cobaltstrike | fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
Size

6.0MB
MD5

069ada457d2aef414fa03bee35dc943d
SHA1

722ef3367882a8f22832c227ed907fae398348b3
SHA256

fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8
SHA512

9a53dfd8096a708b192e10360f7f6310f132013bed887cd352c98dd511031f846e4e607deb9711c1a4e409223fd1a808905448639241ec48ff8d78345a67577b
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUw:eOl56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d76-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d87-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d9a-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015da7-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015db1-28.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e18-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-129.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d36-141.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-132.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-121.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-92.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-104.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-52.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d25-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfc-44.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd1-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c84-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral1/memory/2912-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000015d76-11.dat	xmrig
behavioral1/files/0x0008000000015d87-12.dat	xmrig
behavioral1/memory/2912-17-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d9a-21.dat	xmrig
behavioral1/files/0x0007000000015da7-25.dat	xmrig
behavioral1/files/0x0007000000015db1-28.dat	xmrig
behavioral1/files/0x0009000000015e18-33.dat	xmrig
behavioral1/files/0x00060000000173f1-100.dat	xmrig
behavioral1/files/0x00060000000173fc-129.dat	xmrig
behavioral1/files/0x0009000000015d36-141.dat	xmrig
behavioral1/files/0x0014000000018663-140.dat	xmrig
behavioral1/files/0x0006000000017525-134.dat	xmrig
behavioral1/files/0x0006000000017487-132.dat	xmrig
behavioral1/files/0x00060000000174a2-127.dat	xmrig
behavioral1/files/0x0006000000017472-121.dat	xmrig
behavioral1/files/0x000600000001706d-92.dat	xmrig
behavioral1/files/0x00060000000173f4-104.dat	xmrig
behavioral1/files/0x00060000000173da-96.dat	xmrig
behavioral1/files/0x0006000000016eca-88.dat	xmrig
behavioral1/files/0x0006000000016ea4-84.dat	xmrig
behavioral1/files/0x0006000000016dd7-80.dat	xmrig
behavioral1/files/0x0006000000016dd1-76.dat	xmrig
behavioral1/files/0x0006000000016dbe-72.dat	xmrig
behavioral1/files/0x0006000000016d9a-68.dat	xmrig
behavioral1/files/0x0006000000016d96-64.dat	xmrig
behavioral1/files/0x0006000000016d46-60.dat	xmrig
behavioral1/files/0x0006000000016d3e-56.dat	xmrig
behavioral1/files/0x0006000000016d36-52.dat	xmrig
behavioral1/files/0x0006000000016d25-48.dat	xmrig
behavioral1/files/0x0006000000016cfc-44.dat	xmrig
behavioral1/files/0x0006000000016cd1-40.dat	xmrig
behavioral1/files/0x0008000000016c84-36.dat	xmrig
behavioral1/memory/2840-2575-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1932-3832-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/1992-3831-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1236-3834-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2312-3847-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2268-3861-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2840-3862-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2560-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2284-3884-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2192-4151-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2912-4156-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2192-4157-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2560	bTAdBed.exe
2840	PKDQWDs.exe
1236	YhwEAtg.exe
2284	GNHngWz.exe
2312	WBMNEUJ.exe
1932	YVjiijZ.exe
2192	uxrSuqD.exe
2004	HiwPQut.exe
1992	bVZQUqa.exe
2256	cKgwlMZ.exe
2268	PHvNFLq.exe
2064	KpOytNj.exe
2588	NJpNvXO.exe
2680	odifWLK.exe
2756	ICYChRH.exe
2608	LCHXspz.exe
2708	XJAhyQn.exe
2848	BIawAYb.exe
2512	RMplYyl.exe
3016	vtrMeim.exe
2652	dwbQMNC.exe
2380	oFgzknC.exe
2496	HbYbTIC.exe
2600	ihEVURO.exe
2536	DJBcbcp.exe
1704	jZZgxUr.exe
796	bRliQmQ.exe
1536	ssSnwkl.exe
2240	yrFAiQy.exe
1608	pbmrYgF.exe
264	aQKYoxv.exe
1276	GwUnoEz.exe
576	BEBDfRZ.exe
980	epaXuCZ.exe
776	VybjSAD.exe
2540	RktqeMh.exe
2692	VljSloM.exe
2780	FAceJZP.exe
2928	zatpnin.exe
2924	DkglVEe.exe
2568	yjRzOLs.exe
2980	rEiazQE.exe
1636	ZeYPyCy.exe
444	fAGSABP.exe
1968	XOPSluF.exe
2140	xnCeJqb.exe
1856	PDGFzKo.exe
1364	NCuxNgg.exe
1924	GJAHRrD.exe
544	gEVngiR.exe
908	QIFhHOf.exe
1528	xRlElXx.exe
1864	MLaTVua.exe
2040	HXBbsKo.exe
1140	aGgwkwe.exe
892	zVwLpuL.exe
1628	yjhEIvn.exe
1380	WkuGZFD.exe
1028	VOcXcXC.exe
2204	DSOZsJY.exe
2308	ysnGaJf.exe
2324	VHZEIaS.exe
1732	TMyOkYA.exe
2460	kXXLoUt.exe

Loads dropped DLL 64 IoCs

pid	Process
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2912-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000015d76-11.dat	upx
behavioral1/files/0x0008000000015d87-12.dat	upx
behavioral1/files/0x0007000000015d9a-21.dat	upx
behavioral1/files/0x0007000000015da7-25.dat	upx
behavioral1/files/0x0007000000015db1-28.dat	upx
behavioral1/files/0x0009000000015e18-33.dat	upx
behavioral1/files/0x00060000000173f1-100.dat	upx
behavioral1/files/0x00060000000173fc-129.dat	upx
behavioral1/files/0x0009000000015d36-141.dat	upx
behavioral1/files/0x0014000000018663-140.dat	upx
behavioral1/files/0x0006000000017525-134.dat	upx
behavioral1/files/0x0006000000017487-132.dat	upx
behavioral1/files/0x00060000000174a2-127.dat	upx
behavioral1/files/0x0006000000017472-121.dat	upx
behavioral1/files/0x000600000001706d-92.dat	upx
behavioral1/files/0x00060000000173f4-104.dat	upx
behavioral1/files/0x00060000000173da-96.dat	upx
behavioral1/files/0x0006000000016eca-88.dat	upx
behavioral1/files/0x0006000000016ea4-84.dat	upx
behavioral1/files/0x0006000000016dd7-80.dat	upx
behavioral1/files/0x0006000000016dd1-76.dat	upx
behavioral1/files/0x0006000000016dbe-72.dat	upx
behavioral1/files/0x0006000000016d9a-68.dat	upx
behavioral1/files/0x0006000000016d96-64.dat	upx
behavioral1/files/0x0006000000016d46-60.dat	upx
behavioral1/files/0x0006000000016d3e-56.dat	upx
behavioral1/files/0x0006000000016d36-52.dat	upx
behavioral1/files/0x0006000000016d25-48.dat	upx
behavioral1/files/0x0006000000016cfc-44.dat	upx
behavioral1/files/0x0006000000016cd1-40.dat	upx
behavioral1/files/0x0008000000016c84-36.dat	upx
behavioral1/memory/2840-2575-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1932-3832-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/1992-3831-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1236-3834-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2268-3861-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2840-3862-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2560-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2284-3884-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2192-4151-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2912-4156-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2192-4157-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zkTkyQg.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\GSPQBQJ.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\QoSPgjK.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\mmMkbrI.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\HPFwGKN.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\KtmVGGs.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\tAOlCBx.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\aCfJoXs.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ogmtAOF.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\TFiITKC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\zSUooQd.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\Birrzsw.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\oEFNxHo.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\Hnmwsug.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\AfSVtmL.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\nTtORPj.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\wjvacmH.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\AekoRdV.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ZRgYIXG.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\CbWQaxA.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\BHthclo.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\GMkNlAc.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\qyXPsvu.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ExmZmlx.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\vfnFZfE.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\DBkHJNH.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\OdIgMra.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\RLBLZla.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\lHOKqOD.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\PmJExbf.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\kXpSqaC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\XJGmZRN.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\juAHuxC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\gfnHOuI.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\aTWrpsh.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\CtcgNpo.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\JqexNQj.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ljtaeTt.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ptehdId.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\pGeGvkT.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\rmDwfeT.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\fsZHHxC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\HldOAAo.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\DjJVPsI.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\rLLMyNy.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\HYNFlVT.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\HoMFjRx.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\dsKuCIy.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\sgfaESf.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\yXHLLUn.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\lYlncgv.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\RFWqluT.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\xnCeJqb.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\iWehHEp.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\AVtAmMl.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\ifivuun.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\soScqil.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\fdBcAKr.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\EiUuqPN.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\AOYUCkA.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\dwbQMNC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\oFgzknC.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\DKGegQL.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
File created	C:\Windows\System\gsCLJxe.exe	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2560	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	29
PID 2912 wrote to memory of 2560	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	29
PID 2912 wrote to memory of 2560	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	29
PID 2912 wrote to memory of 2840	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	30
PID 2912 wrote to memory of 2840	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	30
PID 2912 wrote to memory of 2840	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	30
PID 2912 wrote to memory of 1236	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	31
PID 2912 wrote to memory of 1236	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	31
PID 2912 wrote to memory of 1236	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	31
PID 2912 wrote to memory of 2284	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	32
PID 2912 wrote to memory of 2284	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	32
PID 2912 wrote to memory of 2284	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	32
PID 2912 wrote to memory of 2312	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	33
PID 2912 wrote to memory of 2312	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	33
PID 2912 wrote to memory of 2312	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	33
PID 2912 wrote to memory of 1932	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	34
PID 2912 wrote to memory of 1932	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	34
PID 2912 wrote to memory of 1932	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	34
PID 2912 wrote to memory of 2192	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	35
PID 2912 wrote to memory of 2192	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	35
PID 2912 wrote to memory of 2192	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	35
PID 2912 wrote to memory of 2004	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	36
PID 2912 wrote to memory of 2004	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	36
PID 2912 wrote to memory of 2004	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	36
PID 2912 wrote to memory of 1992	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	37
PID 2912 wrote to memory of 1992	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	37
PID 2912 wrote to memory of 1992	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	37
PID 2912 wrote to memory of 2256	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	38
PID 2912 wrote to memory of 2256	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	38
PID 2912 wrote to memory of 2256	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	38
PID 2912 wrote to memory of 2268	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	39
PID 2912 wrote to memory of 2268	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	39
PID 2912 wrote to memory of 2268	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	39
PID 2912 wrote to memory of 2064	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	40
PID 2912 wrote to memory of 2064	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	40
PID 2912 wrote to memory of 2064	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	40
PID 2912 wrote to memory of 2588	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	41
PID 2912 wrote to memory of 2588	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	41
PID 2912 wrote to memory of 2588	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	41
PID 2912 wrote to memory of 2680	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	42
PID 2912 wrote to memory of 2680	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	42
PID 2912 wrote to memory of 2680	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	42
PID 2912 wrote to memory of 2756	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	43
PID 2912 wrote to memory of 2756	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	43
PID 2912 wrote to memory of 2756	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	43
PID 2912 wrote to memory of 2608	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	44
PID 2912 wrote to memory of 2608	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	44
PID 2912 wrote to memory of 2608	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	44
PID 2912 wrote to memory of 2708	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	45
PID 2912 wrote to memory of 2708	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	45
PID 2912 wrote to memory of 2708	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	45
PID 2912 wrote to memory of 2848	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	46
PID 2912 wrote to memory of 2848	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	46
PID 2912 wrote to memory of 2848	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	46
PID 2912 wrote to memory of 2512	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	47
PID 2912 wrote to memory of 2512	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	47
PID 2912 wrote to memory of 2512	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	47
PID 2912 wrote to memory of 3016	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	48
PID 2912 wrote to memory of 3016	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	48
PID 2912 wrote to memory of 3016	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	48
PID 2912 wrote to memory of 2652	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	49
PID 2912 wrote to memory of 2652	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	49
PID 2912 wrote to memory of 2652	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	49
PID 2912 wrote to memory of 2380	2912	JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fb4a2899fe746659297b684293d658d1c14548da9db842fec7223b2600371ed8.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\System\bTAdBed.exe
  C:\Windows\System\bTAdBed.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PKDQWDs.exe
  C:\Windows\System\PKDQWDs.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YhwEAtg.exe
  C:\Windows\System\YhwEAtg.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\GNHngWz.exe
  C:\Windows\System\GNHngWz.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\WBMNEUJ.exe
  C:\Windows\System\WBMNEUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\YVjiijZ.exe
  C:\Windows\System\YVjiijZ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\uxrSuqD.exe
  C:\Windows\System\uxrSuqD.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\HiwPQut.exe
  C:\Windows\System\HiwPQut.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\bVZQUqa.exe
  C:\Windows\System\bVZQUqa.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cKgwlMZ.exe
  C:\Windows\System\cKgwlMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\PHvNFLq.exe
  C:\Windows\System\PHvNFLq.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\KpOytNj.exe
  C:\Windows\System\KpOytNj.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\NJpNvXO.exe
  C:\Windows\System\NJpNvXO.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\odifWLK.exe
  C:\Windows\System\odifWLK.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ICYChRH.exe
  C:\Windows\System\ICYChRH.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\LCHXspz.exe
  C:\Windows\System\LCHXspz.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\XJAhyQn.exe
  C:\Windows\System\XJAhyQn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\BIawAYb.exe
  C:\Windows\System\BIawAYb.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\RMplYyl.exe
  C:\Windows\System\RMplYyl.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\vtrMeim.exe
  C:\Windows\System\vtrMeim.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\dwbQMNC.exe
  C:\Windows\System\dwbQMNC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\oFgzknC.exe
  C:\Windows\System\oFgzknC.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\HbYbTIC.exe
  C:\Windows\System\HbYbTIC.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ihEVURO.exe
  C:\Windows\System\ihEVURO.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\DJBcbcp.exe
  C:\Windows\System\DJBcbcp.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ssSnwkl.exe
  C:\Windows\System\ssSnwkl.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\jZZgxUr.exe
  C:\Windows\System\jZZgxUr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\yrFAiQy.exe
  C:\Windows\System\yrFAiQy.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\bRliQmQ.exe
  C:\Windows\System\bRliQmQ.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\pbmrYgF.exe
  C:\Windows\System\pbmrYgF.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\aQKYoxv.exe
  C:\Windows\System\aQKYoxv.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\GwUnoEz.exe
  C:\Windows\System\GwUnoEz.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\BEBDfRZ.exe
  C:\Windows\System\BEBDfRZ.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\epaXuCZ.exe
  C:\Windows\System\epaXuCZ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\VybjSAD.exe
  C:\Windows\System\VybjSAD.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\RktqeMh.exe
  C:\Windows\System\RktqeMh.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\VljSloM.exe
  C:\Windows\System\VljSloM.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FAceJZP.exe
  C:\Windows\System\FAceJZP.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\zatpnin.exe
  C:\Windows\System\zatpnin.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\DkglVEe.exe
  C:\Windows\System\DkglVEe.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yjRzOLs.exe
  C:\Windows\System\yjRzOLs.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\rEiazQE.exe
  C:\Windows\System\rEiazQE.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\ZeYPyCy.exe
  C:\Windows\System\ZeYPyCy.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\fAGSABP.exe
  C:\Windows\System\fAGSABP.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\XOPSluF.exe
  C:\Windows\System\XOPSluF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\xnCeJqb.exe
  C:\Windows\System\xnCeJqb.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\PDGFzKo.exe
  C:\Windows\System\PDGFzKo.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\NCuxNgg.exe
  C:\Windows\System\NCuxNgg.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\GJAHRrD.exe
  C:\Windows\System\GJAHRrD.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\gEVngiR.exe
  C:\Windows\System\gEVngiR.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\QIFhHOf.exe
  C:\Windows\System\QIFhHOf.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\xRlElXx.exe
  C:\Windows\System\xRlElXx.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\MLaTVua.exe
  C:\Windows\System\MLaTVua.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\HXBbsKo.exe
  C:\Windows\System\HXBbsKo.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\aGgwkwe.exe
  C:\Windows\System\aGgwkwe.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\zVwLpuL.exe
  C:\Windows\System\zVwLpuL.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\yjhEIvn.exe
  C:\Windows\System\yjhEIvn.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\WkuGZFD.exe
  C:\Windows\System\WkuGZFD.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\VOcXcXC.exe
  C:\Windows\System\VOcXcXC.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\DSOZsJY.exe
  C:\Windows\System\DSOZsJY.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ysnGaJf.exe
  C:\Windows\System\ysnGaJf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\VHZEIaS.exe
  C:\Windows\System\VHZEIaS.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\TMyOkYA.exe
  C:\Windows\System\TMyOkYA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\kXXLoUt.exe
  C:\Windows\System\kXXLoUt.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IzYSzqS.exe
  C:\Windows\System\IzYSzqS.exe
  2⤵
  PID:1488
- C:\Windows\System\bkSjPoF.exe
  C:\Windows\System\bkSjPoF.exe
  2⤵
  PID:2376
- C:\Windows\System\tsLLlza.exe
  C:\Windows\System\tsLLlza.exe
  2⤵
  PID:1736
- C:\Windows\System\wjnCffk.exe
  C:\Windows\System\wjnCffk.exe
  2⤵
  PID:1500
- C:\Windows\System\JvCfSfG.exe
  C:\Windows\System\JvCfSfG.exe
  2⤵
  PID:2456
- C:\Windows\System\zuxqjSz.exe
  C:\Windows\System\zuxqjSz.exe
  2⤵
  PID:1876
- C:\Windows\System\etokBdf.exe
  C:\Windows\System\etokBdf.exe
  2⤵
  PID:2916
- C:\Windows\System\DjzyNUY.exe
  C:\Windows\System\DjzyNUY.exe
  2⤵
  PID:3032
- C:\Windows\System\KOnMHRh.exe
  C:\Windows\System\KOnMHRh.exe
  2⤵
  PID:1592
- C:\Windows\System\eyiznmr.exe
  C:\Windows\System\eyiznmr.exe
  2⤵
  PID:2764
- C:\Windows\System\dfoBTXo.exe
  C:\Windows\System\dfoBTXo.exe
  2⤵
  PID:2196
- C:\Windows\System\WmXSZHr.exe
  C:\Windows\System\WmXSZHr.exe
  2⤵
  PID:2180
- C:\Windows\System\UfzrNfm.exe
  C:\Windows\System\UfzrNfm.exe
  2⤵
  PID:2400
- C:\Windows\System\MWpFURa.exe
  C:\Windows\System\MWpFURa.exe
  2⤵
  PID:1292
- C:\Windows\System\ERIqrpk.exe
  C:\Windows\System\ERIqrpk.exe
  2⤵
  PID:2128
- C:\Windows\System\rqvhMkn.exe
  C:\Windows\System\rqvhMkn.exe
  2⤵
  PID:2628
- C:\Windows\System\RxFTgYO.exe
  C:\Windows\System\RxFTgYO.exe
  2⤵
  PID:2632
- C:\Windows\System\omnRAed.exe
  C:\Windows\System\omnRAed.exe
  2⤵
  PID:2484
- C:\Windows\System\oSsDBQK.exe
  C:\Windows\System\oSsDBQK.exe
  2⤵
  PID:2800
- C:\Windows\System\gqgieRP.exe
  C:\Windows\System\gqgieRP.exe
  2⤵
  PID:2592
- C:\Windows\System\nKCnsnL.exe
  C:\Windows\System\nKCnsnL.exe
  2⤵
  PID:280
- C:\Windows\System\kzuYwnF.exe
  C:\Windows\System\kzuYwnF.exe
  2⤵
  PID:2472
- C:\Windows\System\xoIPCMU.exe
  C:\Windows\System\xoIPCMU.exe
  2⤵
  PID:2944
- C:\Windows\System\CXyuvsl.exe
  C:\Windows\System\CXyuvsl.exe
  2⤵
  PID:1056
- C:\Windows\System\VvvvcZc.exe
  C:\Windows\System\VvvvcZc.exe
  2⤵
  PID:1668
- C:\Windows\System\qGfZuJU.exe
  C:\Windows\System\qGfZuJU.exe
  2⤵
  PID:1844
- C:\Windows\System\SXRTOPP.exe
  C:\Windows\System\SXRTOPP.exe
  2⤵
  PID:1356
- C:\Windows\System\lJenPPV.exe
  C:\Windows\System\lJenPPV.exe
  2⤵
  PID:1312
- C:\Windows\System\CctyEXo.exe
  C:\Windows\System\CctyEXo.exe
  2⤵
  PID:924
- C:\Windows\System\MmdEaPk.exe
  C:\Windows\System\MmdEaPk.exe
  2⤵
  PID:1076
- C:\Windows\System\zXBseii.exe
  C:\Windows\System\zXBseii.exe
  2⤵
  PID:2792
- C:\Windows\System\HAhbxTW.exe
  C:\Windows\System\HAhbxTW.exe
  2⤵
  PID:2920
- C:\Windows\System\iWehHEp.exe
  C:\Windows\System\iWehHEp.exe
  2⤵
  PID:2716
- C:\Windows\System\oGUYGjt.exe
  C:\Windows\System\oGUYGjt.exe
  2⤵
  PID:1492
- C:\Windows\System\YhEfaCh.exe
  C:\Windows\System\YhEfaCh.exe
  2⤵
  PID:3004
- C:\Windows\System\cVmSXtQ.exe
  C:\Windows\System\cVmSXtQ.exe
  2⤵
  PID:3000
- C:\Windows\System\jkZkooj.exe
  C:\Windows\System\jkZkooj.exe
  2⤵
  PID:900
- C:\Windows\System\koXuLfr.exe
  C:\Windows\System\koXuLfr.exe
  2⤵
  PID:988
- C:\Windows\System\dSoeFyn.exe
  C:\Windows\System\dSoeFyn.exe
  2⤵
  PID:1868
- C:\Windows\System\QFRehSn.exe
  C:\Windows\System\QFRehSn.exe
  2⤵
  PID:684
- C:\Windows\System\EAaCNYo.exe
  C:\Windows\System\EAaCNYo.exe
  2⤵
  PID:1960
- C:\Windows\System\YVcBSEa.exe
  C:\Windows\System\YVcBSEa.exe
  2⤵
  PID:692
- C:\Windows\System\LbNqIpZ.exe
  C:\Windows\System\LbNqIpZ.exe
  2⤵
  PID:2656
- C:\Windows\System\dhulYzi.exe
  C:\Windows\System\dhulYzi.exe
  2⤵
  PID:1656
- C:\Windows\System\fTweyno.exe
  C:\Windows\System\fTweyno.exe
  2⤵
  PID:2832
- C:\Windows\System\fhzPesC.exe
  C:\Windows\System\fhzPesC.exe
  2⤵
  PID:2436
- C:\Windows\System\LcXBXBD.exe
  C:\Windows\System\LcXBXBD.exe
  2⤵
  PID:1720
- C:\Windows\System\wfqURVG.exe
  C:\Windows\System\wfqURVG.exe
  2⤵
  PID:1880
- C:\Windows\System\JbNSwvw.exe
  C:\Windows\System\JbNSwvw.exe
  2⤵
  PID:2564
- C:\Windows\System\pmoqbkS.exe
  C:\Windows\System\pmoqbkS.exe
  2⤵
  PID:2108
- C:\Windows\System\MOOprTb.exe
  C:\Windows\System\MOOprTb.exe
  2⤵
  PID:1952
- C:\Windows\System\TcEDAGQ.exe
  C:\Windows\System\TcEDAGQ.exe
  2⤵
  PID:752
- C:\Windows\System\lOkttKo.exe
  C:\Windows\System\lOkttKo.exe
  2⤵
  PID:2736
- C:\Windows\System\rLLMyNy.exe
  C:\Windows\System\rLLMyNy.exe
  2⤵
  PID:2660
- C:\Windows\System\aTEXTmB.exe
  C:\Windows\System\aTEXTmB.exe
  2⤵
  PID:1672
- C:\Windows\System\MycOPdF.exe
  C:\Windows\System\MycOPdF.exe
  2⤵
  PID:2492
- C:\Windows\System\vBjpdlq.exe
  C:\Windows\System\vBjpdlq.exe
  2⤵
  PID:1948
- C:\Windows\System\QbrILrf.exe
  C:\Windows\System\QbrILrf.exe
  2⤵
  PID:1740
- C:\Windows\System\DpoJWxH.exe
  C:\Windows\System\DpoJWxH.exe
  2⤵
  PID:972
- C:\Windows\System\MIiaNVT.exe
  C:\Windows\System\MIiaNVT.exe
  2⤵
  PID:2344
- C:\Windows\System\WxWMZbP.exe
  C:\Windows\System\WxWMZbP.exe
  2⤵
  PID:744
- C:\Windows\System\SyDfCup.exe
  C:\Windows\System\SyDfCup.exe
  2⤵
  PID:2740
- C:\Windows\System\YdTcnbI.exe
  C:\Windows\System\YdTcnbI.exe
  2⤵
  PID:1600
- C:\Windows\System\FcLzmBm.exe
  C:\Windows\System\FcLzmBm.exe
  2⤵
  PID:2880
- C:\Windows\System\mcjQtpg.exe
  C:\Windows\System\mcjQtpg.exe
  2⤵
  PID:864
- C:\Windows\System\XUWmylB.exe
  C:\Windows\System\XUWmylB.exe
  2⤵
  PID:2812
- C:\Windows\System\BeCVExv.exe
  C:\Windows\System\BeCVExv.exe
  2⤵
  PID:2348
- C:\Windows\System\snEmJmC.exe
  C:\Windows\System\snEmJmC.exe
  2⤵
  PID:1696
- C:\Windows\System\nEPkOVG.exe
  C:\Windows\System\nEPkOVG.exe
  2⤵
  PID:2232
- C:\Windows\System\CtRfawM.exe
  C:\Windows\System\CtRfawM.exe
  2⤵
  PID:3088
- C:\Windows\System\eumDneL.exe
  C:\Windows\System\eumDneL.exe
  2⤵
  PID:3104
- C:\Windows\System\ybDBkWI.exe
  C:\Windows\System\ybDBkWI.exe
  2⤵
  PID:3120
- C:\Windows\System\yDUuSHN.exe
  C:\Windows\System\yDUuSHN.exe
  2⤵
  PID:3136
- C:\Windows\System\bhJJjEK.exe
  C:\Windows\System\bhJJjEK.exe
  2⤵
  PID:3152
- C:\Windows\System\LCSYqNB.exe
  C:\Windows\System\LCSYqNB.exe
  2⤵
  PID:3168
- C:\Windows\System\oHKjxTq.exe
  C:\Windows\System\oHKjxTq.exe
  2⤵
  PID:3184
- C:\Windows\System\KjKRYjJ.exe
  C:\Windows\System\KjKRYjJ.exe
  2⤵
  PID:3200
- C:\Windows\System\JRdBghB.exe
  C:\Windows\System\JRdBghB.exe
  2⤵
  PID:3216
- C:\Windows\System\thWfEbI.exe
  C:\Windows\System\thWfEbI.exe
  2⤵
  PID:3232
- C:\Windows\System\BRLUdfd.exe
  C:\Windows\System\BRLUdfd.exe
  2⤵
  PID:3248
- C:\Windows\System\QubjlLd.exe
  C:\Windows\System\QubjlLd.exe
  2⤵
  PID:3264
- C:\Windows\System\PrpGxtl.exe
  C:\Windows\System\PrpGxtl.exe
  2⤵
  PID:3280
- C:\Windows\System\efjJYNV.exe
  C:\Windows\System\efjJYNV.exe
  2⤵
  PID:3296
- C:\Windows\System\HnfmyHY.exe
  C:\Windows\System\HnfmyHY.exe
  2⤵
  PID:3312
- C:\Windows\System\jPxCxqm.exe
  C:\Windows\System\jPxCxqm.exe
  2⤵
  PID:3328
- C:\Windows\System\ZNuXQVl.exe
  C:\Windows\System\ZNuXQVl.exe
  2⤵
  PID:3344
- C:\Windows\System\wCTtgHD.exe
  C:\Windows\System\wCTtgHD.exe
  2⤵
  PID:3360
- C:\Windows\System\hcbXwru.exe
  C:\Windows\System\hcbXwru.exe
  2⤵
  PID:3376
- C:\Windows\System\IlgnrcH.exe
  C:\Windows\System\IlgnrcH.exe
  2⤵
  PID:3392
- C:\Windows\System\oPIzJNp.exe
  C:\Windows\System\oPIzJNp.exe
  2⤵
  PID:3408
- C:\Windows\System\QDxVMjs.exe
  C:\Windows\System\QDxVMjs.exe
  2⤵
  PID:3424
- C:\Windows\System\MAlyXdL.exe
  C:\Windows\System\MAlyXdL.exe
  2⤵
  PID:3440
- C:\Windows\System\gpeFahj.exe
  C:\Windows\System\gpeFahj.exe
  2⤵
  PID:3456
- C:\Windows\System\PVeiXUS.exe
  C:\Windows\System\PVeiXUS.exe
  2⤵
  PID:3472
- C:\Windows\System\CiqvvdQ.exe
  C:\Windows\System\CiqvvdQ.exe
  2⤵
  PID:3488
- C:\Windows\System\NKSWjOk.exe
  C:\Windows\System\NKSWjOk.exe
  2⤵
  PID:3504
- C:\Windows\System\FhGYmhg.exe
  C:\Windows\System\FhGYmhg.exe
  2⤵
  PID:3520
- C:\Windows\System\MVRZroI.exe
  C:\Windows\System\MVRZroI.exe
  2⤵
  PID:3536
- C:\Windows\System\pGJHzpl.exe
  C:\Windows\System\pGJHzpl.exe
  2⤵
  PID:3552
- C:\Windows\System\czljOLU.exe
  C:\Windows\System\czljOLU.exe
  2⤵
  PID:3568
- C:\Windows\System\tzalpGc.exe
  C:\Windows\System\tzalpGc.exe
  2⤵
  PID:3584
- C:\Windows\System\lNdYNJP.exe
  C:\Windows\System\lNdYNJP.exe
  2⤵
  PID:3600
- C:\Windows\System\oXZAqJn.exe
  C:\Windows\System\oXZAqJn.exe
  2⤵
  PID:3616
- C:\Windows\System\tknXaEr.exe
  C:\Windows\System\tknXaEr.exe
  2⤵
  PID:3632
- C:\Windows\System\SitDMmM.exe
  C:\Windows\System\SitDMmM.exe
  2⤵
  PID:3648
- C:\Windows\System\tSXPSZL.exe
  C:\Windows\System\tSXPSZL.exe
  2⤵
  PID:3664
- C:\Windows\System\sDSZMUX.exe
  C:\Windows\System\sDSZMUX.exe
  2⤵
  PID:3680
- C:\Windows\System\BHHBjlu.exe
  C:\Windows\System\BHHBjlu.exe
  2⤵
  PID:3696
- C:\Windows\System\bfxJgsB.exe
  C:\Windows\System\bfxJgsB.exe
  2⤵
  PID:3712
- C:\Windows\System\bgvNama.exe
  C:\Windows\System\bgvNama.exe
  2⤵
  PID:3728
- C:\Windows\System\NiqbeDB.exe
  C:\Windows\System\NiqbeDB.exe
  2⤵
  PID:3744
- C:\Windows\System\SDeGGuR.exe
  C:\Windows\System\SDeGGuR.exe
  2⤵
  PID:3760
- C:\Windows\System\FWlKLJB.exe
  C:\Windows\System\FWlKLJB.exe
  2⤵
  PID:3776
- C:\Windows\System\yGMdavl.exe
  C:\Windows\System\yGMdavl.exe
  2⤵
  PID:3792
- C:\Windows\System\QOTAJth.exe
  C:\Windows\System\QOTAJth.exe
  2⤵
  PID:3808
- C:\Windows\System\mMInxfH.exe
  C:\Windows\System\mMInxfH.exe
  2⤵
  PID:3824
- C:\Windows\System\lAzULYh.exe
  C:\Windows\System\lAzULYh.exe
  2⤵
  PID:3840
- C:\Windows\System\VAkwLbI.exe
  C:\Windows\System\VAkwLbI.exe
  2⤵
  PID:3856
- C:\Windows\System\jlicxWU.exe
  C:\Windows\System\jlicxWU.exe
  2⤵
  PID:3872
- C:\Windows\System\EeLZyVq.exe
  C:\Windows\System\EeLZyVq.exe
  2⤵
  PID:3888
- C:\Windows\System\sknEEhF.exe
  C:\Windows\System\sknEEhF.exe
  2⤵
  PID:3904
- C:\Windows\System\tFldfXR.exe
  C:\Windows\System\tFldfXR.exe
  2⤵
  PID:3920
- C:\Windows\System\NCEjZym.exe
  C:\Windows\System\NCEjZym.exe
  2⤵
  PID:3936
- C:\Windows\System\qLsBUsh.exe
  C:\Windows\System\qLsBUsh.exe
  2⤵
  PID:3952
- C:\Windows\System\qGBeJtR.exe
  C:\Windows\System\qGBeJtR.exe
  2⤵
  PID:3968
- C:\Windows\System\UeHQfRb.exe
  C:\Windows\System\UeHQfRb.exe
  2⤵
  PID:3984
- C:\Windows\System\zzprGWJ.exe
  C:\Windows\System\zzprGWJ.exe
  2⤵
  PID:4000
- C:\Windows\System\unceEih.exe
  C:\Windows\System\unceEih.exe
  2⤵
  PID:4016
- C:\Windows\System\JNAINWZ.exe
  C:\Windows\System\JNAINWZ.exe
  2⤵
  PID:4032
- C:\Windows\System\FeaVqbC.exe
  C:\Windows\System\FeaVqbC.exe
  2⤵
  PID:4048
- C:\Windows\System\BKlKAQG.exe
  C:\Windows\System\BKlKAQG.exe
  2⤵
  PID:4064
- C:\Windows\System\gzkQmkr.exe
  C:\Windows\System\gzkQmkr.exe
  2⤵
  PID:4080
- C:\Windows\System\AgxybtA.exe
  C:\Windows\System\AgxybtA.exe
  2⤵
  PID:2152
- C:\Windows\System\XAbehpi.exe
  C:\Windows\System\XAbehpi.exe
  2⤵
  PID:1860
- C:\Windows\System\QXKtnqT.exe
  C:\Windows\System\QXKtnqT.exe
  2⤵
  PID:2644
- C:\Windows\System\FCScXhn.exe
  C:\Windows\System\FCScXhn.exe
  2⤵
  PID:2596
- C:\Windows\System\YZaFxXB.exe
  C:\Windows\System\YZaFxXB.exe
  2⤵
  PID:1112
- C:\Windows\System\DrHszkk.exe
  C:\Windows\System\DrHszkk.exe
  2⤵
  PID:2300
- C:\Windows\System\TrPLOfL.exe
  C:\Windows\System\TrPLOfL.exe
  2⤵
  PID:2516
- C:\Windows\System\KSeWzFe.exe
  C:\Windows\System\KSeWzFe.exe
  2⤵
  PID:1756
- C:\Windows\System\fyVvllV.exe
  C:\Windows\System\fyVvllV.exe
  2⤵
  PID:856
- C:\Windows\System\rIwqIzl.exe
  C:\Windows\System\rIwqIzl.exe
  2⤵
  PID:1896
- C:\Windows\System\XJGmZRN.exe
  C:\Windows\System\XJGmZRN.exe
  2⤵
  PID:3112
- C:\Windows\System\KCHZzWh.exe
  C:\Windows\System\KCHZzWh.exe
  2⤵
  PID:1996
- C:\Windows\System\gYHgVZw.exe
  C:\Windows\System\gYHgVZw.exe
  2⤵
  PID:3132
- C:\Windows\System\pGeGvkT.exe
  C:\Windows\System\pGeGvkT.exe
  2⤵
  PID:3164
- C:\Windows\System\DKGegQL.exe
  C:\Windows\System\DKGegQL.exe
  2⤵
  PID:3240
- C:\Windows\System\nxdLJIC.exe
  C:\Windows\System\nxdLJIC.exe
  2⤵
  PID:3228
- C:\Windows\System\rmDwfeT.exe
  C:\Windows\System\rmDwfeT.exe
  2⤵
  PID:3256
- C:\Windows\System\PsXLLKV.exe
  C:\Windows\System\PsXLLKV.exe
  2⤵
  PID:3308
- C:\Windows\System\gBgJSZr.exe
  C:\Windows\System\gBgJSZr.exe
  2⤵
  PID:3324
- C:\Windows\System\fHRYWrV.exe
  C:\Windows\System\fHRYWrV.exe
  2⤵
  PID:3400
- C:\Windows\System\vojdmqG.exe
  C:\Windows\System\vojdmqG.exe
  2⤵
  PID:3436
- C:\Windows\System\ZKeQRHM.exe
  C:\Windows\System\ZKeQRHM.exe
  2⤵
  PID:3448
- C:\Windows\System\iOBfQPg.exe
  C:\Windows\System\iOBfQPg.exe
  2⤵
  PID:3468
- C:\Windows\System\VXGoeFG.exe
  C:\Windows\System\VXGoeFG.exe
  2⤵
  PID:3528
- C:\Windows\System\wZHtkzc.exe
  C:\Windows\System\wZHtkzc.exe
  2⤵
  PID:3512
- C:\Windows\System\bhZdsBJ.exe
  C:\Windows\System\bhZdsBJ.exe
  2⤵
  PID:3596
- C:\Windows\System\VXejvTz.exe
  C:\Windows\System\VXejvTz.exe
  2⤵
  PID:3576
- C:\Windows\System\tPDdueY.exe
  C:\Windows\System\tPDdueY.exe
  2⤵
  PID:3628
- C:\Windows\System\dkcxgav.exe
  C:\Windows\System\dkcxgav.exe
  2⤵
  PID:3644
- C:\Windows\System\wLTBSzN.exe
  C:\Windows\System\wLTBSzN.exe
  2⤵
  PID:3692
- C:\Windows\System\CuumaQv.exe
  C:\Windows\System\CuumaQv.exe
  2⤵
  PID:3708
- C:\Windows\System\dNeidNP.exe
  C:\Windows\System\dNeidNP.exe
  2⤵
  PID:3784
- C:\Windows\System\Bgouusi.exe
  C:\Windows\System\Bgouusi.exe
  2⤵
  PID:3772
- C:\Windows\System\CqoYZIr.exe
  C:\Windows\System\CqoYZIr.exe
  2⤵
  PID:3848
- C:\Windows\System\wdNgumv.exe
  C:\Windows\System\wdNgumv.exe
  2⤵
  PID:3864
- C:\Windows\System\tapwMXZ.exe
  C:\Windows\System\tapwMXZ.exe
  2⤵
  PID:3868
- C:\Windows\System\TIKhpQY.exe
  C:\Windows\System\TIKhpQY.exe
  2⤵
  PID:3944
- C:\Windows\System\QpZJTjh.exe
  C:\Windows\System\QpZJTjh.exe
  2⤵
  PID:3948
- C:\Windows\System\QdnYdpu.exe
  C:\Windows\System\QdnYdpu.exe
  2⤵
  PID:3964
- C:\Windows\System\mCXLtFN.exe
  C:\Windows\System\mCXLtFN.exe
  2⤵
  PID:3992
- C:\Windows\System\FNiZTWp.exe
  C:\Windows\System\FNiZTWp.exe
  2⤵
  PID:4028
- C:\Windows\System\snhpNaa.exe
  C:\Windows\System\snhpNaa.exe
  2⤵
  PID:2704
- C:\Windows\System\nZvbsUU.exe
  C:\Windows\System\nZvbsUU.exe
  2⤵
  PID:4088
- C:\Windows\System\PmuDlES.exe
  C:\Windows\System\PmuDlES.exe
  2⤵
  PID:1620
- C:\Windows\System\yCepdGy.exe
  C:\Windows\System\yCepdGy.exe
  2⤵
  PID:800
- C:\Windows\System\SMsHnaj.exe
  C:\Windows\System\SMsHnaj.exe
  2⤵
  PID:2124
- C:\Windows\System\TQgsnUy.exe
  C:\Windows\System\TQgsnUy.exe
  2⤵
  PID:1888
- C:\Windows\System\SEqSGLb.exe
  C:\Windows\System\SEqSGLb.exe
  2⤵
  PID:3148
- C:\Windows\System\tZGWiGj.exe
  C:\Windows\System\tZGWiGj.exe
  2⤵
  PID:3180
- C:\Windows\System\XGHhvfh.exe
  C:\Windows\System\XGHhvfh.exe
  2⤵
  PID:3196
- C:\Windows\System\ioiPydz.exe
  C:\Windows\System\ioiPydz.exe
  2⤵
  PID:3292
- C:\Windows\System\IxLTTFI.exe
  C:\Windows\System\IxLTTFI.exe
  2⤵
  PID:3352
- C:\Windows\System\KDBJugU.exe
  C:\Windows\System\KDBJugU.exe
  2⤵
  PID:3496
- C:\Windows\System\amSOPeh.exe
  C:\Windows\System\amSOPeh.exe
  2⤵
  PID:3500
- C:\Windows\System\yqtYNtr.exe
  C:\Windows\System\yqtYNtr.exe
  2⤵
  PID:3592
- C:\Windows\System\tDMlDqk.exe
  C:\Windows\System\tDMlDqk.exe
  2⤵
  PID:3672
- C:\Windows\System\wBlnXIp.exe
  C:\Windows\System\wBlnXIp.exe
  2⤵
  PID:3736
- C:\Windows\System\jSJarPS.exe
  C:\Windows\System\jSJarPS.exe
  2⤵
  PID:3800
- C:\Windows\System\bSFQIPu.exe
  C:\Windows\System\bSFQIPu.exe
  2⤵
  PID:3820
- C:\Windows\System\mVtIMdO.exe
  C:\Windows\System\mVtIMdO.exe
  2⤵
  PID:3928
- C:\Windows\System\NPfOBVq.exe
  C:\Windows\System\NPfOBVq.exe
  2⤵
  PID:3996
- C:\Windows\System\GYhbzSe.exe
  C:\Windows\System\GYhbzSe.exe
  2⤵
  PID:2416
- C:\Windows\System\rpcTZIv.exe
  C:\Windows\System\rpcTZIv.exe
  2⤵
  PID:4112
- C:\Windows\System\CbWQaxA.exe
  C:\Windows\System\CbWQaxA.exe
  2⤵
  PID:4128
- C:\Windows\System\UynCJRo.exe
  C:\Windows\System\UynCJRo.exe
  2⤵
  PID:4144
- C:\Windows\System\NgPqcMY.exe
  C:\Windows\System\NgPqcMY.exe
  2⤵
  PID:4160
- C:\Windows\System\HphPDdD.exe
  C:\Windows\System\HphPDdD.exe
  2⤵
  PID:4176
- C:\Windows\System\mHaOYks.exe
  C:\Windows\System\mHaOYks.exe
  2⤵
  PID:4192
- C:\Windows\System\GsCHayJ.exe
  C:\Windows\System\GsCHayJ.exe
  2⤵
  PID:4208
- C:\Windows\System\eHCtZLI.exe
  C:\Windows\System\eHCtZLI.exe
  2⤵
  PID:4224
- C:\Windows\System\fKohXZk.exe
  C:\Windows\System\fKohXZk.exe
  2⤵
  PID:4240
- C:\Windows\System\mEpzIPh.exe
  C:\Windows\System\mEpzIPh.exe
  2⤵
  PID:4256
- C:\Windows\System\PwgkmDA.exe
  C:\Windows\System\PwgkmDA.exe
  2⤵
  PID:4272
- C:\Windows\System\WvZFPlJ.exe
  C:\Windows\System\WvZFPlJ.exe
  2⤵
  PID:4288
- C:\Windows\System\uOgKUBG.exe
  C:\Windows\System\uOgKUBG.exe
  2⤵
  PID:4304
- C:\Windows\System\DqzXmrE.exe
  C:\Windows\System\DqzXmrE.exe
  2⤵
  PID:4320
- C:\Windows\System\SyyzlxY.exe
  C:\Windows\System\SyyzlxY.exe
  2⤵
  PID:4336
- C:\Windows\System\TUojSTE.exe
  C:\Windows\System\TUojSTE.exe
  2⤵
  PID:4352
- C:\Windows\System\vEFQeLv.exe
  C:\Windows\System\vEFQeLv.exe
  2⤵
  PID:4368
- C:\Windows\System\gwcGLnb.exe
  C:\Windows\System\gwcGLnb.exe
  2⤵
  PID:4384
- C:\Windows\System\SQytDyH.exe
  C:\Windows\System\SQytDyH.exe
  2⤵
  PID:4400
- C:\Windows\System\uQzxJup.exe
  C:\Windows\System\uQzxJup.exe
  2⤵
  PID:4416
- C:\Windows\System\lozqnSy.exe
  C:\Windows\System\lozqnSy.exe
  2⤵
  PID:4432
- C:\Windows\System\IZnYZEv.exe
  C:\Windows\System\IZnYZEv.exe
  2⤵
  PID:4448
- C:\Windows\System\IcIQkSZ.exe
  C:\Windows\System\IcIQkSZ.exe
  2⤵
  PID:4464
- C:\Windows\System\wIjxmVp.exe
  C:\Windows\System\wIjxmVp.exe
  2⤵
  PID:4480
- C:\Windows\System\izysIUr.exe
  C:\Windows\System\izysIUr.exe
  2⤵
  PID:4496
- C:\Windows\System\DXynYUB.exe
  C:\Windows\System\DXynYUB.exe
  2⤵
  PID:4512
- C:\Windows\System\QnRAoHT.exe
  C:\Windows\System\QnRAoHT.exe
  2⤵
  PID:4528
- C:\Windows\System\Birrzsw.exe
  C:\Windows\System\Birrzsw.exe
  2⤵
  PID:4544
- C:\Windows\System\eQIdLLG.exe
  C:\Windows\System\eQIdLLG.exe
  2⤵
  PID:4560
- C:\Windows\System\EOYHXeG.exe
  C:\Windows\System\EOYHXeG.exe
  2⤵
  PID:4576
- C:\Windows\System\RZUHlVj.exe
  C:\Windows\System\RZUHlVj.exe
  2⤵
  PID:4592
- C:\Windows\System\HYNFlVT.exe
  C:\Windows\System\HYNFlVT.exe
  2⤵
  PID:4608
- C:\Windows\System\CxvJxkP.exe
  C:\Windows\System\CxvJxkP.exe
  2⤵
  PID:4624
- C:\Windows\System\nUtiXhf.exe
  C:\Windows\System\nUtiXhf.exe
  2⤵
  PID:4640
- C:\Windows\System\BXaPhiD.exe
  C:\Windows\System\BXaPhiD.exe
  2⤵
  PID:4656
- C:\Windows\System\EABtZLP.exe
  C:\Windows\System\EABtZLP.exe
  2⤵
  PID:4672
- C:\Windows\System\FTyiSSo.exe
  C:\Windows\System\FTyiSSo.exe
  2⤵
  PID:4688
- C:\Windows\System\oaScHrF.exe
  C:\Windows\System\oaScHrF.exe
  2⤵
  PID:4704
- C:\Windows\System\gfmRCIF.exe
  C:\Windows\System\gfmRCIF.exe
  2⤵
  PID:4720
- C:\Windows\System\juAHuxC.exe
  C:\Windows\System\juAHuxC.exe
  2⤵
  PID:4736
- C:\Windows\System\fexaKuw.exe
  C:\Windows\System\fexaKuw.exe
  2⤵
  PID:4752
- C:\Windows\System\gBdeqnt.exe
  C:\Windows\System\gBdeqnt.exe
  2⤵
  PID:4768
- C:\Windows\System\rWgnTAa.exe
  C:\Windows\System\rWgnTAa.exe
  2⤵
  PID:4784
- C:\Windows\System\SbNjoAt.exe
  C:\Windows\System\SbNjoAt.exe
  2⤵
  PID:4800
- C:\Windows\System\rciMdXj.exe
  C:\Windows\System\rciMdXj.exe
  2⤵
  PID:4816
- C:\Windows\System\PzOpZnG.exe
  C:\Windows\System\PzOpZnG.exe
  2⤵
  PID:4832
- C:\Windows\System\symMuSo.exe
  C:\Windows\System\symMuSo.exe
  2⤵
  PID:4848
- C:\Windows\System\cNYRBrS.exe
  C:\Windows\System\cNYRBrS.exe
  2⤵
  PID:4864
- C:\Windows\System\olBKHTF.exe
  C:\Windows\System\olBKHTF.exe
  2⤵
  PID:4880
- C:\Windows\System\MZraVee.exe
  C:\Windows\System\MZraVee.exe
  2⤵
  PID:4896
- C:\Windows\System\DQdrCIw.exe
  C:\Windows\System\DQdrCIw.exe
  2⤵
  PID:4912
- C:\Windows\System\nQQgzDs.exe
  C:\Windows\System\nQQgzDs.exe
  2⤵
  PID:4928
- C:\Windows\System\CEwPHvq.exe
  C:\Windows\System\CEwPHvq.exe
  2⤵
  PID:4944
- C:\Windows\System\HuDpoON.exe
  C:\Windows\System\HuDpoON.exe
  2⤵
  PID:4960
- C:\Windows\System\qjdbIST.exe
  C:\Windows\System\qjdbIST.exe
  2⤵
  PID:4976
- C:\Windows\System\pNorxTs.exe
  C:\Windows\System\pNorxTs.exe
  2⤵
  PID:4992
- C:\Windows\System\GlFleAv.exe
  C:\Windows\System\GlFleAv.exe
  2⤵
  PID:5008
- C:\Windows\System\mjPrdmj.exe
  C:\Windows\System\mjPrdmj.exe
  2⤵
  PID:5024
- C:\Windows\System\uDwzdrH.exe
  C:\Windows\System\uDwzdrH.exe
  2⤵
  PID:5040
- C:\Windows\System\PHKCmrt.exe
  C:\Windows\System\PHKCmrt.exe
  2⤵
  PID:5056
- C:\Windows\System\AdsGdvT.exe
  C:\Windows\System\AdsGdvT.exe
  2⤵
  PID:5072
- C:\Windows\System\kaqSpvt.exe
  C:\Windows\System\kaqSpvt.exe
  2⤵
  PID:5088
- C:\Windows\System\epkVYgw.exe
  C:\Windows\System\epkVYgw.exe
  2⤵
  PID:5104
- C:\Windows\System\bzldpZA.exe
  C:\Windows\System\bzldpZA.exe
  2⤵
  PID:1476
- C:\Windows\System\RffQjFb.exe
  C:\Windows\System\RffQjFb.exe
  2⤵
  PID:3224
- C:\Windows\System\dcaheMe.exe
  C:\Windows\System\dcaheMe.exe
  2⤵
  PID:3980
- C:\Windows\System\HzRPpmy.exe
  C:\Windows\System\HzRPpmy.exe
  2⤵
  PID:3276
- C:\Windows\System\QoONFiG.exe
  C:\Windows\System\QoONFiG.exe
  2⤵
  PID:2796
- C:\Windows\System\DEewyXc.exe
  C:\Windows\System\DEewyXc.exe
  2⤵
  PID:3612
- C:\Windows\System\PHmwOsL.exe
  C:\Windows\System\PHmwOsL.exe
  2⤵
  PID:3884
- C:\Windows\System\WLtFyzW.exe
  C:\Windows\System\WLtFyzW.exe
  2⤵
  PID:3128
- C:\Windows\System\UCQHgoB.exe
  C:\Windows\System\UCQHgoB.exe
  2⤵
  PID:3304
- C:\Windows\System\FdGbipC.exe
  C:\Windows\System\FdGbipC.exe
  2⤵
  PID:4120
- C:\Windows\System\mIuVFHZ.exe
  C:\Windows\System\mIuVFHZ.exe
  2⤵
  PID:3548
- C:\Windows\System\CtcgNpo.exe
  C:\Windows\System\CtcgNpo.exe
  2⤵
  PID:4012
- C:\Windows\System\jLwKEZo.exe
  C:\Windows\System\jLwKEZo.exe
  2⤵
  PID:4152
- C:\Windows\System\uHcQbTL.exe
  C:\Windows\System\uHcQbTL.exe
  2⤵
  PID:4216
- C:\Windows\System\zkTkyQg.exe
  C:\Windows\System\zkTkyQg.exe
  2⤵
  PID:4280
- C:\Windows\System\sQqovgH.exe
  C:\Windows\System\sQqovgH.exe
  2⤵
  PID:4344
- C:\Windows\System\XAGOrkq.exe
  C:\Windows\System\XAGOrkq.exe
  2⤵
  PID:4236
- C:\Windows\System\ugMkwGU.exe
  C:\Windows\System\ugMkwGU.exe
  2⤵
  PID:4200
- C:\Windows\System\mjubUpV.exe
  C:\Windows\System\mjubUpV.exe
  2⤵
  PID:4408
- C:\Windows\System\cBZHvfR.exe
  C:\Windows\System\cBZHvfR.exe
  2⤵
  PID:4472
- C:\Windows\System\iFNhaZJ.exe
  C:\Windows\System\iFNhaZJ.exe
  2⤵
  PID:4264
- C:\Windows\System\DQElqBB.exe
  C:\Windows\System\DQElqBB.exe
  2⤵
  PID:4268
- C:\Windows\System\AWIgxBy.exe
  C:\Windows\System\AWIgxBy.exe
  2⤵
  PID:4540
- C:\Windows\System\SpHOlBR.exe
  C:\Windows\System\SpHOlBR.exe
  2⤵
  PID:4392
- C:\Windows\System\TBpxAMd.exe
  C:\Windows\System\TBpxAMd.exe
  2⤵
  PID:4456
- C:\Windows\System\KbuVmdH.exe
  C:\Windows\System\KbuVmdH.exe
  2⤵
  PID:4600
- C:\Windows\System\mwjwVBn.exe
  C:\Windows\System\mwjwVBn.exe
  2⤵
  PID:4664
- C:\Windows\System\YwyCdCc.exe
  C:\Windows\System\YwyCdCc.exe
  2⤵
  PID:4520
- C:\Windows\System\wDSGKZm.exe
  C:\Windows\System\wDSGKZm.exe
  2⤵
  PID:4712
- C:\Windows\System\DdPgdqt.exe
  C:\Windows\System\DdPgdqt.exe
  2⤵
  PID:4584
- C:\Windows\System\TtptUAu.exe
  C:\Windows\System\TtptUAu.exe
  2⤵
  PID:4680
- C:\Windows\System\vdOTFOa.exe
  C:\Windows\System\vdOTFOa.exe
  2⤵
  PID:4764
- C:\Windows\System\VDDpeFM.exe
  C:\Windows\System\VDDpeFM.exe
  2⤵
  PID:4780
- C:\Windows\System\aOUQitN.exe
  C:\Windows\System\aOUQitN.exe
  2⤵
  PID:4828
- C:\Windows\System\vsuJoTO.exe
  C:\Windows\System\vsuJoTO.exe
  2⤵
  PID:4840
- C:\Windows\System\DBkHJNH.exe
  C:\Windows\System\DBkHJNH.exe
  2⤵
  PID:4872
- C:\Windows\System\sXJkcIn.exe
  C:\Windows\System\sXJkcIn.exe
  2⤵
  PID:4924
- C:\Windows\System\MSyRgRM.exe
  C:\Windows\System\MSyRgRM.exe
  2⤵
  PID:4876
- C:\Windows\System\eqEzHAL.exe
  C:\Windows\System\eqEzHAL.exe
  2⤵
  PID:4968
- C:\Windows\System\SHoTGfR.exe
  C:\Windows\System\SHoTGfR.exe
  2⤵
  PID:5000
- C:\Windows\System\JHDVdoh.exe
  C:\Windows\System\JHDVdoh.exe
  2⤵
  PID:5048
- C:\Windows\System\WmigpfU.exe
  C:\Windows\System\WmigpfU.exe
  2⤵
  PID:5032
- C:\Windows\System\AVtAmMl.exe
  C:\Windows\System\AVtAmMl.exe
  2⤵
  PID:5112
- C:\Windows\System\oChOsDy.exe
  C:\Windows\System\oChOsDy.exe
  2⤵
  PID:3916
- C:\Windows\System\pALuxJR.exe
  C:\Windows\System\pALuxJR.exe
  2⤵
  PID:3372
- C:\Windows\System\gXbupJi.exe
  C:\Windows\System\gXbupJi.exe
  2⤵
  PID:1136
- C:\Windows\System\iuGFJaT.exe
  C:\Windows\System\iuGFJaT.exe
  2⤵
  PID:3608
- C:\Windows\System\jPnWGMd.exe
  C:\Windows\System\jPnWGMd.exe
  2⤵
  PID:4056
- C:\Windows\System\eREywfo.exe
  C:\Windows\System\eREywfo.exe
  2⤵
  PID:3720
- C:\Windows\System\RRmZkHx.exe
  C:\Windows\System\RRmZkHx.exe
  2⤵
  PID:4252
- C:\Windows\System\SnBHEfG.exe
  C:\Windows\System\SnBHEfG.exe
  2⤵
  PID:4312
- C:\Windows\System\ZCEMXsq.exe
  C:\Windows\System\ZCEMXsq.exe
  2⤵
  PID:4168
- C:\Windows\System\AfjghIi.exe
  C:\Windows\System\AfjghIi.exe
  2⤵
  PID:4440
- C:\Windows\System\KocQWHG.exe
  C:\Windows\System\KocQWHG.exe
  2⤵
  PID:4364
- C:\Windows\System\RKHDfMv.exe
  C:\Windows\System\RKHDfMv.exe
  2⤵
  PID:4424
- C:\Windows\System\ecbPBjT.exe
  C:\Windows\System\ecbPBjT.exe
  2⤵
  PID:4332
- C:\Windows\System\wbWzIAM.exe
  C:\Windows\System\wbWzIAM.exe
  2⤵
  PID:4636
- C:\Windows\System\JSOKwck.exe
  C:\Windows\System\JSOKwck.exe
  2⤵
  PID:4616
- C:\Windows\System\XUwqKlG.exe
  C:\Windows\System\XUwqKlG.exe
  2⤵
  PID:4684
- C:\Windows\System\Srrswor.exe
  C:\Windows\System\Srrswor.exe
  2⤵
  PID:4824
- C:\Windows\System\stsYMOg.exe
  C:\Windows\System\stsYMOg.exe
  2⤵
  PID:4744
- C:\Windows\System\yRZOZFM.exe
  C:\Windows\System\yRZOZFM.exe
  2⤵
  PID:4920
- C:\Windows\System\CyjMjny.exe
  C:\Windows\System\CyjMjny.exe
  2⤵
  PID:4940
- C:\Windows\System\ZUHWNRl.exe
  C:\Windows\System\ZUHWNRl.exe
  2⤵
  PID:5020
- C:\Windows\System\iSBSYxQ.exe
  C:\Windows\System\iSBSYxQ.exe
  2⤵
  PID:5068
- C:\Windows\System\NMyRSSQ.exe
  C:\Windows\System\NMyRSSQ.exe
  2⤵
  PID:3816
- C:\Windows\System\pqogAiA.exe
  C:\Windows\System\pqogAiA.exe
  2⤵
  PID:3084
- C:\Windows\System\ueHrNDO.exe
  C:\Windows\System\ueHrNDO.exe
  2⤵
  PID:3560
- C:\Windows\System\YhioduQ.exe
  C:\Windows\System\YhioduQ.exe
  2⤵
  PID:4188
- C:\Windows\System\cDwiMXM.exe
  C:\Windows\System\cDwiMXM.exe
  2⤵
  PID:5136
- C:\Windows\System\muiKIds.exe
  C:\Windows\System\muiKIds.exe
  2⤵
  PID:5152
- C:\Windows\System\jTmKqjS.exe
  C:\Windows\System\jTmKqjS.exe
  2⤵
  PID:5168
- C:\Windows\System\ZkLkgdZ.exe
  C:\Windows\System\ZkLkgdZ.exe
  2⤵
  PID:5184
- C:\Windows\System\vqbpRJD.exe
  C:\Windows\System\vqbpRJD.exe
  2⤵
  PID:5200
- C:\Windows\System\wEmJkBh.exe
  C:\Windows\System\wEmJkBh.exe
  2⤵
  PID:5216
- C:\Windows\System\NAjgApH.exe
  C:\Windows\System\NAjgApH.exe
  2⤵
  PID:5232
- C:\Windows\System\sopUhXo.exe
  C:\Windows\System\sopUhXo.exe
  2⤵
  PID:5248
- C:\Windows\System\ghunBoo.exe
  C:\Windows\System\ghunBoo.exe
  2⤵
  PID:5264
- C:\Windows\System\RRfRnpD.exe
  C:\Windows\System\RRfRnpD.exe
  2⤵
  PID:5280
- C:\Windows\System\gvVKlqD.exe
  C:\Windows\System\gvVKlqD.exe
  2⤵
  PID:5296
- C:\Windows\System\WgsGsNT.exe
  C:\Windows\System\WgsGsNT.exe
  2⤵
  PID:5312
- C:\Windows\System\pfMpjao.exe
  C:\Windows\System\pfMpjao.exe
  2⤵
  PID:5328
- C:\Windows\System\FLhSVWL.exe
  C:\Windows\System\FLhSVWL.exe
  2⤵
  PID:5344
- C:\Windows\System\NUtUdhw.exe
  C:\Windows\System\NUtUdhw.exe
  2⤵
  PID:5360
- C:\Windows\System\AWFyKmV.exe
  C:\Windows\System\AWFyKmV.exe
  2⤵
  PID:5376
- C:\Windows\System\PMgJtOx.exe
  C:\Windows\System\PMgJtOx.exe
  2⤵
  PID:5392
- C:\Windows\System\wxiTOjo.exe
  C:\Windows\System\wxiTOjo.exe
  2⤵
  PID:5408
- C:\Windows\System\pmcAijg.exe
  C:\Windows\System\pmcAijg.exe
  2⤵
  PID:5424
- C:\Windows\System\uYbZInK.exe
  C:\Windows\System\uYbZInK.exe
  2⤵
  PID:5440
- C:\Windows\System\giXJhXd.exe
  C:\Windows\System\giXJhXd.exe
  2⤵
  PID:5456
- C:\Windows\System\GdzKmGy.exe
  C:\Windows\System\GdzKmGy.exe
  2⤵
  PID:5472
- C:\Windows\System\SELczfg.exe
  C:\Windows\System\SELczfg.exe
  2⤵
  PID:5488
- C:\Windows\System\UNwWUZB.exe
  C:\Windows\System\UNwWUZB.exe
  2⤵
  PID:5504
- C:\Windows\System\OYhhTII.exe
  C:\Windows\System\OYhhTII.exe
  2⤵
  PID:5520
- C:\Windows\System\QpWDHVI.exe
  C:\Windows\System\QpWDHVI.exe
  2⤵
  PID:5536
- C:\Windows\System\unmRljG.exe
  C:\Windows\System\unmRljG.exe
  2⤵
  PID:5552
- C:\Windows\System\yNtUoBz.exe
  C:\Windows\System\yNtUoBz.exe
  2⤵
  PID:5568
- C:\Windows\System\klqKfWK.exe
  C:\Windows\System\klqKfWK.exe
  2⤵
  PID:5584
- C:\Windows\System\XcRQcge.exe
  C:\Windows\System\XcRQcge.exe
  2⤵
  PID:5600
- C:\Windows\System\VOezeVk.exe
  C:\Windows\System\VOezeVk.exe
  2⤵
  PID:5616
- C:\Windows\System\JqexNQj.exe
  C:\Windows\System\JqexNQj.exe
  2⤵
  PID:5632
- C:\Windows\System\sKweyng.exe
  C:\Windows\System\sKweyng.exe
  2⤵
  PID:5648
- C:\Windows\System\fbuzFVL.exe
  C:\Windows\System\fbuzFVL.exe
  2⤵
  PID:5664
- C:\Windows\System\xDbSpEJ.exe
  C:\Windows\System\xDbSpEJ.exe
  2⤵
  PID:5680
- C:\Windows\System\VxtNGzG.exe
  C:\Windows\System\VxtNGzG.exe
  2⤵
  PID:5696
- C:\Windows\System\zUsVCNe.exe
  C:\Windows\System\zUsVCNe.exe
  2⤵
  PID:5712
- C:\Windows\System\ghkSxMV.exe
  C:\Windows\System\ghkSxMV.exe
  2⤵
  PID:5728
- C:\Windows\System\oNGEqPQ.exe
  C:\Windows\System\oNGEqPQ.exe
  2⤵
  PID:5744
- C:\Windows\System\lJrvCtR.exe
  C:\Windows\System\lJrvCtR.exe
  2⤵
  PID:5760
- C:\Windows\System\GYuzFlS.exe
  C:\Windows\System\GYuzFlS.exe
  2⤵
  PID:5776
- C:\Windows\System\ghaCLun.exe
  C:\Windows\System\ghaCLun.exe
  2⤵
  PID:5792
- C:\Windows\System\TljNBJn.exe
  C:\Windows\System\TljNBJn.exe
  2⤵
  PID:5808
- C:\Windows\System\rIIAQIr.exe
  C:\Windows\System\rIIAQIr.exe
  2⤵
  PID:5824
- C:\Windows\System\BzEPCAw.exe
  C:\Windows\System\BzEPCAw.exe
  2⤵
  PID:5840
- C:\Windows\System\eJmmmry.exe
  C:\Windows\System\eJmmmry.exe
  2⤵
  PID:5856
- C:\Windows\System\BCzFdoD.exe
  C:\Windows\System\BCzFdoD.exe
  2⤵
  PID:5872
- C:\Windows\System\umEeXRk.exe
  C:\Windows\System\umEeXRk.exe
  2⤵
  PID:5888
- C:\Windows\System\sErsgmh.exe
  C:\Windows\System\sErsgmh.exe
  2⤵
  PID:5904
- C:\Windows\System\qIToziM.exe
  C:\Windows\System\qIToziM.exe
  2⤵
  PID:5920
- C:\Windows\System\wGjtQeu.exe
  C:\Windows\System\wGjtQeu.exe
  2⤵
  PID:5936
- C:\Windows\System\NTMPIdv.exe
  C:\Windows\System\NTMPIdv.exe
  2⤵
  PID:5952
- C:\Windows\System\HSqSYsX.exe
  C:\Windows\System\HSqSYsX.exe
  2⤵
  PID:5968
- C:\Windows\System\CiOjWrl.exe
  C:\Windows\System\CiOjWrl.exe
  2⤵
  PID:5984
- C:\Windows\System\GSPQBQJ.exe
  C:\Windows\System\GSPQBQJ.exe
  2⤵
  PID:6000
- C:\Windows\System\CLhgFLr.exe
  C:\Windows\System\CLhgFLr.exe
  2⤵
  PID:6016
- C:\Windows\System\OdIgMra.exe
  C:\Windows\System\OdIgMra.exe
  2⤵
  PID:6032
- C:\Windows\System\ckhmSfR.exe
  C:\Windows\System\ckhmSfR.exe
  2⤵
  PID:6048
- C:\Windows\System\UQssWIb.exe
  C:\Windows\System\UQssWIb.exe
  2⤵
  PID:6064
- C:\Windows\System\RLBLZla.exe
  C:\Windows\System\RLBLZla.exe
  2⤵
  PID:6084
- C:\Windows\System\VnShyLP.exe
  C:\Windows\System\VnShyLP.exe
  2⤵
  PID:6100
- C:\Windows\System\mcAFWny.exe
  C:\Windows\System\mcAFWny.exe
  2⤵
  PID:6116
- C:\Windows\System\TchnqlE.exe
  C:\Windows\System\TchnqlE.exe
  2⤵
  PID:6132
- C:\Windows\System\CXBKpBH.exe
  C:\Windows\System\CXBKpBH.exe
  2⤵
  PID:4316
- C:\Windows\System\CDBOGBZ.exe
  C:\Windows\System\CDBOGBZ.exe
  2⤵
  PID:4508
- C:\Windows\System\BXmTkrE.exe
  C:\Windows\System\BXmTkrE.exe
  2⤵
  PID:4428
- C:\Windows\System\JAJQQqj.exe
  C:\Windows\System\JAJQQqj.exe
  2⤵
  PID:4700
- C:\Windows\System\GUGxubg.exe
  C:\Windows\System\GUGxubg.exe
  2⤵
  PID:4796
- C:\Windows\System\slFumJG.exe
  C:\Windows\System\slFumJG.exe
  2⤵
  PID:4892
- C:\Windows\System\rlDznqN.exe
  C:\Windows\System\rlDznqN.exe
  2⤵
  PID:4972
- C:\Windows\System\aVfUNlQ.exe
  C:\Windows\System\aVfUNlQ.exe
  2⤵
  PID:3452
- C:\Windows\System\flcAiko.exe
  C:\Windows\System\flcAiko.exe
  2⤵
  PID:4248
- C:\Windows\System\Skvlikm.exe
  C:\Windows\System\Skvlikm.exe
  2⤵
  PID:5144
- C:\Windows\System\DlrdqEA.exe
  C:\Windows\System\DlrdqEA.exe
  2⤵
  PID:5176
- C:\Windows\System\lHOKqOD.exe
  C:\Windows\System\lHOKqOD.exe
  2⤵
  PID:5208
- C:\Windows\System\lNiVnSR.exe
  C:\Windows\System\lNiVnSR.exe
  2⤵
  PID:5240
- C:\Windows\System\zhXZwbO.exe
  C:\Windows\System\zhXZwbO.exe
  2⤵
  PID:5272
- C:\Windows\System\NgrWEVM.exe
  C:\Windows\System\NgrWEVM.exe
  2⤵
  PID:5304
- C:\Windows\System\ZRgYIXG.exe
  C:\Windows\System\ZRgYIXG.exe
  2⤵
  PID:5336
- C:\Windows\System\CYwwRRW.exe
  C:\Windows\System\CYwwRRW.exe
  2⤵
  PID:5368
- C:\Windows\System\zNhsbHQ.exe
  C:\Windows\System\zNhsbHQ.exe
  2⤵
  PID:5400
- C:\Windows\System\mjZaYFg.exe
  C:\Windows\System\mjZaYFg.exe
  2⤵
  PID:5432
- C:\Windows\System\ioQlZnA.exe
  C:\Windows\System\ioQlZnA.exe
  2⤵
  PID:5452
- C:\Windows\System\HKpJUzm.exe
  C:\Windows\System\HKpJUzm.exe
  2⤵
  PID:5496
- C:\Windows\System\GjcddqW.exe
  C:\Windows\System\GjcddqW.exe
  2⤵
  PID:5528
- C:\Windows\System\PDRSdQC.exe
  C:\Windows\System\PDRSdQC.exe
  2⤵
  PID:5560
- C:\Windows\System\DyNqmUp.exe
  C:\Windows\System\DyNqmUp.exe
  2⤵
  PID:5592
- C:\Windows\System\BMMIhQd.exe
  C:\Windows\System\BMMIhQd.exe
  2⤵
  PID:5612
- C:\Windows\System\KytUAho.exe
  C:\Windows\System\KytUAho.exe
  2⤵
  PID:5644
- C:\Windows\System\NVgIWYs.exe
  C:\Windows\System\NVgIWYs.exe
  2⤵
  PID:5676
- C:\Windows\System\WVxMzWG.exe
  C:\Windows\System\WVxMzWG.exe
  2⤵
  PID:5708
- C:\Windows\System\zhTjzCF.exe
  C:\Windows\System\zhTjzCF.exe
  2⤵
  PID:5740
- C:\Windows\System\pInEmIc.exe
  C:\Windows\System\pInEmIc.exe
  2⤵
  PID:5784
- C:\Windows\System\VkCifIa.exe
  C:\Windows\System\VkCifIa.exe
  2⤵
  PID:5804
- C:\Windows\System\yJlqkNH.exe
  C:\Windows\System\yJlqkNH.exe
  2⤵
  PID:5836
- C:\Windows\System\rWKzPKv.exe
  C:\Windows\System\rWKzPKv.exe
  2⤵
  PID:5868
- C:\Windows\System\wKwJPuh.exe
  C:\Windows\System\wKwJPuh.exe
  2⤵
  PID:5900
- C:\Windows\System\UsFGDeK.exe
  C:\Windows\System\UsFGDeK.exe
  2⤵
  PID:5932
- C:\Windows\System\aABHTkm.exe
  C:\Windows\System\aABHTkm.exe
  2⤵
  PID:5964
- C:\Windows\System\VLIqsoi.exe
  C:\Windows\System\VLIqsoi.exe
  2⤵
  PID:5996
- C:\Windows\System\XJumHgq.exe
  C:\Windows\System\XJumHgq.exe
  2⤵
  PID:6028
- C:\Windows\System\hqMHbnx.exe
  C:\Windows\System\hqMHbnx.exe
  2⤵
  PID:6060
- C:\Windows\System\fmgCSvr.exe
  C:\Windows\System\fmgCSvr.exe
  2⤵
  PID:6096
- C:\Windows\System\aGBeJcS.exe
  C:\Windows\System\aGBeJcS.exe
  2⤵
  PID:6128
- C:\Windows\System\xJIlrkF.exe
  C:\Windows\System\xJIlrkF.exe
  2⤵
  PID:4504
- C:\Windows\System\SmrSeHB.exe
  C:\Windows\System\SmrSeHB.exe
  2⤵
  PID:4552
- C:\Windows\System\lnhKbJp.exe
  C:\Windows\System\lnhKbJp.exe
  2⤵
  PID:4860
- C:\Windows\System\vVYwVGR.exe
  C:\Windows\System\vVYwVGR.exe
  2⤵
  PID:3836
- C:\Windows\System\NUxtBFW.exe
  C:\Windows\System\NUxtBFW.exe
  2⤵
  PID:5128
- C:\Windows\System\fsZHHxC.exe
  C:\Windows\System\fsZHHxC.exe
  2⤵
  PID:5192
- C:\Windows\System\dpfhJMq.exe
  C:\Windows\System\dpfhJMq.exe
  2⤵
  PID:5256
- C:\Windows\System\NOXFUUa.exe
  C:\Windows\System\NOXFUUa.exe
  2⤵
  PID:5320
- C:\Windows\System\rCvBawN.exe
  C:\Windows\System\rCvBawN.exe
  2⤵
  PID:5384
- C:\Windows\System\uZjtjJX.exe
  C:\Windows\System\uZjtjJX.exe
  2⤵
  PID:5468
- C:\Windows\System\vAukvry.exe
  C:\Windows\System\vAukvry.exe
  2⤵
  PID:5512
- C:\Windows\System\mLOnRIf.exe
  C:\Windows\System\mLOnRIf.exe
  2⤵
  PID:5596
- C:\Windows\System\ElzikZt.exe
  C:\Windows\System\ElzikZt.exe
  2⤵
  PID:5660
- C:\Windows\System\ycHqNnk.exe
  C:\Windows\System\ycHqNnk.exe
  2⤵
  PID:5724
- C:\Windows\System\dsWjnqi.exe
  C:\Windows\System\dsWjnqi.exe
  2⤵
  PID:5788
- C:\Windows\System\eqsJusy.exe
  C:\Windows\System\eqsJusy.exe
  2⤵
  PID:5852
- C:\Windows\System\ubNkeOT.exe
  C:\Windows\System\ubNkeOT.exe
  2⤵
  PID:5916
- C:\Windows\System\UUGjXsS.exe
  C:\Windows\System\UUGjXsS.exe
  2⤵
  PID:5980
- C:\Windows\System\RpkRbLN.exe
  C:\Windows\System\RpkRbLN.exe
  2⤵
  PID:6024
- C:\Windows\System\bPiUOSK.exe
  C:\Windows\System\bPiUOSK.exe
  2⤵
  PID:6092
- C:\Windows\System\QgdEUih.exe
  C:\Windows\System\QgdEUih.exe
  2⤵
  PID:4572
- C:\Windows\System\sznzfKo.exe
  C:\Windows\System\sznzfKo.exe
  2⤵
  PID:5004
- C:\Windows\System\EtIyxox.exe
  C:\Windows\System\EtIyxox.exe
  2⤵
  PID:4184
- C:\Windows\System\odaNnvR.exe
  C:\Windows\System\odaNnvR.exe
  2⤵
  PID:6152
- C:\Windows\System\qbkrqCR.exe
  C:\Windows\System\qbkrqCR.exe
  2⤵
  PID:6168
- C:\Windows\System\zWWEKlR.exe
  C:\Windows\System\zWWEKlR.exe
  2⤵
  PID:6184
- C:\Windows\System\ohiLivj.exe
  C:\Windows\System\ohiLivj.exe
  2⤵
  PID:6200
- C:\Windows\System\BHthclo.exe
  C:\Windows\System\BHthclo.exe
  2⤵
  PID:6216
- C:\Windows\System\ATbnoSv.exe
  C:\Windows\System\ATbnoSv.exe
  2⤵
  PID:6232
- C:\Windows\System\TuWKlGe.exe
  C:\Windows\System\TuWKlGe.exe
  2⤵
  PID:6248
- C:\Windows\System\vNqofZb.exe
  C:\Windows\System\vNqofZb.exe
  2⤵
  PID:6272
- C:\Windows\System\TgKdFcZ.exe
  C:\Windows\System\TgKdFcZ.exe
  2⤵
  PID:6288
- C:\Windows\System\uzhbCSD.exe
  C:\Windows\System\uzhbCSD.exe
  2⤵
  PID:6304
- C:\Windows\System\kDMVlrn.exe
  C:\Windows\System\kDMVlrn.exe
  2⤵
  PID:6320
- C:\Windows\System\nQFwCFf.exe
  C:\Windows\System\nQFwCFf.exe
  2⤵
  PID:6336
- C:\Windows\System\fWdHSRG.exe
  C:\Windows\System\fWdHSRG.exe
  2⤵
  PID:6352
- C:\Windows\System\jZDYNRC.exe
  C:\Windows\System\jZDYNRC.exe
  2⤵
  PID:6368
- C:\Windows\System\LhTXObW.exe
  C:\Windows\System\LhTXObW.exe
  2⤵
  PID:6384
- C:\Windows\System\hCrkoaW.exe
  C:\Windows\System\hCrkoaW.exe
  2⤵
  PID:6400
- C:\Windows\System\yWoxzoa.exe
  C:\Windows\System\yWoxzoa.exe
  2⤵
  PID:6416
- C:\Windows\System\drpzJac.exe
  C:\Windows\System\drpzJac.exe
  2⤵
  PID:6432
- C:\Windows\System\EDbNcFi.exe
  C:\Windows\System\EDbNcFi.exe
  2⤵
  PID:6448
- C:\Windows\System\nCtfECQ.exe
  C:\Windows\System\nCtfECQ.exe
  2⤵
  PID:6468
- C:\Windows\System\zmPASnY.exe
  C:\Windows\System\zmPASnY.exe
  2⤵
  PID:6488
- C:\Windows\System\znVdmhh.exe
  C:\Windows\System\znVdmhh.exe
  2⤵
  PID:6508
- C:\Windows\System\pexUwaV.exe
  C:\Windows\System\pexUwaV.exe
  2⤵
  PID:6524
- C:\Windows\System\gfnHOuI.exe
  C:\Windows\System\gfnHOuI.exe
  2⤵
  PID:6540
- C:\Windows\System\nDBshKY.exe
  C:\Windows\System\nDBshKY.exe
  2⤵
  PID:6556
- C:\Windows\System\PSngfEr.exe
  C:\Windows\System\PSngfEr.exe
  2⤵
  PID:6580
- C:\Windows\System\pTVprbD.exe
  C:\Windows\System\pTVprbD.exe
  2⤵
  PID:6596
- C:\Windows\System\kvFNtrm.exe
  C:\Windows\System\kvFNtrm.exe
  2⤵
  PID:6612
- C:\Windows\System\WkBJrzI.exe
  C:\Windows\System\WkBJrzI.exe
  2⤵
  PID:6628
- C:\Windows\System\axhmajZ.exe
  C:\Windows\System\axhmajZ.exe
  2⤵
  PID:6644
- C:\Windows\System\vCGhZvq.exe
  C:\Windows\System\vCGhZvq.exe
  2⤵
  PID:6660
- C:\Windows\System\HfzNXSd.exe
  C:\Windows\System\HfzNXSd.exe
  2⤵
  PID:6676
- C:\Windows\System\mjsjzrk.exe
  C:\Windows\System\mjsjzrk.exe
  2⤵
  PID:6692
- C:\Windows\System\aPWJfdS.exe
  C:\Windows\System\aPWJfdS.exe
  2⤵
  PID:6708
- C:\Windows\System\DjPQXRK.exe
  C:\Windows\System\DjPQXRK.exe
  2⤵
  PID:6724
- C:\Windows\System\wuBpBjz.exe
  C:\Windows\System\wuBpBjz.exe
  2⤵
  PID:6740
- C:\Windows\System\VLgCDwb.exe
  C:\Windows\System\VLgCDwb.exe
  2⤵
  PID:6760
- C:\Windows\System\jtwvVAA.exe
  C:\Windows\System\jtwvVAA.exe
  2⤵
  PID:6776
- C:\Windows\System\UASRpcy.exe
  C:\Windows\System\UASRpcy.exe
  2⤵
  PID:6792
- C:\Windows\System\OxSHyku.exe
  C:\Windows\System\OxSHyku.exe
  2⤵
  PID:6816
- C:\Windows\System\ZVmCMtm.exe
  C:\Windows\System\ZVmCMtm.exe
  2⤵
  PID:6832
- C:\Windows\System\JagUZqI.exe
  C:\Windows\System\JagUZqI.exe
  2⤵
  PID:6848
- C:\Windows\System\nGzyqsR.exe
  C:\Windows\System\nGzyqsR.exe
  2⤵
  PID:6864
- C:\Windows\System\PmJExbf.exe
  C:\Windows\System\PmJExbf.exe
  2⤵
  PID:6880
- C:\Windows\System\HoMFjRx.exe
  C:\Windows\System\HoMFjRx.exe
  2⤵
  PID:6896
- C:\Windows\System\vEfiBHl.exe
  C:\Windows\System\vEfiBHl.exe
  2⤵
  PID:6980
- C:\Windows\System\xrWODye.exe
  C:\Windows\System\xrWODye.exe
  2⤵
  PID:7008
- C:\Windows\System\sPCVZRf.exe
  C:\Windows\System\sPCVZRf.exe
  2⤵
  PID:7032
- C:\Windows\System\BrVjwVB.exe
  C:\Windows\System\BrVjwVB.exe
  2⤵
  PID:7048
- C:\Windows\System\XkCXPsh.exe
  C:\Windows\System\XkCXPsh.exe
  2⤵
  PID:7064
- C:\Windows\System\ZNQmtUY.exe
  C:\Windows\System\ZNQmtUY.exe
  2⤵
  PID:7080
- C:\Windows\System\XWmNZLx.exe
  C:\Windows\System\XWmNZLx.exe
  2⤵
  PID:7096
- C:\Windows\System\ScMmzKS.exe
  C:\Windows\System\ScMmzKS.exe
  2⤵
  PID:7112
- C:\Windows\System\pmAqmjp.exe
  C:\Windows\System\pmAqmjp.exe
  2⤵
  PID:7128
- C:\Windows\System\bfarbxg.exe
  C:\Windows\System\bfarbxg.exe
  2⤵
  PID:7144
- C:\Windows\System\PMyXNMM.exe
  C:\Windows\System\PMyXNMM.exe
  2⤵
  PID:7160
- C:\Windows\System\fKBLVmt.exe
  C:\Windows\System\fKBLVmt.exe
  2⤵
  PID:5244
- C:\Windows\System\YocZnxg.exe
  C:\Windows\System\YocZnxg.exe
  2⤵
  PID:5416
- C:\Windows\System\ngkDMZi.exe
  C:\Windows\System\ngkDMZi.exe
  2⤵
  PID:5564
- C:\Windows\System\XhxOCjf.exe
  C:\Windows\System\XhxOCjf.exe
  2⤵
  PID:5692
- C:\Windows\System\gNyIxkh.exe
  C:\Windows\System\gNyIxkh.exe
  2⤵
  PID:5768
- C:\Windows\System\ShFwqFF.exe
  C:\Windows\System\ShFwqFF.exe
  2⤵
  PID:6412
- C:\Windows\System\HzfDPYi.exe
  C:\Windows\System\HzfDPYi.exe
  2⤵
  PID:6536
- C:\Windows\System\XYqRtTD.exe
  C:\Windows\System\XYqRtTD.exe
  2⤵
  PID:6732
- C:\Windows\System\oEFNxHo.exe
  C:\Windows\System\oEFNxHo.exe
  2⤵
  PID:6828
- C:\Windows\System\SJBGSim.exe
  C:\Windows\System\SJBGSim.exe
  2⤵
  PID:6892
- C:\Windows\System\MdTEUHJ.exe
  C:\Windows\System\MdTEUHJ.exe
  2⤵
  PID:6652
- C:\Windows\System\YvdoPLw.exe
  C:\Windows\System\YvdoPLw.exe
  2⤵
  PID:6840
- C:\Windows\System\EogBXwa.exe
  C:\Windows\System\EogBXwa.exe
  2⤵
  PID:7000
- C:\Windows\System\sEpTnof.exe
  C:\Windows\System\sEpTnof.exe
  2⤵
  PID:7196
- C:\Windows\System\EUQzCMm.exe
  C:\Windows\System\EUQzCMm.exe
  2⤵
  PID:7320
- C:\Windows\System\XwODyWA.exe
  C:\Windows\System\XwODyWA.exe
  2⤵
  PID:7448
- C:\Windows\System\smFUHmx.exe
  C:\Windows\System\smFUHmx.exe
  2⤵
  PID:7480
- C:\Windows\System\HPywdDR.exe
  C:\Windows\System\HPywdDR.exe
  2⤵
  PID:7500
- C:\Windows\System\lAptSOw.exe
  C:\Windows\System\lAptSOw.exe
  2⤵
  PID:7524
- C:\Windows\System\KlqfhrT.exe
  C:\Windows\System\KlqfhrT.exe
  2⤵
  PID:7540
- C:\Windows\System\vtrNDHF.exe
  C:\Windows\System\vtrNDHF.exe
  2⤵
  PID:7556
- C:\Windows\System\TgabsfN.exe
  C:\Windows\System\TgabsfN.exe
  2⤵
  PID:7572
- C:\Windows\System\JrxDUAp.exe
  C:\Windows\System\JrxDUAp.exe
  2⤵
  PID:7588
- C:\Windows\System\zRvkVGs.exe
  C:\Windows\System\zRvkVGs.exe
  2⤵
  PID:7604
- C:\Windows\System\TJabdlb.exe
  C:\Windows\System\TJabdlb.exe
  2⤵
  PID:7620
- C:\Windows\System\UBKptfs.exe
  C:\Windows\System\UBKptfs.exe
  2⤵
  PID:7636
- C:\Windows\System\JydzIgm.exe
  C:\Windows\System\JydzIgm.exe
  2⤵
  PID:7652
- C:\Windows\System\FtJmpoz.exe
  C:\Windows\System\FtJmpoz.exe
  2⤵
  PID:7668
- C:\Windows\System\DZlXQpQ.exe
  C:\Windows\System\DZlXQpQ.exe
  2⤵
  PID:7684
- C:\Windows\System\HBWVolF.exe
  C:\Windows\System\HBWVolF.exe
  2⤵
  PID:7700
- C:\Windows\System\ltPbqqQ.exe
  C:\Windows\System\ltPbqqQ.exe
  2⤵
  PID:7716
- C:\Windows\System\vbURIYG.exe
  C:\Windows\System\vbURIYG.exe
  2⤵
  PID:7732
- C:\Windows\System\ynaCUGX.exe
  C:\Windows\System\ynaCUGX.exe
  2⤵
  PID:7748
- C:\Windows\System\RGLyiNn.exe
  C:\Windows\System\RGLyiNn.exe
  2⤵
  PID:7764
- C:\Windows\System\gnfaRqc.exe
  C:\Windows\System\gnfaRqc.exe
  2⤵
  PID:7780
- C:\Windows\System\afUciLW.exe
  C:\Windows\System\afUciLW.exe
  2⤵
  PID:7796
- C:\Windows\System\NCsjYVV.exe
  C:\Windows\System\NCsjYVV.exe
  2⤵
  PID:7812
- C:\Windows\System\dwjbnGw.exe
  C:\Windows\System\dwjbnGw.exe
  2⤵
  PID:7828
- C:\Windows\System\HkjmncK.exe
  C:\Windows\System\HkjmncK.exe
  2⤵
  PID:7844
- C:\Windows\System\KYioTgI.exe
  C:\Windows\System\KYioTgI.exe
  2⤵
  PID:7860
- C:\Windows\System\qkUcCfp.exe
  C:\Windows\System\qkUcCfp.exe
  2⤵
  PID:7876
- C:\Windows\System\hoyvmmL.exe
  C:\Windows\System\hoyvmmL.exe
  2⤵
  PID:7892
- C:\Windows\System\mphbsMR.exe
  C:\Windows\System\mphbsMR.exe
  2⤵
  PID:7908
- C:\Windows\System\GMkNlAc.exe
  C:\Windows\System\GMkNlAc.exe
  2⤵
  PID:7924
- C:\Windows\System\HazuHCq.exe
  C:\Windows\System\HazuHCq.exe
  2⤵
  PID:7940
- C:\Windows\System\mLyQJkU.exe
  C:\Windows\System\mLyQJkU.exe
  2⤵
  PID:7956
- C:\Windows\System\ACHABDa.exe
  C:\Windows\System\ACHABDa.exe
  2⤵
  PID:7972
- C:\Windows\System\DjksYZO.exe
  C:\Windows\System\DjksYZO.exe
  2⤵
  PID:7988
- C:\Windows\System\EowsqBW.exe
  C:\Windows\System\EowsqBW.exe
  2⤵
  PID:8004
- C:\Windows\System\npFaKyU.exe
  C:\Windows\System\npFaKyU.exe
  2⤵
  PID:8020
- C:\Windows\System\qUwFntP.exe
  C:\Windows\System\qUwFntP.exe
  2⤵
  PID:8036
- C:\Windows\System\XNfItsJ.exe
  C:\Windows\System\XNfItsJ.exe
  2⤵
  PID:8052
- C:\Windows\System\BzBtPED.exe
  C:\Windows\System\BzBtPED.exe
  2⤵
  PID:8068
- C:\Windows\System\AetfrVG.exe
  C:\Windows\System\AetfrVG.exe
  2⤵
  PID:8084
- C:\Windows\System\IrxeyqS.exe
  C:\Windows\System\IrxeyqS.exe
  2⤵
  PID:8100
- C:\Windows\System\OnaNPzG.exe
  C:\Windows\System\OnaNPzG.exe
  2⤵
  PID:8116
- C:\Windows\System\jogtbOA.exe
  C:\Windows\System\jogtbOA.exe
  2⤵
  PID:8132
- C:\Windows\System\hejsbnV.exe
  C:\Windows\System\hejsbnV.exe
  2⤵
  PID:8148
- C:\Windows\System\QnkKJtL.exe
  C:\Windows\System\QnkKJtL.exe
  2⤵
  PID:8164
- C:\Windows\System\QypnfWd.exe
  C:\Windows\System\QypnfWd.exe
  2⤵
  PID:8180
- C:\Windows\System\hpOMqqr.exe
  C:\Windows\System\hpOMqqr.exe
  2⤵
  PID:6956
- C:\Windows\System\wetdchi.exe
  C:\Windows\System\wetdchi.exe
  2⤵
  PID:6972
- C:\Windows\System\lirlMXL.exe
  C:\Windows\System\lirlMXL.exe
  2⤵
  PID:6624
- C:\Windows\System\cbWpZGp.exe
  C:\Windows\System\cbWpZGp.exe
  2⤵
  PID:7028
- C:\Windows\System\ciEPcQx.exe
  C:\Windows\System\ciEPcQx.exe
  2⤵
  PID:7092
- C:\Windows\System\mfRDYSW.exe
  C:\Windows\System\mfRDYSW.exe
  2⤵
  PID:6992
- C:\Windows\System\myacKTI.exe
  C:\Windows\System\myacKTI.exe
  2⤵
  PID:7220
- C:\Windows\System\mLZyUXh.exe
  C:\Windows\System\mLZyUXh.exe
  2⤵
  PID:7236
- C:\Windows\System\kargcPB.exe
  C:\Windows\System\kargcPB.exe
  2⤵
  PID:7252
- C:\Windows\System\jvdrecf.exe
  C:\Windows\System\jvdrecf.exe
  2⤵
  PID:7268
- C:\Windows\System\YrqtqAE.exe
  C:\Windows\System\YrqtqAE.exe
  2⤵
  PID:7284
- C:\Windows\System\iOZruLU.exe
  C:\Windows\System\iOZruLU.exe
  2⤵
  PID:7300
- C:\Windows\System\UbujGOj.exe
  C:\Windows\System\UbujGOj.exe
  2⤵
  PID:7316
- C:\Windows\System\UWZXsNj.exe
  C:\Windows\System\UWZXsNj.exe
  2⤵
  PID:5352
- C:\Windows\System\gSTwfGu.exe
  C:\Windows\System\gSTwfGu.exe
  2⤵
  PID:5884
- C:\Windows\System\GxKLvlV.exe
  C:\Windows\System\GxKLvlV.exe
  2⤵
  PID:5896
- C:\Windows\System\iQzVcgz.exe
  C:\Windows\System\iQzVcgz.exe
  2⤵
  PID:6112
- C:\Windows\System\CgTUDqY.exe
  C:\Windows\System\CgTUDqY.exe
  2⤵
  PID:4716
- C:\Windows\System\nrMZCVS.exe
  C:\Windows\System\nrMZCVS.exe
  2⤵
  PID:6148
- C:\Windows\System\aiSmrMj.exe
  C:\Windows\System\aiSmrMj.exe
  2⤵
  PID:6180
- C:\Windows\System\WCLJtzG.exe
  C:\Windows\System\WCLJtzG.exe
  2⤵
  PID:6212
- C:\Windows\System\pslOvfm.exe
  C:\Windows\System\pslOvfm.exe
  2⤵
  PID:6244
- C:\Windows\System\QkBUICr.exe
  C:\Windows\System\QkBUICr.exe
  2⤵
  PID:6296
- C:\Windows\System\arxQHPj.exe
  C:\Windows\System\arxQHPj.exe
  2⤵
  PID:6328
- C:\Windows\System\nmGfhzW.exe
  C:\Windows\System\nmGfhzW.exe
  2⤵
  PID:6348
- C:\Windows\System\CaeCERZ.exe
  C:\Windows\System\CaeCERZ.exe
  2⤵
  PID:6392
- C:\Windows\System\ltKTprb.exe
  C:\Windows\System\ltKTprb.exe
  2⤵
  PID:6424
- C:\Windows\System\RyXkrip.exe
  C:\Windows\System\RyXkrip.exe
  2⤵
  PID:6604
- C:\Windows\System\ZZrKKAc.exe
  C:\Windows\System\ZZrKKAc.exe
  2⤵
  PID:6668
- C:\Windows\System\XYyUgTs.exe
  C:\Windows\System\XYyUgTs.exe
  2⤵
  PID:6860
- C:\Windows\System\RYMtSFk.exe
  C:\Windows\System\RYMtSFk.exe
  2⤵
  PID:6688
- C:\Windows\System\dkLISYf.exe
  C:\Windows\System\dkLISYf.exe
  2⤵
  PID:7072
- C:\Windows\System\hrDKcmS.exe
  C:\Windows\System\hrDKcmS.exe
  2⤵
  PID:7136
- C:\Windows\System\ajnMbuk.exe
  C:\Windows\System\ajnMbuk.exe
  2⤵
  PID:5500
- C:\Windows\System\ysPkDAw.exe
  C:\Windows\System\ysPkDAw.exe
  2⤵
  PID:6440
- C:\Windows\System\qRutqbO.exe
  C:\Windows\System\qRutqbO.exe
  2⤵
  PID:6480
- C:\Windows\System\SDQhuQX.exe
  C:\Windows\System\SDQhuQX.exe
  2⤵
  PID:6456
- C:\Windows\System\MDydoBz.exe
  C:\Windows\System\MDydoBz.exe
  2⤵
  PID:6772
- C:\Windows\System\CmFaQru.exe
  C:\Windows\System\CmFaQru.exe
  2⤵
  PID:7176
- C:\Windows\System\uXdIpiG.exe
  C:\Windows\System\uXdIpiG.exe
  2⤵
  PID:7192
- C:\Windows\System\TGClOsd.exe
  C:\Windows\System\TGClOsd.exe
  2⤵
  PID:7460
- C:\Windows\System\ACIgCyx.exe
  C:\Windows\System\ACIgCyx.exe
  2⤵
  PID:7332
- C:\Windows\System\oibQngX.exe
  C:\Windows\System\oibQngX.exe
  2⤵
  PID:7352
- C:\Windows\System\MDguMaK.exe
  C:\Windows\System\MDguMaK.exe
  2⤵
  PID:7368
- C:\Windows\System\LWWbQZt.exe
  C:\Windows\System\LWWbQZt.exe
  2⤵
  PID:7384
- C:\Windows\System\xexOICw.exe
  C:\Windows\System\xexOICw.exe
  2⤵
  PID:7400
- C:\Windows\System\TBQMyrJ.exe
  C:\Windows\System\TBQMyrJ.exe
  2⤵
  PID:7416
- C:\Windows\System\umQThkF.exe
  C:\Windows\System\umQThkF.exe
  2⤵
  PID:7436
- C:\Windows\System\gvuBsoo.exe
  C:\Windows\System\gvuBsoo.exe
  2⤵
  PID:7508
- C:\Windows\System\MTYMRci.exe
  C:\Windows\System\MTYMRci.exe
  2⤵
  PID:7552
- C:\Windows\System\RFWqluT.exe
  C:\Windows\System\RFWqluT.exe
  2⤵
  PID:7496
- C:\Windows\System\UIeEbrI.exe
  C:\Windows\System\UIeEbrI.exe
  2⤵
  PID:7564
- C:\Windows\System\xntzzbf.exe
  C:\Windows\System\xntzzbf.exe
  2⤵
  PID:7648
- C:\Windows\System\pglpBNg.exe
  C:\Windows\System\pglpBNg.exe
  2⤵
  PID:7680
- C:\Windows\System\JFVgSgn.exe
  C:\Windows\System\JFVgSgn.exe
  2⤵
  PID:7632
- C:\Windows\System\oNIuhLX.exe
  C:\Windows\System\oNIuhLX.exe
  2⤵
  PID:7696
- C:\Windows\System\TwhcfMP.exe
  C:\Windows\System\TwhcfMP.exe
  2⤵
  PID:2272
- C:\Windows\System\NHXcdQd.exe
  C:\Windows\System\NHXcdQd.exe
  2⤵
  PID:7760
- C:\Windows\System\gsCLJxe.exe
  C:\Windows\System\gsCLJxe.exe
  2⤵
  PID:7808
- C:\Windows\System\HypYhRE.exe
  C:\Windows\System\HypYhRE.exe
  2⤵
  PID:7840
- C:\Windows\System\lOaCVlz.exe
  C:\Windows\System\lOaCVlz.exe
  2⤵
  PID:2156
- C:\Windows\System\XZxhaYl.exe
  C:\Windows\System\XZxhaYl.exe
  2⤵
  PID:7900
- C:\Windows\System\VAZNNhg.exe
  C:\Windows\System\VAZNNhg.exe
  2⤵
  PID:2368
- C:\Windows\System\WNSHfsl.exe
  C:\Windows\System\WNSHfsl.exe
  2⤵
  PID:7920
- C:\Windows\System\jIcbDOS.exe
  C:\Windows\System\jIcbDOS.exe
  2⤵
  PID:7952
- C:\Windows\System\LEeQAgG.exe
  C:\Windows\System\LEeQAgG.exe
  2⤵
  PID:7984
- C:\Windows\System\UfjAFHL.exe
  C:\Windows\System\UfjAFHL.exe
  2⤵
  PID:8016
- C:\Windows\System\RMaAzFY.exe
  C:\Windows\System\RMaAzFY.exe
  2⤵
  PID:8048
- C:\Windows\System\jXJZCQg.exe
  C:\Windows\System\jXJZCQg.exe
  2⤵
  PID:8096
- C:\Windows\System\OyBIchA.exe
  C:\Windows\System\OyBIchA.exe
  2⤵
  PID:8112
- C:\Windows\System\XWDcCdX.exe
  C:\Windows\System\XWDcCdX.exe
  2⤵
  PID:8144
- C:\Windows\System\CxfXyhY.exe
  C:\Windows\System\CxfXyhY.exe
  2⤵
  PID:6924
- C:\Windows\System\wOLfFhM.exe
  C:\Windows\System\wOLfFhM.exe
  2⤵
  PID:6592
- C:\Windows\System\YFJdzYb.exe
  C:\Windows\System\YFJdzYb.exe
  2⤵
  PID:2404
- C:\Windows\System\hIrgYvq.exe
  C:\Windows\System\hIrgYvq.exe
  2⤵
  PID:7208
- C:\Windows\System\IPQagUz.exe
  C:\Windows\System\IPQagUz.exe
  2⤵
  PID:7248
- C:\Windows\System\iThzSoh.exe
  C:\Windows\System\iThzSoh.exe
  2⤵
  PID:7260
- C:\Windows\System\KtmVGGs.exe
  C:\Windows\System\KtmVGGs.exe
  2⤵
  PID:7308
- C:\Windows\System\PGwQoCu.exe
  C:\Windows\System\PGwQoCu.exe
  2⤵
  PID:5628
- C:\Windows\System\UIZYivS.exe
  C:\Windows\System\UIZYivS.exe
  2⤵
  PID:5640
- C:\Windows\System\rXnIeUa.exe
  C:\Windows\System\rXnIeUa.exe
  2⤵
  PID:5948
- C:\Windows\System\zWBfwVQ.exe
  C:\Windows\System\zWBfwVQ.exe
  2⤵
  PID:2244
- C:\Windows\System\emRpCtP.exe
  C:\Windows\System\emRpCtP.exe
  2⤵
  PID:6208
- C:\Windows\System\oeyAwyQ.exe
  C:\Windows\System\oeyAwyQ.exe
  2⤵
  PID:6260
- C:\Windows\System\NZLPBLi.exe
  C:\Windows\System\NZLPBLi.exe
  2⤵
  PID:6240
- C:\Windows\System\sNSGNFQ.exe
  C:\Windows\System\sNSGNFQ.exe
  2⤵
  PID:6344
- C:\Windows\System\qayDKzI.exe
  C:\Windows\System\qayDKzI.exe
  2⤵
  PID:6408
- C:\Windows\System\sJXSwhD.exe
  C:\Windows\System\sJXSwhD.exe
  2⤵
  PID:6564
- C:\Windows\System\vTopwjN.exe
  C:\Windows\System\vTopwjN.exe
  2⤵
  PID:6700
- C:\Windows\System\oOiZtFc.exe
  C:\Windows\System\oOiZtFc.exe
  2⤵
  PID:7044
- C:\Windows\System\CEYOBAB.exe
  C:\Windows\System\CEYOBAB.exe
  2⤵
  PID:5756
- C:\Windows\System\ifivuun.exe
  C:\Windows\System\ifivuun.exe
  2⤵
  PID:2668
- C:\Windows\System\cJiwBLA.exe
  C:\Windows\System\cJiwBLA.exe
  2⤵
  PID:2808
- C:\Windows\System\wDsYfCE.exe
  C:\Windows\System\wDsYfCE.exe
  2⤵
  PID:6460
- C:\Windows\System\oAGDROU.exe
  C:\Windows\System\oAGDROU.exe
  2⤵
  PID:2556
- C:\Windows\System\qpnSyzH.exe
  C:\Windows\System\qpnSyzH.exe
  2⤵
  PID:7464
- C:\Windows\System\XjycxBy.exe
  C:\Windows\System\XjycxBy.exe
  2⤵
  PID:7184
- C:\Windows\System\ESsqcHF.exe
  C:\Windows\System\ESsqcHF.exe
  2⤵
  PID:7376
- C:\Windows\System\PpquLuH.exe
  C:\Windows\System\PpquLuH.exe
  2⤵
  PID:7408
- C:\Windows\System\gahJKKc.exe
  C:\Windows\System\gahJKKc.exe
  2⤵
  PID:7488
- C:\Windows\System\EkUtMie.exe
  C:\Windows\System\EkUtMie.exe
  2⤵
  PID:7492
- C:\Windows\System\dsKuCIy.exe
  C:\Windows\System\dsKuCIy.exe
  2⤵
  PID:7348
- C:\Windows\System\vYiGwLv.exe
  C:\Windows\System\vYiGwLv.exe
  2⤵
  PID:7712
- C:\Windows\System\iTYmRTG.exe
  C:\Windows\System\iTYmRTG.exe
  2⤵
  PID:7600
- C:\Windows\System\QNdfRjX.exe
  C:\Windows\System\QNdfRjX.exe
  2⤵
  PID:7692
- C:\Windows\System\irHwhTU.exe
  C:\Windows\System\irHwhTU.exe
  2⤵
  PID:7868
- C:\Windows\System\iJRQvOv.exe
  C:\Windows\System\iJRQvOv.exe
  2⤵
  PID:2276
- C:\Windows\System\mFjsPdW.exe
  C:\Windows\System\mFjsPdW.exe
  2⤵
  PID:7936
- C:\Windows\System\hsXIOOi.exe
  C:\Windows\System\hsXIOOi.exe
  2⤵
  PID:8080
- C:\Windows\System\zdpPqRt.exe
  C:\Windows\System\zdpPqRt.exe
  2⤵
  PID:1332
- C:\Windows\System\MoPShUk.exe
  C:\Windows\System\MoPShUk.exe
  2⤵
  PID:6964
- C:\Windows\System\reeaPKy.exe
  C:\Windows\System\reeaPKy.exe
  2⤵
  PID:8060
- C:\Windows\System\dPOFSao.exe
  C:\Windows\System\dPOFSao.exe
  2⤵
  PID:8172
- C:\Windows\System\Brifjuj.exe
  C:\Windows\System\Brifjuj.exe
  2⤵
  PID:7060
- C:\Windows\System\TZrlsTX.exe
  C:\Windows\System\TZrlsTX.exe
  2⤵
  PID:6908
- C:\Windows\System\rgwxXKE.exe
  C:\Windows\System\rgwxXKE.exe
  2⤵
  PID:7264
- C:\Windows\System\WkoAzEM.exe
  C:\Windows\System\WkoAzEM.exe
  2⤵
  PID:6044
- C:\Windows\System\BHTFwHo.exe
  C:\Windows\System\BHTFwHo.exe
  2⤵
  PID:5180
- C:\Windows\System\jYCTVbu.exe
  C:\Windows\System\jYCTVbu.exe
  2⤵
  PID:2304
- C:\Windows\System\GGiNUBG.exe
  C:\Windows\System\GGiNUBG.exe
  2⤵
  PID:2684
- C:\Windows\System\XHWMFoh.exe
  C:\Windows\System\XHWMFoh.exe
  2⤵
  PID:6376
- C:\Windows\System\cyFcZcz.exe
  C:\Windows\System\cyFcZcz.exe
  2⤵
  PID:2964
- C:\Windows\System\WKSPyuP.exe
  C:\Windows\System\WKSPyuP.exe
  2⤵
  PID:6312
- C:\Windows\System\IEpbtwj.exe
  C:\Windows\System\IEpbtwj.exe
  2⤵
  PID:6636
- C:\Windows\System\ldiIyWR.exe
  C:\Windows\System\ldiIyWR.exe
  2⤵
  PID:6996
- C:\Windows\System\PFONcpF.exe
  C:\Windows\System\PFONcpF.exe
  2⤵
  PID:1548
- C:\Windows\System\CwVdmTQ.exe
  C:\Windows\System\CwVdmTQ.exe
  2⤵
  PID:6500
- C:\Windows\System\NqhlugN.exe
  C:\Windows\System\NqhlugN.exe
  2⤵
  PID:5288
- C:\Windows\System\oljxALs.exe
  C:\Windows\System\oljxALs.exe
  2⤵
  PID:6532
- C:\Windows\System\NNwbtbN.exe
  C:\Windows\System\NNwbtbN.exe
  2⤵
  PID:6824
- C:\Windows\System\cPYShVu.exe
  C:\Windows\System\cPYShVu.exe
  2⤵
  PID:1420
- C:\Windows\System\sReChJx.exe
  C:\Windows\System\sReChJx.exe
  2⤵
  PID:7344
- C:\Windows\System\vkAtjyw.exe
  C:\Windows\System\vkAtjyw.exe
  2⤵
  PID:7740
- C:\Windows\System\fxiqOfe.exe
  C:\Windows\System\fxiqOfe.exe
  2⤵
  PID:7364
- C:\Windows\System\clNfLlB.exe
  C:\Windows\System\clNfLlB.exe
  2⤵
  PID:7536
- C:\Windows\System\vgLtqmy.exe
  C:\Windows\System\vgLtqmy.exe
  2⤵
  PID:7676
- C:\Windows\System\qwgDPtF.exe
  C:\Windows\System\qwgDPtF.exe
  2⤵
  PID:1920
- C:\Windows\System\vBRcEtl.exe
  C:\Windows\System\vBRcEtl.exe
  2⤵
  PID:7836
- C:\Windows\System\cumEdVl.exe
  C:\Windows\System\cumEdVl.exe
  2⤵
  PID:8076
- C:\Windows\System\ZujTTBo.exe
  C:\Windows\System\ZujTTBo.exe
  2⤵
  PID:7856
- C:\Windows\System\dsCBZss.exe
  C:\Windows\System\dsCBZss.exe
  2⤵
  PID:1848
- C:\Windows\System\OgSZDCB.exe
  C:\Windows\System\OgSZDCB.exe
  2⤵
  PID:7996
- C:\Windows\System\qIkLObI.exe
  C:\Windows\System\qIkLObI.exe
  2⤵
  PID:7232
- C:\Windows\System\sgfaESf.exe
  C:\Windows\System\sgfaESf.exe
  2⤵
  PID:2624
- C:\Windows\System\PceHNlq.exe
  C:\Windows\System\PceHNlq.exe
  2⤵
  PID:7296
- C:\Windows\System\IbsbihR.exe
  C:\Windows\System\IbsbihR.exe
  2⤵
  PID:2220
- C:\Windows\System\DaljAfQ.exe
  C:\Windows\System\DaljAfQ.exe
  2⤵
  PID:6380
- C:\Windows\System\tVCyHxk.exe
  C:\Windows\System\tVCyHxk.exe
  2⤵
  PID:2640
- C:\Windows\System\hCEfRpH.exe
  C:\Windows\System\hCEfRpH.exe
  2⤵
  PID:2480
- C:\Windows\System\QnZTlCu.exe
  C:\Windows\System\QnZTlCu.exe
  2⤵
  PID:620
- C:\Windows\System\ITHxzgU.exe
  C:\Windows\System\ITHxzgU.exe
  2⤵
  PID:480
- C:\Windows\System\iISGojc.exe
  C:\Windows\System\iISGojc.exe
  2⤵
  PID:7456
- C:\Windows\System\BKLKZES.exe
  C:\Windows\System\BKLKZES.exe
  2⤵
  PID:2528
- C:\Windows\System\RNHLDVw.exe
  C:\Windows\System\RNHLDVw.exe
  2⤵
  PID:7964
- C:\Windows\System\UwMSItE.exe
  C:\Windows\System\UwMSItE.exe
  2⤵
  PID:7280
- C:\Windows\System\dlCRCQA.exe
  C:\Windows\System\dlCRCQA.exe
  2⤵
  PID:7328
- C:\Windows\System\cmXLkHx.exe
  C:\Windows\System\cmXLkHx.exe
  2⤵
  PID:1748
- C:\Windows\System\mrsvVow.exe
  C:\Windows\System\mrsvVow.exe
  2⤵
  PID:8200
- C:\Windows\System\iPlQxIT.exe
  C:\Windows\System\iPlQxIT.exe
  2⤵
  PID:8216
- C:\Windows\System\EZZXtYA.exe
  C:\Windows\System\EZZXtYA.exe
  2⤵
  PID:8232
- C:\Windows\System\UWYesQA.exe
  C:\Windows\System\UWYesQA.exe
  2⤵
  PID:8248
- C:\Windows\System\OxRtNhg.exe
  C:\Windows\System\OxRtNhg.exe
  2⤵
  PID:8264
- C:\Windows\System\qauiqGr.exe
  C:\Windows\System\qauiqGr.exe
  2⤵
  PID:8280
- C:\Windows\System\JNzFfSk.exe
  C:\Windows\System\JNzFfSk.exe
  2⤵
  PID:8296
- C:\Windows\System\eGCkQtm.exe
  C:\Windows\System\eGCkQtm.exe
  2⤵
  PID:8312
- C:\Windows\System\GyVNGuG.exe
  C:\Windows\System\GyVNGuG.exe
  2⤵
  PID:8328
- C:\Windows\System\DlghyVu.exe
  C:\Windows\System\DlghyVu.exe
  2⤵
  PID:8344
- C:\Windows\System\UYtNbTD.exe
  C:\Windows\System\UYtNbTD.exe
  2⤵
  PID:8360
- C:\Windows\System\XXEkirS.exe
  C:\Windows\System\XXEkirS.exe
  2⤵
  PID:8376
- C:\Windows\System\PTRwlIx.exe
  C:\Windows\System\PTRwlIx.exe
  2⤵
  PID:8392
- C:\Windows\System\aJdBOPv.exe
  C:\Windows\System\aJdBOPv.exe
  2⤵
  PID:8408
- C:\Windows\System\PqmazAo.exe
  C:\Windows\System\PqmazAo.exe
  2⤵
  PID:8424
- C:\Windows\System\dnpajhf.exe
  C:\Windows\System\dnpajhf.exe
  2⤵
  PID:8440
- C:\Windows\System\dIUeema.exe
  C:\Windows\System\dIUeema.exe
  2⤵
  PID:8456
- C:\Windows\System\khdXVQJ.exe
  C:\Windows\System\khdXVQJ.exe
  2⤵
  PID:8472
- C:\Windows\System\OSzXlXr.exe
  C:\Windows\System\OSzXlXr.exe
  2⤵
  PID:8488
- C:\Windows\System\UuxXJpx.exe
  C:\Windows\System\UuxXJpx.exe
  2⤵
  PID:8504
- C:\Windows\System\RtpmScu.exe
  C:\Windows\System\RtpmScu.exe
  2⤵
  PID:8520
- C:\Windows\System\qxuxWaE.exe
  C:\Windows\System\qxuxWaE.exe
  2⤵
  PID:8536
- C:\Windows\System\aaawYBn.exe
  C:\Windows\System\aaawYBn.exe
  2⤵
  PID:8552
- C:\Windows\System\NwZHTvw.exe
  C:\Windows\System\NwZHTvw.exe
  2⤵
  PID:8572
- C:\Windows\System\CrnvvzI.exe
  C:\Windows\System\CrnvvzI.exe
  2⤵
  PID:8588
- C:\Windows\System\gyPFWfi.exe
  C:\Windows\System\gyPFWfi.exe
  2⤵
  PID:8604
- C:\Windows\System\xTDaGGw.exe
  C:\Windows\System\xTDaGGw.exe
  2⤵
  PID:8620
- C:\Windows\System\rmHvENZ.exe
  C:\Windows\System\rmHvENZ.exe
  2⤵
  PID:8636
- C:\Windows\System\DQPQhoD.exe
  C:\Windows\System\DQPQhoD.exe
  2⤵
  PID:8652
- C:\Windows\System\gYzUTJs.exe
  C:\Windows\System\gYzUTJs.exe
  2⤵
  PID:8668
- C:\Windows\System\PQBamkJ.exe
  C:\Windows\System\PQBamkJ.exe
  2⤵
  PID:8684
- C:\Windows\System\iYEULmd.exe
  C:\Windows\System\iYEULmd.exe
  2⤵
  PID:8700
- C:\Windows\System\zeOqNbR.exe
  C:\Windows\System\zeOqNbR.exe
  2⤵
  PID:8984
- C:\Windows\System\xOaktdl.exe
  C:\Windows\System\xOaktdl.exe
  2⤵
  PID:9008
- C:\Windows\System\OvqAdTi.exe
  C:\Windows\System\OvqAdTi.exe
  2⤵
  PID:9028
- C:\Windows\System\ZWCezoD.exe
  C:\Windows\System\ZWCezoD.exe
  2⤵
  PID:9052
- C:\Windows\System\CZhFnHd.exe
  C:\Windows\System\CZhFnHd.exe
  2⤵
  PID:9072
- C:\Windows\System\lNYtTba.exe
  C:\Windows\System\lNYtTba.exe
  2⤵
  PID:9088
- C:\Windows\System\Hnmwsug.exe
  C:\Windows\System\Hnmwsug.exe
  2⤵
  PID:9104
- C:\Windows\System\FaiKrPU.exe
  C:\Windows\System\FaiKrPU.exe
  2⤵
  PID:9120
- C:\Windows\System\lmWxYUs.exe
  C:\Windows\System\lmWxYUs.exe
  2⤵
  PID:9136
- C:\Windows\System\AXYyNgR.exe
  C:\Windows\System\AXYyNgR.exe
  2⤵
  PID:9156
- C:\Windows\System\BopyCpF.exe
  C:\Windows\System\BopyCpF.exe
  2⤵
  PID:9172
- C:\Windows\System\QVZRCJU.exe
  C:\Windows\System\QVZRCJU.exe
  2⤵
  PID:9188
- C:\Windows\System\iABRjnJ.exe
  C:\Windows\System\iABRjnJ.exe
  2⤵
  PID:9208
- C:\Windows\System\UMTPGRr.exe
  C:\Windows\System\UMTPGRr.exe
  2⤵
  PID:1256
- C:\Windows\System\yseVXzb.exe
  C:\Windows\System\yseVXzb.exe
  2⤵
  PID:1616
- C:\Windows\System\tNaEDzr.exe
  C:\Windows\System\tNaEDzr.exe
  2⤵
  PID:8384
- C:\Windows\System\bvfiDIT.exe
  C:\Windows\System\bvfiDIT.exe
  2⤵
  PID:8388
- C:\Windows\System\HldOAAo.exe
  C:\Windows\System\HldOAAo.exe
  2⤵
  PID:8600
- C:\Windows\System\tAOlCBx.exe
  C:\Windows\System\tAOlCBx.exe
  2⤵
  PID:8544
- C:\Windows\System\CQuNpvJ.exe
  C:\Windows\System\CQuNpvJ.exe
  2⤵
  PID:8676
- C:\Windows\System\cSSiyNN.exe
  C:\Windows\System\cSSiyNN.exe
  2⤵
  PID:8616
- C:\Windows\System\wOTGygx.exe
  C:\Windows\System\wOTGygx.exe
  2⤵
  PID:8516
- C:\Windows\System\iSLoKBW.exe
  C:\Windows\System\iSLoKBW.exe
  2⤵
  PID:8680
- C:\Windows\System\TLQJgKA.exe
  C:\Windows\System\TLQJgKA.exe
  2⤵
  PID:6684
- C:\Windows\System\qJiONVU.exe
  C:\Windows\System\qJiONVU.exe
  2⤵
  PID:8728
- C:\Windows\System\QOwncWB.exe
  C:\Windows\System\QOwncWB.exe
  2⤵
  PID:8996
- C:\Windows\System\igYsEHI.exe
  C:\Windows\System\igYsEHI.exe
  2⤵
  PID:8744
- C:\Windows\System\qvOWClq.exe
  C:\Windows\System\qvOWClq.exe
  2⤵
  PID:8760
- C:\Windows\System\mWHNTxT.exe
  C:\Windows\System\mWHNTxT.exe
  2⤵
  PID:8776
- C:\Windows\System\jQfMGQC.exe
  C:\Windows\System\jQfMGQC.exe
  2⤵
  PID:8792
- C:\Windows\System\ofKssWu.exe
  C:\Windows\System\ofKssWu.exe
  2⤵
  PID:8808
- C:\Windows\System\hjejOvn.exe
  C:\Windows\System\hjejOvn.exe
  2⤵
  PID:8824
- C:\Windows\System\qkabFoI.exe
  C:\Windows\System\qkabFoI.exe
  2⤵
  PID:8840
- C:\Windows\System\nlQdyOH.exe
  C:\Windows\System\nlQdyOH.exe
  2⤵
  PID:8856
- C:\Windows\System\DjJVPsI.exe
  C:\Windows\System\DjJVPsI.exe
  2⤵
  PID:8872
- C:\Windows\System\ocjnncF.exe
  C:\Windows\System\ocjnncF.exe
  2⤵
  PID:8888
- C:\Windows\System\qyXPsvu.exe
  C:\Windows\System\qyXPsvu.exe
  2⤵
  PID:8904
- C:\Windows\System\yzNoUEn.exe
  C:\Windows\System\yzNoUEn.exe
  2⤵
  PID:8920
- C:\Windows\System\ZjJNxDK.exe
  C:\Windows\System\ZjJNxDK.exe
  2⤵
  PID:8936
- C:\Windows\System\qsHAkcq.exe
  C:\Windows\System\qsHAkcq.exe
  2⤵
  PID:8952
- C:\Windows\System\FhtZliS.exe
  C:\Windows\System\FhtZliS.exe
  2⤵
  PID:8968
- C:\Windows\System\DMXkMjP.exe
  C:\Windows\System\DMXkMjP.exe
  2⤵
  PID:9016
- C:\Windows\System\fOIyMSv.exe
  C:\Windows\System\fOIyMSv.exe
  2⤵
  PID:9060
- C:\Windows\System\njXsMsw.exe
  C:\Windows\System\njXsMsw.exe
  2⤵
  PID:9100
- C:\Windows\System\TdjEbRE.exe
  C:\Windows\System\TdjEbRE.exe
  2⤵
  PID:9168
- C:\Windows\System\aCfJoXs.exe
  C:\Windows\System\aCfJoXs.exe
  2⤵
  PID:9036
- C:\Windows\System\uZFPUJk.exe
  C:\Windows\System\uZFPUJk.exe
  2⤵
  PID:9048
- C:\Windows\System\ljtaeTt.exe
  C:\Windows\System\ljtaeTt.exe
  2⤵
  PID:9144
- C:\Windows\System\lMxySpr.exe
  C:\Windows\System\lMxySpr.exe
  2⤵
  PID:9184
- C:\Windows\System\bqssHSE.exe
  C:\Windows\System\bqssHSE.exe
  2⤵
  PID:7444
- C:\Windows\System\pqdROjs.exe
  C:\Windows\System\pqdROjs.exe
  2⤵
  PID:7852
- C:\Windows\System\nLheOlZ.exe
  C:\Windows\System\nLheOlZ.exe
  2⤵
  PID:8208
- C:\Windows\System\oibNmCD.exe
  C:\Windows\System\oibNmCD.exe
  2⤵
  PID:8244
- C:\Windows\System\CuLHXoB.exe
  C:\Windows\System\CuLHXoB.exe
  2⤵
  PID:8304
- C:\Windows\System\USEEmdk.exe
  C:\Windows\System\USEEmdk.exe
  2⤵
  PID:8340
- C:\Windows\System\FakoNCR.exe
  C:\Windows\System\FakoNCR.exe
  2⤵
  PID:2720
- C:\Windows\System\gMFvgqg.exe
  C:\Windows\System\gMFvgqg.exe
  2⤵
  PID:6716
- C:\Windows\System\cfgPEbp.exe
  C:\Windows\System\cfgPEbp.exe
  2⤵
  PID:6164
- C:\Windows\System\FRBcrhH.exe
  C:\Windows\System\FRBcrhH.exe
  2⤵
  PID:8228
- C:\Windows\System\mekRELo.exe
  C:\Windows\System\mekRELo.exe
  2⤵
  PID:8260
- C:\Windows\System\pxFQDFh.exe
  C:\Windows\System\pxFQDFh.exe
  2⤵
  PID:8320
- C:\Windows\System\YCfaaso.exe
  C:\Windows\System\YCfaaso.exe
  2⤵
  PID:8432
- C:\Windows\System\inBgUwo.exe
  C:\Windows\System\inBgUwo.exe
  2⤵
  PID:8664
- C:\Windows\System\sEAdOtg.exe
  C:\Windows\System\sEAdOtg.exe
  2⤵
  PID:8528
- C:\Windows\System\tPDltJB.exe
  C:\Windows\System\tPDltJB.exe
  2⤵
  PID:8448
- C:\Windows\System\UnTKwnR.exe
  C:\Windows\System\UnTKwnR.exe
  2⤵
  PID:8580
- C:\Windows\System\nxxxjsW.exe
  C:\Windows\System\nxxxjsW.exe
  2⤵
  PID:8512
- C:\Windows\System\sJssvGl.exe
  C:\Windows\System\sJssvGl.exe
  2⤵
  PID:9004
- C:\Windows\System\yXHLLUn.exe
  C:\Windows\System\yXHLLUn.exe
  2⤵
  PID:8800
- C:\Windows\System\gGpVlma.exe
  C:\Windows\System\gGpVlma.exe
  2⤵
  PID:8736
- C:\Windows\System\hdTNxzR.exe
  C:\Windows\System\hdTNxzR.exe
  2⤵
  PID:8756
- C:\Windows\System\TddVujg.exe
  C:\Windows\System\TddVujg.exe
  2⤵
  PID:8836
- C:\Windows\System\EnAqtoq.exe
  C:\Windows\System\EnAqtoq.exe
  2⤵
  PID:8900
- C:\Windows\System\HvuhQdb.exe
  C:\Windows\System\HvuhQdb.exe
  2⤵
  PID:8960
- C:\Windows\System\xwNodnX.exe
  C:\Windows\System\xwNodnX.exe
  2⤵
  PID:8880
- C:\Windows\System\soScqil.exe
  C:\Windows\System\soScqil.exe
  2⤵
  PID:8944
- C:\Windows\System\jtWLoxT.exe
  C:\Windows\System\jtWLoxT.exe
  2⤵
  PID:8716
- C:\Windows\System\lvqXNkm.exe
  C:\Windows\System\lvqXNkm.exe
  2⤵
  PID:9164
- C:\Windows\System\FYVysZc.exe
  C:\Windows\System\FYVysZc.exe
  2⤵
  PID:9180
- C:\Windows\System\ijwstED.exe
  C:\Windows\System\ijwstED.exe
  2⤵
  PID:2572
- C:\Windows\System\ZfbNqFk.exe
  C:\Windows\System\ZfbNqFk.exe
  2⤵
  PID:8336
- C:\Windows\System\ckaEMuW.exe
  C:\Windows\System\ckaEMuW.exe
  2⤵
  PID:8224
- C:\Windows\System\ihMDuWC.exe
  C:\Windows\System\ihMDuWC.exe
  2⤵
  PID:8660
- C:\Windows\System\cjiUqFy.exe
  C:\Windows\System\cjiUqFy.exe
  2⤵
  PID:8648
- C:\Windows\System\TgdQuun.exe
  C:\Windows\System\TgdQuun.exe
  2⤵
  PID:8272
- C:\Windows\System\rTMbecS.exe
  C:\Windows\System\rTMbecS.exe
  2⤵
  PID:8012
- C:\Windows\System\dmLFrdx.exe
  C:\Windows\System\dmLFrdx.exe
  2⤵
  PID:3056
- C:\Windows\System\hhSUCql.exe
  C:\Windows\System\hhSUCql.exe
  2⤵
  PID:8064
- C:\Windows\System\cwxmwbO.exe
  C:\Windows\System\cwxmwbO.exe
  2⤵
  PID:8500
- C:\Windows\System\ExmZmlx.exe
  C:\Windows\System\ExmZmlx.exe
  2⤵
  PID:8724
- C:\Windows\System\Hsbredx.exe
  C:\Windows\System\Hsbredx.exe
  2⤵
  PID:8816
- C:\Windows\System\erFfpHH.exe
  C:\Windows\System\erFfpHH.exe
  2⤵
  PID:8896
- C:\Windows\System\JajqbiA.exe
  C:\Windows\System\JajqbiA.exe
  2⤵
  PID:8712
- C:\Windows\System\rhsPzdd.exe
  C:\Windows\System\rhsPzdd.exe
  2⤵
  PID:8368
- C:\Windows\System\vrmSnAL.exe
  C:\Windows\System\vrmSnAL.exe
  2⤵
  PID:8436
- C:\Windows\System\YJHNHBk.exe
  C:\Windows\System\YJHNHBk.exe
  2⤵
  PID:6912
- C:\Windows\System\aKfspKZ.exe
  C:\Windows\System\aKfspKZ.exe
  2⤵
  PID:8916
- C:\Windows\System\otLRMly.exe
  C:\Windows\System\otLRMly.exe
  2⤵
  PID:7292
- C:\Windows\System\rhDNIvU.exe
  C:\Windows\System\rhDNIvU.exe
  2⤵
  PID:8980
- C:\Windows\System\fMWAfwb.exe
  C:\Windows\System\fMWAfwb.exe
  2⤵
  PID:8932
- C:\Windows\System\uFVQsqx.exe
  C:\Windows\System\uFVQsqx.exe
  2⤵
  PID:8852
- C:\Windows\System\LuJjCNf.exe
  C:\Windows\System\LuJjCNf.exe
  2⤵
  PID:9112
- C:\Windows\System\xEHMwpi.exe
  C:\Windows\System\xEHMwpi.exe
  2⤵
  PID:8992
- C:\Windows\System\rLdduNW.exe
  C:\Windows\System\rLdduNW.exe
  2⤵
  PID:8564
- C:\Windows\System\EIkXQtz.exe
  C:\Windows\System\EIkXQtz.exe
  2⤵
  PID:6640
- C:\Windows\System\dudTcCG.exe
  C:\Windows\System\dudTcCG.exe
  2⤵
  PID:8196
- C:\Windows\System\jZphQDI.exe
  C:\Windows\System\jZphQDI.exe
  2⤵
  PID:9152
- C:\Windows\System\tGOYiRN.exe
  C:\Windows\System\tGOYiRN.exe
  2⤵
  PID:6280
- C:\Windows\System\eJtTqge.exe
  C:\Windows\System\eJtTqge.exe
  2⤵
  PID:9220
- C:\Windows\System\TvDhhxd.exe
  C:\Windows\System\TvDhhxd.exe
  2⤵
  PID:9236
- C:\Windows\System\RzVsZtr.exe
  C:\Windows\System\RzVsZtr.exe
  2⤵
  PID:9252
- C:\Windows\System\bTsnVAy.exe
  C:\Windows\System\bTsnVAy.exe
  2⤵
  PID:9272
- C:\Windows\System\JFToosF.exe
  C:\Windows\System\JFToosF.exe
  2⤵
  PID:9288
- C:\Windows\System\OgzgtAC.exe
  C:\Windows\System\OgzgtAC.exe
  2⤵
  PID:9304
- C:\Windows\System\dUqmidG.exe
  C:\Windows\System\dUqmidG.exe
  2⤵
  PID:9320
- C:\Windows\System\tThjESY.exe
  C:\Windows\System\tThjESY.exe
  2⤵
  PID:9336
- C:\Windows\System\TBCsfNN.exe
  C:\Windows\System\TBCsfNN.exe
  2⤵
  PID:9352
- C:\Windows\System\vjufXpG.exe
  C:\Windows\System\vjufXpG.exe
  2⤵
  PID:9368
- C:\Windows\System\VePbZmW.exe
  C:\Windows\System\VePbZmW.exe
  2⤵
  PID:9384
- C:\Windows\System\OYJGHuO.exe
  C:\Windows\System\OYJGHuO.exe
  2⤵
  PID:9400
- C:\Windows\System\HpaMUTE.exe
  C:\Windows\System\HpaMUTE.exe
  2⤵
  PID:9416
- C:\Windows\System\YPRRroF.exe
  C:\Windows\System\YPRRroF.exe
  2⤵
  PID:9432
- C:\Windows\System\OQaETDS.exe
  C:\Windows\System\OQaETDS.exe
  2⤵
  PID:9452
- C:\Windows\System\QapLlJR.exe
  C:\Windows\System\QapLlJR.exe
  2⤵
  PID:9468
- C:\Windows\System\ShUDWuJ.exe
  C:\Windows\System\ShUDWuJ.exe
  2⤵
  PID:9484
- C:\Windows\System\VRdDFQR.exe
  C:\Windows\System\VRdDFQR.exe
  2⤵
  PID:9500
- C:\Windows\System\DUSuXRe.exe
  C:\Windows\System\DUSuXRe.exe
  2⤵
  PID:9516
- C:\Windows\System\DEKchWv.exe
  C:\Windows\System\DEKchWv.exe
  2⤵
  PID:9532
- C:\Windows\System\cdKZxNe.exe
  C:\Windows\System\cdKZxNe.exe
  2⤵
  PID:9548
- C:\Windows\System\imsZJPX.exe
  C:\Windows\System\imsZJPX.exe
  2⤵
  PID:9572
- C:\Windows\System\uHuAQIv.exe
  C:\Windows\System\uHuAQIv.exe
  2⤵
  PID:9596
- C:\Windows\System\beHIUdY.exe
  C:\Windows\System\beHIUdY.exe
  2⤵
  PID:9620
- C:\Windows\System\NkxEfdQ.exe
  C:\Windows\System\NkxEfdQ.exe
  2⤵
  PID:9648
- C:\Windows\System\gZdfuFi.exe
  C:\Windows\System\gZdfuFi.exe
  2⤵
  PID:9672
- C:\Windows\System\RRTyOpJ.exe
  C:\Windows\System\RRTyOpJ.exe
  2⤵
  PID:9696
- C:\Windows\System\CgXFJyg.exe
  C:\Windows\System\CgXFJyg.exe
  2⤵
  PID:9720
- C:\Windows\System\RkYJReM.exe
  C:\Windows\System\RkYJReM.exe
  2⤵
  PID:9740
- C:\Windows\System\hrwwQyw.exe
  C:\Windows\System\hrwwQyw.exe
  2⤵
  PID:9756
- C:\Windows\System\lEXnzfq.exe
  C:\Windows\System\lEXnzfq.exe
  2⤵
  PID:9772
- C:\Windows\System\IjXeAUg.exe
  C:\Windows\System\IjXeAUg.exe
  2⤵
  PID:9788
- C:\Windows\System\cRyQlHU.exe
  C:\Windows\System\cRyQlHU.exe
  2⤵
  PID:9804
- C:\Windows\System\DCnIcFt.exe
  C:\Windows\System\DCnIcFt.exe
  2⤵
  PID:9820
- C:\Windows\System\vIUuvAg.exe
  C:\Windows\System\vIUuvAg.exe
  2⤵
  PID:9836
- C:\Windows\System\tOHLJAy.exe
  C:\Windows\System\tOHLJAy.exe
  2⤵
  PID:9852
- C:\Windows\System\kgZyQdq.exe
  C:\Windows\System\kgZyQdq.exe
  2⤵
  PID:9868
- C:\Windows\System\AyvvdES.exe
  C:\Windows\System\AyvvdES.exe
  2⤵
  PID:9884
- C:\Windows\System\hqEaKVc.exe
  C:\Windows\System\hqEaKVc.exe
  2⤵
  PID:9900
- C:\Windows\System\OIiNYIR.exe
  C:\Windows\System\OIiNYIR.exe
  2⤵
  PID:9916
- C:\Windows\System\VgnXoQP.exe
  C:\Windows\System\VgnXoQP.exe
  2⤵
  PID:9932
- C:\Windows\System\DdyimGL.exe
  C:\Windows\System\DdyimGL.exe
  2⤵
  PID:9948
- C:\Windows\System\AdUmRmX.exe
  C:\Windows\System\AdUmRmX.exe
  2⤵
  PID:9964
- C:\Windows\System\tzvZLgS.exe
  C:\Windows\System\tzvZLgS.exe
  2⤵
  PID:9980
- C:\Windows\System\ocjdVwN.exe
  C:\Windows\System\ocjdVwN.exe
  2⤵
  PID:10000
- C:\Windows\System\PFfXZsj.exe
  C:\Windows\System\PFfXZsj.exe
  2⤵
  PID:10020
- C:\Windows\System\ZZtowbi.exe
  C:\Windows\System\ZZtowbi.exe
  2⤵
  PID:10040
- C:\Windows\System\aSYHMmD.exe
  C:\Windows\System\aSYHMmD.exe
  2⤵
  PID:10056
- C:\Windows\System\YZknBEP.exe
  C:\Windows\System\YZknBEP.exe
  2⤵
  PID:10072
- C:\Windows\System\hfuocJs.exe
  C:\Windows\System\hfuocJs.exe
  2⤵
  PID:10088
- C:\Windows\System\IGzfqbK.exe
  C:\Windows\System\IGzfqbK.exe
  2⤵
  PID:10108
- C:\Windows\System\ogmtAOF.exe
  C:\Windows\System\ogmtAOF.exe
  2⤵
  PID:10128
- C:\Windows\System\kEVPYkN.exe
  C:\Windows\System\kEVPYkN.exe
  2⤵
  PID:10144
- C:\Windows\System\noGZLgD.exe
  C:\Windows\System\noGZLgD.exe
  2⤵
  PID:10168
- C:\Windows\System\okXmVIl.exe
  C:\Windows\System\okXmVIl.exe
  2⤵
  PID:10188
- C:\Windows\System\hrdBlVM.exe
  C:\Windows\System\hrdBlVM.exe
  2⤵
  PID:10208
- C:\Windows\System\AfSVtmL.exe
  C:\Windows\System\AfSVtmL.exe
  2⤵
  PID:10228
- C:\Windows\System\BpUgGpr.exe
  C:\Windows\System\BpUgGpr.exe
  2⤵
  PID:9244
- C:\Windows\System\jHGPYjF.exe
  C:\Windows\System\jHGPYjF.exe
  2⤵
  PID:9228
- C:\Windows\System\ZPyscVG.exe
  C:\Windows\System\ZPyscVG.exe
  2⤵
  PID:9296
- C:\Windows\System\RgpHSab.exe
  C:\Windows\System\RgpHSab.exe
  2⤵
  PID:9280
- C:\Windows\System\juzJMtk.exe
  C:\Windows\System\juzJMtk.exe
  2⤵
  PID:7360
- C:\Windows\System\kcQdoPZ.exe
  C:\Windows\System\kcQdoPZ.exe
  2⤵
  PID:9392
- C:\Windows\System\SHtweaj.exe
  C:\Windows\System\SHtweaj.exe
  2⤵
  PID:9476
- C:\Windows\System\BJQWtjJ.exe
  C:\Windows\System\BJQWtjJ.exe
  2⤵
  PID:9924
- C:\Windows\System\KpCwJiO.exe
  C:\Windows\System\KpCwJiO.exe
  2⤵
  PID:9960
- C:\Windows\System\zjoFcLf.exe
  C:\Windows\System\zjoFcLf.exe
  2⤵
  PID:10036
- C:\Windows\System\KMVTPsr.exe
  C:\Windows\System\KMVTPsr.exe
  2⤵
  PID:10104
- C:\Windows\System\XGckSpu.exe
  C:\Windows\System\XGckSpu.exe
  2⤵
  PID:10184
- C:\Windows\System\TCSQRft.exe
  C:\Windows\System\TCSQRft.exe
  2⤵
  PID:8468
- C:\Windows\System\nlZbxyf.exe
  C:\Windows\System\nlZbxyf.exe
  2⤵
  PID:9360
- C:\Windows\System\yedxzfg.exe
  C:\Windows\System\yedxzfg.exe
  2⤵
  PID:9464
- C:\Windows\System\grhOxdD.exe
  C:\Windows\System\grhOxdD.exe
  2⤵
  PID:9560
- C:\Windows\System\aJDkPhP.exe
  C:\Windows\System\aJDkPhP.exe
  2⤵
  PID:9616
- C:\Windows\System\dYVSWrL.exe
  C:\Windows\System\dYVSWrL.exe
  2⤵
  PID:9704
- C:\Windows\System\lrcNfSj.exe
  C:\Windows\System\lrcNfSj.exe
  2⤵
  PID:9752
- C:\Windows\System\rvoXQjR.exe
  C:\Windows\System\rvoXQjR.exe
  2⤵
  PID:9908
- C:\Windows\System\mxXmvhA.exe
  C:\Windows\System\mxXmvhA.exe
  2⤵
  PID:10008
- C:\Windows\System\ZDtqWYh.exe
  C:\Windows\System\ZDtqWYh.exe
  2⤵
  PID:9876
- C:\Windows\System\NUyJPUz.exe
  C:\Windows\System\NUyJPUz.exe
  2⤵
  PID:10016
- C:\Windows\System\iXqCiEH.exe
  C:\Windows\System\iXqCiEH.exe
  2⤵
  PID:10116
- C:\Windows\System\bBRwzUC.exe
  C:\Windows\System\bBRwzUC.exe
  2⤵
  PID:10160
- C:\Windows\System\QoSPgjK.exe
  C:\Windows\System\QoSPgjK.exe
  2⤵
  PID:9348
- C:\Windows\System\TFiITKC.exe
  C:\Windows\System\TFiITKC.exe
  2⤵
  PID:9440
- C:\Windows\System\EPgbQvL.exe
  C:\Windows\System\EPgbQvL.exe
  2⤵
  PID:9544
- C:\Windows\System\rANjfGC.exe
  C:\Windows\System\rANjfGC.exe
  2⤵
  PID:9592
- C:\Windows\System\yCWAEHX.exe
  C:\Windows\System\yCWAEHX.exe
  2⤵
  PID:9680
- C:\Windows\System\BOCpmoa.exe
  C:\Windows\System\BOCpmoa.exe
  2⤵
  PID:9860
- C:\Windows\System\nYSNNPa.exe
  C:\Windows\System\nYSNNPa.exe
  2⤵
  PID:9444
- C:\Windows\System\EInDyay.exe
  C:\Windows\System\EInDyay.exe
  2⤵
  PID:9660
- C:\Windows\System\lbkPtra.exe
  C:\Windows\System\lbkPtra.exe
  2⤵
  PID:9928
- C:\Windows\System\nUbvynM.exe
  C:\Windows\System\nUbvynM.exe
  2⤵
  PID:10100
- C:\Windows\System\qSWpVyX.exe
  C:\Windows\System\qSWpVyX.exe
  2⤵
  PID:9284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BIawAYb.exe

Filesize
6.0MB

MD5
2ad4b8a44759d395cc577048a1c786a5

SHA1
05281d548ff6670513fb7ed952a57a4120faccd1

SHA256
426f4c4482e83d31fce2afc05e715e860a6b432738f92f31f149c805f23e3dc4

SHA512
9b86863f150a6ab4ca642d330e379cc00d0d9f3e076d4ef1a5259c027d63ad8893859d1b1932f9fcf5f87097527e4eef18698223d3e1b6c77320bef6689c5125

Download Submit
C:\Windows\system\DJBcbcp.exe

Filesize
6.0MB

MD5
94446e6f015c894f39a6e087d2ff4a4b

SHA1
18ef690a7ee4d3bceb7aad8088706f750ef128f0

SHA256
dfd10b5d2b9a6973d56e1ac79890b606605c4f4b975afd4b2063464c755e841f

SHA512
f21edb962ccffa81baa7e95edb5f5df441b25aced2a9f39e23b207ffce48d7f5c003fa533e2ac0e81a14c9a335495918b28c3589cdd5f9c722eed3568ae0f217

Download Submit
C:\Windows\system\GNHngWz.exe

Filesize
6.0MB

MD5
7e2e1c21861797a3027a88d216b870dd

SHA1
6ab8422d249a60a78ef120f0075f358d2f2ebbdd

SHA256
ee10dae03dd3b478c937a16c91834323161481b7339b59051eb479acbea141b3

SHA512
56109c96a39e1e373b0ee6cf5fdb2233c6e5efe55ac06de4dc9a06e97823c5d53f2d68e152919285a2c97af1df9e6d15332d4d5150886345c24823f5b84187f7

Download Submit
C:\Windows\system\GwUnoEz.exe

Filesize
6.0MB

MD5
b18b574658ab49536680eb7a81379097

SHA1
25e24051d10a0b91fccaae5ca95088a17840cc18

SHA256
c3ed086a97aa092cd716fee8e20eefc02f7d7ca1d864e19201a180f5bf3fd618

SHA512
721fa784621f5975a985157ad90e678a34a31d9596d326cc8d5af2a068037733ce4e3532df6b0c2236e3a9ebb43bb4e370a6ba2e841696951c6c53f9ed6828b9

Download Submit
C:\Windows\system\HbYbTIC.exe

Filesize
6.0MB

MD5
aa9b946fede51bbfbaed4e29dc8bee7f

SHA1
6983c3676b9e1d5db434b00e8ce8531c95cbe9fd

SHA256
45b17dc4834da757d4b4d1e58d23df1a041aac2fa328ccad0aba54b55f867f48

SHA512
27aa912e950fb2e8d49bb6e05c51f12ef89f51c05132d028f586083848885cb1237f6ff0ec7677f538ba271f4e2706395b60d5c29713383024a44f04191397b1

Download Submit
C:\Windows\system\HiwPQut.exe

Filesize
6.0MB

MD5
88e1536bba16e15c0be2aab3699348b2

SHA1
a6676f19a0d015b7f0755a2f9baaa08e65cd17ad

SHA256
93d558624a684c3f3a9f69ed4dfcf7cadf1831a6453d328e1527c45fc1006a1c

SHA512
21d9f65553a663fb9cb46a54ad6d6668e7bef02526ce1a890ae3c24dc9b9af3c6cec9acdda7d5fada84585b90a125a33a339558ea64990329e6c1ee2f4d932dd

Download Submit
C:\Windows\system\ICYChRH.exe

Filesize
6.0MB

MD5
d1df12c259155369a1d09ae62b1662a7

SHA1
45444336a25905d317967fb662a0648efef5a9fd

SHA256
0c22e30bdbb8a3a3142ff5d5afadfabdad07b1911f7bf0c02cdbd969e8f3060e

SHA512
5251a46b553159cf9becbeb204c26b620c3452587e84c30eb7ce7efe3c35cffa33c8967a9f5d03554c66971e3ebf308104fcb3da9be67aca42e8bd19bd631153

Download Submit
C:\Windows\system\KpOytNj.exe

Filesize
6.0MB

MD5
b77747ce05050a121aeac9e4400dbdb9

SHA1
cb556eed05a8e793233b7eeb340cd49b1f7decfe

SHA256
e7573c1a9db1e2d379ac432611721fada6e3c32dc1db6782173b337a38afeffc

SHA512
7f56efdbf0b0451ecb79c57f6ee0b0fb7c7c2bf30349c8b1b975548118d00bb350bac70d3741097e0b9f8635956854943cec329f7ffcabfb5a7d5f163af3a2b5

Download Submit
C:\Windows\system\LCHXspz.exe

Filesize
6.0MB

MD5
1b2074da71e7521f725bc162feee5168

SHA1
6cf2dea3b154d9a1cba5be9998c0137643b3583c

SHA256
004d66ca83cc012d9e6385f46cde3ba0a555239c32e0a39dc6ba5f9f0c2f1d64

SHA512
42763af453aff41ea79ec6c998bb0e894637b1fc7e627b077d306ba275c09cd6f13bb9296c27389e3aaa2040402a9e9b87c9b6fdc40414785d63d1d9e6a3fd85

Download Submit
C:\Windows\system\NJpNvXO.exe

Filesize
6.0MB

MD5
7c4427a68017417c8a8363ee97d0d6ec

SHA1
e69b42bcf3b5cbf985ece8d3923fedb9d43713a3

SHA256
32de78b4fcc1111dac7fab5949d189fb9f0edc28d9072db717a7ae516b56649f

SHA512
7dc39b6fc30ce00966ebabf9180e5e57f288e25680f3266d4c72628d102315f15f969bcafa615cf2c8b357b3554b9283574fd8ce2c7ec2f8cb8b694eda5f4304

Download Submit
C:\Windows\system\PHvNFLq.exe

Filesize
6.0MB

MD5
5e3b1868f9e0b1496fc78ec3289ea5ad

SHA1
c19061ccb8c807e24f34b64707fe2116bcef1ad7

SHA256
65e8a9047641de06b42a299a47720dfd7b0ce841f83922af697fff64d531faef

SHA512
984eee0d0220eea2694420c230dab8a9b6fc8ff09a0681d6e3e8c9ac5d53893186c12a906bd7efabf4769683b1781a0b647f619ea7f109c7c431fc40f7fbf050

Download Submit
C:\Windows\system\PKDQWDs.exe

Filesize
6.0MB

MD5
dd0ca7015c53499e1a61fd09aace167d

SHA1
92a29410fdd5251fbad47cf288e9cc779a8bff3d

SHA256
ae4d9e3db6236ef12c8961b2749a7c3d7eb9519a2df4cd9c8e5feb9d4dded193

SHA512
23c35d50657cf189aaa4e0fdda74f34981e5660d40a07b16462fbf1199d8ba8a2742d7055fe03ab46ec891dc3ed9dc5b4fb26fbf22de83349fffc3140ac36ad2

Download Submit
C:\Windows\system\RMplYyl.exe

Filesize
6.0MB

MD5
e27e5ebcaa7c72625e4e96f398055107

SHA1
67d3a652886bd006143199a1682a799c8b25561a

SHA256
4ccd5d5460df315bb9689279d20823ca62e1f180bc6e98628ca774be35a70e12

SHA512
589971f4d805f82e7c1761b6af6744fb207c9dbc48bd47be9a18413c90d22bff825552675c01671757d94ecfb2b4a6f9f9ca8fd2d2eb8e144c83fc5530978803

Download Submit
C:\Windows\system\WBMNEUJ.exe

Filesize
6.0MB

MD5
da61aaa43df98c95ceaa226e62a3bfaa

SHA1
f3cc39e9c5f8847015e39cbafb4c32de8954ea47

SHA256
ab530da15f0cbd76ca59439735677c585bfa40558fbc2df0a1cb61b23e319569

SHA512
d62228dbdd2309e864593339a8f62a71d3a19c060ac3fbedd1ad2e6ad88d1e0f1e1f9d026a9d7fda18b51702269d226226762e85a40d10722f476670541fdc58

Download Submit
C:\Windows\system\XJAhyQn.exe

Filesize
6.0MB

MD5
344c94a6d9c9175e9326cabfe6c7a999

SHA1
cce9d5759cb6ac8ca23147f808e083f6375cf942

SHA256
5a1e1b847edc2fa2b1482301ae68ead1ee1ff721d3e0040b8d1ce7f192ba180c

SHA512
43352212af4935dd5c73a7a4e7bdf140f363437cdfbed9612877425e42b145ae4960121369c15cb8b2ec7783c48dbc5dbc709c7d8670a6e14b3958fb70a48bb4

Download Submit
C:\Windows\system\YVjiijZ.exe

Filesize
6.0MB

MD5
79108d753e1c1037cd69b3b676492c03

SHA1
fac5989e6bec44d23ef25e330a1b9649d7d9530f

SHA256
14625761a32b66343149d8ec2a12defb75017ceadb0d615d64992856547950a5

SHA512
136d3c5589b9cbd154063b09fa230516bca17dbf627fd8313f966616259b4dda663bccd42b0e593a794ae6551a2128cd94498dfe11a51c06a35c1c61c732fcf3

Download Submit
C:\Windows\system\aQKYoxv.exe

Filesize
6.0MB

MD5
15471fcef5d6066dbd6518df1ae9a11e

SHA1
974bfc8ff9681f7956a4cb9334b6f1c8f9235160

SHA256
1db1935bebfb41a374b6f82d9551015a0cd1ce7777514fe8655df5e11915747e

SHA512
6d46df302cba34fc11c05d24e7f8036c03c4205b0a8a1575fc3a38c6a50dd86c92764c97dde12df19cc74768e1f5586f18c72a1fc3c7c962b8c255da0cd18914

Download Submit
C:\Windows\system\bRliQmQ.exe

Filesize
6.0MB

MD5
27b14517b38c086b97213b00d214c92f

SHA1
b384cd46263c8ce258fa1d9c713063bdfa412c1b

SHA256
2e6a9e0ec351fa606b3081727b8e467039e6198d593c15a4c7d973d6ca90f990

SHA512
3680fe2775953bfce6f4f760cac3cad4bda59757c9a5b67442377f782bb40a8717d0401e130e515994997bb120734289cbfbe632709ef28190c1194604287e38

Download Submit
C:\Windows\system\bTAdBed.exe

Filesize
6.0MB

MD5
2cddedee9b8e750f49cd86c060a485a2

SHA1
06068b7512905e5cb1419e6738af273fa38f5dd4

SHA256
8ab1deba9290345b5c17d1e7b0231fc489cd42256ed307777f174c443b17ffdc

SHA512
5b874a1725d910c718b89c41efb559fae7f1acd19bb97db1c44e51bc7ab999705f5797f52785175812a634d013ac274b2a0e554e43d4f2ea883d55468f493055

Download Submit
C:\Windows\system\bVZQUqa.exe

Filesize
6.0MB

MD5
fef0363ca5ba2c2202322f5247bf9753

SHA1
96ff3647c24f1e8747a3d2a35e52025b027f9977

SHA256
9337662cc3ab04123ef34251063ffd6a2988ea0de97bbfb283d246a6069ac3d6

SHA512
cb3cd21977e0d572a10be2d43493cca8267d26dba6489ff824c13d4d86833053c3897db71bcdeabe5975db25f0a999b4c91273dbfa5b2e933e60647e50543cf9

Download Submit
C:\Windows\system\cKgwlMZ.exe

Filesize
6.0MB

MD5
04176ed790559b27c10b6a2bd9b2ef65

SHA1
d451f0006024eb1678d06f009fef939d366f5f1f

SHA256
b2ca0bd47d6d3f7516a161710cda9eeb3997672172187aecb9ce8e3c762bfb2b

SHA512
a18070924a3dc87c6e3d919acfdaf698c40e221ce3c76026ffaa13a6f56755113809e39c3318c9ef0185039858c18a719390710c7c9f5d7dce5977234407a3d6

Download Submit
C:\Windows\system\dwbQMNC.exe

Filesize
6.0MB

MD5
cff72dadef0777c7492d83075f1108c1

SHA1
99cc2b9ff4ef0e599ae5cd13a99f70f6f5af25df

SHA256
9961d2630ddd68ba2fd9d871ab7d0d2cdfc148cb7f6c3acd38aa0ca6f2d0a7b1

SHA512
8ed7a30f670f9e1c1f188a78f51915577a7c895a2fee6b82e8a2e543ffd869bf186760c20116d7d316c9702c777bac3c7efc2f9609d7788c8aa47fef5d368893

Download Submit
C:\Windows\system\ihEVURO.exe

Filesize
6.0MB

MD5
871efb3ca8e4e9d829c18525d9da42bc

SHA1
c1f6634843bbe1473bade2457b7dca4eec35d7de

SHA256
873a7204e7f76e720524c3e06a058e1c2ba866ebb3ffce2bdc85f94a58a5234c

SHA512
082eae9857cedcbda6e8815b90ea9744397df26c8c92b4f1082c7bc6cca97244977962de6847ea86d22271c087e2bb8321e897544152409d37cc5719c2410f56

Download Submit
C:\Windows\system\jZZgxUr.exe

Filesize
6.0MB

MD5
4c35f0996dd39bf7f4565d9781ea7db0

SHA1
ed5e3be05c64a3136d77588f3c7957e278bfe7d7

SHA256
9eee296cf36163ed044d5d9d56eea3fff97da71c27159fa65abc82b624945a7f

SHA512
1f95772e79360adc2dc4b307e5fa962e38057741f6748e74cab2f8b74179c620496a0e27eadeab8ae5479207c3dc26fa1c0e3a72d012a60d6927c3a5f57b271f

Download Submit
C:\Windows\system\oFgzknC.exe

Filesize
6.0MB

MD5
1491f20f1436f13309737daacdbbeaef

SHA1
475ee7ace956c1ce462e623bcd7bf698b7ebd629

SHA256
1d34da49fd61421e8a839074fde63a58abd6fa56e0dfd151a6203cf270942a9e

SHA512
80b45ccfdf10cf6c9cb7c807c01afed821f8bca827daa8647ab7ce3dfd16bcccdbe414f225ea9b851e5812a067736e281133491d60530584cd4d9fb0e4a03d0b

Download Submit
C:\Windows\system\odifWLK.exe

Filesize
6.0MB

MD5
e43b332cbc01c66bc5f7f09afaac2501

SHA1
a24e2db4dc66bee1b64806c010f2427a9bb3a200

SHA256
b1ca6b05a24997f34361773cc39601ee16ed85cf855f72e3aebefee5fb976b4a

SHA512
a504fc75d00d8ffddcd5af3c0e21047e895b11e9b7a1e1b7d2b7b43922bee405fa55de9f70ac26ad1ca54660a4a82e6d6b85227ec4cc502476dd25f336211c03

Download Submit
C:\Windows\system\pbmrYgF.exe

Filesize
6.0MB

MD5
9f74c317c4c2d552c4a3b2c408bb2565

SHA1
6fd0af42a5b473521c8d0b53b0e28c53f8fa303c

SHA256
8b10eec3d91c6897b01fbf61f95dfa791b18d0d3b73c27279538b100d060e16b

SHA512
c09ffdcbf2fb5bb523a359ae08ddff9899e0ee7eafd49e6d978d16e1c2cfeeab2f640fa42185edc5314f9bbcc56de6e989a8aac4e094a971941f158404b59905

Download Submit
C:\Windows\system\ssSnwkl.exe

Filesize
6.0MB

MD5
0d057ea820675afcf03de78a58d5aeae

SHA1
22d9bbd65c7b7913e9e84cc88a46b409d2147062

SHA256
18ed133ba52e0c1b3bc0fcef050fc4a8afb67e494a3d49ff2b6e58b27dd89a03

SHA512
24f6295e38f54745e261abf0d7c0a64e41613c0ad63b45cf68d2576fe46a64414bbaf1e38b4d8cbfb7a469ed535055fd7534e65e2dff7b2b460ca77a59db7ecc

Download Submit
C:\Windows\system\uxrSuqD.exe

Filesize
6.0MB

MD5
44c7ba00189a7f81e811234b007a6935

SHA1
c4c05cd729c85ca95dec21a5e0e4d70838287759

SHA256
6e0085a9885452b13a819bb0c323c6d014bfe49a096eceaa0a94d3a3a46c0e29

SHA512
575ac81f8ce03452ff8ae107ff2df69dc25e1ea567b247b4596a8be09d805f3acd4d43025663d0776c3090608d0867ac8a430c3736b9d9a71d286ed96f17526f

Download Submit
C:\Windows\system\vtrMeim.exe

Filesize
6.0MB

MD5
bc7a06ea915c344e2f44ff15d89d5c01

SHA1
b4a7b0aa5b7b5ba2f24ff15612cc8b0999aa1401

SHA256
ba02a43c83924f2066c827432239108e46d431ddb994d369dfbe62182e6976c8

SHA512
6285290be351c5647f0c1c72760a18730c24131a9bf0f072fc9dbae878482d676df39118011c4a9170ab2b2327d95a609fc6d1c37332ae9db65983c4fa720aca

Download Submit
C:\Windows\system\yrFAiQy.exe

Filesize
6.0MB

MD5
670e2de87a9e49fba0ed3523a38aa1a1

SHA1
c7ee7ef4e0258cb438fa6bd50eaabf470ded0c72

SHA256
f4062e152052a9a4fe0a4724bb159c8194c7e6b6ffad5f68e859a9296aed0528

SHA512
57d50956641723feaf7d89dcb8112e79d7e42a6f132248a2cd4806367b60f1ea1cd8970829b2a8165d7ffe9b009ac183cf9f24e00ed3fd8abf0a6ddf7cc445fb

Download Submit
\Windows\system\YhwEAtg.exe

Filesize
6.0MB

MD5
2ef89813254fc725cf017d85932f7c17

SHA1
bbc86ad37dc3bc6b70e4deb3f672e9a4302e2058

SHA256
c855f10ef3bf11acdf8e3021e617993ccaf3b52eb51cdd27666b0cc77b79d867

SHA512
8ed5f2c52a879a90ad82b43266c60f6c819f995cb64b5a1622a70c47321203ac081fda729818593492f545d60302cbbf1ed726aaae385d4db5a6e72ec0868e6d

Download Submit
memory/1236-3834-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-3832-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1992-3831-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2192-4151-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2192-4157-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3861-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3884-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3847-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2575-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3862-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4150-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2912-17-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4147-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4148-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2912-4149-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1203-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4152-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4153-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4154-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4156-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2912-0-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download