cobaltstrike | 70ad9fe3e2825d8a3a3e932530f2c8a940cb72a470157f952e4b9866d5bda8e6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-01-2025 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

cb5609f3d6fe3ebe5d74e54ab002e89b
SHA1

15902608a09b6ba575983efc2c1ea1f2ce3fcb82
SHA256

70ad9fe3e2825d8a3a3e932530f2c8a940cb72a470157f952e4b9866d5bda8e6
SHA512

c3fd7e70a6ae59ba60c22704cbcaee13f27f5a8eea551a0c1da4337dd6d9bce4a81718730691ff4ec3c26ac3bffdbaff299598a56559a71fd549a571fc111188
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c7e-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-17.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-29.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c82-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-59.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c99-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-212.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-210.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-207.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-202.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-198.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9f-190.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c98-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c97-134.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c94-116.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-57.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/964-0-0x00007FF7D94A0000-0x00007FF7D97F4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c7e-4.dat	xmrig
behavioral2/memory/3700-7-0x00007FF62C7D0000-0x00007FF62CB24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c85-10.dat	xmrig
behavioral2/files/0x0007000000023c86-17.dat	xmrig
behavioral2/memory/380-14-0x00007FF6C88A0000-0x00007FF6C8BF4000-memory.dmp	xmrig
behavioral2/memory/1776-18-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp	xmrig
behavioral2/memory/1224-24-0x00007FF71A340000-0x00007FF71A694000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c89-29.dat	xmrig
behavioral2/memory/3168-30-0x00007FF600130000-0x00007FF600484000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c82-35.dat	xmrig
behavioral2/files/0x0007000000023c8a-43.dat	xmrig
behavioral2/memory/4896-42-0x00007FF675870000-0x00007FF675BC4000-memory.dmp	xmrig
behavioral2/memory/4752-36-0x00007FF675BF0000-0x00007FF675F44000-memory.dmp	xmrig
behavioral2/memory/1496-47-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp	xmrig
behavioral2/memory/2756-54-0x00007FF6C2920000-0x00007FF6C2C74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8d-59.dat	xmrig
behavioral2/files/0x0007000000023c8f-73.dat	xmrig
behavioral2/memory/3028-75-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	xmrig
behavioral2/memory/3816-82-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c91-87.dat	xmrig
behavioral2/files/0x0007000000023c92-92.dat	xmrig
behavioral2/files/0x0007000000023c93-109.dat	xmrig
behavioral2/memory/1496-118-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp	xmrig
behavioral2/memory/1604-128-0x00007FF637820000-0x00007FF637B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c99-150.dat	xmrig
behavioral2/files/0x0007000000023c9c-161.dat	xmrig
behavioral2/memory/3320-196-0x00007FF7ABE60000-0x00007FF7AC1B4000-memory.dmp	xmrig
behavioral2/memory/4000-840-0x00007FF751380000-0x00007FF7516D4000-memory.dmp	xmrig
behavioral2/memory/3640-962-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp	xmrig
behavioral2/memory/3272-1021-0x00007FF654830000-0x00007FF654B84000-memory.dmp	xmrig
behavioral2/memory/1116-1020-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp	xmrig
behavioral2/memory/4792-1149-0x00007FF756340000-0x00007FF756694000-memory.dmp	xmrig
behavioral2/memory/1788-1146-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp	xmrig
behavioral2/memory/4984-1273-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp	xmrig
behavioral2/memory/1684-1338-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp	xmrig
behavioral2/memory/3648-1396-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca5-212.dat	xmrig
behavioral2/files/0x0007000000023ca3-210.dat	xmrig
behavioral2/files/0x0007000000023ca4-207.dat	xmrig
behavioral2/files/0x0007000000023ca2-202.dat	xmrig
behavioral2/files/0x0007000000023ca0-198.dat	xmrig
behavioral2/memory/3648-197-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c9f-190.dat	xmrig
behavioral2/memory/1684-189-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp	xmrig
behavioral2/memory/1604-188-0x00007FF637820000-0x00007FF637B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-184.dat	xmrig
behavioral2/memory/4984-183-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9d-180.dat	xmrig
behavioral2/memory/1356-179-0x00007FF7630F0000-0x00007FF763444000-memory.dmp	xmrig
behavioral2/memory/4956-178-0x00007FF7B8CF0000-0x00007FF7B9044000-memory.dmp	xmrig
behavioral2/memory/4792-174-0x00007FF756340000-0x00007FF756694000-memory.dmp	xmrig
behavioral2/memory/748-173-0x00007FF79CF80000-0x00007FF79D2D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9b-166.dat	xmrig
behavioral2/memory/1788-165-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp	xmrig
behavioral2/memory/4668-164-0x00007FF662980000-0x00007FF662CD4000-memory.dmp	xmrig
behavioral2/memory/3272-160-0x00007FF654830000-0x00007FF654B84000-memory.dmp	xmrig
behavioral2/memory/2520-159-0x00007FF6EE650000-0x00007FF6EE9A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-157.dat	xmrig
behavioral2/memory/1116-153-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp	xmrig
behavioral2/memory/3816-152-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c98-145.dat	xmrig
behavioral2/memory/3640-144-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp	xmrig
behavioral2/memory/3028-143-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3700	sdLwizw.exe
380	EsKDOAQ.exe
1776	SHglFzx.exe
1224	zVqgMZh.exe
3168	qcuxhyj.exe
4752	scHGBTQ.exe
4896	fvKhvgL.exe
1496	TKoyhmY.exe
2756	ULoePbv.exe
1936	xZRKoVq.exe
4960	ZuvfNyH.exe
3028	mnQFObM.exe
3816	PJNBYPh.exe
2520	QkWVbIC.exe
4668	rJfcCqV.exe
748	vWvCggA.exe
4956	fmouXzQ.exe
1356	sAJBOFz.exe
1604	uRhBrpr.exe
4000	WEwYqrH.exe
3320	lDoxHSy.exe
3640	nHZnmDD.exe
1116	sUSnXbK.exe
3272	xUhkajq.exe
1788	CKZFRNI.exe
4792	NaSwJLI.exe
4984	TDPCqdc.exe
1684	jImCWEk.exe
3648	wFOPIWj.exe
4728	TiQVzau.exe
2368	kaaPTIw.exe
2324	rDcbgFc.exe
4316	KwwgJca.exe
2588	EkcPIkx.exe
3708	SvJLNck.exe
1528	TutJIoC.exe
912	KkHoWWP.exe
4968	hyJbcfc.exe
2480	NnoQsjK.exe
3744	OyXeeBx.exe
4036	zVQcvdt.exe
5104	hSemNQm.exe
5116	oLqthYo.exe
4804	JRVogYT.exe
4416	fmHhvIp.exe
1360	tWXWMOW.exe
4720	NNxwqkx.exe
4592	xlmHjcX.exe
2924	oGNklwQ.exe
1780	yodXvGn.exe
3420	yFxiOpj.exe
3616	Cyljiry.exe
1372	jjacWVV.exe
3412	nRgydqK.exe
3564	WPJfHYL.exe
1328	zjjLqMr.exe
3544	Aqgufyy.exe
4456	PTQXvQN.exe
1540	HsPXyVb.exe
4140	TXbjucH.exe
4748	gumhydO.exe
2036	RXvaPBk.exe
1920	ubKxCty.exe
2764	jWEVFJm.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/964-0-0x00007FF7D94A0000-0x00007FF7D97F4000-memory.dmp	upx
behavioral2/files/0x0009000000023c7e-4.dat	upx
behavioral2/memory/3700-7-0x00007FF62C7D0000-0x00007FF62CB24000-memory.dmp	upx
behavioral2/files/0x0007000000023c85-10.dat	upx
behavioral2/files/0x0007000000023c86-17.dat	upx
behavioral2/memory/380-14-0x00007FF6C88A0000-0x00007FF6C8BF4000-memory.dmp	upx
behavioral2/memory/1776-18-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp	upx
behavioral2/memory/1224-24-0x00007FF71A340000-0x00007FF71A694000-memory.dmp	upx
behavioral2/files/0x0007000000023c89-29.dat	upx
behavioral2/memory/3168-30-0x00007FF600130000-0x00007FF600484000-memory.dmp	upx
behavioral2/files/0x0009000000023c82-35.dat	upx
behavioral2/files/0x0007000000023c8a-43.dat	upx
behavioral2/memory/4896-42-0x00007FF675870000-0x00007FF675BC4000-memory.dmp	upx
behavioral2/memory/4752-36-0x00007FF675BF0000-0x00007FF675F44000-memory.dmp	upx
behavioral2/memory/1496-47-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp	upx
behavioral2/memory/2756-54-0x00007FF6C2920000-0x00007FF6C2C74000-memory.dmp	upx
behavioral2/files/0x0007000000023c8d-59.dat	upx
behavioral2/files/0x0007000000023c8f-73.dat	upx
behavioral2/memory/3028-75-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	upx
behavioral2/memory/3816-82-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-87.dat	upx
behavioral2/files/0x0007000000023c92-92.dat	upx
behavioral2/files/0x0007000000023c93-109.dat	upx
behavioral2/memory/1496-118-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp	upx
behavioral2/memory/1604-128-0x00007FF637820000-0x00007FF637B74000-memory.dmp	upx
behavioral2/files/0x0007000000023c99-150.dat	upx
behavioral2/files/0x0007000000023c9c-161.dat	upx
behavioral2/memory/3320-196-0x00007FF7ABE60000-0x00007FF7AC1B4000-memory.dmp	upx
behavioral2/memory/4000-840-0x00007FF751380000-0x00007FF7516D4000-memory.dmp	upx
behavioral2/memory/3640-962-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp	upx
behavioral2/memory/3272-1021-0x00007FF654830000-0x00007FF654B84000-memory.dmp	upx
behavioral2/memory/1116-1020-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp	upx
behavioral2/memory/4792-1149-0x00007FF756340000-0x00007FF756694000-memory.dmp	upx
behavioral2/memory/1788-1146-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp	upx
behavioral2/memory/4984-1273-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp	upx
behavioral2/memory/1684-1338-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp	upx
behavioral2/memory/3648-1396-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-212.dat	upx
behavioral2/files/0x0007000000023ca3-210.dat	upx
behavioral2/files/0x0007000000023ca4-207.dat	upx
behavioral2/files/0x0007000000023ca2-202.dat	upx
behavioral2/files/0x0007000000023ca0-198.dat	upx
behavioral2/memory/3648-197-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp	upx
behavioral2/files/0x0008000000023c9f-190.dat	upx
behavioral2/memory/1684-189-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp	upx
behavioral2/memory/1604-188-0x00007FF637820000-0x00007FF637B74000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-184.dat	upx
behavioral2/memory/4984-183-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-180.dat	upx
behavioral2/memory/1356-179-0x00007FF7630F0000-0x00007FF763444000-memory.dmp	upx
behavioral2/memory/4956-178-0x00007FF7B8CF0000-0x00007FF7B9044000-memory.dmp	upx
behavioral2/memory/4792-174-0x00007FF756340000-0x00007FF756694000-memory.dmp	upx
behavioral2/memory/748-173-0x00007FF79CF80000-0x00007FF79D2D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9b-166.dat	upx
behavioral2/memory/1788-165-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp	upx
behavioral2/memory/4668-164-0x00007FF662980000-0x00007FF662CD4000-memory.dmp	upx
behavioral2/memory/3272-160-0x00007FF654830000-0x00007FF654B84000-memory.dmp	upx
behavioral2/memory/2520-159-0x00007FF6EE650000-0x00007FF6EE9A4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-157.dat	upx
behavioral2/memory/1116-153-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp	upx
behavioral2/memory/3816-152-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c98-145.dat	upx
behavioral2/memory/3640-144-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp	upx
behavioral2/memory/3028-143-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BOLCNiV.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhVarjd.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNOvoXc.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwXLZgH.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLnyaNS.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaSwJLI.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGdScYl.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enFgpsW.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgmrXLK.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcrXyMa.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGPczqK.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCkqcfv.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dihkxva.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWVgJrA.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRPaeWq.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aimoObx.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZIJsRS.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIVwpyz.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHtaOzB.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBFamiF.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDZcsEK.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRkEqRO.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NidOArZ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvVUMlw.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtVNjTa.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeNfQZi.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRCmFXx.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zokJqGu.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjSuEQd.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEZbypo.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDbBYGZ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfkjvfg.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnQFObM.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcNyaHF.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcGlZCc.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqrabeQ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnBKfWM.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyXeeBx.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABpwqTL.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynpsqIU.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkeSkxE.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDGmXNJ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYPGlaY.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kesgYkJ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLWIMNt.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUQxHNZ.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEbpayq.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKoyhmY.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owaTJsp.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMggBmG.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcpMrPr.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxVELEN.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIDKdcK.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoDzjKn.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpfNWWt.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZsmuts.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLoGhnv.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppcClke.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPkKIXp.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orXnXvE.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiAYCAf.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUhkajq.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbBLHxq.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmDytff.exe	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
14452	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 3700	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 964 wrote to memory of 3700	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 964 wrote to memory of 380	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 964 wrote to memory of 380	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 964 wrote to memory of 1776	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 964 wrote to memory of 1776	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 964 wrote to memory of 1224	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 964 wrote to memory of 1224	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 964 wrote to memory of 3168	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 964 wrote to memory of 3168	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 964 wrote to memory of 4752	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 964 wrote to memory of 4752	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 964 wrote to memory of 4896	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 964 wrote to memory of 4896	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 964 wrote to memory of 1496	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 964 wrote to memory of 1496	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 964 wrote to memory of 2756	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 964 wrote to memory of 2756	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 964 wrote to memory of 1936	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 964 wrote to memory of 1936	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 964 wrote to memory of 4960	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 964 wrote to memory of 4960	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 964 wrote to memory of 3028	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 964 wrote to memory of 3028	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 964 wrote to memory of 3816	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 964 wrote to memory of 3816	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 964 wrote to memory of 2520	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 964 wrote to memory of 2520	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 964 wrote to memory of 4668	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 964 wrote to memory of 4668	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 964 wrote to memory of 748	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 964 wrote to memory of 748	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 964 wrote to memory of 4956	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 964 wrote to memory of 4956	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 964 wrote to memory of 1356	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 964 wrote to memory of 1356	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 964 wrote to memory of 1604	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 964 wrote to memory of 1604	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 964 wrote to memory of 4000	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 964 wrote to memory of 4000	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 964 wrote to memory of 3320	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 964 wrote to memory of 3320	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 964 wrote to memory of 3640	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 964 wrote to memory of 3640	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 964 wrote to memory of 1116	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 964 wrote to memory of 1116	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 964 wrote to memory of 3272	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 964 wrote to memory of 3272	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 964 wrote to memory of 1788	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 964 wrote to memory of 1788	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 964 wrote to memory of 4792	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 964 wrote to memory of 4792	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 964 wrote to memory of 4984	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 964 wrote to memory of 4984	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 964 wrote to memory of 1684	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 964 wrote to memory of 1684	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 964 wrote to memory of 3648	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 964 wrote to memory of 3648	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 964 wrote to memory of 4728	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 964 wrote to memory of 4728	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 964 wrote to memory of 2368	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 964 wrote to memory of 2368	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 964 wrote to memory of 2324	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 964 wrote to memory of 2324	964	2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe	117

C:\Users\Admin\AppData\Local\Temp\2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_cb5609f3d6fe3ebe5d74e54ab002e89b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:964
- C:\Windows\System\sdLwizw.exe
  C:\Windows\System\sdLwizw.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\EsKDOAQ.exe
  C:\Windows\System\EsKDOAQ.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\SHglFzx.exe
  C:\Windows\System\SHglFzx.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\zVqgMZh.exe
  C:\Windows\System\zVqgMZh.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\qcuxhyj.exe
  C:\Windows\System\qcuxhyj.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\scHGBTQ.exe
  C:\Windows\System\scHGBTQ.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\fvKhvgL.exe
  C:\Windows\System\fvKhvgL.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\TKoyhmY.exe
  C:\Windows\System\TKoyhmY.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ULoePbv.exe
  C:\Windows\System\ULoePbv.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\xZRKoVq.exe
  C:\Windows\System\xZRKoVq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\ZuvfNyH.exe
  C:\Windows\System\ZuvfNyH.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\mnQFObM.exe
  C:\Windows\System\mnQFObM.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\PJNBYPh.exe
  C:\Windows\System\PJNBYPh.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\QkWVbIC.exe
  C:\Windows\System\QkWVbIC.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\rJfcCqV.exe
  C:\Windows\System\rJfcCqV.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\vWvCggA.exe
  C:\Windows\System\vWvCggA.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\fmouXzQ.exe
  C:\Windows\System\fmouXzQ.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\sAJBOFz.exe
  C:\Windows\System\sAJBOFz.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\uRhBrpr.exe
  C:\Windows\System\uRhBrpr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\WEwYqrH.exe
  C:\Windows\System\WEwYqrH.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\lDoxHSy.exe
  C:\Windows\System\lDoxHSy.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\nHZnmDD.exe
  C:\Windows\System\nHZnmDD.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\sUSnXbK.exe
  C:\Windows\System\sUSnXbK.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\xUhkajq.exe
  C:\Windows\System\xUhkajq.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\CKZFRNI.exe
  C:\Windows\System\CKZFRNI.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\NaSwJLI.exe
  C:\Windows\System\NaSwJLI.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\TDPCqdc.exe
  C:\Windows\System\TDPCqdc.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\jImCWEk.exe
  C:\Windows\System\jImCWEk.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\wFOPIWj.exe
  C:\Windows\System\wFOPIWj.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\TiQVzau.exe
  C:\Windows\System\TiQVzau.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\kaaPTIw.exe
  C:\Windows\System\kaaPTIw.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\rDcbgFc.exe
  C:\Windows\System\rDcbgFc.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KwwgJca.exe
  C:\Windows\System\KwwgJca.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\EkcPIkx.exe
  C:\Windows\System\EkcPIkx.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\SvJLNck.exe
  C:\Windows\System\SvJLNck.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\TutJIoC.exe
  C:\Windows\System\TutJIoC.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\KkHoWWP.exe
  C:\Windows\System\KkHoWWP.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\hyJbcfc.exe
  C:\Windows\System\hyJbcfc.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\NnoQsjK.exe
  C:\Windows\System\NnoQsjK.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OyXeeBx.exe
  C:\Windows\System\OyXeeBx.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\zVQcvdt.exe
  C:\Windows\System\zVQcvdt.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\hSemNQm.exe
  C:\Windows\System\hSemNQm.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\oLqthYo.exe
  C:\Windows\System\oLqthYo.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\JRVogYT.exe
  C:\Windows\System\JRVogYT.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\fmHhvIp.exe
  C:\Windows\System\fmHhvIp.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\tWXWMOW.exe
  C:\Windows\System\tWXWMOW.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\NNxwqkx.exe
  C:\Windows\System\NNxwqkx.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xlmHjcX.exe
  C:\Windows\System\xlmHjcX.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\oGNklwQ.exe
  C:\Windows\System\oGNklwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yodXvGn.exe
  C:\Windows\System\yodXvGn.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\yFxiOpj.exe
  C:\Windows\System\yFxiOpj.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\Cyljiry.exe
  C:\Windows\System\Cyljiry.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\jjacWVV.exe
  C:\Windows\System\jjacWVV.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\nRgydqK.exe
  C:\Windows\System\nRgydqK.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\WPJfHYL.exe
  C:\Windows\System\WPJfHYL.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\zjjLqMr.exe
  C:\Windows\System\zjjLqMr.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\Aqgufyy.exe
  C:\Windows\System\Aqgufyy.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\PTQXvQN.exe
  C:\Windows\System\PTQXvQN.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\HsPXyVb.exe
  C:\Windows\System\HsPXyVb.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\TXbjucH.exe
  C:\Windows\System\TXbjucH.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\gumhydO.exe
  C:\Windows\System\gumhydO.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\RXvaPBk.exe
  C:\Windows\System\RXvaPBk.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ubKxCty.exe
  C:\Windows\System\ubKxCty.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\jWEVFJm.exe
  C:\Windows\System\jWEVFJm.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\PPLRbuV.exe
  C:\Windows\System\PPLRbuV.exe
  2⤵
  PID:2604
- C:\Windows\System\atSckoR.exe
  C:\Windows\System\atSckoR.exe
  2⤵
  PID:4396
- C:\Windows\System\SuKuKKE.exe
  C:\Windows\System\SuKuKKE.exe
  2⤵
  PID:4664
- C:\Windows\System\bWvDYPb.exe
  C:\Windows\System\bWvDYPb.exe
  2⤵
  PID:2276
- C:\Windows\System\kesgYkJ.exe
  C:\Windows\System\kesgYkJ.exe
  2⤵
  PID:4340
- C:\Windows\System\dzboLGC.exe
  C:\Windows\System\dzboLGC.exe
  2⤵
  PID:3208
- C:\Windows\System\mRHXeNQ.exe
  C:\Windows\System\mRHXeNQ.exe
  2⤵
  PID:3156
- C:\Windows\System\hTyeYaY.exe
  C:\Windows\System\hTyeYaY.exe
  2⤵
  PID:372
- C:\Windows\System\YTXUEDA.exe
  C:\Windows\System\YTXUEDA.exe
  2⤵
  PID:3496
- C:\Windows\System\uHiARoa.exe
  C:\Windows\System\uHiARoa.exe
  2⤵
  PID:1316
- C:\Windows\System\IIVwpyz.exe
  C:\Windows\System\IIVwpyz.exe
  2⤵
  PID:640
- C:\Windows\System\qwsuBrK.exe
  C:\Windows\System\qwsuBrK.exe
  2⤵
  PID:1380
- C:\Windows\System\jLWvYRE.exe
  C:\Windows\System\jLWvYRE.exe
  2⤵
  PID:5140
- C:\Windows\System\AxkDMkA.exe
  C:\Windows\System\AxkDMkA.exe
  2⤵
  PID:5168
- C:\Windows\System\lXweevt.exe
  C:\Windows\System\lXweevt.exe
  2⤵
  PID:5196
- C:\Windows\System\rETDwib.exe
  C:\Windows\System\rETDwib.exe
  2⤵
  PID:5224
- C:\Windows\System\HMGMobb.exe
  C:\Windows\System\HMGMobb.exe
  2⤵
  PID:5252
- C:\Windows\System\RBIkrqp.exe
  C:\Windows\System\RBIkrqp.exe
  2⤵
  PID:5284
- C:\Windows\System\svzmYPt.exe
  C:\Windows\System\svzmYPt.exe
  2⤵
  PID:5308
- C:\Windows\System\JbuagUU.exe
  C:\Windows\System\JbuagUU.exe
  2⤵
  PID:5336
- C:\Windows\System\moOpHdI.exe
  C:\Windows\System\moOpHdI.exe
  2⤵
  PID:5372
- C:\Windows\System\mFAaIHI.exe
  C:\Windows\System\mFAaIHI.exe
  2⤵
  PID:5404
- C:\Windows\System\GbXsviq.exe
  C:\Windows\System\GbXsviq.exe
  2⤵
  PID:5432
- C:\Windows\System\XBxSgMf.exe
  C:\Windows\System\XBxSgMf.exe
  2⤵
  PID:5448
- C:\Windows\System\UwhqvGc.exe
  C:\Windows\System\UwhqvGc.exe
  2⤵
  PID:5476
- C:\Windows\System\rqKRxol.exe
  C:\Windows\System\rqKRxol.exe
  2⤵
  PID:5504
- C:\Windows\System\DPYNdzS.exe
  C:\Windows\System\DPYNdzS.exe
  2⤵
  PID:5532
- C:\Windows\System\BOLCNiV.exe
  C:\Windows\System\BOLCNiV.exe
  2⤵
  PID:5560
- C:\Windows\System\EwRabdO.exe
  C:\Windows\System\EwRabdO.exe
  2⤵
  PID:5600
- C:\Windows\System\ebTWluz.exe
  C:\Windows\System\ebTWluz.exe
  2⤵
  PID:5628
- C:\Windows\System\bsjeYxG.exe
  C:\Windows\System\bsjeYxG.exe
  2⤵
  PID:5656
- C:\Windows\System\eMlmxsX.exe
  C:\Windows\System\eMlmxsX.exe
  2⤵
  PID:5672
- C:\Windows\System\pgkGcel.exe
  C:\Windows\System\pgkGcel.exe
  2⤵
  PID:5700
- C:\Windows\System\bVqJlPt.exe
  C:\Windows\System\bVqJlPt.exe
  2⤵
  PID:5728
- C:\Windows\System\QWYysIG.exe
  C:\Windows\System\QWYysIG.exe
  2⤵
  PID:5756
- C:\Windows\System\gpfNWWt.exe
  C:\Windows\System\gpfNWWt.exe
  2⤵
  PID:5784
- C:\Windows\System\TCEviSa.exe
  C:\Windows\System\TCEviSa.exe
  2⤵
  PID:5812
- C:\Windows\System\inuGQhZ.exe
  C:\Windows\System\inuGQhZ.exe
  2⤵
  PID:5840
- C:\Windows\System\PRrNKij.exe
  C:\Windows\System\PRrNKij.exe
  2⤵
  PID:5880
- C:\Windows\System\CdLgItQ.exe
  C:\Windows\System\CdLgItQ.exe
  2⤵
  PID:5908
- C:\Windows\System\pCWWAOa.exe
  C:\Windows\System\pCWWAOa.exe
  2⤵
  PID:5936
- C:\Windows\System\uJAULdq.exe
  C:\Windows\System\uJAULdq.exe
  2⤵
  PID:5952
- C:\Windows\System\ObACNnl.exe
  C:\Windows\System\ObACNnl.exe
  2⤵
  PID:5980
- C:\Windows\System\jiAcvlp.exe
  C:\Windows\System\jiAcvlp.exe
  2⤵
  PID:6008
- C:\Windows\System\FghpaCq.exe
  C:\Windows\System\FghpaCq.exe
  2⤵
  PID:6036
- C:\Windows\System\oLhfkWE.exe
  C:\Windows\System\oLhfkWE.exe
  2⤵
  PID:6064
- C:\Windows\System\rCkqcfv.exe
  C:\Windows\System\rCkqcfv.exe
  2⤵
  PID:6100
- C:\Windows\System\tHOgzRs.exe
  C:\Windows\System\tHOgzRs.exe
  2⤵
  PID:6132
- C:\Windows\System\xGQrgvY.exe
  C:\Windows\System\xGQrgvY.exe
  2⤵
  PID:4192
- C:\Windows\System\hpmLazc.exe
  C:\Windows\System\hpmLazc.exe
  2⤵
  PID:3760
- C:\Windows\System\hjhBSUY.exe
  C:\Windows\System\hjhBSUY.exe
  2⤵
  PID:4832
- C:\Windows\System\GcNyaHF.exe
  C:\Windows\System\GcNyaHF.exe
  2⤵
  PID:3852
- C:\Windows\System\AJMUjxP.exe
  C:\Windows\System\AJMUjxP.exe
  2⤵
  PID:4404
- C:\Windows\System\qSZStFo.exe
  C:\Windows\System\qSZStFo.exe
  2⤵
  PID:5128
- C:\Windows\System\OqRmWQX.exe
  C:\Windows\System\OqRmWQX.exe
  2⤵
  PID:5188
- C:\Windows\System\jbBLHxq.exe
  C:\Windows\System\jbBLHxq.exe
  2⤵
  PID:5264
- C:\Windows\System\QECmUZv.exe
  C:\Windows\System\QECmUZv.exe
  2⤵
  PID:5320
- C:\Windows\System\sUQsXbn.exe
  C:\Windows\System\sUQsXbn.exe
  2⤵
  PID:5388
- C:\Windows\System\aiUOqyu.exe
  C:\Windows\System\aiUOqyu.exe
  2⤵
  PID:5460
- C:\Windows\System\wOeytoM.exe
  C:\Windows\System\wOeytoM.exe
  2⤵
  PID:5544
- C:\Windows\System\hMyWXQg.exe
  C:\Windows\System\hMyWXQg.exe
  2⤵
  PID:5612
- C:\Windows\System\yJRJwvK.exe
  C:\Windows\System\yJRJwvK.exe
  2⤵
  PID:5668
- C:\Windows\System\xgsAABy.exe
  C:\Windows\System\xgsAABy.exe
  2⤵
  PID:5740
- C:\Windows\System\iIlLCyi.exe
  C:\Windows\System\iIlLCyi.exe
  2⤵
  PID:5780
- C:\Windows\System\zdAnEzG.exe
  C:\Windows\System\zdAnEzG.exe
  2⤵
  PID:5852
- C:\Windows\System\jIrAfoF.exe
  C:\Windows\System\jIrAfoF.exe
  2⤵
  PID:5920
- C:\Windows\System\ElgDECU.exe
  C:\Windows\System\ElgDECU.exe
  2⤵
  PID:5972
- C:\Windows\System\oIGrbQc.exe
  C:\Windows\System\oIGrbQc.exe
  2⤵
  PID:6048
- C:\Windows\System\hNBPwra.exe
  C:\Windows\System\hNBPwra.exe
  2⤵
  PID:6116
- C:\Windows\System\IeRDgQt.exe
  C:\Windows\System\IeRDgQt.exe
  2⤵
  PID:4136
- C:\Windows\System\KnNmMNN.exe
  C:\Windows\System\KnNmMNN.exe
  2⤵
  PID:4540
- C:\Windows\System\MqHxYzK.exe
  C:\Windows\System\MqHxYzK.exe
  2⤵
  PID:5216
- C:\Windows\System\oBgAEFq.exe
  C:\Windows\System\oBgAEFq.exe
  2⤵
  PID:5352
- C:\Windows\System\OkvKPXv.exe
  C:\Windows\System\OkvKPXv.exe
  2⤵
  PID:5492
- C:\Windows\System\WpLraHK.exe
  C:\Windows\System\WpLraHK.exe
  2⤵
  PID:5592
- C:\Windows\System\wmuZXqk.exe
  C:\Windows\System\wmuZXqk.exe
  2⤵
  PID:5768
- C:\Windows\System\ylSoJsp.exe
  C:\Windows\System\ylSoJsp.exe
  2⤵
  PID:5964
- C:\Windows\System\OeNfQZi.exe
  C:\Windows\System\OeNfQZi.exe
  2⤵
  PID:4676
- C:\Windows\System\DaEIiyc.exe
  C:\Windows\System\DaEIiyc.exe
  2⤵
  PID:5124
- C:\Windows\System\mvEUdaJ.exe
  C:\Windows\System\mvEUdaJ.exe
  2⤵
  PID:5440
- C:\Windows\System\RajVotN.exe
  C:\Windows\System\RajVotN.exe
  2⤵
  PID:6148
- C:\Windows\System\FWOScTt.exe
  C:\Windows\System\FWOScTt.exe
  2⤵
  PID:6176
- C:\Windows\System\ggBCjyg.exe
  C:\Windows\System\ggBCjyg.exe
  2⤵
  PID:6204
- C:\Windows\System\uenhgfu.exe
  C:\Windows\System\uenhgfu.exe
  2⤵
  PID:6232
- C:\Windows\System\xPUdwXY.exe
  C:\Windows\System\xPUdwXY.exe
  2⤵
  PID:6248
- C:\Windows\System\xZSvNFg.exe
  C:\Windows\System\xZSvNFg.exe
  2⤵
  PID:6276
- C:\Windows\System\MOupqTG.exe
  C:\Windows\System\MOupqTG.exe
  2⤵
  PID:6304
- C:\Windows\System\lFhoKCp.exe
  C:\Windows\System\lFhoKCp.exe
  2⤵
  PID:6332
- C:\Windows\System\TaCdbaJ.exe
  C:\Windows\System\TaCdbaJ.exe
  2⤵
  PID:6360
- C:\Windows\System\MISOSZI.exe
  C:\Windows\System\MISOSZI.exe
  2⤵
  PID:6388
- C:\Windows\System\FViARWu.exe
  C:\Windows\System\FViARWu.exe
  2⤵
  PID:6416
- C:\Windows\System\RhyXoba.exe
  C:\Windows\System\RhyXoba.exe
  2⤵
  PID:6444
- C:\Windows\System\HerJuhz.exe
  C:\Windows\System\HerJuhz.exe
  2⤵
  PID:6472
- C:\Windows\System\elUgWek.exe
  C:\Windows\System\elUgWek.exe
  2⤵
  PID:6512
- C:\Windows\System\nPPucNr.exe
  C:\Windows\System\nPPucNr.exe
  2⤵
  PID:6548
- C:\Windows\System\kbGsnnM.exe
  C:\Windows\System\kbGsnnM.exe
  2⤵
  PID:6568
- C:\Windows\System\SNeFmjQ.exe
  C:\Windows\System\SNeFmjQ.exe
  2⤵
  PID:6596
- C:\Windows\System\ZoZvWks.exe
  C:\Windows\System\ZoZvWks.exe
  2⤵
  PID:6624
- C:\Windows\System\cHMBFQy.exe
  C:\Windows\System\cHMBFQy.exe
  2⤵
  PID:6652
- C:\Windows\System\eRDKCWl.exe
  C:\Windows\System\eRDKCWl.exe
  2⤵
  PID:6668
- C:\Windows\System\EDJeCLc.exe
  C:\Windows\System\EDJeCLc.exe
  2⤵
  PID:6696
- C:\Windows\System\xEGmTay.exe
  C:\Windows\System\xEGmTay.exe
  2⤵
  PID:6724
- C:\Windows\System\hHJfkzM.exe
  C:\Windows\System\hHJfkzM.exe
  2⤵
  PID:6764
- C:\Windows\System\GgHufWp.exe
  C:\Windows\System\GgHufWp.exe
  2⤵
  PID:6792
- C:\Windows\System\IDtZfJw.exe
  C:\Windows\System\IDtZfJw.exe
  2⤵
  PID:6820
- C:\Windows\System\KHtaOzB.exe
  C:\Windows\System\KHtaOzB.exe
  2⤵
  PID:6836
- C:\Windows\System\AdOxqGR.exe
  C:\Windows\System\AdOxqGR.exe
  2⤵
  PID:6864
- C:\Windows\System\rYRaRGn.exe
  C:\Windows\System\rYRaRGn.exe
  2⤵
  PID:6888
- C:\Windows\System\CRkEqRO.exe
  C:\Windows\System\CRkEqRO.exe
  2⤵
  PID:6920
- C:\Windows\System\RMwZUFT.exe
  C:\Windows\System\RMwZUFT.exe
  2⤵
  PID:6948
- C:\Windows\System\uTNdJON.exe
  C:\Windows\System\uTNdJON.exe
  2⤵
  PID:6976
- C:\Windows\System\jUvpQnW.exe
  C:\Windows\System\jUvpQnW.exe
  2⤵
  PID:7004
- C:\Windows\System\LzaMNol.exe
  C:\Windows\System\LzaMNol.exe
  2⤵
  PID:7032
- C:\Windows\System\zcGbOBf.exe
  C:\Windows\System\zcGbOBf.exe
  2⤵
  PID:7056
- C:\Windows\System\orVfvnS.exe
  C:\Windows\System\orVfvnS.exe
  2⤵
  PID:7100
- C:\Windows\System\PuOvIZN.exe
  C:\Windows\System\PuOvIZN.exe
  2⤵
  PID:7140
- C:\Windows\System\bKfvQXA.exe
  C:\Windows\System\bKfvQXA.exe
  2⤵
  PID:7156
- C:\Windows\System\qEHPvTj.exe
  C:\Windows\System\qEHPvTj.exe
  2⤵
  PID:6024
- C:\Windows\System\TmDytff.exe
  C:\Windows\System\TmDytff.exe
  2⤵
  PID:5244
- C:\Windows\System\KifKAHo.exe
  C:\Windows\System\KifKAHo.exe
  2⤵
  PID:6168
- C:\Windows\System\xzzzcuz.exe
  C:\Windows\System\xzzzcuz.exe
  2⤵
  PID:6224
- C:\Windows\System\lzMAtjf.exe
  C:\Windows\System\lzMAtjf.exe
  2⤵
  PID:6264
- C:\Windows\System\ABpwqTL.exe
  C:\Windows\System\ABpwqTL.exe
  2⤵
  PID:6328
- C:\Windows\System\GlUSzGJ.exe
  C:\Windows\System\GlUSzGJ.exe
  2⤵
  PID:6408
- C:\Windows\System\tCPnhQc.exe
  C:\Windows\System\tCPnhQc.exe
  2⤵
  PID:6484
- C:\Windows\System\BAVLZYn.exe
  C:\Windows\System\BAVLZYn.exe
  2⤵
  PID:6524
- C:\Windows\System\txclKYG.exe
  C:\Windows\System\txclKYG.exe
  2⤵
  PID:6580
- C:\Windows\System\DBTcNQV.exe
  C:\Windows\System\DBTcNQV.exe
  2⤵
  PID:6680
- C:\Windows\System\ccjInXb.exe
  C:\Windows\System\ccjInXb.exe
  2⤵
  PID:6736
- C:\Windows\System\irTIvMK.exe
  C:\Windows\System\irTIvMK.exe
  2⤵
  PID:6776
- C:\Windows\System\SRCHzir.exe
  C:\Windows\System\SRCHzir.exe
  2⤵
  PID:3504
- C:\Windows\System\ziPBFfm.exe
  C:\Windows\System\ziPBFfm.exe
  2⤵
  PID:6880
- C:\Windows\System\FcGlZCc.exe
  C:\Windows\System\FcGlZCc.exe
  2⤵
  PID:6940
- C:\Windows\System\PVBEJID.exe
  C:\Windows\System\PVBEJID.exe
  2⤵
  PID:7016
- C:\Windows\System\gyOLiXm.exe
  C:\Windows\System\gyOLiXm.exe
  2⤵
  PID:7076
- C:\Windows\System\VciBmoy.exe
  C:\Windows\System\VciBmoy.exe
  2⤵
  PID:7148
- C:\Windows\System\GmzefaY.exe
  C:\Windows\System\GmzefaY.exe
  2⤵
  PID:2172
- C:\Windows\System\pjFbunP.exe
  C:\Windows\System\pjFbunP.exe
  2⤵
  PID:6216
- C:\Windows\System\ncSTjAe.exe
  C:\Windows\System\ncSTjAe.exe
  2⤵
  PID:6352
- C:\Windows\System\adOGMAq.exe
  C:\Windows\System\adOGMAq.exe
  2⤵
  PID:6456
- C:\Windows\System\ItjQbbc.exe
  C:\Windows\System\ItjQbbc.exe
  2⤵
  PID:3508
- C:\Windows\System\MTEZrid.exe
  C:\Windows\System\MTEZrid.exe
  2⤵
  PID:6712
- C:\Windows\System\TdGpVvw.exe
  C:\Windows\System\TdGpVvw.exe
  2⤵
  PID:6808
- C:\Windows\System\NeAkuSx.exe
  C:\Windows\System\NeAkuSx.exe
  2⤵
  PID:6856
- C:\Windows\System\LRySQls.exe
  C:\Windows\System\LRySQls.exe
  2⤵
  PID:6992
- C:\Windows\System\dZdXDhX.exe
  C:\Windows\System\dZdXDhX.exe
  2⤵
  PID:2644
- C:\Windows\System\coLfeiy.exe
  C:\Windows\System\coLfeiy.exe
  2⤵
  PID:4932
- C:\Windows\System\HeGughU.exe
  C:\Windows\System\HeGughU.exe
  2⤵
  PID:2184
- C:\Windows\System\glnUDnx.exe
  C:\Windows\System\glnUDnx.exe
  2⤵
  PID:6688
- C:\Windows\System\iBFamiF.exe
  C:\Windows\System\iBFamiF.exe
  2⤵
  PID:6912
- C:\Windows\System\cOflgzO.exe
  C:\Windows\System\cOflgzO.exe
  2⤵
  PID:7196
- C:\Windows\System\GfZZaUG.exe
  C:\Windows\System\GfZZaUG.exe
  2⤵
  PID:7224
- C:\Windows\System\ftFdDFp.exe
  C:\Windows\System\ftFdDFp.exe
  2⤵
  PID:7252
- C:\Windows\System\YRCmFXx.exe
  C:\Windows\System\YRCmFXx.exe
  2⤵
  PID:7280
- C:\Windows\System\DmbTWtU.exe
  C:\Windows\System\DmbTWtU.exe
  2⤵
  PID:7304
- C:\Windows\System\dpCnuSP.exe
  C:\Windows\System\dpCnuSP.exe
  2⤵
  PID:7336
- C:\Windows\System\BrCgLBP.exe
  C:\Windows\System\BrCgLBP.exe
  2⤵
  PID:7364
- C:\Windows\System\LMPsWQC.exe
  C:\Windows\System\LMPsWQC.exe
  2⤵
  PID:7392
- C:\Windows\System\wnkwqfN.exe
  C:\Windows\System\wnkwqfN.exe
  2⤵
  PID:7420
- C:\Windows\System\lCbpjYs.exe
  C:\Windows\System\lCbpjYs.exe
  2⤵
  PID:7448
- C:\Windows\System\fWnLbmD.exe
  C:\Windows\System\fWnLbmD.exe
  2⤵
  PID:7488
- C:\Windows\System\WhbZRFY.exe
  C:\Windows\System\WhbZRFY.exe
  2⤵
  PID:7516
- C:\Windows\System\rfInrpQ.exe
  C:\Windows\System\rfInrpQ.exe
  2⤵
  PID:7532
- C:\Windows\System\JlSMqMZ.exe
  C:\Windows\System\JlSMqMZ.exe
  2⤵
  PID:7560
- C:\Windows\System\zTLEIpz.exe
  C:\Windows\System\zTLEIpz.exe
  2⤵
  PID:7588
- C:\Windows\System\JWPMtBK.exe
  C:\Windows\System\JWPMtBK.exe
  2⤵
  PID:7616
- C:\Windows\System\BOcDVnd.exe
  C:\Windows\System\BOcDVnd.exe
  2⤵
  PID:7644
- C:\Windows\System\dtbPbsZ.exe
  C:\Windows\System\dtbPbsZ.exe
  2⤵
  PID:7672
- C:\Windows\System\QajxKwh.exe
  C:\Windows\System\QajxKwh.exe
  2⤵
  PID:7700
- C:\Windows\System\toKbZph.exe
  C:\Windows\System\toKbZph.exe
  2⤵
  PID:7728
- C:\Windows\System\AyFBRtb.exe
  C:\Windows\System\AyFBRtb.exe
  2⤵
  PID:7756
- C:\Windows\System\kbNqFBJ.exe
  C:\Windows\System\kbNqFBJ.exe
  2⤵
  PID:7784
- C:\Windows\System\VsDqHdc.exe
  C:\Windows\System\VsDqHdc.exe
  2⤵
  PID:7812
- C:\Windows\System\ueqGiLZ.exe
  C:\Windows\System\ueqGiLZ.exe
  2⤵
  PID:7840
- C:\Windows\System\CRcvGSL.exe
  C:\Windows\System\CRcvGSL.exe
  2⤵
  PID:7868
- C:\Windows\System\VYLSjxb.exe
  C:\Windows\System\VYLSjxb.exe
  2⤵
  PID:7896
- C:\Windows\System\aNenuga.exe
  C:\Windows\System\aNenuga.exe
  2⤵
  PID:7924
- C:\Windows\System\wHrXvDQ.exe
  C:\Windows\System\wHrXvDQ.exe
  2⤵
  PID:7968
- C:\Windows\System\pyxhtnr.exe
  C:\Windows\System\pyxhtnr.exe
  2⤵
  PID:8012
- C:\Windows\System\SYiBJGx.exe
  C:\Windows\System\SYiBJGx.exe
  2⤵
  PID:8072
- C:\Windows\System\hZVTTIX.exe
  C:\Windows\System\hZVTTIX.exe
  2⤵
  PID:8096
- C:\Windows\System\zqovpDG.exe
  C:\Windows\System\zqovpDG.exe
  2⤵
  PID:8128
- C:\Windows\System\NqDNDRc.exe
  C:\Windows\System\NqDNDRc.exe
  2⤵
  PID:8156
- C:\Windows\System\VcJBaqo.exe
  C:\Windows\System\VcJBaqo.exe
  2⤵
  PID:8184
- C:\Windows\System\zaNaMus.exe
  C:\Windows\System\zaNaMus.exe
  2⤵
  PID:7052
- C:\Windows\System\oyZQkvJ.exe
  C:\Windows\System\oyZQkvJ.exe
  2⤵
  PID:6544
- C:\Windows\System\SsbvQty.exe
  C:\Windows\System\SsbvQty.exe
  2⤵
  PID:4152
- C:\Windows\System\KlYoJzT.exe
  C:\Windows\System\KlYoJzT.exe
  2⤵
  PID:1220
- C:\Windows\System\NFoEsZX.exe
  C:\Windows\System\NFoEsZX.exe
  2⤵
  PID:1912
- C:\Windows\System\cjrxszV.exe
  C:\Windows\System\cjrxszV.exe
  2⤵
  PID:7352
- C:\Windows\System\DjjkSJK.exe
  C:\Windows\System\DjjkSJK.exe
  2⤵
  PID:7432
- C:\Windows\System\kxkuRet.exe
  C:\Windows\System\kxkuRet.exe
  2⤵
  PID:3964
- C:\Windows\System\HsFaGNs.exe
  C:\Windows\System\HsFaGNs.exe
  2⤵
  PID:7508
- C:\Windows\System\poMnEFW.exe
  C:\Windows\System\poMnEFW.exe
  2⤵
  PID:7548
- C:\Windows\System\vNMrMbJ.exe
  C:\Windows\System\vNMrMbJ.exe
  2⤵
  PID:5092
- C:\Windows\System\mAnsmtg.exe
  C:\Windows\System\mAnsmtg.exe
  2⤵
  PID:7660
- C:\Windows\System\YdUfHWp.exe
  C:\Windows\System\YdUfHWp.exe
  2⤵
  PID:7712
- C:\Windows\System\rqHnEja.exe
  C:\Windows\System\rqHnEja.exe
  2⤵
  PID:7776
- C:\Windows\System\eZsmuts.exe
  C:\Windows\System\eZsmuts.exe
  2⤵
  PID:4812
- C:\Windows\System\tYoIUKZ.exe
  C:\Windows\System\tYoIUKZ.exe
  2⤵
  PID:7856
- C:\Windows\System\ghQOdmV.exe
  C:\Windows\System\ghQOdmV.exe
  2⤵
  PID:2732
- C:\Windows\System\MZKAvcB.exe
  C:\Windows\System\MZKAvcB.exe
  2⤵
  PID:1068
- C:\Windows\System\rCMGuap.exe
  C:\Windows\System\rCMGuap.exe
  2⤵
  PID:3284
- C:\Windows\System\dMAkglU.exe
  C:\Windows\System\dMAkglU.exe
  2⤵
  PID:2976
- C:\Windows\System\lHAtvnh.exe
  C:\Windows\System\lHAtvnh.exe
  2⤵
  PID:5016
- C:\Windows\System\wBMktpE.exe
  C:\Windows\System\wBMktpE.exe
  2⤵
  PID:3144
- C:\Windows\System\oWavnvI.exe
  C:\Windows\System\oWavnvI.exe
  2⤵
  PID:7960
- C:\Windows\System\eTAxdqW.exe
  C:\Windows\System\eTAxdqW.exe
  2⤵
  PID:8052
- C:\Windows\System\fxzaSsD.exe
  C:\Windows\System\fxzaSsD.exe
  2⤵
  PID:8092
- C:\Windows\System\HCANqzv.exe
  C:\Windows\System\HCANqzv.exe
  2⤵
  PID:8152
- C:\Windows\System\nqZvnap.exe
  C:\Windows\System\nqZvnap.exe
  2⤵
  PID:6968
- C:\Windows\System\OPjRnOC.exe
  C:\Windows\System\OPjRnOC.exe
  2⤵
  PID:6504
- C:\Windows\System\SixnGTu.exe
  C:\Windows\System\SixnGTu.exe
  2⤵
  PID:7208
- C:\Windows\System\bpPeRlq.exe
  C:\Windows\System\bpPeRlq.exe
  2⤵
  PID:7324
- C:\Windows\System\wWuyFKr.exe
  C:\Windows\System\wWuyFKr.exe
  2⤵
  PID:7412
- C:\Windows\System\HhVarjd.exe
  C:\Windows\System\HhVarjd.exe
  2⤵
  PID:7500
- C:\Windows\System\LVXPiuW.exe
  C:\Windows\System\LVXPiuW.exe
  2⤵
  PID:7600
- C:\Windows\System\jVHiwmU.exe
  C:\Windows\System\jVHiwmU.exe
  2⤵
  PID:7740
- C:\Windows\System\cGMZsqU.exe
  C:\Windows\System\cGMZsqU.exe
  2⤵
  PID:7884
- C:\Windows\System\ndhfbcs.exe
  C:\Windows\System\ndhfbcs.exe
  2⤵
  PID:4892
- C:\Windows\System\aOtWRCQ.exe
  C:\Windows\System\aOtWRCQ.exe
  2⤵
  PID:2980
- C:\Windows\System\hXEyhgM.exe
  C:\Windows\System\hXEyhgM.exe
  2⤵
  PID:4268
- C:\Windows\System\KvsEIoL.exe
  C:\Windows\System\KvsEIoL.exe
  2⤵
  PID:4868
- C:\Windows\System\VCBWnsB.exe
  C:\Windows\System\VCBWnsB.exe
  2⤵
  PID:8180
- C:\Windows\System\ewlpjQi.exe
  C:\Windows\System\ewlpjQi.exe
  2⤵
  PID:348
- C:\Windows\System\bJOGBez.exe
  C:\Windows\System\bJOGBez.exe
  2⤵
  PID:7408
- C:\Windows\System\SCNZWWN.exe
  C:\Windows\System\SCNZWWN.exe
  2⤵
  PID:4844
- C:\Windows\System\ZKytBhd.exe
  C:\Windows\System\ZKytBhd.exe
  2⤵
  PID:672
- C:\Windows\System\upYCjXZ.exe
  C:\Windows\System\upYCjXZ.exe
  2⤵
  PID:1452
- C:\Windows\System\aRafOcb.exe
  C:\Windows\System\aRafOcb.exe
  2⤵
  PID:808
- C:\Windows\System\OuOItRO.exe
  C:\Windows\System\OuOItRO.exe
  2⤵
  PID:2724
- C:\Windows\System\bJbjIGG.exe
  C:\Windows\System\bJbjIGG.exe
  2⤵
  PID:864
- C:\Windows\System\aYLPUpb.exe
  C:\Windows\System\aYLPUpb.exe
  2⤵
  PID:516
- C:\Windows\System\XHAUuwY.exe
  C:\Windows\System\XHAUuwY.exe
  2⤵
  PID:4580
- C:\Windows\System\oJnMsCG.exe
  C:\Windows\System\oJnMsCG.exe
  2⤵
  PID:3472
- C:\Windows\System\KmqzhLz.exe
  C:\Windows\System\KmqzhLz.exe
  2⤵
  PID:2476
- C:\Windows\System\AGRAdZQ.exe
  C:\Windows\System\AGRAdZQ.exe
  2⤵
  PID:2448
- C:\Windows\System\cNOvoXc.exe
  C:\Windows\System\cNOvoXc.exe
  2⤵
  PID:8212
- C:\Windows\System\vflCSSN.exe
  C:\Windows\System\vflCSSN.exe
  2⤵
  PID:8240
- C:\Windows\System\iaYhqAG.exe
  C:\Windows\System\iaYhqAG.exe
  2⤵
  PID:8276
- C:\Windows\System\uzMPyGT.exe
  C:\Windows\System\uzMPyGT.exe
  2⤵
  PID:8304
- C:\Windows\System\gQUiJSL.exe
  C:\Windows\System\gQUiJSL.exe
  2⤵
  PID:8332
- C:\Windows\System\NPNzEwa.exe
  C:\Windows\System\NPNzEwa.exe
  2⤵
  PID:8360
- C:\Windows\System\dToEqKR.exe
  C:\Windows\System\dToEqKR.exe
  2⤵
  PID:8388
- C:\Windows\System\DDnlnjs.exe
  C:\Windows\System\DDnlnjs.exe
  2⤵
  PID:8416
- C:\Windows\System\JBLDSeN.exe
  C:\Windows\System\JBLDSeN.exe
  2⤵
  PID:8444
- C:\Windows\System\NfVpwVI.exe
  C:\Windows\System\NfVpwVI.exe
  2⤵
  PID:8472
- C:\Windows\System\DBjcJlO.exe
  C:\Windows\System\DBjcJlO.exe
  2⤵
  PID:8500
- C:\Windows\System\zyirPhl.exe
  C:\Windows\System\zyirPhl.exe
  2⤵
  PID:8536
- C:\Windows\System\bDBMdMJ.exe
  C:\Windows\System\bDBMdMJ.exe
  2⤵
  PID:8556
- C:\Windows\System\KVUlqTn.exe
  C:\Windows\System\KVUlqTn.exe
  2⤵
  PID:8584
- C:\Windows\System\uJWkCSc.exe
  C:\Windows\System\uJWkCSc.exe
  2⤵
  PID:8612
- C:\Windows\System\PUZYZqj.exe
  C:\Windows\System\PUZYZqj.exe
  2⤵
  PID:8640
- C:\Windows\System\pSDWzNv.exe
  C:\Windows\System\pSDWzNv.exe
  2⤵
  PID:8672
- C:\Windows\System\NKkEFei.exe
  C:\Windows\System\NKkEFei.exe
  2⤵
  PID:8700
- C:\Windows\System\sneyFBb.exe
  C:\Windows\System\sneyFBb.exe
  2⤵
  PID:8728
- C:\Windows\System\SkABASF.exe
  C:\Windows\System\SkABASF.exe
  2⤵
  PID:8756
- C:\Windows\System\vvpCjXQ.exe
  C:\Windows\System\vvpCjXQ.exe
  2⤵
  PID:8784
- C:\Windows\System\fXODFxo.exe
  C:\Windows\System\fXODFxo.exe
  2⤵
  PID:8812
- C:\Windows\System\zokJqGu.exe
  C:\Windows\System\zokJqGu.exe
  2⤵
  PID:8840
- C:\Windows\System\esZhKfr.exe
  C:\Windows\System\esZhKfr.exe
  2⤵
  PID:8876
- C:\Windows\System\VjozDoV.exe
  C:\Windows\System\VjozDoV.exe
  2⤵
  PID:8904
- C:\Windows\System\hZpiqkB.exe
  C:\Windows\System\hZpiqkB.exe
  2⤵
  PID:8924
- C:\Windows\System\FjSuEQd.exe
  C:\Windows\System\FjSuEQd.exe
  2⤵
  PID:8952
- C:\Windows\System\YUPzHkT.exe
  C:\Windows\System\YUPzHkT.exe
  2⤵
  PID:8980
- C:\Windows\System\BCkNIFM.exe
  C:\Windows\System\BCkNIFM.exe
  2⤵
  PID:9016
- C:\Windows\System\uXSxKke.exe
  C:\Windows\System\uXSxKke.exe
  2⤵
  PID:9036
- C:\Windows\System\yDZcsEK.exe
  C:\Windows\System\yDZcsEK.exe
  2⤵
  PID:9064
- C:\Windows\System\mUwlorc.exe
  C:\Windows\System\mUwlorc.exe
  2⤵
  PID:9092
- C:\Windows\System\hkjlHya.exe
  C:\Windows\System\hkjlHya.exe
  2⤵
  PID:9120
- C:\Windows\System\ZONrhuY.exe
  C:\Windows\System\ZONrhuY.exe
  2⤵
  PID:9160
- C:\Windows\System\Dihkxva.exe
  C:\Windows\System\Dihkxva.exe
  2⤵
  PID:9180
- C:\Windows\System\LCyXYem.exe
  C:\Windows\System\LCyXYem.exe
  2⤵
  PID:9208
- C:\Windows\System\JrTCDqF.exe
  C:\Windows\System\JrTCDqF.exe
  2⤵
  PID:8236
- C:\Windows\System\QLoGhnv.exe
  C:\Windows\System\QLoGhnv.exe
  2⤵
  PID:8316
- C:\Windows\System\exuehdY.exe
  C:\Windows\System\exuehdY.exe
  2⤵
  PID:8380
- C:\Windows\System\bpImvoI.exe
  C:\Windows\System\bpImvoI.exe
  2⤵
  PID:8440
- C:\Windows\System\OyXjbsz.exe
  C:\Windows\System\OyXjbsz.exe
  2⤵
  PID:8516
- C:\Windows\System\iLXJaYb.exe
  C:\Windows\System\iLXJaYb.exe
  2⤵
  PID:8576
- C:\Windows\System\iYuGNbi.exe
  C:\Windows\System\iYuGNbi.exe
  2⤵
  PID:1208
- C:\Windows\System\WRPCBKr.exe
  C:\Windows\System\WRPCBKr.exe
  2⤵
  PID:8724
- C:\Windows\System\pzQKZNt.exe
  C:\Windows\System\pzQKZNt.exe
  2⤵
  PID:8780
- C:\Windows\System\cUyPHCe.exe
  C:\Windows\System\cUyPHCe.exe
  2⤵
  PID:8852
- C:\Windows\System\uWaOINJ.exe
  C:\Windows\System\uWaOINJ.exe
  2⤵
  PID:8920
- C:\Windows\System\CQUsIss.exe
  C:\Windows\System\CQUsIss.exe
  2⤵
  PID:8976
- C:\Windows\System\YjIZPkS.exe
  C:\Windows\System\YjIZPkS.exe
  2⤵
  PID:9032
- C:\Windows\System\BUuldfx.exe
  C:\Windows\System\BUuldfx.exe
  2⤵
  PID:9108
- C:\Windows\System\ANvfAaE.exe
  C:\Windows\System\ANvfAaE.exe
  2⤵
  PID:9144
- C:\Windows\System\mHyGHUd.exe
  C:\Windows\System\mHyGHUd.exe
  2⤵
  PID:8248
- C:\Windows\System\OEZbypo.exe
  C:\Windows\System\OEZbypo.exe
  2⤵
  PID:8372
- C:\Windows\System\wrZOakP.exe
  C:\Windows\System\wrZOakP.exe
  2⤵
  PID:8548
- C:\Windows\System\OgtLrtd.exe
  C:\Windows\System\OgtLrtd.exe
  2⤵
  PID:8696
- C:\Windows\System\YWWUrmQ.exe
  C:\Windows\System\YWWUrmQ.exe
  2⤵
  PID:8832
- C:\Windows\System\cMcUicw.exe
  C:\Windows\System\cMcUicw.exe
  2⤵
  PID:8968
- C:\Windows\System\AWmPwis.exe
  C:\Windows\System\AWmPwis.exe
  2⤵
  PID:9088
- C:\Windows\System\ovIgHIS.exe
  C:\Windows\System\ovIgHIS.exe
  2⤵
  PID:8204
- C:\Windows\System\owaTJsp.exe
  C:\Windows\System\owaTJsp.exe
  2⤵
  PID:8636
- C:\Windows\System\AZBcYYV.exe
  C:\Windows\System\AZBcYYV.exe
  2⤵
  PID:3256
- C:\Windows\System\PjaqRuA.exe
  C:\Windows\System\PjaqRuA.exe
  2⤵
  PID:9084
- C:\Windows\System\NidOArZ.exe
  C:\Windows\System\NidOArZ.exe
  2⤵
  PID:2380
- C:\Windows\System\ynsWodr.exe
  C:\Windows\System\ynsWodr.exe
  2⤵
  PID:9060
- C:\Windows\System\zIsnVOb.exe
  C:\Windows\System\zIsnVOb.exe
  2⤵
  PID:8496
- C:\Windows\System\WOZSsYj.exe
  C:\Windows\System\WOZSsYj.exe
  2⤵
  PID:9236
- C:\Windows\System\PXoBfkT.exe
  C:\Windows\System\PXoBfkT.exe
  2⤵
  PID:9264
- C:\Windows\System\rSxRVQQ.exe
  C:\Windows\System\rSxRVQQ.exe
  2⤵
  PID:9292
- C:\Windows\System\DzhYNNR.exe
  C:\Windows\System\DzhYNNR.exe
  2⤵
  PID:9320
- C:\Windows\System\pTpUxxm.exe
  C:\Windows\System\pTpUxxm.exe
  2⤵
  PID:9348
- C:\Windows\System\yzIdetx.exe
  C:\Windows\System\yzIdetx.exe
  2⤵
  PID:9376
- C:\Windows\System\rwKsACA.exe
  C:\Windows\System\rwKsACA.exe
  2⤵
  PID:9404
- C:\Windows\System\VVUOWno.exe
  C:\Windows\System\VVUOWno.exe
  2⤵
  PID:9432
- C:\Windows\System\hsNKrjM.exe
  C:\Windows\System\hsNKrjM.exe
  2⤵
  PID:9464
- C:\Windows\System\sAVaaRS.exe
  C:\Windows\System\sAVaaRS.exe
  2⤵
  PID:9488
- C:\Windows\System\kGJdkuu.exe
  C:\Windows\System\kGJdkuu.exe
  2⤵
  PID:9516
- C:\Windows\System\puuPOiE.exe
  C:\Windows\System\puuPOiE.exe
  2⤵
  PID:9544
- C:\Windows\System\CUSaeyq.exe
  C:\Windows\System\CUSaeyq.exe
  2⤵
  PID:9572
- C:\Windows\System\HqipREF.exe
  C:\Windows\System\HqipREF.exe
  2⤵
  PID:9600
- C:\Windows\System\hRJzaAi.exe
  C:\Windows\System\hRJzaAi.exe
  2⤵
  PID:9628
- C:\Windows\System\mLWIMNt.exe
  C:\Windows\System\mLWIMNt.exe
  2⤵
  PID:9656
- C:\Windows\System\pZWSAga.exe
  C:\Windows\System\pZWSAga.exe
  2⤵
  PID:9684
- C:\Windows\System\PHbDvNA.exe
  C:\Windows\System\PHbDvNA.exe
  2⤵
  PID:9712
- C:\Windows\System\TRWaNaC.exe
  C:\Windows\System\TRWaNaC.exe
  2⤵
  PID:9744
- C:\Windows\System\EBCZvCM.exe
  C:\Windows\System\EBCZvCM.exe
  2⤵
  PID:9772
- C:\Windows\System\rUtScnZ.exe
  C:\Windows\System\rUtScnZ.exe
  2⤵
  PID:9800
- C:\Windows\System\ZEIsOhg.exe
  C:\Windows\System\ZEIsOhg.exe
  2⤵
  PID:9828
- C:\Windows\System\sTbGDUs.exe
  C:\Windows\System\sTbGDUs.exe
  2⤵
  PID:9856
- C:\Windows\System\XtiFNYV.exe
  C:\Windows\System\XtiFNYV.exe
  2⤵
  PID:9884
- C:\Windows\System\CRUENzX.exe
  C:\Windows\System\CRUENzX.exe
  2⤵
  PID:9912
- C:\Windows\System\ftkUhLw.exe
  C:\Windows\System\ftkUhLw.exe
  2⤵
  PID:9948
- C:\Windows\System\pcUZfhp.exe
  C:\Windows\System\pcUZfhp.exe
  2⤵
  PID:9972
- C:\Windows\System\edZpvHG.exe
  C:\Windows\System\edZpvHG.exe
  2⤵
  PID:10000
- C:\Windows\System\lSNIDsB.exe
  C:\Windows\System\lSNIDsB.exe
  2⤵
  PID:10028
- C:\Windows\System\kskSyBF.exe
  C:\Windows\System\kskSyBF.exe
  2⤵
  PID:10056
- C:\Windows\System\pkpoqoV.exe
  C:\Windows\System\pkpoqoV.exe
  2⤵
  PID:10084
- C:\Windows\System\fEMLfKd.exe
  C:\Windows\System\fEMLfKd.exe
  2⤵
  PID:10112
- C:\Windows\System\YYdcNcZ.exe
  C:\Windows\System\YYdcNcZ.exe
  2⤵
  PID:10140
- C:\Windows\System\eFmULtR.exe
  C:\Windows\System\eFmULtR.exe
  2⤵
  PID:10168
- C:\Windows\System\BnwRYPa.exe
  C:\Windows\System\BnwRYPa.exe
  2⤵
  PID:10196
- C:\Windows\System\ChemlaK.exe
  C:\Windows\System\ChemlaK.exe
  2⤵
  PID:10224
- C:\Windows\System\uyuxkNr.exe
  C:\Windows\System\uyuxkNr.exe
  2⤵
  PID:9252
- C:\Windows\System\TDHYHuS.exe
  C:\Windows\System\TDHYHuS.exe
  2⤵
  PID:9304
- C:\Windows\System\PbrUshk.exe
  C:\Windows\System\PbrUshk.exe
  2⤵
  PID:9344
- C:\Windows\System\awJTtgE.exe
  C:\Windows\System\awJTtgE.exe
  2⤵
  PID:9400
- C:\Windows\System\lVbNRsk.exe
  C:\Windows\System\lVbNRsk.exe
  2⤵
  PID:9508
- C:\Windows\System\AHKzgLN.exe
  C:\Windows\System\AHKzgLN.exe
  2⤵
  PID:9556
- C:\Windows\System\JqoLGok.exe
  C:\Windows\System\JqoLGok.exe
  2⤵
  PID:9620
- C:\Windows\System\HUQxHNZ.exe
  C:\Windows\System\HUQxHNZ.exe
  2⤵
  PID:9680
- C:\Windows\System\fdYQnYf.exe
  C:\Windows\System\fdYQnYf.exe
  2⤵
  PID:9760
- C:\Windows\System\iHpCbgL.exe
  C:\Windows\System\iHpCbgL.exe
  2⤵
  PID:9812
- C:\Windows\System\NITNwam.exe
  C:\Windows\System\NITNwam.exe
  2⤵
  PID:9876
- C:\Windows\System\osWqwCc.exe
  C:\Windows\System\osWqwCc.exe
  2⤵
  PID:9936
- C:\Windows\System\JlawZVw.exe
  C:\Windows\System\JlawZVw.exe
  2⤵
  PID:9992
- C:\Windows\System\rDEnbfq.exe
  C:\Windows\System\rDEnbfq.exe
  2⤵
  PID:10052
- C:\Windows\System\LWVgJrA.exe
  C:\Windows\System\LWVgJrA.exe
  2⤵
  PID:10124
- C:\Windows\System\JmMXIfb.exe
  C:\Windows\System\JmMXIfb.exe
  2⤵
  PID:10188
- C:\Windows\System\JLpPvXX.exe
  C:\Windows\System\JLpPvXX.exe
  2⤵
  PID:9228
- C:\Windows\System\sGdScYl.exe
  C:\Windows\System\sGdScYl.exe
  2⤵
  PID:9388
- C:\Windows\System\BCEpPGy.exe
  C:\Windows\System\BCEpPGy.exe
  2⤵
  PID:9540
- C:\Windows\System\LcrXyMa.exe
  C:\Windows\System\LcrXyMa.exe
  2⤵
  PID:9728
- C:\Windows\System\zvzsfGZ.exe
  C:\Windows\System\zvzsfGZ.exe
  2⤵
  PID:9960
- C:\Windows\System\AkMcKgn.exe
  C:\Windows\System\AkMcKgn.exe
  2⤵
  PID:9968
- C:\Windows\System\LoWdBiP.exe
  C:\Windows\System\LoWdBiP.exe
  2⤵
  PID:10184
- C:\Windows\System\kmTozQA.exe
  C:\Windows\System\kmTozQA.exe
  2⤵
  PID:9340
- C:\Windows\System\ZfdpeIg.exe
  C:\Windows\System\ZfdpeIg.exe
  2⤵
  PID:9676
- C:\Windows\System\azziOGw.exe
  C:\Windows\System\azziOGw.exe
  2⤵
  PID:9224
- C:\Windows\System\fevPkDz.exe
  C:\Windows\System\fevPkDz.exe
  2⤵
  PID:9964
- C:\Windows\System\UAsoBTy.exe
  C:\Windows\System\UAsoBTy.exe
  2⤵
  PID:9924
- C:\Windows\System\FumEWBd.exe
  C:\Windows\System\FumEWBd.exe
  2⤵
  PID:10256
- C:\Windows\System\enFgpsW.exe
  C:\Windows\System\enFgpsW.exe
  2⤵
  PID:10284
- C:\Windows\System\OJDskHe.exe
  C:\Windows\System\OJDskHe.exe
  2⤵
  PID:10312
- C:\Windows\System\KhefxBM.exe
  C:\Windows\System\KhefxBM.exe
  2⤵
  PID:10340
- C:\Windows\System\zyKlibx.exe
  C:\Windows\System\zyKlibx.exe
  2⤵
  PID:10368
- C:\Windows\System\jsuAMmZ.exe
  C:\Windows\System\jsuAMmZ.exe
  2⤵
  PID:10396
- C:\Windows\System\TbpSfmh.exe
  C:\Windows\System\TbpSfmh.exe
  2⤵
  PID:10424
- C:\Windows\System\VVDGZrv.exe
  C:\Windows\System\VVDGZrv.exe
  2⤵
  PID:10452
- C:\Windows\System\SqoVrxh.exe
  C:\Windows\System\SqoVrxh.exe
  2⤵
  PID:10480
- C:\Windows\System\EVkksZI.exe
  C:\Windows\System\EVkksZI.exe
  2⤵
  PID:10512
- C:\Windows\System\JMOBBeP.exe
  C:\Windows\System\JMOBBeP.exe
  2⤵
  PID:10540
- C:\Windows\System\ipzScsI.exe
  C:\Windows\System\ipzScsI.exe
  2⤵
  PID:10568
- C:\Windows\System\JTAjvec.exe
  C:\Windows\System\JTAjvec.exe
  2⤵
  PID:10596
- C:\Windows\System\egYYcFT.exe
  C:\Windows\System\egYYcFT.exe
  2⤵
  PID:10636
- C:\Windows\System\iZzbBzP.exe
  C:\Windows\System\iZzbBzP.exe
  2⤵
  PID:10652
- C:\Windows\System\dwXLZgH.exe
  C:\Windows\System\dwXLZgH.exe
  2⤵
  PID:10680
- C:\Windows\System\mRPaeWq.exe
  C:\Windows\System\mRPaeWq.exe
  2⤵
  PID:10708
- C:\Windows\System\dmFjOFn.exe
  C:\Windows\System\dmFjOFn.exe
  2⤵
  PID:10736
- C:\Windows\System\AeyNNNr.exe
  C:\Windows\System\AeyNNNr.exe
  2⤵
  PID:10764
- C:\Windows\System\gePHvZC.exe
  C:\Windows\System\gePHvZC.exe
  2⤵
  PID:10792
- C:\Windows\System\BDbBYGZ.exe
  C:\Windows\System\BDbBYGZ.exe
  2⤵
  PID:10820
- C:\Windows\System\kEZoQCj.exe
  C:\Windows\System\kEZoQCj.exe
  2⤵
  PID:10848
- C:\Windows\System\wUlbACP.exe
  C:\Windows\System\wUlbACP.exe
  2⤵
  PID:10876
- C:\Windows\System\LzTByLI.exe
  C:\Windows\System\LzTByLI.exe
  2⤵
  PID:10904
- C:\Windows\System\wLBcaoA.exe
  C:\Windows\System\wLBcaoA.exe
  2⤵
  PID:10936
- C:\Windows\System\NdTOjuw.exe
  C:\Windows\System\NdTOjuw.exe
  2⤵
  PID:10964
- C:\Windows\System\PUzqHwn.exe
  C:\Windows\System\PUzqHwn.exe
  2⤵
  PID:10992
- C:\Windows\System\GHbFKiO.exe
  C:\Windows\System\GHbFKiO.exe
  2⤵
  PID:11020
- C:\Windows\System\yYIWtTq.exe
  C:\Windows\System\yYIWtTq.exe
  2⤵
  PID:11060
- C:\Windows\System\HIsJoiL.exe
  C:\Windows\System\HIsJoiL.exe
  2⤵
  PID:11108
- C:\Windows\System\sjuXsyV.exe
  C:\Windows\System\sjuXsyV.exe
  2⤵
  PID:11136
- C:\Windows\System\uAHTfVo.exe
  C:\Windows\System\uAHTfVo.exe
  2⤵
  PID:11164
- C:\Windows\System\luEbhgR.exe
  C:\Windows\System\luEbhgR.exe
  2⤵
  PID:11216
- C:\Windows\System\JyabNXl.exe
  C:\Windows\System\JyabNXl.exe
  2⤵
  PID:10272
- C:\Windows\System\QUfloSB.exe
  C:\Windows\System\QUfloSB.exe
  2⤵
  PID:10388
- C:\Windows\System\aDJKMyo.exe
  C:\Windows\System\aDJKMyo.exe
  2⤵
  PID:10476
- C:\Windows\System\WwdMITF.exe
  C:\Windows\System\WwdMITF.exe
  2⤵
  PID:10584
- C:\Windows\System\aieTbPI.exe
  C:\Windows\System\aieTbPI.exe
  2⤵
  PID:10664
- C:\Windows\System\DYpmnvy.exe
  C:\Windows\System\DYpmnvy.exe
  2⤵
  PID:10756
- C:\Windows\System\jLpIWYi.exe
  C:\Windows\System\jLpIWYi.exe
  2⤵
  PID:10812
- C:\Windows\System\pzMzgis.exe
  C:\Windows\System\pzMzgis.exe
  2⤵
  PID:10872
- C:\Windows\System\ysjykHm.exe
  C:\Windows\System\ysjykHm.exe
  2⤵
  PID:10948
- C:\Windows\System\ZIIWKBZ.exe
  C:\Windows\System\ZIIWKBZ.exe
  2⤵
  PID:11008
- C:\Windows\System\sMpgOCL.exe
  C:\Windows\System\sMpgOCL.exe
  2⤵
  PID:928
- C:\Windows\System\SBxRtCu.exe
  C:\Windows\System\SBxRtCu.exe
  2⤵
  PID:11104
- C:\Windows\System\nhzoqep.exe
  C:\Windows\System\nhzoqep.exe
  2⤵
  PID:11156
- C:\Windows\System\QHejVhG.exe
  C:\Windows\System\QHejVhG.exe
  2⤵
  PID:10248
- C:\Windows\System\qFJQciK.exe
  C:\Windows\System\qFJQciK.exe
  2⤵
  PID:10440
- C:\Windows\System\DMggBmG.exe
  C:\Windows\System\DMggBmG.exe
  2⤵
  PID:10704
- C:\Windows\System\xwmbyiS.exe
  C:\Windows\System\xwmbyiS.exe
  2⤵
  PID:10860
- C:\Windows\System\uqSHnVX.exe
  C:\Windows\System\uqSHnVX.exe
  2⤵
  PID:10784
- C:\Windows\System\jyvfUbc.exe
  C:\Windows\System\jyvfUbc.exe
  2⤵
  PID:10980
- C:\Windows\System\dyGQKiC.exe
  C:\Windows\System\dyGQKiC.exe
  2⤵
  PID:11088
- C:\Windows\System\ABcvAVZ.exe
  C:\Windows\System\ABcvAVZ.exe
  2⤵
  PID:10804
- C:\Windows\System\FgmqmWW.exe
  C:\Windows\System\FgmqmWW.exe
  2⤵
  PID:11032
- C:\Windows\System\fNZrAiz.exe
  C:\Windows\System\fNZrAiz.exe
  2⤵
  PID:10332
- C:\Windows\System\IoMnYAX.exe
  C:\Windows\System\IoMnYAX.exe
  2⤵
  PID:10928
- C:\Windows\System\HcpMrPr.exe
  C:\Windows\System\HcpMrPr.exe
  2⤵
  PID:11284
- C:\Windows\System\gNsQEnp.exe
  C:\Windows\System\gNsQEnp.exe
  2⤵
  PID:11316
- C:\Windows\System\UxVELEN.exe
  C:\Windows\System\UxVELEN.exe
  2⤵
  PID:11344
- C:\Windows\System\WznDJam.exe
  C:\Windows\System\WznDJam.exe
  2⤵
  PID:11376
- C:\Windows\System\jAfAMQG.exe
  C:\Windows\System\jAfAMQG.exe
  2⤵
  PID:11408
- C:\Windows\System\wrrACRC.exe
  C:\Windows\System\wrrACRC.exe
  2⤵
  PID:11436
- C:\Windows\System\KkmjwEh.exe
  C:\Windows\System\KkmjwEh.exe
  2⤵
  PID:11464
- C:\Windows\System\qCqAzEs.exe
  C:\Windows\System\qCqAzEs.exe
  2⤵
  PID:11496
- C:\Windows\System\EVWboIk.exe
  C:\Windows\System\EVWboIk.exe
  2⤵
  PID:11524
- C:\Windows\System\RVvpFeH.exe
  C:\Windows\System\RVvpFeH.exe
  2⤵
  PID:11552
- C:\Windows\System\nmrRDmW.exe
  C:\Windows\System\nmrRDmW.exe
  2⤵
  PID:11580
- C:\Windows\System\dHbeFlH.exe
  C:\Windows\System\dHbeFlH.exe
  2⤵
  PID:11608
- C:\Windows\System\uVjRumK.exe
  C:\Windows\System\uVjRumK.exe
  2⤵
  PID:11636
- C:\Windows\System\WZgACed.exe
  C:\Windows\System\WZgACed.exe
  2⤵
  PID:11664
- C:\Windows\System\reowzSH.exe
  C:\Windows\System\reowzSH.exe
  2⤵
  PID:11692
- C:\Windows\System\ppcClke.exe
  C:\Windows\System\ppcClke.exe
  2⤵
  PID:11720
- C:\Windows\System\PqrabeQ.exe
  C:\Windows\System\PqrabeQ.exe
  2⤵
  PID:11748
- C:\Windows\System\UiZOpwM.exe
  C:\Windows\System\UiZOpwM.exe
  2⤵
  PID:11776
- C:\Windows\System\nRwpsjj.exe
  C:\Windows\System\nRwpsjj.exe
  2⤵
  PID:11804
- C:\Windows\System\qztUZio.exe
  C:\Windows\System\qztUZio.exe
  2⤵
  PID:11848
- C:\Windows\System\ynpsqIU.exe
  C:\Windows\System\ynpsqIU.exe
  2⤵
  PID:11892
- C:\Windows\System\iDIBBCi.exe
  C:\Windows\System\iDIBBCi.exe
  2⤵
  PID:11960
- C:\Windows\System\dxBQlCN.exe
  C:\Windows\System\dxBQlCN.exe
  2⤵
  PID:12020
- C:\Windows\System\gVDbGaL.exe
  C:\Windows\System\gVDbGaL.exe
  2⤵
  PID:12052
- C:\Windows\System\WsjjTqw.exe
  C:\Windows\System\WsjjTqw.exe
  2⤵
  PID:12080
- C:\Windows\System\XhsicGF.exe
  C:\Windows\System\XhsicGF.exe
  2⤵
  PID:12116
- C:\Windows\System\kBIJtNa.exe
  C:\Windows\System\kBIJtNa.exe
  2⤵
  PID:12160
- C:\Windows\System\LReXBmD.exe
  C:\Windows\System\LReXBmD.exe
  2⤵
  PID:12208
- C:\Windows\System\MdNWCnh.exe
  C:\Windows\System\MdNWCnh.exe
  2⤵
  PID:12240
- C:\Windows\System\oXzoHJI.exe
  C:\Windows\System\oXzoHJI.exe
  2⤵
  PID:12260
- C:\Windows\System\EmymGcD.exe
  C:\Windows\System\EmymGcD.exe
  2⤵
  PID:11276
- C:\Windows\System\XIwxbna.exe
  C:\Windows\System\XIwxbna.exe
  2⤵
  PID:11336
- C:\Windows\System\WUKIeDz.exe
  C:\Windows\System\WUKIeDz.exe
  2⤵
  PID:11384
- C:\Windows\System\GlFzuel.exe
  C:\Windows\System\GlFzuel.exe
  2⤵
  PID:11480
- C:\Windows\System\FLZNvJp.exe
  C:\Windows\System\FLZNvJp.exe
  2⤵
  PID:11544
- C:\Windows\System\LMLnJMh.exe
  C:\Windows\System\LMLnJMh.exe
  2⤵
  PID:11604
- C:\Windows\System\rmjKRZW.exe
  C:\Windows\System\rmjKRZW.exe
  2⤵
  PID:11680
- C:\Windows\System\CQUORIa.exe
  C:\Windows\System\CQUORIa.exe
  2⤵
  PID:11736
- C:\Windows\System\CtRstfX.exe
  C:\Windows\System\CtRstfX.exe
  2⤵
  PID:11788
- C:\Windows\System\msoYvSN.exe
  C:\Windows\System\msoYvSN.exe
  2⤵
  PID:11844
- C:\Windows\System\npTNVrL.exe
  C:\Windows\System\npTNVrL.exe
  2⤵
  PID:11936
- C:\Windows\System\cfkjvfg.exe
  C:\Windows\System\cfkjvfg.exe
  2⤵
  PID:12048
- C:\Windows\System\lPkKIXp.exe
  C:\Windows\System\lPkKIXp.exe
  2⤵
  PID:12108
- C:\Windows\System\RUTCNSB.exe
  C:\Windows\System\RUTCNSB.exe
  2⤵
  PID:12192
- C:\Windows\System\ptQxamP.exe
  C:\Windows\System\ptQxamP.exe
  2⤵
  PID:12224
- C:\Windows\System\ZfUXfKn.exe
  C:\Windows\System\ZfUXfKn.exe
  2⤵
  PID:11308
- C:\Windows\System\tCseaqv.exe
  C:\Windows\System\tCseaqv.exe
  2⤵
  PID:552
- C:\Windows\System\aWgrijF.exe
  C:\Windows\System\aWgrijF.exe
  2⤵
  PID:12004
- C:\Windows\System\KLnyaNS.exe
  C:\Windows\System\KLnyaNS.exe
  2⤵
  PID:11516
- C:\Windows\System\vyGqGJn.exe
  C:\Windows\System\vyGqGJn.exe
  2⤵
  PID:11652
- C:\Windows\System\HiyiCbu.exe
  C:\Windows\System\HiyiCbu.exe
  2⤵
  PID:11768
- C:\Windows\System\DXrCAQS.exe
  C:\Windows\System\DXrCAQS.exe
  2⤵
  PID:11932
- C:\Windows\System\lgmrXLK.exe
  C:\Windows\System\lgmrXLK.exe
  2⤵
  PID:12152
- C:\Windows\System\xFhDsVA.exe
  C:\Windows\System\xFhDsVA.exe
  2⤵
  PID:12284
- C:\Windows\System\UvrUQhU.exe
  C:\Windows\System\UvrUQhU.exe
  2⤵
  PID:11988
- C:\Windows\System\JGkCTdZ.exe
  C:\Windows\System\JGkCTdZ.exe
  2⤵
  PID:11712
- C:\Windows\System\ZbQHHps.exe
  C:\Windows\System\ZbQHHps.exe
  2⤵
  PID:12092
- C:\Windows\System\tulFjCH.exe
  C:\Windows\System\tulFjCH.exe
  2⤵
  PID:11992
- C:\Windows\System\ItSPUzP.exe
  C:\Windows\System\ItSPUzP.exe
  2⤵
  PID:12232
- C:\Windows\System\orzAxCj.exe
  C:\Windows\System\orzAxCj.exe
  2⤵
  PID:11396
- C:\Windows\System\BdBCTsq.exe
  C:\Windows\System\BdBCTsq.exe
  2⤵
  PID:12316
- C:\Windows\System\kNEehDs.exe
  C:\Windows\System\kNEehDs.exe
  2⤵
  PID:12344
- C:\Windows\System\lWdNqyM.exe
  C:\Windows\System\lWdNqyM.exe
  2⤵
  PID:12372
- C:\Windows\System\BWGLZdt.exe
  C:\Windows\System\BWGLZdt.exe
  2⤵
  PID:12400
- C:\Windows\System\dGKXgQt.exe
  C:\Windows\System\dGKXgQt.exe
  2⤵
  PID:12428
- C:\Windows\System\uKVwDWk.exe
  C:\Windows\System\uKVwDWk.exe
  2⤵
  PID:12456
- C:\Windows\System\GfjElWJ.exe
  C:\Windows\System\GfjElWJ.exe
  2⤵
  PID:12484
- C:\Windows\System\qpyQthX.exe
  C:\Windows\System\qpyQthX.exe
  2⤵
  PID:12512
- C:\Windows\System\OSdcoEt.exe
  C:\Windows\System\OSdcoEt.exe
  2⤵
  PID:12540
- C:\Windows\System\vYWFMbm.exe
  C:\Windows\System\vYWFMbm.exe
  2⤵
  PID:12568
- C:\Windows\System\BZfPCeA.exe
  C:\Windows\System\BZfPCeA.exe
  2⤵
  PID:12588
- C:\Windows\System\sPTCoaa.exe
  C:\Windows\System\sPTCoaa.exe
  2⤵
  PID:12624
- C:\Windows\System\qaTysOH.exe
  C:\Windows\System\qaTysOH.exe
  2⤵
  PID:12652
- C:\Windows\System\aimoObx.exe
  C:\Windows\System\aimoObx.exe
  2⤵
  PID:12692
- C:\Windows\System\YlQutPW.exe
  C:\Windows\System\YlQutPW.exe
  2⤵
  PID:12708
- C:\Windows\System\WrfKxwW.exe
  C:\Windows\System\WrfKxwW.exe
  2⤵
  PID:12740
- C:\Windows\System\Gqpzfce.exe
  C:\Windows\System\Gqpzfce.exe
  2⤵
  PID:12768
- C:\Windows\System\UZXJbjC.exe
  C:\Windows\System\UZXJbjC.exe
  2⤵
  PID:12796
- C:\Windows\System\uDEPJTy.exe
  C:\Windows\System\uDEPJTy.exe
  2⤵
  PID:12824
- C:\Windows\System\JsbUOXj.exe
  C:\Windows\System\JsbUOXj.exe
  2⤵
  PID:12872
- C:\Windows\System\pkxHeEz.exe
  C:\Windows\System\pkxHeEz.exe
  2⤵
  PID:12924
- C:\Windows\System\wMOdUpJ.exe
  C:\Windows\System\wMOdUpJ.exe
  2⤵
  PID:12956
- C:\Windows\System\CdNfYjc.exe
  C:\Windows\System\CdNfYjc.exe
  2⤵
  PID:12988
- C:\Windows\System\DjjNcHp.exe
  C:\Windows\System\DjjNcHp.exe
  2⤵
  PID:13024
- C:\Windows\System\XqnPgaa.exe
  C:\Windows\System\XqnPgaa.exe
  2⤵
  PID:13056
- C:\Windows\System\tdZsyBr.exe
  C:\Windows\System\tdZsyBr.exe
  2⤵
  PID:13084
- C:\Windows\System\yTSTczT.exe
  C:\Windows\System\yTSTczT.exe
  2⤵
  PID:13120
- C:\Windows\System\HjcGqgk.exe
  C:\Windows\System\HjcGqgk.exe
  2⤵
  PID:13148
- C:\Windows\System\GJZaMsj.exe
  C:\Windows\System\GJZaMsj.exe
  2⤵
  PID:13176
- C:\Windows\System\bDcoKdS.exe
  C:\Windows\System\bDcoKdS.exe
  2⤵
  PID:13212
- C:\Windows\System\KkeSkxE.exe
  C:\Windows\System\KkeSkxE.exe
  2⤵
  PID:13232
- C:\Windows\System\DBpqPeO.exe
  C:\Windows\System\DBpqPeO.exe
  2⤵
  PID:13264
- C:\Windows\System\FfLKLyw.exe
  C:\Windows\System\FfLKLyw.exe
  2⤵
  PID:13292
- C:\Windows\System\npNUXoX.exe
  C:\Windows\System\npNUXoX.exe
  2⤵
  PID:12308
- C:\Windows\System\udStpMv.exe
  C:\Windows\System\udStpMv.exe
  2⤵
  PID:12368
- C:\Windows\System\bvVUMlw.exe
  C:\Windows\System\bvVUMlw.exe
  2⤵
  PID:12440
- C:\Windows\System\qasVyQQ.exe
  C:\Windows\System\qasVyQQ.exe
  2⤵
  PID:12496
- C:\Windows\System\iPxrcDg.exe
  C:\Windows\System\iPxrcDg.exe
  2⤵
  PID:12560
- C:\Windows\System\DnTklMJ.exe
  C:\Windows\System\DnTklMJ.exe
  2⤵
  PID:12620
- C:\Windows\System\vbelFtG.exe
  C:\Windows\System\vbelFtG.exe
  2⤵
  PID:12676
- C:\Windows\System\YMEVNad.exe
  C:\Windows\System\YMEVNad.exe
  2⤵
  PID:11760
- C:\Windows\System\PAxNCDW.exe
  C:\Windows\System\PAxNCDW.exe
  2⤵
  PID:11076
- C:\Windows\System\MawEbLn.exe
  C:\Windows\System\MawEbLn.exe
  2⤵
  PID:12780
- C:\Windows\System\QIDKdcK.exe
  C:\Windows\System\QIDKdcK.exe
  2⤵
  PID:12836
- C:\Windows\System\sjcwNSk.exe
  C:\Windows\System\sjcwNSk.exe
  2⤵
  PID:12940
- C:\Windows\System\tesDxMk.exe
  C:\Windows\System\tesDxMk.exe
  2⤵
  PID:13016
- C:\Windows\System\buPdmdg.exe
  C:\Windows\System\buPdmdg.exe
  2⤵
  PID:13076
- C:\Windows\System\ToqcANw.exe
  C:\Windows\System\ToqcANw.exe
  2⤵
  PID:13144
- C:\Windows\System\OZXQNAB.exe
  C:\Windows\System\OZXQNAB.exe
  2⤵
  PID:13196
- C:\Windows\System\jZIJsRS.exe
  C:\Windows\System\jZIJsRS.exe
  2⤵
  PID:13276
- C:\Windows\System\gpMeFeZ.exe
  C:\Windows\System\gpMeFeZ.exe
  2⤵
  PID:2932
- C:\Windows\System\heuEKDW.exe
  C:\Windows\System\heuEKDW.exe
  2⤵
  PID:12424
- C:\Windows\System\iFQRQjX.exe
  C:\Windows\System\iFQRQjX.exe
  2⤵
  PID:12536
- C:\Windows\System\VInMFUo.exe
  C:\Windows\System\VInMFUo.exe
  2⤵
  PID:12752
- C:\Windows\System\arLYfBQ.exe
  C:\Windows\System\arLYfBQ.exe
  2⤵
  PID:1620
- C:\Windows\System\IEFWvjd.exe
  C:\Windows\System\IEFWvjd.exe
  2⤵
  PID:12820
- C:\Windows\System\pvckgCI.exe
  C:\Windows\System\pvckgCI.exe
  2⤵
  PID:13000
- C:\Windows\System\WWAMLJM.exe
  C:\Windows\System\WWAMLJM.exe
  2⤵
  PID:1072
- C:\Windows\System\kGfyGzO.exe
  C:\Windows\System\kGfyGzO.exe
  2⤵
  PID:812
- C:\Windows\System\VWOiFHD.exe
  C:\Windows\System\VWOiFHD.exe
  2⤵
  PID:12552
- C:\Windows\System\VVqydFg.exe
  C:\Windows\System\VVqydFg.exe
  2⤵
  PID:13008
- C:\Windows\System\lHCnfEv.exe
  C:\Windows\System\lHCnfEv.exe
  2⤵
  PID:11172
- C:\Windows\System\cymKCgl.exe
  C:\Windows\System\cymKCgl.exe
  2⤵
  PID:12916
- C:\Windows\System\CvEASHe.exe
  C:\Windows\System\CvEASHe.exe
  2⤵
  PID:13304
- C:\Windows\System\KpQGJfa.exe
  C:\Windows\System\KpQGJfa.exe
  2⤵
  PID:13108
- C:\Windows\System\LAOmhoM.exe
  C:\Windows\System\LAOmhoM.exe
  2⤵
  PID:13172
- C:\Windows\System\LEbpayq.exe
  C:\Windows\System\LEbpayq.exe
  2⤵
  PID:13140
- C:\Windows\System\oRmsAoX.exe
  C:\Windows\System\oRmsAoX.exe
  2⤵
  PID:13328
- C:\Windows\System\fDGmXNJ.exe
  C:\Windows\System\fDGmXNJ.exe
  2⤵
  PID:13356
- C:\Windows\System\RwYbEBu.exe
  C:\Windows\System\RwYbEBu.exe
  2⤵
  PID:13384
- C:\Windows\System\UPZPjwi.exe
  C:\Windows\System\UPZPjwi.exe
  2⤵
  PID:13412
- C:\Windows\System\JBqBqEF.exe
  C:\Windows\System\JBqBqEF.exe
  2⤵
  PID:13440
- C:\Windows\System\VoVVUfA.exe
  C:\Windows\System\VoVVUfA.exe
  2⤵
  PID:13468
- C:\Windows\System\NHtJAbB.exe
  C:\Windows\System\NHtJAbB.exe
  2⤵
  PID:13496
- C:\Windows\System\UrZtown.exe
  C:\Windows\System\UrZtown.exe
  2⤵
  PID:13532
- C:\Windows\System\bhbFfTx.exe
  C:\Windows\System\bhbFfTx.exe
  2⤵
  PID:13564
- C:\Windows\System\HpwIlIJ.exe
  C:\Windows\System\HpwIlIJ.exe
  2⤵
  PID:13608
- C:\Windows\System\DfTwRSa.exe
  C:\Windows\System\DfTwRSa.exe
  2⤵
  PID:13660
- C:\Windows\System\knVXVhQ.exe
  C:\Windows\System\knVXVhQ.exe
  2⤵
  PID:13688
- C:\Windows\System\uiAKOMn.exe
  C:\Windows\System\uiAKOMn.exe
  2⤵
  PID:13716
- C:\Windows\System\TJqrrln.exe
  C:\Windows\System\TJqrrln.exe
  2⤵
  PID:13760
- C:\Windows\System\dYKWMZe.exe
  C:\Windows\System\dYKWMZe.exe
  2⤵
  PID:13816
- C:\Windows\System\VxVMlHq.exe
  C:\Windows\System\VxVMlHq.exe
  2⤵
  PID:13856
- C:\Windows\System\yQUEOUL.exe
  C:\Windows\System\yQUEOUL.exe
  2⤵
  PID:13908
- C:\Windows\System\SmMEMiX.exe
  C:\Windows\System\SmMEMiX.exe
  2⤵
  PID:13924
- C:\Windows\System\VXtCLJH.exe
  C:\Windows\System\VXtCLJH.exe
  2⤵
  PID:13956
- C:\Windows\System\gXiNyLv.exe
  C:\Windows\System\gXiNyLv.exe
  2⤵
  PID:14000
- C:\Windows\System\MhOVdRx.exe
  C:\Windows\System\MhOVdRx.exe
  2⤵
  PID:14020
- C:\Windows\System\gtYyozQ.exe
  C:\Windows\System\gtYyozQ.exe
  2⤵
  PID:14056
- C:\Windows\System\PwPusuP.exe
  C:\Windows\System\PwPusuP.exe
  2⤵
  PID:14084
- C:\Windows\System\tSNYuap.exe
  C:\Windows\System\tSNYuap.exe
  2⤵
  PID:14112
- C:\Windows\System\XYPGlaY.exe
  C:\Windows\System\XYPGlaY.exe
  2⤵
  PID:14140
- C:\Windows\System\WYXZCSA.exe
  C:\Windows\System\WYXZCSA.exe
  2⤵
  PID:14172
- C:\Windows\System\orXnXvE.exe
  C:\Windows\System\orXnXvE.exe
  2⤵
  PID:14200
- C:\Windows\System\okvjJmt.exe
  C:\Windows\System\okvjJmt.exe
  2⤵
  PID:14228
- C:\Windows\System\DlwHSnU.exe
  C:\Windows\System\DlwHSnU.exe
  2⤵
  PID:14256
- C:\Windows\System\oeLXXjO.exe
  C:\Windows\System\oeLXXjO.exe
  2⤵
  PID:14272
- C:\Windows\System\pePEkLA.exe
  C:\Windows\System\pePEkLA.exe
  2⤵
  PID:14312
- C:\Windows\System\xtVNjTa.exe
  C:\Windows\System\xtVNjTa.exe
  2⤵
  PID:12904
- C:\Windows\System\ESAYHui.exe
  C:\Windows\System\ESAYHui.exe
  2⤵
  PID:5360
- C:\Windows\System\ZenWvNH.exe
  C:\Windows\System\ZenWvNH.exe
  2⤵
  PID:13432
- C:\Windows\System\gZiYpre.exe
  C:\Windows\System\gZiYpre.exe
  2⤵
  PID:13492
- C:\Windows\System\MQZLMNz.exe
  C:\Windows\System\MQZLMNz.exe
  2⤵
  PID:13592
- C:\Windows\System\Sttyjnm.exe
  C:\Windows\System\Sttyjnm.exe
  2⤵
  PID:13712
- C:\Windows\System\GjXlACH.exe
  C:\Windows\System\GjXlACH.exe
  2⤵
  PID:13828
- C:\Windows\System\HSvjwbA.exe
  C:\Windows\System\HSvjwbA.exe
  2⤵
  PID:13916
- C:\Windows\System\ukStEpu.exe
  C:\Windows\System\ukStEpu.exe
  2⤵
  PID:14012
- C:\Windows\System\EPseaLP.exe
  C:\Windows\System\EPseaLP.exe
  2⤵
  PID:14076
- C:\Windows\System\NgGGjya.exe
  C:\Windows\System\NgGGjya.exe
  2⤵
  PID:14136
- C:\Windows\System\otesGHU.exe
  C:\Windows\System\otesGHU.exe
  2⤵
  PID:5864
- C:\Windows\System\dnXgETp.exe
  C:\Windows\System\dnXgETp.exe
  2⤵
  PID:14304
- C:\Windows\System\lmxKDRc.exe
  C:\Windows\System\lmxKDRc.exe
  2⤵
  PID:13400
- C:\Windows\System\PehAHsg.exe
  C:\Windows\System\PehAHsg.exe
  2⤵
  PID:13552
- C:\Windows\System\PdvhSdL.exe
  C:\Windows\System\PdvhSdL.exe
  2⤵
  PID:13772
- C:\Windows\System\hGPczqK.exe
  C:\Windows\System\hGPczqK.exe
  2⤵
  PID:13992
- C:\Windows\System\MuZTKWz.exe
  C:\Windows\System\MuZTKWz.exe
  2⤵
  PID:13680
- C:\Windows\System\tuRTkNz.exe
  C:\Windows\System\tuRTkNz.exe
  2⤵
  PID:14124
- C:\Windows\System\NYVQbxh.exe
  C:\Windows\System\NYVQbxh.exe
  2⤵
  PID:14196
- C:\Windows\System\wudKtAM.exe
  C:\Windows\System\wudKtAM.exe
  2⤵
  PID:13488
- C:\Windows\System\jHwKgrS.exe
  C:\Windows\System\jHwKgrS.exe
  2⤵
  PID:13944
- C:\Windows\System\JbnSIwG.exe
  C:\Windows\System\JbnSIwG.exe
  2⤵
  PID:14168
- C:\Windows\System\iNAEodS.exe
  C:\Windows\System\iNAEodS.exe
  2⤵
  PID:13752
- C:\Windows\System\BZhFwPt.exe
  C:\Windows\System\BZhFwPt.exe
  2⤵
  PID:13460
- C:\Windows\System\SCnTBge.exe
  C:\Windows\System\SCnTBge.exe
  2⤵
  PID:14348
- C:\Windows\System\cJUtkSS.exe
  C:\Windows\System\cJUtkSS.exe
  2⤵
  PID:14376
- C:\Windows\System\zxNISOi.exe
  C:\Windows\System\zxNISOi.exe
  2⤵
  PID:14404
- C:\Windows\System\HSpRVVA.exe
  C:\Windows\System\HSpRVVA.exe
  2⤵
  PID:14432
- C:\Windows\System\jaVswoH.exe
  C:\Windows\System\jaVswoH.exe
  2⤵
  PID:14468
- C:\Windows\System\dOZwPcr.exe
  C:\Windows\System\dOZwPcr.exe
  2⤵
  PID:14496
- C:\Windows\System\ImkCzeH.exe
  C:\Windows\System\ImkCzeH.exe
  2⤵
  PID:14532
- C:\Windows\System\fqnaKYQ.exe
  C:\Windows\System\fqnaKYQ.exe
  2⤵
  PID:14560
- C:\Windows\System\TdUvnvN.exe
  C:\Windows\System\TdUvnvN.exe
  2⤵
  PID:14592
- C:\Windows\System\YjzoLPf.exe
  C:\Windows\System\YjzoLPf.exe
  2⤵
  PID:14620
- C:\Windows\System\tuZrdVR.exe
  C:\Windows\System\tuZrdVR.exe
  2⤵
  PID:14648
- C:\Windows\System\tqQZnfR.exe
  C:\Windows\System\tqQZnfR.exe
  2⤵
  PID:14676
- C:\Windows\System\QMBucMl.exe
  C:\Windows\System\QMBucMl.exe
  2⤵
  PID:14708
- C:\Windows\System\ekrgiQH.exe
  C:\Windows\System\ekrgiQH.exe
  2⤵
  PID:14732
- C:\Windows\System\HVtdJLS.exe
  C:\Windows\System\HVtdJLS.exe
  2⤵
  PID:14760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:14452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CKZFRNI.exe

Filesize
6.0MB

MD5
af387a443fb75614be0c23fe17bcb09a

SHA1
31860c2c23b1fc69950054a824b6b487677c28a2

SHA256
46fe7a97dcdc0c77396920c43513b184394865833df35533a3d683f26ae6e6c1

SHA512
5dc1f9fb0cebe8f4ce3d0cd34d1080749ef12ddf7cf575bb563b988079389394c2ca16f79225c6128c8ca5f9e7395730ad6224c647e124fbf31c7e3d3f7cce18

Download Submit
C:\Windows\System\EsKDOAQ.exe

Filesize
6.0MB

MD5
19166cfd8d7ceda2e7386c5da3bae37b

SHA1
de2cd4b4cdd354f302f155908930c784a89524d9

SHA256
cb3a55dd37717cc19fb3573b37b0043b87d8ab3ed9404c9afe43ec8dbbff0a7f

SHA512
29804c03eecca2e95523e3de50e719ecfbcdc15fdd3d5055be42b7be2fea6d371757713a27856ce1522ce83b2821999a759d5129b032bfd92b84f2e97fcc5ab6

Download Submit
C:\Windows\System\KwwgJca.exe

Filesize
6.0MB

MD5
a0917a337482ee899b59c91482b52cf4

SHA1
df0847475311d6c86c3bb78db22218aed41d6395

SHA256
88dd4e9e3415f53016fed3165b545e8cfb69dec11c1d9ddb357152d32d4ed8f5

SHA512
9e29db22085cef8ed9eb550313c5b70b18e7a5dab1cd283f3233c31c0eeae27e9cb616e793c63bb23a10c12549024250e3b65000b1278b76ff2558a10cb47744

Download Submit
C:\Windows\System\NaSwJLI.exe

Filesize
6.0MB

MD5
46c5bf988fc5ac5fea60e7e4a19637a8

SHA1
3d15f5dd34e029cdf59714e7c47cdef2c76f1b57

SHA256
40bae4fc95640c04b8a8c593eed333606e7005a01e4db58c18ad034a61a8c957

SHA512
61fe4d1c2750abdcd4a81fb3e94b816690f05713ce5b67a47d6b34a15b6fdcd7c21bfc20de3e41e895be21da9ee26ac1052835ff7b41facc9b5b01d4f746a13b

Download Submit
C:\Windows\System\PJNBYPh.exe

Filesize
6.0MB

MD5
7ddc9062ac70a594d8e2e130d3bc7607

SHA1
5cb02ca98c9de13ef3e1dab49e63a54d014711c0

SHA256
8ca00daa7766fa22e9c668baf7e3312c84e95f61a6614a62a9a7febf1ed28dda

SHA512
eb149b9bc49d93ea2ac1ce21cfadc84f00b6f2a5d51b7105c738f0556ea0430c5e728cfb2cac8d95a251fe22f2c008a85efea8ad84f61f6344b4cf3f5a5b4474

Download Submit
C:\Windows\System\QkWVbIC.exe

Filesize
6.0MB

MD5
39752e0973cdddc1053f8325c3f6d71b

SHA1
99854c21918249141c31bfefe4ab4f839775b9ce

SHA256
0164e8d48a9ffb3c3984efdd4d4b39e55a63d06749af937f3d83a2695ab721cf

SHA512
bb92789e36b8e175fec7df353f5ce06cfd72c7f1aaa4daca1627b94d34e6d866af1f5c02cf509b34d61359b8a5320aba044fecc79315df8b95602c660daadd32

Download Submit
C:\Windows\System\SHglFzx.exe

Filesize
6.0MB

MD5
da89b23662cc1b66ebd24faede510dc2

SHA1
3fb069d32e5996e8ea537d13f975840f69f8d7f9

SHA256
3d14c831b41084cbd1621b5a77178b36567d97014c304f28a424e8ba612e6697

SHA512
765a47d3a0f22396c7f364eee8866074d144b93c3cfc38c2582bd55578796bc475c132be0f4172536b4380ccf9f91bfba8aa23ac290160d4ddab88be8dc629a9

Download Submit
C:\Windows\System\TDPCqdc.exe

Filesize
6.0MB

MD5
9d45254eb06f630e2b7c5aa055e2e737

SHA1
dcfd246af03fefba8961cd131ab451d06578afca

SHA256
511c9f712c7ce97811468df5e8cb40064b78d4d31b7235f832073319e4c6a604

SHA512
26ebf698623a172f00be680d0071551ae688cdecf187fe555a50782c4f465f5352941e0c595f5046ec819ffd389c529c848c32d87a0e2629256ad704024f823f

Download Submit
C:\Windows\System\TKoyhmY.exe

Filesize
6.0MB

MD5
d9856ab862d7c2f9bc3395fc1b5ffb60

SHA1
3a3a05bd3767c52f75a08a6738073fec4881cda6

SHA256
fe0d524cf2327d079b2f379f010b99e03e3a461fa0d91153ce579bd4d5f2672d

SHA512
b5d65de403b850d2ab33ce86879ccb9737dfc0e1ab77a7ae029a2ce8feb3b6ee6eab397034c93883c5ac6e1663d984e067a014e05ae088fed0663f1aa236ad59

Download Submit
C:\Windows\System\TiQVzau.exe

Filesize
6.0MB

MD5
66430bed4ff80762d049752a82d67e20

SHA1
73d3502297dfe8f867d319f6dff399ca4b4baa8a

SHA256
687f0ced756ad13884b93f3387cf6d017dbf99c7b0b03c2183f9ba10b25f9957

SHA512
ac1bed1f77fd24ae8a75524fb9eb1773ad20037a78d33ae97683ec2a48863840faaddf7fb34e47a8cf6b013ae54cef2fed878fe7b17b4bc76e4df3f2b40cde6a

Download Submit
C:\Windows\System\ULoePbv.exe

Filesize
6.0MB

MD5
ad52a8da29eb42bcf8bc597d07152587

SHA1
da560b5ae898591135a927b20cd15b72a5ed5bfb

SHA256
f8c2b23f20266857460e94d090a5caf2c03e03e83ec2fffd3b8aee66890b37e0

SHA512
8c7eb41cfb44d911494f44dc8916b03e40ed1bc22873f57f0bbcce4b56cc4a70cb064486efc82b3ef0f41d3dcf7a63aa5a7269956999fcf1163b991490114887

Download Submit
C:\Windows\System\WEwYqrH.exe

Filesize
6.0MB

MD5
265831bb2b8d4edfb5c3a870e9f1a10c

SHA1
06253bd2b6cb764413cb94be85d9b8b9878fb175

SHA256
45d478c74bec11c28004769fe0a2b98d811fdd828a66a7b007842f8683942576

SHA512
678eef3b42f54461370ef981277dcf8eb0be34b855396237ae3756a7cb9bad73166db8b85b8dcc2a6ca09037a2136df6cc4c73e7574ae79ebaa8a1d16b14c0c3

Download Submit
C:\Windows\System\ZuvfNyH.exe

Filesize
6.0MB

MD5
ef790423a6856cdf25411e29da35fca4

SHA1
c2de04193420ce8e4579ff2aef7e5b2620d7e481

SHA256
f2a4ce6a71f259d8561f02383e8dc072f20304b3cf680cde64da4d0d6abbb893

SHA512
ffdab6d950cde76279cace22c7ceeea912adfa6b95ed9e3d72c4c7a9701d85fa26753489a6c20a5e5789a8eeb9d813299d205e9a5b27625f9f6b8f1444afdcf8

Download Submit
C:\Windows\System\fmouXzQ.exe

Filesize
6.0MB

MD5
25c7a9350fc2e114e8452d01f9b7960d

SHA1
a14dfaaa46f62d851062586a42603a5883afe517

SHA256
a63890351cdd5504e7b5e25c85104064d723ffed89c2d5afde3a3a0593fcac19

SHA512
b055a4c2d4969b0a680cff07db752b2062b32059f461724ac543ff05e84391ce4a27ea81bf27c9bd241c74fee18df7f584fd93e7fb6bb910730d193d5fab82f6

Download Submit
C:\Windows\System\fvKhvgL.exe

Filesize
6.0MB

MD5
c3d1f1fb2af4e2309a8736276b97e078

SHA1
08e0f1b06437e5c9fd404b16c26161786799caa3

SHA256
4fdd522c48b24faae97655a3a8017caf412ee8c813e056ec4738b3a6c27e0c6b

SHA512
a9363ba3874123f08e5a9c6e391d39506a2ef77fc6c74e552ff224df9cd93d59ebe31cdf19503781269b3e51ee20df9ef864e0571f5ad814c03cfa2ea6dd8219

Download Submit
C:\Windows\System\jImCWEk.exe

Filesize
6.0MB

MD5
044a320829f7a9ecbe2f5fade56db036

SHA1
a270c15c4b550d30508ec678bb6d646bce29deb4

SHA256
7bd971d7e093c6b0c986487149f4123128a8c8df2179405f72add9ae82127ff2

SHA512
4a53d718c079dcffe72e1266c302ed5a0930eaa4c3f85947581e25f5287dc87660176f55386d6e595c9092006096df9be3cdbc646dab3061c4ab29f809bd4044

Download Submit
C:\Windows\System\kaaPTIw.exe

Filesize
6.0MB

MD5
3901fd06e0ecc9abc371f157b486abdb

SHA1
5a081be9a1dc80744a6bd3acbd6445008b8fea22

SHA256
ea1227ee5cd9fb2f345caed4b196298f2b2bd4ebdd9659a30a0bef148a1cc725

SHA512
c4e90157107c897ccb07e6a51f249954b77a3be75e1fbd15cc4938b114c1ea5ec6893794bb640f3c2d17d06b703061a4270391fea2fe1e566d9e16efbe3c5e38

Download Submit
C:\Windows\System\lDoxHSy.exe

Filesize
6.0MB

MD5
ed9235aba0f72fd799825ec69dd4e9f6

SHA1
178477fbbbc1c5828e1df8f416714f51135e05da

SHA256
d102d6faa9ac1b2b94e831aaed467f97d362cae38d5ae3d4c36effc76f28324e

SHA512
1219f99e495713dbb2ad043b59bd321def0865a7e9244227246adce512570f6e762a224a4970c201126ba445a18d1c83f6001a5989c25cf82fb8073bd402abf9

Download Submit
C:\Windows\System\mnQFObM.exe

Filesize
6.0MB

MD5
af40897b34a68bcb94903d99a1a73ea6

SHA1
1a33cce1f709fd21d3238f1c6b51e0491fa364be

SHA256
7c652d2e1b4183ee1649bbcee19cab83f1e053f4add1736800faeb4e7296586e

SHA512
0151dd10fd6f32db920d64a2141e0c969bffa90e32376f36145b355cef002e885838249454339b3364f78bf33d0876f93b79ad412ed5d14acc0e84d06fb27025

Download Submit
C:\Windows\System\nHZnmDD.exe

Filesize
6.0MB

MD5
7958c9d61bce464ba57654386311aabb

SHA1
8da701531348c89f051e3ea04676338da124d725

SHA256
b5334d37dbab66d5afe307f9a02a14fd5ed459e44edba1d5a077becf167f20af

SHA512
6e4edef443401029731fc311fda0a68045725e88abb3e7124655030539a7b18a54a9ebd9ee9d666b928213b6d074c349273066fdfe4f78bb40d0a887e011c13f

Download Submit
C:\Windows\System\qcuxhyj.exe

Filesize
6.0MB

MD5
7832040a2f405a93492b95b4aab8d6e9

SHA1
bb7a1e52b007efd02aaf0b293f2674c5082cec97

SHA256
10356a537a6efbf5593c9fe24025c0fe5e25de57f48834e0656f051bef404711

SHA512
60c6b986a83acf89c4c326bb6d94451a1fe5df2f93b2b3f58a79f19845edb9d42d80b496c4c0d08abb76b0b21f6d9c4029c5cb079d5a5f6e4c86552a3fcc2c0c

Download Submit
C:\Windows\System\rDcbgFc.exe

Filesize
6.0MB

MD5
b33d7a560b48c66dd47d055e306bc83a

SHA1
3e5006a32a2b883140d7bb160bb659204dd24830

SHA256
5e10436b57e71a09ef5c23dff34887af41b2d7eadeac6797bba219ab1fc1a147

SHA512
8bcb39a5faf229a74686f6bb64c010bbb6d26b6d444381ffb6799e8891194291e1664541e4d7e1c74527b30216464dfc7194d9aeefa31a073423017825e20525

Download Submit
C:\Windows\System\rJfcCqV.exe

Filesize
6.0MB

MD5
9ca095959aa6d48b8b27ca50c3fc317b

SHA1
3f63ef9ac2e3d2e4aff3b890700053dd2d90a9db

SHA256
dba267604009caea5ca89aa1e7665856a5a9d031f4d8f112cb929bccffe8bf57

SHA512
c32ec7c0c5d97aa1555b33ce596fb6693449cc9eda906f3d4e38f2754991e8490378ec0663c41092c99198b980a79d71561149cc317b1737207b9cefc9b3e03a

Download Submit
C:\Windows\System\sAJBOFz.exe

Filesize
6.0MB

MD5
523061e36cbc98f898cad8265103d798

SHA1
d457d9fd67ea9cecd843f9855e9734b698e63fe4

SHA256
9cddfbd70678e6cd7f5977a595c7f3768bdf5e1d6727c51d77a51899351c394a

SHA512
375857cecb0beeb75dae25f037889309ed6ca26bc8ee5d109a7761f50a372407ad2132b722813fca126831e23e986951faa79c60db25b6c51ffe26f52f19992b

Download Submit
C:\Windows\System\sUSnXbK.exe

Filesize
6.0MB

MD5
fc9f807902f289c4634f9bc770677702

SHA1
290f68ee8301b030f2e75bb58d28a9da5d13c471

SHA256
d5327c78afbe6065d4ca7053cebc2adde0ad14d945dccb35ab831389ccc4d446

SHA512
467c5ae5be8b37801971a9a00086077601cbe5b95ff2cd5220e43310ac704aff7d750a83bf3ebedbf33b4c5a1d3dd93a51b8daf1eb771cbf56ec8be207e410b0

Download Submit
C:\Windows\System\scHGBTQ.exe

Filesize
6.0MB

MD5
b2d8652bfe243aa7c303a11ee9e3172a

SHA1
3b7aca8fe2f9fa6beae2ff2c30c713cc3373446b

SHA256
07d3f9f1a5d1bf19bc4db3d812022041e0a34a47c5e7ea2b9235cdb8b39dc733

SHA512
483073f74d484b551b8712eac9d3392c26bda24c92ee04b4193e98ae5c2b50d39eef6eda7e6971efcbc2125f1db38f9c1039c989d8a20c0b58eef896526aab27

Download Submit
C:\Windows\System\sdLwizw.exe

Filesize
6.0MB

MD5
833a2b546d29ad4484c8e1c058f94e93

SHA1
5313efc1d5d37a1fb23b3a5139abdcc09494d29c

SHA256
9b7ca77aa2f7f8983487751e008fb190129fd1bd4b5b22f1f8a6b887fbe15ea4

SHA512
a9f15b83bbd446985765f6867a900a13509f95d8b3d9ad1bc6cb4b8f8824eb707d833557d97f2d0012fd123ddc4fad1dd6a6aac6379451ba1e42d16ad6039abd

Download Submit
C:\Windows\System\uRhBrpr.exe

Filesize
6.0MB

MD5
38b252d6b87f59e29d9e5d5cfabcede8

SHA1
6fe42a38c3ecd70fc0e5aed6e456c44cd9830d52

SHA256
720299fb7f722701d81747b1787fa73967d260d3c03c084e3bceab79b0eafa45

SHA512
4f44a7a89e9641198858a44984599e00e98484f1251b981e31d7c06557cece5fc21a064d009fe942a116b2568f077d29f2600d46280f48af200ac27da924f503

Download Submit
C:\Windows\System\vWvCggA.exe

Filesize
6.0MB

MD5
6bae03ab6a7537fd9ce1ea9af5a7a44c

SHA1
b211fea367bf7170e7395213ac6873681f21ba3e

SHA256
f49cf58af1ff786431be3c3665646d2b6c053e5a8471bb90287b0c0f3019699e

SHA512
34105fa6e3fec7b6bc0b3b1d9b463ee6d601f586c26cb0acdc29a38f4d1051bb75f2e3bfa16bbda4b8e00072356c2c5e0bb6f1c18b3776e939426396c5b77ac9

Download Submit
C:\Windows\System\wFOPIWj.exe

Filesize
6.0MB

MD5
e866d4ece82fe7dc85df9915799447b7

SHA1
96e76b6a6e8fc5f6a78dc4c833bb344e4474b53c

SHA256
10fd86f9886bbaf6a61520acc7f7cd27019dcd79d4a0cc1829f27007fff13e5a

SHA512
722acc14611531ba2373d8c3ac5d1ee4e41c3eeccc75b2c26b3590f1e6ae3fc6c9643ddecbeda77fb0bfb0d892bed6adfdd179da2b9eec1afa38ec6c4dc645b6

Download Submit
C:\Windows\System\xUhkajq.exe

Filesize
6.0MB

MD5
fd41d2543d5281c63554a9ab1885597a

SHA1
537222f8d1ba7478a333490db48ec6b8503c857a

SHA256
a7b2a9e444b4c1fb84b6355aacb96678401d6df4ed6117a200d9d5818cc8ed69

SHA512
48b30ead6b69e05d16445bac8d35a98086d6bb06b624efcca20b5b487647ceb43bc57117989136b5a13327846d17351a54693f81323d2892add59ddcc4e58afc

Download Submit
C:\Windows\System\xZRKoVq.exe

Filesize
6.0MB

MD5
a3c058fd8495a5e25771eac9795220f9

SHA1
ea5d644375791ccde44968767005db504181c317

SHA256
428b5082de324713a9da53506a97ac3a29d61e8c950dfae2e97a5a63267a4de8

SHA512
dd9d0b8cfe50b1d1c41e80c983f9cbd39376ee6f4bb69e28297b3ad7006828ce93286103ad6910db2cb5b5185cc4d003f9e7c196fad49e661c195912620e45ba

Download Submit
C:\Windows\System\zVqgMZh.exe

Filesize
6.0MB

MD5
d3aef1e65fc4b73c1c5758d5cb94739b

SHA1
910e465ec12215a95fd3adb619ec416c2f75e7f0

SHA256
f8c85646790e43bc691abb40661c81c03e847a4ddaa8bfda58f48c07e38d1a23

SHA512
cc55e042be38b7d2b603b05a2793597949eb1b03d161e3a3b4c42ffc191296bedab1be401eaa5dc0af81a1a70966a3da7716dcdb0ffd9f836ffa37f5315f9fbb

Download Submit
memory/380-74-0x00007FF6C88A0000-0x00007FF6C8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/380-14-0x00007FF6C88A0000-0x00007FF6C8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/748-2271-0x00007FF79CF80000-0x00007FF79D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/748-105-0x00007FF79CF80000-0x00007FF79D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/748-173-0x00007FF79CF80000-0x00007FF79D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/964-62-0x00007FF7D94A0000-0x00007FF7D97F4000-memory.dmp

Filesize
3.3MB

Download
memory/964-0-0x00007FF7D94A0000-0x00007FF7D97F4000-memory.dmp

Filesize
3.3MB

Download
memory/964-1-0x000001D409770000-0x000001D409780000-memory.dmp

Filesize
64KB

Download
memory/1116-1020-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp

Filesize
3.3MB

Download
memory/1116-153-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp

Filesize
3.3MB

Download
memory/1116-2282-0x00007FF6DFE20000-0x00007FF6E0174000-memory.dmp

Filesize
3.3MB

Download
memory/1224-24-0x00007FF71A340000-0x00007FF71A694000-memory.dmp

Filesize
3.3MB

Download
memory/1224-90-0x00007FF71A340000-0x00007FF71A694000-memory.dmp

Filesize
3.3MB

Download
memory/1356-179-0x00007FF7630F0000-0x00007FF763444000-memory.dmp

Filesize
3.3MB

Download
memory/1356-122-0x00007FF7630F0000-0x00007FF763444000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2275-0x00007FF7630F0000-0x00007FF763444000-memory.dmp

Filesize
3.3MB

Download
memory/1496-118-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-47-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2265-0x00007FF7A0B60000-0x00007FF7A0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1604-188-0x00007FF637820000-0x00007FF637B74000-memory.dmp

Filesize
3.3MB

Download
memory/1604-128-0x00007FF637820000-0x00007FF637B74000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2278-0x00007FF637820000-0x00007FF637B74000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1338-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp

Filesize
3.3MB

Download
memory/1684-189-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2286-0x00007FF6C6DC0000-0x00007FF6C7114000-memory.dmp

Filesize
3.3MB

Download
memory/1776-81-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp

Filesize
3.3MB

Download
memory/1776-18-0x00007FF6A4120000-0x00007FF6A4474000-memory.dmp

Filesize
3.3MB

Download
memory/1788-2276-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-165-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-1146-0x00007FF600FA0000-0x00007FF6012F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2268-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/1936-124-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/1936-64-0x00007FF6E2110000-0x00007FF6E2464000-memory.dmp

Filesize
3.3MB

Download
memory/2520-159-0x00007FF6EE650000-0x00007FF6EE9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-91-0x00007FF6EE650000-0x00007FF6EE9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2274-0x00007FF6EE650000-0x00007FF6EE9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-54-0x00007FF6C2920000-0x00007FF6C2C74000-memory.dmp

Filesize
3.3MB

Download
memory/2756-123-0x00007FF6C2920000-0x00007FF6C2C74000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2266-0x00007FF6C2920000-0x00007FF6C2C74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-143-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/3028-75-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2269-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/3168-97-0x00007FF600130000-0x00007FF600484000-memory.dmp

Filesize
3.3MB

Download
memory/3168-30-0x00007FF600130000-0x00007FF600484000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2281-0x00007FF654830000-0x00007FF654B84000-memory.dmp

Filesize
3.3MB

Download
memory/3272-160-0x00007FF654830000-0x00007FF654B84000-memory.dmp

Filesize
3.3MB

Download
memory/3272-1021-0x00007FF654830000-0x00007FF654B84000-memory.dmp

Filesize
3.3MB

Download
memory/3320-142-0x00007FF7ABE60000-0x00007FF7AC1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2283-0x00007FF7ABE60000-0x00007FF7AC1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-196-0x00007FF7ABE60000-0x00007FF7AC1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2280-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp

Filesize
3.3MB

Download
memory/3640-144-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp

Filesize
3.3MB

Download
memory/3640-962-0x00007FF7D1610000-0x00007FF7D1964000-memory.dmp

Filesize
3.3MB

Download
memory/3648-197-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2285-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp

Filesize
3.3MB

Download
memory/3648-1396-0x00007FF6A46F0000-0x00007FF6A4A44000-memory.dmp

Filesize
3.3MB

Download
memory/3700-66-0x00007FF62C7D0000-0x00007FF62CB24000-memory.dmp

Filesize
3.3MB

Download
memory/3700-7-0x00007FF62C7D0000-0x00007FF62CB24000-memory.dmp

Filesize
3.3MB

Download
memory/3816-82-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3816-152-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3816-2270-0x00007FF6FED90000-0x00007FF6FF0E4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2277-0x00007FF751380000-0x00007FF7516D4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-840-0x00007FF751380000-0x00007FF7516D4000-memory.dmp

Filesize
3.3MB

Download
memory/4000-129-0x00007FF751380000-0x00007FF7516D4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-98-0x00007FF662980000-0x00007FF662CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-164-0x00007FF662980000-0x00007FF662CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2273-0x00007FF662980000-0x00007FF662CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4752-36-0x00007FF675BF0000-0x00007FF675F44000-memory.dmp

Filesize
3.3MB

Download
memory/4752-104-0x00007FF675BF0000-0x00007FF675F44000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2279-0x00007FF756340000-0x00007FF756694000-memory.dmp

Filesize
3.3MB

Download
memory/4792-1149-0x00007FF756340000-0x00007FF756694000-memory.dmp

Filesize
3.3MB

Download
memory/4792-174-0x00007FF756340000-0x00007FF756694000-memory.dmp

Filesize
3.3MB

Download
memory/4896-111-0x00007FF675870000-0x00007FF675BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-42-0x00007FF675870000-0x00007FF675BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2264-0x00007FF675870000-0x00007FF675BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-178-0x00007FF7B8CF0000-0x00007FF7B9044000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2272-0x00007FF7B8CF0000-0x00007FF7B9044000-memory.dmp

Filesize
3.3MB

Download
memory/4956-112-0x00007FF7B8CF0000-0x00007FF7B9044000-memory.dmp

Filesize
3.3MB

Download
memory/4960-68-0x00007FF6FF910000-0x00007FF6FFC64000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2267-0x00007FF6FF910000-0x00007FF6FFC64000-memory.dmp

Filesize
3.3MB

Download
memory/4984-183-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp

Filesize
3.3MB

Download
memory/4984-1273-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2284-0x00007FF6ED1C0000-0x00007FF6ED514000-memory.dmp

Filesize
3.3MB

Download