xmrig | 0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/12/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
Size

1.6MB
MD5

a6bb4abb4dd44dcbabcd26e84f68aba0
SHA1

232101284825cd65af958c1c8a03304e96cbe2e4
SHA256

0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7
SHA512

f076eb883f1a96308edfaf415f4703770cbc6e3cbd2e3457a64597219547a1ef2f21ae3630d7376fd75d31773d339f0ee09184e0778b0bcadaf72b9611dd98d3
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEd4:EniLf9FdfE0pZB156utgS

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2560-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x000700000001867d-11.dat	xmrig
behavioral1/files/0x00070000000186c8-15.dat	xmrig
behavioral1/files/0x000600000001878d-24.dat	xmrig
behavioral1/memory/1940-23-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1976-36-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000191f3-32.dat	xmrig
behavioral1/files/0x00070000000190c6-25.dat	xmrig
behavioral1/memory/2432-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9f-58.dat	xmrig
behavioral1/files/0x0005000000019da4-51.dat	xmrig
behavioral1/files/0x0007000000019217-42.dat	xmrig
behavioral1/memory/2836-85-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000019db8-55.dat	xmrig
behavioral1/files/0x000500000001a434-135.dat	xmrig
behavioral1/files/0x000500000001a48c-150.dat	xmrig
behavioral1/memory/2560-1216-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b7-167.dat	xmrig
behavioral1/files/0x000500000001a4b5-164.dat	xmrig
behavioral1/files/0x000500000001a4aa-159.dat	xmrig
behavioral1/files/0x000500000001a49a-151.dat	xmrig
behavioral1/files/0x000500000001a49c-155.dat	xmrig
behavioral1/files/0x000500000001a48e-146.dat	xmrig
behavioral1/files/0x000500000001a46a-139.dat	xmrig
behavioral1/files/0x000500000001a42f-127.dat	xmrig
behavioral1/files/0x000500000001a42b-119.dat	xmrig
behavioral1/files/0x000500000001a431-131.dat	xmrig
behavioral1/files/0x000500000001a42d-124.dat	xmrig
behavioral1/files/0x000500000001a345-115.dat	xmrig
behavioral1/files/0x000500000001a301-112.dat	xmrig
behavioral1/files/0x000500000001a07b-111.dat	xmrig
behavioral1/files/0x0005000000019fb9-109.dat	xmrig
behavioral1/memory/2176-99-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a1-105.dat	xmrig
behavioral1/files/0x000500000001a067-104.dat	xmrig
behavioral1/memory/2792-95-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2560-50-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-46.dat	xmrig
behavioral1/memory/2988-86-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00070000000191fd-82.dat	xmrig
behavioral1/memory/1684-78-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2804-75-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2824-73-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c9-72.dat	xmrig
behavioral1/memory/2904-71-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2560-69-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2880-68-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2772-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2988-2011-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2176-2013-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2792-2012-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2432-4060-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1940-4061-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1976-4062-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1684-4063-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2880-4064-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2772-4065-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2824-4066-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2804-4067-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2904-4068-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2836-4069-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2988-4070-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2792-4071-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2432	vSBoVmg.exe
1940	VHdbuwU.exe
1976	qOfhZCF.exe
1684	lynhbgl.exe
2772	OFwQkLO.exe
2880	EVNnStV.exe
2904	DBkWrEW.exe
2824	ksahEtc.exe
2804	vDuMDdy.exe
2836	yOQKYYd.exe
2988	ipXVGtM.exe
2792	uUbYBly.exe
2176	UOmlUYV.exe
852	XvlEHnz.exe
596	fyOiAed.exe
2000	fjuIcGK.exe
1508	hEfRtBR.exe
532	mnXuhCe.exe
904	QMCYMAB.exe
2012	CJoswWB.exe
2096	OvrfnWu.exe
1712	EFsYdJL.exe
2116	nCetzrS.exe
2028	qjbkXLw.exe
1264	fobZWxo.exe
2288	oZgTewz.exe
2572	dayDJPu.exe
2608	vcbnaFg.exe
1004	eLkdxwp.exe
772	JlbUvEc.exe
1412	ZHeXOAY.exe
1048	DxWIELT.exe
2492	vgETXeB.exe
1832	lgXMJNK.exe
344	iximcLs.exe
1772	WcPvEQD.exe
1448	FfgCkFw.exe
648	UJgoltK.exe
328	pcdtdDL.exe
1008	WyDDtli.exe
856	BvzzuMz.exe
1568	gqtlAle.exe
912	WFEKnXo.exe
780	jJMhwld.exe
1688	XkOvFlJ.exe
1824	uiBxGoD.exe
3048	DqbaGDf.exe
2480	UDfQBOB.exe
1964	PuaXdRg.exe
3020	qsXVOMb.exe
2256	XjMMiEk.exe
3036	ARuNRfJ.exe
1676	ESYOhEP.exe
2424	VdxvAZy.exe
284	sALPSnq.exe
1536	VzhgMgy.exe
2936	rXFoHxV.exe
1408	YDVGTZk.exe
2584	uWXzGoY.exe
2112	RYZRDHc.exe
1604	VfvHGmH.exe
1012	MnTScEk.exe
2140	hcZrIod.exe
2940	pdkGFsz.exe

Loads dropped DLL 64 IoCs

pid	Process
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2560-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x000700000001867d-11.dat	upx
behavioral1/files/0x00070000000186c8-15.dat	upx
behavioral1/files/0x000600000001878d-24.dat	upx
behavioral1/memory/1940-23-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1976-36-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x00060000000191f3-32.dat	upx
behavioral1/files/0x00070000000190c6-25.dat	upx
behavioral1/memory/2432-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0005000000019f9f-58.dat	upx
behavioral1/files/0x0005000000019da4-51.dat	upx
behavioral1/files/0x0007000000019217-42.dat	upx
behavioral1/memory/2836-85-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000019db8-55.dat	upx
behavioral1/files/0x000500000001a434-135.dat	upx
behavioral1/files/0x000500000001a48c-150.dat	upx
behavioral1/memory/2560-1216-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000500000001a4b7-167.dat	upx
behavioral1/files/0x000500000001a4b5-164.dat	upx
behavioral1/files/0x000500000001a4aa-159.dat	upx
behavioral1/files/0x000500000001a49a-151.dat	upx
behavioral1/files/0x000500000001a49c-155.dat	upx
behavioral1/files/0x000500000001a48e-146.dat	upx
behavioral1/files/0x000500000001a46a-139.dat	upx
behavioral1/files/0x000500000001a42f-127.dat	upx
behavioral1/files/0x000500000001a42b-119.dat	upx
behavioral1/files/0x000500000001a431-131.dat	upx
behavioral1/files/0x000500000001a42d-124.dat	upx
behavioral1/files/0x000500000001a345-115.dat	upx
behavioral1/files/0x000500000001a301-112.dat	upx
behavioral1/files/0x000500000001a07b-111.dat	upx
behavioral1/files/0x0005000000019fb9-109.dat	upx
behavioral1/memory/2176-99-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000500000001a0a1-105.dat	upx
behavioral1/files/0x000500000001a067-104.dat	upx
behavioral1/memory/2792-95-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-46.dat	upx
behavioral1/memory/2988-86-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00070000000191fd-82.dat	upx
behavioral1/memory/1684-78-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2804-75-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2824-73-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00070000000190c9-72.dat	upx
behavioral1/memory/2904-71-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2880-68-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2772-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2988-2011-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2176-2013-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2792-2012-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2432-4060-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1940-4061-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1976-4062-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1684-4063-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2880-4064-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2772-4065-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2824-4066-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2804-4067-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2904-4068-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2836-4069-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2988-4070-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2792-4071-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2176-4072-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Ipzzmgu.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\KnxMIGc.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\lEmVNOM.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\sOgIdkf.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\DDxADPx.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\mdkZHYr.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ulQfTWq.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\AhRRdtB.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\BrmXYpE.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\FNUmfEF.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\qJowyJR.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\xNNBaZL.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\SfLPCpu.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\QYDdWTI.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\DsdBHeV.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ZHeXOAY.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\BvzzuMz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\IMjrAvR.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\MrpmKoo.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\eroFjik.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\zWKFmHi.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\FWUKznc.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\BjLtfle.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\OLMNFZV.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ncBRSic.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\vHgJqbH.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\Yfzbszw.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\hwYgTeV.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\hatomon.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\nzMhseD.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\pAWydDD.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ICOcAPZ.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\jxRWAWi.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\yDwmvzW.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\sojTYbz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\DSguIHz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\cDbucnj.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\UGhezDU.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\MmVpPXz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\iqEFeqD.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ndXHfRW.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\RSPvYvr.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\zbfFqRO.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\yvSPbZA.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\IFPbAut.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\mzDbcyt.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\YZKSAhe.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\UaOanlN.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\JLtWXCR.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ARuNRfJ.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\hcZrIod.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\LjwTsbL.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\mPYLsdN.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\ibNWpGm.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\tiXNnrv.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\rwxrhuj.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\DdkYgsm.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\SwNVufz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\vdTXaYz.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\gRgETbO.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\UAlarqx.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\yCDepLf.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\rLXuYra.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
File created	C:\Windows\System\oLnXHWx.exe	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2432	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	31
PID 2560 wrote to memory of 2432	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	31
PID 2560 wrote to memory of 2432	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	31
PID 2560 wrote to memory of 1940	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	32
PID 2560 wrote to memory of 1940	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	32
PID 2560 wrote to memory of 1940	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	32
PID 2560 wrote to memory of 1976	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	33
PID 2560 wrote to memory of 1976	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	33
PID 2560 wrote to memory of 1976	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	33
PID 2560 wrote to memory of 1684	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	34
PID 2560 wrote to memory of 1684	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	34
PID 2560 wrote to memory of 1684	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	34
PID 2560 wrote to memory of 2772	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	35
PID 2560 wrote to memory of 2772	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	35
PID 2560 wrote to memory of 2772	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	35
PID 2560 wrote to memory of 2836	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	36
PID 2560 wrote to memory of 2836	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	36
PID 2560 wrote to memory of 2836	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	36
PID 2560 wrote to memory of 2880	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	37
PID 2560 wrote to memory of 2880	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	37
PID 2560 wrote to memory of 2880	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	37
PID 2560 wrote to memory of 2988	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	38
PID 2560 wrote to memory of 2988	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	38
PID 2560 wrote to memory of 2988	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	38
PID 2560 wrote to memory of 2904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	39
PID 2560 wrote to memory of 2904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	39
PID 2560 wrote to memory of 2904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	39
PID 2560 wrote to memory of 2792	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	40
PID 2560 wrote to memory of 2792	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	40
PID 2560 wrote to memory of 2792	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	40
PID 2560 wrote to memory of 2824	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	41
PID 2560 wrote to memory of 2824	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	41
PID 2560 wrote to memory of 2824	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	41
PID 2560 wrote to memory of 2176	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	42
PID 2560 wrote to memory of 2176	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	42
PID 2560 wrote to memory of 2176	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	42
PID 2560 wrote to memory of 2804	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	43
PID 2560 wrote to memory of 2804	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	43
PID 2560 wrote to memory of 2804	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	43
PID 2560 wrote to memory of 2000	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	44
PID 2560 wrote to memory of 2000	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	44
PID 2560 wrote to memory of 2000	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	44
PID 2560 wrote to memory of 852	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	45
PID 2560 wrote to memory of 852	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	45
PID 2560 wrote to memory of 852	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	45
PID 2560 wrote to memory of 1508	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	46
PID 2560 wrote to memory of 1508	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	46
PID 2560 wrote to memory of 1508	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	46
PID 2560 wrote to memory of 596	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	47
PID 2560 wrote to memory of 596	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	47
PID 2560 wrote to memory of 596	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	47
PID 2560 wrote to memory of 532	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	48
PID 2560 wrote to memory of 532	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	48
PID 2560 wrote to memory of 532	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	48
PID 2560 wrote to memory of 904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	49
PID 2560 wrote to memory of 904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	49
PID 2560 wrote to memory of 904	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	49
PID 2560 wrote to memory of 2012	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	50
PID 2560 wrote to memory of 2012	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	50
PID 2560 wrote to memory of 2012	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	50
PID 2560 wrote to memory of 2096	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	51
PID 2560 wrote to memory of 2096	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	51
PID 2560 wrote to memory of 2096	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	51
PID 2560 wrote to memory of 1712	2560	JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e4524268de33c9d5240e14d97124ced391b79e1653962465d3cd2459e9b4ed7.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\System\vSBoVmg.exe
  C:\Windows\System\vSBoVmg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\VHdbuwU.exe
  C:\Windows\System\VHdbuwU.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\qOfhZCF.exe
  C:\Windows\System\qOfhZCF.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\lynhbgl.exe
  C:\Windows\System\lynhbgl.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\OFwQkLO.exe
  C:\Windows\System\OFwQkLO.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\yOQKYYd.exe
  C:\Windows\System\yOQKYYd.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\EVNnStV.exe
  C:\Windows\System\EVNnStV.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ipXVGtM.exe
  C:\Windows\System\ipXVGtM.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\DBkWrEW.exe
  C:\Windows\System\DBkWrEW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\uUbYBly.exe
  C:\Windows\System\uUbYBly.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ksahEtc.exe
  C:\Windows\System\ksahEtc.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\UOmlUYV.exe
  C:\Windows\System\UOmlUYV.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\vDuMDdy.exe
  C:\Windows\System\vDuMDdy.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\fjuIcGK.exe
  C:\Windows\System\fjuIcGK.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\XvlEHnz.exe
  C:\Windows\System\XvlEHnz.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\hEfRtBR.exe
  C:\Windows\System\hEfRtBR.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\fyOiAed.exe
  C:\Windows\System\fyOiAed.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\mnXuhCe.exe
  C:\Windows\System\mnXuhCe.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\QMCYMAB.exe
  C:\Windows\System\QMCYMAB.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\CJoswWB.exe
  C:\Windows\System\CJoswWB.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\OvrfnWu.exe
  C:\Windows\System\OvrfnWu.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\EFsYdJL.exe
  C:\Windows\System\EFsYdJL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\nCetzrS.exe
  C:\Windows\System\nCetzrS.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\qjbkXLw.exe
  C:\Windows\System\qjbkXLw.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\fobZWxo.exe
  C:\Windows\System\fobZWxo.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\dayDJPu.exe
  C:\Windows\System\dayDJPu.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\oZgTewz.exe
  C:\Windows\System\oZgTewz.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vcbnaFg.exe
  C:\Windows\System\vcbnaFg.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\eLkdxwp.exe
  C:\Windows\System\eLkdxwp.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\JlbUvEc.exe
  C:\Windows\System\JlbUvEc.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ZHeXOAY.exe
  C:\Windows\System\ZHeXOAY.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\DxWIELT.exe
  C:\Windows\System\DxWIELT.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\vgETXeB.exe
  C:\Windows\System\vgETXeB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lgXMJNK.exe
  C:\Windows\System\lgXMJNK.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\iximcLs.exe
  C:\Windows\System\iximcLs.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\WcPvEQD.exe
  C:\Windows\System\WcPvEQD.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\FfgCkFw.exe
  C:\Windows\System\FfgCkFw.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\UJgoltK.exe
  C:\Windows\System\UJgoltK.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\pcdtdDL.exe
  C:\Windows\System\pcdtdDL.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\WyDDtli.exe
  C:\Windows\System\WyDDtli.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\BvzzuMz.exe
  C:\Windows\System\BvzzuMz.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\gqtlAle.exe
  C:\Windows\System\gqtlAle.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\WFEKnXo.exe
  C:\Windows\System\WFEKnXo.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\jJMhwld.exe
  C:\Windows\System\jJMhwld.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\XkOvFlJ.exe
  C:\Windows\System\XkOvFlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\uiBxGoD.exe
  C:\Windows\System\uiBxGoD.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\DqbaGDf.exe
  C:\Windows\System\DqbaGDf.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UDfQBOB.exe
  C:\Windows\System\UDfQBOB.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\PuaXdRg.exe
  C:\Windows\System\PuaXdRg.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qsXVOMb.exe
  C:\Windows\System\qsXVOMb.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\XjMMiEk.exe
  C:\Windows\System\XjMMiEk.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ARuNRfJ.exe
  C:\Windows\System\ARuNRfJ.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ESYOhEP.exe
  C:\Windows\System\ESYOhEP.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\VdxvAZy.exe
  C:\Windows\System\VdxvAZy.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\sALPSnq.exe
  C:\Windows\System\sALPSnq.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\VzhgMgy.exe
  C:\Windows\System\VzhgMgy.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\rXFoHxV.exe
  C:\Windows\System\rXFoHxV.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\YDVGTZk.exe
  C:\Windows\System\YDVGTZk.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\uWXzGoY.exe
  C:\Windows\System\uWXzGoY.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\RYZRDHc.exe
  C:\Windows\System\RYZRDHc.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\VfvHGmH.exe
  C:\Windows\System\VfvHGmH.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\MnTScEk.exe
  C:\Windows\System\MnTScEk.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\hcZrIod.exe
  C:\Windows\System\hcZrIod.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\pdkGFsz.exe
  C:\Windows\System\pdkGFsz.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\glKPMeX.exe
  C:\Windows\System\glKPMeX.exe
  2⤵
  PID:2828
- C:\Windows\System\EyLKmRk.exe
  C:\Windows\System\EyLKmRk.exe
  2⤵
  PID:2932
- C:\Windows\System\UMvwgca.exe
  C:\Windows\System\UMvwgca.exe
  2⤵
  PID:2948
- C:\Windows\System\bJWxhoZ.exe
  C:\Windows\System\bJWxhoZ.exe
  2⤵
  PID:2644
- C:\Windows\System\iIzRkbK.exe
  C:\Windows\System\iIzRkbK.exe
  2⤵
  PID:2852
- C:\Windows\System\hfmWFtl.exe
  C:\Windows\System\hfmWFtl.exe
  2⤵
  PID:2764
- C:\Windows\System\ptjjvwU.exe
  C:\Windows\System\ptjjvwU.exe
  2⤵
  PID:2272
- C:\Windows\System\CoafvfZ.exe
  C:\Windows\System\CoafvfZ.exe
  2⤵
  PID:332
- C:\Windows\System\xoZGWZV.exe
  C:\Windows\System\xoZGWZV.exe
  2⤵
  PID:576
- C:\Windows\System\poukoWP.exe
  C:\Windows\System\poukoWP.exe
  2⤵
  PID:1340
- C:\Windows\System\BFmLqbL.exe
  C:\Windows\System\BFmLqbL.exe
  2⤵
  PID:2892
- C:\Windows\System\idUFFeF.exe
  C:\Windows\System\idUFFeF.exe
  2⤵
  PID:2700
- C:\Windows\System\lsswFJL.exe
  C:\Windows\System\lsswFJL.exe
  2⤵
  PID:1972
- C:\Windows\System\hZzwDry.exe
  C:\Windows\System\hZzwDry.exe
  2⤵
  PID:1160
- C:\Windows\System\GzBrild.exe
  C:\Windows\System\GzBrild.exe
  2⤵
  PID:1380
- C:\Windows\System\zjRZrxS.exe
  C:\Windows\System\zjRZrxS.exe
  2⤵
  PID:1176
- C:\Windows\System\VyTufnu.exe
  C:\Windows\System\VyTufnu.exe
  2⤵
  PID:940
- C:\Windows\System\iPrGngp.exe
  C:\Windows\System\iPrGngp.exe
  2⤵
  PID:2500
- C:\Windows\System\bMVLgVt.exe
  C:\Windows\System\bMVLgVt.exe
  2⤵
  PID:1856
- C:\Windows\System\YakwPdZ.exe
  C:\Windows\System\YakwPdZ.exe
  2⤵
  PID:1740
- C:\Windows\System\tKzmtHO.exe
  C:\Windows\System\tKzmtHO.exe
  2⤵
  PID:2060
- C:\Windows\System\AyOddeh.exe
  C:\Windows\System\AyOddeh.exe
  2⤵
  PID:924
- C:\Windows\System\CWBDpgw.exe
  C:\Windows\System\CWBDpgw.exe
  2⤵
  PID:2144
- C:\Windows\System\TncEmuT.exe
  C:\Windows\System\TncEmuT.exe
  2⤵
  PID:3032
- C:\Windows\System\DQoMOoX.exe
  C:\Windows\System\DQoMOoX.exe
  2⤵
  PID:2316
- C:\Windows\System\dYESfqN.exe
  C:\Windows\System\dYESfqN.exe
  2⤵
  PID:2396
- C:\Windows\System\RjbNDkr.exe
  C:\Windows\System\RjbNDkr.exe
  2⤵
  PID:2252
- C:\Windows\System\jEKFkZL.exe
  C:\Windows\System\jEKFkZL.exe
  2⤵
  PID:2216
- C:\Windows\System\IQZzaBT.exe
  C:\Windows\System\IQZzaBT.exe
  2⤵
  PID:888
- C:\Windows\System\GYYPqao.exe
  C:\Windows\System\GYYPqao.exe
  2⤵
  PID:2052
- C:\Windows\System\KDarlXg.exe
  C:\Windows\System\KDarlXg.exe
  2⤵
  PID:1720
- C:\Windows\System\MkhQvAY.exe
  C:\Windows\System\MkhQvAY.exe
  2⤵
  PID:2128
- C:\Windows\System\FWurkeu.exe
  C:\Windows\System\FWurkeu.exe
  2⤵
  PID:2736
- C:\Windows\System\KPccEmJ.exe
  C:\Windows\System\KPccEmJ.exe
  2⤵
  PID:2656
- C:\Windows\System\xisjFBA.exe
  C:\Windows\System\xisjFBA.exe
  2⤵
  PID:1400
- C:\Windows\System\NVncszE.exe
  C:\Windows\System\NVncszE.exe
  2⤵
  PID:2664
- C:\Windows\System\EcTsdEe.exe
  C:\Windows\System\EcTsdEe.exe
  2⤵
  PID:572
- C:\Windows\System\rYTpbVB.exe
  C:\Windows\System\rYTpbVB.exe
  2⤵
  PID:3076
- C:\Windows\System\cQSQqzO.exe
  C:\Windows\System\cQSQqzO.exe
  2⤵
  PID:3092
- C:\Windows\System\AQxiNjz.exe
  C:\Windows\System\AQxiNjz.exe
  2⤵
  PID:3108
- C:\Windows\System\lKjDBzW.exe
  C:\Windows\System\lKjDBzW.exe
  2⤵
  PID:3124
- C:\Windows\System\CrMJjsV.exe
  C:\Windows\System\CrMJjsV.exe
  2⤵
  PID:3140
- C:\Windows\System\unlEtrk.exe
  C:\Windows\System\unlEtrk.exe
  2⤵
  PID:3156
- C:\Windows\System\UgZEYRd.exe
  C:\Windows\System\UgZEYRd.exe
  2⤵
  PID:3172
- C:\Windows\System\OIvpqWZ.exe
  C:\Windows\System\OIvpqWZ.exe
  2⤵
  PID:3188
- C:\Windows\System\DFgcgeX.exe
  C:\Windows\System\DFgcgeX.exe
  2⤵
  PID:3204
- C:\Windows\System\rpIWqpu.exe
  C:\Windows\System\rpIWqpu.exe
  2⤵
  PID:3220
- C:\Windows\System\yvSPbZA.exe
  C:\Windows\System\yvSPbZA.exe
  2⤵
  PID:3236
- C:\Windows\System\GEcMNuP.exe
  C:\Windows\System\GEcMNuP.exe
  2⤵
  PID:3252
- C:\Windows\System\mXOnXHO.exe
  C:\Windows\System\mXOnXHO.exe
  2⤵
  PID:3268
- C:\Windows\System\wnShYsr.exe
  C:\Windows\System\wnShYsr.exe
  2⤵
  PID:3284
- C:\Windows\System\GQfKWNv.exe
  C:\Windows\System\GQfKWNv.exe
  2⤵
  PID:3300
- C:\Windows\System\uugnUqY.exe
  C:\Windows\System\uugnUqY.exe
  2⤵
  PID:3316
- C:\Windows\System\yAnNetP.exe
  C:\Windows\System\yAnNetP.exe
  2⤵
  PID:3332
- C:\Windows\System\ZJRADew.exe
  C:\Windows\System\ZJRADew.exe
  2⤵
  PID:3348
- C:\Windows\System\wOtVirv.exe
  C:\Windows\System\wOtVirv.exe
  2⤵
  PID:3364
- C:\Windows\System\NrJmCqQ.exe
  C:\Windows\System\NrJmCqQ.exe
  2⤵
  PID:3380
- C:\Windows\System\fGbBuGI.exe
  C:\Windows\System\fGbBuGI.exe
  2⤵
  PID:3400
- C:\Windows\System\cZKIvKx.exe
  C:\Windows\System\cZKIvKx.exe
  2⤵
  PID:3416
- C:\Windows\System\LoSOhgf.exe
  C:\Windows\System\LoSOhgf.exe
  2⤵
  PID:3432
- C:\Windows\System\kHNGxfz.exe
  C:\Windows\System\kHNGxfz.exe
  2⤵
  PID:3668
- C:\Windows\System\fTTXbMI.exe
  C:\Windows\System\fTTXbMI.exe
  2⤵
  PID:3700
- C:\Windows\System\DylsEWz.exe
  C:\Windows\System\DylsEWz.exe
  2⤵
  PID:3716
- C:\Windows\System\ZFLSBPN.exe
  C:\Windows\System\ZFLSBPN.exe
  2⤵
  PID:3732
- C:\Windows\System\SuBcXiO.exe
  C:\Windows\System\SuBcXiO.exe
  2⤵
  PID:3748
- C:\Windows\System\DDxADPx.exe
  C:\Windows\System\DDxADPx.exe
  2⤵
  PID:3764
- C:\Windows\System\FMbTUiR.exe
  C:\Windows\System\FMbTUiR.exe
  2⤵
  PID:3780
- C:\Windows\System\zYbzyjs.exe
  C:\Windows\System\zYbzyjs.exe
  2⤵
  PID:3796
- C:\Windows\System\kqqGOQM.exe
  C:\Windows\System\kqqGOQM.exe
  2⤵
  PID:3812
- C:\Windows\System\OImsQcm.exe
  C:\Windows\System\OImsQcm.exe
  2⤵
  PID:3828
- C:\Windows\System\zpDkvOv.exe
  C:\Windows\System\zpDkvOv.exe
  2⤵
  PID:3844
- C:\Windows\System\zBKdmKu.exe
  C:\Windows\System\zBKdmKu.exe
  2⤵
  PID:3860
- C:\Windows\System\LHsMcCF.exe
  C:\Windows\System\LHsMcCF.exe
  2⤵
  PID:3876
- C:\Windows\System\fzJMskT.exe
  C:\Windows\System\fzJMskT.exe
  2⤵
  PID:3892
- C:\Windows\System\VfrRYmT.exe
  C:\Windows\System\VfrRYmT.exe
  2⤵
  PID:3908
- C:\Windows\System\xpoeFPB.exe
  C:\Windows\System\xpoeFPB.exe
  2⤵
  PID:3924
- C:\Windows\System\ynLfAeq.exe
  C:\Windows\System\ynLfAeq.exe
  2⤵
  PID:3940
- C:\Windows\System\VAdKdWP.exe
  C:\Windows\System\VAdKdWP.exe
  2⤵
  PID:3956
- C:\Windows\System\KoHULSz.exe
  C:\Windows\System\KoHULSz.exe
  2⤵
  PID:3972
- C:\Windows\System\wNIcuDi.exe
  C:\Windows\System\wNIcuDi.exe
  2⤵
  PID:3988
- C:\Windows\System\hHqYxfj.exe
  C:\Windows\System\hHqYxfj.exe
  2⤵
  PID:4004
- C:\Windows\System\MJzSDjj.exe
  C:\Windows\System\MJzSDjj.exe
  2⤵
  PID:4020
- C:\Windows\System\qLNeUOa.exe
  C:\Windows\System\qLNeUOa.exe
  2⤵
  PID:4036
- C:\Windows\System\vcjiOmo.exe
  C:\Windows\System\vcjiOmo.exe
  2⤵
  PID:4052
- C:\Windows\System\rDXbson.exe
  C:\Windows\System\rDXbson.exe
  2⤵
  PID:4068
- C:\Windows\System\FXhkYWU.exe
  C:\Windows\System\FXhkYWU.exe
  2⤵
  PID:4084
- C:\Windows\System\uwtfSYC.exe
  C:\Windows\System\uwtfSYC.exe
  2⤵
  PID:1828
- C:\Windows\System\LNeMTNz.exe
  C:\Windows\System\LNeMTNz.exe
  2⤵
  PID:1032
- C:\Windows\System\HATQRml.exe
  C:\Windows\System\HATQRml.exe
  2⤵
  PID:2308
- C:\Windows\System\kMKNeeq.exe
  C:\Windows\System\kMKNeeq.exe
  2⤵
  PID:1648
- C:\Windows\System\ubGlRVk.exe
  C:\Windows\System\ubGlRVk.exe
  2⤵
  PID:3376
- C:\Windows\System\VBLZBwC.exe
  C:\Windows\System\VBLZBwC.exe
  2⤵
  PID:1612
- C:\Windows\System\ZwRkLTy.exe
  C:\Windows\System\ZwRkLTy.exe
  2⤵
  PID:1572
- C:\Windows\System\jkfHJIH.exe
  C:\Windows\System\jkfHJIH.exe
  2⤵
  PID:2484
- C:\Windows\System\EQzpSxv.exe
  C:\Windows\System\EQzpSxv.exe
  2⤵
  PID:1576
- C:\Windows\System\MJhQPBo.exe
  C:\Windows\System\MJhQPBo.exe
  2⤵
  PID:2628
- C:\Windows\System\PdzRARv.exe
  C:\Windows\System\PdzRARv.exe
  2⤵
  PID:548
- C:\Windows\System\WIgcHJN.exe
  C:\Windows\System\WIgcHJN.exe
  2⤵
  PID:3132
- C:\Windows\System\vNOwIrq.exe
  C:\Windows\System\vNOwIrq.exe
  2⤵
  PID:2976
- C:\Windows\System\lHOfatm.exe
  C:\Windows\System\lHOfatm.exe
  2⤵
  PID:900
- C:\Windows\System\DvyEkTJ.exe
  C:\Windows\System\DvyEkTJ.exe
  2⤵
  PID:1724
- C:\Windows\System\gTELIgA.exe
  C:\Windows\System\gTELIgA.exe
  2⤵
  PID:1756
- C:\Windows\System\ZoioqDV.exe
  C:\Windows\System\ZoioqDV.exe
  2⤵
  PID:3196
- C:\Windows\System\GwfSaii.exe
  C:\Windows\System\GwfSaii.exe
  2⤵
  PID:3260
- C:\Windows\System\qJowyJR.exe
  C:\Windows\System\qJowyJR.exe
  2⤵
  PID:3324
- C:\Windows\System\AowRMUZ.exe
  C:\Windows\System\AowRMUZ.exe
  2⤵
  PID:3084
- C:\Windows\System\CDFiAkV.exe
  C:\Windows\System\CDFiAkV.exe
  2⤵
  PID:3120
- C:\Windows\System\eAlQYkx.exe
  C:\Windows\System\eAlQYkx.exe
  2⤵
  PID:3212
- C:\Windows\System\pGryMiW.exe
  C:\Windows\System\pGryMiW.exe
  2⤵
  PID:3276
- C:\Windows\System\BEWRyjA.exe
  C:\Windows\System\BEWRyjA.exe
  2⤵
  PID:3340
- C:\Windows\System\QcnEixK.exe
  C:\Windows\System\QcnEixK.exe
  2⤵
  PID:3424
- C:\Windows\System\DLkCqtQ.exe
  C:\Windows\System\DLkCqtQ.exe
  2⤵
  PID:3396
- C:\Windows\System\qjkrNJq.exe
  C:\Windows\System\qjkrNJq.exe
  2⤵
  PID:3444
- C:\Windows\System\eZEphib.exe
  C:\Windows\System\eZEphib.exe
  2⤵
  PID:3460
- C:\Windows\System\UxIVneP.exe
  C:\Windows\System\UxIVneP.exe
  2⤵
  PID:3476
- C:\Windows\System\dYjYmhN.exe
  C:\Windows\System\dYjYmhN.exe
  2⤵
  PID:3496
- C:\Windows\System\jlNtfmf.exe
  C:\Windows\System\jlNtfmf.exe
  2⤵
  PID:3520
- C:\Windows\System\McctGNk.exe
  C:\Windows\System\McctGNk.exe
  2⤵
  PID:3556
- C:\Windows\System\UuFHMWi.exe
  C:\Windows\System\UuFHMWi.exe
  2⤵
  PID:3572
- C:\Windows\System\hjFLhrD.exe
  C:\Windows\System\hjFLhrD.exe
  2⤵
  PID:3600
- C:\Windows\System\tArexJK.exe
  C:\Windows\System\tArexJK.exe
  2⤵
  PID:3612
- C:\Windows\System\acOYaEG.exe
  C:\Windows\System\acOYaEG.exe
  2⤵
  PID:3640
- C:\Windows\System\gvxxxlc.exe
  C:\Windows\System\gvxxxlc.exe
  2⤵
  PID:3696
- C:\Windows\System\wCCopsu.exe
  C:\Windows\System\wCCopsu.exe
  2⤵
  PID:3744
- C:\Windows\System\ezIZRBS.exe
  C:\Windows\System\ezIZRBS.exe
  2⤵
  PID:3792
- C:\Windows\System\LUFKBGT.exe
  C:\Windows\System\LUFKBGT.exe
  2⤵
  PID:3836
- C:\Windows\System\FmYDfDB.exe
  C:\Windows\System\FmYDfDB.exe
  2⤵
  PID:3884
- C:\Windows\System\xcOBNah.exe
  C:\Windows\System\xcOBNah.exe
  2⤵
  PID:3948
- C:\Windows\System\lzvOknV.exe
  C:\Windows\System\lzvOknV.exe
  2⤵
  PID:4012
- C:\Windows\System\FMUihup.exe
  C:\Windows\System\FMUihup.exe
  2⤵
  PID:4076
- C:\Windows\System\tnvlBAS.exe
  C:\Windows\System\tnvlBAS.exe
  2⤵
  PID:680
- C:\Windows\System\zhmHSsI.exe
  C:\Windows\System\zhmHSsI.exe
  2⤵
  PID:2068
- C:\Windows\System\fzGmBVs.exe
  C:\Windows\System\fzGmBVs.exe
  2⤵
  PID:3100
- C:\Windows\System\LSojCfn.exe
  C:\Windows\System\LSojCfn.exe
  2⤵
  PID:3228
- C:\Windows\System\qimjqea.exe
  C:\Windows\System\qimjqea.exe
  2⤵
  PID:3180
- C:\Windows\System\uxqKplU.exe
  C:\Windows\System\uxqKplU.exe
  2⤵
  PID:2444
- C:\Windows\System\LvhwptA.exe
  C:\Windows\System\LvhwptA.exe
  2⤵
  PID:3488
- C:\Windows\System\BNoIahk.exe
  C:\Windows\System\BNoIahk.exe
  2⤵
  PID:3544
- C:\Windows\System\IBvzkdC.exe
  C:\Windows\System\IBvzkdC.exe
  2⤵
  PID:3584
- C:\Windows\System\eKXlgzN.exe
  C:\Windows\System\eKXlgzN.exe
  2⤵
  PID:3596
- C:\Windows\System\bJdFNXj.exe
  C:\Windows\System\bJdFNXj.exe
  2⤵
  PID:3632
- C:\Windows\System\esiNiRT.exe
  C:\Windows\System\esiNiRT.exe
  2⤵
  PID:3740
- C:\Windows\System\IFPbAut.exe
  C:\Windows\System\IFPbAut.exe
  2⤵
  PID:3852
- C:\Windows\System\xdeylVT.exe
  C:\Windows\System\xdeylVT.exe
  2⤵
  PID:4044
- C:\Windows\System\ZEHMaxw.exe
  C:\Windows\System\ZEHMaxw.exe
  2⤵
  PID:3060
- C:\Windows\System\tWwKzXA.exe
  C:\Windows\System\tWwKzXA.exe
  2⤵
  PID:2752
- C:\Windows\System\oYtIufG.exe
  C:\Windows\System\oYtIufG.exe
  2⤵
  PID:3588
- C:\Windows\System\iuQtYms.exe
  C:\Windows\System\iuQtYms.exe
  2⤵
  PID:4116
- C:\Windows\System\roshFJv.exe
  C:\Windows\System\roshFJv.exe
  2⤵
  PID:4132
- C:\Windows\System\oRfsWtX.exe
  C:\Windows\System\oRfsWtX.exe
  2⤵
  PID:4152
- C:\Windows\System\oxMsGOc.exe
  C:\Windows\System\oxMsGOc.exe
  2⤵
  PID:4168
- C:\Windows\System\etdrkaG.exe
  C:\Windows\System\etdrkaG.exe
  2⤵
  PID:4184
- C:\Windows\System\JxtGvjs.exe
  C:\Windows\System\JxtGvjs.exe
  2⤵
  PID:4200
- C:\Windows\System\Ondfrql.exe
  C:\Windows\System\Ondfrql.exe
  2⤵
  PID:4228
- C:\Windows\System\qLOusjd.exe
  C:\Windows\System\qLOusjd.exe
  2⤵
  PID:4244
- C:\Windows\System\wCpKVFF.exe
  C:\Windows\System\wCpKVFF.exe
  2⤵
  PID:4260
- C:\Windows\System\dHaImJL.exe
  C:\Windows\System\dHaImJL.exe
  2⤵
  PID:4280
- C:\Windows\System\mdkZHYr.exe
  C:\Windows\System\mdkZHYr.exe
  2⤵
  PID:4296
- C:\Windows\System\rGPBfZj.exe
  C:\Windows\System\rGPBfZj.exe
  2⤵
  PID:4312
- C:\Windows\System\fhYLkbB.exe
  C:\Windows\System\fhYLkbB.exe
  2⤵
  PID:4328
- C:\Windows\System\zgZQPCk.exe
  C:\Windows\System\zgZQPCk.exe
  2⤵
  PID:4344
- C:\Windows\System\SbtkEEM.exe
  C:\Windows\System\SbtkEEM.exe
  2⤵
  PID:4360
- C:\Windows\System\RfYAsyS.exe
  C:\Windows\System\RfYAsyS.exe
  2⤵
  PID:4376
- C:\Windows\System\uxWQkWw.exe
  C:\Windows\System\uxWQkWw.exe
  2⤵
  PID:4392
- C:\Windows\System\cZBNPOa.exe
  C:\Windows\System\cZBNPOa.exe
  2⤵
  PID:4508
- C:\Windows\System\GjfLgJS.exe
  C:\Windows\System\GjfLgJS.exe
  2⤵
  PID:4956
- C:\Windows\System\HlLqZIk.exe
  C:\Windows\System\HlLqZIk.exe
  2⤵
  PID:4976
- C:\Windows\System\HXZZMpf.exe
  C:\Windows\System\HXZZMpf.exe
  2⤵
  PID:4996
- C:\Windows\System\ctgiThF.exe
  C:\Windows\System\ctgiThF.exe
  2⤵
  PID:5012
- C:\Windows\System\hyXIucI.exe
  C:\Windows\System\hyXIucI.exe
  2⤵
  PID:5028
- C:\Windows\System\oRlPsSt.exe
  C:\Windows\System\oRlPsSt.exe
  2⤵
  PID:5044
- C:\Windows\System\ZpmRPZJ.exe
  C:\Windows\System\ZpmRPZJ.exe
  2⤵
  PID:5064
- C:\Windows\System\HoceTQW.exe
  C:\Windows\System\HoceTQW.exe
  2⤵
  PID:5088
- C:\Windows\System\scKXCrU.exe
  C:\Windows\System\scKXCrU.exe
  2⤵
  PID:5104
- C:\Windows\System\aQUjIUu.exe
  C:\Windows\System\aQUjIUu.exe
  2⤵
  PID:3708
- C:\Windows\System\bUewDNP.exe
  C:\Windows\System\bUewDNP.exe
  2⤵
  PID:3920
- C:\Windows\System\neuwYXh.exe
  C:\Windows\System\neuwYXh.exe
  2⤵
  PID:4100
- C:\Windows\System\VJzOkSa.exe
  C:\Windows\System\VJzOkSa.exe
  2⤵
  PID:4140
- C:\Windows\System\IGaSIMO.exe
  C:\Windows\System\IGaSIMO.exe
  2⤵
  PID:4176
- C:\Windows\System\axdQiJn.exe
  C:\Windows\System\axdQiJn.exe
  2⤵
  PID:4216
- C:\Windows\System\LftGQyo.exe
  C:\Windows\System\LftGQyo.exe
  2⤵
  PID:4252
- C:\Windows\System\nQXiKnF.exe
  C:\Windows\System\nQXiKnF.exe
  2⤵
  PID:4320
- C:\Windows\System\xFTvgis.exe
  C:\Windows\System\xFTvgis.exe
  2⤵
  PID:2380
- C:\Windows\System\WbNkFYZ.exe
  C:\Windows\System\WbNkFYZ.exe
  2⤵
  PID:4516
- C:\Windows\System\lxEOqvN.exe
  C:\Windows\System\lxEOqvN.exe
  2⤵
  PID:4532
- C:\Windows\System\wNAOPLy.exe
  C:\Windows\System\wNAOPLy.exe
  2⤵
  PID:4548
- C:\Windows\System\HjcNNdt.exe
  C:\Windows\System\HjcNNdt.exe
  2⤵
  PID:4564
- C:\Windows\System\JHMwRbN.exe
  C:\Windows\System\JHMwRbN.exe
  2⤵
  PID:4584
- C:\Windows\System\Ipzzmgu.exe
  C:\Windows\System\Ipzzmgu.exe
  2⤵
  PID:4600
- C:\Windows\System\BlNXjgD.exe
  C:\Windows\System\BlNXjgD.exe
  2⤵
  PID:4620
- C:\Windows\System\ZWYwSqn.exe
  C:\Windows\System\ZWYwSqn.exe
  2⤵
  PID:4628
- C:\Windows\System\EpmxHDf.exe
  C:\Windows\System\EpmxHDf.exe
  2⤵
  PID:4060
- C:\Windows\System\RhqSREw.exe
  C:\Windows\System\RhqSREw.exe
  2⤵
  PID:4668
- C:\Windows\System\xbffxRG.exe
  C:\Windows\System\xbffxRG.exe
  2⤵
  PID:620
- C:\Windows\System\IMjrAvR.exe
  C:\Windows\System\IMjrAvR.exe
  2⤵
  PID:776
- C:\Windows\System\pBMRJco.exe
  C:\Windows\System\pBMRJco.exe
  2⤵
  PID:2228
- C:\Windows\System\kaVniDH.exe
  C:\Windows\System\kaVniDH.exe
  2⤵
  PID:1028
- C:\Windows\System\hQcjcAn.exe
  C:\Windows\System\hQcjcAn.exe
  2⤵
  PID:3244
- C:\Windows\System\LHCAJtd.exe
  C:\Windows\System\LHCAJtd.exe
  2⤵
  PID:3412
- C:\Windows\System\gLjnGss.exe
  C:\Windows\System\gLjnGss.exe
  2⤵
  PID:3468
- C:\Windows\System\LQYChWw.exe
  C:\Windows\System\LQYChWw.exe
  2⤵
  PID:3516
- C:\Windows\System\pFAHYgc.exe
  C:\Windows\System\pFAHYgc.exe
  2⤵
  PID:2428
- C:\Windows\System\OhPEtda.exe
  C:\Windows\System\OhPEtda.exe
  2⤵
  PID:3660
- C:\Windows\System\jnrVLqh.exe
  C:\Windows\System\jnrVLqh.exe
  2⤵
  PID:3356
- C:\Windows\System\iOkgaJy.exe
  C:\Windows\System\iOkgaJy.exe
  2⤵
  PID:3484
- C:\Windows\System\XkROuyo.exe
  C:\Windows\System\XkROuyo.exe
  2⤵
  PID:3820
- C:\Windows\System\HPFrhAD.exe
  C:\Windows\System\HPFrhAD.exe
  2⤵
  PID:3312
- C:\Windows\System\EowMqfj.exe
  C:\Windows\System\EowMqfj.exe
  2⤵
  PID:4124
- C:\Windows\System\nKalrHV.exe
  C:\Windows\System\nKalrHV.exe
  2⤵
  PID:4192
- C:\Windows\System\KCxlBgO.exe
  C:\Windows\System\KCxlBgO.exe
  2⤵
  PID:4336
- C:\Windows\System\UYCSZGH.exe
  C:\Windows\System\UYCSZGH.exe
  2⤵
  PID:4400
- C:\Windows\System\LRPqRJc.exe
  C:\Windows\System\LRPqRJc.exe
  2⤵
  PID:4424
- C:\Windows\System\TegKCHZ.exe
  C:\Windows\System\TegKCHZ.exe
  2⤵
  PID:4440
- C:\Windows\System\MkHmfji.exe
  C:\Windows\System\MkHmfji.exe
  2⤵
  PID:4456
- C:\Windows\System\vYWnBOG.exe
  C:\Windows\System\vYWnBOG.exe
  2⤵
  PID:4480
- C:\Windows\System\osDmvyf.exe
  C:\Windows\System\osDmvyf.exe
  2⤵
  PID:4500
- C:\Windows\System\gDkOkWi.exe
  C:\Windows\System\gDkOkWi.exe
  2⤵
  PID:4716
- C:\Windows\System\zpzhEnm.exe
  C:\Windows\System\zpzhEnm.exe
  2⤵
  PID:4732
- C:\Windows\System\dshmohD.exe
  C:\Windows\System\dshmohD.exe
  2⤵
  PID:4748
- C:\Windows\System\TByEYeg.exe
  C:\Windows\System\TByEYeg.exe
  2⤵
  PID:4764
- C:\Windows\System\wMuJCEn.exe
  C:\Windows\System\wMuJCEn.exe
  2⤵
  PID:4784
- C:\Windows\System\eWwJwGL.exe
  C:\Windows\System\eWwJwGL.exe
  2⤵
  PID:4808
- C:\Windows\System\fkgvPcf.exe
  C:\Windows\System\fkgvPcf.exe
  2⤵
  PID:2312
- C:\Windows\System\yUouCiA.exe
  C:\Windows\System\yUouCiA.exe
  2⤵
  PID:4836
- C:\Windows\System\QEyhRyx.exe
  C:\Windows\System\QEyhRyx.exe
  2⤵
  PID:4872
- C:\Windows\System\gOWnqDR.exe
  C:\Windows\System\gOWnqDR.exe
  2⤵
  PID:1928
- C:\Windows\System\RgWEFtc.exe
  C:\Windows\System\RgWEFtc.exe
  2⤵
  PID:4900
- C:\Windows\System\kEUOdNC.exe
  C:\Windows\System\kEUOdNC.exe
  2⤵
  PID:4916
- C:\Windows\System\ZpJwMzu.exe
  C:\Windows\System\ZpJwMzu.exe
  2⤵
  PID:4932
- C:\Windows\System\hwYgTeV.exe
  C:\Windows\System\hwYgTeV.exe
  2⤵
  PID:4948
- C:\Windows\System\qXTFLJL.exe
  C:\Windows\System\qXTFLJL.exe
  2⤵
  PID:2040
- C:\Windows\System\vtfQbFn.exe
  C:\Windows\System\vtfQbFn.exe
  2⤵
  PID:4968
- C:\Windows\System\QWOmbAt.exe
  C:\Windows\System\QWOmbAt.exe
  2⤵
  PID:4984
- C:\Windows\System\psPLodB.exe
  C:\Windows\System\psPLodB.exe
  2⤵
  PID:4992
- C:\Windows\System\eTuQqgm.exe
  C:\Windows\System\eTuQqgm.exe
  2⤵
  PID:5100
- C:\Windows\System\BCZARJh.exe
  C:\Windows\System\BCZARJh.exe
  2⤵
  PID:5056
- C:\Windows\System\MsxifqB.exe
  C:\Windows\System\MsxifqB.exe
  2⤵
  PID:3916
- C:\Windows\System\gogLWtF.exe
  C:\Windows\System\gogLWtF.exe
  2⤵
  PID:5112
- C:\Windows\System\SgDoSVW.exe
  C:\Windows\System\SgDoSVW.exe
  2⤵
  PID:4148
- C:\Windows\System\qBpqAmw.exe
  C:\Windows\System\qBpqAmw.exe
  2⤵
  PID:996
- C:\Windows\System\VaqmiwA.exe
  C:\Windows\System\VaqmiwA.exe
  2⤵
  PID:4540
- C:\Windows\System\cQSDNfv.exe
  C:\Windows\System\cQSDNfv.exe
  2⤵
  PID:4576
- C:\Windows\System\eRElhSq.exe
  C:\Windows\System\eRElhSq.exe
  2⤵
  PID:5084
- C:\Windows\System\bOBqsql.exe
  C:\Windows\System\bOBqsql.exe
  2⤵
  PID:4636
- C:\Windows\System\jjmDyav.exe
  C:\Windows\System\jjmDyav.exe
  2⤵
  PID:4640
- C:\Windows\System\LpIVJoy.exe
  C:\Windows\System\LpIVJoy.exe
  2⤵
  PID:4592
- C:\Windows\System\WPDVGAW.exe
  C:\Windows\System\WPDVGAW.exe
  2⤵
  PID:4624
- C:\Windows\System\JphJfhZ.exe
  C:\Windows\System\JphJfhZ.exe
  2⤵
  PID:4656
- C:\Windows\System\aPiNbPI.exe
  C:\Windows\System\aPiNbPI.exe
  2⤵
  PID:3936
- C:\Windows\System\gkfotyd.exe
  C:\Windows\System\gkfotyd.exe
  2⤵
  PID:4000
- C:\Windows\System\ayIJqhV.exe
  C:\Windows\System\ayIJqhV.exe
  2⤵
  PID:2448
- C:\Windows\System\DCUCzRJ.exe
  C:\Windows\System\DCUCzRJ.exe
  2⤵
  PID:2756
- C:\Windows\System\ghhdVzB.exe
  C:\Windows\System\ghhdVzB.exe
  2⤵
  PID:3148
- C:\Windows\System\jCflTvW.exe
  C:\Windows\System\jCflTvW.exe
  2⤵
  PID:3656
- C:\Windows\System\ZGjuLxZ.exe
  C:\Windows\System\ZGjuLxZ.exe
  2⤵
  PID:3788
- C:\Windows\System\KtVcqAM.exe
  C:\Windows\System\KtVcqAM.exe
  2⤵
  PID:3772
- C:\Windows\System\TDUIBLH.exe
  C:\Windows\System\TDUIBLH.exe
  2⤵
  PID:3508
- C:\Windows\System\tkWUhVu.exe
  C:\Windows\System\tkWUhVu.exe
  2⤵
  PID:3980
- C:\Windows\System\GADRYTq.exe
  C:\Windows\System\GADRYTq.exe
  2⤵
  PID:1700
- C:\Windows\System\sLbkbCU.exe
  C:\Windows\System\sLbkbCU.exe
  2⤵
  PID:3456
- C:\Windows\System\QDFGfmE.exe
  C:\Windows\System\QDFGfmE.exe
  2⤵
  PID:3624
- C:\Windows\System\lHzZgzs.exe
  C:\Windows\System\lHzZgzs.exe
  2⤵
  PID:2924
- C:\Windows\System\cVxKaTV.exe
  C:\Windows\System\cVxKaTV.exe
  2⤵
  PID:4128
- C:\Windows\System\iQnEQJz.exe
  C:\Windows\System\iQnEQJz.exe
  2⤵
  PID:4304
- C:\Windows\System\ddJxcSc.exe
  C:\Windows\System\ddJxcSc.exe
  2⤵
  PID:2268
- C:\Windows\System\NXQxXXC.exe
  C:\Windows\System\NXQxXXC.exe
  2⤵
  PID:2104
- C:\Windows\System\jLwBDil.exe
  C:\Windows\System\jLwBDil.exe
  2⤵
  PID:3000
- C:\Windows\System\ywBrELx.exe
  C:\Windows\System\ywBrELx.exe
  2⤵
  PID:2212
- C:\Windows\System\wJDWNvP.exe
  C:\Windows\System\wJDWNvP.exe
  2⤵
  PID:4408
- C:\Windows\System\SJKdiVh.exe
  C:\Windows\System\SJKdiVh.exe
  2⤵
  PID:2004
- C:\Windows\System\TuNQIxF.exe
  C:\Windows\System\TuNQIxF.exe
  2⤵
  PID:4448
- C:\Windows\System\rGfyUqB.exe
  C:\Windows\System\rGfyUqB.exe
  2⤵
  PID:2640
- C:\Windows\System\JIzkmmy.exe
  C:\Windows\System\JIzkmmy.exe
  2⤵
  PID:4504
- C:\Windows\System\KkSMcda.exe
  C:\Windows\System\KkSMcda.exe
  2⤵
  PID:968
- C:\Windows\System\oTyooZj.exe
  C:\Windows\System\oTyooZj.exe
  2⤵
  PID:4772
- C:\Windows\System\twEERyo.exe
  C:\Windows\System\twEERyo.exe
  2⤵
  PID:4816
- C:\Windows\System\ibNWpGm.exe
  C:\Windows\System\ibNWpGm.exe
  2⤵
  PID:1336
- C:\Windows\System\ozhKELx.exe
  C:\Windows\System\ozhKELx.exe
  2⤵
  PID:4852
- C:\Windows\System\KnxMIGc.exe
  C:\Windows\System\KnxMIGc.exe
  2⤵
  PID:2648
- C:\Windows\System\BStEDQq.exe
  C:\Windows\System\BStEDQq.exe
  2⤵
  PID:4856
- C:\Windows\System\YBOEsop.exe
  C:\Windows\System\YBOEsop.exe
  2⤵
  PID:4832
- C:\Windows\System\DFKKrQi.exe
  C:\Windows\System\DFKKrQi.exe
  2⤵
  PID:4884
- C:\Windows\System\PRtKJHD.exe
  C:\Windows\System\PRtKJHD.exe
  2⤵
  PID:960
- C:\Windows\System\gbpFGAf.exe
  C:\Windows\System\gbpFGAf.exe
  2⤵
  PID:2680
- C:\Windows\System\egnovod.exe
  C:\Windows\System\egnovod.exe
  2⤵
  PID:5008
- C:\Windows\System\sghuYfu.exe
  C:\Windows\System\sghuYfu.exe
  2⤵
  PID:4112
- C:\Windows\System\sHAqeFE.exe
  C:\Windows\System\sHAqeFE.exe
  2⤵
  PID:2864
- C:\Windows\System\bNPJiVC.exe
  C:\Windows\System\bNPJiVC.exe
  2⤵
  PID:2332
- C:\Windows\System\mZsDDwG.exe
  C:\Windows\System\mZsDDwG.exe
  2⤵
  PID:3712
- C:\Windows\System\yCDepLf.exe
  C:\Windows\System\yCDepLf.exe
  2⤵
  PID:4292
- C:\Windows\System\hsRLjVw.exe
  C:\Windows\System\hsRLjVw.exe
  2⤵
  PID:2984
- C:\Windows\System\fchKlns.exe
  C:\Windows\System\fchKlns.exe
  2⤵
  PID:2720
- C:\Windows\System\dMVEmUw.exe
  C:\Windows\System\dMVEmUw.exe
  2⤵
  PID:4616
- C:\Windows\System\pVQzZIQ.exe
  C:\Windows\System\pVQzZIQ.exe
  2⤵
  PID:4648
- C:\Windows\System\qVRuscH.exe
  C:\Windows\System\qVRuscH.exe
  2⤵
  PID:4664
- C:\Windows\System\aVyyrSk.exe
  C:\Windows\System\aVyyrSk.exe
  2⤵
  PID:4384
- C:\Windows\System\AfvICil.exe
  C:\Windows\System\AfvICil.exe
  2⤵
  PID:4032
- C:\Windows\System\MXuSgLQ.exe
  C:\Windows\System\MXuSgLQ.exe
  2⤵
  PID:3608
- C:\Windows\System\fPqpgrK.exe
  C:\Windows\System\fPqpgrK.exe
  2⤵
  PID:1908
- C:\Windows\System\qQbxaLa.exe
  C:\Windows\System\qQbxaLa.exe
  2⤵
  PID:3392
- C:\Windows\System\wGCGghV.exe
  C:\Windows\System\wGCGghV.exe
  2⤵
  PID:2496
- C:\Windows\System\CWMgxWW.exe
  C:\Windows\System\CWMgxWW.exe
  2⤵
  PID:2540
- C:\Windows\System\ulQfTWq.exe
  C:\Windows\System\ulQfTWq.exe
  2⤵
  PID:3540
- C:\Windows\System\wYDkbEb.exe
  C:\Windows\System\wYDkbEb.exe
  2⤵
  PID:1692
- C:\Windows\System\kHEWXnL.exe
  C:\Windows\System\kHEWXnL.exe
  2⤵
  PID:3872
- C:\Windows\System\hatomon.exe
  C:\Windows\System\hatomon.exe
  2⤵
  PID:4236
- C:\Windows\System\nrbRDhB.exe
  C:\Windows\System\nrbRDhB.exe
  2⤵
  PID:604
- C:\Windows\System\iULFOvb.exe
  C:\Windows\System\iULFOvb.exe
  2⤵
  PID:2340
- C:\Windows\System\ihKAVHw.exe
  C:\Windows\System\ihKAVHw.exe
  2⤵
  PID:4420
- C:\Windows\System\gqDmDQz.exe
  C:\Windows\System\gqDmDQz.exe
  2⤵
  PID:4412
- C:\Windows\System\QPaUIQB.exe
  C:\Windows\System\QPaUIQB.exe
  2⤵
  PID:4476
- C:\Windows\System\QWCFlrH.exe
  C:\Windows\System\QWCFlrH.exe
  2⤵
  PID:2292
- C:\Windows\System\tiXNnrv.exe
  C:\Windows\System\tiXNnrv.exe
  2⤵
  PID:2868
- C:\Windows\System\AhRRdtB.exe
  C:\Windows\System\AhRRdtB.exe
  2⤵
  PID:4780
- C:\Windows\System\PQMQLKS.exe
  C:\Windows\System\PQMQLKS.exe
  2⤵
  PID:4760
- C:\Windows\System\TVCpVdI.exe
  C:\Windows\System\TVCpVdI.exe
  2⤵
  PID:4800
- C:\Windows\System\wsEXYTy.exe
  C:\Windows\System\wsEXYTy.exe
  2⤵
  PID:4912
- C:\Windows\System\vBItrWy.exe
  C:\Windows\System\vBItrWy.exe
  2⤵
  PID:4924
- C:\Windows\System\vjwOgdL.exe
  C:\Windows\System\vjwOgdL.exe
  2⤵
  PID:4908
- C:\Windows\System\nIlKOFi.exe
  C:\Windows\System\nIlKOFi.exe
  2⤵
  PID:4940
- C:\Windows\System\FiffQVq.exe
  C:\Windows\System\FiffQVq.exe
  2⤵
  PID:4964
- C:\Windows\System\VkVRjCw.exe
  C:\Windows\System\VkVRjCw.exe
  2⤵
  PID:448
- C:\Windows\System\rLXuYra.exe
  C:\Windows\System\rLXuYra.exe
  2⤵
  PID:4208
- C:\Windows\System\DJZoxjM.exe
  C:\Windows\System\DJZoxjM.exe
  2⤵
  PID:5076
- C:\Windows\System\DnUuFNW.exe
  C:\Windows\System\DnUuFNW.exe
  2⤵
  PID:4556
- C:\Windows\System\RTbBIFa.exe
  C:\Windows\System\RTbBIFa.exe
  2⤵
  PID:4580
- C:\Windows\System\DreirLs.exe
  C:\Windows\System\DreirLs.exe
  2⤵
  PID:3116
- C:\Windows\System\CUDQSWX.exe
  C:\Windows\System\CUDQSWX.exe
  2⤵
  PID:3996
- C:\Windows\System\MiExrBI.exe
  C:\Windows\System\MiExrBI.exe
  2⤵
  PID:4272
- C:\Windows\System\wkXAAPS.exe
  C:\Windows\System\wkXAAPS.exe
  2⤵
  PID:2600
- C:\Windows\System\IxldWfm.exe
  C:\Windows\System\IxldWfm.exe
  2⤵
  PID:2928
- C:\Windows\System\VDSrJqm.exe
  C:\Windows\System\VDSrJqm.exe
  2⤵
  PID:1100
- C:\Windows\System\aHyXtyi.exe
  C:\Windows\System\aHyXtyi.exe
  2⤵
  PID:2544
- C:\Windows\System\KSVxEky.exe
  C:\Windows\System\KSVxEky.exe
  2⤵
  PID:1232
- C:\Windows\System\oBIQyUX.exe
  C:\Windows\System\oBIQyUX.exe
  2⤵
  PID:2652
- C:\Windows\System\FaGjoGF.exe
  C:\Windows\System\FaGjoGF.exe
  2⤵
  PID:1424
- C:\Windows\System\lrWJpJT.exe
  C:\Windows\System\lrWJpJT.exe
  2⤵
  PID:4928
- C:\Windows\System\dFLbYat.exe
  C:\Windows\System\dFLbYat.exe
  2⤵
  PID:2164
- C:\Windows\System\bgShxUF.exe
  C:\Windows\System\bgShxUF.exe
  2⤵
  PID:1228
- C:\Windows\System\oMDlQiM.exe
  C:\Windows\System\oMDlQiM.exe
  2⤵
  PID:1044
- C:\Windows\System\BrmXYpE.exe
  C:\Windows\System\BrmXYpE.exe
  2⤵
  PID:3904
- C:\Windows\System\WHJnvOg.exe
  C:\Windows\System\WHJnvOg.exe
  2⤵
  PID:2768
- C:\Windows\System\bvCKRAH.exe
  C:\Windows\System\bvCKRAH.exe
  2⤵
  PID:3472
- C:\Windows\System\aaIqIin.exe
  C:\Windows\System\aaIqIin.exe
  2⤵
  PID:4436
- C:\Windows\System\tkmfDIM.exe
  C:\Windows\System\tkmfDIM.exe
  2⤵
  PID:4372
- C:\Windows\System\zIpwnWz.exe
  C:\Windows\System\zIpwnWz.exe
  2⤵
  PID:5020
- C:\Windows\System\UPVFILC.exe
  C:\Windows\System\UPVFILC.exe
  2⤵
  PID:5132
- C:\Windows\System\SDyrsKr.exe
  C:\Windows\System\SDyrsKr.exe
  2⤵
  PID:5148
- C:\Windows\System\fqkcdoF.exe
  C:\Windows\System\fqkcdoF.exe
  2⤵
  PID:5164
- C:\Windows\System\ODhAPrS.exe
  C:\Windows\System\ODhAPrS.exe
  2⤵
  PID:5180
- C:\Windows\System\abyroRM.exe
  C:\Windows\System\abyroRM.exe
  2⤵
  PID:5196
- C:\Windows\System\wZjTOtl.exe
  C:\Windows\System\wZjTOtl.exe
  2⤵
  PID:5212
- C:\Windows\System\VaNLDVf.exe
  C:\Windows\System\VaNLDVf.exe
  2⤵
  PID:5228
- C:\Windows\System\yWAwtIE.exe
  C:\Windows\System\yWAwtIE.exe
  2⤵
  PID:5244
- C:\Windows\System\QKvefuj.exe
  C:\Windows\System\QKvefuj.exe
  2⤵
  PID:5260
- C:\Windows\System\cQAfAPW.exe
  C:\Windows\System\cQAfAPW.exe
  2⤵
  PID:5276
- C:\Windows\System\EOQLRNw.exe
  C:\Windows\System\EOQLRNw.exe
  2⤵
  PID:5292
- C:\Windows\System\abVAuOA.exe
  C:\Windows\System\abVAuOA.exe
  2⤵
  PID:5308
- C:\Windows\System\vYJVcpq.exe
  C:\Windows\System\vYJVcpq.exe
  2⤵
  PID:5328
- C:\Windows\System\gscYdPw.exe
  C:\Windows\System\gscYdPw.exe
  2⤵
  PID:5344
- C:\Windows\System\taNQwaR.exe
  C:\Windows\System\taNQwaR.exe
  2⤵
  PID:5360
- C:\Windows\System\PmagSNd.exe
  C:\Windows\System\PmagSNd.exe
  2⤵
  PID:5376
- C:\Windows\System\ndfdAic.exe
  C:\Windows\System\ndfdAic.exe
  2⤵
  PID:5392
- C:\Windows\System\wPXoucq.exe
  C:\Windows\System\wPXoucq.exe
  2⤵
  PID:5408
- C:\Windows\System\rXfBLYj.exe
  C:\Windows\System\rXfBLYj.exe
  2⤵
  PID:5424
- C:\Windows\System\UPikfCn.exe
  C:\Windows\System\UPikfCn.exe
  2⤵
  PID:5440
- C:\Windows\System\UzUDjcX.exe
  C:\Windows\System\UzUDjcX.exe
  2⤵
  PID:5456
- C:\Windows\System\BJmtTOo.exe
  C:\Windows\System\BJmtTOo.exe
  2⤵
  PID:5476
- C:\Windows\System\EopHfMS.exe
  C:\Windows\System\EopHfMS.exe
  2⤵
  PID:5492
- C:\Windows\System\xisgVGY.exe
  C:\Windows\System\xisgVGY.exe
  2⤵
  PID:5508
- C:\Windows\System\skdsvhW.exe
  C:\Windows\System\skdsvhW.exe
  2⤵
  PID:5524
- C:\Windows\System\JGnuHut.exe
  C:\Windows\System\JGnuHut.exe
  2⤵
  PID:5540
- C:\Windows\System\zObMORo.exe
  C:\Windows\System\zObMORo.exe
  2⤵
  PID:5556
- C:\Windows\System\XlQMQWE.exe
  C:\Windows\System\XlQMQWE.exe
  2⤵
  PID:5572
- C:\Windows\System\cHaidUf.exe
  C:\Windows\System\cHaidUf.exe
  2⤵
  PID:5588
- C:\Windows\System\eCmFltn.exe
  C:\Windows\System\eCmFltn.exe
  2⤵
  PID:5604
- C:\Windows\System\BFCPScm.exe
  C:\Windows\System\BFCPScm.exe
  2⤵
  PID:5620
- C:\Windows\System\flkGVys.exe
  C:\Windows\System\flkGVys.exe
  2⤵
  PID:5636
- C:\Windows\System\cczwGAy.exe
  C:\Windows\System\cczwGAy.exe
  2⤵
  PID:5652
- C:\Windows\System\rFKmKbb.exe
  C:\Windows\System\rFKmKbb.exe
  2⤵
  PID:5668
- C:\Windows\System\PGDItrp.exe
  C:\Windows\System\PGDItrp.exe
  2⤵
  PID:5684
- C:\Windows\System\sIXzeTS.exe
  C:\Windows\System\sIXzeTS.exe
  2⤵
  PID:5700
- C:\Windows\System\qJPwLhK.exe
  C:\Windows\System\qJPwLhK.exe
  2⤵
  PID:5716
- C:\Windows\System\ndZYLwb.exe
  C:\Windows\System\ndZYLwb.exe
  2⤵
  PID:5736
- C:\Windows\System\VFxkmtx.exe
  C:\Windows\System\VFxkmtx.exe
  2⤵
  PID:5752
- C:\Windows\System\jrIZirM.exe
  C:\Windows\System\jrIZirM.exe
  2⤵
  PID:5772
- C:\Windows\System\DskzqAj.exe
  C:\Windows\System\DskzqAj.exe
  2⤵
  PID:5788
- C:\Windows\System\EDRrZDB.exe
  C:\Windows\System\EDRrZDB.exe
  2⤵
  PID:5804
- C:\Windows\System\OecZpBL.exe
  C:\Windows\System\OecZpBL.exe
  2⤵
  PID:5820
- C:\Windows\System\fDKnnGj.exe
  C:\Windows\System\fDKnnGj.exe
  2⤵
  PID:5836
- C:\Windows\System\DXZgXSQ.exe
  C:\Windows\System\DXZgXSQ.exe
  2⤵
  PID:5852
- C:\Windows\System\OaYounq.exe
  C:\Windows\System\OaYounq.exe
  2⤵
  PID:5868
- C:\Windows\System\EpdUhrI.exe
  C:\Windows\System\EpdUhrI.exe
  2⤵
  PID:5884
- C:\Windows\System\ugbmCkE.exe
  C:\Windows\System\ugbmCkE.exe
  2⤵
  PID:5900
- C:\Windows\System\jxJFyZN.exe
  C:\Windows\System\jxJFyZN.exe
  2⤵
  PID:5916
- C:\Windows\System\eKdIdBm.exe
  C:\Windows\System\eKdIdBm.exe
  2⤵
  PID:5932
- C:\Windows\System\ePlEieU.exe
  C:\Windows\System\ePlEieU.exe
  2⤵
  PID:5948
- C:\Windows\System\TcKPasz.exe
  C:\Windows\System\TcKPasz.exe
  2⤵
  PID:5964
- C:\Windows\System\KpcxwyO.exe
  C:\Windows\System\KpcxwyO.exe
  2⤵
  PID:5980
- C:\Windows\System\mFIwAXo.exe
  C:\Windows\System\mFIwAXo.exe
  2⤵
  PID:5996
- C:\Windows\System\ajobjiA.exe
  C:\Windows\System\ajobjiA.exe
  2⤵
  PID:6012
- C:\Windows\System\noMtFlp.exe
  C:\Windows\System\noMtFlp.exe
  2⤵
  PID:6036
- C:\Windows\System\qoLFkEF.exe
  C:\Windows\System\qoLFkEF.exe
  2⤵
  PID:6056
- C:\Windows\System\FNUmfEF.exe
  C:\Windows\System\FNUmfEF.exe
  2⤵
  PID:6076
- C:\Windows\System\iGbvBNg.exe
  C:\Windows\System\iGbvBNg.exe
  2⤵
  PID:6100
- C:\Windows\System\FzfGaLb.exe
  C:\Windows\System\FzfGaLb.exe
  2⤵
  PID:6116
- C:\Windows\System\BXKOOwO.exe
  C:\Windows\System\BXKOOwO.exe
  2⤵
  PID:6132
- C:\Windows\System\xVSszda.exe
  C:\Windows\System\xVSszda.exe
  2⤵
  PID:4472
- C:\Windows\System\kcAvmrH.exe
  C:\Windows\System\kcAvmrH.exe
  2⤵
  PID:3856
- C:\Windows\System\eVchwtX.exe
  C:\Windows\System\eVchwtX.exe
  2⤵
  PID:5124
- C:\Windows\System\gRgETbO.exe
  C:\Windows\System\gRgETbO.exe
  2⤵
  PID:5188
- C:\Windows\System\VjOHweO.exe
  C:\Windows\System\VjOHweO.exe
  2⤵
  PID:5256
- C:\Windows\System\kriHwdK.exe
  C:\Windows\System\kriHwdK.exe
  2⤵
  PID:5320
- C:\Windows\System\dmKpeOG.exe
  C:\Windows\System\dmKpeOG.exe
  2⤵
  PID:5388
- C:\Windows\System\iPmtxoM.exe
  C:\Windows\System\iPmtxoM.exe
  2⤵
  PID:5484
- C:\Windows\System\vUTNoqb.exe
  C:\Windows\System\vUTNoqb.exe
  2⤵
  PID:5552
- C:\Windows\System\JsIxjdk.exe
  C:\Windows\System\JsIxjdk.exe
  2⤵
  PID:5548
- C:\Windows\System\qMRiziE.exe
  C:\Windows\System\qMRiziE.exe
  2⤵
  PID:5676
- C:\Windows\System\auGxLzD.exe
  C:\Windows\System\auGxLzD.exe
  2⤵
  PID:5644
- C:\Windows\System\ptgyeCE.exe
  C:\Windows\System\ptgyeCE.exe
  2⤵
  PID:2392
- C:\Windows\System\WCgCxPu.exe
  C:\Windows\System\WCgCxPu.exe
  2⤵
  PID:2896
- C:\Windows\System\sOJKfyL.exe
  C:\Windows\System\sOJKfyL.exe
  2⤵
  PID:5144
- C:\Windows\System\BLLJDWS.exe
  C:\Windows\System\BLLJDWS.exe
  2⤵
  PID:5208
- C:\Windows\System\tSDmTpC.exe
  C:\Windows\System\tSDmTpC.exe
  2⤵
  PID:5300
- C:\Windows\System\cQJZJdZ.exe
  C:\Windows\System\cQJZJdZ.exe
  2⤵
  PID:5368
- C:\Windows\System\gfSBkgQ.exe
  C:\Windows\System\gfSBkgQ.exe
  2⤵
  PID:5432
- C:\Windows\System\yvElhzU.exe
  C:\Windows\System\yvElhzU.exe
  2⤵
  PID:5504
- C:\Windows\System\sOgIdkf.exe
  C:\Windows\System\sOgIdkf.exe
  2⤵
  PID:5568
- C:\Windows\System\pvYgCEw.exe
  C:\Windows\System\pvYgCEw.exe
  2⤵
  PID:5632
- C:\Windows\System\ASuMAAI.exe
  C:\Windows\System\ASuMAAI.exe
  2⤵
  PID:5724
- C:\Windows\System\rBNdaCv.exe
  C:\Windows\System\rBNdaCv.exe
  2⤵
  PID:5728
- C:\Windows\System\qtNWosk.exe
  C:\Windows\System\qtNWosk.exe
  2⤵
  PID:5812
- C:\Windows\System\KubyXBe.exe
  C:\Windows\System\KubyXBe.exe
  2⤵
  PID:5992
- C:\Windows\System\FxnEglk.exe
  C:\Windows\System\FxnEglk.exe
  2⤵
  PID:5928
- C:\Windows\System\kHQmYeu.exe
  C:\Windows\System\kHQmYeu.exe
  2⤵
  PID:5800
- C:\Windows\System\qhZFbAz.exe
  C:\Windows\System\qhZFbAz.exe
  2⤵
  PID:6044
- C:\Windows\System\Iuorvvt.exe
  C:\Windows\System\Iuorvvt.exe
  2⤵
  PID:6064
- C:\Windows\System\mzDbcyt.exe
  C:\Windows\System\mzDbcyt.exe
  2⤵
  PID:6084
- C:\Windows\System\IXRoSmW.exe
  C:\Windows\System\IXRoSmW.exe
  2⤵
  PID:6112
- C:\Windows\System\vonkCIx.exe
  C:\Windows\System\vonkCIx.exe
  2⤵
  PID:6128
- C:\Windows\System\mJzDAtZ.exe
  C:\Windows\System\mJzDAtZ.exe
  2⤵
  PID:2920
- C:\Windows\System\mwnDKDM.exe
  C:\Windows\System\mwnDKDM.exe
  2⤵
  PID:5220
- C:\Windows\System\EDTqSiT.exe
  C:\Windows\System\EDTqSiT.exe
  2⤵
  PID:5384
- C:\Windows\System\xNNBaZL.exe
  C:\Windows\System\xNNBaZL.exe
  2⤵
  PID:5648
- C:\Windows\System\BjLtfle.exe
  C:\Windows\System\BjLtfle.exe
  2⤵
  PID:5708
- C:\Windows\System\ynbefrO.exe
  C:\Windows\System\ynbefrO.exe
  2⤵
  PID:5448
- C:\Windows\System\OYkzCrs.exe
  C:\Windows\System\OYkzCrs.exe
  2⤵
  PID:4308
- C:\Windows\System\qNpCpzy.exe
  C:\Windows\System\qNpCpzy.exe
  2⤵
  PID:4492
- C:\Windows\System\VlxGrYJ.exe
  C:\Windows\System\VlxGrYJ.exe
  2⤵
  PID:5400
- C:\Windows\System\slHBNNH.exe
  C:\Windows\System\slHBNNH.exe
  2⤵
  PID:5664
- C:\Windows\System\rwxrhuj.exe
  C:\Windows\System\rwxrhuj.exe
  2⤵
  PID:5268
- C:\Windows\System\CqvrxNR.exe
  C:\Windows\System\CqvrxNR.exe
  2⤵
  PID:5036
- C:\Windows\System\cUYPWZe.exe
  C:\Windows\System\cUYPWZe.exe
  2⤵
  PID:5748
- C:\Windows\System\uYLyJlo.exe
  C:\Windows\System\uYLyJlo.exe
  2⤵
  PID:5848
- C:\Windows\System\jWmzGQU.exe
  C:\Windows\System\jWmzGQU.exe
  2⤵
  PID:5912
- C:\Windows\System\FnpTIlX.exe
  C:\Windows\System\FnpTIlX.exe
  2⤵
  PID:6008
- C:\Windows\System\FcxHqvk.exe
  C:\Windows\System\FcxHqvk.exe
  2⤵
  PID:5860
- C:\Windows\System\nzTbMZQ.exe
  C:\Windows\System\nzTbMZQ.exe
  2⤵
  PID:5876
- C:\Windows\System\SDaxovG.exe
  C:\Windows\System\SDaxovG.exe
  2⤵
  PID:6052
- C:\Windows\System\AliXzKL.exe
  C:\Windows\System\AliXzKL.exe
  2⤵
  PID:5956
- C:\Windows\System\CGYtkKP.exe
  C:\Windows\System\CGYtkKP.exe
  2⤵
  PID:5160
- C:\Windows\System\WrZfagI.exe
  C:\Windows\System\WrZfagI.exe
  2⤵
  PID:2320
- C:\Windows\System\ZSPDIDo.exe
  C:\Windows\System\ZSPDIDo.exe
  2⤵
  PID:2872
- C:\Windows\System\pWztGgA.exe
  C:\Windows\System\pWztGgA.exe
  2⤵
  PID:5452
- C:\Windows\System\QfrzoJa.exe
  C:\Windows\System\QfrzoJa.exe
  2⤵
  PID:2844
- C:\Windows\System\UGhezDU.exe
  C:\Windows\System\UGhezDU.exe
  2⤵
  PID:5500
- C:\Windows\System\jHcGnxr.exe
  C:\Windows\System\jHcGnxr.exe
  2⤵
  PID:5972
- C:\Windows\System\aOPyAVB.exe
  C:\Windows\System\aOPyAVB.exe
  2⤵
  PID:5844
- C:\Windows\System\WbIGPyj.exe
  C:\Windows\System\WbIGPyj.exe
  2⤵
  PID:5536
- C:\Windows\System\dYfbsLv.exe
  C:\Windows\System\dYfbsLv.exe
  2⤵
  PID:5976
- C:\Windows\System\BQvwNAI.exe
  C:\Windows\System\BQvwNAI.exe
  2⤵
  PID:5156
- C:\Windows\System\MrpmKoo.exe
  C:\Windows\System\MrpmKoo.exe
  2⤵
  PID:4524
- C:\Windows\System\nIMujRL.exe
  C:\Windows\System\nIMujRL.exe
  2⤵
  PID:6028
- C:\Windows\System\DubpqEQ.exe
  C:\Windows\System\DubpqEQ.exe
  2⤵
  PID:5096
- C:\Windows\System\IFEbUvB.exe
  C:\Windows\System\IFEbUvB.exe
  2⤵
  PID:5140
- C:\Windows\System\KETMkcO.exe
  C:\Windows\System\KETMkcO.exe
  2⤵
  PID:5564
- C:\Windows\System\nbvuwOD.exe
  C:\Windows\System\nbvuwOD.exe
  2⤵
  PID:6048
- C:\Windows\System\GWCffzz.exe
  C:\Windows\System\GWCffzz.exe
  2⤵
  PID:5768
- C:\Windows\System\qsYJSlR.exe
  C:\Windows\System\qsYJSlR.exe
  2⤵
  PID:5272
- C:\Windows\System\qFTvvnX.exe
  C:\Windows\System\qFTvvnX.exe
  2⤵
  PID:5240
- C:\Windows\System\CyhYKni.exe
  C:\Windows\System\CyhYKni.exe
  2⤵
  PID:6156
- C:\Windows\System\JdSEdAt.exe
  C:\Windows\System\JdSEdAt.exe
  2⤵
  PID:6172
- C:\Windows\System\vdYHQlm.exe
  C:\Windows\System\vdYHQlm.exe
  2⤵
  PID:6188
- C:\Windows\System\sHvXPAL.exe
  C:\Windows\System\sHvXPAL.exe
  2⤵
  PID:6204
- C:\Windows\System\nxYkyuq.exe
  C:\Windows\System\nxYkyuq.exe
  2⤵
  PID:6220
- C:\Windows\System\ktjiOMz.exe
  C:\Windows\System\ktjiOMz.exe
  2⤵
  PID:6236
- C:\Windows\System\BLHruRK.exe
  C:\Windows\System\BLHruRK.exe
  2⤵
  PID:6252
- C:\Windows\System\pGJjbwK.exe
  C:\Windows\System\pGJjbwK.exe
  2⤵
  PID:6268
- C:\Windows\System\wvYAGyt.exe
  C:\Windows\System\wvYAGyt.exe
  2⤵
  PID:6284
- C:\Windows\System\ZrODDvJ.exe
  C:\Windows\System\ZrODDvJ.exe
  2⤵
  PID:6328
- C:\Windows\System\MmVpPXz.exe
  C:\Windows\System\MmVpPXz.exe
  2⤵
  PID:6344
- C:\Windows\System\smcBIKf.exe
  C:\Windows\System\smcBIKf.exe
  2⤵
  PID:6360
- C:\Windows\System\yVpvnFK.exe
  C:\Windows\System\yVpvnFK.exe
  2⤵
  PID:6396
- C:\Windows\System\phQzEUx.exe
  C:\Windows\System\phQzEUx.exe
  2⤵
  PID:6428
- C:\Windows\System\SUpcwmc.exe
  C:\Windows\System\SUpcwmc.exe
  2⤵
  PID:6444
- C:\Windows\System\NwwWaYp.exe
  C:\Windows\System\NwwWaYp.exe
  2⤵
  PID:6460
- C:\Windows\System\RVETNIZ.exe
  C:\Windows\System\RVETNIZ.exe
  2⤵
  PID:6476
- C:\Windows\System\oyicVQi.exe
  C:\Windows\System\oyicVQi.exe
  2⤵
  PID:6492
- C:\Windows\System\ThPkNrj.exe
  C:\Windows\System\ThPkNrj.exe
  2⤵
  PID:6508
- C:\Windows\System\kdmJKge.exe
  C:\Windows\System\kdmJKge.exe
  2⤵
  PID:6524
- C:\Windows\System\cRlvSyl.exe
  C:\Windows\System\cRlvSyl.exe
  2⤵
  PID:6540
- C:\Windows\System\nzMhseD.exe
  C:\Windows\System\nzMhseD.exe
  2⤵
  PID:6560
- C:\Windows\System\mJOVFqF.exe
  C:\Windows\System\mJOVFqF.exe
  2⤵
  PID:6576
- C:\Windows\System\DdkYgsm.exe
  C:\Windows\System\DdkYgsm.exe
  2⤵
  PID:6592
- C:\Windows\System\gtWIpQE.exe
  C:\Windows\System\gtWIpQE.exe
  2⤵
  PID:6608
- C:\Windows\System\TeuXVUP.exe
  C:\Windows\System\TeuXVUP.exe
  2⤵
  PID:6624
- C:\Windows\System\TcTNspf.exe
  C:\Windows\System\TcTNspf.exe
  2⤵
  PID:6640
- C:\Windows\System\QyJphYj.exe
  C:\Windows\System\QyJphYj.exe
  2⤵
  PID:6656
- C:\Windows\System\SqGBNiF.exe
  C:\Windows\System\SqGBNiF.exe
  2⤵
  PID:6672
- C:\Windows\System\RDWfslv.exe
  C:\Windows\System\RDWfslv.exe
  2⤵
  PID:6688
- C:\Windows\System\XrzQcvL.exe
  C:\Windows\System\XrzQcvL.exe
  2⤵
  PID:6704
- C:\Windows\System\IwBbEmP.exe
  C:\Windows\System\IwBbEmP.exe
  2⤵
  PID:6720
- C:\Windows\System\rywijKA.exe
  C:\Windows\System\rywijKA.exe
  2⤵
  PID:6736
- C:\Windows\System\tZOsmnT.exe
  C:\Windows\System\tZOsmnT.exe
  2⤵
  PID:6752
- C:\Windows\System\aHFgRsV.exe
  C:\Windows\System\aHFgRsV.exe
  2⤵
  PID:6784
- C:\Windows\System\WKqoMym.exe
  C:\Windows\System\WKqoMym.exe
  2⤵
  PID:6800
- C:\Windows\System\cMwNHqb.exe
  C:\Windows\System\cMwNHqb.exe
  2⤵
  PID:6816
- C:\Windows\System\CauraLO.exe
  C:\Windows\System\CauraLO.exe
  2⤵
  PID:6832
- C:\Windows\System\mjpswAE.exe
  C:\Windows\System\mjpswAE.exe
  2⤵
  PID:6848
- C:\Windows\System\rzdKmUW.exe
  C:\Windows\System\rzdKmUW.exe
  2⤵
  PID:6864
- C:\Windows\System\kzHRZWt.exe
  C:\Windows\System\kzHRZWt.exe
  2⤵
  PID:6880
- C:\Windows\System\vcjcYuf.exe
  C:\Windows\System\vcjcYuf.exe
  2⤵
  PID:6896
- C:\Windows\System\EYjQGSi.exe
  C:\Windows\System\EYjQGSi.exe
  2⤵
  PID:6912
- C:\Windows\System\DhVLFRY.exe
  C:\Windows\System\DhVLFRY.exe
  2⤵
  PID:6928
- C:\Windows\System\xkLyrHN.exe
  C:\Windows\System\xkLyrHN.exe
  2⤵
  PID:6944
- C:\Windows\System\RLHUSeZ.exe
  C:\Windows\System\RLHUSeZ.exe
  2⤵
  PID:6960
- C:\Windows\System\GPocAOD.exe
  C:\Windows\System\GPocAOD.exe
  2⤵
  PID:6976
- C:\Windows\System\lXqhsRL.exe
  C:\Windows\System\lXqhsRL.exe
  2⤵
  PID:6992
- C:\Windows\System\HUxdIwE.exe
  C:\Windows\System\HUxdIwE.exe
  2⤵
  PID:7008
- C:\Windows\System\kbCsSTt.exe
  C:\Windows\System\kbCsSTt.exe
  2⤵
  PID:7024
- C:\Windows\System\LUMqfCo.exe
  C:\Windows\System\LUMqfCo.exe
  2⤵
  PID:7040
- C:\Windows\System\swZjVNS.exe
  C:\Windows\System\swZjVNS.exe
  2⤵
  PID:7056
- C:\Windows\System\WHpNCns.exe
  C:\Windows\System\WHpNCns.exe
  2⤵
  PID:7072
- C:\Windows\System\bWGBNaC.exe
  C:\Windows\System\bWGBNaC.exe
  2⤵
  PID:7088
- C:\Windows\System\NJnfMKz.exe
  C:\Windows\System\NJnfMKz.exe
  2⤵
  PID:7104
- C:\Windows\System\GXQHXwX.exe
  C:\Windows\System\GXQHXwX.exe
  2⤵
  PID:7120
- C:\Windows\System\YZKSAhe.exe
  C:\Windows\System\YZKSAhe.exe
  2⤵
  PID:7136
- C:\Windows\System\wIWpNko.exe
  C:\Windows\System\wIWpNko.exe
  2⤵
  PID:7152
- C:\Windows\System\iAQBGoi.exe
  C:\Windows\System\iAQBGoi.exe
  2⤵
  PID:5784
- C:\Windows\System\vpffXZa.exe
  C:\Windows\System\vpffXZa.exe
  2⤵
  PID:6152
- C:\Windows\System\KOMMCIJ.exe
  C:\Windows\System\KOMMCIJ.exe
  2⤵
  PID:5628
- C:\Windows\System\LjwTsbL.exe
  C:\Windows\System\LjwTsbL.exe
  2⤵
  PID:5616
- C:\Windows\System\ItALRFx.exe
  C:\Windows\System\ItALRFx.exe
  2⤵
  PID:6196
- C:\Windows\System\cdHsKVp.exe
  C:\Windows\System\cdHsKVp.exe
  2⤵
  PID:6276
- C:\Windows\System\tpMNDwQ.exe
  C:\Windows\System\tpMNDwQ.exe
  2⤵
  PID:6260
- C:\Windows\System\rovVpac.exe
  C:\Windows\System\rovVpac.exe
  2⤵
  PID:6336
- C:\Windows\System\fzjhvPf.exe
  C:\Windows\System\fzjhvPf.exe
  2⤵
  PID:6308
- C:\Windows\System\sZQOAER.exe
  C:\Windows\System\sZQOAER.exe
  2⤵
  PID:6324
- C:\Windows\System\PWkqtyA.exe
  C:\Windows\System\PWkqtyA.exe
  2⤵
  PID:6368
- C:\Windows\System\AJvwVCa.exe
  C:\Windows\System\AJvwVCa.exe
  2⤵
  PID:6380
- C:\Windows\System\dYlPsqm.exe
  C:\Windows\System\dYlPsqm.exe
  2⤵
  PID:6404
- C:\Windows\System\lFYscPc.exe
  C:\Windows\System\lFYscPc.exe
  2⤵
  PID:6412
- C:\Windows\System\ZfRwNCG.exe
  C:\Windows\System\ZfRwNCG.exe
  2⤵
  PID:6468
- C:\Windows\System\ICOcAPZ.exe
  C:\Windows\System\ICOcAPZ.exe
  2⤵
  PID:6536
- C:\Windows\System\pZCcGRr.exe
  C:\Windows\System\pZCcGRr.exe
  2⤵
  PID:6604
- C:\Windows\System\efOtNLc.exe
  C:\Windows\System\efOtNLc.exe
  2⤵
  PID:6668
- C:\Windows\System\nyfBsCz.exe
  C:\Windows\System\nyfBsCz.exe
  2⤵
  PID:6456
- C:\Windows\System\rwtPMcb.exe
  C:\Windows\System\rwtPMcb.exe
  2⤵
  PID:6548
- C:\Windows\System\fULNpcl.exe
  C:\Windows\System\fULNpcl.exe
  2⤵
  PID:6584
- C:\Windows\System\gqnWZUh.exe
  C:\Windows\System\gqnWZUh.exe
  2⤵
  PID:6648
- C:\Windows\System\osvJLtx.exe
  C:\Windows\System\osvJLtx.exe
  2⤵
  PID:6712
- C:\Windows\System\Juqrfsu.exe
  C:\Windows\System\Juqrfsu.exe
  2⤵
  PID:6472
- C:\Windows\System\BFRucYe.exe
  C:\Windows\System\BFRucYe.exe
  2⤵
  PID:6732
- C:\Windows\System\LZAzEPU.exe
  C:\Windows\System\LZAzEPU.exe
  2⤵
  PID:6776
- C:\Windows\System\niOGFOv.exe
  C:\Windows\System\niOGFOv.exe
  2⤵
  PID:6792
- C:\Windows\System\tfokmwA.exe
  C:\Windows\System\tfokmwA.exe
  2⤵
  PID:6876
- C:\Windows\System\dWQjntg.exe
  C:\Windows\System\dWQjntg.exe
  2⤵
  PID:6844
- C:\Windows\System\jJFSfUc.exe
  C:\Windows\System\jJFSfUc.exe
  2⤵
  PID:6856
- C:\Windows\System\PKvvFKU.exe
  C:\Windows\System\PKvvFKU.exe
  2⤵
  PID:6888
- C:\Windows\System\vypvNis.exe
  C:\Windows\System\vypvNis.exe
  2⤵
  PID:6956
- C:\Windows\System\tMrnKBN.exe
  C:\Windows\System\tMrnKBN.exe
  2⤵
  PID:7032
- C:\Windows\System\EswOgTb.exe
  C:\Windows\System\EswOgTb.exe
  2⤵
  PID:7064
- C:\Windows\System\WbFWlxG.exe
  C:\Windows\System\WbFWlxG.exe
  2⤵
  PID:7128
- C:\Windows\System\JMzNpGb.exe
  C:\Windows\System\JMzNpGb.exe
  2⤵
  PID:6212
- C:\Windows\System\ROsWZXZ.exe
  C:\Windows\System\ROsWZXZ.exe
  2⤵
  PID:6228
- C:\Windows\System\ORFMNCK.exe
  C:\Windows\System\ORFMNCK.exe
  2⤵
  PID:6356
- C:\Windows\System\aoMgjiE.exe
  C:\Windows\System\aoMgjiE.exe
  2⤵
  PID:6572
- C:\Windows\System\YfGjlqB.exe
  C:\Windows\System\YfGjlqB.exe
  2⤵
  PID:6552
- C:\Windows\System\rIqbavN.exe
  C:\Windows\System\rIqbavN.exe
  2⤵
  PID:6700
- C:\Windows\System\SDxfyui.exe
  C:\Windows\System\SDxfyui.exe
  2⤵
  PID:6908
- C:\Windows\System\oPtLuMv.exe
  C:\Windows\System\oPtLuMv.exe
  2⤵
  PID:7096
- C:\Windows\System\LETpXsP.exe
  C:\Windows\System\LETpXsP.exe
  2⤵
  PID:6388
- C:\Windows\System\FoCyVrg.exe
  C:\Windows\System\FoCyVrg.exe
  2⤵
  PID:6292
- C:\Windows\System\MBCFloH.exe
  C:\Windows\System\MBCFloH.exe
  2⤵
  PID:6248
- C:\Windows\System\jMGoNHh.exe
  C:\Windows\System\jMGoNHh.exe
  2⤵
  PID:7084
- C:\Windows\System\uontZpX.exe
  C:\Windows\System\uontZpX.exe
  2⤵
  PID:6488
- C:\Windows\System\tsZDCWX.exe
  C:\Windows\System\tsZDCWX.exe
  2⤵
  PID:6300
- C:\Windows\System\IiStbnl.exe
  C:\Windows\System\IiStbnl.exe
  2⤵
  PID:5828
- C:\Windows\System\zgrazhx.exe
  C:\Windows\System\zgrazhx.exe
  2⤵
  PID:6372
- C:\Windows\System\eXqDVXa.exe
  C:\Windows\System\eXqDVXa.exe
  2⤵
  PID:6532
- C:\Windows\System\rhnKjsF.exe
  C:\Windows\System\rhnKjsF.exe
  2⤵
  PID:6620
- C:\Windows\System\TdeBEUv.exe
  C:\Windows\System\TdeBEUv.exe
  2⤵
  PID:6772
- C:\Windows\System\QupwLZt.exe
  C:\Windows\System\QupwLZt.exe
  2⤵
  PID:6828
- C:\Windows\System\oDgpbjE.exe
  C:\Windows\System\oDgpbjE.exe
  2⤵
  PID:6184
- C:\Windows\System\XwVihgi.exe
  C:\Windows\System\XwVihgi.exe
  2⤵
  PID:6392
- C:\Windows\System\sPIxYjq.exe
  C:\Windows\System\sPIxYjq.exe
  2⤵
  PID:6988
- C:\Windows\System\JtOMyBO.exe
  C:\Windows\System\JtOMyBO.exe
  2⤵
  PID:6840
- C:\Windows\System\pIOJRLy.exe
  C:\Windows\System\pIOJRLy.exe
  2⤵
  PID:7080
- C:\Windows\System\qUBoGGW.exe
  C:\Windows\System\qUBoGGW.exe
  2⤵
  PID:6664
- C:\Windows\System\yyvLMNx.exe
  C:\Windows\System\yyvLMNx.exe
  2⤵
  PID:6920
- C:\Windows\System\hKWDwwa.exe
  C:\Windows\System\hKWDwwa.exe
  2⤵
  PID:7176
- C:\Windows\System\YqxpZAC.exe
  C:\Windows\System\YqxpZAC.exe
  2⤵
  PID:7192
- C:\Windows\System\wxpblit.exe
  C:\Windows\System\wxpblit.exe
  2⤵
  PID:7208
- C:\Windows\System\GXQbJFO.exe
  C:\Windows\System\GXQbJFO.exe
  2⤵
  PID:7224
- C:\Windows\System\gjqeIHd.exe
  C:\Windows\System\gjqeIHd.exe
  2⤵
  PID:7240
- C:\Windows\System\aMIQjxj.exe
  C:\Windows\System\aMIQjxj.exe
  2⤵
  PID:7256
- C:\Windows\System\znXmMEW.exe
  C:\Windows\System\znXmMEW.exe
  2⤵
  PID:7272
- C:\Windows\System\hrjxILN.exe
  C:\Windows\System\hrjxILN.exe
  2⤵
  PID:7288
- C:\Windows\System\AFuXQEl.exe
  C:\Windows\System\AFuXQEl.exe
  2⤵
  PID:7304
- C:\Windows\System\EyhOuiS.exe
  C:\Windows\System\EyhOuiS.exe
  2⤵
  PID:7324
- C:\Windows\System\KwCzbna.exe
  C:\Windows\System\KwCzbna.exe
  2⤵
  PID:7340
- C:\Windows\System\FYfaTLc.exe
  C:\Windows\System\FYfaTLc.exe
  2⤵
  PID:7356
- C:\Windows\System\nqtAASs.exe
  C:\Windows\System\nqtAASs.exe
  2⤵
  PID:7372
- C:\Windows\System\GqdnvCm.exe
  C:\Windows\System\GqdnvCm.exe
  2⤵
  PID:7388
- C:\Windows\System\zalgIyS.exe
  C:\Windows\System\zalgIyS.exe
  2⤵
  PID:7404
- C:\Windows\System\AXXhSvU.exe
  C:\Windows\System\AXXhSvU.exe
  2⤵
  PID:7420
- C:\Windows\System\zkcSQlW.exe
  C:\Windows\System\zkcSQlW.exe
  2⤵
  PID:7436
- C:\Windows\System\brzopcO.exe
  C:\Windows\System\brzopcO.exe
  2⤵
  PID:7452
- C:\Windows\System\WGfTiPq.exe
  C:\Windows\System\WGfTiPq.exe
  2⤵
  PID:7468
- C:\Windows\System\JUriSSJ.exe
  C:\Windows\System\JUriSSJ.exe
  2⤵
  PID:7500
- C:\Windows\System\WqkXTIK.exe
  C:\Windows\System\WqkXTIK.exe
  2⤵
  PID:7620
- C:\Windows\System\iRjsyaM.exe
  C:\Windows\System\iRjsyaM.exe
  2⤵
  PID:7636
- C:\Windows\System\awjsNJR.exe
  C:\Windows\System\awjsNJR.exe
  2⤵
  PID:7652
- C:\Windows\System\uiCOJsm.exe
  C:\Windows\System\uiCOJsm.exe
  2⤵
  PID:7668
- C:\Windows\System\dgfxgSl.exe
  C:\Windows\System\dgfxgSl.exe
  2⤵
  PID:7684
- C:\Windows\System\GltCWMM.exe
  C:\Windows\System\GltCWMM.exe
  2⤵
  PID:7704
- C:\Windows\System\qBokYfc.exe
  C:\Windows\System\qBokYfc.exe
  2⤵
  PID:7720
- C:\Windows\System\LyhWZRz.exe
  C:\Windows\System\LyhWZRz.exe
  2⤵
  PID:7736
- C:\Windows\System\eKEQuSX.exe
  C:\Windows\System\eKEQuSX.exe
  2⤵
  PID:7752
- C:\Windows\System\UzZIwYK.exe
  C:\Windows\System\UzZIwYK.exe
  2⤵
  PID:7768
- C:\Windows\System\pJdudLb.exe
  C:\Windows\System\pJdudLb.exe
  2⤵
  PID:7784
- C:\Windows\System\JvGdvlN.exe
  C:\Windows\System\JvGdvlN.exe
  2⤵
  PID:7800
- C:\Windows\System\TwXzQqj.exe
  C:\Windows\System\TwXzQqj.exe
  2⤵
  PID:7820
- C:\Windows\System\zxZzixn.exe
  C:\Windows\System\zxZzixn.exe
  2⤵
  PID:7836
- C:\Windows\System\OLMNFZV.exe
  C:\Windows\System\OLMNFZV.exe
  2⤵
  PID:7852
- C:\Windows\System\lWAGlQn.exe
  C:\Windows\System\lWAGlQn.exe
  2⤵
  PID:7872
- C:\Windows\System\uEZFXsW.exe
  C:\Windows\System\uEZFXsW.exe
  2⤵
  PID:7888
- C:\Windows\System\LSOawKU.exe
  C:\Windows\System\LSOawKU.exe
  2⤵
  PID:7904
- C:\Windows\System\droTNtg.exe
  C:\Windows\System\droTNtg.exe
  2⤵
  PID:7920
- C:\Windows\System\SwNVufz.exe
  C:\Windows\System\SwNVufz.exe
  2⤵
  PID:7936
- C:\Windows\System\rSmjthY.exe
  C:\Windows\System\rSmjthY.exe
  2⤵
  PID:7952
- C:\Windows\System\jxRWAWi.exe
  C:\Windows\System\jxRWAWi.exe
  2⤵
  PID:7968
- C:\Windows\System\ssfPhGf.exe
  C:\Windows\System\ssfPhGf.exe
  2⤵
  PID:7984
- C:\Windows\System\AwlwvYT.exe
  C:\Windows\System\AwlwvYT.exe
  2⤵
  PID:8000
- C:\Windows\System\ncBRSic.exe
  C:\Windows\System\ncBRSic.exe
  2⤵
  PID:8016
- C:\Windows\System\JaulyDV.exe
  C:\Windows\System\JaulyDV.exe
  2⤵
  PID:8032
- C:\Windows\System\ZVuOVUw.exe
  C:\Windows\System\ZVuOVUw.exe
  2⤵
  PID:8048
- C:\Windows\System\savvWsS.exe
  C:\Windows\System\savvWsS.exe
  2⤵
  PID:8064
- C:\Windows\System\QMABvzq.exe
  C:\Windows\System\QMABvzq.exe
  2⤵
  PID:8080
- C:\Windows\System\sGcSPEK.exe
  C:\Windows\System\sGcSPEK.exe
  2⤵
  PID:8096
- C:\Windows\System\FuyOeOn.exe
  C:\Windows\System\FuyOeOn.exe
  2⤵
  PID:8112
- C:\Windows\System\Zkxtjwq.exe
  C:\Windows\System\Zkxtjwq.exe
  2⤵
  PID:8128
- C:\Windows\System\oLzVtfD.exe
  C:\Windows\System\oLzVtfD.exe
  2⤵
  PID:8144
- C:\Windows\System\vLYzbak.exe
  C:\Windows\System\vLYzbak.exe
  2⤵
  PID:8160
- C:\Windows\System\uscVNxg.exe
  C:\Windows\System\uscVNxg.exe
  2⤵
  PID:8176
- C:\Windows\System\sTZNNCa.exe
  C:\Windows\System\sTZNNCa.exe
  2⤵
  PID:6440
- C:\Windows\System\xwbAdwz.exe
  C:\Windows\System\xwbAdwz.exe
  2⤵
  PID:6316
- C:\Windows\System\uwOyQYB.exe
  C:\Windows\System\uwOyQYB.exe
  2⤵
  PID:7200
- C:\Windows\System\lfWhvfv.exe
  C:\Windows\System\lfWhvfv.exe
  2⤵
  PID:7264
- C:\Windows\System\tmutnov.exe
  C:\Windows\System\tmutnov.exe
  2⤵
  PID:7332
- C:\Windows\System\WurGUMX.exe
  C:\Windows\System\WurGUMX.exe
  2⤵
  PID:7396
- C:\Windows\System\VLxeIHC.exe
  C:\Windows\System\VLxeIHC.exe
  2⤵
  PID:7460
- C:\Windows\System\dPtWXRl.exe
  C:\Windows\System\dPtWXRl.exe
  2⤵
  PID:6728
- C:\Windows\System\OrWfnyB.exe
  C:\Windows\System\OrWfnyB.exe
  2⤵
  PID:5472
- C:\Windows\System\UAlarqx.exe
  C:\Windows\System\UAlarqx.exe
  2⤵
  PID:6216
- C:\Windows\System\wGkAHZK.exe
  C:\Windows\System\wGkAHZK.exe
  2⤵
  PID:7448
- C:\Windows\System\NZNYthy.exe
  C:\Windows\System\NZNYthy.exe
  2⤵
  PID:7036
- C:\Windows\System\lRsGmAq.exe
  C:\Windows\System\lRsGmAq.exe
  2⤵
  PID:6516
- C:\Windows\System\NOvsYKg.exe
  C:\Windows\System\NOvsYKg.exe
  2⤵
  PID:7252
- C:\Windows\System\WamLSqQ.exe
  C:\Windows\System\WamLSqQ.exe
  2⤵
  PID:7320
- C:\Windows\System\DKTTSVz.exe
  C:\Windows\System\DKTTSVz.exe
  2⤵
  PID:7412
- C:\Windows\System\BgzZySs.exe
  C:\Windows\System\BgzZySs.exe
  2⤵
  PID:7488
- C:\Windows\System\BlxXpKX.exe
  C:\Windows\System\BlxXpKX.exe
  2⤵
  PID:7516
- C:\Windows\System\oLnXHWx.exe
  C:\Windows\System\oLnXHWx.exe
  2⤵
  PID:7536
- C:\Windows\System\djBoEGr.exe
  C:\Windows\System\djBoEGr.exe
  2⤵
  PID:7544
- C:\Windows\System\PDpzqpb.exe
  C:\Windows\System\PDpzqpb.exe
  2⤵
  PID:7556
- C:\Windows\System\RhhpdWL.exe
  C:\Windows\System\RhhpdWL.exe
  2⤵
  PID:7572
- C:\Windows\System\pntUcsi.exe
  C:\Windows\System\pntUcsi.exe
  2⤵
  PID:7588
- C:\Windows\System\uIkHAZK.exe
  C:\Windows\System\uIkHAZK.exe
  2⤵
  PID:7604
- C:\Windows\System\prKhRPe.exe
  C:\Windows\System\prKhRPe.exe
  2⤵
  PID:7648
- C:\Windows\System\WNJVFSH.exe
  C:\Windows\System\WNJVFSH.exe
  2⤵
  PID:7716
- C:\Windows\System\xSPRgZy.exe
  C:\Windows\System\xSPRgZy.exe
  2⤵
  PID:7812
- C:\Windows\System\NKZdjVC.exe
  C:\Windows\System\NKZdjVC.exe
  2⤵
  PID:7848
- C:\Windows\System\hZNYuFu.exe
  C:\Windows\System\hZNYuFu.exe
  2⤵
  PID:7860
- C:\Windows\System\xkaVjmP.exe
  C:\Windows\System\xkaVjmP.exe
  2⤵
  PID:7948
- C:\Windows\System\WGQwYrO.exe
  C:\Windows\System\WGQwYrO.exe
  2⤵
  PID:8012
- C:\Windows\System\FZRMpNm.exe
  C:\Windows\System\FZRMpNm.exe
  2⤵
  PID:8076
- C:\Windows\System\zsSebGa.exe
  C:\Windows\System\zsSebGa.exe
  2⤵
  PID:8140
- C:\Windows\System\bBCOIUB.exe
  C:\Windows\System\bBCOIUB.exe
  2⤵
  PID:5924
- C:\Windows\System\fWlAKqI.exe
  C:\Windows\System\fWlAKqI.exe
  2⤵
  PID:7368
- C:\Windows\System\iqEFeqD.exe
  C:\Windows\System\iqEFeqD.exe
  2⤵
  PID:6148
- C:\Windows\System\FMszCRq.exe
  C:\Windows\System\FMszCRq.exe
  2⤵
  PID:7220
- C:\Windows\System\PwlGwnp.exe
  C:\Windows\System\PwlGwnp.exe
  2⤵
  PID:7508
- C:\Windows\System\YFhftXY.exe
  C:\Windows\System\YFhftXY.exe
  2⤵
  PID:7564
- C:\Windows\System\KEwMKwe.exe
  C:\Windows\System\KEwMKwe.exe
  2⤵
  PID:7712
- C:\Windows\System\DsXHUfk.exe
  C:\Windows\System\DsXHUfk.exe
  2⤵
  PID:7864
- C:\Windows\System\JyERTFj.exe
  C:\Windows\System\JyERTFj.exe
  2⤵
  PID:7700
- C:\Windows\System\eKceEho.exe
  C:\Windows\System\eKceEho.exe
  2⤵
  PID:7792
- C:\Windows\System\LkYGOiP.exe
  C:\Windows\System\LkYGOiP.exe
  2⤵
  PID:8188
- C:\Windows\System\vdTXaYz.exe
  C:\Windows\System\vdTXaYz.exe
  2⤵
  PID:7528
- C:\Windows\System\kDdhhTP.exe
  C:\Windows\System\kDdhhTP.exe
  2⤵
  PID:8184
- C:\Windows\System\NEgvqIM.exe
  C:\Windows\System\NEgvqIM.exe
  2⤵
  PID:7612
- C:\Windows\System\tsJIFVf.exe
  C:\Windows\System\tsJIFVf.exe
  2⤵
  PID:7312
- C:\Windows\System\efOdJAD.exe
  C:\Windows\System\efOdJAD.exe
  2⤵
  PID:892
- C:\Windows\System\Qcrovig.exe
  C:\Windows\System\Qcrovig.exe
  2⤵
  PID:6088
- C:\Windows\System\lhNQIeF.exe
  C:\Windows\System\lhNQIeF.exe
  2⤵
  PID:7380
- C:\Windows\System\UGJywLn.exe
  C:\Windows\System\UGJywLn.exe
  2⤵
  PID:8156
- C:\Windows\System\KGTXbBI.exe
  C:\Windows\System\KGTXbBI.exe
  2⤵
  PID:6408
- C:\Windows\System\hMlCzFs.exe
  C:\Windows\System\hMlCzFs.exe
  2⤵
  PID:7316
- C:\Windows\System\lKLPFpL.exe
  C:\Windows\System\lKLPFpL.exe
  2⤵
  PID:7552
- C:\Windows\System\eEgENoA.exe
  C:\Windows\System\eEgENoA.exe
  2⤵
  PID:7644
- C:\Windows\System\PlEpXVA.exe
  C:\Windows\System\PlEpXVA.exe
  2⤵
  PID:7540
- C:\Windows\System\FuQrshK.exe
  C:\Windows\System\FuQrshK.exe
  2⤵
  PID:7980
- C:\Windows\System\yDwmvzW.exe
  C:\Windows\System\yDwmvzW.exe
  2⤵
  PID:7364
- C:\Windows\System\kHbgcLw.exe
  C:\Windows\System\kHbgcLw.exe
  2⤵
  PID:7732
- C:\Windows\System\rSmvuwr.exe
  C:\Windows\System\rSmvuwr.exe
  2⤵
  PID:7960
- C:\Windows\System\ttSpLKr.exe
  C:\Windows\System\ttSpLKr.exe
  2⤵
  PID:8072
- C:\Windows\System\OQEeIQK.exe
  C:\Windows\System\OQEeIQK.exe
  2⤵
  PID:7580
- C:\Windows\System\afTeeYT.exe
  C:\Windows\System\afTeeYT.exe
  2⤵
  PID:7696
- C:\Windows\System\hnAAvmL.exe
  C:\Windows\System\hnAAvmL.exe
  2⤵
  PID:7916
- C:\Windows\System\gjbPXaV.exe
  C:\Windows\System\gjbPXaV.exe
  2⤵
  PID:7900
- C:\Windows\System\opTirJA.exe
  C:\Windows\System\opTirJA.exe
  2⤵
  PID:7928
- C:\Windows\System\zYIEDet.exe
  C:\Windows\System\zYIEDet.exe
  2⤵
  PID:7116
- C:\Windows\System\XGGXZbE.exe
  C:\Windows\System\XGGXZbE.exe
  2⤵
  PID:7680
- C:\Windows\System\fmJgaTC.exe
  C:\Windows\System\fmJgaTC.exe
  2⤵
  PID:7632
- C:\Windows\System\xvKJyGl.exe
  C:\Windows\System\xvKJyGl.exe
  2⤵
  PID:7300
- C:\Windows\System\IKTmEfR.exe
  C:\Windows\System\IKTmEfR.exe
  2⤵
  PID:8220
- C:\Windows\System\WLdTTUn.exe
  C:\Windows\System\WLdTTUn.exe
  2⤵
  PID:8268
- C:\Windows\System\UDVDZat.exe
  C:\Windows\System\UDVDZat.exe
  2⤵
  PID:8296
- C:\Windows\System\uhAXtzp.exe
  C:\Windows\System\uhAXtzp.exe
  2⤵
  PID:8392
- C:\Windows\System\RURxSEN.exe
  C:\Windows\System\RURxSEN.exe
  2⤵
  PID:8436
- C:\Windows\System\yVGNqZO.exe
  C:\Windows\System\yVGNqZO.exe
  2⤵
  PID:8532
- C:\Windows\System\dodtdCk.exe
  C:\Windows\System\dodtdCk.exe
  2⤵
  PID:8548
- C:\Windows\System\jofjkdl.exe
  C:\Windows\System\jofjkdl.exe
  2⤵
  PID:8596
- C:\Windows\System\QhSePxU.exe
  C:\Windows\System\QhSePxU.exe
  2⤵
  PID:8612
- C:\Windows\System\EYgxpKE.exe
  C:\Windows\System\EYgxpKE.exe
  2⤵
  PID:8628
- C:\Windows\System\fKDlYnV.exe
  C:\Windows\System\fKDlYnV.exe
  2⤵
  PID:8652
- C:\Windows\System\kOQDuqT.exe
  C:\Windows\System\kOQDuqT.exe
  2⤵
  PID:8696
- C:\Windows\System\mlVxujC.exe
  C:\Windows\System\mlVxujC.exe
  2⤵
  PID:8712
- C:\Windows\System\engerpC.exe
  C:\Windows\System\engerpC.exe
  2⤵
  PID:8924
- C:\Windows\System\faeueQf.exe
  C:\Windows\System\faeueQf.exe
  2⤵
  PID:8940
- C:\Windows\System\VQIWIJi.exe
  C:\Windows\System\VQIWIJi.exe
  2⤵
  PID:8956
- C:\Windows\System\SatozGG.exe
  C:\Windows\System\SatozGG.exe
  2⤵
  PID:8972
- C:\Windows\System\CJyBxwr.exe
  C:\Windows\System\CJyBxwr.exe
  2⤵
  PID:8988
- C:\Windows\System\ObcTmiQ.exe
  C:\Windows\System\ObcTmiQ.exe
  2⤵
  PID:9008
- C:\Windows\System\uxQRcXM.exe
  C:\Windows\System\uxQRcXM.exe
  2⤵
  PID:9028
- C:\Windows\System\sESbipJ.exe
  C:\Windows\System\sESbipJ.exe
  2⤵
  PID:9044
- C:\Windows\System\yMFwIFA.exe
  C:\Windows\System\yMFwIFA.exe
  2⤵
  PID:9076
- C:\Windows\System\XxAqgye.exe
  C:\Windows\System\XxAqgye.exe
  2⤵
  PID:9104
- C:\Windows\System\PDrdBeY.exe
  C:\Windows\System\PDrdBeY.exe
  2⤵
  PID:9120
- C:\Windows\System\ViFeAAH.exe
  C:\Windows\System\ViFeAAH.exe
  2⤵
  PID:9140
- C:\Windows\System\fCppRHk.exe
  C:\Windows\System\fCppRHk.exe
  2⤵
  PID:9156
- C:\Windows\System\qarKrqR.exe
  C:\Windows\System\qarKrqR.exe
  2⤵
  PID:9180
- C:\Windows\System\yCFSvzy.exe
  C:\Windows\System\yCFSvzy.exe
  2⤵
  PID:9196
- C:\Windows\System\JzXCMtt.exe
  C:\Windows\System\JzXCMtt.exe
  2⤵
  PID:9212
- C:\Windows\System\DeZqRwN.exe
  C:\Windows\System\DeZqRwN.exe
  2⤵
  PID:8200
- C:\Windows\System\spbAnMh.exe
  C:\Windows\System\spbAnMh.exe
  2⤵
  PID:8216
- C:\Windows\System\teHqBRS.exe
  C:\Windows\System\teHqBRS.exe
  2⤵
  PID:8292
- C:\Windows\System\swGrZrx.exe
  C:\Windows\System\swGrZrx.exe
  2⤵
  PID:8420
- C:\Windows\System\HvgBTRt.exe
  C:\Windows\System\HvgBTRt.exe
  2⤵
  PID:8280
- C:\Windows\System\jlcNJOj.exe
  C:\Windows\System\jlcNJOj.exe
  2⤵
  PID:8408
- C:\Windows\System\MeoxvhU.exe
  C:\Windows\System\MeoxvhU.exe
  2⤵
  PID:8608
- C:\Windows\System\WYhHsTf.exe
  C:\Windows\System\WYhHsTf.exe
  2⤵
  PID:8648
- C:\Windows\System\yNUhimf.exe
  C:\Windows\System\yNUhimf.exe
  2⤵
  PID:8708
- C:\Windows\System\aQIAgYL.exe
  C:\Windows\System\aQIAgYL.exe
  2⤵
  PID:8060
- C:\Windows\System\FKrPgtN.exe
  C:\Windows\System\FKrPgtN.exe
  2⤵
  PID:8152
- C:\Windows\System\jhZUHMi.exe
  C:\Windows\System\jhZUHMi.exe
  2⤵
  PID:7428
- C:\Windows\System\lEmVNOM.exe
  C:\Windows\System\lEmVNOM.exe
  2⤵
  PID:7944
- C:\Windows\System\KMBbsHY.exe
  C:\Windows\System\KMBbsHY.exe
  2⤵
  PID:7832
- C:\Windows\System\SLJGiPZ.exe
  C:\Windows\System\SLJGiPZ.exe
  2⤵
  PID:7808
- C:\Windows\System\DjaEhDB.exe
  C:\Windows\System\DjaEhDB.exe
  2⤵
  PID:8236
- C:\Windows\System\qMMbzhp.exe
  C:\Windows\System\qMMbzhp.exe
  2⤵
  PID:8252
- C:\Windows\System\bjOHiFR.exe
  C:\Windows\System\bjOHiFR.exe
  2⤵
  PID:8304
- C:\Windows\System\RqTimuB.exe
  C:\Windows\System\RqTimuB.exe
  2⤵
  PID:8320
- C:\Windows\System\dPDHMPc.exe
  C:\Windows\System\dPDHMPc.exe
  2⤵
  PID:8336
- C:\Windows\System\yTyjGuz.exe
  C:\Windows\System\yTyjGuz.exe
  2⤵
  PID:8356
- C:\Windows\System\sojTYbz.exe
  C:\Windows\System\sojTYbz.exe
  2⤵
  PID:8372
- C:\Windows\System\WfRlDox.exe
  C:\Windows\System\WfRlDox.exe
  2⤵
  PID:8456
- C:\Windows\System\qztunFk.exe
  C:\Windows\System\qztunFk.exe
  2⤵
  PID:8468
- C:\Windows\System\XsuaZWY.exe
  C:\Windows\System\XsuaZWY.exe
  2⤵
  PID:8484
- C:\Windows\System\kRSIXxx.exe
  C:\Windows\System\kRSIXxx.exe
  2⤵
  PID:8500
- C:\Windows\System\ayithkj.exe
  C:\Windows\System\ayithkj.exe
  2⤵
  PID:8516
- C:\Windows\System\jDYVaVi.exe
  C:\Windows\System\jDYVaVi.exe
  2⤵
  PID:8556
- C:\Windows\System\wZMrSSG.exe
  C:\Windows\System\wZMrSSG.exe
  2⤵
  PID:8724
- C:\Windows\System\XmhXXDv.exe
  C:\Windows\System\XmhXXDv.exe
  2⤵
  PID:8744
- C:\Windows\System\YkRyjPO.exe
  C:\Windows\System\YkRyjPO.exe
  2⤵
  PID:8796
- C:\Windows\System\cDlSgSm.exe
  C:\Windows\System\cDlSgSm.exe
  2⤵
  PID:8868
- C:\Windows\System\ynkbShZ.exe
  C:\Windows\System\ynkbShZ.exe
  2⤵
  PID:8888
- C:\Windows\System\HIqeqjU.exe
  C:\Windows\System\HIqeqjU.exe
  2⤵
  PID:8820
- C:\Windows\System\TXRuovK.exe
  C:\Windows\System\TXRuovK.exe
  2⤵
  PID:8840
- C:\Windows\System\FKXkHHE.exe
  C:\Windows\System\FKXkHHE.exe
  2⤵
  PID:8860
- C:\Windows\System\cqAfESX.exe
  C:\Windows\System\cqAfESX.exe
  2⤵
  PID:8908
- C:\Windows\System\VqkxyNF.exe
  C:\Windows\System\VqkxyNF.exe
  2⤵
  PID:8788
- C:\Windows\System\jKEKViF.exe
  C:\Windows\System\jKEKViF.exe
  2⤵
  PID:8808
- C:\Windows\System\MdmaYoy.exe
  C:\Windows\System\MdmaYoy.exe
  2⤵
  PID:8948
- C:\Windows\System\YJOzNhe.exe
  C:\Windows\System\YJOzNhe.exe
  2⤵
  PID:9016
- C:\Windows\System\ghvqHXL.exe
  C:\Windows\System\ghvqHXL.exe
  2⤵
  PID:8996
- C:\Windows\System\ZHJRBoV.exe
  C:\Windows\System\ZHJRBoV.exe
  2⤵
  PID:8932
- C:\Windows\System\OFvaXHp.exe
  C:\Windows\System\OFvaXHp.exe
  2⤵
  PID:9004
- C:\Windows\System\HGUNtir.exe
  C:\Windows\System\HGUNtir.exe
  2⤵
  PID:9072
- C:\Windows\System\iAWdCSz.exe
  C:\Windows\System\iAWdCSz.exe
  2⤵
  PID:9152
- C:\Windows\System\OMKLTcL.exe
  C:\Windows\System\OMKLTcL.exe
  2⤵
  PID:9084
- C:\Windows\System\TRkpRog.exe
  C:\Windows\System\TRkpRog.exe
  2⤵
  PID:8284
- C:\Windows\System\iIGvcMR.exe
  C:\Windows\System\iIGvcMR.exe
  2⤵
  PID:8540
- C:\Windows\System\AmmzFyW.exe
  C:\Windows\System\AmmzFyW.exe
  2⤵
  PID:8056
- C:\Windows\System\KDwiXJq.exe
  C:\Windows\System\KDwiXJq.exe
  2⤵
  PID:7600
- C:\Windows\System\vVramXa.exe
  C:\Windows\System\vVramXa.exe
  2⤵
  PID:8312
- C:\Windows\System\mjpsWyp.exe
  C:\Windows\System\mjpsWyp.exe
  2⤵
  PID:8348
- C:\Windows\System\jBVFuQF.exe
  C:\Windows\System\jBVFuQF.exe
  2⤵
  PID:8376
- C:\Windows\System\KmskRVE.exe
  C:\Windows\System\KmskRVE.exe
  2⤵
  PID:8476
- C:\Windows\System\GRwNNYW.exe
  C:\Windows\System\GRwNNYW.exe
  2⤵
  PID:8480
- C:\Windows\System\IvYCShd.exe
  C:\Windows\System\IvYCShd.exe
  2⤵
  PID:8512
- C:\Windows\System\cxOiXlT.exe
  C:\Windows\System\cxOiXlT.exe
  2⤵
  PID:7760
- C:\Windows\System\CJUzcQB.exe
  C:\Windows\System\CJUzcQB.exe
  2⤵
  PID:9164
- C:\Windows\System\XQnKWBx.exe
  C:\Windows\System\XQnKWBx.exe
  2⤵
  PID:8460
- C:\Windows\System\SShHVyk.exe
  C:\Windows\System\SShHVyk.exe
  2⤵
  PID:8264
- C:\Windows\System\zsbKJSB.exe
  C:\Windows\System\zsbKJSB.exe
  2⤵
  PID:8464
- C:\Windows\System\sMhwiOv.exe
  C:\Windows\System\sMhwiOv.exe
  2⤵
  PID:8528
- C:\Windows\System\UaOanlN.exe
  C:\Windows\System\UaOanlN.exe
  2⤵
  PID:8232
- C:\Windows\System\bJgyMhQ.exe
  C:\Windows\System\bJgyMhQ.exe
  2⤵
  PID:8664
- C:\Windows\System\vcoSHaH.exe
  C:\Windows\System\vcoSHaH.exe
  2⤵
  PID:8668
- C:\Windows\System\rxHkQCQ.exe
  C:\Windows\System\rxHkQCQ.exe
  2⤵
  PID:8688
- C:\Windows\System\QMhLEsB.exe
  C:\Windows\System\QMhLEsB.exe
  2⤵
  PID:8732
- C:\Windows\System\LNJuiAI.exe
  C:\Windows\System\LNJuiAI.exe
  2⤵
  PID:8876
- C:\Windows\System\LBmeZnv.exe
  C:\Windows\System\LBmeZnv.exe
  2⤵
  PID:8836
- C:\Windows\System\loTbTBx.exe
  C:\Windows\System\loTbTBx.exe
  2⤵
  PID:8800
- C:\Windows\System\RXVTGpa.exe
  C:\Windows\System\RXVTGpa.exe
  2⤵
  PID:8852
- C:\Windows\System\XNbaAbU.exe
  C:\Windows\System\XNbaAbU.exe
  2⤵
  PID:9040
- C:\Windows\System\rUQSptQ.exe
  C:\Windows\System\rUQSptQ.exe
  2⤵
  PID:8920
- C:\Windows\System\ReBLRVq.exe
  C:\Windows\System\ReBLRVq.exe
  2⤵
  PID:8768
- C:\Windows\System\aAnNlet.exe
  C:\Windows\System\aAnNlet.exe
  2⤵
  PID:8428
- C:\Windows\System\vHXxyxE.exe
  C:\Windows\System\vHXxyxE.exe
  2⤵
  PID:8816
- C:\Windows\System\uAOfPJA.exe
  C:\Windows\System\uAOfPJA.exe
  2⤵
  PID:7384
- C:\Windows\System\mkJEhUg.exe
  C:\Windows\System\mkJEhUg.exe
  2⤵
  PID:8640
- C:\Windows\System\SfLPCpu.exe
  C:\Windows\System\SfLPCpu.exe
  2⤵
  PID:8404
- C:\Windows\System\TLaYlje.exe
  C:\Windows\System\TLaYlje.exe
  2⤵
  PID:9148
- C:\Windows\System\bsHrRVd.exe
  C:\Windows\System\bsHrRVd.exe
  2⤵
  PID:8212
- C:\Windows\System\fPsTzVL.exe
  C:\Windows\System\fPsTzVL.exe
  2⤵
  PID:8196
- C:\Windows\System\BKhYltJ.exe
  C:\Windows\System\BKhYltJ.exe
  2⤵
  PID:8444
- C:\Windows\System\YcPguIp.exe
  C:\Windows\System\YcPguIp.exe
  2⤵
  PID:8524
- C:\Windows\System\EjXRILA.exe
  C:\Windows\System\EjXRILA.exe
  2⤵
  PID:8364
- C:\Windows\System\uBexNAG.exe
  C:\Windows\System\uBexNAG.exe
  2⤵
  PID:8588
- C:\Windows\System\IhHgfLK.exe
  C:\Windows\System\IhHgfLK.exe
  2⤵
  PID:8756
- C:\Windows\System\wEYGWqa.exe
  C:\Windows\System\wEYGWqa.exe
  2⤵
  PID:8832
- C:\Windows\System\TwaSspR.exe
  C:\Windows\System\TwaSspR.exe
  2⤵
  PID:8780
- C:\Windows\System\PhqzIwh.exe
  C:\Windows\System\PhqzIwh.exe
  2⤵
  PID:8980
- C:\Windows\System\lXrhaeS.exe
  C:\Windows\System\lXrhaeS.exe
  2⤵
  PID:9068
- C:\Windows\System\vHgJqbH.exe
  C:\Windows\System\vHgJqbH.exe
  2⤵
  PID:8208
- C:\Windows\System\AKFkTnC.exe
  C:\Windows\System\AKFkTnC.exe
  2⤵
  PID:9116
- C:\Windows\System\YOPtkyd.exe
  C:\Windows\System\YOPtkyd.exe
  2⤵
  PID:8496
- C:\Windows\System\waupqbp.exe
  C:\Windows\System\waupqbp.exe
  2⤵
  PID:7932
- C:\Windows\System\SwgkPCW.exe
  C:\Windows\System\SwgkPCW.exe
  2⤵
  PID:8368
- C:\Windows\System\PZkPSDH.exe
  C:\Windows\System\PZkPSDH.exe
  2⤵
  PID:9188
- C:\Windows\System\usCIkmi.exe
  C:\Windows\System\usCIkmi.exe
  2⤵
  PID:7996
- C:\Windows\System\rPysGOE.exe
  C:\Windows\System\rPysGOE.exe
  2⤵
  PID:9000
- C:\Windows\System\dLAGqxJ.exe
  C:\Windows\System\dLAGqxJ.exe
  2⤵
  PID:7748
- C:\Windows\System\bSximvF.exe
  C:\Windows\System\bSximvF.exe
  2⤵
  PID:8856
- C:\Windows\System\kKXgKJQ.exe
  C:\Windows\System\kKXgKJQ.exe
  2⤵
  PID:8572
- C:\Windows\System\OpzDvwC.exe
  C:\Windows\System\OpzDvwC.exe
  2⤵
  PID:8136
- C:\Windows\System\HRwqfzn.exe
  C:\Windows\System\HRwqfzn.exe
  2⤵
  PID:8644
- C:\Windows\System\GtZGqkM.exe
  C:\Windows\System\GtZGqkM.exe
  2⤵
  PID:8344
- C:\Windows\System\BfKpqdy.exe
  C:\Windows\System\BfKpqdy.exe
  2⤵
  PID:9228
- C:\Windows\System\pliQukf.exe
  C:\Windows\System\pliQukf.exe
  2⤵
  PID:9244
- C:\Windows\System\knlwDnP.exe
  C:\Windows\System\knlwDnP.exe
  2⤵
  PID:9260
- C:\Windows\System\WeESEci.exe
  C:\Windows\System\WeESEci.exe
  2⤵
  PID:9276
- C:\Windows\System\cUMOYdF.exe
  C:\Windows\System\cUMOYdF.exe
  2⤵
  PID:9292
- C:\Windows\System\XcPVhSf.exe
  C:\Windows\System\XcPVhSf.exe
  2⤵
  PID:9308
- C:\Windows\System\whdWQls.exe
  C:\Windows\System\whdWQls.exe
  2⤵
  PID:9324
- C:\Windows\System\MBjrlwD.exe
  C:\Windows\System\MBjrlwD.exe
  2⤵
  PID:9340
- C:\Windows\System\QyfsmEG.exe
  C:\Windows\System\QyfsmEG.exe
  2⤵
  PID:9356
- C:\Windows\System\xZQpXBr.exe
  C:\Windows\System\xZQpXBr.exe
  2⤵
  PID:9372
- C:\Windows\System\aPgbFES.exe
  C:\Windows\System\aPgbFES.exe
  2⤵
  PID:9388
- C:\Windows\System\awEOhpG.exe
  C:\Windows\System\awEOhpG.exe
  2⤵
  PID:9404
- C:\Windows\System\WlpnzxG.exe
  C:\Windows\System\WlpnzxG.exe
  2⤵
  PID:9420
- C:\Windows\System\TBpyWdt.exe
  C:\Windows\System\TBpyWdt.exe
  2⤵
  PID:9452
- C:\Windows\System\nOduQrC.exe
  C:\Windows\System\nOduQrC.exe
  2⤵
  PID:9484
- C:\Windows\System\Mnszayr.exe
  C:\Windows\System\Mnszayr.exe
  2⤵
  PID:9512
- C:\Windows\System\lUbHHQP.exe
  C:\Windows\System\lUbHHQP.exe
  2⤵
  PID:9528
- C:\Windows\System\ZTALWVW.exe
  C:\Windows\System\ZTALWVW.exe
  2⤵
  PID:9548
- C:\Windows\System\wQlteJW.exe
  C:\Windows\System\wQlteJW.exe
  2⤵
  PID:9584
- C:\Windows\System\cGUxmNx.exe
  C:\Windows\System\cGUxmNx.exe
  2⤵
  PID:9604
- C:\Windows\System\dWVtBpZ.exe
  C:\Windows\System\dWVtBpZ.exe
  2⤵
  PID:9620
- C:\Windows\System\ZjGGAab.exe
  C:\Windows\System\ZjGGAab.exe
  2⤵
  PID:9644
- C:\Windows\System\ToxEKBT.exe
  C:\Windows\System\ToxEKBT.exe
  2⤵
  PID:9668
- C:\Windows\System\OLqTYNr.exe
  C:\Windows\System\OLqTYNr.exe
  2⤵
  PID:9692
- C:\Windows\System\vAtnGdi.exe
  C:\Windows\System\vAtnGdi.exe
  2⤵
  PID:9712
- C:\Windows\System\UZOVels.exe
  C:\Windows\System\UZOVels.exe
  2⤵
  PID:9732
- C:\Windows\System\aWjPfrV.exe
  C:\Windows\System\aWjPfrV.exe
  2⤵
  PID:9748
- C:\Windows\System\gBSNFpb.exe
  C:\Windows\System\gBSNFpb.exe
  2⤵
  PID:9768
- C:\Windows\System\JKvVpfJ.exe
  C:\Windows\System\JKvVpfJ.exe
  2⤵
  PID:9788
- C:\Windows\System\PUaAagW.exe
  C:\Windows\System\PUaAagW.exe
  2⤵
  PID:9932
- C:\Windows\System\IRBPyDU.exe
  C:\Windows\System\IRBPyDU.exe
  2⤵
  PID:9956
- C:\Windows\System\HDlhqew.exe
  C:\Windows\System\HDlhqew.exe
  2⤵
  PID:10000
- C:\Windows\System\DSguIHz.exe
  C:\Windows\System\DSguIHz.exe
  2⤵
  PID:10136
- C:\Windows\System\ZCzrdGd.exe
  C:\Windows\System\ZCzrdGd.exe
  2⤵
  PID:9652
- C:\Windows\System\gakwgEp.exe
  C:\Windows\System\gakwgEp.exe
  2⤵
  PID:9640
- C:\Windows\System\OYxxeHI.exe
  C:\Windows\System\OYxxeHI.exe
  2⤵
  PID:9756
- C:\Windows\System\NYZJYXV.exe
  C:\Windows\System\NYZJYXV.exe
  2⤵
  PID:9804
- C:\Windows\System\npNxdfs.exe
  C:\Windows\System\npNxdfs.exe
  2⤵
  PID:9820
- C:\Windows\System\dOLgfzz.exe
  C:\Windows\System\dOLgfzz.exe
  2⤵
  PID:9860
- C:\Windows\System\nIYjeif.exe
  C:\Windows\System\nIYjeif.exe
  2⤵
  PID:9880
- C:\Windows\System\pYYqLmu.exe
  C:\Windows\System\pYYqLmu.exe
  2⤵
  PID:9628
- C:\Windows\System\BCpaqYR.exe
  C:\Windows\System\BCpaqYR.exe
  2⤵
  PID:9784
- C:\Windows\System\sTBBXWA.exe
  C:\Windows\System\sTBBXWA.exe
  2⤵
  PID:9836
- C:\Windows\System\NyNgzJV.exe
  C:\Windows\System\NyNgzJV.exe
  2⤵
  PID:9844
- C:\Windows\System\RuygHih.exe
  C:\Windows\System\RuygHih.exe
  2⤵
  PID:9816
- C:\Windows\System\QSwNtyK.exe
  C:\Windows\System\QSwNtyK.exe
  2⤵
  PID:9888
- C:\Windows\System\ujXwfeP.exe
  C:\Windows\System\ujXwfeP.exe
  2⤵
  PID:9952
- C:\Windows\System\IKCcqCM.exe
  C:\Windows\System\IKCcqCM.exe
  2⤵
  PID:10036
- C:\Windows\System\xUIizpb.exe
  C:\Windows\System\xUIizpb.exe
  2⤵
  PID:9976
- C:\Windows\System\MERbQZJ.exe
  C:\Windows\System\MERbQZJ.exe
  2⤵
  PID:10052
- C:\Windows\System\JvYbXoS.exe
  C:\Windows\System\JvYbXoS.exe
  2⤵
  PID:10064
- C:\Windows\System\qfoUatU.exe
  C:\Windows\System\qfoUatU.exe
  2⤵
  PID:9928
- C:\Windows\System\XzlYOZv.exe
  C:\Windows\System\XzlYOZv.exe
  2⤵
  PID:10048
- C:\Windows\System\LjQmNUq.exe
  C:\Windows\System\LjQmNUq.exe
  2⤵
  PID:10144
- C:\Windows\System\jePWSKg.exe
  C:\Windows\System\jePWSKg.exe
  2⤵
  PID:10148
- C:\Windows\System\BVCUAcA.exe
  C:\Windows\System\BVCUAcA.exe
  2⤵
  PID:9384
- C:\Windows\System\aJlYEVu.exe
  C:\Windows\System\aJlYEVu.exe
  2⤵
  PID:10204
- C:\Windows\System\eMWILMD.exe
  C:\Windows\System\eMWILMD.exe
  2⤵
  PID:10184
- C:\Windows\System\anvpVhx.exe
  C:\Windows\System\anvpVhx.exe
  2⤵
  PID:10168
- C:\Windows\System\rCQrefl.exe
  C:\Windows\System\rCQrefl.exe
  2⤵
  PID:10120
- C:\Windows\System\jAbiUcI.exe
  C:\Windows\System\jAbiUcI.exe
  2⤵
  PID:8904
- C:\Windows\System\PkUXwJH.exe
  C:\Windows\System\PkUXwJH.exe
  2⤵
  PID:9400
- C:\Windows\System\fuEiNMT.exe
  C:\Windows\System\fuEiNMT.exe
  2⤵
  PID:9460
- C:\Windows\System\QHPmOSH.exe
  C:\Windows\System\QHPmOSH.exe
  2⤵
  PID:9476
- C:\Windows\System\dLIKFIb.exe
  C:\Windows\System\dLIKFIb.exe
  2⤵
  PID:9524
- C:\Windows\System\KDPHwwA.exe
  C:\Windows\System\KDPHwwA.exe
  2⤵
  PID:9492
- C:\Windows\System\pvOjFBu.exe
  C:\Windows\System\pvOjFBu.exe
  2⤵
  PID:9560
- C:\Windows\System\zBUsElY.exe
  C:\Windows\System\zBUsElY.exe
  2⤵
  PID:9568
- C:\Windows\System\VTKBKYN.exe
  C:\Windows\System\VTKBKYN.exe
  2⤵
  PID:9616
- C:\Windows\System\KKbZHIF.exe
  C:\Windows\System\KKbZHIF.exe
  2⤵
  PID:9740
- C:\Windows\System\KfTqEBs.exe
  C:\Windows\System\KfTqEBs.exe
  2⤵
  PID:9236
- C:\Windows\System\XOIvGPW.exe
  C:\Windows\System\XOIvGPW.exe
  2⤵
  PID:9300
- C:\Windows\System\ndXHfRW.exe
  C:\Windows\System\ndXHfRW.exe
  2⤵
  PID:9684
- C:\Windows\System\xOrjjGw.exe
  C:\Windows\System\xOrjjGw.exe
  2⤵
  PID:9704
- C:\Windows\System\IpEWsvd.exe
  C:\Windows\System\IpEWsvd.exe
  2⤵
  PID:9776
- C:\Windows\System\lcCEEBT.exe
  C:\Windows\System\lcCEEBT.exe
  2⤵
  PID:9916
- C:\Windows\System\InWGCAO.exe
  C:\Windows\System\InWGCAO.exe
  2⤵
  PID:9896
- C:\Windows\System\zLXDgaS.exe
  C:\Windows\System\zLXDgaS.exe
  2⤵
  PID:9940
- C:\Windows\System\Yfzbszw.exe
  C:\Windows\System\Yfzbszw.exe
  2⤵
  PID:9908
- C:\Windows\System\jUqDvbE.exe
  C:\Windows\System\jUqDvbE.exe
  2⤵
  PID:10060
- C:\Windows\System\mMgpSHV.exe
  C:\Windows\System\mMgpSHV.exe
  2⤵
  PID:10084
- C:\Windows\System\ZCaaCPH.exe
  C:\Windows\System\ZCaaCPH.exe
  2⤵
  PID:10020
- C:\Windows\System\SlMzQVb.exe
  C:\Windows\System\SlMzQVb.exe
  2⤵
  PID:9380
- C:\Windows\System\CBAtKaS.exe
  C:\Windows\System\CBAtKaS.exe
  2⤵
  PID:9416
- C:\Windows\System\aVNmCkG.exe
  C:\Windows\System\aVNmCkG.exe
  2⤵
  PID:10128
- C:\Windows\System\OUNeSkf.exe
  C:\Windows\System\OUNeSkf.exe
  2⤵
  PID:10196
- C:\Windows\System\lgMHvEH.exe
  C:\Windows\System\lgMHvEH.exe
  2⤵
  PID:10132
- C:\Windows\System\gsYLTEe.exe
  C:\Windows\System\gsYLTEe.exe
  2⤵
  PID:9536
- C:\Windows\System\noNUHjp.exe
  C:\Windows\System\noNUHjp.exe
  2⤵
  PID:9564
- C:\Windows\System\WvKxMso.exe
  C:\Windows\System\WvKxMso.exe
  2⤵
  PID:10092
- C:\Windows\System\gZBjNjs.exe
  C:\Windows\System\gZBjNjs.exe
  2⤵
  PID:9612
- C:\Windows\System\dCstgfP.exe
  C:\Windows\System\dCstgfP.exe
  2⤵
  PID:9596
- C:\Windows\System\ICbfzxm.exe
  C:\Windows\System\ICbfzxm.exe
  2⤵
  PID:9724
- C:\Windows\System\XgbTfbJ.exe
  C:\Windows\System\XgbTfbJ.exe
  2⤵
  PID:9676
- C:\Windows\System\jnAPnhp.exe
  C:\Windows\System\jnAPnhp.exe
  2⤵
  PID:9912
- C:\Windows\System\iQBfpsu.exe
  C:\Windows\System\iQBfpsu.exe
  2⤵
  PID:9904
- C:\Windows\System\qCquDso.exe
  C:\Windows\System\qCquDso.exe
  2⤵
  PID:10072
- C:\Windows\System\HWJLZxw.exe
  C:\Windows\System\HWJLZxw.exe
  2⤵
  PID:9988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJoswWB.exe

Filesize
1.6MB

MD5
e841bb8d1c369957b83e9d5b0af49c02

SHA1
5f61c6c365515dd73d71f51ad1eb68921b557934

SHA256
9de86eb8ff4e24dcb1ca27e767f46509bb8e2ed020c9d80f4aadb5e3c82923d9

SHA512
470e556b888343d2bdb6e3b63e57b7d5a3b0774d31e887b04a86bc93a3c0caf1320402ed1cc0bd01f8ad703a44d111e4a819650a1520decc4e5c05777db5c384

Download Submit
C:\Windows\system\DxWIELT.exe

Filesize
1.6MB

MD5
46457d0dd8521ef36704c6d6297b7e21

SHA1
b98fefa4b595aeee50e0fcf78fec3596b331e5ce

SHA256
4d05f358d9ca70d6dfebfab1c2d2669faee3f941b7c91dbe2b95ccd5ca37e977

SHA512
ec68eea7a741f0f0c4b1ba7da7d3dd47e9a7ef6f74785fc17d2422db37acb951b0883ca0aabfe8b996b39939f7f4061db993bfdfc8007e2ecf8178273af94d9d

Download Submit
C:\Windows\system\EFsYdJL.exe

Filesize
1.6MB

MD5
04ab6a15d3777e26a1933a18af19c976

SHA1
5b0876f3b7f91f453c76f15f8621d79e507625d9

SHA256
db6a4cbf1bc1792c0ec38df1de12536ee484da2f9246af528664f0217ebea534

SHA512
38631ccd79f9ea60777c617dde6e34425c6c5d0fe97ce52dc40997b36d4f71270e4d59bc70daf439b4317003f709cece9b2838111d8a7835785d8ed4b01f7942

Download Submit
C:\Windows\system\JlbUvEc.exe

Filesize
1.6MB

MD5
766510f4f01b1d1e4d87b1bf065cd20b

SHA1
ae5efdbb1f11ccff3d7fb5a2fce0d4140c6affae

SHA256
ce49a808a63bdec85d636bcdb4fb78132e0edc661de4e66aca6e549945b2cd2a

SHA512
04f55cc62f27d6d4c0cbf55a10255060749a96f2937044540430d2cd85d7859977c55661eb93fb5713789bc2d317a6a597d541a37faaa6a01334f166cfc06c26

Download Submit
C:\Windows\system\OvrfnWu.exe

Filesize
1.6MB

MD5
ba385ef15e06f93f30173bad76fed070

SHA1
1cb410ff493f941a68789cee2bceb0b453d2806b

SHA256
aa6eb146d88d99da9baa105838cf7839001bf6a8ba0ff7762b448602d06266bc

SHA512
01012aa57b5149e9d23187dbd0508e7e14e6909c174d7a6319bcc03ca353a0bfab8e79a4c451d4f96e48ac821ad2545b97adc9243841de1ac77bfe195920a203

Download Submit
C:\Windows\system\QMCYMAB.exe

Filesize
1.6MB

MD5
24df36f717064faa1960dfb623cdf308

SHA1
aeb6f486d2141308dd807ca6cd75edb241ded6ba

SHA256
66c1a57dd7c5093055390c5277f15d37f2cd62d2995bd308709181e77d4c707d

SHA512
42c470ee65628c0a0747ada78eb5bce0b24e225b1324eef45b5dd8714ff9f5eb0945cc4854a680c242fd1a3575664d2de8be93df26ef6c32cc12541c67e87e0f

Download Submit
C:\Windows\system\VHdbuwU.exe

Filesize
1.6MB

MD5
b834637355bcd48304aa59dc0eba8829

SHA1
4cb3d6ae6c6a9fc0fb9f8d8dffef2e76d9a8e32f

SHA256
d6b62875c1ceaf09ed501124029402a06609fedf1cb602804c66caaaf3488559

SHA512
9166bee70bf00fbdac522d0af2bd26915701a1e3fae93e076b16a038da6e889cb46691e410faf3d812cf38d47cbc889a57db73f050e5db0195ebe17df0a0049c

Download Submit
C:\Windows\system\XvlEHnz.exe

Filesize
1.6MB

MD5
ebcde6dc002ce949e6706c065902239d

SHA1
2c1cd963d4e4f974b9de96b831ee1377d7fc8066

SHA256
738c329febb51c5e09f15e511c1a760cc706051706d0a49aef4dd8531db8446d

SHA512
f34e6f1d9c1c2f749791320a6d75e86d9bd804df53ac91abd8024f973f0944c42b176391e830ab80de9313a9019c1cf838e26cd9494630d8c2baf1167e0c66c0

Download Submit
C:\Windows\system\ZHeXOAY.exe

Filesize
1.6MB

MD5
58a1cad229dc517548f846520089040d

SHA1
8d013bd624d28cf7122d3593328c5d9361f2e0ad

SHA256
f418f8e50cde6c28fbb5168cf7ed42ec2efacb6be488ed592392b0c91025f03c

SHA512
7357ff4da953899811fd9809ace99230bf478a08f51dcf4b7c9a11211d68bd1177b9619a23f1a950f1227403ef590b72a619d6fcf4ca9bf2aca5be805bea36e1

Download Submit
C:\Windows\system\dayDJPu.exe

Filesize
1.6MB

MD5
bfddded41a8976aa4b8688efd504c6e5

SHA1
a296487f328be5fb7f0b6902d00885cff85236dd

SHA256
32ceba48c5b0f374f13e7f4d7344da2365597599a94622de4ed42f27efdc224a

SHA512
fd7385c4cdfe8b097bb0b08f32720e48f61937675815021452027651ea81ea973850754c8a50c229fb5a1d63e44f959be956232b2836b87cecdde880487686ed

Download Submit
C:\Windows\system\eLkdxwp.exe

Filesize
1.6MB

MD5
e4c49ab7bed07b30359531c1f784619d

SHA1
a6aa066b43a342b2a1007eaae0edf47047484d41

SHA256
a97aaf1a0953e2ce3c7598df5d1c3b06633489848f5014e408ed5ff3b5fd5f29

SHA512
8b8d4f2040b330ccba4d9d0a9962f2729bb07276762b2d7843b1b6ed6fc462b9fe4ffd008b3fff81da5f3547e76259887820d9ff20dc4785de5d13db5cdc203d

Download Submit
C:\Windows\system\fjuIcGK.exe

Filesize
1.6MB

MD5
f2a4ee565fcad10aae59db15a80cfc92

SHA1
68f9f5310ad3664e34e7d3f8f906e55a7bd69037

SHA256
b7492ce1da2f380649f98aaabf70f2eb7f36b62751d3ff5fb5b39c94bcc5a857

SHA512
a083db94f6dbdae7ca6aa1ef5d8d8f02ac7b57665495bf35a01b4aef4cb47d4a296fcc9767c87faa1ec0df309c418947fb12be49f598784b3dcfdddfea2531f4

Download Submit
C:\Windows\system\fobZWxo.exe

Filesize
1.6MB

MD5
08a035a615358610289a8bc778452247

SHA1
f43723619195598906f3677aa4192f170ea8eea5

SHA256
21693d3e0c9c7ccce9e22ada28b39584e99129f0281a671505aef2ff49b91ea4

SHA512
5e98df6d6bbb7fab634eeaf71c4423e38348f758ae35a4fe1c101e8f53c01bb904a2511db75157c8b706061762767508c0e42fa7f8dcd82d6417c9c96d32d0bd

Download Submit
C:\Windows\system\fyOiAed.exe

Filesize
1.6MB

MD5
2b2f0db3e2b9a48b3cfab06116ac9878

SHA1
2ecd2596274b9dfb747a6513d808cc8ddfa54669

SHA256
1c376f78c0d2318d0edc9764e869e8350a8c3f69df19ba06f436226f8e65427e

SHA512
d504fd18607d9088415093b2b4d76afa035a84c0d42da67a874846e3f95b9c412a8714809ea95f2a640b19f1db2035b9ab095a980c83824743ac96d978072615

Download Submit
C:\Windows\system\hEfRtBR.exe

Filesize
1.6MB

MD5
25dc154f22585e90f1449eddd72fe8ab

SHA1
79bd18af48f5f29cfe47b7f9f7ecbaaacddc19b3

SHA256
15c56918c060c5339c9c767aac8aa4e83e5aa320dd254fd26bc468b5359ca657

SHA512
df6d7e99d582390be40df56eb494c6ac5d6dfacd1a2a3c0e54daf45435d60be54aec5c510e8b12f06c6ed1924354ac9ba143e603d2bd435c47b05abaad8bf974

Download Submit
C:\Windows\system\ipXVGtM.exe

Filesize
1.6MB

MD5
8fa399a2bb93dd92957293afac2f4d31

SHA1
8d3206bd846925ec994a8efaa6251168db6ec60e

SHA256
09255478fa548726b555fc4b7ecd8ccb9bcd8fac1a2ab5d8d5c4006c89781fd3

SHA512
c216e48dc5912ebcf150e31445e5e19f6acd6633113fde758a87945a76d31e260ac2c66d799fb90646c8976d20b61c9416febe0098ecc32f472c2a0375647588

Download Submit
C:\Windows\system\lynhbgl.exe

Filesize
1.6MB

MD5
cf8838583e53290491815caa83bb5989

SHA1
70fed3006eed4d4391e3db7b5f08cc37a60e761b

SHA256
275e958a561c1018f43e8a614e669576a6c6caca987dd96a2ed342193b5fae5c

SHA512
3d0a0dbf56e3458a0e1559397b555c258b964c059629efd71c8d907700b79d464372c4c9e6a98778c1ccca9816f16c04c07260cc78a850495177d63c2bac5d9a

Download Submit
C:\Windows\system\mnXuhCe.exe

Filesize
1.6MB

MD5
74c1f4dc54831b7e2cad4c8d769d2427

SHA1
9701b6fac7a8f1040ba46c9c4021660535bfbffd

SHA256
cd159554f74f1ecc016f9734f339b3c4428e2c916025ae7334541c346f5ad3f0

SHA512
c5aaf88ec3b5a2b90554c2ecb74b26d895a6a87da3e8deb0d00fb452e7ac049cd09a30192a4750faaf128d01cc4196c0d8dd56ea470aa90ecdd949128f55c521

Download Submit
C:\Windows\system\nCetzrS.exe

Filesize
1.6MB

MD5
41960f96f9b0a1a6d0864a4fe5263c87

SHA1
65967874acd70fce619ac3ae1dfb280dc53ba0df

SHA256
9152d839db209b02da5f7c14b6bee3dfb67b0458569a8518688489fa2a6abe04

SHA512
2f348d52d88f490e9546610e393d7299543ca5d6e906a31fd11d484be241efd33c40092d624b37f48d2f3ddcd2ae993b99ace4916c7e3f99e75b01cb0f3dd859

Download Submit
C:\Windows\system\oZgTewz.exe

Filesize
1.6MB

MD5
bd9ff82327645aeb10e91ced08dcfd16

SHA1
79621c563bc62e9421981e608f790ba66fbe05de

SHA256
6a586d72bea1906b6ae7d62b33902e5362a68ee25030725ae29779b99c31a302

SHA512
cc9574ff9f067d4946658085a852b440e133e6b4260981af8ef5c431cee3715bf69b1d6bbf04bd8579c9753426030a090dbe8c8b6c53fc5f869c38bf8b1cc366

Download Submit
C:\Windows\system\qOfhZCF.exe

Filesize
1.6MB

MD5
588a27804e913df8af4d855872a86b8b

SHA1
07c204c5e251c033e1f7e6a0384e54588610a01d

SHA256
e3aa7ff046dacdcf7f5d728c3b7d0a2b9234828761c9933f866244926d64ea44

SHA512
0b9816547bb33e24cd0749c64e32078672db4da3002caefcff87cecd4d586c56bc98e2b8e53ad1bc3f78ab265c46cb199012cbb6d21c3a4f26e8e2ff81cad0bd

Download Submit
C:\Windows\system\qjbkXLw.exe

Filesize
1.6MB

MD5
f5df177845d417e76f86ab417140241b

SHA1
c51ee8537c6377e50e10a8dd78a5e33c32349dfa

SHA256
4815742fe86c1e291e8163bc47966b180b6901a9878a1e3580ff18b8016687b0

SHA512
6847c2bc639c703243aa5be5a2f69c1095ea7de56e6cb694a07062ef000397ddc14004fb3ea9e95cb5ebfaf6360f4486e353bdb8b39aafefa25afc38157823a2

Download Submit
C:\Windows\system\vSBoVmg.exe

Filesize
1.6MB

MD5
4c65d43eea012de1a8424b738a91bb10

SHA1
d50ee51ea6d1488c99953626e46ea1dde8b81eb1

SHA256
cdd25eb4941987b1f8e218c567d3d9683fa747be7e20504cc96280d410e0c6f0

SHA512
5d9621371b410863689f2012378f899a743705abde48ad6e94a300d97dffd253f708e5ecbc024405ab77ac3426059eece304805098a24b463970940a7fa2f75e

Download Submit
C:\Windows\system\vcbnaFg.exe

Filesize
1.6MB

MD5
27ac5031aa7e5b714b26a4636efe8fc5

SHA1
4c615eb7ac0daa16ec1620088acef7d5f6bceb75

SHA256
bab99e6845120a54a348087b5a4f58a8fed3292d4c4e42a86b26632a1e989ea2

SHA512
1d21012ad26cf18cdaa1c784c2dc56c0a6b3b400c87c83d31ce447126f96fa979dc854bac6cb7750367fc2c83720d5f8473937e16c84b4078782ceae5298e2d6

Download Submit
C:\Windows\system\yOQKYYd.exe

Filesize
1.6MB

MD5
793efea4fd7540472464a19c332ce7b9

SHA1
a58cecc9eeba319706d901d13dcde4df801bb9ac

SHA256
1d935338f3feebb304f2e6c763ae759b446c1d98e2c1b86310486c4e4aafb047

SHA512
aac615b8d160d913fac125326855ce0e32184af68e42208f57e9de610c3dbada34ead3f6473d51bbae5711b5ffef436e40644701e88159a9e921665ebf74ec27

Download Submit
\Windows\system\DBkWrEW.exe

Filesize
1.6MB

MD5
8c220695100a257f1d0d85c410dd1795

SHA1
96c300a363e8ec888b759865c613fccf0e81903d

SHA256
6302cabb3c4551cd009bc7adf0b3166f7a8117577761a0e767246019a552200e

SHA512
52d27b75693f5c00a186422b7eadee8c68d95b5fb7e44886e2e20313189b8ccb9e1f1e645d3b1d035b242ed29e9d9b282cb86ccd97837dd898f3a2fd28089145

Download Submit
\Windows\system\EVNnStV.exe

Filesize
1.6MB

MD5
461d9e8f6613c2d11b61c27ca398cf8a

SHA1
24453e82c27e9c304eb910ec5b8f86769219dfd5

SHA256
fba4e2db396c3283fe2dd4b2f19681872ba23d4c368d0137e051b36a8302bd04

SHA512
dd93124a91a6ad66130bf10ed18ccb0f6412e58c499fb2b0267bfe407460aeeaaa6ce040b15d19680ac32d58051e12aeef57cece7380234bc2a2a7656b386a34

Download Submit
\Windows\system\OFwQkLO.exe

Filesize
1.6MB

MD5
f96bb4de863b280eab4bbde2dfe107bd

SHA1
e283921fdd599fb0e03d17c26ffb43227f584e2e

SHA256
3b673e0384dbf863adda165a4a3b1ade16a4eb122d56929f2140c4a497ad2c8e

SHA512
0de8ee608e8002601b674740d608d80c4107d32dfe4b25f395126efb3fb4d9c87b4c2e671bbf845c423f9040de06393199b17a994155e8551be7b1fb856ca82a

Download Submit
\Windows\system\UOmlUYV.exe

Filesize
1.6MB

MD5
738980eedeaf39ef54c29bb4071157da

SHA1
cb7772edbe520e97b76afd0dcb167441f2b3ba2c

SHA256
ffb615a52bb864c49dcacc254511c4b311bee38e1e10582bc1fb38071f4f2b6b

SHA512
df2204de2827bc03b8c795aaed715d1c58376054e0e2c391d1bb0b4ae3d5b6de0e64a12e8d94ef0edb0f1455b2f645af4d858fcb61a2c65b64927025ff9eeacd

Download Submit
\Windows\system\ksahEtc.exe

Filesize
1.6MB

MD5
d19efb507d0b69ec825430962c028f52

SHA1
e2717115936b686110c1f0ade47d1b885f5977e9

SHA256
b55c9e7de70f89a8fedd6998799968fa7b18b2094119eff5b6b42c7ce0dadad7

SHA512
1127cc81e0e62a565213db8f27daa20313cfde0f9ab08d7212e774c6e95e2ea44bc3d92e06a97f7c4d38cc138f4835bef6201dce16412134996ef3f0635b2f5c

Download Submit
\Windows\system\uUbYBly.exe

Filesize
1.6MB

MD5
e05ea1517a17f4e918683b917dd01094

SHA1
f27e4f84e4b8462ffe6f024fea54f67fc7c37d6f

SHA256
967a6c229308ae0855513cd7ee2965ac9b9c48cb05157685341d68094ed91695

SHA512
13c512153eaf1d2ec106b8220c010782930418196e7b4035c7b5e4ee67b3e3634befc07557a83b6a9aa99f0d0979256ab1728b0bc87f101370b17d105e7b0720

Download Submit
\Windows\system\vDuMDdy.exe

Filesize
1.6MB

MD5
756b5eb4041a649190c635d696168171

SHA1
cddbb1d4b4db9bcdc695edf2edfdc1ee04f511ca

SHA256
01ab1e6b69059b982a83cd9f69d4b29a493c1a368df6461ab214f1ca0eda3f53

SHA512
30f1294beac5a1850df42e0bc69fb8586d29236abfb43c1efea872daec588ac850e489564dfab7b914dffd840ccb7c30c29f2ab2bb672d9ddf44ebeb9483720e

Download Submit
memory/1684-4063-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1684-78-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1940-4061-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-23-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-36-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-4062-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-4072-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2176-99-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2013-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2432-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-4060-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1320-0x0000000001DC0000-0x0000000002114000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1216-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2560-18-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2560-84-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2560-83-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2560-103-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-81-0x0000000001DC0000-0x0000000002114000-memory.dmp

Filesize
3.3MB

Download
memory/2560-80-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2560-79-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-106-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2560-77-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2560-76-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-54-0x0000000001DC0000-0x0000000002114000-memory.dmp

Filesize
3.3MB

Download
memory/2560-50-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2560-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3016-0x0000000001DC0000-0x0000000002114000-memory.dmp

Filesize
3.3MB

Download
memory/2560-70-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2560-69-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1287-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1832-0x0000000001DC0000-0x0000000002114000-memory.dmp

Filesize
3.3MB

Download
memory/2560-30-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-66-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4065-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2012-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4071-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2792-95-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4067-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2804-75-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4066-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2824-73-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2836-85-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4069-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4064-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-68-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4068-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-71-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2011-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4070-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2988-86-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download