cobaltstrike | baf19e51cf919584360fcf2725e978e7a5507a4927f2efafa1b4d230751efb9e

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
Size

6.0MB
MD5

068a3f8e95aa8c2ceb3bc65f7322069d
SHA1

e3a1a2bc0272f2050bba139c2a609069882a06b9
SHA256

baf19e51cf919584360fcf2725e978e7a5507a4927f2efafa1b4d230751efb9e
SHA512

14577b57a91ea3fd192cee4f0b53ee08901c321eb98f46f58fb680fbdecfd0834bb3686e32991e197068a4ed067f11e6113818708568cbf541b5513b911d6aa7
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUl:eOl56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 44 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012241-6.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015a2d-12.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000015c3c-10.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000015c3c-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d88-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b42-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d06-100.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194d8-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e8-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946f-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a4-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019473-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019410-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b0-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b6a-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019333-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f4-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b73-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b96-93.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194dc-167.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194d6-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939b-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019368-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001931b-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192c9-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018ba2-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b42-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b37-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b15-75.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018ae2-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b33-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018ae8-64.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167db-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015db4-41.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000015c52-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d88-28.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000015c3c-17.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015a2d-8.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012241-3.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 44 IoCs

resource	yara_rule
behavioral1/files/0x000b000000012241-6.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000c000000015a2d-12.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0026000000015c3c-10.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0026000000015c3c-14.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015cb9-20.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015d88-32.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b42-67.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018d06-100.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00040000000194d8-164.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00050000000194e8-170.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000500000001946f-155.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00050000000194a4-153.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019473-147.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019410-143.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000500000001946b-140.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00050000000193b0-134.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019377-127.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b6a-86.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019333-116.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00050000000192f4-110.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b73-94.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b96-93.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00040000000194dc-167.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00040000000194d6-162.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019485-160.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000500000001939b-133.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0005000000019368-126.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000500000001931b-125.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00050000000192c9-108.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018ba2-107.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b42-81.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b4a-80.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b37-79.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b15-75.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000018ae2-74.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018b33-73.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0006000000018ae8-64.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x00080000000167db-57.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015db4-41.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0011000000015c52-40.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0007000000015d88-28.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x0026000000015c3c-17.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000c000000015a2d-8.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader
behavioral1/files/0x000b000000012241-3.dat	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/2208-0-0x000000013F730000-0x000000013FA84000-memory.dmp	UPX
behavioral1/files/0x000b000000012241-6.dat	UPX
behavioral1/files/0x000c000000015a2d-12.dat	UPX
behavioral1/files/0x0026000000015c3c-10.dat	UPX
behavioral1/files/0x0026000000015c3c-14.dat	UPX
behavioral1/memory/2056-19-0x000000013F1E0000-0x000000013F534000-memory.dmp	UPX
behavioral1/memory/2540-25-0x000000013F570000-0x000000013F8C4000-memory.dmp	UPX
behavioral1/files/0x0007000000015cb9-20.dat	UPX
behavioral1/files/0x0007000000015d88-32.dat	UPX
behavioral1/files/0x0006000000018b42-67.dat	UPX
behavioral1/files/0x0006000000018d06-100.dat	UPX
behavioral1/memory/2412-314-0x000000013F400000-0x000000013F754000-memory.dmp	UPX
behavioral1/memory/2464-352-0x000000013F580000-0x000000013F8D4000-memory.dmp	UPX
behavioral1/memory/2068-353-0x000000013F460000-0x000000013F7B4000-memory.dmp	UPX
behavioral1/memory/2044-367-0x000000013F5C0000-0x000000013F914000-memory.dmp	UPX
behavioral1/memory/1360-402-0x000000013FE90000-0x00000001401E4000-memory.dmp	UPX
behavioral1/memory/1816-512-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/1100-528-0x000000013FDA0000-0x00000001400F4000-memory.dmp	UPX
behavioral1/memory/364-587-0x000000013F830000-0x000000013FB84000-memory.dmp	UPX
behavioral1/memory/2676-862-0x000000013FCE0000-0x0000000140034000-memory.dmp	UPX
behavioral1/memory/2056-1094-0x000000013F1E0000-0x000000013F534000-memory.dmp	UPX
behavioral1/memory/2560-1377-0x000000013F110000-0x000000013F464000-memory.dmp	UPX
behavioral1/memory/344-493-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
behavioral1/memory/2308-416-0x000000013FF20000-0x0000000140274000-memory.dmp	UPX
behavioral1/memory/2656-370-0x000000013F130000-0x000000013F484000-memory.dmp	UPX
behavioral1/memory/580-355-0x000000013FA30000-0x000000013FD84000-memory.dmp	UPX
behavioral1/memory/2568-311-0x000000013F450000-0x000000013F7A4000-memory.dmp	UPX
behavioral1/files/0x00040000000194d8-164.dat	UPX
behavioral1/files/0x00050000000194e8-170.dat	UPX
behavioral1/files/0x000500000001946f-155.dat	UPX
behavioral1/files/0x00050000000194a4-153.dat	UPX
behavioral1/files/0x0005000000019473-147.dat	UPX
behavioral1/files/0x0005000000019410-143.dat	UPX
behavioral1/files/0x000500000001946b-140.dat	UPX
behavioral1/files/0x00050000000193b0-134.dat	UPX
behavioral1/files/0x0005000000019377-127.dat	UPX
behavioral1/files/0x0006000000018b6a-86.dat	UPX
behavioral1/files/0x0005000000019333-116.dat	UPX
behavioral1/files/0x00050000000192f4-110.dat	UPX
behavioral1/files/0x0006000000018b73-94.dat	UPX
behavioral1/files/0x0006000000018b96-93.dat	UPX
behavioral1/files/0x00040000000194dc-167.dat	UPX
behavioral1/memory/2708-163-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	UPX
behavioral1/files/0x00040000000194d6-162.dat	UPX
behavioral1/memory/2560-161-0x000000013F110000-0x000000013F464000-memory.dmp	UPX
behavioral1/files/0x0005000000019485-160.dat	UPX
behavioral1/files/0x000500000001939b-133.dat	UPX
behavioral1/files/0x0005000000019368-126.dat	UPX
behavioral1/files/0x000500000001931b-125.dat	UPX
behavioral1/files/0x00050000000192c9-108.dat	UPX
behavioral1/files/0x0006000000018ba2-107.dat	UPX
behavioral1/memory/2412-1456-0x000000013F400000-0x000000013F754000-memory.dmp	UPX
behavioral1/memory/2064-85-0x000000013FDD0000-0x0000000140124000-memory.dmp	UPX
behavioral1/files/0x0006000000018b42-81.dat	UPX
behavioral1/files/0x0006000000018b4a-80.dat	UPX
behavioral1/files/0x0006000000018b37-79.dat	UPX
behavioral1/files/0x0006000000018b15-75.dat	UPX
behavioral1/files/0x0007000000018ae2-74.dat	UPX
behavioral1/files/0x0006000000018b33-73.dat	UPX
behavioral1/files/0x0006000000018ae8-64.dat	UPX
behavioral1/files/0x00080000000167db-57.dat	UPX
behavioral1/files/0x0007000000015db4-41.dat	UPX
behavioral1/files/0x0011000000015c52-40.dat	UPX
behavioral1/memory/1384-39-0x000000013FE90000-0x00000001401E4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2208-0-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000b000000012241-6.dat	xmrig
behavioral1/files/0x000c000000015a2d-12.dat	xmrig
behavioral1/files/0x0026000000015c3c-10.dat	xmrig
behavioral1/files/0x0026000000015c3c-14.dat	xmrig
behavioral1/memory/2056-19-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2540-25-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cb9-20.dat	xmrig
behavioral1/files/0x0007000000015d88-32.dat	xmrig
behavioral1/files/0x0006000000018b42-67.dat	xmrig
behavioral1/files/0x0006000000018d06-100.dat	xmrig
behavioral1/memory/2412-314-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2464-352-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2068-353-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2044-367-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1360-402-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1816-512-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/1100-528-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/364-587-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2676-862-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2056-1094-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2560-1377-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/344-493-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2308-416-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2656-370-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/580-355-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2568-311-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00040000000194d8-164.dat	xmrig
behavioral1/files/0x00050000000194e8-170.dat	xmrig
behavioral1/files/0x000500000001946f-155.dat	xmrig
behavioral1/files/0x00050000000194a4-153.dat	xmrig
behavioral1/files/0x0005000000019473-147.dat	xmrig
behavioral1/files/0x0005000000019410-143.dat	xmrig
behavioral1/files/0x000500000001946b-140.dat	xmrig
behavioral1/files/0x00050000000193b0-134.dat	xmrig
behavioral1/files/0x0005000000019377-127.dat	xmrig
behavioral1/files/0x0006000000018b6a-86.dat	xmrig
behavioral1/files/0x0005000000019333-116.dat	xmrig
behavioral1/files/0x00050000000192f4-110.dat	xmrig
behavioral1/files/0x0006000000018b73-94.dat	xmrig
behavioral1/files/0x0006000000018b96-93.dat	xmrig
behavioral1/files/0x00040000000194dc-167.dat	xmrig
behavioral1/memory/2708-163-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00040000000194d6-162.dat	xmrig
behavioral1/memory/2560-161-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0005000000019485-160.dat	xmrig
behavioral1/files/0x000500000001939b-133.dat	xmrig
behavioral1/files/0x0005000000019368-126.dat	xmrig
behavioral1/files/0x000500000001931b-125.dat	xmrig
behavioral1/files/0x00050000000192c9-108.dat	xmrig
behavioral1/files/0x0006000000018ba2-107.dat	xmrig
behavioral1/memory/2412-1456-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2064-85-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b42-81.dat	xmrig
behavioral1/files/0x0006000000018b4a-80.dat	xmrig
behavioral1/files/0x0006000000018b37-79.dat	xmrig
behavioral1/files/0x0006000000018b15-75.dat	xmrig
behavioral1/files/0x0007000000018ae2-74.dat	xmrig
behavioral1/files/0x0006000000018b33-73.dat	xmrig
behavioral1/files/0x0006000000018ae8-64.dat	xmrig
behavioral1/files/0x00080000000167db-57.dat	xmrig
behavioral1/files/0x0007000000015db4-41.dat	xmrig
behavioral1/files/0x0011000000015c52-40.dat	xmrig
behavioral1/memory/1384-39-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig

Executes dropped EXE 5 IoCs

pid	Process
1384	hwXBwng.exe
2056	mZBAKcx.exe
2540	YrvnQVd.exe
2632	BndHhsq.exe
2064	lhzILEh.exe

Loads dropped DLL 7 IoCs

pid	Process
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-0-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000b000000012241-6.dat	upx
behavioral1/files/0x000c000000015a2d-12.dat	upx
behavioral1/files/0x0026000000015c3c-10.dat	upx
behavioral1/files/0x0026000000015c3c-14.dat	upx
behavioral1/memory/2056-19-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2540-25-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-20.dat	upx
behavioral1/files/0x0007000000015d88-32.dat	upx
behavioral1/files/0x0006000000018b42-67.dat	upx
behavioral1/files/0x0006000000018d06-100.dat	upx
behavioral1/memory/2412-314-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2464-352-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2068-353-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2044-367-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1360-402-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/1816-512-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/1100-528-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/364-587-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2676-862-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2056-1094-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2560-1377-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/344-493-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2308-416-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2656-370-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/580-355-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2568-311-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00040000000194d8-164.dat	upx
behavioral1/files/0x00050000000194e8-170.dat	upx
behavioral1/files/0x000500000001946f-155.dat	upx
behavioral1/files/0x00050000000194a4-153.dat	upx
behavioral1/files/0x0005000000019473-147.dat	upx
behavioral1/files/0x0005000000019410-143.dat	upx
behavioral1/files/0x000500000001946b-140.dat	upx
behavioral1/files/0x00050000000193b0-134.dat	upx
behavioral1/files/0x0005000000019377-127.dat	upx
behavioral1/files/0x0006000000018b6a-86.dat	upx
behavioral1/files/0x0005000000019333-116.dat	upx
behavioral1/files/0x00050000000192f4-110.dat	upx
behavioral1/files/0x0006000000018b73-94.dat	upx
behavioral1/files/0x0006000000018b96-93.dat	upx
behavioral1/files/0x00040000000194dc-167.dat	upx
behavioral1/memory/2708-163-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00040000000194d6-162.dat	upx
behavioral1/memory/2560-161-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0005000000019485-160.dat	upx
behavioral1/files/0x000500000001939b-133.dat	upx
behavioral1/files/0x0005000000019368-126.dat	upx
behavioral1/files/0x000500000001931b-125.dat	upx
behavioral1/files/0x00050000000192c9-108.dat	upx
behavioral1/files/0x0006000000018ba2-107.dat	upx
behavioral1/memory/2412-1456-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2064-85-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0006000000018b42-81.dat	upx
behavioral1/files/0x0006000000018b4a-80.dat	upx
behavioral1/files/0x0006000000018b37-79.dat	upx
behavioral1/files/0x0006000000018b15-75.dat	upx
behavioral1/files/0x0007000000018ae2-74.dat	upx
behavioral1/files/0x0006000000018b33-73.dat	upx
behavioral1/files/0x0006000000018ae8-64.dat	upx
behavioral1/files/0x00080000000167db-57.dat	upx
behavioral1/files/0x0007000000015db4-41.dat	upx
behavioral1/files/0x0011000000015c52-40.dat	upx
behavioral1/memory/1384-39-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\System\JKtLeop.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\hwXBwng.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mZBAKcx.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\YrvnQVd.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BndHhsq.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lhzILEh.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\gvoELWE.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\acEVcws.exe	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1384	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	29
PID 2208 wrote to memory of 1384	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	29
PID 2208 wrote to memory of 1384	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	29
PID 2208 wrote to memory of 2056	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	30
PID 2208 wrote to memory of 2056	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	30
PID 2208 wrote to memory of 2056	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	30
PID 2208 wrote to memory of 2540	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	31
PID 2208 wrote to memory of 2540	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	31
PID 2208 wrote to memory of 2540	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	31
PID 2208 wrote to memory of 2632	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	32
PID 2208 wrote to memory of 2632	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	32
PID 2208 wrote to memory of 2632	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	32
PID 2208 wrote to memory of 2064	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	587
PID 2208 wrote to memory of 2064	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	587
PID 2208 wrote to memory of 2064	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	587
PID 2208 wrote to memory of 2560	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	572
PID 2208 wrote to memory of 2560	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	572
PID 2208 wrote to memory of 2560	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	572
PID 2208 wrote to memory of 2708	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	33
PID 2208 wrote to memory of 2708	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	33
PID 2208 wrote to memory of 2708	2208	2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe	33

C:\Users\Admin\AppData\Local\Temp\2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-28_068a3f8e95aa8c2ceb3bc65f7322069d_cobalt-strike_cobaltstrike.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\System\hwXBwng.exe
  C:\Windows\System\hwXBwng.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\mZBAKcx.exe
  C:\Windows\System\mZBAKcx.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\YrvnQVd.exe
  C:\Windows\System\YrvnQVd.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\BndHhsq.exe
  C:\Windows\System\BndHhsq.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\acEVcws.exe
  C:\Windows\System\acEVcws.exe
  2⤵
  PID:2708
- C:\Windows\System\dzKSfBr.exe
  C:\Windows\System\dzKSfBr.exe
  2⤵
  PID:2464
- C:\Windows\System\TSCRjhT.exe
  C:\Windows\System\TSCRjhT.exe
  2⤵
  PID:580
- C:\Windows\System\dbciXgw.exe
  C:\Windows\System\dbciXgw.exe
  2⤵
  PID:2308
- C:\Windows\System\lLPISgj.exe
  C:\Windows\System\lLPISgj.exe
  2⤵
  PID:2768
- C:\Windows\System\OBurieH.exe
  C:\Windows\System\OBurieH.exe
  2⤵
  PID:2552
- C:\Windows\System\jOtmGzl.exe
  C:\Windows\System\jOtmGzl.exe
  2⤵
  PID:1644
- C:\Windows\System\DWvIFLy.exe
  C:\Windows\System\DWvIFLy.exe
  2⤵
  PID:1988
- C:\Windows\System\hxnNAII.exe
  C:\Windows\System\hxnNAII.exe
  2⤵
  PID:644
- C:\Windows\System\etgFzcs.exe
  C:\Windows\System\etgFzcs.exe
  2⤵
  PID:2580
- C:\Windows\System\nujSRkp.exe
  C:\Windows\System\nujSRkp.exe
  2⤵
  PID:2984
- C:\Windows\System\nSuVWFp.exe
  C:\Windows\System\nSuVWFp.exe
  2⤵
  PID:2980
- C:\Windows\System\ihZYnhb.exe
  C:\Windows\System\ihZYnhb.exe
  2⤵
  PID:2220
- C:\Windows\System\eiUOoWR.exe
  C:\Windows\System\eiUOoWR.exe
  2⤵
  PID:1468
- C:\Windows\System\PcqTWaz.exe
  C:\Windows\System\PcqTWaz.exe
  2⤵
  PID:1232
- C:\Windows\System\IoAdBmu.exe
  C:\Windows\System\IoAdBmu.exe
  2⤵
  PID:2124
- C:\Windows\System\NnXPdDi.exe
  C:\Windows\System\NnXPdDi.exe
  2⤵
  PID:1696
- C:\Windows\System\SrtJFZZ.exe
  C:\Windows\System\SrtJFZZ.exe
  2⤵
  PID:1264
- C:\Windows\System\qmkcIqF.exe
  C:\Windows\System\qmkcIqF.exe
  2⤵
  PID:2724
- C:\Windows\System\oOlWwEX.exe
  C:\Windows\System\oOlWwEX.exe
  2⤵
  PID:876
- C:\Windows\System\jvWbPBH.exe
  C:\Windows\System\jvWbPBH.exe
  2⤵
  PID:2156
- C:\Windows\System\ORYOydM.exe
  C:\Windows\System\ORYOydM.exe
  2⤵
  PID:2380
- C:\Windows\System\wuXkfcu.exe
  C:\Windows\System\wuXkfcu.exe
  2⤵
  PID:2180
- C:\Windows\System\bmOIAOt.exe
  C:\Windows\System\bmOIAOt.exe
  2⤵
  PID:2620
- C:\Windows\System\VGSmHCD.exe
  C:\Windows\System\VGSmHCD.exe
  2⤵
  PID:3116
- C:\Windows\System\LaLeHHd.exe
  C:\Windows\System\LaLeHHd.exe
  2⤵
  PID:3196
- C:\Windows\System\VtVMAzG.exe
  C:\Windows\System\VtVMAzG.exe
  2⤵
  PID:3260
- C:\Windows\System\gIGDWUY.exe
  C:\Windows\System\gIGDWUY.exe
  2⤵
  PID:3308
- C:\Windows\System\QqkIPGG.exe
  C:\Windows\System\QqkIPGG.exe
  2⤵
  PID:3340
- C:\Windows\System\MtdXDnp.exe
  C:\Windows\System\MtdXDnp.exe
  2⤵
  PID:3436
- C:\Windows\System\lttWyih.exe
  C:\Windows\System\lttWyih.exe
  2⤵
  PID:3420
- C:\Windows\System\xpekQtS.exe
  C:\Windows\System\xpekQtS.exe
  2⤵
  PID:3400
- C:\Windows\System\IWiZeYk.exe
  C:\Windows\System\IWiZeYk.exe
  2⤵
  PID:3832
- C:\Windows\System\BMMuSym.exe
  C:\Windows\System\BMMuSym.exe
  2⤵
  PID:3812
- C:\Windows\System\UNxNGRw.exe
  C:\Windows\System\UNxNGRw.exe
  2⤵
  PID:3944
- C:\Windows\System\odRVqWh.exe
  C:\Windows\System\odRVqWh.exe
  2⤵
  PID:3928
- C:\Windows\System\BaoqVcR.exe
  C:\Windows\System\BaoqVcR.exe
  2⤵
  PID:4028
- C:\Windows\System\ZzhuPcf.exe
  C:\Windows\System\ZzhuPcf.exe
  2⤵
  PID:3036
- C:\Windows\System\sabdwnf.exe
  C:\Windows\System\sabdwnf.exe
  2⤵
  PID:2988
- C:\Windows\System\EAOyJhj.exe
  C:\Windows\System\EAOyJhj.exe
  2⤵
  PID:2224
- C:\Windows\System\TzqaLBi.exe
  C:\Windows\System\TzqaLBi.exe
  2⤵
  PID:3388
- C:\Windows\System\KVpKtXe.exe
  C:\Windows\System\KVpKtXe.exe
  2⤵
  PID:3444
- C:\Windows\System\IrJFvew.exe
  C:\Windows\System\IrJFvew.exe
  2⤵
  PID:3376
- C:\Windows\System\uylEbTS.exe
  C:\Windows\System\uylEbTS.exe
  2⤵
  PID:3624
- C:\Windows\System\mTfUgQV.exe
  C:\Windows\System\mTfUgQV.exe
  2⤵
  PID:3688
- C:\Windows\System\lQzaGCs.exe
  C:\Windows\System\lQzaGCs.exe
  2⤵
  PID:3864
- C:\Windows\System\GmJRwyp.exe
  C:\Windows\System\GmJRwyp.exe
  2⤵
  PID:3808
- C:\Windows\System\qsGbkWW.exe
  C:\Windows\System\qsGbkWW.exe
  2⤵
  PID:3924
- C:\Windows\System\EAaJiHl.exe
  C:\Windows\System\EAaJiHl.exe
  2⤵
  PID:1904
- C:\Windows\System\DSILCID.exe
  C:\Windows\System\DSILCID.exe
  2⤵
  PID:3332
- C:\Windows\System\KdEgGRS.exe
  C:\Windows\System\KdEgGRS.exe
  2⤵
  PID:2528
- C:\Windows\System\JTDKXYq.exe
  C:\Windows\System\JTDKXYq.exe
  2⤵
  PID:3448
- C:\Windows\System\agBsdfh.exe
  C:\Windows\System\agBsdfh.exe
  2⤵
  PID:3156
- C:\Windows\System\UdlRUNf.exe
  C:\Windows\System\UdlRUNf.exe
  2⤵
  PID:2996
- C:\Windows\System\aRwkFRE.exe
  C:\Windows\System\aRwkFRE.exe
  2⤵
  PID:3784
- C:\Windows\System\BzZbbDH.exe
  C:\Windows\System\BzZbbDH.exe
  2⤵
  PID:2060
- C:\Windows\System\qymjhuK.exe
  C:\Windows\System\qymjhuK.exe
  2⤵
  PID:3728
- C:\Windows\System\wbEBjmY.exe
  C:\Windows\System\wbEBjmY.exe
  2⤵
  PID:944
- C:\Windows\System\lvdCcSf.exe
  C:\Windows\System\lvdCcSf.exe
  2⤵
  PID:3360
- C:\Windows\System\XRXexdf.exe
  C:\Windows\System\XRXexdf.exe
  2⤵
  PID:536
- C:\Windows\System\dgwojCd.exe
  C:\Windows\System\dgwojCd.exe
  2⤵
  PID:3568
- C:\Windows\System\wQVMqUQ.exe
  C:\Windows\System\wQVMqUQ.exe
  2⤵
  PID:1960
- C:\Windows\System\OqZVhhi.exe
  C:\Windows\System\OqZVhhi.exe
  2⤵
  PID:3128
- C:\Windows\System\byhhnHa.exe
  C:\Windows\System\byhhnHa.exe
  2⤵
  PID:596
- C:\Windows\System\jAYtKbd.exe
  C:\Windows\System\jAYtKbd.exe
  2⤵
  PID:3428
- C:\Windows\System\bGICSQQ.exe
  C:\Windows\System\bGICSQQ.exe
  2⤵
  PID:3804
- C:\Windows\System\IIOmAEQ.exe
  C:\Windows\System\IIOmAEQ.exe
  2⤵
  PID:3524
- C:\Windows\System\BNdJLqM.exe
  C:\Windows\System\BNdJLqM.exe
  2⤵
  PID:4072
- C:\Windows\System\rceqLdM.exe
  C:\Windows\System\rceqLdM.exe
  2⤵
  PID:4128
- C:\Windows\System\veXhVXK.exe
  C:\Windows\System\veXhVXK.exe
  2⤵
  PID:4112
- C:\Windows\System\ooTrqWY.exe
  C:\Windows\System\ooTrqWY.exe
  2⤵
  PID:4228
- C:\Windows\System\DcmgIvK.exe
  C:\Windows\System\DcmgIvK.exe
  2⤵
  PID:4292
- C:\Windows\System\QdWmJjP.exe
  C:\Windows\System\QdWmJjP.exe
  2⤵
  PID:4312
- C:\Windows\System\glnqYQc.exe
  C:\Windows\System\glnqYQc.exe
  2⤵
  PID:4360
- C:\Windows\System\VrQQOPf.exe
  C:\Windows\System\VrQQOPf.exe
  2⤵
  PID:4344
- C:\Windows\System\GFrfsnt.exe
  C:\Windows\System\GFrfsnt.exe
  2⤵
  PID:4328
- C:\Windows\System\ysLshhe.exe
  C:\Windows\System\ysLshhe.exe
  2⤵
  PID:4444
- C:\Windows\System\ZQVLqwZ.exe
  C:\Windows\System\ZQVLqwZ.exe
  2⤵
  PID:4428
- C:\Windows\System\XGtcpLZ.exe
  C:\Windows\System\XGtcpLZ.exe
  2⤵
  PID:4512
- C:\Windows\System\YlgGLfa.exe
  C:\Windows\System\YlgGLfa.exe
  2⤵
  PID:4496
- C:\Windows\System\UJCqigH.exe
  C:\Windows\System\UJCqigH.exe
  2⤵
  PID:4480
- C:\Windows\System\axyGVNR.exe
  C:\Windows\System\axyGVNR.exe
  2⤵
  PID:4612
- C:\Windows\System\godVrTG.exe
  C:\Windows\System\godVrTG.exe
  2⤵
  PID:4596
- C:\Windows\System\WMvQrUT.exe
  C:\Windows\System\WMvQrUT.exe
  2⤵
  PID:4580
- C:\Windows\System\fMbwwqJ.exe
  C:\Windows\System\fMbwwqJ.exe
  2⤵
  PID:4632
- C:\Windows\System\mrkVMID.exe
  C:\Windows\System\mrkVMID.exe
  2⤵
  PID:4564
- C:\Windows\System\KKjgOHl.exe
  C:\Windows\System\KKjgOHl.exe
  2⤵
  PID:4548
- C:\Windows\System\ocDsCjm.exe
  C:\Windows\System\ocDsCjm.exe
  2⤵
  PID:4532
- C:\Windows\System\QoUVsSk.exe
  C:\Windows\System\QoUVsSk.exe
  2⤵
  PID:4464
- C:\Windows\System\VNbXoNU.exe
  C:\Windows\System\VNbXoNU.exe
  2⤵
  PID:4412
- C:\Windows\System\CcwDaxT.exe
  C:\Windows\System\CcwDaxT.exe
  2⤵
  PID:4396
- C:\Windows\System\RncfYCk.exe
  C:\Windows\System\RncfYCk.exe
  2⤵
  PID:4380
- C:\Windows\System\hViLTnG.exe
  C:\Windows\System\hViLTnG.exe
  2⤵
  PID:4276
- C:\Windows\System\XSJgCNS.exe
  C:\Windows\System\XSJgCNS.exe
  2⤵
  PID:4260
- C:\Windows\System\bnHCWPb.exe
  C:\Windows\System\bnHCWPb.exe
  2⤵
  PID:4244
- C:\Windows\System\bzoVphy.exe
  C:\Windows\System\bzoVphy.exe
  2⤵
  PID:4736
- C:\Windows\System\GEyMxjT.exe
  C:\Windows\System\GEyMxjT.exe
  2⤵
  PID:4720
- C:\Windows\System\skTnmoP.exe
  C:\Windows\System\skTnmoP.exe
  2⤵
  PID:4704
- C:\Windows\System\CAqVXIC.exe
  C:\Windows\System\CAqVXIC.exe
  2⤵
  PID:4688
- C:\Windows\System\BUfxRlb.exe
  C:\Windows\System\BUfxRlb.exe
  2⤵
  PID:4824
- C:\Windows\System\xpsZtky.exe
  C:\Windows\System\xpsZtky.exe
  2⤵
  PID:4808
- C:\Windows\System\ymkwMUp.exe
  C:\Windows\System\ymkwMUp.exe
  2⤵
  PID:4792
- C:\Windows\System\NvSfoIx.exe
  C:\Windows\System\NvSfoIx.exe
  2⤵
  PID:4776
- C:\Windows\System\PyGfgXU.exe
  C:\Windows\System\PyGfgXU.exe
  2⤵
  PID:4756
- C:\Windows\System\sSetFmW.exe
  C:\Windows\System\sSetFmW.exe
  2⤵
  PID:4668
- C:\Windows\System\EINPlvp.exe
  C:\Windows\System\EINPlvp.exe
  2⤵
  PID:4892
- C:\Windows\System\uuahWXn.exe
  C:\Windows\System\uuahWXn.exe
  2⤵
  PID:4908
- C:\Windows\System\ozmHYTL.exe
  C:\Windows\System\ozmHYTL.exe
  2⤵
  PID:4992
- C:\Windows\System\ZMYEbrw.exe
  C:\Windows\System\ZMYEbrw.exe
  2⤵
  PID:4976
- C:\Windows\System\ZWbVBpG.exe
  C:\Windows\System\ZWbVBpG.exe
  2⤵
  PID:4960
- C:\Windows\System\pztqVOu.exe
  C:\Windows\System\pztqVOu.exe
  2⤵
  PID:5016
- C:\Windows\System\ZVGmgbd.exe
  C:\Windows\System\ZVGmgbd.exe
  2⤵
  PID:4944
- C:\Windows\System\tWtADSt.exe
  C:\Windows\System\tWtADSt.exe
  2⤵
  PID:4928
- C:\Windows\System\zMIBgeL.exe
  C:\Windows\System\zMIBgeL.exe
  2⤵
  PID:4876
- C:\Windows\System\QAOUFxj.exe
  C:\Windows\System\QAOUFxj.exe
  2⤵
  PID:5036
- C:\Windows\System\iaSJqNW.exe
  C:\Windows\System\iaSJqNW.exe
  2⤵
  PID:4860
- C:\Windows\System\sZVeaJR.exe
  C:\Windows\System\sZVeaJR.exe
  2⤵
  PID:4844
- C:\Windows\System\tPcqSbD.exe
  C:\Windows\System\tPcqSbD.exe
  2⤵
  PID:4212
- C:\Windows\System\vqdnWHo.exe
  C:\Windows\System\vqdnWHo.exe
  2⤵
  PID:4196
- C:\Windows\System\qAljCjb.exe
  C:\Windows\System\qAljCjb.exe
  2⤵
  PID:4180
- C:\Windows\System\KoPIOay.exe
  C:\Windows\System\KoPIOay.exe
  2⤵
  PID:4164
- C:\Windows\System\DkfsuMD.exe
  C:\Windows\System\DkfsuMD.exe
  2⤵
  PID:4144
- C:\Windows\System\lhvDAur.exe
  C:\Windows\System\lhvDAur.exe
  2⤵
  PID:3752
- C:\Windows\System\YxLtQbC.exe
  C:\Windows\System\YxLtQbC.exe
  2⤵
  PID:3824
- C:\Windows\System\UaLZUyI.exe
  C:\Windows\System\UaLZUyI.exe
  2⤵
  PID:3416
- C:\Windows\System\lpmkygV.exe
  C:\Windows\System\lpmkygV.exe
  2⤵
  PID:3252
- C:\Windows\System\DYsXjQl.exe
  C:\Windows\System\DYsXjQl.exe
  2⤵
  PID:3228
- C:\Windows\System\cGGinFF.exe
  C:\Windows\System\cGGinFF.exe
  2⤵
  PID:3212
- C:\Windows\System\VGoobzv.exe
  C:\Windows\System\VGoobzv.exe
  2⤵
  PID:2436
- C:\Windows\System\zUWppEO.exe
  C:\Windows\System\zUWppEO.exe
  2⤵
  PID:3852
- C:\Windows\System\FvsogYP.exe
  C:\Windows\System\FvsogYP.exe
  2⤵
  PID:2232
- C:\Windows\System\OsWJiSc.exe
  C:\Windows\System\OsWJiSc.exe
  2⤵
  PID:2864
- C:\Windows\System\fRsEWhg.exe
  C:\Windows\System\fRsEWhg.exe
  2⤵
  PID:3608
- C:\Windows\System\LuIfbtc.exe
  C:\Windows\System\LuIfbtc.exe
  2⤵
  PID:3432
- C:\Windows\System\oUnmWpo.exe
  C:\Windows\System\oUnmWpo.exe
  2⤵
  PID:3396
- C:\Windows\System\djAXSHU.exe
  C:\Windows\System\djAXSHU.exe
  2⤵
  PID:5060
- C:\Windows\System\OgGHFxv.exe
  C:\Windows\System\OgGHFxv.exe
  2⤵
  PID:5112
- C:\Windows\System\ZOJnwmR.exe
  C:\Windows\System\ZOJnwmR.exe
  2⤵
  PID:2548
- C:\Windows\System\hIubGYC.exe
  C:\Windows\System\hIubGYC.exe
  2⤵
  PID:4252
- C:\Windows\System\bZtDkNW.exe
  C:\Windows\System\bZtDkNW.exe
  2⤵
  PID:988
- C:\Windows\System\fnyOYka.exe
  C:\Windows\System\fnyOYka.exe
  2⤵
  PID:4152
- C:\Windows\System\thzudGs.exe
  C:\Windows\System\thzudGs.exe
  2⤵
  PID:3656
- C:\Windows\System\ZwSVQHm.exe
  C:\Windows\System\ZwSVQHm.exe
  2⤵
  PID:1992
- C:\Windows\System\QEqMEbO.exe
  C:\Windows\System\QEqMEbO.exe
  2⤵
  PID:4108
- C:\Windows\System\SZrVMap.exe
  C:\Windows\System\SZrVMap.exe
  2⤵
  PID:4208
- C:\Windows\System\TTYOObh.exe
  C:\Windows\System\TTYOObh.exe
  2⤵
  PID:3040
- C:\Windows\System\cvPvyJh.exe
  C:\Windows\System\cvPvyJh.exe
  2⤵
  PID:4288
- C:\Windows\System\JLyWTDx.exe
  C:\Windows\System\JLyWTDx.exe
  2⤵
  PID:1772
- C:\Windows\System\prCfvLo.exe
  C:\Windows\System\prCfvLo.exe
  2⤵
  PID:4336
- C:\Windows\System\DdXJyMs.exe
  C:\Windows\System\DdXJyMs.exe
  2⤵
  PID:2420
- C:\Windows\System\JElmiVV.exe
  C:\Windows\System\JElmiVV.exe
  2⤵
  PID:4520
- C:\Windows\System\xsqMdxD.exe
  C:\Windows\System\xsqMdxD.exe
  2⤵
  PID:3876
- C:\Windows\System\BbMuPzW.exe
  C:\Windows\System\BbMuPzW.exe
  2⤵
  PID:4424
- C:\Windows\System\LqlthDz.exe
  C:\Windows\System\LqlthDz.exe
  2⤵
  PID:1572
- C:\Windows\System\qtVIRCu.exe
  C:\Windows\System\qtVIRCu.exe
  2⤵
  PID:2592
- C:\Windows\System\MoRWtcH.exe
  C:\Windows\System\MoRWtcH.exe
  2⤵
  PID:4588
- C:\Windows\System\hsKFxuq.exe
  C:\Windows\System\hsKFxuq.exe
  2⤵
  PID:4408
- C:\Windows\System\AIbynCJ.exe
  C:\Windows\System\AIbynCJ.exe
  2⤵
  PID:2012
- C:\Windows\System\ZdSFONz.exe
  C:\Windows\System\ZdSFONz.exe
  2⤵
  PID:480
- C:\Windows\System\zcJWpzl.exe
  C:\Windows\System\zcJWpzl.exe
  2⤵
  PID:4504
- C:\Windows\System\jtpVnkk.exe
  C:\Windows\System\jtpVnkk.exe
  2⤵
  PID:928
- C:\Windows\System\MebIQnD.exe
  C:\Windows\System\MebIQnD.exe
  2⤵
  PID:2104
- C:\Windows\System\FwzlmBU.exe
  C:\Windows\System\FwzlmBU.exe
  2⤵
  PID:2432
- C:\Windows\System\IfiPHev.exe
  C:\Windows\System\IfiPHev.exe
  2⤵
  PID:4356
- C:\Windows\System\RcCtfJW.exe
  C:\Windows\System\RcCtfJW.exe
  2⤵
  PID:4300
- C:\Windows\System\Qpfenlf.exe
  C:\Windows\System\Qpfenlf.exe
  2⤵
  PID:1688
- C:\Windows\System\rJZXuFf.exe
  C:\Windows\System\rJZXuFf.exe
  2⤵
  PID:2764
- C:\Windows\System\OEJrqDV.exe
  C:\Windows\System\OEJrqDV.exe
  2⤵
  PID:1632
- C:\Windows\System\fsCpjyL.exe
  C:\Windows\System\fsCpjyL.exe
  2⤵
  PID:2400
- C:\Windows\System\CpdTAIs.exe
  C:\Windows\System\CpdTAIs.exe
  2⤵
  PID:2572
- C:\Windows\System\qGwRqnT.exe
  C:\Windows\System\qGwRqnT.exe
  2⤵
  PID:4820
- C:\Windows\System\UElXPIm.exe
  C:\Windows\System\UElXPIm.exe
  2⤵
  PID:2760
- C:\Windows\System\TUCCETI.exe
  C:\Windows\System\TUCCETI.exe
  2⤵
  PID:4700
- C:\Windows\System\jkSbhQh.exe
  C:\Windows\System\jkSbhQh.exe
  2⤵
  PID:4752
- C:\Windows\System\uiypPeQ.exe
  C:\Windows\System\uiypPeQ.exe
  2⤵
  PID:4684
- C:\Windows\System\uouGWjK.exe
  C:\Windows\System\uouGWjK.exe
  2⤵
  PID:4984
- C:\Windows\System\MrAEgCs.exe
  C:\Windows\System\MrAEgCs.exe
  2⤵
  PID:3868
- C:\Windows\System\FtcJAzv.exe
  C:\Windows\System\FtcJAzv.exe
  2⤵
  PID:4800
- C:\Windows\System\diVezUJ.exe
  C:\Windows\System\diVezUJ.exe
  2⤵
  PID:4924
- C:\Windows\System\KKQHiAM.exe
  C:\Windows\System\KKQHiAM.exe
  2⤵
  PID:3496
- C:\Windows\System\kfoproz.exe
  C:\Windows\System\kfoproz.exe
  2⤵
  PID:3004
- C:\Windows\System\hnCCKix.exe
  C:\Windows\System\hnCCKix.exe
  2⤵
  PID:5004
- C:\Windows\System\PhOJGAI.exe
  C:\Windows\System\PhOJGAI.exe
  2⤵
  PID:4940
- C:\Windows\System\TTpgoig.exe
  C:\Windows\System\TTpgoig.exe
  2⤵
  PID:1420
- C:\Windows\System\dIEWrdY.exe
  C:\Windows\System\dIEWrdY.exe
  2⤵
  PID:2280
- C:\Windows\System\fWizGdk.exe
  C:\Windows\System\fWizGdk.exe
  2⤵
  PID:3848
- C:\Windows\System\kzEjzmO.exe
  C:\Windows\System\kzEjzmO.exe
  2⤵
  PID:3576
- C:\Windows\System\yDpqzIL.exe
  C:\Windows\System\yDpqzIL.exe
  2⤵
  PID:3352
- C:\Windows\System\JZUOwhX.exe
  C:\Windows\System\JZUOwhX.exe
  2⤵
  PID:3112
- C:\Windows\System\YWKmgFH.exe
  C:\Windows\System\YWKmgFH.exe
  2⤵
  PID:4036
- C:\Windows\System\XDdZEKw.exe
  C:\Windows\System\XDdZEKw.exe
  2⤵
  PID:4284
- C:\Windows\System\WPjSWwz.exe
  C:\Windows\System\WPjSWwz.exe
  2⤵
  PID:2120
- C:\Windows\System\qIHYoBv.exe
  C:\Windows\System\qIHYoBv.exe
  2⤵
  PID:1936
- C:\Windows\System\QKMKJKV.exe
  C:\Windows\System\QKMKJKV.exe
  2⤵
  PID:5080
- C:\Windows\System\snUSmfd.exe
  C:\Windows\System\snUSmfd.exe
  2⤵
  PID:4124
- C:\Windows\System\THWLTaT.exe
  C:\Windows\System\THWLTaT.exe
  2⤵
  PID:4104
- C:\Windows\System\iGSATqa.exe
  C:\Windows\System\iGSATqa.exe
  2⤵
  PID:4388
- C:\Windows\System\mocIuGa.exe
  C:\Windows\System\mocIuGa.exe
  2⤵
  PID:3208
- C:\Windows\System\hmUOxYf.exe
  C:\Windows\System\hmUOxYf.exe
  2⤵
  PID:3748
- C:\Windows\System\RmYWIwz.exe
  C:\Windows\System\RmYWIwz.exe
  2⤵
  PID:4476
- C:\Windows\System\DmvGQlK.exe
  C:\Windows\System\DmvGQlK.exe
  2⤵
  PID:4352
- C:\Windows\System\sJeueXG.exe
  C:\Windows\System\sJeueXG.exe
  2⤵
  PID:4620
- C:\Windows\System\rnkpbCq.exe
  C:\Windows\System\rnkpbCq.exe
  2⤵
  PID:4540
- C:\Windows\System\vLOwlQN.exe
  C:\Windows\System\vLOwlQN.exe
  2⤵
  PID:2024
- C:\Windows\System\ICMPTQV.exe
  C:\Windows\System\ICMPTQV.exe
  2⤵
  PID:940
- C:\Windows\System\DeafbpJ.exe
  C:\Windows\System\DeafbpJ.exe
  2⤵
  PID:2628
- C:\Windows\System\xouPhuu.exe
  C:\Windows\System\xouPhuu.exe
  2⤵
  PID:2016
- C:\Windows\System\PvzCkQm.exe
  C:\Windows\System\PvzCkQm.exe
  2⤵
  PID:5024
- C:\Windows\System\DeacWai.exe
  C:\Windows\System\DeacWai.exe
  2⤵
  PID:4308
- C:\Windows\System\rWrZgKV.exe
  C:\Windows\System\rWrZgKV.exe
  2⤵
  PID:1336
- C:\Windows\System\JghjxTj.exe
  C:\Windows\System\JghjxTj.exe
  2⤵
  PID:4804
- C:\Windows\System\fVmXUOQ.exe
  C:\Windows\System\fVmXUOQ.exe
  2⤵
  PID:4904
- C:\Windows\System\PVhcZwl.exe
  C:\Windows\System\PVhcZwl.exe
  2⤵
  PID:4696
- C:\Windows\System\AsZWFCI.exe
  C:\Windows\System\AsZWFCI.exe
  2⤵
  PID:4956
- C:\Windows\System\tAQgyGb.exe
  C:\Windows\System\tAQgyGb.exe
  2⤵
  PID:4572
- C:\Windows\System\FBhtfJv.exe
  C:\Windows\System\FBhtfJv.exe
  2⤵
  PID:4744
- C:\Windows\System\sxOBEUP.exe
  C:\Windows\System\sxOBEUP.exe
  2⤵
  PID:2500
- C:\Windows\System\UyHFgpk.exe
  C:\Windows\System\UyHFgpk.exe
  2⤵
  PID:1600
- C:\Windows\System\PuVLdhI.exe
  C:\Windows\System\PuVLdhI.exe
  2⤵
  PID:4608
- C:\Windows\System\xcOFYVr.exe
  C:\Windows\System\xcOFYVr.exe
  2⤵
  PID:4176
- C:\Windows\System\xiVidyA.exe
  C:\Windows\System\xiVidyA.exe
  2⤵
  PID:3696
- C:\Windows\System\AhXZeDb.exe
  C:\Windows\System\AhXZeDb.exe
  2⤵
  PID:3336
- C:\Windows\System\YeFaubJ.exe
  C:\Windows\System\YeFaubJ.exe
  2⤵
  PID:3316
- C:\Windows\System\NQXKJXp.exe
  C:\Windows\System\NQXKJXp.exe
  2⤵
  PID:2372
- C:\Windows\System\ZkVtJoH.exe
  C:\Windows\System\ZkVtJoH.exe
  2⤵
  PID:2804
- C:\Windows\System\UiLLZqI.exe
  C:\Windows\System\UiLLZqI.exe
  2⤵
  PID:2888
- C:\Windows\System\qJVbFXE.exe
  C:\Windows\System\qJVbFXE.exe
  2⤵
  PID:4712
- C:\Windows\System\yjActCi.exe
  C:\Windows\System\yjActCi.exe
  2⤵
  PID:1832
- C:\Windows\System\ENQoLMN.exe
  C:\Windows\System\ENQoLMN.exe
  2⤵
  PID:2112
- C:\Windows\System\BAEfuTG.exe
  C:\Windows\System\BAEfuTG.exe
  2⤵
  PID:1712
- C:\Windows\System\CcTGZXN.exe
  C:\Windows\System\CcTGZXN.exe
  2⤵
  PID:2524
- C:\Windows\System\PVkjUWB.exe
  C:\Windows\System\PVkjUWB.exe
  2⤵
  PID:5144
- C:\Windows\System\tujRzxb.exe
  C:\Windows\System\tujRzxb.exe
  2⤵
  PID:5128
- C:\Windows\System\HKAyFkZ.exe
  C:\Windows\System\HKAyFkZ.exe
  2⤵
  PID:4728
- C:\Windows\System\mtGaDyB.exe
  C:\Windows\System\mtGaDyB.exe
  2⤵
  PID:3024
- C:\Windows\System\VVXOIpp.exe
  C:\Windows\System\VVXOIpp.exe
  2⤵
  PID:1276
- C:\Windows\System\NkncDRN.exe
  C:\Windows\System\NkncDRN.exe
  2⤵
  PID:5280
- C:\Windows\System\GavfijQ.exe
  C:\Windows\System\GavfijQ.exe
  2⤵
  PID:5264
- C:\Windows\System\BemITey.exe
  C:\Windows\System\BemITey.exe
  2⤵
  PID:5312
- C:\Windows\System\PEKtitR.exe
  C:\Windows\System\PEKtitR.exe
  2⤵
  PID:5296
- C:\Windows\System\hcLiQpV.exe
  C:\Windows\System\hcLiQpV.exe
  2⤵
  PID:5232
- C:\Windows\System\BaaKlvS.exe
  C:\Windows\System\BaaKlvS.exe
  2⤵
  PID:5216
- C:\Windows\System\dpsBaeU.exe
  C:\Windows\System\dpsBaeU.exe
  2⤵
  PID:5200
- C:\Windows\System\WHaOphP.exe
  C:\Windows\System\WHaOphP.exe
  2⤵
  PID:5184
- C:\Windows\System\wNTGZyE.exe
  C:\Windows\System\wNTGZyE.exe
  2⤵
  PID:5168
- C:\Windows\System\pybNIJY.exe
  C:\Windows\System\pybNIJY.exe
  2⤵
  PID:5392
- C:\Windows\System\ERbxYJe.exe
  C:\Windows\System\ERbxYJe.exe
  2⤵
  PID:5376
- C:\Windows\System\nFcBIar.exe
  C:\Windows\System\nFcBIar.exe
  2⤵
  PID:5360
- C:\Windows\System\FUxUllV.exe
  C:\Windows\System\FUxUllV.exe
  2⤵
  PID:5504
- C:\Windows\System\FBMiGWQ.exe
  C:\Windows\System\FBMiGWQ.exe
  2⤵
  PID:5488
- C:\Windows\System\RttuHLz.exe
  C:\Windows\System\RttuHLz.exe
  2⤵
  PID:5472
- C:\Windows\System\NfpVitN.exe
  C:\Windows\System\NfpVitN.exe
  2⤵
  PID:5456
- C:\Windows\System\yLVolcm.exe
  C:\Windows\System\yLVolcm.exe
  2⤵
  PID:5440
- C:\Windows\System\MIwUxdI.exe
  C:\Windows\System\MIwUxdI.exe
  2⤵
  PID:5424
- C:\Windows\System\ENhaKhU.exe
  C:\Windows\System\ENhaKhU.exe
  2⤵
  PID:5524
- C:\Windows\System\xXNLLma.exe
  C:\Windows\System\xXNLLma.exe
  2⤵
  PID:5576
- C:\Windows\System\GfqqQkq.exe
  C:\Windows\System\GfqqQkq.exe
  2⤵
  PID:5560
- C:\Windows\System\BwzXaiF.exe
  C:\Windows\System\BwzXaiF.exe
  2⤵
  PID:5544
- C:\Windows\System\KDioWmj.exe
  C:\Windows\System\KDioWmj.exe
  2⤵
  PID:5660
- C:\Windows\System\PpQMXon.exe
  C:\Windows\System\PpQMXon.exe
  2⤵
  PID:5644
- C:\Windows\System\NLqznGA.exe
  C:\Windows\System\NLqznGA.exe
  2⤵
  PID:5628
- C:\Windows\System\YpSeicP.exe
  C:\Windows\System\YpSeicP.exe
  2⤵
  PID:5612
- C:\Windows\System\ononloT.exe
  C:\Windows\System\ononloT.exe
  2⤵
  PID:5596
- C:\Windows\System\wWcbBES.exe
  C:\Windows\System\wWcbBES.exe
  2⤵
  PID:5692
- C:\Windows\System\KLVAQpp.exe
  C:\Windows\System\KLVAQpp.exe
  2⤵
  PID:5740
- C:\Windows\System\UOYYOdV.exe
  C:\Windows\System\UOYYOdV.exe
  2⤵
  PID:5724
- C:\Windows\System\NbHNzRi.exe
  C:\Windows\System\NbHNzRi.exe
  2⤵
  PID:5708
- C:\Windows\System\FPgCEeJ.exe
  C:\Windows\System\FPgCEeJ.exe
  2⤵
  PID:5800
- C:\Windows\System\DBionzp.exe
  C:\Windows\System\DBionzp.exe
  2⤵
  PID:5832
- C:\Windows\System\tyrQejG.exe
  C:\Windows\System\tyrQejG.exe
  2⤵
  PID:5816
- C:\Windows\System\YXNNfeK.exe
  C:\Windows\System\YXNNfeK.exe
  2⤵
  PID:5784
- C:\Windows\System\dszESks.exe
  C:\Windows\System\dszESks.exe
  2⤵
  PID:5920
- C:\Windows\System\SbDIWtQ.exe
  C:\Windows\System\SbDIWtQ.exe
  2⤵
  PID:5904
- C:\Windows\System\oROklnJ.exe
  C:\Windows\System\oROklnJ.exe
  2⤵
  PID:5888
- C:\Windows\System\FiGNoEH.exe
  C:\Windows\System\FiGNoEH.exe
  2⤵
  PID:5872
- C:\Windows\System\ZHglKnw.exe
  C:\Windows\System\ZHglKnw.exe
  2⤵
  PID:5856
- C:\Windows\System\ABaWgyA.exe
  C:\Windows\System\ABaWgyA.exe
  2⤵
  PID:5768
- C:\Windows\System\dLBhcKD.exe
  C:\Windows\System\dLBhcKD.exe
  2⤵
  PID:5676
- C:\Windows\System\EKEaOZe.exe
  C:\Windows\System\EKEaOZe.exe
  2⤵
  PID:5344
- C:\Windows\System\EixEclS.exe
  C:\Windows\System\EixEclS.exe
  2⤵
  PID:5328
- C:\Windows\System\pGYOnOR.exe
  C:\Windows\System\pGYOnOR.exe
  2⤵
  PID:5048
- C:\Windows\System\NYUcSns.exe
  C:\Windows\System\NYUcSns.exe
  2⤵
  PID:3532
- C:\Windows\System\iiXVTuy.exe
  C:\Windows\System\iiXVTuy.exe
  2⤵
  PID:5044
- C:\Windows\System\tNlvlST.exe
  C:\Windows\System\tNlvlST.exe
  2⤵
  PID:2796
- C:\Windows\System\VVAVULW.exe
  C:\Windows\System\VVAVULW.exe
  2⤵
  PID:1552
- C:\Windows\System\DZXAtEB.exe
  C:\Windows\System\DZXAtEB.exe
  2⤵
  PID:2452
- C:\Windows\System\DOmDiLv.exe
  C:\Windows\System\DOmDiLv.exe
  2⤵
  PID:5108
- C:\Windows\System\tCxtRHm.exe
  C:\Windows\System\tCxtRHm.exe
  2⤵
  PID:4456
- C:\Windows\System\CxwiDYl.exe
  C:\Windows\System\CxwiDYl.exe
  2⤵
  PID:5944
- C:\Windows\System\XpoFxUK.exe
  C:\Windows\System\XpoFxUK.exe
  2⤵
  PID:6012
- C:\Windows\System\dHbbhgv.exe
  C:\Windows\System\dHbbhgv.exe
  2⤵
  PID:5996
- C:\Windows\System\haJoXRx.exe
  C:\Windows\System\haJoXRx.exe
  2⤵
  PID:5980
- C:\Windows\System\kosThXZ.exe
  C:\Windows\System\kosThXZ.exe
  2⤵
  PID:5964
- C:\Windows\System\xqEFdtc.exe
  C:\Windows\System\xqEFdtc.exe
  2⤵
  PID:6060
- C:\Windows\System\vhqsKvB.exe
  C:\Windows\System\vhqsKvB.exe
  2⤵
  PID:6092
- C:\Windows\System\lWEvzLU.exe
  C:\Windows\System\lWEvzLU.exe
  2⤵
  PID:6076
- C:\Windows\System\yjwmDIv.exe
  C:\Windows\System\yjwmDIv.exe
  2⤵
  PID:6044
- C:\Windows\System\WInKHxm.exe
  C:\Windows\System\WInKHxm.exe
  2⤵
  PID:6028
- C:\Windows\System\LAEBKYK.exe
  C:\Windows\System\LAEBKYK.exe
  2⤵
  PID:4404
- C:\Windows\System\uoUMChX.exe
  C:\Windows\System\uoUMChX.exe
  2⤵
  PID:2388
- C:\Windows\System\xLRlCMs.exe
  C:\Windows\System\xLRlCMs.exe
  2⤵
  PID:6128
- C:\Windows\System\BwLrkbJ.exe
  C:\Windows\System\BwLrkbJ.exe
  2⤵
  PID:4368
- C:\Windows\System\xaIBLsk.exe
  C:\Windows\System\xaIBLsk.exe
  2⤵
  PID:4304
- C:\Windows\System\eNkVIrM.exe
  C:\Windows\System\eNkVIrM.exe
  2⤵
  PID:4872
- C:\Windows\System\rGPvOOJ.exe
  C:\Windows\System\rGPvOOJ.exe
  2⤵
  PID:676
- C:\Windows\System\EjAGIys.exe
  C:\Windows\System\EjAGIys.exe
  2⤵
  PID:4052
- C:\Windows\System\BlGSAxi.exe
  C:\Windows\System\BlGSAxi.exe
  2⤵
  PID:3108
- C:\Windows\System\BMuvols.exe
  C:\Windows\System\BMuvols.exe
  2⤵
  PID:3972
- C:\Windows\System\ScfoFwJ.exe
  C:\Windows\System\ScfoFwJ.exe
  2⤵
  PID:1416
- C:\Windows\System\dTzODLU.exe
  C:\Windows\System\dTzODLU.exe
  2⤵
  PID:4076
- C:\Windows\System\vrxmIOH.exe
  C:\Windows\System\vrxmIOH.exe
  2⤵
  PID:3908
- C:\Windows\System\debquss.exe
  C:\Windows\System\debquss.exe
  2⤵
  PID:3920
- C:\Windows\System\KvErciu.exe
  C:\Windows\System\KvErciu.exe
  2⤵
  PID:3892
- C:\Windows\System\qZlvkGY.exe
  C:\Windows\System\qZlvkGY.exe
  2⤵
  PID:3984
- C:\Windows\System\eWYnEYJ.exe
  C:\Windows\System\eWYnEYJ.exe
  2⤵
  PID:3800
- C:\Windows\System\vbibOeI.exe
  C:\Windows\System\vbibOeI.exe
  2⤵
  PID:3672
- C:\Windows\System\ZjyJENy.exe
  C:\Windows\System\ZjyJENy.exe
  2⤵
  PID:3476
- C:\Windows\System\FbSvnki.exe
  C:\Windows\System\FbSvnki.exe
  2⤵
  PID:2264
- C:\Windows\System\qNQiPRE.exe
  C:\Windows\System\qNQiPRE.exe
  2⤵
  PID:3232
- C:\Windows\System\aBrdRvP.exe
  C:\Windows\System\aBrdRvP.exe
  2⤵
  PID:3188
- C:\Windows\System\gZzNYjE.exe
  C:\Windows\System\gZzNYjE.exe
  2⤵
  PID:3092
- C:\Windows\System\KLKJTvd.exe
  C:\Windows\System\KLKJTvd.exe
  2⤵
  PID:2300
- C:\Windows\System\DBrnwwg.exe
  C:\Windows\System\DBrnwwg.exe
  2⤵
  PID:4092
- C:\Windows\System\OdkALSE.exe
  C:\Windows\System\OdkALSE.exe
  2⤵
  PID:4080
- C:\Windows\System\yrmHZfI.exe
  C:\Windows\System\yrmHZfI.exe
  2⤵
  PID:4068
- C:\Windows\System\CvldneG.exe
  C:\Windows\System\CvldneG.exe
  2⤵
  PID:4000
- C:\Windows\System\sJQIXoe.exe
  C:\Windows\System\sJQIXoe.exe
  2⤵
  PID:3936
- C:\Windows\System\UYkqQoJ.exe
  C:\Windows\System\UYkqQoJ.exe
  2⤵
  PID:3956
- C:\Windows\System\acuPcVr.exe
  C:\Windows\System\acuPcVr.exe
  2⤵
  PID:3768
- C:\Windows\System\bRVqEaI.exe
  C:\Windows\System\bRVqEaI.exe
  2⤵
  PID:3676
- C:\Windows\System\ZebrEOl.exe
  C:\Windows\System\ZebrEOl.exe
  2⤵
  PID:3828
- C:\Windows\System\fCZXMWw.exe
  C:\Windows\System\fCZXMWw.exe
  2⤵
  PID:3552
- C:\Windows\System\OXefDTq.exe
  C:\Windows\System\OXefDTq.exe
  2⤵
  PID:3564
- C:\Windows\System\UtDzojj.exe
  C:\Windows\System\UtDzojj.exe
  2⤵
  PID:3480
- C:\Windows\System\KYIlykF.exe
  C:\Windows\System\KYIlykF.exe
  2⤵
  PID:3588
- C:\Windows\System\wwHgEsM.exe
  C:\Windows\System\wwHgEsM.exe
  2⤵
  PID:2556
- C:\Windows\System\FUJJvIx.exe
  C:\Windows\System\FUJJvIx.exe
  2⤵
  PID:3272
- C:\Windows\System\OrQJsBm.exe
  C:\Windows\System\OrQJsBm.exe
  2⤵
  PID:3324
- C:\Windows\System\cJJpfmq.exe
  C:\Windows\System\cJJpfmq.exe
  2⤵
  PID:3236
- C:\Windows\System\gGQskzm.exe
  C:\Windows\System\gGQskzm.exe
  2⤵
  PID:3220
- C:\Windows\System\KJEEhxk.exe
  C:\Windows\System\KJEEhxk.exe
  2⤵
  PID:3256
- C:\Windows\System\UoHslWp.exe
  C:\Windows\System\UoHslWp.exe
  2⤵
  PID:3144
- C:\Windows\System\BFHmWfl.exe
  C:\Windows\System\BFHmWfl.exe
  2⤵
  PID:2772
- C:\Windows\System\VfFWpYg.exe
  C:\Windows\System\VfFWpYg.exe
  2⤵
  PID:3192
- C:\Windows\System\tanBNMb.exe
  C:\Windows\System\tanBNMb.exe
  2⤵
  PID:1676
- C:\Windows\System\ejwWbpg.exe
  C:\Windows\System\ejwWbpg.exe
  2⤵
  PID:1288
- C:\Windows\System\foyRmLD.exe
  C:\Windows\System\foyRmLD.exe
  2⤵
  PID:2896
- C:\Windows\System\HcYToQs.exe
  C:\Windows\System\HcYToQs.exe
  2⤵
  PID:2496
- C:\Windows\System\YSEwdxs.exe
  C:\Windows\System\YSEwdxs.exe
  2⤵
  PID:1596
- C:\Windows\System\oWvNNfH.exe
  C:\Windows\System\oWvNNfH.exe
  2⤵
  PID:4084
- C:\Windows\System\xRzgRKp.exe
  C:\Windows\System\xRzgRKp.exe
  2⤵
  PID:4008
- C:\Windows\System\rqXIxBC.exe
  C:\Windows\System\rqXIxBC.exe
  2⤵
  PID:3992
- C:\Windows\System\fDfdRdq.exe
  C:\Windows\System\fDfdRdq.exe
  2⤵
  PID:3976
- C:\Windows\System\zquLTCz.exe
  C:\Windows\System\zquLTCz.exe
  2⤵
  PID:3960
- C:\Windows\System\pwyQxEo.exe
  C:\Windows\System\pwyQxEo.exe
  2⤵
  PID:3912
- C:\Windows\System\TBlGrib.exe
  C:\Windows\System\TBlGrib.exe
  2⤵
  PID:3896
- C:\Windows\System\iDnQrAB.exe
  C:\Windows\System\iDnQrAB.exe
  2⤵
  PID:3880
- C:\Windows\System\WTWbVbR.exe
  C:\Windows\System\WTWbVbR.exe
  2⤵
  PID:3792
- C:\Windows\System\ePZdiHp.exe
  C:\Windows\System\ePZdiHp.exe
  2⤵
  PID:3776
- C:\Windows\System\SHUGejl.exe
  C:\Windows\System\SHUGejl.exe
  2⤵
  PID:3760
- C:\Windows\System\tYaNCfZ.exe
  C:\Windows\System\tYaNCfZ.exe
  2⤵
  PID:3716
- C:\Windows\System\pMGAUXJ.exe
  C:\Windows\System\pMGAUXJ.exe
  2⤵
  PID:3700
- C:\Windows\System\VawqmOI.exe
  C:\Windows\System\VawqmOI.exe
  2⤵
  PID:3680
- C:\Windows\System\jQiBVkU.exe
  C:\Windows\System\jQiBVkU.exe
  2⤵
  PID:3664
- C:\Windows\System\LixnnTD.exe
  C:\Windows\System\LixnnTD.exe
  2⤵
  PID:3644
- C:\Windows\System\HHDjBFd.exe
  C:\Windows\System\HHDjBFd.exe
  2⤵
  PID:3628
- C:\Windows\System\GwNTSJO.exe
  C:\Windows\System\GwNTSJO.exe
  2⤵
  PID:3612
- C:\Windows\System\iryOffU.exe
  C:\Windows\System\iryOffU.exe
  2⤵
  PID:3596
- C:\Windows\System\IjVlSwM.exe
  C:\Windows\System\IjVlSwM.exe
  2⤵
  PID:3580
- C:\Windows\System\dcwbFPK.exe
  C:\Windows\System\dcwbFPK.exe
  2⤵
  PID:3516
- C:\Windows\System\VoDEZgK.exe
  C:\Windows\System\VoDEZgK.exe
  2⤵
  PID:3500
- C:\Windows\System\cJAJhLc.exe
  C:\Windows\System\cJAJhLc.exe
  2⤵
  PID:3484
- C:\Windows\System\hMJgoRJ.exe
  C:\Windows\System\hMJgoRJ.exe
  2⤵
  PID:3468
- C:\Windows\System\EtYRhpG.exe
  C:\Windows\System\EtYRhpG.exe
  2⤵
  PID:3452
- C:\Windows\System\tHGhDDd.exe
  C:\Windows\System\tHGhDDd.exe
  2⤵
  PID:3380
- C:\Windows\System\VjGFksJ.exe
  C:\Windows\System\VjGFksJ.exe
  2⤵
  PID:3364
- C:\Windows\System\fjcindM.exe
  C:\Windows\System\fjcindM.exe
  2⤵
  PID:5180
- C:\Windows\System\vXhBPGy.exe
  C:\Windows\System\vXhBPGy.exe
  2⤵
  PID:4884
- C:\Windows\System\hEfQiBH.exe
  C:\Windows\System\hEfQiBH.exe
  2⤵
  PID:2916
- C:\Windows\System\RvfxTzf.exe
  C:\Windows\System\RvfxTzf.exe
  2⤵
  PID:5212
- C:\Windows\System\caRsaIy.exe
  C:\Windows\System\caRsaIy.exe
  2⤵
  PID:828
- C:\Windows\System\GzDbpfv.exe
  C:\Windows\System\GzDbpfv.exe
  2⤵
  PID:4840
- C:\Windows\System\fjEJWBd.exe
  C:\Windows\System\fjEJWBd.exe
  2⤵
  PID:3292
- C:\Windows\System\AgcpqeQ.exe
  C:\Windows\System\AgcpqeQ.exe
  2⤵
  PID:3276
- C:\Windows\System\AtQWGAT.exe
  C:\Windows\System\AtQWGAT.exe
  2⤵
  PID:3244
- C:\Windows\System\zbZKEyg.exe
  C:\Windows\System\zbZKEyg.exe
  2⤵
  PID:3180
- C:\Windows\System\mTapjRG.exe
  C:\Windows\System\mTapjRG.exe
  2⤵
  PID:3164
- C:\Windows\System\ZwZyirt.exe
  C:\Windows\System\ZwZyirt.exe
  2⤵
  PID:3148
- C:\Windows\System\XQObuSm.exe
  C:\Windows\System\XQObuSm.exe
  2⤵
  PID:3132
- C:\Windows\System\JOIokgY.exe
  C:\Windows\System\JOIokgY.exe
  2⤵
  PID:2228
- C:\Windows\System\gZMKhhf.exe
  C:\Windows\System\gZMKhhf.exe
  2⤵
  PID:396
- C:\Windows\System\bTUUnnX.exe
  C:\Windows\System\bTUUnnX.exe
  2⤵
  PID:2912
- C:\Windows\System\TMxFHVJ.exe
  C:\Windows\System\TMxFHVJ.exe
  2⤵
  PID:1964
- C:\Windows\System\oGaXAet.exe
  C:\Windows\System\oGaXAet.exe
  2⤵
  PID:2428
- C:\Windows\System\OOqWuZm.exe
  C:\Windows\System\OOqWuZm.exe
  2⤵
  PID:1248
- C:\Windows\System\DmncOqL.exe
  C:\Windows\System\DmncOqL.exe
  2⤵
  PID:1460
- C:\Windows\System\KpNFOfb.exe
  C:\Windows\System\KpNFOfb.exe
  2⤵
  PID:884
- C:\Windows\System\LnPKAgg.exe
  C:\Windows\System\LnPKAgg.exe
  2⤵
  PID:2188
- C:\Windows\System\kvKCmwu.exe
  C:\Windows\System\kvKCmwu.exe
  2⤵
  PID:1852
- C:\Windows\System\hovcJFg.exe
  C:\Windows\System\hovcJFg.exe
  2⤵
  PID:1972
- C:\Windows\System\jdnTuBH.exe
  C:\Windows\System\jdnTuBH.exe
  2⤵
  PID:1304
- C:\Windows\System\PqieoXF.exe
  C:\Windows\System\PqieoXF.exe
  2⤵
  PID:820
- C:\Windows\System\ZuwJRnU.exe
  C:\Windows\System\ZuwJRnU.exe
  2⤵
  PID:1756
- C:\Windows\System\IgRkgZY.exe
  C:\Windows\System\IgRkgZY.exe
  2⤵
  PID:2160
- C:\Windows\System\RbNkuUT.exe
  C:\Windows\System\RbNkuUT.exe
  2⤵
  PID:2460
- C:\Windows\System\YiopHoW.exe
  C:\Windows\System\YiopHoW.exe
  2⤵
  PID:1308
- C:\Windows\System\vdbHcYl.exe
  C:\Windows\System\vdbHcYl.exe
  2⤵
  PID:2000
- C:\Windows\System\rWtmDmC.exe
  C:\Windows\System\rWtmDmC.exe
  2⤵
  PID:1724
- C:\Windows\System\WlPinkf.exe
  C:\Windows\System\WlPinkf.exe
  2⤵
  PID:2564
- C:\Windows\System\ZxfTOHB.exe
  C:\Windows\System\ZxfTOHB.exe
  2⤵
  PID:748
- C:\Windows\System\REBFkqX.exe
  C:\Windows\System\REBFkqX.exe
  2⤵
  PID:520
- C:\Windows\System\pgfdVxc.exe
  C:\Windows\System\pgfdVxc.exe
  2⤵
  PID:1836
- C:\Windows\System\nGtniVu.exe
  C:\Windows\System\nGtniVu.exe
  2⤵
  PID:2336
- C:\Windows\System\cmIvsbX.exe
  C:\Windows\System\cmIvsbX.exe
  2⤵
  PID:868
- C:\Windows\System\qKZKbpc.exe
  C:\Windows\System\qKZKbpc.exe
  2⤵
  PID:2828
- C:\Windows\System\CJgmCPM.exe
  C:\Windows\System\CJgmCPM.exe
  2⤵
  PID:2052
- C:\Windows\System\nbKKLZo.exe
  C:\Windows\System\nbKKLZo.exe
  2⤵
  PID:1752
- C:\Windows\System\jRCxAwn.exe
  C:\Windows\System\jRCxAwn.exe
  2⤵
  PID:1900
- C:\Windows\System\hUemRnm.exe
  C:\Windows\System\hUemRnm.exe
  2⤵
  PID:2348
- C:\Windows\System\IWJeGNS.exe
  C:\Windows\System\IWJeGNS.exe
  2⤵
  PID:1768
- C:\Windows\System\irKSnoa.exe
  C:\Windows\System\irKSnoa.exe
  2⤵
  PID:1584
- C:\Windows\System\qUJoett.exe
  C:\Windows\System\qUJoett.exe
  2⤵
  PID:2488
- C:\Windows\System\VtuCAxc.exe
  C:\Windows\System\VtuCAxc.exe
  2⤵
  PID:1776
- C:\Windows\System\YaGiUdM.exe
  C:\Windows\System\YaGiUdM.exe
  2⤵
  PID:612
- C:\Windows\System\zACuBzt.exe
  C:\Windows\System\zACuBzt.exe
  2⤵
  PID:2088
- C:\Windows\System\fDNvrVG.exe
  C:\Windows\System\fDNvrVG.exe
  2⤵
  PID:2240
- C:\Windows\System\bfLbjLg.exe
  C:\Windows\System\bfLbjLg.exe
  2⤵
  PID:872
- C:\Windows\System\yVBVHnc.exe
  C:\Windows\System\yVBVHnc.exe
  2⤵
  PID:2652
- C:\Windows\System\iQyWFbY.exe
  C:\Windows\System\iQyWFbY.exe
  2⤵
  PID:1324
- C:\Windows\System\QCXFKtE.exe
  C:\Windows\System\QCXFKtE.exe
  2⤵
  PID:2696
- C:\Windows\System\AMxPiEF.exe
  C:\Windows\System\AMxPiEF.exe
  2⤵
  PID:1496
- C:\Windows\System\pIwXGgj.exe
  C:\Windows\System\pIwXGgj.exe
  2⤵
  PID:464
- C:\Windows\System\aWhTlSW.exe
  C:\Windows\System\aWhTlSW.exe
  2⤵
  PID:2396
- C:\Windows\System\SGKbSlY.exe
  C:\Windows\System\SGKbSlY.exe
  2⤵
  PID:2588
- C:\Windows\System\LraLkao.exe
  C:\Windows\System\LraLkao.exe
  2⤵
  PID:2448
- C:\Windows\System\GORATsI.exe
  C:\Windows\System\GORATsI.exe
  2⤵
  PID:2516
- C:\Windows\System\INawDMh.exe
  C:\Windows\System\INawDMh.exe
  2⤵
  PID:2936
- C:\Windows\System\iskEUwD.exe
  C:\Windows\System\iskEUwD.exe
  2⤵
  PID:2200
- C:\Windows\System\XvXhrcs.exe
  C:\Windows\System\XvXhrcs.exe
  2⤵
  PID:1704
- C:\Windows\System\CGOzxJB.exe
  C:\Windows\System\CGOzxJB.exe
  2⤵
  PID:1920
- C:\Windows\System\SLkftTL.exe
  C:\Windows\System\SLkftTL.exe
  2⤵
  PID:2140
- C:\Windows\System\UBEjjdz.exe
  C:\Windows\System\UBEjjdz.exe
  2⤵
  PID:5324
- C:\Windows\System\kenZrSM.exe
  C:\Windows\System\kenZrSM.exe
  2⤵
  PID:5224
- C:\Windows\System\SEcSFYs.exe
  C:\Windows\System\SEcSFYs.exe
  2⤵
  PID:5384
- C:\Windows\System\UKoDwNb.exe
  C:\Windows\System\UKoDwNb.exe
  2⤵
  PID:5152
- C:\Windows\System\vmvEfnb.exe
  C:\Windows\System\vmvEfnb.exe
  2⤵
  PID:5244
- C:\Windows\System\GXwAqRs.exe
  C:\Windows\System\GXwAqRs.exe
  2⤵
  PID:1628
- C:\Windows\System\VNCegTy.exe
  C:\Windows\System\VNCegTy.exe
  2⤵
  PID:5432
- C:\Windows\System\EyKwMrt.exe
  C:\Windows\System\EyKwMrt.exe
  2⤵
  PID:2956
- C:\Windows\System\uHpysZu.exe
  C:\Windows\System\uHpysZu.exe
  2⤵
  PID:1532
- C:\Windows\System\bnYCVyL.exe
  C:\Windows\System\bnYCVyL.exe
  2⤵
  PID:2092
- C:\Windows\System\lUNgqrO.exe
  C:\Windows\System\lUNgqrO.exe
  2⤵
  PID:1944
- C:\Windows\System\NZDzyKH.exe
  C:\Windows\System\NZDzyKH.exe
  2⤵
  PID:1800
- C:\Windows\System\qlKhnZQ.exe
  C:\Windows\System\qlKhnZQ.exe
  2⤵
  PID:1956
- C:\Windows\System\FfDLWIH.exe
  C:\Windows\System\FfDLWIH.exe
  2⤵
  PID:1016
- C:\Windows\System\thMSCMI.exe
  C:\Windows\System\thMSCMI.exe
  2⤵
  PID:1328
- C:\Windows\System\uRFONqm.exe
  C:\Windows\System\uRFONqm.exe
  2⤵
  PID:2328
- C:\Windows\System\tXBiZCy.exe
  C:\Windows\System\tXBiZCy.exe
  2⤵
  PID:1040
- C:\Windows\System\aaHUpIE.exe
  C:\Windows\System\aaHUpIE.exe
  2⤵
  PID:1548
- C:\Windows\System\zkrSlAr.exe
  C:\Windows\System\zkrSlAr.exe
  2⤵
  PID:2692
- C:\Windows\System\JYyNeba.exe
  C:\Windows\System\JYyNeba.exe
  2⤵
  PID:1096
- C:\Windows\System\OJsugFG.exe
  C:\Windows\System\OJsugFG.exe
  2⤵
  PID:1680
- C:\Windows\System\bJUKoHy.exe
  C:\Windows\System\bJUKoHy.exe
  2⤵
  PID:2272
- C:\Windows\System\WfqLtTf.exe
  C:\Windows\System\WfqLtTf.exe
  2⤵
  PID:1716
- C:\Windows\System\pdNqPmv.exe
  C:\Windows\System\pdNqPmv.exe
  2⤵
  PID:2948
- C:\Windows\System\oSVfnbC.exe
  C:\Windows\System\oSVfnbC.exe
  2⤵
  PID:1172
- C:\Windows\System\aEJRVrM.exe
  C:\Windows\System\aEJRVrM.exe
  2⤵
  PID:1976
- C:\Windows\System\UwzTsgX.exe
  C:\Windows\System\UwzTsgX.exe
  2⤵
  PID:3028
- C:\Windows\System\SpzrEud.exe
  C:\Windows\System\SpzrEud.exe
  2⤵
  PID:5572
- C:\Windows\System\zFRfwfH.exe
  C:\Windows\System\zFRfwfH.exe
  2⤵
  PID:5340
- C:\Windows\System\TsONKxj.exe
  C:\Windows\System\TsONKxj.exe
  2⤵
  PID:5336
- C:\Windows\System\jgelcHF.exe
  C:\Windows\System\jgelcHF.exe
  2⤵
  PID:2072
- C:\Windows\System\tXkihzP.exe
  C:\Windows\System\tXkihzP.exe
  2⤵
  PID:5260
- C:\Windows\System\mUYAtAE.exe
  C:\Windows\System\mUYAtAE.exe
  2⤵
  PID:1312
- C:\Windows\System\cKqBtmm.exe
  C:\Windows\System\cKqBtmm.exe
  2⤵
  PID:1488
- C:\Windows\System\pRhZtTk.exe
  C:\Windows\System\pRhZtTk.exe
  2⤵
  PID:3048
- C:\Windows\System\DalvoPP.exe
  C:\Windows\System\DalvoPP.exe
  2⤵
  PID:2100
- C:\Windows\System\CpKPCwr.exe
  C:\Windows\System\CpKPCwr.exe
  2⤵
  PID:1616
- C:\Windows\System\LcxKQYF.exe
  C:\Windows\System\LcxKQYF.exe
  2⤵
  PID:5512
- C:\Windows\System\cUjCnIQ.exe
  C:\Windows\System\cUjCnIQ.exe
  2⤵
  PID:5704
- C:\Windows\System\FnqEzhH.exe
  C:\Windows\System\FnqEzhH.exe
  2⤵
  PID:5552
- C:\Windows\System\bkKxXMn.exe
  C:\Windows\System\bkKxXMn.exe
  2⤵
  PID:5808
- C:\Windows\System\WXRIZXk.exe
  C:\Windows\System\WXRIZXk.exe
  2⤵
  PID:5640
- C:\Windows\System\tUWHooq.exe
  C:\Windows\System\tUWHooq.exe
  2⤵
  PID:1512
- C:\Windows\System\xfcDtYT.exe
  C:\Windows\System\xfcDtYT.exe
  2⤵
  PID:1664
- C:\Windows\System\bdvOtXf.exe
  C:\Windows\System\bdvOtXf.exe
  2⤵
  PID:1168
- C:\Windows\System\jBimkaz.exe
  C:\Windows\System\jBimkaz.exe
  2⤵
  PID:1672
- C:\Windows\System\euovPqz.exe
  C:\Windows\System\euovPqz.exe
  2⤵
  PID:2676
- C:\Windows\System\RDhfuCp.exe
  C:\Windows\System\RDhfuCp.exe
  2⤵
  PID:788
- C:\Windows\System\jhlyeDt.exe
  C:\Windows\System\jhlyeDt.exe
  2⤵
  PID:5620
- C:\Windows\System\RiwhkuD.exe
  C:\Windows\System\RiwhkuD.exe
  2⤵
  PID:364
- C:\Windows\System\EbebMKm.exe
  C:\Windows\System\EbebMKm.exe
  2⤵
  PID:5684
- C:\Windows\System\KcKQGXg.exe
  C:\Windows\System\KcKQGXg.exe
  2⤵
  PID:4888
- C:\Windows\System\aALlvXg.exe
  C:\Windows\System\aALlvXg.exe
  2⤵
  PID:5880
- C:\Windows\System\pQZoDKP.exe
  C:\Windows\System\pQZoDKP.exe
  2⤵
  PID:796
- C:\Windows\System\hAPEtfv.exe
  C:\Windows\System\hAPEtfv.exe
  2⤵
  PID:1100
- C:\Windows\System\jTJLuZo.exe
  C:\Windows\System\jTJLuZo.exe
  2⤵
  PID:2884
- C:\Windows\System\fdiEJgV.exe
  C:\Windows\System\fdiEJgV.exe
  2⤵
  PID:1816
- C:\Windows\System\CQWuKYB.exe
  C:\Windows\System\CQWuKYB.exe
  2⤵
  PID:1968
- C:\Windows\System\apIxBcW.exe
  C:\Windows\System\apIxBcW.exe
  2⤵
  PID:1360
- C:\Windows\System\ujMjlrn.exe
  C:\Windows\System\ujMjlrn.exe
  2⤵
  PID:2732
- C:\Windows\System\jGsvmsU.exe
  C:\Windows\System\jGsvmsU.exe
  2⤵
  PID:2656
- C:\Windows\System\oPdnCYr.exe
  C:\Windows\System\oPdnCYr.exe
  2⤵
  PID:5792
- C:\Windows\System\INOAZId.exe
  C:\Windows\System\INOAZId.exe
  2⤵
  PID:5940
- C:\Windows\System\mapgyeI.exe
  C:\Windows\System\mapgyeI.exe
  2⤵
  PID:4628
- C:\Windows\System\XOyYemT.exe
  C:\Windows\System\XOyYemT.exe
  2⤵
  PID:6072
- C:\Windows\System\LtFdbMD.exe
  C:\Windows\System\LtFdbMD.exe
  2⤵
  PID:1576
- C:\Windows\System\eXoXSnc.exe
  C:\Windows\System\eXoXSnc.exe
  2⤵
  PID:6140
- C:\Windows\System\hjgIaWj.exe
  C:\Windows\System\hjgIaWj.exe
  2⤵
  PID:6004
- C:\Windows\System\IVkSdQR.exe
  C:\Windows\System\IVkSdQR.exe
  2⤵
  PID:6052
- C:\Windows\System\DRHiWGS.exe
  C:\Windows\System\DRHiWGS.exe
  2⤵
  PID:5868
- C:\Windows\System\XseGjnB.exe
  C:\Windows\System\XseGjnB.exe
  2⤵
  PID:5992
- C:\Windows\System\YheJEFa.exe
  C:\Windows\System\YheJEFa.exe
  2⤵
  PID:5952
- C:\Windows\System\RcMpgcg.exe
  C:\Windows\System\RcMpgcg.exe
  2⤵
  PID:2004
- C:\Windows\System\RpHjkBQ.exe
  C:\Windows\System\RpHjkBQ.exe
  2⤵
  PID:2952
- C:\Windows\System\UoBgYWV.exe
  C:\Windows\System\UoBgYWV.exe
  2⤵
  PID:1708
- C:\Windows\System\nZYQgDe.exe
  C:\Windows\System\nZYQgDe.exe
  2⤵
  PID:5192
- C:\Windows\System\UURfWCo.exe
  C:\Windows\System\UURfWCo.exe
  2⤵
  PID:6124
- C:\Windows\System\OPrNNGh.exe
  C:\Windows\System\OPrNNGh.exe
  2⤵
  PID:344
- C:\Windows\System\PHtMRPP.exe
  C:\Windows\System\PHtMRPP.exe
  2⤵
  PID:5404
- C:\Windows\System\tMRbkzN.exe
  C:\Windows\System\tMRbkzN.exe
  2⤵
  PID:5656
- C:\Windows\System\QbGByIU.exe
  C:\Windows\System\QbGByIU.exe
  2⤵
  PID:5776
- C:\Windows\System\LOVTPoK.exe
  C:\Windows\System\LOVTPoK.exe
  2⤵
  PID:5272
- C:\Windows\System\zJMwybo.exe
  C:\Windows\System\zJMwybo.exe
  2⤵
  PID:5420
- C:\Windows\System\VApnAUX.exe
  C:\Windows\System\VApnAUX.exe
  2⤵
  PID:5652
- C:\Windows\System\zGvBYDG.exe
  C:\Windows\System\zGvBYDG.exe
  2⤵
  PID:5900
- C:\Windows\System\dsGSmuq.exe
  C:\Windows\System\dsGSmuq.exe
  2⤵
  PID:5700
- C:\Windows\System\fQOguJo.exe
  C:\Windows\System\fQOguJo.exe
  2⤵
  PID:5608
- C:\Windows\System\cMCcMiM.exe
  C:\Windows\System\cMCcMiM.exe
  2⤵
  PID:2044
- C:\Windows\System\rvzflgi.exe
  C:\Windows\System\rvzflgi.exe
  2⤵
  PID:2068
- C:\Windows\System\ZgMwZAo.exe
  C:\Windows\System\ZgMwZAo.exe
  2⤵
  PID:5764
- C:\Windows\System\NwGHqPF.exe
  C:\Windows\System\NwGHqPF.exe
  2⤵
  PID:5716
- C:\Windows\System\jlPBkyg.exe
  C:\Windows\System\jlPBkyg.exe
  2⤵
  PID:5176
- C:\Windows\System\oJeZYxw.exe
  C:\Windows\System\oJeZYxw.exe
  2⤵
  PID:5588
- C:\Windows\System\eAkofbF.exe
  C:\Windows\System\eAkofbF.exe
  2⤵
  PID:6136
- C:\Windows\System\JMcoMlU.exe
  C:\Windows\System\JMcoMlU.exe
  2⤵
  PID:2872
- C:\Windows\System\TgwMmuf.exe
  C:\Windows\System\TgwMmuf.exe
  2⤵
  PID:2412
- C:\Windows\System\LAdNlRT.exe
  C:\Windows\System\LAdNlRT.exe
  2⤵
  PID:2944
- C:\Windows\System\JKtLeop.exe
  C:\Windows\System\JKtLeop.exe
  2⤵
  PID:2568
- C:\Windows\System\gvoELWE.exe
  C:\Windows\System\gvoELWE.exe
  2⤵
  PID:2560
- C:\Windows\System\RhevlwI.exe
  C:\Windows\System\RhevlwI.exe
  2⤵
  PID:5972
- C:\Windows\System\GpbFJUP.exe
  C:\Windows\System\GpbFJUP.exe
  2⤵
  PID:5400
- C:\Windows\System\ptssKQw.exe
  C:\Windows\System\ptssKQw.exe
  2⤵
  PID:6116
- C:\Windows\System\elgcAnA.exe
  C:\Windows\System\elgcAnA.exe
  2⤵
  PID:5156
- C:\Windows\System\qoArlVK.exe
  C:\Windows\System\qoArlVK.exe
  2⤵
  PID:5388
- C:\Windows\System\Lxneoxl.exe
  C:\Windows\System\Lxneoxl.exe
  2⤵
  PID:6084
- C:\Windows\System\RCxLBoL.exe
  C:\Windows\System\RCxLBoL.exe
  2⤵
  PID:2792
- C:\Windows\System\IGowIdd.exe
  C:\Windows\System\IGowIdd.exe
  2⤵
  PID:6176
- C:\Windows\System\qjpqYyk.exe
  C:\Windows\System\qjpqYyk.exe
  2⤵
  PID:6160
- C:\Windows\System\qpdEnhO.exe
  C:\Windows\System\qpdEnhO.exe
  2⤵
  PID:6108
- C:\Windows\System\DMxVSzR.exe
  C:\Windows\System\DMxVSzR.exe
  2⤵
  PID:992
- C:\Windows\System\LBMCnGX.exe
  C:\Windows\System\LBMCnGX.exe
  2⤵
  PID:5468
- C:\Windows\System\qrcbFEJ.exe
  C:\Windows\System\qrcbFEJ.exe
  2⤵
  PID:6088
- C:\Windows\System\mXKkuZn.exe
  C:\Windows\System\mXKkuZn.exe
  2⤵
  PID:5256
- C:\Windows\System\lhzILEh.exe
  C:\Windows\System\lhzILEh.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\yLrChmW.exe
  C:\Windows\System\yLrChmW.exe
  2⤵
  PID:6200
- C:\Windows\System\Fcgvhzo.exe
  C:\Windows\System\Fcgvhzo.exe
  2⤵
  PID:6264
- C:\Windows\System\jprLnmW.exe
  C:\Windows\System\jprLnmW.exe
  2⤵
  PID:6248
- C:\Windows\System\nhKezIJ.exe
  C:\Windows\System\nhKezIJ.exe
  2⤵
  PID:6232
- C:\Windows\System\JpPFFCT.exe
  C:\Windows\System\JpPFFCT.exe
  2⤵
  PID:6216
- C:\Windows\System\ZGfhFkI.exe
  C:\Windows\System\ZGfhFkI.exe
  2⤵
  PID:6292
- C:\Windows\System\CYMHcVF.exe
  C:\Windows\System\CYMHcVF.exe
  2⤵
  PID:6324
- C:\Windows\System\UYxgCDI.exe
  C:\Windows\System\UYxgCDI.exe
  2⤵
  PID:6340
- C:\Windows\System\SOsovGm.exe
  C:\Windows\System\SOsovGm.exe
  2⤵
  PID:6356
- C:\Windows\System\LIbVlgS.exe
  C:\Windows\System\LIbVlgS.exe
  2⤵
  PID:6408
- C:\Windows\System\CwVDmTy.exe
  C:\Windows\System\CwVDmTy.exe
  2⤵
  PID:6392
- C:\Windows\System\yOprkMc.exe
  C:\Windows\System\yOprkMc.exe
  2⤵
  PID:6456
- C:\Windows\System\GDXBgfy.exe
  C:\Windows\System\GDXBgfy.exe
  2⤵
  PID:6568
- C:\Windows\System\WAzjerp.exe
  C:\Windows\System\WAzjerp.exe
  2⤵
  PID:6552
- C:\Windows\System\HDAqgWu.exe
  C:\Windows\System\HDAqgWu.exe
  2⤵
  PID:6536
- C:\Windows\System\fRokHOT.exe
  C:\Windows\System\fRokHOT.exe
  2⤵
  PID:6520
- C:\Windows\System\qmzheNa.exe
  C:\Windows\System\qmzheNa.exe
  2⤵
  PID:6504
- C:\Windows\System\hQdYBAX.exe
  C:\Windows\System\hQdYBAX.exe
  2⤵
  PID:6488
- C:\Windows\System\CrmFIoI.exe
  C:\Windows\System\CrmFIoI.exe
  2⤵
  PID:6472
- C:\Windows\System\MtetIYQ.exe
  C:\Windows\System\MtetIYQ.exe
  2⤵
  PID:6440
- C:\Windows\System\SLdCXvu.exe
  C:\Windows\System\SLdCXvu.exe
  2⤵
  PID:6424
- C:\Windows\System\QgtjeUL.exe
  C:\Windows\System\QgtjeUL.exe
  2⤵
  PID:6620
- C:\Windows\System\LGrBxHi.exe
  C:\Windows\System\LGrBxHi.exe
  2⤵
  PID:6604
- C:\Windows\System\ezEORAU.exe
  C:\Windows\System\ezEORAU.exe
  2⤵
  PID:6588
- C:\Windows\System\dDQhHAJ.exe
  C:\Windows\System\dDQhHAJ.exe
  2⤵
  PID:6376
- C:\Windows\System\srPZEmi.exe
  C:\Windows\System\srPZEmi.exe
  2⤵
  PID:6708
- C:\Windows\System\ZTbbTXY.exe
  C:\Windows\System\ZTbbTXY.exe
  2⤵
  PID:6692
- C:\Windows\System\RiwDHCA.exe
  C:\Windows\System\RiwDHCA.exe
  2⤵
  PID:6676
- C:\Windows\System\UonXWYk.exe
  C:\Windows\System\UonXWYk.exe
  2⤵
  PID:6660
- C:\Windows\System\SMAVvmT.exe
  C:\Windows\System\SMAVvmT.exe
  2⤵
  PID:6644
- C:\Windows\System\aVNAWub.exe
  C:\Windows\System\aVNAWub.exe
  2⤵
  PID:6736
- C:\Windows\System\muBZyXH.exe
  C:\Windows\System\muBZyXH.exe
  2⤵
  PID:6804
- C:\Windows\System\hFeQsoG.exe
  C:\Windows\System\hFeQsoG.exe
  2⤵
  PID:6868
- C:\Windows\System\EnAROcl.exe
  C:\Windows\System\EnAROcl.exe
  2⤵
  PID:6852
- C:\Windows\System\PCHXMcU.exe
  C:\Windows\System\PCHXMcU.exe
  2⤵
  PID:6836
- C:\Windows\System\OevQLUt.exe
  C:\Windows\System\OevQLUt.exe
  2⤵
  PID:6820
- C:\Windows\System\zcMkbAW.exe
  C:\Windows\System\zcMkbAW.exe
  2⤵
  PID:6788
- C:\Windows\System\ltNSLrV.exe
  C:\Windows\System\ltNSLrV.exe
  2⤵
  PID:6772
- C:\Windows\System\dXSmmlW.exe
  C:\Windows\System\dXSmmlW.exe
  2⤵
  PID:6756
- C:\Windows\System\BIGCkJa.exe
  C:\Windows\System\BIGCkJa.exe
  2⤵
  PID:6960
- C:\Windows\System\XivwbBW.exe
  C:\Windows\System\XivwbBW.exe
  2⤵
  PID:7024
- C:\Windows\System\ApdKRWl.exe
  C:\Windows\System\ApdKRWl.exe
  2⤵
  PID:7072
- C:\Windows\System\xckBaMe.exe
  C:\Windows\System\xckBaMe.exe
  2⤵
  PID:7056
- C:\Windows\System\KnFKRhP.exe
  C:\Windows\System\KnFKRhP.exe
  2⤵
  PID:7040
- C:\Windows\System\FrxPdyP.exe
  C:\Windows\System\FrxPdyP.exe
  2⤵
  PID:7008
- C:\Windows\System\HEIwKZc.exe
  C:\Windows\System\HEIwKZc.exe
  2⤵
  PID:6992
- C:\Windows\System\dCJUNTC.exe
  C:\Windows\System\dCJUNTC.exe
  2⤵
  PID:6976
- C:\Windows\System\XXhDcXO.exe
  C:\Windows\System\XXhDcXO.exe
  2⤵
  PID:6944
- C:\Windows\System\ftPlEjt.exe
  C:\Windows\System\ftPlEjt.exe
  2⤵
  PID:6928
- C:\Windows\System\FXVLBSy.exe
  C:\Windows\System\FXVLBSy.exe
  2⤵
  PID:6912
- C:\Windows\System\QzWMZuQ.exe
  C:\Windows\System\QzWMZuQ.exe
  2⤵
  PID:6896
- C:\Windows\System\ZCttfjb.exe
  C:\Windows\System\ZCttfjb.exe
  2⤵
  PID:7160
- C:\Windows\System\mayEbpT.exe
  C:\Windows\System\mayEbpT.exe
  2⤵
  PID:7144
- C:\Windows\System\stPPdco.exe
  C:\Windows\System\stPPdco.exe
  2⤵
  PID:7128
- C:\Windows\System\tYdILaa.exe
  C:\Windows\System\tYdILaa.exe
  2⤵
  PID:7112
- C:\Windows\System\uaNRJkH.exe
  C:\Windows\System\uaNRJkH.exe
  2⤵
  PID:7096
- C:\Windows\System\wiZAHAl.exe
  C:\Windows\System\wiZAHAl.exe
  2⤵
  PID:5928
- C:\Windows\System\URFvmOk.exe
  C:\Windows\System\URFvmOk.exe
  2⤵
  PID:6244
- C:\Windows\System\oKrInQS.exe
  C:\Windows\System\oKrInQS.exe
  2⤵
  PID:6208
- C:\Windows\System\iYTmqBZ.exe
  C:\Windows\System\iYTmqBZ.exe
  2⤵
  PID:2152
- C:\Windows\System\YFhzZcg.exe
  C:\Windows\System\YFhzZcg.exe
  2⤵
  PID:5752
- C:\Windows\System\dCdvKrZ.exe
  C:\Windows\System\dCdvKrZ.exe
  2⤵
  PID:6224
- C:\Windows\System\RLwBAtU.exe
  C:\Windows\System\RLwBAtU.exe
  2⤵
  PID:6532
- C:\Windows\System\TNFKYcV.exe
  C:\Windows\System\TNFKYcV.exe
  2⤵
  PID:6416
- C:\Windows\System\RQSNBBu.exe
  C:\Windows\System\RQSNBBu.exe
  2⤵
  PID:2008
- C:\Windows\System\nVCjGyk.exe
  C:\Windows\System\nVCjGyk.exe
  2⤵
  PID:6544
- C:\Windows\System\jPoxIQq.exe
  C:\Windows\System\jPoxIQq.exe
  2⤵
  PID:6480
- C:\Windows\System\uvubsXU.exe
  C:\Windows\System\uvubsXU.exe
  2⤵
  PID:6352
- C:\Windows\System\ecbHugu.exe
  C:\Windows\System\ecbHugu.exe
  2⤵
  PID:6668
- C:\Windows\System\YAQTvIh.exe
  C:\Windows\System\YAQTvIh.exe
  2⤵
  PID:6320
- C:\Windows\System\vXWkNOf.exe
  C:\Windows\System\vXWkNOf.exe
  2⤵
  PID:6596
- C:\Windows\System\CckfoeR.exe
  C:\Windows\System\CckfoeR.exe
  2⤵
  PID:6468
- C:\Windows\System\VCCDQXI.exe
  C:\Windows\System\VCCDQXI.exe
  2⤵
  PID:6432
- C:\Windows\System\foUuetF.exe
  C:\Windows\System\foUuetF.exe
  2⤵
  PID:6920
- C:\Windows\System\rLKNGjs.exe
  C:\Windows\System\rLKNGjs.exe
  2⤵
  PID:6848
- C:\Windows\System\CBmtgkp.exe
  C:\Windows\System\CBmtgkp.exe
  2⤵
  PID:6616
- C:\Windows\System\jGZGdCm.exe
  C:\Windows\System\jGZGdCm.exe
  2⤵
  PID:6780
- C:\Windows\System\uqfcISJ.exe
  C:\Windows\System\uqfcISJ.exe
  2⤵
  PID:6364
- C:\Windows\System\GtMsjeh.exe
  C:\Windows\System\GtMsjeh.exe
  2⤵
  PID:6332
- C:\Windows\System\wgKZOQl.exe
  C:\Windows\System\wgKZOQl.exe
  2⤵
  PID:5516
- C:\Windows\System\xDcdlqT.exe
  C:\Windows\System\xDcdlqT.exe
  2⤵
  PID:3744
- C:\Windows\System\FyeuDKB.exe
  C:\Windows\System\FyeuDKB.exe
  2⤵
  PID:6288
- C:\Windows\System\dQmQtVa.exe
  C:\Windows\System\dQmQtVa.exe
  2⤵
  PID:5124
- C:\Windows\System\bWkuNVM.exe
  C:\Windows\System\bWkuNVM.exe
  2⤵
  PID:6688
- C:\Windows\System\IGuIkWV.exe
  C:\Windows\System\IGuIkWV.exe
  2⤵
  PID:7064
- C:\Windows\System\TjGuxzH.exe
  C:\Windows\System\TjGuxzH.exe
  2⤵
  PID:6188
- C:\Windows\System\XZhcFNF.exe
  C:\Windows\System\XZhcFNF.exe
  2⤵
  PID:6104
- C:\Windows\System\HTBDarf.exe
  C:\Windows\System\HTBDarf.exe
  2⤵
  PID:6464
- C:\Windows\System\coPVBjG.exe
  C:\Windows\System\coPVBjG.exe
  2⤵
  PID:7036
- C:\Windows\System\BZMchpg.exe
  C:\Windows\System\BZMchpg.exe
  2⤵
  PID:6972
- C:\Windows\System\lHDpvTh.exe
  C:\Windows\System\lHDpvTh.exe
  2⤵
  PID:6904
- C:\Windows\System\YXwiNnS.exe
  C:\Windows\System\YXwiNnS.exe
  2⤵
  PID:1368
- C:\Windows\System\WGpfZYe.exe
  C:\Windows\System\WGpfZYe.exe
  2⤵
  PID:6832
- C:\Windows\System\sMWLZoj.exe
  C:\Windows\System\sMWLZoj.exe
  2⤵
  PID:6764
- C:\Windows\System\VxnDrla.exe
  C:\Windows\System\VxnDrla.exe
  2⤵
  PID:7152
- C:\Windows\System\Kuaazao.exe
  C:\Windows\System\Kuaazao.exe
  2⤵
  PID:6888
- C:\Windows\System\awsoycl.exe
  C:\Windows\System\awsoycl.exe
  2⤵
  PID:7052
- C:\Windows\System\tcTeuBY.exe
  C:\Windows\System\tcTeuBY.exe
  2⤵
  PID:7016
- C:\Windows\System\UyfsXTG.exe
  C:\Windows\System\UyfsXTG.exe
  2⤵
  PID:2788
- C:\Windows\System\EGtxunB.exe
  C:\Windows\System\EGtxunB.exe
  2⤵
  PID:6516
- C:\Windows\System\CirdHwR.exe
  C:\Windows\System\CirdHwR.exe
  2⤵
  PID:6388
- C:\Windows\System\HdzWqck.exe
  C:\Windows\System\HdzWqck.exe
  2⤵
  PID:6632
- C:\Windows\System\lpmcVqN.exe
  C:\Windows\System\lpmcVqN.exe
  2⤵
  PID:6172
- C:\Windows\System\jCcwfnM.exe
  C:\Windows\System\jCcwfnM.exe
  2⤵
  PID:6936
- C:\Windows\System\nOwzHsz.exe
  C:\Windows\System\nOwzHsz.exe
  2⤵
  PID:4952
- C:\Windows\System\BoKxpoK.exe
  C:\Windows\System\BoKxpoK.exe
  2⤵
  PID:7124
- C:\Windows\System\uJZgYxN.exe
  C:\Windows\System\uJZgYxN.exe
  2⤵
  PID:6656
- C:\Windows\System\wqtyXrd.exe
  C:\Windows\System\wqtyXrd.exe
  2⤵
  PID:6312
- C:\Windows\System\fIUwGTM.exe
  C:\Windows\System\fIUwGTM.exe
  2⤵
  PID:6584
- C:\Windows\System\xydiWho.exe
  C:\Windows\System\xydiWho.exe
  2⤵
  PID:7136
- C:\Windows\System\PgvBWsa.exe
  C:\Windows\System\PgvBWsa.exe
  2⤵
  PID:6576
- C:\Windows\System\lRFHqEM.exe
  C:\Windows\System\lRFHqEM.exe
  2⤵
  PID:6496
- C:\Windows\System\xWDMoyF.exe
  C:\Windows\System\xWDMoyF.exe
  2⤵
  PID:6184
- C:\Windows\System\mWckTZA.exe
  C:\Windows\System\mWckTZA.exe
  2⤵
  PID:6864
- C:\Windows\System\pZOWDnW.exe
  C:\Windows\System\pZOWDnW.exe
  2⤵
  PID:5912
- C:\Windows\System\FBtzgRW.exe
  C:\Windows\System\FBtzgRW.exe
  2⤵
  PID:7108
- C:\Windows\System\TeEMqrf.exe
  C:\Windows\System\TeEMqrf.exe
  2⤵
  PID:7032
- C:\Windows\System\PraHwWV.exe
  C:\Windows\System\PraHwWV.exe
  2⤵
  PID:7048
- C:\Windows\System\mZpkRxG.exe
  C:\Windows\System\mZpkRxG.exe
  2⤵
  PID:952
- C:\Windows\System\dJqXwMq.exe
  C:\Windows\System\dJqXwMq.exe
  2⤵
  PID:6024
- C:\Windows\System\xcPCOXy.exe
  C:\Windows\System\xcPCOXy.exe
  2⤵
  PID:6956
- C:\Windows\System\onzGLJb.exe
  C:\Windows\System\onzGLJb.exe
  2⤵
  PID:6068
- C:\Windows\System\UwsOsDF.exe
  C:\Windows\System\UwsOsDF.exe
  2⤵
  PID:6704
- C:\Windows\System\zdfBGXv.exe
  C:\Windows\System\zdfBGXv.exe
  2⤵
  PID:5368
- C:\Windows\System\OHigCrT.exe
  C:\Windows\System\OHigCrT.exe
  2⤵
  PID:5140
- C:\Windows\System\PpzCdfx.exe
  C:\Windows\System\PpzCdfx.exe
  2⤵
  PID:6800
- C:\Windows\System\iaRSsJe.exe
  C:\Windows\System\iaRSsJe.exe
  2⤵
  PID:7180
- C:\Windows\System\vAPcMVR.exe
  C:\Windows\System\vAPcMVR.exe
  2⤵
  PID:7244
- C:\Windows\System\ApLUoZe.exe
  C:\Windows\System\ApLUoZe.exe
  2⤵
  PID:7292
- C:\Windows\System\GiMDAFv.exe
  C:\Windows\System\GiMDAFv.exe
  2⤵
  PID:7276
- C:\Windows\System\CPxDOma.exe
  C:\Windows\System\CPxDOma.exe
  2⤵
  PID:7260
- C:\Windows\System\ogvojti.exe
  C:\Windows\System\ogvojti.exe
  2⤵
  PID:7228
- C:\Windows\System\smukRbM.exe
  C:\Windows\System\smukRbM.exe
  2⤵
  PID:7212
- C:\Windows\System\Wfqxbcf.exe
  C:\Windows\System\Wfqxbcf.exe
  2⤵
  PID:7196
- C:\Windows\System\ofTllRP.exe
  C:\Windows\System\ofTllRP.exe
  2⤵
  PID:6720
- C:\Windows\System\SAefDXe.exe
  C:\Windows\System\SAefDXe.exe
  2⤵
  PID:6112
- C:\Windows\System\CIklErA.exe
  C:\Windows\System\CIklErA.exe
  2⤵
  PID:7368
- C:\Windows\System\yRhgkqJ.exe
  C:\Windows\System\yRhgkqJ.exe
  2⤵
  PID:7384
- C:\Windows\System\aHApFGA.exe
  C:\Windows\System\aHApFGA.exe
  2⤵
  PID:7352
- C:\Windows\System\BYNulwz.exe
  C:\Windows\System\BYNulwz.exe
  2⤵
  PID:7336
- C:\Windows\System\djFMtqJ.exe
  C:\Windows\System\djFMtqJ.exe
  2⤵
  PID:7320
- C:\Windows\System\pIGSqsw.exe
  C:\Windows\System\pIGSqsw.exe
  2⤵
  PID:7440
- C:\Windows\System\mPHhwjn.exe
  C:\Windows\System\mPHhwjn.exe
  2⤵
  PID:7472
- C:\Windows\System\HScfSXl.exe
  C:\Windows\System\HScfSXl.exe
  2⤵
  PID:7456
- C:\Windows\System\iwZyRcE.exe
  C:\Windows\System\iwZyRcE.exe
  2⤵
  PID:7424
- C:\Windows\System\qRUYyoD.exe
  C:\Windows\System\qRUYyoD.exe
  2⤵
  PID:7408
- C:\Windows\System\znjHPam.exe
  C:\Windows\System\znjHPam.exe
  2⤵
  PID:7500
- C:\Windows\System\gAluJJh.exe
  C:\Windows\System\gAluJJh.exe
  2⤵
  PID:7568
- C:\Windows\System\GturvTY.exe
  C:\Windows\System\GturvTY.exe
  2⤵
  PID:7632
- C:\Windows\System\HetEXgZ.exe
  C:\Windows\System\HetEXgZ.exe
  2⤵
  PID:7616
- C:\Windows\System\sBEtdOh.exe
  C:\Windows\System\sBEtdOh.exe
  2⤵
  PID:7600
- C:\Windows\System\QQpelcg.exe
  C:\Windows\System\QQpelcg.exe
  2⤵
  PID:7584
- C:\Windows\System\lDBCvRJ.exe
  C:\Windows\System\lDBCvRJ.exe
  2⤵
  PID:7548
- C:\Windows\System\HMgdBaV.exe
  C:\Windows\System\HMgdBaV.exe
  2⤵
  PID:7532
- C:\Windows\System\rjasZao.exe
  C:\Windows\System\rjasZao.exe
  2⤵
  PID:7516
- C:\Windows\System\aJibVgj.exe
  C:\Windows\System\aJibVgj.exe
  2⤵
  PID:7660
- C:\Windows\System\xNmrhLm.exe
  C:\Windows\System\xNmrhLm.exe
  2⤵
  PID:7756
- C:\Windows\System\hBApfSw.exe
  C:\Windows\System\hBApfSw.exe
  2⤵
  PID:7740
- C:\Windows\System\uHXDTSs.exe
  C:\Windows\System\uHXDTSs.exe
  2⤵
  PID:7724
- C:\Windows\System\PxEtcQO.exe
  C:\Windows\System\PxEtcQO.exe
  2⤵
  PID:7708
- C:\Windows\System\irfibvA.exe
  C:\Windows\System\irfibvA.exe
  2⤵
  PID:7692
- C:\Windows\System\GaeXCoL.exe
  C:\Windows\System\GaeXCoL.exe
  2⤵
  PID:7676
- C:\Windows\System\bUCZLBw.exe
  C:\Windows\System\bUCZLBw.exe
  2⤵
  PID:7788
- C:\Windows\System\WpBUDyR.exe
  C:\Windows\System\WpBUDyR.exe
  2⤵
  PID:7852
- C:\Windows\System\xNmptdi.exe
  C:\Windows\System\xNmptdi.exe
  2⤵
  PID:7836
- C:\Windows\System\rtVQnTq.exe
  C:\Windows\System\rtVQnTq.exe
  2⤵
  PID:7820
- C:\Windows\System\efjDVej.exe
  C:\Windows\System\efjDVej.exe
  2⤵
  PID:7804
- C:\Windows\System\ryxmMZj.exe
  C:\Windows\System\ryxmMZj.exe
  2⤵
  PID:7932
- C:\Windows\System\ReXGxwD.exe
  C:\Windows\System\ReXGxwD.exe
  2⤵
  PID:7916
- C:\Windows\System\gpvZpZY.exe
  C:\Windows\System\gpvZpZY.exe
  2⤵
  PID:7900
- C:\Windows\System\OPzEvqy.exe
  C:\Windows\System\OPzEvqy.exe
  2⤵
  PID:7884
- C:\Windows\System\XjcuSPq.exe
  C:\Windows\System\XjcuSPq.exe
  2⤵
  PID:7992
- C:\Windows\System\YSFNxzT.exe
  C:\Windows\System\YSFNxzT.exe
  2⤵
  PID:8040
- C:\Windows\System\KgHKubq.exe
  C:\Windows\System\KgHKubq.exe
  2⤵
  PID:8024
- C:\Windows\System\dNyeawl.exe
  C:\Windows\System\dNyeawl.exe
  2⤵
  PID:8008
- C:\Windows\System\EtkBxiq.exe
  C:\Windows\System\EtkBxiq.exe
  2⤵
  PID:7976
- C:\Windows\System\LNvxggo.exe
  C:\Windows\System\LNvxggo.exe
  2⤵
  PID:8076
- C:\Windows\System\kWgWVqC.exe
  C:\Windows\System\kWgWVqC.exe
  2⤵
  PID:8124
- C:\Windows\System\HzrWoER.exe
  C:\Windows\System\HzrWoER.exe
  2⤵
  PID:8108
- C:\Windows\System\oDoLCuC.exe
  C:\Windows\System\oDoLCuC.exe
  2⤵
  PID:8092
- C:\Windows\System\YSEXgwf.exe
  C:\Windows\System\YSEXgwf.exe
  2⤵
  PID:8060
- C:\Windows\System\CGqUKTE.exe
  C:\Windows\System\CGqUKTE.exe
  2⤵
  PID:8164
- C:\Windows\System\jwJbppt.exe
  C:\Windows\System\jwJbppt.exe
  2⤵
  PID:6152
- C:\Windows\System\gvdTyVq.exe
  C:\Windows\System\gvdTyVq.exe
  2⤵
  PID:8180
- C:\Windows\System\CGajSNj.exe
  C:\Windows\System\CGajSNj.exe
  2⤵
  PID:8148
- C:\Windows\System\iNZPmxn.exe
  C:\Windows\System\iNZPmxn.exe
  2⤵
  PID:6892
- C:\Windows\System\FmUKmgL.exe
  C:\Windows\System\FmUKmgL.exe
  2⤵
  PID:6752
- C:\Windows\System\GoJOxTp.exe
  C:\Windows\System\GoJOxTp.exe
  2⤵
  PID:7508
- C:\Windows\System\vUvxbvX.exe
  C:\Windows\System\vUvxbvX.exe
  2⤵
  PID:7344
- C:\Windows\System\urIekHS.exe
  C:\Windows\System\urIekHS.exe
  2⤵
  PID:7580
- C:\Windows\System\JSdfMTp.exe
  C:\Windows\System\JSdfMTp.exe
  2⤵
  PID:7272
- C:\Windows\System\rfbexul.exe
  C:\Windows\System\rfbexul.exe
  2⤵
  PID:7348
- C:\Windows\System\nRVZbCK.exe
  C:\Windows\System\nRVZbCK.exe
  2⤵
  PID:7208
- C:\Windows\System\sBgsGiZ.exe
  C:\Windows\System\sBgsGiZ.exe
  2⤵
  PID:7400
- C:\Windows\System\zFjLxpm.exe
  C:\Windows\System\zFjLxpm.exe
  2⤵
  PID:6372
- C:\Windows\System\rMDLxkA.exe
  C:\Windows\System\rMDLxkA.exe
  2⤵
  PID:7332
- C:\Windows\System\EFaqnxT.exe
  C:\Windows\System\EFaqnxT.exe
  2⤵
  PID:6984
- C:\Windows\System\RGXxqsL.exe
  C:\Windows\System\RGXxqsL.exe
  2⤵
  PID:7288
- C:\Windows\System\UTVZjzr.exe
  C:\Windows\System\UTVZjzr.exe
  2⤵
  PID:7716
- C:\Windows\System\afmJzKF.exe
  C:\Windows\System\afmJzKF.exe
  2⤵
  PID:7496
- C:\Windows\System\sPNHDIA.exe
  C:\Windows\System\sPNHDIA.exe
  2⤵
  PID:6304
- C:\Windows\System\QUHEFgq.exe
  C:\Windows\System\QUHEFgq.exe
  2⤵
  PID:2480
- C:\Windows\System\bjBvslO.exe
  C:\Windows\System\bjBvslO.exe
  2⤵
  PID:7624
- C:\Windows\System\NvIfTpY.exe
  C:\Windows\System\NvIfTpY.exe
  2⤵
  PID:7560
- C:\Windows\System\lwGNWFz.exe
  C:\Windows\System\lwGNWFz.exe
  2⤵
  PID:7484
- C:\Windows\System\inygRuB.exe
  C:\Windows\System\inygRuB.exe
  2⤵
  PID:7452
- C:\Windows\System\TaZQKme.exe
  C:\Windows\System\TaZQKme.exe
  2⤵
  PID:7404
- C:\Windows\System\NIyXCcb.exe
  C:\Windows\System\NIyXCcb.exe
  2⤵
  PID:7700
- C:\Windows\System\DXMFtvZ.exe
  C:\Windows\System\DXMFtvZ.exe
  2⤵
  PID:8036
- C:\Windows\System\GkbUcJh.exe
  C:\Windows\System\GkbUcJh.exe
  2⤵
  PID:8100
- C:\Windows\System\uyiSsRu.exe
  C:\Windows\System\uyiSsRu.exe
  2⤵
  PID:7848
- C:\Windows\System\ZmmZOYY.exe
  C:\Windows\System\ZmmZOYY.exe
  2⤵
  PID:7872
- C:\Windows\System\mjQpfAL.exe
  C:\Windows\System\mjQpfAL.exe
  2⤵
  PID:7944
- C:\Windows\System\PcyAhFf.exe
  C:\Windows\System\PcyAhFf.exe
  2⤵
  PID:6316
- C:\Windows\System\rkSxHLe.exe
  C:\Windows\System\rkSxHLe.exe
  2⤵
  PID:8020
- C:\Windows\System\mTSiDUH.exe
  C:\Windows\System\mTSiDUH.exe
  2⤵
  PID:8088
- C:\Windows\System\BVApRjm.exe
  C:\Windows\System\BVApRjm.exe
  2⤵
  PID:6724
- C:\Windows\System\oirCnXj.exe
  C:\Windows\System\oirCnXj.exe
  2⤵
  PID:6732
- C:\Windows\System\ogvGncu.exe
  C:\Windows\System\ogvGncu.exe
  2⤵
  PID:7240
- C:\Windows\System\RdHVxLC.exe
  C:\Windows\System\RdHVxLC.exe
  2⤵
  PID:2356
- C:\Windows\System\iDLaoVl.exe
  C:\Windows\System\iDLaoVl.exe
  2⤵
  PID:7364
- C:\Windows\System\xOJxaIl.exe
  C:\Windows\System\xOJxaIl.exe
  2⤵
  PID:7256
- C:\Windows\System\LpwOmlS.exe
  C:\Windows\System\LpwOmlS.exe
  2⤵
  PID:8144
- C:\Windows\System\XDoqhsB.exe
  C:\Windows\System\XDoqhsB.exe
  2⤵
  PID:7528
- C:\Windows\System\SVRyNgD.exe
  C:\Windows\System\SVRyNgD.exe
  2⤵
  PID:6884
- C:\Windows\System\VuTdNuE.exe
  C:\Windows\System\VuTdNuE.exe
  2⤵
  PID:7684
- C:\Windows\System\DvEnfhs.exe
  C:\Windows\System\DvEnfhs.exe
  2⤵
  PID:2196
- C:\Windows\System\SElUxgI.exe
  C:\Windows\System\SElUxgI.exe
  2⤵
  PID:7436
- C:\Windows\System\RmUrMYA.exe
  C:\Windows\System\RmUrMYA.exe
  2⤵
  PID:7576
- C:\Windows\System\aBqBssn.exe
  C:\Windows\System\aBqBssn.exe
  2⤵
  PID:8188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DalvoPP.exe

Filesize
6.0MB

MD5
f01598cba7cd4ced25d0ce7eddb40c06

SHA1
dff6df91c098fc3e4ccce2016f4d90318de335c4

SHA256
c946e1855ad5b6be21d4b5dcc7e3782bb3e1092d69cd0de6b7d59150dc0dc42d

SHA512
4e19853c18da81eab4f83eedb0ec63d463cf41ddfedb9030b9c7bdab230e0a9b4624ece2545f96f1b311b2dde3dd191cee98ce5132a01a9aa7f580dd7f11ce1a

Download Submit
C:\Windows\system\JKtLeop.exe

Filesize
6.0MB

MD5
43f70eb279827bed73981c439f0280c8

SHA1
e6eefc500e2c6f4fe68edaca49783be3fd651569

SHA256
443e653bde933e2d6e1fa0dc5a64e92ac5279b34f4c1faddd2b37b849e61633e

SHA512
008b2aa298ca98664586b4f754eae26eaa8836de92273f4b8b225ff3e170b70c50c83aed49f6931a37686b232bd2cd33ffe90fb2bb017ae1159f2b90b23956c7

Download Submit
C:\Windows\system\JMcoMlU.exe

Filesize
6.0MB

MD5
238ed1cbc86d35ef56f3b53d45a16ec2

SHA1
a3a12cbb56a0e5a67dabeb1a5044f9f97ab1c1a6

SHA256
01ae77c51ac0a1a694b507fd5dd51624093a016e558281feb2765b656f2c1d40

SHA512
c2ebde3c123bff97a657a040a40ff5f9e8566520127f1a746da51d7005cca35af5379595fd3b32452f1957e1dd82419b17a856a5823857d4240afbe830e6f764

Download Submit
C:\Windows\system\LAdNlRT.exe

Filesize
6.0MB

MD5
23b06a69401d28c55bb9a5e26f466c9c

SHA1
d4e3dc7c4daa72379dce554424259cacba7aaa75

SHA256
8a0ec95db80a0cb97a60dc41b5cafa24e418da1fea619da9fb15feaa81390245

SHA512
ff4141bf2656fa8ebedaa269b7aa561dd7f6e206bbaa65d2f4c07d99a67b076ecc18360a5203dcc5a2f89555db2af73e93615f44cbc9f745aa6da2a5b401d468

Download Submit
C:\Windows\system\RiwhkuD.exe

Filesize
6.0MB

MD5
f48d9b70b51422ae3a38790c718f3dbd

SHA1
5df626a106d0f51c31e9dbba0fb364f248f72500

SHA256
cebb8ee9cdf16e56cb0f4f870e5ceb33b243e43650cff7c87db318e943ca0c44

SHA512
3a8ff836b068db0653e4d3da8b558a0e17649227fedefb045635933bb577a0d1f80807f455347b6b055116a6884726aef50b61e5ae48d1a9d0cf1569a58813a3

Download Submit
C:\Windows\system\TSCRjhT.exe

Filesize
6.0MB

MD5
39f2a201971504cd7707ef31bc3a76fc

SHA1
635dfd4d61f3734c048f4b7f176c54a6c68f046b

SHA256
8b18baad2c3101eb62b7ae88b1ccdd68d004a6c3abe18ef8e3d068b27fb17dc7

SHA512
a7596eee3acad22d61c71bdf414a76574ef74fad2a2601d49c18262b06df976d373180e3f0048e4363aed0cf50333ec334ffd4560662fc16cca8910dcc1935bc

Download Submit
C:\Windows\system\TgwMmuf.exe

Filesize
6.0MB

MD5
b870324e6eaf918611e33b03f29f3d42

SHA1
ed3cffeaf135b358f1160a8fd5389ebe42ab64f5

SHA256
8379123685cf82c201a9188527b0910c70da625ce6b8fa9fb97c458894e39f20

SHA512
a3c2fd86aabddf4bc206fb04bb0af92e6917488cab50af8dc2e680ff8f517aa80b7511120e107c7ca7b1861e404b5c0f088bd54acf20211f422bbd9268711d0d

Download Submit
C:\Windows\system\YrvnQVd.exe

Filesize
22KB

MD5
22644a9bceba0c5ed21f56ecab0301e5

SHA1
57d916c0f96e5bbde3b432069903d3647a99f08f

SHA256
d27c2490315a5f8cdc060a49b9ed62580cf66274821f47cf9ebf25ae25b9be31

SHA512
4ed91bd36a7dc0d8cd21a8a9114910e859396b1cbd37ab72c0ca391931a239e55da9910556a81c521a53f4e09f58c3d59ccb03416e71e64c888251c6952a9b30

Download Submit
C:\Windows\system\YrvnQVd.exe

Filesize
6.0MB

MD5
28a3192ad34ff95ba4ef68e284563101

SHA1
0802ba716244c43191c3ac55ffa33968a393befd

SHA256
a8f68cbe9e6adebf4642f87db99543740301c3412727e8758fa9f19a87f9d2b1

SHA512
d196b86e6083cc22bd875d1cc97b038a2eb4e4bf22e83cae9c9420757c767bb1590637c77cf15c296b0df9bfb38d295fe5111b25a3b9bf4245a07495311351e0

Download Submit
C:\Windows\system\acEVcws.exe

Filesize
6.0MB

MD5
2567af117598cdc58f18a29e4c807a7c

SHA1
dfb0cedbfac9dada6e72e8648b4ec65dd872018c

SHA256
99feb744f60a6feb43ed78c15524e931ede159b7432b156cb44244e057e8922b

SHA512
ad16f491a06b16f5a9987dd19378f67477cdd50aed9a58a7658b3017b2a51e82bec64db11f5938781ed213cb5bd117bbd4fe1aeaf99a06dcd73a01764f522754

Download Submit
C:\Windows\system\apIxBcW.exe

Filesize
6.0MB

MD5
e61d1a82cbfe40261e9684fb27aa5cc1

SHA1
d86fa8921f0029be1cdec5e1e8d112b1446b69d3

SHA256
945993110a8af46d23cd625d1d10c318b393cbeb46b12ecfb9f9e0fef72277f7

SHA512
aef7119acb6023b1f83e0e6d69e398ee2b72aeddf593f26cb7764630279d085cc3b626057a853676d53d8f52ea4f67350262fa3b8c979309e06d9f64fed46776

Download Submit
C:\Windows\system\bdvOtXf.exe

Filesize
6.0MB

MD5
41e86b82039cd8c001fcea1d52fe7684

SHA1
6395735869ae52559857aa99012416b63d6c461a

SHA256
60b3a85192176dca034c323f9e0c66da32a3dc4d159e2ae50e2a88eb6fa2d8aa

SHA512
497dbc3b3fdefcf7ba8df1fb7cf49958d93555c5297b89a0425fac2fd77a1eb812f1c746e7a1c564876912f9304a117d95e8a46bf7ff8aaeda43d0b69bcdff30

Download Submit
C:\Windows\system\cMCcMiM.exe

Filesize
6.0MB

MD5
ec75c82d3998ffb08f4bc2416ece7c0a

SHA1
5857bf4b838e1d319a9f2cd40123adad466a9d6e

SHA256
4afc44002f3a840ecebce75605a3fdc5398c74c5642703459aa7eaf00890011b

SHA512
345dede824e58a008008c904a76083b69a9c4d149a5373c92b1bb85c174f76655f0d955e16a094dae8d831bf24f56a6ad8061044614cfedef1bfe8ad7e495716

Download Submit
C:\Windows\system\dbciXgw.exe

Filesize
6.0MB

MD5
2acfa8e4e7c63b16b211ac45ff615932

SHA1
60c65d87ee265dfc187bf59f1babba8a85f19be9

SHA256
a726b7dc57fb138eb59d1738e52b17f410eca72189db999a2dd1f799a2c95118

SHA512
39033fe7899bacef9b51e62b9860e407b0b4c35696f2a94308bc5d7a4f2d25164c9a08f989a3af063e74a0d14e368537141285fd4741d6269004a5588608e83d

Download Submit
C:\Windows\system\dzKSfBr.exe

Filesize
6.0MB

MD5
845238197c860862dcb73d2f7556ffac

SHA1
8c15512355790934b5fd9e9a73d1113b8d61833b

SHA256
f3f69815354bfd9639fda28656ac4d0dc92949d792147cc2363f14cfc07730d9

SHA512
d00551a3d63991626b36856313ffad84adf63a235ad2404e45a08ebd5207f928b4f6aae992ba00aee6e2c20183ab4524ee0ca082dda992b6e8032f7e6b1dd2a6

Download Submit
C:\Windows\system\euovPqz.exe

Filesize
6.0MB

MD5
1af756c0586feb40de7f68abdbf02350

SHA1
198da302098a2ece4b0790cdb1f8b1bf363c2c3b

SHA256
2a5b7b8d5e4a61f3472fc08631da2b18362fa37fb308c0ba6dc61043413582d0

SHA512
e3e62069e5eaf992a00a9cf4cdf335653d0c0a9f0045937a85b3543469ec05b41d18ca3c70a25ae1d1dd0f585e1e23a7925f17404cb1e4df93fa299cbc98107f

Download Submit
C:\Windows\system\fdiEJgV.exe

Filesize
6.0MB

MD5
ea9569afa871d076bdfb27b96ddf375b

SHA1
0168855f1e99bdee466687cc09839ac79f44f63f

SHA256
2d941409d8dd6e4a6f8824fb4b41feda542ab3dd14184119272f98303adbba79

SHA512
6dd6630b839ddf0dfbcadda9cdb4cbbcebc34d337b3dbd0d86f283548ae13babf754bc3b5e7008415984a27c40bbb70977006a41e794454e58445034797ad0d8

Download Submit
C:\Windows\system\gvoELWE.exe

Filesize
6.0MB

MD5
1ee07df9d6fe923ce977a5e71c4d924f

SHA1
68081d0caccab99bda4f71bf2b4c7a2a89a8938c

SHA256
b483d3358f400afb7effb1b94a51f3065631f79f46dd0ec008b597b1d68a0f51

SHA512
cec3be40868cb187eec8c27340271d50295d4e71595d32ac08cd2a1d5f49b64f753f2dba0f7d2beb5fd5a67451dd7220e2b664a8f1fcfcde8391035122c5cbd8

Download Submit
C:\Windows\system\hAPEtfv.exe

Filesize
6.0MB

MD5
0d2fee128679bc04cd3685bd658bccbe

SHA1
73cd1040587dc32860caedffeee9baf92ea83682

SHA256
b36aba1336f39282ac0a53feeee1c61317f32c7d7a9cb6b3c34c8db31991489a

SHA512
2ca67982f11bb5f386a78285d8f237f1658761a9b854cb2f66929343396648976117f261b18ec4236d969f1a37960b85a5b7ef10669eeb7983f7d428d2edd5e0

Download Submit
C:\Windows\system\hwXBwng.exe

Filesize
26KB

MD5
4d520cbec70a703bbdfcf85499da0a9d

SHA1
d7966e56b8fd742f363b01f9043543c23dddd82e

SHA256
6286bc5b6b656f8c50408e209f39cd0482cab6b6e4b46823a1bac299c261d9ef

SHA512
6fb77f0270a7d75d02e022e5a62d9176a8eed7f31db0263eb32be189e17302a67aa0c94c5a16b208922c5357093bd2dbc60b2496a919025bbd18f0e02aaadfc2

Download Submit
C:\Windows\system\jGsvmsU.exe

Filesize
6.0MB

MD5
bff7d5afb9ee28e10ed63a30ff1069b0

SHA1
b4885f4a19e4a9736cb641ec45b5285a9aabe05e

SHA256
52bdbe36b3bd67769c413a1a210d139c0f1d38112f4be2aea1de40deb2500d94

SHA512
73068fbd80b5a2aa6d8ec67d9192d9807662ae614f83cf18bd6d023decc13d27def03b7f1fd3a29be1a93260f315f2605b8324674e1a4d51c93ec2c9d4c78a16

Download Submit
C:\Windows\system\lhzILEh.exe

Filesize
178KB

MD5
930ccb70c257f1eadac55de1e97b3db5

SHA1
e7dbe4bf6615ed78a736121d1522ccb491befaf5

SHA256
c57c1bdb7b579a410dfaca7fbf0dda61bcfd648883794c876bba89ad3ed3fac1

SHA512
ca71b2b98451c8cfa3d3c7128424120153606e5532150a4a92ca9ca9248cfa00a5a117687f0c208697744bb434e2a7f8dae3f6d62e5f908ef4bea31bb35e3e4f

Download Submit
C:\Windows\system\mZBAKcx.exe

Filesize
45KB

MD5
b5e44428efc19421c2f440c14f01e136

SHA1
88e47e3739a9e8613bf387ae150471f1f1c57899

SHA256
ae59b764fd6a83a16c4953194d34712faec40f653af6429115e1f7b2ce24686f

SHA512
c0dd14b5d5452693fbe71a286d8c0e0ad7d975adf97947044227158387af1062f03e0ea40e175c59b0a3ca1dcb33905688154affc2a946f4a1d0ef1888fd84e8

Download Submit
C:\Windows\system\rvzflgi.exe

Filesize
6.0MB

MD5
10fba501ee9ecc5564d83323e93edd3b

SHA1
bb61142ceaf6571ea41832a1b3c150f56511f09f

SHA256
cb63b6cedfaad5954cfce675bc8e3f56bad1f2560f7ba2017a2faf430fa3bed2

SHA512
09dddf4fb6778454da52f7da519cde2d07e68779075a075fa81b8857e3a87d3c6503277c54cb24468af8d36815af2ce71c6c9062a84aef5a7e585af51002810b

Download Submit
C:\Windows\system\tUWHooq.exe

Filesize
6.0MB

MD5
57621fe2c33c51441fed5f0307a6227e

SHA1
ec822f74b5cf91922cfbe06c0cebcc9a60e28e53

SHA256
780c88b66713da86c7c144fbb245bc36b1181c7f174abf813a6b125adfd39a32

SHA512
2a8e48eac84ff658fb4759e8e737a5d786e92b40d125c08821aab0335dc1b956abc9a7a6f5ec58b1a14867dad7e5366cb655bd91fc8c3ce93134d3b617169283

Download Submit
\Windows\system\BndHhsq.exe

Filesize
364KB

MD5
a40c726845e88f5927d40c668410a834

SHA1
a4aad3601bf8a99d3a4309488239f39d20b89ee9

SHA256
7766f6eca6b304becb9c03cce585404cee2c80f4ab6ffcf0502a7ab76cc20711

SHA512
d8ba9e33422797cd044d6eef9f79c483f610807b4deb64dcfdef357118112cb93af3a2c7a5928d37a0afe653cafa09fbc618a6d0feb941df83ec1db49718ded7

Download Submit
\Windows\system\CQWuKYB.exe

Filesize
6.0MB

MD5
0a9eabe8a344974352b2f5c502291542

SHA1
6a29af817d404d586d88aa0a0b4ba548bafa5312

SHA256
39efd0adb7931727819c868c45b5cc56a1273c9eed9591c97f4b238ca2c5acff

SHA512
f5fc53099dc8c2c3927bdf34f2f92e83d16563f246b499726992c8809bba9e3bf7f801b1dc3ec13b2402063f826512a41274657fd0086098c7f8d9d9636ae4a5

Download Submit
\Windows\system\CpKPCwr.exe

Filesize
6.0MB

MD5
b9c68f61c4ed54dacd45192e7e3ffbcb

SHA1
d9def106ca6c43964ad0f853376f182e71384c2d

SHA256
1231e003269b73549ca45226fc56049b9b50f0e9a9a7408a74cc9410eb4a6fa2

SHA512
23821357ac9b9948244c7ef7aa03c4a0eb65a6635058af1127d84d72e8591e35eca42b58302d0e2f9a7e132d77b36ec4908c8cc40c97b7344ee465c01f87697b

Download Submit
\Windows\system\OPrNNGh.exe

Filesize
6.0MB

MD5
343050531df20974e7f5f401f4a2e811

SHA1
8631dbe862951dcf264c1497046d1c7dc535c250

SHA256
05c9cae69ee458639e3748129df4c2be00ad0cd9b2d026f6d965e563e616543d

SHA512
db0a09fe98e65319f5c01b44757871eb85c52be3cbd9ac990d8a90d031ff1c40da349677d2bdb28587667f1db6925c4d5f0d33100a647cc635028fa22eda100f

Download Submit
\Windows\system\RDhfuCp.exe

Filesize
6.0MB

MD5
ba5abe723283f03064046638cfe789c5

SHA1
e89192d95ae4709a648a7305b08f7d10640855ed

SHA256
3b68661ae4045ece7f2de5e5f8070e73ae729606903a628c538f915db4bb55aa

SHA512
bf7b1b2589840e49fcd232c7d11ba01f3a5b1b3aac970e4b8ce556c23023e0ec4936c5c392e0d4150d9777ab6751c2e2269fa823e51cc852b514c8d34e6db109

Download Submit
\Windows\system\YrvnQVd.exe

Filesize
7KB

MD5
9446b1140dd87077a000ed66e9caed2a

SHA1
b4972ade89911cf98fc3dd160699199a751aa65e

SHA256
e5ae46e7744bf3d28f13be318ed7406a9ccf2ad9064cc69425b4be5e57b50a4e

SHA512
144a1f0fcfd2f7481a1262437e2914ebcf0638bd3f98a795b54a95f2f463e1cca0c4ede86d6bf6ab818390dcc61fc53360fc2268dd95358f1e262a173c5aaaf0

Download Submit
\Windows\system\cKqBtmm.exe

Filesize
6.0MB

MD5
a89c0bce42170b2e8085c3a616e2ca06

SHA1
7689ba62eaffe70844de9c4958ca57d807f241c7

SHA256
354345ea4c4024b1224bb357c8c94fee3bc9547f64f61ced45eb0e11eca910cd

SHA512
59d378a25c0f968de52a1203c688c07c7a98c2de65154a332900764ffd280d7d31c9af4daf702c5c3ba8778e1fb06c12a87c423bf7f8a9355a3e39c181362597

Download Submit
\Windows\system\cMCcMiM.exe

Filesize
128KB

MD5
dd0ecd199130d9dd1def2502a6a007fc

SHA1
b7daa5dc3db3ec058881dc5b8513a41da7d57ae9

SHA256
9a23c03fb6a1cde99a17b43bc4faa863f2b3b998aacf1ceb3f91acc415729348

SHA512
a54e320d335da4e88ac62961a091ae6c2b388c266ee055eaf4b6d6825cbee87a3b7f60813e55ed1d0043a6ef36e214596d80191a493398392dcf83ba64ed07aa

Download Submit
\Windows\system\hwXBwng.exe

Filesize
6.0MB

MD5
5ed2278fa477daf07c90cd3ce37d601f

SHA1
f4d29d91a2f854c7ef4a2947068e8453db933406

SHA256
21534c631f2c3d80eb10f824d9d8c71d54b218f8d424f862671d5a87a22e6068

SHA512
9c57e103ec4698e42af8bd6a64457437218e4c1d2d8c0300739b6cac41645f7f17472ba54b28ac91d0d157d710990adbe197105f9fefbc60a66d27a634cfd72b

Download Submit
\Windows\system\jBimkaz.exe

Filesize
6.0MB

MD5
0467a854b0031618b8320a6c03c1aff2

SHA1
087d01ece21f3bbfa023ae04675196cfaf85154a

SHA256
90750bba98bc177c9e7728debdaab3d61486c1ada0cbd5e1f54e5cee32b0e699

SHA512
25f567420531474213c3cafd7eb38afacf031343726bcabd79b37c7d09c1b01e25f43f05a3b0e6702fa45db340a2b047ea4eb4ada970bb7095ce6de8e57d5b62

Download Submit
\Windows\system\jTJLuZo.exe

Filesize
6.0MB

MD5
da2eaf5beee85aa04ce9f0afe1a40408

SHA1
56cca35e25a117b884d864afca3e24b519637107

SHA256
1f28ee06b0a76b2856609476adce853f7448a9e31bdea2cab485427756668beb

SHA512
99e13671e81cb781e5c247ea3d56885aea34aa4e02f587a6ee0cd38048292cfd6bda863f88ccb202322bd820622f48fcc7358b0efd6f896624cfb8e6df725c9a

Download Submit
\Windows\system\lLPISgj.exe

Filesize
64KB

MD5
216067b20d4abe80edbbd2f8b489167a

SHA1
332db759ba2e9b24c286e56dae20da2cb6996306

SHA256
cb5cb976dd20bfbea80a9cca38e6df6f21a4632db086eb9904c2492df1a4eeff

SHA512
dbb7a85d6c456c0eb5c68786f74898e8b8a6fb14550b19fc3e24db5f54a251e63274ec08bfbd864c2f093073813928e4aaf8e5ec06895a9902f5bd07533ecadc

Download Submit
\Windows\system\lhzILEh.exe

Filesize
6.0MB

MD5
8853ccea42e7f0a34a520dd9e96b8637

SHA1
431c9bd91cdcbece88313906d877a9e8b6e762d7

SHA256
60c8e87297da67e1997db8125204c1d43976a0857014c45d6c06c8b698c6982f

SHA512
5a7200a9a942774d66eb8456ca7eccf07c0a69a361df7649773e10054916c134dee6cf85694b79f35827bd6a8e6ab8e60fc836c3e36bc7b28d7335a7d7d2cd3a

Download Submit
\Windows\system\mUYAtAE.exe

Filesize
6.0MB

MD5
7c6328ccbdb0fc22403c3b6ca69c9bf5

SHA1
bf476a9cffb371c69127b572cf0440b42a68239a

SHA256
bf6a0156c7cae4ef4db852a49c6f004f3ec21bfc28a1423f1a8c1a15b58161fe

SHA512
f5df1194373b0917e3f6141309f009feaf4733794382f387e5e2fbd2cd4fff2a0e1b55f1b5bb55c3b419647bddb651531d0ecd47bf58e4285c660e42d3fdcdc9

Download Submit
\Windows\system\mZBAKcx.exe

Filesize
6.0MB

MD5
f308d96c5a7a217acae143c8253c9c16

SHA1
78fe8cbf7998d9c2e6208a64b99a1ca9440df957

SHA256
2787be4b5e0902dbaf1d3cae0f0ab68360f0b324e1b2524eb5c2b98626068831

SHA512
aa2836852041bb9033d0c24ade405daa8b50cf9251c51a66cd454566c71da4dfc24fbf678d04dbf8f6b42a25c932354cf61e975731feb97b24a921fa9fca5dd5

Download Submit
\Windows\system\pQZoDKP.exe

Filesize
6.0MB

MD5
ff62426b5e89fa1510b269d7cfe0f4b3

SHA1
f7f234b9c0d75d02945cd6e5b9bf35a443deb73c

SHA256
28088465d3fbd3f53562d3a27d1f27cddcca4120ae856973d8baa9161c9b2146

SHA512
0fef29c368597a087d52a73109c72310e618c74cda89316206c23a55633ebe750f40e67c708f01fc309f8cb9f095ddd397035e2ba4c4bf9857f292e917de8700

Download Submit
\Windows\system\pRhZtTk.exe

Filesize
6.0MB

MD5
76b7710474ad1c5e566f933bc87bc906

SHA1
4833693b0499df28871e7e9a243d90c0607c1fc5

SHA256
cfb7fca71589cf7cf84e515ed0240029e2f3d665f647db2beccb8cabc3c48689

SHA512
0f7db83fa841db03f8b911451ba83030710999a770acde290793026f6ac5e14cbd46a998a5785a50d2e6c878c6eefe58e9fcacac9051842eff5fa914b0b76584

Download Submit
\Windows\system\ujMjlrn.exe

Filesize
6.0MB

MD5
ad0cd4e2e1ea435e38dfc17f78d9542b

SHA1
490778ea17542a6722f22d406776bde8cd72efd6

SHA256
42d383c8ab197939a92872873b83e5b6de3ad1c2de365d6e0d293cd56fc320b1

SHA512
89eaaa7c4fa6cb5acab220750d1072f220ef3ee58b7811763d9c16f0b0794d2f7afcea2e7c17149fbe9e25072f254e29f8d654253c18dd858647448b0c06d774

Download Submit
\Windows\system\xfcDtYT.exe

Filesize
6.0MB

MD5
1149bc68be4e44582a3adf48248fe44b

SHA1
188a93a96ede7979a9b43975a6c2d63eda5995e0

SHA256
068eee7a884feaa0bbb5188b0d67e208edc782e84237e3d118eb4f1e9cd9c7da

SHA512
65c9b454e657135f4aa263c28082bacc0e1a47aec06586a408c80a78d33ff1fe6d33348544d96a84acc4aee38c7750a43042bed6314744dc4dcef307fa7f6fd4

Download Submit
memory/344-493-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/364-587-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/580-355-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1100-528-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1360-402-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-1799-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-39-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-512-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2044-367-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1094-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2056-19-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1664-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2064-85-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2068-353-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-269-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-369-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-470-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-309-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-602-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-625-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2208-441-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2208-11-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-312-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-89-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-608-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2208-563-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-552-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-427-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-0-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2208-26-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2208-173-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2208-371-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-461-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-398-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2208-389-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-326-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-44-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2208-313-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2308-416-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1456-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2412-314-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2464-352-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1822-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-25-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1377-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2560-161-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2568-311-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-27-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2656-370-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2676-862-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1598-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-163-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download