cobaltstrike | 91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
Size

6.0MB
MD5

f1e192d07d50588e15232a9c62791bc9
SHA1

efd789524a73714d92299526033a07f8878b13b9
SHA256

91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2
SHA512

2fc25ec7cc3c7778eadd9768f81279545e23144b0b9b2bda7d80ed12924b597e378b3c951f42bcb9b1f6030845e6fdd8b869f249b7d559774ecc3784459cd5d6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUT:eOl56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ea-8.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ee-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018728-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878f-43.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019431-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-102.dat	cobalt_reflective_dll
behavioral1/files/0x00320000000174cc-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x00070000000186ea-8.dat	xmrig
behavioral1/files/0x00060000000186ee-12.dat	xmrig
behavioral1/memory/2412-17-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186fd-28.dat	xmrig
behavioral1/files/0x0006000000018728-33.dat	xmrig
behavioral1/memory/2604-37-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000700000001878f-43.dat	xmrig
behavioral1/files/0x000600000001873d-40.dat	xmrig
behavioral1/files/0x0006000000019431-55.dat	xmrig
behavioral1/memory/1620-73-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2800-98-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1728-104-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019609-113.dat	xmrig
behavioral1/files/0x0005000000019613-137.dat	xmrig
behavioral1/files/0x000500000001961d-163.dat	xmrig
behavioral1/memory/2800-728-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1728-919-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2412-545-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-195.dat	xmrig
behavioral1/files/0x0005000000019625-190.dat	xmrig
behavioral1/files/0x0005000000019623-185.dat	xmrig
behavioral1/files/0x0005000000019621-176.dat	xmrig
behavioral1/files/0x0005000000019622-181.dat	xmrig
behavioral1/files/0x000500000001961f-169.dat	xmrig
behavioral1/files/0x0005000000019619-156.dat	xmrig
behavioral1/files/0x0005000000019615-154.dat	xmrig
behavioral1/files/0x0005000000019617-150.dat	xmrig
behavioral1/files/0x0005000000019611-144.dat	xmrig
behavioral1/files/0x000500000001961b-159.dat	xmrig
behavioral1/files/0x000500000001960d-126.dat	xmrig
behavioral1/files/0x000500000001960f-130.dat	xmrig
behavioral1/files/0x000500000001960b-120.dat	xmrig
behavioral1/memory/1620-112-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-109.dat	xmrig
behavioral1/files/0x0005000000019582-102.dat	xmrig
behavioral1/files/0x00320000000174cc-94.dat	xmrig
behavioral1/memory/2088-91-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2744-88-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-86.dat	xmrig
behavioral1/memory/1304-82-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-70.dat	xmrig
behavioral1/memory/2412-81-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1600-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-77.dat	xmrig
behavioral1/memory/2412-66-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2608-58-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2580-54-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2412-51-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2744-48-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2388-65-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-61.dat	xmrig
behavioral1/memory/1600-29-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2412-27-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2720-26-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2728-25-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2864-21-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1600-3535-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2720-3542-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2728-3541-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2864-3519-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2744-3555-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2608-3566-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2720	NBjOTeb.exe
2864	kJrZVRX.exe
2728	kWJfZYz.exe
1600	rPLxxrP.exe
2604	LWnKCjo.exe
2744	PkcWrci.exe
2580	duCGXqf.exe
2608	itAFtuE.exe
2388	OsxFuwq.exe
1620	hoYKLHH.exe
1304	AdeNMVb.exe
2088	MMFYowO.exe
2800	hwnodxf.exe
1728	vrGHmID.exe
2892	isxUezg.exe
2964	AtujGMF.exe
2036	GcDegbZ.exe
792	ZJBVplg.exe
1868	HJaNMHh.exe
2952	OhLLgQS.exe
284	zBAsBhZ.exe
2824	ziXaTMX.exe
3032	cgRSRaE.exe
2172	hpSbWpo.exe
908	GaghOlt.exe
1740	ysXKCvt.exe
1320	fkaGLQG.exe
824	stzTrja.exe
2552	DqgfflW.exe
704	mcGXskX.exe
1248	ygoyVny.exe
948	zGekDDG.exe
1696	MCYKXBc.exe
2320	QeEwKJV.exe
1984	MQwqOfg.exe
1652	BkQCICi.exe
1876	HUInCvc.exe
1644	JctlFsX.exe
268	qoQAHkA.exe
2280	siPIiNz.exe
572	wYdbTOA.exe
864	pmkxuhg.exe
888	vgfIPck.exe
292	RUhlVnp.exe
1636	CaZGfrz.exe
2924	vIBJmhs.exe
1432	DbXraCk.exe
760	HrsYFKh.exe
1632	BVxZcmZ.exe
2656	OWtWphQ.exe
2472	OliOdQa.exe
1528	fPOnsii.exe
2680	hRPvPCi.exe
2848	FUWIRLU.exe
2700	dKKzNUk.exe
2692	gzJEWcu.exe
1720	qnpfXUU.exe
2684	cfBPOBU.exe
2108	QwvzHdn.exe
2428	EhlAEOX.exe
1572	aAyabbA.exe
2788	WbOXFMl.exe
3004	zGSROjm.exe
700	KuHMEfg.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x00070000000186ea-8.dat	upx
behavioral1/files/0x00060000000186ee-12.dat	upx
behavioral1/files/0x00060000000186fd-28.dat	upx
behavioral1/files/0x0006000000018728-33.dat	upx
behavioral1/memory/2604-37-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000700000001878f-43.dat	upx
behavioral1/files/0x000600000001873d-40.dat	upx
behavioral1/files/0x0006000000019431-55.dat	upx
behavioral1/memory/1620-73-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2800-98-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1728-104-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0005000000019609-113.dat	upx
behavioral1/files/0x0005000000019613-137.dat	upx
behavioral1/files/0x000500000001961d-163.dat	upx
behavioral1/memory/2800-728-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1728-919-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0005000000019667-195.dat	upx
behavioral1/files/0x0005000000019625-190.dat	upx
behavioral1/files/0x0005000000019623-185.dat	upx
behavioral1/files/0x0005000000019621-176.dat	upx
behavioral1/files/0x0005000000019622-181.dat	upx
behavioral1/files/0x000500000001961f-169.dat	upx
behavioral1/files/0x0005000000019619-156.dat	upx
behavioral1/files/0x0005000000019615-154.dat	upx
behavioral1/files/0x0005000000019617-150.dat	upx
behavioral1/files/0x0005000000019611-144.dat	upx
behavioral1/files/0x000500000001961b-159.dat	upx
behavioral1/files/0x000500000001960d-126.dat	upx
behavioral1/files/0x000500000001960f-130.dat	upx
behavioral1/files/0x000500000001960b-120.dat	upx
behavioral1/memory/1620-112-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-109.dat	upx
behavioral1/files/0x0005000000019582-102.dat	upx
behavioral1/files/0x00320000000174cc-94.dat	upx
behavioral1/memory/2088-91-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2744-88-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001950c-86.dat	upx
behavioral1/memory/1304-82-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000500000001944f-70.dat	upx
behavioral1/memory/1600-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0005000000019461-77.dat	upx
behavioral1/memory/2412-66-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2608-58-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2580-54-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2744-48-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2388-65-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0005000000019441-61.dat	upx
behavioral1/memory/1600-29-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2720-26-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2728-25-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2864-21-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1600-3535-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2720-3542-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2728-3541-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2864-3519-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2744-3555-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2608-3566-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2604-3564-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2580-3576-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2388-3591-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1304-3624-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1620-3601-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\blJkOsZ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\liRUWtS.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\QNDjbHZ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\BLGOVAz.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\JGkMXMy.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\ExuVRxK.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\hjeWlGn.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\HmblxAC.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\OanxsBH.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\Mesgdwv.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\VjRdMjr.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\WlCsIoo.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\QBcnaVB.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\cSnJhJA.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\KxtPAQM.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\OWtWphQ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\mFoDFag.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\AftIRnZ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\QozDfzk.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\YQTeFCU.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\ruUKgaS.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\PkcWrci.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\fSnQoUy.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\XgNIwqr.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\lbHlvUc.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\ShBfQVc.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\OpBxMmg.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\cWQzjqn.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\xhDhEjH.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\bCUlmXm.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\EtCICBa.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\IxzKWaW.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\OsjciQd.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\mnAsYzz.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\BeRVUxl.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\PsqylJt.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\lGRGdCJ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\PZyELRM.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\yCWUPqj.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\niuItKj.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\GCjRpCY.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\mSNHnpl.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\qnpfXUU.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\xzSTAZy.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\EFQKVvF.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\vQLVRdf.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\wPELwQk.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\GVouLeZ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\OClQsAm.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\NrfDrOP.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\BJhtLyz.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\UPLIAsR.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\NzCFqln.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\zMUdOQY.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\fgiXlGe.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\eUERcTQ.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\loFaPzO.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\tjqQjgA.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\apCpbwX.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\CTXCGfw.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\DgJIkMo.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\VZMGjTY.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\uFKcchp.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
File created	C:\Windows\System\AMTWvLE.exe	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2720	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	32
PID 2412 wrote to memory of 2720	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	32
PID 2412 wrote to memory of 2720	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	32
PID 2412 wrote to memory of 2864	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	33
PID 2412 wrote to memory of 2864	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	33
PID 2412 wrote to memory of 2864	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	33
PID 2412 wrote to memory of 2728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	34
PID 2412 wrote to memory of 2728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	34
PID 2412 wrote to memory of 2728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	34
PID 2412 wrote to memory of 1600	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	35
PID 2412 wrote to memory of 1600	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	35
PID 2412 wrote to memory of 1600	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	35
PID 2412 wrote to memory of 2604	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	36
PID 2412 wrote to memory of 2604	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	36
PID 2412 wrote to memory of 2604	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	36
PID 2412 wrote to memory of 2744	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	37
PID 2412 wrote to memory of 2744	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	37
PID 2412 wrote to memory of 2744	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	37
PID 2412 wrote to memory of 2580	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	38
PID 2412 wrote to memory of 2580	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	38
PID 2412 wrote to memory of 2580	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	38
PID 2412 wrote to memory of 2608	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	39
PID 2412 wrote to memory of 2608	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	39
PID 2412 wrote to memory of 2608	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	39
PID 2412 wrote to memory of 2388	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	40
PID 2412 wrote to memory of 2388	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	40
PID 2412 wrote to memory of 2388	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	40
PID 2412 wrote to memory of 1620	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	41
PID 2412 wrote to memory of 1620	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	41
PID 2412 wrote to memory of 1620	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	41
PID 2412 wrote to memory of 1304	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	42
PID 2412 wrote to memory of 1304	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	42
PID 2412 wrote to memory of 1304	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	42
PID 2412 wrote to memory of 2088	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	43
PID 2412 wrote to memory of 2088	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	43
PID 2412 wrote to memory of 2088	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	43
PID 2412 wrote to memory of 2800	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	44
PID 2412 wrote to memory of 2800	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	44
PID 2412 wrote to memory of 2800	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	44
PID 2412 wrote to memory of 1728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	45
PID 2412 wrote to memory of 1728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	45
PID 2412 wrote to memory of 1728	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	45
PID 2412 wrote to memory of 2892	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	46
PID 2412 wrote to memory of 2892	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	46
PID 2412 wrote to memory of 2892	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	46
PID 2412 wrote to memory of 2964	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	47
PID 2412 wrote to memory of 2964	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	47
PID 2412 wrote to memory of 2964	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	47
PID 2412 wrote to memory of 2036	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	48
PID 2412 wrote to memory of 2036	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	48
PID 2412 wrote to memory of 2036	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	48
PID 2412 wrote to memory of 792	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	49
PID 2412 wrote to memory of 792	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	49
PID 2412 wrote to memory of 792	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	49
PID 2412 wrote to memory of 1868	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	50
PID 2412 wrote to memory of 1868	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	50
PID 2412 wrote to memory of 1868	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	50
PID 2412 wrote to memory of 284	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	51
PID 2412 wrote to memory of 284	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	51
PID 2412 wrote to memory of 284	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	51
PID 2412 wrote to memory of 2952	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	52
PID 2412 wrote to memory of 2952	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	52
PID 2412 wrote to memory of 2952	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	52
PID 2412 wrote to memory of 3032	2412	JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_91a0024ff40324c60bff67103fe414400920c7558d3daa68d03726c001aa89c2.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\System\NBjOTeb.exe
  C:\Windows\System\NBjOTeb.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\kJrZVRX.exe
  C:\Windows\System\kJrZVRX.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\kWJfZYz.exe
  C:\Windows\System\kWJfZYz.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rPLxxrP.exe
  C:\Windows\System\rPLxxrP.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\LWnKCjo.exe
  C:\Windows\System\LWnKCjo.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\PkcWrci.exe
  C:\Windows\System\PkcWrci.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\duCGXqf.exe
  C:\Windows\System\duCGXqf.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\itAFtuE.exe
  C:\Windows\System\itAFtuE.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\OsxFuwq.exe
  C:\Windows\System\OsxFuwq.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\hoYKLHH.exe
  C:\Windows\System\hoYKLHH.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\AdeNMVb.exe
  C:\Windows\System\AdeNMVb.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\MMFYowO.exe
  C:\Windows\System\MMFYowO.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\hwnodxf.exe
  C:\Windows\System\hwnodxf.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\vrGHmID.exe
  C:\Windows\System\vrGHmID.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\isxUezg.exe
  C:\Windows\System\isxUezg.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\AtujGMF.exe
  C:\Windows\System\AtujGMF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\GcDegbZ.exe
  C:\Windows\System\GcDegbZ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZJBVplg.exe
  C:\Windows\System\ZJBVplg.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\HJaNMHh.exe
  C:\Windows\System\HJaNMHh.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\zBAsBhZ.exe
  C:\Windows\System\zBAsBhZ.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\OhLLgQS.exe
  C:\Windows\System\OhLLgQS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\cgRSRaE.exe
  C:\Windows\System\cgRSRaE.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ziXaTMX.exe
  C:\Windows\System\ziXaTMX.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\hpSbWpo.exe
  C:\Windows\System\hpSbWpo.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\GaghOlt.exe
  C:\Windows\System\GaghOlt.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\ysXKCvt.exe
  C:\Windows\System\ysXKCvt.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\fkaGLQG.exe
  C:\Windows\System\fkaGLQG.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\stzTrja.exe
  C:\Windows\System\stzTrja.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\DqgfflW.exe
  C:\Windows\System\DqgfflW.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\mcGXskX.exe
  C:\Windows\System\mcGXskX.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\ygoyVny.exe
  C:\Windows\System\ygoyVny.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\zGekDDG.exe
  C:\Windows\System\zGekDDG.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\MCYKXBc.exe
  C:\Windows\System\MCYKXBc.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\QeEwKJV.exe
  C:\Windows\System\QeEwKJV.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\MQwqOfg.exe
  C:\Windows\System\MQwqOfg.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\HUInCvc.exe
  C:\Windows\System\HUInCvc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\BkQCICi.exe
  C:\Windows\System\BkQCICi.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\JctlFsX.exe
  C:\Windows\System\JctlFsX.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\qoQAHkA.exe
  C:\Windows\System\qoQAHkA.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\siPIiNz.exe
  C:\Windows\System\siPIiNz.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\wYdbTOA.exe
  C:\Windows\System\wYdbTOA.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\vgfIPck.exe
  C:\Windows\System\vgfIPck.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\pmkxuhg.exe
  C:\Windows\System\pmkxuhg.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\RUhlVnp.exe
  C:\Windows\System\RUhlVnp.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\CaZGfrz.exe
  C:\Windows\System\CaZGfrz.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\vIBJmhs.exe
  C:\Windows\System\vIBJmhs.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\DbXraCk.exe
  C:\Windows\System\DbXraCk.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\HrsYFKh.exe
  C:\Windows\System\HrsYFKh.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\BVxZcmZ.exe
  C:\Windows\System\BVxZcmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\OWtWphQ.exe
  C:\Windows\System\OWtWphQ.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OliOdQa.exe
  C:\Windows\System\OliOdQa.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\fPOnsii.exe
  C:\Windows\System\fPOnsii.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\hRPvPCi.exe
  C:\Windows\System\hRPvPCi.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\FUWIRLU.exe
  C:\Windows\System\FUWIRLU.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\dKKzNUk.exe
  C:\Windows\System\dKKzNUk.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\gzJEWcu.exe
  C:\Windows\System\gzJEWcu.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\qnpfXUU.exe
  C:\Windows\System\qnpfXUU.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\QwvzHdn.exe
  C:\Windows\System\QwvzHdn.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\cfBPOBU.exe
  C:\Windows\System\cfBPOBU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\EhlAEOX.exe
  C:\Windows\System\EhlAEOX.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\aAyabbA.exe
  C:\Windows\System\aAyabbA.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\WbOXFMl.exe
  C:\Windows\System\WbOXFMl.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\zGSROjm.exe
  C:\Windows\System\zGSROjm.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\KuHMEfg.exe
  C:\Windows\System\KuHMEfg.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\ksCdydI.exe
  C:\Windows\System\ksCdydI.exe
  2⤵
  PID:1724
- C:\Windows\System\YvRsSDe.exe
  C:\Windows\System\YvRsSDe.exe
  2⤵
  PID:2180
- C:\Windows\System\AIYYOYj.exe
  C:\Windows\System\AIYYOYj.exe
  2⤵
  PID:440
- C:\Windows\System\nKeZncw.exe
  C:\Windows\System\nKeZncw.exe
  2⤵
  PID:984
- C:\Windows\System\SnMqrXF.exe
  C:\Windows\System\SnMqrXF.exe
  2⤵
  PID:2120
- C:\Windows\System\jawckOz.exe
  C:\Windows\System\jawckOz.exe
  2⤵
  PID:1856
- C:\Windows\System\CNOKSmY.exe
  C:\Windows\System\CNOKSmY.exe
  2⤵
  PID:956
- C:\Windows\System\LvMmQjm.exe
  C:\Windows\System\LvMmQjm.exe
  2⤵
  PID:568
- C:\Windows\System\jmeSErm.exe
  C:\Windows\System\jmeSErm.exe
  2⤵
  PID:1472
- C:\Windows\System\ZWStSJQ.exe
  C:\Windows\System\ZWStSJQ.exe
  2⤵
  PID:868
- C:\Windows\System\YAJohSi.exe
  C:\Windows\System\YAJohSi.exe
  2⤵
  PID:1656
- C:\Windows\System\ygNupaH.exe
  C:\Windows\System\ygNupaH.exe
  2⤵
  PID:1040
- C:\Windows\System\qyGIumF.exe
  C:\Windows\System\qyGIumF.exe
  2⤵
  PID:1920
- C:\Windows\System\NzCFqln.exe
  C:\Windows\System\NzCFqln.exe
  2⤵
  PID:1188
- C:\Windows\System\opQUEZn.exe
  C:\Windows\System\opQUEZn.exe
  2⤵
  PID:1896
- C:\Windows\System\qvgLnep.exe
  C:\Windows\System\qvgLnep.exe
  2⤵
  PID:1460
- C:\Windows\System\vBRWnsu.exe
  C:\Windows\System\vBRWnsu.exe
  2⤵
  PID:992
- C:\Windows\System\BNcGZBd.exe
  C:\Windows\System\BNcGZBd.exe
  2⤵
  PID:876
- C:\Windows\System\qYQaSoD.exe
  C:\Windows\System\qYQaSoD.exe
  2⤵
  PID:336
- C:\Windows\System\ebYbtTl.exe
  C:\Windows\System\ebYbtTl.exe
  2⤵
  PID:2076
- C:\Windows\System\oczwyqR.exe
  C:\Windows\System\oczwyqR.exe
  2⤵
  PID:1532
- C:\Windows\System\uLzlvPa.exe
  C:\Windows\System\uLzlvPa.exe
  2⤵
  PID:2712
- C:\Windows\System\AwLJELV.exe
  C:\Windows\System\AwLJELV.exe
  2⤵
  PID:2596
- C:\Windows\System\vuDFASe.exe
  C:\Windows\System\vuDFASe.exe
  2⤵
  PID:1232
- C:\Windows\System\qoLYXTb.exe
  C:\Windows\System\qoLYXTb.exe
  2⤵
  PID:2696
- C:\Windows\System\UlzEElb.exe
  C:\Windows\System\UlzEElb.exe
  2⤵
  PID:2900
- C:\Windows\System\xzSTAZy.exe
  C:\Windows\System\xzSTAZy.exe
  2⤵
  PID:480
- C:\Windows\System\BrqXqAI.exe
  C:\Windows\System\BrqXqAI.exe
  2⤵
  PID:2368
- C:\Windows\System\maRQftb.exe
  C:\Windows\System\maRQftb.exe
  2⤵
  PID:1512
- C:\Windows\System\zHVjVpJ.exe
  C:\Windows\System\zHVjVpJ.exe
  2⤵
  PID:1912
- C:\Windows\System\eeOffca.exe
  C:\Windows\System\eeOffca.exe
  2⤵
  PID:316
- C:\Windows\System\BiDwzPU.exe
  C:\Windows\System\BiDwzPU.exe
  2⤵
  PID:2084
- C:\Windows\System\JWOBEWA.exe
  C:\Windows\System\JWOBEWA.exe
  2⤵
  PID:2460
- C:\Windows\System\rqmZwjk.exe
  C:\Windows\System\rqmZwjk.exe
  2⤵
  PID:540
- C:\Windows\System\PNXIXDZ.exe
  C:\Windows\System\PNXIXDZ.exe
  2⤵
  PID:2220
- C:\Windows\System\ghSnvnA.exe
  C:\Windows\System\ghSnvnA.exe
  2⤵
  PID:1692
- C:\Windows\System\CObdDgZ.exe
  C:\Windows\System\CObdDgZ.exe
  2⤵
  PID:1120
- C:\Windows\System\PIPbNFD.exe
  C:\Windows\System\PIPbNFD.exe
  2⤵
  PID:2424
- C:\Windows\System\PqJrcVq.exe
  C:\Windows\System\PqJrcVq.exe
  2⤵
  PID:3080
- C:\Windows\System\kPnyZKO.exe
  C:\Windows\System\kPnyZKO.exe
  2⤵
  PID:3100
- C:\Windows\System\JyCWjyS.exe
  C:\Windows\System\JyCWjyS.exe
  2⤵
  PID:3120
- C:\Windows\System\cfCvPEc.exe
  C:\Windows\System\cfCvPEc.exe
  2⤵
  PID:3140
- C:\Windows\System\uegOeUK.exe
  C:\Windows\System\uegOeUK.exe
  2⤵
  PID:3160
- C:\Windows\System\fwmavSj.exe
  C:\Windows\System\fwmavSj.exe
  2⤵
  PID:3180
- C:\Windows\System\aisbDvd.exe
  C:\Windows\System\aisbDvd.exe
  2⤵
  PID:3200
- C:\Windows\System\loFaPzO.exe
  C:\Windows\System\loFaPzO.exe
  2⤵
  PID:3220
- C:\Windows\System\nxdfzrb.exe
  C:\Windows\System\nxdfzrb.exe
  2⤵
  PID:3240
- C:\Windows\System\alMTwFP.exe
  C:\Windows\System\alMTwFP.exe
  2⤵
  PID:3260
- C:\Windows\System\TPNqTKZ.exe
  C:\Windows\System\TPNqTKZ.exe
  2⤵
  PID:3280
- C:\Windows\System\qNkYZpD.exe
  C:\Windows\System\qNkYZpD.exe
  2⤵
  PID:3300
- C:\Windows\System\UKEULRF.exe
  C:\Windows\System\UKEULRF.exe
  2⤵
  PID:3320
- C:\Windows\System\NLQFTvB.exe
  C:\Windows\System\NLQFTvB.exe
  2⤵
  PID:3340
- C:\Windows\System\wUhLQej.exe
  C:\Windows\System\wUhLQej.exe
  2⤵
  PID:3360
- C:\Windows\System\NFHMOaB.exe
  C:\Windows\System\NFHMOaB.exe
  2⤵
  PID:3380
- C:\Windows\System\tjqQjgA.exe
  C:\Windows\System\tjqQjgA.exe
  2⤵
  PID:3400
- C:\Windows\System\dTNrodg.exe
  C:\Windows\System\dTNrodg.exe
  2⤵
  PID:3420
- C:\Windows\System\GReMdaM.exe
  C:\Windows\System\GReMdaM.exe
  2⤵
  PID:3440
- C:\Windows\System\auNMTdE.exe
  C:\Windows\System\auNMTdE.exe
  2⤵
  PID:3460
- C:\Windows\System\SqPweAr.exe
  C:\Windows\System\SqPweAr.exe
  2⤵
  PID:3476
- C:\Windows\System\psxHYVj.exe
  C:\Windows\System\psxHYVj.exe
  2⤵
  PID:3496
- C:\Windows\System\vDCNaHi.exe
  C:\Windows\System\vDCNaHi.exe
  2⤵
  PID:3516
- C:\Windows\System\vyRmciA.exe
  C:\Windows\System\vyRmciA.exe
  2⤵
  PID:3532
- C:\Windows\System\mmzuLOx.exe
  C:\Windows\System\mmzuLOx.exe
  2⤵
  PID:3548
- C:\Windows\System\BmOPKMl.exe
  C:\Windows\System\BmOPKMl.exe
  2⤵
  PID:3568
- C:\Windows\System\vCPtSdv.exe
  C:\Windows\System\vCPtSdv.exe
  2⤵
  PID:3592
- C:\Windows\System\ejGynEV.exe
  C:\Windows\System\ejGynEV.exe
  2⤵
  PID:3620
- C:\Windows\System\aLOMbnp.exe
  C:\Windows\System\aLOMbnp.exe
  2⤵
  PID:3636
- C:\Windows\System\DkzdCPU.exe
  C:\Windows\System\DkzdCPU.exe
  2⤵
  PID:3656
- C:\Windows\System\DuwIYbK.exe
  C:\Windows\System\DuwIYbK.exe
  2⤵
  PID:3672
- C:\Windows\System\cWQzjqn.exe
  C:\Windows\System\cWQzjqn.exe
  2⤵
  PID:3692
- C:\Windows\System\wPELwQk.exe
  C:\Windows\System\wPELwQk.exe
  2⤵
  PID:3712
- C:\Windows\System\SHscGdS.exe
  C:\Windows\System\SHscGdS.exe
  2⤵
  PID:3728
- C:\Windows\System\RFgbprm.exe
  C:\Windows\System\RFgbprm.exe
  2⤵
  PID:3752
- C:\Windows\System\TJDisGH.exe
  C:\Windows\System\TJDisGH.exe
  2⤵
  PID:3772
- C:\Windows\System\mNrRXzn.exe
  C:\Windows\System\mNrRXzn.exe
  2⤵
  PID:3796
- C:\Windows\System\AcCJoCW.exe
  C:\Windows\System\AcCJoCW.exe
  2⤵
  PID:3828
- C:\Windows\System\mpFzTTQ.exe
  C:\Windows\System\mpFzTTQ.exe
  2⤵
  PID:3848
- C:\Windows\System\fSnQoUy.exe
  C:\Windows\System\fSnQoUy.exe
  2⤵
  PID:3868
- C:\Windows\System\uZREjUV.exe
  C:\Windows\System\uZREjUV.exe
  2⤵
  PID:3884
- C:\Windows\System\nytxRDB.exe
  C:\Windows\System\nytxRDB.exe
  2⤵
  PID:3904
- C:\Windows\System\bhITIfq.exe
  C:\Windows\System\bhITIfq.exe
  2⤵
  PID:3920
- C:\Windows\System\AraZmFM.exe
  C:\Windows\System\AraZmFM.exe
  2⤵
  PID:3944
- C:\Windows\System\fDBVgdH.exe
  C:\Windows\System\fDBVgdH.exe
  2⤵
  PID:3968
- C:\Windows\System\qaAWnKH.exe
  C:\Windows\System\qaAWnKH.exe
  2⤵
  PID:3988
- C:\Windows\System\pcrftUg.exe
  C:\Windows\System\pcrftUg.exe
  2⤵
  PID:4008
- C:\Windows\System\wZOFvRr.exe
  C:\Windows\System\wZOFvRr.exe
  2⤵
  PID:4032
- C:\Windows\System\QZgAzIP.exe
  C:\Windows\System\QZgAzIP.exe
  2⤵
  PID:4052
- C:\Windows\System\mYMyuaA.exe
  C:\Windows\System\mYMyuaA.exe
  2⤵
  PID:4072
- C:\Windows\System\mFoDFag.exe
  C:\Windows\System\mFoDFag.exe
  2⤵
  PID:4092
- C:\Windows\System\rQWgXqC.exe
  C:\Windows\System\rQWgXqC.exe
  2⤵
  PID:1776
- C:\Windows\System\YLWuKWz.exe
  C:\Windows\System\YLWuKWz.exe
  2⤵
  PID:1712
- C:\Windows\System\GKeESgG.exe
  C:\Windows\System\GKeESgG.exe
  2⤵
  PID:2584
- C:\Windows\System\CoApeYJ.exe
  C:\Windows\System\CoApeYJ.exe
  2⤵
  PID:2324
- C:\Windows\System\UtxlBnC.exe
  C:\Windows\System\UtxlBnC.exe
  2⤵
  PID:1708
- C:\Windows\System\uERhjNd.exe
  C:\Windows\System\uERhjNd.exe
  2⤵
  PID:2996
- C:\Windows\System\RTkWuWz.exe
  C:\Windows\System\RTkWuWz.exe
  2⤵
  PID:2128
- C:\Windows\System\JbaeYRj.exe
  C:\Windows\System\JbaeYRj.exe
  2⤵
  PID:1216
- C:\Windows\System\ANeENwM.exe
  C:\Windows\System\ANeENwM.exe
  2⤵
  PID:2480
- C:\Windows\System\hnpVseI.exe
  C:\Windows\System\hnpVseI.exe
  2⤵
  PID:2468
- C:\Windows\System\KlpbuUj.exe
  C:\Windows\System\KlpbuUj.exe
  2⤵
  PID:1356
- C:\Windows\System\EKMLuaY.exe
  C:\Windows\System\EKMLuaY.exe
  2⤵
  PID:1904
- C:\Windows\System\xeTScoH.exe
  C:\Windows\System\xeTScoH.exe
  2⤵
  PID:3116
- C:\Windows\System\AMTWvLE.exe
  C:\Windows\System\AMTWvLE.exe
  2⤵
  PID:3176
- C:\Windows\System\aOaWoDW.exe
  C:\Windows\System\aOaWoDW.exe
  2⤵
  PID:3208
- C:\Windows\System\rFgmobP.exe
  C:\Windows\System\rFgmobP.exe
  2⤵
  PID:3212
- C:\Windows\System\jLtXwvZ.exe
  C:\Windows\System\jLtXwvZ.exe
  2⤵
  PID:3256
- C:\Windows\System\BoQXarR.exe
  C:\Windows\System\BoQXarR.exe
  2⤵
  PID:3272
- C:\Windows\System\NrrLfHc.exe
  C:\Windows\System\NrrLfHc.exe
  2⤵
  PID:3312
- C:\Windows\System\dZuDQEF.exe
  C:\Windows\System\dZuDQEF.exe
  2⤵
  PID:3376
- C:\Windows\System\PzvoWvW.exe
  C:\Windows\System\PzvoWvW.exe
  2⤵
  PID:3408
- C:\Windows\System\AvcHNlF.exe
  C:\Windows\System\AvcHNlF.exe
  2⤵
  PID:3392
- C:\Windows\System\guTIkYq.exe
  C:\Windows\System\guTIkYq.exe
  2⤵
  PID:3456
- C:\Windows\System\OSrXDDZ.exe
  C:\Windows\System\OSrXDDZ.exe
  2⤵
  PID:3468
- C:\Windows\System\nJBteVC.exe
  C:\Windows\System\nJBteVC.exe
  2⤵
  PID:3528
- C:\Windows\System\AwQJxxt.exe
  C:\Windows\System\AwQJxxt.exe
  2⤵
  PID:3512
- C:\Windows\System\WTUtNEH.exe
  C:\Windows\System\WTUtNEH.exe
  2⤵
  PID:3608
- C:\Windows\System\CtKFdRd.exe
  C:\Windows\System\CtKFdRd.exe
  2⤵
  PID:3540
- C:\Windows\System\ippQNDy.exe
  C:\Windows\System\ippQNDy.exe
  2⤵
  PID:3632
- C:\Windows\System\CooFsGU.exe
  C:\Windows\System\CooFsGU.exe
  2⤵
  PID:3688
- C:\Windows\System\DABNmZz.exe
  C:\Windows\System\DABNmZz.exe
  2⤵
  PID:3764
- C:\Windows\System\PNntEPn.exe
  C:\Windows\System\PNntEPn.exe
  2⤵
  PID:3748
- C:\Windows\System\PKmroEq.exe
  C:\Windows\System\PKmroEq.exe
  2⤵
  PID:3804
- C:\Windows\System\bfJndXG.exe
  C:\Windows\System\bfJndXG.exe
  2⤵
  PID:3820
- C:\Windows\System\qOdGOVe.exe
  C:\Windows\System\qOdGOVe.exe
  2⤵
  PID:3840
- C:\Windows\System\yAZnKeh.exe
  C:\Windows\System\yAZnKeh.exe
  2⤵
  PID:3928
- C:\Windows\System\AsqmFVe.exe
  C:\Windows\System\AsqmFVe.exe
  2⤵
  PID:3952
- C:\Windows\System\AyEkvSQ.exe
  C:\Windows\System\AyEkvSQ.exe
  2⤵
  PID:3964
- C:\Windows\System\fgJdDcC.exe
  C:\Windows\System\fgJdDcC.exe
  2⤵
  PID:3996
- C:\Windows\System\pghSNna.exe
  C:\Windows\System\pghSNna.exe
  2⤵
  PID:4024
- C:\Windows\System\qIqHhVi.exe
  C:\Windows\System\qIqHhVi.exe
  2⤵
  PID:4068
- C:\Windows\System\jMHXQrw.exe
  C:\Windows\System\jMHXQrw.exe
  2⤵
  PID:4084
- C:\Windows\System\WispoLj.exe
  C:\Windows\System\WispoLj.exe
  2⤵
  PID:2636
- C:\Windows\System\DrTulKY.exe
  C:\Windows\System\DrTulKY.exe
  2⤵
  PID:584
- C:\Windows\System\MfGSsXK.exe
  C:\Windows\System\MfGSsXK.exe
  2⤵
  PID:2240
- C:\Windows\System\xhDhEjH.exe
  C:\Windows\System\xhDhEjH.exe
  2⤵
  PID:2984
- C:\Windows\System\kNeGVeC.exe
  C:\Windows\System\kNeGVeC.exe
  2⤵
  PID:2348
- C:\Windows\System\CWrpUZZ.exe
  C:\Windows\System\CWrpUZZ.exe
  2⤵
  PID:2008
- C:\Windows\System\bmUObnH.exe
  C:\Windows\System\bmUObnH.exe
  2⤵
  PID:3096
- C:\Windows\System\avksNMt.exe
  C:\Windows\System\avksNMt.exe
  2⤵
  PID:3136
- C:\Windows\System\GbkEJMd.exe
  C:\Windows\System\GbkEJMd.exe
  2⤵
  PID:3236
- C:\Windows\System\MuPkbfc.exe
  C:\Windows\System\MuPkbfc.exe
  2⤵
  PID:3232
- C:\Windows\System\JKtgoNI.exe
  C:\Windows\System\JKtgoNI.exe
  2⤵
  PID:3268
- C:\Windows\System\kUbdhBj.exe
  C:\Windows\System\kUbdhBj.exe
  2⤵
  PID:3332
- C:\Windows\System\CrxBarr.exe
  C:\Windows\System\CrxBarr.exe
  2⤵
  PID:3396
- C:\Windows\System\YBBFzLK.exe
  C:\Windows\System\YBBFzLK.exe
  2⤵
  PID:3484
- C:\Windows\System\hfvcihM.exe
  C:\Windows\System\hfvcihM.exe
  2⤵
  PID:3564
- C:\Windows\System\KZJwKdH.exe
  C:\Windows\System\KZJwKdH.exe
  2⤵
  PID:3588
- C:\Windows\System\eXWiUih.exe
  C:\Windows\System\eXWiUih.exe
  2⤵
  PID:3668
- C:\Windows\System\oemNwJt.exe
  C:\Windows\System\oemNwJt.exe
  2⤵
  PID:3760
- C:\Windows\System\uIDVwpO.exe
  C:\Windows\System\uIDVwpO.exe
  2⤵
  PID:3700
- C:\Windows\System\dmawdac.exe
  C:\Windows\System\dmawdac.exe
  2⤵
  PID:3824
- C:\Windows\System\gdXlkKo.exe
  C:\Windows\System\gdXlkKo.exe
  2⤵
  PID:3940
- C:\Windows\System\Xqbrdcp.exe
  C:\Windows\System\Xqbrdcp.exe
  2⤵
  PID:3980
- C:\Windows\System\FMcHCHS.exe
  C:\Windows\System\FMcHCHS.exe
  2⤵
  PID:4000
- C:\Windows\System\OhAlkLZ.exe
  C:\Windows\System\OhAlkLZ.exe
  2⤵
  PID:2704
- C:\Windows\System\XEPWtlC.exe
  C:\Windows\System\XEPWtlC.exe
  2⤵
  PID:4088
- C:\Windows\System\sLjfKbd.exe
  C:\Windows\System\sLjfKbd.exe
  2⤵
  PID:2336
- C:\Windows\System\hvmerPd.exe
  C:\Windows\System\hvmerPd.exe
  2⤵
  PID:276
- C:\Windows\System\rdxfWNL.exe
  C:\Windows\System\rdxfWNL.exe
  2⤵
  PID:3092
- C:\Windows\System\nJgoqYm.exe
  C:\Windows\System\nJgoqYm.exe
  2⤵
  PID:3108
- C:\Windows\System\aTimSmR.exe
  C:\Windows\System\aTimSmR.exe
  2⤵
  PID:3156
- C:\Windows\System\ngyqfdZ.exe
  C:\Windows\System\ngyqfdZ.exe
  2⤵
  PID:3276
- C:\Windows\System\APKJypb.exe
  C:\Windows\System\APKJypb.exe
  2⤵
  PID:3356
- C:\Windows\System\YFpYmLK.exe
  C:\Windows\System\YFpYmLK.exe
  2⤵
  PID:3388
- C:\Windows\System\AftIRnZ.exe
  C:\Windows\System\AftIRnZ.exe
  2⤵
  PID:3648
- C:\Windows\System\QZPKIop.exe
  C:\Windows\System\QZPKIop.exe
  2⤵
  PID:3680
- C:\Windows\System\WWPWYPN.exe
  C:\Windows\System\WWPWYPN.exe
  2⤵
  PID:3784
- C:\Windows\System\HLYBPcj.exe
  C:\Windows\System\HLYBPcj.exe
  2⤵
  PID:3860
- C:\Windows\System\MisaUyT.exe
  C:\Windows\System\MisaUyT.exe
  2⤵
  PID:3976
- C:\Windows\System\gxfzpag.exe
  C:\Windows\System\gxfzpag.exe
  2⤵
  PID:4108
- C:\Windows\System\yTyxxWq.exe
  C:\Windows\System\yTyxxWq.exe
  2⤵
  PID:4128
- C:\Windows\System\YSqAWFp.exe
  C:\Windows\System\YSqAWFp.exe
  2⤵
  PID:4148
- C:\Windows\System\iozilEu.exe
  C:\Windows\System\iozilEu.exe
  2⤵
  PID:4168
- C:\Windows\System\OqVengW.exe
  C:\Windows\System\OqVengW.exe
  2⤵
  PID:4188
- C:\Windows\System\EUNxGNe.exe
  C:\Windows\System\EUNxGNe.exe
  2⤵
  PID:4208
- C:\Windows\System\kUokgSq.exe
  C:\Windows\System\kUokgSq.exe
  2⤵
  PID:4228
- C:\Windows\System\JkWdhqk.exe
  C:\Windows\System\JkWdhqk.exe
  2⤵
  PID:4248
- C:\Windows\System\rYelGpi.exe
  C:\Windows\System\rYelGpi.exe
  2⤵
  PID:4268
- C:\Windows\System\GZgZrtl.exe
  C:\Windows\System\GZgZrtl.exe
  2⤵
  PID:4288
- C:\Windows\System\UnMVsIF.exe
  C:\Windows\System\UnMVsIF.exe
  2⤵
  PID:4308
- C:\Windows\System\GsbGOQs.exe
  C:\Windows\System\GsbGOQs.exe
  2⤵
  PID:4328
- C:\Windows\System\OtUJGqp.exe
  C:\Windows\System\OtUJGqp.exe
  2⤵
  PID:4348
- C:\Windows\System\SFzvGRe.exe
  C:\Windows\System\SFzvGRe.exe
  2⤵
  PID:4368
- C:\Windows\System\sjMtgUw.exe
  C:\Windows\System\sjMtgUw.exe
  2⤵
  PID:4388
- C:\Windows\System\vOqIxdF.exe
  C:\Windows\System\vOqIxdF.exe
  2⤵
  PID:4408
- C:\Windows\System\RnlGlfU.exe
  C:\Windows\System\RnlGlfU.exe
  2⤵
  PID:4428
- C:\Windows\System\RSdgRqf.exe
  C:\Windows\System\RSdgRqf.exe
  2⤵
  PID:4448
- C:\Windows\System\TQDSqPk.exe
  C:\Windows\System\TQDSqPk.exe
  2⤵
  PID:4468
- C:\Windows\System\YqDzaBR.exe
  C:\Windows\System\YqDzaBR.exe
  2⤵
  PID:4488
- C:\Windows\System\qOfSUtQ.exe
  C:\Windows\System\qOfSUtQ.exe
  2⤵
  PID:4508
- C:\Windows\System\adHSoBG.exe
  C:\Windows\System\adHSoBG.exe
  2⤵
  PID:4528
- C:\Windows\System\WLjypZo.exe
  C:\Windows\System\WLjypZo.exe
  2⤵
  PID:4548
- C:\Windows\System\gWYXaTg.exe
  C:\Windows\System\gWYXaTg.exe
  2⤵
  PID:4568
- C:\Windows\System\MyWuWOv.exe
  C:\Windows\System\MyWuWOv.exe
  2⤵
  PID:4588
- C:\Windows\System\NvAgZJx.exe
  C:\Windows\System\NvAgZJx.exe
  2⤵
  PID:4608
- C:\Windows\System\yQTmUlR.exe
  C:\Windows\System\yQTmUlR.exe
  2⤵
  PID:4628
- C:\Windows\System\YBZpuFg.exe
  C:\Windows\System\YBZpuFg.exe
  2⤵
  PID:4648
- C:\Windows\System\AnWqAKQ.exe
  C:\Windows\System\AnWqAKQ.exe
  2⤵
  PID:4668
- C:\Windows\System\rePziky.exe
  C:\Windows\System\rePziky.exe
  2⤵
  PID:4688
- C:\Windows\System\rMISomw.exe
  C:\Windows\System\rMISomw.exe
  2⤵
  PID:4708
- C:\Windows\System\EAjwZlz.exe
  C:\Windows\System\EAjwZlz.exe
  2⤵
  PID:4728
- C:\Windows\System\pdHlqwE.exe
  C:\Windows\System\pdHlqwE.exe
  2⤵
  PID:4748
- C:\Windows\System\MTYmbxY.exe
  C:\Windows\System\MTYmbxY.exe
  2⤵
  PID:4768
- C:\Windows\System\tirQtrf.exe
  C:\Windows\System\tirQtrf.exe
  2⤵
  PID:4788
- C:\Windows\System\AAUAIuq.exe
  C:\Windows\System\AAUAIuq.exe
  2⤵
  PID:4808
- C:\Windows\System\QMgorLt.exe
  C:\Windows\System\QMgorLt.exe
  2⤵
  PID:4828
- C:\Windows\System\jLCSNkf.exe
  C:\Windows\System\jLCSNkf.exe
  2⤵
  PID:4848
- C:\Windows\System\nWZkQEF.exe
  C:\Windows\System\nWZkQEF.exe
  2⤵
  PID:4876
- C:\Windows\System\hFivpNY.exe
  C:\Windows\System\hFivpNY.exe
  2⤵
  PID:4896
- C:\Windows\System\noHFXdN.exe
  C:\Windows\System\noHFXdN.exe
  2⤵
  PID:4916
- C:\Windows\System\DgJIkMo.exe
  C:\Windows\System\DgJIkMo.exe
  2⤵
  PID:4936
- C:\Windows\System\WhZSuMm.exe
  C:\Windows\System\WhZSuMm.exe
  2⤵
  PID:4956
- C:\Windows\System\tVwFYOv.exe
  C:\Windows\System\tVwFYOv.exe
  2⤵
  PID:4976
- C:\Windows\System\tWQqAqt.exe
  C:\Windows\System\tWQqAqt.exe
  2⤵
  PID:4996
- C:\Windows\System\KuuEwmN.exe
  C:\Windows\System\KuuEwmN.exe
  2⤵
  PID:5016
- C:\Windows\System\QGyveZB.exe
  C:\Windows\System\QGyveZB.exe
  2⤵
  PID:5036
- C:\Windows\System\EGGIwDk.exe
  C:\Windows\System\EGGIwDk.exe
  2⤵
  PID:5056
- C:\Windows\System\xmJoNsY.exe
  C:\Windows\System\xmJoNsY.exe
  2⤵
  PID:5076
- C:\Windows\System\VVaJeAY.exe
  C:\Windows\System\VVaJeAY.exe
  2⤵
  PID:5092
- C:\Windows\System\oCqMqUa.exe
  C:\Windows\System\oCqMqUa.exe
  2⤵
  PID:5116
- C:\Windows\System\lokluaO.exe
  C:\Windows\System\lokluaO.exe
  2⤵
  PID:4080
- C:\Windows\System\KNpNTwZ.exe
  C:\Windows\System\KNpNTwZ.exe
  2⤵
  PID:2092
- C:\Windows\System\zauJiac.exe
  C:\Windows\System\zauJiac.exe
  2⤵
  PID:1256
- C:\Windows\System\cFMkmeX.exe
  C:\Windows\System\cFMkmeX.exe
  2⤵
  PID:3132
- C:\Windows\System\jGkAWdW.exe
  C:\Windows\System\jGkAWdW.exe
  2⤵
  PID:3428
- C:\Windows\System\ZWdXIps.exe
  C:\Windows\System\ZWdXIps.exe
  2⤵
  PID:3336
- C:\Windows\System\SFGnTsM.exe
  C:\Windows\System\SFGnTsM.exe
  2⤵
  PID:3664
- C:\Windows\System\aoihBoQ.exe
  C:\Windows\System\aoihBoQ.exe
  2⤵
  PID:3836
- C:\Windows\System\jGdvZkz.exe
  C:\Windows\System\jGdvZkz.exe
  2⤵
  PID:3876
- C:\Windows\System\KmhWHKX.exe
  C:\Windows\System\KmhWHKX.exe
  2⤵
  PID:4104
- C:\Windows\System\ofMrPQp.exe
  C:\Windows\System\ofMrPQp.exe
  2⤵
  PID:4136
- C:\Windows\System\FhyWyYx.exe
  C:\Windows\System\FhyWyYx.exe
  2⤵
  PID:4184
- C:\Windows\System\CQEfeiP.exe
  C:\Windows\System\CQEfeiP.exe
  2⤵
  PID:4220
- C:\Windows\System\XkAByFU.exe
  C:\Windows\System\XkAByFU.exe
  2⤵
  PID:4236
- C:\Windows\System\NconCcw.exe
  C:\Windows\System\NconCcw.exe
  2⤵
  PID:4260
- C:\Windows\System\OVhjqFY.exe
  C:\Windows\System\OVhjqFY.exe
  2⤵
  PID:4304
- C:\Windows\System\lekfCrs.exe
  C:\Windows\System\lekfCrs.exe
  2⤵
  PID:4344
- C:\Windows\System\oFxsnvZ.exe
  C:\Windows\System\oFxsnvZ.exe
  2⤵
  PID:4364
- C:\Windows\System\NNqKtiO.exe
  C:\Windows\System\NNqKtiO.exe
  2⤵
  PID:4404
- C:\Windows\System\SPhnHYk.exe
  C:\Windows\System\SPhnHYk.exe
  2⤵
  PID:4444
- C:\Windows\System\wFaYCrq.exe
  C:\Windows\System\wFaYCrq.exe
  2⤵
  PID:4460
- C:\Windows\System\lbefjQM.exe
  C:\Windows\System\lbefjQM.exe
  2⤵
  PID:4500
- C:\Windows\System\KPLjBcP.exe
  C:\Windows\System\KPLjBcP.exe
  2⤵
  PID:4520
- C:\Windows\System\GiaBelJ.exe
  C:\Windows\System\GiaBelJ.exe
  2⤵
  PID:4564
- C:\Windows\System\gMCCsvk.exe
  C:\Windows\System\gMCCsvk.exe
  2⤵
  PID:4604
- C:\Windows\System\ztEKliX.exe
  C:\Windows\System\ztEKliX.exe
  2⤵
  PID:4644
- C:\Windows\System\zpTazOs.exe
  C:\Windows\System\zpTazOs.exe
  2⤵
  PID:4676
- C:\Windows\System\PDmBmkF.exe
  C:\Windows\System\PDmBmkF.exe
  2⤵
  PID:4700
- C:\Windows\System\UWCrdde.exe
  C:\Windows\System\UWCrdde.exe
  2⤵
  PID:4740
- C:\Windows\System\qWkLWac.exe
  C:\Windows\System\qWkLWac.exe
  2⤵
  PID:4784
- C:\Windows\System\GyYwdwh.exe
  C:\Windows\System\GyYwdwh.exe
  2⤵
  PID:4804
- C:\Windows\System\ERabsWd.exe
  C:\Windows\System\ERabsWd.exe
  2⤵
  PID:4836
- C:\Windows\System\PiQKeTm.exe
  C:\Windows\System\PiQKeTm.exe
  2⤵
  PID:4860
- C:\Windows\System\XAOflgk.exe
  C:\Windows\System\XAOflgk.exe
  2⤵
  PID:4888
- C:\Windows\System\ZkDNUQj.exe
  C:\Windows\System\ZkDNUQj.exe
  2⤵
  PID:4924
- C:\Windows\System\oMTxHtI.exe
  C:\Windows\System\oMTxHtI.exe
  2⤵
  PID:4972
- C:\Windows\System\jLlVJYh.exe
  C:\Windows\System\jLlVJYh.exe
  2⤵
  PID:4988
- C:\Windows\System\VjYMgay.exe
  C:\Windows\System\VjYMgay.exe
  2⤵
  PID:5028
- C:\Windows\System\SzrAnsC.exe
  C:\Windows\System\SzrAnsC.exe
  2⤵
  PID:5084
- C:\Windows\System\SNrwqcS.exe
  C:\Windows\System\SNrwqcS.exe
  2⤵
  PID:5112
- C:\Windows\System\AUrsQIs.exe
  C:\Windows\System\AUrsQIs.exe
  2⤵
  PID:880
- C:\Windows\System\JjCjFLF.exe
  C:\Windows\System\JjCjFLF.exe
  2⤵
  PID:1508
- C:\Windows\System\pfkWSuv.exe
  C:\Windows\System\pfkWSuv.exe
  2⤵
  PID:1480
- C:\Windows\System\NlBBrmr.exe
  C:\Windows\System\NlBBrmr.exe
  2⤵
  PID:3560
- C:\Windows\System\GdYTQSg.exe
  C:\Windows\System\GdYTQSg.exe
  2⤵
  PID:3984
- C:\Windows\System\SZubxxO.exe
  C:\Windows\System\SZubxxO.exe
  2⤵
  PID:4156
- C:\Windows\System\MFDvZlU.exe
  C:\Windows\System\MFDvZlU.exe
  2⤵
  PID:4164
- C:\Windows\System\zMUdOQY.exe
  C:\Windows\System\zMUdOQY.exe
  2⤵
  PID:4204
- C:\Windows\System\ekUiJiE.exe
  C:\Windows\System\ekUiJiE.exe
  2⤵
  PID:4296
- C:\Windows\System\iXURkKZ.exe
  C:\Windows\System\iXURkKZ.exe
  2⤵
  PID:4240
- C:\Windows\System\pqKNjMv.exe
  C:\Windows\System\pqKNjMv.exe
  2⤵
  PID:4316
- C:\Windows\System\aHXCmkt.exe
  C:\Windows\System\aHXCmkt.exe
  2⤵
  PID:4420
- C:\Windows\System\KcdWtFG.exe
  C:\Windows\System\KcdWtFG.exe
  2⤵
  PID:4484
- C:\Windows\System\MvGsIUj.exe
  C:\Windows\System\MvGsIUj.exe
  2⤵
  PID:4464
- C:\Windows\System\yBfgSEP.exe
  C:\Windows\System\yBfgSEP.exe
  2⤵
  PID:4624
- C:\Windows\System\yiqjrUW.exe
  C:\Windows\System\yiqjrUW.exe
  2⤵
  PID:4684
- C:\Windows\System\cmxgnfa.exe
  C:\Windows\System\cmxgnfa.exe
  2⤵
  PID:4524
- C:\Windows\System\IcLMTOn.exe
  C:\Windows\System\IcLMTOn.exe
  2⤵
  PID:4720
- C:\Windows\System\mSCdCAo.exe
  C:\Windows\System\mSCdCAo.exe
  2⤵
  PID:4820
- C:\Windows\System\WxvLcwH.exe
  C:\Windows\System\WxvLcwH.exe
  2⤵
  PID:4764
- C:\Windows\System\UGqJIDr.exe
  C:\Windows\System\UGqJIDr.exe
  2⤵
  PID:5008
- C:\Windows\System\XGmsgkm.exe
  C:\Windows\System\XGmsgkm.exe
  2⤵
  PID:4944
- C:\Windows\System\nWjBkkt.exe
  C:\Windows\System\nWjBkkt.exe
  2⤵
  PID:4984
- C:\Windows\System\qbhPdgs.exe
  C:\Windows\System\qbhPdgs.exe
  2⤵
  PID:548
- C:\Windows\System\PjNxGAz.exe
  C:\Windows\System\PjNxGAz.exe
  2⤵
  PID:5048
- C:\Windows\System\Mesgdwv.exe
  C:\Windows\System\Mesgdwv.exe
  2⤵
  PID:5064
- C:\Windows\System\MLNRhZN.exe
  C:\Windows\System\MLNRhZN.exe
  2⤵
  PID:2736
- C:\Windows\System\CzCCRsp.exe
  C:\Windows\System\CzCCRsp.exe
  2⤵
  PID:2768
- C:\Windows\System\oabeIdX.exe
  C:\Windows\System\oabeIdX.exe
  2⤵
  PID:536
- C:\Windows\System\kdXmGNj.exe
  C:\Windows\System\kdXmGNj.exe
  2⤵
  PID:4356
- C:\Windows\System\CIlgQSO.exe
  C:\Windows\System\CIlgQSO.exe
  2⤵
  PID:2676
- C:\Windows\System\oPVDSKg.exe
  C:\Windows\System\oPVDSKg.exe
  2⤵
  PID:4116
- C:\Windows\System\fjUUsIL.exe
  C:\Windows\System\fjUUsIL.exe
  2⤵
  PID:4384
- C:\Windows\System\tQULXyI.exe
  C:\Windows\System\tQULXyI.exe
  2⤵
  PID:4496
- C:\Windows\System\OAREMIQ.exe
  C:\Windows\System\OAREMIQ.exe
  2⤵
  PID:2308
- C:\Windows\System\yEmmxsJ.exe
  C:\Windows\System\yEmmxsJ.exe
  2⤵
  PID:4656
- C:\Windows\System\IQmIuUl.exe
  C:\Windows\System\IQmIuUl.exe
  2⤵
  PID:4892
- C:\Windows\System\VZMGjTY.exe
  C:\Windows\System\VZMGjTY.exe
  2⤵
  PID:4744
- C:\Windows\System\WndnyKm.exe
  C:\Windows\System\WndnyKm.exe
  2⤵
  PID:5124
- C:\Windows\System\srmOdLa.exe
  C:\Windows\System\srmOdLa.exe
  2⤵
  PID:5144
- C:\Windows\System\CJDfLuj.exe
  C:\Windows\System\CJDfLuj.exe
  2⤵
  PID:5180
- C:\Windows\System\CjFoVkP.exe
  C:\Windows\System\CjFoVkP.exe
  2⤵
  PID:5196
- C:\Windows\System\FaBxCtp.exe
  C:\Windows\System\FaBxCtp.exe
  2⤵
  PID:5216
- C:\Windows\System\iIawTau.exe
  C:\Windows\System\iIawTau.exe
  2⤵
  PID:5240
- C:\Windows\System\rabDxuL.exe
  C:\Windows\System\rabDxuL.exe
  2⤵
  PID:5256
- C:\Windows\System\lZQQUrm.exe
  C:\Windows\System\lZQQUrm.exe
  2⤵
  PID:5280
- C:\Windows\System\YWxjcbH.exe
  C:\Windows\System\YWxjcbH.exe
  2⤵
  PID:5296
- C:\Windows\System\dthvZXR.exe
  C:\Windows\System\dthvZXR.exe
  2⤵
  PID:5312
- C:\Windows\System\kuBQhtK.exe
  C:\Windows\System\kuBQhtK.exe
  2⤵
  PID:5336
- C:\Windows\System\blJkOsZ.exe
  C:\Windows\System\blJkOsZ.exe
  2⤵
  PID:5356
- C:\Windows\System\sBgxVcd.exe
  C:\Windows\System\sBgxVcd.exe
  2⤵
  PID:5372
- C:\Windows\System\ElQqwLI.exe
  C:\Windows\System\ElQqwLI.exe
  2⤵
  PID:5396
- C:\Windows\System\ZanyTCD.exe
  C:\Windows\System\ZanyTCD.exe
  2⤵
  PID:5416
- C:\Windows\System\JyiyvEh.exe
  C:\Windows\System\JyiyvEh.exe
  2⤵
  PID:5436
- C:\Windows\System\psfLyys.exe
  C:\Windows\System\psfLyys.exe
  2⤵
  PID:5460
- C:\Windows\System\uqawwod.exe
  C:\Windows\System\uqawwod.exe
  2⤵
  PID:5476
- C:\Windows\System\pzAruVF.exe
  C:\Windows\System\pzAruVF.exe
  2⤵
  PID:5524
- C:\Windows\System\wFaUgkU.exe
  C:\Windows\System\wFaUgkU.exe
  2⤵
  PID:5540
- C:\Windows\System\crEtpav.exe
  C:\Windows\System\crEtpav.exe
  2⤵
  PID:5556
- C:\Windows\System\zqbLlcQ.exe
  C:\Windows\System\zqbLlcQ.exe
  2⤵
  PID:5580
- C:\Windows\System\ShGPXDx.exe
  C:\Windows\System\ShGPXDx.exe
  2⤵
  PID:5600
- C:\Windows\System\HlmleeS.exe
  C:\Windows\System\HlmleeS.exe
  2⤵
  PID:5620
- C:\Windows\System\htayUKs.exe
  C:\Windows\System\htayUKs.exe
  2⤵
  PID:5640
- C:\Windows\System\baETCtz.exe
  C:\Windows\System\baETCtz.exe
  2⤵
  PID:5656
- C:\Windows\System\KurxNuu.exe
  C:\Windows\System\KurxNuu.exe
  2⤵
  PID:5680
- C:\Windows\System\eGXodKu.exe
  C:\Windows\System\eGXodKu.exe
  2⤵
  PID:5696
- C:\Windows\System\fUHlgWM.exe
  C:\Windows\System\fUHlgWM.exe
  2⤵
  PID:5712
- C:\Windows\System\UXdiTCr.exe
  C:\Windows\System\UXdiTCr.exe
  2⤵
  PID:5728
- C:\Windows\System\oqarBNw.exe
  C:\Windows\System\oqarBNw.exe
  2⤵
  PID:5744
- C:\Windows\System\gjcDQhG.exe
  C:\Windows\System\gjcDQhG.exe
  2⤵
  PID:5760
- C:\Windows\System\XAxGbNm.exe
  C:\Windows\System\XAxGbNm.exe
  2⤵
  PID:5788
- C:\Windows\System\mOpyyLE.exe
  C:\Windows\System\mOpyyLE.exe
  2⤵
  PID:5812
- C:\Windows\System\aKjXbVw.exe
  C:\Windows\System\aKjXbVw.exe
  2⤵
  PID:5836
- C:\Windows\System\QdtDqAt.exe
  C:\Windows\System\QdtDqAt.exe
  2⤵
  PID:5860
- C:\Windows\System\oJvvPGe.exe
  C:\Windows\System\oJvvPGe.exe
  2⤵
  PID:5880
- C:\Windows\System\LwRvIfu.exe
  C:\Windows\System\LwRvIfu.exe
  2⤵
  PID:5900
- C:\Windows\System\LXsWOKX.exe
  C:\Windows\System\LXsWOKX.exe
  2⤵
  PID:5920
- C:\Windows\System\rfsSlXy.exe
  C:\Windows\System\rfsSlXy.exe
  2⤵
  PID:5940
- C:\Windows\System\IfIeNTz.exe
  C:\Windows\System\IfIeNTz.exe
  2⤵
  PID:5964
- C:\Windows\System\WDrFRSp.exe
  C:\Windows\System\WDrFRSp.exe
  2⤵
  PID:5984
- C:\Windows\System\pxViybK.exe
  C:\Windows\System\pxViybK.exe
  2⤵
  PID:6004
- C:\Windows\System\WdiTnqc.exe
  C:\Windows\System\WdiTnqc.exe
  2⤵
  PID:6024
- C:\Windows\System\zCgvhXS.exe
  C:\Windows\System\zCgvhXS.exe
  2⤵
  PID:6044
- C:\Windows\System\yqkGmrr.exe
  C:\Windows\System\yqkGmrr.exe
  2⤵
  PID:6064
- C:\Windows\System\lysLLqt.exe
  C:\Windows\System\lysLLqt.exe
  2⤵
  PID:6084
- C:\Windows\System\XXpLfUW.exe
  C:\Windows\System\XXpLfUW.exe
  2⤵
  PID:6104
- C:\Windows\System\HtkPKHO.exe
  C:\Windows\System\HtkPKHO.exe
  2⤵
  PID:6124
- C:\Windows\System\HAaqzyi.exe
  C:\Windows\System\HAaqzyi.exe
  2⤵
  PID:4912
- C:\Windows\System\AnxMKWK.exe
  C:\Windows\System\AnxMKWK.exe
  2⤵
  PID:3196
- C:\Windows\System\FfdYlII.exe
  C:\Windows\System\FfdYlII.exe
  2⤵
  PID:4756
- C:\Windows\System\ozctGtg.exe
  C:\Windows\System\ozctGtg.exe
  2⤵
  PID:4264
- C:\Windows\System\bGPTJSN.exe
  C:\Windows\System\bGPTJSN.exe
  2⤵
  PID:4480
- C:\Windows\System\ScvBoei.exe
  C:\Windows\System\ScvBoei.exe
  2⤵
  PID:4716
- C:\Windows\System\emMIYtH.exe
  C:\Windows\System\emMIYtH.exe
  2⤵
  PID:5192
- C:\Windows\System\YMvoKsl.exe
  C:\Windows\System\YMvoKsl.exe
  2⤵
  PID:4556
- C:\Windows\System\SyBuGSg.exe
  C:\Windows\System\SyBuGSg.exe
  2⤵
  PID:5268
- C:\Windows\System\apCpbwX.exe
  C:\Windows\System\apCpbwX.exe
  2⤵
  PID:5308
- C:\Windows\System\gRAZuro.exe
  C:\Windows\System\gRAZuro.exe
  2⤵
  PID:5032
- C:\Windows\System\MkstjIS.exe
  C:\Windows\System\MkstjIS.exe
  2⤵
  PID:2104
- C:\Windows\System\omqlIgx.exe
  C:\Windows\System\omqlIgx.exe
  2⤵
  PID:2856
- C:\Windows\System\CVtixgv.exe
  C:\Windows\System\CVtixgv.exe
  2⤵
  PID:4424
- C:\Windows\System\YMkhodW.exe
  C:\Windows\System\YMkhodW.exe
  2⤵
  PID:4620
- C:\Windows\System\qrNeWYS.exe
  C:\Windows\System\qrNeWYS.exe
  2⤵
  PID:5380
- C:\Windows\System\jRoBZek.exe
  C:\Windows\System\jRoBZek.exe
  2⤵
  PID:5432
- C:\Windows\System\ORalIhP.exe
  C:\Windows\System\ORalIhP.exe
  2⤵
  PID:4864
- C:\Windows\System\tFrLYOI.exe
  C:\Windows\System\tFrLYOI.exe
  2⤵
  PID:5156
- C:\Windows\System\yapUuyk.exe
  C:\Windows\System\yapUuyk.exe
  2⤵
  PID:5176
- C:\Windows\System\MzBEnvZ.exe
  C:\Windows\System\MzBEnvZ.exe
  2⤵
  PID:5248
- C:\Windows\System\eXhPpOI.exe
  C:\Windows\System\eXhPpOI.exe
  2⤵
  PID:5320
- C:\Windows\System\fgiXlGe.exe
  C:\Windows\System\fgiXlGe.exe
  2⤵
  PID:5412
- C:\Windows\System\tDqDyyX.exe
  C:\Windows\System\tDqDyyX.exe
  2⤵
  PID:5452
- C:\Windows\System\bAMFzgj.exe
  C:\Windows\System\bAMFzgj.exe
  2⤵
  PID:2112
- C:\Windows\System\TiXRfjQ.exe
  C:\Windows\System\TiXRfjQ.exe
  2⤵
  PID:5292
- C:\Windows\System\MQvvxke.exe
  C:\Windows\System\MQvvxke.exe
  2⤵
  PID:5648
- C:\Windows\System\toediBV.exe
  C:\Windows\System\toediBV.exe
  2⤵
  PID:5488
- C:\Windows\System\QxYbSFY.exe
  C:\Windows\System\QxYbSFY.exe
  2⤵
  PID:5500
- C:\Windows\System\WSFPuBS.exe
  C:\Windows\System\WSFPuBS.exe
  2⤵
  PID:5552
- C:\Windows\System\CozkgOI.exe
  C:\Windows\System\CozkgOI.exe
  2⤵
  PID:5596
- C:\Windows\System\WItcqHk.exe
  C:\Windows\System\WItcqHk.exe
  2⤵
  PID:5796
- C:\Windows\System\nPUtqmE.exe
  C:\Windows\System\nPUtqmE.exe
  2⤵
  PID:5808
- C:\Windows\System\NeEnfTM.exe
  C:\Windows\System\NeEnfTM.exe
  2⤵
  PID:5708
- C:\Windows\System\KuYGBRr.exe
  C:\Windows\System\KuYGBRr.exe
  2⤵
  PID:5784
- C:\Windows\System\ixmVJZK.exe
  C:\Windows\System\ixmVJZK.exe
  2⤵
  PID:5844
- C:\Windows\System\JeezzAC.exe
  C:\Windows\System\JeezzAC.exe
  2⤵
  PID:5832
- C:\Windows\System\iRYGuro.exe
  C:\Windows\System\iRYGuro.exe
  2⤵
  PID:5872
- C:\Windows\System\YYTsUZP.exe
  C:\Windows\System\YYTsUZP.exe
  2⤵
  PID:5908
- C:\Windows\System\itofKDc.exe
  C:\Windows\System\itofKDc.exe
  2⤵
  PID:5956
- C:\Windows\System\jWGiBEe.exe
  C:\Windows\System\jWGiBEe.exe
  2⤵
  PID:2944
- C:\Windows\System\VJnEfIZ.exe
  C:\Windows\System\VJnEfIZ.exe
  2⤵
  PID:6016
- C:\Windows\System\PViWzyt.exe
  C:\Windows\System\PViWzyt.exe
  2⤵
  PID:6036
- C:\Windows\System\NVeJoTA.exe
  C:\Windows\System\NVeJoTA.exe
  2⤵
  PID:6076
- C:\Windows\System\erEaaeQ.exe
  C:\Windows\System\erEaaeQ.exe
  2⤵
  PID:6132
- C:\Windows\System\mGxjltH.exe
  C:\Windows\System\mGxjltH.exe
  2⤵
  PID:2248
- C:\Windows\System\dbNuDAa.exe
  C:\Windows\System\dbNuDAa.exe
  2⤵
  PID:5104
- C:\Windows\System\TdrBaAE.exe
  C:\Windows\System\TdrBaAE.exe
  2⤵
  PID:4416
- C:\Windows\System\UskIMnL.exe
  C:\Windows\System\UskIMnL.exe
  2⤵
  PID:4160
- C:\Windows\System\JiNnoHY.exe
  C:\Windows\System\JiNnoHY.exe
  2⤵
  PID:4660
- C:\Windows\System\nDcJLvX.exe
  C:\Windows\System\nDcJLvX.exe
  2⤵
  PID:2312
- C:\Windows\System\DbWbmto.exe
  C:\Windows\System\DbWbmto.exe
  2⤵
  PID:4536
- C:\Windows\System\asiqGKA.exe
  C:\Windows\System\asiqGKA.exe
  2⤵
  PID:2672
- C:\Windows\System\UeBWKdf.exe
  C:\Windows\System\UeBWKdf.exe
  2⤵
  PID:5024
- C:\Windows\System\AVuPyNP.exe
  C:\Windows\System\AVuPyNP.exe
  2⤵
  PID:5072
- C:\Windows\System\jvNuMdr.exe
  C:\Windows\System\jvNuMdr.exe
  2⤵
  PID:5424
- C:\Windows\System\PDtrSJc.exe
  C:\Windows\System\PDtrSJc.exe
  2⤵
  PID:5152
- C:\Windows\System\ZZJeGLP.exe
  C:\Windows\System\ZZJeGLP.exe
  2⤵
  PID:5472
- C:\Windows\System\ZWnqRZJ.exe
  C:\Windows\System\ZWnqRZJ.exe
  2⤵
  PID:5212
- C:\Windows\System\cJztvEQ.exe
  C:\Windows\System\cJztvEQ.exe
  2⤵
  PID:5404
- C:\Windows\System\VNAgAJz.exe
  C:\Windows\System\VNAgAJz.exe
  2⤵
  PID:5252
- C:\Windows\System\iRGBoBi.exe
  C:\Windows\System\iRGBoBi.exe
  2⤵
  PID:5444
- C:\Windows\System\peUtScj.exe
  C:\Windows\System\peUtScj.exe
  2⤵
  PID:5324
- C:\Windows\System\JRbMVzl.exe
  C:\Windows\System\JRbMVzl.exe
  2⤵
  PID:5688
- C:\Windows\System\RkoaWZz.exe
  C:\Windows\System\RkoaWZz.exe
  2⤵
  PID:5512
- C:\Windows\System\DBoRPPO.exe
  C:\Windows\System\DBoRPPO.exe
  2⤵
  PID:5632
- C:\Windows\System\nAXEUDY.exe
  C:\Windows\System\nAXEUDY.exe
  2⤵
  PID:2228
- C:\Windows\System\VjRdMjr.exe
  C:\Windows\System\VjRdMjr.exe
  2⤵
  PID:5672
- C:\Windows\System\CXcXyfJ.exe
  C:\Windows\System\CXcXyfJ.exe
  2⤵
  PID:5820
- C:\Windows\System\rngQnlN.exe
  C:\Windows\System\rngQnlN.exe
  2⤵
  PID:5876
- C:\Windows\System\dkpIGoV.exe
  C:\Windows\System\dkpIGoV.exe
  2⤵
  PID:5952
- C:\Windows\System\ELhSshZ.exe
  C:\Windows\System\ELhSshZ.exe
  2⤵
  PID:5980
- C:\Windows\System\FwBuXff.exe
  C:\Windows\System\FwBuXff.exe
  2⤵
  PID:3020
- C:\Windows\System\nBXEfow.exe
  C:\Windows\System\nBXEfow.exe
  2⤵
  PID:2876
- C:\Windows\System\OeFDLWH.exe
  C:\Windows\System\OeFDLWH.exe
  2⤵
  PID:6140
- C:\Windows\System\CZkUkDQ.exe
  C:\Windows\System\CZkUkDQ.exe
  2⤵
  PID:2612
- C:\Windows\System\FtpCoTD.exe
  C:\Windows\System\FtpCoTD.exe
  2⤵
  PID:3916
- C:\Windows\System\YRllNlM.exe
  C:\Windows\System\YRllNlM.exe
  2⤵
  PID:2896
- C:\Windows\System\aYOHybl.exe
  C:\Windows\System\aYOHybl.exe
  2⤵
  PID:5012
- C:\Windows\System\rFYzPRD.exe
  C:\Windows\System\rFYzPRD.exe
  2⤵
  PID:4928
- C:\Windows\System\lqPqcLp.exe
  C:\Windows\System\lqPqcLp.exe
  2⤵
  PID:4320
- C:\Windows\System\TXoWSjE.exe
  C:\Windows\System\TXoWSjE.exe
  2⤵
  PID:5384
- C:\Windows\System\bKiMeWU.exe
  C:\Windows\System\bKiMeWU.exe
  2⤵
  PID:5468
- C:\Windows\System\DqaEjkJ.exe
  C:\Windows\System\DqaEjkJ.exe
  2⤵
  PID:348
- C:\Windows\System\dLPGfAi.exe
  C:\Windows\System\dLPGfAi.exe
  2⤵
  PID:5568
- C:\Windows\System\CPAjAjr.exe
  C:\Windows\System\CPAjAjr.exe
  2⤵
  PID:5616
- C:\Windows\System\PdkSGQT.exe
  C:\Windows\System\PdkSGQT.exe
  2⤵
  PID:5692
- C:\Windows\System\TOmlNwk.exe
  C:\Windows\System\TOmlNwk.exe
  2⤵
  PID:5328
- C:\Windows\System\pCZbrxl.exe
  C:\Windows\System\pCZbrxl.exe
  2⤵
  PID:5804
- C:\Windows\System\PzMJoVs.exe
  C:\Windows\System\PzMJoVs.exe
  2⤵
  PID:5676
- C:\Windows\System\FuarfFt.exe
  C:\Windows\System\FuarfFt.exe
  2⤵
  PID:5740
- C:\Windows\System\CDleRis.exe
  C:\Windows\System\CDleRis.exe
  2⤵
  PID:5936
- C:\Windows\System\RKcudzR.exe
  C:\Windows\System\RKcudzR.exe
  2⤵
  PID:6100
- C:\Windows\System\bJEnIuR.exe
  C:\Windows\System\bJEnIuR.exe
  2⤵
  PID:5264
- C:\Windows\System\qQgpCTD.exe
  C:\Windows\System\qQgpCTD.exe
  2⤵
  PID:4280
- C:\Windows\System\lVeAnpd.exe
  C:\Windows\System\lVeAnpd.exe
  2⤵
  PID:3028
- C:\Windows\System\xImIufT.exe
  C:\Windows\System\xImIufT.exe
  2⤵
  PID:5724
- C:\Windows\System\zrGSrEF.exe
  C:\Windows\System\zrGSrEF.exe
  2⤵
  PID:5828
- C:\Windows\System\sqWlVYV.exe
  C:\Windows\System\sqWlVYV.exe
  2⤵
  PID:6020
- C:\Windows\System\FDtubuw.exe
  C:\Windows\System\FDtubuw.exe
  2⤵
  PID:6152
- C:\Windows\System\dYYudrZ.exe
  C:\Windows\System\dYYudrZ.exe
  2⤵
  PID:6168
- C:\Windows\System\ZNUmTtK.exe
  C:\Windows\System\ZNUmTtK.exe
  2⤵
  PID:6192
- C:\Windows\System\XqnCKUN.exe
  C:\Windows\System\XqnCKUN.exe
  2⤵
  PID:6212
- C:\Windows\System\BSFyDdQ.exe
  C:\Windows\System\BSFyDdQ.exe
  2⤵
  PID:6232
- C:\Windows\System\YqaNNMl.exe
  C:\Windows\System\YqaNNMl.exe
  2⤵
  PID:6248
- C:\Windows\System\LFuTgpB.exe
  C:\Windows\System\LFuTgpB.exe
  2⤵
  PID:6272
- C:\Windows\System\DsCsrvA.exe
  C:\Windows\System\DsCsrvA.exe
  2⤵
  PID:6288
- C:\Windows\System\zAbWbPT.exe
  C:\Windows\System\zAbWbPT.exe
  2⤵
  PID:6312
- C:\Windows\System\qNjRlVC.exe
  C:\Windows\System\qNjRlVC.exe
  2⤵
  PID:6332
- C:\Windows\System\YGiMCzi.exe
  C:\Windows\System\YGiMCzi.exe
  2⤵
  PID:6352
- C:\Windows\System\cAlDTgw.exe
  C:\Windows\System\cAlDTgw.exe
  2⤵
  PID:6368
- C:\Windows\System\eUERcTQ.exe
  C:\Windows\System\eUERcTQ.exe
  2⤵
  PID:6384
- C:\Windows\System\LVTKIUh.exe
  C:\Windows\System\LVTKIUh.exe
  2⤵
  PID:6400
- C:\Windows\System\pbCylKi.exe
  C:\Windows\System\pbCylKi.exe
  2⤵
  PID:6416
- C:\Windows\System\qkjAybt.exe
  C:\Windows\System\qkjAybt.exe
  2⤵
  PID:6456
- C:\Windows\System\ycFnyTV.exe
  C:\Windows\System\ycFnyTV.exe
  2⤵
  PID:6472
- C:\Windows\System\kRlcIZT.exe
  C:\Windows\System\kRlcIZT.exe
  2⤵
  PID:6488
- C:\Windows\System\SoDHUde.exe
  C:\Windows\System\SoDHUde.exe
  2⤵
  PID:6504
- C:\Windows\System\QozDfzk.exe
  C:\Windows\System\QozDfzk.exe
  2⤵
  PID:6520
- C:\Windows\System\tNheWLp.exe
  C:\Windows\System\tNheWLp.exe
  2⤵
  PID:6536
- C:\Windows\System\ffFGtBl.exe
  C:\Windows\System\ffFGtBl.exe
  2⤵
  PID:6552
- C:\Windows\System\WrbRSiB.exe
  C:\Windows\System\WrbRSiB.exe
  2⤵
  PID:6568
- C:\Windows\System\oCBFaZI.exe
  C:\Windows\System\oCBFaZI.exe
  2⤵
  PID:6584
- C:\Windows\System\yMSIvnx.exe
  C:\Windows\System\yMSIvnx.exe
  2⤵
  PID:6600
- C:\Windows\System\lpvMDDh.exe
  C:\Windows\System\lpvMDDh.exe
  2⤵
  PID:6616
- C:\Windows\System\oQClfvC.exe
  C:\Windows\System\oQClfvC.exe
  2⤵
  PID:6632
- C:\Windows\System\xfKJybt.exe
  C:\Windows\System\xfKJybt.exe
  2⤵
  PID:6648
- C:\Windows\System\ZbhvDtF.exe
  C:\Windows\System\ZbhvDtF.exe
  2⤵
  PID:6664
- C:\Windows\System\jlrbfSD.exe
  C:\Windows\System\jlrbfSD.exe
  2⤵
  PID:6680
- C:\Windows\System\soaVTQj.exe
  C:\Windows\System\soaVTQj.exe
  2⤵
  PID:6696
- C:\Windows\System\JABdoTo.exe
  C:\Windows\System\JABdoTo.exe
  2⤵
  PID:6712
- C:\Windows\System\GXnqFex.exe
  C:\Windows\System\GXnqFex.exe
  2⤵
  PID:6728
- C:\Windows\System\bCUlmXm.exe
  C:\Windows\System\bCUlmXm.exe
  2⤵
  PID:6744
- C:\Windows\System\oxOozuD.exe
  C:\Windows\System\oxOozuD.exe
  2⤵
  PID:6760
- C:\Windows\System\PAIDsvU.exe
  C:\Windows\System\PAIDsvU.exe
  2⤵
  PID:6776
- C:\Windows\System\CrlTdOm.exe
  C:\Windows\System\CrlTdOm.exe
  2⤵
  PID:6792
- C:\Windows\System\vuXiefu.exe
  C:\Windows\System\vuXiefu.exe
  2⤵
  PID:6808
- C:\Windows\System\eiPtrLb.exe
  C:\Windows\System\eiPtrLb.exe
  2⤵
  PID:6824
- C:\Windows\System\OKneySl.exe
  C:\Windows\System\OKneySl.exe
  2⤵
  PID:6840
- C:\Windows\System\EUWzYLQ.exe
  C:\Windows\System\EUWzYLQ.exe
  2⤵
  PID:6856
- C:\Windows\System\cVKyvqq.exe
  C:\Windows\System\cVKyvqq.exe
  2⤵
  PID:6872
- C:\Windows\System\WlCsIoo.exe
  C:\Windows\System\WlCsIoo.exe
  2⤵
  PID:6888
- C:\Windows\System\GqYkHcS.exe
  C:\Windows\System\GqYkHcS.exe
  2⤵
  PID:6904
- C:\Windows\System\XMufzeV.exe
  C:\Windows\System\XMufzeV.exe
  2⤵
  PID:6920
- C:\Windows\System\YQTeFCU.exe
  C:\Windows\System\YQTeFCU.exe
  2⤵
  PID:6936
- C:\Windows\System\rvxeLJr.exe
  C:\Windows\System\rvxeLJr.exe
  2⤵
  PID:6952
- C:\Windows\System\eDGVmPv.exe
  C:\Windows\System\eDGVmPv.exe
  2⤵
  PID:6968
- C:\Windows\System\YFAwHkW.exe
  C:\Windows\System\YFAwHkW.exe
  2⤵
  PID:6984
- C:\Windows\System\DhRzUJY.exe
  C:\Windows\System\DhRzUJY.exe
  2⤵
  PID:7000
- C:\Windows\System\dzxMJLC.exe
  C:\Windows\System\dzxMJLC.exe
  2⤵
  PID:7016
- C:\Windows\System\SPIOrmx.exe
  C:\Windows\System\SPIOrmx.exe
  2⤵
  PID:7032
- C:\Windows\System\sCtVwmv.exe
  C:\Windows\System\sCtVwmv.exe
  2⤵
  PID:7048
- C:\Windows\System\oLcmxBe.exe
  C:\Windows\System\oLcmxBe.exe
  2⤵
  PID:7064
- C:\Windows\System\aScXyeh.exe
  C:\Windows\System\aScXyeh.exe
  2⤵
  PID:7080
- C:\Windows\System\mxjSWUA.exe
  C:\Windows\System\mxjSWUA.exe
  2⤵
  PID:7096
- C:\Windows\System\feireKK.exe
  C:\Windows\System\feireKK.exe
  2⤵
  PID:7112
- C:\Windows\System\pdCLbpH.exe
  C:\Windows\System\pdCLbpH.exe
  2⤵
  PID:7128
- C:\Windows\System\kvlVEUb.exe
  C:\Windows\System\kvlVEUb.exe
  2⤵
  PID:7144
- C:\Windows\System\rxTELAn.exe
  C:\Windows\System\rxTELAn.exe
  2⤵
  PID:7160
- C:\Windows\System\agOrjpc.exe
  C:\Windows\System\agOrjpc.exe
  2⤵
  PID:5352
- C:\Windows\System\HAdHhdI.exe
  C:\Windows\System\HAdHhdI.exe
  2⤵
  PID:6056
- C:\Windows\System\PNwTXtS.exe
  C:\Windows\System\PNwTXtS.exe
  2⤵
  PID:3524
- C:\Windows\System\liRUWtS.exe
  C:\Windows\System\liRUWtS.exe
  2⤵
  PID:6160
- C:\Windows\System\YIFLfYN.exe
  C:\Windows\System\YIFLfYN.exe
  2⤵
  PID:6204
- C:\Windows\System\fsSgoFx.exe
  C:\Windows\System\fsSgoFx.exe
  2⤵
  PID:6244
- C:\Windows\System\lJhuLZP.exe
  C:\Windows\System\lJhuLZP.exe
  2⤵
  PID:6324
- C:\Windows\System\jEyiIrF.exe
  C:\Windows\System\jEyiIrF.exe
  2⤵
  PID:6116
- C:\Windows\System\KJBlVCq.exe
  C:\Windows\System\KJBlVCq.exe
  2⤵
  PID:4964
- C:\Windows\System\EiuWciO.exe
  C:\Windows\System\EiuWciO.exe
  2⤵
  PID:6392
- C:\Windows\System\jHQcueG.exe
  C:\Windows\System\jHQcueG.exe
  2⤵
  PID:5276
- C:\Windows\System\huiMJfF.exe
  C:\Windows\System\huiMJfF.exe
  2⤵
  PID:5168
- C:\Windows\System\dUdHXbR.exe
  C:\Windows\System\dUdHXbR.exe
  2⤵
  PID:5592
- C:\Windows\System\MBQqJwG.exe
  C:\Windows\System\MBQqJwG.exe
  2⤵
  PID:5932
- C:\Windows\System\CqgaGrL.exe
  C:\Windows\System\CqgaGrL.exe
  2⤵
  PID:2880
- C:\Windows\System\NTkriXv.exe
  C:\Windows\System\NTkriXv.exe
  2⤵
  PID:6148
- C:\Windows\System\CYrcXhg.exe
  C:\Windows\System\CYrcXhg.exe
  2⤵
  PID:6228
- C:\Windows\System\KysSuAj.exe
  C:\Windows\System\KysSuAj.exe
  2⤵
  PID:6268
- C:\Windows\System\QNDjbHZ.exe
  C:\Windows\System\QNDjbHZ.exe
  2⤵
  PID:6308
- C:\Windows\System\lZUfbJC.exe
  C:\Windows\System\lZUfbJC.exe
  2⤵
  PID:6452
- C:\Windows\System\JiyXlNV.exe
  C:\Windows\System\JiyXlNV.exe
  2⤵
  PID:6412
- C:\Windows\System\Tgwcagk.exe
  C:\Windows\System\Tgwcagk.exe
  2⤵
  PID:6180
- C:\Windows\System\fWGUcjc.exe
  C:\Windows\System\fWGUcjc.exe
  2⤵
  PID:5756
- C:\Windows\System\FqfdElH.exe
  C:\Windows\System\FqfdElH.exe
  2⤵
  PID:6484
- C:\Windows\System\dIQfZFo.exe
  C:\Windows\System\dIQfZFo.exe
  2⤵
  PID:6496
- C:\Windows\System\MTqpigd.exe
  C:\Windows\System\MTqpigd.exe
  2⤵
  PID:6516
- C:\Windows\System\anlfJZk.exe
  C:\Windows\System\anlfJZk.exe
  2⤵
  PID:6548
- C:\Windows\System\PuQeQau.exe
  C:\Windows\System\PuQeQau.exe
  2⤵
  PID:6564
- C:\Windows\System\POnvdPJ.exe
  C:\Windows\System\POnvdPJ.exe
  2⤵
  PID:6596
- C:\Windows\System\EnFneVL.exe
  C:\Windows\System\EnFneVL.exe
  2⤵
  PID:6672
- C:\Windows\System\pDDwMyO.exe
  C:\Windows\System\pDDwMyO.exe
  2⤵
  PID:6656
- C:\Windows\System\kJjzZiU.exe
  C:\Windows\System\kJjzZiU.exe
  2⤵
  PID:6772
- C:\Windows\System\HLrNWQS.exe
  C:\Windows\System\HLrNWQS.exe
  2⤵
  PID:6720
- C:\Windows\System\dIvAPNq.exe
  C:\Windows\System\dIvAPNq.exe
  2⤵
  PID:6864
- C:\Windows\System\HFUkYxK.exe
  C:\Windows\System\HFUkYxK.exe
  2⤵
  PID:6756
- C:\Windows\System\uIRnDkC.exe
  C:\Windows\System\uIRnDkC.exe
  2⤵
  PID:6900
- C:\Windows\System\HGWwxPC.exe
  C:\Windows\System\HGWwxPC.exe
  2⤵
  PID:6964
- C:\Windows\System\uWSeuUJ.exe
  C:\Windows\System\uWSeuUJ.exe
  2⤵
  PID:6996
- C:\Windows\System\KTJBixM.exe
  C:\Windows\System\KTJBixM.exe
  2⤵
  PID:6820
- C:\Windows\System\HOzJTFk.exe
  C:\Windows\System\HOzJTFk.exe
  2⤵
  PID:2544
- C:\Windows\System\OYdTrnd.exe
  C:\Windows\System\OYdTrnd.exe
  2⤵
  PID:7024
- C:\Windows\System\aXiucHP.exe
  C:\Windows\System\aXiucHP.exe
  2⤵
  PID:7056
- C:\Windows\System\LBLqrqH.exe
  C:\Windows\System\LBLqrqH.exe
  2⤵
  PID:7012
- C:\Windows\System\BSbtbwW.exe
  C:\Windows\System\BSbtbwW.exe
  2⤵
  PID:6944
- C:\Windows\System\iwIqRcc.exe
  C:\Windows\System\iwIqRcc.exe
  2⤵
  PID:7120
- C:\Windows\System\ZfbNnRq.exe
  C:\Windows\System\ZfbNnRq.exe
  2⤵
  PID:7104
- C:\Windows\System\dEoYAwf.exe
  C:\Windows\System\dEoYAwf.exe
  2⤵
  PID:7152
- C:\Windows\System\EqhLpgr.exe
  C:\Windows\System\EqhLpgr.exe
  2⤵
  PID:2100
- C:\Windows\System\lNnmYuR.exe
  C:\Windows\System\lNnmYuR.exe
  2⤵
  PID:2916
- C:\Windows\System\XgNIwqr.exe
  C:\Windows\System\XgNIwqr.exe
  2⤵
  PID:7140
- C:\Windows\System\YdhMNDm.exe
  C:\Windows\System\YdhMNDm.exe
  2⤵
  PID:6360
- C:\Windows\System\pMkPAay.exe
  C:\Windows\System\pMkPAay.exe
  2⤵
  PID:6200
- C:\Windows\System\RhPhYeW.exe
  C:\Windows\System\RhPhYeW.exe
  2⤵
  PID:5776
- C:\Windows\System\EJdTMhf.exe
  C:\Windows\System\EJdTMhf.exe
  2⤵
  PID:6380
- C:\Windows\System\BLGOVAz.exe
  C:\Windows\System\BLGOVAz.exe
  2⤵
  PID:6320
- C:\Windows\System\OXvWVvA.exe
  C:\Windows\System\OXvWVvA.exe
  2⤵
  PID:1408
- C:\Windows\System\nsEwTIW.exe
  C:\Windows\System\nsEwTIW.exe
  2⤵
  PID:6220
- C:\Windows\System\DJTuxaW.exe
  C:\Windows\System\DJTuxaW.exe
  2⤵
  PID:6480
- C:\Windows\System\ayzcEnH.exe
  C:\Windows\System\ayzcEnH.exe
  2⤵
  PID:6580
- C:\Windows\System\vLVTwIm.exe
  C:\Windows\System\vLVTwIm.exe
  2⤵
  PID:6688
- C:\Windows\System\hAPNxPk.exe
  C:\Windows\System\hAPNxPk.exe
  2⤵
  PID:6724
- C:\Windows\System\uysoqnm.exe
  C:\Windows\System\uysoqnm.exe
  2⤵
  PID:6408
- C:\Windows\System\yeaPzsf.exe
  C:\Windows\System\yeaPzsf.exe
  2⤵
  PID:2640
- C:\Windows\System\PsqylJt.exe
  C:\Windows\System\PsqylJt.exe
  2⤵
  PID:6852
- C:\Windows\System\NkBwIKv.exe
  C:\Windows\System\NkBwIKv.exe
  2⤵
  PID:2624
- C:\Windows\System\xrKKFEl.exe
  C:\Windows\System\xrKKFEl.exe
  2⤵
  PID:6692
- C:\Windows\System\ttprYtZ.exe
  C:\Windows\System\ttprYtZ.exe
  2⤵
  PID:6932
- C:\Windows\System\DOWQKQa.exe
  C:\Windows\System\DOWQKQa.exe
  2⤵
  PID:6916
- C:\Windows\System\LxvNJki.exe
  C:\Windows\System\LxvNJki.exe
  2⤵
  PID:6532
- C:\Windows\System\bVOkWTG.exe
  C:\Windows\System\bVOkWTG.exe
  2⤵
  PID:6188
- C:\Windows\System\EpLLFKk.exe
  C:\Windows\System\EpLLFKk.exe
  2⤵
  PID:7092
- C:\Windows\System\ftIhnFJ.exe
  C:\Windows\System\ftIhnFJ.exe
  2⤵
  PID:6976
- C:\Windows\System\GVouLeZ.exe
  C:\Windows\System\GVouLeZ.exe
  2⤵
  PID:5976
- C:\Windows\System\dhzjEub.exe
  C:\Windows\System\dhzjEub.exe
  2⤵
  PID:1276
- C:\Windows\System\CvBvMXA.exe
  C:\Windows\System\CvBvMXA.exe
  2⤵
  PID:5228
- C:\Windows\System\aUMfNTC.exe
  C:\Windows\System\aUMfNTC.exe
  2⤵
  PID:6224
- C:\Windows\System\QDnFuCS.exe
  C:\Windows\System\QDnFuCS.exe
  2⤵
  PID:2688
- C:\Windows\System\cGEalOO.exe
  C:\Windows\System\cGEalOO.exe
  2⤵
  PID:7184
- C:\Windows\System\xtSkYYM.exe
  C:\Windows\System\xtSkYYM.exe
  2⤵
  PID:7200
- C:\Windows\System\cPaGKVi.exe
  C:\Windows\System\cPaGKVi.exe
  2⤵
  PID:7216
- C:\Windows\System\NWGyGwy.exe
  C:\Windows\System\NWGyGwy.exe
  2⤵
  PID:7232
- C:\Windows\System\FueFShv.exe
  C:\Windows\System\FueFShv.exe
  2⤵
  PID:7248
- C:\Windows\System\oGuWZFl.exe
  C:\Windows\System\oGuWZFl.exe
  2⤵
  PID:7264
- C:\Windows\System\EtCICBa.exe
  C:\Windows\System\EtCICBa.exe
  2⤵
  PID:7280
- C:\Windows\System\YCXBdGQ.exe
  C:\Windows\System\YCXBdGQ.exe
  2⤵
  PID:7296
- C:\Windows\System\dgPTNCF.exe
  C:\Windows\System\dgPTNCF.exe
  2⤵
  PID:7312
- C:\Windows\System\hPmyfLJ.exe
  C:\Windows\System\hPmyfLJ.exe
  2⤵
  PID:7328
- C:\Windows\System\dpFJBWe.exe
  C:\Windows\System\dpFJBWe.exe
  2⤵
  PID:7344
- C:\Windows\System\ahikIPh.exe
  C:\Windows\System\ahikIPh.exe
  2⤵
  PID:7360
- C:\Windows\System\MublNst.exe
  C:\Windows\System\MublNst.exe
  2⤵
  PID:7376
- C:\Windows\System\EgCLRwN.exe
  C:\Windows\System\EgCLRwN.exe
  2⤵
  PID:7392
- C:\Windows\System\yuwfxik.exe
  C:\Windows\System\yuwfxik.exe
  2⤵
  PID:7408
- C:\Windows\System\IoSbCNw.exe
  C:\Windows\System\IoSbCNw.exe
  2⤵
  PID:7424
- C:\Windows\System\AWKREmP.exe
  C:\Windows\System\AWKREmP.exe
  2⤵
  PID:7460
- C:\Windows\System\ylxNszI.exe
  C:\Windows\System\ylxNszI.exe
  2⤵
  PID:7572
- C:\Windows\System\MpHlhIU.exe
  C:\Windows\System\MpHlhIU.exe
  2⤵
  PID:7592
- C:\Windows\System\sYfJBaY.exe
  C:\Windows\System\sYfJBaY.exe
  2⤵
  PID:7608
- C:\Windows\System\rowCJOB.exe
  C:\Windows\System\rowCJOB.exe
  2⤵
  PID:7624
- C:\Windows\System\IEAxNqF.exe
  C:\Windows\System\IEAxNqF.exe
  2⤵
  PID:7640
- C:\Windows\System\IkyNEIA.exe
  C:\Windows\System\IkyNEIA.exe
  2⤵
  PID:7656
- C:\Windows\System\VNWXeKa.exe
  C:\Windows\System\VNWXeKa.exe
  2⤵
  PID:7672
- C:\Windows\System\fYoGbsh.exe
  C:\Windows\System\fYoGbsh.exe
  2⤵
  PID:7688
- C:\Windows\System\gQpybVQ.exe
  C:\Windows\System\gQpybVQ.exe
  2⤵
  PID:7704
- C:\Windows\System\ZlNZJAR.exe
  C:\Windows\System\ZlNZJAR.exe
  2⤵
  PID:7720
- C:\Windows\System\BgERlPs.exe
  C:\Windows\System\BgERlPs.exe
  2⤵
  PID:7736
- C:\Windows\System\hoCzEiH.exe
  C:\Windows\System\hoCzEiH.exe
  2⤵
  PID:7752
- C:\Windows\System\nCNkbtf.exe
  C:\Windows\System\nCNkbtf.exe
  2⤵
  PID:7768
- C:\Windows\System\kKDNaYa.exe
  C:\Windows\System\kKDNaYa.exe
  2⤵
  PID:7784
- C:\Windows\System\hjLzdQv.exe
  C:\Windows\System\hjLzdQv.exe
  2⤵
  PID:7800
- C:\Windows\System\VrPmPLD.exe
  C:\Windows\System\VrPmPLD.exe
  2⤵
  PID:7816
- C:\Windows\System\jcTdrCZ.exe
  C:\Windows\System\jcTdrCZ.exe
  2⤵
  PID:7832
- C:\Windows\System\gfBhGph.exe
  C:\Windows\System\gfBhGph.exe
  2⤵
  PID:7848
- C:\Windows\System\RUkjpuF.exe
  C:\Windows\System\RUkjpuF.exe
  2⤵
  PID:7864
- C:\Windows\System\ydzyOMW.exe
  C:\Windows\System\ydzyOMW.exe
  2⤵
  PID:7880
- C:\Windows\System\IkgRekz.exe
  C:\Windows\System\IkgRekz.exe
  2⤵
  PID:7896
- C:\Windows\System\YhiZJnD.exe
  C:\Windows\System\YhiZJnD.exe
  2⤵
  PID:7912
- C:\Windows\System\SPraIpF.exe
  C:\Windows\System\SPraIpF.exe
  2⤵
  PID:7928
- C:\Windows\System\nSdhRxr.exe
  C:\Windows\System\nSdhRxr.exe
  2⤵
  PID:7944
- C:\Windows\System\RSVNqmA.exe
  C:\Windows\System\RSVNqmA.exe
  2⤵
  PID:7960
- C:\Windows\System\VlSwigJ.exe
  C:\Windows\System\VlSwigJ.exe
  2⤵
  PID:7976
- C:\Windows\System\AUdCutf.exe
  C:\Windows\System\AUdCutf.exe
  2⤵
  PID:7992
- C:\Windows\System\tCzHnlq.exe
  C:\Windows\System\tCzHnlq.exe
  2⤵
  PID:8008
- C:\Windows\System\tMNseTu.exe
  C:\Windows\System\tMNseTu.exe
  2⤵
  PID:8028
- C:\Windows\System\ZIHYEPY.exe
  C:\Windows\System\ZIHYEPY.exe
  2⤵
  PID:8044
- C:\Windows\System\GmKbKhU.exe
  C:\Windows\System\GmKbKhU.exe
  2⤵
  PID:8060
- C:\Windows\System\WMJXhkL.exe
  C:\Windows\System\WMJXhkL.exe
  2⤵
  PID:8076
- C:\Windows\System\TkRKXij.exe
  C:\Windows\System\TkRKXij.exe
  2⤵
  PID:8092
- C:\Windows\System\YxzHKRc.exe
  C:\Windows\System\YxzHKRc.exe
  2⤵
  PID:8108
- C:\Windows\System\niPgldM.exe
  C:\Windows\System\niPgldM.exe
  2⤵
  PID:8124
- C:\Windows\System\vuojQdh.exe
  C:\Windows\System\vuojQdh.exe
  2⤵
  PID:8140
- C:\Windows\System\lGRGdCJ.exe
  C:\Windows\System\lGRGdCJ.exe
  2⤵
  PID:8156
- C:\Windows\System\ZxTBIUJ.exe
  C:\Windows\System\ZxTBIUJ.exe
  2⤵
  PID:8172
- C:\Windows\System\PGawGKm.exe
  C:\Windows\System\PGawGKm.exe
  2⤵
  PID:8188
- C:\Windows\System\hHiXBhg.exe
  C:\Windows\System\hHiXBhg.exe
  2⤵
  PID:6708
- C:\Windows\System\IYexBNP.exe
  C:\Windows\System\IYexBNP.exe
  2⤵
  PID:7028
- C:\Windows\System\ILJDBPH.exe
  C:\Windows\System\ILJDBPH.exe
  2⤵
  PID:7088
- C:\Windows\System\PDzhZOV.exe
  C:\Windows\System\PDzhZOV.exe
  2⤵
  PID:7212
- C:\Windows\System\OcuATzD.exe
  C:\Windows\System\OcuATzD.exe
  2⤵
  PID:7276
- C:\Windows\System\KZptKYs.exe
  C:\Windows\System\KZptKYs.exe
  2⤵
  PID:1704
- C:\Windows\System\HhfATSO.exe
  C:\Windows\System\HhfATSO.exe
  2⤵
  PID:7400
- C:\Windows\System\WOzcjCa.exe
  C:\Windows\System\WOzcjCa.exe
  2⤵
  PID:2992
- C:\Windows\System\egcBZgQ.exe
  C:\Windows\System\egcBZgQ.exe
  2⤵
  PID:7224
- C:\Windows\System\LomfbbH.exe
  C:\Windows\System\LomfbbH.exe
  2⤵
  PID:7320
- C:\Windows\System\BlIrKbT.exe
  C:\Windows\System\BlIrKbT.exe
  2⤵
  PID:1500
- C:\Windows\System\yyQnpCB.exe
  C:\Windows\System\yyQnpCB.exe
  2⤵
  PID:7072
- C:\Windows\System\orViMvT.exe
  C:\Windows\System\orViMvT.exe
  2⤵
  PID:6624
- C:\Windows\System\zgxoCev.exe
  C:\Windows\System\zgxoCev.exe
  2⤵
  PID:6884
- C:\Windows\System\nuRUgDF.exe
  C:\Windows\System\nuRUgDF.exe
  2⤵
  PID:6740
- C:\Windows\System\HjKykIH.exe
  C:\Windows\System\HjKykIH.exe
  2⤵
  PID:4284
- C:\Windows\System\dLsxQjr.exe
  C:\Windows\System\dLsxQjr.exe
  2⤵
  PID:5548
- C:\Windows\System\zUnZndJ.exe
  C:\Windows\System\zUnZndJ.exe
  2⤵
  PID:6136
- C:\Windows\System\qZotTDn.exe
  C:\Windows\System\qZotTDn.exe
  2⤵
  PID:7468
- C:\Windows\System\qnfLrwe.exe
  C:\Windows\System\qnfLrwe.exe
  2⤵
  PID:7472
- C:\Windows\System\JheiXBk.exe
  C:\Windows\System\JheiXBk.exe
  2⤵
  PID:7484
- C:\Windows\System\rHeiZCb.exe
  C:\Windows\System\rHeiZCb.exe
  2⤵
  PID:7496
- C:\Windows\System\OSSIoHB.exe
  C:\Windows\System\OSSIoHB.exe
  2⤵
  PID:7512
- C:\Windows\System\OClQsAm.exe
  C:\Windows\System\OClQsAm.exe
  2⤵
  PID:7528
- C:\Windows\System\TffRrvQ.exe
  C:\Windows\System\TffRrvQ.exe
  2⤵
  PID:7544
- C:\Windows\System\gDQOpNi.exe
  C:\Windows\System\gDQOpNi.exe
  2⤵
  PID:7560
- C:\Windows\System\rGGkNKt.exe
  C:\Windows\System\rGGkNKt.exe
  2⤵
  PID:7588
- C:\Windows\System\evLRsoj.exe
  C:\Windows\System\evLRsoj.exe
  2⤵
  PID:2080
- C:\Windows\System\tfydsse.exe
  C:\Windows\System\tfydsse.exe
  2⤵
  PID:1352
- C:\Windows\System\kEoJNyK.exe
  C:\Windows\System\kEoJNyK.exe
  2⤵
  PID:7600
- C:\Windows\System\zTdgDkN.exe
  C:\Windows\System\zTdgDkN.exe
  2⤵
  PID:2296
- C:\Windows\System\CTrSlbh.exe
  C:\Windows\System\CTrSlbh.exe
  2⤵
  PID:2204
- C:\Windows\System\ePlgjDl.exe
  C:\Windows\System\ePlgjDl.exe
  2⤵
  PID:7716
- C:\Windows\System\mxPQODP.exe
  C:\Windows\System\mxPQODP.exe
  2⤵
  PID:3044
- C:\Windows\System\SiZAYFj.exe
  C:\Windows\System\SiZAYFj.exe
  2⤵
  PID:7812
- C:\Windows\System\xgWinnF.exe
  C:\Windows\System\xgWinnF.exe
  2⤵
  PID:7876
- C:\Windows\System\cdzNCmz.exe
  C:\Windows\System\cdzNCmz.exe
  2⤵
  PID:7936
- C:\Windows\System\EEviTjV.exe
  C:\Windows\System\EEviTjV.exe
  2⤵
  PID:8000
- C:\Windows\System\bVlyoFS.exe
  C:\Windows\System\bVlyoFS.exe
  2⤵
  PID:7952
- C:\Windows\System\DFMIXcY.exe
  C:\Windows\System\DFMIXcY.exe
  2⤵
  PID:7888
- C:\Windows\System\KFbySpt.exe
  C:\Windows\System\KFbySpt.exe
  2⤵
  PID:7824
- C:\Windows\System\OqgeUKS.exe
  C:\Windows\System\OqgeUKS.exe
  2⤵
  PID:7796
- C:\Windows\System\WevCsdx.exe
  C:\Windows\System\WevCsdx.exe
  2⤵
  PID:7732
- C:\Windows\System\Pgbfaqm.exe
  C:\Windows\System\Pgbfaqm.exe
  2⤵
  PID:8100
- C:\Windows\System\NdblNjf.exe
  C:\Windows\System\NdblNjf.exe
  2⤵
  PID:8072
- C:\Windows\System\uFKcchp.exe
  C:\Windows\System\uFKcchp.exe
  2⤵
  PID:8164
- C:\Windows\System\PZyELRM.exe
  C:\Windows\System\PZyELRM.exe
  2⤵
  PID:2432
- C:\Windows\System\YSlFCqL.exe
  C:\Windows\System\YSlFCqL.exe
  2⤵
  PID:8052
- C:\Windows\System\MJwWZcs.exe
  C:\Windows\System\MJwWZcs.exe
  2⤵
  PID:8120
- C:\Windows\System\QZRMJyI.exe
  C:\Windows\System\QZRMJyI.exe
  2⤵
  PID:8184
- C:\Windows\System\KMDowpe.exe
  C:\Windows\System\KMDowpe.exe
  2⤵
  PID:2396
- C:\Windows\System\bVqLpit.exe
  C:\Windows\System\bVqLpit.exe
  2⤵
  PID:4872
- C:\Windows\System\cDFMUFA.exe
  C:\Windows\System\cDFMUFA.exe
  2⤵
  PID:7208
- C:\Windows\System\yAjqwvK.exe
  C:\Windows\System\yAjqwvK.exe
  2⤵
  PID:7340
- C:\Windows\System\SWraGKs.exe
  C:\Windows\System\SWraGKs.exe
  2⤵
  PID:7368
- C:\Windows\System\gYCOSiA.exe
  C:\Windows\System\gYCOSiA.exe
  2⤵
  PID:7432
- C:\Windows\System\AcBUUYM.exe
  C:\Windows\System\AcBUUYM.exe
  2⤵
  PID:7352
- C:\Windows\System\RlkhJtH.exe
  C:\Windows\System\RlkhJtH.exe
  2⤵
  PID:7256
- C:\Windows\System\sLwasJP.exe
  C:\Windows\System\sLwasJP.exe
  2⤵
  PID:976
- C:\Windows\System\uywzahu.exe
  C:\Windows\System\uywzahu.exe
  2⤵
  PID:7416
- C:\Windows\System\ZprcZUk.exe
  C:\Windows\System\ZprcZUk.exe
  2⤵
  PID:6612
- C:\Windows\System\kpczWlW.exe
  C:\Windows\System\kpczWlW.exe
  2⤵
  PID:4004
- C:\Windows\System\AsKKIds.exe
  C:\Windows\System\AsKKIds.exe
  2⤵
  PID:2948
- C:\Windows\System\uCNXYFk.exe
  C:\Windows\System\uCNXYFk.exe
  2⤵
  PID:1348
- C:\Windows\System\mccJLuc.exe
  C:\Windows\System\mccJLuc.exe
  2⤵
  PID:7520
- C:\Windows\System\UjuvaGm.exe
  C:\Windows\System\UjuvaGm.exe
  2⤵
  PID:7616
- C:\Windows\System\LjyrMVp.exe
  C:\Windows\System\LjyrMVp.exe
  2⤵
  PID:7648
- C:\Windows\System\ffIvsmq.exe
  C:\Windows\System\ffIvsmq.exe
  2⤵
  PID:1844
- C:\Windows\System\vjyeYWy.exe
  C:\Windows\System\vjyeYWy.exe
  2⤵
  PID:3048
- C:\Windows\System\FEYKQYs.exe
  C:\Windows\System\FEYKQYs.exe
  2⤵
  PID:7540
- C:\Windows\System\dSbBoud.exe
  C:\Windows\System\dSbBoud.exe
  2⤵
  PID:780
- C:\Windows\System\JlpvmYJ.exe
  C:\Windows\System\JlpvmYJ.exe
  2⤵
  PID:7908
- C:\Windows\System\vYXSAdb.exe
  C:\Windows\System\vYXSAdb.exe
  2⤵
  PID:7844
- C:\Windows\System\eyHCBbu.exe
  C:\Windows\System\eyHCBbu.exe
  2⤵
  PID:7920
- C:\Windows\System\QBcnaVB.exe
  C:\Windows\System\QBcnaVB.exe
  2⤵
  PID:7700
- C:\Windows\System\dTBCIDZ.exe
  C:\Windows\System\dTBCIDZ.exe
  2⤵
  PID:7764
- C:\Windows\System\rmBfYsR.exe
  C:\Windows\System\rmBfYsR.exe
  2⤵
  PID:7760
- C:\Windows\System\kXrREPx.exe
  C:\Windows\System\kXrREPx.exe
  2⤵
  PID:8136
- C:\Windows\System\OZFKzWr.exe
  C:\Windows\System\OZFKzWr.exe
  2⤵
  PID:8180
- C:\Windows\System\vfGVxns.exe
  C:\Windows\System\vfGVxns.exe
  2⤵
  PID:7336
- C:\Windows\System\LaYlmFv.exe
  C:\Windows\System\LaYlmFv.exe
  2⤵
  PID:7456
- C:\Windows\System\ZNmAZQN.exe
  C:\Windows\System\ZNmAZQN.exe
  2⤵
  PID:1296
- C:\Windows\System\iDlTpHF.exe
  C:\Windows\System\iDlTpHF.exe
  2⤵
  PID:7552
- C:\Windows\System\lbHlvUc.exe
  C:\Windows\System\lbHlvUc.exe
  2⤵
  PID:2268
- C:\Windows\System\yvSTeBq.exe
  C:\Windows\System\yvSTeBq.exe
  2⤵
  PID:772
- C:\Windows\System\tIBLCsV.exe
  C:\Windows\System\tIBLCsV.exe
  2⤵
  PID:7388
- C:\Windows\System\JdgSBJh.exe
  C:\Windows\System\JdgSBJh.exe
  2⤵
  PID:2960
- C:\Windows\System\AjxJgNf.exe
  C:\Windows\System\AjxJgNf.exe
  2⤵
  PID:1688
- C:\Windows\System\simAKLa.exe
  C:\Windows\System\simAKLa.exe
  2⤵
  PID:7536
- C:\Windows\System\ykhYEJy.exe
  C:\Windows\System\ykhYEJy.exe
  2⤵
  PID:7808
- C:\Windows\System\gRdLpcn.exe
  C:\Windows\System\gRdLpcn.exe
  2⤵
  PID:8016
- C:\Windows\System\TYqODBw.exe
  C:\Windows\System\TYqODBw.exe
  2⤵
  PID:7668
- C:\Windows\System\LyyMerz.exe
  C:\Windows\System\LyyMerz.exe
  2⤵
  PID:1680
- C:\Windows\System\JWiwKpP.exe
  C:\Windows\System\JWiwKpP.exe
  2⤵
  PID:2376
- C:\Windows\System\RVQfgPV.exe
  C:\Windows\System\RVQfgPV.exe
  2⤵
  PID:7828
- C:\Windows\System\XJRdHhY.exe
  C:\Windows\System\XJRdHhY.exe
  2⤵
  PID:2000
- C:\Windows\System\AkihIOH.exe
  C:\Windows\System\AkihIOH.exe
  2⤵
  PID:1860
- C:\Windows\System\gaiebud.exe
  C:\Windows\System\gaiebud.exe
  2⤵
  PID:7556
- C:\Windows\System\IBJeiDS.exe
  C:\Windows\System\IBJeiDS.exe
  2⤵
  PID:2176
- C:\Windows\System\oTzdSva.exe
  C:\Windows\System\oTzdSva.exe
  2⤵
  PID:7480
- C:\Windows\System\rmmIKji.exe
  C:\Windows\System\rmmIKji.exe
  2⤵
  PID:8208
- C:\Windows\System\skcGjBM.exe
  C:\Windows\System\skcGjBM.exe
  2⤵
  PID:8224
- C:\Windows\System\PILYbsF.exe
  C:\Windows\System\PILYbsF.exe
  2⤵
  PID:8244
- C:\Windows\System\ecOFjDh.exe
  C:\Windows\System\ecOFjDh.exe
  2⤵
  PID:8260
- C:\Windows\System\RkNdjGw.exe
  C:\Windows\System\RkNdjGw.exe
  2⤵
  PID:8276
- C:\Windows\System\cZpArjr.exe
  C:\Windows\System\cZpArjr.exe
  2⤵
  PID:8292
- C:\Windows\System\TmCtyEV.exe
  C:\Windows\System\TmCtyEV.exe
  2⤵
  PID:8308
- C:\Windows\System\DuihXxB.exe
  C:\Windows\System\DuihXxB.exe
  2⤵
  PID:8324
- C:\Windows\System\RYggGoD.exe
  C:\Windows\System\RYggGoD.exe
  2⤵
  PID:8340
- C:\Windows\System\CrIHyuA.exe
  C:\Windows\System\CrIHyuA.exe
  2⤵
  PID:8356
- C:\Windows\System\TkqUUFw.exe
  C:\Windows\System\TkqUUFw.exe
  2⤵
  PID:8372
- C:\Windows\System\xkzbigY.exe
  C:\Windows\System\xkzbigY.exe
  2⤵
  PID:8388
- C:\Windows\System\TiumewG.exe
  C:\Windows\System\TiumewG.exe
  2⤵
  PID:8404
- C:\Windows\System\Qgmfbkf.exe
  C:\Windows\System\Qgmfbkf.exe
  2⤵
  PID:8420
- C:\Windows\System\cdMUidp.exe
  C:\Windows\System\cdMUidp.exe
  2⤵
  PID:8436
- C:\Windows\System\sAamsDI.exe
  C:\Windows\System\sAamsDI.exe
  2⤵
  PID:8452
- C:\Windows\System\zHTFmvV.exe
  C:\Windows\System\zHTFmvV.exe
  2⤵
  PID:8468
- C:\Windows\System\BlnGeHY.exe
  C:\Windows\System\BlnGeHY.exe
  2⤵
  PID:8484
- C:\Windows\System\QyUhyon.exe
  C:\Windows\System\QyUhyon.exe
  2⤵
  PID:8508
- C:\Windows\System\uNHuLcz.exe
  C:\Windows\System\uNHuLcz.exe
  2⤵
  PID:8528
- C:\Windows\System\EBAYXdn.exe
  C:\Windows\System\EBAYXdn.exe
  2⤵
  PID:8544
- C:\Windows\System\nPBRqpB.exe
  C:\Windows\System\nPBRqpB.exe
  2⤵
  PID:8560
- C:\Windows\System\qXQgGso.exe
  C:\Windows\System\qXQgGso.exe
  2⤵
  PID:8576
- C:\Windows\System\MgBQPAt.exe
  C:\Windows\System\MgBQPAt.exe
  2⤵
  PID:8592
- C:\Windows\System\DkTlIBS.exe
  C:\Windows\System\DkTlIBS.exe
  2⤵
  PID:8616
- C:\Windows\System\IymnHRh.exe
  C:\Windows\System\IymnHRh.exe
  2⤵
  PID:8636
- C:\Windows\System\ybKwWJV.exe
  C:\Windows\System\ybKwWJV.exe
  2⤵
  PID:8652
- C:\Windows\System\KGKfteq.exe
  C:\Windows\System\KGKfteq.exe
  2⤵
  PID:8680
- C:\Windows\System\EaKNunA.exe
  C:\Windows\System\EaKNunA.exe
  2⤵
  PID:8696
- C:\Windows\System\IdzyPgQ.exe
  C:\Windows\System\IdzyPgQ.exe
  2⤵
  PID:8712
- C:\Windows\System\UspmDKd.exe
  C:\Windows\System\UspmDKd.exe
  2⤵
  PID:8732
- C:\Windows\System\ssdsCRl.exe
  C:\Windows\System\ssdsCRl.exe
  2⤵
  PID:8748
- C:\Windows\System\MdXBjud.exe
  C:\Windows\System\MdXBjud.exe
  2⤵
  PID:8764
- C:\Windows\System\RkaJjPm.exe
  C:\Windows\System\RkaJjPm.exe
  2⤵
  PID:8780
- C:\Windows\System\OLZaygA.exe
  C:\Windows\System\OLZaygA.exe
  2⤵
  PID:8796
- C:\Windows\System\UXfPbvo.exe
  C:\Windows\System\UXfPbvo.exe
  2⤵
  PID:8812
- C:\Windows\System\JKRCJDq.exe
  C:\Windows\System\JKRCJDq.exe
  2⤵
  PID:8828
- C:\Windows\System\FlFmpmw.exe
  C:\Windows\System\FlFmpmw.exe
  2⤵
  PID:8848
- C:\Windows\System\iyAZGfl.exe
  C:\Windows\System\iyAZGfl.exe
  2⤵
  PID:8868
- C:\Windows\System\XKFsTcG.exe
  C:\Windows\System\XKFsTcG.exe
  2⤵
  PID:8884
- C:\Windows\System\yCWUPqj.exe
  C:\Windows\System\yCWUPqj.exe
  2⤵
  PID:8900
- C:\Windows\System\bEwNebx.exe
  C:\Windows\System\bEwNebx.exe
  2⤵
  PID:8916
- C:\Windows\System\NlGQRrR.exe
  C:\Windows\System\NlGQRrR.exe
  2⤵
  PID:8932
- C:\Windows\System\ynvAEBF.exe
  C:\Windows\System\ynvAEBF.exe
  2⤵
  PID:8948
- C:\Windows\System\TkEURpM.exe
  C:\Windows\System\TkEURpM.exe
  2⤵
  PID:8964
- C:\Windows\System\LhRcKwg.exe
  C:\Windows\System\LhRcKwg.exe
  2⤵
  PID:8980
- C:\Windows\System\IzxXqQM.exe
  C:\Windows\System\IzxXqQM.exe
  2⤵
  PID:8996
- C:\Windows\System\BtHlidU.exe
  C:\Windows\System\BtHlidU.exe
  2⤵
  PID:9012
- C:\Windows\System\zFjxsBj.exe
  C:\Windows\System\zFjxsBj.exe
  2⤵
  PID:9028
- C:\Windows\System\WOXfCRZ.exe
  C:\Windows\System\WOXfCRZ.exe
  2⤵
  PID:9044
- C:\Windows\System\xjIBAVo.exe
  C:\Windows\System\xjIBAVo.exe
  2⤵
  PID:9060
- C:\Windows\System\qcPzzwj.exe
  C:\Windows\System\qcPzzwj.exe
  2⤵
  PID:9080
- C:\Windows\System\zGlRNIB.exe
  C:\Windows\System\zGlRNIB.exe
  2⤵
  PID:9096
- C:\Windows\System\zhSmyyS.exe
  C:\Windows\System\zhSmyyS.exe
  2⤵
  PID:9112
- C:\Windows\System\niuItKj.exe
  C:\Windows\System\niuItKj.exe
  2⤵
  PID:9128
- C:\Windows\System\yOkTeWJ.exe
  C:\Windows\System\yOkTeWJ.exe
  2⤵
  PID:9144
- C:\Windows\System\ikKwqQi.exe
  C:\Windows\System\ikKwqQi.exe
  2⤵
  PID:9160
- C:\Windows\System\VGoNfAu.exe
  C:\Windows\System\VGoNfAu.exe
  2⤵
  PID:9176
- C:\Windows\System\zgoYXvc.exe
  C:\Windows\System\zgoYXvc.exe
  2⤵
  PID:9192
- C:\Windows\System\dnwOWot.exe
  C:\Windows\System\dnwOWot.exe
  2⤵
  PID:9208
- C:\Windows\System\XnBdlRq.exe
  C:\Windows\System\XnBdlRq.exe
  2⤵
  PID:7856
- C:\Windows\System\ymtFyfT.exe
  C:\Windows\System\ymtFyfT.exe
  2⤵
  PID:8216
- C:\Windows\System\MxYmBwT.exe
  C:\Windows\System\MxYmBwT.exe
  2⤵
  PID:4868
- C:\Windows\System\xTrnoWB.exe
  C:\Windows\System\xTrnoWB.exe
  2⤵
  PID:7956
- C:\Windows\System\WWRPoms.exe
  C:\Windows\System\WWRPoms.exe
  2⤵
  PID:3488
- C:\Windows\System\xlkNnON.exe
  C:\Windows\System\xlkNnON.exe
  2⤵
  PID:8204
- C:\Windows\System\zrLpldm.exe
  C:\Windows\System\zrLpldm.exe
  2⤵
  PID:8284
- C:\Windows\System\RGsjJXV.exe
  C:\Windows\System\RGsjJXV.exe
  2⤵
  PID:8348
- C:\Windows\System\PMaqvHV.exe
  C:\Windows\System\PMaqvHV.exe
  2⤵
  PID:8364
- C:\Windows\System\ruUKgaS.exe
  C:\Windows\System\ruUKgaS.exe
  2⤵
  PID:8384
- C:\Windows\System\lIfvgYj.exe
  C:\Windows\System\lIfvgYj.exe
  2⤵
  PID:8412
- C:\Windows\System\NCsaokd.exe
  C:\Windows\System\NCsaokd.exe
  2⤵
  PID:8476
- C:\Windows\System\MLtAuTH.exe
  C:\Windows\System\MLtAuTH.exe
  2⤵
  PID:8428
- C:\Windows\System\YHIHkuc.exe
  C:\Windows\System\YHIHkuc.exe
  2⤵
  PID:8524
- C:\Windows\System\ywwgWnv.exe
  C:\Windows\System\ywwgWnv.exe
  2⤵
  PID:8432
- C:\Windows\System\jFTDIUU.exe
  C:\Windows\System\jFTDIUU.exe
  2⤵
  PID:8584
- C:\Windows\System\scfMXql.exe
  C:\Windows\System\scfMXql.exe
  2⤵
  PID:8660
- C:\Windows\System\JGkMXMy.exe
  C:\Windows\System\JGkMXMy.exe
  2⤵
  PID:8504
- C:\Windows\System\tsEuvJs.exe
  C:\Windows\System\tsEuvJs.exe
  2⤵
  PID:8540
- C:\Windows\System\HZBvYbc.exe
  C:\Windows\System\HZBvYbc.exe
  2⤵
  PID:8676
- C:\Windows\System\TXLITve.exe
  C:\Windows\System\TXLITve.exe
  2⤵
  PID:8744
- C:\Windows\System\GcjSlfS.exe
  C:\Windows\System\GcjSlfS.exe
  2⤵
  PID:8804
- C:\Windows\System\RziUQrq.exe
  C:\Windows\System\RziUQrq.exe
  2⤵
  PID:8840
- C:\Windows\System\cKxyfTQ.exe
  C:\Windows\System\cKxyfTQ.exe
  2⤵
  PID:8912
- C:\Windows\System\GgyPeAO.exe
  C:\Windows\System\GgyPeAO.exe
  2⤵
  PID:8944
- C:\Windows\System\snTmlsW.exe
  C:\Windows\System\snTmlsW.exe
  2⤵
  PID:9008
- C:\Windows\System\WRDEEwO.exe
  C:\Windows\System\WRDEEwO.exe
  2⤵
  PID:8644
- C:\Windows\System\gmAEcvZ.exe
  C:\Windows\System\gmAEcvZ.exe
  2⤵
  PID:9104
- C:\Windows\System\iOwHNHv.exe
  C:\Windows\System\iOwHNHv.exe
  2⤵
  PID:9168
- C:\Windows\System\zJYpcAw.exe
  C:\Windows\System\zJYpcAw.exe
  2⤵
  PID:7044
- C:\Windows\System\IxzKWaW.exe
  C:\Windows\System\IxzKWaW.exe
  2⤵
  PID:8720
- C:\Windows\System\dlYgXgT.exe
  C:\Windows\System\dlYgXgT.exe
  2⤵
  PID:9020
- C:\Windows\System\tFLIlYW.exe
  C:\Windows\System\tFLIlYW.exe
  2⤵
  PID:8756
- C:\Windows\System\YTBVdAZ.exe
  C:\Windows\System\YTBVdAZ.exe
  2⤵
  PID:8860
- C:\Windows\System\gzkbqbS.exe
  C:\Windows\System\gzkbqbS.exe
  2⤵
  PID:8824
- C:\Windows\System\sHwnYow.exe
  C:\Windows\System\sHwnYow.exe
  2⤵
  PID:9024
- C:\Windows\System\FPFVggm.exe
  C:\Windows\System\FPFVggm.exe
  2⤵
  PID:9092
- C:\Windows\System\cbgThWV.exe
  C:\Windows\System\cbgThWV.exe
  2⤵
  PID:9156
- C:\Windows\System\MojxrXx.exe
  C:\Windows\System\MojxrXx.exe
  2⤵
  PID:8152
- C:\Windows\System\DkCruIW.exe
  C:\Windows\System\DkCruIW.exe
  2⤵
  PID:3744
- C:\Windows\System\qqasZno.exe
  C:\Windows\System\qqasZno.exe
  2⤵
  PID:8320
- C:\Windows\System\QCdzUll.exe
  C:\Windows\System\QCdzUll.exe
  2⤵
  PID:6032
- C:\Windows\System\dpjaikB.exe
  C:\Windows\System\dpjaikB.exe
  2⤵
  PID:8352
- C:\Windows\System\WeFAuNx.exe
  C:\Windows\System\WeFAuNx.exe
  2⤵
  PID:8520
- C:\Windows\System\ShBfQVc.exe
  C:\Windows\System\ShBfQVc.exe
  2⤵
  PID:8612
- C:\Windows\System\FrUfVnR.exe
  C:\Windows\System\FrUfVnR.exe
  2⤵
  PID:8632
- C:\Windows\System\lwIyAxh.exe
  C:\Windows\System\lwIyAxh.exe
  2⤵
  PID:8572
- C:\Windows\System\SmGEdIF.exe
  C:\Windows\System\SmGEdIF.exe
  2⤵
  PID:8708
- C:\Windows\System\tjvJcqi.exe
  C:\Windows\System\tjvJcqi.exe
  2⤵
  PID:8972
- C:\Windows\System\RtqhBqh.exe
  C:\Windows\System\RtqhBqh.exe
  2⤵
  PID:9140
- C:\Windows\System\kEcmwDd.exe
  C:\Windows\System\kEcmwDd.exe
  2⤵
  PID:8976
- C:\Windows\System\fIJIOJh.exe
  C:\Windows\System\fIJIOJh.exe
  2⤵
  PID:8892
- C:\Windows\System\dHqMPcv.exe
  C:\Windows\System\dHqMPcv.exe
  2⤵
  PID:8988
- C:\Windows\System\kFceCrS.exe
  C:\Windows\System\kFceCrS.exe
  2⤵
  PID:8728
- C:\Windows\System\RBoFNvG.exe
  C:\Windows\System\RBoFNvG.exe
  2⤵
  PID:9088
- C:\Windows\System\sFdiQNn.exe
  C:\Windows\System\sFdiQNn.exe
  2⤵
  PID:9152
- C:\Windows\System\sszJFvq.exe
  C:\Windows\System\sszJFvq.exe
  2⤵
  PID:8380
- C:\Windows\System\hGZZOyl.exe
  C:\Windows\System\hGZZOyl.exe
  2⤵
  PID:1996
- C:\Windows\System\sUjoluX.exe
  C:\Windows\System\sUjoluX.exe
  2⤵
  PID:8864
- C:\Windows\System\XWpCRnA.exe
  C:\Windows\System\XWpCRnA.exe
  2⤵
  PID:8772
- C:\Windows\System\AmowZnF.exe
  C:\Windows\System\AmowZnF.exe
  2⤵
  PID:8400
- C:\Windows\System\jvFIVvq.exe
  C:\Windows\System\jvFIVvq.exe
  2⤵
  PID:9136
- C:\Windows\System\WWyQwlT.exe
  C:\Windows\System\WWyQwlT.exe
  2⤵
  PID:9204
- C:\Windows\System\rYFuAeq.exe
  C:\Windows\System\rYFuAeq.exe
  2⤵
  PID:9124
- C:\Windows\System\xkHbycH.exe
  C:\Windows\System\xkHbycH.exe
  2⤵
  PID:8704
- C:\Windows\System\UiqRnyL.exe
  C:\Windows\System\UiqRnyL.exe
  2⤵
  PID:8604
- C:\Windows\System\zKvRYIM.exe
  C:\Windows\System\zKvRYIM.exe
  2⤵
  PID:8792
- C:\Windows\System\EBGIbxN.exe
  C:\Windows\System\EBGIbxN.exe
  2⤵
  PID:8316
- C:\Windows\System\pZevUzo.exe
  C:\Windows\System\pZevUzo.exe
  2⤵
  PID:8332
- C:\Windows\System\thnGgrq.exe
  C:\Windows\System\thnGgrq.exe
  2⤵
  PID:564
- C:\Windows\System\OFMsJDT.exe
  C:\Windows\System\OFMsJDT.exe
  2⤵
  PID:9076
- C:\Windows\System\UzkKlRx.exe
  C:\Windows\System\UzkKlRx.exe
  2⤵
  PID:9444
- C:\Windows\System\TzLGPcq.exe
  C:\Windows\System\TzLGPcq.exe
  2⤵
  PID:9464
- C:\Windows\System\KcMdgnV.exe
  C:\Windows\System\KcMdgnV.exe
  2⤵
  PID:9812
- C:\Windows\System\WULPeTK.exe
  C:\Windows\System\WULPeTK.exe
  2⤵
  PID:9988
- C:\Windows\System\ybFCVDK.exe
  C:\Windows\System\ybFCVDK.exe
  2⤵
  PID:10004
- C:\Windows\System\sWwJQHR.exe
  C:\Windows\System\sWwJQHR.exe
  2⤵
  PID:10020
- C:\Windows\System\MBAPfWN.exe
  C:\Windows\System\MBAPfWN.exe
  2⤵
  PID:10036
- C:\Windows\System\yuPhbyF.exe
  C:\Windows\System\yuPhbyF.exe
  2⤵
  PID:10052
- C:\Windows\System\lKkbAGP.exe
  C:\Windows\System\lKkbAGP.exe
  2⤵
  PID:10068
- C:\Windows\System\boHdYZO.exe
  C:\Windows\System\boHdYZO.exe
  2⤵
  PID:10084
- C:\Windows\System\BMfMYZT.exe
  C:\Windows\System\BMfMYZT.exe
  2⤵
  PID:10100
- C:\Windows\System\cIjSxZx.exe
  C:\Windows\System\cIjSxZx.exe
  2⤵
  PID:10116
- C:\Windows\System\dLzEHHJ.exe
  C:\Windows\System\dLzEHHJ.exe
  2⤵
  PID:10132
- C:\Windows\System\OaITBUK.exe
  C:\Windows\System\OaITBUK.exe
  2⤵
  PID:10152
- C:\Windows\System\atiwXpO.exe
  C:\Windows\System\atiwXpO.exe
  2⤵
  PID:10168
- C:\Windows\System\jnSgkDg.exe
  C:\Windows\System\jnSgkDg.exe
  2⤵
  PID:10184
- C:\Windows\System\yacXpcF.exe
  C:\Windows\System\yacXpcF.exe
  2⤵
  PID:10200
- C:\Windows\System\WVMgBgH.exe
  C:\Windows\System\WVMgBgH.exe
  2⤵
  PID:10216
- C:\Windows\System\OEyHKUH.exe
  C:\Windows\System\OEyHKUH.exe
  2⤵
  PID:10232
- C:\Windows\System\sQpHzKa.exe
  C:\Windows\System\sQpHzKa.exe
  2⤵
  PID:9344
- C:\Windows\System\KvDWpia.exe
  C:\Windows\System\KvDWpia.exe
  2⤵
  PID:9360
- C:\Windows\System\gAKaROs.exe
  C:\Windows\System\gAKaROs.exe
  2⤵
  PID:8608
- C:\Windows\System\EFQKVvF.exe
  C:\Windows\System\EFQKVvF.exe
  2⤵
  PID:8928
- C:\Windows\System\fjpRQcO.exe
  C:\Windows\System\fjpRQcO.exe
  2⤵
  PID:9256
- C:\Windows\System\NEbpgMM.exe
  C:\Windows\System\NEbpgMM.exe
  2⤵
  PID:9244
- C:\Windows\System\MCraMEZ.exe
  C:\Windows\System\MCraMEZ.exe
  2⤵
  PID:9264
- C:\Windows\System\kBdBtlV.exe
  C:\Windows\System\kBdBtlV.exe
  2⤵
  PID:9280
- C:\Windows\System\FblUpAQ.exe
  C:\Windows\System\FblUpAQ.exe
  2⤵
  PID:9300
- C:\Windows\System\KsPhzXN.exe
  C:\Windows\System\KsPhzXN.exe
  2⤵
  PID:9312
- C:\Windows\System\qQAFXMj.exe
  C:\Windows\System\qQAFXMj.exe
  2⤵
  PID:9328
- C:\Windows\System\RHosPpc.exe
  C:\Windows\System\RHosPpc.exe
  2⤵
  PID:9416
- C:\Windows\System\OsjciQd.exe
  C:\Windows\System\OsjciQd.exe
  2⤵
  PID:9428
- C:\Windows\System\qOLYnim.exe
  C:\Windows\System\qOLYnim.exe
  2⤵
  PID:9380
- C:\Windows\System\lPKFJMO.exe
  C:\Windows\System\lPKFJMO.exe
  2⤵
  PID:9392
- C:\Windows\System\jYlUgDm.exe
  C:\Windows\System\jYlUgDm.exe
  2⤵
  PID:9376
- C:\Windows\System\DyZGCEr.exe
  C:\Windows\System\DyZGCEr.exe
  2⤵
  PID:9440
- C:\Windows\System\IQnLhlY.exe
  C:\Windows\System\IQnLhlY.exe
  2⤵
  PID:9480
- C:\Windows\System\akQeuiZ.exe
  C:\Windows\System\akQeuiZ.exe
  2⤵
  PID:9500
- C:\Windows\System\UvPQDCL.exe
  C:\Windows\System\UvPQDCL.exe
  2⤵
  PID:9820
- C:\Windows\System\IzIhqRt.exe
  C:\Windows\System\IzIhqRt.exe
  2⤵
  PID:9536
- C:\Windows\System\KRJQxgo.exe
  C:\Windows\System\KRJQxgo.exe
  2⤵
  PID:9556
- C:\Windows\System\VjsVHup.exe
  C:\Windows\System\VjsVHup.exe
  2⤵
  PID:9564
- C:\Windows\System\XZUmuum.exe
  C:\Windows\System\XZUmuum.exe
  2⤵
  PID:9584
- C:\Windows\System\OrzkWnG.exe
  C:\Windows\System\OrzkWnG.exe
  2⤵
  PID:9604
- C:\Windows\System\MRvGhEK.exe
  C:\Windows\System\MRvGhEK.exe
  2⤵
  PID:9616
- C:\Windows\System\uJFLNMq.exe
  C:\Windows\System\uJFLNMq.exe
  2⤵
  PID:9636
- C:\Windows\System\gngXrTc.exe
  C:\Windows\System\gngXrTc.exe
  2⤵
  PID:9644
- C:\Windows\System\JPapJPb.exe
  C:\Windows\System\JPapJPb.exe
  2⤵
  PID:9660
- C:\Windows\System\KJplbHt.exe
  C:\Windows\System\KJplbHt.exe
  2⤵
  PID:9676
- C:\Windows\System\sQIYYnr.exe
  C:\Windows\System\sQIYYnr.exe
  2⤵
  PID:9692
- C:\Windows\System\fmQcgqj.exe
  C:\Windows\System\fmQcgqj.exe
  2⤵
  PID:9708
- C:\Windows\System\rYqilvZ.exe
  C:\Windows\System\rYqilvZ.exe
  2⤵
  PID:9724
- C:\Windows\System\CXlYlbP.exe
  C:\Windows\System\CXlYlbP.exe
  2⤵
  PID:9740
- C:\Windows\System\fzjtlQX.exe
  C:\Windows\System\fzjtlQX.exe
  2⤵
  PID:9764
- C:\Windows\System\XCVTyyD.exe
  C:\Windows\System\XCVTyyD.exe
  2⤵
  PID:9784
- C:\Windows\System\gnBersk.exe
  C:\Windows\System\gnBersk.exe
  2⤵
  PID:9804
- C:\Windows\System\hNnYwNh.exe
  C:\Windows\System\hNnYwNh.exe
  2⤵
  PID:9836
- C:\Windows\System\ZJZkLSU.exe
  C:\Windows\System\ZJZkLSU.exe
  2⤵
  PID:9856
- C:\Windows\System\epARHOD.exe
  C:\Windows\System\epARHOD.exe
  2⤵
  PID:9880
- C:\Windows\System\oSUfrdn.exe
  C:\Windows\System\oSUfrdn.exe
  2⤵
  PID:9896
- C:\Windows\System\VcUrRze.exe
  C:\Windows\System\VcUrRze.exe
  2⤵
  PID:9912
- C:\Windows\System\dAbrOet.exe
  C:\Windows\System\dAbrOet.exe
  2⤵
  PID:9936
- C:\Windows\System\vRNacsw.exe
  C:\Windows\System\vRNacsw.exe
  2⤵
  PID:9952
- C:\Windows\System\yTybfDn.exe
  C:\Windows\System\yTybfDn.exe
  2⤵
  PID:9968
- C:\Windows\System\TsFJAQr.exe
  C:\Windows\System\TsFJAQr.exe
  2⤵
  PID:9984
- C:\Windows\System\tPvUTYB.exe
  C:\Windows\System\tPvUTYB.exe
  2⤵
  PID:10048
- C:\Windows\System\xdppNBP.exe
  C:\Windows\System\xdppNBP.exe
  2⤵
  PID:10060
- C:\Windows\System\cRfaxta.exe
  C:\Windows\System\cRfaxta.exe
  2⤵
  PID:10124
- C:\Windows\System\supEPpQ.exe
  C:\Windows\System\supEPpQ.exe
  2⤵
  PID:10108
- C:\Windows\System\nxNmMlj.exe
  C:\Windows\System\nxNmMlj.exe
  2⤵
  PID:10112
- C:\Windows\System\vQLVRdf.exe
  C:\Windows\System\vQLVRdf.exe
  2⤵
  PID:9288
- C:\Windows\System\VFLTSGC.exe
  C:\Windows\System\VFLTSGC.exe
  2⤵
  PID:9524
- C:\Windows\System\afmsXai.exe
  C:\Windows\System\afmsXai.exe
  2⤵
  PID:9548
- C:\Windows\System\olasJfb.exe
  C:\Windows\System\olasJfb.exe
  2⤵
  PID:9620
- C:\Windows\System\FxjyMLz.exe
  C:\Windows\System\FxjyMLz.exe
  2⤵
  PID:9632
- C:\Windows\System\mSBhnMn.exe
  C:\Windows\System\mSBhnMn.exe
  2⤵
  PID:10096
- C:\Windows\System\svcDfKg.exe
  C:\Windows\System\svcDfKg.exe
  2⤵
  PID:9492
- C:\Windows\System\VGWuOvR.exe
  C:\Windows\System\VGWuOvR.exe
  2⤵
  PID:9612
- C:\Windows\System\vnkAqou.exe
  C:\Windows\System\vnkAqou.exe
  2⤵
  PID:9700
- C:\Windows\System\FrusuRU.exe
  C:\Windows\System\FrusuRU.exe
  2⤵
  PID:9776
- C:\Windows\System\MyAYZrW.exe
  C:\Windows\System\MyAYZrW.exe
  2⤵
  PID:9720
- C:\Windows\System\BvYsNTl.exe
  C:\Windows\System\BvYsNTl.exe
  2⤵
  PID:9808
- C:\Windows\System\xkChZlm.exe
  C:\Windows\System\xkChZlm.exe
  2⤵
  PID:9828
- C:\Windows\System\ExuVRxK.exe
  C:\Windows\System\ExuVRxK.exe
  2⤵
  PID:9868
- C:\Windows\System\mNNbfgs.exe
  C:\Windows\System\mNNbfgs.exe
  2⤵
  PID:9876
- C:\Windows\System\bJNZqoP.exe
  C:\Windows\System\bJNZqoP.exe
  2⤵
  PID:9920
- C:\Windows\System\HSMGHFG.exe
  C:\Windows\System\HSMGHFG.exe
  2⤵
  PID:9980
- C:\Windows\System\yUAJRYV.exe
  C:\Windows\System\yUAJRYV.exe
  2⤵
  PID:9892
- C:\Windows\System\NrfDrOP.exe
  C:\Windows\System\NrfDrOP.exe
  2⤵
  PID:9928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdeNMVb.exe

Filesize
6.0MB

MD5
772f6aae39560a7c6f647d70560543cd

SHA1
f8a4690be8dd6724b7505796f2a76f5ac1491f69

SHA256
b0fc8c875d0f84f9cb38d3b0e4e8909b6163712aff6b06e2d3e973b50ee49517

SHA512
7604ec41087819b0aa0a77c8da1b2f3b21461d200a63a82bb880905ab1089407ab646fa444e458a51993611b6ad40d414d0a8f5a43cdb2d0d7343ef5de9a38d3

Download Submit
C:\Windows\system\DqgfflW.exe

Filesize
6.0MB

MD5
db0a100e94321d93ee7ecbf33a388e13

SHA1
c5641c0f36566fe9faa2dfef3ceddfa02052d9a6

SHA256
5a10bcc8c47c29006d9a5bdc7e12e81c8aab8847102225a5b1cd4d72ffe00921

SHA512
e61585ca65454ca0b8b75c576f8908cb9db698fc68bb7d757b06c2e5a4c59c75fb07c82ab4d09fb608b7b67a51489891a0218468b7ae0c3e90ad5335690dc6e4

Download Submit
C:\Windows\system\GaghOlt.exe

Filesize
6.0MB

MD5
043a0167d240f29b31fd6030fd5c4fe4

SHA1
d1c489da953d17b619d0c55dd81cad7d4dc01149

SHA256
7c4bb977849f5e1b577600f0d3a1f4411675b9012b50afd8917f693ed20e98ac

SHA512
bba375b246475c5db92d4db72c4279a39da4ed289aad4c41c8b21c872bfc66f7ae126ae8ffacf5b1cd332f255d695b5f18cda5b427975ea6d6448e0ce1e56805

Download Submit
C:\Windows\system\GcDegbZ.exe

Filesize
6.0MB

MD5
369a00440730d658356480048cfcbd7c

SHA1
87abc6fe9fe218c0f537f1980e6fbef48d9d3f74

SHA256
188ff9d49bd08915ee0b9c800faf8ebad5fbf608eab84ec9e3f9df4f4c9156ef

SHA512
990fc7dde424157aa2ddd28a892601c1326938d7fc7c1b8f741b4da1eb32512b337eef69428c1385b69a18ffd2c5d745252280c6ce72ce2b12c523851f9e599e

Download Submit
C:\Windows\system\HJaNMHh.exe

Filesize
6.0MB

MD5
7ee7d156441fd6aa028b30df1693f964

SHA1
fda2571a7deaffdcfec44a081ea9c422aad6163d

SHA256
7ea207903dc5f3cb62b8ffcc2ee2ad1b584eacc484d5617f83835251d01c6ccb

SHA512
6b28363a6d6f52f498f90c2e358e8197f8645462218c95ef50cb69c82452ec21ad3094a824b662a8f0f5212f404a431b7f3b8a30025a723daa8c0dc7da9c30e6

Download Submit
C:\Windows\system\LWnKCjo.exe

Filesize
6.0MB

MD5
8107dd87728319084371b31b20cb9a1c

SHA1
8360ce341c3aea380d6cdba94ed261fe3597c43d

SHA256
a8b2eeaeb5696dbca176f61bf98287f554a21c4e99d6a9f1dd7b57160962438b

SHA512
439d9d67f57110e6c95d15043dde6191229c32fcd08928898d9e8cbb530889e24240fa56b0c18b7b33cf6d60a9662da25e7d22b83326ab814a8abf0111b71f61

Download Submit
C:\Windows\system\MMFYowO.exe

Filesize
6.0MB

MD5
f268810b7dd9a8b44d1b80d0341b0610

SHA1
02068d831a9b847933ccbc81019b3dd47c41d8e5

SHA256
a1fdab6055f2b6606170aa75636f4e1881b68316e47d70de65980ef862dffff1

SHA512
68becd22684a8381a5126a2020a3a30f656a38a807438bf29a4960734d46a98db7f8b5bcea22afb5a150f821f5c1c894fef4eece04a98c1dd12710498827fa4f

Download Submit
C:\Windows\system\OhLLgQS.exe

Filesize
6.0MB

MD5
5f2b879110e3f7bf2382cf503506f288

SHA1
9d77438f8a3e7a33771fd7a911e1f0a0d99bf897

SHA256
82e5506a3487110a01a6000d81b3d6db4ece75a5ec6340f855f199ad6f433837

SHA512
dc4ae392255753aa1573de2712ca011fa7e7b4a26f7f19900713db3c52b24aecf5f8d2ad2e869ed9bcc793cc6b147ff0801dcc4c63e6139e9ff15ef4ecaf9e46

Download Submit
C:\Windows\system\OsxFuwq.exe

Filesize
6.0MB

MD5
8d48cb1ca1d61859846c6d34531690ae

SHA1
ab292cb22cdaebfc06a0c2dab47cb22e7521c9e1

SHA256
62f7d8e3ad258d077510b3cc0b268288beac9fc5ca2c157e103043a4c57e2c42

SHA512
73509209565984a63393c18bfb2c49d6be83a96f007ee375648f952e83f405755c3ab03b698439d5227e2228a7ea14f362c5504ec4608782976694df063c4356

Download Submit
C:\Windows\system\PkcWrci.exe

Filesize
6.0MB

MD5
7a62e412d65f24ad8c9c622395c6875b

SHA1
00bbb6637bf3e82f2ef1d8a0768bcbcbbdbf19fc

SHA256
e0f8f7d1e350712b2681586422f11683f76838bbc130eed60214e3f39b0b085a

SHA512
5aaddba43251e6b4742db8615b99ca2be900f77540b61ede2920deabac3669686837afb7c60a42f1181db122c981f8a923f7bc8636ce0dc8df8c89cfffb89b7c

Download Submit
C:\Windows\system\ZJBVplg.exe

Filesize
6.0MB

MD5
cdf96f0dacf4d8609134c616242619a9

SHA1
410c7655b6cad9236a49593586c40f2fc3219d13

SHA256
e5d85690e4430c99ce289e7222ca9a762bff7b22955bfbebbbc13e662471aca3

SHA512
db35f359cf8e2605d30d3c9a163caa4eb8d3f4fbcf7f5b06a93cf98c7aea14cb578d0f36182c5ea409de0d21d97fcda232adb2061d9da7cdde05a93861a53901

Download Submit
C:\Windows\system\cgRSRaE.exe

Filesize
6.0MB

MD5
ba9ce7a073013040037a0ca9eea8a91e

SHA1
50e2b4e577dc5015112edcb3966f304317eedb9b

SHA256
62a9c500749624cfde8a301285255e034f3997c38234ce8be1dbc84c9ae7c24f

SHA512
0d4538a84cec2fc27518078200e306bc40c09897ffeffc127c4b6ae4c559388697e88db5505a9264f3e66bd65d6ce8ca835304705baa5e427e27247b17d01c6f

Download Submit
C:\Windows\system\fkaGLQG.exe

Filesize
6.0MB

MD5
a05e2cf81ff53c41861245d3c1f54055

SHA1
85a5a75e47eca4c7e6823ef552c36ba399a4eada

SHA256
39a77ed22d7a33b465bd0e8cd76fc9c39c9ad478f7f8cca54242071288cfd5af

SHA512
8c40d688b725136dae416d66b5f623c145d9c25148166bc43eeeaffc590ebf16d5c8ab37265f3afc9b43bcd7f08876f572be15cd62fe39b41ede458ce648eb08

Download Submit
C:\Windows\system\hoYKLHH.exe

Filesize
6.0MB

MD5
91b12b6d45d655042bc6fa774d24b797

SHA1
b21ed1d865c95ffab68fc6c857833a3d8c50b4b5

SHA256
9387781aa140f876363a1f5b77f7be0d8c9df31812f833eaf9a6ca82b72b56e3

SHA512
1f34837c460ef0711989e59af336a14bfd0099f2831ca4492e2a4bbc561e2659126203dcf858951d1937024b422e49f74c6024bd4bf622092900aab4fbf66f6c

Download Submit
C:\Windows\system\hpSbWpo.exe

Filesize
6.0MB

MD5
7f858bab8a319e86b44fc21695141b1c

SHA1
026600c4c528cbb7fe2c3d1e0e768a2602572e0e

SHA256
dcb54dd4da6d87b29fce5f798d4d02a9e994dcf566cd6291907306ca23bc1af4

SHA512
e6245c2ec8880a598ee3a2628969f37e50afd3ec874dd7ec8ef98b4d429d9effabf6852daacd4ef8a0461ace0fbd002247fd2691f0108eff32dbd9194dd73af2

Download Submit
C:\Windows\system\hwnodxf.exe

Filesize
6.0MB

MD5
93520fc7013f264389ac66bf33c54604

SHA1
d2b6bd4fe44e4e3993f80352e7fea646a42037f7

SHA256
db17c49df97ed1178376bc9d6bdf357dc27b10aa1e8344b568b7671dc71aba37

SHA512
8fcb417a40c51dde25b2909530dc4a0df4bcd3fb03297837340ce115be3837baf653f246ee44a465b6e7f2ef4e9cc683bbd06a19c0080196769484f82d6ac71f

Download Submit
C:\Windows\system\isxUezg.exe

Filesize
6.0MB

MD5
5cd0aee4a574e37c47cda822ff5a64e4

SHA1
43646b7282ba26f50a98dc4c9c3856431e4e989e

SHA256
04c14dee2ec25e0afc9aa2bf4a92098ac54d60db32353a7ae4cddf2c8ab2a1ca

SHA512
fef1d80b8d1542fe408f08c0e9f71630101b5ea9d26f332c1d62da0a793a39dace7382a277aa5df066d8fb8dfa49ef2213597356529a35bc5ed4d2fac2ca8c87

Download Submit
C:\Windows\system\itAFtuE.exe

Filesize
6.0MB

MD5
afa82ad3c65ce2db6e70448abc4cb7a5

SHA1
fd50347e54ef199a830313b807486ddfab8a5236

SHA256
37625216a23caf3bce13562578cb66680b247cd73475cfba640b5a77ddb2e68b

SHA512
ba872e80b0d7e9ec25c51626913a17381479f0885bebaa3c2415b4e518f4b128b051423317eb5b890710975e8a0695d57a06b26158830e3e97663da91e239f71

Download Submit
C:\Windows\system\mcGXskX.exe

Filesize
6.0MB

MD5
5d7fdae68d0637d597ea2218f8872b06

SHA1
c981dd4631001d90eec65962be16652754302363

SHA256
3a6bbd799245dfe8f664ed5ed08e0dde21bc65876da25ad37636d2d4a660e745

SHA512
4e0a4387b4b2a5cb88e7317b75c2aa85bcc81cb45e53b9b417d1b942a5fe6e000c50bfdbcad1237f467e3294d81adc23a0a1cd48e5a3470d23d00c3ee419289e

Download Submit
C:\Windows\system\rPLxxrP.exe

Filesize
6.0MB

MD5
a79d7c5b779dbc47c2fbdb459e019dbe

SHA1
7c2835c4653b238336d9df8465d3ddac1b22ab94

SHA256
5c1d3f69cff9a2ce71b433fe98e147154cbe3982f288aedf3864374fa3bb77bb

SHA512
bfeb4bff83965e703695322f458b4d817ddc10bf441d5e045db1fd46faad9ed9a1901b028eb143a340310cfb890328653198d5bd65039b9f0e488be7118c0be8

Download Submit
C:\Windows\system\stzTrja.exe

Filesize
6.0MB

MD5
5340ef7e10a32594d2b92e61247335d8

SHA1
1ec62429ce0b74ad8ceb64b23cd37716158cb5f9

SHA256
9ef6daf22a7ffee9cebe0ca1702ff153fd000b7696967ac2a7f7121824e34948

SHA512
4970d19e38aa9f4d82d86566f74a47bf9cfa1b62e6dc5b2f048da97f54385b59730a4b73da49bee268ace32280377a8e339665d4bb9ab6ab9ee097baf2acca46

Download Submit
C:\Windows\system\vrGHmID.exe

Filesize
6.0MB

MD5
530b2be07458489fc7f04241bfe1952d

SHA1
f20b2d7ed2ee7c04fdb46f1043e27f18e52e7b89

SHA256
9c0e65372e99ff8cb2bd1ba853cfff65936e688bca20ec68b7f1f26a29c5b424

SHA512
9481c59dc04109673bf7d4814a592fbfc306c1b5b1ea2b4cad47e5d7d41c8546fc0615cdbb4ac36264d517ae79aaeabd0d2c4fed6759b22a33d6a8970d8ac99b

Download Submit
C:\Windows\system\ygoyVny.exe

Filesize
6.0MB

MD5
40fdd8426bca008406aa5b8604118136

SHA1
785dcea8a67154dbe737562590d94732636753b9

SHA256
2680fafd4e1f386ee98c5f77fca06a2b9da8229a4b21afb0c1c7d7a5d2db4412

SHA512
00c796f7bef627eedbc59a29aca28d884f80c9a227b2e0dc37e5d292200aec57cd5fa85276aed4a9514b821effefe0a009e58b244cfaec0a69918aae5b5401ab

Download Submit
C:\Windows\system\zBAsBhZ.exe

Filesize
6.0MB

MD5
9447d5bbc9e68cb5b1fce020d37a583f

SHA1
40fe0fe9f1a79220af52136a96754d6ff9f45d02

SHA256
f7ae98092cb56a61761d460a7715f5fd8483d6008fea4d84d0f9e12178da7908

SHA512
01fae5cbf7d23cdbd1466aad69b306797df994329f82151a9c70196305cb4a5f16f53d4ce8541e4caa7ac87df042315d6f1609e392f41d59ebd727b1ede91ea6

Download Submit
C:\Windows\system\zGekDDG.exe

Filesize
6.0MB

MD5
36786eb3eaf6ca5de9ed2d880abf9b75

SHA1
7bd37d6df3abd1ee28c18ff3586813027975d2de

SHA256
127ef0de190dcfc7fd7c4999a52bdb990dd04d91089de2df326e3d4e5b40c7f1

SHA512
c1a613aa53ab24c866adcb7639598f9465b376445bacccca22d26c7de407c4318c5c3c136446d3aaadcb3b04e13c660ce8d62fb6c67b1e3d4048f2cea45631c9

Download Submit
C:\Windows\system\ziXaTMX.exe

Filesize
6.0MB

MD5
cf2ee1d9627d6fc74af0dc20a55b3c46

SHA1
f0ca760106492dc8e72e2edcfd627fc1c8867b2f

SHA256
cdccf3500e942649d0dd953512855b52a13a16d020becb52821e888b567f4510

SHA512
7b31392b3c9052452bd662171c3cc486ac9c86c75d1ea1c0ea2978945cc86d951495d3b5670bfb8f3129523ef1347c649457e2aa0aeda28470ae09647aadbab0

Download Submit
\Windows\system\AtujGMF.exe

Filesize
6.0MB

MD5
711cbafdd9dd1ee0c4f2a5561f534d43

SHA1
87a734df9dfba82abd092e4f31afdb35aca7501c

SHA256
676eca42bc86b22d412a0a5731c657ff3886cb0675cc6baa2d645711637d1be4

SHA512
d994e537caba66977c7ce7c7e61d512f0fe19197ebbaaa8e2e92ada613b6b63700cf06e0199dc3851de9ddbe0cf5b9c086910a2afdfbb363b4d80b14d64bcde6

Download Submit
\Windows\system\NBjOTeb.exe

Filesize
6.0MB

MD5
c5929eb5170087106035703484a350ab

SHA1
4a0f117a4c3e9cea372eaeae21c129aff649f1c2

SHA256
d5587635d9a76cc699b4c2b00fa3fcb0e7736aabd6dcac9739ad7b25ebd29403

SHA512
f39620a2a7c1a14548243db7bc6536bd24f7fe7d6632a3af8a3f5638b6440a5a19e1c3ef1a33a20ba67f5a913739f9d7c303da41e6cd8ea7cc3aa70a288178c5

Download Submit
\Windows\system\duCGXqf.exe

Filesize
6.0MB

MD5
40259453395b2f86859c73f43dd34dff

SHA1
44e8ea4638c1d7eb198826ade2158ad5082d401c

SHA256
c7bdf0f34f845d545e6bc16678f87b5bf33c6118395ac20c0f1d6d5e08e6cb0e

SHA512
e80eb9ab990dd9e8e49402bcd33cec09f78276a1dc96b1c97ba618816d2d684685189a9d8a0d52fe41c4ece1a07b5c55551cfadeead635d60c4ae9ffa8149edc

Download Submit
\Windows\system\kJrZVRX.exe

Filesize
6.0MB

MD5
ecf7899ea422f1e4ad7f2be1477cffa6

SHA1
c5d6fd655a237952966f6ae92870aae39ce641f4

SHA256
4f6c003ef97075111d67b6c3e33f6ebd98d9d42d59de922b0ed3c3e95b9d4ee9

SHA512
fa7b1dc23906e7b423f1389e2c00406be42e5bf943ba14c1cd284347b1e4b756b6336331ca724a00c0049544d21926b02c401e8d20956ec524f91c13d9a1ebe3

Download Submit
\Windows\system\kWJfZYz.exe

Filesize
6.0MB

MD5
b05c64a08eb62650e21b6cf740f1eb83

SHA1
ae473bd6e7a2943553489c5e4f664b549f96f6ed

SHA256
ec2ef0f69cc3dd10a4c8de2beb720c1f6063c9bf04e1dea400f32aa244f0be50

SHA512
26d413c0f41e6db7daba3994e64768fa52845f2773cbe22b481bf1eb529eeb573a5e5572261c3e81c0d278976b7ba543767dc32d6088083cbb17df15150ea53c

Download Submit
\Windows\system\ysXKCvt.exe

Filesize
6.0MB

MD5
9047bccdc65a64209916702995b86a44

SHA1
98f663fe9b898d36789c5f89c2fab213b7484994

SHA256
31417e8b99533d12f1d5d7bceca65cfa3abad61f3d398ea119e08778ef0c5ba6

SHA512
781874d0cfb4c7aafe32cd70febe4c9c2c9b14c77cc9ae0ff7f58215f44e1ffaada2a47b96d276f5cf4c8005bcf0047ab376e8182ec3adfda66184ea21014b0e

Download Submit
memory/1304-3624-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1304-82-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3535-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1600-80-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1600-29-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3601-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1620-112-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1620-73-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1728-104-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-919-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3654-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3594-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2088-91-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2388-65-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3591-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2412-42-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2412-17-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-359-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-97-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2412-545-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2412-727-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-72-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2412-918-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-81-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1078-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-19-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2412-66-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2412-103-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-67-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-36-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-51-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-24-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2412-64-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-96-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2412-89-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-53-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2412-90-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2412-27-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3576-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2580-54-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2604-37-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3564-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3566-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-58-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-26-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3542-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3541-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2728-25-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3555-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2744-48-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2744-88-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3665-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2800-728-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2800-98-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3519-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-21-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download