cobaltstrike | 605f178f3e89ef8d0515b0d71753b6d15d6769ed369147b255839f4e954a3c34

Analysis

max time kernel
96s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

045a3eb323fcc7353109aa089524b3ea
SHA1

f2283efebc8af686a35478b829f1167e9bd23215
SHA256

605f178f3e89ef8d0515b0d71753b6d15d6769ed369147b255839f4e954a3c34
SHA512

6292d656f3ab9451c4763b43943c723fd53d0ed7ffc3907cd4b36475b66a118421397d94400614eb49654f7222755f51a1eb8702302d60b8e13378a6c91f665a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000b000000023b88-6.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-13.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-24.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8f-29.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b89-34.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-41.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b91-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b94-59.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b95-63.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b96-71.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b97-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b98-82.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-86.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9a-90.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9b-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9e-113.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba4-143.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba6-159.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-169.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023bab-178.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba9-174.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023baa-173.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-164.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-154.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba3-144.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-139.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba1-134.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba0-126.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9f-124.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9c-116.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b9d-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b93-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3628-0-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b88-6.dat	xmrig
behavioral2/memory/4844-7-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8d-10.dat	xmrig
behavioral2/files/0x000a000000023b8c-13.dat	xmrig
behavioral2/memory/2876-12-0x00007FF7663E0000-0x00007FF766734000-memory.dmp	xmrig
behavioral2/memory/2640-20-0x00007FF77D210000-0x00007FF77D564000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8e-24.dat	xmrig
behavioral2/memory/4812-26-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8f-29.dat	xmrig
behavioral2/memory/436-32-0x00007FF6DFE90000-0x00007FF6E01E4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b89-34.dat	xmrig
behavioral2/files/0x000a000000023b90-41.dat	xmrig
behavioral2/memory/4012-42-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp	xmrig
behavioral2/memory/2572-38-0x00007FF602870000-0x00007FF602BC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b91-47.dat	xmrig
behavioral2/files/0x000a000000023b94-59.dat	xmrig
behavioral2/files/0x000a000000023b95-63.dat	xmrig
behavioral2/memory/2344-66-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b96-71.dat	xmrig
behavioral2/memory/3628-73-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b97-77.dat	xmrig
behavioral2/files/0x000a000000023b98-82.dat	xmrig
behavioral2/files/0x000a000000023b99-86.dat	xmrig
behavioral2/files/0x000a000000023b9a-90.dat	xmrig
behavioral2/memory/3276-88-0x00007FF6B3600000-0x00007FF6B3954000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9b-107.dat	xmrig
behavioral2/files/0x000a000000023b9e-113.dat	xmrig
behavioral2/files/0x000a000000023ba4-143.dat	xmrig
behavioral2/files/0x000a000000023ba6-159.dat	xmrig
behavioral2/files/0x000a000000023ba8-169.dat	xmrig
behavioral2/files/0x000b000000023bab-178.dat	xmrig
behavioral2/memory/4844-304-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	xmrig
behavioral2/memory/2956-312-0x00007FF7DF580000-0x00007FF7DF8D4000-memory.dmp	xmrig
behavioral2/memory/2540-317-0x00007FF6B6820000-0x00007FF6B6B74000-memory.dmp	xmrig
behavioral2/memory/400-323-0x00007FF630E70000-0x00007FF6311C4000-memory.dmp	xmrig
behavioral2/memory/2192-325-0x00007FF6CA670000-0x00007FF6CA9C4000-memory.dmp	xmrig
behavioral2/memory/2876-328-0x00007FF7663E0000-0x00007FF766734000-memory.dmp	xmrig
behavioral2/memory/3960-327-0x00007FF7B5EF0000-0x00007FF7B6244000-memory.dmp	xmrig
behavioral2/memory/4268-326-0x00007FF74BA90000-0x00007FF74BDE4000-memory.dmp	xmrig
behavioral2/memory/1020-324-0x00007FF748550000-0x00007FF7488A4000-memory.dmp	xmrig
behavioral2/memory/5108-322-0x00007FF79CB40000-0x00007FF79CE94000-memory.dmp	xmrig
behavioral2/memory/4404-320-0x00007FF711A00000-0x00007FF711D54000-memory.dmp	xmrig
behavioral2/memory/3024-319-0x00007FF7EA900000-0x00007FF7EAC54000-memory.dmp	xmrig
behavioral2/memory/2040-316-0x00007FF794AB0000-0x00007FF794E04000-memory.dmp	xmrig
behavioral2/memory/1540-314-0x00007FF7067E0000-0x00007FF706B34000-memory.dmp	xmrig
behavioral2/memory/2640-390-0x00007FF77D210000-0x00007FF77D564000-memory.dmp	xmrig
behavioral2/memory/5032-311-0x00007FF751770000-0x00007FF751AC4000-memory.dmp	xmrig
behavioral2/memory/4428-309-0x00007FF6A6880000-0x00007FF6A6BD4000-memory.dmp	xmrig
behavioral2/memory/2136-308-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp	xmrig
behavioral2/memory/4812-395-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp	xmrig
behavioral2/memory/2572-526-0x00007FF602870000-0x00007FF602BC4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023ba9-174.dat	xmrig
behavioral2/files/0x000b000000023baa-173.dat	xmrig
behavioral2/files/0x000a000000023ba7-164.dat	xmrig
behavioral2/memory/4012-578-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba5-154.dat	xmrig
behavioral2/files/0x000a000000023ba3-144.dat	xmrig
behavioral2/files/0x000a000000023ba2-139.dat	xmrig
behavioral2/files/0x000a000000023ba1-134.dat	xmrig
behavioral2/memory/1440-625-0x00007FF6AD730000-0x00007FF6ADA84000-memory.dmp	xmrig
behavioral2/memory/3640-707-0x00007FF7243D0000-0x00007FF724724000-memory.dmp	xmrig
behavioral2/memory/2344-627-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba0-126.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4844	EsoGUqH.exe
2876	DYejxUH.exe
2640	yIqmnVw.exe
4812	ehumcXp.exe
436	JEApTKP.exe
2572	jsJizaz.exe
4012	rjzSLLF.exe
1440	lyJzYUl.exe
2344	KfIURoa.exe
3276	EqmBgYl.exe
3304	HGNeNSy.exe
3176	rpbSBqd.exe
2136	mATVvgi.exe
5028	QOUMktH.exe
3640	BHzWgUG.exe
4428	jnjXUqo.exe
5032	RKiGxqp.exe
3960	ISGyYTx.exe
2956	cLjgcit.exe
1540	veFlSzk.exe
2040	LyPtflk.exe
2540	KvGyxMQ.exe
3024	bfPwZQK.exe
4404	fRebaum.exe
5108	fZCOjLW.exe
400	CzENoPT.exe
1020	ZowqIta.exe
2192	PQlhTWS.exe
4268	ZktFusd.exe
1356	PatjhCB.exe
4288	IETZEVU.exe
3196	iZuUYpb.exe
3004	cjNcNqx.exe
4064	UvEdqVQ.exe
2144	ZEGZxgH.exe
3232	cYJbjOB.exe
2240	ChsYuQg.exe
2312	hYILCcu.exe
4372	flozqUb.exe
1984	rGntXqe.exe
1816	rnYdENO.exe
5024	Eaetqyt.exe
1028	dMeKOMH.exe
812	qssBXDe.exe
4324	RdrCAyX.exe
4312	mBisRgP.exe
3880	ItxnAPY.exe
944	GCzzwsf.exe
4468	nUsWzHR.exe
4800	yeKNZTm.exe
1920	VNjdbRx.exe
2256	MNGELMY.exe
3636	tOueyLr.exe
864	WmjEhGh.exe
3860	BStlNDf.exe
4400	DiCxCvm.exe
3952	IMKvmZP.exe
3644	BghTGhh.exe
1276	TcKMLvZ.exe
2180	bKaRhwE.exe
3748	GCjATgt.exe
632	omGPAxY.exe
676	pNeHFRV.exe
3528	OGDTgwh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3628-0-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp	upx
behavioral2/files/0x000b000000023b88-6.dat	upx
behavioral2/memory/4844-7-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	upx
behavioral2/files/0x000a000000023b8d-10.dat	upx
behavioral2/files/0x000a000000023b8c-13.dat	upx
behavioral2/memory/2876-12-0x00007FF7663E0000-0x00007FF766734000-memory.dmp	upx
behavioral2/memory/2640-20-0x00007FF77D210000-0x00007FF77D564000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-24.dat	upx
behavioral2/memory/4812-26-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-29.dat	upx
behavioral2/memory/436-32-0x00007FF6DFE90000-0x00007FF6E01E4000-memory.dmp	upx
behavioral2/files/0x000b000000023b89-34.dat	upx
behavioral2/files/0x000a000000023b90-41.dat	upx
behavioral2/memory/4012-42-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp	upx
behavioral2/memory/2572-38-0x00007FF602870000-0x00007FF602BC4000-memory.dmp	upx
behavioral2/files/0x000a000000023b91-47.dat	upx
behavioral2/files/0x000a000000023b94-59.dat	upx
behavioral2/files/0x000a000000023b95-63.dat	upx
behavioral2/memory/2344-66-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-71.dat	upx
behavioral2/memory/3628-73-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-77.dat	upx
behavioral2/files/0x000a000000023b98-82.dat	upx
behavioral2/files/0x000a000000023b99-86.dat	upx
behavioral2/files/0x000a000000023b9a-90.dat	upx
behavioral2/memory/3276-88-0x00007FF6B3600000-0x00007FF6B3954000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-107.dat	upx
behavioral2/files/0x000a000000023b9e-113.dat	upx
behavioral2/files/0x000a000000023ba4-143.dat	upx
behavioral2/files/0x000a000000023ba6-159.dat	upx
behavioral2/files/0x000a000000023ba8-169.dat	upx
behavioral2/files/0x000b000000023bab-178.dat	upx
behavioral2/memory/4844-304-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	upx
behavioral2/memory/2956-312-0x00007FF7DF580000-0x00007FF7DF8D4000-memory.dmp	upx
behavioral2/memory/2540-317-0x00007FF6B6820000-0x00007FF6B6B74000-memory.dmp	upx
behavioral2/memory/400-323-0x00007FF630E70000-0x00007FF6311C4000-memory.dmp	upx
behavioral2/memory/2192-325-0x00007FF6CA670000-0x00007FF6CA9C4000-memory.dmp	upx
behavioral2/memory/2876-328-0x00007FF7663E0000-0x00007FF766734000-memory.dmp	upx
behavioral2/memory/3960-327-0x00007FF7B5EF0000-0x00007FF7B6244000-memory.dmp	upx
behavioral2/memory/4268-326-0x00007FF74BA90000-0x00007FF74BDE4000-memory.dmp	upx
behavioral2/memory/1020-324-0x00007FF748550000-0x00007FF7488A4000-memory.dmp	upx
behavioral2/memory/5108-322-0x00007FF79CB40000-0x00007FF79CE94000-memory.dmp	upx
behavioral2/memory/4404-320-0x00007FF711A00000-0x00007FF711D54000-memory.dmp	upx
behavioral2/memory/3024-319-0x00007FF7EA900000-0x00007FF7EAC54000-memory.dmp	upx
behavioral2/memory/2040-316-0x00007FF794AB0000-0x00007FF794E04000-memory.dmp	upx
behavioral2/memory/1540-314-0x00007FF7067E0000-0x00007FF706B34000-memory.dmp	upx
behavioral2/memory/2640-390-0x00007FF77D210000-0x00007FF77D564000-memory.dmp	upx
behavioral2/memory/5032-311-0x00007FF751770000-0x00007FF751AC4000-memory.dmp	upx
behavioral2/memory/4428-309-0x00007FF6A6880000-0x00007FF6A6BD4000-memory.dmp	upx
behavioral2/memory/2136-308-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp	upx
behavioral2/memory/4812-395-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp	upx
behavioral2/memory/2572-526-0x00007FF602870000-0x00007FF602BC4000-memory.dmp	upx
behavioral2/files/0x000b000000023ba9-174.dat	upx
behavioral2/files/0x000b000000023baa-173.dat	upx
behavioral2/files/0x000a000000023ba7-164.dat	upx
behavioral2/memory/4012-578-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-154.dat	upx
behavioral2/files/0x000a000000023ba3-144.dat	upx
behavioral2/files/0x000a000000023ba2-139.dat	upx
behavioral2/files/0x000a000000023ba1-134.dat	upx
behavioral2/memory/1440-625-0x00007FF6AD730000-0x00007FF6ADA84000-memory.dmp	upx
behavioral2/memory/3640-707-0x00007FF7243D0000-0x00007FF724724000-memory.dmp	upx
behavioral2/memory/2344-627-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba0-126.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KvzXNjL.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJBMCNP.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQAkGuE.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwdhZYa.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjzSLLF.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVKdgnd.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxSEhOZ.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbOnGPs.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQWYCoh.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOUMktH.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRebaum.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOueyLr.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egeuyJd.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIQKvut.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLyEGAX.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLDVBiB.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XibOYEL.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYNJrZa.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdWJYeU.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdeJhhN.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYvUzIi.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnsmzaQ.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzPoaoR.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPcSagc.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImyAwdJ.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxlxGBM.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLFrwuy.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqtMTcC.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNHfDaF.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUyiPGM.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDRCmFp.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdMTsjo.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEYyOgk.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlxBMxa.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLtKHnf.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQOlMGA.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqpwJnY.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fegXCyO.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwUTGgx.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOPdWni.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKKrRcd.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgTfQrM.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISGyYTx.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiCxCvm.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxIwVej.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YksDIQw.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CecLXqb.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpudyfG.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGjEbda.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYJbjOB.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNGELMY.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtglyWZ.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtOyHtH.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMIuLbG.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtbHttS.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtQJdwF.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeGDIdk.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsoGUqH.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNjdbRx.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTqkibx.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKHKDrO.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EavxanE.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOWHOkg.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZrPjGS.exe	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
15192	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4844	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3628 wrote to memory of 4844	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 3628 wrote to memory of 2876	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3628 wrote to memory of 2876	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 3628 wrote to memory of 2640	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3628 wrote to memory of 2640	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 3628 wrote to memory of 4812	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3628 wrote to memory of 4812	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 3628 wrote to memory of 436	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3628 wrote to memory of 436	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 3628 wrote to memory of 2572	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3628 wrote to memory of 2572	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 3628 wrote to memory of 4012	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3628 wrote to memory of 4012	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 3628 wrote to memory of 1440	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3628 wrote to memory of 1440	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 3628 wrote to memory of 2344	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3628 wrote to memory of 2344	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 3628 wrote to memory of 3276	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3628 wrote to memory of 3276	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 3628 wrote to memory of 3304	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3628 wrote to memory of 3304	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 3628 wrote to memory of 3176	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3628 wrote to memory of 3176	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 3628 wrote to memory of 2136	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3628 wrote to memory of 2136	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 3628 wrote to memory of 5028	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3628 wrote to memory of 5028	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 3628 wrote to memory of 3640	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3628 wrote to memory of 3640	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 3628 wrote to memory of 4428	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3628 wrote to memory of 4428	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 3628 wrote to memory of 5032	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3628 wrote to memory of 5032	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 3628 wrote to memory of 3960	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3628 wrote to memory of 3960	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 3628 wrote to memory of 2956	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3628 wrote to memory of 2956	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 3628 wrote to memory of 1540	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3628 wrote to memory of 1540	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 3628 wrote to memory of 2040	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3628 wrote to memory of 2040	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 3628 wrote to memory of 2540	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3628 wrote to memory of 2540	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 3628 wrote to memory of 3024	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3628 wrote to memory of 3024	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 3628 wrote to memory of 4404	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3628 wrote to memory of 4404	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 3628 wrote to memory of 5108	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3628 wrote to memory of 5108	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 3628 wrote to memory of 400	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3628 wrote to memory of 400	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 3628 wrote to memory of 1020	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3628 wrote to memory of 1020	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 3628 wrote to memory of 2192	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3628 wrote to memory of 2192	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 3628 wrote to memory of 4268	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3628 wrote to memory of 4268	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 3628 wrote to memory of 1356	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3628 wrote to memory of 1356	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 3628 wrote to memory of 4288	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3628 wrote to memory of 4288	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 3628 wrote to memory of 3196	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 3628 wrote to memory of 3196	3628	2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-03_045a3eb323fcc7353109aa089524b3ea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\System\EsoGUqH.exe
  C:\Windows\System\EsoGUqH.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\DYejxUH.exe
  C:\Windows\System\DYejxUH.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\yIqmnVw.exe
  C:\Windows\System\yIqmnVw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ehumcXp.exe
  C:\Windows\System\ehumcXp.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\JEApTKP.exe
  C:\Windows\System\JEApTKP.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\jsJizaz.exe
  C:\Windows\System\jsJizaz.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\rjzSLLF.exe
  C:\Windows\System\rjzSLLF.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\lyJzYUl.exe
  C:\Windows\System\lyJzYUl.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\KfIURoa.exe
  C:\Windows\System\KfIURoa.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\EqmBgYl.exe
  C:\Windows\System\EqmBgYl.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\HGNeNSy.exe
  C:\Windows\System\HGNeNSy.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\rpbSBqd.exe
  C:\Windows\System\rpbSBqd.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\mATVvgi.exe
  C:\Windows\System\mATVvgi.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\QOUMktH.exe
  C:\Windows\System\QOUMktH.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\BHzWgUG.exe
  C:\Windows\System\BHzWgUG.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\jnjXUqo.exe
  C:\Windows\System\jnjXUqo.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\RKiGxqp.exe
  C:\Windows\System\RKiGxqp.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\ISGyYTx.exe
  C:\Windows\System\ISGyYTx.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\cLjgcit.exe
  C:\Windows\System\cLjgcit.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\veFlSzk.exe
  C:\Windows\System\veFlSzk.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\LyPtflk.exe
  C:\Windows\System\LyPtflk.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\KvGyxMQ.exe
  C:\Windows\System\KvGyxMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\bfPwZQK.exe
  C:\Windows\System\bfPwZQK.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\fRebaum.exe
  C:\Windows\System\fRebaum.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\fZCOjLW.exe
  C:\Windows\System\fZCOjLW.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\CzENoPT.exe
  C:\Windows\System\CzENoPT.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\ZowqIta.exe
  C:\Windows\System\ZowqIta.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\PQlhTWS.exe
  C:\Windows\System\PQlhTWS.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\ZktFusd.exe
  C:\Windows\System\ZktFusd.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\PatjhCB.exe
  C:\Windows\System\PatjhCB.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\IETZEVU.exe
  C:\Windows\System\IETZEVU.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\iZuUYpb.exe
  C:\Windows\System\iZuUYpb.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\cjNcNqx.exe
  C:\Windows\System\cjNcNqx.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\UvEdqVQ.exe
  C:\Windows\System\UvEdqVQ.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\ZEGZxgH.exe
  C:\Windows\System\ZEGZxgH.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\cYJbjOB.exe
  C:\Windows\System\cYJbjOB.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\ChsYuQg.exe
  C:\Windows\System\ChsYuQg.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\hYILCcu.exe
  C:\Windows\System\hYILCcu.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\flozqUb.exe
  C:\Windows\System\flozqUb.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\rGntXqe.exe
  C:\Windows\System\rGntXqe.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\rnYdENO.exe
  C:\Windows\System\rnYdENO.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\Eaetqyt.exe
  C:\Windows\System\Eaetqyt.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\dMeKOMH.exe
  C:\Windows\System\dMeKOMH.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\qssBXDe.exe
  C:\Windows\System\qssBXDe.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\RdrCAyX.exe
  C:\Windows\System\RdrCAyX.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\mBisRgP.exe
  C:\Windows\System\mBisRgP.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\ItxnAPY.exe
  C:\Windows\System\ItxnAPY.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\GCzzwsf.exe
  C:\Windows\System\GCzzwsf.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\nUsWzHR.exe
  C:\Windows\System\nUsWzHR.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\yeKNZTm.exe
  C:\Windows\System\yeKNZTm.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\VNjdbRx.exe
  C:\Windows\System\VNjdbRx.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\MNGELMY.exe
  C:\Windows\System\MNGELMY.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\tOueyLr.exe
  C:\Windows\System\tOueyLr.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\WmjEhGh.exe
  C:\Windows\System\WmjEhGh.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\BStlNDf.exe
  C:\Windows\System\BStlNDf.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\DiCxCvm.exe
  C:\Windows\System\DiCxCvm.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\IMKvmZP.exe
  C:\Windows\System\IMKvmZP.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\BghTGhh.exe
  C:\Windows\System\BghTGhh.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\TcKMLvZ.exe
  C:\Windows\System\TcKMLvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\bKaRhwE.exe
  C:\Windows\System\bKaRhwE.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\GCjATgt.exe
  C:\Windows\System\GCjATgt.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\omGPAxY.exe
  C:\Windows\System\omGPAxY.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\pNeHFRV.exe
  C:\Windows\System\pNeHFRV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\OGDTgwh.exe
  C:\Windows\System\OGDTgwh.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\QgxCuYx.exe
  C:\Windows\System\QgxCuYx.exe
  2⤵
  PID:4036
- C:\Windows\System\xVwKIQm.exe
  C:\Windows\System\xVwKIQm.exe
  2⤵
  PID:2016
- C:\Windows\System\LyYfxyn.exe
  C:\Windows\System\LyYfxyn.exe
  2⤵
  PID:4440
- C:\Windows\System\GqPsmvA.exe
  C:\Windows\System\GqPsmvA.exe
  2⤵
  PID:2124
- C:\Windows\System\LEOFWTc.exe
  C:\Windows\System\LEOFWTc.exe
  2⤵
  PID:3160
- C:\Windows\System\sNjjZka.exe
  C:\Windows\System\sNjjZka.exe
  2⤵
  PID:4060
- C:\Windows\System\qUiKchn.exe
  C:\Windows\System\qUiKchn.exe
  2⤵
  PID:4804
- C:\Windows\System\MeIPHAR.exe
  C:\Windows\System\MeIPHAR.exe
  2⤵
  PID:2728
- C:\Windows\System\OyJpUwA.exe
  C:\Windows\System\OyJpUwA.exe
  2⤵
  PID:4572
- C:\Windows\System\YlhVAlO.exe
  C:\Windows\System\YlhVAlO.exe
  2⤵
  PID:1568
- C:\Windows\System\yozFMZn.exe
  C:\Windows\System\yozFMZn.exe
  2⤵
  PID:3084
- C:\Windows\System\RzYacSA.exe
  C:\Windows\System\RzYacSA.exe
  2⤵
  PID:860
- C:\Windows\System\swtXGHz.exe
  C:\Windows\System\swtXGHz.exe
  2⤵
  PID:728
- C:\Windows\System\bXpomjG.exe
  C:\Windows\System\bXpomjG.exe
  2⤵
  PID:1216
- C:\Windows\System\FTMREiD.exe
  C:\Windows\System\FTMREiD.exe
  2⤵
  PID:4768
- C:\Windows\System\WBpnSVU.exe
  C:\Windows\System\WBpnSVU.exe
  2⤵
  PID:456
- C:\Windows\System\YBLKuAF.exe
  C:\Windows\System\YBLKuAF.exe
  2⤵
  PID:408
- C:\Windows\System\OeeNqjl.exe
  C:\Windows\System\OeeNqjl.exe
  2⤵
  PID:1120
- C:\Windows\System\vqyUTwz.exe
  C:\Windows\System\vqyUTwz.exe
  2⤵
  PID:648
- C:\Windows\System\HYwoKlL.exe
  C:\Windows\System\HYwoKlL.exe
  2⤵
  PID:1052
- C:\Windows\System\MxTMwtU.exe
  C:\Windows\System\MxTMwtU.exe
  2⤵
  PID:2388
- C:\Windows\System\lkpbHpB.exe
  C:\Windows\System\lkpbHpB.exe
  2⤵
  PID:1744
- C:\Windows\System\ckkdKuv.exe
  C:\Windows\System\ckkdKuv.exe
  2⤵
  PID:2452
- C:\Windows\System\SwknsGL.exe
  C:\Windows\System\SwknsGL.exe
  2⤵
  PID:2228
- C:\Windows\System\hgonHsM.exe
  C:\Windows\System\hgonHsM.exe
  2⤵
  PID:4584
- C:\Windows\System\XibOYEL.exe
  C:\Windows\System\XibOYEL.exe
  2⤵
  PID:5124
- C:\Windows\System\xeybWUF.exe
  C:\Windows\System\xeybWUF.exe
  2⤵
  PID:5152
- C:\Windows\System\AWiqnOB.exe
  C:\Windows\System\AWiqnOB.exe
  2⤵
  PID:5180
- C:\Windows\System\DvJLMyT.exe
  C:\Windows\System\DvJLMyT.exe
  2⤵
  PID:5224
- C:\Windows\System\ZSowARQ.exe
  C:\Windows\System\ZSowARQ.exe
  2⤵
  PID:5244
- C:\Windows\System\SPEANGs.exe
  C:\Windows\System\SPEANGs.exe
  2⤵
  PID:5272
- C:\Windows\System\cJNkQAf.exe
  C:\Windows\System\cJNkQAf.exe
  2⤵
  PID:5300
- C:\Windows\System\GeQSppm.exe
  C:\Windows\System\GeQSppm.exe
  2⤵
  PID:5328
- C:\Windows\System\VgeSIOD.exe
  C:\Windows\System\VgeSIOD.exe
  2⤵
  PID:5356
- C:\Windows\System\ZbbsrCu.exe
  C:\Windows\System\ZbbsrCu.exe
  2⤵
  PID:5404
- C:\Windows\System\hEkjPWn.exe
  C:\Windows\System\hEkjPWn.exe
  2⤵
  PID:5476
- C:\Windows\System\VtzFGZW.exe
  C:\Windows\System\VtzFGZW.exe
  2⤵
  PID:5504
- C:\Windows\System\YlNxyCU.exe
  C:\Windows\System\YlNxyCU.exe
  2⤵
  PID:5532
- C:\Windows\System\BcHDfED.exe
  C:\Windows\System\BcHDfED.exe
  2⤵
  PID:5560
- C:\Windows\System\tfdgKjW.exe
  C:\Windows\System\tfdgKjW.exe
  2⤵
  PID:5588
- C:\Windows\System\yMVNIrd.exe
  C:\Windows\System\yMVNIrd.exe
  2⤵
  PID:5628
- C:\Windows\System\ATHpEiU.exe
  C:\Windows\System\ATHpEiU.exe
  2⤵
  PID:5652
- C:\Windows\System\FJlCmWu.exe
  C:\Windows\System\FJlCmWu.exe
  2⤵
  PID:5680
- C:\Windows\System\QQptjGO.exe
  C:\Windows\System\QQptjGO.exe
  2⤵
  PID:5708
- C:\Windows\System\WNgzWWQ.exe
  C:\Windows\System\WNgzWWQ.exe
  2⤵
  PID:5732
- C:\Windows\System\pzQYMJQ.exe
  C:\Windows\System\pzQYMJQ.exe
  2⤵
  PID:5756
- C:\Windows\System\xkcfKFp.exe
  C:\Windows\System\xkcfKFp.exe
  2⤵
  PID:5784
- C:\Windows\System\VWOwfLV.exe
  C:\Windows\System\VWOwfLV.exe
  2⤵
  PID:5820
- C:\Windows\System\HaPXnxc.exe
  C:\Windows\System\HaPXnxc.exe
  2⤵
  PID:5848
- C:\Windows\System\PyivHoS.exe
  C:\Windows\System\PyivHoS.exe
  2⤵
  PID:5876
- C:\Windows\System\DwAXaID.exe
  C:\Windows\System\DwAXaID.exe
  2⤵
  PID:5896
- C:\Windows\System\lWLWGli.exe
  C:\Windows\System\lWLWGli.exe
  2⤵
  PID:5924
- C:\Windows\System\XnOXEjO.exe
  C:\Windows\System\XnOXEjO.exe
  2⤵
  PID:5960
- C:\Windows\System\XxknmXu.exe
  C:\Windows\System\XxknmXu.exe
  2⤵
  PID:5988
- C:\Windows\System\ihimvQW.exe
  C:\Windows\System\ihimvQW.exe
  2⤵
  PID:6016
- C:\Windows\System\VprwLUc.exe
  C:\Windows\System\VprwLUc.exe
  2⤵
  PID:6048
- C:\Windows\System\OVgZbwG.exe
  C:\Windows\System\OVgZbwG.exe
  2⤵
  PID:6064
- C:\Windows\System\DBhRgJj.exe
  C:\Windows\System\DBhRgJj.exe
  2⤵
  PID:6100
- C:\Windows\System\MYNJrZa.exe
  C:\Windows\System\MYNJrZa.exe
  2⤵
  PID:6120
- C:\Windows\System\YpfyKnM.exe
  C:\Windows\System\YpfyKnM.exe
  2⤵
  PID:3248
- C:\Windows\System\nJzhkMb.exe
  C:\Windows\System\nJzhkMb.exe
  2⤵
  PID:2748
- C:\Windows\System\pLEEoKA.exe
  C:\Windows\System\pLEEoKA.exe
  2⤵
  PID:5144
- C:\Windows\System\rearoPc.exe
  C:\Windows\System\rearoPc.exe
  2⤵
  PID:4704
- C:\Windows\System\oVQjtmf.exe
  C:\Windows\System\oVQjtmf.exe
  2⤵
  PID:5292
- C:\Windows\System\MSSJwvQ.exe
  C:\Windows\System\MSSJwvQ.exe
  2⤵
  PID:1204
- C:\Windows\System\QCdieDF.exe
  C:\Windows\System\QCdieDF.exe
  2⤵
  PID:4000
- C:\Windows\System\CdQtqhm.exe
  C:\Windows\System\CdQtqhm.exe
  2⤵
  PID:4480
- C:\Windows\System\VZglkIM.exe
  C:\Windows\System\VZglkIM.exe
  2⤵
  PID:5384
- C:\Windows\System\qOuPUQI.exe
  C:\Windows\System\qOuPUQI.exe
  2⤵
  PID:5464
- C:\Windows\System\kJTbfCE.exe
  C:\Windows\System\kJTbfCE.exe
  2⤵
  PID:5524
- C:\Windows\System\kRKSBAv.exe
  C:\Windows\System\kRKSBAv.exe
  2⤵
  PID:5584
- C:\Windows\System\kfWJxDV.exe
  C:\Windows\System\kfWJxDV.exe
  2⤵
  PID:5660
- C:\Windows\System\ktiJIOB.exe
  C:\Windows\System\ktiJIOB.exe
  2⤵
  PID:5712
- C:\Windows\System\gcDebUH.exe
  C:\Windows\System\gcDebUH.exe
  2⤵
  PID:5768
- C:\Windows\System\GuMmlmc.exe
  C:\Windows\System\GuMmlmc.exe
  2⤵
  PID:5804
- C:\Windows\System\Hogyond.exe
  C:\Windows\System\Hogyond.exe
  2⤵
  PID:5868
- C:\Windows\System\zIkiIUk.exe
  C:\Windows\System\zIkiIUk.exe
  2⤵
  PID:5908
- C:\Windows\System\ZSTgeHw.exe
  C:\Windows\System\ZSTgeHw.exe
  2⤵
  PID:5952
- C:\Windows\System\DleXupm.exe
  C:\Windows\System\DleXupm.exe
  2⤵
  PID:6024
- C:\Windows\System\hLBNDcs.exe
  C:\Windows\System\hLBNDcs.exe
  2⤵
  PID:6084
- C:\Windows\System\mWQFxuv.exe
  C:\Windows\System\mWQFxuv.exe
  2⤵
  PID:6140
- C:\Windows\System\heJKvGh.exe
  C:\Windows\System\heJKvGh.exe
  2⤵
  PID:5176
- C:\Windows\System\ImyAwdJ.exe
  C:\Windows\System\ImyAwdJ.exe
  2⤵
  PID:4788
- C:\Windows\System\CwbAPPN.exe
  C:\Windows\System\CwbAPPN.exe
  2⤵
  PID:5436
- C:\Windows\System\aBQyooY.exe
  C:\Windows\System\aBQyooY.exe
  2⤵
  PID:4984
- C:\Windows\System\fegXCyO.exe
  C:\Windows\System\fegXCyO.exe
  2⤵
  PID:5624
- C:\Windows\System\VMUCBFb.exe
  C:\Windows\System\VMUCBFb.exe
  2⤵
  PID:3432
- C:\Windows\System\DQkpJkA.exe
  C:\Windows\System\DQkpJkA.exe
  2⤵
  PID:2008
- C:\Windows\System\ibSENqQ.exe
  C:\Windows\System\ibSENqQ.exe
  2⤵
  PID:5980
- C:\Windows\System\JeQxIwK.exe
  C:\Windows\System\JeQxIwK.exe
  2⤵
  PID:6056
- C:\Windows\System\LdWJYeU.exe
  C:\Windows\System\LdWJYeU.exe
  2⤵
  PID:5236
- C:\Windows\System\BfgfVft.exe
  C:\Windows\System\BfgfVft.exe
  2⤵
  PID:3744
- C:\Windows\System\bXLnovV.exe
  C:\Windows\System\bXLnovV.exe
  2⤵
  PID:2996
- C:\Windows\System\SdjFBch.exe
  C:\Windows\System\SdjFBch.exe
  2⤵
  PID:6000
- C:\Windows\System\egeuyJd.exe
  C:\Windows\System\egeuyJd.exe
  2⤵
  PID:4936
- C:\Windows\System\DGDVzNj.exe
  C:\Windows\System\DGDVzNj.exe
  2⤵
  PID:2792
- C:\Windows\System\EwUTGgx.exe
  C:\Windows\System\EwUTGgx.exe
  2⤵
  PID:1868
- C:\Windows\System\aVtVWOD.exe
  C:\Windows\System\aVtVWOD.exe
  2⤵
  PID:3404
- C:\Windows\System\OOGewud.exe
  C:\Windows\System\OOGewud.exe
  2⤵
  PID:2892
- C:\Windows\System\KvzXNjL.exe
  C:\Windows\System\KvzXNjL.exe
  2⤵
  PID:1344
- C:\Windows\System\UstUKUl.exe
  C:\Windows\System\UstUKUl.exe
  2⤵
  PID:6168
- C:\Windows\System\OorHfIN.exe
  C:\Windows\System\OorHfIN.exe
  2⤵
  PID:6192
- C:\Windows\System\vyzGFRo.exe
  C:\Windows\System\vyzGFRo.exe
  2⤵
  PID:6228
- C:\Windows\System\MAqcwbK.exe
  C:\Windows\System\MAqcwbK.exe
  2⤵
  PID:6256
- C:\Windows\System\EQahlLP.exe
  C:\Windows\System\EQahlLP.exe
  2⤵
  PID:6284
- C:\Windows\System\htVwRBQ.exe
  C:\Windows\System\htVwRBQ.exe
  2⤵
  PID:6316
- C:\Windows\System\NOnoqLl.exe
  C:\Windows\System\NOnoqLl.exe
  2⤵
  PID:6336
- C:\Windows\System\BiOBsBo.exe
  C:\Windows\System\BiOBsBo.exe
  2⤵
  PID:6372
- C:\Windows\System\MVClnQl.exe
  C:\Windows\System\MVClnQl.exe
  2⤵
  PID:6392
- C:\Windows\System\yYCksbC.exe
  C:\Windows\System\yYCksbC.exe
  2⤵
  PID:6428
- C:\Windows\System\tmwYWRX.exe
  C:\Windows\System\tmwYWRX.exe
  2⤵
  PID:6464
- C:\Windows\System\dnPPmxX.exe
  C:\Windows\System\dnPPmxX.exe
  2⤵
  PID:6488
- C:\Windows\System\rqKEMjR.exe
  C:\Windows\System\rqKEMjR.exe
  2⤵
  PID:6508
- C:\Windows\System\AKcLfoC.exe
  C:\Windows\System\AKcLfoC.exe
  2⤵
  PID:6552
- C:\Windows\System\jxYPfWq.exe
  C:\Windows\System\jxYPfWq.exe
  2⤵
  PID:6580
- C:\Windows\System\eBYDVkb.exe
  C:\Windows\System\eBYDVkb.exe
  2⤵
  PID:6612
- C:\Windows\System\KxlxGBM.exe
  C:\Windows\System\KxlxGBM.exe
  2⤵
  PID:6636
- C:\Windows\System\vbVFLVJ.exe
  C:\Windows\System\vbVFLVJ.exe
  2⤵
  PID:6664
- C:\Windows\System\WGbeLZf.exe
  C:\Windows\System\WGbeLZf.exe
  2⤵
  PID:6688
- C:\Windows\System\MVKdgnd.exe
  C:\Windows\System\MVKdgnd.exe
  2⤵
  PID:6724
- C:\Windows\System\Llidtoz.exe
  C:\Windows\System\Llidtoz.exe
  2⤵
  PID:6748
- C:\Windows\System\NjTgMpZ.exe
  C:\Windows\System\NjTgMpZ.exe
  2⤵
  PID:6776
- C:\Windows\System\yNGdfGr.exe
  C:\Windows\System\yNGdfGr.exe
  2⤵
  PID:6808
- C:\Windows\System\sLFrwuy.exe
  C:\Windows\System\sLFrwuy.exe
  2⤵
  PID:6836
- C:\Windows\System\dNsAkSW.exe
  C:\Windows\System\dNsAkSW.exe
  2⤵
  PID:6868
- C:\Windows\System\KnfpNMi.exe
  C:\Windows\System\KnfpNMi.exe
  2⤵
  PID:6900
- C:\Windows\System\NTNggZx.exe
  C:\Windows\System\NTNggZx.exe
  2⤵
  PID:6924
- C:\Windows\System\XMSSFWS.exe
  C:\Windows\System\XMSSFWS.exe
  2⤵
  PID:6952
- C:\Windows\System\cXUgAXG.exe
  C:\Windows\System\cXUgAXG.exe
  2⤵
  PID:6980
- C:\Windows\System\obTkEgk.exe
  C:\Windows\System\obTkEgk.exe
  2⤵
  PID:7008
- C:\Windows\System\yBiNTOh.exe
  C:\Windows\System\yBiNTOh.exe
  2⤵
  PID:7040
- C:\Windows\System\IHePcxf.exe
  C:\Windows\System\IHePcxf.exe
  2⤵
  PID:7060
- C:\Windows\System\CYkzBqg.exe
  C:\Windows\System\CYkzBqg.exe
  2⤵
  PID:7104
- C:\Windows\System\QUufTAw.exe
  C:\Windows\System\QUufTAw.exe
  2⤵
  PID:7128
- C:\Windows\System\BEOlPPe.exe
  C:\Windows\System\BEOlPPe.exe
  2⤵
  PID:7156
- C:\Windows\System\VANEbwq.exe
  C:\Windows\System\VANEbwq.exe
  2⤵
  PID:6184
- C:\Windows\System\eOzUecY.exe
  C:\Windows\System\eOzUecY.exe
  2⤵
  PID:6236
- C:\Windows\System\WYmNOyJ.exe
  C:\Windows\System\WYmNOyJ.exe
  2⤵
  PID:6268
- C:\Windows\System\XOeEKGN.exe
  C:\Windows\System\XOeEKGN.exe
  2⤵
  PID:6328
- C:\Windows\System\HkVWagg.exe
  C:\Windows\System\HkVWagg.exe
  2⤵
  PID:1492
- C:\Windows\System\AJiDRAy.exe
  C:\Windows\System\AJiDRAy.exe
  2⤵
  PID:6444
- C:\Windows\System\KAFciiv.exe
  C:\Windows\System\KAFciiv.exe
  2⤵
  PID:6536
- C:\Windows\System\NejxoZU.exe
  C:\Windows\System\NejxoZU.exe
  2⤵
  PID:6596
- C:\Windows\System\eCPNfpQ.exe
  C:\Windows\System\eCPNfpQ.exe
  2⤵
  PID:6648
- C:\Windows\System\jaBAFJz.exe
  C:\Windows\System\jaBAFJz.exe
  2⤵
  PID:6720
- C:\Windows\System\lPelXLS.exe
  C:\Windows\System\lPelXLS.exe
  2⤵
  PID:6760
- C:\Windows\System\mnNfmQA.exe
  C:\Windows\System\mnNfmQA.exe
  2⤵
  PID:6844
- C:\Windows\System\cCDPBdA.exe
  C:\Windows\System\cCDPBdA.exe
  2⤵
  PID:6888
- C:\Windows\System\uNYxvZF.exe
  C:\Windows\System\uNYxvZF.exe
  2⤵
  PID:6944
- C:\Windows\System\tAHfGMo.exe
  C:\Windows\System\tAHfGMo.exe
  2⤵
  PID:3240
- C:\Windows\System\hLFihsB.exe
  C:\Windows\System\hLFihsB.exe
  2⤵
  PID:7088
- C:\Windows\System\ttVhFpi.exe
  C:\Windows\System\ttVhFpi.exe
  2⤵
  PID:7140
- C:\Windows\System\PzMpIMK.exe
  C:\Windows\System\PzMpIMK.exe
  2⤵
  PID:6176
- C:\Windows\System\cOPdWni.exe
  C:\Windows\System\cOPdWni.exe
  2⤵
  PID:6308
- C:\Windows\System\xtsBECD.exe
  C:\Windows\System\xtsBECD.exe
  2⤵
  PID:6476
- C:\Windows\System\gKCHkwE.exe
  C:\Windows\System\gKCHkwE.exe
  2⤵
  PID:2496
- C:\Windows\System\kzoBkaw.exe
  C:\Windows\System\kzoBkaw.exe
  2⤵
  PID:6788
- C:\Windows\System\mammLYE.exe
  C:\Windows\System\mammLYE.exe
  2⤵
  PID:6856
- C:\Windows\System\GjLIpMZ.exe
  C:\Windows\System\GjLIpMZ.exe
  2⤵
  PID:7000
- C:\Windows\System\LLyZtNn.exe
  C:\Windows\System\LLyZtNn.exe
  2⤵
  PID:7120
- C:\Windows\System\AkbQsgx.exe
  C:\Windows\System\AkbQsgx.exe
  2⤵
  PID:6352
- C:\Windows\System\xzDurJq.exe
  C:\Windows\System\xzDurJq.exe
  2⤵
  PID:6676
- C:\Windows\System\sdcJDZl.exe
  C:\Windows\System\sdcJDZl.exe
  2⤵
  PID:6932
- C:\Windows\System\yYvSXNl.exe
  C:\Windows\System\yYvSXNl.exe
  2⤵
  PID:7024
- C:\Windows\System\FxIwVej.exe
  C:\Windows\System\FxIwVej.exe
  2⤵
  PID:6992
- C:\Windows\System\DusJifw.exe
  C:\Windows\System\DusJifw.exe
  2⤵
  PID:6588
- C:\Windows\System\cGTJQPQ.exe
  C:\Windows\System\cGTJQPQ.exe
  2⤵
  PID:7176
- C:\Windows\System\IJcClZD.exe
  C:\Windows\System\IJcClZD.exe
  2⤵
  PID:7204
- C:\Windows\System\OzroXjr.exe
  C:\Windows\System\OzroXjr.exe
  2⤵
  PID:7232
- C:\Windows\System\cbGjdqP.exe
  C:\Windows\System\cbGjdqP.exe
  2⤵
  PID:7268
- C:\Windows\System\fjTXwCc.exe
  C:\Windows\System\fjTXwCc.exe
  2⤵
  PID:7288
- C:\Windows\System\tXKsaIh.exe
  C:\Windows\System\tXKsaIh.exe
  2⤵
  PID:7316
- C:\Windows\System\rTbZwui.exe
  C:\Windows\System\rTbZwui.exe
  2⤵
  PID:7344
- C:\Windows\System\frsYBNT.exe
  C:\Windows\System\frsYBNT.exe
  2⤵
  PID:7372
- C:\Windows\System\YqDkvtc.exe
  C:\Windows\System\YqDkvtc.exe
  2⤵
  PID:7400
- C:\Windows\System\fZGUDRa.exe
  C:\Windows\System\fZGUDRa.exe
  2⤵
  PID:7428
- C:\Windows\System\NphNPSJ.exe
  C:\Windows\System\NphNPSJ.exe
  2⤵
  PID:7460
- C:\Windows\System\LnkojGb.exe
  C:\Windows\System\LnkojGb.exe
  2⤵
  PID:7492
- C:\Windows\System\PuesszE.exe
  C:\Windows\System\PuesszE.exe
  2⤵
  PID:7512
- C:\Windows\System\yTqkibx.exe
  C:\Windows\System\yTqkibx.exe
  2⤵
  PID:7540
- C:\Windows\System\yAaZaBO.exe
  C:\Windows\System\yAaZaBO.exe
  2⤵
  PID:7568
- C:\Windows\System\ZIGGtra.exe
  C:\Windows\System\ZIGGtra.exe
  2⤵
  PID:7596
- C:\Windows\System\eKHKDrO.exe
  C:\Windows\System\eKHKDrO.exe
  2⤵
  PID:7624
- C:\Windows\System\UmDUApD.exe
  C:\Windows\System\UmDUApD.exe
  2⤵
  PID:7652
- C:\Windows\System\fzYKVxm.exe
  C:\Windows\System\fzYKVxm.exe
  2⤵
  PID:7680
- C:\Windows\System\RCXtcbi.exe
  C:\Windows\System\RCXtcbi.exe
  2⤵
  PID:7712
- C:\Windows\System\oPlRZOQ.exe
  C:\Windows\System\oPlRZOQ.exe
  2⤵
  PID:7736
- C:\Windows\System\zcHnPyC.exe
  C:\Windows\System\zcHnPyC.exe
  2⤵
  PID:7772
- C:\Windows\System\wZbYHHM.exe
  C:\Windows\System\wZbYHHM.exe
  2⤵
  PID:7804
- C:\Windows\System\xOitDWe.exe
  C:\Windows\System\xOitDWe.exe
  2⤵
  PID:7824
- C:\Windows\System\TKlDZQE.exe
  C:\Windows\System\TKlDZQE.exe
  2⤵
  PID:7840
- C:\Windows\System\gnnONBw.exe
  C:\Windows\System\gnnONBw.exe
  2⤵
  PID:7868
- C:\Windows\System\uzdGkTi.exe
  C:\Windows\System\uzdGkTi.exe
  2⤵
  PID:7884
- C:\Windows\System\JKEkIkQ.exe
  C:\Windows\System\JKEkIkQ.exe
  2⤵
  PID:7912
- C:\Windows\System\ulqzOXl.exe
  C:\Windows\System\ulqzOXl.exe
  2⤵
  PID:7964
- C:\Windows\System\SofHKzE.exe
  C:\Windows\System\SofHKzE.exe
  2⤵
  PID:7996
- C:\Windows\System\fzMwlQV.exe
  C:\Windows\System\fzMwlQV.exe
  2⤵
  PID:8028
- C:\Windows\System\vmJGoAZ.exe
  C:\Windows\System\vmJGoAZ.exe
  2⤵
  PID:8060
- C:\Windows\System\ORxMXnq.exe
  C:\Windows\System\ORxMXnq.exe
  2⤵
  PID:8080
- C:\Windows\System\ASvxzba.exe
  C:\Windows\System\ASvxzba.exe
  2⤵
  PID:8108
- C:\Windows\System\HyYcdeR.exe
  C:\Windows\System\HyYcdeR.exe
  2⤵
  PID:8136
- C:\Windows\System\FpwerKb.exe
  C:\Windows\System\FpwerKb.exe
  2⤵
  PID:8164
- C:\Windows\System\lWrlWwO.exe
  C:\Windows\System\lWrlWwO.exe
  2⤵
  PID:7172
- C:\Windows\System\HmyFAWS.exe
  C:\Windows\System\HmyFAWS.exe
  2⤵
  PID:7228
- C:\Windows\System\iaSiJyn.exe
  C:\Windows\System\iaSiJyn.exe
  2⤵
  PID:7284
- C:\Windows\System\GZLbMLN.exe
  C:\Windows\System\GZLbMLN.exe
  2⤵
  PID:7340
- C:\Windows\System\yWBLrRn.exe
  C:\Windows\System\yWBLrRn.exe
  2⤵
  PID:7420
- C:\Windows\System\cWHTGBg.exe
  C:\Windows\System\cWHTGBg.exe
  2⤵
  PID:7500
- C:\Windows\System\zoeHSAS.exe
  C:\Windows\System\zoeHSAS.exe
  2⤵
  PID:7536
- C:\Windows\System\SQxhDqW.exe
  C:\Windows\System\SQxhDqW.exe
  2⤵
  PID:7588
- C:\Windows\System\JYyHeim.exe
  C:\Windows\System\JYyHeim.exe
  2⤵
  PID:7644
- C:\Windows\System\mcuixdi.exe
  C:\Windows\System\mcuixdi.exe
  2⤵
  PID:7700
- C:\Windows\System\aOOeJhl.exe
  C:\Windows\System\aOOeJhl.exe
  2⤵
  PID:7784
- C:\Windows\System\NUyiPGM.exe
  C:\Windows\System\NUyiPGM.exe
  2⤵
  PID:7852
- C:\Windows\System\gcSORcB.exe
  C:\Windows\System\gcSORcB.exe
  2⤵
  PID:4892
- C:\Windows\System\jKtatEj.exe
  C:\Windows\System\jKtatEj.exe
  2⤵
  PID:7944
- C:\Windows\System\XDGlcvT.exe
  C:\Windows\System\XDGlcvT.exe
  2⤵
  PID:8020
- C:\Windows\System\Ezokvoa.exe
  C:\Windows\System\Ezokvoa.exe
  2⤵
  PID:8092
- C:\Windows\System\cZFSMVq.exe
  C:\Windows\System\cZFSMVq.exe
  2⤵
  PID:8132
- C:\Windows\System\zYYzHjd.exe
  C:\Windows\System\zYYzHjd.exe
  2⤵
  PID:8188
- C:\Windows\System\qnWIDMe.exe
  C:\Windows\System\qnWIDMe.exe
  2⤵
  PID:1872
- C:\Windows\System\JDRCmFp.exe
  C:\Windows\System\JDRCmFp.exe
  2⤵
  PID:7452
- C:\Windows\System\YWhqUvg.exe
  C:\Windows\System\YWhqUvg.exe
  2⤵
  PID:7532
- C:\Windows\System\Elcpyjk.exe
  C:\Windows\System\Elcpyjk.exe
  2⤵
  PID:3920
- C:\Windows\System\MbCUYco.exe
  C:\Windows\System\MbCUYco.exe
  2⤵
  PID:7756
- C:\Windows\System\gyylvmK.exe
  C:\Windows\System\gyylvmK.exe
  2⤵
  PID:7988
- C:\Windows\System\EavxanE.exe
  C:\Windows\System\EavxanE.exe
  2⤵
  PID:8076
- C:\Windows\System\mQjorsp.exe
  C:\Windows\System\mQjorsp.exe
  2⤵
  PID:2788
- C:\Windows\System\zSdrjHu.exe
  C:\Windows\System\zSdrjHu.exe
  2⤵
  PID:7392
- C:\Windows\System\nLBPtGB.exe
  C:\Windows\System\nLBPtGB.exe
  2⤵
  PID:7636
- C:\Windows\System\DNCEEhZ.exe
  C:\Windows\System\DNCEEhZ.exe
  2⤵
  PID:7904
- C:\Windows\System\NEdGBqc.exe
  C:\Windows\System\NEdGBqc.exe
  2⤵
  PID:4076
- C:\Windows\System\mQEfSsR.exe
  C:\Windows\System\mQEfSsR.exe
  2⤵
  PID:1308
- C:\Windows\System\nWsBcar.exe
  C:\Windows\System\nWsBcar.exe
  2⤵
  PID:5412
- C:\Windows\System\eVcwOov.exe
  C:\Windows\System\eVcwOov.exe
  2⤵
  PID:7876
- C:\Windows\System\RyHPtdn.exe
  C:\Windows\System\RyHPtdn.exe
  2⤵
  PID:8212
- C:\Windows\System\bQmjots.exe
  C:\Windows\System\bQmjots.exe
  2⤵
  PID:8240
- C:\Windows\System\PdSfvwi.exe
  C:\Windows\System\PdSfvwi.exe
  2⤵
  PID:8272
- C:\Windows\System\XtbHttS.exe
  C:\Windows\System\XtbHttS.exe
  2⤵
  PID:8296
- C:\Windows\System\NPjysMo.exe
  C:\Windows\System\NPjysMo.exe
  2⤵
  PID:8324
- C:\Windows\System\vvhhuGy.exe
  C:\Windows\System\vvhhuGy.exe
  2⤵
  PID:8352
- C:\Windows\System\LdWbyfv.exe
  C:\Windows\System\LdWbyfv.exe
  2⤵
  PID:8380
- C:\Windows\System\NTZbfKO.exe
  C:\Windows\System\NTZbfKO.exe
  2⤵
  PID:8408
- C:\Windows\System\NMwEErS.exe
  C:\Windows\System\NMwEErS.exe
  2⤵
  PID:8436
- C:\Windows\System\jPxfaBh.exe
  C:\Windows\System\jPxfaBh.exe
  2⤵
  PID:8476
- C:\Windows\System\YnwMhZe.exe
  C:\Windows\System\YnwMhZe.exe
  2⤵
  PID:8512
- C:\Windows\System\NIoasZH.exe
  C:\Windows\System\NIoasZH.exe
  2⤵
  PID:8536
- C:\Windows\System\KECMjpc.exe
  C:\Windows\System\KECMjpc.exe
  2⤵
  PID:8564
- C:\Windows\System\CsGGJOY.exe
  C:\Windows\System\CsGGJOY.exe
  2⤵
  PID:8584
- C:\Windows\System\qFlofXI.exe
  C:\Windows\System\qFlofXI.exe
  2⤵
  PID:8612
- C:\Windows\System\ERHAisN.exe
  C:\Windows\System\ERHAisN.exe
  2⤵
  PID:8644
- C:\Windows\System\tnRzwms.exe
  C:\Windows\System\tnRzwms.exe
  2⤵
  PID:8672
- C:\Windows\System\BilOOOS.exe
  C:\Windows\System\BilOOOS.exe
  2⤵
  PID:8700
- C:\Windows\System\MIaZfxd.exe
  C:\Windows\System\MIaZfxd.exe
  2⤵
  PID:8728
- C:\Windows\System\LfMnTgh.exe
  C:\Windows\System\LfMnTgh.exe
  2⤵
  PID:8764
- C:\Windows\System\ycJrzHO.exe
  C:\Windows\System\ycJrzHO.exe
  2⤵
  PID:8792
- C:\Windows\System\bhiNSgY.exe
  C:\Windows\System\bhiNSgY.exe
  2⤵
  PID:8820
- C:\Windows\System\DAaFgzs.exe
  C:\Windows\System\DAaFgzs.exe
  2⤵
  PID:8856
- C:\Windows\System\QdVXIiI.exe
  C:\Windows\System\QdVXIiI.exe
  2⤵
  PID:8876
- C:\Windows\System\ifNAMqz.exe
  C:\Windows\System\ifNAMqz.exe
  2⤵
  PID:8912
- C:\Windows\System\NOLTFDa.exe
  C:\Windows\System\NOLTFDa.exe
  2⤵
  PID:8948
- C:\Windows\System\ZiUSljh.exe
  C:\Windows\System\ZiUSljh.exe
  2⤵
  PID:8968
- C:\Windows\System\ddVrroF.exe
  C:\Windows\System\ddVrroF.exe
  2⤵
  PID:9004
- C:\Windows\System\PVScjmT.exe
  C:\Windows\System\PVScjmT.exe
  2⤵
  PID:9032
- C:\Windows\System\PcRncpE.exe
  C:\Windows\System\PcRncpE.exe
  2⤵
  PID:9052
- C:\Windows\System\FyzUwep.exe
  C:\Windows\System\FyzUwep.exe
  2⤵
  PID:9088
- C:\Windows\System\MyuKSZP.exe
  C:\Windows\System\MyuKSZP.exe
  2⤵
  PID:9108
- C:\Windows\System\WLjXwFx.exe
  C:\Windows\System\WLjXwFx.exe
  2⤵
  PID:9136
- C:\Windows\System\QdMTsjo.exe
  C:\Windows\System\QdMTsjo.exe
  2⤵
  PID:9176
- C:\Windows\System\uYRCTwN.exe
  C:\Windows\System\uYRCTwN.exe
  2⤵
  PID:9200
- C:\Windows\System\OYCwoOt.exe
  C:\Windows\System\OYCwoOt.exe
  2⤵
  PID:8224
- C:\Windows\System\DbJidvx.exe
  C:\Windows\System\DbJidvx.exe
  2⤵
  PID:8292
- C:\Windows\System\mxYFUse.exe
  C:\Windows\System\mxYFUse.exe
  2⤵
  PID:8348
- C:\Windows\System\ZyXelZP.exe
  C:\Windows\System\ZyXelZP.exe
  2⤵
  PID:8404
- C:\Windows\System\miNtVLJ.exe
  C:\Windows\System\miNtVLJ.exe
  2⤵
  PID:8484
- C:\Windows\System\CLKExVF.exe
  C:\Windows\System\CLKExVF.exe
  2⤵
  PID:8552
- C:\Windows\System\EDesKMS.exe
  C:\Windows\System\EDesKMS.exe
  2⤵
  PID:4280
- C:\Windows\System\VyWCppv.exe
  C:\Windows\System\VyWCppv.exe
  2⤵
  PID:8692
- C:\Windows\System\rEneXxI.exe
  C:\Windows\System\rEneXxI.exe
  2⤵
  PID:8760
- C:\Windows\System\jgQRLKR.exe
  C:\Windows\System\jgQRLKR.exe
  2⤵
  PID:8804
- C:\Windows\System\NZQJFOR.exe
  C:\Windows\System\NZQJFOR.exe
  2⤵
  PID:8920
- C:\Windows\System\moTzAEq.exe
  C:\Windows\System\moTzAEq.exe
  2⤵
  PID:8964
- C:\Windows\System\hVfebfF.exe
  C:\Windows\System\hVfebfF.exe
  2⤵
  PID:9048
- C:\Windows\System\MkKCAFQ.exe
  C:\Windows\System\MkKCAFQ.exe
  2⤵
  PID:9096
- C:\Windows\System\lNTxllh.exe
  C:\Windows\System\lNTxllh.exe
  2⤵
  PID:9184
- C:\Windows\System\XdkOCCp.exe
  C:\Windows\System\XdkOCCp.exe
  2⤵
  PID:8204
- C:\Windows\System\qrjzFvI.exe
  C:\Windows\System\qrjzFvI.exe
  2⤵
  PID:8372
- C:\Windows\System\ifXUiAg.exe
  C:\Windows\System\ifXUiAg.exe
  2⤵
  PID:8492
- C:\Windows\System\TZSMEJB.exe
  C:\Windows\System\TZSMEJB.exe
  2⤵
  PID:8636
- C:\Windows\System\NtglyWZ.exe
  C:\Windows\System\NtglyWZ.exe
  2⤵
  PID:8788
- C:\Windows\System\kPQzkrI.exe
  C:\Windows\System\kPQzkrI.exe
  2⤵
  PID:3472
- C:\Windows\System\EfyuAHP.exe
  C:\Windows\System\EfyuAHP.exe
  2⤵
  PID:1148
- C:\Windows\System\qzhOsKN.exe
  C:\Windows\System\qzhOsKN.exe
  2⤵
  PID:9152
- C:\Windows\System\HqXUJHw.exe
  C:\Windows\System\HqXUJHw.exe
  2⤵
  PID:8432
- C:\Windows\System\OKKrRcd.exe
  C:\Windows\System\OKKrRcd.exe
  2⤵
  PID:8784
- C:\Windows\System\PXHDpWY.exe
  C:\Windows\System\PXHDpWY.exe
  2⤵
  PID:9072
- C:\Windows\System\OUtGHaB.exe
  C:\Windows\System\OUtGHaB.exe
  2⤵
  PID:8340
- C:\Windows\System\YxFYLdj.exe
  C:\Windows\System\YxFYLdj.exe
  2⤵
  PID:8320
- C:\Windows\System\aIoPCkr.exe
  C:\Windows\System\aIoPCkr.exe
  2⤵
  PID:8872
- C:\Windows\System\rksZZCk.exe
  C:\Windows\System\rksZZCk.exe
  2⤵
  PID:9236
- C:\Windows\System\VTDqmQN.exe
  C:\Windows\System\VTDqmQN.exe
  2⤵
  PID:9272
- C:\Windows\System\illtzIT.exe
  C:\Windows\System\illtzIT.exe
  2⤵
  PID:9292
- C:\Windows\System\ofLCArn.exe
  C:\Windows\System\ofLCArn.exe
  2⤵
  PID:9320
- C:\Windows\System\NGKeUWK.exe
  C:\Windows\System\NGKeUWK.exe
  2⤵
  PID:9348
- C:\Windows\System\MTExvuK.exe
  C:\Windows\System\MTExvuK.exe
  2⤵
  PID:9384
- C:\Windows\System\AgTfQrM.exe
  C:\Windows\System\AgTfQrM.exe
  2⤵
  PID:9404
- C:\Windows\System\UBHoGYV.exe
  C:\Windows\System\UBHoGYV.exe
  2⤵
  PID:9444
- C:\Windows\System\XjVkvnA.exe
  C:\Windows\System\XjVkvnA.exe
  2⤵
  PID:9464
- C:\Windows\System\JPuONjc.exe
  C:\Windows\System\JPuONjc.exe
  2⤵
  PID:9504
- C:\Windows\System\VJBMCNP.exe
  C:\Windows\System\VJBMCNP.exe
  2⤵
  PID:9528
- C:\Windows\System\eFlNPMH.exe
  C:\Windows\System\eFlNPMH.exe
  2⤵
  PID:9556
- C:\Windows\System\IOfmFBO.exe
  C:\Windows\System\IOfmFBO.exe
  2⤵
  PID:9584
- C:\Windows\System\JnZFjnz.exe
  C:\Windows\System\JnZFjnz.exe
  2⤵
  PID:9608
- C:\Windows\System\AJeFtSK.exe
  C:\Windows\System\AJeFtSK.exe
  2⤵
  PID:9636
- C:\Windows\System\CIeUTRr.exe
  C:\Windows\System\CIeUTRr.exe
  2⤵
  PID:9664
- C:\Windows\System\adjGpXc.exe
  C:\Windows\System\adjGpXc.exe
  2⤵
  PID:9692
- C:\Windows\System\SMoWbkl.exe
  C:\Windows\System\SMoWbkl.exe
  2⤵
  PID:9720
- C:\Windows\System\SslxTJB.exe
  C:\Windows\System\SslxTJB.exe
  2⤵
  PID:9748
- C:\Windows\System\uEYyOgk.exe
  C:\Windows\System\uEYyOgk.exe
  2⤵
  PID:9776
- C:\Windows\System\pJCLpbB.exe
  C:\Windows\System\pJCLpbB.exe
  2⤵
  PID:9804
- C:\Windows\System\suMSNVs.exe
  C:\Windows\System\suMSNVs.exe
  2⤵
  PID:9840
- C:\Windows\System\CsrIWAr.exe
  C:\Windows\System\CsrIWAr.exe
  2⤵
  PID:9860
- C:\Windows\System\fbpLSzQ.exe
  C:\Windows\System\fbpLSzQ.exe
  2⤵
  PID:9896
- C:\Windows\System\aljoPeJ.exe
  C:\Windows\System\aljoPeJ.exe
  2⤵
  PID:9916
- C:\Windows\System\NmAkcWD.exe
  C:\Windows\System\NmAkcWD.exe
  2⤵
  PID:9944
- C:\Windows\System\JcUBQIn.exe
  C:\Windows\System\JcUBQIn.exe
  2⤵
  PID:9976
- C:\Windows\System\AQhNRVO.exe
  C:\Windows\System\AQhNRVO.exe
  2⤵
  PID:10004
- C:\Windows\System\EQAkGuE.exe
  C:\Windows\System\EQAkGuE.exe
  2⤵
  PID:10028
- C:\Windows\System\OdeJhhN.exe
  C:\Windows\System\OdeJhhN.exe
  2⤵
  PID:10056
- C:\Windows\System\ekFcojf.exe
  C:\Windows\System\ekFcojf.exe
  2⤵
  PID:10088
- C:\Windows\System\BjfiwZZ.exe
  C:\Windows\System\BjfiwZZ.exe
  2⤵
  PID:10132
- C:\Windows\System\gfUhEsn.exe
  C:\Windows\System\gfUhEsn.exe
  2⤵
  PID:10148
- C:\Windows\System\ovgxOvm.exe
  C:\Windows\System\ovgxOvm.exe
  2⤵
  PID:10176
- C:\Windows\System\kdQFnmz.exe
  C:\Windows\System\kdQFnmz.exe
  2⤵
  PID:10204
- C:\Windows\System\VtQJdwF.exe
  C:\Windows\System\VtQJdwF.exe
  2⤵
  PID:10228
- C:\Windows\System\zQRiWwp.exe
  C:\Windows\System\zQRiWwp.exe
  2⤵
  PID:9260
- C:\Windows\System\gRJCLRF.exe
  C:\Windows\System\gRJCLRF.exe
  2⤵
  PID:9360
- C:\Windows\System\AtOyHtH.exe
  C:\Windows\System\AtOyHtH.exe
  2⤵
  PID:9396
- C:\Windows\System\HhCIHOL.exe
  C:\Windows\System\HhCIHOL.exe
  2⤵
  PID:9544
- C:\Windows\System\GmuCXBD.exe
  C:\Windows\System\GmuCXBD.exe
  2⤵
  PID:9628
- C:\Windows\System\XBUojZP.exe
  C:\Windows\System\XBUojZP.exe
  2⤵
  PID:9688
- C:\Windows\System\jEucIZT.exe
  C:\Windows\System\jEucIZT.exe
  2⤵
  PID:9760
- C:\Windows\System\UWQduWE.exe
  C:\Windows\System\UWQduWE.exe
  2⤵
  PID:9848
- C:\Windows\System\giUyxmb.exe
  C:\Windows\System\giUyxmb.exe
  2⤵
  PID:9884
- C:\Windows\System\LuDgTuO.exe
  C:\Windows\System\LuDgTuO.exe
  2⤵
  PID:9984
- C:\Windows\System\omBkvGq.exe
  C:\Windows\System\omBkvGq.exe
  2⤵
  PID:10044
- C:\Windows\System\bTsipfd.exe
  C:\Windows\System\bTsipfd.exe
  2⤵
  PID:10108
- C:\Windows\System\FogZiVG.exe
  C:\Windows\System\FogZiVG.exe
  2⤵
  PID:6292
- C:\Windows\System\tXJQeQz.exe
  C:\Windows\System\tXJQeQz.exe
  2⤵
  PID:10220
- C:\Windows\System\snAhnIG.exe
  C:\Windows\System\snAhnIG.exe
  2⤵
  PID:9316
- C:\Windows\System\PqtMTcC.exe
  C:\Windows\System\PqtMTcC.exe
  2⤵
  PID:9516
- C:\Windows\System\uXpMpcF.exe
  C:\Windows\System\uXpMpcF.exe
  2⤵
  PID:9656
- C:\Windows\System\dxNkCLd.exe
  C:\Windows\System\dxNkCLd.exe
  2⤵
  PID:9800
- C:\Windows\System\LtgrtlR.exe
  C:\Windows\System\LtgrtlR.exe
  2⤵
  PID:9940
- C:\Windows\System\SdIXaKI.exe
  C:\Windows\System\SdIXaKI.exe
  2⤵
  PID:10076
- C:\Windows\System\pomkenX.exe
  C:\Windows\System\pomkenX.exe
  2⤵
  PID:9248
- C:\Windows\System\mKvIkQr.exe
  C:\Windows\System\mKvIkQr.exe
  2⤵
  PID:9600
- C:\Windows\System\dUUkbnd.exe
  C:\Windows\System\dUUkbnd.exe
  2⤵
  PID:10052
- C:\Windows\System\xDDxjEH.exe
  C:\Windows\System\xDDxjEH.exe
  2⤵
  PID:9572
- C:\Windows\System\eyoirQV.exe
  C:\Windows\System\eyoirQV.exe
  2⤵
  PID:9228
- C:\Windows\System\oefsIQf.exe
  C:\Windows\System\oefsIQf.exe
  2⤵
  PID:10260
- C:\Windows\System\RmMxMGn.exe
  C:\Windows\System\RmMxMGn.exe
  2⤵
  PID:10288
- C:\Windows\System\XwjLCje.exe
  C:\Windows\System\XwjLCje.exe
  2⤵
  PID:10316
- C:\Windows\System\BNdzOLD.exe
  C:\Windows\System\BNdzOLD.exe
  2⤵
  PID:10344
- C:\Windows\System\HimTUdX.exe
  C:\Windows\System\HimTUdX.exe
  2⤵
  PID:10380
- C:\Windows\System\UYvUzIi.exe
  C:\Windows\System\UYvUzIi.exe
  2⤵
  PID:10420
- C:\Windows\System\xnXhYVq.exe
  C:\Windows\System\xnXhYVq.exe
  2⤵
  PID:10464
- C:\Windows\System\KNHfDaF.exe
  C:\Windows\System\KNHfDaF.exe
  2⤵
  PID:10540
- C:\Windows\System\DekxlPY.exe
  C:\Windows\System\DekxlPY.exe
  2⤵
  PID:10612
- C:\Windows\System\qjdFpxd.exe
  C:\Windows\System\qjdFpxd.exe
  2⤵
  PID:10660
- C:\Windows\System\EAAqMJY.exe
  C:\Windows\System\EAAqMJY.exe
  2⤵
  PID:10692
- C:\Windows\System\wVbMEcJ.exe
  C:\Windows\System\wVbMEcJ.exe
  2⤵
  PID:10732
- C:\Windows\System\FHJrrDn.exe
  C:\Windows\System\FHJrrDn.exe
  2⤵
  PID:10768
- C:\Windows\System\RuPNodz.exe
  C:\Windows\System\RuPNodz.exe
  2⤵
  PID:10816
- C:\Windows\System\TRjESEs.exe
  C:\Windows\System\TRjESEs.exe
  2⤵
  PID:10840
- C:\Windows\System\gUKhGzI.exe
  C:\Windows\System\gUKhGzI.exe
  2⤵
  PID:10868
- C:\Windows\System\yxHlZBx.exe
  C:\Windows\System\yxHlZBx.exe
  2⤵
  PID:10904
- C:\Windows\System\LxgvuIY.exe
  C:\Windows\System\LxgvuIY.exe
  2⤵
  PID:10932
- C:\Windows\System\YsExmBM.exe
  C:\Windows\System\YsExmBM.exe
  2⤵
  PID:10960
- C:\Windows\System\mlxBMxa.exe
  C:\Windows\System\mlxBMxa.exe
  2⤵
  PID:10980
- C:\Windows\System\FeGDIdk.exe
  C:\Windows\System\FeGDIdk.exe
  2⤵
  PID:11008
- C:\Windows\System\LuQEdxI.exe
  C:\Windows\System\LuQEdxI.exe
  2⤵
  PID:11048
- C:\Windows\System\pqcFPtm.exe
  C:\Windows\System\pqcFPtm.exe
  2⤵
  PID:11068
- C:\Windows\System\RGVMKmw.exe
  C:\Windows\System\RGVMKmw.exe
  2⤵
  PID:11096
- C:\Windows\System\DCuMePC.exe
  C:\Windows\System\DCuMePC.exe
  2⤵
  PID:11124
- C:\Windows\System\HkiJQIH.exe
  C:\Windows\System\HkiJQIH.exe
  2⤵
  PID:11156
- C:\Windows\System\IZMKTIP.exe
  C:\Windows\System\IZMKTIP.exe
  2⤵
  PID:11180
- C:\Windows\System\lpNEIuw.exe
  C:\Windows\System\lpNEIuw.exe
  2⤵
  PID:11208
- C:\Windows\System\BHOuBfD.exe
  C:\Windows\System\BHOuBfD.exe
  2⤵
  PID:11236
- C:\Windows\System\auwLhNQ.exe
  C:\Windows\System\auwLhNQ.exe
  2⤵
  PID:10248
- C:\Windows\System\hmmHwDt.exe
  C:\Windows\System\hmmHwDt.exe
  2⤵
  PID:10308
- C:\Windows\System\WYEGwGB.exe
  C:\Windows\System\WYEGwGB.exe
  2⤵
  PID:10372
- C:\Windows\System\VdQnrOY.exe
  C:\Windows\System\VdQnrOY.exe
  2⤵
  PID:10480
- C:\Windows\System\xyNVzUZ.exe
  C:\Windows\System\xyNVzUZ.exe
  2⤵
  PID:10624
- C:\Windows\System\qZiTVvO.exe
  C:\Windows\System\qZiTVvO.exe
  2⤵
  PID:3464
- C:\Windows\System\BxBfyUL.exe
  C:\Windows\System\BxBfyUL.exe
  2⤵
  PID:10800
- C:\Windows\System\VXiogpI.exe
  C:\Windows\System\VXiogpI.exe
  2⤵
  PID:10860
- C:\Windows\System\qaijcQL.exe
  C:\Windows\System\qaijcQL.exe
  2⤵
  PID:10948
- C:\Windows\System\EkeSMuT.exe
  C:\Windows\System\EkeSMuT.exe
  2⤵
  PID:11000
- C:\Windows\System\UlcxbMu.exe
  C:\Windows\System\UlcxbMu.exe
  2⤵
  PID:11080
- C:\Windows\System\VTfcUyS.exe
  C:\Windows\System\VTfcUyS.exe
  2⤵
  PID:11136
- C:\Windows\System\ZQULDNQ.exe
  C:\Windows\System\ZQULDNQ.exe
  2⤵
  PID:11200
- C:\Windows\System\xcNFZAO.exe
  C:\Windows\System\xcNFZAO.exe
  2⤵
  PID:11260
- C:\Windows\System\VTqPKSH.exe
  C:\Windows\System\VTqPKSH.exe
  2⤵
  PID:10456
- C:\Windows\System\zwdqCJM.exe
  C:\Windows\System\zwdqCJM.exe
  2⤵
  PID:10760
- C:\Windows\System\xgNHcJq.exe
  C:\Windows\System\xgNHcJq.exe
  2⤵
  PID:10920
- C:\Windows\System\EzloCIn.exe
  C:\Windows\System\EzloCIn.exe
  2⤵
  PID:11056
- C:\Windows\System\DxSEhOZ.exe
  C:\Windows\System\DxSEhOZ.exe
  2⤵
  PID:11232
- C:\Windows\System\gxpfuGV.exe
  C:\Windows\System\gxpfuGV.exe
  2⤵
  PID:10688
- C:\Windows\System\EhMjGAi.exe
  C:\Windows\System\EhMjGAi.exe
  2⤵
  PID:10992
- C:\Windows\System\etuVGCM.exe
  C:\Windows\System\etuVGCM.exe
  2⤵
  PID:10368
- C:\Windows\System\VVuAChZ.exe
  C:\Windows\System\VVuAChZ.exe
  2⤵
  PID:10976
- C:\Windows\System\yduwSGC.exe
  C:\Windows\System\yduwSGC.exe
  2⤵
  PID:11284
- C:\Windows\System\pTvoFnW.exe
  C:\Windows\System\pTvoFnW.exe
  2⤵
  PID:11324
- C:\Windows\System\zEzcGBf.exe
  C:\Windows\System\zEzcGBf.exe
  2⤵
  PID:11340
- C:\Windows\System\GHpaIay.exe
  C:\Windows\System\GHpaIay.exe
  2⤵
  PID:11368
- C:\Windows\System\iQlzYSy.exe
  C:\Windows\System\iQlzYSy.exe
  2⤵
  PID:11396
- C:\Windows\System\WiWOiKp.exe
  C:\Windows\System\WiWOiKp.exe
  2⤵
  PID:11424
- C:\Windows\System\dLyEGAX.exe
  C:\Windows\System\dLyEGAX.exe
  2⤵
  PID:11452
- C:\Windows\System\CYKWtPG.exe
  C:\Windows\System\CYKWtPG.exe
  2⤵
  PID:11488
- C:\Windows\System\bReXvsW.exe
  C:\Windows\System\bReXvsW.exe
  2⤵
  PID:11508
- C:\Windows\System\nBeledM.exe
  C:\Windows\System\nBeledM.exe
  2⤵
  PID:11544
- C:\Windows\System\mRbyrMD.exe
  C:\Windows\System\mRbyrMD.exe
  2⤵
  PID:11572
- C:\Windows\System\DuvrVBC.exe
  C:\Windows\System\DuvrVBC.exe
  2⤵
  PID:11592
- C:\Windows\System\KnsmzaQ.exe
  C:\Windows\System\KnsmzaQ.exe
  2⤵
  PID:11628
- C:\Windows\System\gqZzBqf.exe
  C:\Windows\System\gqZzBqf.exe
  2⤵
  PID:11660
- C:\Windows\System\ZMPRFNq.exe
  C:\Windows\System\ZMPRFNq.exe
  2⤵
  PID:11680
- C:\Windows\System\BJnBRtE.exe
  C:\Windows\System\BJnBRtE.exe
  2⤵
  PID:11716
- C:\Windows\System\juAhRkp.exe
  C:\Windows\System\juAhRkp.exe
  2⤵
  PID:11736
- C:\Windows\System\uulKZMn.exe
  C:\Windows\System\uulKZMn.exe
  2⤵
  PID:11764
- C:\Windows\System\tefPuLH.exe
  C:\Windows\System\tefPuLH.exe
  2⤵
  PID:11792
- C:\Windows\System\PlXCmRc.exe
  C:\Windows\System\PlXCmRc.exe
  2⤵
  PID:11824
- C:\Windows\System\mMEYIBn.exe
  C:\Windows\System\mMEYIBn.exe
  2⤵
  PID:11852
- C:\Windows\System\NeOlBeq.exe
  C:\Windows\System\NeOlBeq.exe
  2⤵
  PID:11916
- C:\Windows\System\hneipML.exe
  C:\Windows\System\hneipML.exe
  2⤵
  PID:11956
- C:\Windows\System\wNtYZNA.exe
  C:\Windows\System\wNtYZNA.exe
  2⤵
  PID:11976
- C:\Windows\System\xMrtESK.exe
  C:\Windows\System\xMrtESK.exe
  2⤵
  PID:12016
- C:\Windows\System\YVdhzxI.exe
  C:\Windows\System\YVdhzxI.exe
  2⤵
  PID:12044
- C:\Windows\System\TgsfboI.exe
  C:\Windows\System\TgsfboI.exe
  2⤵
  PID:12064
- C:\Windows\System\hMIuLbG.exe
  C:\Windows\System\hMIuLbG.exe
  2⤵
  PID:12092
- C:\Windows\System\nqpPxkB.exe
  C:\Windows\System\nqpPxkB.exe
  2⤵
  PID:12120
- C:\Windows\System\jOJqDZG.exe
  C:\Windows\System\jOJqDZG.exe
  2⤵
  PID:12148
- C:\Windows\System\XcnFxDW.exe
  C:\Windows\System\XcnFxDW.exe
  2⤵
  PID:12176
- C:\Windows\System\WAjDEnn.exe
  C:\Windows\System\WAjDEnn.exe
  2⤵
  PID:12204
- C:\Windows\System\BpiGQcK.exe
  C:\Windows\System\BpiGQcK.exe
  2⤵
  PID:12232
- C:\Windows\System\LQcnYSt.exe
  C:\Windows\System\LQcnYSt.exe
  2⤵
  PID:12268
- C:\Windows\System\DAszQPl.exe
  C:\Windows\System\DAszQPl.exe
  2⤵
  PID:11272
- C:\Windows\System\uwiiKse.exe
  C:\Windows\System\uwiiKse.exe
  2⤵
  PID:11332
- C:\Windows\System\yIrdPWv.exe
  C:\Windows\System\yIrdPWv.exe
  2⤵
  PID:11392
- C:\Windows\System\sxDDJbv.exe
  C:\Windows\System\sxDDJbv.exe
  2⤵
  PID:11464
- C:\Windows\System\FLtKHnf.exe
  C:\Windows\System\FLtKHnf.exe
  2⤵
  PID:11528
- C:\Windows\System\Tsjvpih.exe
  C:\Windows\System\Tsjvpih.exe
  2⤵
  PID:11588
- C:\Windows\System\zwrOyLV.exe
  C:\Windows\System\zwrOyLV.exe
  2⤵
  PID:11644
- C:\Windows\System\ZlndiXW.exe
  C:\Windows\System\ZlndiXW.exe
  2⤵
  PID:11724
- C:\Windows\System\KKywMKK.exe
  C:\Windows\System\KKywMKK.exe
  2⤵
  PID:11788
- C:\Windows\System\FxGFJUm.exe
  C:\Windows\System\FxGFJUm.exe
  2⤵
  PID:11848
- C:\Windows\System\erJFvDi.exe
  C:\Windows\System\erJFvDi.exe
  2⤵
  PID:11944
- C:\Windows\System\wiTBlzz.exe
  C:\Windows\System\wiTBlzz.exe
  2⤵
  PID:12012
- C:\Windows\System\VskdmYY.exe
  C:\Windows\System\VskdmYY.exe
  2⤵
  PID:12088
- C:\Windows\System\xpWVNsh.exe
  C:\Windows\System\xpWVNsh.exe
  2⤵
  PID:12144
- C:\Windows\System\MTjegCe.exe
  C:\Windows\System\MTjegCe.exe
  2⤵
  PID:12216
- C:\Windows\System\TdBhKYG.exe
  C:\Windows\System\TdBhKYG.exe
  2⤵
  PID:12280
- C:\Windows\System\NzIasYz.exe
  C:\Windows\System\NzIasYz.exe
  2⤵
  PID:11444
- C:\Windows\System\HMUpLan.exe
  C:\Windows\System\HMUpLan.exe
  2⤵
  PID:11580
- C:\Windows\System\SYFZNAd.exe
  C:\Windows\System\SYFZNAd.exe
  2⤵
  PID:11704
- C:\Windows\System\XIXdrrp.exe
  C:\Windows\System\XIXdrrp.exe
  2⤵
  PID:11844
- C:\Windows\System\ljWEidB.exe
  C:\Windows\System\ljWEidB.exe
  2⤵
  PID:12052
- C:\Windows\System\LbuVFEB.exe
  C:\Windows\System\LbuVFEB.exe
  2⤵
  PID:12196
- C:\Windows\System\UonBdPB.exe
  C:\Windows\System\UonBdPB.exe
  2⤵
  PID:11556
- C:\Windows\System\uWtROaP.exe
  C:\Windows\System\uWtROaP.exe
  2⤵
  PID:11816
- C:\Windows\System\YLfWITD.exe
  C:\Windows\System\YLfWITD.exe
  2⤵
  PID:12172
- C:\Windows\System\mxfQxjz.exe
  C:\Windows\System\mxfQxjz.exe
  2⤵
  PID:11996
- C:\Windows\System\hvQmLQm.exe
  C:\Windows\System\hvQmLQm.exe
  2⤵
  PID:12296
- C:\Windows\System\lMecYHS.exe
  C:\Windows\System\lMecYHS.exe
  2⤵
  PID:12316
- C:\Windows\System\VnHhPEk.exe
  C:\Windows\System\VnHhPEk.exe
  2⤵
  PID:12352
- C:\Windows\System\AmojKdD.exe
  C:\Windows\System\AmojKdD.exe
  2⤵
  PID:12372
- C:\Windows\System\ZEhJRXV.exe
  C:\Windows\System\ZEhJRXV.exe
  2⤵
  PID:12400
- C:\Windows\System\YNbnpKc.exe
  C:\Windows\System\YNbnpKc.exe
  2⤵
  PID:12428
- C:\Windows\System\jVBQebB.exe
  C:\Windows\System\jVBQebB.exe
  2⤵
  PID:12456
- C:\Windows\System\QHjxdrO.exe
  C:\Windows\System\QHjxdrO.exe
  2⤵
  PID:12484
- C:\Windows\System\zCVCElx.exe
  C:\Windows\System\zCVCElx.exe
  2⤵
  PID:12512
- C:\Windows\System\CnWrPmV.exe
  C:\Windows\System\CnWrPmV.exe
  2⤵
  PID:12540
- C:\Windows\System\cuBfZEv.exe
  C:\Windows\System\cuBfZEv.exe
  2⤵
  PID:12572
- C:\Windows\System\GCOTJsu.exe
  C:\Windows\System\GCOTJsu.exe
  2⤵
  PID:12596
- C:\Windows\System\uYooGrG.exe
  C:\Windows\System\uYooGrG.exe
  2⤵
  PID:12624
- C:\Windows\System\AwEQRbp.exe
  C:\Windows\System\AwEQRbp.exe
  2⤵
  PID:12652
- C:\Windows\System\SjvYPwl.exe
  C:\Windows\System\SjvYPwl.exe
  2⤵
  PID:12680
- C:\Windows\System\UrkxlgX.exe
  C:\Windows\System\UrkxlgX.exe
  2⤵
  PID:12708
- C:\Windows\System\jTmozma.exe
  C:\Windows\System\jTmozma.exe
  2⤵
  PID:12744
- C:\Windows\System\YksDIQw.exe
  C:\Windows\System\YksDIQw.exe
  2⤵
  PID:12772
- C:\Windows\System\oYRQnVV.exe
  C:\Windows\System\oYRQnVV.exe
  2⤵
  PID:12792
- C:\Windows\System\BjomkcD.exe
  C:\Windows\System\BjomkcD.exe
  2⤵
  PID:12832
- C:\Windows\System\kyvmZur.exe
  C:\Windows\System\kyvmZur.exe
  2⤵
  PID:12852
- C:\Windows\System\OqoDrSX.exe
  C:\Windows\System\OqoDrSX.exe
  2⤵
  PID:12880
- C:\Windows\System\gbnxAae.exe
  C:\Windows\System\gbnxAae.exe
  2⤵
  PID:12912
- C:\Windows\System\CecLXqb.exe
  C:\Windows\System\CecLXqb.exe
  2⤵
  PID:12936
- C:\Windows\System\MgnTYnl.exe
  C:\Windows\System\MgnTYnl.exe
  2⤵
  PID:12968
- C:\Windows\System\KqQLtdb.exe
  C:\Windows\System\KqQLtdb.exe
  2⤵
  PID:12992
- C:\Windows\System\TPebmuW.exe
  C:\Windows\System\TPebmuW.exe
  2⤵
  PID:13020
- C:\Windows\System\kUUznfN.exe
  C:\Windows\System\kUUznfN.exe
  2⤵
  PID:13048
- C:\Windows\System\DSSigUh.exe
  C:\Windows\System\DSSigUh.exe
  2⤵
  PID:13076
- C:\Windows\System\nLnZXfw.exe
  C:\Windows\System\nLnZXfw.exe
  2⤵
  PID:13104
- C:\Windows\System\GptFdtF.exe
  C:\Windows\System\GptFdtF.exe
  2⤵
  PID:13140
- C:\Windows\System\CgfRuiE.exe
  C:\Windows\System\CgfRuiE.exe
  2⤵
  PID:13180
- C:\Windows\System\aJoSSAb.exe
  C:\Windows\System\aJoSSAb.exe
  2⤵
  PID:13228
- C:\Windows\System\IzPoaoR.exe
  C:\Windows\System\IzPoaoR.exe
  2⤵
  PID:13304
- C:\Windows\System\gJNyToM.exe
  C:\Windows\System\gJNyToM.exe
  2⤵
  PID:12420
- C:\Windows\System\EaBKQaR.exe
  C:\Windows\System\EaBKQaR.exe
  2⤵
  PID:12560
- C:\Windows\System\OIQKvut.exe
  C:\Windows\System\OIQKvut.exe
  2⤵
  PID:12588
- C:\Windows\System\uQXxcDo.exe
  C:\Windows\System\uQXxcDo.exe
  2⤵
  PID:12704
- C:\Windows\System\zsQJvVn.exe
  C:\Windows\System\zsQJvVn.exe
  2⤵
  PID:12784
- C:\Windows\System\MjlORgR.exe
  C:\Windows\System\MjlORgR.exe
  2⤵
  PID:12848
- C:\Windows\System\oJVCNxh.exe
  C:\Windows\System\oJVCNxh.exe
  2⤵
  PID:12920
- C:\Windows\System\rWPrJYn.exe
  C:\Windows\System\rWPrJYn.exe
  2⤵
  PID:12984
- C:\Windows\System\XKkoGIf.exe
  C:\Windows\System\XKkoGIf.exe
  2⤵
  PID:13044
- C:\Windows\System\lCJSkIh.exe
  C:\Windows\System\lCJSkIh.exe
  2⤵
  PID:13120
- C:\Windows\System\yiKYCVe.exe
  C:\Windows\System\yiKYCVe.exe
  2⤵
  PID:4500
- C:\Windows\System\TMXjcdS.exe
  C:\Windows\System\TMXjcdS.exe
  2⤵
  PID:5088
- C:\Windows\System\qcaFBJd.exe
  C:\Windows\System\qcaFBJd.exe
  2⤵
  PID:12368
- C:\Windows\System\BCCPJVX.exe
  C:\Windows\System\BCCPJVX.exe
  2⤵
  PID:12700
- C:\Windows\System\WcrKrwV.exe
  C:\Windows\System\WcrKrwV.exe
  2⤵
  PID:884
- C:\Windows\System\VVMFuhx.exe
  C:\Windows\System\VVMFuhx.exe
  2⤵
  PID:12844
- C:\Windows\System\RLzGtsO.exe
  C:\Windows\System\RLzGtsO.exe
  2⤵
  PID:13032
- C:\Windows\System\NBMmFlR.exe
  C:\Windows\System\NBMmFlR.exe
  2⤵
  PID:13096
- C:\Windows\System\PPRZsNM.exe
  C:\Windows\System\PPRZsNM.exe
  2⤵
  PID:1840
- C:\Windows\System\bGTqhTC.exe
  C:\Windows\System\bGTqhTC.exe
  2⤵
  PID:1932
- C:\Windows\System\WHneJYR.exe
  C:\Windows\System\WHneJYR.exe
  2⤵
  PID:12904
- C:\Windows\System\yrDqGTo.exe
  C:\Windows\System\yrDqGTo.exe
  2⤵
  PID:1904
- C:\Windows\System\CcTtMeC.exe
  C:\Windows\System\CcTtMeC.exe
  2⤵
  PID:12840
- C:\Windows\System\alRJGkT.exe
  C:\Windows\System\alRJGkT.exe
  2⤵
  PID:11360
- C:\Windows\System\uMWUdoo.exe
  C:\Windows\System\uMWUdoo.exe
  2⤵
  PID:13168
- C:\Windows\System\kdierDJ.exe
  C:\Windows\System\kdierDJ.exe
  2⤵
  PID:13348
- C:\Windows\System\mwcaTUa.exe
  C:\Windows\System\mwcaTUa.exe
  2⤵
  PID:13368
- C:\Windows\System\GXNCxfu.exe
  C:\Windows\System\GXNCxfu.exe
  2⤵
  PID:13404
- C:\Windows\System\vRUMaKe.exe
  C:\Windows\System\vRUMaKe.exe
  2⤵
  PID:13432
- C:\Windows\System\CRCFkgp.exe
  C:\Windows\System\CRCFkgp.exe
  2⤵
  PID:13468
- C:\Windows\System\EwXYEVB.exe
  C:\Windows\System\EwXYEVB.exe
  2⤵
  PID:13492
- C:\Windows\System\yQaytKa.exe
  C:\Windows\System\yQaytKa.exe
  2⤵
  PID:13516
- C:\Windows\System\bOWHOkg.exe
  C:\Windows\System\bOWHOkg.exe
  2⤵
  PID:13548
- C:\Windows\System\WxPhnDS.exe
  C:\Windows\System\WxPhnDS.exe
  2⤵
  PID:13576
- C:\Windows\System\oQOlMGA.exe
  C:\Windows\System\oQOlMGA.exe
  2⤵
  PID:13604
- C:\Windows\System\vfOJZqk.exe
  C:\Windows\System\vfOJZqk.exe
  2⤵
  PID:13632
- C:\Windows\System\JBjwXye.exe
  C:\Windows\System\JBjwXye.exe
  2⤵
  PID:13660
- C:\Windows\System\jsTyain.exe
  C:\Windows\System\jsTyain.exe
  2⤵
  PID:13688
- C:\Windows\System\KONkBob.exe
  C:\Windows\System\KONkBob.exe
  2⤵
  PID:13716
- C:\Windows\System\PcAeWYd.exe
  C:\Windows\System\PcAeWYd.exe
  2⤵
  PID:13744
- C:\Windows\System\hBjwQnz.exe
  C:\Windows\System\hBjwQnz.exe
  2⤵
  PID:13772
- C:\Windows\System\IwvkyqZ.exe
  C:\Windows\System\IwvkyqZ.exe
  2⤵
  PID:13800
- C:\Windows\System\NokCjVJ.exe
  C:\Windows\System\NokCjVJ.exe
  2⤵
  PID:13828
- C:\Windows\System\nuasOWJ.exe
  C:\Windows\System\nuasOWJ.exe
  2⤵
  PID:13856
- C:\Windows\System\GXgZFut.exe
  C:\Windows\System\GXgZFut.exe
  2⤵
  PID:13888
- C:\Windows\System\TpPBlyB.exe
  C:\Windows\System\TpPBlyB.exe
  2⤵
  PID:13916
- C:\Windows\System\zlUpLyH.exe
  C:\Windows\System\zlUpLyH.exe
  2⤵
  PID:13944
- C:\Windows\System\uOacbhA.exe
  C:\Windows\System\uOacbhA.exe
  2⤵
  PID:13972
- C:\Windows\System\kKiSEcx.exe
  C:\Windows\System\kKiSEcx.exe
  2⤵
  PID:14000
- C:\Windows\System\sDazBYM.exe
  C:\Windows\System\sDazBYM.exe
  2⤵
  PID:14028
- C:\Windows\System\pLFrQbp.exe
  C:\Windows\System\pLFrQbp.exe
  2⤵
  PID:14056
- C:\Windows\System\utfZLgs.exe
  C:\Windows\System\utfZLgs.exe
  2⤵
  PID:14084
- C:\Windows\System\CrTbMeU.exe
  C:\Windows\System\CrTbMeU.exe
  2⤵
  PID:14116
- C:\Windows\System\SPwtvvi.exe
  C:\Windows\System\SPwtvvi.exe
  2⤵
  PID:14140
- C:\Windows\System\OLDVBiB.exe
  C:\Windows\System\OLDVBiB.exe
  2⤵
  PID:14168
- C:\Windows\System\zvByrLc.exe
  C:\Windows\System\zvByrLc.exe
  2⤵
  PID:14196
- C:\Windows\System\SYtGRuZ.exe
  C:\Windows\System\SYtGRuZ.exe
  2⤵
  PID:14224
- C:\Windows\System\eWSZruF.exe
  C:\Windows\System\eWSZruF.exe
  2⤵
  PID:14252
- C:\Windows\System\qoIbIUc.exe
  C:\Windows\System\qoIbIUc.exe
  2⤵
  PID:14280
- C:\Windows\System\tMBAEsu.exe
  C:\Windows\System\tMBAEsu.exe
  2⤵
  PID:14308
- C:\Windows\System\ZoXvczR.exe
  C:\Windows\System\ZoXvczR.exe
  2⤵
  PID:2476
- C:\Windows\System\FwdhZYa.exe
  C:\Windows\System\FwdhZYa.exe
  2⤵
  PID:13384
- C:\Windows\System\VTnAAgj.exe
  C:\Windows\System\VTnAAgj.exe
  2⤵
  PID:13444
- C:\Windows\System\ziMDNhz.exe
  C:\Windows\System\ziMDNhz.exe
  2⤵
  PID:13528
- C:\Windows\System\inhoYAZ.exe
  C:\Windows\System\inhoYAZ.exe
  2⤵
  PID:13596
- C:\Windows\System\GmkDiyy.exe
  C:\Windows\System\GmkDiyy.exe
  2⤵
  PID:13628
- C:\Windows\System\YMIBpuo.exe
  C:\Windows\System\YMIBpuo.exe
  2⤵
  PID:13672
- C:\Windows\System\MmnDJCB.exe
  C:\Windows\System\MmnDJCB.exe
  2⤵
  PID:13736
- C:\Windows\System\LLFCvkf.exe
  C:\Windows\System\LLFCvkf.exe
  2⤵
  PID:13796
- C:\Windows\System\TiagXvg.exe
  C:\Windows\System\TiagXvg.exe
  2⤵
  PID:13852
- C:\Windows\System\FFbGRhq.exe
  C:\Windows\System\FFbGRhq.exe
  2⤵
  PID:1924
- C:\Windows\System\bUIEJwn.exe
  C:\Windows\System\bUIEJwn.exe
  2⤵
  PID:13964
- C:\Windows\System\PCZwAIc.exe
  C:\Windows\System\PCZwAIc.exe
  2⤵
  PID:14024
- C:\Windows\System\pXXIAur.exe
  C:\Windows\System\pXXIAur.exe
  2⤵
  PID:14104
- C:\Windows\System\SUzjRnP.exe
  C:\Windows\System\SUzjRnP.exe
  2⤵
  PID:14136
- C:\Windows\System\BRLIwoJ.exe
  C:\Windows\System\BRLIwoJ.exe
  2⤵
  PID:14216
- C:\Windows\System\ZuXqjIS.exe
  C:\Windows\System\ZuXqjIS.exe
  2⤵
  PID:14272
- C:\Windows\System\iYodlwM.exe
  C:\Windows\System\iYodlwM.exe
  2⤵
  PID:14332
- C:\Windows\System\GgFIoeT.exe
  C:\Windows\System\GgFIoeT.exe
  2⤵
  PID:13440
- C:\Windows\System\LiakftA.exe
  C:\Windows\System\LiakftA.exe
  2⤵
  PID:13588
- C:\Windows\System\GuxgUOM.exe
  C:\Windows\System\GuxgUOM.exe
  2⤵
  PID:13876
- C:\Windows\System\vXxPvfA.exe
  C:\Windows\System\vXxPvfA.exe
  2⤵
  PID:13704
- C:\Windows\System\vdixLoS.exe
  C:\Windows\System\vdixLoS.exe
  2⤵
  PID:13848
- C:\Windows\System\mbOfpsh.exe
  C:\Windows\System\mbOfpsh.exe
  2⤵
  PID:13956
- C:\Windows\System\KLdZnMa.exe
  C:\Windows\System\KLdZnMa.exe
  2⤵
  PID:14076
- C:\Windows\System\PeQpIOR.exe
  C:\Windows\System\PeQpIOR.exe
  2⤵
  PID:14248
- C:\Windows\System\ceJWUBl.exe
  C:\Windows\System\ceJWUBl.exe
  2⤵
  PID:13364
- C:\Windows\System\iqhzknM.exe
  C:\Windows\System\iqhzknM.exe
  2⤵
  PID:13560
- C:\Windows\System\gtTmMaz.exe
  C:\Windows\System\gtTmMaz.exe
  2⤵
  PID:13792
- C:\Windows\System\AKnyFWj.exe
  C:\Windows\System\AKnyFWj.exe
  2⤵
  PID:14068
- C:\Windows\System\lYWxbME.exe
  C:\Windows\System\lYWxbME.exe
  2⤵
  PID:13412
- C:\Windows\System\WTZLwpP.exe
  C:\Windows\System\WTZLwpP.exe
  2⤵
  PID:13884
- C:\Windows\System\NaayWej.exe
  C:\Windows\System\NaayWej.exe
  2⤵
  PID:4244
- C:\Windows\System\YCelzfc.exe
  C:\Windows\System\YCelzfc.exe
  2⤵
  PID:14012
- C:\Windows\System\yfNaDcy.exe
  C:\Windows\System\yfNaDcy.exe
  2⤵
  PID:14368
- C:\Windows\System\tBHWFHL.exe
  C:\Windows\System\tBHWFHL.exe
  2⤵
  PID:14396
- C:\Windows\System\NqvWRvI.exe
  C:\Windows\System\NqvWRvI.exe
  2⤵
  PID:14428
- C:\Windows\System\oCJCixU.exe
  C:\Windows\System\oCJCixU.exe
  2⤵
  PID:14456
- C:\Windows\System\BZpyJLP.exe
  C:\Windows\System\BZpyJLP.exe
  2⤵
  PID:14484
- C:\Windows\System\FDCjjaa.exe
  C:\Windows\System\FDCjjaa.exe
  2⤵
  PID:14512
- C:\Windows\System\CTtvmZV.exe
  C:\Windows\System\CTtvmZV.exe
  2⤵
  PID:14540
- C:\Windows\System\aiixilg.exe
  C:\Windows\System\aiixilg.exe
  2⤵
  PID:14568
- C:\Windows\System\BpRbjgL.exe
  C:\Windows\System\BpRbjgL.exe
  2⤵
  PID:14596
- C:\Windows\System\WnZyhVu.exe
  C:\Windows\System\WnZyhVu.exe
  2⤵
  PID:14624
- C:\Windows\System\AFjWGUA.exe
  C:\Windows\System\AFjWGUA.exe
  2⤵
  PID:14652
- C:\Windows\System\KLjoxAS.exe
  C:\Windows\System\KLjoxAS.exe
  2⤵
  PID:14680
- C:\Windows\System\KFzSoaM.exe
  C:\Windows\System\KFzSoaM.exe
  2⤵
  PID:14708
- C:\Windows\System\qOcDsVy.exe
  C:\Windows\System\qOcDsVy.exe
  2⤵
  PID:14736
- C:\Windows\System\QNcdkAc.exe
  C:\Windows\System\QNcdkAc.exe
  2⤵
  PID:14764
- C:\Windows\System\TzVDoDi.exe
  C:\Windows\System\TzVDoDi.exe
  2⤵
  PID:14792
- C:\Windows\System\XCCmpWN.exe
  C:\Windows\System\XCCmpWN.exe
  2⤵
  PID:14820
- C:\Windows\System\wtBYhhR.exe
  C:\Windows\System\wtBYhhR.exe
  2⤵
  PID:14848
- C:\Windows\System\KgMgxBN.exe
  C:\Windows\System\KgMgxBN.exe
  2⤵
  PID:14876
- C:\Windows\System\ibzkDwP.exe
  C:\Windows\System\ibzkDwP.exe
  2⤵
  PID:14904
- C:\Windows\System\MZpjfrf.exe
  C:\Windows\System\MZpjfrf.exe
  2⤵
  PID:14932
- C:\Windows\System\oveJEic.exe
  C:\Windows\System\oveJEic.exe
  2⤵
  PID:14960
- C:\Windows\System\sSIowiP.exe
  C:\Windows\System\sSIowiP.exe
  2⤵
  PID:14992
- C:\Windows\System\ctmNvNF.exe
  C:\Windows\System\ctmNvNF.exe
  2⤵
  PID:15008
- C:\Windows\System\awMvEBI.exe
  C:\Windows\System\awMvEBI.exe
  2⤵
  PID:15048
- C:\Windows\System\eBkWdUJ.exe
  C:\Windows\System\eBkWdUJ.exe
  2⤵
  PID:15076
- C:\Windows\System\SNBLfBM.exe
  C:\Windows\System\SNBLfBM.exe
  2⤵
  PID:15104
- C:\Windows\System\uTRZIIi.exe
  C:\Windows\System\uTRZIIi.exe
  2⤵
  PID:15300

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:15192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BHzWgUG.exe

Filesize
6.0MB

MD5
be27957f9a0302f8190f7702f057dda1

SHA1
2be72826a3ee6dc08b54b1d59b31cde8e4463b82

SHA256
fc61aedca222bc39f63f8928e7aaebcabf808fc43e3b464d6d111dce93625c0b

SHA512
25f52b400340b3069261346af85dd0b309e9dc0d7c4fa0d6f017cba75adb14e8c612753ab44868eed98bbf0a39e63453b1af73da0b709365df0ee94ff48881ef

Download Submit
C:\Windows\System\CzENoPT.exe

Filesize
6.0MB

MD5
5a99a398efac676e1c7523a70beaac3d

SHA1
9b6b6a45a4d184b320702ed08668bd425b837344

SHA256
8bda38e7a2ac01386691fca2486ef221431ebdc13f903caf2b81491cc53b438b

SHA512
1fe7e542b229633e3b7b2247934a24b0d0adfa51ad06adaf0cc9e0f879d160a37a6f4f21579302eb023d42f4a829836d09f8861fa92e1c2db8c8d50f7aadabdc

Download Submit
C:\Windows\System\DYejxUH.exe

Filesize
6.0MB

MD5
05415f03044b6c9c8a3e405835ce81a4

SHA1
86ba352a758c273929ac3bc7ef40ecdbc9f8ab41

SHA256
c8e19240e1642133cc41185689ff3f10d751086fb277579e06b52577f395fb60

SHA512
1d4a2a666b5ef2d63ce584fcac39aa045751bdebe2054b12334d1bd71ed4f11857438f2997afc93d2855f1409cfad1eccc59e335d7d64077da068fd05f628a6c

Download Submit
C:\Windows\System\EqmBgYl.exe

Filesize
6.0MB

MD5
8042ab7da11dc6abffca8226cdece440

SHA1
c27117b3b50666043f2d089fa192d6253efd84f6

SHA256
edcbbb50b108dfb04aa9b9af7fbc24f97dceef7cc25928544753dfdfa92e2370

SHA512
a18ce569596e290f91c857b8a4c2ba93a0fc6293ebe873958b9995890bb0aed8d0f47c6abf905ece70fd0c86719b832ecdea0e43979c97b6d0fcdf3dda34f2c6

Download Submit
C:\Windows\System\EsoGUqH.exe

Filesize
6.0MB

MD5
e69794818582600658cebd7e4473f5f2

SHA1
8bc46e30ca9f57f75e5ca93e39bc4e20996b6619

SHA256
e7f54248f9c38565b4c3e7bcba420ab150fd94ffe7b957b33e7f85f69223a2d8

SHA512
eac8111054c86deb9f8240eba9d24554173dfb8d06a09046f929f23501bdec0d7771372868a66689b92336df9bda729c21d63b81cc3bd91366b6320b56b98961

Download Submit
C:\Windows\System\HGNeNSy.exe

Filesize
6.0MB

MD5
a3708434264cef112b2086f909e51ae3

SHA1
ea510d399a327da244c9292709340918ee5865c0

SHA256
b9dd1427bc4e6b41c22316582e04681e0efcbb8de93ae09d3590ad7901907963

SHA512
690a0a420cccea0666f42a75fa0fbb43a78101af6a35278e626277edb086ed141cf9777a66d25c1c4c27aa92d4b2226302067145425e65929e58777b81e40d58

Download Submit
C:\Windows\System\IETZEVU.exe

Filesize
6.0MB

MD5
88ebffed016f2c416c6dd72d6974c798

SHA1
d7f2f15d3e0d8cbae31b941e3b667bc5e9ab4d0e

SHA256
cb0eedcc954b19b1c1bf430e3e99ee36fe50d94e9f9467e9b6f2bd3dd77c24d5

SHA512
27f3c609626b27170965e1d079089b0c7e4bf2dd955757c850c4a6a2f0aa1f97e111b1931a2b3ceec9f74c9f56f72952d00b11ded3bb8d08d8df90031a5917cc

Download Submit
C:\Windows\System\ISGyYTx.exe

Filesize
6.0MB

MD5
8aecff69a38834cb911e84d6ce506c67

SHA1
a078c8f88c8f5abaa1553f4b531078484ebb45d4

SHA256
9f05671a0af625f7c37d0c56dec209abe0dd7db98ff6261e0c82220a63078f13

SHA512
b55b6aa39e8b1eaa26b00c7900a0fd044c96b1d2360bcf2a6cfbb0b2ae60ffa5c6b6e4d1ac11dccf16da1906e83aaf56127a96836075a4adff55b0c654b68615

Download Submit
C:\Windows\System\JEApTKP.exe

Filesize
6.0MB

MD5
970ebf668ecdb53821eaa4516b6169fd

SHA1
5117d5d769460fb7823fe33108716594d675fa2e

SHA256
1a7fda43dcd8250414431a9ca567d750e3e2fd46780d6a1ec0cb4fbd9ef4f865

SHA512
20452f4750c696bcb83d8d8a2e5fd3519bf55f68783c497503df62c59464d7d8da1760a644b2a82734d86c977ed6051b011f45c44b1a598c46a8bd64e9a0e055

Download Submit
C:\Windows\System\KfIURoa.exe

Filesize
6.0MB

MD5
221e35c0ceb8cda2485dfa781d319c9e

SHA1
4d9d18389e134fc5d1210e7637d7a8fef2e7fbfe

SHA256
eb47276e59f4e904b2f7ced1d9291c8a49645b990eb2107b525f0369f10cccfc

SHA512
88c135ac2c56dc75386f590778fb67d7d3603f2882a6da03341c71de470257bff106334b461fcebcbc5aae61ef4e7c0adff34817403168923321a2fd3ea10c90

Download Submit
C:\Windows\System\KvGyxMQ.exe

Filesize
6.0MB

MD5
1e08f6cb64ebcd7d5feee0cdc015f8bd

SHA1
66d3c90c3ed8549be12902919b11570ea5d027d3

SHA256
fa0019dc662ca820004eec5f9f9cb43a3e67b2884a19c8c072fdcbe0d5e7b8a2

SHA512
a1ee1f67fe53b71b6dff6577a8c717766de54922cb45faa7d8503cce67c08f2251b1f121a813b9103b428083fbbf2b2b5fe3a52d0671359fc3c3fddbdeec7133

Download Submit
C:\Windows\System\LyPtflk.exe

Filesize
6.0MB

MD5
3347cc928cf0edd4d1dd476f1eaa2b24

SHA1
a15be3e1058474f827b3b16bf4439a184a26a068

SHA256
6617c5f30186b52b9147e1d36477b23ea8569740aab9b9055403bcb510158e3a

SHA512
ba399da72987e8eda214eda7926d537ea85c469c6b0f049e4fbd57a16033bba0926dc48d34f1d49f49ebd09c02f69a15f1f40867019e9c7f3420a32be68f3043

Download Submit
C:\Windows\System\PQlhTWS.exe

Filesize
6.0MB

MD5
c0be73e455f076429b7ff6dd8232c71d

SHA1
46a33e9e2593df83954d3a6af6f82adf910fa611

SHA256
088d2daf7b4b3f943dc656c10055b35878782f1483d8a332ab5508f1b8892d8c

SHA512
4457140027f265be5d0f3576593313e4f7067ae885b1dd14e99fd25511fb2812241519d94aa7fefc0e886f81c484566fe73fcab86730c03bfec86287b2d4b35d

Download Submit
C:\Windows\System\PatjhCB.exe

Filesize
6.0MB

MD5
b5d161fccd6237d6eaf174fdb1fe4699

SHA1
54ca3fb4d7c0142a88a1892170fcf1cd635f01b0

SHA256
1054460055657ca162ec80840076d5ba507f8193e7e8be45ee4000ce2ba98f4c

SHA512
243f3d42e805aba06bfcd5ec95daf9b41a7ddf28fed2a518079be54602a668965b30799954765a7292f53afdfeeda60b24572f6705f337f73fa0c4d2b9a49bdc

Download Submit
C:\Windows\System\QOUMktH.exe

Filesize
6.0MB

MD5
bc80d3a137836221ae720862225e70a1

SHA1
10e57d646420372cfbe20e996d290c1b2358d08c

SHA256
1f6771b5702fc006770418d3ce6e81efc06daab22e8b073396e20195e2e9c18a

SHA512
157bcb456df7757150c4bc5c1496b7be413ac6169edc9e1fa5bb4e2f1428597f0a105c7d79795160da1f8798fc432b9b161380ecd77a626159e8516c427dc3c5

Download Submit
C:\Windows\System\RKiGxqp.exe

Filesize
6.0MB

MD5
cf008349cf63f2613cc637fcbf269782

SHA1
e043dc05c591ee474a9c9257984c5a4f6fa2b4ec

SHA256
297398a01986a24aac92d96da9e0183fff30c9c1dab566f4f0c8b473059b03f4

SHA512
269df9cf7fcb863e44b660519e32f6dcaec0d176e1ae9ef2215f54647d304d029971c2c7a7961984aa81d3b9129c6acbba5c6fa878138f34ac1398ccc25bd17f

Download Submit
C:\Windows\System\ZktFusd.exe

Filesize
6.0MB

MD5
8363264f35d088539d65a19402f59fc7

SHA1
6dd317864d9ae7454faba1aeb0c1ad185d1f2c55

SHA256
e49e33a43044dfdd4c2ee8e19848a7bad4725d767dd5b61b6a8929b1778081e0

SHA512
379617f09b29069606bb87f378e2ce3bd7f287820205c655fd035ce4b3c4bc801e3530831feeaaaa28d1d7e33f34be5e28540d66176680f4f1a27b792f713c9e

Download Submit
C:\Windows\System\ZowqIta.exe

Filesize
6.0MB

MD5
e20bb8c87e415bd8a6b0f3754aae7b03

SHA1
c8cec59b5120d2caec4c1481a9ac7e6d03c08ba1

SHA256
843b36707ea5794bfa4b09bfe9d59626aacfcd0eab46132551d61df5745aff2e

SHA512
d310c64237cad046cd5573c450acf9d31bb4c88da8d16adc3b63e6161bbac73695d8bc9fdb861ee8fa8cac1d3e9cc79a663da5f5daf3cc7a2fd83a2785213866

Download Submit
C:\Windows\System\bfPwZQK.exe

Filesize
6.0MB

MD5
f21fb95bd1ea54bc884d2cfcaff0ee09

SHA1
74df93cb4667b8beb20e01ae77bb92be5b195221

SHA256
2bdc40be031668c89e6817dee15b3446afced7c46fc48727ca5d8aa5a25009b4

SHA512
a62a3dddec2363c2550181b834ed94ee221154bf64e7a44b2db52732ae6a7effef294d4711104ba33b280716c8ee6c36c1788934869bc42aa77089e09fe961a2

Download Submit
C:\Windows\System\cLjgcit.exe

Filesize
6.0MB

MD5
148b3870b369da617ed33d89a3e8ebfc

SHA1
ece3cb9bfd590bb28a644ffe4c5f77fa1aca32dd

SHA256
830f86854d0a81f7278d0fff877ad4cdec3c3115f759a171f91d46b27341b578

SHA512
8ebd0a4e006d73415e086b1210db5b88f7557f51d697e0e1eaf7c509184fe8f0e7bc2eee6b1e05b5773956ab64a15c5a232dceba5ed6af156c2c49939789827c

Download Submit
C:\Windows\System\cjNcNqx.exe

Filesize
6.0MB

MD5
28ba28ad529d1ea877eb3299287651a2

SHA1
1c854d00d55ec15fa5aa427719814000255314c4

SHA256
ea51811c15089a9e68956875f9f307fd0a293b35c322c32006bd8882a749a58c

SHA512
550fd129e2d12d7cbdb2a3cf39ddf0b3071eecfc0cd6595aaeed50106b91d2551c8119400d4a85b0bba285269dedaeaf297dff2942d1644f2942852987df5a77

Download Submit
C:\Windows\System\ehumcXp.exe

Filesize
6.0MB

MD5
adf46ce95a81724045b9183630fa2e97

SHA1
6c5ca0e031813ae5e228d3bc20909118cbba5e02

SHA256
b7dbd81dae707e6c392d6d71b45df119f10ce7988903ee87833d8d376e573832

SHA512
46a27e99d844d2b16a68fc2fcae538859648f5ca26f7ee27a1bc5881cc0d6072976023d7b1fe895daf2de6cd4514e990a87bd39c08e8dbf3d6dea61284a35ebf

Download Submit
C:\Windows\System\fRebaum.exe

Filesize
6.0MB

MD5
35a93a4f944b36813481b89136f65999

SHA1
6f3d7c32731f8c93085c385831fa0f3abc757005

SHA256
a1ac5b5d25167e30270d80acbbff8bc8d26c09901d97ebd596afbcf15907788d

SHA512
e9ade5575da9ae99811a6113d79b711e5b7f1c4920d508df3df5d4eaaf7064fa9c0a85e26d61db8c0f20967cf012ab048263d123b867b9187a6a5c40e916c717

Download Submit
C:\Windows\System\fZCOjLW.exe

Filesize
6.0MB

MD5
a1a44bc7d85da41dc62d8759cd33a3f1

SHA1
98f94522c1e98739ab56a6690da4c0c0457fb1ca

SHA256
616c4cb55395dfaf5d1dbdf477b123025b78780ca3eb3a485ed262ca1e85e973

SHA512
fe998172e9a60da6e3057a71bc28517b2ce020114f617cba6ba00e50b0fc13b9ee42b91540ccadc7e8572376b12540917e8049aa7594d78e77eea5470174ebb7

Download Submit
C:\Windows\System\iZuUYpb.exe

Filesize
6.0MB

MD5
2a8b40ae6cd925735d059f31008e8c17

SHA1
5ccafe8d9a6923c66967d0d41e9f843c699ef640

SHA256
3bc84a6983fda39cd8b11c0a4399e356fff28b0b837efbb88a61c36ea9921436

SHA512
a88ca1601369ca442e80bf00032649664652ac48e30b163b230ed2e9898edaf06cfb2b002f2dc53fead4b90ced747fe178912bce54454498c2774617d852e903

Download Submit
C:\Windows\System\jnjXUqo.exe

Filesize
6.0MB

MD5
a47ac7f3564d7432fa65737858494bb4

SHA1
dd5aef40fad1fcc333ef32e48beef212ee3f7d46

SHA256
827ae09d675b87079729b773f79c4f1d4495fc5b8b751e9b082e83a806348c94

SHA512
c1c308b168a590718758127b26cf0a413d48b2e8cf2ea1890e2ca74761599f69b5b80fe7b0986a72d2d7172a2ef660ae8d881ec44663c5049e703eaeaeff068d

Download Submit
C:\Windows\System\jsJizaz.exe

Filesize
6.0MB

MD5
fd93bd32fede724b65e9fc4812495f56

SHA1
aadb336c1a84308a4d07af273fc6bcb15e59f765

SHA256
c6765c12ae5ac7f4b4d5281e873a83a36bcc01dd87713f662f4ca6d3cfa9cc90

SHA512
74891e56573ecf306127d3d2c0907fbc41200a926ecd38c2f90f887d9378632fd2f4c3f6afb67bdf593fa09321c753bd12e7a98105a2c58b6a638cf1a70dfbb1

Download Submit
C:\Windows\System\lyJzYUl.exe

Filesize
6.0MB

MD5
2b5e990cbf4168fd845039fc4e4d6fdb

SHA1
4b283ec079da9f3e7ed2c3ac98fffb01fe1c4d97

SHA256
062ba65c0690c711666c5f75f5c100fd575b50cf1bee135df7f6fbb0888e5a8c

SHA512
917c990c76a9f52eded2e7b33e87b7da6385c676ab8f1e5971d3e0ea426c8c2292b13e4c7a75c37afae315e11c390b889d8401dbddce7d2852229a1f647b9de8

Download Submit
C:\Windows\System\mATVvgi.exe

Filesize
6.0MB

MD5
5479437d83d77ab99207378af316f233

SHA1
2535872923db698185c294172e3e39b0d1a42306

SHA256
e00b27ddde5c8b85f98d9c4bea69a4146995a989671e6a72073cdd7d3c9d10fc

SHA512
61baecccf00321b2d1ec6ab9248468f7dd0b6140f26da9a778891ad74412c0f885636764ef4c5be1ea427044041f0b0ba31e2a79b17ec9777269e264722ca4f6

Download Submit
C:\Windows\System\rjzSLLF.exe

Filesize
6.0MB

MD5
c4f66a43b578e4305ad7117f88697d13

SHA1
321e5c33a5264db27129a7f09f035fc3a26a7496

SHA256
cdc2deb575389538025f804a78689c34b1ccb4ea4f4dc9dd869f05a7b5dcfbcd

SHA512
d7b0a9c28c3d808bfb2f75a1962120346bea48138e0cc6bb4a7a5fac6fb2a204bd275fe61b1d951d55204dec09b9f417c26ed3ccdac0d9df5d05dafb8afb546b

Download Submit
C:\Windows\System\rpbSBqd.exe

Filesize
6.0MB

MD5
258502e0ccba1cac632304373c816010

SHA1
d13ec6cb1df5ccb5391d18d4c2b89524d83926d0

SHA256
30bc73b2d53be1ba942b30747157443c56da816e548d94200aae2ccd09a61f54

SHA512
5ac02b15151ed0b0daa2e44976dc7cd55fe0f309c14d7dde49a83eb3aaad4e266f2a6997b8281922639ce7319f316ce950a126d853c59b546d2ba74084c4bf84

Download Submit
C:\Windows\System\veFlSzk.exe

Filesize
6.0MB

MD5
a7ef1e142c6ca3d2078d77a7e3897349

SHA1
8f911f7cec8fd156bf876e1d04942e6035a331d6

SHA256
c665eaf9ae7b641debaa055d35bf47a214831969b111c7a9e42cffb1c4f8df4e

SHA512
5dc18e8303ea3116824582ba5ce809ce74dc82f660c636faebd13aa5205d5c4dc25c014159bdedc82e3b494564a6455dc9879efacbb3baeba2e63cb76661eb02

Download Submit
C:\Windows\System\yIqmnVw.exe

Filesize
6.0MB

MD5
02a9e5e1333f5ac7ccd71bae5b520f59

SHA1
0ba88b1e0afb4ff5e5222c384f3c46b50d62f729

SHA256
bbc8beeb0670d26f82cbb388d3bf084dd02a83a509675c02182a4c7eb4956b99

SHA512
d12c3379bcb0073addefaaf8b7a2061b7b579d37f0bfb5e468e9ffccb54ae6c1f42624e2ca39fa175162ae5fa7bce43b07e3737bbe9c9629bfa8685c3bea7046

Download Submit
memory/400-2294-0x00007FF630E70000-0x00007FF6311C4000-memory.dmp

Filesize
3.3MB

Download
memory/400-323-0x00007FF630E70000-0x00007FF6311C4000-memory.dmp

Filesize
3.3MB

Download
memory/436-2273-0x00007FF6DFE90000-0x00007FF6E01E4000-memory.dmp

Filesize
3.3MB

Download
memory/436-32-0x00007FF6DFE90000-0x00007FF6E01E4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-2295-0x00007FF748550000-0x00007FF7488A4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-324-0x00007FF748550000-0x00007FF7488A4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2276-0x00007FF6AD730000-0x00007FF6ADA84000-memory.dmp

Filesize
3.3MB

Download
memory/1440-625-0x00007FF6AD730000-0x00007FF6ADA84000-memory.dmp

Filesize
3.3MB

Download
memory/1440-48-0x00007FF6AD730000-0x00007FF6ADA84000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2288-0x00007FF7067E0000-0x00007FF706B34000-memory.dmp

Filesize
3.3MB

Download
memory/1540-314-0x00007FF7067E0000-0x00007FF706B34000-memory.dmp

Filesize
3.3MB

Download
memory/2040-316-0x00007FF794AB0000-0x00007FF794E04000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2289-0x00007FF794AB0000-0x00007FF794E04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-308-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2281-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp

Filesize
3.3MB

Download
memory/2192-325-0x00007FF6CA670000-0x00007FF6CA9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2297-0x00007FF6CA670000-0x00007FF6CA9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-66-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-627-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2277-0x00007FF6BB680000-0x00007FF6BB9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-317-0x00007FF6B6820000-0x00007FF6B6B74000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2290-0x00007FF6B6820000-0x00007FF6B6B74000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2274-0x00007FF602870000-0x00007FF602BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-38-0x00007FF602870000-0x00007FF602BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-526-0x00007FF602870000-0x00007FF602BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2271-0x00007FF77D210000-0x00007FF77D564000-memory.dmp

Filesize
3.3MB

Download
memory/2640-20-0x00007FF77D210000-0x00007FF77D564000-memory.dmp

Filesize
3.3MB

Download
memory/2640-390-0x00007FF77D210000-0x00007FF77D564000-memory.dmp

Filesize
3.3MB

Download
memory/2876-328-0x00007FF7663E0000-0x00007FF766734000-memory.dmp

Filesize
3.3MB

Download
memory/2876-12-0x00007FF7663E0000-0x00007FF766734000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2286-0x00007FF7DF580000-0x00007FF7DF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-312-0x00007FF7DF580000-0x00007FF7DF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2291-0x00007FF7EA900000-0x00007FF7EAC54000-memory.dmp

Filesize
3.3MB

Download
memory/3024-319-0x00007FF7EA900000-0x00007FF7EAC54000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2280-0x00007FF774B10000-0x00007FF774E64000-memory.dmp

Filesize
3.3MB

Download
memory/3176-93-0x00007FF774B10000-0x00007FF774E64000-memory.dmp

Filesize
3.3MB

Download
memory/3276-88-0x00007FF6B3600000-0x00007FF6B3954000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2278-0x00007FF6B3600000-0x00007FF6B3954000-memory.dmp

Filesize
3.3MB

Download
memory/3304-69-0x00007FF6225A0000-0x00007FF6228F4000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2279-0x00007FF6225A0000-0x00007FF6228F4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-1-0x0000023B383F0000-0x0000023B38400000-memory.dmp

Filesize
64KB

Download
memory/3628-0-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-73-0x00007FF6DDB60000-0x00007FF6DDEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-102-0x00007FF7243D0000-0x00007FF724724000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2283-0x00007FF7243D0000-0x00007FF724724000-memory.dmp

Filesize
3.3MB

Download
memory/3640-707-0x00007FF7243D0000-0x00007FF724724000-memory.dmp

Filesize
3.3MB

Download
memory/3960-327-0x00007FF7B5EF0000-0x00007FF7B6244000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2287-0x00007FF7B5EF0000-0x00007FF7B6244000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2275-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp

Filesize
3.3MB

Download
memory/4012-42-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp

Filesize
3.3MB

Download
memory/4012-578-0x00007FF66DE30000-0x00007FF66E184000-memory.dmp

Filesize
3.3MB

Download
memory/4268-326-0x00007FF74BA90000-0x00007FF74BDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2296-0x00007FF74BA90000-0x00007FF74BDE4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-320-0x00007FF711A00000-0x00007FF711D54000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2293-0x00007FF711A00000-0x00007FF711D54000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2284-0x00007FF6A6880000-0x00007FF6A6BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-309-0x00007FF6A6880000-0x00007FF6A6BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2272-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp

Filesize
3.3MB

Download
memory/4812-26-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp

Filesize
3.3MB

Download
memory/4812-395-0x00007FF76F710000-0x00007FF76FA64000-memory.dmp

Filesize
3.3MB

Download
memory/4844-7-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp

Filesize
3.3MB

Download
memory/4844-304-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp

Filesize
3.3MB

Download
memory/5028-94-0x00007FF7C7F30000-0x00007FF7C8284000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2282-0x00007FF7C7F30000-0x00007FF7C8284000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2285-0x00007FF751770000-0x00007FF751AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-311-0x00007FF751770000-0x00007FF751AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2292-0x00007FF79CB40000-0x00007FF79CE94000-memory.dmp

Filesize
3.3MB

Download
memory/5108-322-0x00007FF79CB40000-0x00007FF79CE94000-memory.dmp

Filesize
3.3MB

Download