cobaltstrike | 9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46

Analysis

max time kernel
59s
max time network
25s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
Size

6.0MB
MD5

bddf2262c8d8d7ba446f20d4c54d0eb3
SHA1

b14bf221989cfe095acf0f0c7acfed30adc27156
SHA256

9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46
SHA512

4e82cd198965e566ba96dc8401d61150cf1165134214b764deaa541ea45e908969f5a2a2efb84db2971e294e05890839e55c0d1e4e122d5c1b94d262a2eae841
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012101-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bac-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bbf-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018cde-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018ce8-34.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018b78-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018cf2-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018d02-54.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191b3-76.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018d1e-65.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001919b-72.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191bb-93.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191d2-99.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191c8-96.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191ed-115.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-134.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191f7-144.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019329-156.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019393-172.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193d5-189.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019461-200.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001942a-195.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193b6-184.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193a5-179.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001934f-164.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019319-163.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019380-169.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192e3-153.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-150.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191da-130.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019206-129.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019308-143.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1348-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012101-3.dat	xmrig
behavioral1/files/0x0008000000018bac-8.dat	xmrig
behavioral1/memory/1748-12-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2276-15-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018bbf-10.dat	xmrig
behavioral1/files/0x0006000000018cde-26.dat	xmrig
behavioral1/memory/2720-30-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1668-22-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018ce8-34.dat	xmrig
behavioral1/memory/2868-37-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0014000000018b78-38.dat	xmrig
behavioral1/memory/1348-39-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2940-46-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1748-42-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2880-53-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018cf2-50.dat	xmrig
behavioral1/files/0x0007000000018d02-54.dat	xmrig
behavioral1/memory/1668-59-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2612-60-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2608-74-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00040000000191b3-76.dat	xmrig
behavioral1/memory/2852-66-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018d1e-65.dat	xmrig
behavioral1/files/0x000400000001919b-72.dat	xmrig
behavioral1/memory/1348-78-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2880-79-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00040000000191bb-93.dat	xmrig
behavioral1/files/0x00040000000191d2-99.dat	xmrig
behavioral1/files/0x00040000000191c8-96.dat	xmrig
behavioral1/files/0x00040000000191ed-115.dat	xmrig
behavioral1/files/0x00040000000192d3-134.dat	xmrig
behavioral1/files/0x00040000000191f7-144.dat	xmrig
behavioral1/files/0x0004000000019329-156.dat	xmrig
behavioral1/memory/1352-112-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0004000000019393-172.dat	xmrig
behavioral1/files/0x00040000000193d5-189.dat	xmrig
behavioral1/memory/2608-197-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0004000000019461-200.dat	xmrig
behavioral1/memory/740-408-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1348-441-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000400000001942a-195.dat	xmrig
behavioral1/files/0x00040000000193b6-184.dat	xmrig
behavioral1/files/0x00040000000193a5-179.dat	xmrig
behavioral1/files/0x000400000001934f-164.dat	xmrig
behavioral1/files/0x0004000000019319-163.dat	xmrig
behavioral1/files/0x0004000000019380-169.dat	xmrig
behavioral1/files/0x00040000000192e3-153.dat	xmrig
behavioral1/files/0x00040000000192ad-150.dat	xmrig
behavioral1/files/0x00040000000191da-130.dat	xmrig
behavioral1/files/0x0004000000019206-129.dat	xmrig
behavioral1/files/0x0004000000019308-143.dat	xmrig
behavioral1/memory/2852-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/740-104-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2572-101-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1800-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2612-87-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1748-1368-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2276-1367-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2720-1394-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1668-1398-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2868-1425-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2940-1465-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2612-1509-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1748	SEDZsra.exe
2276	AtntAmb.exe
1668	TjACJGA.exe
2720	uwTOnSd.exe
2868	BdMWCTr.exe
2940	ropHstg.exe
2880	gtICjfA.exe
2612	AGNKHEU.exe
2852	zKsCegP.exe
2608	HlHHCGV.exe
1800	moJoDJG.exe
2572	ILMbMtn.exe
740	VFvhriu.exe
1352	kExBNtl.exe
848	bfRccws.exe
1924	VrqUQwD.exe
1984	ZWfRkIq.exe
1216	IOSIqwa.exe
2776	VcDQjSq.exe
1532	TnBjKoW.exe
3044	gdGCubB.exe
1388	WQNPqwi.exe
908	fZJOfyt.exe
976	NzpSbwO.exe
1764	Avmvqvm.exe
436	lJOmgnK.exe
2428	ooYrCnh.exe
2220	ryFTxJF.exe
2260	qrJNHlR.exe
2268	pTGgqJb.exe
2788	jXMyyrW.exe
920	IQrrGTb.exe
2496	xPvNEkj.exe
1316	dnUkzNy.exe
924	PoYcuMt.exe
1696	fYCEwQc.exe
2996	NGiVmTK.exe
1508	TguLsUM.exe
768	eGBHKTH.exe
1732	tDyJGPg.exe
584	fotsUXJ.exe
1652	yNZtShU.exe
316	LDYjgoG.exe
2052	vvduWdh.exe
2524	LguMruQ.exe
2324	wOATPjt.exe
1872	vgGOcgd.exe
2564	nEvZEtY.exe
1572	nQvafyd.exe
1628	buWiVHC.exe
952	BLNVmKZ.exe
2924	TZaaVwt.exe
1612	secdFDj.exe
2208	zCAzkWp.exe
1524	WSNuuOr.exe
660	daJwLsW.exe
2812	GFQyddI.exe
2704	uYLuyUP.exe
2588	vKzQNoD.exe
1372	DdvLhpz.exe
2684	pyaQkkL.exe
2624	gYkEVDI.exe
2636	pmMSKko.exe
2864	WlVrUaB.exe

Loads dropped DLL 64 IoCs

pid	Process
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1348-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0008000000012101-3.dat	upx
behavioral1/files/0x0008000000018bac-8.dat	upx
behavioral1/memory/1748-12-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2276-15-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000018bbf-10.dat	upx
behavioral1/files/0x0006000000018cde-26.dat	upx
behavioral1/memory/2720-30-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1668-22-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0006000000018ce8-34.dat	upx
behavioral1/memory/2868-37-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0014000000018b78-38.dat	upx
behavioral1/memory/1348-39-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2940-46-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1748-42-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2880-53-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000018cf2-50.dat	upx
behavioral1/files/0x0007000000018d02-54.dat	upx
behavioral1/memory/1668-59-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2612-60-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2608-74-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00040000000191b3-76.dat	upx
behavioral1/memory/2852-66-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000018d1e-65.dat	upx
behavioral1/files/0x000400000001919b-72.dat	upx
behavioral1/memory/2880-79-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00040000000191bb-93.dat	upx
behavioral1/files/0x00040000000191d2-99.dat	upx
behavioral1/files/0x00040000000191c8-96.dat	upx
behavioral1/files/0x00040000000191ed-115.dat	upx
behavioral1/files/0x00040000000192d3-134.dat	upx
behavioral1/files/0x00040000000191f7-144.dat	upx
behavioral1/files/0x0004000000019329-156.dat	upx
behavioral1/memory/1352-112-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0004000000019393-172.dat	upx
behavioral1/files/0x00040000000193d5-189.dat	upx
behavioral1/memory/2608-197-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0004000000019461-200.dat	upx
behavioral1/memory/740-408-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000400000001942a-195.dat	upx
behavioral1/files/0x00040000000193b6-184.dat	upx
behavioral1/files/0x00040000000193a5-179.dat	upx
behavioral1/files/0x000400000001934f-164.dat	upx
behavioral1/files/0x0004000000019319-163.dat	upx
behavioral1/files/0x0004000000019380-169.dat	upx
behavioral1/files/0x00040000000192e3-153.dat	upx
behavioral1/files/0x00040000000192ad-150.dat	upx
behavioral1/files/0x00040000000191da-130.dat	upx
behavioral1/files/0x0004000000019206-129.dat	upx
behavioral1/files/0x0004000000019308-143.dat	upx
behavioral1/memory/2852-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/740-104-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2572-101-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1800-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2612-87-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1748-1368-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2276-1367-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2720-1394-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1668-1398-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2868-1425-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2940-1465-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2612-1509-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2852-1527-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2608-1759-0x000000013F940000-0x000000013FC94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ryFTxJF.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\BCqLpnQ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\BESFZtM.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\vXzjdOd.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\lAIfMRQ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\Pyyggdp.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\wcsgbYT.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\kHxonfp.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\mBiUrfR.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\inxVYTa.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\JpKvDjU.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\UOqdGVQ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\mkFPbrU.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\zAdSyGf.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\ccVUmjQ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\XwNEGWK.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\hlperWV.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\fThulXT.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\XHrEjht.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\LhrLdyY.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\WtbOCph.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\DpyUVfh.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\kyZrXze.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\gUcOjRF.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\xfFCEao.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\mdTzPKB.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\twvTSUv.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\uYIKREy.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\prlLmDB.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\qrJNHlR.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\zmuLHeu.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\uGDCtLr.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\QGNfyOX.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\DkJrWaJ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\JUrlJDX.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\NSeJoEs.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\gdOWNcF.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\YDplqcO.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\dFjDURk.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\tniLXsU.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\TlpAvbC.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\DVtwmNN.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\vrMCjWj.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\VeykKpD.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\rYJnnVu.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\JBibEky.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\AtntAmb.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\nQvafyd.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\SftzBeV.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\wuvcrQH.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\JsqDaAu.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\wQZZxUj.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\GTFHlrR.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\OyAdMIM.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\PtLBTzJ.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\mbOuWeI.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\RDpxXZs.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\XEHwvgP.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\zpQRJSm.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\tUULZzp.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\DScySvX.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\vgGOcgd.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\vetOjxt.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
File created	C:\Windows\System\yODaxxI.exe	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1748	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	30
PID 1348 wrote to memory of 1748	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	30
PID 1348 wrote to memory of 1748	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	30
PID 1348 wrote to memory of 2276	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	31
PID 1348 wrote to memory of 2276	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	31
PID 1348 wrote to memory of 2276	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	31
PID 1348 wrote to memory of 1668	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	32
PID 1348 wrote to memory of 1668	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	32
PID 1348 wrote to memory of 1668	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	32
PID 1348 wrote to memory of 2720	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	33
PID 1348 wrote to memory of 2720	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	33
PID 1348 wrote to memory of 2720	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	33
PID 1348 wrote to memory of 2868	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	34
PID 1348 wrote to memory of 2868	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	34
PID 1348 wrote to memory of 2868	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	34
PID 1348 wrote to memory of 2940	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	35
PID 1348 wrote to memory of 2940	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	35
PID 1348 wrote to memory of 2940	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	35
PID 1348 wrote to memory of 2880	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	36
PID 1348 wrote to memory of 2880	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	36
PID 1348 wrote to memory of 2880	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	36
PID 1348 wrote to memory of 2612	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	37
PID 1348 wrote to memory of 2612	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	37
PID 1348 wrote to memory of 2612	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	37
PID 1348 wrote to memory of 2852	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	38
PID 1348 wrote to memory of 2852	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	38
PID 1348 wrote to memory of 2852	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	38
PID 1348 wrote to memory of 2608	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	39
PID 1348 wrote to memory of 2608	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	39
PID 1348 wrote to memory of 2608	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	39
PID 1348 wrote to memory of 1800	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	40
PID 1348 wrote to memory of 1800	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	40
PID 1348 wrote to memory of 1800	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	40
PID 1348 wrote to memory of 2572	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	41
PID 1348 wrote to memory of 2572	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	41
PID 1348 wrote to memory of 2572	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	41
PID 1348 wrote to memory of 740	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	42
PID 1348 wrote to memory of 740	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	42
PID 1348 wrote to memory of 740	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	42
PID 1348 wrote to memory of 1352	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	43
PID 1348 wrote to memory of 1352	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	43
PID 1348 wrote to memory of 1352	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	43
PID 1348 wrote to memory of 1984	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	44
PID 1348 wrote to memory of 1984	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	44
PID 1348 wrote to memory of 1984	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	44
PID 1348 wrote to memory of 848	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	45
PID 1348 wrote to memory of 848	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	45
PID 1348 wrote to memory of 848	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	45
PID 1348 wrote to memory of 1532	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	46
PID 1348 wrote to memory of 1532	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	46
PID 1348 wrote to memory of 1532	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	46
PID 1348 wrote to memory of 1924	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	47
PID 1348 wrote to memory of 1924	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	47
PID 1348 wrote to memory of 1924	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	47
PID 1348 wrote to memory of 3044	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	48
PID 1348 wrote to memory of 3044	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	48
PID 1348 wrote to memory of 3044	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	48
PID 1348 wrote to memory of 1216	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	49
PID 1348 wrote to memory of 1216	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	49
PID 1348 wrote to memory of 1216	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	49
PID 1348 wrote to memory of 1388	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	50
PID 1348 wrote to memory of 1388	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	50
PID 1348 wrote to memory of 1388	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	50
PID 1348 wrote to memory of 2776	1348	9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe	51

C:\Users\Admin\AppData\Local\Temp\9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe
"C:\Users\Admin\AppData\Local\Temp\9adc4445ef164e5589604f15bd0b096cbbd0189ff9d2096d8d71bf88f6456c46.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\System\SEDZsra.exe
  C:\Windows\System\SEDZsra.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\AtntAmb.exe
  C:\Windows\System\AtntAmb.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\TjACJGA.exe
  C:\Windows\System\TjACJGA.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\uwTOnSd.exe
  C:\Windows\System\uwTOnSd.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\BdMWCTr.exe
  C:\Windows\System\BdMWCTr.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ropHstg.exe
  C:\Windows\System\ropHstg.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\gtICjfA.exe
  C:\Windows\System\gtICjfA.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\AGNKHEU.exe
  C:\Windows\System\AGNKHEU.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\zKsCegP.exe
  C:\Windows\System\zKsCegP.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\HlHHCGV.exe
  C:\Windows\System\HlHHCGV.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\moJoDJG.exe
  C:\Windows\System\moJoDJG.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ILMbMtn.exe
  C:\Windows\System\ILMbMtn.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\VFvhriu.exe
  C:\Windows\System\VFvhriu.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\kExBNtl.exe
  C:\Windows\System\kExBNtl.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ZWfRkIq.exe
  C:\Windows\System\ZWfRkIq.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bfRccws.exe
  C:\Windows\System\bfRccws.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\TnBjKoW.exe
  C:\Windows\System\TnBjKoW.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\VrqUQwD.exe
  C:\Windows\System\VrqUQwD.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\gdGCubB.exe
  C:\Windows\System\gdGCubB.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\IOSIqwa.exe
  C:\Windows\System\IOSIqwa.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\WQNPqwi.exe
  C:\Windows\System\WQNPqwi.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\VcDQjSq.exe
  C:\Windows\System\VcDQjSq.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\NzpSbwO.exe
  C:\Windows\System\NzpSbwO.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\fZJOfyt.exe
  C:\Windows\System\fZJOfyt.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\Avmvqvm.exe
  C:\Windows\System\Avmvqvm.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\lJOmgnK.exe
  C:\Windows\System\lJOmgnK.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\ooYrCnh.exe
  C:\Windows\System\ooYrCnh.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ryFTxJF.exe
  C:\Windows\System\ryFTxJF.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\qrJNHlR.exe
  C:\Windows\System\qrJNHlR.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\pTGgqJb.exe
  C:\Windows\System\pTGgqJb.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\jXMyyrW.exe
  C:\Windows\System\jXMyyrW.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\IQrrGTb.exe
  C:\Windows\System\IQrrGTb.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\xPvNEkj.exe
  C:\Windows\System\xPvNEkj.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\dnUkzNy.exe
  C:\Windows\System\dnUkzNy.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\PoYcuMt.exe
  C:\Windows\System\PoYcuMt.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\fYCEwQc.exe
  C:\Windows\System\fYCEwQc.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NGiVmTK.exe
  C:\Windows\System\NGiVmTK.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\TguLsUM.exe
  C:\Windows\System\TguLsUM.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\eGBHKTH.exe
  C:\Windows\System\eGBHKTH.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\tDyJGPg.exe
  C:\Windows\System\tDyJGPg.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fotsUXJ.exe
  C:\Windows\System\fotsUXJ.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\yNZtShU.exe
  C:\Windows\System\yNZtShU.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\LDYjgoG.exe
  C:\Windows\System\LDYjgoG.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\vvduWdh.exe
  C:\Windows\System\vvduWdh.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LguMruQ.exe
  C:\Windows\System\LguMruQ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\wOATPjt.exe
  C:\Windows\System\wOATPjt.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\vgGOcgd.exe
  C:\Windows\System\vgGOcgd.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\nEvZEtY.exe
  C:\Windows\System\nEvZEtY.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\nQvafyd.exe
  C:\Windows\System\nQvafyd.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\buWiVHC.exe
  C:\Windows\System\buWiVHC.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\BLNVmKZ.exe
  C:\Windows\System\BLNVmKZ.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\TZaaVwt.exe
  C:\Windows\System\TZaaVwt.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\secdFDj.exe
  C:\Windows\System\secdFDj.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\zCAzkWp.exe
  C:\Windows\System\zCAzkWp.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\WSNuuOr.exe
  C:\Windows\System\WSNuuOr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\daJwLsW.exe
  C:\Windows\System\daJwLsW.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\GFQyddI.exe
  C:\Windows\System\GFQyddI.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\uYLuyUP.exe
  C:\Windows\System\uYLuyUP.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\vKzQNoD.exe
  C:\Windows\System\vKzQNoD.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\DdvLhpz.exe
  C:\Windows\System\DdvLhpz.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\pyaQkkL.exe
  C:\Windows\System\pyaQkkL.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\gYkEVDI.exe
  C:\Windows\System\gYkEVDI.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\pmMSKko.exe
  C:\Windows\System\pmMSKko.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\WlVrUaB.exe
  C:\Windows\System\WlVrUaB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\zmuLHeu.exe
  C:\Windows\System\zmuLHeu.exe
  2⤵
  PID:2300
- C:\Windows\System\mXjzrIr.exe
  C:\Windows\System\mXjzrIr.exe
  2⤵
  PID:2840
- C:\Windows\System\RCmCXLO.exe
  C:\Windows\System\RCmCXLO.exe
  2⤵
  PID:1092
- C:\Windows\System\jQLUIkC.exe
  C:\Windows\System\jQLUIkC.exe
  2⤵
  PID:1744
- C:\Windows\System\zNWjJOj.exe
  C:\Windows\System\zNWjJOj.exe
  2⤵
  PID:3048
- C:\Windows\System\PsWVTtD.exe
  C:\Windows\System\PsWVTtD.exe
  2⤵
  PID:2584
- C:\Windows\System\xOfNPBF.exe
  C:\Windows\System\xOfNPBF.exe
  2⤵
  PID:700
- C:\Windows\System\vAINzsW.exe
  C:\Windows\System\vAINzsW.exe
  2⤵
  PID:3032
- C:\Windows\System\wKRVixT.exe
  C:\Windows\System\wKRVixT.exe
  2⤵
  PID:1604
- C:\Windows\System\WMPXzog.exe
  C:\Windows\System\WMPXzog.exe
  2⤵
  PID:2364
- C:\Windows\System\ewdqMGB.exe
  C:\Windows\System\ewdqMGB.exe
  2⤵
  PID:1068
- C:\Windows\System\PtLBTzJ.exe
  C:\Windows\System\PtLBTzJ.exe
  2⤵
  PID:2472
- C:\Windows\System\wVDPbJI.exe
  C:\Windows\System\wVDPbJI.exe
  2⤵
  PID:2060
- C:\Windows\System\zZLDHKE.exe
  C:\Windows\System\zZLDHKE.exe
  2⤵
  PID:1192
- C:\Windows\System\hvOLIdl.exe
  C:\Windows\System\hvOLIdl.exe
  2⤵
  PID:2104
- C:\Windows\System\DMkzVqF.exe
  C:\Windows\System\DMkzVqF.exe
  2⤵
  PID:568
- C:\Windows\System\TyoICrB.exe
  C:\Windows\System\TyoICrB.exe
  2⤵
  PID:1752
- C:\Windows\System\fIpXIUn.exe
  C:\Windows\System\fIpXIUn.exe
  2⤵
  PID:2552
- C:\Windows\System\UZZeAbK.exe
  C:\Windows\System\UZZeAbK.exe
  2⤵
  PID:1736
- C:\Windows\System\LVCOhbw.exe
  C:\Windows\System\LVCOhbw.exe
  2⤵
  PID:1784
- C:\Windows\System\SiOYxgA.exe
  C:\Windows\System\SiOYxgA.exe
  2⤵
  PID:2356
- C:\Windows\System\dJixOlU.exe
  C:\Windows\System\dJixOlU.exe
  2⤵
  PID:784
- C:\Windows\System\faQlJCD.exe
  C:\Windows\System\faQlJCD.exe
  2⤵
  PID:1972
- C:\Windows\System\uWHWgHf.exe
  C:\Windows\System\uWHWgHf.exe
  2⤵
  PID:2320
- C:\Windows\System\ntgyDwj.exe
  C:\Windows\System\ntgyDwj.exe
  2⤵
  PID:2560
- C:\Windows\System\psCNfcO.exe
  C:\Windows\System\psCNfcO.exe
  2⤵
  PID:880
- C:\Windows\System\SftzBeV.exe
  C:\Windows\System\SftzBeV.exe
  2⤵
  PID:1720
- C:\Windows\System\vlAtBXt.exe
  C:\Windows\System\vlAtBXt.exe
  2⤵
  PID:1996
- C:\Windows\System\KycUURf.exe
  C:\Windows\System\KycUURf.exe
  2⤵
  PID:2216
- C:\Windows\System\pOUieGa.exe
  C:\Windows\System\pOUieGa.exe
  2⤵
  PID:2952
- C:\Windows\System\OkjLuPR.exe
  C:\Windows\System\OkjLuPR.exe
  2⤵
  PID:2904
- C:\Windows\System\znImeBu.exe
  C:\Windows\System\znImeBu.exe
  2⤵
  PID:2656
- C:\Windows\System\XYrbSnw.exe
  C:\Windows\System\XYrbSnw.exe
  2⤵
  PID:2752
- C:\Windows\System\qhYWqrA.exe
  C:\Windows\System\qhYWqrA.exe
  2⤵
  PID:2828
- C:\Windows\System\vvLABuf.exe
  C:\Windows\System\vvLABuf.exe
  2⤵
  PID:3028
- C:\Windows\System\KkORzlu.exe
  C:\Windows\System\KkORzlu.exe
  2⤵
  PID:1004
- C:\Windows\System\HgQAnNZ.exe
  C:\Windows\System\HgQAnNZ.exe
  2⤵
  PID:2908
- C:\Windows\System\JjrFlgl.exe
  C:\Windows\System\JjrFlgl.exe
  2⤵
  PID:2476
- C:\Windows\System\HkzADnH.exe
  C:\Windows\System\HkzADnH.exe
  2⤵
  PID:2916
- C:\Windows\System\DpyUVfh.exe
  C:\Windows\System\DpyUVfh.exe
  2⤵
  PID:3056
- C:\Windows\System\hpZVVap.exe
  C:\Windows\System\hpZVVap.exe
  2⤵
  PID:1012
- C:\Windows\System\iqwfEeT.exe
  C:\Windows\System\iqwfEeT.exe
  2⤵
  PID:2156
- C:\Windows\System\wdHbLHm.exe
  C:\Windows\System\wdHbLHm.exe
  2⤵
  PID:1136
- C:\Windows\System\uGOVWtj.exe
  C:\Windows\System\uGOVWtj.exe
  2⤵
  PID:2440
- C:\Windows\System\pbPqrRc.exe
  C:\Windows\System\pbPqrRc.exe
  2⤵
  PID:752
- C:\Windows\System\DccamdX.exe
  C:\Windows\System\DccamdX.exe
  2⤵
  PID:1448
- C:\Windows\System\ggmbmdW.exe
  C:\Windows\System\ggmbmdW.exe
  2⤵
  PID:1232
- C:\Windows\System\vetOjxt.exe
  C:\Windows\System\vetOjxt.exe
  2⤵
  PID:1596
- C:\Windows\System\xJdGhvW.exe
  C:\Windows\System\xJdGhvW.exe
  2⤵
  PID:456
- C:\Windows\System\kKGdhnM.exe
  C:\Windows\System\kKGdhnM.exe
  2⤵
  PID:1944
- C:\Windows\System\kHxonfp.exe
  C:\Windows\System\kHxonfp.exe
  2⤵
  PID:2412
- C:\Windows\System\EbXbzag.exe
  C:\Windows\System\EbXbzag.exe
  2⤵
  PID:1584
- C:\Windows\System\FlsgiCm.exe
  C:\Windows\System\FlsgiCm.exe
  2⤵
  PID:2252
- C:\Windows\System\cZoXxdR.exe
  C:\Windows\System\cZoXxdR.exe
  2⤵
  PID:2228
- C:\Windows\System\oxGuFpg.exe
  C:\Windows\System\oxGuFpg.exe
  2⤵
  PID:2800
- C:\Windows\System\vbdwwKX.exe
  C:\Windows\System\vbdwwKX.exe
  2⤵
  PID:2716
- C:\Windows\System\pLMyLXo.exe
  C:\Windows\System\pLMyLXo.exe
  2⤵
  PID:2576
- C:\Windows\System\PQHHiLL.exe
  C:\Windows\System\PQHHiLL.exe
  2⤵
  PID:3068
- C:\Windows\System\mbOuWeI.exe
  C:\Windows\System\mbOuWeI.exe
  2⤵
  PID:280
- C:\Windows\System\KZReeUy.exe
  C:\Windows\System\KZReeUy.exe
  2⤵
  PID:1592
- C:\Windows\System\TsDDCcM.exe
  C:\Windows\System\TsDDCcM.exe
  2⤵
  PID:2480
- C:\Windows\System\IXtHdiG.exe
  C:\Windows\System\IXtHdiG.exe
  2⤵
  PID:860
- C:\Windows\System\LCftFoU.exe
  C:\Windows\System\LCftFoU.exe
  2⤵
  PID:944
- C:\Windows\System\mBiUrfR.exe
  C:\Windows\System\mBiUrfR.exe
  2⤵
  PID:2460
- C:\Windows\System\nqGkkZd.exe
  C:\Windows\System\nqGkkZd.exe
  2⤵
  PID:1580
- C:\Windows\System\xggtmjj.exe
  C:\Windows\System\xggtmjj.exe
  2⤵
  PID:2744
- C:\Windows\System\FZGCqhm.exe
  C:\Windows\System\FZGCqhm.exe
  2⤵
  PID:2796
- C:\Windows\System\zSHAqUJ.exe
  C:\Windows\System\zSHAqUJ.exe
  2⤵
  PID:2304
- C:\Windows\System\yAMoHPa.exe
  C:\Windows\System\yAMoHPa.exe
  2⤵
  PID:1140
- C:\Windows\System\KezuiRF.exe
  C:\Windows\System\KezuiRF.exe
  2⤵
  PID:2204
- C:\Windows\System\iIDemew.exe
  C:\Windows\System\iIDemew.exe
  2⤵
  PID:2732
- C:\Windows\System\AaFdmkJ.exe
  C:\Windows\System\AaFdmkJ.exe
  2⤵
  PID:2648
- C:\Windows\System\JIIHIVS.exe
  C:\Windows\System\JIIHIVS.exe
  2⤵
  PID:2600
- C:\Windows\System\ezZgXYz.exe
  C:\Windows\System\ezZgXYz.exe
  2⤵
  PID:2212
- C:\Windows\System\cCfQtcN.exe
  C:\Windows\System\cCfQtcN.exe
  2⤵
  PID:2652
- C:\Windows\System\GkWGMof.exe
  C:\Windows\System\GkWGMof.exe
  2⤵
  PID:524
- C:\Windows\System\JwRRTJT.exe
  C:\Windows\System\JwRRTJT.exe
  2⤵
  PID:1008
- C:\Windows\System\CwNYril.exe
  C:\Windows\System\CwNYril.exe
  2⤵
  PID:2376
- C:\Windows\System\BZiDCdj.exe
  C:\Windows\System\BZiDCdj.exe
  2⤵
  PID:560
- C:\Windows\System\ksKqlJi.exe
  C:\Windows\System\ksKqlJi.exe
  2⤵
  PID:2692
- C:\Windows\System\wuvcrQH.exe
  C:\Windows\System\wuvcrQH.exe
  2⤵
  PID:1480
- C:\Windows\System\DsDmcEf.exe
  C:\Windows\System\DsDmcEf.exe
  2⤵
  PID:3020
- C:\Windows\System\aoapdZQ.exe
  C:\Windows\System\aoapdZQ.exe
  2⤵
  PID:2084
- C:\Windows\System\OlPHugl.exe
  C:\Windows\System\OlPHugl.exe
  2⤵
  PID:2092
- C:\Windows\System\dfqezlr.exe
  C:\Windows\System\dfqezlr.exe
  2⤵
  PID:2120
- C:\Windows\System\gXWgOoG.exe
  C:\Windows\System\gXWgOoG.exe
  2⤵
  PID:2708
- C:\Windows\System\FZgytTP.exe
  C:\Windows\System\FZgytTP.exe
  2⤵
  PID:3092
- C:\Windows\System\LmkCwVS.exe
  C:\Windows\System\LmkCwVS.exe
  2⤵
  PID:3112
- C:\Windows\System\MwCvSnT.exe
  C:\Windows\System\MwCvSnT.exe
  2⤵
  PID:3132
- C:\Windows\System\TSlLRhK.exe
  C:\Windows\System\TSlLRhK.exe
  2⤵
  PID:3152
- C:\Windows\System\pObLnGy.exe
  C:\Windows\System\pObLnGy.exe
  2⤵
  PID:3172
- C:\Windows\System\CycFrsz.exe
  C:\Windows\System\CycFrsz.exe
  2⤵
  PID:3188
- C:\Windows\System\fvKTRCe.exe
  C:\Windows\System\fvKTRCe.exe
  2⤵
  PID:3212
- C:\Windows\System\xOaSDiY.exe
  C:\Windows\System\xOaSDiY.exe
  2⤵
  PID:3232
- C:\Windows\System\ubuCUCK.exe
  C:\Windows\System\ubuCUCK.exe
  2⤵
  PID:3252
- C:\Windows\System\MIFFeEP.exe
  C:\Windows\System\MIFFeEP.exe
  2⤵
  PID:3272
- C:\Windows\System\yODaxxI.exe
  C:\Windows\System\yODaxxI.exe
  2⤵
  PID:3292
- C:\Windows\System\kqnMdna.exe
  C:\Windows\System\kqnMdna.exe
  2⤵
  PID:3312
- C:\Windows\System\VwoEmFM.exe
  C:\Windows\System\VwoEmFM.exe
  2⤵
  PID:3332
- C:\Windows\System\IEKgYxH.exe
  C:\Windows\System\IEKgYxH.exe
  2⤵
  PID:3352
- C:\Windows\System\bxdbnJx.exe
  C:\Windows\System\bxdbnJx.exe
  2⤵
  PID:3376
- C:\Windows\System\SHsIskA.exe
  C:\Windows\System\SHsIskA.exe
  2⤵
  PID:3396
- C:\Windows\System\vWVqfqq.exe
  C:\Windows\System\vWVqfqq.exe
  2⤵
  PID:3416
- C:\Windows\System\uyVftYW.exe
  C:\Windows\System\uyVftYW.exe
  2⤵
  PID:3436
- C:\Windows\System\RbuMHDI.exe
  C:\Windows\System\RbuMHDI.exe
  2⤵
  PID:3460
- C:\Windows\System\fWyyqMP.exe
  C:\Windows\System\fWyyqMP.exe
  2⤵
  PID:3480
- C:\Windows\System\ThVfOQS.exe
  C:\Windows\System\ThVfOQS.exe
  2⤵
  PID:3500
- C:\Windows\System\cVwSPYw.exe
  C:\Windows\System\cVwSPYw.exe
  2⤵
  PID:3520
- C:\Windows\System\smSEndW.exe
  C:\Windows\System\smSEndW.exe
  2⤵
  PID:3540
- C:\Windows\System\qDtMzDH.exe
  C:\Windows\System\qDtMzDH.exe
  2⤵
  PID:3560
- C:\Windows\System\ucWTPtN.exe
  C:\Windows\System\ucWTPtN.exe
  2⤵
  PID:3580
- C:\Windows\System\Vgykhir.exe
  C:\Windows\System\Vgykhir.exe
  2⤵
  PID:3600
- C:\Windows\System\fUtUJIa.exe
  C:\Windows\System\fUtUJIa.exe
  2⤵
  PID:3620
- C:\Windows\System\PykhUwv.exe
  C:\Windows\System\PykhUwv.exe
  2⤵
  PID:3640
- C:\Windows\System\phUjUVh.exe
  C:\Windows\System\phUjUVh.exe
  2⤵
  PID:3660
- C:\Windows\System\oBMWOXr.exe
  C:\Windows\System\oBMWOXr.exe
  2⤵
  PID:3680
- C:\Windows\System\NjjoydN.exe
  C:\Windows\System\NjjoydN.exe
  2⤵
  PID:3700
- C:\Windows\System\ZOlBkbT.exe
  C:\Windows\System\ZOlBkbT.exe
  2⤵
  PID:3720
- C:\Windows\System\NVxwynD.exe
  C:\Windows\System\NVxwynD.exe
  2⤵
  PID:3744
- C:\Windows\System\HHLJsUo.exe
  C:\Windows\System\HHLJsUo.exe
  2⤵
  PID:3764
- C:\Windows\System\SuRhjQP.exe
  C:\Windows\System\SuRhjQP.exe
  2⤵
  PID:3784
- C:\Windows\System\BYpnKvH.exe
  C:\Windows\System\BYpnKvH.exe
  2⤵
  PID:3804
- C:\Windows\System\unUYGlN.exe
  C:\Windows\System\unUYGlN.exe
  2⤵
  PID:3824
- C:\Windows\System\uGDCtLr.exe
  C:\Windows\System\uGDCtLr.exe
  2⤵
  PID:3844
- C:\Windows\System\PKeOLGa.exe
  C:\Windows\System\PKeOLGa.exe
  2⤵
  PID:3864
- C:\Windows\System\AXtFbzz.exe
  C:\Windows\System\AXtFbzz.exe
  2⤵
  PID:3884
- C:\Windows\System\obzrGSL.exe
  C:\Windows\System\obzrGSL.exe
  2⤵
  PID:3904
- C:\Windows\System\UgpBdoG.exe
  C:\Windows\System\UgpBdoG.exe
  2⤵
  PID:3928
- C:\Windows\System\XuvmGnW.exe
  C:\Windows\System\XuvmGnW.exe
  2⤵
  PID:3948
- C:\Windows\System\GVxsYLs.exe
  C:\Windows\System\GVxsYLs.exe
  2⤵
  PID:3968
- C:\Windows\System\aOdyvZq.exe
  C:\Windows\System\aOdyvZq.exe
  2⤵
  PID:3988
- C:\Windows\System\oFblOgH.exe
  C:\Windows\System\oFblOgH.exe
  2⤵
  PID:4008
- C:\Windows\System\POfKBVD.exe
  C:\Windows\System\POfKBVD.exe
  2⤵
  PID:4028
- C:\Windows\System\FYooMcN.exe
  C:\Windows\System\FYooMcN.exe
  2⤵
  PID:4048
- C:\Windows\System\qHjKmWq.exe
  C:\Windows\System\qHjKmWq.exe
  2⤵
  PID:4068
- C:\Windows\System\eSJMNaJ.exe
  C:\Windows\System\eSJMNaJ.exe
  2⤵
  PID:4088
- C:\Windows\System\eyDzXAY.exe
  C:\Windows\System\eyDzXAY.exe
  2⤵
  PID:2824
- C:\Windows\System\sIiQCAX.exe
  C:\Windows\System\sIiQCAX.exe
  2⤵
  PID:2876
- C:\Windows\System\EAwKlnp.exe
  C:\Windows\System\EAwKlnp.exe
  2⤵
  PID:1444
- C:\Windows\System\AJLYaZD.exe
  C:\Windows\System\AJLYaZD.exe
  2⤵
  PID:2668
- C:\Windows\System\HVKvTGb.exe
  C:\Windows\System\HVKvTGb.exe
  2⤵
  PID:3080
- C:\Windows\System\JzUmgKR.exe
  C:\Windows\System\JzUmgKR.exe
  2⤵
  PID:3100
- C:\Windows\System\QpPqhAr.exe
  C:\Windows\System\QpPqhAr.exe
  2⤵
  PID:3168
- C:\Windows\System\nTuuBNk.exe
  C:\Windows\System\nTuuBNk.exe
  2⤵
  PID:3148
- C:\Windows\System\zjHNpNo.exe
  C:\Windows\System\zjHNpNo.exe
  2⤵
  PID:3200
- C:\Windows\System\dXfdvJM.exe
  C:\Windows\System\dXfdvJM.exe
  2⤵
  PID:3248
- C:\Windows\System\JmHkJIe.exe
  C:\Windows\System\JmHkJIe.exe
  2⤵
  PID:3288
- C:\Windows\System\wXxxIdZ.exe
  C:\Windows\System\wXxxIdZ.exe
  2⤵
  PID:3320
- C:\Windows\System\FnEfCvn.exe
  C:\Windows\System\FnEfCvn.exe
  2⤵
  PID:3360
- C:\Windows\System\faHZQyK.exe
  C:\Windows\System\faHZQyK.exe
  2⤵
  PID:3344
- C:\Windows\System\CiYZrTG.exe
  C:\Windows\System\CiYZrTG.exe
  2⤵
  PID:3392
- C:\Windows\System\KBQTwIS.exe
  C:\Windows\System\KBQTwIS.exe
  2⤵
  PID:3456
- C:\Windows\System\avBWnKx.exe
  C:\Windows\System\avBWnKx.exe
  2⤵
  PID:3492
- C:\Windows\System\CfLGesf.exe
  C:\Windows\System\CfLGesf.exe
  2⤵
  PID:3536
- C:\Windows\System\aXVLSUI.exe
  C:\Windows\System\aXVLSUI.exe
  2⤵
  PID:3568
- C:\Windows\System\yLFTvoI.exe
  C:\Windows\System\yLFTvoI.exe
  2⤵
  PID:3552
- C:\Windows\System\JsqDaAu.exe
  C:\Windows\System\JsqDaAu.exe
  2⤵
  PID:3612
- C:\Windows\System\peeoKRl.exe
  C:\Windows\System\peeoKRl.exe
  2⤵
  PID:3632
- C:\Windows\System\ZOuDnMu.exe
  C:\Windows\System\ZOuDnMu.exe
  2⤵
  PID:3692
- C:\Windows\System\qpDoqoY.exe
  C:\Windows\System\qpDoqoY.exe
  2⤵
  PID:3728
- C:\Windows\System\zSMQSOD.exe
  C:\Windows\System\zSMQSOD.exe
  2⤵
  PID:3752
- C:\Windows\System\kyZrXze.exe
  C:\Windows\System\kyZrXze.exe
  2⤵
  PID:3776
- C:\Windows\System\RdYootP.exe
  C:\Windows\System\RdYootP.exe
  2⤵
  PID:3792
- C:\Windows\System\KeDFfNq.exe
  C:\Windows\System\KeDFfNq.exe
  2⤵
  PID:3852
- C:\Windows\System\RUwLnlC.exe
  C:\Windows\System\RUwLnlC.exe
  2⤵
  PID:3836
- C:\Windows\System\Hsyiozp.exe
  C:\Windows\System\Hsyiozp.exe
  2⤵
  PID:3936
- C:\Windows\System\vunCUjL.exe
  C:\Windows\System\vunCUjL.exe
  2⤵
  PID:3924
- C:\Windows\System\nyObovQ.exe
  C:\Windows\System\nyObovQ.exe
  2⤵
  PID:3976
- C:\Windows\System\OybUnXF.exe
  C:\Windows\System\OybUnXF.exe
  2⤵
  PID:4016
- C:\Windows\System\OxCwkzj.exe
  C:\Windows\System\OxCwkzj.exe
  2⤵
  PID:4020
- C:\Windows\System\nodPUev.exe
  C:\Windows\System\nodPUev.exe
  2⤵
  PID:4060
- C:\Windows\System\zSDWTGL.exe
  C:\Windows\System\zSDWTGL.exe
  2⤵
  PID:4080
- C:\Windows\System\RXQevno.exe
  C:\Windows\System\RXQevno.exe
  2⤵
  PID:1680
- C:\Windows\System\kTuMhDi.exe
  C:\Windows\System\kTuMhDi.exe
  2⤵
  PID:3076
- C:\Windows\System\TaPkwQr.exe
  C:\Windows\System\TaPkwQr.exe
  2⤵
  PID:3128
- C:\Windows\System\dpphvdh.exe
  C:\Windows\System\dpphvdh.exe
  2⤵
  PID:3204
- C:\Windows\System\RDpxXZs.exe
  C:\Windows\System\RDpxXZs.exe
  2⤵
  PID:3280
- C:\Windows\System\XxGUvOT.exe
  C:\Windows\System\XxGUvOT.exe
  2⤵
  PID:3300
- C:\Windows\System\DnevUoN.exe
  C:\Windows\System\DnevUoN.exe
  2⤵
  PID:3384
- C:\Windows\System\QFmAnPI.exe
  C:\Windows\System\QFmAnPI.exe
  2⤵
  PID:3304
- C:\Windows\System\SNNbmGp.exe
  C:\Windows\System\SNNbmGp.exe
  2⤵
  PID:3448
- C:\Windows\System\iriBRdZ.exe
  C:\Windows\System\iriBRdZ.exe
  2⤵
  PID:3920
- C:\Windows\System\izvAUxt.exe
  C:\Windows\System\izvAUxt.exe
  2⤵
  PID:3532
- C:\Windows\System\FWolUca.exe
  C:\Windows\System\FWolUca.exe
  2⤵
  PID:3548
- C:\Windows\System\cTGpoEt.exe
  C:\Windows\System\cTGpoEt.exe
  2⤵
  PID:3656
- C:\Windows\System\mPeEBNR.exe
  C:\Windows\System\mPeEBNR.exe
  2⤵
  PID:3712
- C:\Windows\System\UaxeGlP.exe
  C:\Windows\System\UaxeGlP.exe
  2⤵
  PID:3780
- C:\Windows\System\xhCdqpP.exe
  C:\Windows\System\xhCdqpP.exe
  2⤵
  PID:3760
- C:\Windows\System\pOEBDgQ.exe
  C:\Windows\System\pOEBDgQ.exe
  2⤵
  PID:1304
- C:\Windows\System\XEHwvgP.exe
  C:\Windows\System\XEHwvgP.exe
  2⤵
  PID:3912
- C:\Windows\System\RdPksAc.exe
  C:\Windows\System\RdPksAc.exe
  2⤵
  PID:3880
- C:\Windows\System\PHbyKzc.exe
  C:\Windows\System\PHbyKzc.exe
  2⤵
  PID:3984
- C:\Windows\System\zIkjKQO.exe
  C:\Windows\System\zIkjKQO.exe
  2⤵
  PID:4000
- C:\Windows\System\hQAiuce.exe
  C:\Windows\System\hQAiuce.exe
  2⤵
  PID:4076
- C:\Windows\System\gqCvdJP.exe
  C:\Windows\System\gqCvdJP.exe
  2⤵
  PID:3104
- C:\Windows\System\fRgdrHs.exe
  C:\Windows\System\fRgdrHs.exe
  2⤵
  PID:3164
- C:\Windows\System\tniLXsU.exe
  C:\Windows\System\tniLXsU.exe
  2⤵
  PID:3268
- C:\Windows\System\MACdjHc.exe
  C:\Windows\System\MACdjHc.exe
  2⤵
  PID:3228
- C:\Windows\System\SYUsotC.exe
  C:\Windows\System\SYUsotC.exe
  2⤵
  PID:3264
- C:\Windows\System\eeQQsqd.exe
  C:\Windows\System\eeQQsqd.exe
  2⤵
  PID:3472
- C:\Windows\System\uemxIud.exe
  C:\Windows\System\uemxIud.exe
  2⤵
  PID:3696
- C:\Windows\System\IFOtiqP.exe
  C:\Windows\System\IFOtiqP.exe
  2⤵
  PID:2528
- C:\Windows\System\ttbkFES.exe
  C:\Windows\System\ttbkFES.exe
  2⤵
  PID:3832
- C:\Windows\System\amsMOkN.exe
  C:\Windows\System\amsMOkN.exe
  2⤵
  PID:4064
- C:\Windows\System\rzxmbUo.exe
  C:\Windows\System\rzxmbUo.exe
  2⤵
  PID:2160
- C:\Windows\System\josDrkA.exe
  C:\Windows\System\josDrkA.exe
  2⤵
  PID:3084
- C:\Windows\System\SRYahLO.exe
  C:\Windows\System\SRYahLO.exe
  2⤵
  PID:3412
- C:\Windows\System\zpQRJSm.exe
  C:\Windows\System\zpQRJSm.exe
  2⤵
  PID:3284
- C:\Windows\System\HZPYmQo.exe
  C:\Windows\System\HZPYmQo.exe
  2⤵
  PID:3528
- C:\Windows\System\wextqgy.exe
  C:\Windows\System\wextqgy.exe
  2⤵
  PID:3516
- C:\Windows\System\OLqXqzx.exe
  C:\Windows\System\OLqXqzx.exe
  2⤵
  PID:2016
- C:\Windows\System\hxjuYpz.exe
  C:\Windows\System\hxjuYpz.exe
  2⤵
  PID:3340
- C:\Windows\System\TGlBzHv.exe
  C:\Windows\System\TGlBzHv.exe
  2⤵
  PID:2244
- C:\Windows\System\RetdjDQ.exe
  C:\Windows\System\RetdjDQ.exe
  2⤵
  PID:1880
- C:\Windows\System\zAdSyGf.exe
  C:\Windows\System\zAdSyGf.exe
  2⤵
  PID:4004
- C:\Windows\System\PAKwgti.exe
  C:\Windows\System\PAKwgti.exe
  2⤵
  PID:3960
- C:\Windows\System\DkJAlkm.exe
  C:\Windows\System\DkJAlkm.exe
  2⤵
  PID:2484
- C:\Windows\System\vEftTwg.exe
  C:\Windows\System\vEftTwg.exe
  2⤵
  PID:2728
- C:\Windows\System\pUFrUnq.exe
  C:\Windows\System\pUFrUnq.exe
  2⤵
  PID:3224
- C:\Windows\System\guKfBgr.exe
  C:\Windows\System\guKfBgr.exe
  2⤵
  PID:2592
- C:\Windows\System\xkBiebr.exe
  C:\Windows\System\xkBiebr.exe
  2⤵
  PID:3856
- C:\Windows\System\ccVUmjQ.exe
  C:\Windows\System\ccVUmjQ.exe
  2⤵
  PID:1956
- C:\Windows\System\TbGWcRt.exe
  C:\Windows\System\TbGWcRt.exe
  2⤵
  PID:2196
- C:\Windows\System\ipBnVht.exe
  C:\Windows\System\ipBnVht.exe
  2⤵
  PID:2136
- C:\Windows\System\xyqwdfE.exe
  C:\Windows\System\xyqwdfE.exe
  2⤵
  PID:3452
- C:\Windows\System\VBNBFZq.exe
  C:\Windows\System\VBNBFZq.exe
  2⤵
  PID:960
- C:\Windows\System\rBLVZWS.exe
  C:\Windows\System\rBLVZWS.exe
  2⤵
  PID:3496
- C:\Windows\System\UEUQTHE.exe
  C:\Windows\System\UEUQTHE.exe
  2⤵
  PID:2784
- C:\Windows\System\QnZWuHg.exe
  C:\Windows\System\QnZWuHg.exe
  2⤵
  PID:2088
- C:\Windows\System\ffhemIe.exe
  C:\Windows\System\ffhemIe.exe
  2⤵
  PID:3892
- C:\Windows\System\zTWdKAb.exe
  C:\Windows\System\zTWdKAb.exe
  2⤵
  PID:2140
- C:\Windows\System\qpqGWLu.exe
  C:\Windows\System\qpqGWLu.exe
  2⤵
  PID:2008
- C:\Windows\System\CqBLhjg.exe
  C:\Windows\System\CqBLhjg.exe
  2⤵
  PID:4036
- C:\Windows\System\OXFrpfn.exe
  C:\Windows\System\OXFrpfn.exe
  2⤵
  PID:2044
- C:\Windows\System\xPYzGhQ.exe
  C:\Windows\System\xPYzGhQ.exe
  2⤵
  PID:3876
- C:\Windows\System\MYSUXnN.exe
  C:\Windows\System\MYSUXnN.exe
  2⤵
  PID:1712
- C:\Windows\System\oMFZWZG.exe
  C:\Windows\System\oMFZWZG.exe
  2⤵
  PID:3652
- C:\Windows\System\qhAtlbI.exe
  C:\Windows\System\qhAtlbI.exe
  2⤵
  PID:3024
- C:\Windows\System\ndtAomT.exe
  C:\Windows\System\ndtAomT.exe
  2⤵
  PID:2080
- C:\Windows\System\WhnKUMw.exe
  C:\Windows\System\WhnKUMw.exe
  2⤵
  PID:972
- C:\Windows\System\OESjmoc.exe
  C:\Windows\System\OESjmoc.exe
  2⤵
  PID:3040
- C:\Windows\System\VeykKpD.exe
  C:\Windows\System\VeykKpD.exe
  2⤵
  PID:4120
- C:\Windows\System\DHeGYRP.exe
  C:\Windows\System\DHeGYRP.exe
  2⤵
  PID:4144
- C:\Windows\System\QGNfyOX.exe
  C:\Windows\System\QGNfyOX.exe
  2⤵
  PID:4160
- C:\Windows\System\walzVgG.exe
  C:\Windows\System\walzVgG.exe
  2⤵
  PID:4184
- C:\Windows\System\uWbsThx.exe
  C:\Windows\System\uWbsThx.exe
  2⤵
  PID:4204
- C:\Windows\System\DdTygeJ.exe
  C:\Windows\System\DdTygeJ.exe
  2⤵
  PID:4228
- C:\Windows\System\gUcOjRF.exe
  C:\Windows\System\gUcOjRF.exe
  2⤵
  PID:4244
- C:\Windows\System\VMIrnEx.exe
  C:\Windows\System\VMIrnEx.exe
  2⤵
  PID:4260
- C:\Windows\System\EBWBMTO.exe
  C:\Windows\System\EBWBMTO.exe
  2⤵
  PID:4280
- C:\Windows\System\zRtVyqu.exe
  C:\Windows\System\zRtVyqu.exe
  2⤵
  PID:4300
- C:\Windows\System\YglSoSy.exe
  C:\Windows\System\YglSoSy.exe
  2⤵
  PID:4320
- C:\Windows\System\EhUBPML.exe
  C:\Windows\System\EhUBPML.exe
  2⤵
  PID:4344
- C:\Windows\System\inxVYTa.exe
  C:\Windows\System\inxVYTa.exe
  2⤵
  PID:4364
- C:\Windows\System\JYAGcFY.exe
  C:\Windows\System\JYAGcFY.exe
  2⤵
  PID:4384
- C:\Windows\System\zFgzzzS.exe
  C:\Windows\System\zFgzzzS.exe
  2⤵
  PID:4408
- C:\Windows\System\uTeCPEw.exe
  C:\Windows\System\uTeCPEw.exe
  2⤵
  PID:4424
- C:\Windows\System\NHhVEDQ.exe
  C:\Windows\System\NHhVEDQ.exe
  2⤵
  PID:4444
- C:\Windows\System\BCqLpnQ.exe
  C:\Windows\System\BCqLpnQ.exe
  2⤵
  PID:4464
- C:\Windows\System\vrGQaxb.exe
  C:\Windows\System\vrGQaxb.exe
  2⤵
  PID:4488
- C:\Windows\System\pwyJFJN.exe
  C:\Windows\System\pwyJFJN.exe
  2⤵
  PID:4504
- C:\Windows\System\qxpEAsu.exe
  C:\Windows\System\qxpEAsu.exe
  2⤵
  PID:4524
- C:\Windows\System\KJCPXkZ.exe
  C:\Windows\System\KJCPXkZ.exe
  2⤵
  PID:4540
- C:\Windows\System\wgRPHWR.exe
  C:\Windows\System\wgRPHWR.exe
  2⤵
  PID:4564
- C:\Windows\System\mnuRGDg.exe
  C:\Windows\System\mnuRGDg.exe
  2⤵
  PID:4580
- C:\Windows\System\lhEelRs.exe
  C:\Windows\System\lhEelRs.exe
  2⤵
  PID:4600
- C:\Windows\System\cVdqpuw.exe
  C:\Windows\System\cVdqpuw.exe
  2⤵
  PID:4616
- C:\Windows\System\otdbrDb.exe
  C:\Windows\System\otdbrDb.exe
  2⤵
  PID:4636
- C:\Windows\System\svjoOPt.exe
  C:\Windows\System\svjoOPt.exe
  2⤵
  PID:4668
- C:\Windows\System\BaYmoVV.exe
  C:\Windows\System\BaYmoVV.exe
  2⤵
  PID:4684
- C:\Windows\System\NSeJoEs.exe
  C:\Windows\System\NSeJoEs.exe
  2⤵
  PID:4708
- C:\Windows\System\ZDSAgUm.exe
  C:\Windows\System\ZDSAgUm.exe
  2⤵
  PID:4728
- C:\Windows\System\ysIifrC.exe
  C:\Windows\System\ysIifrC.exe
  2⤵
  PID:4748
- C:\Windows\System\objlAQw.exe
  C:\Windows\System\objlAQw.exe
  2⤵
  PID:4768
- C:\Windows\System\tXArlcJ.exe
  C:\Windows\System\tXArlcJ.exe
  2⤵
  PID:4792
- C:\Windows\System\rhykBgg.exe
  C:\Windows\System\rhykBgg.exe
  2⤵
  PID:4808
- C:\Windows\System\CYdyVnc.exe
  C:\Windows\System\CYdyVnc.exe
  2⤵
  PID:4832
- C:\Windows\System\DnDCszG.exe
  C:\Windows\System\DnDCszG.exe
  2⤵
  PID:4848
- C:\Windows\System\LHTBLIP.exe
  C:\Windows\System\LHTBLIP.exe
  2⤵
  PID:4868
- C:\Windows\System\JxfwPmH.exe
  C:\Windows\System\JxfwPmH.exe
  2⤵
  PID:4892
- C:\Windows\System\kyVzFla.exe
  C:\Windows\System\kyVzFla.exe
  2⤵
  PID:4908
- C:\Windows\System\OPGUQtv.exe
  C:\Windows\System\OPGUQtv.exe
  2⤵
  PID:4924
- C:\Windows\System\tUULZzp.exe
  C:\Windows\System\tUULZzp.exe
  2⤵
  PID:4940
- C:\Windows\System\bSIpoOh.exe
  C:\Windows\System\bSIpoOh.exe
  2⤵
  PID:4956
- C:\Windows\System\zXHemIY.exe
  C:\Windows\System\zXHemIY.exe
  2⤵
  PID:4976
- C:\Windows\System\XfinQcW.exe
  C:\Windows\System\XfinQcW.exe
  2⤵
  PID:4992
- C:\Windows\System\WlHbnGG.exe
  C:\Windows\System\WlHbnGG.exe
  2⤵
  PID:5016
- C:\Windows\System\nMlLkgM.exe
  C:\Windows\System\nMlLkgM.exe
  2⤵
  PID:5040
- C:\Windows\System\WXsWFmA.exe
  C:\Windows\System\WXsWFmA.exe
  2⤵
  PID:5068
- C:\Windows\System\tncAXcy.exe
  C:\Windows\System\tncAXcy.exe
  2⤵
  PID:5084
- C:\Windows\System\yoAlOEm.exe
  C:\Windows\System\yoAlOEm.exe
  2⤵
  PID:5100
- C:\Windows\System\BESFZtM.exe
  C:\Windows\System\BESFZtM.exe
  2⤵
  PID:2240
- C:\Windows\System\tRVGimC.exe
  C:\Windows\System\tRVGimC.exe
  2⤵
  PID:4100
- C:\Windows\System\zGUQVlt.exe
  C:\Windows\System\zGUQVlt.exe
  2⤵
  PID:4172
- C:\Windows\System\Haumusp.exe
  C:\Windows\System\Haumusp.exe
  2⤵
  PID:4180
- C:\Windows\System\KjxGxDe.exe
  C:\Windows\System\KjxGxDe.exe
  2⤵
  PID:4192
- C:\Windows\System\ioHwUen.exe
  C:\Windows\System\ioHwUen.exe
  2⤵
  PID:4216
- C:\Windows\System\gdOWNcF.exe
  C:\Windows\System\gdOWNcF.exe
  2⤵
  PID:4296
- C:\Windows\System\BNVkXdK.exe
  C:\Windows\System\BNVkXdK.exe
  2⤵
  PID:4276
- C:\Windows\System\aAynqka.exe
  C:\Windows\System\aAynqka.exe
  2⤵
  PID:4332
- C:\Windows\System\crsPFhW.exe
  C:\Windows\System\crsPFhW.exe
  2⤵
  PID:4372
- C:\Windows\System\UPjZjWt.exe
  C:\Windows\System\UPjZjWt.exe
  2⤵
  PID:4416
- C:\Windows\System\XtLGVzK.exe
  C:\Windows\System\XtLGVzK.exe
  2⤵
  PID:4436
- C:\Windows\System\FIwQpND.exe
  C:\Windows\System\FIwQpND.exe
  2⤵
  PID:4480
- C:\Windows\System\jOXwmqg.exe
  C:\Windows\System\jOXwmqg.exe
  2⤵
  PID:4532
- C:\Windows\System\JnsHRlH.exe
  C:\Windows\System\JnsHRlH.exe
  2⤵
  PID:4520
- C:\Windows\System\xfFCEao.exe
  C:\Windows\System\xfFCEao.exe
  2⤵
  PID:4576
- C:\Windows\System\LQwliZZ.exe
  C:\Windows\System\LQwliZZ.exe
  2⤵
  PID:4648
- C:\Windows\System\BegLpDL.exe
  C:\Windows\System\BegLpDL.exe
  2⤵
  PID:4652
- C:\Windows\System\eVCUvFz.exe
  C:\Windows\System\eVCUvFz.exe
  2⤵
  PID:4680
- C:\Windows\System\LILvOJM.exe
  C:\Windows\System\LILvOJM.exe
  2⤵
  PID:4704
- C:\Windows\System\JpKvDjU.exe
  C:\Windows\System\JpKvDjU.exe
  2⤵
  PID:4744
- C:\Windows\System\VHXIMuQ.exe
  C:\Windows\System\VHXIMuQ.exe
  2⤵
  PID:4776
- C:\Windows\System\rqEGzzF.exe
  C:\Windows\System\rqEGzzF.exe
  2⤵
  PID:4820
- C:\Windows\System\MmPTNZx.exe
  C:\Windows\System\MmPTNZx.exe
  2⤵
  PID:4856
- C:\Windows\System\KFZusqv.exe
  C:\Windows\System\KFZusqv.exe
  2⤵
  PID:4888
- C:\Windows\System\IoHQLtm.exe
  C:\Windows\System\IoHQLtm.exe
  2⤵
  PID:4932
- C:\Windows\System\xycRzWP.exe
  C:\Windows\System\xycRzWP.exe
  2⤵
  PID:4972
- C:\Windows\System\BNlSRhH.exe
  C:\Windows\System\BNlSRhH.exe
  2⤵
  PID:5024
- C:\Windows\System\JVrtgks.exe
  C:\Windows\System\JVrtgks.exe
  2⤵
  PID:4988
- C:\Windows\System\VbYHirx.exe
  C:\Windows\System\VbYHirx.exe
  2⤵
  PID:5028
- C:\Windows\System\DBWfVyj.exe
  C:\Windows\System\DBWfVyj.exe
  2⤵
  PID:5092
- C:\Windows\System\XwNEGWK.exe
  C:\Windows\System\XwNEGWK.exe
  2⤵
  PID:3964
- C:\Windows\System\KRRQbal.exe
  C:\Windows\System\KRRQbal.exe
  2⤵
  PID:4220
- C:\Windows\System\nQevayc.exe
  C:\Windows\System\nQevayc.exe
  2⤵
  PID:3144
- C:\Windows\System\YDplqcO.exe
  C:\Windows\System\YDplqcO.exe
  2⤵
  PID:4340
- C:\Windows\System\NIMVoFX.exe
  C:\Windows\System\NIMVoFX.exe
  2⤵
  PID:4288
- C:\Windows\System\HCxvJPn.exe
  C:\Windows\System\HCxvJPn.exe
  2⤵
  PID:4380
- C:\Windows\System\xxbzvTV.exe
  C:\Windows\System\xxbzvTV.exe
  2⤵
  PID:4740
- C:\Windows\System\kAFbPVW.exe
  C:\Windows\System\kAFbPVW.exe
  2⤵
  PID:4572
- C:\Windows\System\IhCVYwC.exe
  C:\Windows\System\IhCVYwC.exe
  2⤵
  PID:4552
- C:\Windows\System\FlYYDBH.exe
  C:\Windows\System\FlYYDBH.exe
  2⤵
  PID:4512
- C:\Windows\System\YOQntDW.exe
  C:\Windows\System\YOQntDW.exe
  2⤵
  PID:4700
- C:\Windows\System\DkJrWaJ.exe
  C:\Windows\System\DkJrWaJ.exe
  2⤵
  PID:4664
- C:\Windows\System\jtpKkVA.exe
  C:\Windows\System\jtpKkVA.exe
  2⤵
  PID:4736
- C:\Windows\System\ZzOoHLx.exe
  C:\Windows\System\ZzOoHLx.exe
  2⤵
  PID:4804
- C:\Windows\System\ZoaRrBL.exe
  C:\Windows\System\ZoaRrBL.exe
  2⤵
  PID:4864
- C:\Windows\System\bcfgfxP.exe
  C:\Windows\System\bcfgfxP.exe
  2⤵
  PID:4964
- C:\Windows\System\ivAnlKR.exe
  C:\Windows\System\ivAnlKR.exe
  2⤵
  PID:4984
- C:\Windows\System\cNmFRCv.exe
  C:\Windows\System\cNmFRCv.exe
  2⤵
  PID:4136
- C:\Windows\System\XKHYFNl.exe
  C:\Windows\System\XKHYFNl.exe
  2⤵
  PID:5064
- C:\Windows\System\hlperWV.exe
  C:\Windows\System\hlperWV.exe
  2⤵
  PID:5076
- C:\Windows\System\HzODJKN.exe
  C:\Windows\System\HzODJKN.exe
  2⤵
  PID:4112
- C:\Windows\System\EybheFp.exe
  C:\Windows\System\EybheFp.exe
  2⤵
  PID:4400
- C:\Windows\System\UOqdGVQ.exe
  C:\Windows\System\UOqdGVQ.exe
  2⤵
  PID:4396
- C:\Windows\System\uSbLxfd.exe
  C:\Windows\System\uSbLxfd.exe
  2⤵
  PID:4440
- C:\Windows\System\nXdQyMh.exe
  C:\Windows\System\nXdQyMh.exe
  2⤵
  PID:4612
- C:\Windows\System\Frylksh.exe
  C:\Windows\System\Frylksh.exe
  2⤵
  PID:4588
- C:\Windows\System\DBzteZC.exe
  C:\Windows\System\DBzteZC.exe
  2⤵
  PID:4596
- C:\Windows\System\lUHLcli.exe
  C:\Windows\System\lUHLcli.exe
  2⤵
  PID:4828
- C:\Windows\System\PQVzvpi.exe
  C:\Windows\System\PQVzvpi.exe
  2⤵
  PID:5008
- C:\Windows\System\yPXifTv.exe
  C:\Windows\System\yPXifTv.exe
  2⤵
  PID:5060
- C:\Windows\System\GGnSfVe.exe
  C:\Windows\System\GGnSfVe.exe
  2⤵
  PID:4132
- C:\Windows\System\hsqbYQb.exe
  C:\Windows\System\hsqbYQb.exe
  2⤵
  PID:4200
- C:\Windows\System\DigyCAe.exe
  C:\Windows\System\DigyCAe.exe
  2⤵
  PID:4356
- C:\Windows\System\GJFktSD.exe
  C:\Windows\System\GJFktSD.exe
  2⤵
  PID:4676
- C:\Windows\System\rfUiFeo.exe
  C:\Windows\System\rfUiFeo.exe
  2⤵
  PID:4968
- C:\Windows\System\LbcEexq.exe
  C:\Windows\System\LbcEexq.exe
  2⤵
  PID:4788
- C:\Windows\System\uJDtEfK.exe
  C:\Windows\System\uJDtEfK.exe
  2⤵
  PID:5032
- C:\Windows\System\cZqKKpN.exe
  C:\Windows\System\cZqKKpN.exe
  2⤵
  PID:4156
- C:\Windows\System\pKOUJAc.exe
  C:\Windows\System\pKOUJAc.exe
  2⤵
  PID:4252
- C:\Windows\System\oFDheTf.exe
  C:\Windows\System\oFDheTf.exe
  2⤵
  PID:4900
- C:\Windows\System\iNFcoyB.exe
  C:\Windows\System\iNFcoyB.exe
  2⤵
  PID:4404
- C:\Windows\System\XATRmbd.exe
  C:\Windows\System\XATRmbd.exe
  2⤵
  PID:5132
- C:\Windows\System\OiquIqi.exe
  C:\Windows\System\OiquIqi.exe
  2⤵
  PID:5168
- C:\Windows\System\hWOUKQo.exe
  C:\Windows\System\hWOUKQo.exe
  2⤵
  PID:5184
- C:\Windows\System\bGmGYLc.exe
  C:\Windows\System\bGmGYLc.exe
  2⤵
  PID:5216
- C:\Windows\System\FuvVpvz.exe
  C:\Windows\System\FuvVpvz.exe
  2⤵
  PID:5232
- C:\Windows\System\YItXlUC.exe
  C:\Windows\System\YItXlUC.exe
  2⤵
  PID:5248
- C:\Windows\System\ijNTriZ.exe
  C:\Windows\System\ijNTriZ.exe
  2⤵
  PID:5276
- C:\Windows\System\EOTynRL.exe
  C:\Windows\System\EOTynRL.exe
  2⤵
  PID:5300
- C:\Windows\System\egAdQOu.exe
  C:\Windows\System\egAdQOu.exe
  2⤵
  PID:5316
- C:\Windows\System\CVCPfcY.exe
  C:\Windows\System\CVCPfcY.exe
  2⤵
  PID:5340
- C:\Windows\System\FapHJkY.exe
  C:\Windows\System\FapHJkY.exe
  2⤵
  PID:5356
- C:\Windows\System\fpIFFoS.exe
  C:\Windows\System\fpIFFoS.exe
  2⤵
  PID:5376
- C:\Windows\System\jJjcdyg.exe
  C:\Windows\System\jJjcdyg.exe
  2⤵
  PID:5392
- C:\Windows\System\Wbebuca.exe
  C:\Windows\System\Wbebuca.exe
  2⤵
  PID:5424
- C:\Windows\System\EahvZAI.exe
  C:\Windows\System\EahvZAI.exe
  2⤵
  PID:5440
- C:\Windows\System\fDzeUUp.exe
  C:\Windows\System\fDzeUUp.exe
  2⤵
  PID:5456
- C:\Windows\System\saCLZFD.exe
  C:\Windows\System\saCLZFD.exe
  2⤵
  PID:5480
- C:\Windows\System\TlpAvbC.exe
  C:\Windows\System\TlpAvbC.exe
  2⤵
  PID:5500
- C:\Windows\System\zvnSoUj.exe
  C:\Windows\System\zvnSoUj.exe
  2⤵
  PID:5516
- C:\Windows\System\tyfkREQ.exe
  C:\Windows\System\tyfkREQ.exe
  2⤵
  PID:5540
- C:\Windows\System\JJlbFOL.exe
  C:\Windows\System\JJlbFOL.exe
  2⤵
  PID:5560
- C:\Windows\System\XwDLnth.exe
  C:\Windows\System\XwDLnth.exe
  2⤵
  PID:5580
- C:\Windows\System\DScySvX.exe
  C:\Windows\System\DScySvX.exe
  2⤵
  PID:5596
- C:\Windows\System\OSegWiN.exe
  C:\Windows\System\OSegWiN.exe
  2⤵
  PID:5616
- C:\Windows\System\hAcKZbN.exe
  C:\Windows\System\hAcKZbN.exe
  2⤵
  PID:5640
- C:\Windows\System\emsdyFf.exe
  C:\Windows\System\emsdyFf.exe
  2⤵
  PID:5664
- C:\Windows\System\duBEqYZ.exe
  C:\Windows\System\duBEqYZ.exe
  2⤵
  PID:5680
- C:\Windows\System\skjdDiX.exe
  C:\Windows\System\skjdDiX.exe
  2⤵
  PID:5708
- C:\Windows\System\MPorSOV.exe
  C:\Windows\System\MPorSOV.exe
  2⤵
  PID:5724
- C:\Windows\System\ZwVDMbe.exe
  C:\Windows\System\ZwVDMbe.exe
  2⤵
  PID:5744
- C:\Windows\System\RqooBOA.exe
  C:\Windows\System\RqooBOA.exe
  2⤵
  PID:5772
- C:\Windows\System\CvqvnUF.exe
  C:\Windows\System\CvqvnUF.exe
  2⤵
  PID:5792
- C:\Windows\System\mdTzPKB.exe
  C:\Windows\System\mdTzPKB.exe
  2⤵
  PID:5808
- C:\Windows\System\kwzBbtY.exe
  C:\Windows\System\kwzBbtY.exe
  2⤵
  PID:5828
- C:\Windows\System\okyyiqj.exe
  C:\Windows\System\okyyiqj.exe
  2⤵
  PID:5848
- C:\Windows\System\cZIZFtf.exe
  C:\Windows\System\cZIZFtf.exe
  2⤵
  PID:5864
- C:\Windows\System\qLcIZfy.exe
  C:\Windows\System\qLcIZfy.exe
  2⤵
  PID:5880
- C:\Windows\System\TqMzQmq.exe
  C:\Windows\System\TqMzQmq.exe
  2⤵
  PID:5900
- C:\Windows\System\frhotDv.exe
  C:\Windows\System\frhotDv.exe
  2⤵
  PID:5932
- C:\Windows\System\cdzeoOe.exe
  C:\Windows\System\cdzeoOe.exe
  2⤵
  PID:5948
- C:\Windows\System\MLmAZDu.exe
  C:\Windows\System\MLmAZDu.exe
  2⤵
  PID:5968
- C:\Windows\System\CuoaWkP.exe
  C:\Windows\System\CuoaWkP.exe
  2⤵
  PID:5984
- C:\Windows\System\HRMHwNc.exe
  C:\Windows\System\HRMHwNc.exe
  2⤵
  PID:6000
- C:\Windows\System\XglihKe.exe
  C:\Windows\System\XglihKe.exe
  2⤵
  PID:6040
- C:\Windows\System\BSpqNkL.exe
  C:\Windows\System\BSpqNkL.exe
  2⤵
  PID:6068
- C:\Windows\System\lOExdEV.exe
  C:\Windows\System\lOExdEV.exe
  2⤵
  PID:6088
- C:\Windows\System\gsXCtDZ.exe
  C:\Windows\System\gsXCtDZ.exe
  2⤵
  PID:6104
- C:\Windows\System\KhxIfut.exe
  C:\Windows\System\KhxIfut.exe
  2⤵
  PID:6124
- C:\Windows\System\DVtwmNN.exe
  C:\Windows\System\DVtwmNN.exe
  2⤵
  PID:6140
- C:\Windows\System\kqKhBoU.exe
  C:\Windows\System\kqKhBoU.exe
  2⤵
  PID:4476
- C:\Windows\System\zFIOtgt.exe
  C:\Windows\System\zFIOtgt.exe
  2⤵
  PID:5148
- C:\Windows\System\BEHUNwB.exe
  C:\Windows\System\BEHUNwB.exe
  2⤵
  PID:5144
- C:\Windows\System\nkhiBUC.exe
  C:\Windows\System\nkhiBUC.exe
  2⤵
  PID:5200
- C:\Windows\System\fyaRbzL.exe
  C:\Windows\System\fyaRbzL.exe
  2⤵
  PID:5212
- C:\Windows\System\gdSaUmx.exe
  C:\Windows\System\gdSaUmx.exe
  2⤵
  PID:4516
- C:\Windows\System\twvTSUv.exe
  C:\Windows\System\twvTSUv.exe
  2⤵
  PID:5268
- C:\Windows\System\mzUyiih.exe
  C:\Windows\System\mzUyiih.exe
  2⤵
  PID:5292
- C:\Windows\System\LTaiXjz.exe
  C:\Windows\System\LTaiXjz.exe
  2⤵
  PID:5336
- C:\Windows\System\uYIKREy.exe
  C:\Windows\System\uYIKREy.exe
  2⤵
  PID:5364
- C:\Windows\System\opwOnqK.exe
  C:\Windows\System\opwOnqK.exe
  2⤵
  PID:5348
- C:\Windows\System\ENqewgG.exe
  C:\Windows\System\ENqewgG.exe
  2⤵
  PID:5420
- C:\Windows\System\MyGRMYf.exe
  C:\Windows\System\MyGRMYf.exe
  2⤵
  PID:5452
- C:\Windows\System\dZdIWqZ.exe
  C:\Windows\System\dZdIWqZ.exe
  2⤵
  PID:5472
- C:\Windows\System\RhcRFdU.exe
  C:\Windows\System\RhcRFdU.exe
  2⤵
  PID:5536
- C:\Windows\System\AlYJLmT.exe
  C:\Windows\System\AlYJLmT.exe
  2⤵
  PID:5572
- C:\Windows\System\OIvhGcS.exe
  C:\Windows\System\OIvhGcS.exe
  2⤵
  PID:5552
- C:\Windows\System\SHywXyq.exe
  C:\Windows\System\SHywXyq.exe
  2⤵
  PID:5648
- C:\Windows\System\aNKQMKU.exe
  C:\Windows\System\aNKQMKU.exe
  2⤵
  PID:5672
- C:\Windows\System\fjVPmWI.exe
  C:\Windows\System\fjVPmWI.exe
  2⤵
  PID:5700
- C:\Windows\System\oQHLFwX.exe
  C:\Windows\System\oQHLFwX.exe
  2⤵
  PID:5732
- C:\Windows\System\tzJXYpD.exe
  C:\Windows\System\tzJXYpD.exe
  2⤵
  PID:5736
- C:\Windows\System\pAXZilS.exe
  C:\Windows\System\pAXZilS.exe
  2⤵
  PID:5780
- C:\Windows\System\gEsHgPu.exe
  C:\Windows\System\gEsHgPu.exe
  2⤵
  PID:5824
- C:\Windows\System\irOHeVz.exe
  C:\Windows\System\irOHeVz.exe
  2⤵
  PID:5896
- C:\Windows\System\lAIfMRQ.exe
  C:\Windows\System\lAIfMRQ.exe
  2⤵
  PID:5916
- C:\Windows\System\zfxeeie.exe
  C:\Windows\System\zfxeeie.exe
  2⤵
  PID:5944
- C:\Windows\System\LYWNIjd.exe
  C:\Windows\System\LYWNIjd.exe
  2⤵
  PID:6016
- C:\Windows\System\hzKoOJC.exe
  C:\Windows\System\hzKoOJC.exe
  2⤵
  PID:5876
- C:\Windows\System\PKUMXdM.exe
  C:\Windows\System\PKUMXdM.exe
  2⤵
  PID:5956
- C:\Windows\System\XHrEjht.exe
  C:\Windows\System\XHrEjht.exe
  2⤵
  PID:5924
- C:\Windows\System\ylEjUzO.exe
  C:\Windows\System\ylEjUzO.exe
  2⤵
  PID:5756
- C:\Windows\System\GqBIGbP.exe
  C:\Windows\System\GqBIGbP.exe
  2⤵
  PID:6112
- C:\Windows\System\FljeGJB.exe
  C:\Windows\System\FljeGJB.exe
  2⤵
  PID:5048
- C:\Windows\System\wVGBZKc.exe
  C:\Windows\System\wVGBZKc.exe
  2⤵
  PID:4116
- C:\Windows\System\fsaFlpb.exe
  C:\Windows\System\fsaFlpb.exe
  2⤵
  PID:4844
- C:\Windows\System\lWbUNHf.exe
  C:\Windows\System\lWbUNHf.exe
  2⤵
  PID:5180
- C:\Windows\System\gKWpPlf.exe
  C:\Windows\System\gKWpPlf.exe
  2⤵
  PID:5228
- C:\Windows\System\kDChCfQ.exe
  C:\Windows\System\kDChCfQ.exe
  2⤵
  PID:5288
- C:\Windows\System\LhrLdyY.exe
  C:\Windows\System\LhrLdyY.exe
  2⤵
  PID:5328
- C:\Windows\System\XgdrzsC.exe
  C:\Windows\System\XgdrzsC.exe
  2⤵
  PID:5388
- C:\Windows\System\WGGCQDK.exe
  C:\Windows\System\WGGCQDK.exe
  2⤵
  PID:5416
- C:\Windows\System\eFaLHKi.exe
  C:\Windows\System\eFaLHKi.exe
  2⤵
  PID:5496
- C:\Windows\System\KnxXUFQ.exe
  C:\Windows\System\KnxXUFQ.exe
  2⤵
  PID:5568
- C:\Windows\System\DsPFIBQ.exe
  C:\Windows\System\DsPFIBQ.exe
  2⤵
  PID:5592
- C:\Windows\System\fvOBjsf.exe
  C:\Windows\System\fvOBjsf.exe
  2⤵
  PID:5660
- C:\Windows\System\WtbOCph.exe
  C:\Windows\System\WtbOCph.exe
  2⤵
  PID:5692
- C:\Windows\System\HHOEKeW.exe
  C:\Windows\System\HHOEKeW.exe
  2⤵
  PID:5804
- C:\Windows\System\XqNQxPv.exe
  C:\Windows\System\XqNQxPv.exe
  2⤵
  PID:5820
- C:\Windows\System\RqIYYFU.exe
  C:\Windows\System\RqIYYFU.exe
  2⤵
  PID:5844
- C:\Windows\System\NabCEQF.exe
  C:\Windows\System\NabCEQF.exe
  2⤵
  PID:5980
- C:\Windows\System\pGWsbVz.exe
  C:\Windows\System\pGWsbVz.exe
  2⤵
  PID:5928
- C:\Windows\System\NQLrLSM.exe
  C:\Windows\System\NQLrLSM.exe
  2⤵
  PID:6036
- C:\Windows\System\MWSACOf.exe
  C:\Windows\System\MWSACOf.exe
  2⤵
  PID:6084
- C:\Windows\System\vrMCjWj.exe
  C:\Windows\System\vrMCjWj.exe
  2⤵
  PID:4948
- C:\Windows\System\ZGrpobG.exe
  C:\Windows\System\ZGrpobG.exe
  2⤵
  PID:4724
- C:\Windows\System\einwqUq.exe
  C:\Windows\System\einwqUq.exe
  2⤵
  PID:4456
- C:\Windows\System\wBAHqWt.exe
  C:\Windows\System\wBAHqWt.exe
  2⤵
  PID:5312
- C:\Windows\System\jmoYvqK.exe
  C:\Windows\System\jmoYvqK.exe
  2⤵
  PID:5492
- C:\Windows\System\gtabzdu.exe
  C:\Windows\System\gtabzdu.exe
  2⤵
  PID:5548
- C:\Windows\System\cDKPOux.exe
  C:\Windows\System\cDKPOux.exe
  2⤵
  PID:5512
- C:\Windows\System\UJaRQLp.exe
  C:\Windows\System\UJaRQLp.exe
  2⤵
  PID:5368
- C:\Windows\System\MnkBvtm.exe
  C:\Windows\System\MnkBvtm.exe
  2⤵
  PID:5688
- C:\Windows\System\QthAaFO.exe
  C:\Windows\System\QthAaFO.exe
  2⤵
  PID:6028
- C:\Windows\System\meUhIsb.exe
  C:\Windows\System\meUhIsb.exe
  2⤵
  PID:5632
- C:\Windows\System\ZXOvQTb.exe
  C:\Windows\System\ZXOvQTb.exe
  2⤵
  PID:6052
- C:\Windows\System\qNasZaK.exe
  C:\Windows\System\qNasZaK.exe
  2⤵
  PID:5128
- C:\Windows\System\lJAujui.exe
  C:\Windows\System\lJAujui.exe
  2⤵
  PID:5140
- C:\Windows\System\WrytwAm.exe
  C:\Windows\System\WrytwAm.exe
  2⤵
  PID:5384
- C:\Windows\System\wQZZxUj.exe
  C:\Windows\System\wQZZxUj.exe
  2⤵
  PID:5412
- C:\Windows\System\NYAwaut.exe
  C:\Windows\System\NYAwaut.exe
  2⤵
  PID:5628
- C:\Windows\System\SiIZBdS.exe
  C:\Windows\System\SiIZBdS.exe
  2⤵
  PID:5940
- C:\Windows\System\hGCCdxv.exe
  C:\Windows\System\hGCCdxv.exe
  2⤵
  PID:5964
- C:\Windows\System\prlLmDB.exe
  C:\Windows\System\prlLmDB.exe
  2⤵
  PID:5204
- C:\Windows\System\TDeBhfg.exe
  C:\Windows\System\TDeBhfg.exe
  2⤵
  PID:5260
- C:\Windows\System\BVBqFcz.exe
  C:\Windows\System\BVBqFcz.exe
  2⤵
  PID:5352
- C:\Windows\System\Pyyggdp.exe
  C:\Windows\System\Pyyggdp.exe
  2⤵
  PID:5284
- C:\Windows\System\YHrcdjd.exe
  C:\Windows\System\YHrcdjd.exe
  2⤵
  PID:5760
- C:\Windows\System\tgNqJkg.exe
  C:\Windows\System\tgNqJkg.exe
  2⤵
  PID:6164
- C:\Windows\System\YwafbHP.exe
  C:\Windows\System\YwafbHP.exe
  2⤵
  PID:6180
- C:\Windows\System\flOwkzf.exe
  C:\Windows\System\flOwkzf.exe
  2⤵
  PID:6208
- C:\Windows\System\HNqexyy.exe
  C:\Windows\System\HNqexyy.exe
  2⤵
  PID:6224
- C:\Windows\System\BsiACtb.exe
  C:\Windows\System\BsiACtb.exe
  2⤵
  PID:6248
- C:\Windows\System\vXiNRqN.exe
  C:\Windows\System\vXiNRqN.exe
  2⤵
  PID:6264
- C:\Windows\System\AOHumoW.exe
  C:\Windows\System\AOHumoW.exe
  2⤵
  PID:6284
- C:\Windows\System\VZMDqZd.exe
  C:\Windows\System\VZMDqZd.exe
  2⤵
  PID:6312
- C:\Windows\System\jmWVBWS.exe
  C:\Windows\System\jmWVBWS.exe
  2⤵
  PID:6328
- C:\Windows\System\iRtTZfI.exe
  C:\Windows\System\iRtTZfI.exe
  2⤵
  PID:6348
- C:\Windows\System\voJLcXm.exe
  C:\Windows\System\voJLcXm.exe
  2⤵
  PID:6364
- C:\Windows\System\fThulXT.exe
  C:\Windows\System\fThulXT.exe
  2⤵
  PID:6388
- C:\Windows\System\aiPUIgZ.exe
  C:\Windows\System\aiPUIgZ.exe
  2⤵
  PID:6404
- C:\Windows\System\JfsyaIK.exe
  C:\Windows\System\JfsyaIK.exe
  2⤵
  PID:6420
- C:\Windows\System\dljDspx.exe
  C:\Windows\System\dljDspx.exe
  2⤵
  PID:6440
- C:\Windows\System\jYGlgkU.exe
  C:\Windows\System\jYGlgkU.exe
  2⤵
  PID:6476
- C:\Windows\System\FZNfBHa.exe
  C:\Windows\System\FZNfBHa.exe
  2⤵
  PID:6496
- C:\Windows\System\HdJAhFb.exe
  C:\Windows\System\HdJAhFb.exe
  2⤵
  PID:6512
- C:\Windows\System\kqwcUrc.exe
  C:\Windows\System\kqwcUrc.exe
  2⤵
  PID:6528
- C:\Windows\System\jIHwaJK.exe
  C:\Windows\System\jIHwaJK.exe
  2⤵
  PID:6552
- C:\Windows\System\DNpkQDn.exe
  C:\Windows\System\DNpkQDn.exe
  2⤵
  PID:6568
- C:\Windows\System\KSpSNqE.exe
  C:\Windows\System\KSpSNqE.exe
  2⤵
  PID:6592
- C:\Windows\System\vCzQlfg.exe
  C:\Windows\System\vCzQlfg.exe
  2⤵
  PID:6620
- C:\Windows\System\XtGcjgX.exe
  C:\Windows\System\XtGcjgX.exe
  2⤵
  PID:6636
- C:\Windows\System\KbUCVZM.exe
  C:\Windows\System\KbUCVZM.exe
  2⤵
  PID:6656
- C:\Windows\System\JLQZzly.exe
  C:\Windows\System\JLQZzly.exe
  2⤵
  PID:6680
- C:\Windows\System\NhkdWZC.exe
  C:\Windows\System\NhkdWZC.exe
  2⤵
  PID:6696
- C:\Windows\System\rEfNzom.exe
  C:\Windows\System\rEfNzom.exe
  2⤵
  PID:6716
- C:\Windows\System\FXWTJJI.exe
  C:\Windows\System\FXWTJJI.exe
  2⤵
  PID:6732
- C:\Windows\System\yHRrcKj.exe
  C:\Windows\System\yHRrcKj.exe
  2⤵
  PID:6760
- C:\Windows\System\mBVGJXa.exe
  C:\Windows\System\mBVGJXa.exe
  2⤵
  PID:6776
- C:\Windows\System\WrfPUAC.exe
  C:\Windows\System\WrfPUAC.exe
  2⤵
  PID:6796
- C:\Windows\System\zpolwDt.exe
  C:\Windows\System\zpolwDt.exe
  2⤵
  PID:6812
- C:\Windows\System\XXaDWRm.exe
  C:\Windows\System\XXaDWRm.exe
  2⤵
  PID:6832
- C:\Windows\System\inBjHTj.exe
  C:\Windows\System\inBjHTj.exe
  2⤵
  PID:6856
- C:\Windows\System\FwfjTHk.exe
  C:\Windows\System\FwfjTHk.exe
  2⤵
  PID:6876
- C:\Windows\System\mIslJCl.exe
  C:\Windows\System\mIslJCl.exe
  2⤵
  PID:6896
- C:\Windows\System\tHpEpEI.exe
  C:\Windows\System\tHpEpEI.exe
  2⤵
  PID:6920
- C:\Windows\System\PkWtDGo.exe
  C:\Windows\System\PkWtDGo.exe
  2⤵
  PID:6936
- C:\Windows\System\nAqUrmE.exe
  C:\Windows\System\nAqUrmE.exe
  2⤵
  PID:6960
- C:\Windows\System\MIYWpEx.exe
  C:\Windows\System\MIYWpEx.exe
  2⤵
  PID:6980
- C:\Windows\System\QekwEWO.exe
  C:\Windows\System\QekwEWO.exe
  2⤵
  PID:7000
- C:\Windows\System\YpiPSVa.exe
  C:\Windows\System\YpiPSVa.exe
  2⤵
  PID:7016
- C:\Windows\System\wnxBRfl.exe
  C:\Windows\System\wnxBRfl.exe
  2⤵
  PID:7036
- C:\Windows\System\CRQIewI.exe
  C:\Windows\System\CRQIewI.exe
  2⤵
  PID:7052
- C:\Windows\System\JjxURfR.exe
  C:\Windows\System\JjxURfR.exe
  2⤵
  PID:7076
- C:\Windows\System\MuhLgkD.exe
  C:\Windows\System\MuhLgkD.exe
  2⤵
  PID:7100
- C:\Windows\System\lBQdYRK.exe
  C:\Windows\System\lBQdYRK.exe
  2⤵
  PID:7116
- C:\Windows\System\WnpmkZX.exe
  C:\Windows\System\WnpmkZX.exe
  2⤵
  PID:7140
- C:\Windows\System\JNxTkAD.exe
  C:\Windows\System\JNxTkAD.exe
  2⤵
  PID:7156
- C:\Windows\System\TmMprFD.exe
  C:\Windows\System\TmMprFD.exe
  2⤵
  PID:6156
- C:\Windows\System\aHhCRoz.exe
  C:\Windows\System\aHhCRoz.exe
  2⤵
  PID:5612
- C:\Windows\System\Tredire.exe
  C:\Windows\System\Tredire.exe
  2⤵
  PID:6060
- C:\Windows\System\FInedRz.exe
  C:\Windows\System\FInedRz.exe
  2⤵
  PID:6204
- C:\Windows\System\isvYCkZ.exe
  C:\Windows\System\isvYCkZ.exe
  2⤵
  PID:6236
- C:\Windows\System\FXSIdQe.exe
  C:\Windows\System\FXSIdQe.exe
  2⤵
  PID:5256
- C:\Windows\System\jAoxBhH.exe
  C:\Windows\System\jAoxBhH.exe
  2⤵
  PID:6304
- C:\Windows\System\GTFHlrR.exe
  C:\Windows\System\GTFHlrR.exe
  2⤵
  PID:5856
- C:\Windows\System\sFtOXMY.exe
  C:\Windows\System\sFtOXMY.exe
  2⤵
  PID:6356
- C:\Windows\System\cLzRUsK.exe
  C:\Windows\System\cLzRUsK.exe
  2⤵
  PID:6372
- C:\Windows\System\tGcurgx.exe
  C:\Windows\System\tGcurgx.exe
  2⤵
  PID:6412
- C:\Windows\System\UsWHCio.exe
  C:\Windows\System\UsWHCio.exe
  2⤵
  PID:6452
- C:\Windows\System\ZYHuaoq.exe
  C:\Windows\System\ZYHuaoq.exe
  2⤵
  PID:6428
- C:\Windows\System\dFjDURk.exe
  C:\Windows\System\dFjDURk.exe
  2⤵
  PID:6456
- C:\Windows\System\fHpqJBt.exe
  C:\Windows\System\fHpqJBt.exe
  2⤵
  PID:6524
- C:\Windows\System\kUArUES.exe
  C:\Windows\System\kUArUES.exe
  2⤵
  PID:6540
- C:\Windows\System\SKgzRjd.exe
  C:\Windows\System\SKgzRjd.exe
  2⤵
  PID:6548
- C:\Windows\System\vXzjdOd.exe
  C:\Windows\System\vXzjdOd.exe
  2⤵
  PID:6608
- C:\Windows\System\IJWGSno.exe
  C:\Windows\System\IJWGSno.exe
  2⤵
  PID:6644
- C:\Windows\System\gLNvdHT.exe
  C:\Windows\System\gLNvdHT.exe
  2⤵
  PID:6676
- C:\Windows\System\LMizuDU.exe
  C:\Windows\System\LMizuDU.exe
  2⤵
  PID:6708
- C:\Windows\System\jexnHRk.exe
  C:\Windows\System\jexnHRk.exe
  2⤵
  PID:6756
- C:\Windows\System\veLGrIi.exe
  C:\Windows\System\veLGrIi.exe
  2⤵
  PID:6772
- C:\Windows\System\UALVcic.exe
  C:\Windows\System\UALVcic.exe
  2⤵
  PID:6824
- C:\Windows\System\KoyXRDV.exe
  C:\Windows\System\KoyXRDV.exe
  2⤵
  PID:6852
- C:\Windows\System\mkFPbrU.exe
  C:\Windows\System\mkFPbrU.exe
  2⤵
  PID:6888
- C:\Windows\System\hKpBIcH.exe
  C:\Windows\System\hKpBIcH.exe
  2⤵
  PID:6904
- C:\Windows\System\cQZHfno.exe
  C:\Windows\System\cQZHfno.exe
  2⤵
  PID:6944
- C:\Windows\System\ItcwvMa.exe
  C:\Windows\System\ItcwvMa.exe
  2⤵
  PID:6992
- C:\Windows\System\NCHHmRN.exe
  C:\Windows\System\NCHHmRN.exe
  2⤵
  PID:7044
- C:\Windows\System\Yfxyfes.exe
  C:\Windows\System\Yfxyfes.exe
  2⤵
  PID:7064
- C:\Windows\System\kmIErJG.exe
  C:\Windows\System\kmIErJG.exe
  2⤵
  PID:7088
- C:\Windows\System\Xlpwnhm.exe
  C:\Windows\System\Xlpwnhm.exe
  2⤵
  PID:7148
- C:\Windows\System\cQoEvFy.exe
  C:\Windows\System\cQoEvFy.exe
  2⤵
  PID:6120
- C:\Windows\System\hJVJoMY.exe
  C:\Windows\System\hJVJoMY.exe
  2⤵
  PID:6188
- C:\Windows\System\bzPYoDJ.exe
  C:\Windows\System\bzPYoDJ.exe
  2⤵
  PID:6176
- C:\Windows\System\YWUxXfM.exe
  C:\Windows\System\YWUxXfM.exe
  2⤵
  PID:6216
- C:\Windows\System\HvlPXEJ.exe
  C:\Windows\System\HvlPXEJ.exe
  2⤵
  PID:5768
- C:\Windows\System\rWtUkMB.exe
  C:\Windows\System\rWtUkMB.exe
  2⤵
  PID:5764
- C:\Windows\System\OupOiXy.exe
  C:\Windows\System\OupOiXy.exe
  2⤵
  PID:6384
- C:\Windows\System\xBqPeHr.exe
  C:\Windows\System\xBqPeHr.exe
  2⤵
  PID:6468
- C:\Windows\System\LKpLcVh.exe
  C:\Windows\System\LKpLcVh.exe
  2⤵
  PID:6448
- C:\Windows\System\KyfmsLw.exe
  C:\Windows\System\KyfmsLw.exe
  2⤵
  PID:6492
- C:\Windows\System\QxjcJIP.exe
  C:\Windows\System\QxjcJIP.exe
  2⤵
  PID:6580
- C:\Windows\System\UgZJTAy.exe
  C:\Windows\System\UgZJTAy.exe
  2⤵
  PID:6652
- C:\Windows\System\kKWAxML.exe
  C:\Windows\System\kKWAxML.exe
  2⤵
  PID:6724
- C:\Windows\System\iNLnSau.exe
  C:\Windows\System\iNLnSau.exe
  2⤵
  PID:6688
- C:\Windows\System\LHHocgM.exe
  C:\Windows\System\LHHocgM.exe
  2⤵
  PID:6784
- C:\Windows\System\AuZacsn.exe
  C:\Windows\System\AuZacsn.exe
  2⤵
  PID:6892
- C:\Windows\System\pPWVEQW.exe
  C:\Windows\System\pPWVEQW.exe
  2⤵
  PID:6752
- C:\Windows\System\nrpPQTg.exe
  C:\Windows\System\nrpPQTg.exe
  2⤵
  PID:6864
- C:\Windows\System\sUIMWzb.exe
  C:\Windows\System\sUIMWzb.exe
  2⤵
  PID:7060
- C:\Windows\System\QRuRxUw.exe
  C:\Windows\System\QRuRxUw.exe
  2⤵
  PID:7048
- C:\Windows\System\oZotQrC.exe
  C:\Windows\System\oZotQrC.exe
  2⤵
  PID:7108
- C:\Windows\System\nsbDnqk.exe
  C:\Windows\System\nsbDnqk.exe
  2⤵
  PID:6152
- C:\Windows\System\cTaheBU.exe
  C:\Windows\System\cTaheBU.exe
  2⤵
  PID:6192
- C:\Windows\System\UbCNVfR.exe
  C:\Windows\System\UbCNVfR.exe
  2⤵
  PID:6260
- C:\Windows\System\MOiNKyz.exe
  C:\Windows\System\MOiNKyz.exe
  2⤵
  PID:6576
- C:\Windows\System\gedFryh.exe
  C:\Windows\System\gedFryh.exe
  2⤵
  PID:6380
- C:\Windows\System\LMzKWLx.exe
  C:\Windows\System\LMzKWLx.exe
  2⤵
  PID:6692
- C:\Windows\System\OyAdMIM.exe
  C:\Windows\System\OyAdMIM.exe
  2⤵
  PID:6488
- C:\Windows\System\wcsgbYT.exe
  C:\Windows\System\wcsgbYT.exe
  2⤵
  PID:6664
- C:\Windows\System\TnVfHPN.exe
  C:\Windows\System\TnVfHPN.exe
  2⤵
  PID:6848
- C:\Windows\System\iDqITeC.exe
  C:\Windows\System\iDqITeC.exe
  2⤵
  PID:7012
- C:\Windows\System\JUrlJDX.exe
  C:\Windows\System\JUrlJDX.exe
  2⤵
  PID:6820
- C:\Windows\System\rYJnnVu.exe
  C:\Windows\System\rYJnnVu.exe
  2⤵
  PID:6976
- C:\Windows\System\vbKltbk.exe
  C:\Windows\System\vbKltbk.exe
  2⤵
  PID:7112
- C:\Windows\System\PTcyqho.exe
  C:\Windows\System\PTcyqho.exe
  2⤵
  PID:6300
- C:\Windows\System\pYMILPe.exe
  C:\Windows\System\pYMILPe.exe
  2⤵
  PID:6400
- C:\Windows\System\JBibEky.exe
  C:\Windows\System\JBibEky.exe
  2⤵
  PID:6340
- C:\Windows\System\qKCmwIW.exe
  C:\Windows\System\qKCmwIW.exe
  2⤵
  PID:6604
- C:\Windows\System\OMuLLEW.exe
  C:\Windows\System\OMuLLEW.exe
  2⤵
  PID:6912
- C:\Windows\System\FvKzcBh.exe
  C:\Windows\System\FvKzcBh.exe
  2⤵
  PID:7092
- C:\Windows\System\eEhCvQC.exe
  C:\Windows\System\eEhCvQC.exe
  2⤵
  PID:6972
- C:\Windows\System\SOnCDnd.exe
  C:\Windows\System\SOnCDnd.exe
  2⤵
  PID:6276
- C:\Windows\System\RitfaoG.exe
  C:\Windows\System\RitfaoG.exe
  2⤵
  PID:6196
- C:\Windows\System\fjVaNSi.exe
  C:\Windows\System\fjVaNSi.exe
  2⤵
  PID:6628
- C:\Windows\System\HCNTDAV.exe
  C:\Windows\System\HCNTDAV.exe
  2⤵
  PID:7184
- C:\Windows\System\fYbndTG.exe
  C:\Windows\System\fYbndTG.exe
  2⤵
  PID:7224
- C:\Windows\System\vAHuaUc.exe
  C:\Windows\System\vAHuaUc.exe
  2⤵
  PID:7244
- C:\Windows\System\KpsCaZE.exe
  C:\Windows\System\KpsCaZE.exe
  2⤵
  PID:7260
- C:\Windows\System\HTFlbUW.exe
  C:\Windows\System\HTFlbUW.exe
  2⤵
  PID:7276
- C:\Windows\System\qCwWzjw.exe
  C:\Windows\System\qCwWzjw.exe
  2⤵
  PID:7296
- C:\Windows\System\zVvFoNq.exe
  C:\Windows\System\zVvFoNq.exe
  2⤵
  PID:7316
- C:\Windows\System\ePjzGFs.exe
  C:\Windows\System\ePjzGFs.exe
  2⤵
  PID:7348
- C:\Windows\System\PDpArrs.exe
  C:\Windows\System\PDpArrs.exe
  2⤵
  PID:7364
- C:\Windows\System\NdYOJHX.exe
  C:\Windows\System\NdYOJHX.exe
  2⤵
  PID:7384
- C:\Windows\System\BkalYEc.exe
  C:\Windows\System\BkalYEc.exe
  2⤵
  PID:7400
- C:\Windows\System\SQqIvkG.exe
  C:\Windows\System\SQqIvkG.exe
  2⤵
  PID:7428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Avmvqvm.exe

Filesize
6.0MB

MD5
c38b7c0c6850c760c8ba7e95e141f08c

SHA1
cabecd3b84c46f78aec4b7a601b6f38717ad4458

SHA256
049316e97136796e89020b90b95b999ddf1240c146c5ef3582a1001c9ae3734e

SHA512
a94eb5499df5f16e461507536815dc0c1bf670d2bfa2c85f31d1e114817b9be317a38e6e4da6437c448f9d38aceff44d31c3a23396281b8f9ec1dc6d93e133f1

Download Submit
C:\Windows\system\BdMWCTr.exe

Filesize
6.0MB

MD5
c246af22ea5bf5b710b308e8e1e0a044

SHA1
fef7710b1420889e1b2190542f88f8ef815345fb

SHA256
fd2300c6f8ec232b4d76260c2deb756c1672e7e36c272ed3f7940e6a281567cb

SHA512
1d7e1f742988a21064e2f85cbd2a35a8b93d57bb427631bf37b659bb38122baf04733ef3e77b299aaa57b2e4617d2e93128408ecfe0028ff79fda5398ad68efe

Download Submit
C:\Windows\system\HlHHCGV.exe

Filesize
6.0MB

MD5
07c43a8f85f4468564c5473b3a88a483

SHA1
4c5f4e2e7912fbc4f24b57d18609f32ede468fe7

SHA256
548f0e688a22df8af4e237de2fb7140aaaa4fcd28825a5984ef364a86bd09c1d

SHA512
7905d35669dda3c9788a967126650ca515f7ffb1bb2947e09ca8858b005def35b2bae293363cd49da20c2993fd4cab2252da214a6445e7053522ba4662107988

Download Submit
C:\Windows\system\ILMbMtn.exe

Filesize
6.0MB

MD5
f07cbaba19ed9c4a5848ae0813e9ac71

SHA1
98c96b084f8a4992db56df9e2837cd92713f1ada

SHA256
2089c5f56e2f192c1026075c68de568b5f88007268635b9b3dead4e2bf2998f5

SHA512
8de1bfdb191b8a56c3865b36d9fec8550cce41a68b42ecb9dc1b148dd829c654b305cb8527b3f53c5003f9bfb42d595b7ceefd690188c6ddf5ccdbb8454db502

Download Submit
C:\Windows\system\IOSIqwa.exe

Filesize
6.0MB

MD5
a832dda76707e49f551e80fe9af04d53

SHA1
1ff5cbc6be586624ea1e3f2a0f73c80742069844

SHA256
382a245164a133c32c4fd64bca6efa97a39ae0b2f696e833bb0b6b9aba0d6e63

SHA512
36729ade562d2edadd3235e1f5cf3e7731d408cda56a19a98926b9e855fc7bfb98caca492ae798fe5e170d6783ae13cc13497f0ceb463a9b1b2ff6c21515d0ae

Download Submit
C:\Windows\system\IQrrGTb.exe

Filesize
6.0MB

MD5
4b6051ab0f3e417c8187ba43f98799d8

SHA1
11a37e1a0a86ab4d7e1c3883185f2266748a0135

SHA256
e9a4b7390727393c82093c915896edc4841fa6f269f1ed32c8f358ed2e028dcf

SHA512
b3ae3761ac892d854a121f5b58b8ce798eb260d28ebdb46baa5350927d931d499fc3eff2c74b207bee643618e52f100971371e7ec1bed9b9fdf8066b6041ff70

Download Submit
C:\Windows\system\NzpSbwO.exe

Filesize
6.0MB

MD5
32ea08a148e62285c24e7181904b2306

SHA1
72e18f58408b1f41904d5dcaae75e6d29b0a55d1

SHA256
640b0dbcbadaa36d1aed035ae352f5bd5d5c4efb54b4d7b1d19fa6b0a41603db

SHA512
8fe51a22f2b2a8c58d316f0bdcca7dd0d3d6102f352dab5e6545651523e9ba17c99652d62f945a49a63566a4c5a1549df264d56689194ab576c95f1349039f90

Download Submit
C:\Windows\system\TjACJGA.exe

Filesize
6.0MB

MD5
b29da6b77d75bd784665eef7b33949f0

SHA1
b1d842e7c0623b4aea891aa67b482be4d3fc434b

SHA256
5aed8abc6a5b218017eca44ac183ef1bcfe4dac3d3067f19171509f29a5170af

SHA512
5ddf45b005b7b1c0222ddce580f299450d48dd5d17abef11d9f8928b507de03a5e891dec0920b29ba1a20b9952d7ba6402b9c02bbb5bd2ff94acad8e51900852

Download Submit
C:\Windows\system\TnBjKoW.exe

Filesize
6.0MB

MD5
a72b9991de97aa9647dec4948197fcb7

SHA1
c0a09245634a515ba6d06afefde8a5abf0cce4c2

SHA256
1e2e5ebd1a0eec0d0267dbee33cea980a4a499a7c15e9d255250760d612550c3

SHA512
bfbf775f825263f262424a310a9dd891648b0063d90f01ffd92537e65327f8643585ed55ef299955c23508aa30d423c5daacb5be2bb3088282a0aa8ffdc762be

Download Submit
C:\Windows\system\VFvhriu.exe

Filesize
6.0MB

MD5
1d5b64b7c2d2243172311e016e7bd943

SHA1
16ee819788118a1ee7362305171e034d9abd535e

SHA256
6ec3d15f8549612fe92c1f770f817bf1adbb9e762497f18b36b89d215d0f6f11

SHA512
77e6d6facfe65facda3fab3a827e44b793f5ee6e161b8610d4f721042d0c1bae165d65aa49bfdbc1f4260cc8195fcccabba04efe924fd570497bac7a5e617b88

Download Submit
C:\Windows\system\VcDQjSq.exe

Filesize
6.0MB

MD5
e2eccc8f4c8b938e362f11f02a6f94cc

SHA1
7aff3af616fda3988b18f07858bab03ffdd39a96

SHA256
13a34c3d10527587fa2421355efade10be571db8e449906eab738d45c06a5851

SHA512
f32870fffb69a6fac63b4f740cbf19072b639bdfbb1f2e1bed62355e5b13b3cc7b20a9a9b067d5e75d340253b8053cf2e3f9d4c9db8ac638af64f4d769dd3193

Download Submit
C:\Windows\system\VrqUQwD.exe

Filesize
6.0MB

MD5
cbee287d71b529f701ce0f1d4ef3a268

SHA1
443ffb586da137fe8ae81d14a2ef8e2d424b0aa9

SHA256
d57f2773af69f42d312264d7d1e3dd0b08a64f7e38632346461faa4ecccb08b7

SHA512
0c0460ff63e07de47b58a4640c95d716d25d4ca1ced03e541fd8b15f9a0a37e2db2c7096dbb713daa1ced27f3afdfe3005d4ef52f16b1cc354e7700fe19cc4e9

Download Submit
C:\Windows\system\WQNPqwi.exe

Filesize
6.0MB

MD5
fd649954a06d9995bd434ff52e2e5906

SHA1
8700bd0303867bdd717b37368655e392ad8695d9

SHA256
6ca79d1b04a9300ade62197071f72fca30f19ca51a64b54f5dce9b0459c5c050

SHA512
92d7097b502a9a57b45f9dbdfe87362b5cf793e9f0bd2a82b3c470e9878af77db192a53889640fe013c5584beda016e20d9987547731d7c4d027f4dc9ca6d8de

Download Submit
C:\Windows\system\ZWfRkIq.exe

Filesize
6.0MB

MD5
a0c76344ebd4c5d719f24c459e241fcc

SHA1
20175e84179a67a32df87363858a68ad899cc5d3

SHA256
6f6e3bcec6c448b1486b3c1b64a7f3071ee801fa8e5935900441915be7f1ec0d

SHA512
e3c52d3b19d528c7f1bda1dfdb4314716554086d158f6da3c7bd85f4689de0938e60fa94961752fa1ed80d9d15b055a4875985fe66056243c70af68c85034f50

Download Submit
C:\Windows\system\fZJOfyt.exe

Filesize
6.0MB

MD5
ce2ec1a1f436e50021acec6db78c5d30

SHA1
a355a0a9d3b868694dcc140d343915e7e5801820

SHA256
ce667d0c2bc48366500eac352bc3568d0c6320d3366f04c74703c765ff36feab

SHA512
4fc295c5d175e8c6094c2e336938259151401cf23ccbdb1e9566ad6709a6df8848fe67161b262493ff7c7a7e16f984b280de61d814b318395ae8bbb8de6d6331

Download Submit
C:\Windows\system\gdGCubB.exe

Filesize
6.0MB

MD5
8875098a2982cd6795a5ebcd42fd19fd

SHA1
0cc2ac32009a06d7521698f76998112617698bbb

SHA256
cb1bbd20f4f89ef6250f2313263f7a2572c5cd1b8b55a6ae641adb06d14fff5d

SHA512
60b2aecfec0f5780d1ffc80f60a53857a8bf6583c44da6db2bd6e58125a8253322e8190fa72c22ff92f395ce492cd3e89742d5f1dc5f4f06cb16fdb01a4eae6e

Download Submit
C:\Windows\system\gtICjfA.exe

Filesize
6.0MB

MD5
13cacd0866494c17a67c8b4bda58df25

SHA1
613495f46298ae336baa7a7495738a32e067ede6

SHA256
b8851970cb32a2a01a8725abb71f7a71fa943c0e0472eaaea249dea191346ea2

SHA512
5a912a83c3e1821cc53d68d0a79438772fc140cc0f87572e578c87a7b11468c81979afec0aa92a05fd4434202c5006c4b37e29c9c238b1b6b43e4ba94b90dd23

Download Submit
C:\Windows\system\jXMyyrW.exe

Filesize
6.0MB

MD5
ad4752e943cfb4469e14a8ff97eb7114

SHA1
c176818bd9a7bcc677710aa854204d8af78fe83b

SHA256
fde3d1683aef41ee45eaac2033aeb5e1a0e3072a67d9ed300f00bc68c60e575e

SHA512
dfbddb687c014e5e4bb1f21de633adf99bcc223c8b31f45436e861c305a1ecabd243502177502d76871a3b005ab57fc3254f0babd80454d297f4d8705370db09

Download Submit
C:\Windows\system\lJOmgnK.exe

Filesize
6.0MB

MD5
891e1a733f61b530d6fb7b9821a67432

SHA1
cd2070d8d08826095551ac192638fce219e32761

SHA256
c76e0f63305833c018b6ca62d849ba50205e9d3bffaf2d34d79b51bb4cd33bbe

SHA512
255b2e98a61ba900fd4fd30018990ca1ec94310936f62a09fd5f5ed5783ed168d131a14e769e0d2ad12b5e8f8bd68543486c1e69c4c34a9bbd514b8aedfd7714

Download Submit
C:\Windows\system\pTGgqJb.exe

Filesize
6.0MB

MD5
a78c480559d0ba13f9f059025d806b94

SHA1
8875d746b45713c2de8e9b5424eea99a111f354a

SHA256
07abddfbe1460b2d076e2fdb2bbd2596977b210c8086de30a489d568a7cb9e66

SHA512
d9208cf4c8b43030382b0ee47fc69b637ed11aca8b551a6d8e7ef12fd3505d6168c8657107a30a071a5e7a0abb7a3266589ca7e7f811dfa700104a26a94d078e

Download Submit
C:\Windows\system\qrJNHlR.exe

Filesize
6.0MB

MD5
bd3b48e675837b245e810de5ebcd2d3e

SHA1
bc27f4b19b371708f9e7735b0b4bb44cddcf232c

SHA256
b5a6f252fe053218f529340498fb295793648660c516a556f62348d86fe971ed

SHA512
9c5f9725c431027ce73aa38213e502cc2609519145ba063906d0f3b129812a2434784a33c6176a5af96b48d08e3ef9e2a75ffd5499bcab5e2b1a7a9425d97c64

Download Submit
C:\Windows\system\ryFTxJF.exe

Filesize
6.0MB

MD5
c9152f1ce75ae301a4e3f9c55d076b98

SHA1
f43f7f405c004b3b7364fa826be3fa08cd9d2fff

SHA256
aaa6b6f4e339086ebb38c17245cc09cc6a7754596c2d41a3d348912b63435da2

SHA512
d33db5c79ec973974ed71dc75f6ebcb973789488735557e59f0fb52f2e30842ea9f6a6bce34831afa1996c3503272ce844340c56ae6d6d552f3f9c62d809cff4

Download Submit
C:\Windows\system\uwTOnSd.exe

Filesize
6.0MB

MD5
abf3fc830f0cea89a188b9efefbc1e55

SHA1
0a28339cb76202621d8e3cc5dbf1ff75d5575b4e

SHA256
4382d1a6df95a5cbeb9f157c17732d5a888b0e30f3df4b22e9153fc101d28c86

SHA512
f729cfabb2ae701df7bdc5768e3a31d9910d225d59779fb612a3b361466ae7c665b295c4bb995dd2488eb6a1d3aa70c819de5c5702285e769de31caa0676e90b

Download Submit
C:\Windows\system\zKsCegP.exe

Filesize
6.0MB

MD5
9c7ee816401a95f33e0a7c458b525a04

SHA1
935359e8a48a91c57d7c2878b37c490f796b4feb

SHA256
1ef56ecdeba0bf7a908c4963f7f1b8d7331e9ed33ebe899099456b2d87feb5b6

SHA512
1330bfbacfa9c550061bf7a415620cf04bd0e0e7cf37512858f5165008b18b4c5a8d041d7de55e3a5c38ffabfd11a325956c02c7a25634f790d8e625c608c34a

Download Submit
\Windows\system\AGNKHEU.exe

Filesize
6.0MB

MD5
e57e6582e8f3dbcf09444862516079de

SHA1
6e24edbce4b204f8bdd8cf922b71f5eec90ba836

SHA256
6e7be4c5cf20d2317bbc458db914bc3f33026160d953e889d6e3a4ddad90426f

SHA512
823ee7aa291ae38d850a3c675bfe6cfc592dbb953807b5ae9bdb8206883878975d2b9deb70e5083e75cb0379924c139ece7a0753d8921a8d10edf2d86296ddb0

Download Submit
\Windows\system\AtntAmb.exe

Filesize
6.0MB

MD5
c020ebdfb781cfabfdbcfe5e15af706f

SHA1
de54dffd0a1ef0e432313dfe0099a5fbefefdbc7

SHA256
4cc813cae6698394261261cbda46116be330572ea5f1cffe15799eff8bef644a

SHA512
75fd3bfb0d56d90de8f71612fa17aa75f3b197497ea2a323e18f35581fc18ab5cbf3824962219576661bbfe3f3d14bc5f128f207ad9073f44c858732c0ddd2db

Download Submit
\Windows\system\SEDZsra.exe

Filesize
6.0MB

MD5
1ec03bf57c81d0274f65fa67ddb94929

SHA1
5d897c2f119f6b7e45be137c31c60c37a2aa2648

SHA256
63a3035c60a19689acdc334e1f245da03c414d6a4de400d7c76bd80e845caa32

SHA512
582010a6f84428eca4d30126c31fb8cdad2178f6562d762d898088155d4649d6f2bebbb083e0eae5e3e7c9644e4d7b0012d7e227f514cb629aaac3ccf2599909

Download Submit
\Windows\system\bfRccws.exe

Filesize
6.0MB

MD5
ec70092e3d98155e203c376102f5f9ff

SHA1
2b2602c683cd081e4e08ff2d961c0206681eaec7

SHA256
9a04c78ef7486568c52413d4f03d87d03085d88920235795254b30fa91d8ad09

SHA512
090f5c3eb9fcd7027e787d9801d3ec24df6780df6fbd7dec0d625b2820740eb0096dccaf3b54ec980d09772e8857e8a75787208b2cf0cef1d4283d6a501ae04e

Download Submit
\Windows\system\kExBNtl.exe

Filesize
6.0MB

MD5
6fc5aff1bdc209a3474a2d35a3b7db35

SHA1
6daacc6f1dfe1dd8b31c1fc9576fb57350777931

SHA256
e7d8c1957752de896a2190de5c94ce89c3ff87d5d43a72e34f57f322e94487d2

SHA512
452bf853492656a46cc314e9a29b0d2ade7a906e9a776da48b7f283244e245fb419b25db64274f184e26b19ba069edf91d8239ab7b5e00e35c0182c32d958516

Download Submit
\Windows\system\moJoDJG.exe

Filesize
6.0MB

MD5
7a20fe07be27fc7e142d7762376f3dac

SHA1
6f1922b828778494362025770ee7137278ab1b43

SHA256
72eae30bb0ea08983c80752b321187643490f846613f5c023c1c2db46306ebff

SHA512
9dbbc9a36215d6e849924c27196ba92080014ab21377b455e61d8d783ec70e22104aa2fef798a82b8c2f8ffcee7becae70c893410b6d66b776df0dbca03f45d1

Download Submit
\Windows\system\ooYrCnh.exe

Filesize
6.0MB

MD5
22b81e74f2a48e26adf622514c01df84

SHA1
55411bbcfad2d865b66faaf01141532a3906b50c

SHA256
bbb7968bd60d8b627eeb3b49cfe5924e8c4cf50309efc63099c6d10d03d3bc9d

SHA512
d49d754c4fa0b63c34018a531add8ba7cfeb836b7e29b1d2d130ae83645ea0ba4125f8884d9714a44ad27aa4b6130b72ec607a1ba12430383106cadcbaf0d389

Download Submit
\Windows\system\ropHstg.exe

Filesize
6.0MB

MD5
e818add5f3a5ec1fb72b8b7283bae104

SHA1
d81dbcb5108283b400a9049e99049b39c69314a7

SHA256
7dcfc52c245b38e3dd3680d9fd7aa42d954a4cc511d952c9873d9bde62158537

SHA512
250b30ab39b59c2f8b6df72b8fa519e4520a46b88aca1d20ce0f48a280114e6706fd49ae1ef562153d6b031e08b10b08d9362de1087590e59ce8ec3bc2ca3264

Download Submit
memory/740-1776-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/740-104-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/740-408-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1348-20-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-441-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1348-71-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-49-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-78-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-77-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1348-80-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1348-111-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-0-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-51-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-107-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1348-6-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-16-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-29-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-45-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1348-73-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1348-39-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-108-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1348-63-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-407-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-55-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1348-98-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-36-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1352-112-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-1775-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-22-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1398-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-59-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-12-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-1368-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-42-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-88-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1761-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2276-15-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1367-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-101-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1765-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1759-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2608-74-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2608-197-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1509-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2612-87-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2612-60-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2720-30-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1394-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-66-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1527-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1425-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-37-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1760-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2880-53-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2880-79-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1465-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2940-46-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download