cobaltstrike | 2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
Size

6.0MB
MD5

81e425df5001bbf4c02f970fb4c990d2
SHA1

d2b8ab406c0a6154656301270fb2ee42ab6b4dd2
SHA256

2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374
SHA512

2c348c00c35c7153058e8fe5ec4d4b948628c6c791186c695dec06bba7fd10b90f2664b7682da8ce048d2c767d7176d91bc310476e3677ed26ec90e145c66176
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUb:eOl56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012259-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-40.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160d5-44.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-185.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000015d5c-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-59.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2724-1-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-6.dat	xmrig
behavioral1/memory/2820-9-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d75-10.dat	xmrig
behavioral1/memory/2600-15-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2612-24-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d7f-20.dat	xmrig
behavioral1/files/0x0007000000015e47-29.dat	xmrig
behavioral1/files/0x0008000000015dc3-28.dat	xmrig
behavioral1/files/0x0007000000015f1b-33.dat	xmrig
behavioral1/files/0x0007000000015f2a-40.dat	xmrig
behavioral1/files/0x00080000000160d5-44.dat	xmrig
behavioral1/files/0x000500000001925c-79.dat	xmrig
behavioral1/files/0x0005000000019346-104.dat	xmrig
behavioral1/files/0x00050000000193c9-124.dat	xmrig
behavioral1/files/0x00050000000193af-119.dat	xmrig
behavioral1/files/0x0005000000019494-141.dat	xmrig
behavioral1/files/0x00050000000193f8-130.dat	xmrig
behavioral1/memory/2612-828-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2724-299-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-185.dat	xmrig
behavioral1/files/0x0031000000015d5c-180.dat	xmrig
behavioral1/files/0x00050000000194a7-171.dat	xmrig
behavioral1/files/0x0005000000019408-170.dat	xmrig
behavioral1/memory/2576-169-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2620-168-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b4-176.dat	xmrig
behavioral1/memory/1964-166-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2252-164-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2724-163-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/828-162-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/924-160-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2724-159-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/864-158-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2724-157-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/532-154-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2024-152-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-150.dat	xmrig
behavioral1/memory/2144-148-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2644-137-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a2-114.dat	xmrig
behavioral1/files/0x0005000000019384-109.dat	xmrig
behavioral1/files/0x000500000001933e-99.dat	xmrig
behavioral1/files/0x000500000001932a-94.dat	xmrig
behavioral1/files/0x00050000000192f0-89.dat	xmrig
behavioral1/files/0x0005000000019273-84.dat	xmrig
behavioral1/files/0x0005000000019241-74.dat	xmrig
behavioral1/files/0x0005000000019234-69.dat	xmrig
behavioral1/files/0x0005000000019228-64.dat	xmrig
behavioral1/files/0x000500000001920f-59.dat	xmrig
behavioral1/files/0x000600000001903d-54.dat	xmrig
behavioral1/files/0x0006000000019030-49.dat	xmrig
behavioral1/memory/2820-3976-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2600-3977-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2576-3978-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2620-3979-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2644-3980-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/864-3981-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2024-3984-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/532-3983-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2144-3982-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/924-3985-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/828-3986-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2252-3988-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2820	yAtmOjk.exe
2600	uRbpIcp.exe
2612	PubmpZO.exe
2620	WdAsamD.exe
2576	oZkpPWF.exe
2644	YBPuXmo.exe
2144	wSYhAXN.exe
2024	rOdRTsn.exe
532	hkFdThG.exe
864	fXvgSqr.exe
924	RyzauFM.exe
828	OWgAxWg.exe
2252	yuzQweZ.exe
1964	mKyYAow.exe
2064	VUmRKQD.exe
2276	zWvoUhd.exe
2880	ZnjLMva.exe
308	whkDgQq.exe
1720	GCaNYzo.exe
1084	soBpNbq.exe
2752	sqUMNvy.exe
2920	uenlhJA.exe
2160	RGWQYcf.exe
1776	aZSfMEE.exe
544	RRSdPDr.exe
2476	XaXNijW.exe
2464	hDlCZJG.exe
3064	hYqsVFS.exe
1484	xGxBipQ.exe
2532	qaXBSXj.exe
752	KTICTEO.exe
1616	cSDZHKq.exe
1960	rxsbVeH.exe
1744	dlgEiQS.exe
1544	fJDIXOT.exe
1936	jBmTuzO.exe
1760	jQJVQJL.exe
896	xVaVIBR.exe
952	UCCvOzp.exe
2132	gFZDmCT.exe
2516	wFuGONd.exe
2216	yYtfnQV.exe
3032	sCeOjUR.exe
2956	tptCYAJ.exe
2344	FCiEZdS.exe
3048	atseGIn.exe
1908	MdUFtfG.exe
1828	dEOBoZu.exe
1524	mvUakgC.exe
2272	YgOynuS.exe
2188	btoIHsB.exe
1576	SAeKywK.exe
1604	lYfLFgA.exe
2792	zVDayyh.exe
2816	wCAAJXZ.exe
324	IeuRdjX.exe
3028	kkJrzgv.exe
772	mFCCwFP.exe
576	xthOoBu.exe
2104	BZkARoQ.exe
2480	BEYRsKo.exe
2556	tlFayuY.exe
2020	NsLcnDB.exe
1236	QLoxpkX.exe

Loads dropped DLL 64 IoCs

pid	Process
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2724-1-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000b000000012259-6.dat	upx
behavioral1/memory/2820-9-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0008000000015d75-10.dat	upx
behavioral1/memory/2600-15-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2612-24-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0008000000015d7f-20.dat	upx
behavioral1/files/0x0007000000015e47-29.dat	upx
behavioral1/files/0x0008000000015dc3-28.dat	upx
behavioral1/files/0x0007000000015f1b-33.dat	upx
behavioral1/files/0x0007000000015f2a-40.dat	upx
behavioral1/files/0x00080000000160d5-44.dat	upx
behavioral1/files/0x000500000001925c-79.dat	upx
behavioral1/files/0x0005000000019346-104.dat	upx
behavioral1/files/0x00050000000193c9-124.dat	upx
behavioral1/files/0x00050000000193af-119.dat	upx
behavioral1/files/0x0005000000019494-141.dat	upx
behavioral1/files/0x00050000000193f8-130.dat	upx
behavioral1/memory/2612-828-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2724-299-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-185.dat	upx
behavioral1/files/0x0031000000015d5c-180.dat	upx
behavioral1/files/0x00050000000194a7-171.dat	upx
behavioral1/files/0x0005000000019408-170.dat	upx
behavioral1/memory/2576-169-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2620-168-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x00050000000194b4-176.dat	upx
behavioral1/memory/1964-166-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2252-164-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/828-162-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/924-160-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/864-158-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/532-154-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2024-152-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-150.dat	upx
behavioral1/memory/2144-148-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2644-137-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00050000000193a2-114.dat	upx
behavioral1/files/0x0005000000019384-109.dat	upx
behavioral1/files/0x000500000001933e-99.dat	upx
behavioral1/files/0x000500000001932a-94.dat	upx
behavioral1/files/0x00050000000192f0-89.dat	upx
behavioral1/files/0x0005000000019273-84.dat	upx
behavioral1/files/0x0005000000019241-74.dat	upx
behavioral1/files/0x0005000000019234-69.dat	upx
behavioral1/files/0x0005000000019228-64.dat	upx
behavioral1/files/0x000500000001920f-59.dat	upx
behavioral1/files/0x000600000001903d-54.dat	upx
behavioral1/files/0x0006000000019030-49.dat	upx
behavioral1/memory/2820-3976-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2600-3977-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2576-3978-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2620-3979-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2644-3980-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/864-3981-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2024-3984-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/532-3983-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2144-3982-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/924-3985-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/828-3986-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2252-3988-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1964-3987-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2612-3989-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RVPUWxP.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\CYFiKkx.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\UNElMXt.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\FAaJUHW.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\WVmThbg.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\tJWAirK.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\vFmKSry.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\PTWetOb.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\DYoIhoO.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\JTkzKDB.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\XdyCONv.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\yIhYntY.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\SctXkWW.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\WdAsamD.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\VhsMkCb.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\DLiwZPl.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\HUKFeAB.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\jflWENy.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\tgYZyCP.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\GRQYNUQ.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\ZlOVXQb.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\pIQRAjI.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\meJrfiz.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\BavamLg.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\ZSgNNLr.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\uwJXjDW.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\WVWOyak.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\gFIQIMp.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\FTXcdHr.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\GMVtVbH.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\OQwmCVv.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\OqupvoL.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\RXDadfk.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\TdErTha.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\xdYsfLA.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\zVDayyh.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\tbGwhSx.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\aogGDPy.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\Yercgdl.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\qDvgmxm.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\hDVUHuv.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\SaGuzpc.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\inDMkCR.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\yWHAoSb.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\kbwBqlp.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\DOlavFI.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\uLLnUTL.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\UFYZCDU.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\xthOoBu.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\PQqxVRp.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\NSpURCR.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\vmnMvEb.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\OWRfNUV.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\lxsTmxT.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\oZkpPWF.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\XaXNijW.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\kAFsgxI.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\wgQziiN.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\lXorDba.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\uenlhJA.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\rlrnkGF.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\QFuJuki.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\VweOTPz.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
File created	C:\Windows\System\QnDAGPh.exe	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2820	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	31
PID 2724 wrote to memory of 2820	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	31
PID 2724 wrote to memory of 2820	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	31
PID 2724 wrote to memory of 2600	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	32
PID 2724 wrote to memory of 2600	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	32
PID 2724 wrote to memory of 2600	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	32
PID 2724 wrote to memory of 2612	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	33
PID 2724 wrote to memory of 2612	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	33
PID 2724 wrote to memory of 2612	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	33
PID 2724 wrote to memory of 2620	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	34
PID 2724 wrote to memory of 2620	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	34
PID 2724 wrote to memory of 2620	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	34
PID 2724 wrote to memory of 2576	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	35
PID 2724 wrote to memory of 2576	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	35
PID 2724 wrote to memory of 2576	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	35
PID 2724 wrote to memory of 2644	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	36
PID 2724 wrote to memory of 2644	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	36
PID 2724 wrote to memory of 2644	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	36
PID 2724 wrote to memory of 2144	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	37
PID 2724 wrote to memory of 2144	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	37
PID 2724 wrote to memory of 2144	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	37
PID 2724 wrote to memory of 2024	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	38
PID 2724 wrote to memory of 2024	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	38
PID 2724 wrote to memory of 2024	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	38
PID 2724 wrote to memory of 532	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	39
PID 2724 wrote to memory of 532	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	39
PID 2724 wrote to memory of 532	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	39
PID 2724 wrote to memory of 864	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	40
PID 2724 wrote to memory of 864	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	40
PID 2724 wrote to memory of 864	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	40
PID 2724 wrote to memory of 924	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	41
PID 2724 wrote to memory of 924	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	41
PID 2724 wrote to memory of 924	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	41
PID 2724 wrote to memory of 828	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	42
PID 2724 wrote to memory of 828	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	42
PID 2724 wrote to memory of 828	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	42
PID 2724 wrote to memory of 2252	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	43
PID 2724 wrote to memory of 2252	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	43
PID 2724 wrote to memory of 2252	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	43
PID 2724 wrote to memory of 1964	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	44
PID 2724 wrote to memory of 1964	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	44
PID 2724 wrote to memory of 1964	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	44
PID 2724 wrote to memory of 2064	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	45
PID 2724 wrote to memory of 2064	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	45
PID 2724 wrote to memory of 2064	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	45
PID 2724 wrote to memory of 2276	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	46
PID 2724 wrote to memory of 2276	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	46
PID 2724 wrote to memory of 2276	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	46
PID 2724 wrote to memory of 2880	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	47
PID 2724 wrote to memory of 2880	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	47
PID 2724 wrote to memory of 2880	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	47
PID 2724 wrote to memory of 308	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	48
PID 2724 wrote to memory of 308	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	48
PID 2724 wrote to memory of 308	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	48
PID 2724 wrote to memory of 1720	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	49
PID 2724 wrote to memory of 1720	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	49
PID 2724 wrote to memory of 1720	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	49
PID 2724 wrote to memory of 1084	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	50
PID 2724 wrote to memory of 1084	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	50
PID 2724 wrote to memory of 1084	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	50
PID 2724 wrote to memory of 2752	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	51
PID 2724 wrote to memory of 2752	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	51
PID 2724 wrote to memory of 2752	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	51
PID 2724 wrote to memory of 2920	2724	JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2fc7608f36e78015fd55bb63ccf9b11bf3699950abbcc338b12f476370c2e374.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\System\yAtmOjk.exe
  C:\Windows\System\yAtmOjk.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\uRbpIcp.exe
  C:\Windows\System\uRbpIcp.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\PubmpZO.exe
  C:\Windows\System\PubmpZO.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\WdAsamD.exe
  C:\Windows\System\WdAsamD.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\oZkpPWF.exe
  C:\Windows\System\oZkpPWF.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\YBPuXmo.exe
  C:\Windows\System\YBPuXmo.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\wSYhAXN.exe
  C:\Windows\System\wSYhAXN.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\rOdRTsn.exe
  C:\Windows\System\rOdRTsn.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\hkFdThG.exe
  C:\Windows\System\hkFdThG.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\fXvgSqr.exe
  C:\Windows\System\fXvgSqr.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\RyzauFM.exe
  C:\Windows\System\RyzauFM.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\OWgAxWg.exe
  C:\Windows\System\OWgAxWg.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\yuzQweZ.exe
  C:\Windows\System\yuzQweZ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\mKyYAow.exe
  C:\Windows\System\mKyYAow.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\VUmRKQD.exe
  C:\Windows\System\VUmRKQD.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zWvoUhd.exe
  C:\Windows\System\zWvoUhd.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ZnjLMva.exe
  C:\Windows\System\ZnjLMva.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\whkDgQq.exe
  C:\Windows\System\whkDgQq.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\GCaNYzo.exe
  C:\Windows\System\GCaNYzo.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\soBpNbq.exe
  C:\Windows\System\soBpNbq.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\sqUMNvy.exe
  C:\Windows\System\sqUMNvy.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\uenlhJA.exe
  C:\Windows\System\uenlhJA.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\RGWQYcf.exe
  C:\Windows\System\RGWQYcf.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\aZSfMEE.exe
  C:\Windows\System\aZSfMEE.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\RRSdPDr.exe
  C:\Windows\System\RRSdPDr.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\XaXNijW.exe
  C:\Windows\System\XaXNijW.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hYqsVFS.exe
  C:\Windows\System\hYqsVFS.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\hDlCZJG.exe
  C:\Windows\System\hDlCZJG.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\xGxBipQ.exe
  C:\Windows\System\xGxBipQ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\qaXBSXj.exe
  C:\Windows\System\qaXBSXj.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KTICTEO.exe
  C:\Windows\System\KTICTEO.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\cSDZHKq.exe
  C:\Windows\System\cSDZHKq.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\rxsbVeH.exe
  C:\Windows\System\rxsbVeH.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\dlgEiQS.exe
  C:\Windows\System\dlgEiQS.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\fJDIXOT.exe
  C:\Windows\System\fJDIXOT.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\jBmTuzO.exe
  C:\Windows\System\jBmTuzO.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\jQJVQJL.exe
  C:\Windows\System\jQJVQJL.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\xVaVIBR.exe
  C:\Windows\System\xVaVIBR.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\UCCvOzp.exe
  C:\Windows\System\UCCvOzp.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\gFZDmCT.exe
  C:\Windows\System\gFZDmCT.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\wFuGONd.exe
  C:\Windows\System\wFuGONd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\yYtfnQV.exe
  C:\Windows\System\yYtfnQV.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\sCeOjUR.exe
  C:\Windows\System\sCeOjUR.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\tptCYAJ.exe
  C:\Windows\System\tptCYAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\FCiEZdS.exe
  C:\Windows\System\FCiEZdS.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\atseGIn.exe
  C:\Windows\System\atseGIn.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\MdUFtfG.exe
  C:\Windows\System\MdUFtfG.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\dEOBoZu.exe
  C:\Windows\System\dEOBoZu.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\mvUakgC.exe
  C:\Windows\System\mvUakgC.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\YgOynuS.exe
  C:\Windows\System\YgOynuS.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\btoIHsB.exe
  C:\Windows\System\btoIHsB.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\SAeKywK.exe
  C:\Windows\System\SAeKywK.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\lYfLFgA.exe
  C:\Windows\System\lYfLFgA.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\zVDayyh.exe
  C:\Windows\System\zVDayyh.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\wCAAJXZ.exe
  C:\Windows\System\wCAAJXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IeuRdjX.exe
  C:\Windows\System\IeuRdjX.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\kkJrzgv.exe
  C:\Windows\System\kkJrzgv.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\mFCCwFP.exe
  C:\Windows\System\mFCCwFP.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\xthOoBu.exe
  C:\Windows\System\xthOoBu.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\BZkARoQ.exe
  C:\Windows\System\BZkARoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\BEYRsKo.exe
  C:\Windows\System\BEYRsKo.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\tlFayuY.exe
  C:\Windows\System\tlFayuY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\NsLcnDB.exe
  C:\Windows\System\NsLcnDB.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\QLoxpkX.exe
  C:\Windows\System\QLoxpkX.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\mGwhSHc.exe
  C:\Windows\System\mGwhSHc.exe
  2⤵
  PID:2856
- C:\Windows\System\KoXduWB.exe
  C:\Windows\System\KoXduWB.exe
  2⤵
  PID:108
- C:\Windows\System\RyZCDAm.exe
  C:\Windows\System\RyZCDAm.exe
  2⤵
  PID:2668
- C:\Windows\System\CMhPYBf.exe
  C:\Windows\System\CMhPYBf.exe
  2⤵
  PID:1456
- C:\Windows\System\zJOZzMx.exe
  C:\Windows\System\zJOZzMx.exe
  2⤵
  PID:2396
- C:\Windows\System\jRaqLfv.exe
  C:\Windows\System\jRaqLfv.exe
  2⤵
  PID:1808
- C:\Windows\System\MIQyoRh.exe
  C:\Windows\System\MIQyoRh.exe
  2⤵
  PID:2504
- C:\Windows\System\GcgQSKn.exe
  C:\Windows\System\GcgQSKn.exe
  2⤵
  PID:1944
- C:\Windows\System\pWoqAQj.exe
  C:\Windows\System\pWoqAQj.exe
  2⤵
  PID:1328
- C:\Windows\System\rJVDoLn.exe
  C:\Windows\System\rJVDoLn.exe
  2⤵
  PID:1932
- C:\Windows\System\csxQVbn.exe
  C:\Windows\System\csxQVbn.exe
  2⤵
  PID:1564
- C:\Windows\System\QIHsoAP.exe
  C:\Windows\System\QIHsoAP.exe
  2⤵
  PID:1692
- C:\Windows\System\KUToNtR.exe
  C:\Windows\System\KUToNtR.exe
  2⤵
  PID:2472
- C:\Windows\System\gpvzDQM.exe
  C:\Windows\System\gpvzDQM.exe
  2⤵
  PID:760
- C:\Windows\System\KgIRVzL.exe
  C:\Windows\System\KgIRVzL.exe
  2⤵
  PID:2112
- C:\Windows\System\OpbroLZ.exe
  C:\Windows\System\OpbroLZ.exe
  2⤵
  PID:2452
- C:\Windows\System\TuoFbiA.exe
  C:\Windows\System\TuoFbiA.exe
  2⤵
  PID:392
- C:\Windows\System\fkekGbl.exe
  C:\Windows\System\fkekGbl.exe
  2⤵
  PID:1784
- C:\Windows\System\FEdBHqJ.exe
  C:\Windows\System\FEdBHqJ.exe
  2⤵
  PID:336
- C:\Windows\System\wBOYrQl.exe
  C:\Windows\System\wBOYrQl.exe
  2⤵
  PID:2832
- C:\Windows\System\lNfQsGE.exe
  C:\Windows\System\lNfQsGE.exe
  2⤵
  PID:1596
- C:\Windows\System\nrLPDBF.exe
  C:\Windows\System\nrLPDBF.exe
  2⤵
  PID:3044
- C:\Windows\System\keFwkSK.exe
  C:\Windows\System\keFwkSK.exe
  2⤵
  PID:3020
- C:\Windows\System\sCXATrs.exe
  C:\Windows\System\sCXATrs.exe
  2⤵
  PID:776
- C:\Windows\System\QdfqPXH.exe
  C:\Windows\System\QdfqPXH.exe
  2⤵
  PID:1440
- C:\Windows\System\zhUiICd.exe
  C:\Windows\System\zhUiICd.exe
  2⤵
  PID:2260
- C:\Windows\System\ornJNKk.exe
  C:\Windows\System\ornJNKk.exe
  2⤵
  PID:2552
- C:\Windows\System\PfehELo.exe
  C:\Windows\System\PfehELo.exe
  2⤵
  PID:2100
- C:\Windows\System\UTLjTqL.exe
  C:\Windows\System\UTLjTqL.exe
  2⤵
  PID:1188
- C:\Windows\System\PyTIAXG.exe
  C:\Windows\System\PyTIAXG.exe
  2⤵
  PID:2076
- C:\Windows\System\GQPJRbZ.exe
  C:\Windows\System\GQPJRbZ.exe
  2⤵
  PID:3060
- C:\Windows\System\sctZMZs.exe
  C:\Windows\System\sctZMZs.exe
  2⤵
  PID:2528
- C:\Windows\System\ZjYqZKt.exe
  C:\Windows\System\ZjYqZKt.exe
  2⤵
  PID:824
- C:\Windows\System\RRGZBUR.exe
  C:\Windows\System\RRGZBUR.exe
  2⤵
  PID:1556
- C:\Windows\System\gRsZdrP.exe
  C:\Windows\System\gRsZdrP.exe
  2⤵
  PID:2808
- C:\Windows\System\CfFWjbI.exe
  C:\Windows\System\CfFWjbI.exe
  2⤵
  PID:1816
- C:\Windows\System\MPXUUDh.exe
  C:\Windows\System\MPXUUDh.exe
  2⤵
  PID:2448
- C:\Windows\System\aUiYoDq.exe
  C:\Windows\System\aUiYoDq.exe
  2⤵
  PID:792
- C:\Windows\System\MxiOkQx.exe
  C:\Windows\System\MxiOkQx.exe
  2⤵
  PID:2524
- C:\Windows\System\fbGzbNX.exe
  C:\Windows\System\fbGzbNX.exe
  2⤵
  PID:1500
- C:\Windows\System\EdMtgKC.exe
  C:\Windows\System\EdMtgKC.exe
  2⤵
  PID:1252
- C:\Windows\System\UejwwYL.exe
  C:\Windows\System\UejwwYL.exe
  2⤵
  PID:2468
- C:\Windows\System\xUFbxtN.exe
  C:\Windows\System\xUFbxtN.exe
  2⤵
  PID:3004
- C:\Windows\System\zFzfpdo.exe
  C:\Windows\System\zFzfpdo.exe
  2⤵
  PID:2228
- C:\Windows\System\kglhMOa.exe
  C:\Windows\System\kglhMOa.exe
  2⤵
  PID:2292
- C:\Windows\System\QVggnmf.exe
  C:\Windows\System\QVggnmf.exe
  2⤵
  PID:1652
- C:\Windows\System\UlvxkEE.exe
  C:\Windows\System\UlvxkEE.exe
  2⤵
  PID:2864
- C:\Windows\System\Slzjyvf.exe
  C:\Windows\System\Slzjyvf.exe
  2⤵
  PID:1952
- C:\Windows\System\TymMbYd.exe
  C:\Windows\System\TymMbYd.exe
  2⤵
  PID:2844
- C:\Windows\System\vDyFpLI.exe
  C:\Windows\System\vDyFpLI.exe
  2⤵
  PID:804
- C:\Windows\System\GPxxngG.exe
  C:\Windows\System\GPxxngG.exe
  2⤵
  PID:2008
- C:\Windows\System\KJlSopk.exe
  C:\Windows\System\KJlSopk.exe
  2⤵
  PID:2512
- C:\Windows\System\wpSqvqX.exe
  C:\Windows\System\wpSqvqX.exe
  2⤵
  PID:1600
- C:\Windows\System\OZtskHo.exe
  C:\Windows\System\OZtskHo.exe
  2⤵
  PID:2360
- C:\Windows\System\zTOjLYt.exe
  C:\Windows\System\zTOjLYt.exe
  2⤵
  PID:2332
- C:\Windows\System\StxnssW.exe
  C:\Windows\System\StxnssW.exe
  2⤵
  PID:2912
- C:\Windows\System\wCxeZGr.exe
  C:\Windows\System\wCxeZGr.exe
  2⤵
  PID:3076
- C:\Windows\System\FPTaiYs.exe
  C:\Windows\System\FPTaiYs.exe
  2⤵
  PID:3092
- C:\Windows\System\CznqXoR.exe
  C:\Windows\System\CznqXoR.exe
  2⤵
  PID:3116
- C:\Windows\System\zCdRpxG.exe
  C:\Windows\System\zCdRpxG.exe
  2⤵
  PID:3132
- C:\Windows\System\PqxYetW.exe
  C:\Windows\System\PqxYetW.exe
  2⤵
  PID:3156
- C:\Windows\System\OnsQnor.exe
  C:\Windows\System\OnsQnor.exe
  2⤵
  PID:3176
- C:\Windows\System\QYXndWF.exe
  C:\Windows\System\QYXndWF.exe
  2⤵
  PID:3196
- C:\Windows\System\ufRUJqe.exe
  C:\Windows\System\ufRUJqe.exe
  2⤵
  PID:3212
- C:\Windows\System\HodRyET.exe
  C:\Windows\System\HodRyET.exe
  2⤵
  PID:3236
- C:\Windows\System\WMDzlrT.exe
  C:\Windows\System\WMDzlrT.exe
  2⤵
  PID:3252
- C:\Windows\System\KrNAOiq.exe
  C:\Windows\System\KrNAOiq.exe
  2⤵
  PID:3276
- C:\Windows\System\cCCqdKH.exe
  C:\Windows\System\cCCqdKH.exe
  2⤵
  PID:3296
- C:\Windows\System\KukOWWg.exe
  C:\Windows\System\KukOWWg.exe
  2⤵
  PID:3316
- C:\Windows\System\PMPlmlj.exe
  C:\Windows\System\PMPlmlj.exe
  2⤵
  PID:3332
- C:\Windows\System\JZLKNIp.exe
  C:\Windows\System\JZLKNIp.exe
  2⤵
  PID:3356
- C:\Windows\System\QDDprHz.exe
  C:\Windows\System\QDDprHz.exe
  2⤵
  PID:3372
- C:\Windows\System\hYJvwkg.exe
  C:\Windows\System\hYJvwkg.exe
  2⤵
  PID:3392
- C:\Windows\System\rlrnkGF.exe
  C:\Windows\System\rlrnkGF.exe
  2⤵
  PID:3416
- C:\Windows\System\HoAFHXk.exe
  C:\Windows\System\HoAFHXk.exe
  2⤵
  PID:3436
- C:\Windows\System\PZIcDom.exe
  C:\Windows\System\PZIcDom.exe
  2⤵
  PID:3452
- C:\Windows\System\NDoelgZ.exe
  C:\Windows\System\NDoelgZ.exe
  2⤵
  PID:3476
- C:\Windows\System\XiDzVIs.exe
  C:\Windows\System\XiDzVIs.exe
  2⤵
  PID:3496
- C:\Windows\System\FYwJIEY.exe
  C:\Windows\System\FYwJIEY.exe
  2⤵
  PID:3516
- C:\Windows\System\hNwlEQU.exe
  C:\Windows\System\hNwlEQU.exe
  2⤵
  PID:3536
- C:\Windows\System\eIvMSiW.exe
  C:\Windows\System\eIvMSiW.exe
  2⤵
  PID:3556
- C:\Windows\System\GjRIRqW.exe
  C:\Windows\System\GjRIRqW.exe
  2⤵
  PID:3572
- C:\Windows\System\PCVbchd.exe
  C:\Windows\System\PCVbchd.exe
  2⤵
  PID:3592
- C:\Windows\System\bKSIdGC.exe
  C:\Windows\System\bKSIdGC.exe
  2⤵
  PID:3612
- C:\Windows\System\BNHyZYx.exe
  C:\Windows\System\BNHyZYx.exe
  2⤵
  PID:3632
- C:\Windows\System\RWidlmz.exe
  C:\Windows\System\RWidlmz.exe
  2⤵
  PID:3652
- C:\Windows\System\xBaRNOK.exe
  C:\Windows\System\xBaRNOK.exe
  2⤵
  PID:3672
- C:\Windows\System\CZtfTqC.exe
  C:\Windows\System\CZtfTqC.exe
  2⤵
  PID:3688
- C:\Windows\System\YRzzvfg.exe
  C:\Windows\System\YRzzvfg.exe
  2⤵
  PID:3708
- C:\Windows\System\DRWhpVg.exe
  C:\Windows\System\DRWhpVg.exe
  2⤵
  PID:3728
- C:\Windows\System\jnVMHth.exe
  C:\Windows\System\jnVMHth.exe
  2⤵
  PID:3748
- C:\Windows\System\pmuhOfq.exe
  C:\Windows\System\pmuhOfq.exe
  2⤵
  PID:3764
- C:\Windows\System\uKeHlqF.exe
  C:\Windows\System\uKeHlqF.exe
  2⤵
  PID:3800
- C:\Windows\System\mmNUyzN.exe
  C:\Windows\System\mmNUyzN.exe
  2⤵
  PID:3820
- C:\Windows\System\jUpoLjj.exe
  C:\Windows\System\jUpoLjj.exe
  2⤵
  PID:3840
- C:\Windows\System\BWCfIbg.exe
  C:\Windows\System\BWCfIbg.exe
  2⤵
  PID:3856
- C:\Windows\System\ZsHuBUH.exe
  C:\Windows\System\ZsHuBUH.exe
  2⤵
  PID:3880
- C:\Windows\System\FaFAtCn.exe
  C:\Windows\System\FaFAtCn.exe
  2⤵
  PID:3900
- C:\Windows\System\ZjqYtvC.exe
  C:\Windows\System\ZjqYtvC.exe
  2⤵
  PID:3920
- C:\Windows\System\HIroIcy.exe
  C:\Windows\System\HIroIcy.exe
  2⤵
  PID:3936
- C:\Windows\System\QfmYhMR.exe
  C:\Windows\System\QfmYhMR.exe
  2⤵
  PID:3956
- C:\Windows\System\qnZUzRY.exe
  C:\Windows\System\qnZUzRY.exe
  2⤵
  PID:3976
- C:\Windows\System\iIbUueO.exe
  C:\Windows\System\iIbUueO.exe
  2⤵
  PID:3996
- C:\Windows\System\GDMOYLC.exe
  C:\Windows\System\GDMOYLC.exe
  2⤵
  PID:4012
- C:\Windows\System\CMkwaBg.exe
  C:\Windows\System\CMkwaBg.exe
  2⤵
  PID:4036
- C:\Windows\System\ugSsnrC.exe
  C:\Windows\System\ugSsnrC.exe
  2⤵
  PID:4056
- C:\Windows\System\aqYWWxT.exe
  C:\Windows\System\aqYWWxT.exe
  2⤵
  PID:4076
- C:\Windows\System\bAsNVzY.exe
  C:\Windows\System\bAsNVzY.exe
  2⤵
  PID:4092
- C:\Windows\System\vkEMACF.exe
  C:\Windows\System\vkEMACF.exe
  2⤵
  PID:2268
- C:\Windows\System\ENMBzhL.exe
  C:\Windows\System\ENMBzhL.exe
  2⤵
  PID:2352
- C:\Windows\System\yooJzNr.exe
  C:\Windows\System\yooJzNr.exe
  2⤵
  PID:1804
- C:\Windows\System\aQQcuLL.exe
  C:\Windows\System\aQQcuLL.exe
  2⤵
  PID:2488
- C:\Windows\System\dIjzZZa.exe
  C:\Windows\System\dIjzZZa.exe
  2⤵
  PID:3100
- C:\Windows\System\ZsnBFEA.exe
  C:\Windows\System\ZsnBFEA.exe
  2⤵
  PID:3148
- C:\Windows\System\nRfQxoZ.exe
  C:\Windows\System\nRfQxoZ.exe
  2⤵
  PID:3188
- C:\Windows\System\vFmKSry.exe
  C:\Windows\System\vFmKSry.exe
  2⤵
  PID:3232
- C:\Windows\System\eXaDjQd.exe
  C:\Windows\System\eXaDjQd.exe
  2⤵
  PID:3208
- C:\Windows\System\sEFfSFU.exe
  C:\Windows\System\sEFfSFU.exe
  2⤵
  PID:3272
- C:\Windows\System\dMnSNuZ.exe
  C:\Windows\System\dMnSNuZ.exe
  2⤵
  PID:3292
- C:\Windows\System\swJElwf.exe
  C:\Windows\System\swJElwf.exe
  2⤵
  PID:3344
- C:\Windows\System\FzQVnmF.exe
  C:\Windows\System\FzQVnmF.exe
  2⤵
  PID:3380
- C:\Windows\System\qdZYhyY.exe
  C:\Windows\System\qdZYhyY.exe
  2⤵
  PID:3424
- C:\Windows\System\HihMnrL.exe
  C:\Windows\System\HihMnrL.exe
  2⤵
  PID:3368
- C:\Windows\System\aDAjyYV.exe
  C:\Windows\System\aDAjyYV.exe
  2⤵
  PID:3504
- C:\Windows\System\tZellic.exe
  C:\Windows\System\tZellic.exe
  2⤵
  PID:3484
- C:\Windows\System\akCCnIr.exe
  C:\Windows\System\akCCnIr.exe
  2⤵
  PID:3588
- C:\Windows\System\kEeiCSC.exe
  C:\Windows\System\kEeiCSC.exe
  2⤵
  PID:3624
- C:\Windows\System\MkMdPzI.exe
  C:\Windows\System\MkMdPzI.exe
  2⤵
  PID:3524
- C:\Windows\System\JJWllmc.exe
  C:\Windows\System\JJWllmc.exe
  2⤵
  PID:3700
- C:\Windows\System\GisDDnE.exe
  C:\Windows\System\GisDDnE.exe
  2⤵
  PID:3604
- C:\Windows\System\HlJdbEM.exe
  C:\Windows\System\HlJdbEM.exe
  2⤵
  PID:3640
- C:\Windows\System\bnoNJcf.exe
  C:\Windows\System\bnoNJcf.exe
  2⤵
  PID:3684
- C:\Windows\System\wFzaySq.exe
  C:\Windows\System\wFzaySq.exe
  2⤵
  PID:3756
- C:\Windows\System\BqLZRAn.exe
  C:\Windows\System\BqLZRAn.exe
  2⤵
  PID:3784
- C:\Windows\System\MqEDlVz.exe
  C:\Windows\System\MqEDlVz.exe
  2⤵
  PID:3868
- C:\Windows\System\HYDxqGd.exe
  C:\Windows\System\HYDxqGd.exe
  2⤵
  PID:3816
- C:\Windows\System\sBJcQNz.exe
  C:\Windows\System\sBJcQNz.exe
  2⤵
  PID:3944
- C:\Windows\System\DyWCSpS.exe
  C:\Windows\System\DyWCSpS.exe
  2⤵
  PID:3852
- C:\Windows\System\SdrbSHn.exe
  C:\Windows\System\SdrbSHn.exe
  2⤵
  PID:2608
- C:\Windows\System\MeYDVYW.exe
  C:\Windows\System\MeYDVYW.exe
  2⤵
  PID:4032
- C:\Windows\System\zDlziFj.exe
  C:\Windows\System\zDlziFj.exe
  2⤵
  PID:3932
- C:\Windows\System\sraLDSx.exe
  C:\Windows\System\sraLDSx.exe
  2⤵
  PID:3968
- C:\Windows\System\uOTBGSB.exe
  C:\Windows\System\uOTBGSB.exe
  2⤵
  PID:868
- C:\Windows\System\TWNNrIx.exe
  C:\Windows\System\TWNNrIx.exe
  2⤵
  PID:4084
- C:\Windows\System\XeZWgfB.exe
  C:\Windows\System\XeZWgfB.exe
  2⤵
  PID:2420
- C:\Windows\System\cgMFBIq.exe
  C:\Windows\System\cgMFBIq.exe
  2⤵
  PID:2572
- C:\Windows\System\cBVPCWE.exe
  C:\Windows\System\cBVPCWE.exe
  2⤵
  PID:3108
- C:\Windows\System\mVIMnFS.exe
  C:\Windows\System\mVIMnFS.exe
  2⤵
  PID:1852
- C:\Windows\System\hVfmwlU.exe
  C:\Windows\System\hVfmwlU.exe
  2⤵
  PID:3328
- C:\Windows\System\SZIQPQl.exe
  C:\Windows\System\SZIQPQl.exe
  2⤵
  PID:3428
- C:\Windows\System\PTWetOb.exe
  C:\Windows\System\PTWetOb.exe
  2⤵
  PID:3268
- C:\Windows\System\zRLgRvi.exe
  C:\Windows\System\zRLgRvi.exe
  2⤵
  PID:3308
- C:\Windows\System\mfNEbdF.exe
  C:\Windows\System\mfNEbdF.exe
  2⤵
  PID:3468
- C:\Windows\System\OKMiPms.exe
  C:\Windows\System\OKMiPms.exe
  2⤵
  PID:3464
- C:\Windows\System\RIPBDjE.exe
  C:\Windows\System\RIPBDjE.exe
  2⤵
  PID:3548
- C:\Windows\System\moABwom.exe
  C:\Windows\System\moABwom.exe
  2⤵
  PID:3660
- C:\Windows\System\HNdBuVG.exe
  C:\Windows\System\HNdBuVG.exe
  2⤵
  PID:3776
- C:\Windows\System\mljUUFd.exe
  C:\Windows\System\mljUUFd.exe
  2⤵
  PID:3716
- C:\Windows\System\qshXEQD.exe
  C:\Windows\System\qshXEQD.exe
  2⤵
  PID:3792
- C:\Windows\System\JalDcnY.exe
  C:\Windows\System\JalDcnY.exe
  2⤵
  PID:3916
- C:\Windows\System\vpdFkae.exe
  C:\Windows\System\vpdFkae.exe
  2⤵
  PID:4028
- C:\Windows\System\AoBGzcn.exe
  C:\Windows\System\AoBGzcn.exe
  2⤵
  PID:3808
- C:\Windows\System\emcKjqr.exe
  C:\Windows\System\emcKjqr.exe
  2⤵
  PID:3992
- C:\Windows\System\NpnfISh.exe
  C:\Windows\System\NpnfISh.exe
  2⤵
  PID:3892
- C:\Windows\System\kAxrEQL.exe
  C:\Windows\System\kAxrEQL.exe
  2⤵
  PID:2540
- C:\Windows\System\WYqfphT.exe
  C:\Windows\System\WYqfphT.exe
  2⤵
  PID:3168
- C:\Windows\System\qGczMJQ.exe
  C:\Windows\System\qGczMJQ.exe
  2⤵
  PID:4048
- C:\Windows\System\ksizkBT.exe
  C:\Windows\System\ksizkBT.exe
  2⤵
  PID:3128
- C:\Windows\System\RjgrgRb.exe
  C:\Windows\System\RjgrgRb.exe
  2⤵
  PID:3620
- C:\Windows\System\PvBBXpd.exe
  C:\Windows\System\PvBBXpd.exe
  2⤵
  PID:2588
- C:\Windows\System\eWjwzsc.exe
  C:\Windows\System\eWjwzsc.exe
  2⤵
  PID:3744
- C:\Windows\System\xKbvaqE.exe
  C:\Windows\System\xKbvaqE.exe
  2⤵
  PID:3508
- C:\Windows\System\BhziOti.exe
  C:\Windows\System\BhziOti.exe
  2⤵
  PID:4072
- C:\Windows\System\mjFHvNU.exe
  C:\Windows\System\mjFHvNU.exe
  2⤵
  PID:2004
- C:\Windows\System\ZSgNNLr.exe
  C:\Windows\System\ZSgNNLr.exe
  2⤵
  PID:748
- C:\Windows\System\uwJXjDW.exe
  C:\Windows\System\uwJXjDW.exe
  2⤵
  PID:3284
- C:\Windows\System\BFquPKL.exe
  C:\Windows\System\BFquPKL.exe
  2⤵
  PID:3720
- C:\Windows\System\DlhYqXr.exe
  C:\Windows\System\DlhYqXr.exe
  2⤵
  PID:3348
- C:\Windows\System\ZBGpgHb.exe
  C:\Windows\System\ZBGpgHb.exe
  2⤵
  PID:3664
- C:\Windows\System\msyOPvK.exe
  C:\Windows\System\msyOPvK.exe
  2⤵
  PID:624
- C:\Windows\System\ETeygxt.exe
  C:\Windows\System\ETeygxt.exe
  2⤵
  PID:3796
- C:\Windows\System\XbIFwYF.exe
  C:\Windows\System\XbIFwYF.exe
  2⤵
  PID:3492
- C:\Windows\System\bkChjGW.exe
  C:\Windows\System\bkChjGW.exe
  2⤵
  PID:3472
- C:\Windows\System\JIdeIvn.exe
  C:\Windows\System\JIdeIvn.exe
  2⤵
  PID:3772
- C:\Windows\System\fDuAAam.exe
  C:\Windows\System\fDuAAam.exe
  2⤵
  PID:3908
- C:\Windows\System\LpLgGby.exe
  C:\Windows\System\LpLgGby.exe
  2⤵
  PID:4008
- C:\Windows\System\HSgoBZo.exe
  C:\Windows\System\HSgoBZo.exe
  2⤵
  PID:3736
- C:\Windows\System\MTedSjc.exe
  C:\Windows\System\MTedSjc.exe
  2⤵
  PID:3704
- C:\Windows\System\WCoQzbQ.exe
  C:\Windows\System\WCoQzbQ.exe
  2⤵
  PID:3544
- C:\Windows\System\XEfcvwL.exe
  C:\Windows\System\XEfcvwL.exe
  2⤵
  PID:1044
- C:\Windows\System\WHgingU.exe
  C:\Windows\System\WHgingU.exe
  2⤵
  PID:444
- C:\Windows\System\ueytHLQ.exe
  C:\Windows\System\ueytHLQ.exe
  2⤵
  PID:2084
- C:\Windows\System\ZkFExJx.exe
  C:\Windows\System\ZkFExJx.exe
  2⤵
  PID:1472
- C:\Windows\System\soWVByM.exe
  C:\Windows\System\soWVByM.exe
  2⤵
  PID:3288
- C:\Windows\System\jotEqEA.exe
  C:\Windows\System\jotEqEA.exe
  2⤵
  PID:3928
- C:\Windows\System\tbGwhSx.exe
  C:\Windows\System\tbGwhSx.exe
  2⤵
  PID:3164
- C:\Windows\System\hgTrYay.exe
  C:\Windows\System\hgTrYay.exe
  2⤵
  PID:3964
- C:\Windows\System\lzWYPUv.exe
  C:\Windows\System\lzWYPUv.exe
  2⤵
  PID:3248
- C:\Windows\System\sBYgxat.exe
  C:\Windows\System\sBYgxat.exe
  2⤵
  PID:3836
- C:\Windows\System\tNsfWtJ.exe
  C:\Windows\System\tNsfWtJ.exe
  2⤵
  PID:1868
- C:\Windows\System\kRMxbcu.exe
  C:\Windows\System\kRMxbcu.exe
  2⤵
  PID:3696
- C:\Windows\System\eMWjdrG.exe
  C:\Windows\System\eMWjdrG.exe
  2⤵
  PID:1812
- C:\Windows\System\gATEWWR.exe
  C:\Windows\System\gATEWWR.exe
  2⤵
  PID:1032
- C:\Windows\System\bqyvbWz.exe
  C:\Windows\System\bqyvbWz.exe
  2⤵
  PID:4108
- C:\Windows\System\mZHioav.exe
  C:\Windows\System\mZHioav.exe
  2⤵
  PID:4148
- C:\Windows\System\GEDTtAm.exe
  C:\Windows\System\GEDTtAm.exe
  2⤵
  PID:4164
- C:\Windows\System\QYwVsRf.exe
  C:\Windows\System\QYwVsRf.exe
  2⤵
  PID:4180
- C:\Windows\System\cBnOPDl.exe
  C:\Windows\System\cBnOPDl.exe
  2⤵
  PID:4196
- C:\Windows\System\CPaJSKA.exe
  C:\Windows\System\CPaJSKA.exe
  2⤵
  PID:4220
- C:\Windows\System\SuQtfpI.exe
  C:\Windows\System\SuQtfpI.exe
  2⤵
  PID:4236
- C:\Windows\System\aKFZyOB.exe
  C:\Windows\System\aKFZyOB.exe
  2⤵
  PID:4252
- C:\Windows\System\kAFsgxI.exe
  C:\Windows\System\kAFsgxI.exe
  2⤵
  PID:4268
- C:\Windows\System\BzQIsWh.exe
  C:\Windows\System\BzQIsWh.exe
  2⤵
  PID:4284
- C:\Windows\System\QKkjYsY.exe
  C:\Windows\System\QKkjYsY.exe
  2⤵
  PID:4300
- C:\Windows\System\aBAPkgc.exe
  C:\Windows\System\aBAPkgc.exe
  2⤵
  PID:4316
- C:\Windows\System\silkRgF.exe
  C:\Windows\System\silkRgF.exe
  2⤵
  PID:4332
- C:\Windows\System\xpDRmYE.exe
  C:\Windows\System\xpDRmYE.exe
  2⤵
  PID:4348
- C:\Windows\System\RxXiCHA.exe
  C:\Windows\System\RxXiCHA.exe
  2⤵
  PID:4364
- C:\Windows\System\DDbAMlG.exe
  C:\Windows\System\DDbAMlG.exe
  2⤵
  PID:4380
- C:\Windows\System\omicWCd.exe
  C:\Windows\System\omicWCd.exe
  2⤵
  PID:4396
- C:\Windows\System\telpwsN.exe
  C:\Windows\System\telpwsN.exe
  2⤵
  PID:4468
- C:\Windows\System\czukGMi.exe
  C:\Windows\System\czukGMi.exe
  2⤵
  PID:4488
- C:\Windows\System\HiQqBKj.exe
  C:\Windows\System\HiQqBKj.exe
  2⤵
  PID:4504
- C:\Windows\System\krAODXB.exe
  C:\Windows\System\krAODXB.exe
  2⤵
  PID:4524
- C:\Windows\System\aQNpnSN.exe
  C:\Windows\System\aQNpnSN.exe
  2⤵
  PID:4540
- C:\Windows\System\zTZVCpa.exe
  C:\Windows\System\zTZVCpa.exe
  2⤵
  PID:4560
- C:\Windows\System\CtzCrED.exe
  C:\Windows\System\CtzCrED.exe
  2⤵
  PID:4576
- C:\Windows\System\xsKrwVV.exe
  C:\Windows\System\xsKrwVV.exe
  2⤵
  PID:4592
- C:\Windows\System\DyxfdXx.exe
  C:\Windows\System\DyxfdXx.exe
  2⤵
  PID:4612
- C:\Windows\System\lBWHrKq.exe
  C:\Windows\System\lBWHrKq.exe
  2⤵
  PID:4628
- C:\Windows\System\HDDiyxa.exe
  C:\Windows\System\HDDiyxa.exe
  2⤵
  PID:4644
- C:\Windows\System\yzRmVZP.exe
  C:\Windows\System\yzRmVZP.exe
  2⤵
  PID:4660
- C:\Windows\System\uwVmtSq.exe
  C:\Windows\System\uwVmtSq.exe
  2⤵
  PID:4676
- C:\Windows\System\UodJRvK.exe
  C:\Windows\System\UodJRvK.exe
  2⤵
  PID:4708
- C:\Windows\System\CrLULjj.exe
  C:\Windows\System\CrLULjj.exe
  2⤵
  PID:4764
- C:\Windows\System\dcFBlOR.exe
  C:\Windows\System\dcFBlOR.exe
  2⤵
  PID:4784
- C:\Windows\System\ULEKFzi.exe
  C:\Windows\System\ULEKFzi.exe
  2⤵
  PID:4808
- C:\Windows\System\dhqZGqi.exe
  C:\Windows\System\dhqZGqi.exe
  2⤵
  PID:4824
- C:\Windows\System\qLTqKif.exe
  C:\Windows\System\qLTqKif.exe
  2⤵
  PID:4848
- C:\Windows\System\RVPUWxP.exe
  C:\Windows\System\RVPUWxP.exe
  2⤵
  PID:4868
- C:\Windows\System\iJwJdJM.exe
  C:\Windows\System\iJwJdJM.exe
  2⤵
  PID:4884
- C:\Windows\System\VTXttql.exe
  C:\Windows\System\VTXttql.exe
  2⤵
  PID:4904
- C:\Windows\System\artsRRQ.exe
  C:\Windows\System\artsRRQ.exe
  2⤵
  PID:4920
- C:\Windows\System\eycSYbV.exe
  C:\Windows\System\eycSYbV.exe
  2⤵
  PID:4936
- C:\Windows\System\hvbnHEQ.exe
  C:\Windows\System\hvbnHEQ.exe
  2⤵
  PID:4952
- C:\Windows\System\UMaQFAG.exe
  C:\Windows\System\UMaQFAG.exe
  2⤵
  PID:4968
- C:\Windows\System\kPMAsWs.exe
  C:\Windows\System\kPMAsWs.exe
  2⤵
  PID:4984
- C:\Windows\System\JmaqoWB.exe
  C:\Windows\System\JmaqoWB.exe
  2⤵
  PID:5004
- C:\Windows\System\UGnjVLR.exe
  C:\Windows\System\UGnjVLR.exe
  2⤵
  PID:5032
- C:\Windows\System\MKCywrT.exe
  C:\Windows\System\MKCywrT.exe
  2⤵
  PID:5048
- C:\Windows\System\TLjyhWf.exe
  C:\Windows\System\TLjyhWf.exe
  2⤵
  PID:5064
- C:\Windows\System\yGzHmsA.exe
  C:\Windows\System\yGzHmsA.exe
  2⤵
  PID:5080
- C:\Windows\System\HHOZSPK.exe
  C:\Windows\System\HHOZSPK.exe
  2⤵
  PID:5100
- C:\Windows\System\uAumqqU.exe
  C:\Windows\System\uAumqqU.exe
  2⤵
  PID:5116
- C:\Windows\System\ttZFYXe.exe
  C:\Windows\System\ttZFYXe.exe
  2⤵
  PID:3600
- C:\Windows\System\HpaaAXX.exe
  C:\Windows\System\HpaaAXX.exe
  2⤵
  PID:2052
- C:\Windows\System\bHaofRb.exe
  C:\Windows\System\bHaofRb.exe
  2⤵
  PID:3680
- C:\Windows\System\nQxFSom.exe
  C:\Windows\System\nQxFSom.exe
  2⤵
  PID:4128
- C:\Windows\System\nlHECwY.exe
  C:\Windows\System\nlHECwY.exe
  2⤵
  PID:4136
- C:\Windows\System\vSmTFqq.exe
  C:\Windows\System\vSmTFqq.exe
  2⤵
  PID:2640
- C:\Windows\System\ixffLEU.exe
  C:\Windows\System\ixffLEU.exe
  2⤵
  PID:4208
- C:\Windows\System\enHIxWd.exe
  C:\Windows\System\enHIxWd.exe
  2⤵
  PID:4276
- C:\Windows\System\KEqpwtU.exe
  C:\Windows\System\KEqpwtU.exe
  2⤵
  PID:4376
- C:\Windows\System\ywJfAco.exe
  C:\Windows\System\ywJfAco.exe
  2⤵
  PID:2184
- C:\Windows\System\CYFiKkx.exe
  C:\Windows\System\CYFiKkx.exe
  2⤵
  PID:4420
- C:\Windows\System\lLWmqwU.exe
  C:\Windows\System\lLWmqwU.exe
  2⤵
  PID:4444
- C:\Windows\System\CLATVzi.exe
  C:\Windows\System\CLATVzi.exe
  2⤵
  PID:4388
- C:\Windows\System\DkMnhwo.exe
  C:\Windows\System\DkMnhwo.exe
  2⤵
  PID:4412
- C:\Windows\System\UIJqVam.exe
  C:\Windows\System\UIJqVam.exe
  2⤵
  PID:2224
- C:\Windows\System\ePrHqoU.exe
  C:\Windows\System\ePrHqoU.exe
  2⤵
  PID:4328
- C:\Windows\System\IZoGtdF.exe
  C:\Windows\System\IZoGtdF.exe
  2⤵
  PID:4476
- C:\Windows\System\FZKilxY.exe
  C:\Windows\System\FZKilxY.exe
  2⤵
  PID:4572
- C:\Windows\System\GOxAEpM.exe
  C:\Windows\System\GOxAEpM.exe
  2⤵
  PID:4636
- C:\Windows\System\QNFvrZJ.exe
  C:\Windows\System\QNFvrZJ.exe
  2⤵
  PID:4516
- C:\Windows\System\TEXGUql.exe
  C:\Windows\System\TEXGUql.exe
  2⤵
  PID:4620
- C:\Windows\System\rGdFxKa.exe
  C:\Windows\System\rGdFxKa.exe
  2⤵
  PID:4684
- C:\Windows\System\YGhoxJB.exe
  C:\Windows\System\YGhoxJB.exe
  2⤵
  PID:4556
- C:\Windows\System\fPDuNxj.exe
  C:\Windows\System\fPDuNxj.exe
  2⤵
  PID:4720
- C:\Windows\System\MhdQMTm.exe
  C:\Windows\System\MhdQMTm.exe
  2⤵
  PID:4728
- C:\Windows\System\QAxlCsP.exe
  C:\Windows\System\QAxlCsP.exe
  2⤵
  PID:4748
- C:\Windows\System\zmCmdsy.exe
  C:\Windows\System\zmCmdsy.exe
  2⤵
  PID:2012
- C:\Windows\System\MQOjUju.exe
  C:\Windows\System\MQOjUju.exe
  2⤵
  PID:2584
- C:\Windows\System\dOGpSdL.exe
  C:\Windows\System\dOGpSdL.exe
  2⤵
  PID:4776
- C:\Windows\System\bepUElW.exe
  C:\Windows\System\bepUElW.exe
  2⤵
  PID:1152
- C:\Windows\System\aUagEVD.exe
  C:\Windows\System\aUagEVD.exe
  2⤵
  PID:4832
- C:\Windows\System\gUlErIb.exe
  C:\Windows\System\gUlErIb.exe
  2⤵
  PID:4880
- C:\Windows\System\VsSepCb.exe
  C:\Windows\System\VsSepCb.exe
  2⤵
  PID:4976
- C:\Windows\System\TlgOrKm.exe
  C:\Windows\System\TlgOrKm.exe
  2⤵
  PID:5060
- C:\Windows\System\GXARard.exe
  C:\Windows\System\GXARard.exe
  2⤵
  PID:4964
- C:\Windows\System\tvZyHZs.exe
  C:\Windows\System\tvZyHZs.exe
  2⤵
  PID:4896
- C:\Windows\System\WODzYhi.exe
  C:\Windows\System\WODzYhi.exe
  2⤵
  PID:4892
- C:\Windows\System\HPvGMmp.exe
  C:\Windows\System\HPvGMmp.exe
  2⤵
  PID:5072
- C:\Windows\System\qxFaTNQ.exe
  C:\Windows\System\qxFaTNQ.exe
  2⤵
  PID:2496
- C:\Windows\System\MAtLxsl.exe
  C:\Windows\System\MAtLxsl.exe
  2⤵
  PID:1096
- C:\Windows\System\pEptXKx.exe
  C:\Windows\System\pEptXKx.exe
  2⤵
  PID:472
- C:\Windows\System\TOdfXVx.exe
  C:\Windows\System\TOdfXVx.exe
  2⤵
  PID:4176
- C:\Windows\System\QFuJuki.exe
  C:\Windows\System\QFuJuki.exe
  2⤵
  PID:4124
- C:\Windows\System\dNNnhfy.exe
  C:\Windows\System\dNNnhfy.exe
  2⤵
  PID:2672
- C:\Windows\System\aIwpscK.exe
  C:\Windows\System\aIwpscK.exe
  2⤵
  PID:4312
- C:\Windows\System\uMOblgj.exe
  C:\Windows\System\uMOblgj.exe
  2⤵
  PID:4416
- C:\Windows\System\BaQsuVc.exe
  C:\Windows\System\BaQsuVc.exe
  2⤵
  PID:4232
- C:\Windows\System\mapYVRh.exe
  C:\Windows\System\mapYVRh.exe
  2⤵
  PID:4436
- C:\Windows\System\RgYKofz.exe
  C:\Windows\System\RgYKofz.exe
  2⤵
  PID:4496
- C:\Windows\System\IjSfDbP.exe
  C:\Windows\System\IjSfDbP.exe
  2⤵
  PID:4484
- C:\Windows\System\qJdcfqO.exe
  C:\Windows\System\qJdcfqO.exe
  2⤵
  PID:4640
- C:\Windows\System\ubCAGDl.exe
  C:\Windows\System\ubCAGDl.exe
  2⤵
  PID:4588
- C:\Windows\System\rJwhjGD.exe
  C:\Windows\System\rJwhjGD.exe
  2⤵
  PID:2368
- C:\Windows\System\wUdzldu.exe
  C:\Windows\System\wUdzldu.exe
  2⤵
  PID:4772
- C:\Windows\System\GBRjbXC.exe
  C:\Windows\System\GBRjbXC.exe
  2⤵
  PID:4804
- C:\Windows\System\GIaLeFo.exe
  C:\Windows\System\GIaLeFo.exe
  2⤵
  PID:1708
- C:\Windows\System\ytYjBHa.exe
  C:\Windows\System\ytYjBHa.exe
  2⤵
  PID:4820
- C:\Windows\System\Kcohajy.exe
  C:\Windows\System\Kcohajy.exe
  2⤵
  PID:2536
- C:\Windows\System\WVWOyak.exe
  C:\Windows\System\WVWOyak.exe
  2⤵
  PID:4704
- C:\Windows\System\NsSrIeS.exe
  C:\Windows\System\NsSrIeS.exe
  2⤵
  PID:2080
- C:\Windows\System\WRzqLmZ.exe
  C:\Windows\System\WRzqLmZ.exe
  2⤵
  PID:3084
- C:\Windows\System\PQqxVRp.exe
  C:\Windows\System\PQqxVRp.exe
  2⤵
  PID:4844
- C:\Windows\System\YVdhWmD.exe
  C:\Windows\System\YVdhWmD.exe
  2⤵
  PID:5044
- C:\Windows\System\mWcwVgS.exe
  C:\Windows\System\mWcwVgS.exe
  2⤵
  PID:4100
- C:\Windows\System\maQAwTJ.exe
  C:\Windows\System\maQAwTJ.exe
  2⤵
  PID:1796
- C:\Windows\System\QqGejKZ.exe
  C:\Windows\System\QqGejKZ.exe
  2⤵
  PID:4248
- C:\Windows\System\zOKoayF.exe
  C:\Windows\System\zOKoayF.exe
  2⤵
  PID:4296
- C:\Windows\System\VhsMkCb.exe
  C:\Windows\System\VhsMkCb.exe
  2⤵
  PID:1304
- C:\Windows\System\vmkfEbm.exe
  C:\Windows\System\vmkfEbm.exe
  2⤵
  PID:4428
- C:\Windows\System\IUJfpLp.exe
  C:\Windows\System\IUJfpLp.exe
  2⤵
  PID:2172
- C:\Windows\System\DzcRkOh.exe
  C:\Windows\System\DzcRkOh.exe
  2⤵
  PID:1248
- C:\Windows\System\BqLcPwf.exe
  C:\Windows\System\BqLcPwf.exe
  2⤵
  PID:4864
- C:\Windows\System\dqTGzdD.exe
  C:\Windows\System\dqTGzdD.exe
  2⤵
  PID:4520
- C:\Windows\System\UkDhnRy.exe
  C:\Windows\System\UkDhnRy.exe
  2⤵
  PID:4652
- C:\Windows\System\ZaAPgEF.exe
  C:\Windows\System\ZaAPgEF.exe
  2⤵
  PID:4960
- C:\Windows\System\TrjnoYa.exe
  C:\Windows\System\TrjnoYa.exe
  2⤵
  PID:4912
- C:\Windows\System\DLhIQoy.exe
  C:\Windows\System\DLhIQoy.exe
  2⤵
  PID:4736
- C:\Windows\System\BqDDaAK.exe
  C:\Windows\System\BqDDaAK.exe
  2⤵
  PID:4760
- C:\Windows\System\lrdVzdw.exe
  C:\Windows\System\lrdVzdw.exe
  2⤵
  PID:4900
- C:\Windows\System\cJRHXlr.exe
  C:\Windows\System\cJRHXlr.exe
  2⤵
  PID:4204
- C:\Windows\System\lhLeOSF.exe
  C:\Windows\System\lhLeOSF.exe
  2⤵
  PID:4192
- C:\Windows\System\mttgQrZ.exe
  C:\Windows\System\mttgQrZ.exe
  2⤵
  PID:1220
- C:\Windows\System\cNXTlak.exe
  C:\Windows\System\cNXTlak.exe
  2⤵
  PID:4604
- C:\Windows\System\dleHgMt.exe
  C:\Windows\System\dleHgMt.exe
  2⤵
  PID:340
- C:\Windows\System\nehEXIA.exe
  C:\Windows\System\nehEXIA.exe
  2⤵
  PID:3832
- C:\Windows\System\gnkpBUp.exe
  C:\Windows\System\gnkpBUp.exe
  2⤵
  PID:5016
- C:\Windows\System\TnbjVMc.exe
  C:\Windows\System\TnbjVMc.exe
  2⤵
  PID:4860
- C:\Windows\System\gDwBuWL.exe
  C:\Windows\System\gDwBuWL.exe
  2⤵
  PID:4996
- C:\Windows\System\Ldxtevg.exe
  C:\Windows\System\Ldxtevg.exe
  2⤵
  PID:4800
- C:\Windows\System\RrBZhfb.exe
  C:\Windows\System\RrBZhfb.exe
  2⤵
  PID:2708
- C:\Windows\System\NipMkdK.exe
  C:\Windows\System\NipMkdK.exe
  2⤵
  PID:4932
- C:\Windows\System\apaXrKL.exe
  C:\Windows\System\apaXrKL.exe
  2⤵
  PID:1516
- C:\Windows\System\GnLZKhO.exe
  C:\Windows\System\GnLZKhO.exe
  2⤵
  PID:2628
- C:\Windows\System\tKEttFj.exe
  C:\Windows\System\tKEttFj.exe
  2⤵
  PID:4392
- C:\Windows\System\ajvYtSz.exe
  C:\Windows\System\ajvYtSz.exe
  2⤵
  PID:2688
- C:\Windows\System\toOcMhp.exe
  C:\Windows\System\toOcMhp.exe
  2⤵
  PID:4944
- C:\Windows\System\FBmhRSV.exe
  C:\Windows\System\FBmhRSV.exe
  2⤵
  PID:2616
- C:\Windows\System\SEYJxot.exe
  C:\Windows\System\SEYJxot.exe
  2⤵
  PID:5132
- C:\Windows\System\YIxdYlC.exe
  C:\Windows\System\YIxdYlC.exe
  2⤵
  PID:5152
- C:\Windows\System\HVbSSQQ.exe
  C:\Windows\System\HVbSSQQ.exe
  2⤵
  PID:5168
- C:\Windows\System\VxDLrqj.exe
  C:\Windows\System\VxDLrqj.exe
  2⤵
  PID:5184
- C:\Windows\System\OJHFnPG.exe
  C:\Windows\System\OJHFnPG.exe
  2⤵
  PID:5200
- C:\Windows\System\NGLLePf.exe
  C:\Windows\System\NGLLePf.exe
  2⤵
  PID:5216
- C:\Windows\System\CzeXPXN.exe
  C:\Windows\System\CzeXPXN.exe
  2⤵
  PID:5248
- C:\Windows\System\yHhBwkp.exe
  C:\Windows\System\yHhBwkp.exe
  2⤵
  PID:5276
- C:\Windows\System\QSJCzQG.exe
  C:\Windows\System\QSJCzQG.exe
  2⤵
  PID:5292
- C:\Windows\System\BxlsKsv.exe
  C:\Windows\System\BxlsKsv.exe
  2⤵
  PID:5332
- C:\Windows\System\VYaTKDQ.exe
  C:\Windows\System\VYaTKDQ.exe
  2⤵
  PID:5348
- C:\Windows\System\RjqROJO.exe
  C:\Windows\System\RjqROJO.exe
  2⤵
  PID:5368
- C:\Windows\System\kjJVEul.exe
  C:\Windows\System\kjJVEul.exe
  2⤵
  PID:5388
- C:\Windows\System\LrqvJlu.exe
  C:\Windows\System\LrqvJlu.exe
  2⤵
  PID:5412
- C:\Windows\System\MZrScwk.exe
  C:\Windows\System\MZrScwk.exe
  2⤵
  PID:5428
- C:\Windows\System\lbsLhRV.exe
  C:\Windows\System\lbsLhRV.exe
  2⤵
  PID:5448
- C:\Windows\System\XfGwNIW.exe
  C:\Windows\System\XfGwNIW.exe
  2⤵
  PID:5464
- C:\Windows\System\WrUvMHx.exe
  C:\Windows\System\WrUvMHx.exe
  2⤵
  PID:5480
- C:\Windows\System\zwFpYgI.exe
  C:\Windows\System\zwFpYgI.exe
  2⤵
  PID:5508
- C:\Windows\System\voVFTml.exe
  C:\Windows\System\voVFTml.exe
  2⤵
  PID:5528
- C:\Windows\System\YsNPhMP.exe
  C:\Windows\System\YsNPhMP.exe
  2⤵
  PID:5548
- C:\Windows\System\rwjEFxW.exe
  C:\Windows\System\rwjEFxW.exe
  2⤵
  PID:5564
- C:\Windows\System\yURSeIG.exe
  C:\Windows\System\yURSeIG.exe
  2⤵
  PID:5580
- C:\Windows\System\aCrCOmM.exe
  C:\Windows\System\aCrCOmM.exe
  2⤵
  PID:5608
- C:\Windows\System\xwSdWIa.exe
  C:\Windows\System\xwSdWIa.exe
  2⤵
  PID:5624
- C:\Windows\System\WWvieFI.exe
  C:\Windows\System\WWvieFI.exe
  2⤵
  PID:5640
- C:\Windows\System\RXOGKdg.exe
  C:\Windows\System\RXOGKdg.exe
  2⤵
  PID:5656
- C:\Windows\System\JYUZamt.exe
  C:\Windows\System\JYUZamt.exe
  2⤵
  PID:5672
- C:\Windows\System\ppUrEMy.exe
  C:\Windows\System\ppUrEMy.exe
  2⤵
  PID:5692
- C:\Windows\System\QNBikNn.exe
  C:\Windows\System\QNBikNn.exe
  2⤵
  PID:5712
- C:\Windows\System\QkEOHkY.exe
  C:\Windows\System\QkEOHkY.exe
  2⤵
  PID:5728
- C:\Windows\System\dndcoUJ.exe
  C:\Windows\System\dndcoUJ.exe
  2⤵
  PID:5744
- C:\Windows\System\JParUDd.exe
  C:\Windows\System\JParUDd.exe
  2⤵
  PID:5760
- C:\Windows\System\EzBUEBU.exe
  C:\Windows\System\EzBUEBU.exe
  2⤵
  PID:5776
- C:\Windows\System\fTHZHqD.exe
  C:\Windows\System\fTHZHqD.exe
  2⤵
  PID:5796
- C:\Windows\System\uZDUbdi.exe
  C:\Windows\System\uZDUbdi.exe
  2⤵
  PID:5820
- C:\Windows\System\uZKiQNI.exe
  C:\Windows\System\uZKiQNI.exe
  2⤵
  PID:5836
- C:\Windows\System\wSBtGHh.exe
  C:\Windows\System\wSBtGHh.exe
  2⤵
  PID:5860
- C:\Windows\System\FgmAQEx.exe
  C:\Windows\System\FgmAQEx.exe
  2⤵
  PID:5880
- C:\Windows\System\rvfINlT.exe
  C:\Windows\System\rvfINlT.exe
  2⤵
  PID:5896
- C:\Windows\System\QtJNwVG.exe
  C:\Windows\System\QtJNwVG.exe
  2⤵
  PID:5916
- C:\Windows\System\qMLdDWu.exe
  C:\Windows\System\qMLdDWu.exe
  2⤵
  PID:5932
- C:\Windows\System\VdoewMd.exe
  C:\Windows\System\VdoewMd.exe
  2⤵
  PID:5948
- C:\Windows\System\QpDHKFI.exe
  C:\Windows\System\QpDHKFI.exe
  2⤵
  PID:5964
- C:\Windows\System\wLqLzFw.exe
  C:\Windows\System\wLqLzFw.exe
  2⤵
  PID:5980
- C:\Windows\System\OUIiOvh.exe
  C:\Windows\System\OUIiOvh.exe
  2⤵
  PID:6000
- C:\Windows\System\HPScPLn.exe
  C:\Windows\System\HPScPLn.exe
  2⤵
  PID:6020
- C:\Windows\System\YsgDXII.exe
  C:\Windows\System\YsgDXII.exe
  2⤵
  PID:6044
- C:\Windows\System\XbJtpfR.exe
  C:\Windows\System\XbJtpfR.exe
  2⤵
  PID:6116
- C:\Windows\System\IvvbekB.exe
  C:\Windows\System\IvvbekB.exe
  2⤵
  PID:6132
- C:\Windows\System\CqQhXfn.exe
  C:\Windows\System\CqQhXfn.exe
  2⤵
  PID:2196
- C:\Windows\System\nKwIomt.exe
  C:\Windows\System\nKwIomt.exe
  2⤵
  PID:5144
- C:\Windows\System\zfxtNMs.exe
  C:\Windows\System\zfxtNMs.exe
  2⤵
  PID:5208
- C:\Windows\System\hsWDytW.exe
  C:\Windows\System\hsWDytW.exe
  2⤵
  PID:5124
- C:\Windows\System\fiEEmBk.exe
  C:\Windows\System\fiEEmBk.exe
  2⤵
  PID:5228
- C:\Windows\System\nMYmpMT.exe
  C:\Windows\System\nMYmpMT.exe
  2⤵
  PID:5196
- C:\Windows\System\QbpWVZS.exe
  C:\Windows\System\QbpWVZS.exe
  2⤵
  PID:2804
- C:\Windows\System\OpWRmzq.exe
  C:\Windows\System\OpWRmzq.exe
  2⤵
  PID:5268
- C:\Windows\System\AKfobMS.exe
  C:\Windows\System\AKfobMS.exe
  2⤵
  PID:5308
- C:\Windows\System\jxkeYYY.exe
  C:\Windows\System\jxkeYYY.exe
  2⤵
  PID:5320
- C:\Windows\System\QVFpSuo.exe
  C:\Windows\System\QVFpSuo.exe
  2⤵
  PID:5364
- C:\Windows\System\GLJjYSC.exe
  C:\Windows\System\GLJjYSC.exe
  2⤵
  PID:5408
- C:\Windows\System\nfahkcA.exe
  C:\Windows\System\nfahkcA.exe
  2⤵
  PID:2492
- C:\Windows\System\TMBhFIG.exe
  C:\Windows\System\TMBhFIG.exe
  2⤵
  PID:5476
- C:\Windows\System\RwBtoiW.exe
  C:\Windows\System\RwBtoiW.exe
  2⤵
  PID:2116
- C:\Windows\System\ItRmugz.exe
  C:\Windows\System\ItRmugz.exe
  2⤵
  PID:5524
- C:\Windows\System\hDVUHuv.exe
  C:\Windows\System\hDVUHuv.exe
  2⤵
  PID:5456
- C:\Windows\System\NwgRDVD.exe
  C:\Windows\System\NwgRDVD.exe
  2⤵
  PID:5600
- C:\Windows\System\DOOhKGb.exe
  C:\Windows\System\DOOhKGb.exe
  2⤵
  PID:5664
- C:\Windows\System\jfUeQHE.exe
  C:\Windows\System\jfUeQHE.exe
  2⤵
  PID:5708
- C:\Windows\System\dJyHcfu.exe
  C:\Windows\System\dJyHcfu.exe
  2⤵
  PID:5768
- C:\Windows\System\gFIQIMp.exe
  C:\Windows\System\gFIQIMp.exe
  2⤵
  PID:5816
- C:\Windows\System\BwdbZyW.exe
  C:\Windows\System\BwdbZyW.exe
  2⤵
  PID:5848
- C:\Windows\System\LUOsKcQ.exe
  C:\Windows\System\LUOsKcQ.exe
  2⤵
  PID:5496
- C:\Windows\System\BEIGxKx.exe
  C:\Windows\System\BEIGxKx.exe
  2⤵
  PID:5956
- C:\Windows\System\IIsPzYm.exe
  C:\Windows\System\IIsPzYm.exe
  2⤵
  PID:6028
- C:\Windows\System\JGHHSKk.exe
  C:\Windows\System\JGHHSKk.exe
  2⤵
  PID:5976
- C:\Windows\System\YUQWFpN.exe
  C:\Windows\System\YUQWFpN.exe
  2⤵
  PID:5828
- C:\Windows\System\VETIiFA.exe
  C:\Windows\System\VETIiFA.exe
  2⤵
  PID:5576
- C:\Windows\System\LaTPdQb.exe
  C:\Windows\System\LaTPdQb.exe
  2⤵
  PID:5912
- C:\Windows\System\yXuftIv.exe
  C:\Windows\System\yXuftIv.exe
  2⤵
  PID:6016
- C:\Windows\System\QpeyEdB.exe
  C:\Windows\System\QpeyEdB.exe
  2⤵
  PID:5752
- C:\Windows\System\wltoQkG.exe
  C:\Windows\System\wltoQkG.exe
  2⤵
  PID:6084
- C:\Windows\System\fdKfNVt.exe
  C:\Windows\System\fdKfNVt.exe
  2⤵
  PID:6112
- C:\Windows\System\NYzsdEQ.exe
  C:\Windows\System\NYzsdEQ.exe
  2⤵
  PID:6100
- C:\Windows\System\DLiwZPl.exe
  C:\Windows\System\DLiwZPl.exe
  2⤵
  PID:4408
- C:\Windows\System\EvuZaPR.exe
  C:\Windows\System\EvuZaPR.exe
  2⤵
  PID:1128
- C:\Windows\System\DGJOaeA.exe
  C:\Windows\System\DGJOaeA.exe
  2⤵
  PID:2776
- C:\Windows\System\VZpQDME.exe
  C:\Windows\System\VZpQDME.exe
  2⤵
  PID:4120
- C:\Windows\System\HXcRuSQ.exe
  C:\Windows\System\HXcRuSQ.exe
  2⤵
  PID:5260
- C:\Windows\System\ljLmpmV.exe
  C:\Windows\System\ljLmpmV.exe
  2⤵
  PID:5316
- C:\Windows\System\UpdlycU.exe
  C:\Windows\System\UpdlycU.exe
  2⤵
  PID:5328
- C:\Windows\System\hywCiQg.exe
  C:\Windows\System\hywCiQg.exe
  2⤵
  PID:5340
- C:\Windows\System\wqBasOd.exe
  C:\Windows\System\wqBasOd.exe
  2⤵
  PID:5444
- C:\Windows\System\TFbkahf.exe
  C:\Windows\System\TFbkahf.exe
  2⤵
  PID:5520
- C:\Windows\System\OCygwax.exe
  C:\Windows\System\OCygwax.exe
  2⤵
  PID:5380
- C:\Windows\System\FOnTagM.exe
  C:\Windows\System\FOnTagM.exe
  2⤵
  PID:5500
- C:\Windows\System\GnGJRps.exe
  C:\Windows\System\GnGJRps.exe
  2⤵
  PID:5788
- C:\Windows\System\hSrHdeN.exe
  C:\Windows\System\hSrHdeN.exe
  2⤵
  PID:5792
- C:\Windows\System\hhaDxmx.exe
  C:\Windows\System\hhaDxmx.exe
  2⤵
  PID:5908
- C:\Windows\System\SaGuzpc.exe
  C:\Windows\System\SaGuzpc.exe
  2⤵
  PID:6092
- C:\Windows\System\wqcfmbk.exe
  C:\Windows\System\wqcfmbk.exe
  2⤵
  PID:5940
- C:\Windows\System\LyLIdZE.exe
  C:\Windows\System\LyLIdZE.exe
  2⤵
  PID:6040
- C:\Windows\System\FrVhXTr.exe
  C:\Windows\System\FrVhXTr.exe
  2⤵
  PID:6128
- C:\Windows\System\ZLJzDlp.exe
  C:\Windows\System\ZLJzDlp.exe
  2⤵
  PID:5176
- C:\Windows\System\lMseUFs.exe
  C:\Windows\System\lMseUFs.exe
  2⤵
  PID:5244
- C:\Windows\System\XTKTauf.exe
  C:\Windows\System\XTKTauf.exe
  2⤵
  PID:5160
- C:\Windows\System\pUJsZoR.exe
  C:\Windows\System\pUJsZoR.exe
  2⤵
  PID:5472
- C:\Windows\System\tHDUfof.exe
  C:\Windows\System\tHDUfof.exe
  2⤵
  PID:6012
- C:\Windows\System\vGRZrkc.exe
  C:\Windows\System\vGRZrkc.exe
  2⤵
  PID:5724
- C:\Windows\System\EvOAwGD.exe
  C:\Windows\System\EvOAwGD.exe
  2⤵
  PID:5872
- C:\Windows\System\lKgwPvV.exe
  C:\Windows\System\lKgwPvV.exe
  2⤵
  PID:5224
- C:\Windows\System\bSBfQjo.exe
  C:\Windows\System\bSBfQjo.exe
  2⤵
  PID:1356
- C:\Windows\System\VweOTPz.exe
  C:\Windows\System\VweOTPz.exe
  2⤵
  PID:5596
- C:\Windows\System\ORaOMQU.exe
  C:\Windows\System\ORaOMQU.exe
  2⤵
  PID:5852
- C:\Windows\System\bfnDTzB.exe
  C:\Windows\System\bfnDTzB.exe
  2⤵
  PID:5488
- C:\Windows\System\rjwKdgs.exe
  C:\Windows\System\rjwKdgs.exe
  2⤵
  PID:5592
- C:\Windows\System\XKtCUKW.exe
  C:\Windows\System\XKtCUKW.exe
  2⤵
  PID:5996
- C:\Windows\System\YJvnSlZ.exe
  C:\Windows\System\YJvnSlZ.exe
  2⤵
  PID:5972
- C:\Windows\System\idhwbiv.exe
  C:\Windows\System\idhwbiv.exe
  2⤵
  PID:5892
- C:\Windows\System\sdbuIbk.exe
  C:\Windows\System\sdbuIbk.exe
  2⤵
  PID:1660
- C:\Windows\System\kkVjHSy.exe
  C:\Windows\System\kkVjHSy.exe
  2⤵
  PID:5720
- C:\Windows\System\ihYAVls.exe
  C:\Windows\System\ihYAVls.exe
  2⤵
  PID:4228
- C:\Windows\System\ccBqYSc.exe
  C:\Windows\System\ccBqYSc.exe
  2⤵
  PID:3412
- C:\Windows\System\onFRGNe.exe
  C:\Windows\System\onFRGNe.exe
  2⤵
  PID:6080
- C:\Windows\System\mAEnAZo.exe
  C:\Windows\System\mAEnAZo.exe
  2⤵
  PID:4548
- C:\Windows\System\oiwNgbf.exe
  C:\Windows\System\oiwNgbf.exe
  2⤵
  PID:5684
- C:\Windows\System\inDMkCR.exe
  C:\Windows\System\inDMkCR.exe
  2⤵
  PID:5680
- C:\Windows\System\vlyABOq.exe
  C:\Windows\System\vlyABOq.exe
  2⤵
  PID:5740
- C:\Windows\System\KFkSTAt.exe
  C:\Windows\System\KFkSTAt.exe
  2⤵
  PID:5112
- C:\Windows\System\ijHTBbt.exe
  C:\Windows\System\ijHTBbt.exe
  2⤵
  PID:6152
- C:\Windows\System\XkteFUV.exe
  C:\Windows\System\XkteFUV.exe
  2⤵
  PID:6168
- C:\Windows\System\dSzsJep.exe
  C:\Windows\System\dSzsJep.exe
  2⤵
  PID:6184
- C:\Windows\System\BODrvDM.exe
  C:\Windows\System\BODrvDM.exe
  2⤵
  PID:6208
- C:\Windows\System\imATdoY.exe
  C:\Windows\System\imATdoY.exe
  2⤵
  PID:6224
- C:\Windows\System\fnGDMYy.exe
  C:\Windows\System\fnGDMYy.exe
  2⤵
  PID:6240
- C:\Windows\System\RXDadfk.exe
  C:\Windows\System\RXDadfk.exe
  2⤵
  PID:6260
- C:\Windows\System\KufzSya.exe
  C:\Windows\System\KufzSya.exe
  2⤵
  PID:6288
- C:\Windows\System\kxmSuEt.exe
  C:\Windows\System\kxmSuEt.exe
  2⤵
  PID:6312
- C:\Windows\System\KdfwtvY.exe
  C:\Windows\System\KdfwtvY.exe
  2⤵
  PID:6332
- C:\Windows\System\PYvlhWr.exe
  C:\Windows\System\PYvlhWr.exe
  2⤵
  PID:6348
- C:\Windows\System\oDzCXMI.exe
  C:\Windows\System\oDzCXMI.exe
  2⤵
  PID:6364
- C:\Windows\System\uPCrcvo.exe
  C:\Windows\System\uPCrcvo.exe
  2⤵
  PID:6380
- C:\Windows\System\DYoIhoO.exe
  C:\Windows\System\DYoIhoO.exe
  2⤵
  PID:6396
- C:\Windows\System\UxLsSXL.exe
  C:\Windows\System\UxLsSXL.exe
  2⤵
  PID:6416
- C:\Windows\System\MaWKhtN.exe
  C:\Windows\System\MaWKhtN.exe
  2⤵
  PID:6432
- C:\Windows\System\sYKqNvm.exe
  C:\Windows\System\sYKqNvm.exe
  2⤵
  PID:6448
- C:\Windows\System\TGDatog.exe
  C:\Windows\System\TGDatog.exe
  2⤵
  PID:6464
- C:\Windows\System\gjooIBe.exe
  C:\Windows\System\gjooIBe.exe
  2⤵
  PID:6492
- C:\Windows\System\DseNDDu.exe
  C:\Windows\System\DseNDDu.exe
  2⤵
  PID:6520
- C:\Windows\System\HUKFeAB.exe
  C:\Windows\System\HUKFeAB.exe
  2⤵
  PID:6536
- C:\Windows\System\qhOBiLs.exe
  C:\Windows\System\qhOBiLs.exe
  2⤵
  PID:6552
- C:\Windows\System\EvJxWuF.exe
  C:\Windows\System\EvJxWuF.exe
  2⤵
  PID:6568
- C:\Windows\System\CbvBukF.exe
  C:\Windows\System\CbvBukF.exe
  2⤵
  PID:6584
- C:\Windows\System\sQlVizE.exe
  C:\Windows\System\sQlVizE.exe
  2⤵
  PID:6600
- C:\Windows\System\eqTQFOK.exe
  C:\Windows\System\eqTQFOK.exe
  2⤵
  PID:6616
- C:\Windows\System\SZjMoZH.exe
  C:\Windows\System\SZjMoZH.exe
  2⤵
  PID:6632
- C:\Windows\System\kgeDxKj.exe
  C:\Windows\System\kgeDxKj.exe
  2⤵
  PID:6652
- C:\Windows\System\FtNrobj.exe
  C:\Windows\System\FtNrobj.exe
  2⤵
  PID:6668
- C:\Windows\System\TdErTha.exe
  C:\Windows\System\TdErTha.exe
  2⤵
  PID:6684
- C:\Windows\System\hORhCQd.exe
  C:\Windows\System\hORhCQd.exe
  2⤵
  PID:6700
- C:\Windows\System\zLONLlw.exe
  C:\Windows\System\zLONLlw.exe
  2⤵
  PID:6720
- C:\Windows\System\GGoUjJO.exe
  C:\Windows\System\GGoUjJO.exe
  2⤵
  PID:6736
- C:\Windows\System\vWatnaP.exe
  C:\Windows\System\vWatnaP.exe
  2⤵
  PID:6756
- C:\Windows\System\HGJlBZs.exe
  C:\Windows\System\HGJlBZs.exe
  2⤵
  PID:6772
- C:\Windows\System\MbSvMKR.exe
  C:\Windows\System\MbSvMKR.exe
  2⤵
  PID:6788
- C:\Windows\System\HCWZCKw.exe
  C:\Windows\System\HCWZCKw.exe
  2⤵
  PID:6804
- C:\Windows\System\qCyXlHg.exe
  C:\Windows\System\qCyXlHg.exe
  2⤵
  PID:6824
- C:\Windows\System\tuQEXvH.exe
  C:\Windows\System\tuQEXvH.exe
  2⤵
  PID:6844
- C:\Windows\System\NQDoGZG.exe
  C:\Windows\System\NQDoGZG.exe
  2⤵
  PID:6864
- C:\Windows\System\QLdmxHI.exe
  C:\Windows\System\QLdmxHI.exe
  2⤵
  PID:6880
- C:\Windows\System\NjgXKmE.exe
  C:\Windows\System\NjgXKmE.exe
  2⤵
  PID:6896
- C:\Windows\System\Ibfgrrb.exe
  C:\Windows\System\Ibfgrrb.exe
  2⤵
  PID:6916
- C:\Windows\System\olCjKsd.exe
  C:\Windows\System\olCjKsd.exe
  2⤵
  PID:6936
- C:\Windows\System\LjUZTWH.exe
  C:\Windows\System\LjUZTWH.exe
  2⤵
  PID:6952
- C:\Windows\System\gbPQnsO.exe
  C:\Windows\System\gbPQnsO.exe
  2⤵
  PID:6968
- C:\Windows\System\fTmvYyN.exe
  C:\Windows\System\fTmvYyN.exe
  2⤵
  PID:6984
- C:\Windows\System\glIBrLG.exe
  C:\Windows\System\glIBrLG.exe
  2⤵
  PID:7000
- C:\Windows\System\uklAGlP.exe
  C:\Windows\System\uklAGlP.exe
  2⤵
  PID:7016
- C:\Windows\System\zuLQrTH.exe
  C:\Windows\System\zuLQrTH.exe
  2⤵
  PID:7032
- C:\Windows\System\YZuDMqU.exe
  C:\Windows\System\YZuDMqU.exe
  2⤵
  PID:7052
- C:\Windows\System\haxLMSN.exe
  C:\Windows\System\haxLMSN.exe
  2⤵
  PID:7068
- C:\Windows\System\GikyhHv.exe
  C:\Windows\System\GikyhHv.exe
  2⤵
  PID:7084
- C:\Windows\System\dqQqxyb.exe
  C:\Windows\System\dqQqxyb.exe
  2⤵
  PID:7100
- C:\Windows\System\XroQDrA.exe
  C:\Windows\System\XroQDrA.exe
  2⤵
  PID:7116
- C:\Windows\System\IxcoJTb.exe
  C:\Windows\System\IxcoJTb.exe
  2⤵
  PID:7132
- C:\Windows\System\XlOmRxx.exe
  C:\Windows\System\XlOmRxx.exe
  2⤵
  PID:7148
- C:\Windows\System\ogzgdPb.exe
  C:\Windows\System\ogzgdPb.exe
  2⤵
  PID:5924
- C:\Windows\System\OonCKkJ.exe
  C:\Windows\System\OonCKkJ.exe
  2⤵
  PID:5424
- C:\Windows\System\BbfmeXF.exe
  C:\Windows\System\BbfmeXF.exe
  2⤵
  PID:6192
- C:\Windows\System\CHJmcwq.exe
  C:\Windows\System\CHJmcwq.exe
  2⤵
  PID:5360
- C:\Windows\System\zNnkfyM.exe
  C:\Windows\System\zNnkfyM.exe
  2⤵
  PID:5844
- C:\Windows\System\kYNZcqZ.exe
  C:\Windows\System\kYNZcqZ.exe
  2⤵
  PID:6176
- C:\Windows\System\VUdaoZY.exe
  C:\Windows\System\VUdaoZY.exe
  2⤵
  PID:6220
- C:\Windows\System\XDWpAgl.exe
  C:\Windows\System\XDWpAgl.exe
  2⤵
  PID:6276
- C:\Windows\System\yWHAoSb.exe
  C:\Windows\System\yWHAoSb.exe
  2⤵
  PID:6252
- C:\Windows\System\OBvIjjQ.exe
  C:\Windows\System\OBvIjjQ.exe
  2⤵
  PID:6356
- C:\Windows\System\bWOSbJy.exe
  C:\Windows\System\bWOSbJy.exe
  2⤵
  PID:6392
- C:\Windows\System\RqxEBbW.exe
  C:\Windows\System\RqxEBbW.exe
  2⤵
  PID:6296
- C:\Windows\System\ZkmHgyv.exe
  C:\Windows\System\ZkmHgyv.exe
  2⤵
  PID:6344
- C:\Windows\System\lPhQubB.exe
  C:\Windows\System\lPhQubB.exe
  2⤵
  PID:6428
- C:\Windows\System\zLWDZMA.exe
  C:\Windows\System\zLWDZMA.exe
  2⤵
  PID:6476
- C:\Windows\System\brhoQln.exe
  C:\Windows\System\brhoQln.exe
  2⤵
  PID:6504
- C:\Windows\System\oXWWEJF.exe
  C:\Windows\System\oXWWEJF.exe
  2⤵
  PID:6544
- C:\Windows\System\qomYKEz.exe
  C:\Windows\System\qomYKEz.exe
  2⤵
  PID:6480
- C:\Windows\System\hmKYjVN.exe
  C:\Windows\System\hmKYjVN.exe
  2⤵
  PID:6532
- C:\Windows\System\essFKdJ.exe
  C:\Windows\System\essFKdJ.exe
  2⤵
  PID:6612
- C:\Windows\System\IlwtxNR.exe
  C:\Windows\System\IlwtxNR.exe
  2⤵
  PID:6640
- C:\Windows\System\dUAoBKa.exe
  C:\Windows\System\dUAoBKa.exe
  2⤵
  PID:6680
- C:\Windows\System\CNBFdpK.exe
  C:\Windows\System\CNBFdpK.exe
  2⤵
  PID:6660
- C:\Windows\System\swzJkyR.exe
  C:\Windows\System\swzJkyR.exe
  2⤵
  PID:6712
- C:\Windows\System\mtxAJJO.exe
  C:\Windows\System\mtxAJJO.exe
  2⤵
  PID:6744
- C:\Windows\System\UNElMXt.exe
  C:\Windows\System\UNElMXt.exe
  2⤵
  PID:6784
- C:\Windows\System\myGtKby.exe
  C:\Windows\System\myGtKby.exe
  2⤵
  PID:6764
- C:\Windows\System\YhBsBuR.exe
  C:\Windows\System\YhBsBuR.exe
  2⤵
  PID:6860
- C:\Windows\System\DkgVSJc.exe
  C:\Windows\System\DkgVSJc.exe
  2⤵
  PID:6840
- C:\Windows\System\rqhkrMp.exe
  C:\Windows\System\rqhkrMp.exe
  2⤵
  PID:6832
- C:\Windows\System\iewxZHu.exe
  C:\Windows\System\iewxZHu.exe
  2⤵
  PID:6912
- C:\Windows\System\HbHypvC.exe
  C:\Windows\System\HbHypvC.exe
  2⤵
  PID:6980
- C:\Windows\System\wBSxJje.exe
  C:\Windows\System\wBSxJje.exe
  2⤵
  PID:7028
- C:\Windows\System\twRLybi.exe
  C:\Windows\System\twRLybi.exe
  2⤵
  PID:7008
- C:\Windows\System\vbszQKm.exe
  C:\Windows\System\vbszQKm.exe
  2⤵
  PID:7064
- C:\Windows\System\nEFiNmT.exe
  C:\Windows\System\nEFiNmT.exe
  2⤵
  PID:7040
- C:\Windows\System\jKKvtln.exe
  C:\Windows\System\jKKvtln.exe
  2⤵
  PID:7160
- C:\Windows\System\xzwVHDu.exe
  C:\Windows\System\xzwVHDu.exe
  2⤵
  PID:5756
- C:\Windows\System\tZFuXPB.exe
  C:\Windows\System\tZFuXPB.exe
  2⤵
  PID:6216
- C:\Windows\System\CXiHErV.exe
  C:\Windows\System\CXiHErV.exe
  2⤵
  PID:5636
- C:\Windows\System\SYuQMKU.exe
  C:\Windows\System\SYuQMKU.exe
  2⤵
  PID:264
- C:\Windows\System\ukmJTCZ.exe
  C:\Windows\System\ukmJTCZ.exe
  2⤵
  PID:6284
- C:\Windows\System\zGKRosp.exe
  C:\Windows\System\zGKRosp.exe
  2⤵
  PID:6340
- C:\Windows\System\gOpBGSh.exe
  C:\Windows\System\gOpBGSh.exe
  2⤵
  PID:6300
- C:\Windows\System\wouEPLy.exe
  C:\Windows\System\wouEPLy.exe
  2⤵
  PID:6508
- C:\Windows\System\xjRmNxP.exe
  C:\Windows\System\xjRmNxP.exe
  2⤵
  PID:6324
- C:\Windows\System\nfSOXjB.exe
  C:\Windows\System\nfSOXjB.exe
  2⤵
  PID:6580
- C:\Windows\System\RrAgCgE.exe
  C:\Windows\System\RrAgCgE.exe
  2⤵
  PID:6596
- C:\Windows\System\NEsUgYK.exe
  C:\Windows\System\NEsUgYK.exe
  2⤵
  PID:6732
- C:\Windows\System\QNpFzHn.exe
  C:\Windows\System\QNpFzHn.exe
  2⤵
  PID:6648
- C:\Windows\System\YKEiSTC.exe
  C:\Windows\System\YKEiSTC.exe
  2⤵
  PID:6676
- C:\Windows\System\bKNxnog.exe
  C:\Windows\System\bKNxnog.exe
  2⤵
  PID:6856
- C:\Windows\System\AcgFfar.exe
  C:\Windows\System\AcgFfar.exe
  2⤵
  PID:6796
- C:\Windows\System\mQsuucZ.exe
  C:\Windows\System\mQsuucZ.exe
  2⤵
  PID:6932
- C:\Windows\System\YYoRnMh.exe
  C:\Windows\System\YYoRnMh.exe
  2⤵
  PID:6976
- C:\Windows\System\eJJReBd.exe
  C:\Windows\System\eJJReBd.exe
  2⤵
  PID:7024
- C:\Windows\System\GRfLdGg.exe
  C:\Windows\System\GRfLdGg.exe
  2⤵
  PID:6944
- C:\Windows\System\IfTAztN.exe
  C:\Windows\System\IfTAztN.exe
  2⤵
  PID:5804
- C:\Windows\System\iCxhCxW.exe
  C:\Windows\System\iCxhCxW.exe
  2⤵
  PID:7140
- C:\Windows\System\ZzkCcZK.exe
  C:\Windows\System\ZzkCcZK.exe
  2⤵
  PID:5572
- C:\Windows\System\HauHWCs.exe
  C:\Windows\System\HauHWCs.exe
  2⤵
  PID:6268
- C:\Windows\System\FTXcdHr.exe
  C:\Windows\System\FTXcdHr.exe
  2⤵
  PID:6488
- C:\Windows\System\VqAGCoN.exe
  C:\Windows\System\VqAGCoN.exe
  2⤵
  PID:2604
- C:\Windows\System\sOQKKhk.exe
  C:\Windows\System\sOQKKhk.exe
  2⤵
  PID:6780
- C:\Windows\System\vxuQMkd.exe
  C:\Windows\System\vxuQMkd.exe
  2⤵
  PID:6304
- C:\Windows\System\SkwCyFR.exe
  C:\Windows\System\SkwCyFR.exe
  2⤵
  PID:6924
- C:\Windows\System\QWXzysz.exe
  C:\Windows\System\QWXzysz.exe
  2⤵
  PID:6964
- C:\Windows\System\tYhfLRr.exe
  C:\Windows\System\tYhfLRr.exe
  2⤵
  PID:6180
- C:\Windows\System\RnGgqrY.exe
  C:\Windows\System\RnGgqrY.exe
  2⤵
  PID:6696
- C:\Windows\System\GPnYMsX.exe
  C:\Windows\System\GPnYMsX.exe
  2⤵
  PID:6820
- C:\Windows\System\eGFXJEz.exe
  C:\Windows\System\eGFXJEz.exe
  2⤵
  PID:6236
- C:\Windows\System\QFGtKDr.exe
  C:\Windows\System\QFGtKDr.exe
  2⤵
  PID:5928
- C:\Windows\System\QImgmzq.exe
  C:\Windows\System\QImgmzq.exe
  2⤵
  PID:6424
- C:\Windows\System\zfSkdhP.exe
  C:\Windows\System\zfSkdhP.exe
  2⤵
  PID:6960
- C:\Windows\System\kHCcSnT.exe
  C:\Windows\System\kHCcSnT.exe
  2⤵
  PID:6576
- C:\Windows\System\NSpURCR.exe
  C:\Windows\System\NSpURCR.exe
  2⤵
  PID:6516
- C:\Windows\System\wQJXLtR.exe
  C:\Windows\System\wQJXLtR.exe
  2⤵
  PID:6768
- C:\Windows\System\YnbvliB.exe
  C:\Windows\System\YnbvliB.exe
  2⤵
  PID:6996
- C:\Windows\System\ibTXIsb.exe
  C:\Windows\System\ibTXIsb.exe
  2⤵
  PID:7188
- C:\Windows\System\SvFlwRQ.exe
  C:\Windows\System\SvFlwRQ.exe
  2⤵
  PID:7204
- C:\Windows\System\qnKatic.exe
  C:\Windows\System\qnKatic.exe
  2⤵
  PID:7220
- C:\Windows\System\LsHvwDY.exe
  C:\Windows\System\LsHvwDY.exe
  2⤵
  PID:7240
- C:\Windows\System\pHecIiY.exe
  C:\Windows\System\pHecIiY.exe
  2⤵
  PID:7256
- C:\Windows\System\zAUAfxy.exe
  C:\Windows\System\zAUAfxy.exe
  2⤵
  PID:7272
- C:\Windows\System\fpzepXJ.exe
  C:\Windows\System\fpzepXJ.exe
  2⤵
  PID:7288
- C:\Windows\System\qzeVOHz.exe
  C:\Windows\System\qzeVOHz.exe
  2⤵
  PID:7304
- C:\Windows\System\pcXtEXj.exe
  C:\Windows\System\pcXtEXj.exe
  2⤵
  PID:7320
- C:\Windows\System\vVRLxLa.exe
  C:\Windows\System\vVRLxLa.exe
  2⤵
  PID:7336
- C:\Windows\System\tRAMISO.exe
  C:\Windows\System\tRAMISO.exe
  2⤵
  PID:7360
- C:\Windows\System\ySayCOF.exe
  C:\Windows\System\ySayCOF.exe
  2⤵
  PID:7376
- C:\Windows\System\FiTbuFt.exe
  C:\Windows\System\FiTbuFt.exe
  2⤵
  PID:7396
- C:\Windows\System\OFCcgBe.exe
  C:\Windows\System\OFCcgBe.exe
  2⤵
  PID:7412
- C:\Windows\System\hWCtRwK.exe
  C:\Windows\System\hWCtRwK.exe
  2⤵
  PID:7432
- C:\Windows\System\hemxJyX.exe
  C:\Windows\System\hemxJyX.exe
  2⤵
  PID:7448
- C:\Windows\System\EkAhoHc.exe
  C:\Windows\System\EkAhoHc.exe
  2⤵
  PID:7464
- C:\Windows\System\eymVdyK.exe
  C:\Windows\System\eymVdyK.exe
  2⤵
  PID:7480
- C:\Windows\System\qtlQSWd.exe
  C:\Windows\System\qtlQSWd.exe
  2⤵
  PID:7496
- C:\Windows\System\CZJhYuS.exe
  C:\Windows\System\CZJhYuS.exe
  2⤵
  PID:7724
- C:\Windows\System\efmtFJk.exe
  C:\Windows\System\efmtFJk.exe
  2⤵
  PID:7744
- C:\Windows\System\UeIVqGP.exe
  C:\Windows\System\UeIVqGP.exe
  2⤵
  PID:7792
- C:\Windows\System\MTeTQHV.exe
  C:\Windows\System\MTeTQHV.exe
  2⤵
  PID:7832
- C:\Windows\System\IhnHeJk.exe
  C:\Windows\System\IhnHeJk.exe
  2⤵
  PID:7848
- C:\Windows\System\cDGCEiK.exe
  C:\Windows\System\cDGCEiK.exe
  2⤵
  PID:7864
- C:\Windows\System\vaIYKAH.exe
  C:\Windows\System\vaIYKAH.exe
  2⤵
  PID:7880
- C:\Windows\System\TvHNaYf.exe
  C:\Windows\System\TvHNaYf.exe
  2⤵
  PID:7896
- C:\Windows\System\iialBdH.exe
  C:\Windows\System\iialBdH.exe
  2⤵
  PID:7912
- C:\Windows\System\GVqqpyL.exe
  C:\Windows\System\GVqqpyL.exe
  2⤵
  PID:7928
- C:\Windows\System\fRuuSuy.exe
  C:\Windows\System\fRuuSuy.exe
  2⤵
  PID:7948
- C:\Windows\System\AWISIck.exe
  C:\Windows\System\AWISIck.exe
  2⤵
  PID:7964
- C:\Windows\System\YMyDVKS.exe
  C:\Windows\System\YMyDVKS.exe
  2⤵
  PID:7984
- C:\Windows\System\bluAgtg.exe
  C:\Windows\System\bluAgtg.exe
  2⤵
  PID:8000
- C:\Windows\System\mFAUxgu.exe
  C:\Windows\System\mFAUxgu.exe
  2⤵
  PID:8016
- C:\Windows\System\UCAoQoH.exe
  C:\Windows\System\UCAoQoH.exe
  2⤵
  PID:8032
- C:\Windows\System\eHiOWxs.exe
  C:\Windows\System\eHiOWxs.exe
  2⤵
  PID:8048
- C:\Windows\System\DvKLwup.exe
  C:\Windows\System\DvKLwup.exe
  2⤵
  PID:8064
- C:\Windows\System\NIlOWuu.exe
  C:\Windows\System\NIlOWuu.exe
  2⤵
  PID:8080
- C:\Windows\System\tjkKWAF.exe
  C:\Windows\System\tjkKWAF.exe
  2⤵
  PID:8096
- C:\Windows\System\RmeeFJT.exe
  C:\Windows\System\RmeeFJT.exe
  2⤵
  PID:8116
- C:\Windows\System\mffNiGA.exe
  C:\Windows\System\mffNiGA.exe
  2⤵
  PID:8136
- C:\Windows\System\RyhrYgm.exe
  C:\Windows\System\RyhrYgm.exe
  2⤵
  PID:8156
- C:\Windows\System\UxkUsRI.exe
  C:\Windows\System\UxkUsRI.exe
  2⤵
  PID:8172
- C:\Windows\System\pLLZlsr.exe
  C:\Windows\System\pLLZlsr.exe
  2⤵
  PID:8188
- C:\Windows\System\fcnqqzm.exe
  C:\Windows\System\fcnqqzm.exe
  2⤵
  PID:7180
- C:\Windows\System\LiDpPkZ.exe
  C:\Windows\System\LiDpPkZ.exe
  2⤵
  PID:7128
- C:\Windows\System\CqLFbQl.exe
  C:\Windows\System\CqLFbQl.exe
  2⤵
  PID:7216
- C:\Windows\System\HMCCfld.exe
  C:\Windows\System\HMCCfld.exe
  2⤵
  PID:7284
- C:\Windows\System\AtcgurE.exe
  C:\Windows\System\AtcgurE.exe
  2⤵
  PID:7200
- C:\Windows\System\kcDwlTS.exe
  C:\Windows\System\kcDwlTS.exe
  2⤵
  PID:7296
- C:\Windows\System\vDSyUzh.exe
  C:\Windows\System\vDSyUzh.exe
  2⤵
  PID:7232
- C:\Windows\System\DnoPZrt.exe
  C:\Windows\System\DnoPZrt.exe
  2⤵
  PID:7368
- C:\Windows\System\DvMKAEB.exe
  C:\Windows\System\DvMKAEB.exe
  2⤵
  PID:7420
- C:\Windows\System\HXvnuks.exe
  C:\Windows\System\HXvnuks.exe
  2⤵
  PID:7440
- C:\Windows\System\drfsoZw.exe
  C:\Windows\System\drfsoZw.exe
  2⤵
  PID:7476
- C:\Windows\System\bovdWiT.exe
  C:\Windows\System\bovdWiT.exe
  2⤵
  PID:7508
- C:\Windows\System\sMooRvz.exe
  C:\Windows\System\sMooRvz.exe
  2⤵
  PID:7516
- C:\Windows\System\QMfkVSB.exe
  C:\Windows\System\QMfkVSB.exe
  2⤵
  PID:7544
- C:\Windows\System\psJfojZ.exe
  C:\Windows\System\psJfojZ.exe
  2⤵
  PID:7552
- C:\Windows\System\rdTUOAn.exe
  C:\Windows\System\rdTUOAn.exe
  2⤵
  PID:7576
- C:\Windows\System\VtKXFgH.exe
  C:\Windows\System\VtKXFgH.exe
  2⤵
  PID:7592
- C:\Windows\System\GEHBsTQ.exe
  C:\Windows\System\GEHBsTQ.exe
  2⤵
  PID:7600
- C:\Windows\System\YHzXSpc.exe
  C:\Windows\System\YHzXSpc.exe
  2⤵
  PID:7624
- C:\Windows\System\jqTRRZb.exe
  C:\Windows\System\jqTRRZb.exe
  2⤵
  PID:7644
- C:\Windows\System\qPbniZn.exe
  C:\Windows\System\qPbniZn.exe
  2⤵
  PID:7660
- C:\Windows\System\wrRgBID.exe
  C:\Windows\System\wrRgBID.exe
  2⤵
  PID:7668
- C:\Windows\System\HfrBoay.exe
  C:\Windows\System\HfrBoay.exe
  2⤵
  PID:7692
- C:\Windows\System\KgIJJjt.exe
  C:\Windows\System\KgIJJjt.exe
  2⤵
  PID:7704
- C:\Windows\System\ItfTfKG.exe
  C:\Windows\System\ItfTfKG.exe
  2⤵
  PID:7044
- C:\Windows\System\hQLnwDt.exe
  C:\Windows\System\hQLnwDt.exe
  2⤵
  PID:7736
- C:\Windows\System\PEoXEaR.exe
  C:\Windows\System\PEoXEaR.exe
  2⤵
  PID:7760
- C:\Windows\System\foodQIe.exe
  C:\Windows\System\foodQIe.exe
  2⤵
  PID:7776
- C:\Windows\System\OaTscyJ.exe
  C:\Windows\System\OaTscyJ.exe
  2⤵
  PID:7800
- C:\Windows\System\aogGDPy.exe
  C:\Windows\System\aogGDPy.exe
  2⤵
  PID:7816
- C:\Windows\System\HqsGYWF.exe
  C:\Windows\System\HqsGYWF.exe
  2⤵
  PID:7860
- C:\Windows\System\iWHHhHp.exe
  C:\Windows\System\iWHHhHp.exe
  2⤵
  PID:7924
- C:\Windows\System\ImojQvu.exe
  C:\Windows\System\ImojQvu.exe
  2⤵
  PID:7876
- C:\Windows\System\mBmfOEP.exe
  C:\Windows\System\mBmfOEP.exe
  2⤵
  PID:7960
- C:\Windows\System\limVoED.exe
  C:\Windows\System\limVoED.exe
  2⤵
  PID:8060
- C:\Windows\System\PkjQVqw.exe
  C:\Windows\System\PkjQVqw.exe
  2⤵
  PID:7980
- C:\Windows\System\oRHtWMD.exe
  C:\Windows\System\oRHtWMD.exe
  2⤵
  PID:8168
- C:\Windows\System\EflrPAp.exe
  C:\Windows\System\EflrPAp.exe
  2⤵
  PID:7356
- C:\Windows\System\bBtVhFH.exe
  C:\Windows\System\bBtVhFH.exe
  2⤵
  PID:7560
- C:\Windows\System\AGkAlCq.exe
  C:\Windows\System\AGkAlCq.exe
  2⤵
  PID:7428
- C:\Windows\System\gklBvzV.exe
  C:\Windows\System\gklBvzV.exe
  2⤵
  PID:7572
- C:\Windows\System\GcFrXAB.exe
  C:\Windows\System\GcFrXAB.exe
  2⤵
  PID:7992
- C:\Windows\System\rfRkqdE.exe
  C:\Windows\System\rfRkqdE.exe
  2⤵
  PID:7316
- C:\Windows\System\uwfzPnW.exe
  C:\Windows\System\uwfzPnW.exe
  2⤵
  PID:7228
- C:\Windows\System\moKjAqZ.exe
  C:\Windows\System\moKjAqZ.exe
  2⤵
  PID:8180
- C:\Windows\System\LhrEOBY.exe
  C:\Windows\System\LhrEOBY.exe
  2⤵
  PID:7532
- C:\Windows\System\ZHhRZyI.exe
  C:\Windows\System\ZHhRZyI.exe
  2⤵
  PID:7584
- C:\Windows\System\kbwBqlp.exe
  C:\Windows\System\kbwBqlp.exe
  2⤵
  PID:7488
- C:\Windows\System\tuadLKg.exe
  C:\Windows\System\tuadLKg.exe
  2⤵
  PID:7540
- C:\Windows\System\brpKprn.exe
  C:\Windows\System\brpKprn.exe
  2⤵
  PID:7632
- C:\Windows\System\FqFcczo.exe
  C:\Windows\System\FqFcczo.exe
  2⤵
  PID:7648
- C:\Windows\System\bDrqGOv.exe
  C:\Windows\System\bDrqGOv.exe
  2⤵
  PID:7756
- C:\Windows\System\YqyqwlA.exe
  C:\Windows\System\YqyqwlA.exe
  2⤵
  PID:7824
- C:\Windows\System\GMVtVbH.exe
  C:\Windows\System\GMVtVbH.exe
  2⤵
  PID:7856
- C:\Windows\System\velaNwS.exe
  C:\Windows\System\velaNwS.exe
  2⤵
  PID:7784
- C:\Windows\System\WntGFDS.exe
  C:\Windows\System\WntGFDS.exe
  2⤵
  PID:7812
- C:\Windows\System\juFjUMm.exe
  C:\Windows\System\juFjUMm.exe
  2⤵
  PID:7888
- C:\Windows\System\wxrbIKx.exe
  C:\Windows\System\wxrbIKx.exe
  2⤵
  PID:7972
- C:\Windows\System\FmSMBcA.exe
  C:\Windows\System\FmSMBcA.exe
  2⤵
  PID:7904
- C:\Windows\System\cWNhShU.exe
  C:\Windows\System\cWNhShU.exe
  2⤵
  PID:8076
- C:\Windows\System\lslApKV.exe
  C:\Windows\System\lslApKV.exe
  2⤵
  PID:8072
- C:\Windows\System\kVaoTaW.exe
  C:\Windows\System\kVaoTaW.exe
  2⤵
  PID:7176
- C:\Windows\System\jHqfFGi.exe
  C:\Windows\System\jHqfFGi.exe
  2⤵
  PID:8184
- C:\Windows\System\jflWENy.exe
  C:\Windows\System\jflWENy.exe
  2⤵
  PID:7344
- C:\Windows\System\cHcSPwR.exe
  C:\Windows\System\cHcSPwR.exe
  2⤵
  PID:7252
- C:\Windows\System\uZkBRhl.exe
  C:\Windows\System\uZkBRhl.exe
  2⤵
  PID:7588
- C:\Windows\System\XAvLnng.exe
  C:\Windows\System\XAvLnng.exe
  2⤵
  PID:7684
- C:\Windows\System\RGCTcjZ.exe
  C:\Windows\System\RGCTcjZ.exe
  2⤵
  PID:7772
- C:\Windows\System\BEymXPL.exe
  C:\Windows\System\BEymXPL.exe
  2⤵
  PID:8108
- C:\Windows\System\RPLYaxi.exe
  C:\Windows\System\RPLYaxi.exe
  2⤵
  PID:7604
- C:\Windows\System\GbSyCao.exe
  C:\Windows\System\GbSyCao.exe
  2⤵
  PID:7556
- C:\Windows\System\eKSwwOS.exe
  C:\Windows\System\eKSwwOS.exe
  2⤵
  PID:7696
- C:\Windows\System\BRNnLgN.exe
  C:\Windows\System\BRNnLgN.exe
  2⤵
  PID:8152
- C:\Windows\System\xWwkYMe.exe
  C:\Windows\System\xWwkYMe.exe
  2⤵
  PID:7956
- C:\Windows\System\THnFKox.exe
  C:\Windows\System\THnFKox.exe
  2⤵
  PID:7688
- C:\Windows\System\vKTFizl.exe
  C:\Windows\System\vKTFizl.exe
  2⤵
  PID:7828
- C:\Windows\System\EoplFIn.exe
  C:\Windows\System\EoplFIn.exe
  2⤵
  PID:7940
- C:\Windows\System\QpUMVAZ.exe
  C:\Windows\System\QpUMVAZ.exe
  2⤵
  PID:8092
- C:\Windows\System\qRhMFuy.exe
  C:\Windows\System\qRhMFuy.exe
  2⤵
  PID:7664
- C:\Windows\System\kJSUXAA.exe
  C:\Windows\System\kJSUXAA.exe
  2⤵
  PID:8164
- C:\Windows\System\FMrtvsF.exe
  C:\Windows\System\FMrtvsF.exe
  2⤵
  PID:7808
- C:\Windows\System\SdsmApg.exe
  C:\Windows\System\SdsmApg.exe
  2⤵
  PID:7196
- C:\Windows\System\SRrPYin.exe
  C:\Windows\System\SRrPYin.exe
  2⤵
  PID:7472
- C:\Windows\System\edXVvWE.exe
  C:\Windows\System\edXVvWE.exe
  2⤵
  PID:8212
- C:\Windows\System\YZeDZHX.exe
  C:\Windows\System\YZeDZHX.exe
  2⤵
  PID:8228
- C:\Windows\System\ydOUADN.exe
  C:\Windows\System\ydOUADN.exe
  2⤵
  PID:8244
- C:\Windows\System\klsmcmi.exe
  C:\Windows\System\klsmcmi.exe
  2⤵
  PID:8264
- C:\Windows\System\yKncONr.exe
  C:\Windows\System\yKncONr.exe
  2⤵
  PID:8312
- C:\Windows\System\fYggrCL.exe
  C:\Windows\System\fYggrCL.exe
  2⤵
  PID:8332
- C:\Windows\System\yPoOsJf.exe
  C:\Windows\System\yPoOsJf.exe
  2⤵
  PID:8356
- C:\Windows\System\lWHUODy.exe
  C:\Windows\System\lWHUODy.exe
  2⤵
  PID:8380
- C:\Windows\System\QqczIsR.exe
  C:\Windows\System\QqczIsR.exe
  2⤵
  PID:8396
- C:\Windows\System\YsiwmGr.exe
  C:\Windows\System\YsiwmGr.exe
  2⤵
  PID:8412
- C:\Windows\System\hDPIvLB.exe
  C:\Windows\System\hDPIvLB.exe
  2⤵
  PID:8432
- C:\Windows\System\OQwmCVv.exe
  C:\Windows\System\OQwmCVv.exe
  2⤵
  PID:8448
- C:\Windows\System\XqSovEx.exe
  C:\Windows\System\XqSovEx.exe
  2⤵
  PID:8464
- C:\Windows\System\KzKyMMK.exe
  C:\Windows\System\KzKyMMK.exe
  2⤵
  PID:8480
- C:\Windows\System\wvZvoqy.exe
  C:\Windows\System\wvZvoqy.exe
  2⤵
  PID:8508
- C:\Windows\System\rStNOVO.exe
  C:\Windows\System\rStNOVO.exe
  2⤵
  PID:8532
- C:\Windows\System\lShuuhX.exe
  C:\Windows\System\lShuuhX.exe
  2⤵
  PID:8548
- C:\Windows\System\VORJAXD.exe
  C:\Windows\System\VORJAXD.exe
  2⤵
  PID:8712
- C:\Windows\System\qlBqehP.exe
  C:\Windows\System\qlBqehP.exe
  2⤵
  PID:8728
- C:\Windows\System\sIBAKQz.exe
  C:\Windows\System\sIBAKQz.exe
  2⤵
  PID:8744
- C:\Windows\System\UKhjlQH.exe
  C:\Windows\System\UKhjlQH.exe
  2⤵
  PID:8764
- C:\Windows\System\OOovzkt.exe
  C:\Windows\System\OOovzkt.exe
  2⤵
  PID:8788
- C:\Windows\System\iMdzHir.exe
  C:\Windows\System\iMdzHir.exe
  2⤵
  PID:8804
- C:\Windows\System\ECWATZX.exe
  C:\Windows\System\ECWATZX.exe
  2⤵
  PID:8824
- C:\Windows\System\dZzWiPS.exe
  C:\Windows\System\dZzWiPS.exe
  2⤵
  PID:8852
- C:\Windows\System\woBYQwr.exe
  C:\Windows\System\woBYQwr.exe
  2⤵
  PID:8872
- C:\Windows\System\OqupvoL.exe
  C:\Windows\System\OqupvoL.exe
  2⤵
  PID:8888
- C:\Windows\System\qhbzTHR.exe
  C:\Windows\System\qhbzTHR.exe
  2⤵
  PID:8912
- C:\Windows\System\ADJFbew.exe
  C:\Windows\System\ADJFbew.exe
  2⤵
  PID:8928
- C:\Windows\System\fwIRYWD.exe
  C:\Windows\System\fwIRYWD.exe
  2⤵
  PID:8952
- C:\Windows\System\lMkjshS.exe
  C:\Windows\System\lMkjshS.exe
  2⤵
  PID:8968
- C:\Windows\System\oyVKliH.exe
  C:\Windows\System\oyVKliH.exe
  2⤵
  PID:8988
- C:\Windows\System\hjhDxdP.exe
  C:\Windows\System\hjhDxdP.exe
  2⤵
  PID:9004
- C:\Windows\System\TCMgENs.exe
  C:\Windows\System\TCMgENs.exe
  2⤵
  PID:9020
- C:\Windows\System\OsSxHFC.exe
  C:\Windows\System\OsSxHFC.exe
  2⤵
  PID:9044
- C:\Windows\System\GmzVBbI.exe
  C:\Windows\System\GmzVBbI.exe
  2⤵
  PID:9060
- C:\Windows\System\bnLPQXc.exe
  C:\Windows\System\bnLPQXc.exe
  2⤵
  PID:9080
- C:\Windows\System\ytJJFkS.exe
  C:\Windows\System\ytJJFkS.exe
  2⤵
  PID:9096
- C:\Windows\System\xdYsfLA.exe
  C:\Windows\System\xdYsfLA.exe
  2⤵
  PID:9112
- C:\Windows\System\JoLBcBE.exe
  C:\Windows\System\JoLBcBE.exe
  2⤵
  PID:9128
- C:\Windows\System\KedqpEU.exe
  C:\Windows\System\KedqpEU.exe
  2⤵
  PID:9148
- C:\Windows\System\HhJUoKW.exe
  C:\Windows\System\HhJUoKW.exe
  2⤵
  PID:9168
- C:\Windows\System\aJLbkbs.exe
  C:\Windows\System\aJLbkbs.exe
  2⤵
  PID:7716
- C:\Windows\System\FCxMYCb.exe
  C:\Windows\System\FCxMYCb.exe
  2⤵
  PID:8208
- C:\Windows\System\byaHdsZ.exe
  C:\Windows\System\byaHdsZ.exe
  2⤵
  PID:1572
- C:\Windows\System\IDrjFZm.exe
  C:\Windows\System\IDrjFZm.exe
  2⤵
  PID:8320
- C:\Windows\System\qnYRfXV.exe
  C:\Windows\System\qnYRfXV.exe
  2⤵
  PID:8300
- C:\Windows\System\lBxVMTK.exe
  C:\Windows\System\lBxVMTK.exe
  2⤵
  PID:8280
- C:\Windows\System\npeZyAX.exe
  C:\Windows\System\npeZyAX.exe
  2⤵
  PID:8368
- C:\Windows\System\vmnMvEb.exe
  C:\Windows\System\vmnMvEb.exe
  2⤵
  PID:8376
- C:\Windows\System\EUDHomV.exe
  C:\Windows\System\EUDHomV.exe
  2⤵
  PID:8408
- C:\Windows\System\QnDAGPh.exe
  C:\Windows\System\QnDAGPh.exe
  2⤵
  PID:8440
- C:\Windows\System\fvXVaiD.exe
  C:\Windows\System\fvXVaiD.exe
  2⤵
  PID:8460
- C:\Windows\System\nsCuLis.exe
  C:\Windows\System\nsCuLis.exe
  2⤵
  PID:8520
- C:\Windows\System\uIzGXxE.exe
  C:\Windows\System\uIzGXxE.exe
  2⤵
  PID:8544
- C:\Windows\System\WtKhLAX.exe
  C:\Windows\System\WtKhLAX.exe
  2⤵
  PID:8568
- C:\Windows\System\XhYCPvr.exe
  C:\Windows\System\XhYCPvr.exe
  2⤵
  PID:8592
- C:\Windows\System\KsxmJaQ.exe
  C:\Windows\System\KsxmJaQ.exe
  2⤵
  PID:8612
- C:\Windows\System\DOlavFI.exe
  C:\Windows\System\DOlavFI.exe
  2⤵
  PID:8648
- C:\Windows\System\jHiWTgN.exe
  C:\Windows\System\jHiWTgN.exe
  2⤵
  PID:8660
- C:\Windows\System\ORBRYmh.exe
  C:\Windows\System\ORBRYmh.exe
  2⤵
  PID:8684
- C:\Windows\System\dUEBGrC.exe
  C:\Windows\System\dUEBGrC.exe
  2⤵
  PID:8704
- C:\Windows\System\XqUzbwV.exe
  C:\Windows\System\XqUzbwV.exe
  2⤵
  PID:8736
- C:\Windows\System\quqLmcX.exe
  C:\Windows\System\quqLmcX.exe
  2⤵
  PID:8772
- C:\Windows\System\JhrHLjP.exe
  C:\Windows\System\JhrHLjP.exe
  2⤵
  PID:8756
- C:\Windows\System\APcriaM.exe
  C:\Windows\System\APcriaM.exe
  2⤵
  PID:8896
- C:\Windows\System\wbsPttO.exe
  C:\Windows\System\wbsPttO.exe
  2⤵
  PID:8840
- C:\Windows\System\BACFmkG.exe
  C:\Windows\System\BACFmkG.exe
  2⤵
  PID:8944
- C:\Windows\System\JTkzKDB.exe
  C:\Windows\System\JTkzKDB.exe
  2⤵
  PID:8984
- C:\Windows\System\iMeTJMj.exe
  C:\Windows\System\iMeTJMj.exe
  2⤵
  PID:9052
- C:\Windows\System\QcYVUUn.exe
  C:\Windows\System\QcYVUUn.exe
  2⤵
  PID:9036
- C:\Windows\System\ZHiCdAY.exe
  C:\Windows\System\ZHiCdAY.exe
  2⤵
  PID:8964
- C:\Windows\System\syYPimm.exe
  C:\Windows\System\syYPimm.exe
  2⤵
  PID:9164
- C:\Windows\System\gknIxDv.exe
  C:\Windows\System\gknIxDv.exe
  2⤵
  PID:8884
- C:\Windows\System\nYXAdKS.exe
  C:\Windows\System\nYXAdKS.exe
  2⤵
  PID:9140
- C:\Windows\System\PDFhGrr.exe
  C:\Windows\System\PDFhGrr.exe
  2⤵
  PID:9136
- C:\Windows\System\nQIaQPf.exe
  C:\Windows\System\nQIaQPf.exe
  2⤵
  PID:9180
- C:\Windows\System\IiBaekd.exe
  C:\Windows\System\IiBaekd.exe
  2⤵
  PID:9208
- C:\Windows\System\TombeYo.exe
  C:\Windows\System\TombeYo.exe
  2⤵
  PID:8220
- C:\Windows\System\yFilsgh.exe
  C:\Windows\System\yFilsgh.exe
  2⤵
  PID:8284
- C:\Windows\System\yWYNhgZ.exe
  C:\Windows\System\yWYNhgZ.exe
  2⤵
  PID:8288
- C:\Windows\System\UFBBOeX.exe
  C:\Windows\System\UFBBOeX.exe
  2⤵
  PID:8352
- C:\Windows\System\TsWDfig.exe
  C:\Windows\System\TsWDfig.exe
  2⤵
  PID:8496
- C:\Windows\System\ojGmVRy.exe
  C:\Windows\System\ojGmVRy.exe
  2⤵
  PID:8600
- C:\Windows\System\hZVymzl.exe
  C:\Windows\System\hZVymzl.exe
  2⤵
  PID:8456
- C:\Windows\System\gKQkksr.exe
  C:\Windows\System\gKQkksr.exe
  2⤵
  PID:8528
- C:\Windows\System\rYESXCF.exe
  C:\Windows\System\rYESXCF.exe
  2⤵
  PID:8624
- C:\Windows\System\esqcsKj.exe
  C:\Windows\System\esqcsKj.exe
  2⤵
  PID:8640
- C:\Windows\System\byYORnQ.exe
  C:\Windows\System\byYORnQ.exe
  2⤵
  PID:8672
- C:\Windows\System\pnSBzSD.exe
  C:\Windows\System\pnSBzSD.exe
  2⤵
  PID:8708
- C:\Windows\System\aIeEmSN.exe
  C:\Windows\System\aIeEmSN.exe
  2⤵
  PID:8796
- C:\Windows\System\ijSXuaz.exe
  C:\Windows\System\ijSXuaz.exe
  2⤵
  PID:8860
- C:\Windows\System\WjZaXEX.exe
  C:\Windows\System\WjZaXEX.exe
  2⤵
  PID:9016
- C:\Windows\System\RzhwmBK.exe
  C:\Windows\System\RzhwmBK.exe
  2⤵
  PID:9040
- C:\Windows\System\pYgEfFd.exe
  C:\Windows\System\pYgEfFd.exe
  2⤵
  PID:8328
- C:\Windows\System\EhTEtDH.exe
  C:\Windows\System\EhTEtDH.exe
  2⤵
  PID:8516
- C:\Windows\System\kMQOlve.exe
  C:\Windows\System\kMQOlve.exe
  2⤵
  PID:9156
- C:\Windows\System\LFByQHC.exe
  C:\Windows\System\LFByQHC.exe
  2⤵
  PID:8636
- C:\Windows\System\RNcTmyk.exe
  C:\Windows\System\RNcTmyk.exe
  2⤵
  PID:9212
- C:\Windows\System\EPhTONc.exe
  C:\Windows\System\EPhTONc.exe
  2⤵
  PID:9088
- C:\Windows\System\OWYAeYn.exe
  C:\Windows\System\OWYAeYn.exe
  2⤵
  PID:8740
- C:\Windows\System\MutJgsh.exe
  C:\Windows\System\MutJgsh.exe
  2⤵
  PID:8996
- C:\Windows\System\coLVgFw.exe
  C:\Windows\System\coLVgFw.exe
  2⤵
  PID:8472
- C:\Windows\System\kJzqWbE.exe
  C:\Windows\System\kJzqWbE.exe
  2⤵
  PID:8256
- C:\Windows\System\wcldume.exe
  C:\Windows\System\wcldume.exe
  2⤵
  PID:8488
- C:\Windows\System\CVcgOIX.exe
  C:\Windows\System\CVcgOIX.exe
  2⤵
  PID:8388
- C:\Windows\System\sSmMufo.exe
  C:\Windows\System\sSmMufo.exe
  2⤵
  PID:8784
- C:\Windows\System\SycssKb.exe
  C:\Windows\System\SycssKb.exe
  2⤵
  PID:9076
- C:\Windows\System\NUhcfLs.exe
  C:\Windows\System\NUhcfLs.exe
  2⤵
  PID:8936
- C:\Windows\System\YIWqaom.exe
  C:\Windows\System\YIWqaom.exe
  2⤵
  PID:8240
- C:\Windows\System\QAHlNVi.exe
  C:\Windows\System\QAHlNVi.exe
  2⤵
  PID:8564
- C:\Windows\System\lqqHPoi.exe
  C:\Windows\System\lqqHPoi.exe
  2⤵
  PID:8540
- C:\Windows\System\EZLGqol.exe
  C:\Windows\System\EZLGqol.exe
  2⤵
  PID:7700
- C:\Windows\System\jParmir.exe
  C:\Windows\System\jParmir.exe
  2⤵
  PID:8800
- C:\Windows\System\ARIbsGT.exe
  C:\Windows\System\ARIbsGT.exe
  2⤵
  PID:8904
- C:\Windows\System\XpYFPYp.exe
  C:\Windows\System\XpYFPYp.exe
  2⤵
  PID:9032
- C:\Windows\System\JkWmgLp.exe
  C:\Windows\System\JkWmgLp.exe
  2⤵
  PID:9188
- C:\Windows\System\gUdcZMi.exe
  C:\Windows\System\gUdcZMi.exe
  2⤵
  PID:8820
- C:\Windows\System\wetLkrn.exe
  C:\Windows\System\wetLkrn.exe
  2⤵
  PID:8980
- C:\Windows\System\PfPiUGF.exe
  C:\Windows\System\PfPiUGF.exe
  2⤵
  PID:8424
- C:\Windows\System\DFJeaeD.exe
  C:\Windows\System\DFJeaeD.exe
  2⤵
  PID:8676
- C:\Windows\System\ZCLfAxe.exe
  C:\Windows\System\ZCLfAxe.exe
  2⤵
  PID:8580
- C:\Windows\System\WosHTxp.exe
  C:\Windows\System\WosHTxp.exe
  2⤵
  PID:9200
- C:\Windows\System\QKnffFT.exe
  C:\Windows\System\QKnffFT.exe
  2⤵
  PID:8620
- C:\Windows\System\GIitcEf.exe
  C:\Windows\System\GIitcEf.exe
  2⤵
  PID:8556
- C:\Windows\System\tqrLXSG.exe
  C:\Windows\System\tqrLXSG.exe
  2⤵
  PID:8976
- C:\Windows\System\hiOIpkO.exe
  C:\Windows\System\hiOIpkO.exe
  2⤵
  PID:8428
- C:\Windows\System\DCnbQPc.exe
  C:\Windows\System\DCnbQPc.exe
  2⤵
  PID:9108
- C:\Windows\System\HLgvQbJ.exe
  C:\Windows\System\HLgvQbJ.exe
  2⤵
  PID:9224
- C:\Windows\System\tUcIIHJ.exe
  C:\Windows\System\tUcIIHJ.exe
  2⤵
  PID:9244
- C:\Windows\System\ZXyIjRJ.exe
  C:\Windows\System\ZXyIjRJ.exe
  2⤵
  PID:9260
- C:\Windows\System\tgYZyCP.exe
  C:\Windows\System\tgYZyCP.exe
  2⤵
  PID:9284
- C:\Windows\System\QQMXKGt.exe
  C:\Windows\System\QQMXKGt.exe
  2⤵
  PID:9304
- C:\Windows\System\wWpjVhF.exe
  C:\Windows\System\wWpjVhF.exe
  2⤵
  PID:9320
- C:\Windows\System\fdHlopX.exe
  C:\Windows\System\fdHlopX.exe
  2⤵
  PID:9340
- C:\Windows\System\KAHTLnr.exe
  C:\Windows\System\KAHTLnr.exe
  2⤵
  PID:9372
- C:\Windows\System\TqUxdIl.exe
  C:\Windows\System\TqUxdIl.exe
  2⤵
  PID:9388
- C:\Windows\System\infMvNf.exe
  C:\Windows\System\infMvNf.exe
  2⤵
  PID:9412
- C:\Windows\System\FpjqkQi.exe
  C:\Windows\System\FpjqkQi.exe
  2⤵
  PID:9432
- C:\Windows\System\xkiRXAm.exe
  C:\Windows\System\xkiRXAm.exe
  2⤵
  PID:9456
- C:\Windows\System\Pyljlbh.exe
  C:\Windows\System\Pyljlbh.exe
  2⤵
  PID:9472
- C:\Windows\System\GilglPu.exe
  C:\Windows\System\GilglPu.exe
  2⤵
  PID:9492
- C:\Windows\System\QpeDIjw.exe
  C:\Windows\System\QpeDIjw.exe
  2⤵
  PID:9512
- C:\Windows\System\TfHFqLp.exe
  C:\Windows\System\TfHFqLp.exe
  2⤵
  PID:9536
- C:\Windows\System\vGLDqNu.exe
  C:\Windows\System\vGLDqNu.exe
  2⤵
  PID:9552
- C:\Windows\System\BsPiLLH.exe
  C:\Windows\System\BsPiLLH.exe
  2⤵
  PID:9588
- C:\Windows\System\ZUrHytb.exe
  C:\Windows\System\ZUrHytb.exe
  2⤵
  PID:9608
- C:\Windows\System\EXEFVVY.exe
  C:\Windows\System\EXEFVVY.exe
  2⤵
  PID:9624
- C:\Windows\System\YocpKCb.exe
  C:\Windows\System\YocpKCb.exe
  2⤵
  PID:9644
- C:\Windows\System\xmpSvDo.exe
  C:\Windows\System\xmpSvDo.exe
  2⤵
  PID:9676
- C:\Windows\System\CeGdDil.exe
  C:\Windows\System\CeGdDil.exe
  2⤵
  PID:9692
- C:\Windows\System\ipJNxoQ.exe
  C:\Windows\System\ipJNxoQ.exe
  2⤵
  PID:9708
- C:\Windows\System\gtidjqW.exe
  C:\Windows\System\gtidjqW.exe
  2⤵
  PID:9724
- C:\Windows\System\XdyCONv.exe
  C:\Windows\System\XdyCONv.exe
  2⤵
  PID:9748
- C:\Windows\System\sbzOvoO.exe
  C:\Windows\System\sbzOvoO.exe
  2⤵
  PID:9768
- C:\Windows\System\frZFWJN.exe
  C:\Windows\System\frZFWJN.exe
  2⤵
  PID:9792
- C:\Windows\System\BxDCPPf.exe
  C:\Windows\System\BxDCPPf.exe
  2⤵
  PID:9812
- C:\Windows\System\KHgNZGr.exe
  C:\Windows\System\KHgNZGr.exe
  2⤵
  PID:9836
- C:\Windows\System\nvQBhdU.exe
  C:\Windows\System\nvQBhdU.exe
  2⤵
  PID:9852
- C:\Windows\System\HfLjExY.exe
  C:\Windows\System\HfLjExY.exe
  2⤵
  PID:9872
- C:\Windows\System\GGQLvtj.exe
  C:\Windows\System\GGQLvtj.exe
  2⤵
  PID:9900
- C:\Windows\System\dzoRvqz.exe
  C:\Windows\System\dzoRvqz.exe
  2⤵
  PID:9916
- C:\Windows\System\EkynfaR.exe
  C:\Windows\System\EkynfaR.exe
  2⤵
  PID:9932
- C:\Windows\System\qWszwqj.exe
  C:\Windows\System\qWszwqj.exe
  2⤵
  PID:9956
- C:\Windows\System\HEsusCC.exe
  C:\Windows\System\HEsusCC.exe
  2⤵
  PID:9976
- C:\Windows\System\icSTprj.exe
  C:\Windows\System\icSTprj.exe
  2⤵
  PID:9996
- C:\Windows\System\hDxzmAo.exe
  C:\Windows\System\hDxzmAo.exe
  2⤵
  PID:10024
- C:\Windows\System\sxxMjfl.exe
  C:\Windows\System\sxxMjfl.exe
  2⤵
  PID:10044
- C:\Windows\System\qTRSEAf.exe
  C:\Windows\System\qTRSEAf.exe
  2⤵
  PID:10060
- C:\Windows\System\uwhBsLB.exe
  C:\Windows\System\uwhBsLB.exe
  2⤵
  PID:10084
- C:\Windows\System\edYvuTj.exe
  C:\Windows\System\edYvuTj.exe
  2⤵
  PID:10108
- C:\Windows\System\fGPlOtt.exe
  C:\Windows\System\fGPlOtt.exe
  2⤵
  PID:10132
- C:\Windows\System\RZTSYbs.exe
  C:\Windows\System\RZTSYbs.exe
  2⤵
  PID:10148
- C:\Windows\System\fbtEADg.exe
  C:\Windows\System\fbtEADg.exe
  2⤵
  PID:10168
- C:\Windows\System\cQUFCZk.exe
  C:\Windows\System\cQUFCZk.exe
  2⤵
  PID:10188
- C:\Windows\System\rCBivmS.exe
  C:\Windows\System\rCBivmS.exe
  2⤵
  PID:10208
- C:\Windows\System\BilYfjt.exe
  C:\Windows\System\BilYfjt.exe
  2⤵
  PID:10228
- C:\Windows\System\cLYdhho.exe
  C:\Windows\System\cLYdhho.exe
  2⤵
  PID:9236
- C:\Windows\System\XwKWFdr.exe
  C:\Windows\System\XwKWFdr.exe
  2⤵
  PID:9280
- C:\Windows\System\FIWrKAo.exe
  C:\Windows\System\FIWrKAo.exe
  2⤵
  PID:9300
- C:\Windows\System\xQQTWBQ.exe
  C:\Windows\System\xQQTWBQ.exe
  2⤵
  PID:9328
- C:\Windows\System\xxMvxdW.exe
  C:\Windows\System\xxMvxdW.exe
  2⤵
  PID:9360
- C:\Windows\System\ICWYeLS.exe
  C:\Windows\System\ICWYeLS.exe
  2⤵
  PID:9384
- C:\Windows\System\CYviVAs.exe
  C:\Windows\System\CYviVAs.exe
  2⤵
  PID:9444
- C:\Windows\System\baLbOFZ.exe
  C:\Windows\System\baLbOFZ.exe
  2⤵
  PID:9468
- C:\Windows\System\yIhYntY.exe
  C:\Windows\System\yIhYntY.exe
  2⤵
  PID:9500
- C:\Windows\System\lgjmRUB.exe
  C:\Windows\System\lgjmRUB.exe
  2⤵
  PID:9524
- C:\Windows\System\cShOAOI.exe
  C:\Windows\System\cShOAOI.exe
  2⤵
  PID:9560
- C:\Windows\System\saWisAV.exe
  C:\Windows\System\saWisAV.exe
  2⤵
  PID:9604
- C:\Windows\System\MYFTJns.exe
  C:\Windows\System\MYFTJns.exe
  2⤵
  PID:9640
- C:\Windows\System\JtrZPpM.exe
  C:\Windows\System\JtrZPpM.exe
  2⤵
  PID:9668
- C:\Windows\System\mWPcRwB.exe
  C:\Windows\System\mWPcRwB.exe
  2⤵
  PID:9716
- C:\Windows\System\MdqNvaG.exe
  C:\Windows\System\MdqNvaG.exe
  2⤵
  PID:9800
- C:\Windows\System\UoSkFkA.exe
  C:\Windows\System\UoSkFkA.exe
  2⤵
  PID:9744
- C:\Windows\System\iUFkPxv.exe
  C:\Windows\System\iUFkPxv.exe
  2⤵
  PID:9820
- C:\Windows\System\ZlwhXeM.exe
  C:\Windows\System\ZlwhXeM.exe
  2⤵
  PID:9844
- C:\Windows\System\GPfeCfg.exe
  C:\Windows\System\GPfeCfg.exe
  2⤵
  PID:9860
- C:\Windows\System\mIEjmua.exe
  C:\Windows\System\mIEjmua.exe
  2⤵
  PID:9908
- C:\Windows\System\wNREjmU.exe
  C:\Windows\System\wNREjmU.exe
  2⤵
  PID:9944
- C:\Windows\System\BwShcrq.exe
  C:\Windows\System\BwShcrq.exe
  2⤵
  PID:9972
- C:\Windows\System\nDNNqRQ.exe
  C:\Windows\System\nDNNqRQ.exe
  2⤵
  PID:9992
- C:\Windows\System\dmyxZkf.exe
  C:\Windows\System\dmyxZkf.exe
  2⤵
  PID:10068
- C:\Windows\System\HQQCpVY.exe
  C:\Windows\System\HQQCpVY.exe
  2⤵
  PID:10096
- C:\Windows\System\GRQYNUQ.exe
  C:\Windows\System\GRQYNUQ.exe
  2⤵
  PID:10144
- C:\Windows\System\xeYZSEj.exe
  C:\Windows\System\xeYZSEj.exe
  2⤵
  PID:10176
- C:\Windows\System\fDMRahC.exe
  C:\Windows\System\fDMRahC.exe
  2⤵
  PID:10220
- C:\Windows\System\rlALpcY.exe
  C:\Windows\System\rlALpcY.exe
  2⤵
  PID:9240
- C:\Windows\System\lNJazUl.exe
  C:\Windows\System\lNJazUl.exe
  2⤵
  PID:10236
- C:\Windows\System\cAbmsmB.exe
  C:\Windows\System\cAbmsmB.exe
  2⤵
  PID:9296
- C:\Windows\System\PFVKccJ.exe
  C:\Windows\System\PFVKccJ.exe
  2⤵
  PID:9380
- C:\Windows\System\VplJKMA.exe
  C:\Windows\System\VplJKMA.exe
  2⤵
  PID:9420
- C:\Windows\System\QUqjOhA.exe
  C:\Windows\System\QUqjOhA.exe
  2⤵
  PID:9404
- C:\Windows\System\FhCRVTW.exe
  C:\Windows\System\FhCRVTW.exe
  2⤵
  PID:9504
- C:\Windows\System\GISvodb.exe
  C:\Windows\System\GISvodb.exe
  2⤵
  PID:9572
- C:\Windows\System\GAmwKws.exe
  C:\Windows\System\GAmwKws.exe
  2⤵
  PID:9664
- C:\Windows\System\nOGGKHR.exe
  C:\Windows\System\nOGGKHR.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GCaNYzo.exe

Filesize
6.0MB

MD5
9a1cfb626e287846b94b037648097520

SHA1
1da833dd751f64994da7a9c792619de38a5c7402

SHA256
f7e8a78e184c1b2a3c13edcd4393752ccebf8fb578cb2ff34738a1e0af54b1db

SHA512
34559a411ca42531b67445cc904b3aa0ec9ec5bd9e04e38868e2a427e0e32ad55953d4d973554281bb705836dd5b49dcab1fade9326495d72e5c6489e3c48ab4

Download Submit
C:\Windows\system\KTICTEO.exe

Filesize
6.0MB

MD5
916fc66263cb68c7a5a8ac0b3636b6ad

SHA1
decbed055652325afe4d7325b17d9a7998bb51e6

SHA256
3b0d46bca10930f77aa58fb313d7ffc826227d3bb80d9d4d786cbab2560e5070

SHA512
49a855d7357a1a9638c58ef7b321dba1e9653f3ff85136e081454e80a1d276c037af345ebeb9f45b6487447a49e3f06021b0038a8fff5e54af59d1e7268d683d

Download Submit
C:\Windows\system\OWgAxWg.exe

Filesize
6.0MB

MD5
48a21600df5fde7e8e830adca05ae028

SHA1
b709bbf8447c6fefaf7ea751c57c074ec164342b

SHA256
18cd419095307a681d37acf022a3f3cab6e65c56ab049e3f9a543a3de8d3f647

SHA512
f7eede8a9e36ea75f6b163820594976e6acaa687e8b1a2c1f4b98443b8eae33a914cbfb5775c831d58d6ab4fca408a1e09b8f2f0ee0fef24aec7972fc93c59bf

Download Submit
C:\Windows\system\PubmpZO.exe

Filesize
6.0MB

MD5
93a06d0785cfc8baa8d04d39c615a798

SHA1
acf1992a9065f7a65c2c6db1eef36b54a0a2293a

SHA256
b6afd3f608b5099718cf9945380bdccb44118cad7179f308502d13865e282ea8

SHA512
e97f29240589e2e78c7e6475f6867dbc3a178da08fa1f902f9f95398a790d93a27f61b2cf788c01ae56f770ed04137177a4bfbcad38aaead5af7a7ba7ebd3031

Download Submit
C:\Windows\system\RGWQYcf.exe

Filesize
6.0MB

MD5
7aedc0e38878f1b39f7021945546fbe8

SHA1
5820baf84f978177b250fe7321e8766ade9cc8e0

SHA256
a591036ffb6deaab909c159fc823a6c5609e2b9cfe25748f1dde4fa9453b60b7

SHA512
9f1ff56e76dc190069fe1ba4f1eda8922c9c737669940257d70e528111b76a8da56e0a714ae1ffd82907057c59d8cd98ac1db1c18dcbcf14195eed3be6dd0f00

Download Submit
C:\Windows\system\RRSdPDr.exe

Filesize
6.0MB

MD5
c9a3e1560f143e696fcae56560971bc6

SHA1
8a2a4ef60234dcfb6e1811c4a0014b1d6611b56c

SHA256
5b682e2e2426bbd040e7321beb84575cdf8c14fd3814b5f7f2e25f567dd596e8

SHA512
f816d2c88975141f4d1cafd112f367009d6372da1445a2829506d098079b5d491bebf6c38df5d72814277d5cf20865ae3b9ae480e8d260cb0c3542b6baf19df4

Download Submit
C:\Windows\system\RyzauFM.exe

Filesize
6.0MB

MD5
a04aefe9118d10d9ddeafa0e99f1f80b

SHA1
56461012ff3bf3fb6a26defe56408ef0e3e48346

SHA256
de873951926304c542c1c3311ae4c7ab3d653dfade8b500bd22926c02000d2bc

SHA512
77842d84bef0cb2b166112e9d54721bf2037cec0275a80f2cfec9206531aae31f48bc78faaf40872f186194c8424a52a5af717a26c465cdccc10a6ce16a34ddc

Download Submit
C:\Windows\system\VUmRKQD.exe

Filesize
6.0MB

MD5
a71320f935a9f9e9c1e8b061ea7d5450

SHA1
25a6da305e3c35a06e4f8f167755758e1dcf1de1

SHA256
052b3c0b96d9ee7fb0328a7062b70bde0119008295396469de84b890b97e7942

SHA512
b468c7430dea533359bc2584bb1a5da36b1b38d500d4a0d37d0501a5c6b9f0ed2948bb882caf68a138209e4de07f416f947dd5fd42b5e5aab2cb856b25d7f4ac

Download Submit
C:\Windows\system\WdAsamD.exe

Filesize
6.0MB

MD5
079b33e2101b60cbae76a88ffa365fcc

SHA1
a994c57b465c6848965c83e2410b4067920e357e

SHA256
ef07cca8a9e22ae5adca252bf9cab7edb0087f2eec8a6e0c7c7b5f1f4e50d3be

SHA512
a0da117938673a64f8e16b66be2754c8aab9e6110676be8dbcb95784f3d08359a63c2b55933eaf165a20af4e0fdaeaa1171a19ed528ba3dd352736f8d73fadce

Download Submit
C:\Windows\system\XaXNijW.exe

Filesize
6.0MB

MD5
5a2aaa750819a17d3d4c8f98afae573a

SHA1
c55d752ea22538ccda80d0041fcd5e5a6d8cebbc

SHA256
bafd766e6f60ce8813794023dbe12cef5d223105c8e2b0911ec1654bb85bbc36

SHA512
a4ade1a86c6d239a954e1ce78dd832a6137c045a20df98f03b83f71542b13906f14c34192961782643a17194d81918535e0f46b0853d7ef19e0a3a7923f6fd9e

Download Submit
C:\Windows\system\YBPuXmo.exe

Filesize
6.0MB

MD5
3fac85d0a3ad86e15d4d86fb4afca393

SHA1
1c8ffa2b91b3c3e297562816c15c6fe06334df82

SHA256
6a2a0beefb1e36832cd45db5884c0138573879875c1de934928be645f4e7468b

SHA512
beaee8881a4f41d3fcafdfe7ae7c3cb690db29d7719c78e9dbd595f13c773da87bb19c95581d1a99e149a783647c718aa4cddb6ba2771e2cc7dce2bcd7b36f12

Download Submit
C:\Windows\system\ZnjLMva.exe

Filesize
6.0MB

MD5
49bf0106287f7e6334b92b9418615630

SHA1
2c416f8ff1663eb3408ff4b27971fcc70cd4d582

SHA256
edb4a9981e5a9516ee2ed33bc2f1121958ec253eab19c543cb8d4afa4c9cec69

SHA512
233f787b06b72aab77d9e23d81d4f86d3cedea93c6f26419c686aaa07c80127858c7fb07ca11a546b59b03a27042c09492e052a4b88c2dcb36ff89b441bda52c

Download Submit
C:\Windows\system\aZSfMEE.exe

Filesize
6.0MB

MD5
f2555b372f28727a2eefd6dfb540233b

SHA1
882cc65432a7058947ead7a1eb569b998136f44a

SHA256
b206a1112f24ae3236830d4ca93f4294aa8500818d2722178e7cae2c9e426090

SHA512
00f54923f72691ffd78eebff1f3eb1502999fdcd60cbefdabed7ac624ea3291fef5aa2269460e9376df434b0c12506853177c9591166954cf6619f19ae15858e

Download Submit
C:\Windows\system\cSDZHKq.exe

Filesize
6.0MB

MD5
7dbeb7e8780854187afde647ca3842b6

SHA1
239d1997dc695dfe8b6393a0c4e67fbb32a6b459

SHA256
38e498549dcd1457ed8346a2c7d4e3f25bf6d253f9cfaf728ae386227f95fb15

SHA512
526c32ac12a20f2e9e28ac3ae4385bcc86bf0b2e6516fed80fa924a7b877946cc87bbb9b3bd14ed239c28ae715f94168bc509112a86129024f2a96ebf3002804

Download Submit
C:\Windows\system\fXvgSqr.exe

Filesize
6.0MB

MD5
2532092e6cc58f92a667bec74c4175f1

SHA1
0fdccdd2223b1bedf2d7c3cbcbe631421eae316b

SHA256
6d0da7331390719897f639d7ceeed620515c6cf347feb403a68859767df0a7fb

SHA512
5668f83e7afc91d5d2044358add2d60dfa728ab0e513c8f808d5ee7344d6349d809e9ebae2b554b83e06d16f0db97010b49a04221f4491868a1884328dc08f15

Download Submit
C:\Windows\system\hYqsVFS.exe

Filesize
6.0MB

MD5
744cc851949546143296f8c742181428

SHA1
e6ae91b0ada3f9f0c3eebd2e7bbd06dc1807e184

SHA256
a93d47ae662fc969754536002c93d833078be43ccaa605deeb54849c20a4b9de

SHA512
720a7fabd9783071d1eceea8e6f3a6506048bbf102d493e67043cf7c2825f4f879f7c6f49fa99e393ec0e388fe136ce5a2f761c4603c76ba7dd97b6dc6109c57

Download Submit
C:\Windows\system\hkFdThG.exe

Filesize
6.0MB

MD5
e889c06a988a10b3307242d1062fe1e2

SHA1
3b0318119d27555d84753039217eaf9ce818b3b1

SHA256
3f17623ec31b8a884b155e0fe0c1621c969676635754fb1e8bf6f4c723c988d4

SHA512
6f44693288848fbeea119172df3b82fb73a619bc426b1ac1c3a6938fbbeaed1946480dc6378f496cec020a7d85d8232f8aba5a7db3ab4efff341197419a86ec5

Download Submit
C:\Windows\system\mKyYAow.exe

Filesize
6.0MB

MD5
4fb81a1b3e75c19d00d7e93dd00e4168

SHA1
81fa515e18a338ae9878fd91060eeb37556cd5f5

SHA256
b9b3051e45c38bd7e09e6aaceec86d8e36d25a748b1c1bc53133aec4d5516445

SHA512
15f6c55ed64fdb0c85abfba2300ce00da254a1658c9d08b31b20c599950408ef404564a3db571392ea62945c9b0949f2999eecbaec4e111808ae5bb221a5d423

Download Submit
C:\Windows\system\oZkpPWF.exe

Filesize
6.0MB

MD5
099b8a83ff76a4a10830aeb9132a55d7

SHA1
cb6387737e9f18fc4cfecfeb024c8756f1616e5d

SHA256
38ee5a1c619c6e6a230f43afb3edf1f59daf2f8438e43f22743a5483c50278e0

SHA512
3b6c8aa378f9e803cf4ae4cf138aabcdff4011f572f9f4197d6aad67ef38484f49f48c702dcc08611d127518f7faed0ec157e3d4c23052dad96b543f64118b22

Download Submit
C:\Windows\system\qaXBSXj.exe

Filesize
6.0MB

MD5
68d10c70e84ac8602cdd01327b1c12cd

SHA1
83756b1408b2e81ea48d70dadc1b431f1d19291e

SHA256
ad79a01ee09a38ac52ee3b1686560313053aba420ac8594a84e8b686acfecbe4

SHA512
b8c8ec0ab2d0c775ecffbc742682d2e8af195e8c4444a6d53e64c3ce165c0296a5c447d25a04a2718a25e1b5764b675fc4a85bc948d9e5268a82d7e20d6b80fe

Download Submit
C:\Windows\system\rOdRTsn.exe

Filesize
6.0MB

MD5
9454e681bc80cd563f4f8ceb91ec2c24

SHA1
758a3c035c3a9169357cc91fdbace74ab9bd0a13

SHA256
de4822ec345322cd11f0b35f2d3222bd5190d0a03d0a33de5a80ca12df96c8f5

SHA512
84a907b4a51a3b1885ff4024b572d5e7332e3065c561f90c5c09a15bac9d6fa3f659eb3495ab26d32f92c3bd48ab08b8677db57d271d6552f6169b875e05464a

Download Submit
C:\Windows\system\soBpNbq.exe

Filesize
6.0MB

MD5
2675424d62da8cb10f094fb0fd35f337

SHA1
b1e10e2a180da4785dc86c7cf166134e6c852e50

SHA256
8a1dc9cfcb4bffb883231064e13b30a20483f580ef1f0b1178c05ceadcdd3769

SHA512
969e1c338ac8fe661e0a01459bf15336ff69c1f147a3225c3ff6f62fd8e220aca79192d5701bd5a4735d8b91d716b2311a2d2f0796b72d0251b7ac59e6dca44f

Download Submit
C:\Windows\system\sqUMNvy.exe

Filesize
6.0MB

MD5
fcff1bee2fe7c51f20cb6e79bed98585

SHA1
7dab755bdbd26bdc37f98f0e665249b1d29ec0c3

SHA256
b1000620501cf26cd8badbb8b9143a8969ee83987838ea8e1be01596da3a93dc

SHA512
6fe6530ba23ce33c9050d00eab0aa5b20426d1b7e80b2bf38840f32224a2f3f76c2b16a5f2238622126231e96886a0601eb569f184619c18b238c5791b26c73b

Download Submit
C:\Windows\system\uenlhJA.exe

Filesize
6.0MB

MD5
4d0f84ea3b9f1199bfa3e2a7ed0f9217

SHA1
9f538a0eddca1a652ddd288702880417c1b95708

SHA256
b5f490e3bd368c5f21c793d3cb96e7e32b7385c4df95ef8abf59c7280de829dc

SHA512
ad71512d4ca50eb0b0c585aff84c3a89a7c58139afa5f9bb2e76cde9b8bc76c052017dde90f78f9d566ffbfdd69b1fb4eb685f43d82f37806729b8716cd631df

Download Submit
C:\Windows\system\wSYhAXN.exe

Filesize
6.0MB

MD5
1074583da71075be3d6a1abcae6ff094

SHA1
678257cbbb93fa9fc2ca36a2b067fc8c431ea56a

SHA256
0b61566ade2d55b041b89bc376756abc22690bcf62f0afe4eff36e94b0d98e86

SHA512
ef41b723923847399828f47a5a74cec12e77d1731849423077c1c6fb616402e706194451bb8ee81edb9a4565c66946320863102bd3eb53fc3ef602117331c3ca

Download Submit
C:\Windows\system\whkDgQq.exe

Filesize
6.0MB

MD5
1f1c731c901c14b9488a8bf5530e0f5f

SHA1
156af5667f5601a4a1d609664b146b88709e1a98

SHA256
ccadc8e42b0f1777cb4859744dc94c5f5f51aec26a11f8de4e6cddf00798f86b

SHA512
e11d0bd11bfa472c993cbc48b1ea159e99561ddfd2afedaab30677cc7007b4908f026bad75f16fdcb4403d733cfede162b13a16dc32a577f939aa7dfad7b214e

Download Submit
C:\Windows\system\xGxBipQ.exe

Filesize
6.0MB

MD5
080d0e1b5e0098d85e999e9d35c8cdb2

SHA1
7715597afe6a39f1ca75c7d3b97bba25e7586a2f

SHA256
5b63493755ad4a3a2962d3647e6834a75b9865d9b75e909675203cfe756b015d

SHA512
e8faa02abc13e927b3a1165ec6bc4b0592b70a153b6091d58e1714924a2829ae3c399736f292b296e687a68dda6e2d325447f4a397c62604a6e47e1c677cb197

Download Submit
C:\Windows\system\yAtmOjk.exe

Filesize
6.0MB

MD5
f1c34fbc344161536ea8170aeefa0c22

SHA1
cf19e1bfd3aa3e55f0e037c23bfe7c92299699df

SHA256
e14e88e55456613be838006c1761abb2f62267717f8f0b6ee0946b2ae7dbaf00

SHA512
c4d7c1f41808598a32ad3389a080ff09a69cf351265ee4dc752c1fa3c41a370447f9065e947f747bf0c1d31715bd1a07cd9ac50afacc036c864e9cfc9f09195e

Download Submit
C:\Windows\system\yuzQweZ.exe

Filesize
6.0MB

MD5
d5112370f92f62ca0ebafdf0ea3b23fc

SHA1
05583729dd4e4e304588d2deb864af147acf8c25

SHA256
bf49c13e0e1b17894b87f87ddbe605e7d8483d46c7877bb1a64a14e742b83108

SHA512
79f25a436b0d8a150ef685ca87e569696c7d1205004560a3413d5959503f95b306a886485e193321184170814ecec8855117bd7b34a40cc0ff9c86a51cae042d

Download Submit
C:\Windows\system\zWvoUhd.exe

Filesize
6.0MB

MD5
bc637ad602ca343820db35ca30d708af

SHA1
413f3f622ccbd50a6475d7f4ea6d0c6cbc1e989f

SHA256
33f1315c879d0e3cc3d1f478617088d7467ddd82c0694363011007931a1116c9

SHA512
51cc4b9aded06b49d1e8302ff703a2756653f1d1bef0ea25a9bcb5337c68f8ef25ea70b514099c96ee828bcd557fa573340f66d03002103a7f0e817f16ac22eb

Download Submit
\Windows\system\hDlCZJG.exe

Filesize
6.0MB

MD5
544f8e3da70f833ef42d65ab390cb86e

SHA1
5353b24f5f250ee9f3e0e7590411a6fed5224d49

SHA256
a0f8eed1afc8569221c695f44110a105a508704ba2f0e8c5df835d863cfaf4d8

SHA512
8c9b50c2ca72a31b5ab9ba84458bd6ed3dcaddc70255283eb45e4163f5d61bf00ac3402b25e02a0f051c9a81fdc337c95812ca74ef630472415f791585fb9b8c

Download Submit
\Windows\system\uRbpIcp.exe

Filesize
6.0MB

MD5
3e09f10a25dce6578dba18438df361c5

SHA1
0cdf015143c75fafd6b68f83b18f2da62b74680e

SHA256
9b51b74aedb6d7875a703900e94aa7f945d729d8bf0be0f86e0ebba4d1d5aa70

SHA512
08b59ab318f26e2e4d4fb0b6972dbacd997b31a7ac6061a9ddb794d424541929464a1110ccf557b66289301c31a05d7c5689871601bffcf88e3afa6280b009ef

Download Submit
memory/532-154-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/532-3983-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/828-3986-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/828-162-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/864-158-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/864-3981-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/924-160-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/924-3985-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1964-3987-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-166-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-152-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3984-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3982-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2144-148-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2252-164-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3988-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2576-169-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3978-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2600-15-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3977-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3989-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-828-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-24-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-168-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3979-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-137-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3980-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2724-153-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2724-159-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-19-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-165-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-8-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2724-163-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2724-143-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2724-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2724-299-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-136-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2724-149-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-167-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2724-157-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-161-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2820-9-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3976-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download