cobaltstrike | 8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810

Analysis

max time kernel
123s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
Size

6.0MB
MD5

e877f474af852e70830a505680f6859d
SHA1

6a42b73a7639a478163b71fffe263a81c4696ce7
SHA256

8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810
SHA512

94edc071b5c54e0bdcdb233ee04da41947ab5a9c55351d7ebeda748c09d912ed5d749e8d96c0d735a3a390b55dd5fde48bef9c05b92bf980696dc6da2e736a08
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUZ:eOl56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000016875-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c80-16.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d54-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-88.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186e7-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d43-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d4b-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2a-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd7-23.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-6.dat	xmrig
behavioral1/files/0x002d000000016875-8.dat	xmrig
behavioral1/memory/2416-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2740-14-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c80-16.dat	xmrig
behavioral1/memory/2916-21-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d54-53.dat	xmrig
behavioral1/memory/2548-84-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2916-95-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001878e-114.dat	xmrig
behavioral1/files/0x0005000000019360-169.dat	xmrig
behavioral1/memory/2548-722-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1788-1328-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2732-1054-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-190.dat	xmrig
behavioral1/files/0x00050000000193c4-183.dat	xmrig
behavioral1/files/0x00050000000193b6-179.dat	xmrig
behavioral1/files/0x00050000000193a6-173.dat	xmrig
behavioral1/files/0x000500000001933f-163.dat	xmrig
behavioral1/files/0x0005000000019297-159.dat	xmrig
behavioral1/files/0x0005000000019278-149.dat	xmrig
behavioral1/files/0x0005000000019284-153.dat	xmrig
behavioral1/files/0x0005000000019269-144.dat	xmrig
behavioral1/files/0x0005000000019250-139.dat	xmrig
behavioral1/files/0x0005000000019246-134.dat	xmrig
behavioral1/files/0x0006000000018c16-129.dat	xmrig
behavioral1/files/0x0006000000018b4e-124.dat	xmrig
behavioral1/files/0x00050000000187a8-119.dat	xmrig
behavioral1/files/0x0005000000018744-109.dat	xmrig
behavioral1/memory/2692-105-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-102.dat	xmrig
behavioral1/memory/1788-97-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0005000000018704-94.dat	xmrig
behavioral1/memory/2732-90-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2520-83-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-82.dat	xmrig
behavioral1/memory/2652-81-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-88.dat	xmrig
behavioral1/memory/2216-80-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2520-78-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2808-77-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000186e7-76.dat	xmrig
behavioral1/memory/2876-73-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-72.dat	xmrig
behavioral1/memory/2664-71-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2692-59-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-57.dat	xmrig
behavioral1/memory/2520-55-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2796-54-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d43-52.dat	xmrig
behavioral1/files/0x0009000000016d4b-64.dat	xmrig
behavioral1/files/0x0007000000016d2a-39.dat	xmrig
behavioral1/memory/2768-35-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cd7-23.dat	xmrig
behavioral1/memory/2416-3169-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2740-3177-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2796-3172-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2916-3171-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2216-3214-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2664-3213-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2808-3205-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2876-3196-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2652-3258-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2416	gKoMDco.exe
2740	dsJmPnm.exe
2916	LGqBAqw.exe
2768	BuSyVsD.exe
2796	eFsZCvH.exe
2664	GmsDFNo.exe
2692	xAjDWfg.exe
2876	rVJTsnx.exe
2808	LVSSMbX.exe
2216	jytrLno.exe
2652	sZkMLZv.exe
2548	AkiEwoo.exe
2732	PAywAtz.exe
1788	wBKzhzP.exe
2564	BsoxZcm.exe
1844	ugSNOsc.exe
2724	EyArvPK.exe
2100	BFYyYbN.exe
2040	hwdjCMH.exe
2384	XAnbCAD.exe
3000	EjcNGTJ.exe
1784	QaIPRFx.exe
1508	Ambiqpc.exe
1960	cwUAbGa.exe
1488	RTfnsnd.exe
600	tiyzzcd.exe
2236	tdGZMCz.exe
2824	nvJMBEb.exe
1320	SlJiEsy.exe
2432	XcYaASF.exe
1524	kpFZxGo.exe
448	SgjucYk.exe
2140	IqwcEUX.exe
2156	kXglDcO.exe
2536	CjCkINb.exe
2108	oSmPBBn.exe
1612	MzuQktZ.exe
540	ZNRXQLX.exe
1532	SkSOXOx.exe
1556	icAgFYh.exe
1584	dMUMxOu.exe
1736	tPmWsqz.exe
1724	IcvbEMl.exe
1740	FDQGapd.exe
616	wcCvDZS.exe
2720	OmPiKQN.exe
2296	DIdFkWp.exe
548	kxUemgC.exe
2976	EBAtsku.exe
1884	TAgiIMP.exe
1040	RELEVUs.exe
1688	YTMGrfN.exe
896	JHmvuOE.exe
2332	oyRSRJu.exe
2280	DocUUac.exe
2500	EPeyBrm.exe
2540	YsErDDp.exe
1568	XBYkYqC.exe
2744	EKMrehh.exe
2760	ejGVdHB.exe
2672	cMcehbr.exe
2648	OzdtxaM.exe
1968	PkObnBj.exe
1768	QAVPbdb.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000c000000012281-6.dat	upx
behavioral1/files/0x002d000000016875-8.dat	upx
behavioral1/memory/2416-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2740-14-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0008000000016c80-16.dat	upx
behavioral1/memory/2916-21-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0009000000016d54-53.dat	upx
behavioral1/memory/2548-84-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2916-95-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x000500000001878e-114.dat	upx
behavioral1/files/0x0005000000019360-169.dat	upx
behavioral1/memory/2548-722-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1788-1328-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2732-1054-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x00050000000193df-190.dat	upx
behavioral1/files/0x00050000000193c4-183.dat	upx
behavioral1/files/0x00050000000193b6-179.dat	upx
behavioral1/files/0x00050000000193a6-173.dat	upx
behavioral1/files/0x000500000001933f-163.dat	upx
behavioral1/files/0x0005000000019297-159.dat	upx
behavioral1/files/0x0005000000019278-149.dat	upx
behavioral1/files/0x0005000000019284-153.dat	upx
behavioral1/files/0x0005000000019269-144.dat	upx
behavioral1/files/0x0005000000019250-139.dat	upx
behavioral1/files/0x0005000000019246-134.dat	upx
behavioral1/files/0x0006000000018c16-129.dat	upx
behavioral1/files/0x0006000000018b4e-124.dat	upx
behavioral1/files/0x00050000000187a8-119.dat	upx
behavioral1/files/0x0005000000018744-109.dat	upx
behavioral1/memory/2692-105-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0005000000018739-102.dat	upx
behavioral1/memory/1788-97-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0005000000018704-94.dat	upx
behavioral1/memory/2732-90-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2520-83-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x00050000000186f1-82.dat	upx
behavioral1/memory/2652-81-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-88.dat	upx
behavioral1/memory/2216-80-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2808-77-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x00070000000186e7-76.dat	upx
behavioral1/memory/2876-73-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-72.dat	upx
behavioral1/memory/2664-71-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2692-59-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-57.dat	upx
behavioral1/memory/2796-54-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x0007000000016d43-52.dat	upx
behavioral1/files/0x0009000000016d4b-64.dat	upx
behavioral1/files/0x0007000000016d2a-39.dat	upx
behavioral1/memory/2768-35-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0008000000016cd7-23.dat	upx
behavioral1/memory/2416-3169-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2740-3177-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2796-3172-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2916-3171-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2216-3214-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2664-3213-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2808-3205-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2876-3196-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2652-3258-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2548-3270-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1788-3309-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jKfcUpY.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\sAgmYIw.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\vSlNgLF.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\BBpakJp.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\FRFEawb.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\xnFmGoi.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\gOVVcmg.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\PszCaft.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\RUZfDgt.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\mLijFha.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\MdiYRXE.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\ZUmXZUp.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\SSoKTDQ.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\VWmlSoK.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\eBTvZlL.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\BlwOIxf.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\VcHGXLv.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\rwdvHph.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\dEUJWPJ.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\ZNRXQLX.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\elcwuIE.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\EIayUGB.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\SVcZEge.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\pqrlKFd.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\iGshizt.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\dmIkYqt.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\LYQSwth.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\TISUQHy.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\fsiMFmE.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\vNcVqnK.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\NOsQmPB.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\lGHXOKa.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\PeBQBeg.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\dsJmPnm.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\XBYkYqC.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\pboEAqP.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\ENVQooU.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\MXsdPyi.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\xnbvHKb.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\rzxIfVz.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\NottGvB.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\OARxyDG.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\tYdODNU.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\qWCskeR.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\sDwzAUj.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\vHSrHRa.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\NQcaKkZ.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\sMaEVhR.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\AmPsvJD.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\ClyhKAT.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\qhAhjAI.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\OmPiKQN.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\yRTcMrW.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\leZCtKq.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\dvNAAdX.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\yNgdKBg.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\SaWSnYX.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\RRwMgfW.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\dFUAJpp.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\wSDLpAk.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\pODGsmm.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\CXZzjTQ.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\qdklBsu.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
File created	C:\Windows\System\eSdJuRx.exe	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2416	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	31
PID 2520 wrote to memory of 2416	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	31
PID 2520 wrote to memory of 2416	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	31
PID 2520 wrote to memory of 2740	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	32
PID 2520 wrote to memory of 2740	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	32
PID 2520 wrote to memory of 2740	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	32
PID 2520 wrote to memory of 2916	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	33
PID 2520 wrote to memory of 2916	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	33
PID 2520 wrote to memory of 2916	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	33
PID 2520 wrote to memory of 2768	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	34
PID 2520 wrote to memory of 2768	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	34
PID 2520 wrote to memory of 2768	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	34
PID 2520 wrote to memory of 2796	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	35
PID 2520 wrote to memory of 2796	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	35
PID 2520 wrote to memory of 2796	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	35
PID 2520 wrote to memory of 2876	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	36
PID 2520 wrote to memory of 2876	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	36
PID 2520 wrote to memory of 2876	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	36
PID 2520 wrote to memory of 2664	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	37
PID 2520 wrote to memory of 2664	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	37
PID 2520 wrote to memory of 2664	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	37
PID 2520 wrote to memory of 2808	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	38
PID 2520 wrote to memory of 2808	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	38
PID 2520 wrote to memory of 2808	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	38
PID 2520 wrote to memory of 2692	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	39
PID 2520 wrote to memory of 2692	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	39
PID 2520 wrote to memory of 2692	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	39
PID 2520 wrote to memory of 2652	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	40
PID 2520 wrote to memory of 2652	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	40
PID 2520 wrote to memory of 2652	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	40
PID 2520 wrote to memory of 2216	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	41
PID 2520 wrote to memory of 2216	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	41
PID 2520 wrote to memory of 2216	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	41
PID 2520 wrote to memory of 2548	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	42
PID 2520 wrote to memory of 2548	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	42
PID 2520 wrote to memory of 2548	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	42
PID 2520 wrote to memory of 2732	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	43
PID 2520 wrote to memory of 2732	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	43
PID 2520 wrote to memory of 2732	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	43
PID 2520 wrote to memory of 1788	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	44
PID 2520 wrote to memory of 1788	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	44
PID 2520 wrote to memory of 1788	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	44
PID 2520 wrote to memory of 2564	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	45
PID 2520 wrote to memory of 2564	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	45
PID 2520 wrote to memory of 2564	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	45
PID 2520 wrote to memory of 1844	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	46
PID 2520 wrote to memory of 1844	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	46
PID 2520 wrote to memory of 1844	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	46
PID 2520 wrote to memory of 2724	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	47
PID 2520 wrote to memory of 2724	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	47
PID 2520 wrote to memory of 2724	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	47
PID 2520 wrote to memory of 2100	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	48
PID 2520 wrote to memory of 2100	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	48
PID 2520 wrote to memory of 2100	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	48
PID 2520 wrote to memory of 2040	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	49
PID 2520 wrote to memory of 2040	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	49
PID 2520 wrote to memory of 2040	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	49
PID 2520 wrote to memory of 2384	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	50
PID 2520 wrote to memory of 2384	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	50
PID 2520 wrote to memory of 2384	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	50
PID 2520 wrote to memory of 3000	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	51
PID 2520 wrote to memory of 3000	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	51
PID 2520 wrote to memory of 3000	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	51
PID 2520 wrote to memory of 1784	2520	JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e2b26935cb0a5af227ae332410467c086ec5d808c0b7cba889477837fc37810.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\System\gKoMDco.exe
  C:\Windows\System\gKoMDco.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\dsJmPnm.exe
  C:\Windows\System\dsJmPnm.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\LGqBAqw.exe
  C:\Windows\System\LGqBAqw.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\BuSyVsD.exe
  C:\Windows\System\BuSyVsD.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\eFsZCvH.exe
  C:\Windows\System\eFsZCvH.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\rVJTsnx.exe
  C:\Windows\System\rVJTsnx.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\GmsDFNo.exe
  C:\Windows\System\GmsDFNo.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\LVSSMbX.exe
  C:\Windows\System\LVSSMbX.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\xAjDWfg.exe
  C:\Windows\System\xAjDWfg.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sZkMLZv.exe
  C:\Windows\System\sZkMLZv.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\jytrLno.exe
  C:\Windows\System\jytrLno.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\AkiEwoo.exe
  C:\Windows\System\AkiEwoo.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\PAywAtz.exe
  C:\Windows\System\PAywAtz.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\wBKzhzP.exe
  C:\Windows\System\wBKzhzP.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\BsoxZcm.exe
  C:\Windows\System\BsoxZcm.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ugSNOsc.exe
  C:\Windows\System\ugSNOsc.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\EyArvPK.exe
  C:\Windows\System\EyArvPK.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\BFYyYbN.exe
  C:\Windows\System\BFYyYbN.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\hwdjCMH.exe
  C:\Windows\System\hwdjCMH.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\XAnbCAD.exe
  C:\Windows\System\XAnbCAD.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\EjcNGTJ.exe
  C:\Windows\System\EjcNGTJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QaIPRFx.exe
  C:\Windows\System\QaIPRFx.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\Ambiqpc.exe
  C:\Windows\System\Ambiqpc.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\cwUAbGa.exe
  C:\Windows\System\cwUAbGa.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\RTfnsnd.exe
  C:\Windows\System\RTfnsnd.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\tiyzzcd.exe
  C:\Windows\System\tiyzzcd.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\tdGZMCz.exe
  C:\Windows\System\tdGZMCz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\nvJMBEb.exe
  C:\Windows\System\nvJMBEb.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\SlJiEsy.exe
  C:\Windows\System\SlJiEsy.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\XcYaASF.exe
  C:\Windows\System\XcYaASF.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\kpFZxGo.exe
  C:\Windows\System\kpFZxGo.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\SgjucYk.exe
  C:\Windows\System\SgjucYk.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\IqwcEUX.exe
  C:\Windows\System\IqwcEUX.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\kXglDcO.exe
  C:\Windows\System\kXglDcO.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\CjCkINb.exe
  C:\Windows\System\CjCkINb.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\oSmPBBn.exe
  C:\Windows\System\oSmPBBn.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\MzuQktZ.exe
  C:\Windows\System\MzuQktZ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ZNRXQLX.exe
  C:\Windows\System\ZNRXQLX.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\SkSOXOx.exe
  C:\Windows\System\SkSOXOx.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\icAgFYh.exe
  C:\Windows\System\icAgFYh.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\dMUMxOu.exe
  C:\Windows\System\dMUMxOu.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\tPmWsqz.exe
  C:\Windows\System\tPmWsqz.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\IcvbEMl.exe
  C:\Windows\System\IcvbEMl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\wcCvDZS.exe
  C:\Windows\System\wcCvDZS.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\FDQGapd.exe
  C:\Windows\System\FDQGapd.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\OmPiKQN.exe
  C:\Windows\System\OmPiKQN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\DIdFkWp.exe
  C:\Windows\System\DIdFkWp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\kxUemgC.exe
  C:\Windows\System\kxUemgC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\EBAtsku.exe
  C:\Windows\System\EBAtsku.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\TAgiIMP.exe
  C:\Windows\System\TAgiIMP.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\RELEVUs.exe
  C:\Windows\System\RELEVUs.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\YTMGrfN.exe
  C:\Windows\System\YTMGrfN.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\JHmvuOE.exe
  C:\Windows\System\JHmvuOE.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\DocUUac.exe
  C:\Windows\System\DocUUac.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\oyRSRJu.exe
  C:\Windows\System\oyRSRJu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\XBYkYqC.exe
  C:\Windows\System\XBYkYqC.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\EPeyBrm.exe
  C:\Windows\System\EPeyBrm.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\EKMrehh.exe
  C:\Windows\System\EKMrehh.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\YsErDDp.exe
  C:\Windows\System\YsErDDp.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ejGVdHB.exe
  C:\Windows\System\ejGVdHB.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\cMcehbr.exe
  C:\Windows\System\cMcehbr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\OzdtxaM.exe
  C:\Windows\System\OzdtxaM.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\PkObnBj.exe
  C:\Windows\System\PkObnBj.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\QAVPbdb.exe
  C:\Windows\System\QAVPbdb.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\BKlcxat.exe
  C:\Windows\System\BKlcxat.exe
  2⤵
  PID:1908
- C:\Windows\System\nByoOpH.exe
  C:\Windows\System\nByoOpH.exe
  2⤵
  PID:2812
- C:\Windows\System\hARWOse.exe
  C:\Windows\System\hARWOse.exe
  2⤵
  PID:2892
- C:\Windows\System\hzrNCQe.exe
  C:\Windows\System\hzrNCQe.exe
  2⤵
  PID:2964
- C:\Windows\System\dHqnLBq.exe
  C:\Windows\System\dHqnLBq.exe
  2⤵
  PID:888
- C:\Windows\System\FnKOvLd.exe
  C:\Windows\System\FnKOvLd.exe
  2⤵
  PID:2044
- C:\Windows\System\ibMlRdg.exe
  C:\Windows\System\ibMlRdg.exe
  2⤵
  PID:1576
- C:\Windows\System\kBQJTfT.exe
  C:\Windows\System\kBQJTfT.exe
  2⤵
  PID:780
- C:\Windows\System\PMCvFFs.exe
  C:\Windows\System\PMCvFFs.exe
  2⤵
  PID:2888
- C:\Windows\System\elcwuIE.exe
  C:\Windows\System\elcwuIE.exe
  2⤵
  PID:2136
- C:\Windows\System\lcDXrcm.exe
  C:\Windows\System\lcDXrcm.exe
  2⤵
  PID:2420
- C:\Windows\System\pTphkkm.exe
  C:\Windows\System\pTphkkm.exe
  2⤵
  PID:692
- C:\Windows\System\FRxUTkd.exe
  C:\Windows\System\FRxUTkd.exe
  2⤵
  PID:400
- C:\Windows\System\ujRWUZW.exe
  C:\Windows\System\ujRWUZW.exe
  2⤵
  PID:1664
- C:\Windows\System\VYIHAVM.exe
  C:\Windows\System\VYIHAVM.exe
  2⤵
  PID:2944
- C:\Windows\System\IfJsmti.exe
  C:\Windows\System\IfJsmti.exe
  2⤵
  PID:1056
- C:\Windows\System\EliQTWa.exe
  C:\Windows\System\EliQTWa.exe
  2⤵
  PID:620
- C:\Windows\System\oiBmwqz.exe
  C:\Windows\System\oiBmwqz.exe
  2⤵
  PID:1764
- C:\Windows\System\mAVgFRU.exe
  C:\Windows\System\mAVgFRU.exe
  2⤵
  PID:1812
- C:\Windows\System\MPDwCbs.exe
  C:\Windows\System\MPDwCbs.exe
  2⤵
  PID:2060
- C:\Windows\System\sHwTOpp.exe
  C:\Windows\System\sHwTOpp.exe
  2⤵
  PID:2080
- C:\Windows\System\VTOrRpE.exe
  C:\Windows\System\VTOrRpE.exe
  2⤵
  PID:2956
- C:\Windows\System\EZFLdek.exe
  C:\Windows\System\EZFLdek.exe
  2⤵
  PID:1480
- C:\Windows\System\KFKcSWU.exe
  C:\Windows\System\KFKcSWU.exe
  2⤵
  PID:2312
- C:\Windows\System\HYMlRde.exe
  C:\Windows\System\HYMlRde.exe
  2⤵
  PID:2924
- C:\Windows\System\VvrKjVJ.exe
  C:\Windows\System\VvrKjVJ.exe
  2⤵
  PID:1976
- C:\Windows\System\VoFzhNk.exe
  C:\Windows\System\VoFzhNk.exe
  2⤵
  PID:2772
- C:\Windows\System\YmNLPyS.exe
  C:\Windows\System\YmNLPyS.exe
  2⤵
  PID:2828
- C:\Windows\System\lhMcrkS.exe
  C:\Windows\System\lhMcrkS.exe
  2⤵
  PID:2516
- C:\Windows\System\ejZfptF.exe
  C:\Windows\System\ejZfptF.exe
  2⤵
  PID:2532
- C:\Windows\System\HNKURbh.exe
  C:\Windows\System\HNKURbh.exe
  2⤵
  PID:2608
- C:\Windows\System\xehugMD.exe
  C:\Windows\System\xehugMD.exe
  2⤵
  PID:2972
- C:\Windows\System\oXJPHIt.exe
  C:\Windows\System\oXJPHIt.exe
  2⤵
  PID:2368
- C:\Windows\System\qWCskeR.exe
  C:\Windows\System\qWCskeR.exe
  2⤵
  PID:596
- C:\Windows\System\gfLtLbq.exe
  C:\Windows\System\gfLtLbq.exe
  2⤵
  PID:2084
- C:\Windows\System\MYfKWrH.exe
  C:\Windows\System\MYfKWrH.exe
  2⤵
  PID:2180
- C:\Windows\System\dUndhUo.exe
  C:\Windows\System\dUndhUo.exe
  2⤵
  PID:1716
- C:\Windows\System\jxKZYtl.exe
  C:\Windows\System\jxKZYtl.exe
  2⤵
  PID:1256
- C:\Windows\System\vNYrfDs.exe
  C:\Windows\System\vNYrfDs.exe
  2⤵
  PID:2212
- C:\Windows\System\vLwICPf.exe
  C:\Windows\System\vLwICPf.exe
  2⤵
  PID:1792
- C:\Windows\System\ggNPzQK.exe
  C:\Windows\System\ggNPzQK.exe
  2⤵
  PID:956
- C:\Windows\System\tjGFnvs.exe
  C:\Windows\System\tjGFnvs.exe
  2⤵
  PID:1692
- C:\Windows\System\QaJikvj.exe
  C:\Windows\System\QaJikvj.exe
  2⤵
  PID:712
- C:\Windows\System\izryqOI.exe
  C:\Windows\System\izryqOI.exe
  2⤵
  PID:1500
- C:\Windows\System\MepXDja.exe
  C:\Windows\System\MepXDja.exe
  2⤵
  PID:2716
- C:\Windows\System\CPvvXev.exe
  C:\Windows\System\CPvvXev.exe
  2⤵
  PID:3080
- C:\Windows\System\CNqaPpk.exe
  C:\Windows\System\CNqaPpk.exe
  2⤵
  PID:3100
- C:\Windows\System\FcCwGik.exe
  C:\Windows\System\FcCwGik.exe
  2⤵
  PID:3120
- C:\Windows\System\jaXVtxv.exe
  C:\Windows\System\jaXVtxv.exe
  2⤵
  PID:3140
- C:\Windows\System\ngyPZOv.exe
  C:\Windows\System\ngyPZOv.exe
  2⤵
  PID:3156
- C:\Windows\System\iaxZyIM.exe
  C:\Windows\System\iaxZyIM.exe
  2⤵
  PID:3180
- C:\Windows\System\JrorHwb.exe
  C:\Windows\System\JrorHwb.exe
  2⤵
  PID:3196
- C:\Windows\System\XDlZCpQ.exe
  C:\Windows\System\XDlZCpQ.exe
  2⤵
  PID:3216
- C:\Windows\System\gXWrxIF.exe
  C:\Windows\System\gXWrxIF.exe
  2⤵
  PID:3240
- C:\Windows\System\mDBUDji.exe
  C:\Windows\System\mDBUDji.exe
  2⤵
  PID:3256
- C:\Windows\System\BMnZQyf.exe
  C:\Windows\System\BMnZQyf.exe
  2⤵
  PID:3276
- C:\Windows\System\zHCHxGm.exe
  C:\Windows\System\zHCHxGm.exe
  2⤵
  PID:3292
- C:\Windows\System\qXIIKAy.exe
  C:\Windows\System\qXIIKAy.exe
  2⤵
  PID:3312
- C:\Windows\System\TISUQHy.exe
  C:\Windows\System\TISUQHy.exe
  2⤵
  PID:3336
- C:\Windows\System\IJlmHlz.exe
  C:\Windows\System\IJlmHlz.exe
  2⤵
  PID:3356
- C:\Windows\System\AfApqXx.exe
  C:\Windows\System\AfApqXx.exe
  2⤵
  PID:3380
- C:\Windows\System\eMrkwxm.exe
  C:\Windows\System\eMrkwxm.exe
  2⤵
  PID:3396
- C:\Windows\System\cdzxEwN.exe
  C:\Windows\System\cdzxEwN.exe
  2⤵
  PID:3412
- C:\Windows\System\VKuuKuD.exe
  C:\Windows\System\VKuuKuD.exe
  2⤵
  PID:3436
- C:\Windows\System\tIWbNGQ.exe
  C:\Windows\System\tIWbNGQ.exe
  2⤵
  PID:3452
- C:\Windows\System\CuJNdqc.exe
  C:\Windows\System\CuJNdqc.exe
  2⤵
  PID:3480
- C:\Windows\System\QOjVihg.exe
  C:\Windows\System\QOjVihg.exe
  2⤵
  PID:3500
- C:\Windows\System\dLgHbBL.exe
  C:\Windows\System\dLgHbBL.exe
  2⤵
  PID:3520
- C:\Windows\System\hQtrgOZ.exe
  C:\Windows\System\hQtrgOZ.exe
  2⤵
  PID:3536
- C:\Windows\System\XozJgbn.exe
  C:\Windows\System\XozJgbn.exe
  2⤵
  PID:3560
- C:\Windows\System\SMAHbSW.exe
  C:\Windows\System\SMAHbSW.exe
  2⤵
  PID:3576
- C:\Windows\System\lysdKlr.exe
  C:\Windows\System\lysdKlr.exe
  2⤵
  PID:3600
- C:\Windows\System\YHebNXz.exe
  C:\Windows\System\YHebNXz.exe
  2⤵
  PID:3616
- C:\Windows\System\BpXiIee.exe
  C:\Windows\System\BpXiIee.exe
  2⤵
  PID:3640
- C:\Windows\System\vvHUvAo.exe
  C:\Windows\System\vvHUvAo.exe
  2⤵
  PID:3656
- C:\Windows\System\dcAKOVX.exe
  C:\Windows\System\dcAKOVX.exe
  2⤵
  PID:3680
- C:\Windows\System\sejSuCz.exe
  C:\Windows\System\sejSuCz.exe
  2⤵
  PID:3696
- C:\Windows\System\YjLxrzP.exe
  C:\Windows\System\YjLxrzP.exe
  2⤵
  PID:3720
- C:\Windows\System\XfVcdnY.exe
  C:\Windows\System\XfVcdnY.exe
  2⤵
  PID:3740
- C:\Windows\System\juTqxMc.exe
  C:\Windows\System\juTqxMc.exe
  2⤵
  PID:3756
- C:\Windows\System\SwVHwxJ.exe
  C:\Windows\System\SwVHwxJ.exe
  2⤵
  PID:3776
- C:\Windows\System\YnHnSUm.exe
  C:\Windows\System\YnHnSUm.exe
  2⤵
  PID:3796
- C:\Windows\System\sJQCLde.exe
  C:\Windows\System\sJQCLde.exe
  2⤵
  PID:3812
- C:\Windows\System\wgrFrqD.exe
  C:\Windows\System\wgrFrqD.exe
  2⤵
  PID:3836
- C:\Windows\System\sMaEVhR.exe
  C:\Windows\System\sMaEVhR.exe
  2⤵
  PID:3856
- C:\Windows\System\qAYWnRW.exe
  C:\Windows\System\qAYWnRW.exe
  2⤵
  PID:3880
- C:\Windows\System\HtDvWID.exe
  C:\Windows\System\HtDvWID.exe
  2⤵
  PID:3896
- C:\Windows\System\ZymedFG.exe
  C:\Windows\System\ZymedFG.exe
  2⤵
  PID:3920
- C:\Windows\System\MUyDkJV.exe
  C:\Windows\System\MUyDkJV.exe
  2⤵
  PID:3940
- C:\Windows\System\PdTyTFa.exe
  C:\Windows\System\PdTyTFa.exe
  2⤵
  PID:3960
- C:\Windows\System\mEajGeJ.exe
  C:\Windows\System\mEajGeJ.exe
  2⤵
  PID:3984
- C:\Windows\System\zQCybAT.exe
  C:\Windows\System\zQCybAT.exe
  2⤵
  PID:4004
- C:\Windows\System\JChbynT.exe
  C:\Windows\System\JChbynT.exe
  2⤵
  PID:4024
- C:\Windows\System\jopLPQm.exe
  C:\Windows\System\jopLPQm.exe
  2⤵
  PID:4044
- C:\Windows\System\EXMCPVg.exe
  C:\Windows\System\EXMCPVg.exe
  2⤵
  PID:4060
- C:\Windows\System\lklcWrz.exe
  C:\Windows\System\lklcWrz.exe
  2⤵
  PID:4080
- C:\Windows\System\wvfuvud.exe
  C:\Windows\System\wvfuvud.exe
  2⤵
  PID:1600
- C:\Windows\System\ZSWhtGv.exe
  C:\Windows\System\ZSWhtGv.exe
  2⤵
  PID:2632
- C:\Windows\System\fcdBZvi.exe
  C:\Windows\System\fcdBZvi.exe
  2⤵
  PID:2936
- C:\Windows\System\TwBPUCa.exe
  C:\Windows\System\TwBPUCa.exe
  2⤵
  PID:1264
- C:\Windows\System\MaJIVin.exe
  C:\Windows\System\MaJIVin.exe
  2⤵
  PID:3016
- C:\Windows\System\QfrAEUU.exe
  C:\Windows\System\QfrAEUU.exe
  2⤵
  PID:2696
- C:\Windows\System\AwTzDoh.exe
  C:\Windows\System\AwTzDoh.exe
  2⤵
  PID:1016
- C:\Windows\System\JnRlaBy.exe
  C:\Windows\System\JnRlaBy.exe
  2⤵
  PID:1880
- C:\Windows\System\HOPhpuc.exe
  C:\Windows\System\HOPhpuc.exe
  2⤵
  PID:2260
- C:\Windows\System\TksJZOu.exe
  C:\Windows\System\TksJZOu.exe
  2⤵
  PID:1252
- C:\Windows\System\lhwyvzR.exe
  C:\Windows\System\lhwyvzR.exe
  2⤵
  PID:924
- C:\Windows\System\oXgQKTH.exe
  C:\Windows\System\oXgQKTH.exe
  2⤵
  PID:1720
- C:\Windows\System\wxjJYFa.exe
  C:\Windows\System\wxjJYFa.exe
  2⤵
  PID:2152
- C:\Windows\System\lvwcxAW.exe
  C:\Windows\System\lvwcxAW.exe
  2⤵
  PID:1644
- C:\Windows\System\QVCMYpA.exe
  C:\Windows\System\QVCMYpA.exe
  2⤵
  PID:3096
- C:\Windows\System\fADcluT.exe
  C:\Windows\System\fADcluT.exe
  2⤵
  PID:3128
- C:\Windows\System\ZOZECWb.exe
  C:\Windows\System\ZOZECWb.exe
  2⤵
  PID:3172
- C:\Windows\System\fUVipPM.exe
  C:\Windows\System\fUVipPM.exe
  2⤵
  PID:3224
- C:\Windows\System\dZsQuLP.exe
  C:\Windows\System\dZsQuLP.exe
  2⤵
  PID:3264
- C:\Windows\System\kFcYElL.exe
  C:\Windows\System\kFcYElL.exe
  2⤵
  PID:3212
- C:\Windows\System\fsiMFmE.exe
  C:\Windows\System\fsiMFmE.exe
  2⤵
  PID:3284
- C:\Windows\System\oZQKvfQ.exe
  C:\Windows\System\oZQKvfQ.exe
  2⤵
  PID:3324
- C:\Windows\System\nrJGiFL.exe
  C:\Windows\System\nrJGiFL.exe
  2⤵
  PID:3348
- C:\Windows\System\sDwzAUj.exe
  C:\Windows\System\sDwzAUj.exe
  2⤵
  PID:3388
- C:\Windows\System\mGtamNM.exe
  C:\Windows\System\mGtamNM.exe
  2⤵
  PID:3424
- C:\Windows\System\qdmbBRC.exe
  C:\Windows\System\qdmbBRC.exe
  2⤵
  PID:3408
- C:\Windows\System\WYJTgNn.exe
  C:\Windows\System\WYJTgNn.exe
  2⤵
  PID:3464
- C:\Windows\System\VjUWRbH.exe
  C:\Windows\System\VjUWRbH.exe
  2⤵
  PID:3488
- C:\Windows\System\RvuFypn.exe
  C:\Windows\System\RvuFypn.exe
  2⤵
  PID:3492
- C:\Windows\System\RhSuttT.exe
  C:\Windows\System\RhSuttT.exe
  2⤵
  PID:3552
- C:\Windows\System\VAVnyIN.exe
  C:\Windows\System\VAVnyIN.exe
  2⤵
  PID:3568
- C:\Windows\System\fFZOEme.exe
  C:\Windows\System\fFZOEme.exe
  2⤵
  PID:3608
- C:\Windows\System\kZDpiBN.exe
  C:\Windows\System\kZDpiBN.exe
  2⤵
  PID:3676
- C:\Windows\System\xAqKPiQ.exe
  C:\Windows\System\xAqKPiQ.exe
  2⤵
  PID:3716
- C:\Windows\System\jFiBKdN.exe
  C:\Windows\System\jFiBKdN.exe
  2⤵
  PID:3652
- C:\Windows\System\nVlICjX.exe
  C:\Windows\System\nVlICjX.exe
  2⤵
  PID:3732
- C:\Windows\System\OOPoIhw.exe
  C:\Windows\System\OOPoIhw.exe
  2⤵
  PID:3764
- C:\Windows\System\HIIDdQw.exe
  C:\Windows\System\HIIDdQw.exe
  2⤵
  PID:3772
- C:\Windows\System\suYhKze.exe
  C:\Windows\System\suYhKze.exe
  2⤵
  PID:3804
- C:\Windows\System\sszfjqb.exe
  C:\Windows\System\sszfjqb.exe
  2⤵
  PID:3872
- C:\Windows\System\wldrzhg.exe
  C:\Windows\System\wldrzhg.exe
  2⤵
  PID:3888
- C:\Windows\System\SysVqvI.exe
  C:\Windows\System\SysVqvI.exe
  2⤵
  PID:3916
- C:\Windows\System\XOyMyyy.exe
  C:\Windows\System\XOyMyyy.exe
  2⤵
  PID:3992
- C:\Windows\System\YIjmtbZ.exe
  C:\Windows\System\YIjmtbZ.exe
  2⤵
  PID:3972
- C:\Windows\System\wTThIvq.exe
  C:\Windows\System\wTThIvq.exe
  2⤵
  PID:4016
- C:\Windows\System\dqRrgCi.exe
  C:\Windows\System\dqRrgCi.exe
  2⤵
  PID:4072
- C:\Windows\System\lglRSld.exe
  C:\Windows\System\lglRSld.exe
  2⤵
  PID:2640
- C:\Windows\System\EuaJYhP.exe
  C:\Windows\System\EuaJYhP.exe
  2⤵
  PID:2112
- C:\Windows\System\MkPPXlR.exe
  C:\Windows\System\MkPPXlR.exe
  2⤵
  PID:1864
- C:\Windows\System\VhwiEIN.exe
  C:\Windows\System\VhwiEIN.exe
  2⤵
  PID:2196
- C:\Windows\System\nCVhxnE.exe
  C:\Windows\System\nCVhxnE.exe
  2⤵
  PID:2344
- C:\Windows\System\kkDtNFM.exe
  C:\Windows\System\kkDtNFM.exe
  2⤵
  PID:3152
- C:\Windows\System\eBeyQEJ.exe
  C:\Windows\System\eBeyQEJ.exe
  2⤵
  PID:2144
- C:\Windows\System\NnyRWya.exe
  C:\Windows\System\NnyRWya.exe
  2⤵
  PID:1752
- C:\Windows\System\aZZvnCX.exe
  C:\Windows\System\aZZvnCX.exe
  2⤵
  PID:3268
- C:\Windows\System\IQcVOXd.exe
  C:\Windows\System\IQcVOXd.exe
  2⤵
  PID:3344
- C:\Windows\System\kmMFHca.exe
  C:\Windows\System\kmMFHca.exe
  2⤵
  PID:2712
- C:\Windows\System\BrQjVfq.exe
  C:\Windows\System\BrQjVfq.exe
  2⤵
  PID:3556
- C:\Windows\System\ksJxNyC.exe
  C:\Windows\System\ksJxNyC.exe
  2⤵
  PID:1000
- C:\Windows\System\yRTcMrW.exe
  C:\Windows\System\yRTcMrW.exe
  2⤵
  PID:3132
- C:\Windows\System\DsAUrkP.exe
  C:\Windows\System\DsAUrkP.exe
  2⤵
  PID:3428
- C:\Windows\System\ooNjWwt.exe
  C:\Windows\System\ooNjWwt.exe
  2⤵
  PID:3588
- C:\Windows\System\MYBYOvB.exe
  C:\Windows\System\MYBYOvB.exe
  2⤵
  PID:3848
- C:\Windows\System\xPLIfce.exe
  C:\Windows\System\xPLIfce.exe
  2⤵
  PID:3936
- C:\Windows\System\CaEkpEw.exe
  C:\Windows\System\CaEkpEw.exe
  2⤵
  PID:2940
- C:\Windows\System\CmQsEVy.exe
  C:\Windows\System\CmQsEVy.exe
  2⤵
  PID:4088
- C:\Windows\System\URpWyCi.exe
  C:\Windows\System\URpWyCi.exe
  2⤵
  PID:3628
- C:\Windows\System\xsuZgGi.exe
  C:\Windows\System\xsuZgGi.exe
  2⤵
  PID:4032
- C:\Windows\System\sVWsovG.exe
  C:\Windows\System\sVWsovG.exe
  2⤵
  PID:3832
- C:\Windows\System\ULwprXe.exe
  C:\Windows\System\ULwprXe.exe
  2⤵
  PID:3664
- C:\Windows\System\JaVyZlR.exe
  C:\Windows\System\JaVyZlR.exe
  2⤵
  PID:3496
- C:\Windows\System\kPBYhJE.exe
  C:\Windows\System\kPBYhJE.exe
  2⤵
  PID:3304
- C:\Windows\System\BDtmdpP.exe
  C:\Windows\System\BDtmdpP.exe
  2⤵
  PID:3996
- C:\Windows\System\KZDzHUz.exe
  C:\Windows\System\KZDzHUz.exe
  2⤵
  PID:2748
- C:\Windows\System\cdpImTv.exe
  C:\Windows\System\cdpImTv.exe
  2⤵
  PID:3248
- C:\Windows\System\FnRibZd.exe
  C:\Windows\System\FnRibZd.exe
  2⤵
  PID:4056
- C:\Windows\System\phgenhW.exe
  C:\Windows\System\phgenhW.exe
  2⤵
  PID:3468
- C:\Windows\System\sNowdoc.exe
  C:\Windows\System\sNowdoc.exe
  2⤵
  PID:3928
- C:\Windows\System\RgzUWeX.exe
  C:\Windows\System\RgzUWeX.exe
  2⤵
  PID:4108
- C:\Windows\System\GgJaXtJ.exe
  C:\Windows\System\GgJaXtJ.exe
  2⤵
  PID:4124
- C:\Windows\System\vcjQVZU.exe
  C:\Windows\System\vcjQVZU.exe
  2⤵
  PID:4156
- C:\Windows\System\tEDmoXF.exe
  C:\Windows\System\tEDmoXF.exe
  2⤵
  PID:4176
- C:\Windows\System\UQGZNAz.exe
  C:\Windows\System\UQGZNAz.exe
  2⤵
  PID:4196
- C:\Windows\System\rzBwTTV.exe
  C:\Windows\System\rzBwTTV.exe
  2⤵
  PID:4212
- C:\Windows\System\batFTGk.exe
  C:\Windows\System\batFTGk.exe
  2⤵
  PID:4232
- C:\Windows\System\LuiNWPV.exe
  C:\Windows\System\LuiNWPV.exe
  2⤵
  PID:4256
- C:\Windows\System\PKmYBIb.exe
  C:\Windows\System\PKmYBIb.exe
  2⤵
  PID:4276
- C:\Windows\System\NQrDXZr.exe
  C:\Windows\System\NQrDXZr.exe
  2⤵
  PID:4296
- C:\Windows\System\TkNqkRJ.exe
  C:\Windows\System\TkNqkRJ.exe
  2⤵
  PID:4316
- C:\Windows\System\PbHDvQT.exe
  C:\Windows\System\PbHDvQT.exe
  2⤵
  PID:4332
- C:\Windows\System\DNTQDbo.exe
  C:\Windows\System\DNTQDbo.exe
  2⤵
  PID:4352
- C:\Windows\System\GrcGAWp.exe
  C:\Windows\System\GrcGAWp.exe
  2⤵
  PID:4372
- C:\Windows\System\DDWqxBe.exe
  C:\Windows\System\DDWqxBe.exe
  2⤵
  PID:4396
- C:\Windows\System\bQwAnFF.exe
  C:\Windows\System\bQwAnFF.exe
  2⤵
  PID:4420
- C:\Windows\System\ZnORthA.exe
  C:\Windows\System\ZnORthA.exe
  2⤵
  PID:4440
- C:\Windows\System\zoiEJpm.exe
  C:\Windows\System\zoiEJpm.exe
  2⤵
  PID:4456
- C:\Windows\System\uVBbMio.exe
  C:\Windows\System\uVBbMio.exe
  2⤵
  PID:4476
- C:\Windows\System\OnNOcQF.exe
  C:\Windows\System\OnNOcQF.exe
  2⤵
  PID:4492
- C:\Windows\System\ERAXVPD.exe
  C:\Windows\System\ERAXVPD.exe
  2⤵
  PID:4508
- C:\Windows\System\NBThWtg.exe
  C:\Windows\System\NBThWtg.exe
  2⤵
  PID:4528
- C:\Windows\System\tdrkfvf.exe
  C:\Windows\System\tdrkfvf.exe
  2⤵
  PID:4556
- C:\Windows\System\niBYkay.exe
  C:\Windows\System\niBYkay.exe
  2⤵
  PID:4580
- C:\Windows\System\CAtDCFN.exe
  C:\Windows\System\CAtDCFN.exe
  2⤵
  PID:4596
- C:\Windows\System\rarHAuc.exe
  C:\Windows\System\rarHAuc.exe
  2⤵
  PID:4616
- C:\Windows\System\YFNGpdm.exe
  C:\Windows\System\YFNGpdm.exe
  2⤵
  PID:4636
- C:\Windows\System\LIHqTel.exe
  C:\Windows\System\LIHqTel.exe
  2⤵
  PID:4656
- C:\Windows\System\saCUozs.exe
  C:\Windows\System\saCUozs.exe
  2⤵
  PID:4676
- C:\Windows\System\GXWuUpy.exe
  C:\Windows\System\GXWuUpy.exe
  2⤵
  PID:4696
- C:\Windows\System\tKMHlyk.exe
  C:\Windows\System\tKMHlyk.exe
  2⤵
  PID:4716
- C:\Windows\System\lQcVqdr.exe
  C:\Windows\System\lQcVqdr.exe
  2⤵
  PID:4736
- C:\Windows\System\CIuqxIx.exe
  C:\Windows\System\CIuqxIx.exe
  2⤵
  PID:4760
- C:\Windows\System\JrABWCq.exe
  C:\Windows\System\JrABWCq.exe
  2⤵
  PID:4780
- C:\Windows\System\RsZWCKU.exe
  C:\Windows\System\RsZWCKU.exe
  2⤵
  PID:4800
- C:\Windows\System\XonrxTw.exe
  C:\Windows\System\XonrxTw.exe
  2⤵
  PID:4820
- C:\Windows\System\sMQnBAC.exe
  C:\Windows\System\sMQnBAC.exe
  2⤵
  PID:4840
- C:\Windows\System\KGUpUVH.exe
  C:\Windows\System\KGUpUVH.exe
  2⤵
  PID:4856
- C:\Windows\System\NzohaZt.exe
  C:\Windows\System\NzohaZt.exe
  2⤵
  PID:4880
- C:\Windows\System\IFInOIk.exe
  C:\Windows\System\IFInOIk.exe
  2⤵
  PID:4896
- C:\Windows\System\fvzadOO.exe
  C:\Windows\System\fvzadOO.exe
  2⤵
  PID:4912
- C:\Windows\System\NmcyCnb.exe
  C:\Windows\System\NmcyCnb.exe
  2⤵
  PID:4932
- C:\Windows\System\XPlaMdV.exe
  C:\Windows\System\XPlaMdV.exe
  2⤵
  PID:4948
- C:\Windows\System\lhvznwn.exe
  C:\Windows\System\lhvznwn.exe
  2⤵
  PID:4968
- C:\Windows\System\nRqwYoT.exe
  C:\Windows\System\nRqwYoT.exe
  2⤵
  PID:4988
- C:\Windows\System\IZdOSav.exe
  C:\Windows\System\IZdOSav.exe
  2⤵
  PID:5008
- C:\Windows\System\OiZjowQ.exe
  C:\Windows\System\OiZjowQ.exe
  2⤵
  PID:5028
- C:\Windows\System\jKOPWJX.exe
  C:\Windows\System\jKOPWJX.exe
  2⤵
  PID:5056
- C:\Windows\System\QYPCiaB.exe
  C:\Windows\System\QYPCiaB.exe
  2⤵
  PID:5076
- C:\Windows\System\DTfpcgO.exe
  C:\Windows\System\DTfpcgO.exe
  2⤵
  PID:5092
- C:\Windows\System\YHSaPXM.exe
  C:\Windows\System\YHSaPXM.exe
  2⤵
  PID:5112
- C:\Windows\System\zrtIXKl.exe
  C:\Windows\System\zrtIXKl.exe
  2⤵
  PID:3236
- C:\Windows\System\VHExeMe.exe
  C:\Windows\System\VHExeMe.exe
  2⤵
  PID:3532
- C:\Windows\System\KegOUKl.exe
  C:\Windows\System\KegOUKl.exe
  2⤵
  PID:3784
- C:\Windows\System\lcNafKx.exe
  C:\Windows\System\lcNafKx.exe
  2⤵
  PID:3748
- C:\Windows\System\EvGXuTd.exe
  C:\Windows\System\EvGXuTd.exe
  2⤵
  PID:3828
- C:\Windows\System\kbreDsq.exe
  C:\Windows\System\kbreDsq.exe
  2⤵
  PID:4068
- C:\Windows\System\RTKobcD.exe
  C:\Windows\System\RTKobcD.exe
  2⤵
  PID:3332
- C:\Windows\System\eXunucZ.exe
  C:\Windows\System\eXunucZ.exe
  2⤵
  PID:3352
- C:\Windows\System\lvFfPVN.exe
  C:\Windows\System\lvFfPVN.exe
  2⤵
  PID:3476
- C:\Windows\System\jdtQjdp.exe
  C:\Windows\System\jdtQjdp.exe
  2⤵
  PID:3088
- C:\Windows\System\MdiYRXE.exe
  C:\Windows\System\MdiYRXE.exe
  2⤵
  PID:4204
- C:\Windows\System\TZfkygb.exe
  C:\Windows\System\TZfkygb.exe
  2⤵
  PID:4248
- C:\Windows\System\xOtfdvJ.exe
  C:\Windows\System\xOtfdvJ.exe
  2⤵
  PID:4148
- C:\Windows\System\SxzRJDU.exe
  C:\Windows\System\SxzRJDU.exe
  2⤵
  PID:4224
- C:\Windows\System\GFSSkTs.exe
  C:\Windows\System\GFSSkTs.exe
  2⤵
  PID:4288
- C:\Windows\System\YYSiZEQ.exe
  C:\Windows\System\YYSiZEQ.exe
  2⤵
  PID:4360
- C:\Windows\System\HhvPzdG.exe
  C:\Windows\System\HhvPzdG.exe
  2⤵
  PID:4340
- C:\Windows\System\ZhbzrtT.exe
  C:\Windows\System\ZhbzrtT.exe
  2⤵
  PID:4304
- C:\Windows\System\ROVULJF.exe
  C:\Windows\System\ROVULJF.exe
  2⤵
  PID:4392
- C:\Windows\System\gEjzgBp.exe
  C:\Windows\System\gEjzgBp.exe
  2⤵
  PID:4452
- C:\Windows\System\dNsbXTQ.exe
  C:\Windows\System\dNsbXTQ.exe
  2⤵
  PID:4428
- C:\Windows\System\yHOZGfd.exe
  C:\Windows\System\yHOZGfd.exe
  2⤵
  PID:4500
- C:\Windows\System\WwglRJo.exe
  C:\Windows\System\WwglRJo.exe
  2⤵
  PID:4564
- C:\Windows\System\sMFdrmT.exe
  C:\Windows\System\sMFdrmT.exe
  2⤵
  PID:4568
- C:\Windows\System\CKhdUzA.exe
  C:\Windows\System\CKhdUzA.exe
  2⤵
  PID:4604
- C:\Windows\System\cqAqxGN.exe
  C:\Windows\System\cqAqxGN.exe
  2⤵
  PID:4588
- C:\Windows\System\mizyRWp.exe
  C:\Windows\System\mizyRWp.exe
  2⤵
  PID:4652
- C:\Windows\System\HTJOUJU.exe
  C:\Windows\System\HTJOUJU.exe
  2⤵
  PID:4592
- C:\Windows\System\QRTxJOq.exe
  C:\Windows\System\QRTxJOq.exe
  2⤵
  PID:4668
- C:\Windows\System\tcoaKyk.exe
  C:\Windows\System\tcoaKyk.exe
  2⤵
  PID:4732
- C:\Windows\System\LkCUdOW.exe
  C:\Windows\System\LkCUdOW.exe
  2⤵
  PID:4744
- C:\Windows\System\ADOVjHe.exe
  C:\Windows\System\ADOVjHe.exe
  2⤵
  PID:4808
- C:\Windows\System\YSPLNhC.exe
  C:\Windows\System\YSPLNhC.exe
  2⤵
  PID:4920
- C:\Windows\System\exHvSoR.exe
  C:\Windows\System\exHvSoR.exe
  2⤵
  PID:4928
- C:\Windows\System\udcCjnE.exe
  C:\Windows\System\udcCjnE.exe
  2⤵
  PID:4964
- C:\Windows\System\lNMEtrz.exe
  C:\Windows\System\lNMEtrz.exe
  2⤵
  PID:4996
- C:\Windows\System\abzxUEn.exe
  C:\Windows\System\abzxUEn.exe
  2⤵
  PID:4984
- C:\Windows\System\LQhUUMN.exe
  C:\Windows\System\LQhUUMN.exe
  2⤵
  PID:5048
- C:\Windows\System\MZOgAow.exe
  C:\Windows\System\MZOgAow.exe
  2⤵
  PID:4940
- C:\Windows\System\awxxpoj.exe
  C:\Windows\System\awxxpoj.exe
  2⤵
  PID:4976
- C:\Windows\System\lGkVboz.exe
  C:\Windows\System\lGkVboz.exe
  2⤵
  PID:4052
- C:\Windows\System\CalzROy.exe
  C:\Windows\System\CalzROy.exe
  2⤵
  PID:3420
- C:\Windows\System\bxSFxYR.exe
  C:\Windows\System\bxSFxYR.exe
  2⤵
  PID:3844
- C:\Windows\System\oVcdBsT.exe
  C:\Windows\System\oVcdBsT.exe
  2⤵
  PID:5064
- C:\Windows\System\EYLyFpi.exe
  C:\Windows\System\EYLyFpi.exe
  2⤵
  PID:5108
- C:\Windows\System\mPnqATr.exe
  C:\Windows\System\mPnqATr.exe
  2⤵
  PID:3308
- C:\Windows\System\YAQvDJk.exe
  C:\Windows\System\YAQvDJk.exe
  2⤵
  PID:4172
- C:\Windows\System\qOoNWjR.exe
  C:\Windows\System\qOoNWjR.exe
  2⤵
  PID:4152
- C:\Windows\System\iEgetYH.exe
  C:\Windows\System\iEgetYH.exe
  2⤵
  PID:4020
- C:\Windows\System\pCpepjQ.exe
  C:\Windows\System\pCpepjQ.exe
  2⤵
  PID:4312
- C:\Windows\System\IbhpouI.exe
  C:\Windows\System\IbhpouI.exe
  2⤵
  PID:4104
- C:\Windows\System\lGFjGpy.exe
  C:\Windows\System\lGFjGpy.exe
  2⤵
  PID:4516
- C:\Windows\System\CFvpDzI.exe
  C:\Windows\System\CFvpDzI.exe
  2⤵
  PID:4544
- C:\Windows\System\MLCVJBX.exe
  C:\Windows\System\MLCVJBX.exe
  2⤵
  PID:1876
- C:\Windows\System\UhahCWe.exe
  C:\Windows\System\UhahCWe.exe
  2⤵
  PID:4416
- C:\Windows\System\eWfvuyX.exe
  C:\Windows\System\eWfvuyX.exe
  2⤵
  PID:4448
- C:\Windows\System\iplETQU.exe
  C:\Windows\System\iplETQU.exe
  2⤵
  PID:4648
- C:\Windows\System\bDBdqZV.exe
  C:\Windows\System\bDBdqZV.exe
  2⤵
  PID:4468
- C:\Windows\System\RvOrZOi.exe
  C:\Windows\System\RvOrZOi.exe
  2⤵
  PID:4712
- C:\Windows\System\yhVvsLM.exe
  C:\Windows\System\yhVvsLM.exe
  2⤵
  PID:4752
- C:\Windows\System\KbXLAGD.exe
  C:\Windows\System\KbXLAGD.exe
  2⤵
  PID:4788
- C:\Windows\System\nipXqma.exe
  C:\Windows\System\nipXqma.exe
  2⤵
  PID:4240
- C:\Windows\System\aHJTzyC.exe
  C:\Windows\System\aHJTzyC.exe
  2⤵
  PID:4220
- C:\Windows\System\hmrwjWC.exe
  C:\Windows\System\hmrwjWC.exe
  2⤵
  PID:4792
- C:\Windows\System\OtjCVOB.exe
  C:\Windows\System\OtjCVOB.exe
  2⤵
  PID:4608
- C:\Windows\System\sqBtGoG.exe
  C:\Windows\System\sqBtGoG.exe
  2⤵
  PID:4724
- C:\Windows\System\XypOGDC.exe
  C:\Windows\System\XypOGDC.exe
  2⤵
  PID:4772
- C:\Windows\System\HoOiYjw.exe
  C:\Windows\System\HoOiYjw.exe
  2⤵
  PID:1796
- C:\Windows\System\ypbgysT.exe
  C:\Windows\System\ypbgysT.exe
  2⤵
  PID:4924
- C:\Windows\System\CeqtDre.exe
  C:\Windows\System\CeqtDre.exe
  2⤵
  PID:4876
- C:\Windows\System\WMimBep.exe
  C:\Windows\System\WMimBep.exe
  2⤵
  PID:4944
- C:\Windows\System\WRwoYdR.exe
  C:\Windows\System\WRwoYdR.exe
  2⤵
  PID:5088
- C:\Windows\System\npNIGYb.exe
  C:\Windows\System\npNIGYb.exe
  2⤵
  PID:3704
- C:\Windows\System\oijxkiA.exe
  C:\Windows\System\oijxkiA.exe
  2⤵
  PID:5100
- C:\Windows\System\DWUtxDS.exe
  C:\Windows\System\DWUtxDS.exe
  2⤵
  PID:1964
- C:\Windows\System\qDobjNg.exe
  C:\Windows\System\qDobjNg.exe
  2⤵
  PID:3632
- C:\Windows\System\SaWSnYX.exe
  C:\Windows\System\SaWSnYX.exe
  2⤵
  PID:4388
- C:\Windows\System\dxslexP.exe
  C:\Windows\System\dxslexP.exe
  2⤵
  PID:4244
- C:\Windows\System\LjRnVLv.exe
  C:\Windows\System\LjRnVLv.exe
  2⤵
  PID:1244
- C:\Windows\System\LwsROXq.exe
  C:\Windows\System\LwsROXq.exe
  2⤵
  PID:4036
- C:\Windows\System\HjpLAKD.exe
  C:\Windows\System\HjpLAKD.exe
  2⤵
  PID:4504
- C:\Windows\System\zlNXYvb.exe
  C:\Windows\System\zlNXYvb.exe
  2⤵
  PID:3596
- C:\Windows\System\yACUjIM.exe
  C:\Windows\System\yACUjIM.exe
  2⤵
  PID:4188
- C:\Windows\System\TTSPlCR.exe
  C:\Windows\System\TTSPlCR.exe
  2⤵
  PID:2844
- C:\Windows\System\eOzhAQJ.exe
  C:\Windows\System\eOzhAQJ.exe
  2⤵
  PID:4960
- C:\Windows\System\kHLyZsV.exe
  C:\Windows\System\kHLyZsV.exe
  2⤵
  PID:3148
- C:\Windows\System\lSHdOXA.exe
  C:\Windows\System\lSHdOXA.exe
  2⤵
  PID:3528
- C:\Windows\System\EzFMYQo.exe
  C:\Windows\System\EzFMYQo.exe
  2⤵
  PID:2452
- C:\Windows\System\tOCtMbt.exe
  C:\Windows\System\tOCtMbt.exe
  2⤵
  PID:5148
- C:\Windows\System\DIeNGdu.exe
  C:\Windows\System\DIeNGdu.exe
  2⤵
  PID:5164
- C:\Windows\System\IfiRzPP.exe
  C:\Windows\System\IfiRzPP.exe
  2⤵
  PID:5188
- C:\Windows\System\fdtTpnD.exe
  C:\Windows\System\fdtTpnD.exe
  2⤵
  PID:5212
- C:\Windows\System\ZeyrhMt.exe
  C:\Windows\System\ZeyrhMt.exe
  2⤵
  PID:5228
- C:\Windows\System\LnWjnoX.exe
  C:\Windows\System\LnWjnoX.exe
  2⤵
  PID:5244
- C:\Windows\System\NJXeEiy.exe
  C:\Windows\System\NJXeEiy.exe
  2⤵
  PID:5260
- C:\Windows\System\EoESvwd.exe
  C:\Windows\System\EoESvwd.exe
  2⤵
  PID:5276
- C:\Windows\System\wmaCcQU.exe
  C:\Windows\System\wmaCcQU.exe
  2⤵
  PID:5292
- C:\Windows\System\GilELbb.exe
  C:\Windows\System\GilELbb.exe
  2⤵
  PID:5308
- C:\Windows\System\JLKfJmu.exe
  C:\Windows\System\JLKfJmu.exe
  2⤵
  PID:5324
- C:\Windows\System\BxQHqWK.exe
  C:\Windows\System\BxQHqWK.exe
  2⤵
  PID:5340
- C:\Windows\System\MKoKZrp.exe
  C:\Windows\System\MKoKZrp.exe
  2⤵
  PID:5356
- C:\Windows\System\HGGYqbI.exe
  C:\Windows\System\HGGYqbI.exe
  2⤵
  PID:5372
- C:\Windows\System\idPTydp.exe
  C:\Windows\System\idPTydp.exe
  2⤵
  PID:5388
- C:\Windows\System\UONMtxG.exe
  C:\Windows\System\UONMtxG.exe
  2⤵
  PID:5404
- C:\Windows\System\ZZLpeZZ.exe
  C:\Windows\System\ZZLpeZZ.exe
  2⤵
  PID:5420
- C:\Windows\System\ZUmXZUp.exe
  C:\Windows\System\ZUmXZUp.exe
  2⤵
  PID:5436
- C:\Windows\System\khdFPMh.exe
  C:\Windows\System\khdFPMh.exe
  2⤵
  PID:5452
- C:\Windows\System\IESuItt.exe
  C:\Windows\System\IESuItt.exe
  2⤵
  PID:5468
- C:\Windows\System\qbpbSCn.exe
  C:\Windows\System\qbpbSCn.exe
  2⤵
  PID:5484
- C:\Windows\System\NgjSBYD.exe
  C:\Windows\System\NgjSBYD.exe
  2⤵
  PID:5500
- C:\Windows\System\QGRzTeX.exe
  C:\Windows\System\QGRzTeX.exe
  2⤵
  PID:5516
- C:\Windows\System\xSzTQVE.exe
  C:\Windows\System\xSzTQVE.exe
  2⤵
  PID:5536
- C:\Windows\System\TIzGQUK.exe
  C:\Windows\System\TIzGQUK.exe
  2⤵
  PID:5552
- C:\Windows\System\nhVOoBa.exe
  C:\Windows\System\nhVOoBa.exe
  2⤵
  PID:5568
- C:\Windows\System\MPVQZrg.exe
  C:\Windows\System\MPVQZrg.exe
  2⤵
  PID:5584
- C:\Windows\System\uprdeQa.exe
  C:\Windows\System\uprdeQa.exe
  2⤵
  PID:5600
- C:\Windows\System\mEJDBev.exe
  C:\Windows\System\mEJDBev.exe
  2⤵
  PID:5616
- C:\Windows\System\vncYKKi.exe
  C:\Windows\System\vncYKKi.exe
  2⤵
  PID:5632
- C:\Windows\System\TVLFIcM.exe
  C:\Windows\System\TVLFIcM.exe
  2⤵
  PID:5648
- C:\Windows\System\rVNvJjq.exe
  C:\Windows\System\rVNvJjq.exe
  2⤵
  PID:5664
- C:\Windows\System\jtsGjmF.exe
  C:\Windows\System\jtsGjmF.exe
  2⤵
  PID:5680
- C:\Windows\System\UyOjnJq.exe
  C:\Windows\System\UyOjnJq.exe
  2⤵
  PID:5696
- C:\Windows\System\qDbQlzY.exe
  C:\Windows\System\qDbQlzY.exe
  2⤵
  PID:5712
- C:\Windows\System\LBWxDUx.exe
  C:\Windows\System\LBWxDUx.exe
  2⤵
  PID:5728
- C:\Windows\System\MyoOywU.exe
  C:\Windows\System\MyoOywU.exe
  2⤵
  PID:5744
- C:\Windows\System\JnbwZSO.exe
  C:\Windows\System\JnbwZSO.exe
  2⤵
  PID:5760
- C:\Windows\System\KNqnCgW.exe
  C:\Windows\System\KNqnCgW.exe
  2⤵
  PID:5776
- C:\Windows\System\lAFJAaT.exe
  C:\Windows\System\lAFJAaT.exe
  2⤵
  PID:5792
- C:\Windows\System\SvcuiNk.exe
  C:\Windows\System\SvcuiNk.exe
  2⤵
  PID:5808
- C:\Windows\System\MtUnUja.exe
  C:\Windows\System\MtUnUja.exe
  2⤵
  PID:5828
- C:\Windows\System\OabrYxV.exe
  C:\Windows\System\OabrYxV.exe
  2⤵
  PID:5844
- C:\Windows\System\HsNXpoI.exe
  C:\Windows\System\HsNXpoI.exe
  2⤵
  PID:5860
- C:\Windows\System\YZBVfBn.exe
  C:\Windows\System\YZBVfBn.exe
  2⤵
  PID:5876
- C:\Windows\System\AERPQOn.exe
  C:\Windows\System\AERPQOn.exe
  2⤵
  PID:5972
- C:\Windows\System\dKIKlyc.exe
  C:\Windows\System\dKIKlyc.exe
  2⤵
  PID:6088
- C:\Windows\System\dqWlnFj.exe
  C:\Windows\System\dqWlnFj.exe
  2⤵
  PID:6128
- C:\Windows\System\NkDXteh.exe
  C:\Windows\System\NkDXteh.exe
  2⤵
  PID:4348
- C:\Windows\System\xsvkvJG.exe
  C:\Windows\System\xsvkvJG.exe
  2⤵
  PID:3932
- C:\Windows\System\lhBOtvu.exe
  C:\Windows\System\lhBOtvu.exe
  2⤵
  PID:4664
- C:\Windows\System\CoPpwpo.exe
  C:\Windows\System\CoPpwpo.exe
  2⤵
  PID:5412
- C:\Windows\System\RsWNKBL.exe
  C:\Windows\System\RsWNKBL.exe
  2⤵
  PID:5400
- C:\Windows\System\sUVdDzI.exe
  C:\Windows\System\sUVdDzI.exe
  2⤵
  PID:5544
- C:\Windows\System\eZmtwOu.exe
  C:\Windows\System\eZmtwOu.exe
  2⤵
  PID:5608
- C:\Windows\System\WxbjQjK.exe
  C:\Windows\System\WxbjQjK.exe
  2⤵
  PID:5672
- C:\Windows\System\wiJEJJA.exe
  C:\Windows\System\wiJEJJA.exe
  2⤵
  PID:2776
- C:\Windows\System\yfdUUZY.exe
  C:\Windows\System\yfdUUZY.exe
  2⤵
  PID:5804
- C:\Windows\System\KJbztMY.exe
  C:\Windows\System\KJbztMY.exe
  2⤵
  PID:5868
- C:\Windows\System\OLElUKq.exe
  C:\Windows\System\OLElUKq.exe
  2⤵
  PID:5368
- C:\Windows\System\afajjhM.exe
  C:\Windows\System\afajjhM.exe
  2⤵
  PID:5524
- C:\Windows\System\RKnaEYH.exe
  C:\Windows\System\RKnaEYH.exe
  2⤵
  PID:5592
- C:\Windows\System\JQNSqAx.exe
  C:\Windows\System\JQNSqAx.exe
  2⤵
  PID:5660
- C:\Windows\System\jgBqVtu.exe
  C:\Windows\System\jgBqVtu.exe
  2⤵
  PID:5752
- C:\Windows\System\hOUfYji.exe
  C:\Windows\System\hOUfYji.exe
  2⤵
  PID:5816
- C:\Windows\System\rfGzbuc.exe
  C:\Windows\System\rfGzbuc.exe
  2⤵
  PID:5892
- C:\Windows\System\eHOsigc.exe
  C:\Windows\System\eHOsigc.exe
  2⤵
  PID:5912
- C:\Windows\System\EbYRqLW.exe
  C:\Windows\System\EbYRqLW.exe
  2⤵
  PID:5928
- C:\Windows\System\MpcraOe.exe
  C:\Windows\System\MpcraOe.exe
  2⤵
  PID:5952
- C:\Windows\System\UtIEeLc.exe
  C:\Windows\System\UtIEeLc.exe
  2⤵
  PID:5960
- C:\Windows\System\XGKRSoG.exe
  C:\Windows\System\XGKRSoG.exe
  2⤵
  PID:5996
- C:\Windows\System\MQObRrP.exe
  C:\Windows\System\MQObRrP.exe
  2⤵
  PID:6016
- C:\Windows\System\kPkqqCB.exe
  C:\Windows\System\kPkqqCB.exe
  2⤵
  PID:6032
- C:\Windows\System\iQxvkZe.exe
  C:\Windows\System\iQxvkZe.exe
  2⤵
  PID:6044
- C:\Windows\System\kTsLgmC.exe
  C:\Windows\System\kTsLgmC.exe
  2⤵
  PID:6068
- C:\Windows\System\rCjHioW.exe
  C:\Windows\System\rCjHioW.exe
  2⤵
  PID:2032
- C:\Windows\System\VEmHjWu.exe
  C:\Windows\System\VEmHjWu.exe
  2⤵
  PID:796
- C:\Windows\System\mMitGDM.exe
  C:\Windows\System\mMitGDM.exe
  2⤵
  PID:6104
- C:\Windows\System\BlOQsdu.exe
  C:\Windows\System\BlOQsdu.exe
  2⤵
  PID:6140
- C:\Windows\System\NaZOPWM.exe
  C:\Windows\System\NaZOPWM.exe
  2⤵
  PID:6124
- C:\Windows\System\CIILkkb.exe
  C:\Windows\System\CIILkkb.exe
  2⤵
  PID:4540
- C:\Windows\System\dSBdINX.exe
  C:\Windows\System\dSBdINX.exe
  2⤵
  PID:4776
- C:\Windows\System\YjBLuEo.exe
  C:\Windows\System\YjBLuEo.exe
  2⤵
  PID:5132
- C:\Windows\System\gceQXcg.exe
  C:\Windows\System\gceQXcg.exe
  2⤵
  PID:5172
- C:\Windows\System\kJYwjcn.exe
  C:\Windows\System\kJYwjcn.exe
  2⤵
  PID:4688
- C:\Windows\System\jwYNXca.exe
  C:\Windows\System\jwYNXca.exe
  2⤵
  PID:2788
- C:\Windows\System\BUVdWaq.exe
  C:\Windows\System\BUVdWaq.exe
  2⤵
  PID:4384
- C:\Windows\System\nFexDfh.exe
  C:\Windows\System\nFexDfh.exe
  2⤵
  PID:5176
- C:\Windows\System\kRIQPXO.exe
  C:\Windows\System\kRIQPXO.exe
  2⤵
  PID:5240
- C:\Windows\System\DJSwCys.exe
  C:\Windows\System\DJSwCys.exe
  2⤵
  PID:5272
- C:\Windows\System\AhGvQZl.exe
  C:\Windows\System\AhGvQZl.exe
  2⤵
  PID:5252
- C:\Windows\System\oRICBdn.exe
  C:\Windows\System\oRICBdn.exe
  2⤵
  PID:5444
- C:\Windows\System\mqEhAtr.exe
  C:\Windows\System\mqEhAtr.exe
  2⤵
  PID:5348
- C:\Windows\System\CdfKjrg.exe
  C:\Windows\System\CdfKjrg.exe
  2⤵
  PID:5432
- C:\Windows\System\bJdLWEX.exe
  C:\Windows\System\bJdLWEX.exe
  2⤵
  PID:5708
- C:\Windows\System\sZbLByc.exe
  C:\Windows\System\sZbLByc.exe
  2⤵
  PID:5676
- C:\Windows\System\CZSCmHm.exe
  C:\Windows\System\CZSCmHm.exe
  2⤵
  PID:5768
- C:\Windows\System\XxqEHXw.exe
  C:\Windows\System\XxqEHXw.exe
  2⤵
  PID:5624
- C:\Windows\System\tLtJbgH.exe
  C:\Windows\System\tLtJbgH.exe
  2⤵
  PID:5532
- C:\Windows\System\VdeURAG.exe
  C:\Windows\System\VdeURAG.exe
  2⤵
  PID:5788
- C:\Windows\System\lAYYySk.exe
  C:\Windows\System\lAYYySk.exe
  2⤵
  PID:5724
- C:\Windows\System\irRkEXQ.exe
  C:\Windows\System\irRkEXQ.exe
  2⤵
  PID:5856
- C:\Windows\System\QawhkDq.exe
  C:\Windows\System\QawhkDq.exe
  2⤵
  PID:5940
- C:\Windows\System\chXaKfO.exe
  C:\Windows\System\chXaKfO.exe
  2⤵
  PID:5992
- C:\Windows\System\mmrzWnb.exe
  C:\Windows\System\mmrzWnb.exe
  2⤵
  PID:6052
- C:\Windows\System\JBVnyEC.exe
  C:\Windows\System\JBVnyEC.exe
  2⤵
  PID:6064
- C:\Windows\System\ZYFPITS.exe
  C:\Windows\System\ZYFPITS.exe
  2⤵
  PID:6036
- C:\Windows\System\zliatrk.exe
  C:\Windows\System\zliatrk.exe
  2⤵
  PID:6080
- C:\Windows\System\otLJWHZ.exe
  C:\Windows\System\otLJWHZ.exe
  2⤵
  PID:5000
- C:\Windows\System\oZXxqLf.exe
  C:\Windows\System\oZXxqLf.exe
  2⤵
  PID:6116
- C:\Windows\System\YxYPhhv.exe
  C:\Windows\System\YxYPhhv.exe
  2⤵
  PID:2264
- C:\Windows\System\PVoNITP.exe
  C:\Windows\System\PVoNITP.exe
  2⤵
  PID:5072
- C:\Windows\System\wQgIzmv.exe
  C:\Windows\System\wQgIzmv.exe
  2⤵
  PID:5140
- C:\Windows\System\YWlxKvh.exe
  C:\Windows\System\YWlxKvh.exe
  2⤵
  PID:4168
- C:\Windows\System\mjvPjLQ.exe
  C:\Windows\System\mjvPjLQ.exe
  2⤵
  PID:5160
- C:\Windows\System\LrkTILF.exe
  C:\Windows\System\LrkTILF.exe
  2⤵
  PID:2508
- C:\Windows\System\sVvUOOe.exe
  C:\Windows\System\sVvUOOe.exe
  2⤵
  PID:5268
- C:\Windows\System\apKkVmM.exe
  C:\Windows\System\apKkVmM.exe
  2⤵
  PID:5580
- C:\Windows\System\pktSnHJ.exe
  C:\Windows\System\pktSnHJ.exe
  2⤵
  PID:5480
- C:\Windows\System\ACGpzIl.exe
  C:\Windows\System\ACGpzIl.exe
  2⤵
  PID:5364
- C:\Windows\System\HtIOtna.exe
  C:\Windows\System\HtIOtna.exe
  2⤵
  PID:5656
- C:\Windows\System\CVgPMNI.exe
  C:\Windows\System\CVgPMNI.exe
  2⤵
  PID:5900
- C:\Windows\System\itIaAYn.exe
  C:\Windows\System\itIaAYn.exe
  2⤵
  PID:5784
- C:\Windows\System\TrbcDlK.exe
  C:\Windows\System\TrbcDlK.exe
  2⤵
  PID:5948
- C:\Windows\System\edEMHjW.exe
  C:\Windows\System\edEMHjW.exe
  2⤵
  PID:2688
- C:\Windows\System\OfcCEmo.exe
  C:\Windows\System\OfcCEmo.exe
  2⤵
  PID:6004
- C:\Windows\System\qqIQVoi.exe
  C:\Windows\System\qqIQVoi.exe
  2⤵
  PID:2248
- C:\Windows\System\VYVkkEL.exe
  C:\Windows\System\VYVkkEL.exe
  2⤵
  PID:5044
- C:\Windows\System\zvVGChT.exe
  C:\Windows\System\zvVGChT.exe
  2⤵
  PID:2456
- C:\Windows\System\gipKuNa.exe
  C:\Windows\System\gipKuNa.exe
  2⤵
  PID:2224
- C:\Windows\System\PqVjtpy.exe
  C:\Windows\System\PqVjtpy.exe
  2⤵
  PID:2868
- C:\Windows\System\jlseauJ.exe
  C:\Windows\System\jlseauJ.exe
  2⤵
  PID:1052
- C:\Windows\System\rawYRpx.exe
  C:\Windows\System\rawYRpx.exe
  2⤵
  PID:5220
- C:\Windows\System\VGGwqui.exe
  C:\Windows\System\VGGwqui.exe
  2⤵
  PID:3544
- C:\Windows\System\PYQpEdK.exe
  C:\Windows\System\PYQpEdK.exe
  2⤵
  PID:5644
- C:\Windows\System\beYobuL.exe
  C:\Windows\System\beYobuL.exe
  2⤵
  PID:5496
- C:\Windows\System\NYcwsDq.exe
  C:\Windows\System\NYcwsDq.exe
  2⤵
  PID:5904
- C:\Windows\System\nGDvjWc.exe
  C:\Windows\System\nGDvjWc.exe
  2⤵
  PID:5920
- C:\Windows\System\rmOCUfY.exe
  C:\Windows\System\rmOCUfY.exe
  2⤵
  PID:6076
- C:\Windows\System\KLXtFgh.exe
  C:\Windows\System\KLXtFgh.exe
  2⤵
  PID:2676
- C:\Windows\System\iIUPuiZ.exe
  C:\Windows\System\iIUPuiZ.exe
  2⤵
  PID:5204
- C:\Windows\System\UPDVqAj.exe
  C:\Windows\System\UPDVqAj.exe
  2⤵
  PID:5156
- C:\Windows\System\qSDyyXr.exe
  C:\Windows\System\qSDyyXr.exe
  2⤵
  PID:5208
- C:\Windows\System\FRFEawb.exe
  C:\Windows\System\FRFEawb.exe
  2⤵
  PID:5384
- C:\Windows\System\fQzqNNl.exe
  C:\Windows\System\fQzqNNl.exe
  2⤵
  PID:5304
- C:\Windows\System\SIqQSwK.exe
  C:\Windows\System\SIqQSwK.exe
  2⤵
  PID:6084
- C:\Windows\System\aIUibZy.exe
  C:\Windows\System\aIUibZy.exe
  2⤵
  PID:2636
- C:\Windows\System\WpBTgqj.exe
  C:\Windows\System\WpBTgqj.exe
  2⤵
  PID:6156
- C:\Windows\System\YRntmWQ.exe
  C:\Windows\System\YRntmWQ.exe
  2⤵
  PID:6180
- C:\Windows\System\MKGFSuK.exe
  C:\Windows\System\MKGFSuK.exe
  2⤵
  PID:6200
- C:\Windows\System\jXIUEdq.exe
  C:\Windows\System\jXIUEdq.exe
  2⤵
  PID:6220
- C:\Windows\System\NTFiKOg.exe
  C:\Windows\System\NTFiKOg.exe
  2⤵
  PID:6240
- C:\Windows\System\fCMbkMF.exe
  C:\Windows\System\fCMbkMF.exe
  2⤵
  PID:6260
- C:\Windows\System\whGMvVP.exe
  C:\Windows\System\whGMvVP.exe
  2⤵
  PID:6280
- C:\Windows\System\reDafEh.exe
  C:\Windows\System\reDafEh.exe
  2⤵
  PID:6300
- C:\Windows\System\jKfcUpY.exe
  C:\Windows\System\jKfcUpY.exe
  2⤵
  PID:6316
- C:\Windows\System\pODGsmm.exe
  C:\Windows\System\pODGsmm.exe
  2⤵
  PID:6340
- C:\Windows\System\ghKICZv.exe
  C:\Windows\System\ghKICZv.exe
  2⤵
  PID:6360
- C:\Windows\System\dyuennm.exe
  C:\Windows\System\dyuennm.exe
  2⤵
  PID:6380
- C:\Windows\System\LtinKhk.exe
  C:\Windows\System\LtinKhk.exe
  2⤵
  PID:6400
- C:\Windows\System\CPyAcKY.exe
  C:\Windows\System\CPyAcKY.exe
  2⤵
  PID:6420
- C:\Windows\System\OEHNCYC.exe
  C:\Windows\System\OEHNCYC.exe
  2⤵
  PID:6440
- C:\Windows\System\AVzNZiJ.exe
  C:\Windows\System\AVzNZiJ.exe
  2⤵
  PID:6460
- C:\Windows\System\YGklLrX.exe
  C:\Windows\System\YGklLrX.exe
  2⤵
  PID:6480
- C:\Windows\System\idaiXNf.exe
  C:\Windows\System\idaiXNf.exe
  2⤵
  PID:6500
- C:\Windows\System\mdHIERA.exe
  C:\Windows\System\mdHIERA.exe
  2⤵
  PID:6524
- C:\Windows\System\WgFhROO.exe
  C:\Windows\System\WgFhROO.exe
  2⤵
  PID:6544
- C:\Windows\System\PFFKRMm.exe
  C:\Windows\System\PFFKRMm.exe
  2⤵
  PID:6564
- C:\Windows\System\kNwmJvH.exe
  C:\Windows\System\kNwmJvH.exe
  2⤵
  PID:6584
- C:\Windows\System\zpooPkD.exe
  C:\Windows\System\zpooPkD.exe
  2⤵
  PID:6604
- C:\Windows\System\KEXeNCB.exe
  C:\Windows\System\KEXeNCB.exe
  2⤵
  PID:6624
- C:\Windows\System\xvpnwsX.exe
  C:\Windows\System\xvpnwsX.exe
  2⤵
  PID:6644
- C:\Windows\System\oLUBuJN.exe
  C:\Windows\System\oLUBuJN.exe
  2⤵
  PID:6664
- C:\Windows\System\EkarSfd.exe
  C:\Windows\System\EkarSfd.exe
  2⤵
  PID:6680
- C:\Windows\System\BAuivLS.exe
  C:\Windows\System\BAuivLS.exe
  2⤵
  PID:6704
- C:\Windows\System\hHzEhNm.exe
  C:\Windows\System\hHzEhNm.exe
  2⤵
  PID:6720
- C:\Windows\System\UsmCvRW.exe
  C:\Windows\System\UsmCvRW.exe
  2⤵
  PID:6744
- C:\Windows\System\ExlHQDf.exe
  C:\Windows\System\ExlHQDf.exe
  2⤵
  PID:6764
- C:\Windows\System\HgNTuck.exe
  C:\Windows\System\HgNTuck.exe
  2⤵
  PID:6784
- C:\Windows\System\GesovMy.exe
  C:\Windows\System\GesovMy.exe
  2⤵
  PID:6804
- C:\Windows\System\OYoCzty.exe
  C:\Windows\System\OYoCzty.exe
  2⤵
  PID:6824
- C:\Windows\System\rZzbBiN.exe
  C:\Windows\System\rZzbBiN.exe
  2⤵
  PID:6840
- C:\Windows\System\OLavFHQ.exe
  C:\Windows\System\OLavFHQ.exe
  2⤵
  PID:6860
- C:\Windows\System\BBpakJp.exe
  C:\Windows\System\BBpakJp.exe
  2⤵
  PID:6876
- C:\Windows\System\eogWAYj.exe
  C:\Windows\System\eogWAYj.exe
  2⤵
  PID:6892
- C:\Windows\System\bHUcOUE.exe
  C:\Windows\System\bHUcOUE.exe
  2⤵
  PID:6908
- C:\Windows\System\YzdglVX.exe
  C:\Windows\System\YzdglVX.exe
  2⤵
  PID:6924
- C:\Windows\System\BQlNQSL.exe
  C:\Windows\System\BQlNQSL.exe
  2⤵
  PID:6940
- C:\Windows\System\FTrpsiK.exe
  C:\Windows\System\FTrpsiK.exe
  2⤵
  PID:6956
- C:\Windows\System\xnFmGoi.exe
  C:\Windows\System\xnFmGoi.exe
  2⤵
  PID:6972
- C:\Windows\System\UWetAmb.exe
  C:\Windows\System\UWetAmb.exe
  2⤵
  PID:6988
- C:\Windows\System\mrVpkrO.exe
  C:\Windows\System\mrVpkrO.exe
  2⤵
  PID:7016
- C:\Windows\System\BUouYiY.exe
  C:\Windows\System\BUouYiY.exe
  2⤵
  PID:7036
- C:\Windows\System\WaRupYT.exe
  C:\Windows\System\WaRupYT.exe
  2⤵
  PID:7056
- C:\Windows\System\XjhZTcT.exe
  C:\Windows\System\XjhZTcT.exe
  2⤵
  PID:7072
- C:\Windows\System\TArDBIk.exe
  C:\Windows\System\TArDBIk.exe
  2⤵
  PID:7088
- C:\Windows\System\FaroEMK.exe
  C:\Windows\System\FaroEMK.exe
  2⤵
  PID:7108
- C:\Windows\System\JaAQTan.exe
  C:\Windows\System\JaAQTan.exe
  2⤵
  PID:7124
- C:\Windows\System\ILQgkFS.exe
  C:\Windows\System\ILQgkFS.exe
  2⤵
  PID:7140
- C:\Windows\System\tHSIXhl.exe
  C:\Windows\System\tHSIXhl.exe
  2⤵
  PID:7156
- C:\Windows\System\QKeQFmo.exe
  C:\Windows\System\QKeQFmo.exe
  2⤵
  PID:5128
- C:\Windows\System\SovlhVz.exe
  C:\Windows\System\SovlhVz.exe
  2⤵
  PID:1996
- C:\Windows\System\wgsiuYs.exe
  C:\Windows\System\wgsiuYs.exe
  2⤵
  PID:2468
- C:\Windows\System\qhNMgzt.exe
  C:\Windows\System\qhNMgzt.exe
  2⤵
  PID:5988
- C:\Windows\System\lkpXmvr.exe
  C:\Windows\System\lkpXmvr.exe
  2⤵
  PID:5288
- C:\Windows\System\FyYIYFc.exe
  C:\Windows\System\FyYIYFc.exe
  2⤵
  PID:1148
- C:\Windows\System\vTCtCYU.exe
  C:\Windows\System\vTCtCYU.exe
  2⤵
  PID:6176
- C:\Windows\System\EuxdWOk.exe
  C:\Windows\System\EuxdWOk.exe
  2⤵
  PID:6152
- C:\Windows\System\qVhjJus.exe
  C:\Windows\System\qVhjJus.exe
  2⤵
  PID:6216
- C:\Windows\System\hXxZMaF.exe
  C:\Windows\System\hXxZMaF.exe
  2⤵
  PID:6268
- C:\Windows\System\kAgUYCd.exe
  C:\Windows\System\kAgUYCd.exe
  2⤵
  PID:6276
- C:\Windows\System\JeFNBGG.exe
  C:\Windows\System\JeFNBGG.exe
  2⤵
  PID:6336
- C:\Windows\System\szHQloc.exe
  C:\Windows\System\szHQloc.exe
  2⤵
  PID:6348
- C:\Windows\System\pTPjGAY.exe
  C:\Windows\System\pTPjGAY.exe
  2⤵
  PID:2288
- C:\Windows\System\eHsVxmt.exe
  C:\Windows\System\eHsVxmt.exe
  2⤵
  PID:6496
- C:\Windows\System\FEsQHWe.exe
  C:\Windows\System\FEsQHWe.exe
  2⤵
  PID:6560
- C:\Windows\System\jQtIQEp.exe
  C:\Windows\System\jQtIQEp.exe
  2⤵
  PID:6616
- C:\Windows\System\yuzyDHp.exe
  C:\Windows\System\yuzyDHp.exe
  2⤵
  PID:6632
- C:\Windows\System\xVYckHW.exe
  C:\Windows\System\xVYckHW.exe
  2⤵
  PID:6688
- C:\Windows\System\YXIsZId.exe
  C:\Windows\System\YXIsZId.exe
  2⤵
  PID:6676
- C:\Windows\System\sFiqSnW.exe
  C:\Windows\System\sFiqSnW.exe
  2⤵
  PID:6732
- C:\Windows\System\NottGvB.exe
  C:\Windows\System\NottGvB.exe
  2⤵
  PID:6716
- C:\Windows\System\XAhkbYJ.exe
  C:\Windows\System\XAhkbYJ.exe
  2⤵
  PID:6772
- C:\Windows\System\OXYHZcq.exe
  C:\Windows\System\OXYHZcq.exe
  2⤵
  PID:2840
- C:\Windows\System\sMwgxsl.exe
  C:\Windows\System\sMwgxsl.exe
  2⤵
  PID:2784
- C:\Windows\System\PlrtwAL.exe
  C:\Windows\System\PlrtwAL.exe
  2⤵
  PID:2848
- C:\Windows\System\BRFhptF.exe
  C:\Windows\System\BRFhptF.exe
  2⤵
  PID:6516
- C:\Windows\System\wUQQXIQ.exe
  C:\Windows\System\wUQQXIQ.exe
  2⤵
  PID:6816
- C:\Windows\System\lZrMhdL.exe
  C:\Windows\System\lZrMhdL.exe
  2⤵
  PID:6836
- C:\Windows\System\NNFEWDG.exe
  C:\Windows\System\NNFEWDG.exe
  2⤵
  PID:6916
- C:\Windows\System\mDQKZbS.exe
  C:\Windows\System\mDQKZbS.exe
  2⤵
  PID:6932
- C:\Windows\System\gzLGJGd.exe
  C:\Windows\System\gzLGJGd.exe
  2⤵
  PID:6948
- C:\Windows\System\cFzqnRu.exe
  C:\Windows\System\cFzqnRu.exe
  2⤵
  PID:7028
- C:\Windows\System\CXZzjTQ.exe
  C:\Windows\System\CXZzjTQ.exe
  2⤵
  PID:7096
- C:\Windows\System\ffdtPVi.exe
  C:\Windows\System\ffdtPVi.exe
  2⤵
  PID:2804
- C:\Windows\System\fyzdGkT.exe
  C:\Windows\System\fyzdGkT.exe
  2⤵
  PID:7000
- C:\Windows\System\fTWAKwf.exe
  C:\Windows\System\fTWAKwf.exe
  2⤵
  PID:7164
- C:\Windows\System\vuZkaBx.exe
  C:\Windows\System\vuZkaBx.exe
  2⤵
  PID:7080
- C:\Windows\System\bcvnFbp.exe
  C:\Windows\System\bcvnFbp.exe
  2⤵
  PID:6112
- C:\Windows\System\dQNAwsu.exe
  C:\Windows\System\dQNAwsu.exe
  2⤵
  PID:5052
- C:\Windows\System\ytfivTw.exe
  C:\Windows\System\ytfivTw.exe
  2⤵
  PID:6292
- C:\Windows\System\xEzTlXe.exe
  C:\Windows\System\xEzTlXe.exe
  2⤵
  PID:6192
- C:\Windows\System\GTTvtmT.exe
  C:\Windows\System\GTTvtmT.exe
  2⤵
  PID:6236
- C:\Windows\System\dyVaKwz.exe
  C:\Windows\System\dyVaKwz.exe
  2⤵
  PID:2340
- C:\Windows\System\zWiIRAx.exe
  C:\Windows\System\zWiIRAx.exe
  2⤵
  PID:6388
- C:\Windows\System\nrwmOGd.exe
  C:\Windows\System\nrwmOGd.exe
  2⤵
  PID:6456
- C:\Windows\System\ozZzGqE.exe
  C:\Windows\System\ozZzGqE.exe
  2⤵
  PID:6432
- C:\Windows\System\GPQrpnD.exe
  C:\Windows\System\GPQrpnD.exe
  2⤵
  PID:6508
- C:\Windows\System\iVXgmjd.exe
  C:\Windows\System\iVXgmjd.exe
  2⤵
  PID:6492
- C:\Windows\System\ajjGoFR.exe
  C:\Windows\System\ajjGoFR.exe
  2⤵
  PID:6656
- C:\Windows\System\qwGWmvu.exe
  C:\Windows\System\qwGWmvu.exe
  2⤵
  PID:6760
- C:\Windows\System\oaRoVGA.exe
  C:\Windows\System\oaRoVGA.exe
  2⤵
  PID:4892
- C:\Windows\System\uTayWtv.exe
  C:\Windows\System\uTayWtv.exe
  2⤵
  PID:3824
- C:\Windows\System\AFyBEav.exe
  C:\Windows\System\AFyBEav.exe
  2⤵
  PID:6868
- C:\Windows\System\fBuPtvY.exe
  C:\Windows\System\fBuPtvY.exe
  2⤵
  PID:6996
- C:\Windows\System\HwmzVLD.exe
  C:\Windows\System\HwmzVLD.exe
  2⤵
  PID:6652
- C:\Windows\System\ZHxAIxW.exe
  C:\Windows\System\ZHxAIxW.exe
  2⤵
  PID:6712
- C:\Windows\System\qbktfgV.exe
  C:\Windows\System\qbktfgV.exe
  2⤵
  PID:6792
- C:\Windows\System\KvVDBym.exe
  C:\Windows\System\KvVDBym.exe
  2⤵
  PID:7048
- C:\Windows\System\MQkXfFb.exe
  C:\Windows\System\MQkXfFb.exe
  2⤵
  PID:5380
- C:\Windows\System\aBqwxUx.exe
  C:\Windows\System\aBqwxUx.exe
  2⤵
  PID:7120
- C:\Windows\System\fMmIhaW.exe
  C:\Windows\System\fMmIhaW.exe
  2⤵
  PID:1332
- C:\Windows\System\CeKUYvn.exe
  C:\Windows\System\CeKUYvn.exe
  2⤵
  PID:6252
- C:\Windows\System\uqcAANx.exe
  C:\Windows\System\uqcAANx.exe
  2⤵
  PID:5576
- C:\Windows\System\EEWJpYS.exe
  C:\Windows\System\EEWJpYS.exe
  2⤵
  PID:1776
- C:\Windows\System\eUxlXvJ.exe
  C:\Windows\System\eUxlXvJ.exe
  2⤵
  PID:6312
- C:\Windows\System\wZCxQpy.exe
  C:\Windows\System\wZCxQpy.exe
  2⤵
  PID:6540
- C:\Windows\System\YgyFCUp.exe
  C:\Windows\System\YgyFCUp.exe
  2⤵
  PID:6612
- C:\Windows\System\IJXiXhy.exe
  C:\Windows\System\IJXiXhy.exe
  2⤵
  PID:6452
- C:\Windows\System\ufdrTDv.exe
  C:\Windows\System\ufdrTDv.exe
  2⤵
  PID:6476
- C:\Windows\System\RNYvNDt.exe
  C:\Windows\System\RNYvNDt.exe
  2⤵
  PID:6900
- C:\Windows\System\CiSDjpI.exe
  C:\Windows\System\CiSDjpI.exe
  2⤵
  PID:6832
- C:\Windows\System\amgqRxW.exe
  C:\Windows\System\amgqRxW.exe
  2⤵
  PID:7024
- C:\Windows\System\oHmgdeA.exe
  C:\Windows\System\oHmgdeA.exe
  2⤵
  PID:7132
- C:\Windows\System\NfEhCsS.exe
  C:\Windows\System\NfEhCsS.exe
  2⤵
  PID:6968
- C:\Windows\System\qkgUxKu.exe
  C:\Windows\System\qkgUxKu.exe
  2⤵
  PID:5020
- C:\Windows\System\ihCUuHC.exe
  C:\Windows\System\ihCUuHC.exe
  2⤵
  PID:7152
- C:\Windows\System\QPoygyJ.exe
  C:\Windows\System\QPoygyJ.exe
  2⤵
  PID:6820
- C:\Windows\System\TbaPeGs.exe
  C:\Windows\System\TbaPeGs.exe
  2⤵
  PID:2792
- C:\Windows\System\JrLIxax.exe
  C:\Windows\System\JrLIxax.exe
  2⤵
  PID:6148
- C:\Windows\System\EXZzAzt.exe
  C:\Windows\System\EXZzAzt.exe
  2⤵
  PID:6372
- C:\Windows\System\RgfxuoU.exe
  C:\Windows\System\RgfxuoU.exe
  2⤵
  PID:1324
- C:\Windows\System\WnRCajq.exe
  C:\Windows\System\WnRCajq.exe
  2⤵
  PID:6428
- C:\Windows\System\VJTBNZy.exe
  C:\Windows\System\VJTBNZy.exe
  2⤵
  PID:6580
- C:\Windows\System\dyVLxYJ.exe
  C:\Windows\System\dyVLxYJ.exe
  2⤵
  PID:6416
- C:\Windows\System\mikWDSI.exe
  C:\Windows\System\mikWDSI.exe
  2⤵
  PID:6872
- C:\Windows\System\XmyCadc.exe
  C:\Windows\System\XmyCadc.exe
  2⤵
  PID:5460
- C:\Windows\System\YzeCIQq.exe
  C:\Windows\System\YzeCIQq.exe
  2⤵
  PID:6700
- C:\Windows\System\SjgdlRe.exe
  C:\Windows\System\SjgdlRe.exe
  2⤵
  PID:7176
- C:\Windows\System\tlZGyKl.exe
  C:\Windows\System\tlZGyKl.exe
  2⤵
  PID:7192
- C:\Windows\System\OIvFCoT.exe
  C:\Windows\System\OIvFCoT.exe
  2⤵
  PID:7208
- C:\Windows\System\yGqkfTF.exe
  C:\Windows\System\yGqkfTF.exe
  2⤵
  PID:7228
- C:\Windows\System\jrAuwah.exe
  C:\Windows\System\jrAuwah.exe
  2⤵
  PID:7244
- C:\Windows\System\LZETYhi.exe
  C:\Windows\System\LZETYhi.exe
  2⤵
  PID:7260
- C:\Windows\System\azxVNbr.exe
  C:\Windows\System\azxVNbr.exe
  2⤵
  PID:7288
- C:\Windows\System\NMlKLMW.exe
  C:\Windows\System\NMlKLMW.exe
  2⤵
  PID:7388
- C:\Windows\System\wuIQlmK.exe
  C:\Windows\System\wuIQlmK.exe
  2⤵
  PID:7404
- C:\Windows\System\eAAHSgA.exe
  C:\Windows\System\eAAHSgA.exe
  2⤵
  PID:7424
- C:\Windows\System\rlLACFN.exe
  C:\Windows\System\rlLACFN.exe
  2⤵
  PID:7440
- C:\Windows\System\nRKhTXv.exe
  C:\Windows\System\nRKhTXv.exe
  2⤵
  PID:7456
- C:\Windows\System\lSNwYcz.exe
  C:\Windows\System\lSNwYcz.exe
  2⤵
  PID:7472
- C:\Windows\System\dygdrXz.exe
  C:\Windows\System\dygdrXz.exe
  2⤵
  PID:7488
- C:\Windows\System\ScpNaiU.exe
  C:\Windows\System\ScpNaiU.exe
  2⤵
  PID:7512
- C:\Windows\System\hjYGMjl.exe
  C:\Windows\System\hjYGMjl.exe
  2⤵
  PID:7528
- C:\Windows\System\YHpPuLH.exe
  C:\Windows\System\YHpPuLH.exe
  2⤵
  PID:7544
- C:\Windows\System\XcXoOhV.exe
  C:\Windows\System\XcXoOhV.exe
  2⤵
  PID:7564
- C:\Windows\System\dxJrvUT.exe
  C:\Windows\System\dxJrvUT.exe
  2⤵
  PID:7584
- C:\Windows\System\KyhGbvN.exe
  C:\Windows\System\KyhGbvN.exe
  2⤵
  PID:7604
- C:\Windows\System\APLBwHC.exe
  C:\Windows\System\APLBwHC.exe
  2⤵
  PID:7624
- C:\Windows\System\qAmUIHK.exe
  C:\Windows\System\qAmUIHK.exe
  2⤵
  PID:7640
- C:\Windows\System\bkzUmTj.exe
  C:\Windows\System\bkzUmTj.exe
  2⤵
  PID:7656
- C:\Windows\System\tHMUMqk.exe
  C:\Windows\System\tHMUMqk.exe
  2⤵
  PID:7676
- C:\Windows\System\AmPsvJD.exe
  C:\Windows\System\AmPsvJD.exe
  2⤵
  PID:7692
- C:\Windows\System\tSUOhVG.exe
  C:\Windows\System\tSUOhVG.exe
  2⤵
  PID:7720
- C:\Windows\System\qjnckFf.exe
  C:\Windows\System\qjnckFf.exe
  2⤵
  PID:7740
- C:\Windows\System\swvQZcx.exe
  C:\Windows\System\swvQZcx.exe
  2⤵
  PID:7756
- C:\Windows\System\DepKhFb.exe
  C:\Windows\System\DepKhFb.exe
  2⤵
  PID:7804
- C:\Windows\System\KXfEUGh.exe
  C:\Windows\System\KXfEUGh.exe
  2⤵
  PID:7820
- C:\Windows\System\EGQeySO.exe
  C:\Windows\System\EGQeySO.exe
  2⤵
  PID:7836
- C:\Windows\System\esSEvMq.exe
  C:\Windows\System\esSEvMq.exe
  2⤵
  PID:7852
- C:\Windows\System\GJVoAXf.exe
  C:\Windows\System\GJVoAXf.exe
  2⤵
  PID:7868
- C:\Windows\System\aUNMwEr.exe
  C:\Windows\System\aUNMwEr.exe
  2⤵
  PID:7884
- C:\Windows\System\dphkUOr.exe
  C:\Windows\System\dphkUOr.exe
  2⤵
  PID:7900
- C:\Windows\System\yNDAEku.exe
  C:\Windows\System\yNDAEku.exe
  2⤵
  PID:7916
- C:\Windows\System\SSFjaVb.exe
  C:\Windows\System\SSFjaVb.exe
  2⤵
  PID:7932
- C:\Windows\System\FsxTkgU.exe
  C:\Windows\System\FsxTkgU.exe
  2⤵
  PID:7948
- C:\Windows\System\SiahrcT.exe
  C:\Windows\System\SiahrcT.exe
  2⤵
  PID:7964
- C:\Windows\System\KoeQSuP.exe
  C:\Windows\System\KoeQSuP.exe
  2⤵
  PID:7980
- C:\Windows\System\sfMAQJI.exe
  C:\Windows\System\sfMAQJI.exe
  2⤵
  PID:7996
- C:\Windows\System\GASSHcI.exe
  C:\Windows\System\GASSHcI.exe
  2⤵
  PID:8012
- C:\Windows\System\EMwLgUL.exe
  C:\Windows\System\EMwLgUL.exe
  2⤵
  PID:8028
- C:\Windows\System\aLsAaZF.exe
  C:\Windows\System\aLsAaZF.exe
  2⤵
  PID:8044
- C:\Windows\System\hmmlenL.exe
  C:\Windows\System\hmmlenL.exe
  2⤵
  PID:8132
- C:\Windows\System\RrHSjhZ.exe
  C:\Windows\System\RrHSjhZ.exe
  2⤵
  PID:8152
- C:\Windows\System\lMbqwFm.exe
  C:\Windows\System\lMbqwFm.exe
  2⤵
  PID:8172
- C:\Windows\System\bdqrVFV.exe
  C:\Windows\System\bdqrVFV.exe
  2⤵
  PID:8188
- C:\Windows\System\EIayUGB.exe
  C:\Windows\System\EIayUGB.exe
  2⤵
  PID:6856
- C:\Windows\System\BbSQoxf.exe
  C:\Windows\System\BbSQoxf.exe
  2⤵
  PID:2884
- C:\Windows\System\tocDWfm.exe
  C:\Windows\System\tocDWfm.exe
  2⤵
  PID:6412
- C:\Windows\System\XrscUDd.exe
  C:\Windows\System\XrscUDd.exe
  2⤵
  PID:2756
- C:\Windows\System\ohtvwXa.exe
  C:\Windows\System\ohtvwXa.exe
  2⤵
  PID:7204
- C:\Windows\System\XOmgqKU.exe
  C:\Windows\System\XOmgqKU.exe
  2⤵
  PID:7276
- C:\Windows\System\scPnVhE.exe
  C:\Windows\System\scPnVhE.exe
  2⤵
  PID:7220
- C:\Windows\System\AIKpdXH.exe
  C:\Windows\System\AIKpdXH.exe
  2⤵
  PID:1564
- C:\Windows\System\KObrHEI.exe
  C:\Windows\System\KObrHEI.exe
  2⤵
  PID:7064
- C:\Windows\System\daRZlvb.exe
  C:\Windows\System\daRZlvb.exe
  2⤵
  PID:7308
- C:\Windows\System\KkfwZYc.exe
  C:\Windows\System\KkfwZYc.exe
  2⤵
  PID:7324
- C:\Windows\System\oLwgNtH.exe
  C:\Windows\System\oLwgNtH.exe
  2⤵
  PID:7352
- C:\Windows\System\ZSonAae.exe
  C:\Windows\System\ZSonAae.exe
  2⤵
  PID:7368
- C:\Windows\System\xvrLaOe.exe
  C:\Windows\System\xvrLaOe.exe
  2⤵
  PID:7384
- C:\Windows\System\cJRvErg.exe
  C:\Windows\System\cJRvErg.exe
  2⤵
  PID:7436
- C:\Windows\System\xTdkldM.exe
  C:\Windows\System\xTdkldM.exe
  2⤵
  PID:7500
- C:\Windows\System\hmmXZMI.exe
  C:\Windows\System\hmmXZMI.exe
  2⤵
  PID:7520
- C:\Windows\System\QfVQSDv.exe
  C:\Windows\System\QfVQSDv.exe
  2⤵
  PID:7484
- C:\Windows\System\OSJgEgv.exe
  C:\Windows\System\OSJgEgv.exe
  2⤵
  PID:7536
- C:\Windows\System\whueqWL.exe
  C:\Windows\System\whueqWL.exe
  2⤵
  PID:7580
- C:\Windows\System\tHyzQji.exe
  C:\Windows\System\tHyzQji.exe
  2⤵
  PID:7648
- C:\Windows\System\NbGqwBA.exe
  C:\Windows\System\NbGqwBA.exe
  2⤵
  PID:7728
- C:\Windows\System\QDspHJn.exe
  C:\Windows\System\QDspHJn.exe
  2⤵
  PID:7708
- C:\Windows\System\dLQBtDq.exe
  C:\Windows\System\dLQBtDq.exe
  2⤵
  PID:7748
- C:\Windows\System\VEbwZeC.exe
  C:\Windows\System\VEbwZeC.exe
  2⤵
  PID:7668
- C:\Windows\System\nnGFUAl.exe
  C:\Windows\System\nnGFUAl.exe
  2⤵
  PID:7776
- C:\Windows\System\ulGnuKD.exe
  C:\Windows\System\ulGnuKD.exe
  2⤵
  PID:7796
- C:\Windows\System\kAYqclz.exe
  C:\Windows\System\kAYqclz.exe
  2⤵
  PID:7880
- C:\Windows\System\TcHarIW.exe
  C:\Windows\System\TcHarIW.exe
  2⤵
  PID:7956
- C:\Windows\System\ihcmmOX.exe
  C:\Windows\System\ihcmmOX.exe
  2⤵
  PID:7972
- C:\Windows\System\idedKLX.exe
  C:\Windows\System\idedKLX.exe
  2⤵
  PID:8024
- C:\Windows\System\cJatNfq.exe
  C:\Windows\System\cJatNfq.exe
  2⤵
  PID:8060
- C:\Windows\System\kBGSBOB.exe
  C:\Windows\System\kBGSBOB.exe
  2⤵
  PID:8080
- C:\Windows\System\alOXBVM.exe
  C:\Windows\System\alOXBVM.exe
  2⤵
  PID:8096
- C:\Windows\System\SJjeBze.exe
  C:\Windows\System\SJjeBze.exe
  2⤵
  PID:8008
- C:\Windows\System\UPKPvcK.exe
  C:\Windows\System\UPKPvcK.exe
  2⤵
  PID:8108
- C:\Windows\System\nylGtLd.exe
  C:\Windows\System\nylGtLd.exe
  2⤵
  PID:8120
- C:\Windows\System\UwHCzpO.exe
  C:\Windows\System\UwHCzpO.exe
  2⤵
  PID:484
- C:\Windows\System\jlOrpzv.exe
  C:\Windows\System\jlOrpzv.exe
  2⤵
  PID:8160
- C:\Windows\System\nCPgwNP.exe
  C:\Windows\System\nCPgwNP.exe
  2⤵
  PID:8184
- C:\Windows\System\mnqZXBF.exe
  C:\Windows\System\mnqZXBF.exe
  2⤵
  PID:7012
- C:\Windows\System\qDnrBjz.exe
  C:\Windows\System\qDnrBjz.exe
  2⤵
  PID:6776
- C:\Windows\System\SVcZEge.exe
  C:\Windows\System\SVcZEge.exe
  2⤵
  PID:6324
- C:\Windows\System\pTsWgVe.exe
  C:\Windows\System\pTsWgVe.exe
  2⤵
  PID:708
- C:\Windows\System\TfxRKZh.exe
  C:\Windows\System\TfxRKZh.exe
  2⤵
  PID:7216
- C:\Windows\System\DCtDlCe.exe
  C:\Windows\System\DCtDlCe.exe
  2⤵
  PID:2436
- C:\Windows\System\RvwsOEj.exe
  C:\Windows\System\RvwsOEj.exe
  2⤵
  PID:1132
- C:\Windows\System\NHDsudj.exe
  C:\Windows\System\NHDsudj.exe
  2⤵
  PID:7252
- C:\Windows\System\cZCyvwV.exe
  C:\Windows\System\cZCyvwV.exe
  2⤵
  PID:7360
- C:\Windows\System\casSgia.exe
  C:\Windows\System\casSgia.exe
  2⤵
  PID:7508
- C:\Windows\System\uipxVaK.exe
  C:\Windows\System\uipxVaK.exe
  2⤵
  PID:7560
- C:\Windows\System\ZqNrMhC.exe
  C:\Windows\System\ZqNrMhC.exe
  2⤵
  PID:7304
- C:\Windows\System\leZCtKq.exe
  C:\Windows\System\leZCtKq.exe
  2⤵
  PID:7596
- C:\Windows\System\SQPespr.exe
  C:\Windows\System\SQPespr.exe
  2⤵
  PID:7784
- C:\Windows\System\eeYwlgw.exe
  C:\Windows\System\eeYwlgw.exe
  2⤵
  PID:7340
- C:\Windows\System\FZRzNAX.exe
  C:\Windows\System\FZRzNAX.exe
  2⤵
  PID:7572
- C:\Windows\System\iDxsioW.exe
  C:\Windows\System\iDxsioW.exe
  2⤵
  PID:7464
- C:\Windows\System\EtYVTnj.exe
  C:\Windows\System\EtYVTnj.exe
  2⤵
  PID:7576
- C:\Windows\System\GNjKtXC.exe
  C:\Windows\System\GNjKtXC.exe
  2⤵
  PID:7716
- C:\Windows\System\mLpUObK.exe
  C:\Windows\System\mLpUObK.exe
  2⤵
  PID:8004
- C:\Windows\System\SlIUNlX.exe
  C:\Windows\System\SlIUNlX.exe
  2⤵
  PID:6888
- C:\Windows\System\MdohYUE.exe
  C:\Windows\System\MdohYUE.exe
  2⤵
  PID:1292
- C:\Windows\System\CTRStyQ.exe
  C:\Windows\System\CTRStyQ.exe
  2⤵
  PID:7600
- C:\Windows\System\MqbkxdN.exe
  C:\Windows\System\MqbkxdN.exe
  2⤵
  PID:7348
- C:\Windows\System\OreAFbo.exe
  C:\Windows\System\OreAFbo.exe
  2⤵
  PID:7712
- C:\Windows\System\Hwryvva.exe
  C:\Windows\System\Hwryvva.exe
  2⤵
  PID:7200
- C:\Windows\System\gAEgnGH.exe
  C:\Windows\System\gAEgnGH.exe
  2⤵
  PID:8088
- C:\Windows\System\tKHqiEo.exe
  C:\Windows\System\tKHqiEo.exe
  2⤵
  PID:7768
- C:\Windows\System\FYdqPMQ.exe
  C:\Windows\System\FYdqPMQ.exe
  2⤵
  PID:1656
- C:\Windows\System\pqrlKFd.exe
  C:\Windows\System\pqrlKFd.exe
  2⤵
  PID:8164
- C:\Windows\System\jKJEkGw.exe
  C:\Windows\System\jKJEkGw.exe
  2⤵
  PID:1280
- C:\Windows\System\yZmVtZX.exe
  C:\Windows\System\yZmVtZX.exe
  2⤵
  PID:7412
- C:\Windows\System\ZiOtRMA.exe
  C:\Windows\System\ZiOtRMA.exe
  2⤵
  PID:7620
- C:\Windows\System\WxlIKty.exe
  C:\Windows\System\WxlIKty.exe
  2⤵
  PID:7452
- C:\Windows\System\SXMhFxR.exe
  C:\Windows\System\SXMhFxR.exe
  2⤵
  PID:7844
- C:\Windows\System\kWDJovc.exe
  C:\Windows\System\kWDJovc.exe
  2⤵
  PID:7908
- C:\Windows\System\NZfWFFx.exe
  C:\Windows\System\NZfWFFx.exe
  2⤵
  PID:8104
- C:\Windows\System\XurHJCW.exe
  C:\Windows\System\XurHJCW.exe
  2⤵
  PID:8072
- C:\Windows\System\aceVWdP.exe
  C:\Windows\System\aceVWdP.exe
  2⤵
  PID:7380
- C:\Windows\System\tFAnWiU.exe
  C:\Windows\System\tFAnWiU.exe
  2⤵
  PID:6536
- C:\Windows\System\WOfknaO.exe
  C:\Windows\System\WOfknaO.exe
  2⤵
  PID:8040
- C:\Windows\System\oZbdeey.exe
  C:\Windows\System\oZbdeey.exe
  2⤵
  PID:8144
- C:\Windows\System\tiPPDcB.exe
  C:\Windows\System\tiPPDcB.exe
  2⤵
  PID:7240
- C:\Windows\System\AQYOXnU.exe
  C:\Windows\System\AQYOXnU.exe
  2⤵
  PID:2172
- C:\Windows\System\qDroxIU.exe
  C:\Windows\System\qDroxIU.exe
  2⤵
  PID:8068
- C:\Windows\System\WflJFdN.exe
  C:\Windows\System\WflJFdN.exe
  2⤵
  PID:7256
- C:\Windows\System\fwFLoGw.exe
  C:\Windows\System\fwFLoGw.exe
  2⤵
  PID:1868
- C:\Windows\System\DpuYpjL.exe
  C:\Windows\System\DpuYpjL.exe
  2⤵
  PID:1772
- C:\Windows\System\QiAVNdu.exe
  C:\Windows\System\QiAVNdu.exe
  2⤵
  PID:6328
- C:\Windows\System\GelJxuW.exe
  C:\Windows\System\GelJxuW.exe
  2⤵
  PID:8196
- C:\Windows\System\YwsdYvf.exe
  C:\Windows\System\YwsdYvf.exe
  2⤵
  PID:8220
- C:\Windows\System\CcolTJo.exe
  C:\Windows\System\CcolTJo.exe
  2⤵
  PID:8236
- C:\Windows\System\foNdIpO.exe
  C:\Windows\System\foNdIpO.exe
  2⤵
  PID:8252
- C:\Windows\System\fjLuSRa.exe
  C:\Windows\System\fjLuSRa.exe
  2⤵
  PID:8268
- C:\Windows\System\kuUiRLH.exe
  C:\Windows\System\kuUiRLH.exe
  2⤵
  PID:8288
- C:\Windows\System\GKxXvDM.exe
  C:\Windows\System\GKxXvDM.exe
  2⤵
  PID:8308
- C:\Windows\System\xQFrqgg.exe
  C:\Windows\System\xQFrqgg.exe
  2⤵
  PID:8324
- C:\Windows\System\PqGwfEs.exe
  C:\Windows\System\PqGwfEs.exe
  2⤵
  PID:8344
- C:\Windows\System\DkZdIfu.exe
  C:\Windows\System\DkZdIfu.exe
  2⤵
  PID:8360
- C:\Windows\System\XkuqHDg.exe
  C:\Windows\System\XkuqHDg.exe
  2⤵
  PID:8376
- C:\Windows\System\uImXSUi.exe
  C:\Windows\System\uImXSUi.exe
  2⤵
  PID:8392
- C:\Windows\System\aeZfTLo.exe
  C:\Windows\System\aeZfTLo.exe
  2⤵
  PID:8408
- C:\Windows\System\YzwvLaj.exe
  C:\Windows\System\YzwvLaj.exe
  2⤵
  PID:8424
- C:\Windows\System\VonUxhc.exe
  C:\Windows\System\VonUxhc.exe
  2⤵
  PID:8440
- C:\Windows\System\yBXvjIL.exe
  C:\Windows\System\yBXvjIL.exe
  2⤵
  PID:8456
- C:\Windows\System\sAgmYIw.exe
  C:\Windows\System\sAgmYIw.exe
  2⤵
  PID:8504
- C:\Windows\System\VeyqJbv.exe
  C:\Windows\System\VeyqJbv.exe
  2⤵
  PID:8576
- C:\Windows\System\MGiNrtg.exe
  C:\Windows\System\MGiNrtg.exe
  2⤵
  PID:8592
- C:\Windows\System\Lnclfip.exe
  C:\Windows\System\Lnclfip.exe
  2⤵
  PID:8616
- C:\Windows\System\HlOpTOZ.exe
  C:\Windows\System\HlOpTOZ.exe
  2⤵
  PID:8632
- C:\Windows\System\cpaiVVQ.exe
  C:\Windows\System\cpaiVVQ.exe
  2⤵
  PID:8660
- C:\Windows\System\XEIYOaX.exe
  C:\Windows\System\XEIYOaX.exe
  2⤵
  PID:8676
- C:\Windows\System\XxVdJzb.exe
  C:\Windows\System\XxVdJzb.exe
  2⤵
  PID:8692
- C:\Windows\System\uEhBLbk.exe
  C:\Windows\System\uEhBLbk.exe
  2⤵
  PID:8724
- C:\Windows\System\TuqCGXX.exe
  C:\Windows\System\TuqCGXX.exe
  2⤵
  PID:8740
- C:\Windows\System\JEUnfut.exe
  C:\Windows\System\JEUnfut.exe
  2⤵
  PID:8756
- C:\Windows\System\rthglYE.exe
  C:\Windows\System\rthglYE.exe
  2⤵
  PID:8772
- C:\Windows\System\TOmUNIN.exe
  C:\Windows\System\TOmUNIN.exe
  2⤵
  PID:8788
- C:\Windows\System\zngNyOd.exe
  C:\Windows\System\zngNyOd.exe
  2⤵
  PID:8816
- C:\Windows\System\TIQityZ.exe
  C:\Windows\System\TIQityZ.exe
  2⤵
  PID:8832
- C:\Windows\System\tnLCrKk.exe
  C:\Windows\System\tnLCrKk.exe
  2⤵
  PID:8848
- C:\Windows\System\fmNSqtG.exe
  C:\Windows\System\fmNSqtG.exe
  2⤵
  PID:8888
- C:\Windows\System\AORvjai.exe
  C:\Windows\System\AORvjai.exe
  2⤵
  PID:8904
- C:\Windows\System\CggmpxW.exe
  C:\Windows\System\CggmpxW.exe
  2⤵
  PID:8920
- C:\Windows\System\mnuyiRc.exe
  C:\Windows\System\mnuyiRc.exe
  2⤵
  PID:8936
- C:\Windows\System\OytDqYZ.exe
  C:\Windows\System\OytDqYZ.exe
  2⤵
  PID:8952
- C:\Windows\System\gPpZeFV.exe
  C:\Windows\System\gPpZeFV.exe
  2⤵
  PID:8968
- C:\Windows\System\bykclWb.exe
  C:\Windows\System\bykclWb.exe
  2⤵
  PID:8984
- C:\Windows\System\xeAUyaG.exe
  C:\Windows\System\xeAUyaG.exe
  2⤵
  PID:9000
- C:\Windows\System\qqXtBMh.exe
  C:\Windows\System\qqXtBMh.exe
  2⤵
  PID:9016
- C:\Windows\System\fetktWz.exe
  C:\Windows\System\fetktWz.exe
  2⤵
  PID:9032
- C:\Windows\System\FeYuHLA.exe
  C:\Windows\System\FeYuHLA.exe
  2⤵
  PID:9048
- C:\Windows\System\NZNZHpM.exe
  C:\Windows\System\NZNZHpM.exe
  2⤵
  PID:9064
- C:\Windows\System\mWJTiOk.exe
  C:\Windows\System\mWJTiOk.exe
  2⤵
  PID:9080
- C:\Windows\System\jkmwmGU.exe
  C:\Windows\System\jkmwmGU.exe
  2⤵
  PID:9096
- C:\Windows\System\XExRqXh.exe
  C:\Windows\System\XExRqXh.exe
  2⤵
  PID:9112
- C:\Windows\System\NOsQmPB.exe
  C:\Windows\System\NOsQmPB.exe
  2⤵
  PID:9128
- C:\Windows\System\EYXwvqp.exe
  C:\Windows\System\EYXwvqp.exe
  2⤵
  PID:9144
- C:\Windows\System\QtuSSSX.exe
  C:\Windows\System\QtuSSSX.exe
  2⤵
  PID:9160
- C:\Windows\System\NeAHaYh.exe
  C:\Windows\System\NeAHaYh.exe
  2⤵
  PID:9180
- C:\Windows\System\AqXNDVa.exe
  C:\Windows\System\AqXNDVa.exe
  2⤵
  PID:9196
- C:\Windows\System\NvCHajc.exe
  C:\Windows\System\NvCHajc.exe
  2⤵
  PID:9212
- C:\Windows\System\ZgddutD.exe
  C:\Windows\System\ZgddutD.exe
  2⤵
  PID:7864
- C:\Windows\System\pZHAZIr.exe
  C:\Windows\System\pZHAZIr.exe
  2⤵
  PID:8280
- C:\Windows\System\MGpepuo.exe
  C:\Windows\System\MGpepuo.exe
  2⤵
  PID:7316
- C:\Windows\System\RsTzxoI.exe
  C:\Windows\System\RsTzxoI.exe
  2⤵
  PID:7480
- C:\Windows\System\fKlBrth.exe
  C:\Windows\System\fKlBrth.exe
  2⤵
  PID:6436
- C:\Windows\System\NMpTkCm.exe
  C:\Windows\System\NMpTkCm.exe
  2⤵
  PID:2816
- C:\Windows\System\uFRIYeV.exe
  C:\Windows\System\uFRIYeV.exe
  2⤵
  PID:7664
- C:\Windows\System\xnbvHKb.exe
  C:\Windows\System\xnbvHKb.exe
  2⤵
  PID:2016
- C:\Windows\System\fBMjVlx.exe
  C:\Windows\System\fBMjVlx.exe
  2⤵
  PID:8296
- C:\Windows\System\JGBnxzy.exe
  C:\Windows\System\JGBnxzy.exe
  2⤵
  PID:2132
- C:\Windows\System\XEAIMSK.exe
  C:\Windows\System\XEAIMSK.exe
  2⤵
  PID:8420
- C:\Windows\System\tVbKeTH.exe
  C:\Windows\System\tVbKeTH.exe
  2⤵
  PID:8448
- C:\Windows\System\dOjGaxg.exe
  C:\Windows\System\dOjGaxg.exe
  2⤵
  PID:8452
- C:\Windows\System\idiGWDk.exe
  C:\Windows\System\idiGWDk.exe
  2⤵
  PID:8488
- C:\Windows\System\HHULBfZ.exe
  C:\Windows\System\HHULBfZ.exe
  2⤵
  PID:8512
- C:\Windows\System\mfLKGNq.exe
  C:\Windows\System\mfLKGNq.exe
  2⤵
  PID:8520
- C:\Windows\System\WtxBjuX.exe
  C:\Windows\System\WtxBjuX.exe
  2⤵
  PID:8540
- C:\Windows\System\PlUtelB.exe
  C:\Windows\System\PlUtelB.exe
  2⤵
  PID:8556
- C:\Windows\System\DoGiSgj.exe
  C:\Windows\System\DoGiSgj.exe
  2⤵
  PID:8600
- C:\Windows\System\YEZGlGr.exe
  C:\Windows\System\YEZGlGr.exe
  2⤵
  PID:8628
- C:\Windows\System\XyXzMft.exe
  C:\Windows\System\XyXzMft.exe
  2⤵
  PID:8644
- C:\Windows\System\njMHSOh.exe
  C:\Windows\System\njMHSOh.exe
  2⤵
  PID:8668
- C:\Windows\System\fZYXxeV.exe
  C:\Windows\System\fZYXxeV.exe
  2⤵
  PID:8688
- C:\Windows\System\ufXIcCc.exe
  C:\Windows\System\ufXIcCc.exe
  2⤵
  PID:8736
- C:\Windows\System\mKoVVzW.exe
  C:\Windows\System\mKoVVzW.exe
  2⤵
  PID:8752
- C:\Windows\System\qcCfvqD.exe
  C:\Windows\System\qcCfvqD.exe
  2⤵
  PID:8796
- C:\Windows\System\vcWUNSF.exe
  C:\Windows\System\vcWUNSF.exe
  2⤵
  PID:8804
- C:\Windows\System\neHbmwV.exe
  C:\Windows\System\neHbmwV.exe
  2⤵
  PID:8860
- C:\Windows\System\TFEzGLf.exe
  C:\Windows\System\TFEzGLf.exe
  2⤵
  PID:8868
- C:\Windows\System\juOOsYF.exe
  C:\Windows\System\juOOsYF.exe
  2⤵
  PID:8704
- C:\Windows\System\dKvQuIM.exe
  C:\Windows\System\dKvQuIM.exe
  2⤵
  PID:8944
- C:\Windows\System\eOYPiHG.exe
  C:\Windows\System\eOYPiHG.exe
  2⤵
  PID:8980
- C:\Windows\System\vvHDDEy.exe
  C:\Windows\System\vvHDDEy.exe
  2⤵
  PID:8964
- C:\Windows\System\bsNgHJo.exe
  C:\Windows\System\bsNgHJo.exe
  2⤵
  PID:9028
- C:\Windows\System\gRTKqVN.exe
  C:\Windows\System\gRTKqVN.exe
  2⤵
  PID:9092
- C:\Windows\System\KTMWSKu.exe
  C:\Windows\System\KTMWSKu.exe
  2⤵
  PID:9156
- C:\Windows\System\CdSGJEz.exe
  C:\Windows\System\CdSGJEz.exe
  2⤵
  PID:8212
- C:\Windows\System\byaJyBJ.exe
  C:\Windows\System\byaJyBJ.exe
  2⤵
  PID:8416
- C:\Windows\System\VywHWrP.exe
  C:\Windows\System\VywHWrP.exe
  2⤵
  PID:7268
- C:\Windows\System\uKBOczg.exe
  C:\Windows\System\uKBOczg.exe
  2⤵
  PID:8264
- C:\Windows\System\yNKvqDR.exe
  C:\Windows\System\yNKvqDR.exe
  2⤵
  PID:9012
- C:\Windows\System\luSYaAy.exe
  C:\Windows\System\luSYaAy.exe
  2⤵
  PID:8528
- C:\Windows\System\pkQSnCq.exe
  C:\Windows\System\pkQSnCq.exe
  2⤵
  PID:9040
- C:\Windows\System\cUkoAtl.exe
  C:\Windows\System\cUkoAtl.exe
  2⤵
  PID:9108
- C:\Windows\System\RFoBqfN.exe
  C:\Windows\System\RFoBqfN.exe
  2⤵
  PID:9168
- C:\Windows\System\oxtFspK.exe
  C:\Windows\System\oxtFspK.exe
  2⤵
  PID:9208
- C:\Windows\System\lLpEcVA.exe
  C:\Windows\System\lLpEcVA.exe
  2⤵
  PID:7296
- C:\Windows\System\jObwWUl.exe
  C:\Windows\System\jObwWUl.exe
  2⤵
  PID:8400
- C:\Windows\System\rUiBGjL.exe
  C:\Windows\System\rUiBGjL.exe
  2⤵
  PID:7992
- C:\Windows\System\qAJLnjT.exe
  C:\Windows\System\qAJLnjT.exe
  2⤵
  PID:8476
- C:\Windows\System\iGshizt.exe
  C:\Windows\System\iGshizt.exe
  2⤵
  PID:8524
- C:\Windows\System\WIlGnvx.exe
  C:\Windows\System\WIlGnvx.exe
  2⤵
  PID:8604
- C:\Windows\System\AfNEYWF.exe
  C:\Windows\System\AfNEYWF.exe
  2⤵
  PID:8712
- C:\Windows\System\mqHXPcs.exe
  C:\Windows\System\mqHXPcs.exe
  2⤵
  PID:8612
- C:\Windows\System\gdozUjq.exe
  C:\Windows\System\gdozUjq.exe
  2⤵
  PID:8588
- C:\Windows\System\qIvIgrB.exe
  C:\Windows\System\qIvIgrB.exe
  2⤵
  PID:8640
- C:\Windows\System\rzxIfVz.exe
  C:\Windows\System\rzxIfVz.exe
  2⤵
  PID:8864
- C:\Windows\System\kNRMBCB.exe
  C:\Windows\System\kNRMBCB.exe
  2⤵
  PID:8876
- C:\Windows\System\DjRhmwF.exe
  C:\Windows\System\DjRhmwF.exe
  2⤵
  PID:8996
- C:\Windows\System\EIAJPBs.exe
  C:\Windows\System\EIAJPBs.exe
  2⤵
  PID:8912
- C:\Windows\System\CODOtVX.exe
  C:\Windows\System\CODOtVX.exe
  2⤵
  PID:9088
- C:\Windows\System\PqAHWgX.exe
  C:\Windows\System\PqAHWgX.exe
  2⤵
  PID:8228
- C:\Windows\System\GGmMKhC.exe
  C:\Windows\System\GGmMKhC.exe
  2⤵
  PID:8148
- C:\Windows\System\iUarHEk.exe
  C:\Windows\System\iUarHEk.exe
  2⤵
  PID:8340
- C:\Windows\System\idOGanL.exe
  C:\Windows\System\idOGanL.exe
  2⤵
  PID:8276
- C:\Windows\System\zIOCtvj.exe
  C:\Windows\System\zIOCtvj.exe
  2⤵
  PID:8516
- C:\Windows\System\rrGRCmO.exe
  C:\Windows\System\rrGRCmO.exe
  2⤵
  PID:7332
- C:\Windows\System\obZCjZO.exe
  C:\Windows\System\obZCjZO.exe
  2⤵
  PID:9072
- C:\Windows\System\AfskMTY.exe
  C:\Windows\System\AfskMTY.exe
  2⤵
  PID:8372
- C:\Windows\System\TlvyQFI.exe
  C:\Windows\System\TlvyQFI.exe
  2⤵
  PID:8652
- C:\Windows\System\xdbcndQ.exe
  C:\Windows\System\xdbcndQ.exe
  2⤵
  PID:8684
- C:\Windows\System\UsyJGHc.exe
  C:\Windows\System\UsyJGHc.exe
  2⤵
  PID:9192
- C:\Windows\System\YnKEZcO.exe
  C:\Windows\System\YnKEZcO.exe
  2⤵
  PID:8388
- C:\Windows\System\qhAhjAI.exe
  C:\Windows\System\qhAhjAI.exe
  2⤵
  PID:7792
- C:\Windows\System\cUioaia.exe
  C:\Windows\System\cUioaia.exe
  2⤵
  PID:7448
- C:\Windows\System\atTRJjo.exe
  C:\Windows\System\atTRJjo.exe
  2⤵
  PID:8732
- C:\Windows\System\WGtjink.exe
  C:\Windows\System\WGtjink.exe
  2⤵
  PID:8976
- C:\Windows\System\ODqEPBx.exe
  C:\Windows\System\ODqEPBx.exe
  2⤵
  PID:9152
- C:\Windows\System\FZOFbxu.exe
  C:\Windows\System\FZOFbxu.exe
  2⤵
  PID:8336
- C:\Windows\System\ouGSkuR.exe
  C:\Windows\System\ouGSkuR.exe
  2⤵
  PID:8856
- C:\Windows\System\ikEWxrS.exe
  C:\Windows\System\ikEWxrS.exe
  2⤵
  PID:8216
- C:\Windows\System\nvTqCWE.exe
  C:\Windows\System\nvTqCWE.exe
  2⤵
  PID:9204
- C:\Windows\System\OARxyDG.exe
  C:\Windows\System\OARxyDG.exe
  2⤵
  PID:9228
- C:\Windows\System\zmWeeqv.exe
  C:\Windows\System\zmWeeqv.exe
  2⤵
  PID:9244
- C:\Windows\System\mSCZCAO.exe
  C:\Windows\System\mSCZCAO.exe
  2⤵
  PID:9264
- C:\Windows\System\QlsRsqv.exe
  C:\Windows\System\QlsRsqv.exe
  2⤵
  PID:9280
- C:\Windows\System\QoyrFgf.exe
  C:\Windows\System\QoyrFgf.exe
  2⤵
  PID:9296
- C:\Windows\System\CyFRuxS.exe
  C:\Windows\System\CyFRuxS.exe
  2⤵
  PID:9316
- C:\Windows\System\eJSdFvy.exe
  C:\Windows\System\eJSdFvy.exe
  2⤵
  PID:9372
- C:\Windows\System\ODOvOvM.exe
  C:\Windows\System\ODOvOvM.exe
  2⤵
  PID:9388
- C:\Windows\System\VcHGXLv.exe
  C:\Windows\System\VcHGXLv.exe
  2⤵
  PID:9412
- C:\Windows\System\zAhqYTK.exe
  C:\Windows\System\zAhqYTK.exe
  2⤵
  PID:9444
- C:\Windows\System\EblzFUM.exe
  C:\Windows\System\EblzFUM.exe
  2⤵
  PID:9460
- C:\Windows\System\QXFFNFH.exe
  C:\Windows\System\QXFFNFH.exe
  2⤵
  PID:9480
- C:\Windows\System\OnHqxfM.exe
  C:\Windows\System\OnHqxfM.exe
  2⤵
  PID:9496
- C:\Windows\System\kRdMaRt.exe
  C:\Windows\System\kRdMaRt.exe
  2⤵
  PID:9512
- C:\Windows\System\gOVVcmg.exe
  C:\Windows\System\gOVVcmg.exe
  2⤵
  PID:9528
- C:\Windows\System\jSCTmQY.exe
  C:\Windows\System\jSCTmQY.exe
  2⤵
  PID:9544
- C:\Windows\System\pPnknhT.exe
  C:\Windows\System\pPnknhT.exe
  2⤵
  PID:9560
- C:\Windows\System\nPOEHsB.exe
  C:\Windows\System\nPOEHsB.exe
  2⤵
  PID:9576
- C:\Windows\System\paTKZyM.exe
  C:\Windows\System\paTKZyM.exe
  2⤵
  PID:9592
- C:\Windows\System\tJdVkeB.exe
  C:\Windows\System\tJdVkeB.exe
  2⤵
  PID:9608
- C:\Windows\System\dmIkYqt.exe
  C:\Windows\System\dmIkYqt.exe
  2⤵
  PID:9624
- C:\Windows\System\kRAcoCK.exe
  C:\Windows\System\kRAcoCK.exe
  2⤵
  PID:9640
- C:\Windows\System\OTHshfP.exe
  C:\Windows\System\OTHshfP.exe
  2⤵
  PID:9656
- C:\Windows\System\mbViJAh.exe
  C:\Windows\System\mbViJAh.exe
  2⤵
  PID:9672
- C:\Windows\System\nCinvxE.exe
  C:\Windows\System\nCinvxE.exe
  2⤵
  PID:9688
- C:\Windows\System\xWpbVFZ.exe
  C:\Windows\System\xWpbVFZ.exe
  2⤵
  PID:9704
- C:\Windows\System\dSXCuru.exe
  C:\Windows\System\dSXCuru.exe
  2⤵
  PID:9720
- C:\Windows\System\HzEuNLn.exe
  C:\Windows\System\HzEuNLn.exe
  2⤵
  PID:9736
- C:\Windows\System\bWUBHli.exe
  C:\Windows\System\bWUBHli.exe
  2⤵
  PID:9752
- C:\Windows\System\nARSyRf.exe
  C:\Windows\System\nARSyRf.exe
  2⤵
  PID:9768
- C:\Windows\System\HBmiFEd.exe
  C:\Windows\System\HBmiFEd.exe
  2⤵
  PID:9784
- C:\Windows\System\QdCGmZR.exe
  C:\Windows\System\QdCGmZR.exe
  2⤵
  PID:9800
- C:\Windows\System\IySwxvN.exe
  C:\Windows\System\IySwxvN.exe
  2⤵
  PID:9820
- C:\Windows\System\fzhlvEw.exe
  C:\Windows\System\fzhlvEw.exe
  2⤵
  PID:9844
- C:\Windows\System\hXygMEl.exe
  C:\Windows\System\hXygMEl.exe
  2⤵
  PID:9860
- C:\Windows\System\PQsyDsQ.exe
  C:\Windows\System\PQsyDsQ.exe
  2⤵
  PID:9876
- C:\Windows\System\vnMEfBv.exe
  C:\Windows\System\vnMEfBv.exe
  2⤵
  PID:9892
- C:\Windows\System\BJtQXBA.exe
  C:\Windows\System\BJtQXBA.exe
  2⤵
  PID:9908
- C:\Windows\System\lDKLHOI.exe
  C:\Windows\System\lDKLHOI.exe
  2⤵
  PID:9924
- C:\Windows\System\fydbFBL.exe
  C:\Windows\System\fydbFBL.exe
  2⤵
  PID:9940
- C:\Windows\System\aVboFjh.exe
  C:\Windows\System\aVboFjh.exe
  2⤵
  PID:9956
- C:\Windows\System\gNygaar.exe
  C:\Windows\System\gNygaar.exe
  2⤵
  PID:9972
- C:\Windows\System\rxNuIwS.exe
  C:\Windows\System\rxNuIwS.exe
  2⤵
  PID:9996
- C:\Windows\System\mzywrGU.exe
  C:\Windows\System\mzywrGU.exe
  2⤵
  PID:10012
- C:\Windows\System\blqCXZj.exe
  C:\Windows\System\blqCXZj.exe
  2⤵
  PID:10032
- C:\Windows\System\OySyOGi.exe
  C:\Windows\System\OySyOGi.exe
  2⤵
  PID:10052
- C:\Windows\System\zeGJBYK.exe
  C:\Windows\System\zeGJBYK.exe
  2⤵
  PID:10104
- C:\Windows\System\lCZPWKm.exe
  C:\Windows\System\lCZPWKm.exe
  2⤵
  PID:10128
- C:\Windows\System\LMxqSfU.exe
  C:\Windows\System\LMxqSfU.exe
  2⤵
  PID:10192
- C:\Windows\System\vjKvcEd.exe
  C:\Windows\System\vjKvcEd.exe
  2⤵
  PID:10224
- C:\Windows\System\ZwyxixU.exe
  C:\Windows\System\ZwyxixU.exe
  2⤵
  PID:8572
- C:\Windows\System\OWgOQZN.exe
  C:\Windows\System\OWgOQZN.exe
  2⤵
  PID:9272
- C:\Windows\System\HcdcUNd.exe
  C:\Windows\System\HcdcUNd.exe
  2⤵
  PID:9432
- C:\Windows\System\CpZeOtC.exe
  C:\Windows\System\CpZeOtC.exe
  2⤵
  PID:9424
- C:\Windows\System\HSJDwsj.exe
  C:\Windows\System\HSJDwsj.exe
  2⤵
  PID:9508
- C:\Windows\System\LHSzyOw.exe
  C:\Windows\System\LHSzyOw.exe
  2⤵
  PID:9356
- C:\Windows\System\CUxTvAn.exe
  C:\Windows\System\CUxTvAn.exe
  2⤵
  PID:9396
- C:\Windows\System\kWViEuW.exe
  C:\Windows\System\kWViEuW.exe
  2⤵
  PID:9572
- C:\Windows\System\llskbjW.exe
  C:\Windows\System\llskbjW.exe
  2⤵
  PID:9524
- C:\Windows\System\HtgIwJh.exe
  C:\Windows\System\HtgIwJh.exe
  2⤵
  PID:9588
- C:\Windows\System\zdxSnsR.exe
  C:\Windows\System\zdxSnsR.exe
  2⤵
  PID:9616
- C:\Windows\System\KgytQrC.exe
  C:\Windows\System\KgytQrC.exe
  2⤵
  PID:9680
- C:\Windows\System\CXZotTm.exe
  C:\Windows\System\CXZotTm.exe
  2⤵
  PID:9668
- C:\Windows\System\PLKbLhO.exe
  C:\Windows\System\PLKbLhO.exe
  2⤵
  PID:9728
- C:\Windows\System\ugLTRAR.exe
  C:\Windows\System\ugLTRAR.exe
  2⤵
  PID:9732
- C:\Windows\System\HWtoGBe.exe
  C:\Windows\System\HWtoGBe.exe
  2⤵
  PID:9796
- C:\Windows\System\cVYWJxJ.exe
  C:\Windows\System\cVYWJxJ.exe
  2⤵
  PID:9852
- C:\Windows\System\DFrxhyV.exe
  C:\Windows\System\DFrxhyV.exe
  2⤵
  PID:9884
- C:\Windows\System\AKAfyqS.exe
  C:\Windows\System\AKAfyqS.exe
  2⤵
  PID:9932
- C:\Windows\System\JlvJGVa.exe
  C:\Windows\System\JlvJGVa.exe
  2⤵
  PID:9964
- C:\Windows\System\SdKmdNX.exe
  C:\Windows\System\SdKmdNX.exe
  2⤵
  PID:9968
- C:\Windows\System\hRWxidL.exe
  C:\Windows\System\hRWxidL.exe
  2⤵
  PID:10008
- C:\Windows\System\IcXtsCO.exe
  C:\Windows\System\IcXtsCO.exe
  2⤵
  PID:10028
- C:\Windows\System\ELAGIMT.exe
  C:\Windows\System\ELAGIMT.exe
  2⤵
  PID:10060
- C:\Windows\System\pUzLFBc.exe
  C:\Windows\System\pUzLFBc.exe
  2⤵
  PID:10092
- C:\Windows\System\aMmxoUE.exe
  C:\Windows\System\aMmxoUE.exe
  2⤵
  PID:10084
- C:\Windows\System\HnzxOSq.exe
  C:\Windows\System\HnzxOSq.exe
  2⤵
  PID:10156
- C:\Windows\System\ePzBIrH.exe
  C:\Windows\System\ePzBIrH.exe
  2⤵
  PID:10144
- C:\Windows\System\miyJUbm.exe
  C:\Windows\System\miyJUbm.exe
  2⤵
  PID:10208
- C:\Windows\System\PszCaft.exe
  C:\Windows\System\PszCaft.exe
  2⤵
  PID:9240
- C:\Windows\System\kEQMush.exe
  C:\Windows\System\kEQMush.exe
  2⤵
  PID:9220
- C:\Windows\System\dvNAAdX.exe
  C:\Windows\System\dvNAAdX.exe
  2⤵
  PID:9256
- C:\Windows\System\jtbJSdA.exe
  C:\Windows\System\jtbJSdA.exe
  2⤵
  PID:9312
- C:\Windows\System\dUPKwiB.exe
  C:\Windows\System\dUPKwiB.exe
  2⤵
  PID:9328
- C:\Windows\System\xoICPet.exe
  C:\Windows\System\xoICPet.exe
  2⤵
  PID:9504
- C:\Windows\System\CzvJQCe.exe
  C:\Windows\System\CzvJQCe.exe
  2⤵
  PID:9476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkiEwoo.exe

Filesize
6.0MB

MD5
e3aa69bf86d6a810234837d9770b0f77

SHA1
54fd42cadd0e3fedb615d30ea53839b98cf7ecb4

SHA256
534df011a0f42656c5751e444faf6f27048e1649f0ed6e6202da1aec43ef291c

SHA512
7b697977569811a21e1d8c8881f5dba43b700fb7d6c97d7b1552f19cd3a8c670a73261ea74f30858d17105e7dd034dbef6ea5f615ca428ae6c3b63bdbac6f27e

Download Submit
C:\Windows\system\Ambiqpc.exe

Filesize
6.0MB

MD5
03b1c336647fea0f86aa71c21377dbb3

SHA1
bcb6ecbcfa93c7f4eb735eac5275c679ae423bcc

SHA256
3f9a488cfd420a32aed45a5c5e414551a400b849011cb441d6fcb5e1db9b6059

SHA512
2e6a64e47d8fb4e1ff542b67ef0825836328a2932fd894f5b1616cc46174b3bd9a7173a76eb638d474aa2b07cd9e54e1c670ece66fba246a30531cd356830827

Download Submit
C:\Windows\system\BFYyYbN.exe

Filesize
6.0MB

MD5
93d862d31ab96e8abb2735ca83c34a2a

SHA1
242330838898615558744e19f3b4e467f1a3c632

SHA256
284417ea02dd8cb59b5ac23b0bb7e98be934d6e0f423ccaa3d3f9523c9ca7858

SHA512
9f25a21187da319eb30d55407fc53c9061b95f6f787e14f2be69843eb44dc8ce6fcf234d1b17fbac043391af0c4a9eedd175b80c5ce7588091544824a1bbae40

Download Submit
C:\Windows\system\BsoxZcm.exe

Filesize
6.0MB

MD5
6d1983fb6612ee564448cc8abac4e763

SHA1
a82c37b589370c7cefb6dbe716cfde039c5ec962

SHA256
fc1642c834f96992530737b1ffc9043149c0ab76beb96ca3c5a0dbb2a9042409

SHA512
385c5b37452de142089b516b4cb835aa4fc5ae7a1284ffad958e30c1dd5a195e57dc029998ceaf1803cde0428b07d0feb3475c2baf58b4b5041103a45e5c5ddb

Download Submit
C:\Windows\system\EjcNGTJ.exe

Filesize
6.0MB

MD5
e212dc6e31ffaa41f9df1b118d5b5777

SHA1
ad8ba68a534716e0f989563b1d1204ad5a67941d

SHA256
b7343f01a3a1a3ac6b3830626477c2ded0cb97bc10686707f0d089c25488b475

SHA512
31e0a64df4641bdbceabd1238a0bb7bf859420fc13782ee8ec6b4f63947a47595a0a71582dfb18f39142639df0ca9e93c026a63021d21ae130a5c821d6f8d992

Download Submit
C:\Windows\system\EyArvPK.exe

Filesize
6.0MB

MD5
1c6109a6a3ccaaf3008eb89fe7400400

SHA1
96caba96260fc0988e56bfc52447a55b5a3a9e70

SHA256
c93070f12a9d6d91bb7c254a79a9b7365c396ff500b9fcf6c521102b7dcc951e

SHA512
c143600d869ec7bb1abb54c904d028274940ea3291c68c3390375a9bdbaa4b2dd5e1e39d996ec18abb4241ac9f41812541547de22103342b65007fcdf47ed2bc

Download Submit
C:\Windows\system\GmsDFNo.exe

Filesize
6.0MB

MD5
3ab2c8292f2b0cded9cec57437401726

SHA1
383978a58823e7f8635cd7982f7abdb383c7931e

SHA256
b94bb975273a2ac8c4e09b027c20b4610d46e4a2d49980b763422baba36ac338

SHA512
5193e3d3b7eb8f80b5395541a3d812dbf2eb48efafb7be564148021161f49a1563f386f0673caba31b846d51a772333e5156f7cc69813ea5f69e3d87eaf6dd6b

Download Submit
C:\Windows\system\LVSSMbX.exe

Filesize
6.0MB

MD5
a91ab1c75db467fba2b2c7c4f15b391d

SHA1
e6a6b3888bc1465c89ddf818cf1de28b37d1097c

SHA256
69ae3968c22cd11f4d6efc15f6f3fd65c304b0ced7673869f775861a11f67ee8

SHA512
3df9561953b7950b9b757f1ab1b5939a2b5775be482ce421d4c8e82ed4de263411570f59d412624062e0f92a797ae88489425e4842afecfab8d5e81adc96e965

Download Submit
C:\Windows\system\PAywAtz.exe

Filesize
6.0MB

MD5
46535755c41e35f6951ea248777dd980

SHA1
2b8c90602e4baa40ef3bbe689d4c277b75b4b15c

SHA256
480f773f44dbf0ece1f81c5dba8747ff8b2023c2e26d35ab24ee53a8b62083c7

SHA512
208efdb3fb95bf341c9382cfd5cf2496d34aa8cb4e0e7c0012dda4911560c5d23de80942345dd9b6a70582695b619e65a09cf8c515199800c5edfbdc93e35688

Download Submit
C:\Windows\system\QaIPRFx.exe

Filesize
6.0MB

MD5
c8b795a967e94ffc830e81161ff02ed4

SHA1
baad95a1926dafe3891fe91fe251ba1f7b6eea57

SHA256
adb462a7c278f9655ae99e928eaf77e8bedec262b935ba3496d525ff63a7a4d7

SHA512
882ac07b0545c0f20ead18a3d682df3dba8d1c136412d7206c58e644864d8eb95cc3e12d46db27f35a3eb47779fd103494da459674f7762cb5ad450b1e360c36

Download Submit
C:\Windows\system\RTfnsnd.exe

Filesize
6.0MB

MD5
54b559a11c78d64059c9d3bf6dcd586c

SHA1
3c7acdf965b88e6cff442e9e00acf61d3ac2894e

SHA256
2c910568c9896fbd0721fc471c785e880644212a650f4c245b82ab2a144bdb60

SHA512
db7df46413bda3c76a70c61daf0c41f0bfc39c06ca9f8e0855d4245da865ce5d53bd3da0f9888353325f2838821efb82a78f3036e775f11e4e9897f432025292

Download Submit
C:\Windows\system\SgjucYk.exe

Filesize
6.0MB

MD5
321c845e465f35fc898917fb5547a01f

SHA1
c158dce03ec04ae9808b4af088f399a2eb459cc0

SHA256
538cecfa680e218e6d40eb58bd1d3f8f70521ff3e23a0898116d2b754f22cd44

SHA512
6664763a6e8da5e9bcb38b17b337568dfd1c8b16bc3b966ccb9e873f9553774fceb7ee682f7034bc063393f54a01d1dfdb976091a79ffb479362fdb654748a90

Download Submit
C:\Windows\system\SlJiEsy.exe

Filesize
6.0MB

MD5
b6168baeb5c501f018d05bc0959ddb9a

SHA1
f0bddb394d19bd72cbe07a2deee90deeda09e483

SHA256
335d34a283f6e752e9596832c669d1a462bf9381f33a4ec17e95b036883ddffd

SHA512
84caff8b072474dc0f8e6e8d66fb2ccb838406dafa079cd3f05bda6222fb9ef47331845c0c1a8271c93bdfba6b22dac54c79b1def8fe61ce0472aa89f467bf67

Download Submit
C:\Windows\system\XAnbCAD.exe

Filesize
6.0MB

MD5
035a6abe3f49f72a2a973e8343d3e281

SHA1
8ce1a1ea432129730de5d6baaa1a8f92fcdb8643

SHA256
0c9df7ee48b6806312302818aa3e4efa0be1c7537707a7dc7b11672fc65c5221

SHA512
0c12f4cd9d483bf6f521a828e4562a8920e62dabaf3e222a609a52ec2b0237417df6909504dc0195026ac14ab7872df6a4af40d7e1cfba035e382cbaedc69211

Download Submit
C:\Windows\system\XcYaASF.exe

Filesize
6.0MB

MD5
1901a8e6594b7f5187a4a96458c6e289

SHA1
cf49c2cf16ee6022c69301826544b566eb038423

SHA256
db9c6cb507c7e58e19bac6d0733f29b804c7df8fc96fd2d56204b17dd212de1c

SHA512
89dda3bd6a22fc7554abd1432c279bbbbe051b284fc7ed136b3b3fd51dd3696dbfeb35e1acee160897eb306cd499af40eba8edf7d170b80e97181ef07b5352d2

Download Submit
C:\Windows\system\cwUAbGa.exe

Filesize
6.0MB

MD5
679eedfe0f3611b51cada9c22b8c6a74

SHA1
661384a143d0d6af7116bc566d558939562e16d3

SHA256
e90d5a7b0be4a3070d287c9757fb6846025c54bd1b4de62538ccd7615271857c

SHA512
f8b9061600e9dfc59166bcd941692b47ea776d184e2da6db1f1309734392a90228774ffb7f08e5b189e39eff92e23903326bd55cd6964ca4548ab571b2e0bdb1

Download Submit
C:\Windows\system\eFsZCvH.exe

Filesize
6.0MB

MD5
7afd2d23b4ed68249d3121179b7cf704

SHA1
f42055ed72ccd34093cb75c7ae91ee07ca542934

SHA256
0ea7d2365ccda2f03b9678036c73cc06e505056b1f1051859df951fbe053c46e

SHA512
538d4d0e0130cb31311568b42b0ee9d37c051545a80d8b493845287fd33c41a63370e7351c7934c0c68d639e808c4c23c1a145d6a45924399f83da74ee065ac3

Download Submit
C:\Windows\system\gKoMDco.exe

Filesize
6.0MB

MD5
35ddcde4c1e01c49d73ed6237aac3c52

SHA1
c1c0aead8e8e5feee3f04bca689428f67251035b

SHA256
f0795156a8118ea274295f8b26ee29f21aca5449b7186b35514cdbbe4dfd07c7

SHA512
32585b7a94d2f7ab2c949052e04b108dd1429b20bb24ca74966124aeb990f9cd73f9c2930877202187d0216837fbb5aaa1530952cdcb10ecf2e5b8abbca9593a

Download Submit
C:\Windows\system\hwdjCMH.exe

Filesize
6.0MB

MD5
bfc60554dfa477d7d1cc458e2666703f

SHA1
27508ae1e7cb0c75ab3e4e7ab03c516b462f8273

SHA256
96c8e39beee0134152f97235db95040d7e70be91b00ca17c2f55ea3a7ae5a63e

SHA512
047293065e3204e83138715e2efff53cc7f6419a461bd447c21084b6c7bbc0ab7a29e89ab13c1159d562c88edacc22f8ddcc458033775f491c96bfc18f0d11a5

Download Submit
C:\Windows\system\jytrLno.exe

Filesize
6.0MB

MD5
10046b8db56375fe2317cde9cb9da391

SHA1
1ea973aa1ea1cc0cf61c0d4c01cb2505d1847789

SHA256
905027443fab0bd61c940e0a611402c88b21a0c728fbdff87d2a5347f51b3d5e

SHA512
520200cb12333c324f3be222e0f076bf0b930b6e3715bfe27ac20f4cfc1b0d538bb247023d0383847dbdad17381bb2abc92a11126fa16e4e5294caccc49d2c67

Download Submit
C:\Windows\system\kpFZxGo.exe

Filesize
6.0MB

MD5
34bdfa61177baf5cd9f2c7db5a6d0a42

SHA1
2dd574c04a7dca29658fb9f7ec8c4e7c01862267

SHA256
5216874d46a1f79cf13b7e7a44102223b175be87e64510678f34bbf53da0ab13

SHA512
b32e93e3c908014c35fbbadd3e4d2d70c8a46dae14124d92495398014cd2111b7332a02f26686165f1ad47f70d56d8a970287319389a109af79292160a7b41a4

Download Submit
C:\Windows\system\nvJMBEb.exe

Filesize
6.0MB

MD5
5e5cc375277005c0466772e56d4156bd

SHA1
aacb1257ededed90e8f63ecab6cac7267ebbc6ed

SHA256
5323f65a8cc0d8ebc2a68ba461f423f29b96470db94024b4be70723716283555

SHA512
87ec157c2d8a18fcb43eaeb0d6c83744144d7681b24e59128d61690ca60f9a5e71ed6d77e88f8a32156d2f4e715aa3dcef2e8ea03389a910bd56745e3b41a5fe

Download Submit
C:\Windows\system\rVJTsnx.exe

Filesize
6.0MB

MD5
4d644e2450450a1f9b36bcaab4a45968

SHA1
c6b17122ec12d6a0c54a3cd0f655b843a84d7742

SHA256
cdfd5e4e4281ca52ccab2b7f1f32e2c6f280165f5c7929e114e9aa3331f39d5a

SHA512
0123cfbe084e9d635e2940aeb1872c58ff50ade7aefa26d09b2cffce9613ad026289b088d0aa7ac9732d3349024d70a6188c1695b1ca060dbba43ff6485b1585

Download Submit
C:\Windows\system\sZkMLZv.exe

Filesize
6.0MB

MD5
10b8f977d61c3c76f8f227eea969d762

SHA1
737122f182af04c905b723ed32f02556ecce2d7e

SHA256
166e3ea42d9ebee49ce51dc0fecd226f2cb5354c789655c7f2ecb9d162f987c9

SHA512
30956223d0d590c040846d77b7bcd4e61f6ca326978d7cb13629edd1d62066d63de46e3582375959bc01fdccb5531eebbb1fe8e5fe19993757e92cffcfdc2621

Download Submit
C:\Windows\system\tdGZMCz.exe

Filesize
6.0MB

MD5
c621ae975da7b55137cfaa8065ca470d

SHA1
8fe5e8f592d4320383994cac1e4a0f59799d003a

SHA256
5030971e5fab45e2fd7d8d0107f971a9d4374e55df6672fc0111a041cc227ba5

SHA512
9fa1d6c1b71e82e24a5a251e03e5ce9882f20159e7ec3c2c4b5b8b4734c9adaf2031071485ad66c73248061572d1f51e362dab064cba128ec5825cd938672400

Download Submit
C:\Windows\system\tiyzzcd.exe

Filesize
6.0MB

MD5
4053e8d1aafde819bc7c8c18f39d8610

SHA1
88245f3c1f6ea7de378674432d638f99ee8f1837

SHA256
5643139f62dd0a034ac25aab76996271c3126dfdb29ae08a325b7fc35de3ab38

SHA512
84b3fc6003d31d2dc199fc83d30a53e832ade4d6f9cfe4b79c337b10059bda84c4e21485535c16f90a38b8f54a51f6f5c7c72b0f5fc1eb858f8177509fcb2825

Download Submit
C:\Windows\system\ugSNOsc.exe

Filesize
6.0MB

MD5
758de8cfab1bf165af999cafecdd1535

SHA1
22d3e1d42cf88860d8dc2a6670436c4787ad693d

SHA256
481dad07440e28340fd6f375874a52e5001f743a8ad9c30e64fd488d36a48acb

SHA512
5e861a51afb6ce9c964a5688b0d0d754e12facb96a2533bdf0717c40d9d5b443ede2c9182fffb0f452fe39bf2ab01d24b05cef2dc05d350199039f7a69d1b3f3

Download Submit
C:\Windows\system\wBKzhzP.exe

Filesize
6.0MB

MD5
3ed1fc2f1c2f91a0f10542b2e25d23f1

SHA1
b08ecdfb0a7f881b7b1e52106bf76f2dfecca3f1

SHA256
b6e6247266621d33c88c41760535a4b8babde6aa0595660bf9b62734ac30cd7c

SHA512
9384053fcba280764b02f22c82a00408a32a187bf535625708db77f2c843b78ae822b0b18f4a94d32f34affecff5bc43f82da3b8e510e3f247f837de922a71cc

Download Submit
C:\Windows\system\xAjDWfg.exe

Filesize
6.0MB

MD5
abce1bf8dfb69c1327067908a62a5c98

SHA1
2fc6af19d9ea80e31f532195e9df0499f4443bde

SHA256
17d878d51162fed1891eddb32e7050497c4c32c4412433d55f7795486c7d8f7c

SHA512
aca0117ae99b56f0271f130634bd565b10241f29a7511fadc445bf2e581fe1ffde12fba99cb856e0da4a339361a944e2d479a5de635912f7f44598402c29817b

Download Submit
\Windows\system\BuSyVsD.exe

Filesize
6.0MB

MD5
d4e234a0a47df8c57f0d580daef93080

SHA1
749fe3c4a9b50ddcbaccd62949387276e0485da1

SHA256
b67dc1cb8b44421dbc52fc87cee009ff3d9f2bec24a14f4b6549d0ab60a80328

SHA512
aaa2ea81776256f3d3b1b19fe7a9f158fbd94811b10973154aef4254744a3453f59b132e0405bef486e2d9afbac30f3e560db88935056a09a620a9016b2aed14

Download Submit
\Windows\system\LGqBAqw.exe

Filesize
6.0MB

MD5
203a109aa3aaab48a0a944533afccb96

SHA1
b9817c26b36b56b512f6c1429894ac63e2ec75f9

SHA256
a5877e08f4313d33f7eb9a1687bb2954d980e494dcb28bfa577ffa6ecd2a2b77

SHA512
c833e66edbb3b4507fe2a08d302510a3d31531f7c184c26a87469d22193b9199d4e881fafbb718f08ae4fd3ab4328a6ccd9794609fc9b5f07f2966ea93f2f045

Download Submit
\Windows\system\dsJmPnm.exe

Filesize
6.0MB

MD5
548b89f5636c2c74ccd542b67a025c69

SHA1
843326f1bb7efac6cdc3d3155ab873f076586549

SHA256
fdc226155a28ec8d74275aa01488a1c6509764376bcfbae564c7dab046bdbb19

SHA512
b205a9fbe87c0e235a35fafb2e8da65eabc9aa81b51e95d0a087527b4b08ec6e1df500c93e8c2938274a54baff8db973e0ab4abcc960744c8194ce84fd9c72e1

Download Submit
memory/1788-1328-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1788-3309-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1788-97-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3214-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-80-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3169-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-15-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1663-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-74-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2520-106-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-96-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2520-208-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-12-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-83-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2520-29-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2520-19-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-0-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1327-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2520-78-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2520-62-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-43-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2520-49-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2520-55-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-70-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-722-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2548-84-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3270-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2652-81-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3258-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-71-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3213-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2692-105-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2692-59-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3212-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3246-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1054-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-90-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3177-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-14-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-35-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3199-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3172-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2796-54-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3205-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-77-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3196-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2876-73-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3171-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-21-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-95-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download