cobaltstrike | 7b34d2ed8045cbc5eafe2de94432e368714f462cc958ada6f0e262fc2aacc276

Analysis

max time kernel
98s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e5e102c25857abfc12acf32d3650dd7f
SHA1

55c37a6fae59b538e84d09e83b2772e47de5a135
SHA256

7b34d2ed8045cbc5eafe2de94432e368714f462cc958ada6f0e262fc2aacc276
SHA512

f3c589b11654c9350aedc92b0eb9e6f8a82e6cdb176f1c2fdfab5b1f0000923e29496fb644e8d73f0ad9131a7f712cbf1ab6c857f3d76c198d6aaff7be80dcce
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023b98-4.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c71-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-21.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-33.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-45.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-54.dat	cobalt_reflective_dll
behavioral2/files/0x000700000001e547-63.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001da88-64.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c6f-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-137.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-175.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c84-164.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-91.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c7a-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-184.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c8d-192.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c90-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-203.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1284-0-0x00007FF6A7170000-0x00007FF6A74C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b98-4.dat	xmrig
behavioral2/memory/2656-7-0x00007FF63B150000-0x00007FF63B4A4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c71-11.dat	xmrig
behavioral2/files/0x0007000000023c72-10.dat	xmrig
behavioral2/memory/4708-14-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp	xmrig
behavioral2/memory/2852-18-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp	xmrig
behavioral2/memory/2328-23-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c73-21.dat	xmrig
behavioral2/files/0x0007000000023c75-33.dat	xmrig
behavioral2/files/0x0007000000023c76-41.dat	xmrig
behavioral2/memory/2592-42-0x00007FF628980000-0x00007FF628CD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c77-45.dat	xmrig
behavioral2/memory/2164-47-0x00007FF7613C0000-0x00007FF761714000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c74-35.dat	xmrig
behavioral2/memory/5080-34-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp	xmrig
behavioral2/memory/1544-30-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c78-54.dat	xmrig
behavioral2/memory/2084-56-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp	xmrig
behavioral2/files/0x000700000001e547-63.dat	xmrig
behavioral2/files/0x000400000001da88-64.dat	xmrig
behavioral2/memory/4708-75-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp	xmrig
behavioral2/memory/3552-78-0x00007FF6D6150000-0x00007FF6D64A4000-memory.dmp	xmrig
behavioral2/memory/2852-86-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c6f-89.dat	xmrig
behavioral2/files/0x0007000000023c7c-87.dat	xmrig
behavioral2/files/0x0007000000023c7d-97.dat	xmrig
behavioral2/files/0x0007000000023c7e-105.dat	xmrig
behavioral2/memory/1544-110-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7f-115.dat	xmrig
behavioral2/files/0x0007000000023c80-119.dat	xmrig
behavioral2/files/0x0007000000023c87-137.dat	xmrig
behavioral2/memory/3360-168-0x00007FF72D780000-0x00007FF72DAD4000-memory.dmp	xmrig
behavioral2/memory/4072-177-0x00007FF73FA60000-0x00007FF73FDB4000-memory.dmp	xmrig
behavioral2/memory/4924-181-0x00007FF6855D0000-0x00007FF685924000-memory.dmp	xmrig
behavioral2/memory/3020-180-0x00007FF7291B0000-0x00007FF729504000-memory.dmp	xmrig
behavioral2/memory/3204-179-0x00007FF6E5560000-0x00007FF6E58B4000-memory.dmp	xmrig
behavioral2/memory/2084-178-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c89-175.dat	xmrig
behavioral2/memory/5052-173-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp	xmrig
behavioral2/memory/1388-172-0x00007FF6B3D30000-0x00007FF6B4084000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c88-170.dat	xmrig
behavioral2/files/0x0007000000023c86-167.dat	xmrig
behavioral2/files/0x0007000000023c85-166.dat	xmrig
behavioral2/files/0x0007000000023c84-164.dat	xmrig
behavioral2/files/0x0007000000023c83-162.dat	xmrig
behavioral2/files/0x0007000000023c82-160.dat	xmrig
behavioral2/files/0x0007000000023c81-158.dat	xmrig
behavioral2/memory/4592-156-0x00007FF76B070000-0x00007FF76B3C4000-memory.dmp	xmrig
behavioral2/memory/1364-155-0x00007FF73BD10000-0x00007FF73C064000-memory.dmp	xmrig
behavioral2/memory/1636-149-0x00007FF6F7C70000-0x00007FF6F7FC4000-memory.dmp	xmrig
behavioral2/memory/2164-148-0x00007FF7613C0000-0x00007FF761714000-memory.dmp	xmrig
behavioral2/memory/1528-122-0x00007FF715C00000-0x00007FF715F54000-memory.dmp	xmrig
behavioral2/memory/2592-121-0x00007FF628980000-0x00007FF628CD4000-memory.dmp	xmrig
behavioral2/memory/5080-118-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp	xmrig
behavioral2/memory/516-114-0x00007FF6E76C0000-0x00007FF6E7A14000-memory.dmp	xmrig
behavioral2/memory/4612-109-0x00007FF768F60000-0x00007FF7692B4000-memory.dmp	xmrig
behavioral2/memory/4076-113-0x00007FF742BA0000-0x00007FF742EF4000-memory.dmp	xmrig
behavioral2/memory/2040-107-0x00007FF7A5E00000-0x00007FF7A6154000-memory.dmp	xmrig
behavioral2/memory/2328-102-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp	xmrig
behavioral2/memory/1584-101-0x00007FF751F10000-0x00007FF752264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7b-91.dat	xmrig
behavioral2/files/0x0008000000023c7a-82.dat	xmrig
behavioral2/memory/4512-81-0x00007FF6E8E90000-0x00007FF6E91E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2656	eENxufy.exe
4708	MPorvgr.exe
2852	AgWRyqq.exe
2328	rxizLqj.exe
1544	EcTzZqD.exe
5080	IlMzkWS.exe
2592	QDfwfHR.exe
2164	BvKKonz.exe
2084	JDPdFDc.exe
3204	PjLclKz.exe
808	VJjoOgr.exe
3552	yIaISqp.exe
4512	FtxRkji.exe
1584	ILwpmYf.exe
4612	FeifXLk.exe
2040	Jlevylz.exe
4076	ixLxNXR.exe
516	sGtwnUZ.exe
1528	Uelqvxm.exe
1636	sPrPodc.exe
1364	ibzgnwH.exe
4592	lZEoHPh.exe
3360	NFGBiis.exe
1388	mzmToxJ.exe
5052	lZeTHph.exe
4072	FgQNtwr.exe
3020	JHLoszd.exe
4924	DrnXawP.exe
3092	hrcRZEH.exe
1644	EwJmMDh.exe
4700	vvtJZuu.exe
544	prDCyrl.exe
5056	HSdhuWl.exe
2016	dBqAnRL.exe
1576	kfVHvVm.exe
2996	WLeAIQs.exe
5108	MvjRVJo.exe
2836	fEQeRiZ.exe
4500	UWGYCmr.exe
760	WUDNBGq.exe
4420	KMeiPoK.exe
4452	CLYdzUz.exe
4524	XWyoBNF.exe
2364	RrYAUPo.exe
1056	siivrrt.exe
3384	JBQwPZP.exe
1736	wECGaZW.exe
2400	puZlvPM.exe
4284	YzlNHhg.exe
996	ntsSVLB.exe
3112	SZpSbcf.exe
2044	gVXRmLr.exe
2420	MMziGlO.exe
4164	KgArcCA.exe
1964	DXaAfHD.exe
3604	caMTWoy.exe
1220	YEewyLC.exe
5036	ZumLlgY.exe
2292	FKDDJCW.exe
5048	nUsBaXL.exe
4860	FzncFDB.exe
3408	EHXtkAR.exe
4476	rpUsRoN.exe
4888	QrklBoP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1284-0-0x00007FF6A7170000-0x00007FF6A74C4000-memory.dmp	upx
behavioral2/files/0x000a000000023b98-4.dat	upx
behavioral2/memory/2656-7-0x00007FF63B150000-0x00007FF63B4A4000-memory.dmp	upx
behavioral2/files/0x0008000000023c71-11.dat	upx
behavioral2/files/0x0007000000023c72-10.dat	upx
behavioral2/memory/4708-14-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp	upx
behavioral2/memory/2852-18-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp	upx
behavioral2/memory/2328-23-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c73-21.dat	upx
behavioral2/files/0x0007000000023c75-33.dat	upx
behavioral2/files/0x0007000000023c76-41.dat	upx
behavioral2/memory/2592-42-0x00007FF628980000-0x00007FF628CD4000-memory.dmp	upx
behavioral2/files/0x0007000000023c77-45.dat	upx
behavioral2/memory/2164-47-0x00007FF7613C0000-0x00007FF761714000-memory.dmp	upx
behavioral2/files/0x0007000000023c74-35.dat	upx
behavioral2/memory/5080-34-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp	upx
behavioral2/memory/1544-30-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp	upx
behavioral2/files/0x0007000000023c78-54.dat	upx
behavioral2/memory/2084-56-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp	upx
behavioral2/files/0x000700000001e547-63.dat	upx
behavioral2/files/0x000400000001da88-64.dat	upx
behavioral2/memory/4708-75-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp	upx
behavioral2/memory/3552-78-0x00007FF6D6150000-0x00007FF6D64A4000-memory.dmp	upx
behavioral2/memory/2852-86-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp	upx
behavioral2/files/0x0009000000023c6f-89.dat	upx
behavioral2/files/0x0007000000023c7c-87.dat	upx
behavioral2/files/0x0007000000023c7d-97.dat	upx
behavioral2/files/0x0007000000023c7e-105.dat	upx
behavioral2/memory/1544-110-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp	upx
behavioral2/files/0x0007000000023c7f-115.dat	upx
behavioral2/files/0x0007000000023c80-119.dat	upx
behavioral2/files/0x0007000000023c87-137.dat	upx
behavioral2/memory/3360-168-0x00007FF72D780000-0x00007FF72DAD4000-memory.dmp	upx
behavioral2/memory/4072-177-0x00007FF73FA60000-0x00007FF73FDB4000-memory.dmp	upx
behavioral2/memory/4924-181-0x00007FF6855D0000-0x00007FF685924000-memory.dmp	upx
behavioral2/memory/3020-180-0x00007FF7291B0000-0x00007FF729504000-memory.dmp	upx
behavioral2/memory/3204-179-0x00007FF6E5560000-0x00007FF6E58B4000-memory.dmp	upx
behavioral2/memory/2084-178-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c89-175.dat	upx
behavioral2/memory/5052-173-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp	upx
behavioral2/memory/1388-172-0x00007FF6B3D30000-0x00007FF6B4084000-memory.dmp	upx
behavioral2/files/0x0007000000023c88-170.dat	upx
behavioral2/files/0x0007000000023c86-167.dat	upx
behavioral2/files/0x0007000000023c85-166.dat	upx
behavioral2/files/0x0007000000023c84-164.dat	upx
behavioral2/files/0x0007000000023c83-162.dat	upx
behavioral2/files/0x0007000000023c82-160.dat	upx
behavioral2/files/0x0007000000023c81-158.dat	upx
behavioral2/memory/4592-156-0x00007FF76B070000-0x00007FF76B3C4000-memory.dmp	upx
behavioral2/memory/1364-155-0x00007FF73BD10000-0x00007FF73C064000-memory.dmp	upx
behavioral2/memory/1636-149-0x00007FF6F7C70000-0x00007FF6F7FC4000-memory.dmp	upx
behavioral2/memory/2164-148-0x00007FF7613C0000-0x00007FF761714000-memory.dmp	upx
behavioral2/memory/1528-122-0x00007FF715C00000-0x00007FF715F54000-memory.dmp	upx
behavioral2/memory/2592-121-0x00007FF628980000-0x00007FF628CD4000-memory.dmp	upx
behavioral2/memory/5080-118-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp	upx
behavioral2/memory/516-114-0x00007FF6E76C0000-0x00007FF6E7A14000-memory.dmp	upx
behavioral2/memory/4612-109-0x00007FF768F60000-0x00007FF7692B4000-memory.dmp	upx
behavioral2/memory/4076-113-0x00007FF742BA0000-0x00007FF742EF4000-memory.dmp	upx
behavioral2/memory/2040-107-0x00007FF7A5E00000-0x00007FF7A6154000-memory.dmp	upx
behavioral2/memory/2328-102-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp	upx
behavioral2/memory/1584-101-0x00007FF751F10000-0x00007FF752264000-memory.dmp	upx
behavioral2/files/0x0007000000023c7b-91.dat	upx
behavioral2/files/0x0008000000023c7a-82.dat	upx
behavioral2/memory/4512-81-0x00007FF6E8E90000-0x00007FF6E91E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hbjTyNL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAkOvTF.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVraPBS.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfZZCxk.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLnpESJ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnEcxFF.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRZXeqZ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbjkVHC.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFCzXDs.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwgaIby.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlEAfOH.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCHDVKb.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFtVLJc.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plelcEb.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfyFpuW.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUsBaXL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIxEPCv.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLvHFol.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\havpHtC.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eznHWYW.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZdiDAs.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlQofXx.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuzwDNy.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeifXLk.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgQNtwr.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEazVUV.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfHmwkp.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzpQUCV.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPReGue.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voEIUyU.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpDnBXU.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeJVqnL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrdZqXL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEmxDWM.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzCbwlv.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOVHXHY.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDwbqVK.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTphBrs.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSJvAUa.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzncFDB.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afxoUZJ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBpHoIN.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eokYhYP.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYFnkCQ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAmchOR.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFoVtRS.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtxRkji.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxJBKLb.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekCJbST.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHvDshC.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnrSQhr.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoChzXL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHQDnmM.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVRAuQQ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AajWvgQ.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJefdxT.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwEUQzX.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhwsHhL.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxBueYw.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofNsGYD.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFFrzFp.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILwpmYf.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFGBiis.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZpSbcf.exe	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4748	dwm.exe
Token: SeChangeNotifyPrivilege	4748	dwm.exe
Token: 33	4748	dwm.exe
Token: SeIncBasePriorityPrivilege	4748	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2656	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1284 wrote to memory of 2656	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1284 wrote to memory of 4708	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1284 wrote to memory of 4708	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1284 wrote to memory of 2852	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1284 wrote to memory of 2852	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1284 wrote to memory of 2328	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1284 wrote to memory of 2328	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1284 wrote to memory of 1544	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1284 wrote to memory of 1544	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1284 wrote to memory of 5080	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1284 wrote to memory of 5080	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1284 wrote to memory of 2592	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1284 wrote to memory of 2592	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1284 wrote to memory of 2164	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1284 wrote to memory of 2164	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1284 wrote to memory of 2084	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1284 wrote to memory of 2084	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1284 wrote to memory of 3204	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1284 wrote to memory of 3204	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1284 wrote to memory of 808	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1284 wrote to memory of 808	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1284 wrote to memory of 3552	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1284 wrote to memory of 3552	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1284 wrote to memory of 4512	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1284 wrote to memory of 4512	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1284 wrote to memory of 1584	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1284 wrote to memory of 1584	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1284 wrote to memory of 4612	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1284 wrote to memory of 4612	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1284 wrote to memory of 2040	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1284 wrote to memory of 2040	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1284 wrote to memory of 4076	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1284 wrote to memory of 4076	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1284 wrote to memory of 516	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1284 wrote to memory of 516	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1284 wrote to memory of 1528	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1284 wrote to memory of 1528	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1284 wrote to memory of 1364	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1284 wrote to memory of 1364	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1284 wrote to memory of 4592	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1284 wrote to memory of 4592	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1284 wrote to memory of 3360	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1284 wrote to memory of 3360	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1284 wrote to memory of 1388	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1284 wrote to memory of 1388	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1284 wrote to memory of 5052	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1284 wrote to memory of 5052	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1284 wrote to memory of 4072	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1284 wrote to memory of 4072	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1284 wrote to memory of 1636	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1284 wrote to memory of 1636	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1284 wrote to memory of 3020	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1284 wrote to memory of 3020	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1284 wrote to memory of 4924	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1284 wrote to memory of 4924	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1284 wrote to memory of 3092	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1284 wrote to memory of 3092	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1284 wrote to memory of 1644	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1284 wrote to memory of 1644	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 1284 wrote to memory of 4700	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1284 wrote to memory of 4700	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 1284 wrote to memory of 544	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 1284 wrote to memory of 544	1284	2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_e5e102c25857abfc12acf32d3650dd7f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\System\eENxufy.exe
  C:\Windows\System\eENxufy.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\MPorvgr.exe
  C:\Windows\System\MPorvgr.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\AgWRyqq.exe
  C:\Windows\System\AgWRyqq.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\rxizLqj.exe
  C:\Windows\System\rxizLqj.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\EcTzZqD.exe
  C:\Windows\System\EcTzZqD.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\IlMzkWS.exe
  C:\Windows\System\IlMzkWS.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\QDfwfHR.exe
  C:\Windows\System\QDfwfHR.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\BvKKonz.exe
  C:\Windows\System\BvKKonz.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\JDPdFDc.exe
  C:\Windows\System\JDPdFDc.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\PjLclKz.exe
  C:\Windows\System\PjLclKz.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\VJjoOgr.exe
  C:\Windows\System\VJjoOgr.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\yIaISqp.exe
  C:\Windows\System\yIaISqp.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\FtxRkji.exe
  C:\Windows\System\FtxRkji.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ILwpmYf.exe
  C:\Windows\System\ILwpmYf.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\FeifXLk.exe
  C:\Windows\System\FeifXLk.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\Jlevylz.exe
  C:\Windows\System\Jlevylz.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ixLxNXR.exe
  C:\Windows\System\ixLxNXR.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\sGtwnUZ.exe
  C:\Windows\System\sGtwnUZ.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\Uelqvxm.exe
  C:\Windows\System\Uelqvxm.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ibzgnwH.exe
  C:\Windows\System\ibzgnwH.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\lZEoHPh.exe
  C:\Windows\System\lZEoHPh.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\NFGBiis.exe
  C:\Windows\System\NFGBiis.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\mzmToxJ.exe
  C:\Windows\System\mzmToxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\lZeTHph.exe
  C:\Windows\System\lZeTHph.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\FgQNtwr.exe
  C:\Windows\System\FgQNtwr.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\sPrPodc.exe
  C:\Windows\System\sPrPodc.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\JHLoszd.exe
  C:\Windows\System\JHLoszd.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DrnXawP.exe
  C:\Windows\System\DrnXawP.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\hrcRZEH.exe
  C:\Windows\System\hrcRZEH.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\EwJmMDh.exe
  C:\Windows\System\EwJmMDh.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\vvtJZuu.exe
  C:\Windows\System\vvtJZuu.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\prDCyrl.exe
  C:\Windows\System\prDCyrl.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\HSdhuWl.exe
  C:\Windows\System\HSdhuWl.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\dBqAnRL.exe
  C:\Windows\System\dBqAnRL.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\kfVHvVm.exe
  C:\Windows\System\kfVHvVm.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\WLeAIQs.exe
  C:\Windows\System\WLeAIQs.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\MvjRVJo.exe
  C:\Windows\System\MvjRVJo.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\fEQeRiZ.exe
  C:\Windows\System\fEQeRiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\UWGYCmr.exe
  C:\Windows\System\UWGYCmr.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\WUDNBGq.exe
  C:\Windows\System\WUDNBGq.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\KMeiPoK.exe
  C:\Windows\System\KMeiPoK.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\CLYdzUz.exe
  C:\Windows\System\CLYdzUz.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\XWyoBNF.exe
  C:\Windows\System\XWyoBNF.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\RrYAUPo.exe
  C:\Windows\System\RrYAUPo.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\siivrrt.exe
  C:\Windows\System\siivrrt.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\JBQwPZP.exe
  C:\Windows\System\JBQwPZP.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\wECGaZW.exe
  C:\Windows\System\wECGaZW.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\puZlvPM.exe
  C:\Windows\System\puZlvPM.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\YzlNHhg.exe
  C:\Windows\System\YzlNHhg.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\ntsSVLB.exe
  C:\Windows\System\ntsSVLB.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\SZpSbcf.exe
  C:\Windows\System\SZpSbcf.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\gVXRmLr.exe
  C:\Windows\System\gVXRmLr.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\MMziGlO.exe
  C:\Windows\System\MMziGlO.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\KgArcCA.exe
  C:\Windows\System\KgArcCA.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\DXaAfHD.exe
  C:\Windows\System\DXaAfHD.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\caMTWoy.exe
  C:\Windows\System\caMTWoy.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\YEewyLC.exe
  C:\Windows\System\YEewyLC.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\ZumLlgY.exe
  C:\Windows\System\ZumLlgY.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\FKDDJCW.exe
  C:\Windows\System\FKDDJCW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\nUsBaXL.exe
  C:\Windows\System\nUsBaXL.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\FzncFDB.exe
  C:\Windows\System\FzncFDB.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\EHXtkAR.exe
  C:\Windows\System\EHXtkAR.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\rpUsRoN.exe
  C:\Windows\System\rpUsRoN.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\QrklBoP.exe
  C:\Windows\System\QrklBoP.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\jxTpmZC.exe
  C:\Windows\System\jxTpmZC.exe
  2⤵
  PID:3492
- C:\Windows\System\WtUwooE.exe
  C:\Windows\System\WtUwooE.exe
  2⤵
  PID:2964
- C:\Windows\System\UCuLtqu.exe
  C:\Windows\System\UCuLtqu.exe
  2⤵
  PID:4000
- C:\Windows\System\lqlwUzB.exe
  C:\Windows\System\lqlwUzB.exe
  2⤵
  PID:2972
- C:\Windows\System\HqeQgDT.exe
  C:\Windows\System\HqeQgDT.exe
  2⤵
  PID:5008
- C:\Windows\System\PctBOes.exe
  C:\Windows\System\PctBOes.exe
  2⤵
  PID:2628
- C:\Windows\System\QuqDvPj.exe
  C:\Windows\System\QuqDvPj.exe
  2⤵
  PID:1928
- C:\Windows\System\RUxRJiy.exe
  C:\Windows\System\RUxRJiy.exe
  2⤵
  PID:2104
- C:\Windows\System\sIxEPCv.exe
  C:\Windows\System\sIxEPCv.exe
  2⤵
  PID:1976
- C:\Windows\System\mVFNryR.exe
  C:\Windows\System\mVFNryR.exe
  2⤵
  PID:1240
- C:\Windows\System\kOjBUoO.exe
  C:\Windows\System\kOjBUoO.exe
  2⤵
  PID:940
- C:\Windows\System\zSfsZjw.exe
  C:\Windows\System\zSfsZjw.exe
  2⤵
  PID:3252
- C:\Windows\System\KLzDGGf.exe
  C:\Windows\System\KLzDGGf.exe
  2⤵
  PID:3796
- C:\Windows\System\XGgwofX.exe
  C:\Windows\System\XGgwofX.exe
  2⤵
  PID:4268
- C:\Windows\System\QpzfGBS.exe
  C:\Windows\System\QpzfGBS.exe
  2⤵
  PID:2500
- C:\Windows\System\WYcvwOS.exe
  C:\Windows\System\WYcvwOS.exe
  2⤵
  PID:1936
- C:\Windows\System\vsIPDiV.exe
  C:\Windows\System\vsIPDiV.exe
  2⤵
  PID:2636
- C:\Windows\System\vpghWgq.exe
  C:\Windows\System\vpghWgq.exe
  2⤵
  PID:4404
- C:\Windows\System\yjvONkp.exe
  C:\Windows\System\yjvONkp.exe
  2⤵
  PID:448
- C:\Windows\System\bQMlHUQ.exe
  C:\Windows\System\bQMlHUQ.exe
  2⤵
  PID:1764
- C:\Windows\System\UAusjGU.exe
  C:\Windows\System\UAusjGU.exe
  2⤵
  PID:2508
- C:\Windows\System\JbjkVHC.exe
  C:\Windows\System\JbjkVHC.exe
  2⤵
  PID:3052
- C:\Windows\System\suihajo.exe
  C:\Windows\System\suihajo.exe
  2⤵
  PID:4488
- C:\Windows\System\mfZZCxk.exe
  C:\Windows\System\mfZZCxk.exe
  2⤵
  PID:1624
- C:\Windows\System\plCilZX.exe
  C:\Windows\System\plCilZX.exe
  2⤵
  PID:1592
- C:\Windows\System\pobVNNH.exe
  C:\Windows\System\pobVNNH.exe
  2⤵
  PID:4780
- C:\Windows\System\SCnerEx.exe
  C:\Windows\System\SCnerEx.exe
  2⤵
  PID:4200
- C:\Windows\System\VsdEvXX.exe
  C:\Windows\System\VsdEvXX.exe
  2⤵
  PID:424
- C:\Windows\System\HuWIkzB.exe
  C:\Windows\System\HuWIkzB.exe
  2⤵
  PID:1800
- C:\Windows\System\YTCDTsD.exe
  C:\Windows\System\YTCDTsD.exe
  2⤵
  PID:3912
- C:\Windows\System\aNqmpGQ.exe
  C:\Windows\System\aNqmpGQ.exe
  2⤵
  PID:4928
- C:\Windows\System\iiDgcuU.exe
  C:\Windows\System\iiDgcuU.exe
  2⤵
  PID:4896
- C:\Windows\System\bNvqnFn.exe
  C:\Windows\System\bNvqnFn.exe
  2⤵
  PID:3664
- C:\Windows\System\fscPdnD.exe
  C:\Windows\System\fscPdnD.exe
  2⤵
  PID:5144
- C:\Windows\System\HUaiDHN.exe
  C:\Windows\System\HUaiDHN.exe
  2⤵
  PID:5172
- C:\Windows\System\LLnpESJ.exe
  C:\Windows\System\LLnpESJ.exe
  2⤵
  PID:5204
- C:\Windows\System\NZSRLyJ.exe
  C:\Windows\System\NZSRLyJ.exe
  2⤵
  PID:5232
- C:\Windows\System\FLWrWCC.exe
  C:\Windows\System\FLWrWCC.exe
  2⤵
  PID:5264
- C:\Windows\System\SEEaTIJ.exe
  C:\Windows\System\SEEaTIJ.exe
  2⤵
  PID:5296
- C:\Windows\System\GywdnID.exe
  C:\Windows\System\GywdnID.exe
  2⤵
  PID:5328
- C:\Windows\System\mPUXjFR.exe
  C:\Windows\System\mPUXjFR.exe
  2⤵
  PID:5356
- C:\Windows\System\DUmpETe.exe
  C:\Windows\System\DUmpETe.exe
  2⤵
  PID:5376
- C:\Windows\System\QOqVCdZ.exe
  C:\Windows\System\QOqVCdZ.exe
  2⤵
  PID:5408
- C:\Windows\System\ficOOeT.exe
  C:\Windows\System\ficOOeT.exe
  2⤵
  PID:5440
- C:\Windows\System\hEazVUV.exe
  C:\Windows\System\hEazVUV.exe
  2⤵
  PID:5464
- C:\Windows\System\JGwJyOI.exe
  C:\Windows\System\JGwJyOI.exe
  2⤵
  PID:5492
- C:\Windows\System\yaJupoP.exe
  C:\Windows\System\yaJupoP.exe
  2⤵
  PID:5524
- C:\Windows\System\nvOcgwg.exe
  C:\Windows\System\nvOcgwg.exe
  2⤵
  PID:5548
- C:\Windows\System\MZLjEJL.exe
  C:\Windows\System\MZLjEJL.exe
  2⤵
  PID:5576
- C:\Windows\System\FFKUINO.exe
  C:\Windows\System\FFKUINO.exe
  2⤵
  PID:5604
- C:\Windows\System\YmtLWUR.exe
  C:\Windows\System\YmtLWUR.exe
  2⤵
  PID:5636
- C:\Windows\System\LHlySvK.exe
  C:\Windows\System\LHlySvK.exe
  2⤵
  PID:5668
- C:\Windows\System\xeZJOcy.exe
  C:\Windows\System\xeZJOcy.exe
  2⤵
  PID:5696
- C:\Windows\System\QGquuHJ.exe
  C:\Windows\System\QGquuHJ.exe
  2⤵
  PID:5724
- C:\Windows\System\NohHrAm.exe
  C:\Windows\System\NohHrAm.exe
  2⤵
  PID:5752
- C:\Windows\System\Ypxyutx.exe
  C:\Windows\System\Ypxyutx.exe
  2⤵
  PID:5776
- C:\Windows\System\czALUif.exe
  C:\Windows\System\czALUif.exe
  2⤵
  PID:5812
- C:\Windows\System\EBKcUcx.exe
  C:\Windows\System\EBKcUcx.exe
  2⤵
  PID:5844
- C:\Windows\System\voEIUyU.exe
  C:\Windows\System\voEIUyU.exe
  2⤵
  PID:5876
- C:\Windows\System\mjCoVdX.exe
  C:\Windows\System\mjCoVdX.exe
  2⤵
  PID:5892
- C:\Windows\System\LfrAFcS.exe
  C:\Windows\System\LfrAFcS.exe
  2⤵
  PID:5928
- C:\Windows\System\KUnYlcK.exe
  C:\Windows\System\KUnYlcK.exe
  2⤵
  PID:5960
- C:\Windows\System\FSndVFC.exe
  C:\Windows\System\FSndVFC.exe
  2⤵
  PID:5988
- C:\Windows\System\eMBOvLD.exe
  C:\Windows\System\eMBOvLD.exe
  2⤵
  PID:6020
- C:\Windows\System\CMHuHRr.exe
  C:\Windows\System\CMHuHRr.exe
  2⤵
  PID:6048
- C:\Windows\System\wEgsLgH.exe
  C:\Windows\System\wEgsLgH.exe
  2⤵
  PID:6080
- C:\Windows\System\PUiQZDs.exe
  C:\Windows\System\PUiQZDs.exe
  2⤵
  PID:6104
- C:\Windows\System\xyfqJdd.exe
  C:\Windows\System\xyfqJdd.exe
  2⤵
  PID:6124
- C:\Windows\System\Kitvebh.exe
  C:\Windows\System\Kitvebh.exe
  2⤵
  PID:728
- C:\Windows\System\LaxSuyT.exe
  C:\Windows\System\LaxSuyT.exe
  2⤵
  PID:5196
- C:\Windows\System\WpIPrtx.exe
  C:\Windows\System\WpIPrtx.exe
  2⤵
  PID:5276
- C:\Windows\System\YWcmgNX.exe
  C:\Windows\System\YWcmgNX.exe
  2⤵
  PID:5352
- C:\Windows\System\sJefdxT.exe
  C:\Windows\System\sJefdxT.exe
  2⤵
  PID:5420
- C:\Windows\System\BhEYfxl.exe
  C:\Windows\System\BhEYfxl.exe
  2⤵
  PID:5476
- C:\Windows\System\GAvRrbT.exe
  C:\Windows\System\GAvRrbT.exe
  2⤵
  PID:5540
- C:\Windows\System\tODzhhg.exe
  C:\Windows\System\tODzhhg.exe
  2⤵
  PID:5616
- C:\Windows\System\fFZsNAP.exe
  C:\Windows\System\fFZsNAP.exe
  2⤵
  PID:5712
- C:\Windows\System\DszjJTM.exe
  C:\Windows\System\DszjJTM.exe
  2⤵
  PID:5768
- C:\Windows\System\xPAjhJd.exe
  C:\Windows\System\xPAjhJd.exe
  2⤵
  PID:5832
- C:\Windows\System\yPpgwGP.exe
  C:\Windows\System\yPpgwGP.exe
  2⤵
  PID:5904
- C:\Windows\System\nSkwIzO.exe
  C:\Windows\System\nSkwIzO.exe
  2⤵
  PID:5972
- C:\Windows\System\RmggOrK.exe
  C:\Windows\System\RmggOrK.exe
  2⤵
  PID:6032
- C:\Windows\System\tQpUFVa.exe
  C:\Windows\System\tQpUFVa.exe
  2⤵
  PID:6112
- C:\Windows\System\VdfdiBW.exe
  C:\Windows\System\VdfdiBW.exe
  2⤵
  PID:5136
- C:\Windows\System\TsUNddt.exe
  C:\Windows\System\TsUNddt.exe
  2⤵
  PID:5304
- C:\Windows\System\uoKWuyV.exe
  C:\Windows\System\uoKWuyV.exe
  2⤵
  PID:5500
- C:\Windows\System\HNQCwbY.exe
  C:\Windows\System\HNQCwbY.exe
  2⤵
  PID:5648
- C:\Windows\System\yCtuejx.exe
  C:\Windows\System\yCtuejx.exe
  2⤵
  PID:5788
- C:\Windows\System\GpDnBXU.exe
  C:\Windows\System\GpDnBXU.exe
  2⤵
  PID:5936
- C:\Windows\System\pyXNLBZ.exe
  C:\Windows\System\pyXNLBZ.exe
  2⤵
  PID:6008
- C:\Windows\System\enlSdob.exe
  C:\Windows\System\enlSdob.exe
  2⤵
  PID:1768
- C:\Windows\System\UsKZgvv.exe
  C:\Windows\System\UsKZgvv.exe
  2⤵
  PID:792
- C:\Windows\System\pOxMtBR.exe
  C:\Windows\System\pOxMtBR.exe
  2⤵
  PID:6028
- C:\Windows\System\OhpQyvx.exe
  C:\Windows\System\OhpQyvx.exe
  2⤵
  PID:5368
- C:\Windows\System\vOCjtfQ.exe
  C:\Windows\System\vOCjtfQ.exe
  2⤵
  PID:6120
- C:\Windows\System\hKwFchp.exe
  C:\Windows\System\hKwFchp.exe
  2⤵
  PID:6148
- C:\Windows\System\Rhlijxm.exe
  C:\Windows\System\Rhlijxm.exe
  2⤵
  PID:6180
- C:\Windows\System\QICkMri.exe
  C:\Windows\System\QICkMri.exe
  2⤵
  PID:6208
- C:\Windows\System\PLYkMVz.exe
  C:\Windows\System\PLYkMVz.exe
  2⤵
  PID:6236
- C:\Windows\System\WqCrZUD.exe
  C:\Windows\System\WqCrZUD.exe
  2⤵
  PID:6260
- C:\Windows\System\WnezQiw.exe
  C:\Windows\System\WnezQiw.exe
  2⤵
  PID:6280
- C:\Windows\System\QoChzXL.exe
  C:\Windows\System\QoChzXL.exe
  2⤵
  PID:6312
- C:\Windows\System\MwZfNYI.exe
  C:\Windows\System\MwZfNYI.exe
  2⤵
  PID:6360
- C:\Windows\System\toyrDYo.exe
  C:\Windows\System\toyrDYo.exe
  2⤵
  PID:6392
- C:\Windows\System\WNLAfDJ.exe
  C:\Windows\System\WNLAfDJ.exe
  2⤵
  PID:6416
- C:\Windows\System\wuxvPms.exe
  C:\Windows\System\wuxvPms.exe
  2⤵
  PID:6444
- C:\Windows\System\LmjfIjT.exe
  C:\Windows\System\LmjfIjT.exe
  2⤵
  PID:6476
- C:\Windows\System\qcAzTvr.exe
  C:\Windows\System\qcAzTvr.exe
  2⤵
  PID:6496
- C:\Windows\System\FDztdAQ.exe
  C:\Windows\System\FDztdAQ.exe
  2⤵
  PID:6532
- C:\Windows\System\qVSudRR.exe
  C:\Windows\System\qVSudRR.exe
  2⤵
  PID:6560
- C:\Windows\System\JgnqLlN.exe
  C:\Windows\System\JgnqLlN.exe
  2⤵
  PID:6588
- C:\Windows\System\hxJBKLb.exe
  C:\Windows\System\hxJBKLb.exe
  2⤵
  PID:6616
- C:\Windows\System\jfEAuHi.exe
  C:\Windows\System\jfEAuHi.exe
  2⤵
  PID:6644
- C:\Windows\System\buAIRuB.exe
  C:\Windows\System\buAIRuB.exe
  2⤵
  PID:6676
- C:\Windows\System\rsuqiYp.exe
  C:\Windows\System\rsuqiYp.exe
  2⤵
  PID:6704
- C:\Windows\System\xHyDZVW.exe
  C:\Windows\System\xHyDZVW.exe
  2⤵
  PID:6728
- C:\Windows\System\aozBGyZ.exe
  C:\Windows\System\aozBGyZ.exe
  2⤵
  PID:6756
- C:\Windows\System\YiORgyS.exe
  C:\Windows\System\YiORgyS.exe
  2⤵
  PID:6788
- C:\Windows\System\NcffCjd.exe
  C:\Windows\System\NcffCjd.exe
  2⤵
  PID:6816
- C:\Windows\System\EoHoXFV.exe
  C:\Windows\System\EoHoXFV.exe
  2⤵
  PID:6844
- C:\Windows\System\OZEOlXg.exe
  C:\Windows\System\OZEOlXg.exe
  2⤵
  PID:6872
- C:\Windows\System\uuGrOkw.exe
  C:\Windows\System\uuGrOkw.exe
  2⤵
  PID:6904
- C:\Windows\System\RXSQQds.exe
  C:\Windows\System\RXSQQds.exe
  2⤵
  PID:6932
- C:\Windows\System\ftKosDI.exe
  C:\Windows\System\ftKosDI.exe
  2⤵
  PID:6964
- C:\Windows\System\wDUlPre.exe
  C:\Windows\System\wDUlPre.exe
  2⤵
  PID:6984
- C:\Windows\System\ozmzyhR.exe
  C:\Windows\System\ozmzyhR.exe
  2⤵
  PID:7020
- C:\Windows\System\FXYZxeA.exe
  C:\Windows\System\FXYZxeA.exe
  2⤵
  PID:7056
- C:\Windows\System\YLixelR.exe
  C:\Windows\System\YLixelR.exe
  2⤵
  PID:7080
- C:\Windows\System\vjxbzxc.exe
  C:\Windows\System\vjxbzxc.exe
  2⤵
  PID:7120
- C:\Windows\System\VgIOfGB.exe
  C:\Windows\System\VgIOfGB.exe
  2⤵
  PID:7148
- C:\Windows\System\GPmPDyx.exe
  C:\Windows\System\GPmPDyx.exe
  2⤵
  PID:6168
- C:\Windows\System\OdQgNsE.exe
  C:\Windows\System\OdQgNsE.exe
  2⤵
  PID:6244
- C:\Windows\System\RTVkNWd.exe
  C:\Windows\System\RTVkNWd.exe
  2⤵
  PID:6308
- C:\Windows\System\RwyonUD.exe
  C:\Windows\System\RwyonUD.exe
  2⤵
  PID:6388
- C:\Windows\System\FIIXiLA.exe
  C:\Windows\System\FIIXiLA.exe
  2⤵
  PID:6452
- C:\Windows\System\HBZVhLS.exe
  C:\Windows\System\HBZVhLS.exe
  2⤵
  PID:6508
- C:\Windows\System\JslWyif.exe
  C:\Windows\System\JslWyif.exe
  2⤵
  PID:6568
- C:\Windows\System\jhTptfQ.exe
  C:\Windows\System\jhTptfQ.exe
  2⤵
  PID:6624
- C:\Windows\System\YcELQFi.exe
  C:\Windows\System\YcELQFi.exe
  2⤵
  PID:4912
- C:\Windows\System\JOKHXEI.exe
  C:\Windows\System\JOKHXEI.exe
  2⤵
  PID:6692
- C:\Windows\System\vxkoiGd.exe
  C:\Windows\System\vxkoiGd.exe
  2⤵
  PID:6796
- C:\Windows\System\hZRaWUF.exe
  C:\Windows\System\hZRaWUF.exe
  2⤵
  PID:6836
- C:\Windows\System\rYKvImx.exe
  C:\Windows\System\rYKvImx.exe
  2⤵
  PID:6912
- C:\Windows\System\dAEAepj.exe
  C:\Windows\System\dAEAepj.exe
  2⤵
  PID:6980
- C:\Windows\System\sMGqtln.exe
  C:\Windows\System\sMGqtln.exe
  2⤵
  PID:7044
- C:\Windows\System\TMZpXBN.exe
  C:\Windows\System\TMZpXBN.exe
  2⤵
  PID:7116
- C:\Windows\System\vbkZiSm.exe
  C:\Windows\System\vbkZiSm.exe
  2⤵
  PID:6192
- C:\Windows\System\BMFmRMQ.exe
  C:\Windows\System\BMFmRMQ.exe
  2⤵
  PID:6348
- C:\Windows\System\eSrxxLO.exe
  C:\Windows\System\eSrxxLO.exe
  2⤵
  PID:4428
- C:\Windows\System\QoLhUVR.exe
  C:\Windows\System\QoLhUVR.exe
  2⤵
  PID:6576
- C:\Windows\System\cLVABkY.exe
  C:\Windows\System\cLVABkY.exe
  2⤵
  PID:6684
- C:\Windows\System\afxoUZJ.exe
  C:\Windows\System\afxoUZJ.exe
  2⤵
  PID:6828
- C:\Windows\System\pFHkguh.exe
  C:\Windows\System\pFHkguh.exe
  2⤵
  PID:6940
- C:\Windows\System\ydjeMMW.exe
  C:\Windows\System\ydjeMMW.exe
  2⤵
  PID:7100
- C:\Windows\System\ZwHpUjl.exe
  C:\Windows\System\ZwHpUjl.exe
  2⤵
  PID:6768
- C:\Windows\System\qoBDVtZ.exe
  C:\Windows\System\qoBDVtZ.exe
  2⤵
  PID:6736
- C:\Windows\System\OHQDnmM.exe
  C:\Windows\System\OHQDnmM.exe
  2⤵
  PID:6252
- C:\Windows\System\leoJJGr.exe
  C:\Windows\System\leoJJGr.exe
  2⤵
  PID:6652
- C:\Windows\System\SSxIsyj.exe
  C:\Windows\System\SSxIsyj.exe
  2⤵
  PID:7072
- C:\Windows\System\JfyDmrx.exe
  C:\Windows\System\JfyDmrx.exe
  2⤵
  PID:7144
- C:\Windows\System\gLdHnqC.exe
  C:\Windows\System\gLdHnqC.exe
  2⤵
  PID:7196
- C:\Windows\System\VxBueYw.exe
  C:\Windows\System\VxBueYw.exe
  2⤵
  PID:7220
- C:\Windows\System\hXXoCBb.exe
  C:\Windows\System\hXXoCBb.exe
  2⤵
  PID:7252
- C:\Windows\System\KNcBBgZ.exe
  C:\Windows\System\KNcBBgZ.exe
  2⤵
  PID:7284
- C:\Windows\System\CaGTeAe.exe
  C:\Windows\System\CaGTeAe.exe
  2⤵
  PID:7312
- C:\Windows\System\FpZbzqB.exe
  C:\Windows\System\FpZbzqB.exe
  2⤵
  PID:7336
- C:\Windows\System\wkNRmOD.exe
  C:\Windows\System\wkNRmOD.exe
  2⤵
  PID:7364
- C:\Windows\System\bwYPcTO.exe
  C:\Windows\System\bwYPcTO.exe
  2⤵
  PID:7396
- C:\Windows\System\pnWRiyh.exe
  C:\Windows\System\pnWRiyh.exe
  2⤵
  PID:7424
- C:\Windows\System\MmFDYkF.exe
  C:\Windows\System\MmFDYkF.exe
  2⤵
  PID:7452
- C:\Windows\System\bAksLRQ.exe
  C:\Windows\System\bAksLRQ.exe
  2⤵
  PID:7468
- C:\Windows\System\zhCxLVz.exe
  C:\Windows\System\zhCxLVz.exe
  2⤵
  PID:7500
- C:\Windows\System\VDdtbva.exe
  C:\Windows\System\VDdtbva.exe
  2⤵
  PID:7524
- C:\Windows\System\BYnLPRG.exe
  C:\Windows\System\BYnLPRG.exe
  2⤵
  PID:7552
- C:\Windows\System\mIfWiyX.exe
  C:\Windows\System\mIfWiyX.exe
  2⤵
  PID:7580
- C:\Windows\System\uFPUfGR.exe
  C:\Windows\System\uFPUfGR.exe
  2⤵
  PID:7608
- C:\Windows\System\GAsamRi.exe
  C:\Windows\System\GAsamRi.exe
  2⤵
  PID:7644
- C:\Windows\System\dYTCoGX.exe
  C:\Windows\System\dYTCoGX.exe
  2⤵
  PID:7664
- C:\Windows\System\kEHoAyo.exe
  C:\Windows\System\kEHoAyo.exe
  2⤵
  PID:7692
- C:\Windows\System\HSGEEUC.exe
  C:\Windows\System\HSGEEUC.exe
  2⤵
  PID:7728
- C:\Windows\System\igbsYAr.exe
  C:\Windows\System\igbsYAr.exe
  2⤵
  PID:7756
- C:\Windows\System\pNNHpaQ.exe
  C:\Windows\System\pNNHpaQ.exe
  2⤵
  PID:7776
- C:\Windows\System\TEzPRCG.exe
  C:\Windows\System\TEzPRCG.exe
  2⤵
  PID:7804
- C:\Windows\System\fxmfiUZ.exe
  C:\Windows\System\fxmfiUZ.exe
  2⤵
  PID:7844
- C:\Windows\System\OigNykR.exe
  C:\Windows\System\OigNykR.exe
  2⤵
  PID:7864
- C:\Windows\System\kjbgRCW.exe
  C:\Windows\System\kjbgRCW.exe
  2⤵
  PID:7904
- C:\Windows\System\aXINiom.exe
  C:\Windows\System\aXINiom.exe
  2⤵
  PID:7936
- C:\Windows\System\ttAvvPC.exe
  C:\Windows\System\ttAvvPC.exe
  2⤵
  PID:7956
- C:\Windows\System\NVKxaqI.exe
  C:\Windows\System\NVKxaqI.exe
  2⤵
  PID:7984
- C:\Windows\System\MibqyzM.exe
  C:\Windows\System\MibqyzM.exe
  2⤵
  PID:8020
- C:\Windows\System\HqUfQtK.exe
  C:\Windows\System\HqUfQtK.exe
  2⤵
  PID:8040
- C:\Windows\System\Fjsbinb.exe
  C:\Windows\System\Fjsbinb.exe
  2⤵
  PID:8068
- C:\Windows\System\BZKEWfC.exe
  C:\Windows\System\BZKEWfC.exe
  2⤵
  PID:8104
- C:\Windows\System\JVFKFkC.exe
  C:\Windows\System\JVFKFkC.exe
  2⤵
  PID:8128
- C:\Windows\System\tnPsmwl.exe
  C:\Windows\System\tnPsmwl.exe
  2⤵
  PID:8156
- C:\Windows\System\mfHmwkp.exe
  C:\Windows\System\mfHmwkp.exe
  2⤵
  PID:8180
- C:\Windows\System\DZBfmFV.exe
  C:\Windows\System\DZBfmFV.exe
  2⤵
  PID:7204
- C:\Windows\System\NQvWLoH.exe
  C:\Windows\System\NQvWLoH.exe
  2⤵
  PID:7264
- C:\Windows\System\KNzmNLI.exe
  C:\Windows\System\KNzmNLI.exe
  2⤵
  PID:6268
- C:\Windows\System\tZdiDAs.exe
  C:\Windows\System\tZdiDAs.exe
  2⤵
  PID:7392
- C:\Windows\System\ozrxjUo.exe
  C:\Windows\System\ozrxjUo.exe
  2⤵
  PID:7448
- C:\Windows\System\tPfYMEW.exe
  C:\Windows\System\tPfYMEW.exe
  2⤵
  PID:7508
- C:\Windows\System\FcWTyfl.exe
  C:\Windows\System\FcWTyfl.exe
  2⤵
  PID:7572
- C:\Windows\System\Lpjeuwh.exe
  C:\Windows\System\Lpjeuwh.exe
  2⤵
  PID:2760
- C:\Windows\System\XegJpiy.exe
  C:\Windows\System\XegJpiy.exe
  2⤵
  PID:7656
- C:\Windows\System\VeJVqnL.exe
  C:\Windows\System\VeJVqnL.exe
  2⤵
  PID:7716
- C:\Windows\System\LZMDqMJ.exe
  C:\Windows\System\LZMDqMJ.exe
  2⤵
  PID:7788
- C:\Windows\System\EPPHNXW.exe
  C:\Windows\System\EPPHNXW.exe
  2⤵
  PID:7852
- C:\Windows\System\XoDMSbR.exe
  C:\Windows\System\XoDMSbR.exe
  2⤵
  PID:7916
- C:\Windows\System\JqOAjLK.exe
  C:\Windows\System\JqOAjLK.exe
  2⤵
  PID:8004
- C:\Windows\System\AXLHVmk.exe
  C:\Windows\System\AXLHVmk.exe
  2⤵
  PID:8052
- C:\Windows\System\vTCXAbS.exe
  C:\Windows\System\vTCXAbS.exe
  2⤵
  PID:8116
- C:\Windows\System\skaLuhw.exe
  C:\Windows\System\skaLuhw.exe
  2⤵
  PID:8176
- C:\Windows\System\cnEcxFF.exe
  C:\Windows\System\cnEcxFF.exe
  2⤵
  PID:7292
- C:\Windows\System\KMFyqKE.exe
  C:\Windows\System\KMFyqKE.exe
  2⤵
  PID:7416
- C:\Windows\System\lEmxDWM.exe
  C:\Windows\System\lEmxDWM.exe
  2⤵
  PID:5688
- C:\Windows\System\ekCJbST.exe
  C:\Windows\System\ekCJbST.exe
  2⤵
  PID:7684
- C:\Windows\System\lZAadqq.exe
  C:\Windows\System\lZAadqq.exe
  2⤵
  PID:7888
- C:\Windows\System\FTmlRJd.exe
  C:\Windows\System\FTmlRJd.exe
  2⤵
  PID:8028
- C:\Windows\System\FKLVlvv.exe
  C:\Windows\System\FKLVlvv.exe
  2⤵
  PID:8164
- C:\Windows\System\DlQofXx.exe
  C:\Windows\System\DlQofXx.exe
  2⤵
  PID:7420
- C:\Windows\System\STouPnu.exe
  C:\Windows\System\STouPnu.exe
  2⤵
  PID:7816
- C:\Windows\System\LhqlzNE.exe
  C:\Windows\System\LhqlzNE.exe
  2⤵
  PID:5692
- C:\Windows\System\geIsmAL.exe
  C:\Windows\System\geIsmAL.exe
  2⤵
  PID:7652
- C:\Windows\System\tILEKwa.exe
  C:\Windows\System\tILEKwa.exe
  2⤵
  PID:7548
- C:\Windows\System\qvdDETg.exe
  C:\Windows\System\qvdDETg.exe
  2⤵
  PID:8224
- C:\Windows\System\ckPKCNK.exe
  C:\Windows\System\ckPKCNK.exe
  2⤵
  PID:8252
- C:\Windows\System\UzhnMtw.exe
  C:\Windows\System\UzhnMtw.exe
  2⤵
  PID:8272
- C:\Windows\System\CnnVluC.exe
  C:\Windows\System\CnnVluC.exe
  2⤵
  PID:8300
- C:\Windows\System\gVzMzKg.exe
  C:\Windows\System\gVzMzKg.exe
  2⤵
  PID:8328
- C:\Windows\System\eiLnnYj.exe
  C:\Windows\System\eiLnnYj.exe
  2⤵
  PID:8356
- C:\Windows\System\hdztzic.exe
  C:\Windows\System\hdztzic.exe
  2⤵
  PID:8384
- C:\Windows\System\hLPmAPy.exe
  C:\Windows\System\hLPmAPy.exe
  2⤵
  PID:8412
- C:\Windows\System\bGBNGlg.exe
  C:\Windows\System\bGBNGlg.exe
  2⤵
  PID:8440
- C:\Windows\System\qzaMAKk.exe
  C:\Windows\System\qzaMAKk.exe
  2⤵
  PID:8468
- C:\Windows\System\JFCzXDs.exe
  C:\Windows\System\JFCzXDs.exe
  2⤵
  PID:8496
- C:\Windows\System\pJbPjxy.exe
  C:\Windows\System\pJbPjxy.exe
  2⤵
  PID:8524
- C:\Windows\System\dqmkemR.exe
  C:\Windows\System\dqmkemR.exe
  2⤵
  PID:8552
- C:\Windows\System\VMqOMxh.exe
  C:\Windows\System\VMqOMxh.exe
  2⤵
  PID:8588
- C:\Windows\System\rabNRIx.exe
  C:\Windows\System\rabNRIx.exe
  2⤵
  PID:8612
- C:\Windows\System\MwagXYy.exe
  C:\Windows\System\MwagXYy.exe
  2⤵
  PID:8640
- C:\Windows\System\iHDnkQM.exe
  C:\Windows\System\iHDnkQM.exe
  2⤵
  PID:8668
- C:\Windows\System\KsUcQMO.exe
  C:\Windows\System\KsUcQMO.exe
  2⤵
  PID:8696
- C:\Windows\System\EcAxGFD.exe
  C:\Windows\System\EcAxGFD.exe
  2⤵
  PID:8736
- C:\Windows\System\uhOpUlv.exe
  C:\Windows\System\uhOpUlv.exe
  2⤵
  PID:8756
- C:\Windows\System\sMbuirD.exe
  C:\Windows\System\sMbuirD.exe
  2⤵
  PID:8788
- C:\Windows\System\CyyrgLP.exe
  C:\Windows\System\CyyrgLP.exe
  2⤵
  PID:8824
- C:\Windows\System\mrdZqXL.exe
  C:\Windows\System\mrdZqXL.exe
  2⤵
  PID:8852
- C:\Windows\System\oWRESnz.exe
  C:\Windows\System\oWRESnz.exe
  2⤵
  PID:8872
- C:\Windows\System\aCUrRAP.exe
  C:\Windows\System\aCUrRAP.exe
  2⤵
  PID:8916
- C:\Windows\System\kczNJKI.exe
  C:\Windows\System\kczNJKI.exe
  2⤵
  PID:8932
- C:\Windows\System\xKiLNoM.exe
  C:\Windows\System\xKiLNoM.exe
  2⤵
  PID:8960
- C:\Windows\System\awcvLEV.exe
  C:\Windows\System\awcvLEV.exe
  2⤵
  PID:8988
- C:\Windows\System\qsDtiSz.exe
  C:\Windows\System\qsDtiSz.exe
  2⤵
  PID:9016
- C:\Windows\System\alGATJF.exe
  C:\Windows\System\alGATJF.exe
  2⤵
  PID:9056
- C:\Windows\System\eoCzNvy.exe
  C:\Windows\System\eoCzNvy.exe
  2⤵
  PID:9076
- C:\Windows\System\lRClCpR.exe
  C:\Windows\System\lRClCpR.exe
  2⤵
  PID:9104
- C:\Windows\System\SYrgoEd.exe
  C:\Windows\System\SYrgoEd.exe
  2⤵
  PID:9140
- C:\Windows\System\HJBXftb.exe
  C:\Windows\System\HJBXftb.exe
  2⤵
  PID:9160
- C:\Windows\System\iotAkGO.exe
  C:\Windows\System\iotAkGO.exe
  2⤵
  PID:9192
- C:\Windows\System\MQidAmn.exe
  C:\Windows\System\MQidAmn.exe
  2⤵
  PID:8208
- C:\Windows\System\CnGrrQY.exe
  C:\Windows\System\CnGrrQY.exe
  2⤵
  PID:8260
- C:\Windows\System\lxlGgQw.exe
  C:\Windows\System\lxlGgQw.exe
  2⤵
  PID:8320
- C:\Windows\System\ribJuRp.exe
  C:\Windows\System\ribJuRp.exe
  2⤵
  PID:8380
- C:\Windows\System\NBTILDZ.exe
  C:\Windows\System\NBTILDZ.exe
  2⤵
  PID:8452
- C:\Windows\System\TaAuVZa.exe
  C:\Windows\System\TaAuVZa.exe
  2⤵
  PID:8508
- C:\Windows\System\ShYNKzC.exe
  C:\Windows\System\ShYNKzC.exe
  2⤵
  PID:8596
- C:\Windows\System\GjveEOG.exe
  C:\Windows\System\GjveEOG.exe
  2⤵
  PID:8652
- C:\Windows\System\fgEQxGO.exe
  C:\Windows\System\fgEQxGO.exe
  2⤵
  PID:8720
- C:\Windows\System\iFkYSPW.exe
  C:\Windows\System\iFkYSPW.exe
  2⤵
  PID:8800
- C:\Windows\System\RIQHgbe.exe
  C:\Windows\System\RIQHgbe.exe
  2⤵
  PID:8868
- C:\Windows\System\DmvfiYI.exe
  C:\Windows\System\DmvfiYI.exe
  2⤵
  PID:8900
- C:\Windows\System\zQeqyPY.exe
  C:\Windows\System\zQeqyPY.exe
  2⤵
  PID:9008
- C:\Windows\System\imYyUXi.exe
  C:\Windows\System\imYyUXi.exe
  2⤵
  PID:9072
- C:\Windows\System\lPrIlWh.exe
  C:\Windows\System\lPrIlWh.exe
  2⤵
  PID:9116
- C:\Windows\System\qhaEOIB.exe
  C:\Windows\System\qhaEOIB.exe
  2⤵
  PID:9180
- C:\Windows\System\BvfDYNq.exe
  C:\Windows\System\BvfDYNq.exe
  2⤵
  PID:8236
- C:\Windows\System\KNyXhzG.exe
  C:\Windows\System\KNyXhzG.exe
  2⤵
  PID:8376
- C:\Windows\System\uMvMWZO.exe
  C:\Windows\System\uMvMWZO.exe
  2⤵
  PID:8544
- C:\Windows\System\QfMQByq.exe
  C:\Windows\System\QfMQByq.exe
  2⤵
  PID:8688
- C:\Windows\System\ERraZnK.exe
  C:\Windows\System\ERraZnK.exe
  2⤵
  PID:8840
- C:\Windows\System\RKScpfQ.exe
  C:\Windows\System\RKScpfQ.exe
  2⤵
  PID:9068
- C:\Windows\System\cKVoXab.exe
  C:\Windows\System\cKVoXab.exe
  2⤵
  PID:9156
- C:\Windows\System\FogLNHl.exe
  C:\Windows\System\FogLNHl.exe
  2⤵
  PID:8488
- C:\Windows\System\vshbFuF.exe
  C:\Windows\System\vshbFuF.exe
  2⤵
  PID:8832
- C:\Windows\System\xWQDhJS.exe
  C:\Windows\System\xWQDhJS.exe
  2⤵
  PID:9100
- C:\Windows\System\tHeyGtJ.exe
  C:\Windows\System\tHeyGtJ.exe
  2⤵
  PID:7772
- C:\Windows\System\qxfvvYc.exe
  C:\Windows\System\qxfvvYc.exe
  2⤵
  PID:9096
- C:\Windows\System\MpgxBjX.exe
  C:\Windows\System\MpgxBjX.exe
  2⤵
  PID:9232
- C:\Windows\System\KyBqdJi.exe
  C:\Windows\System\KyBqdJi.exe
  2⤵
  PID:9260
- C:\Windows\System\aGrWskI.exe
  C:\Windows\System\aGrWskI.exe
  2⤵
  PID:9288
- C:\Windows\System\EDQZvzH.exe
  C:\Windows\System\EDQZvzH.exe
  2⤵
  PID:9316
- C:\Windows\System\SNsmOwS.exe
  C:\Windows\System\SNsmOwS.exe
  2⤵
  PID:9344
- C:\Windows\System\ckMqbGb.exe
  C:\Windows\System\ckMqbGb.exe
  2⤵
  PID:9380
- C:\Windows\System\CIkJDfr.exe
  C:\Windows\System\CIkJDfr.exe
  2⤵
  PID:9400
- C:\Windows\System\refiEgI.exe
  C:\Windows\System\refiEgI.exe
  2⤵
  PID:9432
- C:\Windows\System\CPfLnAs.exe
  C:\Windows\System\CPfLnAs.exe
  2⤵
  PID:9464
- C:\Windows\System\XzeeGwV.exe
  C:\Windows\System\XzeeGwV.exe
  2⤵
  PID:9488
- C:\Windows\System\FfMVTSu.exe
  C:\Windows\System\FfMVTSu.exe
  2⤵
  PID:9516
- C:\Windows\System\JNllDvu.exe
  C:\Windows\System\JNllDvu.exe
  2⤵
  PID:9544
- C:\Windows\System\QzpQUCV.exe
  C:\Windows\System\QzpQUCV.exe
  2⤵
  PID:9572
- C:\Windows\System\DnJNPQD.exe
  C:\Windows\System\DnJNPQD.exe
  2⤵
  PID:9608
- C:\Windows\System\CLvHFol.exe
  C:\Windows\System\CLvHFol.exe
  2⤵
  PID:9632
- C:\Windows\System\cDnMENT.exe
  C:\Windows\System\cDnMENT.exe
  2⤵
  PID:9660
- C:\Windows\System\XwLnzdT.exe
  C:\Windows\System\XwLnzdT.exe
  2⤵
  PID:9688
- C:\Windows\System\UnTVaHT.exe
  C:\Windows\System\UnTVaHT.exe
  2⤵
  PID:9720
- C:\Windows\System\PBiRJce.exe
  C:\Windows\System\PBiRJce.exe
  2⤵
  PID:9752
- C:\Windows\System\KaZOYmh.exe
  C:\Windows\System\KaZOYmh.exe
  2⤵
  PID:9772
- C:\Windows\System\WXnAOpa.exe
  C:\Windows\System\WXnAOpa.exe
  2⤵
  PID:9800
- C:\Windows\System\havpHtC.exe
  C:\Windows\System\havpHtC.exe
  2⤵
  PID:9828
- C:\Windows\System\nYPnicR.exe
  C:\Windows\System\nYPnicR.exe
  2⤵
  PID:9864
- C:\Windows\System\JXBdUAg.exe
  C:\Windows\System\JXBdUAg.exe
  2⤵
  PID:9884
- C:\Windows\System\PuqYbnO.exe
  C:\Windows\System\PuqYbnO.exe
  2⤵
  PID:9912
- C:\Windows\System\nOGoARD.exe
  C:\Windows\System\nOGoARD.exe
  2⤵
  PID:9940
- C:\Windows\System\kWrjzTz.exe
  C:\Windows\System\kWrjzTz.exe
  2⤵
  PID:9968
- C:\Windows\System\yVOnXjL.exe
  C:\Windows\System\yVOnXjL.exe
  2⤵
  PID:9996
- C:\Windows\System\mQHbSJU.exe
  C:\Windows\System\mQHbSJU.exe
  2⤵
  PID:10024
- C:\Windows\System\mRaYOLz.exe
  C:\Windows\System\mRaYOLz.exe
  2⤵
  PID:10060
- C:\Windows\System\bbDFZaQ.exe
  C:\Windows\System\bbDFZaQ.exe
  2⤵
  PID:10084
- C:\Windows\System\aqOhdTB.exe
  C:\Windows\System\aqOhdTB.exe
  2⤵
  PID:10112
- C:\Windows\System\iJpStZs.exe
  C:\Windows\System\iJpStZs.exe
  2⤵
  PID:10148
- C:\Windows\System\KoWQiIf.exe
  C:\Windows\System\KoWQiIf.exe
  2⤵
  PID:10172
- C:\Windows\System\xIwsayY.exe
  C:\Windows\System\xIwsayY.exe
  2⤵
  PID:10196
- C:\Windows\System\thNKfYg.exe
  C:\Windows\System\thNKfYg.exe
  2⤵
  PID:10232
- C:\Windows\System\SEoIoLP.exe
  C:\Windows\System\SEoIoLP.exe
  2⤵
  PID:9252
- C:\Windows\System\JewpOtx.exe
  C:\Windows\System\JewpOtx.exe
  2⤵
  PID:9312
- C:\Windows\System\JRZXeqZ.exe
  C:\Windows\System\JRZXeqZ.exe
  2⤵
  PID:9388
- C:\Windows\System\hBpHoIN.exe
  C:\Windows\System\hBpHoIN.exe
  2⤵
  PID:9452
- C:\Windows\System\YzWIbDT.exe
  C:\Windows\System\YzWIbDT.exe
  2⤵
  PID:9512
- C:\Windows\System\AmBukcV.exe
  C:\Windows\System\AmBukcV.exe
  2⤵
  PID:9588
- C:\Windows\System\XQySAzl.exe
  C:\Windows\System\XQySAzl.exe
  2⤵
  PID:9672
- C:\Windows\System\zMmOJkY.exe
  C:\Windows\System\zMmOJkY.exe
  2⤵
  PID:9712
- C:\Windows\System\eDtODBg.exe
  C:\Windows\System\eDtODBg.exe
  2⤵
  PID:9816
- C:\Windows\System\JUxfSbl.exe
  C:\Windows\System\JUxfSbl.exe
  2⤵
  PID:9872
- C:\Windows\System\MXfUloM.exe
  C:\Windows\System\MXfUloM.exe
  2⤵
  PID:9924
- C:\Windows\System\pmnRglU.exe
  C:\Windows\System\pmnRglU.exe
  2⤵
  PID:9980
- C:\Windows\System\hHMNasD.exe
  C:\Windows\System\hHMNasD.exe
  2⤵
  PID:10044
- C:\Windows\System\rXzGSvV.exe
  C:\Windows\System\rXzGSvV.exe
  2⤵
  PID:10104
- C:\Windows\System\SdjvXMh.exe
  C:\Windows\System\SdjvXMh.exe
  2⤵
  PID:9228
- C:\Windows\System\nfUNgSp.exe
  C:\Windows\System\nfUNgSp.exe
  2⤵
  PID:9364
- C:\Windows\System\foHxNIK.exe
  C:\Windows\System\foHxNIK.exe
  2⤵
  PID:9508
- C:\Windows\System\JOEuONE.exe
  C:\Windows\System\JOEuONE.exe
  2⤵
  PID:9904
- C:\Windows\System\YPsuWJQ.exe
  C:\Windows\System\YPsuWJQ.exe
  2⤵
  PID:10096
- C:\Windows\System\WTKxvBi.exe
  C:\Windows\System\WTKxvBi.exe
  2⤵
  PID:10192
- C:\Windows\System\kqKojat.exe
  C:\Windows\System\kqKojat.exe
  2⤵
  PID:9444
- C:\Windows\System\oVRAuQQ.exe
  C:\Windows\System\oVRAuQQ.exe
  2⤵
  PID:9964
- C:\Windows\System\iPdVXHs.exe
  C:\Windows\System\iPdVXHs.exe
  2⤵
  PID:10256
- C:\Windows\System\EFzhFQY.exe
  C:\Windows\System\EFzhFQY.exe
  2⤵
  PID:10288
- C:\Windows\System\fpyQUds.exe
  C:\Windows\System\fpyQUds.exe
  2⤵
  PID:10324
- C:\Windows\System\tsWtCkK.exe
  C:\Windows\System\tsWtCkK.exe
  2⤵
  PID:10356
- C:\Windows\System\VwEUQzX.exe
  C:\Windows\System\VwEUQzX.exe
  2⤵
  PID:10380
- C:\Windows\System\NODEinE.exe
  C:\Windows\System\NODEinE.exe
  2⤵
  PID:10424
- C:\Windows\System\ocYHEzQ.exe
  C:\Windows\System\ocYHEzQ.exe
  2⤵
  PID:10444
- C:\Windows\System\COSoTmr.exe
  C:\Windows\System\COSoTmr.exe
  2⤵
  PID:10472
- C:\Windows\System\cyfVkKk.exe
  C:\Windows\System\cyfVkKk.exe
  2⤵
  PID:10508
- C:\Windows\System\drmXCSL.exe
  C:\Windows\System\drmXCSL.exe
  2⤵
  PID:10528
- C:\Windows\System\ZkiwVYP.exe
  C:\Windows\System\ZkiwVYP.exe
  2⤵
  PID:10564
- C:\Windows\System\eOPpqYK.exe
  C:\Windows\System\eOPpqYK.exe
  2⤵
  PID:10584
- C:\Windows\System\zNDXnUQ.exe
  C:\Windows\System\zNDXnUQ.exe
  2⤵
  PID:10616
- C:\Windows\System\tCwMSdb.exe
  C:\Windows\System\tCwMSdb.exe
  2⤵
  PID:10648
- C:\Windows\System\iFlxZHO.exe
  C:\Windows\System\iFlxZHO.exe
  2⤵
  PID:10668
- C:\Windows\System\uSYhUYi.exe
  C:\Windows\System\uSYhUYi.exe
  2⤵
  PID:10704
- C:\Windows\System\AcnEviH.exe
  C:\Windows\System\AcnEviH.exe
  2⤵
  PID:10908
- C:\Windows\System\zDLjXYl.exe
  C:\Windows\System\zDLjXYl.exe
  2⤵
  PID:10940
- C:\Windows\System\bPReGue.exe
  C:\Windows\System\bPReGue.exe
  2⤵
  PID:10960
- C:\Windows\System\zoZbdIH.exe
  C:\Windows\System\zoZbdIH.exe
  2⤵
  PID:10988
- C:\Windows\System\oqrrzxV.exe
  C:\Windows\System\oqrrzxV.exe
  2⤵
  PID:11020
- C:\Windows\System\cioWBpB.exe
  C:\Windows\System\cioWBpB.exe
  2⤵
  PID:11048
- C:\Windows\System\YmWBuGF.exe
  C:\Windows\System\YmWBuGF.exe
  2⤵
  PID:11076
- C:\Windows\System\sVMSFAF.exe
  C:\Windows\System\sVMSFAF.exe
  2⤵
  PID:11104
- C:\Windows\System\DAVlYst.exe
  C:\Windows\System\DAVlYst.exe
  2⤵
  PID:11132
- C:\Windows\System\JjsjuUr.exe
  C:\Windows\System\JjsjuUr.exe
  2⤵
  PID:11160
- C:\Windows\System\xGwhpAP.exe
  C:\Windows\System\xGwhpAP.exe
  2⤵
  PID:11188
- C:\Windows\System\bHmQzAi.exe
  C:\Windows\System\bHmQzAi.exe
  2⤵
  PID:11216
- C:\Windows\System\ixbHMDz.exe
  C:\Windows\System\ixbHMDz.exe
  2⤵
  PID:11248
- C:\Windows\System\MzuDzRL.exe
  C:\Windows\System\MzuDzRL.exe
  2⤵
  PID:10280
- C:\Windows\System\rgtzeca.exe
  C:\Windows\System\rgtzeca.exe
  2⤵
  PID:10340
- C:\Windows\System\AflrEQF.exe
  C:\Windows\System\AflrEQF.exe
  2⤵
  PID:10408
- C:\Windows\System\hijbhTe.exe
  C:\Windows\System\hijbhTe.exe
  2⤵
  PID:10440
- C:\Windows\System\FHoDMiC.exe
  C:\Windows\System\FHoDMiC.exe
  2⤵
  PID:10544
- C:\Windows\System\KtuBydu.exe
  C:\Windows\System\KtuBydu.exe
  2⤵
  PID:10580
- C:\Windows\System\nBXQdFs.exe
  C:\Windows\System\nBXQdFs.exe
  2⤵
  PID:10632
- C:\Windows\System\CMjrDkJ.exe
  C:\Windows\System\CMjrDkJ.exe
  2⤵
  PID:10696
- C:\Windows\System\uZmpWmi.exe
  C:\Windows\System\uZmpWmi.exe
  2⤵
  PID:10748
- C:\Windows\System\iVCHDuM.exe
  C:\Windows\System\iVCHDuM.exe
  2⤵
  PID:10776
- C:\Windows\System\pwxiYfc.exe
  C:\Windows\System\pwxiYfc.exe
  2⤵
  PID:10852
- C:\Windows\System\vAbAKBo.exe
  C:\Windows\System\vAbAKBo.exe
  2⤵
  PID:10844
- C:\Windows\System\ZkAIdYC.exe
  C:\Windows\System\ZkAIdYC.exe
  2⤵
  PID:10796
- C:\Windows\System\jqKuSfe.exe
  C:\Windows\System\jqKuSfe.exe
  2⤵
  PID:10856
- C:\Windows\System\eokYhYP.exe
  C:\Windows\System\eokYhYP.exe
  2⤵
  PID:10900
- C:\Windows\System\fHvDshC.exe
  C:\Windows\System\fHvDshC.exe
  2⤵
  PID:4880
- C:\Windows\System\KYbufuL.exe
  C:\Windows\System\KYbufuL.exe
  2⤵
  PID:11012
- C:\Windows\System\oXcfDJi.exe
  C:\Windows\System\oXcfDJi.exe
  2⤵
  PID:11088
- C:\Windows\System\krPfYHz.exe
  C:\Windows\System\krPfYHz.exe
  2⤵
  PID:11124
- C:\Windows\System\jMKsfSz.exe
  C:\Windows\System\jMKsfSz.exe
  2⤵
  PID:11184
- C:\Windows\System\lQnWzAb.exe
  C:\Windows\System\lQnWzAb.exe
  2⤵
  PID:9824
- C:\Windows\System\MDPqiLs.exe
  C:\Windows\System\MDPqiLs.exe
  2⤵
  PID:1116
- C:\Windows\System\WCxbRpZ.exe
  C:\Windows\System\WCxbRpZ.exe
  2⤵
  PID:10572
- C:\Windows\System\JEIcite.exe
  C:\Windows\System\JEIcite.exe
  2⤵
  PID:10688
- C:\Windows\System\ngwiYUa.exe
  C:\Windows\System\ngwiYUa.exe
  2⤵
  PID:10772
- C:\Windows\System\YNdPNXr.exe
  C:\Windows\System\YNdPNXr.exe
  2⤵
  PID:10764
- C:\Windows\System\PxqvDeu.exe
  C:\Windows\System\PxqvDeu.exe
  2⤵
  PID:10892
- C:\Windows\System\XExwzFn.exe
  C:\Windows\System\XExwzFn.exe
  2⤵
  PID:10956
- C:\Windows\System\VnNjetW.exe
  C:\Windows\System\VnNjetW.exe
  2⤵
  PID:3132
- C:\Windows\System\QGFlLjp.exe
  C:\Windows\System\QGFlLjp.exe
  2⤵
  PID:11152
- C:\Windows\System\qHIxmhS.exe
  C:\Windows\System\qHIxmhS.exe
  2⤵
  PID:11244
- C:\Windows\System\MVHsaKi.exe
  C:\Windows\System\MVHsaKi.exe
  2⤵
  PID:10404
- C:\Windows\System\dQNQofF.exe
  C:\Windows\System\dQNQofF.exe
  2⤵
  PID:10736
- C:\Windows\System\xCJWFBp.exe
  C:\Windows\System\xCJWFBp.exe
  2⤵
  PID:10792
- C:\Windows\System\GQcnFjT.exe
  C:\Windows\System\GQcnFjT.exe
  2⤵
  PID:3060
- C:\Windows\System\gVxkNes.exe
  C:\Windows\System\gVxkNes.exe
  2⤵
  PID:3380
- C:\Windows\System\YYFnkCQ.exe
  C:\Windows\System\YYFnkCQ.exe
  2⤵
  PID:10872
- C:\Windows\System\jugrZue.exe
  C:\Windows\System\jugrZue.exe
  2⤵
  PID:11240
- C:\Windows\System\DenSTQb.exe
  C:\Windows\System\DenSTQb.exe
  2⤵
  PID:11040
- C:\Windows\System\mpNRGeN.exe
  C:\Windows\System\mpNRGeN.exe
  2⤵
  PID:11292
- C:\Windows\System\bUbjyuK.exe
  C:\Windows\System\bUbjyuK.exe
  2⤵
  PID:11320
- C:\Windows\System\GHeMGxS.exe
  C:\Windows\System\GHeMGxS.exe
  2⤵
  PID:11348
- C:\Windows\System\BrXPazP.exe
  C:\Windows\System\BrXPazP.exe
  2⤵
  PID:11376
- C:\Windows\System\tOhRtHj.exe
  C:\Windows\System\tOhRtHj.exe
  2⤵
  PID:11404
- C:\Windows\System\ACaqRak.exe
  C:\Windows\System\ACaqRak.exe
  2⤵
  PID:11436
- C:\Windows\System\QTphBrs.exe
  C:\Windows\System\QTphBrs.exe
  2⤵
  PID:11464
- C:\Windows\System\xrdTNbf.exe
  C:\Windows\System\xrdTNbf.exe
  2⤵
  PID:11492
- C:\Windows\System\qCphPxq.exe
  C:\Windows\System\qCphPxq.exe
  2⤵
  PID:11528
- C:\Windows\System\aaRNyRs.exe
  C:\Windows\System\aaRNyRs.exe
  2⤵
  PID:11552
- C:\Windows\System\WruPabl.exe
  C:\Windows\System\WruPabl.exe
  2⤵
  PID:11580
- C:\Windows\System\QmCxXKB.exe
  C:\Windows\System\QmCxXKB.exe
  2⤵
  PID:11608
- C:\Windows\System\uSDOuEa.exe
  C:\Windows\System\uSDOuEa.exe
  2⤵
  PID:11636
- C:\Windows\System\yxAZaXr.exe
  C:\Windows\System\yxAZaXr.exe
  2⤵
  PID:11668
- C:\Windows\System\eMFPLyq.exe
  C:\Windows\System\eMFPLyq.exe
  2⤵
  PID:11700
- C:\Windows\System\ofNsGYD.exe
  C:\Windows\System\ofNsGYD.exe
  2⤵
  PID:11728
- C:\Windows\System\oHyorTF.exe
  C:\Windows\System\oHyorTF.exe
  2⤵
  PID:11756
- C:\Windows\System\kKFpoMx.exe
  C:\Windows\System\kKFpoMx.exe
  2⤵
  PID:11784
- C:\Windows\System\KnMbGVb.exe
  C:\Windows\System\KnMbGVb.exe
  2⤵
  PID:11812
- C:\Windows\System\QkiZmIN.exe
  C:\Windows\System\QkiZmIN.exe
  2⤵
  PID:11840
- C:\Windows\System\MTRTRDy.exe
  C:\Windows\System\MTRTRDy.exe
  2⤵
  PID:11868
- C:\Windows\System\WTCIrAm.exe
  C:\Windows\System\WTCIrAm.exe
  2⤵
  PID:11896
- C:\Windows\System\IySkGmr.exe
  C:\Windows\System\IySkGmr.exe
  2⤵
  PID:11924
- C:\Windows\System\TjbsyVj.exe
  C:\Windows\System\TjbsyVj.exe
  2⤵
  PID:11952
- C:\Windows\System\eNOfxvS.exe
  C:\Windows\System\eNOfxvS.exe
  2⤵
  PID:11980
- C:\Windows\System\qQXzBBF.exe
  C:\Windows\System\qQXzBBF.exe
  2⤵
  PID:12020
- C:\Windows\System\WGabqyy.exe
  C:\Windows\System\WGabqyy.exe
  2⤵
  PID:12040
- C:\Windows\System\kxVUpbp.exe
  C:\Windows\System\kxVUpbp.exe
  2⤵
  PID:12068
- C:\Windows\System\JicxOqr.exe
  C:\Windows\System\JicxOqr.exe
  2⤵
  PID:12096
- C:\Windows\System\eVNnpGy.exe
  C:\Windows\System\eVNnpGy.exe
  2⤵
  PID:12124
- C:\Windows\System\NbOBfYL.exe
  C:\Windows\System\NbOBfYL.exe
  2⤵
  PID:12152
- C:\Windows\System\qYXXgLp.exe
  C:\Windows\System\qYXXgLp.exe
  2⤵
  PID:12180
- C:\Windows\System\CsBYJDF.exe
  C:\Windows\System\CsBYJDF.exe
  2⤵
  PID:12208
- C:\Windows\System\GNKzBcp.exe
  C:\Windows\System\GNKzBcp.exe
  2⤵
  PID:12236
- C:\Windows\System\OftdRws.exe
  C:\Windows\System\OftdRws.exe
  2⤵
  PID:12264
- C:\Windows\System\smBeFJv.exe
  C:\Windows\System\smBeFJv.exe
  2⤵
  PID:11116
- C:\Windows\System\MxSVUAC.exe
  C:\Windows\System\MxSVUAC.exe
  2⤵
  PID:11332
- C:\Windows\System\KbybEhN.exe
  C:\Windows\System\KbybEhN.exe
  2⤵
  PID:11388
- C:\Windows\System\gcJSpdE.exe
  C:\Windows\System\gcJSpdE.exe
  2⤵
  PID:11448
- C:\Windows\System\UwgaIby.exe
  C:\Windows\System\UwgaIby.exe
  2⤵
  PID:11504
- C:\Windows\System\LpBDpRg.exe
  C:\Windows\System\LpBDpRg.exe
  2⤵
  PID:11592
- C:\Windows\System\nhPAncj.exe
  C:\Windows\System\nhPAncj.exe
  2⤵
  PID:11676
- C:\Windows\System\hGEfizB.exe
  C:\Windows\System\hGEfizB.exe
  2⤵
  PID:11724
- C:\Windows\System\BuOruoT.exe
  C:\Windows\System\BuOruoT.exe
  2⤵
  PID:11796
- C:\Windows\System\rQutskE.exe
  C:\Windows\System\rQutskE.exe
  2⤵
  PID:11860
- C:\Windows\System\RXWCEhm.exe
  C:\Windows\System\RXWCEhm.exe
  2⤵
  PID:4936
- C:\Windows\System\DRRjIoo.exe
  C:\Windows\System\DRRjIoo.exe
  2⤵
  PID:11972
- C:\Windows\System\czguYAt.exe
  C:\Windows\System\czguYAt.exe
  2⤵
  PID:12004
- C:\Windows\System\oZIxPYN.exe
  C:\Windows\System\oZIxPYN.exe
  2⤵
  PID:12064
- C:\Windows\System\BOCAFDA.exe
  C:\Windows\System\BOCAFDA.exe
  2⤵
  PID:12136
- C:\Windows\System\NaAZgmI.exe
  C:\Windows\System\NaAZgmI.exe
  2⤵
  PID:12204
- C:\Windows\System\XImXFje.exe
  C:\Windows\System\XImXFje.exe
  2⤵
  PID:11304
- C:\Windows\System\zVWbsaE.exe
  C:\Windows\System\zVWbsaE.exe
  2⤵
  PID:11368
- C:\Windows\System\dSEQLxX.exe
  C:\Windows\System\dSEQLxX.exe
  2⤵
  PID:11488
- C:\Windows\System\EkPLilS.exe
  C:\Windows\System\EkPLilS.exe
  2⤵
  PID:11696
- C:\Windows\System\lXTEhOZ.exe
  C:\Windows\System\lXTEhOZ.exe
  2⤵
  PID:10276
- C:\Windows\System\JPpXSNR.exe
  C:\Windows\System\JPpXSNR.exe
  2⤵
  PID:11720
- C:\Windows\System\WaMtCRi.exe
  C:\Windows\System\WaMtCRi.exe
  2⤵
  PID:11888
- C:\Windows\System\sauDaWp.exe
  C:\Windows\System\sauDaWp.exe
  2⤵
  PID:12016
- C:\Windows\System\NVYrxKl.exe
  C:\Windows\System\NVYrxKl.exe
  2⤵
  PID:12116
- C:\Windows\System\iIaRUFH.exe
  C:\Windows\System\iIaRUFH.exe
  2⤵
  PID:12284
- C:\Windows\System\NDRlnxt.exe
  C:\Windows\System\NDRlnxt.exe
  2⤵
  PID:11648
- C:\Windows\System\GFCMYnC.exe
  C:\Windows\System\GFCMYnC.exe
  2⤵
  PID:9760
- C:\Windows\System\zXugYGJ.exe
  C:\Windows\System\zXugYGJ.exe
  2⤵
  PID:3196
- C:\Windows\System\pVpvYNg.exe
  C:\Windows\System\pVpvYNg.exe
  2⤵
  PID:11344
- C:\Windows\System\kCTUInz.exe
  C:\Windows\System\kCTUInz.exe
  2⤵
  PID:11936
- C:\Windows\System\WdPKoXh.exe
  C:\Windows\System\WdPKoXh.exe
  2⤵
  PID:11836
- C:\Windows\System\IWFEcji.exe
  C:\Windows\System\IWFEcji.exe
  2⤵
  PID:12304
- C:\Windows\System\SDrwYYx.exe
  C:\Windows\System\SDrwYYx.exe
  2⤵
  PID:12332
- C:\Windows\System\QllobIV.exe
  C:\Windows\System\QllobIV.exe
  2⤵
  PID:12360
- C:\Windows\System\qlEAfOH.exe
  C:\Windows\System\qlEAfOH.exe
  2⤵
  PID:12388
- C:\Windows\System\aExdvEs.exe
  C:\Windows\System\aExdvEs.exe
  2⤵
  PID:12416
- C:\Windows\System\SBGMywY.exe
  C:\Windows\System\SBGMywY.exe
  2⤵
  PID:12444
- C:\Windows\System\fjSPTcg.exe
  C:\Windows\System\fjSPTcg.exe
  2⤵
  PID:12472
- C:\Windows\System\hYOUDAp.exe
  C:\Windows\System\hYOUDAp.exe
  2⤵
  PID:12500
- C:\Windows\System\qvtcLHS.exe
  C:\Windows\System\qvtcLHS.exe
  2⤵
  PID:12544
- C:\Windows\System\biHllVE.exe
  C:\Windows\System\biHllVE.exe
  2⤵
  PID:12560
- C:\Windows\System\vCHDVKb.exe
  C:\Windows\System\vCHDVKb.exe
  2⤵
  PID:12592
- C:\Windows\System\oeZydph.exe
  C:\Windows\System\oeZydph.exe
  2⤵
  PID:12616
- C:\Windows\System\fSfiuOQ.exe
  C:\Windows\System\fSfiuOQ.exe
  2⤵
  PID:12644
- C:\Windows\System\drnAwyW.exe
  C:\Windows\System\drnAwyW.exe
  2⤵
  PID:12672
- C:\Windows\System\jEzzMiH.exe
  C:\Windows\System\jEzzMiH.exe
  2⤵
  PID:12704
- C:\Windows\System\qYJOgFi.exe
  C:\Windows\System\qYJOgFi.exe
  2⤵
  PID:12728
- C:\Windows\System\oPMCBcw.exe
  C:\Windows\System\oPMCBcw.exe
  2⤵
  PID:12756
- C:\Windows\System\UAlfPRn.exe
  C:\Windows\System\UAlfPRn.exe
  2⤵
  PID:12784
- C:\Windows\System\VKriARd.exe
  C:\Windows\System\VKriARd.exe
  2⤵
  PID:12812
- C:\Windows\System\iMYCknu.exe
  C:\Windows\System\iMYCknu.exe
  2⤵
  PID:12848
- C:\Windows\System\EyXvmKA.exe
  C:\Windows\System\EyXvmKA.exe
  2⤵
  PID:12868
- C:\Windows\System\kknsXcl.exe
  C:\Windows\System\kknsXcl.exe
  2⤵
  PID:12896
- C:\Windows\System\rTxlAAW.exe
  C:\Windows\System\rTxlAAW.exe
  2⤵
  PID:12924
- C:\Windows\System\GGaLxle.exe
  C:\Windows\System\GGaLxle.exe
  2⤵
  PID:12952
- C:\Windows\System\EYtQwlU.exe
  C:\Windows\System\EYtQwlU.exe
  2⤵
  PID:12988
- C:\Windows\System\woNtkUD.exe
  C:\Windows\System\woNtkUD.exe
  2⤵
  PID:13008
- C:\Windows\System\sZFcagb.exe
  C:\Windows\System\sZFcagb.exe
  2⤵
  PID:13036
- C:\Windows\System\FmHQXLm.exe
  C:\Windows\System\FmHQXLm.exe
  2⤵
  PID:13072
- C:\Windows\System\aaGbvfP.exe
  C:\Windows\System\aaGbvfP.exe
  2⤵
  PID:13096
- C:\Windows\System\bXemucz.exe
  C:\Windows\System\bXemucz.exe
  2⤵
  PID:13120
- C:\Windows\System\hbjTyNL.exe
  C:\Windows\System\hbjTyNL.exe
  2⤵
  PID:13148
- C:\Windows\System\xAkOvTF.exe
  C:\Windows\System\xAkOvTF.exe
  2⤵
  PID:13176
- C:\Windows\System\HdlNHDF.exe
  C:\Windows\System\HdlNHDF.exe
  2⤵
  PID:13212
- C:\Windows\System\lLqpcKT.exe
  C:\Windows\System\lLqpcKT.exe
  2⤵
  PID:13232
- C:\Windows\System\iYyhJDV.exe
  C:\Windows\System\iYyhJDV.exe
  2⤵
  PID:13260
- C:\Windows\System\MsRbuow.exe
  C:\Windows\System\MsRbuow.exe
  2⤵
  PID:13288
- C:\Windows\System\EIdAmAh.exe
  C:\Windows\System\EIdAmAh.exe
  2⤵
  PID:12300
- C:\Windows\System\cWNgGez.exe
  C:\Windows\System\cWNgGez.exe
  2⤵
  PID:12372
- C:\Windows\System\APzIyRv.exe
  C:\Windows\System\APzIyRv.exe
  2⤵
  PID:12428
- C:\Windows\System\FRbbNeZ.exe
  C:\Windows\System\FRbbNeZ.exe
  2⤵
  PID:12492
- C:\Windows\System\NhVZKFq.exe
  C:\Windows\System\NhVZKFq.exe
  2⤵
  PID:12576
- C:\Windows\System\mKyLSdf.exe
  C:\Windows\System\mKyLSdf.exe
  2⤵
  PID:12628
- C:\Windows\System\TZJvQKu.exe
  C:\Windows\System\TZJvQKu.exe
  2⤵
  PID:12692
- C:\Windows\System\JzEjqki.exe
  C:\Windows\System\JzEjqki.exe
  2⤵
  PID:12752
- C:\Windows\System\svpSOoj.exe
  C:\Windows\System\svpSOoj.exe
  2⤵
  PID:12824
- C:\Windows\System\EZTqzLV.exe
  C:\Windows\System\EZTqzLV.exe
  2⤵
  PID:12888
- C:\Windows\System\yCotZZj.exe
  C:\Windows\System\yCotZZj.exe
  2⤵
  PID:12948
- C:\Windows\System\ImCIbqZ.exe
  C:\Windows\System\ImCIbqZ.exe
  2⤵
  PID:13024
- C:\Windows\System\DtnFgkx.exe
  C:\Windows\System\DtnFgkx.exe
  2⤵
  PID:13084
- C:\Windows\System\SOJszyD.exe
  C:\Windows\System\SOJszyD.exe
  2⤵
  PID:13140
- C:\Windows\System\bxCeAKV.exe
  C:\Windows\System\bxCeAKV.exe
  2⤵
  PID:13200
- C:\Windows\System\goGYUFS.exe
  C:\Windows\System\goGYUFS.exe
  2⤵
  PID:13276
- C:\Windows\System\BdIQYYM.exe
  C:\Windows\System\BdIQYYM.exe
  2⤵
  PID:12352
- C:\Windows\System\PUetJkp.exe
  C:\Windows\System\PUetJkp.exe
  2⤵
  PID:12484
- C:\Windows\System\gVMEaBW.exe
  C:\Windows\System\gVMEaBW.exe
  2⤵
  PID:12664
- C:\Windows\System\lYVljQm.exe
  C:\Windows\System\lYVljQm.exe
  2⤵
  PID:12804
- C:\Windows\System\fbUKjDe.exe
  C:\Windows\System\fbUKjDe.exe
  2⤵
  PID:12944
- C:\Windows\System\nNAAJPI.exe
  C:\Windows\System\nNAAJPI.exe
  2⤵
  PID:13108
- C:\Windows\System\kucXhJm.exe
  C:\Windows\System\kucXhJm.exe
  2⤵
  PID:13252
- C:\Windows\System\hhRoUnc.exe
  C:\Windows\System\hhRoUnc.exe
  2⤵
  PID:12468
- C:\Windows\System\cXQZsAX.exe
  C:\Windows\System\cXQZsAX.exe
  2⤵
  PID:12864
- C:\Windows\System\JPHNdyo.exe
  C:\Windows\System\JPHNdyo.exe
  2⤵
  PID:13196
- C:\Windows\System\JHFvIcX.exe
  C:\Windows\System\JHFvIcX.exe
  2⤵
  PID:12748
- C:\Windows\System\DiDHePI.exe
  C:\Windows\System\DiDHePI.exe
  2⤵
  PID:12612
- C:\Windows\System\rhwsHhL.exe
  C:\Windows\System\rhwsHhL.exe
  2⤵
  PID:13332
- C:\Windows\System\nuBBQzJ.exe
  C:\Windows\System\nuBBQzJ.exe
  2⤵
  PID:13380
- C:\Windows\System\OGfDoCj.exe
  C:\Windows\System\OGfDoCj.exe
  2⤵
  PID:13396
- C:\Windows\System\ozoRrvJ.exe
  C:\Windows\System\ozoRrvJ.exe
  2⤵
  PID:13424
- C:\Windows\System\JPkElBt.exe
  C:\Windows\System\JPkElBt.exe
  2⤵
  PID:13452
- C:\Windows\System\kTlKVEj.exe
  C:\Windows\System\kTlKVEj.exe
  2⤵
  PID:13480
- C:\Windows\System\jBYkaOb.exe
  C:\Windows\System\jBYkaOb.exe
  2⤵
  PID:13508
- C:\Windows\System\BsAaEyt.exe
  C:\Windows\System\BsAaEyt.exe
  2⤵
  PID:13536
- C:\Windows\System\ERJNOrK.exe
  C:\Windows\System\ERJNOrK.exe
  2⤵
  PID:13564
- C:\Windows\System\tmcTjOh.exe
  C:\Windows\System\tmcTjOh.exe
  2⤵
  PID:13592
- C:\Windows\System\xmBljGv.exe
  C:\Windows\System\xmBljGv.exe
  2⤵
  PID:13620
- C:\Windows\System\CJWHMiO.exe
  C:\Windows\System\CJWHMiO.exe
  2⤵
  PID:13648
- C:\Windows\System\ozvLTsV.exe
  C:\Windows\System\ozvLTsV.exe
  2⤵
  PID:13676
- C:\Windows\System\ArXdoXo.exe
  C:\Windows\System\ArXdoXo.exe
  2⤵
  PID:13704
- C:\Windows\System\emJHiMg.exe
  C:\Windows\System\emJHiMg.exe
  2⤵
  PID:13732
- C:\Windows\System\YwgsHOx.exe
  C:\Windows\System\YwgsHOx.exe
  2⤵
  PID:13760
- C:\Windows\System\IwzdBWa.exe
  C:\Windows\System\IwzdBWa.exe
  2⤵
  PID:13788
- C:\Windows\System\DeyuSnt.exe
  C:\Windows\System\DeyuSnt.exe
  2⤵
  PID:13816
- C:\Windows\System\yAmchOR.exe
  C:\Windows\System\yAmchOR.exe
  2⤵
  PID:13844
- C:\Windows\System\wuXJgzP.exe
  C:\Windows\System\wuXJgzP.exe
  2⤵
  PID:13872
- C:\Windows\System\UQuqdtp.exe
  C:\Windows\System\UQuqdtp.exe
  2⤵
  PID:13900
- C:\Windows\System\reXEjSB.exe
  C:\Windows\System\reXEjSB.exe
  2⤵
  PID:13936
- C:\Windows\System\cjPSwmt.exe
  C:\Windows\System\cjPSwmt.exe
  2⤵
  PID:13964
- C:\Windows\System\byZPIag.exe
  C:\Windows\System\byZPIag.exe
  2⤵
  PID:13992
- C:\Windows\System\IsBBVTy.exe
  C:\Windows\System\IsBBVTy.exe
  2⤵
  PID:14020
- C:\Windows\System\YTTDIZd.exe
  C:\Windows\System\YTTDIZd.exe
  2⤵
  PID:14064
- C:\Windows\System\odPcWTs.exe
  C:\Windows\System\odPcWTs.exe
  2⤵
  PID:14084
- C:\Windows\System\rGcQYkM.exe
  C:\Windows\System\rGcQYkM.exe
  2⤵
  PID:14112
- C:\Windows\System\oYzDJcO.exe
  C:\Windows\System\oYzDJcO.exe
  2⤵
  PID:14148
- C:\Windows\System\nZycHJN.exe
  C:\Windows\System\nZycHJN.exe
  2⤵
  PID:14172
- C:\Windows\System\MVlZtVw.exe
  C:\Windows\System\MVlZtVw.exe
  2⤵
  PID:14200
- C:\Windows\System\BFZwEzH.exe
  C:\Windows\System\BFZwEzH.exe
  2⤵
  PID:14236
- C:\Windows\System\SqSprDR.exe
  C:\Windows\System\SqSprDR.exe
  2⤵
  PID:14272
- C:\Windows\System\NiHfJfS.exe
  C:\Windows\System\NiHfJfS.exe
  2⤵
  PID:14296
- C:\Windows\System\PRxAPGx.exe
  C:\Windows\System\PRxAPGx.exe
  2⤵
  PID:14328
- C:\Windows\System\chZvQlb.exe
  C:\Windows\System\chZvQlb.exe
  2⤵
  PID:1264
- C:\Windows\System\pjWPgyh.exe
  C:\Windows\System\pjWPgyh.exe
  2⤵
  PID:13376
- C:\Windows\System\zuzwDNy.exe
  C:\Windows\System\zuzwDNy.exe
  2⤵
  PID:13364
- C:\Windows\System\oOfdKhJ.exe
  C:\Windows\System\oOfdKhJ.exe
  2⤵
  PID:13444
- C:\Windows\System\qnIHQPJ.exe
  C:\Windows\System\qnIHQPJ.exe
  2⤵
  PID:13520
- C:\Windows\System\xqtpLdQ.exe
  C:\Windows\System\xqtpLdQ.exe
  2⤵
  PID:1640
- C:\Windows\System\aWwEyBZ.exe
  C:\Windows\System\aWwEyBZ.exe
  2⤵
  PID:13584
- C:\Windows\System\WzCbwlv.exe
  C:\Windows\System\WzCbwlv.exe
  2⤵
  PID:13640
- C:\Windows\System\qXsNrfS.exe
  C:\Windows\System\qXsNrfS.exe
  2⤵
  PID:2324
- C:\Windows\System\ZSpKIqs.exe
  C:\Windows\System\ZSpKIqs.exe
  2⤵
  PID:13696
- C:\Windows\System\WEYCPkZ.exe
  C:\Windows\System\WEYCPkZ.exe
  2⤵
  PID:13744
- C:\Windows\System\zrjMxSG.exe
  C:\Windows\System\zrjMxSG.exe
  2⤵
  PID:13800
- C:\Windows\System\VpXTFwP.exe
  C:\Windows\System\VpXTFwP.exe
  2⤵
  PID:13864
- C:\Windows\System\TCsdxpq.exe
  C:\Windows\System\TCsdxpq.exe
  2⤵
  PID:3880
- C:\Windows\System\OdsjEsh.exe
  C:\Windows\System\OdsjEsh.exe
  2⤵
  PID:13988
- C:\Windows\System\qWnXgNP.exe
  C:\Windows\System\qWnXgNP.exe
  2⤵
  PID:14044
- C:\Windows\System\gFZqehp.exe
  C:\Windows\System\gFZqehp.exe
  2⤵
  PID:244
- C:\Windows\System\DnUjjHQ.exe
  C:\Windows\System\DnUjjHQ.exe
  2⤵
  PID:14132
- C:\Windows\System\zfBULJe.exe
  C:\Windows\System\zfBULJe.exe
  2⤵
  PID:14156
- C:\Windows\System\RFtVLJc.exe
  C:\Windows\System\RFtVLJc.exe
  2⤵
  PID:14192
- C:\Windows\System\YNbHHzE.exe
  C:\Windows\System\YNbHHzE.exe
  2⤵
  PID:4444
- C:\Windows\System\AJRKjct.exe
  C:\Windows\System\AJRKjct.exe
  2⤵
  PID:14256
- C:\Windows\System\AmvtQIv.exe
  C:\Windows\System\AmvtQIv.exe
  2⤵
  PID:4144
- C:\Windows\System\VLeqsCP.exe
  C:\Windows\System\VLeqsCP.exe
  2⤵
  PID:14316
- C:\Windows\System\HGdFiWR.exe
  C:\Windows\System\HGdFiWR.exe
  2⤵
  PID:4732
- C:\Windows\System\LCQjMbS.exe
  C:\Windows\System\LCQjMbS.exe
  2⤵
  PID:13932
- C:\Windows\System\cpsTCMk.exe
  C:\Windows\System\cpsTCMk.exe
  2⤵
  PID:4796
- C:\Windows\System\iMHNlkV.exe
  C:\Windows\System\iMHNlkV.exe
  2⤵
  PID:14304
- C:\Windows\System\qGFJnEo.exe
  C:\Windows\System\qGFJnEo.exe
  2⤵
  PID:3164
- C:\Windows\System\tKjRLzz.exe
  C:\Windows\System\tKjRLzz.exe
  2⤵
  PID:13612
- C:\Windows\System\nqBLaOE.exe
  C:\Windows\System\nqBLaOE.exe
  2⤵
  PID:3944
- C:\Windows\System\uezVymO.exe
  C:\Windows\System\uezVymO.exe
  2⤵
  PID:4540
- C:\Windows\System\OWYwMkt.exe
  C:\Windows\System\OWYwMkt.exe
  2⤵
  PID:13784
- C:\Windows\System\RGyGfvT.exe
  C:\Windows\System\RGyGfvT.exe
  2⤵
  PID:13896
- C:\Windows\System\EVrhohn.exe
  C:\Windows\System\EVrhohn.exe
  2⤵
  PID:3680
- C:\Windows\System\LxTfnIw.exe
  C:\Windows\System\LxTfnIw.exe
  2⤵
  PID:4548
- C:\Windows\System\nABYdFS.exe
  C:\Windows\System\nABYdFS.exe
  2⤵
  PID:4456
- C:\Windows\System\CUBBmDN.exe
  C:\Windows\System\CUBBmDN.exe
  2⤵
  PID:3652
- C:\Windows\System\SspPlKw.exe
  C:\Windows\System\SspPlKw.exe
  2⤵
  PID:2960
- C:\Windows\System\aVtcFgQ.exe
  C:\Windows\System\aVtcFgQ.exe
  2⤵
  PID:3544
- C:\Windows\System\PZoSyrC.exe
  C:\Windows\System\PZoSyrC.exe
  2⤵
  PID:14096
- C:\Windows\System\GMCVzcb.exe
  C:\Windows\System\GMCVzcb.exe
  2⤵
  PID:1780
- C:\Windows\System\pJRyEoz.exe
  C:\Windows\System\pJRyEoz.exe
  2⤵
  PID:1428
- C:\Windows\System\tdddeAA.exe
  C:\Windows\System\tdddeAA.exe
  2⤵
  PID:4348
- C:\Windows\System\vnCzlsC.exe
  C:\Windows\System\vnCzlsC.exe
  2⤵
  PID:1788
- C:\Windows\System\HumuvcD.exe
  C:\Windows\System\HumuvcD.exe
  2⤵
  PID:3200
- C:\Windows\System\mlLWgTD.exe
  C:\Windows\System\mlLWgTD.exe
  2⤵
  PID:3812
- C:\Windows\System\YFoVtRS.exe
  C:\Windows\System\YFoVtRS.exe
  2⤵
  PID:3576
- C:\Windows\System\Cezryvf.exe
  C:\Windows\System\Cezryvf.exe
  2⤵
  PID:1828
- C:\Windows\System\AajWvgQ.exe
  C:\Windows\System\AajWvgQ.exe
  2⤵
  PID:4952
- C:\Windows\System\UzOxINO.exe
  C:\Windows\System\UzOxINO.exe
  2⤵
  PID:3144
- C:\Windows\System\FAyUyzb.exe
  C:\Windows\System\FAyUyzb.exe
  2⤵
  PID:2768
- C:\Windows\System\ahrLGjm.exe
  C:\Windows\System\ahrLGjm.exe
  2⤵
  PID:13756
- C:\Windows\System\HCHBTHX.exe
  C:\Windows\System\HCHBTHX.exe
  2⤵
  PID:2916
- C:\Windows\System\KDWDJea.exe
  C:\Windows\System\KDWDJea.exe
  2⤵
  PID:4460
- C:\Windows\System\KQIBenO.exe
  C:\Windows\System\KQIBenO.exe
  2⤵
  PID:1444
- C:\Windows\System\esybepB.exe
  C:\Windows\System\esybepB.exe
  2⤵
  PID:2184
- C:\Windows\System\ogLPnql.exe
  C:\Windows\System\ogLPnql.exe
  2⤵
  PID:3440
- C:\Windows\System\krQSscP.exe
  C:\Windows\System\krQSscP.exe
  2⤵
  PID:5228
- C:\Windows\System\btvuFAQ.exe
  C:\Windows\System\btvuFAQ.exe
  2⤵
  PID:4416
- C:\Windows\System\iYMueNx.exe
  C:\Windows\System\iYMueNx.exe
  2⤵
  PID:4172
- C:\Windows\System\wvTcgqU.exe
  C:\Windows\System\wvTcgqU.exe
  2⤵
  PID:14312
- C:\Windows\System\JOVHXHY.exe
  C:\Windows\System\JOVHXHY.exe
  2⤵
  PID:5428
- C:\Windows\System\pZbrUma.exe
  C:\Windows\System\pZbrUma.exe
  2⤵
  PID:2176
- C:\Windows\System\jXCSoBp.exe
  C:\Windows\System\jXCSoBp.exe
  2⤵
  PID:2096
- C:\Windows\System\laxuVNJ.exe
  C:\Windows\System\laxuVNJ.exe
  2⤵
  PID:644
- C:\Windows\System\XplVjwK.exe
  C:\Windows\System\XplVjwK.exe
  2⤵
  PID:5592
- C:\Windows\System\kqAJvcZ.exe
  C:\Windows\System\kqAJvcZ.exe
  2⤵
  PID:1448
- C:\Windows\System\MDwbqVK.exe
  C:\Windows\System\MDwbqVK.exe
  2⤵
  PID:1968
- C:\Windows\System\UfhgmMw.exe
  C:\Windows\System\UfhgmMw.exe
  2⤵
  PID:5708
- C:\Windows\System\QSJvAUa.exe
  C:\Windows\System\QSJvAUa.exe
  2⤵
  PID:3764
- C:\Windows\System\zzRMciY.exe
  C:\Windows\System\zzRMciY.exe
  2⤵
  PID:5804
- C:\Windows\System\UUgtxKp.exe
  C:\Windows\System\UUgtxKp.exe
  2⤵
  PID:11688
- C:\Windows\System\QhXqqoD.exe
  C:\Windows\System\QhXqqoD.exe
  2⤵
  PID:2672
- C:\Windows\System\VewzWKa.exe
  C:\Windows\System\VewzWKa.exe
  2⤵
  PID:5916
- C:\Windows\System\bJKNkqv.exe
  C:\Windows\System\bJKNkqv.exe
  2⤵
  PID:5976
- C:\Windows\System\DEeWTHR.exe
  C:\Windows\System\DEeWTHR.exe
  2⤵
  PID:6036
- C:\Windows\System\ZFKQwsZ.exe
  C:\Windows\System\ZFKQwsZ.exe
  2⤵
  PID:2080
- C:\Windows\System\poIdWaG.exe
  C:\Windows\System\poIdWaG.exe
  2⤵
  PID:5404
- C:\Windows\System\bvOBQkm.exe
  C:\Windows\System\bvOBQkm.exe
  2⤵
  PID:5460
- C:\Windows\System\cvdrTAW.exe
  C:\Windows\System\cvdrTAW.exe
  2⤵
  PID:5508
- C:\Windows\System\AfyFpuW.exe
  C:\Windows\System\AfyFpuW.exe
  2⤵
  PID:4380

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AgWRyqq.exe

Filesize
6.0MB

MD5
47d4181511e1b4a4a2adac50c67e2a5b

SHA1
96eb6a5754daedae1e4e6c20d3a7d158218d3743

SHA256
c159f5973df576adf1c0e91414046c9b84e8b5b1ea747a3208368bdc91d0077b

SHA512
2c9e41f674290780d0fb1fefdb4bf03b14899edfe07acdc985fa671fe36c34c9dba5a634d2c6c9b8f4308b7b470c5cca295fed8dffb8d5d5805f1eb70afc51be

Download Submit
C:\Windows\System\BvKKonz.exe

Filesize
6.0MB

MD5
cb629ca7bead2a08a2d1e1813e735b9a

SHA1
3dc5b324e5f0d45f0fdff5307605e51f3f79f3dd

SHA256
ea53f533d572194add50cc46fef32da952b744fdcfb4a7679bb2367ee439a764

SHA512
fdd8324e8f93768fdcae87b7ce5a3a97e223c04ed50af252b20bcc51bd8d4e6f385ea8e121b3a4a3f580e837d30ae82e1013493d63a6350bb43c17cf80c08c0e

Download Submit
C:\Windows\System\DrnXawP.exe

Filesize
6.0MB

MD5
e0ba81e772d3c43e263ed8eb4e7f3ed9

SHA1
56ad91d5a59395a781dcecd80d3381f142744a91

SHA256
1d19daaca6fd42fb4511267a9e0ad3b2bb8fa5db36e397e404413894ca5221f8

SHA512
ca30067b7a983b2bb02dbcdebbcaff5956ee2a94eebe90d4c666c2da398ca8456239fd7efb781dc42658c5430b1f9a0f3e5acdbfdb59ad2a750de7931a7374c7

Download Submit
C:\Windows\System\EcTzZqD.exe

Filesize
6.0MB

MD5
651dc98f0ddc701c079401a2dabfc986

SHA1
83d8c6c39874d59a8b93516a5910acc4b959af38

SHA256
e3384a7e092505d0f4bcec6ca509c70baa4af7aa992b745cf8436ceb4c8b5003

SHA512
cb97007df33edde2127060cd75165a39aa597c554cce2e01586ad17aab62a63236162cddb7a7c9cf645313759ef1062e94402f0ef8113bf1838eee5aa5f64dc8

Download Submit
C:\Windows\System\EwJmMDh.exe

Filesize
6.0MB

MD5
ed2746a8ad869109add642c3593529d3

SHA1
b70544324732fe0d283e9c0a39717edb9e2264f8

SHA256
3658ff988504e2ce0240d75012a24cef009237db114b93c3a943b86552b92b18

SHA512
9f95d011010c18bd3bdc1920c89ecd3c6f7403e9285b50f36dd507bf64c881e5ce0b1356d0aecb019b6bd9ce589c9615a25fe82e0c8396538767b02c8ca3835e

Download Submit
C:\Windows\System\FeifXLk.exe

Filesize
6.0MB

MD5
fed54abb05894b5e5078cf039badf69b

SHA1
31fb54863e9aa39f4c1c43ee94b07a63a747da35

SHA256
3fc229294a9950e06399ac2adb4074f84415e50da89c624432ab3b5dffa774a6

SHA512
09221151c81cd27dc768a38fbbf9dba3a360541605538c935431c8b8cb9108b475c64fa4b94b182ba1a0e029386b98a4c96e7228dab9dd74f1a1352e9f7e5dcb

Download Submit
C:\Windows\System\FgQNtwr.exe

Filesize
6.0MB

MD5
e410220d187b61e6493e558bc198b780

SHA1
507500851706357e2a6c3bcd473f9a65dac25732

SHA256
c1e59015668ffd9624de2ca465ec1d9a73d77a0db6005debd6f54ca2ffcb05d2

SHA512
7be31d37c221f27055f66f8e27ca7e2524a722f30887272669d397e5134617e7c6223b31c097959c8981709bc2e5fd80c03c79721b75ff00be59612b27a480b6

Download Submit
C:\Windows\System\FtxRkji.exe

Filesize
6.0MB

MD5
c1ba3643bb19c5300b806886c8a5ad65

SHA1
a86484498968b5dd710b729aaa6c8719d040b38e

SHA256
a664154903c6402c40982655ef30440a6ffc3408bc8fe8c3b6c27c6bfb7ab3f2

SHA512
96c11ae6bac5e7dc236a23f4cc46c8d289cb0030a3e9cc5b7777bd3433a0816d26a3164ada05ae5841918b125001e340824eb96e93f2045f60b7b50e31a4bdb9

Download Submit
C:\Windows\System\ILwpmYf.exe

Filesize
6.0MB

MD5
25985a604f51dad25484b989e8948afa

SHA1
af5f66234cafd5d5eb66fd88655f5810c909dda4

SHA256
dcf6176305c0f117d7ee44c8711c07e790fae9ad3f621e6339ecc152d41a17d4

SHA512
317118cd72a6b110c64fd5ab925632171f206ac7cf963ee93c5fb663e186223a98aaaea3b5b0e33b10fafbe2c7c86293645b8d83ff66cbf265a2305f643081bb

Download Submit
C:\Windows\System\IlMzkWS.exe

Filesize
6.0MB

MD5
4c5da13a3ab3f6a93fd05a1de749c53a

SHA1
08bd92d11a12bd75ca2a5847b98abeb13f1c3c43

SHA256
4f4156a2ab06bffcfa98d44995e8010cb3249d249371f523b185fef282a5228d

SHA512
a5d5d2c782453043dc6e5adf0d840abf3973a3563dd2d6bc20c3b0b4d2d412885123cf23c02d1b25e1bf82cf025729c92e9a7702219bbfaf99e8a0ebd2c3c583

Download Submit
C:\Windows\System\JDPdFDc.exe

Filesize
6.0MB

MD5
073223cd4a5800b66714a831f843016f

SHA1
62d3840fa9ff3305f813d72cf6cc295d0acdc532

SHA256
f285fe70bf774e252a57526cc898152cc48f306d27c238109e005a6610104eb8

SHA512
3bbde670389cc27a6e74c2ea7d53747429514b4a11d7873239ac8aa6da73aea0554d68090b20f21b9a876e146a4240b3781bbaf03721f4baab218aa204d4b208

Download Submit
C:\Windows\System\JHLoszd.exe

Filesize
6.0MB

MD5
3a2f6f225662739c9e96d3d75fa2e392

SHA1
d1c4a1f901998dcd9e87f1f129557da09f57a968

SHA256
777bf5eff0d6af680338f667b5ce31c3d4c44824cd1ae9d1a28809f02176a93d

SHA512
fdea83ffdb0dacdfded07fa43606a39f64ad4e7cdd0623f1688d79229955488368d749101751deee793932bbcb28fddb6ab8654856a780cadfaf990d2126b569

Download Submit
C:\Windows\System\Jlevylz.exe

Filesize
6.0MB

MD5
ca31e2d206a032ddb4c57497f255e284

SHA1
cbc8742f17d983bb13958475284a5db946723598

SHA256
fa1d8cf672c841351c1a361741ebf92d6356ef93390754eacf3ee6498192723a

SHA512
3810261e82cef957d12400f1f67b648943c22a3cd17130fd04c0ca1da7ccb27ff416e3b1b68428cb64aeaaa00c985004c354edc006d8f35a43baac5a09e20124

Download Submit
C:\Windows\System\MPorvgr.exe

Filesize
6.0MB

MD5
b7b28e8b3ee11220bb53964d88a7ef05

SHA1
519c755887501cb185f87416d2ebca48483c11c1

SHA256
3ac6967cfa6b6b8903497e5104c0586fc15b8f7a3db41568b54c5a5699215bd1

SHA512
39bd8c0465fd613318e931003c26853f69f79190e1ddc6b1db0adcb4e7f3d79d6e5f67065b64e204ea2fcbcb5ad33a5b95285267c778c342afa8cc38ecf09204

Download Submit
C:\Windows\System\NFGBiis.exe

Filesize
6.0MB

MD5
c1872b570ef9585183aa6628ea654a36

SHA1
1df884cd4bfed8b353147a8e9b18ed37ccbd9ea8

SHA256
c729645837bd3eca3ad5f27726b7375badc1cfe62106f7d2c211cf8c5e7852a1

SHA512
71c6cbdbdfb252a55d74e81ec89f3ed8804375b0ca57ebdf5b766a2c9010ec94695856bf011d991519bd0a0f1eb730622bdece3cbf4aea73d48f3c145d95e33a

Download Submit
C:\Windows\System\PjLclKz.exe

Filesize
6.0MB

MD5
53e44efb5037e1b18da684dc529f37ac

SHA1
4b65d1b8387911a99382b26c2c4cdd4c3e32ec85

SHA256
8e25bbb6eb0abc670430c54d7445868490517e494943ceec8cc0a3c89314f743

SHA512
fa3844f86aeb14096caeb32bf9bad3b4b73caecbc561cc178ce7941bb207369820d0043273a3033f3feac9bc68c053381887225761f49210cf9b2f6e1f4a1efd

Download Submit
C:\Windows\System\QDfwfHR.exe

Filesize
6.0MB

MD5
5a9f1212ad142331d49a9877235b6d04

SHA1
6c3a14e244b4f7bd6f8339fde8ec0f0b66fec9b7

SHA256
b735edeec5db212abe52ffe2b48ed558c78d4ad7620183176697760e6513696c

SHA512
41de6ae5093ab6c75d261e3d23d6183a5224e9d2ccaf9b9af0038ee35d25062641792548f5205001c43880ec14f5cc16f6e8d437802bcc1e43399dd384e88da2

Download Submit
C:\Windows\System\Uelqvxm.exe

Filesize
6.0MB

MD5
15db737dbc9fe7f3aedab315419d19dd

SHA1
32f648ec61b5e25199651c165c6be778fc5f3c4b

SHA256
3414c56a1010955de43d968c4e0d42a7387a1608ae6ac9417cad412886b9f13a

SHA512
931cdff572b88add0fafbd2d9b713e71b3dc795e70d16767fc3da161383df0e1591d50928a92669a567f43319b7613061442cfa5fcccae2e590332f67737cbee

Download Submit
C:\Windows\System\VJjoOgr.exe

Filesize
6.0MB

MD5
b39984b1bc9b6b3a761e25b1ea896b23

SHA1
352433026a6041676e2e1296589cf9b996ea3cba

SHA256
a6e11961b93172449b3b0eec21dfe5544ea97575ddc91e9cdcb3e84f5d6566a9

SHA512
c82228d1585a698f78847c125b2979f4a726abf8cb5ac12940c48462064b6d360734590b2fe89592e2240d83e31456378b7b7601be9ee1d7f3068df94f17d232

Download Submit
C:\Windows\System\eENxufy.exe

Filesize
6.0MB

MD5
02f9781e3811c0eca8381e861fe61473

SHA1
c26c5cf982c80bc81adc8e23cbf0e7105d5945f6

SHA256
b5f359306df8b917d2e42b83853f5735db8e2ab2ef18fe9a5b845510cdc400b3

SHA512
feae8b01804885b1a246364cf07ca4df21bc6c962d78896a896e26fc728b4ef1d77eb8b6322671f5b48130d6ee93bae33336f762b692d49a1fc9ac9e68dd898b

Download Submit
C:\Windows\System\hrcRZEH.exe

Filesize
6.0MB

MD5
3dd8102f7e76b2c59de7c3e2766ba5fe

SHA1
27b80b6c610bb21bc19bd474a8fbcb8b61ecac9b

SHA256
da4dc111b14e45d4e02f624fa384af046cdf453e34cf49b38b2d55183894e908

SHA512
c72b8b34f4568123134c841c402541384890b481cc0d2b5659812df96aa65d4ef151ba7d04fb9d26d9c1a54e5ae1558192fdce2a0412ef40f9c30cbd7d362b04

Download Submit
C:\Windows\System\ibzgnwH.exe

Filesize
6.0MB

MD5
cc61641f75f218c9a194283699c2823e

SHA1
c4364013fba4ecf5d020aca30c02af407d37a6ff

SHA256
04ada43fa07e2282e7a2dc31086ae5d6154619e55249ca5ecbf9af761c9e0d9c

SHA512
4c6358ccf6f27b01a6857dfcbc670b2c09054acb332cc9f699cad86a553655f9871e97dfbf9d71676cb3b94f52d95c5c6efad857c3e629c77f1460c909b7394c

Download Submit
C:\Windows\System\ixLxNXR.exe

Filesize
6.0MB

MD5
cbcde11de20375b1a32e506a03b20f80

SHA1
58d958cd291a66b71da5917f401ef56f81478cf8

SHA256
6a37d67091a742aa9dfbd4afbd37bf352563a46c90f4252a429dd98d8b8dac56

SHA512
8b206e5943365e8adb4078d7d7c89047bb3b512180fd421bed4f296e0cfe1fd4d4e77ac6934f8a3eb3397bce3e19386d2f441bbb4b1dafc15b9561003cdb3685

Download Submit
C:\Windows\System\lZEoHPh.exe

Filesize
6.0MB

MD5
cbabe36da02bf8ff541c3d9d5f443b99

SHA1
ca59c75d9f43f399427050992bb96cbd2bb9c680

SHA256
a2b9f3f4c43c74f29cf1d880848448e32dc9f0344c5f98b72e3e7b17b5886f9a

SHA512
994c0f394c585d836d880ed0b3670a2b20c0781256b24c07222135f0eabf3eee4c5326d0845ad521bb6fcbb73ed15e8f8c956a956054e0f34d3cd4087fb45fb9

Download Submit
C:\Windows\System\lZeTHph.exe

Filesize
6.0MB

MD5
93b4033cad2b70d29a06f7dc85fd1e2d

SHA1
01d3731cf243a78723a9c3bdc32b9178b994a49f

SHA256
b14ffdf67a92d8e3ac96315b64ed3854a38aa3f319e19a145075f15965f975ad

SHA512
0073d01ffa0951f4317bd10ddc72b5f3753ea9b76d8f58d5704102733ca64adf4b572f3b354be793b34bc629313138cb1850b260dd298d4ead82290db445d3df

Download Submit
C:\Windows\System\mzmToxJ.exe

Filesize
6.0MB

MD5
86057d4d62b157cb97bda8f3c7f2d238

SHA1
b44b51e8227de0dd1807f9f84fe8be6c15f48f5c

SHA256
0b14cac9de4f823cc863eed2ef40262995c4c75400daf868b9b0dd9f25630878

SHA512
e9b123c36aae14971e8fdb9382535de93d351a47841739e781216fba99849501425e7316f944a1b7185567b9b37eb56e04f0eb5da584257237ee2073442c6fd3

Download Submit
C:\Windows\System\prDCyrl.exe

Filesize
6.0MB

MD5
02fa2dcfc2c132c2f1caeac56b89909c

SHA1
5db09c690432064694228b57117d86882907b748

SHA256
ab93d601f58d77f8f719be0997b495f088719ba39fbd58870bfce81f7db56c93

SHA512
a247eb7e4029f001fe1a335909a3fbe35eb445eba229cd7e9df59bdebf326f793e232b514ae17f04e2cea6431d12faf6c96a9a445d23ed6d51dee1d3b9fca63b

Download Submit
C:\Windows\System\rxizLqj.exe

Filesize
6.0MB

MD5
81c2a3471b81184c350eb298b529c3a0

SHA1
11d40a91b41de6e89d611ff0b3534b6702dd3edf

SHA256
153cb2eecf08db9d912f2380185bddcdc784c64215641b1012582bd929343180

SHA512
68b4f4ea7142ca66ca10d981f74341b582fd4a92dd6603e6ef12a1c7a143ec1e553b5fa138a404c7f6a7d7357e1860aebadd2d41b03306a214dc8bf924ab8e78

Download Submit
C:\Windows\System\sGtwnUZ.exe

Filesize
6.0MB

MD5
d14114f408db524d1f318582041219ac

SHA1
d9cd3dfe09217384cdaee04d095ec55f2734629f

SHA256
a6be00e23ceac63a84a0cd8ab8b91e44c81928137229cbea8b10accc9ef8d0bb

SHA512
e1dc11a1efe8c93cd279c3b12bac851e31d1615658d25e60c32180ccf61af42d0c70525f36e3f0e9ff2958933a19abe6a5885bf561aa35104eaba8e0cc5381b5

Download Submit
C:\Windows\System\sPrPodc.exe

Filesize
6.0MB

MD5
1e7ce43a7cbd0078b8d9dddba57e4d50

SHA1
6883d92701f902cdea0bd4ad9ce3fea89a5a1aa7

SHA256
f7389e1e378c33f73400b680b8f7e23e1cdd01b41e3c70295d7fb4ef4d85f44e

SHA512
5c2f7ba0ac3a7d04d3a543f2e3fbac2609b8e4633f535723e32cb10c45fcb82a8677292f4a4c27a4d98b2fa88d159c8ccd91b63e5e411cba2af124d837f0bf72

Download Submit
C:\Windows\System\vvtJZuu.exe

Filesize
6.0MB

MD5
f76528235931803075370eb96edf577c

SHA1
45cfc15327b7c5c0e69338e4164725e574880d0b

SHA256
a868de4eb3cbd7770b91e03df18ccb525cdfdc2044ff664b87a33ff637e36e93

SHA512
9fd8fa630ce97ca5b5f2d65ec9202ca7d7405205e28a9b32a4bb07ff863b851bc5bf47bf428c4db9099d265c74064206471e0fc674c04efd037cfc41489f8170

Download Submit
C:\Windows\System\yIaISqp.exe

Filesize
6.0MB

MD5
60f8bf12e0b5753d5aad904ed6c96ad9

SHA1
c268582e68e7f01d481555d945d99193800b7d75

SHA256
10f1aa2f6f2ea07e98d0ee3c93ea10689cc6aa684897390a2ea0c754daa73ea6

SHA512
6f66f832a306dd8586787dc3f79e79504fce030ee864cab340a87aa039aac1564aa2832f575ce3ed791c8a572f0e04a17f43c25edf3e56ff026849f84ec8f07b

Download Submit
memory/516-114-0x00007FF6E76C0000-0x00007FF6E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/516-2144-0x00007FF6E76C0000-0x00007FF6E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/516-466-0x00007FF6E76C0000-0x00007FF6E7A14000-memory.dmp

Filesize
3.3MB

Download
memory/808-2114-0x00007FF69C990000-0x00007FF69CCE4000-memory.dmp

Filesize
3.3MB

Download
memory/808-71-0x00007FF69C990000-0x00007FF69CCE4000-memory.dmp

Filesize
3.3MB

Download
memory/808-185-0x00007FF69C990000-0x00007FF69CCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-1-0x000001FA51090000-0x000001FA510A0000-memory.dmp

Filesize
64KB

Download
memory/1284-0-0x00007FF6A7170000-0x00007FF6A74C4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-62-0x00007FF6A7170000-0x00007FF6A74C4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-155-0x00007FF73BD10000-0x00007FF73C064000-memory.dmp

Filesize
3.3MB

Download
memory/1364-534-0x00007FF73BD10000-0x00007FF73C064000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2166-0x00007FF73BD10000-0x00007FF73C064000-memory.dmp

Filesize
3.3MB

Download
memory/1388-172-0x00007FF6B3D30000-0x00007FF6B4084000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2169-0x00007FF6B3D30000-0x00007FF6B4084000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2153-0x00007FF715C00000-0x00007FF715F54000-memory.dmp

Filesize
3.3MB

Download
memory/1528-122-0x00007FF715C00000-0x00007FF715F54000-memory.dmp

Filesize
3.3MB

Download
memory/1528-533-0x00007FF715C00000-0x00007FF715F54000-memory.dmp

Filesize
3.3MB

Download
memory/1544-110-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2040-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp

Filesize
3.3MB

Download
memory/1544-30-0x00007FF78A9E0000-0x00007FF78AD34000-memory.dmp

Filesize
3.3MB

Download
memory/1584-101-0x00007FF751F10000-0x00007FF752264000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2126-0x00007FF751F10000-0x00007FF752264000-memory.dmp

Filesize
3.3MB

Download
memory/1584-281-0x00007FF751F10000-0x00007FF752264000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2161-0x00007FF6F7C70000-0x00007FF6F7FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-603-0x00007FF6F7C70000-0x00007FF6F7FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-149-0x00007FF6F7C70000-0x00007FF6F7FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-107-0x00007FF7A5E00000-0x00007FF7A6154000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2133-0x00007FF7A5E00000-0x00007FF7A6154000-memory.dmp

Filesize
3.3MB

Download
memory/2084-178-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2094-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-56-0x00007FF69B260000-0x00007FF69B5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-47-0x00007FF7613C0000-0x00007FF761714000-memory.dmp

Filesize
3.3MB

Download
memory/2164-148-0x00007FF7613C0000-0x00007FF761714000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2051-0x00007FF7613C0000-0x00007FF761714000-memory.dmp

Filesize
3.3MB

Download
memory/2328-102-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-23-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2032-0x00007FF68F380000-0x00007FF68F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-121-0x00007FF628980000-0x00007FF628CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-42-0x00007FF628980000-0x00007FF628CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2048-0x00007FF628980000-0x00007FF628CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-69-0x00007FF63B150000-0x00007FF63B4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-7-0x00007FF63B150000-0x00007FF63B4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2008-0x00007FF63B150000-0x00007FF63B4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2023-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp

Filesize
3.3MB

Download
memory/2852-18-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp

Filesize
3.3MB

Download
memory/2852-86-0x00007FF6C6200000-0x00007FF6C6554000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2178-0x00007FF7291B0000-0x00007FF729504000-memory.dmp

Filesize
3.3MB

Download
memory/3020-180-0x00007FF7291B0000-0x00007FF729504000-memory.dmp

Filesize
3.3MB

Download
memory/3092-194-0x00007FF7C14A0000-0x00007FF7C17F4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2108-0x00007FF6E5560000-0x00007FF6E58B4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-68-0x00007FF6E5560000-0x00007FF6E58B4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-179-0x00007FF6E5560000-0x00007FF6E58B4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2170-0x00007FF72D780000-0x00007FF72DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-535-0x00007FF72D780000-0x00007FF72DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-168-0x00007FF72D780000-0x00007FF72DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-78-0x00007FF6D6150000-0x00007FF6D64A4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2129-0x00007FF6D6150000-0x00007FF6D64A4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-219-0x00007FF6D6150000-0x00007FF6D64A4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-608-0x00007FF73FA60000-0x00007FF73FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2179-0x00007FF73FA60000-0x00007FF73FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-177-0x00007FF73FA60000-0x00007FF73FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2140-0x00007FF742BA0000-0x00007FF742EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-411-0x00007FF742BA0000-0x00007FF742EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-113-0x00007FF742BA0000-0x00007FF742EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-186-0x00007FF6E8E90000-0x00007FF6E91E4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-81-0x00007FF6E8E90000-0x00007FF6E91E4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2120-0x00007FF6E8E90000-0x00007FF6E91E4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2165-0x00007FF76B070000-0x00007FF76B3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-605-0x00007FF76B070000-0x00007FF76B3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-156-0x00007FF76B070000-0x00007FF76B3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2125-0x00007FF768F60000-0x00007FF7692B4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-109-0x00007FF768F60000-0x00007FF7692B4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2019-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-75-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-14-0x00007FF6E6A90000-0x00007FF6E6DE4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-181-0x00007FF6855D0000-0x00007FF685924000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2182-0x00007FF6855D0000-0x00007FF685924000-memory.dmp

Filesize
3.3MB

Download
memory/5052-173-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2175-0x00007FF7A29E0000-0x00007FF7A2D34000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2041-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp

Filesize
3.3MB

Download
memory/5080-118-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp

Filesize
3.3MB

Download
memory/5080-34-0x00007FF77E6D0000-0x00007FF77EA24000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads