cobaltstrike | 3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff

Resubmissions

28/03/2025, 18:19

250328-wx88sa1ps4 10

28/03/2025, 18:11

250328-wsm5razsew 10

Analysis

max time kernel
103s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
Size

6.1MB
MD5

58621203062e1089a24e725a3ad81a5a
SHA1

ede70d27090d3accf131ab5bc4a21e23b9872a0f
SHA256

3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff
SHA512

0a2a426dcc5725301b42f21501e202521511b4c76b320ed35f28e6e09adcd0507b2c01d69c505ebad9ccafae58068975367293e39f570f6c61df842b4f9d633e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000024050-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c1-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c0-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c3-24.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c4-31.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000240bd-30.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c5-40.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c8-57.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c9-69.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cb-75.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ca-79.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cf-105.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240de-211.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dd-207.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240dc-204.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240db-196.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240da-190.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d9-183.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d8-176.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d7-171.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d6-164.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d5-157.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d4-152.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d3-145.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d2-136.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d1-129.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240d0-124.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240ce-108.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cd-98.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240cc-89.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c7-61.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000240c6-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1908-0-0x00007FF74A500000-0x00007FF74A854000-memory.dmp	xmrig
behavioral2/files/0x0009000000024050-5.dat	xmrig
behavioral2/memory/5024-8-0x00007FF75E0D0000-0x00007FF75E424000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c1-11.dat	xmrig
behavioral2/files/0x00070000000240c0-10.dat	xmrig
behavioral2/memory/3884-14-0x00007FF75A480000-0x00007FF75A7D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c3-24.dat	xmrig
behavioral2/files/0x00070000000240c4-31.dat	xmrig
behavioral2/files/0x00080000000240bd-30.dat	xmrig
behavioral2/files/0x00070000000240c5-40.dat	xmrig
behavioral2/memory/4552-42-0x00007FF6866B0000-0x00007FF686A04000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c8-57.dat	xmrig
behavioral2/memory/2408-63-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240c9-69.dat	xmrig
behavioral2/files/0x00070000000240cb-75.dat	xmrig
behavioral2/files/0x00070000000240ca-79.dat	xmrig
behavioral2/memory/4948-95-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp	xmrig
behavioral2/files/0x00070000000240cf-105.dat	xmrig
behavioral2/memory/5016-116-0x00007FF783330000-0x00007FF783684000-memory.dmp	xmrig
behavioral2/memory/404-143-0x00007FF646940000-0x00007FF646C94000-memory.dmp	xmrig
behavioral2/memory/2504-194-0x00007FF62AA90000-0x00007FF62ADE4000-memory.dmp	xmrig
behavioral2/memory/1932-1162-0x00007FF772FD0000-0x00007FF773324000-memory.dmp	xmrig
behavioral2/memory/404-1166-0x00007FF646940000-0x00007FF646C94000-memory.dmp	xmrig
behavioral2/memory/324-1210-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	xmrig
behavioral2/memory/400-1338-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp	xmrig
behavioral2/memory/952-1411-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp	xmrig
behavioral2/memory/876-1470-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp	xmrig
behavioral2/memory/1048-1540-0x00007FF7192F0000-0x00007FF719644000-memory.dmp	xmrig
behavioral2/memory/2036-1603-0x00007FF644B00000-0x00007FF644E54000-memory.dmp	xmrig
behavioral2/memory/3296-1673-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp	xmrig
behavioral2/memory/4380-1737-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240de-211.dat	xmrig
behavioral2/files/0x00070000000240dd-207.dat	xmrig
behavioral2/files/0x00070000000240dc-204.dat	xmrig
behavioral2/files/0x00070000000240db-196.dat	xmrig
behavioral2/memory/4380-195-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240da-190.dat	xmrig
behavioral2/memory/3296-188-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d9-183.dat	xmrig
behavioral2/memory/2036-180-0x00007FF644B00000-0x00007FF644E54000-memory.dmp	xmrig
behavioral2/memory/3236-179-0x00007FF7417A0000-0x00007FF741AF4000-memory.dmp	xmrig
behavioral2/memory/688-178-0x00007FF679270000-0x00007FF6795C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d8-176.dat	xmrig
behavioral2/memory/1048-174-0x00007FF7192F0000-0x00007FF719644000-memory.dmp	xmrig
behavioral2/memory/3532-173-0x00007FF742240000-0x00007FF742594000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d7-171.dat	xmrig
behavioral2/memory/876-167-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp	xmrig
behavioral2/memory/4948-166-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d6-164.dat	xmrig
behavioral2/memory/952-160-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp	xmrig
behavioral2/memory/4592-159-0x00007FF72FE90000-0x00007FF7301E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d5-157.dat	xmrig
behavioral2/files/0x00070000000240d4-152.dat	xmrig
behavioral2/memory/400-151-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp	xmrig
behavioral2/memory/3208-150-0x00007FF69CF80000-0x00007FF69D2D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d3-145.dat	xmrig
behavioral2/memory/324-144-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	xmrig
behavioral2/memory/2352-139-0x00007FF63E8E0000-0x00007FF63EC34000-memory.dmp	xmrig
behavioral2/memory/2024-138-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d2-136.dat	xmrig
behavioral2/memory/1932-132-0x00007FF772FD0000-0x00007FF773324000-memory.dmp	xmrig
behavioral2/memory/2408-131-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000240d1-129.dat	xmrig
behavioral2/files/0x00070000000240d0-124.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5024	OGFbZnC.exe
3884	sGjJauR.exe
4164	qoFtxhU.exe
3120	JOTRAmj.exe
4452	HLueYqc.exe
5080	bvGkaAE.exe
4552	KGNNnFJ.exe
2420	UxRHzun.exe
5016	ilmlziP.exe
2408	HJUfmEN.exe
2024	gKqNmSV.exe
2352	IimvgQa.exe
3208	XTZwEPe.exe
4592	EDnAPpQ.exe
4948	hLoISuQ.exe
3532	SYnovcx.exe
688	ENDxWsy.exe
3236	ovIWeqt.exe
2504	GPrNXqg.exe
1932	BWjEOMH.exe
404	VOcCAhS.exe
324	MExPdqb.exe
400	PGVFqFZ.exe
952	ypGcfIp.exe
876	BqheUWp.exe
1048	eZrPaGQ.exe
2036	MsTwDzj.exe
3296	jaGvqVh.exe
4380	gysTBJQ.exe
3356	utKKuhL.exe
2812	MMZzDAN.exe
1368	HPPcWWd.exe
3436	vHbpfuv.exe
2300	wEDQCOG.exe
3440	CdyYdmw.exe
2592	XRpUYSs.exe
3520	vlOTZta.exe
4176	EwiDcDy.exe
2856	JgGyabw.exe
4472	YYYPPbH.exe
3544	mwQDEJX.exe
3172	RDsvpcY.exe
1684	xujNoPv.exe
3624	QePHheK.exe
464	sSlgAEV.exe
3460	ecYfBLT.exe
1352	WMWfBSV.exe
3500	LOauCqc.exe
1236	rvOUVdD.exe
4544	jzVyVyP.exe
1976	UziWfAX.exe
2160	WHXRQDy.exe
2204	ASaDhmn.exe
5096	MNdzEqe.exe
1712	Qydvrpf.exe
4128	umetSJu.exe
4728	cgxHeee.exe
3548	xIEmFMR.exe
4120	asWfMRv.exe
4860	pltfpwv.exe
3856	qnpcnFZ.exe
3228	FIufjiu.exe
1804	oCsHKRg.exe
5124	LvtKBmu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1908-0-0x00007FF74A500000-0x00007FF74A854000-memory.dmp	upx
behavioral2/files/0x0009000000024050-5.dat	upx
behavioral2/memory/5024-8-0x00007FF75E0D0000-0x00007FF75E424000-memory.dmp	upx
behavioral2/files/0x00070000000240c1-11.dat	upx
behavioral2/files/0x00070000000240c0-10.dat	upx
behavioral2/memory/3884-14-0x00007FF75A480000-0x00007FF75A7D4000-memory.dmp	upx
behavioral2/files/0x00070000000240c3-24.dat	upx
behavioral2/files/0x00070000000240c4-31.dat	upx
behavioral2/files/0x00080000000240bd-30.dat	upx
behavioral2/files/0x00070000000240c5-40.dat	upx
behavioral2/memory/4552-42-0x00007FF6866B0000-0x00007FF686A04000-memory.dmp	upx
behavioral2/files/0x00070000000240c8-57.dat	upx
behavioral2/memory/2408-63-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp	upx
behavioral2/files/0x00070000000240c9-69.dat	upx
behavioral2/files/0x00070000000240cb-75.dat	upx
behavioral2/files/0x00070000000240ca-79.dat	upx
behavioral2/memory/4948-95-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp	upx
behavioral2/files/0x00070000000240cf-105.dat	upx
behavioral2/memory/5016-116-0x00007FF783330000-0x00007FF783684000-memory.dmp	upx
behavioral2/memory/404-143-0x00007FF646940000-0x00007FF646C94000-memory.dmp	upx
behavioral2/memory/2504-194-0x00007FF62AA90000-0x00007FF62ADE4000-memory.dmp	upx
behavioral2/memory/1932-1162-0x00007FF772FD0000-0x00007FF773324000-memory.dmp	upx
behavioral2/memory/404-1166-0x00007FF646940000-0x00007FF646C94000-memory.dmp	upx
behavioral2/memory/324-1210-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	upx
behavioral2/memory/400-1338-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp	upx
behavioral2/memory/952-1411-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp	upx
behavioral2/memory/876-1470-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp	upx
behavioral2/memory/1048-1540-0x00007FF7192F0000-0x00007FF719644000-memory.dmp	upx
behavioral2/memory/2036-1603-0x00007FF644B00000-0x00007FF644E54000-memory.dmp	upx
behavioral2/memory/3296-1673-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp	upx
behavioral2/memory/4380-1737-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp	upx
behavioral2/files/0x00070000000240de-211.dat	upx
behavioral2/files/0x00070000000240dd-207.dat	upx
behavioral2/files/0x00070000000240dc-204.dat	upx
behavioral2/files/0x00070000000240db-196.dat	upx
behavioral2/memory/4380-195-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp	upx
behavioral2/files/0x00070000000240da-190.dat	upx
behavioral2/memory/3296-188-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp	upx
behavioral2/files/0x00070000000240d9-183.dat	upx
behavioral2/memory/2036-180-0x00007FF644B00000-0x00007FF644E54000-memory.dmp	upx
behavioral2/memory/3236-179-0x00007FF7417A0000-0x00007FF741AF4000-memory.dmp	upx
behavioral2/memory/688-178-0x00007FF679270000-0x00007FF6795C4000-memory.dmp	upx
behavioral2/files/0x00070000000240d8-176.dat	upx
behavioral2/memory/1048-174-0x00007FF7192F0000-0x00007FF719644000-memory.dmp	upx
behavioral2/memory/3532-173-0x00007FF742240000-0x00007FF742594000-memory.dmp	upx
behavioral2/files/0x00070000000240d7-171.dat	upx
behavioral2/memory/876-167-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp	upx
behavioral2/memory/4948-166-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp	upx
behavioral2/files/0x00070000000240d6-164.dat	upx
behavioral2/memory/952-160-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp	upx
behavioral2/memory/4592-159-0x00007FF72FE90000-0x00007FF7301E4000-memory.dmp	upx
behavioral2/files/0x00070000000240d5-157.dat	upx
behavioral2/files/0x00070000000240d4-152.dat	upx
behavioral2/memory/400-151-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp	upx
behavioral2/memory/3208-150-0x00007FF69CF80000-0x00007FF69D2D4000-memory.dmp	upx
behavioral2/files/0x00070000000240d3-145.dat	upx
behavioral2/memory/324-144-0x00007FF7523C0000-0x00007FF752714000-memory.dmp	upx
behavioral2/memory/2352-139-0x00007FF63E8E0000-0x00007FF63EC34000-memory.dmp	upx
behavioral2/memory/2024-138-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp	upx
behavioral2/files/0x00070000000240d2-136.dat	upx
behavioral2/memory/1932-132-0x00007FF772FD0000-0x00007FF773324000-memory.dmp	upx
behavioral2/memory/2408-131-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp	upx
behavioral2/files/0x00070000000240d1-129.dat	upx
behavioral2/files/0x00070000000240d0-124.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vuuNdUD.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\KIdAycx.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\YUqIdVn.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\wZJuisV.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\vFkRzWk.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\jzVyVyP.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\SCukgam.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\VeDCTnX.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\Piqtvoo.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\zvoQLpZ.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\AeOsoZv.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\hLaQpSq.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\yfsuZag.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\XTZwEPe.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\WQSJXVV.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\VYDdIdp.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\tLwoizO.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\KGNNnFJ.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\ntcAIih.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\qtkGoOH.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\bCDjILA.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\QIuVHsk.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\xgUweOS.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\GlMWTFo.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\zVspjiq.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\utKKuhL.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\nIlBqef.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\cqRpePC.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\XazqJIO.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\qNUEaWG.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\DzXBOeB.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\KWhPwim.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\KLJwAZx.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\xLGrPsB.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\RKSsHRS.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\LOauCqc.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\asWfMRv.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\fVWFfWX.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\HFLjHbG.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\AEeCaar.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\aAAtgLL.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\zpULcFa.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\eZrPaGQ.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\IbJdZlh.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\BOdMKob.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\NxciQqt.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\XWCVYBX.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\bEASIwP.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\gSjYUoF.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\aofrgdy.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\XYzUeGi.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\mroTOpB.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\edJAwhJ.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\XumkBXR.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\omPKfou.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\mcihfdM.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\cQxZqwM.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\qhmGCVT.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\vdzpaIP.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\oeYDXnE.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\ZKpzmJM.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\veHcnKj.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\ktPnBoo.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
File created	C:\Windows\System\xVlNQBl.exe	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 5024	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	88
PID 1908 wrote to memory of 5024	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	88
PID 1908 wrote to memory of 3884	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	89
PID 1908 wrote to memory of 3884	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	89
PID 1908 wrote to memory of 4164	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	90
PID 1908 wrote to memory of 4164	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	90
PID 1908 wrote to memory of 3120	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	92
PID 1908 wrote to memory of 3120	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	92
PID 1908 wrote to memory of 4452	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	93
PID 1908 wrote to memory of 4452	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	93
PID 1908 wrote to memory of 5080	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	94
PID 1908 wrote to memory of 5080	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	94
PID 1908 wrote to memory of 4552	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	95
PID 1908 wrote to memory of 4552	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	95
PID 1908 wrote to memory of 2420	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	96
PID 1908 wrote to memory of 2420	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	96
PID 1908 wrote to memory of 5016	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	97
PID 1908 wrote to memory of 5016	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	97
PID 1908 wrote to memory of 2408	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	98
PID 1908 wrote to memory of 2408	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	98
PID 1908 wrote to memory of 2024	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	99
PID 1908 wrote to memory of 2024	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	99
PID 1908 wrote to memory of 2352	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	100
PID 1908 wrote to memory of 2352	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	100
PID 1908 wrote to memory of 3208	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	101
PID 1908 wrote to memory of 3208	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	101
PID 1908 wrote to memory of 4592	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	102
PID 1908 wrote to memory of 4592	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	102
PID 1908 wrote to memory of 4948	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	103
PID 1908 wrote to memory of 4948	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	103
PID 1908 wrote to memory of 3532	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	104
PID 1908 wrote to memory of 3532	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	104
PID 1908 wrote to memory of 688	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	105
PID 1908 wrote to memory of 688	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	105
PID 1908 wrote to memory of 3236	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	106
PID 1908 wrote to memory of 3236	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	106
PID 1908 wrote to memory of 2504	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	107
PID 1908 wrote to memory of 2504	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	107
PID 1908 wrote to memory of 1932	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	108
PID 1908 wrote to memory of 1932	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	108
PID 1908 wrote to memory of 404	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	109
PID 1908 wrote to memory of 404	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	109
PID 1908 wrote to memory of 324	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	110
PID 1908 wrote to memory of 324	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	110
PID 1908 wrote to memory of 400	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	111
PID 1908 wrote to memory of 400	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	111
PID 1908 wrote to memory of 952	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	112
PID 1908 wrote to memory of 952	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	112
PID 1908 wrote to memory of 876	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	113
PID 1908 wrote to memory of 876	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	113
PID 1908 wrote to memory of 1048	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	114
PID 1908 wrote to memory of 1048	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	114
PID 1908 wrote to memory of 2036	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	115
PID 1908 wrote to memory of 2036	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	115
PID 1908 wrote to memory of 3296	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	116
PID 1908 wrote to memory of 3296	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	116
PID 1908 wrote to memory of 4380	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	117
PID 1908 wrote to memory of 4380	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	117
PID 1908 wrote to memory of 3356	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	118
PID 1908 wrote to memory of 3356	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	118
PID 1908 wrote to memory of 2812	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	119
PID 1908 wrote to memory of 2812	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	119
PID 1908 wrote to memory of 1368	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	120
PID 1908 wrote to memory of 1368	1908	3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe	120

C:\Users\Admin\AppData\Local\Temp\3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe
"C:\Users\Admin\AppData\Local\Temp\3d56b6478c2099653848011da69eb068369d8320b16a6c8c94e04028715f61ff.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\System\OGFbZnC.exe
  C:\Windows\System\OGFbZnC.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\sGjJauR.exe
  C:\Windows\System\sGjJauR.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\qoFtxhU.exe
  C:\Windows\System\qoFtxhU.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\JOTRAmj.exe
  C:\Windows\System\JOTRAmj.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\HLueYqc.exe
  C:\Windows\System\HLueYqc.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\bvGkaAE.exe
  C:\Windows\System\bvGkaAE.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\KGNNnFJ.exe
  C:\Windows\System\KGNNnFJ.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\UxRHzun.exe
  C:\Windows\System\UxRHzun.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\ilmlziP.exe
  C:\Windows\System\ilmlziP.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\HJUfmEN.exe
  C:\Windows\System\HJUfmEN.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\gKqNmSV.exe
  C:\Windows\System\gKqNmSV.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\IimvgQa.exe
  C:\Windows\System\IimvgQa.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\XTZwEPe.exe
  C:\Windows\System\XTZwEPe.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\EDnAPpQ.exe
  C:\Windows\System\EDnAPpQ.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\hLoISuQ.exe
  C:\Windows\System\hLoISuQ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\SYnovcx.exe
  C:\Windows\System\SYnovcx.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\ENDxWsy.exe
  C:\Windows\System\ENDxWsy.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\ovIWeqt.exe
  C:\Windows\System\ovIWeqt.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\GPrNXqg.exe
  C:\Windows\System\GPrNXqg.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BWjEOMH.exe
  C:\Windows\System\BWjEOMH.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\VOcCAhS.exe
  C:\Windows\System\VOcCAhS.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\MExPdqb.exe
  C:\Windows\System\MExPdqb.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\PGVFqFZ.exe
  C:\Windows\System\PGVFqFZ.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\ypGcfIp.exe
  C:\Windows\System\ypGcfIp.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\BqheUWp.exe
  C:\Windows\System\BqheUWp.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\eZrPaGQ.exe
  C:\Windows\System\eZrPaGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\MsTwDzj.exe
  C:\Windows\System\MsTwDzj.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\jaGvqVh.exe
  C:\Windows\System\jaGvqVh.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\gysTBJQ.exe
  C:\Windows\System\gysTBJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\utKKuhL.exe
  C:\Windows\System\utKKuhL.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\MMZzDAN.exe
  C:\Windows\System\MMZzDAN.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\HPPcWWd.exe
  C:\Windows\System\HPPcWWd.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\vHbpfuv.exe
  C:\Windows\System\vHbpfuv.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\wEDQCOG.exe
  C:\Windows\System\wEDQCOG.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\CdyYdmw.exe
  C:\Windows\System\CdyYdmw.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\XRpUYSs.exe
  C:\Windows\System\XRpUYSs.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\vlOTZta.exe
  C:\Windows\System\vlOTZta.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\EwiDcDy.exe
  C:\Windows\System\EwiDcDy.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\JgGyabw.exe
  C:\Windows\System\JgGyabw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\YYYPPbH.exe
  C:\Windows\System\YYYPPbH.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\mwQDEJX.exe
  C:\Windows\System\mwQDEJX.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\RDsvpcY.exe
  C:\Windows\System\RDsvpcY.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\xujNoPv.exe
  C:\Windows\System\xujNoPv.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\QePHheK.exe
  C:\Windows\System\QePHheK.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\sSlgAEV.exe
  C:\Windows\System\sSlgAEV.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\ecYfBLT.exe
  C:\Windows\System\ecYfBLT.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\WMWfBSV.exe
  C:\Windows\System\WMWfBSV.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\LOauCqc.exe
  C:\Windows\System\LOauCqc.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\rvOUVdD.exe
  C:\Windows\System\rvOUVdD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\jzVyVyP.exe
  C:\Windows\System\jzVyVyP.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\UziWfAX.exe
  C:\Windows\System\UziWfAX.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\WHXRQDy.exe
  C:\Windows\System\WHXRQDy.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ASaDhmn.exe
  C:\Windows\System\ASaDhmn.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\MNdzEqe.exe
  C:\Windows\System\MNdzEqe.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\Qydvrpf.exe
  C:\Windows\System\Qydvrpf.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\umetSJu.exe
  C:\Windows\System\umetSJu.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\cgxHeee.exe
  C:\Windows\System\cgxHeee.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\xIEmFMR.exe
  C:\Windows\System\xIEmFMR.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\asWfMRv.exe
  C:\Windows\System\asWfMRv.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\pltfpwv.exe
  C:\Windows\System\pltfpwv.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\qnpcnFZ.exe
  C:\Windows\System\qnpcnFZ.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\FIufjiu.exe
  C:\Windows\System\FIufjiu.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\oCsHKRg.exe
  C:\Windows\System\oCsHKRg.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\LvtKBmu.exe
  C:\Windows\System\LvtKBmu.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\xrQOUyS.exe
  C:\Windows\System\xrQOUyS.exe
  2⤵
  PID:5152
- C:\Windows\System\ZTxCxWj.exe
  C:\Windows\System\ZTxCxWj.exe
  2⤵
  PID:5176
- C:\Windows\System\QzytTLs.exe
  C:\Windows\System\QzytTLs.exe
  2⤵
  PID:5208
- C:\Windows\System\rjVubnP.exe
  C:\Windows\System\rjVubnP.exe
  2⤵
  PID:5236
- C:\Windows\System\kkNMsPa.exe
  C:\Windows\System\kkNMsPa.exe
  2⤵
  PID:5264
- C:\Windows\System\PHwJUDT.exe
  C:\Windows\System\PHwJUDT.exe
  2⤵
  PID:5292
- C:\Windows\System\NVUdJRe.exe
  C:\Windows\System\NVUdJRe.exe
  2⤵
  PID:5320
- C:\Windows\System\fWMXsCE.exe
  C:\Windows\System\fWMXsCE.exe
  2⤵
  PID:5348
- C:\Windows\System\pyiyweg.exe
  C:\Windows\System\pyiyweg.exe
  2⤵
  PID:5376
- C:\Windows\System\KTLlBuY.exe
  C:\Windows\System\KTLlBuY.exe
  2⤵
  PID:5404
- C:\Windows\System\WeOafWU.exe
  C:\Windows\System\WeOafWU.exe
  2⤵
  PID:5432
- C:\Windows\System\sLKNvpx.exe
  C:\Windows\System\sLKNvpx.exe
  2⤵
  PID:5460
- C:\Windows\System\PzsyasB.exe
  C:\Windows\System\PzsyasB.exe
  2⤵
  PID:5488
- C:\Windows\System\DpZiirz.exe
  C:\Windows\System\DpZiirz.exe
  2⤵
  PID:5528
- C:\Windows\System\WrtIIVs.exe
  C:\Windows\System\WrtIIVs.exe
  2⤵
  PID:5556
- C:\Windows\System\vLiHAoL.exe
  C:\Windows\System\vLiHAoL.exe
  2⤵
  PID:5572
- C:\Windows\System\SCukgam.exe
  C:\Windows\System\SCukgam.exe
  2⤵
  PID:5600
- C:\Windows\System\TCPaEfX.exe
  C:\Windows\System\TCPaEfX.exe
  2⤵
  PID:5628
- C:\Windows\System\VeDCTnX.exe
  C:\Windows\System\VeDCTnX.exe
  2⤵
  PID:5656
- C:\Windows\System\AFrLbNu.exe
  C:\Windows\System\AFrLbNu.exe
  2⤵
  PID:5684
- C:\Windows\System\VsZOylE.exe
  C:\Windows\System\VsZOylE.exe
  2⤵
  PID:5712
- C:\Windows\System\XYzUeGi.exe
  C:\Windows\System\XYzUeGi.exe
  2⤵
  PID:5740
- C:\Windows\System\SaISfcb.exe
  C:\Windows\System\SaISfcb.exe
  2⤵
  PID:5780
- C:\Windows\System\YZdjIZD.exe
  C:\Windows\System\YZdjIZD.exe
  2⤵
  PID:5808
- C:\Windows\System\gwubpuz.exe
  C:\Windows\System\gwubpuz.exe
  2⤵
  PID:5824
- C:\Windows\System\BnYhmuR.exe
  C:\Windows\System\BnYhmuR.exe
  2⤵
  PID:5852
- C:\Windows\System\eXZBUlw.exe
  C:\Windows\System\eXZBUlw.exe
  2⤵
  PID:5880
- C:\Windows\System\qbwWaVZ.exe
  C:\Windows\System\qbwWaVZ.exe
  2⤵
  PID:5908
- C:\Windows\System\MccUabY.exe
  C:\Windows\System\MccUabY.exe
  2⤵
  PID:5936
- C:\Windows\System\pUUOJPf.exe
  C:\Windows\System\pUUOJPf.exe
  2⤵
  PID:5964
- C:\Windows\System\NseTYdF.exe
  C:\Windows\System\NseTYdF.exe
  2⤵
  PID:5992
- C:\Windows\System\nIlBqef.exe
  C:\Windows\System\nIlBqef.exe
  2⤵
  PID:6020
- C:\Windows\System\InYynwZ.exe
  C:\Windows\System\InYynwZ.exe
  2⤵
  PID:6056
- C:\Windows\System\BoIdSWr.exe
  C:\Windows\System\BoIdSWr.exe
  2⤵
  PID:6084
- C:\Windows\System\UXGogAg.exe
  C:\Windows\System\UXGogAg.exe
  2⤵
  PID:6116
- C:\Windows\System\lsZzgRH.exe
  C:\Windows\System\lsZzgRH.exe
  2⤵
  PID:6140
- C:\Windows\System\faJrZHZ.exe
  C:\Windows\System\faJrZHZ.exe
  2⤵
  PID:4132
- C:\Windows\System\DCKuCUr.exe
  C:\Windows\System\DCKuCUr.exe
  2⤵
  PID:4576
- C:\Windows\System\SbMTeri.exe
  C:\Windows\System\SbMTeri.exe
  2⤵
  PID:3488
- C:\Windows\System\XMhbiXg.exe
  C:\Windows\System\XMhbiXg.exe
  2⤵
  PID:3464
- C:\Windows\System\CZAIjHF.exe
  C:\Windows\System\CZAIjHF.exe
  2⤵
  PID:1860
- C:\Windows\System\aCUvgBN.exe
  C:\Windows\System\aCUvgBN.exe
  2⤵
  PID:8
- C:\Windows\System\QTPEzZI.exe
  C:\Windows\System\QTPEzZI.exe
  2⤵
  PID:5168
- C:\Windows\System\lGbKHwu.exe
  C:\Windows\System\lGbKHwu.exe
  2⤵
  PID:5228
- C:\Windows\System\FdHJqRw.exe
  C:\Windows\System\FdHJqRw.exe
  2⤵
  PID:5304
- C:\Windows\System\jHhBWWn.exe
  C:\Windows\System\jHhBWWn.exe
  2⤵
  PID:5364
- C:\Windows\System\iPZOELQ.exe
  C:\Windows\System\iPZOELQ.exe
  2⤵
  PID:4280
- C:\Windows\System\GXWuusU.exe
  C:\Windows\System\GXWuusU.exe
  2⤵
  PID:5480
- C:\Windows\System\omjRXaS.exe
  C:\Windows\System\omjRXaS.exe
  2⤵
  PID:5548
- C:\Windows\System\IpWisLt.exe
  C:\Windows\System\IpWisLt.exe
  2⤵
  PID:5616
- C:\Windows\System\LhJOkJV.exe
  C:\Windows\System\LhJOkJV.exe
  2⤵
  PID:5676
- C:\Windows\System\scpKSfT.exe
  C:\Windows\System\scpKSfT.exe
  2⤵
  PID:5752
- C:\Windows\System\yBtUXdG.exe
  C:\Windows\System\yBtUXdG.exe
  2⤵
  PID:5816
- C:\Windows\System\WXFfFac.exe
  C:\Windows\System\WXFfFac.exe
  2⤵
  PID:5872
- C:\Windows\System\QacRDNy.exe
  C:\Windows\System\QacRDNy.exe
  2⤵
  PID:5976
- C:\Windows\System\RBTXEWc.exe
  C:\Windows\System\RBTXEWc.exe
  2⤵
  PID:6036
- C:\Windows\System\IqdquLF.exe
  C:\Windows\System\IqdquLF.exe
  2⤵
  PID:6076
- C:\Windows\System\zSKKpvX.exe
  C:\Windows\System\zSKKpvX.exe
  2⤵
  PID:6136
- C:\Windows\System\mMkZQhe.exe
  C:\Windows\System\mMkZQhe.exe
  2⤵
  PID:760
- C:\Windows\System\OCCmPNY.exe
  C:\Windows\System\OCCmPNY.exe
  2⤵
  PID:4892
- C:\Windows\System\iQMwaDF.exe
  C:\Windows\System\iQMwaDF.exe
  2⤵
  PID:5196
- C:\Windows\System\BvxDlJX.exe
  C:\Windows\System\BvxDlJX.exe
  2⤵
  PID:5336
- C:\Windows\System\DhXWYhW.exe
  C:\Windows\System\DhXWYhW.exe
  2⤵
  PID:5472
- C:\Windows\System\glIIMQq.exe
  C:\Windows\System\glIIMQq.exe
  2⤵
  PID:5644
- C:\Windows\System\CRvGYgf.exe
  C:\Windows\System\CRvGYgf.exe
  2⤵
  PID:6164
- C:\Windows\System\PSBSWaE.exe
  C:\Windows\System\PSBSWaE.exe
  2⤵
  PID:6192
- C:\Windows\System\jFRIMRo.exe
  C:\Windows\System\jFRIMRo.exe
  2⤵
  PID:6220
- C:\Windows\System\UIPkQlF.exe
  C:\Windows\System\UIPkQlF.exe
  2⤵
  PID:6248
- C:\Windows\System\KqEiXjr.exe
  C:\Windows\System\KqEiXjr.exe
  2⤵
  PID:6276
- C:\Windows\System\WjeXqXj.exe
  C:\Windows\System\WjeXqXj.exe
  2⤵
  PID:6304
- C:\Windows\System\jfPvHac.exe
  C:\Windows\System\jfPvHac.exe
  2⤵
  PID:6332
- C:\Windows\System\MxIKozB.exe
  C:\Windows\System\MxIKozB.exe
  2⤵
  PID:6360
- C:\Windows\System\CbtXqNe.exe
  C:\Windows\System\CbtXqNe.exe
  2⤵
  PID:6388
- C:\Windows\System\yIsrLIK.exe
  C:\Windows\System\yIsrLIK.exe
  2⤵
  PID:6416
- C:\Windows\System\AEPedmL.exe
  C:\Windows\System\AEPedmL.exe
  2⤵
  PID:6444
- C:\Windows\System\WLeQzkl.exe
  C:\Windows\System\WLeQzkl.exe
  2⤵
  PID:6472
- C:\Windows\System\AtyiFdI.exe
  C:\Windows\System\AtyiFdI.exe
  2⤵
  PID:6500
- C:\Windows\System\xUKJFYn.exe
  C:\Windows\System\xUKJFYn.exe
  2⤵
  PID:6528
- C:\Windows\System\WQSJXVV.exe
  C:\Windows\System\WQSJXVV.exe
  2⤵
  PID:6556
- C:\Windows\System\FtjhAkd.exe
  C:\Windows\System\FtjhAkd.exe
  2⤵
  PID:6584
- C:\Windows\System\hjVESOP.exe
  C:\Windows\System\hjVESOP.exe
  2⤵
  PID:6612
- C:\Windows\System\ccntxwJ.exe
  C:\Windows\System\ccntxwJ.exe
  2⤵
  PID:6640
- C:\Windows\System\NUASZNy.exe
  C:\Windows\System\NUASZNy.exe
  2⤵
  PID:6668
- C:\Windows\System\RgzLwgS.exe
  C:\Windows\System\RgzLwgS.exe
  2⤵
  PID:6696
- C:\Windows\System\hUQNktF.exe
  C:\Windows\System\hUQNktF.exe
  2⤵
  PID:6724
- C:\Windows\System\gQAnYBf.exe
  C:\Windows\System\gQAnYBf.exe
  2⤵
  PID:6752
- C:\Windows\System\UdkFmFW.exe
  C:\Windows\System\UdkFmFW.exe
  2⤵
  PID:6780
- C:\Windows\System\jOFhnDd.exe
  C:\Windows\System\jOFhnDd.exe
  2⤵
  PID:6804
- C:\Windows\System\EeHmrla.exe
  C:\Windows\System\EeHmrla.exe
  2⤵
  PID:6832
- C:\Windows\System\BeKWlyB.exe
  C:\Windows\System\BeKWlyB.exe
  2⤵
  PID:6864
- C:\Windows\System\REsFQjw.exe
  C:\Windows\System\REsFQjw.exe
  2⤵
  PID:6892
- C:\Windows\System\MppzKMX.exe
  C:\Windows\System\MppzKMX.exe
  2⤵
  PID:6920
- C:\Windows\System\gIJoKNw.exe
  C:\Windows\System\gIJoKNw.exe
  2⤵
  PID:6960
- C:\Windows\System\GsLahzN.exe
  C:\Windows\System\GsLahzN.exe
  2⤵
  PID:7000
- C:\Windows\System\vdzpaIP.exe
  C:\Windows\System\vdzpaIP.exe
  2⤵
  PID:7016
- C:\Windows\System\HLVZpOo.exe
  C:\Windows\System\HLVZpOo.exe
  2⤵
  PID:7044
- C:\Windows\System\pGdIDxd.exe
  C:\Windows\System\pGdIDxd.exe
  2⤵
  PID:7072
- C:\Windows\System\Heewgyc.exe
  C:\Windows\System\Heewgyc.exe
  2⤵
  PID:7100
- C:\Windows\System\jTELanc.exe
  C:\Windows\System\jTELanc.exe
  2⤵
  PID:7116
- C:\Windows\System\pfNjVrz.exe
  C:\Windows\System\pfNjVrz.exe
  2⤵
  PID:7144
- C:\Windows\System\LGSBTms.exe
  C:\Windows\System\LGSBTms.exe
  2⤵
  PID:5724
- C:\Windows\System\dUtTNIC.exe
  C:\Windows\System\dUtTNIC.exe
  2⤵
  PID:5864
- C:\Windows\System\duHdqKM.exe
  C:\Windows\System\duHdqKM.exe
  2⤵
  PID:6012
- C:\Windows\System\cWYOnsV.exe
  C:\Windows\System\cWYOnsV.exe
  2⤵
  PID:1832
- C:\Windows\System\RCzzoeY.exe
  C:\Windows\System\RCzzoeY.exe
  2⤵
  PID:5144
- C:\Windows\System\IbJdZlh.exe
  C:\Windows\System\IbJdZlh.exe
  2⤵
  PID:5540
- C:\Windows\System\lRqhJHg.exe
  C:\Windows\System\lRqhJHg.exe
  2⤵
  PID:6180
- C:\Windows\System\VmvJJcX.exe
  C:\Windows\System\VmvJJcX.exe
  2⤵
  PID:6240
- C:\Windows\System\aynWDiv.exe
  C:\Windows\System\aynWDiv.exe
  2⤵
  PID:6316
- C:\Windows\System\GGjJowU.exe
  C:\Windows\System\GGjJowU.exe
  2⤵
  PID:6376
- C:\Windows\System\axkSPnP.exe
  C:\Windows\System\axkSPnP.exe
  2⤵
  PID:6436
- C:\Windows\System\zZrOxKb.exe
  C:\Windows\System\zZrOxKb.exe
  2⤵
  PID:6512
- C:\Windows\System\PBHEuSC.exe
  C:\Windows\System\PBHEuSC.exe
  2⤵
  PID:6572
- C:\Windows\System\BOdMKob.exe
  C:\Windows\System\BOdMKob.exe
  2⤵
  PID:6632
- C:\Windows\System\jSdCQmQ.exe
  C:\Windows\System\jSdCQmQ.exe
  2⤵
  PID:6708
- C:\Windows\System\txiVvxK.exe
  C:\Windows\System\txiVvxK.exe
  2⤵
  PID:6768
- C:\Windows\System\EWNpAbJ.exe
  C:\Windows\System\EWNpAbJ.exe
  2⤵
  PID:6828
- C:\Windows\System\adxwbgv.exe
  C:\Windows\System\adxwbgv.exe
  2⤵
  PID:6904
- C:\Windows\System\LBXRELG.exe
  C:\Windows\System\LBXRELG.exe
  2⤵
  PID:6972
- C:\Windows\System\YKnZVLJ.exe
  C:\Windows\System\YKnZVLJ.exe
  2⤵
  PID:7032
- C:\Windows\System\aQGRSrq.exe
  C:\Windows\System\aQGRSrq.exe
  2⤵
  PID:7092
- C:\Windows\System\ZvkMOJN.exe
  C:\Windows\System\ZvkMOJN.exe
  2⤵
  PID:7160
- C:\Windows\System\PTwnXxA.exe
  C:\Windows\System\PTwnXxA.exe
  2⤵
  PID:6004
- C:\Windows\System\lAzHdxq.exe
  C:\Windows\System\lAzHdxq.exe
  2⤵
  PID:5332
- C:\Windows\System\mMgviSl.exe
  C:\Windows\System\mMgviSl.exe
  2⤵
  PID:6212
- C:\Windows\System\EDPcXCt.exe
  C:\Windows\System\EDPcXCt.exe
  2⤵
  PID:6352
- C:\Windows\System\RfiumLz.exe
  C:\Windows\System\RfiumLz.exe
  2⤵
  PID:6540
- C:\Windows\System\nJpqCWh.exe
  C:\Windows\System\nJpqCWh.exe
  2⤵
  PID:6680
- C:\Windows\System\uCaCcYy.exe
  C:\Windows\System\uCaCcYy.exe
  2⤵
  PID:6820
- C:\Windows\System\xsTFRiZ.exe
  C:\Windows\System\xsTFRiZ.exe
  2⤵
  PID:6992
- C:\Windows\System\CsiLbUX.exe
  C:\Windows\System\CsiLbUX.exe
  2⤵
  PID:7196
- C:\Windows\System\XBlWdug.exe
  C:\Windows\System\XBlWdug.exe
  2⤵
  PID:7224
- C:\Windows\System\VyeGIck.exe
  C:\Windows\System\VyeGIck.exe
  2⤵
  PID:7252
- C:\Windows\System\TXrLhyR.exe
  C:\Windows\System\TXrLhyR.exe
  2⤵
  PID:7280
- C:\Windows\System\sChRGGI.exe
  C:\Windows\System\sChRGGI.exe
  2⤵
  PID:7308
- C:\Windows\System\cqRpePC.exe
  C:\Windows\System\cqRpePC.exe
  2⤵
  PID:7336
- C:\Windows\System\GYRiNWy.exe
  C:\Windows\System\GYRiNWy.exe
  2⤵
  PID:7364
- C:\Windows\System\WGSbfXY.exe
  C:\Windows\System\WGSbfXY.exe
  2⤵
  PID:7392
- C:\Windows\System\DXPhXqN.exe
  C:\Windows\System\DXPhXqN.exe
  2⤵
  PID:7420
- C:\Windows\System\DUSJYtz.exe
  C:\Windows\System\DUSJYtz.exe
  2⤵
  PID:7448
- C:\Windows\System\mRBDEHa.exe
  C:\Windows\System\mRBDEHa.exe
  2⤵
  PID:7476
- C:\Windows\System\VDvuaOx.exe
  C:\Windows\System\VDvuaOx.exe
  2⤵
  PID:7504
- C:\Windows\System\hgbgCEY.exe
  C:\Windows\System\hgbgCEY.exe
  2⤵
  PID:7532
- C:\Windows\System\DVVOrEy.exe
  C:\Windows\System\DVVOrEy.exe
  2⤵
  PID:7560
- C:\Windows\System\gQjRuRv.exe
  C:\Windows\System\gQjRuRv.exe
  2⤵
  PID:7588
- C:\Windows\System\lElfkqD.exe
  C:\Windows\System\lElfkqD.exe
  2⤵
  PID:7616
- C:\Windows\System\lkDFveo.exe
  C:\Windows\System\lkDFveo.exe
  2⤵
  PID:7644
- C:\Windows\System\tLSEaCn.exe
  C:\Windows\System\tLSEaCn.exe
  2⤵
  PID:7672
- C:\Windows\System\KWhPwim.exe
  C:\Windows\System\KWhPwim.exe
  2⤵
  PID:7700
- C:\Windows\System\kkeSCKJ.exe
  C:\Windows\System\kkeSCKJ.exe
  2⤵
  PID:7728
- C:\Windows\System\kFfhVwv.exe
  C:\Windows\System\kFfhVwv.exe
  2⤵
  PID:7756
- C:\Windows\System\XazqJIO.exe
  C:\Windows\System\XazqJIO.exe
  2⤵
  PID:7784
- C:\Windows\System\cwvmKFP.exe
  C:\Windows\System\cwvmKFP.exe
  2⤵
  PID:7812
- C:\Windows\System\iUuHSDJ.exe
  C:\Windows\System\iUuHSDJ.exe
  2⤵
  PID:7840
- C:\Windows\System\wnQzmlU.exe
  C:\Windows\System\wnQzmlU.exe
  2⤵
  PID:7868
- C:\Windows\System\RKSsHRS.exe
  C:\Windows\System\RKSsHRS.exe
  2⤵
  PID:7896
- C:\Windows\System\JzBKIAY.exe
  C:\Windows\System\JzBKIAY.exe
  2⤵
  PID:7924
- C:\Windows\System\aoNAmZQ.exe
  C:\Windows\System\aoNAmZQ.exe
  2⤵
  PID:7952
- C:\Windows\System\sJXTgBW.exe
  C:\Windows\System\sJXTgBW.exe
  2⤵
  PID:7980
- C:\Windows\System\IgnniqN.exe
  C:\Windows\System\IgnniqN.exe
  2⤵
  PID:8020
- C:\Windows\System\YJucLcX.exe
  C:\Windows\System\YJucLcX.exe
  2⤵
  PID:8048
- C:\Windows\System\FHnTJzB.exe
  C:\Windows\System\FHnTJzB.exe
  2⤵
  PID:8064
- C:\Windows\System\mOrNHNz.exe
  C:\Windows\System\mOrNHNz.exe
  2⤵
  PID:8092
- C:\Windows\System\kKMByvh.exe
  C:\Windows\System\kKMByvh.exe
  2⤵
  PID:8120
- C:\Windows\System\ovgLLdr.exe
  C:\Windows\System\ovgLLdr.exe
  2⤵
  PID:8148
- C:\Windows\System\aagtMhr.exe
  C:\Windows\System\aagtMhr.exe
  2⤵
  PID:8176
- C:\Windows\System\ntcAIih.exe
  C:\Windows\System\ntcAIih.exe
  2⤵
  PID:7064
- C:\Windows\System\tOUcSQF.exe
  C:\Windows\System\tOUcSQF.exe
  2⤵
  PID:5948
- C:\Windows\System\WDSCBQw.exe
  C:\Windows\System\WDSCBQw.exe
  2⤵
  PID:6288
- C:\Windows\System\DTgHdKJ.exe
  C:\Windows\System\DTgHdKJ.exe
  2⤵
  PID:6744
- C:\Windows\System\eGeCOpM.exe
  C:\Windows\System\eGeCOpM.exe
  2⤵
  PID:7188
- C:\Windows\System\jTfGwvh.exe
  C:\Windows\System\jTfGwvh.exe
  2⤵
  PID:7236
- C:\Windows\System\ghBZjPt.exe
  C:\Windows\System\ghBZjPt.exe
  2⤵
  PID:7296
- C:\Windows\System\zsPODDG.exe
  C:\Windows\System\zsPODDG.exe
  2⤵
  PID:7356
- C:\Windows\System\UATDuQx.exe
  C:\Windows\System\UATDuQx.exe
  2⤵
  PID:7432
- C:\Windows\System\bGawrUC.exe
  C:\Windows\System\bGawrUC.exe
  2⤵
  PID:7492
- C:\Windows\System\MNkzenY.exe
  C:\Windows\System\MNkzenY.exe
  2⤵
  PID:7552
- C:\Windows\System\Wpaanlt.exe
  C:\Windows\System\Wpaanlt.exe
  2⤵
  PID:7628
- C:\Windows\System\rNLYmMK.exe
  C:\Windows\System\rNLYmMK.exe
  2⤵
  PID:7688
- C:\Windows\System\FWDEaSC.exe
  C:\Windows\System\FWDEaSC.exe
  2⤵
  PID:7748
- C:\Windows\System\fVWFfWX.exe
  C:\Windows\System\fVWFfWX.exe
  2⤵
  PID:7824
- C:\Windows\System\lHQOlsw.exe
  C:\Windows\System\lHQOlsw.exe
  2⤵
  PID:7884
- C:\Windows\System\sBixdXg.exe
  C:\Windows\System\sBixdXg.exe
  2⤵
  PID:7944
- C:\Windows\System\BgciANH.exe
  C:\Windows\System\BgciANH.exe
  2⤵
  PID:8012
- C:\Windows\System\Piqtvoo.exe
  C:\Windows\System\Piqtvoo.exe
  2⤵
  PID:8080
- C:\Windows\System\IexyCEn.exe
  C:\Windows\System\IexyCEn.exe
  2⤵
  PID:8140
- C:\Windows\System\sXdPsmW.exe
  C:\Windows\System\sXdPsmW.exe
  2⤵
  PID:7012
- C:\Windows\System\rZQukDu.exe
  C:\Windows\System\rZQukDu.exe
  2⤵
  PID:6428
- C:\Windows\System\jdOpOkk.exe
  C:\Windows\System\jdOpOkk.exe
  2⤵
  PID:7180
- C:\Windows\System\NrgSqZh.exe
  C:\Windows\System\NrgSqZh.exe
  2⤵
  PID:7328
- C:\Windows\System\iWMclkw.exe
  C:\Windows\System\iWMclkw.exe
  2⤵
  PID:7468
- C:\Windows\System\ugfKDYw.exe
  C:\Windows\System\ugfKDYw.exe
  2⤵
  PID:7716
- C:\Windows\System\cLEEZyX.exe
  C:\Windows\System\cLEEZyX.exe
  2⤵
  PID:7832
- C:\Windows\System\HnmvwLx.exe
  C:\Windows\System\HnmvwLx.exe
  2⤵
  PID:7916
- C:\Windows\System\xBIIdCq.exe
  C:\Windows\System\xBIIdCq.exe
  2⤵
  PID:8060
- C:\Windows\System\xTWSWdx.exe
  C:\Windows\System\xTWSWdx.exe
  2⤵
  PID:5796
- C:\Windows\System\gVBmMAs.exe
  C:\Windows\System\gVBmMAs.exe
  2⤵
  PID:7264
- C:\Windows\System\TvYrZeJ.exe
  C:\Windows\System\TvYrZeJ.exe
  2⤵
  PID:7460
- C:\Windows\System\nxyVajh.exe
  C:\Windows\System\nxyVajh.exe
  2⤵
  PID:7800
- C:\Windows\System\mKlibHu.exe
  C:\Windows\System\mKlibHu.exe
  2⤵
  PID:8220
- C:\Windows\System\sZoKIBf.exe
  C:\Windows\System\sZoKIBf.exe
  2⤵
  PID:8248
- C:\Windows\System\PumrKFS.exe
  C:\Windows\System\PumrKFS.exe
  2⤵
  PID:8276
- C:\Windows\System\HFLjHbG.exe
  C:\Windows\System\HFLjHbG.exe
  2⤵
  PID:8304
- C:\Windows\System\DYueNVW.exe
  C:\Windows\System\DYueNVW.exe
  2⤵
  PID:8332
- C:\Windows\System\kLlupoo.exe
  C:\Windows\System\kLlupoo.exe
  2⤵
  PID:8360
- C:\Windows\System\oeYDXnE.exe
  C:\Windows\System\oeYDXnE.exe
  2⤵
  PID:8388
- C:\Windows\System\qBjPCIY.exe
  C:\Windows\System\qBjPCIY.exe
  2⤵
  PID:8416
- C:\Windows\System\LaEKUNv.exe
  C:\Windows\System\LaEKUNv.exe
  2⤵
  PID:8444
- C:\Windows\System\ZKpzmJM.exe
  C:\Windows\System\ZKpzmJM.exe
  2⤵
  PID:8472
- C:\Windows\System\DmksWTY.exe
  C:\Windows\System\DmksWTY.exe
  2⤵
  PID:8500
- C:\Windows\System\KGsfyUm.exe
  C:\Windows\System\KGsfyUm.exe
  2⤵
  PID:8532
- C:\Windows\System\YXlatFX.exe
  C:\Windows\System\YXlatFX.exe
  2⤵
  PID:8568
- C:\Windows\System\oiMpiLm.exe
  C:\Windows\System\oiMpiLm.exe
  2⤵
  PID:8596
- C:\Windows\System\awmrMKV.exe
  C:\Windows\System\awmrMKV.exe
  2⤵
  PID:8624
- C:\Windows\System\zhRdhVa.exe
  C:\Windows\System\zhRdhVa.exe
  2⤵
  PID:8640
- C:\Windows\System\IQHLORb.exe
  C:\Windows\System\IQHLORb.exe
  2⤵
  PID:8668
- C:\Windows\System\yKPntEC.exe
  C:\Windows\System\yKPntEC.exe
  2⤵
  PID:8696
- C:\Windows\System\bkPmFfA.exe
  C:\Windows\System\bkPmFfA.exe
  2⤵
  PID:8724
- C:\Windows\System\ApilDPM.exe
  C:\Windows\System\ApilDPM.exe
  2⤵
  PID:8752
- C:\Windows\System\MoWnxUn.exe
  C:\Windows\System\MoWnxUn.exe
  2⤵
  PID:8780
- C:\Windows\System\azJQkyX.exe
  C:\Windows\System\azJQkyX.exe
  2⤵
  PID:8808
- C:\Windows\System\xEWXjhV.exe
  C:\Windows\System\xEWXjhV.exe
  2⤵
  PID:8836
- C:\Windows\System\gqgPvgr.exe
  C:\Windows\System\gqgPvgr.exe
  2⤵
  PID:8864
- C:\Windows\System\RUeZFGy.exe
  C:\Windows\System\RUeZFGy.exe
  2⤵
  PID:8892
- C:\Windows\System\SpSwUNa.exe
  C:\Windows\System\SpSwUNa.exe
  2⤵
  PID:8920
- C:\Windows\System\QxEpZzN.exe
  C:\Windows\System\QxEpZzN.exe
  2⤵
  PID:8948
- C:\Windows\System\GKAOmga.exe
  C:\Windows\System\GKAOmga.exe
  2⤵
  PID:8976
- C:\Windows\System\VCzLANB.exe
  C:\Windows\System\VCzLANB.exe
  2⤵
  PID:9004
- C:\Windows\System\CzgRDjF.exe
  C:\Windows\System\CzgRDjF.exe
  2⤵
  PID:9032
- C:\Windows\System\VYDdIdp.exe
  C:\Windows\System\VYDdIdp.exe
  2⤵
  PID:9060
- C:\Windows\System\YUqIdVn.exe
  C:\Windows\System\YUqIdVn.exe
  2⤵
  PID:9088
- C:\Windows\System\PBexBBZ.exe
  C:\Windows\System\PBexBBZ.exe
  2⤵
  PID:9116
- C:\Windows\System\SgFmeIX.exe
  C:\Windows\System\SgFmeIX.exe
  2⤵
  PID:9144
- C:\Windows\System\yEZMzqg.exe
  C:\Windows\System\yEZMzqg.exe
  2⤵
  PID:9172
- C:\Windows\System\cRLlBnr.exe
  C:\Windows\System\cRLlBnr.exe
  2⤵
  PID:9200
- C:\Windows\System\IgiIUDx.exe
  C:\Windows\System\IgiIUDx.exe
  2⤵
  PID:3880
- C:\Windows\System\Kicgxxb.exe
  C:\Windows\System\Kicgxxb.exe
  2⤵
  PID:3664
- C:\Windows\System\rbYAihr.exe
  C:\Windows\System\rbYAihr.exe
  2⤵
  PID:7660
- C:\Windows\System\kHRVTAQ.exe
  C:\Windows\System\kHRVTAQ.exe
  2⤵
  PID:8236
- C:\Windows\System\FBrucqh.exe
  C:\Windows\System\FBrucqh.exe
  2⤵
  PID:8296
- C:\Windows\System\xwAgujw.exe
  C:\Windows\System\xwAgujw.exe
  2⤵
  PID:8352
- C:\Windows\System\UCIzqfe.exe
  C:\Windows\System\UCIzqfe.exe
  2⤵
  PID:8428
- C:\Windows\System\xGrmrZc.exe
  C:\Windows\System\xGrmrZc.exe
  2⤵
  PID:3636
- C:\Windows\System\DQMhdgx.exe
  C:\Windows\System\DQMhdgx.exe
  2⤵
  PID:8516
- C:\Windows\System\XSZENJh.exe
  C:\Windows\System\XSZENJh.exe
  2⤵
  PID:8580
- C:\Windows\System\jGWOIXL.exe
  C:\Windows\System\jGWOIXL.exe
  2⤵
  PID:8632
- C:\Windows\System\AtkKPNs.exe
  C:\Windows\System\AtkKPNs.exe
  2⤵
  PID:8684
- C:\Windows\System\llaGSaA.exe
  C:\Windows\System\llaGSaA.exe
  2⤵
  PID:8740
- C:\Windows\System\SQFvhkv.exe
  C:\Windows\System\SQFvhkv.exe
  2⤵
  PID:8792
- C:\Windows\System\bzHrluc.exe
  C:\Windows\System\bzHrluc.exe
  2⤵
  PID:8852
- C:\Windows\System\qtkGoOH.exe
  C:\Windows\System\qtkGoOH.exe
  2⤵
  PID:8904
- C:\Windows\System\onUBEns.exe
  C:\Windows\System\onUBEns.exe
  2⤵
  PID:8960
- C:\Windows\System\FdeTELX.exe
  C:\Windows\System\FdeTELX.exe
  2⤵
  PID:8996
- C:\Windows\System\hriGhyn.exe
  C:\Windows\System\hriGhyn.exe
  2⤵
  PID:9072
- C:\Windows\System\tpqqAaU.exe
  C:\Windows\System\tpqqAaU.exe
  2⤵
  PID:9128
- C:\Windows\System\SAHaSHL.exe
  C:\Windows\System\SAHaSHL.exe
  2⤵
  PID:9184
- C:\Windows\System\VJKDmmF.exe
  C:\Windows\System\VJKDmmF.exe
  2⤵
  PID:1060
- C:\Windows\System\fZOFVfx.exe
  C:\Windows\System\fZOFVfx.exe
  2⤵
  PID:7404
- C:\Windows\System\GtINSJl.exe
  C:\Windows\System\GtINSJl.exe
  2⤵
  PID:8232
- C:\Windows\System\GAnrEyU.exe
  C:\Windows\System\GAnrEyU.exe
  2⤵
  PID:4036
- C:\Windows\System\cJJQTZw.exe
  C:\Windows\System\cJJQTZw.exe
  2⤵
  PID:8460
- C:\Windows\System\VwFptdu.exe
  C:\Windows\System\VwFptdu.exe
  2⤵
  PID:8548
- C:\Windows\System\ZcbOuHo.exe
  C:\Windows\System\ZcbOuHo.exe
  2⤵
  PID:8656
- C:\Windows\System\kLGnLAi.exe
  C:\Windows\System\kLGnLAi.exe
  2⤵
  PID:792
- C:\Windows\System\tTCLnSK.exe
  C:\Windows\System\tTCLnSK.exe
  2⤵
  PID:8820
- C:\Windows\System\FVExHIr.exe
  C:\Windows\System\FVExHIr.exe
  2⤵
  PID:8912
- C:\Windows\System\ndKoOzM.exe
  C:\Windows\System\ndKoOzM.exe
  2⤵
  PID:9048
- C:\Windows\System\BJdgviH.exe
  C:\Windows\System\BJdgviH.exe
  2⤵
  PID:2628
- C:\Windows\System\TrLsIuq.exe
  C:\Windows\System\TrLsIuq.exe
  2⤵
  PID:4748
- C:\Windows\System\NxciQqt.exe
  C:\Windows\System\NxciQqt.exe
  2⤵
  PID:8272
- C:\Windows\System\qOjMHnm.exe
  C:\Windows\System\qOjMHnm.exe
  2⤵
  PID:3244
- C:\Windows\System\OPOFDhA.exe
  C:\Windows\System\OPOFDhA.exe
  2⤵
  PID:2976
- C:\Windows\System\QHneukG.exe
  C:\Windows\System\QHneukG.exe
  2⤵
  PID:8992
- C:\Windows\System\WqdRbdV.exe
  C:\Windows\System\WqdRbdV.exe
  2⤵
  PID:7880
- C:\Windows\System\XWCVYBX.exe
  C:\Windows\System\XWCVYBX.exe
  2⤵
  PID:3448
- C:\Windows\System\lCUaoDw.exe
  C:\Windows\System\lCUaoDw.exe
  2⤵
  PID:9244
- C:\Windows\System\KwYtgwu.exe
  C:\Windows\System\KwYtgwu.exe
  2⤵
  PID:9264
- C:\Windows\System\zknpwfG.exe
  C:\Windows\System\zknpwfG.exe
  2⤵
  PID:9292
- C:\Windows\System\MdLApYW.exe
  C:\Windows\System\MdLApYW.exe
  2⤵
  PID:9320
- C:\Windows\System\NAlednw.exe
  C:\Windows\System\NAlednw.exe
  2⤵
  PID:9348
- C:\Windows\System\vEOBRUP.exe
  C:\Windows\System\vEOBRUP.exe
  2⤵
  PID:9376
- C:\Windows\System\FzyIfwb.exe
  C:\Windows\System\FzyIfwb.exe
  2⤵
  PID:9404
- C:\Windows\System\AEeCaar.exe
  C:\Windows\System\AEeCaar.exe
  2⤵
  PID:9432
- C:\Windows\System\OWebvld.exe
  C:\Windows\System\OWebvld.exe
  2⤵
  PID:9472
- C:\Windows\System\gKchkpV.exe
  C:\Windows\System\gKchkpV.exe
  2⤵
  PID:9500
- C:\Windows\System\ecjbojT.exe
  C:\Windows\System\ecjbojT.exe
  2⤵
  PID:9516
- C:\Windows\System\zvoQLpZ.exe
  C:\Windows\System\zvoQLpZ.exe
  2⤵
  PID:9572
- C:\Windows\System\HhvakKT.exe
  C:\Windows\System\HhvakKT.exe
  2⤵
  PID:9616
- C:\Windows\System\ecxSCUr.exe
  C:\Windows\System\ecxSCUr.exe
  2⤵
  PID:9704
- C:\Windows\System\XOICLbB.exe
  C:\Windows\System\XOICLbB.exe
  2⤵
  PID:9752
- C:\Windows\System\bdXSMuU.exe
  C:\Windows\System\bdXSMuU.exe
  2⤵
  PID:9808
- C:\Windows\System\VWeTPhy.exe
  C:\Windows\System\VWeTPhy.exe
  2⤵
  PID:9836
- C:\Windows\System\QUNVIWj.exe
  C:\Windows\System\QUNVIWj.exe
  2⤵
  PID:9872
- C:\Windows\System\nChlxrB.exe
  C:\Windows\System\nChlxrB.exe
  2⤵
  PID:9908
- C:\Windows\System\zLTNkGT.exe
  C:\Windows\System\zLTNkGT.exe
  2⤵
  PID:9936
- C:\Windows\System\VdqJWNN.exe
  C:\Windows\System\VdqJWNN.exe
  2⤵
  PID:9984
- C:\Windows\System\ABDIwfH.exe
  C:\Windows\System\ABDIwfH.exe
  2⤵
  PID:10000
- C:\Windows\System\aAAtgLL.exe
  C:\Windows\System\aAAtgLL.exe
  2⤵
  PID:10048
- C:\Windows\System\veHcnKj.exe
  C:\Windows\System\veHcnKj.exe
  2⤵
  PID:10076
- C:\Windows\System\vNJjQSn.exe
  C:\Windows\System\vNJjQSn.exe
  2⤵
  PID:10104
- C:\Windows\System\txBOOjR.exe
  C:\Windows\System\txBOOjR.exe
  2⤵
  PID:10136
- C:\Windows\System\mroTOpB.exe
  C:\Windows\System\mroTOpB.exe
  2⤵
  PID:10168
- C:\Windows\System\XCfcvyp.exe
  C:\Windows\System\XCfcvyp.exe
  2⤵
  PID:10196
- C:\Windows\System\DeZvvBX.exe
  C:\Windows\System\DeZvvBX.exe
  2⤵
  PID:10224
- C:\Windows\System\kczKHYS.exe
  C:\Windows\System\kczKHYS.exe
  2⤵
  PID:4348
- C:\Windows\System\vRoKUEz.exe
  C:\Windows\System\vRoKUEz.exe
  2⤵
  PID:8456
- C:\Windows\System\uBgnnzN.exe
  C:\Windows\System\uBgnnzN.exe
  2⤵
  PID:9260
- C:\Windows\System\HiNDIlk.exe
  C:\Windows\System\HiNDIlk.exe
  2⤵
  PID:9340
- C:\Windows\System\oxyWmEv.exe
  C:\Windows\System\oxyWmEv.exe
  2⤵
  PID:9416
- C:\Windows\System\XENiwbb.exe
  C:\Windows\System\XENiwbb.exe
  2⤵
  PID:9544
- C:\Windows\System\TZqVaCB.exe
  C:\Windows\System\TZqVaCB.exe
  2⤵
  PID:9512
- C:\Windows\System\DFOVXck.exe
  C:\Windows\System\DFOVXck.exe
  2⤵
  PID:2184
- C:\Windows\System\sqBeDqF.exe
  C:\Windows\System\sqBeDqF.exe
  2⤵
  PID:2724
- C:\Windows\System\PqPjflZ.exe
  C:\Windows\System\PqPjflZ.exe
  2⤵
  PID:9716
- C:\Windows\System\lyhNzqE.exe
  C:\Windows\System\lyhNzqE.exe
  2⤵
  PID:2272
- C:\Windows\System\PNYRFpv.exe
  C:\Windows\System\PNYRFpv.exe
  2⤵
  PID:9744
- C:\Windows\System\jrfgkZh.exe
  C:\Windows\System\jrfgkZh.exe
  2⤵
  PID:4636
- C:\Windows\System\DTTCdRS.exe
  C:\Windows\System\DTTCdRS.exe
  2⤵
  PID:1620
- C:\Windows\System\LocZAKl.exe
  C:\Windows\System\LocZAKl.exe
  2⤵
  PID:5064
- C:\Windows\System\KLJwAZx.exe
  C:\Windows\System\KLJwAZx.exe
  2⤵
  PID:9920
- C:\Windows\System\kzPrEgt.exe
  C:\Windows\System\kzPrEgt.exe
  2⤵
  PID:1432
- C:\Windows\System\blhZsEV.exe
  C:\Windows\System\blhZsEV.exe
  2⤵
  PID:9996
- C:\Windows\System\vuuNdUD.exe
  C:\Windows\System\vuuNdUD.exe
  2⤵
  PID:10072
- C:\Windows\System\FuLqPNw.exe
  C:\Windows\System\FuLqPNw.exe
  2⤵
  PID:10180
- C:\Windows\System\NUrqMqQ.exe
  C:\Windows\System\NUrqMqQ.exe
  2⤵
  PID:10236
- C:\Windows\System\ekJcOyQ.exe
  C:\Windows\System\ekJcOyQ.exe
  2⤵
  PID:9240
- C:\Windows\System\BrkoDFY.exe
  C:\Windows\System\BrkoDFY.exe
  2⤵
  PID:9396
- C:\Windows\System\aDULZBl.exe
  C:\Windows\System\aDULZBl.exe
  2⤵
  PID:9508
- C:\Windows\System\Focdoij.exe
  C:\Windows\System\Focdoij.exe
  2⤵
  PID:2500
- C:\Windows\System\bCDjILA.exe
  C:\Windows\System\bCDjILA.exe
  2⤵
  PID:1068
- C:\Windows\System\QIuVHsk.exe
  C:\Windows\System\QIuVHsk.exe
  2⤵
  PID:9928
- C:\Windows\System\aGbwOWF.exe
  C:\Windows\System\aGbwOWF.exe
  2⤵
  PID:9136
- C:\Windows\System\ClHVTjM.exe
  C:\Windows\System\ClHVTjM.exe
  2⤵
  PID:644
- C:\Windows\System\KssemjI.exe
  C:\Windows\System\KssemjI.exe
  2⤵
  PID:10216
- C:\Windows\System\UDTmwUV.exe
  C:\Windows\System\UDTmwUV.exe
  2⤵
  PID:10264
- C:\Windows\System\fVpAedo.exe
  C:\Windows\System\fVpAedo.exe
  2⤵
  PID:10356
- C:\Windows\System\zpULcFa.exe
  C:\Windows\System\zpULcFa.exe
  2⤵
  PID:10388
- C:\Windows\System\xgUweOS.exe
  C:\Windows\System\xgUweOS.exe
  2⤵
  PID:10416
- C:\Windows\System\dAitJnQ.exe
  C:\Windows\System\dAitJnQ.exe
  2⤵
  PID:10448
- C:\Windows\System\dWWWYSe.exe
  C:\Windows\System\dWWWYSe.exe
  2⤵
  PID:10492
- C:\Windows\System\EYtpLZl.exe
  C:\Windows\System\EYtpLZl.exe
  2⤵
  PID:10528
- C:\Windows\System\rpbJceB.exe
  C:\Windows\System\rpbJceB.exe
  2⤵
  PID:10560
- C:\Windows\System\lidPeWw.exe
  C:\Windows\System\lidPeWw.exe
  2⤵
  PID:10588
- C:\Windows\System\vOchrhs.exe
  C:\Windows\System\vOchrhs.exe
  2⤵
  PID:10616
- C:\Windows\System\OTlpCDh.exe
  C:\Windows\System\OTlpCDh.exe
  2⤵
  PID:10648
- C:\Windows\System\HTbCAFG.exe
  C:\Windows\System\HTbCAFG.exe
  2⤵
  PID:10676
- C:\Windows\System\NmkXkEq.exe
  C:\Windows\System\NmkXkEq.exe
  2⤵
  PID:10712
- C:\Windows\System\KIdAycx.exe
  C:\Windows\System\KIdAycx.exe
  2⤵
  PID:10740
- C:\Windows\System\CfsKKUk.exe
  C:\Windows\System\CfsKKUk.exe
  2⤵
  PID:10768
- C:\Windows\System\xkQsHMT.exe
  C:\Windows\System\xkQsHMT.exe
  2⤵
  PID:10796
- C:\Windows\System\AYTanxt.exe
  C:\Windows\System\AYTanxt.exe
  2⤵
  PID:10828
- C:\Windows\System\exRHlbz.exe
  C:\Windows\System\exRHlbz.exe
  2⤵
  PID:10856
- C:\Windows\System\NAFIUKd.exe
  C:\Windows\System\NAFIUKd.exe
  2⤵
  PID:10884
- C:\Windows\System\oNxakwc.exe
  C:\Windows\System\oNxakwc.exe
  2⤵
  PID:10912
- C:\Windows\System\QJgxVpu.exe
  C:\Windows\System\QJgxVpu.exe
  2⤵
  PID:10940
- C:\Windows\System\vlIsOPB.exe
  C:\Windows\System\vlIsOPB.exe
  2⤵
  PID:10968
- C:\Windows\System\HMgERVA.exe
  C:\Windows\System\HMgERVA.exe
  2⤵
  PID:10996
- C:\Windows\System\vpHyWDr.exe
  C:\Windows\System\vpHyWDr.exe
  2⤵
  PID:11024
- C:\Windows\System\sKMkTBU.exe
  C:\Windows\System\sKMkTBU.exe
  2⤵
  PID:11056
- C:\Windows\System\AIYUlKg.exe
  C:\Windows\System\AIYUlKg.exe
  2⤵
  PID:11084
- C:\Windows\System\JDBarPk.exe
  C:\Windows\System\JDBarPk.exe
  2⤵
  PID:11116
- C:\Windows\System\zmQUPsW.exe
  C:\Windows\System\zmQUPsW.exe
  2⤵
  PID:11176
- C:\Windows\System\yFfeEsx.exe
  C:\Windows\System\yFfeEsx.exe
  2⤵
  PID:11220
- C:\Windows\System\JWrjpjG.exe
  C:\Windows\System\JWrjpjG.exe
  2⤵
  PID:11256
- C:\Windows\System\JGsLmcu.exe
  C:\Windows\System\JGsLmcu.exe
  2⤵
  PID:10376
- C:\Windows\System\MGkkyDU.exe
  C:\Windows\System\MGkkyDU.exe
  2⤵
  PID:10444
- C:\Windows\System\tJsUtuP.exe
  C:\Windows\System\tJsUtuP.exe
  2⤵
  PID:3776
- C:\Windows\System\SuprkDh.exe
  C:\Windows\System\SuprkDh.exe
  2⤵
  PID:10580
- C:\Windows\System\dIixpoZ.exe
  C:\Windows\System\dIixpoZ.exe
  2⤵
  PID:10660
- C:\Windows\System\yzGxJaP.exe
  C:\Windows\System\yzGxJaP.exe
  2⤵
  PID:10732
- C:\Windows\System\hKPftRC.exe
  C:\Windows\System\hKPftRC.exe
  2⤵
  PID:10792
- C:\Windows\System\iXxeBHi.exe
  C:\Windows\System\iXxeBHi.exe
  2⤵
  PID:10880
- C:\Windows\System\FWdXpvt.exe
  C:\Windows\System\FWdXpvt.exe
  2⤵
  PID:10924
- C:\Windows\System\KPqsIFh.exe
  C:\Windows\System\KPqsIFh.exe
  2⤵
  PID:10992
- C:\Windows\System\lCMtpsU.exe
  C:\Windows\System\lCMtpsU.exe
  2⤵
  PID:11052
- C:\Windows\System\dGUjGuY.exe
  C:\Windows\System\dGUjGuY.exe
  2⤵
  PID:11108
- C:\Windows\System\VRvuKNr.exe
  C:\Windows\System\VRvuKNr.exe
  2⤵
  PID:11212
- C:\Windows\System\AYRmPgu.exe
  C:\Windows\System\AYRmPgu.exe
  2⤵
  PID:10352
- C:\Windows\System\gtXfknM.exe
  C:\Windows\System\gtXfknM.exe
  2⤵
  PID:10572
- C:\Windows\System\RvzHKtA.exe
  C:\Windows\System\RvzHKtA.exe
  2⤵
  PID:10724
- C:\Windows\System\SPKHsAg.exe
  C:\Windows\System\SPKHsAg.exe
  2⤵
  PID:10876
- C:\Windows\System\ojrcGPf.exe
  C:\Windows\System\ojrcGPf.exe
  2⤵
  PID:11020
- C:\Windows\System\TPlyJtk.exe
  C:\Windows\System\TPlyJtk.exe
  2⤵
  PID:11196
- C:\Windows\System\bEASIwP.exe
  C:\Windows\System\bEASIwP.exe
  2⤵
  PID:10544
- C:\Windows\System\nYtFPdO.exe
  C:\Windows\System\nYtFPdO.exe
  2⤵
  PID:10840
- C:\Windows\System\PeZtDlY.exe
  C:\Windows\System\PeZtDlY.exe
  2⤵
  PID:11160
- C:\Windows\System\cOBHDPV.exe
  C:\Windows\System\cOBHDPV.exe
  2⤵
  PID:4004
- C:\Windows\System\fUDZrSi.exe
  C:\Windows\System\fUDZrSi.exe
  2⤵
  PID:11200
- C:\Windows\System\CpjvgTj.exe
  C:\Windows\System\CpjvgTj.exe
  2⤵
  PID:10764
- C:\Windows\System\edJAwhJ.exe
  C:\Windows\System\edJAwhJ.exe
  2⤵
  PID:10820
- C:\Windows\System\ATdrYNL.exe
  C:\Windows\System\ATdrYNL.exe
  2⤵
  PID:11188
- C:\Windows\System\uNAymJU.exe
  C:\Windows\System\uNAymJU.exe
  2⤵
  PID:11284
- C:\Windows\System\XumkBXR.exe
  C:\Windows\System\XumkBXR.exe
  2⤵
  PID:11312
- C:\Windows\System\ypIAKuN.exe
  C:\Windows\System\ypIAKuN.exe
  2⤵
  PID:11340
- C:\Windows\System\lIDUDAh.exe
  C:\Windows\System\lIDUDAh.exe
  2⤵
  PID:11368
- C:\Windows\System\mbhFRwS.exe
  C:\Windows\System\mbhFRwS.exe
  2⤵
  PID:11396
- C:\Windows\System\GlMWTFo.exe
  C:\Windows\System\GlMWTFo.exe
  2⤵
  PID:11444
- C:\Windows\System\gwfqpKA.exe
  C:\Windows\System\gwfqpKA.exe
  2⤵
  PID:11488
- C:\Windows\System\yMelOfS.exe
  C:\Windows\System\yMelOfS.exe
  2⤵
  PID:11516
- C:\Windows\System\kFGNDKg.exe
  C:\Windows\System\kFGNDKg.exe
  2⤵
  PID:11544
- C:\Windows\System\gHZweUc.exe
  C:\Windows\System\gHZweUc.exe
  2⤵
  PID:11572
- C:\Windows\System\IpIyswO.exe
  C:\Windows\System\IpIyswO.exe
  2⤵
  PID:11600
- C:\Windows\System\YMEBBlh.exe
  C:\Windows\System\YMEBBlh.exe
  2⤵
  PID:11628
- C:\Windows\System\EKwkZEu.exe
  C:\Windows\System\EKwkZEu.exe
  2⤵
  PID:11656
- C:\Windows\System\gjZLqOx.exe
  C:\Windows\System\gjZLqOx.exe
  2⤵
  PID:11684
- C:\Windows\System\Zprppkq.exe
  C:\Windows\System\Zprppkq.exe
  2⤵
  PID:11716
- C:\Windows\System\TeSzwxM.exe
  C:\Windows\System\TeSzwxM.exe
  2⤵
  PID:11744
- C:\Windows\System\ZHEyMjk.exe
  C:\Windows\System\ZHEyMjk.exe
  2⤵
  PID:11772
- C:\Windows\System\cBcpTUM.exe
  C:\Windows\System\cBcpTUM.exe
  2⤵
  PID:11800
- C:\Windows\System\yFJTgih.exe
  C:\Windows\System\yFJTgih.exe
  2⤵
  PID:11828
- C:\Windows\System\mOLWlvU.exe
  C:\Windows\System\mOLWlvU.exe
  2⤵
  PID:11860
- C:\Windows\System\GGUmZJP.exe
  C:\Windows\System\GGUmZJP.exe
  2⤵
  PID:11888
- C:\Windows\System\WeKZiuV.exe
  C:\Windows\System\WeKZiuV.exe
  2⤵
  PID:11936
- C:\Windows\System\UxxuuXd.exe
  C:\Windows\System\UxxuuXd.exe
  2⤵
  PID:11952
- C:\Windows\System\IdexEri.exe
  C:\Windows\System\IdexEri.exe
  2⤵
  PID:11980
- C:\Windows\System\RPpmQva.exe
  C:\Windows\System\RPpmQva.exe
  2⤵
  PID:12008
- C:\Windows\System\eYbMThW.exe
  C:\Windows\System\eYbMThW.exe
  2⤵
  PID:12036
- C:\Windows\System\ZukqYZY.exe
  C:\Windows\System\ZukqYZY.exe
  2⤵
  PID:12064
- C:\Windows\System\eMmosQs.exe
  C:\Windows\System\eMmosQs.exe
  2⤵
  PID:12092
- C:\Windows\System\txWGZrO.exe
  C:\Windows\System\txWGZrO.exe
  2⤵
  PID:12120
- C:\Windows\System\uGdHIEJ.exe
  C:\Windows\System\uGdHIEJ.exe
  2⤵
  PID:12148
- C:\Windows\System\KMVdcxG.exe
  C:\Windows\System\KMVdcxG.exe
  2⤵
  PID:12176
- C:\Windows\System\NdcPvWP.exe
  C:\Windows\System\NdcPvWP.exe
  2⤵
  PID:12236
- C:\Windows\System\XVvHTrL.exe
  C:\Windows\System\XVvHTrL.exe
  2⤵
  PID:12264
- C:\Windows\System\NsPWaVv.exe
  C:\Windows\System\NsPWaVv.exe
  2⤵
  PID:11276
- C:\Windows\System\sKRmlZQ.exe
  C:\Windows\System\sKRmlZQ.exe
  2⤵
  PID:11352
- C:\Windows\System\tveXHHY.exe
  C:\Windows\System\tveXHHY.exe
  2⤵
  PID:11440
- C:\Windows\System\ivZVLtb.exe
  C:\Windows\System\ivZVLtb.exe
  2⤵
  PID:11508
- C:\Windows\System\ZGIPgiz.exe
  C:\Windows\System\ZGIPgiz.exe
  2⤵
  PID:11568
- C:\Windows\System\olbtPLB.exe
  C:\Windows\System\olbtPLB.exe
  2⤵
  PID:11640
- C:\Windows\System\ykxersv.exe
  C:\Windows\System\ykxersv.exe
  2⤵
  PID:11712
- C:\Windows\System\VPDGVCP.exe
  C:\Windows\System\VPDGVCP.exe
  2⤵
  PID:11792
- C:\Windows\System\pvBpnqJ.exe
  C:\Windows\System\pvBpnqJ.exe
  2⤵
  PID:11856
- C:\Windows\System\yCNDIgj.exe
  C:\Windows\System\yCNDIgj.exe
  2⤵
  PID:2552
- C:\Windows\System\wiPXCfy.exe
  C:\Windows\System\wiPXCfy.exe
  2⤵
  PID:924
- C:\Windows\System\wZJuisV.exe
  C:\Windows\System\wZJuisV.exe
  2⤵
  PID:4112
- C:\Windows\System\KSdrPqe.exe
  C:\Windows\System\KSdrPqe.exe
  2⤵
  PID:4228
- C:\Windows\System\kFobhOB.exe
  C:\Windows\System\kFobhOB.exe
  2⤵
  PID:10600
- C:\Windows\System\NSliNBI.exe
  C:\Windows\System\NSliNBI.exe
  2⤵
  PID:11972
- C:\Windows\System\YFUsAMA.exe
  C:\Windows\System\YFUsAMA.exe
  2⤵
  PID:12028
- C:\Windows\System\ooejJPw.exe
  C:\Windows\System\ooejJPw.exe
  2⤵
  PID:12088
- C:\Windows\System\tLwoizO.exe
  C:\Windows\System\tLwoizO.exe
  2⤵
  PID:12140
- C:\Windows\System\gSjYUoF.exe
  C:\Windows\System\gSjYUoF.exe
  2⤵
  PID:2456
- C:\Windows\System\xtqJsgW.exe
  C:\Windows\System\xtqJsgW.exe
  2⤵
  PID:12248
- C:\Windows\System\lVbqlTx.exe
  C:\Windows\System\lVbqlTx.exe
  2⤵
  PID:11332
- C:\Windows\System\AAoXvPJ.exe
  C:\Windows\System\AAoXvPJ.exe
  2⤵
  PID:11500
- C:\Windows\System\GCaoeic.exe
  C:\Windows\System\GCaoeic.exe
  2⤵
  PID:11680
- C:\Windows\System\AzBTjKI.exe
  C:\Windows\System\AzBTjKI.exe
  2⤵
  PID:3540
- C:\Windows\System\seFDKnB.exe
  C:\Windows\System\seFDKnB.exe
  2⤵
  PID:1380
- C:\Windows\System\AeOsoZv.exe
  C:\Windows\System\AeOsoZv.exe
  2⤵
  PID:11152
- C:\Windows\System\WQiZTOK.exe
  C:\Windows\System\WQiZTOK.exe
  2⤵
  PID:10816
- C:\Windows\System\MWPiTyB.exe
  C:\Windows\System\MWPiTyB.exe
  2⤵
  PID:12076
- C:\Windows\System\gAVLicC.exe
  C:\Windows\System\gAVLicC.exe
  2⤵
  PID:12204
- C:\Windows\System\IpMNGOj.exe
  C:\Windows\System\IpMNGOj.exe
  2⤵
  PID:11476
- C:\Windows\System\OaBTnsf.exe
  C:\Windows\System\OaBTnsf.exe
  2⤵
  PID:1948
- C:\Windows\System\ZxecmSb.exe
  C:\Windows\System\ZxecmSb.exe
  2⤵
  PID:10512
- C:\Windows\System\YDwAPyd.exe
  C:\Windows\System\YDwAPyd.exe
  2⤵
  PID:10624
- C:\Windows\System\hiDgkNZ.exe
  C:\Windows\System\hiDgkNZ.exe
  2⤵
  PID:11304
- C:\Windows\System\LKPzZtR.exe
  C:\Windows\System\LKPzZtR.exe
  2⤵
  PID:10088
- C:\Windows\System\ktPnBoo.exe
  C:\Windows\System\ktPnBoo.exe
  2⤵
  PID:11268
- C:\Windows\System\TcfmzTd.exe
  C:\Windows\System\TcfmzTd.exe
  2⤵
  PID:4016
- C:\Windows\System\WXbwpLG.exe
  C:\Windows\System\WXbwpLG.exe
  2⤵
  PID:12304
- C:\Windows\System\xVlNQBl.exe
  C:\Windows\System\xVlNQBl.exe
  2⤵
  PID:12348
- C:\Windows\System\iPsmybT.exe
  C:\Windows\System\iPsmybT.exe
  2⤵
  PID:12424
- C:\Windows\System\bRarEBD.exe
  C:\Windows\System\bRarEBD.exe
  2⤵
  PID:12496
- C:\Windows\System\hLaQpSq.exe
  C:\Windows\System\hLaQpSq.exe
  2⤵
  PID:12528
- C:\Windows\System\YHPAPvh.exe
  C:\Windows\System\YHPAPvh.exe
  2⤵
  PID:12568
- C:\Windows\System\xOKqyUc.exe
  C:\Windows\System\xOKqyUc.exe
  2⤵
  PID:12604
- C:\Windows\System\gntFDjb.exe
  C:\Windows\System\gntFDjb.exe
  2⤵
  PID:12624
- C:\Windows\System\SWOKqsd.exe
  C:\Windows\System\SWOKqsd.exe
  2⤵
  PID:12652
- C:\Windows\System\JmnUSrN.exe
  C:\Windows\System\JmnUSrN.exe
  2⤵
  PID:12680
- C:\Windows\System\gVGPPNQ.exe
  C:\Windows\System\gVGPPNQ.exe
  2⤵
  PID:12708
- C:\Windows\System\pMKzlDa.exe
  C:\Windows\System\pMKzlDa.exe
  2⤵
  PID:12736
- C:\Windows\System\uONSWHj.exe
  C:\Windows\System\uONSWHj.exe
  2⤵
  PID:12764
- C:\Windows\System\pkfUAqm.exe
  C:\Windows\System\pkfUAqm.exe
  2⤵
  PID:12796
- C:\Windows\System\jInxBda.exe
  C:\Windows\System\jInxBda.exe
  2⤵
  PID:12824
- C:\Windows\System\trZLxxT.exe
  C:\Windows\System\trZLxxT.exe
  2⤵
  PID:12852
- C:\Windows\System\FdldhbQ.exe
  C:\Windows\System\FdldhbQ.exe
  2⤵
  PID:12880
- C:\Windows\System\ayVqyWu.exe
  C:\Windows\System\ayVqyWu.exe
  2⤵
  PID:12908
- C:\Windows\System\tDTQnky.exe
  C:\Windows\System\tDTQnky.exe
  2⤵
  PID:12948
- C:\Windows\System\yYexrzP.exe
  C:\Windows\System\yYexrzP.exe
  2⤵
  PID:12964
- C:\Windows\System\qNUEaWG.exe
  C:\Windows\System\qNUEaWG.exe
  2⤵
  PID:12996
- C:\Windows\System\dRVBKnZ.exe
  C:\Windows\System\dRVBKnZ.exe
  2⤵
  PID:13056
- C:\Windows\System\NJXVaac.exe
  C:\Windows\System\NJXVaac.exe
  2⤵
  PID:13096
- C:\Windows\System\vqvsioG.exe
  C:\Windows\System\vqvsioG.exe
  2⤵
  PID:13124
- C:\Windows\System\biCtilD.exe
  C:\Windows\System\biCtilD.exe
  2⤵
  PID:13152
- C:\Windows\System\MFIUrRc.exe
  C:\Windows\System\MFIUrRc.exe
  2⤵
  PID:13180
- C:\Windows\System\IwHkYsB.exe
  C:\Windows\System\IwHkYsB.exe
  2⤵
  PID:13208
- C:\Windows\System\DusziKM.exe
  C:\Windows\System\DusziKM.exe
  2⤵
  PID:13236
- C:\Windows\System\WoVoWiu.exe
  C:\Windows\System\WoVoWiu.exe
  2⤵
  PID:13268
- C:\Windows\System\aaSPFOd.exe
  C:\Windows\System\aaSPFOd.exe
  2⤵
  PID:13296
- C:\Windows\System\ScvjFmq.exe
  C:\Windows\System\ScvjFmq.exe
  2⤵
  PID:1768
- C:\Windows\System\yMOWhwH.exe
  C:\Windows\System\yMOWhwH.exe
  2⤵
  PID:12416
- C:\Windows\System\mpuslVY.exe
  C:\Windows\System\mpuslVY.exe
  2⤵
  PID:1192
- C:\Windows\System\ZPOpGBV.exe
  C:\Windows\System\ZPOpGBV.exe
  2⤵
  PID:12592
- C:\Windows\System\ZuKIUtI.exe
  C:\Windows\System\ZuKIUtI.exe
  2⤵
  PID:12668
- C:\Windows\System\EnsiOmz.exe
  C:\Windows\System\EnsiOmz.exe
  2⤵
  PID:12728
- C:\Windows\System\noZNCKT.exe
  C:\Windows\System\noZNCKT.exe
  2⤵
  PID:12788
- C:\Windows\System\LbJZpJW.exe
  C:\Windows\System\LbJZpJW.exe
  2⤵
  PID:12820
- C:\Windows\System\dXcwTLR.exe
  C:\Windows\System\dXcwTLR.exe
  2⤵
  PID:12896
- C:\Windows\System\dffWPFG.exe
  C:\Windows\System\dffWPFG.exe
  2⤵
  PID:12944
- C:\Windows\System\EAljThy.exe
  C:\Windows\System\EAljThy.exe
  2⤵
  PID:13020
- C:\Windows\System\PTasKEy.exe
  C:\Windows\System\PTasKEy.exe
  2⤵
  PID:12208
- C:\Windows\System\DHNwNiX.exe
  C:\Windows\System\DHNwNiX.exe
  2⤵
  PID:12192
- C:\Windows\System\iOshxga.exe
  C:\Windows\System\iOshxga.exe
  2⤵
  PID:13144
- C:\Windows\System\zVspjiq.exe
  C:\Windows\System\zVspjiq.exe
  2⤵
  PID:13204
- C:\Windows\System\gRMkrBh.exe
  C:\Windows\System\gRMkrBh.exe
  2⤵
  PID:13284
- C:\Windows\System\AMAxiUu.exe
  C:\Windows\System\AMAxiUu.exe
  2⤵
  PID:12340
- C:\Windows\System\axJoyun.exe
  C:\Windows\System\axJoyun.exe
  2⤵
  PID:11620
- C:\Windows\System\iYUKBYy.exe
  C:\Windows\System\iYUKBYy.exe
  2⤵
  PID:12704
- C:\Windows\System\sVDvUdu.exe
  C:\Windows\System\sVDvUdu.exe
  2⤵
  PID:12816
- C:\Windows\System\aofrgdy.exe
  C:\Windows\System\aofrgdy.exe
  2⤵
  PID:12976
- C:\Windows\System\vAGXiAd.exe
  C:\Windows\System\vAGXiAd.exe
  2⤵
  PID:11824
- C:\Windows\System\uhdOfGW.exe
  C:\Windows\System\uhdOfGW.exe
  2⤵
  PID:13192
- C:\Windows\System\ZwQDDdr.exe
  C:\Windows\System\ZwQDDdr.exe
  2⤵
  PID:12300
- C:\Windows\System\vECvXrC.exe
  C:\Windows\System\vECvXrC.exe
  2⤵
  PID:12700
- C:\Windows\System\CxIOLWl.exe
  C:\Windows\System\CxIOLWl.exe
  2⤵
  PID:12220
- C:\Windows\System\lSbPgqK.exe
  C:\Windows\System\lSbPgqK.exe
  2⤵
  PID:13288
- C:\Windows\System\OOBoBIE.exe
  C:\Windows\System\OOBoBIE.exe
  2⤵
  PID:2228
- C:\Windows\System\ybStYbJ.exe
  C:\Windows\System\ybStYbJ.exe
  2⤵
  PID:4256
- C:\Windows\System\YpRiJYf.exe
  C:\Windows\System\YpRiJYf.exe
  2⤵
  PID:1732
- C:\Windows\System\pNDzIsx.exe
  C:\Windows\System\pNDzIsx.exe
  2⤵
  PID:13336
- C:\Windows\System\mrAxXGN.exe
  C:\Windows\System\mrAxXGN.exe
  2⤵
  PID:13364
- C:\Windows\System\kCpCyur.exe
  C:\Windows\System\kCpCyur.exe
  2⤵
  PID:13392
- C:\Windows\System\wVwsZxV.exe
  C:\Windows\System\wVwsZxV.exe
  2⤵
  PID:13420
- C:\Windows\System\SzhcZaO.exe
  C:\Windows\System\SzhcZaO.exe
  2⤵
  PID:13448
- C:\Windows\System\omPKfou.exe
  C:\Windows\System\omPKfou.exe
  2⤵
  PID:13476
- C:\Windows\System\oEwJNTa.exe
  C:\Windows\System\oEwJNTa.exe
  2⤵
  PID:13504
- C:\Windows\System\xLGrPsB.exe
  C:\Windows\System\xLGrPsB.exe
  2⤵
  PID:13532
- C:\Windows\System\KoGJIkJ.exe
  C:\Windows\System\KoGJIkJ.exe
  2⤵
  PID:13560
- C:\Windows\System\YHMmgNh.exe
  C:\Windows\System\YHMmgNh.exe
  2⤵
  PID:13592
- C:\Windows\System\syfCMuE.exe
  C:\Windows\System\syfCMuE.exe
  2⤵
  PID:13620
- C:\Windows\System\AicGvoG.exe
  C:\Windows\System\AicGvoG.exe
  2⤵
  PID:13672
- C:\Windows\System\enhBICp.exe
  C:\Windows\System\enhBICp.exe
  2⤵
  PID:13700
- C:\Windows\System\pvQrZjE.exe
  C:\Windows\System\pvQrZjE.exe
  2⤵
  PID:13728
- C:\Windows\System\YaCfxnz.exe
  C:\Windows\System\YaCfxnz.exe
  2⤵
  PID:13764
- C:\Windows\System\sbMFvcZ.exe
  C:\Windows\System\sbMFvcZ.exe
  2⤵
  PID:13784
- C:\Windows\System\mcihfdM.exe
  C:\Windows\System\mcihfdM.exe
  2⤵
  PID:13804
- C:\Windows\System\vAGiSNM.exe
  C:\Windows\System\vAGiSNM.exe
  2⤵
  PID:13840
- C:\Windows\System\gXORmaD.exe
  C:\Windows\System\gXORmaD.exe
  2⤵
  PID:13868
- C:\Windows\System\GmmZPlw.exe
  C:\Windows\System\GmmZPlw.exe
  2⤵
  PID:13896
- C:\Windows\System\xuweVWZ.exe
  C:\Windows\System\xuweVWZ.exe
  2⤵
  PID:13928
- C:\Windows\System\vsrDoAK.exe
  C:\Windows\System\vsrDoAK.exe
  2⤵
  PID:13952
- C:\Windows\System\ppuWwVg.exe
  C:\Windows\System\ppuWwVg.exe
  2⤵
  PID:13980
- C:\Windows\System\dsobvCr.exe
  C:\Windows\System\dsobvCr.exe
  2⤵
  PID:14020
- C:\Windows\System\kGiCDrd.exe
  C:\Windows\System\kGiCDrd.exe
  2⤵
  PID:14060
- C:\Windows\System\QMeSuua.exe
  C:\Windows\System\QMeSuua.exe
  2⤵
  PID:14076
- C:\Windows\System\vFkRzWk.exe
  C:\Windows\System\vFkRzWk.exe
  2⤵
  PID:14116
- C:\Windows\System\rozBCPa.exe
  C:\Windows\System\rozBCPa.exe
  2⤵
  PID:14144
- C:\Windows\System\MNnmVHp.exe
  C:\Windows\System\MNnmVHp.exe
  2⤵
  PID:14172
- C:\Windows\System\xpvWQzW.exe
  C:\Windows\System\xpvWQzW.exe
  2⤵
  PID:14208
- C:\Windows\System\MZiBoFH.exe
  C:\Windows\System\MZiBoFH.exe
  2⤵
  PID:14236
- C:\Windows\System\oIhpHxS.exe
  C:\Windows\System\oIhpHxS.exe
  2⤵
  PID:14264
- C:\Windows\System\cQxZqwM.exe
  C:\Windows\System\cQxZqwM.exe
  2⤵
  PID:14284
- C:\Windows\System\rckLGVX.exe
  C:\Windows\System\rckLGVX.exe
  2⤵
  PID:14320
- C:\Windows\System\AiMPgpC.exe
  C:\Windows\System\AiMPgpC.exe
  2⤵
  PID:13348
- C:\Windows\System\gvFIAyL.exe
  C:\Windows\System\gvFIAyL.exe
  2⤵
  PID:13404
- C:\Windows\System\QUpYEig.exe
  C:\Windows\System\QUpYEig.exe
  2⤵
  PID:13468
- C:\Windows\System\OfKcJbc.exe
  C:\Windows\System\OfKcJbc.exe
  2⤵
  PID:13528
- C:\Windows\System\GYWVBXF.exe
  C:\Windows\System\GYWVBXF.exe
  2⤵
  PID:1544
- C:\Windows\System\WsmZBpb.exe
  C:\Windows\System\WsmZBpb.exe
  2⤵
  PID:13588
- C:\Windows\System\cjoFKgu.exe
  C:\Windows\System\cjoFKgu.exe
  2⤵
  PID:13684
- C:\Windows\System\QHVqbDS.exe
  C:\Windows\System\QHVqbDS.exe
  2⤵
  PID:13740
- C:\Windows\System\oybKZUL.exe
  C:\Windows\System\oybKZUL.exe
  2⤵
  PID:13796
- C:\Windows\System\jPepewK.exe
  C:\Windows\System\jPepewK.exe
  2⤵
  PID:13852
- C:\Windows\System\zjOoFuh.exe
  C:\Windows\System\zjOoFuh.exe
  2⤵
  PID:13916
- C:\Windows\System\MbCXLNu.exe
  C:\Windows\System\MbCXLNu.exe
  2⤵
  PID:13972
- C:\Windows\System\TSXkkcG.exe
  C:\Windows\System\TSXkkcG.exe
  2⤵
  PID:14040
- C:\Windows\System\epOgeGG.exe
  C:\Windows\System\epOgeGG.exe
  2⤵
  PID:14112
- C:\Windows\System\WxrubOm.exe
  C:\Windows\System\WxrubOm.exe
  2⤵
  PID:3852
- C:\Windows\System\larbYqI.exe
  C:\Windows\System\larbYqI.exe
  2⤵
  PID:9464
- C:\Windows\System\aiTWtbQ.exe
  C:\Windows\System\aiTWtbQ.exe
  2⤵
  PID:14164
- C:\Windows\System\CvpdVtM.exe
  C:\Windows\System\CvpdVtM.exe
  2⤵
  PID:14196
- C:\Windows\System\HZfHnUP.exe
  C:\Windows\System\HZfHnUP.exe
  2⤵
  PID:14260
- C:\Windows\System\AJLjiaS.exe
  C:\Windows\System\AJLjiaS.exe
  2⤵
  PID:14316
- C:\Windows\System\pbQKBgC.exe
  C:\Windows\System\pbQKBgC.exe
  2⤵
  PID:13432
- C:\Windows\System\lTtPjLM.exe
  C:\Windows\System\lTtPjLM.exe
  2⤵
  PID:2964
- C:\Windows\System\kxaDJTw.exe
  C:\Windows\System\kxaDJTw.exe
  2⤵
  PID:5508
- C:\Windows\System\pCgHYYg.exe
  C:\Windows\System\pCgHYYg.exe
  2⤵
  PID:13792
- C:\Windows\System\tiFCVjx.exe
  C:\Windows\System\tiFCVjx.exe
  2⤵
  PID:13944
- C:\Windows\System\FoVUvDf.exe
  C:\Windows\System\FoVUvDf.exe
  2⤵
  PID:14072
- C:\Windows\System\AzCrgLI.exe
  C:\Windows\System\AzCrgLI.exe
  2⤵
  PID:9832
- C:\Windows\System\dhQupSr.exe
  C:\Windows\System\dhQupSr.exe
  2⤵
  PID:388
- C:\Windows\System\fTrRQFz.exe
  C:\Windows\System\fTrRQFz.exe
  2⤵
  PID:14304
- C:\Windows\System\OrlAgku.exe
  C:\Windows\System\OrlAgku.exe
  2⤵
  PID:5116
- C:\Windows\System\KSVlzcM.exe
  C:\Windows\System\KSVlzcM.exe
  2⤵
  PID:2208
- C:\Windows\System\JNeOevM.exe
  C:\Windows\System\JNeOevM.exe
  2⤵
  PID:14088
- C:\Windows\System\ULGOjOU.exe
  C:\Windows\System\ULGOjOU.exe
  2⤵
  PID:14248
- C:\Windows\System\SjKiuoB.exe
  C:\Windows\System\SjKiuoB.exe
  2⤵
  PID:13772
- C:\Windows\System\EewMBUz.exe
  C:\Windows\System\EewMBUz.exe
  2⤵
  PID:4688
- C:\Windows\System\NwtEHNs.exe
  C:\Windows\System\NwtEHNs.exe
  2⤵
  PID:13720
- C:\Windows\System\fbtgxgp.exe
  C:\Windows\System\fbtgxgp.exe
  2⤵
  PID:14356
- C:\Windows\System\ipOULRz.exe
  C:\Windows\System\ipOULRz.exe
  2⤵
  PID:14384
- C:\Windows\System\DzXBOeB.exe
  C:\Windows\System\DzXBOeB.exe
  2⤵
  PID:14412
- C:\Windows\System\ounzPcV.exe
  C:\Windows\System\ounzPcV.exe
  2⤵
  PID:14452
- C:\Windows\System\XSMPumx.exe
  C:\Windows\System\XSMPumx.exe
  2⤵
  PID:14468
- C:\Windows\System\yfsuZag.exe
  C:\Windows\System\yfsuZag.exe
  2⤵
  PID:14496
- C:\Windows\System\kUUdqym.exe
  C:\Windows\System\kUUdqym.exe
  2⤵
  PID:14524
- C:\Windows\System\rMsLsJB.exe
  C:\Windows\System\rMsLsJB.exe
  2⤵
  PID:14552
- C:\Windows\System\cwcWZxK.exe
  C:\Windows\System\cwcWZxK.exe
  2⤵
  PID:14580
- C:\Windows\System\WKChOwJ.exe
  C:\Windows\System\WKChOwJ.exe
  2⤵
  PID:14608
- C:\Windows\System\rpmbqiq.exe
  C:\Windows\System\rpmbqiq.exe
  2⤵
  PID:14636
- C:\Windows\System\PGevKcV.exe
  C:\Windows\System\PGevKcV.exe
  2⤵
  PID:14664
- C:\Windows\System\DZcrnyh.exe
  C:\Windows\System\DZcrnyh.exe
  2⤵
  PID:14692
- C:\Windows\System\vjxGXYZ.exe
  C:\Windows\System\vjxGXYZ.exe
  2⤵
  PID:14720
- C:\Windows\System\rqofiPo.exe
  C:\Windows\System\rqofiPo.exe
  2⤵
  PID:14748
- C:\Windows\System\XNlKzgR.exe
  C:\Windows\System\XNlKzgR.exe
  2⤵
  PID:14776
- C:\Windows\System\StTfbKX.exe
  C:\Windows\System\StTfbKX.exe
  2⤵
  PID:14804
- C:\Windows\System\bkuKoQk.exe
  C:\Windows\System\bkuKoQk.exe
  2⤵
  PID:14832
- C:\Windows\System\vBSGyUz.exe
  C:\Windows\System\vBSGyUz.exe
  2⤵
  PID:14860
- C:\Windows\System\ghNWFia.exe
  C:\Windows\System\ghNWFia.exe
  2⤵
  PID:14888
- C:\Windows\System\QiBKcVh.exe
  C:\Windows\System\QiBKcVh.exe
  2⤵
  PID:14916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWjEOMH.exe

Filesize
6.1MB

MD5
2422264178d039e467f7754d07484e5e

SHA1
f4c3eadc4ed4e3ce0c5ddc4a2508537682adb0da

SHA256
8b76879b126d3ac53f27b87fc00e7a0feace341b268251aa39ed95024492c17a

SHA512
8e76d3657e4c7375fbe28c7828186ebf1f27211a2c631b32f0dbd0116fe08c815e0154c11e242092c73a831cc1eddbbcbb0e970cdbfab72bfe8ffb1a35935a06

Download Submit
C:\Windows\System\BqheUWp.exe

Filesize
6.1MB

MD5
c9200ed73f00f0ff1760f37c1158ebbb

SHA1
901eb9a8c466afbfc9594beb6379148ed515b838

SHA256
9868bbfaee87ebbeb81cce414a55657739255d58237ce4418c4b6f37e67969fa

SHA512
0694572b9ff021ae91ea16616ea6a20a3be9fd83c5a77c5d7cc2a989ec243a2332011870d8543996ac3c8eb309eed67be97249b036b7e99aeea0f993106fad9e

Download Submit
C:\Windows\System\EDnAPpQ.exe

Filesize
6.1MB

MD5
2ef792efd8243b3472cab52d20ac1aa9

SHA1
821dc1ea9743d1d49b86b77e6291203ab3ca892c

SHA256
878d171f95b2376670698817077da45e9c396a42e51de6d3833986b0e067efcf

SHA512
31bd43cf5109a4659d1218de59b399546f19a2c01e632742b57591549629c24851f4414697e1542e9bf6cb7839f739a4e293a2cd89c8ffe1c827a8ed04dacb72

Download Submit
C:\Windows\System\ENDxWsy.exe

Filesize
6.1MB

MD5
26d1028a98bf7e46aa46aca038b81959

SHA1
7aa517b076c62592b37986cdbbb1804e89acdec1

SHA256
21d76f765d90d53135c39079ee6ca36ba1cc80a5baf7630a768cffc967c933b3

SHA512
f1532dcca14a72f07c5a3fb9942f9f79db5a744ada3f854638ebc0d9713617577b5e32088c788edb858a826130c12e4968e825b6870b59a9d9800e240f46d736

Download Submit
C:\Windows\System\GPrNXqg.exe

Filesize
6.1MB

MD5
95980ad4ad5c11392f64f4eb0b894c7b

SHA1
b6d7f7e555def88058d306754c6d8837db3e1dd5

SHA256
35b6a8f01750b64d57540946e512f6d22361fa7c29d31510d9ced0f6e3d65b14

SHA512
8b4b8c1e3140ffb2ac2cde147480ff5153cfc723c6c319dbe22468c1c9361cc833a465e7fc79c0596c07b9a64234c8977ace07c66020deb26f8ccff748d26c1d

Download Submit
C:\Windows\System\HJUfmEN.exe

Filesize
6.1MB

MD5
c8bd38f7a5476a87a706115852cf9c64

SHA1
f8a273229db8ff2e97e81b3a179a6380324fcd9a

SHA256
0786b72febd7b6cb992957a0b85d3cbef647469f8e9767f506e08cbbe77aa816

SHA512
1c6f05313cfba7ac2ba2cf7890c69e87a8a8816f3da7d4d4f865cb56d65d6026349f43d5ce504837b8d164cd4dcfaeb082465f9dd06df37c04ed034a36839321

Download Submit
C:\Windows\System\HLueYqc.exe

Filesize
6.1MB

MD5
7ac251e9226cc471e4aad44c61bf78a9

SHA1
39048790d3ba8f6d1f143e46d65e51977f6dee89

SHA256
a3fb5b1df3cf64305316f05fd346cd95077de3c5723470aa0b422f1bafe0aecd

SHA512
a5c591c814cce31c7579307ea6ba1cc7b4d22cb40a7cc1fab6e25324504773603d0ad7576d2aa51ab2d711e08af1326f3bd954fbe0fde08db5384525af9dee60

Download Submit
C:\Windows\System\HPPcWWd.exe

Filesize
6.1MB

MD5
70874d11407afa37a0d0a09be0113938

SHA1
c8934416ffa7173b61405a99e8221ca045c95fb9

SHA256
71de638ec093af0febc03d553a1368fd6caf58ef15851fe6cde4c10468fd8905

SHA512
4fc2653ce4cf2a2185af6dbd363014d7b27914726988845402fa73130f4ea62241f58577fbe7d19ceb19084650bad806972f572b05e62a23e0e9effe12a21b58

Download Submit
C:\Windows\System\IimvgQa.exe

Filesize
6.1MB

MD5
c258676fe08fb95fa38520f402f9ed09

SHA1
a85463198c969d742648340287340576323381fe

SHA256
aa3210fab4c0e86b2b545d91c53c5bb3eb411bc8e76d27aa6fa6ee6bffe8f051

SHA512
d6e59b34195dff805e51792536419f2ef757f6da286a072d27f803fcc555101e9509de9240f47eded1a9d52acc3935b49f9b706da354267793982e1ab36b6a6f

Download Submit
C:\Windows\System\JOTRAmj.exe

Filesize
6.1MB

MD5
74d05af8a2e3b783c8a288bf6c876433

SHA1
b4644c9da04a879d1c6c403a95452bb7bb9ee6ca

SHA256
355588db28c47927cc513803d4c3fbe9086af85cc27394e99938b9c7a8eaa0d6

SHA512
0218cf675ebc79a99adfd85287047ef17173a1c90d9d26047d2f236172932e9e79b3ab3dc0b31a46c25e00786469a6cca1f28114335aaff9cb70e8e477963645

Download Submit
C:\Windows\System\KGNNnFJ.exe

Filesize
6.1MB

MD5
4a118fbd42659ceecfcdd1eae0c7c934

SHA1
658d0ba1e91edc53e00eb95554c8fdc5bbc856f8

SHA256
fa8a5117e25118b615d3bef2d1b54a189dfd08f3e2f26050f79e25399972200d

SHA512
24355f0d7f3bf1f74cfe6c41f3fdd68b7152c18e3fc03233fb0ef1c8fb5545b2a195e1507933a8a71f00192ed68f3cb919d9234905fe957b504d1ce5b5e5cf71

Download Submit
C:\Windows\System\MExPdqb.exe

Filesize
6.1MB

MD5
6ad8f235e5085db781ca4b2e5fa74533

SHA1
816ed0c889f98d1c5c01e8ad6532acaa8b251a56

SHA256
7e736f1ac69cc6ccb3309592b7734d138bb21419fe1e6c89ee8e2586fd70929e

SHA512
783222ddf12d8a9bef2bea2966620a4670b082340b976e2f9d9b763648611e90bb84bfed1308f66fdf8e463264029cdc625c91d711d50c6c436473412acde5ef

Download Submit
C:\Windows\System\MMZzDAN.exe

Filesize
6.1MB

MD5
314c0353840dbaf47185940debf58753

SHA1
27ad14868f0e2ae1a66378c82ce279ae375914ed

SHA256
dea67a52d634a4a0405b10826fb9438f4c44652d66b567e1889d77137254c010

SHA512
d0d346f0d867de7095292d2348df235709910decc0c5a2f07263ac6e347cf961289ede7503e5249cfa94988b0c95a01ac62aac7947387c118752ccdb90239b87

Download Submit
C:\Windows\System\MsTwDzj.exe

Filesize
6.1MB

MD5
5617b1ddbc811a14fe7ae6c79d404bfc

SHA1
c8b781eb1b6d9687a6a9a592ff5af0fa68321257

SHA256
e365a38628c64361c9112d618a3e1eb0a88c153147c86471dc7ab71cea122d7d

SHA512
ac1c72761f596e2531eebb6d2e112b25bc7a595a6b338701d7462c0b6e702b3dc408ebdd2f74f90edf14be70825539adc7c7dda1238432354910f87d3aa49cb5

Download Submit
C:\Windows\System\OGFbZnC.exe

Filesize
6.1MB

MD5
8c4ce3afdd6e9e9cd73a9b7f52001871

SHA1
b79bec3c8512dba0d5b5ec78765432d3dbd44fba

SHA256
5cebd2337cc613539f9be2a33d1048ee0d77f7f1c21ba189a7ea05bc8e30ed4b

SHA512
97b092de68ef3bc89c7fc5eeec43f4bffcaebcdf1b6f099763290707f6b0d8cadc024865d9d522371e173676482607cb6a7f6b39775f27bfa480df385df2156e

Download Submit
C:\Windows\System\PGVFqFZ.exe

Filesize
6.1MB

MD5
279e1006168f9efa2e8b516469ab054a

SHA1
8e471fd6bf062fb0d8b0ae49940ace3ac0ab5ae4

SHA256
db4ba50ec0a4a1127bf6ab23a5badf7708c5e14f265cb8644c26a3b133afe80e

SHA512
471310cffeb7c4a77e463350ed1be26fd2f4e5be4332ccaebe9881b240ada2330e73b23429eb35cbcd7f64057d1b55b143f1424aeebbe87b4cbc409c31238447

Download Submit
C:\Windows\System\SYnovcx.exe

Filesize
6.1MB

MD5
90e459c27ed3648e7e8f566e5e2f719d

SHA1
f9e5c7d52a312136777a8b6b14ddd7d931c4c159

SHA256
ebb0b40a1d37fb1d3eb98a1cf7e3e399d58c30a33c5c2d274b8600ca2c2e1377

SHA512
2dd6dbca1278cb0925ec7e12e9f7df7b23b0337d9b3f09c67adce48557dafa171bae9baf06a23b0edf3f6de6644994f16d62a14b7cac51b04443b84287b59b73

Download Submit
C:\Windows\System\UxRHzun.exe

Filesize
6.1MB

MD5
c8a73c79bcf912ef4d5fd2e80123f0c1

SHA1
22c4eed5520cd1d87ff77b8d4e607af87d382a51

SHA256
ce0dde7e15072a534e3716dfaca648a6bd9cc1c2209083a89f827c6084713804

SHA512
50bcb4e6aa81d1da83ccf18e8da7f805deedc280d57887e6a1ee3f04aac2cfa825cc30278178328ab9ca31d861a8a825e5110f1b60c41af946d66a891666cd99

Download Submit
C:\Windows\System\VOcCAhS.exe

Filesize
6.1MB

MD5
409f6700f31ff0bd2bff708491c0117c

SHA1
1e82d037d2195943b710b672e72b40c9cfb203cf

SHA256
5f202b2b21eb3a165e5f9e9a9ff430adb1c573f386aca9b242a9b6eaed74c06b

SHA512
951adbb08636260ee9ee71931f5d41e98733f44dbc87d483346b1d6028c8992612cc9a956986350e7a748d896ac116783df68290fbbe036450ae4e2e507a6b97

Download Submit
C:\Windows\System\XTZwEPe.exe

Filesize
6.1MB

MD5
fa15743532c966e4a5ef670f7c2a1438

SHA1
b8c21edf6f20d74af30839b58055eaaf3e16e498

SHA256
9ee46a747ccbe3731f4bae2f87a5e9303b49a57ba2df12cf91a7fde27e48b8ed

SHA512
e756c88bb98f48625353d1c30209b34079fdd3bbd525cb1878b0ce700a65358cd433a8bef32cbabbee9ad38df99708a3a0af130a5cf6a955ab34a5d426035795

Download Submit
C:\Windows\System\bvGkaAE.exe

Filesize
6.1MB

MD5
94d398591ae818b6f62928674b4fe894

SHA1
cdfe4a462f70e61dd5257647ddc1279737c82d3a

SHA256
20da54a7ca377d6fcb0679ac0f0c6fef83990b4a06a6929157e36ae768554ffe

SHA512
3f26d24491064e9b01425287f52ba83620f367278dda701a81dc796211f75f6df5595631a93cab0f837cf9cb96d6f24270e909ac6a0187f54ebcdab10ed84fe4

Download Submit
C:\Windows\System\eZrPaGQ.exe

Filesize
6.1MB

MD5
96184204a24396f6d2509bdc1076ac50

SHA1
f345f3bd76001c00a2b743c500294e70c04a8cc5

SHA256
fd58a44b93cab77070bc697318b9316c581ff807bd8cf64d3957fdcfb97357b6

SHA512
6b789e1f3553fede5146e878ea6c1e59e8ebc963380093b2c2f31005a99112a5528de3312b6988559389953a5f15ac3267638a42fb52cfb2862008125bd11623

Download Submit
C:\Windows\System\gKqNmSV.exe

Filesize
6.1MB

MD5
adcea7594e5df89fe0ee556bede0144b

SHA1
58d5273770584deb1c4c8ee579855504818f6786

SHA256
cd9a72b3f696383340b19aee31e91ce403876ef37c56413c44d0ab0076882ea0

SHA512
3097a1d7dbf793424adffbcd07e47f6d7f76a3933a4f8296275ff559403354420fa6cb1fb5c2482cb82e7dfc06615f56fbbe378ec1c3f14e9c371545d85d2a59

Download Submit
C:\Windows\System\gysTBJQ.exe

Filesize
6.1MB

MD5
b26732b806ca4a0a054ebf3afb3d80d0

SHA1
a49722f9a2886fe1628ed7c75d98669c8bf8672e

SHA256
a053754b995285311a39703bd1542d60e7a142296938dd418574ea9fb570ceeb

SHA512
8e5db0303b9219aecea401ea24cf0fa21191d445924c711b10d99649accbf48b1358d1d0819b8c39139be8267754f43aa9cdd6fd6012eb353149abbfbf975df6

Download Submit
C:\Windows\System\hLoISuQ.exe

Filesize
6.1MB

MD5
473a0660f7eae8f0073071a66c0d5b45

SHA1
94e0712254d42f3f221340d85ad0cab0cf76e682

SHA256
8f57752547f430c5f56b625da7693801e89aed706df264e1d13a04b363879852

SHA512
0de338a7fc34dfdbc061fbb51498c9485bba8b1070e66d3ec6ec067db2de745c322cb3a0ae30d183cbbfc67ba751e36c04dbdd92bd5e80186e86718f202146da

Download Submit
C:\Windows\System\ilmlziP.exe

Filesize
6.1MB

MD5
2fa81da5969fd5912f869b08a151899d

SHA1
a510a551c4652f0a1dc4fb92c2fa9b9dd06ff52d

SHA256
065deb577fab9059cac16bb3cfef07d084e12cb68841401a03f71b08da324184

SHA512
91d89cda92da3f1e2f9fac4e8d5af49f719f7c7f052a003513e75f30d855bbadae1614f6d1978189b6de41c182f2f70da17eae9ed9a2146808c09f678e72238d

Download Submit
C:\Windows\System\jaGvqVh.exe

Filesize
6.1MB

MD5
a6266ccf48c0780aa838c08acb5ab4a8

SHA1
c3a3fdf0bc9899d5fc30b3372d6ca20472ac9d51

SHA256
ed5d7d99340d759a5c3dd2cb287049b0c11e30f83df29a4644685a636a0f85c9

SHA512
1a423f12dbf9acba0e559b8d70430af996ddebb982ad155f89b78e25a64a61f2877c2efef04f2126e1c38672394a0a4f9041311db11663f8a578d2a252c01a31

Download Submit
C:\Windows\System\ovIWeqt.exe

Filesize
6.1MB

MD5
5116eb96d97a4ce7e9e8d447fa962e3c

SHA1
6bdf76b754258933847c59376fd314eb0c41acf0

SHA256
054d6b1d8e3ed2f515a117ce5635164713a77fba99de962d65d299aa3cc1bc1f

SHA512
c07fba4274e5467a7510e3eed286d37399c80cba72fb23d6c8ddf1975faa92cd0dc805c2db1bd9b60581d0150d91a961f72ad9e9958424ea2518651e0076aa77

Download Submit
C:\Windows\System\qoFtxhU.exe

Filesize
6.1MB

MD5
26b88c8ea16569703783aaa19b135cd3

SHA1
dd9df72d03b7d40f84ca9d4f6c3c51cf492ad74f

SHA256
7403044d6f6972d90f8bccd7179c76e0643af919ae921c6e6f9f6b1a20cd9c4a

SHA512
bfa88c38f673bd3dd46f992f5bead014558c1c08c2ac66ba45a3aeee9fc026af1f00f3c89af139583affb79aaf0f14e4f1b45c6d3f265024e85127a77d93eb70

Download Submit
C:\Windows\System\sGjJauR.exe

Filesize
6.1MB

MD5
22acf9da830705c1fb51b63e307c0f65

SHA1
e396e6f61ca5776983da851e403ce164d4ebc2bf

SHA256
66e459c77362b35ddf302f501e38bc55302362c3a4f00f3545db2fc4618130df

SHA512
a9686cfbe74b91ca6d35d5b8733b3f222e6870088856e43388510eeae2e42d277d958265af0198a5e9712d9a28d318e506831f2122944580fb72a585c70c30d0

Download Submit
C:\Windows\System\utKKuhL.exe

Filesize
6.1MB

MD5
3a488c49bb8e4247da8a8f2eb98f1927

SHA1
87df2ac5bb5496c900c29488605eb183bd6cedc8

SHA256
156982bb771b9a5bd9e0327269a0a57a2d9ddb0092c1808a587fe52227918046

SHA512
d412348ae852745cf78b5233168bf0486e67b414a812abae39d35556d00d008c4f1eef6683cd0a9a96be8a05e9cbe10e99902e770571e9c9dd966198b66c2850

Download Submit
C:\Windows\System\ypGcfIp.exe

Filesize
6.1MB

MD5
63e688a223a4a17fac68de892865bfee

SHA1
befa877d5fee749ff864fe5627cde14f6860a2bb

SHA256
fb942978dcad60dd9964daecd49dd1debd473679c0089cd9441938aae857b9d2

SHA512
cd0f8187027578c63692cf031044df9b36390ebb6773ca7fd8a627969a59e3334b47de545ccf878d4e0788ef65687f6447eeb3429e2fc5ea4f56467ff2d3f0cd

Download Submit
memory/324-1210-0x00007FF7523C0000-0x00007FF752714000-memory.dmp

Filesize
3.3MB

Download
memory/324-144-0x00007FF7523C0000-0x00007FF752714000-memory.dmp

Filesize
3.3MB

Download
memory/324-2223-0x00007FF7523C0000-0x00007FF752714000-memory.dmp

Filesize
3.3MB

Download
memory/400-2220-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/400-151-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/400-1338-0x00007FF7E0790000-0x00007FF7E0AE4000-memory.dmp

Filesize
3.3MB

Download
memory/404-2225-0x00007FF646940000-0x00007FF646C94000-memory.dmp

Filesize
3.3MB

Download
memory/404-143-0x00007FF646940000-0x00007FF646C94000-memory.dmp

Filesize
3.3MB

Download
memory/404-1166-0x00007FF646940000-0x00007FF646C94000-memory.dmp

Filesize
3.3MB

Download
memory/688-2218-0x00007FF679270000-0x00007FF6795C4000-memory.dmp

Filesize
3.3MB

Download
memory/688-178-0x00007FF679270000-0x00007FF6795C4000-memory.dmp

Filesize
3.3MB

Download
memory/688-114-0x00007FF679270000-0x00007FF6795C4000-memory.dmp

Filesize
3.3MB

Download
memory/876-167-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/876-1470-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/876-2224-0x00007FF72EEA0000-0x00007FF72F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/952-160-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp

Filesize
3.3MB

Download
memory/952-2226-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp

Filesize
3.3MB

Download
memory/952-1411-0x00007FF6667B0000-0x00007FF666B04000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1540-0x00007FF7192F0000-0x00007FF719644000-memory.dmp

Filesize
3.3MB

Download
memory/1048-174-0x00007FF7192F0000-0x00007FF719644000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2222-0x00007FF7192F0000-0x00007FF719644000-memory.dmp

Filesize
3.3MB

Download
memory/1908-64-0x00007FF74A500000-0x00007FF74A854000-memory.dmp

Filesize
3.3MB

Download
memory/1908-0-0x00007FF74A500000-0x00007FF74A854000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1-0x0000026E05920000-0x0000026E05930000-memory.dmp

Filesize
64KB

Download
memory/1932-2221-0x00007FF772FD0000-0x00007FF773324000-memory.dmp

Filesize
3.3MB

Download
memory/1932-1162-0x00007FF772FD0000-0x00007FF773324000-memory.dmp

Filesize
3.3MB

Download
memory/1932-132-0x00007FF772FD0000-0x00007FF773324000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2210-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2024-68-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2024-138-0x00007FF64FB10000-0x00007FF64FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1603-0x00007FF644B00000-0x00007FF644E54000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2227-0x00007FF644B00000-0x00007FF644E54000-memory.dmp

Filesize
3.3MB

Download
memory/2036-180-0x00007FF644B00000-0x00007FF644E54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-139-0x00007FF63E8E0000-0x00007FF63EC34000-memory.dmp

Filesize
3.3MB

Download
memory/2352-77-0x00007FF63E8E0000-0x00007FF63EC34000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2212-0x00007FF63E8E0000-0x00007FF63EC34000-memory.dmp

Filesize
3.3MB

Download
memory/2408-63-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-131-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2211-0x00007FF6FC5A0000-0x00007FF6FC8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-115-0x00007FF663EA0000-0x00007FF6641F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-48-0x00007FF663EA0000-0x00007FF6641F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2208-0x00007FF663EA0000-0x00007FF6641F4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2219-0x00007FF62AA90000-0x00007FF62ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-194-0x00007FF62AA90000-0x00007FF62ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-123-0x00007FF62AA90000-0x00007FF62ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-28-0x00007FF651770000-0x00007FF651AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-94-0x00007FF651770000-0x00007FF651AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-150-0x00007FF69CF80000-0x00007FF69D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-83-0x00007FF69CF80000-0x00007FF69D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2214-0x00007FF69CF80000-0x00007FF69D2D4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2216-0x00007FF7417A0000-0x00007FF741AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-179-0x00007FF7417A0000-0x00007FF741AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-122-0x00007FF7417A0000-0x00007FF741AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-188-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3296-1673-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2229-0x00007FF77AC30000-0x00007FF77AF84000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2217-0x00007FF742240000-0x00007FF742594000-memory.dmp

Filesize
3.3MB

Download
memory/3532-173-0x00007FF742240000-0x00007FF742594000-memory.dmp

Filesize
3.3MB

Download
memory/3532-104-0x00007FF742240000-0x00007FF742594000-memory.dmp

Filesize
3.3MB

Download
memory/3884-78-0x00007FF75A480000-0x00007FF75A7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-14-0x00007FF75A480000-0x00007FF75A7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-84-0x00007FF613B00000-0x00007FF613E54000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2198-0x00007FF613B00000-0x00007FF613E54000-memory.dmp

Filesize
3.3MB

Download
memory/4164-23-0x00007FF613B00000-0x00007FF613E54000-memory.dmp

Filesize
3.3MB

Download
memory/4380-195-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2228-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4380-1737-0x00007FF6DAE50000-0x00007FF6DB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2206-0x00007FF7F2E30000-0x00007FF7F3184000-memory.dmp

Filesize
3.3MB

Download
memory/4452-32-0x00007FF7F2E30000-0x00007FF7F3184000-memory.dmp

Filesize
3.3MB

Download
memory/4452-103-0x00007FF7F2E30000-0x00007FF7F3184000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2207-0x00007FF6866B0000-0x00007FF686A04000-memory.dmp

Filesize
3.3MB

Download
memory/4552-110-0x00007FF6866B0000-0x00007FF686A04000-memory.dmp

Filesize
3.3MB

Download
memory/4552-42-0x00007FF6866B0000-0x00007FF686A04000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2213-0x00007FF72FE90000-0x00007FF7301E4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-88-0x00007FF72FE90000-0x00007FF7301E4000-memory.dmp

Filesize
3.3MB

Download
memory/4592-159-0x00007FF72FE90000-0x00007FF7301E4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-95-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp

Filesize
3.3MB

Download
memory/4948-166-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2215-0x00007FF75EBF0000-0x00007FF75EF44000-memory.dmp

Filesize
3.3MB

Download
memory/5016-56-0x00007FF783330000-0x00007FF783684000-memory.dmp

Filesize
3.3MB

Download
memory/5016-116-0x00007FF783330000-0x00007FF783684000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2209-0x00007FF783330000-0x00007FF783684000-memory.dmp

Filesize
3.3MB

Download
memory/5024-74-0x00007FF75E0D0000-0x00007FF75E424000-memory.dmp

Filesize
3.3MB

Download
memory/5024-8-0x00007FF75E0D0000-0x00007FF75E424000-memory.dmp

Filesize
3.3MB

Download
memory/5080-41-0x00007FF7E5B60000-0x00007FF7E5EB4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2205-0x00007FF7E5B60000-0x00007FF7E5EB4000-memory.dmp

Filesize
3.3MB

Download