of 3708	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1740 wrote to memory of 4484	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1740 wrote to memory of 4484	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1740 wrote to memory of 2228	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1740 wrote to memory of 2228	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1740 wrote to memory of 4596	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1740 wrote to memory of 4596	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1740 wrote to memory of 548	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1740 wrote to memory of 548	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1740 wrote to memory of 4312	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1740 wrote to memory of 4312	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1740 wrote to memory of 1060	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1740 wrote to memory of 1060	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1740 wrote to memory of 1820	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1740 wrote to memory of 1820	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1740 wrote to memory of 4368	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1740 wrote to memory of 4368	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1740 wrote to memory of 4284	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1740 wrote to memory of 4284	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1740 wrote to memory of 652	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1740 wrote to memory of 652	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1740 wrote to memory of 1400	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1740 wrote to memory of 1400	1740	2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_38792e140ab43b0354df88fa02dbc00e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\System\tioFlsk.exe
  C:\Windows\System\tioFlsk.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\KZjREVG.exe
  C:\Windows\System\KZjREVG.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\AqGNlwV.exe
  C:\Windows\System\AqGNlwV.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\gYSgmUS.exe
  C:\Windows\System\gYSgmUS.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\ZOUBeOc.exe
  C:\Windows\System\ZOUBeOc.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\OSyEKhT.exe
  C:\Windows\System\OSyEKhT.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\CDiXItT.exe
  C:\Windows\System\CDiXItT.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\OinbrvP.exe
  C:\Windows\System\OinbrvP.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\qEaIsQy.exe
  C:\Windows\System\qEaIsQy.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\DzfCxiz.exe
  C:\Windows\System\DzfCxiz.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\mxAzJhh.exe
  C:\Windows\System\mxAzJhh.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\dcnjkRz.exe
  C:\Windows\System\dcnjkRz.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\pIWIbmT.exe
  C:\Windows\System\pIWIbmT.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\zEoClxx.exe
  C:\Windows\System\zEoClxx.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\kzlfVeP.exe
  C:\Windows\System\kzlfVeP.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\mMukOzV.exe
  C:\Windows\System\mMukOzV.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\AsRvgku.exe
  C:\Windows\System\AsRvgku.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\yMDQWgc.exe
  C:\Windows\System\yMDQWgc.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\CGthaJT.exe
  C:\Windows\System\CGthaJT.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\MjsBVPW.exe
  C:\Windows\System\MjsBVPW.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\OZRImWL.exe
  C:\Windows\System\OZRImWL.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\SzVpKlS.exe
  C:\Windows\System\SzVpKlS.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\yVvlueL.exe
  C:\Windows\System\yVvlueL.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\dqnupFB.exe
  C:\Windows\System\dqnupFB.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\dSSQEnF.exe
  C:\Windows\System\dSSQEnF.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\IEcvVrw.exe
  C:\Windows\System\IEcvVrw.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\WBfkrnY.exe
  C:\Windows\System\WBfkrnY.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\MeulZnL.exe
  C:\Windows\System\MeulZnL.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\vHGYDgY.exe
  C:\Windows\System\vHGYDgY.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\MNFVyLn.exe
  C:\Windows\System\MNFVyLn.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\SboiJBv.exe
  C:\Windows\System\SboiJBv.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\DQOgyrz.exe
  C:\Windows\System\DQOgyrz.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\gZKkaOS.exe
  C:\Windows\System\gZKkaOS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ecgYJUa.exe
  C:\Windows\System\ecgYJUa.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\CKYxOTw.exe
  C:\Windows\System\CKYxOTw.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\rWPKTZi.exe
  C:\Windows\System\rWPKTZi.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\YjLlAus.exe
  C:\Windows\System\YjLlAus.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\uSjCNay.exe
  C:\Windows\System\uSjCNay.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\zmbTNTV.exe
  C:\Windows\System\zmbTNTV.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\CwDPszi.exe
  C:\Windows\System\CwDPszi.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\bgLhpIG.exe
  C:\Windows\System\bgLhpIG.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\XouoxSV.exe
  C:\Windows\System\XouoxSV.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\FGsIRvS.exe
  C:\Windows\System\FGsIRvS.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\zejztiZ.exe
  C:\Windows\System\zejztiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ZgvbeZy.exe
  C:\Windows\System\ZgvbeZy.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\zFrgUTP.exe
  C:\Windows\System\zFrgUTP.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\OaDLzEJ.exe
  C:\Windows\System\OaDLzEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\EsIZAgC.exe
  C:\Windows\System\EsIZAgC.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\uwzynBK.exe
  C:\Windows\System\uwzynBK.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\kNoScOy.exe
  C:\Windows\System\kNoScOy.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\SGYJjBg.exe
  C:\Windows\System\SGYJjBg.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DnePIfP.exe
  C:\Windows\System\DnePIfP.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\EgJvRGh.exe
  C:\Windows\System\EgJvRGh.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\qgyeKcV.exe
  C:\Windows\System\qgyeKcV.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\yCuVTvI.exe
  C:\Windows\System\yCuVTvI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\yHTNilt.exe
  C:\Windows\System\yHTNilt.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\eqcbHIT.exe
  C:\Windows\System\eqcbHIT.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\CqPaGQs.exe
  C:\Windows\System\CqPaGQs.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\vQTRoEl.exe
  C:\Windows\System\vQTRoEl.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\DkavlaG.exe
  C:\Windows\System\DkavlaG.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\VySKKGr.exe
  C:\Windows\System\VySKKGr.exe
  2⤵
  - Executes dropped EXE
  PID:5148
- C:\Windows\System\dLyXhMU.exe
  C:\Windows\System\dLyXhMU.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\LITJhdR.exe
  C:\Windows\System\LITJhdR.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\FuCDqHK.exe
  C:\Windows\System\FuCDqHK.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\WXxvcuv.exe
  C:\Windows\System\WXxvcuv.exe
  2⤵
  PID:5260
- C:\Windows\System\flXqwXR.exe
  C:\Windows\System\flXqwXR.exe
  2⤵
  PID:5288
- C:\Windows\System\IVkDYWZ.exe
  C:\Windows\System\IVkDYWZ.exe
  2⤵
  PID:5316
- C:\Windows\System\ucBvvgw.exe
  C:\Windows\System\ucBvvgw.exe
  2⤵
  PID:5344
- C:\Windows\System\fFyjGmu.exe
  C:\Windows\System\fFyjGmu.exe
  2⤵
  PID:5372
- C:\Windows\System\uxqbcAK.exe
  C:\Windows\System\uxqbcAK.exe
  2⤵
  PID:5400
- C:\Windows\System\oIsCNpR.exe
  C:\Windows\System\oIsCNpR.exe
  2⤵
  PID:5428
- C:\Windows\System\FPvcXJB.exe
  C:\Windows\System\FPvcXJB.exe
  2⤵
  PID:5456
- C:\Windows\System\hMfaHka.exe
  C:\Windows\System\hMfaHka.exe
  2⤵
  PID:5484
- C:\Windows\System\EYPuDTT.exe
  C:\Windows\System\EYPuDTT.exe
  2⤵
  PID:5512
- C:\Windows\System\jlExyZf.exe
  C:\Windows\System\jlExyZf.exe
  2⤵
  PID:5544
- C:\Windows\System\BvbpmBb.exe
  C:\Windows\System\BvbpmBb.exe
  2⤵
  PID:5568
- C:\Windows\System\XuJcdjW.exe
  C:\Windows\System\XuJcdjW.exe
  2⤵
  PID:5596
- C:\Windows\System\sCUoNMf.exe
  C:\Windows\System\sCUoNMf.exe
  2⤵
  PID:5624
- C:\Windows\System\RqYEzCj.exe
  C:\Windows\System\RqYEzCj.exe
  2⤵
  PID:5656
- C:\Windows\System\AHRGUyb.exe
  C:\Windows\System\AHRGUyb.exe
  2⤵
  PID:5680
- C:\Windows\System\COUfBuZ.exe
  C:\Windows\System\COUfBuZ.exe
  2⤵
  PID:5708
- C:\Windows\System\RCekhjr.exe
  C:\Windows\System\RCekhjr.exe
  2⤵
  PID:5736
- C:\Windows\System\leoxAHt.exe
  C:\Windows\System\leoxAHt.exe
  2⤵
  PID:5764
- C:\Windows\System\MFgiGYB.exe
  C:\Windows\System\MFgiGYB.exe
  2⤵
  PID:5792
- C:\Windows\System\whhRfrP.exe
  C:\Windows\System\whhRfrP.exe
  2⤵
  PID:5820
- C:\Windows\System\QvrUVcI.exe
  C:\Windows\System\QvrUVcI.exe
  2⤵
  PID:5848
- C:\Windows\System\mUEhabA.exe
  C:\Windows\System\mUEhabA.exe
  2⤵
  PID:5876
- C:\Windows\System\BZtKwBb.exe
  C:\Windows\System\BZtKwBb.exe
  2⤵
  PID:5904
- C:\Windows\System\OUOodnZ.exe
  C:\Windows\System\OUOodnZ.exe
  2⤵
  PID:5932
- C:\Windows\System\LpUnzid.exe
  C:\Windows\System\LpUnzid.exe
  2⤵
  PID:5960
- C:\Windows\System\tVTiYim.exe
  C:\Windows\System\tVTiYim.exe
  2⤵
  PID:5988
- C:\Windows\System\fvGxyYv.exe
  C:\Windows\System\fvGxyYv.exe
  2⤵
  PID:6016
- C:\Windows\System\qUbUkXP.exe
  C:\Windows\System\qUbUkXP.exe
  2⤵
  PID:6044
- C:\Windows\System\elEYEOB.exe
  C:\Windows\System\elEYEOB.exe
  2⤵
  PID:6072
- C:\Windows\System\onPkWfN.exe
  C:\Windows\System\onPkWfN.exe
  2⤵
  PID:6100
- C:\Windows\System\VBrbFSX.exe
  C:\Windows\System\VBrbFSX.exe
  2⤵
  PID:6128
- C:\Windows\System\BhRGPoG.exe
  C:\Windows\System\BhRGPoG.exe
  2⤵
  PID:1068
- C:\Windows\System\BrMBcjD.exe
  C:\Windows\System\BrMBcjD.exe
  2⤵
  PID:4396
- C:\Windows\System\aZeAyGk.exe
  C:\Windows\System\aZeAyGk.exe
  2⤵
  PID:2388
- C:\Windows\System\JlwElBU.exe
  C:\Windows\System\JlwElBU.exe
  2⤵
  PID:3164
- C:\Windows\System\BYKKViJ.exe
  C:\Windows\System\BYKKViJ.exe
  2⤵
  PID:5116
- C:\Windows\System\zEucfVc.exe
  C:\Windows\System\zEucfVc.exe
  2⤵
  PID:5140
- C:\Windows\System\otmwhxw.exe
  C:\Windows\System\otmwhxw.exe
  2⤵
  PID:5216
- C:\Windows\System\iRLEGCd.exe
  C:\Windows\System\iRLEGCd.exe
  2⤵
  PID:5276
- C:\Windows\System\EZdhfOQ.exe
  C:\Windows\System\EZdhfOQ.exe
  2⤵
  PID:5308
- C:\Windows\System\jCXqvlI.exe
  C:\Windows\System\jCXqvlI.exe
  2⤵
  PID:5392
- C:\Windows\System\EABAjKH.exe
  C:\Windows\System\EABAjKH.exe
  2⤵
  PID:5472
- C:\Windows\System\yGcPfpy.exe
  C:\Windows\System\yGcPfpy.exe
  2⤵
  PID:5536
- C:\Windows\System\RrtnmDm.exe
  C:\Windows\System\RrtnmDm.exe
  2⤵
  PID:5608
- C:\Windows\System\OQbQUhL.exe
  C:\Windows\System\OQbQUhL.exe
  2⤵
  PID:5672
- C:\Windows\System\TUdDLfk.exe
  C:\Windows\System\TUdDLfk.exe
  2⤵
  PID:5728
- C:\Windows\System\BluNaCT.exe
  C:\Windows\System\BluNaCT.exe
  2⤵
  PID:5832
- C:\Windows\System\xwwFCOs.exe
  C:\Windows\System\xwwFCOs.exe
  2⤵
  PID:5892
- C:\Windows\System\RYPipTF.exe
  C:\Windows\System\RYPipTF.exe
  2⤵
  PID:5952
- C:\Windows\System\iSnhoMu.exe
  C:\Windows\System\iSnhoMu.exe
  2⤵
  PID:6028
- C:\Windows\System\YwgguAa.exe
  C:\Windows\System\YwgguAa.exe
  2⤵
  PID:6088
- C:\Windows\System\qKDabRp.exe
  C:\Windows\System\qKDabRp.exe
  2⤵
  PID:4700
- C:\Windows\System\HHsFXjT.exe
  C:\Windows\System\HHsFXjT.exe
  2⤵
  PID:4660
- C:\Windows\System\YSgvnmz.exe
  C:\Windows\System\YSgvnmz.exe
  2⤵
  PID:2392
- C:\Windows\System\QmudnmL.exe
  C:\Windows\System\QmudnmL.exe
  2⤵
  PID:5252
- C:\Windows\System\NZRZziQ.exe
  C:\Windows\System\NZRZziQ.exe
  2⤵
  PID:5360
- C:\Windows\System\tVxRcaT.exe
  C:\Windows\System\tVxRcaT.exe
  2⤵
  PID:5580
- C:\Windows\System\JFRWZZq.exe
  C:\Windows\System\JFRWZZq.exe
  2⤵
  PID:5720
- C:\Windows\System\curxdlr.exe
  C:\Windows\System\curxdlr.exe
  2⤵
  PID:5868
- C:\Windows\System\GfMqdCT.exe
  C:\Windows\System\GfMqdCT.exe
  2⤵
  PID:5980
- C:\Windows\System\GMiUfKA.exe
  C:\Windows\System\GMiUfKA.exe
  2⤵
  PID:6152
- C:\Windows\System\KPcjvAj.exe
  C:\Windows\System\KPcjvAj.exe
  2⤵
  PID:6192
- C:\Windows\System\qpZNdpG.exe
  C:\Windows\System\qpZNdpG.exe
  2⤵
  PID:6232
- C:\Windows\System\EajUXwy.exe
  C:\Windows\System\EajUXwy.exe
  2⤵
  PID:6260
- C:\Windows\System\fAizlPa.exe
  C:\Windows\System\fAizlPa.exe
  2⤵
  PID:6276
- C:\Windows\System\tEVHejX.exe
  C:\Windows\System\tEVHejX.exe
  2⤵
  PID:6304
- C:\Windows\System\oONVDMR.exe
  C:\Windows\System\oONVDMR.exe
  2⤵
  PID:6328
- C:\Windows\System\TgwuHIe.exe
  C:\Windows\System\TgwuHIe.exe
  2⤵
  PID:6360
- C:\Windows\System\LiApvsd.exe
  C:\Windows\System\LiApvsd.exe
  2⤵
  PID:6388
- C:\Windows\System\vIIQVOR.exe
  C:\Windows\System\vIIQVOR.exe
  2⤵
  PID:6416
- C:\Windows\System\qDGZUCl.exe
  C:\Windows\System\qDGZUCl.exe
  2⤵
  PID:6444
- C:\Windows\System\kzdUZjd.exe
  C:\Windows\System\kzdUZjd.exe
  2⤵
  PID:6472
- C:\Windows\System\sIzGiJs.exe
  C:\Windows\System\sIzGiJs.exe
  2⤵
  PID:6500
- C:\Windows\System\NdfgozT.exe
  C:\Windows\System\NdfgozT.exe
  2⤵
  PID:6528
- C:\Windows\System\aIdjziu.exe
  C:\Windows\System\aIdjziu.exe
  2⤵
  PID:6556
- C:\Windows\System\bdwJorD.exe
  C:\Windows\System\bdwJorD.exe
  2⤵
  PID:6584
- C:\Windows\System\FHcRgcx.exe
  C:\Windows\System\FHcRgcx.exe
  2⤵
  PID:6612
- C:\Windows\System\MwugdNG.exe
  C:\Windows\System\MwugdNG.exe
  2⤵
  PID:6640
- C:\Windows\System\MbJsmvO.exe
  C:\Windows\System\MbJsmvO.exe
  2⤵
  PID:6668
- C:\Windows\System\WpdZNjf.exe
  C:\Windows\System\WpdZNjf.exe
  2⤵
  PID:6696
- C:\Windows\System\LJApklU.exe
  C:\Windows\System\LJApklU.exe
  2⤵
  PID:6724
- C:\Windows\System\uqqmrDI.exe
  C:\Windows\System\uqqmrDI.exe
  2⤵
  PID:6752
- C:\Windows\System\dlInNpn.exe
  C:\Windows\System\dlInNpn.exe
  2⤵
  PID:6780
- C:\Windows\System\RCxmZFB.exe
  C:\Windows\System\RCxmZFB.exe
  2⤵
  PID:6808
- C:\Windows\System\icMPHGG.exe
  C:\Windows\System\icMPHGG.exe
  2⤵
  PID:6836
- C:\Windows\System\rpjxVPc.exe
  C:\Windows\System\rpjxVPc.exe
  2⤵
  PID:6864
- C:\Windows\System\XFoPHjO.exe
  C:\Windows\System\XFoPHjO.exe
  2⤵
  PID:6892
- C:\Windows\System\DIQQRiQ.exe
  C:\Windows\System\DIQQRiQ.exe
  2⤵
  PID:6920
- C:\Windows\System\mRfMBHT.exe
  C:\Windows\System\mRfMBHT.exe
  2⤵
  PID:6948
- C:\Windows\System\jtitBvK.exe
  C:\Windows\System\jtitBvK.exe
  2⤵
  PID:6972
- C:\Windows\System\ytDxCFy.exe
  C:\Windows\System\ytDxCFy.exe
  2⤵
  PID:7004
- C:\Windows\System\BOVAVgP.exe
  C:\Windows\System\BOVAVgP.exe
  2⤵
  PID:7032
- C:\Windows\System\KWkPOaL.exe
  C:\Windows\System\KWkPOaL.exe
  2⤵
  PID:7060
- C:\Windows\System\AKOhliv.exe
  C:\Windows\System\AKOhliv.exe
  2⤵
  PID:7088
- C:\Windows\System\yXMcJcF.exe
  C:\Windows\System\yXMcJcF.exe
  2⤵
  PID:7116
- C:\Windows\System\jajPjXZ.exe
  C:\Windows\System\jajPjXZ.exe
  2⤵
  PID:7144
- C:\Windows\System\SbfrAMA.exe
  C:\Windows\System\SbfrAMA.exe
  2⤵
  PID:6120
- C:\Windows\System\loXdfQD.exe
  C:\Windows\System\loXdfQD.exe
  2⤵
  PID:456
- C:\Windows\System\bOgVWtp.exe
  C:\Windows\System\bOgVWtp.exe
  2⤵
  PID:5500
- C:\Windows\System\RBOwCfw.exe
  C:\Windows\System\RBOwCfw.exe
  2⤵
  PID:5808
- C:\Windows\System\IMvdctj.exe
  C:\Windows\System\IMvdctj.exe
  2⤵
  PID:6064
- C:\Windows\System\ZKikdAH.exe
  C:\Windows\System\ZKikdAH.exe
  2⤵
  PID:6224
- C:\Windows\System\wqeWaYh.exe
  C:\Windows\System\wqeWaYh.exe
  2⤵
  PID:6292
- C:\Windows\System\RFMcMwJ.exe
  C:\Windows\System\RFMcMwJ.exe
  2⤵
  PID:6352
- C:\Windows\System\yZVmLzw.exe
  C:\Windows\System\yZVmLzw.exe
  2⤵
  PID:6408
- C:\Windows\System\yqGRFbp.exe
  C:\Windows\System\yqGRFbp.exe
  2⤵
  PID:536
- C:\Windows\System\BhDCjQv.exe
  C:\Windows\System\BhDCjQv.exe
  2⤵
  PID:6544
- C:\Windows\System\zVMpkvz.exe
  C:\Windows\System\zVMpkvz.exe
  2⤵
  PID:6604
- C:\Windows\System\pCdKVDW.exe
  C:\Windows\System\pCdKVDW.exe
  2⤵
  PID:6680
- C:\Windows\System\iNuTyDv.exe
  C:\Windows\System\iNuTyDv.exe
  2⤵
  PID:6740
- C:\Windows\System\oLyqEdZ.exe
  C:\Windows\System\oLyqEdZ.exe
  2⤵
  PID:6800
- C:\Windows\System\kzsXCwC.exe
  C:\Windows\System\kzsXCwC.exe
  2⤵
  PID:6856
- C:\Windows\System\IiNDTeP.exe
  C:\Windows\System\IiNDTeP.exe
  2⤵
  PID:6936
- C:\Windows\System\hOhzpgm.exe
  C:\Windows\System\hOhzpgm.exe
  2⤵
  PID:6996
- C:\Windows\System\RnAEnpw.exe
  C:\Windows\System\RnAEnpw.exe
  2⤵
  PID:7072
- C:\Windows\System\mlNCFDq.exe
  C:\Windows\System\mlNCFDq.exe
  2⤵
  PID:1216
- C:\Windows\System\ucTPxqZ.exe
  C:\Windows\System\ucTPxqZ.exe
  2⤵
  PID:3204
- C:\Windows\System\ogEEAUx.exe
  C:\Windows\System\ogEEAUx.exe
  2⤵
  PID:2324
- C:\Windows\System\HuQiYxL.exe
  C:\Windows\System\HuQiYxL.exe
  2⤵
  PID:6208
- C:\Windows\System\NiDNbUF.exe
  C:\Windows\System\NiDNbUF.exe
  2⤵
  PID:6380
- C:\Windows\System\qzCYmfQ.exe
  C:\Windows\System\qzCYmfQ.exe
  2⤵
  PID:6516
- C:\Windows\System\eHqYrNJ.exe
  C:\Windows\System\eHqYrNJ.exe
  2⤵
  PID:6656
- C:\Windows\System\RuZFoXw.exe
  C:\Windows\System\RuZFoXw.exe
  2⤵
  PID:6828
- C:\Windows\System\WlxfdcI.exe
  C:\Windows\System\WlxfdcI.exe
  2⤵
  PID:6968
- C:\Windows\System\kXHFMUv.exe
  C:\Windows\System\kXHFMUv.exe
  2⤵
  PID:7172
- C:\Windows\System\iYWkzDF.exe
  C:\Windows\System\iYWkzDF.exe
  2⤵
  PID:7204
- C:\Windows\System\SBcYlZG.exe
  C:\Windows\System\SBcYlZG.exe
  2⤵
  PID:7232
- C:\Windows\System\HurFHbF.exe
  C:\Windows\System\HurFHbF.exe
  2⤵
  PID:7260
- C:\Windows\System\SbJGjOZ.exe
  C:\Windows\System\SbJGjOZ.exe
  2⤵
  PID:7288
- C:\Windows\System\uLDMWFe.exe
  C:\Windows\System\uLDMWFe.exe
  2⤵
  PID:7316
- C:\Windows\System\SdLGSQD.exe
  C:\Windows\System\SdLGSQD.exe
  2⤵
  PID:7344
- C:\Windows\System\GHVLMBf.exe
  C:\Windows\System\GHVLMBf.exe
  2⤵
  PID:7372
- C:\Windows\System\kljGaYL.exe
  C:\Windows\System\kljGaYL.exe
  2⤵
  PID:7396
- C:\Windows\System\nytGYrW.exe
  C:\Windows\System\nytGYrW.exe
  2⤵
  PID:7428
- C:\Windows\System\poZcSRm.exe
  C:\Windows\System\poZcSRm.exe
  2⤵
  PID:7456
- C:\Windows\System\IsphRvg.exe
  C:\Windows\System\IsphRvg.exe
  2⤵
  PID:7484
- C:\Windows\System\aVOgOuj.exe
  C:\Windows\System\aVOgOuj.exe
  2⤵
  PID:7512
- C:\Windows\System\vEqUbjF.exe
  C:\Windows\System\vEqUbjF.exe
  2⤵
  PID:7540
- C:\Windows\System\DMtrePF.exe
  C:\Windows\System\DMtrePF.exe
  2⤵
  PID:7568
- C:\Windows\System\LMGzIsO.exe
  C:\Windows\System\LMGzIsO.exe
  2⤵
  PID:7596
- C:\Windows\System\mZjZhwn.exe
  C:\Windows\System\mZjZhwn.exe
  2⤵
  PID:7624
- C:\Windows\System\rUdIhpA.exe
  C:\Windows\System\rUdIhpA.exe
  2⤵
  PID:7652
- C:\Windows\System\eKLEJRM.exe
  C:\Windows\System\eKLEJRM.exe
  2⤵
  PID:7680
- C:\Windows\System\xKrufVh.exe
  C:\Windows\System\xKrufVh.exe
  2⤵
  PID:7708
- C:\Windows\System\XfuKcBG.exe
  C:\Windows\System\XfuKcBG.exe
  2⤵
  PID:7736
- C:\Windows\System\SyMQDlR.exe
  C:\Windows\System\SyMQDlR.exe
  2⤵
  PID:7764
- C:\Windows\System\nLfPQCJ.exe
  C:\Windows\System\nLfPQCJ.exe
  2⤵
  PID:7788
- C:\Windows\System\hHkBoWx.exe
  C:\Windows\System\hHkBoWx.exe
  2⤵
  PID:7816
- C:\Windows\System\QMVlLlL.exe
  C:\Windows\System\QMVlLlL.exe
  2⤵
  PID:7848
- C:\Windows\System\ZEPMCkt.exe
  C:\Windows\System\ZEPMCkt.exe
  2⤵
  PID:7872
- C:\Windows\System\QNulWse.exe
  C:\Windows\System\QNulWse.exe
  2⤵
  PID:7904
- C:\Windows\System\JzjuIGH.exe
  C:\Windows\System\JzjuIGH.exe
  2⤵
  PID:7932
- C:\Windows\System\HqGWECG.exe
  C:\Windows\System\HqGWECG.exe
  2⤵
  PID:7960
- C:\Windows\System\TJAZPJM.exe
  C:\Windows\System\TJAZPJM.exe
  2⤵
  PID:7988
- C:\Windows\System\JCGTYRp.exe
  C:\Windows\System\JCGTYRp.exe
  2⤵
  PID:8016
- C:\Windows\System\mUmCjDN.exe
  C:\Windows\System\mUmCjDN.exe
  2⤵
  PID:8044
- C:\Windows\System\heSxRCF.exe
  C:\Windows\System\heSxRCF.exe
  2⤵
  PID:8072
- C:\Windows\System\MWwerhZ.exe
  C:\Windows\System\MWwerhZ.exe
  2⤵
  PID:8100
- C:\Windows\System\FcYqhHR.exe
  C:\Windows\System\FcYqhHR.exe
  2⤵
  PID:8128
- C:\Windows\System\CKBjgNI.exe
  C:\Windows\System\CKBjgNI.exe
  2⤵
  PID:8152
- C:\Windows\System\aiJCQQo.exe
  C:\Windows\System\aiJCQQo.exe
  2⤵
  PID:8184
- C:\Windows\System\HTYqxTH.exe
  C:\Windows\System\HTYqxTH.exe
  2⤵
  PID:7164
- C:\Windows\System\OlRGmVe.exe
  C:\Windows\System\OlRGmVe.exe
  2⤵
  PID:6184
- C:\Windows\System\jeFXrSE.exe
  C:\Windows\System\jeFXrSE.exe
  2⤵
  PID:6596
- C:\Windows\System\tmpCMox.exe
  C:\Windows\System\tmpCMox.exe
  2⤵
  PID:6912
- C:\Windows\System\DFQarXN.exe
  C:\Windows\System\DFQarXN.exe
  2⤵
  PID:7216
- C:\Windows\System\BHUKRcj.exe
  C:\Windows\System\BHUKRcj.exe
  2⤵
  PID:7272
- C:\Windows\System\TfNKQOC.exe
  C:\Windows\System\TfNKQOC.exe
  2⤵
  PID:7332
- C:\Windows\System\jAKenzm.exe
  C:\Windows\System\jAKenzm.exe
  2⤵
  PID:7392
- C:\Windows\System\rsPwZjR.exe
  C:\Windows\System\rsPwZjR.exe
  2⤵
  PID:7468
- C:\Windows\System\hpbgOPA.exe
  C:\Windows\System\hpbgOPA.exe
  2⤵
  PID:7524
- C:\Windows\System\ToOwyyO.exe
  C:\Windows\System\ToOwyyO.exe
  2⤵
  PID:7580
- C:\Windows\System\BJkMONi.exe
  C:\Windows\System\BJkMONi.exe
  2⤵
  PID:7616
- C:\Windows\System\VsLiDnu.exe
  C:\Windows\System\VsLiDnu.exe
  2⤵
  PID:7672
- C:\Windows\System\uVronnl.exe
  C:\Windows\System\uVronnl.exe
  2⤵
  PID:7728
- C:\Windows\System\IDJcutw.exe
  C:\Windows\System\IDJcutw.exe
  2⤵
  PID:7804
- C:\Windows\System\NFzydSy.exe
  C:\Windows\System\NFzydSy.exe
  2⤵
  PID:7864
- C:\Windows\System\qGzejfY.exe
  C:\Windows\System\qGzejfY.exe
  2⤵
  PID:7924
- C:\Windows\System\TJxnnCu.exe
  C:\Windows\System\TJxnnCu.exe
  2⤵
  PID:8000
- C:\Windows\System\mNWvUXc.exe
  C:\Windows\System\mNWvUXc.exe
  2⤵
  PID:8060
- C:\Windows\System\hOoonQC.exe
  C:\Windows\System\hOoonQC.exe
  2⤵
  PID:8112
- C:\Windows\System\cFlVdTr.exe
  C:\Windows\System\cFlVdTr.exe
  2⤵
  PID:8172
- C:\Windows\System\uWtBSLU.exe
  C:\Windows\System\uWtBSLU.exe
  2⤵
  PID:5640
- C:\Windows\System\JWwaxqy.exe
  C:\Windows\System\JWwaxqy.exe
  2⤵
  PID:6772
- C:\Windows\System\TaTVhdS.exe
  C:\Windows\System\TaTVhdS.exe
  2⤵
  PID:7248
- C:\Windows\System\phOWZHy.exe
  C:\Windows\System\phOWZHy.exe
  2⤵
  PID:7360
- C:\Windows\System\jchpdiB.exe
  C:\Windows\System\jchpdiB.exe
  2⤵
  PID:7496
- C:\Windows\System\Ivqptga.exe
  C:\Windows\System\Ivqptga.exe
  2⤵
  PID:7608
- C:\Windows\System\KgFEnOL.exe
  C:\Windows\System\KgFEnOL.exe
  2⤵
  PID:2864
- C:\Windows\System\SsfbfqK.exe
  C:\Windows\System\SsfbfqK.exe
  2⤵
  PID:7840
- C:\Windows\System\ppWJhAR.exe
  C:\Windows\System\ppWJhAR.exe
  2⤵
  PID:7976
- C:\Windows\System\KxNduyU.exe
  C:\Windows\System\KxNduyU.exe
  2⤵
  PID:8088
- C:\Windows\System\bfEdemt.exe
  C:\Windows\System\bfEdemt.exe
  2⤵
  PID:7156
- C:\Windows\System\lKzDOaf.exe
  C:\Windows\System\lKzDOaf.exe
  2⤵
  PID:7244
- C:\Windows\System\tvHmbAM.exe
  C:\Windows\System\tvHmbAM.exe
  2⤵
  PID:7552
- C:\Windows\System\sWCQODO.exe
  C:\Windows\System\sWCQODO.exe
  2⤵
  PID:8220
- C:\Windows\System\avRavbF.exe
  C:\Windows\System\avRavbF.exe
  2⤵
  PID:8248
- C:\Windows\System\jOjupDe.exe
  C:\Windows\System\jOjupDe.exe
  2⤵
  PID:8276
- C:\Windows\System\fRAgwOp.exe
  C:\Windows\System\fRAgwOp.exe
  2⤵
  PID:8304
- C:\Windows\System\YPvpgfb.exe
  C:\Windows\System\YPvpgfb.exe
  2⤵
  PID:8332
- C:\Windows\System\fGBreBY.exe
  C:\Windows\System\fGBreBY.exe
  2⤵
  PID:8360
- C:\Windows\System\bocdqGD.exe
  C:\Windows\System\bocdqGD.exe
  2⤵
  PID:8388
- C:\Windows\System\FhCTREc.exe
  C:\Windows\System\FhCTREc.exe
  2⤵
  PID:8420
- C:\Windows\System\IPbbwEC.exe
  C:\Windows\System\IPbbwEC.exe
  2⤵
  PID:8444
- C:\Windows\System\dpTYhsQ.exe
  C:\Windows\System\dpTYhsQ.exe
  2⤵
  PID:8472
- C:\Windows\System\OypuUdP.exe
  C:\Windows\System\OypuUdP.exe
  2⤵
  PID:8500
- C:\Windows\System\YSpsYKq.exe
  C:\Windows\System\YSpsYKq.exe
  2⤵
  PID:8528
- C:\Windows\System\qeLnEqS.exe
  C:\Windows\System\qeLnEqS.exe
  2⤵
  PID:8556
- C:\Windows\System\CaHZJLK.exe
  C:\Windows\System\CaHZJLK.exe
  2⤵
  PID:8584
- C:\Windows\System\VqKcXZD.exe
  C:\Windows\System\VqKcXZD.exe
  2⤵
  PID:8616
- C:\Windows\System\ZwzysvL.exe
  C:\Windows\System\ZwzysvL.exe
  2⤵
  PID:8640
- C:\Windows\System\gVbBDxL.exe
  C:\Windows\System\gVbBDxL.exe
  2⤵
  PID:8668
- C:\Windows\System\PGtpqwE.exe
  C:\Windows\System\PGtpqwE.exe
  2⤵
  PID:8696
- C:\Windows\System\jGOPilp.exe
  C:\Windows\System\jGOPilp.exe
  2⤵
  PID:8724
- C:\Windows\System\oNvQviM.exe
  C:\Windows\System\oNvQviM.exe
  2⤵
  PID:8752
- C:\Windows\System\QfAAmyK.exe
  C:\Windows\System\QfAAmyK.exe
  2⤵
  PID:8780
- C:\Windows\System\WfFKjwP.exe
  C:\Windows\System\WfFKjwP.exe
  2⤵
  PID:8808
- C:\Windows\System\idPTBDf.exe
  C:\Windows\System\idPTBDf.exe
  2⤵
  PID:8836
- C:\Windows\System\JtLhhiP.exe
  C:\Windows\System\JtLhhiP.exe
  2⤵
  PID:8864
- C:\Windows\System\NSyUKsk.exe
  C:\Windows\System\NSyUKsk.exe
  2⤵
  PID:8892
- C:\Windows\System\ScVWEKy.exe
  C:\Windows\System\ScVWEKy.exe
  2⤵
  PID:8920
- C:\Windows\System\ZRblDUe.exe
  C:\Windows\System\ZRblDUe.exe
  2⤵
  PID:8948
- C:\Windows\System\XSBxJEq.exe
  C:\Windows\System\XSBxJEq.exe
  2⤵
  PID:8976
- C:\Windows\System\uMSCpIq.exe
  C:\Windows\System\uMSCpIq.exe
  2⤵
  PID:9004
- C:\Windows\System\VykTkph.exe
  C:\Windows\System\VykTkph.exe
  2⤵
  PID:9032
- C:\Windows\System\UDJNzdt.exe
  C:\Windows\System\UDJNzdt.exe
  2⤵
  PID:9060
- C:\Windows\System\hCzqgVT.exe
  C:\Windows\System\hCzqgVT.exe
  2⤵
  PID:9088
- C:\Windows\System\hjULeUG.exe
  C:\Windows\System\hjULeUG.exe
  2⤵
  PID:9116
- C:\Windows\System\MvhdvoP.exe
  C:\Windows\System\MvhdvoP.exe
  2⤵
  PID:9144
- C:\Windows\System\KKbIvlD.exe
  C:\Windows\System\KKbIvlD.exe
  2⤵
  PID:9172
- C:\Windows\System\gMjSGuP.exe
  C:\Windows\System\gMjSGuP.exe
  2⤵
  PID:9200
- C:\Windows\System\CnHAuwX.exe
  C:\Windows\System\CnHAuwX.exe
  2⤵
  PID:7556
- C:\Windows\System\kbuArJS.exe
  C:\Windows\System\kbuArJS.exe
  2⤵
  PID:7832
- C:\Windows\System\nCnngMz.exe
  C:\Windows\System\nCnngMz.exe
  2⤵
  PID:2852
- C:\Windows\System\VYZxXGR.exe
  C:\Windows\System\VYZxXGR.exe
  2⤵
  PID:7188
- C:\Windows\System\yrDMoOj.exe
  C:\Windows\System\yrDMoOj.exe
  2⤵
  PID:8208
- C:\Windows\System\CKtpFbx.exe
  C:\Windows\System\CKtpFbx.exe
  2⤵
  PID:8264
- C:\Windows\System\tZzkXMs.exe
  C:\Windows\System\tZzkXMs.exe
  2⤵
  PID:8316
- C:\Windows\System\XCjUTbv.exe
  C:\Windows\System\XCjUTbv.exe
  2⤵
  PID:8376
- C:\Windows\System\pGQwwjl.exe
  C:\Windows\System\pGQwwjl.exe
  2⤵
  PID:4928
- C:\Windows\System\GHshIhi.exe
  C:\Windows\System\GHshIhi.exe
  2⤵
  PID:2516
- C:\Windows\System\euxeJdH.exe
  C:\Windows\System\euxeJdH.exe
  2⤵
  PID:8516
- C:\Windows\System\mIwGlMo.exe
  C:\Windows\System\mIwGlMo.exe
  2⤵
  PID:2340
- C:\Windows\System\TYfFYRA.exe
  C:\Windows\System\TYfFYRA.exe
  2⤵
  PID:8608
- C:\Windows\System\wvqhvnL.exe
  C:\Windows\System\wvqhvnL.exe
  2⤵
  PID:8660
- C:\Windows\System\ETsFgKV.exe
  C:\Windows\System\ETsFgKV.exe
  2⤵
  PID:8712
- C:\Windows\System\zyrhRef.exe
  C:\Windows\System\zyrhRef.exe
  2⤵
  PID:8768
- C:\Windows\System\izFJqsH.exe
  C:\Windows\System\izFJqsH.exe
  2⤵
  PID:8828
- C:\Windows\System\RhrrdCy.exe
  C:\Windows\System\RhrrdCy.exe
  2⤵
  PID:8904
- C:\Windows\System\MHWuIDE.exe
  C:\Windows\System\MHWuIDE.exe
  2⤵
  PID:8964
- C:\Windows\System\NwblKJt.exe
  C:\Windows\System\NwblKJt.exe
  2⤵
  PID:9024
- C:\Windows\System\lZWsCyn.exe
  C:\Windows\System\lZWsCyn.exe
  2⤵
  PID:9100
- C:\Windows\System\ZviTREO.exe
  C:\Windows\System\ZviTREO.exe
  2⤵
  PID:9160
- C:\Windows\System\jNFaAlf.exe
  C:\Windows\System\jNFaAlf.exe
  2⤵
  PID:3024
- C:\Windows\System\mlcWaEt.exe
  C:\Windows\System\mlcWaEt.exe
  2⤵
  PID:4876
- C:\Windows\System\SncYMgy.exe
  C:\Windows\System\SncYMgy.exe
  2⤵
  PID:3924
- C:\Windows\System\zjSaRxj.exe
  C:\Windows\System\zjSaRxj.exe
  2⤵
  PID:8348
- C:\Windows\System\XBUymwq.exe
  C:\Windows\System\XBUymwq.exe
  2⤵
  PID:8464
- C:\Windows\System\tTxxbpM.exe
  C:\Windows\System\tTxxbpM.exe
  2⤵
  PID:8568
- C:\Windows\System\hhLXRgT.exe
  C:\Windows\System\hhLXRgT.exe
  2⤵
  PID:8684
- C:\Windows\System\NKfxrXr.exe
  C:\Windows\System\NKfxrXr.exe
  2⤵
  PID:8800
- C:\Windows\System\AoYONAZ.exe
  C:\Windows\System\AoYONAZ.exe
  2⤵
  PID:8936
- C:\Windows\System\UKSlfNl.exe
  C:\Windows\System\UKSlfNl.exe
  2⤵
  PID:9076
- C:\Windows\System\lkCcdLZ.exe
  C:\Windows\System\lkCcdLZ.exe
  2⤵
  PID:7780
- C:\Windows\System\qTrMrqz.exe
  C:\Windows\System\qTrMrqz.exe
  2⤵
  PID:1044
- C:\Windows\System\KlXrWfQ.exe
  C:\Windows\System\KlXrWfQ.exe
  2⤵
  PID:3892
- C:\Windows\System\YBlCxVG.exe
  C:\Windows\System\YBlCxVG.exe
  2⤵
  PID:8740
- C:\Windows\System\ZSVDttX.exe
  C:\Windows\System\ZSVDttX.exe
  2⤵
  PID:9236
- C:\Windows\System\MQliHIx.exe
  C:\Windows\System\MQliHIx.exe
  2⤵
  PID:9264
- C:\Windows\System\CSoMJCs.exe
  C:\Windows\System\CSoMJCs.exe
  2⤵
  PID:9292
- C:\Windows\System\YajuoBL.exe
  C:\Windows\System\YajuoBL.exe
  2⤵
  PID:9320
- C:\Windows\System\fTxSXMf.exe
  C:\Windows\System\fTxSXMf.exe
  2⤵
  PID:9348
- C:\Windows\System\kFQCKbj.exe
  C:\Windows\System\kFQCKbj.exe
  2⤵
  PID:9376
- C:\Windows\System\SPXYvTr.exe
  C:\Windows\System\SPXYvTr.exe
  2⤵
  PID:9404
- C:\Windows\System\EKJYYsJ.exe
  C:\Windows\System\EKJYYsJ.exe
  2⤵
  PID:9432
- C:\Windows\System\JypaTaq.exe
  C:\Windows\System\JypaTaq.exe
  2⤵
  PID:9460
- C:\Windows\System\bWGVXfd.exe
  C:\Windows\System\bWGVXfd.exe
  2⤵
  PID:9488
- C:\Windows\System\SNtQcuA.exe
  C:\Windows\System\SNtQcuA.exe
  2⤵
  PID:9516
- C:\Windows\System\vxEgQfY.exe
  C:\Windows\System\vxEgQfY.exe
  2⤵
  PID:9544
- C:\Windows\System\PaPhuaM.exe
  C:\Windows\System\PaPhuaM.exe
  2⤵
  PID:9572
- C:\Windows\System\wMHSTXi.exe
  C:\Windows\System\wMHSTXi.exe
  2⤵
  PID:9600
- C:\Windows\System\vtdllGc.exe
  C:\Windows\System\vtdllGc.exe
  2⤵
  PID:9628
- C:\Windows\System\mWZNoQK.exe
  C:\Windows\System\mWZNoQK.exe
  2⤵
  PID:9656
- C:\Windows\System\fgCYBfR.exe
  C:\Windows\System\fgCYBfR.exe
  2⤵
  PID:9684
- C:\Windows\System\vUWuBvz.exe
  C:\Windows\System\vUWuBvz.exe
  2⤵
  PID:9712
- C:\Windows\System\iFMfSHj.exe
  C:\Windows\System\iFMfSHj.exe
  2⤵
  PID:9740
- C:\Windows\System\AUgZLsl.exe
  C:\Windows\System\AUgZLsl.exe
  2⤵
  PID:9768
- C:\Windows\System\WwUdgbM.exe
  C:\Windows\System\WwUdgbM.exe
  2⤵
  PID:9804
- C:\Windows\System\iGOAqVs.exe
  C:\Windows\System\iGOAqVs.exe
  2⤵
  PID:9836
- C:\Windows\System\XmJtCEN.exe
  C:\Windows\System\XmJtCEN.exe
  2⤵
  PID:9864
- C:\Windows\System\hNLNVyH.exe
  C:\Windows\System\hNLNVyH.exe
  2⤵
  PID:9892
- C:\Windows\System\MkOopHN.exe
  C:\Windows\System\MkOopHN.exe
  2⤵
  PID:9920
- C:\Windows\System\TWTksUR.exe
  C:\Windows\System\TWTksUR.exe
  2⤵
  PID:9948
- C:\Windows\System\hZANScR.exe
  C:\Windows\System\hZANScR.exe
  2⤵
  PID:9976
- C:\Windows\System\GddnjiA.exe
  C:\Windows\System\GddnjiA.exe
  2⤵
  PID:10000
- C:\Windows\System\aFroTeP.exe
  C:\Windows\System\aFroTeP.exe
  2⤵
  PID:10028
- C:\Windows\System\iGbzEZP.exe
  C:\Windows\System\iGbzEZP.exe
  2⤵
  PID:10060
- C:\Windows\System\hwHcwoC.exe
  C:\Windows\System\hwHcwoC.exe
  2⤵
  PID:10088
- C:\Windows\System\OktGHdR.exe
  C:\Windows\System\OktGHdR.exe
  2⤵
  PID:10196
- C:\Windows\System\QSINQRS.exe
  C:\Windows\System\QSINQRS.exe
  2⤵
  PID:10232
- C:\Windows\System\HyHdblk.exe
  C:\Windows\System\HyHdblk.exe
  2⤵
  PID:9052
- C:\Windows\System\KsMGqUd.exe
  C:\Windows\System\KsMGqUd.exe
  2⤵
  PID:8404
- C:\Windows\System\uwjMcVy.exe
  C:\Windows\System\uwjMcVy.exe
  2⤵
  PID:8652
- C:\Windows\System\KqAzJpK.exe
  C:\Windows\System\KqAzJpK.exe
  2⤵
  PID:9256
- C:\Windows\System\hGlWzTd.exe
  C:\Windows\System\hGlWzTd.exe
  2⤵
  PID:9340
- C:\Windows\System\JfSrxgo.exe
  C:\Windows\System\JfSrxgo.exe
  2⤵
  PID:9396
- C:\Windows\System\lShvxFp.exe
  C:\Windows\System\lShvxFp.exe
  2⤵
  PID:9452
- C:\Windows\System\AXDtMdq.exe
  C:\Windows\System\AXDtMdq.exe
  2⤵
  PID:9508
- C:\Windows\System\oTWEyuP.exe
  C:\Windows\System\oTWEyuP.exe
  2⤵
  PID:9560
- C:\Windows\System\yQhkWFe.exe
  C:\Windows\System\yQhkWFe.exe
  2⤵
  PID:9616
- C:\Windows\System\fKIxkQY.exe
  C:\Windows\System\fKIxkQY.exe
  2⤵
  PID:3728
- C:\Windows\System\EzNPWan.exe
  C:\Windows\System\EzNPWan.exe
  2⤵
  PID:9704
- C:\Windows\System\DMEGFwk.exe
  C:\Windows\System\DMEGFwk.exe
  2⤵
  PID:9780
- C:\Windows\System\UiefTWE.exe
  C:\Windows\System\UiefTWE.exe
  2⤵
  PID:9848
- C:\Windows\System\MeSLQpJ.exe
  C:\Windows\System\MeSLQpJ.exe
  2⤵
  PID:9884
- C:\Windows\System\UDmcreE.exe
  C:\Windows\System\UDmcreE.exe
  2⤵
  PID:9936
- C:\Windows\System\gAIMBCQ.exe
  C:\Windows\System\gAIMBCQ.exe
  2⤵
  PID:9988
- C:\Windows\System\xRskpog.exe
  C:\Windows\System\xRskpog.exe
  2⤵
  PID:772
- C:\Windows\System\mlKNPTC.exe
  C:\Windows\System\mlKNPTC.exe
  2⤵
  PID:10052
- C:\Windows\System\qGBCJrM.exe
  C:\Windows\System\qGBCJrM.exe
  2⤵
  PID:2608
- C:\Windows\System\WHogklb.exe
  C:\Windows\System\WHogklb.exe
  2⤵
  PID:4576
- C:\Windows\System\ftYWkNe.exe
  C:\Windows\System\ftYWkNe.exe
  2⤵
  PID:3232
- C:\Windows\System\SqoItpI.exe
  C:\Windows\System\SqoItpI.exe
  2⤵
  PID:1596
- C:\Windows\System\ExrPAzx.exe
  C:\Windows\System\ExrPAzx.exe
  2⤵
  PID:2856
- C:\Windows\System\QAMvmTA.exe
  C:\Windows\System\QAMvmTA.exe
  2⤵
  PID:10224
- C:\Windows\System\ZMuQnJt.exe
  C:\Windows\System\ZMuQnJt.exe
  2⤵
  PID:7440
- C:\Windows\System\zHQfmiH.exe
  C:\Windows\System\zHQfmiH.exe
  2⤵
  PID:3476
- C:\Windows\System\HDvOlrz.exe
  C:\Windows\System\HDvOlrz.exe
  2⤵
  PID:9388
- C:\Windows\System\ccFJkdj.exe
  C:\Windows\System\ccFJkdj.exe
  2⤵
  PID:9556
- C:\Windows\System\jVAejVG.exe
  C:\Windows\System\jVAejVG.exe
  2⤵
  PID:9668
- C:\Windows\System\XuVEtyk.exe
  C:\Windows\System\XuVEtyk.exe
  2⤵
  PID:9816
- C:\Windows\System\YRWJPFG.exe
  C:\Windows\System\YRWJPFG.exe
  2⤵
  PID:9932
- C:\Windows\System\DJIMQVp.exe
  C:\Windows\System\DJIMQVp.exe
  2⤵
  PID:10048
- C:\Windows\System\rEIRtCi.exe
  C:\Windows\System\rEIRtCi.exe
  2⤵
  PID:4372
- C:\Windows\System\CSFFpnR.exe
  C:\Windows\System\CSFFpnR.exe
  2⤵
  PID:2108
- C:\Windows\System\MjYBiWw.exe
  C:\Windows\System\MjYBiWw.exe
  2⤵
  PID:10208
- C:\Windows\System\wItPoBO.exe
  C:\Windows\System\wItPoBO.exe
  2⤵
  PID:9248
- C:\Windows\System\inIepbZ.exe
  C:\Windows\System\inIepbZ.exe
  2⤵
  PID:3160
- C:\Windows\System\QDtJKWW.exe
  C:\Windows\System\QDtJKWW.exe
  2⤵
  PID:9876
- C:\Windows\System\IPnsLiq.exe
  C:\Windows\System\IPnsLiq.exe
  2⤵
  PID:2904
- C:\Windows\System\jxJZPOx.exe
  C:\Windows\System\jxJZPOx.exe
  2⤵
  PID:3256
- C:\Windows\System\KzHIprb.exe
  C:\Windows\System\KzHIprb.exe
  2⤵
  PID:3436
- C:\Windows\System\YZdhRhq.exe
  C:\Windows\System\YZdhRhq.exe
  2⤵
  PID:3496
- C:\Windows\System\fPvZhGG.exe
  C:\Windows\System\fPvZhGG.exe
  2⤵
  PID:10228
- C:\Windows\System\ZBFcMhv.exe
  C:\Windows\System\ZBFcMhv.exe
  2⤵
  PID:10256
- C:\Windows\System\TNjBEbL.exe
  C:\Windows\System\TNjBEbL.exe
  2⤵
  PID:10296
- C:\Windows\System\ECZhKVH.exe
  C:\Windows\System\ECZhKVH.exe
  2⤵
  PID:10324
- C:\Windows\System\sSuJgEY.exe
  C:\Windows\System\sSuJgEY.exe
  2⤵
  PID:10352
- C:\Windows\System\VHZhhnP.exe
  C:\Windows\System\VHZhhnP.exe
  2⤵
  PID:10380
- C:\Windows\System\YcCdcbn.exe
  C:\Windows\System\YcCdcbn.exe
  2⤵
  PID:10428
- C:\Windows\System\XacCtuR.exe
  C:\Windows\System\XacCtuR.exe
  2⤵
  PID:10492
- C:\Windows\System\DrziaOt.exe
  C:\Windows\System\DrziaOt.exe
  2⤵
  PID:10524
- C:\Windows\System\uWAXUGM.exe
  C:\Windows\System\uWAXUGM.exe
  2⤵
  PID:10552
- C:\Windows\System\gGRCGqm.exe
  C:\Windows\System\gGRCGqm.exe
  2⤵
  PID:10592
- C:\Windows\System\OKlelKn.exe
  C:\Windows\System\OKlelKn.exe
  2⤵
  PID:10656
- C:\Windows\System\beVOAxe.exe
  C:\Windows\System\beVOAxe.exe
  2⤵
  PID:10724
- C:\Windows\System\KSuyksa.exe
  C:\Windows\System\KSuyksa.exe
  2⤵
  PID:10748
- C:\Windows\System\giXKIAa.exe
  C:\Windows\System\giXKIAa.exe
  2⤵
  PID:10784
- C:\Windows\System\zWiWVAL.exe
  C:\Windows\System\zWiWVAL.exe
  2⤵
  PID:10808
- C:\Windows\System\CWRoesu.exe
  C:\Windows\System\CWRoesu.exe
  2⤵
  PID:10848
- C:\Windows\System\shyXarK.exe
  C:\Windows\System\shyXarK.exe
  2⤵
  PID:10876
- C:\Windows\System\GmCCFyX.exe
  C:\Windows\System\GmCCFyX.exe
  2⤵
  PID:10904
- C:\Windows\System\gTOtCsk.exe
  C:\Windows\System\gTOtCsk.exe
  2⤵
  PID:10940
- C:\Windows\System\hONDcuW.exe
  C:\Windows\System\hONDcuW.exe
  2⤵
  PID:10972
- C:\Windows\System\xMjkTXy.exe
  C:\Windows\System\xMjkTXy.exe
  2⤵
  PID:11000
- C:\Windows\System\PtnGgAj.exe
  C:\Windows\System\PtnGgAj.exe
  2⤵
  PID:11028
- C:\Windows\System\waydBBr.exe
  C:\Windows\System\waydBBr.exe
  2⤵
  PID:11056
- C:\Windows\System\ohfFhPS.exe
  C:\Windows\System\ohfFhPS.exe
  2⤵
  PID:11084
- C:\Windows\System\OBhMbaQ.exe
  C:\Windows\System\OBhMbaQ.exe
  2⤵
  PID:11116
- C:\Windows\System\qzLVcFW.exe
  C:\Windows\System\qzLVcFW.exe
  2⤵
  PID:11144
- C:\Windows\System\FWPQxjy.exe
  C:\Windows\System\FWPQxjy.exe
  2⤵
  PID:11172
- C:\Windows\System\PPPJcsu.exe
  C:\Windows\System\PPPJcsu.exe
  2⤵
  PID:11200
- C:\Windows\System\dMbzjVH.exe
  C:\Windows\System\dMbzjVH.exe
  2⤵
  PID:11228
- C:\Windows\System\QHLunUr.exe
  C:\Windows\System\QHLunUr.exe
  2⤵
  PID:10248
- C:\Windows\System\pPkTAgW.exe
  C:\Windows\System\pPkTAgW.exe
  2⤵
  PID:10284
- C:\Windows\System\qpStwca.exe
  C:\Windows\System\qpStwca.exe
  2⤵
  PID:10344
- C:\Windows\System\LgHeGRT.exe
  C:\Windows\System\LgHeGRT.exe
  2⤵
  PID:1812
- C:\Windows\System\UIydjCt.exe
  C:\Windows\System\UIydjCt.exe
  2⤵
  PID:10408
- C:\Windows\System\EGycGAt.exe
  C:\Windows\System\EGycGAt.exe
  2⤵
  PID:10516
- C:\Windows\System\ShOKVko.exe
  C:\Windows\System\ShOKVko.exe
  2⤵
  PID:10584
- C:\Windows\System\IrjRcJf.exe
  C:\Windows\System\IrjRcJf.exe
  2⤵
  PID:10704
- C:\Windows\System\LrpJMEM.exe
  C:\Windows\System\LrpJMEM.exe
  2⤵
  PID:2712
- C:\Windows\System\AxblGIJ.exe
  C:\Windows\System\AxblGIJ.exe
  2⤵
  PID:10860
- C:\Windows\System\XrLbAKN.exe
  C:\Windows\System\XrLbAKN.exe
  2⤵
  PID:10932
- C:\Windows\System\TLlPQUg.exe
  C:\Windows\System\TLlPQUg.exe
  2⤵
  PID:10984
- C:\Windows\System\OQDgNIE.exe
  C:\Windows\System\OQDgNIE.exe
  2⤵
  PID:11048
- C:\Windows\System\vyIBWSs.exe
  C:\Windows\System\vyIBWSs.exe
  2⤵
  PID:11108
- C:\Windows\System\RQDXIPd.exe
  C:\Windows\System\RQDXIPd.exe
  2⤵
  PID:11164
- C:\Windows\System\IEKRrYF.exe
  C:\Windows\System\IEKRrYF.exe
  2⤵
  PID:11224
- C:\Windows\System\XiROIbM.exe
  C:\Windows\System\XiROIbM.exe
  2⤵
  PID:10320
- C:\Windows\System\iZJGONr.exe
  C:\Windows\System\iZJGONr.exe
  2⤵
  PID:10424
- C:\Windows\System\OZNTMYJ.exe
  C:\Windows\System\OZNTMYJ.exe
  2⤵
  PID:10568
- C:\Windows\System\RhXoGXZ.exe
  C:\Windows\System\RhXoGXZ.exe
  2⤵
  PID:10792
- C:\Windows\System\nluHIaC.exe
  C:\Windows\System\nluHIaC.exe
  2⤵
  PID:4864
- C:\Windows\System\TOLxvrp.exe
  C:\Windows\System\TOLxvrp.exe
  2⤵
  PID:2184
- C:\Windows\System\yAOkVXn.exe
  C:\Windows\System\yAOkVXn.exe
  2⤵
  PID:1016
- C:\Windows\System\oURIMJB.exe
  C:\Windows\System\oURIMJB.exe
  2⤵
  PID:3176
- C:\Windows\System\EoNRkaz.exe
  C:\Windows\System\EoNRkaz.exe
  2⤵
  PID:10896
- C:\Windows\System\PeGJnOc.exe
  C:\Windows\System\PeGJnOc.exe
  2⤵
  PID:11012
- C:\Windows\System\GhpvSME.exe
  C:\Windows\System\GhpvSME.exe
  2⤵
  PID:11140
- C:\Windows\System\PbKdCln.exe
  C:\Windows\System\PbKdCln.exe
  2⤵
  PID:10280
- C:\Windows\System\JwplzOA.exe
  C:\Windows\System\JwplzOA.exe
  2⤵
  PID:10700
- C:\Windows\System\weyZKvS.exe
  C:\Windows\System\weyZKvS.exe
  2⤵
  PID:3168
- C:\Windows\System\rNVbMLJ.exe
  C:\Windows\System\rNVbMLJ.exe
  2⤵
  PID:4048
- C:\Windows\System\UxlfeNx.exe
  C:\Windows\System\UxlfeNx.exe
  2⤵
  PID:11076
- C:\Windows\System\yXKcVsW.exe
  C:\Windows\System\yXKcVsW.exe
  2⤵
  PID:10272
- C:\Windows\System\XupzUGF.exe
  C:\Windows\System\XupzUGF.exe
  2⤵
  PID:3124
- C:\Windows\System\AqhkuHM.exe
  C:\Windows\System\AqhkuHM.exe
  2⤵
  PID:10968
- C:\Windows\System\wXXKpxp.exe
  C:\Windows\System\wXXKpxp.exe
  2⤵
  PID:2360
- C:\Windows\System\WuExRir.exe
  C:\Windows\System\WuExRir.exe
  2⤵
  PID:4672
- C:\Windows\System\mnGIvKx.exe
  C:\Windows\System\mnGIvKx.exe
  2⤵
  PID:11292
- C:\Windows\System\vdCflfM.exe
  C:\Windows\System\vdCflfM.exe
  2⤵
  PID:11320
- C:\Windows\System\rnagPDv.exe
  C:\Windows\System\rnagPDv.exe
  2⤵
  PID:11348
- C:\Windows\System\ihquMSP.exe
  C:\Windows\System\ihquMSP.exe
  2⤵
  PID:11376
- C:\Windows\System\dwHIHpn.exe
  C:\Windows\System\dwHIHpn.exe
  2⤵
  PID:11404
- C:\Windows\System\oDNbjhH.exe
  C:\Windows\System\oDNbjhH.exe
  2⤵
  PID:11432
- C:\Windows\System\caJKuWv.exe
  C:\Windows\System\caJKuWv.exe
  2⤵
  PID:11460
- C:\Windows\System\EtwUSmI.exe
  C:\Windows\System\EtwUSmI.exe
  2⤵
  PID:11488
- C:\Windows\System\HttQPLr.exe
  C:\Windows\System\HttQPLr.exe
  2⤵
  PID:11516
- C:\Windows\System\IUqqshh.exe
  C:\Windows\System\IUqqshh.exe
  2⤵
  PID:11544
- C:\Windows\System\mRbbexG.exe
  C:\Windows\System\mRbbexG.exe
  2⤵
  PID:11572
- C:\Windows\System\pZEZsrK.exe
  C:\Windows\System\pZEZsrK.exe
  2⤵
  PID:11604
- C:\Windows\System\vXEevxv.exe
  C:\Windows\System\vXEevxv.exe
  2⤵
  PID:11620
- C:\Windows\System\eMQLkGq.exe
  C:\Windows\System\eMQLkGq.exe
  2⤵
  PID:11660
- C:\Windows\System\oEGQcDX.exe
  C:\Windows\System\oEGQcDX.exe
  2⤵
  PID:11696
- C:\Windows\System\FpaVLim.exe
  C:\Windows\System\FpaVLim.exe
  2⤵
  PID:11732
- C:\Windows\System\GEVszQc.exe
  C:\Windows\System\GEVszQc.exe
  2⤵
  PID:11760
- C:\Windows\System\UBRucVT.exe
  C:\Windows\System\UBRucVT.exe
  2⤵
  PID:11788
- C:\Windows\System\fwVaGKk.exe
  C:\Windows\System\fwVaGKk.exe
  2⤵
  PID:11820
- C:\Windows\System\IBXODpw.exe
  C:\Windows\System\IBXODpw.exe
  2⤵
  PID:11848
- C:\Windows\System\wVBULQB.exe
  C:\Windows\System\wVBULQB.exe
  2⤵
  PID:11876
- C:\Windows\System\nGmLLhm.exe
  C:\Windows\System\nGmLLhm.exe
  2⤵
  PID:11904
- C:\Windows\System\SwKrgfi.exe
  C:\Windows\System\SwKrgfi.exe
  2⤵
  PID:11932
- C:\Windows\System\WsnxRhy.exe
  C:\Windows\System\WsnxRhy.exe
  2⤵
  PID:11960
- C:\Windows\System\GsbgLkX.exe
  C:\Windows\System\GsbgLkX.exe
  2⤵
  PID:11988
- C:\Windows\System\QCarGsX.exe
  C:\Windows\System\QCarGsX.exe
  2⤵
  PID:12016
- C:\Windows\System\WTfhgtX.exe
  C:\Windows\System\WTfhgtX.exe
  2⤵
  PID:12048
- C:\Windows\System\KgXzyEo.exe
  C:\Windows\System\KgXzyEo.exe
  2⤵
  PID:12088
- C:\Windows\System\iDUSRNm.exe
  C:\Windows\System\iDUSRNm.exe
  2⤵
  PID:12144
- C:\Windows\System\tdwNMTS.exe
  C:\Windows\System\tdwNMTS.exe
  2⤵
  PID:12188
- C:\Windows\System\iTDcEwc.exe
  C:\Windows\System\iTDcEwc.exe
  2⤵
  PID:12224
- C:\Windows\System\OWlhIEA.exe
  C:\Windows\System\OWlhIEA.exe
  2⤵
  PID:12252
- C:\Windows\System\dENFKXc.exe
  C:\Windows\System\dENFKXc.exe
  2⤵
  PID:12280
- C:\Windows\System\jUVMItR.exe
  C:\Windows\System\jUVMItR.exe
  2⤵
  PID:11312
- C:\Windows\System\llItGXs.exe
  C:\Windows\System\llItGXs.exe
  2⤵
  PID:11372
- C:\Windows\System\qOsiNbo.exe
  C:\Windows\System\qOsiNbo.exe
  2⤵
  PID:11452
- C:\Windows\System\BJIZdvi.exe
  C:\Windows\System\BJIZdvi.exe
  2⤵
  PID:11512
- C:\Windows\System\FfDHauS.exe
  C:\Windows\System\FfDHauS.exe
  2⤵
  PID:11588
- C:\Windows\System\DvyzhNX.exe
  C:\Windows\System\DvyzhNX.exe
  2⤵
  PID:11640
- C:\Windows\System\MoHnQFL.exe
  C:\Windows\System\MoHnQFL.exe
  2⤵
  PID:11592
- C:\Windows\System\IkDiRyz.exe
  C:\Windows\System\IkDiRyz.exe
  2⤵
  PID:10464
- C:\Windows\System\hEmhReD.exe
  C:\Windows\System\hEmhReD.exe
  2⤵
  PID:10456
- C:\Windows\System\JWBVmgG.exe
  C:\Windows\System\JWBVmgG.exe
  2⤵
  PID:11748
- C:\Windows\System\afSHosG.exe
  C:\Windows\System\afSHosG.exe
  2⤵
  PID:11812
- C:\Windows\System\qaaezHA.exe
  C:\Windows\System\qaaezHA.exe
  2⤵
  PID:4956
- C:\Windows\System\NwNLVAW.exe
  C:\Windows\System\NwNLVAW.exe
  2⤵
  PID:11928
- C:\Windows\System\MrozZCw.exe
  C:\Windows\System\MrozZCw.exe
  2⤵
  PID:12000
- C:\Windows\System\CqfYCNU.exe
  C:\Windows\System\CqfYCNU.exe
  2⤵
  PID:2956
- C:\Windows\System\YcfWDVT.exe
  C:\Windows\System\YcfWDVT.exe
  2⤵
  PID:12120
- C:\Windows\System\KsWsQzK.exe
  C:\Windows\System\KsWsQzK.exe
  2⤵
  PID:2256
- C:\Windows\System\QJscCKR.exe
  C:\Windows\System\QJscCKR.exe
  2⤵
  PID:11304
- C:\Windows\System\ufYQRvo.exe
  C:\Windows\System\ufYQRvo.exe
  2⤵
  PID:11368
- C:\Windows\System\PWvepbW.exe
  C:\Windows\System\PWvepbW.exe
  2⤵
  PID:11500
- C:\Windows\System\pBPQGyM.exe
  C:\Windows\System\pBPQGyM.exe
  2⤵
  PID:12128
- C:\Windows\System\ICWploh.exe
  C:\Windows\System\ICWploh.exe
  2⤵
  PID:12212
- C:\Windows\System\mFBxSix.exe
  C:\Windows\System\mFBxSix.exe
  2⤵
  PID:1244
- C:\Windows\System\ZnYpidP.exe
  C:\Windows\System\ZnYpidP.exe
  2⤵
  PID:11672
- C:\Windows\System\wjvvmnF.exe
  C:\Windows\System\wjvvmnF.exe
  2⤵
  PID:11728
- C:\Windows\System\SjHYIAM.exe
  C:\Windows\System\SjHYIAM.exe
  2⤵
  PID:11804
- C:\Windows\System\LtuLASd.exe
  C:\Windows\System\LtuLASd.exe
  2⤵
  PID:11956
- C:\Windows\System\OiVjLdZ.exe
  C:\Windows\System\OiVjLdZ.exe
  2⤵
  PID:12116
- C:\Windows\System\drgiOXB.exe
  C:\Windows\System\drgiOXB.exe
  2⤵
  PID:12264
- C:\Windows\System\yEkurGl.exe
  C:\Windows\System\yEkurGl.exe
  2⤵
  PID:11480
- C:\Windows\System\zipDmYN.exe
  C:\Windows\System\zipDmYN.exe
  2⤵
  PID:12208
- C:\Windows\System\AOdeqUu.exe
  C:\Windows\System\AOdeqUu.exe
  2⤵
  PID:10736
- C:\Windows\System\ZjhCqhu.exe
  C:\Windows\System\ZjhCqhu.exe
  2⤵
  PID:11924
- C:\Windows\System\WBcRIoj.exe
  C:\Windows\System\WBcRIoj.exe
  2⤵
  PID:4948
- C:\Windows\System\ioDSzCz.exe
  C:\Windows\System\ioDSzCz.exe
  2⤵
  PID:4888
- C:\Windows\System\RKekOnv.exe
  C:\Windows\System\RKekOnv.exe
  2⤵
  PID:12220
- C:\Windows\System\uuwPOEL.exe
  C:\Windows\System\uuwPOEL.exe
  2⤵
  PID:11920
- C:\Windows\System\yeerpEa.exe
  C:\Windows\System\yeerpEa.exe
  2⤵
  PID:12308
- C:\Windows\System\jRLvPYt.exe
  C:\Windows\System\jRLvPYt.exe
  2⤵
  PID:12340
- C:\Windows\System\JbOkksi.exe
  C:\Windows\System\JbOkksi.exe
  2⤵
  PID:12372
- C:\Windows\System\TJoSJTt.exe
  C:\Windows\System\TJoSJTt.exe
  2⤵
  PID:12400
- C:\Windows\System\XuBrrRb.exe
  C:\Windows\System\XuBrrRb.exe
  2⤵
  PID:12428
- C:\Windows\System\SHWQHev.exe
  C:\Windows\System\SHWQHev.exe
  2⤵
  PID:12456
- C:\Windows\System\NpBDKPd.exe
  C:\Windows\System\NpBDKPd.exe
  2⤵
  PID:12484
- C:\Windows\System\UtlJRtN.exe
  C:\Windows\System\UtlJRtN.exe
  2⤵
  PID:12524
- C:\Windows\System\TwdODmJ.exe
  C:\Windows\System\TwdODmJ.exe
  2⤵
  PID:12540
- C:\Windows\System\vUUJZYy.exe
  C:\Windows\System\vUUJZYy.exe
  2⤵
  PID:12568
- C:\Windows\System\FjRiPze.exe
  C:\Windows\System\FjRiPze.exe
  2⤵
  PID:12596
- C:\Windows\System\NMBjFKP.exe
  C:\Windows\System\NMBjFKP.exe
  2⤵
  PID:12624
- C:\Windows\System\neZDQpp.exe
  C:\Windows\System\neZDQpp.exe
  2⤵
  PID:12652
- C:\Windows\System\XyxcqpY.exe
  C:\Windows\System\XyxcqpY.exe
  2⤵
  PID:12680
- C:\Windows\System\TnEgRIN.exe
  C:\Windows\System\TnEgRIN.exe
  2⤵
  PID:12708
- C:\Windows\System\ydcTcfG.exe
  C:\Windows\System\ydcTcfG.exe
  2⤵
  PID:12736
- C:\Windows\System\ZwFLFPp.exe
  C:\Windows\System\ZwFLFPp.exe
  2⤵
  PID:12764
- C:\Windows\System\xlzVmeI.exe
  C:\Windows\System\xlzVmeI.exe
  2⤵
  PID:12792
- C:\Windows\System\PsJPrmz.exe
  C:\Windows\System\PsJPrmz.exe
  2⤵
  PID:12820
- C:\Windows\System\NaOakzK.exe
  C:\Windows\System\NaOakzK.exe
  2⤵
  PID:12848
- C:\Windows\System\QlMaKAK.exe
  C:\Windows\System\QlMaKAK.exe
  2⤵
  PID:12876
- C:\Windows\System\hDIXLTU.exe
  C:\Windows\System\hDIXLTU.exe
  2⤵
  PID:12904
- C:\Windows\System\CEAGyRn.exe
  C:\Windows\System\CEAGyRn.exe
  2⤵
  PID:12932
- C:\Windows\System\cLpRYtd.exe
  C:\Windows\System\cLpRYtd.exe
  2⤵
  PID:12960
- C:\Windows\System\DeeCqlv.exe
  C:\Windows\System\DeeCqlv.exe
  2⤵
  PID:12988
- C:\Windows\System\WNvlJBx.exe
  C:\Windows\System\WNvlJBx.exe
  2⤵
  PID:13016
- C:\Windows\System\CpNgQTK.exe
  C:\Windows\System\CpNgQTK.exe
  2⤵
  PID:13044
- C:\Windows\System\GWgkPfw.exe
  C:\Windows\System\GWgkPfw.exe
  2⤵
  PID:13072
- C:\Windows\System\aQbUqqu.exe
  C:\Windows\System\aQbUqqu.exe
  2⤵
  PID:13100
- C:\Windows\System\hggFCrv.exe
  C:\Windows\System\hggFCrv.exe
  2⤵
  PID:13132
- C:\Windows\System\xdYTYol.exe
  C:\Windows\System\xdYTYol.exe
  2⤵
  PID:13160
- C:\Windows\System\bItiehL.exe
  C:\Windows\System\bItiehL.exe
  2⤵
  PID:13188
- C:\Windows\System\tTnVzcM.exe
  C:\Windows\System\tTnVzcM.exe
  2⤵
  PID:13216
- C:\Windows\System\cQambkA.exe
  C:\Windows\System\cQambkA.exe
  2⤵
  PID:13244
- C:\Windows\System\TZeGEHi.exe
  C:\Windows\System\TZeGEHi.exe
  2⤵
  PID:13272
- C:\Windows\System\goiJyAm.exe
  C:\Windows\System\goiJyAm.exe
  2⤵
  PID:13300
- C:\Windows\System\amHlNga.exe
  C:\Windows\System\amHlNga.exe
  2⤵
  PID:12304
- C:\Windows\System\JxBDOBw.exe
  C:\Windows\System\JxBDOBw.exe
  2⤵
  PID:12364
- C:\Windows\System\qMjbECD.exe
  C:\Windows\System\qMjbECD.exe
  2⤵
  PID:12468
- C:\Windows\System\cKnftBT.exe
  C:\Windows\System\cKnftBT.exe
  2⤵
  PID:5076
- C:\Windows\System\isdsUnx.exe
  C:\Windows\System\isdsUnx.exe
  2⤵
  PID:12552
- C:\Windows\System\rWzrQCD.exe
  C:\Windows\System\rWzrQCD.exe
  2⤵
  PID:12616
- C:\Windows\System\psUFrfj.exe
  C:\Windows\System\psUFrfj.exe
  2⤵
  PID:12672
- C:\Windows\System\RHihIFO.exe
  C:\Windows\System\RHihIFO.exe
  2⤵
  PID:12732
- C:\Windows\System\ysszTOd.exe
  C:\Windows\System\ysszTOd.exe
  2⤵
  PID:12788
- C:\Windows\System\lvpCdUQ.exe
  C:\Windows\System\lvpCdUQ.exe
  2⤵
  PID:12864
- C:\Windows\System\RHXsvzw.exe
  C:\Windows\System\RHXsvzw.exe
  2⤵
  PID:12916
- C:\Windows\System\djXoMZo.exe
  C:\Windows\System\djXoMZo.exe
  2⤵
  PID:12972
- C:\Windows\System\otpBpYN.exe
  C:\Windows\System\otpBpYN.exe
  2⤵
  PID:13036
- C:\Windows\System\alRuhFP.exe
  C:\Windows\System\alRuhFP.exe
  2⤵
  PID:13096
- C:\Windows\System\bSVHPTv.exe
  C:\Windows\System\bSVHPTv.exe
  2⤵
  PID:13176
- C:\Windows\System\XdssMYu.exe
  C:\Windows\System\XdssMYu.exe
  2⤵
  PID:13236
- C:\Windows\System\sEHpowr.exe
  C:\Windows\System\sEHpowr.exe
  2⤵
  PID:13296
- C:\Windows\System\VJogVLr.exe
  C:\Windows\System\VJogVLr.exe
  2⤵
  PID:12396
- C:\Windows\System\rbZIyGw.exe
  C:\Windows\System\rbZIyGw.exe
  2⤵
  PID:12532
- C:\Windows\System\zWFDREx.exe
  C:\Windows\System\zWFDREx.exe
  2⤵
  PID:12664
- C:\Windows\System\XaJjdfW.exe
  C:\Windows\System\XaJjdfW.exe
  2⤵
  PID:12840
- C:\Windows\System\zrpqPwd.exe
  C:\Windows\System\zrpqPwd.exe
  2⤵
  PID:12956
- C:\Windows\System\MciPkBS.exe
  C:\Windows\System\MciPkBS.exe
  2⤵
  PID:13092
- C:\Windows\System\GGknDRa.exe
  C:\Windows\System\GGknDRa.exe
  2⤵
  PID:13264
- C:\Windows\System\ueLKQFW.exe
  C:\Windows\System\ueLKQFW.exe
  2⤵
  PID:12496
- C:\Windows\System\ttjJFSy.exe
  C:\Windows\System\ttjJFSy.exe
  2⤵
  PID:12816
- C:\Windows\System\gdsACvY.exe
  C:\Windows\System\gdsACvY.exe
  2⤵
  PID:13200
- C:\Windows\System\BGIifrQ.exe
  C:\Windows\System\BGIifrQ.exe
  2⤵
  PID:12756
- C:\Windows\System\NmChVss.exe
  C:\Windows\System\NmChVss.exe
  2⤵
  PID:3448
- C:\Windows\System\FFaAwwL.exe
  C:\Windows\System\FFaAwwL.exe
  2⤵
  PID:13328
- C:\Windows\System\wGhvoBp.exe
  C:\Windows\System\wGhvoBp.exe
  2⤵
  PID:13356
- C:\Windows\System\ZXEAbrX.exe
  C:\Windows\System\ZXEAbrX.exe
  2⤵
  PID:13384
- C:\Windows\System\JVlbXOr.exe
  C:\Windows\System\JVlbXOr.exe
  2⤵
  PID:13412
- C:\Windows\System\PPdpFin.exe
  C:\Windows\System\PPdpFin.exe
  2⤵
  PID:13440
- C:\Windows\System\hXJpiox.exe
  C:\Windows\System\hXJpiox.exe
  2⤵
  PID:13468
- C:\Windows\System\yTjCMHb.exe
  C:\Windows\System\yTjCMHb.exe
  2⤵
  PID:13496
- C:\Windows\System\sEsBDXg.exe
  C:\Windows\System\sEsBDXg.exe
  2⤵
  PID:13524
- C:\Windows\System\HOXeIIU.exe
  C:\Windows\System\HOXeIIU.exe
  2⤵
  PID:13552
- C:\Windows\System\AgcvWDl.exe
  C:\Windows\System\AgcvWDl.exe
  2⤵
  PID:13580
- C:\Windows\System\iMNRvVc.exe
  C:\Windows\System\iMNRvVc.exe
  2⤵
  PID:13608
- C:\Windows\System\umKgEHv.exe
  C:\Windows\System\umKgEHv.exe
  2⤵
  PID:13636
- C:\Windows\System\qyByfaE.exe
  C:\Windows\System\qyByfaE.exe
  2⤵
  PID:13664
- C:\Windows\System\FBaFsLj.exe
  C:\Windows\System\FBaFsLj.exe
  2⤵
  PID:13692
- C:\Windows\System\CKybPSp.exe
  C:\Windows\System\CKybPSp.exe
  2⤵
  PID:13720
- C:\Windows\System\aLxwzIW.exe
  C:\Windows\System\aLxwzIW.exe
  2⤵
  PID:13748
- C:\Windows\System\GyznvCL.exe
  C:\Windows\System\GyznvCL.exe
  2⤵
  PID:13776
- C:\Windows\System\ZmgRqUK.exe
  C:\Windows\System\ZmgRqUK.exe
  2⤵
  PID:13804
- C:\Windows\System\vWFyeXG.exe
  C:\Windows\System\vWFyeXG.exe
  2⤵
  PID:13836
- C:\Windows\System\vBeSkAh.exe
  C:\Windows\System\vBeSkAh.exe
  2⤵
  PID:13864
- C:\Windows\System\dcvTgmQ.exe
  C:\Windows\System\dcvTgmQ.exe
  2⤵
  PID:13892
- C:\Windows\System\YsnjnYa.exe
  C:\Windows\System\YsnjnYa.exe
  2⤵
  PID:13924
- C:\Windows\System\gnvgGQH.exe
  C:\Windows\System\gnvgGQH.exe
  2⤵
  PID:13952
- C:\Windows\System\zqcCJQT.exe
  C:\Windows\System\zqcCJQT.exe
  2⤵
  PID:13980
- C:\Windows\System\SQWzbon.exe
  C:\Windows\System\SQWzbon.exe
  2⤵
  PID:14008
- C:\Windows\System\vPyLmLF.exe
  C:\Windows\System\vPyLmLF.exe
  2⤵
  PID:14036
- C:\Windows\System\sRLBjkI.exe
  C:\Windows\System\sRLBjkI.exe
  2⤵
  PID:14064
- C:\Windows\System\IucOllf.exe
  C:\Windows\System\IucOllf.exe
  2⤵
  PID:14092
- C:\Windows\System\VpmARjr.exe
  C:\Windows\System\VpmARjr.exe
  2⤵
  PID:14120
- C:\Windows\System\jOsDEvB.exe
  C:\Windows\System\jOsDEvB.exe
  2⤵
  PID:14148
- C:\Windows\System\aghBpAn.exe
  C:\Windows\System\aghBpAn.exe
  2⤵
  PID:14176
- C:\Windows\System\uDLvhJG.exe
  C:\Windows\System\uDLvhJG.exe
  2⤵
  PID:14204
- C:\Windows\System\rogfnBL.exe
  C:\Windows\System\rogfnBL.exe
  2⤵
  PID:14232
- C:\Windows\System\urYgdwB.exe
  C:\Windows\System\urYgdwB.exe
  2⤵
  PID:14260
- C:\Windows\System\eEcVUDL.exe
  C:\Windows\System\eEcVUDL.exe
  2⤵
  PID:14288
- C:\Windows\System\EwmUahW.exe
  C:\Windows\System\EwmUahW.exe
  2⤵
  PID:14316
- C:\Windows\System\VKmazze.exe
  C:\Windows\System\VKmazze.exe
  2⤵
  PID:13324
- C:\Windows\System\bybOyoH.exe
  C:\Windows\System\bybOyoH.exe
  2⤵
  PID:13424
- C:\Windows\System\oqimANH.exe
  C:\Windows\System\oqimANH.exe
  2⤵
  PID:13460
- C:\Windows\System\LqVOErD.exe
  C:\Windows\System\LqVOErD.exe
  2⤵
  PID:13520
- C:\Windows\System\fLXHHKL.exe
  C:\Windows\System\fLXHHKL.exe
  2⤵
  PID:13596
- C:\Windows\System\DyrHFgI.exe
  C:\Windows\System\DyrHFgI.exe
  2⤵
  PID:13660
- C:\Windows\System\jbujYJo.exe
  C:\Windows\System\jbujYJo.exe
  2⤵
  PID:13712
- C:\Windows\System\slaJDvc.exe
  C:\Windows\System\slaJDvc.exe
  2⤵
  PID:13788
- C:\Windows\System\YaPDwto.exe
  C:\Windows\System\YaPDwto.exe
  2⤵
  PID:2732
- C:\Windows\System\qDTIDMN.exe
  C:\Windows\System\qDTIDMN.exe
  2⤵
  PID:13828
- C:\Windows\System\lDdYJvn.exe
  C:\Windows\System\lDdYJvn.exe
  2⤵
  PID:13888
- C:\Windows\System\DxAPxvz.exe
  C:\Windows\System\DxAPxvz.exe
  2⤵
  PID:13944
- C:\Windows\System\AewkdyA.exe
  C:\Windows\System\AewkdyA.exe
  2⤵
  PID:14032
- C:\Windows\System\RDTZwNW.exe
  C:\Windows\System\RDTZwNW.exe
  2⤵
  PID:14084
- C:\Windows\System\xWQnjoV.exe
  C:\Windows\System\xWQnjoV.exe
  2⤵
  PID:14144
- C:\Windows\System\zPoUOgy.exe
  C:\Windows\System\zPoUOgy.exe
  2⤵
  PID:14216
- C:\Windows\System\nTkBExY.exe
  C:\Windows\System\nTkBExY.exe
  2⤵
  PID:14280
- C:\Windows\System\GAkFuJI.exe
  C:\Windows\System\GAkFuJI.exe
  2⤵
  PID:13320
- C:\Windows\System\pbIPuFG.exe
  C:\Windows\System\pbIPuFG.exe
  2⤵
  PID:13436
- C:\Windows\System\WDFBYdt.exe
  C:\Windows\System\WDFBYdt.exe
  2⤵
  PID:3564
- C:\Windows\System\KwpSBBO.exe
  C:\Windows\System\KwpSBBO.exe
  2⤵
  PID:13576
- C:\Windows\System\IMZoVbW.exe
  C:\Windows\System\IMZoVbW.exe
  2⤵
  PID:1276
- C:\Windows\System\VIGkqyn.exe
  C:\Windows\System\VIGkqyn.exe
  2⤵
  PID:13856
- C:\Windows\System\GFQKmmt.exe
  C:\Windows\System\GFQKmmt.exe
  2⤵
  PID:14000
- C:\Windows\System\mEzvFOp.exe
  C:\Windows\System\mEzvFOp.exe
  2⤵
  PID:13996
- C:\Windows\System\SvuOHGP.exe
  C:\Windows\System\SvuOHGP.exe
  2⤵
  PID:14196
- C:\Windows\System\UlSYAnM.exe
  C:\Windows\System\UlSYAnM.exe
  2⤵
  PID:13316
- C:\Windows\System\YHKoueG.exe
  C:\Windows\System\YHKoueG.exe
  2⤵
  PID:13548
- C:\Windows\System\JNslqTa.exe
  C:\Windows\System\JNslqTa.exe
  2⤵
  PID:13744
- C:\Windows\System\DYhiSOX.exe
  C:\Windows\System\DYhiSOX.exe
  2⤵
  PID:3672
- C:\Windows\System\SxhPZCH.exe
  C:\Windows\System\SxhPZCH.exe
  2⤵
  PID:14112
- C:\Windows\System\TTvFViu.exe
  C:\Windows\System\TTvFViu.exe
  2⤵
  PID:13380
- C:\Windows\System\ukmmdhm.exe
  C:\Windows\System\ukmmdhm.exe
  2⤵
  PID:1504
- C:\Windows\System\MUdYSCy.exe
  C:\Windows\System\MUdYSCy.exe
  2⤵
  PID:6216
- C:\Windows\System\QwLOyGa.exe
  C:\Windows\System\QwLOyGa.exe
  2⤵
  PID:14328
- C:\Windows\System\IneCLpq.exe
  C:\Windows\System\IneCLpq.exe
  2⤵
  PID:14360
- C:\Windows\System\zlFpzzo.exe
  C:\Windows\System\zlFpzzo.exe
  2⤵
  PID:14388
- C:\Windows\System\gHzfnXH.exe
  C:\Windows\System\gHzfnXH.exe
  2⤵
  PID:14416
- C:\Windows\System\sQEXRKq.exe
  C:\Windows\System\sQEXRKq.exe
  2⤵
  PID:14444
- C:\Windows\System\Tkkjjun.exe
  C:\Windows\System\Tkkjjun.exe
  2⤵
  PID:14472
- C:\Windows\System\dgyPnDo.exe
  C:\Windows\System\dgyPnDo.exe
  2⤵
  PID:14504
- C:\Windows\System\ZwAffgC.exe
  C:\Windows\System\ZwAffgC.exe
  2⤵
  PID:14528
- C:\Windows\System\WKLOtYQ.exe
  C:\Windows\System\WKLOtYQ.exe
  2⤵
  PID:14564
- C:\Windows\System\myImiQg.exe
  C:\Windows\System\myImiQg.exe
  2⤵
  PID:14584
- C:\Windows\System\eDOCtIo.exe
  C:\Windows\System\eDOCtIo.exe
  2⤵
  PID:14612
- C:\Windows\System\HehWYuq.exe
  C:\Windows\System\HehWYuq.exe
  2⤵
  PID:14640
- C:\Windows\System\dWPfSac.exe
  C:\Windows\System\dWPfSac.exe
  2⤵
  PID:14664
- C:\Windows\System\yyGdMLX.exe
  C:\Windows\System\yyGdMLX.exe
  2⤵
  PID:14696
- C:\Windows\System\hzcFPSU.exe
  C:\Windows\System\hzcFPSU.exe
  2⤵
  PID:14728
- C:\Windows\System\lFbyyEz.exe
  C:\Windows\System\lFbyyEz.exe
  2⤵
  PID:14756
- C:\Windows\System\JNGaCyB.exe
  C:\Windows\System\JNGaCyB.exe
  2⤵
  PID:14776
- C:\Windows\System\iefSIBh.exe
  C:\Windows\System\iefSIBh.exe
  2⤵
  PID:14816
- C:\Windows\System\wPINOdn.exe
  C:\Windows\System\wPINOdn.exe
  2⤵
  PID:14844
- C:\Windows\System\JwdhNuj.exe
  C:\Windows\System\JwdhNuj.exe
  2⤵
  PID:14872
- C:\Windows\System\FwxfPbi.exe
  C:\Windows\System\FwxfPbi.exe
  2⤵
  PID:14900
- C:\Windows\System\fmiQmsQ.exe
  C:\Windows\System\fmiQmsQ.exe
  2⤵
  PID:14928
- C:\Windows\System\CPSxqrt.exe
  C:\Windows\System\CPSxqrt.exe
  2⤵
  PID:14956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AqGNlwV.exe

Filesize
6.0MB

MD5
474fa681cc0cdeaf756423fd6f6f0157

SHA1
82a6b14eee59692a4a7c74edd32efbe52d37a361

SHA256
b2086264a78ab0f3bde3c34e204e9786f2a73b1cacc0a7a81f33a821d0377d34

SHA512
25a01c3a3d8fd9d65bbee89b4d47041b6dd1b1098b33ea43ab9368aee63a8f95ba7c80039fc57d0336ac8f924534341a19bcea3646962509dcd4ade2065c38fc

Download Submit
C:\Windows\System\AsRvgku.exe

Filesize
6.0MB

MD5
82a8a9223a229461b586bca5d81ea23d

SHA1
e95ac631501037d514b3c75e445a428c12109601

SHA256
1be1635185c960abef6062f4a6049e96bea3ef869b4023819a47d8800ec6f1a5

SHA512
2de61cc12d13dd7e802585ac9bb76a9da2063c6f71a1ceb36c10a1a6d381a997717acad4fc8151fc486f831eb0df745cfc16385aa35ef7ae81d9b2791aa0e569

Download Submit
C:\Windows\System\CDiXItT.exe

Filesize
6.0MB

MD5
5f7f5c59b7ea3e7ada310a064dbf03b1

SHA1
9fd0138a47e540c3d522ef17ea6e406142f57ea9

SHA256
bc5decb19a7020b80a0eccaafd2c652e2877bedb0e2d0e727167a9157a1249ef

SHA512
1e32eb6ba7d2d5550cc78d37e5f6a2c4b3effd82eb22f34d70d46192788b9cdff8241ca5146a32d7ec782d19925438805ec3eee726feadba27f9306ed826f759

Download Submit
C:\Windows\System\CGthaJT.exe

Filesize
6.0MB

MD5
d1a03cddb0778edeb34bce92ddfb3eda

SHA1
a01de1220eadfff795ea41def95fd555aaa90da6

SHA256
b4661b7b1edb99cf4ebfdc2b3cf7afbe360e5876ce9b4b7afb919074f9c5fc3c

SHA512
63ecfc89925ca750940ab356f69dc562b9624a583643a6d81cac1d1c622958df50a35780a06a2ba5c3b964aee437ec37227e65ee36bda3275e6833ef999eb146

Download Submit
C:\Windows\System\DQOgyrz.exe

Filesize
6.0MB

MD5
bef05189008565bbe4fc73ae28ea182d

SHA1
337c19d2bfed6167c8a38b35493e5c313984789c

SHA256
2b5d51d1756ec07396c0b9a6afe99522278e1f1a8a592cd1426d732e6b3d43db

SHA512
5c5fdcac62e651a59238185368cfbba29b9a8e95a75892786ad9e99fb13856e76b78ece0ecacd3aa5ae72b16f0035d6e937d7538e9437ffbba6e42731259f1cc

Download Submit
C:\Windows\System\DzfCxiz.exe

Filesize
6.0MB

MD5
2e6f121513e5697c165eb974bc278e4c

SHA1
3a83597086e8df3cd4c85e1c0e18bfeca063afda

SHA256
f2d0849b99373c8bbab67885e52261dc1e5f17540712097cdefba5e747567d98

SHA512
ea5d324df08e46110208dd2ebe994d9576aba07df52179da013418fb4011e777dab950be952ce1063d8a5255f1365e9a82dfa41fb2ba56e25c5bf1670ec60944

Download Submit
C:\Windows\System\IEcvVrw.exe

Filesize
6.0MB

MD5
64e3b8b0c666fe1ddda3e187c2fd1d96

SHA1
fbeb31e9ed817747153170dca168f201663357c5

SHA256
c156833f6a63678b35e71d0346afea6238c6aaf39ed15d0ec94e8a3fdad40b93

SHA512
2caa219632c96233675383adaaa0f4730d31d6bc16e3fbcb7c3a71139397bdb8b170f3d4ee3e51565465c1b91e4c3aec3f14e6c94f6fc02bb920651f93d139af

Download Submit
C:\Windows\System\KZjREVG.exe

Filesize
6.0MB

MD5
9e688b446285cc47d453def61467819c

SHA1
7e11a760b7c4e2d8be97633b2b176e681cefab6a

SHA256
2ebec03008a8bf317e862bd162c849173af835b2ddcb10a2fe1587837805901e

SHA512
4bcf3c8e28ee0fd0a125d383127cb70776e084ffe725af759254196175eb24bf39ca12889c11c26dcb7dbbeaf4eb599b8c1d1b89a36fd25fe727239eef81169a

Download Submit
C:\Windows\System\MNFVyLn.exe

Filesize
6.0MB

MD5
e4edad988c140122a1933040b2a24371

SHA1
b78872387982b82770b3aad7b352765db31d62c1

SHA256
e31a4251d4c2cd4df2a9c4c943924e2696de2b99746e743f7642b9a071872afc

SHA512
242332b61117250666fd4024c09c1e556fc020a02fe87debea10254fc847fa353ec2c757a2c0b87c065fe1cf027ca6e190c1520949ad4f50983261526693bfd7

Download Submit
C:\Windows\System\MeulZnL.exe

Filesize
6.0MB

MD5
fbdccca9c36146f59b4b964493278c39

SHA1
40ba51b145e85a3a1045a7ad04dfe82ef69540d9

SHA256
7acc930482691fda47e734659ef5ee2b8bf684ccdb2f37b4ed77cb660c11b0f3

SHA512
eda7996877b1c20202853afdd15fe487e85ac0ad2e5829808c96505db4c625f076dddb0cb1ecff54b40f0f07a8500b72f01c4d4a8d32e8a565f128a456a7ec18

Download Submit
C:\Windows\System\MjsBVPW.exe

Filesize
6.0MB

MD5
1fa252b237aab48cc73f15ce80a4ae03

SHA1
e29608f1cb197d1b6360d24e1363baff0bbe6ec5

SHA256
43dc010e15bdaf261afa847b2eac1be620017908c8791e98699deaa596b20de3

SHA512
1f8b950288a93d3f509090070241e4014a6d851b93a4a8bfd488b729add56ae4db4ed2f132adbfd221aa9825ca39156d2396dee93c3f161011f353422842cd23

Download Submit
C:\Windows\System\OSyEKhT.exe

Filesize
6.0MB

MD5
487d66e114833fefba6dcdafd0fd92fb

SHA1
83abd9f887d9128417e8854d6c8b3808e91fa46d

SHA256
5aac328d642b557dee3cc0d6ca665d0931f283391b1a819d37500bb96cba65bb

SHA512
d2760e5da28a8900578a5a27a54a29ffed6a5b49b99f08ca3562653f277606827b0b12f8d877f2beda71b9c1743208e09edbe0cb6eef81fff8763454aa4ba3f0

Download Submit
C:\Windows\System\OZRImWL.exe

Filesize
6.0MB

MD5
170df00d60e6e275e49521527ad11453

SHA1
a2cd3fa189fb7849d5af7dfaaf21f842b38e5458

SHA256
38a7e6574a4991208778547eb011117ae073e1a883d9a9d291f2403af6270ca0

SHA512
00f4db7ee4ddd70da4c127ba774e22d558c3f040cedb62b99aaa8dbe1c9589c6e9ff09dbfd975fd647f4cc78579562f44132134c8cbfd7d7216c0543abeb0ffa

Download Submit
C:\Windows\System\OinbrvP.exe

Filesize
6.0MB

MD5
f6da9e6e44065dffd204db28eb8974ad

SHA1
8c5dbd1d131f4168d6285adf4786e84d2f120e95

SHA256
6c5cbcb8d8a3ba97e4a99f48e1998748a31e3d46ecf13f9a81bcb3d7e2b53082

SHA512
1c200fb20f647898bb18afeaefe26c81eb6ccd3bc3b952b58cea08ff03bd00993063a90ad65ad3052adc8a7089c5a25163adbe278bd0aa4d399023bf0548fe82

Download Submit
C:\Windows\System\SboiJBv.exe

Filesize
6.0MB

MD5
bcd644522f433dbd3f35270ca2f495dc

SHA1
aa956b5ac8bcecbb03d08333b5180d2a4d874823

SHA256
8dd6d92ec50ab8680b883aa1a58affdd658d64f5925e3ada24159b0609defd2c

SHA512
d2daa7100250e33fa399826432d2cfff08913ad1cc1c9674af6955e13bad900a9c78016b005037b3165b2200afcd779069b04f90992ec64bae669cef9b054dc9

Download Submit
C:\Windows\System\SzVpKlS.exe

Filesize
6.0MB

MD5
7cb7254017f1ee216dfb385744823ee3

SHA1
1125ce91c35a3fbb2b73d6d6a38823fff6ac5be2

SHA256
54f82c97876e706c51b7d9ec754111c93bcc4314203a1cc2f01750475cbd517f

SHA512
5d4d517fb45af1816638ed72aa52c8c2ea35cbf2cf5ea5fb40c5f394ea61aeeea1122389a61ddcd7563369d260352673940ad4a98357a9d5093f82b39c612ef8

Download Submit
C:\Windows\System\WBfkrnY.exe

Filesize
6.0MB

MD5
a0ea4b3e8fe805a6b96c6ddaa60cd690

SHA1
86b033a86d2a053ae7d40664d77844881a1c693e

SHA256
f119edd82318484a542b8b22644e601ddee3479434aa499a73514357a65c7b25

SHA512
e8b71d439298bbf1891ac1c975cb2693b03e0c96cbd1772de9d8c248044e573f9e29277aba1790d616d4323cc491704995230fa63ae2531f9bf33ffd8b1f666c

Download Submit
C:\Windows\System\ZOUBeOc.exe

Filesize
6.0MB

MD5
89b1931b5eddbe92ef6e02ff51fefb41

SHA1
ecc4d9af435245c794c08b880ac4ea70cd7d6462

SHA256
10faf20821367fa33c7c39234f341030bd8fbefd8ae7dd9ae7ea6d5071cd0e77

SHA512
5140b38360d763a29d717460acd49605b307897a4185fee4ded06fdab6f32921b6427e9d9c13f7d0e5186fe19f3a55c64e3502c073d0cb5f0f58094da4cd34ef

Download Submit
C:\Windows\System\dSSQEnF.exe

Filesize
6.0MB

MD5
557d137967caaa6115b672b1c54e82e5

SHA1
e5109dde02a33451225fc20da38b7c1d6a17ef40

SHA256
11fbd70ba54016f7ecef3d6b518047cd6c09730af6963c6f615f51207031d7bd

SHA512
4ecec47ab1b3ed7c3c54a1afc457d88492303c512280028d3144a6e4e583541c8e8bd830573acd6028c9c14e2f070c312cd7a0b59e29b2553f1fdeb0869fd7cf

Download Submit
C:\Windows\System\dcnjkRz.exe

Filesize
6.0MB

MD5
4ed3f2320e74ea3345e464292d0547f1

SHA1
98528672db6e1d27c0b6120c4c33ea86b5a2de8f

SHA256
d590cd7938fceac1eeecbe74a15e3d117445f66a59340c4f847161e8cb8d07eb

SHA512
12e1a08605e89be7b3644c3e6abede6b3fa9fa9a5761a853979a62be76a54ca63294f76861c313a9d02f75a0e1a0a1df5b7d557e191cfcffef05b78e6b383949

Download Submit
C:\Windows\System\dqnupFB.exe

Filesize
6.0MB

MD5
86be4bd3a4857ec7b4e42abb1eb20321

SHA1
4dfd461bb149b7031e8a68cd0792237441b59834

SHA256
b13477f9b3a9e8080c68703457aed7be67d0d19a38a7e1f44ef5b6934aa03568

SHA512
63264e816481b0e413f7ec4f9af120f2c8b792abf28496704f73fd398f8febc609bf2f636a657d27aa93466124eefd01fec880c7fc3bd2173b2782eb18dfa899

Download Submit
C:\Windows\System\gYSgmUS.exe

Filesize
6.0MB

MD5
86853b98c7ae3d24488f7c134f005108

SHA1
59b0d329fd8ee0c3a260ec631045eb9d40e61380

SHA256
82a1946d37e52778652495d4db778c77c35f6916ff31ac1e772b8eeb4f463fd6

SHA512
11971502bc99f8822a61aec6b422c33c7fc4f134d0f646726fce6933ede8b1a2f79101b515c698a87ffc7acc049c9b781ba9a56d6d419e33c2a411cb1d333ec3

Download Submit
C:\Windows\System\gZKkaOS.exe

Filesize
6.0MB

MD5
83f4c94d1f66231c1957abfcf036dbd4

SHA1
757e7b520f168eac9b8d085226ee94254e44f1b2

SHA256
894055d14f4b311b8fb0bc6cbeeadf03aec0feb98e3d65889d21e97db8373455

SHA512
a0ed42a5e5e89e39ac5571c800fe313a15ad2284dd6bff28112d22b217b595394ce25b56ef8b500dc8a30f15ef2bfb032777b0a02ef861dfc20565289fe1495a

Download Submit
C:\Windows\System\kzlfVeP.exe

Filesize
6.0MB

MD5
d366140b1e9b672938dc74143efb090b

SHA1
cd8748d9f871ffc9e645f9f468c0a9d370bed66a

SHA256
08b314c6df5ce9b96040499b1e5ae7d9bb6fbcf2c9d0265a1fa884313de5e6a7

SHA512
909b5a8a05d3e4eb4db464e2fb7684e048eaef9f344145b300878cd74a8c7f670fdc3a19afe749af215b77427751b816198adc6b5d31d418e24d6d8f48423691

Download Submit
C:\Windows\System\mMukOzV.exe

Filesize
6.0MB

MD5
8d7bcca4364bba742c52e4614945475b

SHA1
4fd0c6db4b9ceb735ef30b5e3b433c432929c9f1

SHA256
2ae6c14a5dfa06f3a0846efd30916db923f6fd25b8efea8716005c16a2a4528f

SHA512
79392509a54b0511411770b8c12d50884e8883e538a4ea03e079b3ae272845b6875f81be2301768c2f399fe0a4d33e5e319ed279ef2c4cb4d4f1aa8278b87f71

Download Submit
C:\Windows\System\mxAzJhh.exe

Filesize
6.0MB

MD5
fe2a1ed7d812f9244c1a0e86f691039d

SHA1
42a16d75c7f1c947e044232323bed8c2bac7fa99

SHA256
bfe06e4b7222340d8544afbd1c933af6c2d92d9bb8b1927b431a58d09aa0cd33

SHA512
f9f8bcf5db2e7e9da2010a992425d472d10b127cd42ffb16f06fc978257cd406f5406f6afc924bb28e295943efb26f198db1b7a814c11976a201869c6bd68be8

Download Submit
C:\Windows\System\pIWIbmT.exe

Filesize
6.0MB

MD5
32b781df63ab5056e935c8e3116b5b9b

SHA1
306ede35c3cb34477b12763e6dc5346b2da75561

SHA256
fa5a4b4e0e68c08da5b2454077e1707e5b9d37ce192b9070dd5f0c4b71543822

SHA512
0be685b42a3614872f8ca75c5bd27214d4aeb49945d9762545a6efaf5ac010a3466244ec87c8fa1ee71074de7539bc623c06e2691a34dd2141208a3baa78c6fc

Download Submit
C:\Windows\System\qEaIsQy.exe

Filesize
6.0MB

MD5
49bfa2894ce192c486f94e669d56a7b0

SHA1
b491d3608a4a4944c2cb4421429ab376fb4b29dc

SHA256
1de708701261ba1a6f60dbc216552386ce6dd336d153097b6afbc408349b94e0

SHA512
668680451f5c5a76440194b9b6fab792cc29f4b5ffcee86dc28117aa966d31ec3cecc05fc8003d05bb6012919b4cd824e5908192ea72e8aeb8953f2b45184faf

Download Submit
C:\Windows\System\tioFlsk.exe

Filesize
6.0MB

MD5
a528a0098fd8ff4df4223a4ab21091d3

SHA1
0dd6dcbc52a51f279f012cfd00f01ea9102fd976

SHA256
bc9d67f4f002e899651a9e214c499b5c01735c5eedb0d8128095841ecc17586c

SHA512
09ddb9ebe659f3677c5cbb70c1e065cf87ab6eb8f7f390c5130cc84e6bd1db70e62652b570b6456e3e3ed1d9f2122d571f887015ff869cc8e59fdd0538d76f19

Download Submit
C:\Windows\System\vHGYDgY.exe

Filesize
6.0MB

MD5
eb72a58e30f9d5deda620cbb3498b02f

SHA1
285934e9ff43160e77204859b3d16fe9e6ae39b9

SHA256
1916f9eb23b5d576d1c7614c30923dfb61e697db229f8450f1730d9576877207

SHA512
920ac81d7613b86ef46ef1af9b4665c0b3e0f0c33a1c2f841e9331b11e124b968209879e0b4938c849f154d5e9763715a262dbfb07aa396cbe2e2b7b616d6abd

Download Submit
C:\Windows\System\yMDQWgc.exe

Filesize
6.0MB

MD5
0dde77a32bacd9d22fbf5b51303f1f12

SHA1
090d207e2f563091f1a04d2c5183e22379dbc9b5

SHA256
b01cf18152ab393d349e2f3c839bc712c6ffce9118b3b0983ae0e784cd203076

SHA512
a07a812b3eefe5f89ff9a949bc7a5da061dccb45efef401fb8be961d463fd388dd2dff5b50c44bf1f6f67c4f71f573defcf3b2c0e2d02258dbb1351e544560d9

Download Submit
C:\Windows\System\yVvlueL.exe

Filesize
6.0MB

MD5
0f0f67cd0b6a272863a8d18edb00c777

SHA1
e08051da807090a9ed5cc941e8a20dddde5a71c1

SHA256
18b8cb9d365709bb62e2b81a12642035b434c532a9db9f4e50a70ffe0ab56d25

SHA512
c1c1c50306737aaa093f38d6e1982ccb41cc988b4c77b9084d3fe728cd92654e6dec3f5bb6b66c1c3861197eb428e4027cc05b29655d5266f50b0b463571b920

Download Submit
C:\Windows\System\zEoClxx.exe

Filesize
6.0MB

MD5
25f1cd161a3ecf54bc706db6553a70a9

SHA1
ef9dfdb5d6cc0c0a281bfd4266654046a025393d

SHA256
699ffe797a3b392c3441539f91ff8b494b80f9493ab3339f521a3fc75e98c6cb

SHA512
7212f348f645128afe30952eed8aeb20e4d796c4754d4b2bbbd7d6d2b28c4328e6308031f5a6c174776bd2fbf80bfb104ad7ef3753240f8901cdf8019cc92e47

Download Submit
memory/548-166-0x00007FF6214A0000-0x00007FF6217F4000-memory.dmp

Filesize
3.3MB

Download
memory/548-1521-0x00007FF6214A0000-0x00007FF6217F4000-memory.dmp

Filesize
3.3MB

Download
memory/548-2281-0x00007FF6214A0000-0x00007FF6217F4000-memory.dmp

Filesize
3.3MB

Download
memory/1060-1578-0x00007FF6E1440000-0x00007FF6E1794000-memory.dmp

Filesize
3.3MB

Download
memory/1060-186-0x00007FF6E1440000-0x00007FF6E1794000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2286-0x00007FF6E1440000-0x00007FF6E1794000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2075-0x00007FF6D5640000-0x00007FF6D5994000-memory.dmp

Filesize
3.3MB

Download
memory/1388-57-0x00007FF6D5640000-0x00007FF6D5994000-memory.dmp

Filesize
3.3MB

Download
memory/1388-8-0x00007FF6D5640000-0x00007FF6D5994000-memory.dmp

Filesize
3.3MB

Download
memory/1448-32-0x00007FF692A50000-0x00007FF692DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-97-0x00007FF692A50000-0x00007FF692DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2262-0x00007FF692A50000-0x00007FF692DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-54-0x00007FF775630000-0x00007FF775984000-memory.dmp

Filesize
3.3MB

Download
memory/1708-112-0x00007FF775630000-0x00007FF775984000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2265-0x00007FF775630000-0x00007FF775984000-memory.dmp

Filesize
3.3MB

Download
memory/1740-47-0x00007FF613160000-0x00007FF6134B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1-0x0000022CC4250000-0x0000022CC4260000-memory.dmp

Filesize
64KB

Download
memory/1740-0-0x00007FF613160000-0x00007FF6134B4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-188-0x00007FF78D4D0000-0x00007FF78D824000-memory.dmp

Filesize
3.3MB

Download
memory/1820-1695-0x00007FF78D4D0000-0x00007FF78D824000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2285-0x00007FF78D4D0000-0x00007FF78D824000-memory.dmp

Filesize
3.3MB

Download
memory/1964-18-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2182-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-75-0x00007FF763C90000-0x00007FF763FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-131-0x00007FF79F7B0000-0x00007FF79FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1205-0x00007FF79F7B0000-0x00007FF79FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2276-0x00007FF79F7B0000-0x00007FF79FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1389-0x00007FF612210000-0x00007FF612564000-memory.dmp

Filesize
3.3MB

Download
memory/2228-154-0x00007FF612210000-0x00007FF612564000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2282-0x00007FF612210000-0x00007FF612564000-memory.dmp

Filesize
3.3MB

Download
memory/2232-144-0x00007FF664D30000-0x00007FF665084000-memory.dmp

Filesize
3.3MB

Download
memory/2232-2270-0x00007FF664D30000-0x00007FF665084000-memory.dmp

Filesize
3.3MB

Download
memory/2232-78-0x00007FF664D30000-0x00007FF665084000-memory.dmp

Filesize
3.3MB

Download
memory/2252-139-0x00007FF6D9C70000-0x00007FF6D9FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2267-0x00007FF6D9C70000-0x00007FF6D9FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-69-0x00007FF6D9C70000-0x00007FF6D9FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-36-0x00007FF6B45B0000-0x00007FF6B4904000-memory.dmp

Filesize
3.3MB

Download
memory/2316-104-0x00007FF6B45B0000-0x00007FF6B4904000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2263-0x00007FF6B45B0000-0x00007FF6B4904000-memory.dmp

Filesize
3.3MB

Download
memory/2428-123-0x00007FF773570000-0x00007FF7738C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2275-0x00007FF773570000-0x00007FF7738C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-180-0x00007FF773570000-0x00007FF7738C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2264-0x00007FF6232A0000-0x00007FF6235F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-44-0x00007FF6232A0000-0x00007FF6235F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-111-0x00007FF6232A0000-0x00007FF6235F4000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2189-0x00007FF6B2D40000-0x00007FF6B3094000-memory.dmp

Filesize
3.3MB

Download
memory/3152-24-0x00007FF6B2D40000-0x00007FF6B3094000-memory.dmp

Filesize
3.3MB

Download
memory/3152-82-0x00007FF6B2D40000-0x00007FF6B3094000-memory.dmp

Filesize
3.3MB

Download
memory/3264-124-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp

Filesize
3.3MB

Download
memory/3264-187-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp

Filesize
3.3MB

Download
memory/3264-2277-0x00007FF77C810000-0x00007FF77CB64000-memory.dmp

Filesize
3.3MB

Download
memory/3608-160-0x00007FF76A760000-0x00007FF76AAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2272-0x00007FF76A760000-0x00007FF76AAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-89-0x00007FF76A760000-0x00007FF76AAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2279-0x00007FF6679A0000-0x00007FF667CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-140-0x00007FF6679A0000-0x00007FF667CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-1277-0x00007FF6679A0000-0x00007FF667CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2273-0x00007FF6A5570000-0x00007FF6A58C4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-172-0x00007FF6A5570000-0x00007FF6A58C4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-105-0x00007FF6A5570000-0x00007FF6A58C4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2268-0x00007FF6B6900000-0x00007FF6B6C54000-memory.dmp

Filesize
3.3MB

Download
memory/3960-65-0x00007FF6B6900000-0x00007FF6B6C54000-memory.dmp

Filesize
3.3MB

Download
memory/3960-130-0x00007FF6B6900000-0x00007FF6B6C54000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2269-0x00007FF7F0EB0000-0x00007FF7F1204000-memory.dmp

Filesize
3.3MB

Download
memory/4068-153-0x00007FF7F0EB0000-0x00007FF7F1204000-memory.dmp

Filesize
3.3MB

Download
memory/4068-83-0x00007FF7F0EB0000-0x00007FF7F1204000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2098-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-14-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-62-0x00007FF708C80000-0x00007FF708FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1522-0x00007FF6BA0E0000-0x00007FF6BA434000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2283-0x00007FF6BA0E0000-0x00007FF6BA434000-memory.dmp

Filesize
3.3MB

Download
memory/4312-179-0x00007FF6BA0E0000-0x00007FF6BA434000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2284-0x00007FF6859D0000-0x00007FF685D24000-memory.dmp

Filesize
3.3MB

Download
memory/4368-1760-0x00007FF6859D0000-0x00007FF685D24000-memory.dmp

Filesize
3.3MB

Download
memory/4368-196-0x00007FF6859D0000-0x00007FF685D24000-memory.dmp

Filesize
3.3MB

Download
memory/4484-1344-0x00007FF7AE110000-0x00007FF7AE464000-memory.dmp

Filesize
3.3MB

Download
memory/4484-145-0x00007FF7AE110000-0x00007FF7AE464000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2278-0x00007FF7AE110000-0x00007FF7AE464000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2274-0x00007FF7F5F50000-0x00007FF7F62A4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-116-0x00007FF7F5F50000-0x00007FF7F62A4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-173-0x00007FF7F5F50000-0x00007FF7F62A4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2280-0x00007FF720FB0000-0x00007FF721304000-memory.dmp

Filesize
3.3MB

Download
memory/4596-1346-0x00007FF720FB0000-0x00007FF721304000-memory.dmp

Filesize
3.3MB

Download
memory/4596-164-0x00007FF720FB0000-0x00007FF721304000-memory.dmp

Filesize
3.3MB

Download
memory/4756-117-0x00007FF601B10000-0x00007FF601E64000-memory.dmp

Filesize
3.3MB

Download
memory/4756-61-0x00007FF601B10000-0x00007FF601E64000-memory.dmp

Filesize
3.3MB

Download
memory/4756-2266-0x00007FF601B10000-0x00007FF601E64000-memory.dmp

Filesize
3.3MB

Download
memory/5080-165-0x00007FF778440000-0x00007FF778794000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2271-0x00007FF778440000-0x00007FF778794000-memory.dmp

Filesize
3.3MB

Download
memory/5080-98-0x00007FF778440000-0x00007FF778794000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads