cobaltstrike | d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
Size

6.0MB
MD5

56f77a2a3a97469c694f466c81c7dc0f
SHA1

99667bf3847779dd8135cc86aad806e9fe8e7a0e
SHA256

d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359
SHA512

082b57b07a4f075ef98d40e9629a96e08731e70334e0d52f12c5548bf2e42df0c80e52230b2be1a42ca54d5efa4152653c63381889e9c70f5061c00a83ee49d5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b27-4.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7c-9.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7d-17.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b7e-23.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b79-30.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b80-35.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b82-45.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b85-62.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b84-66.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b88-83.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8e-112.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b99-138.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb6-173.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023bb9-177.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000023bb4-169.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023bb0-163.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023baf-158.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023ba9-153.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000023ba7-148.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b9b-143.dat	cobalt_reflective_dll
behavioral2/files/0x000c000000023b91-130.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b90-127.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023b8f-123.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8d-113.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8c-107.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8b-103.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b8a-97.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b89-93.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b87-87.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b86-77.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b83-60.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023b81-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1840-0-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b27-4.dat	xmrig
behavioral2/files/0x000a000000023b7c-9.dat	xmrig
behavioral2/memory/4036-11-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7d-17.dat	xmrig
behavioral2/memory/4180-18-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp	xmrig
behavioral2/memory/4736-6-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7e-23.dat	xmrig
behavioral2/memory/1456-24-0x00007FF757C60000-0x00007FF757FB4000-memory.dmp	xmrig
behavioral2/memory/1608-32-0x00007FF63B530000-0x00007FF63B884000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b79-30.dat	xmrig
behavioral2/files/0x000a000000023b80-35.dat	xmrig
behavioral2/memory/3688-38-0x00007FF69D2A0000-0x00007FF69D5F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-45.dat	xmrig
behavioral2/memory/348-56-0x00007FF666EE0000-0x00007FF667234000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b85-62.dat	xmrig
behavioral2/files/0x000a000000023b84-66.dat	xmrig
behavioral2/files/0x000a000000023b88-83.dat	xmrig
behavioral2/files/0x000a000000023b8e-112.dat	xmrig
behavioral2/files/0x000a000000023b99-138.dat	xmrig
behavioral2/files/0x0008000000023bb6-173.dat	xmrig
behavioral2/memory/4832-786-0x00007FF6393E0000-0x00007FF639734000-memory.dmp	xmrig
behavioral2/memory/4216-784-0x00007FF758050000-0x00007FF7583A4000-memory.dmp	xmrig
behavioral2/memory/2044-792-0x00007FF78E7B0000-0x00007FF78EB04000-memory.dmp	xmrig
behavioral2/memory/4880-791-0x00007FF6AF460000-0x00007FF6AF7B4000-memory.dmp	xmrig
behavioral2/memory/400-924-0x00007FF65BCF0000-0x00007FF65C044000-memory.dmp	xmrig
behavioral2/memory/3112-932-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp	xmrig
behavioral2/memory/4036-930-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp	xmrig
behavioral2/memory/3612-929-0x00007FF63F890000-0x00007FF63FBE4000-memory.dmp	xmrig
behavioral2/memory/4652-927-0x00007FF704C60000-0x00007FF704FB4000-memory.dmp	xmrig
behavioral2/memory/4836-923-0x00007FF668E10000-0x00007FF669164000-memory.dmp	xmrig
behavioral2/memory/3312-922-0x00007FF6AD420000-0x00007FF6AD774000-memory.dmp	xmrig
behavioral2/memory/1436-918-0x00007FF7BFF00000-0x00007FF7C0254000-memory.dmp	xmrig
behavioral2/memory/1012-917-0x00007FF7D51E0000-0x00007FF7D5534000-memory.dmp	xmrig
behavioral2/memory/392-914-0x00007FF7F36D0000-0x00007FF7F3A24000-memory.dmp	xmrig
behavioral2/memory/3984-794-0x00007FF675210000-0x00007FF675564000-memory.dmp	xmrig
behavioral2/memory/5084-793-0x00007FF6898B0000-0x00007FF689C04000-memory.dmp	xmrig
behavioral2/memory/4464-788-0x00007FF6B5130000-0x00007FF6B5484000-memory.dmp	xmrig
behavioral2/memory/4000-787-0x00007FF7898F0000-0x00007FF789C44000-memory.dmp	xmrig
behavioral2/memory/4180-938-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bb9-177.dat	xmrig
behavioral2/files/0x000e000000023bb4-169.dat	xmrig
behavioral2/files/0x0009000000023bb0-163.dat	xmrig
behavioral2/files/0x0009000000023baf-158.dat	xmrig
behavioral2/files/0x0008000000023ba9-153.dat	xmrig
behavioral2/files/0x0012000000023ba7-148.dat	xmrig
behavioral2/files/0x000b000000023b9b-143.dat	xmrig
behavioral2/files/0x000c000000023b91-130.dat	xmrig
behavioral2/files/0x000a000000023b90-127.dat	xmrig
behavioral2/files/0x000b000000023b8f-123.dat	xmrig
behavioral2/files/0x000a000000023b8d-113.dat	xmrig
behavioral2/files/0x000a000000023b8c-107.dat	xmrig
behavioral2/files/0x000a000000023b8b-103.dat	xmrig
behavioral2/files/0x000a000000023b8a-97.dat	xmrig
behavioral2/files/0x000a000000023b89-93.dat	xmrig
behavioral2/files/0x000a000000023b87-87.dat	xmrig
behavioral2/files/0x000a000000023b86-77.dat	xmrig
behavioral2/memory/4736-76-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp	xmrig
behavioral2/memory/3644-75-0x00007FF6D91B0000-0x00007FF6D9504000-memory.dmp	xmrig
behavioral2/memory/5072-70-0x00007FF710750000-0x00007FF710AA4000-memory.dmp	xmrig
behavioral2/memory/1840-69-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp	xmrig
behavioral2/memory/3648-64-0x00007FF679850000-0x00007FF679BA4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b83-60.dat	xmrig
behavioral2/files/0x000a000000023b81-49.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4736	cqzkzQY.exe
4036	TTQsMef.exe
4180	ErdGoqb.exe
1456	pDiMntU.exe
1608	LduVOWQ.exe
3688	ZAjtqcy.exe
4952	cOKEUfP.exe
1860	PGcyxix.exe
348	CGhvxCM.exe
5072	MFEsvaA.exe
3648	MOKmKyN.exe
3644	jgzKthI.exe
3112	GpnZAeb.exe
4216	mHecTxB.exe
4832	BDWQlHn.exe
4000	mpgXENX.exe
4464	XcZaydc.exe
4880	UBmJtwm.exe
2044	DBftXiC.exe
5084	MxMBMEp.exe
3984	PwkmNnG.exe
392	qdWiWrQ.exe
1012	yGJOdgp.exe
1436	BVtwYsF.exe
3312	AMjOcAY.exe
4836	ujCkYvY.exe
400	JgbPRLX.exe
4652	UzaeRhs.exe
3612	NlTXGJm.exe
2012	YAfvdBj.exe
804	gjZyRBy.exe
4116	WpnEjbG.exe
3640	VoZdaIh.exe
1864	PIiohGE.exe
2892	rYegMhU.exe
2776	QHsZWMb.exe
1732	ItEjyMj.exe
624	RfuzEPz.exe
2072	pPSuluN.exe
3412	WSIIPhW.exe
3564	qdiELst.exe
2512	rJmIClk.exe
4796	RyUZqAi.exe
3684	kBhprvo.exe
4072	caPQRqP.exe
3544	XlYZZlI.exe
1800	SyGNQKT.exe
4784	bFpPfXd.exe
4424	XNczFTl.exe
3392	EIJgtvW.exe
412	MaqtSFw.exe
4604	zstqNTB.exe
2940	drVwTNQ.exe
2480	IpaMVkG.exe
2460	DAGHzIU.exe
3672	TDZofxG.exe
4480	RhbgyZN.exe
4256	sGLTstv.exe
3160	NfwBirP.exe
4980	CiUVaNb.exe
4636	oWYNTJA.exe
3316	dJSputA.exe
2396	dtXqFyH.exe
3660	jEFPXlb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1840-0-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp	upx
behavioral2/files/0x000c000000023b27-4.dat	upx
behavioral2/files/0x000a000000023b7c-9.dat	upx
behavioral2/memory/4036-11-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-17.dat	upx
behavioral2/memory/4180-18-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp	upx
behavioral2/memory/4736-6-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-23.dat	upx
behavioral2/memory/1456-24-0x00007FF757C60000-0x00007FF757FB4000-memory.dmp	upx
behavioral2/memory/1608-32-0x00007FF63B530000-0x00007FF63B884000-memory.dmp	upx
behavioral2/files/0x000b000000023b79-30.dat	upx
behavioral2/files/0x000a000000023b80-35.dat	upx
behavioral2/memory/3688-38-0x00007FF69D2A0000-0x00007FF69D5F4000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-45.dat	upx
behavioral2/memory/348-56-0x00007FF666EE0000-0x00007FF667234000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-62.dat	upx
behavioral2/files/0x000a000000023b84-66.dat	upx
behavioral2/files/0x000a000000023b88-83.dat	upx
behavioral2/files/0x000a000000023b8e-112.dat	upx
behavioral2/files/0x000a000000023b99-138.dat	upx
behavioral2/files/0x0008000000023bb6-173.dat	upx
behavioral2/memory/4832-786-0x00007FF6393E0000-0x00007FF639734000-memory.dmp	upx
behavioral2/memory/4216-784-0x00007FF758050000-0x00007FF7583A4000-memory.dmp	upx
behavioral2/memory/2044-792-0x00007FF78E7B0000-0x00007FF78EB04000-memory.dmp	upx
behavioral2/memory/4880-791-0x00007FF6AF460000-0x00007FF6AF7B4000-memory.dmp	upx
behavioral2/memory/400-924-0x00007FF65BCF0000-0x00007FF65C044000-memory.dmp	upx
behavioral2/memory/3112-932-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp	upx
behavioral2/memory/4036-930-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp	upx
behavioral2/memory/3612-929-0x00007FF63F890000-0x00007FF63FBE4000-memory.dmp	upx
behavioral2/memory/4652-927-0x00007FF704C60000-0x00007FF704FB4000-memory.dmp	upx
behavioral2/memory/4836-923-0x00007FF668E10000-0x00007FF669164000-memory.dmp	upx
behavioral2/memory/3312-922-0x00007FF6AD420000-0x00007FF6AD774000-memory.dmp	upx
behavioral2/memory/1436-918-0x00007FF7BFF00000-0x00007FF7C0254000-memory.dmp	upx
behavioral2/memory/1012-917-0x00007FF7D51E0000-0x00007FF7D5534000-memory.dmp	upx
behavioral2/memory/392-914-0x00007FF7F36D0000-0x00007FF7F3A24000-memory.dmp	upx
behavioral2/memory/3984-794-0x00007FF675210000-0x00007FF675564000-memory.dmp	upx
behavioral2/memory/5084-793-0x00007FF6898B0000-0x00007FF689C04000-memory.dmp	upx
behavioral2/memory/4464-788-0x00007FF6B5130000-0x00007FF6B5484000-memory.dmp	upx
behavioral2/memory/4000-787-0x00007FF7898F0000-0x00007FF789C44000-memory.dmp	upx
behavioral2/memory/4180-938-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp	upx
behavioral2/files/0x0008000000023bb9-177.dat	upx
behavioral2/files/0x000e000000023bb4-169.dat	upx
behavioral2/files/0x0009000000023bb0-163.dat	upx
behavioral2/files/0x0009000000023baf-158.dat	upx
behavioral2/files/0x0008000000023ba9-153.dat	upx
behavioral2/files/0x0012000000023ba7-148.dat	upx
behavioral2/files/0x000b000000023b9b-143.dat	upx
behavioral2/files/0x000c000000023b91-130.dat	upx
behavioral2/files/0x000a000000023b90-127.dat	upx
behavioral2/files/0x000b000000023b8f-123.dat	upx
behavioral2/files/0x000a000000023b8d-113.dat	upx
behavioral2/files/0x000a000000023b8c-107.dat	upx
behavioral2/files/0x000a000000023b8b-103.dat	upx
behavioral2/files/0x000a000000023b8a-97.dat	upx
behavioral2/files/0x000a000000023b89-93.dat	upx
behavioral2/files/0x000a000000023b87-87.dat	upx
behavioral2/files/0x000a000000023b86-77.dat	upx
behavioral2/memory/4736-76-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp	upx
behavioral2/memory/3644-75-0x00007FF6D91B0000-0x00007FF6D9504000-memory.dmp	upx
behavioral2/memory/5072-70-0x00007FF710750000-0x00007FF710AA4000-memory.dmp	upx
behavioral2/memory/1840-69-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp	upx
behavioral2/memory/3648-64-0x00007FF679850000-0x00007FF679BA4000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-60.dat	upx
behavioral2/files/0x000a000000023b81-49.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZWfxsFS.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\QtFgccF.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\eMnYunj.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\FbSjxxl.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\sASgJim.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\CSJRdRY.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\pDiMntU.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\OxcXcpk.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\wMQRcDD.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\heEriLk.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\zwVzbjw.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\qxEhebX.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\RQMJYZW.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\zaOCzRu.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\MxtCTaU.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\zJyUMBa.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\RjySQZf.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\LVZFmwg.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\tAovUqe.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\kBhprvo.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\SyGNQKT.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\nOEAsKA.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\dHKFJST.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\dxpUrtT.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\zYpsdDx.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\WmIByNu.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\QBxsJnR.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\UYcfuMr.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\urlDnYM.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\lRtxAMm.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\cqBPCZd.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\TMsCgTk.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\ONgILrJ.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\rLjvxEm.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\bFpPfXd.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\JDndOyZ.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\kIBHTwH.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\JbVtzGf.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\gVGDJmZ.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\ueSRZNH.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\wEpaKKV.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\UBmJtwm.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\ZUWuZVr.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\qPEmkAk.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\vxSFaCh.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\aWkyUwp.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\IcZpCCf.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\jfeFRKU.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\kzEKkdF.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\KtNDPYc.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\gcMoaND.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\gjZyRBy.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\FUKPZxT.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\mIxIZOC.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\wbkMRfu.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\LBMEaJg.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\PhgZiJK.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\ogFNVaS.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\KuRtcSi.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\gFIsfcJ.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\JDAKbFd.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\WRonBJy.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\fMDHAxZ.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
File created	C:\Windows\System\SFXeiln.exe	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4736	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	84
PID 1840 wrote to memory of 4736	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	84
PID 1840 wrote to memory of 4036	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	85
PID 1840 wrote to memory of 4036	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	85
PID 1840 wrote to memory of 4180	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	86
PID 1840 wrote to memory of 4180	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	86
PID 1840 wrote to memory of 1456	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	87
PID 1840 wrote to memory of 1456	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	87
PID 1840 wrote to memory of 1608	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	88
PID 1840 wrote to memory of 1608	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	88
PID 1840 wrote to memory of 3688	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	89
PID 1840 wrote to memory of 3688	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	89
PID 1840 wrote to memory of 4952	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	90
PID 1840 wrote to memory of 4952	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	90
PID 1840 wrote to memory of 1860	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	91
PID 1840 wrote to memory of 1860	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	91
PID 1840 wrote to memory of 348	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	92
PID 1840 wrote to memory of 348	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	92
PID 1840 wrote to memory of 5072	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	93
PID 1840 wrote to memory of 5072	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	93
PID 1840 wrote to memory of 3648	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	94
PID 1840 wrote to memory of 3648	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	94
PID 1840 wrote to memory of 3644	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	95
PID 1840 wrote to memory of 3644	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	95
PID 1840 wrote to memory of 4216	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	96
PID 1840 wrote to memory of 4216	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	96
PID 1840 wrote to memory of 3112	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	97
PID 1840 wrote to memory of 3112	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	97
PID 1840 wrote to memory of 4832	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	98
PID 1840 wrote to memory of 4832	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	98
PID 1840 wrote to memory of 4000	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	99
PID 1840 wrote to memory of 4000	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	99
PID 1840 wrote to memory of 4464	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	100
PID 1840 wrote to memory of 4464	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	100
PID 1840 wrote to memory of 4880	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	101
PID 1840 wrote to memory of 4880	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	101
PID 1840 wrote to memory of 2044	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	102
PID 1840 wrote to memory of 2044	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	102
PID 1840 wrote to memory of 5084	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	103
PID 1840 wrote to memory of 5084	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	103
PID 1840 wrote to memory of 3984	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	104
PID 1840 wrote to memory of 3984	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	104
PID 1840 wrote to memory of 392	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	105
PID 1840 wrote to memory of 392	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	105
PID 1840 wrote to memory of 1012	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	106
PID 1840 wrote to memory of 1012	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	106
PID 1840 wrote to memory of 1436	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	107
PID 1840 wrote to memory of 1436	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	107
PID 1840 wrote to memory of 3312	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	108
PID 1840 wrote to memory of 3312	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	108
PID 1840 wrote to memory of 4836	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	109
PID 1840 wrote to memory of 4836	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	109
PID 1840 wrote to memory of 400	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	110
PID 1840 wrote to memory of 400	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	110
PID 1840 wrote to memory of 4652	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	111
PID 1840 wrote to memory of 4652	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	111
PID 1840 wrote to memory of 3612	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	112
PID 1840 wrote to memory of 3612	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	112
PID 1840 wrote to memory of 2012	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	113
PID 1840 wrote to memory of 2012	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	113
PID 1840 wrote to memory of 804	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	114
PID 1840 wrote to memory of 804	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	114
PID 1840 wrote to memory of 4116	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	115
PID 1840 wrote to memory of 4116	1840	d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe	115

C:\Users\Admin\AppData\Local\Temp\d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe
"C:\Users\Admin\AppData\Local\Temp\d80293b3f6c03c1741a3019847ed9ea12d490b109e7cbe20532620e61f072359.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\System\cqzkzQY.exe
  C:\Windows\System\cqzkzQY.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\TTQsMef.exe
  C:\Windows\System\TTQsMef.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\ErdGoqb.exe
  C:\Windows\System\ErdGoqb.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\pDiMntU.exe
  C:\Windows\System\pDiMntU.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\LduVOWQ.exe
  C:\Windows\System\LduVOWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ZAjtqcy.exe
  C:\Windows\System\ZAjtqcy.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\cOKEUfP.exe
  C:\Windows\System\cOKEUfP.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\PGcyxix.exe
  C:\Windows\System\PGcyxix.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\CGhvxCM.exe
  C:\Windows\System\CGhvxCM.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\MFEsvaA.exe
  C:\Windows\System\MFEsvaA.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\MOKmKyN.exe
  C:\Windows\System\MOKmKyN.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\jgzKthI.exe
  C:\Windows\System\jgzKthI.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\mHecTxB.exe
  C:\Windows\System\mHecTxB.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\GpnZAeb.exe
  C:\Windows\System\GpnZAeb.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\BDWQlHn.exe
  C:\Windows\System\BDWQlHn.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\mpgXENX.exe
  C:\Windows\System\mpgXENX.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\XcZaydc.exe
  C:\Windows\System\XcZaydc.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\UBmJtwm.exe
  C:\Windows\System\UBmJtwm.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\DBftXiC.exe
  C:\Windows\System\DBftXiC.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\MxMBMEp.exe
  C:\Windows\System\MxMBMEp.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\PwkmNnG.exe
  C:\Windows\System\PwkmNnG.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\qdWiWrQ.exe
  C:\Windows\System\qdWiWrQ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\yGJOdgp.exe
  C:\Windows\System\yGJOdgp.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\BVtwYsF.exe
  C:\Windows\System\BVtwYsF.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\AMjOcAY.exe
  C:\Windows\System\AMjOcAY.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\ujCkYvY.exe
  C:\Windows\System\ujCkYvY.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\JgbPRLX.exe
  C:\Windows\System\JgbPRLX.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\UzaeRhs.exe
  C:\Windows\System\UzaeRhs.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\NlTXGJm.exe
  C:\Windows\System\NlTXGJm.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\YAfvdBj.exe
  C:\Windows\System\YAfvdBj.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\gjZyRBy.exe
  C:\Windows\System\gjZyRBy.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\WpnEjbG.exe
  C:\Windows\System\WpnEjbG.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\VoZdaIh.exe
  C:\Windows\System\VoZdaIh.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\PIiohGE.exe
  C:\Windows\System\PIiohGE.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\rYegMhU.exe
  C:\Windows\System\rYegMhU.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\QHsZWMb.exe
  C:\Windows\System\QHsZWMb.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ItEjyMj.exe
  C:\Windows\System\ItEjyMj.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\RfuzEPz.exe
  C:\Windows\System\RfuzEPz.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\pPSuluN.exe
  C:\Windows\System\pPSuluN.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\WSIIPhW.exe
  C:\Windows\System\WSIIPhW.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\qdiELst.exe
  C:\Windows\System\qdiELst.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\rJmIClk.exe
  C:\Windows\System\rJmIClk.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\RyUZqAi.exe
  C:\Windows\System\RyUZqAi.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\kBhprvo.exe
  C:\Windows\System\kBhprvo.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\caPQRqP.exe
  C:\Windows\System\caPQRqP.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\XlYZZlI.exe
  C:\Windows\System\XlYZZlI.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\SyGNQKT.exe
  C:\Windows\System\SyGNQKT.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\bFpPfXd.exe
  C:\Windows\System\bFpPfXd.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\XNczFTl.exe
  C:\Windows\System\XNczFTl.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\EIJgtvW.exe
  C:\Windows\System\EIJgtvW.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\MaqtSFw.exe
  C:\Windows\System\MaqtSFw.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\zstqNTB.exe
  C:\Windows\System\zstqNTB.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\drVwTNQ.exe
  C:\Windows\System\drVwTNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\IpaMVkG.exe
  C:\Windows\System\IpaMVkG.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\DAGHzIU.exe
  C:\Windows\System\DAGHzIU.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TDZofxG.exe
  C:\Windows\System\TDZofxG.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\RhbgyZN.exe
  C:\Windows\System\RhbgyZN.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\sGLTstv.exe
  C:\Windows\System\sGLTstv.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\NfwBirP.exe
  C:\Windows\System\NfwBirP.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\CiUVaNb.exe
  C:\Windows\System\CiUVaNb.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\oWYNTJA.exe
  C:\Windows\System\oWYNTJA.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\dJSputA.exe
  C:\Windows\System\dJSputA.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\dtXqFyH.exe
  C:\Windows\System\dtXqFyH.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\jEFPXlb.exe
  C:\Windows\System\jEFPXlb.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\VkrDPBJ.exe
  C:\Windows\System\VkrDPBJ.exe
  2⤵
  PID:1592
- C:\Windows\System\BHqazdN.exe
  C:\Windows\System\BHqazdN.exe
  2⤵
  PID:4508
- C:\Windows\System\RwBeJrC.exe
  C:\Windows\System\RwBeJrC.exe
  2⤵
  PID:1976
- C:\Windows\System\zJLCQJT.exe
  C:\Windows\System\zJLCQJT.exe
  2⤵
  PID:3452
- C:\Windows\System\DRnZxzG.exe
  C:\Windows\System\DRnZxzG.exe
  2⤵
  PID:2436
- C:\Windows\System\ASNSAcq.exe
  C:\Windows\System\ASNSAcq.exe
  2⤵
  PID:4380
- C:\Windows\System\FcYowVs.exe
  C:\Windows\System\FcYowVs.exe
  2⤵
  PID:4892
- C:\Windows\System\gFIsfcJ.exe
  C:\Windows\System\gFIsfcJ.exe
  2⤵
  PID:4456
- C:\Windows\System\GtvXouC.exe
  C:\Windows\System\GtvXouC.exe
  2⤵
  PID:1560
- C:\Windows\System\BjnrHHS.exe
  C:\Windows\System\BjnrHHS.exe
  2⤵
  PID:1724
- C:\Windows\System\fzDsmXM.exe
  C:\Windows\System\fzDsmXM.exe
  2⤵
  PID:4368
- C:\Windows\System\fSWDtJU.exe
  C:\Windows\System\fSWDtJU.exe
  2⤵
  PID:2520
- C:\Windows\System\ESOtJVC.exe
  C:\Windows\System\ESOtJVC.exe
  2⤵
  PID:3028
- C:\Windows\System\ZACyErj.exe
  C:\Windows\System\ZACyErj.exe
  2⤵
  PID:1356
- C:\Windows\System\NlsYedw.exe
  C:\Windows\System\NlsYedw.exe
  2⤵
  PID:4032
- C:\Windows\System\oLKRIAp.exe
  C:\Windows\System\oLKRIAp.exe
  2⤵
  PID:448
- C:\Windows\System\FUKPZxT.exe
  C:\Windows\System\FUKPZxT.exe
  2⤵
  PID:1716
- C:\Windows\System\oUkOmbx.exe
  C:\Windows\System\oUkOmbx.exe
  2⤵
  PID:2108
- C:\Windows\System\RHtBzsp.exe
  C:\Windows\System\RHtBzsp.exe
  2⤵
  PID:2040
- C:\Windows\System\JDAKbFd.exe
  C:\Windows\System\JDAKbFd.exe
  2⤵
  PID:3900
- C:\Windows\System\ayTUxqA.exe
  C:\Windows\System\ayTUxqA.exe
  2⤵
  PID:1516
- C:\Windows\System\RBolXiU.exe
  C:\Windows\System\RBolXiU.exe
  2⤵
  PID:548
- C:\Windows\System\ogFNVaS.exe
  C:\Windows\System\ogFNVaS.exe
  2⤵
  PID:4376
- C:\Windows\System\sMQlLoD.exe
  C:\Windows\System\sMQlLoD.exe
  2⤵
  PID:216
- C:\Windows\System\xjqVokm.exe
  C:\Windows\System\xjqVokm.exe
  2⤵
  PID:4288
- C:\Windows\System\zaOCzRu.exe
  C:\Windows\System\zaOCzRu.exe
  2⤵
  PID:1308
- C:\Windows\System\QtFgccF.exe
  C:\Windows\System\QtFgccF.exe
  2⤵
  PID:5152
- C:\Windows\System\tgaOpkA.exe
  C:\Windows\System\tgaOpkA.exe
  2⤵
  PID:5168
- C:\Windows\System\vGXqeIU.exe
  C:\Windows\System\vGXqeIU.exe
  2⤵
  PID:5196
- C:\Windows\System\puovxqL.exe
  C:\Windows\System\puovxqL.exe
  2⤵
  PID:5224
- C:\Windows\System\xAEnGCu.exe
  C:\Windows\System\xAEnGCu.exe
  2⤵
  PID:5252
- C:\Windows\System\eEsSDIF.exe
  C:\Windows\System\eEsSDIF.exe
  2⤵
  PID:5280
- C:\Windows\System\CllFPFq.exe
  C:\Windows\System\CllFPFq.exe
  2⤵
  PID:5308
- C:\Windows\System\IcZpCCf.exe
  C:\Windows\System\IcZpCCf.exe
  2⤵
  PID:5336
- C:\Windows\System\UWTyqex.exe
  C:\Windows\System\UWTyqex.exe
  2⤵
  PID:5364
- C:\Windows\System\KYVcYYG.exe
  C:\Windows\System\KYVcYYG.exe
  2⤵
  PID:5392
- C:\Windows\System\fuDsErY.exe
  C:\Windows\System\fuDsErY.exe
  2⤵
  PID:5420
- C:\Windows\System\GPDFKeU.exe
  C:\Windows\System\GPDFKeU.exe
  2⤵
  PID:5448
- C:\Windows\System\myJNHmB.exe
  C:\Windows\System\myJNHmB.exe
  2⤵
  PID:5488
- C:\Windows\System\GddMZDU.exe
  C:\Windows\System\GddMZDU.exe
  2⤵
  PID:5516
- C:\Windows\System\ydNIRmu.exe
  C:\Windows\System\ydNIRmu.exe
  2⤵
  PID:5544
- C:\Windows\System\WRonBJy.exe
  C:\Windows\System\WRonBJy.exe
  2⤵
  PID:5572
- C:\Windows\System\yAQvebx.exe
  C:\Windows\System\yAQvebx.exe
  2⤵
  PID:5600
- C:\Windows\System\lnhBlEO.exe
  C:\Windows\System\lnhBlEO.exe
  2⤵
  PID:5628
- C:\Windows\System\fwcTJfx.exe
  C:\Windows\System\fwcTJfx.exe
  2⤵
  PID:5644
- C:\Windows\System\kVFxPIP.exe
  C:\Windows\System\kVFxPIP.exe
  2⤵
  PID:5672
- C:\Windows\System\NvIuxNE.exe
  C:\Windows\System\NvIuxNE.exe
  2⤵
  PID:5720
- C:\Windows\System\vsXAeVT.exe
  C:\Windows\System\vsXAeVT.exe
  2⤵
  PID:5748
- C:\Windows\System\AfxZtnN.exe
  C:\Windows\System\AfxZtnN.exe
  2⤵
  PID:5780
- C:\Windows\System\JTHnHLL.exe
  C:\Windows\System\JTHnHLL.exe
  2⤵
  PID:5796
- C:\Windows\System\CMoAjHp.exe
  C:\Windows\System\CMoAjHp.exe
  2⤵
  PID:5824
- C:\Windows\System\HNtxEIS.exe
  C:\Windows\System\HNtxEIS.exe
  2⤵
  PID:5852
- C:\Windows\System\aTzCxDu.exe
  C:\Windows\System\aTzCxDu.exe
  2⤵
  PID:5880
- C:\Windows\System\jpwAKrK.exe
  C:\Windows\System\jpwAKrK.exe
  2⤵
  PID:5908
- C:\Windows\System\KuEttIA.exe
  C:\Windows\System\KuEttIA.exe
  2⤵
  PID:5936
- C:\Windows\System\vWtWDqR.exe
  C:\Windows\System\vWtWDqR.exe
  2⤵
  PID:5964
- C:\Windows\System\bZxWzDx.exe
  C:\Windows\System\bZxWzDx.exe
  2⤵
  PID:6004
- C:\Windows\System\jfeFRKU.exe
  C:\Windows\System\jfeFRKU.exe
  2⤵
  PID:6032
- C:\Windows\System\jGxVgrZ.exe
  C:\Windows\System\jGxVgrZ.exe
  2⤵
  PID:6060
- C:\Windows\System\pYKkQHx.exe
  C:\Windows\System\pYKkQHx.exe
  2⤵
  PID:6076
- C:\Windows\System\KLtuPNM.exe
  C:\Windows\System\KLtuPNM.exe
  2⤵
  PID:6108
- C:\Windows\System\YIoAtQg.exe
  C:\Windows\System\YIoAtQg.exe
  2⤵
  PID:6132
- C:\Windows\System\kANVRkz.exe
  C:\Windows\System\kANVRkz.exe
  2⤵
  PID:2536
- C:\Windows\System\tNseSRC.exe
  C:\Windows\System\tNseSRC.exe
  2⤵
  PID:456
- C:\Windows\System\VLScgiS.exe
  C:\Windows\System\VLScgiS.exe
  2⤵
  PID:4668
- C:\Windows\System\KDeiVyO.exe
  C:\Windows\System\KDeiVyO.exe
  2⤵
  PID:5180
- C:\Windows\System\lhTXDpx.exe
  C:\Windows\System\lhTXDpx.exe
  2⤵
  PID:5240
- C:\Windows\System\AVXLmBf.exe
  C:\Windows\System\AVXLmBf.exe
  2⤵
  PID:5300
- C:\Windows\System\YBpufpH.exe
  C:\Windows\System\YBpufpH.exe
  2⤵
  PID:5376
- C:\Windows\System\MuCpGDc.exe
  C:\Windows\System\MuCpGDc.exe
  2⤵
  PID:5436
- C:\Windows\System\vktXAra.exe
  C:\Windows\System\vktXAra.exe
  2⤵
  PID:5680
- C:\Windows\System\MBxXuCR.exe
  C:\Windows\System\MBxXuCR.exe
  2⤵
  PID:5536
- C:\Windows\System\kzEKkdF.exe
  C:\Windows\System\kzEKkdF.exe
  2⤵
  PID:5612
- C:\Windows\System\WSUCFfY.exe
  C:\Windows\System\WSUCFfY.exe
  2⤵
  PID:5664
- C:\Windows\System\CzOaFhu.exe
  C:\Windows\System\CzOaFhu.exe
  2⤵
  PID:5744
- C:\Windows\System\BZgHeBB.exe
  C:\Windows\System\BZgHeBB.exe
  2⤵
  PID:5812
- C:\Windows\System\roQaJnO.exe
  C:\Windows\System\roQaJnO.exe
  2⤵
  PID:5872
- C:\Windows\System\TEYOxEh.exe
  C:\Windows\System\TEYOxEh.exe
  2⤵
  PID:5948
- C:\Windows\System\XJVykYF.exe
  C:\Windows\System\XJVykYF.exe
  2⤵
  PID:6016
- C:\Windows\System\ZUWuZVr.exe
  C:\Windows\System\ZUWuZVr.exe
  2⤵
  PID:6072
- C:\Windows\System\ZuxOJxY.exe
  C:\Windows\System\ZuxOJxY.exe
  2⤵
  PID:2808
- C:\Windows\System\JvyQJvs.exe
  C:\Windows\System\JvyQJvs.exe
  2⤵
  PID:872
- C:\Windows\System\qxEhebX.exe
  C:\Windows\System\qxEhebX.exe
  2⤵
  PID:5216
- C:\Windows\System\UjnPqSj.exe
  C:\Windows\System\UjnPqSj.exe
  2⤵
  PID:5404
- C:\Windows\System\FDXqfvJ.exe
  C:\Windows\System\FDXqfvJ.exe
  2⤵
  PID:5700
- C:\Windows\System\CbaNgEw.exe
  C:\Windows\System\CbaNgEw.exe
  2⤵
  PID:5656
- C:\Windows\System\kjoGJkN.exe
  C:\Windows\System\kjoGJkN.exe
  2⤵
  PID:5792
- C:\Windows\System\cmchIrY.exe
  C:\Windows\System\cmchIrY.exe
  2⤵
  PID:5976
- C:\Windows\System\cApiIvh.exe
  C:\Windows\System\cApiIvh.exe
  2⤵
  PID:6116
- C:\Windows\System\EsPUYpe.exe
  C:\Windows\System\EsPUYpe.exe
  2⤵
  PID:5208
- C:\Windows\System\IGghNyi.exe
  C:\Windows\System\IGghNyi.exe
  2⤵
  PID:6172
- C:\Windows\System\ZbOkSkG.exe
  C:\Windows\System\ZbOkSkG.exe
  2⤵
  PID:6200
- C:\Windows\System\RQMJYZW.exe
  C:\Windows\System\RQMJYZW.exe
  2⤵
  PID:6240
- C:\Windows\System\gaLVJSd.exe
  C:\Windows\System\gaLVJSd.exe
  2⤵
  PID:6268
- C:\Windows\System\rGGnuPz.exe
  C:\Windows\System\rGGnuPz.exe
  2⤵
  PID:6284
- C:\Windows\System\ZTqyJjT.exe
  C:\Windows\System\ZTqyJjT.exe
  2⤵
  PID:6312
- C:\Windows\System\cLXcDug.exe
  C:\Windows\System\cLXcDug.exe
  2⤵
  PID:6340
- C:\Windows\System\usBztYS.exe
  C:\Windows\System\usBztYS.exe
  2⤵
  PID:6368
- C:\Windows\System\kGCJOtt.exe
  C:\Windows\System\kGCJOtt.exe
  2⤵
  PID:6396
- C:\Windows\System\GLFyOEb.exe
  C:\Windows\System\GLFyOEb.exe
  2⤵
  PID:6424
- C:\Windows\System\uUwlhhF.exe
  C:\Windows\System\uUwlhhF.exe
  2⤵
  PID:6452
- C:\Windows\System\uaoacWB.exe
  C:\Windows\System\uaoacWB.exe
  2⤵
  PID:6480
- C:\Windows\System\qbYbWCF.exe
  C:\Windows\System\qbYbWCF.exe
  2⤵
  PID:6508
- C:\Windows\System\vxSFaCh.exe
  C:\Windows\System\vxSFaCh.exe
  2⤵
  PID:6536
- C:\Windows\System\dfQiLrr.exe
  C:\Windows\System\dfQiLrr.exe
  2⤵
  PID:6564
- C:\Windows\System\RhDDOnT.exe
  C:\Windows\System\RhDDOnT.exe
  2⤵
  PID:6592
- C:\Windows\System\XHSpgYT.exe
  C:\Windows\System\XHSpgYT.exe
  2⤵
  PID:6620
- C:\Windows\System\cfFIIqe.exe
  C:\Windows\System\cfFIIqe.exe
  2⤵
  PID:6648
- C:\Windows\System\xmCTudf.exe
  C:\Windows\System\xmCTudf.exe
  2⤵
  PID:6676
- C:\Windows\System\XSYQZrH.exe
  C:\Windows\System\XSYQZrH.exe
  2⤵
  PID:6704
- C:\Windows\System\XqNiWbW.exe
  C:\Windows\System\XqNiWbW.exe
  2⤵
  PID:6732
- C:\Windows\System\urlDnYM.exe
  C:\Windows\System\urlDnYM.exe
  2⤵
  PID:6768
- C:\Windows\System\wMQRcDD.exe
  C:\Windows\System\wMQRcDD.exe
  2⤵
  PID:6800
- C:\Windows\System\GCmbzMc.exe
  C:\Windows\System\GCmbzMc.exe
  2⤵
  PID:6828
- C:\Windows\System\zyIjXkJ.exe
  C:\Windows\System\zyIjXkJ.exe
  2⤵
  PID:6844
- C:\Windows\System\KcofXgE.exe
  C:\Windows\System\KcofXgE.exe
  2⤵
  PID:6872
- C:\Windows\System\XOyEiHX.exe
  C:\Windows\System\XOyEiHX.exe
  2⤵
  PID:6900
- C:\Windows\System\DZNqfdj.exe
  C:\Windows\System\DZNqfdj.exe
  2⤵
  PID:6928
- C:\Windows\System\aWkyUwp.exe
  C:\Windows\System\aWkyUwp.exe
  2⤵
  PID:6956
- C:\Windows\System\rsRqBVE.exe
  C:\Windows\System\rsRqBVE.exe
  2⤵
  PID:6984
- C:\Windows\System\EeVLdwu.exe
  C:\Windows\System\EeVLdwu.exe
  2⤵
  PID:7012
- C:\Windows\System\WLxopRg.exe
  C:\Windows\System\WLxopRg.exe
  2⤵
  PID:7040
- C:\Windows\System\YEDDQgF.exe
  C:\Windows\System\YEDDQgF.exe
  2⤵
  PID:7068
- C:\Windows\System\uwPRfER.exe
  C:\Windows\System\uwPRfER.exe
  2⤵
  PID:7096
- C:\Windows\System\kEygCqf.exe
  C:\Windows\System\kEygCqf.exe
  2⤵
  PID:7124
- C:\Windows\System\MxtCTaU.exe
  C:\Windows\System\MxtCTaU.exe
  2⤵
  PID:7152
- C:\Windows\System\ChraRlR.exe
  C:\Windows\System\ChraRlR.exe
  2⤵
  PID:5464
- C:\Windows\System\CSxtzXo.exe
  C:\Windows\System\CSxtzXo.exe
  2⤵
  PID:5864
- C:\Windows\System\fAocAjU.exe
  C:\Windows\System\fAocAjU.exe
  2⤵
  PID:5144
- C:\Windows\System\onGWxlS.exe
  C:\Windows\System\onGWxlS.exe
  2⤵
  PID:6212
- C:\Windows\System\ahCcocK.exe
  C:\Windows\System\ahCcocK.exe
  2⤵
  PID:6252
- C:\Windows\System\byjWMFx.exe
  C:\Windows\System\byjWMFx.exe
  2⤵
  PID:1052
- C:\Windows\System\ZYAoWmz.exe
  C:\Windows\System\ZYAoWmz.exe
  2⤵
  PID:6356
- C:\Windows\System\vnKvwuy.exe
  C:\Windows\System\vnKvwuy.exe
  2⤵
  PID:6416
- C:\Windows\System\zJyUMBa.exe
  C:\Windows\System\zJyUMBa.exe
  2⤵
  PID:6476
- C:\Windows\System\ZcPeoLX.exe
  C:\Windows\System\ZcPeoLX.exe
  2⤵
  PID:6548
- C:\Windows\System\zdBbkIk.exe
  C:\Windows\System\zdBbkIk.exe
  2⤵
  PID:6604
- C:\Windows\System\XfKyFsV.exe
  C:\Windows\System\XfKyFsV.exe
  2⤵
  PID:6668
- C:\Windows\System\BHCIips.exe
  C:\Windows\System\BHCIips.exe
  2⤵
  PID:6724
- C:\Windows\System\lipxLcj.exe
  C:\Windows\System\lipxLcj.exe
  2⤵
  PID:6792
- C:\Windows\System\GmLRHaZ.exe
  C:\Windows\System\GmLRHaZ.exe
  2⤵
  PID:6836
- C:\Windows\System\zqdwlIg.exe
  C:\Windows\System\zqdwlIg.exe
  2⤵
  PID:6892
- C:\Windows\System\wCWjxCs.exe
  C:\Windows\System\wCWjxCs.exe
  2⤵
  PID:6948
- C:\Windows\System\zpTltXT.exe
  C:\Windows\System\zpTltXT.exe
  2⤵
  PID:7024
- C:\Windows\System\oFELcdi.exe
  C:\Windows\System\oFELcdi.exe
  2⤵
  PID:7084
- C:\Windows\System\WJCSLhe.exe
  C:\Windows\System\WJCSLhe.exe
  2⤵
  PID:7144
- C:\Windows\System\ACsnOkt.exe
  C:\Windows\System\ACsnOkt.exe
  2⤵
  PID:5772
- C:\Windows\System\lVqxRWx.exe
  C:\Windows\System\lVqxRWx.exe
  2⤵
  PID:6228
- C:\Windows\System\AMIxPWq.exe
  C:\Windows\System\AMIxPWq.exe
  2⤵
  PID:6332
- C:\Windows\System\JDndOyZ.exe
  C:\Windows\System\JDndOyZ.exe
  2⤵
  PID:6500
- C:\Windows\System\WgCiBak.exe
  C:\Windows\System\WgCiBak.exe
  2⤵
  PID:6640
- C:\Windows\System\YsJnzmI.exe
  C:\Windows\System\YsJnzmI.exe
  2⤵
  PID:6784
- C:\Windows\System\ZKwnIWh.exe
  C:\Windows\System\ZKwnIWh.exe
  2⤵
  PID:6884
- C:\Windows\System\FuNDiyu.exe
  C:\Windows\System\FuNDiyu.exe
  2⤵
  PID:7056
- C:\Windows\System\DyAjRya.exe
  C:\Windows\System\DyAjRya.exe
  2⤵
  PID:5584
- C:\Windows\System\vXpRbDQ.exe
  C:\Windows\System\vXpRbDQ.exe
  2⤵
  PID:6324
- C:\Windows\System\vESVIwT.exe
  C:\Windows\System\vESVIwT.exe
  2⤵
  PID:6696
- C:\Windows\System\mEqGSPE.exe
  C:\Windows\System\mEqGSPE.exe
  2⤵
  PID:6976
- C:\Windows\System\IpniTUZ.exe
  C:\Windows\System\IpniTUZ.exe
  2⤵
  PID:6184
- C:\Windows\System\NqdZJoQ.exe
  C:\Windows\System\NqdZJoQ.exe
  2⤵
  PID:7196
- C:\Windows\System\NmJxUeX.exe
  C:\Windows\System\NmJxUeX.exe
  2⤵
  PID:7224
- C:\Windows\System\EQWtdbs.exe
  C:\Windows\System\EQWtdbs.exe
  2⤵
  PID:7264
- C:\Windows\System\luFosuQ.exe
  C:\Windows\System\luFosuQ.exe
  2⤵
  PID:7292
- C:\Windows\System\jHAasTt.exe
  C:\Windows\System\jHAasTt.exe
  2⤵
  PID:7320
- C:\Windows\System\KtNDPYc.exe
  C:\Windows\System\KtNDPYc.exe
  2⤵
  PID:7336
- C:\Windows\System\gOLRqFM.exe
  C:\Windows\System\gOLRqFM.exe
  2⤵
  PID:7364
- C:\Windows\System\fpWUkBz.exe
  C:\Windows\System\fpWUkBz.exe
  2⤵
  PID:7392
- C:\Windows\System\wIhzJDt.exe
  C:\Windows\System\wIhzJDt.exe
  2⤵
  PID:7420
- C:\Windows\System\WmKzdMN.exe
  C:\Windows\System\WmKzdMN.exe
  2⤵
  PID:7448
- C:\Windows\System\QtUXRLw.exe
  C:\Windows\System\QtUXRLw.exe
  2⤵
  PID:7476
- C:\Windows\System\VdcMcKQ.exe
  C:\Windows\System\VdcMcKQ.exe
  2⤵
  PID:7504
- C:\Windows\System\VxLmDHC.exe
  C:\Windows\System\VxLmDHC.exe
  2⤵
  PID:7532
- C:\Windows\System\gUebJJn.exe
  C:\Windows\System\gUebJJn.exe
  2⤵
  PID:7644
- C:\Windows\System\TRXKopA.exe
  C:\Windows\System\TRXKopA.exe
  2⤵
  PID:7676
- C:\Windows\System\uCZcoEW.exe
  C:\Windows\System\uCZcoEW.exe
  2⤵
  PID:7700
- C:\Windows\System\aWQulpA.exe
  C:\Windows\System\aWQulpA.exe
  2⤵
  PID:7724
- C:\Windows\System\BuDMQCx.exe
  C:\Windows\System\BuDMQCx.exe
  2⤵
  PID:7752
- C:\Windows\System\bNKrdKv.exe
  C:\Windows\System\bNKrdKv.exe
  2⤵
  PID:7780
- C:\Windows\System\pPRCQeH.exe
  C:\Windows\System\pPRCQeH.exe
  2⤵
  PID:7800
- C:\Windows\System\SBhTmgf.exe
  C:\Windows\System\SBhTmgf.exe
  2⤵
  PID:7828
- C:\Windows\System\shZENsT.exe
  C:\Windows\System\shZENsT.exe
  2⤵
  PID:7856
- C:\Windows\System\VIKTUDN.exe
  C:\Windows\System\VIKTUDN.exe
  2⤵
  PID:7884
- C:\Windows\System\hUAVKbD.exe
  C:\Windows\System\hUAVKbD.exe
  2⤵
  PID:7912
- C:\Windows\System\zmTlymO.exe
  C:\Windows\System\zmTlymO.exe
  2⤵
  PID:7940
- C:\Windows\System\WVpybsJ.exe
  C:\Windows\System\WVpybsJ.exe
  2⤵
  PID:7980
- C:\Windows\System\JaSfTdj.exe
  C:\Windows\System\JaSfTdj.exe
  2⤵
  PID:8004
- C:\Windows\System\KKVtTPJ.exe
  C:\Windows\System\KKVtTPJ.exe
  2⤵
  PID:8024
- C:\Windows\System\hNbimdm.exe
  C:\Windows\System\hNbimdm.exe
  2⤵
  PID:8052
- C:\Windows\System\aBpybmN.exe
  C:\Windows\System\aBpybmN.exe
  2⤵
  PID:8080
- C:\Windows\System\OvyGKsp.exe
  C:\Windows\System\OvyGKsp.exe
  2⤵
  PID:8112
- C:\Windows\System\GHUyOab.exe
  C:\Windows\System\GHUyOab.exe
  2⤵
  PID:8140
- C:\Windows\System\cnvVbCR.exe
  C:\Windows\System\cnvVbCR.exe
  2⤵
  PID:8168
- C:\Windows\System\raiLpXU.exe
  C:\Windows\System\raiLpXU.exe
  2⤵
  PID:6276
- C:\Windows\System\mKEKaJu.exe
  C:\Windows\System\mKEKaJu.exe
  2⤵
  PID:7116
- C:\Windows\System\jlTWbmr.exe
  C:\Windows\System\jlTWbmr.exe
  2⤵
  PID:7216
- C:\Windows\System\AhlcGEr.exe
  C:\Windows\System\AhlcGEr.exe
  2⤵
  PID:7284
- C:\Windows\System\TXIisvZ.exe
  C:\Windows\System\TXIisvZ.exe
  2⤵
  PID:7352
- C:\Windows\System\cqBPCZd.exe
  C:\Windows\System\cqBPCZd.exe
  2⤵
  PID:7412
- C:\Windows\System\mIxIZOC.exe
  C:\Windows\System\mIxIZOC.exe
  2⤵
  PID:7560
- C:\Windows\System\STaKAdl.exe
  C:\Windows\System\STaKAdl.exe
  2⤵
  PID:2312
- C:\Windows\System\RCwAIOt.exe
  C:\Windows\System\RCwAIOt.exe
  2⤵
  PID:7596
- C:\Windows\System\lFpuTGF.exe
  C:\Windows\System\lFpuTGF.exe
  2⤵
  PID:8216
- C:\Windows\System\ZzPTdup.exe
  C:\Windows\System\ZzPTdup.exe
  2⤵
  PID:8244
- C:\Windows\System\kIZKcSL.exe
  C:\Windows\System\kIZKcSL.exe
  2⤵
  PID:8272
- C:\Windows\System\ZsHTAHr.exe
  C:\Windows\System\ZsHTAHr.exe
  2⤵
  PID:8300
- C:\Windows\System\pyRFikH.exe
  C:\Windows\System\pyRFikH.exe
  2⤵
  PID:8328
- C:\Windows\System\apKDjjY.exe
  C:\Windows\System\apKDjjY.exe
  2⤵
  PID:8356
- C:\Windows\System\YlhQfXj.exe
  C:\Windows\System\YlhQfXj.exe
  2⤵
  PID:8384
- C:\Windows\System\AaCwsAw.exe
  C:\Windows\System\AaCwsAw.exe
  2⤵
  PID:8412
- C:\Windows\System\joPgGor.exe
  C:\Windows\System\joPgGor.exe
  2⤵
  PID:8440
- C:\Windows\System\ibuZxXx.exe
  C:\Windows\System\ibuZxXx.exe
  2⤵
  PID:8468
- C:\Windows\System\oUHvoip.exe
  C:\Windows\System\oUHvoip.exe
  2⤵
  PID:8496
- C:\Windows\System\fFWEpKa.exe
  C:\Windows\System\fFWEpKa.exe
  2⤵
  PID:8524
- C:\Windows\System\TYznPgE.exe
  C:\Windows\System\TYznPgE.exe
  2⤵
  PID:8572
- C:\Windows\System\KaDNKDN.exe
  C:\Windows\System\KaDNKDN.exe
  2⤵
  PID:8620
- C:\Windows\System\YGwVVYM.exe
  C:\Windows\System\YGwVVYM.exe
  2⤵
  PID:8668
- C:\Windows\System\lRtxAMm.exe
  C:\Windows\System\lRtxAMm.exe
  2⤵
  PID:8712
- C:\Windows\System\zLRLjpZ.exe
  C:\Windows\System\zLRLjpZ.exe
  2⤵
  PID:8776
- C:\Windows\System\XZGlfkW.exe
  C:\Windows\System\XZGlfkW.exe
  2⤵
  PID:8812
- C:\Windows\System\DdDQMhv.exe
  C:\Windows\System\DdDQMhv.exe
  2⤵
  PID:8848
- C:\Windows\System\JZRCicy.exe
  C:\Windows\System\JZRCicy.exe
  2⤵
  PID:8892
- C:\Windows\System\lzQSCWY.exe
  C:\Windows\System\lzQSCWY.exe
  2⤵
  PID:8924
- C:\Windows\System\PTYfXNU.exe
  C:\Windows\System\PTYfXNU.exe
  2⤵
  PID:8952
- C:\Windows\System\MRWyEGF.exe
  C:\Windows\System\MRWyEGF.exe
  2⤵
  PID:8980
- C:\Windows\System\dHKFJST.exe
  C:\Windows\System\dHKFJST.exe
  2⤵
  PID:9008
- C:\Windows\System\GLMQUYI.exe
  C:\Windows\System\GLMQUYI.exe
  2⤵
  PID:9040
- C:\Windows\System\SqKZYEa.exe
  C:\Windows\System\SqKZYEa.exe
  2⤵
  PID:9068
- C:\Windows\System\LlCWjiz.exe
  C:\Windows\System\LlCWjiz.exe
  2⤵
  PID:9096
- C:\Windows\System\pdQSIov.exe
  C:\Windows\System\pdQSIov.exe
  2⤵
  PID:9124
- C:\Windows\System\MDGaMTI.exe
  C:\Windows\System\MDGaMTI.exe
  2⤵
  PID:9152
- C:\Windows\System\HFnoqpG.exe
  C:\Windows\System\HFnoqpG.exe
  2⤵
  PID:9180
- C:\Windows\System\BSppKKk.exe
  C:\Windows\System\BSppKKk.exe
  2⤵
  PID:9208
- C:\Windows\System\JzPyrMx.exe
  C:\Windows\System\JzPyrMx.exe
  2⤵
  PID:8428
- C:\Windows\System\kIBHTwH.exe
  C:\Windows\System\kIBHTwH.exe
  2⤵
  PID:8376
- C:\Windows\System\CSEHmLV.exe
  C:\Windows\System\CSEHmLV.exe
  2⤵
  PID:8368
- C:\Windows\System\xsVCWLo.exe
  C:\Windows\System\xsVCWLo.exe
  2⤵
  PID:8320
- C:\Windows\System\XZyonrn.exe
  C:\Windows\System\XZyonrn.exe
  2⤵
  PID:8264
- C:\Windows\System\eGJOKXS.exe
  C:\Windows\System\eGJOKXS.exe
  2⤵
  PID:8232
- C:\Windows\System\QIkxeSa.exe
  C:\Windows\System\QIkxeSa.exe
  2⤵
  PID:7580
- C:\Windows\System\mQRZiAs.exe
  C:\Windows\System\mQRZiAs.exe
  2⤵
  PID:2796
- C:\Windows\System\ptUakdg.exe
  C:\Windows\System\ptUakdg.exe
  2⤵
  PID:632
- C:\Windows\System\wbkMRfu.exe
  C:\Windows\System\wbkMRfu.exe
  2⤵
  PID:7188
- C:\Windows\System\fMDHAxZ.exe
  C:\Windows\System\fMDHAxZ.exe
  2⤵
  PID:8180
- C:\Windows\System\gTWZWoX.exe
  C:\Windows\System\gTWZWoX.exe
  2⤵
  PID:5000
- C:\Windows\System\mQanaTy.exe
  C:\Windows\System\mQanaTy.exe
  2⤵
  PID:7972
- C:\Windows\System\CENWOAo.exe
  C:\Windows\System\CENWOAo.exe
  2⤵
  PID:7900
- C:\Windows\System\WTHfEKW.exe
  C:\Windows\System\WTHfEKW.exe
  2⤵
  PID:7840
- C:\Windows\System\nfeGggr.exe
  C:\Windows\System\nfeGggr.exe
  2⤵
  PID:7748
- C:\Windows\System\ryEAhFl.exe
  C:\Windows\System\ryEAhFl.exe
  2⤵
  PID:2420
- C:\Windows\System\BRgHDHu.exe
  C:\Windows\System\BRgHDHu.exe
  2⤵
  PID:4788
- C:\Windows\System\LctnQQM.exe
  C:\Windows\System\LctnQQM.exe
  2⤵
  PID:4640
- C:\Windows\System\FDvVdxM.exe
  C:\Windows\System\FDvVdxM.exe
  2⤵
  PID:5064
- C:\Windows\System\IRNRLPz.exe
  C:\Windows\System\IRNRLPz.exe
  2⤵
  PID:8704
- C:\Windows\System\jHhFgGo.exe
  C:\Windows\System\jHhFgGo.exe
  2⤵
  PID:7660
- C:\Windows\System\kMwcrqX.exe
  C:\Windows\System\kMwcrqX.exe
  2⤵
  PID:8628
- C:\Windows\System\KPCqwHV.exe
  C:\Windows\System\KPCqwHV.exe
  2⤵
  PID:8800
- C:\Windows\System\JGCkuvt.exe
  C:\Windows\System\JGCkuvt.exe
  2⤵
  PID:8884
- C:\Windows\System\VBnrKyY.exe
  C:\Windows\System\VBnrKyY.exe
  2⤵
  PID:8948
- C:\Windows\System\UNsgtRe.exe
  C:\Windows\System\UNsgtRe.exe
  2⤵
  PID:9024
- C:\Windows\System\rWfkhOy.exe
  C:\Windows\System\rWfkhOy.exe
  2⤵
  PID:9092
- C:\Windows\System\QNpZDjI.exe
  C:\Windows\System\QNpZDjI.exe
  2⤵
  PID:9168
- C:\Windows\System\vWfSZPy.exe
  C:\Windows\System\vWfSZPy.exe
  2⤵
  PID:3596
- C:\Windows\System\mhAvxfI.exe
  C:\Windows\System\mhAvxfI.exe
  2⤵
  PID:8292
- C:\Windows\System\rpjvCka.exe
  C:\Windows\System\rpjvCka.exe
  2⤵
  PID:8208
- C:\Windows\System\aQTmwwn.exe
  C:\Windows\System\aQTmwwn.exe
  2⤵
  PID:3892
- C:\Windows\System\qKJHIOk.exe
  C:\Windows\System\qKJHIOk.exe
  2⤵
  PID:8124
- C:\Windows\System\pDuXPBE.exe
  C:\Windows\System\pDuXPBE.exe
  2⤵
  PID:7996
- C:\Windows\System\scoSpZf.exe
  C:\Windows\System\scoSpZf.exe
  2⤵
  PID:7812
- C:\Windows\System\wBQODhw.exe
  C:\Windows\System\wBQODhw.exe
  2⤵
  PID:8488
- C:\Windows\System\ZPxBKUE.exe
  C:\Windows\System\ZPxBKUE.exe
  2⤵
  PID:8588
- C:\Windows\System\fCohVgV.exe
  C:\Windows\System\fCohVgV.exe
  2⤵
  PID:8632
- C:\Windows\System\uNYsPQG.exe
  C:\Windows\System\uNYsPQG.exe
  2⤵
  PID:8864
- C:\Windows\System\TMsCgTk.exe
  C:\Windows\System\TMsCgTk.exe
  2⤵
  PID:9004
- C:\Windows\System\dxpUrtT.exe
  C:\Windows\System\dxpUrtT.exe
  2⤵
  PID:9204
- C:\Windows\System\QktzeoA.exe
  C:\Windows\System\QktzeoA.exe
  2⤵
  PID:4496
- C:\Windows\System\OlXvLel.exe
  C:\Windows\System\OlXvLel.exe
  2⤵
  PID:7252
- C:\Windows\System\zVSMlEF.exe
  C:\Windows\System\zVSMlEF.exe
  2⤵
  PID:7868
- C:\Windows\System\CXFMglA.exe
  C:\Windows\System\CXFMglA.exe
  2⤵
  PID:8648
- C:\Windows\System\YSPiOUf.exe
  C:\Windows\System\YSPiOUf.exe
  2⤵
  PID:8936
- C:\Windows\System\gTvUEbS.exe
  C:\Windows\System\gTvUEbS.exe
  2⤵
  PID:8340
- C:\Windows\System\LbhvIWp.exe
  C:\Windows\System\LbhvIWp.exe
  2⤵
  PID:7904
- C:\Windows\System\UMlPuqO.exe
  C:\Windows\System\UMlPuqO.exe
  2⤵
  PID:9116
- C:\Windows\System\XJYgiXc.exe
  C:\Windows\System\XJYgiXc.exe
  2⤵
  PID:5004
- C:\Windows\System\JEgmtAg.exe
  C:\Windows\System\JEgmtAg.exe
  2⤵
  PID:9224
- C:\Windows\System\DNhASCp.exe
  C:\Windows\System\DNhASCp.exe
  2⤵
  PID:9252
- C:\Windows\System\rIRYPyV.exe
  C:\Windows\System\rIRYPyV.exe
  2⤵
  PID:9280
- C:\Windows\System\dWXroZk.exe
  C:\Windows\System\dWXroZk.exe
  2⤵
  PID:9308
- C:\Windows\System\EjzfcSx.exe
  C:\Windows\System\EjzfcSx.exe
  2⤵
  PID:9336
- C:\Windows\System\uyasauo.exe
  C:\Windows\System\uyasauo.exe
  2⤵
  PID:9364
- C:\Windows\System\daMkdrg.exe
  C:\Windows\System\daMkdrg.exe
  2⤵
  PID:9408
- C:\Windows\System\ruohGMD.exe
  C:\Windows\System\ruohGMD.exe
  2⤵
  PID:9424
- C:\Windows\System\JozDNJn.exe
  C:\Windows\System\JozDNJn.exe
  2⤵
  PID:9452
- C:\Windows\System\kiDFODQ.exe
  C:\Windows\System\kiDFODQ.exe
  2⤵
  PID:9480
- C:\Windows\System\KrYnPdJ.exe
  C:\Windows\System\KrYnPdJ.exe
  2⤵
  PID:9508
- C:\Windows\System\oWnalTW.exe
  C:\Windows\System\oWnalTW.exe
  2⤵
  PID:9536
- C:\Windows\System\CIlcFHy.exe
  C:\Windows\System\CIlcFHy.exe
  2⤵
  PID:9564
- C:\Windows\System\LCzgdcN.exe
  C:\Windows\System\LCzgdcN.exe
  2⤵
  PID:9596
- C:\Windows\System\jHcVybq.exe
  C:\Windows\System\jHcVybq.exe
  2⤵
  PID:9624
- C:\Windows\System\oYpXmAY.exe
  C:\Windows\System\oYpXmAY.exe
  2⤵
  PID:9652
- C:\Windows\System\SRuVtnr.exe
  C:\Windows\System\SRuVtnr.exe
  2⤵
  PID:9680
- C:\Windows\System\zOkOHKi.exe
  C:\Windows\System\zOkOHKi.exe
  2⤵
  PID:9708
- C:\Windows\System\jINJpcd.exe
  C:\Windows\System\jINJpcd.exe
  2⤵
  PID:9736
- C:\Windows\System\PjucHTQ.exe
  C:\Windows\System\PjucHTQ.exe
  2⤵
  PID:9764
- C:\Windows\System\tizpRAG.exe
  C:\Windows\System\tizpRAG.exe
  2⤵
  PID:9792
- C:\Windows\System\mvVmkYh.exe
  C:\Windows\System\mvVmkYh.exe
  2⤵
  PID:9808
- C:\Windows\System\JEDScRE.exe
  C:\Windows\System\JEDScRE.exe
  2⤵
  PID:9848
- C:\Windows\System\lUKnqSS.exe
  C:\Windows\System\lUKnqSS.exe
  2⤵
  PID:9876
- C:\Windows\System\FrujtUs.exe
  C:\Windows\System\FrujtUs.exe
  2⤵
  PID:9916
- C:\Windows\System\DWkwCkh.exe
  C:\Windows\System\DWkwCkh.exe
  2⤵
  PID:9952
- C:\Windows\System\oKoUnVA.exe
  C:\Windows\System\oKoUnVA.exe
  2⤵
  PID:9996
- C:\Windows\System\ykBEjtP.exe
  C:\Windows\System\ykBEjtP.exe
  2⤵
  PID:10024
- C:\Windows\System\ThzfRsT.exe
  C:\Windows\System\ThzfRsT.exe
  2⤵
  PID:10052
- C:\Windows\System\dwpNnkm.exe
  C:\Windows\System\dwpNnkm.exe
  2⤵
  PID:10080
- C:\Windows\System\gwjHZCn.exe
  C:\Windows\System\gwjHZCn.exe
  2⤵
  PID:10108
- C:\Windows\System\BZSjaWC.exe
  C:\Windows\System\BZSjaWC.exe
  2⤵
  PID:10136
- C:\Windows\System\RjySQZf.exe
  C:\Windows\System\RjySQZf.exe
  2⤵
  PID:10164
- C:\Windows\System\WxSJcOD.exe
  C:\Windows\System\WxSJcOD.exe
  2⤵
  PID:10192
- C:\Windows\System\ldInTbU.exe
  C:\Windows\System\ldInTbU.exe
  2⤵
  PID:10220
- C:\Windows\System\wxPqUOU.exe
  C:\Windows\System\wxPqUOU.exe
  2⤵
  PID:9240
- C:\Windows\System\QPmTwSg.exe
  C:\Windows\System\QPmTwSg.exe
  2⤵
  PID:9300
- C:\Windows\System\CoKoXTm.exe
  C:\Windows\System\CoKoXTm.exe
  2⤵
  PID:9360
- C:\Windows\System\rgTdcay.exe
  C:\Windows\System\rgTdcay.exe
  2⤵
  PID:9420
- C:\Windows\System\xdHbYZx.exe
  C:\Windows\System\xdHbYZx.exe
  2⤵
  PID:9492
- C:\Windows\System\IkIrXBL.exe
  C:\Windows\System\IkIrXBL.exe
  2⤵
  PID:9560
- C:\Windows\System\OPjdBwR.exe
  C:\Windows\System\OPjdBwR.exe
  2⤵
  PID:9636
- C:\Windows\System\IgIMXhT.exe
  C:\Windows\System\IgIMXhT.exe
  2⤵
  PID:9700
- C:\Windows\System\BXNkeAG.exe
  C:\Windows\System\BXNkeAG.exe
  2⤵
  PID:9756
- C:\Windows\System\gfwUSNR.exe
  C:\Windows\System\gfwUSNR.exe
  2⤵
  PID:9832
- C:\Windows\System\gjMwEST.exe
  C:\Windows\System\gjMwEST.exe
  2⤵
  PID:9936
- C:\Windows\System\QvWdOEm.exe
  C:\Windows\System\QvWdOEm.exe
  2⤵
  PID:10012
- C:\Windows\System\peJvOlj.exe
  C:\Windows\System\peJvOlj.exe
  2⤵
  PID:10072
- C:\Windows\System\nuvsOHA.exe
  C:\Windows\System\nuvsOHA.exe
  2⤵
  PID:10132
- C:\Windows\System\jhuegxY.exe
  C:\Windows\System\jhuegxY.exe
  2⤵
  PID:10204
- C:\Windows\System\HrHjjTm.exe
  C:\Windows\System\HrHjjTm.exe
  2⤵
  PID:9584
- C:\Windows\System\ZoyeCpf.exe
  C:\Windows\System\ZoyeCpf.exe
  2⤵
  PID:9388
- C:\Windows\System\IpdZNAo.exe
  C:\Windows\System\IpdZNAo.exe
  2⤵
  PID:9556
- C:\Windows\System\gUgQYpi.exe
  C:\Windows\System\gUgQYpi.exe
  2⤵
  PID:9748
- C:\Windows\System\qrkcXUr.exe
  C:\Windows\System\qrkcXUr.exe
  2⤵
  PID:9720
- C:\Windows\System\aoMzYFn.exe
  C:\Windows\System\aoMzYFn.exe
  2⤵
  PID:10036
- C:\Windows\System\ZYfWLFz.exe
  C:\Windows\System\ZYfWLFz.exe
  2⤵
  PID:10184
- C:\Windows\System\udSZcjT.exe
  C:\Windows\System\udSZcjT.exe
  2⤵
  PID:9472
- C:\Windows\System\YbsjWGB.exe
  C:\Windows\System\YbsjWGB.exe
  2⤵
  PID:9692
- C:\Windows\System\EwjqPRS.exe
  C:\Windows\System\EwjqPRS.exe
  2⤵
  PID:9264
- C:\Windows\System\QwkHOfI.exe
  C:\Windows\System\QwkHOfI.exe
  2⤵
  PID:10252
- C:\Windows\System\PehTcwE.exe
  C:\Windows\System\PehTcwE.exe
  2⤵
  PID:10280
- C:\Windows\System\CdDQHon.exe
  C:\Windows\System\CdDQHon.exe
  2⤵
  PID:10308
- C:\Windows\System\SocDQoe.exe
  C:\Windows\System\SocDQoe.exe
  2⤵
  PID:10336
- C:\Windows\System\lpQTuem.exe
  C:\Windows\System\lpQTuem.exe
  2⤵
  PID:10364
- C:\Windows\System\hJTOYFA.exe
  C:\Windows\System\hJTOYFA.exe
  2⤵
  PID:10392
- C:\Windows\System\WSNpglj.exe
  C:\Windows\System\WSNpglj.exe
  2⤵
  PID:10420
- C:\Windows\System\EyqZBcm.exe
  C:\Windows\System\EyqZBcm.exe
  2⤵
  PID:10480
- C:\Windows\System\scGYfwb.exe
  C:\Windows\System\scGYfwb.exe
  2⤵
  PID:10508
- C:\Windows\System\JbVtzGf.exe
  C:\Windows\System\JbVtzGf.exe
  2⤵
  PID:10536
- C:\Windows\System\bIccwjo.exe
  C:\Windows\System\bIccwjo.exe
  2⤵
  PID:10572
- C:\Windows\System\AlLrahQ.exe
  C:\Windows\System\AlLrahQ.exe
  2⤵
  PID:10600
- C:\Windows\System\ONgILrJ.exe
  C:\Windows\System\ONgILrJ.exe
  2⤵
  PID:10628
- C:\Windows\System\gNgVfbd.exe
  C:\Windows\System\gNgVfbd.exe
  2⤵
  PID:10656
- C:\Windows\System\KzkqprD.exe
  C:\Windows\System\KzkqprD.exe
  2⤵
  PID:10684
- C:\Windows\System\QRnmseg.exe
  C:\Windows\System\QRnmseg.exe
  2⤵
  PID:10720
- C:\Windows\System\jCjvOlb.exe
  C:\Windows\System\jCjvOlb.exe
  2⤵
  PID:10760
- C:\Windows\System\qrSlDLj.exe
  C:\Windows\System\qrSlDLj.exe
  2⤵
  PID:10796
- C:\Windows\System\rhAPMwE.exe
  C:\Windows\System\rhAPMwE.exe
  2⤵
  PID:10852
- C:\Windows\System\eYngVgL.exe
  C:\Windows\System\eYngVgL.exe
  2⤵
  PID:10884
- C:\Windows\System\iDmeMzr.exe
  C:\Windows\System\iDmeMzr.exe
  2⤵
  PID:10928
- C:\Windows\System\mXXkVzg.exe
  C:\Windows\System\mXXkVzg.exe
  2⤵
  PID:10968
- C:\Windows\System\bgJPktC.exe
  C:\Windows\System\bgJPktC.exe
  2⤵
  PID:11032
- C:\Windows\System\ZUcHRLm.exe
  C:\Windows\System\ZUcHRLm.exe
  2⤵
  PID:11076
- C:\Windows\System\RDCmmCs.exe
  C:\Windows\System\RDCmmCs.exe
  2⤵
  PID:11092
- C:\Windows\System\KuRtcSi.exe
  C:\Windows\System\KuRtcSi.exe
  2⤵
  PID:11140
- C:\Windows\System\PRuUNUR.exe
  C:\Windows\System\PRuUNUR.exe
  2⤵
  PID:11168
- C:\Windows\System\DIHpKFG.exe
  C:\Windows\System\DIHpKFG.exe
  2⤵
  PID:11196
- C:\Windows\System\YcynwHT.exe
  C:\Windows\System\YcynwHT.exe
  2⤵
  PID:11224
- C:\Windows\System\dIAFzeC.exe
  C:\Windows\System\dIAFzeC.exe
  2⤵
  PID:11252
- C:\Windows\System\lpBlpGu.exe
  C:\Windows\System\lpBlpGu.exe
  2⤵
  PID:10248
- C:\Windows\System\rievSPs.exe
  C:\Windows\System\rievSPs.exe
  2⤵
  PID:9548
- C:\Windows\System\DNQIbZq.exe
  C:\Windows\System\DNQIbZq.exe
  2⤵
  PID:10404
- C:\Windows\System\moypKQs.exe
  C:\Windows\System\moypKQs.exe
  2⤵
  PID:1188
- C:\Windows\System\IHjktbU.exe
  C:\Windows\System\IHjktbU.exe
  2⤵
  PID:10472
- C:\Windows\System\nhZKHqE.exe
  C:\Windows\System\nhZKHqE.exe
  2⤵
  PID:10556
- C:\Windows\System\uZMCrZw.exe
  C:\Windows\System\uZMCrZw.exe
  2⤵
  PID:10612
- C:\Windows\System\UgkKjmH.exe
  C:\Windows\System\UgkKjmH.exe
  2⤵
  PID:10676
- C:\Windows\System\GEufikA.exe
  C:\Windows\System\GEufikA.exe
  2⤵
  PID:10752
- C:\Windows\System\bdNSVRG.exe
  C:\Windows\System\bdNSVRG.exe
  2⤵
  PID:10844
- C:\Windows\System\OKPRJXC.exe
  C:\Windows\System\OKPRJXC.exe
  2⤵
  PID:10904
- C:\Windows\System\ADsaoax.exe
  C:\Windows\System\ADsaoax.exe
  2⤵
  PID:4228
- C:\Windows\System\NWAEdnm.exe
  C:\Windows\System\NWAEdnm.exe
  2⤵
  PID:11068
- C:\Windows\System\WHiThvn.exe
  C:\Windows\System\WHiThvn.exe
  2⤵
  PID:11180
- C:\Windows\System\vUwtijV.exe
  C:\Windows\System\vUwtijV.exe
  2⤵
  PID:11216
- C:\Windows\System\zFDlpDJ.exe
  C:\Windows\System\zFDlpDJ.exe
  2⤵
  PID:9532
- C:\Windows\System\joEIOjK.exe
  C:\Windows\System\joEIOjK.exe
  2⤵
  PID:10128
- C:\Windows\System\yPakLAO.exe
  C:\Windows\System\yPakLAO.exe
  2⤵
  PID:10356
- C:\Windows\System\WtDKMIY.exe
  C:\Windows\System\WtDKMIY.exe
  2⤵
  PID:4408
- C:\Windows\System\YkxQBYL.exe
  C:\Windows\System\YkxQBYL.exe
  2⤵
  PID:10568
- C:\Windows\System\lXRPfTz.exe
  C:\Windows\System\lXRPfTz.exe
  2⤵
  PID:10736
- C:\Windows\System\YMFQvnV.exe
  C:\Windows\System\YMFQvnV.exe
  2⤵
  PID:10708
- C:\Windows\System\AJwovFP.exe
  C:\Windows\System\AJwovFP.exe
  2⤵
  PID:11108
- C:\Windows\System\XWZrGHE.exe
  C:\Windows\System\XWZrGHE.exe
  2⤵
  PID:9988
- C:\Windows\System\bHBkQKl.exe
  C:\Windows\System\bHBkQKl.exe
  2⤵
  PID:10376
- C:\Windows\System\SIvWMGG.exe
  C:\Windows\System\SIvWMGG.exe
  2⤵
  PID:10640
- C:\Windows\System\KAyWZAB.exe
  C:\Windows\System\KAyWZAB.exe
  2⤵
  PID:11044
- C:\Windows\System\nuTAwbI.exe
  C:\Windows\System\nuTAwbI.exe
  2⤵
  PID:10360
- C:\Windows\System\zkBkZAd.exe
  C:\Windows\System\zkBkZAd.exe
  2⤵
  PID:11008
- C:\Windows\System\EgROVZV.exe
  C:\Windows\System\EgROVZV.exe
  2⤵
  PID:11276
- C:\Windows\System\jYOraUi.exe
  C:\Windows\System\jYOraUi.exe
  2⤵
  PID:11300
- C:\Windows\System\OxcXcpk.exe
  C:\Windows\System\OxcXcpk.exe
  2⤵
  PID:11340
- C:\Windows\System\cyVBniD.exe
  C:\Windows\System\cyVBniD.exe
  2⤵
  PID:11368
- C:\Windows\System\WTeJolG.exe
  C:\Windows\System\WTeJolG.exe
  2⤵
  PID:11396
- C:\Windows\System\gVGDJmZ.exe
  C:\Windows\System\gVGDJmZ.exe
  2⤵
  PID:11424
- C:\Windows\System\pLrCJlJ.exe
  C:\Windows\System\pLrCJlJ.exe
  2⤵
  PID:11452
- C:\Windows\System\LVZFmwg.exe
  C:\Windows\System\LVZFmwg.exe
  2⤵
  PID:11480
- C:\Windows\System\iexYwHH.exe
  C:\Windows\System\iexYwHH.exe
  2⤵
  PID:11508
- C:\Windows\System\DIULjjh.exe
  C:\Windows\System\DIULjjh.exe
  2⤵
  PID:11536
- C:\Windows\System\zYpsdDx.exe
  C:\Windows\System\zYpsdDx.exe
  2⤵
  PID:11568
- C:\Windows\System\kaxNhUn.exe
  C:\Windows\System\kaxNhUn.exe
  2⤵
  PID:11600
- C:\Windows\System\xJMaWwc.exe
  C:\Windows\System\xJMaWwc.exe
  2⤵
  PID:11628
- C:\Windows\System\QZdXwDh.exe
  C:\Windows\System\QZdXwDh.exe
  2⤵
  PID:11660
- C:\Windows\System\XFXgcRe.exe
  C:\Windows\System\XFXgcRe.exe
  2⤵
  PID:11688
- C:\Windows\System\SGmFaVi.exe
  C:\Windows\System\SGmFaVi.exe
  2⤵
  PID:11716
- C:\Windows\System\tAXxNwn.exe
  C:\Windows\System\tAXxNwn.exe
  2⤵
  PID:11744
- C:\Windows\System\EojHqYf.exe
  C:\Windows\System\EojHqYf.exe
  2⤵
  PID:11772
- C:\Windows\System\bRqVKUJ.exe
  C:\Windows\System\bRqVKUJ.exe
  2⤵
  PID:11832
- C:\Windows\System\oCoLQRz.exe
  C:\Windows\System\oCoLQRz.exe
  2⤵
  PID:11868
- C:\Windows\System\mqpJnQS.exe
  C:\Windows\System\mqpJnQS.exe
  2⤵
  PID:11916
- C:\Windows\System\ocPrpEM.exe
  C:\Windows\System\ocPrpEM.exe
  2⤵
  PID:11932
- C:\Windows\System\TpRAefO.exe
  C:\Windows\System\TpRAefO.exe
  2⤵
  PID:11960
- C:\Windows\System\jIldEeh.exe
  C:\Windows\System\jIldEeh.exe
  2⤵
  PID:11996
- C:\Windows\System\wZWVJNE.exe
  C:\Windows\System\wZWVJNE.exe
  2⤵
  PID:12024
- C:\Windows\System\wPtqzDs.exe
  C:\Windows\System\wPtqzDs.exe
  2⤵
  PID:12052
- C:\Windows\System\FbSjxxl.exe
  C:\Windows\System\FbSjxxl.exe
  2⤵
  PID:12080
- C:\Windows\System\QFYDjSY.exe
  C:\Windows\System\QFYDjSY.exe
  2⤵
  PID:12108
- C:\Windows\System\NrUTMca.exe
  C:\Windows\System\NrUTMca.exe
  2⤵
  PID:12136
- C:\Windows\System\GJezKqw.exe
  C:\Windows\System\GJezKqw.exe
  2⤵
  PID:12176
- C:\Windows\System\MGoOEcp.exe
  C:\Windows\System\MGoOEcp.exe
  2⤵
  PID:12192
- C:\Windows\System\kmHrPtJ.exe
  C:\Windows\System\kmHrPtJ.exe
  2⤵
  PID:12220
- C:\Windows\System\tAovUqe.exe
  C:\Windows\System\tAovUqe.exe
  2⤵
  PID:12276
- C:\Windows\System\oboBspm.exe
  C:\Windows\System\oboBspm.exe
  2⤵
  PID:11272
- C:\Windows\System\KVwqzyX.exe
  C:\Windows\System\KVwqzyX.exe
  2⤵
  PID:11384
- C:\Windows\System\gSOoKaQ.exe
  C:\Windows\System\gSOoKaQ.exe
  2⤵
  PID:4340
- C:\Windows\System\ueSRZNH.exe
  C:\Windows\System\ueSRZNH.exe
  2⤵
  PID:11472
- C:\Windows\System\vGyuUoI.exe
  C:\Windows\System\vGyuUoI.exe
  2⤵
  PID:9844
- C:\Windows\System\RxjHYXz.exe
  C:\Windows\System\RxjHYXz.exe
  2⤵
  PID:11620
- C:\Windows\System\odYmXOT.exe
  C:\Windows\System\odYmXOT.exe
  2⤵
  PID:11680
- C:\Windows\System\heEriLk.exe
  C:\Windows\System\heEriLk.exe
  2⤵
  PID:11740
- C:\Windows\System\hVEJnoh.exe
  C:\Windows\System\hVEJnoh.exe
  2⤵
  PID:11848
- C:\Windows\System\rLjvxEm.exe
  C:\Windows\System\rLjvxEm.exe
  2⤵
  PID:11056
- C:\Windows\System\FRaWhcy.exe
  C:\Windows\System\FRaWhcy.exe
  2⤵
  PID:11888
- C:\Windows\System\bGWUmQd.exe
  C:\Windows\System\bGWUmQd.exe
  2⤵
  PID:11952
- C:\Windows\System\ExhYVhI.exe
  C:\Windows\System\ExhYVhI.exe
  2⤵
  PID:2488
- C:\Windows\System\hUGXBdN.exe
  C:\Windows\System\hUGXBdN.exe
  2⤵
  PID:8876
- C:\Windows\System\EcqPTxW.exe
  C:\Windows\System\EcqPTxW.exe
  2⤵
  PID:12020
- C:\Windows\System\LmzLtnE.exe
  C:\Windows\System\LmzLtnE.exe
  2⤵
  PID:12076
- C:\Windows\System\MRPJoAn.exe
  C:\Windows\System\MRPJoAn.exe
  2⤵
  PID:12128
- C:\Windows\System\NabuzfE.exe
  C:\Windows\System\NabuzfE.exe
  2⤵
  PID:12188
- C:\Windows\System\dxkHNUO.exe
  C:\Windows\System\dxkHNUO.exe
  2⤵
  PID:11284
- C:\Windows\System\ZBqaToj.exe
  C:\Windows\System\ZBqaToj.exe
  2⤵
  PID:11408
- C:\Windows\System\niDYAxO.exe
  C:\Windows\System\niDYAxO.exe
  2⤵
  PID:11560
- C:\Windows\System\ffVHhNQ.exe
  C:\Windows\System\ffVHhNQ.exe
  2⤵
  PID:11708
- C:\Windows\System\DzAKmoo.exe
  C:\Windows\System\DzAKmoo.exe
  2⤵
  PID:10892
- C:\Windows\System\JTrSfjr.exe
  C:\Windows\System\JTrSfjr.exe
  2⤵
  PID:11884
- C:\Windows\System\GehUtaj.exe
  C:\Windows\System\GehUtaj.exe
  2⤵
  PID:3224
- C:\Windows\System\WKOYoCq.exe
  C:\Windows\System\WKOYoCq.exe
  2⤵
  PID:8840
- C:\Windows\System\adxDBkx.exe
  C:\Windows\System\adxDBkx.exe
  2⤵
  PID:12104
- C:\Windows\System\dRHAbai.exe
  C:\Windows\System\dRHAbai.exe
  2⤵
  PID:12268
- C:\Windows\System\YvdHQLZ.exe
  C:\Windows\System\YvdHQLZ.exe
  2⤵
  PID:11476
- C:\Windows\System\MdyXYhf.exe
  C:\Windows\System\MdyXYhf.exe
  2⤵
  PID:11828
- C:\Windows\System\hZixpur.exe
  C:\Windows\System\hZixpur.exe
  2⤵
  PID:3488
- C:\Windows\System\iITXoCW.exe
  C:\Windows\System\iITXoCW.exe
  2⤵
  PID:2384
- C:\Windows\System\zWkbKPq.exe
  C:\Windows\System\zWkbKPq.exe
  2⤵
  PID:11636
- C:\Windows\System\ekDoTfU.exe
  C:\Windows\System\ekDoTfU.exe
  2⤵
  PID:8856
- C:\Windows\System\WVNxtei.exe
  C:\Windows\System\WVNxtei.exe
  2⤵
  PID:10748
- C:\Windows\System\zcbqZMj.exe
  C:\Windows\System\zcbqZMj.exe
  2⤵
  PID:11500
- C:\Windows\System\ZtVDLhY.exe
  C:\Windows\System\ZtVDLhY.exe
  2⤵
  PID:868
- C:\Windows\System\lJJPxSf.exe
  C:\Windows\System\lJJPxSf.exe
  2⤵
  PID:12296
- C:\Windows\System\VFNbAlv.exe
  C:\Windows\System\VFNbAlv.exe
  2⤵
  PID:12324
- C:\Windows\System\eMnYunj.exe
  C:\Windows\System\eMnYunj.exe
  2⤵
  PID:12352
- C:\Windows\System\MUKFVcJ.exe
  C:\Windows\System\MUKFVcJ.exe
  2⤵
  PID:12380
- C:\Windows\System\erBMTZp.exe
  C:\Windows\System\erBMTZp.exe
  2⤵
  PID:12408
- C:\Windows\System\gMDraij.exe
  C:\Windows\System\gMDraij.exe
  2⤵
  PID:12436
- C:\Windows\System\xBtWfvM.exe
  C:\Windows\System\xBtWfvM.exe
  2⤵
  PID:12464
- C:\Windows\System\EqeJmAG.exe
  C:\Windows\System\EqeJmAG.exe
  2⤵
  PID:12492
- C:\Windows\System\mxpXhTj.exe
  C:\Windows\System\mxpXhTj.exe
  2⤵
  PID:12520
- C:\Windows\System\ooselof.exe
  C:\Windows\System\ooselof.exe
  2⤵
  PID:12548
- C:\Windows\System\DapLGpu.exe
  C:\Windows\System\DapLGpu.exe
  2⤵
  PID:12576
- C:\Windows\System\sASgJim.exe
  C:\Windows\System\sASgJim.exe
  2⤵
  PID:12604
- C:\Windows\System\zwVzbjw.exe
  C:\Windows\System\zwVzbjw.exe
  2⤵
  PID:12632
- C:\Windows\System\NGngPKX.exe
  C:\Windows\System\NGngPKX.exe
  2⤵
  PID:12660
- C:\Windows\System\WUqHhBZ.exe
  C:\Windows\System\WUqHhBZ.exe
  2⤵
  PID:12688
- C:\Windows\System\WBXYuuo.exe
  C:\Windows\System\WBXYuuo.exe
  2⤵
  PID:12716
- C:\Windows\System\vQGuwRa.exe
  C:\Windows\System\vQGuwRa.exe
  2⤵
  PID:12744
- C:\Windows\System\jBTIaOV.exe
  C:\Windows\System\jBTIaOV.exe
  2⤵
  PID:12772
- C:\Windows\System\GhiPcnV.exe
  C:\Windows\System\GhiPcnV.exe
  2⤵
  PID:12804
- C:\Windows\System\AJDZbyC.exe
  C:\Windows\System\AJDZbyC.exe
  2⤵
  PID:12832
- C:\Windows\System\RzrqrVh.exe
  C:\Windows\System\RzrqrVh.exe
  2⤵
  PID:12860
- C:\Windows\System\cgjWKeG.exe
  C:\Windows\System\cgjWKeG.exe
  2⤵
  PID:12888
- C:\Windows\System\jXUvyLP.exe
  C:\Windows\System\jXUvyLP.exe
  2⤵
  PID:12916
- C:\Windows\System\mhDxbPc.exe
  C:\Windows\System\mhDxbPc.exe
  2⤵
  PID:12944
- C:\Windows\System\JYaqEeV.exe
  C:\Windows\System\JYaqEeV.exe
  2⤵
  PID:12972
- C:\Windows\System\SzJfkIM.exe
  C:\Windows\System\SzJfkIM.exe
  2⤵
  PID:13000
- C:\Windows\System\kPHiYws.exe
  C:\Windows\System\kPHiYws.exe
  2⤵
  PID:13028
- C:\Windows\System\PAFPQkL.exe
  C:\Windows\System\PAFPQkL.exe
  2⤵
  PID:13056
- C:\Windows\System\UWxdIUb.exe
  C:\Windows\System\UWxdIUb.exe
  2⤵
  PID:13084
- C:\Windows\System\RAemkGI.exe
  C:\Windows\System\RAemkGI.exe
  2⤵
  PID:13112
- C:\Windows\System\kYJNUTP.exe
  C:\Windows\System\kYJNUTP.exe
  2⤵
  PID:13140
- C:\Windows\System\AeedDVR.exe
  C:\Windows\System\AeedDVR.exe
  2⤵
  PID:13168
- C:\Windows\System\yAWHvaX.exe
  C:\Windows\System\yAWHvaX.exe
  2⤵
  PID:13196
- C:\Windows\System\cuzIwCW.exe
  C:\Windows\System\cuzIwCW.exe
  2⤵
  PID:13224
- C:\Windows\System\nOEAsKA.exe
  C:\Windows\System\nOEAsKA.exe
  2⤵
  PID:13252
- C:\Windows\System\TexumPb.exe
  C:\Windows\System\TexumPb.exe
  2⤵
  PID:13280
- C:\Windows\System\hODwQHg.exe
  C:\Windows\System\hODwQHg.exe
  2⤵
  PID:13308
- C:\Windows\System\yDaQQUN.exe
  C:\Windows\System\yDaQQUN.exe
  2⤵
  PID:12344
- C:\Windows\System\OdTNfTF.exe
  C:\Windows\System\OdTNfTF.exe
  2⤵
  PID:12404
- C:\Windows\System\yMpDHos.exe
  C:\Windows\System\yMpDHos.exe
  2⤵
  PID:12476
- C:\Windows\System\DHnPTrX.exe
  C:\Windows\System\DHnPTrX.exe
  2⤵
  PID:12540
- C:\Windows\System\PNZevFR.exe
  C:\Windows\System\PNZevFR.exe
  2⤵
  PID:12600
- C:\Windows\System\lkBQLFU.exe
  C:\Windows\System\lkBQLFU.exe
  2⤵
  PID:12644
- C:\Windows\System\wUFofJz.exe
  C:\Windows\System\wUFofJz.exe
  2⤵
  PID:12700
- C:\Windows\System\bjtbbVv.exe
  C:\Windows\System\bjtbbVv.exe
  2⤵
  PID:12736
- C:\Windows\System\wcPxfpn.exe
  C:\Windows\System\wcPxfpn.exe
  2⤵
  PID:12784
- C:\Windows\System\eAVABUd.exe
  C:\Windows\System\eAVABUd.exe
  2⤵
  PID:12844
- C:\Windows\System\BHTbbPc.exe
  C:\Windows\System\BHTbbPc.exe
  2⤵
  PID:12912
- C:\Windows\System\gcMoaND.exe
  C:\Windows\System\gcMoaND.exe
  2⤵
  PID:12984
- C:\Windows\System\hHtpfjn.exe
  C:\Windows\System\hHtpfjn.exe
  2⤵
  PID:13048
- C:\Windows\System\xomMJhj.exe
  C:\Windows\System\xomMJhj.exe
  2⤵
  PID:13108
- C:\Windows\System\HlxSmvH.exe
  C:\Windows\System\HlxSmvH.exe
  2⤵
  PID:13180
- C:\Windows\System\uejibLQ.exe
  C:\Windows\System\uejibLQ.exe
  2⤵
  PID:13236
- C:\Windows\System\WphViWz.exe
  C:\Windows\System\WphViWz.exe
  2⤵
  PID:13300
- C:\Windows\System\fAHVxVU.exe
  C:\Windows\System\fAHVxVU.exe
  2⤵
  PID:12400
- C:\Windows\System\XyxqMnF.exe
  C:\Windows\System\XyxqMnF.exe
  2⤵
  PID:12516
- C:\Windows\System\fGwkJew.exe
  C:\Windows\System\fGwkJew.exe
  2⤵
  PID:3256
- C:\Windows\System\vBNXjOE.exe
  C:\Windows\System\vBNXjOE.exe
  2⤵
  PID:2248
- C:\Windows\System\tDOAqZi.exe
  C:\Windows\System\tDOAqZi.exe
  2⤵
  PID:2712
- C:\Windows\System\hGdZCdT.exe
  C:\Windows\System\hGdZCdT.exe
  2⤵
  PID:12964
- C:\Windows\System\mzjvjsj.exe
  C:\Windows\System\mzjvjsj.exe
  2⤵
  PID:13104
- C:\Windows\System\yrkNnWi.exe
  C:\Windows\System\yrkNnWi.exe
  2⤵
  PID:13264
- C:\Windows\System\mnUWOQu.exe
  C:\Windows\System\mnUWOQu.exe
  2⤵
  PID:12460
- C:\Windows\System\xdNgPPb.exe
  C:\Windows\System\xdNgPPb.exe
  2⤵
  PID:12728
- C:\Windows\System\fhSfWeB.exe
  C:\Windows\System\fhSfWeB.exe
  2⤵
  PID:12828
- C:\Windows\System\jdGGHMF.exe
  C:\Windows\System\jdGGHMF.exe
  2⤵
  PID:2596
- C:\Windows\System\TeuaKgC.exe
  C:\Windows\System\TeuaKgC.exe
  2⤵
  PID:12624
- C:\Windows\System\WmIByNu.exe
  C:\Windows\System\WmIByNu.exe
  2⤵
  PID:13040
- C:\Windows\System\RVeAIaR.exe
  C:\Windows\System\RVeAIaR.exe
  2⤵
  PID:1212
- C:\Windows\System\GHFYfwJ.exe
  C:\Windows\System\GHFYfwJ.exe
  2⤵
  PID:13320
- C:\Windows\System\CSJRdRY.exe
  C:\Windows\System\CSJRdRY.exe
  2⤵
  PID:13348
- C:\Windows\System\ZHoRnuW.exe
  C:\Windows\System\ZHoRnuW.exe
  2⤵
  PID:13376
- C:\Windows\System\YqxcuRZ.exe
  C:\Windows\System\YqxcuRZ.exe
  2⤵
  PID:13404
- C:\Windows\System\LBMEaJg.exe
  C:\Windows\System\LBMEaJg.exe
  2⤵
  PID:13436
- C:\Windows\System\QgDfszH.exe
  C:\Windows\System\QgDfszH.exe
  2⤵
  PID:13464
- C:\Windows\System\DKEcLfj.exe
  C:\Windows\System\DKEcLfj.exe
  2⤵
  PID:13492
- C:\Windows\System\bPyYbcS.exe
  C:\Windows\System\bPyYbcS.exe
  2⤵
  PID:13520
- C:\Windows\System\fMKCuyV.exe
  C:\Windows\System\fMKCuyV.exe
  2⤵
  PID:13548
- C:\Windows\System\YYjcJLy.exe
  C:\Windows\System\YYjcJLy.exe
  2⤵
  PID:13576
- C:\Windows\System\PhgZiJK.exe
  C:\Windows\System\PhgZiJK.exe
  2⤵
  PID:13612
- C:\Windows\System\ZqDLTAz.exe
  C:\Windows\System\ZqDLTAz.exe
  2⤵
  PID:13632
- C:\Windows\System\PfSkSzk.exe
  C:\Windows\System\PfSkSzk.exe
  2⤵
  PID:13660
- C:\Windows\System\UdrWdvl.exe
  C:\Windows\System\UdrWdvl.exe
  2⤵
  PID:13688
- C:\Windows\System\icNezoK.exe
  C:\Windows\System\icNezoK.exe
  2⤵
  PID:13716
- C:\Windows\System\ZOuaHfI.exe
  C:\Windows\System\ZOuaHfI.exe
  2⤵
  PID:13744
- C:\Windows\System\ZBgjNui.exe
  C:\Windows\System\ZBgjNui.exe
  2⤵
  PID:13772
- C:\Windows\System\LZTxcvN.exe
  C:\Windows\System\LZTxcvN.exe
  2⤵
  PID:13800
- C:\Windows\System\mmVcXqP.exe
  C:\Windows\System\mmVcXqP.exe
  2⤵
  PID:13828
- C:\Windows\System\vAPRNTe.exe
  C:\Windows\System\vAPRNTe.exe
  2⤵
  PID:13856
- C:\Windows\System\YLUzvQq.exe
  C:\Windows\System\YLUzvQq.exe
  2⤵
  PID:13884
- C:\Windows\System\SKudOva.exe
  C:\Windows\System\SKudOva.exe
  2⤵
  PID:13912
- C:\Windows\System\gOGfMqN.exe
  C:\Windows\System\gOGfMqN.exe
  2⤵
  PID:13940
- C:\Windows\System\inYIkbC.exe
  C:\Windows\System\inYIkbC.exe
  2⤵
  PID:13968
- C:\Windows\System\wEpaKKV.exe
  C:\Windows\System\wEpaKKV.exe
  2⤵
  PID:13996
- C:\Windows\System\kQEovEw.exe
  C:\Windows\System\kQEovEw.exe
  2⤵
  PID:14028
- C:\Windows\System\pJKJUTC.exe
  C:\Windows\System\pJKJUTC.exe
  2⤵
  PID:14052
- C:\Windows\System\SdYOegB.exe
  C:\Windows\System\SdYOegB.exe
  2⤵
  PID:14080
- C:\Windows\System\coyPeUg.exe
  C:\Windows\System\coyPeUg.exe
  2⤵
  PID:14108
- C:\Windows\System\hyWunaG.exe
  C:\Windows\System\hyWunaG.exe
  2⤵
  PID:14136
- C:\Windows\System\OlAiOqD.exe
  C:\Windows\System\OlAiOqD.exe
  2⤵
  PID:14164
- C:\Windows\System\IExOqEJ.exe
  C:\Windows\System\IExOqEJ.exe
  2⤵
  PID:14192
- C:\Windows\System\dfKkvsa.exe
  C:\Windows\System\dfKkvsa.exe
  2⤵
  PID:14220
- C:\Windows\System\XZWJgqe.exe
  C:\Windows\System\XZWJgqe.exe
  2⤵
  PID:14252
- C:\Windows\System\oWZjXeI.exe
  C:\Windows\System\oWZjXeI.exe
  2⤵
  PID:14280
- C:\Windows\System\kfDRQBF.exe
  C:\Windows\System\kfDRQBF.exe
  2⤵
  PID:14308
- C:\Windows\System\JaFfGHz.exe
  C:\Windows\System\JaFfGHz.exe
  2⤵
  PID:12596
- C:\Windows\System\KmMWmMk.exe
  C:\Windows\System\KmMWmMk.exe
  2⤵
  PID:13372
- C:\Windows\System\hRGhiuQ.exe
  C:\Windows\System\hRGhiuQ.exe
  2⤵
  PID:13448
- C:\Windows\System\VccZmFd.exe
  C:\Windows\System\VccZmFd.exe
  2⤵
  PID:13512
- C:\Windows\System\ahYVylV.exe
  C:\Windows\System\ahYVylV.exe
  2⤵
  PID:13560
- C:\Windows\System\ppQnGbw.exe
  C:\Windows\System\ppQnGbw.exe
  2⤵
  PID:13624
- C:\Windows\System\WIlnwbg.exe
  C:\Windows\System\WIlnwbg.exe
  2⤵
  PID:13684
- C:\Windows\System\mSSMnNz.exe
  C:\Windows\System\mSSMnNz.exe
  2⤵
  PID:13756
- C:\Windows\System\LmbxOLC.exe
  C:\Windows\System\LmbxOLC.exe
  2⤵
  PID:13812
- C:\Windows\System\tiuTwQG.exe
  C:\Windows\System\tiuTwQG.exe
  2⤵
  PID:13876
- C:\Windows\System\fZQqcLx.exe
  C:\Windows\System\fZQqcLx.exe
  2⤵
  PID:13936
- C:\Windows\System\lZWgMGZ.exe
  C:\Windows\System\lZWgMGZ.exe
  2⤵
  PID:14008
- C:\Windows\System\pHUyLgR.exe
  C:\Windows\System\pHUyLgR.exe
  2⤵
  PID:13412
- C:\Windows\System\mJpYPhW.exe
  C:\Windows\System\mJpYPhW.exe
  2⤵
  PID:14128
- C:\Windows\System\lwZxXVX.exe
  C:\Windows\System\lwZxXVX.exe
  2⤵
  PID:14188
- C:\Windows\System\QBxsJnR.exe
  C:\Windows\System\QBxsJnR.exe
  2⤵
  PID:14264
- C:\Windows\System\FpYynPz.exe
  C:\Windows\System\FpYynPz.exe
  2⤵
  PID:14304
- C:\Windows\System\oqTKpiR.exe
  C:\Windows\System\oqTKpiR.exe
  2⤵
  PID:13400
- C:\Windows\System\RzFvqyy.exe
  C:\Windows\System\RzFvqyy.exe
  2⤵
  PID:13504
- C:\Windows\System\utMmqSu.exe
  C:\Windows\System\utMmqSu.exe
  2⤵
  PID:13652
- C:\Windows\System\oGjOFVD.exe
  C:\Windows\System\oGjOFVD.exe
  2⤵
  PID:13792
- C:\Windows\System\KrwMHPF.exe
  C:\Windows\System\KrwMHPF.exe
  2⤵
  PID:13932
- C:\Windows\System\qImORmp.exe
  C:\Windows\System\qImORmp.exe
  2⤵
  PID:14048
- C:\Windows\System\fOWyaXt.exe
  C:\Windows\System\fOWyaXt.exe
  2⤵
  PID:14216
- C:\Windows\System\VwMlNRL.exe
  C:\Windows\System\VwMlNRL.exe
  2⤵
  PID:5556
- C:\Windows\System\HEyoJsA.exe
  C:\Windows\System\HEyoJsA.exe
  2⤵
  PID:13784
- C:\Windows\System\TKIFcqA.exe
  C:\Windows\System\TKIFcqA.exe
  2⤵
  PID:13988
- C:\Windows\System\jccsjQj.exe
  C:\Windows\System\jccsjQj.exe
  2⤵
  PID:14328
- C:\Windows\System\ykxjAtw.exe
  C:\Windows\System\ykxjAtw.exe
  2⤵
  PID:13476
- C:\Windows\System\itwWakG.exe
  C:\Windows\System\itwWakG.exe
  2⤵
  PID:5708
- C:\Windows\System\xLLRDmq.exe
  C:\Windows\System\xLLRDmq.exe
  2⤵
  PID:14092
- C:\Windows\System\cBRQYrP.exe
  C:\Windows\System\cBRQYrP.exe
  2⤵
  PID:14120
- C:\Windows\System\myVTGwf.exe
  C:\Windows\System\myVTGwf.exe
  2⤵
  PID:14368
- C:\Windows\System\CaDqZvE.exe
  C:\Windows\System\CaDqZvE.exe
  2⤵
  PID:14396
- C:\Windows\System\nFJHqHw.exe
  C:\Windows\System\nFJHqHw.exe
  2⤵
  PID:14424
- C:\Windows\System\TdDDQXf.exe
  C:\Windows\System\TdDDQXf.exe
  2⤵
  PID:14452
- C:\Windows\System\UjDAZiH.exe
  C:\Windows\System\UjDAZiH.exe
  2⤵
  PID:14480
- C:\Windows\System\teTjAYU.exe
  C:\Windows\System\teTjAYU.exe
  2⤵
  PID:14508
- C:\Windows\System\ZefHsRk.exe
  C:\Windows\System\ZefHsRk.exe
  2⤵
  PID:14536
- C:\Windows\System\pdDiemt.exe
  C:\Windows\System\pdDiemt.exe
  2⤵
  PID:14564
- C:\Windows\System\fEjhEaK.exe
  C:\Windows\System\fEjhEaK.exe
  2⤵
  PID:14592
- C:\Windows\System\HUOxwdg.exe
  C:\Windows\System\HUOxwdg.exe
  2⤵
  PID:14620
- C:\Windows\System\ehlOmHm.exe
  C:\Windows\System\ehlOmHm.exe
  2⤵
  PID:14648
- C:\Windows\System\YhdzZLq.exe
  C:\Windows\System\YhdzZLq.exe
  2⤵
  PID:14676
- C:\Windows\System\NPxfFlr.exe
  C:\Windows\System\NPxfFlr.exe
  2⤵
  PID:14708
- C:\Windows\System\eVBqDus.exe
  C:\Windows\System\eVBqDus.exe
  2⤵
  PID:14736
- C:\Windows\System\LmpfEXl.exe
  C:\Windows\System\LmpfEXl.exe
  2⤵
  PID:14764
- C:\Windows\System\HJgeJUM.exe
  C:\Windows\System\HJgeJUM.exe
  2⤵
  PID:14792
- C:\Windows\System\eTMYBeQ.exe
  C:\Windows\System\eTMYBeQ.exe
  2⤵
  PID:14820
- C:\Windows\System\JhzlGYe.exe
  C:\Windows\System\JhzlGYe.exe
  2⤵
  PID:14848
- C:\Windows\System\PaxZQDv.exe
  C:\Windows\System\PaxZQDv.exe
  2⤵
  PID:14876
- C:\Windows\System\ULfHOcc.exe
  C:\Windows\System\ULfHOcc.exe
  2⤵
  PID:14904
- C:\Windows\System\ZWfxsFS.exe
  C:\Windows\System\ZWfxsFS.exe
  2⤵
  PID:14932
- C:\Windows\System\upxSWdG.exe
  C:\Windows\System\upxSWdG.exe
  2⤵
  PID:14960
- C:\Windows\System\RpYxbXu.exe
  C:\Windows\System\RpYxbXu.exe
  2⤵
  PID:14988
- C:\Windows\System\LMCAYyj.exe
  C:\Windows\System\LMCAYyj.exe
  2⤵
  PID:15016
- C:\Windows\System\Qdzvvvd.exe
  C:\Windows\System\Qdzvvvd.exe
  2⤵
  PID:15044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMjOcAY.exe

Filesize
6.1MB

MD5
92e991b531815051f4ef7e4f20b0dc54

SHA1
01856e84db7301737426be2172e52e2479200fda

SHA256
7e45bc98676c4216e41ebb946a20ca94c78e24f98702857b956f01e4c03ec176

SHA512
97e3d3bbec1d33565f91b1be4ab5f94855d217108fbe44d00c596a63862c96b2189b964147f2b3c0f774443d558510139400d8ccbbbe533079b2303f3781a324

Download Submit
C:\Windows\System\BDWQlHn.exe

Filesize
6.0MB

MD5
e1f6f03aa5fb0deca5ebf0a1bd572e9c

SHA1
43d24ebca7069be8028e16984eeccba01a6275f7

SHA256
eac6685c9d89563c9b43e5f4dbaf4191ef557d8b370fd40ba953d21094856245

SHA512
ad11100517d0f92dde10da8ffb5c9444965aeb950a8713fc7a503f225845bc29b7a7622dafc482104816acce325c3db1a2ef498a9ef7ce49196810ee5265e5b3

Download Submit
C:\Windows\System\BVtwYsF.exe

Filesize
6.1MB

MD5
cae639f8f79646b78ccfd613e61b640a

SHA1
d6da271b2161cf4779bd785680c5f7a15beb9cab

SHA256
7ea0947f26a90afa24855f65689d09977313da64f086fe327b8ce9dd7b7e95d4

SHA512
909784550d2e39b81ee6f9b423a771321c2c10f2be0aeef754e4601595aeaa88110d29979090f0dc51778e9de39e12cf8bb034e2b1b07a6e78281538b9eb1e50

Download Submit
C:\Windows\System\CGhvxCM.exe

Filesize
6.0MB

MD5
c762689577fe837b0131e4ffb3ae974e

SHA1
e09c6ee9afe743fc9772ad45699955459c627a88

SHA256
c70d21b835fe3ad172bc52dbf71ae8b1a9e0e376b1ad768b1c87e7993d23a57a

SHA512
7749447a9011cfca41b478d41875e92549a84866b4ec4a661253f01d535120591650c65358881a01ca0adfe2df7c49fac4b0d070a7bb00813760d8596ba2b1eb

Download Submit
C:\Windows\System\DBftXiC.exe

Filesize
6.1MB

MD5
5e2fc06d17bf5169bb28429cee438501

SHA1
02b66049c920dc0fd02b364e48294a4cba923eba

SHA256
d0bf6e907db290b630c25e9b58206c967b9dcf7b2ad143fcb7b04bebe4f8dece

SHA512
397be93a04016c8fa2a30fe13e6b72fa93cc287aa605f6e0f601cc01569970b4410bdbff0f86c879357bd5734c7963017d8b3ef4865ca9e8897931f60a178609

Download Submit
C:\Windows\System\ErdGoqb.exe

Filesize
6.0MB

MD5
6e9f0841e46691494316ef12d5b8ce86

SHA1
3550f0aa55992c9bb47c583443bd96ebc29e69fd

SHA256
a715370084acc0bacd43f2cb81198998be96e3ca831568df4ec29998195a2bbd

SHA512
01623fa3a0cbc7f0f6bb6f59e4a6c26007f37da132e46d4e76a249560e27f00963796e6606a232bac355b40a45b24f27f790cf6f7cb60c03acc988d0ea5b7031

Download Submit
C:\Windows\System\GpnZAeb.exe

Filesize
6.0MB

MD5
cd6b8f0140eb06db74910b68e8f209c3

SHA1
fa8f29a9e05da10fde1fb0e85e98e95fc281d84e

SHA256
9d9b952511ed65db450425abdb906475dcb2b4275c50c305366398677743f08e

SHA512
ed24ccd87cda428a3cf03dd13c0970dc90c520938b5ab7e2de3827721122c6b0f891e8fdddb13e42684885edcccc33a7a379724253931e049e45a0cf07507a5e

Download Submit
C:\Windows\System\JgbPRLX.exe

Filesize
6.1MB

MD5
c3f9945fd2215e1f08e15bda19b4d88d

SHA1
c20d1ea94b34ca92ae275562d6502276e2e1d02f

SHA256
c5b09e6d99cec34be5424b8a717f55865a5130a54fd4d4a91400b00c60580923

SHA512
a95324cb2be8c21c7eb2b147554f4d6d3b07bc51fea7cf4ad6b3ce2d1926a029a30c3b3f0a945ae21ce6fe3d2d9039f9150e73c81cb8b55e033c87b5146f4105

Download Submit
C:\Windows\System\LduVOWQ.exe

Filesize
6.0MB

MD5
a4a626aef96b3555a1e5edad9407ddfd

SHA1
c40ebe53d07f5bd9f3d7400cceb47dbcee4bd2a9

SHA256
a2d3a15c3c972b49d0391b69e3fe6e0842265a6f227ac6645e36d0d2c4dbd25c

SHA512
4f1f875103a38a8836a5b89ea0f62b99858627de889c6a24758b060a8ebe97c5415d041f5d925f076b45f4822e927044e5b69f7c191938d1ca1db7b71a998af8

Download Submit
C:\Windows\System\MFEsvaA.exe

Filesize
6.0MB

MD5
04c164b0be55b225d2608570280b986e

SHA1
f062a257c1c2e034dd77e31e253995349d4b6f2c

SHA256
8b2c30bea3a944c361339ee355164e02c41ba3641647ed0cd4c5eca29fe96607

SHA512
580cc78f33d5d990a13b52c65c0531a1310c56039847aabaa97eb65d988c77903f9e94a6f79d8d37d5eb7561459e1022288eaeb1a78f9730efaa6f690a36ad04

Download Submit
C:\Windows\System\MOKmKyN.exe

Filesize
6.0MB

MD5
24ffa76788dc3bdc04c6fe93ed8f7f2b

SHA1
e2b28331dfce6e24125b085f86ce7b3da0cf0e41

SHA256
fcc587e7ab103b5f9f905fc1bbfa4d0c7647777ce5c66f72792af7dff56f0f09

SHA512
18e4d952c063ddca16f11743481638b37430d0caca774486e3ee7c06580186e935e675b8582d650634062ba7766929b31f3f1b52500c68c7df643861dd7d2967

Download Submit
C:\Windows\System\MxMBMEp.exe

Filesize
6.1MB

MD5
bc0167d236ad09f9f50b6701d461fd90

SHA1
fbf011232e53a20a2f58be1b9b2bb3666f860b5f

SHA256
0dcdc02c0acd6a32ac44ba5ade1644bacf378a788919c089386e2e4b1cd6f6f3

SHA512
786e6409664c16308b1403cebe502e66b3f564e2a991cc8b5fbdefc9c2eb06906df64197a66da16ccb63f7bb4e09082334007d51a591a9621fae4bb0eceee2e6

Download Submit
C:\Windows\System\NlTXGJm.exe

Filesize
6.1MB

MD5
c76bffbc7374547c0ce37733e5d68905

SHA1
4c62766125ec4520a57db071682f410390a20e50

SHA256
58a881f4026c05a07035d3b7fcebd0e2354a40892bca3db5b872f0e97d0442bc

SHA512
3cd86782ccece7fa97900074ff0d54fb82e5d45203dcc2f48d80195311a6fcf621160b4fb41bed0acb0a04c7bb82c28dc97a20c50ab6e95a1b9ac3f7f1f3ac75

Download Submit
C:\Windows\System\PGcyxix.exe

Filesize
6.0MB

MD5
adc18af41cfcaf0fb981231ca210b3f1

SHA1
e6860d91d8df1bce97f23633f85406cea37efb2b

SHA256
0288a85877bd6e393a7c4da21a95a440d6aba947e2a717176593f82abbd225c9

SHA512
6e2901f949c4c55f8040389bc830a481190b7ac269d5928299c0852eba320dbd7dfa691dd2bfc8f20cc687ab77e7243d7fa670c5b8bd01a487a268039ee92a72

Download Submit
C:\Windows\System\PwkmNnG.exe

Filesize
6.1MB

MD5
c0581568cb010a7e164a1986082a1c80

SHA1
00f32035a9fb3739800ecc9127bffa5df2751946

SHA256
e9a339dc273057fd730788ea912c15c20d9f6a7169dbc9d3f87415a40691636e

SHA512
0df52fe47fcbca75a6c9082012e1831bbcf620bce488ade910697cfc9a7804778cd1f2b3e68fbaee2d6a64920960b8beeeab8bbc6e697c8de1a68f9f4c7ae0e1

Download Submit
C:\Windows\System\TTQsMef.exe

Filesize
6.0MB

MD5
6265bfdd5e52c80df77b6e9e3609c937

SHA1
a9e0aabb9ebd3fd6c36f6351eec23008094e4520

SHA256
20e5923e5fdb96f4834d4b7a2583c686fef4b34e071e5d5d928565ea96879098

SHA512
dc522ade54b2fdc732ce2858f9843f7247ce4a01d16297c0b22b4ab952d24830c11070a9cbe2a17ee7b598ff7d3ef140edca83d85578fca747706e2432ed2b7a

Download Submit
C:\Windows\System\UBmJtwm.exe

Filesize
6.1MB

MD5
0a6a3882f49f2f6a05c1fb1409311fb6

SHA1
6e4e6038b9f26904294920589738a3283b4659d4

SHA256
549e30004ccdedfd3dc16891de727f98aba499149b5af6fb227565d348d9984a

SHA512
9ad9c2c05541067b7d1528eb79a7a5735601f35942ed48bd8e039501360b61c1489be6dbd623b24eab8ff075c708bd822456d60e438a98274d7144cc67705dc2

Download Submit
C:\Windows\System\UzaeRhs.exe

Filesize
6.1MB

MD5
0bb2f394cd1853afdca45830498f390e

SHA1
06a11f18d93f8dd01d060860002bb7a588f36c75

SHA256
9a6e4cc07c360db4ee62847aae389b47971493ea883a148d009be767d08c5d00

SHA512
680558e84c3562e67cc8c5048da2daee802ec90edb79fcd630b3a41b089e031c238f323014117a00531cde23507ab6f97ca2b4c16f47400e1db10d17a615444e

Download Submit
C:\Windows\System\WpnEjbG.exe

Filesize
6.1MB

MD5
3467ca8c74de78e08271c312a4528bb2

SHA1
1a97da058c3adb7bdae2755b51c5218fee6f07e5

SHA256
c84ccfda421cc2024ad26f1983b5800ab6f6e7c488b37d831197fd12e60f0571

SHA512
da4b511734986877e4f3c631a3861f7e891cba7926cb1e7e4156f2733c2372c50ae21915f3cf6e41ac3c2bec8752438e4655dac6f79b29881b88db05362e37a6

Download Submit
C:\Windows\System\XcZaydc.exe

Filesize
6.0MB

MD5
a996a03503656739c62bb421014875e8

SHA1
ab15181a66010150cbd0335e4f6f63779fa1d0cf

SHA256
d9710e1bb8df2e0e9191e8f7e850141af9d6ca32edf7629f684e476237788a27

SHA512
29c63755272f88de7e99973b493033ff4d2d60321c8b5daad876fa25d21c3cc0ea11fc41dc7b0caaafebaf4e81bc8e6c282e5a20f3b2e653b5d187bc7171bf5d

Download Submit
C:\Windows\System\YAfvdBj.exe

Filesize
6.1MB

MD5
81622ec95f1dfe2ab12830706dbb8253

SHA1
0da302a389216d919885741a43c42163fa267e89

SHA256
f09480ee47ee1e3b6f25b4269bcedb39dea0ddcc10cf153db3aee667d045b3c5

SHA512
0bba5bb3dfae4d320fe73189be4d191ed97d112da09feb9ae3da50e82a750f6440f3d697b303b81d853b554a3ce6aa28ba725e9eaf54a5be8fb577a2bde5c5ed

Download Submit
C:\Windows\System\ZAjtqcy.exe

Filesize
6.0MB

MD5
794f53e128f7b8d3ccceedcdef40d3d0

SHA1
0a05c2eb443c444c24324218c73b82a3b8813663

SHA256
183f421d87f7d461cafc6eef0393cc466f88deb4e087c80a82002c4c73d67513

SHA512
a7fb051c51d78fafcea6f2fbe16e70dd4315b3ac1b363de1e3da8dbb98c8bb2b1cd7e2ec0d1d43eebb6da04f4a4d2995895521e1de5f6cbec2dbcf06485b8c25

Download Submit
C:\Windows\System\cOKEUfP.exe

Filesize
6.0MB

MD5
362b0d25d3804e5a32145901191ba863

SHA1
c27bda89518966b2c8e10570ee119ca0a7b521f6

SHA256
c97fcf7fca7c969f245ba3150424ab6541573ee5698bbcc3dcbe7738bf21de46

SHA512
1e6acd104b4215f8c5a87f82d73027a9c4b6eb59fd09f11ee5a118c440c307638825b453af684276c9f9d1bd706ef2521609ba49a6f1c4b795b306c8b544b851

Download Submit
C:\Windows\System\cqzkzQY.exe

Filesize
6.0MB

MD5
edc5fa66d9750e6cc1b69e9ba4e8a325

SHA1
4feb591b93bf865cd6ef90efe77b77a19547c420

SHA256
ce9e69003c1493ad920179ef762fa780f7cd64e9a051e56e62a7c3715a47657e

SHA512
0c23bb148119e877e40f07363d679bbbdc349046347b7e1aff98795085982e0d1748fef65041c8182bf6e88e9732a958e687d0d7eaeb1ae4a903e0bc06f04a5a

Download Submit
C:\Windows\System\gjZyRBy.exe

Filesize
6.1MB

MD5
324b66749f5f32cc3ff57d9747def69a

SHA1
dbff4501922cbcb2d1f813e147a3e08243efbee0

SHA256
83933f063d1d6eb51170dbce355a26d4dd6e577abca4e459e5c967172e22fd4c

SHA512
dab52fbb4c0eab2a7fa8f543fdd6b181cea8109b6d74b967c5db40d69e386e74ed73ce71a83380717d21b1ba57f9be6d772ee6ef9a1e7888afe919f21e483089

Download Submit
C:\Windows\System\jgzKthI.exe

Filesize
6.0MB

MD5
e66b03e73450920053615ea5ade6bb76

SHA1
512a167d68cb29f8187e3094de0cef1b21caea51

SHA256
719eac95006ebf12919a8ee7ee936b4e4021d308de6d9c899a3bb1139596aa12

SHA512
3d0e5fbecb4a826fae6e2e27eae1d6fcfa77142fce4bc570245f8cadb9bc04dad8a52e79f2978fc2fc90e4c6caf82b246a697d68167da9aee14d656c300c5456

Download Submit
C:\Windows\System\mHecTxB.exe

Filesize
6.0MB

MD5
3a84a66ca8ff56eb991f9c6b364bc2a6

SHA1
eeaddd515733521b25d5071caff6ec4166171c30

SHA256
b5134a38cce4e68c164c8f3776aa592c0df87c806718996ba129ce2b2bcc6322

SHA512
cc0ec9ff706acc1976f4948a2a9c7ce212d619c39dbabcfa6e76d850e524c8d2de67fb01dcd69f6d872dd4aebcd984dee765dda7adc187735971b5f89ba26b23

Download Submit
C:\Windows\System\mpgXENX.exe

Filesize
6.0MB

MD5
588dc1b28c0bbe1eac106c80dfe6759f

SHA1
792e2a529d6122bf1e0f6136580d4d3effe95015

SHA256
e79e4646d8734ba12b2e914a6ef581a17d9bc7ac8ffc58e8123186b0459c3610

SHA512
e6f1ad3f3c7fa7483cfbc372a4ddb8449f80615fcffcbab6ab929d492ab9098a8413f84c811b1e57c43a2e4c07061f5232a6a53ba83770bb2e9102b7d6aa0827

Download Submit
C:\Windows\System\pDiMntU.exe

Filesize
6.0MB

MD5
45d102683108322f946f91cdd24e5f81

SHA1
a257e3c79ab598b625127f710c3325c98ee97111

SHA256
c05140a47b70459e383007b834b37cf1e7eed7fe79e6e8be2db9ceb30f95487b

SHA512
6afd5cf221543e32d6ba2d4a3a15c7b1cf289784878e1d815cf1266748f87f1b4f6775d127bae7588e684d00ef2ae1cb6ca04722e1924f4df5e549ef494d42b9

Download Submit
C:\Windows\System\qdWiWrQ.exe

Filesize
6.1MB

MD5
b734414a489c08b2d9106ec86cc0cff3

SHA1
6a1e2dbea3aad47e8868487078686399c7df4409

SHA256
554f19bc30cbf44a139404e6717fcbbd9d3a868d44d72f30c09bd50f2947dbb5

SHA512
565434fa7e2cc817152d4e94560e53679fc9cfed6540282b79b41f6c7760f3f04ce79aca646aa2235c64ceaf138a916997e02743dfdce5ad97f995af3cb01910

Download Submit
C:\Windows\System\ujCkYvY.exe

Filesize
6.1MB

MD5
2b5d4d6dd9be12f87d4957c6ca3ea12e

SHA1
423144cb98d370ab747679e3974133e2069c1ce1

SHA256
427b24979406907a252cabc7fb433fdd4cdd14013719721286307fc3b096be4e

SHA512
eff4647a2fe2cb66886de5bc4a9da977f4f41157e6b629a5a6c2dc8f0ea8d15e214170fa58f5d9c35d0d5a8418d574ec1eba548eccb189059ded875bf9cb7e3f

Download Submit
C:\Windows\System\yGJOdgp.exe

Filesize
6.1MB

MD5
3ea0862e03e2d915046b6004574e3a91

SHA1
5d82e65c1bfb1beee84b8c1933fbe3dc6e92fe56

SHA256
ac10a63d6585c5b8180b5252a4bff60253686216666d3eb1fe2cd08dc1e7924b

SHA512
7e7fb90c45fff8f03a31881a51dfcfdb684fd400331dd27ef752c87cf6346ebc5374c7233d6ac28645c6aa2899aa53dd8ad156d6efed4c83388fc4a745d5cfef

Download Submit
memory/348-2272-0x00007FF666EE0000-0x00007FF667234000-memory.dmp

Filesize
3.3MB

Download
memory/348-1314-0x00007FF666EE0000-0x00007FF667234000-memory.dmp

Filesize
3.3MB

Download
memory/348-56-0x00007FF666EE0000-0x00007FF667234000-memory.dmp

Filesize
3.3MB

Download
memory/392-2280-0x00007FF7F36D0000-0x00007FF7F3A24000-memory.dmp

Filesize
3.3MB

Download
memory/392-914-0x00007FF7F36D0000-0x00007FF7F3A24000-memory.dmp

Filesize
3.3MB

Download
memory/400-2292-0x00007FF65BCF0000-0x00007FF65C044000-memory.dmp

Filesize
3.3MB

Download
memory/400-924-0x00007FF65BCF0000-0x00007FF65C044000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2281-0x00007FF7D51E0000-0x00007FF7D5534000-memory.dmp

Filesize
3.3MB

Download
memory/1012-917-0x00007FF7D51E0000-0x00007FF7D5534000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2284-0x00007FF7BFF00000-0x00007FF7C0254000-memory.dmp

Filesize
3.3MB

Download
memory/1436-918-0x00007FF7BFF00000-0x00007FF7C0254000-memory.dmp

Filesize
3.3MB

Download
memory/1456-1074-0x00007FF757C60000-0x00007FF757FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-2115-0x00007FF757C60000-0x00007FF757FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-24-0x00007FF757C60000-0x00007FF757FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-32-0x00007FF63B530000-0x00007FF63B884000-memory.dmp

Filesize
3.3MB

Download
memory/1840-0-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp

Filesize
3.3MB

Download
memory/1840-69-0x00007FF6026B0000-0x00007FF602A04000-memory.dmp

Filesize
3.3MB

Download
memory/1840-1-0x0000019039160000-0x0000019039170000-memory.dmp

Filesize
64KB

Download
memory/1860-48-0x00007FF7DB920000-0x00007FF7DBC74000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2271-0x00007FF7DB920000-0x00007FF7DBC74000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1267-0x00007FF7DB920000-0x00007FF7DBC74000-memory.dmp

Filesize
3.3MB

Download
memory/2044-792-0x00007FF78E7B0000-0x00007FF78EB04000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2289-0x00007FF78E7B0000-0x00007FF78EB04000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2278-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp

Filesize
3.3MB

Download
memory/3112-932-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp

Filesize
3.3MB

Download
memory/3312-922-0x00007FF6AD420000-0x00007FF6AD774000-memory.dmp

Filesize
3.3MB

Download
memory/3312-2285-0x00007FF6AD420000-0x00007FF6AD774000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2290-0x00007FF63F890000-0x00007FF63FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3612-929-0x00007FF63F890000-0x00007FF63FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3644-2274-0x00007FF6D91B0000-0x00007FF6D9504000-memory.dmp

Filesize
3.3MB

Download
memory/3644-1491-0x00007FF6D91B0000-0x00007FF6D9504000-memory.dmp

Filesize
3.3MB

Download
memory/3644-75-0x00007FF6D91B0000-0x00007FF6D9504000-memory.dmp

Filesize
3.3MB

Download
memory/3648-64-0x00007FF679850000-0x00007FF679BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2275-0x00007FF679850000-0x00007FF679BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-1367-0x00007FF679850000-0x00007FF679BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-38-0x00007FF69D2A0000-0x00007FF69D5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-1266-0x00007FF69D2A0000-0x00007FF69D5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-794-0x00007FF675210000-0x00007FF675564000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2282-0x00007FF675210000-0x00007FF675564000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2276-0x00007FF7898F0000-0x00007FF789C44000-memory.dmp

Filesize
3.3MB

Download
memory/4000-787-0x00007FF7898F0000-0x00007FF789C44000-memory.dmp

Filesize
3.3MB

Download
memory/4036-930-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2089-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp

Filesize
3.3MB

Download
memory/4036-11-0x00007FF79DBB0000-0x00007FF79DF04000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2092-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp

Filesize
3.3MB

Download
memory/4180-18-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp

Filesize
3.3MB

Download
memory/4180-938-0x00007FF73CC30000-0x00007FF73CF84000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2279-0x00007FF758050000-0x00007FF7583A4000-memory.dmp

Filesize
3.3MB

Download
memory/4216-784-0x00007FF758050000-0x00007FF7583A4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2283-0x00007FF6B5130000-0x00007FF6B5484000-memory.dmp

Filesize
3.3MB

Download
memory/4464-788-0x00007FF6B5130000-0x00007FF6B5484000-memory.dmp

Filesize
3.3MB

Download
memory/4652-927-0x00007FF704C60000-0x00007FF704FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-2291-0x00007FF704C60000-0x00007FF704FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2095-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4736-76-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4736-6-0x00007FF77D910000-0x00007FF77DC64000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2277-0x00007FF6393E0000-0x00007FF639734000-memory.dmp

Filesize
3.3MB

Download
memory/4832-786-0x00007FF6393E0000-0x00007FF639734000-memory.dmp

Filesize
3.3MB

Download
memory/4836-923-0x00007FF668E10000-0x00007FF669164000-memory.dmp

Filesize
3.3MB

Download
memory/4836-2288-0x00007FF668E10000-0x00007FF669164000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2287-0x00007FF6AF460000-0x00007FF6AF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-791-0x00007FF6AF460000-0x00007FF6AF7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4952-47-0x00007FF72B080000-0x00007FF72B3D4000-memory.dmp

Filesize
3.3MB

Download
memory/4952-1313-0x00007FF72B080000-0x00007FF72B3D4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2273-0x00007FF710750000-0x00007FF710AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-70-0x00007FF710750000-0x00007FF710AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2286-0x00007FF6898B0000-0x00007FF689C04000-memory.dmp

Filesize
3.3MB

Download
memory/5084-793-0x00007FF6898B0000-0x00007FF689C04000-memory.dmp

Filesize
3.3MB

Download