cobaltstrike | d57a0a7629f8579476d807badaa181375a3c35d14c712517ba9b506b79b279e6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2024, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b2ffb0305ea4f27abd4dc9dea4e8545d
SHA1

d75dfff9a99355d20f26d661b465e3468e874008
SHA256

d57a0a7629f8579476d807badaa181375a3c35d14c712517ba9b506b79b279e6
SHA512

77b46ed52b023be054ab21935fd65d3b16c7b31241639d625c48f7c0146e9c677a0a540c0a1f0b6bb44ab8b3149089846ecfc927e7c4e1e98924677880b4c0d7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c65-4.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c69-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-32.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-37.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-50.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-54.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-72.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-123.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-148.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-158.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-153.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-133.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-128.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c84-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-97.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-63.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c66-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF670770000-0x00007FF670AC4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c65-4.dat	xmrig
behavioral2/memory/3624-8-0x00007FF6BA8F0000-0x00007FF6BAC44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c69-12.dat	xmrig
behavioral2/files/0x0007000000023c72-10.dat	xmrig
behavioral2/memory/3528-14-0x00007FF7802A0000-0x00007FF7805F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c74-24.dat	xmrig
behavioral2/files/0x0007000000023c75-32.dat	xmrig
behavioral2/files/0x0007000000023c76-37.dat	xmrig
behavioral2/files/0x0007000000023c77-41.dat	xmrig
behavioral2/files/0x0007000000023c78-50.dat	xmrig
behavioral2/files/0x0007000000023c79-54.dat	xmrig
behavioral2/files/0x0007000000023c7d-72.dat	xmrig
behavioral2/files/0x0007000000023c7e-79.dat	xmrig
behavioral2/files/0x0007000000023c80-93.dat	xmrig
behavioral2/files/0x0007000000023c83-102.dat	xmrig
behavioral2/files/0x0007000000023c85-114.dat	xmrig
behavioral2/files/0x0007000000023c86-123.dat	xmrig
behavioral2/files/0x0007000000023c89-138.dat	xmrig
behavioral2/files/0x0007000000023c8b-148.dat	xmrig
behavioral2/files/0x0007000000023c8e-163.dat	xmrig
behavioral2/memory/1848-954-0x00007FF70A5C0000-0x00007FF70A914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-167.dat	xmrig
behavioral2/files/0x0007000000023c8f-162.dat	xmrig
behavioral2/files/0x0007000000023c8d-158.dat	xmrig
behavioral2/files/0x0007000000023c8c-153.dat	xmrig
behavioral2/files/0x0007000000023c8a-143.dat	xmrig
behavioral2/files/0x0007000000023c88-133.dat	xmrig
behavioral2/files/0x0007000000023c87-128.dat	xmrig
behavioral2/files/0x0007000000023c84-110.dat	xmrig
behavioral2/files/0x0007000000023c82-103.dat	xmrig
behavioral2/files/0x0007000000023c81-97.dat	xmrig
behavioral2/files/0x0007000000023c7f-87.dat	xmrig
behavioral2/files/0x0007000000023c7c-73.dat	xmrig
behavioral2/files/0x0007000000023c7b-67.dat	xmrig
behavioral2/files/0x0007000000023c7a-63.dat	xmrig
behavioral2/files/0x0009000000023c66-45.dat	xmrig
behavioral2/memory/3216-39-0x00007FF786BA0000-0x00007FF786EF4000-memory.dmp	xmrig
behavioral2/memory/444-22-0x00007FF705AE0000-0x00007FF705E34000-memory.dmp	xmrig
behavioral2/memory/5044-963-0x00007FF7A4CA0000-0x00007FF7A4FF4000-memory.dmp	xmrig
behavioral2/memory/1704-961-0x00007FF66F3D0000-0x00007FF66F724000-memory.dmp	xmrig
behavioral2/memory/4432-966-0x00007FF6906C0000-0x00007FF690A14000-memory.dmp	xmrig
behavioral2/memory/3100-970-0x00007FF703750000-0x00007FF703AA4000-memory.dmp	xmrig
behavioral2/memory/2756-969-0x00007FF7393B0000-0x00007FF739704000-memory.dmp	xmrig
behavioral2/memory/764-979-0x00007FF6288C0000-0x00007FF628C14000-memory.dmp	xmrig
behavioral2/memory/4592-975-0x00007FF62B400000-0x00007FF62B754000-memory.dmp	xmrig
behavioral2/memory/1804-974-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp	xmrig
behavioral2/memory/4104-973-0x00007FF674290000-0x00007FF6745E4000-memory.dmp	xmrig
behavioral2/memory/3296-968-0x00007FF7DF2F0000-0x00007FF7DF644000-memory.dmp	xmrig
behavioral2/memory/2448-967-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp	xmrig
behavioral2/memory/4848-983-0x00007FF7AB230000-0x00007FF7AB584000-memory.dmp	xmrig
behavioral2/memory/2932-986-0x00007FF6B60E0000-0x00007FF6B6434000-memory.dmp	xmrig
behavioral2/memory/3348-989-0x00007FF70E210000-0x00007FF70E564000-memory.dmp	xmrig
behavioral2/memory/2212-992-0x00007FF6D4CB0000-0x00007FF6D5004000-memory.dmp	xmrig
behavioral2/memory/4192-995-0x00007FF663D50000-0x00007FF6640A4000-memory.dmp	xmrig
behavioral2/memory/2136-998-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp	xmrig
behavioral2/memory/772-997-0x00007FF7F96E0000-0x00007FF7F9A34000-memory.dmp	xmrig
behavioral2/memory/2536-996-0x00007FF6AA4A0000-0x00007FF6AA7F4000-memory.dmp	xmrig
behavioral2/memory/736-994-0x00007FF7F6DD0000-0x00007FF7F7124000-memory.dmp	xmrig
behavioral2/memory/1072-988-0x00007FF7A0010000-0x00007FF7A0364000-memory.dmp	xmrig
behavioral2/memory/2024-982-0x00007FF71A800000-0x00007FF71AB54000-memory.dmp	xmrig
behavioral2/memory/3432-1002-0x00007FF6FC4E0000-0x00007FF6FC834000-memory.dmp	xmrig
behavioral2/memory/2936-1006-0x00007FF7F8060000-0x00007FF7F83B4000-memory.dmp	xmrig
behavioral2/memory/4688-1355-0x00007FF670770000-0x00007FF670AC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3624	xGHdaoc.exe
3528	IfPnduE.exe
444	LqlYpKc.exe
3216	eAkRTGw.exe
1848	SdCqevI.exe
3432	dcsqkKp.exe
1704	xZiJNSS.exe
2936	HJNZpnp.exe
5044	UDYOZVB.exe
4432	pIWmfgW.exe
2448	iRRtbhh.exe
3296	SRQIdnp.exe
2756	YEYMRou.exe
3100	AjhKqES.exe
4104	MvKVBWf.exe
1804	GGuqplZ.exe
4592	AgytJAp.exe
764	HWiWpSw.exe
2024	hcSkkwQ.exe
4848	yujeElB.exe
2932	bQwPKhi.exe
1072	uKsRRwc.exe
3348	RJnPRDd.exe
2212	GjtrdjG.exe
736	PsLmfyS.exe
4192	aueUCGI.exe
2536	PCwgkjt.exe
772	WGaDgOK.exe
2136	quHRwXs.exe
2144	qAAtRws.exe
804	FgzimWp.exe
5076	vHTfCMq.exe
1268	RLFeGDb.exe
4728	zSTKemD.exe
1980	nWUkfTR.exe
880	lzBRmFu.exe
808	QfVqAeu.exe
3380	EFkKyKg.exe
3440	HnvDMHR.exe
3276	ClyrBMF.exe
1876	tTfMGml.exe
5012	vIYvlKB.exe
2996	kJJCwGs.exe
4412	iNuSIOn.exe
4792	sggUCLk.exe
4696	ObjiNUA.exe
3044	whaWeXc.exe
1524	imsXJnM.exe
3032	ZkHJAAH.exe
3108	AcOknoY.exe
4768	oxiPEwZ.exe
3720	xZMmqaW.exe
5100	GmUVWpZ.exe
3920	ynzbFXW.exe
2496	SqKMKZZ.exe
4396	mDxjutF.exe
4416	ZhKirlt.exe
2272	AxTNyQP.exe
3608	nsUGyAR.exe
2300	ocQGnnQ.exe
5092	aXWwiHV.exe
4540	azvxZlL.exe
3264	qdvzuPC.exe
3008	MrKeAsq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF670770000-0x00007FF670AC4000-memory.dmp	upx
behavioral2/files/0x0009000000023c65-4.dat	upx
behavioral2/memory/3624-8-0x00007FF6BA8F0000-0x00007FF6BAC44000-memory.dmp	upx
behavioral2/files/0x0008000000023c69-12.dat	upx
behavioral2/files/0x0007000000023c72-10.dat	upx
behavioral2/memory/3528-14-0x00007FF7802A0000-0x00007FF7805F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c74-24.dat	upx
behavioral2/files/0x0007000000023c75-32.dat	upx
behavioral2/files/0x0007000000023c76-37.dat	upx
behavioral2/files/0x0007000000023c77-41.dat	upx
behavioral2/files/0x0007000000023c78-50.dat	upx
behavioral2/files/0x0007000000023c79-54.dat	upx
behavioral2/files/0x0007000000023c7d-72.dat	upx
behavioral2/files/0x0007000000023c7e-79.dat	upx
behavioral2/files/0x0007000000023c80-93.dat	upx
behavioral2/files/0x0007000000023c83-102.dat	upx
behavioral2/files/0x0007000000023c85-114.dat	upx
behavioral2/files/0x0007000000023c86-123.dat	upx
behavioral2/files/0x0007000000023c89-138.dat	upx
behavioral2/files/0x0007000000023c8b-148.dat	upx
behavioral2/files/0x0007000000023c8e-163.dat	upx
behavioral2/memory/1848-954-0x00007FF70A5C0000-0x00007FF70A914000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-167.dat	upx
behavioral2/files/0x0007000000023c8f-162.dat	upx
behavioral2/files/0x0007000000023c8d-158.dat	upx
behavioral2/files/0x0007000000023c8c-153.dat	upx
behavioral2/files/0x0007000000023c8a-143.dat	upx
behavioral2/files/0x0007000000023c88-133.dat	upx
behavioral2/files/0x0007000000023c87-128.dat	upx
behavioral2/files/0x0007000000023c84-110.dat	upx
behavioral2/files/0x0007000000023c82-103.dat	upx
behavioral2/files/0x0007000000023c81-97.dat	upx
behavioral2/files/0x0007000000023c7f-87.dat	upx
behavioral2/files/0x0007000000023c7c-73.dat	upx
behavioral2/files/0x0007000000023c7b-67.dat	upx
behavioral2/files/0x0007000000023c7a-63.dat	upx
behavioral2/files/0x0009000000023c66-45.dat	upx
behavioral2/memory/3216-39-0x00007FF786BA0000-0x00007FF786EF4000-memory.dmp	upx
behavioral2/memory/444-22-0x00007FF705AE0000-0x00007FF705E34000-memory.dmp	upx
behavioral2/memory/5044-963-0x00007FF7A4CA0000-0x00007FF7A4FF4000-memory.dmp	upx
behavioral2/memory/1704-961-0x00007FF66F3D0000-0x00007FF66F724000-memory.dmp	upx
behavioral2/memory/4432-966-0x00007FF6906C0000-0x00007FF690A14000-memory.dmp	upx
behavioral2/memory/3100-970-0x00007FF703750000-0x00007FF703AA4000-memory.dmp	upx
behavioral2/memory/2756-969-0x00007FF7393B0000-0x00007FF739704000-memory.dmp	upx
behavioral2/memory/764-979-0x00007FF6288C0000-0x00007FF628C14000-memory.dmp	upx
behavioral2/memory/4592-975-0x00007FF62B400000-0x00007FF62B754000-memory.dmp	upx
behavioral2/memory/1804-974-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp	upx
behavioral2/memory/4104-973-0x00007FF674290000-0x00007FF6745E4000-memory.dmp	upx
behavioral2/memory/3296-968-0x00007FF7DF2F0000-0x00007FF7DF644000-memory.dmp	upx
behavioral2/memory/2448-967-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp	upx
behavioral2/memory/4848-983-0x00007FF7AB230000-0x00007FF7AB584000-memory.dmp	upx
behavioral2/memory/2932-986-0x00007FF6B60E0000-0x00007FF6B6434000-memory.dmp	upx
behavioral2/memory/3348-989-0x00007FF70E210000-0x00007FF70E564000-memory.dmp	upx
behavioral2/memory/2212-992-0x00007FF6D4CB0000-0x00007FF6D5004000-memory.dmp	upx
behavioral2/memory/4192-995-0x00007FF663D50000-0x00007FF6640A4000-memory.dmp	upx
behavioral2/memory/2136-998-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp	upx
behavioral2/memory/772-997-0x00007FF7F96E0000-0x00007FF7F9A34000-memory.dmp	upx
behavioral2/memory/2536-996-0x00007FF6AA4A0000-0x00007FF6AA7F4000-memory.dmp	upx
behavioral2/memory/736-994-0x00007FF7F6DD0000-0x00007FF7F7124000-memory.dmp	upx
behavioral2/memory/1072-988-0x00007FF7A0010000-0x00007FF7A0364000-memory.dmp	upx
behavioral2/memory/2024-982-0x00007FF71A800000-0x00007FF71AB54000-memory.dmp	upx
behavioral2/memory/3432-1002-0x00007FF6FC4E0000-0x00007FF6FC834000-memory.dmp	upx
behavioral2/memory/2936-1006-0x00007FF7F8060000-0x00007FF7F83B4000-memory.dmp	upx
behavioral2/memory/4688-1355-0x00007FF670770000-0x00007FF670AC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SdCqevI.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIcTuqt.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdOoyVP.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqnNCdu.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvSOXfH.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDLymjY.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BamuPto.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prXTpxK.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfiDLVO.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvTNpzy.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfmhHge.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOmVVYg.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WeUwoxy.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akUDsLN.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwlpaYS.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlAvkSC.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhhNWyc.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKluXiV.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mezbxpF.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfmseSR.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJhbowF.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWnfRTJ.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpIYzPK.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNeZtEN.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyHztyW.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjkxZfA.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAitjIJ.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCfXfGD.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCagSSa.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKcbVvK.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIogzHw.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQGFzFB.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNKXWJS.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbgczIg.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcOknoY.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeiMAuH.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbJOiJO.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHOCIGp.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jshgjSZ.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQTxpjq.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KONHGWK.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBiGMRG.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HesBhwj.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkSBCMy.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVfRSAT.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\binJvfY.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDPTSLU.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGHdaoc.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLFeGDb.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoOkUEb.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQBOvDv.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlTtKGJ.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXBZGWI.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbnuGMO.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GagSfTV.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suAEyzX.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzqLyvn.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyMpxXh.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfbqIqW.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjtrdjG.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTwlKzj.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujZdylT.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIyFOgy.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJueQdJ.exe	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
14468	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 3624	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4688 wrote to memory of 3624	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 4688 wrote to memory of 3528	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4688 wrote to memory of 3528	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4688 wrote to memory of 444	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4688 wrote to memory of 444	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4688 wrote to memory of 3216	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4688 wrote to memory of 3216	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4688 wrote to memory of 1848	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4688 wrote to memory of 1848	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4688 wrote to memory of 3432	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4688 wrote to memory of 3432	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4688 wrote to memory of 1704	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4688 wrote to memory of 1704	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4688 wrote to memory of 2936	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4688 wrote to memory of 2936	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4688 wrote to memory of 5044	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4688 wrote to memory of 5044	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4688 wrote to memory of 4432	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4688 wrote to memory of 4432	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4688 wrote to memory of 2448	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4688 wrote to memory of 2448	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4688 wrote to memory of 3296	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4688 wrote to memory of 3296	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4688 wrote to memory of 2756	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4688 wrote to memory of 2756	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4688 wrote to memory of 3100	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4688 wrote to memory of 3100	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4688 wrote to memory of 4104	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4688 wrote to memory of 4104	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4688 wrote to memory of 1804	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4688 wrote to memory of 1804	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4688 wrote to memory of 4592	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4688 wrote to memory of 4592	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4688 wrote to memory of 764	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4688 wrote to memory of 764	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4688 wrote to memory of 2024	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4688 wrote to memory of 2024	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4688 wrote to memory of 4848	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4688 wrote to memory of 4848	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 4688 wrote to memory of 2932	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4688 wrote to memory of 2932	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 4688 wrote to memory of 1072	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4688 wrote to memory of 1072	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4688 wrote to memory of 3348	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4688 wrote to memory of 3348	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 4688 wrote to memory of 2212	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4688 wrote to memory of 2212	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4688 wrote to memory of 736	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4688 wrote to memory of 736	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4688 wrote to memory of 4192	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4688 wrote to memory of 4192	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4688 wrote to memory of 2536	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4688 wrote to memory of 2536	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4688 wrote to memory of 772	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4688 wrote to memory of 772	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4688 wrote to memory of 2136	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4688 wrote to memory of 2136	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4688 wrote to memory of 2144	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4688 wrote to memory of 2144	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4688 wrote to memory of 804	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4688 wrote to memory of 804	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4688 wrote to memory of 5076	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4688 wrote to memory of 5076	4688	2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_b2ffb0305ea4f27abd4dc9dea4e8545d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\System\xGHdaoc.exe
  C:\Windows\System\xGHdaoc.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\IfPnduE.exe
  C:\Windows\System\IfPnduE.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\LqlYpKc.exe
  C:\Windows\System\LqlYpKc.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\eAkRTGw.exe
  C:\Windows\System\eAkRTGw.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\SdCqevI.exe
  C:\Windows\System\SdCqevI.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\dcsqkKp.exe
  C:\Windows\System\dcsqkKp.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\xZiJNSS.exe
  C:\Windows\System\xZiJNSS.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\HJNZpnp.exe
  C:\Windows\System\HJNZpnp.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\UDYOZVB.exe
  C:\Windows\System\UDYOZVB.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\pIWmfgW.exe
  C:\Windows\System\pIWmfgW.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\iRRtbhh.exe
  C:\Windows\System\iRRtbhh.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\SRQIdnp.exe
  C:\Windows\System\SRQIdnp.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\YEYMRou.exe
  C:\Windows\System\YEYMRou.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\AjhKqES.exe
  C:\Windows\System\AjhKqES.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\MvKVBWf.exe
  C:\Windows\System\MvKVBWf.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\GGuqplZ.exe
  C:\Windows\System\GGuqplZ.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\AgytJAp.exe
  C:\Windows\System\AgytJAp.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\HWiWpSw.exe
  C:\Windows\System\HWiWpSw.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\hcSkkwQ.exe
  C:\Windows\System\hcSkkwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\yujeElB.exe
  C:\Windows\System\yujeElB.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\bQwPKhi.exe
  C:\Windows\System\bQwPKhi.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\uKsRRwc.exe
  C:\Windows\System\uKsRRwc.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\RJnPRDd.exe
  C:\Windows\System\RJnPRDd.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\GjtrdjG.exe
  C:\Windows\System\GjtrdjG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\PsLmfyS.exe
  C:\Windows\System\PsLmfyS.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\aueUCGI.exe
  C:\Windows\System\aueUCGI.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\PCwgkjt.exe
  C:\Windows\System\PCwgkjt.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\WGaDgOK.exe
  C:\Windows\System\WGaDgOK.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\quHRwXs.exe
  C:\Windows\System\quHRwXs.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qAAtRws.exe
  C:\Windows\System\qAAtRws.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\FgzimWp.exe
  C:\Windows\System\FgzimWp.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\vHTfCMq.exe
  C:\Windows\System\vHTfCMq.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\RLFeGDb.exe
  C:\Windows\System\RLFeGDb.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\zSTKemD.exe
  C:\Windows\System\zSTKemD.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\nWUkfTR.exe
  C:\Windows\System\nWUkfTR.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\lzBRmFu.exe
  C:\Windows\System\lzBRmFu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\QfVqAeu.exe
  C:\Windows\System\QfVqAeu.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\EFkKyKg.exe
  C:\Windows\System\EFkKyKg.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\HnvDMHR.exe
  C:\Windows\System\HnvDMHR.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\ClyrBMF.exe
  C:\Windows\System\ClyrBMF.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\tTfMGml.exe
  C:\Windows\System\tTfMGml.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\vIYvlKB.exe
  C:\Windows\System\vIYvlKB.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\kJJCwGs.exe
  C:\Windows\System\kJJCwGs.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\iNuSIOn.exe
  C:\Windows\System\iNuSIOn.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\sggUCLk.exe
  C:\Windows\System\sggUCLk.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ObjiNUA.exe
  C:\Windows\System\ObjiNUA.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\whaWeXc.exe
  C:\Windows\System\whaWeXc.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\imsXJnM.exe
  C:\Windows\System\imsXJnM.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ZkHJAAH.exe
  C:\Windows\System\ZkHJAAH.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\AcOknoY.exe
  C:\Windows\System\AcOknoY.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\oxiPEwZ.exe
  C:\Windows\System\oxiPEwZ.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\xZMmqaW.exe
  C:\Windows\System\xZMmqaW.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\GmUVWpZ.exe
  C:\Windows\System\GmUVWpZ.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\ynzbFXW.exe
  C:\Windows\System\ynzbFXW.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\SqKMKZZ.exe
  C:\Windows\System\SqKMKZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\mDxjutF.exe
  C:\Windows\System\mDxjutF.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\ZhKirlt.exe
  C:\Windows\System\ZhKirlt.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\AxTNyQP.exe
  C:\Windows\System\AxTNyQP.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\nsUGyAR.exe
  C:\Windows\System\nsUGyAR.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ocQGnnQ.exe
  C:\Windows\System\ocQGnnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\aXWwiHV.exe
  C:\Windows\System\aXWwiHV.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\azvxZlL.exe
  C:\Windows\System\azvxZlL.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\qdvzuPC.exe
  C:\Windows\System\qdvzuPC.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\MrKeAsq.exe
  C:\Windows\System\MrKeAsq.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\HbnuGMO.exe
  C:\Windows\System\HbnuGMO.exe
  2⤵
  PID:4612
- C:\Windows\System\YSAbCTX.exe
  C:\Windows\System\YSAbCTX.exe
  2⤵
  PID:508
- C:\Windows\System\hQTxpjq.exe
  C:\Windows\System\hQTxpjq.exe
  2⤵
  PID:756
- C:\Windows\System\JmWMaKv.exe
  C:\Windows\System\JmWMaKv.exe
  2⤵
  PID:4932
- C:\Windows\System\IaibIxI.exe
  C:\Windows\System\IaibIxI.exe
  2⤵
  PID:2860
- C:\Windows\System\NSywiiC.exe
  C:\Windows\System\NSywiiC.exe
  2⤵
  PID:344
- C:\Windows\System\uvSwpxW.exe
  C:\Windows\System\uvSwpxW.exe
  2⤵
  PID:3124
- C:\Windows\System\QjgwuPC.exe
  C:\Windows\System\QjgwuPC.exe
  2⤵
  PID:4248
- C:\Windows\System\xSCrlNZ.exe
  C:\Windows\System\xSCrlNZ.exe
  2⤵
  PID:4820
- C:\Windows\System\BamuPto.exe
  C:\Windows\System\BamuPto.exe
  2⤵
  PID:4888
- C:\Windows\System\OBoYbqz.exe
  C:\Windows\System\OBoYbqz.exe
  2⤵
  PID:2736
- C:\Windows\System\HXGqVNM.exe
  C:\Windows\System\HXGqVNM.exe
  2⤵
  PID:3988
- C:\Windows\System\DaUfaJu.exe
  C:\Windows\System\DaUfaJu.exe
  2⤵
  PID:4352
- C:\Windows\System\KONHGWK.exe
  C:\Windows\System\KONHGWK.exe
  2⤵
  PID:3436
- C:\Windows\System\ZwMdcPL.exe
  C:\Windows\System\ZwMdcPL.exe
  2⤵
  PID:432
- C:\Windows\System\yUnugbc.exe
  C:\Windows\System\yUnugbc.exe
  2⤵
  PID:4164
- C:\Windows\System\pJuLILS.exe
  C:\Windows\System\pJuLILS.exe
  2⤵
  PID:3820
- C:\Windows\System\WfnxZkZ.exe
  C:\Windows\System\WfnxZkZ.exe
  2⤵
  PID:4880
- C:\Windows\System\sWDOZNZ.exe
  C:\Windows\System\sWDOZNZ.exe
  2⤵
  PID:2268
- C:\Windows\System\ElfrUGh.exe
  C:\Windows\System\ElfrUGh.exe
  2⤵
  PID:5000
- C:\Windows\System\IufCfru.exe
  C:\Windows\System\IufCfru.exe
  2⤵
  PID:4844
- C:\Windows\System\hpGzleq.exe
  C:\Windows\System\hpGzleq.exe
  2⤵
  PID:4904
- C:\Windows\System\uswOauS.exe
  C:\Windows\System\uswOauS.exe
  2⤵
  PID:540
- C:\Windows\System\dgcQVAw.exe
  C:\Windows\System\dgcQVAw.exe
  2⤵
  PID:1124
- C:\Windows\System\LoPEIxD.exe
  C:\Windows\System\LoPEIxD.exe
  2⤵
  PID:860
- C:\Windows\System\GILjyNk.exe
  C:\Windows\System\GILjyNk.exe
  2⤵
  PID:2488
- C:\Windows\System\HlAvkSC.exe
  C:\Windows\System\HlAvkSC.exe
  2⤵
  PID:4884
- C:\Windows\System\sOxOREr.exe
  C:\Windows\System\sOxOREr.exe
  2⤵
  PID:1708
- C:\Windows\System\lDybxNQ.exe
  C:\Windows\System\lDybxNQ.exe
  2⤵
  PID:3320
- C:\Windows\System\rIcTuqt.exe
  C:\Windows\System\rIcTuqt.exe
  2⤵
  PID:2296
- C:\Windows\System\gFdfQhu.exe
  C:\Windows\System\gFdfQhu.exe
  2⤵
  PID:4160
- C:\Windows\System\xvcBAmh.exe
  C:\Windows\System\xvcBAmh.exe
  2⤵
  PID:3040
- C:\Windows\System\nuTlTCT.exe
  C:\Windows\System\nuTlTCT.exe
  2⤵
  PID:1152
- C:\Windows\System\QYTOkPT.exe
  C:\Windows\System\QYTOkPT.exe
  2⤵
  PID:4316
- C:\Windows\System\izGVIcL.exe
  C:\Windows\System\izGVIcL.exe
  2⤵
  PID:5148
- C:\Windows\System\ivBmoIH.exe
  C:\Windows\System\ivBmoIH.exe
  2⤵
  PID:5176
- C:\Windows\System\hhhNWyc.exe
  C:\Windows\System\hhhNWyc.exe
  2⤵
  PID:5204
- C:\Windows\System\QirqvBM.exe
  C:\Windows\System\QirqvBM.exe
  2⤵
  PID:5236
- C:\Windows\System\NpAOLYt.exe
  C:\Windows\System\NpAOLYt.exe
  2⤵
  PID:5260
- C:\Windows\System\SWERHZp.exe
  C:\Windows\System\SWERHZp.exe
  2⤵
  PID:5288
- C:\Windows\System\DppKEaW.exe
  C:\Windows\System\DppKEaW.exe
  2⤵
  PID:5316
- C:\Windows\System\ijBzcpN.exe
  C:\Windows\System\ijBzcpN.exe
  2⤵
  PID:5344
- C:\Windows\System\KupnLZp.exe
  C:\Windows\System\KupnLZp.exe
  2⤵
  PID:5372
- C:\Windows\System\xffUbRD.exe
  C:\Windows\System\xffUbRD.exe
  2⤵
  PID:5400
- C:\Windows\System\UCWvRQg.exe
  C:\Windows\System\UCWvRQg.exe
  2⤵
  PID:5428
- C:\Windows\System\dKGPDTI.exe
  C:\Windows\System\dKGPDTI.exe
  2⤵
  PID:5456
- C:\Windows\System\spGFpHz.exe
  C:\Windows\System\spGFpHz.exe
  2⤵
  PID:5484
- C:\Windows\System\hJroDXl.exe
  C:\Windows\System\hJroDXl.exe
  2⤵
  PID:5512
- C:\Windows\System\yPJBkKj.exe
  C:\Windows\System\yPJBkKj.exe
  2⤵
  PID:5540
- C:\Windows\System\QZuSpdM.exe
  C:\Windows\System\QZuSpdM.exe
  2⤵
  PID:5568
- C:\Windows\System\sSVVXkS.exe
  C:\Windows\System\sSVVXkS.exe
  2⤵
  PID:5596
- C:\Windows\System\jOSdCRK.exe
  C:\Windows\System\jOSdCRK.exe
  2⤵
  PID:5624
- C:\Windows\System\dtIWeaz.exe
  C:\Windows\System\dtIWeaz.exe
  2⤵
  PID:5652
- C:\Windows\System\skGLdhf.exe
  C:\Windows\System\skGLdhf.exe
  2⤵
  PID:5680
- C:\Windows\System\wRLwQxP.exe
  C:\Windows\System\wRLwQxP.exe
  2⤵
  PID:5708
- C:\Windows\System\uzDkAPK.exe
  C:\Windows\System\uzDkAPK.exe
  2⤵
  PID:5736
- C:\Windows\System\mYRImRE.exe
  C:\Windows\System\mYRImRE.exe
  2⤵
  PID:5764
- C:\Windows\System\LzRqpBF.exe
  C:\Windows\System\LzRqpBF.exe
  2⤵
  PID:5792
- C:\Windows\System\CxJbaKb.exe
  C:\Windows\System\CxJbaKb.exe
  2⤵
  PID:5820
- C:\Windows\System\OwOeKuB.exe
  C:\Windows\System\OwOeKuB.exe
  2⤵
  PID:5848
- C:\Windows\System\ETUSNZO.exe
  C:\Windows\System\ETUSNZO.exe
  2⤵
  PID:5876
- C:\Windows\System\cDPDYvt.exe
  C:\Windows\System\cDPDYvt.exe
  2⤵
  PID:5904
- C:\Windows\System\BBiGMRG.exe
  C:\Windows\System\BBiGMRG.exe
  2⤵
  PID:5932
- C:\Windows\System\socUFoD.exe
  C:\Windows\System\socUFoD.exe
  2⤵
  PID:5960
- C:\Windows\System\swqoOvE.exe
  C:\Windows\System\swqoOvE.exe
  2⤵
  PID:5988
- C:\Windows\System\xDeTNfa.exe
  C:\Windows\System\xDeTNfa.exe
  2⤵
  PID:6016
- C:\Windows\System\VjgZTlY.exe
  C:\Windows\System\VjgZTlY.exe
  2⤵
  PID:6044
- C:\Windows\System\RTbXdYr.exe
  C:\Windows\System\RTbXdYr.exe
  2⤵
  PID:6072
- C:\Windows\System\jtzAtzf.exe
  C:\Windows\System\jtzAtzf.exe
  2⤵
  PID:6100
- C:\Windows\System\IpEWjIK.exe
  C:\Windows\System\IpEWjIK.exe
  2⤵
  PID:6128
- C:\Windows\System\RtvjiPH.exe
  C:\Windows\System\RtvjiPH.exe
  2⤵
  PID:3088
- C:\Windows\System\hsVCuQe.exe
  C:\Windows\System\hsVCuQe.exe
  2⤵
  PID:4852
- C:\Windows\System\wRdxKWf.exe
  C:\Windows\System\wRdxKWf.exe
  2⤵
  PID:2384
- C:\Windows\System\KywAhaL.exe
  C:\Windows\System\KywAhaL.exe
  2⤵
  PID:5168
- C:\Windows\System\fXlnBfy.exe
  C:\Windows\System\fXlnBfy.exe
  2⤵
  PID:5244
- C:\Windows\System\EmzFmuI.exe
  C:\Windows\System\EmzFmuI.exe
  2⤵
  PID:5304
- C:\Windows\System\jXAteyy.exe
  C:\Windows\System\jXAteyy.exe
  2⤵
  PID:5364
- C:\Windows\System\iiMEYiD.exe
  C:\Windows\System\iiMEYiD.exe
  2⤵
  PID:5440
- C:\Windows\System\gKluXiV.exe
  C:\Windows\System\gKluXiV.exe
  2⤵
  PID:5500
- C:\Windows\System\bdOoyVP.exe
  C:\Windows\System\bdOoyVP.exe
  2⤵
  PID:5560
- C:\Windows\System\VitdcES.exe
  C:\Windows\System\VitdcES.exe
  2⤵
  PID:5636
- C:\Windows\System\mezbxpF.exe
  C:\Windows\System\mezbxpF.exe
  2⤵
  PID:5696
- C:\Windows\System\UypvRSy.exe
  C:\Windows\System\UypvRSy.exe
  2⤵
  PID:5756
- C:\Windows\System\yomsQUs.exe
  C:\Windows\System\yomsQUs.exe
  2⤵
  PID:5832
- C:\Windows\System\JbAVOlt.exe
  C:\Windows\System\JbAVOlt.exe
  2⤵
  PID:5892
- C:\Windows\System\zoQRivN.exe
  C:\Windows\System\zoQRivN.exe
  2⤵
  PID:5952
- C:\Windows\System\hHibvbl.exe
  C:\Windows\System\hHibvbl.exe
  2⤵
  PID:6028
- C:\Windows\System\CPdZZZN.exe
  C:\Windows\System\CPdZZZN.exe
  2⤵
  PID:6088
- C:\Windows\System\Ormfhua.exe
  C:\Windows\System\Ormfhua.exe
  2⤵
  PID:744
- C:\Windows\System\UTeGRBV.exe
  C:\Windows\System\UTeGRBV.exe
  2⤵
  PID:5136
- C:\Windows\System\QvuSPWO.exe
  C:\Windows\System\QvuSPWO.exe
  2⤵
  PID:5276
- C:\Windows\System\jxzyeDJ.exe
  C:\Windows\System\jxzyeDJ.exe
  2⤵
  PID:5416
- C:\Windows\System\QLvktfl.exe
  C:\Windows\System\QLvktfl.exe
  2⤵
  PID:5552
- C:\Windows\System\OAVVDxj.exe
  C:\Windows\System\OAVVDxj.exe
  2⤵
  PID:5724
- C:\Windows\System\PfmseSR.exe
  C:\Windows\System\PfmseSR.exe
  2⤵
  PID:5864
- C:\Windows\System\gOKpkpk.exe
  C:\Windows\System\gOKpkpk.exe
  2⤵
  PID:6004
- C:\Windows\System\fJQlkUF.exe
  C:\Windows\System\fJQlkUF.exe
  2⤵
  PID:6140
- C:\Windows\System\RcNJhUm.exe
  C:\Windows\System\RcNJhUm.exe
  2⤵
  PID:5336
- C:\Windows\System\NNFoAut.exe
  C:\Windows\System\NNFoAut.exe
  2⤵
  PID:6172
- C:\Windows\System\WeUwoxy.exe
  C:\Windows\System\WeUwoxy.exe
  2⤵
  PID:6200
- C:\Windows\System\TNTvSDi.exe
  C:\Windows\System\TNTvSDi.exe
  2⤵
  PID:6228
- C:\Windows\System\yXvPiqS.exe
  C:\Windows\System\yXvPiqS.exe
  2⤵
  PID:6256
- C:\Windows\System\WHceyjj.exe
  C:\Windows\System\WHceyjj.exe
  2⤵
  PID:6284
- C:\Windows\System\ENrnUNp.exe
  C:\Windows\System\ENrnUNp.exe
  2⤵
  PID:6312
- C:\Windows\System\fALgYZd.exe
  C:\Windows\System\fALgYZd.exe
  2⤵
  PID:6340
- C:\Windows\System\CgfDFEh.exe
  C:\Windows\System\CgfDFEh.exe
  2⤵
  PID:6368
- C:\Windows\System\dhSnxQt.exe
  C:\Windows\System\dhSnxQt.exe
  2⤵
  PID:6396
- C:\Windows\System\rKhAjHU.exe
  C:\Windows\System\rKhAjHU.exe
  2⤵
  PID:6424
- C:\Windows\System\UZitSRf.exe
  C:\Windows\System\UZitSRf.exe
  2⤵
  PID:6452
- C:\Windows\System\mNShvce.exe
  C:\Windows\System\mNShvce.exe
  2⤵
  PID:6480
- C:\Windows\System\rxhFdRo.exe
  C:\Windows\System\rxhFdRo.exe
  2⤵
  PID:6508
- C:\Windows\System\UjawEAi.exe
  C:\Windows\System\UjawEAi.exe
  2⤵
  PID:6536
- C:\Windows\System\ZmmmoOl.exe
  C:\Windows\System\ZmmmoOl.exe
  2⤵
  PID:6564
- C:\Windows\System\QbQwpTE.exe
  C:\Windows\System\QbQwpTE.exe
  2⤵
  PID:6592
- C:\Windows\System\ZZvtQxr.exe
  C:\Windows\System\ZZvtQxr.exe
  2⤵
  PID:6620
- C:\Windows\System\MsXNWSf.exe
  C:\Windows\System\MsXNWSf.exe
  2⤵
  PID:6648
- C:\Windows\System\UrNWNGF.exe
  C:\Windows\System\UrNWNGF.exe
  2⤵
  PID:6676
- C:\Windows\System\hAitjIJ.exe
  C:\Windows\System\hAitjIJ.exe
  2⤵
  PID:6704
- C:\Windows\System\YskhAkT.exe
  C:\Windows\System\YskhAkT.exe
  2⤵
  PID:6732
- C:\Windows\System\XoOkUEb.exe
  C:\Windows\System\XoOkUEb.exe
  2⤵
  PID:6760
- C:\Windows\System\Sggglok.exe
  C:\Windows\System\Sggglok.exe
  2⤵
  PID:6788
- C:\Windows\System\eQBOvDv.exe
  C:\Windows\System\eQBOvDv.exe
  2⤵
  PID:6816
- C:\Windows\System\prwzYHG.exe
  C:\Windows\System\prwzYHG.exe
  2⤵
  PID:6844
- C:\Windows\System\zPleZbI.exe
  C:\Windows\System\zPleZbI.exe
  2⤵
  PID:6876
- C:\Windows\System\sZkiNDO.exe
  C:\Windows\System\sZkiNDO.exe
  2⤵
  PID:6900
- C:\Windows\System\tULeDQg.exe
  C:\Windows\System\tULeDQg.exe
  2⤵
  PID:6928
- C:\Windows\System\GxBizFf.exe
  C:\Windows\System\GxBizFf.exe
  2⤵
  PID:6956
- C:\Windows\System\iozaBMA.exe
  C:\Windows\System\iozaBMA.exe
  2⤵
  PID:6984
- C:\Windows\System\UlRzbXR.exe
  C:\Windows\System\UlRzbXR.exe
  2⤵
  PID:7012
- C:\Windows\System\rWvlgcF.exe
  C:\Windows\System\rWvlgcF.exe
  2⤵
  PID:7040
- C:\Windows\System\oZZNADh.exe
  C:\Windows\System\oZZNADh.exe
  2⤵
  PID:7068
- C:\Windows\System\tgcwdcl.exe
  C:\Windows\System\tgcwdcl.exe
  2⤵
  PID:7096
- C:\Windows\System\XeiMAuH.exe
  C:\Windows\System\XeiMAuH.exe
  2⤵
  PID:7124
- C:\Windows\System\JflemZy.exe
  C:\Windows\System\JflemZy.exe
  2⤵
  PID:7152
- C:\Windows\System\ozLrbzq.exe
  C:\Windows\System\ozLrbzq.exe
  2⤵
  PID:1128
- C:\Windows\System\jyvLkky.exe
  C:\Windows\System\jyvLkky.exe
  2⤵
  PID:5804
- C:\Windows\System\CkKAMCi.exe
  C:\Windows\System\CkKAMCi.exe
  2⤵
  PID:6064
- C:\Windows\System\AYfqZAl.exe
  C:\Windows\System\AYfqZAl.exe
  2⤵
  PID:6164
- C:\Windows\System\ZfzVyxM.exe
  C:\Windows\System\ZfzVyxM.exe
  2⤵
  PID:6240
- C:\Windows\System\PFUZQsu.exe
  C:\Windows\System\PFUZQsu.exe
  2⤵
  PID:6300
- C:\Windows\System\odTOgbN.exe
  C:\Windows\System\odTOgbN.exe
  2⤵
  PID:6360
- C:\Windows\System\dtrnVwe.exe
  C:\Windows\System\dtrnVwe.exe
  2⤵
  PID:6436
- C:\Windows\System\KAKoHbB.exe
  C:\Windows\System\KAKoHbB.exe
  2⤵
  PID:6496
- C:\Windows\System\IYvaGPq.exe
  C:\Windows\System\IYvaGPq.exe
  2⤵
  PID:6556
- C:\Windows\System\AzQUMkC.exe
  C:\Windows\System\AzQUMkC.exe
  2⤵
  PID:6632
- C:\Windows\System\DEPlLXw.exe
  C:\Windows\System\DEPlLXw.exe
  2⤵
  PID:6692
- C:\Windows\System\xUWvoCq.exe
  C:\Windows\System\xUWvoCq.exe
  2⤵
  PID:6752
- C:\Windows\System\WUxnBoI.exe
  C:\Windows\System\WUxnBoI.exe
  2⤵
  PID:6828
- C:\Windows\System\zWSagAl.exe
  C:\Windows\System\zWSagAl.exe
  2⤵
  PID:6884
- C:\Windows\System\vmlFMVi.exe
  C:\Windows\System\vmlFMVi.exe
  2⤵
  PID:6944
- C:\Windows\System\XqnYQXl.exe
  C:\Windows\System\XqnYQXl.exe
  2⤵
  PID:7004
- C:\Windows\System\OQLtXXa.exe
  C:\Windows\System\OQLtXXa.exe
  2⤵
  PID:7080
- C:\Windows\System\szpfHhP.exe
  C:\Windows\System\szpfHhP.exe
  2⤵
  PID:7140
- C:\Windows\System\KtvDfkV.exe
  C:\Windows\System\KtvDfkV.exe
  2⤵
  PID:6060
- C:\Windows\System\WqeHRxm.exe
  C:\Windows\System\WqeHRxm.exe
  2⤵
  PID:6268
- C:\Windows\System\apOTUFU.exe
  C:\Windows\System\apOTUFU.exe
  2⤵
  PID:6408
- C:\Windows\System\QIOEbxV.exe
  C:\Windows\System\QIOEbxV.exe
  2⤵
  PID:6548
- C:\Windows\System\dNMxNjz.exe
  C:\Windows\System\dNMxNjz.exe
  2⤵
  PID:6720
- C:\Windows\System\TFbWpqh.exe
  C:\Windows\System\TFbWpqh.exe
  2⤵
  PID:6860
- C:\Windows\System\QSqUszT.exe
  C:\Windows\System\QSqUszT.exe
  2⤵
  PID:6996
- C:\Windows\System\GoJjFQU.exe
  C:\Windows\System\GoJjFQU.exe
  2⤵
  PID:5356
- C:\Windows\System\nyUvVdo.exe
  C:\Windows\System\nyUvVdo.exe
  2⤵
  PID:6328
- C:\Windows\System\NGZLaMC.exe
  C:\Windows\System\NGZLaMC.exe
  2⤵
  PID:7176
- C:\Windows\System\tmfbUYv.exe
  C:\Windows\System\tmfbUYv.exe
  2⤵
  PID:7204
- C:\Windows\System\pMbZRXL.exe
  C:\Windows\System\pMbZRXL.exe
  2⤵
  PID:7244
- C:\Windows\System\fzOtAli.exe
  C:\Windows\System\fzOtAli.exe
  2⤵
  PID:7260
- C:\Windows\System\SGUXSsL.exe
  C:\Windows\System\SGUXSsL.exe
  2⤵
  PID:7288
- C:\Windows\System\CnovgCN.exe
  C:\Windows\System\CnovgCN.exe
  2⤵
  PID:7316
- C:\Windows\System\vDZkwSh.exe
  C:\Windows\System\vDZkwSh.exe
  2⤵
  PID:7344
- C:\Windows\System\SHfPxEl.exe
  C:\Windows\System\SHfPxEl.exe
  2⤵
  PID:7372
- C:\Windows\System\limbJcR.exe
  C:\Windows\System\limbJcR.exe
  2⤵
  PID:7400
- C:\Windows\System\nZyUWCj.exe
  C:\Windows\System\nZyUWCj.exe
  2⤵
  PID:7428
- C:\Windows\System\BvbWpqy.exe
  C:\Windows\System\BvbWpqy.exe
  2⤵
  PID:7456
- C:\Windows\System\qpIYzPK.exe
  C:\Windows\System\qpIYzPK.exe
  2⤵
  PID:7484
- C:\Windows\System\lJPNxAT.exe
  C:\Windows\System\lJPNxAT.exe
  2⤵
  PID:7512
- C:\Windows\System\onMXUUa.exe
  C:\Windows\System\onMXUUa.exe
  2⤵
  PID:7540
- C:\Windows\System\mNzgJcl.exe
  C:\Windows\System\mNzgJcl.exe
  2⤵
  PID:7568
- C:\Windows\System\lsMhwBX.exe
  C:\Windows\System\lsMhwBX.exe
  2⤵
  PID:7596
- C:\Windows\System\SuKcQOn.exe
  C:\Windows\System\SuKcQOn.exe
  2⤵
  PID:7624
- C:\Windows\System\rpkvYuO.exe
  C:\Windows\System\rpkvYuO.exe
  2⤵
  PID:7652
- C:\Windows\System\pzwhiHq.exe
  C:\Windows\System\pzwhiHq.exe
  2⤵
  PID:7680
- C:\Windows\System\ZNtfdml.exe
  C:\Windows\System\ZNtfdml.exe
  2⤵
  PID:7704
- C:\Windows\System\EsNMIwY.exe
  C:\Windows\System\EsNMIwY.exe
  2⤵
  PID:7732
- C:\Windows\System\YtIAAeQ.exe
  C:\Windows\System\YtIAAeQ.exe
  2⤵
  PID:7764
- C:\Windows\System\VUzVdQp.exe
  C:\Windows\System\VUzVdQp.exe
  2⤵
  PID:7792
- C:\Windows\System\yOXJgIF.exe
  C:\Windows\System\yOXJgIF.exe
  2⤵
  PID:7816
- C:\Windows\System\tAwqVdX.exe
  C:\Windows\System\tAwqVdX.exe
  2⤵
  PID:7848
- C:\Windows\System\vbKIlyF.exe
  C:\Windows\System\vbKIlyF.exe
  2⤵
  PID:7876
- C:\Windows\System\YmmCRhy.exe
  C:\Windows\System\YmmCRhy.exe
  2⤵
  PID:7904
- C:\Windows\System\VsHTIrl.exe
  C:\Windows\System\VsHTIrl.exe
  2⤵
  PID:7932
- C:\Windows\System\ChznCkG.exe
  C:\Windows\System\ChznCkG.exe
  2⤵
  PID:7960
- C:\Windows\System\YNYXANE.exe
  C:\Windows\System\YNYXANE.exe
  2⤵
  PID:7988
- C:\Windows\System\SuQXlyb.exe
  C:\Windows\System\SuQXlyb.exe
  2⤵
  PID:8016
- C:\Windows\System\pHlzsxf.exe
  C:\Windows\System\pHlzsxf.exe
  2⤵
  PID:8044
- C:\Windows\System\gQdzHge.exe
  C:\Windows\System\gQdzHge.exe
  2⤵
  PID:8072
- C:\Windows\System\GqlFRGg.exe
  C:\Windows\System\GqlFRGg.exe
  2⤵
  PID:8100
- C:\Windows\System\kmvqyQG.exe
  C:\Windows\System\kmvqyQG.exe
  2⤵
  PID:8128
- C:\Windows\System\SyWXBzJ.exe
  C:\Windows\System\SyWXBzJ.exe
  2⤵
  PID:8156
- C:\Windows\System\cqnNCdu.exe
  C:\Windows\System\cqnNCdu.exe
  2⤵
  PID:8184
- C:\Windows\System\prXTpxK.exe
  C:\Windows\System\prXTpxK.exe
  2⤵
  PID:6800
- C:\Windows\System\yLQwWEb.exe
  C:\Windows\System\yLQwWEb.exe
  2⤵
  PID:5944
- C:\Windows\System\rkgelZC.exe
  C:\Windows\System\rkgelZC.exe
  2⤵
  PID:7192
- C:\Windows\System\nFnKWem.exe
  C:\Windows\System\nFnKWem.exe
  2⤵
  PID:7256
- C:\Windows\System\UbJOiJO.exe
  C:\Windows\System\UbJOiJO.exe
  2⤵
  PID:7328
- C:\Windows\System\pevvxxL.exe
  C:\Windows\System\pevvxxL.exe
  2⤵
  PID:7388
- C:\Windows\System\GlSWUNa.exe
  C:\Windows\System\GlSWUNa.exe
  2⤵
  PID:7448
- C:\Windows\System\LWCUnWe.exe
  C:\Windows\System\LWCUnWe.exe
  2⤵
  PID:7524
- C:\Windows\System\bxhbhGw.exe
  C:\Windows\System\bxhbhGw.exe
  2⤵
  PID:7584
- C:\Windows\System\hArthBZ.exe
  C:\Windows\System\hArthBZ.exe
  2⤵
  PID:7644
- C:\Windows\System\MUqVTlw.exe
  C:\Windows\System\MUqVTlw.exe
  2⤵
  PID:7720
- C:\Windows\System\nkrqBLC.exe
  C:\Windows\System\nkrqBLC.exe
  2⤵
  PID:7780
- C:\Windows\System\oIHnXzK.exe
  C:\Windows\System\oIHnXzK.exe
  2⤵
  PID:7840
- C:\Windows\System\aOKXNCw.exe
  C:\Windows\System\aOKXNCw.exe
  2⤵
  PID:7896
- C:\Windows\System\udCWiah.exe
  C:\Windows\System\udCWiah.exe
  2⤵
  PID:7952
- C:\Windows\System\DlvvzQH.exe
  C:\Windows\System\DlvvzQH.exe
  2⤵
  PID:8008
- C:\Windows\System\EHsQjBK.exe
  C:\Windows\System\EHsQjBK.exe
  2⤵
  PID:2428
- C:\Windows\System\AvTNpzy.exe
  C:\Windows\System\AvTNpzy.exe
  2⤵
  PID:8120
- C:\Windows\System\sExADbg.exe
  C:\Windows\System\sExADbg.exe
  2⤵
  PID:6660
- C:\Windows\System\UQXctxS.exe
  C:\Windows\System\UQXctxS.exe
  2⤵
  PID:6468
- C:\Windows\System\vlTtKGJ.exe
  C:\Windows\System\vlTtKGJ.exe
  2⤵
  PID:7220
- C:\Windows\System\cvLHsDU.exe
  C:\Windows\System\cvLHsDU.exe
  2⤵
  PID:7356
- C:\Windows\System\GagSfTV.exe
  C:\Windows\System\GagSfTV.exe
  2⤵
  PID:7476
- C:\Windows\System\jznydvj.exe
  C:\Windows\System\jznydvj.exe
  2⤵
  PID:7616
- C:\Windows\System\IhgXhVZ.exe
  C:\Windows\System\IhgXhVZ.exe
  2⤵
  PID:7696
- C:\Windows\System\YHOCIGp.exe
  C:\Windows\System\YHOCIGp.exe
  2⤵
  PID:7812
- C:\Windows\System\pmFsrGC.exe
  C:\Windows\System\pmFsrGC.exe
  2⤵
  PID:2392
- C:\Windows\System\iBbxfVn.exe
  C:\Windows\System\iBbxfVn.exe
  2⤵
  PID:8060
- C:\Windows\System\eNhHNpt.exe
  C:\Windows\System\eNhHNpt.exe
  2⤵
  PID:3116
- C:\Windows\System\XgQxeok.exe
  C:\Windows\System\XgQxeok.exe
  2⤵
  PID:7056
- C:\Windows\System\iMZUEzz.exe
  C:\Windows\System\iMZUEzz.exe
  2⤵
  PID:7304
- C:\Windows\System\wwLpmnY.exe
  C:\Windows\System\wwLpmnY.exe
  2⤵
  PID:7556
- C:\Windows\System\kOXvumR.exe
  C:\Windows\System\kOXvumR.exe
  2⤵
  PID:4784
- C:\Windows\System\MyWUQdH.exe
  C:\Windows\System\MyWUQdH.exe
  2⤵
  PID:2948
- C:\Windows\System\KkJBMbg.exe
  C:\Windows\System\KkJBMbg.exe
  2⤵
  PID:3024
- C:\Windows\System\GhaVkUZ.exe
  C:\Windows\System\GhaVkUZ.exe
  2⤵
  PID:4532
- C:\Windows\System\iAeGfkk.exe
  C:\Windows\System\iAeGfkk.exe
  2⤵
  PID:4176
- C:\Windows\System\PvmagjR.exe
  C:\Windows\System\PvmagjR.exe
  2⤵
  PID:3668
- C:\Windows\System\MhrZIpH.exe
  C:\Windows\System\MhrZIpH.exe
  2⤵
  PID:2636
- C:\Windows\System\xhSnKHb.exe
  C:\Windows\System\xhSnKHb.exe
  2⤵
  PID:1384
- C:\Windows\System\YVfRSAT.exe
  C:\Windows\System\YVfRSAT.exe
  2⤵
  PID:3080
- C:\Windows\System\nIAjetK.exe
  C:\Windows\System\nIAjetK.exe
  2⤵
  PID:8224
- C:\Windows\System\bnhNCcW.exe
  C:\Windows\System\bnhNCcW.exe
  2⤵
  PID:8304
- C:\Windows\System\kmujXDG.exe
  C:\Windows\System\kmujXDG.exe
  2⤵
  PID:8348
- C:\Windows\System\BTwlKzj.exe
  C:\Windows\System\BTwlKzj.exe
  2⤵
  PID:8376
- C:\Windows\System\OdBzGHC.exe
  C:\Windows\System\OdBzGHC.exe
  2⤵
  PID:8404
- C:\Windows\System\fCfXfGD.exe
  C:\Windows\System\fCfXfGD.exe
  2⤵
  PID:8432
- C:\Windows\System\lzSjozC.exe
  C:\Windows\System\lzSjozC.exe
  2⤵
  PID:8472
- C:\Windows\System\qnLuSfc.exe
  C:\Windows\System\qnLuSfc.exe
  2⤵
  PID:8492
- C:\Windows\System\XAtXKCl.exe
  C:\Windows\System\XAtXKCl.exe
  2⤵
  PID:8528
- C:\Windows\System\nfiDLVO.exe
  C:\Windows\System\nfiDLVO.exe
  2⤵
  PID:8556
- C:\Windows\System\iTmVlOB.exe
  C:\Windows\System\iTmVlOB.exe
  2⤵
  PID:8584
- C:\Windows\System\iDwfefr.exe
  C:\Windows\System\iDwfefr.exe
  2⤵
  PID:8600
- C:\Windows\System\BkRxPjh.exe
  C:\Windows\System\BkRxPjh.exe
  2⤵
  PID:8640
- C:\Windows\System\HNaAIww.exe
  C:\Windows\System\HNaAIww.exe
  2⤵
  PID:8668
- C:\Windows\System\ldFJedH.exe
  C:\Windows\System\ldFJedH.exe
  2⤵
  PID:8696
- C:\Windows\System\SlCbxRc.exe
  C:\Windows\System\SlCbxRc.exe
  2⤵
  PID:8724
- C:\Windows\System\rcjgczf.exe
  C:\Windows\System\rcjgczf.exe
  2⤵
  PID:8752
- C:\Windows\System\wSkTELB.exe
  C:\Windows\System\wSkTELB.exe
  2⤵
  PID:8788
- C:\Windows\System\pKOoGan.exe
  C:\Windows\System\pKOoGan.exe
  2⤵
  PID:8816
- C:\Windows\System\jshgjSZ.exe
  C:\Windows\System\jshgjSZ.exe
  2⤵
  PID:8844
- C:\Windows\System\dLpobTM.exe
  C:\Windows\System\dLpobTM.exe
  2⤵
  PID:8876
- C:\Windows\System\VNeZtEN.exe
  C:\Windows\System\VNeZtEN.exe
  2⤵
  PID:8904
- C:\Windows\System\IcWLAlU.exe
  C:\Windows\System\IcWLAlU.exe
  2⤵
  PID:8932
- C:\Windows\System\YlwfIqt.exe
  C:\Windows\System\YlwfIqt.exe
  2⤵
  PID:8964
- C:\Windows\System\ByNptQe.exe
  C:\Windows\System\ByNptQe.exe
  2⤵
  PID:9000
- C:\Windows\System\KSvqHuE.exe
  C:\Windows\System\KSvqHuE.exe
  2⤵
  PID:9020
- C:\Windows\System\yBMuAUr.exe
  C:\Windows\System\yBMuAUr.exe
  2⤵
  PID:9048
- C:\Windows\System\gyeQZoc.exe
  C:\Windows\System\gyeQZoc.exe
  2⤵
  PID:9088
- C:\Windows\System\jhUrFOa.exe
  C:\Windows\System\jhUrFOa.exe
  2⤵
  PID:9104
- C:\Windows\System\atUnbrA.exe
  C:\Windows\System\atUnbrA.exe
  2⤵
  PID:9132
- C:\Windows\System\nsaAMzh.exe
  C:\Windows\System\nsaAMzh.exe
  2⤵
  PID:9160
- C:\Windows\System\lsdjnQy.exe
  C:\Windows\System\lsdjnQy.exe
  2⤵
  PID:9188
- C:\Windows\System\NSNOXAt.exe
  C:\Windows\System\NSNOXAt.exe
  2⤵
  PID:1892
- C:\Windows\System\OVaEKAX.exe
  C:\Windows\System\OVaEKAX.exe
  2⤵
  PID:4968
- C:\Windows\System\JmnkRQN.exe
  C:\Windows\System\JmnkRQN.exe
  2⤵
  PID:8216
- C:\Windows\System\qTRohgp.exe
  C:\Windows\System\qTRohgp.exe
  2⤵
  PID:8280
- C:\Windows\System\BRUDolK.exe
  C:\Windows\System\BRUDolK.exe
  2⤵
  PID:8212
- C:\Windows\System\YwOptZq.exe
  C:\Windows\System\YwOptZq.exe
  2⤵
  PID:8392
- C:\Windows\System\mdATSMe.exe
  C:\Windows\System\mdATSMe.exe
  2⤵
  PID:8444
- C:\Windows\System\GEhKzSS.exe
  C:\Windows\System\GEhKzSS.exe
  2⤵
  PID:8524
- C:\Windows\System\mTBLQeu.exe
  C:\Windows\System\mTBLQeu.exe
  2⤵
  PID:8596
- C:\Windows\System\sqpDtvL.exe
  C:\Windows\System\sqpDtvL.exe
  2⤵
  PID:8660
- C:\Windows\System\rEKUYFx.exe
  C:\Windows\System\rEKUYFx.exe
  2⤵
  PID:8720
- C:\Windows\System\LBlVxgg.exe
  C:\Windows\System\LBlVxgg.exe
  2⤵
  PID:8772
- C:\Windows\System\RJFGXeP.exe
  C:\Windows\System\RJFGXeP.exe
  2⤵
  PID:8840
- C:\Windows\System\RCvQDVB.exe
  C:\Windows\System\RCvQDVB.exe
  2⤵
  PID:8916
- C:\Windows\System\lBHTNji.exe
  C:\Windows\System\lBHTNji.exe
  2⤵
  PID:8984
- C:\Windows\System\ZWzFWUD.exe
  C:\Windows\System\ZWzFWUD.exe
  2⤵
  PID:9040
- C:\Windows\System\ojWWOmw.exe
  C:\Windows\System\ojWWOmw.exe
  2⤵
  PID:9100
- C:\Windows\System\cAPYojs.exe
  C:\Windows\System\cAPYojs.exe
  2⤵
  PID:9172
- C:\Windows\System\HevqzLP.exe
  C:\Windows\System\HevqzLP.exe
  2⤵
  PID:232
- C:\Windows\System\KlfVyoQ.exe
  C:\Windows\System\KlfVyoQ.exe
  2⤵
  PID:8324
- C:\Windows\System\nCPkmRI.exe
  C:\Windows\System\nCPkmRI.exe
  2⤵
  PID:8416
- C:\Windows\System\MJnBUiu.exe
  C:\Windows\System\MJnBUiu.exe
  2⤵
  PID:8580
- C:\Windows\System\saeAHEv.exe
  C:\Windows\System\saeAHEv.exe
  2⤵
  PID:8748
- C:\Windows\System\cEzerjQ.exe
  C:\Windows\System\cEzerjQ.exe
  2⤵
  PID:8888
- C:\Windows\System\phXupSm.exe
  C:\Windows\System\phXupSm.exe
  2⤵
  PID:9016
- C:\Windows\System\EbcCZLo.exe
  C:\Windows\System\EbcCZLo.exe
  2⤵
  PID:9156
- C:\Windows\System\jCUrWbM.exe
  C:\Windows\System\jCUrWbM.exe
  2⤵
  PID:8344
- C:\Windows\System\fLXpoQO.exe
  C:\Windows\System\fLXpoQO.exe
  2⤵
  PID:8708
- C:\Windows\System\FVOFFBn.exe
  C:\Windows\System\FVOFFBn.exe
  2⤵
  PID:8952
- C:\Windows\System\eZBCtIC.exe
  C:\Windows\System\eZBCtIC.exe
  2⤵
  PID:8512
- C:\Windows\System\wtHmLHl.exe
  C:\Windows\System\wtHmLHl.exe
  2⤵
  PID:4464
- C:\Windows\System\xKbjflG.exe
  C:\Windows\System\xKbjflG.exe
  2⤵
  PID:9224
- C:\Windows\System\akUDsLN.exe
  C:\Windows\System\akUDsLN.exe
  2⤵
  PID:9252
- C:\Windows\System\NQMozqZ.exe
  C:\Windows\System\NQMozqZ.exe
  2⤵
  PID:9280
- C:\Windows\System\mzpBssa.exe
  C:\Windows\System\mzpBssa.exe
  2⤵
  PID:9308
- C:\Windows\System\iBEZsHh.exe
  C:\Windows\System\iBEZsHh.exe
  2⤵
  PID:9336
- C:\Windows\System\nFrVhQf.exe
  C:\Windows\System\nFrVhQf.exe
  2⤵
  PID:9364
- C:\Windows\System\ATeQSYW.exe
  C:\Windows\System\ATeQSYW.exe
  2⤵
  PID:9392
- C:\Windows\System\abmfScC.exe
  C:\Windows\System\abmfScC.exe
  2⤵
  PID:9420
- C:\Windows\System\IbnEGRU.exe
  C:\Windows\System\IbnEGRU.exe
  2⤵
  PID:9448
- C:\Windows\System\fZjijPN.exe
  C:\Windows\System\fZjijPN.exe
  2⤵
  PID:9476
- C:\Windows\System\ROLMlTj.exe
  C:\Windows\System\ROLMlTj.exe
  2⤵
  PID:9516
- C:\Windows\System\HAiqfYC.exe
  C:\Windows\System\HAiqfYC.exe
  2⤵
  PID:9544
- C:\Windows\System\rfxnEPS.exe
  C:\Windows\System\rfxnEPS.exe
  2⤵
  PID:9584
- C:\Windows\System\yJaDMyE.exe
  C:\Windows\System\yJaDMyE.exe
  2⤵
  PID:9600
- C:\Windows\System\kGxPiHQ.exe
  C:\Windows\System\kGxPiHQ.exe
  2⤵
  PID:9628
- C:\Windows\System\fFTAKjN.exe
  C:\Windows\System\fFTAKjN.exe
  2⤵
  PID:9656
- C:\Windows\System\FzezsKQ.exe
  C:\Windows\System\FzezsKQ.exe
  2⤵
  PID:9684
- C:\Windows\System\LJBHvys.exe
  C:\Windows\System\LJBHvys.exe
  2⤵
  PID:9712
- C:\Windows\System\XUSLCAz.exe
  C:\Windows\System\XUSLCAz.exe
  2⤵
  PID:9744
- C:\Windows\System\zasJmdn.exe
  C:\Windows\System\zasJmdn.exe
  2⤵
  PID:9772
- C:\Windows\System\auBoIwH.exe
  C:\Windows\System\auBoIwH.exe
  2⤵
  PID:9800
- C:\Windows\System\ujZdylT.exe
  C:\Windows\System\ujZdylT.exe
  2⤵
  PID:9828
- C:\Windows\System\CcWcZCr.exe
  C:\Windows\System\CcWcZCr.exe
  2⤵
  PID:9856
- C:\Windows\System\arlvowY.exe
  C:\Windows\System\arlvowY.exe
  2⤵
  PID:9884
- C:\Windows\System\binJvfY.exe
  C:\Windows\System\binJvfY.exe
  2⤵
  PID:9912
- C:\Windows\System\jlWbpue.exe
  C:\Windows\System\jlWbpue.exe
  2⤵
  PID:9940
- C:\Windows\System\RXbdQIU.exe
  C:\Windows\System\RXbdQIU.exe
  2⤵
  PID:9976
- C:\Windows\System\pYXtpmQ.exe
  C:\Windows\System\pYXtpmQ.exe
  2⤵
  PID:9996
- C:\Windows\System\DOSfhQP.exe
  C:\Windows\System\DOSfhQP.exe
  2⤵
  PID:10024
- C:\Windows\System\hyUZPYY.exe
  C:\Windows\System\hyUZPYY.exe
  2⤵
  PID:10052
- C:\Windows\System\YVGZKAc.exe
  C:\Windows\System\YVGZKAc.exe
  2⤵
  PID:10080
- C:\Windows\System\hXiGmim.exe
  C:\Windows\System\hXiGmim.exe
  2⤵
  PID:10108
- C:\Windows\System\RmmeDbw.exe
  C:\Windows\System\RmmeDbw.exe
  2⤵
  PID:10136
- C:\Windows\System\LjzZZSH.exe
  C:\Windows\System\LjzZZSH.exe
  2⤵
  PID:10164
- C:\Windows\System\UNrfQOV.exe
  C:\Windows\System\UNrfQOV.exe
  2⤵
  PID:10192
- C:\Windows\System\PHYlnxg.exe
  C:\Windows\System\PHYlnxg.exe
  2⤵
  PID:10220
- C:\Windows\System\lbjmAKa.exe
  C:\Windows\System\lbjmAKa.exe
  2⤵
  PID:9236
- C:\Windows\System\xqjVOwc.exe
  C:\Windows\System\xqjVOwc.exe
  2⤵
  PID:9300
- C:\Windows\System\EXGMwLg.exe
  C:\Windows\System\EXGMwLg.exe
  2⤵
  PID:9356
- C:\Windows\System\MMDEZib.exe
  C:\Windows\System\MMDEZib.exe
  2⤵
  PID:9436
- C:\Windows\System\xPtbIIO.exe
  C:\Windows\System\xPtbIIO.exe
  2⤵
  PID:9508
- C:\Windows\System\EofbgoL.exe
  C:\Windows\System\EofbgoL.exe
  2⤵
  PID:1600
- C:\Windows\System\PWDSTSy.exe
  C:\Windows\System\PWDSTSy.exe
  2⤵
  PID:9568
- C:\Windows\System\SmejJII.exe
  C:\Windows\System\SmejJII.exe
  2⤵
  PID:9616
- C:\Windows\System\phSBdMJ.exe
  C:\Windows\System\phSBdMJ.exe
  2⤵
  PID:9676
- C:\Windows\System\HIArBwm.exe
  C:\Windows\System\HIArBwm.exe
  2⤵
  PID:9740
- C:\Windows\System\TXijWxe.exe
  C:\Windows\System\TXijWxe.exe
  2⤵
  PID:9812
- C:\Windows\System\OUKlmxH.exe
  C:\Windows\System\OUKlmxH.exe
  2⤵
  PID:9880
- C:\Windows\System\bcYqAas.exe
  C:\Windows\System\bcYqAas.exe
  2⤵
  PID:9936
- C:\Windows\System\TamPOQg.exe
  C:\Windows\System\TamPOQg.exe
  2⤵
  PID:10016
- C:\Windows\System\UlHMvBm.exe
  C:\Windows\System\UlHMvBm.exe
  2⤵
  PID:10076
- C:\Windows\System\dBVqNOL.exe
  C:\Windows\System\dBVqNOL.exe
  2⤵
  PID:10148
- C:\Windows\System\wVxPYKq.exe
  C:\Windows\System\wVxPYKq.exe
  2⤵
  PID:10212
- C:\Windows\System\jXYfoVc.exe
  C:\Windows\System\jXYfoVc.exe
  2⤵
  PID:9292
- C:\Windows\System\pjJCUoe.exe
  C:\Windows\System\pjJCUoe.exe
  2⤵
  PID:9472
- C:\Windows\System\wJtwRUL.exe
  C:\Windows\System\wJtwRUL.exe
  2⤵
  PID:9564
- C:\Windows\System\DklkPIe.exe
  C:\Windows\System\DklkPIe.exe
  2⤵
  PID:9652
- C:\Windows\System\YpYlztH.exe
  C:\Windows\System\YpYlztH.exe
  2⤵
  PID:9840
- C:\Windows\System\GBVjNay.exe
  C:\Windows\System\GBVjNay.exe
  2⤵
  PID:9992
- C:\Windows\System\suAEyzX.exe
  C:\Windows\System\suAEyzX.exe
  2⤵
  PID:10132
- C:\Windows\System\XCagSSa.exe
  C:\Windows\System\XCagSSa.exe
  2⤵
  PID:9360
- C:\Windows\System\wlgzFmQ.exe
  C:\Windows\System\wlgzFmQ.exe
  2⤵
  PID:4020
- C:\Windows\System\yMqgzaC.exe
  C:\Windows\System\yMqgzaC.exe
  2⤵
  PID:9932
- C:\Windows\System\FppeFBE.exe
  C:\Windows\System\FppeFBE.exe
  2⤵
  PID:9276
- C:\Windows\System\boeYfmq.exe
  C:\Windows\System\boeYfmq.exe
  2⤵
  PID:10104
- C:\Windows\System\wjXgPAC.exe
  C:\Windows\System\wjXgPAC.exe
  2⤵
  PID:9924
- C:\Windows\System\gvAmOgT.exe
  C:\Windows\System\gvAmOgT.exe
  2⤵
  PID:10268
- C:\Windows\System\dWBWkZB.exe
  C:\Windows\System\dWBWkZB.exe
  2⤵
  PID:10296
- C:\Windows\System\trfpIFx.exe
  C:\Windows\System\trfpIFx.exe
  2⤵
  PID:10324
- C:\Windows\System\djzZOFj.exe
  C:\Windows\System\djzZOFj.exe
  2⤵
  PID:10352
- C:\Windows\System\XpfGCQT.exe
  C:\Windows\System\XpfGCQT.exe
  2⤵
  PID:10380
- C:\Windows\System\NutZkGo.exe
  C:\Windows\System\NutZkGo.exe
  2⤵
  PID:10408
- C:\Windows\System\fdOsFPY.exe
  C:\Windows\System\fdOsFPY.exe
  2⤵
  PID:10436
- C:\Windows\System\KtoqBhc.exe
  C:\Windows\System\KtoqBhc.exe
  2⤵
  PID:10464
- C:\Windows\System\fvtAWAo.exe
  C:\Windows\System\fvtAWAo.exe
  2⤵
  PID:10492
- C:\Windows\System\dfLTIuq.exe
  C:\Windows\System\dfLTIuq.exe
  2⤵
  PID:10520
- C:\Windows\System\jYCgaMn.exe
  C:\Windows\System\jYCgaMn.exe
  2⤵
  PID:10548
- C:\Windows\System\IfksnhL.exe
  C:\Windows\System\IfksnhL.exe
  2⤵
  PID:10592
- C:\Windows\System\fzYfwka.exe
  C:\Windows\System\fzYfwka.exe
  2⤵
  PID:10620
- C:\Windows\System\ftApQAh.exe
  C:\Windows\System\ftApQAh.exe
  2⤵
  PID:10656
- C:\Windows\System\lTwNOCb.exe
  C:\Windows\System\lTwNOCb.exe
  2⤵
  PID:10684
- C:\Windows\System\JvSOXfH.exe
  C:\Windows\System\JvSOXfH.exe
  2⤵
  PID:10712
- C:\Windows\System\fHISLRY.exe
  C:\Windows\System\fHISLRY.exe
  2⤵
  PID:10740
- C:\Windows\System\lAZlKnn.exe
  C:\Windows\System\lAZlKnn.exe
  2⤵
  PID:10768
- C:\Windows\System\wAMtTBI.exe
  C:\Windows\System\wAMtTBI.exe
  2⤵
  PID:10796
- C:\Windows\System\osGeAQE.exe
  C:\Windows\System\osGeAQE.exe
  2⤵
  PID:10824
- C:\Windows\System\uICUmDS.exe
  C:\Windows\System\uICUmDS.exe
  2⤵
  PID:10852
- C:\Windows\System\uRnckQp.exe
  C:\Windows\System\uRnckQp.exe
  2⤵
  PID:10880
- C:\Windows\System\cFYTggT.exe
  C:\Windows\System\cFYTggT.exe
  2⤵
  PID:10908
- C:\Windows\System\jNynJGM.exe
  C:\Windows\System\jNynJGM.exe
  2⤵
  PID:10936
- C:\Windows\System\alNvvpd.exe
  C:\Windows\System\alNvvpd.exe
  2⤵
  PID:10964
- C:\Windows\System\hUYbwMU.exe
  C:\Windows\System\hUYbwMU.exe
  2⤵
  PID:10992
- C:\Windows\System\tBhQlnT.exe
  C:\Windows\System\tBhQlnT.exe
  2⤵
  PID:11020
- C:\Windows\System\kFEHcdZ.exe
  C:\Windows\System\kFEHcdZ.exe
  2⤵
  PID:11048
- C:\Windows\System\BFzQHvN.exe
  C:\Windows\System\BFzQHvN.exe
  2⤵
  PID:11076
- C:\Windows\System\hldwlAw.exe
  C:\Windows\System\hldwlAw.exe
  2⤵
  PID:11120
- C:\Windows\System\xFlQOKB.exe
  C:\Windows\System\xFlQOKB.exe
  2⤵
  PID:11136
- C:\Windows\System\kZpJcqO.exe
  C:\Windows\System\kZpJcqO.exe
  2⤵
  PID:11164
- C:\Windows\System\YHbBgUD.exe
  C:\Windows\System\YHbBgUD.exe
  2⤵
  PID:11192
- C:\Windows\System\LijeNbP.exe
  C:\Windows\System\LijeNbP.exe
  2⤵
  PID:11224
- C:\Windows\System\oPFGTDp.exe
  C:\Windows\System\oPFGTDp.exe
  2⤵
  PID:11256
- C:\Windows\System\RqknGvW.exe
  C:\Windows\System\RqknGvW.exe
  2⤵
  PID:10288
- C:\Windows\System\GPOlICM.exe
  C:\Windows\System\GPOlICM.exe
  2⤵
  PID:10348
- C:\Windows\System\YgrKVeG.exe
  C:\Windows\System\YgrKVeG.exe
  2⤵
  PID:10420
- C:\Windows\System\sFKExGu.exe
  C:\Windows\System\sFKExGu.exe
  2⤵
  PID:10476
- C:\Windows\System\okcAIEr.exe
  C:\Windows\System\okcAIEr.exe
  2⤵
  PID:10512
- C:\Windows\System\cYagTCU.exe
  C:\Windows\System\cYagTCU.exe
  2⤵
  PID:10584
- C:\Windows\System\OuQBGwq.exe
  C:\Windows\System\OuQBGwq.exe
  2⤵
  PID:10652
- C:\Windows\System\nWmblLj.exe
  C:\Windows\System\nWmblLj.exe
  2⤵
  PID:10724
- C:\Windows\System\RmiUFHx.exe
  C:\Windows\System\RmiUFHx.exe
  2⤵
  PID:10788
- C:\Windows\System\Agowbsk.exe
  C:\Windows\System\Agowbsk.exe
  2⤵
  PID:10960
- C:\Windows\System\teaAUZS.exe
  C:\Windows\System\teaAUZS.exe
  2⤵
  PID:11116
- C:\Windows\System\lRSWqNp.exe
  C:\Windows\System\lRSWqNp.exe
  2⤵
  PID:11176
- C:\Windows\System\ZCxFuoV.exe
  C:\Windows\System\ZCxFuoV.exe
  2⤵
  PID:11220
- C:\Windows\System\MnNSxSr.exe
  C:\Windows\System\MnNSxSr.exe
  2⤵
  PID:10456
- C:\Windows\System\HesBhwj.exe
  C:\Windows\System\HesBhwj.exe
  2⤵
  PID:10932
- C:\Windows\System\atqPXll.exe
  C:\Windows\System\atqPXll.exe
  2⤵
  PID:11156
- C:\Windows\System\TGOliKc.exe
  C:\Windows\System\TGOliKc.exe
  2⤵
  PID:10864
- C:\Windows\System\FYHVxIZ.exe
  C:\Windows\System\FYHVxIZ.exe
  2⤵
  PID:10644
- C:\Windows\System\aIXNINW.exe
  C:\Windows\System\aIXNINW.exe
  2⤵
  PID:11296
- C:\Windows\System\UmcpZRN.exe
  C:\Windows\System\UmcpZRN.exe
  2⤵
  PID:11340
- C:\Windows\System\KAQlpaq.exe
  C:\Windows\System\KAQlpaq.exe
  2⤵
  PID:11360
- C:\Windows\System\QcsGEOQ.exe
  C:\Windows\System\QcsGEOQ.exe
  2⤵
  PID:11384
- C:\Windows\System\zUeIxTJ.exe
  C:\Windows\System\zUeIxTJ.exe
  2⤵
  PID:11416
- C:\Windows\System\CyyNtmH.exe
  C:\Windows\System\CyyNtmH.exe
  2⤵
  PID:11448
- C:\Windows\System\vXclbYK.exe
  C:\Windows\System\vXclbYK.exe
  2⤵
  PID:11480
- C:\Windows\System\wFYkxWQ.exe
  C:\Windows\System\wFYkxWQ.exe
  2⤵
  PID:11508
- C:\Windows\System\lCuMAKF.exe
  C:\Windows\System\lCuMAKF.exe
  2⤵
  PID:11536
- C:\Windows\System\dVOflfN.exe
  C:\Windows\System\dVOflfN.exe
  2⤵
  PID:11564
- C:\Windows\System\EDPTSLU.exe
  C:\Windows\System\EDPTSLU.exe
  2⤵
  PID:11596
- C:\Windows\System\zwKvnbF.exe
  C:\Windows\System\zwKvnbF.exe
  2⤵
  PID:11624
- C:\Windows\System\MIaOqWf.exe
  C:\Windows\System\MIaOqWf.exe
  2⤵
  PID:11652
- C:\Windows\System\XFLfDdK.exe
  C:\Windows\System\XFLfDdK.exe
  2⤵
  PID:11684
- C:\Windows\System\UDVRySq.exe
  C:\Windows\System\UDVRySq.exe
  2⤵
  PID:11728
- C:\Windows\System\pKpdCXF.exe
  C:\Windows\System\pKpdCXF.exe
  2⤵
  PID:11756
- C:\Windows\System\WGojODU.exe
  C:\Windows\System\WGojODU.exe
  2⤵
  PID:11800
- C:\Windows\System\XiiozZb.exe
  C:\Windows\System\XiiozZb.exe
  2⤵
  PID:11844
- C:\Windows\System\rtZbEOQ.exe
  C:\Windows\System\rtZbEOQ.exe
  2⤵
  PID:11904
- C:\Windows\System\qORYBig.exe
  C:\Windows\System\qORYBig.exe
  2⤵
  PID:11960
- C:\Windows\System\PIGeXQz.exe
  C:\Windows\System\PIGeXQz.exe
  2⤵
  PID:11996
- C:\Windows\System\tIaCYIS.exe
  C:\Windows\System\tIaCYIS.exe
  2⤵
  PID:12024
- C:\Windows\System\qQIslrN.exe
  C:\Windows\System\qQIslrN.exe
  2⤵
  PID:12052
- C:\Windows\System\SQSXDwF.exe
  C:\Windows\System\SQSXDwF.exe
  2⤵
  PID:12084
- C:\Windows\System\dSVKSXe.exe
  C:\Windows\System\dSVKSXe.exe
  2⤵
  PID:12128
- C:\Windows\System\WdLzPPK.exe
  C:\Windows\System\WdLzPPK.exe
  2⤵
  PID:12164
- C:\Windows\System\uEfTbvb.exe
  C:\Windows\System\uEfTbvb.exe
  2⤵
  PID:12192
- C:\Windows\System\ABZsKrF.exe
  C:\Windows\System\ABZsKrF.exe
  2⤵
  PID:12212
- C:\Windows\System\UlbHQVS.exe
  C:\Windows\System\UlbHQVS.exe
  2⤵
  PID:12232
- C:\Windows\System\lmnvqTF.exe
  C:\Windows\System\lmnvqTF.exe
  2⤵
  PID:12264
- C:\Windows\System\rwBVVTK.exe
  C:\Windows\System\rwBVVTK.exe
  2⤵
  PID:2788
- C:\Windows\System\RfiOrKj.exe
  C:\Windows\System\RfiOrKj.exe
  2⤵
  PID:3984
- C:\Windows\System\FYtKoHU.exe
  C:\Windows\System\FYtKoHU.exe
  2⤵
  PID:11412
- C:\Windows\System\ouuPHtx.exe
  C:\Windows\System\ouuPHtx.exe
  2⤵
  PID:11460
- C:\Windows\System\msmDBtE.exe
  C:\Windows\System\msmDBtE.exe
  2⤵
  PID:11528
- C:\Windows\System\fyAABrl.exe
  C:\Windows\System\fyAABrl.exe
  2⤵
  PID:1580
- C:\Windows\System\ubGRTKV.exe
  C:\Windows\System\ubGRTKV.exe
  2⤵
  PID:10816
- C:\Windows\System\BwlpaYS.exe
  C:\Windows\System\BwlpaYS.exe
  2⤵
  PID:11640
- C:\Windows\System\cfrwAvm.exe
  C:\Windows\System\cfrwAvm.exe
  2⤵
  PID:11720
- C:\Windows\System\hpAYbnQ.exe
  C:\Windows\System\hpAYbnQ.exe
  2⤵
  PID:11812
- C:\Windows\System\hwAAQvQ.exe
  C:\Windows\System\hwAAQvQ.exe
  2⤵
  PID:11912
- C:\Windows\System\BLaRoRK.exe
  C:\Windows\System\BLaRoRK.exe
  2⤵
  PID:12020
- C:\Windows\System\bqiSMob.exe
  C:\Windows\System\bqiSMob.exe
  2⤵
  PID:12080
- C:\Windows\System\rEPpPHt.exe
  C:\Windows\System\rEPpPHt.exe
  2⤵
  PID:12176
- C:\Windows\System\zijKkMy.exe
  C:\Windows\System\zijKkMy.exe
  2⤵
  PID:12228
- C:\Windows\System\pXuiLnN.exe
  C:\Windows\System\pXuiLnN.exe
  2⤵
  PID:12252
- C:\Windows\System\aLbJSmn.exe
  C:\Windows\System\aLbJSmn.exe
  2⤵
  PID:11316
- C:\Windows\System\gqxCpXx.exe
  C:\Windows\System\gqxCpXx.exe
  2⤵
  PID:11244
- C:\Windows\System\nkSBCMy.exe
  C:\Windows\System\nkSBCMy.exe
  2⤵
  PID:11524
- C:\Windows\System\IJhbowF.exe
  C:\Windows\System\IJhbowF.exe
  2⤵
  PID:11560
- C:\Windows\System\XVJtZpM.exe
  C:\Windows\System\XVJtZpM.exe
  2⤵
  PID:11672
- C:\Windows\System\NxHtlWW.exe
  C:\Windows\System\NxHtlWW.exe
  2⤵
  PID:11348
- C:\Windows\System\vwACIZE.exe
  C:\Windows\System\vwACIZE.exe
  2⤵
  PID:11784
- C:\Windows\System\uOeSGrC.exe
  C:\Windows\System\uOeSGrC.exe
  2⤵
  PID:12016
- C:\Windows\System\syIYBif.exe
  C:\Windows\System\syIYBif.exe
  2⤵
  PID:2188
- C:\Windows\System\UtiFsQB.exe
  C:\Windows\System\UtiFsQB.exe
  2⤵
  PID:12152
- C:\Windows\System\rVMEmXK.exe
  C:\Windows\System\rVMEmXK.exe
  2⤵
  PID:12200
- C:\Windows\System\UIyFOgy.exe
  C:\Windows\System\UIyFOgy.exe
  2⤵
  PID:4460
- C:\Windows\System\ROosriN.exe
  C:\Windows\System\ROosriN.exe
  2⤵
  PID:4956
- C:\Windows\System\lcgoOUD.exe
  C:\Windows\System\lcgoOUD.exe
  2⤵
  PID:11040
- C:\Windows\System\eFlYhmC.exe
  C:\Windows\System\eFlYhmC.exe
  2⤵
  PID:11988
- C:\Windows\System\dNXLerK.exe
  C:\Windows\System\dNXLerK.exe
  2⤵
  PID:11932
- C:\Windows\System\FjSmVbH.exe
  C:\Windows\System\FjSmVbH.exe
  2⤵
  PID:3916
- C:\Windows\System\HJEJLVg.exe
  C:\Windows\System\HJEJLVg.exe
  2⤵
  PID:11696
- C:\Windows\System\CjdwKtB.exe
  C:\Windows\System\CjdwKtB.exe
  2⤵
  PID:11992
- C:\Windows\System\hWdRCaH.exe
  C:\Windows\System\hWdRCaH.exe
  2⤵
  PID:11648
- C:\Windows\System\aAkWgFu.exe
  C:\Windows\System\aAkWgFu.exe
  2⤵
  PID:11936
- C:\Windows\System\seUZJSS.exe
  C:\Windows\System\seUZJSS.exe
  2⤵
  PID:12308
- C:\Windows\System\SnlzaIr.exe
  C:\Windows\System\SnlzaIr.exe
  2⤵
  PID:12340
- C:\Windows\System\cdlQYgK.exe
  C:\Windows\System\cdlQYgK.exe
  2⤵
  PID:12368
- C:\Windows\System\zgNtsyL.exe
  C:\Windows\System\zgNtsyL.exe
  2⤵
  PID:12396
- C:\Windows\System\ZtBBtEs.exe
  C:\Windows\System\ZtBBtEs.exe
  2⤵
  PID:12424
- C:\Windows\System\oybKXEg.exe
  C:\Windows\System\oybKXEg.exe
  2⤵
  PID:12452
- C:\Windows\System\QfnaCcv.exe
  C:\Windows\System\QfnaCcv.exe
  2⤵
  PID:12480
- C:\Windows\System\LjqiOoc.exe
  C:\Windows\System\LjqiOoc.exe
  2⤵
  PID:12508
- C:\Windows\System\njaYcJf.exe
  C:\Windows\System\njaYcJf.exe
  2⤵
  PID:12536
- C:\Windows\System\dcxRDQO.exe
  C:\Windows\System\dcxRDQO.exe
  2⤵
  PID:12564
- C:\Windows\System\PfFSEfN.exe
  C:\Windows\System\PfFSEfN.exe
  2⤵
  PID:12592
- C:\Windows\System\PaQndLZ.exe
  C:\Windows\System\PaQndLZ.exe
  2⤵
  PID:12620
- C:\Windows\System\afyBHXe.exe
  C:\Windows\System\afyBHXe.exe
  2⤵
  PID:12648
- C:\Windows\System\mWnfRTJ.exe
  C:\Windows\System\mWnfRTJ.exe
  2⤵
  PID:12676
- C:\Windows\System\LBHrgQy.exe
  C:\Windows\System\LBHrgQy.exe
  2⤵
  PID:12704
- C:\Windows\System\nWiWPhO.exe
  C:\Windows\System\nWiWPhO.exe
  2⤵
  PID:12732
- C:\Windows\System\tXvaLoM.exe
  C:\Windows\System\tXvaLoM.exe
  2⤵
  PID:12760
- C:\Windows\System\mrndVWr.exe
  C:\Windows\System\mrndVWr.exe
  2⤵
  PID:12788
- C:\Windows\System\OkWWUhz.exe
  C:\Windows\System\OkWWUhz.exe
  2⤵
  PID:12816
- C:\Windows\System\eXiDRmv.exe
  C:\Windows\System\eXiDRmv.exe
  2⤵
  PID:12844
- C:\Windows\System\OFYuCxe.exe
  C:\Windows\System\OFYuCxe.exe
  2⤵
  PID:12872
- C:\Windows\System\euylAsp.exe
  C:\Windows\System\euylAsp.exe
  2⤵
  PID:12900
- C:\Windows\System\HVUPDIh.exe
  C:\Windows\System\HVUPDIh.exe
  2⤵
  PID:12944
- C:\Windows\System\yKkdcMS.exe
  C:\Windows\System\yKkdcMS.exe
  2⤵
  PID:13012
- C:\Windows\System\ddLZYMO.exe
  C:\Windows\System\ddLZYMO.exe
  2⤵
  PID:13052
- C:\Windows\System\bXqZxgO.exe
  C:\Windows\System\bXqZxgO.exe
  2⤵
  PID:13084
- C:\Windows\System\wsuDZQR.exe
  C:\Windows\System\wsuDZQR.exe
  2⤵
  PID:13120
- C:\Windows\System\viWzgqf.exe
  C:\Windows\System\viWzgqf.exe
  2⤵
  PID:13140
- C:\Windows\System\qHlMSDF.exe
  C:\Windows\System\qHlMSDF.exe
  2⤵
  PID:13168
- C:\Windows\System\rrTdOHp.exe
  C:\Windows\System\rrTdOHp.exe
  2⤵
  PID:13200
- C:\Windows\System\mtaXBiK.exe
  C:\Windows\System\mtaXBiK.exe
  2⤵
  PID:13228
- C:\Windows\System\MQGFzFB.exe
  C:\Windows\System\MQGFzFB.exe
  2⤵
  PID:13256
- C:\Windows\System\cdNVBVV.exe
  C:\Windows\System\cdNVBVV.exe
  2⤵
  PID:13284
- C:\Windows\System\fgCFLsM.exe
  C:\Windows\System\fgCFLsM.exe
  2⤵
  PID:12292
- C:\Windows\System\zAgwLwp.exe
  C:\Windows\System\zAgwLwp.exe
  2⤵
  PID:12360
- C:\Windows\System\oSfgeNT.exe
  C:\Windows\System\oSfgeNT.exe
  2⤵
  PID:12420
- C:\Windows\System\ABJWxKk.exe
  C:\Windows\System\ABJWxKk.exe
  2⤵
  PID:12496
- C:\Windows\System\nSetjdF.exe
  C:\Windows\System\nSetjdF.exe
  2⤵
  PID:12556
- C:\Windows\System\HWNeIUG.exe
  C:\Windows\System\HWNeIUG.exe
  2⤵
  PID:12616
- C:\Windows\System\iAHUokq.exe
  C:\Windows\System\iAHUokq.exe
  2⤵
  PID:12692
- C:\Windows\System\gSOppWD.exe
  C:\Windows\System\gSOppWD.exe
  2⤵
  PID:12752
- C:\Windows\System\TldQnNw.exe
  C:\Windows\System\TldQnNw.exe
  2⤵
  PID:12812
- C:\Windows\System\FEKsAMz.exe
  C:\Windows\System\FEKsAMz.exe
  2⤵
  PID:12916
- C:\Windows\System\QzjdnZw.exe
  C:\Windows\System\QzjdnZw.exe
  2⤵
  PID:12980
- C:\Windows\System\gOcFqfo.exe
  C:\Windows\System\gOcFqfo.exe
  2⤵
  PID:13068
- C:\Windows\System\IMdaMME.exe
  C:\Windows\System\IMdaMME.exe
  2⤵
  PID:13036
- C:\Windows\System\xapiGPX.exe
  C:\Windows\System\xapiGPX.exe
  2⤵
  PID:13108
- C:\Windows\System\gBBAGBu.exe
  C:\Windows\System\gBBAGBu.exe
  2⤵
  PID:13184
- C:\Windows\System\fXBZGWI.exe
  C:\Windows\System\fXBZGWI.exe
  2⤵
  PID:13248
- C:\Windows\System\dNKXWJS.exe
  C:\Windows\System\dNKXWJS.exe
  2⤵
  PID:13304
- C:\Windows\System\VfGWUaM.exe
  C:\Windows\System\VfGWUaM.exe
  2⤵
  PID:12408
- C:\Windows\System\zEBjvRN.exe
  C:\Windows\System\zEBjvRN.exe
  2⤵
  PID:12532
- C:\Windows\System\OvwACry.exe
  C:\Windows\System\OvwACry.exe
  2⤵
  PID:12672
- C:\Windows\System\UPjNkro.exe
  C:\Windows\System\UPjNkro.exe
  2⤵
  PID:12840
- C:\Windows\System\vKcbVvK.exe
  C:\Windows\System\vKcbVvK.exe
  2⤵
  PID:13044
- C:\Windows\System\Yynlofy.exe
  C:\Windows\System\Yynlofy.exe
  2⤵
  PID:12984
- C:\Windows\System\nDdhNNg.exe
  C:\Windows\System\nDdhNNg.exe
  2⤵
  PID:2836
- C:\Windows\System\yuLNPlR.exe
  C:\Windows\System\yuLNPlR.exe
  2⤵
  PID:12476
- C:\Windows\System\YqYFCuM.exe
  C:\Windows\System\YqYFCuM.exe
  2⤵
  PID:12804
- C:\Windows\System\GOwGodi.exe
  C:\Windows\System\GOwGodi.exe
  2⤵
  PID:13164
- C:\Windows\System\bLNKOKG.exe
  C:\Windows\System\bLNKOKG.exe
  2⤵
  PID:12668
- C:\Windows\System\ZBHUumn.exe
  C:\Windows\System\ZBHUumn.exe
  2⤵
  PID:12608
- C:\Windows\System\bcQdFcE.exe
  C:\Windows\System\bcQdFcE.exe
  2⤵
  PID:13328
- C:\Windows\System\VwTMIPo.exe
  C:\Windows\System\VwTMIPo.exe
  2⤵
  PID:13356
- C:\Windows\System\MOivhSI.exe
  C:\Windows\System\MOivhSI.exe
  2⤵
  PID:13384
- C:\Windows\System\FVCJOcJ.exe
  C:\Windows\System\FVCJOcJ.exe
  2⤵
  PID:13412
- C:\Windows\System\AtMbYoL.exe
  C:\Windows\System\AtMbYoL.exe
  2⤵
  PID:13440
- C:\Windows\System\oiItDcz.exe
  C:\Windows\System\oiItDcz.exe
  2⤵
  PID:13468
- C:\Windows\System\dRVrIkh.exe
  C:\Windows\System\dRVrIkh.exe
  2⤵
  PID:13496
- C:\Windows\System\RHHqztg.exe
  C:\Windows\System\RHHqztg.exe
  2⤵
  PID:13524
- C:\Windows\System\gYiweZW.exe
  C:\Windows\System\gYiweZW.exe
  2⤵
  PID:13552
- C:\Windows\System\IzQDOjp.exe
  C:\Windows\System\IzQDOjp.exe
  2⤵
  PID:13580
- C:\Windows\System\IQrDHgM.exe
  C:\Windows\System\IQrDHgM.exe
  2⤵
  PID:13608
- C:\Windows\System\OWGfzJn.exe
  C:\Windows\System\OWGfzJn.exe
  2⤵
  PID:13636
- C:\Windows\System\yJoSFgK.exe
  C:\Windows\System\yJoSFgK.exe
  2⤵
  PID:13664
- C:\Windows\System\XWVlWks.exe
  C:\Windows\System\XWVlWks.exe
  2⤵
  PID:13692
- C:\Windows\System\xdLGdmz.exe
  C:\Windows\System\xdLGdmz.exe
  2⤵
  PID:13720
- C:\Windows\System\peqUBMI.exe
  C:\Windows\System\peqUBMI.exe
  2⤵
  PID:13748
- C:\Windows\System\IFWGnGY.exe
  C:\Windows\System\IFWGnGY.exe
  2⤵
  PID:13776
- C:\Windows\System\JDapfWp.exe
  C:\Windows\System\JDapfWp.exe
  2⤵
  PID:13804
- C:\Windows\System\dzqQzmb.exe
  C:\Windows\System\dzqQzmb.exe
  2⤵
  PID:13832
- C:\Windows\System\iVhfipy.exe
  C:\Windows\System\iVhfipy.exe
  2⤵
  PID:13860
- C:\Windows\System\KJueQdJ.exe
  C:\Windows\System\KJueQdJ.exe
  2⤵
  PID:13888
- C:\Windows\System\NYJecZY.exe
  C:\Windows\System\NYJecZY.exe
  2⤵
  PID:13916
- C:\Windows\System\euxBqlN.exe
  C:\Windows\System\euxBqlN.exe
  2⤵
  PID:13944
- C:\Windows\System\CfmhHge.exe
  C:\Windows\System\CfmhHge.exe
  2⤵
  PID:13972
- C:\Windows\System\tfLzFdn.exe
  C:\Windows\System\tfLzFdn.exe
  2⤵
  PID:14000
- C:\Windows\System\IgZsigd.exe
  C:\Windows\System\IgZsigd.exe
  2⤵
  PID:14028
- C:\Windows\System\DfbqIqW.exe
  C:\Windows\System\DfbqIqW.exe
  2⤵
  PID:14056
- C:\Windows\System\LjHOYOw.exe
  C:\Windows\System\LjHOYOw.exe
  2⤵
  PID:14084
- C:\Windows\System\FukzlPS.exe
  C:\Windows\System\FukzlPS.exe
  2⤵
  PID:14116
- C:\Windows\System\LCMZReA.exe
  C:\Windows\System\LCMZReA.exe
  2⤵
  PID:14144
- C:\Windows\System\OCHQsqZ.exe
  C:\Windows\System\OCHQsqZ.exe
  2⤵
  PID:14172
- C:\Windows\System\sOFpIqb.exe
  C:\Windows\System\sOFpIqb.exe
  2⤵
  PID:14200
- C:\Windows\System\YDLymjY.exe
  C:\Windows\System\YDLymjY.exe
  2⤵
  PID:14296
- C:\Windows\System\QfVIpcw.exe
  C:\Windows\System\QfVIpcw.exe
  2⤵
  PID:13408
- C:\Windows\System\GCoIIHQ.exe
  C:\Windows\System\GCoIIHQ.exe
  2⤵
  PID:13492
- C:\Windows\System\tPoFbPE.exe
  C:\Windows\System\tPoFbPE.exe
  2⤵
  PID:13544
- C:\Windows\System\tvKEVZf.exe
  C:\Windows\System\tvKEVZf.exe
  2⤵
  PID:13648
- C:\Windows\System\BoZDvDQ.exe
  C:\Windows\System\BoZDvDQ.exe
  2⤵
  PID:13712
- C:\Windows\System\dNJYzcy.exe
  C:\Windows\System\dNJYzcy.exe
  2⤵
  PID:13824
- C:\Windows\System\jtEzTxF.exe
  C:\Windows\System\jtEzTxF.exe
  2⤵
  PID:12988
- C:\Windows\System\BsdRPLi.exe
  C:\Windows\System\BsdRPLi.exe
  2⤵
  PID:13940
- C:\Windows\System\qyHztyW.exe
  C:\Windows\System\qyHztyW.exe
  2⤵
  PID:14020
- C:\Windows\System\BOmVVYg.exe
  C:\Windows\System\BOmVVYg.exe
  2⤵
  PID:14108
- C:\Windows\System\siYiAfd.exe
  C:\Windows\System\siYiAfd.exe
  2⤵
  PID:14288
- C:\Windows\System\PYHyifu.exe
  C:\Windows\System\PYHyifu.exe
  2⤵
  PID:13516
- C:\Windows\System\qkIkYoZ.exe
  C:\Windows\System\qkIkYoZ.exe
  2⤵
  PID:13704
- C:\Windows\System\yZXZIck.exe
  C:\Windows\System\yZXZIck.exe
  2⤵
  PID:13928
- C:\Windows\System\NkjTmeQ.exe
  C:\Windows\System\NkjTmeQ.exe
  2⤵
  PID:13788
- C:\Windows\System\OyfrSVq.exe
  C:\Windows\System\OyfrSVq.exe
  2⤵
  PID:13992
- C:\Windows\System\kalZEoi.exe
  C:\Windows\System\kalZEoi.exe
  2⤵
  PID:14312
- C:\Windows\System\NXlUOOJ.exe
  C:\Windows\System\NXlUOOJ.exe
  2⤵
  PID:13884
- C:\Windows\System\vrtGKRv.exe
  C:\Windows\System\vrtGKRv.exe
  2⤵
  PID:13484
- C:\Windows\System\lzqLyvn.exe
  C:\Windows\System\lzqLyvn.exe
  2⤵
  PID:13760
- C:\Windows\System\YIztHIa.exe
  C:\Windows\System\YIztHIa.exe
  2⤵
  PID:13688
- C:\Windows\System\CgZYQLm.exe
  C:\Windows\System\CgZYQLm.exe
  2⤵
  PID:14068
- C:\Windows\System\jilXIWs.exe
  C:\Windows\System\jilXIWs.exe
  2⤵
  PID:13604
- C:\Windows\System\vhzceyS.exe
  C:\Windows\System\vhzceyS.exe
  2⤵
  PID:14364
- C:\Windows\System\SqZiCWM.exe
  C:\Windows\System\SqZiCWM.exe
  2⤵
  PID:14392
- C:\Windows\System\FIogzHw.exe
  C:\Windows\System\FIogzHw.exe
  2⤵
  PID:14420
- C:\Windows\System\aWzSvHY.exe
  C:\Windows\System\aWzSvHY.exe
  2⤵
  PID:14448
- C:\Windows\System\FSAofME.exe
  C:\Windows\System\FSAofME.exe
  2⤵
  PID:14476
- C:\Windows\System\ZDTlVqk.exe
  C:\Windows\System\ZDTlVqk.exe
  2⤵
  PID:14504
- C:\Windows\System\zFFIdAl.exe
  C:\Windows\System\zFFIdAl.exe
  2⤵
  PID:14532
- C:\Windows\System\PpMAqiG.exe
  C:\Windows\System\PpMAqiG.exe
  2⤵
  PID:14560
- C:\Windows\System\VlonnNt.exe
  C:\Windows\System\VlonnNt.exe
  2⤵
  PID:14588
- C:\Windows\System\CzaUcLU.exe
  C:\Windows\System\CzaUcLU.exe
  2⤵
  PID:14616
- C:\Windows\System\YsKMrCx.exe
  C:\Windows\System\YsKMrCx.exe
  2⤵
  PID:14644
- C:\Windows\System\FZAuFMW.exe
  C:\Windows\System\FZAuFMW.exe
  2⤵
  PID:14672

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:14468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AgytJAp.exe

Filesize
6.0MB

MD5
59f3f173d317bd74d42d5f23a11675c6

SHA1
dc32bf408c9f5843446df04c236f937891223093

SHA256
67bb1c4b4de65c81cdfce1a0c945d86dceb0b7e1b060261c1143580071a80e1a

SHA512
848bbcf50748b8e57b6cf4cbfbc6d1dbec7b5cbc8ca3dc152c78240849e29e802bda08c53aaf44081b0e68817fc7c3ac1c01ae9bd6db677984e160524e1a8a15

Download Submit
C:\Windows\System\AjhKqES.exe

Filesize
6.0MB

MD5
b89c5f43ed193ed5105f24efec46f174

SHA1
af394d760abe9f019409727703cbab4dadbad02a

SHA256
233e8f8c54401ee5369632d000f08f9567a0ad59ec8903522462090082bdac61

SHA512
5f5dff330f202e4c9ac0a687dc05d30b39430e65d38c4af3e51e0466b5a6f2e2727c1e88e91f80b1abf5d4e7a06450a3e9b4eb5d8a2cd4a6cd54c04a27a97dca

Download Submit
C:\Windows\System\FgzimWp.exe

Filesize
6.0MB

MD5
c6de0812e95f17b6c8a271098cf2fe2c

SHA1
f66c8beff2d98a1d451559a9c09069749f7c738b

SHA256
93b44301131d742bcb30696d0b7bf7a41e33dc2ac86d034e056e5b75d576e7e3

SHA512
01b21e5acce1e5ece7729b273b53d1726094db608663c4dc9ec78562658e50e57015264b0ef6a0072c103d8de27db275bb8bf2227d9552594d9aac72a2d83e90

Download Submit
C:\Windows\System\GGuqplZ.exe

Filesize
6.0MB

MD5
85e7d2a0aaa3b31de5da4156b341012e

SHA1
e22d03888f144af84ada6fbd86655c37b98ba39f

SHA256
2abe9370af3014ce019847c3cda0dc4bd674ab1b555522bb94cdf6b00ea63095

SHA512
f79186e17ff7e09ba41e5e423bcf8d807c9f2d72f047463fc490f9d9d21160fd02e0bb2c08e049ce6f8cadd5bf5b4930b2956a2ddae2e5039d7a0b172320d8b4

Download Submit
C:\Windows\System\GjtrdjG.exe

Filesize
6.0MB

MD5
0194970d9dfc286877ff4110398a3c5e

SHA1
f68a108ea190b0a00fc9b857a7279814086fa1d7

SHA256
6d65b91f32456c23fa44ea58f0f82b59c35d1643276aab67f191bdb412b5ea38

SHA512
2a025cf8c76a3778299e5168b1cb5f17e18117478ac9487d185591d9b0db77639c1634e570fc381e4d8fd2ffcc7c132c887df2ecfcbf455f62fa81fbe4462880

Download Submit
C:\Windows\System\HJNZpnp.exe

Filesize
6.0MB

MD5
26ed8e02f4a186c2f5b309e7057cd55a

SHA1
1172bdfc43bc6bb0a83e68c71742cff615322642

SHA256
7803470ee9e31681b0ef94f8dda3faac964ae090cd9547e7698ba94e881b0403

SHA512
dcefddabd8bde92b0675b63d09056430e4462bb68ad555a25527536f22ff447fd8fa2129a0b436995c8314cd92fe828894d356856caf365c7c0878cd59d4e438

Download Submit
C:\Windows\System\HWiWpSw.exe

Filesize
6.0MB

MD5
9e0636aec9e564b734465d3700e4a713

SHA1
d8055f8ccfdc0fee4de98d55d6e3ecd38b73a607

SHA256
a37b123b2695096f36a26c6a17e63f50be74bad00c6e0ab6f0a0decd823760c8

SHA512
e3ed14e18f36564fde2d80ce75deed3a791aa9c48d731b4cd159a3f7e8fd909c3a26e69863b65db12f680aa52802fde609d598e5e1b6d659ffe1f7f08f2cf428

Download Submit
C:\Windows\System\IfPnduE.exe

Filesize
6.0MB

MD5
2ee331889ddf8ae301359381cc4ba3a0

SHA1
51876f1a387a9b2ad6e269e4b1d3832f5ff94e82

SHA256
e4f35469ff7e1f20c8af825ea13e9d9f204cad76df5c5f184baea62f4864fc3e

SHA512
4d03fc5f18605c0c9393db4b53d4781d6b7acf27d2cf90ea0388b7f75698b3203208529d8d10cce9a49d9565808e0b8fe467cafb3e7475c6172a17f4153374e0

Download Submit
C:\Windows\System\LqlYpKc.exe

Filesize
6.0MB

MD5
5296bf4e5d7a364fe19aa853d054a574

SHA1
9c4d55878fd20e6cd75d5a5ceac5d172c72544a0

SHA256
daabf77ef70b9f008c69b369643e46c774e4335c9296f2521d3aff34d5cd5838

SHA512
f43cd59a4efcd9c5b6db200befe47668be576a69931e05b19b2b38d8e39b0d08a651000780a410d5a8a1f9132717ea1bc623ac92c696183effbfc4236fcc7d70

Download Submit
C:\Windows\System\MvKVBWf.exe

Filesize
6.0MB

MD5
79b1c12ff6ab5d7e2d8fab36c3c60f00

SHA1
e9faedb6f6626538aa9ecd8c4960e84f21abe42e

SHA256
951b9795dbb02ba9c3c54f39373070d6ca42d75f745ec8d39680fb96c015ac8a

SHA512
2832353942b9bcf5d10d2ef05819445ebd4fb17573aba02b8884d667177526cce7b98825f66862c5d5794650a99915d20826dd3abfcb4150ecd31a74809376ca

Download Submit
C:\Windows\System\PCwgkjt.exe

Filesize
6.0MB

MD5
f09e80f3be19657a326f437abf435038

SHA1
9d5cfa03a8e96a0cb1ed67b2913cb2f05bdfed4a

SHA256
349cfcb4cf2b2def5642fb0a6f0c36956e9495a8531e8a55d9456f021c937d76

SHA512
e128d89335d4d904bfd315155ae23903875cedc068bb706eaa9865b51df8174c779d0244c46450b65b0bdec7bcbc55a3467bd247367c074e2367b19daf428f9e

Download Submit
C:\Windows\System\PsLmfyS.exe

Filesize
6.0MB

MD5
8bbe0f63e9c79d20912e568edba1c6d6

SHA1
1c1a4f5da968c84796dc8cc44e91b2f99cf6fe93

SHA256
b7efd29b2f09de9e6186181ff0e611e1222925f5b295a4df8940cfda82797989

SHA512
c34e9521c5abb09007546c95d12b4d837949cd49a4d5cb05cf33a01b753a2d9261e3cf09681030efd7e808fd1440af744db5f220996bc9c70d4e0d3f2074671f

Download Submit
C:\Windows\System\RJnPRDd.exe

Filesize
6.0MB

MD5
98e01c2c84bea71eb747ead6a088ce87

SHA1
61ad3a5cd506fbb509cdc348a697ffdb473d800a

SHA256
b63cffcbf1f161a0518618da351e7af3bd7e818979dbc7b1b65042d7e60c1c5c

SHA512
c5500576b57cc1ea556f024acf789996b356e2670b2b98c85b932194f8ccb7918c91436a4e0a25f81c863a886e48b3f9b6aaa3f6003ce7be0f703fc745ff76bd

Download Submit
C:\Windows\System\RLFeGDb.exe

Filesize
6.0MB

MD5
e67af9c7c3376736f8ba2e02d556b804

SHA1
f2b6b611df3f5e4ff45eb7c64ebd29a4ce56b9bd

SHA256
639dcba44daf2e5549aeccc1419d820febef67d90fb9677bb1332ebe89355bd7

SHA512
5763df6ef63beb3f2392199bc3b412114f5c2cfd113ed4627e235ee4e2a22b0057231db850e63f03263ffbfcc8a737a36fedc70b5ffe02fb90d2a732504c674f

Download Submit
C:\Windows\System\SRQIdnp.exe

Filesize
6.0MB

MD5
e3d8ed1d672e63affe87931f9342d878

SHA1
a99bd905b6e5bb2bbceae83ac072f4095ee3d004

SHA256
3edf0f13cb15f62b684fce05efc0854a1174f44c3a507c3368010ddfa1c5804c

SHA512
ce327bfb27217fbfe0ca7eb983ae9d93abd6d66cb616f50f293a1efb8185ab57527772691de55e1ecc8b92d2826d6dff319136e62adea19e766cee8865c2f2cf

Download Submit
C:\Windows\System\SdCqevI.exe

Filesize
6.0MB

MD5
b15706c80ea82261e9340e3cdb86f6b3

SHA1
cafa20744e6fe4437be895529a1ef58941b45fc0

SHA256
3398d038fccac32d4c6dd79d615072acc8c9973f3db888dfe8d7c42c41a24830

SHA512
9342d314ce51cfc908eba7c91fd5f563fb97dfc8dc448d9d20dcc5b1c66f707a767df537592e366cfd5e22458762047ada16c557b5981db2851e1acd0aa8b0cb

Download Submit
C:\Windows\System\UDYOZVB.exe

Filesize
6.0MB

MD5
4115c03de06f1902a0522329e96bf7c1

SHA1
1431f04ecf1eed8967e408c178744f7abbf2946d

SHA256
e378d52b01f224438931080bfb6b1377764ce532e1dc395d41ce3b0c211b678b

SHA512
4adbba8fb9ccfe7e6003aef01cf6f9a03c4defc340490302e53ac09b7ac8519341d52c788e172d2d8a79d4cbd7d76188a421e167cb23caec2edd9d7a2a1c7726

Download Submit
C:\Windows\System\WGaDgOK.exe

Filesize
6.0MB

MD5
c7f089c062890a0669dfb6ffabb6ce59

SHA1
bd457ccdaf4fb08739096020eb4cebc888cc17f4

SHA256
cd547593704de55797b2a0670d9817c78482b4c805abdff7d59462bb0d0b7203

SHA512
1b7de81b6108363b359ea015b7eddd538c33ec88f8a0046742c5e844671abd66807b110f0e878b3f8b9429ea3fdcedb4f9706ec34adc8e766e603579ef415f02

Download Submit
C:\Windows\System\YEYMRou.exe

Filesize
6.0MB

MD5
4a29bd474b33247acc304185791acf14

SHA1
454403624012120a67b416888580bc9ffe5d5094

SHA256
c5a9bdff0863d6a728c9159c68d2e584ede178c520a30a6034fa3ce89eacf2a6

SHA512
db63fb8339e6ce7d23bb49458b2ec934a4d363ddaf2673d833b7c31a768691ff8ba38c6546a9c40050c45b5dc937626221e907d3f577e9fe8bce3ae94811ca20

Download Submit
C:\Windows\System\aueUCGI.exe

Filesize
6.0MB

MD5
c9f2d59d63c8d5b8d5d3ae3dc618f84f

SHA1
9b810512461bbacac271d3a7cf2e9ae87920fa65

SHA256
68549bfb50969e8140c5adfdf35bb56602075e5aa2511aa8dbba96bc45fee671

SHA512
22ca0ff01410c7158a41940f50a093c77da801abbe9f65649bcb0861f165af92a32d007765f13a53f39000a7830c210422a3228186593e0cf5f1405b34c0cdad

Download Submit
C:\Windows\System\bQwPKhi.exe

Filesize
6.0MB

MD5
1994b70045742e94b1fd003e4c2abc4b

SHA1
edaeda1e8da5c203d4f1c80bc2be5d287aff74df

SHA256
8b137e9d741081b8ea534b11ad446c2aa7c5a95c32dac66fdb1aa091796ad32c

SHA512
d8e5c1b92daea1cabcfc6f3a67262eaf5c03ab7c2cc74beddc67d5fb86c654bfcd66450697bbf1d4e4639486a3b15322da6a7ea1610b6db163f3ffa271932b18

Download Submit
C:\Windows\System\dcsqkKp.exe

Filesize
6.0MB

MD5
1b48a0274ac23d4db22b6ff4815a5450

SHA1
3a37a48d88a056c1ce3b5e94dab9e962eaa03dff

SHA256
a38a77c67c83868ac5592bd4528f49f4ef301860250c321deaa093329e4b683c

SHA512
4768982319395b81982edb8faef9f4d0d99545c0e500fe1686e843d24bb6ccc4e1f723906b3a0993dfce34714c59e9a93be677d13890f663a111df394f5f285d

Download Submit
C:\Windows\System\eAkRTGw.exe

Filesize
6.0MB

MD5
38ec3ff61d38e575fa3722cb8974e613

SHA1
215aba364ad3327277945442b9609eee77112910

SHA256
6e82f3597947da76888da4af8ca23b84f24f4b3d0dee54bf879637b6338765ab

SHA512
44dd2a804f336b19a242c6f81883c36c7e74a133dc200c28174223b5d5d78fb2d3e2bc48f3b42561af1d2d686ece446630d15ad8f280f4c084f6214fee29646c

Download Submit
C:\Windows\System\hcSkkwQ.exe

Filesize
6.0MB

MD5
6c721bdb9b60b5ab06f27946393a8a64

SHA1
9dcaf1852a4903f07c5b7c20c1a045b390a1c476

SHA256
34e3c29802163e039df00b17acf0a0b3429aa02e09f887dbe7a8ac977a7e8d19

SHA512
2254a5ca9612ab3ad3adaa8021b1850e9506a7e62f19dbbc158b13c19154b54d56055c89d3ce56c317b3bd8a0af836ec08757ab65adf04b42e56e5899b6b05ae

Download Submit
C:\Windows\System\iRRtbhh.exe

Filesize
6.0MB

MD5
f5b674fbf8c61c3b2d2d043541d2dbb2

SHA1
e57e4d9a7e7132f3c6243c6ae089d2b2dfc27403

SHA256
fcbe9bae26e4311868791b5ce325203e205ceca66065daf0eb7d6d741519f45a

SHA512
5b39e20925133ee87c9b5d9b337e6f67f5ebd596bbccf9252418b21b384b1948a7fd7c63e420b14e0db1be0d47783732151d0099c607e30d5d2068761afe7f8a

Download Submit
C:\Windows\System\pIWmfgW.exe

Filesize
6.0MB

MD5
468f7e3ec91ce9031e121e45d2282361

SHA1
86285001ad3e83314c961138107fff4525fbfe7d

SHA256
785bca4bde4086a8cc2bd09e3d40986fe90a23bdd6b9c8f32c37f7cc69159331

SHA512
b9e055ad8e6c4261ce1a9e066e281a8e4a5b52ed52923319db51d1c5c19e317a73ea0dc8209a2db803fee87811ec8baa4c17dcb1c9c894553c4c428443108d11

Download Submit
C:\Windows\System\qAAtRws.exe

Filesize
6.0MB

MD5
a6f2a39bcfd2d8d887b859f3cfdc4cc2

SHA1
554ae433f34b40b7dfafa0a9bec5a20fed38e6da

SHA256
ee23ea2ead38cb076255a21f32fe7062f4e8d878e7754d22bc801a7c7ee33b8b

SHA512
258a07f6a76e06d3080698ed62db7360f5379da70ed1ea5986a1cc6c3609a467502079c8c3d80edb571e67d4ef06afc6bcd0aa13759825432c37644f1a34881a

Download Submit
C:\Windows\System\quHRwXs.exe

Filesize
6.0MB

MD5
b96d1a4f55a9f4b1438090064f3c30f3

SHA1
fc8e7968bf25585ea78ed60e13670a2cbf1400ce

SHA256
6a81c450307ee38f20d2c6e1ca3228ea5e15e5d27e810efc91b93b8074cc8e88

SHA512
57e5835dbf9588c2ef6604f4671b24932b18771b6720d76b27f998974808f1706dced09c62ec28252b6e2da03d506dc4a487046f7f904955f2f89232c553d0c2

Download Submit
C:\Windows\System\uKsRRwc.exe

Filesize
6.0MB

MD5
474476e0dcffbe4baeb00374ba7871f2

SHA1
b46e223f8b971f60d105e734f9c151ec98939b9d

SHA256
e5925613fd27095d18d8948590bcda69cff29f6eb375017842c52775d74f27b2

SHA512
ff8d8c9a9c397702533111d609d4da380975460832c6adf8e2281f4b680e8fc0d0fc009895155946c9b945cf1ad9ad24218a10be9c294d58dd926ab47b358b6a

Download Submit
C:\Windows\System\vHTfCMq.exe

Filesize
6.0MB

MD5
5c838329f3d20e6ab20287fe74340dae

SHA1
1043eb4be50caf1a363eb56fdf201cd6147ff6ca

SHA256
f4d0eebb35a1bd55de2368ab29a533447bea5120385f3f88c0876b9304e3dded

SHA512
6c2c0e626d4b72c6bf5d3f0f73bdafd60f91d6c9956e89cadcbcb773e3eb9673510c6be00ce93e7295e1e66f7fdad3a84cdb7915a79fd23c296db5f72cbe5318

Download Submit
C:\Windows\System\xGHdaoc.exe

Filesize
6.0MB

MD5
5c315e1941b0e611b99f48d8fcc7fb22

SHA1
a701a03283716c91bc4a39ba80315f5b6ecd7235

SHA256
aa3dadab44f97c81d985518999d299b16dabe42b3a249ea44eeb492a75ade1ca

SHA512
672fddeeefcd570b881325511498ec4358210fa0100be43c2bc7304499138d1d244016e0783f0e0e6ce492b3d0839c0ed78babdc5893d7c9bd3d7035732428c9

Download Submit
C:\Windows\System\xZiJNSS.exe

Filesize
6.0MB

MD5
5f0eec168e2007eb28346f1797603a40

SHA1
c7680079593a05852ce9a04ed30954fa9f4aab55

SHA256
fdf617bb132455257abeeb60942f7844d5c7beed044d56ef9887cf746bd8882b

SHA512
6c9ba6899f415c35366a1505d0cf78f448fef23211f010bb6a32de0bf9c07f2f2c40686b7db54f5d72a01b4c217b650fd565f1108fe743886ad0e79c6a3f57fa

Download Submit
C:\Windows\System\yujeElB.exe

Filesize
6.0MB

MD5
84909ffb8ab93595e451d5a81e5eb2ea

SHA1
1eea68628ac48b31ed05b9c5a27e747c5ab0f243

SHA256
4ca31fdbaccc8ce9b75095cedf965ebbfa9f3c5b5aa72a395aaebb9eb2148a35

SHA512
054a8c301238b9f20bdf27da31301e1c26867eeab0bd42a85976fadc01780b6e953e0d380849b7c2a0ee640957796d3e938802685ae3468364379ade05c784ae

Download Submit
memory/444-22-0x00007FF705AE0000-0x00007FF705E34000-memory.dmp

Filesize
3.3MB

Download
memory/444-1559-0x00007FF705AE0000-0x00007FF705E34000-memory.dmp

Filesize
3.3MB

Download
memory/736-2227-0x00007FF7F6DD0000-0x00007FF7F7124000-memory.dmp

Filesize
3.3MB

Download
memory/736-994-0x00007FF7F6DD0000-0x00007FF7F7124000-memory.dmp

Filesize
3.3MB

Download
memory/764-2215-0x00007FF6288C0000-0x00007FF628C14000-memory.dmp

Filesize
3.3MB

Download
memory/764-979-0x00007FF6288C0000-0x00007FF628C14000-memory.dmp

Filesize
3.3MB

Download
memory/772-2224-0x00007FF7F96E0000-0x00007FF7F9A34000-memory.dmp

Filesize
3.3MB

Download
memory/772-997-0x00007FF7F96E0000-0x00007FF7F9A34000-memory.dmp

Filesize
3.3MB

Download
memory/1072-2223-0x00007FF7A0010000-0x00007FF7A0364000-memory.dmp

Filesize
3.3MB

Download
memory/1072-988-0x00007FF7A0010000-0x00007FF7A0364000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2206-0x00007FF66F3D0000-0x00007FF66F724000-memory.dmp

Filesize
3.3MB

Download
memory/1704-961-0x00007FF66F3D0000-0x00007FF66F724000-memory.dmp

Filesize
3.3MB

Download
memory/1804-974-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2217-0x00007FF7D49E0000-0x00007FF7D4D34000-memory.dmp

Filesize
3.3MB

Download
memory/1848-954-0x00007FF70A5C0000-0x00007FF70A914000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2204-0x00007FF70A5C0000-0x00007FF70A914000-memory.dmp

Filesize
3.3MB

Download
memory/2024-982-0x00007FF71A800000-0x00007FF71AB54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2214-0x00007FF71A800000-0x00007FF71AB54000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2221-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-998-0x00007FF7FA760000-0x00007FF7FAAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2222-0x00007FF6D4CB0000-0x00007FF6D5004000-memory.dmp

Filesize
3.3MB

Download
memory/2212-992-0x00007FF6D4CB0000-0x00007FF6D5004000-memory.dmp

Filesize
3.3MB

Download
memory/2448-967-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2210-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp

Filesize
3.3MB

Download
memory/2536-996-0x00007FF6AA4A0000-0x00007FF6AA7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2226-0x00007FF6AA4A0000-0x00007FF6AA7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-969-0x00007FF7393B0000-0x00007FF739704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2219-0x00007FF7393B0000-0x00007FF739704000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2213-0x00007FF6B60E0000-0x00007FF6B6434000-memory.dmp

Filesize
3.3MB

Download
memory/2932-986-0x00007FF6B60E0000-0x00007FF6B6434000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2207-0x00007FF7F8060000-0x00007FF7F83B4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1006-0x00007FF7F8060000-0x00007FF7F83B4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2218-0x00007FF703750000-0x00007FF703AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-970-0x00007FF703750000-0x00007FF703AA4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-39-0x00007FF786BA0000-0x00007FF786EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2202-0x00007FF786BA0000-0x00007FF786EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-968-0x00007FF7DF2F0000-0x00007FF7DF644000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2209-0x00007FF7DF2F0000-0x00007FF7DF644000-memory.dmp

Filesize
3.3MB

Download
memory/3348-989-0x00007FF70E210000-0x00007FF70E564000-memory.dmp

Filesize
3.3MB

Download
memory/3348-2228-0x00007FF70E210000-0x00007FF70E564000-memory.dmp

Filesize
3.3MB

Download
memory/3432-1002-0x00007FF6FC4E0000-0x00007FF6FC834000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2205-0x00007FF6FC4E0000-0x00007FF6FC834000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1492-0x00007FF7802A0000-0x00007FF7805F4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-14-0x00007FF7802A0000-0x00007FF7805F4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-1432-0x00007FF6BA8F0000-0x00007FF6BAC44000-memory.dmp

Filesize
3.3MB

Download
memory/3624-8-0x00007FF6BA8F0000-0x00007FF6BAC44000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2220-0x00007FF674290000-0x00007FF6745E4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-973-0x00007FF674290000-0x00007FF6745E4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-995-0x00007FF663D50000-0x00007FF6640A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2225-0x00007FF663D50000-0x00007FF6640A4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-966-0x00007FF6906C0000-0x00007FF690A14000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2211-0x00007FF6906C0000-0x00007FF690A14000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2216-0x00007FF62B400000-0x00007FF62B754000-memory.dmp

Filesize
3.3MB

Download
memory/4592-975-0x00007FF62B400000-0x00007FF62B754000-memory.dmp

Filesize
3.3MB

Download
memory/4688-0-0x00007FF670770000-0x00007FF670AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-1355-0x00007FF670770000-0x00007FF670AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-1-0x000001D5D9A80000-0x000001D5D9A90000-memory.dmp

Filesize
64KB

Download
memory/4848-2212-0x00007FF7AB230000-0x00007FF7AB584000-memory.dmp

Filesize
3.3MB

Download
memory/4848-983-0x00007FF7AB230000-0x00007FF7AB584000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2208-0x00007FF7A4CA0000-0x00007FF7A4FF4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-963-0x00007FF7A4CA0000-0x00007FF7A4FF4000-memory.dmp

Filesize
3.3MB

Download