cobaltstrike | 622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
Size

6.0MB
MD5

f8541ee7b0a439d7cea29d33c66c434c
SHA1

428afa1860d6d687a6bafb890a4da3d46cdab7cd
SHA256

622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5
SHA512

2d0ff9e224d3bdcca9883ed597f9da6e86ba49cab1c34caddc66855c7d21750283eb35e6d733b6039aaba18da53ca1602721a584810a5707cfa552aab5577661
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUn:eOl56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d18-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d29-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d64-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d6d-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2672-0-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-6.dat	xmrig
behavioral1/files/0x0009000000016d18-11.dat	xmrig
behavioral1/files/0x0008000000016d29-12.dat	xmrig
behavioral1/files/0x0008000000016d31-20.dat	xmrig
behavioral1/files/0x0007000000016d4a-29.dat	xmrig
behavioral1/files/0x0007000000016d5e-35.dat	xmrig
behavioral1/files/0x0007000000016d64-37.dat	xmrig
behavioral1/files/0x0008000000016d6d-44.dat	xmrig
behavioral1/files/0x00050000000186fd-54.dat	xmrig
behavioral1/files/0x000500000001878f-74.dat	xmrig
behavioral1/files/0x00050000000187a5-79.dat	xmrig
behavioral1/files/0x0006000000019023-84.dat	xmrig
behavioral1/files/0x0005000000019261-94.dat	xmrig
behavioral1/files/0x0005000000019282-99.dat	xmrig
behavioral1/files/0x00050000000193c2-119.dat	xmrig
behavioral1/files/0x000500000001941e-129.dat	xmrig
behavioral1/files/0x0005000000019431-139.dat	xmrig
behavioral1/files/0x000500000001950c-159.dat	xmrig
behavioral1/files/0x000500000001944f-149.dat	xmrig
behavioral1/files/0x0005000000019461-153.dat	xmrig
behavioral1/files/0x0005000000019441-143.dat	xmrig
behavioral1/files/0x0005000000019427-134.dat	xmrig
behavioral1/files/0x00050000000193e1-124.dat	xmrig
behavioral1/files/0x00050000000193b4-114.dat	xmrig
behavioral1/files/0x0005000000019350-109.dat	xmrig
behavioral1/files/0x0005000000019334-104.dat	xmrig
behavioral1/files/0x000500000001925e-89.dat	xmrig
behavioral1/files/0x0005000000018784-69.dat	xmrig
behavioral1/files/0x000500000001873d-64.dat	xmrig
behavioral1/files/0x0005000000018728-59.dat	xmrig
behavioral1/files/0x00050000000186ee-49.dat	xmrig
behavioral1/files/0x0008000000016d3a-25.dat	xmrig
behavioral1/memory/2672-988-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2672-994-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2424-1016-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2556-993-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2672-1422-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2940-1364-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/484-1694-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2864-1870-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2840-1900-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2736-2009-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2932-2076-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3012-2183-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2964-2249-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2672-2254-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2728-2279-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2704-2291-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2672-2766-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2672-2917-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2672-3021-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2672-3026-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2672-3043-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2672-3017-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2672-3014-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2736-3334-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2864-3336-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2556-3338-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/3012-3340-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2940-3339-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2964-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2932-3349-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2840-3348-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2304	ddKLBTi.exe
3000	uhDtOEy.exe
2556	TdPxsjo.exe
2424	MsoXtwo.exe
2940	cXBNCQN.exe
484	otkjYKN.exe
2864	wACUmhI.exe
2840	XvjmzQJ.exe
2736	FCVnSPA.exe
2932	DXAwAYo.exe
3012	kkoyuLl.exe
2964	UxAdkcg.exe
2728	LUbCQvr.exe
2704	OCNTuUy.exe
2612	BDyhdLh.exe
1648	RxWiSwx.exe
2568	MukGpOC.exe
676	TwFFDEJ.exe
524	LeGSLJC.exe
1612	XoCkXQh.exe
2580	lQUAarF.exe
2148	cEZvIyY.exe
2504	kaWizML.exe
1196	UDCWJZQ.exe
1144	bWZomKA.exe
2816	UXpdSGo.exe
2208	EPKBpLX.exe
2956	HQShNPU.exe
1412	OoDPBZW.exe
1392	IuMBERN.exe
1180	UlulJot.exe
2572	ZDNgwPA.exe
1300	OgcrQLW.exe
2944	ufcETJV.exe
2432	UFbGRWR.exe
1656	AYqFPhc.exe
2064	iLTsQrW.exe
900	zGugeEu.exe
1696	PsEoGGa.exe
780	cHdplup.exe
1688	MioxNCV.exe
1544	TSDNloS.exe
696	FXciSSx.exe
2000	iDRQmGz.exe
2092	mvcgOoE.exe
2104	GaIKtnO.exe
2476	IJqaPJS.exe
1404	WFbmJft.exe
984	RVNRZRw.exe
1892	vIueHNj.exe
2336	hMFOpis.exe
3008	FxEePOv.exe
2028	XDckrto.exe
1496	tHQQnOP.exe
1624	PpACScd.exe
2060	iNcapmL.exe
2264	XGssXIj.exe
2500	EYnmbll.exe
2720	onvbiyM.exe
2532	TyuWMjM.exe
2600	WTSalqn.exe
2628	HHosDlI.exe
2648	kHZZFhr.exe
2712	RqooOst.exe

Loads dropped DLL 64 IoCs

pid	Process
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0007000000012116-6.dat	upx
behavioral1/files/0x0009000000016d18-11.dat	upx
behavioral1/files/0x0008000000016d29-12.dat	upx
behavioral1/files/0x0008000000016d31-20.dat	upx
behavioral1/files/0x0007000000016d4a-29.dat	upx
behavioral1/files/0x0007000000016d5e-35.dat	upx
behavioral1/files/0x0007000000016d64-37.dat	upx
behavioral1/files/0x0008000000016d6d-44.dat	upx
behavioral1/files/0x00050000000186fd-54.dat	upx
behavioral1/files/0x000500000001878f-74.dat	upx
behavioral1/files/0x00050000000187a5-79.dat	upx
behavioral1/files/0x0006000000019023-84.dat	upx
behavioral1/files/0x0005000000019261-94.dat	upx
behavioral1/files/0x0005000000019282-99.dat	upx
behavioral1/files/0x00050000000193c2-119.dat	upx
behavioral1/files/0x000500000001941e-129.dat	upx
behavioral1/files/0x0005000000019431-139.dat	upx
behavioral1/files/0x000500000001950c-159.dat	upx
behavioral1/files/0x000500000001944f-149.dat	upx
behavioral1/files/0x0005000000019461-153.dat	upx
behavioral1/files/0x0005000000019441-143.dat	upx
behavioral1/files/0x0005000000019427-134.dat	upx
behavioral1/files/0x00050000000193e1-124.dat	upx
behavioral1/files/0x00050000000193b4-114.dat	upx
behavioral1/files/0x0005000000019350-109.dat	upx
behavioral1/files/0x0005000000019334-104.dat	upx
behavioral1/files/0x000500000001925e-89.dat	upx
behavioral1/files/0x0005000000018784-69.dat	upx
behavioral1/files/0x000500000001873d-64.dat	upx
behavioral1/files/0x0005000000018728-59.dat	upx
behavioral1/files/0x00050000000186ee-49.dat	upx
behavioral1/files/0x0008000000016d3a-25.dat	upx
behavioral1/memory/2424-1016-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2556-993-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2940-1364-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/484-1694-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2864-1870-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2840-1900-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2736-2009-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2932-2076-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3012-2183-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2964-2249-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2728-2279-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2704-2291-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2672-2766-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2736-3334-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2864-3336-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2556-3338-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/3012-3340-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2940-3339-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2964-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2932-3349-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2840-3348-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2704-3347-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2424-3344-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/484-3342-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2728-3341-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Fwlutqd.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\YnsGVBY.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\FaCiSWB.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\mhZFHtl.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\VAkSXeg.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\lfIAlbr.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\PAlAqeM.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\WoUUdJc.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\CQVzzla.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\OyklnYP.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\IkZwnxs.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\EZocjEA.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ZVayHlH.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\vpjJjPs.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ImaLJfp.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\gRrXpyM.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\emQKLPk.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\xyynlXF.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\LGPKUJZ.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\fwhoPNk.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\aOyDpJa.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\FmOcxxM.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ybBzwhw.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\vIueHNj.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\mrhEDEA.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\zCQnASS.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\CLdpuXi.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\TDurxHo.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\mHeUels.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\oaHnOYf.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\PQfzeSB.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\pbxGrvy.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\yJyniXD.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\XAyRqEp.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\wtlSERk.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\mLJCCby.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\WpgbNLy.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ndrCigs.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\TdPxsjo.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\uWHwPgK.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\iVPnjMG.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\iYmmqvY.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\fbenBEH.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\AXMcgvg.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\TqcTipJ.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\PKsFjGx.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ECWTeYr.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\KiduDhb.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\nfLmJNR.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\xwuGNAZ.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\EYnmbll.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\cGOKqfw.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\FxsoLsH.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\BqQppiO.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\XWnqZoV.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\ulRbrcg.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\kNoGGZI.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\GuodtZU.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\uhdtPNa.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\REJQokI.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\MTVqRRn.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\FFPOPjY.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\jRwDDYQ.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
File created	C:\Windows\System\PivAIuZ.exe	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2304	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	31
PID 2672 wrote to memory of 2304	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	31
PID 2672 wrote to memory of 2304	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	31
PID 2672 wrote to memory of 3000	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	32
PID 2672 wrote to memory of 3000	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	32
PID 2672 wrote to memory of 3000	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	32
PID 2672 wrote to memory of 2556	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	33
PID 2672 wrote to memory of 2556	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	33
PID 2672 wrote to memory of 2556	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	33
PID 2672 wrote to memory of 2424	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	34
PID 2672 wrote to memory of 2424	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	34
PID 2672 wrote to memory of 2424	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	34
PID 2672 wrote to memory of 2940	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	35
PID 2672 wrote to memory of 2940	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	35
PID 2672 wrote to memory of 2940	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	35
PID 2672 wrote to memory of 484	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	36
PID 2672 wrote to memory of 484	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	36
PID 2672 wrote to memory of 484	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	36
PID 2672 wrote to memory of 2864	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	37
PID 2672 wrote to memory of 2864	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	37
PID 2672 wrote to memory of 2864	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	37
PID 2672 wrote to memory of 2840	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	38
PID 2672 wrote to memory of 2840	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	38
PID 2672 wrote to memory of 2840	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	38
PID 2672 wrote to memory of 2736	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	39
PID 2672 wrote to memory of 2736	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	39
PID 2672 wrote to memory of 2736	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	39
PID 2672 wrote to memory of 2932	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	40
PID 2672 wrote to memory of 2932	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	40
PID 2672 wrote to memory of 2932	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	40
PID 2672 wrote to memory of 3012	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	41
PID 2672 wrote to memory of 3012	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	41
PID 2672 wrote to memory of 3012	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	41
PID 2672 wrote to memory of 2964	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	42
PID 2672 wrote to memory of 2964	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	42
PID 2672 wrote to memory of 2964	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	42
PID 2672 wrote to memory of 2728	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	43
PID 2672 wrote to memory of 2728	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	43
PID 2672 wrote to memory of 2728	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	43
PID 2672 wrote to memory of 2704	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	44
PID 2672 wrote to memory of 2704	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	44
PID 2672 wrote to memory of 2704	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	44
PID 2672 wrote to memory of 2612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	45
PID 2672 wrote to memory of 2612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	45
PID 2672 wrote to memory of 2612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	45
PID 2672 wrote to memory of 1648	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	46
PID 2672 wrote to memory of 1648	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	46
PID 2672 wrote to memory of 1648	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	46
PID 2672 wrote to memory of 2568	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	47
PID 2672 wrote to memory of 2568	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	47
PID 2672 wrote to memory of 2568	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	47
PID 2672 wrote to memory of 676	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	48
PID 2672 wrote to memory of 676	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	48
PID 2672 wrote to memory of 676	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	48
PID 2672 wrote to memory of 524	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	49
PID 2672 wrote to memory of 524	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	49
PID 2672 wrote to memory of 524	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	49
PID 2672 wrote to memory of 1612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	50
PID 2672 wrote to memory of 1612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	50
PID 2672 wrote to memory of 1612	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	50
PID 2672 wrote to memory of 2580	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	51
PID 2672 wrote to memory of 2580	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	51
PID 2672 wrote to memory of 2580	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	51
PID 2672 wrote to memory of 2148	2672	JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_622e902052be71aeb46212cac0640c0a081e8f0423e64c441dfcd721d4138ec5.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\System\ddKLBTi.exe
  C:\Windows\System\ddKLBTi.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\uhDtOEy.exe
  C:\Windows\System\uhDtOEy.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TdPxsjo.exe
  C:\Windows\System\TdPxsjo.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\MsoXtwo.exe
  C:\Windows\System\MsoXtwo.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\cXBNCQN.exe
  C:\Windows\System\cXBNCQN.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\otkjYKN.exe
  C:\Windows\System\otkjYKN.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\wACUmhI.exe
  C:\Windows\System\wACUmhI.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\XvjmzQJ.exe
  C:\Windows\System\XvjmzQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\FCVnSPA.exe
  C:\Windows\System\FCVnSPA.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\DXAwAYo.exe
  C:\Windows\System\DXAwAYo.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\kkoyuLl.exe
  C:\Windows\System\kkoyuLl.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\UxAdkcg.exe
  C:\Windows\System\UxAdkcg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\LUbCQvr.exe
  C:\Windows\System\LUbCQvr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\OCNTuUy.exe
  C:\Windows\System\OCNTuUy.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\BDyhdLh.exe
  C:\Windows\System\BDyhdLh.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\RxWiSwx.exe
  C:\Windows\System\RxWiSwx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\MukGpOC.exe
  C:\Windows\System\MukGpOC.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TwFFDEJ.exe
  C:\Windows\System\TwFFDEJ.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\LeGSLJC.exe
  C:\Windows\System\LeGSLJC.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\XoCkXQh.exe
  C:\Windows\System\XoCkXQh.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\lQUAarF.exe
  C:\Windows\System\lQUAarF.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\cEZvIyY.exe
  C:\Windows\System\cEZvIyY.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\kaWizML.exe
  C:\Windows\System\kaWizML.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\UDCWJZQ.exe
  C:\Windows\System\UDCWJZQ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\bWZomKA.exe
  C:\Windows\System\bWZomKA.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\UXpdSGo.exe
  C:\Windows\System\UXpdSGo.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\EPKBpLX.exe
  C:\Windows\System\EPKBpLX.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HQShNPU.exe
  C:\Windows\System\HQShNPU.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\OoDPBZW.exe
  C:\Windows\System\OoDPBZW.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\IuMBERN.exe
  C:\Windows\System\IuMBERN.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\UlulJot.exe
  C:\Windows\System\UlulJot.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\ZDNgwPA.exe
  C:\Windows\System\ZDNgwPA.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\OgcrQLW.exe
  C:\Windows\System\OgcrQLW.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\UFbGRWR.exe
  C:\Windows\System\UFbGRWR.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ufcETJV.exe
  C:\Windows\System\ufcETJV.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\AYqFPhc.exe
  C:\Windows\System\AYqFPhc.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\iLTsQrW.exe
  C:\Windows\System\iLTsQrW.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PsEoGGa.exe
  C:\Windows\System\PsEoGGa.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\zGugeEu.exe
  C:\Windows\System\zGugeEu.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\MioxNCV.exe
  C:\Windows\System\MioxNCV.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\cHdplup.exe
  C:\Windows\System\cHdplup.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\FXciSSx.exe
  C:\Windows\System\FXciSSx.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\TSDNloS.exe
  C:\Windows\System\TSDNloS.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\iDRQmGz.exe
  C:\Windows\System\iDRQmGz.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\mvcgOoE.exe
  C:\Windows\System\mvcgOoE.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\GaIKtnO.exe
  C:\Windows\System\GaIKtnO.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\IJqaPJS.exe
  C:\Windows\System\IJqaPJS.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\WFbmJft.exe
  C:\Windows\System\WFbmJft.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\RVNRZRw.exe
  C:\Windows\System\RVNRZRw.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\vIueHNj.exe
  C:\Windows\System\vIueHNj.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\hMFOpis.exe
  C:\Windows\System\hMFOpis.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\FxEePOv.exe
  C:\Windows\System\FxEePOv.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\XDckrto.exe
  C:\Windows\System\XDckrto.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\tHQQnOP.exe
  C:\Windows\System\tHQQnOP.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\PpACScd.exe
  C:\Windows\System\PpACScd.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\iNcapmL.exe
  C:\Windows\System\iNcapmL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\XGssXIj.exe
  C:\Windows\System\XGssXIj.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\EYnmbll.exe
  C:\Windows\System\EYnmbll.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\onvbiyM.exe
  C:\Windows\System\onvbiyM.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\TyuWMjM.exe
  C:\Windows\System\TyuWMjM.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\WTSalqn.exe
  C:\Windows\System\WTSalqn.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HHosDlI.exe
  C:\Windows\System\HHosDlI.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\kHZZFhr.exe
  C:\Windows\System\kHZZFhr.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\RqooOst.exe
  C:\Windows\System\RqooOst.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\FZJeXTe.exe
  C:\Windows\System\FZJeXTe.exe
  2⤵
  PID:2900
- C:\Windows\System\utmmQws.exe
  C:\Windows\System\utmmQws.exe
  2⤵
  PID:768
- C:\Windows\System\ZlbVGdO.exe
  C:\Windows\System\ZlbVGdO.exe
  2⤵
  PID:692
- C:\Windows\System\EOyypHv.exe
  C:\Windows\System\EOyypHv.exe
  2⤵
  PID:2332
- C:\Windows\System\kjPalEO.exe
  C:\Windows\System\kjPalEO.exe
  2⤵
  PID:1944
- C:\Windows\System\rIehvzK.exe
  C:\Windows\System\rIehvzK.exe
  2⤵
  PID:2128
- C:\Windows\System\UMAzwHO.exe
  C:\Windows\System\UMAzwHO.exe
  2⤵
  PID:2268
- C:\Windows\System\ezGFxxO.exe
  C:\Windows\System\ezGFxxO.exe
  2⤵
  PID:348
- C:\Windows\System\DLlcRHX.exe
  C:\Windows\System\DLlcRHX.exe
  2⤵
  PID:2492
- C:\Windows\System\wjpXWwr.exe
  C:\Windows\System\wjpXWwr.exe
  2⤵
  PID:1176
- C:\Windows\System\RzwhgHa.exe
  C:\Windows\System\RzwhgHa.exe
  2⤵
  PID:636
- C:\Windows\System\OXIGWbL.exe
  C:\Windows\System\OXIGWbL.exe
  2⤵
  PID:1472
- C:\Windows\System\FPdpUdy.exe
  C:\Windows\System\FPdpUdy.exe
  2⤵
  PID:2316
- C:\Windows\System\pVOGmcK.exe
  C:\Windows\System\pVOGmcK.exe
  2⤵
  PID:3044
- C:\Windows\System\wyrUOck.exe
  C:\Windows\System\wyrUOck.exe
  2⤵
  PID:2008
- C:\Windows\System\tKDCShi.exe
  C:\Windows\System\tKDCShi.exe
  2⤵
  PID:1684
- C:\Windows\System\kkfiIby.exe
  C:\Windows\System\kkfiIby.exe
  2⤵
  PID:1408
- C:\Windows\System\MlEsNvP.exe
  C:\Windows\System\MlEsNvP.exe
  2⤵
  PID:1432
- C:\Windows\System\gQNHpAf.exe
  C:\Windows\System\gQNHpAf.exe
  2⤵
  PID:2084
- C:\Windows\System\hGuuefS.exe
  C:\Windows\System\hGuuefS.exe
  2⤵
  PID:2232
- C:\Windows\System\esBkimG.exe
  C:\Windows\System\esBkimG.exe
  2⤵
  PID:1600
- C:\Windows\System\EpvGUAS.exe
  C:\Windows\System\EpvGUAS.exe
  2⤵
  PID:2176
- C:\Windows\System\KixnnRb.exe
  C:\Windows\System\KixnnRb.exe
  2⤵
  PID:1976
- C:\Windows\System\YUVEBZR.exe
  C:\Windows\System\YUVEBZR.exe
  2⤵
  PID:2004
- C:\Windows\System\ZaZMekM.exe
  C:\Windows\System\ZaZMekM.exe
  2⤵
  PID:2236
- C:\Windows\System\jtYNHyQ.exe
  C:\Windows\System\jtYNHyQ.exe
  2⤵
  PID:2772
- C:\Windows\System\esIgkQK.exe
  C:\Windows\System\esIgkQK.exe
  2⤵
  PID:2700
- C:\Windows\System\iSWQtJc.exe
  C:\Windows\System\iSWQtJc.exe
  2⤵
  PID:2856
- C:\Windows\System\VpdmsYp.exe
  C:\Windows\System\VpdmsYp.exe
  2⤵
  PID:2852
- C:\Windows\System\AoGidsu.exe
  C:\Windows\System\AoGidsu.exe
  2⤵
  PID:2644
- C:\Windows\System\YbaJrWl.exe
  C:\Windows\System\YbaJrWl.exe
  2⤵
  PID:2296
- C:\Windows\System\glVqYDA.exe
  C:\Windows\System\glVqYDA.exe
  2⤵
  PID:1636
- C:\Windows\System\hvoeuvg.exe
  C:\Windows\System\hvoeuvg.exe
  2⤵
  PID:1644
- C:\Windows\System\oRsXfsr.exe
  C:\Windows\System\oRsXfsr.exe
  2⤵
  PID:2012
- C:\Windows\System\MfidiTv.exe
  C:\Windows\System\MfidiTv.exe
  2⤵
  PID:1532
- C:\Windows\System\mZwgvph.exe
  C:\Windows\System\mZwgvph.exe
  2⤵
  PID:408
- C:\Windows\System\oauxFHR.exe
  C:\Windows\System\oauxFHR.exe
  2⤵
  PID:1256
- C:\Windows\System\lSrCVAu.exe
  C:\Windows\System\lSrCVAu.exe
  2⤵
  PID:912
- C:\Windows\System\kQDpxKB.exe
  C:\Windows\System\kQDpxKB.exe
  2⤵
  PID:1836
- C:\Windows\System\iGxlQco.exe
  C:\Windows\System\iGxlQco.exe
  2⤵
  PID:1584
- C:\Windows\System\WdYEmRM.exe
  C:\Windows\System\WdYEmRM.exe
  2⤵
  PID:2356
- C:\Windows\System\gVutwpJ.exe
  C:\Windows\System\gVutwpJ.exe
  2⤵
  PID:1052
- C:\Windows\System\VXwzRYh.exe
  C:\Windows\System\VXwzRYh.exe
  2⤵
  PID:2548
- C:\Windows\System\BLUrGkq.exe
  C:\Windows\System\BLUrGkq.exe
  2⤵
  PID:1732
- C:\Windows\System\DPEUvZj.exe
  C:\Windows\System\DPEUvZj.exe
  2⤵
  PID:2248
- C:\Windows\System\BzYDPvx.exe
  C:\Windows\System\BzYDPvx.exe
  2⤵
  PID:2740
- C:\Windows\System\mzIJsSc.exe
  C:\Windows\System\mzIJsSc.exe
  2⤵
  PID:3080
- C:\Windows\System\cIURzEf.exe
  C:\Windows\System\cIURzEf.exe
  2⤵
  PID:3100
- C:\Windows\System\BrRZEvC.exe
  C:\Windows\System\BrRZEvC.exe
  2⤵
  PID:3120
- C:\Windows\System\rdbLWuB.exe
  C:\Windows\System\rdbLWuB.exe
  2⤵
  PID:3140
- C:\Windows\System\tnedfPM.exe
  C:\Windows\System\tnedfPM.exe
  2⤵
  PID:3160
- C:\Windows\System\ODwEOCu.exe
  C:\Windows\System\ODwEOCu.exe
  2⤵
  PID:3180
- C:\Windows\System\hOmrFwS.exe
  C:\Windows\System\hOmrFwS.exe
  2⤵
  PID:3200
- C:\Windows\System\vEHjHFS.exe
  C:\Windows\System\vEHjHFS.exe
  2⤵
  PID:3220
- C:\Windows\System\ViydEXZ.exe
  C:\Windows\System\ViydEXZ.exe
  2⤵
  PID:3240
- C:\Windows\System\xTqByHj.exe
  C:\Windows\System\xTqByHj.exe
  2⤵
  PID:3260
- C:\Windows\System\KQMmNAT.exe
  C:\Windows\System\KQMmNAT.exe
  2⤵
  PID:3280
- C:\Windows\System\ZVayHlH.exe
  C:\Windows\System\ZVayHlH.exe
  2⤵
  PID:3300
- C:\Windows\System\MjBNIDQ.exe
  C:\Windows\System\MjBNIDQ.exe
  2⤵
  PID:3320
- C:\Windows\System\zxarfwV.exe
  C:\Windows\System\zxarfwV.exe
  2⤵
  PID:3340
- C:\Windows\System\lcOWcuC.exe
  C:\Windows\System\lcOWcuC.exe
  2⤵
  PID:3360
- C:\Windows\System\YnBnLnt.exe
  C:\Windows\System\YnBnLnt.exe
  2⤵
  PID:3380
- C:\Windows\System\rpPNanF.exe
  C:\Windows\System\rpPNanF.exe
  2⤵
  PID:3400
- C:\Windows\System\eDlpFcX.exe
  C:\Windows\System\eDlpFcX.exe
  2⤵
  PID:3420
- C:\Windows\System\vEHBYLi.exe
  C:\Windows\System\vEHBYLi.exe
  2⤵
  PID:3440
- C:\Windows\System\RWVcWrl.exe
  C:\Windows\System\RWVcWrl.exe
  2⤵
  PID:3460
- C:\Windows\System\SFUHeFY.exe
  C:\Windows\System\SFUHeFY.exe
  2⤵
  PID:3480
- C:\Windows\System\ROSupYe.exe
  C:\Windows\System\ROSupYe.exe
  2⤵
  PID:3500
- C:\Windows\System\coGhZYO.exe
  C:\Windows\System\coGhZYO.exe
  2⤵
  PID:3520
- C:\Windows\System\ThOvuyU.exe
  C:\Windows\System\ThOvuyU.exe
  2⤵
  PID:3540
- C:\Windows\System\Gsgqebx.exe
  C:\Windows\System\Gsgqebx.exe
  2⤵
  PID:3560
- C:\Windows\System\wwqNdEJ.exe
  C:\Windows\System\wwqNdEJ.exe
  2⤵
  PID:3580
- C:\Windows\System\ZXPFTMa.exe
  C:\Windows\System\ZXPFTMa.exe
  2⤵
  PID:3600
- C:\Windows\System\xlLdqis.exe
  C:\Windows\System\xlLdqis.exe
  2⤵
  PID:3620
- C:\Windows\System\pbxGrvy.exe
  C:\Windows\System\pbxGrvy.exe
  2⤵
  PID:3640
- C:\Windows\System\KAeXBUr.exe
  C:\Windows\System\KAeXBUr.exe
  2⤵
  PID:3660
- C:\Windows\System\WLPSfjT.exe
  C:\Windows\System\WLPSfjT.exe
  2⤵
  PID:3680
- C:\Windows\System\ynmVVqp.exe
  C:\Windows\System\ynmVVqp.exe
  2⤵
  PID:3700
- C:\Windows\System\VZGDXvU.exe
  C:\Windows\System\VZGDXvU.exe
  2⤵
  PID:3720
- C:\Windows\System\kEtfzyZ.exe
  C:\Windows\System\kEtfzyZ.exe
  2⤵
  PID:3740
- C:\Windows\System\LCQiuJD.exe
  C:\Windows\System\LCQiuJD.exe
  2⤵
  PID:3760
- C:\Windows\System\wjXiuaM.exe
  C:\Windows\System\wjXiuaM.exe
  2⤵
  PID:3780
- C:\Windows\System\UMsLAWz.exe
  C:\Windows\System\UMsLAWz.exe
  2⤵
  PID:3800
- C:\Windows\System\wjjkAvP.exe
  C:\Windows\System\wjjkAvP.exe
  2⤵
  PID:3820
- C:\Windows\System\Jabmupm.exe
  C:\Windows\System\Jabmupm.exe
  2⤵
  PID:3840
- C:\Windows\System\VubZIgY.exe
  C:\Windows\System\VubZIgY.exe
  2⤵
  PID:3860
- C:\Windows\System\RJyISnX.exe
  C:\Windows\System\RJyISnX.exe
  2⤵
  PID:3880
- C:\Windows\System\fGJkXAx.exe
  C:\Windows\System\fGJkXAx.exe
  2⤵
  PID:3900
- C:\Windows\System\SuULzEo.exe
  C:\Windows\System\SuULzEo.exe
  2⤵
  PID:3920
- C:\Windows\System\ywLgiVA.exe
  C:\Windows\System\ywLgiVA.exe
  2⤵
  PID:3940
- C:\Windows\System\oLiOWFY.exe
  C:\Windows\System\oLiOWFY.exe
  2⤵
  PID:3960
- C:\Windows\System\fDdENAZ.exe
  C:\Windows\System\fDdENAZ.exe
  2⤵
  PID:3980
- C:\Windows\System\DacTbxL.exe
  C:\Windows\System\DacTbxL.exe
  2⤵
  PID:4000
- C:\Windows\System\eKPQjQn.exe
  C:\Windows\System\eKPQjQn.exe
  2⤵
  PID:4020
- C:\Windows\System\VIhZltZ.exe
  C:\Windows\System\VIhZltZ.exe
  2⤵
  PID:4040
- C:\Windows\System\nImOdbo.exe
  C:\Windows\System\nImOdbo.exe
  2⤵
  PID:4064
- C:\Windows\System\lOEFnwL.exe
  C:\Windows\System\lOEFnwL.exe
  2⤵
  PID:4084
- C:\Windows\System\HjZHXcL.exe
  C:\Windows\System\HjZHXcL.exe
  2⤵
  PID:2528
- C:\Windows\System\BApMPJM.exe
  C:\Windows\System\BApMPJM.exe
  2⤵
  PID:860
- C:\Windows\System\yJyniXD.exe
  C:\Windows\System\yJyniXD.exe
  2⤵
  PID:2652
- C:\Windows\System\OxhfVCy.exe
  C:\Windows\System\OxhfVCy.exe
  2⤵
  PID:1512
- C:\Windows\System\ZHlsAHi.exe
  C:\Windows\System\ZHlsAHi.exe
  2⤵
  PID:2576
- C:\Windows\System\ylzmZYI.exe
  C:\Windows\System\ylzmZYI.exe
  2⤵
  PID:1208
- C:\Windows\System\QbXGJRT.exe
  C:\Windows\System\QbXGJRT.exe
  2⤵
  PID:2204
- C:\Windows\System\hzSrewU.exe
  C:\Windows\System\hzSrewU.exe
  2⤵
  PID:2196
- C:\Windows\System\ONAdvng.exe
  C:\Windows\System\ONAdvng.exe
  2⤵
  PID:2068
- C:\Windows\System\TWFbDjO.exe
  C:\Windows\System\TWFbDjO.exe
  2⤵
  PID:2056
- C:\Windows\System\taBmerq.exe
  C:\Windows\System\taBmerq.exe
  2⤵
  PID:3016
- C:\Windows\System\JbdLukj.exe
  C:\Windows\System\JbdLukj.exe
  2⤵
  PID:3096
- C:\Windows\System\fWEhQDK.exe
  C:\Windows\System\fWEhQDK.exe
  2⤵
  PID:3136
- C:\Windows\System\yhQMota.exe
  C:\Windows\System\yhQMota.exe
  2⤵
  PID:3168
- C:\Windows\System\gKjlDMI.exe
  C:\Windows\System\gKjlDMI.exe
  2⤵
  PID:3196
- C:\Windows\System\yIQhCFV.exe
  C:\Windows\System\yIQhCFV.exe
  2⤵
  PID:3228
- C:\Windows\System\QINuzWO.exe
  C:\Windows\System\QINuzWO.exe
  2⤵
  PID:3252
- C:\Windows\System\xsnywiD.exe
  C:\Windows\System\xsnywiD.exe
  2⤵
  PID:3296
- C:\Windows\System\IjXjoSm.exe
  C:\Windows\System\IjXjoSm.exe
  2⤵
  PID:3316
- C:\Windows\System\iGJINWr.exe
  C:\Windows\System\iGJINWr.exe
  2⤵
  PID:3356
- C:\Windows\System\LEwSLmv.exe
  C:\Windows\System\LEwSLmv.exe
  2⤵
  PID:3408
- C:\Windows\System\NDyEtUJ.exe
  C:\Windows\System\NDyEtUJ.exe
  2⤵
  PID:3428
- C:\Windows\System\MxMGEYi.exe
  C:\Windows\System\MxMGEYi.exe
  2⤵
  PID:3452
- C:\Windows\System\PhKDbSk.exe
  C:\Windows\System\PhKDbSk.exe
  2⤵
  PID:3496
- C:\Windows\System\Rnlrgsv.exe
  C:\Windows\System\Rnlrgsv.exe
  2⤵
  PID:3516
- C:\Windows\System\wZTmYTf.exe
  C:\Windows\System\wZTmYTf.exe
  2⤵
  PID:3568
- C:\Windows\System\wPIVFJu.exe
  C:\Windows\System\wPIVFJu.exe
  2⤵
  PID:3608
- C:\Windows\System\LOXklZn.exe
  C:\Windows\System\LOXklZn.exe
  2⤵
  PID:3628
- C:\Windows\System\jOdzxJa.exe
  C:\Windows\System\jOdzxJa.exe
  2⤵
  PID:3632
- C:\Windows\System\jyftIHc.exe
  C:\Windows\System\jyftIHc.exe
  2⤵
  PID:3696
- C:\Windows\System\nwuAJPr.exe
  C:\Windows\System\nwuAJPr.exe
  2⤵
  PID:3712
- C:\Windows\System\zanAphX.exe
  C:\Windows\System\zanAphX.exe
  2⤵
  PID:3752
- C:\Windows\System\VYwYbNk.exe
  C:\Windows\System\VYwYbNk.exe
  2⤵
  PID:3816
- C:\Windows\System\nTWTIJU.exe
  C:\Windows\System\nTWTIJU.exe
  2⤵
  PID:3848
- C:\Windows\System\XeABYeK.exe
  C:\Windows\System\XeABYeK.exe
  2⤵
  PID:3852
- C:\Windows\System\vyGDfyk.exe
  C:\Windows\System\vyGDfyk.exe
  2⤵
  PID:3876
- C:\Windows\System\xCyllJD.exe
  C:\Windows\System\xCyllJD.exe
  2⤵
  PID:3912
- C:\Windows\System\ZmjxbsF.exe
  C:\Windows\System\ZmjxbsF.exe
  2⤵
  PID:3976
- C:\Windows\System\WxmMvzC.exe
  C:\Windows\System\WxmMvzC.exe
  2⤵
  PID:4016
- C:\Windows\System\miQLBmi.exe
  C:\Windows\System\miQLBmi.exe
  2⤵
  PID:4048
- C:\Windows\System\hHppYgE.exe
  C:\Windows\System\hHppYgE.exe
  2⤵
  PID:4056
- C:\Windows\System\clnCfOR.exe
  C:\Windows\System\clnCfOR.exe
  2⤵
  PID:4076
- C:\Windows\System\nYmIjlP.exe
  C:\Windows\System\nYmIjlP.exe
  2⤵
  PID:2608
- C:\Windows\System\rsyWvYb.exe
  C:\Windows\System\rsyWvYb.exe
  2⤵
  PID:2984
- C:\Windows\System\Qwlhslq.exe
  C:\Windows\System\Qwlhslq.exe
  2⤵
  PID:108
- C:\Windows\System\TqnPnul.exe
  C:\Windows\System\TqnPnul.exe
  2⤵
  PID:2220
- C:\Windows\System\eoErVqk.exe
  C:\Windows\System\eoErVqk.exe
  2⤵
  PID:784
- C:\Windows\System\nzoyMAg.exe
  C:\Windows\System\nzoyMAg.exe
  2⤵
  PID:2324
- C:\Windows\System\tvnKYoc.exe
  C:\Windows\System\tvnKYoc.exe
  2⤵
  PID:3108
- C:\Windows\System\ERTFFTy.exe
  C:\Windows\System\ERTFFTy.exe
  2⤵
  PID:3172
- C:\Windows\System\drQTOIV.exe
  C:\Windows\System\drQTOIV.exe
  2⤵
  PID:3192
- C:\Windows\System\xsWCBuU.exe
  C:\Windows\System\xsWCBuU.exe
  2⤵
  PID:3336
- C:\Windows\System\LtuBXNz.exe
  C:\Windows\System\LtuBXNz.exe
  2⤵
  PID:3332
- C:\Windows\System\OwWRZWM.exe
  C:\Windows\System\OwWRZWM.exe
  2⤵
  PID:3372
- C:\Windows\System\GVhuenP.exe
  C:\Windows\System\GVhuenP.exe
  2⤵
  PID:3456
- C:\Windows\System\DdOGTYq.exe
  C:\Windows\System\DdOGTYq.exe
  2⤵
  PID:3508
- C:\Windows\System\EZOcSYO.exe
  C:\Windows\System\EZOcSYO.exe
  2⤵
  PID:3588
- C:\Windows\System\xXhClwk.exe
  C:\Windows\System\xXhClwk.exe
  2⤵
  PID:3612
- C:\Windows\System\WnizJUL.exe
  C:\Windows\System\WnizJUL.exe
  2⤵
  PID:3676
- C:\Windows\System\tkbGZis.exe
  C:\Windows\System\tkbGZis.exe
  2⤵
  PID:3728
- C:\Windows\System\WPqNzGk.exe
  C:\Windows\System\WPqNzGk.exe
  2⤵
  PID:3756
- C:\Windows\System\ItDimGW.exe
  C:\Windows\System\ItDimGW.exe
  2⤵
  PID:3792
- C:\Windows\System\KToAEFZ.exe
  C:\Windows\System\KToAEFZ.exe
  2⤵
  PID:3892
- C:\Windows\System\UgRYvGL.exe
  C:\Windows\System\UgRYvGL.exe
  2⤵
  PID:3968
- C:\Windows\System\qtngEst.exe
  C:\Windows\System\qtngEst.exe
  2⤵
  PID:3996
- C:\Windows\System\ZeZZNzb.exe
  C:\Windows\System\ZeZZNzb.exe
  2⤵
  PID:4036
- C:\Windows\System\MIajFFp.exe
  C:\Windows\System\MIajFFp.exe
  2⤵
  PID:1540
- C:\Windows\System\nWJUJgS.exe
  C:\Windows\System\nWJUJgS.exe
  2⤵
  PID:2032
- C:\Windows\System\SjpTugH.exe
  C:\Windows\System\SjpTugH.exe
  2⤵
  PID:2256
- C:\Windows\System\Tlpbovs.exe
  C:\Windows\System\Tlpbovs.exe
  2⤵
  PID:1628
- C:\Windows\System\OqyqzpM.exe
  C:\Windows\System\OqyqzpM.exe
  2⤵
  PID:3152
- C:\Windows\System\XfirSRQ.exe
  C:\Windows\System\XfirSRQ.exe
  2⤵
  PID:3112
- C:\Windows\System\BOLMLwC.exe
  C:\Windows\System\BOLMLwC.exe
  2⤵
  PID:3436
- C:\Windows\System\ZzPCPGS.exe
  C:\Windows\System\ZzPCPGS.exe
  2⤵
  PID:3412
- C:\Windows\System\nPlBenK.exe
  C:\Windows\System\nPlBenK.exe
  2⤵
  PID:4108
- C:\Windows\System\ylKrXyT.exe
  C:\Windows\System\ylKrXyT.exe
  2⤵
  PID:4124
- C:\Windows\System\ucOihdu.exe
  C:\Windows\System\ucOihdu.exe
  2⤵
  PID:4148
- C:\Windows\System\zfzLxRh.exe
  C:\Windows\System\zfzLxRh.exe
  2⤵
  PID:4168
- C:\Windows\System\NEaktTQ.exe
  C:\Windows\System\NEaktTQ.exe
  2⤵
  PID:4188
- C:\Windows\System\tVJGvdp.exe
  C:\Windows\System\tVJGvdp.exe
  2⤵
  PID:4208
- C:\Windows\System\PQfzeSB.exe
  C:\Windows\System\PQfzeSB.exe
  2⤵
  PID:4228
- C:\Windows\System\tNpRCNJ.exe
  C:\Windows\System\tNpRCNJ.exe
  2⤵
  PID:4248
- C:\Windows\System\AXVZiIS.exe
  C:\Windows\System\AXVZiIS.exe
  2⤵
  PID:4268
- C:\Windows\System\IHgvajS.exe
  C:\Windows\System\IHgvajS.exe
  2⤵
  PID:4288
- C:\Windows\System\dPINavI.exe
  C:\Windows\System\dPINavI.exe
  2⤵
  PID:4308
- C:\Windows\System\zThLuan.exe
  C:\Windows\System\zThLuan.exe
  2⤵
  PID:4328
- C:\Windows\System\PJyJEkM.exe
  C:\Windows\System\PJyJEkM.exe
  2⤵
  PID:4348
- C:\Windows\System\SGjJVZt.exe
  C:\Windows\System\SGjJVZt.exe
  2⤵
  PID:4368
- C:\Windows\System\JiuGXWT.exe
  C:\Windows\System\JiuGXWT.exe
  2⤵
  PID:4388
- C:\Windows\System\LnzNaSd.exe
  C:\Windows\System\LnzNaSd.exe
  2⤵
  PID:4408
- C:\Windows\System\gJxCCIE.exe
  C:\Windows\System\gJxCCIE.exe
  2⤵
  PID:4428
- C:\Windows\System\lBMYbXz.exe
  C:\Windows\System\lBMYbXz.exe
  2⤵
  PID:4448
- C:\Windows\System\nIYaQhs.exe
  C:\Windows\System\nIYaQhs.exe
  2⤵
  PID:4468
- C:\Windows\System\wGRaNVn.exe
  C:\Windows\System\wGRaNVn.exe
  2⤵
  PID:4488
- C:\Windows\System\juEVHhe.exe
  C:\Windows\System\juEVHhe.exe
  2⤵
  PID:4508
- C:\Windows\System\kvCkmoV.exe
  C:\Windows\System\kvCkmoV.exe
  2⤵
  PID:4528
- C:\Windows\System\rLRzJCm.exe
  C:\Windows\System\rLRzJCm.exe
  2⤵
  PID:4548
- C:\Windows\System\EeISLjq.exe
  C:\Windows\System\EeISLjq.exe
  2⤵
  PID:4568
- C:\Windows\System\zcytHlP.exe
  C:\Windows\System\zcytHlP.exe
  2⤵
  PID:4588
- C:\Windows\System\qyeGDcO.exe
  C:\Windows\System\qyeGDcO.exe
  2⤵
  PID:4612
- C:\Windows\System\xercjKW.exe
  C:\Windows\System\xercjKW.exe
  2⤵
  PID:4632
- C:\Windows\System\SQtYASC.exe
  C:\Windows\System\SQtYASC.exe
  2⤵
  PID:4652
- C:\Windows\System\QMXdSpf.exe
  C:\Windows\System\QMXdSpf.exe
  2⤵
  PID:4672
- C:\Windows\System\QEsknJL.exe
  C:\Windows\System\QEsknJL.exe
  2⤵
  PID:4692
- C:\Windows\System\pONLgFH.exe
  C:\Windows\System\pONLgFH.exe
  2⤵
  PID:4712
- C:\Windows\System\UoVDxra.exe
  C:\Windows\System\UoVDxra.exe
  2⤵
  PID:4732
- C:\Windows\System\xbWNcAE.exe
  C:\Windows\System\xbWNcAE.exe
  2⤵
  PID:4752
- C:\Windows\System\caizEDe.exe
  C:\Windows\System\caizEDe.exe
  2⤵
  PID:4772
- C:\Windows\System\MwKxqZX.exe
  C:\Windows\System\MwKxqZX.exe
  2⤵
  PID:4792
- C:\Windows\System\fDECLee.exe
  C:\Windows\System\fDECLee.exe
  2⤵
  PID:4812
- C:\Windows\System\QZHRVsl.exe
  C:\Windows\System\QZHRVsl.exe
  2⤵
  PID:4832
- C:\Windows\System\AnDnZAm.exe
  C:\Windows\System\AnDnZAm.exe
  2⤵
  PID:4852
- C:\Windows\System\wbMQbtv.exe
  C:\Windows\System\wbMQbtv.exe
  2⤵
  PID:4872
- C:\Windows\System\kHjNoYX.exe
  C:\Windows\System\kHjNoYX.exe
  2⤵
  PID:4892
- C:\Windows\System\YHXZQeE.exe
  C:\Windows\System\YHXZQeE.exe
  2⤵
  PID:4912
- C:\Windows\System\PoycdTF.exe
  C:\Windows\System\PoycdTF.exe
  2⤵
  PID:4932
- C:\Windows\System\ogLEyza.exe
  C:\Windows\System\ogLEyza.exe
  2⤵
  PID:4952
- C:\Windows\System\slQecuV.exe
  C:\Windows\System\slQecuV.exe
  2⤵
  PID:4972
- C:\Windows\System\oxryuoM.exe
  C:\Windows\System\oxryuoM.exe
  2⤵
  PID:4992
- C:\Windows\System\LvaqueD.exe
  C:\Windows\System\LvaqueD.exe
  2⤵
  PID:5012
- C:\Windows\System\qLTKAKO.exe
  C:\Windows\System\qLTKAKO.exe
  2⤵
  PID:5032
- C:\Windows\System\ScAQNDT.exe
  C:\Windows\System\ScAQNDT.exe
  2⤵
  PID:5052
- C:\Windows\System\qmGSJxJ.exe
  C:\Windows\System\qmGSJxJ.exe
  2⤵
  PID:5072
- C:\Windows\System\XEnvLhk.exe
  C:\Windows\System\XEnvLhk.exe
  2⤵
  PID:5092
- C:\Windows\System\TaAbQEj.exe
  C:\Windows\System\TaAbQEj.exe
  2⤵
  PID:5112
- C:\Windows\System\osXWPEj.exe
  C:\Windows\System\osXWPEj.exe
  2⤵
  PID:3576
- C:\Windows\System\QJSshfW.exe
  C:\Windows\System\QJSshfW.exe
  2⤵
  PID:3596
- C:\Windows\System\cAaHgav.exe
  C:\Windows\System\cAaHgav.exe
  2⤵
  PID:3716
- C:\Windows\System\JxCczPS.exe
  C:\Windows\System\JxCczPS.exe
  2⤵
  PID:3856
- C:\Windows\System\aaxtybp.exe
  C:\Windows\System\aaxtybp.exe
  2⤵
  PID:3812
- C:\Windows\System\vegfIBc.exe
  C:\Windows\System\vegfIBc.exe
  2⤵
  PID:4008
- C:\Windows\System\gEObASs.exe
  C:\Windows\System\gEObASs.exe
  2⤵
  PID:2668
- C:\Windows\System\YfQpcNV.exe
  C:\Windows\System\YfQpcNV.exe
  2⤵
  PID:1396
- C:\Windows\System\MkmwGAV.exe
  C:\Windows\System\MkmwGAV.exe
  2⤵
  PID:880
- C:\Windows\System\ohlMcVj.exe
  C:\Windows\System\ohlMcVj.exe
  2⤵
  PID:3276
- C:\Windows\System\qTRHZfB.exe
  C:\Windows\System\qTRHZfB.exe
  2⤵
  PID:3272
- C:\Windows\System\yIOZWdK.exe
  C:\Windows\System\yIOZWdK.exe
  2⤵
  PID:3368
- C:\Windows\System\ScKGQzo.exe
  C:\Windows\System\ScKGQzo.exe
  2⤵
  PID:4144
- C:\Windows\System\WoUUdJc.exe
  C:\Windows\System\WoUUdJc.exe
  2⤵
  PID:4164
- C:\Windows\System\isICloR.exe
  C:\Windows\System\isICloR.exe
  2⤵
  PID:4216
- C:\Windows\System\WqOYNXg.exe
  C:\Windows\System\WqOYNXg.exe
  2⤵
  PID:4236
- C:\Windows\System\ZzRvkGd.exe
  C:\Windows\System\ZzRvkGd.exe
  2⤵
  PID:4260
- C:\Windows\System\lTxVIma.exe
  C:\Windows\System\lTxVIma.exe
  2⤵
  PID:4304
- C:\Windows\System\FUVqNex.exe
  C:\Windows\System\FUVqNex.exe
  2⤵
  PID:4344
- C:\Windows\System\DEyyOZW.exe
  C:\Windows\System\DEyyOZW.exe
  2⤵
  PID:4436
- C:\Windows\System\EsjyJLe.exe
  C:\Windows\System\EsjyJLe.exe
  2⤵
  PID:4460
- C:\Windows\System\VidAEbP.exe
  C:\Windows\System\VidAEbP.exe
  2⤵
  PID:4484
- C:\Windows\System\gKYkVDw.exe
  C:\Windows\System\gKYkVDw.exe
  2⤵
  PID:4520
- C:\Windows\System\wFnVlue.exe
  C:\Windows\System\wFnVlue.exe
  2⤵
  PID:4584
- C:\Windows\System\OCLjDcQ.exe
  C:\Windows\System\OCLjDcQ.exe
  2⤵
  PID:4608
- C:\Windows\System\RqemxbU.exe
  C:\Windows\System\RqemxbU.exe
  2⤵
  PID:4640
- C:\Windows\System\ixTunhD.exe
  C:\Windows\System\ixTunhD.exe
  2⤵
  PID:4680
- C:\Windows\System\JKWoAPg.exe
  C:\Windows\System\JKWoAPg.exe
  2⤵
  PID:4708
- C:\Windows\System\ubieekp.exe
  C:\Windows\System\ubieekp.exe
  2⤵
  PID:4740
- C:\Windows\System\ZuMzsLq.exe
  C:\Windows\System\ZuMzsLq.exe
  2⤵
  PID:4768
- C:\Windows\System\qteHDYS.exe
  C:\Windows\System\qteHDYS.exe
  2⤵
  PID:4820
- C:\Windows\System\VZpuiuj.exe
  C:\Windows\System\VZpuiuj.exe
  2⤵
  PID:4840
- C:\Windows\System\fljiuze.exe
  C:\Windows\System\fljiuze.exe
  2⤵
  PID:4844
- C:\Windows\System\bSPBGCA.exe
  C:\Windows\System\bSPBGCA.exe
  2⤵
  PID:4900
- C:\Windows\System\rrYTeQr.exe
  C:\Windows\System\rrYTeQr.exe
  2⤵
  PID:4940
- C:\Windows\System\aXOrNWq.exe
  C:\Windows\System\aXOrNWq.exe
  2⤵
  PID:4960
- C:\Windows\System\oqyCcxr.exe
  C:\Windows\System\oqyCcxr.exe
  2⤵
  PID:4988
- C:\Windows\System\lWSERVs.exe
  C:\Windows\System\lWSERVs.exe
  2⤵
  PID:5060
- C:\Windows\System\VqDUkll.exe
  C:\Windows\System\VqDUkll.exe
  2⤵
  PID:5088
- C:\Windows\System\ndwSpkO.exe
  C:\Windows\System\ndwSpkO.exe
  2⤵
  PID:3476
- C:\Windows\System\FUpbclb.exe
  C:\Windows\System\FUpbclb.exe
  2⤵
  PID:3656
- C:\Windows\System\NskPPVC.exe
  C:\Windows\System\NskPPVC.exe
  2⤵
  PID:3636
- C:\Windows\System\QhqutWU.exe
  C:\Windows\System\QhqutWU.exe
  2⤵
  PID:3836
- C:\Windows\System\hjgPNxp.exe
  C:\Windows\System\hjgPNxp.exe
  2⤵
  PID:3932
- C:\Windows\System\OHcnhIe.exe
  C:\Windows\System\OHcnhIe.exe
  2⤵
  PID:4012
- C:\Windows\System\aCkbpkG.exe
  C:\Windows\System\aCkbpkG.exe
  2⤵
  PID:3212
- C:\Windows\System\EeSnTHn.exe
  C:\Windows\System\EeSnTHn.exe
  2⤵
  PID:4140
- C:\Windows\System\pLiQEXV.exe
  C:\Windows\System\pLiQEXV.exe
  2⤵
  PID:4156
- C:\Windows\System\BLjuDEI.exe
  C:\Windows\System\BLjuDEI.exe
  2⤵
  PID:4220
- C:\Windows\System\WLvFLmk.exe
  C:\Windows\System\WLvFLmk.exe
  2⤵
  PID:4240
- C:\Windows\System\TqcTipJ.exe
  C:\Windows\System\TqcTipJ.exe
  2⤵
  PID:4316
- C:\Windows\System\cMNgIZM.exe
  C:\Windows\System\cMNgIZM.exe
  2⤵
  PID:2544
- C:\Windows\System\PHojwDT.exe
  C:\Windows\System\PHojwDT.exe
  2⤵
  PID:596
- C:\Windows\System\MaUIVqs.exe
  C:\Windows\System\MaUIVqs.exe
  2⤵
  PID:2364
- C:\Windows\System\WdOICiM.exe
  C:\Windows\System\WdOICiM.exe
  2⤵
  PID:2780
- C:\Windows\System\VyDgxSm.exe
  C:\Windows\System\VyDgxSm.exe
  2⤵
  PID:2588
- C:\Windows\System\EJVQCAg.exe
  C:\Windows\System\EJVQCAg.exe
  2⤵
  PID:2872
- C:\Windows\System\GuodtZU.exe
  C:\Windows\System\GuodtZU.exe
  2⤵
  PID:2788
- C:\Windows\System\kQxKGEa.exe
  C:\Windows\System\kQxKGEa.exe
  2⤵
  PID:876
- C:\Windows\System\HCcPQSJ.exe
  C:\Windows\System\HCcPQSJ.exe
  2⤵
  PID:2188
- C:\Windows\System\zqdwkMw.exe
  C:\Windows\System\zqdwkMw.exe
  2⤵
  PID:1720
- C:\Windows\System\QshqgHQ.exe
  C:\Windows\System\QshqgHQ.exe
  2⤵
  PID:4424
- C:\Windows\System\sxbLEQq.exe
  C:\Windows\System\sxbLEQq.exe
  2⤵
  PID:2784
- C:\Windows\System\ONgBUMS.exe
  C:\Windows\System\ONgBUMS.exe
  2⤵
  PID:4400
- C:\Windows\System\uHNzYaR.exe
  C:\Windows\System\uHNzYaR.exe
  2⤵
  PID:2748
- C:\Windows\System\SbxrjIl.exe
  C:\Windows\System\SbxrjIl.exe
  2⤵
  PID:1920
- C:\Windows\System\hMdLgev.exe
  C:\Windows\System\hMdLgev.exe
  2⤵
  PID:4476
- C:\Windows\System\bdJpDZu.exe
  C:\Windows\System\bdJpDZu.exe
  2⤵
  PID:4556
- C:\Windows\System\qOeiDiV.exe
  C:\Windows\System\qOeiDiV.exe
  2⤵
  PID:4596
- C:\Windows\System\XwmaqdX.exe
  C:\Windows\System\XwmaqdX.exe
  2⤵
  PID:4644
- C:\Windows\System\UHLLYyN.exe
  C:\Windows\System\UHLLYyN.exe
  2⤵
  PID:4744
- C:\Windows\System\RVmgyvH.exe
  C:\Windows\System\RVmgyvH.exe
  2⤵
  PID:4880
- C:\Windows\System\IqypByT.exe
  C:\Windows\System\IqypByT.exe
  2⤵
  PID:5000
- C:\Windows\System\pSJkVje.exe
  C:\Windows\System\pSJkVje.exe
  2⤵
  PID:5028
- C:\Windows\System\mKfelCj.exe
  C:\Windows\System\mKfelCj.exe
  2⤵
  PID:4516
- C:\Windows\System\EXTcGol.exe
  C:\Windows\System\EXTcGol.exe
  2⤵
  PID:3472
- C:\Windows\System\CWplKPR.exe
  C:\Windows\System\CWplKPR.exe
  2⤵
  PID:4904
- C:\Windows\System\MIVkEXi.exe
  C:\Windows\System\MIVkEXi.exe
  2⤵
  PID:4780
- C:\Windows\System\OkXXtQd.exe
  C:\Windows\System\OkXXtQd.exe
  2⤵
  PID:3956
- C:\Windows\System\JbVOdra.exe
  C:\Windows\System\JbVOdra.exe
  2⤵
  PID:112
- C:\Windows\System\KClfooh.exe
  C:\Windows\System\KClfooh.exe
  2⤵
  PID:2384
- C:\Windows\System\ZUhIYPP.exe
  C:\Windows\System\ZUhIYPP.exe
  2⤵
  PID:2616
- C:\Windows\System\nzgXZXW.exe
  C:\Windows\System\nzgXZXW.exe
  2⤵
  PID:2692
- C:\Windows\System\OiNXcur.exe
  C:\Windows\System\OiNXcur.exe
  2⤵
  PID:4176
- C:\Windows\System\XAyRqEp.exe
  C:\Windows\System\XAyRqEp.exe
  2⤵
  PID:2696
- C:\Windows\System\UZouxvN.exe
  C:\Windows\System\UZouxvN.exe
  2⤵
  PID:992
- C:\Windows\System\ZRwYpKR.exe
  C:\Windows\System\ZRwYpKR.exe
  2⤵
  PID:1928
- C:\Windows\System\wWIZLJE.exe
  C:\Windows\System\wWIZLJE.exe
  2⤵
  PID:2036
- C:\Windows\System\HkzibgH.exe
  C:\Windows\System\HkzibgH.exe
  2⤵
  PID:1952
- C:\Windows\System\fbqKUhz.exe
  C:\Windows\System\fbqKUhz.exe
  2⤵
  PID:2420
- C:\Windows\System\YcFEozW.exe
  C:\Windows\System\YcFEozW.exe
  2⤵
  PID:2328
- C:\Windows\System\cATsezB.exe
  C:\Windows\System\cATsezB.exe
  2⤵
  PID:5020
- C:\Windows\System\ZXrZPxg.exe
  C:\Windows\System\ZXrZPxg.exe
  2⤵
  PID:4868
- C:\Windows\System\bOKlNox.exe
  C:\Windows\System\bOKlNox.exe
  2⤵
  PID:1884
- C:\Windows\System\MaZTcFj.exe
  C:\Windows\System\MaZTcFj.exe
  2⤵
  PID:4504
- C:\Windows\System\JCRukQW.exe
  C:\Windows\System\JCRukQW.exe
  2⤵
  PID:4624
- C:\Windows\System\UrqXyOT.exe
  C:\Windows\System\UrqXyOT.exe
  2⤵
  PID:5040
- C:\Windows\System\vXCSLDN.exe
  C:\Windows\System\vXCSLDN.exe
  2⤵
  PID:4720
- C:\Windows\System\LPovmNj.exe
  C:\Windows\System\LPovmNj.exe
  2⤵
  PID:3392
- C:\Windows\System\sIPGuCF.exe
  C:\Windows\System\sIPGuCF.exe
  2⤵
  PID:4180
- C:\Windows\System\wLOhbqn.exe
  C:\Windows\System\wLOhbqn.exe
  2⤵
  PID:4908
- C:\Windows\System\xPosrua.exe
  C:\Windows\System\xPosrua.exe
  2⤵
  PID:3672
- C:\Windows\System\fwhoPNk.exe
  C:\Windows\System\fwhoPNk.exe
  2⤵
  PID:1132
- C:\Windows\System\WPzlvzj.exe
  C:\Windows\System\WPzlvzj.exe
  2⤵
  PID:4336
- C:\Windows\System\hQAbcFM.exe
  C:\Windows\System\hQAbcFM.exe
  2⤵
  PID:2664
- C:\Windows\System\OhjQKlz.exe
  C:\Windows\System\OhjQKlz.exe
  2⤵
  PID:1876
- C:\Windows\System\BOfguzO.exe
  C:\Windows\System\BOfguzO.exe
  2⤵
  PID:5048
- C:\Windows\System\oNZJgUZ.exe
  C:\Windows\System\oNZJgUZ.exe
  2⤵
  PID:2240
- C:\Windows\System\tkoMLQQ.exe
  C:\Windows\System\tkoMLQQ.exe
  2⤵
  PID:4544
- C:\Windows\System\AEwYaFQ.exe
  C:\Windows\System\AEwYaFQ.exe
  2⤵
  PID:3556
- C:\Windows\System\YCPxshr.exe
  C:\Windows\System\YCPxshr.exe
  2⤵
  PID:4804
- C:\Windows\System\EVwkGBv.exe
  C:\Windows\System\EVwkGBv.exe
  2⤵
  PID:4116
- C:\Windows\System\EGMmybv.exe
  C:\Windows\System\EGMmybv.exe
  2⤵
  PID:5128
- C:\Windows\System\YmgXLIm.exe
  C:\Windows\System\YmgXLIm.exe
  2⤵
  PID:5192
- C:\Windows\System\swcYzUg.exe
  C:\Windows\System\swcYzUg.exe
  2⤵
  PID:5224
- C:\Windows\System\zrumvUw.exe
  C:\Windows\System\zrumvUw.exe
  2⤵
  PID:5240
- C:\Windows\System\BfKXyeB.exe
  C:\Windows\System\BfKXyeB.exe
  2⤵
  PID:5256
- C:\Windows\System\yXwTmWA.exe
  C:\Windows\System\yXwTmWA.exe
  2⤵
  PID:5272
- C:\Windows\System\UeKLhxm.exe
  C:\Windows\System\UeKLhxm.exe
  2⤵
  PID:5288
- C:\Windows\System\VbKnEDP.exe
  C:\Windows\System\VbKnEDP.exe
  2⤵
  PID:5308
- C:\Windows\System\ipddMuK.exe
  C:\Windows\System\ipddMuK.exe
  2⤵
  PID:5328
- C:\Windows\System\cRHxBha.exe
  C:\Windows\System\cRHxBha.exe
  2⤵
  PID:5344
- C:\Windows\System\bJPypMh.exe
  C:\Windows\System\bJPypMh.exe
  2⤵
  PID:5360
- C:\Windows\System\VGJWJyH.exe
  C:\Windows\System\VGJWJyH.exe
  2⤵
  PID:5408
- C:\Windows\System\wtlSERk.exe
  C:\Windows\System\wtlSERk.exe
  2⤵
  PID:5432
- C:\Windows\System\TOKRGHr.exe
  C:\Windows\System\TOKRGHr.exe
  2⤵
  PID:5448
- C:\Windows\System\pzkYSGi.exe
  C:\Windows\System\pzkYSGi.exe
  2⤵
  PID:5464
- C:\Windows\System\jXcTbIB.exe
  C:\Windows\System\jXcTbIB.exe
  2⤵
  PID:5480
- C:\Windows\System\xlKQsqc.exe
  C:\Windows\System\xlKQsqc.exe
  2⤵
  PID:5496
- C:\Windows\System\zmdPPTD.exe
  C:\Windows\System\zmdPPTD.exe
  2⤵
  PID:5512
- C:\Windows\System\cvSbLMh.exe
  C:\Windows\System\cvSbLMh.exe
  2⤵
  PID:5528
- C:\Windows\System\hLtpBCU.exe
  C:\Windows\System\hLtpBCU.exe
  2⤵
  PID:5544
- C:\Windows\System\NAoujNN.exe
  C:\Windows\System\NAoujNN.exe
  2⤵
  PID:5564
- C:\Windows\System\usSuEjQ.exe
  C:\Windows\System\usSuEjQ.exe
  2⤵
  PID:5584
- C:\Windows\System\Fwlutqd.exe
  C:\Windows\System\Fwlutqd.exe
  2⤵
  PID:5600
- C:\Windows\System\uTeOjLW.exe
  C:\Windows\System\uTeOjLW.exe
  2⤵
  PID:5616
- C:\Windows\System\JLEDfls.exe
  C:\Windows\System\JLEDfls.exe
  2⤵
  PID:5632
- C:\Windows\System\hHRatxH.exe
  C:\Windows\System\hHRatxH.exe
  2⤵
  PID:5648
- C:\Windows\System\IsPOTOd.exe
  C:\Windows\System\IsPOTOd.exe
  2⤵
  PID:5664
- C:\Windows\System\JfPGjfC.exe
  C:\Windows\System\JfPGjfC.exe
  2⤵
  PID:5680
- C:\Windows\System\DuhBPDx.exe
  C:\Windows\System\DuhBPDx.exe
  2⤵
  PID:5696
- C:\Windows\System\SIJHDjA.exe
  C:\Windows\System\SIJHDjA.exe
  2⤵
  PID:5712
- C:\Windows\System\qZGSbEh.exe
  C:\Windows\System\qZGSbEh.exe
  2⤵
  PID:5744
- C:\Windows\System\IvnIEUE.exe
  C:\Windows\System\IvnIEUE.exe
  2⤵
  PID:5764
- C:\Windows\System\gtYbTHu.exe
  C:\Windows\System\gtYbTHu.exe
  2⤵
  PID:5800
- C:\Windows\System\YhWxSYe.exe
  C:\Windows\System\YhWxSYe.exe
  2⤵
  PID:5836
- C:\Windows\System\blBnaCn.exe
  C:\Windows\System\blBnaCn.exe
  2⤵
  PID:5856
- C:\Windows\System\tmVKQbS.exe
  C:\Windows\System\tmVKQbS.exe
  2⤵
  PID:5896
- C:\Windows\System\ypaSthT.exe
  C:\Windows\System\ypaSthT.exe
  2⤵
  PID:5912
- C:\Windows\System\JudxmEj.exe
  C:\Windows\System\JudxmEj.exe
  2⤵
  PID:5928
- C:\Windows\System\JNZZzAA.exe
  C:\Windows\System\JNZZzAA.exe
  2⤵
  PID:5944
- C:\Windows\System\fHYMWGr.exe
  C:\Windows\System\fHYMWGr.exe
  2⤵
  PID:5960
- C:\Windows\System\FFKyXqC.exe
  C:\Windows\System\FFKyXqC.exe
  2⤵
  PID:5980
- C:\Windows\System\xyynlXF.exe
  C:\Windows\System\xyynlXF.exe
  2⤵
  PID:5996
- C:\Windows\System\AGKGwNd.exe
  C:\Windows\System\AGKGwNd.exe
  2⤵
  PID:6012
- C:\Windows\System\HCJCOHM.exe
  C:\Windows\System\HCJCOHM.exe
  2⤵
  PID:6028
- C:\Windows\System\PRQaqNJ.exe
  C:\Windows\System\PRQaqNJ.exe
  2⤵
  PID:6044
- C:\Windows\System\zZrXtuF.exe
  C:\Windows\System\zZrXtuF.exe
  2⤵
  PID:6060
- C:\Windows\System\gBgercD.exe
  C:\Windows\System\gBgercD.exe
  2⤵
  PID:6104
- C:\Windows\System\eiIqxfu.exe
  C:\Windows\System\eiIqxfu.exe
  2⤵
  PID:6124
- C:\Windows\System\isRQOro.exe
  C:\Windows\System\isRQOro.exe
  2⤵
  PID:6140
- C:\Windows\System\mFyGiik.exe
  C:\Windows\System\mFyGiik.exe
  2⤵
  PID:3796
- C:\Windows\System\VhTWxrO.exe
  C:\Windows\System\VhTWxrO.exe
  2⤵
  PID:1968
- C:\Windows\System\eLGTpkD.exe
  C:\Windows\System\eLGTpkD.exe
  2⤵
  PID:4928
- C:\Windows\System\zhqePaa.exe
  C:\Windows\System\zhqePaa.exe
  2⤵
  PID:2168
- C:\Windows\System\KLCcNwI.exe
  C:\Windows\System\KLCcNwI.exe
  2⤵
  PID:2428
- C:\Windows\System\ZLXaPUB.exe
  C:\Windows\System\ZLXaPUB.exe
  2⤵
  PID:3748
- C:\Windows\System\LVsEAjw.exe
  C:\Windows\System\LVsEAjw.exe
  2⤵
  PID:1620
- C:\Windows\System\bbqiErz.exe
  C:\Windows\System\bbqiErz.exe
  2⤵
  PID:4196
- C:\Windows\System\icJUCZP.exe
  C:\Windows\System\icJUCZP.exe
  2⤵
  PID:5180
- C:\Windows\System\YWSKWOs.exe
  C:\Windows\System\YWSKWOs.exe
  2⤵
  PID:1616
- C:\Windows\System\PPeaMmk.exe
  C:\Windows\System\PPeaMmk.exe
  2⤵
  PID:1252
- C:\Windows\System\rScIGoJ.exe
  C:\Windows\System\rScIGoJ.exe
  2⤵
  PID:5148
- C:\Windows\System\fYIeXUC.exe
  C:\Windows\System\fYIeXUC.exe
  2⤵
  PID:5164
- C:\Windows\System\AQkVSKi.exe
  C:\Windows\System\AQkVSKi.exe
  2⤵
  PID:5232
- C:\Windows\System\JDSkLlS.exe
  C:\Windows\System\JDSkLlS.exe
  2⤵
  PID:5296
- C:\Windows\System\VcVttmi.exe
  C:\Windows\System\VcVttmi.exe
  2⤵
  PID:5216
- C:\Windows\System\VCJbMcn.exe
  C:\Windows\System\VCJbMcn.exe
  2⤵
  PID:5404
- C:\Windows\System\etvhTnE.exe
  C:\Windows\System\etvhTnE.exe
  2⤵
  PID:5428
- C:\Windows\System\RvpnbDC.exe
  C:\Windows\System\RvpnbDC.exe
  2⤵
  PID:5540
- C:\Windows\System\coYZiQS.exe
  C:\Windows\System\coYZiQS.exe
  2⤵
  PID:5672
- C:\Windows\System\KorKLwk.exe
  C:\Windows\System\KorKLwk.exe
  2⤵
  PID:5488
- C:\Windows\System\WaIfqjX.exe
  C:\Windows\System\WaIfqjX.exe
  2⤵
  PID:5560
- C:\Windows\System\qvjvWUk.exe
  C:\Windows\System\qvjvWUk.exe
  2⤵
  PID:5628
- C:\Windows\System\NEDbKCq.exe
  C:\Windows\System\NEDbKCq.exe
  2⤵
  PID:5720
- C:\Windows\System\JUuIegz.exe
  C:\Windows\System\JUuIegz.exe
  2⤵
  PID:5736
- C:\Windows\System\bcXeDtQ.exe
  C:\Windows\System\bcXeDtQ.exe
  2⤵
  PID:5780
- C:\Windows\System\xHLTsVA.exe
  C:\Windows\System\xHLTsVA.exe
  2⤵
  PID:5752
- C:\Windows\System\sizmtVr.exe
  C:\Windows\System\sizmtVr.exe
  2⤵
  PID:5824
- C:\Windows\System\QqWdVDP.exe
  C:\Windows\System\QqWdVDP.exe
  2⤵
  PID:1492
- C:\Windows\System\NJiQOXV.exe
  C:\Windows\System\NJiQOXV.exe
  2⤵
  PID:5852
- C:\Windows\System\hNZNSaV.exe
  C:\Windows\System\hNZNSaV.exe
  2⤵
  PID:5908
- C:\Windows\System\fROYcjv.exe
  C:\Windows\System\fROYcjv.exe
  2⤵
  PID:5968
- C:\Windows\System\kaBqIyT.exe
  C:\Windows\System\kaBqIyT.exe
  2⤵
  PID:6040
- C:\Windows\System\JhLqrrX.exe
  C:\Windows\System\JhLqrrX.exe
  2⤵
  PID:5892
- C:\Windows\System\qaJLxaN.exe
  C:\Windows\System\qaJLxaN.exe
  2⤵
  PID:5956
- C:\Windows\System\RyWgIui.exe
  C:\Windows\System\RyWgIui.exe
  2⤵
  PID:6024
- C:\Windows\System\msoemmI.exe
  C:\Windows\System\msoemmI.exe
  2⤵
  PID:6120
- C:\Windows\System\AJbHpgP.exe
  C:\Windows\System\AJbHpgP.exe
  2⤵
  PID:4684
- C:\Windows\System\SgBtkwp.exe
  C:\Windows\System\SgBtkwp.exe
  2⤵
  PID:2968
- C:\Windows\System\TAFhIEz.exe
  C:\Windows\System\TAFhIEz.exe
  2⤵
  PID:6088
- C:\Windows\System\pieqlNG.exe
  C:\Windows\System\pieqlNG.exe
  2⤵
  PID:6072
- C:\Windows\System\cGOKqfw.exe
  C:\Windows\System\cGOKqfw.exe
  2⤵
  PID:5188
- C:\Windows\System\uhdtPNa.exe
  C:\Windows\System\uhdtPNa.exe
  2⤵
  PID:5336
- C:\Windows\System\PGpwRSE.exe
  C:\Windows\System\PGpwRSE.exe
  2⤵
  PID:5008
- C:\Windows\System\nyAXhED.exe
  C:\Windows\System\nyAXhED.exe
  2⤵
  PID:4628
- C:\Windows\System\lHyLWzH.exe
  C:\Windows\System\lHyLWzH.exe
  2⤵
  PID:5264
- C:\Windows\System\KSAGLqU.exe
  C:\Windows\System\KSAGLqU.exe
  2⤵
  PID:5316
- C:\Windows\System\PHSumcT.exe
  C:\Windows\System\PHSumcT.exe
  2⤵
  PID:5416
- C:\Windows\System\vYsoqos.exe
  C:\Windows\System\vYsoqos.exe
  2⤵
  PID:5380
- C:\Windows\System\MFBQqbx.exe
  C:\Windows\System\MFBQqbx.exe
  2⤵
  PID:5396
- C:\Windows\System\TSiodTs.exe
  C:\Windows\System\TSiodTs.exe
  2⤵
  PID:5580
- C:\Windows\System\IDqdJsz.exe
  C:\Windows\System\IDqdJsz.exe
  2⤵
  PID:5640
- C:\Windows\System\cCOMOaK.exe
  C:\Windows\System\cCOMOaK.exe
  2⤵
  PID:5556
- C:\Windows\System\kvzNfiy.exe
  C:\Windows\System\kvzNfiy.exe
  2⤵
  PID:5692
- C:\Windows\System\nDSAcsf.exe
  C:\Windows\System\nDSAcsf.exe
  2⤵
  PID:5728
- C:\Windows\System\thsVqwq.exe
  C:\Windows\System\thsVqwq.exe
  2⤵
  PID:5808
- C:\Windows\System\iaobjXB.exe
  C:\Windows\System\iaobjXB.exe
  2⤵
  PID:5792
- C:\Windows\System\VvNIFpV.exe
  C:\Windows\System\VvNIFpV.exe
  2⤵
  PID:5832
- C:\Windows\System\KWcRwdO.exe
  C:\Windows\System\KWcRwdO.exe
  2⤵
  PID:5888
- C:\Windows\System\tISaWxZ.exe
  C:\Windows\System\tISaWxZ.exe
  2⤵
  PID:4456
- C:\Windows\System\xDuQFpl.exe
  C:\Windows\System\xDuQFpl.exe
  2⤵
  PID:4944
- C:\Windows\System\tEoOnjG.exe
  C:\Windows\System\tEoOnjG.exe
  2⤵
  PID:4264
- C:\Windows\System\BQVuiou.exe
  C:\Windows\System\BQVuiou.exe
  2⤵
  PID:5156
- C:\Windows\System\GZGxeQp.exe
  C:\Windows\System\GZGxeQp.exe
  2⤵
  PID:5952
- C:\Windows\System\dPTjyFq.exe
  C:\Windows\System\dPTjyFq.exe
  2⤵
  PID:6096
- C:\Windows\System\ZXhSUfS.exe
  C:\Windows\System\ZXhSUfS.exe
  2⤵
  PID:5176
- C:\Windows\System\zKomqyL.exe
  C:\Windows\System\zKomqyL.exe
  2⤵
  PID:5352
- C:\Windows\System\ekGFFRT.exe
  C:\Windows\System\ekGFFRT.exe
  2⤵
  PID:5268
- C:\Windows\System\tHZIygn.exe
  C:\Windows\System\tHZIygn.exe
  2⤵
  PID:5444
- C:\Windows\System\nmKSVWg.exe
  C:\Windows\System\nmKSVWg.exe
  2⤵
  PID:5520
- C:\Windows\System\tFIngkO.exe
  C:\Windows\System\tFIngkO.exe
  2⤵
  PID:5876
- C:\Windows\System\ipWyTxG.exe
  C:\Windows\System\ipWyTxG.exe
  2⤵
  PID:5884
- C:\Windows\System\aDBdwDC.exe
  C:\Windows\System\aDBdwDC.exe
  2⤵
  PID:5340
- C:\Windows\System\cAFkyiA.exe
  C:\Windows\System\cAFkyiA.exe
  2⤵
  PID:1716
- C:\Windows\System\RTIYuHt.exe
  C:\Windows\System\RTIYuHt.exe
  2⤵
  PID:6152
- C:\Windows\System\hmZODSp.exe
  C:\Windows\System\hmZODSp.exe
  2⤵
  PID:6172
- C:\Windows\System\IIaEXTa.exe
  C:\Windows\System\IIaEXTa.exe
  2⤵
  PID:6188
- C:\Windows\System\PvWDSCD.exe
  C:\Windows\System\PvWDSCD.exe
  2⤵
  PID:6216
- C:\Windows\System\rTVQslS.exe
  C:\Windows\System\rTVQslS.exe
  2⤵
  PID:6236
- C:\Windows\System\XxjlQTl.exe
  C:\Windows\System\XxjlQTl.exe
  2⤵
  PID:6252
- C:\Windows\System\unPBeHe.exe
  C:\Windows\System\unPBeHe.exe
  2⤵
  PID:6344
- C:\Windows\System\iqkJbEk.exe
  C:\Windows\System\iqkJbEk.exe
  2⤵
  PID:6360
- C:\Windows\System\vzIRFAT.exe
  C:\Windows\System\vzIRFAT.exe
  2⤵
  PID:6376
- C:\Windows\System\qnWaLVS.exe
  C:\Windows\System\qnWaLVS.exe
  2⤵
  PID:6392
- C:\Windows\System\vMpRXvt.exe
  C:\Windows\System\vMpRXvt.exe
  2⤵
  PID:6408
- C:\Windows\System\LCOSRMK.exe
  C:\Windows\System\LCOSRMK.exe
  2⤵
  PID:6424
- C:\Windows\System\diPPTrG.exe
  C:\Windows\System\diPPTrG.exe
  2⤵
  PID:6440
- C:\Windows\System\OGgBzba.exe
  C:\Windows\System\OGgBzba.exe
  2⤵
  PID:6456
- C:\Windows\System\StFRdmC.exe
  C:\Windows\System\StFRdmC.exe
  2⤵
  PID:6476
- C:\Windows\System\Zjumhvd.exe
  C:\Windows\System\Zjumhvd.exe
  2⤵
  PID:6492
- C:\Windows\System\WBmSwHX.exe
  C:\Windows\System\WBmSwHX.exe
  2⤵
  PID:6512
- C:\Windows\System\bjpZAMI.exe
  C:\Windows\System\bjpZAMI.exe
  2⤵
  PID:6532
- C:\Windows\System\TSpBHpr.exe
  C:\Windows\System\TSpBHpr.exe
  2⤵
  PID:6548
- C:\Windows\System\OyklnYP.exe
  C:\Windows\System\OyklnYP.exe
  2⤵
  PID:6564
- C:\Windows\System\shKLBpq.exe
  C:\Windows\System\shKLBpq.exe
  2⤵
  PID:6608
- C:\Windows\System\GpBhrOP.exe
  C:\Windows\System\GpBhrOP.exe
  2⤵
  PID:6628
- C:\Windows\System\pQGDrVG.exe
  C:\Windows\System\pQGDrVG.exe
  2⤵
  PID:6644
- C:\Windows\System\QmBGRnB.exe
  C:\Windows\System\QmBGRnB.exe
  2⤵
  PID:6660
- C:\Windows\System\barLTxF.exe
  C:\Windows\System\barLTxF.exe
  2⤵
  PID:6676
- C:\Windows\System\UehoenL.exe
  C:\Windows\System\UehoenL.exe
  2⤵
  PID:6692
- C:\Windows\System\XPZKLKO.exe
  C:\Windows\System\XPZKLKO.exe
  2⤵
  PID:6708
- C:\Windows\System\ovODOyM.exe
  C:\Windows\System\ovODOyM.exe
  2⤵
  PID:6736
- C:\Windows\System\bYqQdxt.exe
  C:\Windows\System\bYqQdxt.exe
  2⤵
  PID:6756
- C:\Windows\System\sEhalyW.exe
  C:\Windows\System\sEhalyW.exe
  2⤵
  PID:6772
- C:\Windows\System\JiUgkhE.exe
  C:\Windows\System\JiUgkhE.exe
  2⤵
  PID:6792
- C:\Windows\System\dOPrAar.exe
  C:\Windows\System\dOPrAar.exe
  2⤵
  PID:6852
- C:\Windows\System\uvrPPSd.exe
  C:\Windows\System\uvrPPSd.exe
  2⤵
  PID:6868
- C:\Windows\System\mAzVIoQ.exe
  C:\Windows\System\mAzVIoQ.exe
  2⤵
  PID:6888
- C:\Windows\System\tjJbjmL.exe
  C:\Windows\System\tjJbjmL.exe
  2⤵
  PID:6904
- C:\Windows\System\FnaKHtL.exe
  C:\Windows\System\FnaKHtL.exe
  2⤵
  PID:6920
- C:\Windows\System\JMDsCdQ.exe
  C:\Windows\System\JMDsCdQ.exe
  2⤵
  PID:6936
- C:\Windows\System\ZzSmEtF.exe
  C:\Windows\System\ZzSmEtF.exe
  2⤵
  PID:6952
- C:\Windows\System\RgapYzp.exe
  C:\Windows\System\RgapYzp.exe
  2⤵
  PID:6968
- C:\Windows\System\bdYVCko.exe
  C:\Windows\System\bdYVCko.exe
  2⤵
  PID:6984
- C:\Windows\System\VrfjcaY.exe
  C:\Windows\System\VrfjcaY.exe
  2⤵
  PID:7004
- C:\Windows\System\JSXjjeu.exe
  C:\Windows\System\JSXjjeu.exe
  2⤵
  PID:7032
- C:\Windows\System\XaYEqRe.exe
  C:\Windows\System\XaYEqRe.exe
  2⤵
  PID:7048
- C:\Windows\System\QihTkDP.exe
  C:\Windows\System\QihTkDP.exe
  2⤵
  PID:7068
- C:\Windows\System\UhoQhzT.exe
  C:\Windows\System\UhoQhzT.exe
  2⤵
  PID:7108
- C:\Windows\System\jBkNxHG.exe
  C:\Windows\System\jBkNxHG.exe
  2⤵
  PID:7124
- C:\Windows\System\LgONbfg.exe
  C:\Windows\System\LgONbfg.exe
  2⤵
  PID:7140
- C:\Windows\System\UrMqZda.exe
  C:\Windows\System\UrMqZda.exe
  2⤵
  PID:7156
- C:\Windows\System\ELXEfzy.exe
  C:\Windows\System\ELXEfzy.exe
  2⤵
  PID:5252
- C:\Windows\System\vgQfsTc.exe
  C:\Windows\System\vgQfsTc.exe
  2⤵
  PID:5848
- C:\Windows\System\EsQOBNK.exe
  C:\Windows\System\EsQOBNK.exe
  2⤵
  PID:5284
- C:\Windows\System\kJFNyxH.exe
  C:\Windows\System\kJFNyxH.exe
  2⤵
  PID:6224
- C:\Windows\System\eSRbvFc.exe
  C:\Windows\System\eSRbvFc.exe
  2⤵
  PID:6276
- C:\Windows\System\ksueRLs.exe
  C:\Windows\System\ksueRLs.exe
  2⤵
  PID:6292
- C:\Windows\System\vAoXQKm.exe
  C:\Windows\System\vAoXQKm.exe
  2⤵
  PID:6312
- C:\Windows\System\WEdqnnv.exe
  C:\Windows\System\WEdqnnv.exe
  2⤵
  PID:5456
- C:\Windows\System\QXkLQPe.exe
  C:\Windows\System\QXkLQPe.exe
  2⤵
  PID:5372
- C:\Windows\System\tBjGEXa.exe
  C:\Windows\System\tBjGEXa.exe
  2⤵
  PID:3528
- C:\Windows\System\FxsoLsH.exe
  C:\Windows\System\FxsoLsH.exe
  2⤵
  PID:6008
- C:\Windows\System\MHFNBYP.exe
  C:\Windows\System\MHFNBYP.exe
  2⤵
  PID:5172
- C:\Windows\System\ZpXORXc.exe
  C:\Windows\System\ZpXORXc.exe
  2⤵
  PID:3088
- C:\Windows\System\zjBOKdF.exe
  C:\Windows\System\zjBOKdF.exe
  2⤵
  PID:6164
- C:\Windows\System\mrhEDEA.exe
  C:\Windows\System\mrhEDEA.exe
  2⤵
  PID:6208
- C:\Windows\System\nKdeCLP.exe
  C:\Windows\System\nKdeCLP.exe
  2⤵
  PID:6336
- C:\Windows\System\rkqhOkB.exe
  C:\Windows\System\rkqhOkB.exe
  2⤵
  PID:6372
- C:\Windows\System\aqWqtHn.exe
  C:\Windows\System\aqWqtHn.exe
  2⤵
  PID:6352
- C:\Windows\System\XbWWuUq.exe
  C:\Windows\System\XbWWuUq.exe
  2⤵
  PID:6420
- C:\Windows\System\enZIAyb.exe
  C:\Windows\System\enZIAyb.exe
  2⤵
  PID:6524
- C:\Windows\System\jTQpBfe.exe
  C:\Windows\System\jTQpBfe.exe
  2⤵
  PID:6624
- C:\Windows\System\TtVaCJi.exe
  C:\Windows\System\TtVaCJi.exe
  2⤵
  PID:6500
- C:\Windows\System\aNhxnOg.exe
  C:\Windows\System\aNhxnOg.exe
  2⤵
  PID:6544
- C:\Windows\System\kRkCzux.exe
  C:\Windows\System\kRkCzux.exe
  2⤵
  PID:6584
- C:\Windows\System\ZJXSVRq.exe
  C:\Windows\System\ZJXSVRq.exe
  2⤵
  PID:6604
- C:\Windows\System\HbKYqpg.exe
  C:\Windows\System\HbKYqpg.exe
  2⤵
  PID:6672
- C:\Windows\System\ynRcHSf.exe
  C:\Windows\System\ynRcHSf.exe
  2⤵
  PID:6748
- C:\Windows\System\ZTsvdMY.exe
  C:\Windows\System\ZTsvdMY.exe
  2⤵
  PID:6684
- C:\Windows\System\VRFLlWp.exe
  C:\Windows\System\VRFLlWp.exe
  2⤵
  PID:6688
- C:\Windows\System\ELcqUVP.exe
  C:\Windows\System\ELcqUVP.exe
  2⤵
  PID:6768
- C:\Windows\System\jXtYODI.exe
  C:\Windows\System\jXtYODI.exe
  2⤵
  PID:6804
- C:\Windows\System\BQHmXmG.exe
  C:\Windows\System\BQHmXmG.exe
  2⤵
  PID:6960
- C:\Windows\System\mUSDqhQ.exe
  C:\Windows\System\mUSDqhQ.exe
  2⤵
  PID:6876
- C:\Windows\System\jaXppyc.exe
  C:\Windows\System\jaXppyc.exe
  2⤵
  PID:6916
- C:\Windows\System\XFqRoXZ.exe
  C:\Windows\System\XFqRoXZ.exe
  2⤵
  PID:7076
- C:\Windows\System\lzHtibo.exe
  C:\Windows\System\lzHtibo.exe
  2⤵
  PID:7096
- C:\Windows\System\OFplcVH.exe
  C:\Windows\System\OFplcVH.exe
  2⤵
  PID:7012
- C:\Windows\System\qZGzaBH.exe
  C:\Windows\System\qZGzaBH.exe
  2⤵
  PID:7056
- C:\Windows\System\JLsxgKA.exe
  C:\Windows\System\JLsxgKA.exe
  2⤵
  PID:7164
- C:\Windows\System\obvmwUt.exe
  C:\Windows\System\obvmwUt.exe
  2⤵
  PID:6260
- C:\Windows\System\ggcNmkj.exe
  C:\Windows\System\ggcNmkj.exe
  2⤵
  PID:7148
- C:\Windows\System\mLJCCby.exe
  C:\Windows\System\mLJCCby.exe
  2⤵
  PID:5624
- C:\Windows\System\SJNyMzY.exe
  C:\Windows\System\SJNyMzY.exe
  2⤵
  PID:6288
- C:\Windows\System\fviMIXs.exe
  C:\Windows\System\fviMIXs.exe
  2⤵
  PID:6196
- C:\Windows\System\yTPnhAu.exe
  C:\Windows\System\yTPnhAu.exe
  2⤵
  PID:5756
- C:\Windows\System\SqLwqwW.exe
  C:\Windows\System\SqLwqwW.exe
  2⤵
  PID:5612
- C:\Windows\System\RXDpUsl.exe
  C:\Windows\System\RXDpUsl.exe
  2⤵
  PID:6200
- C:\Windows\System\oxrrSpz.exe
  C:\Windows\System\oxrrSpz.exe
  2⤵
  PID:5144
- C:\Windows\System\SLpqWuC.exe
  C:\Windows\System\SLpqWuC.exe
  2⤵
  PID:6244
- C:\Windows\System\BTMolJk.exe
  C:\Windows\System\BTMolJk.exe
  2⤵
  PID:6204
- C:\Windows\System\McZDENb.exe
  C:\Windows\System\McZDENb.exe
  2⤵
  PID:6264
- C:\Windows\System\zfXQRqW.exe
  C:\Windows\System\zfXQRqW.exe
  2⤵
  PID:6576
- C:\Windows\System\mJoWpWA.exe
  C:\Windows\System\mJoWpWA.exe
  2⤵
  PID:6784
- C:\Windows\System\TfNDSws.exe
  C:\Windows\System\TfNDSws.exe
  2⤵
  PID:6764
- C:\Windows\System\wVUVvxg.exe
  C:\Windows\System\wVUVvxg.exe
  2⤵
  PID:6540
- C:\Windows\System\rRhWJWk.exe
  C:\Windows\System\rRhWJWk.exe
  2⤵
  PID:6744
- C:\Windows\System\TKlFYAf.exe
  C:\Windows\System\TKlFYAf.exe
  2⤵
  PID:6484
- C:\Windows\System\HmZiDgQ.exe
  C:\Windows\System\HmZiDgQ.exe
  2⤵
  PID:6816
- C:\Windows\System\RxGrquS.exe
  C:\Windows\System\RxGrquS.exe
  2⤵
  PID:6928
- C:\Windows\System\mOMrbCe.exe
  C:\Windows\System\mOMrbCe.exe
  2⤵
  PID:7000
- C:\Windows\System\MrLUivY.exe
  C:\Windows\System\MrLUivY.exe
  2⤵
  PID:7136
- C:\Windows\System\CbfdUwX.exe
  C:\Windows\System\CbfdUwX.exe
  2⤵
  PID:7088
- C:\Windows\System\TSgJhVx.exe
  C:\Windows\System\TSgJhVx.exe
  2⤵
  PID:7028
- C:\Windows\System\AioFsnb.exe
  C:\Windows\System\AioFsnb.exe
  2⤵
  PID:6232
- C:\Windows\System\mVnQkId.exe
  C:\Windows\System\mVnQkId.exe
  2⤵
  PID:6184
- C:\Windows\System\whPHjBJ.exe
  C:\Windows\System\whPHjBJ.exe
  2⤵
  PID:5460
- C:\Windows\System\OUYQETD.exe
  C:\Windows\System\OUYQETD.exe
  2⤵
  PID:5660
- C:\Windows\System\oreuKuD.exe
  C:\Windows\System\oreuKuD.exe
  2⤵
  PID:5140
- C:\Windows\System\QLXjvkB.exe
  C:\Windows\System\QLXjvkB.exe
  2⤵
  PID:6432
- C:\Windows\System\nfwbIPm.exe
  C:\Windows\System\nfwbIPm.exe
  2⤵
  PID:6732
- C:\Windows\System\FtGhrvJ.exe
  C:\Windows\System\FtGhrvJ.exe
  2⤵
  PID:6824
- C:\Windows\System\pnYmptV.exe
  C:\Windows\System\pnYmptV.exe
  2⤵
  PID:6160
- C:\Windows\System\chwmIHs.exe
  C:\Windows\System\chwmIHs.exe
  2⤵
  PID:6520
- C:\Windows\System\XOVhtxV.exe
  C:\Windows\System\XOVhtxV.exe
  2⤵
  PID:6560
- C:\Windows\System\nyFNYGz.exe
  C:\Windows\System\nyFNYGz.exe
  2⤵
  PID:6832
- C:\Windows\System\EaZhGgs.exe
  C:\Windows\System\EaZhGgs.exe
  2⤵
  PID:7044
- C:\Windows\System\ifBNZeb.exe
  C:\Windows\System\ifBNZeb.exe
  2⤵
  PID:7060
- C:\Windows\System\GbbqZKJ.exe
  C:\Windows\System\GbbqZKJ.exe
  2⤵
  PID:6992
- C:\Windows\System\lVlespI.exe
  C:\Windows\System\lVlespI.exe
  2⤵
  PID:5392
- C:\Windows\System\CflYeBc.exe
  C:\Windows\System\CflYeBc.exe
  2⤵
  PID:6472
- C:\Windows\System\pnRkjAQ.exe
  C:\Windows\System\pnRkjAQ.exe
  2⤵
  PID:6284
- C:\Windows\System\vstYFwE.exe
  C:\Windows\System\vstYFwE.exe
  2⤵
  PID:6332
- C:\Windows\System\wZBUexf.exe
  C:\Windows\System\wZBUexf.exe
  2⤵
  PID:6808
- C:\Windows\System\MkgmbBZ.exe
  C:\Windows\System\MkgmbBZ.exe
  2⤵
  PID:7104
- C:\Windows\System\RSFdtSD.exe
  C:\Windows\System\RSFdtSD.exe
  2⤵
  PID:7184
- C:\Windows\System\RtpSIcX.exe
  C:\Windows\System\RtpSIcX.exe
  2⤵
  PID:7200
- C:\Windows\System\qJssxrx.exe
  C:\Windows\System\qJssxrx.exe
  2⤵
  PID:7216
- C:\Windows\System\TYWoiBL.exe
  C:\Windows\System\TYWoiBL.exe
  2⤵
  PID:7232
- C:\Windows\System\LEYFKpB.exe
  C:\Windows\System\LEYFKpB.exe
  2⤵
  PID:7252
- C:\Windows\System\MoyVqMJ.exe
  C:\Windows\System\MoyVqMJ.exe
  2⤵
  PID:7280
- C:\Windows\System\eqgTrne.exe
  C:\Windows\System\eqgTrne.exe
  2⤵
  PID:7300
- C:\Windows\System\pdzWvgt.exe
  C:\Windows\System\pdzWvgt.exe
  2⤵
  PID:7316
- C:\Windows\System\zeOLSPA.exe
  C:\Windows\System\zeOLSPA.exe
  2⤵
  PID:7332
- C:\Windows\System\xTucYcM.exe
  C:\Windows\System\xTucYcM.exe
  2⤵
  PID:7352
- C:\Windows\System\TCCFQnJ.exe
  C:\Windows\System\TCCFQnJ.exe
  2⤵
  PID:7368
- C:\Windows\System\iNfigHn.exe
  C:\Windows\System\iNfigHn.exe
  2⤵
  PID:7392
- C:\Windows\System\JpqKSNt.exe
  C:\Windows\System\JpqKSNt.exe
  2⤵
  PID:7408
- C:\Windows\System\eerMjAy.exe
  C:\Windows\System\eerMjAy.exe
  2⤵
  PID:7428
- C:\Windows\System\dvudRnG.exe
  C:\Windows\System\dvudRnG.exe
  2⤵
  PID:7444
- C:\Windows\System\dZCvrRP.exe
  C:\Windows\System\dZCvrRP.exe
  2⤵
  PID:7460
- C:\Windows\System\FbzgCSl.exe
  C:\Windows\System\FbzgCSl.exe
  2⤵
  PID:7484
- C:\Windows\System\sDiUtlJ.exe
  C:\Windows\System\sDiUtlJ.exe
  2⤵
  PID:7508
- C:\Windows\System\VSCnyaU.exe
  C:\Windows\System\VSCnyaU.exe
  2⤵
  PID:7524
- C:\Windows\System\hGTKOqU.exe
  C:\Windows\System\hGTKOqU.exe
  2⤵
  PID:7540
- C:\Windows\System\dqnNWlo.exe
  C:\Windows\System\dqnNWlo.exe
  2⤵
  PID:7556
- C:\Windows\System\oRhGAGz.exe
  C:\Windows\System\oRhGAGz.exe
  2⤵
  PID:7584
- C:\Windows\System\ruXTslC.exe
  C:\Windows\System\ruXTslC.exe
  2⤵
  PID:7612
- C:\Windows\System\BsnXonS.exe
  C:\Windows\System\BsnXonS.exe
  2⤵
  PID:7632
- C:\Windows\System\idBnZwH.exe
  C:\Windows\System\idBnZwH.exe
  2⤵
  PID:7652
- C:\Windows\System\ZMQieXT.exe
  C:\Windows\System\ZMQieXT.exe
  2⤵
  PID:7668
- C:\Windows\System\ghizeuY.exe
  C:\Windows\System\ghizeuY.exe
  2⤵
  PID:7684
- C:\Windows\System\ZIObPiU.exe
  C:\Windows\System\ZIObPiU.exe
  2⤵
  PID:7700
- C:\Windows\System\hcQkexO.exe
  C:\Windows\System\hcQkexO.exe
  2⤵
  PID:7716
- C:\Windows\System\AzjqMhq.exe
  C:\Windows\System\AzjqMhq.exe
  2⤵
  PID:7740
- C:\Windows\System\qYzTSVI.exe
  C:\Windows\System\qYzTSVI.exe
  2⤵
  PID:7820
- C:\Windows\System\ypNrKSk.exe
  C:\Windows\System\ypNrKSk.exe
  2⤵
  PID:7836
- C:\Windows\System\QKZBbXF.exe
  C:\Windows\System\QKZBbXF.exe
  2⤵
  PID:7852
- C:\Windows\System\MCmnQLP.exe
  C:\Windows\System\MCmnQLP.exe
  2⤵
  PID:7868
- C:\Windows\System\xXEPMqi.exe
  C:\Windows\System\xXEPMqi.exe
  2⤵
  PID:7888
- C:\Windows\System\lfAjwyM.exe
  C:\Windows\System\lfAjwyM.exe
  2⤵
  PID:7908
- C:\Windows\System\cZoZWuE.exe
  C:\Windows\System\cZoZWuE.exe
  2⤵
  PID:7924
- C:\Windows\System\kTHIoNI.exe
  C:\Windows\System\kTHIoNI.exe
  2⤵
  PID:7944
- C:\Windows\System\wCeKdPL.exe
  C:\Windows\System\wCeKdPL.exe
  2⤵
  PID:7960
- C:\Windows\System\tjXgENk.exe
  C:\Windows\System\tjXgENk.exe
  2⤵
  PID:7976
- C:\Windows\System\wkSVTBV.exe
  C:\Windows\System\wkSVTBV.exe
  2⤵
  PID:7996
- C:\Windows\System\DRIByJR.exe
  C:\Windows\System\DRIByJR.exe
  2⤵
  PID:8012
- C:\Windows\System\rljnkbp.exe
  C:\Windows\System\rljnkbp.exe
  2⤵
  PID:8028
- C:\Windows\System\mRYXLaZ.exe
  C:\Windows\System\mRYXLaZ.exe
  2⤵
  PID:8048
- C:\Windows\System\UMrqPEn.exe
  C:\Windows\System\UMrqPEn.exe
  2⤵
  PID:8068
- C:\Windows\System\QbLJtSx.exe
  C:\Windows\System\QbLJtSx.exe
  2⤵
  PID:8084
- C:\Windows\System\EELCzdK.exe
  C:\Windows\System\EELCzdK.exe
  2⤵
  PID:8104
- C:\Windows\System\PKsFjGx.exe
  C:\Windows\System\PKsFjGx.exe
  2⤵
  PID:8124
- C:\Windows\System\YQsEfYA.exe
  C:\Windows\System\YQsEfYA.exe
  2⤵
  PID:8140
- C:\Windows\System\MRixSQe.exe
  C:\Windows\System\MRixSQe.exe
  2⤵
  PID:8160
- C:\Windows\System\PTkJhDn.exe
  C:\Windows\System\PTkJhDn.exe
  2⤵
  PID:8180
- C:\Windows\System\pmFGrcf.exe
  C:\Windows\System\pmFGrcf.exe
  2⤵
  PID:6004
- C:\Windows\System\xkVTFmk.exe
  C:\Windows\System\xkVTFmk.exe
  2⤵
  PID:7176
- C:\Windows\System\BlviYdm.exe
  C:\Windows\System\BlviYdm.exe
  2⤵
  PID:7244
- C:\Windows\System\vzlBcJw.exe
  C:\Windows\System\vzlBcJw.exe
  2⤵
  PID:7296
- C:\Windows\System\xpKXBsb.exe
  C:\Windows\System\xpKXBsb.exe
  2⤵
  PID:7364
- C:\Windows\System\CVFIgHL.exe
  C:\Windows\System\CVFIgHL.exe
  2⤵
  PID:7440
- C:\Windows\System\rqvmrsS.exe
  C:\Windows\System\rqvmrsS.exe
  2⤵
  PID:6844
- C:\Windows\System\owTpHYu.exe
  C:\Windows\System\owTpHYu.exe
  2⤵
  PID:7020
- C:\Windows\System\sEDbtAx.exe
  C:\Windows\System\sEDbtAx.exe
  2⤵
  PID:5356
- C:\Windows\System\zCYwaSd.exe
  C:\Windows\System\zCYwaSd.exe
  2⤵
  PID:6488
- C:\Windows\System\oenMfbD.exe
  C:\Windows\System\oenMfbD.exe
  2⤵
  PID:7548
- C:\Windows\System\GrjOggw.exe
  C:\Windows\System\GrjOggw.exe
  2⤵
  PID:7644
- C:\Windows\System\zCQnASS.exe
  C:\Windows\System\zCQnASS.exe
  2⤵
  PID:7680
- C:\Windows\System\EwwyVOQ.exe
  C:\Windows\System\EwwyVOQ.exe
  2⤵
  PID:7752
- C:\Windows\System\YnsGVBY.exe
  C:\Windows\System\YnsGVBY.exe
  2⤵
  PID:7776
- C:\Windows\System\CeDVMsU.exe
  C:\Windows\System\CeDVMsU.exe
  2⤵
  PID:7788
- C:\Windows\System\MKfxVtd.exe
  C:\Windows\System\MKfxVtd.exe
  2⤵
  PID:7196
- C:\Windows\System\UdRChnV.exe
  C:\Windows\System\UdRChnV.exe
  2⤵
  PID:7264
- C:\Windows\System\NeGUwet.exe
  C:\Windows\System\NeGUwet.exe
  2⤵
  PID:7308
- C:\Windows\System\MHNPGyh.exe
  C:\Windows\System\MHNPGyh.exe
  2⤵
  PID:7344
- C:\Windows\System\qJXvSqw.exe
  C:\Windows\System\qJXvSqw.exe
  2⤵
  PID:7388
- C:\Windows\System\vDmUKVU.exe
  C:\Windows\System\vDmUKVU.exe
  2⤵
  PID:7456
- C:\Windows\System\CSjDlwK.exe
  C:\Windows\System\CSjDlwK.exe
  2⤵
  PID:7532
- C:\Windows\System\zuIwpmQ.exe
  C:\Windows\System\zuIwpmQ.exe
  2⤵
  PID:7576
- C:\Windows\System\ZVOjBQt.exe
  C:\Windows\System\ZVOjBQt.exe
  2⤵
  PID:7728
- C:\Windows\System\dWnMvhn.exe
  C:\Windows\System\dWnMvhn.exe
  2⤵
  PID:7800
- C:\Windows\System\YDvxbEs.exe
  C:\Windows\System\YDvxbEs.exe
  2⤵
  PID:7816
- C:\Windows\System\cAAtaMt.exe
  C:\Windows\System\cAAtaMt.exe
  2⤵
  PID:7876
- C:\Windows\System\IBLblzx.exe
  C:\Windows\System\IBLblzx.exe
  2⤵
  PID:7828
- C:\Windows\System\xJneUEQ.exe
  C:\Windows\System\xJneUEQ.exe
  2⤵
  PID:7832
- C:\Windows\System\wkYhDfS.exe
  C:\Windows\System\wkYhDfS.exe
  2⤵
  PID:6304
- C:\Windows\System\krhiGmX.exe
  C:\Windows\System\krhiGmX.exe
  2⤵
  PID:8040
- C:\Windows\System\BlGrQyl.exe
  C:\Windows\System\BlGrQyl.exe
  2⤵
  PID:8112
- C:\Windows\System\BFKYpyr.exe
  C:\Windows\System\BFKYpyr.exe
  2⤵
  PID:8156
- C:\Windows\System\SRhZkAU.exe
  C:\Windows\System\SRhZkAU.exe
  2⤵
  PID:6640
- C:\Windows\System\iGYXstK.exe
  C:\Windows\System\iGYXstK.exe
  2⤵
  PID:7288
- C:\Windows\System\fBHBeCz.exe
  C:\Windows\System\fBHBeCz.exe
  2⤵
  PID:7472
- C:\Windows\System\AfvKQBB.exe
  C:\Windows\System\AfvKQBB.exe
  2⤵
  PID:7516
- C:\Windows\System\CZPBWEA.exe
  C:\Windows\System\CZPBWEA.exe
  2⤵
  PID:6452
- C:\Windows\System\bwFwCTi.exe
  C:\Windows\System\bwFwCTi.exe
  2⤵
  PID:7640
- C:\Windows\System\bSzQInZ.exe
  C:\Windows\System\bSzQInZ.exe
  2⤵
  PID:7712
- C:\Windows\System\FVwIoXx.exe
  C:\Windows\System\FVwIoXx.exe
  2⤵
  PID:7228
- C:\Windows\System\HYCBZwb.exe
  C:\Windows\System\HYCBZwb.exe
  2⤵
  PID:7348
- C:\Windows\System\JKUHGyG.exe
  C:\Windows\System\JKUHGyG.exe
  2⤵
  PID:6308
- C:\Windows\System\PYDRzyQ.exe
  C:\Windows\System\PYDRzyQ.exe
  2⤵
  PID:7764
- C:\Windows\System\UZkQsuH.exe
  C:\Windows\System\UZkQsuH.exe
  2⤵
  PID:7272
- C:\Windows\System\iMWHlgD.exe
  C:\Windows\System\iMWHlgD.exe
  2⤵
  PID:7500
- C:\Windows\System\LWYyGWv.exe
  C:\Windows\System\LWYyGWv.exe
  2⤵
  PID:7724
- C:\Windows\System\FIrEDGg.exe
  C:\Windows\System\FIrEDGg.exe
  2⤵
  PID:7808
- C:\Windows\System\JCvfiiY.exe
  C:\Windows\System\JCvfiiY.exe
  2⤵
  PID:7920
- C:\Windows\System\pGawTJb.exe
  C:\Windows\System\pGawTJb.exe
  2⤵
  PID:7952
- C:\Windows\System\lLVOIWI.exe
  C:\Windows\System\lLVOIWI.exe
  2⤵
  PID:7992
- C:\Windows\System\TRjxSTI.exe
  C:\Windows\System\TRjxSTI.exe
  2⤵
  PID:8060
- C:\Windows\System\vpjJjPs.exe
  C:\Windows\System\vpjJjPs.exe
  2⤵
  PID:8100
- C:\Windows\System\qSoREAv.exe
  C:\Windows\System\qSoREAv.exe
  2⤵
  PID:8172
- C:\Windows\System\ryjfBAk.exe
  C:\Windows\System\ryjfBAk.exe
  2⤵
  PID:7860
- C:\Windows\System\OOWmqSA.exe
  C:\Windows\System\OOWmqSA.exe
  2⤵
  PID:7900
- C:\Windows\System\hgcHXXv.exe
  C:\Windows\System\hgcHXXv.exe
  2⤵
  PID:7972
- C:\Windows\System\JHPwzWb.exe
  C:\Windows\System\JHPwzWb.exe
  2⤵
  PID:8008
- C:\Windows\System\BGdJyZk.exe
  C:\Windows\System\BGdJyZk.exe
  2⤵
  PID:8076
- C:\Windows\System\Giiaylq.exe
  C:\Windows\System\Giiaylq.exe
  2⤵
  PID:7596
- C:\Windows\System\hrvwnwr.exe
  C:\Windows\System\hrvwnwr.exe
  2⤵
  PID:7604
- C:\Windows\System\LeZuwqu.exe
  C:\Windows\System\LeZuwqu.exe
  2⤵
  PID:7696
- C:\Windows\System\kDLIfyn.exe
  C:\Windows\System\kDLIfyn.exe
  2⤵
  PID:7624
- C:\Windows\System\fhdfkAe.exe
  C:\Windows\System\fhdfkAe.exe
  2⤵
  PID:7844
- C:\Windows\System\IwKTAAT.exe
  C:\Windows\System\IwKTAAT.exe
  2⤵
  PID:7968
- C:\Windows\System\LhqigJh.exe
  C:\Windows\System\LhqigJh.exe
  2⤵
  PID:8036
- C:\Windows\System\IXXGcRW.exe
  C:\Windows\System\IXXGcRW.exe
  2⤵
  PID:7476
- C:\Windows\System\BxXkirx.exe
  C:\Windows\System\BxXkirx.exe
  2⤵
  PID:6864
- C:\Windows\System\vGzckkv.exe
  C:\Windows\System\vGzckkv.exe
  2⤵
  PID:7084
- C:\Windows\System\cdhulzs.exe
  C:\Windows\System\cdhulzs.exe
  2⤵
  PID:7692
- C:\Windows\System\nYBLbLA.exe
  C:\Windows\System\nYBLbLA.exe
  2⤵
  PID:7520
- C:\Windows\System\fDHawEK.exe
  C:\Windows\System\fDHawEK.exe
  2⤵
  PID:7780
- C:\Windows\System\gGczvsp.exe
  C:\Windows\System\gGczvsp.exe
  2⤵
  PID:6356
- C:\Windows\System\MurPGSu.exe
  C:\Windows\System\MurPGSu.exe
  2⤵
  PID:7192
- C:\Windows\System\GXDkXMC.exe
  C:\Windows\System\GXDkXMC.exe
  2⤵
  PID:7492
- C:\Windows\System\ERNxHDS.exe
  C:\Windows\System\ERNxHDS.exe
  2⤵
  PID:7152
- C:\Windows\System\dRXSIjK.exe
  C:\Windows\System\dRXSIjK.exe
  2⤵
  PID:6912
- C:\Windows\System\RBZvWef.exe
  C:\Windows\System\RBZvWef.exe
  2⤵
  PID:7212
- C:\Windows\System\RnkzaMq.exe
  C:\Windows\System\RnkzaMq.exe
  2⤵
  PID:7864
- C:\Windows\System\DjbGDqs.exe
  C:\Windows\System\DjbGDqs.exe
  2⤵
  PID:5596
- C:\Windows\System\Biidyhh.exe
  C:\Windows\System\Biidyhh.exe
  2⤵
  PID:7568
- C:\Windows\System\eFPBUcr.exe
  C:\Windows\System\eFPBUcr.exe
  2⤵
  PID:7904
- C:\Windows\System\ooJjtpx.exe
  C:\Windows\System\ooJjtpx.exe
  2⤵
  PID:8096
- C:\Windows\System\lyEKTge.exe
  C:\Windows\System\lyEKTge.exe
  2⤵
  PID:7384
- C:\Windows\System\YSIQmYo.exe
  C:\Windows\System\YSIQmYo.exe
  2⤵
  PID:7240
- C:\Windows\System\SEGFcBx.exe
  C:\Windows\System\SEGFcBx.exe
  2⤵
  PID:8148
- C:\Windows\System\SfyhClS.exe
  C:\Windows\System\SfyhClS.exe
  2⤵
  PID:8152
- C:\Windows\System\NEXsunQ.exe
  C:\Windows\System\NEXsunQ.exe
  2⤵
  PID:8168
- C:\Windows\System\sFgnKTN.exe
  C:\Windows\System\sFgnKTN.exe
  2⤵
  PID:8216
- C:\Windows\System\yJjUNMr.exe
  C:\Windows\System\yJjUNMr.exe
  2⤵
  PID:8232
- C:\Windows\System\BgZhDXM.exe
  C:\Windows\System\BgZhDXM.exe
  2⤵
  PID:8252
- C:\Windows\System\SJnlFAZ.exe
  C:\Windows\System\SJnlFAZ.exe
  2⤵
  PID:8308
- C:\Windows\System\vuKNNMn.exe
  C:\Windows\System\vuKNNMn.exe
  2⤵
  PID:8324
- C:\Windows\System\JdJnVaN.exe
  C:\Windows\System\JdJnVaN.exe
  2⤵
  PID:8340
- C:\Windows\System\cREPIkZ.exe
  C:\Windows\System\cREPIkZ.exe
  2⤵
  PID:8356
- C:\Windows\System\WGnzZmK.exe
  C:\Windows\System\WGnzZmK.exe
  2⤵
  PID:8376
- C:\Windows\System\AOhUICS.exe
  C:\Windows\System\AOhUICS.exe
  2⤵
  PID:8392
- C:\Windows\System\btjdFlC.exe
  C:\Windows\System\btjdFlC.exe
  2⤵
  PID:8412
- C:\Windows\System\GxYMolG.exe
  C:\Windows\System\GxYMolG.exe
  2⤵
  PID:8428
- C:\Windows\System\hsdVRdC.exe
  C:\Windows\System\hsdVRdC.exe
  2⤵
  PID:8444
- C:\Windows\System\UzLVLEM.exe
  C:\Windows\System\UzLVLEM.exe
  2⤵
  PID:8460
- C:\Windows\System\ZRBTmte.exe
  C:\Windows\System\ZRBTmte.exe
  2⤵
  PID:8476
- C:\Windows\System\JFlHfcb.exe
  C:\Windows\System\JFlHfcb.exe
  2⤵
  PID:8492
- C:\Windows\System\fTHYQGD.exe
  C:\Windows\System\fTHYQGD.exe
  2⤵
  PID:8508
- C:\Windows\System\gwtKfVm.exe
  C:\Windows\System\gwtKfVm.exe
  2⤵
  PID:8524
- C:\Windows\System\pTWajCr.exe
  C:\Windows\System\pTWajCr.exe
  2⤵
  PID:8540
- C:\Windows\System\tccUzNA.exe
  C:\Windows\System\tccUzNA.exe
  2⤵
  PID:8556
- C:\Windows\System\JLGgrQr.exe
  C:\Windows\System\JLGgrQr.exe
  2⤵
  PID:8572
- C:\Windows\System\yAtaltu.exe
  C:\Windows\System\yAtaltu.exe
  2⤵
  PID:8588
- C:\Windows\System\muVMSOc.exe
  C:\Windows\System\muVMSOc.exe
  2⤵
  PID:8604
- C:\Windows\System\oGcAehW.exe
  C:\Windows\System\oGcAehW.exe
  2⤵
  PID:8624
- C:\Windows\System\WNIalIJ.exe
  C:\Windows\System\WNIalIJ.exe
  2⤵
  PID:8640
- C:\Windows\System\GIfrXGr.exe
  C:\Windows\System\GIfrXGr.exe
  2⤵
  PID:8660
- C:\Windows\System\FeiKIYR.exe
  C:\Windows\System\FeiKIYR.exe
  2⤵
  PID:8676
- C:\Windows\System\ErulTGy.exe
  C:\Windows\System\ErulTGy.exe
  2⤵
  PID:8692
- C:\Windows\System\tYsXycY.exe
  C:\Windows\System\tYsXycY.exe
  2⤵
  PID:8720
- C:\Windows\System\jwTyDnq.exe
  C:\Windows\System\jwTyDnq.exe
  2⤵
  PID:8744
- C:\Windows\System\KyDOeMW.exe
  C:\Windows\System\KyDOeMW.exe
  2⤵
  PID:8764
- C:\Windows\System\qovRMQR.exe
  C:\Windows\System\qovRMQR.exe
  2⤵
  PID:8780
- C:\Windows\System\jzWEdPr.exe
  C:\Windows\System\jzWEdPr.exe
  2⤵
  PID:8796
- C:\Windows\System\mByVpJO.exe
  C:\Windows\System\mByVpJO.exe
  2⤵
  PID:8812
- C:\Windows\System\JTAGkRY.exe
  C:\Windows\System\JTAGkRY.exe
  2⤵
  PID:8828
- C:\Windows\System\WoFHQdc.exe
  C:\Windows\System\WoFHQdc.exe
  2⤵
  PID:8844
- C:\Windows\System\FTdtDzK.exe
  C:\Windows\System\FTdtDzK.exe
  2⤵
  PID:8860
- C:\Windows\System\ohWdGOq.exe
  C:\Windows\System\ohWdGOq.exe
  2⤵
  PID:8876
- C:\Windows\System\XmLIKhf.exe
  C:\Windows\System\XmLIKhf.exe
  2⤵
  PID:8892
- C:\Windows\System\NDfQQQm.exe
  C:\Windows\System\NDfQQQm.exe
  2⤵
  PID:8908
- C:\Windows\System\viMzaBB.exe
  C:\Windows\System\viMzaBB.exe
  2⤵
  PID:8924
- C:\Windows\System\ARocZGU.exe
  C:\Windows\System\ARocZGU.exe
  2⤵
  PID:8948
- C:\Windows\System\ECWTeYr.exe
  C:\Windows\System\ECWTeYr.exe
  2⤵
  PID:8968
- C:\Windows\System\bacqDus.exe
  C:\Windows\System\bacqDus.exe
  2⤵
  PID:8984
- C:\Windows\System\drlzwJO.exe
  C:\Windows\System\drlzwJO.exe
  2⤵
  PID:9004
- C:\Windows\System\tiZPnLQ.exe
  C:\Windows\System\tiZPnLQ.exe
  2⤵
  PID:9020
- C:\Windows\System\orXjmDa.exe
  C:\Windows\System\orXjmDa.exe
  2⤵
  PID:9036
- C:\Windows\System\dRjPhBY.exe
  C:\Windows\System\dRjPhBY.exe
  2⤵
  PID:9172
- C:\Windows\System\QVHoamI.exe
  C:\Windows\System\QVHoamI.exe
  2⤵
  PID:9188
- C:\Windows\System\gItoFVT.exe
  C:\Windows\System\gItoFVT.exe
  2⤵
  PID:9212
- C:\Windows\System\EPnjjAC.exe
  C:\Windows\System\EPnjjAC.exe
  2⤵
  PID:8204
- C:\Windows\System\jqSTxJg.exe
  C:\Windows\System\jqSTxJg.exe
  2⤵
  PID:8244
- C:\Windows\System\KuiqDrY.exe
  C:\Windows\System\KuiqDrY.exe
  2⤵
  PID:8280
- C:\Windows\System\npgTzxx.exe
  C:\Windows\System\npgTzxx.exe
  2⤵
  PID:8264
- C:\Windows\System\wOlHrlm.exe
  C:\Windows\System\wOlHrlm.exe
  2⤵
  PID:8296
- C:\Windows\System\AixssTH.exe
  C:\Windows\System\AixssTH.exe
  2⤵
  PID:8320
- C:\Windows\System\jnhoNUU.exe
  C:\Windows\System\jnhoNUU.exe
  2⤵
  PID:8424
- C:\Windows\System\NIYecDj.exe
  C:\Windows\System\NIYecDj.exe
  2⤵
  PID:8520
- C:\Windows\System\KBdAdco.exe
  C:\Windows\System\KBdAdco.exe
  2⤵
  PID:8332
- C:\Windows\System\VPXinFd.exe
  C:\Windows\System\VPXinFd.exe
  2⤵
  PID:8368
- C:\Windows\System\FYVzetO.exe
  C:\Windows\System\FYVzetO.exe
  2⤵
  PID:8596
- C:\Windows\System\PlZlmMF.exe
  C:\Windows\System\PlZlmMF.exe
  2⤵
  PID:8440
- C:\Windows\System\nGonYgA.exe
  C:\Windows\System\nGonYgA.exe
  2⤵
  PID:8600
- C:\Windows\System\pVYgpXz.exe
  C:\Windows\System\pVYgpXz.exe
  2⤵
  PID:8668
- C:\Windows\System\buDASKn.exe
  C:\Windows\System\buDASKn.exe
  2⤵
  PID:8760
- C:\Windows\System\aRetzBV.exe
  C:\Windows\System\aRetzBV.exe
  2⤵
  PID:8704
- C:\Windows\System\ksshwOK.exe
  C:\Windows\System\ksshwOK.exe
  2⤵
  PID:8684
- C:\Windows\System\YrFWzuE.exe
  C:\Windows\System\YrFWzuE.exe
  2⤵
  PID:8732
- C:\Windows\System\RjFuLzc.exe
  C:\Windows\System\RjFuLzc.exe
  2⤵
  PID:8776
- C:\Windows\System\XSPgaAj.exe
  C:\Windows\System\XSPgaAj.exe
  2⤵
  PID:8872
- C:\Windows\System\IkZwnxs.exe
  C:\Windows\System\IkZwnxs.exe
  2⤵
  PID:8904
- C:\Windows\System\CwwWnSd.exe
  C:\Windows\System\CwwWnSd.exe
  2⤵
  PID:8944
- C:\Windows\System\kDncawU.exe
  C:\Windows\System\kDncawU.exe
  2⤵
  PID:9016
- C:\Windows\System\vomLOpO.exe
  C:\Windows\System\vomLOpO.exe
  2⤵
  PID:8884
- C:\Windows\System\AHJQYZY.exe
  C:\Windows\System\AHJQYZY.exe
  2⤵
  PID:9032
- C:\Windows\System\nwmpznu.exe
  C:\Windows\System\nwmpznu.exe
  2⤵
  PID:9068
- C:\Windows\System\vpbnmWM.exe
  C:\Windows\System\vpbnmWM.exe
  2⤵
  PID:9088
- C:\Windows\System\BLhFGzz.exe
  C:\Windows\System\BLhFGzz.exe
  2⤵
  PID:9104
- C:\Windows\System\xduZJIk.exe
  C:\Windows\System\xduZJIk.exe
  2⤵
  PID:9124
- C:\Windows\System\jiCAFHy.exe
  C:\Windows\System\jiCAFHy.exe
  2⤵
  PID:9136
- C:\Windows\System\JDCxUGK.exe
  C:\Windows\System\JDCxUGK.exe
  2⤵
  PID:9164
- C:\Windows\System\CxaqQRa.exe
  C:\Windows\System\CxaqQRa.exe
  2⤵
  PID:9204
- C:\Windows\System\WuOeyUl.exe
  C:\Windows\System\WuOeyUl.exe
  2⤵
  PID:8200
- C:\Windows\System\HxmYDkv.exe
  C:\Windows\System\HxmYDkv.exe
  2⤵
  PID:8092
- C:\Windows\System\SEaGgeR.exe
  C:\Windows\System\SEaGgeR.exe
  2⤵
  PID:8276
- C:\Windows\System\ZdqFeWd.exe
  C:\Windows\System\ZdqFeWd.exe
  2⤵
  PID:8420
- C:\Windows\System\DqOxSpB.exe
  C:\Windows\System\DqOxSpB.exe
  2⤵
  PID:8268
- C:\Windows\System\REJQokI.exe
  C:\Windows\System\REJQokI.exe
  2⤵
  PID:7956
- C:\Windows\System\VQArXHv.exe
  C:\Windows\System\VQArXHv.exe
  2⤵
  PID:8372
- C:\Windows\System\OnrdScd.exe
  C:\Windows\System\OnrdScd.exe
  2⤵
  PID:8532
- C:\Windows\System\FaCiSWB.exe
  C:\Windows\System\FaCiSWB.exe
  2⤵
  PID:8632
- C:\Windows\System\wzSRJLN.exe
  C:\Windows\System\wzSRJLN.exe
  2⤵
  PID:8792
- C:\Windows\System\ioprrZd.exe
  C:\Windows\System\ioprrZd.exe
  2⤵
  PID:8840
- C:\Windows\System\JWZCrHi.exe
  C:\Windows\System\JWZCrHi.exe
  2⤵
  PID:8940
- C:\Windows\System\AdFyTlu.exe
  C:\Windows\System\AdFyTlu.exe
  2⤵
  PID:8740
- C:\Windows\System\xncGUcJ.exe
  C:\Windows\System\xncGUcJ.exe
  2⤵
  PID:8980
- C:\Windows\System\mDFvfda.exe
  C:\Windows\System\mDFvfda.exe
  2⤵
  PID:8960
- C:\Windows\System\qkQiUfn.exe
  C:\Windows\System\qkQiUfn.exe
  2⤵
  PID:9064
- C:\Windows\System\YlNnOTs.exe
  C:\Windows\System\YlNnOTs.exe
  2⤵
  PID:9028
- C:\Windows\System\eFgSCHg.exe
  C:\Windows\System\eFgSCHg.exe
  2⤵
  PID:9084
- C:\Windows\System\TFprFBs.exe
  C:\Windows\System\TFprFBs.exe
  2⤵
  PID:9112
- C:\Windows\System\JLnqJhC.exe
  C:\Windows\System\JLnqJhC.exe
  2⤵
  PID:9152
- C:\Windows\System\dxQdsqE.exe
  C:\Windows\System\dxQdsqE.exe
  2⤵
  PID:9184
- C:\Windows\System\ihXemWn.exe
  C:\Windows\System\ihXemWn.exe
  2⤵
  PID:9200
- C:\Windows\System\wOxoSTh.exe
  C:\Windows\System\wOxoSTh.exe
  2⤵
  PID:7452
- C:\Windows\System\PrvMvmk.exe
  C:\Windows\System\PrvMvmk.exe
  2⤵
  PID:8456
- C:\Windows\System\FACDqCA.exe
  C:\Windows\System\FACDqCA.exe
  2⤵
  PID:8408
- C:\Windows\System\DIbTzAP.exe
  C:\Windows\System\DIbTzAP.exe
  2⤵
  PID:8756
- C:\Windows\System\UKIQUet.exe
  C:\Windows\System\UKIQUet.exe
  2⤵
  PID:9048
- C:\Windows\System\pVdvtfl.exe
  C:\Windows\System\pVdvtfl.exe
  2⤵
  PID:9000
- C:\Windows\System\pjvbDIE.exe
  C:\Windows\System\pjvbDIE.exe
  2⤵
  PID:8992
- C:\Windows\System\PPWZMay.exe
  C:\Windows\System\PPWZMay.exe
  2⤵
  PID:9076
- C:\Windows\System\arhHMkH.exe
  C:\Windows\System\arhHMkH.exe
  2⤵
  PID:8820
- C:\Windows\System\FXnkpJJ.exe
  C:\Windows\System\FXnkpJJ.exe
  2⤵
  PID:8260
- C:\Windows\System\AlbKlhm.exe
  C:\Windows\System\AlbKlhm.exe
  2⤵
  PID:9168
- C:\Windows\System\KdsBPbI.exe
  C:\Windows\System\KdsBPbI.exe
  2⤵
  PID:8612
- C:\Windows\System\DnkNFfl.exe
  C:\Windows\System\DnkNFfl.exe
  2⤵
  PID:5212
- C:\Windows\System\jInIOJw.exe
  C:\Windows\System\jInIOJw.exe
  2⤵
  PID:8836
- C:\Windows\System\wmQsvId.exe
  C:\Windows\System\wmQsvId.exe
  2⤵
  PID:8916
- C:\Windows\System\aOyDpJa.exe
  C:\Windows\System\aOyDpJa.exe
  2⤵
  PID:9116
- C:\Windows\System\hquFfUY.exe
  C:\Windows\System\hquFfUY.exe
  2⤵
  PID:9052
- C:\Windows\System\hovNXrA.exe
  C:\Windows\System\hovNXrA.exe
  2⤵
  PID:9228
- C:\Windows\System\KekBUwT.exe
  C:\Windows\System\KekBUwT.exe
  2⤵
  PID:9244
- C:\Windows\System\oexSVfG.exe
  C:\Windows\System\oexSVfG.exe
  2⤵
  PID:9260
- C:\Windows\System\gGKHCgl.exe
  C:\Windows\System\gGKHCgl.exe
  2⤵
  PID:9276
- C:\Windows\System\MTVqRRn.exe
  C:\Windows\System\MTVqRRn.exe
  2⤵
  PID:9292
- C:\Windows\System\tydWvnA.exe
  C:\Windows\System\tydWvnA.exe
  2⤵
  PID:9316
- C:\Windows\System\gQkGKPm.exe
  C:\Windows\System\gQkGKPm.exe
  2⤵
  PID:9336
- C:\Windows\System\bAupWHz.exe
  C:\Windows\System\bAupWHz.exe
  2⤵
  PID:9352
- C:\Windows\System\UaEMNSI.exe
  C:\Windows\System\UaEMNSI.exe
  2⤵
  PID:9368
- C:\Windows\System\qEyYBsH.exe
  C:\Windows\System\qEyYBsH.exe
  2⤵
  PID:9388
- C:\Windows\System\UlnOOaU.exe
  C:\Windows\System\UlnOOaU.exe
  2⤵
  PID:9412
- C:\Windows\System\bqzcOiK.exe
  C:\Windows\System\bqzcOiK.exe
  2⤵
  PID:9428
- C:\Windows\System\RJALTqw.exe
  C:\Windows\System\RJALTqw.exe
  2⤵
  PID:9444
- C:\Windows\System\lTjqEmv.exe
  C:\Windows\System\lTjqEmv.exe
  2⤵
  PID:9464
- C:\Windows\System\JBdAETI.exe
  C:\Windows\System\JBdAETI.exe
  2⤵
  PID:9484
- C:\Windows\System\QLCcfGW.exe
  C:\Windows\System\QLCcfGW.exe
  2⤵
  PID:9504
- C:\Windows\System\mnLEJnG.exe
  C:\Windows\System\mnLEJnG.exe
  2⤵
  PID:9520
- C:\Windows\System\dNPUYhc.exe
  C:\Windows\System\dNPUYhc.exe
  2⤵
  PID:9564
- C:\Windows\System\jpDqOqL.exe
  C:\Windows\System\jpDqOqL.exe
  2⤵
  PID:9592
- C:\Windows\System\ImaLJfp.exe
  C:\Windows\System\ImaLJfp.exe
  2⤵
  PID:9644
- C:\Windows\System\ImbJwAz.exe
  C:\Windows\System\ImbJwAz.exe
  2⤵
  PID:9660
- C:\Windows\System\ojdkswP.exe
  C:\Windows\System\ojdkswP.exe
  2⤵
  PID:9676
- C:\Windows\System\FpkneNA.exe
  C:\Windows\System\FpkneNA.exe
  2⤵
  PID:9692
- C:\Windows\System\UWHmcPd.exe
  C:\Windows\System\UWHmcPd.exe
  2⤵
  PID:9712
- C:\Windows\System\YWwhjBY.exe
  C:\Windows\System\YWwhjBY.exe
  2⤵
  PID:9728
- C:\Windows\System\ATTUYst.exe
  C:\Windows\System\ATTUYst.exe
  2⤵
  PID:9744
- C:\Windows\System\fCfNSZm.exe
  C:\Windows\System\fCfNSZm.exe
  2⤵
  PID:9760
- C:\Windows\System\DSKiSGN.exe
  C:\Windows\System\DSKiSGN.exe
  2⤵
  PID:9776
- C:\Windows\System\iCwoDIg.exe
  C:\Windows\System\iCwoDIg.exe
  2⤵
  PID:9804
- C:\Windows\System\OSyBSGf.exe
  C:\Windows\System\OSyBSGf.exe
  2⤵
  PID:9824
- C:\Windows\System\dOHGPmo.exe
  C:\Windows\System\dOHGPmo.exe
  2⤵
  PID:9852
- C:\Windows\System\GHSpQXm.exe
  C:\Windows\System\GHSpQXm.exe
  2⤵
  PID:9872
- C:\Windows\System\afoxLil.exe
  C:\Windows\System\afoxLil.exe
  2⤵
  PID:9896
- C:\Windows\System\IgnAxLc.exe
  C:\Windows\System\IgnAxLc.exe
  2⤵
  PID:9944
- C:\Windows\System\ddcRPNM.exe
  C:\Windows\System\ddcRPNM.exe
  2⤵
  PID:9960
- C:\Windows\System\HKLiCAS.exe
  C:\Windows\System\HKLiCAS.exe
  2⤵
  PID:9976
- C:\Windows\System\owSfedG.exe
  C:\Windows\System\owSfedG.exe
  2⤵
  PID:9996
- C:\Windows\System\rzIPAnS.exe
  C:\Windows\System\rzIPAnS.exe
  2⤵
  PID:10012
- C:\Windows\System\HeiNdiL.exe
  C:\Windows\System\HeiNdiL.exe
  2⤵
  PID:10028
- C:\Windows\System\PZrSRBP.exe
  C:\Windows\System\PZrSRBP.exe
  2⤵
  PID:10044
- C:\Windows\System\qjzhdLX.exe
  C:\Windows\System\qjzhdLX.exe
  2⤵
  PID:10060
- C:\Windows\System\wATNKxu.exe
  C:\Windows\System\wATNKxu.exe
  2⤵
  PID:10076
- C:\Windows\System\XBaEcaI.exe
  C:\Windows\System\XBaEcaI.exe
  2⤵
  PID:10092
- C:\Windows\System\AkqqBhx.exe
  C:\Windows\System\AkqqBhx.exe
  2⤵
  PID:10108
- C:\Windows\System\fsuvbiT.exe
  C:\Windows\System\fsuvbiT.exe
  2⤵
  PID:10124
- C:\Windows\System\AbMjBvi.exe
  C:\Windows\System\AbMjBvi.exe
  2⤵
  PID:10140
- C:\Windows\System\CEgPuaz.exe
  C:\Windows\System\CEgPuaz.exe
  2⤵
  PID:10160
- C:\Windows\System\zGtRXSC.exe
  C:\Windows\System\zGtRXSC.exe
  2⤵
  PID:10184
- C:\Windows\System\KDumfqj.exe
  C:\Windows\System\KDumfqj.exe
  2⤵
  PID:10200
- C:\Windows\System\RPrNrDs.exe
  C:\Windows\System\RPrNrDs.exe
  2⤵
  PID:10220
- C:\Windows\System\elGEpsn.exe
  C:\Windows\System\elGEpsn.exe
  2⤵
  PID:10236
- C:\Windows\System\jdrjBKb.exe
  C:\Windows\System\jdrjBKb.exe
  2⤵
  PID:8552
- C:\Windows\System\zEHvrcM.exe
  C:\Windows\System\zEHvrcM.exe
  2⤵
  PID:8580
- C:\Windows\System\gjOYAzA.exe
  C:\Windows\System\gjOYAzA.exe
  2⤵
  PID:8900
- C:\Windows\System\AKupBaY.exe
  C:\Windows\System\AKupBaY.exe
  2⤵
  PID:9288
- C:\Windows\System\qzVqGQv.exe
  C:\Windows\System\qzVqGQv.exe
  2⤵
  PID:9364
- C:\Windows\System\YCRVCdc.exe
  C:\Windows\System\YCRVCdc.exe
  2⤵
  PID:9436
- C:\Windows\System\fANjpZQ.exe
  C:\Windows\System\fANjpZQ.exe
  2⤵
  PID:9256
- C:\Windows\System\KHgwQan.exe
  C:\Windows\System\KHgwQan.exe
  2⤵
  PID:9156
- C:\Windows\System\DGjWABB.exe
  C:\Windows\System\DGjWABB.exe
  2⤵
  PID:8708
- C:\Windows\System\ZflVcRM.exe
  C:\Windows\System\ZflVcRM.exe
  2⤵
  PID:9604
- C:\Windows\System\mhZFHtl.exe
  C:\Windows\System\mhZFHtl.exe
  2⤵
  PID:9624
- C:\Windows\System\MLQAvug.exe
  C:\Windows\System\MLQAvug.exe
  2⤵
  PID:9608
- C:\Windows\System\kkazQQB.exe
  C:\Windows\System\kkazQQB.exe
  2⤵
  PID:9588
- C:\Windows\System\IJGexKf.exe
  C:\Windows\System\IJGexKf.exe
  2⤵
  PID:9512
- C:\Windows\System\NNPMNvu.exe
  C:\Windows\System\NNPMNvu.exe
  2⤵
  PID:9688
- C:\Windows\System\sggmzpQ.exe
  C:\Windows\System\sggmzpQ.exe
  2⤵
  PID:9700
- C:\Windows\System\XDpAIHH.exe
  C:\Windows\System\XDpAIHH.exe
  2⤵
  PID:9740
- C:\Windows\System\WIDSsAR.exe
  C:\Windows\System\WIDSsAR.exe
  2⤵
  PID:9860
- C:\Windows\System\aysolIA.exe
  C:\Windows\System\aysolIA.exe
  2⤵
  PID:9788
- C:\Windows\System\KVMKtDM.exe
  C:\Windows\System\KVMKtDM.exe
  2⤵
  PID:9832
- C:\Windows\System\IcnuSBo.exe
  C:\Windows\System\IcnuSBo.exe
  2⤵
  PID:9908
- C:\Windows\System\iMsOJql.exe
  C:\Windows\System\iMsOJql.exe
  2⤵
  PID:9880
- C:\Windows\System\LVUtEVD.exe
  C:\Windows\System\LVUtEVD.exe
  2⤵
  PID:9956
- C:\Windows\System\CvsnWsF.exe
  C:\Windows\System\CvsnWsF.exe
  2⤵
  PID:9992
- C:\Windows\System\AqtFXIa.exe
  C:\Windows\System\AqtFXIa.exe
  2⤵
  PID:10056
- C:\Windows\System\kzqGTZZ.exe
  C:\Windows\System\kzqGTZZ.exe
  2⤵
  PID:10148
- C:\Windows\System\vxAkFJg.exe
  C:\Windows\System\vxAkFJg.exe
  2⤵
  PID:10228
- C:\Windows\System\HKOQfjl.exe
  C:\Windows\System\HKOQfjl.exe
  2⤵
  PID:9224
- C:\Windows\System\WOHtLyx.exe
  C:\Windows\System\WOHtLyx.exe
  2⤵
  PID:9400
- C:\Windows\System\VzMvmMk.exe
  C:\Windows\System\VzMvmMk.exe
  2⤵
  PID:9100
- C:\Windows\System\lhubmzn.exe
  C:\Windows\System\lhubmzn.exe
  2⤵
  PID:9924
- C:\Windows\System\IibvYKN.exe
  C:\Windows\System\IibvYKN.exe
  2⤵
  PID:9460
- C:\Windows\System\pkSppvs.exe
  C:\Windows\System\pkSppvs.exe
  2⤵
  PID:9968
- C:\Windows\System\lQmNONr.exe
  C:\Windows\System\lQmNONr.exe
  2⤵
  PID:10040
- C:\Windows\System\vVrirxa.exe
  C:\Windows\System\vVrirxa.exe
  2⤵
  PID:10104
- C:\Windows\System\ytOYwDh.exe
  C:\Windows\System\ytOYwDh.exe
  2⤵
  PID:10172
- C:\Windows\System\hsjfgCt.exe
  C:\Windows\System\hsjfgCt.exe
  2⤵
  PID:10212
- C:\Windows\System\OIKdfoJ.exe
  C:\Windows\System\OIKdfoJ.exe
  2⤵
  PID:9300
- C:\Windows\System\poAkGQl.exe
  C:\Windows\System\poAkGQl.exe
  2⤵
  PID:8636
- C:\Windows\System\wxLqVni.exe
  C:\Windows\System\wxLqVni.exe
  2⤵
  PID:5420
- C:\Windows\System\jmnQeqQ.exe
  C:\Windows\System\jmnQeqQ.exe
  2⤵
  PID:9272
- C:\Windows\System\guCDPzt.exe
  C:\Windows\System\guCDPzt.exe
  2⤵
  PID:9456
- C:\Windows\System\rEoSSXd.exe
  C:\Windows\System\rEoSSXd.exe
  2⤵
  PID:9652
- C:\Windows\System\pOuSMbs.exe
  C:\Windows\System\pOuSMbs.exe
  2⤵
  PID:9752
- C:\Windows\System\QJbrakd.exe
  C:\Windows\System\QJbrakd.exe
  2⤵
  PID:9888
- C:\Windows\System\dtOINbT.exe
  C:\Windows\System\dtOINbT.exe
  2⤵
  PID:10156
- C:\Windows\System\nzwBvft.exe
  C:\Windows\System\nzwBvft.exe
  2⤵
  PID:9284
- C:\Windows\System\tqtRYgo.exe
  C:\Windows\System\tqtRYgo.exe
  2⤵
  PID:9940
- C:\Windows\System\cUuePSN.exe
  C:\Windows\System\cUuePSN.exe
  2⤵
  PID:9544
- C:\Windows\System\VYdkREK.exe
  C:\Windows\System\VYdkREK.exe
  2⤵
  PID:9772
- C:\Windows\System\YsDzUGS.exe
  C:\Windows\System\YsDzUGS.exe
  2⤵
  PID:9916
- C:\Windows\System\igAthXA.exe
  C:\Windows\System\igAthXA.exe
  2⤵
  PID:10168
- C:\Windows\System\lXQZitY.exe
  C:\Windows\System\lXQZitY.exe
  2⤵
  PID:9904
- C:\Windows\System\dYmOwPG.exe
  C:\Windows\System\dYmOwPG.exe
  2⤵
  PID:9532
- C:\Windows\System\aQqNPFz.exe
  C:\Windows\System\aQqNPFz.exe
  2⤵
  PID:9384
- C:\Windows\System\KIGPViS.exe
  C:\Windows\System\KIGPViS.exe
  2⤵
  PID:10024
- C:\Windows\System\qxWAfhZ.exe
  C:\Windows\System\qxWAfhZ.exe
  2⤵
  PID:9344
- C:\Windows\System\TXUQRTt.exe
  C:\Windows\System\TXUQRTt.exe
  2⤵
  PID:9516
- C:\Windows\System\NNqNFul.exe
  C:\Windows\System\NNqNFul.exe
  2⤵
  PID:9668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BDyhdLh.exe

Filesize
6.0MB

MD5
bcc797bf38ac1f64dfd4e30499c9b48a

SHA1
fb2c8f9c5c188da0aca9266a9deaf068aa1969cc

SHA256
3f243bb17c75a6dbc21bb59dc95031d22ad6c6e8937cfc0a5d2c27d708d700a6

SHA512
4ba1b8f102ced9e3c0a1a45e4b440c5aebe5287f98dcc97a393a42c929401a98b938b16a569e4d95cb666071138c0fe56e920753bef97e535e52266f0a5ed92c

Download Submit
C:\Windows\system\DXAwAYo.exe

Filesize
6.0MB

MD5
5c775e77dac9170febc5288f8480caf3

SHA1
b820c222cdb804661933ddba94563a609d73c765

SHA256
7dd6503f812a55320990d07f83263e448a14ce627c48e579ba9ec683ed597aae

SHA512
a2df520875dd941982593df687cd103d7d5e506b41ad6b6bfc7c59bd87a3185a7380f75e9de3cc79ce989750afa909d35105de9ea566c7b0cea8c00ad8906249

Download Submit
C:\Windows\system\EPKBpLX.exe

Filesize
6.0MB

MD5
d7017a86c08a750dae04a2bbc04b008b

SHA1
240cf3f45a12d30fd95e7555b989cc8459c1fff6

SHA256
4555c01a2d611176f6298aeac170b27f46925fa0571fc9953f0a6c5a8ff9c3b8

SHA512
8eb6ce136051c8d29db04ece60ca0c414cfeb0c3b7db334ae80774f60d1a0aba84e52a558d56b886cad3265053663013d3dbec3aaeafdff25798cfe0faa7f0d0

Download Submit
C:\Windows\system\FCVnSPA.exe

Filesize
6.0MB

MD5
0472b3fc309ca98bd10a906289339613

SHA1
3649a4a4aa97ca591e69de6682c877724368008d

SHA256
016608fadf7a4c5d37fafae84a5e6102447c8b67f98de7a1dc1ee9739fbc9261

SHA512
893df334fdd88e76fb4abe52b82be15154cdf74cdbf11fe2ddf92f5e26934d5a517bad8fc0339e3d66d79aa7979f976bfc9af4218285ab3c45feb6db407e1590

Download Submit
C:\Windows\system\HQShNPU.exe

Filesize
6.0MB

MD5
e0ee8ad93fb4f60d05eeb07d39773ee2

SHA1
fc3eee4dee3a08423b5d65ca402516807d8f3b29

SHA256
50abfd64ac0398fdc9cbf6c3c03223ed812e5f61da1db25c41b6838a7ccf6f51

SHA512
ca4ca8242f8722af331816d32f06e8f012a8609b113b7a515e30f7ec63a99eeee7e67a5b9f8735e37e6f6583a34d82e11893061c4fa996af83bcb53f80ac653b

Download Submit
C:\Windows\system\IuMBERN.exe

Filesize
6.0MB

MD5
2af20e393f3af524a3a19d59963f7fc2

SHA1
4b77f1ddf0ae7d9084e194e45d2a55a44161bf65

SHA256
a5ae4fa306a34ad7f392b1982779eda3b9c26950cdf14af35e5b793f56852017

SHA512
0f4f5996ed2eb8fe819352fbc038e47036feb9a31e6f52a927bdde83644a9f6eccdf7d9d711e90a8c286649234b53e06c1b02f0c538b61bad9c45fa257ea712b

Download Submit
C:\Windows\system\LUbCQvr.exe

Filesize
6.0MB

MD5
51ffc5834b5d999eb1c2cb207ce2ec50

SHA1
c5a1694ce087af97483cbdcca3da2d8f8de7722b

SHA256
4382364777c6d6d3d00bc538d7fc8c8691c5c31c5d9bbb5e87a91658a2dca5ef

SHA512
d4890cded8d4181bd772d0ac5969add9bbda3bb67060d511f454f49a9feef9463783ed0e0e5814a582dba88234779ca5e4cd14fee102056c234418c23d0ad7a3

Download Submit
C:\Windows\system\LeGSLJC.exe

Filesize
6.0MB

MD5
52aac45347a760097609894cae7589e9

SHA1
74a4db96147153ff6ef01e9caca3281fbae4ec7f

SHA256
d8c6426312c70b7bcb71042285d3ce2b49bdb9690c956cf4401162a4687a70c7

SHA512
3e22d333037d794ac2709f13ecb0dbddc86618c6ca1776411b42ea899b5d5ccdb46bd17c6740f05341bc9465b884b50b5c99b8ba3c66dae3fa66d434f74a5bcd

Download Submit
C:\Windows\system\MsoXtwo.exe

Filesize
6.0MB

MD5
eb349e241b3a4f5464affc99a8e2f96c

SHA1
aaa7cb945d2f54eb5b23f4a66a0858d7274e4586

SHA256
6f8f0316b88ffff7cbd50fcd255d390209f10671fbd0d52efc0175a6884c85cd

SHA512
b0e6cdc916da99d52a45e2084bff29dc020deddee8ff89953702ece18a97acf9267b4fbf1b511d01db79dff5ce27c34a5375183b3dcacd65d47e4acae3c21f17

Download Submit
C:\Windows\system\MukGpOC.exe

Filesize
6.0MB

MD5
8b3fc31bea4742e7cb6b8ae7c82d0acd

SHA1
0fbbd5adf9cd1df96fc1e5ef1069ba75042a1fbb

SHA256
f2a85a538a67d41d4b510743782ca922ddc2977a5c7e4b617f67e58c073c2c36

SHA512
bda7cd58c2975d26a2a2c63fb50eab71723c083b1bad621953c836ac7a8b838a88e992a7e77fa4de7b328fca416a6625ea6f0cb2e545f03ded8c95bc289d8659

Download Submit
C:\Windows\system\OCNTuUy.exe

Filesize
6.0MB

MD5
8714d80b34f04b510936a44b77a92080

SHA1
e344a1f2c055a0784901969cd02466c463d5b75d

SHA256
89b7a7e34ba7867abfe557a044755592a5ce863db103c0386b34d6ce75ca4ce5

SHA512
88fc956c26c8623b7f12e47b7bfe3626f553d0b11928a7f1965906b883c7404b8ad7b1efb9c4578aab55f909426b09529035f61c08cbc916fa055d80a47dac93

Download Submit
C:\Windows\system\OoDPBZW.exe

Filesize
6.0MB

MD5
3e3738eeaf7be791142d1ae21c7b43e3

SHA1
3c9dc0ba2dc9cb69c6cc21f85848fee5a373f2fa

SHA256
f81bba2090441d3f6127fcfe8b50eee2d6db4cd1beb9e694267a7fb35af73492

SHA512
d867d031dac493d292516b2162c523c30e69659cdfce9113a383bf3efd7b45ab833fb477aae98783f45fa5508fa6fa0b1caed3b986668aefd2574e10da6e3f4f

Download Submit
C:\Windows\system\RxWiSwx.exe

Filesize
6.0MB

MD5
2d92021402e31002bd0c2b50ef1ca239

SHA1
6337f35ce20fa0e47ca247bd92ce98180239eb5c

SHA256
79e78ae56cc49130956cd9e24d72519fbef01be158241035c29a120eb897e0e1

SHA512
e80fcd8f182acdbdf1afacb1032faef900645134ac3ebb463a5c72452153b668fa23193293b143c6fa8b101dda1c3388f324f1b07b43fdcbd8d2d35b9b736c75

Download Submit
C:\Windows\system\TwFFDEJ.exe

Filesize
6.0MB

MD5
36408d5b3c6f4e08845f912a64b20c0f

SHA1
d2e88b55bc6076d29c623c92ca0df9d5e2aeb85e

SHA256
aa688163936cc6f0c84b129ad1b2741419c14fbf3937bdc04415c85a77b18c90

SHA512
1e100188fc475c0c5e67cbcdd1963aeef70b1be1d6cdd20a394aaa83826ac43dce171bae26f662bf53e720da40ff56e4a7b8c37eadf6876cba8aa78dd2750323

Download Submit
C:\Windows\system\UDCWJZQ.exe

Filesize
6.0MB

MD5
222978ba8233a62ac9ff1ea95d98db68

SHA1
ad8fff6776ff4f1da9d678e6a44011041f8c5804

SHA256
eb2568442ef340d4625951a4f8fcc672a68b80bbeb6959b88021fef93c1fe8f8

SHA512
8c45f9e4354ede07c258440a3f1ba2376cf2900be44f764041a77347bd7f48bbcbb67cb05cb446c4ac4df95bf6525e21bf009d2645707e77db08efca4421a1f5

Download Submit
C:\Windows\system\UXpdSGo.exe

Filesize
6.0MB

MD5
2dc607011718d4b5ae1281be692629a1

SHA1
953af873b4682f08acb3a86bf6e8f57cd51c4b8d

SHA256
0f1ebdd45d75041e680edceae702974027416b4acdfd27c64c68c56059a83be4

SHA512
b533424a285d330c874b085c89d2f5ebfdbca455794ceeffdcad34851bcbf23aa50362597e23324341153a6aa8211c78b99e7ab7a2cdca66db3068ab482d4445

Download Submit
C:\Windows\system\UlulJot.exe

Filesize
6.0MB

MD5
7f7cfd6b84c1b9a706f57665133a185e

SHA1
7918429e8d08d16bfa99f2d010885712565a5718

SHA256
d896350d724b6e3eeca5da34ad71988b133d89c49e2e291d1931dca274afef5e

SHA512
65f5d879eae95ed6480e7453abc8a16e920e0fdf634d8f430ede3afc6cc09a8904155a5e308c91f95e823d7b638d321a3709fd7c2a925f2631f27a0db24e4368

Download Submit
C:\Windows\system\UxAdkcg.exe

Filesize
6.0MB

MD5
b90d7aad7e86ce499d05027ea64713bf

SHA1
76425fb62b2fa29d190a29cf868e33ca1a009226

SHA256
ce93dd3f565c2339b2e0cde272c4fa7f5d313d6b221dfa74433bc0ccbed2aca3

SHA512
141ff8475d5ffa5608b77cea16b8041fca668ff82b9e60e6dbeccee3191f4375cd473adcea8065c1c308064812397147490653030b2b652af537b0917290c4ab

Download Submit
C:\Windows\system\XoCkXQh.exe

Filesize
6.0MB

MD5
e17185bc7b5be613ba4d71a1dac80c8b

SHA1
cc01236882e1debd6b412bc9f581095bbbde7275

SHA256
6c2411e817be177a216debfec7c1514614b7ffd1b6d6b6d3bd43d077f698fef8

SHA512
c204a85a433924050bd3c1378d352c2fc7847eda3871449e979b91b602cc27b988fa5925d61e589ec0efa385d8a5bb0331b515154ff28267a5e5d4c183ae818e

Download Submit
C:\Windows\system\ZDNgwPA.exe

Filesize
6.0MB

MD5
691dc784e1e9090e24ae1c4d4bcb9729

SHA1
96b15f69b1f1dd4cc29da34ad96791a9ee4efc51

SHA256
299d6458cc38c0de7a7187e9b1f878b1400df593bafbaf871fed35b4025e31f0

SHA512
12619612a7c31476552ee8a3209211a77f5a591a382ad536759c46a2d35fb2fee58506c25ac75475979aedbe267b6348224b367036dc43e40f18087fe1cd0589

Download Submit
C:\Windows\system\bWZomKA.exe

Filesize
6.0MB

MD5
3449b1a5181bb60e419a569fe104ceab

SHA1
880e9971a8abafac06699bd2c57cd5fe5d8e548f

SHA256
d77ba6c10e8da480767ddc92bfaaf7ad3cafcfb0ef3f93192fd53c970dcc6d1e

SHA512
3dd44c1c6bfbf92c34e6b362bfb56c936c190a16cd9ef14b2909c43e15c0a24eb5d8937b1cc36f851d1b157f04f16291045eed6e0f3504af4d6ec9875bdd793c

Download Submit
C:\Windows\system\cEZvIyY.exe

Filesize
6.0MB

MD5
f7dd37d65f6e88d89959d84c2d3090f3

SHA1
4e19cd34b14ecff7d86e151529324649c5519d86

SHA256
567f7962ab3cac68fcb435eb59ce2cde5e542d2d22a2c8c53d44be2fa71ef2b3

SHA512
ce88a5894d2a7772023c0faed6114b3794eddca89b2bb7b6f27a9ad95327b29974340e7b81387061b6a4d82669f8062e162bf7807fd78c9f6d069f6a29eaed57

Download Submit
C:\Windows\system\cXBNCQN.exe

Filesize
6.0MB

MD5
a3bfa10b8c14cf2a2e60b5ff58432b8f

SHA1
8a2b52c3542f307a2ab432a63d35b8837c4b542e

SHA256
b0a1c550dca1634699c6e9f2742b8b4f2f23921646aac222ea5465dfeee494cf

SHA512
4d2eb27afb1f6b808d9e6aa50166b89b38fbdc8744dbddf1e0b0bb5a5542ed6bf98d58339ed521947359c08f7ae2ef824111470a07efeae3237ab52223ae0124

Download Submit
C:\Windows\system\ddKLBTi.exe

Filesize
6.0MB

MD5
b0a4d2843896f62da1a1fd624b20e846

SHA1
a4085436e93f4dd729d4775278c8a7bb01c56dc5

SHA256
43ddc21dbc9f93673b68301ea49c8e1f61776da68ecce314e203628747861c64

SHA512
10e49d3190bd873abd7e5fa0b81d0dbb7a731328d2ee72ebcd42da2071fe952c4ce8573944f190cce6a6fb84c62ba36baf3ee833a05bd43ea370356b37dca941

Download Submit
C:\Windows\system\kaWizML.exe

Filesize
6.0MB

MD5
02d4059c0d55b36f593de265378cbd44

SHA1
997ac62db7fbb2c82ec33b2c6034081889b8e967

SHA256
526585ea2d55f22185ab8e7e36f14f10755bd6034ff4370ee88f71c5e74e914f

SHA512
8253f754526219067082445e46a97ae3481c7b8140f4816ea73089bbfd6e4b967666c0eaf58f150f6309c1849e333f8ba6b6d8a6378a9ad2bd36f45271b20350

Download Submit
C:\Windows\system\kkoyuLl.exe

Filesize
6.0MB

MD5
e56a031a03f1d12d2f9625b1d4bf538d

SHA1
0ef34485ba04af8be2024d09d819f1d28e9628a0

SHA256
61ae14e814b88065151600fbc6b46d4b76ab22054e4388d7ac957f92eaa553c8

SHA512
fe0dd877a6758c664eb6f5f839b8ae1cb025dcd243989b24e6ffc520a9d7977601a4596cfe800620ed66b0b7501a8357f048db38c77217dc10afb4763f7a7194

Download Submit
C:\Windows\system\lQUAarF.exe

Filesize
6.0MB

MD5
0d2e1b8661ee22f3f0621857ce86742b

SHA1
4e1a79ee958bbf2364c5cb43d609e16e80864087

SHA256
58eb18e70388ac8baa2d5328aa769d4e7d9ae6dbac6ae1bea7ebf763279e256c

SHA512
7877e582e7de5c489ebb866f5e4bd1c2aa28fc9c66dfb3fce685982c82b54cba685a2f69e2b803f6a83d39a6313530784f2d53242ee889af5a3338d137365a73

Download Submit
C:\Windows\system\otkjYKN.exe

Filesize
6.0MB

MD5
1bfd3c28429672e36ebfe772d35bd670

SHA1
849f8663e6b5346bac6ea9c95b2c7d9d8ebcbfc7

SHA256
2bf868b15354750ec0122cb38362188d97ff2435dfdb612d175f430505ae3b4f

SHA512
8db1a31f53463c0d5e86646882e27dc63fa90d93f747b1f3aea22fd82da73ab438dd4c68fade76ed475d70d15d972deed517b67a77c249ddfcd62210310d4e9e

Download Submit
C:\Windows\system\uhDtOEy.exe

Filesize
6.0MB

MD5
7180b5fb2de9b9b7daee536dca6a4cfd

SHA1
7970586d3e8e8225906d36cd9aae5d0bf9ee6bb9

SHA256
2dcb78d16dd3769d5f7edc00dbe21686c6704383118e6ca5e98779426673a4f0

SHA512
864caa12ea94df8438ef510108bfee489674eaf7991a3fc3eed0ba38dd7f468a18b6d6190cb6fc946e8173d9b7565be02beec3bbde419268c575576af46d1f8d

Download Submit
C:\Windows\system\wACUmhI.exe

Filesize
6.0MB

MD5
3d4edc8940558476beb12ab5b53e672b

SHA1
38f03ea35bf9eac176b27d4cd140a819a818dfdb

SHA256
eb10018e17d04887f0c5cf8acbb1e77f2f8e421242658d092a6555ceffc70b99

SHA512
873119ae52d18b62b209dad33cc4c626d103511f85631d3f98d01171186ecfb6d9c667adfcb932bb7fd6596d0b7db20aad6c0679cbcc532e0a26ac1b60c1b935

Download Submit
\Windows\system\TdPxsjo.exe

Filesize
6.0MB

MD5
60ecff9a94a04dfddef915fd5f1cfccf

SHA1
a2a28fa95ae95b61abf8e6e2ccb4042288f05bf6

SHA256
b7cd41592b107bb77d26eb9a28132f1729179eabc6eb6e41e1d891b2a5a5c2d2

SHA512
5754baa5e1bb067c82a3b15fce0e3481110cc26f88bedba4b158a0f530cfeee11f4934b6d015fac85b61a30b505b6e1c70fd65241ef430bdc49ba8209492cace

Download Submit
\Windows\system\XvjmzQJ.exe

Filesize
6.0MB

MD5
a9d79b40786e2c7c7db0efd209baffb2

SHA1
c7066eed40900c9f95777726a7f89793185e8ee3

SHA256
c157585a9f2ba040f482aee2db0a6075958bbaf3975d3cfdddfa1beb5caa0702

SHA512
678cebe0c523ff6039e693dd6d8c866fc13b922911cb618a0735e49040c9ee0993d31da983d96e1c88b0139e3e2e1843e7480862dc2a4822c0ff0543b9154234

Download Submit
memory/484-3342-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/484-1694-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3344-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1016-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2556-993-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3338-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1725-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3017-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1422-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2672-994-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2672-0-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1871-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-979-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1901-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-988-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2011-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3014-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1031-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2078-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3018-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2191-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3019-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2254-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3020-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2280-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3043-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2770-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2766-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2786-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2917-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3001-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3005-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3070-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3021-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3026-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2291-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3347-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2279-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3341-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2009-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3334-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3348-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1900-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1870-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3336-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2076-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3349-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3339-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1364-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3350-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2249-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3340-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2183-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download