cobaltstrike | 32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
Size

6.0MB
MD5

525d62fe4de292bd5979aebc14cb4694
SHA1

12cb82ba508491153f1c7ddc05e243495a13290c
SHA256

32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990
SHA512

e95084f7cb7c3f5948f6290d589c33c643b1078d12c2ad0727409f453fc7163545ed0da43d2fed2322a22a1a33681785402f95a82b61f779e6fe0a97e8f0aff6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU1:eOl56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfe-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-45.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c4e-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-90.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-70.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-65.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/2696-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0009000000016cfe-11.dat	xmrig
behavioral1/files/0x0007000000016d0b-16.dat	xmrig
behavioral1/files/0x0007000000016d13-18.dat	xmrig
behavioral1/files/0x0007000000016d24-26.dat	xmrig
behavioral1/files/0x0007000000016d2e-30.dat	xmrig
behavioral1/files/0x0007000000016d36-36.dat	xmrig
behavioral1/files/0x0009000000016d3f-41.dat	xmrig
behavioral1/files/0x0008000000016d47-45.dat	xmrig
behavioral1/files/0x000600000001752f-55.dat	xmrig
behavioral1/files/0x0005000000019234-110.dat	xmrig
behavioral1/files/0x000500000001924c-114.dat	xmrig
behavioral1/memory/1128-113-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-154.dat	xmrig
behavioral1/files/0x00050000000193c4-161.dat	xmrig
behavioral1/files/0x0005000000019389-152.dat	xmrig
behavioral1/files/0x0005000000019382-145.dat	xmrig
behavioral1/files/0x0005000000019277-141.dat	xmrig
behavioral1/files/0x0005000000019271-132.dat	xmrig
behavioral1/files/0x0005000000019273-135.dat	xmrig
behavioral1/files/0x000500000001926b-125.dat	xmrig
behavioral1/files/0x0008000000016c4e-121.dat	xmrig
behavioral1/files/0x0005000000019229-105.dat	xmrig
behavioral1/files/0x0005000000019218-100.dat	xmrig
behavioral1/files/0x00050000000191f7-95.dat	xmrig
behavioral1/files/0x00050000000191f3-90.dat	xmrig
behavioral1/files/0x00060000000190d6-85.dat	xmrig
behavioral1/files/0x00060000000190cd-80.dat	xmrig
behavioral1/files/0x000500000001879b-75.dat	xmrig
behavioral1/files/0x0005000000018690-70.dat	xmrig
behavioral1/files/0x0009000000018678-65.dat	xmrig
behavioral1/files/0x001500000001866d-60.dat	xmrig
behavioral1/files/0x00060000000174ac-50.dat	xmrig
behavioral1/memory/2564-2348-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1752-2490-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2696-2825-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2480-2900-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1936-2968-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/3068-3005-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2696-3796-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2696-3925-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2696-3926-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2696-3928-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1128-3965-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2480-3964-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2564-3963-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/3068-3962-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1752-3966-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1936-3967-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3068	NaYaXSw.exe
1128	sWJPZId.exe
2564	DAzRCdZ.exe
1752	AiVYlDD.exe
2480	PdKXgzO.exe
1936	DbGaRPi.exe
2856	DwXWmgT.exe
2848	sFeEFYH.exe
2724	DiifFde.exe
2924	CqIjSYu.exe
2884	dFivdBR.exe
2640	RLPbElK.exe
2792	UTJorUY.exe
2616	VppPzGo.exe
2648	jPRNiah.exe
1984	BIiNnVJ.exe
2152	sFGvWyS.exe
2516	EkwSVry.exe
1796	EsowmpB.exe
1536	dtBmAwI.exe
2064	gTfqgFZ.exe
1868	PkDLmRU.exe
1624	TMFrRlQ.exe
1880	HzQiFqL.exe
2800	fjrjBwi.exe
1080	cdQflXz.exe
1224	IxeiOQV.exe
560	iceiJyy.exe
2488	TFBNFEn.exe
1940	hNZWjDG.exe
2320	yuwusrm.exe
868	jObaAbl.exe
2996	DosMfSg.exe
696	jGTqcQj.exe
2596	SNdGAar.exe
1808	UXlAost.exe
1992	Xfbzdan.exe
324	UZcgphP.exe
1328	kJEXDmV.exe
1288	rvNQiHY.exe
2304	syZIghS.exe
2144	ELgfmUq.exe
916	dbhmIPY.exe
568	faUmLFv.exe
352	THItrNR.exe
2796	ZWmFuRA.exe
2376	CzLUAxM.exe
2392	RUxCiRj.exe
1996	BaSHDgc.exe
588	hLNtGoj.exe
2404	Xnbarvn.exe
2360	oCYljJA.exe
1852	OkHjNWG.exe
1636	sZKgQsO.exe
900	UKKulfz.exe
2124	Smsfdhq.exe
2020	tMJcqtF.exe
2476	pFZpEky.exe
2108	glKCSgt.exe
2340	ACiYgrC.exe
1472	XcArFax.exe
2204	XHtbFDu.exe
2920	hTSmRRb.exe
2264	FwnkpnG.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2696-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0009000000016cfe-11.dat	upx
behavioral1/files/0x0007000000016d0b-16.dat	upx
behavioral1/files/0x0007000000016d13-18.dat	upx
behavioral1/files/0x0007000000016d24-26.dat	upx
behavioral1/files/0x0007000000016d2e-30.dat	upx
behavioral1/files/0x0007000000016d36-36.dat	upx
behavioral1/files/0x0009000000016d3f-41.dat	upx
behavioral1/files/0x0008000000016d47-45.dat	upx
behavioral1/files/0x000600000001752f-55.dat	upx
behavioral1/files/0x0005000000019234-110.dat	upx
behavioral1/files/0x000500000001924c-114.dat	upx
behavioral1/memory/1128-113-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00050000000193be-154.dat	upx
behavioral1/files/0x00050000000193c4-161.dat	upx
behavioral1/files/0x0005000000019389-152.dat	upx
behavioral1/files/0x0005000000019382-145.dat	upx
behavioral1/files/0x0005000000019277-141.dat	upx
behavioral1/files/0x0005000000019271-132.dat	upx
behavioral1/files/0x0005000000019273-135.dat	upx
behavioral1/files/0x000500000001926b-125.dat	upx
behavioral1/files/0x0008000000016c4e-121.dat	upx
behavioral1/files/0x0005000000019229-105.dat	upx
behavioral1/files/0x0005000000019218-100.dat	upx
behavioral1/files/0x00050000000191f7-95.dat	upx
behavioral1/files/0x00050000000191f3-90.dat	upx
behavioral1/files/0x00060000000190d6-85.dat	upx
behavioral1/files/0x00060000000190cd-80.dat	upx
behavioral1/files/0x000500000001879b-75.dat	upx
behavioral1/files/0x0005000000018690-70.dat	upx
behavioral1/files/0x0009000000018678-65.dat	upx
behavioral1/files/0x001500000001866d-60.dat	upx
behavioral1/files/0x00060000000174ac-50.dat	upx
behavioral1/memory/2564-2348-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1752-2490-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2480-2900-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1936-2968-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/3068-3005-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2696-3796-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1128-3965-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2480-3964-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2564-3963-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/3068-3962-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1752-3966-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1936-3967-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hTSmRRb.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\djXPyfz.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\TMMvtWT.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\YuANzlJ.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\RTlEuwH.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\twRuPlk.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\mwwhHmA.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\pBtZfTB.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\PJIpDnS.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\WeViIqN.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\atnwXYy.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\fjrjBwi.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\IWkzaNH.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\uxlEyNk.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\iCMTLzQ.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\mhHUHpi.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\bNPhYhK.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\CWSwUvM.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\bDkcjId.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\nuXKiJP.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\PjItExN.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\tcvhxoA.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\YdsWPCg.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\mXzPgDj.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\PCSQetT.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\LWnZzHC.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\IsFcJaq.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\ybYPALL.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\wemOhoR.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\YBcDVAE.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\DFBsLJV.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\BcnJjZJ.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\cFkVill.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\SECYHIH.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\MyQVStM.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\EKJxcWc.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\CIHzDGd.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\zHxAOXb.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\fQTrZjO.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\OllgKIi.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\xvLzReL.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\VRzPrLx.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\vcEQDrC.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\NXpRePW.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\CqIjSYu.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\lrjHHII.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\dixEkBg.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\wcewwaj.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\IpdvPhx.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\TTwRXql.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\LXVoWJS.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\UMewifO.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\dnwbFDl.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\HKycIrn.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\CzLUAxM.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\CGwEkTI.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\nYaouJI.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\NpnzOOR.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\Wcsldzy.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\ueJTLfg.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\uWTPWvC.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\GMbKxTB.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\QtPHvTK.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
File created	C:\Windows\System\JgAsOKt.exe	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3068	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	31
PID 2696 wrote to memory of 3068	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	31
PID 2696 wrote to memory of 3068	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	31
PID 2696 wrote to memory of 1128	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	32
PID 2696 wrote to memory of 1128	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	32
PID 2696 wrote to memory of 1128	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	32
PID 2696 wrote to memory of 2564	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	33
PID 2696 wrote to memory of 2564	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	33
PID 2696 wrote to memory of 2564	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	33
PID 2696 wrote to memory of 1752	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	34
PID 2696 wrote to memory of 1752	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	34
PID 2696 wrote to memory of 1752	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	34
PID 2696 wrote to memory of 2480	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	35
PID 2696 wrote to memory of 2480	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	35
PID 2696 wrote to memory of 2480	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	35
PID 2696 wrote to memory of 1936	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	36
PID 2696 wrote to memory of 1936	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	36
PID 2696 wrote to memory of 1936	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	36
PID 2696 wrote to memory of 2856	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	37
PID 2696 wrote to memory of 2856	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	37
PID 2696 wrote to memory of 2856	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	37
PID 2696 wrote to memory of 2848	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	38
PID 2696 wrote to memory of 2848	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	38
PID 2696 wrote to memory of 2848	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	38
PID 2696 wrote to memory of 2724	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	39
PID 2696 wrote to memory of 2724	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	39
PID 2696 wrote to memory of 2724	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	39
PID 2696 wrote to memory of 2924	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	40
PID 2696 wrote to memory of 2924	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	40
PID 2696 wrote to memory of 2924	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	40
PID 2696 wrote to memory of 2884	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	41
PID 2696 wrote to memory of 2884	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	41
PID 2696 wrote to memory of 2884	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	41
PID 2696 wrote to memory of 2640	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	42
PID 2696 wrote to memory of 2640	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	42
PID 2696 wrote to memory of 2640	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	42
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	43
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	43
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	43
PID 2696 wrote to memory of 2616	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	44
PID 2696 wrote to memory of 2616	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	44
PID 2696 wrote to memory of 2616	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	44
PID 2696 wrote to memory of 2648	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	45
PID 2696 wrote to memory of 2648	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	45
PID 2696 wrote to memory of 2648	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	45
PID 2696 wrote to memory of 1984	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	46
PID 2696 wrote to memory of 1984	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	46
PID 2696 wrote to memory of 1984	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	46
PID 2696 wrote to memory of 2152	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	47
PID 2696 wrote to memory of 2152	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	47
PID 2696 wrote to memory of 2152	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	47
PID 2696 wrote to memory of 2516	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	48
PID 2696 wrote to memory of 2516	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	48
PID 2696 wrote to memory of 2516	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	48
PID 2696 wrote to memory of 1796	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	49
PID 2696 wrote to memory of 1796	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	49
PID 2696 wrote to memory of 1796	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	49
PID 2696 wrote to memory of 1536	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	50
PID 2696 wrote to memory of 1536	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	50
PID 2696 wrote to memory of 1536	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	50
PID 2696 wrote to memory of 2064	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	51
PID 2696 wrote to memory of 2064	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	51
PID 2696 wrote to memory of 2064	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	51
PID 2696 wrote to memory of 1868	2696	JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_32d30578e6d35b5d0a6e96e9f1286b9cfe455f5f155b2c79c059cd995fe00990.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\System\NaYaXSw.exe
  C:\Windows\System\NaYaXSw.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\sWJPZId.exe
  C:\Windows\System\sWJPZId.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\DAzRCdZ.exe
  C:\Windows\System\DAzRCdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\AiVYlDD.exe
  C:\Windows\System\AiVYlDD.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\PdKXgzO.exe
  C:\Windows\System\PdKXgzO.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\DbGaRPi.exe
  C:\Windows\System\DbGaRPi.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\DwXWmgT.exe
  C:\Windows\System\DwXWmgT.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\sFeEFYH.exe
  C:\Windows\System\sFeEFYH.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\DiifFde.exe
  C:\Windows\System\DiifFde.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\CqIjSYu.exe
  C:\Windows\System\CqIjSYu.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\dFivdBR.exe
  C:\Windows\System\dFivdBR.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\RLPbElK.exe
  C:\Windows\System\RLPbElK.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\UTJorUY.exe
  C:\Windows\System\UTJorUY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\VppPzGo.exe
  C:\Windows\System\VppPzGo.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\jPRNiah.exe
  C:\Windows\System\jPRNiah.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\BIiNnVJ.exe
  C:\Windows\System\BIiNnVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\sFGvWyS.exe
  C:\Windows\System\sFGvWyS.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\EkwSVry.exe
  C:\Windows\System\EkwSVry.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\EsowmpB.exe
  C:\Windows\System\EsowmpB.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\dtBmAwI.exe
  C:\Windows\System\dtBmAwI.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\gTfqgFZ.exe
  C:\Windows\System\gTfqgFZ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PkDLmRU.exe
  C:\Windows\System\PkDLmRU.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\TMFrRlQ.exe
  C:\Windows\System\TMFrRlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\HzQiFqL.exe
  C:\Windows\System\HzQiFqL.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\fjrjBwi.exe
  C:\Windows\System\fjrjBwi.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\cdQflXz.exe
  C:\Windows\System\cdQflXz.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\IxeiOQV.exe
  C:\Windows\System\IxeiOQV.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\iceiJyy.exe
  C:\Windows\System\iceiJyy.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\TFBNFEn.exe
  C:\Windows\System\TFBNFEn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\hNZWjDG.exe
  C:\Windows\System\hNZWjDG.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\yuwusrm.exe
  C:\Windows\System\yuwusrm.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\jObaAbl.exe
  C:\Windows\System\jObaAbl.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\DosMfSg.exe
  C:\Windows\System\DosMfSg.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SNdGAar.exe
  C:\Windows\System\SNdGAar.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jGTqcQj.exe
  C:\Windows\System\jGTqcQj.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\Xfbzdan.exe
  C:\Windows\System\Xfbzdan.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\UXlAost.exe
  C:\Windows\System\UXlAost.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\UZcgphP.exe
  C:\Windows\System\UZcgphP.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\kJEXDmV.exe
  C:\Windows\System\kJEXDmV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\rvNQiHY.exe
  C:\Windows\System\rvNQiHY.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\syZIghS.exe
  C:\Windows\System\syZIghS.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ELgfmUq.exe
  C:\Windows\System\ELgfmUq.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\dbhmIPY.exe
  C:\Windows\System\dbhmIPY.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\THItrNR.exe
  C:\Windows\System\THItrNR.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\faUmLFv.exe
  C:\Windows\System\faUmLFv.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\ZWmFuRA.exe
  C:\Windows\System\ZWmFuRA.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\CzLUAxM.exe
  C:\Windows\System\CzLUAxM.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\RUxCiRj.exe
  C:\Windows\System\RUxCiRj.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\BaSHDgc.exe
  C:\Windows\System\BaSHDgc.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\hLNtGoj.exe
  C:\Windows\System\hLNtGoj.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\Xnbarvn.exe
  C:\Windows\System\Xnbarvn.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\oCYljJA.exe
  C:\Windows\System\oCYljJA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\OkHjNWG.exe
  C:\Windows\System\OkHjNWG.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\sZKgQsO.exe
  C:\Windows\System\sZKgQsO.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\UKKulfz.exe
  C:\Windows\System\UKKulfz.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\pFZpEky.exe
  C:\Windows\System\pFZpEky.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\Smsfdhq.exe
  C:\Windows\System\Smsfdhq.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\XcArFax.exe
  C:\Windows\System\XcArFax.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\tMJcqtF.exe
  C:\Windows\System\tMJcqtF.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\XHtbFDu.exe
  C:\Windows\System\XHtbFDu.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\glKCSgt.exe
  C:\Windows\System\glKCSgt.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\hTSmRRb.exe
  C:\Windows\System\hTSmRRb.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ACiYgrC.exe
  C:\Windows\System\ACiYgrC.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\FwnkpnG.exe
  C:\Windows\System\FwnkpnG.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\YhthEio.exe
  C:\Windows\System\YhthEio.exe
  2⤵
  PID:2736
- C:\Windows\System\TepSXzX.exe
  C:\Windows\System\TepSXzX.exe
  2⤵
  PID:2720
- C:\Windows\System\RVoMrNf.exe
  C:\Windows\System\RVoMrNf.exe
  2⤵
  PID:2732
- C:\Windows\System\xSPteEY.exe
  C:\Windows\System\xSPteEY.exe
  2⤵
  PID:1732
- C:\Windows\System\JbjLmkK.exe
  C:\Windows\System\JbjLmkK.exe
  2⤵
  PID:2228
- C:\Windows\System\NRgxrWL.exe
  C:\Windows\System\NRgxrWL.exe
  2⤵
  PID:944
- C:\Windows\System\UURLRiR.exe
  C:\Windows\System\UURLRiR.exe
  2⤵
  PID:1524
- C:\Windows\System\iqfOpbV.exe
  C:\Windows\System\iqfOpbV.exe
  2⤵
  PID:296
- C:\Windows\System\NtWxxQr.exe
  C:\Windows\System\NtWxxQr.exe
  2⤵
  PID:1764
- C:\Windows\System\lYRljMB.exe
  C:\Windows\System\lYRljMB.exe
  2⤵
  PID:2684
- C:\Windows\System\ZuTrEus.exe
  C:\Windows\System\ZuTrEus.exe
  2⤵
  PID:1324
- C:\Windows\System\sNZhDeb.exe
  C:\Windows\System\sNZhDeb.exe
  2⤵
  PID:2928
- C:\Windows\System\ftgAOdc.exe
  C:\Windows\System\ftgAOdc.exe
  2⤵
  PID:2308
- C:\Windows\System\yiZsLzM.exe
  C:\Windows\System\yiZsLzM.exe
  2⤵
  PID:844
- C:\Windows\System\OpQcagZ.exe
  C:\Windows\System\OpQcagZ.exe
  2⤵
  PID:2992
- C:\Windows\System\cLRNmtC.exe
  C:\Windows\System\cLRNmtC.exe
  2⤵
  PID:1456
- C:\Windows\System\DbWCpSk.exe
  C:\Windows\System\DbWCpSk.exe
  2⤵
  PID:1960
- C:\Windows\System\GjhCNWc.exe
  C:\Windows\System\GjhCNWc.exe
  2⤵
  PID:1000
- C:\Windows\System\rvQdjWx.exe
  C:\Windows\System\rvQdjWx.exe
  2⤵
  PID:348
- C:\Windows\System\AfgVFah.exe
  C:\Windows\System\AfgVFah.exe
  2⤵
  PID:1192
- C:\Windows\System\boghHEr.exe
  C:\Windows\System\boghHEr.exe
  2⤵
  PID:896
- C:\Windows\System\WxcrmgW.exe
  C:\Windows\System\WxcrmgW.exe
  2⤵
  PID:2352
- C:\Windows\System\FYSqQYE.exe
  C:\Windows\System\FYSqQYE.exe
  2⤵
  PID:2080
- C:\Windows\System\NnSVyNc.exe
  C:\Windows\System\NnSVyNc.exe
  2⤵
  PID:372
- C:\Windows\System\jOailsJ.exe
  C:\Windows\System\jOailsJ.exe
  2⤵
  PID:1072
- C:\Windows\System\fgDbIgn.exe
  C:\Windows\System\fgDbIgn.exe
  2⤵
  PID:1004
- C:\Windows\System\BbaPwHB.exe
  C:\Windows\System\BbaPwHB.exe
  2⤵
  PID:1860
- C:\Windows\System\gCTZUre.exe
  C:\Windows\System\gCTZUre.exe
  2⤵
  PID:2440
- C:\Windows\System\hCqplhP.exe
  C:\Windows\System\hCqplhP.exe
  2⤵
  PID:904
- C:\Windows\System\nqEQPtA.exe
  C:\Windows\System\nqEQPtA.exe
  2⤵
  PID:2396
- C:\Windows\System\VrBZydL.exe
  C:\Windows\System\VrBZydL.exe
  2⤵
  PID:2420
- C:\Windows\System\MAWGYqE.exe
  C:\Windows\System\MAWGYqE.exe
  2⤵
  PID:1500
- C:\Windows\System\ArYhPMQ.exe
  C:\Windows\System\ArYhPMQ.exe
  2⤵
  PID:2888
- C:\Windows\System\JWqBzcq.exe
  C:\Windows\System\JWqBzcq.exe
  2⤵
  PID:2628
- C:\Windows\System\kctVSxy.exe
  C:\Windows\System\kctVSxy.exe
  2⤵
  PID:1676
- C:\Windows\System\KolzFwV.exe
  C:\Windows\System\KolzFwV.exe
  2⤵
  PID:2172
- C:\Windows\System\GdBFIZM.exe
  C:\Windows\System\GdBFIZM.exe
  2⤵
  PID:1488
- C:\Windows\System\VnVSimc.exe
  C:\Windows\System\VnVSimc.exe
  2⤵
  PID:2472
- C:\Windows\System\yLeKEAZ.exe
  C:\Windows\System\yLeKEAZ.exe
  2⤵
  PID:320
- C:\Windows\System\axjZCxj.exe
  C:\Windows\System\axjZCxj.exe
  2⤵
  PID:1528
- C:\Windows\System\vPiyJPl.exe
  C:\Windows\System\vPiyJPl.exe
  2⤵
  PID:1692
- C:\Windows\System\EQXjdMU.exe
  C:\Windows\System\EQXjdMU.exe
  2⤵
  PID:1308
- C:\Windows\System\rHkbOxi.exe
  C:\Windows\System\rHkbOxi.exe
  2⤵
  PID:1600
- C:\Windows\System\McWzfNx.exe
  C:\Windows\System\McWzfNx.exe
  2⤵
  PID:3008
- C:\Windows\System\FtsdutM.exe
  C:\Windows\System\FtsdutM.exe
  2⤵
  PID:1928
- C:\Windows\System\POXXMRm.exe
  C:\Windows\System\POXXMRm.exe
  2⤵
  PID:2816
- C:\Windows\System\fewyzJx.exe
  C:\Windows\System\fewyzJx.exe
  2⤵
  PID:2056
- C:\Windows\System\mmmkYFv.exe
  C:\Windows\System\mmmkYFv.exe
  2⤵
  PID:1888
- C:\Windows\System\GUNBbJe.exe
  C:\Windows\System\GUNBbJe.exe
  2⤵
  PID:2004
- C:\Windows\System\SsHluyt.exe
  C:\Windows\System\SsHluyt.exe
  2⤵
  PID:1760
- C:\Windows\System\ybYPALL.exe
  C:\Windows\System\ybYPALL.exe
  2⤵
  PID:3016
- C:\Windows\System\lrjHHII.exe
  C:\Windows\System\lrjHHII.exe
  2⤵
  PID:2760
- C:\Windows\System\adagCmj.exe
  C:\Windows\System\adagCmj.exe
  2⤵
  PID:2868
- C:\Windows\System\FiWLNAI.exe
  C:\Windows\System\FiWLNAI.exe
  2⤵
  PID:3088
- C:\Windows\System\nVACphd.exe
  C:\Windows\System\nVACphd.exe
  2⤵
  PID:3104
- C:\Windows\System\qfnElOZ.exe
  C:\Windows\System\qfnElOZ.exe
  2⤵
  PID:3120
- C:\Windows\System\GzRzSwv.exe
  C:\Windows\System\GzRzSwv.exe
  2⤵
  PID:3144
- C:\Windows\System\fqxxaYc.exe
  C:\Windows\System\fqxxaYc.exe
  2⤵
  PID:3168
- C:\Windows\System\vJHDmpw.exe
  C:\Windows\System\vJHDmpw.exe
  2⤵
  PID:3208
- C:\Windows\System\pYrTtrH.exe
  C:\Windows\System\pYrTtrH.exe
  2⤵
  PID:3236
- C:\Windows\System\aIjFTIJ.exe
  C:\Windows\System\aIjFTIJ.exe
  2⤵
  PID:3252
- C:\Windows\System\QyjRnKA.exe
  C:\Windows\System\QyjRnKA.exe
  2⤵
  PID:3276
- C:\Windows\System\aXGiyWw.exe
  C:\Windows\System\aXGiyWw.exe
  2⤵
  PID:3292
- C:\Windows\System\whwyXiA.exe
  C:\Windows\System\whwyXiA.exe
  2⤵
  PID:3316
- C:\Windows\System\EwhpAgN.exe
  C:\Windows\System\EwhpAgN.exe
  2⤵
  PID:3336
- C:\Windows\System\xoKdmLD.exe
  C:\Windows\System\xoKdmLD.exe
  2⤵
  PID:3356
- C:\Windows\System\mRBCRVU.exe
  C:\Windows\System\mRBCRVU.exe
  2⤵
  PID:3372
- C:\Windows\System\yjoMFHm.exe
  C:\Windows\System\yjoMFHm.exe
  2⤵
  PID:3392
- C:\Windows\System\tUhCxAU.exe
  C:\Windows\System\tUhCxAU.exe
  2⤵
  PID:3412
- C:\Windows\System\xPAaYsQ.exe
  C:\Windows\System\xPAaYsQ.exe
  2⤵
  PID:3432
- C:\Windows\System\qEIfznz.exe
  C:\Windows\System\qEIfznz.exe
  2⤵
  PID:3452
- C:\Windows\System\JFtHtTp.exe
  C:\Windows\System\JFtHtTp.exe
  2⤵
  PID:3472
- C:\Windows\System\JsZUENU.exe
  C:\Windows\System\JsZUENU.exe
  2⤵
  PID:3492
- C:\Windows\System\isaHcVT.exe
  C:\Windows\System\isaHcVT.exe
  2⤵
  PID:3516
- C:\Windows\System\ZiAFwtW.exe
  C:\Windows\System\ZiAFwtW.exe
  2⤵
  PID:3536
- C:\Windows\System\FckABRJ.exe
  C:\Windows\System\FckABRJ.exe
  2⤵
  PID:3556
- C:\Windows\System\NRsqmjG.exe
  C:\Windows\System\NRsqmjG.exe
  2⤵
  PID:3576
- C:\Windows\System\BsfbnTd.exe
  C:\Windows\System\BsfbnTd.exe
  2⤵
  PID:3596
- C:\Windows\System\SfoVVqK.exe
  C:\Windows\System\SfoVVqK.exe
  2⤵
  PID:3616
- C:\Windows\System\bNsYrlI.exe
  C:\Windows\System\bNsYrlI.exe
  2⤵
  PID:3636
- C:\Windows\System\LNkCosS.exe
  C:\Windows\System\LNkCosS.exe
  2⤵
  PID:3656
- C:\Windows\System\PBHOpir.exe
  C:\Windows\System\PBHOpir.exe
  2⤵
  PID:3676
- C:\Windows\System\oYNqgFb.exe
  C:\Windows\System\oYNqgFb.exe
  2⤵
  PID:3696
- C:\Windows\System\wlROxjG.exe
  C:\Windows\System\wlROxjG.exe
  2⤵
  PID:3716
- C:\Windows\System\pseIycg.exe
  C:\Windows\System\pseIycg.exe
  2⤵
  PID:3732
- C:\Windows\System\CvzAKqU.exe
  C:\Windows\System\CvzAKqU.exe
  2⤵
  PID:3752
- C:\Windows\System\cshTqJU.exe
  C:\Windows\System\cshTqJU.exe
  2⤵
  PID:3772
- C:\Windows\System\mGFGEto.exe
  C:\Windows\System\mGFGEto.exe
  2⤵
  PID:3792
- C:\Windows\System\MBYnMJY.exe
  C:\Windows\System\MBYnMJY.exe
  2⤵
  PID:3812
- C:\Windows\System\MCybouq.exe
  C:\Windows\System\MCybouq.exe
  2⤵
  PID:3832
- C:\Windows\System\EnJIibf.exe
  C:\Windows\System\EnJIibf.exe
  2⤵
  PID:3852
- C:\Windows\System\yZKRCvN.exe
  C:\Windows\System\yZKRCvN.exe
  2⤵
  PID:3868
- C:\Windows\System\SyDkfUM.exe
  C:\Windows\System\SyDkfUM.exe
  2⤵
  PID:3884
- C:\Windows\System\jQSQypP.exe
  C:\Windows\System\jQSQypP.exe
  2⤵
  PID:3900
- C:\Windows\System\xtAWEuE.exe
  C:\Windows\System\xtAWEuE.exe
  2⤵
  PID:3936
- C:\Windows\System\FkBRBFG.exe
  C:\Windows\System\FkBRBFG.exe
  2⤵
  PID:3956
- C:\Windows\System\zHnEbIl.exe
  C:\Windows\System\zHnEbIl.exe
  2⤵
  PID:3976
- C:\Windows\System\HhXAmur.exe
  C:\Windows\System\HhXAmur.exe
  2⤵
  PID:3992
- C:\Windows\System\BxGTBAE.exe
  C:\Windows\System\BxGTBAE.exe
  2⤵
  PID:4012
- C:\Windows\System\SJlQTFT.exe
  C:\Windows\System\SJlQTFT.exe
  2⤵
  PID:4036
- C:\Windows\System\cxceaWB.exe
  C:\Windows\System\cxceaWB.exe
  2⤵
  PID:4056
- C:\Windows\System\YuANzlJ.exe
  C:\Windows\System\YuANzlJ.exe
  2⤵
  PID:4076
- C:\Windows\System\AiryrYd.exe
  C:\Windows\System\AiryrYd.exe
  2⤵
  PID:2072
- C:\Windows\System\rqQavjQ.exe
  C:\Windows\System\rqQavjQ.exe
  2⤵
  PID:2716
- C:\Windows\System\nEOSuTM.exe
  C:\Windows\System\nEOSuTM.exe
  2⤵
  PID:2148
- C:\Windows\System\rQenhRh.exe
  C:\Windows\System\rQenhRh.exe
  2⤵
  PID:1168
- C:\Windows\System\QWUrlXL.exe
  C:\Windows\System\QWUrlXL.exe
  2⤵
  PID:2952
- C:\Windows\System\dNLrTvQ.exe
  C:\Windows\System\dNLrTvQ.exe
  2⤵
  PID:2624
- C:\Windows\System\rTIIDVj.exe
  C:\Windows\System\rTIIDVj.exe
  2⤵
  PID:860
- C:\Windows\System\amWXAQA.exe
  C:\Windows\System\amWXAQA.exe
  2⤵
  PID:2384
- C:\Windows\System\mRoleQx.exe
  C:\Windows\System\mRoleQx.exe
  2⤵
  PID:3084
- C:\Windows\System\TTwRXql.exe
  C:\Windows\System\TTwRXql.exe
  2⤵
  PID:2940
- C:\Windows\System\RyidpUc.exe
  C:\Windows\System\RyidpUc.exe
  2⤵
  PID:1956
- C:\Windows\System\LftRDEW.exe
  C:\Windows\System\LftRDEW.exe
  2⤵
  PID:3156
- C:\Windows\System\TuAomQG.exe
  C:\Windows\System\TuAomQG.exe
  2⤵
  PID:3132
- C:\Windows\System\ESzPzqJ.exe
  C:\Windows\System\ESzPzqJ.exe
  2⤵
  PID:2536
- C:\Windows\System\moGVcDH.exe
  C:\Windows\System\moGVcDH.exe
  2⤵
  PID:2260
- C:\Windows\System\QojvcAm.exe
  C:\Windows\System\QojvcAm.exe
  2⤵
  PID:3184
- C:\Windows\System\TnMspeQ.exe
  C:\Windows\System\TnMspeQ.exe
  2⤵
  PID:3188
- C:\Windows\System\XfWljsF.exe
  C:\Windows\System\XfWljsF.exe
  2⤵
  PID:3260
- C:\Windows\System\YxEEeVM.exe
  C:\Windows\System\YxEEeVM.exe
  2⤵
  PID:3264
- C:\Windows\System\GLKvwOd.exe
  C:\Windows\System\GLKvwOd.exe
  2⤵
  PID:3312
- C:\Windows\System\wFMlvdV.exe
  C:\Windows\System\wFMlvdV.exe
  2⤵
  PID:3324
- C:\Windows\System\HhzsBft.exe
  C:\Windows\System\HhzsBft.exe
  2⤵
  PID:3380
- C:\Windows\System\GNkFxsY.exe
  C:\Windows\System\GNkFxsY.exe
  2⤵
  PID:3404
- C:\Windows\System\ljiaDOk.exe
  C:\Windows\System\ljiaDOk.exe
  2⤵
  PID:3460
- C:\Windows\System\ghYxgpV.exe
  C:\Windows\System\ghYxgpV.exe
  2⤵
  PID:3504
- C:\Windows\System\mElIiyZ.exe
  C:\Windows\System\mElIiyZ.exe
  2⤵
  PID:3480
- C:\Windows\System\ZTKvvmV.exe
  C:\Windows\System\ZTKvvmV.exe
  2⤵
  PID:3508
- C:\Windows\System\bdPjDYN.exe
  C:\Windows\System\bdPjDYN.exe
  2⤵
  PID:3548
- C:\Windows\System\iDfvIqC.exe
  C:\Windows\System\iDfvIqC.exe
  2⤵
  PID:3572
- C:\Windows\System\dlzwIJk.exe
  C:\Windows\System\dlzwIJk.exe
  2⤵
  PID:3664
- C:\Windows\System\tgSJOeA.exe
  C:\Windows\System\tgSJOeA.exe
  2⤵
  PID:3612
- C:\Windows\System\iauUUdy.exe
  C:\Windows\System\iauUUdy.exe
  2⤵
  PID:3692
- C:\Windows\System\NVaUAyq.exe
  C:\Windows\System\NVaUAyq.exe
  2⤵
  PID:3688
- C:\Windows\System\WXynHQL.exe
  C:\Windows\System\WXynHQL.exe
  2⤵
  PID:3784
- C:\Windows\System\achsWpl.exe
  C:\Windows\System\achsWpl.exe
  2⤵
  PID:3760
- C:\Windows\System\vYfUPmb.exe
  C:\Windows\System\vYfUPmb.exe
  2⤵
  PID:3864
- C:\Windows\System\QsCINMV.exe
  C:\Windows\System\QsCINMV.exe
  2⤵
  PID:3880
- C:\Windows\System\vrupqbC.exe
  C:\Windows\System\vrupqbC.exe
  2⤵
  PID:3912
- C:\Windows\System\iAslciG.exe
  C:\Windows\System\iAslciG.exe
  2⤵
  PID:3932
- C:\Windows\System\APETdll.exe
  C:\Windows\System\APETdll.exe
  2⤵
  PID:3948
- C:\Windows\System\HKPTTOm.exe
  C:\Windows\System\HKPTTOm.exe
  2⤵
  PID:3988
- C:\Windows\System\RpskcaW.exe
  C:\Windows\System\RpskcaW.exe
  2⤵
  PID:4024
- C:\Windows\System\UIgsqJr.exe
  C:\Windows\System\UIgsqJr.exe
  2⤵
  PID:4048
- C:\Windows\System\fWhpbrN.exe
  C:\Windows\System\fWhpbrN.exe
  2⤵
  PID:1216
- C:\Windows\System\RYyzDIW.exe
  C:\Windows\System\RYyzDIW.exe
  2⤵
  PID:1604
- C:\Windows\System\xDpxNKX.exe
  C:\Windows\System\xDpxNKX.exe
  2⤵
  PID:1576
- C:\Windows\System\CvPDrtS.exe
  C:\Windows\System\CvPDrtS.exe
  2⤵
  PID:2676
- C:\Windows\System\XhUzNmS.exe
  C:\Windows\System\XhUzNmS.exe
  2⤵
  PID:1744
- C:\Windows\System\ddOquGE.exe
  C:\Windows\System\ddOquGE.exe
  2⤵
  PID:3076
- C:\Windows\System\CovYXOl.exe
  C:\Windows\System\CovYXOl.exe
  2⤵
  PID:3116
- C:\Windows\System\upBliiP.exe
  C:\Windows\System\upBliiP.exe
  2⤵
  PID:892
- C:\Windows\System\YeOSNUK.exe
  C:\Windows\System\YeOSNUK.exe
  2⤵
  PID:3200
- C:\Windows\System\PeEolnb.exe
  C:\Windows\System\PeEolnb.exe
  2⤵
  PID:2780
- C:\Windows\System\ZUXvvad.exe
  C:\Windows\System\ZUXvvad.exe
  2⤵
  PID:3232
- C:\Windows\System\CsIIdzI.exe
  C:\Windows\System\CsIIdzI.exe
  2⤵
  PID:3332
- C:\Windows\System\wemOhoR.exe
  C:\Windows\System\wemOhoR.exe
  2⤵
  PID:3272
- C:\Windows\System\HEiwRCW.exe
  C:\Windows\System\HEiwRCW.exe
  2⤵
  PID:3348
- C:\Windows\System\EvgNDNZ.exe
  C:\Windows\System\EvgNDNZ.exe
  2⤵
  PID:3552
- C:\Windows\System\KarJlie.exe
  C:\Windows\System\KarJlie.exe
  2⤵
  PID:3644
- C:\Windows\System\UToGvAu.exe
  C:\Windows\System\UToGvAu.exe
  2⤵
  PID:3668
- C:\Windows\System\sNEAgTT.exe
  C:\Windows\System\sNEAgTT.exe
  2⤵
  PID:3588
- C:\Windows\System\DDDvKAF.exe
  C:\Windows\System\DDDvKAF.exe
  2⤵
  PID:3860
- C:\Windows\System\igjKFwM.exe
  C:\Windows\System\igjKFwM.exe
  2⤵
  PID:3592
- C:\Windows\System\bRGTzny.exe
  C:\Windows\System\bRGTzny.exe
  2⤵
  PID:3440
- C:\Windows\System\sBGginF.exe
  C:\Windows\System\sBGginF.exe
  2⤵
  PID:3916
- C:\Windows\System\UVCXNaD.exe
  C:\Windows\System\UVCXNaD.exe
  2⤵
  PID:3896
- C:\Windows\System\JLnriyD.exe
  C:\Windows\System\JLnriyD.exe
  2⤵
  PID:4092
- C:\Windows\System\ijxbOXs.exe
  C:\Windows\System\ijxbOXs.exe
  2⤵
  PID:2904
- C:\Windows\System\sAHfQLd.exe
  C:\Windows\System\sAHfQLd.exe
  2⤵
  PID:3984
- C:\Windows\System\AyNBGxU.exe
  C:\Windows\System\AyNBGxU.exe
  2⤵
  PID:4052
- C:\Windows\System\kjAWNiw.exe
  C:\Windows\System\kjAWNiw.exe
  2⤵
  PID:708
- C:\Windows\System\rKMQkWL.exe
  C:\Windows\System\rKMQkWL.exe
  2⤵
  PID:3196
- C:\Windows\System\pcOqQdl.exe
  C:\Windows\System\pcOqQdl.exe
  2⤵
  PID:3364
- C:\Windows\System\GytjnfF.exe
  C:\Windows\System\GytjnfF.exe
  2⤵
  PID:536
- C:\Windows\System\VqZKODN.exe
  C:\Windows\System\VqZKODN.exe
  2⤵
  PID:3180
- C:\Windows\System\DpDYlrl.exe
  C:\Windows\System\DpDYlrl.exe
  2⤵
  PID:3352
- C:\Windows\System\DzpsxNf.exe
  C:\Windows\System\DzpsxNf.exe
  2⤵
  PID:3100
- C:\Windows\System\PBGYqPK.exe
  C:\Windows\System\PBGYqPK.exe
  2⤵
  PID:3568
- C:\Windows\System\pBtZfTB.exe
  C:\Windows\System\pBtZfTB.exe
  2⤵
  PID:3488
- C:\Windows\System\EWrkXpk.exe
  C:\Windows\System\EWrkXpk.exe
  2⤵
  PID:3768
- C:\Windows\System\gnboDtm.exe
  C:\Windows\System\gnboDtm.exe
  2⤵
  PID:2344
- C:\Windows\System\ueJTLfg.exe
  C:\Windows\System\ueJTLfg.exe
  2⤵
  PID:3528
- C:\Windows\System\vjBnaFF.exe
  C:\Windows\System\vjBnaFF.exe
  2⤵
  PID:4004
- C:\Windows\System\YqAIEIY.exe
  C:\Windows\System\YqAIEIY.exe
  2⤵
  PID:4044
- C:\Windows\System\YLNgNdQ.exe
  C:\Windows\System\YLNgNdQ.exe
  2⤵
  PID:4108
- C:\Windows\System\LXJXzhG.exe
  C:\Windows\System\LXJXzhG.exe
  2⤵
  PID:4136
- C:\Windows\System\aMhQYqI.exe
  C:\Windows\System\aMhQYqI.exe
  2⤵
  PID:4152
- C:\Windows\System\WvrxrsV.exe
  C:\Windows\System\WvrxrsV.exe
  2⤵
  PID:4172
- C:\Windows\System\cEJboGL.exe
  C:\Windows\System\cEJboGL.exe
  2⤵
  PID:4192
- C:\Windows\System\PKTNGOf.exe
  C:\Windows\System\PKTNGOf.exe
  2⤵
  PID:4212
- C:\Windows\System\vIyyZdS.exe
  C:\Windows\System\vIyyZdS.exe
  2⤵
  PID:4232
- C:\Windows\System\wQpdYZK.exe
  C:\Windows\System\wQpdYZK.exe
  2⤵
  PID:4248
- C:\Windows\System\tQNZBTG.exe
  C:\Windows\System\tQNZBTG.exe
  2⤵
  PID:4268
- C:\Windows\System\dPtuNGe.exe
  C:\Windows\System\dPtuNGe.exe
  2⤵
  PID:4292
- C:\Windows\System\bCrXPMK.exe
  C:\Windows\System\bCrXPMK.exe
  2⤵
  PID:4312
- C:\Windows\System\cqnIDYT.exe
  C:\Windows\System\cqnIDYT.exe
  2⤵
  PID:4328
- C:\Windows\System\xSKfQQE.exe
  C:\Windows\System\xSKfQQE.exe
  2⤵
  PID:4352
- C:\Windows\System\esokyBf.exe
  C:\Windows\System\esokyBf.exe
  2⤵
  PID:4376
- C:\Windows\System\wJMrgXS.exe
  C:\Windows\System\wJMrgXS.exe
  2⤵
  PID:4396
- C:\Windows\System\jeNCvEA.exe
  C:\Windows\System\jeNCvEA.exe
  2⤵
  PID:4416
- C:\Windows\System\dFvyzAD.exe
  C:\Windows\System\dFvyzAD.exe
  2⤵
  PID:4436
- C:\Windows\System\znNDmQY.exe
  C:\Windows\System\znNDmQY.exe
  2⤵
  PID:4456
- C:\Windows\System\fhQvuGk.exe
  C:\Windows\System\fhQvuGk.exe
  2⤵
  PID:4476
- C:\Windows\System\lqKhvCy.exe
  C:\Windows\System\lqKhvCy.exe
  2⤵
  PID:4496
- C:\Windows\System\BOgaAZb.exe
  C:\Windows\System\BOgaAZb.exe
  2⤵
  PID:4516
- C:\Windows\System\GLPHTzZ.exe
  C:\Windows\System\GLPHTzZ.exe
  2⤵
  PID:4536
- C:\Windows\System\CvqEzJR.exe
  C:\Windows\System\CvqEzJR.exe
  2⤵
  PID:4556
- C:\Windows\System\fNccegZ.exe
  C:\Windows\System\fNccegZ.exe
  2⤵
  PID:4576
- C:\Windows\System\lqifajQ.exe
  C:\Windows\System\lqifajQ.exe
  2⤵
  PID:4596
- C:\Windows\System\rGLlbZw.exe
  C:\Windows\System\rGLlbZw.exe
  2⤵
  PID:4616
- C:\Windows\System\rAEBIqD.exe
  C:\Windows\System\rAEBIqD.exe
  2⤵
  PID:4636
- C:\Windows\System\xQXzcBR.exe
  C:\Windows\System\xQXzcBR.exe
  2⤵
  PID:4656
- C:\Windows\System\XTCWqct.exe
  C:\Windows\System\XTCWqct.exe
  2⤵
  PID:4676
- C:\Windows\System\RQiZbPF.exe
  C:\Windows\System\RQiZbPF.exe
  2⤵
  PID:4696
- C:\Windows\System\VmTsjNS.exe
  C:\Windows\System\VmTsjNS.exe
  2⤵
  PID:4716
- C:\Windows\System\EIJdHPQ.exe
  C:\Windows\System\EIJdHPQ.exe
  2⤵
  PID:4736
- C:\Windows\System\owogmsZ.exe
  C:\Windows\System\owogmsZ.exe
  2⤵
  PID:4756
- C:\Windows\System\ygePXLx.exe
  C:\Windows\System\ygePXLx.exe
  2⤵
  PID:4776
- C:\Windows\System\xdBfhSV.exe
  C:\Windows\System\xdBfhSV.exe
  2⤵
  PID:4796
- C:\Windows\System\KOcmyiY.exe
  C:\Windows\System\KOcmyiY.exe
  2⤵
  PID:4816
- C:\Windows\System\FPNwRAL.exe
  C:\Windows\System\FPNwRAL.exe
  2⤵
  PID:4836
- C:\Windows\System\joUweGr.exe
  C:\Windows\System\joUweGr.exe
  2⤵
  PID:4856
- C:\Windows\System\LfKXrvD.exe
  C:\Windows\System\LfKXrvD.exe
  2⤵
  PID:4876
- C:\Windows\System\NUVcRkg.exe
  C:\Windows\System\NUVcRkg.exe
  2⤵
  PID:4896
- C:\Windows\System\bLedhak.exe
  C:\Windows\System\bLedhak.exe
  2⤵
  PID:4916
- C:\Windows\System\ZdMcHir.exe
  C:\Windows\System\ZdMcHir.exe
  2⤵
  PID:4936
- C:\Windows\System\SeTfBWR.exe
  C:\Windows\System\SeTfBWR.exe
  2⤵
  PID:4956
- C:\Windows\System\wRdFCUg.exe
  C:\Windows\System\wRdFCUg.exe
  2⤵
  PID:4976
- C:\Windows\System\xFvsfMp.exe
  C:\Windows\System\xFvsfMp.exe
  2⤵
  PID:4996
- C:\Windows\System\gjQzshw.exe
  C:\Windows\System\gjQzshw.exe
  2⤵
  PID:5016
- C:\Windows\System\nGvTNEq.exe
  C:\Windows\System\nGvTNEq.exe
  2⤵
  PID:5036
- C:\Windows\System\jsZuBNR.exe
  C:\Windows\System\jsZuBNR.exe
  2⤵
  PID:5056
- C:\Windows\System\kIebtHS.exe
  C:\Windows\System\kIebtHS.exe
  2⤵
  PID:5076
- C:\Windows\System\QduUsgk.exe
  C:\Windows\System\QduUsgk.exe
  2⤵
  PID:5096
- C:\Windows\System\EiFgEoT.exe
  C:\Windows\System\EiFgEoT.exe
  2⤵
  PID:5116
- C:\Windows\System\wIvzLmO.exe
  C:\Windows\System\wIvzLmO.exe
  2⤵
  PID:3924
- C:\Windows\System\KIuUsBe.exe
  C:\Windows\System\KIuUsBe.exe
  2⤵
  PID:3080
- C:\Windows\System\UQrPIsg.exe
  C:\Windows\System\UQrPIsg.exe
  2⤵
  PID:1460
- C:\Windows\System\pJDMzMT.exe
  C:\Windows\System\pJDMzMT.exe
  2⤵
  PID:1268
- C:\Windows\System\OBaHYaC.exe
  C:\Windows\System\OBaHYaC.exe
  2⤵
  PID:3744
- C:\Windows\System\zbOUGXO.exe
  C:\Windows\System\zbOUGXO.exe
  2⤵
  PID:3420
- C:\Windows\System\AsHcEvz.exe
  C:\Windows\System\AsHcEvz.exe
  2⤵
  PID:3820
- C:\Windows\System\nOtFHNB.exe
  C:\Windows\System\nOtFHNB.exe
  2⤵
  PID:4032
- C:\Windows\System\sSOwYir.exe
  C:\Windows\System\sSOwYir.exe
  2⤵
  PID:4116
- C:\Windows\System\mnrxkTM.exe
  C:\Windows\System\mnrxkTM.exe
  2⤵
  PID:4132
- C:\Windows\System\JwbcYih.exe
  C:\Windows\System\JwbcYih.exe
  2⤵
  PID:4168
- C:\Windows\System\OelgZzn.exe
  C:\Windows\System\OelgZzn.exe
  2⤵
  PID:4208
- C:\Windows\System\RMtZBce.exe
  C:\Windows\System\RMtZBce.exe
  2⤵
  PID:4188
- C:\Windows\System\nYfdMed.exe
  C:\Windows\System\nYfdMed.exe
  2⤵
  PID:4224
- C:\Windows\System\sFJINdg.exe
  C:\Windows\System\sFJINdg.exe
  2⤵
  PID:4264
- C:\Windows\System\QHejQon.exe
  C:\Windows\System\QHejQon.exe
  2⤵
  PID:4308
- C:\Windows\System\dhyBWRO.exe
  C:\Windows\System\dhyBWRO.exe
  2⤵
  PID:4368
- C:\Windows\System\VzTagtM.exe
  C:\Windows\System\VzTagtM.exe
  2⤵
  PID:4392
- C:\Windows\System\oHwtoDQ.exe
  C:\Windows\System\oHwtoDQ.exe
  2⤵
  PID:4424
- C:\Windows\System\OtEbXcj.exe
  C:\Windows\System\OtEbXcj.exe
  2⤵
  PID:4448
- C:\Windows\System\zeKbPmY.exe
  C:\Windows\System\zeKbPmY.exe
  2⤵
  PID:4492
- C:\Windows\System\LwWOqlx.exe
  C:\Windows\System\LwWOqlx.exe
  2⤵
  PID:4524
- C:\Windows\System\WWcGqRw.exe
  C:\Windows\System\WWcGqRw.exe
  2⤵
  PID:4548
- C:\Windows\System\JTFJWbG.exe
  C:\Windows\System\JTFJWbG.exe
  2⤵
  PID:4604
- C:\Windows\System\nqOWyWg.exe
  C:\Windows\System\nqOWyWg.exe
  2⤵
  PID:4624
- C:\Windows\System\XIkfblS.exe
  C:\Windows\System\XIkfblS.exe
  2⤵
  PID:4648
- C:\Windows\System\djenind.exe
  C:\Windows\System\djenind.exe
  2⤵
  PID:4692
- C:\Windows\System\ryxzcoo.exe
  C:\Windows\System\ryxzcoo.exe
  2⤵
  PID:4724
- C:\Windows\System\WbiKoed.exe
  C:\Windows\System\WbiKoed.exe
  2⤵
  PID:4748
- C:\Windows\System\OllgKIi.exe
  C:\Windows\System\OllgKIi.exe
  2⤵
  PID:4804
- C:\Windows\System\rcXnajK.exe
  C:\Windows\System\rcXnajK.exe
  2⤵
  PID:4824
- C:\Windows\System\SdhZxmg.exe
  C:\Windows\System\SdhZxmg.exe
  2⤵
  PID:4848
- C:\Windows\System\LJbFrie.exe
  C:\Windows\System\LJbFrie.exe
  2⤵
  PID:4868
- C:\Windows\System\kfLgNKX.exe
  C:\Windows\System\kfLgNKX.exe
  2⤵
  PID:4924
- C:\Windows\System\yRjRbJC.exe
  C:\Windows\System\yRjRbJC.exe
  2⤵
  PID:4952
- C:\Windows\System\GjienHn.exe
  C:\Windows\System\GjienHn.exe
  2⤵
  PID:4992
- C:\Windows\System\JCqzBSj.exe
  C:\Windows\System\JCqzBSj.exe
  2⤵
  PID:5044
- C:\Windows\System\MQTHnnh.exe
  C:\Windows\System\MQTHnnh.exe
  2⤵
  PID:5048
- C:\Windows\System\mKnzRlV.exe
  C:\Windows\System\mKnzRlV.exe
  2⤵
  PID:5092
- C:\Windows\System\mniLDcy.exe
  C:\Windows\System\mniLDcy.exe
  2⤵
  PID:1892
- C:\Windows\System\hHExpDz.exe
  C:\Windows\System\hHExpDz.exe
  2⤵
  PID:2288
- C:\Windows\System\FNrUFWR.exe
  C:\Windows\System\FNrUFWR.exe
  2⤵
  PID:3424
- C:\Windows\System\nnlukhn.exe
  C:\Windows\System\nnlukhn.exe
  2⤵
  PID:3800
- C:\Windows\System\OXrmLXG.exe
  C:\Windows\System\OXrmLXG.exe
  2⤵
  PID:3748
- C:\Windows\System\bWlYuvB.exe
  C:\Windows\System\bWlYuvB.exe
  2⤵
  PID:3728
- C:\Windows\System\dsfEkpZ.exe
  C:\Windows\System\dsfEkpZ.exe
  2⤵
  PID:4104
- C:\Windows\System\rhbNqHR.exe
  C:\Windows\System\rhbNqHR.exe
  2⤵
  PID:4200
- C:\Windows\System\PtuFSad.exe
  C:\Windows\System\PtuFSad.exe
  2⤵
  PID:4220
- C:\Windows\System\ilQDaKi.exe
  C:\Windows\System\ilQDaKi.exe
  2⤵
  PID:4324
- C:\Windows\System\JWTiQNJ.exe
  C:\Windows\System\JWTiQNJ.exe
  2⤵
  PID:4340
- C:\Windows\System\FYYSqfb.exe
  C:\Windows\System\FYYSqfb.exe
  2⤵
  PID:4408
- C:\Windows\System\hsbzQLo.exe
  C:\Windows\System\hsbzQLo.exe
  2⤵
  PID:4468
- C:\Windows\System\YjXJFUX.exe
  C:\Windows\System\YjXJFUX.exe
  2⤵
  PID:4528
- C:\Windows\System\tYfCnTU.exe
  C:\Windows\System\tYfCnTU.exe
  2⤵
  PID:4584
- C:\Windows\System\Rcmejqd.exe
  C:\Windows\System\Rcmejqd.exe
  2⤵
  PID:4644
- C:\Windows\System\BeSWWNt.exe
  C:\Windows\System\BeSWWNt.exe
  2⤵
  PID:4668
- C:\Windows\System\xKfKYfx.exe
  C:\Windows\System\xKfKYfx.exe
  2⤵
  PID:4712
- C:\Windows\System\LVeRwMm.exe
  C:\Windows\System\LVeRwMm.exe
  2⤵
  PID:4768
- C:\Windows\System\vXqWlJX.exe
  C:\Windows\System\vXqWlJX.exe
  2⤵
  PID:4852
- C:\Windows\System\rdVjPki.exe
  C:\Windows\System\rdVjPki.exe
  2⤵
  PID:4928
- C:\Windows\System\sAdUwUI.exe
  C:\Windows\System\sAdUwUI.exe
  2⤵
  PID:4972
- C:\Windows\System\OTOvrPE.exe
  C:\Windows\System\OTOvrPE.exe
  2⤵
  PID:4988
- C:\Windows\System\FothNPM.exe
  C:\Windows\System\FothNPM.exe
  2⤵
  PID:5068
- C:\Windows\System\XnppMWU.exe
  C:\Windows\System\XnppMWU.exe
  2⤵
  PID:3972
- C:\Windows\System\PihLyFI.exe
  C:\Windows\System\PihLyFI.exe
  2⤵
  PID:3220
- C:\Windows\System\wJoRUDn.exe
  C:\Windows\System\wJoRUDn.exe
  2⤵
  PID:4028
- C:\Windows\System\GlkATbg.exe
  C:\Windows\System\GlkATbg.exe
  2⤵
  PID:4100
- C:\Windows\System\POqEHXd.exe
  C:\Windows\System\POqEHXd.exe
  2⤵
  PID:4184
- C:\Windows\System\IYExhyd.exe
  C:\Windows\System\IYExhyd.exe
  2⤵
  PID:4260
- C:\Windows\System\xJbYfhn.exe
  C:\Windows\System\xJbYfhn.exe
  2⤵
  PID:4388
- C:\Windows\System\aoWcVFk.exe
  C:\Windows\System\aoWcVFk.exe
  2⤵
  PID:5132
- C:\Windows\System\gxsZlXa.exe
  C:\Windows\System\gxsZlXa.exe
  2⤵
  PID:5152
- C:\Windows\System\KpeMpVV.exe
  C:\Windows\System\KpeMpVV.exe
  2⤵
  PID:5172
- C:\Windows\System\tvWTtcz.exe
  C:\Windows\System\tvWTtcz.exe
  2⤵
  PID:5192
- C:\Windows\System\bUCoJrw.exe
  C:\Windows\System\bUCoJrw.exe
  2⤵
  PID:5212
- C:\Windows\System\rimyfAA.exe
  C:\Windows\System\rimyfAA.exe
  2⤵
  PID:5232
- C:\Windows\System\hNzCnAG.exe
  C:\Windows\System\hNzCnAG.exe
  2⤵
  PID:5252
- C:\Windows\System\xQFTUkM.exe
  C:\Windows\System\xQFTUkM.exe
  2⤵
  PID:5272
- C:\Windows\System\WsUCGoq.exe
  C:\Windows\System\WsUCGoq.exe
  2⤵
  PID:5292
- C:\Windows\System\OoYxeOc.exe
  C:\Windows\System\OoYxeOc.exe
  2⤵
  PID:5312
- C:\Windows\System\ZjTHktq.exe
  C:\Windows\System\ZjTHktq.exe
  2⤵
  PID:5332
- C:\Windows\System\krImPQi.exe
  C:\Windows\System\krImPQi.exe
  2⤵
  PID:5352
- C:\Windows\System\vmqqjJr.exe
  C:\Windows\System\vmqqjJr.exe
  2⤵
  PID:5372
- C:\Windows\System\zWgKPBh.exe
  C:\Windows\System\zWgKPBh.exe
  2⤵
  PID:5392
- C:\Windows\System\anzErct.exe
  C:\Windows\System\anzErct.exe
  2⤵
  PID:5412
- C:\Windows\System\VWcuRQy.exe
  C:\Windows\System\VWcuRQy.exe
  2⤵
  PID:5432
- C:\Windows\System\cNhPaqK.exe
  C:\Windows\System\cNhPaqK.exe
  2⤵
  PID:5452
- C:\Windows\System\mvyjWuh.exe
  C:\Windows\System\mvyjWuh.exe
  2⤵
  PID:5472
- C:\Windows\System\LbSdXDW.exe
  C:\Windows\System\LbSdXDW.exe
  2⤵
  PID:5492
- C:\Windows\System\BrQFakF.exe
  C:\Windows\System\BrQFakF.exe
  2⤵
  PID:5512
- C:\Windows\System\EdEXXpm.exe
  C:\Windows\System\EdEXXpm.exe
  2⤵
  PID:5532
- C:\Windows\System\nwwdkUB.exe
  C:\Windows\System\nwwdkUB.exe
  2⤵
  PID:5552
- C:\Windows\System\IWkzaNH.exe
  C:\Windows\System\IWkzaNH.exe
  2⤵
  PID:5572
- C:\Windows\System\jjqVfdU.exe
  C:\Windows\System\jjqVfdU.exe
  2⤵
  PID:5592
- C:\Windows\System\ItrlolU.exe
  C:\Windows\System\ItrlolU.exe
  2⤵
  PID:5612
- C:\Windows\System\VQRGamD.exe
  C:\Windows\System\VQRGamD.exe
  2⤵
  PID:5632
- C:\Windows\System\mFVinof.exe
  C:\Windows\System\mFVinof.exe
  2⤵
  PID:5652
- C:\Windows\System\ZcwvYmM.exe
  C:\Windows\System\ZcwvYmM.exe
  2⤵
  PID:5672
- C:\Windows\System\tojPIgK.exe
  C:\Windows\System\tojPIgK.exe
  2⤵
  PID:5692
- C:\Windows\System\uwJVWsW.exe
  C:\Windows\System\uwJVWsW.exe
  2⤵
  PID:5712
- C:\Windows\System\jDwJqkX.exe
  C:\Windows\System\jDwJqkX.exe
  2⤵
  PID:5732
- C:\Windows\System\uMUjdgf.exe
  C:\Windows\System\uMUjdgf.exe
  2⤵
  PID:5752
- C:\Windows\System\OjgrBxm.exe
  C:\Windows\System\OjgrBxm.exe
  2⤵
  PID:5772
- C:\Windows\System\BaHcjff.exe
  C:\Windows\System\BaHcjff.exe
  2⤵
  PID:5792
- C:\Windows\System\BsnxFPG.exe
  C:\Windows\System\BsnxFPG.exe
  2⤵
  PID:5812
- C:\Windows\System\Zsjjwui.exe
  C:\Windows\System\Zsjjwui.exe
  2⤵
  PID:5832
- C:\Windows\System\IwgSnEL.exe
  C:\Windows\System\IwgSnEL.exe
  2⤵
  PID:5852
- C:\Windows\System\XtKVTHV.exe
  C:\Windows\System\XtKVTHV.exe
  2⤵
  PID:5872
- C:\Windows\System\pyAWbvY.exe
  C:\Windows\System\pyAWbvY.exe
  2⤵
  PID:5892
- C:\Windows\System\djXPyfz.exe
  C:\Windows\System\djXPyfz.exe
  2⤵
  PID:5912
- C:\Windows\System\evXgQRB.exe
  C:\Windows\System\evXgQRB.exe
  2⤵
  PID:5932
- C:\Windows\System\BTknszz.exe
  C:\Windows\System\BTknszz.exe
  2⤵
  PID:5952
- C:\Windows\System\COyZWpB.exe
  C:\Windows\System\COyZWpB.exe
  2⤵
  PID:5972
- C:\Windows\System\OCTmbpL.exe
  C:\Windows\System\OCTmbpL.exe
  2⤵
  PID:5992
- C:\Windows\System\aaAMPJR.exe
  C:\Windows\System\aaAMPJR.exe
  2⤵
  PID:6016
- C:\Windows\System\sqWkgSl.exe
  C:\Windows\System\sqWkgSl.exe
  2⤵
  PID:6036
- C:\Windows\System\zdMupEZ.exe
  C:\Windows\System\zdMupEZ.exe
  2⤵
  PID:6056
- C:\Windows\System\qnZTTEC.exe
  C:\Windows\System\qnZTTEC.exe
  2⤵
  PID:6076
- C:\Windows\System\eommzVb.exe
  C:\Windows\System\eommzVb.exe
  2⤵
  PID:6096
- C:\Windows\System\QFmOEhG.exe
  C:\Windows\System\QFmOEhG.exe
  2⤵
  PID:6116
- C:\Windows\System\szzgNhX.exe
  C:\Windows\System\szzgNhX.exe
  2⤵
  PID:6136
- C:\Windows\System\uOvYIrb.exe
  C:\Windows\System\uOvYIrb.exe
  2⤵
  PID:4452
- C:\Windows\System\dOcGHGB.exe
  C:\Windows\System\dOcGHGB.exe
  2⤵
  PID:4544
- C:\Windows\System\kZRSUHJ.exe
  C:\Windows\System\kZRSUHJ.exe
  2⤵
  PID:4708
- C:\Windows\System\DzIjJvd.exe
  C:\Windows\System\DzIjJvd.exe
  2⤵
  PID:4788
- C:\Windows\System\ohOWuRt.exe
  C:\Windows\System\ohOWuRt.exe
  2⤵
  PID:4872
- C:\Windows\System\bvuLJAk.exe
  C:\Windows\System\bvuLJAk.exe
  2⤵
  PID:4944
- C:\Windows\System\BXhOtVU.exe
  C:\Windows\System\BXhOtVU.exe
  2⤵
  PID:5032
- C:\Windows\System\SsNFvXn.exe
  C:\Windows\System\SsNFvXn.exe
  2⤵
  PID:2956
- C:\Windows\System\fjIWcBA.exe
  C:\Windows\System\fjIWcBA.exe
  2⤵
  PID:3244
- C:\Windows\System\Tsekqmb.exe
  C:\Windows\System\Tsekqmb.exe
  2⤵
  PID:4276
- C:\Windows\System\LrnqNdA.exe
  C:\Windows\System\LrnqNdA.exe
  2⤵
  PID:4384
- C:\Windows\System\uWTPWvC.exe
  C:\Windows\System\uWTPWvC.exe
  2⤵
  PID:5124
- C:\Windows\System\jaEXhwX.exe
  C:\Windows\System\jaEXhwX.exe
  2⤵
  PID:5144
- C:\Windows\System\NJXHxGy.exe
  C:\Windows\System\NJXHxGy.exe
  2⤵
  PID:5184
- C:\Windows\System\BuogDOu.exe
  C:\Windows\System\BuogDOu.exe
  2⤵
  PID:5228
- C:\Windows\System\RKwrtiI.exe
  C:\Windows\System\RKwrtiI.exe
  2⤵
  PID:5268
- C:\Windows\System\JZCDlnx.exe
  C:\Windows\System\JZCDlnx.exe
  2⤵
  PID:5300
- C:\Windows\System\oHpMUsx.exe
  C:\Windows\System\oHpMUsx.exe
  2⤵
  PID:5324
- C:\Windows\System\pmiiowx.exe
  C:\Windows\System\pmiiowx.exe
  2⤵
  PID:5368
- C:\Windows\System\JQZOWgX.exe
  C:\Windows\System\JQZOWgX.exe
  2⤵
  PID:5400
- C:\Windows\System\DamkqaJ.exe
  C:\Windows\System\DamkqaJ.exe
  2⤵
  PID:5424
- C:\Windows\System\KccueiM.exe
  C:\Windows\System\KccueiM.exe
  2⤵
  PID:5468
- C:\Windows\System\fEBrgtr.exe
  C:\Windows\System\fEBrgtr.exe
  2⤵
  PID:5500
- C:\Windows\System\myeSFbz.exe
  C:\Windows\System\myeSFbz.exe
  2⤵
  PID:5524
- C:\Windows\System\XkXEUlA.exe
  C:\Windows\System\XkXEUlA.exe
  2⤵
  PID:5568
- C:\Windows\System\OwgGGTo.exe
  C:\Windows\System\OwgGGTo.exe
  2⤵
  PID:5600
- C:\Windows\System\YUeWPRS.exe
  C:\Windows\System\YUeWPRS.exe
  2⤵
  PID:5648
- C:\Windows\System\omZNzLw.exe
  C:\Windows\System\omZNzLw.exe
  2⤵
  PID:5668
- C:\Windows\System\BLynNfp.exe
  C:\Windows\System\BLynNfp.exe
  2⤵
  PID:5700
- C:\Windows\System\vtBKVfF.exe
  C:\Windows\System\vtBKVfF.exe
  2⤵
  PID:5704
- C:\Windows\System\SFAASid.exe
  C:\Windows\System\SFAASid.exe
  2⤵
  PID:5768
- C:\Windows\System\INRKEmY.exe
  C:\Windows\System\INRKEmY.exe
  2⤵
  PID:5784
- C:\Windows\System\tzeZfKf.exe
  C:\Windows\System\tzeZfKf.exe
  2⤵
  PID:5840
- C:\Windows\System\mhOKRIc.exe
  C:\Windows\System\mhOKRIc.exe
  2⤵
  PID:5868
- C:\Windows\System\xSVsaeO.exe
  C:\Windows\System\xSVsaeO.exe
  2⤵
  PID:5900
- C:\Windows\System\FQCTFFT.exe
  C:\Windows\System\FQCTFFT.exe
  2⤵
  PID:5924
- C:\Windows\System\KYgGtCI.exe
  C:\Windows\System\KYgGtCI.exe
  2⤵
  PID:5968
- C:\Windows\System\LXVoWJS.exe
  C:\Windows\System\LXVoWJS.exe
  2⤵
  PID:6000
- C:\Windows\System\nZqHMwA.exe
  C:\Windows\System\nZqHMwA.exe
  2⤵
  PID:6032
- C:\Windows\System\PuuFqtM.exe
  C:\Windows\System\PuuFqtM.exe
  2⤵
  PID:6064
- C:\Windows\System\qOczbkt.exe
  C:\Windows\System\qOczbkt.exe
  2⤵
  PID:6088
- C:\Windows\System\vHXZKLf.exe
  C:\Windows\System\vHXZKLf.exe
  2⤵
  PID:6132
- C:\Windows\System\ktuJZDw.exe
  C:\Windows\System\ktuJZDw.exe
  2⤵
  PID:4444
- C:\Windows\System\gKLzFbe.exe
  C:\Windows\System\gKLzFbe.exe
  2⤵
  PID:4628
- C:\Windows\System\gSJaItP.exe
  C:\Windows\System\gSJaItP.exe
  2⤵
  PID:4904
- C:\Windows\System\gYVElXf.exe
  C:\Windows\System\gYVElXf.exe
  2⤵
  PID:5028
- C:\Windows\System\reppMuC.exe
  C:\Windows\System\reppMuC.exe
  2⤵
  PID:5112
- C:\Windows\System\rIJmJyQ.exe
  C:\Windows\System\rIJmJyQ.exe
  2⤵
  PID:108
- C:\Windows\System\OcpIdcS.exe
  C:\Windows\System\OcpIdcS.exe
  2⤵
  PID:4256
- C:\Windows\System\lgXKevd.exe
  C:\Windows\System\lgXKevd.exe
  2⤵
  PID:5148
- C:\Windows\System\ekWCBeV.exe
  C:\Windows\System\ekWCBeV.exe
  2⤵
  PID:5248
- C:\Windows\System\qUsgUIV.exe
  C:\Windows\System\qUsgUIV.exe
  2⤵
  PID:5280
- C:\Windows\System\UInaaiD.exe
  C:\Windows\System\UInaaiD.exe
  2⤵
  PID:5304
- C:\Windows\System\aYEgOjp.exe
  C:\Windows\System\aYEgOjp.exe
  2⤵
  PID:5384
- C:\Windows\System\JgBdvBX.exe
  C:\Windows\System\JgBdvBX.exe
  2⤵
  PID:5448
- C:\Windows\System\AXrORCQ.exe
  C:\Windows\System\AXrORCQ.exe
  2⤵
  PID:5484
- C:\Windows\System\PfMvwvh.exe
  C:\Windows\System\PfMvwvh.exe
  2⤵
  PID:5548
- C:\Windows\System\GMbKxTB.exe
  C:\Windows\System\GMbKxTB.exe
  2⤵
  PID:5588
- C:\Windows\System\QtPHvTK.exe
  C:\Windows\System\QtPHvTK.exe
  2⤵
  PID:5620
- C:\Windows\System\gCiPWOd.exe
  C:\Windows\System\gCiPWOd.exe
  2⤵
  PID:5728
- C:\Windows\System\GNsbnNe.exe
  C:\Windows\System\GNsbnNe.exe
  2⤵
  PID:5788
- C:\Windows\System\nQRQZrm.exe
  C:\Windows\System\nQRQZrm.exe
  2⤵
  PID:5824
- C:\Windows\System\drqFcJa.exe
  C:\Windows\System\drqFcJa.exe
  2⤵
  PID:5844
- C:\Windows\System\sllUJSd.exe
  C:\Windows\System\sllUJSd.exe
  2⤵
  PID:5928
- C:\Windows\System\SECYHIH.exe
  C:\Windows\System\SECYHIH.exe
  2⤵
  PID:5944
- C:\Windows\System\SgKwpzI.exe
  C:\Windows\System\SgKwpzI.exe
  2⤵
  PID:6044
- C:\Windows\System\aeDmsJx.exe
  C:\Windows\System\aeDmsJx.exe
  2⤵
  PID:6092
- C:\Windows\System\SoQEnfE.exe
  C:\Windows\System\SoQEnfE.exe
  2⤵
  PID:4572
- C:\Windows\System\MxuVGyI.exe
  C:\Windows\System\MxuVGyI.exe
  2⤵
  PID:4552
- C:\Windows\System\CTdXIAE.exe
  C:\Windows\System\CTdXIAE.exe
  2⤵
  PID:4892
- C:\Windows\System\yGmLLBO.exe
  C:\Windows\System\yGmLLBO.exe
  2⤵
  PID:3608
- C:\Windows\System\LbzxnPy.exe
  C:\Windows\System\LbzxnPy.exe
  2⤵
  PID:4300
- C:\Windows\System\jRzWKEh.exe
  C:\Windows\System\jRzWKEh.exe
  2⤵
  PID:5204
- C:\Windows\System\nqUDTJj.exe
  C:\Windows\System\nqUDTJj.exe
  2⤵
  PID:5344
- C:\Windows\System\rETWXmK.exe
  C:\Windows\System\rETWXmK.exe
  2⤵
  PID:5348
- C:\Windows\System\amRghBW.exe
  C:\Windows\System\amRghBW.exe
  2⤵
  PID:5480
- C:\Windows\System\wepyVMA.exe
  C:\Windows\System\wepyVMA.exe
  2⤵
  PID:5528
- C:\Windows\System\VPeXBZX.exe
  C:\Windows\System\VPeXBZX.exe
  2⤵
  PID:5660
- C:\Windows\System\gCEbfVN.exe
  C:\Windows\System\gCEbfVN.exe
  2⤵
  PID:5744
- C:\Windows\System\WbVLQOr.exe
  C:\Windows\System\WbVLQOr.exe
  2⤵
  PID:5828
- C:\Windows\System\XOltkJU.exe
  C:\Windows\System\XOltkJU.exe
  2⤵
  PID:6160
- C:\Windows\System\kAJMkVA.exe
  C:\Windows\System\kAJMkVA.exe
  2⤵
  PID:6180
- C:\Windows\System\NnfgwWX.exe
  C:\Windows\System\NnfgwWX.exe
  2⤵
  PID:6200
- C:\Windows\System\nuXKiJP.exe
  C:\Windows\System\nuXKiJP.exe
  2⤵
  PID:6220
- C:\Windows\System\PjItExN.exe
  C:\Windows\System\PjItExN.exe
  2⤵
  PID:6240
- C:\Windows\System\iofbxDb.exe
  C:\Windows\System\iofbxDb.exe
  2⤵
  PID:6260
- C:\Windows\System\HiLBEJY.exe
  C:\Windows\System\HiLBEJY.exe
  2⤵
  PID:6280
- C:\Windows\System\YBcDVAE.exe
  C:\Windows\System\YBcDVAE.exe
  2⤵
  PID:6300
- C:\Windows\System\DNMEtsi.exe
  C:\Windows\System\DNMEtsi.exe
  2⤵
  PID:6320
- C:\Windows\System\XBOhbOD.exe
  C:\Windows\System\XBOhbOD.exe
  2⤵
  PID:6340
- C:\Windows\System\rPeopPv.exe
  C:\Windows\System\rPeopPv.exe
  2⤵
  PID:6360
- C:\Windows\System\aguVdnB.exe
  C:\Windows\System\aguVdnB.exe
  2⤵
  PID:6380
- C:\Windows\System\dqlzqni.exe
  C:\Windows\System\dqlzqni.exe
  2⤵
  PID:6400
- C:\Windows\System\LJHOnWv.exe
  C:\Windows\System\LJHOnWv.exe
  2⤵
  PID:6420
- C:\Windows\System\hKCVcDg.exe
  C:\Windows\System\hKCVcDg.exe
  2⤵
  PID:6444
- C:\Windows\System\zTKFUwi.exe
  C:\Windows\System\zTKFUwi.exe
  2⤵
  PID:6464
- C:\Windows\System\mfXqYXe.exe
  C:\Windows\System\mfXqYXe.exe
  2⤵
  PID:6484
- C:\Windows\System\uQcFEEJ.exe
  C:\Windows\System\uQcFEEJ.exe
  2⤵
  PID:6504
- C:\Windows\System\PBMJYfo.exe
  C:\Windows\System\PBMJYfo.exe
  2⤵
  PID:6524
- C:\Windows\System\KAYPyZB.exe
  C:\Windows\System\KAYPyZB.exe
  2⤵
  PID:6544
- C:\Windows\System\AnePXRC.exe
  C:\Windows\System\AnePXRC.exe
  2⤵
  PID:6564
- C:\Windows\System\LlWVrwE.exe
  C:\Windows\System\LlWVrwE.exe
  2⤵
  PID:6584
- C:\Windows\System\rlGrDOe.exe
  C:\Windows\System\rlGrDOe.exe
  2⤵
  PID:6604
- C:\Windows\System\IUFtAtN.exe
  C:\Windows\System\IUFtAtN.exe
  2⤵
  PID:6624
- C:\Windows\System\pAhaNxi.exe
  C:\Windows\System\pAhaNxi.exe
  2⤵
  PID:6644
- C:\Windows\System\hIjTpXD.exe
  C:\Windows\System\hIjTpXD.exe
  2⤵
  PID:6664
- C:\Windows\System\rfYoChy.exe
  C:\Windows\System\rfYoChy.exe
  2⤵
  PID:6684
- C:\Windows\System\EbCYMDW.exe
  C:\Windows\System\EbCYMDW.exe
  2⤵
  PID:6704
- C:\Windows\System\IjzVwXu.exe
  C:\Windows\System\IjzVwXu.exe
  2⤵
  PID:6724
- C:\Windows\System\meHnosl.exe
  C:\Windows\System\meHnosl.exe
  2⤵
  PID:6744
- C:\Windows\System\MqXSflr.exe
  C:\Windows\System\MqXSflr.exe
  2⤵
  PID:6764
- C:\Windows\System\CqUxzEz.exe
  C:\Windows\System\CqUxzEz.exe
  2⤵
  PID:6784
- C:\Windows\System\AwFTxNT.exe
  C:\Windows\System\AwFTxNT.exe
  2⤵
  PID:6804
- C:\Windows\System\oHWubSZ.exe
  C:\Windows\System\oHWubSZ.exe
  2⤵
  PID:6824
- C:\Windows\System\iPJgHQI.exe
  C:\Windows\System\iPJgHQI.exe
  2⤵
  PID:6844
- C:\Windows\System\StAWfRX.exe
  C:\Windows\System\StAWfRX.exe
  2⤵
  PID:6864
- C:\Windows\System\mhHUHpi.exe
  C:\Windows\System\mhHUHpi.exe
  2⤵
  PID:6884
- C:\Windows\System\vvYDSyR.exe
  C:\Windows\System\vvYDSyR.exe
  2⤵
  PID:6904
- C:\Windows\System\VkjLbnK.exe
  C:\Windows\System\VkjLbnK.exe
  2⤵
  PID:6924
- C:\Windows\System\CEVPySc.exe
  C:\Windows\System\CEVPySc.exe
  2⤵
  PID:6944
- C:\Windows\System\GpIxlQH.exe
  C:\Windows\System\GpIxlQH.exe
  2⤵
  PID:6964
- C:\Windows\System\xvLzReL.exe
  C:\Windows\System\xvLzReL.exe
  2⤵
  PID:6984
- C:\Windows\System\pAGkZyw.exe
  C:\Windows\System\pAGkZyw.exe
  2⤵
  PID:7004
- C:\Windows\System\xNjvFvL.exe
  C:\Windows\System\xNjvFvL.exe
  2⤵
  PID:7024
- C:\Windows\System\aWmywnc.exe
  C:\Windows\System\aWmywnc.exe
  2⤵
  PID:7044
- C:\Windows\System\eNiXLno.exe
  C:\Windows\System\eNiXLno.exe
  2⤵
  PID:7064
- C:\Windows\System\GPKcsSk.exe
  C:\Windows\System\GPKcsSk.exe
  2⤵
  PID:7084
- C:\Windows\System\pHZtRZb.exe
  C:\Windows\System\pHZtRZb.exe
  2⤵
  PID:7104
- C:\Windows\System\giknZIc.exe
  C:\Windows\System\giknZIc.exe
  2⤵
  PID:7124
- C:\Windows\System\XxQHBtG.exe
  C:\Windows\System\XxQHBtG.exe
  2⤵
  PID:7144
- C:\Windows\System\VUDQHJN.exe
  C:\Windows\System\VUDQHJN.exe
  2⤵
  PID:7160
- C:\Windows\System\EUoyeEC.exe
  C:\Windows\System\EUoyeEC.exe
  2⤵
  PID:5948
- C:\Windows\System\YYynIBp.exe
  C:\Windows\System\YYynIBp.exe
  2⤵
  PID:6004
- C:\Windows\System\yceleGY.exe
  C:\Windows\System\yceleGY.exe
  2⤵
  PID:6052
- C:\Windows\System\SrPDfFx.exe
  C:\Windows\System\SrPDfFx.exe
  2⤵
  PID:4728
- C:\Windows\System\NrHaPOx.exe
  C:\Windows\System\NrHaPOx.exe
  2⤵
  PID:4160
- C:\Windows\System\cfLrXnK.exe
  C:\Windows\System\cfLrXnK.exe
  2⤵
  PID:5244
- C:\Windows\System\SKmzAqK.exe
  C:\Windows\System\SKmzAqK.exe
  2⤵
  PID:5328
- C:\Windows\System\IfBfElR.exe
  C:\Windows\System\IfBfElR.exe
  2⤵
  PID:5420
- C:\Windows\System\FdISdrL.exe
  C:\Windows\System\FdISdrL.exe
  2⤵
  PID:5688
- C:\Windows\System\AFiVCAQ.exe
  C:\Windows\System\AFiVCAQ.exe
  2⤵
  PID:5684
- C:\Windows\System\qFzdfDh.exe
  C:\Windows\System\qFzdfDh.exe
  2⤵
  PID:6148
- C:\Windows\System\DBMygih.exe
  C:\Windows\System\DBMygih.exe
  2⤵
  PID:6188
- C:\Windows\System\nILNStC.exe
  C:\Windows\System\nILNStC.exe
  2⤵
  PID:6212
- C:\Windows\System\eNqZuCn.exe
  C:\Windows\System\eNqZuCn.exe
  2⤵
  PID:6256
- C:\Windows\System\HoMkpvN.exe
  C:\Windows\System\HoMkpvN.exe
  2⤵
  PID:6272
- C:\Windows\System\VRzPrLx.exe
  C:\Windows\System\VRzPrLx.exe
  2⤵
  PID:6328
- C:\Windows\System\ZGFxTPp.exe
  C:\Windows\System\ZGFxTPp.exe
  2⤵
  PID:6356
- C:\Windows\System\zyHdwZu.exe
  C:\Windows\System\zyHdwZu.exe
  2⤵
  PID:6372
- C:\Windows\System\olISDOd.exe
  C:\Windows\System\olISDOd.exe
  2⤵
  PID:6412
- C:\Windows\System\aTRyABg.exe
  C:\Windows\System\aTRyABg.exe
  2⤵
  PID:6432
- C:\Windows\System\PhjKcTy.exe
  C:\Windows\System\PhjKcTy.exe
  2⤵
  PID:6476
- C:\Windows\System\FfLWOmg.exe
  C:\Windows\System\FfLWOmg.exe
  2⤵
  PID:6516
- C:\Windows\System\kAUMBdJ.exe
  C:\Windows\System\kAUMBdJ.exe
  2⤵
  PID:6560
- C:\Windows\System\aOQHnIB.exe
  C:\Windows\System\aOQHnIB.exe
  2⤵
  PID:6592
- C:\Windows\System\eRYVVHY.exe
  C:\Windows\System\eRYVVHY.exe
  2⤵
  PID:6616
- C:\Windows\System\cYDqoDV.exe
  C:\Windows\System\cYDqoDV.exe
  2⤵
  PID:6660
- C:\Windows\System\lvawhvu.exe
  C:\Windows\System\lvawhvu.exe
  2⤵
  PID:6680
- C:\Windows\System\gGQNvsR.exe
  C:\Windows\System\gGQNvsR.exe
  2⤵
  PID:6740
- C:\Windows\System\aSltztA.exe
  C:\Windows\System\aSltztA.exe
  2⤵
  PID:6780
- C:\Windows\System\kzBZMmx.exe
  C:\Windows\System\kzBZMmx.exe
  2⤵
  PID:6792
- C:\Windows\System\SSfjlIw.exe
  C:\Windows\System\SSfjlIw.exe
  2⤵
  PID:6816
- C:\Windows\System\DthPlrK.exe
  C:\Windows\System\DthPlrK.exe
  2⤵
  PID:6836
- C:\Windows\System\VLWOHWa.exe
  C:\Windows\System\VLWOHWa.exe
  2⤵
  PID:6900
- C:\Windows\System\ZWAjzne.exe
  C:\Windows\System\ZWAjzne.exe
  2⤵
  PID:6912
- C:\Windows\System\LYkwTan.exe
  C:\Windows\System\LYkwTan.exe
  2⤵
  PID:6960
- C:\Windows\System\LUbzTAr.exe
  C:\Windows\System\LUbzTAr.exe
  2⤵
  PID:7012
- C:\Windows\System\iWGXNvb.exe
  C:\Windows\System\iWGXNvb.exe
  2⤵
  PID:6996
- C:\Windows\System\hvNBVxT.exe
  C:\Windows\System\hvNBVxT.exe
  2⤵
  PID:7056
- C:\Windows\System\psvAdkx.exe
  C:\Windows\System\psvAdkx.exe
  2⤵
  PID:7076
- C:\Windows\System\XyJcHyZ.exe
  C:\Windows\System\XyJcHyZ.exe
  2⤵
  PID:7120
- C:\Windows\System\TzoJAzd.exe
  C:\Windows\System\TzoJAzd.exe
  2⤵
  PID:1572
- C:\Windows\System\UrALSqK.exe
  C:\Windows\System\UrALSqK.exe
  2⤵
  PID:6072
- C:\Windows\System\iIbnGLH.exe
  C:\Windows\System\iIbnGLH.exe
  2⤵
  PID:6124
- C:\Windows\System\EQZCaqe.exe
  C:\Windows\System\EQZCaqe.exe
  2⤵
  PID:4792
- C:\Windows\System\VLCSBcS.exe
  C:\Windows\System\VLCSBcS.exe
  2⤵
  PID:5200
- C:\Windows\System\PFfPBhA.exe
  C:\Windows\System\PFfPBhA.exe
  2⤵
  PID:5380
- C:\Windows\System\TAahYjw.exe
  C:\Windows\System\TAahYjw.exe
  2⤵
  PID:2520
- C:\Windows\System\TzWMQQA.exe
  C:\Windows\System\TzWMQQA.exe
  2⤵
  PID:6176
- C:\Windows\System\FlATrHJ.exe
  C:\Windows\System\FlATrHJ.exe
  2⤵
  PID:6192
- C:\Windows\System\zjjCmVX.exe
  C:\Windows\System\zjjCmVX.exe
  2⤵
  PID:1856
- C:\Windows\System\puKveBm.exe
  C:\Windows\System\puKveBm.exe
  2⤵
  PID:2540
- C:\Windows\System\gSNIgBy.exe
  C:\Windows\System\gSNIgBy.exe
  2⤵
  PID:6316
- C:\Windows\System\mHqjnlv.exe
  C:\Windows\System\mHqjnlv.exe
  2⤵
  PID:6408
- C:\Windows\System\PXCKQzx.exe
  C:\Windows\System\PXCKQzx.exe
  2⤵
  PID:6492
- C:\Windows\System\gGQsJGU.exe
  C:\Windows\System\gGQsJGU.exe
  2⤵
  PID:6540
- C:\Windows\System\DTQGTtB.exe
  C:\Windows\System\DTQGTtB.exe
  2⤵
  PID:6572
- C:\Windows\System\NvxLtun.exe
  C:\Windows\System\NvxLtun.exe
  2⤵
  PID:6612
- C:\Windows\System\YdsWPCg.exe
  C:\Windows\System\YdsWPCg.exe
  2⤵
  PID:6672
- C:\Windows\System\WPZMASL.exe
  C:\Windows\System\WPZMASL.exe
  2⤵
  PID:6732
- C:\Windows\System\KiaKGUU.exe
  C:\Windows\System\KiaKGUU.exe
  2⤵
  PID:6776
- C:\Windows\System\bGvgDvd.exe
  C:\Windows\System\bGvgDvd.exe
  2⤵
  PID:6892
- C:\Windows\System\GVvSrah.exe
  C:\Windows\System\GVvSrah.exe
  2⤵
  PID:6872
- C:\Windows\System\egXFCoy.exe
  C:\Windows\System\egXFCoy.exe
  2⤵
  PID:6936
- C:\Windows\System\VSuDGkg.exe
  C:\Windows\System\VSuDGkg.exe
  2⤵
  PID:6976
- C:\Windows\System\tSQbOpe.exe
  C:\Windows\System\tSQbOpe.exe
  2⤵
  PID:7060
- C:\Windows\System\flehaYk.exe
  C:\Windows\System\flehaYk.exe
  2⤵
  PID:7140
- C:\Windows\System\HNyFsDd.exe
  C:\Windows\System\HNyFsDd.exe
  2⤵
  PID:5820
- C:\Windows\System\uDUvnWT.exe
  C:\Windows\System\uDUvnWT.exe
  2⤵
  PID:4568
- C:\Windows\System\IMtxOvl.exe
  C:\Windows\System\IMtxOvl.exe
  2⤵
  PID:5128
- C:\Windows\System\fDeKQoX.exe
  C:\Windows\System\fDeKQoX.exe
  2⤵
  PID:5428
- C:\Windows\System\IVEdzmz.exe
  C:\Windows\System\IVEdzmz.exe
  2⤵
  PID:2368
- C:\Windows\System\bBRWxPP.exe
  C:\Windows\System\bBRWxPP.exe
  2⤵
  PID:6248
- C:\Windows\System\UfXXedX.exe
  C:\Windows\System\UfXXedX.exe
  2⤵
  PID:6396
- C:\Windows\System\XygDQth.exe
  C:\Windows\System\XygDQth.exe
  2⤵
  PID:6376
- C:\Windows\System\QEDMlrC.exe
  C:\Windows\System\QEDMlrC.exe
  2⤵
  PID:6460
- C:\Windows\System\UjkcaWH.exe
  C:\Windows\System\UjkcaWH.exe
  2⤵
  PID:6580
- C:\Windows\System\xzMIcjh.exe
  C:\Windows\System\xzMIcjh.exe
  2⤵
  PID:2900
- C:\Windows\System\NENObRK.exe
  C:\Windows\System\NENObRK.exe
  2⤵
  PID:6736
- C:\Windows\System\VvwrAyt.exe
  C:\Windows\System\VvwrAyt.exe
  2⤵
  PID:6860
- C:\Windows\System\CzpbFOH.exe
  C:\Windows\System\CzpbFOH.exe
  2⤵
  PID:2184
- C:\Windows\System\yajExOV.exe
  C:\Windows\System\yajExOV.exe
  2⤵
  PID:7032
- C:\Windows\System\GstpVNC.exe
  C:\Windows\System\GstpVNC.exe
  2⤵
  PID:7072
- C:\Windows\System\mXzPgDj.exe
  C:\Windows\System\mXzPgDj.exe
  2⤵
  PID:7132
- C:\Windows\System\VGyHuzF.exe
  C:\Windows\System\VGyHuzF.exe
  2⤵
  PID:5980
- C:\Windows\System\HKlSDtT.exe
  C:\Windows\System\HKlSDtT.exe
  2⤵
  PID:6216
- C:\Windows\System\rVARNzC.exe
  C:\Windows\System\rVARNzC.exe
  2⤵
  PID:6268
- C:\Windows\System\gyeTNhU.exe
  C:\Windows\System\gyeTNhU.exe
  2⤵
  PID:6332
- C:\Windows\System\HydtEcm.exe
  C:\Windows\System\HydtEcm.exe
  2⤵
  PID:7184
- C:\Windows\System\ZYuJJMd.exe
  C:\Windows\System\ZYuJJMd.exe
  2⤵
  PID:7204
- C:\Windows\System\mFhFzUe.exe
  C:\Windows\System\mFhFzUe.exe
  2⤵
  PID:7224
- C:\Windows\System\DtYUhYs.exe
  C:\Windows\System\DtYUhYs.exe
  2⤵
  PID:7244
- C:\Windows\System\dAKtYaw.exe
  C:\Windows\System\dAKtYaw.exe
  2⤵
  PID:7264
- C:\Windows\System\TNqrJkS.exe
  C:\Windows\System\TNqrJkS.exe
  2⤵
  PID:7284
- C:\Windows\System\flKWHgA.exe
  C:\Windows\System\flKWHgA.exe
  2⤵
  PID:7304
- C:\Windows\System\BCxZqNp.exe
  C:\Windows\System\BCxZqNp.exe
  2⤵
  PID:7320
- C:\Windows\System\rVBPNpQ.exe
  C:\Windows\System\rVBPNpQ.exe
  2⤵
  PID:7344
- C:\Windows\System\IZINaAJ.exe
  C:\Windows\System\IZINaAJ.exe
  2⤵
  PID:7364
- C:\Windows\System\WWjjcnY.exe
  C:\Windows\System\WWjjcnY.exe
  2⤵
  PID:7384
- C:\Windows\System\JgAsOKt.exe
  C:\Windows\System\JgAsOKt.exe
  2⤵
  PID:7404
- C:\Windows\System\ulgjgvW.exe
  C:\Windows\System\ulgjgvW.exe
  2⤵
  PID:7420
- C:\Windows\System\uNWzZvk.exe
  C:\Windows\System\uNWzZvk.exe
  2⤵
  PID:7436
- C:\Windows\System\CvOnhEN.exe
  C:\Windows\System\CvOnhEN.exe
  2⤵
  PID:7460
- C:\Windows\System\xurwLJB.exe
  C:\Windows\System\xurwLJB.exe
  2⤵
  PID:7484
- C:\Windows\System\MFUNuZr.exe
  C:\Windows\System\MFUNuZr.exe
  2⤵
  PID:7504
- C:\Windows\System\JKHemkx.exe
  C:\Windows\System\JKHemkx.exe
  2⤵
  PID:7524
- C:\Windows\System\jZFlEdB.exe
  C:\Windows\System\jZFlEdB.exe
  2⤵
  PID:7544
- C:\Windows\System\DbuWbpk.exe
  C:\Windows\System\DbuWbpk.exe
  2⤵
  PID:7564
- C:\Windows\System\PhHmbDM.exe
  C:\Windows\System\PhHmbDM.exe
  2⤵
  PID:7584
- C:\Windows\System\WihweSB.exe
  C:\Windows\System\WihweSB.exe
  2⤵
  PID:7608
- C:\Windows\System\YajJYwp.exe
  C:\Windows\System\YajJYwp.exe
  2⤵
  PID:7628
- C:\Windows\System\VgdsXIw.exe
  C:\Windows\System\VgdsXIw.exe
  2⤵
  PID:7648
- C:\Windows\System\tMJBzvs.exe
  C:\Windows\System\tMJBzvs.exe
  2⤵
  PID:7668
- C:\Windows\System\fEUcvqM.exe
  C:\Windows\System\fEUcvqM.exe
  2⤵
  PID:7688
- C:\Windows\System\fJnAluV.exe
  C:\Windows\System\fJnAluV.exe
  2⤵
  PID:7708
- C:\Windows\System\IeachOC.exe
  C:\Windows\System\IeachOC.exe
  2⤵
  PID:7728
- C:\Windows\System\yHuYmhd.exe
  C:\Windows\System\yHuYmhd.exe
  2⤵
  PID:7748
- C:\Windows\System\DmRILTS.exe
  C:\Windows\System\DmRILTS.exe
  2⤵
  PID:7768
- C:\Windows\System\UGjvrZT.exe
  C:\Windows\System\UGjvrZT.exe
  2⤵
  PID:7784
- C:\Windows\System\FfQJfyG.exe
  C:\Windows\System\FfQJfyG.exe
  2⤵
  PID:7800
- C:\Windows\System\WojWTSv.exe
  C:\Windows\System\WojWTSv.exe
  2⤵
  PID:7824
- C:\Windows\System\AkTfVtp.exe
  C:\Windows\System\AkTfVtp.exe
  2⤵
  PID:7848
- C:\Windows\System\RTDJXpy.exe
  C:\Windows\System\RTDJXpy.exe
  2⤵
  PID:7868
- C:\Windows\System\jtinsMy.exe
  C:\Windows\System\jtinsMy.exe
  2⤵
  PID:7888
- C:\Windows\System\pvegxKi.exe
  C:\Windows\System\pvegxKi.exe
  2⤵
  PID:7908
- C:\Windows\System\iOPJVLj.exe
  C:\Windows\System\iOPJVLj.exe
  2⤵
  PID:7928
- C:\Windows\System\aBBMLrG.exe
  C:\Windows\System\aBBMLrG.exe
  2⤵
  PID:7948
- C:\Windows\System\hdxzsjg.exe
  C:\Windows\System\hdxzsjg.exe
  2⤵
  PID:7968
- C:\Windows\System\CwaUweM.exe
  C:\Windows\System\CwaUweM.exe
  2⤵
  PID:7988
- C:\Windows\System\BURwbTX.exe
  C:\Windows\System\BURwbTX.exe
  2⤵
  PID:8008
- C:\Windows\System\CVSHuEx.exe
  C:\Windows\System\CVSHuEx.exe
  2⤵
  PID:8028
- C:\Windows\System\WzTlBXV.exe
  C:\Windows\System\WzTlBXV.exe
  2⤵
  PID:8048
- C:\Windows\System\ZJgPdgH.exe
  C:\Windows\System\ZJgPdgH.exe
  2⤵
  PID:8068
- C:\Windows\System\UVFewLI.exe
  C:\Windows\System\UVFewLI.exe
  2⤵
  PID:8088
- C:\Windows\System\iHimXAs.exe
  C:\Windows\System\iHimXAs.exe
  2⤵
  PID:8108
- C:\Windows\System\NzDgfAq.exe
  C:\Windows\System\NzDgfAq.exe
  2⤵
  PID:8128
- C:\Windows\System\nBDKEAG.exe
  C:\Windows\System\nBDKEAG.exe
  2⤵
  PID:8148
- C:\Windows\System\ubGzooF.exe
  C:\Windows\System\ubGzooF.exe
  2⤵
  PID:8168
- C:\Windows\System\SNNJzPx.exe
  C:\Windows\System\SNNJzPx.exe
  2⤵
  PID:8188
- C:\Windows\System\DrYZuXk.exe
  C:\Windows\System\DrYZuXk.exe
  2⤵
  PID:6520
- C:\Windows\System\FLYyFYc.exe
  C:\Windows\System\FLYyFYc.exe
  2⤵
  PID:6692
- C:\Windows\System\FmPZkzc.exe
  C:\Windows\System\FmPZkzc.exe
  2⤵
  PID:6640
- C:\Windows\System\CULpXyF.exe
  C:\Windows\System\CULpXyF.exe
  2⤵
  PID:6952
- C:\Windows\System\CErJjdq.exe
  C:\Windows\System\CErJjdq.exe
  2⤵
  PID:7152
- C:\Windows\System\xWpWLNR.exe
  C:\Windows\System\xWpWLNR.exe
  2⤵
  PID:2880
- C:\Windows\System\SbJvxlE.exe
  C:\Windows\System\SbJvxlE.exe
  2⤵
  PID:5988
- C:\Windows\System\wRvwWuo.exe
  C:\Windows\System\wRvwWuo.exe
  2⤵
  PID:5724
- C:\Windows\System\KZMJQEq.exe
  C:\Windows\System\KZMJQEq.exe
  2⤵
  PID:7196
- C:\Windows\System\GdgYZoR.exe
  C:\Windows\System\GdgYZoR.exe
  2⤵
  PID:7240
- C:\Windows\System\xjdYoWE.exe
  C:\Windows\System\xjdYoWE.exe
  2⤵
  PID:7252
- C:\Windows\System\fIDSrOl.exe
  C:\Windows\System\fIDSrOl.exe
  2⤵
  PID:7280
- C:\Windows\System\HKJhJqK.exe
  C:\Windows\System\HKJhJqK.exe
  2⤵
  PID:7296
- C:\Windows\System\BHbfsGY.exe
  C:\Windows\System\BHbfsGY.exe
  2⤵
  PID:7332
- C:\Windows\System\MyQVStM.exe
  C:\Windows\System\MyQVStM.exe
  2⤵
  PID:7372
- C:\Windows\System\nwkwzux.exe
  C:\Windows\System\nwkwzux.exe
  2⤵
  PID:7428
- C:\Windows\System\LLMFAvL.exe
  C:\Windows\System\LLMFAvL.exe
  2⤵
  PID:7416
- C:\Windows\System\KkwlxUx.exe
  C:\Windows\System\KkwlxUx.exe
  2⤵
  PID:7480
- C:\Windows\System\tFKWKSg.exe
  C:\Windows\System\tFKWKSg.exe
  2⤵
  PID:7444
- C:\Windows\System\zDlkNoP.exe
  C:\Windows\System\zDlkNoP.exe
  2⤵
  PID:7500
- C:\Windows\System\Mxcrxmo.exe
  C:\Windows\System\Mxcrxmo.exe
  2⤵
  PID:7552
- C:\Windows\System\dKWtFqq.exe
  C:\Windows\System\dKWtFqq.exe
  2⤵
  PID:7536
- C:\Windows\System\RiCQtmB.exe
  C:\Windows\System\RiCQtmB.exe
  2⤵
  PID:7572
- C:\Windows\System\qCpmSjA.exe
  C:\Windows\System\qCpmSjA.exe
  2⤵
  PID:7576
- C:\Windows\System\AkDOohY.exe
  C:\Windows\System\AkDOohY.exe
  2⤵
  PID:7624
- C:\Windows\System\dtZnCHv.exe
  C:\Windows\System\dtZnCHv.exe
  2⤵
  PID:7676
- C:\Windows\System\LIHFNPN.exe
  C:\Windows\System\LIHFNPN.exe
  2⤵
  PID:7696
- C:\Windows\System\IraGJxS.exe
  C:\Windows\System\IraGJxS.exe
  2⤵
  PID:7756
- C:\Windows\System\MvjBRDL.exe
  C:\Windows\System\MvjBRDL.exe
  2⤵
  PID:7816
- C:\Windows\System\SJBpljK.exe
  C:\Windows\System\SJBpljK.exe
  2⤵
  PID:7840
- C:\Windows\System\uwOaEOM.exe
  C:\Windows\System\uwOaEOM.exe
  2⤵
  PID:7864
- C:\Windows\System\YqXfTBO.exe
  C:\Windows\System\YqXfTBO.exe
  2⤵
  PID:7896
- C:\Windows\System\FfmVodC.exe
  C:\Windows\System\FfmVodC.exe
  2⤵
  PID:7904
- C:\Windows\System\esiSMws.exe
  C:\Windows\System\esiSMws.exe
  2⤵
  PID:7964
- C:\Windows\System\olnYKQd.exe
  C:\Windows\System\olnYKQd.exe
  2⤵
  PID:1220
- C:\Windows\System\dwdVxdy.exe
  C:\Windows\System\dwdVxdy.exe
  2⤵
  PID:1876
- C:\Windows\System\uzVvLZf.exe
  C:\Windows\System\uzVvLZf.exe
  2⤵
  PID:8020
- C:\Windows\System\kxORisc.exe
  C:\Windows\System\kxORisc.exe
  2⤵
  PID:8076
- C:\Windows\System\ZpZhpuh.exe
  C:\Windows\System\ZpZhpuh.exe
  2⤵
  PID:8060
- C:\Windows\System\fVMBtPu.exe
  C:\Windows\System\fVMBtPu.exe
  2⤵
  PID:8160
- C:\Windows\System\kfInLND.exe
  C:\Windows\System\kfInLND.exe
  2⤵
  PID:6800
- C:\Windows\System\TXNxSRd.exe
  C:\Windows\System\TXNxSRd.exe
  2⤵
  PID:7112
- C:\Windows\System\ZZyTSPC.exe
  C:\Windows\System\ZZyTSPC.exe
  2⤵
  PID:6880
- C:\Windows\System\uhlfZaO.exe
  C:\Windows\System\uhlfZaO.exe
  2⤵
  PID:6172
- C:\Windows\System\ubwpCLX.exe
  C:\Windows\System\ubwpCLX.exe
  2⤵
  PID:7200
- C:\Windows\System\DFBsLJV.exe
  C:\Windows\System\DFBsLJV.exe
  2⤵
  PID:6288
- C:\Windows\System\ePBCXtV.exe
  C:\Windows\System\ePBCXtV.exe
  2⤵
  PID:7180
- C:\Windows\System\eARfcBD.exe
  C:\Windows\System\eARfcBD.exe
  2⤵
  PID:7176
- C:\Windows\System\NApjXAF.exe
  C:\Windows\System\NApjXAF.exe
  2⤵
  PID:7312
- C:\Windows\System\rPuJVFu.exe
  C:\Windows\System\rPuJVFu.exe
  2⤵
  PID:2944
- C:\Windows\System\HqKfSit.exe
  C:\Windows\System\HqKfSit.exe
  2⤵
  PID:2604
- C:\Windows\System\rFdHTzj.exe
  C:\Windows\System\rFdHTzj.exe
  2⤵
  PID:2808
- C:\Windows\System\CGwEkTI.exe
  C:\Windows\System\CGwEkTI.exe
  2⤵
  PID:7412
- C:\Windows\System\JMJvUyA.exe
  C:\Windows\System\JMJvUyA.exe
  2⤵
  PID:7468
- C:\Windows\System\wjZolxL.exe
  C:\Windows\System\wjZolxL.exe
  2⤵
  PID:7520
- C:\Windows\System\jEHwWkp.exe
  C:\Windows\System\jEHwWkp.exe
  2⤵
  PID:2664
- C:\Windows\System\pCbQQtW.exe
  C:\Windows\System\pCbQQtW.exe
  2⤵
  PID:2672
- C:\Windows\System\qfyuwaB.exe
  C:\Windows\System\qfyuwaB.exe
  2⤵
  PID:484
- C:\Windows\System\Fqocxmo.exe
  C:\Windows\System\Fqocxmo.exe
  2⤵
  PID:7716
- C:\Windows\System\DLFkaSG.exe
  C:\Windows\System\DLFkaSG.exe
  2⤵
  PID:2408
- C:\Windows\System\STpCoSf.exe
  C:\Windows\System\STpCoSf.exe
  2⤵
  PID:444
- C:\Windows\System\btjgGbl.exe
  C:\Windows\System\btjgGbl.exe
  2⤵
  PID:7760
- C:\Windows\System\bmlzHMo.exe
  C:\Windows\System\bmlzHMo.exe
  2⤵
  PID:2948
- C:\Windows\System\zozfvdH.exe
  C:\Windows\System\zozfvdH.exe
  2⤵
  PID:7808
- C:\Windows\System\QXIrGxy.exe
  C:\Windows\System\QXIrGxy.exe
  2⤵
  PID:7956
- C:\Windows\System\NWAfZxf.exe
  C:\Windows\System\NWAfZxf.exe
  2⤵
  PID:8004
- C:\Windows\System\dxAYQCL.exe
  C:\Windows\System\dxAYQCL.exe
  2⤵
  PID:8056
- C:\Windows\System\EcKVajw.exe
  C:\Windows\System\EcKVajw.exe
  2⤵
  PID:7980
- C:\Windows\System\TcvYAxq.exe
  C:\Windows\System\TcvYAxq.exe
  2⤵
  PID:7876
- C:\Windows\System\tZHWXJv.exe
  C:\Windows\System\tZHWXJv.exe
  2⤵
  PID:8016
- C:\Windows\System\tcvhxoA.exe
  C:\Windows\System\tcvhxoA.exe
  2⤵
  PID:2336
- C:\Windows\System\RUdrlUY.exe
  C:\Windows\System\RUdrlUY.exe
  2⤵
  PID:8136
- C:\Windows\System\DUrdkzp.exe
  C:\Windows\System\DUrdkzp.exe
  2⤵
  PID:6536
- C:\Windows\System\ThPQFeG.exe
  C:\Windows\System\ThPQFeG.exe
  2⤵
  PID:5520
- C:\Windows\System\bhzAlNi.exe
  C:\Windows\System\bhzAlNi.exe
  2⤵
  PID:6236
- C:\Windows\System\YUwUhET.exe
  C:\Windows\System\YUwUhET.exe
  2⤵
  PID:7192
- C:\Windows\System\NtfHeDt.exe
  C:\Windows\System\NtfHeDt.exe
  2⤵
  PID:1908
- C:\Windows\System\Qscgkfq.exe
  C:\Windows\System\Qscgkfq.exe
  2⤵
  PID:7392
- C:\Windows\System\eGCkNfV.exe
  C:\Windows\System\eGCkNfV.exe
  2⤵
  PID:7456
- C:\Windows\System\HmPyMwr.exe
  C:\Windows\System\HmPyMwr.exe
  2⤵
  PID:7604
- C:\Windows\System\UmrgvEi.exe
  C:\Windows\System\UmrgvEi.exe
  2⤵
  PID:3036
- C:\Windows\System\iAfMLfY.exe
  C:\Windows\System\iAfMLfY.exe
  2⤵
  PID:1372
- C:\Windows\System\MqvrXqy.exe
  C:\Windows\System\MqvrXqy.exe
  2⤵
  PID:7580
- C:\Windows\System\QFKoWgD.exe
  C:\Windows\System\QFKoWgD.exe
  2⤵
  PID:7724
- C:\Windows\System\tHvAdcl.exe
  C:\Windows\System\tHvAdcl.exe
  2⤵
  PID:2932
- C:\Windows\System\kUGcDJA.exe
  C:\Windows\System\kUGcDJA.exe
  2⤵
  PID:7936
- C:\Windows\System\GpNKutc.exe
  C:\Windows\System\GpNKutc.exe
  2⤵
  PID:7836
- C:\Windows\System\RwDxeXz.exe
  C:\Windows\System\RwDxeXz.exe
  2⤵
  PID:7232
- C:\Windows\System\hdYhxnn.exe
  C:\Windows\System\hdYhxnn.exe
  2⤵
  PID:7764
- C:\Windows\System\urmCxLG.exe
  C:\Windows\System\urmCxLG.exe
  2⤵
  PID:7744
- C:\Windows\System\QgTYLFb.exe
  C:\Windows\System\QgTYLFb.exe
  2⤵
  PID:7920
- C:\Windows\System\PIoPjgI.exe
  C:\Windows\System\PIoPjgI.exe
  2⤵
  PID:5180
- C:\Windows\System\CTkVJRz.exe
  C:\Windows\System\CTkVJRz.exe
  2⤵
  PID:7680
- C:\Windows\System\aNYpnQx.exe
  C:\Windows\System\aNYpnQx.exe
  2⤵
  PID:8164
- C:\Windows\System\rQyyswt.exe
  C:\Windows\System\rQyyswt.exe
  2⤵
  PID:7720
- C:\Windows\System\FaRIsSB.exe
  C:\Windows\System\FaRIsSB.exe
  2⤵
  PID:8236
- C:\Windows\System\sfdzfUs.exe
  C:\Windows\System\sfdzfUs.exe
  2⤵
  PID:8252
- C:\Windows\System\TOwRDPl.exe
  C:\Windows\System\TOwRDPl.exe
  2⤵
  PID:8268
- C:\Windows\System\kJzpFoQ.exe
  C:\Windows\System\kJzpFoQ.exe
  2⤵
  PID:8288
- C:\Windows\System\ITOSyps.exe
  C:\Windows\System\ITOSyps.exe
  2⤵
  PID:8304
- C:\Windows\System\eEhVQgT.exe
  C:\Windows\System\eEhVQgT.exe
  2⤵
  PID:8320
- C:\Windows\System\UTlBpEk.exe
  C:\Windows\System\UTlBpEk.exe
  2⤵
  PID:8336
- C:\Windows\System\lsdFZOt.exe
  C:\Windows\System\lsdFZOt.exe
  2⤵
  PID:8352
- C:\Windows\System\aDMSXBZ.exe
  C:\Windows\System\aDMSXBZ.exe
  2⤵
  PID:8368
- C:\Windows\System\OkMAcLA.exe
  C:\Windows\System\OkMAcLA.exe
  2⤵
  PID:8384
- C:\Windows\System\bBzNjxg.exe
  C:\Windows\System\bBzNjxg.exe
  2⤵
  PID:8424
- C:\Windows\System\wxpnpVJ.exe
  C:\Windows\System\wxpnpVJ.exe
  2⤵
  PID:8440
- C:\Windows\System\uxlEyNk.exe
  C:\Windows\System\uxlEyNk.exe
  2⤵
  PID:8456
- C:\Windows\System\ZVxRWhh.exe
  C:\Windows\System\ZVxRWhh.exe
  2⤵
  PID:8484
- C:\Windows\System\VCRPuPn.exe
  C:\Windows\System\VCRPuPn.exe
  2⤵
  PID:8500
- C:\Windows\System\nxvpmxA.exe
  C:\Windows\System\nxvpmxA.exe
  2⤵
  PID:8516
- C:\Windows\System\GPYBxOp.exe
  C:\Windows\System\GPYBxOp.exe
  2⤵
  PID:8532
- C:\Windows\System\dnOtRDE.exe
  C:\Windows\System\dnOtRDE.exe
  2⤵
  PID:8548
- C:\Windows\System\tmXuqoI.exe
  C:\Windows\System\tmXuqoI.exe
  2⤵
  PID:8564
- C:\Windows\System\ATaPSco.exe
  C:\Windows\System\ATaPSco.exe
  2⤵
  PID:8580
- C:\Windows\System\gifrpGx.exe
  C:\Windows\System\gifrpGx.exe
  2⤵
  PID:8596
- C:\Windows\System\LgXJEXK.exe
  C:\Windows\System\LgXJEXK.exe
  2⤵
  PID:8612
- C:\Windows\System\QXmfcxx.exe
  C:\Windows\System\QXmfcxx.exe
  2⤵
  PID:8628
- C:\Windows\System\jipwhlx.exe
  C:\Windows\System\jipwhlx.exe
  2⤵
  PID:8644
- C:\Windows\System\bNPhYhK.exe
  C:\Windows\System\bNPhYhK.exe
  2⤵
  PID:8660
- C:\Windows\System\qphwjmL.exe
  C:\Windows\System\qphwjmL.exe
  2⤵
  PID:8676
- C:\Windows\System\LezlTQa.exe
  C:\Windows\System\LezlTQa.exe
  2⤵
  PID:8692
- C:\Windows\System\MlcABPT.exe
  C:\Windows\System\MlcABPT.exe
  2⤵
  PID:8708
- C:\Windows\System\VAOHMbH.exe
  C:\Windows\System\VAOHMbH.exe
  2⤵
  PID:8724
- C:\Windows\System\JeoMLdq.exe
  C:\Windows\System\JeoMLdq.exe
  2⤵
  PID:8740
- C:\Windows\System\dixEkBg.exe
  C:\Windows\System\dixEkBg.exe
  2⤵
  PID:8756
- C:\Windows\System\XnoDkRe.exe
  C:\Windows\System\XnoDkRe.exe
  2⤵
  PID:8788
- C:\Windows\System\MUhUQkn.exe
  C:\Windows\System\MUhUQkn.exe
  2⤵
  PID:8804
- C:\Windows\System\tHyvpdk.exe
  C:\Windows\System\tHyvpdk.exe
  2⤵
  PID:8828
- C:\Windows\System\sHBgiMn.exe
  C:\Windows\System\sHBgiMn.exe
  2⤵
  PID:8844
- C:\Windows\System\TdrArrr.exe
  C:\Windows\System\TdrArrr.exe
  2⤵
  PID:8860
- C:\Windows\System\IJILZCA.exe
  C:\Windows\System\IJILZCA.exe
  2⤵
  PID:8876
- C:\Windows\System\fXnOJKs.exe
  C:\Windows\System\fXnOJKs.exe
  2⤵
  PID:8892
- C:\Windows\System\FpQjHBt.exe
  C:\Windows\System\FpQjHBt.exe
  2⤵
  PID:8908
- C:\Windows\System\PLqzbhv.exe
  C:\Windows\System\PLqzbhv.exe
  2⤵
  PID:8924
- C:\Windows\System\JCAWamG.exe
  C:\Windows\System\JCAWamG.exe
  2⤵
  PID:8940
- C:\Windows\System\xHIbPYU.exe
  C:\Windows\System\xHIbPYU.exe
  2⤵
  PID:9028
- C:\Windows\System\GpFUSxm.exe
  C:\Windows\System\GpFUSxm.exe
  2⤵
  PID:9056
- C:\Windows\System\nDbdpbY.exe
  C:\Windows\System\nDbdpbY.exe
  2⤵
  PID:9072
- C:\Windows\System\SUUkdxm.exe
  C:\Windows\System\SUUkdxm.exe
  2⤵
  PID:9088
- C:\Windows\System\CDCVtpX.exe
  C:\Windows\System\CDCVtpX.exe
  2⤵
  PID:9104
- C:\Windows\System\YyrSKWI.exe
  C:\Windows\System\YyrSKWI.exe
  2⤵
  PID:9120
- C:\Windows\System\WVJmMyx.exe
  C:\Windows\System\WVJmMyx.exe
  2⤵
  PID:9136
- C:\Windows\System\yHWsLbW.exe
  C:\Windows\System\yHWsLbW.exe
  2⤵
  PID:9152
- C:\Windows\System\hSPRNgp.exe
  C:\Windows\System\hSPRNgp.exe
  2⤵
  PID:9168
- C:\Windows\System\QKNrnPW.exe
  C:\Windows\System\QKNrnPW.exe
  2⤵
  PID:9184
- C:\Windows\System\kLDKWtV.exe
  C:\Windows\System\kLDKWtV.exe
  2⤵
  PID:9200
- C:\Windows\System\LQZdahe.exe
  C:\Windows\System\LQZdahe.exe
  2⤵
  PID:1920
- C:\Windows\System\xfpNtbI.exe
  C:\Windows\System\xfpNtbI.exe
  2⤵
  PID:6352
- C:\Windows\System\Amcxsze.exe
  C:\Windows\System\Amcxsze.exe
  2⤵
  PID:2776
- C:\Windows\System\CGnsIYR.exe
  C:\Windows\System\CGnsIYR.exe
  2⤵
  PID:8200
- C:\Windows\System\nYaouJI.exe
  C:\Windows\System\nYaouJI.exe
  2⤵
  PID:8216
- C:\Windows\System\SLWKWvm.exe
  C:\Windows\System\SLWKWvm.exe
  2⤵
  PID:8232
- C:\Windows\System\yczsWxA.exe
  C:\Windows\System\yczsWxA.exe
  2⤵
  PID:7292
- C:\Windows\System\LpAEdVB.exe
  C:\Windows\System\LpAEdVB.exe
  2⤵
  PID:7472
- C:\Windows\System\UdYFIGR.exe
  C:\Windows\System\UdYFIGR.exe
  2⤵
  PID:7944
- C:\Windows\System\bpNkKMx.exe
  C:\Windows\System\bpNkKMx.exe
  2⤵
  PID:7328
- C:\Windows\System\CWSwUvM.exe
  C:\Windows\System\CWSwUvM.exe
  2⤵
  PID:7452
- C:\Windows\System\qHpSZPM.exe
  C:\Windows\System\qHpSZPM.exe
  2⤵
  PID:784
- C:\Windows\System\yUzxijO.exe
  C:\Windows\System\yUzxijO.exe
  2⤵
  PID:8296
- C:\Windows\System\IMOeSCe.exe
  C:\Windows\System\IMOeSCe.exe
  2⤵
  PID:8332
- C:\Windows\System\MXvMPKZ.exe
  C:\Windows\System\MXvMPKZ.exe
  2⤵
  PID:8360
- C:\Windows\System\YSCMITo.exe
  C:\Windows\System\YSCMITo.exe
  2⤵
  PID:8400
- C:\Windows\System\geQxGfN.exe
  C:\Windows\System\geQxGfN.exe
  2⤵
  PID:8404
- C:\Windows\System\BIlSKHK.exe
  C:\Windows\System\BIlSKHK.exe
  2⤵
  PID:8380
- C:\Windows\System\ZBfwSPJ.exe
  C:\Windows\System\ZBfwSPJ.exe
  2⤵
  PID:8452
- C:\Windows\System\lrWYpKi.exe
  C:\Windows\System\lrWYpKi.exe
  2⤵
  PID:8508
- C:\Windows\System\vJVXaje.exe
  C:\Windows\System\vJVXaje.exe
  2⤵
  PID:8492
- C:\Windows\System\UNvSQYA.exe
  C:\Windows\System\UNvSQYA.exe
  2⤵
  PID:8556
- C:\Windows\System\SddcQWt.exe
  C:\Windows\System\SddcQWt.exe
  2⤵
  PID:8652
- C:\Windows\System\YmGpqGt.exe
  C:\Windows\System\YmGpqGt.exe
  2⤵
  PID:8716
- C:\Windows\System\mmIbOXf.exe
  C:\Windows\System\mmIbOXf.exe
  2⤵
  PID:8576
- C:\Windows\System\MauMvLm.exe
  C:\Windows\System\MauMvLm.exe
  2⤵
  PID:8640
- C:\Windows\System\XIvogEZ.exe
  C:\Windows\System\XIvogEZ.exe
  2⤵
  PID:8704
- C:\Windows\System\sJmrXyF.exe
  C:\Windows\System\sJmrXyF.exe
  2⤵
  PID:8752
- C:\Windows\System\BpTTZLW.exe
  C:\Windows\System\BpTTZLW.exe
  2⤵
  PID:8776
- C:\Windows\System\RTlEuwH.exe
  C:\Windows\System\RTlEuwH.exe
  2⤵
  PID:8836
- C:\Windows\System\pDvvwIV.exe
  C:\Windows\System\pDvvwIV.exe
  2⤵
  PID:8820
- C:\Windows\System\rBdIhMO.exe
  C:\Windows\System\rBdIhMO.exe
  2⤵
  PID:8868
- C:\Windows\System\fsvxzXC.exe
  C:\Windows\System\fsvxzXC.exe
  2⤵
  PID:8932
- C:\Windows\System\fSmKFYT.exe
  C:\Windows\System\fSmKFYT.exe
  2⤵
  PID:8916
- C:\Windows\System\tQNJnOx.exe
  C:\Windows\System\tQNJnOx.exe
  2⤵
  PID:8992
- C:\Windows\System\UbuQpgp.exe
  C:\Windows\System\UbuQpgp.exe
  2⤵
  PID:8976
- C:\Windows\System\PJIpDnS.exe
  C:\Windows\System\PJIpDnS.exe
  2⤵
  PID:9012
- C:\Windows\System\IRdmteQ.exe
  C:\Windows\System\IRdmteQ.exe
  2⤵
  PID:9052
- C:\Windows\System\LBIUUMk.exe
  C:\Windows\System\LBIUUMk.exe
  2⤵
  PID:9064
- C:\Windows\System\HcHhwrL.exe
  C:\Windows\System\HcHhwrL.exe
  2⤵
  PID:9128
- C:\Windows\System\ouVAlzV.exe
  C:\Windows\System\ouVAlzV.exe
  2⤵
  PID:9196
- C:\Windows\System\QkqBqQE.exe
  C:\Windows\System\QkqBqQE.exe
  2⤵
  PID:9112
- C:\Windows\System\MvmlVpP.exe
  C:\Windows\System\MvmlVpP.exe
  2⤵
  PID:2912
- C:\Windows\System\CzguJin.exe
  C:\Windows\System\CzguJin.exe
  2⤵
  PID:8040
- C:\Windows\System\HoLUqzh.exe
  C:\Windows\System\HoLUqzh.exe
  2⤵
  PID:9208
- C:\Windows\System\sxRJXIz.exe
  C:\Windows\System\sxRJXIz.exe
  2⤵
  PID:8260
- C:\Windows\System\qvZRFHi.exe
  C:\Windows\System\qvZRFHi.exe
  2⤵
  PID:7656
- C:\Windows\System\SiQSQPW.exe
  C:\Windows\System\SiQSQPW.exe
  2⤵
  PID:8264
- C:\Windows\System\ATbHroj.exe
  C:\Windows\System\ATbHroj.exe
  2⤵
  PID:8300
- C:\Windows\System\dwbDEHP.exe
  C:\Windows\System\dwbDEHP.exe
  2⤵
  PID:8344
- C:\Windows\System\PGqXWnX.exe
  C:\Windows\System\PGqXWnX.exe
  2⤵
  PID:8448
- C:\Windows\System\oEZJaOn.exe
  C:\Windows\System\oEZJaOn.exe
  2⤵
  PID:8588
- C:\Windows\System\srrdjpC.exe
  C:\Windows\System\srrdjpC.exe
  2⤵
  PID:8396
- C:\Windows\System\QbICIcO.exe
  C:\Windows\System\QbICIcO.exe
  2⤵
  PID:8524
- C:\Windows\System\ZXDrxhc.exe
  C:\Windows\System\ZXDrxhc.exe
  2⤵
  PID:8608
- C:\Windows\System\MmdYggq.exe
  C:\Windows\System\MmdYggq.exe
  2⤵
  PID:8592
- C:\Windows\System\xVCBlsR.exe
  C:\Windows\System\xVCBlsR.exe
  2⤵
  PID:8816
- C:\Windows\System\LjRWYnn.exe
  C:\Windows\System\LjRWYnn.exe
  2⤵
  PID:8572
- C:\Windows\System\KRcajxq.exe
  C:\Windows\System\KRcajxq.exe
  2⤵
  PID:8852
- C:\Windows\System\aHfkNJb.exe
  C:\Windows\System\aHfkNJb.exe
  2⤵
  PID:8736
- C:\Windows\System\lmNyzvQ.exe
  C:\Windows\System\lmNyzvQ.exe
  2⤵
  PID:8472
- C:\Windows\System\xWJjSHR.exe
  C:\Windows\System\xWJjSHR.exe
  2⤵
  PID:9044
- C:\Windows\System\KOUuwHt.exe
  C:\Windows\System\KOUuwHt.exe
  2⤵
  PID:9160
- C:\Windows\System\NxRSZDz.exe
  C:\Windows\System\NxRSZDz.exe
  2⤵
  PID:8224
- C:\Windows\System\mIaUFim.exe
  C:\Windows\System\mIaUFim.exe
  2⤵
  PID:8364
- C:\Windows\System\NSQpMSy.exe
  C:\Windows\System\NSQpMSy.exe
  2⤵
  PID:8316
- C:\Windows\System\aJEcJYl.exe
  C:\Windows\System\aJEcJYl.exe
  2⤵
  PID:9008
- C:\Windows\System\JDSVDZh.exe
  C:\Windows\System\JDSVDZh.exe
  2⤵
  PID:8416
- C:\Windows\System\UoNqUnC.exe
  C:\Windows\System\UoNqUnC.exe
  2⤵
  PID:8748
- C:\Windows\System\gNfZNyJ.exe
  C:\Windows\System\gNfZNyJ.exe
  2⤵
  PID:9020
- C:\Windows\System\iodrHeL.exe
  C:\Windows\System\iodrHeL.exe
  2⤵
  PID:8784
- C:\Windows\System\UGwqmsj.exe
  C:\Windows\System\UGwqmsj.exe
  2⤵
  PID:2240
- C:\Windows\System\ZbKdpbz.exe
  C:\Windows\System\ZbKdpbz.exe
  2⤵
  PID:9220
- C:\Windows\System\fGFrYwm.exe
  C:\Windows\System\fGFrYwm.exe
  2⤵
  PID:9256
- C:\Windows\System\kUdYBsH.exe
  C:\Windows\System\kUdYBsH.exe
  2⤵
  PID:9276
- C:\Windows\System\NUQpret.exe
  C:\Windows\System\NUQpret.exe
  2⤵
  PID:9292
- C:\Windows\System\pJRylIl.exe
  C:\Windows\System\pJRylIl.exe
  2⤵
  PID:9308
- C:\Windows\System\GZBKPPR.exe
  C:\Windows\System\GZBKPPR.exe
  2⤵
  PID:9324
- C:\Windows\System\QeZXANf.exe
  C:\Windows\System\QeZXANf.exe
  2⤵
  PID:9340
- C:\Windows\System\OzeZhYv.exe
  C:\Windows\System\OzeZhYv.exe
  2⤵
  PID:9356
- C:\Windows\System\UOxVRwH.exe
  C:\Windows\System\UOxVRwH.exe
  2⤵
  PID:9376
- C:\Windows\System\jjFAemT.exe
  C:\Windows\System\jjFAemT.exe
  2⤵
  PID:9392
- C:\Windows\System\UwKsaQF.exe
  C:\Windows\System\UwKsaQF.exe
  2⤵
  PID:9408
- C:\Windows\System\UMewifO.exe
  C:\Windows\System\UMewifO.exe
  2⤵
  PID:9424
- C:\Windows\System\sViTZaO.exe
  C:\Windows\System\sViTZaO.exe
  2⤵
  PID:9440
- C:\Windows\System\YsLLXAC.exe
  C:\Windows\System\YsLLXAC.exe
  2⤵
  PID:9456
- C:\Windows\System\EhrjTkw.exe
  C:\Windows\System\EhrjTkw.exe
  2⤵
  PID:9472
- C:\Windows\System\hvNpHKN.exe
  C:\Windows\System\hvNpHKN.exe
  2⤵
  PID:9488
- C:\Windows\System\QnRnCki.exe
  C:\Windows\System\QnRnCki.exe
  2⤵
  PID:9504
- C:\Windows\System\KpSXNKd.exe
  C:\Windows\System\KpSXNKd.exe
  2⤵
  PID:9520
- C:\Windows\System\DffHpMb.exe
  C:\Windows\System\DffHpMb.exe
  2⤵
  PID:9540
- C:\Windows\System\bwwpMAz.exe
  C:\Windows\System\bwwpMAz.exe
  2⤵
  PID:9560
- C:\Windows\System\XCWhNNh.exe
  C:\Windows\System\XCWhNNh.exe
  2⤵
  PID:9576
- C:\Windows\System\TMLRjgG.exe
  C:\Windows\System\TMLRjgG.exe
  2⤵
  PID:9592
- C:\Windows\System\IjQQvlb.exe
  C:\Windows\System\IjQQvlb.exe
  2⤵
  PID:9608
- C:\Windows\System\mvCzPnp.exe
  C:\Windows\System\mvCzPnp.exe
  2⤵
  PID:9624
- C:\Windows\System\EKJxcWc.exe
  C:\Windows\System\EKJxcWc.exe
  2⤵
  PID:9640
- C:\Windows\System\WeViIqN.exe
  C:\Windows\System\WeViIqN.exe
  2⤵
  PID:9660
- C:\Windows\System\LFGMmSd.exe
  C:\Windows\System\LFGMmSd.exe
  2⤵
  PID:9680
- C:\Windows\System\pSbPDlD.exe
  C:\Windows\System\pSbPDlD.exe
  2⤵
  PID:9712
- C:\Windows\System\twRuPlk.exe
  C:\Windows\System\twRuPlk.exe
  2⤵
  PID:9732
- C:\Windows\System\DaDmiEt.exe
  C:\Windows\System\DaDmiEt.exe
  2⤵
  PID:9748
- C:\Windows\System\zOyiTkx.exe
  C:\Windows\System\zOyiTkx.exe
  2⤵
  PID:9764
- C:\Windows\System\cDIQGKv.exe
  C:\Windows\System\cDIQGKv.exe
  2⤵
  PID:9780
- C:\Windows\System\UdjLhFn.exe
  C:\Windows\System\UdjLhFn.exe
  2⤵
  PID:9796
- C:\Windows\System\JgFezsb.exe
  C:\Windows\System\JgFezsb.exe
  2⤵
  PID:9812
- C:\Windows\System\VJokcwW.exe
  C:\Windows\System\VJokcwW.exe
  2⤵
  PID:9828
- C:\Windows\System\kibNMIx.exe
  C:\Windows\System\kibNMIx.exe
  2⤵
  PID:9844
- C:\Windows\System\CSBFePG.exe
  C:\Windows\System\CSBFePG.exe
  2⤵
  PID:9864
- C:\Windows\System\oqrJImJ.exe
  C:\Windows\System\oqrJImJ.exe
  2⤵
  PID:9880
- C:\Windows\System\sROpYDP.exe
  C:\Windows\System\sROpYDP.exe
  2⤵
  PID:9896
- C:\Windows\System\WrjOJOq.exe
  C:\Windows\System\WrjOJOq.exe
  2⤵
  PID:9912
- C:\Windows\System\BFlUvAn.exe
  C:\Windows\System\BFlUvAn.exe
  2⤵
  PID:9928
- C:\Windows\System\TEjEgZl.exe
  C:\Windows\System\TEjEgZl.exe
  2⤵
  PID:9944
- C:\Windows\System\WbHPIMa.exe
  C:\Windows\System\WbHPIMa.exe
  2⤵
  PID:9960
- C:\Windows\System\stfmKTu.exe
  C:\Windows\System\stfmKTu.exe
  2⤵
  PID:9976
- C:\Windows\System\HeWjNct.exe
  C:\Windows\System\HeWjNct.exe
  2⤵
  PID:9992
- C:\Windows\System\gIJrlrq.exe
  C:\Windows\System\gIJrlrq.exe
  2⤵
  PID:10032
- C:\Windows\System\fvCOYFo.exe
  C:\Windows\System\fvCOYFo.exe
  2⤵
  PID:10048
- C:\Windows\System\OamsmTA.exe
  C:\Windows\System\OamsmTA.exe
  2⤵
  PID:10148
- C:\Windows\System\OfdRwKY.exe
  C:\Windows\System\OfdRwKY.exe
  2⤵
  PID:10188
- C:\Windows\System\SefLprp.exe
  C:\Windows\System\SefLprp.exe
  2⤵
  PID:10208
- C:\Windows\System\YUXPoBs.exe
  C:\Windows\System\YUXPoBs.exe
  2⤵
  PID:10232
- C:\Windows\System\BPKqfZe.exe
  C:\Windows\System\BPKqfZe.exe
  2⤵
  PID:9268
- C:\Windows\System\SQMnvnA.exe
  C:\Windows\System\SQMnvnA.exe
  2⤵
  PID:9364
- C:\Windows\System\lrWbSAk.exe
  C:\Windows\System\lrWbSAk.exe
  2⤵
  PID:8960
- C:\Windows\System\TCDcCUf.exe
  C:\Windows\System\TCDcCUf.exe
  2⤵
  PID:8212
- C:\Windows\System\vcEQDrC.exe
  C:\Windows\System\vcEQDrC.exe
  2⤵
  PID:9384
- C:\Windows\System\HoBlAYt.exe
  C:\Windows\System\HoBlAYt.exe
  2⤵
  PID:9480
- C:\Windows\System\QPMBTiJ.exe
  C:\Windows\System\QPMBTiJ.exe
  2⤵
  PID:8772
- C:\Windows\System\gguUNIX.exe
  C:\Windows\System\gguUNIX.exe
  2⤵
  PID:8392
- C:\Windows\System\rRxGApq.exe
  C:\Windows\System\rRxGApq.exe
  2⤵
  PID:7360
- C:\Windows\System\wtMESxT.exe
  C:\Windows\System\wtMESxT.exe
  2⤵
  PID:8248
- C:\Windows\System\EoCponw.exe
  C:\Windows\System\EoCponw.exe
  2⤵
  PID:9432
- C:\Windows\System\lKmJCkt.exe
  C:\Windows\System\lKmJCkt.exe
  2⤵
  PID:9556
- C:\Windows\System\dIiaxih.exe
  C:\Windows\System\dIiaxih.exe
  2⤵
  PID:9604
- C:\Windows\System\QOGTZbd.exe
  C:\Windows\System\QOGTZbd.exe
  2⤵
  PID:9696
- C:\Windows\System\HqSCzkY.exe
  C:\Windows\System\HqSCzkY.exe
  2⤵
  PID:9772
- C:\Windows\System\jyfqAhL.exe
  C:\Windows\System\jyfqAhL.exe
  2⤵
  PID:9872
- C:\Windows\System\nMEviOZ.exe
  C:\Windows\System\nMEviOZ.exe
  2⤵
  PID:9904
- C:\Windows\System\fwLWNTz.exe
  C:\Windows\System\fwLWNTz.exe
  2⤵
  PID:9968
- C:\Windows\System\wcewwaj.exe
  C:\Windows\System\wcewwaj.exe
  2⤵
  PID:10008
- C:\Windows\System\GAQFaRT.exe
  C:\Windows\System\GAQFaRT.exe
  2⤵
  PID:9672
- C:\Windows\System\AgMbJEH.exe
  C:\Windows\System\AgMbJEH.exe
  2⤵
  PID:9724
- C:\Windows\System\qDYbIfU.exe
  C:\Windows\System\qDYbIfU.exe
  2⤵
  PID:9788
- C:\Windows\System\xYxdWia.exe
  C:\Windows\System\xYxdWia.exe
  2⤵
  PID:9852
- C:\Windows\System\PkAJGIC.exe
  C:\Windows\System\PkAJGIC.exe
  2⤵
  PID:9892
- C:\Windows\System\mnXzdNU.exe
  C:\Windows\System\mnXzdNU.exe
  2⤵
  PID:10040
- C:\Windows\System\sPLXOyj.exe
  C:\Windows\System\sPLXOyj.exe
  2⤵
  PID:10164
- C:\Windows\System\lfKcKeL.exe
  C:\Windows\System\lfKcKeL.exe
  2⤵
  PID:10176
- C:\Windows\System\SzSmbXZ.exe
  C:\Windows\System\SzSmbXZ.exe
  2⤵
  PID:10220
- C:\Windows\System\QFHuqJB.exe
  C:\Windows\System\QFHuqJB.exe
  2⤵
  PID:10108
- C:\Windows\System\vdPZAjN.exe
  C:\Windows\System\vdPZAjN.exe
  2⤵
  PID:10128
- C:\Windows\System\jQfiZRy.exe
  C:\Windows\System\jQfiZRy.exe
  2⤵
  PID:10200
- C:\Windows\System\MHVzxCW.exe
  C:\Windows\System\MHVzxCW.exe
  2⤵
  PID:8948
- C:\Windows\System\WmXbmOI.exe
  C:\Windows\System\WmXbmOI.exe
  2⤵
  PID:9304
- C:\Windows\System\odZeqoW.exe
  C:\Windows\System\odZeqoW.exe
  2⤵
  PID:9532
- C:\Windows\System\WZvQnfy.exe
  C:\Windows\System\WZvQnfy.exe
  2⤵
  PID:10084
- C:\Windows\System\PaBsLyQ.exe
  C:\Windows\System\PaBsLyQ.exe
  2⤵
  PID:9284
- C:\Windows\System\DGBkIBc.exe
  C:\Windows\System\DGBkIBc.exe
  2⤵
  PID:9232
- C:\Windows\System\ZAiHMsC.exe
  C:\Windows\System\ZAiHMsC.exe
  2⤵
  PID:9448
- C:\Windows\System\dJMWsEC.exe
  C:\Windows\System\dJMWsEC.exe
  2⤵
  PID:8468
- C:\Windows\System\dHNFjRe.exe
  C:\Windows\System\dHNFjRe.exe
  2⤵
  PID:9180
- C:\Windows\System\pEoSuiU.exe
  C:\Windows\System\pEoSuiU.exe
  2⤵
  PID:9500
- C:\Windows\System\ndWNtUQ.exe
  C:\Windows\System\ndWNtUQ.exe
  2⤵
  PID:9572
- C:\Windows\System\nXjzScy.exe
  C:\Windows\System\nXjzScy.exe
  2⤵
  PID:9656
- C:\Windows\System\thbvWgT.exe
  C:\Windows\System\thbvWgT.exe
  2⤵
  PID:9740
- C:\Windows\System\OPfdkHX.exe
  C:\Windows\System\OPfdkHX.exe
  2⤵
  PID:9096
- C:\Windows\System\xoCUkCV.exe
  C:\Windows\System\xoCUkCV.exe
  2⤵
  PID:9820
- C:\Windows\System\CLQLQph.exe
  C:\Windows\System\CLQLQph.exe
  2⤵
  PID:10056
- C:\Windows\System\qwhFXaB.exe
  C:\Windows\System\qwhFXaB.exe
  2⤵
  PID:9760
- C:\Windows\System\ObXMbWR.exe
  C:\Windows\System\ObXMbWR.exe
  2⤵
  PID:9952
- C:\Windows\System\EfHByQg.exe
  C:\Windows\System\EfHByQg.exe
  2⤵
  PID:10168
- C:\Windows\System\ldoiYmT.exe
  C:\Windows\System\ldoiYmT.exe
  2⤵
  PID:10096
- C:\Windows\System\cffxNPP.exe
  C:\Windows\System\cffxNPP.exe
  2⤵
  PID:10076
- C:\Windows\System\TBNbFLq.exe
  C:\Windows\System\TBNbFLq.exe
  2⤵
  PID:10116
- C:\Windows\System\oYFnXHj.exe
  C:\Windows\System\oYFnXHj.exe
  2⤵
  PID:8968
- C:\Windows\System\siblRza.exe
  C:\Windows\System\siblRza.exe
  2⤵
  PID:3056
- C:\Windows\System\zlpGRvp.exe
  C:\Windows\System\zlpGRvp.exe
  2⤵
  PID:9416
- C:\Windows\System\QnuPDyD.exe
  C:\Windows\System\QnuPDyD.exe
  2⤵
  PID:9516
- C:\Windows\System\QkIYpkh.exe
  C:\Windows\System\QkIYpkh.exe
  2⤵
  PID:9552
- C:\Windows\System\CVVylMZ.exe
  C:\Windows\System\CVVylMZ.exe
  2⤵
  PID:9616
- C:\Windows\System\EXsRRua.exe
  C:\Windows\System\EXsRRua.exe
  2⤵
  PID:9244
- C:\Windows\System\VGkCrsy.exe
  C:\Windows\System\VGkCrsy.exe
  2⤵
  PID:9588
- C:\Windows\System\ntDJCjX.exe
  C:\Windows\System\ntDJCjX.exe
  2⤵
  PID:9720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BIiNnVJ.exe

Filesize
6.0MB

MD5
0131c590b4e2d45dfa16aeef672ce835

SHA1
14c90f2b0cfee1959bb8864e9513dfa84b9609fe

SHA256
e86bdb468bbdb6a3763bc2735555f19d9823bf9a2ce150e6f507b1c8c8b3a279

SHA512
67d50880a2169e98986d78e56585c6e8ed8931c9864b848224cd1d1f9041f9639265f2c53b45ab06ebce5dcb05a0cce59a38f2c4a18a270efac03d5729e6c333

Download Submit
C:\Windows\system\CqIjSYu.exe

Filesize
6.0MB

MD5
69e7c013d2025addabb5500b56548de9

SHA1
5868ac1eaf137f7203161d37f4cec51d5492eb8a

SHA256
9e2966895b7da0b579d368a91d2db43938a2664babb944cdbd78dea05be23107

SHA512
ea7c780c26503ebf37cfeb7d7e8c0df3daba0f31b5646c32865601b2cae4a870696ef348b21ff67082fe530716271ca79152bc77e082003bc86fd8921d465374

Download Submit
C:\Windows\system\DAzRCdZ.exe

Filesize
6.0MB

MD5
5dae0b3c60b45e213afb623d7667a6ea

SHA1
3adef5ab38f3cb3a4da3faf1e3a1d83db3000aa7

SHA256
b02908af58a13db7264a1ad4f028a21a465ff068193b9341ffe4b3569b55b9ac

SHA512
eb3c0de800845ea4b692238c72674d8e1e55708b20a57c0636452835877e1e454d654075100a6604be0a43b55e3e6398246d99e4928b82016e7c5ed230ccee8e

Download Submit
C:\Windows\system\DbGaRPi.exe

Filesize
6.0MB

MD5
cf919e096753382001dcecfe07facac2

SHA1
5561093a8434fa934627d2ceaf0268dfe95834ba

SHA256
14c66068e47d23b7de416afeb73bd1c8c5f7f2cf1a1d5bffb8e453f923887fdc

SHA512
9923a27a360dab4cf7d143b32a687236b6f4b4f5dcaa936880ffb312eb7155842d8d4cda3c5eea1f6057cd7968c58b9d98025f9138cf3250169a07058111b793

Download Submit
C:\Windows\system\DiifFde.exe

Filesize
6.0MB

MD5
2d5e5b783efb156eecfd4a17cb09b8d5

SHA1
f0973085075f54afd80abd4b41985f05bd96e4d7

SHA256
352fe401c148d0bac38e91aa39fa58da1541171e66e2055ad9930c01e431fa56

SHA512
9a6297e1c480bc25df596cfdb1e9c3ff1c84b32f8675bf91d58f795004299fb0e6c1a526682fdbf6f783de2691df74e48b5042afc6ac49a79c7c76b4dc680a93

Download Submit
C:\Windows\system\DwXWmgT.exe

Filesize
6.0MB

MD5
ee22dcad3b6cac2fc98bf7733a0eb316

SHA1
e1931f52165af592149f59eea947223ffc0be0fb

SHA256
170dc0f3d3a291cf8ae815415d5633ec4f79cd2d2f24bd008da3cbe592714195

SHA512
bb33ad99f0a1337cdffdd0a33b0d52b3460bcf4e8b99eab3c35296ab92653cc5eb40aa2b8110fd72f9019c6f5b13edad01afffdeb78f865455721a9dcafac44e

Download Submit
C:\Windows\system\EkwSVry.exe

Filesize
6.0MB

MD5
47ac52de502dec8e2ef9bac5c18dfcc5

SHA1
e2fecab652762e0eb77d2a3acc11f6b150927b08

SHA256
d5f15ca2b3912041d4f00060f91ab14e9e13e37c8e860c0e9cfac73f1c2763a5

SHA512
ecd4eb676bc937e5015215f6fa406584727948b356e7ab9b37e31d7acf42a99de79750dfc876aba5d882eca1aa646653faf615fd1aee1aa1a5ca96bd726a8b3c

Download Submit
C:\Windows\system\EsowmpB.exe

Filesize
6.0MB

MD5
6b23f56ca10bb5564b9c5553c711f499

SHA1
8e27c00872a57e8b9f5278132a7b161035b13996

SHA256
d598527ba8c9527fe05f2656dc52979017851871c702e19ea50ae687b32552c8

SHA512
4c481552931d4fc04c0edbfb8e7320d3b70d74a3a77db9983b9650fb22ba9fef8bba63b4d74148a4a97846338c4d3793e3e955f34d22926e9c63e721e6af9529

Download Submit
C:\Windows\system\HzQiFqL.exe

Filesize
6.0MB

MD5
01b6476b3659ddd4dbe87295c3d045c3

SHA1
0491837d907a5a3a338673571bfa6ac3ee9450bf

SHA256
6210e15c7262e930e710e17937f5bc967a5e0a925947645a58410d75e200fe3d

SHA512
ca408ce5b2b7e544d57ff6173144df0d77191677f265486fc19d1a3906e3cce4ed9bf84c98bbbaea2c59714d867a757fa8a3d27275ea1944351eee7f1d8bcd37

Download Submit
C:\Windows\system\IxeiOQV.exe

Filesize
6.0MB

MD5
0d271d20511493bdc13775ceef652272

SHA1
1a627787aac99c32054b627da0734cf2feb97e99

SHA256
06e8922d95f3764dfff2969f57e480511a0564dcbf3b616d4eef140cab4892cd

SHA512
08cf74847b14fb258a000465643baf1a79f903bbf85683f35b24f5467368f1e633cc7451812c7261368b564ad2aa529a410a7b7a870db44083d83796b90125af

Download Submit
C:\Windows\system\NaYaXSw.exe

Filesize
6.0MB

MD5
7ccd64b2faa25e6cd4a583906e28904f

SHA1
538ec51c5c7d3aa5d2b77611c16abfa0b2005440

SHA256
b99a3a36256546ab7ad6b9b997eb2caa0ec9287ee705da216f2a8a99abe0d5f7

SHA512
808b03a3a584bf14722c6d978e0e0901a05ebb9a5dd40a6e007bed405364be112f7e5a1e348b3dcbfb37b59a8b2f857d5ba4f8c23ea20167fe1e896099d74de0

Download Submit
C:\Windows\system\PdKXgzO.exe

Filesize
6.0MB

MD5
90d43e6fc0c5d56248f5d9805f197988

SHA1
0a381081b5d7908d7800bcf6a1e3250c5bdd26aa

SHA256
fef5a7dbe14f0490a6b288f21686c089c10dade9b4a6401f98e9befc9886961e

SHA512
27a5ac55d739ec3cf0851b51be80cf20a09c8544f55d7826025c35b8f9a551e05c7c7f5f424def09f79d2bfb75acf6e2d6f751199404d08a7f9ba2390de3dde3

Download Submit
C:\Windows\system\PkDLmRU.exe

Filesize
6.0MB

MD5
ac39d8cdc575b4188ac8384cf899ea47

SHA1
6b52aad486df86262bad328d642718dd08367d4a

SHA256
b043a2a532c2fff861ab8e58650b84e29c58a5976dc9d23a9234c7f4c7e5ff61

SHA512
d97a7d78c8cc482416b9a06a5f1ff80eca3d325526b4aa883d8494c23888851b89f1cbef83a9d407ba79130f24a871d2012b0df873ce04ddb09e6410e152ba9f

Download Submit
C:\Windows\system\RLPbElK.exe

Filesize
6.0MB

MD5
51f4da8a9250d2036febdd83fa963a7d

SHA1
6d002dfc5cc6c0425276af180b98eaba134b94e6

SHA256
7a430b5b7f8314706697fd39e8c619480e21637a4321a027cc348ff8d6dd32de

SHA512
373ee97dc00ec831fe7e5a252f84080f76775515e5df72e8b3f759b9bc33220594202a128c4f0bfd523b3d6d3bf442561c0baa20c52c518c9eafa6c30b70d3dd

Download Submit
C:\Windows\system\TFBNFEn.exe

Filesize
6.0MB

MD5
da624204442661706ddd72171f50ecc6

SHA1
12cb5ad1b8d801f70422ebff7288b5e19bf5abaf

SHA256
74490040055dc673232e719f6c8a18a4c6e328e0c6039099d332ceea094119a1

SHA512
3b595c2e747c84e58086560111150138adebbd831b6ff4ac9342866579acf54852d9178b1c6f2f60803df6682f8643e476cba3f517f5c1bdf17b3b21d9764805

Download Submit
C:\Windows\system\UTJorUY.exe

Filesize
6.0MB

MD5
28b700109742f58870991eb8e148d9e7

SHA1
10bb4c4f8e4f14c55ca8a85da29059005d08ce46

SHA256
1ee7af63508df2220780a813a2e0f0f54c072fcabc8e93f7d17c5cc5f4e93a88

SHA512
c9a61b48319ae3bd8d3dc652603fa9bc43a12037d67e1a24bba8b487020457f9e260b6d8c18286d3bfb499b6b73b48ab6ca43301e6b57a476e954e98e82d37e2

Download Submit
C:\Windows\system\VppPzGo.exe

Filesize
6.0MB

MD5
f582db4c7e323be82fc497aa6bd1b527

SHA1
8472fec09c0232c77bdd0cbd57155d12061ff18a

SHA256
40a53edf5c26d281f38ac4c680101c5b5548588e800b10e121c44b7dff78befa

SHA512
f000aff07d320fcf4083236667240b8de234394e7179c73212557ccb753926006ffad9d0b4ce95d733d37d55802a4eec37d1d066620f0bf21e20e8f8ca8f8c3c

Download Submit
C:\Windows\system\cdQflXz.exe

Filesize
6.0MB

MD5
23b4126cbbdb8ccb1f780e9a58737237

SHA1
5474c9feef520f4b1516b6e19ea0edc145b5e884

SHA256
30a0b354eb4a0c09534f852001d84925090dacb6b53f8ff78c87345a49e429bf

SHA512
e84e4afd0c02f5c3a2057559d526127b525a1f7aab58e13d734215489814fb69c5e0b7fcd60599ddfffe8e6450f0a24060529746ead7bebdda65320906c7184c

Download Submit
C:\Windows\system\dFivdBR.exe

Filesize
6.0MB

MD5
5c2fbf3c234f0174d10bc7a1a36c44c9

SHA1
72abf0d4df572471695e97c9762f08924803d1d7

SHA256
26ec14d5c7c4a7159078d9467b3018e9074d144b3084ed3db12ddd6dc8755ae7

SHA512
9660088003cb258bd2a91a3b6d52ca57c3b43243a37adb74a308f0ead88fcc09bc0346a3b0b9e18985c6755dd6a5ba24b1854e2921ace4e71d857ebe541aff51

Download Submit
C:\Windows\system\dtBmAwI.exe

Filesize
6.0MB

MD5
32b98436192cbd0c8456ffec51ed5ffa

SHA1
47cb8f06e162eb630edf05486fff58d7795c28ad

SHA256
2b847c49e2788573c4c26d7ad5a6049b5b230074b227530fd3b5ad6d5a512755

SHA512
a6d0a531c610464dfcb36c957c187cd32a151aac544a2e7079a4508213a617cc745d4edcf4b8625ac1758c75f93062f09f852224be98f6ea83f069989159e106

Download Submit
C:\Windows\system\fjrjBwi.exe

Filesize
6.0MB

MD5
3c07a936dcde9efecce5f5a94faad849

SHA1
92edcd61ecf246e80cbadc3d3c05ee335b29a939

SHA256
827344164b6aaff2f2b3d3318a49f1660df8f9c8c19e71972e3b487471a9a41e

SHA512
7c03b9d5ceed24de330776be25756a57f97342be3deeb271a42d2d249ba63466a6511d8250a82a57a5d9f9329f3d9ac0ead1a733a3b86a1155bcb05d01ae1b67

Download Submit
C:\Windows\system\gTfqgFZ.exe

Filesize
6.0MB

MD5
22ec3aa18aa4b6925497cde7fcf4fc8e

SHA1
16bd252c3499c9f454b55d541bf5b9fe5aa779b7

SHA256
217a721dad897ca534b46ed4cd16e5a07bb952a9409e6cc61e9cca3545f8137b

SHA512
f735a545f4ccf1b596101309ab386155c013c015b4ba26e0dd24dcaf9cf5039169f0c9268a4b4b2d8f3de963d60d4f70f774bc5ca97f5e9ed36eb7d3c7bf1567

Download Submit
C:\Windows\system\hNZWjDG.exe

Filesize
6.0MB

MD5
4e6e9009bcf0dd1c4efc829b3e831a62

SHA1
ac76cbc7a7d62a36435aa4d189025e3cbb5a3214

SHA256
7ecc4bbe0fcc57fafc889a03be83787b877a41a92fb41c0c895534a2c7973bff

SHA512
ad72eb3b2237e677b522ba178a96bf5b2d1faedacac65fd48cf77bae396f1c1951a491f2ac8469a942bb14ff73ba931941701e3954d8e47eb25a6bb23069a658

Download Submit
C:\Windows\system\iceiJyy.exe

Filesize
6.0MB

MD5
1ec06a8fc06d3f30ad7856f97ba041c5

SHA1
2722204f6d0b87cc77e7640ea4dd8c648dc3028e

SHA256
3c70a81b4437f68c59d1ca6ccf978cde53972ceda8fab6baea5742ef99e3070f

SHA512
f8cb08ca147a5182486160cb836601ac6777daac5e8e54851f8fe8436564929edbfdbcb408d85334d616642827e32bd1addc0c2659a5fb5991b56ebf56259227

Download Submit
C:\Windows\system\jObaAbl.exe

Filesize
6.0MB

MD5
fe23c8925f4a19437d9bd5ef661adf17

SHA1
09e95d5635c32e750b9022b881baa7258bfae8ca

SHA256
c7d897cc4ea59f48f32b69b2b995c60da086ff7d45094f250c26439d62a3ba17

SHA512
d2755ee81ae7b5c5228b3eee19755ca829054fc6e83e4c6c9132d0577d7cb1f1311b5c988237fae84a38059f7c2b30ddcfdb6b834f727483e90b11e8f34f59ca

Download Submit
C:\Windows\system\jPRNiah.exe

Filesize
6.0MB

MD5
327151b9f99404af028af68acf252ce7

SHA1
4811c62d0c3e2fc0bf0f0b356dd2335e6300104c

SHA256
bf5c4fb9f55ba1c90f26c71576bf285f093ae62ee30d7f56056b9c4d51d3f9a3

SHA512
644fc5bb6572000fcf2d7c0549bed251b9069d0acf1f0982ef3753cac70309f6d0a9cdaaae6d26b5731b237952a5fde417b4ef2edf14321fd94bfba066977fe8

Download Submit
C:\Windows\system\sFGvWyS.exe

Filesize
6.0MB

MD5
fd7f40e3c2646a806f542ea304a84f83

SHA1
2454f6578f48afe86de220a91ffc4f5aee1b5a5d

SHA256
0b2c6c65e24cee8ecd2b2eedde2bf8539071d9ccd63f3288fd6aff7cba6b252f

SHA512
4592925a2d40d6252d3a10340580b0760a882d32183efd9fd5e2e8e45b9e745eaaead12705e2b899ea6fe9a7f05d78be55ea6c4b4910432ca280e6e855f66e10

Download Submit
C:\Windows\system\sFeEFYH.exe

Filesize
6.0MB

MD5
1ebf0b5de189226a219676faf1e3baf4

SHA1
86ce21e653e6030ea37ffb01a77e170691e8c094

SHA256
4d43aeaf405240d673ad9ce6dc9f5e6fe1a6687ea6279fb695b94cf0ae041326

SHA512
37c135fa00f5a5f149eb9caa7a4ef8916594a71da67400241ce6bde404f4e4b6f38040370ab8dba75994336702516f9205f74ce1cd7f990be9e03ca2f84abbb7

Download Submit
C:\Windows\system\sWJPZId.exe

Filesize
6.0MB

MD5
af65585a01a77ce0a6aee803cdc5a988

SHA1
766ab9a2737925dc8d5cc71b618de0eff3067d1c

SHA256
39a6904d17656b7269c55b68c03a850873da74ec29043ce5c5a35e97ee451032

SHA512
8e44ca5f1bd2567d0347c0b665456662d4d0a34680c875d16b0436486d1a5cb7ad83ec3e096a610f752187158cc9925d64be31e8d741d61d230059bed9544f0f

Download Submit
\Windows\system\AiVYlDD.exe

Filesize
6.0MB

MD5
f131bd65294d1b427e0a15c29bf2f5c0

SHA1
efe3ffb8ef1e393db613be01f0b9f2fec8558369

SHA256
d0e02eac0f5ff62379c353c82f22fda5c84de7dcf10c59257bf83c2ee4437c71

SHA512
b82661de09afc302275cf9177516d5ef33dff73fa9da0bcdb3e3ac2f62021500e17bd9faf4500dad23d7370fe05fea020f7d122f52243518f217b734beb975f7

Download Submit
\Windows\system\TMFrRlQ.exe

Filesize
6.0MB

MD5
db5ae7d2f9ab2bda094e875b072a1029

SHA1
c604be742b28378459a5af3199a32ff2b6c11a1e

SHA256
ddb24f5d1e54ff1f5854f4f527c2ad66c31b01ecd025af508a1681008c07fdc3

SHA512
d67f39501315092991ac5f362257b2cb60da96e931565b516f41e266ab2e07270a88c8556b80dc676fc5a202def22aecefbe160a5b79976e5519b1d98fb080f0

Download Submit
\Windows\system\yuwusrm.exe

Filesize
6.0MB

MD5
1b2c4b3315fdb782d3aceb1048991ca1

SHA1
ed9aa83d210bd73a3834e2409320d7ed83268b4b

SHA256
a4347f8a73b8555f321ba328b2c9ec2d5646a6a02e6c1060a96d8378d453a6e1

SHA512
cc56e7d9c01c0889f17c98b8c90093f279c1586253ba1e0dc2c2b625233cf0966f35085aa9b96e7c26344de916b789c494d32b006c209aabfc5e958561950d03

Download Submit
memory/1128-113-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1128-3965-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1752-3966-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2490-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2968-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1936-3967-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2480-3964-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2900-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2348-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3963-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3929-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3961-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2696-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3006-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3796-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3925-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3926-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2972-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2222-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3928-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2904-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2825-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2350-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3068-3962-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3005-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download