cobaltstrike | cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
Size

6.0MB
MD5

33db15630096303932d98078eab657d1
SHA1

f6410d709e470357c4f6f2b6ab4ac0f254bf93a4
SHA256

cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768
SHA512

56f5cb3fbe8a2b88491123abd640dc16d9475c6a367ecd9836b99c031050041d46c775390e07a82de58dc86d3b01b86c0381ce717d6e1a533930875b14c55106
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUz:eOl56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001927a-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019299-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000192a1-23.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07f-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019358-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019354-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-6.dat	xmrig
behavioral1/files/0x0007000000019261-11.dat	xmrig
behavioral1/files/0x000700000001927a-15.dat	xmrig
behavioral1/files/0x0006000000019299-19.dat	xmrig
behavioral1/files/0x00060000000192a1-23.dat	xmrig
behavioral1/files/0x000700000001939f-34.dat	xmrig
behavioral1/files/0x0005000000019518-38.dat	xmrig
behavioral1/files/0x0005000000019520-42.dat	xmrig
behavioral1/files/0x0005000000019645-67.dat	xmrig
behavioral1/files/0x0005000000019650-78.dat	xmrig
behavioral1/files/0x0005000000019a85-86.dat	xmrig
behavioral1/files/0x0005000000019b16-90.dat	xmrig
behavioral1/files/0x0005000000019b18-94.dat	xmrig
behavioral1/files/0x0005000000019c79-98.dat	xmrig
behavioral1/files/0x000500000001a07f-130.dat	xmrig
behavioral1/files/0x000500000001a077-126.dat	xmrig
behavioral1/files/0x0005000000019f77-122.dat	xmrig
behavioral1/files/0x0005000000019f62-118.dat	xmrig
behavioral1/files/0x0005000000019d98-114.dat	xmrig
behavioral1/files/0x0005000000019cc8-110.dat	xmrig
behavioral1/files/0x0005000000019c91-106.dat	xmrig
behavioral1/files/0x0005000000019c8f-102.dat	xmrig
behavioral1/files/0x00050000000197e4-82.dat	xmrig
behavioral1/files/0x000500000001964f-74.dat	xmrig
behavioral1/files/0x0005000000019647-70.dat	xmrig
behavioral1/files/0x00050000000195a8-62.dat	xmrig
behavioral1/files/0x0005000000019543-58.dat	xmrig
behavioral1/files/0x0005000000019535-54.dat	xmrig
behavioral1/files/0x000500000001952e-50.dat	xmrig
behavioral1/files/0x000500000001952b-46.dat	xmrig
behavioral1/files/0x0006000000019358-31.dat	xmrig
behavioral1/files/0x0006000000019354-26.dat	xmrig
behavioral1/memory/2832-3640-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2716-4039-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2840-4041-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2676-4042-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2684-4043-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2164-4045-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3032-4047-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2740-4049-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2768-4051-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2588-4053-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2644-4055-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/3012-4057-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2492-4059-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2452-4060-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1148-4062-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2676-4065-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2840-4067-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2716-4068-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2676-4070-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3032-4080-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2492-4082-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2684-4084-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2644-4083-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1148-4085-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2768-4086-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2452-4087-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2740-4088-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2164-4089-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3012-4090-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2588-4091-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	vqndXvB.exe
2716	btTMMdT.exe
2840	czkKGSt.exe
2684	aQCjnVo.exe
2164	NDejHSi.exe
3032	jKEIhpd.exe
2740	yAfeJfo.exe
2768	fjKKeKo.exe
2588	DbSWFMh.exe
2644	VtWeJvp.exe
3012	xRHXOiE.exe
2492	JRMRQLw.exe
2452	gninZhe.exe
1148	sPLcPwL.exe
2896	UIuGSkn.exe
2960	UgfFWOe.exe
2504	bkuuoMW.exe
2508	cGZonqg.exe
2540	JbxvHuZ.exe
1240	ZkgYAYl.exe
2256	smtDvks.exe
1748	FWJYozL.exe
2004	SRonyxG.exe
1932	HcLoMws.exe
2464	NJHeSES.exe
1304	uxUlEZd.exe
1492	SEEsWDG.exe
1648	slrqRWH.exe
1768	zQfxoaF.exe
3056	riooBrb.exe
2308	gZfcnca.exe
1256	QlRjGQV.exe
2352	LHnnUkX.exe
1988	zVzwrVu.exe
1168	oosvNMw.exe
2296	rQPpuCi.exe
2384	MotjPAu.exe
1824	lawHtjF.exe
1060	pZookgA.exe
1320	gXScxkO.exe
2008	rFPSjSP.exe
2456	vbqxXKK.exe
784	GGIovcy.exe
968	YlPnAdv.exe
1636	TlAjBaK.exe
1800	GanKMNW.exe
1236	tZukyId.exe
848	bWtFXrg.exe
1588	xZAPzRs.exe
1812	LSKuylz.exe
2536	ksvGvmV.exe
1292	ZdHmDyF.exe
1312	psMVinP.exe
1308	xKKaaBs.exe
1660	jJPGRUH.exe
2556	bPUTbWT.exe
860	xApWFWA.exe
2472	JjzyhUF.exe
2176	UilQFJW.exe
2364	PtOgjkd.exe
3004	kGajEHK.exe
2992	bnbbaiM.exe
1176	ylYVFgt.exe
1872	JoLuHfX.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-6.dat	upx
behavioral1/files/0x0007000000019261-11.dat	upx
behavioral1/files/0x000700000001927a-15.dat	upx
behavioral1/files/0x0006000000019299-19.dat	upx
behavioral1/files/0x00060000000192a1-23.dat	upx
behavioral1/files/0x000700000001939f-34.dat	upx
behavioral1/files/0x0005000000019518-38.dat	upx
behavioral1/files/0x0005000000019520-42.dat	upx
behavioral1/files/0x0005000000019645-67.dat	upx
behavioral1/files/0x0005000000019650-78.dat	upx
behavioral1/files/0x0005000000019a85-86.dat	upx
behavioral1/files/0x0005000000019b16-90.dat	upx
behavioral1/files/0x0005000000019b18-94.dat	upx
behavioral1/files/0x0005000000019c79-98.dat	upx
behavioral1/files/0x000500000001a07f-130.dat	upx
behavioral1/files/0x000500000001a077-126.dat	upx
behavioral1/files/0x0005000000019f77-122.dat	upx
behavioral1/files/0x0005000000019f62-118.dat	upx
behavioral1/files/0x0005000000019d98-114.dat	upx
behavioral1/files/0x0005000000019cc8-110.dat	upx
behavioral1/files/0x0005000000019c91-106.dat	upx
behavioral1/files/0x0005000000019c8f-102.dat	upx
behavioral1/files/0x00050000000197e4-82.dat	upx
behavioral1/files/0x000500000001964f-74.dat	upx
behavioral1/files/0x0005000000019647-70.dat	upx
behavioral1/files/0x00050000000195a8-62.dat	upx
behavioral1/files/0x0005000000019543-58.dat	upx
behavioral1/files/0x0005000000019535-54.dat	upx
behavioral1/files/0x000500000001952e-50.dat	upx
behavioral1/files/0x000500000001952b-46.dat	upx
behavioral1/files/0x0006000000019358-31.dat	upx
behavioral1/files/0x0006000000019354-26.dat	upx
behavioral1/memory/2832-3640-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2716-4039-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2840-4041-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2684-4043-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2164-4045-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3032-4047-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2740-4049-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2768-4051-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2588-4053-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2644-4055-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/3012-4057-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2492-4059-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2452-4060-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1148-4062-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2676-4065-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2840-4067-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2716-4068-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3032-4080-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2492-4082-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2684-4084-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2644-4083-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1148-4085-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2768-4086-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2452-4087-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2740-4088-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2164-4089-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3012-4090-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2588-4091-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\riooBrb.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\lbwivNC.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\DIcINJi.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\UxYJQxn.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\QIRQlkZ.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\EqXeQkS.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\YLBlgCA.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\qERAthR.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\bahVthh.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\ymKIEaN.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\QUzwvRs.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\FfYaqCv.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\bWtFXrg.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\rEwPZjn.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\CUOgAyN.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\iBEWxzI.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\kKmLarU.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\OnEMNrl.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\DFPJhPz.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\gQmbtbp.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\yOudyKD.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\exxuIAe.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\LcKoAUs.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\paXBjnK.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\SRMgIuu.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\kwIyeGv.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\ASPSpvG.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\WNxThKY.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\lCDhVgX.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\iMgFcFI.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\TnJWGhe.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\LnYmjBz.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\ZApwKeo.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\cwkoHYd.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\kzSwlBy.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\LNCCwMQ.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\lGffWos.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\aQuoouc.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\HxcjePt.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\pdEJWTl.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\CjkZGVo.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\SzfOwUR.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\MIXkDho.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\QNLQqNO.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\DseQjRa.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\hQhSigf.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\SEkaXLl.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\aLSSsEv.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\TsgFHQw.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\NHquTqj.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\OcJOwgk.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\qblQbHD.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\cUDqWGv.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\iLIjoUi.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\Qimlfhk.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\cZsepik.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\hXGqkUS.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\DLmqqbJ.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\rgyAvlG.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\eLGdNnc.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\yeYAZPF.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\JptDsIB.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\bljHoaU.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
File created	C:\Windows\System\wKfsTCO.exe	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2832	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	31
PID 2676 wrote to memory of 2832	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	31
PID 2676 wrote to memory of 2832	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	31
PID 2676 wrote to memory of 2716	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	32
PID 2676 wrote to memory of 2716	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	32
PID 2676 wrote to memory of 2716	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	32
PID 2676 wrote to memory of 2840	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	33
PID 2676 wrote to memory of 2840	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	33
PID 2676 wrote to memory of 2840	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	33
PID 2676 wrote to memory of 2684	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	34
PID 2676 wrote to memory of 2684	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	34
PID 2676 wrote to memory of 2684	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	34
PID 2676 wrote to memory of 2164	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	35
PID 2676 wrote to memory of 2164	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	35
PID 2676 wrote to memory of 2164	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	35
PID 2676 wrote to memory of 3032	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	36
PID 2676 wrote to memory of 3032	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	36
PID 2676 wrote to memory of 3032	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	36
PID 2676 wrote to memory of 2740	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	37
PID 2676 wrote to memory of 2740	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	37
PID 2676 wrote to memory of 2740	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	37
PID 2676 wrote to memory of 2768	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	38
PID 2676 wrote to memory of 2768	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	38
PID 2676 wrote to memory of 2768	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	38
PID 2676 wrote to memory of 2588	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	39
PID 2676 wrote to memory of 2588	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	39
PID 2676 wrote to memory of 2588	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	39
PID 2676 wrote to memory of 2644	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	40
PID 2676 wrote to memory of 2644	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	40
PID 2676 wrote to memory of 2644	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	40
PID 2676 wrote to memory of 3012	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	41
PID 2676 wrote to memory of 3012	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	41
PID 2676 wrote to memory of 3012	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	41
PID 2676 wrote to memory of 2492	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	42
PID 2676 wrote to memory of 2492	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	42
PID 2676 wrote to memory of 2492	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	42
PID 2676 wrote to memory of 2452	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	43
PID 2676 wrote to memory of 2452	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	43
PID 2676 wrote to memory of 2452	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	43
PID 2676 wrote to memory of 1148	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	44
PID 2676 wrote to memory of 1148	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	44
PID 2676 wrote to memory of 1148	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	44
PID 2676 wrote to memory of 2896	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	45
PID 2676 wrote to memory of 2896	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	45
PID 2676 wrote to memory of 2896	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	45
PID 2676 wrote to memory of 2960	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	46
PID 2676 wrote to memory of 2960	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	46
PID 2676 wrote to memory of 2960	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	46
PID 2676 wrote to memory of 2504	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	47
PID 2676 wrote to memory of 2504	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	47
PID 2676 wrote to memory of 2504	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	47
PID 2676 wrote to memory of 2508	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	48
PID 2676 wrote to memory of 2508	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	48
PID 2676 wrote to memory of 2508	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	48
PID 2676 wrote to memory of 2540	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	49
PID 2676 wrote to memory of 2540	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	49
PID 2676 wrote to memory of 2540	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	49
PID 2676 wrote to memory of 1240	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	50
PID 2676 wrote to memory of 1240	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	50
PID 2676 wrote to memory of 1240	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	50
PID 2676 wrote to memory of 2256	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	51
PID 2676 wrote to memory of 2256	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	51
PID 2676 wrote to memory of 2256	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	51
PID 2676 wrote to memory of 1748	2676	JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cef4e5af255943ed842ef434d8f91a3c6703195258b830cba93ee3d7ac23a768.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\System\vqndXvB.exe
  C:\Windows\System\vqndXvB.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\btTMMdT.exe
  C:\Windows\System\btTMMdT.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\czkKGSt.exe
  C:\Windows\System\czkKGSt.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\aQCjnVo.exe
  C:\Windows\System\aQCjnVo.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\NDejHSi.exe
  C:\Windows\System\NDejHSi.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\jKEIhpd.exe
  C:\Windows\System\jKEIhpd.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\yAfeJfo.exe
  C:\Windows\System\yAfeJfo.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\fjKKeKo.exe
  C:\Windows\System\fjKKeKo.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\DbSWFMh.exe
  C:\Windows\System\DbSWFMh.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VtWeJvp.exe
  C:\Windows\System\VtWeJvp.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\xRHXOiE.exe
  C:\Windows\System\xRHXOiE.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\JRMRQLw.exe
  C:\Windows\System\JRMRQLw.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\gninZhe.exe
  C:\Windows\System\gninZhe.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\sPLcPwL.exe
  C:\Windows\System\sPLcPwL.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\UIuGSkn.exe
  C:\Windows\System\UIuGSkn.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\UgfFWOe.exe
  C:\Windows\System\UgfFWOe.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\bkuuoMW.exe
  C:\Windows\System\bkuuoMW.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\cGZonqg.exe
  C:\Windows\System\cGZonqg.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\JbxvHuZ.exe
  C:\Windows\System\JbxvHuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ZkgYAYl.exe
  C:\Windows\System\ZkgYAYl.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\smtDvks.exe
  C:\Windows\System\smtDvks.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\FWJYozL.exe
  C:\Windows\System\FWJYozL.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\SRonyxG.exe
  C:\Windows\System\SRonyxG.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\HcLoMws.exe
  C:\Windows\System\HcLoMws.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\NJHeSES.exe
  C:\Windows\System\NJHeSES.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\uxUlEZd.exe
  C:\Windows\System\uxUlEZd.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\SEEsWDG.exe
  C:\Windows\System\SEEsWDG.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\slrqRWH.exe
  C:\Windows\System\slrqRWH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\zQfxoaF.exe
  C:\Windows\System\zQfxoaF.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\riooBrb.exe
  C:\Windows\System\riooBrb.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\gZfcnca.exe
  C:\Windows\System\gZfcnca.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\QlRjGQV.exe
  C:\Windows\System\QlRjGQV.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\LHnnUkX.exe
  C:\Windows\System\LHnnUkX.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\zVzwrVu.exe
  C:\Windows\System\zVzwrVu.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\oosvNMw.exe
  C:\Windows\System\oosvNMw.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\rQPpuCi.exe
  C:\Windows\System\rQPpuCi.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\MotjPAu.exe
  C:\Windows\System\MotjPAu.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\lawHtjF.exe
  C:\Windows\System\lawHtjF.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\pZookgA.exe
  C:\Windows\System\pZookgA.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\gXScxkO.exe
  C:\Windows\System\gXScxkO.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\rFPSjSP.exe
  C:\Windows\System\rFPSjSP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\vbqxXKK.exe
  C:\Windows\System\vbqxXKK.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\GGIovcy.exe
  C:\Windows\System\GGIovcy.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\YlPnAdv.exe
  C:\Windows\System\YlPnAdv.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\TlAjBaK.exe
  C:\Windows\System\TlAjBaK.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\GanKMNW.exe
  C:\Windows\System\GanKMNW.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\tZukyId.exe
  C:\Windows\System\tZukyId.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\bWtFXrg.exe
  C:\Windows\System\bWtFXrg.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\xZAPzRs.exe
  C:\Windows\System\xZAPzRs.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\LSKuylz.exe
  C:\Windows\System\LSKuylz.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ksvGvmV.exe
  C:\Windows\System\ksvGvmV.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ZdHmDyF.exe
  C:\Windows\System\ZdHmDyF.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\psMVinP.exe
  C:\Windows\System\psMVinP.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\xKKaaBs.exe
  C:\Windows\System\xKKaaBs.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\jJPGRUH.exe
  C:\Windows\System\jJPGRUH.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\bPUTbWT.exe
  C:\Windows\System\bPUTbWT.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xApWFWA.exe
  C:\Windows\System\xApWFWA.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\JjzyhUF.exe
  C:\Windows\System\JjzyhUF.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\UilQFJW.exe
  C:\Windows\System\UilQFJW.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\PtOgjkd.exe
  C:\Windows\System\PtOgjkd.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\kGajEHK.exe
  C:\Windows\System\kGajEHK.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\bnbbaiM.exe
  C:\Windows\System\bnbbaiM.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ylYVFgt.exe
  C:\Windows\System\ylYVFgt.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\JoLuHfX.exe
  C:\Windows\System\JoLuHfX.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HUcwqFr.exe
  C:\Windows\System\HUcwqFr.exe
  2⤵
  PID:704
- C:\Windows\System\SbtYgqS.exe
  C:\Windows\System\SbtYgqS.exe
  2⤵
  PID:1968
- C:\Windows\System\yZPXdgg.exe
  C:\Windows\System\yZPXdgg.exe
  2⤵
  PID:1920
- C:\Windows\System\AYMOcfC.exe
  C:\Windows\System\AYMOcfC.exe
  2⤵
  PID:1928
- C:\Windows\System\ZDNlbNV.exe
  C:\Windows\System\ZDNlbNV.exe
  2⤵
  PID:3060
- C:\Windows\System\crEFjlb.exe
  C:\Windows\System\crEFjlb.exe
  2⤵
  PID:2932
- C:\Windows\System\POAgFAx.exe
  C:\Windows\System\POAgFAx.exe
  2⤵
  PID:3040
- C:\Windows\System\SRKwXNx.exe
  C:\Windows\System\SRKwXNx.exe
  2⤵
  PID:1580
- C:\Windows\System\EYtyduJ.exe
  C:\Windows\System\EYtyduJ.exe
  2⤵
  PID:1724
- C:\Windows\System\lSFBLjh.exe
  C:\Windows\System\lSFBLjh.exe
  2⤵
  PID:2812
- C:\Windows\System\oProgNA.exe
  C:\Windows\System\oProgNA.exe
  2⤵
  PID:2360
- C:\Windows\System\HJInWqE.exe
  C:\Windows\System\HJInWqE.exe
  2⤵
  PID:2604
- C:\Windows\System\PzdQOwE.exe
  C:\Windows\System\PzdQOwE.exe
  2⤵
  PID:2824
- C:\Windows\System\cuhcpPm.exe
  C:\Windows\System\cuhcpPm.exe
  2⤵
  PID:2564
- C:\Windows\System\IrwKiuk.exe
  C:\Windows\System\IrwKiuk.exe
  2⤵
  PID:3008
- C:\Windows\System\tNGFLjp.exe
  C:\Windows\System\tNGFLjp.exe
  2⤵
  PID:1716
- C:\Windows\System\knEtSAg.exe
  C:\Windows\System\knEtSAg.exe
  2⤵
  PID:1508
- C:\Windows\System\ipfxIou.exe
  C:\Windows\System\ipfxIou.exe
  2⤵
  PID:2220
- C:\Windows\System\MEqOaYZ.exe
  C:\Windows\System\MEqOaYZ.exe
  2⤵
  PID:536
- C:\Windows\System\njFautt.exe
  C:\Windows\System\njFautt.exe
  2⤵
  PID:532
- C:\Windows\System\KjTksss.exe
  C:\Windows\System\KjTksss.exe
  2⤵
  PID:592
- C:\Windows\System\MkaNJVl.exe
  C:\Windows\System\MkaNJVl.exe
  2⤵
  PID:304
- C:\Windows\System\dtERrMc.exe
  C:\Windows\System\dtERrMc.exe
  2⤵
  PID:2332
- C:\Windows\System\JLLWbkU.exe
  C:\Windows\System\JLLWbkU.exe
  2⤵
  PID:580
- C:\Windows\System\gBxweoj.exe
  C:\Windows\System\gBxweoj.exe
  2⤵
  PID:1752
- C:\Windows\System\CkgmJcl.exe
  C:\Windows\System\CkgmJcl.exe
  2⤵
  PID:1892
- C:\Windows\System\dxOrSxp.exe
  C:\Windows\System\dxOrSxp.exe
  2⤵
  PID:2344
- C:\Windows\System\TeZhQbz.exe
  C:\Windows\System\TeZhQbz.exe
  2⤵
  PID:2112
- C:\Windows\System\SOlyLnG.exe
  C:\Windows\System\SOlyLnG.exe
  2⤵
  PID:2104
- C:\Windows\System\uTEVgAr.exe
  C:\Windows\System\uTEVgAr.exe
  2⤵
  PID:960
- C:\Windows\System\wauImsG.exe
  C:\Windows\System\wauImsG.exe
  2⤵
  PID:1432
- C:\Windows\System\YeXXFmN.exe
  C:\Windows\System\YeXXFmN.exe
  2⤵
  PID:2460
- C:\Windows\System\LplVofz.exe
  C:\Windows\System\LplVofz.exe
  2⤵
  PID:956
- C:\Windows\System\zYSEVPT.exe
  C:\Windows\System\zYSEVPT.exe
  2⤵
  PID:2356
- C:\Windows\System\KGpSiAK.exe
  C:\Windows\System\KGpSiAK.exe
  2⤵
  PID:1564
- C:\Windows\System\xbqDxwe.exe
  C:\Windows\System\xbqDxwe.exe
  2⤵
  PID:2668
- C:\Windows\System\TLTCPTt.exe
  C:\Windows\System\TLTCPTt.exe
  2⤵
  PID:2300
- C:\Windows\System\fHUKskZ.exe
  C:\Windows\System\fHUKskZ.exe
  2⤵
  PID:1820
- C:\Windows\System\llQKUYU.exe
  C:\Windows\System\llQKUYU.exe
  2⤵
  PID:2328
- C:\Windows\System\EqXeQkS.exe
  C:\Windows\System\EqXeQkS.exe
  2⤵
  PID:2744
- C:\Windows\System\RABuOPm.exe
  C:\Windows\System\RABuOPm.exe
  2⤵
  PID:2140
- C:\Windows\System\SfpuVhS.exe
  C:\Windows\System\SfpuVhS.exe
  2⤵
  PID:1012
- C:\Windows\System\YswDgem.exe
  C:\Windows\System\YswDgem.exe
  2⤵
  PID:2072
- C:\Windows\System\UDpxieT.exe
  C:\Windows\System\UDpxieT.exe
  2⤵
  PID:1948
- C:\Windows\System\rutokvf.exe
  C:\Windows\System\rutokvf.exe
  2⤵
  PID:1428
- C:\Windows\System\gzQnxqx.exe
  C:\Windows\System\gzQnxqx.exe
  2⤵
  PID:2696
- C:\Windows\System\BckijTL.exe
  C:\Windows\System\BckijTL.exe
  2⤵
  PID:2788
- C:\Windows\System\vuHjRsU.exe
  C:\Windows\System\vuHjRsU.exe
  2⤵
  PID:2936
- C:\Windows\System\mcXFqho.exe
  C:\Windows\System\mcXFqho.exe
  2⤵
  PID:2624
- C:\Windows\System\KGVuxZL.exe
  C:\Windows\System\KGVuxZL.exe
  2⤵
  PID:3020
- C:\Windows\System\cmJkwhs.exe
  C:\Windows\System\cmJkwhs.exe
  2⤵
  PID:1092
- C:\Windows\System\aaRCbET.exe
  C:\Windows\System\aaRCbET.exe
  2⤵
  PID:2228
- C:\Windows\System\KQhrHXE.exe
  C:\Windows\System\KQhrHXE.exe
  2⤵
  PID:1744
- C:\Windows\System\YIBxdfw.exe
  C:\Windows\System\YIBxdfw.exe
  2⤵
  PID:1684
- C:\Windows\System\EPiBNaI.exe
  C:\Windows\System\EPiBNaI.exe
  2⤵
  PID:2288
- C:\Windows\System\OIplMYF.exe
  C:\Windows\System\OIplMYF.exe
  2⤵
  PID:2396
- C:\Windows\System\VVpLhtU.exe
  C:\Windows\System\VVpLhtU.exe
  2⤵
  PID:1896
- C:\Windows\System\BljoyTl.exe
  C:\Windows\System\BljoyTl.exe
  2⤵
  PID:2756
- C:\Windows\System\apSAVbm.exe
  C:\Windows\System\apSAVbm.exe
  2⤵
  PID:340
- C:\Windows\System\BpCbkQx.exe
  C:\Windows\System\BpCbkQx.exe
  2⤵
  PID:1556
- C:\Windows\System\YcmYxep.exe
  C:\Windows\System\YcmYxep.exe
  2⤵
  PID:2156
- C:\Windows\System\nWZRcCX.exe
  C:\Windows\System\nWZRcCX.exe
  2⤵
  PID:1056
- C:\Windows\System\HqsPCov.exe
  C:\Windows\System\HqsPCov.exe
  2⤵
  PID:1548
- C:\Windows\System\QdxrCVo.exe
  C:\Windows\System\QdxrCVo.exe
  2⤵
  PID:1628
- C:\Windows\System\PyWEnhd.exe
  C:\Windows\System\PyWEnhd.exe
  2⤵
  PID:3076
- C:\Windows\System\bKWrrJW.exe
  C:\Windows\System\bKWrrJW.exe
  2⤵
  PID:3092
- C:\Windows\System\hkaOwVR.exe
  C:\Windows\System\hkaOwVR.exe
  2⤵
  PID:3108
- C:\Windows\System\aSjiUag.exe
  C:\Windows\System\aSjiUag.exe
  2⤵
  PID:3124
- C:\Windows\System\KqHRLkh.exe
  C:\Windows\System\KqHRLkh.exe
  2⤵
  PID:3140
- C:\Windows\System\CHJKLzl.exe
  C:\Windows\System\CHJKLzl.exe
  2⤵
  PID:3156
- C:\Windows\System\xEfycnF.exe
  C:\Windows\System\xEfycnF.exe
  2⤵
  PID:3172
- C:\Windows\System\OlNJMSv.exe
  C:\Windows\System\OlNJMSv.exe
  2⤵
  PID:3188
- C:\Windows\System\gFmGjRM.exe
  C:\Windows\System\gFmGjRM.exe
  2⤵
  PID:3204
- C:\Windows\System\nNoHdyK.exe
  C:\Windows\System\nNoHdyK.exe
  2⤵
  PID:3220
- C:\Windows\System\tkPEJzN.exe
  C:\Windows\System\tkPEJzN.exe
  2⤵
  PID:3236
- C:\Windows\System\BsBBXiz.exe
  C:\Windows\System\BsBBXiz.exe
  2⤵
  PID:3252
- C:\Windows\System\RhPDfDb.exe
  C:\Windows\System\RhPDfDb.exe
  2⤵
  PID:3268
- C:\Windows\System\ZhIRRnc.exe
  C:\Windows\System\ZhIRRnc.exe
  2⤵
  PID:3284
- C:\Windows\System\UGXzQzz.exe
  C:\Windows\System\UGXzQzz.exe
  2⤵
  PID:3300
- C:\Windows\System\dRsBhcK.exe
  C:\Windows\System\dRsBhcK.exe
  2⤵
  PID:3316
- C:\Windows\System\iCLGPFh.exe
  C:\Windows\System\iCLGPFh.exe
  2⤵
  PID:3332
- C:\Windows\System\WqbgORE.exe
  C:\Windows\System\WqbgORE.exe
  2⤵
  PID:3348
- C:\Windows\System\FTCoBpG.exe
  C:\Windows\System\FTCoBpG.exe
  2⤵
  PID:3364
- C:\Windows\System\cwkoHYd.exe
  C:\Windows\System\cwkoHYd.exe
  2⤵
  PID:3380
- C:\Windows\System\yeYAZPF.exe
  C:\Windows\System\yeYAZPF.exe
  2⤵
  PID:3396
- C:\Windows\System\yKtqgsT.exe
  C:\Windows\System\yKtqgsT.exe
  2⤵
  PID:3412
- C:\Windows\System\hFZsCqQ.exe
  C:\Windows\System\hFZsCqQ.exe
  2⤵
  PID:3428
- C:\Windows\System\lhuMqMw.exe
  C:\Windows\System\lhuMqMw.exe
  2⤵
  PID:3444
- C:\Windows\System\WIMFpZL.exe
  C:\Windows\System\WIMFpZL.exe
  2⤵
  PID:3460
- C:\Windows\System\puoBiae.exe
  C:\Windows\System\puoBiae.exe
  2⤵
  PID:3476
- C:\Windows\System\rHGlTOW.exe
  C:\Windows\System\rHGlTOW.exe
  2⤵
  PID:3492
- C:\Windows\System\YMpNdqD.exe
  C:\Windows\System\YMpNdqD.exe
  2⤵
  PID:3508
- C:\Windows\System\zRsXigY.exe
  C:\Windows\System\zRsXigY.exe
  2⤵
  PID:3524
- C:\Windows\System\IoWXVDq.exe
  C:\Windows\System\IoWXVDq.exe
  2⤵
  PID:3540
- C:\Windows\System\xKnBcxy.exe
  C:\Windows\System\xKnBcxy.exe
  2⤵
  PID:3556
- C:\Windows\System\mWYqjcH.exe
  C:\Windows\System\mWYqjcH.exe
  2⤵
  PID:3572
- C:\Windows\System\rXIfiHq.exe
  C:\Windows\System\rXIfiHq.exe
  2⤵
  PID:3588
- C:\Windows\System\lhFqaAS.exe
  C:\Windows\System\lhFqaAS.exe
  2⤵
  PID:3604
- C:\Windows\System\jvRRzXe.exe
  C:\Windows\System\jvRRzXe.exe
  2⤵
  PID:3620
- C:\Windows\System\XOlplUp.exe
  C:\Windows\System\XOlplUp.exe
  2⤵
  PID:3636
- C:\Windows\System\DwdTndS.exe
  C:\Windows\System\DwdTndS.exe
  2⤵
  PID:3652
- C:\Windows\System\svKKwDY.exe
  C:\Windows\System\svKKwDY.exe
  2⤵
  PID:3668
- C:\Windows\System\YFZcimI.exe
  C:\Windows\System\YFZcimI.exe
  2⤵
  PID:3684
- C:\Windows\System\FXsinUj.exe
  C:\Windows\System\FXsinUj.exe
  2⤵
  PID:3700
- C:\Windows\System\QnkPwoh.exe
  C:\Windows\System\QnkPwoh.exe
  2⤵
  PID:3716
- C:\Windows\System\LxHlXxc.exe
  C:\Windows\System\LxHlXxc.exe
  2⤵
  PID:3732
- C:\Windows\System\YDXcGtk.exe
  C:\Windows\System\YDXcGtk.exe
  2⤵
  PID:3748
- C:\Windows\System\wwxjBJN.exe
  C:\Windows\System\wwxjBJN.exe
  2⤵
  PID:3764
- C:\Windows\System\JptDsIB.exe
  C:\Windows\System\JptDsIB.exe
  2⤵
  PID:3780
- C:\Windows\System\rYFkdBb.exe
  C:\Windows\System\rYFkdBb.exe
  2⤵
  PID:3796
- C:\Windows\System\BPsdiQY.exe
  C:\Windows\System\BPsdiQY.exe
  2⤵
  PID:3812
- C:\Windows\System\CUFLedt.exe
  C:\Windows\System\CUFLedt.exe
  2⤵
  PID:3828
- C:\Windows\System\HHzfEvX.exe
  C:\Windows\System\HHzfEvX.exe
  2⤵
  PID:3844
- C:\Windows\System\bEbdZlV.exe
  C:\Windows\System\bEbdZlV.exe
  2⤵
  PID:3860
- C:\Windows\System\CWDytgA.exe
  C:\Windows\System\CWDytgA.exe
  2⤵
  PID:3876
- C:\Windows\System\sUUjRnw.exe
  C:\Windows\System\sUUjRnw.exe
  2⤵
  PID:3892
- C:\Windows\System\VpOZcqC.exe
  C:\Windows\System\VpOZcqC.exe
  2⤵
  PID:3908
- C:\Windows\System\XtURlvb.exe
  C:\Windows\System\XtURlvb.exe
  2⤵
  PID:3924
- C:\Windows\System\ucesfOI.exe
  C:\Windows\System\ucesfOI.exe
  2⤵
  PID:3944
- C:\Windows\System\jDBWZps.exe
  C:\Windows\System\jDBWZps.exe
  2⤵
  PID:3960
- C:\Windows\System\CWWinFE.exe
  C:\Windows\System\CWWinFE.exe
  2⤵
  PID:3976
- C:\Windows\System\jmSlHdK.exe
  C:\Windows\System\jmSlHdK.exe
  2⤵
  PID:3992
- C:\Windows\System\PnqyOEs.exe
  C:\Windows\System\PnqyOEs.exe
  2⤵
  PID:4008
- C:\Windows\System\XQkXEVN.exe
  C:\Windows\System\XQkXEVN.exe
  2⤵
  PID:4024
- C:\Windows\System\ORKoedK.exe
  C:\Windows\System\ORKoedK.exe
  2⤵
  PID:4040
- C:\Windows\System\IJJMgri.exe
  C:\Windows\System\IJJMgri.exe
  2⤵
  PID:4056
- C:\Windows\System\stxfQfc.exe
  C:\Windows\System\stxfQfc.exe
  2⤵
  PID:4072
- C:\Windows\System\VHRAEvW.exe
  C:\Windows\System\VHRAEvW.exe
  2⤵
  PID:4088
- C:\Windows\System\rcFhmOG.exe
  C:\Windows\System\rcFhmOG.exe
  2⤵
  PID:2780
- C:\Windows\System\BTikClE.exe
  C:\Windows\System\BTikClE.exe
  2⤵
  PID:2892
- C:\Windows\System\rhzsPar.exe
  C:\Windows\System\rhzsPar.exe
  2⤵
  PID:2956
- C:\Windows\System\kBoPNLF.exe
  C:\Windows\System\kBoPNLF.exe
  2⤵
  PID:2380
- C:\Windows\System\mhBMvyP.exe
  C:\Windows\System\mhBMvyP.exe
  2⤵
  PID:2428
- C:\Windows\System\zIwwtvJ.exe
  C:\Windows\System\zIwwtvJ.exe
  2⤵
  PID:1540
- C:\Windows\System\jFLsJAk.exe
  C:\Windows\System\jFLsJAk.exe
  2⤵
  PID:2996
- C:\Windows\System\ZTHsGwO.exe
  C:\Windows\System\ZTHsGwO.exe
  2⤵
  PID:788
- C:\Windows\System\JmgAkSi.exe
  C:\Windows\System\JmgAkSi.exe
  2⤵
  PID:2988
- C:\Windows\System\niKfrJp.exe
  C:\Windows\System\niKfrJp.exe
  2⤵
  PID:3084
- C:\Windows\System\ghVyDuX.exe
  C:\Windows\System\ghVyDuX.exe
  2⤵
  PID:3116
- C:\Windows\System\LrfMxsF.exe
  C:\Windows\System\LrfMxsF.exe
  2⤵
  PID:3152
- C:\Windows\System\JltSlGk.exe
  C:\Windows\System\JltSlGk.exe
  2⤵
  PID:3164
- C:\Windows\System\aQoDoRm.exe
  C:\Windows\System\aQoDoRm.exe
  2⤵
  PID:3212
- C:\Windows\System\wBfpMBy.exe
  C:\Windows\System\wBfpMBy.exe
  2⤵
  PID:3228
- C:\Windows\System\GNxbixr.exe
  C:\Windows\System\GNxbixr.exe
  2⤵
  PID:3260
- C:\Windows\System\vVQalrm.exe
  C:\Windows\System\vVQalrm.exe
  2⤵
  PID:3292
- C:\Windows\System\ctDzzPc.exe
  C:\Windows\System\ctDzzPc.exe
  2⤵
  PID:3324
- C:\Windows\System\YLBlgCA.exe
  C:\Windows\System\YLBlgCA.exe
  2⤵
  PID:3372
- C:\Windows\System\lGffWos.exe
  C:\Windows\System\lGffWos.exe
  2⤵
  PID:3404
- C:\Windows\System\caAWufY.exe
  C:\Windows\System\caAWufY.exe
  2⤵
  PID:3436
- C:\Windows\System\FXZsuNX.exe
  C:\Windows\System\FXZsuNX.exe
  2⤵
  PID:3472
- C:\Windows\System\MIXkDho.exe
  C:\Windows\System\MIXkDho.exe
  2⤵
  PID:3488
- C:\Windows\System\XMngWbW.exe
  C:\Windows\System\XMngWbW.exe
  2⤵
  PID:3536
- C:\Windows\System\hrcEXwK.exe
  C:\Windows\System\hrcEXwK.exe
  2⤵
  PID:3552
- C:\Windows\System\SdSzQcv.exe
  C:\Windows\System\SdSzQcv.exe
  2⤵
  PID:3584
- C:\Windows\System\CkxhXbU.exe
  C:\Windows\System\CkxhXbU.exe
  2⤵
  PID:3616
- C:\Windows\System\QRhBMGm.exe
  C:\Windows\System\QRhBMGm.exe
  2⤵
  PID:3648
- C:\Windows\System\mudKZpD.exe
  C:\Windows\System\mudKZpD.exe
  2⤵
  PID:3696
- C:\Windows\System\vpoeQLM.exe
  C:\Windows\System\vpoeQLM.exe
  2⤵
  PID:3680
- C:\Windows\System\ONsTTBE.exe
  C:\Windows\System\ONsTTBE.exe
  2⤵
  PID:3744
- C:\Windows\System\aTgoaeC.exe
  C:\Windows\System\aTgoaeC.exe
  2⤵
  PID:3776
- C:\Windows\System\rdvqmFw.exe
  C:\Windows\System\rdvqmFw.exe
  2⤵
  PID:3808
- C:\Windows\System\BmSWkSD.exe
  C:\Windows\System\BmSWkSD.exe
  2⤵
  PID:3840
- C:\Windows\System\KYsuspq.exe
  C:\Windows\System\KYsuspq.exe
  2⤵
  PID:3872
- C:\Windows\System\aQuoouc.exe
  C:\Windows\System\aQuoouc.exe
  2⤵
  PID:3904
- C:\Windows\System\iOebfQU.exe
  C:\Windows\System\iOebfQU.exe
  2⤵
  PID:3956
- C:\Windows\System\OsZyzrK.exe
  C:\Windows\System\OsZyzrK.exe
  2⤵
  PID:3972
- C:\Windows\System\UcAbFtu.exe
  C:\Windows\System\UcAbFtu.exe
  2⤵
  PID:4000
- C:\Windows\System\VifYHnV.exe
  C:\Windows\System\VifYHnV.exe
  2⤵
  PID:4052
- C:\Windows\System\mSwlYEr.exe
  C:\Windows\System\mSwlYEr.exe
  2⤵
  PID:4084
- C:\Windows\System\rEwPZjn.exe
  C:\Windows\System\rEwPZjn.exe
  2⤵
  PID:2640
- C:\Windows\System\dMVjPef.exe
  C:\Windows\System\dMVjPef.exe
  2⤵
  PID:644
- C:\Windows\System\tRVXfav.exe
  C:\Windows\System\tRVXfav.exe
  2⤵
  PID:1980
- C:\Windows\System\qhYZrho.exe
  C:\Windows\System\qhYZrho.exe
  2⤵
  PID:2476
- C:\Windows\System\OQMKiek.exe
  C:\Windows\System\OQMKiek.exe
  2⤵
  PID:1940
- C:\Windows\System\RlhVjPs.exe
  C:\Windows\System\RlhVjPs.exe
  2⤵
  PID:3104
- C:\Windows\System\WsmjsGo.exe
  C:\Windows\System\WsmjsGo.exe
  2⤵
  PID:3248
- C:\Windows\System\dtgCwOt.exe
  C:\Windows\System\dtgCwOt.exe
  2⤵
  PID:3360
- C:\Windows\System\ufkWkYP.exe
  C:\Windows\System\ufkWkYP.exe
  2⤵
  PID:3388
- C:\Windows\System\LfYxumV.exe
  C:\Windows\System\LfYxumV.exe
  2⤵
  PID:3308
- C:\Windows\System\hlMEdEw.exe
  C:\Windows\System\hlMEdEw.exe
  2⤵
  PID:3420
- C:\Windows\System\qERAthR.exe
  C:\Windows\System\qERAthR.exe
  2⤵
  PID:3532
- C:\Windows\System\xKsdYFB.exe
  C:\Windows\System\xKsdYFB.exe
  2⤵
  PID:3664
- C:\Windows\System\gdWYncY.exe
  C:\Windows\System\gdWYncY.exe
  2⤵
  PID:3548
- C:\Windows\System\ijpVnmM.exe
  C:\Windows\System\ijpVnmM.exe
  2⤵
  PID:3712
- C:\Windows\System\yzRsjPW.exe
  C:\Windows\System\yzRsjPW.exe
  2⤵
  PID:3788
- C:\Windows\System\fnYcgbt.exe
  C:\Windows\System\fnYcgbt.exe
  2⤵
  PID:3900
- C:\Windows\System\RylUGRa.exe
  C:\Windows\System\RylUGRa.exe
  2⤵
  PID:3820
- C:\Windows\System\hrLHroz.exe
  C:\Windows\System\hrLHroz.exe
  2⤵
  PID:3836
- C:\Windows\System\nLoqUnP.exe
  C:\Windows\System\nLoqUnP.exe
  2⤵
  PID:4020
- C:\Windows\System\KDyTOPg.exe
  C:\Windows\System\KDyTOPg.exe
  2⤵
  PID:2720
- C:\Windows\System\xZgaJHE.exe
  C:\Windows\System\xZgaJHE.exe
  2⤵
  PID:4080
- C:\Windows\System\VPQfHAu.exe
  C:\Windows\System\VPQfHAu.exe
  2⤵
  PID:2980
- C:\Windows\System\PZeKARB.exe
  C:\Windows\System\PZeKARB.exe
  2⤵
  PID:4108
- C:\Windows\System\mmxImPb.exe
  C:\Windows\System\mmxImPb.exe
  2⤵
  PID:4124
- C:\Windows\System\LEAYCeb.exe
  C:\Windows\System\LEAYCeb.exe
  2⤵
  PID:4140
- C:\Windows\System\rjhENZR.exe
  C:\Windows\System\rjhENZR.exe
  2⤵
  PID:4156
- C:\Windows\System\TjNFntR.exe
  C:\Windows\System\TjNFntR.exe
  2⤵
  PID:4172
- C:\Windows\System\xsvbpgh.exe
  C:\Windows\System\xsvbpgh.exe
  2⤵
  PID:4188
- C:\Windows\System\gSooTSy.exe
  C:\Windows\System\gSooTSy.exe
  2⤵
  PID:4204
- C:\Windows\System\lbwivNC.exe
  C:\Windows\System\lbwivNC.exe
  2⤵
  PID:4220
- C:\Windows\System\VnKyXEY.exe
  C:\Windows\System\VnKyXEY.exe
  2⤵
  PID:4236
- C:\Windows\System\yUarVIU.exe
  C:\Windows\System\yUarVIU.exe
  2⤵
  PID:4252
- C:\Windows\System\dNHfALL.exe
  C:\Windows\System\dNHfALL.exe
  2⤵
  PID:4268
- C:\Windows\System\VajwuPe.exe
  C:\Windows\System\VajwuPe.exe
  2⤵
  PID:4284
- C:\Windows\System\WqBrSge.exe
  C:\Windows\System\WqBrSge.exe
  2⤵
  PID:4300
- C:\Windows\System\raZhpNa.exe
  C:\Windows\System\raZhpNa.exe
  2⤵
  PID:4316
- C:\Windows\System\QjVzXco.exe
  C:\Windows\System\QjVzXco.exe
  2⤵
  PID:4332
- C:\Windows\System\eIaTkpK.exe
  C:\Windows\System\eIaTkpK.exe
  2⤵
  PID:4348
- C:\Windows\System\gLqfSwx.exe
  C:\Windows\System\gLqfSwx.exe
  2⤵
  PID:4364
- C:\Windows\System\dlCHBHh.exe
  C:\Windows\System\dlCHBHh.exe
  2⤵
  PID:4380
- C:\Windows\System\ytMczeQ.exe
  C:\Windows\System\ytMczeQ.exe
  2⤵
  PID:4396
- C:\Windows\System\niEWEex.exe
  C:\Windows\System\niEWEex.exe
  2⤵
  PID:4412
- C:\Windows\System\wTvrjWc.exe
  C:\Windows\System\wTvrjWc.exe
  2⤵
  PID:4428
- C:\Windows\System\osKHOIf.exe
  C:\Windows\System\osKHOIf.exe
  2⤵
  PID:4444
- C:\Windows\System\MnftLNb.exe
  C:\Windows\System\MnftLNb.exe
  2⤵
  PID:4460
- C:\Windows\System\cZsepik.exe
  C:\Windows\System\cZsepik.exe
  2⤵
  PID:4476
- C:\Windows\System\nNlTSJA.exe
  C:\Windows\System\nNlTSJA.exe
  2⤵
  PID:4492
- C:\Windows\System\xFgUttC.exe
  C:\Windows\System\xFgUttC.exe
  2⤵
  PID:4512
- C:\Windows\System\MiIPccO.exe
  C:\Windows\System\MiIPccO.exe
  2⤵
  PID:4528
- C:\Windows\System\cpjipAc.exe
  C:\Windows\System\cpjipAc.exe
  2⤵
  PID:4544
- C:\Windows\System\IRdENND.exe
  C:\Windows\System\IRdENND.exe
  2⤵
  PID:4560
- C:\Windows\System\fVfGhVB.exe
  C:\Windows\System\fVfGhVB.exe
  2⤵
  PID:4576
- C:\Windows\System\DwvpBKS.exe
  C:\Windows\System\DwvpBKS.exe
  2⤵
  PID:4592
- C:\Windows\System\sCTERXm.exe
  C:\Windows\System\sCTERXm.exe
  2⤵
  PID:4608
- C:\Windows\System\cWcVwRa.exe
  C:\Windows\System\cWcVwRa.exe
  2⤵
  PID:4624
- C:\Windows\System\jmDqRKQ.exe
  C:\Windows\System\jmDqRKQ.exe
  2⤵
  PID:4640
- C:\Windows\System\PIXGlMw.exe
  C:\Windows\System\PIXGlMw.exe
  2⤵
  PID:4656
- C:\Windows\System\giADkJB.exe
  C:\Windows\System\giADkJB.exe
  2⤵
  PID:4672
- C:\Windows\System\WzSeXNn.exe
  C:\Windows\System\WzSeXNn.exe
  2⤵
  PID:4688
- C:\Windows\System\kvWfJNf.exe
  C:\Windows\System\kvWfJNf.exe
  2⤵
  PID:4704
- C:\Windows\System\QrcnnKk.exe
  C:\Windows\System\QrcnnKk.exe
  2⤵
  PID:4720
- C:\Windows\System\yCWaeqw.exe
  C:\Windows\System\yCWaeqw.exe
  2⤵
  PID:4736
- C:\Windows\System\VlSftFI.exe
  C:\Windows\System\VlSftFI.exe
  2⤵
  PID:4752
- C:\Windows\System\oRVHUWr.exe
  C:\Windows\System\oRVHUWr.exe
  2⤵
  PID:4768
- C:\Windows\System\lCDhVgX.exe
  C:\Windows\System\lCDhVgX.exe
  2⤵
  PID:4784
- C:\Windows\System\dyDzDoH.exe
  C:\Windows\System\dyDzDoH.exe
  2⤵
  PID:4800
- C:\Windows\System\dAmZGtF.exe
  C:\Windows\System\dAmZGtF.exe
  2⤵
  PID:4816
- C:\Windows\System\mELpWdA.exe
  C:\Windows\System\mELpWdA.exe
  2⤵
  PID:4832
- C:\Windows\System\FjbheQg.exe
  C:\Windows\System\FjbheQg.exe
  2⤵
  PID:4848
- C:\Windows\System\pJahmij.exe
  C:\Windows\System\pJahmij.exe
  2⤵
  PID:4864
- C:\Windows\System\CfaGNzS.exe
  C:\Windows\System\CfaGNzS.exe
  2⤵
  PID:4880
- C:\Windows\System\QApOMmv.exe
  C:\Windows\System\QApOMmv.exe
  2⤵
  PID:4896
- C:\Windows\System\pmkEoVr.exe
  C:\Windows\System\pmkEoVr.exe
  2⤵
  PID:4912
- C:\Windows\System\reOunzk.exe
  C:\Windows\System\reOunzk.exe
  2⤵
  PID:4928
- C:\Windows\System\NcIHist.exe
  C:\Windows\System\NcIHist.exe
  2⤵
  PID:4944
- C:\Windows\System\ULeqoZO.exe
  C:\Windows\System\ULeqoZO.exe
  2⤵
  PID:4960
- C:\Windows\System\iOMBSPy.exe
  C:\Windows\System\iOMBSPy.exe
  2⤵
  PID:4976
- C:\Windows\System\rkbPgTa.exe
  C:\Windows\System\rkbPgTa.exe
  2⤵
  PID:4992
- C:\Windows\System\PrpYeHc.exe
  C:\Windows\System\PrpYeHc.exe
  2⤵
  PID:5008
- C:\Windows\System\FrdaqIc.exe
  C:\Windows\System\FrdaqIc.exe
  2⤵
  PID:5024
- C:\Windows\System\WjDvDJR.exe
  C:\Windows\System\WjDvDJR.exe
  2⤵
  PID:5040
- C:\Windows\System\QNAUfVd.exe
  C:\Windows\System\QNAUfVd.exe
  2⤵
  PID:5056
- C:\Windows\System\JaqXVRS.exe
  C:\Windows\System\JaqXVRS.exe
  2⤵
  PID:5072
- C:\Windows\System\HxcjePt.exe
  C:\Windows\System\HxcjePt.exe
  2⤵
  PID:5088
- C:\Windows\System\Ksrfohz.exe
  C:\Windows\System\Ksrfohz.exe
  2⤵
  PID:5104
- C:\Windows\System\iZXkeNj.exe
  C:\Windows\System\iZXkeNj.exe
  2⤵
  PID:1560
- C:\Windows\System\ImDYjRE.exe
  C:\Windows\System\ImDYjRE.exe
  2⤵
  PID:3180
- C:\Windows\System\VeMXZSq.exe
  C:\Windows\System\VeMXZSq.exe
  2⤵
  PID:3200
- C:\Windows\System\xAYzCqH.exe
  C:\Windows\System\xAYzCqH.exe
  2⤵
  PID:3596
- C:\Windows\System\NUkWjRY.exe
  C:\Windows\System\NUkWjRY.exe
  2⤵
  PID:3628
- C:\Windows\System\zCQlzOV.exe
  C:\Windows\System\zCQlzOV.exe
  2⤵
  PID:3756
- C:\Windows\System\bvQODPw.exe
  C:\Windows\System\bvQODPw.exe
  2⤵
  PID:3856
- C:\Windows\System\CbCggxI.exe
  C:\Windows\System\CbCggxI.exe
  2⤵
  PID:3932
- C:\Windows\System\gIFPZhc.exe
  C:\Windows\System\gIFPZhc.exe
  2⤵
  PID:2916
- C:\Windows\System\avmUkos.exe
  C:\Windows\System\avmUkos.exe
  2⤵
  PID:4100
- C:\Windows\System\CUOgAyN.exe
  C:\Windows\System\CUOgAyN.exe
  2⤵
  PID:4104
- C:\Windows\System\siQPuUE.exe
  C:\Windows\System\siQPuUE.exe
  2⤵
  PID:4136
- C:\Windows\System\ANzMFsH.exe
  C:\Windows\System\ANzMFsH.exe
  2⤵
  PID:4168
- C:\Windows\System\WlRnQOp.exe
  C:\Windows\System\WlRnQOp.exe
  2⤵
  PID:4216
- C:\Windows\System\pcbYHCC.exe
  C:\Windows\System\pcbYHCC.exe
  2⤵
  PID:4248
- C:\Windows\System\AZgdvRQ.exe
  C:\Windows\System\AZgdvRQ.exe
  2⤵
  PID:4280
- C:\Windows\System\IMRnOxS.exe
  C:\Windows\System\IMRnOxS.exe
  2⤵
  PID:4340
- C:\Windows\System\CFdVhGM.exe
  C:\Windows\System\CFdVhGM.exe
  2⤵
  PID:4344
- C:\Windows\System\ovAOCMs.exe
  C:\Windows\System\ovAOCMs.exe
  2⤵
  PID:4376
- C:\Windows\System\ChhxHWk.exe
  C:\Windows\System\ChhxHWk.exe
  2⤵
  PID:4408
- C:\Windows\System\AHCKXiy.exe
  C:\Windows\System\AHCKXiy.exe
  2⤵
  PID:4440
- C:\Windows\System\aflPgEs.exe
  C:\Windows\System\aflPgEs.exe
  2⤵
  PID:4472
- C:\Windows\System\jgIufIu.exe
  C:\Windows\System\jgIufIu.exe
  2⤵
  PID:4488
- C:\Windows\System\EerykbZ.exe
  C:\Windows\System\EerykbZ.exe
  2⤵
  PID:4524
- C:\Windows\System\SgwMVNk.exe
  C:\Windows\System\SgwMVNk.exe
  2⤵
  PID:4572
- C:\Windows\System\ePsrHLe.exe
  C:\Windows\System\ePsrHLe.exe
  2⤵
  PID:4632
- C:\Windows\System\WYlPmyS.exe
  C:\Windows\System\WYlPmyS.exe
  2⤵
  PID:4648
- C:\Windows\System\bVaEtMG.exe
  C:\Windows\System\bVaEtMG.exe
  2⤵
  PID:4696
- C:\Windows\System\wOqHUbJ.exe
  C:\Windows\System\wOqHUbJ.exe
  2⤵
  PID:4712
- C:\Windows\System\fZsstQU.exe
  C:\Windows\System\fZsstQU.exe
  2⤵
  PID:4744
- C:\Windows\System\ucAuMdm.exe
  C:\Windows\System\ucAuMdm.exe
  2⤵
  PID:4776
- C:\Windows\System\AfLkRYG.exe
  C:\Windows\System\AfLkRYG.exe
  2⤵
  PID:4828
- C:\Windows\System\tKxbPgL.exe
  C:\Windows\System\tKxbPgL.exe
  2⤵
  PID:4840
- C:\Windows\System\kWfpgKi.exe
  C:\Windows\System\kWfpgKi.exe
  2⤵
  PID:4872
- C:\Windows\System\zXPMPvy.exe
  C:\Windows\System\zXPMPvy.exe
  2⤵
  PID:4904
- C:\Windows\System\WBUMbSP.exe
  C:\Windows\System\WBUMbSP.exe
  2⤵
  PID:4936
- C:\Windows\System\zzXMvaK.exe
  C:\Windows\System\zzXMvaK.exe
  2⤵
  PID:4968
- C:\Windows\System\NslAnvL.exe
  C:\Windows\System\NslAnvL.exe
  2⤵
  PID:4988
- C:\Windows\System\irvgENg.exe
  C:\Windows\System\irvgENg.exe
  2⤵
  PID:5020
- C:\Windows\System\QWEDrsV.exe
  C:\Windows\System\QWEDrsV.exe
  2⤵
  PID:5064
- C:\Windows\System\KswCaYE.exe
  C:\Windows\System\KswCaYE.exe
  2⤵
  PID:5084
- C:\Windows\System\YfEClAA.exe
  C:\Windows\System\YfEClAA.exe
  2⤵
  PID:5100
- C:\Windows\System\sMcSaYV.exe
  C:\Windows\System\sMcSaYV.exe
  2⤵
  PID:3452
- C:\Windows\System\AyHWHtY.exe
  C:\Windows\System\AyHWHtY.exe
  2⤵
  PID:3280
- C:\Windows\System\ZOWTloH.exe
  C:\Windows\System\ZOWTloH.exe
  2⤵
  PID:3564
- C:\Windows\System\SrzEikW.exe
  C:\Windows\System\SrzEikW.exe
  2⤵
  PID:3952
- C:\Windows\System\ZIEYkhf.exe
  C:\Windows\System\ZIEYkhf.exe
  2⤵
  PID:4116
- C:\Windows\System\llGygSu.exe
  C:\Windows\System\llGygSu.exe
  2⤵
  PID:4232
- C:\Windows\System\iMgFcFI.exe
  C:\Windows\System\iMgFcFI.exe
  2⤵
  PID:4200
- C:\Windows\System\Atqypif.exe
  C:\Windows\System\Atqypif.exe
  2⤵
  PID:4312
- C:\Windows\System\EvURIZf.exe
  C:\Windows\System\EvURIZf.exe
  2⤵
  PID:4436
- C:\Windows\System\OSXFtae.exe
  C:\Windows\System\OSXFtae.exe
  2⤵
  PID:4568
- C:\Windows\System\UOEIrHC.exe
  C:\Windows\System\UOEIrHC.exe
  2⤵
  PID:4392
- C:\Windows\System\zvigYqa.exe
  C:\Windows\System\zvigYqa.exe
  2⤵
  PID:4700
- C:\Windows\System\fPszvme.exe
  C:\Windows\System\fPszvme.exe
  2⤵
  PID:4540
- C:\Windows\System\QHPuiow.exe
  C:\Windows\System\QHPuiow.exe
  2⤵
  PID:4764
- C:\Windows\System\zYhEGnw.exe
  C:\Windows\System\zYhEGnw.exe
  2⤵
  PID:4892
- C:\Windows\System\IrGcach.exe
  C:\Windows\System\IrGcach.exe
  2⤵
  PID:4796
- C:\Windows\System\dQuLDBh.exe
  C:\Windows\System\dQuLDBh.exe
  2⤵
  PID:4824
- C:\Windows\System\EJcqQFC.exe
  C:\Windows\System\EJcqQFC.exe
  2⤵
  PID:5080
- C:\Windows\System\uXleNzZ.exe
  C:\Windows\System\uXleNzZ.exe
  2⤵
  PID:3392
- C:\Windows\System\BXnjLnp.exe
  C:\Windows\System\BXnjLnp.exe
  2⤵
  PID:4924
- C:\Windows\System\cDnzsap.exe
  C:\Windows\System\cDnzsap.exe
  2⤵
  PID:5032
- C:\Windows\System\vTDEpIh.exe
  C:\Windows\System\vTDEpIh.exe
  2⤵
  PID:5132
- C:\Windows\System\pwZQhqo.exe
  C:\Windows\System\pwZQhqo.exe
  2⤵
  PID:5148
- C:\Windows\System\hXGqkUS.exe
  C:\Windows\System\hXGqkUS.exe
  2⤵
  PID:5164
- C:\Windows\System\zJxQdgP.exe
  C:\Windows\System\zJxQdgP.exe
  2⤵
  PID:5180
- C:\Windows\System\RuLdVmk.exe
  C:\Windows\System\RuLdVmk.exe
  2⤵
  PID:5196
- C:\Windows\System\oKHJHri.exe
  C:\Windows\System\oKHJHri.exe
  2⤵
  PID:5212
- C:\Windows\System\dCXEYwJ.exe
  C:\Windows\System\dCXEYwJ.exe
  2⤵
  PID:5228
- C:\Windows\System\lKaNXfa.exe
  C:\Windows\System\lKaNXfa.exe
  2⤵
  PID:5244
- C:\Windows\System\sAOcnrE.exe
  C:\Windows\System\sAOcnrE.exe
  2⤵
  PID:5260
- C:\Windows\System\pmcKjCX.exe
  C:\Windows\System\pmcKjCX.exe
  2⤵
  PID:5276
- C:\Windows\System\jjgnXZk.exe
  C:\Windows\System\jjgnXZk.exe
  2⤵
  PID:5292
- C:\Windows\System\JSVxmIz.exe
  C:\Windows\System\JSVxmIz.exe
  2⤵
  PID:5308
- C:\Windows\System\hhIlUtV.exe
  C:\Windows\System\hhIlUtV.exe
  2⤵
  PID:5324
- C:\Windows\System\abJZqDe.exe
  C:\Windows\System\abJZqDe.exe
  2⤵
  PID:5340
- C:\Windows\System\gaUVREJ.exe
  C:\Windows\System\gaUVREJ.exe
  2⤵
  PID:5356
- C:\Windows\System\SliYIxY.exe
  C:\Windows\System\SliYIxY.exe
  2⤵
  PID:5372
- C:\Windows\System\YfHheYl.exe
  C:\Windows\System\YfHheYl.exe
  2⤵
  PID:5388
- C:\Windows\System\URcIgUH.exe
  C:\Windows\System\URcIgUH.exe
  2⤵
  PID:5404
- C:\Windows\System\rDVMati.exe
  C:\Windows\System\rDVMati.exe
  2⤵
  PID:5420
- C:\Windows\System\YuVMcwn.exe
  C:\Windows\System\YuVMcwn.exe
  2⤵
  PID:5436
- C:\Windows\System\fyiyLqy.exe
  C:\Windows\System\fyiyLqy.exe
  2⤵
  PID:5452
- C:\Windows\System\qfVPMLq.exe
  C:\Windows\System\qfVPMLq.exe
  2⤵
  PID:5468
- C:\Windows\System\jIuFuDW.exe
  C:\Windows\System\jIuFuDW.exe
  2⤵
  PID:5484
- C:\Windows\System\esHWjSb.exe
  C:\Windows\System\esHWjSb.exe
  2⤵
  PID:5500
- C:\Windows\System\MAtrYzu.exe
  C:\Windows\System\MAtrYzu.exe
  2⤵
  PID:5516
- C:\Windows\System\WssINHN.exe
  C:\Windows\System\WssINHN.exe
  2⤵
  PID:5532
- C:\Windows\System\ZhPXTny.exe
  C:\Windows\System\ZhPXTny.exe
  2⤵
  PID:5548
- C:\Windows\System\FcQRYXE.exe
  C:\Windows\System\FcQRYXE.exe
  2⤵
  PID:5564
- C:\Windows\System\FDzspkf.exe
  C:\Windows\System\FDzspkf.exe
  2⤵
  PID:5580
- C:\Windows\System\xWRFKkd.exe
  C:\Windows\System\xWRFKkd.exe
  2⤵
  PID:5600
- C:\Windows\System\IrzzcoK.exe
  C:\Windows\System\IrzzcoK.exe
  2⤵
  PID:5616
- C:\Windows\System\REtmCWJ.exe
  C:\Windows\System\REtmCWJ.exe
  2⤵
  PID:5632
- C:\Windows\System\KSMLbBC.exe
  C:\Windows\System\KSMLbBC.exe
  2⤵
  PID:5648
- C:\Windows\System\PUCFCIO.exe
  C:\Windows\System\PUCFCIO.exe
  2⤵
  PID:5664
- C:\Windows\System\lbWyHZy.exe
  C:\Windows\System\lbWyHZy.exe
  2⤵
  PID:5680
- C:\Windows\System\RSmcBTy.exe
  C:\Windows\System\RSmcBTy.exe
  2⤵
  PID:5696
- C:\Windows\System\DTdtxPb.exe
  C:\Windows\System\DTdtxPb.exe
  2⤵
  PID:5712
- C:\Windows\System\SwgNsEy.exe
  C:\Windows\System\SwgNsEy.exe
  2⤵
  PID:5728
- C:\Windows\System\ykXYQkE.exe
  C:\Windows\System\ykXYQkE.exe
  2⤵
  PID:5744
- C:\Windows\System\oGKSRew.exe
  C:\Windows\System\oGKSRew.exe
  2⤵
  PID:5760
- C:\Windows\System\swOgxll.exe
  C:\Windows\System\swOgxll.exe
  2⤵
  PID:5776
- C:\Windows\System\ofhQuiF.exe
  C:\Windows\System\ofhQuiF.exe
  2⤵
  PID:5792
- C:\Windows\System\TsgFHQw.exe
  C:\Windows\System\TsgFHQw.exe
  2⤵
  PID:5808
- C:\Windows\System\OgvQhuv.exe
  C:\Windows\System\OgvQhuv.exe
  2⤵
  PID:5824
- C:\Windows\System\oTjSpCn.exe
  C:\Windows\System\oTjSpCn.exe
  2⤵
  PID:5840
- C:\Windows\System\CeKYxZW.exe
  C:\Windows\System\CeKYxZW.exe
  2⤵
  PID:5856
- C:\Windows\System\lZzBuYd.exe
  C:\Windows\System\lZzBuYd.exe
  2⤵
  PID:5872
- C:\Windows\System\EnOQEvp.exe
  C:\Windows\System\EnOQEvp.exe
  2⤵
  PID:5888
- C:\Windows\System\xjjscdA.exe
  C:\Windows\System\xjjscdA.exe
  2⤵
  PID:5904
- C:\Windows\System\VcXAeth.exe
  C:\Windows\System\VcXAeth.exe
  2⤵
  PID:5920
- C:\Windows\System\tGCDPPe.exe
  C:\Windows\System\tGCDPPe.exe
  2⤵
  PID:5936
- C:\Windows\System\xfPSzCZ.exe
  C:\Windows\System\xfPSzCZ.exe
  2⤵
  PID:5952
- C:\Windows\System\JoiofYK.exe
  C:\Windows\System\JoiofYK.exe
  2⤵
  PID:5968
- C:\Windows\System\GavfCNA.exe
  C:\Windows\System\GavfCNA.exe
  2⤵
  PID:5984
- C:\Windows\System\azznhMR.exe
  C:\Windows\System\azznhMR.exe
  2⤵
  PID:6000
- C:\Windows\System\fTYiokW.exe
  C:\Windows\System\fTYiokW.exe
  2⤵
  PID:6016
- C:\Windows\System\OnEMNrl.exe
  C:\Windows\System\OnEMNrl.exe
  2⤵
  PID:6032
- C:\Windows\System\MUNzkfn.exe
  C:\Windows\System\MUNzkfn.exe
  2⤵
  PID:6048
- C:\Windows\System\ZCgQJzZ.exe
  C:\Windows\System\ZCgQJzZ.exe
  2⤵
  PID:6064
- C:\Windows\System\DfdeFem.exe
  C:\Windows\System\DfdeFem.exe
  2⤵
  PID:6080
- C:\Windows\System\lVpvdlb.exe
  C:\Windows\System\lVpvdlb.exe
  2⤵
  PID:6096
- C:\Windows\System\FNvUuXB.exe
  C:\Windows\System\FNvUuXB.exe
  2⤵
  PID:6112
- C:\Windows\System\QWPNVMC.exe
  C:\Windows\System\QWPNVMC.exe
  2⤵
  PID:6128
- C:\Windows\System\SYDEFic.exe
  C:\Windows\System\SYDEFic.exe
  2⤵
  PID:5112
- C:\Windows\System\hpxKQRO.exe
  C:\Windows\System\hpxKQRO.exe
  2⤵
  PID:3772
- C:\Windows\System\DJqHkqn.exe
  C:\Windows\System\DJqHkqn.exe
  2⤵
  PID:4324
- C:\Windows\System\tPOVwDg.exe
  C:\Windows\System\tPOVwDg.exe
  2⤵
  PID:4032
- C:\Windows\System\iQqkZai.exe
  C:\Windows\System\iQqkZai.exe
  2⤵
  PID:4328
- C:\Windows\System\QNhtxRf.exe
  C:\Windows\System\QNhtxRf.exe
  2⤵
  PID:4504
- C:\Windows\System\vfkIZuY.exe
  C:\Windows\System\vfkIZuY.exe
  2⤵
  PID:4508
- C:\Windows\System\xBpmMYH.exe
  C:\Windows\System\xBpmMYH.exe
  2⤵
  PID:4604
- C:\Windows\System\LFVaOVs.exe
  C:\Windows\System\LFVaOVs.exe
  2⤵
  PID:4668
- C:\Windows\System\TQWZZyg.exe
  C:\Windows\System\TQWZZyg.exe
  2⤵
  PID:4876
- C:\Windows\System\kvPssaC.exe
  C:\Windows\System\kvPssaC.exe
  2⤵
  PID:5172
- C:\Windows\System\UWCLINT.exe
  C:\Windows\System\UWCLINT.exe
  2⤵
  PID:5176
- C:\Windows\System\itEIxpW.exe
  C:\Windows\System\itEIxpW.exe
  2⤵
  PID:5188
- C:\Windows\System\sBYCymU.exe
  C:\Windows\System\sBYCymU.exe
  2⤵
  PID:5192
- C:\Windows\System\lAbeVTo.exe
  C:\Windows\System\lAbeVTo.exe
  2⤵
  PID:5300
- C:\Windows\System\IcWifhu.exe
  C:\Windows\System\IcWifhu.exe
  2⤵
  PID:5256
- C:\Windows\System\wKfsTCO.exe
  C:\Windows\System\wKfsTCO.exe
  2⤵
  PID:5288
- C:\Windows\System\xEUtetY.exe
  C:\Windows\System\xEUtetY.exe
  2⤵
  PID:5320
- C:\Windows\System\aZZlGfZ.exe
  C:\Windows\System\aZZlGfZ.exe
  2⤵
  PID:5400
- C:\Windows\System\NYSbFCz.exe
  C:\Windows\System\NYSbFCz.exe
  2⤵
  PID:5432
- C:\Windows\System\vDWlqcX.exe
  C:\Windows\System\vDWlqcX.exe
  2⤵
  PID:5460
- C:\Windows\System\TtCMGdV.exe
  C:\Windows\System\TtCMGdV.exe
  2⤵
  PID:5476
- C:\Windows\System\UjxMsaW.exe
  C:\Windows\System\UjxMsaW.exe
  2⤵
  PID:5528
- C:\Windows\System\ZLjWDUx.exe
  C:\Windows\System\ZLjWDUx.exe
  2⤵
  PID:5588
- C:\Windows\System\xovHFRc.exe
  C:\Windows\System\xovHFRc.exe
  2⤵
  PID:5540
- C:\Windows\System\oeUOiIf.exe
  C:\Windows\System\oeUOiIf.exe
  2⤵
  PID:5628
- C:\Windows\System\RBKaYtj.exe
  C:\Windows\System\RBKaYtj.exe
  2⤵
  PID:2952
- C:\Windows\System\oTHIAJG.exe
  C:\Windows\System\oTHIAJG.exe
  2⤵
  PID:5640
- C:\Windows\System\eFrOKgS.exe
  C:\Windows\System\eFrOKgS.exe
  2⤵
  PID:5720
- C:\Windows\System\BhXrLjS.exe
  C:\Windows\System\BhXrLjS.exe
  2⤵
  PID:5756
- C:\Windows\System\KhmYBTE.exe
  C:\Windows\System\KhmYBTE.exe
  2⤵
  PID:5820
- C:\Windows\System\ErwsUji.exe
  C:\Windows\System\ErwsUji.exe
  2⤵
  PID:5768
- C:\Windows\System\VPMEhRc.exe
  C:\Windows\System\VPMEhRc.exe
  2⤵
  PID:5836
- C:\Windows\System\fECYjSl.exe
  C:\Windows\System\fECYjSl.exe
  2⤵
  PID:5884
- C:\Windows\System\EQvlewN.exe
  C:\Windows\System\EQvlewN.exe
  2⤵
  PID:5948
- C:\Windows\System\irOvACV.exe
  C:\Windows\System\irOvACV.exe
  2⤵
  PID:5992
- C:\Windows\System\FPwXPen.exe
  C:\Windows\System\FPwXPen.exe
  2⤵
  PID:5960
- C:\Windows\System\PIswiMw.exe
  C:\Windows\System\PIswiMw.exe
  2⤵
  PID:5896
- C:\Windows\System\BxtGfVN.exe
  C:\Windows\System\BxtGfVN.exe
  2⤵
  PID:6040
- C:\Windows\System\OxESFlG.exe
  C:\Windows\System\OxESFlG.exe
  2⤵
  PID:6024
- C:\Windows\System\bQhZhBS.exe
  C:\Windows\System\bQhZhBS.exe
  2⤵
  PID:6088
- C:\Windows\System\wiBxFuE.exe
  C:\Windows\System\wiBxFuE.exe
  2⤵
  PID:6136
- C:\Windows\System\wAtNOgT.exe
  C:\Windows\System\wAtNOgT.exe
  2⤵
  PID:6140
- C:\Windows\System\idxhLqO.exe
  C:\Windows\System\idxhLqO.exe
  2⤵
  PID:4360
- C:\Windows\System\tmcEDHD.exe
  C:\Windows\System\tmcEDHD.exe
  2⤵
  PID:4064
- C:\Windows\System\SPCwjuO.exe
  C:\Windows\System\SPCwjuO.exe
  2⤵
  PID:4812
- C:\Windows\System\LVYyvQk.exe
  C:\Windows\System\LVYyvQk.exe
  2⤵
  PID:4684
- C:\Windows\System\esfGOvY.exe
  C:\Windows\System\esfGOvY.exe
  2⤵
  PID:5144
- C:\Windows\System\YyNACWT.exe
  C:\Windows\System\YyNACWT.exe
  2⤵
  PID:5160
- C:\Windows\System\GwsiZak.exe
  C:\Windows\System\GwsiZak.exe
  2⤵
  PID:5240
- C:\Windows\System\GuAOAQU.exe
  C:\Windows\System\GuAOAQU.exe
  2⤵
  PID:5284
- C:\Windows\System\vjMAHdB.exe
  C:\Windows\System\vjMAHdB.exe
  2⤵
  PID:5352
- C:\Windows\System\tVJGXUk.exe
  C:\Windows\System\tVJGXUk.exe
  2⤵
  PID:5384
- C:\Windows\System\CEvupVf.exe
  C:\Windows\System\CEvupVf.exe
  2⤵
  PID:5496
- C:\Windows\System\cSMvHpE.exe
  C:\Windows\System\cSMvHpE.exe
  2⤵
  PID:5572
- C:\Windows\System\wMnqfWk.exe
  C:\Windows\System\wMnqfWk.exe
  2⤵
  PID:5660
- C:\Windows\System\GTZcTFA.exe
  C:\Windows\System\GTZcTFA.exe
  2⤵
  PID:4636
- C:\Windows\System\EXZPmjJ.exe
  C:\Windows\System\EXZPmjJ.exe
  2⤵
  PID:5676
- C:\Windows\System\MfhhCvA.exe
  C:\Windows\System\MfhhCvA.exe
  2⤵
  PID:5816
- C:\Windows\System\yWXiZzs.exe
  C:\Windows\System\yWXiZzs.exe
  2⤵
  PID:5852
- C:\Windows\System\XnnwTCt.exe
  C:\Windows\System\XnnwTCt.exe
  2⤵
  PID:5944
- C:\Windows\System\YLMHqIm.exe
  C:\Windows\System\YLMHqIm.exe
  2⤵
  PID:5964
- C:\Windows\System\LOrjgFE.exe
  C:\Windows\System\LOrjgFE.exe
  2⤵
  PID:6012
- C:\Windows\System\RXCaKlE.exe
  C:\Windows\System\RXCaKlE.exe
  2⤵
  PID:6060
- C:\Windows\System\rMcaLUW.exe
  C:\Windows\System\rMcaLUW.exe
  2⤵
  PID:5596
- C:\Windows\System\eTkkhEn.exe
  C:\Windows\System\eTkkhEn.exe
  2⤵
  PID:4228
- C:\Windows\System\nvmFruH.exe
  C:\Windows\System\nvmFruH.exe
  2⤵
  PID:5004
- C:\Windows\System\qvXdGxY.exe
  C:\Windows\System\qvXdGxY.exe
  2⤵
  PID:5208
- C:\Windows\System\PNtKFXF.exe
  C:\Windows\System\PNtKFXF.exe
  2⤵
  PID:5332
- C:\Windows\System\weiYlse.exe
  C:\Windows\System\weiYlse.exe
  2⤵
  PID:5428
- C:\Windows\System\yrGzZbA.exe
  C:\Windows\System\yrGzZbA.exe
  2⤵
  PID:6156
- C:\Windows\System\rJeltFi.exe
  C:\Windows\System\rJeltFi.exe
  2⤵
  PID:6172
- C:\Windows\System\qIJneVI.exe
  C:\Windows\System\qIJneVI.exe
  2⤵
  PID:6188
- C:\Windows\System\xjUzMKa.exe
  C:\Windows\System\xjUzMKa.exe
  2⤵
  PID:6204
- C:\Windows\System\pdEQmtf.exe
  C:\Windows\System\pdEQmtf.exe
  2⤵
  PID:6220
- C:\Windows\System\VNxsLlx.exe
  C:\Windows\System\VNxsLlx.exe
  2⤵
  PID:6236
- C:\Windows\System\dJFJkyO.exe
  C:\Windows\System\dJFJkyO.exe
  2⤵
  PID:6252
- C:\Windows\System\eXKFEyI.exe
  C:\Windows\System\eXKFEyI.exe
  2⤵
  PID:6268
- C:\Windows\System\QNLQqNO.exe
  C:\Windows\System\QNLQqNO.exe
  2⤵
  PID:6284
- C:\Windows\System\uIvltuY.exe
  C:\Windows\System\uIvltuY.exe
  2⤵
  PID:6300
- C:\Windows\System\FHIFsUj.exe
  C:\Windows\System\FHIFsUj.exe
  2⤵
  PID:6316
- C:\Windows\System\RhKRxze.exe
  C:\Windows\System\RhKRxze.exe
  2⤵
  PID:6332
- C:\Windows\System\uGyUsCx.exe
  C:\Windows\System\uGyUsCx.exe
  2⤵
  PID:6348
- C:\Windows\System\rMwTalj.exe
  C:\Windows\System\rMwTalj.exe
  2⤵
  PID:6364
- C:\Windows\System\AWVcMjR.exe
  C:\Windows\System\AWVcMjR.exe
  2⤵
  PID:6380
- C:\Windows\System\BxpiqYl.exe
  C:\Windows\System\BxpiqYl.exe
  2⤵
  PID:6396
- C:\Windows\System\CmWCyyU.exe
  C:\Windows\System\CmWCyyU.exe
  2⤵
  PID:6412
- C:\Windows\System\aLjSRKF.exe
  C:\Windows\System\aLjSRKF.exe
  2⤵
  PID:6428
- C:\Windows\System\RztsdmF.exe
  C:\Windows\System\RztsdmF.exe
  2⤵
  PID:6444
- C:\Windows\System\FUbYxHm.exe
  C:\Windows\System\FUbYxHm.exe
  2⤵
  PID:6460
- C:\Windows\System\WRrTFea.exe
  C:\Windows\System\WRrTFea.exe
  2⤵
  PID:6476
- C:\Windows\System\rfhWYYp.exe
  C:\Windows\System\rfhWYYp.exe
  2⤵
  PID:6492
- C:\Windows\System\qEldMoB.exe
  C:\Windows\System\qEldMoB.exe
  2⤵
  PID:6508
- C:\Windows\System\biaEMWZ.exe
  C:\Windows\System\biaEMWZ.exe
  2⤵
  PID:6524
- C:\Windows\System\iUIHvHr.exe
  C:\Windows\System\iUIHvHr.exe
  2⤵
  PID:6540
- C:\Windows\System\WchtAWu.exe
  C:\Windows\System\WchtAWu.exe
  2⤵
  PID:6556
- C:\Windows\System\EJgCnCW.exe
  C:\Windows\System\EJgCnCW.exe
  2⤵
  PID:6572
- C:\Windows\System\NutUaSv.exe
  C:\Windows\System\NutUaSv.exe
  2⤵
  PID:6588
- C:\Windows\System\jxCPtYi.exe
  C:\Windows\System\jxCPtYi.exe
  2⤵
  PID:6608
- C:\Windows\System\fLUVSka.exe
  C:\Windows\System\fLUVSka.exe
  2⤵
  PID:6624
- C:\Windows\System\IdpZJJA.exe
  C:\Windows\System\IdpZJJA.exe
  2⤵
  PID:6640
- C:\Windows\System\gKnvsBu.exe
  C:\Windows\System\gKnvsBu.exe
  2⤵
  PID:6656
- C:\Windows\System\YdPoJGb.exe
  C:\Windows\System\YdPoJGb.exe
  2⤵
  PID:6672
- C:\Windows\System\rAFPVZS.exe
  C:\Windows\System\rAFPVZS.exe
  2⤵
  PID:6688
- C:\Windows\System\NrOICJE.exe
  C:\Windows\System\NrOICJE.exe
  2⤵
  PID:6704
- C:\Windows\System\hneDkyy.exe
  C:\Windows\System\hneDkyy.exe
  2⤵
  PID:6720
- C:\Windows\System\DbABmZz.exe
  C:\Windows\System\DbABmZz.exe
  2⤵
  PID:6736
- C:\Windows\System\xqDaiqQ.exe
  C:\Windows\System\xqDaiqQ.exe
  2⤵
  PID:6752
- C:\Windows\System\jOxvusv.exe
  C:\Windows\System\jOxvusv.exe
  2⤵
  PID:6768
- C:\Windows\System\nosBdin.exe
  C:\Windows\System\nosBdin.exe
  2⤵
  PID:6784
- C:\Windows\System\DseQjRa.exe
  C:\Windows\System\DseQjRa.exe
  2⤵
  PID:6800
- C:\Windows\System\BsVAGxx.exe
  C:\Windows\System\BsVAGxx.exe
  2⤵
  PID:6816
- C:\Windows\System\EsNpWzT.exe
  C:\Windows\System\EsNpWzT.exe
  2⤵
  PID:6832
- C:\Windows\System\fsbVllE.exe
  C:\Windows\System\fsbVllE.exe
  2⤵
  PID:6848
- C:\Windows\System\KWQmqWk.exe
  C:\Windows\System\KWQmqWk.exe
  2⤵
  PID:6864
- C:\Windows\System\NwvSqwW.exe
  C:\Windows\System\NwvSqwW.exe
  2⤵
  PID:6880
- C:\Windows\System\TRyEktw.exe
  C:\Windows\System\TRyEktw.exe
  2⤵
  PID:6896
- C:\Windows\System\lVwDfuO.exe
  C:\Windows\System\lVwDfuO.exe
  2⤵
  PID:6912
- C:\Windows\System\GViTJuI.exe
  C:\Windows\System\GViTJuI.exe
  2⤵
  PID:6928
- C:\Windows\System\QXqzVjF.exe
  C:\Windows\System\QXqzVjF.exe
  2⤵
  PID:6948
- C:\Windows\System\ZSXMMfO.exe
  C:\Windows\System\ZSXMMfO.exe
  2⤵
  PID:6964
- C:\Windows\System\KKDmlVg.exe
  C:\Windows\System\KKDmlVg.exe
  2⤵
  PID:6980
- C:\Windows\System\OPgRAGW.exe
  C:\Windows\System\OPgRAGW.exe
  2⤵
  PID:6996
- C:\Windows\System\LgXcApb.exe
  C:\Windows\System\LgXcApb.exe
  2⤵
  PID:7012
- C:\Windows\System\uRNBRmV.exe
  C:\Windows\System\uRNBRmV.exe
  2⤵
  PID:7028
- C:\Windows\System\paXBjnK.exe
  C:\Windows\System\paXBjnK.exe
  2⤵
  PID:7044
- C:\Windows\System\azbvxgu.exe
  C:\Windows\System\azbvxgu.exe
  2⤵
  PID:7060
- C:\Windows\System\vZdVMtH.exe
  C:\Windows\System\vZdVMtH.exe
  2⤵
  PID:7076
- C:\Windows\System\lRzsAzT.exe
  C:\Windows\System\lRzsAzT.exe
  2⤵
  PID:7092
- C:\Windows\System\wkrzpAT.exe
  C:\Windows\System\wkrzpAT.exe
  2⤵
  PID:7108
- C:\Windows\System\gnhhzFI.exe
  C:\Windows\System\gnhhzFI.exe
  2⤵
  PID:7124
- C:\Windows\System\futRxEU.exe
  C:\Windows\System\futRxEU.exe
  2⤵
  PID:7140
- C:\Windows\System\nkgflUp.exe
  C:\Windows\System\nkgflUp.exe
  2⤵
  PID:7156
- C:\Windows\System\DFPJhPz.exe
  C:\Windows\System\DFPJhPz.exe
  2⤵
  PID:5524
- C:\Windows\System\BvpQTWU.exe
  C:\Windows\System\BvpQTWU.exe
  2⤵
  PID:2808
- C:\Windows\System\omZMOVu.exe
  C:\Windows\System\omZMOVu.exe
  2⤵
  PID:5608
- C:\Windows\System\gmbsZyk.exe
  C:\Windows\System\gmbsZyk.exe
  2⤵
  PID:5772
- C:\Windows\System\jTnpJVc.exe
  C:\Windows\System\jTnpJVc.exe
  2⤵
  PID:5800
- C:\Windows\System\xMpAcsN.exe
  C:\Windows\System\xMpAcsN.exe
  2⤵
  PID:6076
- C:\Windows\System\eYWtwsq.exe
  C:\Windows\System\eYWtwsq.exe
  2⤵
  PID:4196
- C:\Windows\System\GwVFnXr.exe
  C:\Windows\System\GwVFnXr.exe
  2⤵
  PID:4860
- C:\Windows\System\JXvXyiq.exe
  C:\Windows\System\JXvXyiq.exe
  2⤵
  PID:5348
- C:\Windows\System\mekbNFX.exe
  C:\Windows\System\mekbNFX.exe
  2⤵
  PID:6164
- C:\Windows\System\rJvDHCD.exe
  C:\Windows\System\rJvDHCD.exe
  2⤵
  PID:6196
- C:\Windows\System\nTrOvnn.exe
  C:\Windows\System\nTrOvnn.exe
  2⤵
  PID:6228
- C:\Windows\System\yZdOmeL.exe
  C:\Windows\System\yZdOmeL.exe
  2⤵
  PID:6260
- C:\Windows\System\YQSKfEV.exe
  C:\Windows\System\YQSKfEV.exe
  2⤵
  PID:6292
- C:\Windows\System\BVjHeSK.exe
  C:\Windows\System\BVjHeSK.exe
  2⤵
  PID:6324
- C:\Windows\System\fCQOmiL.exe
  C:\Windows\System\fCQOmiL.exe
  2⤵
  PID:6356
- C:\Windows\System\dffWqKq.exe
  C:\Windows\System\dffWqKq.exe
  2⤵
  PID:6392
- C:\Windows\System\USQZRYJ.exe
  C:\Windows\System\USQZRYJ.exe
  2⤵
  PID:5464
- C:\Windows\System\RFhgrPz.exe
  C:\Windows\System\RFhgrPz.exe
  2⤵
  PID:6452
- C:\Windows\System\EebhIRY.exe
  C:\Windows\System\EebhIRY.exe
  2⤵
  PID:6484
- C:\Windows\System\JpoEHQZ.exe
  C:\Windows\System\JpoEHQZ.exe
  2⤵
  PID:6516
- C:\Windows\System\YKojxDL.exe
  C:\Windows\System\YKojxDL.exe
  2⤵
  PID:6548
- C:\Windows\System\bEUwuhX.exe
  C:\Windows\System\bEUwuhX.exe
  2⤵
  PID:6568
- C:\Windows\System\rZbjZvC.exe
  C:\Windows\System\rZbjZvC.exe
  2⤵
  PID:6600
- C:\Windows\System\HYgAhpt.exe
  C:\Windows\System\HYgAhpt.exe
  2⤵
  PID:6636
- C:\Windows\System\zjozTpd.exe
  C:\Windows\System\zjozTpd.exe
  2⤵
  PID:6668
- C:\Windows\System\qLFHQsw.exe
  C:\Windows\System\qLFHQsw.exe
  2⤵
  PID:2656
- C:\Windows\System\ofpcnsv.exe
  C:\Windows\System\ofpcnsv.exe
  2⤵
  PID:6728
- C:\Windows\System\DLmqqbJ.exe
  C:\Windows\System\DLmqqbJ.exe
  2⤵
  PID:6748
- C:\Windows\System\soVtoDr.exe
  C:\Windows\System\soVtoDr.exe
  2⤵
  PID:2592
- C:\Windows\System\AebUHwj.exe
  C:\Windows\System\AebUHwj.exe
  2⤵
  PID:6812
- C:\Windows\System\oMSavkz.exe
  C:\Windows\System\oMSavkz.exe
  2⤵
  PID:6844
- C:\Windows\System\gNFMyxR.exe
  C:\Windows\System\gNFMyxR.exe
  2⤵
  PID:6876
- C:\Windows\System\bljHoaU.exe
  C:\Windows\System\bljHoaU.exe
  2⤵
  PID:6920
- C:\Windows\System\CMsHedS.exe
  C:\Windows\System\CMsHedS.exe
  2⤵
  PID:6956
- C:\Windows\System\wtMgKUt.exe
  C:\Windows\System\wtMgKUt.exe
  2⤵
  PID:6988
- C:\Windows\System\ddfSgng.exe
  C:\Windows\System\ddfSgng.exe
  2⤵
  PID:7008
- C:\Windows\System\DgDIyGH.exe
  C:\Windows\System\DgDIyGH.exe
  2⤵
  PID:7040
- C:\Windows\System\ZPqHSzw.exe
  C:\Windows\System\ZPqHSzw.exe
  2⤵
  PID:2764
- C:\Windows\System\AHZUZAh.exe
  C:\Windows\System\AHZUZAh.exe
  2⤵
  PID:7100
- C:\Windows\System\uyVIrqx.exe
  C:\Windows\System\uyVIrqx.exe
  2⤵
  PID:7132
- C:\Windows\System\gvhANcK.exe
  C:\Windows\System\gvhANcK.exe
  2⤵
  PID:7152
- C:\Windows\System\jvPOePr.exe
  C:\Windows\System\jvPOePr.exe
  2⤵
  PID:2128
- C:\Windows\System\XDinAhj.exe
  C:\Windows\System\XDinAhj.exe
  2⤵
  PID:5752
- C:\Windows\System\XlyJXCb.exe
  C:\Windows\System\XlyJXCb.exe
  2⤵
  PID:5996
- C:\Windows\System\LbYhBcR.exe
  C:\Windows\System\LbYhBcR.exe
  2⤵
  PID:3136
- C:\Windows\System\HoPRatD.exe
  C:\Windows\System\HoPRatD.exe
  2⤵
  PID:6152
- C:\Windows\System\PaOBQiy.exe
  C:\Windows\System\PaOBQiy.exe
  2⤵
  PID:6216
- C:\Windows\System\ikvnxml.exe
  C:\Windows\System\ikvnxml.exe
  2⤵
  PID:6280
- C:\Windows\System\UUhYaNX.exe
  C:\Windows\System\UUhYaNX.exe
  2⤵
  PID:6372
- C:\Windows\System\msgePoL.exe
  C:\Windows\System\msgePoL.exe
  2⤵
  PID:6436
- C:\Windows\System\lpSsIWL.exe
  C:\Windows\System\lpSsIWL.exe
  2⤵
  PID:6472
- C:\Windows\System\ZJbSedi.exe
  C:\Windows\System\ZJbSedi.exe
  2⤵
  PID:6536
- C:\Windows\System\KROJetB.exe
  C:\Windows\System\KROJetB.exe
  2⤵
  PID:6596
- C:\Windows\System\xTgmJtw.exe
  C:\Windows\System\xTgmJtw.exe
  2⤵
  PID:6664
- C:\Windows\System\rgyAvlG.exe
  C:\Windows\System\rgyAvlG.exe
  2⤵
  PID:6716
- C:\Windows\System\QzJapZX.exe
  C:\Windows\System\QzJapZX.exe
  2⤵
  PID:6780
- C:\Windows\System\FwVzkwv.exe
  C:\Windows\System\FwVzkwv.exe
  2⤵
  PID:6840
- C:\Windows\System\oAqvHBw.exe
  C:\Windows\System\oAqvHBw.exe
  2⤵
  PID:6904
- C:\Windows\System\LpCbHgQ.exe
  C:\Windows\System\LpCbHgQ.exe
  2⤵
  PID:6972
- C:\Windows\System\hmUTiWd.exe
  C:\Windows\System\hmUTiWd.exe
  2⤵
  PID:7036
- C:\Windows\System\IBbPCAT.exe
  C:\Windows\System\IBbPCAT.exe
  2⤵
  PID:7088
- C:\Windows\System\kxQivUq.exe
  C:\Windows\System\kxQivUq.exe
  2⤵
  PID:7136
- C:\Windows\System\YVCDyZn.exe
  C:\Windows\System\YVCDyZn.exe
  2⤵
  PID:5624
- C:\Windows\System\MGCFtFJ.exe
  C:\Windows\System\MGCFtFJ.exe
  2⤵
  PID:6120
- C:\Windows\System\UbhhnKX.exe
  C:\Windows\System\UbhhnKX.exe
  2⤵
  PID:6184
- C:\Windows\System\ydRFjZL.exe
  C:\Windows\System\ydRFjZL.exe
  2⤵
  PID:6328
- C:\Windows\System\TnJWGhe.exe
  C:\Windows\System\TnJWGhe.exe
  2⤵
  PID:6532
- C:\Windows\System\mVGgtpx.exe
  C:\Windows\System\mVGgtpx.exe
  2⤵
  PID:7180
- C:\Windows\System\WhtlbDw.exe
  C:\Windows\System\WhtlbDw.exe
  2⤵
  PID:7196
- C:\Windows\System\kuLisEu.exe
  C:\Windows\System\kuLisEu.exe
  2⤵
  PID:7212
- C:\Windows\System\lARcGYe.exe
  C:\Windows\System\lARcGYe.exe
  2⤵
  PID:7228
- C:\Windows\System\jQUgsZo.exe
  C:\Windows\System\jQUgsZo.exe
  2⤵
  PID:7244
- C:\Windows\System\NHquTqj.exe
  C:\Windows\System\NHquTqj.exe
  2⤵
  PID:7260
- C:\Windows\System\pcWAdiw.exe
  C:\Windows\System\pcWAdiw.exe
  2⤵
  PID:7276
- C:\Windows\System\dfvkVFT.exe
  C:\Windows\System\dfvkVFT.exe
  2⤵
  PID:7292
- C:\Windows\System\TuFYdAI.exe
  C:\Windows\System\TuFYdAI.exe
  2⤵
  PID:7308
- C:\Windows\System\JApuFOH.exe
  C:\Windows\System\JApuFOH.exe
  2⤵
  PID:7324
- C:\Windows\System\jZAcnwJ.exe
  C:\Windows\System\jZAcnwJ.exe
  2⤵
  PID:7340
- C:\Windows\System\kEOOZFH.exe
  C:\Windows\System\kEOOZFH.exe
  2⤵
  PID:7356
- C:\Windows\System\oPMNyEI.exe
  C:\Windows\System\oPMNyEI.exe
  2⤵
  PID:7372
- C:\Windows\System\PooAbMO.exe
  C:\Windows\System\PooAbMO.exe
  2⤵
  PID:7388
- C:\Windows\System\KcnFdkd.exe
  C:\Windows\System\KcnFdkd.exe
  2⤵
  PID:7404
- C:\Windows\System\UtLUoGm.exe
  C:\Windows\System\UtLUoGm.exe
  2⤵
  PID:7420
- C:\Windows\System\uuLAbmu.exe
  C:\Windows\System\uuLAbmu.exe
  2⤵
  PID:7436
- C:\Windows\System\tckedEA.exe
  C:\Windows\System\tckedEA.exe
  2⤵
  PID:7452
- C:\Windows\System\CsYLCwc.exe
  C:\Windows\System\CsYLCwc.exe
  2⤵
  PID:7468
- C:\Windows\System\jTnnEbr.exe
  C:\Windows\System\jTnnEbr.exe
  2⤵
  PID:7484
- C:\Windows\System\lwZaaHP.exe
  C:\Windows\System\lwZaaHP.exe
  2⤵
  PID:7500
- C:\Windows\System\slkrNlB.exe
  C:\Windows\System\slkrNlB.exe
  2⤵
  PID:7516
- C:\Windows\System\QkwloWP.exe
  C:\Windows\System\QkwloWP.exe
  2⤵
  PID:7532
- C:\Windows\System\MVLIFoD.exe
  C:\Windows\System\MVLIFoD.exe
  2⤵
  PID:7548
- C:\Windows\System\gAPcVGJ.exe
  C:\Windows\System\gAPcVGJ.exe
  2⤵
  PID:7564
- C:\Windows\System\flLpYSy.exe
  C:\Windows\System\flLpYSy.exe
  2⤵
  PID:7580
- C:\Windows\System\FFuDSRQ.exe
  C:\Windows\System\FFuDSRQ.exe
  2⤵
  PID:7596
- C:\Windows\System\fiFdhvz.exe
  C:\Windows\System\fiFdhvz.exe
  2⤵
  PID:7612
- C:\Windows\System\emObFFW.exe
  C:\Windows\System\emObFFW.exe
  2⤵
  PID:7628
- C:\Windows\System\iBEWxzI.exe
  C:\Windows\System\iBEWxzI.exe
  2⤵
  PID:7644
- C:\Windows\System\YqbOHFk.exe
  C:\Windows\System\YqbOHFk.exe
  2⤵
  PID:7660
- C:\Windows\System\qaXswDi.exe
  C:\Windows\System\qaXswDi.exe
  2⤵
  PID:7676
- C:\Windows\System\CtxRDiU.exe
  C:\Windows\System\CtxRDiU.exe
  2⤵
  PID:7692
- C:\Windows\System\SSMdmHZ.exe
  C:\Windows\System\SSMdmHZ.exe
  2⤵
  PID:7708
- C:\Windows\System\cjuRJOM.exe
  C:\Windows\System\cjuRJOM.exe
  2⤵
  PID:7724
- C:\Windows\System\muUZkdU.exe
  C:\Windows\System\muUZkdU.exe
  2⤵
  PID:7740
- C:\Windows\System\iqFuClH.exe
  C:\Windows\System\iqFuClH.exe
  2⤵
  PID:7756
- C:\Windows\System\ZdeTWgt.exe
  C:\Windows\System\ZdeTWgt.exe
  2⤵
  PID:7772
- C:\Windows\System\WHUSiZW.exe
  C:\Windows\System\WHUSiZW.exe
  2⤵
  PID:7788
- C:\Windows\System\zYZxVuG.exe
  C:\Windows\System\zYZxVuG.exe
  2⤵
  PID:7804
- C:\Windows\System\sczpbcB.exe
  C:\Windows\System\sczpbcB.exe
  2⤵
  PID:7820
- C:\Windows\System\WeyDIOX.exe
  C:\Windows\System\WeyDIOX.exe
  2⤵
  PID:7836
- C:\Windows\System\WMEEdwf.exe
  C:\Windows\System\WMEEdwf.exe
  2⤵
  PID:7852
- C:\Windows\System\qhyFMOE.exe
  C:\Windows\System\qhyFMOE.exe
  2⤵
  PID:7872
- C:\Windows\System\hpaNfuK.exe
  C:\Windows\System\hpaNfuK.exe
  2⤵
  PID:7888
- C:\Windows\System\bahVthh.exe
  C:\Windows\System\bahVthh.exe
  2⤵
  PID:7904
- C:\Windows\System\qqeIBNK.exe
  C:\Windows\System\qqeIBNK.exe
  2⤵
  PID:7920
- C:\Windows\System\tXCxVzz.exe
  C:\Windows\System\tXCxVzz.exe
  2⤵
  PID:7936
- C:\Windows\System\XbAyNeb.exe
  C:\Windows\System\XbAyNeb.exe
  2⤵
  PID:7952
- C:\Windows\System\AkICRUF.exe
  C:\Windows\System\AkICRUF.exe
  2⤵
  PID:7972
- C:\Windows\System\WNTtcKl.exe
  C:\Windows\System\WNTtcKl.exe
  2⤵
  PID:7988
- C:\Windows\System\JKmKZsR.exe
  C:\Windows\System\JKmKZsR.exe
  2⤵
  PID:8004
- C:\Windows\System\OGCaSbp.exe
  C:\Windows\System\OGCaSbp.exe
  2⤵
  PID:8020
- C:\Windows\System\wAEARbT.exe
  C:\Windows\System\wAEARbT.exe
  2⤵
  PID:8036
- C:\Windows\System\nOLYZRJ.exe
  C:\Windows\System\nOLYZRJ.exe
  2⤵
  PID:8052
- C:\Windows\System\ZEvisnn.exe
  C:\Windows\System\ZEvisnn.exe
  2⤵
  PID:8068
- C:\Windows\System\jminKqP.exe
  C:\Windows\System\jminKqP.exe
  2⤵
  PID:8084
- C:\Windows\System\qwRRqPa.exe
  C:\Windows\System\qwRRqPa.exe
  2⤵
  PID:8100
- C:\Windows\System\ystDTXM.exe
  C:\Windows\System\ystDTXM.exe
  2⤵
  PID:8116
- C:\Windows\System\MDLKupJ.exe
  C:\Windows\System\MDLKupJ.exe
  2⤵
  PID:8132
- C:\Windows\System\KctoVXM.exe
  C:\Windows\System\KctoVXM.exe
  2⤵
  PID:8148
- C:\Windows\System\ACGTmAV.exe
  C:\Windows\System\ACGTmAV.exe
  2⤵
  PID:8164
- C:\Windows\System\zivFkkR.exe
  C:\Windows\System\zivFkkR.exe
  2⤵
  PID:8180
- C:\Windows\System\GZptBik.exe
  C:\Windows\System\GZptBik.exe
  2⤵
  PID:2700
- C:\Windows\System\wwvYCKV.exe
  C:\Windows\System\wwvYCKV.exe
  2⤵
  PID:6712
- C:\Windows\System\OMkStpZ.exe
  C:\Windows\System\OMkStpZ.exe
  2⤵
  PID:6808
- C:\Windows\System\dYqVpqy.exe
  C:\Windows\System\dYqVpqy.exe
  2⤵
  PID:6960
- C:\Windows\System\alcWZAt.exe
  C:\Windows\System\alcWZAt.exe
  2⤵
  PID:7068
- C:\Windows\System\LXwzfMT.exe
  C:\Windows\System\LXwzfMT.exe
  2⤵
  PID:5788
- C:\Windows\System\JPdmKlC.exe
  C:\Windows\System\JPdmKlC.exe
  2⤵
  PID:5220
- C:\Windows\System\SRMgIuu.exe
  C:\Windows\System\SRMgIuu.exe
  2⤵
  PID:6940
- C:\Windows\System\zaYzUsp.exe
  C:\Windows\System\zaYzUsp.exe
  2⤵
  PID:7192
- C:\Windows\System\gdfPGjY.exe
  C:\Windows\System\gdfPGjY.exe
  2⤵
  PID:7224
- C:\Windows\System\gCjFYQd.exe
  C:\Windows\System\gCjFYQd.exe
  2⤵
  PID:2524
- C:\Windows\System\ycOuvTm.exe
  C:\Windows\System\ycOuvTm.exe
  2⤵
  PID:7272
- C:\Windows\System\gIyhPbs.exe
  C:\Windows\System\gIyhPbs.exe
  2⤵
  PID:7304
- C:\Windows\System\cNtKPqf.exe
  C:\Windows\System\cNtKPqf.exe
  2⤵
  PID:7348
- C:\Windows\System\hDUszly.exe
  C:\Windows\System\hDUszly.exe
  2⤵
  PID:7380
- C:\Windows\System\dxwQLkZ.exe
  C:\Windows\System\dxwQLkZ.exe
  2⤵
  PID:7396
- C:\Windows\System\MnEjyUI.exe
  C:\Windows\System\MnEjyUI.exe
  2⤵
  PID:6344
- C:\Windows\System\yOudyKD.exe
  C:\Windows\System\yOudyKD.exe
  2⤵
  PID:7444
- C:\Windows\System\VpWPZAn.exe
  C:\Windows\System\VpWPZAn.exe
  2⤵
  PID:7476
- C:\Windows\System\OcJOwgk.exe
  C:\Windows\System\OcJOwgk.exe
  2⤵
  PID:7508
- C:\Windows\System\JXuPaiW.exe
  C:\Windows\System\JXuPaiW.exe
  2⤵
  PID:2704
- C:\Windows\System\eNCTwBC.exe
  C:\Windows\System\eNCTwBC.exe
  2⤵
  PID:7560
- C:\Windows\System\VPpIhOJ.exe
  C:\Windows\System\VPpIhOJ.exe
  2⤵
  PID:2800
- C:\Windows\System\UOqZtXH.exe
  C:\Windows\System\UOqZtXH.exe
  2⤵
  PID:7620
- C:\Windows\System\gzGnpFe.exe
  C:\Windows\System\gzGnpFe.exe
  2⤵
  PID:7652
- C:\Windows\System\alaCWaM.exe
  C:\Windows\System\alaCWaM.exe
  2⤵
  PID:7684
- C:\Windows\System\kjMrQMO.exe
  C:\Windows\System\kjMrQMO.exe
  2⤵
  PID:7704
- C:\Windows\System\unzXnIn.exe
  C:\Windows\System\unzXnIn.exe
  2⤵
  PID:7736
- C:\Windows\System\ctAuUBI.exe
  C:\Windows\System\ctAuUBI.exe
  2⤵
  PID:7752
- C:\Windows\System\qNmhPps.exe
  C:\Windows\System\qNmhPps.exe
  2⤵
  PID:7780
- C:\Windows\System\OANihWQ.exe
  C:\Windows\System\OANihWQ.exe
  2⤵
  PID:7812
- C:\Windows\System\HtJfMsj.exe
  C:\Windows\System\HtJfMsj.exe
  2⤵
  PID:7844
- C:\Windows\System\ZrjpYdh.exe
  C:\Windows\System\ZrjpYdh.exe
  2⤵
  PID:7880
- C:\Windows\System\ymNNUCI.exe
  C:\Windows\System\ymNNUCI.exe
  2⤵
  PID:7912
- C:\Windows\System\SxNsXPM.exe
  C:\Windows\System\SxNsXPM.exe
  2⤵
  PID:7944
- C:\Windows\System\wXHQNzz.exe
  C:\Windows\System\wXHQNzz.exe
  2⤵
  PID:7980
- C:\Windows\System\yyHfcsM.exe
  C:\Windows\System\yyHfcsM.exe
  2⤵
  PID:8012
- C:\Windows\System\RkAXIUD.exe
  C:\Windows\System\RkAXIUD.exe
  2⤵
  PID:8044
- C:\Windows\System\TfQjkRE.exe
  C:\Windows\System\TfQjkRE.exe
  2⤵
  PID:8076
- C:\Windows\System\wcMVazO.exe
  C:\Windows\System\wcMVazO.exe
  2⤵
  PID:8096
- C:\Windows\System\recQPYs.exe
  C:\Windows\System\recQPYs.exe
  2⤵
  PID:8128
- C:\Windows\System\hQhSigf.exe
  C:\Windows\System\hQhSigf.exe
  2⤵
  PID:8160
- C:\Windows\System\QPgruAq.exe
  C:\Windows\System\QPgruAq.exe
  2⤵
  PID:6312
- C:\Windows\System\kzSwlBy.exe
  C:\Windows\System\kzSwlBy.exe
  2⤵
  PID:7240
- C:\Windows\System\itUXteP.exe
  C:\Windows\System\itUXteP.exe
  2⤵
  PID:7300
- C:\Windows\System\fXUmxZA.exe
  C:\Windows\System\fXUmxZA.exe
  2⤵
  PID:7364
- C:\Windows\System\ldiXeTr.exe
  C:\Windows\System\ldiXeTr.exe
  2⤵
  PID:7412
- C:\Windows\System\YSyxTZG.exe
  C:\Windows\System\YSyxTZG.exe
  2⤵
  PID:7460
- C:\Windows\System\dpgilSm.exe
  C:\Windows\System\dpgilSm.exe
  2⤵
  PID:7496
- C:\Windows\System\mGpvSsP.exe
  C:\Windows\System\mGpvSsP.exe
  2⤵
  PID:7528
- C:\Windows\System\ctsHnua.exe
  C:\Windows\System\ctsHnua.exe
  2⤵
  PID:7556
- C:\Windows\System\EWaJNlA.exe
  C:\Windows\System\EWaJNlA.exe
  2⤵
  PID:1020
- C:\Windows\System\KQhevDU.exe
  C:\Windows\System\KQhevDU.exe
  2⤵
  PID:7624
- C:\Windows\System\JWmowVc.exe
  C:\Windows\System\JWmowVc.exe
  2⤵
  PID:7656
- C:\Windows\System\ssgZETX.exe
  C:\Windows\System\ssgZETX.exe
  2⤵
  PID:7672
- C:\Windows\System\NYvDnkf.exe
  C:\Windows\System\NYvDnkf.exe
  2⤵
  PID:2276
- C:\Windows\System\bkdTDLu.exe
  C:\Windows\System\bkdTDLu.exe
  2⤵
  PID:7748
- C:\Windows\System\hTGYwPo.exe
  C:\Windows\System\hTGYwPo.exe
  2⤵
  PID:1704
- C:\Windows\System\WltJtxz.exe
  C:\Windows\System\WltJtxz.exe
  2⤵
  PID:7832
- C:\Windows\System\zKydafh.exe
  C:\Windows\System\zKydafh.exe
  2⤵
  PID:7928
- C:\Windows\System\WzfHutd.exe
  C:\Windows\System\WzfHutd.exe
  2⤵
  PID:572
- C:\Windows\System\XTCWegY.exe
  C:\Windows\System\XTCWegY.exe
  2⤵
  PID:7984
- C:\Windows\System\bhRRfka.exe
  C:\Windows\System\bhRRfka.exe
  2⤵
  PID:2528
- C:\Windows\System\tgcsVXQ.exe
  C:\Windows\System\tgcsVXQ.exe
  2⤵
  PID:8048
- C:\Windows\System\AqlZGMp.exe
  C:\Windows\System\AqlZGMp.exe
  2⤵
  PID:8092
- C:\Windows\System\TShsCtg.exe
  C:\Windows\System\TShsCtg.exe
  2⤵
  PID:2660
- C:\Windows\System\zRupUfq.exe
  C:\Windows\System\zRupUfq.exe
  2⤵
  PID:2512
- C:\Windows\System\TyGMlVw.exe
  C:\Windows\System\TyGMlVw.exe
  2⤵
  PID:1008
- C:\Windows\System\qBdKIPi.exe
  C:\Windows\System\qBdKIPi.exe
  2⤵
  PID:880
- C:\Windows\System\dAupKPk.exe
  C:\Windows\System\dAupKPk.exe
  2⤵
  PID:2400
- C:\Windows\System\cjijoRo.exe
  C:\Windows\System\cjijoRo.exe
  2⤵
  PID:7208
- C:\Windows\System\BnSautA.exe
  C:\Windows\System\BnSautA.exe
  2⤵
  PID:7464
- C:\Windows\System\ZiCOShL.exe
  C:\Windows\System\ZiCOShL.exe
  2⤵
  PID:7576
- C:\Windows\System\tpVmqnS.exe
  C:\Windows\System\tpVmqnS.exe
  2⤵
  PID:7868
- C:\Windows\System\sFJjzZx.exe
  C:\Windows\System\sFJjzZx.exe
  2⤵
  PID:7592
- C:\Windows\System\MgcgRpv.exe
  C:\Windows\System\MgcgRpv.exe
  2⤵
  PID:2572
- C:\Windows\System\NxCvidy.exe
  C:\Windows\System\NxCvidy.exe
  2⤵
  PID:7768
- C:\Windows\System\ygQabjE.exe
  C:\Windows\System\ygQabjE.exe
  2⤵
  PID:7720
- C:\Windows\System\rUSkGoc.exe
  C:\Windows\System\rUSkGoc.exe
  2⤵
  PID:7828
- C:\Windows\System\SQkvpUN.exe
  C:\Windows\System\SQkvpUN.exe
  2⤵
  PID:7960
- C:\Windows\System\jNKKHXU.exe
  C:\Windows\System\jNKKHXU.exe
  2⤵
  PID:8144
- C:\Windows\System\LuqiSYr.exe
  C:\Windows\System\LuqiSYr.exe
  2⤵
  PID:7288
- C:\Windows\System\qWUuOca.exe
  C:\Windows\System\qWUuOca.exe
  2⤵
  PID:7176
- C:\Windows\System\hsPeAuv.exe
  C:\Windows\System\hsPeAuv.exe
  2⤵
  PID:2444
- C:\Windows\System\xZFwoEu.exe
  C:\Windows\System\xZFwoEu.exe
  2⤵
  PID:2184
- C:\Windows\System\gQmbtbp.exe
  C:\Windows\System\gQmbtbp.exe
  2⤵
  PID:524
- C:\Windows\System\LdoeTpI.exe
  C:\Windows\System\LdoeTpI.exe
  2⤵
  PID:7900
- C:\Windows\System\aOEUBIU.exe
  C:\Windows\System\aOEUBIU.exe
  2⤵
  PID:2124
- C:\Windows\System\QIuwLsw.exe
  C:\Windows\System\QIuwLsw.exe
  2⤵
  PID:7964
- C:\Windows\System\MhqlUwb.exe
  C:\Windows\System\MhqlUwb.exe
  2⤵
  PID:7384
- C:\Windows\System\rbUBrOP.exe
  C:\Windows\System\rbUBrOP.exe
  2⤵
  PID:7896
- C:\Windows\System\YhVbDZp.exe
  C:\Windows\System\YhVbDZp.exe
  2⤵
  PID:8208
- C:\Windows\System\zdSDmLX.exe
  C:\Windows\System\zdSDmLX.exe
  2⤵
  PID:8224
- C:\Windows\System\UKRCdwa.exe
  C:\Windows\System\UKRCdwa.exe
  2⤵
  PID:8240
- C:\Windows\System\pnszLSi.exe
  C:\Windows\System\pnszLSi.exe
  2⤵
  PID:8256
- C:\Windows\System\JLyzNfq.exe
  C:\Windows\System\JLyzNfq.exe
  2⤵
  PID:8272
- C:\Windows\System\QgYHekj.exe
  C:\Windows\System\QgYHekj.exe
  2⤵
  PID:8288
- C:\Windows\System\fqFZaYu.exe
  C:\Windows\System\fqFZaYu.exe
  2⤵
  PID:8304
- C:\Windows\System\BWsXrHc.exe
  C:\Windows\System\BWsXrHc.exe
  2⤵
  PID:8320
- C:\Windows\System\vCqfQNF.exe
  C:\Windows\System\vCqfQNF.exe
  2⤵
  PID:8336
- C:\Windows\System\FwkVfUh.exe
  C:\Windows\System\FwkVfUh.exe
  2⤵
  PID:8352
- C:\Windows\System\CLHKTmp.exe
  C:\Windows\System\CLHKTmp.exe
  2⤵
  PID:8368
- C:\Windows\System\shXolQW.exe
  C:\Windows\System\shXolQW.exe
  2⤵
  PID:8384
- C:\Windows\System\YnrirEk.exe
  C:\Windows\System\YnrirEk.exe
  2⤵
  PID:8404
- C:\Windows\System\zypYwrZ.exe
  C:\Windows\System\zypYwrZ.exe
  2⤵
  PID:8420
- C:\Windows\System\mvITmZz.exe
  C:\Windows\System\mvITmZz.exe
  2⤵
  PID:8436
- C:\Windows\System\Yppixpy.exe
  C:\Windows\System\Yppixpy.exe
  2⤵
  PID:8452
- C:\Windows\System\yGJZAPM.exe
  C:\Windows\System\yGJZAPM.exe
  2⤵
  PID:8472
- C:\Windows\System\gPBclac.exe
  C:\Windows\System\gPBclac.exe
  2⤵
  PID:8488
- C:\Windows\System\KDNJAAH.exe
  C:\Windows\System\KDNJAAH.exe
  2⤵
  PID:8504
- C:\Windows\System\AKAOGzD.exe
  C:\Windows\System\AKAOGzD.exe
  2⤵
  PID:8520
- C:\Windows\System\IgKNFZH.exe
  C:\Windows\System\IgKNFZH.exe
  2⤵
  PID:8536
- C:\Windows\System\Qzqoqnk.exe
  C:\Windows\System\Qzqoqnk.exe
  2⤵
  PID:8552
- C:\Windows\System\RQstVlz.exe
  C:\Windows\System\RQstVlz.exe
  2⤵
  PID:8568
- C:\Windows\System\qoEyGbU.exe
  C:\Windows\System\qoEyGbU.exe
  2⤵
  PID:8584
- C:\Windows\System\uYXZdKz.exe
  C:\Windows\System\uYXZdKz.exe
  2⤵
  PID:8600
- C:\Windows\System\dpfRJBM.exe
  C:\Windows\System\dpfRJBM.exe
  2⤵
  PID:8616
- C:\Windows\System\vEJNZGx.exe
  C:\Windows\System\vEJNZGx.exe
  2⤵
  PID:8632
- C:\Windows\System\nHhXeVt.exe
  C:\Windows\System\nHhXeVt.exe
  2⤵
  PID:8648
- C:\Windows\System\oJZxGLj.exe
  C:\Windows\System\oJZxGLj.exe
  2⤵
  PID:8664
- C:\Windows\System\VTofotk.exe
  C:\Windows\System\VTofotk.exe
  2⤵
  PID:8680
- C:\Windows\System\UvqGMCA.exe
  C:\Windows\System\UvqGMCA.exe
  2⤵
  PID:8696
- C:\Windows\System\ZMxblnM.exe
  C:\Windows\System\ZMxblnM.exe
  2⤵
  PID:8712
- C:\Windows\System\ssNYSYB.exe
  C:\Windows\System\ssNYSYB.exe
  2⤵
  PID:8728
- C:\Windows\System\Wcbmjhm.exe
  C:\Windows\System\Wcbmjhm.exe
  2⤵
  PID:8744
- C:\Windows\System\uMPqWBW.exe
  C:\Windows\System\uMPqWBW.exe
  2⤵
  PID:8760
- C:\Windows\System\DIcINJi.exe
  C:\Windows\System\DIcINJi.exe
  2⤵
  PID:8776
- C:\Windows\System\mMpBOCt.exe
  C:\Windows\System\mMpBOCt.exe
  2⤵
  PID:8796
- C:\Windows\System\vabZtIp.exe
  C:\Windows\System\vabZtIp.exe
  2⤵
  PID:8812
- C:\Windows\System\SgJxMuS.exe
  C:\Windows\System\SgJxMuS.exe
  2⤵
  PID:8828
- C:\Windows\System\frTSylJ.exe
  C:\Windows\System\frTSylJ.exe
  2⤵
  PID:8844
- C:\Windows\System\pvPDfKO.exe
  C:\Windows\System\pvPDfKO.exe
  2⤵
  PID:8860
- C:\Windows\System\LdeQEKv.exe
  C:\Windows\System\LdeQEKv.exe
  2⤵
  PID:8876
- C:\Windows\System\ZuUWUFa.exe
  C:\Windows\System\ZuUWUFa.exe
  2⤵
  PID:8892
- C:\Windows\System\LWvoYnp.exe
  C:\Windows\System\LWvoYnp.exe
  2⤵
  PID:8908
- C:\Windows\System\RrKyZkk.exe
  C:\Windows\System\RrKyZkk.exe
  2⤵
  PID:8928
- C:\Windows\System\XcZKGnj.exe
  C:\Windows\System\XcZKGnj.exe
  2⤵
  PID:8944
- C:\Windows\System\GQFJLNk.exe
  C:\Windows\System\GQFJLNk.exe
  2⤵
  PID:8960
- C:\Windows\System\DytjFeO.exe
  C:\Windows\System\DytjFeO.exe
  2⤵
  PID:8976
- C:\Windows\System\Tjwjcjr.exe
  C:\Windows\System\Tjwjcjr.exe
  2⤵
  PID:8992
- C:\Windows\System\lEFrgmR.exe
  C:\Windows\System\lEFrgmR.exe
  2⤵
  PID:9008
- C:\Windows\System\vQTFYgR.exe
  C:\Windows\System\vQTFYgR.exe
  2⤵
  PID:9028
- C:\Windows\System\aeRNKwC.exe
  C:\Windows\System\aeRNKwC.exe
  2⤵
  PID:9044
- C:\Windows\System\mdAHbjT.exe
  C:\Windows\System\mdAHbjT.exe
  2⤵
  PID:9060
- C:\Windows\System\byhHCIY.exe
  C:\Windows\System\byhHCIY.exe
  2⤵
  PID:9076
- C:\Windows\System\AakIQXm.exe
  C:\Windows\System\AakIQXm.exe
  2⤵
  PID:9092
- C:\Windows\System\tiGdOkH.exe
  C:\Windows\System\tiGdOkH.exe
  2⤵
  PID:9108
- C:\Windows\System\BzGDHxZ.exe
  C:\Windows\System\BzGDHxZ.exe
  2⤵
  PID:9124
- C:\Windows\System\fsflDWr.exe
  C:\Windows\System\fsflDWr.exe
  2⤵
  PID:9140
- C:\Windows\System\xlUdTAi.exe
  C:\Windows\System\xlUdTAi.exe
  2⤵
  PID:9156
- C:\Windows\System\MuIIEOm.exe
  C:\Windows\System\MuIIEOm.exe
  2⤵
  PID:9172
- C:\Windows\System\GXMFWpS.exe
  C:\Windows\System\GXMFWpS.exe
  2⤵
  PID:9188
- C:\Windows\System\VAcpHtF.exe
  C:\Windows\System\VAcpHtF.exe
  2⤵
  PID:9204
- C:\Windows\System\HFeJdQN.exe
  C:\Windows\System\HFeJdQN.exe
  2⤵
  PID:6420
- C:\Windows\System\QwHInsN.exe
  C:\Windows\System\QwHInsN.exe
  2⤵
  PID:8000
- C:\Windows\System\hDwosnj.exe
  C:\Windows\System\hDwosnj.exe
  2⤵
  PID:2532
- C:\Windows\System\osqZpkm.exe
  C:\Windows\System\osqZpkm.exe
  2⤵
  PID:8232
- C:\Windows\System\ckgdgbu.exe
  C:\Windows\System\ckgdgbu.exe
  2⤵
  PID:8296
- C:\Windows\System\RBJkPEk.exe
  C:\Windows\System\RBJkPEk.exe
  2⤵
  PID:8312
- C:\Windows\System\hlaxLdI.exe
  C:\Windows\System\hlaxLdI.exe
  2⤵
  PID:8280
- C:\Windows\System\XgbqHYF.exe
  C:\Windows\System\XgbqHYF.exe
  2⤵
  PID:8348
- C:\Windows\System\gpnjvjU.exe
  C:\Windows\System\gpnjvjU.exe
  2⤵
  PID:8396
- C:\Windows\System\GhvUcKh.exe
  C:\Windows\System\GhvUcKh.exe
  2⤵
  PID:8412
- C:\Windows\System\HBNDZlu.exe
  C:\Windows\System\HBNDZlu.exe
  2⤵
  PID:8444
- C:\Windows\System\VEBJibg.exe
  C:\Windows\System\VEBJibg.exe
  2⤵
  PID:8428
- C:\Windows\System\xEQMWof.exe
  C:\Windows\System\xEQMWof.exe
  2⤵
  PID:8468
- C:\Windows\System\RSnqIxz.exe
  C:\Windows\System\RSnqIxz.exe
  2⤵
  PID:8532
- C:\Windows\System\akduHsm.exe
  C:\Windows\System\akduHsm.exe
  2⤵
  PID:8580
- C:\Windows\System\krHQDAN.exe
  C:\Windows\System\krHQDAN.exe
  2⤵
  PID:8576
- C:\Windows\System\fGkZMwH.exe
  C:\Windows\System\fGkZMwH.exe
  2⤵
  PID:8596
- C:\Windows\System\itpQchU.exe
  C:\Windows\System\itpQchU.exe
  2⤵
  PID:8660
- C:\Windows\System\dxiyRfa.exe
  C:\Windows\System\dxiyRfa.exe
  2⤵
  PID:8724
- C:\Windows\System\FnCwqJW.exe
  C:\Windows\System\FnCwqJW.exe
  2⤵
  PID:1576
- C:\Windows\System\IEVveHj.exe
  C:\Windows\System\IEVveHj.exe
  2⤵
  PID:8740
- C:\Windows\System\yAcBPcW.exe
  C:\Windows\System\yAcBPcW.exe
  2⤵
  PID:8840
- C:\Windows\System\TbFvjkB.exe
  C:\Windows\System\TbFvjkB.exe
  2⤵
  PID:8784
- C:\Windows\System\lQCGKFp.exe
  C:\Windows\System\lQCGKFp.exe
  2⤵
  PID:8824
- C:\Windows\System\wxcrrDe.exe
  C:\Windows\System\wxcrrDe.exe
  2⤵
  PID:8900
- C:\Windows\System\DgyfoZP.exe
  C:\Windows\System\DgyfoZP.exe
  2⤵
  PID:8936
- C:\Windows\System\DFdiOox.exe
  C:\Windows\System\DFdiOox.exe
  2⤵
  PID:9000
- C:\Windows\System\OvgzwLC.exe
  C:\Windows\System\OvgzwLC.exe
  2⤵
  PID:8920
- C:\Windows\System\mXzFTvm.exe
  C:\Windows\System\mXzFTvm.exe
  2⤵
  PID:8984
- C:\Windows\System\CynulMz.exe
  C:\Windows\System\CynulMz.exe
  2⤵
  PID:9040
- C:\Windows\System\lbzekeo.exe
  C:\Windows\System\lbzekeo.exe
  2⤵
  PID:9084
- C:\Windows\System\nFYZDlp.exe
  C:\Windows\System\nFYZDlp.exe
  2⤵
  PID:9148
- C:\Windows\System\ObPkCKk.exe
  C:\Windows\System\ObPkCKk.exe
  2⤵
  PID:9068
- C:\Windows\System\hgMghhb.exe
  C:\Windows\System\hgMghhb.exe
  2⤵
  PID:9136
- C:\Windows\System\CCQbELU.exe
  C:\Windows\System\CCQbELU.exe
  2⤵
  PID:8364
- C:\Windows\System\MDJIUgM.exe
  C:\Windows\System\MDJIUgM.exe
  2⤵
  PID:8376
- C:\Windows\System\MzbADGQ.exe
  C:\Windows\System\MzbADGQ.exe
  2⤵
  PID:8400
- C:\Windows\System\rqVPmfx.exe
  C:\Windows\System\rqVPmfx.exe
  2⤵
  PID:8516
- C:\Windows\System\Ruosnwe.exe
  C:\Windows\System\Ruosnwe.exe
  2⤵
  PID:8720
- C:\Windows\System\vKCKrhw.exe
  C:\Windows\System\vKCKrhw.exe
  2⤵
  PID:8756
- C:\Windows\System\lRxasYE.exe
  C:\Windows\System\lRxasYE.exe
  2⤵
  PID:8972
- C:\Windows\System\ZOQDVyY.exe
  C:\Windows\System\ZOQDVyY.exe
  2⤵
  PID:8956
- C:\Windows\System\zkprLtn.exe
  C:\Windows\System\zkprLtn.exe
  2⤵
  PID:8792
- C:\Windows\System\zIeGzZa.exe
  C:\Windows\System\zIeGzZa.exe
  2⤵
  PID:8772
- C:\Windows\System\bGmpzLE.exe
  C:\Windows\System\bGmpzLE.exe
  2⤵
  PID:8888
- C:\Windows\System\HFmOqPu.exe
  C:\Windows\System\HFmOqPu.exe
  2⤵
  PID:9016
- C:\Windows\System\UVSWPGt.exe
  C:\Windows\System\UVSWPGt.exe
  2⤵
  PID:9164
- C:\Windows\System\iXhPDTX.exe
  C:\Windows\System\iXhPDTX.exe
  2⤵
  PID:9056
- C:\Windows\System\PeiaTJp.exe
  C:\Windows\System\PeiaTJp.exe
  2⤵
  PID:1100
- C:\Windows\System\sFxeQaY.exe
  C:\Windows\System\sFxeQaY.exe
  2⤵
  PID:444
- C:\Windows\System\dRRGeoa.exe
  C:\Windows\System\dRRGeoa.exe
  2⤵
  PID:8360
- C:\Windows\System\SEkaXLl.exe
  C:\Windows\System\SEkaXLl.exe
  2⤵
  PID:8332
- C:\Windows\System\KSZugpM.exe
  C:\Windows\System\KSZugpM.exe
  2⤵
  PID:8692
- C:\Windows\System\tXZHQjP.exe
  C:\Windows\System\tXZHQjP.exe
  2⤵
  PID:8628
- C:\Windows\System\XzCXOPK.exe
  C:\Windows\System\XzCXOPK.exe
  2⤵
  PID:9120
- C:\Windows\System\YopAjbr.exe
  C:\Windows\System\YopAjbr.exe
  2⤵
  PID:8252
- C:\Windows\System\tVOrVYV.exe
  C:\Windows\System\tVOrVYV.exe
  2⤵
  PID:8820
- C:\Windows\System\DfipfvV.exe
  C:\Windows\System\DfipfvV.exe
  2⤵
  PID:8752
- C:\Windows\System\ldzoXWP.exe
  C:\Windows\System\ldzoXWP.exe
  2⤵
  PID:8676
- C:\Windows\System\bBIgxIN.exe
  C:\Windows\System\bBIgxIN.exe
  2⤵
  PID:9100
- C:\Windows\System\wHOqBNE.exe
  C:\Windows\System\wHOqBNE.exe
  2⤵
  PID:8220
- C:\Windows\System\mDgYWwD.exe
  C:\Windows\System\mDgYWwD.exe
  2⤵
  PID:1976
- C:\Windows\System\VSYtKuh.exe
  C:\Windows\System\VSYtKuh.exe
  2⤵
  PID:8564
- C:\Windows\System\tFCDdjK.exe
  C:\Windows\System\tFCDdjK.exe
  2⤵
  PID:9228
- C:\Windows\System\RMUaElZ.exe
  C:\Windows\System\RMUaElZ.exe
  2⤵
  PID:9244
- C:\Windows\System\sbOvzWd.exe
  C:\Windows\System\sbOvzWd.exe
  2⤵
  PID:9260
- C:\Windows\System\DJtycbQ.exe
  C:\Windows\System\DJtycbQ.exe
  2⤵
  PID:9276
- C:\Windows\System\vDafgRv.exe
  C:\Windows\System\vDafgRv.exe
  2⤵
  PID:9292
- C:\Windows\System\qzBDuKj.exe
  C:\Windows\System\qzBDuKj.exe
  2⤵
  PID:9308
- C:\Windows\System\tbimxvx.exe
  C:\Windows\System\tbimxvx.exe
  2⤵
  PID:9324
- C:\Windows\System\XyhWIPu.exe
  C:\Windows\System\XyhWIPu.exe
  2⤵
  PID:9340
- C:\Windows\System\eYyBhvK.exe
  C:\Windows\System\eYyBhvK.exe
  2⤵
  PID:9356
- C:\Windows\System\twmYHxV.exe
  C:\Windows\System\twmYHxV.exe
  2⤵
  PID:9372
- C:\Windows\System\pStPZZD.exe
  C:\Windows\System\pStPZZD.exe
  2⤵
  PID:9388
- C:\Windows\System\PIusAOr.exe
  C:\Windows\System\PIusAOr.exe
  2⤵
  PID:9404
- C:\Windows\System\oRsDGeT.exe
  C:\Windows\System\oRsDGeT.exe
  2⤵
  PID:9424
- C:\Windows\System\TfZRdGS.exe
  C:\Windows\System\TfZRdGS.exe
  2⤵
  PID:9440
- C:\Windows\System\zrkUtgb.exe
  C:\Windows\System\zrkUtgb.exe
  2⤵
  PID:9456
- C:\Windows\System\SuyVQle.exe
  C:\Windows\System\SuyVQle.exe
  2⤵
  PID:9472
- C:\Windows\System\UfhBMfc.exe
  C:\Windows\System\UfhBMfc.exe
  2⤵
  PID:9492
- C:\Windows\System\xUFwtBV.exe
  C:\Windows\System\xUFwtBV.exe
  2⤵
  PID:9508
- C:\Windows\System\CHIwDmf.exe
  C:\Windows\System\CHIwDmf.exe
  2⤵
  PID:9524
- C:\Windows\System\AHbgEAa.exe
  C:\Windows\System\AHbgEAa.exe
  2⤵
  PID:9540
- C:\Windows\System\oYimnEY.exe
  C:\Windows\System\oYimnEY.exe
  2⤵
  PID:9564
- C:\Windows\System\ovJQRSU.exe
  C:\Windows\System\ovJQRSU.exe
  2⤵
  PID:9580
- C:\Windows\System\pdEJWTl.exe
  C:\Windows\System\pdEJWTl.exe
  2⤵
  PID:9596
- C:\Windows\System\LkfHevh.exe
  C:\Windows\System\LkfHevh.exe
  2⤵
  PID:9612
- C:\Windows\System\RxzqkAm.exe
  C:\Windows\System\RxzqkAm.exe
  2⤵
  PID:9632
- C:\Windows\System\PeWSnKj.exe
  C:\Windows\System\PeWSnKj.exe
  2⤵
  PID:9648
- C:\Windows\System\pqoDraE.exe
  C:\Windows\System\pqoDraE.exe
  2⤵
  PID:9668
- C:\Windows\System\ZpwISbW.exe
  C:\Windows\System\ZpwISbW.exe
  2⤵
  PID:9684
- C:\Windows\System\iXxbmRh.exe
  C:\Windows\System\iXxbmRh.exe
  2⤵
  PID:9700
- C:\Windows\System\YUJLJgF.exe
  C:\Windows\System\YUJLJgF.exe
  2⤵
  PID:9728
- C:\Windows\System\apPljtw.exe
  C:\Windows\System\apPljtw.exe
  2⤵
  PID:9744
- C:\Windows\System\JHAFjYS.exe
  C:\Windows\System\JHAFjYS.exe
  2⤵
  PID:9760
- C:\Windows\System\eTRbBOV.exe
  C:\Windows\System\eTRbBOV.exe
  2⤵
  PID:9788
- C:\Windows\System\oSOrCQe.exe
  C:\Windows\System\oSOrCQe.exe
  2⤵
  PID:9808
- C:\Windows\System\oSBMpqr.exe
  C:\Windows\System\oSBMpqr.exe
  2⤵
  PID:9828
- C:\Windows\System\oDRbZEW.exe
  C:\Windows\System\oDRbZEW.exe
  2⤵
  PID:9848
- C:\Windows\System\JgLNhHj.exe
  C:\Windows\System\JgLNhHj.exe
  2⤵
  PID:9864
- C:\Windows\System\PwCxHyf.exe
  C:\Windows\System\PwCxHyf.exe
  2⤵
  PID:9880
- C:\Windows\System\WMDzhsQ.exe
  C:\Windows\System\WMDzhsQ.exe
  2⤵
  PID:9896
- C:\Windows\System\exvjRCB.exe
  C:\Windows\System\exvjRCB.exe
  2⤵
  PID:9916
- C:\Windows\System\WauTKIu.exe
  C:\Windows\System\WauTKIu.exe
  2⤵
  PID:9932
- C:\Windows\System\kimlKcA.exe
  C:\Windows\System\kimlKcA.exe
  2⤵
  PID:9952
- C:\Windows\System\BEfxIbp.exe
  C:\Windows\System\BEfxIbp.exe
  2⤵
  PID:9972
- C:\Windows\System\BwgMxxi.exe
  C:\Windows\System\BwgMxxi.exe
  2⤵
  PID:9992
- C:\Windows\System\ZQymXAS.exe
  C:\Windows\System\ZQymXAS.exe
  2⤵
  PID:10012
- C:\Windows\System\UPejSZk.exe
  C:\Windows\System\UPejSZk.exe
  2⤵
  PID:10028
- C:\Windows\System\GYZAmoh.exe
  C:\Windows\System\GYZAmoh.exe
  2⤵
  PID:10052
- C:\Windows\System\dMNnKAv.exe
  C:\Windows\System\dMNnKAv.exe
  2⤵
  PID:10076
- C:\Windows\System\kVPIjwC.exe
  C:\Windows\System\kVPIjwC.exe
  2⤵
  PID:10096
- C:\Windows\System\tMTfoTy.exe
  C:\Windows\System\tMTfoTy.exe
  2⤵
  PID:10116
- C:\Windows\System\bdrbgjb.exe
  C:\Windows\System\bdrbgjb.exe
  2⤵
  PID:10140
- C:\Windows\System\cTbqbiQ.exe
  C:\Windows\System\cTbqbiQ.exe
  2⤵
  PID:10160
- C:\Windows\System\KytcaML.exe
  C:\Windows\System\KytcaML.exe
  2⤵
  PID:10176
- C:\Windows\System\XSRidFs.exe
  C:\Windows\System\XSRidFs.exe
  2⤵
  PID:10196
- C:\Windows\System\wcihROI.exe
  C:\Windows\System\wcihROI.exe
  2⤵
  PID:10212
- C:\Windows\System\bGQdMBC.exe
  C:\Windows\System\bGQdMBC.exe
  2⤵
  PID:10232
- C:\Windows\System\AorFWEF.exe
  C:\Windows\System\AorFWEF.exe
  2⤵
  PID:2216
- C:\Windows\System\yEKKAGW.exe
  C:\Windows\System\yEKKAGW.exe
  2⤵
  PID:9236
- C:\Windows\System\iSdtQyk.exe
  C:\Windows\System\iSdtQyk.exe
  2⤵
  PID:8916
- C:\Windows\System\FYAWaYQ.exe
  C:\Windows\System\FYAWaYQ.exe
  2⤵
  PID:9116
- C:\Windows\System\OcwBktU.exe
  C:\Windows\System\OcwBktU.exe
  2⤵
  PID:9332
- C:\Windows\System\NDjtXZE.exe
  C:\Windows\System\NDjtXZE.exe
  2⤵
  PID:9396
- C:\Windows\System\jcePvLQ.exe
  C:\Windows\System\jcePvLQ.exe
  2⤵
  PID:9288
- C:\Windows\System\abyfDux.exe
  C:\Windows\System\abyfDux.exe
  2⤵
  PID:9380
- C:\Windows\System\WRSluHO.exe
  C:\Windows\System\WRSluHO.exe
  2⤵
  PID:9436
- C:\Windows\System\DvUbqwp.exe
  C:\Windows\System\DvUbqwp.exe
  2⤵
  PID:9480
- C:\Windows\System\VoncvPx.exe
  C:\Windows\System\VoncvPx.exe
  2⤵
  PID:9516
- C:\Windows\System\NCKQNBH.exe
  C:\Windows\System\NCKQNBH.exe
  2⤵
  PID:9536
- C:\Windows\System\tBdrLSY.exe
  C:\Windows\System\tBdrLSY.exe
  2⤵
  PID:9576
- C:\Windows\System\SpCMRgx.exe
  C:\Windows\System\SpCMRgx.exe
  2⤵
  PID:9592
- C:\Windows\System\QhoghFN.exe
  C:\Windows\System\QhoghFN.exe
  2⤵
  PID:9644
- C:\Windows\System\DozeiFl.exe
  C:\Windows\System\DozeiFl.exe
  2⤵
  PID:9676
- C:\Windows\System\NgXMmjl.exe
  C:\Windows\System\NgXMmjl.exe
  2⤵
  PID:9712
- C:\Windows\System\zvmvEPR.exe
  C:\Windows\System\zvmvEPR.exe
  2⤵
  PID:9756
- C:\Windows\System\qIqtGQC.exe
  C:\Windows\System\qIqtGQC.exe
  2⤵
  PID:9804
- C:\Windows\System\rmotBha.exe
  C:\Windows\System\rmotBha.exe
  2⤵
  PID:9780
- C:\Windows\System\FsDdaok.exe
  C:\Windows\System\FsDdaok.exe
  2⤵
  PID:9840
- C:\Windows\System\SjxcIPX.exe
  C:\Windows\System\SjxcIPX.exe
  2⤵
  PID:9876
- C:\Windows\System\BrWfcga.exe
  C:\Windows\System\BrWfcga.exe
  2⤵
  PID:9892
- C:\Windows\System\sCPmdRG.exe
  C:\Windows\System\sCPmdRG.exe
  2⤵
  PID:9948
- C:\Windows\System\NPJTzPD.exe
  C:\Windows\System\NPJTzPD.exe
  2⤵
  PID:9964
- C:\Windows\System\GSIPUTb.exe
  C:\Windows\System\GSIPUTb.exe
  2⤵
  PID:9968
- C:\Windows\System\oymLeiu.exe
  C:\Windows\System\oymLeiu.exe
  2⤵
  PID:10040
- C:\Windows\System\fhWWtjC.exe
  C:\Windows\System\fhWWtjC.exe
  2⤵
  PID:10064
- C:\Windows\System\prpbQnM.exe
  C:\Windows\System\prpbQnM.exe
  2⤵
  PID:10092
- C:\Windows\System\isnTQsz.exe
  C:\Windows\System\isnTQsz.exe
  2⤵
  PID:10136
- C:\Windows\System\wJaqUIr.exe
  C:\Windows\System\wJaqUIr.exe
  2⤵
  PID:10172
- C:\Windows\System\SqkfECl.exe
  C:\Windows\System\SqkfECl.exe
  2⤵
  PID:10224
- C:\Windows\System\JmxJMOZ.exe
  C:\Windows\System\JmxJMOZ.exe
  2⤵
  PID:8188
- C:\Windows\System\ePQGYnM.exe
  C:\Windows\System\ePQGYnM.exe
  2⤵
  PID:9284
- C:\Windows\System\eapSKKq.exe
  C:\Windows\System\eapSKKq.exe
  2⤵
  PID:9368
- C:\Windows\System\oFomfNX.exe
  C:\Windows\System\oFomfNX.exe
  2⤵
  PID:9256
- C:\Windows\System\XwgatSo.exe
  C:\Windows\System\XwgatSo.exe
  2⤵
  PID:9412
- C:\Windows\System\srhYrId.exe
  C:\Windows\System\srhYrId.exe
  2⤵
  PID:9468
- C:\Windows\System\KnbtKbj.exe
  C:\Windows\System\KnbtKbj.exe
  2⤵
  PID:8736
- C:\Windows\System\LgFnuKR.exe
  C:\Windows\System\LgFnuKR.exe
  2⤵
  PID:9604
- C:\Windows\System\wBvJoEg.exe
  C:\Windows\System\wBvJoEg.exe
  2⤵
  PID:9656
- C:\Windows\System\LNCCwMQ.exe
  C:\Windows\System\LNCCwMQ.exe
  2⤵
  PID:9752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DbSWFMh.exe

Filesize
6.0MB

MD5
d0d4eb3a4b5b4ebe34ee3e81732c5eef

SHA1
7dbde76a28f9ab5be7033a3034548ec313022a88

SHA256
ebe328dfdcaf9a06c6a6117485c072c2fa0812e993891d457757f90e91ec88bc

SHA512
c72c70da44d4e4d3202879a2db2ae0d1e842dde9ac9542462fa14ffd0cad6d3a618e0eead5d0d176a573f04bac0c125db68659e131f53a1065b53a621f2b6762

Download Submit
C:\Windows\system\FWJYozL.exe

Filesize
6.0MB

MD5
1109146ff8d587dcf8569c9dc61a6860

SHA1
3280d9a1ad85eb888dafad4368d5a336a6d3937b

SHA256
91a1fb4bc912121adda09b9f53ea6f47013c9d7603e3886d8541a8d5491b846a

SHA512
4271fe19dd8e5b71a84be17e0a15c194cf5d85d7316b8e7b51d10a07aae2e0a474647fe88e88d1bfe86ff6b45e8c5c176f8a7cbaeeedf95f149b912e58dcbe06

Download Submit
C:\Windows\system\HcLoMws.exe

Filesize
6.0MB

MD5
f3b0ad2bf59e6af85582979d7e8ea0b4

SHA1
a1fe65d6c9b62be39802602a346e073a044b6bd4

SHA256
8834c442bff03c757b013a121cd46b7bebe7fecd94a302595584f1256beba7fc

SHA512
112581506aceceba528c4fb2157f31c0ad7918d02b0efd9c8ad0dfe947fa7eed66d31e9492ae0698813d511e0e13c667526ae5290ee3b1210f22eda464402176

Download Submit
C:\Windows\system\JRMRQLw.exe

Filesize
6.0MB

MD5
71670ae7138e3d1c0d73b34f1a206e53

SHA1
5f6f51c50abfca77b4c017da20fad97967bf8ba0

SHA256
fba8290e16b355ac28877952f9677f397d8c43514b0c272af3282b6fb9150e06

SHA512
be5eb5ac688e3796ca8e161aca277b17b79edcbcd385eadce22ed23dff012c367409d0bea760a7f14ad956dccd999109f100d4095a79f6c17e70d0863eb64a9f

Download Submit
C:\Windows\system\JbxvHuZ.exe

Filesize
6.0MB

MD5
faf7a97438ef7f3be07bc36a1128451e

SHA1
ff23c2b40d530c50fed8e6b1bc002dfc8d9f4dc3

SHA256
5fb80265d741902ad95d5dece8dacc98c3a5b10a93da36eff6d0568490608f20

SHA512
ed3926f57c7f47dc2d7b4f13bdecf80699866da0041eb7cd0e098c0c93d35eedf120bfeb4421e7a92e543492c1144295344ba95a81a79dd3eb91084bfa3aa084

Download Submit
C:\Windows\system\NDejHSi.exe

Filesize
6.0MB

MD5
8bb7ac20d2fb9c881df1044f6dc3152f

SHA1
f15a019a574abad613975bbf863eb9febd2ae6b5

SHA256
bc00733d2c7dd4931542e77853936b8aaeb043f08fad678171d4045529741167

SHA512
4ce4d1e9bc7d3f5c6d27cf67d930f6f7dbf23accafcbaf5672737f3e7f13011e1c68423e536aa59ac913c4da1635951d6c31ca2000cc86b6896b8fe1dd00e15f

Download Submit
C:\Windows\system\NJHeSES.exe

Filesize
6.0MB

MD5
e232a2ca5846688fbd7548de73d8d2b5

SHA1
7b7281a203485c4fa3abb831ad654ee08dfc8ada

SHA256
f885a03d6e732302e945a31dc0bdd82f07e4702de5565f2a8984900104ddec43

SHA512
b2adb8586ae7c1c5fa02a871e973e542bcfd6c93fcda9593d1881cc0a717739a5ffac879b0f9f77198adf7ad6168c044951269713548ea0e21910164354e622d

Download Submit
C:\Windows\system\QlRjGQV.exe

Filesize
6.0MB

MD5
5418efffb4cd36dc30c4b981a36a784a

SHA1
ff74f659c9febd74a69bbd1fa4b141cda6157cb3

SHA256
578c378b9bae1067885bacedace1702ddd50ab6902fff3e7e9f94e1167194400

SHA512
01395ea17d1064e073cdc7cbf90fd8dc6f1e453e10b53894970b8a661dfc47943020036b98062d78f382407345e80c53664597bd607c84db9ad25c0dfec6d723

Download Submit
C:\Windows\system\SEEsWDG.exe

Filesize
6.0MB

MD5
ceab766ad322cbe4f26a4a6c8686d4e9

SHA1
596a71261be03adafa48ac1e38945e1b1c6d9ca9

SHA256
1f004abcb59604fb3abbda6ab5a3197d921b0d78b59c3c47fa34de5562172110

SHA512
02632eb69f55e15495a1496b4eb0c6fddda987a5168c94162ca06a8674de2ae960bbc67d7e77e81f10f6a4aece9d29e31d230efe9bc99f2dd16bcf211d80b1e5

Download Submit
C:\Windows\system\SRonyxG.exe

Filesize
6.0MB

MD5
571643c286ecd4d49dffb8226e3ac043

SHA1
a543e6ef4c3973f327d7937f542ee306e1e3d339

SHA256
8f0873799dfb9a6a0515ee842e44503baf36a5c34183305b7c404fc6c1fbafef

SHA512
95e898b226f77bf73c1dca464516cb111f6a252070d36d611e0767e20729e1ec1452dfcd4d7c7b116393ac2c952ac3eb982eca03892eb0d8e8f82189f4dbd23a

Download Submit
C:\Windows\system\UIuGSkn.exe

Filesize
6.0MB

MD5
1fc8292eae95337af307ca98cd0efdb8

SHA1
7922bc8bca8431dfecf14cafa0b20273e96fdae7

SHA256
15a4a6831aaf157064d874c4a06e94658581ec44ea1f2ae9a1852e38bcff4b28

SHA512
56c725144a7b478ed4aeba94414a026a5d816ae2b66a717a4dfeed7824959c7de33afd4d568be8a8dde97dd533a0db9e21cee39f4f525cf2c26b6198929b4559

Download Submit
C:\Windows\system\UgfFWOe.exe

Filesize
6.0MB

MD5
2e0f3d9a19dd3973589b007331f9d7ea

SHA1
36ad45e73d5957b6fefdb7fe7943451fd2e5da5a

SHA256
74678ad96de60b97d402daee2783ba27c452cf0b24eba219b1942cc0fabfd748

SHA512
f47214c36cae14dc202fc1416e0eda6728f414b745852216d77ac43b37e5907704026e58a20eeffef48ff04747b4cfc0e24df6b066bbcfc98789f3b420713cbf

Download Submit
C:\Windows\system\VtWeJvp.exe

Filesize
6.0MB

MD5
5af6f3a98b786854f36a58b949d10448

SHA1
5c95661ec9aaeabfbd3d162c347c2fb9db73d8a4

SHA256
edcee37044a89259825f39dff94c3e8cb98e3cf744b167b74577760c92c7ee04

SHA512
83cb338dc0060ffce177edf4c6ba28e172313bfe551f66b9ad38157beafa2f8b4ff80c42f0e58f55d2f4baac202a0e71db1a5225c636274f3068333bcd27e73d

Download Submit
C:\Windows\system\ZkgYAYl.exe

Filesize
6.0MB

MD5
ab8942eaa7db051c5da250754d8e5daa

SHA1
63d23c67f8796d21e6cfee7d2fa3dd121270f2a1

SHA256
e31df92b9eb3b81fab9fab1f901540c6eb5598a12708ebc9ac2882e5550a7d97

SHA512
3c1c2fcbf47f6ec2ce977df1e7efa5c015f827cec9584b9f17e7677b2531e2476a8c1a1106e56adc538a1ed937e077dd5390db2e7923f7e70952a8f43426410c

Download Submit
C:\Windows\system\aQCjnVo.exe

Filesize
6.0MB

MD5
fe26bb3aa17cd4470004760e950278ab

SHA1
56afee3dc1205ac3f14b987a7e282c173e028718

SHA256
812ffb4c9b53b9c304ec551d59054e29e65ca170ecac0d211bc652ecac38bae9

SHA512
138501918595276379581904ecb6674c6a5e30ac7bbad43deaffd137968b4431c2833566a15b9a68266bd20f8277c6cc4c59886e38344b8f6e1e558f06e9318d

Download Submit
C:\Windows\system\bkuuoMW.exe

Filesize
6.0MB

MD5
7e321f6c1d51a3372b2bcb18ef431101

SHA1
8f8c5fc5677d2c75611f81cd967a95dfbd4e4da2

SHA256
db9781b69dc86fbbcbdde3bbf5b47e7183ca916f00381e8664fb0959bfd2cf56

SHA512
5c7900d628e0b0281e5bcdd4316465390b5c115c5b97162f58e03e22fe8c1b087c8efafc146f8270a2f9b7861598f3747e692ead4bceb88f36b242feb8cef716

Download Submit
C:\Windows\system\btTMMdT.exe

Filesize
6.0MB

MD5
877062daf1c741bc5844d87abd828f94

SHA1
1270223163c8de52a33d7a0bc11b23bfb2834edd

SHA256
8bbddd976bc696a73e3e3dda236f6980202ab98a74e542b5936cb8fad2eb1bf8

SHA512
590dc220f6fbe2a62d128dec0bb3e8c59b5d2f447c4466a0a9e0bb97bc85995927fc9936c5b29a72425f3fa4948ea5a9719599c62f00360b5f353e5a72160c92

Download Submit
C:\Windows\system\cGZonqg.exe

Filesize
6.0MB

MD5
569be6e24a24772c6200d3f94d608f55

SHA1
edb15d692854107b2280adfec66f8ff671b351cc

SHA256
6df58003d88bceec138f0e0cf4f7ea306d5e11e8567c11e75ec5eadc37d5b7ba

SHA512
ec58efafd057bc9408a96df0c16716e5c170c15e6ba61df12f34c20791ffb167e800c38c70b4d8e0dfa30cc8b532d07cf22a4e2e383c410d61691272be4cd41a

Download Submit
C:\Windows\system\czkKGSt.exe

Filesize
6.0MB

MD5
3d322f20229ba4eba9e6d52cc8192145

SHA1
6d13b80b00817dcccebe9029ee6ae92b5e34c52f

SHA256
6792f8a1f7f525a3558cbb793d68ddd56d1b5790875bc59b636e47cc68c0b0c8

SHA512
37b98c9dc49bcc1f10567abe76f39305e9c29808b54f64bc467c9a61a3bf891c2877343ffcd742e94833a8d3f70e2e03270a2028d64500bbb2c26a1d22c677ab

Download Submit
C:\Windows\system\fjKKeKo.exe

Filesize
6.0MB

MD5
9ef19fe005db82b918f5b4e421210a2f

SHA1
eb93eedcb41f1ed0b53324909e1c8fe880066df7

SHA256
f2406684ab32781dd8c17f40160733d06489920ee380167d04fef64388ddaddd

SHA512
4958c7ddea17e0f712a4ba292212885cd1e4a1f90af20bab29831a41c3a68db892f27dbc1f2f08898acf0401247d653d2b111be20d01f8052d8f2416bbdde984

Download Submit
C:\Windows\system\gZfcnca.exe

Filesize
6.0MB

MD5
c3fc4f5902d1454442d5b30c0384dc91

SHA1
5cf66235d02804772fdf9176395ceef7fb8db1f7

SHA256
47b3516feaf2ba2829f5035ea26c41a19da5d7943e27657e60c7c3f8615728ea

SHA512
36b773db5637ca47e041327b4d88bd6d31f6cf7ac0fc766f628ea33a5be4e3433e1b20c2323ecd25ee49fb6b67c5aa4dffc725dd62a0773323f2f7f803e957b8

Download Submit
C:\Windows\system\gninZhe.exe

Filesize
6.0MB

MD5
cbe1d1177a704514feea7ccda90c7e4c

SHA1
b87751bea5d4282b1445cf94388d3d4867ee6096

SHA256
e19c6670311276f16c485921a3470560334a33dd06c3fa3d7652f074cc2cf24d

SHA512
df990b8a096fce2ee6528cca071c6ad4c4ed8ff8ea268111df3762a17397dea93be474f2b2276053a60808948dbed671f60ef24cbd2f8566214de035c6640916

Download Submit
C:\Windows\system\jKEIhpd.exe

Filesize
6.0MB

MD5
2effda25f331eb1a233d78bb470d1e09

SHA1
2b71f23a87258e7808f3bed3b9ac6bcb8a9885bc

SHA256
7b5835fafd0ab59e569f908a382486ab82af7ef347d6db54684b5aa19c7b4edb

SHA512
a0c1385bef8009389383d1a5deeafc6e3fb30229365943277734338232fb61cddaec8ea3307fdff34984a51a657b1e947707c8c1858c11d44dbfa91e10ff4a19

Download Submit
C:\Windows\system\riooBrb.exe

Filesize
6.0MB

MD5
bb48390735f95c67ad65ac2a632ce9b2

SHA1
af7f1384fe55b87c8b94c952cab79e44939e70ec

SHA256
eb77e1c76511d8f56c0ecd5de9dadf856adf5659e6a33aefa38013c29e9d5104

SHA512
04e67f43d8bc15c5c37ac20e266a4e7f6beb4134cb8144661ff6acbe545af796246fb2f037ef23a28cddd696e77d27237b33265d5ddd949e026e2856b662de36

Download Submit
C:\Windows\system\sPLcPwL.exe

Filesize
6.0MB

MD5
9f80d3282e857f0a27363ccbc40aea2c

SHA1
e080d49254ac6736fdfb9a054bed218637666b1f

SHA256
d4fa416fe26dca833bf50fc4b8331ed048ac586521b906b163368bc986bb7893

SHA512
2c49a7227e686e537c2ba21746ae85fb6032ae6fa77b01b3fc12e9bd480b4fd33602c1614a16cb4954ab6ebcd4a14d0bd7132b2388b89959583ca5a39b4f6e5a

Download Submit
C:\Windows\system\slrqRWH.exe

Filesize
6.0MB

MD5
50f9548c82cae8b373990088c0b0ed14

SHA1
999c4ed7fe13573f9cd36927bb3c331e40a1bf65

SHA256
7ff4c8d39ce1538761de0b8d61169e31462c8d64215bd6eba31d91fe6296cd28

SHA512
1e340c8093c30abb7b5fdcb9a7c236d1ab38246212fa6c81c782ed2d500fb3b882112513abe4e58d01743ce6158aa3c1a420c3a2c597ac3cc5ca870f738b50d4

Download Submit
C:\Windows\system\smtDvks.exe

Filesize
6.0MB

MD5
03ca95811b65e30a35533977b282d8f6

SHA1
84d6c351ade28c4b5f74334ca146278877338fd5

SHA256
75d201f56fd513edaa31c01d240779d4ce2d51a24eb3b99318fdb1cece465375

SHA512
ad69383c4e5bc4c3e7967b6ad315b667f26849a8f125000253c67b5ab54a13b333df854204394a6c1b66c7f245080a1da4ce195bf51e53a7aa56decb41aaabaf

Download Submit
C:\Windows\system\uxUlEZd.exe

Filesize
6.0MB

MD5
100617cd7a65b7b079c058ac2af08bde

SHA1
6355e6760f4c2b52bee079398ef5c6c42991fb94

SHA256
857821c3c2d93f3d9dc4b9db47b2ed2b843512b0f087230e00a4c9c09b2ba139

SHA512
fa3f467a4960ae71f26d276ab1df9162cee5906dbbcc25731680aa37070b4cb505dd3a5ab10bbb3f5d897232d8d169d6471f47581207a333e0bac240b53e13cf

Download Submit
C:\Windows\system\vqndXvB.exe

Filesize
6.0MB

MD5
39234a6947a792a0a513debe20d6aaa9

SHA1
f146b8c28950306befe2e850446509547034ddcf

SHA256
583c9ddbca72f1d196b2d62f395b09e061fbf3d508153f51c795a193bc611919

SHA512
f23840ce860ce18ac6badabafa7ca5ecdae3331f960f807a33fde95e0f17fb3f5df3d9bff1e7d63a76addf70df7a85ac8367bf5827be938944d94ac086222d58

Download Submit
C:\Windows\system\xRHXOiE.exe

Filesize
6.0MB

MD5
da1bb91d0632e64481d15d4d293bb7c4

SHA1
99c17545b20279d67e9b6408acf11923a308d751

SHA256
43d62e9a58fcb3ab3d19a8f012c3d324457c5961e526be7ce5f82d4fef2350d3

SHA512
e612ad465bbc1d8e562ed063f1a9c48870ea6e50c3b57ed3bdafe2292cadad6db8fc0bba8c147e35036282362425cb011750ff2d16b99126d77472fac9feb1b1

Download Submit
C:\Windows\system\yAfeJfo.exe

Filesize
6.0MB

MD5
b0d5c4781fadd311cdf6069053eec9f3

SHA1
38c29943188fdde830114b4f289445f59525d189

SHA256
f9248184d5ef136f586e4f87f74bcbcfe5696c7e6358ac1a8450af5a3e2077e9

SHA512
32fd951fc2a786400070af2e0937e32b0581af588e46ee0999bbbd1d1d0b293eeb3493275334020f832b46e5f507724f11dbb16898fb95b560f689ad3f1c772c

Download Submit
C:\Windows\system\zQfxoaF.exe

Filesize
6.0MB

MD5
d892c9061598373914d2a10f55ed7c83

SHA1
cab4ef7fea4af2028be381fbcb65bed1401b729f

SHA256
a436578b24c8b61534ef8561a3022166454e93201f8e99c01df18b22b3347c38

SHA512
7eefc1f9f0d39ae8088b960b9ab9f7593eb899379ff3eae343eab4bf017a0d90240fbfa0675c43784623562bdcbd23b0e5837214179ea9731f73686db763fe11

Download Submit
memory/1148-4085-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1148-4062-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4045-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4089-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4060-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4087-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2492-4082-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2492-4059-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4053-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4091-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4083-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4055-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4070-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4069-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4050-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4052-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2676-4040-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4054-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4048-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4056-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4042-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4058-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4046-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4044-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4061-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4081-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4063-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4064-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4065-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4066-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4072-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4075-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4076-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4071-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4074-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4073-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4079-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4078-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4077-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4084-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4043-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4068-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4039-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4088-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4049-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4086-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4051-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3640-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4041-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4067-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4057-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4090-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-4047-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/3032-4080-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download