cobaltstrike | 1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
Size

6.0MB
MD5

763c1dfcd8c85f8942874b4c10f208d0
SHA1

f25f654fd28de5f25a771e5f556ea097e88d91f6
SHA256

1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e
SHA512

40dd79d6ffc92b1bb7b405fdc1376c604f95ed898e7f89aeeb3018ef30ac13ccd4ea1df9d4bde3021e1e314398a3f7ccb9e9a119f0e860592f20065ffd43d74a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUo:eOl56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fb-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cc4-12.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccd-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd7-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce8-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-51.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d04-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fb-3.dat	xmrig
behavioral1/memory/2564-11-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2952-15-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cc4-12.dat	xmrig
behavioral1/files/0x0009000000016ccd-10.dat	xmrig
behavioral1/files/0x0008000000016cd7-25.dat	xmrig
behavioral1/memory/2260-23-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce8-29.dat	xmrig
behavioral1/memory/864-33-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf0-42.dat	xmrig
behavioral1/files/0x000500000001945c-51.dat	xmrig
behavioral1/memory/2616-64-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2728-65-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ca5-73.dat	xmrig
behavioral1/memory/2260-75-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/3040-76-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-88.dat	xmrig
behavioral1/memory/2916-92-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-96.dat	xmrig
behavioral1/memory/860-97-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2712-81-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f0-80.dat	xmrig
behavioral1/files/0x00050000000195ca-127.dat	xmrig
behavioral1/files/0x0005000000019bec-172.dat	xmrig
behavioral1/memory/2676-684-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/860-937-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2916-881-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2712-582-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/3040-394-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2280-318-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-182.dat	xmrig
behavioral1/files/0x0005000000019c0b-187.dat	xmrig
behavioral1/files/0x0005000000019bf0-178.dat	xmrig
behavioral1/files/0x0005000000019931-167.dat	xmrig
behavioral1/files/0x00050000000196a0-162.dat	xmrig
behavioral1/files/0x0005000000019665-157.dat	xmrig
behavioral1/files/0x0005000000019624-152.dat	xmrig
behavioral1/files/0x00050000000195d0-142.dat	xmrig
behavioral1/files/0x00050000000195e0-147.dat	xmrig
behavioral1/files/0x00050000000195cc-133.dat	xmrig
behavioral1/files/0x00050000000195ce-136.dat	xmrig
behavioral1/files/0x00050000000195c8-123.dat	xmrig
behavioral1/files/0x00050000000195c6-113.dat	xmrig
behavioral1/files/0x00050000000195c7-117.dat	xmrig
behavioral1/files/0x00050000000195c4-107.dat	xmrig
behavioral1/files/0x00050000000195c2-102.dat	xmrig
behavioral1/memory/2280-100-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2564-69-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001948d-66.dat	xmrig
behavioral1/memory/2676-87-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2820-86-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2280-63-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2776-62-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2280-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2812-57-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-55.dat	xmrig
behavioral1/files/0x0007000000016d04-46.dat	xmrig
behavioral1/memory/2820-37-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2260-3439-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2952-3445-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2564-3449-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/864-3441-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2728-3455-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2564	HABussA.exe
2952	ixOfFNi.exe
2260	hLxFKUN.exe
864	BnqgBSC.exe
2820	QlyRGeN.exe
2812	UGoiwuG.exe
2616	DttjqPN.exe
2728	RduRmXC.exe
2776	yxEdVim.exe
3040	sPSylQR.exe
2712	bmiNIEs.exe
2676	McGCNoX.exe
2916	OOSiKxs.exe
860	HxPnJsb.exe
2872	gIVfPVL.exe
1460	uTGpjLy.exe
1940	lILkAwj.exe
2860	vygroew.exe
3020	dZZFJGr.exe
1856	GgrkHFh.exe
1772	ugYuKxG.exe
2480	MkHzdiF.exe
2120	wntMlZK.exe
792	TUZyNoi.exe
1640	IdeoZJQ.exe
604	ATXrxLQ.exe
584	jIZiPxR.exe
2036	jeanhIn.exe
2324	NxaYTpj.exe
408	gVnDeTE.exe
2340	wGNsfJr.exe
1972	eUAGlXr.exe
272	BESncum.exe
2576	MUPaDrH.exe
1680	EHMASwp.exe
2024	okNXrME.exe
1784	nkTOBlu.exe
268	oijjIGz.exe
1568	WsnXfYw.exe
904	bmUcrrn.exe
928	vXOZCfn.exe
972	ihJkMnC.exe
2288	JPDoxoo.exe
2488	BzDTBQJ.exe
2156	UMCVJdh.exe
2076	CvpFhZK.exe
2220	XqIAYuM.exe
2264	HfDMOUp.exe
2028	InVmNVR.exe
3004	rgxBtyl.exe
1212	fZlXfeW.exe
888	UThtTLo.exe
2072	ZodNsix.exe
1716	GMncGwM.exe
2108	rNnVqdu.exe
1596	voSooWF.exe
2148	SwcLNtD.exe
1284	StobKVC.exe
2868	eQKAotZ.exe
2736	qIwfDGb.exe
2780	pXAkAVT.exe
1760	orCzFer.exe
1968	VbudVkn.exe
2732	iOeeTRV.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00080000000120fb-3.dat	upx
behavioral1/memory/2564-11-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2952-15-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0008000000016cc4-12.dat	upx
behavioral1/files/0x0009000000016ccd-10.dat	upx
behavioral1/files/0x0008000000016cd7-25.dat	upx
behavioral1/memory/2260-23-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce8-29.dat	upx
behavioral1/memory/864-33-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000016cf0-42.dat	upx
behavioral1/files/0x000500000001945c-51.dat	upx
behavioral1/memory/2616-64-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2728-65-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0009000000016ca5-73.dat	upx
behavioral1/memory/2260-75-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/3040-76-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x000500000001958b-88.dat	upx
behavioral1/memory/2916-92-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-96.dat	upx
behavioral1/memory/860-97-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2712-81-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00050000000193f0-80.dat	upx
behavioral1/files/0x00050000000195ca-127.dat	upx
behavioral1/files/0x0005000000019bec-172.dat	upx
behavioral1/memory/2676-684-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/860-937-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2916-881-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2712-582-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/3040-394-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0005000000019bf2-182.dat	upx
behavioral1/files/0x0005000000019c0b-187.dat	upx
behavioral1/files/0x0005000000019bf0-178.dat	upx
behavioral1/files/0x0005000000019931-167.dat	upx
behavioral1/files/0x00050000000196a0-162.dat	upx
behavioral1/files/0x0005000000019665-157.dat	upx
behavioral1/files/0x0005000000019624-152.dat	upx
behavioral1/files/0x00050000000195d0-142.dat	upx
behavioral1/files/0x00050000000195e0-147.dat	upx
behavioral1/files/0x00050000000195cc-133.dat	upx
behavioral1/files/0x00050000000195ce-136.dat	upx
behavioral1/files/0x00050000000195c8-123.dat	upx
behavioral1/files/0x00050000000195c6-113.dat	upx
behavioral1/files/0x00050000000195c7-117.dat	upx
behavioral1/files/0x00050000000195c4-107.dat	upx
behavioral1/files/0x00050000000195c2-102.dat	upx
behavioral1/memory/2564-69-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x000500000001948d-66.dat	upx
behavioral1/memory/2676-87-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2820-86-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2280-74-0x0000000002290000-0x00000000025E4000-memory.dmp	upx
behavioral1/memory/2280-63-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2776-62-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2812-57-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-55.dat	upx
behavioral1/files/0x0007000000016d04-46.dat	upx
behavioral1/memory/2820-37-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2260-3439-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2952-3445-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2564-3449-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/864-3441-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2728-3455-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2812-3452-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/3040-3462-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iJoajEI.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\lPyGllE.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\jxdDxno.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\mqdFZsH.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\WancSFj.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\TXMWOGU.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\bRLhvca.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\PXWNsJm.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\mUaVRfq.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\gONJWiR.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\fIEmQAN.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\WpvxnZB.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\UlqEMNa.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\PWegTrN.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\bgfBfkU.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\uTqvKoF.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\RgmPyjR.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\eKbpYtP.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\eKfyJJQ.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\RNgCOcW.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\BlTSdIW.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\qhoosYv.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\RBWbLFn.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\MeYpgNF.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\ZHMcdee.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\EbNzray.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\MCHiCoi.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\EByhSYP.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\UMVJisB.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\oZClkzL.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\OJFBTFM.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\nkZKiHY.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\torMxdo.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\ftvwUBp.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\eTtZSgZ.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\WNxzMqn.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\fAlubJf.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\AwcYspl.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\LDzReVK.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\MQLkrxQ.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\JIbzXWk.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\ZyOSDny.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\qhaTjoX.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\jdnmICc.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\GcmGeax.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\qVAfvPS.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\hLxFKUN.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\YMAVSSA.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\JjsaTnc.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\ZNyLPgB.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\hHHdnaM.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\zyJMnXt.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\DMYqLRG.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\CtPVMMW.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\APKIhPT.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\YAlYCTm.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\egajdpx.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\YTxaNCN.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\MLMDXkR.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\XVRkRoc.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\LUrUHRg.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\oYkJEYI.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\HgfEJQI.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
File created	C:\Windows\System\VyOQOsT.exe	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2564	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	31
PID 2280 wrote to memory of 2564	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	31
PID 2280 wrote to memory of 2564	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	31
PID 2280 wrote to memory of 2952	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	32
PID 2280 wrote to memory of 2952	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	32
PID 2280 wrote to memory of 2952	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	32
PID 2280 wrote to memory of 2260	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	33
PID 2280 wrote to memory of 2260	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	33
PID 2280 wrote to memory of 2260	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	33
PID 2280 wrote to memory of 864	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	34
PID 2280 wrote to memory of 864	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	34
PID 2280 wrote to memory of 864	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	34
PID 2280 wrote to memory of 2820	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	35
PID 2280 wrote to memory of 2820	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	35
PID 2280 wrote to memory of 2820	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	35
PID 2280 wrote to memory of 2812	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	36
PID 2280 wrote to memory of 2812	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	36
PID 2280 wrote to memory of 2812	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	36
PID 2280 wrote to memory of 2616	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	37
PID 2280 wrote to memory of 2616	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	37
PID 2280 wrote to memory of 2616	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	37
PID 2280 wrote to memory of 2728	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	38
PID 2280 wrote to memory of 2728	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	38
PID 2280 wrote to memory of 2728	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	38
PID 2280 wrote to memory of 2712	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	39
PID 2280 wrote to memory of 2712	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	39
PID 2280 wrote to memory of 2712	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	39
PID 2280 wrote to memory of 2776	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	40
PID 2280 wrote to memory of 2776	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	40
PID 2280 wrote to memory of 2776	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	40
PID 2280 wrote to memory of 2676	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	41
PID 2280 wrote to memory of 2676	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	41
PID 2280 wrote to memory of 2676	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	41
PID 2280 wrote to memory of 3040	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	42
PID 2280 wrote to memory of 3040	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	42
PID 2280 wrote to memory of 3040	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	42
PID 2280 wrote to memory of 860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	43
PID 2280 wrote to memory of 860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	43
PID 2280 wrote to memory of 860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	43
PID 2280 wrote to memory of 2916	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	44
PID 2280 wrote to memory of 2916	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	44
PID 2280 wrote to memory of 2916	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	44
PID 2280 wrote to memory of 2872	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	45
PID 2280 wrote to memory of 2872	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	45
PID 2280 wrote to memory of 2872	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	45
PID 2280 wrote to memory of 1460	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	46
PID 2280 wrote to memory of 1460	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	46
PID 2280 wrote to memory of 1460	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	46
PID 2280 wrote to memory of 1940	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	47
PID 2280 wrote to memory of 1940	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	47
PID 2280 wrote to memory of 1940	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	47
PID 2280 wrote to memory of 2860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	48
PID 2280 wrote to memory of 2860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	48
PID 2280 wrote to memory of 2860	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	48
PID 2280 wrote to memory of 3020	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	49
PID 2280 wrote to memory of 3020	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	49
PID 2280 wrote to memory of 3020	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	49
PID 2280 wrote to memory of 1856	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	50
PID 2280 wrote to memory of 1856	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	50
PID 2280 wrote to memory of 1856	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	50
PID 2280 wrote to memory of 1772	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	51
PID 2280 wrote to memory of 1772	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	51
PID 2280 wrote to memory of 1772	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	51
PID 2280 wrote to memory of 2480	2280	JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d92670d4135c8ea90469a54d90ce71512db080b58f43904e4ca242cb5db947e.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\System\HABussA.exe
  C:\Windows\System\HABussA.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ixOfFNi.exe
  C:\Windows\System\ixOfFNi.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\hLxFKUN.exe
  C:\Windows\System\hLxFKUN.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BnqgBSC.exe
  C:\Windows\System\BnqgBSC.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\QlyRGeN.exe
  C:\Windows\System\QlyRGeN.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UGoiwuG.exe
  C:\Windows\System\UGoiwuG.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\DttjqPN.exe
  C:\Windows\System\DttjqPN.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\RduRmXC.exe
  C:\Windows\System\RduRmXC.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\bmiNIEs.exe
  C:\Windows\System\bmiNIEs.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\yxEdVim.exe
  C:\Windows\System\yxEdVim.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\McGCNoX.exe
  C:\Windows\System\McGCNoX.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\sPSylQR.exe
  C:\Windows\System\sPSylQR.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\HxPnJsb.exe
  C:\Windows\System\HxPnJsb.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\OOSiKxs.exe
  C:\Windows\System\OOSiKxs.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\gIVfPVL.exe
  C:\Windows\System\gIVfPVL.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\uTGpjLy.exe
  C:\Windows\System\uTGpjLy.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\lILkAwj.exe
  C:\Windows\System\lILkAwj.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\vygroew.exe
  C:\Windows\System\vygroew.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\dZZFJGr.exe
  C:\Windows\System\dZZFJGr.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\GgrkHFh.exe
  C:\Windows\System\GgrkHFh.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ugYuKxG.exe
  C:\Windows\System\ugYuKxG.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\MkHzdiF.exe
  C:\Windows\System\MkHzdiF.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\wntMlZK.exe
  C:\Windows\System\wntMlZK.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\TUZyNoi.exe
  C:\Windows\System\TUZyNoi.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\IdeoZJQ.exe
  C:\Windows\System\IdeoZJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ATXrxLQ.exe
  C:\Windows\System\ATXrxLQ.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\jIZiPxR.exe
  C:\Windows\System\jIZiPxR.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\jeanhIn.exe
  C:\Windows\System\jeanhIn.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\NxaYTpj.exe
  C:\Windows\System\NxaYTpj.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\gVnDeTE.exe
  C:\Windows\System\gVnDeTE.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\wGNsfJr.exe
  C:\Windows\System\wGNsfJr.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\eUAGlXr.exe
  C:\Windows\System\eUAGlXr.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\BESncum.exe
  C:\Windows\System\BESncum.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\MUPaDrH.exe
  C:\Windows\System\MUPaDrH.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\EHMASwp.exe
  C:\Windows\System\EHMASwp.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\okNXrME.exe
  C:\Windows\System\okNXrME.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\nkTOBlu.exe
  C:\Windows\System\nkTOBlu.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\oijjIGz.exe
  C:\Windows\System\oijjIGz.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\WsnXfYw.exe
  C:\Windows\System\WsnXfYw.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\bmUcrrn.exe
  C:\Windows\System\bmUcrrn.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\vXOZCfn.exe
  C:\Windows\System\vXOZCfn.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\ihJkMnC.exe
  C:\Windows\System\ihJkMnC.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\JPDoxoo.exe
  C:\Windows\System\JPDoxoo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\BzDTBQJ.exe
  C:\Windows\System\BzDTBQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\UMCVJdh.exe
  C:\Windows\System\UMCVJdh.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\CvpFhZK.exe
  C:\Windows\System\CvpFhZK.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\XqIAYuM.exe
  C:\Windows\System\XqIAYuM.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\HfDMOUp.exe
  C:\Windows\System\HfDMOUp.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\InVmNVR.exe
  C:\Windows\System\InVmNVR.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\rgxBtyl.exe
  C:\Windows\System\rgxBtyl.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\fZlXfeW.exe
  C:\Windows\System\fZlXfeW.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\UThtTLo.exe
  C:\Windows\System\UThtTLo.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ZodNsix.exe
  C:\Windows\System\ZodNsix.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GMncGwM.exe
  C:\Windows\System\GMncGwM.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\rNnVqdu.exe
  C:\Windows\System\rNnVqdu.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\voSooWF.exe
  C:\Windows\System\voSooWF.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\SwcLNtD.exe
  C:\Windows\System\SwcLNtD.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\StobKVC.exe
  C:\Windows\System\StobKVC.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\eQKAotZ.exe
  C:\Windows\System\eQKAotZ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\qIwfDGb.exe
  C:\Windows\System\qIwfDGb.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\pXAkAVT.exe
  C:\Windows\System\pXAkAVT.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\orCzFer.exe
  C:\Windows\System\orCzFer.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\VbudVkn.exe
  C:\Windows\System\VbudVkn.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\iOeeTRV.exe
  C:\Windows\System\iOeeTRV.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\usCSUmN.exe
  C:\Windows\System\usCSUmN.exe
  2⤵
  PID:1236
- C:\Windows\System\HCtbneb.exe
  C:\Windows\System\HCtbneb.exe
  2⤵
  PID:2164
- C:\Windows\System\InHnqWO.exe
  C:\Windows\System\InHnqWO.exe
  2⤵
  PID:2368
- C:\Windows\System\AqolNqi.exe
  C:\Windows\System\AqolNqi.exe
  2⤵
  PID:2708
- C:\Windows\System\GweWwNq.exe
  C:\Windows\System\GweWwNq.exe
  2⤵
  PID:2356
- C:\Windows\System\RGgpsID.exe
  C:\Windows\System\RGgpsID.exe
  2⤵
  PID:1492
- C:\Windows\System\jRQMryd.exe
  C:\Windows\System\jRQMryd.exe
  2⤵
  PID:828
- C:\Windows\System\csYynKv.exe
  C:\Windows\System\csYynKv.exe
  2⤵
  PID:1704
- C:\Windows\System\QWeAdlf.exe
  C:\Windows\System\QWeAdlf.exe
  2⤵
  PID:780
- C:\Windows\System\IqjWVLf.exe
  C:\Windows\System\IqjWVLf.exe
  2⤵
  PID:624
- C:\Windows\System\yDGFIst.exe
  C:\Windows\System\yDGFIst.exe
  2⤵
  PID:1096
- C:\Windows\System\NqpOcyH.exe
  C:\Windows\System\NqpOcyH.exe
  2⤵
  PID:1876
- C:\Windows\System\flwgJIY.exe
  C:\Windows\System\flwgJIY.exe
  2⤵
  PID:2504
- C:\Windows\System\MaMwqBx.exe
  C:\Windows\System\MaMwqBx.exe
  2⤵
  PID:2588
- C:\Windows\System\cShBLPG.exe
  C:\Windows\System\cShBLPG.exe
  2⤵
  PID:708
- C:\Windows\System\yDYdSzm.exe
  C:\Windows\System\yDYdSzm.exe
  2⤵
  PID:884
- C:\Windows\System\tRzDhqN.exe
  C:\Windows\System\tRzDhqN.exe
  2⤵
  PID:1044
- C:\Windows\System\FnsNUBm.exe
  C:\Windows\System\FnsNUBm.exe
  2⤵
  PID:2416
- C:\Windows\System\QzSAMEE.exe
  C:\Windows\System\QzSAMEE.exe
  2⤵
  PID:2992
- C:\Windows\System\czYOOKo.exe
  C:\Windows\System\czYOOKo.exe
  2⤵
  PID:3060
- C:\Windows\System\JdTtElu.exe
  C:\Windows\System\JdTtElu.exe
  2⤵
  PID:2956
- C:\Windows\System\euwqdve.exe
  C:\Windows\System\euwqdve.exe
  2⤵
  PID:2032
- C:\Windows\System\GdyBgFr.exe
  C:\Windows\System\GdyBgFr.exe
  2⤵
  PID:2044
- C:\Windows\System\bfYiMJR.exe
  C:\Windows\System\bfYiMJR.exe
  2⤵
  PID:2160
- C:\Windows\System\mfHEUnE.exe
  C:\Windows\System\mfHEUnE.exe
  2⤵
  PID:2012
- C:\Windows\System\xIUWnnL.exe
  C:\Windows\System\xIUWnnL.exe
  2⤵
  PID:1592
- C:\Windows\System\TQrvsou.exe
  C:\Windows\System\TQrvsou.exe
  2⤵
  PID:2200
- C:\Windows\System\uUarzsD.exe
  C:\Windows\System\uUarzsD.exe
  2⤵
  PID:2636
- C:\Windows\System\LJDfsAM.exe
  C:\Windows\System\LJDfsAM.exe
  2⤵
  PID:1576
- C:\Windows\System\DcmZUwy.exe
  C:\Windows\System\DcmZUwy.exe
  2⤵
  PID:1004
- C:\Windows\System\NJmZwSe.exe
  C:\Windows\System\NJmZwSe.exe
  2⤵
  PID:2748
- C:\Windows\System\mSOmNzr.exe
  C:\Windows\System\mSOmNzr.exe
  2⤵
  PID:1412
- C:\Windows\System\AYcjwND.exe
  C:\Windows\System\AYcjwND.exe
  2⤵
  PID:1992
- C:\Windows\System\eTZozDM.exe
  C:\Windows\System\eTZozDM.exe
  2⤵
  PID:484
- C:\Windows\System\slaQnoz.exe
  C:\Windows\System\slaQnoz.exe
  2⤵
  PID:1352
- C:\Windows\System\TdKdsxj.exe
  C:\Windows\System\TdKdsxj.exe
  2⤵
  PID:1208
- C:\Windows\System\EVQTyNF.exe
  C:\Windows\System\EVQTyNF.exe
  2⤵
  PID:1152
- C:\Windows\System\VPtPUFe.exe
  C:\Windows\System\VPtPUFe.exe
  2⤵
  PID:2584
- C:\Windows\System\gyczKfN.exe
  C:\Windows\System\gyczKfN.exe
  2⤵
  PID:2196
- C:\Windows\System\TadXLcJ.exe
  C:\Windows\System\TadXLcJ.exe
  2⤵
  PID:1744
- C:\Windows\System\BBFvycT.exe
  C:\Windows\System\BBFvycT.exe
  2⤵
  PID:1300
- C:\Windows\System\HyiloEp.exe
  C:\Windows\System\HyiloEp.exe
  2⤵
  PID:2316
- C:\Windows\System\yZdiHAN.exe
  C:\Windows\System\yZdiHAN.exe
  2⤵
  PID:2016
- C:\Windows\System\ApmavSc.exe
  C:\Windows\System\ApmavSc.exe
  2⤵
  PID:1748
- C:\Windows\System\paicawK.exe
  C:\Windows\System\paicawK.exe
  2⤵
  PID:2184
- C:\Windows\System\pKjSUZg.exe
  C:\Windows\System\pKjSUZg.exe
  2⤵
  PID:2716
- C:\Windows\System\fhgnAAC.exe
  C:\Windows\System\fhgnAAC.exe
  2⤵
  PID:2508
- C:\Windows\System\OWvAoUg.exe
  C:\Windows\System\OWvAoUg.exe
  2⤵
  PID:2832
- C:\Windows\System\UpjaLMC.exe
  C:\Windows\System\UpjaLMC.exe
  2⤵
  PID:644
- C:\Windows\System\uOssCwk.exe
  C:\Windows\System\uOssCwk.exe
  2⤵
  PID:1920
- C:\Windows\System\mFNnouD.exe
  C:\Windows\System\mFNnouD.exe
  2⤵
  PID:1108
- C:\Windows\System\uOckPuR.exe
  C:\Windows\System\uOckPuR.exe
  2⤵
  PID:608
- C:\Windows\System\WtFLOvN.exe
  C:\Windows\System\WtFLOvN.exe
  2⤵
  PID:1360
- C:\Windows\System\fXNobzt.exe
  C:\Windows\System\fXNobzt.exe
  2⤵
  PID:1260
- C:\Windows\System\nZlZcJF.exe
  C:\Windows\System\nZlZcJF.exe
  2⤵
  PID:944
- C:\Windows\System\YMAVSSA.exe
  C:\Windows\System\YMAVSSA.exe
  2⤵
  PID:3076
- C:\Windows\System\WhkujTw.exe
  C:\Windows\System\WhkujTw.exe
  2⤵
  PID:3096
- C:\Windows\System\uavmQpb.exe
  C:\Windows\System\uavmQpb.exe
  2⤵
  PID:3116
- C:\Windows\System\dPpxiBQ.exe
  C:\Windows\System\dPpxiBQ.exe
  2⤵
  PID:3136
- C:\Windows\System\ftwaPFY.exe
  C:\Windows\System\ftwaPFY.exe
  2⤵
  PID:3156
- C:\Windows\System\nlFlIzB.exe
  C:\Windows\System\nlFlIzB.exe
  2⤵
  PID:3176
- C:\Windows\System\dAdgurf.exe
  C:\Windows\System\dAdgurf.exe
  2⤵
  PID:3196
- C:\Windows\System\lrFkvvF.exe
  C:\Windows\System\lrFkvvF.exe
  2⤵
  PID:3216
- C:\Windows\System\KsNrLyE.exe
  C:\Windows\System\KsNrLyE.exe
  2⤵
  PID:3236
- C:\Windows\System\BUmTBbx.exe
  C:\Windows\System\BUmTBbx.exe
  2⤵
  PID:3256
- C:\Windows\System\BGyDYhp.exe
  C:\Windows\System\BGyDYhp.exe
  2⤵
  PID:3280
- C:\Windows\System\UioeJYx.exe
  C:\Windows\System\UioeJYx.exe
  2⤵
  PID:3300
- C:\Windows\System\eTvInIk.exe
  C:\Windows\System\eTvInIk.exe
  2⤵
  PID:3320
- C:\Windows\System\SRUQptD.exe
  C:\Windows\System\SRUQptD.exe
  2⤵
  PID:3340
- C:\Windows\System\tktTdZm.exe
  C:\Windows\System\tktTdZm.exe
  2⤵
  PID:3360
- C:\Windows\System\TGdHdpv.exe
  C:\Windows\System\TGdHdpv.exe
  2⤵
  PID:3380
- C:\Windows\System\ZlFYtuB.exe
  C:\Windows\System\ZlFYtuB.exe
  2⤵
  PID:3396
- C:\Windows\System\PuNxcGn.exe
  C:\Windows\System\PuNxcGn.exe
  2⤵
  PID:3420
- C:\Windows\System\QxFeUYY.exe
  C:\Windows\System\QxFeUYY.exe
  2⤵
  PID:3440
- C:\Windows\System\ZJCsmlo.exe
  C:\Windows\System\ZJCsmlo.exe
  2⤵
  PID:3460
- C:\Windows\System\yTQTFgA.exe
  C:\Windows\System\yTQTFgA.exe
  2⤵
  PID:3480
- C:\Windows\System\EVIhJiF.exe
  C:\Windows\System\EVIhJiF.exe
  2⤵
  PID:3500
- C:\Windows\System\grqIDRM.exe
  C:\Windows\System\grqIDRM.exe
  2⤵
  PID:3516
- C:\Windows\System\fRbmIHg.exe
  C:\Windows\System\fRbmIHg.exe
  2⤵
  PID:3540
- C:\Windows\System\oZClkzL.exe
  C:\Windows\System\oZClkzL.exe
  2⤵
  PID:3560
- C:\Windows\System\lPMVkjV.exe
  C:\Windows\System\lPMVkjV.exe
  2⤵
  PID:3580
- C:\Windows\System\tHajYWE.exe
  C:\Windows\System\tHajYWE.exe
  2⤵
  PID:3596
- C:\Windows\System\ccBSPfN.exe
  C:\Windows\System\ccBSPfN.exe
  2⤵
  PID:3620
- C:\Windows\System\FLZODvM.exe
  C:\Windows\System\FLZODvM.exe
  2⤵
  PID:3640
- C:\Windows\System\tFBcaXM.exe
  C:\Windows\System\tFBcaXM.exe
  2⤵
  PID:3660
- C:\Windows\System\jVIrYUi.exe
  C:\Windows\System\jVIrYUi.exe
  2⤵
  PID:3680
- C:\Windows\System\cMExMxv.exe
  C:\Windows\System\cMExMxv.exe
  2⤵
  PID:3700
- C:\Windows\System\NYNJwHk.exe
  C:\Windows\System\NYNJwHk.exe
  2⤵
  PID:3720
- C:\Windows\System\gKMCiYr.exe
  C:\Windows\System\gKMCiYr.exe
  2⤵
  PID:3740
- C:\Windows\System\jlkqFXa.exe
  C:\Windows\System\jlkqFXa.exe
  2⤵
  PID:3760
- C:\Windows\System\dnERicL.exe
  C:\Windows\System\dnERicL.exe
  2⤵
  PID:3780
- C:\Windows\System\tHjxWyx.exe
  C:\Windows\System\tHjxWyx.exe
  2⤵
  PID:3800
- C:\Windows\System\KJAySFL.exe
  C:\Windows\System\KJAySFL.exe
  2⤵
  PID:3820
- C:\Windows\System\ZLOGkkf.exe
  C:\Windows\System\ZLOGkkf.exe
  2⤵
  PID:3840
- C:\Windows\System\JpoRbWo.exe
  C:\Windows\System\JpoRbWo.exe
  2⤵
  PID:3860
- C:\Windows\System\kgHDkdU.exe
  C:\Windows\System\kgHDkdU.exe
  2⤵
  PID:3880
- C:\Windows\System\GZEWyAe.exe
  C:\Windows\System\GZEWyAe.exe
  2⤵
  PID:3900
- C:\Windows\System\ZsayfwK.exe
  C:\Windows\System\ZsayfwK.exe
  2⤵
  PID:3920
- C:\Windows\System\xeOYQey.exe
  C:\Windows\System\xeOYQey.exe
  2⤵
  PID:3944
- C:\Windows\System\lizVmBw.exe
  C:\Windows\System\lizVmBw.exe
  2⤵
  PID:3964
- C:\Windows\System\rubNnig.exe
  C:\Windows\System\rubNnig.exe
  2⤵
  PID:3984
- C:\Windows\System\dZwqmPN.exe
  C:\Windows\System\dZwqmPN.exe
  2⤵
  PID:4004
- C:\Windows\System\OJFBTFM.exe
  C:\Windows\System\OJFBTFM.exe
  2⤵
  PID:4024
- C:\Windows\System\pxtXKrv.exe
  C:\Windows\System\pxtXKrv.exe
  2⤵
  PID:4044
- C:\Windows\System\TRVHDoJ.exe
  C:\Windows\System\TRVHDoJ.exe
  2⤵
  PID:4064
- C:\Windows\System\OFOSPfg.exe
  C:\Windows\System\OFOSPfg.exe
  2⤵
  PID:4084
- C:\Windows\System\wrNdxuT.exe
  C:\Windows\System\wrNdxuT.exe
  2⤵
  PID:1544
- C:\Windows\System\XANmOnK.exe
  C:\Windows\System\XANmOnK.exe
  2⤵
  PID:1456
- C:\Windows\System\wrZjMVP.exe
  C:\Windows\System\wrZjMVP.exe
  2⤵
  PID:2672
- C:\Windows\System\ElmZUgk.exe
  C:\Windows\System\ElmZUgk.exe
  2⤵
  PID:2612
- C:\Windows\System\iATBGWP.exe
  C:\Windows\System\iATBGWP.exe
  2⤵
  PID:1880
- C:\Windows\System\Xshwucv.exe
  C:\Windows\System\Xshwucv.exe
  2⤵
  PID:1800
- C:\Windows\System\bznozSS.exe
  C:\Windows\System\bznozSS.exe
  2⤵
  PID:2344
- C:\Windows\System\fkJlQEf.exe
  C:\Windows\System\fkJlQEf.exe
  2⤵
  PID:3084
- C:\Windows\System\znzAZYB.exe
  C:\Windows\System\znzAZYB.exe
  2⤵
  PID:3124
- C:\Windows\System\bXDRRkV.exe
  C:\Windows\System\bXDRRkV.exe
  2⤵
  PID:3112
- C:\Windows\System\BxBGEhM.exe
  C:\Windows\System\BxBGEhM.exe
  2⤵
  PID:3144
- C:\Windows\System\BWgGHNU.exe
  C:\Windows\System\BWgGHNU.exe
  2⤵
  PID:3192
- C:\Windows\System\jLDszYa.exe
  C:\Windows\System\jLDszYa.exe
  2⤵
  PID:3252
- C:\Windows\System\bjNqnGY.exe
  C:\Windows\System\bjNqnGY.exe
  2⤵
  PID:3296
- C:\Windows\System\ybFDncE.exe
  C:\Windows\System\ybFDncE.exe
  2⤵
  PID:3328
- C:\Windows\System\HeAeOiE.exe
  C:\Windows\System\HeAeOiE.exe
  2⤵
  PID:3312
- C:\Windows\System\qGvXras.exe
  C:\Windows\System\qGvXras.exe
  2⤵
  PID:3356
- C:\Windows\System\IedrVnQ.exe
  C:\Windows\System\IedrVnQ.exe
  2⤵
  PID:3388
- C:\Windows\System\TidaHBf.exe
  C:\Windows\System\TidaHBf.exe
  2⤵
  PID:3452
- C:\Windows\System\FVxUNPd.exe
  C:\Windows\System\FVxUNPd.exe
  2⤵
  PID:3468
- C:\Windows\System\pMxtLRn.exe
  C:\Windows\System\pMxtLRn.exe
  2⤵
  PID:3524
- C:\Windows\System\KloYqQP.exe
  C:\Windows\System\KloYqQP.exe
  2⤵
  PID:3536
- C:\Windows\System\bOYDcvL.exe
  C:\Windows\System\bOYDcvL.exe
  2⤵
  PID:3556
- C:\Windows\System\pphzqZb.exe
  C:\Windows\System\pphzqZb.exe
  2⤵
  PID:3616
- C:\Windows\System\aQPkcok.exe
  C:\Windows\System\aQPkcok.exe
  2⤵
  PID:3636
- C:\Windows\System\EJzYuqE.exe
  C:\Windows\System\EJzYuqE.exe
  2⤵
  PID:3668
- C:\Windows\System\rWRiibl.exe
  C:\Windows\System\rWRiibl.exe
  2⤵
  PID:3736
- C:\Windows\System\iTurHxE.exe
  C:\Windows\System\iTurHxE.exe
  2⤵
  PID:3768
- C:\Windows\System\DbCMAbs.exe
  C:\Windows\System\DbCMAbs.exe
  2⤵
  PID:3748
- C:\Windows\System\fqgFGnI.exe
  C:\Windows\System\fqgFGnI.exe
  2⤵
  PID:3792
- C:\Windows\System\bYCxMBL.exe
  C:\Windows\System\bYCxMBL.exe
  2⤵
  PID:3832
- C:\Windows\System\JwunPLh.exe
  C:\Windows\System\JwunPLh.exe
  2⤵
  PID:3896
- C:\Windows\System\mTYeAjk.exe
  C:\Windows\System\mTYeAjk.exe
  2⤵
  PID:3936
- C:\Windows\System\mFYzLof.exe
  C:\Windows\System\mFYzLof.exe
  2⤵
  PID:3908
- C:\Windows\System\crKWkxq.exe
  C:\Windows\System\crKWkxq.exe
  2⤵
  PID:3960
- C:\Windows\System\BFVaWny.exe
  C:\Windows\System\BFVaWny.exe
  2⤵
  PID:4000
- C:\Windows\System\KGNofHo.exe
  C:\Windows\System\KGNofHo.exe
  2⤵
  PID:4036
- C:\Windows\System\HPeMCog.exe
  C:\Windows\System\HPeMCog.exe
  2⤵
  PID:2000
- C:\Windows\System\oquoAbs.exe
  C:\Windows\System\oquoAbs.exe
  2⤵
  PID:2544
- C:\Windows\System\viOFXUk.exe
  C:\Windows\System\viOFXUk.exe
  2⤵
  PID:2456
- C:\Windows\System\lwzpqjD.exe
  C:\Windows\System\lwzpqjD.exe
  2⤵
  PID:2752
- C:\Windows\System\uNTRSyM.exe
  C:\Windows\System\uNTRSyM.exe
  2⤵
  PID:800
- C:\Windows\System\awhjoiq.exe
  C:\Windows\System\awhjoiq.exe
  2⤵
  PID:916
- C:\Windows\System\kZKqUgA.exe
  C:\Windows\System\kZKqUgA.exe
  2⤵
  PID:3148
- C:\Windows\System\OcKuiHC.exe
  C:\Windows\System\OcKuiHC.exe
  2⤵
  PID:3184
- C:\Windows\System\FVdRiSf.exe
  C:\Windows\System\FVdRiSf.exe
  2⤵
  PID:3208
- C:\Windows\System\urhlQRE.exe
  C:\Windows\System\urhlQRE.exe
  2⤵
  PID:3228
- C:\Windows\System\bhfaHBN.exe
  C:\Windows\System\bhfaHBN.exe
  2⤵
  PID:3352
- C:\Windows\System\kdTXnuR.exe
  C:\Windows\System\kdTXnuR.exe
  2⤵
  PID:3408
- C:\Windows\System\oXsJWPa.exe
  C:\Windows\System\oXsJWPa.exe
  2⤵
  PID:3412
- C:\Windows\System\CDbpryO.exe
  C:\Windows\System\CDbpryO.exe
  2⤵
  PID:3488
- C:\Windows\System\oPqsRrm.exe
  C:\Windows\System\oPqsRrm.exe
  2⤵
  PID:3508
- C:\Windows\System\hHGDviN.exe
  C:\Windows\System\hHGDviN.exe
  2⤵
  PID:3628
- C:\Windows\System\sIjQPnN.exe
  C:\Windows\System\sIjQPnN.exe
  2⤵
  PID:3692
- C:\Windows\System\sfbXqZM.exe
  C:\Windows\System\sfbXqZM.exe
  2⤵
  PID:3676
- C:\Windows\System\SJRwKHM.exe
  C:\Windows\System\SJRwKHM.exe
  2⤵
  PID:3712
- C:\Windows\System\EawBdIB.exe
  C:\Windows\System\EawBdIB.exe
  2⤵
  PID:3816
- C:\Windows\System\eFBuuxQ.exe
  C:\Windows\System\eFBuuxQ.exe
  2⤵
  PID:3828
- C:\Windows\System\zrajUIw.exe
  C:\Windows\System\zrajUIw.exe
  2⤵
  PID:3956
- C:\Windows\System\BMIuttq.exe
  C:\Windows\System\BMIuttq.exe
  2⤵
  PID:4052
- C:\Windows\System\TJiRFDH.exe
  C:\Windows\System\TJiRFDH.exe
  2⤵
  PID:2948
- C:\Windows\System\oIEjkWO.exe
  C:\Windows\System\oIEjkWO.exe
  2⤵
  PID:4032
- C:\Windows\System\YlKqOfi.exe
  C:\Windows\System\YlKqOfi.exe
  2⤵
  PID:1636
- C:\Windows\System\WLUPVKX.exe
  C:\Windows\System\WLUPVKX.exe
  2⤵
  PID:3092
- C:\Windows\System\sspYDFF.exe
  C:\Windows\System\sspYDFF.exe
  2⤵
  PID:3172
- C:\Windows\System\ZllxYnH.exe
  C:\Windows\System\ZllxYnH.exe
  2⤵
  PID:3204
- C:\Windows\System\gjLWBGZ.exe
  C:\Windows\System\gjLWBGZ.exe
  2⤵
  PID:3232
- C:\Windows\System\KWJyOqv.exe
  C:\Windows\System\KWJyOqv.exe
  2⤵
  PID:3372
- C:\Windows\System\sdcUSbi.exe
  C:\Windows\System\sdcUSbi.exe
  2⤵
  PID:3404
- C:\Windows\System\xuOnkej.exe
  C:\Windows\System\xuOnkej.exe
  2⤵
  PID:3512
- C:\Windows\System\eXzhUsQ.exe
  C:\Windows\System\eXzhUsQ.exe
  2⤵
  PID:3648
- C:\Windows\System\tEJxVoq.exe
  C:\Windows\System\tEJxVoq.exe
  2⤵
  PID:3652
- C:\Windows\System\tZZByCA.exe
  C:\Windows\System\tZZByCA.exe
  2⤵
  PID:3752
- C:\Windows\System\zZjxBRs.exe
  C:\Windows\System\zZjxBRs.exe
  2⤵
  PID:3928
- C:\Windows\System\xTLRaBV.exe
  C:\Windows\System\xTLRaBV.exe
  2⤵
  PID:3992
- C:\Windows\System\anUCzzG.exe
  C:\Windows\System\anUCzzG.exe
  2⤵
  PID:2740
- C:\Windows\System\uGlIUCW.exe
  C:\Windows\System\uGlIUCW.exe
  2⤵
  PID:2500
- C:\Windows\System\rZMgjsQ.exe
  C:\Windows\System\rZMgjsQ.exe
  2⤵
  PID:2064
- C:\Windows\System\tifuRUS.exe
  C:\Windows\System\tifuRUS.exe
  2⤵
  PID:2152
- C:\Windows\System\CBAOYVC.exe
  C:\Windows\System\CBAOYVC.exe
  2⤵
  PID:3448
- C:\Windows\System\oYkJEYI.exe
  C:\Windows\System\oYkJEYI.exe
  2⤵
  PID:3612
- C:\Windows\System\YVvHJQm.exe
  C:\Windows\System\YVvHJQm.exe
  2⤵
  PID:3688
- C:\Windows\System\sCvXetm.exe
  C:\Windows\System\sCvXetm.exe
  2⤵
  PID:3876
- C:\Windows\System\dIqStuC.exe
  C:\Windows\System\dIqStuC.exe
  2⤵
  PID:3912
- C:\Windows\System\EmeYoVH.exe
  C:\Windows\System\EmeYoVH.exe
  2⤵
  PID:4076
- C:\Windows\System\FNcghPD.exe
  C:\Windows\System\FNcghPD.exe
  2⤵
  PID:4108
- C:\Windows\System\RxylEKE.exe
  C:\Windows\System\RxylEKE.exe
  2⤵
  PID:4128
- C:\Windows\System\rksjTWp.exe
  C:\Windows\System\rksjTWp.exe
  2⤵
  PID:4148
- C:\Windows\System\mKJDXpb.exe
  C:\Windows\System\mKJDXpb.exe
  2⤵
  PID:4168
- C:\Windows\System\JIbzXWk.exe
  C:\Windows\System\JIbzXWk.exe
  2⤵
  PID:4188
- C:\Windows\System\uddsver.exe
  C:\Windows\System\uddsver.exe
  2⤵
  PID:4208
- C:\Windows\System\NGkkTgU.exe
  C:\Windows\System\NGkkTgU.exe
  2⤵
  PID:4224
- C:\Windows\System\GSQLdUU.exe
  C:\Windows\System\GSQLdUU.exe
  2⤵
  PID:4252
- C:\Windows\System\zaOLmhP.exe
  C:\Windows\System\zaOLmhP.exe
  2⤵
  PID:4272
- C:\Windows\System\KgHeiod.exe
  C:\Windows\System\KgHeiod.exe
  2⤵
  PID:4292
- C:\Windows\System\YaWwybP.exe
  C:\Windows\System\YaWwybP.exe
  2⤵
  PID:4312
- C:\Windows\System\hosZuPd.exe
  C:\Windows\System\hosZuPd.exe
  2⤵
  PID:4332
- C:\Windows\System\fIFFbkF.exe
  C:\Windows\System\fIFFbkF.exe
  2⤵
  PID:4352
- C:\Windows\System\ARjfLdJ.exe
  C:\Windows\System\ARjfLdJ.exe
  2⤵
  PID:4372
- C:\Windows\System\pQBuvVW.exe
  C:\Windows\System\pQBuvVW.exe
  2⤵
  PID:4388
- C:\Windows\System\cPXpAJm.exe
  C:\Windows\System\cPXpAJm.exe
  2⤵
  PID:4412
- C:\Windows\System\UcEAkzW.exe
  C:\Windows\System\UcEAkzW.exe
  2⤵
  PID:4432
- C:\Windows\System\HyIayRC.exe
  C:\Windows\System\HyIayRC.exe
  2⤵
  PID:4452
- C:\Windows\System\iwRjWUv.exe
  C:\Windows\System\iwRjWUv.exe
  2⤵
  PID:4472
- C:\Windows\System\UrcDZla.exe
  C:\Windows\System\UrcDZla.exe
  2⤵
  PID:4492
- C:\Windows\System\iDtFaki.exe
  C:\Windows\System\iDtFaki.exe
  2⤵
  PID:4512
- C:\Windows\System\ybkeCic.exe
  C:\Windows\System\ybkeCic.exe
  2⤵
  PID:4532
- C:\Windows\System\pqUnBSd.exe
  C:\Windows\System\pqUnBSd.exe
  2⤵
  PID:4552
- C:\Windows\System\bNtKypf.exe
  C:\Windows\System\bNtKypf.exe
  2⤵
  PID:4572
- C:\Windows\System\ukgkhrQ.exe
  C:\Windows\System\ukgkhrQ.exe
  2⤵
  PID:4596
- C:\Windows\System\HgfEJQI.exe
  C:\Windows\System\HgfEJQI.exe
  2⤵
  PID:4616
- C:\Windows\System\sfkCxUu.exe
  C:\Windows\System\sfkCxUu.exe
  2⤵
  PID:4636
- C:\Windows\System\ljmdHos.exe
  C:\Windows\System\ljmdHos.exe
  2⤵
  PID:4656
- C:\Windows\System\qslctoW.exe
  C:\Windows\System\qslctoW.exe
  2⤵
  PID:4676
- C:\Windows\System\NFpQMYV.exe
  C:\Windows\System\NFpQMYV.exe
  2⤵
  PID:4696
- C:\Windows\System\qFnlAeo.exe
  C:\Windows\System\qFnlAeo.exe
  2⤵
  PID:4716
- C:\Windows\System\EJZYRkw.exe
  C:\Windows\System\EJZYRkw.exe
  2⤵
  PID:4736
- C:\Windows\System\tYJxejw.exe
  C:\Windows\System\tYJxejw.exe
  2⤵
  PID:4756
- C:\Windows\System\KGkeXKk.exe
  C:\Windows\System\KGkeXKk.exe
  2⤵
  PID:4776
- C:\Windows\System\whzrUWP.exe
  C:\Windows\System\whzrUWP.exe
  2⤵
  PID:4796
- C:\Windows\System\BZuGhwh.exe
  C:\Windows\System\BZuGhwh.exe
  2⤵
  PID:4816
- C:\Windows\System\QocCoXX.exe
  C:\Windows\System\QocCoXX.exe
  2⤵
  PID:4836
- C:\Windows\System\tyuxhft.exe
  C:\Windows\System\tyuxhft.exe
  2⤵
  PID:4856
- C:\Windows\System\FlcFyNW.exe
  C:\Windows\System\FlcFyNW.exe
  2⤵
  PID:4876
- C:\Windows\System\ozEThrf.exe
  C:\Windows\System\ozEThrf.exe
  2⤵
  PID:4896
- C:\Windows\System\sVJWffy.exe
  C:\Windows\System\sVJWffy.exe
  2⤵
  PID:4916
- C:\Windows\System\dXfqDhV.exe
  C:\Windows\System\dXfqDhV.exe
  2⤵
  PID:4936
- C:\Windows\System\wBVAESk.exe
  C:\Windows\System\wBVAESk.exe
  2⤵
  PID:4952
- C:\Windows\System\llezhBg.exe
  C:\Windows\System\llezhBg.exe
  2⤵
  PID:4976
- C:\Windows\System\jqumifa.exe
  C:\Windows\System\jqumifa.exe
  2⤵
  PID:4992
- C:\Windows\System\aiEVSJU.exe
  C:\Windows\System\aiEVSJU.exe
  2⤵
  PID:5016
- C:\Windows\System\YcBxtXN.exe
  C:\Windows\System\YcBxtXN.exe
  2⤵
  PID:5036
- C:\Windows\System\WnwKwQg.exe
  C:\Windows\System\WnwKwQg.exe
  2⤵
  PID:5056
- C:\Windows\System\wOiXKdP.exe
  C:\Windows\System\wOiXKdP.exe
  2⤵
  PID:5076
- C:\Windows\System\dvfPSIh.exe
  C:\Windows\System\dvfPSIh.exe
  2⤵
  PID:5096
- C:\Windows\System\lwXpJGD.exe
  C:\Windows\System\lwXpJGD.exe
  2⤵
  PID:5116
- C:\Windows\System\hGxZKqr.exe
  C:\Windows\System\hGxZKqr.exe
  2⤵
  PID:3212
- C:\Windows\System\jcYeWBJ.exe
  C:\Windows\System\jcYeWBJ.exe
  2⤵
  PID:3416
- C:\Windows\System\LlrUThG.exe
  C:\Windows\System\LlrUThG.exe
  2⤵
  PID:3772
- C:\Windows\System\CMpFmjO.exe
  C:\Windows\System\CMpFmjO.exe
  2⤵
  PID:1056
- C:\Windows\System\FRFbiIh.exe
  C:\Windows\System\FRFbiIh.exe
  2⤵
  PID:2332
- C:\Windows\System\ZuGeXvY.exe
  C:\Windows\System\ZuGeXvY.exe
  2⤵
  PID:4100
- C:\Windows\System\QOiHEnw.exe
  C:\Windows\System\QOiHEnw.exe
  2⤵
  PID:4144
- C:\Windows\System\ePaqZgc.exe
  C:\Windows\System\ePaqZgc.exe
  2⤵
  PID:4184
- C:\Windows\System\IBAXofR.exe
  C:\Windows\System\IBAXofR.exe
  2⤵
  PID:4248
- C:\Windows\System\IVtISMX.exe
  C:\Windows\System\IVtISMX.exe
  2⤵
  PID:4244
- C:\Windows\System\fdMYUum.exe
  C:\Windows\System\fdMYUum.exe
  2⤵
  PID:4264
- C:\Windows\System\FQHePMh.exe
  C:\Windows\System\FQHePMh.exe
  2⤵
  PID:4308
- C:\Windows\System\LhLxnNJ.exe
  C:\Windows\System\LhLxnNJ.exe
  2⤵
  PID:4348
- C:\Windows\System\BRwlPXY.exe
  C:\Windows\System\BRwlPXY.exe
  2⤵
  PID:4396
- C:\Windows\System\LcRxmwQ.exe
  C:\Windows\System\LcRxmwQ.exe
  2⤵
  PID:4404
- C:\Windows\System\qRZTjAl.exe
  C:\Windows\System\qRZTjAl.exe
  2⤵
  PID:4440
- C:\Windows\System\DzumpjD.exe
  C:\Windows\System\DzumpjD.exe
  2⤵
  PID:3056
- C:\Windows\System\qVgwlWa.exe
  C:\Windows\System\qVgwlWa.exe
  2⤵
  PID:4480
- C:\Windows\System\HoPejhK.exe
  C:\Windows\System\HoPejhK.exe
  2⤵
  PID:4484
- C:\Windows\System\hPLMBKf.exe
  C:\Windows\System\hPLMBKf.exe
  2⤵
  PID:4500
- C:\Windows\System\ZyqkoEC.exe
  C:\Windows\System\ZyqkoEC.exe
  2⤵
  PID:4544
- C:\Windows\System\UdipWYz.exe
  C:\Windows\System\UdipWYz.exe
  2⤵
  PID:4612
- C:\Windows\System\xYwmJqe.exe
  C:\Windows\System\xYwmJqe.exe
  2⤵
  PID:4624
- C:\Windows\System\xHwlAEW.exe
  C:\Windows\System\xHwlAEW.exe
  2⤵
  PID:4648
- C:\Windows\System\pPzgffe.exe
  C:\Windows\System\pPzgffe.exe
  2⤵
  PID:4668
- C:\Windows\System\mUaVRfq.exe
  C:\Windows\System\mUaVRfq.exe
  2⤵
  PID:4712
- C:\Windows\System\DeHotGg.exe
  C:\Windows\System\DeHotGg.exe
  2⤵
  PID:2944
- C:\Windows\System\txpUxyB.exe
  C:\Windows\System\txpUxyB.exe
  2⤵
  PID:2040
- C:\Windows\System\ehjgiDQ.exe
  C:\Windows\System\ehjgiDQ.exe
  2⤵
  PID:4808
- C:\Windows\System\GcxVdyh.exe
  C:\Windows\System\GcxVdyh.exe
  2⤵
  PID:4824
- C:\Windows\System\NbvhRkm.exe
  C:\Windows\System\NbvhRkm.exe
  2⤵
  PID:4892
- C:\Windows\System\bxTCkgI.exe
  C:\Windows\System\bxTCkgI.exe
  2⤵
  PID:4924
- C:\Windows\System\tizOfPF.exe
  C:\Windows\System\tizOfPF.exe
  2⤵
  PID:4928
- C:\Windows\System\GPEwseO.exe
  C:\Windows\System\GPEwseO.exe
  2⤵
  PID:4944
- C:\Windows\System\TECljbo.exe
  C:\Windows\System\TECljbo.exe
  2⤵
  PID:4984
- C:\Windows\System\FFvDUUB.exe
  C:\Windows\System\FFvDUUB.exe
  2⤵
  PID:5024
- C:\Windows\System\EnxcLyL.exe
  C:\Windows\System\EnxcLyL.exe
  2⤵
  PID:5064
- C:\Windows\System\xntEHYt.exe
  C:\Windows\System\xntEHYt.exe
  2⤵
  PID:5088
- C:\Windows\System\LnqACPK.exe
  C:\Windows\System\LnqACPK.exe
  2⤵
  PID:2360
- C:\Windows\System\AdgeSty.exe
  C:\Windows\System\AdgeSty.exe
  2⤵
  PID:3376
- C:\Windows\System\oDGrwQX.exe
  C:\Windows\System\oDGrwQX.exe
  2⤵
  PID:3568
- C:\Windows\System\nbwMoAs.exe
  C:\Windows\System\nbwMoAs.exe
  2⤵
  PID:1928
- C:\Windows\System\NdZPgMx.exe
  C:\Windows\System\NdZPgMx.exe
  2⤵
  PID:4120
- C:\Windows\System\rDNMVsR.exe
  C:\Windows\System\rDNMVsR.exe
  2⤵
  PID:4240
- C:\Windows\System\PNgiRuS.exe
  C:\Windows\System\PNgiRuS.exe
  2⤵
  PID:4280
- C:\Windows\System\EvSukQK.exe
  C:\Windows\System\EvSukQK.exe
  2⤵
  PID:4320
- C:\Windows\System\LThjqCj.exe
  C:\Windows\System\LThjqCj.exe
  2⤵
  PID:4408
- C:\Windows\System\wgHlTXP.exe
  C:\Windows\System\wgHlTXP.exe
  2⤵
  PID:4380
- C:\Windows\System\PLavpYy.exe
  C:\Windows\System\PLavpYy.exe
  2⤵
  PID:2620
- C:\Windows\System\lRLQDUc.exe
  C:\Windows\System\lRLQDUc.exe
  2⤵
  PID:4464
- C:\Windows\System\UsGTdMj.exe
  C:\Windows\System\UsGTdMj.exe
  2⤵
  PID:4504
- C:\Windows\System\VaFSlVo.exe
  C:\Windows\System\VaFSlVo.exe
  2⤵
  PID:4604
- C:\Windows\System\pBPLbXz.exe
  C:\Windows\System\pBPLbXz.exe
  2⤵
  PID:4628
- C:\Windows\System\rSNeVpC.exe
  C:\Windows\System\rSNeVpC.exe
  2⤵
  PID:4692
- C:\Windows\System\iedRdDT.exe
  C:\Windows\System\iedRdDT.exe
  2⤵
  PID:4764
- C:\Windows\System\cWMFeYF.exe
  C:\Windows\System\cWMFeYF.exe
  2⤵
  PID:4812
- C:\Windows\System\IUHKmWL.exe
  C:\Windows\System\IUHKmWL.exe
  2⤵
  PID:4828
- C:\Windows\System\NNQFPhw.exe
  C:\Windows\System\NNQFPhw.exe
  2⤵
  PID:4904
- C:\Windows\System\BpTEqVX.exe
  C:\Windows\System\BpTEqVX.exe
  2⤵
  PID:2540
- C:\Windows\System\CnSbScS.exe
  C:\Windows\System\CnSbScS.exe
  2⤵
  PID:4972
- C:\Windows\System\IqiyDvd.exe
  C:\Windows\System\IqiyDvd.exe
  2⤵
  PID:5048
- C:\Windows\System\SetYLKM.exe
  C:\Windows\System\SetYLKM.exe
  2⤵
  PID:1548
- C:\Windows\System\bBhkTMR.exe
  C:\Windows\System\bBhkTMR.exe
  2⤵
  PID:3316
- C:\Windows\System\mnwFyxc.exe
  C:\Windows\System\mnwFyxc.exe
  2⤵
  PID:2548
- C:\Windows\System\rWnKyHK.exe
  C:\Windows\System\rWnKyHK.exe
  2⤵
  PID:4104
- C:\Windows\System\DEpOdIt.exe
  C:\Windows\System\DEpOdIt.exe
  2⤵
  PID:4200
- C:\Windows\System\HDObkLf.exe
  C:\Windows\System\HDObkLf.exe
  2⤵
  PID:4360
- C:\Windows\System\rnChOTt.exe
  C:\Windows\System\rnChOTt.exe
  2⤵
  PID:2444
- C:\Windows\System\XKFUmIy.exe
  C:\Windows\System\XKFUmIy.exe
  2⤵
  PID:1140
- C:\Windows\System\tOrAbDe.exe
  C:\Windows\System\tOrAbDe.exe
  2⤵
  PID:4520
- C:\Windows\System\qnJiZhT.exe
  C:\Windows\System\qnJiZhT.exe
  2⤵
  PID:4584
- C:\Windows\System\cNPamZY.exe
  C:\Windows\System\cNPamZY.exe
  2⤵
  PID:4732
- C:\Windows\System\VNilFze.exe
  C:\Windows\System\VNilFze.exe
  2⤵
  PID:2924
- C:\Windows\System\ACzARHm.exe
  C:\Windows\System\ACzARHm.exe
  2⤵
  PID:4848
- C:\Windows\System\YzsSzMO.exe
  C:\Windows\System\YzsSzMO.exe
  2⤵
  PID:4844
- C:\Windows\System\AKNMKBb.exe
  C:\Windows\System\AKNMKBb.exe
  2⤵
  PID:5028
- C:\Windows\System\iVsRfEL.exe
  C:\Windows\System\iVsRfEL.exe
  2⤵
  PID:5052
- C:\Windows\System\WrGnBNp.exe
  C:\Windows\System\WrGnBNp.exe
  2⤵
  PID:3288
- C:\Windows\System\seogeyy.exe
  C:\Windows\System\seogeyy.exe
  2⤵
  PID:2080
- C:\Windows\System\zyJMnXt.exe
  C:\Windows\System\zyJMnXt.exe
  2⤵
  PID:4196
- C:\Windows\System\OKNFzbI.exe
  C:\Windows\System\OKNFzbI.exe
  2⤵
  PID:2668
- C:\Windows\System\fKlfOli.exe
  C:\Windows\System\fKlfOli.exe
  2⤵
  PID:4444
- C:\Windows\System\ZOworyS.exe
  C:\Windows\System\ZOworyS.exe
  2⤵
  PID:5128
- C:\Windows\System\oaWuszV.exe
  C:\Windows\System\oaWuszV.exe
  2⤵
  PID:5148
- C:\Windows\System\fnpItPb.exe
  C:\Windows\System\fnpItPb.exe
  2⤵
  PID:5168
- C:\Windows\System\jDyrSxz.exe
  C:\Windows\System\jDyrSxz.exe
  2⤵
  PID:5188
- C:\Windows\System\fBXcHXZ.exe
  C:\Windows\System\fBXcHXZ.exe
  2⤵
  PID:5208
- C:\Windows\System\sMJfGOB.exe
  C:\Windows\System\sMJfGOB.exe
  2⤵
  PID:5228
- C:\Windows\System\PmlwMpr.exe
  C:\Windows\System\PmlwMpr.exe
  2⤵
  PID:5248
- C:\Windows\System\yhIfQdZ.exe
  C:\Windows\System\yhIfQdZ.exe
  2⤵
  PID:5268
- C:\Windows\System\jeyGfBz.exe
  C:\Windows\System\jeyGfBz.exe
  2⤵
  PID:5288
- C:\Windows\System\YCGdNOf.exe
  C:\Windows\System\YCGdNOf.exe
  2⤵
  PID:5308
- C:\Windows\System\UVvYCQQ.exe
  C:\Windows\System\UVvYCQQ.exe
  2⤵
  PID:5328
- C:\Windows\System\OUxVCng.exe
  C:\Windows\System\OUxVCng.exe
  2⤵
  PID:5348
- C:\Windows\System\rFrLGVJ.exe
  C:\Windows\System\rFrLGVJ.exe
  2⤵
  PID:5368
- C:\Windows\System\ZFDESJp.exe
  C:\Windows\System\ZFDESJp.exe
  2⤵
  PID:5388
- C:\Windows\System\DrhFcuV.exe
  C:\Windows\System\DrhFcuV.exe
  2⤵
  PID:5408
- C:\Windows\System\avcQcXq.exe
  C:\Windows\System\avcQcXq.exe
  2⤵
  PID:5428
- C:\Windows\System\RNnUgdQ.exe
  C:\Windows\System\RNnUgdQ.exe
  2⤵
  PID:5448
- C:\Windows\System\Zoqglhj.exe
  C:\Windows\System\Zoqglhj.exe
  2⤵
  PID:5468
- C:\Windows\System\kfhACSx.exe
  C:\Windows\System\kfhACSx.exe
  2⤵
  PID:5488
- C:\Windows\System\uNBgofO.exe
  C:\Windows\System\uNBgofO.exe
  2⤵
  PID:5508
- C:\Windows\System\kSFyqFz.exe
  C:\Windows\System\kSFyqFz.exe
  2⤵
  PID:5528
- C:\Windows\System\IyyOHOo.exe
  C:\Windows\System\IyyOHOo.exe
  2⤵
  PID:5548
- C:\Windows\System\gzGBfNH.exe
  C:\Windows\System\gzGBfNH.exe
  2⤵
  PID:5568
- C:\Windows\System\ZOvrifx.exe
  C:\Windows\System\ZOvrifx.exe
  2⤵
  PID:5588
- C:\Windows\System\GVcjUEq.exe
  C:\Windows\System\GVcjUEq.exe
  2⤵
  PID:5608
- C:\Windows\System\xPLBvQY.exe
  C:\Windows\System\xPLBvQY.exe
  2⤵
  PID:5628
- C:\Windows\System\VOwaqaz.exe
  C:\Windows\System\VOwaqaz.exe
  2⤵
  PID:5648
- C:\Windows\System\EhdfqmS.exe
  C:\Windows\System\EhdfqmS.exe
  2⤵
  PID:5668
- C:\Windows\System\kYLHSpZ.exe
  C:\Windows\System\kYLHSpZ.exe
  2⤵
  PID:5688
- C:\Windows\System\imSTttz.exe
  C:\Windows\System\imSTttz.exe
  2⤵
  PID:5708
- C:\Windows\System\uokAtij.exe
  C:\Windows\System\uokAtij.exe
  2⤵
  PID:5732
- C:\Windows\System\BTTVQFQ.exe
  C:\Windows\System\BTTVQFQ.exe
  2⤵
  PID:5752
- C:\Windows\System\pyoVclx.exe
  C:\Windows\System\pyoVclx.exe
  2⤵
  PID:5772
- C:\Windows\System\TNSZZkB.exe
  C:\Windows\System\TNSZZkB.exe
  2⤵
  PID:5792
- C:\Windows\System\hxqGytF.exe
  C:\Windows\System\hxqGytF.exe
  2⤵
  PID:5812
- C:\Windows\System\HpEGmEH.exe
  C:\Windows\System\HpEGmEH.exe
  2⤵
  PID:5832
- C:\Windows\System\WKsGlPo.exe
  C:\Windows\System\WKsGlPo.exe
  2⤵
  PID:5852
- C:\Windows\System\Ftyirmf.exe
  C:\Windows\System\Ftyirmf.exe
  2⤵
  PID:5872
- C:\Windows\System\tGWJTIX.exe
  C:\Windows\System\tGWJTIX.exe
  2⤵
  PID:5892
- C:\Windows\System\SxqSRbQ.exe
  C:\Windows\System\SxqSRbQ.exe
  2⤵
  PID:5912
- C:\Windows\System\WqEgaeL.exe
  C:\Windows\System\WqEgaeL.exe
  2⤵
  PID:5932
- C:\Windows\System\fLjXtLd.exe
  C:\Windows\System\fLjXtLd.exe
  2⤵
  PID:5952
- C:\Windows\System\qyEoHxY.exe
  C:\Windows\System\qyEoHxY.exe
  2⤵
  PID:5972
- C:\Windows\System\UNiUMLi.exe
  C:\Windows\System\UNiUMLi.exe
  2⤵
  PID:5992
- C:\Windows\System\pcCvNbb.exe
  C:\Windows\System\pcCvNbb.exe
  2⤵
  PID:6012
- C:\Windows\System\ixECdFR.exe
  C:\Windows\System\ixECdFR.exe
  2⤵
  PID:6032
- C:\Windows\System\mlsXyxj.exe
  C:\Windows\System\mlsXyxj.exe
  2⤵
  PID:6052
- C:\Windows\System\zxLfFiU.exe
  C:\Windows\System\zxLfFiU.exe
  2⤵
  PID:6072
- C:\Windows\System\pvorxJJ.exe
  C:\Windows\System\pvorxJJ.exe
  2⤵
  PID:6092
- C:\Windows\System\avvAnRr.exe
  C:\Windows\System\avvAnRr.exe
  2⤵
  PID:6112
- C:\Windows\System\RopPUgS.exe
  C:\Windows\System\RopPUgS.exe
  2⤵
  PID:6132
- C:\Windows\System\yGGijcY.exe
  C:\Windows\System\yGGijcY.exe
  2⤵
  PID:4784
- C:\Windows\System\glEDrfi.exe
  C:\Windows\System\glEDrfi.exe
  2⤵
  PID:4772
- C:\Windows\System\QFjrTTf.exe
  C:\Windows\System\QFjrTTf.exe
  2⤵
  PID:4988
- C:\Windows\System\gYLncxd.exe
  C:\Windows\System\gYLncxd.exe
  2⤵
  PID:5112
- C:\Windows\System\TMWNhaF.exe
  C:\Windows\System\TMWNhaF.exe
  2⤵
  PID:1812
- C:\Windows\System\XUWzkrz.exe
  C:\Windows\System\XUWzkrz.exe
  2⤵
  PID:4176
- C:\Windows\System\QYrkzpI.exe
  C:\Windows\System\QYrkzpI.exe
  2⤵
  PID:4288
- C:\Windows\System\sPfiRfH.exe
  C:\Windows\System\sPfiRfH.exe
  2⤵
  PID:4568
- C:\Windows\System\yZLwbDC.exe
  C:\Windows\System\yZLwbDC.exe
  2⤵
  PID:5164
- C:\Windows\System\pAIIfaP.exe
  C:\Windows\System\pAIIfaP.exe
  2⤵
  PID:5196
- C:\Windows\System\KBjUHLt.exe
  C:\Windows\System\KBjUHLt.exe
  2⤵
  PID:5220
- C:\Windows\System\TZfAYLy.exe
  C:\Windows\System\TZfAYLy.exe
  2⤵
  PID:5256
- C:\Windows\System\LYjwHjG.exe
  C:\Windows\System\LYjwHjG.exe
  2⤵
  PID:5296
- C:\Windows\System\ZnPiOAq.exe
  C:\Windows\System\ZnPiOAq.exe
  2⤵
  PID:5320
- C:\Windows\System\PxyTJQl.exe
  C:\Windows\System\PxyTJQl.exe
  2⤵
  PID:5340
- C:\Windows\System\duNxLqu.exe
  C:\Windows\System\duNxLqu.exe
  2⤵
  PID:5396
- C:\Windows\System\cQLJxqQ.exe
  C:\Windows\System\cQLJxqQ.exe
  2⤵
  PID:5436
- C:\Windows\System\dIpkZzr.exe
  C:\Windows\System\dIpkZzr.exe
  2⤵
  PID:5464
- C:\Windows\System\gzUEPBx.exe
  C:\Windows\System\gzUEPBx.exe
  2⤵
  PID:2284
- C:\Windows\System\zoZvtjq.exe
  C:\Windows\System\zoZvtjq.exe
  2⤵
  PID:5524
- C:\Windows\System\VXODdbT.exe
  C:\Windows\System\VXODdbT.exe
  2⤵
  PID:3276
- C:\Windows\System\BlmLpUj.exe
  C:\Windows\System\BlmLpUj.exe
  2⤵
  PID:5560
- C:\Windows\System\TlQwyxL.exe
  C:\Windows\System\TlQwyxL.exe
  2⤵
  PID:5604
- C:\Windows\System\lOTzrgS.exe
  C:\Windows\System\lOTzrgS.exe
  2⤵
  PID:5644
- C:\Windows\System\MCbNjdI.exe
  C:\Windows\System\MCbNjdI.exe
  2⤵
  PID:5684
- C:\Windows\System\xZjHJlf.exe
  C:\Windows\System\xZjHJlf.exe
  2⤵
  PID:5700
- C:\Windows\System\pZyLMcv.exe
  C:\Windows\System\pZyLMcv.exe
  2⤵
  PID:5740
- C:\Windows\System\zcRcanq.exe
  C:\Windows\System\zcRcanq.exe
  2⤵
  PID:5764
- C:\Windows\System\lpUXhnE.exe
  C:\Windows\System\lpUXhnE.exe
  2⤵
  PID:5804
- C:\Windows\System\ypmfskM.exe
  C:\Windows\System\ypmfskM.exe
  2⤵
  PID:5824
- C:\Windows\System\hZGYsqM.exe
  C:\Windows\System\hZGYsqM.exe
  2⤵
  PID:5868
- C:\Windows\System\IDquLpy.exe
  C:\Windows\System\IDquLpy.exe
  2⤵
  PID:5928
- C:\Windows\System\wWXwarF.exe
  C:\Windows\System\wWXwarF.exe
  2⤵
  PID:5940
- C:\Windows\System\HHhCnOn.exe
  C:\Windows\System\HHhCnOn.exe
  2⤵
  PID:5964
- C:\Windows\System\byLLzUu.exe
  C:\Windows\System\byLLzUu.exe
  2⤵
  PID:5984
- C:\Windows\System\GScLrvn.exe
  C:\Windows\System\GScLrvn.exe
  2⤵
  PID:6040
- C:\Windows\System\ibuERlZ.exe
  C:\Windows\System\ibuERlZ.exe
  2⤵
  PID:6068
- C:\Windows\System\NQeDUKv.exe
  C:\Windows\System\NQeDUKv.exe
  2⤵
  PID:6100
- C:\Windows\System\tIqcvsS.exe
  C:\Windows\System\tIqcvsS.exe
  2⤵
  PID:6124
- C:\Windows\System\vYdxBiK.exe
  C:\Windows\System\vYdxBiK.exe
  2⤵
  PID:4908
- C:\Windows\System\jCPVrpq.exe
  C:\Windows\System\jCPVrpq.exe
  2⤵
  PID:5008
- C:\Windows\System\ZPVExXd.exe
  C:\Windows\System\ZPVExXd.exe
  2⤵
  PID:4020
- C:\Windows\System\SQQSWfs.exe
  C:\Windows\System\SQQSWfs.exe
  2⤵
  PID:4424
- C:\Windows\System\UZVZoBx.exe
  C:\Windows\System\UZVZoBx.exe
  2⤵
  PID:5176
- C:\Windows\System\daPfHkf.exe
  C:\Windows\System\daPfHkf.exe
  2⤵
  PID:5184
- C:\Windows\System\YiloQsb.exe
  C:\Windows\System\YiloQsb.exe
  2⤵
  PID:5240
- C:\Windows\System\KhYKraU.exe
  C:\Windows\System\KhYKraU.exe
  2⤵
  PID:5284
- C:\Windows\System\ZyOSDny.exe
  C:\Windows\System\ZyOSDny.exe
  2⤵
  PID:5376
- C:\Windows\System\AUxuDYw.exe
  C:\Windows\System\AUxuDYw.exe
  2⤵
  PID:2664
- C:\Windows\System\GDHJPLf.exe
  C:\Windows\System\GDHJPLf.exe
  2⤵
  PID:5456
- C:\Windows\System\cobotix.exe
  C:\Windows\System\cobotix.exe
  2⤵
  PID:2228
- C:\Windows\System\HcoxPnI.exe
  C:\Windows\System\HcoxPnI.exe
  2⤵
  PID:5544
- C:\Windows\System\HKdCgYM.exe
  C:\Windows\System\HKdCgYM.exe
  2⤵
  PID:5596
- C:\Windows\System\MHgQxco.exe
  C:\Windows\System\MHgQxco.exe
  2⤵
  PID:2348
- C:\Windows\System\QUpkxqK.exe
  C:\Windows\System\QUpkxqK.exe
  2⤵
  PID:5656
- C:\Windows\System\XTrwGTm.exe
  C:\Windows\System\XTrwGTm.exe
  2⤵
  PID:5768
- C:\Windows\System\ZjWkIJw.exe
  C:\Windows\System\ZjWkIJw.exe
  2⤵
  PID:5808
- C:\Windows\System\LohUEgs.exe
  C:\Windows\System\LohUEgs.exe
  2⤵
  PID:5844
- C:\Windows\System\CiSDJaj.exe
  C:\Windows\System\CiSDJaj.exe
  2⤵
  PID:5884
- C:\Windows\System\LrQopMQ.exe
  C:\Windows\System\LrQopMQ.exe
  2⤵
  PID:5944
- C:\Windows\System\GPCXPox.exe
  C:\Windows\System\GPCXPox.exe
  2⤵
  PID:6000
- C:\Windows\System\wuYiJFk.exe
  C:\Windows\System\wuYiJFk.exe
  2⤵
  PID:6060
- C:\Windows\System\ighBzTP.exe
  C:\Windows\System\ighBzTP.exe
  2⤵
  PID:6104
- C:\Windows\System\fPiYDyA.exe
  C:\Windows\System\fPiYDyA.exe
  2⤵
  PID:4804
- C:\Windows\System\ppcUOjK.exe
  C:\Windows\System\ppcUOjK.exe
  2⤵
  PID:3716
- C:\Windows\System\CEpvTHG.exe
  C:\Windows\System\CEpvTHG.exe
  2⤵
  PID:3788
- C:\Windows\System\ZRyrPmc.exe
  C:\Windows\System\ZRyrPmc.exe
  2⤵
  PID:5244
- C:\Windows\System\FvaOzPz.exe
  C:\Windows\System\FvaOzPz.exe
  2⤵
  PID:3940
- C:\Windows\System\qfKlnvd.exe
  C:\Windows\System\qfKlnvd.exe
  2⤵
  PID:5260
- C:\Windows\System\PNDJukh.exe
  C:\Windows\System\PNDJukh.exe
  2⤵
  PID:5336
- C:\Windows\System\SwSuutT.exe
  C:\Windows\System\SwSuutT.exe
  2⤵
  PID:5504
- C:\Windows\System\qZyuxwh.exe
  C:\Windows\System\qZyuxwh.exe
  2⤵
  PID:5564
- C:\Windows\System\rtKpYDZ.exe
  C:\Windows\System\rtKpYDZ.exe
  2⤵
  PID:5616
- C:\Windows\System\hjpPSOy.exe
  C:\Windows\System\hjpPSOy.exe
  2⤵
  PID:5744
- C:\Windows\System\KMIZqJb.exe
  C:\Windows\System\KMIZqJb.exe
  2⤵
  PID:5840
- C:\Windows\System\xjvnhgA.exe
  C:\Windows\System\xjvnhgA.exe
  2⤵
  PID:5880
- C:\Windows\System\DUeobEw.exe
  C:\Windows\System\DUeobEw.exe
  2⤵
  PID:1624
- C:\Windows\System\azVRhjD.exe
  C:\Windows\System\azVRhjD.exe
  2⤵
  PID:5988
- C:\Windows\System\JJatgvo.exe
  C:\Windows\System\JJatgvo.exe
  2⤵
  PID:4684
- C:\Windows\System\jZVJmvs.exe
  C:\Windows\System\jZVJmvs.exe
  2⤵
  PID:4872
- C:\Windows\System\fdcbARa.exe
  C:\Windows\System\fdcbARa.exe
  2⤵
  PID:3672
- C:\Windows\System\nkZKiHY.exe
  C:\Windows\System\nkZKiHY.exe
  2⤵
  PID:5216
- C:\Windows\System\ZdKlUJe.exe
  C:\Windows\System\ZdKlUJe.exe
  2⤵
  PID:5344
- C:\Windows\System\oyIepTV.exe
  C:\Windows\System\oyIepTV.exe
  2⤵
  PID:5476
- C:\Windows\System\gbFSTTz.exe
  C:\Windows\System\gbFSTTz.exe
  2⤵
  PID:2768
- C:\Windows\System\skSpGRI.exe
  C:\Windows\System\skSpGRI.exe
  2⤵
  PID:5680
- C:\Windows\System\ZpWUhXe.exe
  C:\Windows\System\ZpWUhXe.exe
  2⤵
  PID:5724
- C:\Windows\System\CLMRLHz.exe
  C:\Windows\System\CLMRLHz.exe
  2⤵
  PID:5960
- C:\Windows\System\jHwRXUN.exe
  C:\Windows\System\jHwRXUN.exe
  2⤵
  PID:6152
- C:\Windows\System\ShwpxRz.exe
  C:\Windows\System\ShwpxRz.exe
  2⤵
  PID:6172
- C:\Windows\System\OEgOFwd.exe
  C:\Windows\System\OEgOFwd.exe
  2⤵
  PID:6192
- C:\Windows\System\lAwnbpr.exe
  C:\Windows\System\lAwnbpr.exe
  2⤵
  PID:6212
- C:\Windows\System\gMhUwCE.exe
  C:\Windows\System\gMhUwCE.exe
  2⤵
  PID:6232
- C:\Windows\System\PszLEht.exe
  C:\Windows\System\PszLEht.exe
  2⤵
  PID:6252
- C:\Windows\System\MOmOAlz.exe
  C:\Windows\System\MOmOAlz.exe
  2⤵
  PID:6272
- C:\Windows\System\wRvSRnK.exe
  C:\Windows\System\wRvSRnK.exe
  2⤵
  PID:6292
- C:\Windows\System\HygBysE.exe
  C:\Windows\System\HygBysE.exe
  2⤵
  PID:6312
- C:\Windows\System\nFSxSSJ.exe
  C:\Windows\System\nFSxSSJ.exe
  2⤵
  PID:6332
- C:\Windows\System\jiTPTAx.exe
  C:\Windows\System\jiTPTAx.exe
  2⤵
  PID:6356
- C:\Windows\System\lYpGWat.exe
  C:\Windows\System\lYpGWat.exe
  2⤵
  PID:6376
- C:\Windows\System\CpPiuyr.exe
  C:\Windows\System\CpPiuyr.exe
  2⤵
  PID:6396
- C:\Windows\System\KCWKDFF.exe
  C:\Windows\System\KCWKDFF.exe
  2⤵
  PID:6416
- C:\Windows\System\WShSonD.exe
  C:\Windows\System\WShSonD.exe
  2⤵
  PID:6436
- C:\Windows\System\pbCNmdQ.exe
  C:\Windows\System\pbCNmdQ.exe
  2⤵
  PID:6456
- C:\Windows\System\SyMmlxf.exe
  C:\Windows\System\SyMmlxf.exe
  2⤵
  PID:6476
- C:\Windows\System\FzMIows.exe
  C:\Windows\System\FzMIows.exe
  2⤵
  PID:6496
- C:\Windows\System\HsMZbfa.exe
  C:\Windows\System\HsMZbfa.exe
  2⤵
  PID:6516
- C:\Windows\System\fAlubJf.exe
  C:\Windows\System\fAlubJf.exe
  2⤵
  PID:6536
- C:\Windows\System\RCEXbDc.exe
  C:\Windows\System\RCEXbDc.exe
  2⤵
  PID:6556
- C:\Windows\System\UOQmzAj.exe
  C:\Windows\System\UOQmzAj.exe
  2⤵
  PID:6576
- C:\Windows\System\AuLWyzf.exe
  C:\Windows\System\AuLWyzf.exe
  2⤵
  PID:6596
- C:\Windows\System\MoLZBsF.exe
  C:\Windows\System\MoLZBsF.exe
  2⤵
  PID:6616
- C:\Windows\System\ziweYBi.exe
  C:\Windows\System\ziweYBi.exe
  2⤵
  PID:6636
- C:\Windows\System\BFzGWyt.exe
  C:\Windows\System\BFzGWyt.exe
  2⤵
  PID:6656
- C:\Windows\System\cSaVGvg.exe
  C:\Windows\System\cSaVGvg.exe
  2⤵
  PID:6676
- C:\Windows\System\LpAQTAB.exe
  C:\Windows\System\LpAQTAB.exe
  2⤵
  PID:6696
- C:\Windows\System\jYIXFEJ.exe
  C:\Windows\System\jYIXFEJ.exe
  2⤵
  PID:6716
- C:\Windows\System\JTXPsnN.exe
  C:\Windows\System\JTXPsnN.exe
  2⤵
  PID:6736
- C:\Windows\System\kCDAXMj.exe
  C:\Windows\System\kCDAXMj.exe
  2⤵
  PID:6756
- C:\Windows\System\bueyecC.exe
  C:\Windows\System\bueyecC.exe
  2⤵
  PID:6776
- C:\Windows\System\fIslMVr.exe
  C:\Windows\System\fIslMVr.exe
  2⤵
  PID:6796
- C:\Windows\System\IRIThtb.exe
  C:\Windows\System\IRIThtb.exe
  2⤵
  PID:6816
- C:\Windows\System\JKTUsYa.exe
  C:\Windows\System\JKTUsYa.exe
  2⤵
  PID:6836
- C:\Windows\System\VduWzBh.exe
  C:\Windows\System\VduWzBh.exe
  2⤵
  PID:6856
- C:\Windows\System\wrlNHEx.exe
  C:\Windows\System\wrlNHEx.exe
  2⤵
  PID:6876
- C:\Windows\System\MVLahGM.exe
  C:\Windows\System\MVLahGM.exe
  2⤵
  PID:6896
- C:\Windows\System\NGcvDcm.exe
  C:\Windows\System\NGcvDcm.exe
  2⤵
  PID:6916
- C:\Windows\System\hQobUUl.exe
  C:\Windows\System\hQobUUl.exe
  2⤵
  PID:6936
- C:\Windows\System\GeoakaN.exe
  C:\Windows\System\GeoakaN.exe
  2⤵
  PID:6956
- C:\Windows\System\nhWZJra.exe
  C:\Windows\System\nhWZJra.exe
  2⤵
  PID:6976
- C:\Windows\System\YoXojKx.exe
  C:\Windows\System\YoXojKx.exe
  2⤵
  PID:6996
- C:\Windows\System\vgogSzT.exe
  C:\Windows\System\vgogSzT.exe
  2⤵
  PID:7016
- C:\Windows\System\YfDrSMN.exe
  C:\Windows\System\YfDrSMN.exe
  2⤵
  PID:7036
- C:\Windows\System\whTLrVf.exe
  C:\Windows\System\whTLrVf.exe
  2⤵
  PID:7056
- C:\Windows\System\RgmPyjR.exe
  C:\Windows\System\RgmPyjR.exe
  2⤵
  PID:7076
- C:\Windows\System\sBdsOUS.exe
  C:\Windows\System\sBdsOUS.exe
  2⤵
  PID:7096
- C:\Windows\System\VVoXZgk.exe
  C:\Windows\System\VVoXZgk.exe
  2⤵
  PID:7116
- C:\Windows\System\VXGPnZY.exe
  C:\Windows\System\VXGPnZY.exe
  2⤵
  PID:7140
- C:\Windows\System\UyDWdLx.exe
  C:\Windows\System\UyDWdLx.exe
  2⤵
  PID:7160
- C:\Windows\System\dYmqiPP.exe
  C:\Windows\System\dYmqiPP.exe
  2⤵
  PID:6084
- C:\Windows\System\XNRtUBg.exe
  C:\Windows\System\XNRtUBg.exe
  2⤵
  PID:5224
- C:\Windows\System\BqCkgIN.exe
  C:\Windows\System\BqCkgIN.exe
  2⤵
  PID:1736
- C:\Windows\System\fvbtQCJ.exe
  C:\Windows\System\fvbtQCJ.exe
  2⤵
  PID:5416
- C:\Windows\System\UayGcIR.exe
  C:\Windows\System\UayGcIR.exe
  2⤵
  PID:3976
- C:\Windows\System\PQvdnEo.exe
  C:\Windows\System\PQvdnEo.exe
  2⤵
  PID:5924
- C:\Windows\System\IYdGMBj.exe
  C:\Windows\System\IYdGMBj.exe
  2⤵
  PID:6024
- C:\Windows\System\RHTLFXf.exe
  C:\Windows\System\RHTLFXf.exe
  2⤵
  PID:6188
- C:\Windows\System\iumOVQE.exe
  C:\Windows\System\iumOVQE.exe
  2⤵
  PID:6204
- C:\Windows\System\KEZSfeC.exe
  C:\Windows\System\KEZSfeC.exe
  2⤵
  PID:6248
- C:\Windows\System\FlQHXqu.exe
  C:\Windows\System\FlQHXqu.exe
  2⤵
  PID:6280
- C:\Windows\System\QGZrGIY.exe
  C:\Windows\System\QGZrGIY.exe
  2⤵
  PID:6284
- C:\Windows\System\HmGkzhb.exe
  C:\Windows\System\HmGkzhb.exe
  2⤵
  PID:6320
- C:\Windows\System\ocMurIO.exe
  C:\Windows\System\ocMurIO.exe
  2⤵
  PID:6344
- C:\Windows\System\nLpFvPa.exe
  C:\Windows\System\nLpFvPa.exe
  2⤵
  PID:6392
- C:\Windows\System\mVMUakc.exe
  C:\Windows\System\mVMUakc.exe
  2⤵
  PID:6424
- C:\Windows\System\wzWbPYV.exe
  C:\Windows\System\wzWbPYV.exe
  2⤵
  PID:6448
- C:\Windows\System\egCzkYf.exe
  C:\Windows\System\egCzkYf.exe
  2⤵
  PID:6492
- C:\Windows\System\TKgSEOL.exe
  C:\Windows\System\TKgSEOL.exe
  2⤵
  PID:6532
- C:\Windows\System\rlEqVju.exe
  C:\Windows\System\rlEqVju.exe
  2⤵
  PID:6548
- C:\Windows\System\PIxIklp.exe
  C:\Windows\System\PIxIklp.exe
  2⤵
  PID:6584
- C:\Windows\System\dZktvOb.exe
  C:\Windows\System\dZktvOb.exe
  2⤵
  PID:1864
- C:\Windows\System\moHmGly.exe
  C:\Windows\System\moHmGly.exe
  2⤵
  PID:6628
- C:\Windows\System\pgBMjpU.exe
  C:\Windows\System\pgBMjpU.exe
  2⤵
  PID:1872
- C:\Windows\System\zdMUVqG.exe
  C:\Windows\System\zdMUVqG.exe
  2⤵
  PID:6688
- C:\Windows\System\roDDMSL.exe
  C:\Windows\System\roDDMSL.exe
  2⤵
  PID:6732
- C:\Windows\System\VYBWmxw.exe
  C:\Windows\System\VYBWmxw.exe
  2⤵
  PID:1948
- C:\Windows\System\KtVRPxW.exe
  C:\Windows\System\KtVRPxW.exe
  2⤵
  PID:6748
- C:\Windows\System\DPMAsfU.exe
  C:\Windows\System\DPMAsfU.exe
  2⤵
  PID:6792
- C:\Windows\System\kavgxDw.exe
  C:\Windows\System\kavgxDw.exe
  2⤵
  PID:6824
- C:\Windows\System\JEwZawt.exe
  C:\Windows\System\JEwZawt.exe
  2⤵
  PID:6848
- C:\Windows\System\FPbEcUM.exe
  C:\Windows\System\FPbEcUM.exe
  2⤵
  PID:6872
- C:\Windows\System\nPLvVOC.exe
  C:\Windows\System\nPLvVOC.exe
  2⤵
  PID:6924
- C:\Windows\System\lPyGllE.exe
  C:\Windows\System\lPyGllE.exe
  2⤵
  PID:6928
- C:\Windows\System\mlatJoO.exe
  C:\Windows\System\mlatJoO.exe
  2⤵
  PID:6972
- C:\Windows\System\iQuPXXr.exe
  C:\Windows\System\iQuPXXr.exe
  2⤵
  PID:6992
- C:\Windows\System\nvwWhlT.exe
  C:\Windows\System\nvwWhlT.exe
  2⤵
  PID:6988
- C:\Windows\System\wDHfIXx.exe
  C:\Windows\System\wDHfIXx.exe
  2⤵
  PID:7052
- C:\Windows\System\AhbRTMB.exe
  C:\Windows\System\AhbRTMB.exe
  2⤵
  PID:7068
- C:\Windows\System\WMknWdD.exe
  C:\Windows\System\WMknWdD.exe
  2⤵
  PID:7112
- C:\Windows\System\lNHELBX.exe
  C:\Windows\System\lNHELBX.exe
  2⤵
  PID:7128
- C:\Windows\System\PTcrcrS.exe
  C:\Windows\System\PTcrcrS.exe
  2⤵
  PID:6128
- C:\Windows\System\amlPbfj.exe
  C:\Windows\System\amlPbfj.exe
  2⤵
  PID:4328
- C:\Windows\System\YWHqvJF.exe
  C:\Windows\System\YWHqvJF.exe
  2⤵
  PID:5324
- C:\Windows\System\UNTGnHZ.exe
  C:\Windows\System\UNTGnHZ.exe
  2⤵
  PID:2892
- C:\Windows\System\DwVNsFa.exe
  C:\Windows\System\DwVNsFa.exe
  2⤵
  PID:6168
- C:\Windows\System\FLAcoOp.exe
  C:\Windows\System\FLAcoOp.exe
  2⤵
  PID:6164
- C:\Windows\System\JZGEDsl.exe
  C:\Windows\System\JZGEDsl.exe
  2⤵
  PID:6268
- C:\Windows\System\VhUTuuX.exe
  C:\Windows\System\VhUTuuX.exe
  2⤵
  PID:2852
- C:\Windows\System\fLJVgkD.exe
  C:\Windows\System\fLJVgkD.exe
  2⤵
  PID:6340
- C:\Windows\System\nuxdlZc.exe
  C:\Windows\System\nuxdlZc.exe
  2⤵
  PID:6408
- C:\Windows\System\cGsYSMr.exe
  C:\Windows\System\cGsYSMr.exe
  2⤵
  PID:6472
- C:\Windows\System\qpOJiFd.exe
  C:\Windows\System\qpOJiFd.exe
  2⤵
  PID:6512
- C:\Windows\System\sXPBPLp.exe
  C:\Windows\System\sXPBPLp.exe
  2⤵
  PID:4232
- C:\Windows\System\AzHAUuw.exe
  C:\Windows\System\AzHAUuw.exe
  2⤵
  PID:6612
- C:\Windows\System\VyOQOsT.exe
  C:\Windows\System\VyOQOsT.exe
  2⤵
  PID:6664
- C:\Windows\System\vhVHhoX.exe
  C:\Windows\System\vhVHhoX.exe
  2⤵
  PID:1448
- C:\Windows\System\aVwDAwz.exe
  C:\Windows\System\aVwDAwz.exe
  2⤵
  PID:2136
- C:\Windows\System\fjJdQkG.exe
  C:\Windows\System\fjJdQkG.exe
  2⤵
  PID:6828
- C:\Windows\System\WaWNYJm.exe
  C:\Windows\System\WaWNYJm.exe
  2⤵
  PID:6812
- C:\Windows\System\huOLBwy.exe
  C:\Windows\System\huOLBwy.exe
  2⤵
  PID:1832
- C:\Windows\System\lcBxtej.exe
  C:\Windows\System\lcBxtej.exe
  2⤵
  PID:6912
- C:\Windows\System\ZBwOFTF.exe
  C:\Windows\System\ZBwOFTF.exe
  2⤵
  PID:7024
- C:\Windows\System\TrmvMPf.exe
  C:\Windows\System\TrmvMPf.exe
  2⤵
  PID:7088
- C:\Windows\System\SRoVerK.exe
  C:\Windows\System\SRoVerK.exe
  2⤵
  PID:4428
- C:\Windows\System\SbZxjov.exe
  C:\Windows\System\SbZxjov.exe
  2⤵
  PID:5496
- C:\Windows\System\alpSeRf.exe
  C:\Windows\System\alpSeRf.exe
  2⤵
  PID:6208
- C:\Windows\System\dVNkWUR.exe
  C:\Windows\System\dVNkWUR.exe
  2⤵
  PID:6288
- C:\Windows\System\JjsaTnc.exe
  C:\Windows\System\JjsaTnc.exe
  2⤵
  PID:6348
- C:\Windows\System\krtktJz.exe
  C:\Windows\System\krtktJz.exe
  2⤵
  PID:6524
- C:\Windows\System\JueYbTN.exe
  C:\Windows\System\JueYbTN.exe
  2⤵
  PID:6608
- C:\Windows\System\SYSJpld.exe
  C:\Windows\System\SYSJpld.exe
  2⤵
  PID:6632
- C:\Windows\System\HduWdaY.exe
  C:\Windows\System\HduWdaY.exe
  2⤵
  PID:6684
- C:\Windows\System\ohVpRxI.exe
  C:\Windows\System\ohVpRxI.exe
  2⤵
  PID:6752
- C:\Windows\System\QKxFMpw.exe
  C:\Windows\System\QKxFMpw.exe
  2⤵
  PID:1560
- C:\Windows\System\dIEwoRU.exe
  C:\Windows\System\dIEwoRU.exe
  2⤵
  PID:892
- C:\Windows\System\PWkBmmR.exe
  C:\Windows\System\PWkBmmR.exe
  2⤵
  PID:6804
- C:\Windows\System\zserWVI.exe
  C:\Windows\System\zserWVI.exe
  2⤵
  PID:6932
- C:\Windows\System\cKrQntn.exe
  C:\Windows\System\cKrQntn.exe
  2⤵
  PID:7048
- C:\Windows\System\zevvKKg.exe
  C:\Windows\System\zevvKKg.exe
  2⤵
  PID:2460
- C:\Windows\System\FhLCnQo.exe
  C:\Windows\System\FhLCnQo.exe
  2⤵
  PID:2496
- C:\Windows\System\dpsYCVd.exe
  C:\Windows\System\dpsYCVd.exe
  2⤵
  PID:652
- C:\Windows\System\IjjmfBh.exe
  C:\Windows\System\IjjmfBh.exe
  2⤵
  PID:2448
- C:\Windows\System\iZtUJRC.exe
  C:\Windows\System\iZtUJRC.exe
  2⤵
  PID:4704
- C:\Windows\System\mEwEqBS.exe
  C:\Windows\System\mEwEqBS.exe
  2⤵
  PID:236
- C:\Windows\System\IkuhPhH.exe
  C:\Windows\System\IkuhPhH.exe
  2⤵
  PID:6008
- C:\Windows\System\BcdpsYV.exe
  C:\Windows\System\BcdpsYV.exe
  2⤵
  PID:6388
- C:\Windows\System\IumtKzc.exe
  C:\Windows\System\IumtKzc.exe
  2⤵
  PID:6504
- C:\Windows\System\JtGLPQp.exe
  C:\Windows\System\JtGLPQp.exe
  2⤵
  PID:6764
- C:\Windows\System\iMVbMBb.exe
  C:\Windows\System\iMVbMBb.exe
  2⤵
  PID:6984
- C:\Windows\System\RkySYiH.exe
  C:\Windows\System\RkySYiH.exe
  2⤵
  PID:1768
- C:\Windows\System\qSuzkKU.exe
  C:\Windows\System\qSuzkKU.exe
  2⤵
  PID:5364
- C:\Windows\System\cEClsEX.exe
  C:\Windows\System\cEClsEX.exe
  2⤵
  PID:6412
- C:\Windows\System\rIxReVe.exe
  C:\Windows\System\rIxReVe.exe
  2⤵
  PID:6028
- C:\Windows\System\sGEdFwJ.exe
  C:\Windows\System\sGEdFwJ.exe
  2⤵
  PID:2788
- C:\Windows\System\GqMfpLL.exe
  C:\Windows\System\GqMfpLL.exe
  2⤵
  PID:7072
- C:\Windows\System\Vxkdzky.exe
  C:\Windows\System\Vxkdzky.exe
  2⤵
  PID:2232
- C:\Windows\System\AOYapiG.exe
  C:\Windows\System\AOYapiG.exe
  2⤵
  PID:6968
- C:\Windows\System\dHGIrOL.exe
  C:\Windows\System\dHGIrOL.exe
  2⤵
  PID:2008
- C:\Windows\System\PLybCjj.exe
  C:\Windows\System\PLybCjj.exe
  2⤵
  PID:6484
- C:\Windows\System\Grapjks.exe
  C:\Windows\System\Grapjks.exe
  2⤵
  PID:7172
- C:\Windows\System\zrkPIbw.exe
  C:\Windows\System\zrkPIbw.exe
  2⤵
  PID:7188
- C:\Windows\System\HdUOBlB.exe
  C:\Windows\System\HdUOBlB.exe
  2⤵
  PID:7204
- C:\Windows\System\mEdFGcv.exe
  C:\Windows\System\mEdFGcv.exe
  2⤵
  PID:7220
- C:\Windows\System\MUljSUx.exe
  C:\Windows\System\MUljSUx.exe
  2⤵
  PID:7256
- C:\Windows\System\PDxAZhJ.exe
  C:\Windows\System\PDxAZhJ.exe
  2⤵
  PID:7368
- C:\Windows\System\mcpPNUx.exe
  C:\Windows\System\mcpPNUx.exe
  2⤵
  PID:7384
- C:\Windows\System\ACCestP.exe
  C:\Windows\System\ACCestP.exe
  2⤵
  PID:7408
- C:\Windows\System\gOTtrSf.exe
  C:\Windows\System\gOTtrSf.exe
  2⤵
  PID:7424
- C:\Windows\System\Yrwizna.exe
  C:\Windows\System\Yrwizna.exe
  2⤵
  PID:7444
- C:\Windows\System\JfAIkxi.exe
  C:\Windows\System\JfAIkxi.exe
  2⤵
  PID:7464
- C:\Windows\System\XQhtVkp.exe
  C:\Windows\System\XQhtVkp.exe
  2⤵
  PID:7480
- C:\Windows\System\ThDwkJG.exe
  C:\Windows\System\ThDwkJG.exe
  2⤵
  PID:7496
- C:\Windows\System\ZRRLrvQ.exe
  C:\Windows\System\ZRRLrvQ.exe
  2⤵
  PID:7512
- C:\Windows\System\fPxJUIQ.exe
  C:\Windows\System\fPxJUIQ.exe
  2⤵
  PID:7536
- C:\Windows\System\mWUUiXD.exe
  C:\Windows\System\mWUUiXD.exe
  2⤵
  PID:7556
- C:\Windows\System\KDFoKJr.exe
  C:\Windows\System\KDFoKJr.exe
  2⤵
  PID:7572
- C:\Windows\System\MjFnJcC.exe
  C:\Windows\System\MjFnJcC.exe
  2⤵
  PID:7608
- C:\Windows\System\NdVidTt.exe
  C:\Windows\System\NdVidTt.exe
  2⤵
  PID:7628
- C:\Windows\System\bTQpput.exe
  C:\Windows\System\bTQpput.exe
  2⤵
  PID:7644
- C:\Windows\System\BpgyXaU.exe
  C:\Windows\System\BpgyXaU.exe
  2⤵
  PID:7660
- C:\Windows\System\IPadXrv.exe
  C:\Windows\System\IPadXrv.exe
  2⤵
  PID:7676
- C:\Windows\System\ARmbcHi.exe
  C:\Windows\System\ARmbcHi.exe
  2⤵
  PID:7692
- C:\Windows\System\UdLCQeV.exe
  C:\Windows\System\UdLCQeV.exe
  2⤵
  PID:7708
- C:\Windows\System\KkKZunw.exe
  C:\Windows\System\KkKZunw.exe
  2⤵
  PID:7724
- C:\Windows\System\DSwSmtk.exe
  C:\Windows\System\DSwSmtk.exe
  2⤵
  PID:7740
- C:\Windows\System\wwnbxkp.exe
  C:\Windows\System\wwnbxkp.exe
  2⤵
  PID:7756
- C:\Windows\System\UsyYeEq.exe
  C:\Windows\System\UsyYeEq.exe
  2⤵
  PID:7772
- C:\Windows\System\BcshOjG.exe
  C:\Windows\System\BcshOjG.exe
  2⤵
  PID:7796
- C:\Windows\System\JBmXrPN.exe
  C:\Windows\System\JBmXrPN.exe
  2⤵
  PID:7844
- C:\Windows\System\cCTNsou.exe
  C:\Windows\System\cCTNsou.exe
  2⤵
  PID:7864
- C:\Windows\System\eJzUyZU.exe
  C:\Windows\System\eJzUyZU.exe
  2⤵
  PID:7880
- C:\Windows\System\CmeczeG.exe
  C:\Windows\System\CmeczeG.exe
  2⤵
  PID:7896
- C:\Windows\System\MgJODnH.exe
  C:\Windows\System\MgJODnH.exe
  2⤵
  PID:7924
- C:\Windows\System\lZvIpjN.exe
  C:\Windows\System\lZvIpjN.exe
  2⤵
  PID:7944
- C:\Windows\System\MQoDJBT.exe
  C:\Windows\System\MQoDJBT.exe
  2⤵
  PID:7960
- C:\Windows\System\lkZFQCd.exe
  C:\Windows\System\lkZFQCd.exe
  2⤵
  PID:7980
- C:\Windows\System\dIaxAvo.exe
  C:\Windows\System\dIaxAvo.exe
  2⤵
  PID:8000
- C:\Windows\System\QJtTMxS.exe
  C:\Windows\System\QJtTMxS.exe
  2⤵
  PID:8016
- C:\Windows\System\fjNYswj.exe
  C:\Windows\System\fjNYswj.exe
  2⤵
  PID:8032
- C:\Windows\System\rbvRGre.exe
  C:\Windows\System\rbvRGre.exe
  2⤵
  PID:8056
- C:\Windows\System\LXzUhoK.exe
  C:\Windows\System\LXzUhoK.exe
  2⤵
  PID:8084
- C:\Windows\System\QmusMyr.exe
  C:\Windows\System\QmusMyr.exe
  2⤵
  PID:8100
- C:\Windows\System\ZmknWFc.exe
  C:\Windows\System\ZmknWFc.exe
  2⤵
  PID:8132
- C:\Windows\System\vaqefVj.exe
  C:\Windows\System\vaqefVj.exe
  2⤵
  PID:8152
- C:\Windows\System\aPPLClJ.exe
  C:\Windows\System\aPPLClJ.exe
  2⤵
  PID:8172
- C:\Windows\System\zvAmehQ.exe
  C:\Windows\System\zvAmehQ.exe
  2⤵
  PID:8188
- C:\Windows\System\UmcsSmO.exe
  C:\Windows\System\UmcsSmO.exe
  2⤵
  PID:332
- C:\Windows\System\EJjHhFV.exe
  C:\Windows\System\EJjHhFV.exe
  2⤵
  PID:2428
- C:\Windows\System\dlzKDNA.exe
  C:\Windows\System\dlzKDNA.exe
  2⤵
  PID:2568
- C:\Windows\System\vGYBAxH.exe
  C:\Windows\System\vGYBAxH.exe
  2⤵
  PID:7196
- C:\Windows\System\hqpaBCt.exe
  C:\Windows\System\hqpaBCt.exe
  2⤵
  PID:6368
- C:\Windows\System\mUaaNKM.exe
  C:\Windows\System\mUaaNKM.exe
  2⤵
  PID:7276
- C:\Windows\System\alnQGkR.exe
  C:\Windows\System\alnQGkR.exe
  2⤵
  PID:7296
- C:\Windows\System\eXXqqUn.exe
  C:\Windows\System\eXXqqUn.exe
  2⤵
  PID:7312
- C:\Windows\System\djPqnLY.exe
  C:\Windows\System\djPqnLY.exe
  2⤵
  PID:7328
- C:\Windows\System\MracZIN.exe
  C:\Windows\System\MracZIN.exe
  2⤵
  PID:7352
- C:\Windows\System\LuKfeNd.exe
  C:\Windows\System\LuKfeNd.exe
  2⤵
  PID:7376
- C:\Windows\System\jxdDxno.exe
  C:\Windows\System\jxdDxno.exe
  2⤵
  PID:7432
- C:\Windows\System\vMQyZye.exe
  C:\Windows\System\vMQyZye.exe
  2⤵
  PID:7476
- C:\Windows\System\hqQetcm.exe
  C:\Windows\System\hqQetcm.exe
  2⤵
  PID:7504
- C:\Windows\System\SFnhmGD.exe
  C:\Windows\System\SFnhmGD.exe
  2⤵
  PID:7520
- C:\Windows\System\aImrBxI.exe
  C:\Windows\System\aImrBxI.exe
  2⤵
  PID:7588
- C:\Windows\System\ZTXBqlt.exe
  C:\Windows\System\ZTXBqlt.exe
  2⤵
  PID:7596
- C:\Windows\System\VIMOuOb.exe
  C:\Windows\System\VIMOuOb.exe
  2⤵
  PID:7616
- C:\Windows\System\nGPMgfs.exe
  C:\Windows\System\nGPMgfs.exe
  2⤵
  PID:7720
- C:\Windows\System\BnaSNFK.exe
  C:\Windows\System\BnaSNFK.exe
  2⤵
  PID:7788
- C:\Windows\System\fHUbmcA.exe
  C:\Windows\System\fHUbmcA.exe
  2⤵
  PID:7636
- C:\Windows\System\FiVjxAg.exe
  C:\Windows\System\FiVjxAg.exe
  2⤵
  PID:7700
- C:\Windows\System\edKMHae.exe
  C:\Windows\System\edKMHae.exe
  2⤵
  PID:7732
- C:\Windows\System\DlYsXTc.exe
  C:\Windows\System\DlYsXTc.exe
  2⤵
  PID:7804
- C:\Windows\System\rwHlSgT.exe
  C:\Windows\System\rwHlSgT.exe
  2⤵
  PID:7832
- C:\Windows\System\LXptjYz.exe
  C:\Windows\System\LXptjYz.exe
  2⤵
  PID:7912
- C:\Windows\System\vqznGyf.exe
  C:\Windows\System\vqznGyf.exe
  2⤵
  PID:7932
- C:\Windows\System\ZXBlLnG.exe
  C:\Windows\System\ZXBlLnG.exe
  2⤵
  PID:7856
- C:\Windows\System\qhJvnSS.exe
  C:\Windows\System\qhJvnSS.exe
  2⤵
  PID:8024
- C:\Windows\System\SotmdsO.exe
  C:\Windows\System\SotmdsO.exe
  2⤵
  PID:8048
- C:\Windows\System\iMKoTRY.exe
  C:\Windows\System\iMKoTRY.exe
  2⤵
  PID:8076
- C:\Windows\System\UvUNOEq.exe
  C:\Windows\System\UvUNOEq.exe
  2⤵
  PID:8012
- C:\Windows\System\MkFRIJi.exe
  C:\Windows\System\MkFRIJi.exe
  2⤵
  PID:7988
- C:\Windows\System\vvxqIQg.exe
  C:\Windows\System\vvxqIQg.exe
  2⤵
  PID:8124
- C:\Windows\System\GmleGTn.exe
  C:\Windows\System\GmleGTn.exe
  2⤵
  PID:8164
- C:\Windows\System\ZdYankE.exe
  C:\Windows\System\ZdYankE.exe
  2⤵
  PID:6904
- C:\Windows\System\iHVakZk.exe
  C:\Windows\System\iHVakZk.exe
  2⤵
  PID:6728
- C:\Windows\System\oASARNR.exe
  C:\Windows\System\oASARNR.exe
  2⤵
  PID:7264
- C:\Windows\System\tXIqThL.exe
  C:\Windows\System\tXIqThL.exe
  2⤵
  PID:7320
- C:\Windows\System\POhVwIC.exe
  C:\Windows\System\POhVwIC.exe
  2⤵
  PID:7348
- C:\Windows\System\NhxxxWf.exe
  C:\Windows\System\NhxxxWf.exe
  2⤵
  PID:7440
- C:\Windows\System\DLgxMNR.exe
  C:\Windows\System\DLgxMNR.exe
  2⤵
  PID:7304
- C:\Windows\System\vAaglBp.exe
  C:\Windows\System\vAaglBp.exe
  2⤵
  PID:7308
- C:\Windows\System\fjGyakn.exe
  C:\Windows\System\fjGyakn.exe
  2⤵
  PID:7544
- C:\Windows\System\nLyVIyO.exe
  C:\Windows\System\nLyVIyO.exe
  2⤵
  PID:7456
- C:\Windows\System\WjDZhVn.exe
  C:\Windows\System\WjDZhVn.exe
  2⤵
  PID:7600
- C:\Windows\System\jqTmlAF.exe
  C:\Windows\System\jqTmlAF.exe
  2⤵
  PID:7716
- C:\Windows\System\kzzcmDO.exe
  C:\Windows\System\kzzcmDO.exe
  2⤵
  PID:7688
- C:\Windows\System\bOqfvFV.exe
  C:\Windows\System\bOqfvFV.exe
  2⤵
  PID:7852
- C:\Windows\System\GahcBEP.exe
  C:\Windows\System\GahcBEP.exe
  2⤵
  PID:7828
- C:\Windows\System\sRQVwmH.exe
  C:\Windows\System\sRQVwmH.exe
  2⤵
  PID:7904
- C:\Windows\System\FSlvojE.exe
  C:\Windows\System\FSlvojE.exe
  2⤵
  PID:7940
- C:\Windows\System\oTwFJKe.exe
  C:\Windows\System\oTwFJKe.exe
  2⤵
  PID:8068
- C:\Windows\System\klvtSiz.exe
  C:\Windows\System\klvtSiz.exe
  2⤵
  PID:8144
- C:\Windows\System\rscMhgr.exe
  C:\Windows\System\rscMhgr.exe
  2⤵
  PID:8008
- C:\Windows\System\ywzZUuC.exe
  C:\Windows\System\ywzZUuC.exe
  2⤵
  PID:7184
- C:\Windows\System\cfNluHk.exe
  C:\Windows\System\cfNluHk.exe
  2⤵
  PID:7860
- C:\Windows\System\uWzOjfS.exe
  C:\Windows\System\uWzOjfS.exe
  2⤵
  PID:7156
- C:\Windows\System\dZLIknp.exe
  C:\Windows\System\dZLIknp.exe
  2⤵
  PID:7288
- C:\Windows\System\EbNzray.exe
  C:\Windows\System\EbNzray.exe
  2⤵
  PID:7684
- C:\Windows\System\hlcGaqp.exe
  C:\Windows\System\hlcGaqp.exe
  2⤵
  PID:7416
- C:\Windows\System\bSvxXLv.exe
  C:\Windows\System\bSvxXLv.exe
  2⤵
  PID:7996
- C:\Windows\System\ITLtjhQ.exe
  C:\Windows\System\ITLtjhQ.exe
  2⤵
  PID:8184
- C:\Windows\System\nXYulCk.exe
  C:\Windows\System\nXYulCk.exe
  2⤵
  PID:7624
- C:\Windows\System\iEbGsOk.exe
  C:\Windows\System\iEbGsOk.exe
  2⤵
  PID:7972
- C:\Windows\System\inDkRgf.exe
  C:\Windows\System\inDkRgf.exe
  2⤵
  PID:7784
- C:\Windows\System\jGzvqKN.exe
  C:\Windows\System\jGzvqKN.exe
  2⤵
  PID:8168
- C:\Windows\System\xcrtFyM.exe
  C:\Windows\System\xcrtFyM.exe
  2⤵
  PID:6808
- C:\Windows\System\bConPGa.exe
  C:\Windows\System\bConPGa.exe
  2⤵
  PID:7340
- C:\Windows\System\gzitDmb.exe
  C:\Windows\System\gzitDmb.exe
  2⤵
  PID:7268
- C:\Windows\System\ZHSjpSp.exe
  C:\Windows\System\ZHSjpSp.exe
  2⤵
  PID:7816
- C:\Windows\System\meZHInP.exe
  C:\Windows\System\meZHInP.exe
  2⤵
  PID:7584
- C:\Windows\System\oypwDqI.exe
  C:\Windows\System\oypwDqI.exe
  2⤵
  PID:7404
- C:\Windows\System\dWRRMop.exe
  C:\Windows\System\dWRRMop.exe
  2⤵
  PID:7820
- C:\Windows\System\iDJNduU.exe
  C:\Windows\System\iDJNduU.exe
  2⤵
  PID:7528
- C:\Windows\System\eqKHcMN.exe
  C:\Windows\System\eqKHcMN.exe
  2⤵
  PID:7552
- C:\Windows\System\TZrlQba.exe
  C:\Windows\System\TZrlQba.exe
  2⤵
  PID:1656
- C:\Windows\System\rGqoyEf.exe
  C:\Windows\System\rGqoyEf.exe
  2⤵
  PID:7180
- C:\Windows\System\ISGWEqf.exe
  C:\Windows\System\ISGWEqf.exe
  2⤵
  PID:7668
- C:\Windows\System\VgDefmm.exe
  C:\Windows\System\VgDefmm.exe
  2⤵
  PID:7420
- C:\Windows\System\lBYMcHy.exe
  C:\Windows\System\lBYMcHy.exe
  2⤵
  PID:8108
- C:\Windows\System\bznxfYB.exe
  C:\Windows\System\bznxfYB.exe
  2⤵
  PID:8196
- C:\Windows\System\YteRzJR.exe
  C:\Windows\System\YteRzJR.exe
  2⤵
  PID:8212
- C:\Windows\System\bywkvpz.exe
  C:\Windows\System\bywkvpz.exe
  2⤵
  PID:8228
- C:\Windows\System\WuaNVqi.exe
  C:\Windows\System\WuaNVqi.exe
  2⤵
  PID:8256
- C:\Windows\System\vXgXUIk.exe
  C:\Windows\System\vXgXUIk.exe
  2⤵
  PID:8276
- C:\Windows\System\FrQCOvj.exe
  C:\Windows\System\FrQCOvj.exe
  2⤵
  PID:8292
- C:\Windows\System\mOlgBSY.exe
  C:\Windows\System\mOlgBSY.exe
  2⤵
  PID:8308
- C:\Windows\System\uLQNrmq.exe
  C:\Windows\System\uLQNrmq.exe
  2⤵
  PID:8324
- C:\Windows\System\bSScSdK.exe
  C:\Windows\System\bSScSdK.exe
  2⤵
  PID:8340
- C:\Windows\System\obPEsCM.exe
  C:\Windows\System\obPEsCM.exe
  2⤵
  PID:8356
- C:\Windows\System\pZjBOtf.exe
  C:\Windows\System\pZjBOtf.exe
  2⤵
  PID:8372
- C:\Windows\System\DmZQApz.exe
  C:\Windows\System\DmZQApz.exe
  2⤵
  PID:8388
- C:\Windows\System\vhicPti.exe
  C:\Windows\System\vhicPti.exe
  2⤵
  PID:8408
- C:\Windows\System\HgYSyOO.exe
  C:\Windows\System\HgYSyOO.exe
  2⤵
  PID:8432
- C:\Windows\System\LiJpByw.exe
  C:\Windows\System\LiJpByw.exe
  2⤵
  PID:8448
- C:\Windows\System\GKiwbLD.exe
  C:\Windows\System\GKiwbLD.exe
  2⤵
  PID:8464
- C:\Windows\System\HUVdUTv.exe
  C:\Windows\System\HUVdUTv.exe
  2⤵
  PID:8480
- C:\Windows\System\howtLPw.exe
  C:\Windows\System\howtLPw.exe
  2⤵
  PID:8500
- C:\Windows\System\pWcUPZq.exe
  C:\Windows\System\pWcUPZq.exe
  2⤵
  PID:8532
- C:\Windows\System\orVbiKD.exe
  C:\Windows\System\orVbiKD.exe
  2⤵
  PID:8556
- C:\Windows\System\peicupf.exe
  C:\Windows\System\peicupf.exe
  2⤵
  PID:8576
- C:\Windows\System\qcbQZKx.exe
  C:\Windows\System\qcbQZKx.exe
  2⤵
  PID:8604
- C:\Windows\System\vWvvfmT.exe
  C:\Windows\System\vWvvfmT.exe
  2⤵
  PID:8624
- C:\Windows\System\eKbpYtP.exe
  C:\Windows\System\eKbpYtP.exe
  2⤵
  PID:8644
- C:\Windows\System\vzqQYWh.exe
  C:\Windows\System\vzqQYWh.exe
  2⤵
  PID:8664
- C:\Windows\System\YcqaVyi.exe
  C:\Windows\System\YcqaVyi.exe
  2⤵
  PID:8680
- C:\Windows\System\RcCXFzj.exe
  C:\Windows\System\RcCXFzj.exe
  2⤵
  PID:8744
- C:\Windows\System\bdcCNlG.exe
  C:\Windows\System\bdcCNlG.exe
  2⤵
  PID:8764
- C:\Windows\System\gYxoUps.exe
  C:\Windows\System\gYxoUps.exe
  2⤵
  PID:8780
- C:\Windows\System\tbtIcFU.exe
  C:\Windows\System\tbtIcFU.exe
  2⤵
  PID:8800
- C:\Windows\System\SvGrHwO.exe
  C:\Windows\System\SvGrHwO.exe
  2⤵
  PID:8824
- C:\Windows\System\vElgqkN.exe
  C:\Windows\System\vElgqkN.exe
  2⤵
  PID:8848
- C:\Windows\System\WzcTxdK.exe
  C:\Windows\System\WzcTxdK.exe
  2⤵
  PID:8864
- C:\Windows\System\fZhYFGY.exe
  C:\Windows\System\fZhYFGY.exe
  2⤵
  PID:8880
- C:\Windows\System\trgQwme.exe
  C:\Windows\System\trgQwme.exe
  2⤵
  PID:8900
- C:\Windows\System\aJrbYAy.exe
  C:\Windows\System\aJrbYAy.exe
  2⤵
  PID:8920
- C:\Windows\System\aGbdZDV.exe
  C:\Windows\System\aGbdZDV.exe
  2⤵
  PID:8936
- C:\Windows\System\rZuFfUB.exe
  C:\Windows\System\rZuFfUB.exe
  2⤵
  PID:8952
- C:\Windows\System\KmbAbIq.exe
  C:\Windows\System\KmbAbIq.exe
  2⤵
  PID:8980
- C:\Windows\System\torMxdo.exe
  C:\Windows\System\torMxdo.exe
  2⤵
  PID:9012
- C:\Windows\System\ZxbabBQ.exe
  C:\Windows\System\ZxbabBQ.exe
  2⤵
  PID:9028
- C:\Windows\System\cStyekB.exe
  C:\Windows\System\cStyekB.exe
  2⤵
  PID:9052
- C:\Windows\System\TlljcFz.exe
  C:\Windows\System\TlljcFz.exe
  2⤵
  PID:9068
- C:\Windows\System\ngTlifj.exe
  C:\Windows\System\ngTlifj.exe
  2⤵
  PID:9084
- C:\Windows\System\ZaXZSOT.exe
  C:\Windows\System\ZaXZSOT.exe
  2⤵
  PID:9104
- C:\Windows\System\NbnEicq.exe
  C:\Windows\System\NbnEicq.exe
  2⤵
  PID:9124
- C:\Windows\System\ddjmzss.exe
  C:\Windows\System\ddjmzss.exe
  2⤵
  PID:9144
- C:\Windows\System\zfnjIpg.exe
  C:\Windows\System\zfnjIpg.exe
  2⤵
  PID:9164
- C:\Windows\System\QyQCnlQ.exe
  C:\Windows\System\QyQCnlQ.exe
  2⤵
  PID:9184
- C:\Windows\System\nCdXxhv.exe
  C:\Windows\System\nCdXxhv.exe
  2⤵
  PID:9208
- C:\Windows\System\DwPOUVM.exe
  C:\Windows\System\DwPOUVM.exe
  2⤵
  PID:8236
- C:\Windows\System\EtQshfI.exe
  C:\Windows\System\EtQshfI.exe
  2⤵
  PID:8284
- C:\Windows\System\ncHIkDv.exe
  C:\Windows\System\ncHIkDv.exe
  2⤵
  PID:8348
- C:\Windows\System\gONJWiR.exe
  C:\Windows\System\gONJWiR.exe
  2⤵
  PID:7812
- C:\Windows\System\HgvPpos.exe
  C:\Windows\System\HgvPpos.exe
  2⤵
  PID:7272
- C:\Windows\System\ftvwUBp.exe
  C:\Windows\System\ftvwUBp.exe
  2⤵
  PID:8304
- C:\Windows\System\BPyhFyU.exe
  C:\Windows\System\BPyhFyU.exe
  2⤵
  PID:7336
- C:\Windows\System\RHbzoLk.exe
  C:\Windows\System\RHbzoLk.exe
  2⤵
  PID:8488
- C:\Windows\System\cnAZINV.exe
  C:\Windows\System\cnAZINV.exe
  2⤵
  PID:8440
- C:\Windows\System\oBcNUMj.exe
  C:\Windows\System\oBcNUMj.exe
  2⤵
  PID:8508
- C:\Windows\System\WZDineh.exe
  C:\Windows\System\WZDineh.exe
  2⤵
  PID:8552
- C:\Windows\System\KITVxoJ.exe
  C:\Windows\System\KITVxoJ.exe
  2⤵
  PID:8588
- C:\Windows\System\iHghUfM.exe
  C:\Windows\System\iHghUfM.exe
  2⤵
  PID:8632
- C:\Windows\System\ubmCAnF.exe
  C:\Windows\System\ubmCAnF.exe
  2⤵
  PID:8616
- C:\Windows\System\ciLeWQu.exe
  C:\Windows\System\ciLeWQu.exe
  2⤵
  PID:8696
- C:\Windows\System\MCHiCoi.exe
  C:\Windows\System\MCHiCoi.exe
  2⤵
  PID:8692
- C:\Windows\System\AtjTfHa.exe
  C:\Windows\System\AtjTfHa.exe
  2⤵
  PID:8728
- C:\Windows\System\vYCrEEs.exe
  C:\Windows\System\vYCrEEs.exe
  2⤵
  PID:8752
- C:\Windows\System\bjlHiXM.exe
  C:\Windows\System\bjlHiXM.exe
  2⤵
  PID:8776
- C:\Windows\System\sneKoyF.exe
  C:\Windows\System\sneKoyF.exe
  2⤵
  PID:8816
- C:\Windows\System\OFNAqfw.exe
  C:\Windows\System\OFNAqfw.exe
  2⤵
  PID:8844
- C:\Windows\System\czeTRzP.exe
  C:\Windows\System\czeTRzP.exe
  2⤵
  PID:8892
- C:\Windows\System\RyNRWmc.exe
  C:\Windows\System\RyNRWmc.exe
  2⤵
  PID:8912
- C:\Windows\System\uovhOXy.exe
  C:\Windows\System\uovhOXy.exe
  2⤵
  PID:8988
- C:\Windows\System\MjlePhU.exe
  C:\Windows\System\MjlePhU.exe
  2⤵
  PID:8968
- C:\Windows\System\JiDRmNB.exe
  C:\Windows\System\JiDRmNB.exe
  2⤵
  PID:9000
- C:\Windows\System\xGCKrju.exe
  C:\Windows\System\xGCKrju.exe
  2⤵
  PID:9044
- C:\Windows\System\odmfpCz.exe
  C:\Windows\System\odmfpCz.exe
  2⤵
  PID:9076
- C:\Windows\System\QMFVjca.exe
  C:\Windows\System\QMFVjca.exe
  2⤵
  PID:9112
- C:\Windows\System\HisCQXL.exe
  C:\Windows\System\HisCQXL.exe
  2⤵
  PID:9160
- C:\Windows\System\SKKztES.exe
  C:\Windows\System\SKKztES.exe
  2⤵
  PID:9172
- C:\Windows\System\xGmPIkz.exe
  C:\Windows\System\xGmPIkz.exe
  2⤵
  PID:9196
- C:\Windows\System\wAYFBYf.exe
  C:\Windows\System\wAYFBYf.exe
  2⤵
  PID:8204
- C:\Windows\System\bBjgsEo.exe
  C:\Windows\System\bBjgsEo.exe
  2⤵
  PID:8120
- C:\Windows\System\XLRvLGB.exe
  C:\Windows\System\XLRvLGB.exe
  2⤵
  PID:8224
- C:\Windows\System\aenVdKR.exe
  C:\Windows\System\aenVdKR.exe
  2⤵
  PID:8368
- C:\Windows\System\ZuoSeNU.exe
  C:\Windows\System\ZuoSeNU.exe
  2⤵
  PID:8472
- C:\Windows\System\yASkILW.exe
  C:\Windows\System\yASkILW.exe
  2⤵
  PID:8400
- C:\Windows\System\HUlQqen.exe
  C:\Windows\System\HUlQqen.exe
  2⤵
  PID:8516
- C:\Windows\System\yjRQEFI.exe
  C:\Windows\System\yjRQEFI.exe
  2⤵
  PID:8620
- C:\Windows\System\EmGuWKf.exe
  C:\Windows\System\EmGuWKf.exe
  2⤵
  PID:8660
- C:\Windows\System\lTFYXJL.exe
  C:\Windows\System\lTFYXJL.exe
  2⤵
  PID:8676
- C:\Windows\System\oVdIHFq.exe
  C:\Windows\System\oVdIHFq.exe
  2⤵
  PID:8756
- C:\Windows\System\ztXpyta.exe
  C:\Windows\System\ztXpyta.exe
  2⤵
  PID:8812
- C:\Windows\System\ZigOQiq.exe
  C:\Windows\System\ZigOQiq.exe
  2⤵
  PID:8860
- C:\Windows\System\IHijiKk.exe
  C:\Windows\System\IHijiKk.exe
  2⤵
  PID:8948
- C:\Windows\System\hxYTuNo.exe
  C:\Windows\System\hxYTuNo.exe
  2⤵
  PID:9060
- C:\Windows\System\DEeDqcx.exe
  C:\Windows\System\DEeDqcx.exe
  2⤵
  PID:9152
- C:\Windows\System\FBTuiwu.exe
  C:\Windows\System\FBTuiwu.exe
  2⤵
  PID:9136
- C:\Windows\System\lKhRbDe.exe
  C:\Windows\System\lKhRbDe.exe
  2⤵
  PID:9040
- C:\Windows\System\NWmBLyr.exe
  C:\Windows\System\NWmBLyr.exe
  2⤵
  PID:9100
- C:\Windows\System\QrFQLTt.exe
  C:\Windows\System\QrFQLTt.exe
  2⤵
  PID:7956
- C:\Windows\System\fHbOSvW.exe
  C:\Windows\System\fHbOSvW.exe
  2⤵
  PID:8332
- C:\Windows\System\VDFOqGj.exe
  C:\Windows\System\VDFOqGj.exe
  2⤵
  PID:8724
- C:\Windows\System\geYYzfd.exe
  C:\Windows\System\geYYzfd.exe
  2⤵
  PID:8396
- C:\Windows\System\ZCaLgpR.exe
  C:\Windows\System\ZCaLgpR.exe
  2⤵
  PID:8688
- C:\Windows\System\icuuGjD.exe
  C:\Windows\System\icuuGjD.exe
  2⤵
  PID:8652
- C:\Windows\System\KlgdtZZ.exe
  C:\Windows\System\KlgdtZZ.exe
  2⤵
  PID:8460
- C:\Windows\System\gYipwzU.exe
  C:\Windows\System\gYipwzU.exe
  2⤵
  PID:8496
- C:\Windows\System\FlbKvZW.exe
  C:\Windows\System\FlbKvZW.exe
  2⤵
  PID:8896
- C:\Windows\System\VbwSkrV.exe
  C:\Windows\System\VbwSkrV.exe
  2⤵
  PID:9116
- C:\Windows\System\sUbJKPg.exe
  C:\Windows\System\sUbJKPg.exe
  2⤵
  PID:8972
- C:\Windows\System\tWVjvKs.exe
  C:\Windows\System\tWVjvKs.exe
  2⤵
  PID:9004
- C:\Windows\System\YcaUQYC.exe
  C:\Windows\System\YcaUQYC.exe
  2⤵
  PID:8712
- C:\Windows\System\cYnpBEq.exe
  C:\Windows\System\cYnpBEq.exe
  2⤵
  PID:8572
- C:\Windows\System\VjAtDxq.exe
  C:\Windows\System\VjAtDxq.exe
  2⤵
  PID:7396
- C:\Windows\System\RlwfFBI.exe
  C:\Windows\System\RlwfFBI.exe
  2⤵
  PID:8736
- C:\Windows\System\iDRANCy.exe
  C:\Windows\System\iDRANCy.exe
  2⤵
  PID:9048
- C:\Windows\System\FErAKlW.exe
  C:\Windows\System\FErAKlW.exe
  2⤵
  PID:9180
- C:\Windows\System\tOaiLeu.exe
  C:\Windows\System\tOaiLeu.exe
  2⤵
  PID:9192
- C:\Windows\System\IdrmTIm.exe
  C:\Windows\System\IdrmTIm.exe
  2⤵
  PID:8456
- C:\Windows\System\jSjaPXo.exe
  C:\Windows\System\jSjaPXo.exe
  2⤵
  PID:9020
- C:\Windows\System\eKfyJJQ.exe
  C:\Windows\System\eKfyJJQ.exe
  2⤵
  PID:8716
- C:\Windows\System\jcwASno.exe
  C:\Windows\System\jcwASno.exe
  2⤵
  PID:8528
- C:\Windows\System\rfbgAVv.exe
  C:\Windows\System\rfbgAVv.exe
  2⤵
  PID:8656
- C:\Windows\System\YvjSPFO.exe
  C:\Windows\System\YvjSPFO.exe
  2⤵
  PID:8300
- C:\Windows\System\kOnUAKD.exe
  C:\Windows\System\kOnUAKD.exe
  2⤵
  PID:8944
- C:\Windows\System\tDUapvj.exe
  C:\Windows\System\tDUapvj.exe
  2⤵
  PID:8792
- C:\Windows\System\FvEtSod.exe
  C:\Windows\System\FvEtSod.exe
  2⤵
  PID:9064
- C:\Windows\System\tXaHJLL.exe
  C:\Windows\System\tXaHJLL.exe
  2⤵
  PID:8492
- C:\Windows\System\GifFnVD.exe
  C:\Windows\System\GifFnVD.exe
  2⤵
  PID:9236
- C:\Windows\System\xEtNDUO.exe
  C:\Windows\System\xEtNDUO.exe
  2⤵
  PID:9252
- C:\Windows\System\VbFoAKB.exe
  C:\Windows\System\VbFoAKB.exe
  2⤵
  PID:9280
- C:\Windows\System\CIxUzdn.exe
  C:\Windows\System\CIxUzdn.exe
  2⤵
  PID:9304
- C:\Windows\System\IwsVzhd.exe
  C:\Windows\System\IwsVzhd.exe
  2⤵
  PID:9324
- C:\Windows\System\fAcwhgX.exe
  C:\Windows\System\fAcwhgX.exe
  2⤵
  PID:9340
- C:\Windows\System\cvoMohE.exe
  C:\Windows\System\cvoMohE.exe
  2⤵
  PID:9364
- C:\Windows\System\OwRioCt.exe
  C:\Windows\System\OwRioCt.exe
  2⤵
  PID:9380
- C:\Windows\System\TfMmShb.exe
  C:\Windows\System\TfMmShb.exe
  2⤵
  PID:9400
- C:\Windows\System\iNvnTSX.exe
  C:\Windows\System\iNvnTSX.exe
  2⤵
  PID:9424
- C:\Windows\System\tnkEAyg.exe
  C:\Windows\System\tnkEAyg.exe
  2⤵
  PID:9440
- C:\Windows\System\JzZajpX.exe
  C:\Windows\System\JzZajpX.exe
  2⤵
  PID:9460
- C:\Windows\System\rVAGoMF.exe
  C:\Windows\System\rVAGoMF.exe
  2⤵
  PID:9480
- C:\Windows\System\UzLZTPG.exe
  C:\Windows\System\UzLZTPG.exe
  2⤵
  PID:9504
- C:\Windows\System\htgPPxu.exe
  C:\Windows\System\htgPPxu.exe
  2⤵
  PID:9524
- C:\Windows\System\IOyWgSp.exe
  C:\Windows\System\IOyWgSp.exe
  2⤵
  PID:9540
- C:\Windows\System\vYNPsee.exe
  C:\Windows\System\vYNPsee.exe
  2⤵
  PID:9560
- C:\Windows\System\jvwqSnk.exe
  C:\Windows\System\jvwqSnk.exe
  2⤵
  PID:9584
- C:\Windows\System\DzHOohY.exe
  C:\Windows\System\DzHOohY.exe
  2⤵
  PID:9600
- C:\Windows\System\WVvgmCg.exe
  C:\Windows\System\WVvgmCg.exe
  2⤵
  PID:9628
- C:\Windows\System\UcHEplq.exe
  C:\Windows\System\UcHEplq.exe
  2⤵
  PID:9644
- C:\Windows\System\qXJOSUc.exe
  C:\Windows\System\qXJOSUc.exe
  2⤵
  PID:9668
- C:\Windows\System\GeQWRZk.exe
  C:\Windows\System\GeQWRZk.exe
  2⤵
  PID:9684
- C:\Windows\System\HKfrKsD.exe
  C:\Windows\System\HKfrKsD.exe
  2⤵
  PID:9708
- C:\Windows\System\pRzckvo.exe
  C:\Windows\System\pRzckvo.exe
  2⤵
  PID:9724
- C:\Windows\System\FkgljCx.exe
  C:\Windows\System\FkgljCx.exe
  2⤵
  PID:9740
- C:\Windows\System\SBsUGCc.exe
  C:\Windows\System\SBsUGCc.exe
  2⤵
  PID:9756
- C:\Windows\System\NlCfwYW.exe
  C:\Windows\System\NlCfwYW.exe
  2⤵
  PID:9776
- C:\Windows\System\mQBCgZE.exe
  C:\Windows\System\mQBCgZE.exe
  2⤵
  PID:9796
- C:\Windows\System\fnGskPl.exe
  C:\Windows\System\fnGskPl.exe
  2⤵
  PID:9816
- C:\Windows\System\YIZBSNI.exe
  C:\Windows\System\YIZBSNI.exe
  2⤵
  PID:9836
- C:\Windows\System\RrEWOac.exe
  C:\Windows\System\RrEWOac.exe
  2⤵
  PID:9852
- C:\Windows\System\wlLruhh.exe
  C:\Windows\System\wlLruhh.exe
  2⤵
  PID:9868
- C:\Windows\System\zWSrlvD.exe
  C:\Windows\System\zWSrlvD.exe
  2⤵
  PID:9888
- C:\Windows\System\BdfusqP.exe
  C:\Windows\System\BdfusqP.exe
  2⤵
  PID:9904
- C:\Windows\System\YrQKpVs.exe
  C:\Windows\System\YrQKpVs.exe
  2⤵
  PID:9940
- C:\Windows\System\mHhlJkL.exe
  C:\Windows\System\mHhlJkL.exe
  2⤵
  PID:9956
- C:\Windows\System\BWXqlac.exe
  C:\Windows\System\BWXqlac.exe
  2⤵
  PID:9980
- C:\Windows\System\GvOsCwR.exe
  C:\Windows\System\GvOsCwR.exe
  2⤵
  PID:9996
- C:\Windows\System\UZhkOMG.exe
  C:\Windows\System\UZhkOMG.exe
  2⤵
  PID:10020
- C:\Windows\System\dBfXJcZ.exe
  C:\Windows\System\dBfXJcZ.exe
  2⤵
  PID:10036
- C:\Windows\System\rBwwvtU.exe
  C:\Windows\System\rBwwvtU.exe
  2⤵
  PID:10052
- C:\Windows\System\JSoZPgW.exe
  C:\Windows\System\JSoZPgW.exe
  2⤵
  PID:10068
- C:\Windows\System\WzYOlmp.exe
  C:\Windows\System\WzYOlmp.exe
  2⤵
  PID:10084
- C:\Windows\System\qYxzSHr.exe
  C:\Windows\System\qYxzSHr.exe
  2⤵
  PID:10108
- C:\Windows\System\RNgCOcW.exe
  C:\Windows\System\RNgCOcW.exe
  2⤵
  PID:10148
- C:\Windows\System\mMPqRzG.exe
  C:\Windows\System\mMPqRzG.exe
  2⤵
  PID:10168
- C:\Windows\System\rSxGmlx.exe
  C:\Windows\System\rSxGmlx.exe
  2⤵
  PID:10184
- C:\Windows\System\FygWzWy.exe
  C:\Windows\System\FygWzWy.exe
  2⤵
  PID:10200
- C:\Windows\System\pUSyIRS.exe
  C:\Windows\System\pUSyIRS.exe
  2⤵
  PID:10220
- C:\Windows\System\gJXjpcC.exe
  C:\Windows\System\gJXjpcC.exe
  2⤵
  PID:10236
- C:\Windows\System\MwdmRtn.exe
  C:\Windows\System\MwdmRtn.exe
  2⤵
  PID:8872
- C:\Windows\System\pMZwHIs.exe
  C:\Windows\System\pMZwHIs.exe
  2⤵
  PID:9272
- C:\Windows\System\fgaKsPR.exe
  C:\Windows\System\fgaKsPR.exe
  2⤵
  PID:9292
- C:\Windows\System\DMYqLRG.exe
  C:\Windows\System\DMYqLRG.exe
  2⤵
  PID:9316
- C:\Windows\System\ysuAyHJ.exe
  C:\Windows\System\ysuAyHJ.exe
  2⤵
  PID:9372
- C:\Windows\System\YBKokcp.exe
  C:\Windows\System\YBKokcp.exe
  2⤵
  PID:9396
- C:\Windows\System\LOXIBTS.exe
  C:\Windows\System\LOXIBTS.exe
  2⤵
  PID:9420
- C:\Windows\System\RJtqkla.exe
  C:\Windows\System\RJtqkla.exe
  2⤵
  PID:9456
- C:\Windows\System\pPZiqCi.exe
  C:\Windows\System\pPZiqCi.exe
  2⤵
  PID:9488
- C:\Windows\System\rAlfxZX.exe
  C:\Windows\System\rAlfxZX.exe
  2⤵
  PID:9512
- C:\Windows\System\NgbFMKr.exe
  C:\Windows\System\NgbFMKr.exe
  2⤵
  PID:9556
- C:\Windows\System\qtBDsjf.exe
  C:\Windows\System\qtBDsjf.exe
  2⤵
  PID:9568
- C:\Windows\System\jfokDoq.exe
  C:\Windows\System\jfokDoq.exe
  2⤵
  PID:9592
- C:\Windows\System\yQzpGaY.exe
  C:\Windows\System\yQzpGaY.exe
  2⤵
  PID:9636
- C:\Windows\System\dczzxMq.exe
  C:\Windows\System\dczzxMq.exe
  2⤵
  PID:9664
- C:\Windows\System\EhcUFWr.exe
  C:\Windows\System\EhcUFWr.exe
  2⤵
  PID:9680
- C:\Windows\System\oVZxbjD.exe
  C:\Windows\System\oVZxbjD.exe
  2⤵
  PID:9716
- C:\Windows\System\cCxtkMS.exe
  C:\Windows\System\cCxtkMS.exe
  2⤵
  PID:9768
- C:\Windows\System\EivrqHa.exe
  C:\Windows\System\EivrqHa.exe
  2⤵
  PID:9808
- C:\Windows\System\qyghjIH.exe
  C:\Windows\System\qyghjIH.exe
  2⤵
  PID:9752
- C:\Windows\System\kPakJVU.exe
  C:\Windows\System\kPakJVU.exe
  2⤵
  PID:9848
- C:\Windows\System\xYDsPcl.exe
  C:\Windows\System\xYDsPcl.exe
  2⤵
  PID:9936
- C:\Windows\System\zLPVHof.exe
  C:\Windows\System\zLPVHof.exe
  2⤵
  PID:9972
- C:\Windows\System\PqxSIOy.exe
  C:\Windows\System\PqxSIOy.exe
  2⤵
  PID:10016
- C:\Windows\System\xGFaeUR.exe
  C:\Windows\System\xGFaeUR.exe
  2⤵
  PID:10076
- C:\Windows\System\feGCBhR.exe
  C:\Windows\System\feGCBhR.exe
  2⤵
  PID:10128
- C:\Windows\System\QZuDvOj.exe
  C:\Windows\System\QZuDvOj.exe
  2⤵
  PID:10092
- C:\Windows\System\QtCRUIu.exe
  C:\Windows\System\QtCRUIu.exe
  2⤵
  PID:10064
- C:\Windows\System\YmNKxCl.exe
  C:\Windows\System\YmNKxCl.exe
  2⤵
  PID:10176
- C:\Windows\System\yYaPVQE.exe
  C:\Windows\System\yYaPVQE.exe
  2⤵
  PID:10212
- C:\Windows\System\aHTDffi.exe
  C:\Windows\System\aHTDffi.exe
  2⤵
  PID:9248
- C:\Windows\System\taTxYEg.exe
  C:\Windows\System\taTxYEg.exe
  2⤵
  PID:10192
- C:\Windows\System\uNMoVEG.exe
  C:\Windows\System\uNMoVEG.exe
  2⤵
  PID:9356
- C:\Windows\System\RSBzICR.exe
  C:\Windows\System\RSBzICR.exe
  2⤵
  PID:9312
- C:\Windows\System\moFJiQM.exe
  C:\Windows\System\moFJiQM.exe
  2⤵
  PID:9416
- C:\Windows\System\FCMDFLM.exe
  C:\Windows\System\FCMDFLM.exe
  2⤵
  PID:9580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATXrxLQ.exe

Filesize
6.0MB

MD5
6dcba082e77dd08f50ab545afc4cb985

SHA1
9677974739b65d536473418e6c80e7d2e7c01a89

SHA256
bc3ca23b3185140718557f8f355a862307c09f36c96b6c490ff5adf74aae8642

SHA512
b3064d48bdf2f1d00d345ccf7aee82edab5ac3d5fa6e01167045366675af0c5a52637529431a25f87bb44c52181e1ef6a7a7f64f13379064706c111c75170d80

Download Submit
C:\Windows\system\BnqgBSC.exe

Filesize
6.0MB

MD5
bf2c4309532ae92db859876a961bde2f

SHA1
67a41cb318e1b00a87c186f091c958d40fc0c8ae

SHA256
1451e7e7b776eb20a843aaa511653f8f66c1a990f5b1589aa25342f71ab4d664

SHA512
23a4488352e1e1c5750ef8d36303a631781b6944b2c8bba418c2eaf24790531b633ca1449deac849a2ac37b996c13d9fac9a9157eb165d8919953cb79d481449

Download Submit
C:\Windows\system\DttjqPN.exe

Filesize
6.0MB

MD5
4accf957bd2bd0a90890f77838432440

SHA1
7906acb2fc81806c1d95cc25fb5ebb3884d7918f

SHA256
a5225550f6281c0f6b797f77f638b250817320a4427e87be8ba125456100c7c8

SHA512
bceea2ded63f93b19655ed632c2db8adfa4f8ad1d86db63e9a720cb8fb6ff6ec0c482de368711296d6ffb602c02d92932b7b1947a16e9c338c7949f71028195b

Download Submit
C:\Windows\system\GgrkHFh.exe

Filesize
6.0MB

MD5
ae45593131b35afb8bb72df267dcf7c1

SHA1
a7bdee394d604362819b3298e9e61c0b8794a83d

SHA256
aa7d1534840aff0f7abf33cfd0d0aa8f33f49b0385d8acbc39d3140899c4abf4

SHA512
0c51fa81b07876108e44281971044a284ba3baf699e62d8b184083787b390e778cedec7ab390c702825490d6f6ac8eec38ff72dbbd4de9643ae8a55ff36a6811

Download Submit
C:\Windows\system\HxPnJsb.exe

Filesize
6.0MB

MD5
298f1e7e79d68b9a69f5134bee34817a

SHA1
83f988bb90d568c33d4ea1507b198965701c8e8a

SHA256
061db1f54ba3e671d5b7292535189635a60e904c438bb5e4172bd1b81dda3b56

SHA512
e124e549c31d239cb33a3a7a9f48d646cbee237bf539bc7baf189f032ce92d48e257f01c9d03cfc2d69837d43ffe25e62a9b582f88ff0e0944fb7ee16d1912cc

Download Submit
C:\Windows\system\IdeoZJQ.exe

Filesize
6.0MB

MD5
f289f18ff09fc6770fd61f9d059ff359

SHA1
123c1808f2c8b71874fd501d396f7a4975a3a4be

SHA256
acd0e96300d726cad58f45bfcd4de712df720d98e8b93c93df83c995cf5b0a35

SHA512
20987f3ac79b1bca6bab2669496c01f211f33aabcdfcf64f35eebb24cacbfc1a5be90225fb01ac5721c240999cacb84143edd053afe96e3665d45cf7388e31dd

Download Submit
C:\Windows\system\MkHzdiF.exe

Filesize
6.0MB

MD5
7ac43816a44572708635d7d7f12725db

SHA1
49c56d7a6f1d4076cf467b3ca11cc87016a85124

SHA256
493c773410d5300689bbf19891352c7ff5b930dc7167a4312b1194293c69d097

SHA512
5848201108211a89a52416bf2f687b6ffcad3db00da42cc3b36d788b9c20e34c8149dd54c24060a6a8a2c8bd9868dbe9b404f44d784781e86ffdbe0ebb497741

Download Submit
C:\Windows\system\NxaYTpj.exe

Filesize
6.0MB

MD5
3317147db2403390572395395ce6ef05

SHA1
8aa7ad5db5f0f9ab8f12f07c52b0dbe850c3cf2d

SHA256
e1153d6e2133284d6fcfdfb88f5c691a12dc3513ebd573a5544ec3b6809dd7e0

SHA512
cb079c256ae0a19448f49a8291d228c32769f13a617a66ccbfc89c3aa99f9ff2e3aa078c1b7c9fdd34a9063d4f9f54153d119c9066f406914fe9abd2324fc70d

Download Submit
C:\Windows\system\RduRmXC.exe

Filesize
6.0MB

MD5
74feae0d895ac9567ee658fa5d81a168

SHA1
eebd0d6d531caebfdd799ca804919cc2cf4074e5

SHA256
ca26339c897c3218e077bac010c10a62a46bf1b72a79af8c7a9ce40d08670c76

SHA512
0b3304e54b7d62a9faf7a9d0d3ed7b337e51a8d754969edc644876c0b398fac0cd576939f57c3c4ae2a6c3e33fd272f57be119fa822e3db3c9416d68d90c5407

Download Submit
C:\Windows\system\TUZyNoi.exe

Filesize
6.0MB

MD5
ae868e1fd7cb49bff96f0143350f94d2

SHA1
e3dce883692368497294a2af25ac1a90a909be6c

SHA256
1f9d2910ae9cd90a4c0ccce720a57f17d2822e08d9a2ecc3ea505a90a12cc9f2

SHA512
0e3948c46fdf55ad6a2c4b1a7c5cdebb0e5ba4d80f6f269374e2d94bb3a6796d28b83be94584a0ef5128838c98d377f8602f78081f253176a3774aa19c9f726b

Download Submit
C:\Windows\system\UGoiwuG.exe

Filesize
6.0MB

MD5
bb35f8553cf2155e8284662a7873010d

SHA1
c121d274e797ac324d70541974c789db237d0c0b

SHA256
9f11733f553b1057f4cc33346f095c4f7e3401fa98a0203f613ade96e4e8d451

SHA512
0ffb607190e5818552281de99ef076b9eca2267ab6752a04c48de5ee48e4eecd098d9dba126598a2234bcbf844f052fca487f71f80cca5b61f88ec3a9cbb8d20

Download Submit
C:\Windows\system\aVNygyp.exe

Filesize
8B

MD5
7c36a768a1420718b8e4001740765a6f

SHA1
fc7fad66e7e65969645939d30f54da0803ee79b4

SHA256
e0d2b19d26ca40fe265fb176d03a0dd6edd36bea78cf6f3b0749d36eb6c4ae4e

SHA512
120d7d4336b9580b03bb9e7b234ad1b128a81b6c2a821acd036b0aac32f0834375723a14480b00bc232d7074cca61fbcb1d42866a6054b76a6a5702c04148fe2

Download Submit
C:\Windows\system\bmiNIEs.exe

Filesize
6.0MB

MD5
c039ea1d569faeee725d1b355a8b22ab

SHA1
387c5f8dc4bd02d637d42f70d7510bd498b1fe9d

SHA256
2b8ac4c42f39c316fb5ef23d3c5e5007ec06adb7eebfa6767330c6eff9919673

SHA512
1ab55777e820a0381820e8ea25a8853b3ea99830e8736600619dad5fa8a44b4afe3be7baa1b26deb341cf5fdbb514f65f9119d21ae68de90b12b84e14c3da297

Download Submit
C:\Windows\system\dZZFJGr.exe

Filesize
6.0MB

MD5
7035efff13260d896d5af407e095bbb8

SHA1
0e07f45fc5c6e9fd89f2a5dbe6eaf1a3c885b255

SHA256
6bd2cabff244319e32d1b49fb6ef2dd82406bd615bffea4e673a59c92baa8498

SHA512
6f881bb3c061d9dec22cda304dd6746d8734f5ba7400ffc150cd65d109f9b3118096bd4336ccc084135fc67e6b1509efb801248a6330e039a33cda5136d1ef62

Download Submit
C:\Windows\system\eUAGlXr.exe

Filesize
6.0MB

MD5
ba9ca5891fc67305483c6728c136d886

SHA1
3614cffe4cbe053dccd8e7333b6a5aac71829d0e

SHA256
43c0824e1109f500eb09669c67e5bb0c40f66fe60244144d9dee284e5ce37360

SHA512
1febbe0343ae9204dc3ebafb8c74605d9fb3f96d192a0f2a47a834740c1d9c4938961944cd62616e0d94e4ee29a7acc069c9a6a386e562af8518b44ac1b0d62f

Download Submit
C:\Windows\system\gIVfPVL.exe

Filesize
6.0MB

MD5
ff4aa7c8140c747d944eebf3b915722b

SHA1
1733c4c807edb4e5b17ed306d38b6114ee146d97

SHA256
157e3cb2a7765d194425bd384a7e21e57a00ffc028e82a36eb59ce717d9410af

SHA512
9ee48e493b0b0fd2d42c038bf21fa2c8facce5e1589b7bcc7c74e987bdccbe53dea84bdbca92ce92106b46ccd84db80fa0f9fba90108649b3d043766b56eab0f

Download Submit
C:\Windows\system\gVnDeTE.exe

Filesize
6.0MB

MD5
3cf6fda494716ccda32b2eab37e1e506

SHA1
caeb0ac7f6a0488fc301468c42bf2493586625a1

SHA256
d73b9485f8cc0082910b4f5ef7042f2043c20800c54a82fbf9637d80cd0c15d5

SHA512
dcc03eeaf065f74fedb254d6aa86b9da940022ac907a52c41990387da9009d8f612c1174ec8ad6812878e19b6ab4c32ac75a8ffe25f52e770cf996e36de54328

Download Submit
C:\Windows\system\hLxFKUN.exe

Filesize
6.0MB

MD5
be7e4bc88f8771870dbf8651119379ec

SHA1
3ae91c2884dad8c22a5f69dfaf25afdf2b5c0a90

SHA256
2800b516d056a5a55b111bfdc7fa116094cdc61232390af74e091f9bfb254f19

SHA512
60478b159046991c751c49e1882c9b5105136bb3f53f60a846d593ebb823dfcef07b5fbdffbe88c1c5154778861275ecacb259e7062af53478be34cf027eb7d0

Download Submit
C:\Windows\system\ixOfFNi.exe

Filesize
6.0MB

MD5
f9aadbf101092de99d5e4f380dde43fe

SHA1
ecdf155db3e5a5c4f182a32d569b3831e4dd2420

SHA256
d05e273d8c2d88bfbf90274ff3605ca913b2d914d16810bd18edee0547b5466f

SHA512
41a583334b58aee68892f09eb28f845be6793fdc2554113a8ed24459e5493766d01d062fde07b3804c8bfb3b279b92088335b75625274b7c406e5727b434581f

Download Submit
C:\Windows\system\jIZiPxR.exe

Filesize
6.0MB

MD5
b91f3af8274331891d551270568a4cc2

SHA1
c5b21dfc7d71842f623069d14d4a2083da12b28d

SHA256
c6673b6d40fb7b964e4e0ea280202f79b53a1868dc8012a5ea5ba8c4573529f8

SHA512
97a4aab4c1ed77147b395c417f700b65a8f18b5e5d88b601373f59ab1a4d830c859730402c61dd6035cc164059330b0a7a5eb7f46ebbcbbe3806737e01fbdfc7

Download Submit
C:\Windows\system\jeanhIn.exe

Filesize
6.0MB

MD5
f5d2171355676205c663fd61c6185ffa

SHA1
e191645d02cc3c8b30f5e662e3de83be537c10a7

SHA256
5b4fc44b2ff6f0138d0ba885a23245aee4cb4525b60d47f64e7586dc2bde4d57

SHA512
67b50050be8c823e15690ebe508b47febedc71cc0b21b0b332ef30ab26a9273ce62aef505fd6441e4f3816626621d4d1c578431adb49a29978b9f77f799d315b

Download Submit
C:\Windows\system\lILkAwj.exe

Filesize
6.0MB

MD5
5d19d30cd8c45eed6e48d1dbbf5ef276

SHA1
74c120f9df391f0f2457315b20c6d4b146b65938

SHA256
699e9daa0064c3458525466503e8cc6bc8cd3369273340de4980cba677df6dab

SHA512
597937f3973d651527122991f9c936b382732f8022ec1f6cab77b3ce814a42f4baf3d556af1210410185309f50e7cf6c7e453363a1c67ab22fa3778ed5b50138

Download Submit
C:\Windows\system\sPSylQR.exe

Filesize
6.0MB

MD5
dc2dd7477d4019bddf5d21097df5d07f

SHA1
d2a9a6a51d9155614af4fed06a9b08ebb54b36e3

SHA256
08aa5af03f1ec611efbf15ceef611f7a6f1af387244e15b049141238d7ff58b7

SHA512
af9ac18a4f8afccecd06f4f225b454a8f84944efda636403e8c2fe735d99ad20833c6ec2963eba50d10d07ec635b6526f9c3d6c99133cd1f84b6948c31a0db66

Download Submit
C:\Windows\system\uTGpjLy.exe

Filesize
6.0MB

MD5
9e8a356d03776452cda988b164792598

SHA1
93faa2a3917c229006b5ed94ed45259a9afb7693

SHA256
7106107f542a23fde36b7ebbeb2971381bf4c452e8db770452ffc682cd570fc2

SHA512
9e2a16520ab8ed0a9d356775100ebcef9c5e5fa39fb1cd94eccf1ed160454b42190ddcc05cd9c151c76f1f7892715f582f742a99ef233dfc177239869a7713d3

Download Submit
C:\Windows\system\ugYuKxG.exe

Filesize
6.0MB

MD5
b28b7d819d4e89c17048dc57bb41818a

SHA1
399f944d9171426ce4481f4f03858433cc91c060

SHA256
931e896cc833651c9632a93ce3e7a75a36f113596e9abaf7be41f997f3ddd4a7

SHA512
16c138f4ff34b6acf1e8e2f92a2d0e5a14e847aeb683a74ceebed79a1d172215f083f1d0f5693ef64ee2a4f953f421d9262f83de38f5bebf533db63b2f7f2d75

Download Submit
C:\Windows\system\vygroew.exe

Filesize
6.0MB

MD5
0e6261cc1e91ef7aee8f657ce04e7475

SHA1
6f245721c780c8c98683b19e7280350b1a0d128e

SHA256
695273cbd398db6424d10a24a60099d102e4f0b21a12b9136b4aca7cae265839

SHA512
91381c4463cc54c3d7b9d137a7983c317c00137235ef506b9e5b352051793b2a4419d17e214b238a1f053b7c1f29b51975af6b9f06539463c52b7e48c9226366

Download Submit
C:\Windows\system\wGNsfJr.exe

Filesize
6.0MB

MD5
64c44968b9496d974f8c7f160c36e7cf

SHA1
927eb7dcc29380ee12e428df131034bf4dfc7c5e

SHA256
acdbf9ab7c90037e5b1c8198810cd60eb928f073d8ae92b4e1c6dd0f19025419

SHA512
ab46e0f23ef65710ac828da7eaef8e09ec2f48ef612f45371cad5ecbab654ed31e8d7aafb6fc8abf03bbf73ae0baad24588f2a70233c6288a93f8ab80e26a4dd

Download Submit
C:\Windows\system\wntMlZK.exe

Filesize
6.0MB

MD5
e3640bd394a4cf008dcaab4cba6f56b1

SHA1
a7e1027474aeb915b25414066cb05e15c72e853e

SHA256
4b0cbbd44e312d2b679e3c63520b72951a518a08170bc030e0dff9aa07ad981a

SHA512
98b3d5f0e6dc24f2fa9b7b4a0aff8f9a24dab994906599a2a74515c8ce9070f9bdccf06244e57ff594dcea0110a5b8a567146b91858a45a02eb0dcfe7d78e666

Download Submit
\Windows\system\HABussA.exe

Filesize
6.0MB

MD5
03f7b2b63aca500458088d8c229e3271

SHA1
6e6d42741e6229f2a5922edac39030deb7ba34db

SHA256
d151f55d8d8bb75b3a520da45007bae6ebb47a9c9705a06f26ee6c6ddea98451

SHA512
319a39aa0523898310a9c3594b5382320f92aa8c5724fa8e41620d1194437d91f1c9bb1abac82710d6e7957390d93c41e5ad670de9e80bce961e4c2b31853da3

Download Submit
\Windows\system\McGCNoX.exe

Filesize
6.0MB

MD5
de9cfdadddd1dca1e6a8ef9b5d1d7292

SHA1
52e5a39f6c280ecbdf7f3200dd317f08a01b603e

SHA256
db7437799b45f426d114f897a9013da4c2b05ae8e2a9ebf9864cf555a70f8770

SHA512
3df5e3cd5a8946917b6338a5984d2a93c8ae82850380fd15404e4f7b7e050dcf83bfee303e177c05520513883a6d2ce4450c9c4e68e722a05522c659e8817459

Download Submit
\Windows\system\OOSiKxs.exe

Filesize
6.0MB

MD5
fcb67581e05c1f3a3bd77c93f1c7684b

SHA1
b2b41b9549fe8d012b005d416d2ee75838615753

SHA256
fb58ce1786ccaba2bbd5e738e776967fda735f8907eef299f415b9eb2e52c925

SHA512
d75d61f3e91580193e5ce60172bff1fee26adbe945c1e2f7e5fc644e13655d9a3e4ddb96580f3b0a5fc63a8b33053af967aae01cabed8a0c9dae28b162768c8f

Download Submit
\Windows\system\QlyRGeN.exe

Filesize
6.0MB

MD5
f4fc2c7de08506f081740c0c8527fa15

SHA1
4f59ac7c3a508c565d7a8417103eb5d480880a1a

SHA256
70e725085437649649a182411f4362b788d163beb2226299bf21c7708259033a

SHA512
defdf213bd468c11026740257a389af87901c9edfb3a63f1b5c5fb1716ea7e418a08f8458f9738682f4481bbd09cdc8b90f1cbffe6a3c7b48cc202f87fbafef5

Download Submit
\Windows\system\yxEdVim.exe

Filesize
6.0MB

MD5
a2e35d14a0ae62c5fc7012fac9dc345a

SHA1
dd5a244875b2a55bbf096d469d0f8b39fc643e6e

SHA256
5ea24629508d6befe68d57c8e60c3e6b5024cea43ddf4a08553e3b4489d06ee3

SHA512
830a1a2a16a3dfd3fd647e8eb259cdf12c89bb6cbaab17b737b8928d49753a61d3519073800bbc3945878b7d97a3218229726bf255545d7efdb397762c648060

Download Submit
memory/860-937-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/860-3519-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/860-97-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/864-33-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/864-3441-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-23-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3439-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-75-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-74-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2280-482-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2280-28-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2280-781-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-6-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-0-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2280-78-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-61-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-318-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-63-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2280-16-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-100-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2280-89-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-69-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3449-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-11-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3512-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2616-64-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2676-684-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-87-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3507-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3518-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-582-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-81-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3455-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-65-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-62-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3458-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2812-57-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3452-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2820-37-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3508-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2820-86-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3489-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-92-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-881-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-15-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3445-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3462-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3040-76-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3040-394-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download