cobaltstrike | 6d7f80bdff7134e098722d43b6f2122da9a1b1a9995504c07ab2f69abe6f3bd7

Analysis

max time kernel
113s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2025 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2f69c55f572d31017a4f7444cfc72281
SHA1

070d46074e9f025171c6f5b885a24181864854f7
SHA256

6d7f80bdff7134e098722d43b6f2122da9a1b1a9995504c07ab2f69abe6f3bd7
SHA512

9e0be44bf801c445dfc68e74a5428d50adfbb3c3d35a6209ce32bfb0a179652da7b33982364aaf03c5c5e2d3c4e5690716bb638be017dd593868a85b05334f63
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b29-4.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b85-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-25.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-28.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b83-36.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-41.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e7a0-44.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e7a2-54.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e81b-61.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e868-76.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9ab-81.dat	cobalt_reflective_dll
behavioral2/files/0x000300000001e9ad-86.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9c0-90.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e9d4-96.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001ea10-108.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001eaaf-114.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-124.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-130.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b92-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-174.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-178.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-169.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-159.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-154.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-149.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-138.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-126.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001eab5-118.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001ea0c-101.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e863-66.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2224-0-0x00007FF6711B0000-0x00007FF671504000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b29-4.dat	xmrig
behavioral2/memory/3008-7-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b85-10.dat	xmrig
behavioral2/files/0x000a000000023b86-11.dat	xmrig
behavioral2/memory/1820-20-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b87-25.dat	xmrig
behavioral2/memory/4708-24-0x00007FF68C220000-0x00007FF68C574000-memory.dmp	xmrig
behavioral2/memory/4564-22-0x00007FF7D7930000-0x00007FF7D7C84000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b88-28.dat	xmrig
behavioral2/memory/3704-30-0x00007FF78E8D0000-0x00007FF78EC24000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b83-36.dat	xmrig
behavioral2/memory/4360-38-0x00007FF668DF0000-0x00007FF669144000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-41.dat	xmrig
behavioral2/memory/1396-42-0x00007FF70D780000-0x00007FF70DAD4000-memory.dmp	xmrig
behavioral2/files/0x000400000001e7a0-44.dat	xmrig
behavioral2/memory/2748-46-0x00007FF6B0BD0000-0x00007FF6B0F24000-memory.dmp	xmrig
behavioral2/files/0x000300000001e7a2-54.dat	xmrig
behavioral2/files/0x000300000001e81b-61.dat	xmrig
behavioral2/memory/752-62-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	xmrig
behavioral2/memory/3560-65-0x00007FF7AFA50000-0x00007FF7AFDA4000-memory.dmp	xmrig
behavioral2/memory/1956-70-0x00007FF70BCC0000-0x00007FF70C014000-memory.dmp	xmrig
behavioral2/files/0x000200000001e868-76.dat	xmrig
behavioral2/memory/4708-75-0x00007FF68C220000-0x00007FF68C574000-memory.dmp	xmrig
behavioral2/files/0x000200000001e9ab-81.dat	xmrig
behavioral2/files/0x000300000001e9ad-86.dat	xmrig
behavioral2/files/0x000200000001e9c0-90.dat	xmrig
behavioral2/files/0x000200000001e9d4-96.dat	xmrig
behavioral2/files/0x000200000001ea10-108.dat	xmrig
behavioral2/files/0x000200000001eaaf-114.dat	xmrig
behavioral2/files/0x000a000000023b8a-124.dat	xmrig
behavioral2/files/0x000a000000023b8c-130.dat	xmrig
behavioral2/files/0x000a000000023b8e-144.dat	xmrig
behavioral2/files/0x000a000000023b92-164.dat	xmrig
behavioral2/files/0x000a000000023b94-174.dat	xmrig
behavioral2/memory/868-759-0x00007FF6929F0000-0x00007FF692D44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b95-178.dat	xmrig
behavioral2/files/0x000a000000023b93-169.dat	xmrig
behavioral2/files/0x000a000000023b91-159.dat	xmrig
behavioral2/files/0x000a000000023b90-154.dat	xmrig
behavioral2/files/0x000a000000023b8f-149.dat	xmrig
behavioral2/files/0x000a000000023b8d-138.dat	xmrig
behavioral2/files/0x000a000000023b8b-126.dat	xmrig
behavioral2/files/0x000200000001eab5-118.dat	xmrig
behavioral2/files/0x000200000001ea0c-101.dat	xmrig
behavioral2/files/0x000200000001e863-66.dat	xmrig
behavioral2/memory/1820-56-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	xmrig
behavioral2/memory/3008-55-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp	xmrig
behavioral2/memory/2224-51-0x00007FF6711B0000-0x00007FF671504000-memory.dmp	xmrig
behavioral2/memory/2600-765-0x00007FF7C7260000-0x00007FF7C75B4000-memory.dmp	xmrig
behavioral2/memory/1052-768-0x00007FF606890000-0x00007FF606BE4000-memory.dmp	xmrig
behavioral2/memory/2380-771-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp	xmrig
behavioral2/memory/2628-775-0x00007FF68ABF0000-0x00007FF68AF44000-memory.dmp	xmrig
behavioral2/memory/4824-781-0x00007FF7EA260000-0x00007FF7EA5B4000-memory.dmp	xmrig
behavioral2/memory/884-785-0x00007FF728540000-0x00007FF728894000-memory.dmp	xmrig
behavioral2/memory/4904-787-0x00007FF7408F0000-0x00007FF740C44000-memory.dmp	xmrig
behavioral2/memory/4984-790-0x00007FF6BD570000-0x00007FF6BD8C4000-memory.dmp	xmrig
behavioral2/memory/3500-789-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp	xmrig
behavioral2/memory/3884-780-0x00007FF6E3510000-0x00007FF6E3864000-memory.dmp	xmrig
behavioral2/memory/4056-778-0x00007FF610FF0000-0x00007FF611344000-memory.dmp	xmrig
behavioral2/memory/2288-777-0x00007FF6315E0000-0x00007FF631934000-memory.dmp	xmrig
behavioral2/memory/404-797-0x00007FF722810000-0x00007FF722B64000-memory.dmp	xmrig
behavioral2/memory/1452-801-0x00007FF649A50000-0x00007FF649DA4000-memory.dmp	xmrig
behavioral2/memory/1580-805-0x00007FF6FE360000-0x00007FF6FE6B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3008	ncdXHed.exe
1820	hCmOdJQ.exe
4564	hGMZNsM.exe
4708	JeNXVnk.exe
3704	eJfmnOC.exe
4360	nQYyTbB.exe
1396	OrXtZHQ.exe
2748	lljIIiv.exe
752	BGWwwQa.exe
3560	iBfVaiS.exe
1956	YTwbDXn.exe
868	KCABTpj.exe
2548	KnSjFSk.exe
2600	MMrlqXB.exe
1052	ygKxYky.exe
2380	UJGPZPp.exe
2628	ZAgZLFi.exe
2288	sYRHJZf.exe
4056	HnFNkDb.exe
3884	PDUcOaq.exe
4824	geHfRUC.exe
884	QkMdbPA.exe
4904	tzSWcGr.exe
3500	YrdzIwp.exe
4984	WammIzd.exe
404	JevWZGD.exe
984	ZoTCSSb.exe
1452	pGbTQpi.exe
1580	EcUpUfp.exe
4232	XKeFimO.exe
1176	mbqQCmX.exe
1336	bIhERGU.exe
224	UiyKdFp.exe
1468	RjdUyFs.exe
2120	KkysLCz.exe
4464	qmGhAmB.exe
1108	DkxJbrk.exe
3484	hprvBoA.exe
2068	rkEJOkv.exe
764	slKAzca.exe
2196	JMllEjk.exe
4728	YNDyaYV.exe
4284	YfNoVLG.exe
1356	lFfLKzx.exe
624	iiIMJFI.exe
3680	kCvrOls.exe
4876	EimVBSJ.exe
2804	NWoBirB.exe
3164	eOxfWhG.exe
2716	tdbPlie.exe
1716	BeHfpjm.exe
2960	Roirraf.exe
4768	tQPuXLG.exe
1700	RhPaPNq.exe
3764	SCvkWyq.exe
4292	FnLsxXX.exe
4396	YgkTXTx.exe
2164	WzZORlz.exe
4120	SlRRxrg.exe
2576	mNVRacb.exe
4192	JPBQeSo.exe
3956	rmHMvfu.exe
1480	QFfXPct.exe
2884	FOPBUYq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2224-0-0x00007FF6711B0000-0x00007FF671504000-memory.dmp	upx
behavioral2/files/0x000c000000023b29-4.dat	upx
behavioral2/memory/3008-7-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp	upx
behavioral2/files/0x000b000000023b85-10.dat	upx
behavioral2/files/0x000a000000023b86-11.dat	upx
behavioral2/memory/1820-20-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-25.dat	upx
behavioral2/memory/4708-24-0x00007FF68C220000-0x00007FF68C574000-memory.dmp	upx
behavioral2/memory/4564-22-0x00007FF7D7930000-0x00007FF7D7C84000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-28.dat	upx
behavioral2/memory/3704-30-0x00007FF78E8D0000-0x00007FF78EC24000-memory.dmp	upx
behavioral2/files/0x000b000000023b83-36.dat	upx
behavioral2/memory/4360-38-0x00007FF668DF0000-0x00007FF669144000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-41.dat	upx
behavioral2/memory/1396-42-0x00007FF70D780000-0x00007FF70DAD4000-memory.dmp	upx
behavioral2/files/0x000400000001e7a0-44.dat	upx
behavioral2/memory/2748-46-0x00007FF6B0BD0000-0x00007FF6B0F24000-memory.dmp	upx
behavioral2/files/0x000300000001e7a2-54.dat	upx
behavioral2/files/0x000300000001e81b-61.dat	upx
behavioral2/memory/752-62-0x00007FF789680000-0x00007FF7899D4000-memory.dmp	upx
behavioral2/memory/3560-65-0x00007FF7AFA50000-0x00007FF7AFDA4000-memory.dmp	upx
behavioral2/memory/1956-70-0x00007FF70BCC0000-0x00007FF70C014000-memory.dmp	upx
behavioral2/files/0x000200000001e868-76.dat	upx
behavioral2/memory/4708-75-0x00007FF68C220000-0x00007FF68C574000-memory.dmp	upx
behavioral2/files/0x000200000001e9ab-81.dat	upx
behavioral2/files/0x000300000001e9ad-86.dat	upx
behavioral2/files/0x000200000001e9c0-90.dat	upx
behavioral2/files/0x000200000001e9d4-96.dat	upx
behavioral2/files/0x000200000001ea10-108.dat	upx
behavioral2/files/0x000200000001eaaf-114.dat	upx
behavioral2/files/0x000a000000023b8a-124.dat	upx
behavioral2/files/0x000a000000023b8c-130.dat	upx
behavioral2/files/0x000a000000023b8e-144.dat	upx
behavioral2/files/0x000a000000023b92-164.dat	upx
behavioral2/files/0x000a000000023b94-174.dat	upx
behavioral2/memory/868-759-0x00007FF6929F0000-0x00007FF692D44000-memory.dmp	upx
behavioral2/files/0x000a000000023b95-178.dat	upx
behavioral2/files/0x000a000000023b93-169.dat	upx
behavioral2/files/0x000a000000023b91-159.dat	upx
behavioral2/files/0x000a000000023b90-154.dat	upx
behavioral2/files/0x000a000000023b8f-149.dat	upx
behavioral2/files/0x000a000000023b8d-138.dat	upx
behavioral2/files/0x000a000000023b8b-126.dat	upx
behavioral2/files/0x000200000001eab5-118.dat	upx
behavioral2/files/0x000200000001ea0c-101.dat	upx
behavioral2/files/0x000200000001e863-66.dat	upx
behavioral2/memory/1820-56-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	upx
behavioral2/memory/3008-55-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp	upx
behavioral2/memory/2224-51-0x00007FF6711B0000-0x00007FF671504000-memory.dmp	upx
behavioral2/memory/2600-765-0x00007FF7C7260000-0x00007FF7C75B4000-memory.dmp	upx
behavioral2/memory/1052-768-0x00007FF606890000-0x00007FF606BE4000-memory.dmp	upx
behavioral2/memory/2380-771-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp	upx
behavioral2/memory/2628-775-0x00007FF68ABF0000-0x00007FF68AF44000-memory.dmp	upx
behavioral2/memory/4824-781-0x00007FF7EA260000-0x00007FF7EA5B4000-memory.dmp	upx
behavioral2/memory/884-785-0x00007FF728540000-0x00007FF728894000-memory.dmp	upx
behavioral2/memory/4904-787-0x00007FF7408F0000-0x00007FF740C44000-memory.dmp	upx
behavioral2/memory/4984-790-0x00007FF6BD570000-0x00007FF6BD8C4000-memory.dmp	upx
behavioral2/memory/3500-789-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp	upx
behavioral2/memory/3884-780-0x00007FF6E3510000-0x00007FF6E3864000-memory.dmp	upx
behavioral2/memory/4056-778-0x00007FF610FF0000-0x00007FF611344000-memory.dmp	upx
behavioral2/memory/2288-777-0x00007FF6315E0000-0x00007FF631934000-memory.dmp	upx
behavioral2/memory/404-797-0x00007FF722810000-0x00007FF722B64000-memory.dmp	upx
behavioral2/memory/1452-801-0x00007FF649A50000-0x00007FF649DA4000-memory.dmp	upx
behavioral2/memory/1580-805-0x00007FF6FE360000-0x00007FF6FE6B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DufrrwU.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbIWtOz.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMiINvO.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjAjpeh.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFAmxMw.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuWzMyN.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivHStAx.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIwdbVd.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLYHngR.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNqlVhy.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNCOGFa.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnFNkDb.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\patsWFA.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVqNmUC.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtvETYQ.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEDxAXk.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOmTvga.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPMSZeD.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CARPzyH.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCtnRuT.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeHfpjm.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPrvrOu.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEDxlSL.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxxvhEH.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdHXNCn.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ereEjgo.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdkPwCR.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWjsFRf.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTFdeqI.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQPuXLG.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLYHHaq.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbAKcTr.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNNmifj.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYHKOLP.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuWQnPZ.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVVCVWt.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DntatWq.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLccBMj.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLfwGjP.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adygwFR.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxWlgov.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMNYwZT.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwXllsk.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkNvCzQ.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIiTBhV.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHORoPf.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfAhTeP.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcNZmqF.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltMNBgR.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYRHJZf.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dliYspP.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcUMFVT.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSFsbgt.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjDqUOA.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmMcUrx.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJuzwzq.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdnqtgA.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqbsGMX.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIyOXCw.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nArmQxZ.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcTXAXS.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjtkWIk.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkBcMAw.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JblKXkp.exe	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14564	dwm.exe
Token: SeChangeNotifyPrivilege	14564	dwm.exe
Token: 33	14564	dwm.exe
Token: SeIncBasePriorityPrivilege	14564	dwm.exe
Token: SeShutdownPrivilege	14564	dwm.exe
Token: SeCreatePagefilePrivilege	14564	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3008	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2224 wrote to memory of 3008	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2224 wrote to memory of 1820	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2224 wrote to memory of 1820	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2224 wrote to memory of 4564	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2224 wrote to memory of 4564	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2224 wrote to memory of 4708	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2224 wrote to memory of 4708	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2224 wrote to memory of 3704	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2224 wrote to memory of 3704	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2224 wrote to memory of 4360	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2224 wrote to memory of 4360	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2224 wrote to memory of 1396	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2224 wrote to memory of 1396	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2224 wrote to memory of 2748	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2224 wrote to memory of 2748	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2224 wrote to memory of 752	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2224 wrote to memory of 752	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2224 wrote to memory of 3560	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2224 wrote to memory of 3560	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2224 wrote to memory of 1956	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2224 wrote to memory of 1956	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2224 wrote to memory of 868	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2224 wrote to memory of 868	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2224 wrote to memory of 2548	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2224 wrote to memory of 2548	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2224 wrote to memory of 2600	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2224 wrote to memory of 2600	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2224 wrote to memory of 1052	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2224 wrote to memory of 1052	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2224 wrote to memory of 2380	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2224 wrote to memory of 2380	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2224 wrote to memory of 2628	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2224 wrote to memory of 2628	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2224 wrote to memory of 2288	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2224 wrote to memory of 2288	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 2224 wrote to memory of 4056	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2224 wrote to memory of 4056	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2224 wrote to memory of 3884	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2224 wrote to memory of 3884	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2224 wrote to memory of 4824	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2224 wrote to memory of 4824	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 2224 wrote to memory of 884	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2224 wrote to memory of 884	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2224 wrote to memory of 4904	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2224 wrote to memory of 4904	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2224 wrote to memory of 3500	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2224 wrote to memory of 3500	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2224 wrote to memory of 4984	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2224 wrote to memory of 4984	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2224 wrote to memory of 404	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2224 wrote to memory of 404	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2224 wrote to memory of 984	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2224 wrote to memory of 984	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2224 wrote to memory of 1452	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2224 wrote to memory of 1452	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2224 wrote to memory of 1580	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2224 wrote to memory of 1580	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 2224 wrote to memory of 4232	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2224 wrote to memory of 4232	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2224 wrote to memory of 1176	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 2224 wrote to memory of 1176	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 2224 wrote to memory of 1336	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 2224 wrote to memory of 1336	2224	2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_2f69c55f572d31017a4f7444cfc72281_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\System\ncdXHed.exe
  C:\Windows\System\ncdXHed.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\hCmOdJQ.exe
  C:\Windows\System\hCmOdJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\hGMZNsM.exe
  C:\Windows\System\hGMZNsM.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\JeNXVnk.exe
  C:\Windows\System\JeNXVnk.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\eJfmnOC.exe
  C:\Windows\System\eJfmnOC.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\nQYyTbB.exe
  C:\Windows\System\nQYyTbB.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\OrXtZHQ.exe
  C:\Windows\System\OrXtZHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\lljIIiv.exe
  C:\Windows\System\lljIIiv.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\BGWwwQa.exe
  C:\Windows\System\BGWwwQa.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\iBfVaiS.exe
  C:\Windows\System\iBfVaiS.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\YTwbDXn.exe
  C:\Windows\System\YTwbDXn.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\KCABTpj.exe
  C:\Windows\System\KCABTpj.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\KnSjFSk.exe
  C:\Windows\System\KnSjFSk.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\MMrlqXB.exe
  C:\Windows\System\MMrlqXB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ygKxYky.exe
  C:\Windows\System\ygKxYky.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\UJGPZPp.exe
  C:\Windows\System\UJGPZPp.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ZAgZLFi.exe
  C:\Windows\System\ZAgZLFi.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\sYRHJZf.exe
  C:\Windows\System\sYRHJZf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\HnFNkDb.exe
  C:\Windows\System\HnFNkDb.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\PDUcOaq.exe
  C:\Windows\System\PDUcOaq.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\geHfRUC.exe
  C:\Windows\System\geHfRUC.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\QkMdbPA.exe
  C:\Windows\System\QkMdbPA.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\tzSWcGr.exe
  C:\Windows\System\tzSWcGr.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\YrdzIwp.exe
  C:\Windows\System\YrdzIwp.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\WammIzd.exe
  C:\Windows\System\WammIzd.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\JevWZGD.exe
  C:\Windows\System\JevWZGD.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\ZoTCSSb.exe
  C:\Windows\System\ZoTCSSb.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\pGbTQpi.exe
  C:\Windows\System\pGbTQpi.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\EcUpUfp.exe
  C:\Windows\System\EcUpUfp.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\XKeFimO.exe
  C:\Windows\System\XKeFimO.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\mbqQCmX.exe
  C:\Windows\System\mbqQCmX.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\bIhERGU.exe
  C:\Windows\System\bIhERGU.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\UiyKdFp.exe
  C:\Windows\System\UiyKdFp.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\RjdUyFs.exe
  C:\Windows\System\RjdUyFs.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\KkysLCz.exe
  C:\Windows\System\KkysLCz.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\qmGhAmB.exe
  C:\Windows\System\qmGhAmB.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\DkxJbrk.exe
  C:\Windows\System\DkxJbrk.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\hprvBoA.exe
  C:\Windows\System\hprvBoA.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\rkEJOkv.exe
  C:\Windows\System\rkEJOkv.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\slKAzca.exe
  C:\Windows\System\slKAzca.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\JMllEjk.exe
  C:\Windows\System\JMllEjk.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\YNDyaYV.exe
  C:\Windows\System\YNDyaYV.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\YfNoVLG.exe
  C:\Windows\System\YfNoVLG.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\lFfLKzx.exe
  C:\Windows\System\lFfLKzx.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\iiIMJFI.exe
  C:\Windows\System\iiIMJFI.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\kCvrOls.exe
  C:\Windows\System\kCvrOls.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\EimVBSJ.exe
  C:\Windows\System\EimVBSJ.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\NWoBirB.exe
  C:\Windows\System\NWoBirB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\eOxfWhG.exe
  C:\Windows\System\eOxfWhG.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\tdbPlie.exe
  C:\Windows\System\tdbPlie.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\BeHfpjm.exe
  C:\Windows\System\BeHfpjm.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\Roirraf.exe
  C:\Windows\System\Roirraf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\tQPuXLG.exe
  C:\Windows\System\tQPuXLG.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\RhPaPNq.exe
  C:\Windows\System\RhPaPNq.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\SCvkWyq.exe
  C:\Windows\System\SCvkWyq.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\FnLsxXX.exe
  C:\Windows\System\FnLsxXX.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\YgkTXTx.exe
  C:\Windows\System\YgkTXTx.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\WzZORlz.exe
  C:\Windows\System\WzZORlz.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\SlRRxrg.exe
  C:\Windows\System\SlRRxrg.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\mNVRacb.exe
  C:\Windows\System\mNVRacb.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\JPBQeSo.exe
  C:\Windows\System\JPBQeSo.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\rmHMvfu.exe
  C:\Windows\System\rmHMvfu.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\QFfXPct.exe
  C:\Windows\System\QFfXPct.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\FOPBUYq.exe
  C:\Windows\System\FOPBUYq.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yBhVOzO.exe
  C:\Windows\System\yBhVOzO.exe
  2⤵
  PID:4724
- C:\Windows\System\RdobpUS.exe
  C:\Windows\System\RdobpUS.exe
  2⤵
  PID:1500
- C:\Windows\System\urIsmud.exe
  C:\Windows\System\urIsmud.exe
  2⤵
  PID:3992
- C:\Windows\System\kbkrShd.exe
  C:\Windows\System\kbkrShd.exe
  2⤵
  PID:2872
- C:\Windows\System\mQJkcxf.exe
  C:\Windows\System\mQJkcxf.exe
  2⤵
  PID:412
- C:\Windows\System\PfTRDGu.exe
  C:\Windows\System\PfTRDGu.exe
  2⤵
  PID:4744
- C:\Windows\System\oIUwxGa.exe
  C:\Windows\System\oIUwxGa.exe
  2⤵
  PID:4012
- C:\Windows\System\BRLiehR.exe
  C:\Windows\System\BRLiehR.exe
  2⤵
  PID:4864
- C:\Windows\System\brvIUpT.exe
  C:\Windows\System\brvIUpT.exe
  2⤵
  PID:1528
- C:\Windows\System\aIVtwxv.exe
  C:\Windows\System\aIVtwxv.exe
  2⤵
  PID:4212
- C:\Windows\System\scogtfP.exe
  C:\Windows\System\scogtfP.exe
  2⤵
  PID:4920
- C:\Windows\System\MQLVMtn.exe
  C:\Windows\System\MQLVMtn.exe
  2⤵
  PID:1968
- C:\Windows\System\QniRqZT.exe
  C:\Windows\System\QniRqZT.exe
  2⤵
  PID:3320
- C:\Windows\System\eimZCmY.exe
  C:\Windows\System\eimZCmY.exe
  2⤵
  PID:3996
- C:\Windows\System\AzGfish.exe
  C:\Windows\System\AzGfish.exe
  2⤵
  PID:4952
- C:\Windows\System\edXcOyk.exe
  C:\Windows\System\edXcOyk.exe
  2⤵
  PID:3144
- C:\Windows\System\GTSPPpU.exe
  C:\Windows\System\GTSPPpU.exe
  2⤵
  PID:3632
- C:\Windows\System\QBkSBLF.exe
  C:\Windows\System\QBkSBLF.exe
  2⤵
  PID:1116
- C:\Windows\System\WwfoCuO.exe
  C:\Windows\System\WwfoCuO.exe
  2⤵
  PID:3828
- C:\Windows\System\GwHcmVN.exe
  C:\Windows\System\GwHcmVN.exe
  2⤵
  PID:1216
- C:\Windows\System\HjoeYZd.exe
  C:\Windows\System\HjoeYZd.exe
  2⤵
  PID:5140
- C:\Windows\System\NVVCVWt.exe
  C:\Windows\System\NVVCVWt.exe
  2⤵
  PID:5168
- C:\Windows\System\ibazZEi.exe
  C:\Windows\System\ibazZEi.exe
  2⤵
  PID:5196
- C:\Windows\System\mZOaZDS.exe
  C:\Windows\System\mZOaZDS.exe
  2⤵
  PID:5224
- C:\Windows\System\juCXNIk.exe
  C:\Windows\System\juCXNIk.exe
  2⤵
  PID:5252
- C:\Windows\System\OtmJPGJ.exe
  C:\Windows\System\OtmJPGJ.exe
  2⤵
  PID:5292
- C:\Windows\System\TVoigiQ.exe
  C:\Windows\System\TVoigiQ.exe
  2⤵
  PID:5308
- C:\Windows\System\patsWFA.exe
  C:\Windows\System\patsWFA.exe
  2⤵
  PID:5336
- C:\Windows\System\LmsNABL.exe
  C:\Windows\System\LmsNABL.exe
  2⤵
  PID:5364
- C:\Windows\System\fOszLkg.exe
  C:\Windows\System\fOszLkg.exe
  2⤵
  PID:5392
- C:\Windows\System\fYlDMMP.exe
  C:\Windows\System\fYlDMMP.exe
  2⤵
  PID:5432
- C:\Windows\System\phTCkWl.exe
  C:\Windows\System\phTCkWl.exe
  2⤵
  PID:5448
- C:\Windows\System\tNVYzuG.exe
  C:\Windows\System\tNVYzuG.exe
  2⤵
  PID:5476
- C:\Windows\System\kpaiHhO.exe
  C:\Windows\System\kpaiHhO.exe
  2⤵
  PID:5504
- C:\Windows\System\hDNFogl.exe
  C:\Windows\System\hDNFogl.exe
  2⤵
  PID:5528
- C:\Windows\System\LMrGYTs.exe
  C:\Windows\System\LMrGYTs.exe
  2⤵
  PID:5560
- C:\Windows\System\jNXDOwn.exe
  C:\Windows\System\jNXDOwn.exe
  2⤵
  PID:5588
- C:\Windows\System\yCRbNeT.exe
  C:\Windows\System\yCRbNeT.exe
  2⤵
  PID:5616
- C:\Windows\System\RJtmTHj.exe
  C:\Windows\System\RJtmTHj.exe
  2⤵
  PID:5632
- C:\Windows\System\UMtfNPU.exe
  C:\Windows\System\UMtfNPU.exe
  2⤵
  PID:5660
- C:\Windows\System\nBbjAFz.exe
  C:\Windows\System\nBbjAFz.exe
  2⤵
  PID:5688
- C:\Windows\System\QlXKedd.exe
  C:\Windows\System\QlXKedd.exe
  2⤵
  PID:5716
- C:\Windows\System\uiNIqVd.exe
  C:\Windows\System\uiNIqVd.exe
  2⤵
  PID:5744
- C:\Windows\System\TmnZYsn.exe
  C:\Windows\System\TmnZYsn.exe
  2⤵
  PID:5772
- C:\Windows\System\bVggmok.exe
  C:\Windows\System\bVggmok.exe
  2⤵
  PID:5800
- C:\Windows\System\tbPtSxB.exe
  C:\Windows\System\tbPtSxB.exe
  2⤵
  PID:5828
- C:\Windows\System\kbdDaBc.exe
  C:\Windows\System\kbdDaBc.exe
  2⤵
  PID:5856
- C:\Windows\System\MifpNca.exe
  C:\Windows\System\MifpNca.exe
  2⤵
  PID:5884
- C:\Windows\System\NTSWhIL.exe
  C:\Windows\System\NTSWhIL.exe
  2⤵
  PID:5912
- C:\Windows\System\EthfVcw.exe
  C:\Windows\System\EthfVcw.exe
  2⤵
  PID:5940
- C:\Windows\System\cxlgUKm.exe
  C:\Windows\System\cxlgUKm.exe
  2⤵
  PID:5968
- C:\Windows\System\qaoTmoa.exe
  C:\Windows\System\qaoTmoa.exe
  2⤵
  PID:5996
- C:\Windows\System\dliYspP.exe
  C:\Windows\System\dliYspP.exe
  2⤵
  PID:6024
- C:\Windows\System\xPrvrOu.exe
  C:\Windows\System\xPrvrOu.exe
  2⤵
  PID:6064
- C:\Windows\System\jFUjZAz.exe
  C:\Windows\System\jFUjZAz.exe
  2⤵
  PID:6092
- C:\Windows\System\ZRYhnoA.exe
  C:\Windows\System\ZRYhnoA.exe
  2⤵
  PID:6120
- C:\Windows\System\djRWdxx.exe
  C:\Windows\System\djRWdxx.exe
  2⤵
  PID:4280
- C:\Windows\System\UzGAhHL.exe
  C:\Windows\System\UzGAhHL.exe
  2⤵
  PID:112
- C:\Windows\System\EHPIKEn.exe
  C:\Windows\System\EHPIKEn.exe
  2⤵
  PID:5124
- C:\Windows\System\ThghGoW.exe
  C:\Windows\System\ThghGoW.exe
  2⤵
  PID:5184
- C:\Windows\System\GJytisX.exe
  C:\Windows\System\GJytisX.exe
  2⤵
  PID:5244
- C:\Windows\System\LGWxhmc.exe
  C:\Windows\System\LGWxhmc.exe
  2⤵
  PID:5320
- C:\Windows\System\bjAjpeh.exe
  C:\Windows\System\bjAjpeh.exe
  2⤵
  PID:5380
- C:\Windows\System\oMuyxyx.exe
  C:\Windows\System\oMuyxyx.exe
  2⤵
  PID:5444
- C:\Windows\System\BiGoEGu.exe
  C:\Windows\System\BiGoEGu.exe
  2⤵
  PID:5496
- C:\Windows\System\miBuaTN.exe
  C:\Windows\System\miBuaTN.exe
  2⤵
  PID:5556
- C:\Windows\System\tVjTcsn.exe
  C:\Windows\System\tVjTcsn.exe
  2⤵
  PID:5624
- C:\Windows\System\jykBCVA.exe
  C:\Windows\System\jykBCVA.exe
  2⤵
  PID:5680
- C:\Windows\System\EGxFVjY.exe
  C:\Windows\System\EGxFVjY.exe
  2⤵
  PID:5736
- C:\Windows\System\HtvSKQJ.exe
  C:\Windows\System\HtvSKQJ.exe
  2⤵
  PID:5816
- C:\Windows\System\Gdjnrmu.exe
  C:\Windows\System\Gdjnrmu.exe
  2⤵
  PID:5876
- C:\Windows\System\kKezgkc.exe
  C:\Windows\System\kKezgkc.exe
  2⤵
  PID:5924
- C:\Windows\System\xgFjZEr.exe
  C:\Windows\System\xgFjZEr.exe
  2⤵
  PID:5984
- C:\Windows\System\TxdciYR.exe
  C:\Windows\System\TxdciYR.exe
  2⤵
  PID:6040
- C:\Windows\System\qcqPHTR.exe
  C:\Windows\System\qcqPHTR.exe
  2⤵
  PID:6108
- C:\Windows\System\BBrRSve.exe
  C:\Windows\System\BBrRSve.exe
  2⤵
  PID:4872
- C:\Windows\System\ZZVLnYr.exe
  C:\Windows\System\ZZVLnYr.exe
  2⤵
  PID:5132
- C:\Windows\System\DvmeHqz.exe
  C:\Windows\System\DvmeHqz.exe
  2⤵
  PID:5348
- C:\Windows\System\jlfBDiY.exe
  C:\Windows\System\jlfBDiY.exe
  2⤵
  PID:5420
- C:\Windows\System\GdwYbJA.exe
  C:\Windows\System\GdwYbJA.exe
  2⤵
  PID:5524
- C:\Windows\System\DuWzMyN.exe
  C:\Windows\System\DuWzMyN.exe
  2⤵
  PID:5604
- C:\Windows\System\GRxHhlz.exe
  C:\Windows\System\GRxHhlz.exe
  2⤵
  PID:5784
- C:\Windows\System\jmVGdFG.exe
  C:\Windows\System\jmVGdFG.exe
  2⤵
  PID:5900
- C:\Windows\System\FfAhTeP.exe
  C:\Windows\System\FfAhTeP.exe
  2⤵
  PID:1880
- C:\Windows\System\YmQwoFR.exe
  C:\Windows\System\YmQwoFR.exe
  2⤵
  PID:5212
- C:\Windows\System\HRUTkxB.exe
  C:\Windows\System\HRUTkxB.exe
  2⤵
  PID:5600
- C:\Windows\System\amkltPt.exe
  C:\Windows\System\amkltPt.exe
  2⤵
  PID:5844
- C:\Windows\System\xZRcyUJ.exe
  C:\Windows\System\xZRcyUJ.exe
  2⤵
  PID:6172
- C:\Windows\System\kRAdcua.exe
  C:\Windows\System\kRAdcua.exe
  2⤵
  PID:6188
- C:\Windows\System\FptTdNn.exe
  C:\Windows\System\FptTdNn.exe
  2⤵
  PID:6216
- C:\Windows\System\bYQAqqN.exe
  C:\Windows\System\bYQAqqN.exe
  2⤵
  PID:6256
- C:\Windows\System\aGVLSFN.exe
  C:\Windows\System\aGVLSFN.exe
  2⤵
  PID:6284
- C:\Windows\System\sikQwry.exe
  C:\Windows\System\sikQwry.exe
  2⤵
  PID:6312
- C:\Windows\System\QqUlagQ.exe
  C:\Windows\System\QqUlagQ.exe
  2⤵
  PID:6340
- C:\Windows\System\EkUDtVf.exe
  C:\Windows\System\EkUDtVf.exe
  2⤵
  PID:6368
- C:\Windows\System\BvXKLTz.exe
  C:\Windows\System\BvXKLTz.exe
  2⤵
  PID:6396
- C:\Windows\System\ecBLXDR.exe
  C:\Windows\System\ecBLXDR.exe
  2⤵
  PID:6424
- C:\Windows\System\IcTXAXS.exe
  C:\Windows\System\IcTXAXS.exe
  2⤵
  PID:6452
- C:\Windows\System\roUlSiI.exe
  C:\Windows\System\roUlSiI.exe
  2⤵
  PID:6480
- C:\Windows\System\kOWsSWn.exe
  C:\Windows\System\kOWsSWn.exe
  2⤵
  PID:6508
- C:\Windows\System\uDmrGIX.exe
  C:\Windows\System\uDmrGIX.exe
  2⤵
  PID:6532
- C:\Windows\System\wusUPby.exe
  C:\Windows\System\wusUPby.exe
  2⤵
  PID:6564
- C:\Windows\System\XJckyoN.exe
  C:\Windows\System\XJckyoN.exe
  2⤵
  PID:6596
- C:\Windows\System\BMMtHJo.exe
  C:\Windows\System\BMMtHJo.exe
  2⤵
  PID:6620
- C:\Windows\System\RViBytR.exe
  C:\Windows\System\RViBytR.exe
  2⤵
  PID:6648
- C:\Windows\System\nXxkiSq.exe
  C:\Windows\System\nXxkiSq.exe
  2⤵
  PID:6676
- C:\Windows\System\lONOWGB.exe
  C:\Windows\System\lONOWGB.exe
  2⤵
  PID:6704
- C:\Windows\System\gnoYYqv.exe
  C:\Windows\System\gnoYYqv.exe
  2⤵
  PID:6732
- C:\Windows\System\KqqaDHY.exe
  C:\Windows\System\KqqaDHY.exe
  2⤵
  PID:6760
- C:\Windows\System\XIoAxSl.exe
  C:\Windows\System\XIoAxSl.exe
  2⤵
  PID:6776
- C:\Windows\System\dPNihGK.exe
  C:\Windows\System\dPNihGK.exe
  2⤵
  PID:6804
- C:\Windows\System\NkBcMAw.exe
  C:\Windows\System\NkBcMAw.exe
  2⤵
  PID:6832
- C:\Windows\System\sIButcU.exe
  C:\Windows\System\sIButcU.exe
  2⤵
  PID:6860
- C:\Windows\System\dQiOpFW.exe
  C:\Windows\System\dQiOpFW.exe
  2⤵
  PID:6888
- C:\Windows\System\QiWbOYe.exe
  C:\Windows\System\QiWbOYe.exe
  2⤵
  PID:6920
- C:\Windows\System\QfrECDn.exe
  C:\Windows\System\QfrECDn.exe
  2⤵
  PID:6944
- C:\Windows\System\IJApuHa.exe
  C:\Windows\System\IJApuHa.exe
  2⤵
  PID:6972
- C:\Windows\System\UVUNCoe.exe
  C:\Windows\System\UVUNCoe.exe
  2⤵
  PID:7000
- C:\Windows\System\UdaTekv.exe
  C:\Windows\System\UdaTekv.exe
  2⤵
  PID:7028
- C:\Windows\System\onLkwuX.exe
  C:\Windows\System\onLkwuX.exe
  2⤵
  PID:7056
- C:\Windows\System\ivHStAx.exe
  C:\Windows\System\ivHStAx.exe
  2⤵
  PID:7084
- C:\Windows\System\dQCqSrV.exe
  C:\Windows\System\dQCqSrV.exe
  2⤵
  PID:7112
- C:\Windows\System\RjVlmOz.exe
  C:\Windows\System\RjVlmOz.exe
  2⤵
  PID:7140
- C:\Windows\System\HlUSnOk.exe
  C:\Windows\System\HlUSnOk.exe
  2⤵
  PID:5848
- C:\Windows\System\iIVNqRG.exe
  C:\Windows\System\iIVNqRG.exe
  2⤵
  PID:3132
- C:\Windows\System\cCmCyKi.exe
  C:\Windows\System\cCmCyKi.exe
  2⤵
  PID:5728
- C:\Windows\System\NtSnZdU.exe
  C:\Windows\System\NtSnZdU.exe
  2⤵
  PID:6204
- C:\Windows\System\oLkqSou.exe
  C:\Windows\System\oLkqSou.exe
  2⤵
  PID:6272
- C:\Windows\System\sfNrXyV.exe
  C:\Windows\System\sfNrXyV.exe
  2⤵
  PID:6332
- C:\Windows\System\iIwdbVd.exe
  C:\Windows\System\iIwdbVd.exe
  2⤵
  PID:6408
- C:\Windows\System\uoAsuCP.exe
  C:\Windows\System\uoAsuCP.exe
  2⤵
  PID:6468
- C:\Windows\System\ridLjDL.exe
  C:\Windows\System\ridLjDL.exe
  2⤵
  PID:6528
- C:\Windows\System\XlhVrpn.exe
  C:\Windows\System\XlhVrpn.exe
  2⤵
  PID:6608
- C:\Windows\System\GDJDzTz.exe
  C:\Windows\System\GDJDzTz.exe
  2⤵
  PID:6664
- C:\Windows\System\oJuzwzq.exe
  C:\Windows\System\oJuzwzq.exe
  2⤵
  PID:6724
- C:\Windows\System\ZKUySCk.exe
  C:\Windows\System\ZKUySCk.exe
  2⤵
  PID:6792
- C:\Windows\System\XIpcocv.exe
  C:\Windows\System\XIpcocv.exe
  2⤵
  PID:6856
- C:\Windows\System\jvBOtzt.exe
  C:\Windows\System\jvBOtzt.exe
  2⤵
  PID:6928
- C:\Windows\System\LpLxaSn.exe
  C:\Windows\System\LpLxaSn.exe
  2⤵
  PID:6988
- C:\Windows\System\DtxmrWM.exe
  C:\Windows\System\DtxmrWM.exe
  2⤵
  PID:7048
- C:\Windows\System\jETGBPr.exe
  C:\Windows\System\jETGBPr.exe
  2⤵
  PID:7124
- C:\Windows\System\RLYHngR.exe
  C:\Windows\System\RLYHngR.exe
  2⤵
  PID:6012
- C:\Windows\System\ajRBVNC.exe
  C:\Windows\System\ajRBVNC.exe
  2⤵
  PID:6184
- C:\Windows\System\EkkuwDl.exe
  C:\Windows\System\EkkuwDl.exe
  2⤵
  PID:6360
- C:\Windows\System\owfjsFt.exe
  C:\Windows\System\owfjsFt.exe
  2⤵
  PID:6576
- C:\Windows\System\aKGbJGC.exe
  C:\Windows\System\aKGbJGC.exe
  2⤵
  PID:6768
- C:\Windows\System\vaKnrgq.exe
  C:\Windows\System\vaKnrgq.exe
  2⤵
  PID:6844
- C:\Windows\System\JblKXkp.exe
  C:\Windows\System\JblKXkp.exe
  2⤵
  PID:6964
- C:\Windows\System\oCYQjVG.exe
  C:\Windows\System\oCYQjVG.exe
  2⤵
  PID:7096
- C:\Windows\System\xlsplLl.exe
  C:\Windows\System\xlsplLl.exe
  2⤵
  PID:6164
- C:\Windows\System\EJXzHUS.exe
  C:\Windows\System\EJXzHUS.exe
  2⤵
  PID:6500
- C:\Windows\System\ebMlMeQ.exe
  C:\Windows\System\ebMlMeQ.exe
  2⤵
  PID:2420
- C:\Windows\System\lJzfRWP.exe
  C:\Windows\System\lJzfRWP.exe
  2⤵
  PID:6956
- C:\Windows\System\OzmIDXX.exe
  C:\Windows\System\OzmIDXX.exe
  2⤵
  PID:4444
- C:\Windows\System\JAjglRA.exe
  C:\Windows\System\JAjglRA.exe
  2⤵
  PID:7196
- C:\Windows\System\LqOeQMF.exe
  C:\Windows\System\LqOeQMF.exe
  2⤵
  PID:7224
- C:\Windows\System\rwDtpIK.exe
  C:\Windows\System\rwDtpIK.exe
  2⤵
  PID:7248
- C:\Windows\System\MpkhsBf.exe
  C:\Windows\System\MpkhsBf.exe
  2⤵
  PID:7280
- C:\Windows\System\MkRDUTO.exe
  C:\Windows\System\MkRDUTO.exe
  2⤵
  PID:7308
- C:\Windows\System\vjvhCDu.exe
  C:\Windows\System\vjvhCDu.exe
  2⤵
  PID:7336
- C:\Windows\System\YXuuCSc.exe
  C:\Windows\System\YXuuCSc.exe
  2⤵
  PID:7364
- C:\Windows\System\jSmrZJC.exe
  C:\Windows\System\jSmrZJC.exe
  2⤵
  PID:7392
- C:\Windows\System\bWVHTTk.exe
  C:\Windows\System\bWVHTTk.exe
  2⤵
  PID:7420
- C:\Windows\System\ufKCfeR.exe
  C:\Windows\System\ufKCfeR.exe
  2⤵
  PID:7500
- C:\Windows\System\jXzSVfp.exe
  C:\Windows\System\jXzSVfp.exe
  2⤵
  PID:7544
- C:\Windows\System\qGwFnZU.exe
  C:\Windows\System\qGwFnZU.exe
  2⤵
  PID:7564
- C:\Windows\System\RpoGoXi.exe
  C:\Windows\System\RpoGoXi.exe
  2⤵
  PID:7596
- C:\Windows\System\ZaKFmnJ.exe
  C:\Windows\System\ZaKFmnJ.exe
  2⤵
  PID:7628
- C:\Windows\System\faiYbym.exe
  C:\Windows\System\faiYbym.exe
  2⤵
  PID:7660
- C:\Windows\System\UeqBqHE.exe
  C:\Windows\System\UeqBqHE.exe
  2⤵
  PID:7728
- C:\Windows\System\DUIMmjW.exe
  C:\Windows\System\DUIMmjW.exe
  2⤵
  PID:7760
- C:\Windows\System\qcafVuj.exe
  C:\Windows\System\qcafVuj.exe
  2⤵
  PID:7788
- C:\Windows\System\XEkrExh.exe
  C:\Windows\System\XEkrExh.exe
  2⤵
  PID:7812
- C:\Windows\System\RxKrGtk.exe
  C:\Windows\System\RxKrGtk.exe
  2⤵
  PID:7836
- C:\Windows\System\qriSKIA.exe
  C:\Windows\System\qriSKIA.exe
  2⤵
  PID:7900
- C:\Windows\System\MXPyzYg.exe
  C:\Windows\System\MXPyzYg.exe
  2⤵
  PID:7928
- C:\Windows\System\PQkjspH.exe
  C:\Windows\System\PQkjspH.exe
  2⤵
  PID:7944
- C:\Windows\System\BbWDpaK.exe
  C:\Windows\System\BbWDpaK.exe
  2⤵
  PID:7980
- C:\Windows\System\bVjllDT.exe
  C:\Windows\System\bVjllDT.exe
  2⤵
  PID:8012
- C:\Windows\System\JdnqtgA.exe
  C:\Windows\System\JdnqtgA.exe
  2⤵
  PID:8036
- C:\Windows\System\EOcNEpG.exe
  C:\Windows\System\EOcNEpG.exe
  2⤵
  PID:8064
- C:\Windows\System\sLrXSdZ.exe
  C:\Windows\System\sLrXSdZ.exe
  2⤵
  PID:8104
- C:\Windows\System\NstYwiK.exe
  C:\Windows\System\NstYwiK.exe
  2⤵
  PID:8136
- C:\Windows\System\oINOxTj.exe
  C:\Windows\System\oINOxTj.exe
  2⤵
  PID:8160
- C:\Windows\System\TOWfHUn.exe
  C:\Windows\System\TOWfHUn.exe
  2⤵
  PID:8188
- C:\Windows\System\nvaxSYz.exe
  C:\Windows\System\nvaxSYz.exe
  2⤵
  PID:7040
- C:\Windows\System\UkmNqrQ.exe
  C:\Windows\System\UkmNqrQ.exe
  2⤵
  PID:7188
- C:\Windows\System\QISbGBm.exe
  C:\Windows\System\QISbGBm.exe
  2⤵
  PID:3728
- C:\Windows\System\kMgQjzL.exe
  C:\Windows\System\kMgQjzL.exe
  2⤵
  PID:4264
- C:\Windows\System\ldPfoUv.exe
  C:\Windows\System\ldPfoUv.exe
  2⤵
  PID:7296
- C:\Windows\System\MHNIjCX.exe
  C:\Windows\System\MHNIjCX.exe
  2⤵
  PID:4540
- C:\Windows\System\joxQbGo.exe
  C:\Windows\System\joxQbGo.exe
  2⤵
  PID:5028
- C:\Windows\System\kbVKkED.exe
  C:\Windows\System\kbVKkED.exe
  2⤵
  PID:7408
- C:\Windows\System\QtrRAXa.exe
  C:\Windows\System\QtrRAXa.exe
  2⤵
  PID:2484
- C:\Windows\System\lhFjHHr.exe
  C:\Windows\System\lhFjHHr.exe
  2⤵
  PID:3348
- C:\Windows\System\Cxnieqk.exe
  C:\Windows\System\Cxnieqk.exe
  2⤵
  PID:2964
- C:\Windows\System\tdHXNCn.exe
  C:\Windows\System\tdHXNCn.exe
  2⤵
  PID:4000
- C:\Windows\System\CNcIKQJ.exe
  C:\Windows\System\CNcIKQJ.exe
  2⤵
  PID:7532
- C:\Windows\System\mZrkKuF.exe
  C:\Windows\System\mZrkKuF.exe
  2⤵
  PID:7556
- C:\Windows\System\AWRjdUl.exe
  C:\Windows\System\AWRjdUl.exe
  2⤵
  PID:7704
- C:\Windows\System\pcNZmqF.exe
  C:\Windows\System\pcNZmqF.exe
  2⤵
  PID:7740
- C:\Windows\System\VrYuPJV.exe
  C:\Windows\System\VrYuPJV.exe
  2⤵
  PID:7832
- C:\Windows\System\trkSMlL.exe
  C:\Windows\System\trkSMlL.exe
  2⤵
  PID:7616
- C:\Windows\System\JyYQKSp.exe
  C:\Windows\System\JyYQKSp.exe
  2⤵
  PID:2972
- C:\Windows\System\XZxFatp.exe
  C:\Windows\System\XZxFatp.exe
  2⤵
  PID:7940
- C:\Windows\System\zUyxVwd.exe
  C:\Windows\System\zUyxVwd.exe
  2⤵
  PID:7768
- C:\Windows\System\FBJdhGv.exe
  C:\Windows\System\FBJdhGv.exe
  2⤵
  PID:8032
- C:\Windows\System\dIqDppL.exe
  C:\Windows\System\dIqDppL.exe
  2⤵
  PID:8084
- C:\Windows\System\SrZcKBk.exe
  C:\Windows\System\SrZcKBk.exe
  2⤵
  PID:8152
- C:\Windows\System\IUVRxnr.exe
  C:\Windows\System\IUVRxnr.exe
  2⤵
  PID:6824
- C:\Windows\System\MABGSmw.exe
  C:\Windows\System\MABGSmw.exe
  2⤵
  PID:7244
- C:\Windows\System\sCEMdDN.exe
  C:\Windows\System\sCEMdDN.exe
  2⤵
  PID:7324
- C:\Windows\System\hkWzjIg.exe
  C:\Windows\System\hkWzjIg.exe
  2⤵
  PID:1824
- C:\Windows\System\HEhQpKv.exe
  C:\Windows\System\HEhQpKv.exe
  2⤵
  PID:7440
- C:\Windows\System\pUCyPzn.exe
  C:\Windows\System\pUCyPzn.exe
  2⤵
  PID:4644
- C:\Windows\System\euKsNzN.exe
  C:\Windows\System\euKsNzN.exe
  2⤵
  PID:7648
- C:\Windows\System\unSGsTD.exe
  C:\Windows\System\unSGsTD.exe
  2⤵
  PID:7520
- C:\Windows\System\erLrStU.exe
  C:\Windows\System\erLrStU.exe
  2⤵
  PID:7700
- C:\Windows\System\VSmMrww.exe
  C:\Windows\System\VSmMrww.exe
  2⤵
  PID:7988
- C:\Windows\System\jFAmxMw.exe
  C:\Windows\System\jFAmxMw.exe
  2⤵
  PID:8092
- C:\Windows\System\sgCVBZT.exe
  C:\Windows\System\sgCVBZT.exe
  2⤵
  PID:3396
- C:\Windows\System\lxydXga.exe
  C:\Windows\System\lxydXga.exe
  2⤵
  PID:4932
- C:\Windows\System\lDHcxeb.exe
  C:\Windows\System\lDHcxeb.exe
  2⤵
  PID:7560
- C:\Windows\System\zJxGlrL.exe
  C:\Windows\System\zJxGlrL.exe
  2⤵
  PID:7936
- C:\Windows\System\ZxEWGrC.exe
  C:\Windows\System\ZxEWGrC.exe
  2⤵
  PID:8180
- C:\Windows\System\YBINyLU.exe
  C:\Windows\System\YBINyLU.exe
  2⤵
  PID:8088
- C:\Windows\System\iqyshJx.exe
  C:\Windows\System\iqyshJx.exe
  2⤵
  PID:7292
- C:\Windows\System\HEGFlwb.exe
  C:\Windows\System\HEGFlwb.exe
  2⤵
  PID:8056
- C:\Windows\System\ukTYlXn.exe
  C:\Windows\System\ukTYlXn.exe
  2⤵
  PID:8208
- C:\Windows\System\QhpfVkN.exe
  C:\Windows\System\QhpfVkN.exe
  2⤵
  PID:8236
- C:\Windows\System\jlmVLPb.exe
  C:\Windows\System\jlmVLPb.exe
  2⤵
  PID:8268
- C:\Windows\System\HWuIYlD.exe
  C:\Windows\System\HWuIYlD.exe
  2⤵
  PID:8284
- C:\Windows\System\BZvLlpV.exe
  C:\Windows\System\BZvLlpV.exe
  2⤵
  PID:8320
- C:\Windows\System\yLzBjHH.exe
  C:\Windows\System\yLzBjHH.exe
  2⤵
  PID:8352
- C:\Windows\System\ereEjgo.exe
  C:\Windows\System\ereEjgo.exe
  2⤵
  PID:8380
- C:\Windows\System\skpLhDq.exe
  C:\Windows\System\skpLhDq.exe
  2⤵
  PID:8404
- C:\Windows\System\DkNvCzQ.exe
  C:\Windows\System\DkNvCzQ.exe
  2⤵
  PID:8436
- C:\Windows\System\SttgJVT.exe
  C:\Windows\System\SttgJVT.exe
  2⤵
  PID:8464
- C:\Windows\System\bGwiqEM.exe
  C:\Windows\System\bGwiqEM.exe
  2⤵
  PID:8496
- C:\Windows\System\OIjWyYV.exe
  C:\Windows\System\OIjWyYV.exe
  2⤵
  PID:8524
- C:\Windows\System\zwkUZZS.exe
  C:\Windows\System\zwkUZZS.exe
  2⤵
  PID:8552
- C:\Windows\System\OduvNzj.exe
  C:\Windows\System\OduvNzj.exe
  2⤵
  PID:8584
- C:\Windows\System\waaekdW.exe
  C:\Windows\System\waaekdW.exe
  2⤵
  PID:8612
- C:\Windows\System\HBAUuuA.exe
  C:\Windows\System\HBAUuuA.exe
  2⤵
  PID:8640
- C:\Windows\System\jdxvhmG.exe
  C:\Windows\System\jdxvhmG.exe
  2⤵
  PID:8668
- C:\Windows\System\kMOuRqr.exe
  C:\Windows\System\kMOuRqr.exe
  2⤵
  PID:8692
- C:\Windows\System\yzudtCN.exe
  C:\Windows\System\yzudtCN.exe
  2⤵
  PID:8724
- C:\Windows\System\DufrrwU.exe
  C:\Windows\System\DufrrwU.exe
  2⤵
  PID:8756
- C:\Windows\System\UJjFvjt.exe
  C:\Windows\System\UJjFvjt.exe
  2⤵
  PID:8780
- C:\Windows\System\zfEYSMi.exe
  C:\Windows\System\zfEYSMi.exe
  2⤵
  PID:8808
- C:\Windows\System\erWYbQz.exe
  C:\Windows\System\erWYbQz.exe
  2⤵
  PID:8836
- C:\Windows\System\JDctAeD.exe
  C:\Windows\System\JDctAeD.exe
  2⤵
  PID:8864
- C:\Windows\System\sWpFjUk.exe
  C:\Windows\System\sWpFjUk.exe
  2⤵
  PID:8892
- C:\Windows\System\RgRaNkH.exe
  C:\Windows\System\RgRaNkH.exe
  2⤵
  PID:8920
- C:\Windows\System\rxZVLoE.exe
  C:\Windows\System\rxZVLoE.exe
  2⤵
  PID:8948
- C:\Windows\System\sedEVkr.exe
  C:\Windows\System\sedEVkr.exe
  2⤵
  PID:8976
- C:\Windows\System\rTJjwUc.exe
  C:\Windows\System\rTJjwUc.exe
  2⤵
  PID:9004
- C:\Windows\System\vGpFuRN.exe
  C:\Windows\System\vGpFuRN.exe
  2⤵
  PID:9032
- C:\Windows\System\eYGNZQp.exe
  C:\Windows\System\eYGNZQp.exe
  2⤵
  PID:9060
- C:\Windows\System\SIPlsfR.exe
  C:\Windows\System\SIPlsfR.exe
  2⤵
  PID:9088
- C:\Windows\System\BXtYyUE.exe
  C:\Windows\System\BXtYyUE.exe
  2⤵
  PID:9120
- C:\Windows\System\aCrWjGC.exe
  C:\Windows\System\aCrWjGC.exe
  2⤵
  PID:9152
- C:\Windows\System\EpBBDPr.exe
  C:\Windows\System\EpBBDPr.exe
  2⤵
  PID:9180
- C:\Windows\System\tFugrug.exe
  C:\Windows\System\tFugrug.exe
  2⤵
  PID:9208
- C:\Windows\System\IMzGdKH.exe
  C:\Windows\System\IMzGdKH.exe
  2⤵
  PID:8232
- C:\Windows\System\dFexBrH.exe
  C:\Windows\System\dFexBrH.exe
  2⤵
  PID:8312
- C:\Windows\System\eAIlnEb.exe
  C:\Windows\System\eAIlnEb.exe
  2⤵
  PID:8372
- C:\Windows\System\zmzeDJZ.exe
  C:\Windows\System\zmzeDJZ.exe
  2⤵
  PID:3276
- C:\Windows\System\iEVuQfI.exe
  C:\Windows\System\iEVuQfI.exe
  2⤵
  PID:1352
- C:\Windows\System\cIiTBhV.exe
  C:\Windows\System\cIiTBhV.exe
  2⤵
  PID:1084
- C:\Windows\System\YeuOgFP.exe
  C:\Windows\System\YeuOgFP.exe
  2⤵
  PID:8456
- C:\Windows\System\XKkmayC.exe
  C:\Windows\System\XKkmayC.exe
  2⤵
  PID:8508
- C:\Windows\System\DNkCmzK.exe
  C:\Windows\System\DNkCmzK.exe
  2⤵
  PID:8572
- C:\Windows\System\VxoOtQk.exe
  C:\Windows\System\VxoOtQk.exe
  2⤵
  PID:8680
- C:\Windows\System\YLccBMj.exe
  C:\Windows\System\YLccBMj.exe
  2⤵
  PID:8684
- C:\Windows\System\ogjuFRd.exe
  C:\Windows\System\ogjuFRd.exe
  2⤵
  PID:8772
- C:\Windows\System\FEoUvXo.exe
  C:\Windows\System\FEoUvXo.exe
  2⤵
  PID:8832
- C:\Windows\System\BjLrGuo.exe
  C:\Windows\System\BjLrGuo.exe
  2⤵
  PID:8904
- C:\Windows\System\KPbNdvP.exe
  C:\Windows\System\KPbNdvP.exe
  2⤵
  PID:8968
- C:\Windows\System\LDkaTXC.exe
  C:\Windows\System\LDkaTXC.exe
  2⤵
  PID:9024
- C:\Windows\System\PCjypmG.exe
  C:\Windows\System\PCjypmG.exe
  2⤵
  PID:9084
- C:\Windows\System\bQjcoPO.exe
  C:\Windows\System\bQjcoPO.exe
  2⤵
  PID:9164
- C:\Windows\System\veDKmyV.exe
  C:\Windows\System\veDKmyV.exe
  2⤵
  PID:8220
- C:\Windows\System\oYPOXWe.exe
  C:\Windows\System\oYPOXWe.exe
  2⤵
  PID:8364
- C:\Windows\System\fpvwGeS.exe
  C:\Windows\System\fpvwGeS.exe
  2⤵
  PID:312
- C:\Windows\System\uLxhVRr.exe
  C:\Windows\System\uLxhVRr.exe
  2⤵
  PID:1680
- C:\Windows\System\KzuyoDE.exe
  C:\Windows\System\KzuyoDE.exe
  2⤵
  PID:8664
- C:\Windows\System\ZknyFWg.exe
  C:\Windows\System\ZknyFWg.exe
  2⤵
  PID:8800
- C:\Windows\System\XDcfJOH.exe
  C:\Windows\System\XDcfJOH.exe
  2⤵
  PID:8944
- C:\Windows\System\LhmqntP.exe
  C:\Windows\System\LhmqntP.exe
  2⤵
  PID:9080
- C:\Windows\System\OMlPLFg.exe
  C:\Windows\System\OMlPLFg.exe
  2⤵
  PID:8280
- C:\Windows\System\ZEUBSEf.exe
  C:\Windows\System\ZEUBSEf.exe
  2⤵
  PID:8488
- C:\Windows\System\DLqwNqL.exe
  C:\Windows\System\DLqwNqL.exe
  2⤵
  PID:8876
- C:\Windows\System\SEnJZxO.exe
  C:\Windows\System\SEnJZxO.exe
  2⤵
  PID:8200
- C:\Windows\System\VkkZZke.exe
  C:\Windows\System\VkkZZke.exe
  2⤵
  PID:8748
- C:\Windows\System\TbeyHbx.exe
  C:\Windows\System\TbeyHbx.exe
  2⤵
  PID:8628
- C:\Windows\System\kNpvWON.exe
  C:\Windows\System\kNpvWON.exe
  2⤵
  PID:9232
- C:\Windows\System\vafTfab.exe
  C:\Windows\System\vafTfab.exe
  2⤵
  PID:9260
- C:\Windows\System\kUwuYwX.exe
  C:\Windows\System\kUwuYwX.exe
  2⤵
  PID:9288
- C:\Windows\System\mjCUoHU.exe
  C:\Windows\System\mjCUoHU.exe
  2⤵
  PID:9316
- C:\Windows\System\ZpFVjxz.exe
  C:\Windows\System\ZpFVjxz.exe
  2⤵
  PID:9344
- C:\Windows\System\EgVQqvc.exe
  C:\Windows\System\EgVQqvc.exe
  2⤵
  PID:9372
- C:\Windows\System\gBrXkGA.exe
  C:\Windows\System\gBrXkGA.exe
  2⤵
  PID:9412
- C:\Windows\System\xLfwGjP.exe
  C:\Windows\System\xLfwGjP.exe
  2⤵
  PID:9428
- C:\Windows\System\boiiZaE.exe
  C:\Windows\System\boiiZaE.exe
  2⤵
  PID:9456
- C:\Windows\System\hoYdJct.exe
  C:\Windows\System\hoYdJct.exe
  2⤵
  PID:9484
- C:\Windows\System\GQwZTSV.exe
  C:\Windows\System\GQwZTSV.exe
  2⤵
  PID:9512
- C:\Windows\System\cOKXBeL.exe
  C:\Windows\System\cOKXBeL.exe
  2⤵
  PID:9548
- C:\Windows\System\nVUwrHw.exe
  C:\Windows\System\nVUwrHw.exe
  2⤵
  PID:9568
- C:\Windows\System\AVTmtak.exe
  C:\Windows\System\AVTmtak.exe
  2⤵
  PID:9596
- C:\Windows\System\ENvnlzO.exe
  C:\Windows\System\ENvnlzO.exe
  2⤵
  PID:9624
- C:\Windows\System\zhsStML.exe
  C:\Windows\System\zhsStML.exe
  2⤵
  PID:9652
- C:\Windows\System\SnAnhOG.exe
  C:\Windows\System\SnAnhOG.exe
  2⤵
  PID:9680
- C:\Windows\System\eBpZLPj.exe
  C:\Windows\System\eBpZLPj.exe
  2⤵
  PID:9708
- C:\Windows\System\poldIAC.exe
  C:\Windows\System\poldIAC.exe
  2⤵
  PID:9736
- C:\Windows\System\GuQkTsS.exe
  C:\Windows\System\GuQkTsS.exe
  2⤵
  PID:9764
- C:\Windows\System\nSeNQgz.exe
  C:\Windows\System\nSeNQgz.exe
  2⤵
  PID:9796
- C:\Windows\System\qzlpDSi.exe
  C:\Windows\System\qzlpDSi.exe
  2⤵
  PID:9828
- C:\Windows\System\bWHzlIM.exe
  C:\Windows\System\bWHzlIM.exe
  2⤵
  PID:9852
- C:\Windows\System\bGoAeZD.exe
  C:\Windows\System\bGoAeZD.exe
  2⤵
  PID:9880
- C:\Windows\System\bfrwyBN.exe
  C:\Windows\System\bfrwyBN.exe
  2⤵
  PID:9908
- C:\Windows\System\ZWvTLrg.exe
  C:\Windows\System\ZWvTLrg.exe
  2⤵
  PID:9936
- C:\Windows\System\tptivgg.exe
  C:\Windows\System\tptivgg.exe
  2⤵
  PID:9964
- C:\Windows\System\RmHlXeZ.exe
  C:\Windows\System\RmHlXeZ.exe
  2⤵
  PID:9992
- C:\Windows\System\YXWEIIv.exe
  C:\Windows\System\YXWEIIv.exe
  2⤵
  PID:10020
- C:\Windows\System\LDENyiu.exe
  C:\Windows\System\LDENyiu.exe
  2⤵
  PID:10048
- C:\Windows\System\XMrTVew.exe
  C:\Windows\System\XMrTVew.exe
  2⤵
  PID:10076
- C:\Windows\System\UVdXqrH.exe
  C:\Windows\System\UVdXqrH.exe
  2⤵
  PID:10104
- C:\Windows\System\yTFBXDT.exe
  C:\Windows\System\yTFBXDT.exe
  2⤵
  PID:10132
- C:\Windows\System\fJIHwJW.exe
  C:\Windows\System\fJIHwJW.exe
  2⤵
  PID:10160
- C:\Windows\System\VZvjeyp.exe
  C:\Windows\System\VZvjeyp.exe
  2⤵
  PID:10188
- C:\Windows\System\dtIsiVF.exe
  C:\Windows\System\dtIsiVF.exe
  2⤵
  PID:10216
- C:\Windows\System\jMBFJtI.exe
  C:\Windows\System\jMBFJtI.exe
  2⤵
  PID:9224
- C:\Windows\System\WfbKLkc.exe
  C:\Windows\System\WfbKLkc.exe
  2⤵
  PID:9364
- C:\Windows\System\zvvjdiT.exe
  C:\Windows\System\zvvjdiT.exe
  2⤵
  PID:9476
- C:\Windows\System\UhOUozG.exe
  C:\Windows\System\UhOUozG.exe
  2⤵
  PID:9536
- C:\Windows\System\dmMElXr.exe
  C:\Windows\System\dmMElXr.exe
  2⤵
  PID:9636
- C:\Windows\System\TGSuBUP.exe
  C:\Windows\System\TGSuBUP.exe
  2⤵
  PID:9672
- C:\Windows\System\qoeRcFM.exe
  C:\Windows\System\qoeRcFM.exe
  2⤵
  PID:9848
- C:\Windows\System\QGApvcD.exe
  C:\Windows\System\QGApvcD.exe
  2⤵
  PID:10012
- C:\Windows\System\HJVdjyw.exe
  C:\Windows\System\HJVdjyw.exe
  2⤵
  PID:10088
- C:\Windows\System\feKDatx.exe
  C:\Windows\System\feKDatx.exe
  2⤵
  PID:10152
- C:\Windows\System\UNqlVhy.exe
  C:\Windows\System\UNqlVhy.exe
  2⤵
  PID:10232
- C:\Windows\System\zFoHVbt.exe
  C:\Windows\System\zFoHVbt.exe
  2⤵
  PID:9304
- C:\Windows\System\pQJnMvR.exe
  C:\Windows\System\pQJnMvR.exe
  2⤵
  PID:9452
- C:\Windows\System\brmJrNt.exe
  C:\Windows\System\brmJrNt.exe
  2⤵
  PID:9620
- C:\Windows\System\rbsmVAv.exe
  C:\Windows\System\rbsmVAv.exe
  2⤵
  PID:9820
- C:\Windows\System\xSznABz.exe
  C:\Windows\System\xSznABz.exe
  2⤵
  PID:10008
- C:\Windows\System\QXPZSad.exe
  C:\Windows\System\QXPZSad.exe
  2⤵
  PID:10148
- C:\Windows\System\PSdHBTU.exe
  C:\Windows\System\PSdHBTU.exe
  2⤵
  PID:9308
- C:\Windows\System\UlqZZqE.exe
  C:\Windows\System\UlqZZqE.exe
  2⤵
  PID:9700
- C:\Windows\System\ZdoNsFn.exe
  C:\Windows\System\ZdoNsFn.exe
  2⤵
  PID:5052
- C:\Windows\System\kcIUmKX.exe
  C:\Windows\System\kcIUmKX.exe
  2⤵
  PID:9420
- C:\Windows\System\wEDxlSL.exe
  C:\Windows\System\wEDxlSL.exe
  2⤵
  PID:10208
- C:\Windows\System\UPMSZeD.exe
  C:\Windows\System\UPMSZeD.exe
  2⤵
  PID:872
- C:\Windows\System\HFApldS.exe
  C:\Windows\System\HFApldS.exe
  2⤵
  PID:10248
- C:\Windows\System\vwZvFQI.exe
  C:\Windows\System\vwZvFQI.exe
  2⤵
  PID:10276
- C:\Windows\System\kDrpTsx.exe
  C:\Windows\System\kDrpTsx.exe
  2⤵
  PID:10304
- C:\Windows\System\sPflFTF.exe
  C:\Windows\System\sPflFTF.exe
  2⤵
  PID:10332
- C:\Windows\System\uGiOKYu.exe
  C:\Windows\System\uGiOKYu.exe
  2⤵
  PID:10360
- C:\Windows\System\mocjFcf.exe
  C:\Windows\System\mocjFcf.exe
  2⤵
  PID:10380
- C:\Windows\System\CCCQYuo.exe
  C:\Windows\System\CCCQYuo.exe
  2⤵
  PID:10404
- C:\Windows\System\cfUIotc.exe
  C:\Windows\System\cfUIotc.exe
  2⤵
  PID:10432
- C:\Windows\System\cfDhwbR.exe
  C:\Windows\System\cfDhwbR.exe
  2⤵
  PID:10472
- C:\Windows\System\AQEWpSo.exe
  C:\Windows\System\AQEWpSo.exe
  2⤵
  PID:10500
- C:\Windows\System\OwnmNjN.exe
  C:\Windows\System\OwnmNjN.exe
  2⤵
  PID:10532
- C:\Windows\System\FEPpLJT.exe
  C:\Windows\System\FEPpLJT.exe
  2⤵
  PID:10556
- C:\Windows\System\DntatWq.exe
  C:\Windows\System\DntatWq.exe
  2⤵
  PID:10584
- C:\Windows\System\GjtkWIk.exe
  C:\Windows\System\GjtkWIk.exe
  2⤵
  PID:10612
- C:\Windows\System\nQCauMB.exe
  C:\Windows\System\nQCauMB.exe
  2⤵
  PID:10640
- C:\Windows\System\jjqTSou.exe
  C:\Windows\System\jjqTSou.exe
  2⤵
  PID:10668
- C:\Windows\System\yupmjwF.exe
  C:\Windows\System\yupmjwF.exe
  2⤵
  PID:10696
- C:\Windows\System\izuztoL.exe
  C:\Windows\System\izuztoL.exe
  2⤵
  PID:10724
- C:\Windows\System\FqBKoLE.exe
  C:\Windows\System\FqBKoLE.exe
  2⤵
  PID:10752
- C:\Windows\System\BjyZahH.exe
  C:\Windows\System\BjyZahH.exe
  2⤵
  PID:10784
- C:\Windows\System\qmcMfga.exe
  C:\Windows\System\qmcMfga.exe
  2⤵
  PID:10812
- C:\Windows\System\XRvWdMS.exe
  C:\Windows\System\XRvWdMS.exe
  2⤵
  PID:10840
- C:\Windows\System\elCAMLh.exe
  C:\Windows\System\elCAMLh.exe
  2⤵
  PID:10868
- C:\Windows\System\GqrFtQj.exe
  C:\Windows\System\GqrFtQj.exe
  2⤵
  PID:10900
- C:\Windows\System\HYUXdBl.exe
  C:\Windows\System\HYUXdBl.exe
  2⤵
  PID:10928
- C:\Windows\System\TwSodEn.exe
  C:\Windows\System\TwSodEn.exe
  2⤵
  PID:10956
- C:\Windows\System\bFesAVF.exe
  C:\Windows\System\bFesAVF.exe
  2⤵
  PID:10984
- C:\Windows\System\WmBqpyQ.exe
  C:\Windows\System\WmBqpyQ.exe
  2⤵
  PID:11012
- C:\Windows\System\xsDycqc.exe
  C:\Windows\System\xsDycqc.exe
  2⤵
  PID:11040
- C:\Windows\System\vuyRmcU.exe
  C:\Windows\System\vuyRmcU.exe
  2⤵
  PID:11068
- C:\Windows\System\SzPkVgt.exe
  C:\Windows\System\SzPkVgt.exe
  2⤵
  PID:11096
- C:\Windows\System\XDzOJFg.exe
  C:\Windows\System\XDzOJFg.exe
  2⤵
  PID:11124
- C:\Windows\System\dgJqBWc.exe
  C:\Windows\System\dgJqBWc.exe
  2⤵
  PID:11140
- C:\Windows\System\sNCOGFa.exe
  C:\Windows\System\sNCOGFa.exe
  2⤵
  PID:11180
- C:\Windows\System\TwuMsfY.exe
  C:\Windows\System\TwuMsfY.exe
  2⤵
  PID:11196
- C:\Windows\System\xjXWOOh.exe
  C:\Windows\System\xjXWOOh.exe
  2⤵
  PID:11240
- C:\Windows\System\lecUhAA.exe
  C:\Windows\System\lecUhAA.exe
  2⤵
  PID:10244
- C:\Windows\System\pCxjPSL.exe
  C:\Windows\System\pCxjPSL.exe
  2⤵
  PID:10316
- C:\Windows\System\XOYbTyS.exe
  C:\Windows\System\XOYbTyS.exe
  2⤵
  PID:10392
- C:\Windows\System\WZxIMAQ.exe
  C:\Windows\System\WZxIMAQ.exe
  2⤵
  PID:10444
- C:\Windows\System\bgeogOM.exe
  C:\Windows\System\bgeogOM.exe
  2⤵
  PID:10516
- C:\Windows\System\mGoPviO.exe
  C:\Windows\System\mGoPviO.exe
  2⤵
  PID:10580
- C:\Windows\System\pCdikMe.exe
  C:\Windows\System\pCdikMe.exe
  2⤵
  PID:10632
- C:\Windows\System\fsqNUId.exe
  C:\Windows\System\fsqNUId.exe
  2⤵
  PID:10692
- C:\Windows\System\zjmFVEI.exe
  C:\Windows\System\zjmFVEI.exe
  2⤵
  PID:10796
- C:\Windows\System\jflKpVf.exe
  C:\Windows\System\jflKpVf.exe
  2⤵
  PID:10836
- C:\Windows\System\IqbsGMX.exe
  C:\Windows\System\IqbsGMX.exe
  2⤵
  PID:10888
- C:\Windows\System\iSjYXGl.exe
  C:\Windows\System\iSjYXGl.exe
  2⤵
  PID:10972
- C:\Windows\System\ggKtMoJ.exe
  C:\Windows\System\ggKtMoJ.exe
  2⤵
  PID:11036
- C:\Windows\System\CsszzMW.exe
  C:\Windows\System\CsszzMW.exe
  2⤵
  PID:11108
- C:\Windows\System\adygwFR.exe
  C:\Windows\System\adygwFR.exe
  2⤵
  PID:11172
- C:\Windows\System\RvxGzsQ.exe
  C:\Windows\System\RvxGzsQ.exe
  2⤵
  PID:9704
- C:\Windows\System\tVPmKzZ.exe
  C:\Windows\System\tVPmKzZ.exe
  2⤵
  PID:9336
- C:\Windows\System\GOgEBZS.exe
  C:\Windows\System\GOgEBZS.exe
  2⤵
  PID:4764
- C:\Windows\System\cDdbqiZ.exe
  C:\Windows\System\cDdbqiZ.exe
  2⤵
  PID:10388
- C:\Windows\System\aywNQyO.exe
  C:\Windows\System\aywNQyO.exe
  2⤵
  PID:10552
- C:\Windows\System\mIQcbWk.exe
  C:\Windows\System\mIQcbWk.exe
  2⤵
  PID:10688
- C:\Windows\System\TQLtvyW.exe
  C:\Windows\System\TQLtvyW.exe
  2⤵
  PID:10832
- C:\Windows\System\kAuJrzw.exe
  C:\Windows\System\kAuJrzw.exe
  2⤵
  PID:10952
- C:\Windows\System\VYncEbs.exe
  C:\Windows\System\VYncEbs.exe
  2⤵
  PID:11136
- C:\Windows\System\LbAKcTr.exe
  C:\Windows\System\LbAKcTr.exe
  2⤵
  PID:1724
- C:\Windows\System\KJmSxIq.exe
  C:\Windows\System\KJmSxIq.exe
  2⤵
  PID:10352
- C:\Windows\System\LEzHmjA.exe
  C:\Windows\System\LEzHmjA.exe
  2⤵
  PID:10680
- C:\Windows\System\BIyOXCw.exe
  C:\Windows\System\BIyOXCw.exe
  2⤵
  PID:11032
- C:\Windows\System\FUgKNwx.exe
  C:\Windows\System\FUgKNwx.exe
  2⤵
  PID:11260
- C:\Windows\System\oyzUJmq.exe
  C:\Windows\System\oyzUJmq.exe
  2⤵
  PID:10924
- C:\Windows\System\LtvETYQ.exe
  C:\Windows\System\LtvETYQ.exe
  2⤵
  PID:1200
- C:\Windows\System\bykeqsv.exe
  C:\Windows\System\bykeqsv.exe
  2⤵
  PID:11280
- C:\Windows\System\WSAxwpD.exe
  C:\Windows\System\WSAxwpD.exe
  2⤵
  PID:11308
- C:\Windows\System\FjFRGHc.exe
  C:\Windows\System\FjFRGHc.exe
  2⤵
  PID:11336
- C:\Windows\System\UcUMFVT.exe
  C:\Windows\System\UcUMFVT.exe
  2⤵
  PID:11364
- C:\Windows\System\mLQfhEB.exe
  C:\Windows\System\mLQfhEB.exe
  2⤵
  PID:11392
- C:\Windows\System\iiGimGN.exe
  C:\Windows\System\iiGimGN.exe
  2⤵
  PID:11420
- C:\Windows\System\GRjWrTC.exe
  C:\Windows\System\GRjWrTC.exe
  2⤵
  PID:11448
- C:\Windows\System\FXVArYw.exe
  C:\Windows\System\FXVArYw.exe
  2⤵
  PID:11476
- C:\Windows\System\jylbVCl.exe
  C:\Windows\System\jylbVCl.exe
  2⤵
  PID:11504
- C:\Windows\System\DNfSlYq.exe
  C:\Windows\System\DNfSlYq.exe
  2⤵
  PID:11532
- C:\Windows\System\OuQvtsY.exe
  C:\Windows\System\OuQvtsY.exe
  2⤵
  PID:11560
- C:\Windows\System\jziCGfl.exe
  C:\Windows\System\jziCGfl.exe
  2⤵
  PID:11600
- C:\Windows\System\GBDXVAA.exe
  C:\Windows\System\GBDXVAA.exe
  2⤵
  PID:11624
- C:\Windows\System\QmGSWUz.exe
  C:\Windows\System\QmGSWUz.exe
  2⤵
  PID:11648
- C:\Windows\System\DPctjkE.exe
  C:\Windows\System\DPctjkE.exe
  2⤵
  PID:11676
- C:\Windows\System\hSQXVez.exe
  C:\Windows\System\hSQXVez.exe
  2⤵
  PID:11704
- C:\Windows\System\rMSstuy.exe
  C:\Windows\System\rMSstuy.exe
  2⤵
  PID:11732
- C:\Windows\System\fZzMQce.exe
  C:\Windows\System\fZzMQce.exe
  2⤵
  PID:11760
- C:\Windows\System\tHKxALN.exe
  C:\Windows\System\tHKxALN.exe
  2⤵
  PID:11788
- C:\Windows\System\FGeeJab.exe
  C:\Windows\System\FGeeJab.exe
  2⤵
  PID:11816
- C:\Windows\System\OBxzyTV.exe
  C:\Windows\System\OBxzyTV.exe
  2⤵
  PID:11844
- C:\Windows\System\ICynNmT.exe
  C:\Windows\System\ICynNmT.exe
  2⤵
  PID:11872
- C:\Windows\System\RLVlmQE.exe
  C:\Windows\System\RLVlmQE.exe
  2⤵
  PID:11900
- C:\Windows\System\xfDQjxq.exe
  C:\Windows\System\xfDQjxq.exe
  2⤵
  PID:11928
- C:\Windows\System\ZDtCHxz.exe
  C:\Windows\System\ZDtCHxz.exe
  2⤵
  PID:11956
- C:\Windows\System\IbIWtOz.exe
  C:\Windows\System\IbIWtOz.exe
  2⤵
  PID:11984
- C:\Windows\System\DZKLvtv.exe
  C:\Windows\System\DZKLvtv.exe
  2⤵
  PID:12012
- C:\Windows\System\EyKXOAO.exe
  C:\Windows\System\EyKXOAO.exe
  2⤵
  PID:12056
- C:\Windows\System\mSFsbgt.exe
  C:\Windows\System\mSFsbgt.exe
  2⤵
  PID:12072
- C:\Windows\System\JuEvVou.exe
  C:\Windows\System\JuEvVou.exe
  2⤵
  PID:12100
- C:\Windows\System\PkCXcZn.exe
  C:\Windows\System\PkCXcZn.exe
  2⤵
  PID:12128
- C:\Windows\System\foSYPaT.exe
  C:\Windows\System\foSYPaT.exe
  2⤵
  PID:12156
- C:\Windows\System\sFINJDE.exe
  C:\Windows\System\sFINJDE.exe
  2⤵
  PID:12184
- C:\Windows\System\ACCMwZq.exe
  C:\Windows\System\ACCMwZq.exe
  2⤵
  PID:12212
- C:\Windows\System\DJKzNTm.exe
  C:\Windows\System\DJKzNTm.exe
  2⤵
  PID:12240
- C:\Windows\System\hcEaGzL.exe
  C:\Windows\System\hcEaGzL.exe
  2⤵
  PID:12268
- C:\Windows\System\RmKfDVU.exe
  C:\Windows\System\RmKfDVU.exe
  2⤵
  PID:11276
- C:\Windows\System\pfVEzGp.exe
  C:\Windows\System\pfVEzGp.exe
  2⤵
  PID:11348
- C:\Windows\System\DudspOM.exe
  C:\Windows\System\DudspOM.exe
  2⤵
  PID:11412
- C:\Windows\System\fxcLqDz.exe
  C:\Windows\System\fxcLqDz.exe
  2⤵
  PID:11468
- C:\Windows\System\WoyLxnT.exe
  C:\Windows\System\WoyLxnT.exe
  2⤵
  PID:11528
- C:\Windows\System\stlwbEf.exe
  C:\Windows\System\stlwbEf.exe
  2⤵
  PID:11580
- C:\Windows\System\RAzqLEj.exe
  C:\Windows\System\RAzqLEj.exe
  2⤵
  PID:11632
- C:\Windows\System\rHDVzzc.exe
  C:\Windows\System\rHDVzzc.exe
  2⤵
  PID:11696
- C:\Windows\System\AGQxnjL.exe
  C:\Windows\System\AGQxnjL.exe
  2⤵
  PID:11784
- C:\Windows\System\wmlZCSG.exe
  C:\Windows\System\wmlZCSG.exe
  2⤵
  PID:11828
- C:\Windows\System\UtXBruh.exe
  C:\Windows\System\UtXBruh.exe
  2⤵
  PID:1180
- C:\Windows\System\IboJwyQ.exe
  C:\Windows\System\IboJwyQ.exe
  2⤵
  PID:11924
- C:\Windows\System\DQZHclF.exe
  C:\Windows\System\DQZHclF.exe
  2⤵
  PID:11996
- C:\Windows\System\JjSsoPm.exe
  C:\Windows\System\JjSsoPm.exe
  2⤵
  PID:12064
- C:\Windows\System\IrVBhpv.exe
  C:\Windows\System\IrVBhpv.exe
  2⤵
  PID:12124
- C:\Windows\System\ENaZhej.exe
  C:\Windows\System\ENaZhej.exe
  2⤵
  PID:12196
- C:\Windows\System\bnKbTEn.exe
  C:\Windows\System\bnKbTEn.exe
  2⤵
  PID:12260
- C:\Windows\System\YqjrIZn.exe
  C:\Windows\System\YqjrIZn.exe
  2⤵
  PID:11328
- C:\Windows\System\tGNwwqL.exe
  C:\Windows\System\tGNwwqL.exe
  2⤵
  PID:11460
- C:\Windows\System\NOhrvwj.exe
  C:\Windows\System\NOhrvwj.exe
  2⤵
  PID:11556
- C:\Windows\System\eCBbGJO.exe
  C:\Windows\System\eCBbGJO.exe
  2⤵
  PID:11672
- C:\Windows\System\gjDqUOA.exe
  C:\Windows\System\gjDqUOA.exe
  2⤵
  PID:11808
- C:\Windows\System\AZcFunc.exe
  C:\Windows\System\AZcFunc.exe
  2⤵
  PID:976
- C:\Windows\System\sJejovv.exe
  C:\Windows\System\sJejovv.exe
  2⤵
  PID:2260
- C:\Windows\System\XODyOtZ.exe
  C:\Windows\System\XODyOtZ.exe
  2⤵
  PID:12152
- C:\Windows\System\PUFAwhj.exe
  C:\Windows\System\PUFAwhj.exe
  2⤵
  PID:11636
- C:\Windows\System\wSzJdYB.exe
  C:\Windows\System\wSzJdYB.exe
  2⤵
  PID:11524
- C:\Windows\System\xzFBSqp.exe
  C:\Windows\System\xzFBSqp.exe
  2⤵
  PID:1408
- C:\Windows\System\hoZPybk.exe
  C:\Windows\System\hoZPybk.exe
  2⤵
  PID:2456
- C:\Windows\System\VIRCblZ.exe
  C:\Windows\System\VIRCblZ.exe
  2⤵
  PID:12224
- C:\Windows\System\wdSSxJQ.exe
  C:\Windows\System\wdSSxJQ.exe
  2⤵
  PID:2540
- C:\Windows\System\TfpSGTH.exe
  C:\Windows\System\TfpSGTH.exe
  2⤵
  PID:12092
- C:\Windows\System\KRqCabg.exe
  C:\Windows\System\KRqCabg.exe
  2⤵
  PID:2052
- C:\Windows\System\skdZvyo.exe
  C:\Windows\System\skdZvyo.exe
  2⤵
  PID:11752
- C:\Windows\System\qUEMdXV.exe
  C:\Windows\System\qUEMdXV.exe
  2⤵
  PID:4504
- C:\Windows\System\DNNmifj.exe
  C:\Windows\System\DNNmifj.exe
  2⤵
  PID:12308
- C:\Windows\System\wEveVYC.exe
  C:\Windows\System\wEveVYC.exe
  2⤵
  PID:12336
- C:\Windows\System\dIYwFmT.exe
  C:\Windows\System\dIYwFmT.exe
  2⤵
  PID:12364
- C:\Windows\System\CARPzyH.exe
  C:\Windows\System\CARPzyH.exe
  2⤵
  PID:12392
- C:\Windows\System\pfGgzXP.exe
  C:\Windows\System\pfGgzXP.exe
  2⤵
  PID:12424
- C:\Windows\System\YryaEpn.exe
  C:\Windows\System\YryaEpn.exe
  2⤵
  PID:12452
- C:\Windows\System\yBHrcFH.exe
  C:\Windows\System\yBHrcFH.exe
  2⤵
  PID:12480
- C:\Windows\System\yMQSKPB.exe
  C:\Windows\System\yMQSKPB.exe
  2⤵
  PID:12508
- C:\Windows\System\mqUdQCC.exe
  C:\Windows\System\mqUdQCC.exe
  2⤵
  PID:12536
- C:\Windows\System\BajkHTd.exe
  C:\Windows\System\BajkHTd.exe
  2⤵
  PID:12564
- C:\Windows\System\eqdcXvs.exe
  C:\Windows\System\eqdcXvs.exe
  2⤵
  PID:12592
- C:\Windows\System\jonZBsj.exe
  C:\Windows\System\jonZBsj.exe
  2⤵
  PID:12620
- C:\Windows\System\ihVvqUf.exe
  C:\Windows\System\ihVvqUf.exe
  2⤵
  PID:12648
- C:\Windows\System\UfdRrHA.exe
  C:\Windows\System\UfdRrHA.exe
  2⤵
  PID:12676
- C:\Windows\System\lEhrfyM.exe
  C:\Windows\System\lEhrfyM.exe
  2⤵
  PID:12704
- C:\Windows\System\iwjBbYb.exe
  C:\Windows\System\iwjBbYb.exe
  2⤵
  PID:12732
- C:\Windows\System\mxWlgov.exe
  C:\Windows\System\mxWlgov.exe
  2⤵
  PID:12760
- C:\Windows\System\pCOusux.exe
  C:\Windows\System\pCOusux.exe
  2⤵
  PID:12788
- C:\Windows\System\qkdmnGy.exe
  C:\Windows\System\qkdmnGy.exe
  2⤵
  PID:12816
- C:\Windows\System\bjzCAXt.exe
  C:\Windows\System\bjzCAXt.exe
  2⤵
  PID:12844
- C:\Windows\System\getBAkt.exe
  C:\Windows\System\getBAkt.exe
  2⤵
  PID:12872
- C:\Windows\System\UslQKwI.exe
  C:\Windows\System\UslQKwI.exe
  2⤵
  PID:12900
- C:\Windows\System\tbkFDDf.exe
  C:\Windows\System\tbkFDDf.exe
  2⤵
  PID:12928
- C:\Windows\System\HNYKPww.exe
  C:\Windows\System\HNYKPww.exe
  2⤵
  PID:12956
- C:\Windows\System\gvSNtvw.exe
  C:\Windows\System\gvSNtvw.exe
  2⤵
  PID:12984
- C:\Windows\System\DTnNKDG.exe
  C:\Windows\System\DTnNKDG.exe
  2⤵
  PID:13012
- C:\Windows\System\emCjjxx.exe
  C:\Windows\System\emCjjxx.exe
  2⤵
  PID:13040
- C:\Windows\System\KfAjFhQ.exe
  C:\Windows\System\KfAjFhQ.exe
  2⤵
  PID:13068
- C:\Windows\System\dFuHRjl.exe
  C:\Windows\System\dFuHRjl.exe
  2⤵
  PID:13096
- C:\Windows\System\ONOhraF.exe
  C:\Windows\System\ONOhraF.exe
  2⤵
  PID:13124
- C:\Windows\System\bhGRpvG.exe
  C:\Windows\System\bhGRpvG.exe
  2⤵
  PID:13152
- C:\Windows\System\uXWEfbv.exe
  C:\Windows\System\uXWEfbv.exe
  2⤵
  PID:13180
- C:\Windows\System\FwMovOA.exe
  C:\Windows\System\FwMovOA.exe
  2⤵
  PID:13208
- C:\Windows\System\CETmoBz.exe
  C:\Windows\System\CETmoBz.exe
  2⤵
  PID:13236
- C:\Windows\System\PCYCRIy.exe
  C:\Windows\System\PCYCRIy.exe
  2⤵
  PID:12640
- C:\Windows\System\nILSkMC.exe
  C:\Windows\System\nILSkMC.exe
  2⤵
  PID:12700
- C:\Windows\System\waepDCa.exe
  C:\Windows\System\waepDCa.exe
  2⤵
  PID:12780
- C:\Windows\System\kYnaSTT.exe
  C:\Windows\System\kYnaSTT.exe
  2⤵
  PID:12840
- C:\Windows\System\MXdiziG.exe
  C:\Windows\System\MXdiziG.exe
  2⤵
  PID:12912
- C:\Windows\System\trmxvMl.exe
  C:\Windows\System\trmxvMl.exe
  2⤵
  PID:12976
- C:\Windows\System\fUemWBW.exe
  C:\Windows\System\fUemWBW.exe
  2⤵
  PID:13036
- C:\Windows\System\hNHxGoG.exe
  C:\Windows\System\hNHxGoG.exe
  2⤵
  PID:13120
- C:\Windows\System\nuYUbqM.exe
  C:\Windows\System\nuYUbqM.exe
  2⤵
  PID:13164
- C:\Windows\System\KYyIfDj.exe
  C:\Windows\System\KYyIfDj.exe
  2⤵
  PID:13204
- C:\Windows\System\upaVUjh.exe
  C:\Windows\System\upaVUjh.exe
  2⤵
  PID:13268
- C:\Windows\System\NRAoaNE.exe
  C:\Windows\System\NRAoaNE.exe
  2⤵
  PID:12604
- C:\Windows\System\ZfGBTJG.exe
  C:\Windows\System\ZfGBTJG.exe
  2⤵
  PID:12532
- C:\Windows\System\JZzJxRC.exe
  C:\Windows\System\JZzJxRC.exe
  2⤵
  PID:12476
- C:\Windows\System\brEqlHZ.exe
  C:\Windows\System\brEqlHZ.exe
  2⤵
  PID:12416
- C:\Windows\System\QIwMSIf.exe
  C:\Windows\System\QIwMSIf.exe
  2⤵
  PID:12348
- C:\Windows\System\edKhgna.exe
  C:\Windows\System\edKhgna.exe
  2⤵
  PID:12292
- C:\Windows\System\euEElIS.exe
  C:\Windows\System\euEElIS.exe
  2⤵
  PID:13292
- C:\Windows\System\wAgfKnS.exe
  C:\Windows\System\wAgfKnS.exe
  2⤵
  PID:12828
- C:\Windows\System\gCnMUEA.exe
  C:\Windows\System\gCnMUEA.exe
  2⤵
  PID:12968
- C:\Windows\System\NrkmljU.exe
  C:\Windows\System\NrkmljU.exe
  2⤵
  PID:13088
- C:\Windows\System\dUzjBSt.exe
  C:\Windows\System\dUzjBSt.exe
  2⤵
  PID:13264
- C:\Windows\System\cdoGjqK.exe
  C:\Windows\System\cdoGjqK.exe
  2⤵
  PID:12560
- C:\Windows\System\cSABFXw.exe
  C:\Windows\System\cSABFXw.exe
  2⤵
  PID:12384
- C:\Windows\System\dwySHpF.exe
  C:\Windows\System\dwySHpF.exe
  2⤵
  PID:13280
- C:\Windows\System\qHNBqoA.exe
  C:\Windows\System\qHNBqoA.exe
  2⤵
  PID:12892
- C:\Windows\System\wopfHin.exe
  C:\Windows\System\wopfHin.exe
  2⤵
  PID:13200
- C:\Windows\System\BdkXAuU.exe
  C:\Windows\System\BdkXAuU.exe
  2⤵
  PID:12440
- C:\Windows\System\amiklkL.exe
  C:\Windows\System\amiklkL.exe
  2⤵
  PID:12808
- C:\Windows\System\FXpMPkF.exe
  C:\Windows\System\FXpMPkF.exe
  2⤵
  PID:12300
- C:\Windows\System\xwFasUV.exe
  C:\Windows\System\xwFasUV.exe
  2⤵
  PID:12584
- C:\Windows\System\KinRHEi.exe
  C:\Windows\System\KinRHEi.exe
  2⤵
  PID:13340
- C:\Windows\System\ltMNBgR.exe
  C:\Windows\System\ltMNBgR.exe
  2⤵
  PID:13368
- C:\Windows\System\GLYHHaq.exe
  C:\Windows\System\GLYHHaq.exe
  2⤵
  PID:13396
- C:\Windows\System\poNNAOp.exe
  C:\Windows\System\poNNAOp.exe
  2⤵
  PID:13424
- C:\Windows\System\HMNYwZT.exe
  C:\Windows\System\HMNYwZT.exe
  2⤵
  PID:13452
- C:\Windows\System\UUuIXHX.exe
  C:\Windows\System\UUuIXHX.exe
  2⤵
  PID:13480
- C:\Windows\System\nvkxAXj.exe
  C:\Windows\System\nvkxAXj.exe
  2⤵
  PID:13508
- C:\Windows\System\yxxvhEH.exe
  C:\Windows\System\yxxvhEH.exe
  2⤵
  PID:13536
- C:\Windows\System\LOBwiHr.exe
  C:\Windows\System\LOBwiHr.exe
  2⤵
  PID:13564
- C:\Windows\System\bMeZZGH.exe
  C:\Windows\System\bMeZZGH.exe
  2⤵
  PID:13592
- C:\Windows\System\JVNyPOt.exe
  C:\Windows\System\JVNyPOt.exe
  2⤵
  PID:13620
- C:\Windows\System\NFLjreg.exe
  C:\Windows\System\NFLjreg.exe
  2⤵
  PID:13648
- C:\Windows\System\YmFskdE.exe
  C:\Windows\System\YmFskdE.exe
  2⤵
  PID:13676
- C:\Windows\System\vdFdzHV.exe
  C:\Windows\System\vdFdzHV.exe
  2⤵
  PID:13704
- C:\Windows\System\RCJbEHa.exe
  C:\Windows\System\RCJbEHa.exe
  2⤵
  PID:13732
- C:\Windows\System\XOmTvga.exe
  C:\Windows\System\XOmTvga.exe
  2⤵
  PID:13760
- C:\Windows\System\QesuTEi.exe
  C:\Windows\System\QesuTEi.exe
  2⤵
  PID:13788
- C:\Windows\System\xCtnRuT.exe
  C:\Windows\System\xCtnRuT.exe
  2⤵
  PID:13816
- C:\Windows\System\LZqmSzK.exe
  C:\Windows\System\LZqmSzK.exe
  2⤵
  PID:13844
- C:\Windows\System\TceRKkt.exe
  C:\Windows\System\TceRKkt.exe
  2⤵
  PID:13872
- C:\Windows\System\IWxYsnn.exe
  C:\Windows\System\IWxYsnn.exe
  2⤵
  PID:13900
- C:\Windows\System\hENvbso.exe
  C:\Windows\System\hENvbso.exe
  2⤵
  PID:13928
- C:\Windows\System\iTSkJEf.exe
  C:\Windows\System\iTSkJEf.exe
  2⤵
  PID:13956
- C:\Windows\System\xbvigBQ.exe
  C:\Windows\System\xbvigBQ.exe
  2⤵
  PID:13984
- C:\Windows\System\elWJZYc.exe
  C:\Windows\System\elWJZYc.exe
  2⤵
  PID:14012
- C:\Windows\System\qRSFCFd.exe
  C:\Windows\System\qRSFCFd.exe
  2⤵
  PID:14040
- C:\Windows\System\ZlwULNd.exe
  C:\Windows\System\ZlwULNd.exe
  2⤵
  PID:14068
- C:\Windows\System\UmMcUrx.exe
  C:\Windows\System\UmMcUrx.exe
  2⤵
  PID:14096
- C:\Windows\System\mhBdObL.exe
  C:\Windows\System\mhBdObL.exe
  2⤵
  PID:14124
- C:\Windows\System\izbCEdi.exe
  C:\Windows\System\izbCEdi.exe
  2⤵
  PID:14152
- C:\Windows\System\zuzGZPU.exe
  C:\Windows\System\zuzGZPU.exe
  2⤵
  PID:14184
- C:\Windows\System\oqJZyMj.exe
  C:\Windows\System\oqJZyMj.exe
  2⤵
  PID:14212
- C:\Windows\System\JzKChPz.exe
  C:\Windows\System\JzKChPz.exe
  2⤵
  PID:14240
- C:\Windows\System\YkyGLDX.exe
  C:\Windows\System\YkyGLDX.exe
  2⤵
  PID:14268
- C:\Windows\System\lsDqruT.exe
  C:\Windows\System\lsDqruT.exe
  2⤵
  PID:14296
- C:\Windows\System\fmRDkxJ.exe
  C:\Windows\System\fmRDkxJ.exe
  2⤵
  PID:14324
- C:\Windows\System\rrFxlfA.exe
  C:\Windows\System\rrFxlfA.exe
  2⤵
  PID:13360
- C:\Windows\System\YQeElwx.exe
  C:\Windows\System\YQeElwx.exe
  2⤵
  PID:13420
- C:\Windows\System\HObIwRm.exe
  C:\Windows\System\HObIwRm.exe
  2⤵
  PID:13496
- C:\Windows\System\lZmBeSH.exe
  C:\Windows\System\lZmBeSH.exe
  2⤵
  PID:13548
- C:\Windows\System\bKRoXkF.exe
  C:\Windows\System\bKRoXkF.exe
  2⤵
  PID:13616
- C:\Windows\System\fbMLFxU.exe
  C:\Windows\System\fbMLFxU.exe
  2⤵
  PID:3080
- C:\Windows\System\olNXKSu.exe
  C:\Windows\System\olNXKSu.exe
  2⤵
  PID:1808
- C:\Windows\System\CWWAnrd.exe
  C:\Windows\System\CWWAnrd.exe
  2⤵
  PID:13724
- C:\Windows\System\GFCflVH.exe
  C:\Windows\System\GFCflVH.exe
  2⤵
  PID:13784
- C:\Windows\System\rEDxAXk.exe
  C:\Windows\System\rEDxAXk.exe
  2⤵
  PID:13860
- C:\Windows\System\uqsNGAC.exe
  C:\Windows\System\uqsNGAC.exe
  2⤵
  PID:13912
- C:\Windows\System\cgVCxEC.exe
  C:\Windows\System\cgVCxEC.exe
  2⤵
  PID:12444
- C:\Windows\System\KhddvKU.exe
  C:\Windows\System\KhddvKU.exe
  2⤵
  PID:14032
- C:\Windows\System\nArmQxZ.exe
  C:\Windows\System\nArmQxZ.exe
  2⤵
  PID:14092
- C:\Windows\System\BqxTCXC.exe
  C:\Windows\System\BqxTCXC.exe
  2⤵
  PID:14148
- C:\Windows\System\xhxRkrK.exe
  C:\Windows\System\xhxRkrK.exe
  2⤵
  PID:14224
- C:\Windows\System\fMygDvM.exe
  C:\Windows\System\fMygDvM.exe
  2⤵
  PID:14288
- C:\Windows\System\fBLwlPT.exe
  C:\Windows\System\fBLwlPT.exe
  2⤵
  PID:13352
- C:\Windows\System\pzapCTu.exe
  C:\Windows\System\pzapCTu.exe
  2⤵
  PID:13528
- C:\Windows\System\zWwzhPu.exe
  C:\Windows\System\zWwzhPu.exe
  2⤵
  PID:4732
- C:\Windows\System\LQckFlT.exe
  C:\Windows\System\LQckFlT.exe
  2⤵
  PID:13716
- C:\Windows\System\ktNtmZV.exe
  C:\Windows\System\ktNtmZV.exe
  2⤵
  PID:13840
- C:\Windows\System\RYVglob.exe
  C:\Windows\System\RYVglob.exe
  2⤵
  PID:14064
- C:\Windows\System\QTgCcbt.exe
  C:\Windows\System\QTgCcbt.exe
  2⤵
  PID:5272
- C:\Windows\System\BqtXZhZ.exe
  C:\Windows\System\BqtXZhZ.exe
  2⤵
  PID:14264
- C:\Windows\System\FcILuzA.exe
  C:\Windows\System\FcILuzA.exe
  2⤵
  PID:13476
- C:\Windows\System\FtkoBPe.exe
  C:\Windows\System\FtkoBPe.exe
  2⤵
  PID:3388
- C:\Windows\System\EafeAiq.exe
  C:\Windows\System\EafeAiq.exe
  2⤵
  PID:5936
- C:\Windows\System\InAVEKK.exe
  C:\Windows\System\InAVEKK.exe
  2⤵
  PID:13588
- C:\Windows\System\jgYlpyR.exe
  C:\Windows\System\jgYlpyR.exe
  2⤵
  PID:14252
- C:\Windows\System\mkjwRPL.exe
  C:\Windows\System\mkjwRPL.exe
  2⤵
  PID:5808
- C:\Windows\System\rLPEtUR.exe
  C:\Windows\System\rLPEtUR.exe
  2⤵
  PID:14172
- C:\Windows\System\EWHgDZg.exe
  C:\Windows\System\EWHgDZg.exe
  2⤵
  PID:5908
- C:\Windows\System\zyaiFYu.exe
  C:\Windows\System\zyaiFYu.exe
  2⤵
  PID:6140
- C:\Windows\System\HsbnuGn.exe
  C:\Windows\System\HsbnuGn.exe
  2⤵
  PID:14356
- C:\Windows\System\vwXllsk.exe
  C:\Windows\System\vwXllsk.exe
  2⤵
  PID:14384
- C:\Windows\System\tHwVEcs.exe
  C:\Windows\System\tHwVEcs.exe
  2⤵
  PID:14412
- C:\Windows\System\SHquzlb.exe
  C:\Windows\System\SHquzlb.exe
  2⤵
  PID:14440
- C:\Windows\System\rdkPwCR.exe
  C:\Windows\System\rdkPwCR.exe
  2⤵
  PID:14468
- C:\Windows\System\KvgFwkn.exe
  C:\Windows\System\KvgFwkn.exe
  2⤵
  PID:14496
- C:\Windows\System\OyjTNQR.exe
  C:\Windows\System\OyjTNQR.exe
  2⤵
  PID:14524
- C:\Windows\System\EBjmNqg.exe
  C:\Windows\System\EBjmNqg.exe
  2⤵
  PID:14552
- C:\Windows\System\JCxwxxm.exe
  C:\Windows\System\JCxwxxm.exe
  2⤵
  PID:14584
- C:\Windows\System\debRJFZ.exe
  C:\Windows\System\debRJFZ.exe
  2⤵
  PID:14612
- C:\Windows\System\YJjzbQC.exe
  C:\Windows\System\YJjzbQC.exe
  2⤵
  PID:14640
- C:\Windows\System\DXEQnNQ.exe
  C:\Windows\System\DXEQnNQ.exe
  2⤵
  PID:14668
- C:\Windows\System\bHpSWca.exe
  C:\Windows\System\bHpSWca.exe
  2⤵
  PID:14696
- C:\Windows\System\zgnYwEC.exe
  C:\Windows\System\zgnYwEC.exe
  2⤵
  PID:14724
- C:\Windows\System\ezUmzRE.exe
  C:\Windows\System\ezUmzRE.exe
  2⤵
  PID:14752
- C:\Windows\System\WYHKOLP.exe
  C:\Windows\System\WYHKOLP.exe
  2⤵
  PID:14780
- C:\Windows\System\fHORoPf.exe
  C:\Windows\System\fHORoPf.exe
  2⤵
  PID:14808

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BGWwwQa.exe

Filesize
6.0MB

MD5
c4811599966b2c785311a1791ae390e9

SHA1
04186bb2a58d700532f27212bdaf994cd89127c2

SHA256
0a7e69dedf1d73e4b1615f01b71f82971787c208eb80ccc33d06aaaa091de755

SHA512
2df27f108d14a221b17d41a889bd498ab5a36656d914feac70ead0a7d916d75210db8ac725defb36a7af5953c6e8b48f9d086ecd59d24c969feb8357c65c518a

Download Submit
C:\Windows\System\EcUpUfp.exe

Filesize
6.0MB

MD5
bba052c016fdb0335e37c592a2c6e8d7

SHA1
2176003e98c21896ea3c5c388707a756b1aad4a0

SHA256
83bcd46c74115a27684a8ccbc8377f4ecd90b44b5ef65fb7415b3fc631ec5e6c

SHA512
e08dd6aec5d9cf0b4224584a442a8990aa413586e4c21b3147a21a4637ccc5eb94d96061e3e213ee7892ce1c18c63dde957c0a7183ea8b49601c590539a83017

Download Submit
C:\Windows\System\HnFNkDb.exe

Filesize
6.0MB

MD5
633c962d9dfa50edc5ef73475bd6cfdb

SHA1
32cbd0c9cd91f34bb70b1b74aeafa249a03d08df

SHA256
d60e519e7403b6732bdaea3507e2af3cdf0c937f6b13f0a540c7065f3229fb04

SHA512
dd665f36b25d516722773f49ee48bd1fad1b417cc8b614c9282abab40386af128bbc16092c881a4a9da954df8452360a26b03487046bb3451740af24ac689dd5

Download Submit
C:\Windows\System\JeNXVnk.exe

Filesize
6.0MB

MD5
61f64997d6debb1bf81f2ed9ea04e11f

SHA1
6231ae7dff9520674169943ded4d647f2f472dfc

SHA256
33072347bed78d086de89ffb49b2a82291a4566bfb24f206a1f70bfb4c116c98

SHA512
ea5f88a028fd4e9b829b1b0249259b6cbe14adbde7f805574184f33a859c6d87b24d2240908a1e5c0abe9ac7c5a48e39aee6d59820f7f4fe2f2bd62667239675

Download Submit
C:\Windows\System\JevWZGD.exe

Filesize
6.0MB

MD5
7cd57c09474e6a6fd46f0040c82494ef

SHA1
b2cb731d5c1ba5f0c98255acb1c3f64404d92a21

SHA256
0d9f064cf8237c204bff4c546375cfaad4fa9d96d8ca798eb4b398de058f798d

SHA512
1e11fd9d57d9d42e8bfd1d873b70bdadc335d8c92320736d3d522a03001e2609278aa9a75258179e113b5af97075c69d7042f46d97c55cc05d363683f74b3f30

Download Submit
C:\Windows\System\KCABTpj.exe

Filesize
6.0MB

MD5
854ebfb39728e4ff515d93b9dd23a51b

SHA1
18fc062f192c215a47303ce3adc3788e8bd0724e

SHA256
cdc953ee917243d14e3b64ba3e211d74ef1c45d0e66dacef05b16d5a6dc27756

SHA512
eb4c115f5c258aa81adbb7c912ffe4549ee6403f3db26fbec7b81a62f1ae9a31ee7cb1ff82bc621d651e30cd6dfc1ffc995e26e00392e6ab6ea792ade82c711f

Download Submit
C:\Windows\System\KnSjFSk.exe

Filesize
6.0MB

MD5
9f2e899345a8ad1252cf62c4ebc07c22

SHA1
8527f01d8ba16e555b3843d136fcb68f518052fc

SHA256
2e15451a8bfdaffe4e20727f9198cf292bab226cc64a6f9cb5b87e64ba193324

SHA512
c4b38a1681cd70329341639ce9ec71d5579a2a2b5edb3454911e5cf9818d889611a2094172767ce031c7292246ceb5a030179c88a59d89b606420f834e8f6b29

Download Submit
C:\Windows\System\MMrlqXB.exe

Filesize
6.0MB

MD5
801622cff3ef921dbd53c71946184095

SHA1
b285e52b97ada4b30915b9f116e3f2332edfc871

SHA256
17ff720eaf025bab32db7a62cc3c400cdc7dc26f5c1aa88afd0f20c85f6fe2eb

SHA512
881eb755310ed29bbdb29009233a2bc1e40d65842fc61489ebe68ec6174e1280c4ccbb92414cc727f91e5af6ba8927a0d71ef13f8f593e073bf17757d12288c7

Download Submit
C:\Windows\System\OrXtZHQ.exe

Filesize
6.0MB

MD5
ab44443f2036f704d1140b96a37abd5f

SHA1
bdebb995b88b07e2fcd0294a4c9e88443fe5e8d4

SHA256
7d698d491b92a0a8c9f778579fb179f32ba8ad44bcac18ed9541d46d118df6ab

SHA512
54aa1156c4f7b176149dff4e5405da52c7b1080b0527105139adaa8bbc53b944492a778f146e38eb2123d2114738e493f3cbcd24fa18ebae5c52ab0cd559abd8

Download Submit
C:\Windows\System\PDUcOaq.exe

Filesize
6.0MB

MD5
b1d83daf3cacd05a9ed7a1f43e5094db

SHA1
b21dbc2886733c4ef8617bc2fedd276b4081d067

SHA256
7c0eb9522f9ea9f0a973b8fcf4257af1c532ee7b4c680ec591b0073437373b48

SHA512
712f63efa2fee261cb74b1cf48196e8dfc9e389c92b9a5d83eb22d0aab2f0eea572138182343842af8cf6f792c840d0d81d3bbb56c57be35f1371dc27095554c

Download Submit
C:\Windows\System\QkMdbPA.exe

Filesize
6.0MB

MD5
68e7a30665c04e6b2c0dc89caea399c5

SHA1
68d29046557716b0aa2021d4c3e91186d7736673

SHA256
8a7c8fd3e551b200b0627445fa81d690f55446307d297021f790c15e71bcc0ae

SHA512
a857850e1b2ce9a0e9a1231e25a9b223be3186abed21602ada4d262887de794ba0c2628bf49d402a309167407675127f40a8f640c038ae660b5bd85c43ab9f3d

Download Submit
C:\Windows\System\UJGPZPp.exe

Filesize
6.0MB

MD5
41c2d73b2b9b38007deace11ec357296

SHA1
73b974500d19f30824ebb9d1122885a6319fe499

SHA256
0e3828b6b95c9a570f89d8c43acb7c9f6a6a76c5651446bca37f471a1593a693

SHA512
5d572e61c249e6202dbff6bae25e2a025459ce38c99e3939ee4fe985d92c4d806b4151aa43daeec98ea90b6e69140139ddbfc49ba8a806346ea9f101f5882b08

Download Submit
C:\Windows\System\WammIzd.exe

Filesize
6.0MB

MD5
d9fe2123dc4e3faa94c868e28cbcc21e

SHA1
9d635060763cd936a119257c967e7c4c9a9f0fbf

SHA256
1b759cadc747512b66ef42c55247d39cc99ca0f5fa7154add9007784d1cc71b7

SHA512
cef00c442df60d5cf5f328282d86915c4d7099282a0ff3ba933822b4b49112b3e2d7350357abd9644e01072fd01e2912a2762cbbe149f085e3e82fcf9eae5103

Download Submit
C:\Windows\System\XKeFimO.exe

Filesize
6.0MB

MD5
6f6c99032f5f646f93d0f75deed71948

SHA1
33a77c2a7e4a8a628ade468ffc78282f1e80f5d8

SHA256
9e133cc95af7bbc48ec6f74d9411c2cdec2a10e34d238a3155185ffdd8c9bc2b

SHA512
ca967f75de72a755a6e19719ffff38caf50ad98c4b10452fba50f184ba7205a35e6c23422cc0f511a67408ec9eb563059bab7126eb17e4a222eacb1d2f3b2f88

Download Submit
C:\Windows\System\YTwbDXn.exe

Filesize
6.0MB

MD5
dbb9d8cd551fc6d27d05192bfdefa273

SHA1
838177a2641ec02d667d12a07ce3893d9ad4772e

SHA256
e24c6464ce6e7e50917710a5c0e615b6fce162717dcc17ab7c766804329897bb

SHA512
3dbc9a2570145366ad96a714fcc8a4bc8faa41c516fef9ec2f739c85402973f1b588939a561cc2974ddb6ccf58dd08686a246a32e17131c9da441e559f5d167d

Download Submit
C:\Windows\System\YrdzIwp.exe

Filesize
6.0MB

MD5
ddb8f026b69d19fe68c1b31ce65b9b3a

SHA1
348d3194ab0f23826d1c5db7caca0d18366f39d6

SHA256
b0a022a4cac7e00161e225cfc03147810d4acbd8c636ff3e009ee99b3049a024

SHA512
9b47476e2722e1a310d91781efaae2eba5066ffaa4fa79c14386e12f028adb2fd31705ddde3e8f2d9b298996ef54719b848b7849244f3198b1da8e85e3088fcf

Download Submit
C:\Windows\System\ZAgZLFi.exe

Filesize
6.0MB

MD5
28ee1083acda376ef7202f8f6cf5e1ff

SHA1
2d9d0fb0719e39fa63c6558c2c314f8187737558

SHA256
7db17fa65918bc3573bc0298532340a278e1694289ff9fff3bb2be59fdec0a82

SHA512
f15baa90839ac8dce677129b0dc695a4cff5c9e8ee0a59b8e4f4d9018daa9d8b866b58207b62a807332a51bb9ee57698b34810618438a353ee55dcac8ada41c9

Download Submit
C:\Windows\System\ZoTCSSb.exe

Filesize
6.0MB

MD5
39bd840429829f0c4ab25f0ddeec0db4

SHA1
f4fe6f9945cd43f3b4c2e3ea26a67259f882291b

SHA256
7dd880e8eb3e2336c765aae1333d3a51d31a0bcd09a32234c2701b5be1f2c106

SHA512
d53f8d7aab9113e6411e6f804e75db7e75fd88e178506d954a15e22ae1e6f265070dc2979b776d58b3ece4e66cb98bc15e9796ee6427c558ae73264d4a244ffc

Download Submit
C:\Windows\System\bIhERGU.exe

Filesize
6.0MB

MD5
ec76b4e04acccf96f7dd9546f7ff1068

SHA1
c4a7892962b31f3dfb59e5500096ede2b2fb343a

SHA256
c99265e42a8914ec3debfba355bc3723a0e9393eb58b3c8b5e1f1785b69f6dc0

SHA512
0f1e8c608482cdcb97d70542ae6d01469b4c831446ad1a0a0188149f83d347c7f1e914e09ef2d2f1e61be1eeadaa923c5228c64982271f072edc835bb1cccdea

Download Submit
C:\Windows\System\eJfmnOC.exe

Filesize
6.0MB

MD5
ef8354ce192ac86e578c3f5733207c12

SHA1
66994530188f9be4a4ee65aac166bf00bafccfd5

SHA256
0016420238f8a3539e98ec695010752bda819ae04c34348a642c9fce97989b8d

SHA512
bf2962e615f0387d792df5e442de63374d08ab68344aac4ea1ae84247ce795827defee1fcd6e76038d5c5d4c0291a720ec472ba026d44eb2543d2d34556f3123

Download Submit
C:\Windows\System\geHfRUC.exe

Filesize
6.0MB

MD5
89fc3663c3d45fd74576a4ec8525f9e0

SHA1
c72a760c8289db6c1c1d3333c77cf64a3032a945

SHA256
bab853aadef7d8f38c82e13d51588642d28278a963d3249f179b14d0a9bf7a77

SHA512
1ed6a018488e0baf17bb81c1260621eafd1b523162cb7d7c8ba824030562808f62cf3b9211caf0648d831a611cb6b044396286b41b08cf5d91429791560ca2ec

Download Submit
C:\Windows\System\hCmOdJQ.exe

Filesize
6.0MB

MD5
0f404e14e862fdbe7477e2a681ba15bb

SHA1
44635b168c3eb1e3afe844c8a597b7ad35a4e032

SHA256
24a04fb36860c654ea9792d8cac77b20054ef1b8f4a7e5d126e0d634c6d176ad

SHA512
8a232c5531c8f5fb827b9103129f1d72050a68582e7f675628402ffc2252be7b0c6e0e44701f33ffb2125174cfcf35420f05ce4e460077b9d557dcc420daf8c7

Download Submit
C:\Windows\System\hGMZNsM.exe

Filesize
6.0MB

MD5
99805e208c0aa99e1b3f11c2a576081e

SHA1
8cd1d2c8713db6de58caacc5257af2bc453e42df

SHA256
7f4f8fe978b2f85a0a50cfa5d48e1d0a2763bccd93c3bd9aa2cf2033f8b283ca

SHA512
ec24a221cda043bfb36fdcbc75ed2e7a5652a6b08694a9a6286cb47470f5705cb670fde14f27d5e9ca7e1c43ea9e48566df7a0fd8e84bb6ad7291d85d93a4244

Download Submit
C:\Windows\System\iBfVaiS.exe

Filesize
6.0MB

MD5
c9540dfbed10aedc7ee65eefb01d2153

SHA1
887c1de124f31229b0dc9e2cfafb9551b6a02e51

SHA256
af582e5d788704a1452a4239c92704d564ddac5980c46353ead94da7d2e88a51

SHA512
ea8cae8f5db67e651f4d39ca5b9da2c4f25b1267940ea4c33a45bedfa01ce18a15575ce39877e092209c7c788f5c0a53e141f1a4bb88d3b5deb0861d048117f6

Download Submit
C:\Windows\System\lljIIiv.exe

Filesize
6.0MB

MD5
2d017e55c9cc2f360f86da9f962edd64

SHA1
5facdad167fe0237a2f0f07c2916630248699c87

SHA256
123acb0048ee5cde3f73b5864671ceb450a01aa997f816aecbda769b35093e7e

SHA512
20c700ef05d7929a1fbd4c7c7d195b2892bb3d5d5b5bb20cf3b6ff6be18f86f1d7be08ae7f467ae1c748d9ce54e62695f2c0b48fea599bb287eb436353f0a8a1

Download Submit
C:\Windows\System\mbqQCmX.exe

Filesize
6.0MB

MD5
ea9f27bff532a29eff29268ecc9eef3a

SHA1
ea6a8d66c65747622a47a13c3f08dfadc2d46185

SHA256
647ad6164912745d7bb88e00b19dc7a17d1e6b714262fb19bdd241452118d4df

SHA512
816e6cae934234f50633eef5b3151a56b2f7ef8eef750eb42510419b995fdb4cae6ffa519d1da202b41e1eff7b5b520e3295e521a0e58b6a5cbb3c5351329982

Download Submit
C:\Windows\System\nQYyTbB.exe

Filesize
6.0MB

MD5
98fc37cc2d9a21d438dfa4e3fafeaae0

SHA1
cc6fc64b4e202bc0d0524945a851b9d2c01e6b7b

SHA256
9e36f61563c9d2dd3998c51cec4ad951cdbfaab78a8140f25424112d040e0bd5

SHA512
8b50c6c7d33e32a41f0fb5590fc328e2f2540df78469cfd69aaec054cb4b2ecc602ef651cb2b6f13c43bde593e30d072effd8cbdbff71c394eee8fadf2110338

Download Submit
C:\Windows\System\ncdXHed.exe

Filesize
6.0MB

MD5
084c6dde9422282b209fb56a3051aced

SHA1
3e5549f6564eb9463169f9e4054cd02cacdbd062

SHA256
f4601435c3ef2a62bf3aa4a20863a4610a8ba54e0307bb19de36c19055159ff5

SHA512
636c1ae100f3db29a5a32a0e1835656207006dc7e35aa489194cbb06504ada3b003e8d1d2c403052dbe332185f6a1992c04b1394082946aa24749d1cfbb7f281

Download Submit
C:\Windows\System\pGbTQpi.exe

Filesize
6.0MB

MD5
4f2feaa22ba47fe45a8dff057ed28966

SHA1
d5776303a04b35973ef6c13b8572290dd809cf0d

SHA256
afe654963216a129206634ae3ef9846a623afba083d4df221bdcd7fc448210a2

SHA512
7371337ecc371ae23cd238cbf3c5057e8fb617d215281e5640f393ea6d9817b1af79d6ebb7bf264142db66d19ac92f4e731e67d30eedd8bb1cac7547d88a1bb4

Download Submit
C:\Windows\System\sYRHJZf.exe

Filesize
6.0MB

MD5
9d4951ce01882f020f37190eb2d811f5

SHA1
ab0d4abf9fd1073cd879710960d4e23db14fa455

SHA256
22d5c8c6fb8b76fb6400168f7337a5ced23b5f44b37e8228f5acac34c53adf56

SHA512
c3ed8c828793a8db065622ebea375f597cdd7b86355d7e0ef79adc73f8b6857be76001fd495df487cb76897ea3f075eb4b96662b24f1f5460ee7b45a0dfbde63

Download Submit
C:\Windows\System\tzSWcGr.exe

Filesize
6.0MB

MD5
e3cbee2458114e37b4e546362cb5c71c

SHA1
b20bf0d04602ae7ab075d7aa1ad9b412b639a53b

SHA256
f99a4594ba9e0aa550b5151d38bdb28635a43268939b2033b74690f3622a8b79

SHA512
620cae9e06987e59655f61618ffcba577d1fefbe9cb332dd2a3c4a5c944d7e1d9639219e120ee05d51cff70b58bc580778e1083a6daaef469761be07492e78ec

Download Submit
C:\Windows\System\ygKxYky.exe

Filesize
6.0MB

MD5
56c7118f2e92bd38f1ee9f265ca3091f

SHA1
0a6f599c7224d14fff73e1e9d97cac4c1b9e773b

SHA256
a90cf6bc517ec8556b6bb69a79fe2d63973b07041733d9c1e487b9e13ccab1af

SHA512
cf16d253f25bae3a8088b7576538dd5e2be884f3d17d6b6000e372a6c2059c8b8d13c516cf90f3338ea9eca36a9b2e8ad727462dcc0a4f8a1576c37bf1f3bbcc

Download Submit
memory/404-797-0x00007FF722810000-0x00007FF722B64000-memory.dmp

Filesize
3.3MB

Download
memory/404-2332-0x00007FF722810000-0x00007FF722B64000-memory.dmp

Filesize
3.3MB

Download
memory/752-62-0x00007FF789680000-0x00007FF7899D4000-memory.dmp

Filesize
3.3MB

Download
memory/868-759-0x00007FF6929F0000-0x00007FF692D44000-memory.dmp

Filesize
3.3MB

Download
memory/868-1305-0x00007FF6929F0000-0x00007FF692D44000-memory.dmp

Filesize
3.3MB

Download
memory/868-2319-0x00007FF6929F0000-0x00007FF692D44000-memory.dmp

Filesize
3.3MB

Download
memory/884-2328-0x00007FF728540000-0x00007FF728894000-memory.dmp

Filesize
3.3MB

Download
memory/884-785-0x00007FF728540000-0x00007FF728894000-memory.dmp

Filesize
3.3MB

Download
memory/984-2334-0x00007FF7414B0000-0x00007FF741804000-memory.dmp

Filesize
3.3MB

Download
memory/984-800-0x00007FF7414B0000-0x00007FF741804000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2322-0x00007FF606890000-0x00007FF606BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-768-0x00007FF606890000-0x00007FF606BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2296-0x00007FF70D780000-0x00007FF70DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-951-0x00007FF70D780000-0x00007FF70DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-42-0x00007FF70D780000-0x00007FF70DAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-801-0x00007FF649A50000-0x00007FF649DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2333-0x00007FF649A50000-0x00007FF649DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-805-0x00007FF6FE360000-0x00007FF6FE6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2331-0x00007FF6FE360000-0x00007FF6FE6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-56-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp

Filesize
3.3MB

Download
memory/1820-20-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2135-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp

Filesize
3.3MB

Download
memory/1956-70-0x00007FF70BCC0000-0x00007FF70C014000-memory.dmp

Filesize
3.3MB

Download
memory/2224-51-0x00007FF6711B0000-0x00007FF671504000-memory.dmp

Filesize
3.3MB

Download
memory/2224-0-0x00007FF6711B0000-0x00007FF671504000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1-0x000001435F570000-0x000001435F580000-memory.dmp

Filesize
64KB

Download
memory/2288-2325-0x00007FF6315E0000-0x00007FF631934000-memory.dmp

Filesize
3.3MB

Download
memory/2288-777-0x00007FF6315E0000-0x00007FF631934000-memory.dmp

Filesize
3.3MB

Download
memory/2380-771-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2323-0x00007FF6A03B0000-0x00007FF6A0704000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2320-0x00007FF634FC0000-0x00007FF635314000-memory.dmp

Filesize
3.3MB

Download
memory/2548-808-0x00007FF634FC0000-0x00007FF635314000-memory.dmp

Filesize
3.3MB

Download
memory/2600-765-0x00007FF7C7260000-0x00007FF7C75B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2321-0x00007FF7C7260000-0x00007FF7C75B4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2324-0x00007FF68ABF0000-0x00007FF68AF44000-memory.dmp

Filesize
3.3MB

Download
memory/2628-775-0x00007FF68ABF0000-0x00007FF68AF44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-46-0x00007FF6B0BD0000-0x00007FF6B0F24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1015-0x00007FF6B0BD0000-0x00007FF6B0F24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2298-0x00007FF6B0BD0000-0x00007FF6B0F24000-memory.dmp

Filesize
3.3MB

Download
memory/3008-55-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2122-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-7-0x00007FF68BE70000-0x00007FF68C1C4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-789-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2336-0x00007FF61CC30000-0x00007FF61CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3560-1165-0x00007FF7AFA50000-0x00007FF7AFDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-65-0x00007FF7AFA50000-0x00007FF7AFDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3704-30-0x00007FF78E8D0000-0x00007FF78EC24000-memory.dmp

Filesize
3.3MB

Download
memory/3704-823-0x00007FF78E8D0000-0x00007FF78EC24000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2327-0x00007FF6E3510000-0x00007FF6E3864000-memory.dmp

Filesize
3.3MB

Download
memory/3884-780-0x00007FF6E3510000-0x00007FF6E3864000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2326-0x00007FF610FF0000-0x00007FF611344000-memory.dmp

Filesize
3.3MB

Download
memory/4056-778-0x00007FF610FF0000-0x00007FF611344000-memory.dmp

Filesize
3.3MB

Download
memory/4360-38-0x00007FF668DF0000-0x00007FF669144000-memory.dmp

Filesize
3.3MB

Download
memory/4360-827-0x00007FF668DF0000-0x00007FF669144000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2138-0x00007FF7D7930000-0x00007FF7D7C84000-memory.dmp

Filesize
3.3MB

Download
memory/4564-22-0x00007FF7D7930000-0x00007FF7D7C84000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2142-0x00007FF68C220000-0x00007FF68C574000-memory.dmp

Filesize
3.3MB

Download
memory/4708-75-0x00007FF68C220000-0x00007FF68C574000-memory.dmp

Filesize
3.3MB

Download
memory/4708-24-0x00007FF68C220000-0x00007FF68C574000-memory.dmp

Filesize
3.3MB

Download
memory/4824-781-0x00007FF7EA260000-0x00007FF7EA5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2330-0x00007FF7EA260000-0x00007FF7EA5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-787-0x00007FF7408F0000-0x00007FF740C44000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2329-0x00007FF7408F0000-0x00007FF740C44000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2335-0x00007FF6BD570000-0x00007FF6BD8C4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-790-0x00007FF6BD570000-0x00007FF6BD8C4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads