cobaltstrike | cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32

Analysis

max time kernel
60s
max time network
28s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26/11/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
Size

6.0MB
MD5

2744dceb167e5d67b0bf559762eae4f3
SHA1

7e167bfffe55533bc274e003e3d3f070e03e0aad
SHA256

cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32
SHA512

e2a08f626de69d1e08275e75792241711ffcf3e7064499f3a4238557202f2685510eb9de71eb355441cfd52c9fa4e0bde1da6db9d36676bce090b05dd2be1556
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-21.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-25.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-55.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-58.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-112.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2320-0-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-6.dat	xmrig
behavioral1/files/0x0008000000016c23-8.dat	xmrig
behavioral1/files/0x0007000000016cab-12.dat	xmrig
behavioral1/files/0x0007000000016ccc-21.dat	xmrig
behavioral1/files/0x0009000000016ce0-26.dat	xmrig
behavioral1/files/0x0007000000016cd8-25.dat	xmrig
behavioral1/memory/2792-51-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-55.dat	xmrig
behavioral1/files/0x00090000000167e3-58.dat	xmrig
behavioral1/memory/2656-57-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2788-41-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2500-39-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2320-38-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2324-37-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2292-36-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000900000001756b-46.dat	xmrig
behavioral1/memory/2556-45-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1976-34-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2320-61-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-87.dat	xmrig
behavioral1/files/0x000500000001950f-75.dat	xmrig
behavioral1/files/0x000500000001957c-103.dat	xmrig
behavioral1/memory/2956-102-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-101.dat	xmrig
behavioral1/memory/2124-98-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-83.dat	xmrig
behavioral1/memory/2708-81-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2320-79-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2372-94-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2320-93-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2652-92-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2656-91-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2800-74-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-73.dat	xmrig
behavioral1/files/0x00050000000195ad-124.dat	xmrig
behavioral1/files/0x00050000000195af-125.dat	xmrig
behavioral1/files/0x00050000000195b3-133.dat	xmrig
behavioral1/files/0x00050000000195c1-153.dat	xmrig
behavioral1/files/0x00050000000195c5-164.dat	xmrig
behavioral1/files/0x00050000000195c6-168.dat	xmrig
behavioral1/memory/2372-307-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2320-306-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2320-279-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2320-181-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2956-308-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-175.dat	xmrig
behavioral1/files/0x00050000000195c7-171.dat	xmrig
behavioral1/files/0x00050000000195c3-159.dat	xmrig
behavioral1/files/0x00050000000195bd-151.dat	xmrig
behavioral1/files/0x00050000000195bb-147.dat	xmrig
behavioral1/files/0x00050000000195b7-144.dat	xmrig
behavioral1/files/0x00050000000195b5-140.dat	xmrig
behavioral1/files/0x00050000000195b1-132.dat	xmrig
behavioral1/files/0x00050000000195ab-119.dat	xmrig
behavioral1/files/0x00050000000195a9-116.dat	xmrig
behavioral1/files/0x00050000000195a7-112.dat	xmrig
behavioral1/memory/1976-1176-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2556-1179-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2788-1194-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2324-1193-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2292-1186-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2500-1189-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2792-1208-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2556	BPcBOEx.exe
1976	pEDQSnv.exe
2292	PTsfXlV.exe
2324	NyDBUtg.exe
2500	LYlJOmW.exe
2788	dahJTLf.exe
2792	CXKUHkF.exe
2656	rfRGQsa.exe
2800	SsTIREX.exe
2708	BaiAlUr.exe
2652	IZnrGBP.exe
2372	TJsUpwH.exe
2124	rZWBPIN.exe
2956	OLhSJcr.exe
1172	BGLXdia.exe
1780	jrLFIcK.exe
2068	OXXwnrk.exe
2836	aFIkIBb.exe
1364	LklJHqN.exe
1168	tquQcoH.exe
2996	RFWozFf.exe
1756	emmJuYC.exe
828	dSWfdGv.exe
2916	aZTSzvg.exe
2200	qtNiGDf.exe
2220	lSBqVKx.exe
2160	foidcAa.exe
2496	HOxneZY.exe
1368	eImBKna.exe
1088	SsMZrYI.exe
3064	MOphFaB.exe
1752	MGojxmI.exe
1644	aQuMiOX.exe
1620	IcVXHSq.exe
2944	AVvQSoO.exe
1052	mOpDBsV.exe
1764	PohGTyo.exe
336	xGjYozK.exe
1492	yLPIMPs.exe
768	txeYMnD.exe
1444	dKOvFeh.exe
580	pvbJHqV.exe
584	dXpAONu.exe
2480	QGsffAr.exe
876	WXifHkY.exe
2352	LVkCxug.exe
1604	doCMBTb.exe
2036	QAoKAEM.exe
2760	iFDLVTO.exe
2380	MdZcXSf.exe
1080	GvweknB.exe
1676	ujWEiNC.exe
1300	HEkvaAp.exe
2024	xkexDeQ.exe
2876	HMJQoGL.exe
2424	YKrGJzO.exe
2620	nHAxELj.exe
1356	QhPSueV.exe
1728	qhistJl.exe
2460	FTPMeDv.exe
1720	HIMvBFg.exe
1072	DZGQCBe.exe
1804	mTxHJpb.exe
3068	sjHpDxt.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x000a000000012262-6.dat	upx
behavioral1/files/0x0008000000016c23-8.dat	upx
behavioral1/files/0x0007000000016cab-12.dat	upx
behavioral1/files/0x0007000000016ccc-21.dat	upx
behavioral1/files/0x0009000000016ce0-26.dat	upx
behavioral1/files/0x0007000000016cd8-25.dat	upx
behavioral1/memory/2792-51-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-55.dat	upx
behavioral1/files/0x00090000000167e3-58.dat	upx
behavioral1/memory/2656-57-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2788-41-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2500-39-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2324-37-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2292-36-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000900000001756b-46.dat	upx
behavioral1/memory/2556-45-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1976-34-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2320-61-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0005000000019515-87.dat	upx
behavioral1/files/0x000500000001950f-75.dat	upx
behavioral1/files/0x000500000001957c-103.dat	upx
behavioral1/memory/2956-102-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0005000000019547-101.dat	upx
behavioral1/memory/2124-98-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-83.dat	upx
behavioral1/memory/2708-81-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2372-94-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2652-92-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2656-91-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2800-74-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-73.dat	upx
behavioral1/files/0x00050000000195ad-124.dat	upx
behavioral1/files/0x00050000000195af-125.dat	upx
behavioral1/files/0x00050000000195b3-133.dat	upx
behavioral1/files/0x00050000000195c1-153.dat	upx
behavioral1/files/0x00050000000195c5-164.dat	upx
behavioral1/files/0x00050000000195c6-168.dat	upx
behavioral1/memory/2372-307-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2956-308-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001960c-175.dat	upx
behavioral1/files/0x00050000000195c7-171.dat	upx
behavioral1/files/0x00050000000195c3-159.dat	upx
behavioral1/files/0x00050000000195bd-151.dat	upx
behavioral1/files/0x00050000000195bb-147.dat	upx
behavioral1/files/0x00050000000195b7-144.dat	upx
behavioral1/files/0x00050000000195b5-140.dat	upx
behavioral1/files/0x00050000000195b1-132.dat	upx
behavioral1/files/0x00050000000195ab-119.dat	upx
behavioral1/files/0x00050000000195a9-116.dat	upx
behavioral1/files/0x00050000000195a7-112.dat	upx
behavioral1/memory/1976-1176-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2556-1179-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2788-1194-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2324-1193-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2292-1186-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2500-1189-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2792-1208-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2656-1266-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2800-1315-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2708-1316-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2124-1343-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2372-1345-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2652-1344-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JNqZMyA.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\hRvsmZN.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\ZALeTNO.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\ghOcMVK.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\ItsZdmO.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\SWfpkPD.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\POiOEDx.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\ptAqeMY.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\modERql.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\sOuZfrL.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\gEzaBEY.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\cmEcNLp.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\GSDkfgj.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\qqpTdtN.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\axOChIe.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\IUObxdL.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\WXifHkY.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\hptKAbL.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\FTBvogX.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\QzjEdau.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\AbeWStK.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\ykTFiBI.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\unRIWjd.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\GaiCWvt.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\nHhRtsT.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\GxXPGNi.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\QpQetkw.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\SbgxCbt.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\kBzQXJN.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\DZGQCBe.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\XwNXJvU.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\jPFnmAm.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\tofSVww.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\TyRqFOF.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\tjUdTRI.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\BKeFyoS.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\hpTZrsN.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\tquQcoH.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\pKVFBtJ.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\QEpNIec.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\eysuXdr.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\AeRreJd.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\NjOjgYO.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\xGjYozK.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\aYIYhJk.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\yUNSYwN.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\oJYSYNU.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\JnjOZmR.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\oyqeUoM.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\kQsQtPn.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\CofqBeZ.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\pIUyZmL.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\SwqCOnl.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\CxYRksY.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\NNhIlQv.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\SbpYpav.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\IgGoHYJ.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\MnrFUXv.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\FNyRQzw.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\cnZOtQn.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\GzGBwAr.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\hcYuEXg.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\xkexDeQ.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
File created	C:\Windows\System\BzNSbJw.exe	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2556	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	32
PID 2320 wrote to memory of 2556	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	32
PID 2320 wrote to memory of 2556	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	32
PID 2320 wrote to memory of 1976	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	33
PID 2320 wrote to memory of 1976	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	33
PID 2320 wrote to memory of 1976	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	33
PID 2320 wrote to memory of 2292	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	34
PID 2320 wrote to memory of 2292	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	34
PID 2320 wrote to memory of 2292	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	34
PID 2320 wrote to memory of 2324	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	35
PID 2320 wrote to memory of 2324	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	35
PID 2320 wrote to memory of 2324	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	35
PID 2320 wrote to memory of 2500	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	36
PID 2320 wrote to memory of 2500	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	36
PID 2320 wrote to memory of 2500	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	36
PID 2320 wrote to memory of 2788	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	37
PID 2320 wrote to memory of 2788	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	37
PID 2320 wrote to memory of 2788	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	37
PID 2320 wrote to memory of 2792	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	38
PID 2320 wrote to memory of 2792	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	38
PID 2320 wrote to memory of 2792	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	38
PID 2320 wrote to memory of 2656	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	39
PID 2320 wrote to memory of 2656	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	39
PID 2320 wrote to memory of 2656	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	39
PID 2320 wrote to memory of 2800	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	40
PID 2320 wrote to memory of 2800	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	40
PID 2320 wrote to memory of 2800	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	40
PID 2320 wrote to memory of 2652	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	41
PID 2320 wrote to memory of 2652	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	41
PID 2320 wrote to memory of 2652	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	41
PID 2320 wrote to memory of 2708	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	42
PID 2320 wrote to memory of 2708	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	42
PID 2320 wrote to memory of 2708	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	42
PID 2320 wrote to memory of 2124	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	43
PID 2320 wrote to memory of 2124	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	43
PID 2320 wrote to memory of 2124	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	43
PID 2320 wrote to memory of 2372	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	44
PID 2320 wrote to memory of 2372	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	44
PID 2320 wrote to memory of 2372	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	44
PID 2320 wrote to memory of 2956	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	45
PID 2320 wrote to memory of 2956	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	45
PID 2320 wrote to memory of 2956	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	45
PID 2320 wrote to memory of 1172	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	46
PID 2320 wrote to memory of 1172	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	46
PID 2320 wrote to memory of 1172	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	46
PID 2320 wrote to memory of 1780	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	47
PID 2320 wrote to memory of 1780	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	47
PID 2320 wrote to memory of 1780	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	47
PID 2320 wrote to memory of 2068	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	48
PID 2320 wrote to memory of 2068	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	48
PID 2320 wrote to memory of 2068	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	48
PID 2320 wrote to memory of 2836	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	49
PID 2320 wrote to memory of 2836	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	49
PID 2320 wrote to memory of 2836	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	49
PID 2320 wrote to memory of 1364	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	50
PID 2320 wrote to memory of 1364	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	50
PID 2320 wrote to memory of 1364	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	50
PID 2320 wrote to memory of 1168	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	51
PID 2320 wrote to memory of 1168	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	51
PID 2320 wrote to memory of 1168	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	51
PID 2320 wrote to memory of 2996	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	52
PID 2320 wrote to memory of 2996	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	52
PID 2320 wrote to memory of 2996	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	52
PID 2320 wrote to memory of 1756	2320	cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe	53

C:\Users\Admin\AppData\Local\Temp\cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe
"C:\Users\Admin\AppData\Local\Temp\cd3978cf34153ce17812d5fbdada7c8b93490cf9824c60839daffde9214aca32.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System\BPcBOEx.exe
  C:\Windows\System\BPcBOEx.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\pEDQSnv.exe
  C:\Windows\System\pEDQSnv.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\PTsfXlV.exe
  C:\Windows\System\PTsfXlV.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\NyDBUtg.exe
  C:\Windows\System\NyDBUtg.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\LYlJOmW.exe
  C:\Windows\System\LYlJOmW.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\dahJTLf.exe
  C:\Windows\System\dahJTLf.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\CXKUHkF.exe
  C:\Windows\System\CXKUHkF.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\rfRGQsa.exe
  C:\Windows\System\rfRGQsa.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SsTIREX.exe
  C:\Windows\System\SsTIREX.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\IZnrGBP.exe
  C:\Windows\System\IZnrGBP.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BaiAlUr.exe
  C:\Windows\System\BaiAlUr.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\rZWBPIN.exe
  C:\Windows\System\rZWBPIN.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\TJsUpwH.exe
  C:\Windows\System\TJsUpwH.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\OLhSJcr.exe
  C:\Windows\System\OLhSJcr.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\BGLXdia.exe
  C:\Windows\System\BGLXdia.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\jrLFIcK.exe
  C:\Windows\System\jrLFIcK.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\OXXwnrk.exe
  C:\Windows\System\OXXwnrk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\aFIkIBb.exe
  C:\Windows\System\aFIkIBb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\LklJHqN.exe
  C:\Windows\System\LklJHqN.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\tquQcoH.exe
  C:\Windows\System\tquQcoH.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\RFWozFf.exe
  C:\Windows\System\RFWozFf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\emmJuYC.exe
  C:\Windows\System\emmJuYC.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\dSWfdGv.exe
  C:\Windows\System\dSWfdGv.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\aZTSzvg.exe
  C:\Windows\System\aZTSzvg.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\qtNiGDf.exe
  C:\Windows\System\qtNiGDf.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\lSBqVKx.exe
  C:\Windows\System\lSBqVKx.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\foidcAa.exe
  C:\Windows\System\foidcAa.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\HOxneZY.exe
  C:\Windows\System\HOxneZY.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\eImBKna.exe
  C:\Windows\System\eImBKna.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\SsMZrYI.exe
  C:\Windows\System\SsMZrYI.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\MOphFaB.exe
  C:\Windows\System\MOphFaB.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\MGojxmI.exe
  C:\Windows\System\MGojxmI.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\aQuMiOX.exe
  C:\Windows\System\aQuMiOX.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\mOpDBsV.exe
  C:\Windows\System\mOpDBsV.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\IcVXHSq.exe
  C:\Windows\System\IcVXHSq.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\QhPSueV.exe
  C:\Windows\System\QhPSueV.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\AVvQSoO.exe
  C:\Windows\System\AVvQSoO.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FTPMeDv.exe
  C:\Windows\System\FTPMeDv.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\PohGTyo.exe
  C:\Windows\System\PohGTyo.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\HIMvBFg.exe
  C:\Windows\System\HIMvBFg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\xGjYozK.exe
  C:\Windows\System\xGjYozK.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\DZGQCBe.exe
  C:\Windows\System\DZGQCBe.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\yLPIMPs.exe
  C:\Windows\System\yLPIMPs.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mTxHJpb.exe
  C:\Windows\System\mTxHJpb.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\txeYMnD.exe
  C:\Windows\System\txeYMnD.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sjHpDxt.exe
  C:\Windows\System\sjHpDxt.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\dKOvFeh.exe
  C:\Windows\System\dKOvFeh.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\ohIvWgm.exe
  C:\Windows\System\ohIvWgm.exe
  2⤵
  PID:1648
- C:\Windows\System\pvbJHqV.exe
  C:\Windows\System\pvbJHqV.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\PolPMMc.exe
  C:\Windows\System\PolPMMc.exe
  2⤵
  PID:1372
- C:\Windows\System\dXpAONu.exe
  C:\Windows\System\dXpAONu.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\HderLOr.exe
  C:\Windows\System\HderLOr.exe
  2⤵
  PID:2236
- C:\Windows\System\QGsffAr.exe
  C:\Windows\System\QGsffAr.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\TqLxUVA.exe
  C:\Windows\System\TqLxUVA.exe
  2⤵
  PID:1712
- C:\Windows\System\WXifHkY.exe
  C:\Windows\System\WXifHkY.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\urhEayi.exe
  C:\Windows\System\urhEayi.exe
  2⤵
  PID:2308
- C:\Windows\System\LVkCxug.exe
  C:\Windows\System\LVkCxug.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\odGenzo.exe
  C:\Windows\System\odGenzo.exe
  2⤵
  PID:1596
- C:\Windows\System\doCMBTb.exe
  C:\Windows\System\doCMBTb.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cebFgcM.exe
  C:\Windows\System\cebFgcM.exe
  2⤵
  PID:2548
- C:\Windows\System\QAoKAEM.exe
  C:\Windows\System\QAoKAEM.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\wAPuMZX.exe
  C:\Windows\System\wAPuMZX.exe
  2⤵
  PID:2816
- C:\Windows\System\iFDLVTO.exe
  C:\Windows\System\iFDLVTO.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\qgNpSEw.exe
  C:\Windows\System\qgNpSEw.exe
  2⤵
  PID:2764
- C:\Windows\System\MdZcXSf.exe
  C:\Windows\System\MdZcXSf.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\HmFwsJS.exe
  C:\Windows\System\HmFwsJS.exe
  2⤵
  PID:2232
- C:\Windows\System\GvweknB.exe
  C:\Windows\System\GvweknB.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\YQufQlQ.exe
  C:\Windows\System\YQufQlQ.exe
  2⤵
  PID:1624
- C:\Windows\System\ujWEiNC.exe
  C:\Windows\System\ujWEiNC.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\JnjOZmR.exe
  C:\Windows\System\JnjOZmR.exe
  2⤵
  PID:2684
- C:\Windows\System\HEkvaAp.exe
  C:\Windows\System\HEkvaAp.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\yxkVihg.exe
  C:\Windows\System\yxkVihg.exe
  2⤵
  PID:1100
- C:\Windows\System\xkexDeQ.exe
  C:\Windows\System\xkexDeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\TzwMHHd.exe
  C:\Windows\System\TzwMHHd.exe
  2⤵
  PID:1636
- C:\Windows\System\HMJQoGL.exe
  C:\Windows\System\HMJQoGL.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\DVAgbDw.exe
  C:\Windows\System\DVAgbDw.exe
  2⤵
  PID:2868
- C:\Windows\System\YKrGJzO.exe
  C:\Windows\System\YKrGJzO.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\PZIwTBi.exe
  C:\Windows\System\PZIwTBi.exe
  2⤵
  PID:1988
- C:\Windows\System\nHAxELj.exe
  C:\Windows\System\nHAxELj.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\TCUnWnS.exe
  C:\Windows\System\TCUnWnS.exe
  2⤵
  PID:3040
- C:\Windows\System\qhistJl.exe
  C:\Windows\System\qhistJl.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\qWhDQhe.exe
  C:\Windows\System\qWhDQhe.exe
  2⤵
  PID:1900
- C:\Windows\System\hptKAbL.exe
  C:\Windows\System\hptKAbL.exe
  2⤵
  PID:3008
- C:\Windows\System\IapxwsL.exe
  C:\Windows\System\IapxwsL.exe
  2⤵
  PID:1112
- C:\Windows\System\pKVFBtJ.exe
  C:\Windows\System\pKVFBtJ.exe
  2⤵
  PID:1692
- C:\Windows\System\iMrDxVD.exe
  C:\Windows\System\iMrDxVD.exe
  2⤵
  PID:2280
- C:\Windows\System\IFkEftn.exe
  C:\Windows\System\IFkEftn.exe
  2⤵
  PID:1680
- C:\Windows\System\rSpELmq.exe
  C:\Windows\System\rSpELmq.exe
  2⤵
  PID:1476
- C:\Windows\System\fTXdvRz.exe
  C:\Windows\System\fTXdvRz.exe
  2⤵
  PID:2600
- C:\Windows\System\XwNXJvU.exe
  C:\Windows\System\XwNXJvU.exe
  2⤵
  PID:1968
- C:\Windows\System\cnZOtQn.exe
  C:\Windows\System\cnZOtQn.exe
  2⤵
  PID:1592
- C:\Windows\System\lzDMjDD.exe
  C:\Windows\System\lzDMjDD.exe
  2⤵
  PID:3036
- C:\Windows\System\JUpqZjc.exe
  C:\Windows\System\JUpqZjc.exe
  2⤵
  PID:2192
- C:\Windows\System\GzGBwAr.exe
  C:\Windows\System\GzGBwAr.exe
  2⤵
  PID:1696
- C:\Windows\System\AwOwBOE.exe
  C:\Windows\System\AwOwBOE.exe
  2⤵
  PID:2932
- C:\Windows\System\ZHLDECi.exe
  C:\Windows\System\ZHLDECi.exe
  2⤵
  PID:1908
- C:\Windows\System\KtBzMFJ.exe
  C:\Windows\System\KtBzMFJ.exe
  2⤵
  PID:2204
- C:\Windows\System\RorwtXu.exe
  C:\Windows\System\RorwtXu.exe
  2⤵
  PID:1016
- C:\Windows\System\EoQrqln.exe
  C:\Windows\System\EoQrqln.exe
  2⤵
  PID:1992
- C:\Windows\System\kWWEHBY.exe
  C:\Windows\System\kWWEHBY.exe
  2⤵
  PID:2976
- C:\Windows\System\vOmUvyI.exe
  C:\Windows\System\vOmUvyI.exe
  2⤵
  PID:976
- C:\Windows\System\ZPYlNWF.exe
  C:\Windows\System\ZPYlNWF.exe
  2⤵
  PID:1744
- C:\Windows\System\rXwKNjb.exe
  C:\Windows\System\rXwKNjb.exe
  2⤵
  PID:1204
- C:\Windows\System\UrfeaDH.exe
  C:\Windows\System\UrfeaDH.exe
  2⤵
  PID:1020
- C:\Windows\System\KHjPJkZ.exe
  C:\Windows\System\KHjPJkZ.exe
  2⤵
  PID:1488
- C:\Windows\System\JgxAHPf.exe
  C:\Windows\System\JgxAHPf.exe
  2⤵
  PID:2420
- C:\Windows\System\ojrKnsb.exe
  C:\Windows\System\ojrKnsb.exe
  2⤵
  PID:1912
- C:\Windows\System\okcsMFf.exe
  C:\Windows\System\okcsMFf.exe
  2⤵
  PID:884
- C:\Windows\System\DqOWbvz.exe
  C:\Windows\System\DqOWbvz.exe
  2⤵
  PID:2832
- C:\Windows\System\cHnRJPS.exe
  C:\Windows\System\cHnRJPS.exe
  2⤵
  PID:1576
- C:\Windows\System\HPzdJvR.exe
  C:\Windows\System\HPzdJvR.exe
  2⤵
  PID:2688
- C:\Windows\System\POiOEDx.exe
  C:\Windows\System\POiOEDx.exe
  2⤵
  PID:1144
- C:\Windows\System\WxcZygS.exe
  C:\Windows\System\WxcZygS.exe
  2⤵
  PID:2928
- C:\Windows\System\PdiTytM.exe
  C:\Windows\System\PdiTytM.exe
  2⤵
  PID:2076
- C:\Windows\System\lkdxCoI.exe
  C:\Windows\System\lkdxCoI.exe
  2⤵
  PID:3000
- C:\Windows\System\qpgwwjH.exe
  C:\Windows\System\qpgwwjH.exe
  2⤵
  PID:2004
- C:\Windows\System\IhgGxnY.exe
  C:\Windows\System\IhgGxnY.exe
  2⤵
  PID:1528
- C:\Windows\System\UPuWlet.exe
  C:\Windows\System\UPuWlet.exe
  2⤵
  PID:868
- C:\Windows\System\rDYVUSm.exe
  C:\Windows\System\rDYVUSm.exe
  2⤵
  PID:1948
- C:\Windows\System\koeyBOY.exe
  C:\Windows\System\koeyBOY.exe
  2⤵
  PID:1612
- C:\Windows\System\jwnTZqP.exe
  C:\Windows\System\jwnTZqP.exe
  2⤵
  PID:2264
- C:\Windows\System\NwJaUvh.exe
  C:\Windows\System\NwJaUvh.exe
  2⤵
  PID:672
- C:\Windows\System\YlWrXLm.exe
  C:\Windows\System\YlWrXLm.exe
  2⤵
  PID:2456
- C:\Windows\System\oIKgtxs.exe
  C:\Windows\System\oIKgtxs.exe
  2⤵
  PID:1564
- C:\Windows\System\IUObxdL.exe
  C:\Windows\System\IUObxdL.exe
  2⤵
  PID:2860
- C:\Windows\System\mxyAkoM.exe
  C:\Windows\System\mxyAkoM.exe
  2⤵
  PID:2300
- C:\Windows\System\GaiCWvt.exe
  C:\Windows\System\GaiCWvt.exe
  2⤵
  PID:1480
- C:\Windows\System\DHyfNbu.exe
  C:\Windows\System\DHyfNbu.exe
  2⤵
  PID:1084
- C:\Windows\System\YtnCSZF.exe
  C:\Windows\System\YtnCSZF.exe
  2⤵
  PID:2408
- C:\Windows\System\QlzVrmf.exe
  C:\Windows\System\QlzVrmf.exe
  2⤵
  PID:2676
- C:\Windows\System\PPSGFUf.exe
  C:\Windows\System\PPSGFUf.exe
  2⤵
  PID:2812
- C:\Windows\System\gInUXAD.exe
  C:\Windows\System\gInUXAD.exe
  2⤵
  PID:2016
- C:\Windows\System\IeWrPTw.exe
  C:\Windows\System\IeWrPTw.exe
  2⤵
  PID:2224
- C:\Windows\System\JiGTlsf.exe
  C:\Windows\System\JiGTlsf.exe
  2⤵
  PID:588
- C:\Windows\System\xYwFkzZ.exe
  C:\Windows\System\xYwFkzZ.exe
  2⤵
  PID:2252
- C:\Windows\System\sMuEtMA.exe
  C:\Windows\System\sMuEtMA.exe
  2⤵
  PID:2628
- C:\Windows\System\oyqeUoM.exe
  C:\Windows\System\oyqeUoM.exe
  2⤵
  PID:2948
- C:\Windows\System\ptAqeMY.exe
  C:\Windows\System\ptAqeMY.exe
  2⤵
  PID:880
- C:\Windows\System\ALLiWOZ.exe
  C:\Windows\System\ALLiWOZ.exe
  2⤵
  PID:568
- C:\Windows\System\kqdLopX.exe
  C:\Windows\System\kqdLopX.exe
  2⤵
  PID:2388
- C:\Windows\System\kPelfYS.exe
  C:\Windows\System\kPelfYS.exe
  2⤵
  PID:1608
- C:\Windows\System\updKEhJ.exe
  C:\Windows\System\updKEhJ.exe
  2⤵
  PID:1104
- C:\Windows\System\KvAXRzX.exe
  C:\Windows\System\KvAXRzX.exe
  2⤵
  PID:1176
- C:\Windows\System\CxYRksY.exe
  C:\Windows\System\CxYRksY.exe
  2⤵
  PID:2896
- C:\Windows\System\gySsCiO.exe
  C:\Windows\System\gySsCiO.exe
  2⤵
  PID:2824
- C:\Windows\System\UAWLQfS.exe
  C:\Windows\System\UAWLQfS.exe
  2⤵
  PID:2804
- C:\Windows\System\KSRACni.exe
  C:\Windows\System\KSRACni.exe
  2⤵
  PID:1416
- C:\Windows\System\rdqUqxD.exe
  C:\Windows\System\rdqUqxD.exe
  2⤵
  PID:2444
- C:\Windows\System\gvXSPfN.exe
  C:\Windows\System\gvXSPfN.exe
  2⤵
  PID:1980
- C:\Windows\System\cwhoDvH.exe
  C:\Windows\System\cwhoDvH.exe
  2⤵
  PID:2768
- C:\Windows\System\kyTnvBn.exe
  C:\Windows\System\kyTnvBn.exe
  2⤵
  PID:2960
- C:\Windows\System\GMGvsft.exe
  C:\Windows\System\GMGvsft.exe
  2⤵
  PID:2964
- C:\Windows\System\FrWICDz.exe
  C:\Windows\System\FrWICDz.exe
  2⤵
  PID:2864
- C:\Windows\System\nGqmHav.exe
  C:\Windows\System\nGqmHav.exe
  2⤵
  PID:3084
- C:\Windows\System\vCfHHLl.exe
  C:\Windows\System\vCfHHLl.exe
  2⤵
  PID:3100
- C:\Windows\System\wODUcJt.exe
  C:\Windows\System\wODUcJt.exe
  2⤵
  PID:3116
- C:\Windows\System\mNjpwFc.exe
  C:\Windows\System\mNjpwFc.exe
  2⤵
  PID:3132
- C:\Windows\System\WJfZkhG.exe
  C:\Windows\System\WJfZkhG.exe
  2⤵
  PID:3156
- C:\Windows\System\osYLAiD.exe
  C:\Windows\System\osYLAiD.exe
  2⤵
  PID:3172
- C:\Windows\System\UsdgXYf.exe
  C:\Windows\System\UsdgXYf.exe
  2⤵
  PID:3192
- C:\Windows\System\fQCxpAr.exe
  C:\Windows\System\fQCxpAr.exe
  2⤵
  PID:3212
- C:\Windows\System\nHhRtsT.exe
  C:\Windows\System\nHhRtsT.exe
  2⤵
  PID:3232
- C:\Windows\System\zcWkqOK.exe
  C:\Windows\System\zcWkqOK.exe
  2⤵
  PID:3248
- C:\Windows\System\smdEHpH.exe
  C:\Windows\System\smdEHpH.exe
  2⤵
  PID:3320
- C:\Windows\System\EPoagrR.exe
  C:\Windows\System\EPoagrR.exe
  2⤵
  PID:3348
- C:\Windows\System\xdehOJC.exe
  C:\Windows\System\xdehOJC.exe
  2⤵
  PID:3364
- C:\Windows\System\iTEaaFs.exe
  C:\Windows\System\iTEaaFs.exe
  2⤵
  PID:3380
- C:\Windows\System\DlhnbcA.exe
  C:\Windows\System\DlhnbcA.exe
  2⤵
  PID:3396
- C:\Windows\System\YezlNQz.exe
  C:\Windows\System\YezlNQz.exe
  2⤵
  PID:3412
- C:\Windows\System\zcXMWPt.exe
  C:\Windows\System\zcXMWPt.exe
  2⤵
  PID:3444
- C:\Windows\System\wwciaEI.exe
  C:\Windows\System\wwciaEI.exe
  2⤵
  PID:3460
- C:\Windows\System\rfRstuY.exe
  C:\Windows\System\rfRstuY.exe
  2⤵
  PID:3476
- C:\Windows\System\BzNSbJw.exe
  C:\Windows\System\BzNSbJw.exe
  2⤵
  PID:3492
- C:\Windows\System\lYJYFeW.exe
  C:\Windows\System\lYJYFeW.exe
  2⤵
  PID:3512
- C:\Windows\System\bVpTTER.exe
  C:\Windows\System\bVpTTER.exe
  2⤵
  PID:3592
- C:\Windows\System\aLsfGza.exe
  C:\Windows\System\aLsfGza.exe
  2⤵
  PID:3612
- C:\Windows\System\TxzIIlX.exe
  C:\Windows\System\TxzIIlX.exe
  2⤵
  PID:3628
- C:\Windows\System\rrDwVLB.exe
  C:\Windows\System\rrDwVLB.exe
  2⤵
  PID:3644
- C:\Windows\System\fpZLCFo.exe
  C:\Windows\System\fpZLCFo.exe
  2⤵
  PID:3672
- C:\Windows\System\JnAbYbb.exe
  C:\Windows\System\JnAbYbb.exe
  2⤵
  PID:3688
- C:\Windows\System\pltuThK.exe
  C:\Windows\System\pltuThK.exe
  2⤵
  PID:3708
- C:\Windows\System\ZyTDswB.exe
  C:\Windows\System\ZyTDswB.exe
  2⤵
  PID:3724
- C:\Windows\System\NlkuAXM.exe
  C:\Windows\System\NlkuAXM.exe
  2⤵
  PID:3740
- C:\Windows\System\NdgFUQc.exe
  C:\Windows\System\NdgFUQc.exe
  2⤵
  PID:3756
- C:\Windows\System\iYrbTyZ.exe
  C:\Windows\System\iYrbTyZ.exe
  2⤵
  PID:3772
- C:\Windows\System\hEXbexb.exe
  C:\Windows\System\hEXbexb.exe
  2⤵
  PID:3792
- C:\Windows\System\zWGLBhL.exe
  C:\Windows\System\zWGLBhL.exe
  2⤵
  PID:3808
- C:\Windows\System\RQiyAJl.exe
  C:\Windows\System\RQiyAJl.exe
  2⤵
  PID:3836
- C:\Windows\System\btYKTMk.exe
  C:\Windows\System\btYKTMk.exe
  2⤵
  PID:3852
- C:\Windows\System\pQbdbHA.exe
  C:\Windows\System\pQbdbHA.exe
  2⤵
  PID:3868
- C:\Windows\System\OZHsWjw.exe
  C:\Windows\System\OZHsWjw.exe
  2⤵
  PID:3884
- C:\Windows\System\deWutEx.exe
  C:\Windows\System\deWutEx.exe
  2⤵
  PID:3900
- C:\Windows\System\FXmcIAv.exe
  C:\Windows\System\FXmcIAv.exe
  2⤵
  PID:3920
- C:\Windows\System\jPFnmAm.exe
  C:\Windows\System\jPFnmAm.exe
  2⤵
  PID:3940
- C:\Windows\System\QPVMLmj.exe
  C:\Windows\System\QPVMLmj.exe
  2⤵
  PID:3960
- C:\Windows\System\cvVwskd.exe
  C:\Windows\System\cvVwskd.exe
  2⤵
  PID:3976
- C:\Windows\System\ouKnxDL.exe
  C:\Windows\System\ouKnxDL.exe
  2⤵
  PID:4008
- C:\Windows\System\hcYuEXg.exe
  C:\Windows\System\hcYuEXg.exe
  2⤵
  PID:4024
- C:\Windows\System\fiNlkjB.exe
  C:\Windows\System\fiNlkjB.exe
  2⤵
  PID:4040
- C:\Windows\System\AyBFAql.exe
  C:\Windows\System\AyBFAql.exe
  2⤵
  PID:4060
- C:\Windows\System\wCbakWU.exe
  C:\Windows\System\wCbakWU.exe
  2⤵
  PID:4076
- C:\Windows\System\afkWRLp.exe
  C:\Windows\System\afkWRLp.exe
  2⤵
  PID:4092
- C:\Windows\System\fOZomxw.exe
  C:\Windows\System\fOZomxw.exe
  2⤵
  PID:2668
- C:\Windows\System\lSLkRXd.exe
  C:\Windows\System\lSLkRXd.exe
  2⤵
  PID:1536
- C:\Windows\System\SpBJRWU.exe
  C:\Windows\System\SpBJRWU.exe
  2⤵
  PID:3112
- C:\Windows\System\BcbyHuX.exe
  C:\Windows\System\BcbyHuX.exe
  2⤵
  PID:3152
- C:\Windows\System\NNhIlQv.exe
  C:\Windows\System\NNhIlQv.exe
  2⤵
  PID:3220
- C:\Windows\System\jIspTzv.exe
  C:\Windows\System\jIspTzv.exe
  2⤵
  PID:3092
- C:\Windows\System\utMqiFr.exe
  C:\Windows\System\utMqiFr.exe
  2⤵
  PID:3260
- C:\Windows\System\AVPpBjY.exe
  C:\Windows\System\AVPpBjY.exe
  2⤵
  PID:3200
- C:\Windows\System\yTMCwNH.exe
  C:\Windows\System\yTMCwNH.exe
  2⤵
  PID:3304
- C:\Windows\System\CSNTPyH.exe
  C:\Windows\System\CSNTPyH.exe
  2⤵
  PID:3244
- C:\Windows\System\xxJdasr.exe
  C:\Windows\System\xxJdasr.exe
  2⤵
  PID:3032
- C:\Windows\System\NixULFv.exe
  C:\Windows\System\NixULFv.exe
  2⤵
  PID:3420
- C:\Windows\System\oRYlahn.exe
  C:\Windows\System\oRYlahn.exe
  2⤵
  PID:2096
- C:\Windows\System\kJrzemy.exe
  C:\Windows\System\kJrzemy.exe
  2⤵
  PID:3404
- C:\Windows\System\ndTtkSL.exe
  C:\Windows\System\ndTtkSL.exe
  2⤵
  PID:3472
- C:\Windows\System\LIxWRUt.exe
  C:\Windows\System\LIxWRUt.exe
  2⤵
  PID:1884
- C:\Windows\System\JcJSlwd.exe
  C:\Windows\System\JcJSlwd.exe
  2⤵
  PID:3520
- C:\Windows\System\bbwYjEv.exe
  C:\Windows\System\bbwYjEv.exe
  2⤵
  PID:1672
- C:\Windows\System\iVlQJKd.exe
  C:\Windows\System\iVlQJKd.exe
  2⤵
  PID:3536
- C:\Windows\System\ohYHOKo.exe
  C:\Windows\System\ohYHOKo.exe
  2⤵
  PID:948
- C:\Windows\System\gWTsGuO.exe
  C:\Windows\System\gWTsGuO.exe
  2⤵
  PID:372
- C:\Windows\System\uBHyDjI.exe
  C:\Windows\System\uBHyDjI.exe
  2⤵
  PID:2152
- C:\Windows\System\Mecukzo.exe
  C:\Windows\System\Mecukzo.exe
  2⤵
  PID:2644
- C:\Windows\System\HWLMTIb.exe
  C:\Windows\System\HWLMTIb.exe
  2⤵
  PID:2692
- C:\Windows\System\xAhqSSm.exe
  C:\Windows\System\xAhqSSm.exe
  2⤵
  PID:2088
- C:\Windows\System\hjCsSFl.exe
  C:\Windows\System\hjCsSFl.exe
  2⤵
  PID:2592
- C:\Windows\System\UduVmCL.exe
  C:\Windows\System\UduVmCL.exe
  2⤵
  PID:3560
- C:\Windows\System\GSDkfgj.exe
  C:\Windows\System\GSDkfgj.exe
  2⤵
  PID:3600
- C:\Windows\System\XWzMqKe.exe
  C:\Windows\System\XWzMqKe.exe
  2⤵
  PID:2992
- C:\Windows\System\QTwklua.exe
  C:\Windows\System\QTwklua.exe
  2⤵
  PID:3640
- C:\Windows\System\KvenIsE.exe
  C:\Windows\System\KvenIsE.exe
  2⤵
  PID:3668
- C:\Windows\System\akRnlJp.exe
  C:\Windows\System\akRnlJp.exe
  2⤵
  PID:3684
- C:\Windows\System\GxXPGNi.exe
  C:\Windows\System\GxXPGNi.exe
  2⤵
  PID:3748
- C:\Windows\System\GIcLIWc.exe
  C:\Windows\System\GIcLIWc.exe
  2⤵
  PID:3720
- C:\Windows\System\ooPfDBX.exe
  C:\Windows\System\ooPfDBX.exe
  2⤵
  PID:3736
- C:\Windows\System\yAgaoGr.exe
  C:\Windows\System\yAgaoGr.exe
  2⤵
  PID:3848
- C:\Windows\System\qqpTdtN.exe
  C:\Windows\System\qqpTdtN.exe
  2⤵
  PID:3828
- C:\Windows\System\eIqOtdg.exe
  C:\Windows\System\eIqOtdg.exe
  2⤵
  PID:3764
- C:\Windows\System\KDUuBUf.exe
  C:\Windows\System\KDUuBUf.exe
  2⤵
  PID:3988
- C:\Windows\System\tofSVww.exe
  C:\Windows\System\tofSVww.exe
  2⤵
  PID:3896
- C:\Windows\System\EOIeaYy.exe
  C:\Windows\System\EOIeaYy.exe
  2⤵
  PID:3972
- C:\Windows\System\BKeFyoS.exe
  C:\Windows\System\BKeFyoS.exe
  2⤵
  PID:4016
- C:\Windows\System\WMcjCAv.exe
  C:\Windows\System\WMcjCAv.exe
  2⤵
  PID:4032
- C:\Windows\System\YTKjOSN.exe
  C:\Windows\System\YTKjOSN.exe
  2⤵
  PID:4084
- C:\Windows\System\Meaeixl.exe
  C:\Windows\System\Meaeixl.exe
  2⤵
  PID:2912
- C:\Windows\System\ArZuAcy.exe
  C:\Windows\System\ArZuAcy.exe
  2⤵
  PID:1700
- C:\Windows\System\vzZGFiq.exe
  C:\Windows\System\vzZGFiq.exe
  2⤵
  PID:4072
- C:\Windows\System\QEpNIec.exe
  C:\Windows\System\QEpNIec.exe
  2⤵
  PID:3188
- C:\Windows\System\kiqMwom.exe
  C:\Windows\System\kiqMwom.exe
  2⤵
  PID:3280
- C:\Windows\System\LvcbvCZ.exe
  C:\Windows\System\LvcbvCZ.exe
  2⤵
  PID:3332
- C:\Windows\System\cxZGdai.exe
  C:\Windows\System\cxZGdai.exe
  2⤵
  PID:3228
- C:\Windows\System\JNqZMyA.exe
  C:\Windows\System\JNqZMyA.exe
  2⤵
  PID:3272
- C:\Windows\System\XGtNpTC.exe
  C:\Windows\System\XGtNpTC.exe
  2⤵
  PID:3356
- C:\Windows\System\zRlehHJ.exe
  C:\Windows\System\zRlehHJ.exe
  2⤵
  PID:3344
- C:\Windows\System\GwLlIbY.exe
  C:\Windows\System\GwLlIbY.exe
  2⤵
  PID:3376
- C:\Windows\System\QyeTlku.exe
  C:\Windows\System\QyeTlku.exe
  2⤵
  PID:3276
- C:\Windows\System\OXLeyWU.exe
  C:\Windows\System\OXLeyWU.exe
  2⤵
  PID:1740
- C:\Windows\System\FTBvogX.exe
  C:\Windows\System\FTBvogX.exe
  2⤵
  PID:2924
- C:\Windows\System\nVqMnBk.exe
  C:\Windows\System\nVqMnBk.exe
  2⤵
  PID:3544
- C:\Windows\System\nTzpqWZ.exe
  C:\Windows\System\nTzpqWZ.exe
  2⤵
  PID:2212
- C:\Windows\System\adkdXfw.exe
  C:\Windows\System\adkdXfw.exe
  2⤵
  PID:2504
- C:\Windows\System\blWHkhA.exe
  C:\Windows\System\blWHkhA.exe
  2⤵
  PID:3664
- C:\Windows\System\VBvMGVb.exe
  C:\Windows\System\VBvMGVb.exe
  2⤵
  PID:3636
- C:\Windows\System\VNEHQwE.exe
  C:\Windows\System\VNEHQwE.exe
  2⤵
  PID:3732
- C:\Windows\System\hRvsmZN.exe
  C:\Windows\System\hRvsmZN.exe
  2⤵
  PID:3804
- C:\Windows\System\HMqBUmP.exe
  C:\Windows\System\HMqBUmP.exe
  2⤵
  PID:3984
- C:\Windows\System\fGLyDPA.exe
  C:\Windows\System\fGLyDPA.exe
  2⤵
  PID:3880
- C:\Windows\System\wgzCRgx.exe
  C:\Windows\System\wgzCRgx.exe
  2⤵
  PID:3128
- C:\Windows\System\KlYMDBq.exe
  C:\Windows\System\KlYMDBq.exe
  2⤵
  PID:3184
- C:\Windows\System\LXsGKJc.exe
  C:\Windows\System\LXsGKJc.exe
  2⤵
  PID:3928
- C:\Windows\System\ISUbwbL.exe
  C:\Windows\System\ISUbwbL.exe
  2⤵
  PID:4004
- C:\Windows\System\MHLvzZI.exe
  C:\Windows\System\MHLvzZI.exe
  2⤵
  PID:3076
- C:\Windows\System\ZALeTNO.exe
  C:\Windows\System\ZALeTNO.exe
  2⤵
  PID:1824
- C:\Windows\System\OBiVvHy.exe
  C:\Windows\System\OBiVvHy.exe
  2⤵
  PID:436
- C:\Windows\System\QzjEdau.exe
  C:\Windows\System\QzjEdau.exe
  2⤵
  PID:1556
- C:\Windows\System\Yimsvzz.exe
  C:\Windows\System\Yimsvzz.exe
  2⤵
  PID:3452
- C:\Windows\System\NjOjgYO.exe
  C:\Windows\System\NjOjgYO.exe
  2⤵
  PID:3428
- C:\Windows\System\NPsEQTc.exe
  C:\Windows\System\NPsEQTc.exe
  2⤵
  PID:112
- C:\Windows\System\axOChIe.exe
  C:\Windows\System\axOChIe.exe
  2⤵
  PID:3716
- C:\Windows\System\QWNHUvY.exe
  C:\Windows\System\QWNHUvY.exe
  2⤵
  PID:3860
- C:\Windows\System\hDqNRzq.exe
  C:\Windows\System\hDqNRzq.exe
  2⤵
  PID:3936
- C:\Windows\System\DvLyEud.exe
  C:\Windows\System\DvLyEud.exe
  2⤵
  PID:1916
- C:\Windows\System\tliNBMY.exe
  C:\Windows\System\tliNBMY.exe
  2⤵
  PID:3956
- C:\Windows\System\FHQNfwW.exe
  C:\Windows\System\FHQNfwW.exe
  2⤵
  PID:3144
- C:\Windows\System\GWRJCes.exe
  C:\Windows\System\GWRJCes.exe
  2⤵
  PID:2808
- C:\Windows\System\fHgpXFw.exe
  C:\Windows\System\fHgpXFw.exe
  2⤵
  PID:1944
- C:\Windows\System\NRIvaOp.exe
  C:\Windows\System\NRIvaOp.exe
  2⤵
  PID:1240
- C:\Windows\System\aYIYhJk.exe
  C:\Windows\System\aYIYhJk.exe
  2⤵
  PID:3524
- C:\Windows\System\JYaZrjM.exe
  C:\Windows\System\JYaZrjM.exe
  2⤵
  PID:3784
- C:\Windows\System\KrtzTUn.exe
  C:\Windows\System\KrtzTUn.exe
  2⤵
  PID:4052
- C:\Windows\System\GTDpsXW.exe
  C:\Windows\System\GTDpsXW.exe
  2⤵
  PID:4000
- C:\Windows\System\cIwKVWM.exe
  C:\Windows\System\cIwKVWM.exe
  2⤵
  PID:3264
- C:\Windows\System\cHGhQwX.exe
  C:\Windows\System\cHGhQwX.exe
  2⤵
  PID:2080
- C:\Windows\System\lShyjLO.exe
  C:\Windows\System\lShyjLO.exe
  2⤵
  PID:4104
- C:\Windows\System\hDSLlUd.exe
  C:\Windows\System\hDSLlUd.exe
  2⤵
  PID:4124
- C:\Windows\System\tgCqtlS.exe
  C:\Windows\System\tgCqtlS.exe
  2⤵
  PID:4144
- C:\Windows\System\LinZKJK.exe
  C:\Windows\System\LinZKJK.exe
  2⤵
  PID:4160
- C:\Windows\System\mLZuzfk.exe
  C:\Windows\System\mLZuzfk.exe
  2⤵
  PID:4216
- C:\Windows\System\zSZQkPD.exe
  C:\Windows\System\zSZQkPD.exe
  2⤵
  PID:4240
- C:\Windows\System\sVIvhFv.exe
  C:\Windows\System\sVIvhFv.exe
  2⤵
  PID:4264
- C:\Windows\System\zdvbIuA.exe
  C:\Windows\System\zdvbIuA.exe
  2⤵
  PID:4288
- C:\Windows\System\ShgNVao.exe
  C:\Windows\System\ShgNVao.exe
  2⤵
  PID:4312
- C:\Windows\System\FbLbZGv.exe
  C:\Windows\System\FbLbZGv.exe
  2⤵
  PID:4336
- C:\Windows\System\dWfVhDk.exe
  C:\Windows\System\dWfVhDk.exe
  2⤵
  PID:4352
- C:\Windows\System\gbiLPxl.exe
  C:\Windows\System\gbiLPxl.exe
  2⤵
  PID:4368
- C:\Windows\System\iddPTNh.exe
  C:\Windows\System\iddPTNh.exe
  2⤵
  PID:4384
- C:\Windows\System\wksBSGB.exe
  C:\Windows\System\wksBSGB.exe
  2⤵
  PID:4404
- C:\Windows\System\qWOeuQJ.exe
  C:\Windows\System\qWOeuQJ.exe
  2⤵
  PID:4448
- C:\Windows\System\nktBzfq.exe
  C:\Windows\System\nktBzfq.exe
  2⤵
  PID:4468
- C:\Windows\System\modERql.exe
  C:\Windows\System\modERql.exe
  2⤵
  PID:4484
- C:\Windows\System\kQsQtPn.exe
  C:\Windows\System\kQsQtPn.exe
  2⤵
  PID:4504
- C:\Windows\System\xwiBjsJ.exe
  C:\Windows\System\xwiBjsJ.exe
  2⤵
  PID:4520
- C:\Windows\System\okiGney.exe
  C:\Windows\System\okiGney.exe
  2⤵
  PID:4540
- C:\Windows\System\tbQbkCc.exe
  C:\Windows\System\tbQbkCc.exe
  2⤵
  PID:4556
- C:\Windows\System\ghOcMVK.exe
  C:\Windows\System\ghOcMVK.exe
  2⤵
  PID:4572
- C:\Windows\System\RISsZKM.exe
  C:\Windows\System\RISsZKM.exe
  2⤵
  PID:4732
- C:\Windows\System\tmhprLF.exe
  C:\Windows\System\tmhprLF.exe
  2⤵
  PID:4748
- C:\Windows\System\fFFkCEY.exe
  C:\Windows\System\fFFkCEY.exe
  2⤵
  PID:4768
- C:\Windows\System\caKUXnt.exe
  C:\Windows\System\caKUXnt.exe
  2⤵
  PID:4784
- C:\Windows\System\QpkjqLA.exe
  C:\Windows\System\QpkjqLA.exe
  2⤵
  PID:4812
- C:\Windows\System\UIkOVVH.exe
  C:\Windows\System\UIkOVVH.exe
  2⤵
  PID:4828
- C:\Windows\System\fKHeLDB.exe
  C:\Windows\System\fKHeLDB.exe
  2⤵
  PID:4848
- C:\Windows\System\gdRfOxy.exe
  C:\Windows\System\gdRfOxy.exe
  2⤵
  PID:4864
- C:\Windows\System\NVzfeFF.exe
  C:\Windows\System\NVzfeFF.exe
  2⤵
  PID:4892
- C:\Windows\System\SbpYpav.exe
  C:\Windows\System\SbpYpav.exe
  2⤵
  PID:4912
- C:\Windows\System\VrsGFft.exe
  C:\Windows\System\VrsGFft.exe
  2⤵
  PID:4928
- C:\Windows\System\KFPGWrO.exe
  C:\Windows\System\KFPGWrO.exe
  2⤵
  PID:4944
- C:\Windows\System\fTPEQvo.exe
  C:\Windows\System\fTPEQvo.exe
  2⤵
  PID:4960
- C:\Windows\System\xkcUyEw.exe
  C:\Windows\System\xkcUyEw.exe
  2⤵
  PID:4988
- C:\Windows\System\lwPxZsR.exe
  C:\Windows\System\lwPxZsR.exe
  2⤵
  PID:5008
- C:\Windows\System\TPVFWqx.exe
  C:\Windows\System\TPVFWqx.exe
  2⤵
  PID:5024
- C:\Windows\System\ZTAtKBX.exe
  C:\Windows\System\ZTAtKBX.exe
  2⤵
  PID:5040
- C:\Windows\System\mvpHYCx.exe
  C:\Windows\System\mvpHYCx.exe
  2⤵
  PID:5068
- C:\Windows\System\GHnvuMr.exe
  C:\Windows\System\GHnvuMr.exe
  2⤵
  PID:5084
- C:\Windows\System\HdNosVr.exe
  C:\Windows\System\HdNosVr.exe
  2⤵
  PID:5100
- C:\Windows\System\iVPHCdd.exe
  C:\Windows\System\iVPHCdd.exe
  2⤵
  PID:3372
- C:\Windows\System\qCFTfXW.exe
  C:\Windows\System\qCFTfXW.exe
  2⤵
  PID:3892
- C:\Windows\System\faguZnh.exe
  C:\Windows\System\faguZnh.exe
  2⤵
  PID:4136
- C:\Windows\System\SUIZxzT.exe
  C:\Windows\System\SUIZxzT.exe
  2⤵
  PID:4176
- C:\Windows\System\DkJaopq.exe
  C:\Windows\System\DkJaopq.exe
  2⤵
  PID:4192
- C:\Windows\System\DyigMsl.exe
  C:\Windows\System\DyigMsl.exe
  2⤵
  PID:4232
- C:\Windows\System\sYtSbOd.exe
  C:\Windows\System\sYtSbOd.exe
  2⤵
  PID:4276
- C:\Windows\System\dXSywyZ.exe
  C:\Windows\System\dXSywyZ.exe
  2⤵
  PID:4324
- C:\Windows\System\ZMUVLNI.exe
  C:\Windows\System\ZMUVLNI.exe
  2⤵
  PID:4248
- C:\Windows\System\YHUqIUa.exe
  C:\Windows\System\YHUqIUa.exe
  2⤵
  PID:4308
- C:\Windows\System\wRAANtm.exe
  C:\Windows\System\wRAANtm.exe
  2⤵
  PID:3240
- C:\Windows\System\KufbuxF.exe
  C:\Windows\System\KufbuxF.exe
  2⤵
  PID:4392
- C:\Windows\System\ErgKiFj.exe
  C:\Windows\System\ErgKiFj.exe
  2⤵
  PID:4440
- C:\Windows\System\ItsZdmO.exe
  C:\Windows\System\ItsZdmO.exe
  2⤵
  PID:4424
- C:\Windows\System\KoyFdON.exe
  C:\Windows\System\KoyFdON.exe
  2⤵
  PID:4500
- C:\Windows\System\AbeWStK.exe
  C:\Windows\System\AbeWStK.exe
  2⤵
  PID:4536
- C:\Windows\System\zfJNTZS.exe
  C:\Windows\System\zfJNTZS.exe
  2⤵
  PID:4552
- C:\Windows\System\vtQVtTQ.exe
  C:\Windows\System\vtQVtTQ.exe
  2⤵
  PID:4596
- C:\Windows\System\IgGoHYJ.exe
  C:\Windows\System\IgGoHYJ.exe
  2⤵
  PID:4612
- C:\Windows\System\LQgWYWb.exe
  C:\Windows\System\LQgWYWb.exe
  2⤵
  PID:4632
- C:\Windows\System\aNoXLeQ.exe
  C:\Windows\System\aNoXLeQ.exe
  2⤵
  PID:4648
- C:\Windows\System\eOEGFmn.exe
  C:\Windows\System\eOEGFmn.exe
  2⤵
  PID:4692
- C:\Windows\System\ItHOydU.exe
  C:\Windows\System\ItHOydU.exe
  2⤵
  PID:4708
- C:\Windows\System\tAPzBxm.exe
  C:\Windows\System\tAPzBxm.exe
  2⤵
  PID:4720
- C:\Windows\System\icrCerR.exe
  C:\Windows\System\icrCerR.exe
  2⤵
  PID:4588
- C:\Windows\System\vzKwnuc.exe
  C:\Windows\System\vzKwnuc.exe
  2⤵
  PID:4820
- C:\Windows\System\jcrXsLz.exe
  C:\Windows\System\jcrXsLz.exe
  2⤵
  PID:4908
- C:\Windows\System\Yrrnuzy.exe
  C:\Windows\System\Yrrnuzy.exe
  2⤵
  PID:4872
- C:\Windows\System\bhnoZga.exe
  C:\Windows\System\bhnoZga.exe
  2⤵
  PID:4936
- C:\Windows\System\sOuZfrL.exe
  C:\Windows\System\sOuZfrL.exe
  2⤵
  PID:4984
- C:\Windows\System\EDFphxx.exe
  C:\Windows\System\EDFphxx.exe
  2⤵
  PID:5020
- C:\Windows\System\URnnXku.exe
  C:\Windows\System\URnnXku.exe
  2⤵
  PID:5092
- C:\Windows\System\ooPNaAu.exe
  C:\Windows\System\ooPNaAu.exe
  2⤵
  PID:4952
- C:\Windows\System\CcRgpUj.exe
  C:\Windows\System\CcRgpUj.exe
  2⤵
  PID:5000
- C:\Windows\System\ndeEeeU.exe
  C:\Windows\System\ndeEeeU.exe
  2⤵
  PID:5076
- C:\Windows\System\ykTFiBI.exe
  C:\Windows\System\ykTFiBI.exe
  2⤵
  PID:5116
- C:\Windows\System\KXAUtio.exe
  C:\Windows\System\KXAUtio.exe
  2⤵
  PID:4224
- C:\Windows\System\LtxjLxy.exe
  C:\Windows\System\LtxjLxy.exe
  2⤵
  PID:4320
- C:\Windows\System\HCGuSWi.exe
  C:\Windows\System\HCGuSWi.exe
  2⤵
  PID:4304
- C:\Windows\System\KDxWYrU.exe
  C:\Windows\System\KDxWYrU.exe
  2⤵
  PID:4460
- C:\Windows\System\honCHdN.exe
  C:\Windows\System\honCHdN.exe
  2⤵
  PID:4272
- C:\Windows\System\TJtKjzU.exe
  C:\Windows\System\TJtKjzU.exe
  2⤵
  PID:4532
- C:\Windows\System\MeaKrbE.exe
  C:\Windows\System\MeaKrbE.exe
  2⤵
  PID:4660
- C:\Windows\System\TaLmQnU.exe
  C:\Windows\System\TaLmQnU.exe
  2⤵
  PID:4172
- C:\Windows\System\KpcSHxw.exe
  C:\Windows\System\KpcSHxw.exe
  2⤵
  PID:4412
- C:\Windows\System\bILtXHa.exe
  C:\Windows\System\bILtXHa.exe
  2⤵
  PID:4432
- C:\Windows\System\hUMzffY.exe
  C:\Windows\System\hUMzffY.exe
  2⤵
  PID:4476
- C:\Windows\System\zbLHFyJ.exe
  C:\Windows\System\zbLHFyJ.exe
  2⤵
  PID:4548
- C:\Windows\System\XAMtzkv.exe
  C:\Windows\System\XAMtzkv.exe
  2⤵
  PID:4644
- C:\Windows\System\gktXZCn.exe
  C:\Windows\System\gktXZCn.exe
  2⤵
  PID:4716
- C:\Windows\System\xKaPQvr.exe
  C:\Windows\System\xKaPQvr.exe
  2⤵
  PID:4740
- C:\Windows\System\JlgfxTm.exe
  C:\Windows\System\JlgfxTm.exe
  2⤵
  PID:4252
- C:\Windows\System\HNaARIF.exe
  C:\Windows\System\HNaARIF.exe
  2⤵
  PID:4804
- C:\Windows\System\CofqBeZ.exe
  C:\Windows\System\CofqBeZ.exe
  2⤵
  PID:4844
- C:\Windows\System\JmVWOiP.exe
  C:\Windows\System\JmVWOiP.exe
  2⤵
  PID:4968
- C:\Windows\System\wwabOWZ.exe
  C:\Windows\System\wwabOWZ.exe
  2⤵
  PID:4112
- C:\Windows\System\jZiXpQO.exe
  C:\Windows\System\jZiXpQO.exe
  2⤵
  PID:5036
- C:\Windows\System\EvBassJ.exe
  C:\Windows\System\EvBassJ.exe
  2⤵
  PID:4200
- C:\Windows\System\MaGwGDW.exe
  C:\Windows\System\MaGwGDW.exe
  2⤵
  PID:4996
- C:\Windows\System\lRXAKwo.exe
  C:\Windows\System\lRXAKwo.exe
  2⤵
  PID:4228
- C:\Windows\System\OXrrRWE.exe
  C:\Windows\System\OXrrRWE.exe
  2⤵
  PID:4204
- C:\Windows\System\IrHRoAg.exe
  C:\Windows\System\IrHRoAg.exe
  2⤵
  PID:4444
- C:\Windows\System\LySePKD.exe
  C:\Windows\System\LySePKD.exe
  2⤵
  PID:4188
- C:\Windows\System\HKkAwrO.exe
  C:\Windows\System\HKkAwrO.exe
  2⤵
  PID:4676
- C:\Windows\System\SXvENXw.exe
  C:\Windows\System\SXvENXw.exe
  2⤵
  PID:5032
- C:\Windows\System\drUtPjo.exe
  C:\Windows\System\drUtPjo.exe
  2⤵
  PID:4328
- C:\Windows\System\VxovSFP.exe
  C:\Windows\System\VxovSFP.exe
  2⤵
  PID:4584
- C:\Windows\System\bmZruRt.exe
  C:\Windows\System\bmZruRt.exe
  2⤵
  PID:4364
- C:\Windows\System\DYeURzd.exe
  C:\Windows\System\DYeURzd.exe
  2⤵
  PID:4860
- C:\Windows\System\VoXszQv.exe
  C:\Windows\System\VoXszQv.exe
  2⤵
  PID:3548
- C:\Windows\System\qSVVebK.exe
  C:\Windows\System\qSVVebK.exe
  2⤵
  PID:4464
- C:\Windows\System\aHMwGZY.exe
  C:\Windows\System\aHMwGZY.exe
  2⤵
  PID:4904
- C:\Windows\System\oefgHdf.exe
  C:\Windows\System\oefgHdf.exe
  2⤵
  PID:4776
- C:\Windows\System\qmQQZfS.exe
  C:\Windows\System\qmQQZfS.exe
  2⤵
  PID:4976
- C:\Windows\System\NoepYkg.exe
  C:\Windows\System\NoepYkg.exe
  2⤵
  PID:4700
- C:\Windows\System\SWfpkPD.exe
  C:\Windows\System\SWfpkPD.exe
  2⤵
  PID:5052
- C:\Windows\System\DOzhwet.exe
  C:\Windows\System\DOzhwet.exe
  2⤵
  PID:4608
- C:\Windows\System\yGokKWM.exe
  C:\Windows\System\yGokKWM.exe
  2⤵
  PID:4808
- C:\Windows\System\wGueaco.exe
  C:\Windows\System\wGueaco.exe
  2⤵
  PID:4792
- C:\Windows\System\SrJFVVK.exe
  C:\Windows\System\SrJFVVK.exe
  2⤵
  PID:5064
- C:\Windows\System\QGVTnbv.exe
  C:\Windows\System\QGVTnbv.exe
  2⤵
  PID:4420
- C:\Windows\System\xVhjTFZ.exe
  C:\Windows\System\xVhjTFZ.exe
  2⤵
  PID:4100
- C:\Windows\System\esUWuJy.exe
  C:\Windows\System\esUWuJy.exe
  2⤵
  PID:4728
- C:\Windows\System\GChknrm.exe
  C:\Windows\System\GChknrm.exe
  2⤵
  PID:5132
- C:\Windows\System\NgJkvhs.exe
  C:\Windows\System\NgJkvhs.exe
  2⤵
  PID:5148
- C:\Windows\System\gPuhQos.exe
  C:\Windows\System\gPuhQos.exe
  2⤵
  PID:5164
- C:\Windows\System\pIUyZmL.exe
  C:\Windows\System\pIUyZmL.exe
  2⤵
  PID:5184
- C:\Windows\System\dkrdAWz.exe
  C:\Windows\System\dkrdAWz.exe
  2⤵
  PID:5204
- C:\Windows\System\qgAcTDW.exe
  C:\Windows\System\qgAcTDW.exe
  2⤵
  PID:5220
- C:\Windows\System\dQpxMiL.exe
  C:\Windows\System\dQpxMiL.exe
  2⤵
  PID:5244
- C:\Windows\System\xryUTcC.exe
  C:\Windows\System\xryUTcC.exe
  2⤵
  PID:5272
- C:\Windows\System\nNBgwxl.exe
  C:\Windows\System\nNBgwxl.exe
  2⤵
  PID:5288
- C:\Windows\System\KHfXYkl.exe
  C:\Windows\System\KHfXYkl.exe
  2⤵
  PID:5316
- C:\Windows\System\ShjzIwR.exe
  C:\Windows\System\ShjzIwR.exe
  2⤵
  PID:5332
- C:\Windows\System\QwxvWdN.exe
  C:\Windows\System\QwxvWdN.exe
  2⤵
  PID:5348
- C:\Windows\System\UFdyXbx.exe
  C:\Windows\System\UFdyXbx.exe
  2⤵
  PID:5368
- C:\Windows\System\SmqOTwG.exe
  C:\Windows\System\SmqOTwG.exe
  2⤵
  PID:5396
- C:\Windows\System\LivfDxZ.exe
  C:\Windows\System\LivfDxZ.exe
  2⤵
  PID:5416
- C:\Windows\System\cPRvAna.exe
  C:\Windows\System\cPRvAna.exe
  2⤵
  PID:5436
- C:\Windows\System\KcmNzjl.exe
  C:\Windows\System\KcmNzjl.exe
  2⤵
  PID:5452
- C:\Windows\System\OHPBPwb.exe
  C:\Windows\System\OHPBPwb.exe
  2⤵
  PID:5480
- C:\Windows\System\YEQJpbb.exe
  C:\Windows\System\YEQJpbb.exe
  2⤵
  PID:5496
- C:\Windows\System\yUNSYwN.exe
  C:\Windows\System\yUNSYwN.exe
  2⤵
  PID:5516
- C:\Windows\System\QpQetkw.exe
  C:\Windows\System\QpQetkw.exe
  2⤵
  PID:5532
- C:\Windows\System\fNMTfMy.exe
  C:\Windows\System\fNMTfMy.exe
  2⤵
  PID:5552
- C:\Windows\System\QyPmspc.exe
  C:\Windows\System\QyPmspc.exe
  2⤵
  PID:5576
- C:\Windows\System\UTBhWIK.exe
  C:\Windows\System\UTBhWIK.exe
  2⤵
  PID:5604
- C:\Windows\System\MnrFUXv.exe
  C:\Windows\System\MnrFUXv.exe
  2⤵
  PID:5620
- C:\Windows\System\nhvzdpX.exe
  C:\Windows\System\nhvzdpX.exe
  2⤵
  PID:5636
- C:\Windows\System\aPKnqss.exe
  C:\Windows\System\aPKnqss.exe
  2⤵
  PID:5656
- C:\Windows\System\TQWPNYp.exe
  C:\Windows\System\TQWPNYp.exe
  2⤵
  PID:5672
- C:\Windows\System\iuBZhVV.exe
  C:\Windows\System\iuBZhVV.exe
  2⤵
  PID:5688
- C:\Windows\System\hXQHUeU.exe
  C:\Windows\System\hXQHUeU.exe
  2⤵
  PID:5704
- C:\Windows\System\qVSFysJ.exe
  C:\Windows\System\qVSFysJ.exe
  2⤵
  PID:5736
- C:\Windows\System\UJfAcQw.exe
  C:\Windows\System\UJfAcQw.exe
  2⤵
  PID:5764
- C:\Windows\System\sdTUVrk.exe
  C:\Windows\System\sdTUVrk.exe
  2⤵
  PID:5780
- C:\Windows\System\unRIWjd.exe
  C:\Windows\System\unRIWjd.exe
  2⤵
  PID:5796
- C:\Windows\System\OajDkbf.exe
  C:\Windows\System\OajDkbf.exe
  2⤵
  PID:5816
- C:\Windows\System\oZujIsD.exe
  C:\Windows\System\oZujIsD.exe
  2⤵
  PID:5832
- C:\Windows\System\bdaAsRT.exe
  C:\Windows\System\bdaAsRT.exe
  2⤵
  PID:5848
- C:\Windows\System\OvBHSDd.exe
  C:\Windows\System\OvBHSDd.exe
  2⤵
  PID:5872
- C:\Windows\System\eaVJNXz.exe
  C:\Windows\System\eaVJNXz.exe
  2⤵
  PID:5896
- C:\Windows\System\EHPnUWn.exe
  C:\Windows\System\EHPnUWn.exe
  2⤵
  PID:5916
- C:\Windows\System\SbgxCbt.exe
  C:\Windows\System\SbgxCbt.exe
  2⤵
  PID:5936
- C:\Windows\System\HywQHsR.exe
  C:\Windows\System\HywQHsR.exe
  2⤵
  PID:5956
- C:\Windows\System\WtCLmlW.exe
  C:\Windows\System\WtCLmlW.exe
  2⤵
  PID:5984
- C:\Windows\System\DyAfkeZ.exe
  C:\Windows\System\DyAfkeZ.exe
  2⤵
  PID:6000
- C:\Windows\System\fVprmid.exe
  C:\Windows\System\fVprmid.exe
  2⤵
  PID:6016
- C:\Windows\System\FNyRQzw.exe
  C:\Windows\System\FNyRQzw.exe
  2⤵
  PID:6036
- C:\Windows\System\AhdRbyb.exe
  C:\Windows\System\AhdRbyb.exe
  2⤵
  PID:6052
- C:\Windows\System\TyRqFOF.exe
  C:\Windows\System\TyRqFOF.exe
  2⤵
  PID:6084
- C:\Windows\System\DUhivKx.exe
  C:\Windows\System\DUhivKx.exe
  2⤵
  PID:6100
- C:\Windows\System\LbohEdc.exe
  C:\Windows\System\LbohEdc.exe
  2⤵
  PID:6120
- C:\Windows\System\wkiPsph.exe
  C:\Windows\System\wkiPsph.exe
  2⤵
  PID:6136
- C:\Windows\System\zkgymuS.exe
  C:\Windows\System\zkgymuS.exe
  2⤵
  PID:5124
- C:\Windows\System\WtwGDIy.exe
  C:\Windows\System\WtwGDIy.exe
  2⤵
  PID:4664
- C:\Windows\System\WUdMnWD.exe
  C:\Windows\System\WUdMnWD.exe
  2⤵
  PID:5212
- C:\Windows\System\jtJYSMd.exe
  C:\Windows\System\jtJYSMd.exe
  2⤵
  PID:5172
- C:\Windows\System\bCSVFPk.exe
  C:\Windows\System\bCSVFPk.exe
  2⤵
  PID:5264
- C:\Windows\System\xnrtHIr.exe
  C:\Windows\System\xnrtHIr.exe
  2⤵
  PID:5304
- C:\Windows\System\baXgxoN.exe
  C:\Windows\System\baXgxoN.exe
  2⤵
  PID:5284
- C:\Windows\System\SwqCOnl.exe
  C:\Windows\System\SwqCOnl.exe
  2⤵
  PID:5328
- C:\Windows\System\VfjwBsw.exe
  C:\Windows\System\VfjwBsw.exe
  2⤵
  PID:5364
- C:\Windows\System\WUGSfkm.exe
  C:\Windows\System\WUGSfkm.exe
  2⤵
  PID:5392
- C:\Windows\System\OFdqfnQ.exe
  C:\Windows\System\OFdqfnQ.exe
  2⤵
  PID:5444
- C:\Windows\System\BidlOVw.exe
  C:\Windows\System\BidlOVw.exe
  2⤵
  PID:5432
- C:\Windows\System\eysuXdr.exe
  C:\Windows\System\eysuXdr.exe
  2⤵
  PID:4656
- C:\Windows\System\sURwsvK.exe
  C:\Windows\System\sURwsvK.exe
  2⤵
  PID:5504
- C:\Windows\System\oFLHyIQ.exe
  C:\Windows\System\oFLHyIQ.exe
  2⤵
  PID:5512
- C:\Windows\System\sXHsuGQ.exe
  C:\Windows\System\sXHsuGQ.exe
  2⤵
  PID:5548
- C:\Windows\System\RWQguhQ.exe
  C:\Windows\System\RWQguhQ.exe
  2⤵
  PID:5592
- C:\Windows\System\CqAjBST.exe
  C:\Windows\System\CqAjBST.exe
  2⤵
  PID:5588
- C:\Windows\System\oJYSYNU.exe
  C:\Windows\System\oJYSYNU.exe
  2⤵
  PID:5632
- C:\Windows\System\uSzajQI.exe
  C:\Windows\System\uSzajQI.exe
  2⤵
  PID:5716
- C:\Windows\System\zNDQBts.exe
  C:\Windows\System\zNDQBts.exe
  2⤵
  PID:5680
- C:\Windows\System\SfiFCBH.exe
  C:\Windows\System\SfiFCBH.exe
  2⤵
  PID:5760
- C:\Windows\System\CfAaRzo.exe
  C:\Windows\System\CfAaRzo.exe
  2⤵
  PID:5840
- C:\Windows\System\AfdgEqk.exe
  C:\Windows\System\AfdgEqk.exe
  2⤵
  PID:5884
- C:\Windows\System\ASyRYwt.exe
  C:\Windows\System\ASyRYwt.exe
  2⤵
  PID:5972
- C:\Windows\System\tjUdTRI.exe
  C:\Windows\System\tjUdTRI.exe
  2⤵
  PID:5788
- C:\Windows\System\zEVlhhf.exe
  C:\Windows\System\zEVlhhf.exe
  2⤵
  PID:6008
- C:\Windows\System\HYkniFx.exe
  C:\Windows\System\HYkniFx.exe
  2⤵
  PID:5912
- C:\Windows\System\vDZihwY.exe
  C:\Windows\System\vDZihwY.exe
  2⤵
  PID:5992
- C:\Windows\System\BcgbRrw.exe
  C:\Windows\System\BcgbRrw.exe
  2⤵
  PID:6032
- C:\Windows\System\DcEKceV.exe
  C:\Windows\System\DcEKceV.exe
  2⤵
  PID:6068
- C:\Windows\System\NAwFqhe.exe
  C:\Windows\System\NAwFqhe.exe
  2⤵
  PID:6128
- C:\Windows\System\AeRreJd.exe
  C:\Windows\System\AeRreJd.exe
  2⤵
  PID:6108
- C:\Windows\System\PEUqFVc.exe
  C:\Windows\System\PEUqFVc.exe
  2⤵
  PID:5192
- C:\Windows\System\wFgCoBx.exe
  C:\Windows\System\wFgCoBx.exe
  2⤵
  PID:4796
- C:\Windows\System\fjtsWld.exe
  C:\Windows\System\fjtsWld.exe
  2⤵
  PID:5232
- C:\Windows\System\IGReSxJ.exe
  C:\Windows\System\IGReSxJ.exe
  2⤵
  PID:5196
- C:\Windows\System\gEzaBEY.exe
  C:\Windows\System\gEzaBEY.exe
  2⤵
  PID:5300
- C:\Windows\System\hCkwpot.exe
  C:\Windows\System\hCkwpot.exe
  2⤵
  PID:5384
- C:\Windows\System\hpTZrsN.exe
  C:\Windows\System\hpTZrsN.exe
  2⤵
  PID:5428
- C:\Windows\System\vEsvIEM.exe
  C:\Windows\System\vEsvIEM.exe
  2⤵
  PID:5540
- C:\Windows\System\qXxrEVF.exe
  C:\Windows\System\qXxrEVF.exe
  2⤵
  PID:5712
- C:\Windows\System\RygXOjr.exe
  C:\Windows\System\RygXOjr.exe
  2⤵
  PID:5652
- C:\Windows\System\kBzQXJN.exe
  C:\Windows\System\kBzQXJN.exe
  2⤵
  PID:5600
- C:\Windows\System\IKyDqQQ.exe
  C:\Windows\System\IKyDqQQ.exe
  2⤵
  PID:5808
- C:\Windows\System\ttRduWr.exe
  C:\Windows\System\ttRduWr.exe
  2⤵
  PID:5824
- C:\Windows\System\KnjbiXg.exe
  C:\Windows\System\KnjbiXg.exe
  2⤵
  PID:5696
- C:\Windows\System\cmEcNLp.exe
  C:\Windows\System\cmEcNLp.exe
  2⤵
  PID:5732
- C:\Windows\System\hIupmkp.exe
  C:\Windows\System\hIupmkp.exe
  2⤵
  PID:5968
- C:\Windows\System\KYsLAnV.exe
  C:\Windows\System\KYsLAnV.exe
  2⤵
  PID:6048
- C:\Windows\System\syjoIxv.exe
  C:\Windows\System\syjoIxv.exe
  2⤵
  PID:6024
- C:\Windows\System\iaCNQgW.exe
  C:\Windows\System\iaCNQgW.exe
  2⤵
  PID:6076
- C:\Windows\System\wllcOBz.exe
  C:\Windows\System\wllcOBz.exe
  2⤵
  PID:4628
- C:\Windows\System\iNdbvMb.exe
  C:\Windows\System\iNdbvMb.exe
  2⤵
  PID:5128
- C:\Windows\System\dbLRoZS.exe
  C:\Windows\System\dbLRoZS.exe
  2⤵
  PID:5376
- C:\Windows\System\pOMrvPc.exe
  C:\Windows\System\pOMrvPc.exe
  2⤵
  PID:5344
- C:\Windows\System\qGGImER.exe
  C:\Windows\System\qGGImER.exe
  2⤵
  PID:5412
- C:\Windows\System\YPPNKwL.exe
  C:\Windows\System\YPPNKwL.exe
  2⤵
  PID:5700
- C:\Windows\System\TrlJRqi.exe
  C:\Windows\System\TrlJRqi.exe
  2⤵
  PID:5932
- C:\Windows\System\VeHFNSk.exe
  C:\Windows\System\VeHFNSk.exe
  2⤵
  PID:5752
- C:\Windows\System\hOkMrLG.exe
  C:\Windows\System\hOkMrLG.exe
  2⤵
  PID:5868
- C:\Windows\System\BWVWBZP.exe
  C:\Windows\System\BWVWBZP.exe
  2⤵
  PID:6044
- C:\Windows\System\kXYtCwe.exe
  C:\Windows\System\kXYtCwe.exe
  2⤵
  PID:6112
- C:\Windows\System\jujBIVX.exe
  C:\Windows\System\jujBIVX.exe
  2⤵
  PID:5952
- C:\Windows\System\eqAXfIr.exe
  C:\Windows\System\eqAXfIr.exe
  2⤵
  PID:5380
- C:\Windows\System\kmpMuTs.exe
  C:\Windows\System\kmpMuTs.exe
  2⤵
  PID:6092
- C:\Windows\System\SnDGUGA.exe
  C:\Windows\System\SnDGUGA.exe
  2⤵
  PID:5664
- C:\Windows\System\eBNArMd.exe
  C:\Windows\System\eBNArMd.exe
  2⤵
  PID:5144
- C:\Windows\System\SijQdSx.exe
  C:\Windows\System\SijQdSx.exe
  2⤵
  PID:5748
- C:\Windows\System\eEPHCDh.exe
  C:\Windows\System\eEPHCDh.exe
  2⤵
  PID:5528
- C:\Windows\System\jdVuYGu.exe
  C:\Windows\System\jdVuYGu.exe
  2⤵
  PID:5056
- C:\Windows\System\JpSoRbe.exe
  C:\Windows\System\JpSoRbe.exe
  2⤵
  PID:5160
- C:\Windows\System\gNzcAPi.exe
  C:\Windows\System\gNzcAPi.exe
  2⤵
  PID:6096
- C:\Windows\System\mwdLzMG.exe
  C:\Windows\System\mwdLzMG.exe
  2⤵
  PID:5720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPcBOEx.exe

Filesize
6.0MB

MD5
14604381a15bd3c110d630fcff70ffa9

SHA1
4d2cd69d432afd2017207193c628fced2c480b7e

SHA256
14fe8d1c1ce7a4c7b8091f6c81e5445261d19a544650b51974cca226dbe4a2be

SHA512
0890faa157bf390be1bc4ff599ad0fd5de91d7d4ed670cfe96ac9a7eb4adf302947d1869ffe89c53641f53b5a5f3ff40a90018b5bc952aad850bd47d0e0322a8

Download Submit
C:\Windows\system\BaiAlUr.exe

Filesize
6.0MB

MD5
9a9e46aace000abdaf48ec2a222ac387

SHA1
719eb07b562869fdc3c234155e9bfefb895606fe

SHA256
280fba4db4b51474cb0191c038bd61fbbd8938a4af4b8e82cadb63d28d8098ff

SHA512
57eeae8bc8ca197c887d6e1b6a3f254f3efb2900432a410f9b0f38e690e4573844a4514bdb0c3710ac241421c6c9f4e4a898601b17fd5ca73402fe46d2cf8fd0

Download Submit
C:\Windows\system\CXKUHkF.exe

Filesize
6.0MB

MD5
862dca61164cd201c35611b860972e0b

SHA1
1b57e762bdfc9d862ba3ae8dff2ef8d00d6d0591

SHA256
dcce9246df2ed7bd646933799022def8df30d320e6741c9900693f494c9b8acf

SHA512
530e7aef10f0fe587ca655a3b84625d8c4a547a6453532553f5478b8465c264a46ca802d87656a7ca320a7842aabc7d3721691b3796990ab0fbd24b928e3dc98

Download Submit
C:\Windows\system\HOxneZY.exe

Filesize
6.0MB

MD5
e1eb1bee2018c8ecdd924336899a2578

SHA1
d04f0353669ae447e156b353cbed5e7f5ffc25b9

SHA256
15f8094354f13c5259990104d2b331a404a4dee7cd6feb4901dfef7fee6ff531

SHA512
f19fd98f5825ac84073e1e6b6722ffd7de5e44ed4d287e9bcafa8071129c867d68d34f24e78fbacec1a48d19e07917c7e0cb0280c1fb8b161f284dbd3d41a081

Download Submit
C:\Windows\system\IZnrGBP.exe

Filesize
6.0MB

MD5
6d951af4044ef05fb4762b2daa97d285

SHA1
3a5a7f49aaef2fd0f8fde74153902d3a18ace0c1

SHA256
814b4d3bd3ed127592959ea38e41e4e146a20a9ed20746eccf35c989a55623a1

SHA512
76d86debcaa1fc21e88b870bc127f4d262e278dd45f7d28ec6e4f22100cdf21b6fa856dae0b6a7e7137751c3ec399cf62b3e4090bfe0774c4c84fa28d4e7db7e

Download Submit
C:\Windows\system\LYlJOmW.exe

Filesize
6.0MB

MD5
14a6f048ed66ef8d698bc9303fc0086b

SHA1
4de4423fccf6d6ea7a1637fb3406a6bb2df61a1d

SHA256
b199968b901bb82b046c60c201ed6c3823536ca8c7b4e8a28b777e05b582ae5d

SHA512
dad802cbe1d59238e0507b67faa9f0ca820c4976d51be1375bb64754f50f93a0b2d7620a393322f28bb4cd358a79b4cda8983a878f72ee2499902dbcfb95f5b8

Download Submit
C:\Windows\system\LklJHqN.exe

Filesize
6.0MB

MD5
fd06385b24116245374289094b002c71

SHA1
229538fb2149a1e01a7ae62e4e0cde711a5fe3ef

SHA256
05fee69d57f5744bf33f99e928ac67c182c385ca10bf0c08cb7e780f074ab855

SHA512
11b1af48e8bf863d3ef9db35418e9ebd5ce40514f064f99c162115f84d5184d4aed536e1031a1ece9c9f083c3ecc4f12ed169e7c1ceb0477d425dac24b776abe

Download Submit
C:\Windows\system\MGojxmI.exe

Filesize
6.0MB

MD5
c89f3d61f654936cf164e760781052c4

SHA1
04e00552e97865ce9b5cbd51472ed5141283bcbf

SHA256
997d9a4b07b4375de88d4391cbfed8b271d0f632f83655947d85a4c24e3a4711

SHA512
f62ceaa6f0506dd0dee2a41c4486d1a0e2c7c04b28e0529d436c1bfa65415abc6da163f33f1a6fc902d240540deb181af16fc369203a75ae0b60fe8ade1fae39

Download Submit
C:\Windows\system\MOphFaB.exe

Filesize
6.0MB

MD5
26c0b18d2633e84584c987867b340649

SHA1
f4fda124d11e54d2ee884d9ac91fa74c80823013

SHA256
a489515ded9dd8d2b32faefd47a59ba1b7cd0bc0cc7078ab7a03d37e35ee853e

SHA512
2ca13bcfaddab61c5a2d9fa93ef28d8af7329993b33ca5251d81e384beab22b80ff31a05a945a10dc130405abea7755821589fe7180da7a2e871b3734011cabb

Download Submit
C:\Windows\system\NyDBUtg.exe

Filesize
6.0MB

MD5
d2f68a207f2950cd5d12333782c240de

SHA1
fac1283f58c0d07e2995fa409495d3cf7d4376e4

SHA256
b7b1f217ec6f5f1447f95fe0220b0b548a659780bf9aeef8633cbdd2f3b37e18

SHA512
81d42cdb9949d9362e521a70d60987aed2b0a181359515499afa8da224c48784bec9e365ed5dcc7c36e386a46df514969f03dbb8fab709d0ea3d1241be839e0f

Download Submit
C:\Windows\system\OLhSJcr.exe

Filesize
6.0MB

MD5
95e7715cafe97a43fb4d351699ec8280

SHA1
4b84b16949fe8cd61ebe107d23554c359afa259f

SHA256
faacf7c629f80d61035dc3bc8030a0a5de4e9e8647ffb6c02db1e81bc0fd056b

SHA512
848581c1bc2e5b01d0a76c91399427d2568b673d5378ed7bae0549bd2de9dfe753c6c9be679619fbe76828425e1b3d403af59b8176f42a1fd7771e31b8765e31

Download Submit
C:\Windows\system\OXXwnrk.exe

Filesize
6.0MB

MD5
62fda277e66126987eaf0b3ba15bccb6

SHA1
86ee047a4f52bc8f20e334ae18274ad60a61738d

SHA256
56444e63355fb0e248917b4a94d3dc088bf67f066ebfed3b39197773c68c49a1

SHA512
2e95b4bc300cd40dcfde13c0d8bbfc0408e1bcab3d04bc037fec767ca72e5fcca4097461b76a5ed4e6a798ce041f2155769ac81616c5cb2feea71a6fe969534a

Download Submit
C:\Windows\system\RFWozFf.exe

Filesize
6.0MB

MD5
a28b8afdbfeb244b2bb88a7735124669

SHA1
94076bc76a608a0ef924b6136543fe7cb4e894b5

SHA256
c37278cafdd37f045cc696a3a314748daf10471a1ff9271ee39c855b419756f2

SHA512
b5caf0aab27f18b3247a4553cde49e3d8a38aa2e7ba19f30897ec26d0595b062bcb996ebfc46b5911124e5d2f2c3422e27b69cc3add4fc2f17471da3395aa038

Download Submit
C:\Windows\system\SsMZrYI.exe

Filesize
6.0MB

MD5
ceb7d5b22fc834d8e8b22ee2054d1eb1

SHA1
a5872cdccc60c8007ee4460df70c4222b4b9b6ba

SHA256
07b0778a3a03bf635d2cf94f97c26d1d69b1cdfc3027a452e1347cde5f7938b4

SHA512
7ffaacc5de46b5ebd983bd2e249880e4af56327511375fd60e5efa952919184be25d7a8c23ef367330d60a0ce0592c15af73c88e539770b09a54e9531627ceb0

Download Submit
C:\Windows\system\TJsUpwH.exe

Filesize
6.0MB

MD5
01a66a520d53838d89462bc64d5d0eeb

SHA1
a98ed46f75fec5f62c1d2e704c75fc125b7ada74

SHA256
69cb71d0cb9f6406685d8e4335653c9cb0f19328c5fd1b7b72c6ccb1fe98da54

SHA512
0c19a0fb0af6f69d7046cabe44a8461f435b57810c5411099f2e8ecf0781364a4f482f8685e1bd1dd57c726c633be8bed36a8968ca5f1c84541e6e411902b06b

Download Submit
C:\Windows\system\aFIkIBb.exe

Filesize
6.0MB

MD5
1fba1edc2f9d24d10d9358ff7d45e3b5

SHA1
28270987c3d6bf9efad920e154bcd43e8d192183

SHA256
dc4c3034969ae9c488b47980ac21b9457abed83fcf08a8011b2e2176c9d36cb2

SHA512
b0259b38bdbf96b020326f713f52c919f3358cad63786f8fcc14a6b6315ba1816d956147ee6cfefa8b177272bbc6d3fa607c0371961042f57fa22f0da75d86a3

Download Submit
C:\Windows\system\aZTSzvg.exe

Filesize
6.0MB

MD5
0707efd4e46eacbdb4e56eccaeeadaa8

SHA1
bc9cefd232f48d846cb3a1518d3d9c4bffed0fef

SHA256
a590664b028628c24e8e26905942318a3d9fb1b14e3f0fed70bd969c84cff2da

SHA512
0e4522e4de09e9726b9511b4ad4bbcd7d4d0d6fd2b6052cd65207446f0eae0fc8116e92b99b3adf90a3f116c1a666abf53244e0c6e77e63b29fcddfe61c34375

Download Submit
C:\Windows\system\dSWfdGv.exe

Filesize
6.0MB

MD5
d2b4ad22567ad1dca43e6d10f6acb36e

SHA1
335c28b4137cc80180234dfdc9f43d710534b0ad

SHA256
fd07ab8d387c8a7f0276739807e4073b16ff26f86d06b5c80ad01c5b44f25456

SHA512
701ceb80aa4cbd6a243ab227aae6126f485d8dce82df5acadebf4159655006af8b4fe7baa5a50f2fb09c9de3cf5217a3b972988c98a75d71ae26f4f8ed56226b

Download Submit
C:\Windows\system\eImBKna.exe

Filesize
6.0MB

MD5
aa832e0e2ad658564effd156bc3e5fdc

SHA1
0c2c7e07168194d688ce8e34966d25e735643001

SHA256
cca84990aacfb9132c6541dce4e6005d2b0fa709a05e0319e9fbc67a406f66fd

SHA512
bb9ed074d3d964a2b45bd6b47f45fe6d263e45c0d6c151fea0396778bb1489d37e4f091a1790bf2ada3d9bb0bcbb9f9463d900543f625f493af4ab7c04d22724

Download Submit
C:\Windows\system\jrLFIcK.exe

Filesize
6.0MB

MD5
42647d748685fe492be6f975768f340c

SHA1
84e1f1b8d8b7593a6ace4b89eb2fd28fd268ebb3

SHA256
6a3064bb68b054fe5d05966a962d26bdbd66cf8a7bd1545a8d5df4d245238e98

SHA512
a4dcb3e500e02dc928e0bf86376017947dceb961a8ef2bd2908b826874dbf2375e2c5c1fbe09042ca7f32fbeb2408183c6693f95d97fcba371c3808e8cf03f58

Download Submit
C:\Windows\system\lSBqVKx.exe

Filesize
6.0MB

MD5
4154a1408a0e3fdcc19108274e5c6948

SHA1
5c5126d5c5201ac71ad9d1ab8156be0abd67cbc8

SHA256
bc579848bc12cd0439666afab6e66ca8dae1b7f7110c659fed3db83439d8bbee

SHA512
316fd33aecd308d45806f650cb7b527acbda02807643a28dae88653c60d349219cd9dae47e64bdfc2934a8f1e05d1642d0a509d6469a7f2175b1bddf351b17d3

Download Submit
C:\Windows\system\qtNiGDf.exe

Filesize
6.0MB

MD5
6244de805baece594dd7dec9d70b9af0

SHA1
8b5e41275538dfaca630160cf322f66f3bae01f0

SHA256
666b026fb7db3b1fa5006b9a0c575100fc732437b5ea2b9462925ae9229339f3

SHA512
306e5a9e81395196ffaa8feaa8f405ba002ca2ad2cd2be4ba6352c315075057c8ac22a63f7b38cf8db4555f942efe361c413db24589d02b2933f75de7d69cc13

Download Submit
C:\Windows\system\rfRGQsa.exe

Filesize
6.0MB

MD5
a39a80c5268c18c4bb7ec0852344bf97

SHA1
d5d5d84c8ff50c2c0fe15bfc358586b0a4a954c7

SHA256
b3061d517c0c41a7aa9e080891072b6b3f73a55569a07143b98ff8934b7a790f

SHA512
5102cf199eb42cbf819707e5e6ea432b17f977d8a305d99b08667edda5a4b1879e418270a5a2de03f88afee491a2d6fa1970c86bf094c162a49ea0ed8795e46f

Download Submit
\Windows\system\BGLXdia.exe

Filesize
6.0MB

MD5
0897cd0f0834d15f8c5513d37824bffa

SHA1
77bb30d22120d6b1de1f884eaeea9435542d0d84

SHA256
8aa9c9a26a1d26b5b84b0fd805b869c2365c0296c6b96dc6e0cb134c7182aac3

SHA512
f676d90ddc2820f2a403db04b330173889c1bc5446a4904816ab6f4d098e8c0e1bb8ac5a66a8cae4a3c1087f71c323a467d19b0d187900b31cc2889626ee9e3d

Download Submit
\Windows\system\PTsfXlV.exe

Filesize
6.0MB

MD5
1d6db74d791283b937ac5941c389108e

SHA1
94e643fdb1b783043ac0b8c4a068272ba2779a5f

SHA256
db09d186c78c797f6b986f7c573df08359176279c9dd909db33936cc00b6fca9

SHA512
e8d0ee3ef4c25bdc327506910f0351ab307d3659556d49300aa0306944a680a5fe4d59d644b263c5ba4125aec310b6d2c75ccda9aee9437600966c3050b08306

Download Submit
\Windows\system\SsTIREX.exe

Filesize
6.0MB

MD5
e0b179595b584698cbb95fad363a0521

SHA1
576c4d27db91992302cc7013a06208ee6eb7d04b

SHA256
9a1cc2fb2d7914f68e61a6d212cffb19ffe51c5b5ba7c27a545bb70deef9d054

SHA512
3a76b0406bf090a1fc16c55a7f7de78dd3f5e86673250ae2a343b0cab1f6adca132651958061aa14442be2cd417d9c66191195d5852e3b761f17958bb271bce2

Download Submit
\Windows\system\dahJTLf.exe

Filesize
6.0MB

MD5
374178e2c70dbd04b4fd5bf1f7da70dd

SHA1
7a1c69c1289eaee7e8b5a8d0fc871550ec3f1a6d

SHA256
0a30070b7080e7d3e3440efb7c939fae5bbf3c1543c22cae759f4a2f563c0aee

SHA512
5f12bf79b2343fd8cfa7880fcca886be6a9d140e53129e54857529b0e4f02e7944bbf34c5b13802b21005be107689f6fefde8c083b415026556967ce47ffb1c1

Download Submit
\Windows\system\emmJuYC.exe

Filesize
6.0MB

MD5
d992b1152a3e0edf899e0e2909d12343

SHA1
9daf4991d61384765bc7a393d0c365e79cb661bc

SHA256
6ec4d38e0676f684860f660dc87ffeeb33fa76793f17a45d3495bebc9df9c5b2

SHA512
58483837c9e15ec0f9c4226afb3b898e025e173f0659cd35bb3163167d50cc9c9d05c095162205ea897af0aa82923be7bdf2eda6e0b798098498bd46e1187ef9

Download Submit
\Windows\system\foidcAa.exe

Filesize
6.0MB

MD5
2056c6889a778b96b9fd3980acb386b1

SHA1
a7b0c3acbdcda400474aaccd855e8eb06ba3e63b

SHA256
a8ad48199402b7bc6fad390df98cfc146f9c39b98ccbab721c76b463a989d190

SHA512
04c307a2d034b082ebd020b340fc2dda92c25c4ba0881803d9ae1f16fb75da90743689b13fc5f43dae3c37c204f7fdb7bb5c675f0a852802feb924b238594c70

Download Submit
\Windows\system\pEDQSnv.exe

Filesize
6.0MB

MD5
de967915e94138e85b65aaa1b3543ecb

SHA1
db05c6624951fb3dc8604c8b68210965a969f65e

SHA256
23e18ad9fb3c2382810b24ff2fad656432830426759e9d62719f81f5d8e38359

SHA512
3ed3c48c35ada40ecc1bc1db9da56502ba357a73b1cff2105f916ae9435109ae65ded3e86b9732d5b941056b6c26bc74b0462cd724f4b7126a2da1069c7fb3ce

Download Submit
\Windows\system\rZWBPIN.exe

Filesize
6.0MB

MD5
c593cdffa6f5c3982ee28c1149cb3f0c

SHA1
96a9c505e3a0f9f1174d4ebcfccb328cdf7a38af

SHA256
bfbd62e2a257fda5af0ec90d8478a8eecf9b0968f157d668011b530c81892593

SHA512
8fb71dd3e7ae144e7de72d51f659e64112a6963ebb279eecd571d78fe2f3aa935428fa48fa1ee599401c3f96951979e8539cc87dd18950fb4d310b00bd4499df

Download Submit
\Windows\system\tquQcoH.exe

Filesize
6.0MB

MD5
72d17d0e8d6b40b9cd07519dd1392bad

SHA1
7121e572f06aeb40bd5c3e090908d0677ad0f8df

SHA256
605e1f8b4546e7c127b82e6fc36fd665b48e9f43e05dd35490236bf85c2490be

SHA512
4fcd8f06c584492f40aacfd3f618dd5330a3ca89d94d8961ec474866c5a96f8fb2eccecb8277a86d424eacd2f37ea7f357c7c8a4459b393e87b273c1831b0704

Download Submit
memory/1976-1176-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1976-34-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1343-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2124-98-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2292-36-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2292-1186-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2320-35-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2320-184-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2320-80-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-79-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2320-17-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-93-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2320-60-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-56-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-40-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-100-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2320-38-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2320-105-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2320-62-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2320-61-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-0-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-48-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2320-50-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-306-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2320-279-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2320-181-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2320-82-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2320-49-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2324-37-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1193-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2372-307-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1345-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2372-94-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2500-39-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1189-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1179-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2556-45-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1344-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2652-92-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1266-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-57-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-91-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-81-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1316-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1194-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2788-41-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1208-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-51-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1315-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2800-74-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2956-308-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2956-102-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1364-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download