cobaltstrike | 396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783

Analysis

max time kernel
105s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
Size

6.1MB
MD5

a68d17a79a147ac759939a978e7387cf
SHA1

34a62d36afcea9967a2cc77f3b4bccababb0d6d4
SHA256

396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783
SHA512

80925e317ef2cc283db24c56e44f77c25fac70add71d26adf14f1c1b9805f303ddbf97e101ed2ec28662d9dd32b79d07a317ba128d557ce528e601763d33e9ab
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00060000000236ea-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425f-9.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002425e-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024260-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024262-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024263-43.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024261-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024264-47.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002425b-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024265-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024267-65.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024268-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024269-83.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426a-89.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426b-95.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426c-103.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426e-120.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426d-113.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002426f-124.dat	cobalt_reflective_dll
behavioral2/files/0x000d0000000227b6-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024270-147.dat	cobalt_reflective_dll
behavioral2/files/0x0010000000024012-142.dat	cobalt_reflective_dll
behavioral2/files/0x000e000000024011-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000024271-155.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e6b8-164.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e6c5-174.dat	cobalt_reflective_dll
behavioral2/files/0x0005000000021593-178.dat	cobalt_reflective_dll
behavioral2/files/0x000600000001e6a9-173.dat	cobalt_reflective_dll
behavioral2/files/0x00060000000227b8-189.dat	cobalt_reflective_dll
behavioral2/files/0x0004000000022b5c-195.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022b6a-202.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022b6b-208.dat	cobalt_reflective_dll
behavioral2/files/0x0012000000023ffb-213.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2612-0-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp	xmrig
behavioral2/files/0x00060000000236ea-4.dat	xmrig
behavioral2/files/0x000700000002425f-9.dat	xmrig
behavioral2/memory/4560-7-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp	xmrig
behavioral2/files/0x000700000002425e-10.dat	xmrig
behavioral2/memory/3704-12-0x00007FF60E620000-0x00007FF60E974000-memory.dmp	xmrig
behavioral2/files/0x0007000000024260-23.dat	xmrig
behavioral2/memory/4144-19-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp	xmrig
behavioral2/memory/4108-24-0x00007FF762CE0000-0x00007FF763034000-memory.dmp	xmrig
behavioral2/files/0x0007000000024262-35.dat	xmrig
behavioral2/memory/3840-42-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp	xmrig
behavioral2/files/0x0007000000024263-43.dat	xmrig
behavioral2/memory/100-36-0x00007FF677F30000-0x00007FF678284000-memory.dmp	xmrig
behavioral2/files/0x0007000000024261-29.dat	xmrig
behavioral2/memory/2120-28-0x00007FF641F30000-0x00007FF642284000-memory.dmp	xmrig
behavioral2/files/0x0007000000024264-47.dat	xmrig
behavioral2/memory/4676-48-0x00007FF695B10000-0x00007FF695E64000-memory.dmp	xmrig
behavioral2/files/0x000800000002425b-55.dat	xmrig
behavioral2/memory/1632-57-0x00007FF6EA8B0000-0x00007FF6EAC04000-memory.dmp	xmrig
behavioral2/memory/2612-54-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp	xmrig
behavioral2/files/0x0007000000024265-60.dat	xmrig
behavioral2/files/0x0007000000024267-65.dat	xmrig
behavioral2/memory/3704-66-0x00007FF60E620000-0x00007FF60E974000-memory.dmp	xmrig
behavioral2/memory/4340-67-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp	xmrig
behavioral2/memory/604-64-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	xmrig
behavioral2/memory/4560-63-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp	xmrig
behavioral2/files/0x0007000000024268-74.dat	xmrig
behavioral2/memory/3156-78-0x00007FF63ED60000-0x00007FF63F0B4000-memory.dmp	xmrig
behavioral2/memory/4108-81-0x00007FF762CE0000-0x00007FF763034000-memory.dmp	xmrig
behavioral2/memory/2000-86-0x00007FF7B6B90000-0x00007FF7B6EE4000-memory.dmp	xmrig
behavioral2/memory/2120-85-0x00007FF641F30000-0x00007FF642284000-memory.dmp	xmrig
behavioral2/files/0x0007000000024269-83.dat	xmrig
behavioral2/memory/4144-75-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp	xmrig
behavioral2/files/0x000700000002426a-89.dat	xmrig
behavioral2/memory/4032-91-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp	xmrig
behavioral2/memory/100-90-0x00007FF677F30000-0x00007FF678284000-memory.dmp	xmrig
behavioral2/files/0x000700000002426b-95.dat	xmrig
behavioral2/memory/2160-98-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp	xmrig
behavioral2/memory/3840-97-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp	xmrig
behavioral2/files/0x000700000002426c-103.dat	xmrig
behavioral2/memory/4828-104-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp	xmrig
behavioral2/memory/4676-109-0x00007FF695B10000-0x00007FF695E64000-memory.dmp	xmrig
behavioral2/memory/2368-115-0x00007FF71CE40000-0x00007FF71D194000-memory.dmp	xmrig
behavioral2/memory/604-116-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	xmrig
behavioral2/memory/4340-119-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp	xmrig
behavioral2/memory/2256-118-0x00007FF71D300000-0x00007FF71D654000-memory.dmp	xmrig
behavioral2/files/0x000700000002426e-120.dat	xmrig
behavioral2/files/0x000700000002426d-113.dat	xmrig
behavioral2/files/0x000700000002426f-124.dat	xmrig
behavioral2/memory/4416-127-0x00007FF6E2F90000-0x00007FF6E32E4000-memory.dmp	xmrig
behavioral2/files/0x000d0000000227b6-130.dat	xmrig
behavioral2/memory/4512-135-0x00007FF6FFD10000-0x00007FF700064000-memory.dmp	xmrig
behavioral2/files/0x0007000000024270-147.dat	xmrig
behavioral2/memory/2160-148-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp	xmrig
behavioral2/memory/3344-149-0x00007FF68D2C0000-0x00007FF68D614000-memory.dmp	xmrig
behavioral2/memory/1476-144-0x00007FF702750000-0x00007FF702AA4000-memory.dmp	xmrig
behavioral2/files/0x0010000000024012-142.dat	xmrig
behavioral2/files/0x000e000000024011-140.dat	xmrig
behavioral2/memory/4032-139-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp	xmrig
behavioral2/memory/3968-131-0x00007FF6AA9C0000-0x00007FF6AAD14000-memory.dmp	xmrig
behavioral2/memory/4828-152-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp	xmrig
behavioral2/files/0x0007000000024271-155.dat	xmrig
behavioral2/files/0x000600000001e6b8-164.dat	xmrig
behavioral2/memory/3688-167-0x00007FF6232F0000-0x00007FF623644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4560	kKMnpgv.exe
3704	hjFoFmk.exe
4144	pUMAOuZ.exe
4108	nvxbfvO.exe
2120	EhvNTxx.exe
100	Nmrkvrp.exe
3840	OmrDZnt.exe
4676	ajHwqvj.exe
1632	JQLOXNo.exe
604	jqVVSzi.exe
4340	okAevKP.exe
3156	STijKQI.exe
2000	bqNOhAp.exe
4032	CZDqmqd.exe
2160	sHKnJxz.exe
4828	WLKVpOZ.exe
2368	zDXVnCj.exe
2256	bEjrPQb.exe
4416	tPbemAY.exe
3968	MeAZCRf.exe
4512	woZUcoX.exe
1476	ZnFmdTM.exe
3344	AciXYsv.exe
2332	nGfgydv.exe
3688	OaTQDwL.exe
4024	KtfOOwM.exe
3140	LXMxoDI.exe
3168	okiMsaK.exe
2140	qsJpAYu.exe
2116	FouLnEr.exe
2340	loFLDtC.exe
4876	pmvOfTL.exe
436	MrGiBtC.exe
4852	cjstPhm.exe
2372	PPcmvcx.exe
1344	CzfKoEC.exe
4484	QglGsUP.exe
1948	xGUeVAt.exe
4264	guDFnfJ.exe
3172	UJvLPpn.exe
2700	wuxeevz.exe
2932	RjEuVqe.exe
1892	rGrbKLQ.exe
4456	OZKAjAP.exe
4480	xscfnJj.exe
1480	NTfsfxJ.exe
1636	wBEEYUJ.exe
1292	VuRxVTo.exe
3092	aofciZM.exe
2136	ddsQwoE.exe
4628	LojWCww.exe
5000	QbRmMNb.exe
4808	fThXPls.exe
2284	lqzFqyj.exe
2972	iOsoqQx.exe
4744	ciRQOHv.exe
1928	MwwpwRL.exe
804	yfOPncS.exe
4088	fzgPMhv.exe
2544	eFSNIfb.exe
3120	AAymZWE.exe
5116	JfXcAgG.exe
3392	VGFZNCn.exe
5060	MXwUldV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2612-0-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp	upx
behavioral2/files/0x00060000000236ea-4.dat	upx
behavioral2/files/0x000700000002425f-9.dat	upx
behavioral2/memory/4560-7-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp	upx
behavioral2/files/0x000700000002425e-10.dat	upx
behavioral2/memory/3704-12-0x00007FF60E620000-0x00007FF60E974000-memory.dmp	upx
behavioral2/files/0x0007000000024260-23.dat	upx
behavioral2/memory/4144-19-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp	upx
behavioral2/memory/4108-24-0x00007FF762CE0000-0x00007FF763034000-memory.dmp	upx
behavioral2/files/0x0007000000024262-35.dat	upx
behavioral2/memory/3840-42-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp	upx
behavioral2/files/0x0007000000024263-43.dat	upx
behavioral2/memory/100-36-0x00007FF677F30000-0x00007FF678284000-memory.dmp	upx
behavioral2/files/0x0007000000024261-29.dat	upx
behavioral2/memory/2120-28-0x00007FF641F30000-0x00007FF642284000-memory.dmp	upx
behavioral2/files/0x0007000000024264-47.dat	upx
behavioral2/memory/4676-48-0x00007FF695B10000-0x00007FF695E64000-memory.dmp	upx
behavioral2/files/0x000800000002425b-55.dat	upx
behavioral2/memory/1632-57-0x00007FF6EA8B0000-0x00007FF6EAC04000-memory.dmp	upx
behavioral2/memory/2612-54-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp	upx
behavioral2/files/0x0007000000024265-60.dat	upx
behavioral2/files/0x0007000000024267-65.dat	upx
behavioral2/memory/3704-66-0x00007FF60E620000-0x00007FF60E974000-memory.dmp	upx
behavioral2/memory/4340-67-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp	upx
behavioral2/memory/604-64-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	upx
behavioral2/memory/4560-63-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp	upx
behavioral2/files/0x0007000000024268-74.dat	upx
behavioral2/memory/3156-78-0x00007FF63ED60000-0x00007FF63F0B4000-memory.dmp	upx
behavioral2/memory/4108-81-0x00007FF762CE0000-0x00007FF763034000-memory.dmp	upx
behavioral2/memory/2000-86-0x00007FF7B6B90000-0x00007FF7B6EE4000-memory.dmp	upx
behavioral2/memory/2120-85-0x00007FF641F30000-0x00007FF642284000-memory.dmp	upx
behavioral2/files/0x0007000000024269-83.dat	upx
behavioral2/memory/4144-75-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp	upx
behavioral2/files/0x000700000002426a-89.dat	upx
behavioral2/memory/4032-91-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp	upx
behavioral2/memory/100-90-0x00007FF677F30000-0x00007FF678284000-memory.dmp	upx
behavioral2/files/0x000700000002426b-95.dat	upx
behavioral2/memory/2160-98-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp	upx
behavioral2/memory/3840-97-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp	upx
behavioral2/files/0x000700000002426c-103.dat	upx
behavioral2/memory/4828-104-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp	upx
behavioral2/memory/4676-109-0x00007FF695B10000-0x00007FF695E64000-memory.dmp	upx
behavioral2/memory/2368-115-0x00007FF71CE40000-0x00007FF71D194000-memory.dmp	upx
behavioral2/memory/604-116-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp	upx
behavioral2/memory/4340-119-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp	upx
behavioral2/memory/2256-118-0x00007FF71D300000-0x00007FF71D654000-memory.dmp	upx
behavioral2/files/0x000700000002426e-120.dat	upx
behavioral2/files/0x000700000002426d-113.dat	upx
behavioral2/files/0x000700000002426f-124.dat	upx
behavioral2/memory/4416-127-0x00007FF6E2F90000-0x00007FF6E32E4000-memory.dmp	upx
behavioral2/files/0x000d0000000227b6-130.dat	upx
behavioral2/memory/4512-135-0x00007FF6FFD10000-0x00007FF700064000-memory.dmp	upx
behavioral2/files/0x0007000000024270-147.dat	upx
behavioral2/memory/2160-148-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp	upx
behavioral2/memory/3344-149-0x00007FF68D2C0000-0x00007FF68D614000-memory.dmp	upx
behavioral2/memory/1476-144-0x00007FF702750000-0x00007FF702AA4000-memory.dmp	upx
behavioral2/files/0x0010000000024012-142.dat	upx
behavioral2/files/0x000e000000024011-140.dat	upx
behavioral2/memory/4032-139-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp	upx
behavioral2/memory/3968-131-0x00007FF6AA9C0000-0x00007FF6AAD14000-memory.dmp	upx
behavioral2/memory/4828-152-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp	upx
behavioral2/files/0x0007000000024271-155.dat	upx
behavioral2/files/0x000600000001e6b8-164.dat	upx
behavioral2/memory/3688-167-0x00007FF6232F0000-0x00007FF623644000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vVEdFvt.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\woZUcoX.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\MZYpSwn.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\sxttmYC.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\yZkauIT.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\SyXOYiT.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\AtDKFup.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\HvISzYR.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\FsBFalV.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\RkJDDMi.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\YoYMyGB.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\LQSHBhQ.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\vJPOkXb.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\MNbBata.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\DZqqGRy.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\GlSzuDu.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\gHAztZG.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\LbcDUuF.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\yQprxoc.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\vLtAoNU.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\OdYsowf.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\pyVenIv.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\NrtdZHi.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\nwMQDGC.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\swdCQQo.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\SMzoqad.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\nMeAQJt.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\XvqHVnC.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\cfcoJtX.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\imKfvRG.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\OmrDZnt.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\STijKQI.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\OTKsgEw.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\yGPFdOM.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\wkmFNyZ.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\TyWycuI.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\pmJwQFD.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\FMAuUCJ.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\dBabqTy.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\VzRlwQT.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\DJttmAa.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\JKpZwPm.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\XDbhVUk.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\EDARerI.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\EIQvMqA.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\IDDKcYU.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\IhUnXBx.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\RWpqbyj.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\SdQlgPJ.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\qRmTxHB.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\okiMsaK.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\okAevKP.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\PMddwAv.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\NBYGoUA.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\XvGqvvT.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\yRqXtYa.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\ChtOgEA.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\wROYFpI.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\LojWCww.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\wTcRSmH.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\tLmtGjP.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\laISlqn.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\VxMrjtC.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
File created	C:\Windows\System\fhiFiQI.exe	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 4560	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	87
PID 2612 wrote to memory of 4560	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	87
PID 2612 wrote to memory of 3704	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	88
PID 2612 wrote to memory of 3704	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	88
PID 2612 wrote to memory of 4144	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	89
PID 2612 wrote to memory of 4144	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	89
PID 2612 wrote to memory of 4108	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	90
PID 2612 wrote to memory of 4108	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	90
PID 2612 wrote to memory of 2120	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	91
PID 2612 wrote to memory of 2120	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	91
PID 2612 wrote to memory of 100	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	92
PID 2612 wrote to memory of 100	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	92
PID 2612 wrote to memory of 3840	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	93
PID 2612 wrote to memory of 3840	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	93
PID 2612 wrote to memory of 4676	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	94
PID 2612 wrote to memory of 4676	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	94
PID 2612 wrote to memory of 1632	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	95
PID 2612 wrote to memory of 1632	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	95
PID 2612 wrote to memory of 604	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	96
PID 2612 wrote to memory of 604	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	96
PID 2612 wrote to memory of 4340	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	97
PID 2612 wrote to memory of 4340	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	97
PID 2612 wrote to memory of 3156	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	98
PID 2612 wrote to memory of 3156	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	98
PID 2612 wrote to memory of 2000	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	99
PID 2612 wrote to memory of 2000	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	99
PID 2612 wrote to memory of 4032	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	100
PID 2612 wrote to memory of 4032	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	100
PID 2612 wrote to memory of 2160	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	104
PID 2612 wrote to memory of 2160	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	104
PID 2612 wrote to memory of 4828	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	105
PID 2612 wrote to memory of 4828	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	105
PID 2612 wrote to memory of 2368	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	106
PID 2612 wrote to memory of 2368	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	106
PID 2612 wrote to memory of 2256	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	107
PID 2612 wrote to memory of 2256	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	107
PID 2612 wrote to memory of 4416	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	108
PID 2612 wrote to memory of 4416	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	108
PID 2612 wrote to memory of 3968	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	111
PID 2612 wrote to memory of 3968	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	111
PID 2612 wrote to memory of 4512	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	112
PID 2612 wrote to memory of 4512	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	112
PID 2612 wrote to memory of 1476	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	113
PID 2612 wrote to memory of 1476	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	113
PID 2612 wrote to memory of 3344	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	115
PID 2612 wrote to memory of 3344	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	115
PID 2612 wrote to memory of 2332	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	116
PID 2612 wrote to memory of 2332	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	116
PID 2612 wrote to memory of 3688	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	117
PID 2612 wrote to memory of 3688	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	117
PID 2612 wrote to memory of 4024	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	118
PID 2612 wrote to memory of 4024	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	118
PID 2612 wrote to memory of 3140	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	119
PID 2612 wrote to memory of 3140	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	119
PID 2612 wrote to memory of 3168	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	120
PID 2612 wrote to memory of 3168	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	120
PID 2612 wrote to memory of 2140	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	121
PID 2612 wrote to memory of 2140	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	121
PID 2612 wrote to memory of 2116	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	123
PID 2612 wrote to memory of 2116	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	123
PID 2612 wrote to memory of 2340	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	124
PID 2612 wrote to memory of 2340	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	124
PID 2612 wrote to memory of 4876	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	125
PID 2612 wrote to memory of 4876	2612	396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe	125

C:\Users\Admin\AppData\Local\Temp\396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe
"C:\Users\Admin\AppData\Local\Temp\396effb0c0a686b8ebc2a8b86863041c253cb5170975e04ceccdc3d636acd783.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\System\kKMnpgv.exe
  C:\Windows\System\kKMnpgv.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\hjFoFmk.exe
  C:\Windows\System\hjFoFmk.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\pUMAOuZ.exe
  C:\Windows\System\pUMAOuZ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\nvxbfvO.exe
  C:\Windows\System\nvxbfvO.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\EhvNTxx.exe
  C:\Windows\System\EhvNTxx.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\Nmrkvrp.exe
  C:\Windows\System\Nmrkvrp.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\OmrDZnt.exe
  C:\Windows\System\OmrDZnt.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\ajHwqvj.exe
  C:\Windows\System\ajHwqvj.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\JQLOXNo.exe
  C:\Windows\System\JQLOXNo.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\jqVVSzi.exe
  C:\Windows\System\jqVVSzi.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\okAevKP.exe
  C:\Windows\System\okAevKP.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\STijKQI.exe
  C:\Windows\System\STijKQI.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\bqNOhAp.exe
  C:\Windows\System\bqNOhAp.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\CZDqmqd.exe
  C:\Windows\System\CZDqmqd.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\sHKnJxz.exe
  C:\Windows\System\sHKnJxz.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\WLKVpOZ.exe
  C:\Windows\System\WLKVpOZ.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\zDXVnCj.exe
  C:\Windows\System\zDXVnCj.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\bEjrPQb.exe
  C:\Windows\System\bEjrPQb.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\tPbemAY.exe
  C:\Windows\System\tPbemAY.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\MeAZCRf.exe
  C:\Windows\System\MeAZCRf.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\woZUcoX.exe
  C:\Windows\System\woZUcoX.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ZnFmdTM.exe
  C:\Windows\System\ZnFmdTM.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\AciXYsv.exe
  C:\Windows\System\AciXYsv.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\nGfgydv.exe
  C:\Windows\System\nGfgydv.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\OaTQDwL.exe
  C:\Windows\System\OaTQDwL.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\KtfOOwM.exe
  C:\Windows\System\KtfOOwM.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\LXMxoDI.exe
  C:\Windows\System\LXMxoDI.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\okiMsaK.exe
  C:\Windows\System\okiMsaK.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\qsJpAYu.exe
  C:\Windows\System\qsJpAYu.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\FouLnEr.exe
  C:\Windows\System\FouLnEr.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\loFLDtC.exe
  C:\Windows\System\loFLDtC.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\pmvOfTL.exe
  C:\Windows\System\pmvOfTL.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\MrGiBtC.exe
  C:\Windows\System\MrGiBtC.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\cjstPhm.exe
  C:\Windows\System\cjstPhm.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\PPcmvcx.exe
  C:\Windows\System\PPcmvcx.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CzfKoEC.exe
  C:\Windows\System\CzfKoEC.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\QglGsUP.exe
  C:\Windows\System\QglGsUP.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\xGUeVAt.exe
  C:\Windows\System\xGUeVAt.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\guDFnfJ.exe
  C:\Windows\System\guDFnfJ.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\UJvLPpn.exe
  C:\Windows\System\UJvLPpn.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\wuxeevz.exe
  C:\Windows\System\wuxeevz.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\RjEuVqe.exe
  C:\Windows\System\RjEuVqe.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\rGrbKLQ.exe
  C:\Windows\System\rGrbKLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\OZKAjAP.exe
  C:\Windows\System\OZKAjAP.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\xscfnJj.exe
  C:\Windows\System\xscfnJj.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\NTfsfxJ.exe
  C:\Windows\System\NTfsfxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\wBEEYUJ.exe
  C:\Windows\System\wBEEYUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VuRxVTo.exe
  C:\Windows\System\VuRxVTo.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\aofciZM.exe
  C:\Windows\System\aofciZM.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\ddsQwoE.exe
  C:\Windows\System\ddsQwoE.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\LojWCww.exe
  C:\Windows\System\LojWCww.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\QbRmMNb.exe
  C:\Windows\System\QbRmMNb.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\fThXPls.exe
  C:\Windows\System\fThXPls.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\lqzFqyj.exe
  C:\Windows\System\lqzFqyj.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\iOsoqQx.exe
  C:\Windows\System\iOsoqQx.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ciRQOHv.exe
  C:\Windows\System\ciRQOHv.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\MwwpwRL.exe
  C:\Windows\System\MwwpwRL.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\yfOPncS.exe
  C:\Windows\System\yfOPncS.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\fzgPMhv.exe
  C:\Windows\System\fzgPMhv.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\eFSNIfb.exe
  C:\Windows\System\eFSNIfb.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\AAymZWE.exe
  C:\Windows\System\AAymZWE.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\JfXcAgG.exe
  C:\Windows\System\JfXcAgG.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\VGFZNCn.exe
  C:\Windows\System\VGFZNCn.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\MXwUldV.exe
  C:\Windows\System\MXwUldV.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\ENgusfr.exe
  C:\Windows\System\ENgusfr.exe
  2⤵
  PID:4644
- C:\Windows\System\iaVYQCc.exe
  C:\Windows\System\iaVYQCc.exe
  2⤵
  PID:3148
- C:\Windows\System\xCXOmcZ.exe
  C:\Windows\System\xCXOmcZ.exe
  2⤵
  PID:836
- C:\Windows\System\iPNPVhM.exe
  C:\Windows\System\iPNPVhM.exe
  2⤵
  PID:1564
- C:\Windows\System\biXQnfx.exe
  C:\Windows\System\biXQnfx.exe
  2⤵
  PID:2492
- C:\Windows\System\mKIurBQ.exe
  C:\Windows\System\mKIurBQ.exe
  2⤵
  PID:4520
- C:\Windows\System\SZnTbnO.exe
  C:\Windows\System\SZnTbnO.exe
  2⤵
  PID:4352
- C:\Windows\System\kOfrRWu.exe
  C:\Windows\System\kOfrRWu.exe
  2⤵
  PID:2948
- C:\Windows\System\aUPFhbF.exe
  C:\Windows\System\aUPFhbF.exe
  2⤵
  PID:4504
- C:\Windows\System\gxKlYIw.exe
  C:\Windows\System\gxKlYIw.exe
  2⤵
  PID:3924
- C:\Windows\System\cLvlWAZ.exe
  C:\Windows\System\cLvlWAZ.exe
  2⤵
  PID:384
- C:\Windows\System\CSJBMPE.exe
  C:\Windows\System\CSJBMPE.exe
  2⤵
  PID:3576
- C:\Windows\System\YzhWoAq.exe
  C:\Windows\System\YzhWoAq.exe
  2⤵
  PID:1092
- C:\Windows\System\WhzctzA.exe
  C:\Windows\System\WhzctzA.exe
  2⤵
  PID:4156
- C:\Windows\System\LpYoNGn.exe
  C:\Windows\System\LpYoNGn.exe
  2⤵
  PID:5128
- C:\Windows\System\GFIocWc.exe
  C:\Windows\System\GFIocWc.exe
  2⤵
  PID:5156
- C:\Windows\System\BrPPGvZ.exe
  C:\Windows\System\BrPPGvZ.exe
  2⤵
  PID:5184
- C:\Windows\System\oxBmVSI.exe
  C:\Windows\System\oxBmVSI.exe
  2⤵
  PID:5212
- C:\Windows\System\kATdbvn.exe
  C:\Windows\System\kATdbvn.exe
  2⤵
  PID:5240
- C:\Windows\System\vJPOkXb.exe
  C:\Windows\System\vJPOkXb.exe
  2⤵
  PID:5268
- C:\Windows\System\DbXRabP.exe
  C:\Windows\System\DbXRabP.exe
  2⤵
  PID:5296
- C:\Windows\System\AsHTVjK.exe
  C:\Windows\System\AsHTVjK.exe
  2⤵
  PID:5324
- C:\Windows\System\Hxjuwqz.exe
  C:\Windows\System\Hxjuwqz.exe
  2⤵
  PID:5352
- C:\Windows\System\yWNewKY.exe
  C:\Windows\System\yWNewKY.exe
  2⤵
  PID:5380
- C:\Windows\System\KRYvTNg.exe
  C:\Windows\System\KRYvTNg.exe
  2⤵
  PID:5408
- C:\Windows\System\RKrKdxB.exe
  C:\Windows\System\RKrKdxB.exe
  2⤵
  PID:5436
- C:\Windows\System\QBcIjVN.exe
  C:\Windows\System\QBcIjVN.exe
  2⤵
  PID:5464
- C:\Windows\System\DkvFQHG.exe
  C:\Windows\System\DkvFQHG.exe
  2⤵
  PID:5488
- C:\Windows\System\kLszKPs.exe
  C:\Windows\System\kLszKPs.exe
  2⤵
  PID:5520
- C:\Windows\System\RKzoUTG.exe
  C:\Windows\System\RKzoUTG.exe
  2⤵
  PID:5548
- C:\Windows\System\SrArAYl.exe
  C:\Windows\System\SrArAYl.exe
  2⤵
  PID:5568
- C:\Windows\System\ZgfLAIj.exe
  C:\Windows\System\ZgfLAIj.exe
  2⤵
  PID:5600
- C:\Windows\System\aPRAvCx.exe
  C:\Windows\System\aPRAvCx.exe
  2⤵
  PID:5632
- C:\Windows\System\QDLpbXG.exe
  C:\Windows\System\QDLpbXG.exe
  2⤵
  PID:5664
- C:\Windows\System\fmrwINC.exe
  C:\Windows\System\fmrwINC.exe
  2⤵
  PID:5692
- C:\Windows\System\bvyBuzx.exe
  C:\Windows\System\bvyBuzx.exe
  2⤵
  PID:5736
- C:\Windows\System\tkzSPmW.exe
  C:\Windows\System\tkzSPmW.exe
  2⤵
  PID:5820
- C:\Windows\System\ceIgEgJ.exe
  C:\Windows\System\ceIgEgJ.exe
  2⤵
  PID:5896
- C:\Windows\System\wTcRSmH.exe
  C:\Windows\System\wTcRSmH.exe
  2⤵
  PID:5912
- C:\Windows\System\WRjmayA.exe
  C:\Windows\System\WRjmayA.exe
  2⤵
  PID:5956
- C:\Windows\System\JQViidB.exe
  C:\Windows\System\JQViidB.exe
  2⤵
  PID:5992
- C:\Windows\System\vonMiIo.exe
  C:\Windows\System\vonMiIo.exe
  2⤵
  PID:6020
- C:\Windows\System\cEpMElp.exe
  C:\Windows\System\cEpMElp.exe
  2⤵
  PID:6048
- C:\Windows\System\mybiXGR.exe
  C:\Windows\System\mybiXGR.exe
  2⤵
  PID:6076
- C:\Windows\System\LTAuivU.exe
  C:\Windows\System\LTAuivU.exe
  2⤵
  PID:6104
- C:\Windows\System\yZUeraj.exe
  C:\Windows\System\yZUeraj.exe
  2⤵
  PID:6132
- C:\Windows\System\dopokHE.exe
  C:\Windows\System\dopokHE.exe
  2⤵
  PID:5144
- C:\Windows\System\DPGhLnO.exe
  C:\Windows\System\DPGhLnO.exe
  2⤵
  PID:5220
- C:\Windows\System\LpeZJLT.exe
  C:\Windows\System\LpeZJLT.exe
  2⤵
  PID:5276
- C:\Windows\System\GzXfPkP.exe
  C:\Windows\System\GzXfPkP.exe
  2⤵
  PID:5340
- C:\Windows\System\yDnooBR.exe
  C:\Windows\System\yDnooBR.exe
  2⤵
  PID:5416
- C:\Windows\System\qCbutjb.exe
  C:\Windows\System\qCbutjb.exe
  2⤵
  PID:5480
- C:\Windows\System\PMddwAv.exe
  C:\Windows\System\PMddwAv.exe
  2⤵
  PID:5536
- C:\Windows\System\azkRmDu.exe
  C:\Windows\System\azkRmDu.exe
  2⤵
  PID:5560
- C:\Windows\System\WWPHXWY.exe
  C:\Windows\System\WWPHXWY.exe
  2⤵
  PID:5652
- C:\Windows\System\DXQugqd.exe
  C:\Windows\System\DXQugqd.exe
  2⤵
  PID:5732
- C:\Windows\System\MNbBata.exe
  C:\Windows\System\MNbBata.exe
  2⤵
  PID:5904
- C:\Windows\System\LYltsFC.exe
  C:\Windows\System\LYltsFC.exe
  2⤵
  PID:5988
- C:\Windows\System\qgmYiOD.exe
  C:\Windows\System\qgmYiOD.exe
  2⤵
  PID:6044
- C:\Windows\System\yQprxoc.exe
  C:\Windows\System\yQprxoc.exe
  2⤵
  PID:6112
- C:\Windows\System\OJpUrie.exe
  C:\Windows\System\OJpUrie.exe
  2⤵
  PID:5200
- C:\Windows\System\BfuFKXY.exe
  C:\Windows\System\BfuFKXY.exe
  2⤵
  PID:5348
- C:\Windows\System\dBabqTy.exe
  C:\Windows\System\dBabqTy.exe
  2⤵
  PID:5500
- C:\Windows\System\dxCXFPI.exe
  C:\Windows\System\dxCXFPI.exe
  2⤵
  PID:5640
- C:\Windows\System\FoOPtVe.exe
  C:\Windows\System\FoOPtVe.exe
  2⤵
  PID:5872
- C:\Windows\System\ugcfwum.exe
  C:\Windows\System\ugcfwum.exe
  2⤵
  PID:6064
- C:\Windows\System\gCWDbYI.exe
  C:\Windows\System\gCWDbYI.exe
  2⤵
  PID:5312
- C:\Windows\System\GnzdrJL.exe
  C:\Windows\System\GnzdrJL.exe
  2⤵
  PID:5556
- C:\Windows\System\ZmbucFu.exe
  C:\Windows\System\ZmbucFu.exe
  2⤵
  PID:6084
- C:\Windows\System\gObHhvn.exe
  C:\Windows\System\gObHhvn.exe
  2⤵
  PID:6036
- C:\Windows\System\fNEollS.exe
  C:\Windows\System\fNEollS.exe
  2⤵
  PID:5708
- C:\Windows\System\CveCQZg.exe
  C:\Windows\System\CveCQZg.exe
  2⤵
  PID:6176
- C:\Windows\System\QBJGXot.exe
  C:\Windows\System\QBJGXot.exe
  2⤵
  PID:6212
- C:\Windows\System\geKZoHZ.exe
  C:\Windows\System\geKZoHZ.exe
  2⤵
  PID:6244
- C:\Windows\System\zpDgiKR.exe
  C:\Windows\System\zpDgiKR.exe
  2⤵
  PID:6272
- C:\Windows\System\yNIgRAf.exe
  C:\Windows\System\yNIgRAf.exe
  2⤵
  PID:6300
- C:\Windows\System\FklxXIk.exe
  C:\Windows\System\FklxXIk.exe
  2⤵
  PID:6324
- C:\Windows\System\UChjXXk.exe
  C:\Windows\System\UChjXXk.exe
  2⤵
  PID:6356
- C:\Windows\System\voYTMmO.exe
  C:\Windows\System\voYTMmO.exe
  2⤵
  PID:6384
- C:\Windows\System\taymgaG.exe
  C:\Windows\System\taymgaG.exe
  2⤵
  PID:6412
- C:\Windows\System\ccWGpuQ.exe
  C:\Windows\System\ccWGpuQ.exe
  2⤵
  PID:6440
- C:\Windows\System\RMIABVQ.exe
  C:\Windows\System\RMIABVQ.exe
  2⤵
  PID:6460
- C:\Windows\System\Khjfhnp.exe
  C:\Windows\System\Khjfhnp.exe
  2⤵
  PID:6496
- C:\Windows\System\QtAQUWS.exe
  C:\Windows\System\QtAQUWS.exe
  2⤵
  PID:6524
- C:\Windows\System\ZPtVWfV.exe
  C:\Windows\System\ZPtVWfV.exe
  2⤵
  PID:6552
- C:\Windows\System\AtDKFup.exe
  C:\Windows\System\AtDKFup.exe
  2⤵
  PID:6580
- C:\Windows\System\znDrjgY.exe
  C:\Windows\System\znDrjgY.exe
  2⤵
  PID:6604
- C:\Windows\System\ABEgzPT.exe
  C:\Windows\System\ABEgzPT.exe
  2⤵
  PID:6632
- C:\Windows\System\jsYXbpl.exe
  C:\Windows\System\jsYXbpl.exe
  2⤵
  PID:6664
- C:\Windows\System\nBcSxKM.exe
  C:\Windows\System\nBcSxKM.exe
  2⤵
  PID:6696
- C:\Windows\System\Vtszcmv.exe
  C:\Windows\System\Vtszcmv.exe
  2⤵
  PID:6720
- C:\Windows\System\fSPQjXK.exe
  C:\Windows\System\fSPQjXK.exe
  2⤵
  PID:6744
- C:\Windows\System\upKxQJY.exe
  C:\Windows\System\upKxQJY.exe
  2⤵
  PID:6772
- C:\Windows\System\GUXfXCO.exe
  C:\Windows\System\GUXfXCO.exe
  2⤵
  PID:6808
- C:\Windows\System\wHAlEig.exe
  C:\Windows\System\wHAlEig.exe
  2⤵
  PID:6840
- C:\Windows\System\ERPTTix.exe
  C:\Windows\System\ERPTTix.exe
  2⤵
  PID:6900
- C:\Windows\System\ayOQkRV.exe
  C:\Windows\System\ayOQkRV.exe
  2⤵
  PID:6936
- C:\Windows\System\oxPMcua.exe
  C:\Windows\System\oxPMcua.exe
  2⤵
  PID:6964
- C:\Windows\System\uErRxzZ.exe
  C:\Windows\System\uErRxzZ.exe
  2⤵
  PID:6984
- C:\Windows\System\ycsKAQM.exe
  C:\Windows\System\ycsKAQM.exe
  2⤵
  PID:7012
- C:\Windows\System\YwhbPNa.exe
  C:\Windows\System\YwhbPNa.exe
  2⤵
  PID:7040
- C:\Windows\System\pCCreyw.exe
  C:\Windows\System\pCCreyw.exe
  2⤵
  PID:7080
- C:\Windows\System\qBrXNMi.exe
  C:\Windows\System\qBrXNMi.exe
  2⤵
  PID:7108
- C:\Windows\System\XIGBCoP.exe
  C:\Windows\System\XIGBCoP.exe
  2⤵
  PID:7144
- C:\Windows\System\YLkANVQ.exe
  C:\Windows\System\YLkANVQ.exe
  2⤵
  PID:6168
- C:\Windows\System\NJNJxbT.exe
  C:\Windows\System\NJNJxbT.exe
  2⤵
  PID:3144
- C:\Windows\System\FVrFGEh.exe
  C:\Windows\System\FVrFGEh.exe
  2⤵
  PID:6240
- C:\Windows\System\jraDOKL.exe
  C:\Windows\System\jraDOKL.exe
  2⤵
  PID:6336
- C:\Windows\System\HRkRGyQ.exe
  C:\Windows\System\HRkRGyQ.exe
  2⤵
  PID:6420
- C:\Windows\System\oULCjxI.exe
  C:\Windows\System\oULCjxI.exe
  2⤵
  PID:6504
- C:\Windows\System\HvISzYR.exe
  C:\Windows\System\HvISzYR.exe
  2⤵
  PID:6588
- C:\Windows\System\DCWWBor.exe
  C:\Windows\System\DCWWBor.exe
  2⤵
  PID:6652
- C:\Windows\System\FuPfrYN.exe
  C:\Windows\System\FuPfrYN.exe
  2⤵
  PID:6736
- C:\Windows\System\eXBlLlr.exe
  C:\Windows\System\eXBlLlr.exe
  2⤵
  PID:6732
- C:\Windows\System\gpLurfA.exe
  C:\Windows\System\gpLurfA.exe
  2⤵
  PID:212
- C:\Windows\System\FKfDVEq.exe
  C:\Windows\System\FKfDVEq.exe
  2⤵
  PID:6916
- C:\Windows\System\vYNsHso.exe
  C:\Windows\System\vYNsHso.exe
  2⤵
  PID:6976
- C:\Windows\System\dVDWZkM.exe
  C:\Windows\System\dVDWZkM.exe
  2⤵
  PID:3868
- C:\Windows\System\jezgorf.exe
  C:\Windows\System\jezgorf.exe
  2⤵
  PID:4472
- C:\Windows\System\lUyIHix.exe
  C:\Windows\System\lUyIHix.exe
  2⤵
  PID:3884
- C:\Windows\System\WWnizoh.exe
  C:\Windows\System\WWnizoh.exe
  2⤵
  PID:4128
- C:\Windows\System\qffbPPE.exe
  C:\Windows\System\qffbPPE.exe
  2⤵
  PID:6380
- C:\Windows\System\lbQAtlF.exe
  C:\Windows\System\lbQAtlF.exe
  2⤵
  PID:5856
- C:\Windows\System\KchXSfS.exe
  C:\Windows\System\KchXSfS.exe
  2⤵
  PID:6616
- C:\Windows\System\zcECSwv.exe
  C:\Windows\System\zcECSwv.exe
  2⤵
  PID:3128
- C:\Windows\System\LsTFnpZ.exe
  C:\Windows\System\LsTFnpZ.exe
  2⤵
  PID:6888
- C:\Windows\System\xuNjqiZ.exe
  C:\Windows\System\xuNjqiZ.exe
  2⤵
  PID:1820
- C:\Windows\System\xBJhWRZ.exe
  C:\Windows\System\xBJhWRZ.exe
  2⤵
  PID:6152
- C:\Windows\System\DZqqGRy.exe
  C:\Windows\System\DZqqGRy.exe
  2⤵
  PID:4988
- C:\Windows\System\ZcvfuDe.exe
  C:\Windows\System\ZcvfuDe.exe
  2⤵
  PID:860
- C:\Windows\System\jdBQVME.exe
  C:\Windows\System\jdBQVME.exe
  2⤵
  PID:6476
- C:\Windows\System\MsAoYIu.exe
  C:\Windows\System\MsAoYIu.exe
  2⤵
  PID:7172
- C:\Windows\System\idIkLYx.exe
  C:\Windows\System\idIkLYx.exe
  2⤵
  PID:7204
- C:\Windows\System\bWcNXzr.exe
  C:\Windows\System\bWcNXzr.exe
  2⤵
  PID:7232
- C:\Windows\System\hNwvBvz.exe
  C:\Windows\System\hNwvBvz.exe
  2⤵
  PID:7260
- C:\Windows\System\eficUFk.exe
  C:\Windows\System\eficUFk.exe
  2⤵
  PID:7304
- C:\Windows\System\DnxwEkG.exe
  C:\Windows\System\DnxwEkG.exe
  2⤵
  PID:7336
- C:\Windows\System\HNHtBeP.exe
  C:\Windows\System\HNHtBeP.exe
  2⤵
  PID:7368
- C:\Windows\System\tNDqjCs.exe
  C:\Windows\System\tNDqjCs.exe
  2⤵
  PID:7396
- C:\Windows\System\MZYpSwn.exe
  C:\Windows\System\MZYpSwn.exe
  2⤵
  PID:7424
- C:\Windows\System\dXVjbmQ.exe
  C:\Windows\System\dXVjbmQ.exe
  2⤵
  PID:7456
- C:\Windows\System\vLtAoNU.exe
  C:\Windows\System\vLtAoNU.exe
  2⤵
  PID:7484
- C:\Windows\System\MIeYTFf.exe
  C:\Windows\System\MIeYTFf.exe
  2⤵
  PID:7516
- C:\Windows\System\rBVoycS.exe
  C:\Windows\System\rBVoycS.exe
  2⤵
  PID:7540
- C:\Windows\System\RmaLCUz.exe
  C:\Windows\System\RmaLCUz.exe
  2⤵
  PID:7576
- C:\Windows\System\dpWnhoy.exe
  C:\Windows\System\dpWnhoy.exe
  2⤵
  PID:7596
- C:\Windows\System\jbMFBnx.exe
  C:\Windows\System\jbMFBnx.exe
  2⤵
  PID:7628
- C:\Windows\System\ipPYgNS.exe
  C:\Windows\System\ipPYgNS.exe
  2⤵
  PID:7656
- C:\Windows\System\WbvZvnh.exe
  C:\Windows\System\WbvZvnh.exe
  2⤵
  PID:7684
- C:\Windows\System\VnsuTUf.exe
  C:\Windows\System\VnsuTUf.exe
  2⤵
  PID:7724
- C:\Windows\System\lakRiHl.exe
  C:\Windows\System\lakRiHl.exe
  2⤵
  PID:7740
- C:\Windows\System\pzzNzBE.exe
  C:\Windows\System\pzzNzBE.exe
  2⤵
  PID:7780
- C:\Windows\System\NrtdZHi.exe
  C:\Windows\System\NrtdZHi.exe
  2⤵
  PID:7816
- C:\Windows\System\oUQReMR.exe
  C:\Windows\System\oUQReMR.exe
  2⤵
  PID:7844
- C:\Windows\System\FIcxFJJ.exe
  C:\Windows\System\FIcxFJJ.exe
  2⤵
  PID:7876
- C:\Windows\System\swxkNZV.exe
  C:\Windows\System\swxkNZV.exe
  2⤵
  PID:7904
- C:\Windows\System\KRlCoBa.exe
  C:\Windows\System\KRlCoBa.exe
  2⤵
  PID:7920
- C:\Windows\System\ccpfCHG.exe
  C:\Windows\System\ccpfCHG.exe
  2⤵
  PID:7936
- C:\Windows\System\MMaoHOb.exe
  C:\Windows\System\MMaoHOb.exe
  2⤵
  PID:7976
- C:\Windows\System\SdQTOYV.exe
  C:\Windows\System\SdQTOYV.exe
  2⤵
  PID:8004
- C:\Windows\System\yDFZUWx.exe
  C:\Windows\System\yDFZUWx.exe
  2⤵
  PID:8044
- C:\Windows\System\ujiTuGH.exe
  C:\Windows\System\ujiTuGH.exe
  2⤵
  PID:8084
- C:\Windows\System\sEeZspb.exe
  C:\Windows\System\sEeZspb.exe
  2⤵
  PID:8136
- C:\Windows\System\OdYsowf.exe
  C:\Windows\System\OdYsowf.exe
  2⤵
  PID:8176
- C:\Windows\System\vifioct.exe
  C:\Windows\System\vifioct.exe
  2⤵
  PID:6816
- C:\Windows\System\OTKsgEw.exe
  C:\Windows\System\OTKsgEw.exe
  2⤵
  PID:7244
- C:\Windows\System\kEgvbFN.exe
  C:\Windows\System\kEgvbFN.exe
  2⤵
  PID:7284
- C:\Windows\System\PtyDTmr.exe
  C:\Windows\System\PtyDTmr.exe
  2⤵
  PID:7332
- C:\Windows\System\jbJPEhL.exe
  C:\Windows\System\jbJPEhL.exe
  2⤵
  PID:7408
- C:\Windows\System\GMwfAux.exe
  C:\Windows\System\GMwfAux.exe
  2⤵
  PID:7480
- C:\Windows\System\sxttmYC.exe
  C:\Windows\System\sxttmYC.exe
  2⤵
  PID:7536
- C:\Windows\System\etIEkBI.exe
  C:\Windows\System\etIEkBI.exe
  2⤵
  PID:7624
- C:\Windows\System\KZMMzmd.exe
  C:\Windows\System\KZMMzmd.exe
  2⤵
  PID:7668
- C:\Windows\System\UvUsVnG.exe
  C:\Windows\System\UvUsVnG.exe
  2⤵
  PID:7764
- C:\Windows\System\zbNSFlR.exe
  C:\Windows\System\zbNSFlR.exe
  2⤵
  PID:7932
- C:\Windows\System\PZrqNSO.exe
  C:\Windows\System\PZrqNSO.exe
  2⤵
  PID:8080
- C:\Windows\System\ofPXszE.exe
  C:\Windows\System\ofPXszE.exe
  2⤵
  PID:6856
- C:\Windows\System\SWjbQzu.exe
  C:\Windows\System\SWjbQzu.exe
  2⤵
  PID:8164
- C:\Windows\System\IhUnXBx.exe
  C:\Windows\System\IhUnXBx.exe
  2⤵
  PID:7256
- C:\Windows\System\eOVFUoG.exe
  C:\Windows\System\eOVFUoG.exe
  2⤵
  PID:7448
- C:\Windows\System\ZHpRqgz.exe
  C:\Windows\System\ZHpRqgz.exe
  2⤵
  PID:7588
- C:\Windows\System\cvLJTLH.exe
  C:\Windows\System\cvLJTLH.exe
  2⤵
  PID:7984
- C:\Windows\System\puiHsyO.exe
  C:\Windows\System\puiHsyO.exe
  2⤵
  PID:4000
- C:\Windows\System\uPNpEiL.exe
  C:\Windows\System\uPNpEiL.exe
  2⤵
  PID:7160
- C:\Windows\System\hQqVvyY.exe
  C:\Windows\System\hQqVvyY.exe
  2⤵
  PID:7008
- C:\Windows\System\VMWUDWB.exe
  C:\Windows\System\VMWUDWB.exe
  2⤵
  PID:7128
- C:\Windows\System\aCSQZTx.exe
  C:\Windows\System\aCSQZTx.exe
  2⤵
  PID:6676
- C:\Windows\System\cgUsShY.exe
  C:\Windows\System\cgUsShY.exe
  2⤵
  PID:6944
- C:\Windows\System\nqHTGtO.exe
  C:\Windows\System\nqHTGtO.exe
  2⤵
  PID:3804
- C:\Windows\System\ByJOwVD.exe
  C:\Windows\System\ByJOwVD.exe
  2⤵
  PID:1172
- C:\Windows\System\bvHZdvA.exe
  C:\Windows\System\bvHZdvA.exe
  2⤵
  PID:7504
- C:\Windows\System\VUkjoUp.exe
  C:\Windows\System\VUkjoUp.exe
  2⤵
  PID:6408
- C:\Windows\System\vZEKiIq.exe
  C:\Windows\System\vZEKiIq.exe
  2⤵
  PID:2152
- C:\Windows\System\jyTSgtU.exe
  C:\Windows\System\jyTSgtU.exe
  2⤵
  PID:8160
- C:\Windows\System\YfFstwj.exe
  C:\Windows\System\YfFstwj.exe
  2⤵
  PID:1980
- C:\Windows\System\OyDxQid.exe
  C:\Windows\System\OyDxQid.exe
  2⤵
  PID:7324
- C:\Windows\System\vrYuXwH.exe
  C:\Windows\System\vrYuXwH.exe
  2⤵
  PID:8216
- C:\Windows\System\LobgIVv.exe
  C:\Windows\System\LobgIVv.exe
  2⤵
  PID:8244
- C:\Windows\System\IKmLdSE.exe
  C:\Windows\System\IKmLdSE.exe
  2⤵
  PID:8272
- C:\Windows\System\iCKaGaF.exe
  C:\Windows\System\iCKaGaF.exe
  2⤵
  PID:8300
- C:\Windows\System\XlXJwnv.exe
  C:\Windows\System\XlXJwnv.exe
  2⤵
  PID:8328
- C:\Windows\System\mEIMbNQ.exe
  C:\Windows\System\mEIMbNQ.exe
  2⤵
  PID:8356
- C:\Windows\System\CAHZtmJ.exe
  C:\Windows\System\CAHZtmJ.exe
  2⤵
  PID:8384
- C:\Windows\System\bJmwxHH.exe
  C:\Windows\System\bJmwxHH.exe
  2⤵
  PID:8412
- C:\Windows\System\ogJGVEn.exe
  C:\Windows\System\ogJGVEn.exe
  2⤵
  PID:8440
- C:\Windows\System\fJviYPw.exe
  C:\Windows\System\fJviYPw.exe
  2⤵
  PID:8476
- C:\Windows\System\ikSiZrL.exe
  C:\Windows\System\ikSiZrL.exe
  2⤵
  PID:8508
- C:\Windows\System\kSoqoun.exe
  C:\Windows\System\kSoqoun.exe
  2⤵
  PID:8536
- C:\Windows\System\CnhavVG.exe
  C:\Windows\System\CnhavVG.exe
  2⤵
  PID:8556
- C:\Windows\System\MetMHIN.exe
  C:\Windows\System\MetMHIN.exe
  2⤵
  PID:8584
- C:\Windows\System\zRMqxPL.exe
  C:\Windows\System\zRMqxPL.exe
  2⤵
  PID:8616
- C:\Windows\System\RWpqbyj.exe
  C:\Windows\System\RWpqbyj.exe
  2⤵
  PID:8640
- C:\Windows\System\apOkBAL.exe
  C:\Windows\System\apOkBAL.exe
  2⤵
  PID:8668
- C:\Windows\System\vCoQhsi.exe
  C:\Windows\System\vCoQhsi.exe
  2⤵
  PID:8700
- C:\Windows\System\nwMQDGC.exe
  C:\Windows\System\nwMQDGC.exe
  2⤵
  PID:8724
- C:\Windows\System\KnuKjUz.exe
  C:\Windows\System\KnuKjUz.exe
  2⤵
  PID:8752
- C:\Windows\System\VUZNjNb.exe
  C:\Windows\System\VUZNjNb.exe
  2⤵
  PID:8780
- C:\Windows\System\ooFcRrE.exe
  C:\Windows\System\ooFcRrE.exe
  2⤵
  PID:8812
- C:\Windows\System\UBgjbEY.exe
  C:\Windows\System\UBgjbEY.exe
  2⤵
  PID:8836
- C:\Windows\System\WagqLHl.exe
  C:\Windows\System\WagqLHl.exe
  2⤵
  PID:8864
- C:\Windows\System\OdUQtBy.exe
  C:\Windows\System\OdUQtBy.exe
  2⤵
  PID:8892
- C:\Windows\System\PjNtUzC.exe
  C:\Windows\System\PjNtUzC.exe
  2⤵
  PID:8920
- C:\Windows\System\Idbgmpv.exe
  C:\Windows\System\Idbgmpv.exe
  2⤵
  PID:8948
- C:\Windows\System\HjMrrDY.exe
  C:\Windows\System\HjMrrDY.exe
  2⤵
  PID:8976
- C:\Windows\System\ccCQHvk.exe
  C:\Windows\System\ccCQHvk.exe
  2⤵
  PID:9004
- C:\Windows\System\ojWGxCq.exe
  C:\Windows\System\ojWGxCq.exe
  2⤵
  PID:9032
- C:\Windows\System\VzRlwQT.exe
  C:\Windows\System\VzRlwQT.exe
  2⤵
  PID:9068
- C:\Windows\System\MrGkIHO.exe
  C:\Windows\System\MrGkIHO.exe
  2⤵
  PID:9088
- C:\Windows\System\lHqSCgJ.exe
  C:\Windows\System\lHqSCgJ.exe
  2⤵
  PID:9116
- C:\Windows\System\NBYGoUA.exe
  C:\Windows\System\NBYGoUA.exe
  2⤵
  PID:9144
- C:\Windows\System\wrHIoMs.exe
  C:\Windows\System\wrHIoMs.exe
  2⤵
  PID:9172
- C:\Windows\System\ehyRFxW.exe
  C:\Windows\System\ehyRFxW.exe
  2⤵
  PID:9200
- C:\Windows\System\wgRYtyC.exe
  C:\Windows\System\wgRYtyC.exe
  2⤵
  PID:8232
- C:\Windows\System\ytvUlWR.exe
  C:\Windows\System\ytvUlWR.exe
  2⤵
  PID:8324
- C:\Windows\System\nDPdiIO.exe
  C:\Windows\System\nDPdiIO.exe
  2⤵
  PID:8368
- C:\Windows\System\lAvoVrC.exe
  C:\Windows\System\lAvoVrC.exe
  2⤵
  PID:8432
- C:\Windows\System\pcECdip.exe
  C:\Windows\System\pcECdip.exe
  2⤵
  PID:8496
- C:\Windows\System\IrvPzgU.exe
  C:\Windows\System\IrvPzgU.exe
  2⤵
  PID:8624
- C:\Windows\System\APInqDd.exe
  C:\Windows\System\APInqDd.exe
  2⤵
  PID:8680
- C:\Windows\System\iGTpmQX.exe
  C:\Windows\System\iGTpmQX.exe
  2⤵
  PID:8772
- C:\Windows\System\oqtEIlD.exe
  C:\Windows\System\oqtEIlD.exe
  2⤵
  PID:2960
- C:\Windows\System\AUSZvRf.exe
  C:\Windows\System\AUSZvRf.exe
  2⤵
  PID:8944
- C:\Windows\System\IvUYkts.exe
  C:\Windows\System\IvUYkts.exe
  2⤵
  PID:9020
- C:\Windows\System\XvGqvvT.exe
  C:\Windows\System\XvGqvvT.exe
  2⤵
  PID:9080
- C:\Windows\System\DUxniFo.exe
  C:\Windows\System\DUxniFo.exe
  2⤵
  PID:9164
- C:\Windows\System\leGmtEi.exe
  C:\Windows\System\leGmtEi.exe
  2⤵
  PID:8212
- C:\Windows\System\IQKYbMh.exe
  C:\Windows\System\IQKYbMh.exe
  2⤵
  PID:8352
- C:\Windows\System\CEghdLM.exe
  C:\Windows\System\CEghdLM.exe
  2⤵
  PID:8040
- C:\Windows\System\tLmtGjP.exe
  C:\Windows\System\tLmtGjP.exe
  2⤵
  PID:8036
- C:\Windows\System\HcNNUZH.exe
  C:\Windows\System\HcNNUZH.exe
  2⤵
  PID:8604
- C:\Windows\System\zykEaHY.exe
  C:\Windows\System\zykEaHY.exe
  2⤵
  PID:8764
- C:\Windows\System\bddvNmK.exe
  C:\Windows\System\bddvNmK.exe
  2⤵
  PID:8940
- C:\Windows\System\TOaUkQM.exe
  C:\Windows\System\TOaUkQM.exe
  2⤵
  PID:8860
- C:\Windows\System\VYClDAN.exe
  C:\Windows\System\VYClDAN.exe
  2⤵
  PID:8916
- C:\Windows\System\iMHpPMn.exe
  C:\Windows\System\iMHpPMn.exe
  2⤵
  PID:8268
- C:\Windows\System\QGqsrLG.exe
  C:\Windows\System\QGqsrLG.exe
  2⤵
  PID:8000
- C:\Windows\System\DXcwVqB.exe
  C:\Windows\System\DXcwVqB.exe
  2⤵
  PID:8024
- C:\Windows\System\dsKoQEV.exe
  C:\Windows\System\dsKoQEV.exe
  2⤵
  PID:7812
- C:\Windows\System\hHEQdKf.exe
  C:\Windows\System\hHEQdKf.exe
  2⤵
  PID:9076
- C:\Windows\System\KckYjao.exe
  C:\Windows\System\KckYjao.exe
  2⤵
  PID:8424
- C:\Windows\System\ezIDjUX.exe
  C:\Windows\System\ezIDjUX.exe
  2⤵
  PID:8996
- C:\Windows\System\EetpoOe.exe
  C:\Windows\System\EetpoOe.exe
  2⤵
  PID:9212
- C:\Windows\System\krblTBd.exe
  C:\Windows\System\krblTBd.exe
  2⤵
  PID:8904
- C:\Windows\System\RPybFfl.exe
  C:\Windows\System\RPybFfl.exe
  2⤵
  PID:9236
- C:\Windows\System\YTnKvcp.exe
  C:\Windows\System\YTnKvcp.exe
  2⤵
  PID:9276
- C:\Windows\System\XNJnGNf.exe
  C:\Windows\System\XNJnGNf.exe
  2⤵
  PID:9292
- C:\Windows\System\TdAGFav.exe
  C:\Windows\System\TdAGFav.exe
  2⤵
  PID:9320
- C:\Windows\System\vimocQP.exe
  C:\Windows\System\vimocQP.exe
  2⤵
  PID:9348
- C:\Windows\System\mkRkvuc.exe
  C:\Windows\System\mkRkvuc.exe
  2⤵
  PID:9376
- C:\Windows\System\cHEGXes.exe
  C:\Windows\System\cHEGXes.exe
  2⤵
  PID:9404
- C:\Windows\System\FJouVfD.exe
  C:\Windows\System\FJouVfD.exe
  2⤵
  PID:9432
- C:\Windows\System\pCKnsIL.exe
  C:\Windows\System\pCKnsIL.exe
  2⤵
  PID:9460
- C:\Windows\System\lyimLwM.exe
  C:\Windows\System\lyimLwM.exe
  2⤵
  PID:9488
- C:\Windows\System\qNnmqdb.exe
  C:\Windows\System\qNnmqdb.exe
  2⤵
  PID:9516
- C:\Windows\System\vFEHrpw.exe
  C:\Windows\System\vFEHrpw.exe
  2⤵
  PID:9544
- C:\Windows\System\FTgNFeb.exe
  C:\Windows\System\FTgNFeb.exe
  2⤵
  PID:9572
- C:\Windows\System\xWEkwJr.exe
  C:\Windows\System\xWEkwJr.exe
  2⤵
  PID:9600
- C:\Windows\System\LtCcmLh.exe
  C:\Windows\System\LtCcmLh.exe
  2⤵
  PID:9628
- C:\Windows\System\vIJWDPf.exe
  C:\Windows\System\vIJWDPf.exe
  2⤵
  PID:9656
- C:\Windows\System\FuFXhQl.exe
  C:\Windows\System\FuFXhQl.exe
  2⤵
  PID:9688
- C:\Windows\System\RBjKwYQ.exe
  C:\Windows\System\RBjKwYQ.exe
  2⤵
  PID:9712
- C:\Windows\System\UwGPMCm.exe
  C:\Windows\System\UwGPMCm.exe
  2⤵
  PID:9740
- C:\Windows\System\qREdbUN.exe
  C:\Windows\System\qREdbUN.exe
  2⤵
  PID:9768
- C:\Windows\System\SpKyTbx.exe
  C:\Windows\System\SpKyTbx.exe
  2⤵
  PID:9796
- C:\Windows\System\hywtriQ.exe
  C:\Windows\System\hywtriQ.exe
  2⤵
  PID:9824
- C:\Windows\System\TkzIJii.exe
  C:\Windows\System\TkzIJii.exe
  2⤵
  PID:9852
- C:\Windows\System\ejKvzXO.exe
  C:\Windows\System\ejKvzXO.exe
  2⤵
  PID:9880
- C:\Windows\System\nINWJHI.exe
  C:\Windows\System\nINWJHI.exe
  2⤵
  PID:9908
- C:\Windows\System\jSOFqRE.exe
  C:\Windows\System\jSOFqRE.exe
  2⤵
  PID:9936
- C:\Windows\System\BFFQJig.exe
  C:\Windows\System\BFFQJig.exe
  2⤵
  PID:9964
- C:\Windows\System\BNZVpYR.exe
  C:\Windows\System\BNZVpYR.exe
  2⤵
  PID:9992
- C:\Windows\System\GZmiKtp.exe
  C:\Windows\System\GZmiKtp.exe
  2⤵
  PID:10020
- C:\Windows\System\SiAxuJY.exe
  C:\Windows\System\SiAxuJY.exe
  2⤵
  PID:10048
- C:\Windows\System\ErNOseT.exe
  C:\Windows\System\ErNOseT.exe
  2⤵
  PID:10076
- C:\Windows\System\laISlqn.exe
  C:\Windows\System\laISlqn.exe
  2⤵
  PID:10104
- C:\Windows\System\lIiWVAr.exe
  C:\Windows\System\lIiWVAr.exe
  2⤵
  PID:10132
- C:\Windows\System\GlSzuDu.exe
  C:\Windows\System\GlSzuDu.exe
  2⤵
  PID:10160
- C:\Windows\System\RZOgezz.exe
  C:\Windows\System\RZOgezz.exe
  2⤵
  PID:10188
- C:\Windows\System\xHxpgJI.exe
  C:\Windows\System\xHxpgJI.exe
  2⤵
  PID:10216
- C:\Windows\System\OEQhyQU.exe
  C:\Windows\System\OEQhyQU.exe
  2⤵
  PID:9228
- C:\Windows\System\TlckUnH.exe
  C:\Windows\System\TlckUnH.exe
  2⤵
  PID:8720
- C:\Windows\System\mkJkgbu.exe
  C:\Windows\System\mkJkgbu.exe
  2⤵
  PID:7912
- C:\Windows\System\FsBFalV.exe
  C:\Windows\System\FsBFalV.exe
  2⤵
  PID:8548
- C:\Windows\System\slgsVLu.exe
  C:\Windows\System\slgsVLu.exe
  2⤵
  PID:9340
- C:\Windows\System\VxMrjtC.exe
  C:\Windows\System\VxMrjtC.exe
  2⤵
  PID:9396
- C:\Windows\System\OIdHCYu.exe
  C:\Windows\System\OIdHCYu.exe
  2⤵
  PID:9456
- C:\Windows\System\DJttmAa.exe
  C:\Windows\System\DJttmAa.exe
  2⤵
  PID:9528
- C:\Windows\System\alwYAcv.exe
  C:\Windows\System\alwYAcv.exe
  2⤵
  PID:9592
- C:\Windows\System\MMaYInk.exe
  C:\Windows\System\MMaYInk.exe
  2⤵
  PID:9652
- C:\Windows\System\TOTtlkY.exe
  C:\Windows\System\TOTtlkY.exe
  2⤵
  PID:9724
- C:\Windows\System\MqFSZgU.exe
  C:\Windows\System\MqFSZgU.exe
  2⤵
  PID:9780
- C:\Windows\System\NMjKsNa.exe
  C:\Windows\System\NMjKsNa.exe
  2⤵
  PID:9848
- C:\Windows\System\ymNDtOa.exe
  C:\Windows\System\ymNDtOa.exe
  2⤵
  PID:2188
- C:\Windows\System\cfYyCQg.exe
  C:\Windows\System\cfYyCQg.exe
  2⤵
  PID:9948
- C:\Windows\System\HKjUIHI.exe
  C:\Windows\System\HKjUIHI.exe
  2⤵
  PID:10012
- C:\Windows\System\DPQzvBo.exe
  C:\Windows\System\DPQzvBo.exe
  2⤵
  PID:10072
- C:\Windows\System\xFRdiTr.exe
  C:\Windows\System\xFRdiTr.exe
  2⤵
  PID:10128
- C:\Windows\System\mbBtCCU.exe
  C:\Windows\System\mbBtCCU.exe
  2⤵
  PID:10200
- C:\Windows\System\CboyEPD.exe
  C:\Windows\System\CboyEPD.exe
  2⤵
  PID:8552
- C:\Windows\System\JKpZwPm.exe
  C:\Windows\System\JKpZwPm.exe
  2⤵
  PID:9260
- C:\Windows\System\AxnbHqS.exe
  C:\Windows\System\AxnbHqS.exe
  2⤵
  PID:9444
- C:\Windows\System\dcubBTj.exe
  C:\Windows\System\dcubBTj.exe
  2⤵
  PID:9620
- C:\Windows\System\ReoknvC.exe
  C:\Windows\System\ReoknvC.exe
  2⤵
  PID:9708
- C:\Windows\System\XDbhVUk.exe
  C:\Windows\System\XDbhVUk.exe
  2⤵
  PID:9876
- C:\Windows\System\VJpAJld.exe
  C:\Windows\System\VJpAJld.exe
  2⤵
  PID:9988
- C:\Windows\System\ipYAzmm.exe
  C:\Windows\System\ipYAzmm.exe
  2⤵
  PID:10124
- C:\Windows\System\elZstGG.exe
  C:\Windows\System\elZstGG.exe
  2⤵
  PID:9192
- C:\Windows\System\HbSNdNL.exe
  C:\Windows\System\HbSNdNL.exe
  2⤵
  PID:9388
- C:\Windows\System\yTFOxYa.exe
  C:\Windows\System\yTFOxYa.exe
  2⤵
  PID:9704
- C:\Windows\System\YkyRmac.exe
  C:\Windows\System\YkyRmac.exe
  2⤵
  PID:9932
- C:\Windows\System\eRggRXQ.exe
  C:\Windows\System\eRggRXQ.exe
  2⤵
  PID:8656
- C:\Windows\System\ZURiazr.exe
  C:\Windows\System\ZURiazr.exe
  2⤵
  PID:9920
- C:\Windows\System\vTZpjJf.exe
  C:\Windows\System\vTZpjJf.exe
  2⤵
  PID:1216
- C:\Windows\System\qObkVlw.exe
  C:\Windows\System\qObkVlw.exe
  2⤵
  PID:10248
- C:\Windows\System\xuAYxJQ.exe
  C:\Windows\System\xuAYxJQ.exe
  2⤵
  PID:10276
- C:\Windows\System\sdBQNjV.exe
  C:\Windows\System\sdBQNjV.exe
  2⤵
  PID:10304
- C:\Windows\System\ZpJMyVc.exe
  C:\Windows\System\ZpJMyVc.exe
  2⤵
  PID:10332
- C:\Windows\System\smuDGaj.exe
  C:\Windows\System\smuDGaj.exe
  2⤵
  PID:10360
- C:\Windows\System\CXpbmHa.exe
  C:\Windows\System\CXpbmHa.exe
  2⤵
  PID:10388
- C:\Windows\System\SlOaiof.exe
  C:\Windows\System\SlOaiof.exe
  2⤵
  PID:10416
- C:\Windows\System\vZnakve.exe
  C:\Windows\System\vZnakve.exe
  2⤵
  PID:10444
- C:\Windows\System\fhiFiQI.exe
  C:\Windows\System\fhiFiQI.exe
  2⤵
  PID:10472
- C:\Windows\System\copNbLg.exe
  C:\Windows\System\copNbLg.exe
  2⤵
  PID:10500
- C:\Windows\System\wnUfZEs.exe
  C:\Windows\System\wnUfZEs.exe
  2⤵
  PID:10528
- C:\Windows\System\jeCBYjx.exe
  C:\Windows\System\jeCBYjx.exe
  2⤵
  PID:10556
- C:\Windows\System\CKvpYip.exe
  C:\Windows\System\CKvpYip.exe
  2⤵
  PID:10584
- C:\Windows\System\swdCQQo.exe
  C:\Windows\System\swdCQQo.exe
  2⤵
  PID:10612
- C:\Windows\System\eRGXfpl.exe
  C:\Windows\System\eRGXfpl.exe
  2⤵
  PID:10640
- C:\Windows\System\nTHhavl.exe
  C:\Windows\System\nTHhavl.exe
  2⤵
  PID:10668
- C:\Windows\System\VRzOFHW.exe
  C:\Windows\System\VRzOFHW.exe
  2⤵
  PID:10696
- C:\Windows\System\QmXDkrB.exe
  C:\Windows\System\QmXDkrB.exe
  2⤵
  PID:10724
- C:\Windows\System\WzSlMXf.exe
  C:\Windows\System\WzSlMXf.exe
  2⤵
  PID:10752
- C:\Windows\System\jMLnMLF.exe
  C:\Windows\System\jMLnMLF.exe
  2⤵
  PID:10780
- C:\Windows\System\pyVenIv.exe
  C:\Windows\System\pyVenIv.exe
  2⤵
  PID:10808
- C:\Windows\System\VhJNHkM.exe
  C:\Windows\System\VhJNHkM.exe
  2⤵
  PID:10836
- C:\Windows\System\dgIBAtx.exe
  C:\Windows\System\dgIBAtx.exe
  2⤵
  PID:10864
- C:\Windows\System\SMzoqad.exe
  C:\Windows\System\SMzoqad.exe
  2⤵
  PID:10892
- C:\Windows\System\hOzQDHz.exe
  C:\Windows\System\hOzQDHz.exe
  2⤵
  PID:10920
- C:\Windows\System\Hrkjsei.exe
  C:\Windows\System\Hrkjsei.exe
  2⤵
  PID:10948
- C:\Windows\System\yRqXtYa.exe
  C:\Windows\System\yRqXtYa.exe
  2⤵
  PID:10976
- C:\Windows\System\dGFTCWB.exe
  C:\Windows\System\dGFTCWB.exe
  2⤵
  PID:11004
- C:\Windows\System\HsFNNMb.exe
  C:\Windows\System\HsFNNMb.exe
  2⤵
  PID:11032
- C:\Windows\System\ynsMHSA.exe
  C:\Windows\System\ynsMHSA.exe
  2⤵
  PID:11060
- C:\Windows\System\Mgkodfe.exe
  C:\Windows\System\Mgkodfe.exe
  2⤵
  PID:11088
- C:\Windows\System\shxNYNf.exe
  C:\Windows\System\shxNYNf.exe
  2⤵
  PID:11120
- C:\Windows\System\ExZKskN.exe
  C:\Windows\System\ExZKskN.exe
  2⤵
  PID:11152
- C:\Windows\System\smFiuti.exe
  C:\Windows\System\smFiuti.exe
  2⤵
  PID:11184
- C:\Windows\System\JnRnoyH.exe
  C:\Windows\System\JnRnoyH.exe
  2⤵
  PID:11228
- C:\Windows\System\UYWcKQp.exe
  C:\Windows\System\UYWcKQp.exe
  2⤵
  PID:11260
- C:\Windows\System\bLIDrDj.exe
  C:\Windows\System\bLIDrDj.exe
  2⤵
  PID:10296
- C:\Windows\System\KxBlWlp.exe
  C:\Windows\System\KxBlWlp.exe
  2⤵
  PID:10356
- C:\Windows\System\hLBvhvD.exe
  C:\Windows\System\hLBvhvD.exe
  2⤵
  PID:10432
- C:\Windows\System\knvwzyp.exe
  C:\Windows\System\knvwzyp.exe
  2⤵
  PID:10492
- C:\Windows\System\zWzVZDX.exe
  C:\Windows\System\zWzVZDX.exe
  2⤵
  PID:10568
- C:\Windows\System\JASGSDX.exe
  C:\Windows\System\JASGSDX.exe
  2⤵
  PID:10628
- C:\Windows\System\bnCCofn.exe
  C:\Windows\System\bnCCofn.exe
  2⤵
  PID:10688
- C:\Windows\System\QGWrqfe.exe
  C:\Windows\System\QGWrqfe.exe
  2⤵
  PID:10748
- C:\Windows\System\UNvGBhC.exe
  C:\Windows\System\UNvGBhC.exe
  2⤵
  PID:10848
- C:\Windows\System\RkJDDMi.exe
  C:\Windows\System\RkJDDMi.exe
  2⤵
  PID:10880
- C:\Windows\System\MdltsXa.exe
  C:\Windows\System\MdltsXa.exe
  2⤵
  PID:10916
- C:\Windows\System\PrRpevJ.exe
  C:\Windows\System\PrRpevJ.exe
  2⤵
  PID:10988
- C:\Windows\System\UKXbzvO.exe
  C:\Windows\System\UKXbzvO.exe
  2⤵
  PID:11052
- C:\Windows\System\jdAdEBW.exe
  C:\Windows\System\jdAdEBW.exe
  2⤵
  PID:4896
- C:\Windows\System\yZkauIT.exe
  C:\Windows\System\yZkauIT.exe
  2⤵
  PID:11140
- C:\Windows\System\vcrVwBC.exe
  C:\Windows\System\vcrVwBC.exe
  2⤵
  PID:11144
- C:\Windows\System\FqSYbSw.exe
  C:\Windows\System\FqSYbSw.exe
  2⤵
  PID:11236
- C:\Windows\System\wwLHlWX.exe
  C:\Windows\System\wwLHlWX.exe
  2⤵
  PID:10324
- C:\Windows\System\ROYvjqT.exe
  C:\Windows\System\ROYvjqT.exe
  2⤵
  PID:10468
- C:\Windows\System\XqJEEXJ.exe
  C:\Windows\System\XqJEEXJ.exe
  2⤵
  PID:10608
- C:\Windows\System\yUigOdm.exe
  C:\Windows\System\yUigOdm.exe
  2⤵
  PID:10776
- C:\Windows\System\MIVaSiI.exe
  C:\Windows\System\MIVaSiI.exe
  2⤵
  PID:10908
- C:\Windows\System\QVGJiHH.exe
  C:\Windows\System\QVGJiHH.exe
  2⤵
  PID:11048
- C:\Windows\System\anWbzuf.exe
  C:\Windows\System\anWbzuf.exe
  2⤵
  PID:11176
- C:\Windows\System\YSvrrYH.exe
  C:\Windows\System\YSvrrYH.exe
  2⤵
  PID:11256
- C:\Windows\System\BcRJbRX.exe
  C:\Windows\System\BcRJbRX.exe
  2⤵
  PID:10596
- C:\Windows\System\HmmGLir.exe
  C:\Windows\System\HmmGLir.exe
  2⤵
  PID:2060
- C:\Windows\System\sIaiktI.exe
  C:\Windows\System\sIaiktI.exe
  2⤵
  PID:11216
- C:\Windows\System\VJfTvOI.exe
  C:\Windows\System\VJfTvOI.exe
  2⤵
  PID:10456
- C:\Windows\System\ngzjsrg.exe
  C:\Windows\System\ngzjsrg.exe
  2⤵
  PID:11028
- C:\Windows\System\LvMZHzW.exe
  C:\Windows\System\LvMZHzW.exe
  2⤵
  PID:1552
- C:\Windows\System\mBeDkyT.exe
  C:\Windows\System\mBeDkyT.exe
  2⤵
  PID:3640
- C:\Windows\System\UqRAIsF.exe
  C:\Windows\System\UqRAIsF.exe
  2⤵
  PID:11284
- C:\Windows\System\LtaDGeT.exe
  C:\Windows\System\LtaDGeT.exe
  2⤵
  PID:11312
- C:\Windows\System\kHNEmJs.exe
  C:\Windows\System\kHNEmJs.exe
  2⤵
  PID:11340
- C:\Windows\System\hDydJii.exe
  C:\Windows\System\hDydJii.exe
  2⤵
  PID:11368
- C:\Windows\System\tZIMlZb.exe
  C:\Windows\System\tZIMlZb.exe
  2⤵
  PID:11396
- C:\Windows\System\JljVCZd.exe
  C:\Windows\System\JljVCZd.exe
  2⤵
  PID:11436
- C:\Windows\System\OzDedku.exe
  C:\Windows\System\OzDedku.exe
  2⤵
  PID:11452
- C:\Windows\System\uUsJjkz.exe
  C:\Windows\System\uUsJjkz.exe
  2⤵
  PID:11480
- C:\Windows\System\AzQDCPX.exe
  C:\Windows\System\AzQDCPX.exe
  2⤵
  PID:11508
- C:\Windows\System\gRFLuZe.exe
  C:\Windows\System\gRFLuZe.exe
  2⤵
  PID:11536
- C:\Windows\System\IWFaeCm.exe
  C:\Windows\System\IWFaeCm.exe
  2⤵
  PID:11564
- C:\Windows\System\AuuVyJz.exe
  C:\Windows\System\AuuVyJz.exe
  2⤵
  PID:11592
- C:\Windows\System\zHRQwKX.exe
  C:\Windows\System\zHRQwKX.exe
  2⤵
  PID:11620
- C:\Windows\System\UFucoCR.exe
  C:\Windows\System\UFucoCR.exe
  2⤵
  PID:11648
- C:\Windows\System\ZmbbIQb.exe
  C:\Windows\System\ZmbbIQb.exe
  2⤵
  PID:11676
- C:\Windows\System\cvvbxfp.exe
  C:\Windows\System\cvvbxfp.exe
  2⤵
  PID:11704
- C:\Windows\System\IORYlit.exe
  C:\Windows\System\IORYlit.exe
  2⤵
  PID:11732
- C:\Windows\System\nwkYCRv.exe
  C:\Windows\System\nwkYCRv.exe
  2⤵
  PID:11760
- C:\Windows\System\mAAiRzM.exe
  C:\Windows\System\mAAiRzM.exe
  2⤵
  PID:11788
- C:\Windows\System\ChtOgEA.exe
  C:\Windows\System\ChtOgEA.exe
  2⤵
  PID:11816
- C:\Windows\System\LekbxXc.exe
  C:\Windows\System\LekbxXc.exe
  2⤵
  PID:11856
- C:\Windows\System\uAppTFS.exe
  C:\Windows\System\uAppTFS.exe
  2⤵
  PID:11872
- C:\Windows\System\XZKoDlL.exe
  C:\Windows\System\XZKoDlL.exe
  2⤵
  PID:11900
- C:\Windows\System\BtzlxgN.exe
  C:\Windows\System\BtzlxgN.exe
  2⤵
  PID:11928
- C:\Windows\System\BuwItuB.exe
  C:\Windows\System\BuwItuB.exe
  2⤵
  PID:11956
- C:\Windows\System\mhmCrkO.exe
  C:\Windows\System\mhmCrkO.exe
  2⤵
  PID:11984
- C:\Windows\System\nMeAQJt.exe
  C:\Windows\System\nMeAQJt.exe
  2⤵
  PID:12012
- C:\Windows\System\LIVeCvJ.exe
  C:\Windows\System\LIVeCvJ.exe
  2⤵
  PID:12040
- C:\Windows\System\gzGjrRH.exe
  C:\Windows\System\gzGjrRH.exe
  2⤵
  PID:12068
- C:\Windows\System\EEeEpDu.exe
  C:\Windows\System\EEeEpDu.exe
  2⤵
  PID:12096
- C:\Windows\System\Zwedgme.exe
  C:\Windows\System\Zwedgme.exe
  2⤵
  PID:12124
- C:\Windows\System\LYSOPKA.exe
  C:\Windows\System\LYSOPKA.exe
  2⤵
  PID:12152
- C:\Windows\System\bEPMVbS.exe
  C:\Windows\System\bEPMVbS.exe
  2⤵
  PID:12180
- C:\Windows\System\vvOlamj.exe
  C:\Windows\System\vvOlamj.exe
  2⤵
  PID:12208
- C:\Windows\System\yGPFdOM.exe
  C:\Windows\System\yGPFdOM.exe
  2⤵
  PID:12236
- C:\Windows\System\vMvgPxJ.exe
  C:\Windows\System\vMvgPxJ.exe
  2⤵
  PID:12264
- C:\Windows\System\PuAqbNT.exe
  C:\Windows\System\PuAqbNT.exe
  2⤵
  PID:11276
- C:\Windows\System\oXtTelH.exe
  C:\Windows\System\oXtTelH.exe
  2⤵
  PID:11324
- C:\Windows\System\wkmFNyZ.exe
  C:\Windows\System\wkmFNyZ.exe
  2⤵
  PID:11388
- C:\Windows\System\omxEvId.exe
  C:\Windows\System\omxEvId.exe
  2⤵
  PID:11448
- C:\Windows\System\HVmFBGz.exe
  C:\Windows\System\HVmFBGz.exe
  2⤵
  PID:11520
- C:\Windows\System\bsImbVX.exe
  C:\Windows\System\bsImbVX.exe
  2⤵
  PID:11588
- C:\Windows\System\qnpdFfI.exe
  C:\Windows\System\qnpdFfI.exe
  2⤵
  PID:11640
- C:\Windows\System\EDARerI.exe
  C:\Windows\System\EDARerI.exe
  2⤵
  PID:11716
- C:\Windows\System\TyWycuI.exe
  C:\Windows\System\TyWycuI.exe
  2⤵
  PID:11780
- C:\Windows\System\SlGpIxO.exe
  C:\Windows\System\SlGpIxO.exe
  2⤵
  PID:11840
- C:\Windows\System\SuXGctH.exe
  C:\Windows\System\SuXGctH.exe
  2⤵
  PID:11892
- C:\Windows\System\nXCjxmq.exe
  C:\Windows\System\nXCjxmq.exe
  2⤵
  PID:11952
- C:\Windows\System\MvGiamO.exe
  C:\Windows\System\MvGiamO.exe
  2⤵
  PID:12024
- C:\Windows\System\aUPKZJe.exe
  C:\Windows\System\aUPKZJe.exe
  2⤵
  PID:12108
- C:\Windows\System\IWHSHKj.exe
  C:\Windows\System\IWHSHKj.exe
  2⤵
  PID:12164
- C:\Windows\System\TymsYZr.exe
  C:\Windows\System\TymsYZr.exe
  2⤵
  PID:12232
- C:\Windows\System\eIymTeT.exe
  C:\Windows\System\eIymTeT.exe
  2⤵
  PID:2556
- C:\Windows\System\YjQYqAN.exe
  C:\Windows\System\YjQYqAN.exe
  2⤵
  PID:11496
- C:\Windows\System\EKDmQCu.exe
  C:\Windows\System\EKDmQCu.exe
  2⤵
  PID:11636
- C:\Windows\System\WUwxnjN.exe
  C:\Windows\System\WUwxnjN.exe
  2⤵
  PID:11772
- C:\Windows\System\qzsBGuV.exe
  C:\Windows\System\qzsBGuV.exe
  2⤵
  PID:11920
- C:\Windows\System\LNlRFoI.exe
  C:\Windows\System\LNlRFoI.exe
  2⤵
  PID:232
- C:\Windows\System\zxIDfvn.exe
  C:\Windows\System\zxIDfvn.exe
  2⤵
  PID:12204
- C:\Windows\System\PciHGGH.exe
  C:\Windows\System\PciHGGH.exe
  2⤵
  PID:11272
- C:\Windows\System\KCqALxN.exe
  C:\Windows\System\KCqALxN.exe
  2⤵
  PID:11352
- C:\Windows\System\pTfALHp.exe
  C:\Windows\System\pTfALHp.exe
  2⤵
  PID:11888
- C:\Windows\System\hXbdero.exe
  C:\Windows\System\hXbdero.exe
  2⤵
  PID:12144
- C:\Windows\System\QuRRxxu.exe
  C:\Windows\System\QuRRxxu.exe
  2⤵
  PID:4164
- C:\Windows\System\glQUGqa.exe
  C:\Windows\System\glQUGqa.exe
  2⤵
  PID:3152
- C:\Windows\System\cErvTtd.exe
  C:\Windows\System\cErvTtd.exe
  2⤵
  PID:1412
- C:\Windows\System\oLDoRdE.exe
  C:\Windows\System\oLDoRdE.exe
  2⤵
  PID:12304
- C:\Windows\System\yPwTPFt.exe
  C:\Windows\System\yPwTPFt.exe
  2⤵
  PID:12332
- C:\Windows\System\oSpkHbW.exe
  C:\Windows\System\oSpkHbW.exe
  2⤵
  PID:12360
- C:\Windows\System\sPbMbSn.exe
  C:\Windows\System\sPbMbSn.exe
  2⤵
  PID:12388
- C:\Windows\System\TOOSCVW.exe
  C:\Windows\System\TOOSCVW.exe
  2⤵
  PID:12416
- C:\Windows\System\WDxLizQ.exe
  C:\Windows\System\WDxLizQ.exe
  2⤵
  PID:12444
- C:\Windows\System\YayRtkj.exe
  C:\Windows\System\YayRtkj.exe
  2⤵
  PID:12472
- C:\Windows\System\rViTNrS.exe
  C:\Windows\System\rViTNrS.exe
  2⤵
  PID:12500
- C:\Windows\System\vTdCISW.exe
  C:\Windows\System\vTdCISW.exe
  2⤵
  PID:12528
- C:\Windows\System\VnelnMQ.exe
  C:\Windows\System\VnelnMQ.exe
  2⤵
  PID:12556
- C:\Windows\System\TlZFPdv.exe
  C:\Windows\System\TlZFPdv.exe
  2⤵
  PID:12584
- C:\Windows\System\tZbjPEB.exe
  C:\Windows\System\tZbjPEB.exe
  2⤵
  PID:12612
- C:\Windows\System\GqohWuu.exe
  C:\Windows\System\GqohWuu.exe
  2⤵
  PID:12640
- C:\Windows\System\mvwNoul.exe
  C:\Windows\System\mvwNoul.exe
  2⤵
  PID:12668
- C:\Windows\System\DBZVBIZ.exe
  C:\Windows\System\DBZVBIZ.exe
  2⤵
  PID:12696
- C:\Windows\System\dNsmGyT.exe
  C:\Windows\System\dNsmGyT.exe
  2⤵
  PID:12724
- C:\Windows\System\wROYFpI.exe
  C:\Windows\System\wROYFpI.exe
  2⤵
  PID:12752
- C:\Windows\System\YoYMyGB.exe
  C:\Windows\System\YoYMyGB.exe
  2⤵
  PID:12780
- C:\Windows\System\OCnwSZc.exe
  C:\Windows\System\OCnwSZc.exe
  2⤵
  PID:12808
- C:\Windows\System\OlVAczN.exe
  C:\Windows\System\OlVAczN.exe
  2⤵
  PID:12836
- C:\Windows\System\XffcVDH.exe
  C:\Windows\System\XffcVDH.exe
  2⤵
  PID:12864
- C:\Windows\System\yAagToc.exe
  C:\Windows\System\yAagToc.exe
  2⤵
  PID:12892
- C:\Windows\System\ZCnkygl.exe
  C:\Windows\System\ZCnkygl.exe
  2⤵
  PID:12920
- C:\Windows\System\mJNhtvm.exe
  C:\Windows\System\mJNhtvm.exe
  2⤵
  PID:12948
- C:\Windows\System\TNiaWZX.exe
  C:\Windows\System\TNiaWZX.exe
  2⤵
  PID:12976
- C:\Windows\System\fhybMet.exe
  C:\Windows\System\fhybMet.exe
  2⤵
  PID:13004
- C:\Windows\System\FxKMtQq.exe
  C:\Windows\System\FxKMtQq.exe
  2⤵
  PID:13032
- C:\Windows\System\GXaHqMj.exe
  C:\Windows\System\GXaHqMj.exe
  2⤵
  PID:13060
- C:\Windows\System\pQPrSDP.exe
  C:\Windows\System\pQPrSDP.exe
  2⤵
  PID:13088
- C:\Windows\System\YRJSgrQ.exe
  C:\Windows\System\YRJSgrQ.exe
  2⤵
  PID:13116
- C:\Windows\System\OpmMAcE.exe
  C:\Windows\System\OpmMAcE.exe
  2⤵
  PID:13144
- C:\Windows\System\HgPRgzq.exe
  C:\Windows\System\HgPRgzq.exe
  2⤵
  PID:13172
- C:\Windows\System\wOggTvV.exe
  C:\Windows\System\wOggTvV.exe
  2⤵
  PID:13200
- C:\Windows\System\NkcYQku.exe
  C:\Windows\System\NkcYQku.exe
  2⤵
  PID:13228
- C:\Windows\System\UATxJVa.exe
  C:\Windows\System\UATxJVa.exe
  2⤵
  PID:13256
- C:\Windows\System\TvWWOBO.exe
  C:\Windows\System\TvWWOBO.exe
  2⤵
  PID:13284
- C:\Windows\System\JsRwzOy.exe
  C:\Windows\System\JsRwzOy.exe
  2⤵
  PID:4436
- C:\Windows\System\UXOrTTh.exe
  C:\Windows\System\UXOrTTh.exe
  2⤵
  PID:12320
- C:\Windows\System\BQediPa.exe
  C:\Windows\System\BQediPa.exe
  2⤵
  PID:12380
- C:\Windows\System\kUPopLe.exe
  C:\Windows\System\kUPopLe.exe
  2⤵
  PID:12440
- C:\Windows\System\ufGmAKn.exe
  C:\Windows\System\ufGmAKn.exe
  2⤵
  PID:12516
- C:\Windows\System\DOolEgm.exe
  C:\Windows\System\DOolEgm.exe
  2⤵
  PID:12576
- C:\Windows\System\HPDsoDb.exe
  C:\Windows\System\HPDsoDb.exe
  2⤵
  PID:12636
- C:\Windows\System\ZpbvucK.exe
  C:\Windows\System\ZpbvucK.exe
  2⤵
  PID:12708
- C:\Windows\System\xuqCgDZ.exe
  C:\Windows\System\xuqCgDZ.exe
  2⤵
  PID:12772
- C:\Windows\System\szScwOa.exe
  C:\Windows\System\szScwOa.exe
  2⤵
  PID:12832
- C:\Windows\System\ePmHiTD.exe
  C:\Windows\System\ePmHiTD.exe
  2⤵
  PID:12904
- C:\Windows\System\vbbJOZc.exe
  C:\Windows\System\vbbJOZc.exe
  2⤵
  PID:12968
- C:\Windows\System\ETREToj.exe
  C:\Windows\System\ETREToj.exe
  2⤵
  PID:13052
- C:\Windows\System\bpjQakD.exe
  C:\Windows\System\bpjQakD.exe
  2⤵
  PID:13112
- C:\Windows\System\IoYGcOn.exe
  C:\Windows\System\IoYGcOn.exe
  2⤵
  PID:13184
- C:\Windows\System\pXdptBn.exe
  C:\Windows\System\pXdptBn.exe
  2⤵
  PID:13248
- C:\Windows\System\LKvKjGq.exe
  C:\Windows\System\LKvKjGq.exe
  2⤵
  PID:13308
- C:\Windows\System\IxxanGz.exe
  C:\Windows\System\IxxanGz.exe
  2⤵
  PID:12408
- C:\Windows\System\cKyWxUM.exe
  C:\Windows\System\cKyWxUM.exe
  2⤵
  PID:12552
- C:\Windows\System\DVCJpjg.exe
  C:\Windows\System\DVCJpjg.exe
  2⤵
  PID:12688
- C:\Windows\System\flVxvbk.exe
  C:\Windows\System\flVxvbk.exe
  2⤵
  PID:12860
- C:\Windows\System\SjrUpvI.exe
  C:\Windows\System\SjrUpvI.exe
  2⤵
  PID:13024
- C:\Windows\System\nGXXrwF.exe
  C:\Windows\System\nGXXrwF.exe
  2⤵
  PID:13084
- C:\Windows\System\VeeesBe.exe
  C:\Windows\System\VeeesBe.exe
  2⤵
  PID:13224
- C:\Windows\System\qqvQWlc.exe
  C:\Windows\System\qqvQWlc.exe
  2⤵
  PID:12376
- C:\Windows\System\XvqHVnC.exe
  C:\Windows\System\XvqHVnC.exe
  2⤵
  PID:12800
- C:\Windows\System\avjsBps.exe
  C:\Windows\System\avjsBps.exe
  2⤵
  PID:12988
- C:\Windows\System\gHAztZG.exe
  C:\Windows\System\gHAztZG.exe
  2⤵
  PID:12356
- C:\Windows\System\QTvesrp.exe
  C:\Windows\System\QTvesrp.exe
  2⤵
  PID:13028
- C:\Windows\System\hnLMfBW.exe
  C:\Windows\System\hnLMfBW.exe
  2⤵
  PID:3052
- C:\Windows\System\sMjetha.exe
  C:\Windows\System\sMjetha.exe
  2⤵
  PID:13340
- C:\Windows\System\BFerMyU.exe
  C:\Windows\System\BFerMyU.exe
  2⤵
  PID:13368
- C:\Windows\System\bzStRjY.exe
  C:\Windows\System\bzStRjY.exe
  2⤵
  PID:13396
- C:\Windows\System\vbbDfiC.exe
  C:\Windows\System\vbbDfiC.exe
  2⤵
  PID:13424
- C:\Windows\System\gAPylCU.exe
  C:\Windows\System\gAPylCU.exe
  2⤵
  PID:13452
- C:\Windows\System\GUSHZpT.exe
  C:\Windows\System\GUSHZpT.exe
  2⤵
  PID:13480
- C:\Windows\System\bUfNdMu.exe
  C:\Windows\System\bUfNdMu.exe
  2⤵
  PID:13508
- C:\Windows\System\AMeUivC.exe
  C:\Windows\System\AMeUivC.exe
  2⤵
  PID:13536
- C:\Windows\System\EIQvMqA.exe
  C:\Windows\System\EIQvMqA.exe
  2⤵
  PID:13564
- C:\Windows\System\TxeQNsh.exe
  C:\Windows\System\TxeQNsh.exe
  2⤵
  PID:13600
- C:\Windows\System\LWhbkoH.exe
  C:\Windows\System\LWhbkoH.exe
  2⤵
  PID:13636
- C:\Windows\System\qjkgsny.exe
  C:\Windows\System\qjkgsny.exe
  2⤵
  PID:13664
- C:\Windows\System\YepqaLb.exe
  C:\Windows\System\YepqaLb.exe
  2⤵
  PID:13692
- C:\Windows\System\yFklcoJ.exe
  C:\Windows\System\yFklcoJ.exe
  2⤵
  PID:13732
- C:\Windows\System\HOPEglv.exe
  C:\Windows\System\HOPEglv.exe
  2⤵
  PID:13756
- C:\Windows\System\iSvlutY.exe
  C:\Windows\System\iSvlutY.exe
  2⤵
  PID:13776
- C:\Windows\System\vngSmaw.exe
  C:\Windows\System\vngSmaw.exe
  2⤵
  PID:13804
- C:\Windows\System\gYjehnN.exe
  C:\Windows\System\gYjehnN.exe
  2⤵
  PID:13832
- C:\Windows\System\tgfgZhk.exe
  C:\Windows\System\tgfgZhk.exe
  2⤵
  PID:13860
- C:\Windows\System\kPYhoTU.exe
  C:\Windows\System\kPYhoTU.exe
  2⤵
  PID:13888
- C:\Windows\System\pEvvQbY.exe
  C:\Windows\System\pEvvQbY.exe
  2⤵
  PID:13916
- C:\Windows\System\gBoPnTF.exe
  C:\Windows\System\gBoPnTF.exe
  2⤵
  PID:13944
- C:\Windows\System\onItqwO.exe
  C:\Windows\System\onItqwO.exe
  2⤵
  PID:13972
- C:\Windows\System\htWbcpE.exe
  C:\Windows\System\htWbcpE.exe
  2⤵
  PID:14000
- C:\Windows\System\bxoQmZA.exe
  C:\Windows\System\bxoQmZA.exe
  2⤵
  PID:14028
- C:\Windows\System\krkMfEE.exe
  C:\Windows\System\krkMfEE.exe
  2⤵
  PID:14056
- C:\Windows\System\PKxVVAj.exe
  C:\Windows\System\PKxVVAj.exe
  2⤵
  PID:14084
- C:\Windows\System\pmJwQFD.exe
  C:\Windows\System\pmJwQFD.exe
  2⤵
  PID:14112
- C:\Windows\System\QrVksBr.exe
  C:\Windows\System\QrVksBr.exe
  2⤵
  PID:14140
- C:\Windows\System\LAcMXNU.exe
  C:\Windows\System\LAcMXNU.exe
  2⤵
  PID:14168
- C:\Windows\System\rOnAtGh.exe
  C:\Windows\System\rOnAtGh.exe
  2⤵
  PID:14196
- C:\Windows\System\ubVkKMm.exe
  C:\Windows\System\ubVkKMm.exe
  2⤵
  PID:14228
- C:\Windows\System\zGFiezd.exe
  C:\Windows\System\zGFiezd.exe
  2⤵
  PID:14256
- C:\Windows\System\UXBXEsy.exe
  C:\Windows\System\UXBXEsy.exe
  2⤵
  PID:14288
- C:\Windows\System\sDdTWqd.exe
  C:\Windows\System\sDdTWqd.exe
  2⤵
  PID:14312
- C:\Windows\System\mNywGYd.exe
  C:\Windows\System\mNywGYd.exe
  2⤵
  PID:13336
- C:\Windows\System\WJJcNNv.exe
  C:\Windows\System\WJJcNNv.exe
  2⤵
  PID:13408
- C:\Windows\System\VZFiwJP.exe
  C:\Windows\System\VZFiwJP.exe
  2⤵
  PID:13472
- C:\Windows\System\mLlJHot.exe
  C:\Windows\System\mLlJHot.exe
  2⤵
  PID:13552
- C:\Windows\System\akAoDxa.exe
  C:\Windows\System\akAoDxa.exe
  2⤵
  PID:13628
- C:\Windows\System\ZQrGngS.exe
  C:\Windows\System\ZQrGngS.exe
  2⤵
  PID:13624
- C:\Windows\System\iyNrMJm.exe
  C:\Windows\System\iyNrMJm.exe
  2⤵
  PID:13712
- C:\Windows\System\AJexhNB.exe
  C:\Windows\System\AJexhNB.exe
  2⤵
  PID:13772
- C:\Windows\System\mPtuDlj.exe
  C:\Windows\System\mPtuDlj.exe
  2⤵
  PID:13844
- C:\Windows\System\rlSQgFK.exe
  C:\Windows\System\rlSQgFK.exe
  2⤵
  PID:13908
- C:\Windows\System\IUbzkZH.exe
  C:\Windows\System\IUbzkZH.exe
  2⤵
  PID:13968
- C:\Windows\System\yEAvCxC.exe
  C:\Windows\System\yEAvCxC.exe
  2⤵
  PID:14040
- C:\Windows\System\nqMEgDF.exe
  C:\Windows\System\nqMEgDF.exe
  2⤵
  PID:5040
- C:\Windows\System\vlgrAQX.exe
  C:\Windows\System\vlgrAQX.exe
  2⤵
  PID:14100
- C:\Windows\System\fUnzvhk.exe
  C:\Windows\System\fUnzvhk.exe
  2⤵
  PID:14160
- C:\Windows\System\FMAuUCJ.exe
  C:\Windows\System\FMAuUCJ.exe
  2⤵
  PID:5076
- C:\Windows\System\DncoWtg.exe
  C:\Windows\System\DncoWtg.exe
  2⤵
  PID:14252
- C:\Windows\System\qYjjiAN.exe
  C:\Windows\System\qYjjiAN.exe
  2⤵
  PID:14328
- C:\Windows\System\LwjFqTV.exe
  C:\Windows\System\LwjFqTV.exe
  2⤵
  PID:13388
- C:\Windows\System\ZZAKttR.exe
  C:\Windows\System\ZZAKttR.exe
  2⤵
  PID:13528
- C:\Windows\System\HokIdJr.exe
  C:\Windows\System\HokIdJr.exe
  2⤵
  PID:13612
- C:\Windows\System\uQmbqdm.exe
  C:\Windows\System\uQmbqdm.exe
  2⤵
  PID:13764
- C:\Windows\System\SyXOYiT.exe
  C:\Windows\System\SyXOYiT.exe
  2⤵
  PID:13900
- C:\Windows\System\aPCkfyr.exe
  C:\Windows\System\aPCkfyr.exe
  2⤵
  PID:5052
- C:\Windows\System\jEBwIjh.exe
  C:\Windows\System\jEBwIjh.exe
  2⤵
  PID:14136
- C:\Windows\System\IzmgetR.exe
  C:\Windows\System\IzmgetR.exe
  2⤵
  PID:4084
- C:\Windows\System\XQFOEZB.exe
  C:\Windows\System\XQFOEZB.exe
  2⤵
  PID:13448
- C:\Windows\System\iDFJFkS.exe
  C:\Windows\System\iDFJFkS.exe
  2⤵
  PID:13704
- C:\Windows\System\UQmikKw.exe
  C:\Windows\System\UQmikKw.exe
  2⤵
  PID:14024
- C:\Windows\System\hmkiVBR.exe
  C:\Windows\System\hmkiVBR.exe
  2⤵
  PID:14308
- C:\Windows\System\GHedkUO.exe
  C:\Windows\System\GHedkUO.exe
  2⤵
  PID:13996
- C:\Windows\System\ynGzFaY.exe
  C:\Windows\System\ynGzFaY.exe
  2⤵
  PID:13676
- C:\Windows\System\JPXAQno.exe
  C:\Windows\System\JPXAQno.exe
  2⤵
  PID:1816
- C:\Windows\System\HFlDOxd.exe
  C:\Windows\System\HFlDOxd.exe
  2⤵
  PID:14344
- C:\Windows\System\ohvjKkH.exe
  C:\Windows\System\ohvjKkH.exe
  2⤵
  PID:14372
- C:\Windows\System\cfcoJtX.exe
  C:\Windows\System\cfcoJtX.exe
  2⤵
  PID:14400
- C:\Windows\System\rOOXJvD.exe
  C:\Windows\System\rOOXJvD.exe
  2⤵
  PID:14428
- C:\Windows\System\yEQeZZM.exe
  C:\Windows\System\yEQeZZM.exe
  2⤵
  PID:14468
- C:\Windows\System\mSrWSTR.exe
  C:\Windows\System\mSrWSTR.exe
  2⤵
  PID:14484
- C:\Windows\System\bwzUgvu.exe
  C:\Windows\System\bwzUgvu.exe
  2⤵
  PID:14512
- C:\Windows\System\uciVaTu.exe
  C:\Windows\System\uciVaTu.exe
  2⤵
  PID:14540
- C:\Windows\System\xiirsjn.exe
  C:\Windows\System\xiirsjn.exe
  2⤵
  PID:14568
- C:\Windows\System\uggLLfl.exe
  C:\Windows\System\uggLLfl.exe
  2⤵
  PID:14596
- C:\Windows\System\SzNSTTr.exe
  C:\Windows\System\SzNSTTr.exe
  2⤵
  PID:14624
- C:\Windows\System\imKfvRG.exe
  C:\Windows\System\imKfvRG.exe
  2⤵
  PID:14652
- C:\Windows\System\Qcfilal.exe
  C:\Windows\System\Qcfilal.exe
  2⤵
  PID:14680
- C:\Windows\System\ivrRlWN.exe
  C:\Windows\System\ivrRlWN.exe
  2⤵
  PID:14708
- C:\Windows\System\fHknebo.exe
  C:\Windows\System\fHknebo.exe
  2⤵
  PID:14736
- C:\Windows\System\UXcQgIY.exe
  C:\Windows\System\UXcQgIY.exe
  2⤵
  PID:14764
- C:\Windows\System\bSGiLPV.exe
  C:\Windows\System\bSGiLPV.exe
  2⤵
  PID:14792
- C:\Windows\System\SKHxGfd.exe
  C:\Windows\System\SKHxGfd.exe
  2⤵
  PID:14820
- C:\Windows\System\aGwnWCU.exe
  C:\Windows\System\aGwnWCU.exe
  2⤵
  PID:14848
- C:\Windows\System\yAbTxZo.exe
  C:\Windows\System\yAbTxZo.exe
  2⤵
  PID:14876
- C:\Windows\System\vwktSSf.exe
  C:\Windows\System\vwktSSf.exe
  2⤵
  PID:14904
- C:\Windows\System\fHwHbLV.exe
  C:\Windows\System\fHwHbLV.exe
  2⤵
  PID:14932
- C:\Windows\System\JWWetuY.exe
  C:\Windows\System\JWWetuY.exe
  2⤵
  PID:14960
- C:\Windows\System\IsDDjXX.exe
  C:\Windows\System\IsDDjXX.exe
  2⤵
  PID:14988
- C:\Windows\System\WxknFTF.exe
  C:\Windows\System\WxknFTF.exe
  2⤵
  PID:15016
- C:\Windows\System\qPSPKkk.exe
  C:\Windows\System\qPSPKkk.exe
  2⤵
  PID:15044
- C:\Windows\System\YnUiTUy.exe
  C:\Windows\System\YnUiTUy.exe
  2⤵
  PID:15068
- C:\Windows\System\LQSHBhQ.exe
  C:\Windows\System\LQSHBhQ.exe
  2⤵
  PID:15104
- C:\Windows\System\CMdhitR.exe
  C:\Windows\System\CMdhitR.exe
  2⤵
  PID:15140
- C:\Windows\System\iVndeia.exe
  C:\Windows\System\iVndeia.exe
  2⤵
  PID:15176
- C:\Windows\System\jkcdOzK.exe
  C:\Windows\System\jkcdOzK.exe
  2⤵
  PID:15208
- C:\Windows\System\kvHeMsI.exe
  C:\Windows\System\kvHeMsI.exe
  2⤵
  PID:15236
- C:\Windows\System\bhpTYkC.exe
  C:\Windows\System\bhpTYkC.exe
  2⤵
  PID:15264
- C:\Windows\System\kWMfvkm.exe
  C:\Windows\System\kWMfvkm.exe
  2⤵
  PID:15292
- C:\Windows\System\IDDKcYU.exe
  C:\Windows\System\IDDKcYU.exe
  2⤵
  PID:15320
- C:\Windows\System\AUEHXEw.exe
  C:\Windows\System\AUEHXEw.exe
  2⤵
  PID:15348
- C:\Windows\System\PaBHRPA.exe
  C:\Windows\System\PaBHRPA.exe
  2⤵
  PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AciXYsv.exe

Filesize
6.1MB

MD5
743c2f6444259248bd0bf9437c42fa7e

SHA1
83d540b6b3f08f453c08e17fecbe77cfe7b1ce71

SHA256
f8e471ebc304adfdfae11745b93174f2d95c41671b0596dadd91e3493a06de0b

SHA512
3874f7c1a1653885ab1ac259bc9263fb25612e95a87ea1dfec198b38014352c10013f87470ec6c1a7e38b29f440a87fc0c7b7b19d8fda1d8960e27bd6bae97d1

Download Submit
C:\Windows\System\CZDqmqd.exe

Filesize
6.1MB

MD5
eede1d78677349dfb9b419b5e44265c5

SHA1
e90429d40c732291c5b2709cceb6bcb6cb65b89e

SHA256
106ed14046fea99f38e4917a4a8223fc4952bd60e2daf9b4fb413843eb1bb497

SHA512
ee9410b779d855d9f1e28613abb6d4e86459c936b7a16b2f8d58b971510dd73bfd16527dfea8da44ee7a7405fd194c6531684f637ad063ab50455b79358df0f2

Download Submit
C:\Windows\System\EhvNTxx.exe

Filesize
6.1MB

MD5
e249fcc4d862e8a82d9bc372fe587c50

SHA1
f719330b13414c48b88e9686823058620e3c4f03

SHA256
95b642be3a5b6f80d0caa4aab0c805da9cac22e4dfe5fd91a6e82eee65e7f52b

SHA512
3c743be687f1c4d7f2d04f33c0bdbda5fc7953ddaf194667245569b31bdface62af978582ec5f2798eb6f3b86fe22e1e8f4d9b2485fe035dc48796014f7c27d3

Download Submit
C:\Windows\System\FouLnEr.exe

Filesize
6.1MB

MD5
72479ad671056136d1abd1a27e77e1bd

SHA1
db21a86e33ac4e6fa19e8958f182189ee0fe7f3e

SHA256
e780868023aa538f7461d7e3237f4e9e318b2c34db607dbf70bef7428dce0a2a

SHA512
8968fa5b7f2fd74df94d4581884495854b14ede49f16de43a8da96c359b793c7533369d91abaeac0013b5db195d7bc194d19a2be53109d62d783ca70b2ec9402

Download Submit
C:\Windows\System\JQLOXNo.exe

Filesize
6.1MB

MD5
dc7afbc5e4e9f0b9c8bd33ff0250cd7e

SHA1
a0845b2299403404b57c0b6854e04ed2cb21780d

SHA256
2f597f3f79d2db041833cd60b571ea28cac025ce05ad53bfb4924138a2882064

SHA512
f81e39c2591c6df8fb5b2a71b821174ee4d5ce49bd119e9f157acd623ad11869a5ee07b82f575d31c2b20a5b2a2810ed5eb3add6b248cf6cc196b181fbc34a88

Download Submit
C:\Windows\System\KtfOOwM.exe

Filesize
6.1MB

MD5
7576b5cdf310241f4f2e46ad597f102f

SHA1
cad60b9bfaf6ee23a65c0ab20fb4c5054a605541

SHA256
ea37c59893b21573b404fe276787ce8ef3865e4342173583e9261d836e64ed38

SHA512
6e64d8c26a6bd1f90cbe2c5e4a7d75aa5c2d384349da11ae6dd80eb04822d98dc8c789cfe1dd430300c7a4501fb703a6d01a50c1f9f77d7f3a5023a9a74a1055

Download Submit
C:\Windows\System\LXMxoDI.exe

Filesize
6.1MB

MD5
a220c8821479df468ac4a329e611a7a7

SHA1
5d3f5d06326f558014b7a3d69b1a8a1aa4c1c27b

SHA256
17ad69f80840e4463d27addc73f909751140f5aec235b4701a2603c64f7d91ab

SHA512
775473c64a70bf434cb5fcdcdfbf375667ce43c70615120ed50494bb3b411ea57e6f39bdf5765dec7413a5b52d8b8c4c46f9920d9ef9b43dd589dbad02032bcb

Download Submit
C:\Windows\System\MeAZCRf.exe

Filesize
6.1MB

MD5
4b28e70ad9c879a1913d9305c45c93e8

SHA1
9391a5c307bd960dce70cb985e3989edf866b2e6

SHA256
6fad90fedc88422f5e29a6550d5fd4811029b2c3631430bec76f6f7a4c93a32d

SHA512
f3a92faec885bf46ea924825d67190a700961691d900584832e5814525f4c0a0cbf75cc76e3948f00191d640d263ae76e1993ab547e7093c51fbc8699b8fc17f

Download Submit
C:\Windows\System\MrGiBtC.exe

Filesize
6.1MB

MD5
beecf8f2e734dfe84f94a32dcc8c2c69

SHA1
67a709e2702e11485619e337f640bb60f52a6a48

SHA256
30b9d37bb7f64aeb6858569a812b8720ab82a8fee744d967d2f7c300b438caad

SHA512
9f57c950891d2272ee4000ce36ee34e09976eacc77f7ef9f9747f78421aa92fbc7f969e152ab2d2c5833df7facdbb524d6340eeb0bfc87a64f0b5d8934a130ae

Download Submit
C:\Windows\System\Nmrkvrp.exe

Filesize
6.1MB

MD5
8faa227fb930a9777383d75ec67f3621

SHA1
77950810f44c3c70451354661561bf97b9819d35

SHA256
7cd86abc738f6f7a71ffacdf490c145daaded846afa99be7b0f8b383d5752758

SHA512
60cc28a0132d38ba5918a573abd143b22b0deae376c5fea41f35e17bbdf023ef65ea1b0349e03ca9fb8db4c8468ef79b79c32446063d8c62c5fbd6b26f1033f3

Download Submit
C:\Windows\System\OaTQDwL.exe

Filesize
6.1MB

MD5
02f471a2c25ea1bc2582c1f0543b40d1

SHA1
d58e618849bd1b9557a44a0570cc6704efc5d41d

SHA256
d3e936581524f4960fa196ae26045df90ed8f28626f58f3df325e2e0e0a318fc

SHA512
54d26fa1ec460ba7c9c42d477beceba2ad5b519e414b224078128e5a8f82bac935733664476724939e936aec149ec6fd3c00630e777246166c0cad0cdb3881d6

Download Submit
C:\Windows\System\OmrDZnt.exe

Filesize
6.1MB

MD5
6a9118f99d86dbe38e4f0328d04163eb

SHA1
c985c3488cf86766346071c1f1fe3d8c546aeafb

SHA256
5cb5357149728f2b7204a7bba111a4342026e21cd4a838411a3df680a69344d7

SHA512
d17ca5d95a22c701f3ffadc71a268e03515c18f024047343bac3277d8222f298a470f952a4274c3d506c04bc9648f655836b58031d531e79a232fce3cfbb2505

Download Submit
C:\Windows\System\STijKQI.exe

Filesize
6.1MB

MD5
69e0b6fe4640ad8e480cba5bd7f42998

SHA1
2315ad9e62f70d0529ba9f2e93f65c8a163e13ab

SHA256
b4c5885ac7c4d0e6288982a14224b3aeb83c147f171482010380b4e29ecc05e8

SHA512
f9c765086ed1496985a9b8ea1b275cd84c2b2494b4bebc408bd907c8f5546fb3d03301514c300573ebc9dc673f272c33610caeb556856ad0031dcecdc7ca62f8

Download Submit
C:\Windows\System\WLKVpOZ.exe

Filesize
6.1MB

MD5
42aff8db016e9bca6236ea26c1356235

SHA1
94118562ac026cc00476fa037dbdff1f827794c1

SHA256
804f4e9ad550dde1cebcb43879cb072dba56adf2b441ff252af5594a853d154a

SHA512
fb7391a8145fe1c9a7ac63756ae056ac97258aa126a068274fb657a4410daf629038e9fe51424da28098938d03dbff224a8bf933f6c91c3a16ed8453da812d11

Download Submit
C:\Windows\System\ZnFmdTM.exe

Filesize
6.1MB

MD5
28898c13325a8d20cef229f57c1f73dd

SHA1
5efd0a87057ef5934f2ee871adb8e35f412722b3

SHA256
9e180244d9b78f2edef3a6885e0d256d9628e70f0ab1a0101e14837623473013

SHA512
78c2dfa1a61d7bd1771c2d0e57e67b73fe62fc05e0908edeb32979d83736a851eb9d103ef0c6dbb7a6605a913536375968f4ea523990fe31a17b4c695ee8c933

Download Submit
C:\Windows\System\ajHwqvj.exe

Filesize
6.1MB

MD5
e69fec2e73ebc4ff29e9f262452dc7bc

SHA1
dfe8a2380341945e582b604cd8d4ed23dee1cd93

SHA256
c1eee75436712dbae08b950d166b4422a4979ab6fe0c9f98d500a666b3934532

SHA512
35671b904d3d8d926aa7c387cc259fb8949f6eb1a338d6a1a7df5ddecebecd7c13a5cebeae0a8bbdb959d2f767a5aab721a7a4955a3bd99969d7d5a4a14c52f3

Download Submit
C:\Windows\System\bEjrPQb.exe

Filesize
6.1MB

MD5
248eb029090727d40af9f424a128cc8f

SHA1
0b8b75c6d3729a9b7f5ec14030d984ec35e724c2

SHA256
8ef76d2ffb47700fa62e849d20d88ef48d4ff8b9b17d49a1fd229ac8ad459421

SHA512
836617de2110f106ffc8aecdd7135884593c45cedbb608e5f3ab005037ad147938314c1dc8aef84260fb162591f9a345577e2b6031d07348ea6371646129f5dd

Download Submit
C:\Windows\System\bqNOhAp.exe

Filesize
6.1MB

MD5
e67e2963b35f84741c646d8d300af5c3

SHA1
c5015421bf9f56c22f16bad3f4f6b64d4b809616

SHA256
1773a0135c389413a5fa32b0799ba058d63b736e382910bbdc582d7a691f56c7

SHA512
901e0b1a92e8aa6ccd8c38fef8e3f4799243dd359cb5d388f29aebc376795dba4daee16e3caa9fac07b05f913cd7c5092c1cb424a214439d6f09e58b6931cb6b

Download Submit
C:\Windows\System\hjFoFmk.exe

Filesize
6.1MB

MD5
55a2ecc964c6ffbda899aa534ace8a2a

SHA1
771f90de8dae487fa885db3b7cb9e3e9dbbbf94c

SHA256
857d5785c7fdb3dc559dd697f4e67d740459085b8da17b7b37cd449856028568

SHA512
2cd509d9a7228dfedb84c4d3e2ac3355ad2304f418f41adc7cb57883d4c76ff68e8a398c91309d4223d32cab6f9454a7838dcb0aa603875fc1bd19f35520d22f

Download Submit
C:\Windows\System\jqVVSzi.exe

Filesize
6.1MB

MD5
75e4bef70faff80aca93bed0545443c9

SHA1
b2f5fba70f19abe903cbd94952ec0a0c1b076503

SHA256
c6d88e802cacb1dc0cfb3115596d38f5ad07070fef920be3c876a4d8b5d8d4b7

SHA512
590435f74e5f8e0adc07c246e89bdb895c38750f7e51b231640029231739440612f3c1afe559a9c3f0a3dac4c551adefe4843729b67c16058c7464dcfae4ce68

Download Submit
C:\Windows\System\kKMnpgv.exe

Filesize
6.1MB

MD5
21f0916230a55538ee9b57c8e1333197

SHA1
9b7a014cd54011948a81f722dd0a2f58b0551213

SHA256
b877bdc37d4e1bbdf4599fc35e00af9b021ccbc78237ad979a17840da219b042

SHA512
5db57af2aa3b50f125cbfc680ff3fd2f0e24f3aa0871688b17e680295b6341817a0a69f1bac95cc181f9b6f8f759f6a22b557c1e09150fc90c3dfeff733e19a7

Download Submit
C:\Windows\System\loFLDtC.exe

Filesize
6.1MB

MD5
4906bd0d9f53c970956c5d64282f3fe5

SHA1
9213f4914f0400f4acc56ed0839cdbf9c97f18c5

SHA256
f8a30ed3610588b36774588bf4cb34926fe141ac57f4711ba96907e205bb7b0d

SHA512
3f7c17eedc6c9d6a6e5ad004cbc44284e39419e2d43829b475f7be50486a34bd59652864971dd7c8daac81dc808c28dc8cdb32b4b8fde8fb6414fcb563bb6b3e

Download Submit
C:\Windows\System\nGfgydv.exe

Filesize
6.1MB

MD5
8df4dc5d21b3924a753b7d4c88d2acac

SHA1
6d2187a16cf5af92a6b74c1bc5b594c75a62d35b

SHA256
75d804b4d3380c84ebd06bb0fc5b83b7da9023fee124bd519b2573b7483e0936

SHA512
cf4c69a8b65945f8f0683eed4095d66cf4c3f9ca5cf72c71eef1ede0b06f5a7f98e85db000d8963345690749a1c02de7d1404c2b09ead528f63748660bee65c5

Download Submit
C:\Windows\System\nvxbfvO.exe

Filesize
6.1MB

MD5
4c8251c2b231d10be478d6ae7a2439e2

SHA1
630fe231dec25e7ea081562a982def735ffa2d90

SHA256
0607fe4dc684ab01f5e075ef3bd53825688119fd315b53a512c7c0b276cdd130

SHA512
4258f833cd79afb79a7c268565a782b9a7bc34d432eba945bbdb868912bb422e84cb77b884330364483041877391acd643956907321893b30e3c6408eba05d77

Download Submit
C:\Windows\System\okAevKP.exe

Filesize
6.1MB

MD5
d72e682c41c4c591d006e8717a6dc85d

SHA1
0e389a95fba170933d30f8224e808bf26f3440ab

SHA256
d666a26e592ae22f79ee00d8fadb10afd506c13afa1c0cd8a2422804d661f5b1

SHA512
c9cbab4d5909764aa8d3691cadc563bfe9db6cfd829fc3a897e5a1646d8922b04ea0dd1825e0299bef6ffec03a99ba9ca3f6fc1a3515b77c4b710c25538560c2

Download Submit
C:\Windows\System\okiMsaK.exe

Filesize
6.1MB

MD5
75e9d2301233aa95cf19ac8d964dacec

SHA1
8c3ed0f5b52b17c14e6e10ec326bdf744fcaaa33

SHA256
89627b799e68ed6e29c001964134de647fcaa2a2ed02aabffe0f18456efc5164

SHA512
8ae5265100cb6438abc3a126dc3b2656ffdfc12629d75fc1add84b3d29668e8d4f7063df3bd626a1ea8f645d4b0c1f52254f2d7a5e67f5c78848d9c71ab5c397

Download Submit
C:\Windows\System\pUMAOuZ.exe

Filesize
6.1MB

MD5
7fb4ecf4f2e6a67594935ef49c2f8dd1

SHA1
fac8d40b7d8c97e5f9151d072d2a4c0f2fb5a60c

SHA256
3889580ad3cc91a0738f2104e59c4102d4556663a92cb60878607f2fa8ed1fa6

SHA512
9e96f0bb9a7264ee4cc045097193bcc1f46f210bff214c50ca2f77449120fe14a33ed90b58a3729e9ceace0cd5eb61dc29922749819aef47fb669be40680fe2e

Download Submit
C:\Windows\System\pmvOfTL.exe

Filesize
6.1MB

MD5
d3c06edbc626830ad6802c208a2297fc

SHA1
68bebf5b0a66943c0b97188ecbb24835b8ad6017

SHA256
51953d9fa6ef7879a91318492f1583da7792e96802a7e1238ccf5906afda6a4d

SHA512
e93cd7e90bdd562741b74ac1f060b21eea5a373273ad98028ec291a7ea2f9b048865a9e2233d5feb9a256dcff63bb764f95ba5612272aeaf81dcfc1da7c2239b

Download Submit
C:\Windows\System\qsJpAYu.exe

Filesize
6.1MB

MD5
f294d085560759825a9de7dddf3c7e00

SHA1
69ec4bdefca1a209b2008f1640b2457ae973e007

SHA256
4822c7511d4d23780197bb5d8bf6f1f457d0adc9c4497a5fcc6c1b1eb932388e

SHA512
0ee69fe4920aa2b0e475e9128d5bf7e131a7aed4bef8e1e3cef605eb9222a0adece9a9445ac062247566447a904f9350a3cba88b2e5d7446e9796287fe7ce3d1

Download Submit
C:\Windows\System\sHKnJxz.exe

Filesize
6.1MB

MD5
f38f40fd575648a88485545b3e13b812

SHA1
4ac6b5048be98dda619980f70d09a0c1bc801aa2

SHA256
982b2896b4df4345fc98e84dd6929349a0e97e5db2a55f518d6c481a4bcb5765

SHA512
db10734db57d85ccc27fcd2a691db09863133c75ff4bf4b70635cc9c6b1e7e6b03dae801040dbf0855e45d1339befb45ac5b69cc975efce72dfc79a3ca757144

Download Submit
C:\Windows\System\tPbemAY.exe

Filesize
6.1MB

MD5
d2ba8fea81b405634926ef3ce0bd6a2e

SHA1
cc839687bbf133966fa0c654fde398701cf03a91

SHA256
41ab8d187c9b4712196de5d05b2e954f818ec1e7c6ee7ecb92f47092cd040cbd

SHA512
e630005c7ea3bb8a83da02532bdda3a156d0730209a7b064dc2bdba79b6dd4562d07f8cd6a855b67738d0c10f1c1fe99321ce9b8c48a92e442d3548ffd0a1b9d

Download Submit
C:\Windows\System\woZUcoX.exe

Filesize
6.1MB

MD5
4bc0e73b5d0a0f76f07b066de9655aaf

SHA1
7aa9cd2381e48b1e99293ce69206492ab92d39c8

SHA256
8d775483973cabee70e23e0f3b2be05524aa269569b4ec9893d36b5f5d1a8bc8

SHA512
c666adc7695070621a6665da7e4b42c7138d9af553ed09522f5c7d77225f3514cb0b853ded226ef570bb2ce93ec233206898e181282f24ea92d274d106f0cddd

Download Submit
C:\Windows\System\zDXVnCj.exe

Filesize
6.1MB

MD5
3d8a664cb5e031eb6380c309a72bc95c

SHA1
b6dfdab07273b449b7b2fcdc769a0f24c90092ac

SHA256
6e3f270f91ba92a9596819c76513296ed2371b0c99f7562d4f44aa9e0d4d83dc

SHA512
947195e238d01bcb9e28a0ca61e2c229503aecb9cf75c9c745c179a44f01a34ff028175b56a622c34ccc54946d349f6f06a0e26d84d1b0645f79c8690fb96ee7

Download Submit
memory/100-90-0x00007FF677F30000-0x00007FF678284000-memory.dmp

Filesize
3.3MB

Download
memory/100-1416-0x00007FF677F30000-0x00007FF678284000-memory.dmp

Filesize
3.3MB

Download
memory/100-36-0x00007FF677F30000-0x00007FF678284000-memory.dmp

Filesize
3.3MB

Download
memory/604-116-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp

Filesize
3.3MB

Download
memory/604-64-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp

Filesize
3.3MB

Download
memory/604-1679-0x00007FF7746A0000-0x00007FF7749F4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-2219-0x00007FF702750000-0x00007FF702AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-144-0x00007FF702750000-0x00007FF702AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-206-0x00007FF702750000-0x00007FF702AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-57-0x00007FF6EA8B0000-0x00007FF6EAC04000-memory.dmp

Filesize
3.3MB

Download
memory/1632-1666-0x00007FF6EA8B0000-0x00007FF6EAC04000-memory.dmp

Filesize
3.3MB

Download
memory/2000-86-0x00007FF7B6B90000-0x00007FF7B6EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-1867-0x00007FF7B6B90000-0x00007FF7B6EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1412-0x00007FF641F30000-0x00007FF642284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-85-0x00007FF641F30000-0x00007FF642284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-28-0x00007FF641F30000-0x00007FF642284000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2298-0x00007FF63AA50000-0x00007FF63ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-197-0x00007FF63AA50000-0x00007FF63ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1952-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp

Filesize
3.3MB

Download
memory/2160-148-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp

Filesize
3.3MB

Download
memory/2160-98-0x00007FF61E7B0000-0x00007FF61EB04000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2030-0x00007FF71D300000-0x00007FF71D654000-memory.dmp

Filesize
3.3MB

Download
memory/2256-118-0x00007FF71D300000-0x00007FF71D654000-memory.dmp

Filesize
3.3MB

Download
memory/2256-172-0x00007FF71D300000-0x00007FF71D654000-memory.dmp

Filesize
3.3MB

Download
memory/2332-159-0x00007FF76B980000-0x00007FF76BCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-338-0x00007FF76B980000-0x00007FF76BCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-158-0x00007FF71CE40000-0x00007FF71D194000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2022-0x00007FF71CE40000-0x00007FF71D194000-memory.dmp

Filesize
3.3MB

Download
memory/2368-115-0x00007FF71CE40000-0x00007FF71D194000-memory.dmp

Filesize
3.3MB

Download
memory/2612-54-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp

Filesize
3.3MB

Download
memory/2612-0-0x00007FF7B79F0000-0x00007FF7B7D44000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1-0x0000016957BD0000-0x0000016957BE0000-memory.dmp

Filesize
64KB

Download
memory/3140-519-0x00007FF69EAB0000-0x00007FF69EE04000-memory.dmp

Filesize
3.3MB

Download
memory/3140-2297-0x00007FF69EAB0000-0x00007FF69EE04000-memory.dmp

Filesize
3.3MB

Download
memory/3140-179-0x00007FF69EAB0000-0x00007FF69EE04000-memory.dmp

Filesize
3.3MB

Download
memory/3156-78-0x00007FF63ED60000-0x00007FF63F0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3156-1864-0x00007FF63ED60000-0x00007FF63F0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2296-0x00007FF64B700000-0x00007FF64BA54000-memory.dmp

Filesize
3.3MB

Download
memory/3168-181-0x00007FF64B700000-0x00007FF64BA54000-memory.dmp

Filesize
3.3MB

Download
memory/3168-581-0x00007FF64B700000-0x00007FF64BA54000-memory.dmp

Filesize
3.3MB

Download
memory/3344-149-0x00007FF68D2C0000-0x00007FF68D614000-memory.dmp

Filesize
3.3MB

Download
memory/3344-210-0x00007FF68D2C0000-0x00007FF68D614000-memory.dmp

Filesize
3.3MB

Download
memory/3344-2223-0x00007FF68D2C0000-0x00007FF68D614000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2295-0x00007FF6232F0000-0x00007FF623644000-memory.dmp

Filesize
3.3MB

Download
memory/3688-397-0x00007FF6232F0000-0x00007FF623644000-memory.dmp

Filesize
3.3MB

Download
memory/3688-167-0x00007FF6232F0000-0x00007FF623644000-memory.dmp

Filesize
3.3MB

Download
memory/3704-66-0x00007FF60E620000-0x00007FF60E974000-memory.dmp

Filesize
3.3MB

Download
memory/3704-1406-0x00007FF60E620000-0x00007FF60E974000-memory.dmp

Filesize
3.3MB

Download
memory/3704-12-0x00007FF60E620000-0x00007FF60E974000-memory.dmp

Filesize
3.3MB

Download
memory/3840-97-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp

Filesize
3.3MB

Download
memory/3840-1418-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp

Filesize
3.3MB

Download
memory/3840-42-0x00007FF7F0840000-0x00007FF7F0B94000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2217-0x00007FF6AA9C0000-0x00007FF6AAD14000-memory.dmp

Filesize
3.3MB

Download
memory/3968-186-0x00007FF6AA9C0000-0x00007FF6AAD14000-memory.dmp

Filesize
3.3MB

Download
memory/3968-131-0x00007FF6AA9C0000-0x00007FF6AAD14000-memory.dmp

Filesize
3.3MB

Download
memory/4024-2294-0x00007FF7FCA00000-0x00007FF7FCD54000-memory.dmp

Filesize
3.3MB

Download
memory/4024-171-0x00007FF7FCA00000-0x00007FF7FCD54000-memory.dmp

Filesize
3.3MB

Download
memory/4032-1951-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-91-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-139-0x00007FF612EA0000-0x00007FF6131F4000-memory.dmp

Filesize
3.3MB

Download
memory/4108-1413-0x00007FF762CE0000-0x00007FF763034000-memory.dmp

Filesize
3.3MB

Download
memory/4108-81-0x00007FF762CE0000-0x00007FF763034000-memory.dmp

Filesize
3.3MB

Download
memory/4108-24-0x00007FF762CE0000-0x00007FF763034000-memory.dmp

Filesize
3.3MB

Download
memory/4144-75-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp

Filesize
3.3MB

Download
memory/4144-19-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp

Filesize
3.3MB

Download
memory/4144-1409-0x00007FF70ACD0000-0x00007FF70B024000-memory.dmp

Filesize
3.3MB

Download
memory/4340-1680-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp

Filesize
3.3MB

Download
memory/4340-67-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp

Filesize
3.3MB

Download
memory/4340-119-0x00007FF64CD40000-0x00007FF64D094000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2207-0x00007FF6E2F90000-0x00007FF6E32E4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-180-0x00007FF6E2F90000-0x00007FF6E32E4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-127-0x00007FF6E2F90000-0x00007FF6E32E4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-135-0x00007FF6FFD10000-0x00007FF700064000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2222-0x00007FF6FFD10000-0x00007FF700064000-memory.dmp

Filesize
3.3MB

Download
memory/4512-192-0x00007FF6FFD10000-0x00007FF700064000-memory.dmp

Filesize
3.3MB

Download
memory/4560-63-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1402-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp

Filesize
3.3MB

Download
memory/4560-7-0x00007FF7DC7D0000-0x00007FF7DCB24000-memory.dmp

Filesize
3.3MB

Download
memory/4676-109-0x00007FF695B10000-0x00007FF695E64000-memory.dmp

Filesize
3.3MB

Download
memory/4676-1665-0x00007FF695B10000-0x00007FF695E64000-memory.dmp

Filesize
3.3MB

Download
memory/4676-48-0x00007FF695B10000-0x00007FF695E64000-memory.dmp

Filesize
3.3MB

Download
memory/4828-2017-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp

Filesize
3.3MB

Download
memory/4828-104-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp

Filesize
3.3MB

Download
memory/4828-152-0x00007FF71F1C0000-0x00007FF71F514000-memory.dmp

Filesize
3.3MB

Download