cobaltstrike | 690b422996eee94e41dfe0dfda30e7f3e44c903abe4049d41baffc285f46ff37

Analysis

max time kernel
132s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

aab4ab240bb9da8a4b48c0fc337a8892
SHA1

1aacfd96569d3d9e211428773d4df4509df4681e
SHA256

690b422996eee94e41dfe0dfda30e7f3e44c903abe4049d41baffc285f46ff37
SHA512

276328c18248a05dfa6dea4bfeb127748906473de95382a0e08b239bc03abcd0e2db9eff54b1064dc2f4217dc5ee5003a005ebd176513450ba078d443bf7067c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000d000000023afd-5.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b28-11.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b27-12.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b29-19.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2a-28.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2d-49.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2b-44.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2c-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2e-53.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b2f-68.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b30-76.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b32-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b31-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b33-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b35-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b37-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b38-127.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3a-133.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b40-169.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3f-173.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3e-171.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3d-154.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3c-151.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b3b-149.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b39-129.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b36-122.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b34-100.dat	cobalt_reflective_dll
behavioral2/files/0x000f000000023b20-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b41-183.dat	cobalt_reflective_dll
behavioral2/files/0x002e0000000239c2-189.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b47-201.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b46-199.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4924-0-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp	xmrig
behavioral2/files/0x000d000000023afd-5.dat	xmrig
behavioral2/files/0x000a000000023b28-11.dat	xmrig
behavioral2/files/0x000b000000023b27-12.dat	xmrig
behavioral2/files/0x000a000000023b29-19.dat	xmrig
behavioral2/files/0x000a000000023b2a-28.dat	xmrig
behavioral2/memory/1908-32-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp	xmrig
behavioral2/memory/4372-47-0x00007FF710E20000-0x00007FF711174000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b2d-49.dat	xmrig
behavioral2/memory/2172-48-0x00007FF6450B0000-0x00007FF645404000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b2b-44.dat	xmrig
behavioral2/memory/1636-43-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b2c-41.dat	xmrig
behavioral2/memory/4068-25-0x00007FF7D0210000-0x00007FF7D0564000-memory.dmp	xmrig
behavioral2/memory/3640-23-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp	xmrig
behavioral2/memory/3820-17-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp	xmrig
behavioral2/memory/2616-8-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp	xmrig
behavioral2/memory/2384-54-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b2e-53.dat	xmrig
behavioral2/memory/4924-58-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp	xmrig
behavioral2/memory/2296-63-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b2f-68.dat	xmrig
behavioral2/files/0x000a000000023b30-76.dat	xmrig
behavioral2/files/0x000a000000023b32-83.dat	xmrig
behavioral2/files/0x000a000000023b31-88.dat	xmrig
behavioral2/memory/3560-92-0x00007FF663540000-0x00007FF663894000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b33-103.dat	xmrig
behavioral2/files/0x000a000000023b35-111.dat	xmrig
behavioral2/files/0x000a000000023b37-116.dat	xmrig
behavioral2/files/0x000a000000023b38-127.dat	xmrig
behavioral2/files/0x000a000000023b3a-133.dat	xmrig
behavioral2/memory/4572-142-0x00007FF6E1060000-0x00007FF6E13B4000-memory.dmp	xmrig
behavioral2/memory/4776-153-0x00007FF7BD830000-0x00007FF7BDB84000-memory.dmp	xmrig
behavioral2/memory/4520-159-0x00007FF633580000-0x00007FF6338D4000-memory.dmp	xmrig
behavioral2/memory/1508-160-0x00007FF654580000-0x00007FF6548D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b40-169.dat	xmrig
behavioral2/memory/2296-179-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp	xmrig
behavioral2/memory/2300-178-0x00007FF641930000-0x00007FF641C84000-memory.dmp	xmrig
behavioral2/memory/3208-177-0x00007FF7C53C0000-0x00007FF7C5714000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b3f-173.dat	xmrig
behavioral2/files/0x000a000000023b3e-171.dat	xmrig
behavioral2/memory/2836-170-0x00007FF7DD920000-0x00007FF7DDC74000-memory.dmp	xmrig
behavioral2/memory/2384-158-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp	xmrig
behavioral2/memory/4424-157-0x00007FF633670000-0x00007FF6339C4000-memory.dmp	xmrig
behavioral2/memory/952-156-0x00007FF7ADF90000-0x00007FF7AE2E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b3d-154.dat	xmrig
behavioral2/files/0x000a000000023b3c-151.dat	xmrig
behavioral2/files/0x000a000000023b3b-149.dat	xmrig
behavioral2/memory/4412-148-0x00007FF760380000-0x00007FF7606D4000-memory.dmp	xmrig
behavioral2/memory/4596-147-0x00007FF7BB930000-0x00007FF7BBC84000-memory.dmp	xmrig
behavioral2/memory/3748-143-0x00007FF7E9BA0000-0x00007FF7E9EF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b39-129.dat	xmrig
behavioral2/files/0x000a000000023b36-122.dat	xmrig
behavioral2/memory/2172-109-0x00007FF6450B0000-0x00007FF645404000-memory.dmp	xmrig
behavioral2/memory/740-102-0x00007FF6EBFF0000-0x00007FF6EC344000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b34-100.dat	xmrig
behavioral2/memory/1044-97-0x00007FF6227A0000-0x00007FF622AF4000-memory.dmp	xmrig
behavioral2/memory/1636-96-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp	xmrig
behavioral2/memory/1908-95-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp	xmrig
behavioral2/memory/3640-87-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp	xmrig
behavioral2/memory/880-86-0x00007FF656C90000-0x00007FF656FE4000-memory.dmp	xmrig
behavioral2/memory/2712-82-0x00007FF6112F0000-0x00007FF611644000-memory.dmp	xmrig
behavioral2/memory/3820-79-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp	xmrig
behavioral2/memory/3808-75-0x00007FF600150000-0x00007FF6004A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2616	GNzpbru.exe
3820	vxrSqUA.exe
3640	EfXSaYB.exe
4068	hprybHG.exe
1908	shLRpVA.exe
1636	hpSjMpB.exe
4372	NSIhWdE.exe
2172	ADyblLq.exe
2384	YzvJtoe.exe
2296	wCryGCi.exe
3808	fdHBjZn.exe
2712	NfCzFnh.exe
880	JEHuJRa.exe
3560	kpPVtTo.exe
1044	LjvqKKg.exe
740	gYEDDfR.exe
4572	HZFhhvx.exe
4520	KvSfKks.exe
3748	FZBrbTU.exe
4596	gcFiZbD.exe
4412	kDMUHBC.exe
4776	gaLceUn.exe
952	ZmGyJBn.exe
4424	jKoEmif.exe
1508	bqAABRT.exe
2836	BhNkflJ.exe
3208	BQeYdmq.exe
2300	SWdRokI.exe
4960	zxOidkt.exe
4380	mpKEYGb.exe
2488	nNMvldd.exe
3644	kLMRvPR.exe
3196	LhETFlH.exe
4640	XDARqRK.exe
432	jzkmLqL.exe
2168	lWxTRca.exe
2232	DZXDfLA.exe
3716	tSpqiDn.exe
4992	ksUDqXe.exe
2092	OzzxLOG.exe
2432	sHzSXld.exe
4620	EYaDube.exe
1912	DWcgsKC.exe
4524	gyyqHJm.exe
1996	DFybONO.exe
4160	BUQxcuf.exe
1292	cxeWByv.exe
2144	AZizpJq.exe
3512	aJCeUHA.exe
4724	PXFFjtZ.exe
4908	BURHxCG.exe
2852	qGJCZrL.exe
2660	zGVjlJZ.exe
5108	tzCaewH.exe
2504	TDghqrv.exe
5088	bQgNLyC.exe
4392	XDLQSBi.exe
2404	FtbJdjX.exe
2816	sjoCdrH.exe
3036	dKsXVAe.exe
4312	horSxlI.exe
4652	VHBYIGt.exe
3528	RquoMLh.exe
1176	VdUPGvZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4924-0-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp	upx
behavioral2/files/0x000d000000023afd-5.dat	upx
behavioral2/files/0x000a000000023b28-11.dat	upx
behavioral2/files/0x000b000000023b27-12.dat	upx
behavioral2/files/0x000a000000023b29-19.dat	upx
behavioral2/files/0x000a000000023b2a-28.dat	upx
behavioral2/memory/1908-32-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp	upx
behavioral2/memory/4372-47-0x00007FF710E20000-0x00007FF711174000-memory.dmp	upx
behavioral2/files/0x000a000000023b2d-49.dat	upx
behavioral2/memory/2172-48-0x00007FF6450B0000-0x00007FF645404000-memory.dmp	upx
behavioral2/files/0x000a000000023b2b-44.dat	upx
behavioral2/memory/1636-43-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp	upx
behavioral2/files/0x000a000000023b2c-41.dat	upx
behavioral2/memory/4068-25-0x00007FF7D0210000-0x00007FF7D0564000-memory.dmp	upx
behavioral2/memory/3640-23-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp	upx
behavioral2/memory/3820-17-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp	upx
behavioral2/memory/2616-8-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp	upx
behavioral2/memory/2384-54-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp	upx
behavioral2/files/0x000a000000023b2e-53.dat	upx
behavioral2/memory/4924-58-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp	upx
behavioral2/memory/2296-63-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp	upx
behavioral2/files/0x000a000000023b2f-68.dat	upx
behavioral2/files/0x000a000000023b30-76.dat	upx
behavioral2/files/0x000a000000023b32-83.dat	upx
behavioral2/files/0x000a000000023b31-88.dat	upx
behavioral2/memory/3560-92-0x00007FF663540000-0x00007FF663894000-memory.dmp	upx
behavioral2/files/0x000a000000023b33-103.dat	upx
behavioral2/files/0x000a000000023b35-111.dat	upx
behavioral2/files/0x000a000000023b37-116.dat	upx
behavioral2/files/0x000a000000023b38-127.dat	upx
behavioral2/files/0x000a000000023b3a-133.dat	upx
behavioral2/memory/4572-142-0x00007FF6E1060000-0x00007FF6E13B4000-memory.dmp	upx
behavioral2/memory/4776-153-0x00007FF7BD830000-0x00007FF7BDB84000-memory.dmp	upx
behavioral2/memory/4520-159-0x00007FF633580000-0x00007FF6338D4000-memory.dmp	upx
behavioral2/memory/1508-160-0x00007FF654580000-0x00007FF6548D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b40-169.dat	upx
behavioral2/memory/2296-179-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp	upx
behavioral2/memory/2300-178-0x00007FF641930000-0x00007FF641C84000-memory.dmp	upx
behavioral2/memory/3208-177-0x00007FF7C53C0000-0x00007FF7C5714000-memory.dmp	upx
behavioral2/files/0x000a000000023b3f-173.dat	upx
behavioral2/files/0x000a000000023b3e-171.dat	upx
behavioral2/memory/2836-170-0x00007FF7DD920000-0x00007FF7DDC74000-memory.dmp	upx
behavioral2/memory/2384-158-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp	upx
behavioral2/memory/4424-157-0x00007FF633670000-0x00007FF6339C4000-memory.dmp	upx
behavioral2/memory/952-156-0x00007FF7ADF90000-0x00007FF7AE2E4000-memory.dmp	upx
behavioral2/files/0x000a000000023b3d-154.dat	upx
behavioral2/files/0x000a000000023b3c-151.dat	upx
behavioral2/files/0x000a000000023b3b-149.dat	upx
behavioral2/memory/4412-148-0x00007FF760380000-0x00007FF7606D4000-memory.dmp	upx
behavioral2/memory/4596-147-0x00007FF7BB930000-0x00007FF7BBC84000-memory.dmp	upx
behavioral2/memory/3748-143-0x00007FF7E9BA0000-0x00007FF7E9EF4000-memory.dmp	upx
behavioral2/files/0x000a000000023b39-129.dat	upx
behavioral2/files/0x000a000000023b36-122.dat	upx
behavioral2/memory/2172-109-0x00007FF6450B0000-0x00007FF645404000-memory.dmp	upx
behavioral2/memory/740-102-0x00007FF6EBFF0000-0x00007FF6EC344000-memory.dmp	upx
behavioral2/files/0x000a000000023b34-100.dat	upx
behavioral2/memory/1044-97-0x00007FF6227A0000-0x00007FF622AF4000-memory.dmp	upx
behavioral2/memory/1636-96-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp	upx
behavioral2/memory/1908-95-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp	upx
behavioral2/memory/3640-87-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp	upx
behavioral2/memory/880-86-0x00007FF656C90000-0x00007FF656FE4000-memory.dmp	upx
behavioral2/memory/2712-82-0x00007FF6112F0000-0x00007FF611644000-memory.dmp	upx
behavioral2/memory/3820-79-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp	upx
behavioral2/memory/3808-75-0x00007FF600150000-0x00007FF6004A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GjZTaDE.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCsHdwp.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSpAAZb.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cjcmcyi.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRxfuPB.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqxHzaR.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REqKZVM.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDHqzvt.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmomFPu.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLqwxWT.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyEpQpZ.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCVFDCI.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivwAMcB.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKOAzim.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LybveQy.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jisEUpa.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMxxDAW.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neNESdC.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvQjLlg.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHdnyvW.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKMlhcz.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfLlqiF.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\horSxlI.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atFkuAR.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psJPiDU.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shYgmQh.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihEvMac.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXxAJWr.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPKXsFx.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpLAPDY.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBhUUIo.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoWwMXm.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZQKnwO.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOBtaFf.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWeLWff.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqAABRT.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhlLJFd.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mATKFPe.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFwDyxF.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpbSWNQ.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHtQtGa.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\widuUgJ.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUjyjyc.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVNfBkn.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDmNszk.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAhgahy.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykhtDSH.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpCMpdM.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsVMccW.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsOkwIs.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGpHJyR.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVfKwqi.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COrZLKe.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EslblDq.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyyqHJm.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDLQSBi.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsBtIkS.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMpcqqe.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOEtyfn.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APAYmoe.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCyxmcX.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThsZyPr.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIXuoyW.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwSzxxz.exe	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14680	dwm.exe
Token: SeChangeNotifyPrivilege	14680	dwm.exe
Token: 33	14680	dwm.exe
Token: SeIncBasePriorityPrivilege	14680	dwm.exe
Token: SeShutdownPrivilege	14680	dwm.exe
Token: SeCreatePagefilePrivilege	14680	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 2616	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4924 wrote to memory of 2616	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4924 wrote to memory of 3820	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4924 wrote to memory of 3820	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4924 wrote to memory of 3640	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4924 wrote to memory of 3640	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4924 wrote to memory of 4068	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4924 wrote to memory of 4068	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4924 wrote to memory of 1908	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4924 wrote to memory of 1908	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4924 wrote to memory of 1636	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4924 wrote to memory of 1636	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4924 wrote to memory of 4372	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4924 wrote to memory of 4372	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4924 wrote to memory of 2172	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4924 wrote to memory of 2172	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4924 wrote to memory of 2384	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4924 wrote to memory of 2384	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4924 wrote to memory of 2296	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4924 wrote to memory of 2296	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4924 wrote to memory of 3808	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4924 wrote to memory of 3808	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4924 wrote to memory of 2712	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4924 wrote to memory of 2712	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4924 wrote to memory of 880	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4924 wrote to memory of 880	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4924 wrote to memory of 3560	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4924 wrote to memory of 3560	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4924 wrote to memory of 740	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4924 wrote to memory of 740	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4924 wrote to memory of 1044	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4924 wrote to memory of 1044	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4924 wrote to memory of 4572	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4924 wrote to memory of 4572	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4924 wrote to memory of 4520	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4924 wrote to memory of 4520	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4924 wrote to memory of 3748	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4924 wrote to memory of 3748	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4924 wrote to memory of 4596	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4924 wrote to memory of 4596	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4924 wrote to memory of 4412	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4924 wrote to memory of 4412	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4924 wrote to memory of 4776	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4924 wrote to memory of 4776	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4924 wrote to memory of 952	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4924 wrote to memory of 952	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4924 wrote to memory of 4424	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4924 wrote to memory of 4424	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4924 wrote to memory of 1508	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4924 wrote to memory of 1508	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4924 wrote to memory of 2836	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4924 wrote to memory of 2836	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4924 wrote to memory of 3208	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4924 wrote to memory of 3208	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4924 wrote to memory of 2300	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4924 wrote to memory of 2300	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4924 wrote to memory of 4960	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4924 wrote to memory of 4960	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4924 wrote to memory of 4380	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4924 wrote to memory of 4380	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4924 wrote to memory of 2488	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4924 wrote to memory of 2488	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4924 wrote to memory of 3644	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4924 wrote to memory of 3644	4924	2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_aab4ab240bb9da8a4b48c0fc337a8892_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\System\GNzpbru.exe
  C:\Windows\System\GNzpbru.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\vxrSqUA.exe
  C:\Windows\System\vxrSqUA.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\EfXSaYB.exe
  C:\Windows\System\EfXSaYB.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\hprybHG.exe
  C:\Windows\System\hprybHG.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\shLRpVA.exe
  C:\Windows\System\shLRpVA.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\hpSjMpB.exe
  C:\Windows\System\hpSjMpB.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\NSIhWdE.exe
  C:\Windows\System\NSIhWdE.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\ADyblLq.exe
  C:\Windows\System\ADyblLq.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\YzvJtoe.exe
  C:\Windows\System\YzvJtoe.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\wCryGCi.exe
  C:\Windows\System\wCryGCi.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\fdHBjZn.exe
  C:\Windows\System\fdHBjZn.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\NfCzFnh.exe
  C:\Windows\System\NfCzFnh.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\JEHuJRa.exe
  C:\Windows\System\JEHuJRa.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\kpPVtTo.exe
  C:\Windows\System\kpPVtTo.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\gYEDDfR.exe
  C:\Windows\System\gYEDDfR.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\LjvqKKg.exe
  C:\Windows\System\LjvqKKg.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\HZFhhvx.exe
  C:\Windows\System\HZFhhvx.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\KvSfKks.exe
  C:\Windows\System\KvSfKks.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\FZBrbTU.exe
  C:\Windows\System\FZBrbTU.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\gcFiZbD.exe
  C:\Windows\System\gcFiZbD.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\kDMUHBC.exe
  C:\Windows\System\kDMUHBC.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\gaLceUn.exe
  C:\Windows\System\gaLceUn.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\ZmGyJBn.exe
  C:\Windows\System\ZmGyJBn.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\jKoEmif.exe
  C:\Windows\System\jKoEmif.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\bqAABRT.exe
  C:\Windows\System\bqAABRT.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\BhNkflJ.exe
  C:\Windows\System\BhNkflJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\BQeYdmq.exe
  C:\Windows\System\BQeYdmq.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\SWdRokI.exe
  C:\Windows\System\SWdRokI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\zxOidkt.exe
  C:\Windows\System\zxOidkt.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\mpKEYGb.exe
  C:\Windows\System\mpKEYGb.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\nNMvldd.exe
  C:\Windows\System\nNMvldd.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\kLMRvPR.exe
  C:\Windows\System\kLMRvPR.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\LhETFlH.exe
  C:\Windows\System\LhETFlH.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\XDARqRK.exe
  C:\Windows\System\XDARqRK.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\jzkmLqL.exe
  C:\Windows\System\jzkmLqL.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\lWxTRca.exe
  C:\Windows\System\lWxTRca.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\DZXDfLA.exe
  C:\Windows\System\DZXDfLA.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\tSpqiDn.exe
  C:\Windows\System\tSpqiDn.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\ksUDqXe.exe
  C:\Windows\System\ksUDqXe.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\OzzxLOG.exe
  C:\Windows\System\OzzxLOG.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\sHzSXld.exe
  C:\Windows\System\sHzSXld.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\EYaDube.exe
  C:\Windows\System\EYaDube.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\DWcgsKC.exe
  C:\Windows\System\DWcgsKC.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\gyyqHJm.exe
  C:\Windows\System\gyyqHJm.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\DFybONO.exe
  C:\Windows\System\DFybONO.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\BUQxcuf.exe
  C:\Windows\System\BUQxcuf.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\cxeWByv.exe
  C:\Windows\System\cxeWByv.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\AZizpJq.exe
  C:\Windows\System\AZizpJq.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\aJCeUHA.exe
  C:\Windows\System\aJCeUHA.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\PXFFjtZ.exe
  C:\Windows\System\PXFFjtZ.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\BURHxCG.exe
  C:\Windows\System\BURHxCG.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\qGJCZrL.exe
  C:\Windows\System\qGJCZrL.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\zGVjlJZ.exe
  C:\Windows\System\zGVjlJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\tzCaewH.exe
  C:\Windows\System\tzCaewH.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\TDghqrv.exe
  C:\Windows\System\TDghqrv.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\bQgNLyC.exe
  C:\Windows\System\bQgNLyC.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\XDLQSBi.exe
  C:\Windows\System\XDLQSBi.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\FtbJdjX.exe
  C:\Windows\System\FtbJdjX.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\sjoCdrH.exe
  C:\Windows\System\sjoCdrH.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\dKsXVAe.exe
  C:\Windows\System\dKsXVAe.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\horSxlI.exe
  C:\Windows\System\horSxlI.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\VHBYIGt.exe
  C:\Windows\System\VHBYIGt.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\RquoMLh.exe
  C:\Windows\System\RquoMLh.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\VdUPGvZ.exe
  C:\Windows\System\VdUPGvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\sODDNYY.exe
  C:\Windows\System\sODDNYY.exe
  2⤵
  PID:3232
- C:\Windows\System\WXxCYLT.exe
  C:\Windows\System\WXxCYLT.exe
  2⤵
  PID:2700
- C:\Windows\System\QEqNhho.exe
  C:\Windows\System\QEqNhho.exe
  2⤵
  PID:1852
- C:\Windows\System\IMlKMVU.exe
  C:\Windows\System\IMlKMVU.exe
  2⤵
  PID:464
- C:\Windows\System\GUuLcqz.exe
  C:\Windows\System\GUuLcqz.exe
  2⤵
  PID:1612
- C:\Windows\System\npuAYqe.exe
  C:\Windows\System\npuAYqe.exe
  2⤵
  PID:4180
- C:\Windows\System\yTaGLVU.exe
  C:\Windows\System\yTaGLVU.exe
  2⤵
  PID:2648
- C:\Windows\System\yuTnUpz.exe
  C:\Windows\System\yuTnUpz.exe
  2⤵
  PID:4848
- C:\Windows\System\cmKVMNl.exe
  C:\Windows\System\cmKVMNl.exe
  2⤵
  PID:764
- C:\Windows\System\UAuBBDr.exe
  C:\Windows\System\UAuBBDr.exe
  2⤵
  PID:3336
- C:\Windows\System\wntIijQ.exe
  C:\Windows\System\wntIijQ.exe
  2⤵
  PID:3584
- C:\Windows\System\WdfCDbb.exe
  C:\Windows\System\WdfCDbb.exe
  2⤵
  PID:4300
- C:\Windows\System\cLZjXkh.exe
  C:\Windows\System\cLZjXkh.exe
  2⤵
  PID:3080
- C:\Windows\System\bNFHeHM.exe
  C:\Windows\System\bNFHeHM.exe
  2⤵
  PID:4876
- C:\Windows\System\SgPNjZo.exe
  C:\Windows\System\SgPNjZo.exe
  2⤵
  PID:1572
- C:\Windows\System\cZLYrKE.exe
  C:\Windows\System\cZLYrKE.exe
  2⤵
  PID:404
- C:\Windows\System\CUMmGSp.exe
  C:\Windows\System\CUMmGSp.exe
  2⤵
  PID:2604
- C:\Windows\System\MbCbGpb.exe
  C:\Windows\System\MbCbGpb.exe
  2⤵
  PID:1600
- C:\Windows\System\bmbHqRh.exe
  C:\Windows\System\bmbHqRh.exe
  2⤵
  PID:1736
- C:\Windows\System\mOAfoBl.exe
  C:\Windows\System\mOAfoBl.exe
  2⤵
  PID:1900
- C:\Windows\System\xIkEILg.exe
  C:\Windows\System\xIkEILg.exe
  2⤵
  PID:3000
- C:\Windows\System\DzaAujd.exe
  C:\Windows\System\DzaAujd.exe
  2⤵
  PID:3220
- C:\Windows\System\VGoXWAp.exe
  C:\Windows\System\VGoXWAp.exe
  2⤵
  PID:3544
- C:\Windows\System\tUAcOHQ.exe
  C:\Windows\System\tUAcOHQ.exe
  2⤵
  PID:448
- C:\Windows\System\tLjlBAB.exe
  C:\Windows\System\tLjlBAB.exe
  2⤵
  PID:2544
- C:\Windows\System\VKNksZr.exe
  C:\Windows\System\VKNksZr.exe
  2⤵
  PID:4548
- C:\Windows\System\vpLAPDY.exe
  C:\Windows\System\vpLAPDY.exe
  2⤵
  PID:2812
- C:\Windows\System\xPWMeyV.exe
  C:\Windows\System\xPWMeyV.exe
  2⤵
  PID:4404
- C:\Windows\System\IOqmdqw.exe
  C:\Windows\System\IOqmdqw.exe
  2⤵
  PID:2004
- C:\Windows\System\nEQWppO.exe
  C:\Windows\System\nEQWppO.exe
  2⤵
  PID:3752
- C:\Windows\System\KTifFVd.exe
  C:\Windows\System\KTifFVd.exe
  2⤵
  PID:2272
- C:\Windows\System\rnAiZEQ.exe
  C:\Windows\System\rnAiZEQ.exe
  2⤵
  PID:5144
- C:\Windows\System\QsBtIkS.exe
  C:\Windows\System\QsBtIkS.exe
  2⤵
  PID:5164
- C:\Windows\System\ufXaWLv.exe
  C:\Windows\System\ufXaWLv.exe
  2⤵
  PID:5188
- C:\Windows\System\MCsOrHA.exe
  C:\Windows\System\MCsOrHA.exe
  2⤵
  PID:5236
- C:\Windows\System\YnviuER.exe
  C:\Windows\System\YnviuER.exe
  2⤵
  PID:5260
- C:\Windows\System\YQlctdj.exe
  C:\Windows\System\YQlctdj.exe
  2⤵
  PID:5292
- C:\Windows\System\KHdHLKd.exe
  C:\Windows\System\KHdHLKd.exe
  2⤵
  PID:5324
- C:\Windows\System\cdoqFXR.exe
  C:\Windows\System\cdoqFXR.exe
  2⤵
  PID:5352
- C:\Windows\System\dxSmfrd.exe
  C:\Windows\System\dxSmfrd.exe
  2⤵
  PID:5376
- C:\Windows\System\JWJYdyb.exe
  C:\Windows\System\JWJYdyb.exe
  2⤵
  PID:5408
- C:\Windows\System\eGDhppb.exe
  C:\Windows\System\eGDhppb.exe
  2⤵
  PID:5432
- C:\Windows\System\PdSWDwP.exe
  C:\Windows\System\PdSWDwP.exe
  2⤵
  PID:5464
- C:\Windows\System\GjNPEZb.exe
  C:\Windows\System\GjNPEZb.exe
  2⤵
  PID:5488
- C:\Windows\System\Kvtlmsb.exe
  C:\Windows\System\Kvtlmsb.exe
  2⤵
  PID:5524
- C:\Windows\System\ykhtDSH.exe
  C:\Windows\System\ykhtDSH.exe
  2⤵
  PID:5552
- C:\Windows\System\KbRDSTL.exe
  C:\Windows\System\KbRDSTL.exe
  2⤵
  PID:5580
- C:\Windows\System\vMpcqqe.exe
  C:\Windows\System\vMpcqqe.exe
  2⤵
  PID:5608
- C:\Windows\System\EhePdMl.exe
  C:\Windows\System\EhePdMl.exe
  2⤵
  PID:5640
- C:\Windows\System\NKpmkiK.exe
  C:\Windows\System\NKpmkiK.exe
  2⤵
  PID:5660
- C:\Windows\System\AfIUpIt.exe
  C:\Windows\System\AfIUpIt.exe
  2⤵
  PID:5692
- C:\Windows\System\EmIPUTd.exe
  C:\Windows\System\EmIPUTd.exe
  2⤵
  PID:5724
- C:\Windows\System\ejglcov.exe
  C:\Windows\System\ejglcov.exe
  2⤵
  PID:5748
- C:\Windows\System\XSpSWRO.exe
  C:\Windows\System\XSpSWRO.exe
  2⤵
  PID:5776
- C:\Windows\System\AqzQejl.exe
  C:\Windows\System\AqzQejl.exe
  2⤵
  PID:5804
- C:\Windows\System\pEQiRKN.exe
  C:\Windows\System\pEQiRKN.exe
  2⤵
  PID:5824
- C:\Windows\System\CYYetVT.exe
  C:\Windows\System\CYYetVT.exe
  2⤵
  PID:5840
- C:\Windows\System\TaPXDBQ.exe
  C:\Windows\System\TaPXDBQ.exe
  2⤵
  PID:5888
- C:\Windows\System\wVAliZR.exe
  C:\Windows\System\wVAliZR.exe
  2⤵
  PID:5908
- C:\Windows\System\iWfEWzB.exe
  C:\Windows\System\iWfEWzB.exe
  2⤵
  PID:5948
- C:\Windows\System\wEzXfmd.exe
  C:\Windows\System\wEzXfmd.exe
  2⤵
  PID:5972
- C:\Windows\System\zdFonRD.exe
  C:\Windows\System\zdFonRD.exe
  2⤵
  PID:5996
- C:\Windows\System\jisEUpa.exe
  C:\Windows\System\jisEUpa.exe
  2⤵
  PID:6028
- C:\Windows\System\PBgDjiN.exe
  C:\Windows\System\PBgDjiN.exe
  2⤵
  PID:6056
- C:\Windows\System\VyEpQpZ.exe
  C:\Windows\System\VyEpQpZ.exe
  2⤵
  PID:6084
- C:\Windows\System\JtFgFQm.exe
  C:\Windows\System\JtFgFQm.exe
  2⤵
  PID:6116
- C:\Windows\System\OFuOnOD.exe
  C:\Windows\System\OFuOnOD.exe
  2⤵
  PID:5128
- C:\Windows\System\bmTJvEz.exe
  C:\Windows\System\bmTJvEz.exe
  2⤵
  PID:5184
- C:\Windows\System\qgvubVS.exe
  C:\Windows\System\qgvubVS.exe
  2⤵
  PID:5252
- C:\Windows\System\cDmlJoN.exe
  C:\Windows\System\cDmlJoN.exe
  2⤵
  PID:5312
- C:\Windows\System\jCfTZqy.exe
  C:\Windows\System\jCfTZqy.exe
  2⤵
  PID:5388
- C:\Windows\System\NyHRlGs.exe
  C:\Windows\System\NyHRlGs.exe
  2⤵
  PID:4544
- C:\Windows\System\bfylVui.exe
  C:\Windows\System\bfylVui.exe
  2⤵
  PID:5500
- C:\Windows\System\RmSRzeL.exe
  C:\Windows\System\RmSRzeL.exe
  2⤵
  PID:5588
- C:\Windows\System\rqqdQbE.exe
  C:\Windows\System\rqqdQbE.exe
  2⤵
  PID:5636
- C:\Windows\System\mOEtyfn.exe
  C:\Windows\System\mOEtyfn.exe
  2⤵
  PID:5704
- C:\Windows\System\njhRFVY.exe
  C:\Windows\System\njhRFVY.exe
  2⤵
  PID:5756
- C:\Windows\System\FUYJsnj.exe
  C:\Windows\System\FUYJsnj.exe
  2⤵
  PID:5832
- C:\Windows\System\fIKWdIx.exe
  C:\Windows\System\fIKWdIx.exe
  2⤵
  PID:5920
- C:\Windows\System\atFkuAR.exe
  C:\Windows\System\atFkuAR.exe
  2⤵
  PID:5980
- C:\Windows\System\QNPDBiH.exe
  C:\Windows\System\QNPDBiH.exe
  2⤵
  PID:6040
- C:\Windows\System\vYbhhuq.exe
  C:\Windows\System\vYbhhuq.exe
  2⤵
  PID:6128
- C:\Windows\System\WLrBoeD.exe
  C:\Windows\System\WLrBoeD.exe
  2⤵
  PID:5160
- C:\Windows\System\kUkmLQI.exe
  C:\Windows\System\kUkmLQI.exe
  2⤵
  PID:5320
- C:\Windows\System\vJBSzYK.exe
  C:\Windows\System\vJBSzYK.exe
  2⤵
  PID:5444
- C:\Windows\System\dPlEbey.exe
  C:\Windows\System\dPlEbey.exe
  2⤵
  PID:5620
- C:\Windows\System\MgSEAQW.exe
  C:\Windows\System\MgSEAQW.exe
  2⤵
  PID:5784
- C:\Windows\System\vylppmJ.exe
  C:\Windows\System\vylppmJ.exe
  2⤵
  PID:2112
- C:\Windows\System\CoStiBM.exe
  C:\Windows\System\CoStiBM.exe
  2⤵
  PID:6104
- C:\Windows\System\HLMVJsc.exe
  C:\Windows\System\HLMVJsc.exe
  2⤵
  PID:5360
- C:\Windows\System\xDfZgWa.exe
  C:\Windows\System\xDfZgWa.exe
  2⤵
  PID:5676
- C:\Windows\System\bTHrWpT.exe
  C:\Windows\System\bTHrWpT.exe
  2⤵
  PID:6004
- C:\Windows\System\rRYQYSb.exe
  C:\Windows\System\rRYQYSb.exe
  2⤵
  PID:5548
- C:\Windows\System\nKHYnBv.exe
  C:\Windows\System\nKHYnBv.exe
  2⤵
  PID:5812
- C:\Windows\System\MUsnheg.exe
  C:\Windows\System\MUsnheg.exe
  2⤵
  PID:6160
- C:\Windows\System\fPfpBMg.exe
  C:\Windows\System\fPfpBMg.exe
  2⤵
  PID:6184
- C:\Windows\System\lVRTzQw.exe
  C:\Windows\System\lVRTzQw.exe
  2⤵
  PID:6212
- C:\Windows\System\jwAFZoE.exe
  C:\Windows\System\jwAFZoE.exe
  2⤵
  PID:6240
- C:\Windows\System\KipAHum.exe
  C:\Windows\System\KipAHum.exe
  2⤵
  PID:6272
- C:\Windows\System\uaFNZli.exe
  C:\Windows\System\uaFNZli.exe
  2⤵
  PID:6296
- C:\Windows\System\eQdCPiq.exe
  C:\Windows\System\eQdCPiq.exe
  2⤵
  PID:6324
- C:\Windows\System\HzNYxSl.exe
  C:\Windows\System\HzNYxSl.exe
  2⤵
  PID:6352
- C:\Windows\System\mDolagH.exe
  C:\Windows\System\mDolagH.exe
  2⤵
  PID:6392
- C:\Windows\System\FXfJmAN.exe
  C:\Windows\System\FXfJmAN.exe
  2⤵
  PID:6420
- C:\Windows\System\yLGyoEH.exe
  C:\Windows\System\yLGyoEH.exe
  2⤵
  PID:6448
- C:\Windows\System\SQKMWSA.exe
  C:\Windows\System\SQKMWSA.exe
  2⤵
  PID:6480
- C:\Windows\System\UsSFNpA.exe
  C:\Windows\System\UsSFNpA.exe
  2⤵
  PID:6508
- C:\Windows\System\sUkItlq.exe
  C:\Windows\System\sUkItlq.exe
  2⤵
  PID:6532
- C:\Windows\System\OpCMpdM.exe
  C:\Windows\System\OpCMpdM.exe
  2⤵
  PID:6560
- C:\Windows\System\uCVFDCI.exe
  C:\Windows\System\uCVFDCI.exe
  2⤵
  PID:6588
- C:\Windows\System\ivwAMcB.exe
  C:\Windows\System\ivwAMcB.exe
  2⤵
  PID:6612
- C:\Windows\System\IjijZqv.exe
  C:\Windows\System\IjijZqv.exe
  2⤵
  PID:6648
- C:\Windows\System\dslHgeE.exe
  C:\Windows\System\dslHgeE.exe
  2⤵
  PID:6672
- C:\Windows\System\hdvMZlL.exe
  C:\Windows\System\hdvMZlL.exe
  2⤵
  PID:6708
- C:\Windows\System\fztvBEd.exe
  C:\Windows\System\fztvBEd.exe
  2⤵
  PID:6740
- C:\Windows\System\pljCgkp.exe
  C:\Windows\System\pljCgkp.exe
  2⤵
  PID:6776
- C:\Windows\System\qEQKLKl.exe
  C:\Windows\System\qEQKLKl.exe
  2⤵
  PID:6804
- C:\Windows\System\UbVNbXw.exe
  C:\Windows\System\UbVNbXw.exe
  2⤵
  PID:6832
- C:\Windows\System\IAbOKnp.exe
  C:\Windows\System\IAbOKnp.exe
  2⤵
  PID:6856
- C:\Windows\System\gQLkalo.exe
  C:\Windows\System\gQLkalo.exe
  2⤵
  PID:6884
- C:\Windows\System\AXekgNx.exe
  C:\Windows\System\AXekgNx.exe
  2⤵
  PID:6912
- C:\Windows\System\rAhjbNu.exe
  C:\Windows\System\rAhjbNu.exe
  2⤵
  PID:6940
- C:\Windows\System\erelfCW.exe
  C:\Windows\System\erelfCW.exe
  2⤵
  PID:6972
- C:\Windows\System\pBOVkGi.exe
  C:\Windows\System\pBOVkGi.exe
  2⤵
  PID:7000
- C:\Windows\System\zxehUem.exe
  C:\Windows\System\zxehUem.exe
  2⤵
  PID:7028
- C:\Windows\System\leuMsoX.exe
  C:\Windows\System\leuMsoX.exe
  2⤵
  PID:7064
- C:\Windows\System\QMmQNcC.exe
  C:\Windows\System\QMmQNcC.exe
  2⤵
  PID:7092
- C:\Windows\System\hlRwbDw.exe
  C:\Windows\System\hlRwbDw.exe
  2⤵
  PID:7120
- C:\Windows\System\FFACAfE.exe
  C:\Windows\System\FFACAfE.exe
  2⤵
  PID:7148
- C:\Windows\System\aAjwiNh.exe
  C:\Windows\System\aAjwiNh.exe
  2⤵
  PID:5532
- C:\Windows\System\ZfxgMZP.exe
  C:\Windows\System\ZfxgMZP.exe
  2⤵
  PID:6220
- C:\Windows\System\pCxrCXl.exe
  C:\Windows\System\pCxrCXl.exe
  2⤵
  PID:6260
- C:\Windows\System\zVujcTx.exe
  C:\Windows\System\zVujcTx.exe
  2⤵
  PID:6344
- C:\Windows\System\VUmhsea.exe
  C:\Windows\System\VUmhsea.exe
  2⤵
  PID:6428
- C:\Windows\System\MgBgMPX.exe
  C:\Windows\System\MgBgMPX.exe
  2⤵
  PID:6504
- C:\Windows\System\JvpJKVS.exe
  C:\Windows\System\JvpJKVS.exe
  2⤵
  PID:6564
- C:\Windows\System\lwedekx.exe
  C:\Windows\System\lwedekx.exe
  2⤵
  PID:6620
- C:\Windows\System\DRwHAMU.exe
  C:\Windows\System\DRwHAMU.exe
  2⤵
  PID:6684
- C:\Windows\System\vhlLJFd.exe
  C:\Windows\System\vhlLJFd.exe
  2⤵
  PID:6772
- C:\Windows\System\ZRxfuPB.exe
  C:\Windows\System\ZRxfuPB.exe
  2⤵
  PID:6820
- C:\Windows\System\IEXZFaQ.exe
  C:\Windows\System\IEXZFaQ.exe
  2⤵
  PID:4568
- C:\Windows\System\LqGnaMX.exe
  C:\Windows\System\LqGnaMX.exe
  2⤵
  PID:6952
- C:\Windows\System\fhRuPPY.exe
  C:\Windows\System\fhRuPPY.exe
  2⤵
  PID:7008
- C:\Windows\System\VcVuZdB.exe
  C:\Windows\System\VcVuZdB.exe
  2⤵
  PID:7080
- C:\Windows\System\QGbbEuP.exe
  C:\Windows\System\QGbbEuP.exe
  2⤵
  PID:7160
- C:\Windows\System\XBKsIEh.exe
  C:\Windows\System\XBKsIEh.exe
  2⤵
  PID:6248
- C:\Windows\System\SRVdkeA.exe
  C:\Windows\System\SRVdkeA.exe
  2⤵
  PID:6376
- C:\Windows\System\kYHyQTN.exe
  C:\Windows\System\kYHyQTN.exe
  2⤵
  PID:6552
- C:\Windows\System\JWNhVrs.exe
  C:\Windows\System\JWNhVrs.exe
  2⤵
  PID:6720
- C:\Windows\System\SupzoHs.exe
  C:\Windows\System\SupzoHs.exe
  2⤵
  PID:6892
- C:\Windows\System\uNEUEIJ.exe
  C:\Windows\System\uNEUEIJ.exe
  2⤵
  PID:6984
- C:\Windows\System\LsVMccW.exe
  C:\Windows\System\LsVMccW.exe
  2⤵
  PID:7156
- C:\Windows\System\WKOAzim.exe
  C:\Windows\System\WKOAzim.exe
  2⤵
  PID:6308
- C:\Windows\System\tNBnhOe.exe
  C:\Windows\System\tNBnhOe.exe
  2⤵
  PID:6636
- C:\Windows\System\tJgwIgn.exe
  C:\Windows\System\tJgwIgn.exe
  2⤵
  PID:7132
- C:\Windows\System\IlgpaJX.exe
  C:\Windows\System\IlgpaJX.exe
  2⤵
  PID:6596
- C:\Windows\System\TYzDnJP.exe
  C:\Windows\System\TYzDnJP.exe
  2⤵
  PID:7172
- C:\Windows\System\GWadiRf.exe
  C:\Windows\System\GWadiRf.exe
  2⤵
  PID:7200
- C:\Windows\System\pwnLjzY.exe
  C:\Windows\System\pwnLjzY.exe
  2⤵
  PID:7228
- C:\Windows\System\BMvItPr.exe
  C:\Windows\System\BMvItPr.exe
  2⤵
  PID:7256
- C:\Windows\System\YBhUUIo.exe
  C:\Windows\System\YBhUUIo.exe
  2⤵
  PID:7288
- C:\Windows\System\sqLanXZ.exe
  C:\Windows\System\sqLanXZ.exe
  2⤵
  PID:7312
- C:\Windows\System\meVbCtH.exe
  C:\Windows\System\meVbCtH.exe
  2⤵
  PID:7344
- C:\Windows\System\HjQcRCR.exe
  C:\Windows\System\HjQcRCR.exe
  2⤵
  PID:7368
- C:\Windows\System\phXSNxh.exe
  C:\Windows\System\phXSNxh.exe
  2⤵
  PID:7396
- C:\Windows\System\ypiAwGr.exe
  C:\Windows\System\ypiAwGr.exe
  2⤵
  PID:7428
- C:\Windows\System\gZovbWS.exe
  C:\Windows\System\gZovbWS.exe
  2⤵
  PID:7456
- C:\Windows\System\eOapVeE.exe
  C:\Windows\System\eOapVeE.exe
  2⤵
  PID:7484
- C:\Windows\System\yOYjUWN.exe
  C:\Windows\System\yOYjUWN.exe
  2⤵
  PID:7512
- C:\Windows\System\LcUtLFl.exe
  C:\Windows\System\LcUtLFl.exe
  2⤵
  PID:7540
- C:\Windows\System\SPbfWJZ.exe
  C:\Windows\System\SPbfWJZ.exe
  2⤵
  PID:7568
- C:\Windows\System\ViXMcqD.exe
  C:\Windows\System\ViXMcqD.exe
  2⤵
  PID:7596
- C:\Windows\System\fMxxDAW.exe
  C:\Windows\System\fMxxDAW.exe
  2⤵
  PID:7628
- C:\Windows\System\kXOgNrc.exe
  C:\Windows\System\kXOgNrc.exe
  2⤵
  PID:7656
- C:\Windows\System\GujdPlx.exe
  C:\Windows\System\GujdPlx.exe
  2⤵
  PID:7680
- C:\Windows\System\SUNoPgw.exe
  C:\Windows\System\SUNoPgw.exe
  2⤵
  PID:7704
- C:\Windows\System\FekjQBx.exe
  C:\Windows\System\FekjQBx.exe
  2⤵
  PID:7744
- C:\Windows\System\dkcwxfU.exe
  C:\Windows\System\dkcwxfU.exe
  2⤵
  PID:7768
- C:\Windows\System\IXEYvnw.exe
  C:\Windows\System\IXEYvnw.exe
  2⤵
  PID:7792
- C:\Windows\System\puTqFqQ.exe
  C:\Windows\System\puTqFqQ.exe
  2⤵
  PID:7820
- C:\Windows\System\YGTMJDn.exe
  C:\Windows\System\YGTMJDn.exe
  2⤵
  PID:7864
- C:\Windows\System\JfUYyGA.exe
  C:\Windows\System\JfUYyGA.exe
  2⤵
  PID:7888
- C:\Windows\System\YUjdoEP.exe
  C:\Windows\System\YUjdoEP.exe
  2⤵
  PID:7908
- C:\Windows\System\MpjQyaA.exe
  C:\Windows\System\MpjQyaA.exe
  2⤵
  PID:7940
- C:\Windows\System\eFQtwOO.exe
  C:\Windows\System\eFQtwOO.exe
  2⤵
  PID:7964
- C:\Windows\System\kzhNycc.exe
  C:\Windows\System\kzhNycc.exe
  2⤵
  PID:7992
- C:\Windows\System\IpbSWNQ.exe
  C:\Windows\System\IpbSWNQ.exe
  2⤵
  PID:8020
- C:\Windows\System\wvJZUGa.exe
  C:\Windows\System\wvJZUGa.exe
  2⤵
  PID:8048
- C:\Windows\System\vGPuUkY.exe
  C:\Windows\System\vGPuUkY.exe
  2⤵
  PID:8084
- C:\Windows\System\pJKrxBp.exe
  C:\Windows\System\pJKrxBp.exe
  2⤵
  PID:8104
- C:\Windows\System\dYFXPEj.exe
  C:\Windows\System\dYFXPEj.exe
  2⤵
  PID:8132
- C:\Windows\System\GjZTaDE.exe
  C:\Windows\System\GjZTaDE.exe
  2⤵
  PID:8160
- C:\Windows\System\EWNfyik.exe
  C:\Windows\System\EWNfyik.exe
  2⤵
  PID:8188
- C:\Windows\System\MgLVNLE.exe
  C:\Windows\System\MgLVNLE.exe
  2⤵
  PID:7240
- C:\Windows\System\RKOAcWP.exe
  C:\Windows\System\RKOAcWP.exe
  2⤵
  PID:7296
- C:\Windows\System\JpAiPfp.exe
  C:\Windows\System\JpAiPfp.exe
  2⤵
  PID:7380
- C:\Windows\System\JSAGNzo.exe
  C:\Windows\System\JSAGNzo.exe
  2⤵
  PID:7440
- C:\Windows\System\cIfBPMR.exe
  C:\Windows\System\cIfBPMR.exe
  2⤵
  PID:7496
- C:\Windows\System\TVsMEhF.exe
  C:\Windows\System\TVsMEhF.exe
  2⤵
  PID:7560
- C:\Windows\System\HARCmrT.exe
  C:\Windows\System\HARCmrT.exe
  2⤵
  PID:7636
- C:\Windows\System\nHtQtGa.exe
  C:\Windows\System\nHtQtGa.exe
  2⤵
  PID:7712
- C:\Windows\System\GZZXMxZ.exe
  C:\Windows\System\GZZXMxZ.exe
  2⤵
  PID:7780
- C:\Windows\System\TZZDSiC.exe
  C:\Windows\System\TZZDSiC.exe
  2⤵
  PID:7860
- C:\Windows\System\Ibehwwx.exe
  C:\Windows\System\Ibehwwx.exe
  2⤵
  PID:7900
- C:\Windows\System\FVnLNJz.exe
  C:\Windows\System\FVnLNJz.exe
  2⤵
  PID:7960
- C:\Windows\System\neNESdC.exe
  C:\Windows\System\neNESdC.exe
  2⤵
  PID:8032
- C:\Windows\System\nqxHzaR.exe
  C:\Windows\System\nqxHzaR.exe
  2⤵
  PID:8116
- C:\Windows\System\ilTxftW.exe
  C:\Windows\System\ilTxftW.exe
  2⤵
  PID:8172
- C:\Windows\System\QxenVuS.exe
  C:\Windows\System\QxenVuS.exe
  2⤵
  PID:7284
- C:\Windows\System\IbIAFCF.exe
  C:\Windows\System\IbIAFCF.exe
  2⤵
  PID:7468
- C:\Windows\System\bImDpAS.exe
  C:\Windows\System\bImDpAS.exe
  2⤵
  PID:7552
- C:\Windows\System\sXOZqbx.exe
  C:\Windows\System\sXOZqbx.exe
  2⤵
  PID:7740
- C:\Windows\System\aILePqi.exe
  C:\Windows\System\aILePqi.exe
  2⤵
  PID:7808
- C:\Windows\System\yzAinkt.exe
  C:\Windows\System\yzAinkt.exe
  2⤵
  PID:8012
- C:\Windows\System\fQyYMBG.exe
  C:\Windows\System\fQyYMBG.exe
  2⤵
  PID:7188
- C:\Windows\System\TkytJlg.exe
  C:\Windows\System\TkytJlg.exe
  2⤵
  PID:7492
- C:\Windows\System\ZwuLGLq.exe
  C:\Windows\System\ZwuLGLq.exe
  2⤵
  PID:7872
- C:\Windows\System\VcgfAnY.exe
  C:\Windows\System\VcgfAnY.exe
  2⤵
  PID:7352
- C:\Windows\System\XMLonNV.exe
  C:\Windows\System\XMLonNV.exe
  2⤵
  PID:7956
- C:\Windows\System\oCdDoly.exe
  C:\Windows\System\oCdDoly.exe
  2⤵
  PID:7812
- C:\Windows\System\czRQEji.exe
  C:\Windows\System\czRQEji.exe
  2⤵
  PID:8224
- C:\Windows\System\MJUiGdc.exe
  C:\Windows\System\MJUiGdc.exe
  2⤵
  PID:8248
- C:\Windows\System\tSByqJv.exe
  C:\Windows\System\tSByqJv.exe
  2⤵
  PID:8284
- C:\Windows\System\IySuLcP.exe
  C:\Windows\System\IySuLcP.exe
  2⤵
  PID:8312
- C:\Windows\System\HkaZahi.exe
  C:\Windows\System\HkaZahi.exe
  2⤵
  PID:8332
- C:\Windows\System\msEUwlS.exe
  C:\Windows\System\msEUwlS.exe
  2⤵
  PID:8360
- C:\Windows\System\yPzEAOJ.exe
  C:\Windows\System\yPzEAOJ.exe
  2⤵
  PID:8388
- C:\Windows\System\DQKeiAW.exe
  C:\Windows\System\DQKeiAW.exe
  2⤵
  PID:8420
- C:\Windows\System\dbcztyp.exe
  C:\Windows\System\dbcztyp.exe
  2⤵
  PID:8444
- C:\Windows\System\JmKYkoP.exe
  C:\Windows\System\JmKYkoP.exe
  2⤵
  PID:8484
- C:\Windows\System\xZMteYg.exe
  C:\Windows\System\xZMteYg.exe
  2⤵
  PID:8504
- C:\Windows\System\opjvGkr.exe
  C:\Windows\System\opjvGkr.exe
  2⤵
  PID:8532
- C:\Windows\System\QMuAVcF.exe
  C:\Windows\System\QMuAVcF.exe
  2⤵
  PID:8572
- C:\Windows\System\VEAsXcq.exe
  C:\Windows\System\VEAsXcq.exe
  2⤵
  PID:8592
- C:\Windows\System\WvDOOAa.exe
  C:\Windows\System\WvDOOAa.exe
  2⤵
  PID:8620
- C:\Windows\System\FoWwMXm.exe
  C:\Windows\System\FoWwMXm.exe
  2⤵
  PID:8648
- C:\Windows\System\aEKHwTv.exe
  C:\Windows\System\aEKHwTv.exe
  2⤵
  PID:8676
- C:\Windows\System\STDfHxi.exe
  C:\Windows\System\STDfHxi.exe
  2⤵
  PID:8704
- C:\Windows\System\hgflDnj.exe
  C:\Windows\System\hgflDnj.exe
  2⤵
  PID:8732
- C:\Windows\System\REqKZVM.exe
  C:\Windows\System\REqKZVM.exe
  2⤵
  PID:8764
- C:\Windows\System\JCsHdwp.exe
  C:\Windows\System\JCsHdwp.exe
  2⤵
  PID:8788
- C:\Windows\System\HhjBcMC.exe
  C:\Windows\System\HhjBcMC.exe
  2⤵
  PID:8828
- C:\Windows\System\KEeGRNM.exe
  C:\Windows\System\KEeGRNM.exe
  2⤵
  PID:8848
- C:\Windows\System\wOeVrYN.exe
  C:\Windows\System\wOeVrYN.exe
  2⤵
  PID:8876
- C:\Windows\System\jxIEiTC.exe
  C:\Windows\System\jxIEiTC.exe
  2⤵
  PID:8904
- C:\Windows\System\cykvhph.exe
  C:\Windows\System\cykvhph.exe
  2⤵
  PID:8948
- C:\Windows\System\eHgPzdv.exe
  C:\Windows\System\eHgPzdv.exe
  2⤵
  PID:8964
- C:\Windows\System\hjedRCH.exe
  C:\Windows\System\hjedRCH.exe
  2⤵
  PID:8992
- C:\Windows\System\SaRmGAx.exe
  C:\Windows\System\SaRmGAx.exe
  2⤵
  PID:9020
- C:\Windows\System\mmTgZCq.exe
  C:\Windows\System\mmTgZCq.exe
  2⤵
  PID:9048
- C:\Windows\System\QRxlhgG.exe
  C:\Windows\System\QRxlhgG.exe
  2⤵
  PID:9080
- C:\Windows\System\qLcNobI.exe
  C:\Windows\System\qLcNobI.exe
  2⤵
  PID:9104
- C:\Windows\System\loabfxt.exe
  C:\Windows\System\loabfxt.exe
  2⤵
  PID:9140
- C:\Windows\System\FIXuoyW.exe
  C:\Windows\System\FIXuoyW.exe
  2⤵
  PID:9168
- C:\Windows\System\ZwbnfYv.exe
  C:\Windows\System\ZwbnfYv.exe
  2⤵
  PID:9188
- C:\Windows\System\DtyfEqw.exe
  C:\Windows\System\DtyfEqw.exe
  2⤵
  PID:8212
- C:\Windows\System\qSpAAZb.exe
  C:\Windows\System\qSpAAZb.exe
  2⤵
  PID:8260
- C:\Windows\System\XJJggZb.exe
  C:\Windows\System\XJJggZb.exe
  2⤵
  PID:8344
- C:\Windows\System\yZRusrT.exe
  C:\Windows\System\yZRusrT.exe
  2⤵
  PID:8384
- C:\Windows\System\ZjKIsXA.exe
  C:\Windows\System\ZjKIsXA.exe
  2⤵
  PID:8456
- C:\Windows\System\XPbWJqb.exe
  C:\Windows\System\XPbWJqb.exe
  2⤵
  PID:8524
- C:\Windows\System\yiwdose.exe
  C:\Windows\System\yiwdose.exe
  2⤵
  PID:8588
- C:\Windows\System\txKIhMa.exe
  C:\Windows\System\txKIhMa.exe
  2⤵
  PID:8668
- C:\Windows\System\NhARZUl.exe
  C:\Windows\System\NhARZUl.exe
  2⤵
  PID:8724
- C:\Windows\System\vQNLZNW.exe
  C:\Windows\System\vQNLZNW.exe
  2⤵
  PID:8772
- C:\Windows\System\WFQInBa.exe
  C:\Windows\System\WFQInBa.exe
  2⤵
  PID:8840
- C:\Windows\System\hGUNxWX.exe
  C:\Windows\System\hGUNxWX.exe
  2⤵
  PID:8924
- C:\Windows\System\BEXTWen.exe
  C:\Windows\System\BEXTWen.exe
  2⤵
  PID:8988
- C:\Windows\System\gLGucKb.exe
  C:\Windows\System\gLGucKb.exe
  2⤵
  PID:9040
- C:\Windows\System\rtsFzYf.exe
  C:\Windows\System\rtsFzYf.exe
  2⤵
  PID:9100
- C:\Windows\System\tNoHHbU.exe
  C:\Windows\System\tNoHHbU.exe
  2⤵
  PID:9176
- C:\Windows\System\Lubukvv.exe
  C:\Windows\System\Lubukvv.exe
  2⤵
  PID:8240
- C:\Windows\System\juOPWkG.exe
  C:\Windows\System\juOPWkG.exe
  2⤵
  PID:8380
- C:\Windows\System\aqUvReU.exe
  C:\Windows\System\aqUvReU.exe
  2⤵
  PID:8544
- C:\Windows\System\FnsGUBk.exe
  C:\Windows\System\FnsGUBk.exe
  2⤵
  PID:8688
- C:\Windows\System\ukqgtcf.exe
  C:\Windows\System\ukqgtcf.exe
  2⤵
  PID:3628
- C:\Windows\System\zHPVbCx.exe
  C:\Windows\System\zHPVbCx.exe
  2⤵
  PID:8928
- C:\Windows\System\dfMsrNk.exe
  C:\Windows\System\dfMsrNk.exe
  2⤵
  PID:9128
- C:\Windows\System\nSAMWHW.exe
  C:\Windows\System\nSAMWHW.exe
  2⤵
  PID:8356
- C:\Windows\System\xQmPqgx.exe
  C:\Windows\System\xQmPqgx.exe
  2⤵
  PID:8580
- C:\Windows\System\PQWaPpU.exe
  C:\Windows\System\PQWaPpU.exe
  2⤵
  PID:8888
- C:\Windows\System\BQaVGOC.exe
  C:\Windows\System\BQaVGOC.exe
  2⤵
  PID:8440
- C:\Windows\System\NAxuJhw.exe
  C:\Windows\System\NAxuJhw.exe
  2⤵
  PID:9032
- C:\Windows\System\stfFXir.exe
  C:\Windows\System\stfFXir.exe
  2⤵
  PID:9228
- C:\Windows\System\enhbFPG.exe
  C:\Windows\System\enhbFPG.exe
  2⤵
  PID:9256
- C:\Windows\System\xCXjMHr.exe
  C:\Windows\System\xCXjMHr.exe
  2⤵
  PID:9276
- C:\Windows\System\AqUNOMY.exe
  C:\Windows\System\AqUNOMY.exe
  2⤵
  PID:9312
- C:\Windows\System\rgStFsf.exe
  C:\Windows\System\rgStFsf.exe
  2⤵
  PID:9336
- C:\Windows\System\pBaxRGS.exe
  C:\Windows\System\pBaxRGS.exe
  2⤵
  PID:9360
- C:\Windows\System\CqvrVeM.exe
  C:\Windows\System\CqvrVeM.exe
  2⤵
  PID:9388
- C:\Windows\System\AMzjlBL.exe
  C:\Windows\System\AMzjlBL.exe
  2⤵
  PID:9424
- C:\Windows\System\brNkxzh.exe
  C:\Windows\System\brNkxzh.exe
  2⤵
  PID:9444
- C:\Windows\System\rVGSwPs.exe
  C:\Windows\System\rVGSwPs.exe
  2⤵
  PID:9480
- C:\Windows\System\HePDOla.exe
  C:\Windows\System\HePDOla.exe
  2⤵
  PID:9508
- C:\Windows\System\psJPiDU.exe
  C:\Windows\System\psJPiDU.exe
  2⤵
  PID:9528
- C:\Windows\System\TVezbgP.exe
  C:\Windows\System\TVezbgP.exe
  2⤵
  PID:9556
- C:\Windows\System\aJklAgc.exe
  C:\Windows\System\aJklAgc.exe
  2⤵
  PID:9584
- C:\Windows\System\cwdcyMn.exe
  C:\Windows\System\cwdcyMn.exe
  2⤵
  PID:9612
- C:\Windows\System\icNOtZr.exe
  C:\Windows\System\icNOtZr.exe
  2⤵
  PID:9640
- C:\Windows\System\wwSzxxz.exe
  C:\Windows\System\wwSzxxz.exe
  2⤵
  PID:9676
- C:\Windows\System\hUWXdsl.exe
  C:\Windows\System\hUWXdsl.exe
  2⤵
  PID:9696
- C:\Windows\System\TZQKnwO.exe
  C:\Windows\System\TZQKnwO.exe
  2⤵
  PID:9724
- C:\Windows\System\rICxMuY.exe
  C:\Windows\System\rICxMuY.exe
  2⤵
  PID:9760
- C:\Windows\System\dGmxRwJ.exe
  C:\Windows\System\dGmxRwJ.exe
  2⤵
  PID:9780
- C:\Windows\System\vFMqsnG.exe
  C:\Windows\System\vFMqsnG.exe
  2⤵
  PID:9816
- C:\Windows\System\GirtiHn.exe
  C:\Windows\System\GirtiHn.exe
  2⤵
  PID:9844
- C:\Windows\System\xydiCRA.exe
  C:\Windows\System\xydiCRA.exe
  2⤵
  PID:9864
- C:\Windows\System\ShaDfXb.exe
  C:\Windows\System\ShaDfXb.exe
  2⤵
  PID:9892
- C:\Windows\System\CEbqqZw.exe
  C:\Windows\System\CEbqqZw.exe
  2⤵
  PID:9924
- C:\Windows\System\fLoRGJN.exe
  C:\Windows\System\fLoRGJN.exe
  2⤵
  PID:9960
- C:\Windows\System\wQcYHfe.exe
  C:\Windows\System\wQcYHfe.exe
  2⤵
  PID:9992
- C:\Windows\System\gZPAkxX.exe
  C:\Windows\System\gZPAkxX.exe
  2⤵
  PID:10008
- C:\Windows\System\GinPlfq.exe
  C:\Windows\System\GinPlfq.exe
  2⤵
  PID:10036
- C:\Windows\System\iGUkzXA.exe
  C:\Windows\System\iGUkzXA.exe
  2⤵
  PID:10064
- C:\Windows\System\BNiyvcp.exe
  C:\Windows\System\BNiyvcp.exe
  2⤵
  PID:10092
- C:\Windows\System\DZEclYA.exe
  C:\Windows\System\DZEclYA.exe
  2⤵
  PID:10120
- C:\Windows\System\POnPydf.exe
  C:\Windows\System\POnPydf.exe
  2⤵
  PID:10156
- C:\Windows\System\gZMFgkk.exe
  C:\Windows\System\gZMFgkk.exe
  2⤵
  PID:10176
- C:\Windows\System\kSSJTJF.exe
  C:\Windows\System\kSSJTJF.exe
  2⤵
  PID:10216
- C:\Windows\System\xDmRirs.exe
  C:\Windows\System\xDmRirs.exe
  2⤵
  PID:8516
- C:\Windows\System\XdWwQxA.exe
  C:\Windows\System\XdWwQxA.exe
  2⤵
  PID:9268
- C:\Windows\System\fOBtaFf.exe
  C:\Windows\System\fOBtaFf.exe
  2⤵
  PID:9328
- C:\Windows\System\chuFSpH.exe
  C:\Windows\System\chuFSpH.exe
  2⤵
  PID:9400
- C:\Windows\System\QvpdTsM.exe
  C:\Windows\System\QvpdTsM.exe
  2⤵
  PID:9464
- C:\Windows\System\EqRogQD.exe
  C:\Windows\System\EqRogQD.exe
  2⤵
  PID:9524
- C:\Windows\System\APAYmoe.exe
  C:\Windows\System\APAYmoe.exe
  2⤵
  PID:9604
- C:\Windows\System\HDoHIrN.exe
  C:\Windows\System\HDoHIrN.exe
  2⤵
  PID:9660
- C:\Windows\System\hoYejzy.exe
  C:\Windows\System\hoYejzy.exe
  2⤵
  PID:9736
- C:\Windows\System\SsNWKBP.exe
  C:\Windows\System\SsNWKBP.exe
  2⤵
  PID:9776
- C:\Windows\System\IeJHuLL.exe
  C:\Windows\System\IeJHuLL.exe
  2⤵
  PID:9852
- C:\Windows\System\sPVMsBA.exe
  C:\Windows\System\sPVMsBA.exe
  2⤵
  PID:9916
- C:\Windows\System\ObpwCQv.exe
  C:\Windows\System\ObpwCQv.exe
  2⤵
  PID:9988
- C:\Windows\System\wWeLWff.exe
  C:\Windows\System\wWeLWff.exe
  2⤵
  PID:10048
- C:\Windows\System\Fejtyua.exe
  C:\Windows\System\Fejtyua.exe
  2⤵
  PID:10112
- C:\Windows\System\HCsCZYW.exe
  C:\Windows\System\HCsCZYW.exe
  2⤵
  PID:10196
- C:\Windows\System\SsOkwIs.exe
  C:\Windows\System\SsOkwIs.exe
  2⤵
  PID:9240
- C:\Windows\System\RDOSpWd.exe
  C:\Windows\System\RDOSpWd.exe
  2⤵
  PID:9384
- C:\Windows\System\WBCDVAj.exe
  C:\Windows\System\WBCDVAj.exe
  2⤵
  PID:9552
- C:\Windows\System\xnRWGQa.exe
  C:\Windows\System\xnRWGQa.exe
  2⤵
  PID:9692
- C:\Windows\System\gMijxpr.exe
  C:\Windows\System\gMijxpr.exe
  2⤵
  PID:9876
- C:\Windows\System\JjBRjif.exe
  C:\Windows\System\JjBRjif.exe
  2⤵
  PID:10004
- C:\Windows\System\PiUacvd.exe
  C:\Windows\System\PiUacvd.exe
  2⤵
  PID:10104
- C:\Windows\System\KbrfsZn.exe
  C:\Windows\System\KbrfsZn.exe
  2⤵
  PID:10232
- C:\Windows\System\wgYHqaL.exe
  C:\Windows\System\wgYHqaL.exe
  2⤵
  PID:9624
- C:\Windows\System\gbCsMgo.exe
  C:\Windows\System\gbCsMgo.exe
  2⤵
  PID:9904
- C:\Windows\System\XgdtbsY.exe
  C:\Windows\System\XgdtbsY.exe
  2⤵
  PID:9516
- C:\Windows\System\IEYmTbK.exe
  C:\Windows\System\IEYmTbK.exe
  2⤵
  PID:10076
- C:\Windows\System\GboOXMC.exe
  C:\Windows\System\GboOXMC.exe
  2⤵
  PID:10252
- C:\Windows\System\pIbfBui.exe
  C:\Windows\System\pIbfBui.exe
  2⤵
  PID:10280
- C:\Windows\System\eGOrKdh.exe
  C:\Windows\System\eGOrKdh.exe
  2⤵
  PID:10308
- C:\Windows\System\jOevXbr.exe
  C:\Windows\System\jOevXbr.exe
  2⤵
  PID:10328
- C:\Windows\System\AvBOOff.exe
  C:\Windows\System\AvBOOff.exe
  2⤵
  PID:10356
- C:\Windows\System\RxDFtpI.exe
  C:\Windows\System\RxDFtpI.exe
  2⤵
  PID:10384
- C:\Windows\System\PuodotF.exe
  C:\Windows\System\PuodotF.exe
  2⤵
  PID:10412
- C:\Windows\System\PuhLFnN.exe
  C:\Windows\System\PuhLFnN.exe
  2⤵
  PID:10440
- C:\Windows\System\SIHdMrf.exe
  C:\Windows\System\SIHdMrf.exe
  2⤵
  PID:10468
- C:\Windows\System\mXDnXug.exe
  C:\Windows\System\mXDnXug.exe
  2⤵
  PID:10496
- C:\Windows\System\EskSwEu.exe
  C:\Windows\System\EskSwEu.exe
  2⤵
  PID:10524
- C:\Windows\System\kpxATzu.exe
  C:\Windows\System\kpxATzu.exe
  2⤵
  PID:10552
- C:\Windows\System\jmcoySf.exe
  C:\Windows\System\jmcoySf.exe
  2⤵
  PID:10580
- C:\Windows\System\jxOhrwQ.exe
  C:\Windows\System\jxOhrwQ.exe
  2⤵
  PID:10608
- C:\Windows\System\gVpOAcY.exe
  C:\Windows\System\gVpOAcY.exe
  2⤵
  PID:10636
- C:\Windows\System\omRAbNQ.exe
  C:\Windows\System\omRAbNQ.exe
  2⤵
  PID:10664
- C:\Windows\System\LHpGUgX.exe
  C:\Windows\System\LHpGUgX.exe
  2⤵
  PID:10720
- C:\Windows\System\ppvhBLL.exe
  C:\Windows\System\ppvhBLL.exe
  2⤵
  PID:10780
- C:\Windows\System\oGhEkTU.exe
  C:\Windows\System\oGhEkTU.exe
  2⤵
  PID:10800
- C:\Windows\System\MDiwqhC.exe
  C:\Windows\System\MDiwqhC.exe
  2⤵
  PID:10836
- C:\Windows\System\mATKFPe.exe
  C:\Windows\System\mATKFPe.exe
  2⤵
  PID:10872
- C:\Windows\System\BXIlfAy.exe
  C:\Windows\System\BXIlfAy.exe
  2⤵
  PID:10956
- C:\Windows\System\aPaJTxx.exe
  C:\Windows\System\aPaJTxx.exe
  2⤵
  PID:11000
- C:\Windows\System\lknzhww.exe
  C:\Windows\System\lknzhww.exe
  2⤵
  PID:11028
- C:\Windows\System\QuaOUWQ.exe
  C:\Windows\System\QuaOUWQ.exe
  2⤵
  PID:11056
- C:\Windows\System\nIsNlZP.exe
  C:\Windows\System\nIsNlZP.exe
  2⤵
  PID:11088
- C:\Windows\System\BvQjLlg.exe
  C:\Windows\System\BvQjLlg.exe
  2⤵
  PID:11116
- C:\Windows\System\xQMxlym.exe
  C:\Windows\System\xQMxlym.exe
  2⤵
  PID:11152
- C:\Windows\System\rAKhRmq.exe
  C:\Windows\System\rAKhRmq.exe
  2⤵
  PID:11172
- C:\Windows\System\hshDsaJ.exe
  C:\Windows\System\hshDsaJ.exe
  2⤵
  PID:11200
- C:\Windows\System\yOySPuX.exe
  C:\Windows\System\yOySPuX.exe
  2⤵
  PID:11228
- C:\Windows\System\zxctgUL.exe
  C:\Windows\System\zxctgUL.exe
  2⤵
  PID:11256
- C:\Windows\System\PTznEmh.exe
  C:\Windows\System\PTznEmh.exe
  2⤵
  PID:10292
- C:\Windows\System\LlWIPPZ.exe
  C:\Windows\System\LlWIPPZ.exe
  2⤵
  PID:10380
- C:\Windows\System\qglXxyd.exe
  C:\Windows\System\qglXxyd.exe
  2⤵
  PID:10432
- C:\Windows\System\JGpHJyR.exe
  C:\Windows\System\JGpHJyR.exe
  2⤵
  PID:10492
- C:\Windows\System\BCMFqLo.exe
  C:\Windows\System\BCMFqLo.exe
  2⤵
  PID:10564
- C:\Windows\System\kKzAsJj.exe
  C:\Windows\System\kKzAsJj.exe
  2⤵
  PID:10648
- C:\Windows\System\kLkbbza.exe
  C:\Windows\System\kLkbbza.exe
  2⤵
  PID:3556
- C:\Windows\System\PxJqIfb.exe
  C:\Windows\System\PxJqIfb.exe
  2⤵
  PID:10684
- C:\Windows\System\fqgKnai.exe
  C:\Windows\System\fqgKnai.exe
  2⤵
  PID:860
- C:\Windows\System\hZUzyoX.exe
  C:\Windows\System\hZUzyoX.exe
  2⤵
  PID:10848
- C:\Windows\System\EKlzZov.exe
  C:\Windows\System\EKlzZov.exe
  2⤵
  PID:10988
- C:\Windows\System\rzrWXLi.exe
  C:\Windows\System\rzrWXLi.exe
  2⤵
  PID:11052
- C:\Windows\System\yTywsNY.exe
  C:\Windows\System\yTywsNY.exe
  2⤵
  PID:11112
- C:\Windows\System\VXhgwNL.exe
  C:\Windows\System\VXhgwNL.exe
  2⤵
  PID:11164
- C:\Windows\System\HjQIncB.exe
  C:\Windows\System\HjQIncB.exe
  2⤵
  PID:11224
- C:\Windows\System\BhdtGSe.exe
  C:\Windows\System\BhdtGSe.exe
  2⤵
  PID:10320
- C:\Windows\System\mBetjrK.exe
  C:\Windows\System\mBetjrK.exe
  2⤵
  PID:10488
- C:\Windows\System\tJtZguu.exe
  C:\Windows\System\tJtZguu.exe
  2⤵
  PID:10604
- C:\Windows\System\vmKBpGb.exe
  C:\Windows\System\vmKBpGb.exe
  2⤵
  PID:3084
- C:\Windows\System\YbMtged.exe
  C:\Windows\System\YbMtged.exe
  2⤵
  PID:10844
- C:\Windows\System\lCiAYMJ.exe
  C:\Windows\System\lCiAYMJ.exe
  2⤵
  PID:11048
- C:\Windows\System\SaBdxIZ.exe
  C:\Windows\System\SaBdxIZ.exe
  2⤵
  PID:3616
- C:\Windows\System\qtVooKH.exe
  C:\Windows\System\qtVooKH.exe
  2⤵
  PID:10264
- C:\Windows\System\xMrxQXA.exe
  C:\Windows\System\xMrxQXA.exe
  2⤵
  PID:10600
- C:\Windows\System\huRdKjB.exe
  C:\Windows\System\huRdKjB.exe
  2⤵
  PID:4820
- C:\Windows\System\FPxTSMG.exe
  C:\Windows\System\FPxTSMG.exe
  2⤵
  PID:10408
- C:\Windows\System\FPvUvKo.exe
  C:\Windows\System\FPvUvKo.exe
  2⤵
  PID:10824
- C:\Windows\System\USJaUQT.exe
  C:\Windows\System\USJaUQT.exe
  2⤵
  PID:11192
- C:\Windows\System\kdIhxjh.exe
  C:\Windows\System\kdIhxjh.exe
  2⤵
  PID:11284
- C:\Windows\System\otqTmcu.exe
  C:\Windows\System\otqTmcu.exe
  2⤵
  PID:11312
- C:\Windows\System\eUuWAQr.exe
  C:\Windows\System\eUuWAQr.exe
  2⤵
  PID:11340
- C:\Windows\System\FNObHnY.exe
  C:\Windows\System\FNObHnY.exe
  2⤵
  PID:11372
- C:\Windows\System\MYuzMGb.exe
  C:\Windows\System\MYuzMGb.exe
  2⤵
  PID:11400
- C:\Windows\System\OazhIse.exe
  C:\Windows\System\OazhIse.exe
  2⤵
  PID:11428
- C:\Windows\System\ldefmvZ.exe
  C:\Windows\System\ldefmvZ.exe
  2⤵
  PID:11456
- C:\Windows\System\YsxJRbI.exe
  C:\Windows\System\YsxJRbI.exe
  2⤵
  PID:11488
- C:\Windows\System\CCyxmcX.exe
  C:\Windows\System\CCyxmcX.exe
  2⤵
  PID:11512
- C:\Windows\System\BkIROvs.exe
  C:\Windows\System\BkIROvs.exe
  2⤵
  PID:11540
- C:\Windows\System\waQICnP.exe
  C:\Windows\System\waQICnP.exe
  2⤵
  PID:11568
- C:\Windows\System\rNJcwwH.exe
  C:\Windows\System\rNJcwwH.exe
  2⤵
  PID:11596
- C:\Windows\System\DdmetjG.exe
  C:\Windows\System\DdmetjG.exe
  2⤵
  PID:11624
- C:\Windows\System\BuBRAnb.exe
  C:\Windows\System\BuBRAnb.exe
  2⤵
  PID:11652
- C:\Windows\System\sJtFQyR.exe
  C:\Windows\System\sJtFQyR.exe
  2⤵
  PID:11680
- C:\Windows\System\aFSBRvS.exe
  C:\Windows\System\aFSBRvS.exe
  2⤵
  PID:11708
- C:\Windows\System\NXHbpzi.exe
  C:\Windows\System\NXHbpzi.exe
  2⤵
  PID:11736
- C:\Windows\System\jTwJoMP.exe
  C:\Windows\System\jTwJoMP.exe
  2⤵
  PID:11764
- C:\Windows\System\BDPNJmJ.exe
  C:\Windows\System\BDPNJmJ.exe
  2⤵
  PID:11792
- C:\Windows\System\XIUYEDi.exe
  C:\Windows\System\XIUYEDi.exe
  2⤵
  PID:11820
- C:\Windows\System\oMZJbTY.exe
  C:\Windows\System\oMZJbTY.exe
  2⤵
  PID:11864
- C:\Windows\System\DPrUHpN.exe
  C:\Windows\System\DPrUHpN.exe
  2⤵
  PID:11884
- C:\Windows\System\jhCGmzU.exe
  C:\Windows\System\jhCGmzU.exe
  2⤵
  PID:11916
- C:\Windows\System\dNebOxz.exe
  C:\Windows\System\dNebOxz.exe
  2⤵
  PID:11940
- C:\Windows\System\AijtgPn.exe
  C:\Windows\System\AijtgPn.exe
  2⤵
  PID:11972
- C:\Windows\System\qbTwQcc.exe
  C:\Windows\System\qbTwQcc.exe
  2⤵
  PID:12000
- C:\Windows\System\jdfAHei.exe
  C:\Windows\System\jdfAHei.exe
  2⤵
  PID:12028
- C:\Windows\System\SDzHsRY.exe
  C:\Windows\System\SDzHsRY.exe
  2⤵
  PID:12056
- C:\Windows\System\oWNQRHL.exe
  C:\Windows\System\oWNQRHL.exe
  2⤵
  PID:12084
- C:\Windows\System\xgcNcUJ.exe
  C:\Windows\System\xgcNcUJ.exe
  2⤵
  PID:12120
- C:\Windows\System\aJbVOSI.exe
  C:\Windows\System\aJbVOSI.exe
  2⤵
  PID:12144
- C:\Windows\System\hDlePBN.exe
  C:\Windows\System\hDlePBN.exe
  2⤵
  PID:12176
- C:\Windows\System\ocbDCSK.exe
  C:\Windows\System\ocbDCSK.exe
  2⤵
  PID:12204
- C:\Windows\System\TNgbNif.exe
  C:\Windows\System\TNgbNif.exe
  2⤵
  PID:12224
- C:\Windows\System\PDHqzvt.exe
  C:\Windows\System\PDHqzvt.exe
  2⤵
  PID:12252
- C:\Windows\System\iPBNUOp.exe
  C:\Windows\System\iPBNUOp.exe
  2⤵
  PID:12280
- C:\Windows\System\yXjicwK.exe
  C:\Windows\System\yXjicwK.exe
  2⤵
  PID:11308
- C:\Windows\System\ENfeMAj.exe
  C:\Windows\System\ENfeMAj.exe
  2⤵
  PID:11384
- C:\Windows\System\XGXhblY.exe
  C:\Windows\System\XGXhblY.exe
  2⤵
  PID:11440
- C:\Windows\System\blDtQkn.exe
  C:\Windows\System\blDtQkn.exe
  2⤵
  PID:11504
- C:\Windows\System\FKUaaNo.exe
  C:\Windows\System\FKUaaNo.exe
  2⤵
  PID:11564
- C:\Windows\System\bmMEiit.exe
  C:\Windows\System\bmMEiit.exe
  2⤵
  PID:11636
- C:\Windows\System\zKcXTFy.exe
  C:\Windows\System\zKcXTFy.exe
  2⤵
  PID:11700
- C:\Windows\System\kmmVFLv.exe
  C:\Windows\System\kmmVFLv.exe
  2⤵
  PID:11756
- C:\Windows\System\osPvQAb.exe
  C:\Windows\System\osPvQAb.exe
  2⤵
  PID:11816
- C:\Windows\System\LQmATna.exe
  C:\Windows\System\LQmATna.exe
  2⤵
  PID:11896
- C:\Windows\System\QJiBxWH.exe
  C:\Windows\System\QJiBxWH.exe
  2⤵
  PID:11964
- C:\Windows\System\HPZQErN.exe
  C:\Windows\System\HPZQErN.exe
  2⤵
  PID:12024
- C:\Windows\System\YOnroKi.exe
  C:\Windows\System\YOnroKi.exe
  2⤵
  PID:12128
- C:\Windows\System\nUOCPqZ.exe
  C:\Windows\System\nUOCPqZ.exe
  2⤵
  PID:12164
- C:\Windows\System\OJxmYHy.exe
  C:\Windows\System\OJxmYHy.exe
  2⤵
  PID:12236
- C:\Windows\System\KnOoDBr.exe
  C:\Windows\System\KnOoDBr.exe
  2⤵
  PID:11304
- C:\Windows\System\VmomFPu.exe
  C:\Windows\System\VmomFPu.exe
  2⤵
  PID:11468
- C:\Windows\System\LJmJMzq.exe
  C:\Windows\System\LJmJMzq.exe
  2⤵
  PID:11616
- C:\Windows\System\UxNRRya.exe
  C:\Windows\System\UxNRRya.exe
  2⤵
  PID:11784
- C:\Windows\System\PtAIsIj.exe
  C:\Windows\System\PtAIsIj.exe
  2⤵
  PID:11936
- C:\Windows\System\OBxWyiq.exe
  C:\Windows\System\OBxWyiq.exe
  2⤵
  PID:12108
- C:\Windows\System\TfpnusE.exe
  C:\Windows\System\TfpnusE.exe
  2⤵
  PID:12212
- C:\Windows\System\kJYgeqT.exe
  C:\Windows\System\kJYgeqT.exe
  2⤵
  PID:10860
- C:\Windows\System\fZktIve.exe
  C:\Windows\System\fZktIve.exe
  2⤵
  PID:10424
- C:\Windows\System\VQJChJR.exe
  C:\Windows\System\VQJChJR.exe
  2⤵
  PID:11676
- C:\Windows\System\poPjggp.exe
  C:\Windows\System\poPjggp.exe
  2⤵
  PID:11924
- C:\Windows\System\lrkiaBi.exe
  C:\Windows\System\lrkiaBi.exe
  2⤵
  PID:11296
- C:\Windows\System\qkgUtQk.exe
  C:\Windows\System\qkgUtQk.exe
  2⤵
  PID:11496
- C:\Windows\System\GryIXqz.exe
  C:\Windows\System\GryIXqz.exe
  2⤵
  PID:12216
- C:\Windows\System\MxOIecX.exe
  C:\Windows\System\MxOIecX.exe
  2⤵
  PID:11396
- C:\Windows\System\CWCQTDl.exe
  C:\Windows\System\CWCQTDl.exe
  2⤵
  PID:12308
- C:\Windows\System\ayqefjP.exe
  C:\Windows\System\ayqefjP.exe
  2⤵
  PID:12336
- C:\Windows\System\JnrbmRy.exe
  C:\Windows\System\JnrbmRy.exe
  2⤵
  PID:12364
- C:\Windows\System\HwSQewu.exe
  C:\Windows\System\HwSQewu.exe
  2⤵
  PID:12392
- C:\Windows\System\YHdnyvW.exe
  C:\Windows\System\YHdnyvW.exe
  2⤵
  PID:12420
- C:\Windows\System\hAsPxfn.exe
  C:\Windows\System\hAsPxfn.exe
  2⤵
  PID:12448
- C:\Windows\System\daiZGUH.exe
  C:\Windows\System\daiZGUH.exe
  2⤵
  PID:12476
- C:\Windows\System\RxtFxPW.exe
  C:\Windows\System\RxtFxPW.exe
  2⤵
  PID:12504
- C:\Windows\System\jqZYwwc.exe
  C:\Windows\System\jqZYwwc.exe
  2⤵
  PID:12532
- C:\Windows\System\shYgmQh.exe
  C:\Windows\System\shYgmQh.exe
  2⤵
  PID:12560
- C:\Windows\System\EjlDmHc.exe
  C:\Windows\System\EjlDmHc.exe
  2⤵
  PID:12604
- C:\Windows\System\WiCJRQn.exe
  C:\Windows\System\WiCJRQn.exe
  2⤵
  PID:12632
- C:\Windows\System\oNabQCC.exe
  C:\Windows\System\oNabQCC.exe
  2⤵
  PID:12648
- C:\Windows\System\TsilgPo.exe
  C:\Windows\System\TsilgPo.exe
  2⤵
  PID:12676
- C:\Windows\System\DFFwDzS.exe
  C:\Windows\System\DFFwDzS.exe
  2⤵
  PID:12704
- C:\Windows\System\bgWVaqo.exe
  C:\Windows\System\bgWVaqo.exe
  2⤵
  PID:12732
- C:\Windows\System\TCbTRrf.exe
  C:\Windows\System\TCbTRrf.exe
  2⤵
  PID:12760
- C:\Windows\System\XKMlhcz.exe
  C:\Windows\System\XKMlhcz.exe
  2⤵
  PID:12788
- C:\Windows\System\QAcfwHk.exe
  C:\Windows\System\QAcfwHk.exe
  2⤵
  PID:12816
- C:\Windows\System\mxRFtGL.exe
  C:\Windows\System\mxRFtGL.exe
  2⤵
  PID:12848
- C:\Windows\System\mLMjxDK.exe
  C:\Windows\System\mLMjxDK.exe
  2⤵
  PID:12876
- C:\Windows\System\MxCmTSF.exe
  C:\Windows\System\MxCmTSF.exe
  2⤵
  PID:12912
- C:\Windows\System\gWkmyLc.exe
  C:\Windows\System\gWkmyLc.exe
  2⤵
  PID:12932
- C:\Windows\System\hGgKFyz.exe
  C:\Windows\System\hGgKFyz.exe
  2⤵
  PID:12960
- C:\Windows\System\VAuwjxo.exe
  C:\Windows\System\VAuwjxo.exe
  2⤵
  PID:12988
- C:\Windows\System\xakHvBN.exe
  C:\Windows\System\xakHvBN.exe
  2⤵
  PID:13016
- C:\Windows\System\solFQTx.exe
  C:\Windows\System\solFQTx.exe
  2⤵
  PID:13052
- C:\Windows\System\QBhQlmQ.exe
  C:\Windows\System\QBhQlmQ.exe
  2⤵
  PID:13072
- C:\Windows\System\aPwqucO.exe
  C:\Windows\System\aPwqucO.exe
  2⤵
  PID:13100
- C:\Windows\System\Mwimfxu.exe
  C:\Windows\System\Mwimfxu.exe
  2⤵
  PID:13128
- C:\Windows\System\GgKfpUS.exe
  C:\Windows\System\GgKfpUS.exe
  2⤵
  PID:13156
- C:\Windows\System\YECyXOS.exe
  C:\Windows\System\YECyXOS.exe
  2⤵
  PID:13184
- C:\Windows\System\qIFYqMs.exe
  C:\Windows\System\qIFYqMs.exe
  2⤵
  PID:13212
- C:\Windows\System\ihEvMac.exe
  C:\Windows\System\ihEvMac.exe
  2⤵
  PID:13240
- C:\Windows\System\MxDcYfw.exe
  C:\Windows\System\MxDcYfw.exe
  2⤵
  PID:13268
- C:\Windows\System\WlTTXvB.exe
  C:\Windows\System\WlTTXvB.exe
  2⤵
  PID:13296
- C:\Windows\System\nXsCvEp.exe
  C:\Windows\System\nXsCvEp.exe
  2⤵
  PID:12320
- C:\Windows\System\HTKXoXD.exe
  C:\Windows\System\HTKXoXD.exe
  2⤵
  PID:12384
- C:\Windows\System\PDaBBio.exe
  C:\Windows\System\PDaBBio.exe
  2⤵
  PID:12444
- C:\Windows\System\qoVrFYg.exe
  C:\Windows\System\qoVrFYg.exe
  2⤵
  PID:12516
- C:\Windows\System\uZHsyBa.exe
  C:\Windows\System\uZHsyBa.exe
  2⤵
  PID:12600
- C:\Windows\System\msettmz.exe
  C:\Windows\System\msettmz.exe
  2⤵
  PID:12628
- C:\Windows\System\Igiwari.exe
  C:\Windows\System\Igiwari.exe
  2⤵
  PID:12696
- C:\Windows\System\OkmfvJS.exe
  C:\Windows\System\OkmfvJS.exe
  2⤵
  PID:12756
- C:\Windows\System\DRXjKsB.exe
  C:\Windows\System\DRXjKsB.exe
  2⤵
  PID:12812
- C:\Windows\System\KswXigG.exe
  C:\Windows\System\KswXigG.exe
  2⤵
  PID:12920
- C:\Windows\System\TXmFIls.exe
  C:\Windows\System\TXmFIls.exe
  2⤵
  PID:12944
- C:\Windows\System\LBePnzt.exe
  C:\Windows\System\LBePnzt.exe
  2⤵
  PID:12984
- C:\Windows\System\LAMSgRw.exe
  C:\Windows\System\LAMSgRw.exe
  2⤵
  PID:13060
- C:\Windows\System\BqZAbkd.exe
  C:\Windows\System\BqZAbkd.exe
  2⤵
  PID:13124
- C:\Windows\System\HVSigjp.exe
  C:\Windows\System\HVSigjp.exe
  2⤵
  PID:13196
- C:\Windows\System\jaVLjvn.exe
  C:\Windows\System\jaVLjvn.exe
  2⤵
  PID:2156
- C:\Windows\System\YvxUTTQ.exe
  C:\Windows\System\YvxUTTQ.exe
  2⤵
  PID:13264
- C:\Windows\System\arInVzb.exe
  C:\Windows\System\arInVzb.exe
  2⤵
  PID:12300
- C:\Windows\System\ktlRoar.exe
  C:\Windows\System\ktlRoar.exe
  2⤵
  PID:12440
- C:\Windows\System\ObCJNzR.exe
  C:\Windows\System\ObCJNzR.exe
  2⤵
  PID:10788
- C:\Windows\System\nakUTkO.exe
  C:\Windows\System\nakUTkO.exe
  2⤵
  PID:12744
- C:\Windows\System\uzLioPE.exe
  C:\Windows\System\uzLioPE.exe
  2⤵
  PID:12868
- C:\Windows\System\VTlIwgr.exe
  C:\Windows\System\VTlIwgr.exe
  2⤵
  PID:12980
- C:\Windows\System\HVIsFDo.exe
  C:\Windows\System\HVIsFDo.exe
  2⤵
  PID:13152
- C:\Windows\System\tFwDyxF.exe
  C:\Windows\System\tFwDyxF.exe
  2⤵
  PID:13232
- C:\Windows\System\bZTvnMQ.exe
  C:\Windows\System\bZTvnMQ.exe
  2⤵
  PID:12432
- C:\Windows\System\MqCloAt.exe
  C:\Windows\System\MqCloAt.exe
  2⤵
  PID:12836
- C:\Windows\System\WzTWKwJ.exe
  C:\Windows\System\WzTWKwJ.exe
  2⤵
  PID:13096
- C:\Windows\System\LQIlSxk.exe
  C:\Windows\System\LQIlSxk.exe
  2⤵
  PID:12412
- C:\Windows\System\VVAziNh.exe
  C:\Windows\System\VVAziNh.exe
  2⤵
  PID:2132
- C:\Windows\System\chpnWYz.exe
  C:\Windows\System\chpnWYz.exe
  2⤵
  PID:13040
- C:\Windows\System\KiepPqG.exe
  C:\Windows\System\KiepPqG.exe
  2⤵
  PID:13340
- C:\Windows\System\Cjcmcyi.exe
  C:\Windows\System\Cjcmcyi.exe
  2⤵
  PID:13368
- C:\Windows\System\dnTZtEA.exe
  C:\Windows\System\dnTZtEA.exe
  2⤵
  PID:13396
- C:\Windows\System\GHbSoqT.exe
  C:\Windows\System\GHbSoqT.exe
  2⤵
  PID:13424
- C:\Windows\System\HdSkszb.exe
  C:\Windows\System\HdSkszb.exe
  2⤵
  PID:13452
- C:\Windows\System\EslblDq.exe
  C:\Windows\System\EslblDq.exe
  2⤵
  PID:13480
- C:\Windows\System\GtgpwKc.exe
  C:\Windows\System\GtgpwKc.exe
  2⤵
  PID:13508
- C:\Windows\System\oNgrtsM.exe
  C:\Windows\System\oNgrtsM.exe
  2⤵
  PID:13536
- C:\Windows\System\knhLlzf.exe
  C:\Windows\System\knhLlzf.exe
  2⤵
  PID:13564
- C:\Windows\System\GDjVaWp.exe
  C:\Windows\System\GDjVaWp.exe
  2⤵
  PID:13592
- C:\Windows\System\DRHpxds.exe
  C:\Windows\System\DRHpxds.exe
  2⤵
  PID:13620
- C:\Windows\System\bAdywiH.exe
  C:\Windows\System\bAdywiH.exe
  2⤵
  PID:13648
- C:\Windows\System\BXxQMzP.exe
  C:\Windows\System\BXxQMzP.exe
  2⤵
  PID:13676
- C:\Windows\System\zlWhAqd.exe
  C:\Windows\System\zlWhAqd.exe
  2⤵
  PID:13704
- C:\Windows\System\MGuYoIx.exe
  C:\Windows\System\MGuYoIx.exe
  2⤵
  PID:13732
- C:\Windows\System\kKUlxoa.exe
  C:\Windows\System\kKUlxoa.exe
  2⤵
  PID:13760
- C:\Windows\System\ucNDuyJ.exe
  C:\Windows\System\ucNDuyJ.exe
  2⤵
  PID:13792
- C:\Windows\System\rwpYBAz.exe
  C:\Windows\System\rwpYBAz.exe
  2⤵
  PID:13820
- C:\Windows\System\foqoQzm.exe
  C:\Windows\System\foqoQzm.exe
  2⤵
  PID:13848
- C:\Windows\System\kGMQrpa.exe
  C:\Windows\System\kGMQrpa.exe
  2⤵
  PID:13876
- C:\Windows\System\cHoMAgF.exe
  C:\Windows\System\cHoMAgF.exe
  2⤵
  PID:13904
- C:\Windows\System\BIEpJTe.exe
  C:\Windows\System\BIEpJTe.exe
  2⤵
  PID:13932
- C:\Windows\System\widuUgJ.exe
  C:\Windows\System\widuUgJ.exe
  2⤵
  PID:13960
- C:\Windows\System\DNteQpE.exe
  C:\Windows\System\DNteQpE.exe
  2⤵
  PID:13988
- C:\Windows\System\JPMIOfX.exe
  C:\Windows\System\JPMIOfX.exe
  2⤵
  PID:14016
- C:\Windows\System\hKQbzCD.exe
  C:\Windows\System\hKQbzCD.exe
  2⤵
  PID:14044
- C:\Windows\System\qUjyjyc.exe
  C:\Windows\System\qUjyjyc.exe
  2⤵
  PID:14072
- C:\Windows\System\BYPZMdu.exe
  C:\Windows\System\BYPZMdu.exe
  2⤵
  PID:14108
- C:\Windows\System\UWwyivU.exe
  C:\Windows\System\UWwyivU.exe
  2⤵
  PID:14128
- C:\Windows\System\uPaDxLm.exe
  C:\Windows\System\uPaDxLm.exe
  2⤵
  PID:14156
- C:\Windows\System\MDdSKiX.exe
  C:\Windows\System\MDdSKiX.exe
  2⤵
  PID:14184
- C:\Windows\System\OWbqeHo.exe
  C:\Windows\System\OWbqeHo.exe
  2⤵
  PID:14212
- C:\Windows\System\VmolGFb.exe
  C:\Windows\System\VmolGFb.exe
  2⤵
  PID:14240
- C:\Windows\System\XqeTfRf.exe
  C:\Windows\System\XqeTfRf.exe
  2⤵
  PID:14268
- C:\Windows\System\aEuMpea.exe
  C:\Windows\System\aEuMpea.exe
  2⤵
  PID:14296
- C:\Windows\System\OEndPaU.exe
  C:\Windows\System\OEndPaU.exe
  2⤵
  PID:14324
- C:\Windows\System\wlGutiW.exe
  C:\Windows\System\wlGutiW.exe
  2⤵
  PID:13352
- C:\Windows\System\nwYPwLm.exe
  C:\Windows\System\nwYPwLm.exe
  2⤵
  PID:13392
- C:\Windows\System\wWrfUbw.exe
  C:\Windows\System\wWrfUbw.exe
  2⤵
  PID:13464
- C:\Windows\System\MbtkqLi.exe
  C:\Windows\System\MbtkqLi.exe
  2⤵
  PID:13528
- C:\Windows\System\vdwPXRC.exe
  C:\Windows\System\vdwPXRC.exe
  2⤵
  PID:13584
- C:\Windows\System\JRhlwWt.exe
  C:\Windows\System\JRhlwWt.exe
  2⤵
  PID:13644
- C:\Windows\System\wNDVpWe.exe
  C:\Windows\System\wNDVpWe.exe
  2⤵
  PID:13716
- C:\Windows\System\XIyoPuu.exe
  C:\Windows\System\XIyoPuu.exe
  2⤵
  PID:13784
- C:\Windows\System\rLqwxWT.exe
  C:\Windows\System\rLqwxWT.exe
  2⤵
  PID:3672
- C:\Windows\System\hoBUbxR.exe
  C:\Windows\System\hoBUbxR.exe
  2⤵
  PID:3136
- C:\Windows\System\IOXKugT.exe
  C:\Windows\System\IOXKugT.exe
  2⤵
  PID:13896
- C:\Windows\System\QPwikMe.exe
  C:\Windows\System\QPwikMe.exe
  2⤵
  PID:13956
- C:\Windows\System\rPqyGSv.exe
  C:\Windows\System\rPqyGSv.exe
  2⤵
  PID:14028
- C:\Windows\System\LCsbSAj.exe
  C:\Windows\System\LCsbSAj.exe
  2⤵
  PID:14096
- C:\Windows\System\ZXEBUKk.exe
  C:\Windows\System\ZXEBUKk.exe
  2⤵
  PID:14168
- C:\Windows\System\XBEOwOk.exe
  C:\Windows\System\XBEOwOk.exe
  2⤵
  PID:14232
- C:\Windows\System\deifkYE.exe
  C:\Windows\System\deifkYE.exe
  2⤵
  PID:14292
- C:\Windows\System\XEabvNO.exe
  C:\Windows\System\XEabvNO.exe
  2⤵
  PID:712
- C:\Windows\System\uZYeXhb.exe
  C:\Windows\System\uZYeXhb.exe
  2⤵
  PID:13504
- C:\Windows\System\vaqVNgb.exe
  C:\Windows\System\vaqVNgb.exe
  2⤵
  PID:13632
- C:\Windows\System\CDerdJL.exe
  C:\Windows\System\CDerdJL.exe
  2⤵
  PID:13756
- C:\Windows\System\UeMnsWD.exe
  C:\Windows\System\UeMnsWD.exe
  2⤵
  PID:3204
- C:\Windows\System\CcCQzhe.exe
  C:\Windows\System\CcCQzhe.exe
  2⤵
  PID:752
- C:\Windows\System\fVNfBkn.exe
  C:\Windows\System\fVNfBkn.exe
  2⤵
  PID:14068
- C:\Windows\System\UVfKwqi.exe
  C:\Windows\System\UVfKwqi.exe
  2⤵
  PID:14224
- C:\Windows\System\iqMijJn.exe
  C:\Windows\System\iqMijJn.exe
  2⤵
  PID:13332
- C:\Windows\System\JrMlIRA.exe
  C:\Windows\System\JrMlIRA.exe
  2⤵
  PID:13672
- C:\Windows\System\LybveQy.exe
  C:\Windows\System\LybveQy.exe
  2⤵
  PID:13924
- C:\Windows\System\NaVUMUO.exe
  C:\Windows\System\NaVUMUO.exe
  2⤵
  PID:14288
- C:\Windows\System\XFUtLbA.exe
  C:\Windows\System\XFUtLbA.exe
  2⤵
  PID:2740
- C:\Windows\System\DdqhTuU.exe
  C:\Windows\System\DdqhTuU.exe
  2⤵
  PID:5004
- C:\Windows\System\jJeORXs.exe
  C:\Windows\System\jJeORXs.exe
  2⤵
  PID:13560
- C:\Windows\System\ozUaNbZ.exe
  C:\Windows\System\ozUaNbZ.exe
  2⤵
  PID:14368
- C:\Windows\System\tWfqBdo.exe
  C:\Windows\System\tWfqBdo.exe
  2⤵
  PID:14396
- C:\Windows\System\hpzjweS.exe
  C:\Windows\System\hpzjweS.exe
  2⤵
  PID:14416
- C:\Windows\System\LtjXdSS.exe
  C:\Windows\System\LtjXdSS.exe
  2⤵
  PID:14456
- C:\Windows\System\LkKOkoD.exe
  C:\Windows\System\LkKOkoD.exe
  2⤵
  PID:14484
- C:\Windows\System\IrcTdfe.exe
  C:\Windows\System\IrcTdfe.exe
  2⤵
  PID:14512
- C:\Windows\System\ThsZyPr.exe
  C:\Windows\System\ThsZyPr.exe
  2⤵
  PID:14528
- C:\Windows\System\YfbGAvr.exe
  C:\Windows\System\YfbGAvr.exe
  2⤵
  PID:14568
- C:\Windows\System\mFTPkyA.exe
  C:\Windows\System\mFTPkyA.exe
  2⤵
  PID:14584
- C:\Windows\System\Lhiijki.exe
  C:\Windows\System\Lhiijki.exe
  2⤵
  PID:14616
- C:\Windows\System\COrZLKe.exe
  C:\Windows\System\COrZLKe.exe
  2⤵
  PID:14660
- C:\Windows\System\XLQDAFm.exe
  C:\Windows\System\XLQDAFm.exe
  2⤵
  PID:14692
- C:\Windows\System\bLffqYk.exe
  C:\Windows\System\bLffqYk.exe
  2⤵
  PID:14716
- C:\Windows\System\UfLlqiF.exe
  C:\Windows\System\UfLlqiF.exe
  2⤵
  PID:14748
- C:\Windows\System\UpSarVB.exe
  C:\Windows\System\UpSarVB.exe
  2⤵
  PID:14764
- C:\Windows\System\KqKYjRf.exe
  C:\Windows\System\KqKYjRf.exe
  2⤵
  PID:14792
- C:\Windows\System\fXMmIzm.exe
  C:\Windows\System\fXMmIzm.exe
  2⤵
  PID:14832
- C:\Windows\System\tcrxzgc.exe
  C:\Windows\System\tcrxzgc.exe
  2⤵
  PID:14860
- C:\Windows\System\RjnqQxi.exe
  C:\Windows\System\RjnqQxi.exe
  2⤵
  PID:14880
- C:\Windows\System\ZJKvtPt.exe
  C:\Windows\System\ZJKvtPt.exe
  2⤵
  PID:14920
- C:\Windows\System\mlWtaOy.exe
  C:\Windows\System\mlWtaOy.exe
  2⤵
  PID:14940
- C:\Windows\System\stEbxBx.exe
  C:\Windows\System\stEbxBx.exe
  2⤵
  PID:14980
- C:\Windows\System\naMaBDx.exe
  C:\Windows\System\naMaBDx.exe
  2⤵
  PID:15000
- C:\Windows\System\tOuUCFH.exe
  C:\Windows\System\tOuUCFH.exe
  2⤵
  PID:15024
- C:\Windows\System\PHbUftj.exe
  C:\Windows\System\PHbUftj.exe
  2⤵
  PID:15088
- C:\Windows\System\XyJIuMd.exe
  C:\Windows\System\XyJIuMd.exe
  2⤵
  PID:15120
- C:\Windows\System\WyMDUsF.exe
  C:\Windows\System\WyMDUsF.exe
  2⤵
  PID:15152
- C:\Windows\System\SmTLFse.exe
  C:\Windows\System\SmTLFse.exe
  2⤵
  PID:15168
- C:\Windows\System\WEYQoWe.exe
  C:\Windows\System\WEYQoWe.exe
  2⤵
  PID:15216
- C:\Windows\System\dNfcSFB.exe
  C:\Windows\System\dNfcSFB.exe
  2⤵
  PID:15272
- C:\Windows\System\jzXfDsc.exe
  C:\Windows\System\jzXfDsc.exe
  2⤵
  PID:14520
- C:\Windows\System\RKQPufM.exe
  C:\Windows\System\RKQPufM.exe
  2⤵
  PID:14576
- C:\Windows\System\pzjrPrX.exe
  C:\Windows\System\pzjrPrX.exe
  2⤵
  PID:14756
- C:\Windows\System\FnMkQXg.exe
  C:\Windows\System\FnMkQXg.exe
  2⤵
  PID:14844
- C:\Windows\System\dTwpuga.exe
  C:\Windows\System\dTwpuga.exe
  2⤵
  PID:14904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ADyblLq.exe

Filesize
6.0MB

MD5
4a1f90322a454e5422608969f4deb5e1

SHA1
5f1dbcd4d8b3c1fefd6c6996bace5513b790a604

SHA256
8933c338825d082c34d08a41ef8e86d0ea91de1dfc8eabcd83155a47b5ff8a90

SHA512
d9327c5f15e503f51971d9303e733cdd4f9e580ff9de7f559d57a214890bb3b9f993842117179ad9087f5f89f400ee79b940847dde781a3749b9b1fc8a22e84e

Download Submit
C:\Windows\System\BQeYdmq.exe

Filesize
6.0MB

MD5
c37176e412f3baa30c48a1c4f2f77ec6

SHA1
e48de7fe886a3c7e4e18950744241198122c5a4d

SHA256
1fc6e92e2c608b24d63f86f6925a20d4bbfc1b8e2a12c4e745aef9641cc50edf

SHA512
013fbf7b1413b06eac1c6e962b7c6fc760fbedaad30c85c09645670f04a39bb83c95e843c315a1def1e7fed4788c162eb7147cde29a277f59108f8025b8b2c08

Download Submit
C:\Windows\System\BhNkflJ.exe

Filesize
6.0MB

MD5
93acc5f49cf6e73dd2f42dfe02ab765a

SHA1
b327ae443bcf6734f795fde1574ffc01c6341714

SHA256
70098a6c23d1b6fed63a63829161daa1849daae631ea50839c830e26ca9eb8c2

SHA512
80eab028b4a50c987129454cb14c02f75aa0b4d3390fc1cbba1c58dd05abfbe16f56f21d81c89df6068f5a6771b6b04c953720df1026d916d033dc980b726db2

Download Submit
C:\Windows\System\EfXSaYB.exe

Filesize
6.0MB

MD5
9a8c7df3adcac6980ca537a8f643e8c4

SHA1
de67047c9b6407fb81b81ea5789ba00b58f37755

SHA256
e7e7f9687408b18210dc010cfc6fa132c8f5562f9716f2f323d41a155e708004

SHA512
a47b4ea923561c796e1bd899868008a2a7e8f805afe6296bc729d79b8f27599779968b7bba74999b86d957ad3d6d9952fedf88bb46a463253162ebb74b22e2b6

Download Submit
C:\Windows\System\FZBrbTU.exe

Filesize
6.0MB

MD5
d31029a0b727e936e44ab3a549a4dd13

SHA1
28f2301813267f710d8e3c15028a5953f70f90ba

SHA256
585d347db4ac1da3d97483071c2e5a2797c82fde10666ad225cbb41bbc52fa74

SHA512
8e31075771d1720c133ad4c39ee703f29b18cf44d199147721c2cf3f79d1228b16971e00b16b744f157fbe579d045590fb123de68d9db01593f70758c1e27e90

Download Submit
C:\Windows\System\GNzpbru.exe

Filesize
6.0MB

MD5
b54e71cdcf53d7bfa0642237ac008c11

SHA1
dc15bdae6f3b48762112e5863e91686e8ba6485a

SHA256
cca6d77d457ef0fe396186ac6fd35c47ca545288a1f47eb8383f040c7b623bb0

SHA512
4e7c973e70856f1ee6b3571e54536e0c7d4ccb9aa092a88cdb3e988ba010e45d3aefbee819f01573295ce1fe255976fb0cd34fe838be46002a002d8e4445dae3

Download Submit
C:\Windows\System\HZFhhvx.exe

Filesize
6.0MB

MD5
49c813a178857d26c4d7f0706bb4914e

SHA1
bc2479279789562ded2c6ac557a8f77694714dfc

SHA256
ce8fae2b352685ddc07d5aa438ceb6877fa7757b81f566464a67d3eb54c52d24

SHA512
5218ae398a7b510b8ff0f6d3db1fe97a76e890c90cefd80d6845d5218438f6c4a0570ffc3d52985c5fc73b404c4fc33eda5dba3c6e520befc69ec297d4cba2fd

Download Submit
C:\Windows\System\JEHuJRa.exe

Filesize
6.0MB

MD5
985ef9bc9b754857727d02985e991648

SHA1
15a7a7a819c589500e762ab8e81ef2645c51ad94

SHA256
2ba0a1c1560cc9e7d064de6bc4a3d6c07b852557cda0a8e08a2305c561956770

SHA512
e1833646f20642ddff477ef32f635da7b9b287dde9f66cf1aab0c9824c102e62687d23e7e73d50c358ce41b567ccfefc7f1f25c43b5143adc193e59a3c66ff15

Download Submit
C:\Windows\System\KvSfKks.exe

Filesize
6.0MB

MD5
cba49026339df94d6df11f4d71c7eecf

SHA1
38b3ed3909052272e4d9c3bdfa2320f199eac5d1

SHA256
41d42f8d81b401addf10b7be8fbb9fcc1aa2b2e234f2c3fa4ef06a3ca4011481

SHA512
edd1908e493043dec9bbf0b49ba8b138791f80c6f448f565d79f30b3d05b5983c7389c31702ac7a258d8df979e9d65303638d3571c27a0bf9d5cde583149a448

Download Submit
C:\Windows\System\LjvqKKg.exe

Filesize
6.0MB

MD5
051085ddb01441aea5e25f8f10d1614a

SHA1
e71247633c8a43ef5809882b894b218587b474ac

SHA256
60b4351d21e9401695bff94c473fe100932f0a0365562fab84e1d72f08eee5bf

SHA512
bddf86878560c1cc13a7d2bcd2ed15004c8afa47b84ad6cd695b3644eb105274b41cf957176deea9de719e105cad456533faedd30971c5a4ffa039e4cf717942

Download Submit
C:\Windows\System\NSIhWdE.exe

Filesize
6.0MB

MD5
91a6209d2975b7951fc8f1764f8fad5d

SHA1
ea7efd28e66efcf7f4f6cd8cf89a3dfe6fb66f24

SHA256
e2d1e8dcba5d8a444578210ef2d9c3b9567304ee7e98e3c985200792a1b9445d

SHA512
9458b2e255a931cfd75334e0d47f39f2398497e10f4406add4e36e30ab39d780ecc66a9589e08fbc9330be16122b93a6edbb94aeff99481458c038ba56e0d031

Download Submit
C:\Windows\System\NfCzFnh.exe

Filesize
6.0MB

MD5
b5fffc1e367e33f38a3b645328a1cb83

SHA1
03ac5fe83933ac191eb8dd2dd3ebc8d0c97f9983

SHA256
ab73b63a7d4906981d7cb91f42bf6f2611ad303263fdf50ac89d54efdf82ebb9

SHA512
efff8f1ae407b655bffa4a06c8bb98254f9db5cf785424f7039556e046241d1f815d2fe3e34a80e4e98e6f68835949ef448381f5048f9b1789d06121d37041bc

Download Submit
C:\Windows\System\SWdRokI.exe

Filesize
6.0MB

MD5
9918ecfcdb4069d638e3cb30b2069716

SHA1
333b351dfada7893ed61d79d4a0912065ac94e0e

SHA256
524d5597cd35445c316907ba08cc91c454d4bb93f9ba99482656e7c868b0ff96

SHA512
66743b36ca33fc5cfe95b5ed8550f44bd7e0da0b4371ca550f3a353dcfc8755d5174dd66b10617ff6ff0d8e5930d69048e62aa3f335d64a1b7f3bd66ff287405

Download Submit
C:\Windows\System\YzvJtoe.exe

Filesize
6.0MB

MD5
ab109377f0be1ca86230c71cdbe6e1bf

SHA1
3d9ff51eff5b3a22ac20e5df557ad444ed874a18

SHA256
f74207ba55df7cc6ac0c31537c425af22b3e5fd66ca9c782b2fecd046df9362a

SHA512
ecc25f8cfc31c930e10613d1f398fcaaefe623383a60d964eb3f9c4578cd2e6d965d3afc25ba6113faac3d2c07fc3e7821390f34dded5c07c4ee3c965f323bc5

Download Submit
C:\Windows\System\ZmGyJBn.exe

Filesize
6.0MB

MD5
891bd426402608096420e4fe4d90225d

SHA1
89190ba762929a1c0e883c0425ccf878f4784e6b

SHA256
0aa79004e74ff2794f153bf4f5637d0ffb5ee3c184ca1628c7c7f7bd592c01fe

SHA512
50e9c32d99b39b75aeb9b27866a2ab19f6e996bc04ff859cd8ead4fecc3ee18dc9c859387780df2c3b398c0a9a95a76e254222931fefe1d84d0134bfb4cf7bec

Download Submit
C:\Windows\System\bqAABRT.exe

Filesize
6.0MB

MD5
e3b89382f2f0d7adae73d0c1167e7626

SHA1
a07c691d0f256450d99aeb40cfc566edd4d3182a

SHA256
a44d19ccfce33e8a79676fc7a235f4edadc41ee3ac03d32ad94b9eaeb1188f53

SHA512
c5772615c8b0e607a96e05f1c5e16747cc62199616df0eecba3b6d50fe099134d06d2f989e3b23b6787c4fbaf1076582246289113d17740c922321d6af314175

Download Submit
C:\Windows\System\fdHBjZn.exe

Filesize
6.0MB

MD5
47c234d5a816fd8d68f2aeec33a604c1

SHA1
bdfa157eaf38f68c37ab693c05c698c6bfb2564b

SHA256
850f3ba7cb7674ed43a045962ca6762db516e6d8defa0ee794c51e728e962683

SHA512
58b3fb837f97b5f879205bd54f98dac4d19f94c4703911eff66b86231d6cc5eb436ee06ecfbc87d13b05a8051dbad6fc5ef50a7e2610c754df76777f757ba91e

Download Submit
C:\Windows\System\gYEDDfR.exe

Filesize
6.0MB

MD5
a0c81f5386afa844165b751375836107

SHA1
a79c6fb501b6f5b6206eca84eda80e8b408fd79e

SHA256
cbf732a2c1895ff7ef3d46b873f4ea1e434395f34e038d9cc9cfc2a3bf8e8108

SHA512
071d7e0258270974b8616aec6ad94b3e99ef65e4cc1df26f4f45278e09992826ff000393c32ff0645bcdc0737a8cc1e824718df556d627462194252e0511d0fd

Download Submit
C:\Windows\System\gaLceUn.exe

Filesize
6.0MB

MD5
46eb5b81eda39f4cfdb85cf23aed010b

SHA1
56c96ac8a6f18c4e33c06eea5992fc4431f63a2e

SHA256
b1fbed4ab4ccdb342d4d8607eff67a9ffaa4d360bf9cd530e6c3824c4af290c8

SHA512
b19c308fe2f319e8b59f97b7cf8423afe81576fe4b782028e9e5e3f59021973ea11ecabb0c803e454b9646112f7f840cf6b31f0b344200ef64d3153c4847957f

Download Submit
C:\Windows\System\gcFiZbD.exe

Filesize
6.0MB

MD5
21f661f9cff8f3c1cf302dbe996b64c7

SHA1
2bbb06db00eef7990e84caf33a36191159b2c6a6

SHA256
fbc962c360cbe4f823593e125d5fd190bec16138aae8aa4751ad322163fb951a

SHA512
a50bbb1b8cd168bd83e38a4f2f7dd99536f41fcb1dc34324081ad18961721a89f77d2075057d4de996cc780ed8be67a68a079715ee871f4ffbf84e5c87819352

Download Submit
C:\Windows\System\hpSjMpB.exe

Filesize
6.0MB

MD5
4f7790de3a71abfb2f40ed902b0f8284

SHA1
9a19ef8f0b8e729114e0f55a07fe30f17e873f39

SHA256
4be615d9cf151800f98f69cfc6496684f914ce7c9fa1b733f65a84e2b1dd4645

SHA512
8c2deb03c1622f9d6564c8f600d9c827f31d6a68af6df5851d990292d34327863c82e6ebbfc2cf3ae3a8eebb332a4a098540b754722606b603686d8afa5aa5ab

Download Submit
C:\Windows\System\hprybHG.exe

Filesize
6.0MB

MD5
21ef45f2b42ae98231f9d70644c6fa99

SHA1
931adcd8989a7089196fe6cd116c9deeea1b7b7d

SHA256
59c25bebe4a18b98cf766944ee925c625e05190f74b82a3eef0dcfcd34ff69a9

SHA512
588c4cabcfcb954117bd63c2cd3e3cd3af10dff9b724293149afe303b337a8e3c41b974c83485df13e5a0052b08e5d9f7d2b98d6a13e91c12f158b7f0b89cbe3

Download Submit
C:\Windows\System\jKoEmif.exe

Filesize
6.0MB

MD5
063a75e444a1a9f64f76852810c68294

SHA1
61a78040e55b9d53e157815f64ac050653cafa1b

SHA256
bb1c623bbd92267af1778d3a63c53324d95964574a5492f969dafcc7a0037c3d

SHA512
431dac343d1d44ad2a5b290caa0d4419402fdf2aac573a91a2ca236505c83b35e88bd689b358e44fe388f37ce4eeb8e54a67ac5ece29fda0927d1312a0f60403

Download Submit
C:\Windows\System\kDMUHBC.exe

Filesize
6.0MB

MD5
174157ba20092b9a776832bd3db68ed3

SHA1
f9bfb311e063fdcbd6b355a32ff7ba2b00edafd7

SHA256
9c2ce46428e61e566ddbcfd5c62cb829b5c5e5714b4c87c12ac7a6cc1e73f4f4

SHA512
7c2c96646c53ae1ac7ddefbecabe51cceace518fa237e2f07258245f027d927642743c0935666a01098d5370543c59f1de09b2306f6008f976c860d009830f87

Download Submit
C:\Windows\System\kLMRvPR.exe

Filesize
6.0MB

MD5
60572ce436c46d00b9a50445616f4779

SHA1
aea6152894180e5f3b85e941f6687757b163a866

SHA256
dbd874d9db7339fd5b3e046f27d1ba8b2b4c0e07e1b2e1e1580a6a0ff44f2e2b

SHA512
c3a010a311dcf893985a1e7a4dc6bdb41b91ba15fe46b7739cc15799a570bcb6cf7b213ac4146868acf19c88fcc5d0f86bdeded769e516b8a1da8ca516694fae

Download Submit
C:\Windows\System\kpPVtTo.exe

Filesize
6.0MB

MD5
14fe793734ad5ae89141966db8cff602

SHA1
f6d7588af36992fb6e34a2f35551b28c26374bd8

SHA256
ef2e42d6881ff5edcf0ae7b1283c024cc772a6df28823e444b4351f339ae4503

SHA512
a974696ff5da751095d5ad17fef80dbaa75cf75689c3d6ccec3692ac07b3200a817920a8d758855d4844fad66837048ad215ebb6d47d23b0a40c4c4e86e9b6f9

Download Submit
C:\Windows\System\mpKEYGb.exe

Filesize
6.0MB

MD5
f9559e6947ea6c953b478078c946d07f

SHA1
2f48edd25d6ee1252260c985e77da7aa69585e7f

SHA256
557705aec73f2b280e04cbaae3243eec7722d02558f4295d8e7b524c356ac944

SHA512
a437cbd95216652530999e6531de85f8fd06a8d4225a4342d3c23adf7fb064cc1533624de02814a6ac36e9c39ec9a4ae86a140f96f8f1ecc1e99a68b7bcb80a9

Download Submit
C:\Windows\System\nNMvldd.exe

Filesize
6.0MB

MD5
68fe9917f5fe2f1c855a201ca92c5b9b

SHA1
cba2a48832e0908885f5c8cdf4085ef81b2590fa

SHA256
94ead73afa2d3c34d0205a3ecb635b1bf6b92995daada129c4212da229793d17

SHA512
15e6aa4724f761997c8ef2cf4d81953df4c97e5ca11253351c0e396f134de3bfc768274d1993ad73979bc6ecad671bd0e4e8cffebc353ea6c92163eb87a313aa

Download Submit
C:\Windows\System\shLRpVA.exe

Filesize
6.0MB

MD5
0d99670ca6d5ff37645ab8e6ed73d01f

SHA1
dcf48326956b51b08e570487bbd0b451ed2a698e

SHA256
99660f153ae35e87dce4cfd16e7ad0a64c4b6d3d4935497b2d269172b1e17b9e

SHA512
1ff054be3eb2071d7717860d684d8ca5ff480c45ec708e630ca8f9a1df06357c03f762458c81c4f1c6fc5201b844409eba50bf8c3a21b0ba7754b30fa6e16522

Download Submit
C:\Windows\System\vxrSqUA.exe

Filesize
6.0MB

MD5
b8e7ceb70a216850fffd75dc4ae81b4a

SHA1
c05ffad7782c05952f8ec7564a8ccfb23a53afcf

SHA256
71a94ad27b2c9754b057d202c4583f855b087f50472ff236e35262e56ef9c6bf

SHA512
85d69f6233d5a60855c616fa5aa3d777b0efc714c4d5834ce966e4447f36459070cc59f76eb6bdbe0f536f1610a810ed148e1a7f8ad81d47830b1ed9ad79d365

Download Submit
C:\Windows\System\wCryGCi.exe

Filesize
6.0MB

MD5
bcb0964e2308999e3ca9685c727705aa

SHA1
b97fb230aff3fd0d464214d129f775239ecd0d5d

SHA256
ae6111c323414fc497ff5da5fc9ee46a2ec5930cd7a3c0aa9251697db5faef87

SHA512
afb08b8f04eb1ed6556ef99dd037f2d7c3e1cf0864a440c3572b72de361ce0d3099485395f6acf7d75bd627b00448586ea60bcb01d9157b595d93efc79f03b17

Download Submit
C:\Windows\System\zxOidkt.exe

Filesize
6.0MB

MD5
956de19f03c11b438341ef6fb60f2ea3

SHA1
189bb6041752f92edf37ba2057c422fc8a4b6f03

SHA256
58d14c78b240237c8e20fd186e17b3f4371d41d47153e708f147532735b98fa9

SHA512
fc1a85089b920f4eb2966a048556b212a2eff7ec641c8a616dcaaa303ebb973dd626f3bf1630ba4f7f55ff872bd3cd16b73be155b6c41e0d914e4e840624b200

Download Submit
memory/740-395-0x00007FF6EBFF0000-0x00007FF6EC344000-memory.dmp

Filesize
3.3MB

Download
memory/740-102-0x00007FF6EBFF0000-0x00007FF6EC344000-memory.dmp

Filesize
3.3MB

Download
memory/740-2341-0x00007FF6EBFF0000-0x00007FF6EC344000-memory.dmp

Filesize
3.3MB

Download
memory/880-2339-0x00007FF656C90000-0x00007FF656FE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-86-0x00007FF656C90000-0x00007FF656FE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-184-0x00007FF656C90000-0x00007FF656FE4000-memory.dmp

Filesize
3.3MB

Download
memory/952-156-0x00007FF7ADF90000-0x00007FF7AE2E4000-memory.dmp

Filesize
3.3MB

Download
memory/952-2349-0x00007FF7ADF90000-0x00007FF7AE2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-97-0x00007FF6227A0000-0x00007FF622AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-326-0x00007FF6227A0000-0x00007FF622AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2340-0x00007FF6227A0000-0x00007FF622AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2350-0x00007FF654580000-0x00007FF6548D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-160-0x00007FF654580000-0x00007FF6548D4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-43-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp

Filesize
3.3MB

Download
memory/1636-96-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2273-0x00007FF6C5640000-0x00007FF6C5994000-memory.dmp

Filesize
3.3MB

Download
memory/1908-32-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-95-0x00007FF6C19A0000-0x00007FF6C1CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-48-0x00007FF6450B0000-0x00007FF645404000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2276-0x00007FF6450B0000-0x00007FF645404000-memory.dmp

Filesize
3.3MB

Download
memory/2172-109-0x00007FF6450B0000-0x00007FF645404000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2335-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-63-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-179-0x00007FF6A8850000-0x00007FF6A8BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-178-0x00007FF641930000-0x00007FF641C84000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2353-0x00007FF641930000-0x00007FF641C84000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2334-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-54-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-158-0x00007FF6FDB60000-0x00007FF6FDEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-8-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp

Filesize
3.3MB

Download
memory/2616-66-0x00007FF7BD120000-0x00007FF7BD474000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2337-0x00007FF6112F0000-0x00007FF611644000-memory.dmp

Filesize
3.3MB

Download
memory/2712-82-0x00007FF6112F0000-0x00007FF611644000-memory.dmp

Filesize
3.3MB

Download
memory/2836-170-0x00007FF7DD920000-0x00007FF7DDC74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2352-0x00007FF7DD920000-0x00007FF7DDC74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-601-0x00007FF7DD920000-0x00007FF7DDC74000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2351-0x00007FF7C53C0000-0x00007FF7C5714000-memory.dmp

Filesize
3.3MB

Download
memory/3208-602-0x00007FF7C53C0000-0x00007FF7C5714000-memory.dmp

Filesize
3.3MB

Download
memory/3208-177-0x00007FF7C53C0000-0x00007FF7C5714000-memory.dmp

Filesize
3.3MB

Download
memory/3560-92-0x00007FF663540000-0x00007FF663894000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2338-0x00007FF663540000-0x00007FF663894000-memory.dmp

Filesize
3.3MB

Download
memory/3640-87-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp

Filesize
3.3MB

Download
memory/3640-23-0x00007FF7A01E0000-0x00007FF7A0534000-memory.dmp

Filesize
3.3MB

Download
memory/3748-143-0x00007FF7E9BA0000-0x00007FF7E9EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2344-0x00007FF7E9BA0000-0x00007FF7E9EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-181-0x00007FF600150000-0x00007FF6004A4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-75-0x00007FF600150000-0x00007FF6004A4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2336-0x00007FF600150000-0x00007FF6004A4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-17-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp

Filesize
3.3MB

Download
memory/3820-79-0x00007FF77ABE0000-0x00007FF77AF34000-memory.dmp

Filesize
3.3MB

Download
memory/4068-25-0x00007FF7D0210000-0x00007FF7D0564000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2249-0x00007FF7D0210000-0x00007FF7D0564000-memory.dmp

Filesize
3.3MB

Download
memory/4372-47-0x00007FF710E20000-0x00007FF711174000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2345-0x00007FF760380000-0x00007FF7606D4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-148-0x00007FF760380000-0x00007FF7606D4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-157-0x00007FF633670000-0x00007FF6339C4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2348-0x00007FF633670000-0x00007FF6339C4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-159-0x00007FF633580000-0x00007FF6338D4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2343-0x00007FF633580000-0x00007FF6338D4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-142-0x00007FF6E1060000-0x00007FF6E13B4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2342-0x00007FF6E1060000-0x00007FF6E13B4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-396-0x00007FF6E1060000-0x00007FF6E13B4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-147-0x00007FF7BB930000-0x00007FF7BBC84000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2346-0x00007FF7BB930000-0x00007FF7BBC84000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2347-0x00007FF7BD830000-0x00007FF7BDB84000-memory.dmp

Filesize
3.3MB

Download
memory/4776-153-0x00007FF7BD830000-0x00007FF7BDB84000-memory.dmp

Filesize
3.3MB

Download
memory/4924-58-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-0-0x00007FF79B480000-0x00007FF79B7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-1-0x000001BBEDF20000-0x000001BBEDF30000-memory.dmp

Filesize
64KB

Download
memory/4960-194-0x00007FF78A230000-0x00007FF78A584000-memory.dmp

Filesize
3.3MB

Download
memory/4960-799-0x00007FF78A230000-0x00007FF78A584000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2354-0x00007FF78A230000-0x00007FF78A584000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads