cobaltstrike | 85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf

Analysis

max time kernel
148s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
Size

6.0MB
MD5

7dc6f761680515a073aa31209fe1dfe7
SHA1

f0834c93fa5092481e6e3aba8c086dea2836085d
SHA256

85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf
SHA512

08c1b42d2d3098cd7650e6e8109e53e608ca60d7ec12a8461defe128672459d1eb4bb95dab5a8afea6ca5f8348e053a9efb3d8e13b14a068acb16e21ab5050f7
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUo:eOl56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000018334-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195a9-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195ab-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-23.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a1-205.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49f-199.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-80.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bd-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b7-51.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195bb-58.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b5-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019547-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1580-0-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0003000000018334-3.dat	xmrig
behavioral1/files/0x00080000000195a9-13.dat	xmrig
behavioral1/files/0x00070000000195ab-10.dat	xmrig
behavioral1/memory/2812-22-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195af-23.dat	xmrig
behavioral1/memory/2724-28-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2616-44-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2716-36-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2704-52-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2608-59-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-69.dat	xmrig
behavioral1/memory/3064-74-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2716-73-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a473-84.dat	xmrig
behavioral1/memory/1988-90-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2844-100-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2392-108-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a480-131.dat	xmrig
behavioral1/memory/3064-133-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000500000001a484-142.dat	xmrig
behavioral1/files/0x000500000001a486-147.dat	xmrig
behavioral1/files/0x000500000001a488-153.dat	xmrig
behavioral1/files/0x000500000001a499-184.dat	xmrig
behavioral1/memory/2392-367-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2844-316-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1988-237-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a1-205.dat	xmrig
behavioral1/files/0x000500000001a49f-199.dat	xmrig
behavioral1/files/0x000500000001a49e-194.dat	xmrig
behavioral1/memory/1580-190-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-188.dat	xmrig
behavioral1/files/0x000500000001a493-178.dat	xmrig
behavioral1/files/0x000500000001a491-174.dat	xmrig
behavioral1/files/0x000500000001a48f-168.dat	xmrig
behavioral1/files/0x000500000001a48a-158.dat	xmrig
behavioral1/files/0x000500000001a48d-164.dat	xmrig
behavioral1/memory/2932-155-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a482-136.dat	xmrig
behavioral1/files/0x000500000001a47d-125.dat	xmrig
behavioral1/files/0x000500000001a47b-120.dat	xmrig
behavioral1/files/0x000500000001a479-116.dat	xmrig
behavioral1/memory/2560-107-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a477-106.dat	xmrig
behavioral1/memory/2608-99-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-98.dat	xmrig
behavioral1/memory/2704-89-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1580-86-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2932-82-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/1580-85-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2616-81-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-80.dat	xmrig
behavioral1/memory/2560-67-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2724-66-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bd-65.dat	xmrig
behavioral1/files/0x00060000000195b7-51.dat	xmrig
behavioral1/files/0x00080000000195bb-58.dat	xmrig
behavioral1/memory/1580-35-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b5-34.dat	xmrig
behavioral1/files/0x0007000000019547-42.dat	xmrig
behavioral1/memory/1748-40-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2736-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1748-11-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2392-1525-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1748	YYaWSgD.exe
2736	imKTSKL.exe
2812	fZkjOIZ.exe
2724	nKxLUcY.exe
2716	etsBznF.exe
2616	xHIoPgB.exe
2704	LEaVFaK.exe
2608	UFVhysj.exe
2560	iESKPIH.exe
3064	uZPCBjK.exe
2932	QcTVMYk.exe
1988	iwbxjqp.exe
2844	StbQdVm.exe
2392	uiQcKOP.exe
2132	fVfbocc.exe
832	nlhUgUf.exe
2632	jPPDsdp.exe
332	tfcDkel.exe
800	wOdjgij.exe
524	duLzuRM.exe
2468	hUYDvyw.exe
2348	ecearvN.exe
2404	SaOPPfH.exe
1928	EvbsuYE.exe
2356	KVqkPCT.exe
2108	EIrbuqU.exe
1368	HMigSVi.exe
944	dtViObg.exe
1600	FAbiXvP.exe
2492	HYYMGqg.exe
112	kbOLwqu.exe
1700	NihGEPs.exe
2076	ssFGvWY.exe
1472	NjzeVCj.exe
1528	RuBzUYn.exe
1508	AaYfwtE.exe
2840	cqRLMzy.exe
1848	bSIZERE.exe
1604	QPuujqO.exe
2080	hSNjBeE.exe
1248	OcUYIGp.exe
2368	hERVIWw.exe
2512	dIJSJTz.exe
1188	xjtgyrf.exe
2232	XjFGwyR.exe
2456	RotCynh.exe
2380	BKocWbD.exe
892	oeUEGqu.exe
1980	dCRIyHu.exe
2248	EgpaDDC.exe
1564	dcTjDtK.exe
1592	aaKllrm.exe
2748	aAulZKv.exe
2876	KqmnOTM.exe
2052	YklVOTN.exe
2928	HgwOMjt.exe
2592	ViIFPbi.exe
2308	JpGYBxj.exe
2652	SvIXLch.exe
2936	TKHlnqi.exe
2680	wGKPmtv.exe
3036	wmvoZbN.exe
2304	mrkpTdS.exe
548	hjNmWJl.exe

Loads dropped DLL 64 IoCs

pid	Process
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1580-0-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0003000000018334-3.dat	upx
behavioral1/files/0x00080000000195a9-13.dat	upx
behavioral1/files/0x00070000000195ab-10.dat	upx
behavioral1/memory/2812-22-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x00070000000195af-23.dat	upx
behavioral1/memory/2724-28-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2616-44-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2716-36-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2704-52-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2608-59-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-69.dat	upx
behavioral1/memory/3064-74-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2716-73-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000500000001a473-84.dat	upx
behavioral1/memory/1988-90-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2844-100-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2392-108-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001a480-131.dat	upx
behavioral1/memory/3064-133-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x000500000001a484-142.dat	upx
behavioral1/files/0x000500000001a486-147.dat	upx
behavioral1/files/0x000500000001a488-153.dat	upx
behavioral1/files/0x000500000001a499-184.dat	upx
behavioral1/memory/2392-367-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2844-316-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1988-237-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000500000001a4a1-205.dat	upx
behavioral1/files/0x000500000001a49f-199.dat	upx
behavioral1/files/0x000500000001a49e-194.dat	upx
behavioral1/files/0x000500000001a49a-188.dat	upx
behavioral1/files/0x000500000001a493-178.dat	upx
behavioral1/files/0x000500000001a491-174.dat	upx
behavioral1/files/0x000500000001a48f-168.dat	upx
behavioral1/files/0x000500000001a48a-158.dat	upx
behavioral1/files/0x000500000001a48d-164.dat	upx
behavioral1/memory/2932-155-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000500000001a482-136.dat	upx
behavioral1/files/0x000500000001a47d-125.dat	upx
behavioral1/files/0x000500000001a47b-120.dat	upx
behavioral1/files/0x000500000001a479-116.dat	upx
behavioral1/memory/2560-107-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x000500000001a477-106.dat	upx
behavioral1/memory/2608-99-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000500000001a475-98.dat	upx
behavioral1/memory/2704-89-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2932-82-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2616-81-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000500000001a471-80.dat	upx
behavioral1/memory/2560-67-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2724-66-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00070000000195bd-65.dat	upx
behavioral1/files/0x00060000000195b7-51.dat	upx
behavioral1/files/0x00080000000195bb-58.dat	upx
behavioral1/memory/1580-35-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000195b5-34.dat	upx
behavioral1/files/0x0007000000019547-42.dat	upx
behavioral1/memory/1748-40-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2736-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1748-11-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2392-1525-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2608-1530-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2704-1550-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1748-1545-0x000000013F120000-0x000000013F474000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lTPhiRN.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\tBItsKj.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\dnOhFpI.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\uVWqvRH.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\ISlVNyx.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\wZWcrli.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\KKqYWtn.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\ssFGvWY.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\TbcpjAB.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\fdRNCCb.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\jHaAtMI.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\xBTUiar.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\NWhMpQI.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\JBKbAcR.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\RotCynh.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\RQZAodb.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\JSQyKXt.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\vqkzFgA.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\tYKcLMi.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\KaXswVn.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\nGFsnHO.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\BuMeJWY.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\wKfvCgH.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\DBwiHxd.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\PLvaFvu.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\FgepEGt.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\mMjWmmF.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\AhzUXlZ.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\ZzJydAo.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\hJbwctD.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\hERVIWw.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\MMECRja.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\biZWIpK.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\oHWxsul.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\uZJITra.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\phPsKAs.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\uiQcKOP.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\xGrSEfT.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\LsfmnvL.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\VYLVKKb.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\XjYKrtH.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\USIwYDu.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\wPwRxXi.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\KKEVmLb.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\mCvRCmC.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\EFxHnMS.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\TIixjdk.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\NkUJxpV.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\dDBOIcX.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\TBGSuiz.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\oiuFaAz.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\BDREbrX.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\mMXqTDj.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\EUVCunL.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\bMiHjKh.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\VlqSFNc.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\AMmQXTw.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\smJpuej.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\RqSuUHo.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\dumnxKP.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\zwtjelz.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\TicWhhW.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\QxVJWCD.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
File created	C:\Windows\System\dGCyNCC.exe	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
7008	BkPINGA.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1748	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	31
PID 1580 wrote to memory of 1748	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	31
PID 1580 wrote to memory of 1748	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	31
PID 1580 wrote to memory of 2736	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	32
PID 1580 wrote to memory of 2736	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	32
PID 1580 wrote to memory of 2736	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	32
PID 1580 wrote to memory of 2812	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	33
PID 1580 wrote to memory of 2812	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	33
PID 1580 wrote to memory of 2812	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	33
PID 1580 wrote to memory of 2724	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	34
PID 1580 wrote to memory of 2724	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	34
PID 1580 wrote to memory of 2724	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	34
PID 1580 wrote to memory of 2716	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	35
PID 1580 wrote to memory of 2716	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	35
PID 1580 wrote to memory of 2716	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	35
PID 1580 wrote to memory of 2616	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	36
PID 1580 wrote to memory of 2616	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	36
PID 1580 wrote to memory of 2616	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	36
PID 1580 wrote to memory of 2704	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	37
PID 1580 wrote to memory of 2704	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	37
PID 1580 wrote to memory of 2704	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	37
PID 1580 wrote to memory of 2608	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	38
PID 1580 wrote to memory of 2608	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	38
PID 1580 wrote to memory of 2608	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	38
PID 1580 wrote to memory of 2560	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	39
PID 1580 wrote to memory of 2560	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	39
PID 1580 wrote to memory of 2560	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	39
PID 1580 wrote to memory of 3064	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	40
PID 1580 wrote to memory of 3064	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	40
PID 1580 wrote to memory of 3064	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	40
PID 1580 wrote to memory of 2932	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	41
PID 1580 wrote to memory of 2932	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	41
PID 1580 wrote to memory of 2932	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	41
PID 1580 wrote to memory of 1988	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	42
PID 1580 wrote to memory of 1988	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	42
PID 1580 wrote to memory of 1988	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	42
PID 1580 wrote to memory of 2844	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	43
PID 1580 wrote to memory of 2844	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	43
PID 1580 wrote to memory of 2844	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	43
PID 1580 wrote to memory of 2392	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	44
PID 1580 wrote to memory of 2392	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	44
PID 1580 wrote to memory of 2392	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	44
PID 1580 wrote to memory of 2132	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	45
PID 1580 wrote to memory of 2132	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	45
PID 1580 wrote to memory of 2132	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	45
PID 1580 wrote to memory of 832	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	46
PID 1580 wrote to memory of 832	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	46
PID 1580 wrote to memory of 832	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	46
PID 1580 wrote to memory of 2632	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	47
PID 1580 wrote to memory of 2632	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	47
PID 1580 wrote to memory of 2632	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	47
PID 1580 wrote to memory of 332	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	48
PID 1580 wrote to memory of 332	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	48
PID 1580 wrote to memory of 332	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	48
PID 1580 wrote to memory of 800	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	49
PID 1580 wrote to memory of 800	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	49
PID 1580 wrote to memory of 800	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	49
PID 1580 wrote to memory of 524	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	50
PID 1580 wrote to memory of 524	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	50
PID 1580 wrote to memory of 524	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	50
PID 1580 wrote to memory of 2468	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	51
PID 1580 wrote to memory of 2468	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	51
PID 1580 wrote to memory of 2468	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	51
PID 1580 wrote to memory of 2348	1580	JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_85500487e517e758927f5abaa139a06e14ce215453028f17964e79d7be080caf.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\System\YYaWSgD.exe
  C:\Windows\System\YYaWSgD.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\imKTSKL.exe
  C:\Windows\System\imKTSKL.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\fZkjOIZ.exe
  C:\Windows\System\fZkjOIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nKxLUcY.exe
  C:\Windows\System\nKxLUcY.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\etsBznF.exe
  C:\Windows\System\etsBznF.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\xHIoPgB.exe
  C:\Windows\System\xHIoPgB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\LEaVFaK.exe
  C:\Windows\System\LEaVFaK.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\UFVhysj.exe
  C:\Windows\System\UFVhysj.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\iESKPIH.exe
  C:\Windows\System\iESKPIH.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\uZPCBjK.exe
  C:\Windows\System\uZPCBjK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\QcTVMYk.exe
  C:\Windows\System\QcTVMYk.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\iwbxjqp.exe
  C:\Windows\System\iwbxjqp.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\StbQdVm.exe
  C:\Windows\System\StbQdVm.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uiQcKOP.exe
  C:\Windows\System\uiQcKOP.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\fVfbocc.exe
  C:\Windows\System\fVfbocc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\nlhUgUf.exe
  C:\Windows\System\nlhUgUf.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\jPPDsdp.exe
  C:\Windows\System\jPPDsdp.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\tfcDkel.exe
  C:\Windows\System\tfcDkel.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\wOdjgij.exe
  C:\Windows\System\wOdjgij.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\duLzuRM.exe
  C:\Windows\System\duLzuRM.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\hUYDvyw.exe
  C:\Windows\System\hUYDvyw.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ecearvN.exe
  C:\Windows\System\ecearvN.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\SaOPPfH.exe
  C:\Windows\System\SaOPPfH.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\EvbsuYE.exe
  C:\Windows\System\EvbsuYE.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\KVqkPCT.exe
  C:\Windows\System\KVqkPCT.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\EIrbuqU.exe
  C:\Windows\System\EIrbuqU.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\HMigSVi.exe
  C:\Windows\System\HMigSVi.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\dtViObg.exe
  C:\Windows\System\dtViObg.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\FAbiXvP.exe
  C:\Windows\System\FAbiXvP.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\HYYMGqg.exe
  C:\Windows\System\HYYMGqg.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\kbOLwqu.exe
  C:\Windows\System\kbOLwqu.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\NihGEPs.exe
  C:\Windows\System\NihGEPs.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ssFGvWY.exe
  C:\Windows\System\ssFGvWY.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\NjzeVCj.exe
  C:\Windows\System\NjzeVCj.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\RuBzUYn.exe
  C:\Windows\System\RuBzUYn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\AaYfwtE.exe
  C:\Windows\System\AaYfwtE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\cqRLMzy.exe
  C:\Windows\System\cqRLMzy.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\bSIZERE.exe
  C:\Windows\System\bSIZERE.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\QPuujqO.exe
  C:\Windows\System\QPuujqO.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\hSNjBeE.exe
  C:\Windows\System\hSNjBeE.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\OcUYIGp.exe
  C:\Windows\System\OcUYIGp.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\hERVIWw.exe
  C:\Windows\System\hERVIWw.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\dIJSJTz.exe
  C:\Windows\System\dIJSJTz.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\xjtgyrf.exe
  C:\Windows\System\xjtgyrf.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\XjFGwyR.exe
  C:\Windows\System\XjFGwyR.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\RotCynh.exe
  C:\Windows\System\RotCynh.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BKocWbD.exe
  C:\Windows\System\BKocWbD.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\oeUEGqu.exe
  C:\Windows\System\oeUEGqu.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\dCRIyHu.exe
  C:\Windows\System\dCRIyHu.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\EgpaDDC.exe
  C:\Windows\System\EgpaDDC.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\dcTjDtK.exe
  C:\Windows\System\dcTjDtK.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\aaKllrm.exe
  C:\Windows\System\aaKllrm.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\aAulZKv.exe
  C:\Windows\System\aAulZKv.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\KqmnOTM.exe
  C:\Windows\System\KqmnOTM.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\YklVOTN.exe
  C:\Windows\System\YklVOTN.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\HgwOMjt.exe
  C:\Windows\System\HgwOMjt.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ViIFPbi.exe
  C:\Windows\System\ViIFPbi.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JpGYBxj.exe
  C:\Windows\System\JpGYBxj.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\SvIXLch.exe
  C:\Windows\System\SvIXLch.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\TKHlnqi.exe
  C:\Windows\System\TKHlnqi.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\wGKPmtv.exe
  C:\Windows\System\wGKPmtv.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\wmvoZbN.exe
  C:\Windows\System\wmvoZbN.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\mrkpTdS.exe
  C:\Windows\System\mrkpTdS.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\hjNmWJl.exe
  C:\Windows\System\hjNmWJl.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\qGUojIu.exe
  C:\Windows\System\qGUojIu.exe
  2⤵
  PID:2336
- C:\Windows\System\GiZiwtR.exe
  C:\Windows\System\GiZiwtR.exe
  2⤵
  PID:1384
- C:\Windows\System\nwPUvsC.exe
  C:\Windows\System\nwPUvsC.exe
  2⤵
  PID:2152
- C:\Windows\System\YYHCgSS.exe
  C:\Windows\System\YYHCgSS.exe
  2⤵
  PID:2092
- C:\Windows\System\AuJCEaM.exe
  C:\Windows\System\AuJCEaM.exe
  2⤵
  PID:2476
- C:\Windows\System\srFwdyx.exe
  C:\Windows\System\srFwdyx.exe
  2⤵
  PID:1712
- C:\Windows\System\LeqsteS.exe
  C:\Windows\System\LeqsteS.exe
  2⤵
  PID:828
- C:\Windows\System\JOBkhhk.exe
  C:\Windows\System\JOBkhhk.exe
  2⤵
  PID:1908
- C:\Windows\System\ZnbGCSJ.exe
  C:\Windows\System\ZnbGCSJ.exe
  2⤵
  PID:1716
- C:\Windows\System\NAdqMWh.exe
  C:\Windows\System\NAdqMWh.exe
  2⤵
  PID:1148
- C:\Windows\System\dVPWIIa.exe
  C:\Windows\System\dVPWIIa.exe
  2⤵
  PID:620
- C:\Windows\System\dMKFIzF.exe
  C:\Windows\System\dMKFIzF.exe
  2⤵
  PID:2524
- C:\Windows\System\IrhYcOF.exe
  C:\Windows\System\IrhYcOF.exe
  2⤵
  PID:2364
- C:\Windows\System\MKYoiJa.exe
  C:\Windows\System\MKYoiJa.exe
  2⤵
  PID:1008
- C:\Windows\System\BrIKqNB.exe
  C:\Windows\System\BrIKqNB.exe
  2⤵
  PID:584
- C:\Windows\System\WaYqULL.exe
  C:\Windows\System\WaYqULL.exe
  2⤵
  PID:3032
- C:\Windows\System\RMidhHy.exe
  C:\Windows\System\RMidhHy.exe
  2⤵
  PID:1480
- C:\Windows\System\BEpYHOz.exe
  C:\Windows\System\BEpYHOz.exe
  2⤵
  PID:2260
- C:\Windows\System\LtffxRc.exe
  C:\Windows\System\LtffxRc.exe
  2⤵
  PID:2444
- C:\Windows\System\EKgDdHP.exe
  C:\Windows\System\EKgDdHP.exe
  2⤵
  PID:2752
- C:\Windows\System\TaatwUM.exe
  C:\Windows\System\TaatwUM.exe
  2⤵
  PID:2884
- C:\Windows\System\EUVCunL.exe
  C:\Windows\System\EUVCunL.exe
  2⤵
  PID:2828
- C:\Windows\System\ulVfxaZ.exe
  C:\Windows\System\ulVfxaZ.exe
  2⤵
  PID:3060
- C:\Windows\System\OiVKzeP.exe
  C:\Windows\System\OiVKzeP.exe
  2⤵
  PID:2836
- C:\Windows\System\CtCFEYJ.exe
  C:\Windows\System\CtCFEYJ.exe
  2⤵
  PID:1572
- C:\Windows\System\pZRiPPe.exe
  C:\Windows\System\pZRiPPe.exe
  2⤵
  PID:3020
- C:\Windows\System\acswcTn.exe
  C:\Windows\System\acswcTn.exe
  2⤵
  PID:1760
- C:\Windows\System\dumnxKP.exe
  C:\Windows\System\dumnxKP.exe
  2⤵
  PID:2400
- C:\Windows\System\gDLAXkl.exe
  C:\Windows\System\gDLAXkl.exe
  2⤵
  PID:2440
- C:\Windows\System\DRWZwYS.exe
  C:\Windows\System\DRWZwYS.exe
  2⤵
  PID:964
- C:\Windows\System\ncmGykV.exe
  C:\Windows\System\ncmGykV.exe
  2⤵
  PID:1920
- C:\Windows\System\kQReIiJ.exe
  C:\Windows\System\kQReIiJ.exe
  2⤵
  PID:1624
- C:\Windows\System\MGweqsw.exe
  C:\Windows\System\MGweqsw.exe
  2⤵
  PID:1228
- C:\Windows\System\QxLLjhp.exe
  C:\Windows\System\QxLLjhp.exe
  2⤵
  PID:848
- C:\Windows\System\pPuyqUK.exe
  C:\Windows\System\pPuyqUK.exe
  2⤵
  PID:2060
- C:\Windows\System\baCMwhx.exe
  C:\Windows\System\baCMwhx.exe
  2⤵
  PID:2012
- C:\Windows\System\kuqoPba.exe
  C:\Windows\System\kuqoPba.exe
  2⤵
  PID:1692
- C:\Windows\System\srKWBUP.exe
  C:\Windows\System\srKWBUP.exe
  2⤵
  PID:2976
- C:\Windows\System\PotpNdN.exe
  C:\Windows\System\PotpNdN.exe
  2⤵
  PID:2888
- C:\Windows\System\qlPBUWz.exe
  C:\Windows\System\qlPBUWz.exe
  2⤵
  PID:1784
- C:\Windows\System\BiADhpj.exe
  C:\Windows\System\BiADhpj.exe
  2⤵
  PID:2184
- C:\Windows\System\SSclBbA.exe
  C:\Windows\System\SSclBbA.exe
  2⤵
  PID:1732
- C:\Windows\System\QdJHHEG.exe
  C:\Windows\System\QdJHHEG.exe
  2⤵
  PID:1828
- C:\Windows\System\QKWgYvj.exe
  C:\Windows\System\QKWgYvj.exe
  2⤵
  PID:1056
- C:\Windows\System\NDpAvCP.exe
  C:\Windows\System\NDpAvCP.exe
  2⤵
  PID:3028
- C:\Windows\System\MwXqPqY.exe
  C:\Windows\System\MwXqPqY.exe
  2⤵
  PID:1608
- C:\Windows\System\uJrZvpu.exe
  C:\Windows\System\uJrZvpu.exe
  2⤵
  PID:3076
- C:\Windows\System\xTzSEin.exe
  C:\Windows\System\xTzSEin.exe
  2⤵
  PID:3096
- C:\Windows\System\moybyXE.exe
  C:\Windows\System\moybyXE.exe
  2⤵
  PID:3116
- C:\Windows\System\YArWRmr.exe
  C:\Windows\System\YArWRmr.exe
  2⤵
  PID:3136
- C:\Windows\System\LdvDoTm.exe
  C:\Windows\System\LdvDoTm.exe
  2⤵
  PID:3156
- C:\Windows\System\fjYLTTL.exe
  C:\Windows\System\fjYLTTL.exe
  2⤵
  PID:3176
- C:\Windows\System\SFQHwaU.exe
  C:\Windows\System\SFQHwaU.exe
  2⤵
  PID:3196
- C:\Windows\System\fzehERg.exe
  C:\Windows\System\fzehERg.exe
  2⤵
  PID:3216
- C:\Windows\System\xpLYpaT.exe
  C:\Windows\System\xpLYpaT.exe
  2⤵
  PID:3236
- C:\Windows\System\EgjXJoT.exe
  C:\Windows\System\EgjXJoT.exe
  2⤵
  PID:3256
- C:\Windows\System\FRPSZtz.exe
  C:\Windows\System\FRPSZtz.exe
  2⤵
  PID:3276
- C:\Windows\System\DukkcDa.exe
  C:\Windows\System\DukkcDa.exe
  2⤵
  PID:3296
- C:\Windows\System\eDbLnvs.exe
  C:\Windows\System\eDbLnvs.exe
  2⤵
  PID:3316
- C:\Windows\System\rJfdvBZ.exe
  C:\Windows\System\rJfdvBZ.exe
  2⤵
  PID:3336
- C:\Windows\System\akLAmhP.exe
  C:\Windows\System\akLAmhP.exe
  2⤵
  PID:3356
- C:\Windows\System\AislsdP.exe
  C:\Windows\System\AislsdP.exe
  2⤵
  PID:3376
- C:\Windows\System\rpQFUVa.exe
  C:\Windows\System\rpQFUVa.exe
  2⤵
  PID:3396
- C:\Windows\System\NRZWlpD.exe
  C:\Windows\System\NRZWlpD.exe
  2⤵
  PID:3416
- C:\Windows\System\dxwyesM.exe
  C:\Windows\System\dxwyesM.exe
  2⤵
  PID:3436
- C:\Windows\System\BFjKqzO.exe
  C:\Windows\System\BFjKqzO.exe
  2⤵
  PID:3456
- C:\Windows\System\fDNFlvY.exe
  C:\Windows\System\fDNFlvY.exe
  2⤵
  PID:3476
- C:\Windows\System\RJWInlx.exe
  C:\Windows\System\RJWInlx.exe
  2⤵
  PID:3496
- C:\Windows\System\GuarNeE.exe
  C:\Windows\System\GuarNeE.exe
  2⤵
  PID:3516
- C:\Windows\System\zRgvBAV.exe
  C:\Windows\System\zRgvBAV.exe
  2⤵
  PID:3536
- C:\Windows\System\LLgjINh.exe
  C:\Windows\System\LLgjINh.exe
  2⤵
  PID:3556
- C:\Windows\System\cfJthVi.exe
  C:\Windows\System\cfJthVi.exe
  2⤵
  PID:3576
- C:\Windows\System\hRmQUdL.exe
  C:\Windows\System\hRmQUdL.exe
  2⤵
  PID:3596
- C:\Windows\System\bqwzTsK.exe
  C:\Windows\System\bqwzTsK.exe
  2⤵
  PID:3616
- C:\Windows\System\RSrEFmK.exe
  C:\Windows\System\RSrEFmK.exe
  2⤵
  PID:3636
- C:\Windows\System\sSGkTcF.exe
  C:\Windows\System\sSGkTcF.exe
  2⤵
  PID:3656
- C:\Windows\System\ZciZHlv.exe
  C:\Windows\System\ZciZHlv.exe
  2⤵
  PID:3676
- C:\Windows\System\fFZYNhx.exe
  C:\Windows\System\fFZYNhx.exe
  2⤵
  PID:3696
- C:\Windows\System\EzQRGdS.exe
  C:\Windows\System\EzQRGdS.exe
  2⤵
  PID:3716
- C:\Windows\System\NzrthBJ.exe
  C:\Windows\System\NzrthBJ.exe
  2⤵
  PID:3736
- C:\Windows\System\UIgSQZi.exe
  C:\Windows\System\UIgSQZi.exe
  2⤵
  PID:3756
- C:\Windows\System\lGJTeAW.exe
  C:\Windows\System\lGJTeAW.exe
  2⤵
  PID:3776
- C:\Windows\System\toCdWXj.exe
  C:\Windows\System\toCdWXj.exe
  2⤵
  PID:3796
- C:\Windows\System\bMiHjKh.exe
  C:\Windows\System\bMiHjKh.exe
  2⤵
  PID:3816
- C:\Windows\System\kHwQKce.exe
  C:\Windows\System\kHwQKce.exe
  2⤵
  PID:3836
- C:\Windows\System\HWhEPzN.exe
  C:\Windows\System\HWhEPzN.exe
  2⤵
  PID:3856
- C:\Windows\System\MFmypdj.exe
  C:\Windows\System\MFmypdj.exe
  2⤵
  PID:3876
- C:\Windows\System\KcztAmY.exe
  C:\Windows\System\KcztAmY.exe
  2⤵
  PID:3892
- C:\Windows\System\LeMwsye.exe
  C:\Windows\System\LeMwsye.exe
  2⤵
  PID:3916
- C:\Windows\System\MnqipKy.exe
  C:\Windows\System\MnqipKy.exe
  2⤵
  PID:3936
- C:\Windows\System\bUzZzzf.exe
  C:\Windows\System\bUzZzzf.exe
  2⤵
  PID:3956
- C:\Windows\System\VcVHmWp.exe
  C:\Windows\System\VcVHmWp.exe
  2⤵
  PID:3980
- C:\Windows\System\uHyXvwp.exe
  C:\Windows\System\uHyXvwp.exe
  2⤵
  PID:4000
- C:\Windows\System\ngWuEnz.exe
  C:\Windows\System\ngWuEnz.exe
  2⤵
  PID:4020
- C:\Windows\System\OoKMOfk.exe
  C:\Windows\System\OoKMOfk.exe
  2⤵
  PID:4040
- C:\Windows\System\WqJmNHY.exe
  C:\Windows\System\WqJmNHY.exe
  2⤵
  PID:4060
- C:\Windows\System\aPckwql.exe
  C:\Windows\System\aPckwql.exe
  2⤵
  PID:4080
- C:\Windows\System\iTENtJs.exe
  C:\Windows\System\iTENtJs.exe
  2⤵
  PID:1696
- C:\Windows\System\snWKsSD.exe
  C:\Windows\System\snWKsSD.exe
  2⤵
  PID:108
- C:\Windows\System\SreMSdd.exe
  C:\Windows\System\SreMSdd.exe
  2⤵
  PID:396
- C:\Windows\System\yzTreIj.exe
  C:\Windows\System\yzTreIj.exe
  2⤵
  PID:2604
- C:\Windows\System\FGWXtkw.exe
  C:\Windows\System\FGWXtkw.exe
  2⤵
  PID:1808
- C:\Windows\System\InqnxZk.exe
  C:\Windows\System\InqnxZk.exe
  2⤵
  PID:1276
- C:\Windows\System\RTlUkpg.exe
  C:\Windows\System\RTlUkpg.exe
  2⤵
  PID:1852
- C:\Windows\System\BqyiMzJ.exe
  C:\Windows\System\BqyiMzJ.exe
  2⤵
  PID:2064
- C:\Windows\System\tYqajqa.exe
  C:\Windows\System\tYqajqa.exe
  2⤵
  PID:3108
- C:\Windows\System\xqIySbb.exe
  C:\Windows\System\xqIySbb.exe
  2⤵
  PID:3148
- C:\Windows\System\LPBqBMP.exe
  C:\Windows\System\LPBqBMP.exe
  2⤵
  PID:3172
- C:\Windows\System\RzAAHcn.exe
  C:\Windows\System\RzAAHcn.exe
  2⤵
  PID:3204
- C:\Windows\System\LqwxLKH.exe
  C:\Windows\System\LqwxLKH.exe
  2⤵
  PID:3244
- C:\Windows\System\zxjNWop.exe
  C:\Windows\System\zxjNWop.exe
  2⤵
  PID:3272
- C:\Windows\System\FomGDoN.exe
  C:\Windows\System\FomGDoN.exe
  2⤵
  PID:3288
- C:\Windows\System\goYeIPH.exe
  C:\Windows\System\goYeIPH.exe
  2⤵
  PID:3324
- C:\Windows\System\TreXBrA.exe
  C:\Windows\System\TreXBrA.exe
  2⤵
  PID:3392
- C:\Windows\System\wKfvCgH.exe
  C:\Windows\System\wKfvCgH.exe
  2⤵
  PID:3424
- C:\Windows\System\sqDAwrn.exe
  C:\Windows\System\sqDAwrn.exe
  2⤵
  PID:3428
- C:\Windows\System\ojGrQzX.exe
  C:\Windows\System\ojGrQzX.exe
  2⤵
  PID:3504
- C:\Windows\System\RFfNoLY.exe
  C:\Windows\System\RFfNoLY.exe
  2⤵
  PID:3508
- C:\Windows\System\zRajHRt.exe
  C:\Windows\System\zRajHRt.exe
  2⤵
  PID:3544
- C:\Windows\System\wpLMnoK.exe
  C:\Windows\System\wpLMnoK.exe
  2⤵
  PID:3548
- C:\Windows\System\fpsJmbc.exe
  C:\Windows\System\fpsJmbc.exe
  2⤵
  PID:3592
- C:\Windows\System\oINUELP.exe
  C:\Windows\System\oINUELP.exe
  2⤵
  PID:3632
- C:\Windows\System\JXBBkzE.exe
  C:\Windows\System\JXBBkzE.exe
  2⤵
  PID:3668
- C:\Windows\System\kqspuxT.exe
  C:\Windows\System\kqspuxT.exe
  2⤵
  PID:3684
- C:\Windows\System\PekeuQK.exe
  C:\Windows\System\PekeuQK.exe
  2⤵
  PID:3732
- C:\Windows\System\QkHpSso.exe
  C:\Windows\System\QkHpSso.exe
  2⤵
  PID:3748
- C:\Windows\System\EFBJAiH.exe
  C:\Windows\System\EFBJAiH.exe
  2⤵
  PID:3788
- C:\Windows\System\tbVOojG.exe
  C:\Windows\System\tbVOojG.exe
  2⤵
  PID:3828
- C:\Windows\System\VzdWnom.exe
  C:\Windows\System\VzdWnom.exe
  2⤵
  PID:2112
- C:\Windows\System\qxJbMnQ.exe
  C:\Windows\System\qxJbMnQ.exe
  2⤵
  PID:3900
- C:\Windows\System\kNjAYIU.exe
  C:\Windows\System\kNjAYIU.exe
  2⤵
  PID:3884
- C:\Windows\System\WETSRzn.exe
  C:\Windows\System\WETSRzn.exe
  2⤵
  PID:3928
- C:\Windows\System\eXrKHZP.exe
  C:\Windows\System\eXrKHZP.exe
  2⤵
  PID:3992
- C:\Windows\System\bqUhlCF.exe
  C:\Windows\System\bqUhlCF.exe
  2⤵
  PID:4028
- C:\Windows\System\LFkNtlM.exe
  C:\Windows\System\LFkNtlM.exe
  2⤵
  PID:4048
- C:\Windows\System\fbsKyny.exe
  C:\Windows\System\fbsKyny.exe
  2⤵
  PID:1568
- C:\Windows\System\mwzakUV.exe
  C:\Windows\System\mwzakUV.exe
  2⤵
  PID:4092
- C:\Windows\System\vNpcXYQ.exe
  C:\Windows\System\vNpcXYQ.exe
  2⤵
  PID:2960
- C:\Windows\System\UvWvnXn.exe
  C:\Windows\System\UvWvnXn.exe
  2⤵
  PID:2192
- C:\Windows\System\cmPaBoI.exe
  C:\Windows\System\cmPaBoI.exe
  2⤵
  PID:1504
- C:\Windows\System\IaDAzuB.exe
  C:\Windows\System\IaDAzuB.exe
  2⤵
  PID:3144
- C:\Windows\System\bCgbiBP.exe
  C:\Windows\System\bCgbiBP.exe
  2⤵
  PID:3188
- C:\Windows\System\cElSIWC.exe
  C:\Windows\System\cElSIWC.exe
  2⤵
  PID:3208
- C:\Windows\System\BQGdrcw.exe
  C:\Windows\System\BQGdrcw.exe
  2⤵
  PID:3264
- C:\Windows\System\gRyuuLG.exe
  C:\Windows\System\gRyuuLG.exe
  2⤵
  PID:3352
- C:\Windows\System\XoJGWgq.exe
  C:\Windows\System\XoJGWgq.exe
  2⤵
  PID:3348
- C:\Windows\System\pqgEoSn.exe
  C:\Windows\System\pqgEoSn.exe
  2⤵
  PID:3432
- C:\Windows\System\aBSurwr.exe
  C:\Windows\System\aBSurwr.exe
  2⤵
  PID:3452
- C:\Windows\System\YpaoIKu.exe
  C:\Windows\System\YpaoIKu.exe
  2⤵
  PID:2532
- C:\Windows\System\jyvqbPC.exe
  C:\Windows\System\jyvqbPC.exe
  2⤵
  PID:3528
- C:\Windows\System\eYUQlMx.exe
  C:\Windows\System\eYUQlMx.exe
  2⤵
  PID:3608
- C:\Windows\System\pbQVJFq.exe
  C:\Windows\System\pbQVJFq.exe
  2⤵
  PID:3708
- C:\Windows\System\Qenzqwa.exe
  C:\Windows\System\Qenzqwa.exe
  2⤵
  PID:3792
- C:\Windows\System\mMHzXfQ.exe
  C:\Windows\System\mMHzXfQ.exe
  2⤵
  PID:3752
- C:\Windows\System\TUNrPdL.exe
  C:\Windows\System\TUNrPdL.exe
  2⤵
  PID:3912
- C:\Windows\System\iIByCuj.exe
  C:\Windows\System\iIByCuj.exe
  2⤵
  PID:3868
- C:\Windows\System\CztosKu.exe
  C:\Windows\System\CztosKu.exe
  2⤵
  PID:3988
- C:\Windows\System\XqvVjqA.exe
  C:\Windows\System\XqvVjqA.exe
  2⤵
  PID:4032
- C:\Windows\System\NJRNqqf.exe
  C:\Windows\System\NJRNqqf.exe
  2⤵
  PID:3968
- C:\Windows\System\mMgDaqR.exe
  C:\Windows\System\mMgDaqR.exe
  2⤵
  PID:1404
- C:\Windows\System\XeGiJAt.exe
  C:\Windows\System\XeGiJAt.exe
  2⤵
  PID:2852
- C:\Windows\System\OsMtoMt.exe
  C:\Windows\System\OsMtoMt.exe
  2⤵
  PID:3024
- C:\Windows\System\ZEaDzaC.exe
  C:\Windows\System\ZEaDzaC.exe
  2⤵
  PID:3164
- C:\Windows\System\WrYerix.exe
  C:\Windows\System\WrYerix.exe
  2⤵
  PID:3464
- C:\Windows\System\obDWTUG.exe
  C:\Windows\System\obDWTUG.exe
  2⤵
  PID:3112
- C:\Windows\System\rUXSEIO.exe
  C:\Windows\System\rUXSEIO.exe
  2⤵
  PID:3512
- C:\Windows\System\RQZAodb.exe
  C:\Windows\System\RQZAodb.exe
  2⤵
  PID:2764
- C:\Windows\System\KyGMhmn.exe
  C:\Windows\System\KyGMhmn.exe
  2⤵
  PID:3408
- C:\Windows\System\ypKnGWH.exe
  C:\Windows\System\ypKnGWH.exe
  2⤵
  PID:2732
- C:\Windows\System\eTHhtKs.exe
  C:\Windows\System\eTHhtKs.exe
  2⤵
  PID:2204
- C:\Windows\System\VHrlyBp.exe
  C:\Windows\System\VHrlyBp.exe
  2⤵
  PID:3724
- C:\Windows\System\nuFAphK.exe
  C:\Windows\System\nuFAphK.exe
  2⤵
  PID:3952
- C:\Windows\System\IvipXsJ.exe
  C:\Windows\System\IvipXsJ.exe
  2⤵
  PID:4012
- C:\Windows\System\XKZMNyF.exe
  C:\Windows\System\XKZMNyF.exe
  2⤵
  PID:4072
- C:\Windows\System\ZwpUgHP.exe
  C:\Windows\System\ZwpUgHP.exe
  2⤵
  PID:4108
- C:\Windows\System\DBwiHxd.exe
  C:\Windows\System\DBwiHxd.exe
  2⤵
  PID:4124
- C:\Windows\System\GWbzSnY.exe
  C:\Windows\System\GWbzSnY.exe
  2⤵
  PID:4148
- C:\Windows\System\kjgcJLQ.exe
  C:\Windows\System\kjgcJLQ.exe
  2⤵
  PID:4168
- C:\Windows\System\UCzMAyL.exe
  C:\Windows\System\UCzMAyL.exe
  2⤵
  PID:4188
- C:\Windows\System\CIcdMsD.exe
  C:\Windows\System\CIcdMsD.exe
  2⤵
  PID:4208
- C:\Windows\System\RxfPcOQ.exe
  C:\Windows\System\RxfPcOQ.exe
  2⤵
  PID:4228
- C:\Windows\System\jSKkfFf.exe
  C:\Windows\System\jSKkfFf.exe
  2⤵
  PID:4248
- C:\Windows\System\BHvhjcW.exe
  C:\Windows\System\BHvhjcW.exe
  2⤵
  PID:4268
- C:\Windows\System\iCWvBtr.exe
  C:\Windows\System\iCWvBtr.exe
  2⤵
  PID:4284
- C:\Windows\System\kcaDllZ.exe
  C:\Windows\System\kcaDllZ.exe
  2⤵
  PID:4308
- C:\Windows\System\nlRuQmd.exe
  C:\Windows\System\nlRuQmd.exe
  2⤵
  PID:4328
- C:\Windows\System\OHXcOCd.exe
  C:\Windows\System\OHXcOCd.exe
  2⤵
  PID:4348
- C:\Windows\System\tCXMTRd.exe
  C:\Windows\System\tCXMTRd.exe
  2⤵
  PID:4368
- C:\Windows\System\esABoNC.exe
  C:\Windows\System\esABoNC.exe
  2⤵
  PID:4388
- C:\Windows\System\lxDImDN.exe
  C:\Windows\System\lxDImDN.exe
  2⤵
  PID:4408
- C:\Windows\System\CHlonjj.exe
  C:\Windows\System\CHlonjj.exe
  2⤵
  PID:4428
- C:\Windows\System\WdUksns.exe
  C:\Windows\System\WdUksns.exe
  2⤵
  PID:4448
- C:\Windows\System\FjkNbFk.exe
  C:\Windows\System\FjkNbFk.exe
  2⤵
  PID:4472
- C:\Windows\System\OBXljdk.exe
  C:\Windows\System\OBXljdk.exe
  2⤵
  PID:4492
- C:\Windows\System\tkdEXnu.exe
  C:\Windows\System\tkdEXnu.exe
  2⤵
  PID:4512
- C:\Windows\System\QlBaJqV.exe
  C:\Windows\System\QlBaJqV.exe
  2⤵
  PID:4532
- C:\Windows\System\QwzSlqv.exe
  C:\Windows\System\QwzSlqv.exe
  2⤵
  PID:4552
- C:\Windows\System\LgzuKgU.exe
  C:\Windows\System\LgzuKgU.exe
  2⤵
  PID:4568
- C:\Windows\System\BFxxVRi.exe
  C:\Windows\System\BFxxVRi.exe
  2⤵
  PID:4592
- C:\Windows\System\wcrJjbP.exe
  C:\Windows\System\wcrJjbP.exe
  2⤵
  PID:4612
- C:\Windows\System\TdygPDO.exe
  C:\Windows\System\TdygPDO.exe
  2⤵
  PID:4632
- C:\Windows\System\aTDDYuE.exe
  C:\Windows\System\aTDDYuE.exe
  2⤵
  PID:4652
- C:\Windows\System\hYJjZpO.exe
  C:\Windows\System\hYJjZpO.exe
  2⤵
  PID:4672
- C:\Windows\System\ZMjAmFn.exe
  C:\Windows\System\ZMjAmFn.exe
  2⤵
  PID:4688
- C:\Windows\System\OInTDOu.exe
  C:\Windows\System\OInTDOu.exe
  2⤵
  PID:4712
- C:\Windows\System\XxgcGEx.exe
  C:\Windows\System\XxgcGEx.exe
  2⤵
  PID:4728
- C:\Windows\System\MMECRja.exe
  C:\Windows\System\MMECRja.exe
  2⤵
  PID:4752
- C:\Windows\System\JpIapGp.exe
  C:\Windows\System\JpIapGp.exe
  2⤵
  PID:4768
- C:\Windows\System\wcjxLSW.exe
  C:\Windows\System\wcjxLSW.exe
  2⤵
  PID:4792
- C:\Windows\System\vidqCXd.exe
  C:\Windows\System\vidqCXd.exe
  2⤵
  PID:4812
- C:\Windows\System\hJRgWwF.exe
  C:\Windows\System\hJRgWwF.exe
  2⤵
  PID:4832
- C:\Windows\System\PPMJyXR.exe
  C:\Windows\System\PPMJyXR.exe
  2⤵
  PID:4848
- C:\Windows\System\mXfNSOs.exe
  C:\Windows\System\mXfNSOs.exe
  2⤵
  PID:4872
- C:\Windows\System\AszLFLf.exe
  C:\Windows\System\AszLFLf.exe
  2⤵
  PID:4888
- C:\Windows\System\cljeeLC.exe
  C:\Windows\System\cljeeLC.exe
  2⤵
  PID:4912
- C:\Windows\System\biZWIpK.exe
  C:\Windows\System\biZWIpK.exe
  2⤵
  PID:4932
- C:\Windows\System\PUgJrOj.exe
  C:\Windows\System\PUgJrOj.exe
  2⤵
  PID:4956
- C:\Windows\System\nWLRBff.exe
  C:\Windows\System\nWLRBff.exe
  2⤵
  PID:4976
- C:\Windows\System\apzLvBu.exe
  C:\Windows\System\apzLvBu.exe
  2⤵
  PID:4996
- C:\Windows\System\oHWxsul.exe
  C:\Windows\System\oHWxsul.exe
  2⤵
  PID:5016
- C:\Windows\System\lTPhiRN.exe
  C:\Windows\System\lTPhiRN.exe
  2⤵
  PID:5036
- C:\Windows\System\ZBKcQkt.exe
  C:\Windows\System\ZBKcQkt.exe
  2⤵
  PID:5052
- C:\Windows\System\ysJBjZM.exe
  C:\Windows\System\ysJBjZM.exe
  2⤵
  PID:5076
- C:\Windows\System\JaXGofz.exe
  C:\Windows\System\JaXGofz.exe
  2⤵
  PID:5096
- C:\Windows\System\KzCjhmg.exe
  C:\Windows\System\KzCjhmg.exe
  2⤵
  PID:5116
- C:\Windows\System\eKXuPRQ.exe
  C:\Windows\System\eKXuPRQ.exe
  2⤵
  PID:1072
- C:\Windows\System\FZVtrYv.exe
  C:\Windows\System\FZVtrYv.exe
  2⤵
  PID:3372
- C:\Windows\System\mdXsXjh.exe
  C:\Windows\System\mdXsXjh.exe
  2⤵
  PID:3644
- C:\Windows\System\TkPXDaD.exe
  C:\Windows\System\TkPXDaD.exe
  2⤵
  PID:3228
- C:\Windows\System\KbuRJwr.exe
  C:\Windows\System\KbuRJwr.exe
  2⤵
  PID:3568
- C:\Windows\System\nopNqdZ.exe
  C:\Windows\System\nopNqdZ.exe
  2⤵
  PID:3664
- C:\Windows\System\ipHOrZz.exe
  C:\Windows\System\ipHOrZz.exe
  2⤵
  PID:3848
- C:\Windows\System\rdrgeRE.exe
  C:\Windows\System\rdrgeRE.exe
  2⤵
  PID:3964
- C:\Windows\System\XihAsVp.exe
  C:\Windows\System\XihAsVp.exe
  2⤵
  PID:4144
- C:\Windows\System\PliSmgJ.exe
  C:\Windows\System\PliSmgJ.exe
  2⤵
  PID:4116
- C:\Windows\System\IHkpLed.exe
  C:\Windows\System\IHkpLed.exe
  2⤵
  PID:4164
- C:\Windows\System\dzcHsvs.exe
  C:\Windows\System\dzcHsvs.exe
  2⤵
  PID:4216
- C:\Windows\System\bgxtvtz.exe
  C:\Windows\System\bgxtvtz.exe
  2⤵
  PID:4200
- C:\Windows\System\gdFKYip.exe
  C:\Windows\System\gdFKYip.exe
  2⤵
  PID:4292
- C:\Windows\System\ouiEvXf.exe
  C:\Windows\System\ouiEvXf.exe
  2⤵
  PID:4280
- C:\Windows\System\QTpgmPi.exe
  C:\Windows\System\QTpgmPi.exe
  2⤵
  PID:4320
- C:\Windows\System\gjZfJgh.exe
  C:\Windows\System\gjZfJgh.exe
  2⤵
  PID:4376
- C:\Windows\System\XUCfafD.exe
  C:\Windows\System\XUCfafD.exe
  2⤵
  PID:4396
- C:\Windows\System\kzPhOxS.exe
  C:\Windows\System\kzPhOxS.exe
  2⤵
  PID:4400
- C:\Windows\System\wPwRxXi.exe
  C:\Windows\System\wPwRxXi.exe
  2⤵
  PID:4508
- C:\Windows\System\SxCTNjm.exe
  C:\Windows\System\SxCTNjm.exe
  2⤵
  PID:4440
- C:\Windows\System\kXdmerv.exe
  C:\Windows\System\kXdmerv.exe
  2⤵
  PID:4540
- C:\Windows\System\DXcGzBK.exe
  C:\Windows\System\DXcGzBK.exe
  2⤵
  PID:4588
- C:\Windows\System\fVRpPnh.exe
  C:\Windows\System\fVRpPnh.exe
  2⤵
  PID:4564
- C:\Windows\System\pLxdVCR.exe
  C:\Windows\System\pLxdVCR.exe
  2⤵
  PID:2916
- C:\Windows\System\CcYUBTZ.exe
  C:\Windows\System\CcYUBTZ.exe
  2⤵
  PID:4660
- C:\Windows\System\nkrKbBj.exe
  C:\Windows\System\nkrKbBj.exe
  2⤵
  PID:4708
- C:\Windows\System\MykNGcH.exe
  C:\Windows\System\MykNGcH.exe
  2⤵
  PID:4736
- C:\Windows\System\jzNmdyy.exe
  C:\Windows\System\jzNmdyy.exe
  2⤵
  PID:4720
- C:\Windows\System\JsuFEEj.exe
  C:\Windows\System\JsuFEEj.exe
  2⤵
  PID:4764
- C:\Windows\System\LPfLMpf.exe
  C:\Windows\System\LPfLMpf.exe
  2⤵
  PID:4800
- C:\Windows\System\GttouVZ.exe
  C:\Windows\System\GttouVZ.exe
  2⤵
  PID:2588
- C:\Windows\System\BRVEvlW.exe
  C:\Windows\System\BRVEvlW.exe
  2⤵
  PID:4904
- C:\Windows\System\kjycOYF.exe
  C:\Windows\System\kjycOYF.exe
  2⤵
  PID:4844
- C:\Windows\System\jkJFgNK.exe
  C:\Windows\System\jkJFgNK.exe
  2⤵
  PID:4940
- C:\Windows\System\hFvfxlI.exe
  C:\Windows\System\hFvfxlI.exe
  2⤵
  PID:4924
- C:\Windows\System\otCTTiL.exe
  C:\Windows\System\otCTTiL.exe
  2⤵
  PID:5028
- C:\Windows\System\zQIZElE.exe
  C:\Windows\System\zQIZElE.exe
  2⤵
  PID:5060
- C:\Windows\System\LFttlla.exe
  C:\Windows\System\LFttlla.exe
  2⤵
  PID:5072
- C:\Windows\System\oFWIxKL.exe
  C:\Windows\System\oFWIxKL.exe
  2⤵
  PID:5112
- C:\Windows\System\MGsQFeZ.exe
  C:\Windows\System\MGsQFeZ.exe
  2⤵
  PID:5092
- C:\Windows\System\kJflTyX.exe
  C:\Windows\System\kJflTyX.exe
  2⤵
  PID:2988
- C:\Windows\System\WQspySu.exe
  C:\Windows\System\WQspySu.exe
  2⤵
  PID:3852
- C:\Windows\System\nazwgjQ.exe
  C:\Windows\System\nazwgjQ.exe
  2⤵
  PID:3604
- C:\Windows\System\QOWNgQO.exe
  C:\Windows\System\QOWNgQO.exe
  2⤵
  PID:3824
- C:\Windows\System\hWEqpIG.exe
  C:\Windows\System\hWEqpIG.exe
  2⤵
  PID:2528
- C:\Windows\System\PGGMnRr.exe
  C:\Windows\System\PGGMnRr.exe
  2⤵
  PID:4132
- C:\Windows\System\liRAuQt.exe
  C:\Windows\System\liRAuQt.exe
  2⤵
  PID:2228
- C:\Windows\System\qQIgTno.exe
  C:\Windows\System\qQIgTno.exe
  2⤵
  PID:4176
- C:\Windows\System\qBqBNXN.exe
  C:\Windows\System\qBqBNXN.exe
  2⤵
  PID:4276
- C:\Windows\System\woEaYeG.exe
  C:\Windows\System\woEaYeG.exe
  2⤵
  PID:2712
- C:\Windows\System\PNosCVP.exe
  C:\Windows\System\PNosCVP.exe
  2⤵
  PID:4500
- C:\Windows\System\BIQnajg.exe
  C:\Windows\System\BIQnajg.exe
  2⤵
  PID:4488
- C:\Windows\System\bkEHHmf.exe
  C:\Windows\System\bkEHHmf.exe
  2⤵
  PID:4436
- C:\Windows\System\Dltsvsf.exe
  C:\Windows\System\Dltsvsf.exe
  2⤵
  PID:4524
- C:\Windows\System\SkyyKUn.exe
  C:\Windows\System\SkyyKUn.exe
  2⤵
  PID:4584
- C:\Windows\System\CoXhhIg.exe
  C:\Windows\System\CoXhhIg.exe
  2⤵
  PID:1992
- C:\Windows\System\vVUTsXa.exe
  C:\Windows\System\vVUTsXa.exe
  2⤵
  PID:4664
- C:\Windows\System\SoKSaiL.exe
  C:\Windows\System\SoKSaiL.exe
  2⤵
  PID:4784
- C:\Windows\System\iLFcgjl.exe
  C:\Windows\System\iLFcgjl.exe
  2⤵
  PID:4856
- C:\Windows\System\PLvaFvu.exe
  C:\Windows\System\PLvaFvu.exe
  2⤵
  PID:1296
- C:\Windows\System\DOvIkAa.exe
  C:\Windows\System\DOvIkAa.exe
  2⤵
  PID:1648
- C:\Windows\System\rsuJzWz.exe
  C:\Windows\System\rsuJzWz.exe
  2⤵
  PID:4944
- C:\Windows\System\RuMXrVz.exe
  C:\Windows\System\RuMXrVz.exe
  2⤵
  PID:5032
- C:\Windows\System\LEXbnok.exe
  C:\Windows\System\LEXbnok.exe
  2⤵
  PID:4972
- C:\Windows\System\TbcpjAB.exe
  C:\Windows\System\TbcpjAB.exe
  2⤵
  PID:2904
- C:\Windows\System\zusddPU.exe
  C:\Windows\System\zusddPU.exe
  2⤵
  PID:5068
- C:\Windows\System\yZnYtqm.exe
  C:\Windows\System\yZnYtqm.exe
  2⤵
  PID:5084
- C:\Windows\System\VBLrsdj.exe
  C:\Windows\System\VBLrsdj.exe
  2⤵
  PID:3692
- C:\Windows\System\lFKYmGL.exe
  C:\Windows\System\lFKYmGL.exe
  2⤵
  PID:3328
- C:\Windows\System\BQzMBzd.exe
  C:\Windows\System\BQzMBzd.exe
  2⤵
  PID:4236
- C:\Windows\System\FEeIVNp.exe
  C:\Windows\System\FEeIVNp.exe
  2⤵
  PID:4220
- C:\Windows\System\aByNDOf.exe
  C:\Windows\System\aByNDOf.exe
  2⤵
  PID:4344
- C:\Windows\System\UaAcjWG.exe
  C:\Windows\System\UaAcjWG.exe
  2⤵
  PID:2580
- C:\Windows\System\xGrSEfT.exe
  C:\Windows\System\xGrSEfT.exe
  2⤵
  PID:1236
- C:\Windows\System\FbKmFvl.exe
  C:\Windows\System\FbKmFvl.exe
  2⤵
  PID:4356
- C:\Windows\System\IAKWiiw.exe
  C:\Windows\System\IAKWiiw.exe
  2⤵
  PID:2892
- C:\Windows\System\bUCHYhi.exe
  C:\Windows\System\bUCHYhi.exe
  2⤵
  PID:4528
- C:\Windows\System\jYPbUgO.exe
  C:\Windows\System\jYPbUgO.exe
  2⤵
  PID:4776
- C:\Windows\System\whbcJkn.exe
  C:\Windows\System\whbcJkn.exe
  2⤵
  PID:4696
- C:\Windows\System\CfaTzck.exe
  C:\Windows\System\CfaTzck.exe
  2⤵
  PID:4840
- C:\Windows\System\IJBXexS.exe
  C:\Windows\System\IJBXexS.exe
  2⤵
  PID:4896
- C:\Windows\System\MdXsrmd.exe
  C:\Windows\System\MdXsrmd.exe
  2⤵
  PID:4920
- C:\Windows\System\uZJITra.exe
  C:\Windows\System\uZJITra.exe
  2⤵
  PID:4052
- C:\Windows\System\pzkpxad.exe
  C:\Windows\System\pzkpxad.exe
  2⤵
  PID:5048
- C:\Windows\System\rthbEqA.exe
  C:\Windows\System\rthbEqA.exe
  2⤵
  PID:4244
- C:\Windows\System\eYXriHa.exe
  C:\Windows\System\eYXriHa.exe
  2⤵
  PID:4204
- C:\Windows\System\esHxoVw.exe
  C:\Windows\System\esHxoVw.exe
  2⤵
  PID:4304
- C:\Windows\System\BdRJnNH.exe
  C:\Windows\System\BdRJnNH.exe
  2⤵
  PID:4548
- C:\Windows\System\pQtBAzt.exe
  C:\Windows\System\pQtBAzt.exe
  2⤵
  PID:1412
- C:\Windows\System\RLSLZpk.exe
  C:\Windows\System\RLSLZpk.exe
  2⤵
  PID:4640
- C:\Windows\System\JswXcFv.exe
  C:\Windows\System\JswXcFv.exe
  2⤵
  PID:4644
- C:\Windows\System\VkkfnlO.exe
  C:\Windows\System\VkkfnlO.exe
  2⤵
  PID:1364
- C:\Windows\System\cLEuUJG.exe
  C:\Windows\System\cLEuUJG.exe
  2⤵
  PID:980
- C:\Windows\System\GdZvhlE.exe
  C:\Windows\System\GdZvhlE.exe
  2⤵
  PID:884
- C:\Windows\System\zJTWneC.exe
  C:\Windows\System\zJTWneC.exe
  2⤵
  PID:5136
- C:\Windows\System\ixKocbN.exe
  C:\Windows\System\ixKocbN.exe
  2⤵
  PID:5156
- C:\Windows\System\aznnXTG.exe
  C:\Windows\System\aznnXTG.exe
  2⤵
  PID:5176
- C:\Windows\System\rWTgOXT.exe
  C:\Windows\System\rWTgOXT.exe
  2⤵
  PID:5192
- C:\Windows\System\NKaCcKn.exe
  C:\Windows\System\NKaCcKn.exe
  2⤵
  PID:5216
- C:\Windows\System\qcAmqYF.exe
  C:\Windows\System\qcAmqYF.exe
  2⤵
  PID:5236
- C:\Windows\System\tRoQWKm.exe
  C:\Windows\System\tRoQWKm.exe
  2⤵
  PID:5256
- C:\Windows\System\BSbGDZD.exe
  C:\Windows\System\BSbGDZD.exe
  2⤵
  PID:5276
- C:\Windows\System\jCzvWtM.exe
  C:\Windows\System\jCzvWtM.exe
  2⤵
  PID:5296
- C:\Windows\System\sJdFLoQ.exe
  C:\Windows\System\sJdFLoQ.exe
  2⤵
  PID:5316
- C:\Windows\System\DbxjydJ.exe
  C:\Windows\System\DbxjydJ.exe
  2⤵
  PID:5336
- C:\Windows\System\zSqIgXg.exe
  C:\Windows\System\zSqIgXg.exe
  2⤵
  PID:5356
- C:\Windows\System\HtXdWPP.exe
  C:\Windows\System\HtXdWPP.exe
  2⤵
  PID:5376
- C:\Windows\System\VlqSFNc.exe
  C:\Windows\System\VlqSFNc.exe
  2⤵
  PID:5396
- C:\Windows\System\OLOQYpN.exe
  C:\Windows\System\OLOQYpN.exe
  2⤵
  PID:5416
- C:\Windows\System\cXXMKTP.exe
  C:\Windows\System\cXXMKTP.exe
  2⤵
  PID:5440
- C:\Windows\System\jVoZkTQ.exe
  C:\Windows\System\jVoZkTQ.exe
  2⤵
  PID:5460
- C:\Windows\System\cWDShie.exe
  C:\Windows\System\cWDShie.exe
  2⤵
  PID:5480
- C:\Windows\System\jMfIodS.exe
  C:\Windows\System\jMfIodS.exe
  2⤵
  PID:5500
- C:\Windows\System\dDBOIcX.exe
  C:\Windows\System\dDBOIcX.exe
  2⤵
  PID:5520
- C:\Windows\System\PTITqKb.exe
  C:\Windows\System\PTITqKb.exe
  2⤵
  PID:5540
- C:\Windows\System\XaKbybh.exe
  C:\Windows\System\XaKbybh.exe
  2⤵
  PID:5560
- C:\Windows\System\rZPriFT.exe
  C:\Windows\System\rZPriFT.exe
  2⤵
  PID:5580
- C:\Windows\System\ZQhPyFa.exe
  C:\Windows\System\ZQhPyFa.exe
  2⤵
  PID:5600
- C:\Windows\System\JumqUuS.exe
  C:\Windows\System\JumqUuS.exe
  2⤵
  PID:5620
- C:\Windows\System\ginhdYu.exe
  C:\Windows\System\ginhdYu.exe
  2⤵
  PID:5640
- C:\Windows\System\nxRJdLX.exe
  C:\Windows\System\nxRJdLX.exe
  2⤵
  PID:5660
- C:\Windows\System\JzvvdSk.exe
  C:\Windows\System\JzvvdSk.exe
  2⤵
  PID:5676
- C:\Windows\System\WIesCEf.exe
  C:\Windows\System\WIesCEf.exe
  2⤵
  PID:5700
- C:\Windows\System\JzJbrXa.exe
  C:\Windows\System\JzJbrXa.exe
  2⤵
  PID:5724
- C:\Windows\System\IOGHbHv.exe
  C:\Windows\System\IOGHbHv.exe
  2⤵
  PID:5744
- C:\Windows\System\zngSfvJ.exe
  C:\Windows\System\zngSfvJ.exe
  2⤵
  PID:5764
- C:\Windows\System\VzrLvrS.exe
  C:\Windows\System\VzrLvrS.exe
  2⤵
  PID:5784
- C:\Windows\System\gLZOwJK.exe
  C:\Windows\System\gLZOwJK.exe
  2⤵
  PID:5804
- C:\Windows\System\UALlrSA.exe
  C:\Windows\System\UALlrSA.exe
  2⤵
  PID:5824
- C:\Windows\System\xkCOCIb.exe
  C:\Windows\System\xkCOCIb.exe
  2⤵
  PID:5844
- C:\Windows\System\vCuDjQO.exe
  C:\Windows\System\vCuDjQO.exe
  2⤵
  PID:5864
- C:\Windows\System\RtlMTNw.exe
  C:\Windows\System\RtlMTNw.exe
  2⤵
  PID:5884
- C:\Windows\System\IVSPYCY.exe
  C:\Windows\System\IVSPYCY.exe
  2⤵
  PID:5904
- C:\Windows\System\fbDUgyA.exe
  C:\Windows\System\fbDUgyA.exe
  2⤵
  PID:5924
- C:\Windows\System\UkaejwF.exe
  C:\Windows\System\UkaejwF.exe
  2⤵
  PID:5944
- C:\Windows\System\DAuvzqj.exe
  C:\Windows\System\DAuvzqj.exe
  2⤵
  PID:5960
- C:\Windows\System\AIubxyl.exe
  C:\Windows\System\AIubxyl.exe
  2⤵
  PID:5984
- C:\Windows\System\YcBFnsN.exe
  C:\Windows\System\YcBFnsN.exe
  2⤵
  PID:6004
- C:\Windows\System\MTgKjqH.exe
  C:\Windows\System\MTgKjqH.exe
  2⤵
  PID:6024
- C:\Windows\System\qykdtiF.exe
  C:\Windows\System\qykdtiF.exe
  2⤵
  PID:6044
- C:\Windows\System\yywzFYz.exe
  C:\Windows\System\yywzFYz.exe
  2⤵
  PID:6064
- C:\Windows\System\RZUnifH.exe
  C:\Windows\System\RZUnifH.exe
  2⤵
  PID:6084
- C:\Windows\System\oWQXawD.exe
  C:\Windows\System\oWQXawD.exe
  2⤵
  PID:6104
- C:\Windows\System\zMvRpCw.exe
  C:\Windows\System\zMvRpCw.exe
  2⤵
  PID:6124
- C:\Windows\System\MGoEtqe.exe
  C:\Windows\System\MGoEtqe.exe
  2⤵
  PID:3104
- C:\Windows\System\gtRKiWc.exe
  C:\Windows\System\gtRKiWc.exe
  2⤵
  PID:4364
- C:\Windows\System\vndEtRX.exe
  C:\Windows\System\vndEtRX.exe
  2⤵
  PID:2784
- C:\Windows\System\NWLNEgn.exe
  C:\Windows\System\NWLNEgn.exe
  2⤵
  PID:4316
- C:\Windows\System\LdPykqE.exe
  C:\Windows\System\LdPykqE.exe
  2⤵
  PID:812
- C:\Windows\System\MBUdqyY.exe
  C:\Windows\System\MBUdqyY.exe
  2⤵
  PID:5004
- C:\Windows\System\mNOtvjA.exe
  C:\Windows\System\mNOtvjA.exe
  2⤵
  PID:5132
- C:\Windows\System\pPRmJWi.exe
  C:\Windows\System\pPRmJWi.exe
  2⤵
  PID:5152
- C:\Windows\System\SxuzXoY.exe
  C:\Windows\System\SxuzXoY.exe
  2⤵
  PID:5200
- C:\Windows\System\ZRJPaBt.exe
  C:\Windows\System\ZRJPaBt.exe
  2⤵
  PID:5244
- C:\Windows\System\tGzBfsU.exe
  C:\Windows\System\tGzBfsU.exe
  2⤵
  PID:5248
- C:\Windows\System\EPtQjIO.exe
  C:\Windows\System\EPtQjIO.exe
  2⤵
  PID:5292
- C:\Windows\System\gvkqqKd.exe
  C:\Windows\System\gvkqqKd.exe
  2⤵
  PID:5304
- C:\Windows\System\AErBHIO.exe
  C:\Windows\System\AErBHIO.exe
  2⤵
  PID:2180
- C:\Windows\System\ybLTLCb.exe
  C:\Windows\System\ybLTLCb.exe
  2⤵
  PID:5368
- C:\Windows\System\JZumBfB.exe
  C:\Windows\System\JZumBfB.exe
  2⤵
  PID:5412
- C:\Windows\System\eiTqwlY.exe
  C:\Windows\System\eiTqwlY.exe
  2⤵
  PID:5424
- C:\Windows\System\TBGSuiz.exe
  C:\Windows\System\TBGSuiz.exe
  2⤵
  PID:5488
- C:\Windows\System\EHthlNk.exe
  C:\Windows\System\EHthlNk.exe
  2⤵
  PID:5528
- C:\Windows\System\sIDJnnr.exe
  C:\Windows\System\sIDJnnr.exe
  2⤵
  PID:5568
- C:\Windows\System\xjOvOyX.exe
  C:\Windows\System\xjOvOyX.exe
  2⤵
  PID:2700
- C:\Windows\System\qPZAGMd.exe
  C:\Windows\System\qPZAGMd.exe
  2⤵
  PID:5588
- C:\Windows\System\BWLqFFY.exe
  C:\Windows\System\BWLqFFY.exe
  2⤵
  PID:5648
- C:\Windows\System\zcRPBkd.exe
  C:\Windows\System\zcRPBkd.exe
  2⤵
  PID:5652
- C:\Windows\System\IEfTKBl.exe
  C:\Windows\System\IEfTKBl.exe
  2⤵
  PID:5672
- C:\Windows\System\ebiHNEu.exe
  C:\Windows\System\ebiHNEu.exe
  2⤵
  PID:5736
- C:\Windows\System\FLyYYoR.exe
  C:\Windows\System\FLyYYoR.exe
  2⤵
  PID:5712
- C:\Windows\System\jTchppo.exe
  C:\Windows\System\jTchppo.exe
  2⤵
  PID:5792
- C:\Windows\System\oRleRms.exe
  C:\Windows\System\oRleRms.exe
  2⤵
  PID:5796
- C:\Windows\System\PJEAODt.exe
  C:\Windows\System\PJEAODt.exe
  2⤵
  PID:5840
- C:\Windows\System\NTWmBxq.exe
  C:\Windows\System\NTWmBxq.exe
  2⤵
  PID:5892
- C:\Windows\System\QIqqnjx.exe
  C:\Windows\System\QIqqnjx.exe
  2⤵
  PID:5940
- C:\Windows\System\qLzPBBR.exe
  C:\Windows\System\qLzPBBR.exe
  2⤵
  PID:5968
- C:\Windows\System\LsfmnvL.exe
  C:\Windows\System\LsfmnvL.exe
  2⤵
  PID:5976
- C:\Windows\System\pZMQKwJ.exe
  C:\Windows\System\pZMQKwJ.exe
  2⤵
  PID:6000
- C:\Windows\System\BurdgYB.exe
  C:\Windows\System\BurdgYB.exe
  2⤵
  PID:6116
- C:\Windows\System\TJYxcJb.exe
  C:\Windows\System\TJYxcJb.exe
  2⤵
  PID:4804
- C:\Windows\System\PDxkqEr.exe
  C:\Windows\System\PDxkqEr.exe
  2⤵
  PID:5124
- C:\Windows\System\FScJBtZ.exe
  C:\Windows\System\FScJBtZ.exe
  2⤵
  PID:5144
- C:\Windows\System\ggCvVqu.exe
  C:\Windows\System\ggCvVqu.exe
  2⤵
  PID:5228
- C:\Windows\System\mutAnan.exe
  C:\Windows\System\mutAnan.exe
  2⤵
  PID:5352
- C:\Windows\System\gotGsCU.exe
  C:\Windows\System\gotGsCU.exe
  2⤵
  PID:5384
- C:\Windows\System\VYLVKKb.exe
  C:\Windows\System\VYLVKKb.exe
  2⤵
  PID:5476
- C:\Windows\System\YRBHhaW.exe
  C:\Windows\System\YRBHhaW.exe
  2⤵
  PID:5548
- C:\Windows\System\HEHYxKA.exe
  C:\Windows\System\HEHYxKA.exe
  2⤵
  PID:5608
- C:\Windows\System\ixiwPjk.exe
  C:\Windows\System\ixiwPjk.exe
  2⤵
  PID:5616
- C:\Windows\System\FCTRCWE.exe
  C:\Windows\System\FCTRCWE.exe
  2⤵
  PID:5632
- C:\Windows\System\rtQqyZK.exe
  C:\Windows\System\rtQqyZK.exe
  2⤵
  PID:5732
- C:\Windows\System\sVhXZvx.exe
  C:\Windows\System\sVhXZvx.exe
  2⤵
  PID:5820
- C:\Windows\System\vlytCpV.exe
  C:\Windows\System\vlytCpV.exe
  2⤵
  PID:5756
- C:\Windows\System\zwtjelz.exe
  C:\Windows\System\zwtjelz.exe
  2⤵
  PID:2300
- C:\Windows\System\KXlgkCY.exe
  C:\Windows\System\KXlgkCY.exe
  2⤵
  PID:5920
- C:\Windows\System\nzjIeWd.exe
  C:\Windows\System\nzjIeWd.exe
  2⤵
  PID:5896
- C:\Windows\System\XfbIzLJ.exe
  C:\Windows\System\XfbIzLJ.exe
  2⤵
  PID:6020
- C:\Windows\System\DLxVngl.exe
  C:\Windows\System\DLxVngl.exe
  2⤵
  PID:3068
- C:\Windows\System\LDGSUnR.exe
  C:\Windows\System\LDGSUnR.exe
  2⤵
  PID:636
- C:\Windows\System\WljLbcq.exe
  C:\Windows\System\WljLbcq.exe
  2⤵
  PID:6076
- C:\Windows\System\qzcLpta.exe
  C:\Windows\System\qzcLpta.exe
  2⤵
  PID:2728
- C:\Windows\System\psxvNLr.exe
  C:\Windows\System\psxvNLr.exe
  2⤵
  PID:5172
- C:\Windows\System\sLUwOaa.exe
  C:\Windows\System\sLUwOaa.exe
  2⤵
  PID:1156
- C:\Windows\System\rdxGebs.exe
  C:\Windows\System\rdxGebs.exe
  2⤵
  PID:1436
- C:\Windows\System\GfFoYcJ.exe
  C:\Windows\System\GfFoYcJ.exe
  2⤵
  PID:5428
- C:\Windows\System\IxCFSZY.exe
  C:\Windows\System\IxCFSZY.exe
  2⤵
  PID:5188
- C:\Windows\System\DwjHDxu.exe
  C:\Windows\System\DwjHDxu.exe
  2⤵
  PID:5532
- C:\Windows\System\ejSmGNb.exe
  C:\Windows\System\ejSmGNb.exe
  2⤵
  PID:5452
- C:\Windows\System\QrsPIUq.exe
  C:\Windows\System\QrsPIUq.exe
  2⤵
  PID:5656
- C:\Windows\System\vdpRMxW.exe
  C:\Windows\System\vdpRMxW.exe
  2⤵
  PID:5780
- C:\Windows\System\eHtFWvd.exe
  C:\Windows\System\eHtFWvd.exe
  2⤵
  PID:2864
- C:\Windows\System\MwKljJs.exe
  C:\Windows\System\MwKljJs.exe
  2⤵
  PID:2212
- C:\Windows\System\xXeoLQL.exe
  C:\Windows\System\xXeoLQL.exe
  2⤵
  PID:5760
- C:\Windows\System\GxWApKj.exe
  C:\Windows\System\GxWApKj.exe
  2⤵
  PID:1916
- C:\Windows\System\upsowUH.exe
  C:\Windows\System\upsowUH.exe
  2⤵
  PID:2412
- C:\Windows\System\WtzTQsI.exe
  C:\Windows\System\WtzTQsI.exe
  2⤵
  PID:6096
- C:\Windows\System\ERHqSJy.exe
  C:\Windows\System\ERHqSJy.exe
  2⤵
  PID:5168
- C:\Windows\System\XpqlTle.exe
  C:\Windows\System\XpqlTle.exe
  2⤵
  PID:1768
- C:\Windows\System\DcgjZwt.exe
  C:\Windows\System\DcgjZwt.exe
  2⤵
  PID:5264
- C:\Windows\System\ImqZPLc.exe
  C:\Windows\System\ImqZPLc.exe
  2⤵
  PID:2292
- C:\Windows\System\UbtXRci.exe
  C:\Windows\System\UbtXRci.exe
  2⤵
  PID:1288
- C:\Windows\System\IbgDyTX.exe
  C:\Windows\System\IbgDyTX.exe
  2⤵
  PID:5408
- C:\Windows\System\EaDcaCU.exe
  C:\Windows\System\EaDcaCU.exe
  2⤵
  PID:5708
- C:\Windows\System\FFjyuIM.exe
  C:\Windows\System\FFjyuIM.exe
  2⤵
  PID:5328
- C:\Windows\System\DffXJdM.exe
  C:\Windows\System\DffXJdM.exe
  2⤵
  PID:2856
- C:\Windows\System\VkARivP.exe
  C:\Windows\System\VkARivP.exe
  2⤵
  PID:6080
- C:\Windows\System\DrHHkVJ.exe
  C:\Windows\System\DrHHkVJ.exe
  2⤵
  PID:5816
- C:\Windows\System\goGQAPQ.exe
  C:\Windows\System\goGQAPQ.exe
  2⤵
  PID:5836
- C:\Windows\System\dFnEioN.exe
  C:\Windows\System\dFnEioN.exe
  2⤵
  PID:2920
- C:\Windows\System\JIAfaoA.exe
  C:\Windows\System\JIAfaoA.exe
  2⤵
  PID:2596
- C:\Windows\System\UTVTMLj.exe
  C:\Windows\System\UTVTMLj.exe
  2⤵
  PID:5272
- C:\Windows\System\PGIDzwr.exe
  C:\Windows\System\PGIDzwr.exe
  2⤵
  PID:5348
- C:\Windows\System\tBItsKj.exe
  C:\Windows\System\tBItsKj.exe
  2⤵
  PID:5392
- C:\Windows\System\NWJUHAQ.exe
  C:\Windows\System\NWJUHAQ.exe
  2⤵
  PID:2464
- C:\Windows\System\yqDvnNF.exe
  C:\Windows\System\yqDvnNF.exe
  2⤵
  PID:776
- C:\Windows\System\DNjDAbz.exe
  C:\Windows\System\DNjDAbz.exe
  2⤵
  PID:236
- C:\Windows\System\RyNmDtc.exe
  C:\Windows\System\RyNmDtc.exe
  2⤵
  PID:4384
- C:\Windows\System\gzlmUQk.exe
  C:\Windows\System\gzlmUQk.exe
  2⤵
  PID:5104
- C:\Windows\System\LzsXKKq.exe
  C:\Windows\System\LzsXKKq.exe
  2⤵
  PID:5332
- C:\Windows\System\ETTwJbJ.exe
  C:\Windows\System\ETTwJbJ.exe
  2⤵
  PID:928
- C:\Windows\System\SHwNAPQ.exe
  C:\Windows\System\SHwNAPQ.exe
  2⤵
  PID:2140
- C:\Windows\System\tXfafNR.exe
  C:\Windows\System\tXfafNR.exe
  2⤵
  PID:2900
- C:\Windows\System\QdZflMI.exe
  C:\Windows\System\QdZflMI.exe
  2⤵
  PID:2740
- C:\Windows\System\QWWIEQj.exe
  C:\Windows\System\QWWIEQj.exe
  2⤵
  PID:2648
- C:\Windows\System\PXctnZh.exe
  C:\Windows\System\PXctnZh.exe
  2⤵
  PID:2424
- C:\Windows\System\OBMMofA.exe
  C:\Windows\System\OBMMofA.exe
  2⤵
  PID:1536
- C:\Windows\System\LaxqiOs.exe
  C:\Windows\System\LaxqiOs.exe
  2⤵
  PID:2004
- C:\Windows\System\bHeQmWw.exe
  C:\Windows\System\bHeQmWw.exe
  2⤵
  PID:2624
- C:\Windows\System\dDSdBWp.exe
  C:\Windows\System\dDSdBWp.exe
  2⤵
  PID:5612
- C:\Windows\System\CZMnyuN.exe
  C:\Windows\System\CZMnyuN.exe
  2⤵
  PID:4576
- C:\Windows\System\spWiJBp.exe
  C:\Windows\System\spWiJBp.exe
  2⤵
  PID:2196
- C:\Windows\System\FYGNRVR.exe
  C:\Windows\System\FYGNRVR.exe
  2⤵
  PID:4988
- C:\Windows\System\wMQjfIQ.exe
  C:\Windows\System\wMQjfIQ.exe
  2⤵
  PID:5468
- C:\Windows\System\WvGnAtC.exe
  C:\Windows\System\WvGnAtC.exe
  2⤵
  PID:5324
- C:\Windows\System\EbCkQuj.exe
  C:\Windows\System\EbCkQuj.exe
  2⤵
  PID:1104
- C:\Windows\System\SLjqfhA.exe
  C:\Windows\System\SLjqfhA.exe
  2⤵
  PID:2488
- C:\Windows\System\WTwvIbP.exe
  C:\Windows\System\WTwvIbP.exe
  2⤵
  PID:4300
- C:\Windows\System\BxnkdHL.exe
  C:\Windows\System\BxnkdHL.exe
  2⤵
  PID:2520
- C:\Windows\System\bDKsPuL.exe
  C:\Windows\System\bDKsPuL.exe
  2⤵
  PID:2516
- C:\Windows\System\QzRhiny.exe
  C:\Windows\System\QzRhiny.exe
  2⤵
  PID:2420
- C:\Windows\System\JSSiPLc.exe
  C:\Windows\System\JSSiPLc.exe
  2⤵
  PID:5284
- C:\Windows\System\jAciqDV.exe
  C:\Windows\System\jAciqDV.exe
  2⤵
  PID:1892
- C:\Windows\System\OSyCdLg.exe
  C:\Windows\System\OSyCdLg.exe
  2⤵
  PID:2388
- C:\Windows\System\HXNQWQY.exe
  C:\Windows\System\HXNQWQY.exe
  2⤵
  PID:304
- C:\Windows\System\FJQdCbQ.exe
  C:\Windows\System\FJQdCbQ.exe
  2⤵
  PID:6152
- C:\Windows\System\hZZKxuh.exe
  C:\Windows\System\hZZKxuh.exe
  2⤵
  PID:6184
- C:\Windows\System\nxWGKKG.exe
  C:\Windows\System\nxWGKKG.exe
  2⤵
  PID:6200
- C:\Windows\System\kSbpNzI.exe
  C:\Windows\System\kSbpNzI.exe
  2⤵
  PID:6224
- C:\Windows\System\RUuKjPW.exe
  C:\Windows\System\RUuKjPW.exe
  2⤵
  PID:6248
- C:\Windows\System\BuCDYSA.exe
  C:\Windows\System\BuCDYSA.exe
  2⤵
  PID:6268
- C:\Windows\System\xVDumzt.exe
  C:\Windows\System\xVDumzt.exe
  2⤵
  PID:6288
- C:\Windows\System\XhQZbqP.exe
  C:\Windows\System\XhQZbqP.exe
  2⤵
  PID:6304
- C:\Windows\System\FHhHlRA.exe
  C:\Windows\System\FHhHlRA.exe
  2⤵
  PID:6324
- C:\Windows\System\hjcoIGT.exe
  C:\Windows\System\hjcoIGT.exe
  2⤵
  PID:6340
- C:\Windows\System\HDjMSBS.exe
  C:\Windows\System\HDjMSBS.exe
  2⤵
  PID:6364
- C:\Windows\System\RULSdtM.exe
  C:\Windows\System\RULSdtM.exe
  2⤵
  PID:6384
- C:\Windows\System\QADAUhw.exe
  C:\Windows\System\QADAUhw.exe
  2⤵
  PID:6408
- C:\Windows\System\XqwSyht.exe
  C:\Windows\System\XqwSyht.exe
  2⤵
  PID:6432
- C:\Windows\System\jTeUURN.exe
  C:\Windows\System\jTeUURN.exe
  2⤵
  PID:6448
- C:\Windows\System\tuTfZda.exe
  C:\Windows\System\tuTfZda.exe
  2⤵
  PID:6464
- C:\Windows\System\hYiYAiG.exe
  C:\Windows\System\hYiYAiG.exe
  2⤵
  PID:6484
- C:\Windows\System\rgZNPBS.exe
  C:\Windows\System\rgZNPBS.exe
  2⤵
  PID:6512
- C:\Windows\System\LXwCfnJ.exe
  C:\Windows\System\LXwCfnJ.exe
  2⤵
  PID:6528
- C:\Windows\System\SHqMrNW.exe
  C:\Windows\System\SHqMrNW.exe
  2⤵
  PID:6552
- C:\Windows\System\TNyPwTz.exe
  C:\Windows\System\TNyPwTz.exe
  2⤵
  PID:6568
- C:\Windows\System\gOTKjsL.exe
  C:\Windows\System\gOTKjsL.exe
  2⤵
  PID:6584
- C:\Windows\System\RqeMRaA.exe
  C:\Windows\System\RqeMRaA.exe
  2⤵
  PID:6604
- C:\Windows\System\LRrrQKi.exe
  C:\Windows\System\LRrrQKi.exe
  2⤵
  PID:6628
- C:\Windows\System\YWFLaFn.exe
  C:\Windows\System\YWFLaFn.exe
  2⤵
  PID:6648
- C:\Windows\System\USmrIif.exe
  C:\Windows\System\USmrIif.exe
  2⤵
  PID:6672
- C:\Windows\System\yshrjwC.exe
  C:\Windows\System\yshrjwC.exe
  2⤵
  PID:6688
- C:\Windows\System\tLQwSzk.exe
  C:\Windows\System\tLQwSzk.exe
  2⤵
  PID:6708
- C:\Windows\System\rWoEibi.exe
  C:\Windows\System\rWoEibi.exe
  2⤵
  PID:6728
- C:\Windows\System\lMGwzwQ.exe
  C:\Windows\System\lMGwzwQ.exe
  2⤵
  PID:6744
- C:\Windows\System\UfRvEfL.exe
  C:\Windows\System\UfRvEfL.exe
  2⤵
  PID:6760
- C:\Windows\System\iIJpEam.exe
  C:\Windows\System\iIJpEam.exe
  2⤵
  PID:6792
- C:\Windows\System\kmQbGzM.exe
  C:\Windows\System\kmQbGzM.exe
  2⤵
  PID:6808
- C:\Windows\System\ZIjBSaQ.exe
  C:\Windows\System\ZIjBSaQ.exe
  2⤵
  PID:6828
- C:\Windows\System\tojpFSN.exe
  C:\Windows\System\tojpFSN.exe
  2⤵
  PID:6848
- C:\Windows\System\OURTTdV.exe
  C:\Windows\System\OURTTdV.exe
  2⤵
  PID:6864
- C:\Windows\System\xUhRYJp.exe
  C:\Windows\System\xUhRYJp.exe
  2⤵
  PID:6892
- C:\Windows\System\shhYqXq.exe
  C:\Windows\System\shhYqXq.exe
  2⤵
  PID:6912
- C:\Windows\System\ZheNtbA.exe
  C:\Windows\System\ZheNtbA.exe
  2⤵
  PID:6932
- C:\Windows\System\Yindzfj.exe
  C:\Windows\System\Yindzfj.exe
  2⤵
  PID:6948
- C:\Windows\System\CYNekKT.exe
  C:\Windows\System\CYNekKT.exe
  2⤵
  PID:6972
- C:\Windows\System\VqrMhIL.exe
  C:\Windows\System\VqrMhIL.exe
  2⤵
  PID:6988
- C:\Windows\System\oGInxRY.exe
  C:\Windows\System\oGInxRY.exe
  2⤵
  PID:7016
- C:\Windows\System\OymRbAy.exe
  C:\Windows\System\OymRbAy.exe
  2⤵
  PID:7032
- C:\Windows\System\mebwRAh.exe
  C:\Windows\System\mebwRAh.exe
  2⤵
  PID:7052
- C:\Windows\System\fdRNCCb.exe
  C:\Windows\System\fdRNCCb.exe
  2⤵
  PID:7068
- C:\Windows\System\NgUqQwT.exe
  C:\Windows\System\NgUqQwT.exe
  2⤵
  PID:7084
- C:\Windows\System\HoRVBpq.exe
  C:\Windows\System\HoRVBpq.exe
  2⤵
  PID:7116
- C:\Windows\System\FULvpPN.exe
  C:\Windows\System\FULvpPN.exe
  2⤵
  PID:7132
- C:\Windows\System\ShlfTlH.exe
  C:\Windows\System\ShlfTlH.exe
  2⤵
  PID:7148
- C:\Windows\System\prNUDtQ.exe
  C:\Windows\System\prNUDtQ.exe
  2⤵
  PID:1084
- C:\Windows\System\pGuhAtN.exe
  C:\Windows\System\pGuhAtN.exe
  2⤵
  PID:6164
- C:\Windows\System\MnJXlcH.exe
  C:\Windows\System\MnJXlcH.exe
  2⤵
  PID:1100
- C:\Windows\System\ADCbtwM.exe
  C:\Windows\System\ADCbtwM.exe
  2⤵
  PID:1704
- C:\Windows\System\ZOgSqGm.exe
  C:\Windows\System\ZOgSqGm.exe
  2⤵
  PID:6232
- C:\Windows\System\PgEaBCN.exe
  C:\Windows\System\PgEaBCN.exe
  2⤵
  PID:6240
- C:\Windows\System\uMfJQkB.exe
  C:\Windows\System\uMfJQkB.exe
  2⤵
  PID:6332
- C:\Windows\System\mipGBAz.exe
  C:\Windows\System\mipGBAz.exe
  2⤵
  PID:6276
- C:\Windows\System\NBJCCni.exe
  C:\Windows\System\NBJCCni.exe
  2⤵
  PID:6392
- C:\Windows\System\YhZFoIa.exe
  C:\Windows\System\YhZFoIa.exe
  2⤵
  PID:6352
- C:\Windows\System\PaZlrds.exe
  C:\Windows\System\PaZlrds.exe
  2⤵
  PID:6320
- C:\Windows\System\oTmisLY.exe
  C:\Windows\System\oTmisLY.exe
  2⤵
  PID:6456
- C:\Windows\System\bpGzbMU.exe
  C:\Windows\System\bpGzbMU.exe
  2⤵
  PID:6492
- C:\Windows\System\zBZaJCU.exe
  C:\Windows\System\zBZaJCU.exe
  2⤵
  PID:6524
- C:\Windows\System\VVPyxsV.exe
  C:\Windows\System\VVPyxsV.exe
  2⤵
  PID:6576
- C:\Windows\System\EFaNQXJ.exe
  C:\Windows\System\EFaNQXJ.exe
  2⤵
  PID:6612
- C:\Windows\System\XqWvMHi.exe
  C:\Windows\System\XqWvMHi.exe
  2⤵
  PID:6660
- C:\Windows\System\VeSOHSk.exe
  C:\Windows\System\VeSOHSk.exe
  2⤵
  PID:6596
- C:\Windows\System\rCaOycX.exe
  C:\Windows\System\rCaOycX.exe
  2⤵
  PID:6680
- C:\Windows\System\HBzvyrP.exe
  C:\Windows\System\HBzvyrP.exe
  2⤵
  PID:6736
- C:\Windows\System\yZfLOYG.exe
  C:\Windows\System\yZfLOYG.exe
  2⤵
  PID:6724
- C:\Windows\System\mDNRpZQ.exe
  C:\Windows\System\mDNRpZQ.exe
  2⤵
  PID:6780
- C:\Windows\System\vlAmheN.exe
  C:\Windows\System\vlAmheN.exe
  2⤵
  PID:6820
- C:\Windows\System\huffAvx.exe
  C:\Windows\System\huffAvx.exe
  2⤵
  PID:6840
- C:\Windows\System\hZonREE.exe
  C:\Windows\System\hZonREE.exe
  2⤵
  PID:6844
- C:\Windows\System\DPCzpRn.exe
  C:\Windows\System\DPCzpRn.exe
  2⤵
  PID:6888
- C:\Windows\System\KKEVmLb.exe
  C:\Windows\System\KKEVmLb.exe
  2⤵
  PID:6980
- C:\Windows\System\lKwLNPc.exe
  C:\Windows\System\lKwLNPc.exe
  2⤵
  PID:7004
- C:\Windows\System\iaBcgdZ.exe
  C:\Windows\System\iaBcgdZ.exe
  2⤵
  PID:7048
- C:\Windows\System\CbCNexp.exe
  C:\Windows\System\CbCNexp.exe
  2⤵
  PID:7092
- C:\Windows\System\qArSBed.exe
  C:\Windows\System\qArSBed.exe
  2⤵
  PID:7108
- C:\Windows\System\yObnMSY.exe
  C:\Windows\System\yObnMSY.exe
  2⤵
  PID:5232
- C:\Windows\System\YUiIzLn.exe
  C:\Windows\System\YUiIzLn.exe
  2⤵
  PID:7124
- C:\Windows\System\fjPVRqY.exe
  C:\Windows\System\fjPVRqY.exe
  2⤵
  PID:7164
- C:\Windows\System\osPrYoi.exe
  C:\Windows\System\osPrYoi.exe
  2⤵
  PID:6212
- C:\Windows\System\UWQEjlq.exe
  C:\Windows\System\UWQEjlq.exe
  2⤵
  PID:6196
- C:\Windows\System\wfCJYlJ.exe
  C:\Windows\System\wfCJYlJ.exe
  2⤵
  PID:6256
- C:\Windows\System\nRaeDxh.exe
  C:\Windows\System\nRaeDxh.exe
  2⤵
  PID:6312
- C:\Windows\System\GItaSwj.exe
  C:\Windows\System\GItaSwj.exe
  2⤵
  PID:6348
- C:\Windows\System\rrkuSMc.exe
  C:\Windows\System\rrkuSMc.exe
  2⤵
  PID:6376
- C:\Windows\System\WwRTAHD.exe
  C:\Windows\System\WwRTAHD.exe
  2⤵
  PID:6428
- C:\Windows\System\iAPYBEs.exe
  C:\Windows\System\iAPYBEs.exe
  2⤵
  PID:6508
- C:\Windows\System\EIQWzAh.exe
  C:\Windows\System\EIQWzAh.exe
  2⤵
  PID:6520
- C:\Windows\System\uOHciAL.exe
  C:\Windows\System\uOHciAL.exe
  2⤵
  PID:6480
- C:\Windows\System\HGQRYKg.exe
  C:\Windows\System\HGQRYKg.exe
  2⤵
  PID:6696
- C:\Windows\System\KKqYWtn.exe
  C:\Windows\System\KKqYWtn.exe
  2⤵
  PID:6592
- C:\Windows\System\ddRfzxh.exe
  C:\Windows\System\ddRfzxh.exe
  2⤵
  PID:6740
- C:\Windows\System\fHlzGqK.exe
  C:\Windows\System\fHlzGqK.exe
  2⤵
  PID:6756
- C:\Windows\System\FgepEGt.exe
  C:\Windows\System\FgepEGt.exe
  2⤵
  PID:6816
- C:\Windows\System\iFiukGv.exe
  C:\Windows\System\iFiukGv.exe
  2⤵
  PID:6860
- C:\Windows\System\diFxaIM.exe
  C:\Windows\System\diFxaIM.exe
  2⤵
  PID:6908
- C:\Windows\System\AZfqXOb.exe
  C:\Windows\System\AZfqXOb.exe
  2⤵
  PID:6940
- C:\Windows\System\BkPINGA.exe
  C:\Windows\System\BkPINGA.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7008
- C:\Windows\System\zWSshNb.exe
  C:\Windows\System\zWSshNb.exe
  2⤵
  PID:1984
- C:\Windows\System\arJzDFD.exe
  C:\Windows\System\arJzDFD.exe
  2⤵
  PID:960
- C:\Windows\System\vEFEQhq.exe
  C:\Windows\System\vEFEQhq.exe
  2⤵
  PID:7060
- C:\Windows\System\oceTLOq.exe
  C:\Windows\System\oceTLOq.exe
  2⤵
  PID:7044
- C:\Windows\System\MbvlsMd.exe
  C:\Windows\System\MbvlsMd.exe
  2⤵
  PID:7144
- C:\Windows\System\LyOUPlq.exe
  C:\Windows\System\LyOUPlq.exe
  2⤵
  PID:6216
- C:\Windows\System\JIPGHJZ.exe
  C:\Windows\System\JIPGHJZ.exe
  2⤵
  PID:6220
- C:\Windows\System\dnSvjgM.exe
  C:\Windows\System\dnSvjgM.exe
  2⤵
  PID:6336
- C:\Windows\System\iBVjRRS.exe
  C:\Windows\System\iBVjRRS.exe
  2⤵
  PID:576
- C:\Windows\System\XbzEzQQ.exe
  C:\Windows\System\XbzEzQQ.exe
  2⤵
  PID:908
- C:\Windows\System\VqZjEBw.exe
  C:\Windows\System\VqZjEBw.exe
  2⤵
  PID:6300
- C:\Windows\System\SfSGtUr.exe
  C:\Windows\System\SfSGtUr.exe
  2⤵
  PID:6280
- C:\Windows\System\BWgoakA.exe
  C:\Windows\System\BWgoakA.exe
  2⤵
  PID:6500
- C:\Windows\System\fyiAuOL.exe
  C:\Windows\System\fyiAuOL.exe
  2⤵
  PID:6616
- C:\Windows\System\mBHXAPd.exe
  C:\Windows\System\mBHXAPd.exe
  2⤵
  PID:6624
- C:\Windows\System\wZJphHC.exe
  C:\Windows\System\wZJphHC.exe
  2⤵
  PID:6804
- C:\Windows\System\PuBzhlr.exe
  C:\Windows\System\PuBzhlr.exe
  2⤵
  PID:6884
- C:\Windows\System\GXwegJm.exe
  C:\Windows\System\GXwegJm.exe
  2⤵
  PID:6996
- C:\Windows\System\ugjKeyu.exe
  C:\Windows\System\ugjKeyu.exe
  2⤵
  PID:7040
- C:\Windows\System\fdScTMV.exe
  C:\Windows\System\fdScTMV.exe
  2⤵
  PID:6964
- C:\Windows\System\WdPUNta.exe
  C:\Windows\System\WdPUNta.exe
  2⤵
  PID:7156
- C:\Windows\System\jtjlVNu.exe
  C:\Windows\System\jtjlVNu.exe
  2⤵
  PID:7012
- C:\Windows\System\xMpBgTX.exe
  C:\Windows\System\xMpBgTX.exe
  2⤵
  PID:272
- C:\Windows\System\PpVVWsX.exe
  C:\Windows\System\PpVVWsX.exe
  2⤵
  PID:2688
- C:\Windows\System\xfyehqS.exe
  C:\Windows\System\xfyehqS.exe
  2⤵
  PID:6472
- C:\Windows\System\WDWWHmN.exe
  C:\Windows\System\WDWWHmN.exe
  2⤵
  PID:6800
- C:\Windows\System\dGCyNCC.exe
  C:\Windows\System\dGCyNCC.exe
  2⤵
  PID:6856
- C:\Windows\System\DhLHVMx.exe
  C:\Windows\System\DhLHVMx.exe
  2⤵
  PID:7080
- C:\Windows\System\IsYvHKM.exe
  C:\Windows\System\IsYvHKM.exe
  2⤵
  PID:7140
- C:\Windows\System\zAJmyIb.exe
  C:\Windows\System\zAJmyIb.exe
  2⤵
  PID:6172
- C:\Windows\System\KCyfRIS.exe
  C:\Windows\System\KCyfRIS.exe
  2⤵
  PID:6664
- C:\Windows\System\yqCpPyZ.exe
  C:\Windows\System\yqCpPyZ.exe
  2⤵
  PID:2280
- C:\Windows\System\Nheyrfa.exe
  C:\Windows\System\Nheyrfa.exe
  2⤵
  PID:6960
- C:\Windows\System\NqApDfP.exe
  C:\Windows\System\NqApDfP.exe
  2⤵
  PID:6160
- C:\Windows\System\JRWMddR.exe
  C:\Windows\System\JRWMddR.exe
  2⤵
  PID:6476
- C:\Windows\System\AMmQXTw.exe
  C:\Windows\System\AMmQXTw.exe
  2⤵
  PID:952
- C:\Windows\System\OQuPExC.exe
  C:\Windows\System\OQuPExC.exe
  2⤵
  PID:6636
- C:\Windows\System\HHQMkbD.exe
  C:\Windows\System\HHQMkbD.exe
  2⤵
  PID:7176
- C:\Windows\System\TjiHjmR.exe
  C:\Windows\System\TjiHjmR.exe
  2⤵
  PID:7192
- C:\Windows\System\swjOtyj.exe
  C:\Windows\System\swjOtyj.exe
  2⤵
  PID:7208
- C:\Windows\System\iQxcNrm.exe
  C:\Windows\System\iQxcNrm.exe
  2⤵
  PID:7224
- C:\Windows\System\AuBztDV.exe
  C:\Windows\System\AuBztDV.exe
  2⤵
  PID:7240
- C:\Windows\System\cFxieKj.exe
  C:\Windows\System\cFxieKj.exe
  2⤵
  PID:7256
- C:\Windows\System\aHRpdaO.exe
  C:\Windows\System\aHRpdaO.exe
  2⤵
  PID:7272
- C:\Windows\System\qURWSIu.exe
  C:\Windows\System\qURWSIu.exe
  2⤵
  PID:7292
- C:\Windows\System\ZbsRMDD.exe
  C:\Windows\System\ZbsRMDD.exe
  2⤵
  PID:7308
- C:\Windows\System\ENzFlyF.exe
  C:\Windows\System\ENzFlyF.exe
  2⤵
  PID:7324
- C:\Windows\System\XQlrfGI.exe
  C:\Windows\System\XQlrfGI.exe
  2⤵
  PID:7340
- C:\Windows\System\eBVmibG.exe
  C:\Windows\System\eBVmibG.exe
  2⤵
  PID:7356
- C:\Windows\System\JgjIBbG.exe
  C:\Windows\System\JgjIBbG.exe
  2⤵
  PID:7372
- C:\Windows\System\YRqmpHA.exe
  C:\Windows\System\YRqmpHA.exe
  2⤵
  PID:7388
- C:\Windows\System\bxzXYGc.exe
  C:\Windows\System\bxzXYGc.exe
  2⤵
  PID:7404
- C:\Windows\System\wUfCwZc.exe
  C:\Windows\System\wUfCwZc.exe
  2⤵
  PID:7420
- C:\Windows\System\nqpcUXa.exe
  C:\Windows\System\nqpcUXa.exe
  2⤵
  PID:7436
- C:\Windows\System\DyUXXkO.exe
  C:\Windows\System\DyUXXkO.exe
  2⤵
  PID:7452
- C:\Windows\System\MRfkpvI.exe
  C:\Windows\System\MRfkpvI.exe
  2⤵
  PID:7468
- C:\Windows\System\yMOkIKh.exe
  C:\Windows\System\yMOkIKh.exe
  2⤵
  PID:7488
- C:\Windows\System\JSQyKXt.exe
  C:\Windows\System\JSQyKXt.exe
  2⤵
  PID:7504
- C:\Windows\System\DujyHJq.exe
  C:\Windows\System\DujyHJq.exe
  2⤵
  PID:7520
- C:\Windows\System\FxCRGLk.exe
  C:\Windows\System\FxCRGLk.exe
  2⤵
  PID:7536
- C:\Windows\System\vTMBjwM.exe
  C:\Windows\System\vTMBjwM.exe
  2⤵
  PID:7552
- C:\Windows\System\LIMSkAU.exe
  C:\Windows\System\LIMSkAU.exe
  2⤵
  PID:7568
- C:\Windows\System\FfToShY.exe
  C:\Windows\System\FfToShY.exe
  2⤵
  PID:7584
- C:\Windows\System\YTMwifS.exe
  C:\Windows\System\YTMwifS.exe
  2⤵
  PID:7604
- C:\Windows\System\YWBUMGY.exe
  C:\Windows\System\YWBUMGY.exe
  2⤵
  PID:7628
- C:\Windows\System\eJmDgFq.exe
  C:\Windows\System\eJmDgFq.exe
  2⤵
  PID:7660
- C:\Windows\System\XjYKrtH.exe
  C:\Windows\System\XjYKrtH.exe
  2⤵
  PID:7676
- C:\Windows\System\ZVUKEzJ.exe
  C:\Windows\System\ZVUKEzJ.exe
  2⤵
  PID:7700
- C:\Windows\System\jHaAtMI.exe
  C:\Windows\System\jHaAtMI.exe
  2⤵
  PID:7716
- C:\Windows\System\veglxta.exe
  C:\Windows\System\veglxta.exe
  2⤵
  PID:7732
- C:\Windows\System\kRHaCgW.exe
  C:\Windows\System\kRHaCgW.exe
  2⤵
  PID:7748
- C:\Windows\System\khwhmKX.exe
  C:\Windows\System\khwhmKX.exe
  2⤵
  PID:7764
- C:\Windows\System\nCUuJgU.exe
  C:\Windows\System\nCUuJgU.exe
  2⤵
  PID:7780
- C:\Windows\System\hBsYcwH.exe
  C:\Windows\System\hBsYcwH.exe
  2⤵
  PID:7796
- C:\Windows\System\GzksmMe.exe
  C:\Windows\System\GzksmMe.exe
  2⤵
  PID:7812
- C:\Windows\System\HhMKBkt.exe
  C:\Windows\System\HhMKBkt.exe
  2⤵
  PID:7828
- C:\Windows\System\CYzOagc.exe
  C:\Windows\System\CYzOagc.exe
  2⤵
  PID:7844
- C:\Windows\System\FBqmFSk.exe
  C:\Windows\System\FBqmFSk.exe
  2⤵
  PID:7864
- C:\Windows\System\lwSOOeS.exe
  C:\Windows\System\lwSOOeS.exe
  2⤵
  PID:7884
- C:\Windows\System\BciWZfc.exe
  C:\Windows\System\BciWZfc.exe
  2⤵
  PID:7900
- C:\Windows\System\FsidwlL.exe
  C:\Windows\System\FsidwlL.exe
  2⤵
  PID:7916
- C:\Windows\System\XcbCuDL.exe
  C:\Windows\System\XcbCuDL.exe
  2⤵
  PID:7932
- C:\Windows\System\oCUmrPW.exe
  C:\Windows\System\oCUmrPW.exe
  2⤵
  PID:7948
- C:\Windows\System\KfkciJE.exe
  C:\Windows\System\KfkciJE.exe
  2⤵
  PID:7964
- C:\Windows\System\swXyRiy.exe
  C:\Windows\System\swXyRiy.exe
  2⤵
  PID:7984
- C:\Windows\System\ltZCunK.exe
  C:\Windows\System\ltZCunK.exe
  2⤵
  PID:8000
- C:\Windows\System\qvlwLfW.exe
  C:\Windows\System\qvlwLfW.exe
  2⤵
  PID:8016
- C:\Windows\System\mALFVCf.exe
  C:\Windows\System\mALFVCf.exe
  2⤵
  PID:8032
- C:\Windows\System\ChmaKJl.exe
  C:\Windows\System\ChmaKJl.exe
  2⤵
  PID:8048
- C:\Windows\System\rPYZsgt.exe
  C:\Windows\System\rPYZsgt.exe
  2⤵
  PID:8068
- C:\Windows\System\hDFUqHg.exe
  C:\Windows\System\hDFUqHg.exe
  2⤵
  PID:8088
- C:\Windows\System\UqGLBYN.exe
  C:\Windows\System\UqGLBYN.exe
  2⤵
  PID:8108
- C:\Windows\System\PYjPOZD.exe
  C:\Windows\System\PYjPOZD.exe
  2⤵
  PID:8124
- C:\Windows\System\WOZkrhk.exe
  C:\Windows\System\WOZkrhk.exe
  2⤵
  PID:8152
- C:\Windows\System\tdXlgpN.exe
  C:\Windows\System\tdXlgpN.exe
  2⤵
  PID:8176
- C:\Windows\System\QPFrweK.exe
  C:\Windows\System\QPFrweK.exe
  2⤵
  PID:7172
- C:\Windows\System\mCvRCmC.exe
  C:\Windows\System\mCvRCmC.exe
  2⤵
  PID:7204
- C:\Windows\System\AIePvVr.exe
  C:\Windows\System\AIePvVr.exe
  2⤵
  PID:7280
- C:\Windows\System\zXEeihb.exe
  C:\Windows\System\zXEeihb.exe
  2⤵
  PID:7316
- C:\Windows\System\XOKEzWl.exe
  C:\Windows\System\XOKEzWl.exe
  2⤵
  PID:7304
- C:\Windows\System\BuQyexQ.exe
  C:\Windows\System\BuQyexQ.exe
  2⤵
  PID:7380
- C:\Windows\System\edgXPmF.exe
  C:\Windows\System\edgXPmF.exe
  2⤵
  PID:7396
- C:\Windows\System\CPtOIFr.exe
  C:\Windows\System\CPtOIFr.exe
  2⤵
  PID:8168
- C:\Windows\System\gDsIuZy.exe
  C:\Windows\System\gDsIuZy.exe
  2⤵
  PID:6904
- C:\Windows\System\oOEwvPR.exe
  C:\Windows\System\oOEwvPR.exe
  2⤵
  PID:7232
- C:\Windows\System\KHVOXEo.exe
  C:\Windows\System\KHVOXEo.exe
  2⤵
  PID:7264
- C:\Windows\System\FEuCgkM.exe
  C:\Windows\System\FEuCgkM.exe
  2⤵
  PID:7320
- C:\Windows\System\wBaZLGQ.exe
  C:\Windows\System\wBaZLGQ.exe
  2⤵
  PID:7416
- C:\Windows\System\dvmxiOX.exe
  C:\Windows\System\dvmxiOX.exe
  2⤵
  PID:7428
- C:\Windows\System\LKcoVMK.exe
  C:\Windows\System\LKcoVMK.exe
  2⤵
  PID:7480
- C:\Windows\System\VWHGejQ.exe
  C:\Windows\System\VWHGejQ.exe
  2⤵
  PID:7512
- C:\Windows\System\AtAawAF.exe
  C:\Windows\System\AtAawAF.exe
  2⤵
  PID:7544
- C:\Windows\System\UJEmzHd.exe
  C:\Windows\System\UJEmzHd.exe
  2⤵
  PID:7564
- C:\Windows\System\EWjuOXF.exe
  C:\Windows\System\EWjuOXF.exe
  2⤵
  PID:7652
- C:\Windows\System\HPzzUhZ.exe
  C:\Windows\System\HPzzUhZ.exe
  2⤵
  PID:7644
- C:\Windows\System\EcCRvZw.exe
  C:\Windows\System\EcCRvZw.exe
  2⤵
  PID:7696
- C:\Windows\System\aFVAZSj.exe
  C:\Windows\System\aFVAZSj.exe
  2⤵
  PID:7740
- C:\Windows\System\NolkLoc.exe
  C:\Windows\System\NolkLoc.exe
  2⤵
  PID:7728
- C:\Windows\System\FgUNnYw.exe
  C:\Windows\System\FgUNnYw.exe
  2⤵
  PID:7284
- C:\Windows\System\MNGQbNo.exe
  C:\Windows\System\MNGQbNo.exe
  2⤵
  PID:7788
- C:\Windows\System\YKlBDWl.exe
  C:\Windows\System\YKlBDWl.exe
  2⤵
  PID:7824
- C:\Windows\System\rlEJAhZ.exe
  C:\Windows\System\rlEJAhZ.exe
  2⤵
  PID:7860
- C:\Windows\System\ahUzRpQ.exe
  C:\Windows\System\ahUzRpQ.exe
  2⤵
  PID:7912
- C:\Windows\System\HpDULYL.exe
  C:\Windows\System\HpDULYL.exe
  2⤵
  PID:7976
- C:\Windows\System\oMIeSKd.exe
  C:\Windows\System\oMIeSKd.exe
  2⤵
  PID:8076
- C:\Windows\System\DijMrfS.exe
  C:\Windows\System\DijMrfS.exe
  2⤵
  PID:8064
- C:\Windows\System\qINcXBR.exe
  C:\Windows\System\qINcXBR.exe
  2⤵
  PID:8100
- C:\Windows\System\eyNOTTR.exe
  C:\Windows\System\eyNOTTR.exe
  2⤵
  PID:7464
- C:\Windows\System\YebdzEf.exe
  C:\Windows\System\YebdzEf.exe
  2⤵
  PID:8140
- C:\Windows\System\AQdeMgI.exe
  C:\Windows\System\AQdeMgI.exe
  2⤵
  PID:7200
- C:\Windows\System\LiKYyip.exe
  C:\Windows\System\LiKYyip.exe
  2⤵
  PID:7236
- C:\Windows\System\qYZYHwX.exe
  C:\Windows\System\qYZYHwX.exe
  2⤵
  PID:7400
- C:\Windows\System\HhnTTwu.exe
  C:\Windows\System\HhnTTwu.exe
  2⤵
  PID:7500
- C:\Windows\System\tOmnJiO.exe
  C:\Windows\System\tOmnJiO.exe
  2⤵
  PID:7528
- C:\Windows\System\HDddsTQ.exe
  C:\Windows\System\HDddsTQ.exe
  2⤵
  PID:7576
- C:\Windows\System\KApQRHD.exe
  C:\Windows\System\KApQRHD.exe
  2⤵
  PID:7616
- C:\Windows\System\arbTzZc.exe
  C:\Windows\System\arbTzZc.exe
  2⤵
  PID:7640
- C:\Windows\System\vALIvlu.exe
  C:\Windows\System\vALIvlu.exe
  2⤵
  PID:7708
- C:\Windows\System\aIsnwVm.exe
  C:\Windows\System\aIsnwVm.exe
  2⤵
  PID:7724
- C:\Windows\System\qmQKfor.exe
  C:\Windows\System\qmQKfor.exe
  2⤵
  PID:7808
- C:\Windows\System\zFkDVkn.exe
  C:\Windows\System\zFkDVkn.exe
  2⤵
  PID:7892
- C:\Windows\System\ZoyGMoX.exe
  C:\Windows\System\ZoyGMoX.exe
  2⤵
  PID:7928
- C:\Windows\System\hCHoyCm.exe
  C:\Windows\System\hCHoyCm.exe
  2⤵
  PID:8012
- C:\Windows\System\VvfHSFg.exe
  C:\Windows\System\VvfHSFg.exe
  2⤵
  PID:7940
- C:\Windows\System\SirZhhE.exe
  C:\Windows\System\SirZhhE.exe
  2⤵
  PID:8056
- C:\Windows\System\YTvJOID.exe
  C:\Windows\System\YTvJOID.exe
  2⤵
  PID:8120
- C:\Windows\System\xHNkBao.exe
  C:\Windows\System\xHNkBao.exe
  2⤵
  PID:8184
- C:\Windows\System\GIgAEqi.exe
  C:\Windows\System\GIgAEqi.exe
  2⤵
  PID:7476
- C:\Windows\System\fwwYATV.exe
  C:\Windows\System\fwwYATV.exe
  2⤵
  PID:7620
- C:\Windows\System\GtnZJDf.exe
  C:\Windows\System\GtnZJDf.exe
  2⤵
  PID:7368
- C:\Windows\System\ZJgqkfc.exe
  C:\Windows\System\ZJgqkfc.exe
  2⤵
  PID:7496
- C:\Windows\System\jQWtJGQ.exe
  C:\Windows\System\jQWtJGQ.exe
  2⤵
  PID:7612
- C:\Windows\System\pElATFq.exe
  C:\Windows\System\pElATFq.exe
  2⤵
  PID:7760
- C:\Windows\System\FRrbXah.exe
  C:\Windows\System\FRrbXah.exe
  2⤵
  PID:7820
- C:\Windows\System\vIULovI.exe
  C:\Windows\System\vIULovI.exe
  2⤵
  PID:7960
- C:\Windows\System\VpydvdL.exe
  C:\Windows\System\VpydvdL.exe
  2⤵
  PID:8080
- C:\Windows\System\yqTaHdq.exe
  C:\Windows\System\yqTaHdq.exe
  2⤵
  PID:7432
- C:\Windows\System\AIcWENq.exe
  C:\Windows\System\AIcWENq.exe
  2⤵
  PID:7712
- C:\Windows\System\YrNDFjn.exe
  C:\Windows\System\YrNDFjn.exe
  2⤵
  PID:7580
- C:\Windows\System\BsMHRlo.exe
  C:\Windows\System\BsMHRlo.exe
  2⤵
  PID:8008
- C:\Windows\System\phPsKAs.exe
  C:\Windows\System\phPsKAs.exe
  2⤵
  PID:8144
- C:\Windows\System\glmnHfU.exe
  C:\Windows\System\glmnHfU.exe
  2⤵
  PID:7852
- C:\Windows\System\nOOAkze.exe
  C:\Windows\System\nOOAkze.exe
  2⤵
  PID:7336
- C:\Windows\System\vKvEmZR.exe
  C:\Windows\System\vKvEmZR.exe
  2⤵
  PID:8196
- C:\Windows\System\RkbYShC.exe
  C:\Windows\System\RkbYShC.exe
  2⤵
  PID:8212
- C:\Windows\System\cfQsvih.exe
  C:\Windows\System\cfQsvih.exe
  2⤵
  PID:8228
- C:\Windows\System\yRlJPYg.exe
  C:\Windows\System\yRlJPYg.exe
  2⤵
  PID:8252
- C:\Windows\System\bVqAoHv.exe
  C:\Windows\System\bVqAoHv.exe
  2⤵
  PID:8276
- C:\Windows\System\hzvdvxp.exe
  C:\Windows\System\hzvdvxp.exe
  2⤵
  PID:8292
- C:\Windows\System\JRaJUNC.exe
  C:\Windows\System\JRaJUNC.exe
  2⤵
  PID:8308
- C:\Windows\System\UfIvbIr.exe
  C:\Windows\System\UfIvbIr.exe
  2⤵
  PID:8328
- C:\Windows\System\GMdwqmJ.exe
  C:\Windows\System\GMdwqmJ.exe
  2⤵
  PID:8348
- C:\Windows\System\EpvQQHL.exe
  C:\Windows\System\EpvQQHL.exe
  2⤵
  PID:8364
- C:\Windows\System\ZxIwSza.exe
  C:\Windows\System\ZxIwSza.exe
  2⤵
  PID:8396
- C:\Windows\System\LNopylu.exe
  C:\Windows\System\LNopylu.exe
  2⤵
  PID:8420
- C:\Windows\System\rSKWwZE.exe
  C:\Windows\System\rSKWwZE.exe
  2⤵
  PID:8444
- C:\Windows\System\kJKEDRt.exe
  C:\Windows\System\kJKEDRt.exe
  2⤵
  PID:8460
- C:\Windows\System\oGEKarb.exe
  C:\Windows\System\oGEKarb.exe
  2⤵
  PID:8480
- C:\Windows\System\NcElJFf.exe
  C:\Windows\System\NcElJFf.exe
  2⤵
  PID:8500
- C:\Windows\System\ueOCxMc.exe
  C:\Windows\System\ueOCxMc.exe
  2⤵
  PID:8516
- C:\Windows\System\JRNVFbK.exe
  C:\Windows\System\JRNVFbK.exe
  2⤵
  PID:8540
- C:\Windows\System\SWwlxLI.exe
  C:\Windows\System\SWwlxLI.exe
  2⤵
  PID:8556
- C:\Windows\System\QhNyqkS.exe
  C:\Windows\System\QhNyqkS.exe
  2⤵
  PID:8584
- C:\Windows\System\ftEBtin.exe
  C:\Windows\System\ftEBtin.exe
  2⤵
  PID:8600
- C:\Windows\System\ltpIPPf.exe
  C:\Windows\System\ltpIPPf.exe
  2⤵
  PID:8620
- C:\Windows\System\luSmEXd.exe
  C:\Windows\System\luSmEXd.exe
  2⤵
  PID:8636
- C:\Windows\System\AoRcrwn.exe
  C:\Windows\System\AoRcrwn.exe
  2⤵
  PID:8664
- C:\Windows\System\YcaOHpm.exe
  C:\Windows\System\YcaOHpm.exe
  2⤵
  PID:8680
- C:\Windows\System\qvdDDca.exe
  C:\Windows\System\qvdDDca.exe
  2⤵
  PID:8696
- C:\Windows\System\yUaLKzV.exe
  C:\Windows\System\yUaLKzV.exe
  2⤵
  PID:8716
- C:\Windows\System\geQHIMh.exe
  C:\Windows\System\geQHIMh.exe
  2⤵
  PID:8744
- C:\Windows\System\yhdcdEa.exe
  C:\Windows\System\yhdcdEa.exe
  2⤵
  PID:8764
- C:\Windows\System\TeVXjNc.exe
  C:\Windows\System\TeVXjNc.exe
  2⤵
  PID:8788
- C:\Windows\System\aKRBTQC.exe
  C:\Windows\System\aKRBTQC.exe
  2⤵
  PID:8804
- C:\Windows\System\kFEvvdd.exe
  C:\Windows\System\kFEvvdd.exe
  2⤵
  PID:8820
- C:\Windows\System\wBLlqxN.exe
  C:\Windows\System\wBLlqxN.exe
  2⤵
  PID:8840
- C:\Windows\System\vpBNBYQ.exe
  C:\Windows\System\vpBNBYQ.exe
  2⤵
  PID:8860
- C:\Windows\System\uuDSdCN.exe
  C:\Windows\System\uuDSdCN.exe
  2⤵
  PID:8880
- C:\Windows\System\jgBbgmc.exe
  C:\Windows\System\jgBbgmc.exe
  2⤵
  PID:8896
- C:\Windows\System\ebeUKBZ.exe
  C:\Windows\System\ebeUKBZ.exe
  2⤵
  PID:8920
- C:\Windows\System\JRpZEFZ.exe
  C:\Windows\System\JRpZEFZ.exe
  2⤵
  PID:8948
- C:\Windows\System\reDuhap.exe
  C:\Windows\System\reDuhap.exe
  2⤵
  PID:8968
- C:\Windows\System\wCifDgz.exe
  C:\Windows\System\wCifDgz.exe
  2⤵
  PID:8988
- C:\Windows\System\ZIGxEIw.exe
  C:\Windows\System\ZIGxEIw.exe
  2⤵
  PID:9012
- C:\Windows\System\RjPsvMd.exe
  C:\Windows\System\RjPsvMd.exe
  2⤵
  PID:9048
- C:\Windows\System\nbyiYME.exe
  C:\Windows\System\nbyiYME.exe
  2⤵
  PID:9084
- C:\Windows\System\ZSSFdxj.exe
  C:\Windows\System\ZSSFdxj.exe
  2⤵
  PID:9104
- C:\Windows\System\sCvyftl.exe
  C:\Windows\System\sCvyftl.exe
  2⤵
  PID:9120
- C:\Windows\System\hErpyyD.exe
  C:\Windows\System\hErpyyD.exe
  2⤵
  PID:9136
- C:\Windows\System\GsRXGOA.exe
  C:\Windows\System\GsRXGOA.exe
  2⤵
  PID:9164
- C:\Windows\System\RBKeLrj.exe
  C:\Windows\System\RBKeLrj.exe
  2⤵
  PID:9192
- C:\Windows\System\qnZftnf.exe
  C:\Windows\System\qnZftnf.exe
  2⤵
  PID:9208
- C:\Windows\System\uTOotkk.exe
  C:\Windows\System\uTOotkk.exe
  2⤵
  PID:8208
- C:\Windows\System\mNYkgBO.exe
  C:\Windows\System\mNYkgBO.exe
  2⤵
  PID:8248
- C:\Windows\System\AsMiEHq.exe
  C:\Windows\System\AsMiEHq.exe
  2⤵
  PID:8240
- C:\Windows\System\PIwXVII.exe
  C:\Windows\System\PIwXVII.exe
  2⤵
  PID:8300
- C:\Windows\System\vqkzFgA.exe
  C:\Windows\System\vqkzFgA.exe
  2⤵
  PID:8356
- C:\Windows\System\rlAwpcs.exe
  C:\Windows\System\rlAwpcs.exe
  2⤵
  PID:8392
- C:\Windows\System\spjLGIq.exe
  C:\Windows\System\spjLGIq.exe
  2⤵
  PID:8344
- C:\Windows\System\YCgbMOG.exe
  C:\Windows\System\YCgbMOG.exe
  2⤵
  PID:8428
- C:\Windows\System\OaVEPRh.exe
  C:\Windows\System\OaVEPRh.exe
  2⤵
  PID:8488
- C:\Windows\System\NLSuiaD.exe
  C:\Windows\System\NLSuiaD.exe
  2⤵
  PID:8476
- C:\Windows\System\ZORoUwt.exe
  C:\Windows\System\ZORoUwt.exe
  2⤵
  PID:8508
- C:\Windows\System\YJqUsJH.exe
  C:\Windows\System\YJqUsJH.exe
  2⤵
  PID:8568
- C:\Windows\System\nHnFKnX.exe
  C:\Windows\System\nHnFKnX.exe
  2⤵
  PID:8580
- C:\Windows\System\UoHfcNY.exe
  C:\Windows\System\UoHfcNY.exe
  2⤵
  PID:8616
- C:\Windows\System\CFrIfYP.exe
  C:\Windows\System\CFrIfYP.exe
  2⤵
  PID:8656
- C:\Windows\System\ftSLjBU.exe
  C:\Windows\System\ftSLjBU.exe
  2⤵
  PID:8692
- C:\Windows\System\FDgNstQ.exe
  C:\Windows\System\FDgNstQ.exe
  2⤵
  PID:8708
- C:\Windows\System\dxPVHRq.exe
  C:\Windows\System\dxPVHRq.exe
  2⤵
  PID:8752
- C:\Windows\System\ahgapAd.exe
  C:\Windows\System\ahgapAd.exe
  2⤵
  PID:8784
- C:\Windows\System\osaRrWa.exe
  C:\Windows\System\osaRrWa.exe
  2⤵
  PID:8800
- C:\Windows\System\ZMNTjJz.exe
  C:\Windows\System\ZMNTjJz.exe
  2⤵
  PID:8892
- C:\Windows\System\VSVfbWZ.exe
  C:\Windows\System\VSVfbWZ.exe
  2⤵
  PID:8868
- C:\Windows\System\WjgKaOX.exe
  C:\Windows\System\WjgKaOX.exe
  2⤵
  PID:8940
- C:\Windows\System\luCPhuL.exe
  C:\Windows\System\luCPhuL.exe
  2⤵
  PID:8960
- C:\Windows\System\dMbyxdA.exe
  C:\Windows\System\dMbyxdA.exe
  2⤵
  PID:9004
- C:\Windows\System\xlTZkQX.exe
  C:\Windows\System\xlTZkQX.exe
  2⤵
  PID:9000
- C:\Windows\System\SenMUac.exe
  C:\Windows\System\SenMUac.exe
  2⤵
  PID:9040
- C:\Windows\System\hnEkCFE.exe
  C:\Windows\System\hnEkCFE.exe
  2⤵
  PID:9056
- C:\Windows\System\mtcPhOL.exe
  C:\Windows\System\mtcPhOL.exe
  2⤵
  PID:9112
- C:\Windows\System\QIyiNvB.exe
  C:\Windows\System\QIyiNvB.exe
  2⤵
  PID:9144
- C:\Windows\System\WewEFfA.exe
  C:\Windows\System\WewEFfA.exe
  2⤵
  PID:9156
- C:\Windows\System\ZOJrNgc.exe
  C:\Windows\System\ZOJrNgc.exe
  2⤵
  PID:8044
- C:\Windows\System\BerRvVV.exe
  C:\Windows\System\BerRvVV.exe
  2⤵
  PID:8220
- C:\Windows\System\ZIDztcW.exe
  C:\Windows\System\ZIDztcW.exe
  2⤵
  PID:8284
- C:\Windows\System\HXEfnUw.exe
  C:\Windows\System\HXEfnUw.exe
  2⤵
  PID:8316
- C:\Windows\System\kppvHOv.exe
  C:\Windows\System\kppvHOv.exe
  2⤵
  PID:8380
- C:\Windows\System\wvgLPTy.exe
  C:\Windows\System\wvgLPTy.exe
  2⤵
  PID:8432
- C:\Windows\System\AhBngtM.exe
  C:\Windows\System\AhBngtM.exe
  2⤵
  PID:8496
- C:\Windows\System\wUyjZQv.exe
  C:\Windows\System\wUyjZQv.exe
  2⤵
  PID:8528
- C:\Windows\System\DoDvtGc.exe
  C:\Windows\System\DoDvtGc.exe
  2⤵
  PID:8564
- C:\Windows\System\glECaqC.exe
  C:\Windows\System\glECaqC.exe
  2⤵
  PID:8660
- C:\Windows\System\szMsLee.exe
  C:\Windows\System\szMsLee.exe
  2⤵
  PID:9188
- C:\Windows\System\PvwaXgJ.exe
  C:\Windows\System\PvwaXgJ.exe
  2⤵
  PID:8760
- C:\Windows\System\xQdcEYc.exe
  C:\Windows\System\xQdcEYc.exe
  2⤵
  PID:8320
- C:\Windows\System\tyXjEQa.exe
  C:\Windows\System\tyXjEQa.exe
  2⤵
  PID:8836
- C:\Windows\System\kCHyoQo.exe
  C:\Windows\System\kCHyoQo.exe
  2⤵
  PID:8904
- C:\Windows\System\BMBgIHr.exe
  C:\Windows\System\BMBgIHr.exe
  2⤵
  PID:8980
- C:\Windows\System\XRzhSzK.exe
  C:\Windows\System\XRzhSzK.exe
  2⤵
  PID:9020
- C:\Windows\System\EEFeJwG.exe
  C:\Windows\System\EEFeJwG.exe
  2⤵
  PID:9008
- C:\Windows\System\OGkCloF.exe
  C:\Windows\System\OGkCloF.exe
  2⤵
  PID:9076
- C:\Windows\System\vAyEvFB.exe
  C:\Windows\System\vAyEvFB.exe
  2⤵
  PID:9184
- C:\Windows\System\xSrGzGo.exe
  C:\Windows\System\xSrGzGo.exe
  2⤵
  PID:8908
- C:\Windows\System\aOXXfmT.exe
  C:\Windows\System\aOXXfmT.exe
  2⤵
  PID:7876
- C:\Windows\System\TKVYOrX.exe
  C:\Windows\System\TKVYOrX.exe
  2⤵
  PID:8384
- C:\Windows\System\JzVsTxn.exe
  C:\Windows\System\JzVsTxn.exe
  2⤵
  PID:8388
- C:\Windows\System\wRlmMwd.exe
  C:\Windows\System\wRlmMwd.exe
  2⤵
  PID:8652
- C:\Windows\System\EYHznEf.exe
  C:\Windows\System\EYHznEf.exe
  2⤵
  PID:8572
- C:\Windows\System\ZidUseT.exe
  C:\Windows\System\ZidUseT.exe
  2⤵
  PID:8676
- C:\Windows\System\ewSmHdm.exe
  C:\Windows\System\ewSmHdm.exe
  2⤵
  PID:8832
- C:\Windows\System\aVrOpXU.exe
  C:\Windows\System\aVrOpXU.exe
  2⤵
  PID:1532
- C:\Windows\System\PnurQRk.exe
  C:\Windows\System\PnurQRk.exe
  2⤵
  PID:8976
- C:\Windows\System\FrcIHEL.exe
  C:\Windows\System\FrcIHEL.exe
  2⤵
  PID:9032
- C:\Windows\System\ToOCmug.exe
  C:\Windows\System\ToOCmug.exe
  2⤵
  PID:9128
- C:\Windows\System\DHtZItp.exe
  C:\Windows\System\DHtZItp.exe
  2⤵
  PID:9200
- C:\Windows\System\ukLgxNS.exe
  C:\Windows\System\ukLgxNS.exe
  2⤵
  PID:8436
- C:\Windows\System\ZNFJsZy.exe
  C:\Windows\System\ZNFJsZy.exe
  2⤵
  PID:8532
- C:\Windows\System\bmlSTDH.exe
  C:\Windows\System\bmlSTDH.exe
  2⤵
  PID:8440
- C:\Windows\System\GQVWjMc.exe
  C:\Windows\System\GQVWjMc.exe
  2⤵
  PID:8740
- C:\Windows\System\wlnfoZg.exe
  C:\Windows\System\wlnfoZg.exe
  2⤵
  PID:8872
- C:\Windows\System\OjSMJGb.exe
  C:\Windows\System\OjSMJGb.exe
  2⤵
  PID:9068
- C:\Windows\System\AnewNEm.exe
  C:\Windows\System\AnewNEm.exe
  2⤵
  PID:8204
- C:\Windows\System\ShoPLvA.exe
  C:\Windows\System\ShoPLvA.exe
  2⤵
  PID:8224
- C:\Windows\System\LAttKlr.exe
  C:\Windows\System\LAttKlr.exe
  2⤵
  PID:8596
- C:\Windows\System\oNsDlak.exe
  C:\Windows\System\oNsDlak.exe
  2⤵
  PID:8796
- C:\Windows\System\qsWYXaz.exe
  C:\Windows\System\qsWYXaz.exe
  2⤵
  PID:9092
- C:\Windows\System\vGsHPsd.exe
  C:\Windows\System\vGsHPsd.exe
  2⤵
  PID:1476
- C:\Windows\System\MRSPzlo.exe
  C:\Windows\System\MRSPzlo.exe
  2⤵
  PID:8644
- C:\Windows\System\dVWStzA.exe
  C:\Windows\System\dVWStzA.exe
  2⤵
  PID:8260
- C:\Windows\System\YgxxaXJ.exe
  C:\Windows\System\YgxxaXJ.exe
  2⤵
  PID:8672
- C:\Windows\System\sRaVXcL.exe
  C:\Windows\System\sRaVXcL.exe
  2⤵
  PID:2272
- C:\Windows\System\mMjWmmF.exe
  C:\Windows\System\mMjWmmF.exe
  2⤵
  PID:8780
- C:\Windows\System\UHigAeV.exe
  C:\Windows\System\UHigAeV.exe
  2⤵
  PID:9236
- C:\Windows\System\jTgbJHZ.exe
  C:\Windows\System\jTgbJHZ.exe
  2⤵
  PID:9256
- C:\Windows\System\orDTyAq.exe
  C:\Windows\System\orDTyAq.exe
  2⤵
  PID:9272
- C:\Windows\System\DyPGErq.exe
  C:\Windows\System\DyPGErq.exe
  2⤵
  PID:9288
- C:\Windows\System\xZeYWDD.exe
  C:\Windows\System\xZeYWDD.exe
  2⤵
  PID:9308
- C:\Windows\System\mqldSKV.exe
  C:\Windows\System\mqldSKV.exe
  2⤵
  PID:9336
- C:\Windows\System\hOkAWCc.exe
  C:\Windows\System\hOkAWCc.exe
  2⤵
  PID:9352
- C:\Windows\System\aukzgQU.exe
  C:\Windows\System\aukzgQU.exe
  2⤵
  PID:9368
- C:\Windows\System\sEuTnnP.exe
  C:\Windows\System\sEuTnnP.exe
  2⤵
  PID:9388
- C:\Windows\System\ldcyBEi.exe
  C:\Windows\System\ldcyBEi.exe
  2⤵
  PID:9404
- C:\Windows\System\aoyGwal.exe
  C:\Windows\System\aoyGwal.exe
  2⤵
  PID:9428
- C:\Windows\System\EFxHnMS.exe
  C:\Windows\System\EFxHnMS.exe
  2⤵
  PID:9448
- C:\Windows\System\NhahijP.exe
  C:\Windows\System\NhahijP.exe
  2⤵
  PID:9464
- C:\Windows\System\axsIrvl.exe
  C:\Windows\System\axsIrvl.exe
  2⤵
  PID:9492
- C:\Windows\System\IwdePLn.exe
  C:\Windows\System\IwdePLn.exe
  2⤵
  PID:9508
- C:\Windows\System\paagYGL.exe
  C:\Windows\System\paagYGL.exe
  2⤵
  PID:9532
- C:\Windows\System\KuWCVUJ.exe
  C:\Windows\System\KuWCVUJ.exe
  2⤵
  PID:9556
- C:\Windows\System\bsgGnpV.exe
  C:\Windows\System\bsgGnpV.exe
  2⤵
  PID:9576
- C:\Windows\System\UFbPHbs.exe
  C:\Windows\System\UFbPHbs.exe
  2⤵
  PID:9596
- C:\Windows\System\qurboZf.exe
  C:\Windows\System\qurboZf.exe
  2⤵
  PID:9616
- C:\Windows\System\jvPnlbK.exe
  C:\Windows\System\jvPnlbK.exe
  2⤵
  PID:9636
- C:\Windows\System\XTKWUvi.exe
  C:\Windows\System\XTKWUvi.exe
  2⤵
  PID:9660
- C:\Windows\System\CqWLuPa.exe
  C:\Windows\System\CqWLuPa.exe
  2⤵
  PID:9676
- C:\Windows\System\fYIZwMi.exe
  C:\Windows\System\fYIZwMi.exe
  2⤵
  PID:9696
- C:\Windows\System\IRuVEXp.exe
  C:\Windows\System\IRuVEXp.exe
  2⤵
  PID:9716
- C:\Windows\System\CdzHYTw.exe
  C:\Windows\System\CdzHYTw.exe
  2⤵
  PID:9740
- C:\Windows\System\qvJFDys.exe
  C:\Windows\System\qvJFDys.exe
  2⤵
  PID:9756
- C:\Windows\System\tDtfxEK.exe
  C:\Windows\System\tDtfxEK.exe
  2⤵
  PID:9776
- C:\Windows\System\rgnfUUC.exe
  C:\Windows\System\rgnfUUC.exe
  2⤵
  PID:9792
- C:\Windows\System\greFRvO.exe
  C:\Windows\System\greFRvO.exe
  2⤵
  PID:9820
- C:\Windows\System\TWAtuov.exe
  C:\Windows\System\TWAtuov.exe
  2⤵
  PID:9836
- C:\Windows\System\FsDVYdb.exe
  C:\Windows\System\FsDVYdb.exe
  2⤵
  PID:9860
- C:\Windows\System\NStsaoa.exe
  C:\Windows\System\NStsaoa.exe
  2⤵
  PID:9880
- C:\Windows\System\MphYdpp.exe
  C:\Windows\System\MphYdpp.exe
  2⤵
  PID:9900
- C:\Windows\System\bxrNMFB.exe
  C:\Windows\System\bxrNMFB.exe
  2⤵
  PID:9916
- C:\Windows\System\lEIPeZw.exe
  C:\Windows\System\lEIPeZw.exe
  2⤵
  PID:9936
- C:\Windows\System\rgRpqVs.exe
  C:\Windows\System\rgRpqVs.exe
  2⤵
  PID:9960
- C:\Windows\System\VcnmAJT.exe
  C:\Windows\System\VcnmAJT.exe
  2⤵
  PID:9980
- C:\Windows\System\tYKcLMi.exe
  C:\Windows\System\tYKcLMi.exe
  2⤵
  PID:9996
- C:\Windows\System\rPhqZQh.exe
  C:\Windows\System\rPhqZQh.exe
  2⤵
  PID:10016
- C:\Windows\System\NKkTZLr.exe
  C:\Windows\System\NKkTZLr.exe
  2⤵
  PID:10032
- C:\Windows\System\bRfFvky.exe
  C:\Windows\System\bRfFvky.exe
  2⤵
  PID:10052
- C:\Windows\System\qcqHPsg.exe
  C:\Windows\System\qcqHPsg.exe
  2⤵
  PID:10080
- C:\Windows\System\YBBxmuy.exe
  C:\Windows\System\YBBxmuy.exe
  2⤵
  PID:10096
- C:\Windows\System\xFFoguT.exe
  C:\Windows\System\xFFoguT.exe
  2⤵
  PID:10112
- C:\Windows\System\nyCXGDz.exe
  C:\Windows\System\nyCXGDz.exe
  2⤵
  PID:10132
- C:\Windows\System\AypqWiK.exe
  C:\Windows\System\AypqWiK.exe
  2⤵
  PID:10152
- C:\Windows\System\CGpbbbw.exe
  C:\Windows\System\CGpbbbw.exe
  2⤵
  PID:10168
- C:\Windows\System\iquzIQI.exe
  C:\Windows\System\iquzIQI.exe
  2⤵
  PID:10184
- C:\Windows\System\ECQlIcI.exe
  C:\Windows\System\ECQlIcI.exe
  2⤵
  PID:10208
- C:\Windows\System\rsaGgCP.exe
  C:\Windows\System\rsaGgCP.exe
  2⤵
  PID:9248
- C:\Windows\System\LfCkPoW.exe
  C:\Windows\System\LfCkPoW.exe
  2⤵
  PID:9316
- C:\Windows\System\igyUEcS.exe
  C:\Windows\System\igyUEcS.exe
  2⤵
  PID:9264
- C:\Windows\System\eMYqgSr.exe
  C:\Windows\System\eMYqgSr.exe
  2⤵
  PID:9360
- C:\Windows\System\WjxrBJx.exe
  C:\Windows\System\WjxrBJx.exe
  2⤵
  PID:9400
- C:\Windows\System\csOKUOU.exe
  C:\Windows\System\csOKUOU.exe
  2⤵
  PID:9440
- C:\Windows\System\lIGdEIs.exe
  C:\Windows\System\lIGdEIs.exe
  2⤵
  PID:9488
- C:\Windows\System\zsdHwos.exe
  C:\Windows\System\zsdHwos.exe
  2⤵
  PID:9420
- C:\Windows\System\bzlGaho.exe
  C:\Windows\System\bzlGaho.exe
  2⤵
  PID:9520
- C:\Windows\System\DoymtRD.exe
  C:\Windows\System\DoymtRD.exe
  2⤵
  PID:9504
- C:\Windows\System\TgCEUtf.exe
  C:\Windows\System\TgCEUtf.exe
  2⤵
  PID:9552
- C:\Windows\System\tkJAyQN.exe
  C:\Windows\System\tkJAyQN.exe
  2⤵
  PID:9604
- C:\Windows\System\eTtRegW.exe
  C:\Windows\System\eTtRegW.exe
  2⤵
  PID:9632
- C:\Windows\System\ATXZyqS.exe
  C:\Windows\System\ATXZyqS.exe
  2⤵
  PID:9628
- C:\Windows\System\BmoABFR.exe
  C:\Windows\System\BmoABFR.exe
  2⤵
  PID:9688
- C:\Windows\System\gwlXYvB.exe
  C:\Windows\System\gwlXYvB.exe
  2⤵
  PID:9800
- C:\Windows\System\fHHeSYs.exe
  C:\Windows\System\fHHeSYs.exe
  2⤵
  PID:9812
- C:\Windows\System\IAkqxoH.exe
  C:\Windows\System\IAkqxoH.exe
  2⤵
  PID:9848
- C:\Windows\System\iOBFacw.exe
  C:\Windows\System\iOBFacw.exe
  2⤵
  PID:9876
- C:\Windows\System\FGVqDYZ.exe
  C:\Windows\System\FGVqDYZ.exe
  2⤵
  PID:9932
- C:\Windows\System\SwvJOLA.exe
  C:\Windows\System\SwvJOLA.exe
  2⤵
  PID:9956
- C:\Windows\System\fmvXSCr.exe
  C:\Windows\System\fmvXSCr.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EIrbuqU.exe

Filesize
6.0MB

MD5
a2c0830a85991a68bee5e9a8b6ed1f5f

SHA1
ed33606ccffcdff858cfd424b37a89c2cb84e08c

SHA256
af4f9cd7abc6cdd59f48e5c0f6781137f6862438c79092c6cd88dc9878a1da67

SHA512
68e623ff1ffbe3eed68ecf777a972a3f1468924ee15d327e89864317c2da79976e0be310fd5e557482474cba2b29f9cede853e2d08d28c8b262719af316b34aa

Download Submit
C:\Windows\system\EvbsuYE.exe

Filesize
6.0MB

MD5
198b16adbca68fe06001682ec733c153

SHA1
cca2aebf5315df3fa4fab246e772bfd2094c2c09

SHA256
423fb22e0c77e73af8f81d9b7d53ad1d5cbc07d73e68e7c61fcfb54205b44bcd

SHA512
5096241bbeec278e05f628b3dfb7cd0be178528694efe5abe561f1d29fa8a6eeac4b2e0649ff90ca93bc4974df0745ead16a935de0a0c47ffb7c406274a669ea

Download Submit
C:\Windows\system\FAbiXvP.exe

Filesize
6.0MB

MD5
0e71bd530306a97e3b419f6dd5526ee4

SHA1
4f91783c8a3f0369228ab89261e90112c1098e58

SHA256
195d63a11ec61b92b7e8a6103e05d2cfd508822d561220a8ce0f1205a265fc12

SHA512
d9aa1911cf035b158ee0f1b392dff0a318b87e4437ba3c8b1c156c2444aad058cc9858dd2f4498827fc4ebb8c07bc80ad82d7f80c58c89086ec358d86d29d7c7

Download Submit
C:\Windows\system\HMigSVi.exe

Filesize
6.0MB

MD5
7432a607c61923f3dceac83137f8c081

SHA1
4fea80be0032247598570de7911ef7c5f3c69d96

SHA256
ddc033336acf8aeec74cec7256d1d56a7288b9bf4cc2343ffb4c5ae42f4464b2

SHA512
4cdbcd7214b14a498e59c8dca9eb0d90d1e77c34e8ef28e9055ca10bf054ad14293e7fa1d99e6d74eb69afce0ef4b612a77a6926cf5f0e629dde1bfc3d0e18f5

Download Submit
C:\Windows\system\HYYMGqg.exe

Filesize
6.0MB

MD5
c0250c0fecf7a4597a671b4ec0f14097

SHA1
9a9096e3fc61771cdf40f2d6ea2f490cea7ff30e

SHA256
db20825ad285ac98921b7538466c4ab346a6641d6736d3dd60f2f5b05fa89415

SHA512
157eb5602bf89e696e9358a7beb306d88d89cbf1d7fdf011ecfea3c145f8d6a80a0c83bfe75782be190792e0b2d85c74cd7f8bafb062d35d46ee827c3d5caf99

Download Submit
C:\Windows\system\KVqkPCT.exe

Filesize
6.0MB

MD5
8ac1bce17817d1e9281fd275bae440ae

SHA1
f802ac91911a91797413015bde4954aa6a25100d

SHA256
3e6bf163db48e0537ae52214955dc6afea46c2c984d80f379d3db9c0d366bb64

SHA512
93b2e973f259d4f38ae909a4e65cdd28ce3c7c8100df62819587cb2d16bb13f3b5ad82cd86764bce631fe31b2715c484fc7c1ad7cded85ea25903030e9082995

Download Submit
C:\Windows\system\LEaVFaK.exe

Filesize
6.0MB

MD5
03a37f9a5e6610858161b882b36915ca

SHA1
8e35629da414f5482c92db8e78ec8fb56b8d9df2

SHA256
3eff424a56364d38c3aaa571e884949dd16fb3ce0de7f3a6916deab2c75c10dc

SHA512
ad6384cdd9ffdc26fda602a8316529edd8a8384200e0c4b4db92f96735b84b62d86d47e744cec5335e16a0d7122a7683a33de9f566f916928219229d4f4158f7

Download Submit
C:\Windows\system\NihGEPs.exe

Filesize
6.0MB

MD5
7ded731e3aebeeef65de9b9e6ce4c3ed

SHA1
b99f9545ac725390f657d5d6ebd3152fe572de8a

SHA256
204cbbee60d4388cd56aaba284ef2fe94c1a9fe333c1251322babe39627df42b

SHA512
29606baeece2fc1d0dadbcf4a94dd4a2e5f053b6e40222c271e605d33354077de835c70b9ed066477f417985f5d5eb0e58879d1ce2db78c365ca3eb5fdd4bd1a

Download Submit
C:\Windows\system\QcTVMYk.exe

Filesize
6.0MB

MD5
c36c476f64f88abb8204dc6f47a10c31

SHA1
ef30421f0fdb1339ab198c55cc096c1665af981a

SHA256
f92713fb5d47c32b00c4cfd17814c4f6101cab9946bf349751a8f7429a8fbfce

SHA512
04cea8538486f8c6c36072fea35611d8b90d6b306fa99797537f9cbf9840e2edf43d2f7832f2d3318c45cec9b8c69225e8f470887b8bea3092d10df5c925122d

Download Submit
C:\Windows\system\SaOPPfH.exe

Filesize
6.0MB

MD5
d14d5c29bdb574bcf3c87ec1cc595321

SHA1
1bd70702e50b7e1925f7f8d6be1a823de524a3c9

SHA256
3884422c5674d2c15116a286cf528a93127ac8d88108a95ad5c6ed0551b2fe53

SHA512
b3641612c4f9c4de41a4c5fe153cfdfd94b9d0e8010ed1a76d80eb9d7f0731879fef451aa031508b8e1302768b123c92862f08d3c6c896eb2fa63aa40b6800d8

Download Submit
C:\Windows\system\StbQdVm.exe

Filesize
6.0MB

MD5
6d5641333213db2a570701d81d790a0a

SHA1
c26960c19966b230f8f1f24d0884afde127036e2

SHA256
198c4cbb4802c08e5da9d221fefde9a86c28c39e986fe6c8f981cc34f8ad2efa

SHA512
8367f42663030afa47c7e59ed993f98db7af5f87741f539daee0a26ea64fb926f7f6da117210cf0e9879470a286763110ba698a3b5f10e0abebcc2bdc41548b2

Download Submit
C:\Windows\system\UFVhysj.exe

Filesize
6.0MB

MD5
797b38c64750310103924827195586df

SHA1
e776c8b51451d2467246b7100d629cc294fe9434

SHA256
9415858c2bd22bba6646702bf9b830dff2e0e90bcc48c1850ea8b25828087a80

SHA512
d90c5bc64fc11c41b42685b398871a2820c4e2d969741c5007a2ad72ba3d046eeae628724082123d1f5e47807f9f53c5aa01b5367e36f1933fba4e9581e4a667

Download Submit
C:\Windows\system\dtViObg.exe

Filesize
6.0MB

MD5
04b69363ba5cdf69252d56dde5f3d09a

SHA1
d4d8425d39ae614d026bac4a3a4521e148d3f86e

SHA256
c12ad84a078478a3e0d4ea585636c0c6901ec80c376d717a041f5edf14d53894

SHA512
658afe19c4f357f12d5242b0e487b06902d54c4fd994d1728564360619d42914d11f31014b619964fc83337861d0e8c9b865e52703bd0012a5e8353ceaacb9b4

Download Submit
C:\Windows\system\duLzuRM.exe

Filesize
6.0MB

MD5
3f2c40cf00c5cf7096ca47b07c790043

SHA1
483e8f951e1f7429874c78bf650ec92994359b53

SHA256
cd1dabc1a8ef4b234c8a5408d06021e672feda9d881e702ac47270c7897325f8

SHA512
4e43a93de96810517a500b7c89c4e31552d51dfc7eeeaeae8efab837723f27adc776b2945a80bab672523cf17b54f0e7c7289deb281eaa33eebac9e536172dbc

Download Submit
C:\Windows\system\ecearvN.exe

Filesize
6.0MB

MD5
9be44842bad7f6bb7b0b85c690b35a26

SHA1
6288ac271a971eac6d32b25a675396223ad4a96b

SHA256
b236706a11dfccb8560d52fd8881c37c15e363f7d7295d71701ba4f0e83fe020

SHA512
8b79f8432e7152135b696b6e329d6fbcbba90d2a1053f997cace80921f886afba90f18fc82764e7c3ac0026490354959fec4ffd0991a2a9bb6d4e4db9e57fd50

Download Submit
C:\Windows\system\etsBznF.exe

Filesize
6.0MB

MD5
0013a51d1ce6baddf1bd9011c30a8d66

SHA1
30460fdc9a0a47173643c5abcb015f8f5d594d6c

SHA256
ad2147b6d1473573637497e8bab441260b51b207d2fa2a2c4df83b0185d3ded2

SHA512
8d8e8f1cae6e56d0122b4cc5a9fc63a192eebd303ef9d3ed7cfb3827011bdef5db3a16d4d6e50986358861ae928bb3ff95edeafc05f59c697dd9a4f367acfa8b

Download Submit
C:\Windows\system\fVfbocc.exe

Filesize
6.0MB

MD5
9c1619df7fe0f58f6bce3fe46dd18d9d

SHA1
c2e9e056bc56dd724265883af57a3b3352783f90

SHA256
7dc464656604a89011c252dd753aed604d7943f848be952c49651f8e7ff35f09

SHA512
291cf0cc6e710228b59eb8e82154a20193d310fddcb87478e19758e8e7bc0dc445d2ee4fc7533360af88af78b10e762bd8e9fb1abaa9176f0d0c239129bf9a29

Download Submit
C:\Windows\system\fZkjOIZ.exe

Filesize
6.0MB

MD5
6103b26ad177c32a0a6654c3cc78f71c

SHA1
d808bc30c516a185adfccd14d248cf39cfa45390

SHA256
f1c1c8ff8cde0b8a9a62c96b647cbcc6a1a25b113b75d783b52a1ce834ecb45a

SHA512
b70f3e59a9d744a21557ad0f131a98d98ef05ba6404f94303b3e5e77a9c19ab765e0e1d498639d577cf356e250e44c92c196274f8ca5f1ac0abaf27ab92d27e8

Download Submit
C:\Windows\system\hUYDvyw.exe

Filesize
6.0MB

MD5
9b3efc156e437492c036369335a5115c

SHA1
4ac1434f56f9023fe3be2f9f6553bbaec7399102

SHA256
079a7e6fac5e3e3ca1e17ae0c2dc402fb6be90f4251bd8f39c0726791ae56020

SHA512
b639aa98bd49fcf606443647159a054fb1f51dfbfdc612abc1f19386426b1ffbef7e8bf3665fe81e59d8aa0535b1b4ff29b1afe49c5971f1dd6ed032c13f4f92

Download Submit
C:\Windows\system\iESKPIH.exe

Filesize
6.0MB

MD5
3a331fa706cba90a54f1e97c123d41d8

SHA1
b7d46fc682a62218676a550ef6b4829974264e86

SHA256
9de046d4eeec7a1971e71b5d2fd7a507484986b3cc1e30825c09c467f2e318a4

SHA512
229df6f54aac6c45258ed0d5620782f173085cd144abb03ba3014886eec4af7471d9839ebb35eed4814cd003c055487c91979aab543a32215884579ca22d989b

Download Submit
C:\Windows\system\imKTSKL.exe

Filesize
6.0MB

MD5
ff8678737f224030479781c5b3d4aec9

SHA1
d4f1f4b207e3e7e1762653d0cae0e78c29c9c0b3

SHA256
2f193a85e284cf1755ff59184a09f2f3ee7b540f430a229ea61bb6ab0d89209d

SHA512
7842ee529782254c3b7a07a27373a0d8be3f7aaed54fb7a963aa38757fbff3d6dbd7e1aaef896c3a0d9db652478b923dd56cae9e86f57a7e7ca6f17932d35fc0

Download Submit
C:\Windows\system\jPPDsdp.exe

Filesize
6.0MB

MD5
04c9b4f46e8a53ed82d183bcd31fc268

SHA1
95805055eba91746913cc0ec785351553d131215

SHA256
73fcc13208d3b6f61998e8fc5575c8e26551f3c3e5c0ac4702653badac9a4316

SHA512
f426fd4ff01d344103b70c80a97010318b728c624699c4632af84e9369ed191260a47fae3136ddb43a2a4e2c3c4aa4a42768e26d9576893c0d7639606dc27474

Download Submit
C:\Windows\system\kbOLwqu.exe

Filesize
6.0MB

MD5
9765d01e0cd9bcb7264097b69f387bf2

SHA1
6e6a80bc5577abcbe73f1ae6af557f93d69b0126

SHA256
d8cf8496b98cf66a807cce8b0537a497550190010a46beda0df18e700f2e2dc4

SHA512
5aef7ef35688c4c625b6b3c964536a3abb0bf33f87797d1690c77ed0b27806a43c677e7d311454513368435ef64809f5283dc7f3a0c28b655987f35ee7043850

Download Submit
C:\Windows\system\nlhUgUf.exe

Filesize
6.0MB

MD5
07316fd5a38aee8ae2d8ccd7ee391de5

SHA1
a4fa89028895088ce0ae91b759bfb70868ff8af9

SHA256
8bb2c3f9f882230ee709fd3d803115fe04ac43fb23370dbfae67e3ff09f671a2

SHA512
1ed50000efdaeda288b2b6d9209425464b2b87d695fcbf122e59f8c3e3cbfea9631ad240841aff1f980a412d1294633166c88c9d46a74bdb5cbb30acea400be3

Download Submit
C:\Windows\system\tfcDkel.exe

Filesize
6.0MB

MD5
8f93f8305d325cd043781f0e150a2971

SHA1
765f7579cc02224e2841b97b88b6c078be64dd22

SHA256
b016310a772a1aecc871bcf36321ea2968a7e81f682b767201a134e7ac6a372e

SHA512
3dbb2dcc00f19c537bddb6ade562259e512669bdf3777c25aa09734ac06060ea7378c84afc2057b5f6aa0498e89d58d974095a69830d281c64ccb6fc292c41c4

Download Submit
C:\Windows\system\uiQcKOP.exe

Filesize
6.0MB

MD5
d379eea5c88d57b955850aabcc68bfc2

SHA1
67d654d94138ea7b4292a899515d4d4a90ad748c

SHA256
7cda12efc5152f9ee097e1c4705c23abf15a8ca2e28d865231b99dee1e4dd628

SHA512
b5b3cd3d62d60cd372011abc0d87fd8b48e999ee439278d3d65fe7aaaa27577597c73cb4d51f5aeb4f4c3e51d4d9f93241abe1763fbcb7f97819d493cad86879

Download Submit
C:\Windows\system\wOdjgij.exe

Filesize
6.0MB

MD5
e868734d85cfe34c9572126376a56f49

SHA1
b54fb3f00f4ff33645e34fe2bcd467ae7c20832c

SHA256
4a239712e33c7c0d41b5f09efc02d119d86666e88cbeec6913744f766f3003c2

SHA512
3d24ab1ee59cd992b84dbc44d063827754eb1199099659e5d502980ed8c1a3b58e7dbabc80d36384cf644df0407b89f30039343614028cdc75d968065ae9307d

Download Submit
C:\Windows\system\xHIoPgB.exe

Filesize
6.0MB

MD5
d0484050277410d25187f2fa7da42ab4

SHA1
7d0edeeb95d9477675accaf21f48a69aca9374e9

SHA256
c91882cb1cc7b30a45cead07a0a543c34f1575af5b9e90dfcfa4934d86d54787

SHA512
2dcfdf2cfc9358642b57d5f0dfb18d77a74329526639f4e3db63837c4a5d10b7933cc42e0544b326b1f3137fc491eeac7bd3186574470483ea7d141d2f0ed0f5

Download Submit
\Windows\system\YYaWSgD.exe

Filesize
6.0MB

MD5
2cd85c9d48e9f2357f2a2c806cc1a1d3

SHA1
ffbe6cab7c781efd65f09f09356ce2dd37f81a6a

SHA256
720964eaf8cfe415004bcba4b12f9c47f37e719663f6946ae9835d198d523a07

SHA512
c73cd533fe97282d4ee50c6d007284895f8b94bf1647f7de03544422492776756cfb4af22dbb917e51072d48f27843f57125ee1fc60dec91aeb3013ae2970e52

Download Submit
\Windows\system\iwbxjqp.exe

Filesize
6.0MB

MD5
fcb7c4d64fd4845d1079f1a7aa4bc800

SHA1
f881f6f51fc63429e06d9bad56506577c9028615

SHA256
e6e051260e2081ac365f95217ee058ee9833ef97f64db7ee2fa56653b5acc9fc

SHA512
b13a737abee0441dca2d17db002c1d98b730399b9ac0c8857b18a2088a48c893f1692750e2e50a2124a27c26dd17ab4f653a96e8f27e214a28d34a8a36f6f016

Download Submit
\Windows\system\nKxLUcY.exe

Filesize
6.0MB

MD5
f190c95d2d1ac578816c1ff23b221fba

SHA1
e10d2ceadaecf5cc3c35323a816693d178716ec3

SHA256
5b2f20c2df746a979cf535d1486d0c31e537c64d73ad7a71b395f43d19d88a5f

SHA512
6dc1ee5ee515f517cc919f79f3a01704f88fdd38e908d6c2b9a8491cb9c32e2288299a49175b0add2faec0a9b96b8c355f9f6db82d1f0529bc80dd0e57c08ad9

Download Submit
\Windows\system\uZPCBjK.exe

Filesize
6.0MB

MD5
4fc4a8882c9c910ab74c95374b7ccfff

SHA1
55cd4ee4c61bf9c1bf0a285aa794d11d0b6b7e69

SHA256
b8fefb8b176f0516e62a4449dddc9ea45d1cb8088b226e784be3287bde362685

SHA512
9f97e6008bef53c42caeda57cd01de1fee366f4d117aa5f96763cf32ea85caa287048c92ef342748074171c478e8e4c5a924a226cf42ad0964c3998b1695715b

Download Submit
memory/1580-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1580-95-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1580-368-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1580-20-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-268-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1580-113-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1580-360-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1580-31-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-35-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-190-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-48-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-15-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-62-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-85-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-6-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-70-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-55-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-0-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-43-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-39-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-24-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-112-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-86-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-94-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-104-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1580-103-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-40-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1748-11-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1748-1545-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1988-90-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1526-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1988-237-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1525-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2392-108-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2392-367-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2560-67-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1544-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-107-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1530-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2608-99-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2608-59-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2616-44-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1531-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1550-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-89-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-52-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-73-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1549-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-36-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-28-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1534-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-66-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1524-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-22-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1539-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-100-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2844-316-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1540-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2932-82-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1542-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-155-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-133-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1527-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3064-74-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download