cobaltstrike | d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
Size

6.0MB
MD5

b7b3fb777eadbf3cedbbab38fa9bf0a3
SHA1

657ebdf4c70173cfcc89ef2529a885d6295b344f
SHA256

d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022
SHA512

05e38f96066cb0f395e987dfa5cbdfdd6622af43ed51bf01cc31bb0d9409cdeef041b3d8f451896b9988ce28409b3ac6fd55bee577b3a7bb4302abefc73483cf
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUq:eOl56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c6-18.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019659-37.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-58.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001941b-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e6-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2124-0-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00090000000120fe-3.dat	xmrig
behavioral1/files/0x0007000000019490-11.dat	xmrig
behavioral1/files/0x000700000001949d-12.dat	xmrig
behavioral1/files/0x00070000000194c6-18.dat	xmrig
behavioral1/files/0x00060000000194da-26.dat	xmrig
behavioral1/files/0x00060000000194e4-29.dat	xmrig
behavioral1/files/0x0007000000019659-37.dat	xmrig
behavioral1/files/0x000500000001a494-42.dat	xmrig
behavioral1/files/0x000500000001a495-45.dat	xmrig
behavioral1/files/0x000500000001a4ad-58.dat	xmrig
behavioral1/files/0x003000000001941b-88.dat	xmrig
behavioral1/files/0x000500000001a4b9-101.dat	xmrig
behavioral1/files/0x000500000001a4cd-144.dat	xmrig
behavioral1/memory/2724-522-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2124-557-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2660-559-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2708-503-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/852-492-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2124-947-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2124-1416-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2124-1153-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/3032-482-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1332-476-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1524-556-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2124-555-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2100-554-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2488-552-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2664-511-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d1-151.dat	xmrig
behavioral1/files/0x000500000001a4cf-147.dat	xmrig
behavioral1/files/0x000500000001a4cb-139.dat	xmrig
behavioral1/files/0x000500000001a4c9-136.dat	xmrig
behavioral1/files/0x000500000001a4c5-128.dat	xmrig
behavioral1/files/0x000500000001a4c7-131.dat	xmrig
behavioral1/files/0x000500000001a4c3-123.dat	xmrig
behavioral1/files/0x000500000001a4c1-120.dat	xmrig
behavioral1/files/0x000500000001a4bf-115.dat	xmrig
behavioral1/files/0x000500000001a4bd-112.dat	xmrig
behavioral1/files/0x000500000001a4bb-106.dat	xmrig
behavioral1/files/0x000500000001a4b7-99.dat	xmrig
behavioral1/files/0x000500000001a4b5-96.dat	xmrig
behavioral1/files/0x000500000001a4b3-91.dat	xmrig
behavioral1/files/0x000500000001a4b1-84.dat	xmrig
behavioral1/memory/2888-80-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2124-78-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2896-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2912-75-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2796-74-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-61.dat	xmrig
behavioral1/files/0x000500000001a4ab-53.dat	xmrig
behavioral1/files/0x000500000001a4a5-49.dat	xmrig
behavioral1/files/0x00060000000194e6-34.dat	xmrig
behavioral1/memory/3032-3585-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1524-3612-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/852-3634-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2488-3630-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2912-3618-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1332-3611-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2796-3594-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2664-3593-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2724-3590-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2896-3589-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2100-3588-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	VByfJbs.exe
2912	VQaCtoN.exe
2896	cyByOyG.exe
2660	PZPmiXv.exe
2888	xDOcfDd.exe
1332	qtwlNnK.exe
3032	VAuwXPQ.exe
852	soYInQR.exe
2708	pSuTukF.exe
2664	DBSUVxP.exe
2724	fhPQlFO.exe
2488	tNbGAlJ.exe
2100	iILqAsl.exe
1524	vwCmFAx.exe
1384	AzOdjtf.exe
2868	pgWgMgT.exe
2832	NwcEBgI.exe
280	LvkBoXm.exe
2072	fxsvzTW.exe
2996	macWtfG.exe
1792	bJQxMlA.exe
3048	CeSyAYe.exe
324	GJSYQcO.exe
684	JisyUuk.exe
484	WwtmrWW.exe
868	exAmuIO.exe
1764	LpEQuXj.exe
2112	YmcaSrL.exe
2224	TANPbKO.exe
2408	YAXLFOk.exe
1588	wnHAuWt.exe
2464	PKsWcGK.exe
2384	uueHPFb.exe
2456	sSFQsyq.exe
1676	CMpABqk.exe
1352	XToJqhj.exe
736	IUdVCtK.exe
2432	yZwYUYg.exe
904	NAWGDvq.exe
2964	wdbeREp.exe
2296	HboWsqy.exe
1740	qbCiqDk.exe
824	nSUyHAQ.exe
2012	YPiadSy.exe
1856	khUlOHS.exe
1672	RNktCoj.exe
3064	DGJxxjA.exe
2304	sEvYCDT.exe
1728	bIgXuLv.exe
884	GurfRAw.exe
2564	dCdCYvN.exe
2568	hnCVsVN.exe
2312	zcYdTLN.exe
756	bCiGbOZ.exe
2204	WdRfyCK.exe
2280	NQgovUo.exe
1304	iDfYogn.exe
2004	ROBCccw.exe
304	nGKNGPh.exe
1268	ROzUksR.exe
2192	IHyOknX.exe
764	fJzjRPI.exe
1916	dxKAYFK.exe
380	rUXcuMM.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00090000000120fe-3.dat	upx
behavioral1/files/0x0007000000019490-11.dat	upx
behavioral1/files/0x000700000001949d-12.dat	upx
behavioral1/files/0x00070000000194c6-18.dat	upx
behavioral1/files/0x00060000000194da-26.dat	upx
behavioral1/files/0x00060000000194e4-29.dat	upx
behavioral1/files/0x0007000000019659-37.dat	upx
behavioral1/files/0x000500000001a494-42.dat	upx
behavioral1/files/0x000500000001a495-45.dat	upx
behavioral1/files/0x000500000001a4ad-58.dat	upx
behavioral1/files/0x003000000001941b-88.dat	upx
behavioral1/files/0x000500000001a4b9-101.dat	upx
behavioral1/files/0x000500000001a4cd-144.dat	upx
behavioral1/memory/2724-522-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2660-559-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2708-503-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/852-492-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2124-947-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/3032-482-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1332-476-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1524-556-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2100-554-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2488-552-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2664-511-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000500000001a4d1-151.dat	upx
behavioral1/files/0x000500000001a4cf-147.dat	upx
behavioral1/files/0x000500000001a4cb-139.dat	upx
behavioral1/files/0x000500000001a4c9-136.dat	upx
behavioral1/files/0x000500000001a4c5-128.dat	upx
behavioral1/files/0x000500000001a4c7-131.dat	upx
behavioral1/files/0x000500000001a4c3-123.dat	upx
behavioral1/files/0x000500000001a4c1-120.dat	upx
behavioral1/files/0x000500000001a4bf-115.dat	upx
behavioral1/files/0x000500000001a4bd-112.dat	upx
behavioral1/files/0x000500000001a4bb-106.dat	upx
behavioral1/files/0x000500000001a4b7-99.dat	upx
behavioral1/files/0x000500000001a4b5-96.dat	upx
behavioral1/files/0x000500000001a4b3-91.dat	upx
behavioral1/files/0x000500000001a4b1-84.dat	upx
behavioral1/memory/2888-80-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2896-77-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2912-75-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2796-74-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-61.dat	upx
behavioral1/files/0x000500000001a4ab-53.dat	upx
behavioral1/files/0x000500000001a4a5-49.dat	upx
behavioral1/files/0x00060000000194e6-34.dat	upx
behavioral1/memory/3032-3585-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1524-3612-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/852-3634-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2488-3630-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2912-3618-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1332-3611-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2796-3594-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2664-3593-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2724-3590-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2896-3589-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2100-3588-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2888-3587-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2660-3575-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2708-3584-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CYWSQZp.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\IesyARF.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\JLqNHlj.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\SrXCEUS.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\pyLjaxV.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\EJIOaif.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\dZgQqvV.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\CYCDIKt.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\FLNZdSk.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\NkXEdws.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\zYKfhrr.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\emXJyVH.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\SXddCEr.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\yzxXcBa.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\tXrTJRb.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\HeYKqAU.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\YECSxqo.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\lYYzkPy.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\tKjTnCb.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\AzOdjtf.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\XEfXPIw.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\MDTqNcn.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\OxiwPve.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\fVtJkFW.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\jruDteF.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\GtGMFfu.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\tMoyVit.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\ggiunad.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\wXipYPJ.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\cqRKIEk.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\mfMvWya.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\wdbeREp.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\xAxlLgo.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\NYoIiJg.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\BPPzJEI.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\LrTFjjX.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\FhuhNKX.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\xvSDGDN.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\qMAnUaq.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\gIXGJgt.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\FofRxfQ.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\uykKzPL.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\exAexWc.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\ZKZYjSV.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\ikxeRan.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\mlSWmeI.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\ZNfmfxo.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\OthAado.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\eNdgsMM.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\TgBIgIz.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\KDHHoBU.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\jVPVkFN.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\xlldcmD.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\Gmnkviq.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\pQUwbFp.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\pxaBDkY.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\GFpSgoW.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\ksPkhsj.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\hUknydY.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\PBRyPvp.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\YjzktkV.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\LNpeOHX.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\AOOfuPD.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
File created	C:\Windows\System\fhPQlFO.exe	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2796	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	31
PID 2124 wrote to memory of 2796	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	31
PID 2124 wrote to memory of 2796	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	31
PID 2124 wrote to memory of 2912	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	32
PID 2124 wrote to memory of 2912	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	32
PID 2124 wrote to memory of 2912	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	32
PID 2124 wrote to memory of 2896	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	33
PID 2124 wrote to memory of 2896	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	33
PID 2124 wrote to memory of 2896	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	33
PID 2124 wrote to memory of 2660	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	34
PID 2124 wrote to memory of 2660	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	34
PID 2124 wrote to memory of 2660	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	34
PID 2124 wrote to memory of 2888	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	35
PID 2124 wrote to memory of 2888	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	35
PID 2124 wrote to memory of 2888	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	35
PID 2124 wrote to memory of 1332	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	36
PID 2124 wrote to memory of 1332	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	36
PID 2124 wrote to memory of 1332	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	36
PID 2124 wrote to memory of 3032	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	37
PID 2124 wrote to memory of 3032	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	37
PID 2124 wrote to memory of 3032	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	37
PID 2124 wrote to memory of 852	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	38
PID 2124 wrote to memory of 852	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	38
PID 2124 wrote to memory of 852	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	38
PID 2124 wrote to memory of 2708	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	39
PID 2124 wrote to memory of 2708	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	39
PID 2124 wrote to memory of 2708	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	39
PID 2124 wrote to memory of 2664	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	40
PID 2124 wrote to memory of 2664	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	40
PID 2124 wrote to memory of 2664	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	40
PID 2124 wrote to memory of 2724	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	41
PID 2124 wrote to memory of 2724	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	41
PID 2124 wrote to memory of 2724	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	41
PID 2124 wrote to memory of 2488	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	42
PID 2124 wrote to memory of 2488	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	42
PID 2124 wrote to memory of 2488	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	42
PID 2124 wrote to memory of 2100	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	43
PID 2124 wrote to memory of 2100	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	43
PID 2124 wrote to memory of 2100	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	43
PID 2124 wrote to memory of 1524	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	44
PID 2124 wrote to memory of 1524	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	44
PID 2124 wrote to memory of 1524	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	44
PID 2124 wrote to memory of 1384	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	45
PID 2124 wrote to memory of 1384	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	45
PID 2124 wrote to memory of 1384	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	45
PID 2124 wrote to memory of 2868	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	46
PID 2124 wrote to memory of 2868	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	46
PID 2124 wrote to memory of 2868	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	46
PID 2124 wrote to memory of 2832	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	47
PID 2124 wrote to memory of 2832	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	47
PID 2124 wrote to memory of 2832	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	47
PID 2124 wrote to memory of 280	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	48
PID 2124 wrote to memory of 280	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	48
PID 2124 wrote to memory of 280	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	48
PID 2124 wrote to memory of 2072	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	49
PID 2124 wrote to memory of 2072	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	49
PID 2124 wrote to memory of 2072	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	49
PID 2124 wrote to memory of 1792	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	50
PID 2124 wrote to memory of 1792	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	50
PID 2124 wrote to memory of 1792	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	50
PID 2124 wrote to memory of 2996	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	51
PID 2124 wrote to memory of 2996	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	51
PID 2124 wrote to memory of 2996	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	51
PID 2124 wrote to memory of 3048	2124	JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d23ecf7ecc6c907423ac2b2c3e7ab87af30269db410edd195edcb70383426022.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System\VByfJbs.exe
  C:\Windows\System\VByfJbs.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\VQaCtoN.exe
  C:\Windows\System\VQaCtoN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\cyByOyG.exe
  C:\Windows\System\cyByOyG.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\PZPmiXv.exe
  C:\Windows\System\PZPmiXv.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\xDOcfDd.exe
  C:\Windows\System\xDOcfDd.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\qtwlNnK.exe
  C:\Windows\System\qtwlNnK.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\VAuwXPQ.exe
  C:\Windows\System\VAuwXPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\soYInQR.exe
  C:\Windows\System\soYInQR.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\pSuTukF.exe
  C:\Windows\System\pSuTukF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\DBSUVxP.exe
  C:\Windows\System\DBSUVxP.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\fhPQlFO.exe
  C:\Windows\System\fhPQlFO.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\tNbGAlJ.exe
  C:\Windows\System\tNbGAlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\iILqAsl.exe
  C:\Windows\System\iILqAsl.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\vwCmFAx.exe
  C:\Windows\System\vwCmFAx.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\AzOdjtf.exe
  C:\Windows\System\AzOdjtf.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\pgWgMgT.exe
  C:\Windows\System\pgWgMgT.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NwcEBgI.exe
  C:\Windows\System\NwcEBgI.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\LvkBoXm.exe
  C:\Windows\System\LvkBoXm.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\fxsvzTW.exe
  C:\Windows\System\fxsvzTW.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\bJQxMlA.exe
  C:\Windows\System\bJQxMlA.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\macWtfG.exe
  C:\Windows\System\macWtfG.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\CeSyAYe.exe
  C:\Windows\System\CeSyAYe.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\GJSYQcO.exe
  C:\Windows\System\GJSYQcO.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\JisyUuk.exe
  C:\Windows\System\JisyUuk.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\WwtmrWW.exe
  C:\Windows\System\WwtmrWW.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\exAmuIO.exe
  C:\Windows\System\exAmuIO.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\LpEQuXj.exe
  C:\Windows\System\LpEQuXj.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\YmcaSrL.exe
  C:\Windows\System\YmcaSrL.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\TANPbKO.exe
  C:\Windows\System\TANPbKO.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\YAXLFOk.exe
  C:\Windows\System\YAXLFOk.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\wnHAuWt.exe
  C:\Windows\System\wnHAuWt.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\PKsWcGK.exe
  C:\Windows\System\PKsWcGK.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\uueHPFb.exe
  C:\Windows\System\uueHPFb.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\sSFQsyq.exe
  C:\Windows\System\sSFQsyq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\CMpABqk.exe
  C:\Windows\System\CMpABqk.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\XToJqhj.exe
  C:\Windows\System\XToJqhj.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\IUdVCtK.exe
  C:\Windows\System\IUdVCtK.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\yZwYUYg.exe
  C:\Windows\System\yZwYUYg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\NAWGDvq.exe
  C:\Windows\System\NAWGDvq.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\wdbeREp.exe
  C:\Windows\System\wdbeREp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\HboWsqy.exe
  C:\Windows\System\HboWsqy.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\qbCiqDk.exe
  C:\Windows\System\qbCiqDk.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\nSUyHAQ.exe
  C:\Windows\System\nSUyHAQ.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\YPiadSy.exe
  C:\Windows\System\YPiadSy.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\khUlOHS.exe
  C:\Windows\System\khUlOHS.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\RNktCoj.exe
  C:\Windows\System\RNktCoj.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\DGJxxjA.exe
  C:\Windows\System\DGJxxjA.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\sEvYCDT.exe
  C:\Windows\System\sEvYCDT.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\bIgXuLv.exe
  C:\Windows\System\bIgXuLv.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GurfRAw.exe
  C:\Windows\System\GurfRAw.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\dCdCYvN.exe
  C:\Windows\System\dCdCYvN.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\hnCVsVN.exe
  C:\Windows\System\hnCVsVN.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\zcYdTLN.exe
  C:\Windows\System\zcYdTLN.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\bCiGbOZ.exe
  C:\Windows\System\bCiGbOZ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\WdRfyCK.exe
  C:\Windows\System\WdRfyCK.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\NQgovUo.exe
  C:\Windows\System\NQgovUo.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\iDfYogn.exe
  C:\Windows\System\iDfYogn.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ROBCccw.exe
  C:\Windows\System\ROBCccw.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\nGKNGPh.exe
  C:\Windows\System\nGKNGPh.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\ROzUksR.exe
  C:\Windows\System\ROzUksR.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\IHyOknX.exe
  C:\Windows\System\IHyOknX.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fJzjRPI.exe
  C:\Windows\System\fJzjRPI.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\dxKAYFK.exe
  C:\Windows\System\dxKAYFK.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rUXcuMM.exe
  C:\Windows\System\rUXcuMM.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\qzEDgvP.exe
  C:\Windows\System\qzEDgvP.exe
  2⤵
  PID:1636
- C:\Windows\System\MowLwvF.exe
  C:\Windows\System\MowLwvF.exe
  2⤵
  PID:1816
- C:\Windows\System\giOmkBP.exe
  C:\Windows\System\giOmkBP.exe
  2⤵
  PID:1612
- C:\Windows\System\DebJqPY.exe
  C:\Windows\System\DebJqPY.exe
  2⤵
  PID:2212
- C:\Windows\System\mgsrdXI.exe
  C:\Windows\System\mgsrdXI.exe
  2⤵
  PID:1952
- C:\Windows\System\FbwNIkM.exe
  C:\Windows\System\FbwNIkM.exe
  2⤵
  PID:2940
- C:\Windows\System\gQCAySE.exe
  C:\Windows\System\gQCAySE.exe
  2⤵
  PID:2236
- C:\Windows\System\mIuOWUo.exe
  C:\Windows\System\mIuOWUo.exe
  2⤵
  PID:2916
- C:\Windows\System\NSHYyEt.exe
  C:\Windows\System\NSHYyEt.exe
  2⤵
  PID:2820
- C:\Windows\System\LVIRYRg.exe
  C:\Windows\System\LVIRYRg.exe
  2⤵
  PID:2656
- C:\Windows\System\ideMUJm.exe
  C:\Windows\System\ideMUJm.exe
  2⤵
  PID:1640
- C:\Windows\System\RwQuexP.exe
  C:\Windows\System\RwQuexP.exe
  2⤵
  PID:2528
- C:\Windows\System\arpMVAl.exe
  C:\Windows\System\arpMVAl.exe
  2⤵
  PID:2064
- C:\Windows\System\skwHFwD.exe
  C:\Windows\System\skwHFwD.exe
  2⤵
  PID:2056
- C:\Windows\System\Mnsomfk.exe
  C:\Windows\System\Mnsomfk.exe
  2⤵
  PID:3000
- C:\Windows\System\ApHoOSq.exe
  C:\Windows\System\ApHoOSq.exe
  2⤵
  PID:588
- C:\Windows\System\LDfClsC.exe
  C:\Windows\System\LDfClsC.exe
  2⤵
  PID:2976
- C:\Windows\System\XzRLtaN.exe
  C:\Windows\System\XzRLtaN.exe
  2⤵
  PID:1500
- C:\Windows\System\uUKqYvo.exe
  C:\Windows\System\uUKqYvo.exe
  2⤵
  PID:1132
- C:\Windows\System\dZgQqvV.exe
  C:\Windows\System\dZgQqvV.exe
  2⤵
  PID:2448
- C:\Windows\System\UajNfJj.exe
  C:\Windows\System\UajNfJj.exe
  2⤵
  PID:772
- C:\Windows\System\JWYloin.exe
  C:\Windows\System\JWYloin.exe
  2⤵
  PID:808
- C:\Windows\System\SYtbFtx.exe
  C:\Windows\System\SYtbFtx.exe
  2⤵
  PID:2060
- C:\Windows\System\tOgloAa.exe
  C:\Windows\System\tOgloAa.exe
  2⤵
  PID:2156
- C:\Windows\System\EXtaFQt.exe
  C:\Windows\System\EXtaFQt.exe
  2⤵
  PID:1492
- C:\Windows\System\gmWdTge.exe
  C:\Windows\System\gmWdTge.exe
  2⤵
  PID:1288
- C:\Windows\System\YPiGkje.exe
  C:\Windows\System\YPiGkje.exe
  2⤵
  PID:2220
- C:\Windows\System\SsIpeFp.exe
  C:\Windows\System\SsIpeFp.exe
  2⤵
  PID:1820
- C:\Windows\System\EXOOHZY.exe
  C:\Windows\System\EXOOHZY.exe
  2⤵
  PID:288
- C:\Windows\System\DfcbrrV.exe
  C:\Windows\System\DfcbrrV.exe
  2⤵
  PID:1548
- C:\Windows\System\JNChuIV.exe
  C:\Windows\System\JNChuIV.exe
  2⤵
  PID:1340
- C:\Windows\System\LrTFjjX.exe
  C:\Windows\System\LrTFjjX.exe
  2⤵
  PID:1684
- C:\Windows\System\ilihKMt.exe
  C:\Windows\System\ilihKMt.exe
  2⤵
  PID:1864
- C:\Windows\System\PVGZhtS.exe
  C:\Windows\System\PVGZhtS.exe
  2⤵
  PID:2584
- C:\Windows\System\zwBIciN.exe
  C:\Windows\System\zwBIciN.exe
  2⤵
  PID:1700
- C:\Windows\System\uZeieRq.exe
  C:\Windows\System\uZeieRq.exe
  2⤵
  PID:2276
- C:\Windows\System\oifJDjP.exe
  C:\Windows\System\oifJDjP.exe
  2⤵
  PID:1828
- C:\Windows\System\MhRPUgC.exe
  C:\Windows\System\MhRPUgC.exe
  2⤵
  PID:1836
- C:\Windows\System\JLemdQu.exe
  C:\Windows\System\JLemdQu.exe
  2⤵
  PID:760
- C:\Windows\System\ngsoVIX.exe
  C:\Windows\System\ngsoVIX.exe
  2⤵
  PID:1504
- C:\Windows\System\AnlnKja.exe
  C:\Windows\System\AnlnKja.exe
  2⤵
  PID:2608
- C:\Windows\System\Ybxpzui.exe
  C:\Windows\System\Ybxpzui.exe
  2⤵
  PID:560
- C:\Windows\System\YDAMNqx.exe
  C:\Windows\System\YDAMNqx.exe
  2⤵
  PID:2792
- C:\Windows\System\NpDKuzE.exe
  C:\Windows\System\NpDKuzE.exe
  2⤵
  PID:2956
- C:\Windows\System\jblitTx.exe
  C:\Windows\System\jblitTx.exe
  2⤵
  PID:3004
- C:\Windows\System\kpSmEZZ.exe
  C:\Windows\System\kpSmEZZ.exe
  2⤵
  PID:2844
- C:\Windows\System\TgJmIoQ.exe
  C:\Windows\System\TgJmIoQ.exe
  2⤵
  PID:2984
- C:\Windows\System\GDJxngg.exe
  C:\Windows\System\GDJxngg.exe
  2⤵
  PID:1004
- C:\Windows\System\ECdcuSc.exe
  C:\Windows\System\ECdcuSc.exe
  2⤵
  PID:2856
- C:\Windows\System\mqWQzzO.exe
  C:\Windows\System\mqWQzzO.exe
  2⤵
  PID:2436
- C:\Windows\System\VMGNjbX.exe
  C:\Windows\System\VMGNjbX.exe
  2⤵
  PID:316
- C:\Windows\System\zuAvfPU.exe
  C:\Windows\System\zuAvfPU.exe
  2⤵
  PID:2140
- C:\Windows\System\yxACVXg.exe
  C:\Windows\System\yxACVXg.exe
  2⤵
  PID:2512
- C:\Windows\System\GERXonp.exe
  C:\Windows\System\GERXonp.exe
  2⤵
  PID:1620
- C:\Windows\System\YwcmVsa.exe
  C:\Windows\System\YwcmVsa.exe
  2⤵
  PID:2340
- C:\Windows\System\tAnCprh.exe
  C:\Windows\System\tAnCprh.exe
  2⤵
  PID:1540
- C:\Windows\System\FLnohCT.exe
  C:\Windows\System\FLnohCT.exe
  2⤵
  PID:1928
- C:\Windows\System\CVzSlKa.exe
  C:\Windows\System\CVzSlKa.exe
  2⤵
  PID:2736
- C:\Windows\System\GkxczBy.exe
  C:\Windows\System\GkxczBy.exe
  2⤵
  PID:3088
- C:\Windows\System\YobEDuz.exe
  C:\Windows\System\YobEDuz.exe
  2⤵
  PID:3104
- C:\Windows\System\BFKsMSt.exe
  C:\Windows\System\BFKsMSt.exe
  2⤵
  PID:3120
- C:\Windows\System\ngYvlGe.exe
  C:\Windows\System\ngYvlGe.exe
  2⤵
  PID:3136
- C:\Windows\System\JGsYMPl.exe
  C:\Windows\System\JGsYMPl.exe
  2⤵
  PID:3152
- C:\Windows\System\dOzNfuL.exe
  C:\Windows\System\dOzNfuL.exe
  2⤵
  PID:3168
- C:\Windows\System\eNdgsMM.exe
  C:\Windows\System\eNdgsMM.exe
  2⤵
  PID:3184
- C:\Windows\System\XSoLOOZ.exe
  C:\Windows\System\XSoLOOZ.exe
  2⤵
  PID:3200
- C:\Windows\System\ZNRhocF.exe
  C:\Windows\System\ZNRhocF.exe
  2⤵
  PID:3216
- C:\Windows\System\ZCexCOd.exe
  C:\Windows\System\ZCexCOd.exe
  2⤵
  PID:3232
- C:\Windows\System\QmnWdnK.exe
  C:\Windows\System\QmnWdnK.exe
  2⤵
  PID:3248
- C:\Windows\System\bhLrcMV.exe
  C:\Windows\System\bhLrcMV.exe
  2⤵
  PID:3264
- C:\Windows\System\tfaliMJ.exe
  C:\Windows\System\tfaliMJ.exe
  2⤵
  PID:3280
- C:\Windows\System\yiNzzjn.exe
  C:\Windows\System\yiNzzjn.exe
  2⤵
  PID:3296
- C:\Windows\System\ovYpnGC.exe
  C:\Windows\System\ovYpnGC.exe
  2⤵
  PID:3312
- C:\Windows\System\DbwNRSf.exe
  C:\Windows\System\DbwNRSf.exe
  2⤵
  PID:3328
- C:\Windows\System\WPSXOsI.exe
  C:\Windows\System\WPSXOsI.exe
  2⤵
  PID:3344
- C:\Windows\System\wbxSNrC.exe
  C:\Windows\System\wbxSNrC.exe
  2⤵
  PID:3360
- C:\Windows\System\NPFwZkI.exe
  C:\Windows\System\NPFwZkI.exe
  2⤵
  PID:3376
- C:\Windows\System\QYScZPq.exe
  C:\Windows\System\QYScZPq.exe
  2⤵
  PID:3392
- C:\Windows\System\jbVoFeX.exe
  C:\Windows\System\jbVoFeX.exe
  2⤵
  PID:3408
- C:\Windows\System\wFaXGgw.exe
  C:\Windows\System\wFaXGgw.exe
  2⤵
  PID:3424
- C:\Windows\System\vPOdhCN.exe
  C:\Windows\System\vPOdhCN.exe
  2⤵
  PID:3440
- C:\Windows\System\rGPAcsE.exe
  C:\Windows\System\rGPAcsE.exe
  2⤵
  PID:3456
- C:\Windows\System\ehRJQny.exe
  C:\Windows\System\ehRJQny.exe
  2⤵
  PID:3472
- C:\Windows\System\emXJyVH.exe
  C:\Windows\System\emXJyVH.exe
  2⤵
  PID:3488
- C:\Windows\System\GcYjcvf.exe
  C:\Windows\System\GcYjcvf.exe
  2⤵
  PID:3504
- C:\Windows\System\EKFdqFS.exe
  C:\Windows\System\EKFdqFS.exe
  2⤵
  PID:3520
- C:\Windows\System\KKwDPMK.exe
  C:\Windows\System\KKwDPMK.exe
  2⤵
  PID:3536
- C:\Windows\System\JtuvXzf.exe
  C:\Windows\System\JtuvXzf.exe
  2⤵
  PID:3552
- C:\Windows\System\knwnUnR.exe
  C:\Windows\System\knwnUnR.exe
  2⤵
  PID:3568
- C:\Windows\System\vaxfSVK.exe
  C:\Windows\System\vaxfSVK.exe
  2⤵
  PID:3584
- C:\Windows\System\NSSjwXB.exe
  C:\Windows\System\NSSjwXB.exe
  2⤵
  PID:3600
- C:\Windows\System\ruMFYAn.exe
  C:\Windows\System\ruMFYAn.exe
  2⤵
  PID:3616
- C:\Windows\System\lxcPFXi.exe
  C:\Windows\System\lxcPFXi.exe
  2⤵
  PID:3632
- C:\Windows\System\JqtAaPg.exe
  C:\Windows\System\JqtAaPg.exe
  2⤵
  PID:3648
- C:\Windows\System\InmjGlP.exe
  C:\Windows\System\InmjGlP.exe
  2⤵
  PID:3664
- C:\Windows\System\LSjQofz.exe
  C:\Windows\System\LSjQofz.exe
  2⤵
  PID:3680
- C:\Windows\System\ldhZihF.exe
  C:\Windows\System\ldhZihF.exe
  2⤵
  PID:3696
- C:\Windows\System\nmYwvBq.exe
  C:\Windows\System\nmYwvBq.exe
  2⤵
  PID:3712
- C:\Windows\System\kJzCpBO.exe
  C:\Windows\System\kJzCpBO.exe
  2⤵
  PID:3728
- C:\Windows\System\EQslDST.exe
  C:\Windows\System\EQslDST.exe
  2⤵
  PID:3744
- C:\Windows\System\gtUhTVb.exe
  C:\Windows\System\gtUhTVb.exe
  2⤵
  PID:3760
- C:\Windows\System\FGWcUWl.exe
  C:\Windows\System\FGWcUWl.exe
  2⤵
  PID:3776
- C:\Windows\System\IjmcLvM.exe
  C:\Windows\System\IjmcLvM.exe
  2⤵
  PID:3792
- C:\Windows\System\ulelYny.exe
  C:\Windows\System\ulelYny.exe
  2⤵
  PID:3808
- C:\Windows\System\MUyuRuk.exe
  C:\Windows\System\MUyuRuk.exe
  2⤵
  PID:3824
- C:\Windows\System\HmNPgUY.exe
  C:\Windows\System\HmNPgUY.exe
  2⤵
  PID:3840
- C:\Windows\System\KytoCUh.exe
  C:\Windows\System\KytoCUh.exe
  2⤵
  PID:3856
- C:\Windows\System\KQUzYyI.exe
  C:\Windows\System\KQUzYyI.exe
  2⤵
  PID:3872
- C:\Windows\System\cjHuSTw.exe
  C:\Windows\System\cjHuSTw.exe
  2⤵
  PID:3888
- C:\Windows\System\plYYDgF.exe
  C:\Windows\System\plYYDgF.exe
  2⤵
  PID:3904
- C:\Windows\System\JmNxnve.exe
  C:\Windows\System\JmNxnve.exe
  2⤵
  PID:3920
- C:\Windows\System\IspOzMA.exe
  C:\Windows\System\IspOzMA.exe
  2⤵
  PID:3936
- C:\Windows\System\AMSmHEe.exe
  C:\Windows\System\AMSmHEe.exe
  2⤵
  PID:3952
- C:\Windows\System\Dfndzpd.exe
  C:\Windows\System\Dfndzpd.exe
  2⤵
  PID:3968
- C:\Windows\System\tEIyRUZ.exe
  C:\Windows\System\tEIyRUZ.exe
  2⤵
  PID:3984
- C:\Windows\System\PBRyPvp.exe
  C:\Windows\System\PBRyPvp.exe
  2⤵
  PID:4000
- C:\Windows\System\DQKJpPS.exe
  C:\Windows\System\DQKJpPS.exe
  2⤵
  PID:4016
- C:\Windows\System\YakqFdK.exe
  C:\Windows\System\YakqFdK.exe
  2⤵
  PID:4032
- C:\Windows\System\wbSzJRr.exe
  C:\Windows\System\wbSzJRr.exe
  2⤵
  PID:4048
- C:\Windows\System\JtHExZf.exe
  C:\Windows\System\JtHExZf.exe
  2⤵
  PID:4064
- C:\Windows\System\KHCuabg.exe
  C:\Windows\System\KHCuabg.exe
  2⤵
  PID:4084
- C:\Windows\System\LlPiAtL.exe
  C:\Windows\System\LlPiAtL.exe
  2⤵
  PID:2020
- C:\Windows\System\mRiGOLv.exe
  C:\Windows\System\mRiGOLv.exe
  2⤵
  PID:1244
- C:\Windows\System\WeXUmLC.exe
  C:\Windows\System\WeXUmLC.exe
  2⤵
  PID:2300
- C:\Windows\System\zKrpHxT.exe
  C:\Windows\System\zKrpHxT.exe
  2⤵
  PID:1436
- C:\Windows\System\afRFaSa.exe
  C:\Windows\System\afRFaSa.exe
  2⤵
  PID:2572
- C:\Windows\System\TCpgMSV.exe
  C:\Windows\System\TCpgMSV.exe
  2⤵
  PID:1324
- C:\Windows\System\sWoiMFN.exe
  C:\Windows\System\sWoiMFN.exe
  2⤵
  PID:804
- C:\Windows\System\QreuMAT.exe
  C:\Windows\System\QreuMAT.exe
  2⤵
  PID:1560
- C:\Windows\System\fSeCulE.exe
  C:\Windows\System\fSeCulE.exe
  2⤵
  PID:840
- C:\Windows\System\GxWcTLd.exe
  C:\Windows\System\GxWcTLd.exe
  2⤵
  PID:3100
- C:\Windows\System\ubyrvDt.exe
  C:\Windows\System\ubyrvDt.exe
  2⤵
  PID:3132
- C:\Windows\System\TzcjoXc.exe
  C:\Windows\System\TzcjoXc.exe
  2⤵
  PID:3176
- C:\Windows\System\XHOCRFb.exe
  C:\Windows\System\XHOCRFb.exe
  2⤵
  PID:3208
- C:\Windows\System\CzBzmQv.exe
  C:\Windows\System\CzBzmQv.exe
  2⤵
  PID:3256
- C:\Windows\System\VimkDnN.exe
  C:\Windows\System\VimkDnN.exe
  2⤵
  PID:3292
- C:\Windows\System\NjNcpeE.exe
  C:\Windows\System\NjNcpeE.exe
  2⤵
  PID:3304
- C:\Windows\System\sfBJMyX.exe
  C:\Windows\System\sfBJMyX.exe
  2⤵
  PID:3340
- C:\Windows\System\SXddCEr.exe
  C:\Windows\System\SXddCEr.exe
  2⤵
  PID:3400
- C:\Windows\System\uGewVDP.exe
  C:\Windows\System\uGewVDP.exe
  2⤵
  PID:3432
- C:\Windows\System\iqrEocv.exe
  C:\Windows\System\iqrEocv.exe
  2⤵
  PID:3468
- C:\Windows\System\jkwHinj.exe
  C:\Windows\System\jkwHinj.exe
  2⤵
  PID:3516
- C:\Windows\System\ssfBIco.exe
  C:\Windows\System\ssfBIco.exe
  2⤵
  PID:3548
- C:\Windows\System\NDuNxDK.exe
  C:\Windows\System\NDuNxDK.exe
  2⤵
  PID:3592
- C:\Windows\System\WXJivni.exe
  C:\Windows\System\WXJivni.exe
  2⤵
  PID:3640
- C:\Windows\System\cKzMZCe.exe
  C:\Windows\System\cKzMZCe.exe
  2⤵
  PID:3624
- C:\Windows\System\uQmGPMA.exe
  C:\Windows\System\uQmGPMA.exe
  2⤵
  PID:3688
- C:\Windows\System\GWiXSsD.exe
  C:\Windows\System\GWiXSsD.exe
  2⤵
  PID:3720
- C:\Windows\System\RgDUwpf.exe
  C:\Windows\System\RgDUwpf.exe
  2⤵
  PID:3752
- C:\Windows\System\FqiWrzC.exe
  C:\Windows\System\FqiWrzC.exe
  2⤵
  PID:3784
- C:\Windows\System\ThqFleM.exe
  C:\Windows\System\ThqFleM.exe
  2⤵
  PID:3864
- C:\Windows\System\WRGZgmU.exe
  C:\Windows\System\WRGZgmU.exe
  2⤵
  PID:3928
- C:\Windows\System\fewVIRX.exe
  C:\Windows\System\fewVIRX.exe
  2⤵
  PID:4028
- C:\Windows\System\WTecBxt.exe
  C:\Windows\System\WTecBxt.exe
  2⤵
  PID:4100
- C:\Windows\System\YMsPfXr.exe
  C:\Windows\System\YMsPfXr.exe
  2⤵
  PID:4116
- C:\Windows\System\CALuWuI.exe
  C:\Windows\System\CALuWuI.exe
  2⤵
  PID:4132
- C:\Windows\System\SsMwByE.exe
  C:\Windows\System\SsMwByE.exe
  2⤵
  PID:4148
- C:\Windows\System\xVxmNQM.exe
  C:\Windows\System\xVxmNQM.exe
  2⤵
  PID:4196
- C:\Windows\System\KaNDPPW.exe
  C:\Windows\System\KaNDPPW.exe
  2⤵
  PID:4264
- C:\Windows\System\cghGbkX.exe
  C:\Windows\System\cghGbkX.exe
  2⤵
  PID:4280
- C:\Windows\System\LJjdage.exe
  C:\Windows\System\LJjdage.exe
  2⤵
  PID:4296
- C:\Windows\System\TpojRQt.exe
  C:\Windows\System\TpojRQt.exe
  2⤵
  PID:4312
- C:\Windows\System\lpHwCkP.exe
  C:\Windows\System\lpHwCkP.exe
  2⤵
  PID:4328
- C:\Windows\System\cfhFwiZ.exe
  C:\Windows\System\cfhFwiZ.exe
  2⤵
  PID:4344
- C:\Windows\System\BPVUZHz.exe
  C:\Windows\System\BPVUZHz.exe
  2⤵
  PID:4360
- C:\Windows\System\FeLhOLO.exe
  C:\Windows\System\FeLhOLO.exe
  2⤵
  PID:4376
- C:\Windows\System\OrdqVsz.exe
  C:\Windows\System\OrdqVsz.exe
  2⤵
  PID:4392
- C:\Windows\System\yByxVHg.exe
  C:\Windows\System\yByxVHg.exe
  2⤵
  PID:4408
- C:\Windows\System\DhWdBzn.exe
  C:\Windows\System\DhWdBzn.exe
  2⤵
  PID:4424
- C:\Windows\System\zHrwvXp.exe
  C:\Windows\System\zHrwvXp.exe
  2⤵
  PID:4440
- C:\Windows\System\pfkQCai.exe
  C:\Windows\System\pfkQCai.exe
  2⤵
  PID:4456
- C:\Windows\System\YvYaaHq.exe
  C:\Windows\System\YvYaaHq.exe
  2⤵
  PID:4472
- C:\Windows\System\YNECDnX.exe
  C:\Windows\System\YNECDnX.exe
  2⤵
  PID:4488
- C:\Windows\System\dJmYjyH.exe
  C:\Windows\System\dJmYjyH.exe
  2⤵
  PID:4504
- C:\Windows\System\JxjIHgh.exe
  C:\Windows\System\JxjIHgh.exe
  2⤵
  PID:4520
- C:\Windows\System\HyGetRM.exe
  C:\Windows\System\HyGetRM.exe
  2⤵
  PID:4536
- C:\Windows\System\WCLBRfW.exe
  C:\Windows\System\WCLBRfW.exe
  2⤵
  PID:4552
- C:\Windows\System\UTmciMf.exe
  C:\Windows\System\UTmciMf.exe
  2⤵
  PID:4568
- C:\Windows\System\CCATdQT.exe
  C:\Windows\System\CCATdQT.exe
  2⤵
  PID:4584
- C:\Windows\System\KziiniI.exe
  C:\Windows\System\KziiniI.exe
  2⤵
  PID:4600
- C:\Windows\System\UhhwgbT.exe
  C:\Windows\System\UhhwgbT.exe
  2⤵
  PID:4616
- C:\Windows\System\ktiWseR.exe
  C:\Windows\System\ktiWseR.exe
  2⤵
  PID:4632
- C:\Windows\System\XNcdGXW.exe
  C:\Windows\System\XNcdGXW.exe
  2⤵
  PID:4648
- C:\Windows\System\TFZVEIs.exe
  C:\Windows\System\TFZVEIs.exe
  2⤵
  PID:4664
- C:\Windows\System\XylhMhv.exe
  C:\Windows\System\XylhMhv.exe
  2⤵
  PID:4680
- C:\Windows\System\wYdlFHN.exe
  C:\Windows\System\wYdlFHN.exe
  2⤵
  PID:4696
- C:\Windows\System\uYQUINb.exe
  C:\Windows\System\uYQUINb.exe
  2⤵
  PID:4712
- C:\Windows\System\bUuWGGs.exe
  C:\Windows\System\bUuWGGs.exe
  2⤵
  PID:4728
- C:\Windows\System\hUNFpkY.exe
  C:\Windows\System\hUNFpkY.exe
  2⤵
  PID:4744
- C:\Windows\System\jmBbPhr.exe
  C:\Windows\System\jmBbPhr.exe
  2⤵
  PID:4760
- C:\Windows\System\FKyedEz.exe
  C:\Windows\System\FKyedEz.exe
  2⤵
  PID:4776
- C:\Windows\System\jAilHTb.exe
  C:\Windows\System\jAilHTb.exe
  2⤵
  PID:4792
- C:\Windows\System\FhuhNKX.exe
  C:\Windows\System\FhuhNKX.exe
  2⤵
  PID:4808
- C:\Windows\System\jMBMspL.exe
  C:\Windows\System\jMBMspL.exe
  2⤵
  PID:4824
- C:\Windows\System\osshpDW.exe
  C:\Windows\System\osshpDW.exe
  2⤵
  PID:4840
- C:\Windows\System\ZURVFlK.exe
  C:\Windows\System\ZURVFlK.exe
  2⤵
  PID:2992
- C:\Windows\System\SlDnFMi.exe
  C:\Windows\System\SlDnFMi.exe
  2⤵
  PID:496
- C:\Windows\System\OiViOYy.exe
  C:\Windows\System\OiViOYy.exe
  2⤵
  PID:3228
- C:\Windows\System\cvcKvCw.exe
  C:\Windows\System\cvcKvCw.exe
  2⤵
  PID:3324
- C:\Windows\System\WENbujH.exe
  C:\Windows\System\WENbujH.exe
  2⤵
  PID:3436
- C:\Windows\System\xAxlLgo.exe
  C:\Windows\System\xAxlLgo.exe
  2⤵
  PID:3612
- C:\Windows\System\SlYvXbK.exe
  C:\Windows\System\SlYvXbK.exe
  2⤵
  PID:4560
- C:\Windows\System\DZIuNNR.exe
  C:\Windows\System\DZIuNNR.exe
  2⤵
  PID:4624
- C:\Windows\System\GBmzJhe.exe
  C:\Windows\System\GBmzJhe.exe
  2⤵
  PID:4688
- C:\Windows\System\XoWfaAV.exe
  C:\Windows\System\XoWfaAV.exe
  2⤵
  PID:4752
- C:\Windows\System\wcFjodN.exe
  C:\Windows\System\wcFjodN.exe
  2⤵
  PID:4320
- C:\Windows\System\EwHzMde.exe
  C:\Windows\System\EwHzMde.exe
  2⤵
  PID:4816
- C:\Windows\System\mCkXDGc.exe
  C:\Windows\System\mCkXDGc.exe
  2⤵
  PID:4860
- C:\Windows\System\jrPPZRZ.exe
  C:\Windows\System\jrPPZRZ.exe
  2⤵
  PID:4876
- C:\Windows\System\uRsjGFw.exe
  C:\Windows\System\uRsjGFw.exe
  2⤵
  PID:4892
- C:\Windows\System\nKpaRAR.exe
  C:\Windows\System\nKpaRAR.exe
  2⤵
  PID:4904
- C:\Windows\System\AfFqXRN.exe
  C:\Windows\System\AfFqXRN.exe
  2⤵
  PID:4388
- C:\Windows\System\oODsikr.exe
  C:\Windows\System\oODsikr.exe
  2⤵
  PID:4932
- C:\Windows\System\JvmAOrM.exe
  C:\Windows\System\JvmAOrM.exe
  2⤵
  PID:4948
- C:\Windows\System\ocMDsZj.exe
  C:\Windows\System\ocMDsZj.exe
  2⤵
  PID:4964
- C:\Windows\System\HEDNhBd.exe
  C:\Windows\System\HEDNhBd.exe
  2⤵
  PID:4980
- C:\Windows\System\lavdgoT.exe
  C:\Windows\System\lavdgoT.exe
  2⤵
  PID:4996
- C:\Windows\System\KjEMlul.exe
  C:\Windows\System\KjEMlul.exe
  2⤵
  PID:5012
- C:\Windows\System\yEnWATZ.exe
  C:\Windows\System\yEnWATZ.exe
  2⤵
  PID:5028
- C:\Windows\System\EuOQkSK.exe
  C:\Windows\System\EuOQkSK.exe
  2⤵
  PID:5044
- C:\Windows\System\JOawwJl.exe
  C:\Windows\System\JOawwJl.exe
  2⤵
  PID:5060
- C:\Windows\System\gsZVJAK.exe
  C:\Windows\System\gsZVJAK.exe
  2⤵
  PID:5076
- C:\Windows\System\DkcrAEe.exe
  C:\Windows\System\DkcrAEe.exe
  2⤵
  PID:5084
- C:\Windows\System\xfUnKMn.exe
  C:\Windows\System\xfUnKMn.exe
  2⤵
  PID:5100
- C:\Windows\System\zpiTvVp.exe
  C:\Windows\System\zpiTvVp.exe
  2⤵
  PID:5116
- C:\Windows\System\bKepBkn.exe
  C:\Windows\System\bKepBkn.exe
  2⤵
  PID:4092
- C:\Windows\System\gfIKJvX.exe
  C:\Windows\System\gfIKJvX.exe
  2⤵
  PID:4768
- C:\Windows\System\HSGvKcB.exe
  C:\Windows\System\HSGvKcB.exe
  2⤵
  PID:4832
- C:\Windows\System\bOtNJpu.exe
  C:\Windows\System\bOtNJpu.exe
  2⤵
  PID:1580
- C:\Windows\System\TWXsnpY.exe
  C:\Windows\System\TWXsnpY.exe
  2⤵
  PID:1080
- C:\Windows\System\qyEKYDh.exe
  C:\Windows\System\qyEKYDh.exe
  2⤵
  PID:3116
- C:\Windows\System\zizMljO.exe
  C:\Windows\System\zizMljO.exe
  2⤵
  PID:3260
- C:\Windows\System\sKmuaOw.exe
  C:\Windows\System\sKmuaOw.exe
  2⤵
  PID:3448
- C:\Windows\System\jLPAEiW.exe
  C:\Windows\System\jLPAEiW.exe
  2⤵
  PID:3628
- C:\Windows\System\QyhXgkh.exe
  C:\Windows\System\QyhXgkh.exe
  2⤵
  PID:3816
- C:\Windows\System\SqcloGS.exe
  C:\Windows\System\SqcloGS.exe
  2⤵
  PID:3772
- C:\Windows\System\yduQhHx.exe
  C:\Windows\System\yduQhHx.exe
  2⤵
  PID:4124
- C:\Windows\System\MlbUzJC.exe
  C:\Windows\System\MlbUzJC.exe
  2⤵
  PID:3912
- C:\Windows\System\JvytkjD.exe
  C:\Windows\System\JvytkjD.exe
  2⤵
  PID:3884
- C:\Windows\System\nrlZGdP.exe
  C:\Windows\System\nrlZGdP.exe
  2⤵
  PID:1760
- C:\Windows\System\jUfVzNH.exe
  C:\Windows\System\jUfVzNH.exe
  2⤵
  PID:2900
- C:\Windows\System\CYCDIKt.exe
  C:\Windows\System\CYCDIKt.exe
  2⤵
  PID:4736
- C:\Windows\System\jTWjDoI.exe
  C:\Windows\System\jTWjDoI.exe
  2⤵
  PID:4672
- C:\Windows\System\vWfUwyU.exe
  C:\Windows\System\vWfUwyU.exe
  2⤵
  PID:4608
- C:\Windows\System\KYiFRvN.exe
  C:\Windows\System\KYiFRvN.exe
  2⤵
  PID:4544
- C:\Windows\System\vLJHnJa.exe
  C:\Windows\System\vLJHnJa.exe
  2⤵
  PID:3164
- C:\Windows\System\NYmQXIv.exe
  C:\Windows\System\NYmQXIv.exe
  2⤵
  PID:3080
- C:\Windows\System\gjpJOnl.exe
  C:\Windows\System\gjpJOnl.exe
  2⤵
  PID:3532
- C:\Windows\System\lqcJHCH.exe
  C:\Windows\System\lqcJHCH.exe
  2⤵
  PID:3836
- C:\Windows\System\rRASlyR.exe
  C:\Windows\System\rRASlyR.exe
  2⤵
  PID:4108
- C:\Windows\System\wAQopIr.exe
  C:\Windows\System\wAQopIr.exe
  2⤵
  PID:4144
- C:\Windows\System\GGddrra.exe
  C:\Windows\System\GGddrra.exe
  2⤵
  PID:3976
- C:\Windows\System\rBCAyfZ.exe
  C:\Windows\System\rBCAyfZ.exe
  2⤵
  PID:4040
- C:\Windows\System\LttHaiR.exe
  C:\Windows\System\LttHaiR.exe
  2⤵
  PID:4260
- C:\Windows\System\dPOtDnz.exe
  C:\Windows\System\dPOtDnz.exe
  2⤵
  PID:4452
- C:\Windows\System\OsHscys.exe
  C:\Windows\System\OsHscys.exe
  2⤵
  PID:4308
- C:\Windows\System\QTOSCPF.exe
  C:\Windows\System\QTOSCPF.exe
  2⤵
  PID:4368
- C:\Windows\System\MMhlexW.exe
  C:\Windows\System\MMhlexW.exe
  2⤵
  PID:4356
- C:\Windows\System\zhcudSW.exe
  C:\Windows\System\zhcudSW.exe
  2⤵
  PID:4468
- C:\Windows\System\ExnZvSp.exe
  C:\Windows\System\ExnZvSp.exe
  2⤵
  PID:4528
- C:\Windows\System\uCvnpEj.exe
  C:\Windows\System\uCvnpEj.exe
  2⤵
  PID:4288
- C:\Windows\System\EIvDsuX.exe
  C:\Windows\System\EIvDsuX.exe
  2⤵
  PID:4848
- C:\Windows\System\yujKoWa.exe
  C:\Windows\System\yujKoWa.exe
  2⤵
  PID:4912
- C:\Windows\System\jJdWbjJ.exe
  C:\Windows\System\jJdWbjJ.exe
  2⤵
  PID:4724
- C:\Windows\System\UNlGKsS.exe
  C:\Windows\System\UNlGKsS.exe
  2⤵
  PID:3756
- C:\Windows\System\YdRFHYR.exe
  C:\Windows\System\YdRFHYR.exe
  2⤵
  PID:4928
- C:\Windows\System\kaGqWln.exe
  C:\Windows\System\kaGqWln.exe
  2⤵
  PID:4804
- C:\Windows\System\RQSnmiy.exe
  C:\Windows\System\RQSnmiy.exe
  2⤵
  PID:4984
- C:\Windows\System\FLrZGkX.exe
  C:\Windows\System\FLrZGkX.exe
  2⤵
  PID:5108
- C:\Windows\System\AwCwKSl.exe
  C:\Windows\System\AwCwKSl.exe
  2⤵
  PID:4976
- C:\Windows\System\XdEmlvS.exe
  C:\Windows\System\XdEmlvS.exe
  2⤵
  PID:2688
- C:\Windows\System\UQwPbwB.exe
  C:\Windows\System\UQwPbwB.exe
  2⤵
  PID:4076
- C:\Windows\System\DXtqLKZ.exe
  C:\Windows\System\DXtqLKZ.exe
  2⤵
  PID:2260
- C:\Windows\System\ICHZZHR.exe
  C:\Windows\System\ICHZZHR.exe
  2⤵
  PID:3128
- C:\Windows\System\NhFGZBS.exe
  C:\Windows\System\NhFGZBS.exe
  2⤵
  PID:3356
- C:\Windows\System\lQcuAcg.exe
  C:\Windows\System\lQcuAcg.exe
  2⤵
  PID:4080
- C:\Windows\System\haUPeeC.exe
  C:\Windows\System\haUPeeC.exe
  2⤵
  PID:3404
- C:\Windows\System\LzyIVdo.exe
  C:\Windows\System\LzyIVdo.exe
  2⤵
  PID:3656
- C:\Windows\System\zvmvwTZ.exe
  C:\Windows\System\zvmvwTZ.exe
  2⤵
  PID:3880
- C:\Windows\System\WlZJYQO.exe
  C:\Windows\System\WlZJYQO.exe
  2⤵
  PID:2872
- C:\Windows\System\xGuxRag.exe
  C:\Windows\System\xGuxRag.exe
  2⤵
  PID:3480
- C:\Windows\System\vJIPZnX.exe
  C:\Windows\System\vJIPZnX.exe
  2⤵
  PID:3944
- C:\Windows\System\aevAALb.exe
  C:\Windows\System\aevAALb.exe
  2⤵
  PID:4304
- C:\Windows\System\QkZsjUZ.exe
  C:\Windows\System\QkZsjUZ.exe
  2⤵
  PID:2880
- C:\Windows\System\AWVzCFu.exe
  C:\Windows\System\AWVzCFu.exe
  2⤵
  PID:4012
- C:\Windows\System\RTlBFiF.exe
  C:\Windows\System\RTlBFiF.exe
  2⤵
  PID:4404
- C:\Windows\System\uradaCN.exe
  C:\Windows\System\uradaCN.exe
  2⤵
  PID:4464
- C:\Windows\System\PQVrbVG.exe
  C:\Windows\System\PQVrbVG.exe
  2⤵
  PID:4940
- C:\Windows\System\qlvShku.exe
  C:\Windows\System\qlvShku.exe
  2⤵
  PID:4656
- C:\Windows\System\NSaCHTK.exe
  C:\Windows\System\NSaCHTK.exe
  2⤵
  PID:4868
- C:\Windows\System\uHqGzTz.exe
  C:\Windows\System\uHqGzTz.exe
  2⤵
  PID:4944
- C:\Windows\System\gJWNJwm.exe
  C:\Windows\System\gJWNJwm.exe
  2⤵
  PID:3368
- C:\Windows\System\JESfNAx.exe
  C:\Windows\System\JESfNAx.exe
  2⤵
  PID:2376
- C:\Windows\System\IHzcWWQ.exe
  C:\Windows\System\IHzcWWQ.exe
  2⤵
  PID:4416
- C:\Windows\System\NayfYYP.exe
  C:\Windows\System\NayfYYP.exe
  2⤵
  PID:1224
- C:\Windows\System\ZZiyfHH.exe
  C:\Windows\System\ZZiyfHH.exe
  2⤵
  PID:1392
- C:\Windows\System\IzNgHzb.exe
  C:\Windows\System\IzNgHzb.exe
  2⤵
  PID:5024
- C:\Windows\System\DktTMpv.exe
  C:\Windows\System\DktTMpv.exe
  2⤵
  PID:3576
- C:\Windows\System\PUDhgiN.exe
  C:\Windows\System\PUDhgiN.exe
  2⤵
  PID:3852
- C:\Windows\System\qiUGAYH.exe
  C:\Windows\System\qiUGAYH.exe
  2⤵
  PID:3308
- C:\Windows\System\IglCbzT.exe
  C:\Windows\System\IglCbzT.exe
  2⤵
  PID:2516
- C:\Windows\System\NVDeLjz.exe
  C:\Windows\System\NVDeLjz.exe
  2⤵
  PID:4072
- C:\Windows\System\iKUfBMZ.exe
  C:\Windows\System\iKUfBMZ.exe
  2⤵
  PID:4512
- C:\Windows\System\nquqamS.exe
  C:\Windows\System\nquqamS.exe
  2⤵
  PID:4788
- C:\Windows\System\KWrCmVC.exe
  C:\Windows\System\KWrCmVC.exe
  2⤵
  PID:3724
- C:\Windows\System\JoYxwVK.exe
  C:\Windows\System\JoYxwVK.exe
  2⤵
  PID:2924
- C:\Windows\System\tVFitVl.exe
  C:\Windows\System\tVFitVl.exe
  2⤵
  PID:2648
- C:\Windows\System\zdbDeEi.exe
  C:\Windows\System\zdbDeEi.exe
  2⤵
  PID:4972
- C:\Windows\System\chhipUi.exe
  C:\Windows\System\chhipUi.exe
  2⤵
  PID:3500
- C:\Windows\System\pKixqqJ.exe
  C:\Windows\System\pKixqqJ.exe
  2⤵
  PID:5112
- C:\Windows\System\KHsElnt.exe
  C:\Windows\System\KHsElnt.exe
  2⤵
  PID:1808
- C:\Windows\System\nXLoymJ.exe
  C:\Windows\System\nXLoymJ.exe
  2⤵
  PID:4720
- C:\Windows\System\nqbuqtR.exe
  C:\Windows\System\nqbuqtR.exe
  2⤵
  PID:4640
- C:\Windows\System\yzxXcBa.exe
  C:\Windows\System\yzxXcBa.exe
  2⤵
  PID:3996
- C:\Windows\System\ObZYtau.exe
  C:\Windows\System\ObZYtau.exe
  2⤵
  PID:5124
- C:\Windows\System\XYLBJqP.exe
  C:\Windows\System\XYLBJqP.exe
  2⤵
  PID:5172
- C:\Windows\System\yEIbhim.exe
  C:\Windows\System\yEIbhim.exe
  2⤵
  PID:5192
- C:\Windows\System\SVZQURq.exe
  C:\Windows\System\SVZQURq.exe
  2⤵
  PID:5208
- C:\Windows\System\DcitphM.exe
  C:\Windows\System\DcitphM.exe
  2⤵
  PID:5228
- C:\Windows\System\fboeYxt.exe
  C:\Windows\System\fboeYxt.exe
  2⤵
  PID:5244
- C:\Windows\System\rxWPkZs.exe
  C:\Windows\System\rxWPkZs.exe
  2⤵
  PID:5260
- C:\Windows\System\yfAqxYA.exe
  C:\Windows\System\yfAqxYA.exe
  2⤵
  PID:5276
- C:\Windows\System\OQiOkCN.exe
  C:\Windows\System\OQiOkCN.exe
  2⤵
  PID:5300
- C:\Windows\System\gOtaalV.exe
  C:\Windows\System\gOtaalV.exe
  2⤵
  PID:5316
- C:\Windows\System\TRdZcdc.exe
  C:\Windows\System\TRdZcdc.exe
  2⤵
  PID:5336
- C:\Windows\System\MnopzNK.exe
  C:\Windows\System\MnopzNK.exe
  2⤵
  PID:5352
- C:\Windows\System\OTRAKdh.exe
  C:\Windows\System\OTRAKdh.exe
  2⤵
  PID:5372
- C:\Windows\System\EbDMPjO.exe
  C:\Windows\System\EbDMPjO.exe
  2⤵
  PID:5388
- C:\Windows\System\VeEYprB.exe
  C:\Windows\System\VeEYprB.exe
  2⤵
  PID:5404
- C:\Windows\System\rPfZPlf.exe
  C:\Windows\System\rPfZPlf.exe
  2⤵
  PID:5420
- C:\Windows\System\eAxOGZM.exe
  C:\Windows\System\eAxOGZM.exe
  2⤵
  PID:5436
- C:\Windows\System\qrdRsEQ.exe
  C:\Windows\System\qrdRsEQ.exe
  2⤵
  PID:5452
- C:\Windows\System\zwpLhoo.exe
  C:\Windows\System\zwpLhoo.exe
  2⤵
  PID:5468
- C:\Windows\System\egKOhwT.exe
  C:\Windows\System\egKOhwT.exe
  2⤵
  PID:5484
- C:\Windows\System\EOsSOnc.exe
  C:\Windows\System\EOsSOnc.exe
  2⤵
  PID:5500
- C:\Windows\System\LUtvqjS.exe
  C:\Windows\System\LUtvqjS.exe
  2⤵
  PID:5516
- C:\Windows\System\mQjmmNj.exe
  C:\Windows\System\mQjmmNj.exe
  2⤵
  PID:5532
- C:\Windows\System\LhsSqGq.exe
  C:\Windows\System\LhsSqGq.exe
  2⤵
  PID:5548
- C:\Windows\System\HDfkTdb.exe
  C:\Windows\System\HDfkTdb.exe
  2⤵
  PID:5564
- C:\Windows\System\sVeDOOJ.exe
  C:\Windows\System\sVeDOOJ.exe
  2⤵
  PID:5580
- C:\Windows\System\FtIuOBJ.exe
  C:\Windows\System\FtIuOBJ.exe
  2⤵
  PID:5600
- C:\Windows\System\AYGspJd.exe
  C:\Windows\System\AYGspJd.exe
  2⤵
  PID:5616
- C:\Windows\System\lOPkcfM.exe
  C:\Windows\System\lOPkcfM.exe
  2⤵
  PID:5636
- C:\Windows\System\cYOftLy.exe
  C:\Windows\System\cYOftLy.exe
  2⤵
  PID:5652
- C:\Windows\System\IyATGqr.exe
  C:\Windows\System\IyATGqr.exe
  2⤵
  PID:5676
- C:\Windows\System\ExmmTEu.exe
  C:\Windows\System\ExmmTEu.exe
  2⤵
  PID:5692
- C:\Windows\System\yaaxPwM.exe
  C:\Windows\System\yaaxPwM.exe
  2⤵
  PID:5708
- C:\Windows\System\zTXQDYL.exe
  C:\Windows\System\zTXQDYL.exe
  2⤵
  PID:5728
- C:\Windows\System\XDKNOUS.exe
  C:\Windows\System\XDKNOUS.exe
  2⤵
  PID:5744
- C:\Windows\System\JCsLiOD.exe
  C:\Windows\System\JCsLiOD.exe
  2⤵
  PID:5764
- C:\Windows\System\IegLEPs.exe
  C:\Windows\System\IegLEPs.exe
  2⤵
  PID:5780
- C:\Windows\System\WQgnSSN.exe
  C:\Windows\System\WQgnSSN.exe
  2⤵
  PID:5800
- C:\Windows\System\fCxinlM.exe
  C:\Windows\System\fCxinlM.exe
  2⤵
  PID:5816
- C:\Windows\System\fnnOALo.exe
  C:\Windows\System\fnnOALo.exe
  2⤵
  PID:5836
- C:\Windows\System\ilLdvnC.exe
  C:\Windows\System\ilLdvnC.exe
  2⤵
  PID:5856
- C:\Windows\System\YgaggqG.exe
  C:\Windows\System\YgaggqG.exe
  2⤵
  PID:5872
- C:\Windows\System\IohDTbQ.exe
  C:\Windows\System\IohDTbQ.exe
  2⤵
  PID:5892
- C:\Windows\System\YjzktkV.exe
  C:\Windows\System\YjzktkV.exe
  2⤵
  PID:5912
- C:\Windows\System\eLoNUwI.exe
  C:\Windows\System\eLoNUwI.exe
  2⤵
  PID:5932
- C:\Windows\System\ubfYYnA.exe
  C:\Windows\System\ubfYYnA.exe
  2⤵
  PID:5952
- C:\Windows\System\OUNTMPD.exe
  C:\Windows\System\OUNTMPD.exe
  2⤵
  PID:5968
- C:\Windows\System\lzApPEj.exe
  C:\Windows\System\lzApPEj.exe
  2⤵
  PID:5984
- C:\Windows\System\kHHOsdI.exe
  C:\Windows\System\kHHOsdI.exe
  2⤵
  PID:6000
- C:\Windows\System\BhjcAXN.exe
  C:\Windows\System\BhjcAXN.exe
  2⤵
  PID:6016
- C:\Windows\System\XEfXPIw.exe
  C:\Windows\System\XEfXPIw.exe
  2⤵
  PID:6032
- C:\Windows\System\sWfRACF.exe
  C:\Windows\System\sWfRACF.exe
  2⤵
  PID:6048
- C:\Windows\System\HFGWysS.exe
  C:\Windows\System\HFGWysS.exe
  2⤵
  PID:6064
- C:\Windows\System\gzwEYTZ.exe
  C:\Windows\System\gzwEYTZ.exe
  2⤵
  PID:6080
- C:\Windows\System\EwGhtvH.exe
  C:\Windows\System\EwGhtvH.exe
  2⤵
  PID:6096
- C:\Windows\System\YObWrcf.exe
  C:\Windows\System\YObWrcf.exe
  2⤵
  PID:6112
- C:\Windows\System\UuhQRGF.exe
  C:\Windows\System\UuhQRGF.exe
  2⤵
  PID:6128
- C:\Windows\System\OBjewJq.exe
  C:\Windows\System\OBjewJq.exe
  2⤵
  PID:5036
- C:\Windows\System\PlFyoVC.exe
  C:\Windows\System\PlFyoVC.exe
  2⤵
  PID:4112
- C:\Windows\System\NYoIiJg.exe
  C:\Windows\System\NYoIiJg.exe
  2⤵
  PID:4884
- C:\Windows\System\RSJaAUF.exe
  C:\Windows\System\RSJaAUF.exe
  2⤵
  PID:4160
- C:\Windows\System\mVaCJdB.exe
  C:\Windows\System\mVaCJdB.exe
  2⤵
  PID:1936
- C:\Windows\System\vmJoauB.exe
  C:\Windows\System\vmJoauB.exe
  2⤵
  PID:3144
- C:\Windows\System\ZwHfqkK.exe
  C:\Windows\System\ZwHfqkK.exe
  2⤵
  PID:5136
- C:\Windows\System\wUhzDwV.exe
  C:\Windows\System\wUhzDwV.exe
  2⤵
  PID:4272
- C:\Windows\System\UvJmTHF.exe
  C:\Windows\System\UvJmTHF.exe
  2⤵
  PID:4576
- C:\Windows\System\qNvULOO.exe
  C:\Windows\System\qNvULOO.exe
  2⤵
  PID:3528
- C:\Windows\System\jgcWUGs.exe
  C:\Windows\System\jgcWUGs.exe
  2⤵
  PID:5148
- C:\Windows\System\sNevQhr.exe
  C:\Windows\System\sNevQhr.exe
  2⤵
  PID:5216
- C:\Windows\System\oAkzfca.exe
  C:\Windows\System\oAkzfca.exe
  2⤵
  PID:1028
- C:\Windows\System\XndyXVp.exe
  C:\Windows\System\XndyXVp.exe
  2⤵
  PID:5288
- C:\Windows\System\MHsKUgu.exe
  C:\Windows\System\MHsKUgu.exe
  2⤵
  PID:5328
- C:\Windows\System\eJpJeKV.exe
  C:\Windows\System\eJpJeKV.exe
  2⤵
  PID:5364
- C:\Windows\System\ATToFKL.exe
  C:\Windows\System\ATToFKL.exe
  2⤵
  PID:2936
- C:\Windows\System\AKxLtZp.exe
  C:\Windows\System\AKxLtZp.exe
  2⤵
  PID:5180
- C:\Windows\System\DRCBinW.exe
  C:\Windows\System\DRCBinW.exe
  2⤵
  PID:6076
- C:\Windows\System\tXrTJRb.exe
  C:\Windows\System\tXrTJRb.exe
  2⤵
  PID:4340
- C:\Windows\System\PEWBtvb.exe
  C:\Windows\System\PEWBtvb.exe
  2⤵
  PID:2604
- C:\Windows\System\ZLjgFXy.exe
  C:\Windows\System\ZLjgFXy.exe
  2⤵
  PID:1812
- C:\Windows\System\vMnZhyB.exe
  C:\Windows\System\vMnZhyB.exe
  2⤵
  PID:5324
- C:\Windows\System\dlNcFul.exe
  C:\Windows\System\dlNcFul.exe
  2⤵
  PID:2444
- C:\Windows\System\mLMnWlX.exe
  C:\Windows\System\mLMnWlX.exe
  2⤵
  PID:5812
- C:\Windows\System\aAJXWdO.exe
  C:\Windows\System\aAJXWdO.exe
  2⤵
  PID:1644
- C:\Windows\System\XZWVRlK.exe
  C:\Windows\System\XZWVRlK.exe
  2⤵
  PID:5344
- C:\Windows\System\gfPkICn.exe
  C:\Windows\System\gfPkICn.exe
  2⤵
  PID:5412
- C:\Windows\System\iTIVEaL.exe
  C:\Windows\System\iTIVEaL.exe
  2⤵
  PID:5480
- C:\Windows\System\jEsviuW.exe
  C:\Windows\System\jEsviuW.exe
  2⤵
  PID:5544
- C:\Windows\System\DyCLCxz.exe
  C:\Windows\System\DyCLCxz.exe
  2⤵
  PID:5844
- C:\Windows\System\CWfqgqD.exe
  C:\Windows\System\CWfqgqD.exe
  2⤵
  PID:5888
- C:\Windows\System\ibgpZCz.exe
  C:\Windows\System\ibgpZCz.exe
  2⤵
  PID:5928
- C:\Windows\System\XdJzgbf.exe
  C:\Windows\System\XdJzgbf.exe
  2⤵
  PID:6024
- C:\Windows\System\QgZCFbs.exe
  C:\Windows\System\QgZCFbs.exe
  2⤵
  PID:6088
- C:\Windows\System\xdsGhZU.exe
  C:\Windows\System\xdsGhZU.exe
  2⤵
  PID:608
- C:\Windows\System\UpvJpKe.exe
  C:\Windows\System\UpvJpKe.exe
  2⤵
  PID:4660
- C:\Windows\System\BDKOJMf.exe
  C:\Windows\System\BDKOJMf.exe
  2⤵
  PID:1148
- C:\Windows\System\OjtTElQ.exe
  C:\Windows\System\OjtTElQ.exe
  2⤵
  PID:5256
- C:\Windows\System\XouOkEt.exe
  C:\Windows\System\XouOkEt.exe
  2⤵
  PID:5464
- C:\Windows\System\dJRmAGm.exe
  C:\Windows\System\dJRmAGm.exe
  2⤵
  PID:5556
- C:\Windows\System\PzEOpfu.exe
  C:\Windows\System\PzEOpfu.exe
  2⤵
  PID:5156
- C:\Windows\System\ISrdchJ.exe
  C:\Windows\System\ISrdchJ.exe
  2⤵
  PID:5624
- C:\Windows\System\lBhzzWC.exe
  C:\Windows\System\lBhzzWC.exe
  2⤵
  PID:5668
- C:\Windows\System\hOUpwDH.exe
  C:\Windows\System\hOUpwDH.exe
  2⤵
  PID:3012
- C:\Windows\System\fumnqBg.exe
  C:\Windows\System\fumnqBg.exe
  2⤵
  PID:596
- C:\Windows\System\OHitYbK.exe
  C:\Windows\System\OHitYbK.exe
  2⤵
  PID:5416
- C:\Windows\System\GxxguqV.exe
  C:\Windows\System\GxxguqV.exe
  2⤵
  PID:5648
- C:\Windows\System\DXyZXyr.exe
  C:\Windows\System\DXyZXyr.exe
  2⤵
  PID:5716
- C:\Windows\System\Hyxafpe.exe
  C:\Windows\System\Hyxafpe.exe
  2⤵
  PID:5760
- C:\Windows\System\CYWSQZp.exe
  C:\Windows\System\CYWSQZp.exe
  2⤵
  PID:5824
- C:\Windows\System\ODmAJhK.exe
  C:\Windows\System\ODmAJhK.exe
  2⤵
  PID:5868
- C:\Windows\System\VHtwYXN.exe
  C:\Windows\System\VHtwYXN.exe
  2⤵
  PID:5940
- C:\Windows\System\jRHnrEp.exe
  C:\Windows\System\jRHnrEp.exe
  2⤵
  PID:5976
- C:\Windows\System\zZxuBvz.exe
  C:\Windows\System\zZxuBvz.exe
  2⤵
  PID:2596
- C:\Windows\System\lZwOqAb.exe
  C:\Windows\System\lZwOqAb.exe
  2⤵
  PID:4592
- C:\Windows\System\mFGrwJu.exe
  C:\Windows\System\mFGrwJu.exe
  2⤵
  PID:6040
- C:\Windows\System\WHVTyER.exe
  C:\Windows\System\WHVTyER.exe
  2⤵
  PID:6136
- C:\Windows\System\LOvleIV.exe
  C:\Windows\System\LOvleIV.exe
  2⤵
  PID:5704
- C:\Windows\System\GoQadNA.exe
  C:\Windows\System\GoQadNA.exe
  2⤵
  PID:2816
- C:\Windows\System\lewolwf.exe
  C:\Windows\System\lewolwf.exe
  2⤵
  PID:5572
- C:\Windows\System\BfNkpzJ.exe
  C:\Windows\System\BfNkpzJ.exe
  2⤵
  PID:5996
- C:\Windows\System\welOkDn.exe
  C:\Windows\System\welOkDn.exe
  2⤵
  PID:3980
- C:\Windows\System\jMoSzmd.exe
  C:\Windows\System\jMoSzmd.exe
  2⤵
  PID:5560
- C:\Windows\System\EkLfjAv.exe
  C:\Windows\System\EkLfjAv.exe
  2⤵
  PID:3024
- C:\Windows\System\HuXpJVn.exe
  C:\Windows\System\HuXpJVn.exe
  2⤵
  PID:5152
- C:\Windows\System\sPpkjru.exe
  C:\Windows\System\sPpkjru.exe
  2⤵
  PID:2704
- C:\Windows\System\TWRQjzC.exe
  C:\Windows\System\TWRQjzC.exe
  2⤵
  PID:5308
- C:\Windows\System\yFewyVQ.exe
  C:\Windows\System\yFewyVQ.exe
  2⤵
  PID:1480
- C:\Windows\System\SHXMWpO.exe
  C:\Windows\System\SHXMWpO.exe
  2⤵
  PID:6060
- C:\Windows\System\BwnGmgq.exe
  C:\Windows\System\BwnGmgq.exe
  2⤵
  PID:5284
- C:\Windows\System\vEexLTs.exe
  C:\Windows\System\vEexLTs.exe
  2⤵
  PID:4156
- C:\Windows\System\TxXgaip.exe
  C:\Windows\System\TxXgaip.exe
  2⤵
  PID:5236
- C:\Windows\System\TcNRfNK.exe
  C:\Windows\System\TcNRfNK.exe
  2⤵
  PID:5688
- C:\Windows\System\fsThICD.exe
  C:\Windows\System\fsThICD.exe
  2⤵
  PID:5908
- C:\Windows\System\wOaVTDH.exe
  C:\Windows\System\wOaVTDH.exe
  2⤵
  PID:5576
- C:\Windows\System\BiVfJji.exe
  C:\Windows\System\BiVfJji.exe
  2⤵
  PID:5752
- C:\Windows\System\HeYKqAU.exe
  C:\Windows\System\HeYKqAU.exe
  2⤵
  PID:5864
- C:\Windows\System\PuJwZYL.exe
  C:\Windows\System\PuJwZYL.exe
  2⤵
  PID:1576
- C:\Windows\System\GIybmRU.exe
  C:\Windows\System\GIybmRU.exe
  2⤵
  PID:6012
- C:\Windows\System\aYhfyiP.exe
  C:\Windows\System\aYhfyiP.exe
  2⤵
  PID:5400
- C:\Windows\System\ytmQtyp.exe
  C:\Windows\System\ytmQtyp.exe
  2⤵
  PID:3676
- C:\Windows\System\ForBivM.exe
  C:\Windows\System\ForBivM.exe
  2⤵
  PID:2988
- C:\Windows\System\uXZuUYp.exe
  C:\Windows\System\uXZuUYp.exe
  2⤵
  PID:5460
- C:\Windows\System\qfzBasf.exe
  C:\Windows\System\qfzBasf.exe
  2⤵
  PID:6056
- C:\Windows\System\LtqoiqR.exe
  C:\Windows\System\LtqoiqR.exe
  2⤵
  PID:6104
- C:\Windows\System\zHpIOnD.exe
  C:\Windows\System\zHpIOnD.exe
  2⤵
  PID:5512
- C:\Windows\System\oogKuqK.exe
  C:\Windows\System\oogKuqK.exe
  2⤵
  PID:5184
- C:\Windows\System\BPPzJEI.exe
  C:\Windows\System\BPPzJEI.exe
  2⤵
  PID:5140
- C:\Windows\System\qBTbqtW.exe
  C:\Windows\System\qBTbqtW.exe
  2⤵
  PID:2352
- C:\Windows\System\HtCapYL.exe
  C:\Windows\System\HtCapYL.exe
  2⤵
  PID:320
- C:\Windows\System\KQnnDaA.exe
  C:\Windows\System\KQnnDaA.exe
  2⤵
  PID:5612
- C:\Windows\System\ZzlfkFL.exe
  C:\Windows\System\ZzlfkFL.exe
  2⤵
  PID:2508
- C:\Windows\System\bppBTdr.exe
  C:\Windows\System\bppBTdr.exe
  2⤵
  PID:6044
- C:\Windows\System\TFmixsk.exe
  C:\Windows\System\TFmixsk.exe
  2⤵
  PID:5808
- C:\Windows\System\eUkjcTz.exe
  C:\Windows\System\eUkjcTz.exe
  2⤵
  PID:5224
- C:\Windows\System\TgBIgIz.exe
  C:\Windows\System\TgBIgIz.exe
  2⤵
  PID:5632
- C:\Windows\System\ZQXIgat.exe
  C:\Windows\System\ZQXIgat.exe
  2⤵
  PID:2380
- C:\Windows\System\WZcZmUs.exe
  C:\Windows\System\WZcZmUs.exe
  2⤵
  PID:5448
- C:\Windows\System\VwNJSJP.exe
  C:\Windows\System\VwNJSJP.exe
  2⤵
  PID:4168
- C:\Windows\System\IRvGwVJ.exe
  C:\Windows\System\IRvGwVJ.exe
  2⤵
  PID:4252
- C:\Windows\System\tnDOLgJ.exe
  C:\Windows\System\tnDOLgJ.exe
  2⤵
  PID:5528
- C:\Windows\System\AvSAbzp.exe
  C:\Windows\System\AvSAbzp.exe
  2⤵
  PID:6148
- C:\Windows\System\AoUhoFW.exe
  C:\Windows\System\AoUhoFW.exe
  2⤵
  PID:6164
- C:\Windows\System\JoTxFqy.exe
  C:\Windows\System\JoTxFqy.exe
  2⤵
  PID:6236
- C:\Windows\System\MGUKrXK.exe
  C:\Windows\System\MGUKrXK.exe
  2⤵
  PID:6256
- C:\Windows\System\tieRLhG.exe
  C:\Windows\System\tieRLhG.exe
  2⤵
  PID:6276
- C:\Windows\System\AgDgDPp.exe
  C:\Windows\System\AgDgDPp.exe
  2⤵
  PID:6292
- C:\Windows\System\deGvJUV.exe
  C:\Windows\System\deGvJUV.exe
  2⤵
  PID:6308
- C:\Windows\System\iDbZSLJ.exe
  C:\Windows\System\iDbZSLJ.exe
  2⤵
  PID:6324
- C:\Windows\System\RwGXLnv.exe
  C:\Windows\System\RwGXLnv.exe
  2⤵
  PID:6340
- C:\Windows\System\LfwmDuE.exe
  C:\Windows\System\LfwmDuE.exe
  2⤵
  PID:6360
- C:\Windows\System\wvxHUxp.exe
  C:\Windows\System\wvxHUxp.exe
  2⤵
  PID:6376
- C:\Windows\System\TurYfQM.exe
  C:\Windows\System\TurYfQM.exe
  2⤵
  PID:6396
- C:\Windows\System\nFtGwQV.exe
  C:\Windows\System\nFtGwQV.exe
  2⤵
  PID:6416
- C:\Windows\System\tDcBjVF.exe
  C:\Windows\System\tDcBjVF.exe
  2⤵
  PID:6432
- C:\Windows\System\cJdcXkB.exe
  C:\Windows\System\cJdcXkB.exe
  2⤵
  PID:6452
- C:\Windows\System\HmyMyUI.exe
  C:\Windows\System\HmyMyUI.exe
  2⤵
  PID:6468
- C:\Windows\System\VRjLJWG.exe
  C:\Windows\System\VRjLJWG.exe
  2⤵
  PID:6484
- C:\Windows\System\ypHxOuB.exe
  C:\Windows\System\ypHxOuB.exe
  2⤵
  PID:6500
- C:\Windows\System\eMQHdFc.exe
  C:\Windows\System\eMQHdFc.exe
  2⤵
  PID:6516
- C:\Windows\System\WHGufpe.exe
  C:\Windows\System\WHGufpe.exe
  2⤵
  PID:6532
- C:\Windows\System\MDTqNcn.exe
  C:\Windows\System\MDTqNcn.exe
  2⤵
  PID:6588
- C:\Windows\System\YfhzIxj.exe
  C:\Windows\System\YfhzIxj.exe
  2⤵
  PID:6604
- C:\Windows\System\PMpLIhN.exe
  C:\Windows\System\PMpLIhN.exe
  2⤵
  PID:6620
- C:\Windows\System\UJcpeRx.exe
  C:\Windows\System\UJcpeRx.exe
  2⤵
  PID:6636
- C:\Windows\System\MhLZlOc.exe
  C:\Windows\System\MhLZlOc.exe
  2⤵
  PID:6652
- C:\Windows\System\LhgaUjt.exe
  C:\Windows\System\LhgaUjt.exe
  2⤵
  PID:6668
- C:\Windows\System\AnOBzdO.exe
  C:\Windows\System\AnOBzdO.exe
  2⤵
  PID:6684
- C:\Windows\System\HWWUdCi.exe
  C:\Windows\System\HWWUdCi.exe
  2⤵
  PID:6700
- C:\Windows\System\tGCpgSx.exe
  C:\Windows\System\tGCpgSx.exe
  2⤵
  PID:6720
- C:\Windows\System\LhSgTIl.exe
  C:\Windows\System\LhSgTIl.exe
  2⤵
  PID:6748
- C:\Windows\System\awlUykX.exe
  C:\Windows\System\awlUykX.exe
  2⤵
  PID:6764
- C:\Windows\System\bvIgfKV.exe
  C:\Windows\System\bvIgfKV.exe
  2⤵
  PID:6784
- C:\Windows\System\utVlkvF.exe
  C:\Windows\System\utVlkvF.exe
  2⤵
  PID:6800
- C:\Windows\System\vtwauiu.exe
  C:\Windows\System\vtwauiu.exe
  2⤵
  PID:6816
- C:\Windows\System\cooYdHC.exe
  C:\Windows\System\cooYdHC.exe
  2⤵
  PID:6832
- C:\Windows\System\IZMFqJC.exe
  C:\Windows\System\IZMFqJC.exe
  2⤵
  PID:6852
- C:\Windows\System\OXhFxPY.exe
  C:\Windows\System\OXhFxPY.exe
  2⤵
  PID:6872
- C:\Windows\System\TrBILXd.exe
  C:\Windows\System\TrBILXd.exe
  2⤵
  PID:6892
- C:\Windows\System\gnguRyK.exe
  C:\Windows\System\gnguRyK.exe
  2⤵
  PID:6916
- C:\Windows\System\RRyOqdY.exe
  C:\Windows\System\RRyOqdY.exe
  2⤵
  PID:6940
- C:\Windows\System\TOISJso.exe
  C:\Windows\System\TOISJso.exe
  2⤵
  PID:6964
- C:\Windows\System\rKYglZK.exe
  C:\Windows\System\rKYglZK.exe
  2⤵
  PID:6988
- C:\Windows\System\CyWHeXk.exe
  C:\Windows\System\CyWHeXk.exe
  2⤵
  PID:7008
- C:\Windows\System\MqhUcjs.exe
  C:\Windows\System\MqhUcjs.exe
  2⤵
  PID:7028
- C:\Windows\System\ZfbfjFc.exe
  C:\Windows\System\ZfbfjFc.exe
  2⤵
  PID:7048
- C:\Windows\System\yPmzAgi.exe
  C:\Windows\System\yPmzAgi.exe
  2⤵
  PID:7064
- C:\Windows\System\BMCBSMj.exe
  C:\Windows\System\BMCBSMj.exe
  2⤵
  PID:7084
- C:\Windows\System\cesSHLt.exe
  C:\Windows\System\cesSHLt.exe
  2⤵
  PID:7100
- C:\Windows\System\kLsOZVc.exe
  C:\Windows\System\kLsOZVc.exe
  2⤵
  PID:7120
- C:\Windows\System\wwPPODO.exe
  C:\Windows\System\wwPPODO.exe
  2⤵
  PID:7140
- C:\Windows\System\maJXhxn.exe
  C:\Windows\System\maJXhxn.exe
  2⤵
  PID:7156
- C:\Windows\System\uhyxMCX.exe
  C:\Windows\System\uhyxMCX.exe
  2⤵
  PID:5132
- C:\Windows\System\NedzqBO.exe
  C:\Windows\System\NedzqBO.exe
  2⤵
  PID:832
- C:\Windows\System\HFuGmte.exe
  C:\Windows\System\HFuGmte.exe
  2⤵
  PID:1624
- C:\Windows\System\GJLQWIz.exe
  C:\Windows\System\GJLQWIz.exe
  2⤵
  PID:2136
- C:\Windows\System\aRVYUam.exe
  C:\Windows\System\aRVYUam.exe
  2⤵
  PID:5992
- C:\Windows\System\jGcVXzc.exe
  C:\Windows\System\jGcVXzc.exe
  2⤵
  PID:2180
- C:\Windows\System\CUvvXIS.exe
  C:\Windows\System\CUvvXIS.exe
  2⤵
  PID:6160
- C:\Windows\System\yuGZsHZ.exe
  C:\Windows\System\yuGZsHZ.exe
  2⤵
  PID:6188
- C:\Windows\System\DtQQzRX.exe
  C:\Windows\System\DtQQzRX.exe
  2⤵
  PID:6212
- C:\Windows\System\HGOlcSS.exe
  C:\Windows\System\HGOlcSS.exe
  2⤵
  PID:3564
- C:\Windows\System\mwVRYfC.exe
  C:\Windows\System\mwVRYfC.exe
  2⤵
  PID:2784
- C:\Windows\System\Jikmhtg.exe
  C:\Windows\System\Jikmhtg.exe
  2⤵
  PID:6248
- C:\Windows\System\YDYbLCp.exe
  C:\Windows\System\YDYbLCp.exe
  2⤵
  PID:6272
- C:\Windows\System\TNxwxou.exe
  C:\Windows\System\TNxwxou.exe
  2⤵
  PID:6320
- C:\Windows\System\Gmnkviq.exe
  C:\Windows\System\Gmnkviq.exe
  2⤵
  PID:6388
- C:\Windows\System\YHYpGxo.exe
  C:\Windows\System\YHYpGxo.exe
  2⤵
  PID:6336
- C:\Windows\System\KuGpXPp.exe
  C:\Windows\System\KuGpXPp.exe
  2⤵
  PID:6408
- C:\Windows\System\JJICKAA.exe
  C:\Windows\System\JJICKAA.exe
  2⤵
  PID:6444
- C:\Windows\System\FbzCcPO.exe
  C:\Windows\System\FbzCcPO.exe
  2⤵
  PID:6508
- C:\Windows\System\VgyvwJb.exe
  C:\Windows\System\VgyvwJb.exe
  2⤵
  PID:6552
- C:\Windows\System\nUvBayZ.exe
  C:\Windows\System\nUvBayZ.exe
  2⤵
  PID:6572
- C:\Windows\System\twQREjA.exe
  C:\Windows\System\twQREjA.exe
  2⤵
  PID:6544
- C:\Windows\System\AMKmnSi.exe
  C:\Windows\System\AMKmnSi.exe
  2⤵
  PID:6616
- C:\Windows\System\EycNxRp.exe
  C:\Windows\System\EycNxRp.exe
  2⤵
  PID:6708
- C:\Windows\System\IsXyILq.exe
  C:\Windows\System\IsXyILq.exe
  2⤵
  PID:6424
- C:\Windows\System\TCXCxZQ.exe
  C:\Windows\System\TCXCxZQ.exe
  2⤵
  PID:6460
- C:\Windows\System\ikxeRan.exe
  C:\Windows\System\ikxeRan.exe
  2⤵
  PID:6628
- C:\Windows\System\MtbDYER.exe
  C:\Windows\System\MtbDYER.exe
  2⤵
  PID:6692
- C:\Windows\System\tMoyVit.exe
  C:\Windows\System\tMoyVit.exe
  2⤵
  PID:6772
- C:\Windows\System\FrPyTyt.exe
  C:\Windows\System\FrPyTyt.exe
  2⤵
  PID:6880
- C:\Windows\System\MfkQaRb.exe
  C:\Windows\System\MfkQaRb.exe
  2⤵
  PID:6808
- C:\Windows\System\MgOsrzX.exe
  C:\Windows\System\MgOsrzX.exe
  2⤵
  PID:6888
- C:\Windows\System\iiEcHxy.exe
  C:\Windows\System\iiEcHxy.exe
  2⤵
  PID:6984
- C:\Windows\System\vUWYMyz.exe
  C:\Windows\System\vUWYMyz.exe
  2⤵
  PID:7060
- C:\Windows\System\kKGZvOY.exe
  C:\Windows\System\kKGZvOY.exe
  2⤵
  PID:7136
- C:\Windows\System\izcaOzX.exe
  C:\Windows\System\izcaOzX.exe
  2⤵
  PID:5204
- C:\Windows\System\qESWEdP.exe
  C:\Windows\System\qESWEdP.exe
  2⤵
  PID:6192
- C:\Windows\System\xZUfDVH.exe
  C:\Windows\System\xZUfDVH.exe
  2⤵
  PID:6264
- C:\Windows\System\XIeGoVc.exe
  C:\Windows\System\XIeGoVc.exe
  2⤵
  PID:6480
- C:\Windows\System\GPhIHgn.exe
  C:\Windows\System\GPhIHgn.exe
  2⤵
  PID:6732
- C:\Windows\System\QkLtXHK.exe
  C:\Windows\System\QkLtXHK.exe
  2⤵
  PID:6476
- C:\Windows\System\uFqsewq.exe
  C:\Windows\System\uFqsewq.exe
  2⤵
  PID:4164
- C:\Windows\System\OxiwPve.exe
  C:\Windows\System\OxiwPve.exe
  2⤵
  PID:6352
- C:\Windows\System\LUBwJIW.exe
  C:\Windows\System\LUBwJIW.exe
  2⤵
  PID:7128
- C:\Windows\System\TQRKBZp.exe
  C:\Windows\System\TQRKBZp.exe
  2⤵
  PID:6780
- C:\Windows\System\LQxGiiA.exe
  C:\Windows\System\LQxGiiA.exe
  2⤵
  PID:6936
- C:\Windows\System\ncMSIRA.exe
  C:\Windows\System\ncMSIRA.exe
  2⤵
  PID:6156
- C:\Windows\System\AnpsVXp.exe
  C:\Windows\System\AnpsVXp.exe
  2⤵
  PID:7184
- C:\Windows\System\pQUwbFp.exe
  C:\Windows\System\pQUwbFp.exe
  2⤵
  PID:7200
- C:\Windows\System\vvTnOTj.exe
  C:\Windows\System\vvTnOTj.exe
  2⤵
  PID:7216
- C:\Windows\System\scPVQut.exe
  C:\Windows\System\scPVQut.exe
  2⤵
  PID:7236
- C:\Windows\System\SqYMwKF.exe
  C:\Windows\System\SqYMwKF.exe
  2⤵
  PID:7256
- C:\Windows\System\dfZonkW.exe
  C:\Windows\System\dfZonkW.exe
  2⤵
  PID:7276
- C:\Windows\System\bNZPvpN.exe
  C:\Windows\System\bNZPvpN.exe
  2⤵
  PID:7292
- C:\Windows\System\hxIseyE.exe
  C:\Windows\System\hxIseyE.exe
  2⤵
  PID:7308
- C:\Windows\System\WnPNAXP.exe
  C:\Windows\System\WnPNAXP.exe
  2⤵
  PID:7328
- C:\Windows\System\nppzdcA.exe
  C:\Windows\System\nppzdcA.exe
  2⤵
  PID:7344
- C:\Windows\System\IesyARF.exe
  C:\Windows\System\IesyARF.exe
  2⤵
  PID:7364
- C:\Windows\System\FofRxfQ.exe
  C:\Windows\System\FofRxfQ.exe
  2⤵
  PID:7380
- C:\Windows\System\VfaTclL.exe
  C:\Windows\System\VfaTclL.exe
  2⤵
  PID:7400
- C:\Windows\System\AnmlJBT.exe
  C:\Windows\System\AnmlJBT.exe
  2⤵
  PID:7424
- C:\Windows\System\uugLnKx.exe
  C:\Windows\System\uugLnKx.exe
  2⤵
  PID:7440
- C:\Windows\System\srVHBYi.exe
  C:\Windows\System\srVHBYi.exe
  2⤵
  PID:7460
- C:\Windows\System\WOvxNcL.exe
  C:\Windows\System\WOvxNcL.exe
  2⤵
  PID:7476
- C:\Windows\System\rPXviXD.exe
  C:\Windows\System\rPXviXD.exe
  2⤵
  PID:7496
- C:\Windows\System\mfAanwu.exe
  C:\Windows\System\mfAanwu.exe
  2⤵
  PID:7512
- C:\Windows\System\HrUXeqS.exe
  C:\Windows\System\HrUXeqS.exe
  2⤵
  PID:7536
- C:\Windows\System\vuLAIkW.exe
  C:\Windows\System\vuLAIkW.exe
  2⤵
  PID:7552
- C:\Windows\System\buuYmmq.exe
  C:\Windows\System\buuYmmq.exe
  2⤵
  PID:7572
- C:\Windows\System\tOHTzTD.exe
  C:\Windows\System\tOHTzTD.exe
  2⤵
  PID:7588
- C:\Windows\System\varaolt.exe
  C:\Windows\System\varaolt.exe
  2⤵
  PID:7608
- C:\Windows\System\gjnLwuk.exe
  C:\Windows\System\gjnLwuk.exe
  2⤵
  PID:7624
- C:\Windows\System\yfaHhMg.exe
  C:\Windows\System\yfaHhMg.exe
  2⤵
  PID:7644
- C:\Windows\System\OXJeyzO.exe
  C:\Windows\System\OXJeyzO.exe
  2⤵
  PID:7660
- C:\Windows\System\SfUKzkI.exe
  C:\Windows\System\SfUKzkI.exe
  2⤵
  PID:7684
- C:\Windows\System\OyLNdln.exe
  C:\Windows\System\OyLNdln.exe
  2⤵
  PID:7700
- C:\Windows\System\lwpZbjm.exe
  C:\Windows\System\lwpZbjm.exe
  2⤵
  PID:7720
- C:\Windows\System\XCFrOKT.exe
  C:\Windows\System\XCFrOKT.exe
  2⤵
  PID:7740
- C:\Windows\System\lHImYvC.exe
  C:\Windows\System\lHImYvC.exe
  2⤵
  PID:7756
- C:\Windows\System\qdhahRA.exe
  C:\Windows\System\qdhahRA.exe
  2⤵
  PID:7772
- C:\Windows\System\wgRUqTI.exe
  C:\Windows\System\wgRUqTI.exe
  2⤵
  PID:7788
- C:\Windows\System\MVCkZEH.exe
  C:\Windows\System\MVCkZEH.exe
  2⤵
  PID:7804
- C:\Windows\System\iropxAY.exe
  C:\Windows\System\iropxAY.exe
  2⤵
  PID:7820
- C:\Windows\System\WgTDurs.exe
  C:\Windows\System\WgTDurs.exe
  2⤵
  PID:7836
- C:\Windows\System\TYDBDQV.exe
  C:\Windows\System\TYDBDQV.exe
  2⤵
  PID:7852
- C:\Windows\System\xCAmgcw.exe
  C:\Windows\System\xCAmgcw.exe
  2⤵
  PID:7876
- C:\Windows\System\GSoKOnk.exe
  C:\Windows\System\GSoKOnk.exe
  2⤵
  PID:7900
- C:\Windows\System\bCaBeUT.exe
  C:\Windows\System\bCaBeUT.exe
  2⤵
  PID:7916
- C:\Windows\System\ShEflij.exe
  C:\Windows\System\ShEflij.exe
  2⤵
  PID:7932
- C:\Windows\System\xTNbTYI.exe
  C:\Windows\System\xTNbTYI.exe
  2⤵
  PID:7948
- C:\Windows\System\CkRZkKh.exe
  C:\Windows\System\CkRZkKh.exe
  2⤵
  PID:7964
- C:\Windows\System\hneZHVp.exe
  C:\Windows\System\hneZHVp.exe
  2⤵
  PID:7984
- C:\Windows\System\mlSWmeI.exe
  C:\Windows\System\mlSWmeI.exe
  2⤵
  PID:8008
- C:\Windows\System\EfYxpyU.exe
  C:\Windows\System\EfYxpyU.exe
  2⤵
  PID:8028
- C:\Windows\System\PLOxvIF.exe
  C:\Windows\System\PLOxvIF.exe
  2⤵
  PID:8048
- C:\Windows\System\OgcaGro.exe
  C:\Windows\System\OgcaGro.exe
  2⤵
  PID:8064
- C:\Windows\System\EDANdWO.exe
  C:\Windows\System\EDANdWO.exe
  2⤵
  PID:8080
- C:\Windows\System\lolbMWg.exe
  C:\Windows\System\lolbMWg.exe
  2⤵
  PID:8096
- C:\Windows\System\TmOFnaH.exe
  C:\Windows\System\TmOFnaH.exe
  2⤵
  PID:8112
- C:\Windows\System\hZlnDkY.exe
  C:\Windows\System\hZlnDkY.exe
  2⤵
  PID:8128
- C:\Windows\System\WngBWUO.exe
  C:\Windows\System\WngBWUO.exe
  2⤵
  PID:8144
- C:\Windows\System\XAOMhsP.exe
  C:\Windows\System\XAOMhsP.exe
  2⤵
  PID:8164
- C:\Windows\System\kJpkSaf.exe
  C:\Windows\System\kJpkSaf.exe
  2⤵
  PID:8180
- C:\Windows\System\kzLYEdd.exe
  C:\Windows\System\kzLYEdd.exe
  2⤵
  PID:5736
- C:\Windows\System\SYuZIIB.exe
  C:\Windows\System\SYuZIIB.exe
  2⤵
  PID:7224
- C:\Windows\System\AYqzlfJ.exe
  C:\Windows\System\AYqzlfJ.exe
  2⤵
  PID:7268
- C:\Windows\System\IMxOoZY.exe
  C:\Windows\System\IMxOoZY.exe
  2⤵
  PID:7336
- C:\Windows\System\xvSDGDN.exe
  C:\Windows\System\xvSDGDN.exe
  2⤵
  PID:7408
- C:\Windows\System\GodIQHr.exe
  C:\Windows\System\GodIQHr.exe
  2⤵
  PID:7448
- C:\Windows\System\BGqHSGr.exe
  C:\Windows\System\BGqHSGr.exe
  2⤵
  PID:7492
- C:\Windows\System\ASiOdsO.exe
  C:\Windows\System\ASiOdsO.exe
  2⤵
  PID:7560
- C:\Windows\System\PuSOiIC.exe
  C:\Windows\System\PuSOiIC.exe
  2⤵
  PID:7604
- C:\Windows\System\ouWWkNw.exe
  C:\Windows\System\ouWWkNw.exe
  2⤵
  PID:7668
- C:\Windows\System\LbphEMc.exe
  C:\Windows\System\LbphEMc.exe
  2⤵
  PID:7712
- C:\Windows\System\zOaruiG.exe
  C:\Windows\System\zOaruiG.exe
  2⤵
  PID:6960
- C:\Windows\System\OnmFJxc.exe
  C:\Windows\System\OnmFJxc.exe
  2⤵
  PID:7152
- C:\Windows\System\cKusUVe.exe
  C:\Windows\System\cKusUVe.exe
  2⤵
  PID:5960
- C:\Windows\System\cCIsQtd.exe
  C:\Windows\System\cCIsQtd.exe
  2⤵
  PID:5040
- C:\Windows\System\HPCQfKC.exe
  C:\Windows\System\HPCQfKC.exe
  2⤵
  PID:6316
- C:\Windows\System\YNDnicE.exe
  C:\Windows\System\YNDnicE.exe
  2⤵
  PID:6564
- C:\Windows\System\HPsdBpP.exe
  C:\Windows\System\HPsdBpP.exe
  2⤵
  PID:6392
- C:\Windows\System\NlQiSfs.exe
  C:\Windows\System\NlQiSfs.exe
  2⤵
  PID:6596
- C:\Windows\System\ulwwKcY.exe
  C:\Windows\System\ulwwKcY.exe
  2⤵
  PID:7956
- C:\Windows\System\yAoMBVi.exe
  C:\Windows\System\yAoMBVi.exe
  2⤵
  PID:8004
- C:\Windows\System\WRDpDGb.exe
  C:\Windows\System\WRDpDGb.exe
  2⤵
  PID:8072
- C:\Windows\System\kPHkkEi.exe
  C:\Windows\System\kPHkkEi.exe
  2⤵
  PID:8136
- C:\Windows\System\xBEeCVp.exe
  C:\Windows\System\xBEeCVp.exe
  2⤵
  PID:8172
- C:\Windows\System\EuNwSRR.exe
  C:\Windows\System\EuNwSRR.exe
  2⤵
  PID:7300
- C:\Windows\System\NHuYGED.exe
  C:\Windows\System\NHuYGED.exe
  2⤵
  PID:7532
- C:\Windows\System\BYneNxg.exe
  C:\Windows\System\BYneNxg.exe
  2⤵
  PID:7996
- C:\Windows\System\ZwqxDpY.exe
  C:\Windows\System\ZwqxDpY.exe
  2⤵
  PID:6840
- C:\Windows\System\IdATkvF.exe
  C:\Windows\System\IdATkvF.exe
  2⤵
  PID:6976
- C:\Windows\System\nDtVcfI.exe
  C:\Windows\System\nDtVcfI.exe
  2⤵
  PID:7056
- C:\Windows\System\zTsQJWW.exe
  C:\Windows\System\zTsQJWW.exe
  2⤵
  PID:448
- C:\Windows\System\IWKkUmY.exe
  C:\Windows\System\IWKkUmY.exe
  2⤵
  PID:1800
- C:\Windows\System\phPyped.exe
  C:\Windows\System\phPyped.exe
  2⤵
  PID:6524
- C:\Windows\System\iYNVuzR.exe
  C:\Windows\System\iYNVuzR.exe
  2⤵
  PID:6972
- C:\Windows\System\YRmoBRD.exe
  C:\Windows\System\YRmoBRD.exe
  2⤵
  PID:6740
- C:\Windows\System\xHQsaOP.exe
  C:\Windows\System\xHQsaOP.exe
  2⤵
  PID:7180
- C:\Windows\System\AkrckwB.exe
  C:\Windows\System\AkrckwB.exe
  2⤵
  PID:7252
- C:\Windows\System\BBaArpl.exe
  C:\Windows\System\BBaArpl.exe
  2⤵
  PID:7320
- C:\Windows\System\PYnpNXE.exe
  C:\Windows\System\PYnpNXE.exe
  2⤵
  PID:7360
- C:\Windows\System\MGSWkIl.exe
  C:\Windows\System\MGSWkIl.exe
  2⤵
  PID:7432
- C:\Windows\System\eoVwIUd.exe
  C:\Windows\System\eoVwIUd.exe
  2⤵
  PID:7504
- C:\Windows\System\OpiWgvf.exe
  C:\Windows\System\OpiWgvf.exe
  2⤵
  PID:7580
- C:\Windows\System\lJrXRTd.exe
  C:\Windows\System\lJrXRTd.exe
  2⤵
  PID:7656
- C:\Windows\System\lGclugM.exe
  C:\Windows\System\lGclugM.exe
  2⤵
  PID:7732
- C:\Windows\System\gaymrsx.exe
  C:\Windows\System\gaymrsx.exe
  2⤵
  PID:7796
- C:\Windows\System\NtTDxoI.exe
  C:\Windows\System\NtTDxoI.exe
  2⤵
  PID:7864
- C:\Windows\System\aqttSQg.exe
  C:\Windows\System\aqttSQg.exe
  2⤵
  PID:7912
- C:\Windows\System\RHddgfi.exe
  C:\Windows\System\RHddgfi.exe
  2⤵
  PID:7976
- C:\Windows\System\IyAHhcC.exe
  C:\Windows\System\IyAHhcC.exe
  2⤵
  PID:8024
- C:\Windows\System\Abbakhs.exe
  C:\Windows\System\Abbakhs.exe
  2⤵
  PID:8092
- C:\Windows\System\VJzGxha.exe
  C:\Windows\System\VJzGxha.exe
  2⤵
  PID:8156
- C:\Windows\System\tRawUMS.exe
  C:\Windows\System\tRawUMS.exe
  2⤵
  PID:7232
- C:\Windows\System\OnbWRiY.exe
  C:\Windows\System\OnbWRiY.exe
  2⤵
  PID:7456
- C:\Windows\System\eTTWmoo.exe
  C:\Windows\System\eTTWmoo.exe
  2⤵
  PID:7596
- C:\Windows\System\RtAjBpX.exe
  C:\Windows\System\RtAjBpX.exe
  2⤵
  PID:4180
- C:\Windows\System\fFKiQLu.exe
  C:\Windows\System\fFKiQLu.exe
  2⤵
  PID:7748
- C:\Windows\System\xYBiFNb.exe
  C:\Windows\System\xYBiFNb.exe
  2⤵
  PID:7844
- C:\Windows\System\FuJOOvd.exe
  C:\Windows\System\FuJOOvd.exe
  2⤵
  PID:7816
- C:\Windows\System\aazfIQK.exe
  C:\Windows\System\aazfIQK.exe
  2⤵
  PID:7040
- C:\Windows\System\dlqJcwo.exe
  C:\Windows\System\dlqJcwo.exe
  2⤵
  PID:7148
- C:\Windows\System\RJDwOGh.exe
  C:\Windows\System\RJDwOGh.exe
  2⤵
  PID:6828
- C:\Windows\System\aOhRMUi.exe
  C:\Windows\System\aOhRMUi.exe
  2⤵
  PID:7000
- C:\Windows\System\NQeBpQu.exe
  C:\Windows\System\NQeBpQu.exe
  2⤵
  PID:7044
- C:\Windows\System\yMKSwnN.exe
  C:\Windows\System\yMKSwnN.exe
  2⤵
  PID:6904
- C:\Windows\System\bedOtIR.exe
  C:\Windows\System\bedOtIR.exe
  2⤵
  PID:6868
- C:\Windows\System\YqqNAyA.exe
  C:\Windows\System\YqqNAyA.exe
  2⤵
  PID:6952
- C:\Windows\System\aASUUZd.exe
  C:\Windows\System\aASUUZd.exe
  2⤵
  PID:6660
- C:\Windows\System\EUUxugc.exe
  C:\Windows\System\EUUxugc.exe
  2⤵
  PID:8044
- C:\Windows\System\XcaVOHT.exe
  C:\Windows\System\XcaVOHT.exe
  2⤵
  PID:7420
- C:\Windows\System\HVaYaCr.exe
  C:\Windows\System\HVaYaCr.exe
  2⤵
  PID:2400
- C:\Windows\System\YVUykGh.exe
  C:\Windows\System\YVUykGh.exe
  2⤵
  PID:6200
- C:\Windows\System\CylkArz.exe
  C:\Windows\System\CylkArz.exe
  2⤵
  PID:6496
- C:\Windows\System\pxaBDkY.exe
  C:\Windows\System\pxaBDkY.exe
  2⤵
  PID:7316
- C:\Windows\System\fxqreBC.exe
  C:\Windows\System\fxqreBC.exe
  2⤵
  PID:7548
- C:\Windows\System\NruJmQC.exe
  C:\Windows\System\NruJmQC.exe
  2⤵
  PID:7832
- C:\Windows\System\abXWvhF.exe
  C:\Windows\System\abXWvhF.exe
  2⤵
  PID:7972
- C:\Windows\System\GjKeddX.exe
  C:\Windows\System\GjKeddX.exe
  2⤵
  PID:8000
- C:\Windows\System\GFMkyQL.exe
  C:\Windows\System\GFMkyQL.exe
  2⤵
  PID:7352
- C:\Windows\System\RScfstp.exe
  C:\Windows\System\RScfstp.exe
  2⤵
  PID:7196
- C:\Windows\System\qSRWZez.exe
  C:\Windows\System\qSRWZez.exe
  2⤵
  PID:6844
- C:\Windows\System\sDTjIIa.exe
  C:\Windows\System\sDTjIIa.exe
  2⤵
  PID:8016
- C:\Windows\System\DWbDDTp.exe
  C:\Windows\System\DWbDDTp.exe
  2⤵
  PID:8124
- C:\Windows\System\VtPbszF.exe
  C:\Windows\System\VtPbszF.exe
  2⤵
  PID:8108
- C:\Windows\System\mhkEkrh.exe
  C:\Windows\System\mhkEkrh.exe
  2⤵
  PID:6372
- C:\Windows\System\nPMBVyV.exe
  C:\Windows\System\nPMBVyV.exe
  2⤵
  PID:7768
- C:\Windows\System\zTEqKWc.exe
  C:\Windows\System\zTEqKWc.exe
  2⤵
  PID:6744
- C:\Windows\System\zfnrfOi.exe
  C:\Windows\System\zfnrfOi.exe
  2⤵
  PID:6756
- C:\Windows\System\nAVkqaE.exe
  C:\Windows\System\nAVkqaE.exe
  2⤵
  PID:5740
- C:\Windows\System\teGkHcl.exe
  C:\Windows\System\teGkHcl.exe
  2⤵
  PID:5592
- C:\Windows\System\zpSYoZy.exe
  C:\Windows\System\zpSYoZy.exe
  2⤵
  PID:7544
- C:\Windows\System\MxRXUUH.exe
  C:\Windows\System\MxRXUUH.exe
  2⤵
  PID:7872
- C:\Windows\System\musIkyX.exe
  C:\Windows\System\musIkyX.exe
  2⤵
  PID:6384
- C:\Windows\System\fZMeqTs.exe
  C:\Windows\System\fZMeqTs.exe
  2⤵
  PID:6492
- C:\Windows\System\CkJUnjw.exe
  C:\Windows\System\CkJUnjw.exe
  2⤵
  PID:7944
- C:\Windows\System\VvSoLWt.exe
  C:\Windows\System\VvSoLWt.exe
  2⤵
  PID:7992
- C:\Windows\System\GAVGWMi.exe
  C:\Windows\System\GAVGWMi.exe
  2⤵
  PID:6680
- C:\Windows\System\kbLdjEU.exe
  C:\Windows\System\kbLdjEU.exe
  2⤵
  PID:7396
- C:\Windows\System\zMGKdrp.exe
  C:\Windows\System\zMGKdrp.exe
  2⤵
  PID:8212
- C:\Windows\System\NGIMtCa.exe
  C:\Windows\System\NGIMtCa.exe
  2⤵
  PID:8232
- C:\Windows\System\XbDsWnY.exe
  C:\Windows\System\XbDsWnY.exe
  2⤵
  PID:8248
- C:\Windows\System\qjNhdEL.exe
  C:\Windows\System\qjNhdEL.exe
  2⤵
  PID:8264
- C:\Windows\System\EFeNZWq.exe
  C:\Windows\System\EFeNZWq.exe
  2⤵
  PID:8280
- C:\Windows\System\sxmOzlA.exe
  C:\Windows\System\sxmOzlA.exe
  2⤵
  PID:8296
- C:\Windows\System\IeumaJU.exe
  C:\Windows\System\IeumaJU.exe
  2⤵
  PID:8312
- C:\Windows\System\hEtzbpZ.exe
  C:\Windows\System\hEtzbpZ.exe
  2⤵
  PID:8328
- C:\Windows\System\abxuorB.exe
  C:\Windows\System\abxuorB.exe
  2⤵
  PID:8344
- C:\Windows\System\xdBDmIv.exe
  C:\Windows\System\xdBDmIv.exe
  2⤵
  PID:8360
- C:\Windows\System\GeAjFRO.exe
  C:\Windows\System\GeAjFRO.exe
  2⤵
  PID:8376
- C:\Windows\System\razkuqq.exe
  C:\Windows\System\razkuqq.exe
  2⤵
  PID:8392
- C:\Windows\System\rumyLTc.exe
  C:\Windows\System\rumyLTc.exe
  2⤵
  PID:8408
- C:\Windows\System\AwcYTdw.exe
  C:\Windows\System\AwcYTdw.exe
  2⤵
  PID:8424
- C:\Windows\System\ECrzoTn.exe
  C:\Windows\System\ECrzoTn.exe
  2⤵
  PID:8440
- C:\Windows\System\EiOVQnH.exe
  C:\Windows\System\EiOVQnH.exe
  2⤵
  PID:8456
- C:\Windows\System\uskBWJo.exe
  C:\Windows\System\uskBWJo.exe
  2⤵
  PID:8472
- C:\Windows\System\desFbhJ.exe
  C:\Windows\System\desFbhJ.exe
  2⤵
  PID:8488
- C:\Windows\System\KyKpQMw.exe
  C:\Windows\System\KyKpQMw.exe
  2⤵
  PID:8504
- C:\Windows\System\LNpeOHX.exe
  C:\Windows\System\LNpeOHX.exe
  2⤵
  PID:8520
- C:\Windows\System\spcswYW.exe
  C:\Windows\System\spcswYW.exe
  2⤵
  PID:8536
- C:\Windows\System\uJdcDld.exe
  C:\Windows\System\uJdcDld.exe
  2⤵
  PID:8552
- C:\Windows\System\XBAOPGT.exe
  C:\Windows\System\XBAOPGT.exe
  2⤵
  PID:8568
- C:\Windows\System\YECSxqo.exe
  C:\Windows\System\YECSxqo.exe
  2⤵
  PID:8584
- C:\Windows\System\IDMJSgd.exe
  C:\Windows\System\IDMJSgd.exe
  2⤵
  PID:8600
- C:\Windows\System\mHdJltP.exe
  C:\Windows\System\mHdJltP.exe
  2⤵
  PID:8616
- C:\Windows\System\xFxPKUq.exe
  C:\Windows\System\xFxPKUq.exe
  2⤵
  PID:8636
- C:\Windows\System\JbvssjR.exe
  C:\Windows\System\JbvssjR.exe
  2⤵
  PID:8652
- C:\Windows\System\vxHuIbZ.exe
  C:\Windows\System\vxHuIbZ.exe
  2⤵
  PID:8668
- C:\Windows\System\QXTAfnh.exe
  C:\Windows\System\QXTAfnh.exe
  2⤵
  PID:8684
- C:\Windows\System\FagTTdj.exe
  C:\Windows\System\FagTTdj.exe
  2⤵
  PID:8700
- C:\Windows\System\yaLkLhu.exe
  C:\Windows\System\yaLkLhu.exe
  2⤵
  PID:8716
- C:\Windows\System\zSsETLu.exe
  C:\Windows\System\zSsETLu.exe
  2⤵
  PID:8732
- C:\Windows\System\CbpqQla.exe
  C:\Windows\System\CbpqQla.exe
  2⤵
  PID:8752
- C:\Windows\System\LwjdgSa.exe
  C:\Windows\System\LwjdgSa.exe
  2⤵
  PID:8768
- C:\Windows\System\KLCKoDA.exe
  C:\Windows\System\KLCKoDA.exe
  2⤵
  PID:8784
- C:\Windows\System\faaJucY.exe
  C:\Windows\System\faaJucY.exe
  2⤵
  PID:8800
- C:\Windows\System\DjAJSaz.exe
  C:\Windows\System\DjAJSaz.exe
  2⤵
  PID:8816
- C:\Windows\System\cMOKeCw.exe
  C:\Windows\System\cMOKeCw.exe
  2⤵
  PID:8840
- C:\Windows\System\pECdtSI.exe
  C:\Windows\System\pECdtSI.exe
  2⤵
  PID:8920
- C:\Windows\System\KDHHoBU.exe
  C:\Windows\System\KDHHoBU.exe
  2⤵
  PID:9032
- C:\Windows\System\fffSmSJ.exe
  C:\Windows\System\fffSmSJ.exe
  2⤵
  PID:9052
- C:\Windows\System\jpJRalV.exe
  C:\Windows\System\jpJRalV.exe
  2⤵
  PID:9068
- C:\Windows\System\LYTiwQu.exe
  C:\Windows\System\LYTiwQu.exe
  2⤵
  PID:9084
- C:\Windows\System\fVtJkFW.exe
  C:\Windows\System\fVtJkFW.exe
  2⤵
  PID:9100
- C:\Windows\System\bHiViCl.exe
  C:\Windows\System\bHiViCl.exe
  2⤵
  PID:9116
- C:\Windows\System\OwSgTLg.exe
  C:\Windows\System\OwSgTLg.exe
  2⤵
  PID:9132
- C:\Windows\System\nVKcvKC.exe
  C:\Windows\System\nVKcvKC.exe
  2⤵
  PID:9148
- C:\Windows\System\EkVvUAE.exe
  C:\Windows\System\EkVvUAE.exe
  2⤵
  PID:9164
- C:\Windows\System\YoCtnyf.exe
  C:\Windows\System\YoCtnyf.exe
  2⤵
  PID:9180
- C:\Windows\System\VSnmyUw.exe
  C:\Windows\System\VSnmyUw.exe
  2⤵
  PID:9196
- C:\Windows\System\lpBVrTA.exe
  C:\Windows\System\lpBVrTA.exe
  2⤵
  PID:9212
- C:\Windows\System\OZJcinT.exe
  C:\Windows\System\OZJcinT.exe
  2⤵
  PID:8204
- C:\Windows\System\ecRqJgS.exe
  C:\Windows\System\ecRqJgS.exe
  2⤵
  PID:3512
- C:\Windows\System\hFDGoDj.exe
  C:\Windows\System\hFDGoDj.exe
  2⤵
  PID:7372
- C:\Windows\System\dDTddCC.exe
  C:\Windows\System\dDTddCC.exe
  2⤵
  PID:7812
- C:\Windows\System\VxsrBuR.exe
  C:\Windows\System\VxsrBuR.exe
  2⤵
  PID:6796
- C:\Windows\System\ASHNQik.exe
  C:\Windows\System\ASHNQik.exe
  2⤵
  PID:6912
- C:\Windows\System\mvmFalA.exe
  C:\Windows\System\mvmFalA.exe
  2⤵
  PID:7024
- C:\Windows\System\lYYzkPy.exe
  C:\Windows\System\lYYzkPy.exe
  2⤵
  PID:7828
- C:\Windows\System\zVLQOtp.exe
  C:\Windows\System\zVLQOtp.exe
  2⤵
  PID:5832
- C:\Windows\System\NRbXbNk.exe
  C:\Windows\System\NRbXbNk.exe
  2⤵
  PID:6176
- C:\Windows\System\ZNfmfxo.exe
  C:\Windows\System\ZNfmfxo.exe
  2⤵
  PID:5008
- C:\Windows\System\WZSadIs.exe
  C:\Windows\System\WZSadIs.exe
  2⤵
  PID:6860
- C:\Windows\System\sZxGWSe.exe
  C:\Windows\System\sZxGWSe.exe
  2⤵
  PID:8276
- C:\Windows\System\EfxkJxC.exe
  C:\Windows\System\EfxkJxC.exe
  2⤵
  PID:8304
- C:\Windows\System\LjFJTtK.exe
  C:\Windows\System\LjFJTtK.exe
  2⤵
  PID:8340
- C:\Windows\System\exhyxsM.exe
  C:\Windows\System\exhyxsM.exe
  2⤵
  PID:8320
- C:\Windows\System\RmdmnlY.exe
  C:\Windows\System\RmdmnlY.exe
  2⤵
  PID:8356
- C:\Windows\System\mAjygzr.exe
  C:\Windows\System\mAjygzr.exe
  2⤵
  PID:8388
- C:\Windows\System\hZUyrSb.exe
  C:\Windows\System\hZUyrSb.exe
  2⤵
  PID:8452
- C:\Windows\System\OjJMTQl.exe
  C:\Windows\System\OjJMTQl.exe
  2⤵
  PID:8500
- C:\Windows\System\RslyfDj.exe
  C:\Windows\System\RslyfDj.exe
  2⤵
  PID:8564
- C:\Windows\System\rCBZYjU.exe
  C:\Windows\System\rCBZYjU.exe
  2⤵
  PID:8632
- C:\Windows\System\jVPVkFN.exe
  C:\Windows\System\jVPVkFN.exe
  2⤵
  PID:8696
- C:\Windows\System\GFpSgoW.exe
  C:\Windows\System\GFpSgoW.exe
  2⤵
  PID:6792
- C:\Windows\System\WwRGlzZ.exe
  C:\Windows\System\WwRGlzZ.exe
  2⤵
  PID:8648
- C:\Windows\System\LdUiLBw.exe
  C:\Windows\System\LdUiLBw.exe
  2⤵
  PID:8480
- C:\Windows\System\kqflOcQ.exe
  C:\Windows\System\kqflOcQ.exe
  2⤵
  PID:8548
- C:\Windows\System\aqUUrIq.exe
  C:\Windows\System\aqUUrIq.exe
  2⤵
  PID:8612
- C:\Windows\System\BvOzGww.exe
  C:\Windows\System\BvOzGww.exe
  2⤵
  PID:8748
- C:\Windows\System\rPFqXmO.exe
  C:\Windows\System\rPFqXmO.exe
  2⤵
  PID:8824
- C:\Windows\System\CDJnoPw.exe
  C:\Windows\System\CDJnoPw.exe
  2⤵
  PID:8812
- C:\Windows\System\yuxNeIl.exe
  C:\Windows\System\yuxNeIl.exe
  2⤵
  PID:8836
- C:\Windows\System\JzQjeya.exe
  C:\Windows\System\JzQjeya.exe
  2⤵
  PID:8888
- C:\Windows\System\MLPQMda.exe
  C:\Windows\System\MLPQMda.exe
  2⤵
  PID:8872
- C:\Windows\System\PUzlJac.exe
  C:\Windows\System\PUzlJac.exe
  2⤵
  PID:8904
- C:\Windows\System\llzINMy.exe
  C:\Windows\System\llzINMy.exe
  2⤵
  PID:8928
- C:\Windows\System\PjxEpOv.exe
  C:\Windows\System\PjxEpOv.exe
  2⤵
  PID:8944
- C:\Windows\System\gUfXbvp.exe
  C:\Windows\System\gUfXbvp.exe
  2⤵
  PID:8960
- C:\Windows\System\ABFuEzt.exe
  C:\Windows\System\ABFuEzt.exe
  2⤵
  PID:8976
- C:\Windows\System\TroHhVi.exe
  C:\Windows\System\TroHhVi.exe
  2⤵
  PID:8992
- C:\Windows\System\sczIrUx.exe
  C:\Windows\System\sczIrUx.exe
  2⤵
  PID:9012
- C:\Windows\System\zYKfhrr.exe
  C:\Windows\System\zYKfhrr.exe
  2⤵
  PID:9064
- C:\Windows\System\MFsXqeh.exe
  C:\Windows\System\MFsXqeh.exe
  2⤵
  PID:9020
- C:\Windows\System\PagoqJh.exe
  C:\Windows\System\PagoqJh.exe
  2⤵
  PID:9076
- C:\Windows\System\ekkhkxQ.exe
  C:\Windows\System\ekkhkxQ.exe
  2⤵
  PID:9144
- C:\Windows\System\kvARMrO.exe
  C:\Windows\System\kvARMrO.exe
  2⤵
  PID:9172
- C:\Windows\System\ggaKnKt.exe
  C:\Windows\System\ggaKnKt.exe
  2⤵
  PID:7928
- C:\Windows\System\tAdeKTG.exe
  C:\Windows\System\tAdeKTG.exe
  2⤵
  PID:6440
- C:\Windows\System\xzpvGcz.exe
  C:\Windows\System\xzpvGcz.exe
  2⤵
  PID:8224
- C:\Windows\System\jruDteF.exe
  C:\Windows\System\jruDteF.exe
  2⤵
  PID:8384
- C:\Windows\System\PgVqKJU.exe
  C:\Windows\System\PgVqKJU.exe
  2⤵
  PID:8560
- C:\Windows\System\ggiunad.exe
  C:\Windows\System\ggiunad.exe
  2⤵
  PID:8792
- C:\Windows\System\vzSPYZS.exe
  C:\Windows\System\vzSPYZS.exe
  2⤵
  PID:8892
- C:\Windows\System\qIYQVKb.exe
  C:\Windows\System\qIYQVKb.exe
  2⤵
  PID:8972
- C:\Windows\System\uLaTRUj.exe
  C:\Windows\System\uLaTRUj.exe
  2⤵
  PID:8916
- C:\Windows\System\cwiUpUM.exe
  C:\Windows\System\cwiUpUM.exe
  2⤵
  PID:9044
- C:\Windows\System\Cgucfwy.exe
  C:\Windows\System\Cgucfwy.exe
  2⤵
  PID:8188
- C:\Windows\System\meNjvnU.exe
  C:\Windows\System\meNjvnU.exe
  2⤵
  PID:3420
- C:\Windows\System\yEBNrDl.exe
  C:\Windows\System\yEBNrDl.exe
  2⤵
  PID:9140
- C:\Windows\System\xPGeXCT.exe
  C:\Windows\System\xPGeXCT.exe
  2⤵
  PID:9160
- C:\Windows\System\qMAnUaq.exe
  C:\Windows\System\qMAnUaq.exe
  2⤵
  PID:7376
- C:\Windows\System\BopQDST.exe
  C:\Windows\System\BopQDST.exe
  2⤵
  PID:8896
- C:\Windows\System\qrjoqkc.exe
  C:\Windows\System\qrjoqkc.exe
  2⤵
  PID:8512
- C:\Windows\System\kAYYUgO.exe
  C:\Windows\System\kAYYUgO.exe
  2⤵
  PID:8940
- C:\Windows\System\MnagXur.exe
  C:\Windows\System\MnagXur.exe
  2⤵
  PID:9208
- C:\Windows\System\CDwztyV.exe
  C:\Windows\System\CDwztyV.exe
  2⤵
  PID:9204
- C:\Windows\System\cRriVRp.exe
  C:\Windows\System\cRriVRp.exe
  2⤵
  PID:7884
- C:\Windows\System\LjDbgtl.exe
  C:\Windows\System\LjDbgtl.exe
  2⤵
  PID:8368
- C:\Windows\System\JwLFpjI.exe
  C:\Windows\System\JwLFpjI.exe
  2⤵
  PID:9028
- C:\Windows\System\YMUQDpT.exe
  C:\Windows\System\YMUQDpT.exe
  2⤵
  PID:9192
- C:\Windows\System\cNjCUqi.exe
  C:\Windows\System\cNjCUqi.exe
  2⤵
  PID:6304
- C:\Windows\System\tZXnAno.exe
  C:\Windows\System\tZXnAno.exe
  2⤵
  PID:8532
- C:\Windows\System\aOuwbts.exe
  C:\Windows\System\aOuwbts.exe
  2⤵
  PID:8692
- C:\Windows\System\cUshFxi.exe
  C:\Windows\System\cUshFxi.exe
  2⤵
  PID:9004
- C:\Windows\System\wvCOXjS.exe
  C:\Windows\System\wvCOXjS.exe
  2⤵
  PID:9128
- C:\Windows\System\qXVZQjm.exe
  C:\Windows\System\qXVZQjm.exe
  2⤵
  PID:7728
- C:\Windows\System\tstOzSh.exe
  C:\Windows\System\tstOzSh.exe
  2⤵
  PID:8876
- C:\Windows\System\KFpOGGt.exe
  C:\Windows\System\KFpOGGt.exe
  2⤵
  PID:8808
- C:\Windows\System\CDMqcqa.exe
  C:\Windows\System\CDMqcqa.exe
  2⤵
  PID:8912
- C:\Windows\System\xZWNzgp.exe
  C:\Windows\System\xZWNzgp.exe
  2⤵
  PID:8760
- C:\Windows\System\FLNZdSk.exe
  C:\Windows\System\FLNZdSk.exe
  2⤵
  PID:9224
- C:\Windows\System\kxGOnBn.exe
  C:\Windows\System\kxGOnBn.exe
  2⤵
  PID:9240
- C:\Windows\System\yiUofDZ.exe
  C:\Windows\System\yiUofDZ.exe
  2⤵
  PID:9256
- C:\Windows\System\GmsdYhL.exe
  C:\Windows\System\GmsdYhL.exe
  2⤵
  PID:9272
- C:\Windows\System\anXRwTd.exe
  C:\Windows\System\anXRwTd.exe
  2⤵
  PID:9292
- C:\Windows\System\cmuLScS.exe
  C:\Windows\System\cmuLScS.exe
  2⤵
  PID:9312
- C:\Windows\System\SdqtLDe.exe
  C:\Windows\System\SdqtLDe.exe
  2⤵
  PID:9332
- C:\Windows\System\xJUGNym.exe
  C:\Windows\System\xJUGNym.exe
  2⤵
  PID:9352
- C:\Windows\System\FFbnZpZ.exe
  C:\Windows\System\FFbnZpZ.exe
  2⤵
  PID:9368
- C:\Windows\System\mPvDpSz.exe
  C:\Windows\System\mPvDpSz.exe
  2⤵
  PID:9396
- C:\Windows\System\YlsZHRU.exe
  C:\Windows\System\YlsZHRU.exe
  2⤵
  PID:9412
- C:\Windows\System\QCJQvbO.exe
  C:\Windows\System\QCJQvbO.exe
  2⤵
  PID:9428
- C:\Windows\System\RcGddYk.exe
  C:\Windows\System\RcGddYk.exe
  2⤵
  PID:9444
- C:\Windows\System\HFiAbiJ.exe
  C:\Windows\System\HFiAbiJ.exe
  2⤵
  PID:9468
- C:\Windows\System\AIwGunN.exe
  C:\Windows\System\AIwGunN.exe
  2⤵
  PID:9484
- C:\Windows\System\tcDsUVP.exe
  C:\Windows\System\tcDsUVP.exe
  2⤵
  PID:9500
- C:\Windows\System\pdBXpLn.exe
  C:\Windows\System\pdBXpLn.exe
  2⤵
  PID:9516
- C:\Windows\System\GInrEhb.exe
  C:\Windows\System\GInrEhb.exe
  2⤵
  PID:9536
- C:\Windows\System\BsMnNds.exe
  C:\Windows\System\BsMnNds.exe
  2⤵
  PID:9552
- C:\Windows\System\Fpvjypx.exe
  C:\Windows\System\Fpvjypx.exe
  2⤵
  PID:9568
- C:\Windows\System\zYbOOvG.exe
  C:\Windows\System\zYbOOvG.exe
  2⤵
  PID:9584
- C:\Windows\System\gpcHFYE.exe
  C:\Windows\System\gpcHFYE.exe
  2⤵
  PID:9600
- C:\Windows\System\WBQGqHf.exe
  C:\Windows\System\WBQGqHf.exe
  2⤵
  PID:9616
- C:\Windows\System\oNvRAXd.exe
  C:\Windows\System\oNvRAXd.exe
  2⤵
  PID:9632
- C:\Windows\System\rEsMcvz.exe
  C:\Windows\System\rEsMcvz.exe
  2⤵
  PID:9648
- C:\Windows\System\wXipYPJ.exe
  C:\Windows\System\wXipYPJ.exe
  2⤵
  PID:9664
- C:\Windows\System\DPeqasG.exe
  C:\Windows\System\DPeqasG.exe
  2⤵
  PID:9680
- C:\Windows\System\XjFRFrK.exe
  C:\Windows\System\XjFRFrK.exe
  2⤵
  PID:9696
- C:\Windows\System\ihNeXia.exe
  C:\Windows\System\ihNeXia.exe
  2⤵
  PID:9716
- C:\Windows\System\KeaRBfT.exe
  C:\Windows\System\KeaRBfT.exe
  2⤵
  PID:9732
- C:\Windows\System\QYUVGva.exe
  C:\Windows\System\QYUVGva.exe
  2⤵
  PID:9748
- C:\Windows\System\WbdZVXj.exe
  C:\Windows\System\WbdZVXj.exe
  2⤵
  PID:9764
- C:\Windows\System\jcAPDmA.exe
  C:\Windows\System\jcAPDmA.exe
  2⤵
  PID:9780
- C:\Windows\System\sVCYgWK.exe
  C:\Windows\System\sVCYgWK.exe
  2⤵
  PID:9796
- C:\Windows\System\qexuZpk.exe
  C:\Windows\System\qexuZpk.exe
  2⤵
  PID:9816
- C:\Windows\System\BLtIeAE.exe
  C:\Windows\System\BLtIeAE.exe
  2⤵
  PID:9832
- C:\Windows\System\TZrOHlf.exe
  C:\Windows\System\TZrOHlf.exe
  2⤵
  PID:9848
- C:\Windows\System\ZIcbykm.exe
  C:\Windows\System\ZIcbykm.exe
  2⤵
  PID:9864
- C:\Windows\System\ZRzlRpL.exe
  C:\Windows\System\ZRzlRpL.exe
  2⤵
  PID:9880
- C:\Windows\System\ChTKREZ.exe
  C:\Windows\System\ChTKREZ.exe
  2⤵
  PID:9896
- C:\Windows\System\LLWzzSA.exe
  C:\Windows\System\LLWzzSA.exe
  2⤵
  PID:9912
- C:\Windows\System\NgKznIr.exe
  C:\Windows\System\NgKznIr.exe
  2⤵
  PID:9928
- C:\Windows\System\nuBhhIZ.exe
  C:\Windows\System\nuBhhIZ.exe
  2⤵
  PID:9944
- C:\Windows\System\KxIZQkW.exe
  C:\Windows\System\KxIZQkW.exe
  2⤵
  PID:9960
- C:\Windows\System\wmQdKXf.exe
  C:\Windows\System\wmQdKXf.exe
  2⤵
  PID:9976
- C:\Windows\System\RbPFjls.exe
  C:\Windows\System\RbPFjls.exe
  2⤵
  PID:9992
- C:\Windows\System\WpqwVFf.exe
  C:\Windows\System\WpqwVFf.exe
  2⤵
  PID:10008
- C:\Windows\System\LGRurmU.exe
  C:\Windows\System\LGRurmU.exe
  2⤵
  PID:10024
- C:\Windows\System\FJCocER.exe
  C:\Windows\System\FJCocER.exe
  2⤵
  PID:10040
- C:\Windows\System\DdFIMgE.exe
  C:\Windows\System\DdFIMgE.exe
  2⤵
  PID:10056
- C:\Windows\System\suVetSP.exe
  C:\Windows\System\suVetSP.exe
  2⤵
  PID:10076
- C:\Windows\System\ErHnPvS.exe
  C:\Windows\System\ErHnPvS.exe
  2⤵
  PID:10092
- C:\Windows\System\NMMLTNu.exe
  C:\Windows\System\NMMLTNu.exe
  2⤵
  PID:10108
- C:\Windows\System\yZJMkHT.exe
  C:\Windows\System\yZJMkHT.exe
  2⤵
  PID:10124
- C:\Windows\System\Jvngbmj.exe
  C:\Windows\System\Jvngbmj.exe
  2⤵
  PID:10140
- C:\Windows\System\JdazijZ.exe
  C:\Windows\System\JdazijZ.exe
  2⤵
  PID:10156
- C:\Windows\System\dwwSXzd.exe
  C:\Windows\System\dwwSXzd.exe
  2⤵
  PID:10172
- C:\Windows\System\NrMbqRg.exe
  C:\Windows\System\NrMbqRg.exe
  2⤵
  PID:10188
- C:\Windows\System\YwyZxZb.exe
  C:\Windows\System\YwyZxZb.exe
  2⤵
  PID:10204
- C:\Windows\System\tFkQUwp.exe
  C:\Windows\System\tFkQUwp.exe
  2⤵
  PID:10220
- C:\Windows\System\oyrgROR.exe
  C:\Windows\System\oyrgROR.exe
  2⤵
  PID:10236
- C:\Windows\System\vryonSE.exe
  C:\Windows\System\vryonSE.exe
  2⤵
  PID:8596
- C:\Windows\System\Hbmdyxg.exe
  C:\Windows\System\Hbmdyxg.exe
  2⤵
  PID:9284
- C:\Windows\System\eANEMFm.exe
  C:\Windows\System\eANEMFm.exe
  2⤵
  PID:9328
- C:\Windows\System\PpgBIhl.exe
  C:\Windows\System\PpgBIhl.exe
  2⤵
  PID:9408
- C:\Windows\System\LUqYtni.exe
  C:\Windows\System\LUqYtni.exe
  2⤵
  PID:9304
- C:\Windows\System\AiBVVRf.exe
  C:\Windows\System\AiBVVRf.exe
  2⤵
  PID:8432
- C:\Windows\System\NSzwuUX.exe
  C:\Windows\System\NSzwuUX.exe
  2⤵
  PID:8288
- C:\Windows\System\rEWQscS.exe
  C:\Windows\System\rEWQscS.exe
  2⤵
  PID:7036
- C:\Windows\System\AveHBTa.exe
  C:\Windows\System\AveHBTa.exe
  2⤵
  PID:7288
- C:\Windows\System\nBVGrnh.exe
  C:\Windows\System\nBVGrnh.exe
  2⤵
  PID:7248
- C:\Windows\System\CUGNoQZ.exe
  C:\Windows\System\CUGNoQZ.exe
  2⤵
  PID:9268
- C:\Windows\System\GSdFpGK.exe
  C:\Windows\System\GSdFpGK.exe
  2⤵
  PID:9348
- C:\Windows\System\lMOzunt.exe
  C:\Windows\System\lMOzunt.exe
  2⤵
  PID:9388
- C:\Windows\System\dPzhfps.exe
  C:\Windows\System\dPzhfps.exe
  2⤵
  PID:9456
- C:\Windows\System\nmhmctQ.exe
  C:\Windows\System\nmhmctQ.exe
  2⤵
  PID:9508
- C:\Windows\System\unTFDgP.exe
  C:\Windows\System\unTFDgP.exe
  2⤵
  PID:9528
- C:\Windows\System\TfeDnQx.exe
  C:\Windows\System\TfeDnQx.exe
  2⤵
  PID:9576
- C:\Windows\System\hpDiYyA.exe
  C:\Windows\System\hpDiYyA.exe
  2⤵
  PID:9656
- C:\Windows\System\QBeZpCZ.exe
  C:\Windows\System\QBeZpCZ.exe
  2⤵
  PID:9532
- C:\Windows\System\DvAsoRS.exe
  C:\Windows\System\DvAsoRS.exe
  2⤵
  PID:9544
- C:\Windows\System\tuFinVw.exe
  C:\Windows\System\tuFinVw.exe
  2⤵
  PID:9692
- C:\Windows\System\nHmUklc.exe
  C:\Windows\System\nHmUklc.exe
  2⤵
  PID:9740
- C:\Windows\System\HWPHzgH.exe
  C:\Windows\System\HWPHzgH.exe
  2⤵
  PID:9772
- C:\Windows\System\ncrjlpg.exe
  C:\Windows\System\ncrjlpg.exe
  2⤵
  PID:9804
- C:\Windows\System\krFwgPN.exe
  C:\Windows\System\krFwgPN.exe
  2⤵
  PID:9972
- C:\Windows\System\SJqLquG.exe
  C:\Windows\System\SJqLquG.exe
  2⤵
  PID:9908
- C:\Windows\System\bpACWxF.exe
  C:\Windows\System\bpACWxF.exe
  2⤵
  PID:9844
- C:\Windows\System\gPMkVwe.exe
  C:\Windows\System\gPMkVwe.exe
  2⤵
  PID:10036
- C:\Windows\System\IoQOTTq.exe
  C:\Windows\System\IoQOTTq.exe
  2⤵
  PID:10104
- C:\Windows\System\zqOxOyX.exe
  C:\Windows\System\zqOxOyX.exe
  2⤵
  PID:10168
- C:\Windows\System\hPmLdmk.exe
  C:\Windows\System\hPmLdmk.exe
  2⤵
  PID:10232
- C:\Windows\System\bPAXtgr.exe
  C:\Windows\System\bPAXtgr.exe
  2⤵
  PID:9404
- C:\Windows\System\yukaHZd.exe
  C:\Windows\System\yukaHZd.exe
  2⤵
  PID:9344
- C:\Windows\System\DIdkSjg.exe
  C:\Windows\System\DIdkSjg.exe
  2⤵
  PID:7908
- C:\Windows\System\OcvDgkj.exe
  C:\Windows\System\OcvDgkj.exe
  2⤵
  PID:9856
- C:\Windows\System\qFjDZuK.exe
  C:\Windows\System\qFjDZuK.exe
  2⤵
  PID:9920
- C:\Windows\System\xFTgtGL.exe
  C:\Windows\System\xFTgtGL.exe
  2⤵
  PID:9956
- C:\Windows\System\majVTAs.exe
  C:\Windows\System\majVTAs.exe
  2⤵
  PID:10020
- C:\Windows\System\NTYDixF.exe
  C:\Windows\System\NTYDixF.exe
  2⤵
  PID:10120
- C:\Windows\System\lhNjQao.exe
  C:\Windows\System\lhNjQao.exe
  2⤵
  PID:10180
- C:\Windows\System\uVnLPRS.exe
  C:\Windows\System\uVnLPRS.exe
  2⤵
  PID:10216
- C:\Windows\System\JvHgusQ.exe
  C:\Windows\System\JvHgusQ.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AzOdjtf.exe

Filesize
6.0MB

MD5
37cb3533d92b24feecdeacd2dd799f8f

SHA1
796696fc37cd5f9e8589becaa2a3ecf98d52f586

SHA256
af006a6ea30486acbda2b9aa16ea50add2ae0e37345726e26ebdd7fe9a288dad

SHA512
10d197ac74eb31e65e0d94169ea584789855ad67cf0eae41c1a9bcb9ab74748ddeaf25247c1f0a25c7727c0c046b1f89f20ff8ca27df1f736436fc30f3075e74

Download Submit
C:\Windows\system\CeSyAYe.exe

Filesize
6.0MB

MD5
8d36d4b31643dfda796dc08447ceb4fd

SHA1
14dcddeea31b317a63f5833da90b265d233d0e17

SHA256
d3a1c455aa77f79edc1fd7017bed5a075cc91f26f74e4c0d96ccc5b3bc710160

SHA512
0b7bbdf6a15b0b55531d6c6c3f6c4c72e8997dce830ac27523bbd49661b076231d93e8fe7ccfcd53ace827c1304d2ef1e79cb23829ac44d7cef87f29d8937490

Download Submit
C:\Windows\system\DBSUVxP.exe

Filesize
6.0MB

MD5
31a88f807798f741ccf336f3640cf01a

SHA1
df523ee44c9e6d725f1e16d5395d7767adc8f575

SHA256
60039f427a04926cd0147b9c8ecaff47f92fdc1bdd6d250e78249af7d2c34dd5

SHA512
e4b6e27f9c4baa72767b762ff4786e2a79a9d9a96d6ac8a928276350575f805bccd0919bab19569900b4ac174786d32b8ecf7c56a5b93eab4a3f108a3335af76

Download Submit
C:\Windows\system\GJSYQcO.exe

Filesize
6.0MB

MD5
662a91e28788a8bb97dcb153de53234a

SHA1
b7196f788ec74db70b585b623cfad8fb8d9df331

SHA256
9e10f8a6adc273053fbae56415526fc295144ef9b76081eae4d248dd803cfd88

SHA512
e8b776c47df7b9fa99505942865db4878631fe563434321ecac2a3c35594574e56ec3505f0b5314e4d9b4a67488615f7b878f3bfbc75a4ae967929e2d9b73584

Download Submit
C:\Windows\system\JisyUuk.exe

Filesize
6.0MB

MD5
40473177ddab80f0e5648a40aa286df9

SHA1
7b693dbf8318776868a421d6751f401d5854a5d7

SHA256
17894ced940801556a3e9cc6a2f1bf3b6f008d78c062e5b2b3551ac395739970

SHA512
71c15e1926e49f1e49d9f886fad0b790556470609e05e947b72d35822dbac31ef8fbe53fae9bcb895a118c44cd2c43e4b473e85caae6515bfdfc5bf874fb6644

Download Submit
C:\Windows\system\LpEQuXj.exe

Filesize
6.0MB

MD5
0a52d016e0c17a029938635ab18afda1

SHA1
604c6b07988f26944a796294e70fef03ed59f4a1

SHA256
a69308e8b5b30d9212c653534e8c281def6b4a03bac488b55ae5512e5698626b

SHA512
1d23b296771e06f01fabd0bcf4dcfc0d64e621488d36fd793b43664637efabd851163c8ae74e781297e92ae21a195c2be53d9b36c99cc68362ca3946f3a79ff1

Download Submit
C:\Windows\system\LvkBoXm.exe

Filesize
6.0MB

MD5
d559efd737a2d00c979b8298c06382b2

SHA1
73c1cdb6f24c4f277f0523736eddd194c4e7f598

SHA256
ee49cd9361fbf70ad5ccd25a92c0ac1afb28177f1ce025065e7492546cb8068b

SHA512
78958f50c00436db12a79e530bd9b25e5e6ae014a748bade6513d8e71f298a8668b448224022e5013d4fbe86a2205cec5e16ef237d24b603a842c67a849c1d4c

Download Submit
C:\Windows\system\NwcEBgI.exe

Filesize
6.0MB

MD5
19972ff8d21652721190048fbdb0c2af

SHA1
da822f6aa68c420b23fc7c97883c7f4ff8690478

SHA256
4a375ab4237b555ee18fa9538a78896bec31057517cbc50e8a6438b9d25866a8

SHA512
67597694d3aca891f205e261b279f57c9210dd0b471d08da53c694ee813f232a03aa134030034b1cab1665bd8d48172395e5e5444d82dcda75598a773e3b1051

Download Submit
C:\Windows\system\PKsWcGK.exe

Filesize
6.0MB

MD5
a62aeef28719188ac73cd101192bddbf

SHA1
ce6b663d4cf81a011574aed2a0cae9adbf560e0a

SHA256
6cead84275fe5859cc1fb0fb6f82ac610d8a2a37221df5bc8a9473d260b5e34b

SHA512
e0dc57b3bf2f57b8a148f55ad3a82d7e5f104d2fccce94479324470af3d43a6cce49311c8c9966987829f29b6abe7641213cd5d906a2f975408d3e90df170d2b

Download Submit
C:\Windows\system\TANPbKO.exe

Filesize
6.0MB

MD5
79505304a5f3ae27ff16f8ecb5d4b73c

SHA1
c117282b2863198a9f32743d127e0aa3ec4a1be8

SHA256
84dbd87a36459eb7608512ac22783ff5a69866b8dcf101a87eb1ab4096b7c7ba

SHA512
4e611c484e4c8704e53ed3e3385d1071f5fd88166795223ae7f6439c7fe521fedf24e393dbd29677272c3efa28de96912c33a6f5e06e3ef99a165ef2dd4cbd73

Download Submit
C:\Windows\system\VAuwXPQ.exe

Filesize
6.0MB

MD5
9b4827dbe4ddc2faa1b3830355272361

SHA1
0bb90055504167178789bde3f271bd7ebd100e61

SHA256
47e5ebd839aab28d150ef0bea652d57f94e473c41ef90efee609d1196fd89d9b

SHA512
d2e67ea74d416290e7999ccf96401dc096c573b27906738b0b6d72077e56e8663d3a4bd172678797664a225dcd5581db25e72dc2b77d613eace41fec5a42f7aa

Download Submit
C:\Windows\system\VQaCtoN.exe

Filesize
6.0MB

MD5
592866bece81ad60f17ec383db5a26d0

SHA1
31a0897696c3731b4b0c3e2a334b1bdbdc52d39a

SHA256
3629bade91978c59bd41a84ae38a1169f61f8c6201c4ba0b658b79e79f7f76fc

SHA512
8e669aeee0af73714841e8e177d27a5b7d3f1178fb089f416b53a236ea4490732c5c5b5480511fb5fb1b979e93cdedf6767a1354d5c1b83f48775e0723c812bd

Download Submit
C:\Windows\system\WwtmrWW.exe

Filesize
6.0MB

MD5
699698dfd7be2dd63bd6a35ff3f150d4

SHA1
7552df68940c7bf01c51aaf4b2b42ab0a482e33a

SHA256
6cc183fe072c1312cc9fd4e8f6bedc13470f5a2807b779f4f4daf3b646fceef6

SHA512
922ab0b972f6e2731cd6a4a6a4f482bd835ae70686e329a8853a72776ecd641730d717d40c49661ebdaa5be9b5e4bdc68d8c416ea1ee4c95f68ddae51638744c

Download Submit
C:\Windows\system\YAXLFOk.exe

Filesize
6.0MB

MD5
6dee459933f6f1f772b5ab221d9fdb1f

SHA1
c124ece08d42c1663e2f711b974b808a99df1179

SHA256
1e819d8143e3b2b2b071c0ba112615480ae0fa301fd8ba14a9252ee6f39b11d7

SHA512
142b3f2dac5812bed79dba802e9b24a9897497dab820066df45c3ad493432f8480fb10eb7168df7cc64dd3b4fed284f53a123a973228a589e0d2c1a920ae0637

Download Submit
C:\Windows\system\YmcaSrL.exe

Filesize
6.0MB

MD5
baa1db8832835361f7de0036390cb91b

SHA1
39b70e55be37dfa1898f5e05baba3a286a330b4e

SHA256
279a013cf25abf707c0173582a7a2ac0defea5e58d2d889c5baced7260da07a6

SHA512
89f0a978ed4295a5a44dbc194fbfa0c760af0ae269a1ecd52145ccab90083444ca5c693eb7ca0c04abfb4279b884a60db06124bcaeae94d9d063c11858951b0a

Download Submit
C:\Windows\system\exAmuIO.exe

Filesize
6.0MB

MD5
1d56ee04c9c8c370bd9b77c1b25ac716

SHA1
4a3f47877f32f81293e1e4fbe1125e59f6f7ab07

SHA256
47a3229ce769731250a91da287678c8ce0bc01552a46faeacdbd907a51559d27

SHA512
fea7e9197944493451eeff6f88f70741a47a01b9a9062c1168698259f96c7be4cfd1daf87c1b4af1520f422902f427ff5914f4f73e2bdb6b89905bdd28524577

Download Submit
C:\Windows\system\fhPQlFO.exe

Filesize
6.0MB

MD5
17e0804df7f52fa33abbff5a9f04d2e9

SHA1
0019bf993a1c0f3f471e2f7808c155cd40a6d986

SHA256
19b6833ae6836653c283981a6a9670822519318de341d8b30d85ee38e488218d

SHA512
a91c4b9181d7e1023f03962224cb0be9305f3dd2be02bcec60f44c8dbf2a7724b028db6ef562858816dc6fa94586436a6fae31d7ab4d9ae0a8f459eedb34747d

Download Submit
C:\Windows\system\fxsvzTW.exe

Filesize
6.0MB

MD5
2e99f57543a12b84074bc424721ce138

SHA1
2470efb86fabdf0f52f4622b6b43fd0b771a6f96

SHA256
e4eacab2329e08a797da5695486710beac8cfbdcab1283a3dddcd3aa701636a4

SHA512
99a5f20a45fdde4f581643059a04cf8f2dcedf48e5bf03b38a3b9c2579e4f4ec601087b8833224ad4a50294a3e1f512c0665704c67de164c5869597665bf4cc1

Download Submit
C:\Windows\system\iILqAsl.exe

Filesize
6.0MB

MD5
571d6eba9713c3af11fdc1189b0c5884

SHA1
4d46d5f85343731283669b24439c8727d8995b7f

SHA256
d2d45cbcd952733e8c673dfc7790133f1b6df021a07f2c245e0ccf125251b6ef

SHA512
a9f7b95f5f300f17d04a12999ec66243e8bd5edfa6863d54798dfd7df7be186e0ae4cf80da8cbb579a6ee349a5663ee9b80ce7f5cefb11748fce62f1bc587fe0

Download Submit
C:\Windows\system\macWtfG.exe

Filesize
6.0MB

MD5
8fd6b4795e7dd6233937de6d7f878cd8

SHA1
0438e8fcfd928c62b9c168f2c4e2995bb672ca41

SHA256
a0b1ee023bb45e6a4910309e96d612d376d2fa282b6b398919c3bb9ee08e5f23

SHA512
888e81a9b0fbcca9838a60c60fff4919070a19304f2779608f8a0701566b0c32afb76f5feee8389919c0d41e3dcef87b86dfb841626c58640acbe0a3028bafd8

Download Submit
C:\Windows\system\pSuTukF.exe

Filesize
6.0MB

MD5
1d3839b50edd49e678ce067b1374588e

SHA1
957485ea28632decc1fbc609684cad18990c56fc

SHA256
281e39c67ce9c45e780b7e02800052bb2d1c8c1ac86141694d86567622cc04fc

SHA512
d129a63ceeb5633aacba17b306570ebb909df287542ef241226252c74e83bfbf90adcd8b8efbd8f108108dfa9f0ba2a942b01686caa7625dd3b69a4a4442dc1c

Download Submit
C:\Windows\system\pgWgMgT.exe

Filesize
6.0MB

MD5
75698edb461d32ba83751a9b4e26ff77

SHA1
d6a473685945429ad08f33089a56b8a90743cfdb

SHA256
832796a64c0e133e1508debf180bc66fdcacf5656bdeb35d20fe599903a8c633

SHA512
0181fec15c8089dfb969744dd1371d87fb397fc843d286769d9406f9c3877e42fbf8c4f7ebbe2e2d16b7b4dcf0e67ce4eb8cefd3f6b439674ab40c355a022150

Download Submit
C:\Windows\system\qtwlNnK.exe

Filesize
6.0MB

MD5
885fc856ef00060f96e761550517d2e8

SHA1
2cc0379b573da8bdbaa0837e682fd3f296b399f6

SHA256
f809d1b950046c00c57b03fe6688256d995f8eb3824bcd97856b158cac2aac63

SHA512
432a8ec71fc09edcc3747bfe7e202adfbbee39e4878aef7541f00da5e60c71737a6f2941aea930c7255f4b46215e355cbe3a66c94058ccd77b78ad81ba7580b6

Download Submit
C:\Windows\system\soYInQR.exe

Filesize
6.0MB

MD5
bd21f22667e8aea2f1972e9edd873007

SHA1
f2342359c82a18a3b8f98ec7d34503080e3c7231

SHA256
74b334552e4f2b8f9f6e998dfa5ca0e9ed4e2814f6ff96439bc3d0c59281d735

SHA512
32f887cabda0771afed3b07e9d688ab18df133a638642abd6d841cedf7ca5e9b4617a49f59dd2827b491bf28c65f9934cac2f8774e21c69d4b856c5bff97ca65

Download Submit
C:\Windows\system\tNbGAlJ.exe

Filesize
6.0MB

MD5
77126ea4bfd197dbdc01cd0aa6921007

SHA1
7f70f653402b5f4c050e97e3098dd4c591acc1cf

SHA256
17c1480c005d20a67f01bcbb59c595248962dcf8301cb77c616d447862a615e0

SHA512
eb405e2a4dccbb3c7c8ace720608fbf2de86fbe610f046696309441db0e5b2cef6592b2f111edd217846f7e78066495208a1f782d2ebcf094e128f303d28d567

Download Submit
C:\Windows\system\vwCmFAx.exe

Filesize
6.0MB

MD5
4f05ba8a2978091388898d3ee830ca4c

SHA1
86efa7ba2795de7ba26fd8196866d9ba8b61c4be

SHA256
d78065f1feb904485b34cbac9f0f992c66832f65bbd28703702f2d2c4fc53f10

SHA512
dc30efaa54f7e51d5dc2dba7a79fed6a17f92416bcf8f97873df5de166277a2c4a4e204ebf8b74b3a4432857486457f975d87559a485f4de10aecf0be2a0f42c

Download Submit
C:\Windows\system\wnHAuWt.exe

Filesize
6.0MB

MD5
25fe8096dfd33a911baed45e0f058996

SHA1
e1bdbc3f257e631e8fa4c4d5d488d570faa88c6c

SHA256
b9422bc71dc1689123b7d5f7e3ba4428d5123f0b9f45fdd93a40810783023f0d

SHA512
67442dfef3fe5e6b54af4adf27a942c613183c4c6116e4dc2f60be2e6e26f88c706a737ad73703617e2f4ce481cf70bf910aafbd498178496629ea088b9f47f2

Download Submit
C:\Windows\system\xDOcfDd.exe

Filesize
6.0MB

MD5
694552aaa15b99ed0fae3996e44d934d

SHA1
e77cae5e12b8e99ad91f1831d0aa860d7a847c94

SHA256
63db17ecbacd8cd1acc91f137744454059701470c45f6710c2948086c80af61f

SHA512
45f671d3dd672ce9340dcda18f97a5beff07ecc33f23f1d8dc9ba77b39c54c09593054f6e740cff9763477369c70364501eb6a6e2339dd00af2c1db73f3b2aa0

Download Submit
\Windows\system\PZPmiXv.exe

Filesize
6.0MB

MD5
10c55a0c505ea615ba7d592492da947a

SHA1
b7122e86682f5ad8a86a718dd0d20a78a83bef4d

SHA256
d064342087944a8389879497f2c80533e3f2415680061169e0d8f885f9afbc1c

SHA512
bcb8083619227f8f9792508ea12ae526e2bb81f460f1cf60733a055570aebd0bb3740d4c1d1eef81382f279ef12f75f7be4d843049c5f81bed54973b269cc3a0

Download Submit
\Windows\system\VByfJbs.exe

Filesize
6.0MB

MD5
99f3819184f82d20d9634c8f44e01739

SHA1
cb5a0a8a3a8b157ace8aa42ffa90d223e8f580b5

SHA256
510a237cf00652ab48f90495cc8967bf507caedda8d143f17fe21d239d8b6532

SHA512
22b79d7d71702d7298187c4ddee905e67a45fcacf35c039d5d5f2b897a730641af6db451b694b1a6e57f088e9571788488084c6e23d63e2be52c56e0b8323d5e

Download Submit
\Windows\system\bJQxMlA.exe

Filesize
6.0MB

MD5
57f7c2f447700a40cde36e91ace7a5c2

SHA1
8fdb720438bd2ad35c8dbccea83f94c3e08e1370

SHA256
fc529a24169ba90527ba53a2c8affc2bda45fa485ac1ae997559f88ebeb84454

SHA512
7dfb3597e1697e5d8053a4d167ed6f1969b46bf479bd100f58a3e759f5531e8f3fd9894b789f7b3883a273faf000d1a25686b055c88c6a0d986aa913655e39d0

Download Submit
\Windows\system\cyByOyG.exe

Filesize
6.0MB

MD5
6b247daa0ad976638dee6bfda48f5f30

SHA1
e814244c1dc7efc94fe774120a9089bd2c147626

SHA256
4bbcff06ec6d16428d38362df17a01d2611865b9bd6c83c397dc05fdaea51e69

SHA512
445676efa0e49d7f642502ab5cfafba03b7f25a16a7244cdb4643910fb9232d2c9a41b6f207f962155bf45f1eabd5358c44ca801c0ee37b8499e22fe1123ef02

Download Submit
memory/852-3634-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/852-492-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1332-476-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1332-3611-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1524-3612-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-556-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3588-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-554-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2124-78-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2124-557-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2124-555-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-487-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-553-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2124-19-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-517-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-456-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-479-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1146-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1147-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1148-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1149-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1150-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1151-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1152-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1153-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1415-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1416-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2124-947-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2124-948-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-950-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-496-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-537-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-507-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2124-79-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2124-0-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2124-560-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2124-76-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3630-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-552-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3575-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2660-559-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2664-511-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3593-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3584-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2708-503-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3590-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-522-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-74-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3594-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2888-80-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3587-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3589-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2896-77-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2912-75-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3618-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3032-482-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3585-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download