cobaltstrike | 9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
Size

6.0MB
MD5

26d2fe627f671396bc9aa3033e2c9007
SHA1

0c1d33e3a9bfb4b9f63aacb36d4c3aa1f84aab5d
SHA256

9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c
SHA512

11d9f547d22343c709d7623e3a70b9e9f81a45e0d5a7252ab86da0a12c527fa263b0c05344ca3c59935f1057034de877caea134af656ec447390ba677a0a262a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUx:eOl56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019273-10.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-23.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-34.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-112.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019234-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-83.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194f6-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1732-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x00070000000192f0-18.dat	xmrig
behavioral1/memory/1744-22-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2236-19-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019273-10.dat	xmrig
behavioral1/files/0x000600000001932a-23.dat	xmrig
behavioral1/memory/3000-30-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000600000001933e-34.dat	xmrig
behavioral1/memory/2312-36-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-57.dat	xmrig
behavioral1/memory/2748-90-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a455-97.dat	xmrig
behavioral1/files/0x000500000001a486-122.dat	xmrig
behavioral1/files/0x000500000001a4a2-142.dat	xmrig
behavioral1/files/0x000500000001a4aa-152.dat	xmrig
behavioral1/files/0x000500000001a4b7-173.dat	xmrig
behavioral1/files/0x000500000001a4b3-187.dat	xmrig
behavioral1/files/0x000500000001a4af-186.dat	xmrig
behavioral1/files/0x000500000001a4b9-184.dat	xmrig
behavioral1/files/0x000500000001a4b5-182.dat	xmrig
behavioral1/files/0x000500000001a4b1-180.dat	xmrig
behavioral1/files/0x000500000001a4bb-179.dat	xmrig
behavioral1/files/0x000500000001a4ac-158.dat	xmrig
behavioral1/files/0x000500000001a4a8-148.dat	xmrig
behavioral1/memory/2904-190-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a0-138.dat	xmrig
behavioral1/files/0x000500000001a497-132.dat	xmrig
behavioral1/files/0x000500000001a48a-127.dat	xmrig
behavioral1/files/0x000500000001a478-117.dat	xmrig
behavioral1/files/0x000500000001a477-112.dat	xmrig
behavioral1/memory/2888-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2808-102-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2360-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2312-99-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2908-191-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000019234-105.dat	xmrig
behavioral1/memory/2688-92-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-83.dat	xmrig
behavioral1/memory/2908-82-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1744-81-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2748-192-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2904-80-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2844-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194f6-76.dat	xmrig
behavioral1/memory/2236-75-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2620-72-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-71.dat	xmrig
behavioral1/memory/1732-60-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/3000-89-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-86.dat	xmrig
behavioral1/memory/1732-52-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41a-64.dat	xmrig
behavioral1/files/0x0006000000019346-38.dat	xmrig
behavioral1/memory/2888-47-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2808-46-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019384-45.dat	xmrig
behavioral1/memory/2000-9-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2904-4052-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2312-4058-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2360-4057-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2844-4056-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2888-4063-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/3000-4062-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2000	jdDvOTz.exe
2236	UtFAbdJ.exe
1744	gQlDPQw.exe
3000	Xucspsn.exe
2312	vgFZjhO.exe
2808	DRqzLVO.exe
2888	KdLEyOM.exe
2620	EWPVYvJ.exe
2844	WbyrfcE.exe
2904	PKWJfVC.exe
2908	MXCoSJw.exe
2748	xImhbcE.exe
2688	FmqqYaV.exe
2360	azfJpKE.exe
1464	eYtuhRC.exe
2672	QhTiNHz.exe
2712	CtUzaJT.exe
696	ZykiTZc.exe
1292	MSYdfZs.exe
1712	PdMyVdh.exe
592	JszwWFP.exe
636	lXeLroH.exe
2936	vJVSiyK.exe
1248	HwLlTOX.exe
1048	nYJONXU.exe
2416	rKWzUou.exe
3024	KYjHLmJ.exe
1920	cBEFDaw.exe
1908	pyBzNAh.exe
2652	KmHyfqk.exe
3040	TaSeRGz.exe
1612	pfBszPu.exe
1768	qOXAlgD.exe
1688	pwHdXBk.exe
868	soBCMvA.exe
2080	LghqAmr.exe
1660	TbZUnyU.exe
1912	VKfEoRc.exe
2208	scWifdI.exe
2524	RqrIRQV.exe
1932	IcjysYH.exe
2856	ZkZJJEZ.exe
2408	LwhUlOg.exe
2156	eflogPz.exe
1156	AImViVQ.exe
884	LZqftiX.exe
2540	obEWKgi.exe
2300	qbbugNe.exe
2008	JCiNxnJ.exe
3004	jzsVOHq.exe
2820	AUmgdso.exe
2188	ZueuDmQ.exe
1708	DEIhVuq.exe
2696	lECVjKf.exe
2356	bryoeWo.exe
1316	knESrGw.exe
2900	UYSBXEj.exe
2868	pbeMADM.exe
776	sZiHdeN.exe
352	HWBXNQk.exe
2220	yzQvWxY.exe
1252	oqaeXJA.exe
1860	tfhdmbB.exe
2024	HWowoaS.exe

Loads dropped DLL 64 IoCs

pid	Process
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1732-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x00070000000192f0-18.dat	upx
behavioral1/memory/1744-22-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2236-19-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000019273-10.dat	upx
behavioral1/files/0x000600000001932a-23.dat	upx
behavioral1/memory/3000-30-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000600000001933e-34.dat	upx
behavioral1/memory/2312-36-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000500000001a41b-57.dat	upx
behavioral1/memory/2748-90-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x000500000001a455-97.dat	upx
behavioral1/files/0x000500000001a486-122.dat	upx
behavioral1/files/0x000500000001a4a2-142.dat	upx
behavioral1/files/0x000500000001a4aa-152.dat	upx
behavioral1/files/0x000500000001a4b7-173.dat	upx
behavioral1/files/0x000500000001a4b3-187.dat	upx
behavioral1/files/0x000500000001a4af-186.dat	upx
behavioral1/files/0x000500000001a4b9-184.dat	upx
behavioral1/files/0x000500000001a4b5-182.dat	upx
behavioral1/files/0x000500000001a4b1-180.dat	upx
behavioral1/files/0x000500000001a4bb-179.dat	upx
behavioral1/files/0x000500000001a4ac-158.dat	upx
behavioral1/files/0x000500000001a4a8-148.dat	upx
behavioral1/memory/2904-190-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x000500000001a4a0-138.dat	upx
behavioral1/files/0x000500000001a497-132.dat	upx
behavioral1/files/0x000500000001a48a-127.dat	upx
behavioral1/files/0x000500000001a478-117.dat	upx
behavioral1/files/0x000500000001a477-112.dat	upx
behavioral1/memory/2888-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2808-102-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2360-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2312-99-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2908-191-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0008000000019234-105.dat	upx
behavioral1/memory/2688-92-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-83.dat	upx
behavioral1/memory/2908-82-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1744-81-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2748-192-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2904-80-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2844-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x00060000000194f6-76.dat	upx
behavioral1/memory/2236-75-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2620-72-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-71.dat	upx
behavioral1/memory/3000-89-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-86.dat	upx
behavioral1/memory/1732-52-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000500000001a41a-64.dat	upx
behavioral1/files/0x0006000000019346-38.dat	upx
behavioral1/memory/2888-47-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2808-46-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0006000000019384-45.dat	upx
behavioral1/memory/2000-9-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2904-4052-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2312-4058-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2360-4057-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2844-4056-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2888-4063-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/3000-4062-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2000-4061-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HuSBkXG.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\prkAJsg.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\HWowoaS.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\JorAmwn.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\imnMwQq.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\wTGVpWu.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\bLAVaRk.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\UWpejFM.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\nnUmIsk.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\XrOILSA.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\tRaAzcS.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\BRXtDmq.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\AUmgdso.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\vrRDXiS.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\JqdYtMx.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\iQOpqbV.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\zWPARMc.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\fSnKvBu.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\cSVhZEz.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\oiJrMfP.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\zssVxua.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\GiMnblh.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\gTCheTo.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\lBobxus.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\FHPwgad.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\DVtpsPN.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\IcjysYH.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\CHpPhFE.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\JUlQSQx.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\qOIDaFK.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\GwGrnEG.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\DOroJmq.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\kiekBQa.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\cDNrpPE.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\lKHlReA.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\yxKFxal.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\UyrhnmT.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\SmbhPyp.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\iTiQGHY.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\zjuKhQB.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\gDRiDDQ.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\aPLVswD.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\KvwmLAE.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\tfhdmbB.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\dcAIiuG.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\MgRHnJv.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\UYYYEok.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\AXZCnrh.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\iivrhkL.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\NeagfUt.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\LCLggtI.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\fNKasyV.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\TdnIHIB.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\WjPMmAq.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\kdHKhYq.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\BrCJzDd.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\KWHjGLs.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\kIRvDPK.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\DRqzLVO.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\AwaeGIo.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\nsUEYdb.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\BaQDQhl.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\PeETLoc.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
File created	C:\Windows\System\SwfiDRr.exe	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	31
PID 1732 wrote to memory of 2000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	31
PID 1732 wrote to memory of 2000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	31
PID 1732 wrote to memory of 2236	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	32
PID 1732 wrote to memory of 2236	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	32
PID 1732 wrote to memory of 2236	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	32
PID 1732 wrote to memory of 1744	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	33
PID 1732 wrote to memory of 1744	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	33
PID 1732 wrote to memory of 1744	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	33
PID 1732 wrote to memory of 3000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	34
PID 1732 wrote to memory of 3000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	34
PID 1732 wrote to memory of 3000	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	34
PID 1732 wrote to memory of 2312	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	35
PID 1732 wrote to memory of 2312	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	35
PID 1732 wrote to memory of 2312	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	35
PID 1732 wrote to memory of 2808	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	36
PID 1732 wrote to memory of 2808	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	36
PID 1732 wrote to memory of 2808	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	36
PID 1732 wrote to memory of 2888	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	37
PID 1732 wrote to memory of 2888	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	37
PID 1732 wrote to memory of 2888	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	37
PID 1732 wrote to memory of 2904	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	38
PID 1732 wrote to memory of 2904	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	38
PID 1732 wrote to memory of 2904	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	38
PID 1732 wrote to memory of 2620	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	39
PID 1732 wrote to memory of 2620	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	39
PID 1732 wrote to memory of 2620	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	39
PID 1732 wrote to memory of 2908	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	40
PID 1732 wrote to memory of 2908	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	40
PID 1732 wrote to memory of 2908	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	40
PID 1732 wrote to memory of 2844	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	41
PID 1732 wrote to memory of 2844	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	41
PID 1732 wrote to memory of 2844	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	41
PID 1732 wrote to memory of 2748	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	42
PID 1732 wrote to memory of 2748	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	42
PID 1732 wrote to memory of 2748	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	42
PID 1732 wrote to memory of 2688	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	43
PID 1732 wrote to memory of 2688	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	43
PID 1732 wrote to memory of 2688	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	43
PID 1732 wrote to memory of 2360	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	44
PID 1732 wrote to memory of 2360	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	44
PID 1732 wrote to memory of 2360	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	44
PID 1732 wrote to memory of 1464	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	45
PID 1732 wrote to memory of 1464	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	45
PID 1732 wrote to memory of 1464	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	45
PID 1732 wrote to memory of 2672	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	46
PID 1732 wrote to memory of 2672	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	46
PID 1732 wrote to memory of 2672	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	46
PID 1732 wrote to memory of 2712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	47
PID 1732 wrote to memory of 2712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	47
PID 1732 wrote to memory of 2712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	47
PID 1732 wrote to memory of 696	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	48
PID 1732 wrote to memory of 696	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	48
PID 1732 wrote to memory of 696	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	48
PID 1732 wrote to memory of 1292	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	49
PID 1732 wrote to memory of 1292	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	49
PID 1732 wrote to memory of 1292	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	49
PID 1732 wrote to memory of 1712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	50
PID 1732 wrote to memory of 1712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	50
PID 1732 wrote to memory of 1712	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	50
PID 1732 wrote to memory of 592	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	51
PID 1732 wrote to memory of 592	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	51
PID 1732 wrote to memory of 592	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	51
PID 1732 wrote to memory of 636	1732	JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c6b75e3f0262ff0da248d147f2c13068cafd80c5c835ad5d78355440357765c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\System\jdDvOTz.exe
  C:\Windows\System\jdDvOTz.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\UtFAbdJ.exe
  C:\Windows\System\UtFAbdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\gQlDPQw.exe
  C:\Windows\System\gQlDPQw.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\Xucspsn.exe
  C:\Windows\System\Xucspsn.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\vgFZjhO.exe
  C:\Windows\System\vgFZjhO.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\DRqzLVO.exe
  C:\Windows\System\DRqzLVO.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\KdLEyOM.exe
  C:\Windows\System\KdLEyOM.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\PKWJfVC.exe
  C:\Windows\System\PKWJfVC.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EWPVYvJ.exe
  C:\Windows\System\EWPVYvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\MXCoSJw.exe
  C:\Windows\System\MXCoSJw.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WbyrfcE.exe
  C:\Windows\System\WbyrfcE.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\xImhbcE.exe
  C:\Windows\System\xImhbcE.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\FmqqYaV.exe
  C:\Windows\System\FmqqYaV.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\azfJpKE.exe
  C:\Windows\System\azfJpKE.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\eYtuhRC.exe
  C:\Windows\System\eYtuhRC.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\QhTiNHz.exe
  C:\Windows\System\QhTiNHz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\CtUzaJT.exe
  C:\Windows\System\CtUzaJT.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ZykiTZc.exe
  C:\Windows\System\ZykiTZc.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\MSYdfZs.exe
  C:\Windows\System\MSYdfZs.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\PdMyVdh.exe
  C:\Windows\System\PdMyVdh.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\JszwWFP.exe
  C:\Windows\System\JszwWFP.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\lXeLroH.exe
  C:\Windows\System\lXeLroH.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\vJVSiyK.exe
  C:\Windows\System\vJVSiyK.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\HwLlTOX.exe
  C:\Windows\System\HwLlTOX.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\nYJONXU.exe
  C:\Windows\System\nYJONXU.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\pyBzNAh.exe
  C:\Windows\System\pyBzNAh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\rKWzUou.exe
  C:\Windows\System\rKWzUou.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\KmHyfqk.exe
  C:\Windows\System\KmHyfqk.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\KYjHLmJ.exe
  C:\Windows\System\KYjHLmJ.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\TaSeRGz.exe
  C:\Windows\System\TaSeRGz.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\cBEFDaw.exe
  C:\Windows\System\cBEFDaw.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\pfBszPu.exe
  C:\Windows\System\pfBszPu.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qOXAlgD.exe
  C:\Windows\System\qOXAlgD.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\LghqAmr.exe
  C:\Windows\System\LghqAmr.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\pwHdXBk.exe
  C:\Windows\System\pwHdXBk.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\TbZUnyU.exe
  C:\Windows\System\TbZUnyU.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\soBCMvA.exe
  C:\Windows\System\soBCMvA.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\IcjysYH.exe
  C:\Windows\System\IcjysYH.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\VKfEoRc.exe
  C:\Windows\System\VKfEoRc.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ZkZJJEZ.exe
  C:\Windows\System\ZkZJJEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\scWifdI.exe
  C:\Windows\System\scWifdI.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\eflogPz.exe
  C:\Windows\System\eflogPz.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\RqrIRQV.exe
  C:\Windows\System\RqrIRQV.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\AImViVQ.exe
  C:\Windows\System\AImViVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\LwhUlOg.exe
  C:\Windows\System\LwhUlOg.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\obEWKgi.exe
  C:\Windows\System\obEWKgi.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\LZqftiX.exe
  C:\Windows\System\LZqftiX.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ZueuDmQ.exe
  C:\Windows\System\ZueuDmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\qbbugNe.exe
  C:\Windows\System\qbbugNe.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\DEIhVuq.exe
  C:\Windows\System\DEIhVuq.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JCiNxnJ.exe
  C:\Windows\System\JCiNxnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\lECVjKf.exe
  C:\Windows\System\lECVjKf.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\jzsVOHq.exe
  C:\Windows\System\jzsVOHq.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\bryoeWo.exe
  C:\Windows\System\bryoeWo.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\AUmgdso.exe
  C:\Windows\System\AUmgdso.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UYSBXEj.exe
  C:\Windows\System\UYSBXEj.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\knESrGw.exe
  C:\Windows\System\knESrGw.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\HWBXNQk.exe
  C:\Windows\System\HWBXNQk.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\pbeMADM.exe
  C:\Windows\System\pbeMADM.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DzrFioo.exe
  C:\Windows\System\DzrFioo.exe
  2⤵
  PID:2520
- C:\Windows\System\sZiHdeN.exe
  C:\Windows\System\sZiHdeN.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\JUCRtHT.exe
  C:\Windows\System\JUCRtHT.exe
  2⤵
  PID:2864
- C:\Windows\System\yzQvWxY.exe
  C:\Windows\System\yzQvWxY.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ezJEcSV.exe
  C:\Windows\System\ezJEcSV.exe
  2⤵
  PID:1940
- C:\Windows\System\oqaeXJA.exe
  C:\Windows\System\oqaeXJA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\pOVjwoS.exe
  C:\Windows\System\pOVjwoS.exe
  2⤵
  PID:1344
- C:\Windows\System\tfhdmbB.exe
  C:\Windows\System\tfhdmbB.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\CPrgneG.exe
  C:\Windows\System\CPrgneG.exe
  2⤵
  PID:448
- C:\Windows\System\HWowoaS.exe
  C:\Windows\System\HWowoaS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\zTMOTld.exe
  C:\Windows\System\zTMOTld.exe
  2⤵
  PID:3064
- C:\Windows\System\VrJnwdH.exe
  C:\Windows\System\VrJnwdH.exe
  2⤵
  PID:2116
- C:\Windows\System\XOKFFZH.exe
  C:\Windows\System\XOKFFZH.exe
  2⤵
  PID:2760
- C:\Windows\System\ckFXqnt.exe
  C:\Windows\System\ckFXqnt.exe
  2⤵
  PID:2756
- C:\Windows\System\hVagTzI.exe
  C:\Windows\System\hVagTzI.exe
  2⤵
  PID:1412
- C:\Windows\System\aDKLvZC.exe
  C:\Windows\System\aDKLvZC.exe
  2⤵
  PID:2676
- C:\Windows\System\oYeLDLE.exe
  C:\Windows\System\oYeLDLE.exe
  2⤵
  PID:2836
- C:\Windows\System\xlZptgN.exe
  C:\Windows\System\xlZptgN.exe
  2⤵
  PID:1424
- C:\Windows\System\rzDFAGZ.exe
  C:\Windows\System\rzDFAGZ.exe
  2⤵
  PID:2932
- C:\Windows\System\ZIUayAn.exe
  C:\Windows\System\ZIUayAn.exe
  2⤵
  PID:2704
- C:\Windows\System\lXqlinz.exe
  C:\Windows\System\lXqlinz.exe
  2⤵
  PID:2740
- C:\Windows\System\LzYAbud.exe
  C:\Windows\System\LzYAbud.exe
  2⤵
  PID:2240
- C:\Windows\System\OuWBleW.exe
  C:\Windows\System\OuWBleW.exe
  2⤵
  PID:544
- C:\Windows\System\DXLdNcd.exe
  C:\Windows\System\DXLdNcd.exe
  2⤵
  PID:1916
- C:\Windows\System\wJJeJpI.exe
  C:\Windows\System\wJJeJpI.exe
  2⤵
  PID:1788
- C:\Windows\System\AJyebXw.exe
  C:\Windows\System\AJyebXw.exe
  2⤵
  PID:1620
- C:\Windows\System\IJonrbb.exe
  C:\Windows\System\IJonrbb.exe
  2⤵
  PID:2264
- C:\Windows\System\KYIjZZn.exe
  C:\Windows\System\KYIjZZn.exe
  2⤵
  PID:2284
- C:\Windows\System\LXFNqQL.exe
  C:\Windows\System\LXFNqQL.exe
  2⤵
  PID:2196
- C:\Windows\System\zAReoPr.exe
  C:\Windows\System\zAReoPr.exe
  2⤵
  PID:2972
- C:\Windows\System\IgvYQcA.exe
  C:\Windows\System\IgvYQcA.exe
  2⤵
  PID:2248
- C:\Windows\System\IfkwRJD.exe
  C:\Windows\System\IfkwRJD.exe
  2⤵
  PID:1804
- C:\Windows\System\DVUaVSC.exe
  C:\Windows\System\DVUaVSC.exe
  2⤵
  PID:2852
- C:\Windows\System\DiTyxqL.exe
  C:\Windows\System\DiTyxqL.exe
  2⤵
  PID:1644
- C:\Windows\System\dcAIiuG.exe
  C:\Windows\System\dcAIiuG.exe
  2⤵
  PID:2616
- C:\Windows\System\ipIZsfa.exe
  C:\Windows\System\ipIZsfa.exe
  2⤵
  PID:1468
- C:\Windows\System\FcQSQAb.exe
  C:\Windows\System\FcQSQAb.exe
  2⤵
  PID:1536
- C:\Windows\System\lfqUobw.exe
  C:\Windows\System\lfqUobw.exe
  2⤵
  PID:1848
- C:\Windows\System\feGGprR.exe
  C:\Windows\System\feGGprR.exe
  2⤵
  PID:2448
- C:\Windows\System\JtbhRyz.exe
  C:\Windows\System\JtbhRyz.exe
  2⤵
  PID:1796
- C:\Windows\System\QMUJDNo.exe
  C:\Windows\System\QMUJDNo.exe
  2⤵
  PID:704
- C:\Windows\System\LOfBHwc.exe
  C:\Windows\System\LOfBHwc.exe
  2⤵
  PID:1528
- C:\Windows\System\EdAemQn.exe
  C:\Windows\System\EdAemQn.exe
  2⤵
  PID:1348
- C:\Windows\System\SmbhPyp.exe
  C:\Windows\System\SmbhPyp.exe
  2⤵
  PID:2484
- C:\Windows\System\nYJSLug.exe
  C:\Windows\System\nYJSLug.exe
  2⤵
  PID:2724
- C:\Windows\System\PMKqdgH.exe
  C:\Windows\System\PMKqdgH.exe
  2⤵
  PID:2872
- C:\Windows\System\dkcUOlf.exe
  C:\Windows\System\dkcUOlf.exe
  2⤵
  PID:792
- C:\Windows\System\lqGTaaj.exe
  C:\Windows\System\lqGTaaj.exe
  2⤵
  PID:2600
- C:\Windows\System\vTMlOnr.exe
  C:\Windows\System\vTMlOnr.exe
  2⤵
  PID:912
- C:\Windows\System\CAVFVvG.exe
  C:\Windows\System\CAVFVvG.exe
  2⤵
  PID:1588
- C:\Windows\System\FJqBqnK.exe
  C:\Windows\System\FJqBqnK.exe
  2⤵
  PID:1232
- C:\Windows\System\glJjoNs.exe
  C:\Windows\System\glJjoNs.exe
  2⤵
  PID:2780
- C:\Windows\System\drkgdTd.exe
  C:\Windows\System\drkgdTd.exe
  2⤵
  PID:1608
- C:\Windows\System\MlnDvwl.exe
  C:\Windows\System\MlnDvwl.exe
  2⤵
  PID:580
- C:\Windows\System\ORrZaOi.exe
  C:\Windows\System\ORrZaOi.exe
  2⤵
  PID:320
- C:\Windows\System\ztCbigc.exe
  C:\Windows\System\ztCbigc.exe
  2⤵
  PID:2612
- C:\Windows\System\fUXFZPr.exe
  C:\Windows\System\fUXFZPr.exe
  2⤵
  PID:532
- C:\Windows\System\drmnERH.exe
  C:\Windows\System\drmnERH.exe
  2⤵
  PID:1944
- C:\Windows\System\XqkBhCV.exe
  C:\Windows\System\XqkBhCV.exe
  2⤵
  PID:316
- C:\Windows\System\KSgQtuc.exe
  C:\Windows\System\KSgQtuc.exe
  2⤵
  PID:956
- C:\Windows\System\eYAKxYE.exe
  C:\Windows\System\eYAKxYE.exe
  2⤵
  PID:2392
- C:\Windows\System\oAikipt.exe
  C:\Windows\System\oAikipt.exe
  2⤵
  PID:2268
- C:\Windows\System\LMmbtRL.exe
  C:\Windows\System\LMmbtRL.exe
  2⤵
  PID:2500
- C:\Windows\System\zPccXAd.exe
  C:\Windows\System\zPccXAd.exe
  2⤵
  PID:2480
- C:\Windows\System\SMmIgDx.exe
  C:\Windows\System\SMmIgDx.exe
  2⤵
  PID:1780
- C:\Windows\System\ngXXitN.exe
  C:\Windows\System\ngXXitN.exe
  2⤵
  PID:2028
- C:\Windows\System\SsJLubJ.exe
  C:\Windows\System\SsJLubJ.exe
  2⤵
  PID:2692
- C:\Windows\System\JorAmwn.exe
  C:\Windows\System\JorAmwn.exe
  2⤵
  PID:1752
- C:\Windows\System\KOHBGHC.exe
  C:\Windows\System\KOHBGHC.exe
  2⤵
  PID:2212
- C:\Windows\System\ETtOERK.exe
  C:\Windows\System\ETtOERK.exe
  2⤵
  PID:1704
- C:\Windows\System\DkbFkHe.exe
  C:\Windows\System\DkbFkHe.exe
  2⤵
  PID:2224
- C:\Windows\System\HpGzwmq.exe
  C:\Windows\System\HpGzwmq.exe
  2⤵
  PID:800
- C:\Windows\System\QIlRWuy.exe
  C:\Windows\System\QIlRWuy.exe
  2⤵
  PID:1684
- C:\Windows\System\vnJLEDB.exe
  C:\Windows\System\vnJLEDB.exe
  2⤵
  PID:2440
- C:\Windows\System\RQFuwCd.exe
  C:\Windows\System\RQFuwCd.exe
  2⤵
  PID:1416
- C:\Windows\System\aUrrfSL.exe
  C:\Windows\System\aUrrfSL.exe
  2⤵
  PID:3084
- C:\Windows\System\oHHwqlg.exe
  C:\Windows\System\oHHwqlg.exe
  2⤵
  PID:3100
- C:\Windows\System\KBLWcEr.exe
  C:\Windows\System\KBLWcEr.exe
  2⤵
  PID:3116
- C:\Windows\System\MNbrCRY.exe
  C:\Windows\System\MNbrCRY.exe
  2⤵
  PID:3148
- C:\Windows\System\mushFaU.exe
  C:\Windows\System\mushFaU.exe
  2⤵
  PID:3184
- C:\Windows\System\TtMOjxS.exe
  C:\Windows\System\TtMOjxS.exe
  2⤵
  PID:3204
- C:\Windows\System\TtmgwCc.exe
  C:\Windows\System\TtmgwCc.exe
  2⤵
  PID:3256
- C:\Windows\System\egqrZYk.exe
  C:\Windows\System\egqrZYk.exe
  2⤵
  PID:3272
- C:\Windows\System\XITmcwp.exe
  C:\Windows\System\XITmcwp.exe
  2⤵
  PID:3288
- C:\Windows\System\yPfvBUg.exe
  C:\Windows\System\yPfvBUg.exe
  2⤵
  PID:3304
- C:\Windows\System\ueHRBeU.exe
  C:\Windows\System\ueHRBeU.exe
  2⤵
  PID:3320
- C:\Windows\System\AQlqtUY.exe
  C:\Windows\System\AQlqtUY.exe
  2⤵
  PID:3336
- C:\Windows\System\YGvpNHO.exe
  C:\Windows\System\YGvpNHO.exe
  2⤵
  PID:3352
- C:\Windows\System\wFGCmKQ.exe
  C:\Windows\System\wFGCmKQ.exe
  2⤵
  PID:3368
- C:\Windows\System\XInnzdo.exe
  C:\Windows\System\XInnzdo.exe
  2⤵
  PID:3384
- C:\Windows\System\KMyJEFJ.exe
  C:\Windows\System\KMyJEFJ.exe
  2⤵
  PID:3400
- C:\Windows\System\zssVxua.exe
  C:\Windows\System\zssVxua.exe
  2⤵
  PID:3416
- C:\Windows\System\MfMnEGy.exe
  C:\Windows\System\MfMnEGy.exe
  2⤵
  PID:3436
- C:\Windows\System\GfprDtH.exe
  C:\Windows\System\GfprDtH.exe
  2⤵
  PID:3452
- C:\Windows\System\HhnwNxu.exe
  C:\Windows\System\HhnwNxu.exe
  2⤵
  PID:3472
- C:\Windows\System\CHpPhFE.exe
  C:\Windows\System\CHpPhFE.exe
  2⤵
  PID:3488
- C:\Windows\System\JkJTvUu.exe
  C:\Windows\System\JkJTvUu.exe
  2⤵
  PID:3516
- C:\Windows\System\ZmFJViN.exe
  C:\Windows\System\ZmFJViN.exe
  2⤵
  PID:3540
- C:\Windows\System\NTFIMdo.exe
  C:\Windows\System\NTFIMdo.exe
  2⤵
  PID:3564
- C:\Windows\System\jeDPaTZ.exe
  C:\Windows\System\jeDPaTZ.exe
  2⤵
  PID:3584
- C:\Windows\System\RvZLbSl.exe
  C:\Windows\System\RvZLbSl.exe
  2⤵
  PID:3600
- C:\Windows\System\uoAlsMM.exe
  C:\Windows\System\uoAlsMM.exe
  2⤵
  PID:3624
- C:\Windows\System\XpNSAgb.exe
  C:\Windows\System\XpNSAgb.exe
  2⤵
  PID:3640
- C:\Windows\System\xENwGjK.exe
  C:\Windows\System\xENwGjK.exe
  2⤵
  PID:3668
- C:\Windows\System\fNKasyV.exe
  C:\Windows\System\fNKasyV.exe
  2⤵
  PID:3684
- C:\Windows\System\gFymYtz.exe
  C:\Windows\System\gFymYtz.exe
  2⤵
  PID:3700
- C:\Windows\System\cDNrpPE.exe
  C:\Windows\System\cDNrpPE.exe
  2⤵
  PID:3720
- C:\Windows\System\nSKoNeg.exe
  C:\Windows\System\nSKoNeg.exe
  2⤵
  PID:3740
- C:\Windows\System\eigePML.exe
  C:\Windows\System\eigePML.exe
  2⤵
  PID:3756
- C:\Windows\System\VnKDvUg.exe
  C:\Windows\System\VnKDvUg.exe
  2⤵
  PID:3776
- C:\Windows\System\LDkHDPK.exe
  C:\Windows\System\LDkHDPK.exe
  2⤵
  PID:3796
- C:\Windows\System\CoqpKPZ.exe
  C:\Windows\System\CoqpKPZ.exe
  2⤵
  PID:3852
- C:\Windows\System\QagaDsQ.exe
  C:\Windows\System\QagaDsQ.exe
  2⤵
  PID:3868
- C:\Windows\System\SdndfTX.exe
  C:\Windows\System\SdndfTX.exe
  2⤵
  PID:3884
- C:\Windows\System\MsDajow.exe
  C:\Windows\System\MsDajow.exe
  2⤵
  PID:3900
- C:\Windows\System\rtTggnv.exe
  C:\Windows\System\rtTggnv.exe
  2⤵
  PID:3916
- C:\Windows\System\XPDiyrp.exe
  C:\Windows\System\XPDiyrp.exe
  2⤵
  PID:3932
- C:\Windows\System\lYiWnhu.exe
  C:\Windows\System\lYiWnhu.exe
  2⤵
  PID:3948
- C:\Windows\System\OQrciBO.exe
  C:\Windows\System\OQrciBO.exe
  2⤵
  PID:3964
- C:\Windows\System\OVrMKGv.exe
  C:\Windows\System\OVrMKGv.exe
  2⤵
  PID:3980
- C:\Windows\System\EosecuI.exe
  C:\Windows\System\EosecuI.exe
  2⤵
  PID:3996
- C:\Windows\System\VZKjRPn.exe
  C:\Windows\System\VZKjRPn.exe
  2⤵
  PID:4012
- C:\Windows\System\aUqXgQz.exe
  C:\Windows\System\aUqXgQz.exe
  2⤵
  PID:4028
- C:\Windows\System\nPJEFOS.exe
  C:\Windows\System\nPJEFOS.exe
  2⤵
  PID:4048
- C:\Windows\System\GiMnblh.exe
  C:\Windows\System\GiMnblh.exe
  2⤵
  PID:4068
- C:\Windows\System\KePsybw.exe
  C:\Windows\System\KePsybw.exe
  2⤵
  PID:4088
- C:\Windows\System\SXkbbSS.exe
  C:\Windows\System\SXkbbSS.exe
  2⤵
  PID:2720
- C:\Windows\System\ZGHPAUJ.exe
  C:\Windows\System\ZGHPAUJ.exe
  2⤵
  PID:676
- C:\Windows\System\cdEwuoQ.exe
  C:\Windows\System\cdEwuoQ.exe
  2⤵
  PID:2928
- C:\Windows\System\jBSzdXk.exe
  C:\Windows\System\jBSzdXk.exe
  2⤵
  PID:3092
- C:\Windows\System\Khkpkdl.exe
  C:\Windows\System\Khkpkdl.exe
  2⤵
  PID:3128
- C:\Windows\System\sNruZYf.exe
  C:\Windows\System\sNruZYf.exe
  2⤵
  PID:2040
- C:\Windows\System\SwfiDRr.exe
  C:\Windows\System\SwfiDRr.exe
  2⤵
  PID:2336
- C:\Windows\System\OdzwSrm.exe
  C:\Windows\System\OdzwSrm.exe
  2⤵
  PID:3196
- C:\Windows\System\RlfGfSe.exe
  C:\Windows\System\RlfGfSe.exe
  2⤵
  PID:1736
- C:\Windows\System\qlYwYqT.exe
  C:\Windows\System\qlYwYqT.exe
  2⤵
  PID:3112
- C:\Windows\System\ZxyHVVI.exe
  C:\Windows\System\ZxyHVVI.exe
  2⤵
  PID:3168
- C:\Windows\System\TdnIHIB.exe
  C:\Windows\System\TdnIHIB.exe
  2⤵
  PID:3212
- C:\Windows\System\pmFUJWX.exe
  C:\Windows\System\pmFUJWX.exe
  2⤵
  PID:3376
- C:\Windows\System\tSYMioV.exe
  C:\Windows\System\tSYMioV.exe
  2⤵
  PID:3444
- C:\Windows\System\KSrOyeZ.exe
  C:\Windows\System\KSrOyeZ.exe
  2⤵
  PID:3392
- C:\Windows\System\TvJOzku.exe
  C:\Windows\System\TvJOzku.exe
  2⤵
  PID:3468
- C:\Windows\System\HQmmobf.exe
  C:\Windows\System\HQmmobf.exe
  2⤵
  PID:1520
- C:\Windows\System\YzMzykO.exe
  C:\Windows\System\YzMzykO.exe
  2⤵
  PID:3548
- C:\Windows\System\bmrCFgV.exe
  C:\Windows\System\bmrCFgV.exe
  2⤵
  PID:3632
- C:\Windows\System\wUwZaFX.exe
  C:\Windows\System\wUwZaFX.exe
  2⤵
  PID:3676
- C:\Windows\System\NNBCWgN.exe
  C:\Windows\System\NNBCWgN.exe
  2⤵
  PID:3716
- C:\Windows\System\zEdLWqI.exe
  C:\Windows\System\zEdLWqI.exe
  2⤵
  PID:3788
- C:\Windows\System\MKpIMQU.exe
  C:\Windows\System\MKpIMQU.exe
  2⤵
  PID:3524
- C:\Windows\System\IMHAHwe.exe
  C:\Windows\System\IMHAHwe.exe
  2⤵
  PID:3572
- C:\Windows\System\SAiDBhq.exe
  C:\Windows\System\SAiDBhq.exe
  2⤵
  PID:3616
- C:\Windows\System\VsJnwzS.exe
  C:\Windows\System\VsJnwzS.exe
  2⤵
  PID:3924
- C:\Windows\System\ShPLbyG.exe
  C:\Windows\System\ShPLbyG.exe
  2⤵
  PID:3656
- C:\Windows\System\PJijpvE.exe
  C:\Windows\System\PJijpvE.exe
  2⤵
  PID:3696
- C:\Windows\System\uuEMhws.exe
  C:\Windows\System\uuEMhws.exe
  2⤵
  PID:3992
- C:\Windows\System\rMLZdWv.exe
  C:\Windows\System\rMLZdWv.exe
  2⤵
  PID:3864
- C:\Windows\System\mCExNgg.exe
  C:\Windows\System\mCExNgg.exe
  2⤵
  PID:1540
- C:\Windows\System\UvIxvJF.exe
  C:\Windows\System\UvIxvJF.exe
  2⤵
  PID:2668
- C:\Windows\System\goJokSR.exe
  C:\Windows\System\goJokSR.exe
  2⤵
  PID:332
- C:\Windows\System\MYPmoaR.exe
  C:\Windows\System\MYPmoaR.exe
  2⤵
  PID:3160
- C:\Windows\System\LXhxxUs.exe
  C:\Windows\System\LXhxxUs.exe
  2⤵
  PID:3908
- C:\Windows\System\TgpezbC.exe
  C:\Windows\System\TgpezbC.exe
  2⤵
  PID:3216
- C:\Windows\System\EuGyemi.exe
  C:\Windows\System\EuGyemi.exe
  2⤵
  PID:3248
- C:\Windows\System\fvyaARq.exe
  C:\Windows\System\fvyaARq.exe
  2⤵
  PID:3772
- C:\Windows\System\GcYeZLK.exe
  C:\Windows\System\GcYeZLK.exe
  2⤵
  PID:3820
- C:\Windows\System\VeuTMQo.exe
  C:\Windows\System\VeuTMQo.exe
  2⤵
  PID:3296
- C:\Windows\System\DbNkaBd.exe
  C:\Windows\System\DbNkaBd.exe
  2⤵
  PID:3236
- C:\Windows\System\CVYeapQ.exe
  C:\Windows\System\CVYeapQ.exe
  2⤵
  PID:3264
- C:\Windows\System\lKHlReA.exe
  C:\Windows\System\lKHlReA.exe
  2⤵
  PID:3312
- C:\Windows\System\hPMDguy.exe
  C:\Windows\System\hPMDguy.exe
  2⤵
  PID:3332
- C:\Windows\System\qRhNlUf.exe
  C:\Windows\System\qRhNlUf.exe
  2⤵
  PID:3972
- C:\Windows\System\JqdYtMx.exe
  C:\Windows\System\JqdYtMx.exe
  2⤵
  PID:4044
- C:\Windows\System\mfUWOeW.exe
  C:\Windows\System\mfUWOeW.exe
  2⤵
  PID:3844
- C:\Windows\System\NzpdCza.exe
  C:\Windows\System\NzpdCza.exe
  2⤵
  PID:3500
- C:\Windows\System\DMGFmpy.exe
  C:\Windows\System\DMGFmpy.exe
  2⤵
  PID:3560
- C:\Windows\System\HoJvsFT.exe
  C:\Windows\System\HoJvsFT.exe
  2⤵
  PID:3848
- C:\Windows\System\khcxxKC.exe
  C:\Windows\System\khcxxKC.exe
  2⤵
  PID:3708
- C:\Windows\System\WlGohXU.exe
  C:\Windows\System\WlGohXU.exe
  2⤵
  PID:3976
- C:\Windows\System\tHwfhAn.exe
  C:\Windows\System\tHwfhAn.exe
  2⤵
  PID:4076
- C:\Windows\System\sRtCkuU.exe
  C:\Windows\System\sRtCkuU.exe
  2⤵
  PID:2772
- C:\Windows\System\dcEGOUp.exe
  C:\Windows\System\dcEGOUp.exe
  2⤵
  PID:476
- C:\Windows\System\wWVxwfY.exe
  C:\Windows\System\wWVxwfY.exe
  2⤵
  PID:3176
- C:\Windows\System\nFoSpsx.exe
  C:\Windows\System\nFoSpsx.exe
  2⤵
  PID:3504
- C:\Windows\System\BISwErh.exe
  C:\Windows\System\BISwErh.exe
  2⤵
  PID:3460
- C:\Windows\System\gQMcPTe.exe
  C:\Windows\System\gQMcPTe.exe
  2⤵
  PID:3508
- C:\Windows\System\lRcPlNH.exe
  C:\Windows\System\lRcPlNH.exe
  2⤵
  PID:3784
- C:\Windows\System\TrTOIUL.exe
  C:\Windows\System\TrTOIUL.exe
  2⤵
  PID:2140
- C:\Windows\System\vlaqylR.exe
  C:\Windows\System\vlaqylR.exe
  2⤵
  PID:3648
- C:\Windows\System\lWRayVF.exe
  C:\Windows\System\lWRayVF.exe
  2⤵
  PID:4024
- C:\Windows\System\TXxZPKp.exe
  C:\Windows\System\TXxZPKp.exe
  2⤵
  PID:3712
- C:\Windows\System\bpcWITY.exe
  C:\Windows\System\bpcWITY.exe
  2⤵
  PID:4064
- C:\Windows\System\jKItAZu.exe
  C:\Windows\System\jKItAZu.exe
  2⤵
  PID:3224
- C:\Windows\System\taDtdzE.exe
  C:\Windows\System\taDtdzE.exe
  2⤵
  PID:784
- C:\Windows\System\TcKSXVj.exe
  C:\Windows\System\TcKSXVj.exe
  2⤵
  PID:652
- C:\Windows\System\MCrJGJv.exe
  C:\Windows\System\MCrJGJv.exe
  2⤵
  PID:3280
- C:\Windows\System\pOOlOzl.exe
  C:\Windows\System\pOOlOzl.exe
  2⤵
  PID:3140
- C:\Windows\System\goIJSKY.exe
  C:\Windows\System\goIJSKY.exe
  2⤵
  PID:1376
- C:\Windows\System\jWZCdPX.exe
  C:\Windows\System\jWZCdPX.exe
  2⤵
  PID:708
- C:\Windows\System\EkcqVWZ.exe
  C:\Windows\System\EkcqVWZ.exe
  2⤵
  PID:4040
- C:\Windows\System\GbMDPdr.exe
  C:\Windows\System\GbMDPdr.exe
  2⤵
  PID:3428
- C:\Windows\System\ELYTcxY.exe
  C:\Windows\System\ELYTcxY.exe
  2⤵
  PID:3828
- C:\Windows\System\oOfAkln.exe
  C:\Windows\System\oOfAkln.exe
  2⤵
  PID:3228
- C:\Windows\System\lTiWvcf.exe
  C:\Windows\System\lTiWvcf.exe
  2⤵
  PID:3496
- C:\Windows\System\PgVCutR.exe
  C:\Windows\System\PgVCutR.exe
  2⤵
  PID:3552
- C:\Windows\System\kQTHsaa.exe
  C:\Windows\System\kQTHsaa.exe
  2⤵
  PID:3180
- C:\Windows\System\PNKDKGv.exe
  C:\Windows\System\PNKDKGv.exe
  2⤵
  PID:2880
- C:\Windows\System\vYbkYpy.exe
  C:\Windows\System\vYbkYpy.exe
  2⤵
  PID:2596
- C:\Windows\System\dSRAVmn.exe
  C:\Windows\System\dSRAVmn.exe
  2⤵
  PID:2124
- C:\Windows\System\vrRDXiS.exe
  C:\Windows\System\vrRDXiS.exe
  2⤵
  PID:3580
- C:\Windows\System\jVEurbC.exe
  C:\Windows\System\jVEurbC.exe
  2⤵
  PID:3736
- C:\Windows\System\lKrWPjD.exe
  C:\Windows\System\lKrWPjD.exe
  2⤵
  PID:3808
- C:\Windows\System\CoPeIOl.exe
  C:\Windows\System\CoPeIOl.exe
  2⤵
  PID:3912
- C:\Windows\System\Wepkpdz.exe
  C:\Windows\System\Wepkpdz.exe
  2⤵
  PID:3432
- C:\Windows\System\dytcWAB.exe
  C:\Windows\System\dytcWAB.exe
  2⤵
  PID:4036
- C:\Windows\System\JLlXbOb.exe
  C:\Windows\System\JLlXbOb.exe
  2⤵
  PID:3892
- C:\Windows\System\WUtlKuK.exe
  C:\Windows\System\WUtlKuK.exe
  2⤵
  PID:3344
- C:\Windows\System\vlXqpAF.exe
  C:\Windows\System\vlXqpAF.exe
  2⤵
  PID:3240
- C:\Windows\System\HJPaBpw.exe
  C:\Windows\System\HJPaBpw.exe
  2⤵
  PID:4100
- C:\Windows\System\lBBPrlR.exe
  C:\Windows\System\lBBPrlR.exe
  2⤵
  PID:4116
- C:\Windows\System\iQOpqbV.exe
  C:\Windows\System\iQOpqbV.exe
  2⤵
  PID:4132
- C:\Windows\System\snCOgnf.exe
  C:\Windows\System\snCOgnf.exe
  2⤵
  PID:4148
- C:\Windows\System\YrEAEoY.exe
  C:\Windows\System\YrEAEoY.exe
  2⤵
  PID:4164
- C:\Windows\System\FoMGOED.exe
  C:\Windows\System\FoMGOED.exe
  2⤵
  PID:4180
- C:\Windows\System\LweoBmF.exe
  C:\Windows\System\LweoBmF.exe
  2⤵
  PID:4196
- C:\Windows\System\LWJZsev.exe
  C:\Windows\System\LWJZsev.exe
  2⤵
  PID:4212
- C:\Windows\System\JlSOFHP.exe
  C:\Windows\System\JlSOFHP.exe
  2⤵
  PID:4228
- C:\Windows\System\WxmkVNP.exe
  C:\Windows\System\WxmkVNP.exe
  2⤵
  PID:4244
- C:\Windows\System\eVdVPtE.exe
  C:\Windows\System\eVdVPtE.exe
  2⤵
  PID:4260
- C:\Windows\System\nHQxKBe.exe
  C:\Windows\System\nHQxKBe.exe
  2⤵
  PID:4276
- C:\Windows\System\sLYWNtH.exe
  C:\Windows\System\sLYWNtH.exe
  2⤵
  PID:4292
- C:\Windows\System\YDnGzzu.exe
  C:\Windows\System\YDnGzzu.exe
  2⤵
  PID:4308
- C:\Windows\System\AghPIaa.exe
  C:\Windows\System\AghPIaa.exe
  2⤵
  PID:4324
- C:\Windows\System\OEkhDAJ.exe
  C:\Windows\System\OEkhDAJ.exe
  2⤵
  PID:4340
- C:\Windows\System\WTOHCYI.exe
  C:\Windows\System\WTOHCYI.exe
  2⤵
  PID:4356
- C:\Windows\System\ammcZbD.exe
  C:\Windows\System\ammcZbD.exe
  2⤵
  PID:4372
- C:\Windows\System\zWPARMc.exe
  C:\Windows\System\zWPARMc.exe
  2⤵
  PID:4388
- C:\Windows\System\CetsUNI.exe
  C:\Windows\System\CetsUNI.exe
  2⤵
  PID:4404
- C:\Windows\System\oDYROUG.exe
  C:\Windows\System\oDYROUG.exe
  2⤵
  PID:4420
- C:\Windows\System\jbhecPo.exe
  C:\Windows\System\jbhecPo.exe
  2⤵
  PID:4436
- C:\Windows\System\duJTVnE.exe
  C:\Windows\System\duJTVnE.exe
  2⤵
  PID:4452
- C:\Windows\System\bwsZHbl.exe
  C:\Windows\System\bwsZHbl.exe
  2⤵
  PID:4468
- C:\Windows\System\zjuKhQB.exe
  C:\Windows\System\zjuKhQB.exe
  2⤵
  PID:4484
- C:\Windows\System\ZigOXNo.exe
  C:\Windows\System\ZigOXNo.exe
  2⤵
  PID:4500
- C:\Windows\System\wVHlFPu.exe
  C:\Windows\System\wVHlFPu.exe
  2⤵
  PID:4516
- C:\Windows\System\vgXqEEQ.exe
  C:\Windows\System\vgXqEEQ.exe
  2⤵
  PID:4532
- C:\Windows\System\yZUBhgM.exe
  C:\Windows\System\yZUBhgM.exe
  2⤵
  PID:4548
- C:\Windows\System\UUUISwM.exe
  C:\Windows\System\UUUISwM.exe
  2⤵
  PID:4564
- C:\Windows\System\hYabBRD.exe
  C:\Windows\System\hYabBRD.exe
  2⤵
  PID:4580
- C:\Windows\System\zNArIKu.exe
  C:\Windows\System\zNArIKu.exe
  2⤵
  PID:4596
- C:\Windows\System\mITGrfe.exe
  C:\Windows\System\mITGrfe.exe
  2⤵
  PID:4612
- C:\Windows\System\UeInobh.exe
  C:\Windows\System\UeInobh.exe
  2⤵
  PID:4628
- C:\Windows\System\pHGpjtq.exe
  C:\Windows\System\pHGpjtq.exe
  2⤵
  PID:4644
- C:\Windows\System\uAQcVpB.exe
  C:\Windows\System\uAQcVpB.exe
  2⤵
  PID:4660
- C:\Windows\System\OFNCoLj.exe
  C:\Windows\System\OFNCoLj.exe
  2⤵
  PID:4676
- C:\Windows\System\YVyIvIu.exe
  C:\Windows\System\YVyIvIu.exe
  2⤵
  PID:4692
- C:\Windows\System\PxWmnaS.exe
  C:\Windows\System\PxWmnaS.exe
  2⤵
  PID:4708
- C:\Windows\System\NLsHAcC.exe
  C:\Windows\System\NLsHAcC.exe
  2⤵
  PID:4724
- C:\Windows\System\kSRwYcu.exe
  C:\Windows\System\kSRwYcu.exe
  2⤵
  PID:4740
- C:\Windows\System\VvRGZzm.exe
  C:\Windows\System\VvRGZzm.exe
  2⤵
  PID:4756
- C:\Windows\System\xblGTMw.exe
  C:\Windows\System\xblGTMw.exe
  2⤵
  PID:4772
- C:\Windows\System\lLLoUYo.exe
  C:\Windows\System\lLLoUYo.exe
  2⤵
  PID:4788
- C:\Windows\System\LkzeYWW.exe
  C:\Windows\System\LkzeYWW.exe
  2⤵
  PID:4804
- C:\Windows\System\AwKhdRc.exe
  C:\Windows\System\AwKhdRc.exe
  2⤵
  PID:4824
- C:\Windows\System\OreitRy.exe
  C:\Windows\System\OreitRy.exe
  2⤵
  PID:4840
- C:\Windows\System\qEVrVIi.exe
  C:\Windows\System\qEVrVIi.exe
  2⤵
  PID:4856
- C:\Windows\System\ClFYTze.exe
  C:\Windows\System\ClFYTze.exe
  2⤵
  PID:4872
- C:\Windows\System\OdqCqIk.exe
  C:\Windows\System\OdqCqIk.exe
  2⤵
  PID:4888
- C:\Windows\System\supizcC.exe
  C:\Windows\System\supizcC.exe
  2⤵
  PID:4904
- C:\Windows\System\OwGPhGW.exe
  C:\Windows\System\OwGPhGW.exe
  2⤵
  PID:4920
- C:\Windows\System\BmPBOaq.exe
  C:\Windows\System\BmPBOaq.exe
  2⤵
  PID:4936
- C:\Windows\System\DyRwTDJ.exe
  C:\Windows\System\DyRwTDJ.exe
  2⤵
  PID:4952
- C:\Windows\System\UYYYEok.exe
  C:\Windows\System\UYYYEok.exe
  2⤵
  PID:4968
- C:\Windows\System\VdfOBpw.exe
  C:\Windows\System\VdfOBpw.exe
  2⤵
  PID:4984
- C:\Windows\System\yghlaKV.exe
  C:\Windows\System\yghlaKV.exe
  2⤵
  PID:5000
- C:\Windows\System\JnxXSDm.exe
  C:\Windows\System\JnxXSDm.exe
  2⤵
  PID:5016
- C:\Windows\System\HYtmcRk.exe
  C:\Windows\System\HYtmcRk.exe
  2⤵
  PID:5032
- C:\Windows\System\ZReQQyf.exe
  C:\Windows\System\ZReQQyf.exe
  2⤵
  PID:5048
- C:\Windows\System\gVcRpqZ.exe
  C:\Windows\System\gVcRpqZ.exe
  2⤵
  PID:5064
- C:\Windows\System\dnpeEsQ.exe
  C:\Windows\System\dnpeEsQ.exe
  2⤵
  PID:5080
- C:\Windows\System\VxOGiae.exe
  C:\Windows\System\VxOGiae.exe
  2⤵
  PID:5096
- C:\Windows\System\fSnKvBu.exe
  C:\Windows\System\fSnKvBu.exe
  2⤵
  PID:5112
- C:\Windows\System\cSVhZEz.exe
  C:\Windows\System\cSVhZEz.exe
  2⤵
  PID:3108
- C:\Windows\System\PUWMOlw.exe
  C:\Windows\System\PUWMOlw.exe
  2⤵
  PID:4008
- C:\Windows\System\kgQvETt.exe
  C:\Windows\System\kgQvETt.exe
  2⤵
  PID:4140
- C:\Windows\System\vDiWtVF.exe
  C:\Windows\System\vDiWtVF.exe
  2⤵
  PID:3608
- C:\Windows\System\DbCExQh.exe
  C:\Windows\System\DbCExQh.exe
  2⤵
  PID:4236
- C:\Windows\System\GvwIHtg.exe
  C:\Windows\System\GvwIHtg.exe
  2⤵
  PID:4268
- C:\Windows\System\eyrFdLh.exe
  C:\Windows\System\eyrFdLh.exe
  2⤵
  PID:4336
- C:\Windows\System\mRJJEOY.exe
  C:\Windows\System\mRJJEOY.exe
  2⤵
  PID:3596
- C:\Windows\System\RXBOBIr.exe
  C:\Windows\System\RXBOBIr.exe
  2⤵
  PID:4432
- C:\Windows\System\OEOjwKx.exe
  C:\Windows\System\OEOjwKx.exe
  2⤵
  PID:4460
- C:\Windows\System\zKkqKHx.exe
  C:\Windows\System\zKkqKHx.exe
  2⤵
  PID:2512
- C:\Windows\System\hwOPVbO.exe
  C:\Windows\System\hwOPVbO.exe
  2⤵
  PID:4332
- C:\Windows\System\BBaqHBK.exe
  C:\Windows\System\BBaqHBK.exe
  2⤵
  PID:2020
- C:\Windows\System\iNGfqsT.exe
  C:\Windows\System\iNGfqsT.exe
  2⤵
  PID:4156
- C:\Windows\System\vJocZUY.exe
  C:\Windows\System\vJocZUY.exe
  2⤵
  PID:4220
- C:\Windows\System\hZBeRTD.exe
  C:\Windows\System\hZBeRTD.exe
  2⤵
  PID:4284
- C:\Windows\System\clzbDVP.exe
  C:\Windows\System\clzbDVP.exe
  2⤵
  PID:4348
- C:\Windows\System\JUlQSQx.exe
  C:\Windows\System\JUlQSQx.exe
  2⤵
  PID:4384
- C:\Windows\System\nuKuyWA.exe
  C:\Windows\System\nuKuyWA.exe
  2⤵
  PID:4448
- C:\Windows\System\nehOMba.exe
  C:\Windows\System\nehOMba.exe
  2⤵
  PID:4556
- C:\Windows\System\iTSKvLH.exe
  C:\Windows\System\iTSKvLH.exe
  2⤵
  PID:4508
- C:\Windows\System\sxKOUBj.exe
  C:\Windows\System\sxKOUBj.exe
  2⤵
  PID:4572
- C:\Windows\System\kyuXhdt.exe
  C:\Windows\System\kyuXhdt.exe
  2⤵
  PID:4652
- C:\Windows\System\JAEyStu.exe
  C:\Windows\System\JAEyStu.exe
  2⤵
  PID:4716
- C:\Windows\System\xDhjbNt.exe
  C:\Windows\System\xDhjbNt.exe
  2⤵
  PID:4780
- C:\Windows\System\oxwtxZm.exe
  C:\Windows\System\oxwtxZm.exe
  2⤵
  PID:4636
- C:\Windows\System\TGRJzrB.exe
  C:\Windows\System\TGRJzrB.exe
  2⤵
  PID:4700
- C:\Windows\System\vizltdn.exe
  C:\Windows\System\vizltdn.exe
  2⤵
  PID:4764
- C:\Windows\System\fkiTXfZ.exe
  C:\Windows\System\fkiTXfZ.exe
  2⤵
  PID:4720
- C:\Windows\System\OuxUyzX.exe
  C:\Windows\System\OuxUyzX.exe
  2⤵
  PID:1028
- C:\Windows\System\xPQBdGE.exe
  C:\Windows\System\xPQBdGE.exe
  2⤵
  PID:4912
- C:\Windows\System\cBEbgQA.exe
  C:\Windows\System\cBEbgQA.exe
  2⤵
  PID:4980
- C:\Windows\System\fIEoPGt.exe
  C:\Windows\System\fIEoPGt.exe
  2⤵
  PID:5040
- C:\Windows\System\LJpAxgp.exe
  C:\Windows\System\LJpAxgp.exe
  2⤵
  PID:4932
- C:\Windows\System\aZqyxwF.exe
  C:\Windows\System\aZqyxwF.exe
  2⤵
  PID:2152
- C:\Windows\System\zQFuGaF.exe
  C:\Windows\System\zQFuGaF.exe
  2⤵
  PID:3268
- C:\Windows\System\xTyxJTD.exe
  C:\Windows\System\xTyxJTD.exe
  2⤵
  PID:4396
- C:\Windows\System\SveZVib.exe
  C:\Windows\System\SveZVib.exe
  2⤵
  PID:5092
- C:\Windows\System\rumvMPJ.exe
  C:\Windows\System\rumvMPJ.exe
  2⤵
  PID:4172
- C:\Windows\System\boGmEDK.exe
  C:\Windows\System\boGmEDK.exe
  2⤵
  PID:4304
- C:\Windows\System\SFQlTPg.exe
  C:\Windows\System\SFQlTPg.exe
  2⤵
  PID:1616
- C:\Windows\System\cIPYJrr.exe
  C:\Windows\System\cIPYJrr.exe
  2⤵
  PID:3988
- C:\Windows\System\rZHzJch.exe
  C:\Windows\System\rZHzJch.exe
  2⤵
  PID:4124
- C:\Windows\System\sfYhoGU.exe
  C:\Windows\System\sfYhoGU.exe
  2⤵
  PID:4540
- C:\Windows\System\xOsXYiX.exe
  C:\Windows\System\xOsXYiX.exe
  2⤵
  PID:4188
- C:\Windows\System\EfTXjtm.exe
  C:\Windows\System\EfTXjtm.exe
  2⤵
  PID:4416
- C:\Windows\System\LmuIhAq.exe
  C:\Windows\System\LmuIhAq.exe
  2⤵
  PID:4588
- C:\Windows\System\PietNFV.exe
  C:\Windows\System\PietNFV.exe
  2⤵
  PID:3652
- C:\Windows\System\RGwfesj.exe
  C:\Windows\System\RGwfesj.exe
  2⤵
  PID:4608
- C:\Windows\System\jzFjRWH.exe
  C:\Windows\System\jzFjRWH.exe
  2⤵
  PID:4736
- C:\Windows\System\AUhucOl.exe
  C:\Windows\System\AUhucOl.exe
  2⤵
  PID:4796
- C:\Windows\System\ddqOVXp.exe
  C:\Windows\System\ddqOVXp.exe
  2⤵
  PID:4748
- C:\Windows\System\mRXgnEm.exe
  C:\Windows\System\mRXgnEm.exe
  2⤵
  PID:4976
- C:\Windows\System\ATVgxuP.exe
  C:\Windows\System\ATVgxuP.exe
  2⤵
  PID:4928
- C:\Windows\System\bLADdGB.exe
  C:\Windows\System\bLADdGB.exe
  2⤵
  PID:4900
- C:\Windows\System\GSUtFPs.exe
  C:\Windows\System\GSUtFPs.exe
  2⤵
  PID:4992
- C:\Windows\System\eBFIMVT.exe
  C:\Windows\System\eBFIMVT.exe
  2⤵
  PID:5028
- C:\Windows\System\TQLddaU.exe
  C:\Windows\System\TQLddaU.exe
  2⤵
  PID:1924
- C:\Windows\System\npWbwih.exe
  C:\Windows\System\npWbwih.exe
  2⤵
  PID:5060
- C:\Windows\System\MWRCrjh.exe
  C:\Windows\System\MWRCrjh.exe
  2⤵
  PID:4496
- C:\Windows\System\qoyDOqj.exe
  C:\Windows\System\qoyDOqj.exe
  2⤵
  PID:1036
- C:\Windows\System\JangDuE.exe
  C:\Windows\System\JangDuE.exe
  2⤵
  PID:4604
- C:\Windows\System\jxppRmB.exe
  C:\Windows\System\jxppRmB.exe
  2⤵
  PID:5012
- C:\Windows\System\tPvuefo.exe
  C:\Windows\System\tPvuefo.exe
  2⤵
  PID:4368
- C:\Windows\System\WakuHuO.exe
  C:\Windows\System\WakuHuO.exe
  2⤵
  PID:4428
- C:\Windows\System\fnKmFTE.exe
  C:\Windows\System\fnKmFTE.exe
  2⤵
  PID:4112
- C:\Windows\System\kYSGiBe.exe
  C:\Windows\System\kYSGiBe.exe
  2⤵
  PID:4300
- C:\Windows\System\GwgVOEW.exe
  C:\Windows\System\GwgVOEW.exe
  2⤵
  PID:4684
- C:\Windows\System\gDRiDDQ.exe
  C:\Windows\System\gDRiDDQ.exe
  2⤵
  PID:4948
- C:\Windows\System\MILwuGh.exe
  C:\Windows\System\MILwuGh.exe
  2⤵
  PID:2664
- C:\Windows\System\jhGRMMo.exe
  C:\Windows\System\jhGRMMo.exe
  2⤵
  PID:5024
- C:\Windows\System\XoYzkkO.exe
  C:\Windows\System\XoYzkkO.exe
  2⤵
  PID:4476
- C:\Windows\System\JoqQXJr.exe
  C:\Windows\System\JoqQXJr.exe
  2⤵
  PID:5076
- C:\Windows\System\soGkkJp.exe
  C:\Windows\System\soGkkJp.exe
  2⤵
  PID:3960
- C:\Windows\System\yjupjPb.exe
  C:\Windows\System\yjupjPb.exe
  2⤵
  PID:1696
- C:\Windows\System\knZFnZq.exe
  C:\Windows\System\knZFnZq.exe
  2⤵
  PID:5104
- C:\Windows\System\MTXgNWI.exe
  C:\Windows\System\MTXgNWI.exe
  2⤵
  PID:5124
- C:\Windows\System\RBMqcaX.exe
  C:\Windows\System\RBMqcaX.exe
  2⤵
  PID:5140
- C:\Windows\System\aZQwtOJ.exe
  C:\Windows\System\aZQwtOJ.exe
  2⤵
  PID:5156
- C:\Windows\System\LzSMRJL.exe
  C:\Windows\System\LzSMRJL.exe
  2⤵
  PID:5172
- C:\Windows\System\nttZfvY.exe
  C:\Windows\System\nttZfvY.exe
  2⤵
  PID:5188
- C:\Windows\System\nWlCPfV.exe
  C:\Windows\System\nWlCPfV.exe
  2⤵
  PID:5204
- C:\Windows\System\KyQJbCy.exe
  C:\Windows\System\KyQJbCy.exe
  2⤵
  PID:5220
- C:\Windows\System\Zpqbrez.exe
  C:\Windows\System\Zpqbrez.exe
  2⤵
  PID:5236
- C:\Windows\System\mTtAcQS.exe
  C:\Windows\System\mTtAcQS.exe
  2⤵
  PID:5252
- C:\Windows\System\BcZWnkV.exe
  C:\Windows\System\BcZWnkV.exe
  2⤵
  PID:5268
- C:\Windows\System\EBKejzt.exe
  C:\Windows\System\EBKejzt.exe
  2⤵
  PID:5284
- C:\Windows\System\lrbcdOl.exe
  C:\Windows\System\lrbcdOl.exe
  2⤵
  PID:5300
- C:\Windows\System\vZtcUGp.exe
  C:\Windows\System\vZtcUGp.exe
  2⤵
  PID:5316
- C:\Windows\System\lNXeYHW.exe
  C:\Windows\System\lNXeYHW.exe
  2⤵
  PID:5332
- C:\Windows\System\gqezNdy.exe
  C:\Windows\System\gqezNdy.exe
  2⤵
  PID:5348
- C:\Windows\System\GZRfhCq.exe
  C:\Windows\System\GZRfhCq.exe
  2⤵
  PID:5364
- C:\Windows\System\CKEKRto.exe
  C:\Windows\System\CKEKRto.exe
  2⤵
  PID:5380
- C:\Windows\System\xmPwprx.exe
  C:\Windows\System\xmPwprx.exe
  2⤵
  PID:5396
- C:\Windows\System\LgcyvMt.exe
  C:\Windows\System\LgcyvMt.exe
  2⤵
  PID:5412
- C:\Windows\System\bugQurX.exe
  C:\Windows\System\bugQurX.exe
  2⤵
  PID:5428
- C:\Windows\System\tzChrtc.exe
  C:\Windows\System\tzChrtc.exe
  2⤵
  PID:5444
- C:\Windows\System\AsBLmHm.exe
  C:\Windows\System\AsBLmHm.exe
  2⤵
  PID:5460
- C:\Windows\System\tEqTLJB.exe
  C:\Windows\System\tEqTLJB.exe
  2⤵
  PID:5476
- C:\Windows\System\FOnGxPQ.exe
  C:\Windows\System\FOnGxPQ.exe
  2⤵
  PID:5492
- C:\Windows\System\xVaKAtg.exe
  C:\Windows\System\xVaKAtg.exe
  2⤵
  PID:5508
- C:\Windows\System\xDPNiLc.exe
  C:\Windows\System\xDPNiLc.exe
  2⤵
  PID:5524
- C:\Windows\System\LRYmYQp.exe
  C:\Windows\System\LRYmYQp.exe
  2⤵
  PID:5540
- C:\Windows\System\jKrqxxv.exe
  C:\Windows\System\jKrqxxv.exe
  2⤵
  PID:5556
- C:\Windows\System\wTGVpWu.exe
  C:\Windows\System\wTGVpWu.exe
  2⤵
  PID:5572
- C:\Windows\System\qOIDaFK.exe
  C:\Windows\System\qOIDaFK.exe
  2⤵
  PID:5588
- C:\Windows\System\UWpejFM.exe
  C:\Windows\System\UWpejFM.exe
  2⤵
  PID:5604
- C:\Windows\System\jhuqksE.exe
  C:\Windows\System\jhuqksE.exe
  2⤵
  PID:5620
- C:\Windows\System\GkZVpVJ.exe
  C:\Windows\System\GkZVpVJ.exe
  2⤵
  PID:5636
- C:\Windows\System\BpdZEFJ.exe
  C:\Windows\System\BpdZEFJ.exe
  2⤵
  PID:5652
- C:\Windows\System\sWzWocF.exe
  C:\Windows\System\sWzWocF.exe
  2⤵
  PID:5668
- C:\Windows\System\GwGrnEG.exe
  C:\Windows\System\GwGrnEG.exe
  2⤵
  PID:5696
- C:\Windows\System\QtNpbWR.exe
  C:\Windows\System\QtNpbWR.exe
  2⤵
  PID:5712
- C:\Windows\System\yVQVInz.exe
  C:\Windows\System\yVQVInz.exe
  2⤵
  PID:5732
- C:\Windows\System\iDFwpBO.exe
  C:\Windows\System\iDFwpBO.exe
  2⤵
  PID:5748
- C:\Windows\System\BBkVnYR.exe
  C:\Windows\System\BBkVnYR.exe
  2⤵
  PID:5764
- C:\Windows\System\NbngpIk.exe
  C:\Windows\System\NbngpIk.exe
  2⤵
  PID:5780
- C:\Windows\System\WhevFMZ.exe
  C:\Windows\System\WhevFMZ.exe
  2⤵
  PID:5796
- C:\Windows\System\zsWCIkN.exe
  C:\Windows\System\zsWCIkN.exe
  2⤵
  PID:5812
- C:\Windows\System\lPRicPa.exe
  C:\Windows\System\lPRicPa.exe
  2⤵
  PID:5828
- C:\Windows\System\aAZylIx.exe
  C:\Windows\System\aAZylIx.exe
  2⤵
  PID:5848
- C:\Windows\System\IiRAADX.exe
  C:\Windows\System\IiRAADX.exe
  2⤵
  PID:5864
- C:\Windows\System\GlzhoJv.exe
  C:\Windows\System\GlzhoJv.exe
  2⤵
  PID:5880
- C:\Windows\System\NdiMjEE.exe
  C:\Windows\System\NdiMjEE.exe
  2⤵
  PID:5896
- C:\Windows\System\Wjoyqkz.exe
  C:\Windows\System\Wjoyqkz.exe
  2⤵
  PID:5912
- C:\Windows\System\ymaVlbc.exe
  C:\Windows\System\ymaVlbc.exe
  2⤵
  PID:5928
- C:\Windows\System\bTuAqaI.exe
  C:\Windows\System\bTuAqaI.exe
  2⤵
  PID:5944
- C:\Windows\System\iTiQGHY.exe
  C:\Windows\System\iTiQGHY.exe
  2⤵
  PID:5960
- C:\Windows\System\UbmLTFM.exe
  C:\Windows\System\UbmLTFM.exe
  2⤵
  PID:5976
- C:\Windows\System\WqqWpjy.exe
  C:\Windows\System\WqqWpjy.exe
  2⤵
  PID:5992
- C:\Windows\System\vALNZUV.exe
  C:\Windows\System\vALNZUV.exe
  2⤵
  PID:6008
- C:\Windows\System\yLTfFbX.exe
  C:\Windows\System\yLTfFbX.exe
  2⤵
  PID:6024
- C:\Windows\System\EPLgmcY.exe
  C:\Windows\System\EPLgmcY.exe
  2⤵
  PID:6040
- C:\Windows\System\rUuMcEa.exe
  C:\Windows\System\rUuMcEa.exe
  2⤵
  PID:6056
- C:\Windows\System\gTfIByf.exe
  C:\Windows\System\gTfIByf.exe
  2⤵
  PID:6072
- C:\Windows\System\jILqFdS.exe
  C:\Windows\System\jILqFdS.exe
  2⤵
  PID:6088
- C:\Windows\System\JPcigiD.exe
  C:\Windows\System\JPcigiD.exe
  2⤵
  PID:6104
- C:\Windows\System\CXxhZLy.exe
  C:\Windows\System\CXxhZLy.exe
  2⤵
  PID:6096
- C:\Windows\System\hpkkvVW.exe
  C:\Windows\System\hpkkvVW.exe
  2⤵
  PID:5456
- C:\Windows\System\EVqdnjJ.exe
  C:\Windows\System\EVqdnjJ.exe
  2⤵
  PID:5704
- C:\Windows\System\GVzWQKj.exe
  C:\Windows\System\GVzWQKj.exe
  2⤵
  PID:5788
- C:\Windows\System\IHPdMUT.exe
  C:\Windows\System\IHPdMUT.exe
  2⤵
  PID:5856
- C:\Windows\System\dmqqjgB.exe
  C:\Windows\System\dmqqjgB.exe
  2⤵
  PID:5892
- C:\Windows\System\kteXodl.exe
  C:\Windows\System\kteXodl.exe
  2⤵
  PID:5872
- C:\Windows\System\bvVqdZK.exe
  C:\Windows\System\bvVqdZK.exe
  2⤵
  PID:5804
- C:\Windows\System\QdggNhm.exe
  C:\Windows\System\QdggNhm.exe
  2⤵
  PID:5936
- C:\Windows\System\vWdWlVl.exe
  C:\Windows\System\vWdWlVl.exe
  2⤵
  PID:5904
- C:\Windows\System\bukjVVh.exe
  C:\Windows\System\bukjVVh.exe
  2⤵
  PID:5924
- C:\Windows\System\ZjnOeQT.exe
  C:\Windows\System\ZjnOeQT.exe
  2⤵
  PID:6052
- C:\Windows\System\DWpJVfT.exe
  C:\Windows\System\DWpJVfT.exe
  2⤵
  PID:5968
- C:\Windows\System\YZqoAFJ.exe
  C:\Windows\System\YZqoAFJ.exe
  2⤵
  PID:6116
- C:\Windows\System\HDSDWBa.exe
  C:\Windows\System\HDSDWBa.exe
  2⤵
  PID:5184
- C:\Windows\System\dlCzwvp.exe
  C:\Windows\System\dlCzwvp.exe
  2⤵
  PID:5168
- C:\Windows\System\dsrMUDQ.exe
  C:\Windows\System\dsrMUDQ.exe
  2⤵
  PID:5228
- C:\Windows\System\szmNoFJ.exe
  C:\Windows\System\szmNoFJ.exe
  2⤵
  PID:5452
- C:\Windows\System\njEAHjg.exe
  C:\Windows\System\njEAHjg.exe
  2⤵
  PID:6124
- C:\Windows\System\QhadgQt.exe
  C:\Windows\System\QhadgQt.exe
  2⤵
  PID:6140
- C:\Windows\System\YbIHOjn.exe
  C:\Windows\System\YbIHOjn.exe
  2⤵
  PID:5292
- C:\Windows\System\wftXQyK.exe
  C:\Windows\System\wftXQyK.exe
  2⤵
  PID:5424
- C:\Windows\System\NzXPEkg.exe
  C:\Windows\System\NzXPEkg.exe
  2⤵
  PID:5136
- C:\Windows\System\DUOBJfy.exe
  C:\Windows\System\DUOBJfy.exe
  2⤵
  PID:5516
- C:\Windows\System\ALJzZXs.exe
  C:\Windows\System\ALJzZXs.exe
  2⤵
  PID:4800
- C:\Windows\System\jmtNbsX.exe
  C:\Windows\System\jmtNbsX.exe
  2⤵
  PID:5216
- C:\Windows\System\bHjyHPP.exe
  C:\Windows\System\bHjyHPP.exe
  2⤵
  PID:5340
- C:\Windows\System\NgSHmAn.exe
  C:\Windows\System\NgSHmAn.exe
  2⤵
  PID:5280
- C:\Windows\System\EOtlxVU.exe
  C:\Windows\System\EOtlxVU.exe
  2⤵
  PID:5404
- C:\Windows\System\suDtylY.exe
  C:\Windows\System\suDtylY.exe
  2⤵
  PID:5440
- C:\Windows\System\vTcvuoG.exe
  C:\Windows\System\vTcvuoG.exe
  2⤵
  PID:5500
- C:\Windows\System\XzpclNn.exe
  C:\Windows\System\XzpclNn.exe
  2⤵
  PID:5536
- C:\Windows\System\vDlDbWy.exe
  C:\Windows\System\vDlDbWy.exe
  2⤵
  PID:5612
- C:\Windows\System\AwaeGIo.exe
  C:\Windows\System\AwaeGIo.exe
  2⤵
  PID:5600
- C:\Windows\System\qOiCZKD.exe
  C:\Windows\System\qOiCZKD.exe
  2⤵
  PID:5676
- C:\Windows\System\leJMmqt.exe
  C:\Windows\System\leJMmqt.exe
  2⤵
  PID:5680
- C:\Windows\System\ScNRoUa.exe
  C:\Windows\System\ScNRoUa.exe
  2⤵
  PID:5720
- C:\Windows\System\yZqqegD.exe
  C:\Windows\System\yZqqegD.exe
  2⤵
  PID:5836
- C:\Windows\System\MqOnpZE.exe
  C:\Windows\System\MqOnpZE.exe
  2⤵
  PID:6080
- C:\Windows\System\vLkqaXK.exe
  C:\Windows\System\vLkqaXK.exe
  2⤵
  PID:5484
- C:\Windows\System\sQbIhRh.exe
  C:\Windows\System\sQbIhRh.exe
  2⤵
  PID:6120
- C:\Windows\System\ylkbwuc.exe
  C:\Windows\System\ylkbwuc.exe
  2⤵
  PID:5388
- C:\Windows\System\aLXKsZr.exe
  C:\Windows\System\aLXKsZr.exe
  2⤵
  PID:5180
- C:\Windows\System\DxjqbTX.exe
  C:\Windows\System\DxjqbTX.exe
  2⤵
  PID:5532
- C:\Windows\System\MOGeIXG.exe
  C:\Windows\System\MOGeIXG.exe
  2⤵
  PID:5648
- C:\Windows\System\DEirCWB.exe
  C:\Windows\System\DEirCWB.exe
  2⤵
  PID:5756
- C:\Windows\System\LVybNBZ.exe
  C:\Windows\System\LVybNBZ.exe
  2⤵
  PID:5760
- C:\Windows\System\PVUzcPO.exe
  C:\Windows\System\PVUzcPO.exe
  2⤵
  PID:5952
- C:\Windows\System\zvytUSb.exe
  C:\Windows\System\zvytUSb.exe
  2⤵
  PID:5692
- C:\Windows\System\babURBm.exe
  C:\Windows\System\babURBm.exe
  2⤵
  PID:6136
- C:\Windows\System\NegojBG.exe
  C:\Windows\System\NegojBG.exe
  2⤵
  PID:6000
- C:\Windows\System\eSNHMEs.exe
  C:\Windows\System\eSNHMEs.exe
  2⤵
  PID:5244
- C:\Windows\System\IdfdNVI.exe
  C:\Windows\System\IdfdNVI.exe
  2⤵
  PID:5552
- C:\Windows\System\XbYaHiv.exe
  C:\Windows\System\XbYaHiv.exe
  2⤵
  PID:5660
- C:\Windows\System\lERTyye.exe
  C:\Windows\System\lERTyye.exe
  2⤵
  PID:3348
- C:\Windows\System\znRPrUq.exe
  C:\Windows\System\znRPrUq.exe
  2⤵
  PID:5584
- C:\Windows\System\HhWKuBt.exe
  C:\Windows\System\HhWKuBt.exe
  2⤵
  PID:6048
- C:\Windows\System\YpoOsSC.exe
  C:\Windows\System\YpoOsSC.exe
  2⤵
  PID:5744
- C:\Windows\System\vpcsSJM.exe
  C:\Windows\System\vpcsSJM.exe
  2⤵
  PID:5984
- C:\Windows\System\LrcQNrW.exe
  C:\Windows\System\LrcQNrW.exe
  2⤵
  PID:5132
- C:\Windows\System\yBonFuT.exe
  C:\Windows\System\yBonFuT.exe
  2⤵
  PID:5684
- C:\Windows\System\dkBWhHq.exe
  C:\Windows\System\dkBWhHq.exe
  2⤵
  PID:5920
- C:\Windows\System\uoBWrnU.exe
  C:\Windows\System\uoBWrnU.exe
  2⤵
  PID:5772
- C:\Windows\System\CYALIDG.exe
  C:\Windows\System\CYALIDG.exe
  2⤵
  PID:5644
- C:\Windows\System\mSQMyaZ.exe
  C:\Windows\System\mSQMyaZ.exe
  2⤵
  PID:5324
- C:\Windows\System\ybhclGr.exe
  C:\Windows\System\ybhclGr.exe
  2⤵
  PID:5776
- C:\Windows\System\XUBIqdk.exe
  C:\Windows\System\XUBIqdk.exe
  2⤵
  PID:5232
- C:\Windows\System\nnUmIsk.exe
  C:\Windows\System\nnUmIsk.exe
  2⤵
  PID:6160
- C:\Windows\System\kzPPQqX.exe
  C:\Windows\System\kzPPQqX.exe
  2⤵
  PID:6176
- C:\Windows\System\KymAsCm.exe
  C:\Windows\System\KymAsCm.exe
  2⤵
  PID:6196
- C:\Windows\System\bjmfxjc.exe
  C:\Windows\System\bjmfxjc.exe
  2⤵
  PID:6212
- C:\Windows\System\LwarGGb.exe
  C:\Windows\System\LwarGGb.exe
  2⤵
  PID:6228
- C:\Windows\System\XraoMIF.exe
  C:\Windows\System\XraoMIF.exe
  2⤵
  PID:6244
- C:\Windows\System\HbmHYhe.exe
  C:\Windows\System\HbmHYhe.exe
  2⤵
  PID:6260
- C:\Windows\System\ytwWdId.exe
  C:\Windows\System\ytwWdId.exe
  2⤵
  PID:6276
- C:\Windows\System\aoIWcNt.exe
  C:\Windows\System\aoIWcNt.exe
  2⤵
  PID:6292
- C:\Windows\System\dGbixJI.exe
  C:\Windows\System\dGbixJI.exe
  2⤵
  PID:6308
- C:\Windows\System\UIBFvHE.exe
  C:\Windows\System\UIBFvHE.exe
  2⤵
  PID:6324
- C:\Windows\System\YSMLiyY.exe
  C:\Windows\System\YSMLiyY.exe
  2⤵
  PID:6340
- C:\Windows\System\BUqajgY.exe
  C:\Windows\System\BUqajgY.exe
  2⤵
  PID:6356
- C:\Windows\System\YoZfJRr.exe
  C:\Windows\System\YoZfJRr.exe
  2⤵
  PID:6372
- C:\Windows\System\bvrZAXi.exe
  C:\Windows\System\bvrZAXi.exe
  2⤵
  PID:6388
- C:\Windows\System\QEhcAUa.exe
  C:\Windows\System\QEhcAUa.exe
  2⤵
  PID:6404
- C:\Windows\System\UkruwxT.exe
  C:\Windows\System\UkruwxT.exe
  2⤵
  PID:6420
- C:\Windows\System\gTCheTo.exe
  C:\Windows\System\gTCheTo.exe
  2⤵
  PID:6436
- C:\Windows\System\vUEfrEm.exe
  C:\Windows\System\vUEfrEm.exe
  2⤵
  PID:6452
- C:\Windows\System\uUJaygH.exe
  C:\Windows\System\uUJaygH.exe
  2⤵
  PID:6468
- C:\Windows\System\TzwIFGQ.exe
  C:\Windows\System\TzwIFGQ.exe
  2⤵
  PID:6484
- C:\Windows\System\DGlUDbN.exe
  C:\Windows\System\DGlUDbN.exe
  2⤵
  PID:6500
- C:\Windows\System\gcYxilC.exe
  C:\Windows\System\gcYxilC.exe
  2⤵
  PID:6516
- C:\Windows\System\OKdlIQq.exe
  C:\Windows\System\OKdlIQq.exe
  2⤵
  PID:6532
- C:\Windows\System\vGtRyuE.exe
  C:\Windows\System\vGtRyuE.exe
  2⤵
  PID:6548
- C:\Windows\System\LuGfziN.exe
  C:\Windows\System\LuGfziN.exe
  2⤵
  PID:6564
- C:\Windows\System\qRwfvmW.exe
  C:\Windows\System\qRwfvmW.exe
  2⤵
  PID:6580
- C:\Windows\System\FJkuIir.exe
  C:\Windows\System\FJkuIir.exe
  2⤵
  PID:6596
- C:\Windows\System\fRSbEEQ.exe
  C:\Windows\System\fRSbEEQ.exe
  2⤵
  PID:6612
- C:\Windows\System\yhGUUwz.exe
  C:\Windows\System\yhGUUwz.exe
  2⤵
  PID:6628
- C:\Windows\System\qmUzSua.exe
  C:\Windows\System\qmUzSua.exe
  2⤵
  PID:6644
- C:\Windows\System\vdsBGse.exe
  C:\Windows\System\vdsBGse.exe
  2⤵
  PID:6660
- C:\Windows\System\nQikIFX.exe
  C:\Windows\System\nQikIFX.exe
  2⤵
  PID:6676
- C:\Windows\System\gNqJDYc.exe
  C:\Windows\System\gNqJDYc.exe
  2⤵
  PID:6692
- C:\Windows\System\QKKpCoZ.exe
  C:\Windows\System\QKKpCoZ.exe
  2⤵
  PID:6708
- C:\Windows\System\BsxAoAg.exe
  C:\Windows\System\BsxAoAg.exe
  2⤵
  PID:6724
- C:\Windows\System\QCsmMVP.exe
  C:\Windows\System\QCsmMVP.exe
  2⤵
  PID:6740
- C:\Windows\System\MSagyaB.exe
  C:\Windows\System\MSagyaB.exe
  2⤵
  PID:6756
- C:\Windows\System\eDPOPaI.exe
  C:\Windows\System\eDPOPaI.exe
  2⤵
  PID:6772
- C:\Windows\System\DgojwCG.exe
  C:\Windows\System\DgojwCG.exe
  2⤵
  PID:6788
- C:\Windows\System\MruQlzg.exe
  C:\Windows\System\MruQlzg.exe
  2⤵
  PID:6804
- C:\Windows\System\btaTuOn.exe
  C:\Windows\System\btaTuOn.exe
  2⤵
  PID:6820
- C:\Windows\System\gurgjAs.exe
  C:\Windows\System\gurgjAs.exe
  2⤵
  PID:6836
- C:\Windows\System\ovSGCZq.exe
  C:\Windows\System\ovSGCZq.exe
  2⤵
  PID:6852
- C:\Windows\System\tZQseiP.exe
  C:\Windows\System\tZQseiP.exe
  2⤵
  PID:6868
- C:\Windows\System\VZKOZDp.exe
  C:\Windows\System\VZKOZDp.exe
  2⤵
  PID:6884
- C:\Windows\System\vDwUfxM.exe
  C:\Windows\System\vDwUfxM.exe
  2⤵
  PID:6900
- C:\Windows\System\PtQsFmQ.exe
  C:\Windows\System\PtQsFmQ.exe
  2⤵
  PID:6920
- C:\Windows\System\XpGgGDQ.exe
  C:\Windows\System\XpGgGDQ.exe
  2⤵
  PID:6936
- C:\Windows\System\auqdoHX.exe
  C:\Windows\System\auqdoHX.exe
  2⤵
  PID:6952
- C:\Windows\System\MCkIVCl.exe
  C:\Windows\System\MCkIVCl.exe
  2⤵
  PID:6968
- C:\Windows\System\opfIDXm.exe
  C:\Windows\System\opfIDXm.exe
  2⤵
  PID:6984
- C:\Windows\System\fxVmoPE.exe
  C:\Windows\System\fxVmoPE.exe
  2⤵
  PID:7000
- C:\Windows\System\bBZHHta.exe
  C:\Windows\System\bBZHHta.exe
  2⤵
  PID:7016
- C:\Windows\System\gVdNNWY.exe
  C:\Windows\System\gVdNNWY.exe
  2⤵
  PID:7032
- C:\Windows\System\ARKNOMl.exe
  C:\Windows\System\ARKNOMl.exe
  2⤵
  PID:7048
- C:\Windows\System\kUdJVIV.exe
  C:\Windows\System\kUdJVIV.exe
  2⤵
  PID:7064
- C:\Windows\System\mADJcjP.exe
  C:\Windows\System\mADJcjP.exe
  2⤵
  PID:7080
- C:\Windows\System\TmFnnAs.exe
  C:\Windows\System\TmFnnAs.exe
  2⤵
  PID:7096
- C:\Windows\System\HrsXJIz.exe
  C:\Windows\System\HrsXJIz.exe
  2⤵
  PID:7112
- C:\Windows\System\AvyDucl.exe
  C:\Windows\System\AvyDucl.exe
  2⤵
  PID:7128
- C:\Windows\System\genIYIB.exe
  C:\Windows\System\genIYIB.exe
  2⤵
  PID:7144
- C:\Windows\System\dlySPUW.exe
  C:\Windows\System\dlySPUW.exe
  2⤵
  PID:7160
- C:\Windows\System\oiJrMfP.exe
  C:\Windows\System\oiJrMfP.exe
  2⤵
  PID:6172
- C:\Windows\System\TdvXksb.exe
  C:\Windows\System\TdvXksb.exe
  2⤵
  PID:6132
- C:\Windows\System\QeldZsC.exe
  C:\Windows\System\QeldZsC.exe
  2⤵
  PID:6068
- C:\Windows\System\aYHNXYS.exe
  C:\Windows\System\aYHNXYS.exe
  2⤵
  PID:6156
- C:\Windows\System\JVRdSLd.exe
  C:\Windows\System\JVRdSLd.exe
  2⤵
  PID:5908
- C:\Windows\System\vypOqUT.exe
  C:\Windows\System\vypOqUT.exe
  2⤵
  PID:6332
- C:\Windows\System\MlBsbCZ.exe
  C:\Windows\System\MlBsbCZ.exe
  2⤵
  PID:6220
- C:\Windows\System\avXpPAl.exe
  C:\Windows\System\avXpPAl.exe
  2⤵
  PID:6364
- C:\Windows\System\tHmMYTW.exe
  C:\Windows\System\tHmMYTW.exe
  2⤵
  PID:6400
- C:\Windows\System\mwpAHpx.exe
  C:\Windows\System\mwpAHpx.exe
  2⤵
  PID:6352
- C:\Windows\System\VgHzcMJ.exe
  C:\Windows\System\VgHzcMJ.exe
  2⤵
  PID:6384
- C:\Windows\System\RNlJVyE.exe
  C:\Windows\System\RNlJVyE.exe
  2⤵
  PID:6416
- C:\Windows\System\QmikUWM.exe
  C:\Windows\System\QmikUWM.exe
  2⤵
  PID:6480
- C:\Windows\System\BYvAUhv.exe
  C:\Windows\System\BYvAUhv.exe
  2⤵
  PID:6528
- C:\Windows\System\ZDEnmlQ.exe
  C:\Windows\System\ZDEnmlQ.exe
  2⤵
  PID:6592
- C:\Windows\System\IsaOozc.exe
  C:\Windows\System\IsaOozc.exe
  2⤵
  PID:6656
- C:\Windows\System\eCUgLKT.exe
  C:\Windows\System\eCUgLKT.exe
  2⤵
  PID:6720
- C:\Windows\System\nsUEYdb.exe
  C:\Windows\System\nsUEYdb.exe
  2⤵
  PID:6784
- C:\Windows\System\hZpWUvB.exe
  C:\Windows\System\hZpWUvB.exe
  2⤵
  PID:6848
- C:\Windows\System\aENOVyG.exe
  C:\Windows\System\aENOVyG.exe
  2⤵
  PID:6572
- C:\Windows\System\KxXvySz.exe
  C:\Windows\System\KxXvySz.exe
  2⤵
  PID:6796
- C:\Windows\System\eMfDQtm.exe
  C:\Windows\System\eMfDQtm.exe
  2⤵
  PID:6576
- C:\Windows\System\MigiTwj.exe
  C:\Windows\System\MigiTwj.exe
  2⤵
  PID:6672
- C:\Windows\System\zzbObEj.exe
  C:\Windows\System\zzbObEj.exe
  2⤵
  PID:6736
- C:\Windows\System\VSsDsSM.exe
  C:\Windows\System\VSsDsSM.exe
  2⤵
  PID:6832
- C:\Windows\System\oBsIiae.exe
  C:\Windows\System\oBsIiae.exe
  2⤵
  PID:6912
- C:\Windows\System\EMAxwAM.exe
  C:\Windows\System\EMAxwAM.exe
  2⤵
  PID:6948
- C:\Windows\System\AuKQbYA.exe
  C:\Windows\System\AuKQbYA.exe
  2⤵
  PID:7008
- C:\Windows\System\RvgNzml.exe
  C:\Windows\System\RvgNzml.exe
  2⤵
  PID:6932
- C:\Windows\System\PZokqvF.exe
  C:\Windows\System\PZokqvF.exe
  2⤵
  PID:6992
- C:\Windows\System\Enyrelz.exe
  C:\Windows\System\Enyrelz.exe
  2⤵
  PID:7056
- C:\Windows\System\bQYNGpa.exe
  C:\Windows\System\bQYNGpa.exe
  2⤵
  PID:7088
- C:\Windows\System\YdTTlCw.exe
  C:\Windows\System\YdTTlCw.exe
  2⤵
  PID:7136
- C:\Windows\System\IKFyGGe.exe
  C:\Windows\System\IKFyGGe.exe
  2⤵
  PID:6268
- C:\Windows\System\LNVwoZp.exe
  C:\Windows\System\LNVwoZp.exe
  2⤵
  PID:7156
- C:\Windows\System\MsokJZf.exe
  C:\Windows\System\MsokJZf.exe
  2⤵
  PID:6184
- C:\Windows\System\YqYGLlq.exe
  C:\Windows\System\YqYGLlq.exe
  2⤵
  PID:7124
- C:\Windows\System\JQxJFnL.exe
  C:\Windows\System\JQxJFnL.exe
  2⤵
  PID:6284
- C:\Windows\System\bospHpC.exe
  C:\Windows\System\bospHpC.exe
  2⤵
  PID:6396
- C:\Windows\System\YmVvuzG.exe
  C:\Windows\System\YmVvuzG.exe
  2⤵
  PID:6688
- C:\Windows\System\ByHDuzo.exe
  C:\Windows\System\ByHDuzo.exe
  2⤵
  PID:6668
- C:\Windows\System\ripYhSD.exe
  C:\Windows\System\ripYhSD.exe
  2⤵
  PID:6464
- C:\Windows\System\aalHWpQ.exe
  C:\Windows\System\aalHWpQ.exe
  2⤵
  PID:6880
- C:\Windows\System\hWuYuPn.exe
  C:\Windows\System\hWuYuPn.exe
  2⤵
  PID:6636
- C:\Windows\System\PZGCUgt.exe
  C:\Windows\System\PZGCUgt.exe
  2⤵
  PID:6508
- C:\Windows\System\bWmDihE.exe
  C:\Windows\System\bWmDihE.exe
  2⤵
  PID:6944
- C:\Windows\System\BffFrml.exe
  C:\Windows\System\BffFrml.exe
  2⤵
  PID:6704
- C:\Windows\System\dcjliyP.exe
  C:\Windows\System\dcjliyP.exe
  2⤵
  PID:6980
- C:\Windows\System\BylDifx.exe
  C:\Windows\System\BylDifx.exe
  2⤵
  PID:7104
- C:\Windows\System\gwXLsvs.exe
  C:\Windows\System\gwXLsvs.exe
  2⤵
  PID:6300
- C:\Windows\System\FVaDKOW.exe
  C:\Windows\System\FVaDKOW.exe
  2⤵
  PID:6844
- C:\Windows\System\FyRQTqS.exe
  C:\Windows\System\FyRQTqS.exe
  2⤵
  PID:6652
- C:\Windows\System\oyVdplX.exe
  C:\Windows\System\oyVdplX.exe
  2⤵
  PID:6544
- C:\Windows\System\jdPEpal.exe
  C:\Windows\System\jdPEpal.exe
  2⤵
  PID:6380
- C:\Windows\System\qwIyYTB.exe
  C:\Windows\System\qwIyYTB.exe
  2⤵
  PID:7176
- C:\Windows\System\CKGUZdw.exe
  C:\Windows\System\CKGUZdw.exe
  2⤵
  PID:7192
- C:\Windows\System\STegRAN.exe
  C:\Windows\System\STegRAN.exe
  2⤵
  PID:7208
- C:\Windows\System\MMubVHu.exe
  C:\Windows\System\MMubVHu.exe
  2⤵
  PID:7224
- C:\Windows\System\DWcHeNe.exe
  C:\Windows\System\DWcHeNe.exe
  2⤵
  PID:7240
- C:\Windows\System\KyWQwqe.exe
  C:\Windows\System\KyWQwqe.exe
  2⤵
  PID:7256
- C:\Windows\System\bbJZYDY.exe
  C:\Windows\System\bbJZYDY.exe
  2⤵
  PID:7272
- C:\Windows\System\jYhiMFU.exe
  C:\Windows\System\jYhiMFU.exe
  2⤵
  PID:7288
- C:\Windows\System\SORtTsg.exe
  C:\Windows\System\SORtTsg.exe
  2⤵
  PID:7304
- C:\Windows\System\PPfAxpa.exe
  C:\Windows\System\PPfAxpa.exe
  2⤵
  PID:7320
- C:\Windows\System\ZyTtIyl.exe
  C:\Windows\System\ZyTtIyl.exe
  2⤵
  PID:7336
- C:\Windows\System\pXndcuj.exe
  C:\Windows\System\pXndcuj.exe
  2⤵
  PID:7352
- C:\Windows\System\VedVuml.exe
  C:\Windows\System\VedVuml.exe
  2⤵
  PID:7368
- C:\Windows\System\QkBxNWd.exe
  C:\Windows\System\QkBxNWd.exe
  2⤵
  PID:7384
- C:\Windows\System\lHQTkSr.exe
  C:\Windows\System\lHQTkSr.exe
  2⤵
  PID:7400
- C:\Windows\System\FrFlMan.exe
  C:\Windows\System\FrFlMan.exe
  2⤵
  PID:7416
- C:\Windows\System\lEfazqY.exe
  C:\Windows\System\lEfazqY.exe
  2⤵
  PID:7432
- C:\Windows\System\ngHdbxF.exe
  C:\Windows\System\ngHdbxF.exe
  2⤵
  PID:7448
- C:\Windows\System\NShqhmW.exe
  C:\Windows\System\NShqhmW.exe
  2⤵
  PID:7472
- C:\Windows\System\tJeKrqL.exe
  C:\Windows\System\tJeKrqL.exe
  2⤵
  PID:7496
- C:\Windows\System\UEcnhHd.exe
  C:\Windows\System\UEcnhHd.exe
  2⤵
  PID:7512
- C:\Windows\System\bQrIacH.exe
  C:\Windows\System\bQrIacH.exe
  2⤵
  PID:7528
- C:\Windows\System\fmwnOnx.exe
  C:\Windows\System\fmwnOnx.exe
  2⤵
  PID:7544
- C:\Windows\System\VPlREqR.exe
  C:\Windows\System\VPlREqR.exe
  2⤵
  PID:7560
- C:\Windows\System\BbWgUvv.exe
  C:\Windows\System\BbWgUvv.exe
  2⤵
  PID:7596
- C:\Windows\System\EtazdRk.exe
  C:\Windows\System\EtazdRk.exe
  2⤵
  PID:7616
- C:\Windows\System\kyIStjZ.exe
  C:\Windows\System\kyIStjZ.exe
  2⤵
  PID:7632
- C:\Windows\System\Jnsohis.exe
  C:\Windows\System\Jnsohis.exe
  2⤵
  PID:7688
- C:\Windows\System\GVKmmny.exe
  C:\Windows\System\GVKmmny.exe
  2⤵
  PID:7704
- C:\Windows\System\atzTytu.exe
  C:\Windows\System\atzTytu.exe
  2⤵
  PID:7748
- C:\Windows\System\MOpNFed.exe
  C:\Windows\System\MOpNFed.exe
  2⤵
  PID:7768
- C:\Windows\System\HPcguIH.exe
  C:\Windows\System\HPcguIH.exe
  2⤵
  PID:7844
- C:\Windows\System\UlTZHLu.exe
  C:\Windows\System\UlTZHLu.exe
  2⤵
  PID:7868
- C:\Windows\System\ZmRzoJm.exe
  C:\Windows\System\ZmRzoJm.exe
  2⤵
  PID:7884
- C:\Windows\System\OpIsebG.exe
  C:\Windows\System\OpIsebG.exe
  2⤵
  PID:7900
- C:\Windows\System\rHftHxa.exe
  C:\Windows\System\rHftHxa.exe
  2⤵
  PID:7960
- C:\Windows\System\pZfGPiM.exe
  C:\Windows\System\pZfGPiM.exe
  2⤵
  PID:7976
- C:\Windows\System\DOroJmq.exe
  C:\Windows\System\DOroJmq.exe
  2⤵
  PID:8112
- C:\Windows\System\INsmmMd.exe
  C:\Windows\System\INsmmMd.exe
  2⤵
  PID:8168
- C:\Windows\System\krUBnux.exe
  C:\Windows\System\krUBnux.exe
  2⤵
  PID:6640
- C:\Windows\System\VMWCNsg.exe
  C:\Windows\System\VMWCNsg.exe
  2⤵
  PID:7060
- C:\Windows\System\qCJIzPL.exe
  C:\Windows\System\qCJIzPL.exe
  2⤵
  PID:6236
- C:\Windows\System\VEnYrBO.exe
  C:\Windows\System\VEnYrBO.exe
  2⤵
  PID:6588
- C:\Windows\System\cIJQWpz.exe
  C:\Windows\System\cIJQWpz.exe
  2⤵
  PID:6892
- C:\Windows\System\SSFhoBe.exe
  C:\Windows\System\SSFhoBe.exe
  2⤵
  PID:6624
- C:\Windows\System\HVDmiRV.exe
  C:\Windows\System\HVDmiRV.exe
  2⤵
  PID:7188
- C:\Windows\System\lELJXZV.exe
  C:\Windows\System\lELJXZV.exe
  2⤵
  PID:7252
- C:\Windows\System\untDVOn.exe
  C:\Windows\System\untDVOn.exe
  2⤵
  PID:7316
- C:\Windows\System\hvJIFVR.exe
  C:\Windows\System\hvJIFVR.exe
  2⤵
  PID:7380
- C:\Windows\System\EtYxbPN.exe
  C:\Windows\System\EtYxbPN.exe
  2⤵
  PID:7408
- C:\Windows\System\TeHJmAC.exe
  C:\Windows\System\TeHJmAC.exe
  2⤵
  PID:7440
- C:\Windows\System\dRIdZWz.exe
  C:\Windows\System\dRIdZWz.exe
  2⤵
  PID:7468
- C:\Windows\System\qdFzpUZ.exe
  C:\Windows\System\qdFzpUZ.exe
  2⤵
  PID:7488
- C:\Windows\System\rgbGcdO.exe
  C:\Windows\System\rgbGcdO.exe
  2⤵
  PID:7536
- C:\Windows\System\tnFXuwN.exe
  C:\Windows\System\tnFXuwN.exe
  2⤵
  PID:7552
- C:\Windows\System\iaxxNwQ.exe
  C:\Windows\System\iaxxNwQ.exe
  2⤵
  PID:7576
- C:\Windows\System\hEKpBkW.exe
  C:\Windows\System\hEKpBkW.exe
  2⤵
  PID:7592
- C:\Windows\System\HJTYZVj.exe
  C:\Windows\System\HJTYZVj.exe
  2⤵
  PID:7628
- C:\Windows\System\MOsNxtC.exe
  C:\Windows\System\MOsNxtC.exe
  2⤵
  PID:7652
- C:\Windows\System\TwjzImO.exe
  C:\Windows\System\TwjzImO.exe
  2⤵
  PID:7668
- C:\Windows\System\UqAJHIZ.exe
  C:\Windows\System\UqAJHIZ.exe
  2⤵
  PID:7684
- C:\Windows\System\rsEwruA.exe
  C:\Windows\System\rsEwruA.exe
  2⤵
  PID:6752
- C:\Windows\System\wsTTrep.exe
  C:\Windows\System\wsTTrep.exe
  2⤵
  PID:7856
- C:\Windows\System\DgjhYNW.exe
  C:\Windows\System\DgjhYNW.exe
  2⤵
  PID:7728
- C:\Windows\System\HYfSTDG.exe
  C:\Windows\System\HYfSTDG.exe
  2⤵
  PID:7780
- C:\Windows\System\kjykTlx.exe
  C:\Windows\System\kjykTlx.exe
  2⤵
  PID:7776
- C:\Windows\System\EHkXiXk.exe
  C:\Windows\System\EHkXiXk.exe
  2⤵
  PID:7796
- C:\Windows\System\HxTayAJ.exe
  C:\Windows\System\HxTayAJ.exe
  2⤵
  PID:7812
- C:\Windows\System\syOfubC.exe
  C:\Windows\System\syOfubC.exe
  2⤵
  PID:7832
- C:\Windows\System\VRlXUjQ.exe
  C:\Windows\System\VRlXUjQ.exe
  2⤵
  PID:7880
- C:\Windows\System\BXPlgQb.exe
  C:\Windows\System\BXPlgQb.exe
  2⤵
  PID:7928
- C:\Windows\System\CflpnnW.exe
  C:\Windows\System\CflpnnW.exe
  2⤵
  PID:7944
- C:\Windows\System\OyPjiGf.exe
  C:\Windows\System\OyPjiGf.exe
  2⤵
  PID:8000
- C:\Windows\System\oVnIgog.exe
  C:\Windows\System\oVnIgog.exe
  2⤵
  PID:8012
- C:\Windows\System\PEPKjEj.exe
  C:\Windows\System\PEPKjEj.exe
  2⤵
  PID:8040
- C:\Windows\System\JGycqGc.exe
  C:\Windows\System\JGycqGc.exe
  2⤵
  PID:8060
- C:\Windows\System\CxGRFRj.exe
  C:\Windows\System\CxGRFRj.exe
  2⤵
  PID:8080
- C:\Windows\System\muaJChJ.exe
  C:\Windows\System\muaJChJ.exe
  2⤵
  PID:8100
- C:\Windows\System\UtqXeWj.exe
  C:\Windows\System\UtqXeWj.exe
  2⤵
  PID:8120
- C:\Windows\System\eWAvktb.exe
  C:\Windows\System\eWAvktb.exe
  2⤵
  PID:8136
- C:\Windows\System\wqAtvEz.exe
  C:\Windows\System\wqAtvEz.exe
  2⤵
  PID:8152
- C:\Windows\System\LpHZcnn.exe
  C:\Windows\System\LpHZcnn.exe
  2⤵
  PID:8176
- C:\Windows\System\ivSetpp.exe
  C:\Windows\System\ivSetpp.exe
  2⤵
  PID:6540
- C:\Windows\System\eFiFDaa.exe
  C:\Windows\System\eFiFDaa.exe
  2⤵
  PID:7232
- C:\Windows\System\VGvqNeW.exe
  C:\Windows\System\VGvqNeW.exe
  2⤵
  PID:7296
- C:\Windows\System\WRqWBTl.exe
  C:\Windows\System\WRqWBTl.exe
  2⤵
  PID:7300
- C:\Windows\System\caduIGA.exe
  C:\Windows\System\caduIGA.exe
  2⤵
  PID:6348
- C:\Windows\System\XINVWUX.exe
  C:\Windows\System\XINVWUX.exe
  2⤵
  PID:5436
- C:\Windows\System\IzsLmYv.exe
  C:\Windows\System\IzsLmYv.exe
  2⤵
  PID:7220
- C:\Windows\System\qiBKOZp.exe
  C:\Windows\System\qiBKOZp.exe
  2⤵
  PID:7508
- C:\Windows\System\TxWsetJ.exe
  C:\Windows\System\TxWsetJ.exe
  2⤵
  PID:7660
- C:\Windows\System\BfQsHCb.exe
  C:\Windows\System\BfQsHCb.exe
  2⤵
  PID:7864
- C:\Windows\System\sgFRNcP.exe
  C:\Windows\System\sgFRNcP.exe
  2⤵
  PID:7792
- C:\Windows\System\qRLcFfR.exe
  C:\Windows\System\qRLcFfR.exe
  2⤵
  PID:7808
- C:\Windows\System\ULPYeYg.exe
  C:\Windows\System\ULPYeYg.exe
  2⤵
  PID:7648
- C:\Windows\System\YgrtfPX.exe
  C:\Windows\System\YgrtfPX.exe
  2⤵
  PID:7604
- C:\Windows\System\zJZJEgr.exe
  C:\Windows\System\zJZJEgr.exe
  2⤵
  PID:7700
- C:\Windows\System\GJTCqwW.exe
  C:\Windows\System\GJTCqwW.exe
  2⤵
  PID:7724
- C:\Windows\System\yGPQzAY.exe
  C:\Windows\System\yGPQzAY.exe
  2⤵
  PID:7804
- C:\Windows\System\dWxbQdg.exe
  C:\Windows\System\dWxbQdg.exe
  2⤵
  PID:7332
- C:\Windows\System\CUQChlL.exe
  C:\Windows\System\CUQChlL.exe
  2⤵
  PID:7712
- C:\Windows\System\nfoPWbr.exe
  C:\Windows\System\nfoPWbr.exe
  2⤵
  PID:8132
- C:\Windows\System\WjPMmAq.exe
  C:\Windows\System\WjPMmAq.exe
  2⤵
  PID:8148
- C:\Windows\System\hPFtGCR.exe
  C:\Windows\System\hPFtGCR.exe
  2⤵
  PID:6192
- C:\Windows\System\kKSftZe.exe
  C:\Windows\System\kKSftZe.exe
  2⤵
  PID:7588
- C:\Windows\System\wINolju.exe
  C:\Windows\System\wINolju.exe
  2⤵
  PID:7828
- C:\Windows\System\btCxbzE.exe
  C:\Windows\System\btCxbzE.exe
  2⤵
  PID:6964
- C:\Windows\System\ObsMdyO.exe
  C:\Windows\System\ObsMdyO.exe
  2⤵
  PID:7396
- C:\Windows\System\yiDSmtO.exe
  C:\Windows\System\yiDSmtO.exe
  2⤵
  PID:6864
- C:\Windows\System\UwdqSNG.exe
  C:\Windows\System\UwdqSNG.exe
  2⤵
  PID:7312
- C:\Windows\System\GyOlome.exe
  C:\Windows\System\GyOlome.exe
  2⤵
  PID:7520
- C:\Windows\System\ZJedPoH.exe
  C:\Windows\System\ZJedPoH.exe
  2⤵
  PID:7924
- C:\Windows\System\hmzHskq.exe
  C:\Windows\System\hmzHskq.exe
  2⤵
  PID:7956
- C:\Windows\System\rIpVrhV.exe
  C:\Windows\System\rIpVrhV.exe
  2⤵
  PID:8008
- C:\Windows\System\SxBHKRf.exe
  C:\Windows\System\SxBHKRf.exe
  2⤵
  PID:7756
- C:\Windows\System\WzinNVl.exe
  C:\Windows\System\WzinNVl.exe
  2⤵
  PID:7376
- C:\Windows\System\LLWqWnt.exe
  C:\Windows\System\LLWqWnt.exe
  2⤵
  PID:7840
- C:\Windows\System\mkRwhQM.exe
  C:\Windows\System\mkRwhQM.exe
  2⤵
  PID:7952
- C:\Windows\System\tdUxxLX.exe
  C:\Windows\System\tdUxxLX.exe
  2⤵
  PID:7852
- C:\Windows\System\aouvrwc.exe
  C:\Windows\System\aouvrwc.exe
  2⤵
  PID:7204
- C:\Windows\System\ryOePDp.exe
  C:\Windows\System\ryOePDp.exe
  2⤵
  PID:8196
- C:\Windows\System\OCSnkyJ.exe
  C:\Windows\System\OCSnkyJ.exe
  2⤵
  PID:8216
- C:\Windows\System\LjJCXmj.exe
  C:\Windows\System\LjJCXmj.exe
  2⤵
  PID:8232
- C:\Windows\System\ALTMrbW.exe
  C:\Windows\System\ALTMrbW.exe
  2⤵
  PID:8248
- C:\Windows\System\IeUKayf.exe
  C:\Windows\System\IeUKayf.exe
  2⤵
  PID:8264
- C:\Windows\System\CNliRTN.exe
  C:\Windows\System\CNliRTN.exe
  2⤵
  PID:8284
- C:\Windows\System\yNATCCN.exe
  C:\Windows\System\yNATCCN.exe
  2⤵
  PID:8304
- C:\Windows\System\JUwpWoj.exe
  C:\Windows\System\JUwpWoj.exe
  2⤵
  PID:8320
- C:\Windows\System\nURnmWI.exe
  C:\Windows\System\nURnmWI.exe
  2⤵
  PID:8340
- C:\Windows\System\UgRKNfw.exe
  C:\Windows\System\UgRKNfw.exe
  2⤵
  PID:8360
- C:\Windows\System\oJTVaeM.exe
  C:\Windows\System\oJTVaeM.exe
  2⤵
  PID:8376
- C:\Windows\System\sqTHoDZ.exe
  C:\Windows\System\sqTHoDZ.exe
  2⤵
  PID:8396
- C:\Windows\System\eYeOtCI.exe
  C:\Windows\System\eYeOtCI.exe
  2⤵
  PID:8412
- C:\Windows\System\tBxWapF.exe
  C:\Windows\System\tBxWapF.exe
  2⤵
  PID:8428
- C:\Windows\System\SowdsvL.exe
  C:\Windows\System\SowdsvL.exe
  2⤵
  PID:8444
- C:\Windows\System\SAEmaYA.exe
  C:\Windows\System\SAEmaYA.exe
  2⤵
  PID:8464
- C:\Windows\System\kucqeCl.exe
  C:\Windows\System\kucqeCl.exe
  2⤵
  PID:8484
- C:\Windows\System\LnLRIZg.exe
  C:\Windows\System\LnLRIZg.exe
  2⤵
  PID:8504
- C:\Windows\System\WoESVrB.exe
  C:\Windows\System\WoESVrB.exe
  2⤵
  PID:8520
- C:\Windows\System\JkBcYhg.exe
  C:\Windows\System\JkBcYhg.exe
  2⤵
  PID:8536
- C:\Windows\System\RGpzvfZ.exe
  C:\Windows\System\RGpzvfZ.exe
  2⤵
  PID:8552
- C:\Windows\System\FWcjdLU.exe
  C:\Windows\System\FWcjdLU.exe
  2⤵
  PID:8568
- C:\Windows\System\CLdsRZx.exe
  C:\Windows\System\CLdsRZx.exe
  2⤵
  PID:8588
- C:\Windows\System\JLfMwrH.exe
  C:\Windows\System\JLfMwrH.exe
  2⤵
  PID:8604
- C:\Windows\System\dldBcAh.exe
  C:\Windows\System\dldBcAh.exe
  2⤵
  PID:8620
- C:\Windows\System\iivrhkL.exe
  C:\Windows\System\iivrhkL.exe
  2⤵
  PID:8636
- C:\Windows\System\zvRqQFU.exe
  C:\Windows\System\zvRqQFU.exe
  2⤵
  PID:8656
- C:\Windows\System\uyeiMoK.exe
  C:\Windows\System\uyeiMoK.exe
  2⤵
  PID:8780
- C:\Windows\System\yzHdcNt.exe
  C:\Windows\System\yzHdcNt.exe
  2⤵
  PID:8796
- C:\Windows\System\hYfgrKT.exe
  C:\Windows\System\hYfgrKT.exe
  2⤵
  PID:8812
- C:\Windows\System\sGiTUYR.exe
  C:\Windows\System\sGiTUYR.exe
  2⤵
  PID:8832
- C:\Windows\System\kvTwTlN.exe
  C:\Windows\System\kvTwTlN.exe
  2⤵
  PID:8860
- C:\Windows\System\NjRihyB.exe
  C:\Windows\System\NjRihyB.exe
  2⤵
  PID:8876
- C:\Windows\System\TMgncAc.exe
  C:\Windows\System\TMgncAc.exe
  2⤵
  PID:8892
- C:\Windows\System\TRqMZmi.exe
  C:\Windows\System\TRqMZmi.exe
  2⤵
  PID:8908
- C:\Windows\System\seUpVoU.exe
  C:\Windows\System\seUpVoU.exe
  2⤵
  PID:8924
- C:\Windows\System\yMNjkgf.exe
  C:\Windows\System\yMNjkgf.exe
  2⤵
  PID:8940
- C:\Windows\System\DeMRPik.exe
  C:\Windows\System\DeMRPik.exe
  2⤵
  PID:8956
- C:\Windows\System\kNkAbMR.exe
  C:\Windows\System\kNkAbMR.exe
  2⤵
  PID:8972
- C:\Windows\System\mLfNOnU.exe
  C:\Windows\System\mLfNOnU.exe
  2⤵
  PID:9012
- C:\Windows\System\kdHKhYq.exe
  C:\Windows\System\kdHKhYq.exe
  2⤵
  PID:9048
- C:\Windows\System\FwhqQqI.exe
  C:\Windows\System\FwhqQqI.exe
  2⤵
  PID:9064
- C:\Windows\System\YSfgKal.exe
  C:\Windows\System\YSfgKal.exe
  2⤵
  PID:9080
- C:\Windows\System\dNjuGXD.exe
  C:\Windows\System\dNjuGXD.exe
  2⤵
  PID:9096
- C:\Windows\System\MRDtZre.exe
  C:\Windows\System\MRDtZre.exe
  2⤵
  PID:9112
- C:\Windows\System\bLAVaRk.exe
  C:\Windows\System\bLAVaRk.exe
  2⤵
  PID:9128
- C:\Windows\System\PNOHOiB.exe
  C:\Windows\System\PNOHOiB.exe
  2⤵
  PID:9144
- C:\Windows\System\vGJszul.exe
  C:\Windows\System\vGJszul.exe
  2⤵
  PID:9160
- C:\Windows\System\yktppsP.exe
  C:\Windows\System\yktppsP.exe
  2⤵
  PID:9176
- C:\Windows\System\dyZiTZq.exe
  C:\Windows\System\dyZiTZq.exe
  2⤵
  PID:9192
- C:\Windows\System\SUakOml.exe
  C:\Windows\System\SUakOml.exe
  2⤵
  PID:9208
- C:\Windows\System\SCSUOOe.exe
  C:\Windows\System\SCSUOOe.exe
  2⤵
  PID:8228
- C:\Windows\System\XEvXLWK.exe
  C:\Windows\System\XEvXLWK.exe
  2⤵
  PID:8292
- C:\Windows\System\FyYqZam.exe
  C:\Windows\System\FyYqZam.exe
  2⤵
  PID:8336
- C:\Windows\System\lBobxus.exe
  C:\Windows\System\lBobxus.exe
  2⤵
  PID:8184
- C:\Windows\System\LJMdseu.exe
  C:\Windows\System\LJMdseu.exe
  2⤵
  PID:8436
- C:\Windows\System\sZcAIag.exe
  C:\Windows\System\sZcAIag.exe
  2⤵
  PID:8512
- C:\Windows\System\JbjlhlY.exe
  C:\Windows\System\JbjlhlY.exe
  2⤵
  PID:8576
- C:\Windows\System\VKARsbY.exe
  C:\Windows\System\VKARsbY.exe
  2⤵
  PID:8044
- C:\Windows\System\tWkmGid.exe
  C:\Windows\System\tWkmGid.exe
  2⤵
  PID:8056
- C:\Windows\System\JWhXvSs.exe
  C:\Windows\System\JWhXvSs.exe
  2⤵
  PID:7040
- C:\Windows\System\KutxkvW.exe
  C:\Windows\System\KutxkvW.exe
  2⤵
  PID:7184
- C:\Windows\System\QDvcxzq.exe
  C:\Windows\System\QDvcxzq.exe
  2⤵
  PID:7580
- C:\Windows\System\KIxEvsT.exe
  C:\Windows\System\KIxEvsT.exe
  2⤵
  PID:7480
- C:\Windows\System\LJVUrNq.exe
  C:\Windows\System\LJVUrNq.exe
  2⤵
  PID:7492
- C:\Windows\System\hHIYtCN.exe
  C:\Windows\System\hHIYtCN.exe
  2⤵
  PID:8212
- C:\Windows\System\jXgirAv.exe
  C:\Windows\System\jXgirAv.exe
  2⤵
  PID:8276
- C:\Windows\System\RbuuUCI.exe
  C:\Windows\System\RbuuUCI.exe
  2⤵
  PID:8348
- C:\Windows\System\lHhOfBd.exe
  C:\Windows\System\lHhOfBd.exe
  2⤵
  PID:8388
- C:\Windows\System\hYncnXx.exe
  C:\Windows\System\hYncnXx.exe
  2⤵
  PID:8452
- C:\Windows\System\iPlsBjj.exe
  C:\Windows\System\iPlsBjj.exe
  2⤵
  PID:8532
- C:\Windows\System\fuvcCQD.exe
  C:\Windows\System\fuvcCQD.exe
  2⤵
  PID:8600
- C:\Windows\System\asToVvr.exe
  C:\Windows\System\asToVvr.exe
  2⤵
  PID:8664
- C:\Windows\System\WRRYXAx.exe
  C:\Windows\System\WRRYXAx.exe
  2⤵
  PID:8684
- C:\Windows\System\HdUyhOX.exe
  C:\Windows\System\HdUyhOX.exe
  2⤵
  PID:8696
- C:\Windows\System\gfiMHNn.exe
  C:\Windows\System\gfiMHNn.exe
  2⤵
  PID:8704
- C:\Windows\System\BLUxLYv.exe
  C:\Windows\System\BLUxLYv.exe
  2⤵
  PID:8804
- C:\Windows\System\yYkUTnO.exe
  C:\Windows\System\yYkUTnO.exe
  2⤵
  PID:7460
- C:\Windows\System\OwoLlMd.exe
  C:\Windows\System\OwoLlMd.exe
  2⤵
  PID:8872
- C:\Windows\System\asQOGqJ.exe
  C:\Windows\System\asQOGqJ.exe
  2⤵
  PID:8856
- C:\Windows\System\BCBaygA.exe
  C:\Windows\System\BCBaygA.exe
  2⤵
  PID:8888
- C:\Windows\System\GdmLpgt.exe
  C:\Windows\System\GdmLpgt.exe
  2⤵
  PID:8984
- C:\Windows\System\JaTFhCu.exe
  C:\Windows\System\JaTFhCu.exe
  2⤵
  PID:8996
- C:\Windows\System\SnLVLld.exe
  C:\Windows\System\SnLVLld.exe
  2⤵
  PID:8964
- C:\Windows\System\QhCZnCv.exe
  C:\Windows\System\QhCZnCv.exe
  2⤵
  PID:9028
- C:\Windows\System\UsgBHqi.exe
  C:\Windows\System\UsgBHqi.exe
  2⤵
  PID:9076
- C:\Windows\System\qCfiJOk.exe
  C:\Windows\System\qCfiJOk.exe
  2⤵
  PID:9072
- C:\Windows\System\oilAqZK.exe
  C:\Windows\System\oilAqZK.exe
  2⤵
  PID:9200
- C:\Windows\System\NgOTCOo.exe
  C:\Windows\System\NgOTCOo.exe
  2⤵
  PID:8368
- C:\Windows\System\DrOOncQ.exe
  C:\Windows\System\DrOOncQ.exe
  2⤵
  PID:8480
- C:\Windows\System\ddBYhkL.exe
  C:\Windows\System\ddBYhkL.exe
  2⤵
  PID:9124
- C:\Windows\System\kLmoNYh.exe
  C:\Windows\System\kLmoNYh.exe
  2⤵
  PID:8580
- C:\Windows\System\vBpmCxd.exe
  C:\Windows\System\vBpmCxd.exe
  2⤵
  PID:8076
- C:\Windows\System\pZKBPVd.exe
  C:\Windows\System\pZKBPVd.exe
  2⤵
  PID:8332
- C:\Windows\System\aPLVswD.exe
  C:\Windows\System\aPLVswD.exe
  2⤵
  PID:8612
- C:\Windows\System\bMbiCDS.exe
  C:\Windows\System\bMbiCDS.exe
  2⤵
  PID:8648
- C:\Windows\System\hjeHtPF.exe
  C:\Windows\System\hjeHtPF.exe
  2⤵
  PID:7732
- C:\Windows\System\jRawHpR.exe
  C:\Windows\System\jRawHpR.exe
  2⤵
  PID:8036
- C:\Windows\System\PwTYzQK.exe
  C:\Windows\System\PwTYzQK.exe
  2⤵
  PID:7996
- C:\Windows\System\imnMwQq.exe
  C:\Windows\System\imnMwQq.exe
  2⤵
  PID:7912
- C:\Windows\System\NTvtVdy.exe
  C:\Windows\System\NTvtVdy.exe
  2⤵
  PID:8652
- C:\Windows\System\kiAEQgy.exe
  C:\Windows\System\kiAEQgy.exe
  2⤵
  PID:8424
- C:\Windows\System\yedZdSE.exe
  C:\Windows\System\yedZdSE.exe
  2⤵
  PID:8672
- C:\Windows\System\AplYPKo.exe
  C:\Windows\System\AplYPKo.exe
  2⤵
  PID:8728
- C:\Windows\System\sRlZDmP.exe
  C:\Windows\System\sRlZDmP.exe
  2⤵
  PID:8740
- C:\Windows\System\XrOILSA.exe
  C:\Windows\System\XrOILSA.exe
  2⤵
  PID:8760
- C:\Windows\System\inpaYzS.exe
  C:\Windows\System\inpaYzS.exe
  2⤵
  PID:8824
- C:\Windows\System\EUNCFkU.exe
  C:\Windows\System\EUNCFkU.exe
  2⤵
  PID:2536
- C:\Windows\System\LUMHMtQ.exe
  C:\Windows\System\LUMHMtQ.exe
  2⤵
  PID:8920
- C:\Windows\System\stBLIvF.exe
  C:\Windows\System\stBLIvF.exe
  2⤵
  PID:8980
- C:\Windows\System\iIIbPuW.exe
  C:\Windows\System\iIIbPuW.exe
  2⤵
  PID:9020
- C:\Windows\System\ymxCLVQ.exe
  C:\Windows\System\ymxCLVQ.exe
  2⤵
  PID:9036
- C:\Windows\System\iXkLaJx.exe
  C:\Windows\System\iXkLaJx.exe
  2⤵
  PID:8476
- C:\Windows\System\hIowWNY.exe
  C:\Windows\System\hIowWNY.exe
  2⤵
  PID:9044
- C:\Windows\System\NOXDXRO.exe
  C:\Windows\System\NOXDXRO.exe
  2⤵
  PID:8300
- C:\Windows\System\ZcQGrDg.exe
  C:\Windows\System\ZcQGrDg.exe
  2⤵
  PID:8028
- C:\Windows\System\MshyfSN.exe
  C:\Windows\System\MshyfSN.exe
  2⤵
  PID:8092
- C:\Windows\System\PhwWmvD.exe
  C:\Windows\System\PhwWmvD.exe
  2⤵
  PID:5312
- C:\Windows\System\uvdhbkA.exe
  C:\Windows\System\uvdhbkA.exe
  2⤵
  PID:8356
- C:\Windows\System\vvhprtt.exe
  C:\Windows\System\vvhprtt.exe
  2⤵
  PID:8208
- C:\Windows\System\ZgsOUBc.exe
  C:\Windows\System\ZgsOUBc.exe
  2⤵
  PID:8716
- C:\Windows\System\aGsyPLo.exe
  C:\Windows\System\aGsyPLo.exe
  2⤵
  PID:8736
- C:\Windows\System\mQxZAox.exe
  C:\Windows\System\mQxZAox.exe
  2⤵
  PID:8776
- C:\Windows\System\TRJSkZe.exe
  C:\Windows\System\TRJSkZe.exe
  2⤵
  PID:9024
- C:\Windows\System\XsSYJaf.exe
  C:\Windows\System\XsSYJaf.exe
  2⤵
  PID:8756
- C:\Windows\System\GKeOGWA.exe
  C:\Windows\System\GKeOGWA.exe
  2⤵
  PID:8952
- C:\Windows\System\KyRNleH.exe
  C:\Windows\System\KyRNleH.exe
  2⤵
  PID:9184
- C:\Windows\System\nOpUWfG.exe
  C:\Windows\System\nOpUWfG.exe
  2⤵
  PID:8144
- C:\Windows\System\qzUDrBQ.exe
  C:\Windows\System\qzUDrBQ.exe
  2⤵
  PID:9092
- C:\Windows\System\mRmKeoT.exe
  C:\Windows\System\mRmKeoT.exe
  2⤵
  PID:7464
- C:\Windows\System\jZMWDWz.exe
  C:\Windows\System\jZMWDWz.exe
  2⤵
  PID:7972
- C:\Windows\System\UPmFlHD.exe
  C:\Windows\System\UPmFlHD.exe
  2⤵
  PID:8496
- C:\Windows\System\afAJDwL.exe
  C:\Windows\System\afAJDwL.exe
  2⤵
  PID:8272
- C:\Windows\System\pFTJHIW.exe
  C:\Windows\System\pFTJHIW.exe
  2⤵
  PID:8596
- C:\Windows\System\ewqVdKP.exe
  C:\Windows\System\ewqVdKP.exe
  2⤵
  PID:8932
- C:\Windows\System\RzEzNfb.exe
  C:\Windows\System\RzEzNfb.exe
  2⤵
  PID:9172
- C:\Windows\System\HUUkiBc.exe
  C:\Windows\System\HUUkiBc.exe
  2⤵
  PID:8844
- C:\Windows\System\baAgLbM.exe
  C:\Windows\System\baAgLbM.exe
  2⤵
  PID:8868
- C:\Windows\System\sLiSCBN.exe
  C:\Windows\System\sLiSCBN.exe
  2⤵
  PID:8764
- C:\Windows\System\igOqxdz.exe
  C:\Windows\System\igOqxdz.exe
  2⤵
  PID:8848
- C:\Windows\System\YCjnAyh.exe
  C:\Windows\System\YCjnAyh.exe
  2⤵
  PID:8748
- C:\Windows\System\vpvtCZm.exe
  C:\Windows\System\vpvtCZm.exe
  2⤵
  PID:7664
- C:\Windows\System\dYNRKXk.exe
  C:\Windows\System\dYNRKXk.exe
  2⤵
  PID:8632
- C:\Windows\System\LpByGYK.exe
  C:\Windows\System\LpByGYK.exe
  2⤵
  PID:8548
- C:\Windows\System\NeagfUt.exe
  C:\Windows\System\NeagfUt.exe
  2⤵
  PID:9140
- C:\Windows\System\aQFyuxo.exe
  C:\Windows\System\aQFyuxo.exe
  2⤵
  PID:8528
- C:\Windows\System\UnnzYtv.exe
  C:\Windows\System\UnnzYtv.exe
  2⤵
  PID:9236
- C:\Windows\System\PWpIaAX.exe
  C:\Windows\System\PWpIaAX.exe
  2⤵
  PID:9252
- C:\Windows\System\XCweycY.exe
  C:\Windows\System\XCweycY.exe
  2⤵
  PID:9268
- C:\Windows\System\ghVdMRc.exe
  C:\Windows\System\ghVdMRc.exe
  2⤵
  PID:9284
- C:\Windows\System\BhMZRwV.exe
  C:\Windows\System\BhMZRwV.exe
  2⤵
  PID:9300
- C:\Windows\System\EDEYiYF.exe
  C:\Windows\System\EDEYiYF.exe
  2⤵
  PID:9316
- C:\Windows\System\sveNZio.exe
  C:\Windows\System\sveNZio.exe
  2⤵
  PID:9332
- C:\Windows\System\uQNqBdf.exe
  C:\Windows\System\uQNqBdf.exe
  2⤵
  PID:9348
- C:\Windows\System\MpbiZAC.exe
  C:\Windows\System\MpbiZAC.exe
  2⤵
  PID:9364
- C:\Windows\System\hwVKPCN.exe
  C:\Windows\System\hwVKPCN.exe
  2⤵
  PID:9380
- C:\Windows\System\KypamMY.exe
  C:\Windows\System\KypamMY.exe
  2⤵
  PID:9396
- C:\Windows\System\tRaAzcS.exe
  C:\Windows\System\tRaAzcS.exe
  2⤵
  PID:9412
- C:\Windows\System\zvDgQOv.exe
  C:\Windows\System\zvDgQOv.exe
  2⤵
  PID:9428
- C:\Windows\System\OzokJZT.exe
  C:\Windows\System\OzokJZT.exe
  2⤵
  PID:9444
- C:\Windows\System\rjXlpGy.exe
  C:\Windows\System\rjXlpGy.exe
  2⤵
  PID:9460
- C:\Windows\System\lHoiCzj.exe
  C:\Windows\System\lHoiCzj.exe
  2⤵
  PID:9476
- C:\Windows\System\kpSDbGO.exe
  C:\Windows\System\kpSDbGO.exe
  2⤵
  PID:9492
- C:\Windows\System\mqqgXmG.exe
  C:\Windows\System\mqqgXmG.exe
  2⤵
  PID:9508
- C:\Windows\System\tvbxwBu.exe
  C:\Windows\System\tvbxwBu.exe
  2⤵
  PID:9524
- C:\Windows\System\TgIOHXM.exe
  C:\Windows\System\TgIOHXM.exe
  2⤵
  PID:9540
- C:\Windows\System\OkNwfmo.exe
  C:\Windows\System\OkNwfmo.exe
  2⤵
  PID:9560
- C:\Windows\System\TZpqQqg.exe
  C:\Windows\System\TZpqQqg.exe
  2⤵
  PID:9576
- C:\Windows\System\yxKFxal.exe
  C:\Windows\System\yxKFxal.exe
  2⤵
  PID:9596
- C:\Windows\System\vWWCLPB.exe
  C:\Windows\System\vWWCLPB.exe
  2⤵
  PID:9628
- C:\Windows\System\dKAkklm.exe
  C:\Windows\System\dKAkklm.exe
  2⤵
  PID:9644
- C:\Windows\System\iLSXMDS.exe
  C:\Windows\System\iLSXMDS.exe
  2⤵
  PID:9660
- C:\Windows\System\DtGoGIS.exe
  C:\Windows\System\DtGoGIS.exe
  2⤵
  PID:9680
- C:\Windows\System\ChPHhZZ.exe
  C:\Windows\System\ChPHhZZ.exe
  2⤵
  PID:9700
- C:\Windows\System\POSRlQI.exe
  C:\Windows\System\POSRlQI.exe
  2⤵
  PID:9720
- C:\Windows\System\hxgnSlT.exe
  C:\Windows\System\hxgnSlT.exe
  2⤵
  PID:9744
- C:\Windows\System\JFjkLgg.exe
  C:\Windows\System\JFjkLgg.exe
  2⤵
  PID:9764
- C:\Windows\System\jHXYFQQ.exe
  C:\Windows\System\jHXYFQQ.exe
  2⤵
  PID:9784
- C:\Windows\System\dhPxQUn.exe
  C:\Windows\System\dhPxQUn.exe
  2⤵
  PID:9800
- C:\Windows\System\PbuFkjH.exe
  C:\Windows\System\PbuFkjH.exe
  2⤵
  PID:9820
- C:\Windows\System\NyUwVbY.exe
  C:\Windows\System\NyUwVbY.exe
  2⤵
  PID:9840
- C:\Windows\System\pHukagf.exe
  C:\Windows\System\pHukagf.exe
  2⤵
  PID:9856
- C:\Windows\System\LufteEK.exe
  C:\Windows\System\LufteEK.exe
  2⤵
  PID:9936
- C:\Windows\System\HAzsNPk.exe
  C:\Windows\System\HAzsNPk.exe
  2⤵
  PID:9968
- C:\Windows\System\WPEhRCl.exe
  C:\Windows\System\WPEhRCl.exe
  2⤵
  PID:10016
- C:\Windows\System\hxcNWwB.exe
  C:\Windows\System\hxcNWwB.exe
  2⤵
  PID:10032
- C:\Windows\System\jJAAcCZ.exe
  C:\Windows\System\jJAAcCZ.exe
  2⤵
  PID:10048
- C:\Windows\System\XgGQDyd.exe
  C:\Windows\System\XgGQDyd.exe
  2⤵
  PID:10068
- C:\Windows\System\JbJYzNa.exe
  C:\Windows\System\JbJYzNa.exe
  2⤵
  PID:10084
- C:\Windows\System\CxltelV.exe
  C:\Windows\System\CxltelV.exe
  2⤵
  PID:10100
- C:\Windows\System\GELCWLm.exe
  C:\Windows\System\GELCWLm.exe
  2⤵
  PID:10120
- C:\Windows\System\wmXjbXB.exe
  C:\Windows\System\wmXjbXB.exe
  2⤵
  PID:10140
- C:\Windows\System\MNOfzSk.exe
  C:\Windows\System\MNOfzSk.exe
  2⤵
  PID:10160
- C:\Windows\System\liIlLXy.exe
  C:\Windows\System\liIlLXy.exe
  2⤵
  PID:10180
- C:\Windows\System\dVtktwK.exe
  C:\Windows\System\dVtktwK.exe
  2⤵
  PID:10196
- C:\Windows\System\tDsJnOY.exe
  C:\Windows\System\tDsJnOY.exe
  2⤵
  PID:10216
- C:\Windows\System\cYIrKCQ.exe
  C:\Windows\System\cYIrKCQ.exe
  2⤵
  PID:9056
- C:\Windows\System\FwwlthB.exe
  C:\Windows\System\FwwlthB.exe
  2⤵
  PID:9292
- C:\Windows\System\caWMmDc.exe
  C:\Windows\System\caWMmDc.exe
  2⤵
  PID:9424
- C:\Windows\System\xaCwjfm.exe
  C:\Windows\System\xaCwjfm.exe
  2⤵
  PID:9456
- C:\Windows\System\jgqkjeb.exe
  C:\Windows\System\jgqkjeb.exe
  2⤵
  PID:9584
- C:\Windows\System\rLOljbc.exe
  C:\Windows\System\rLOljbc.exe
  2⤵
  PID:8492
- C:\Windows\System\VMOlWdv.exe
  C:\Windows\System\VMOlWdv.exe
  2⤵
  PID:9328
- C:\Windows\System\chdOJuA.exe
  C:\Windows\System\chdOJuA.exe
  2⤵
  PID:9716
- C:\Windows\System\UqMTXBr.exe
  C:\Windows\System\UqMTXBr.exe
  2⤵
  PID:9796
- C:\Windows\System\FQdFIba.exe
  C:\Windows\System\FQdFIba.exe
  2⤵
  PID:9864
- C:\Windows\System\GBMNgRV.exe
  C:\Windows\System\GBMNgRV.exe
  2⤵
  PID:9892
- C:\Windows\System\QVZlwqf.exe
  C:\Windows\System\QVZlwqf.exe
  2⤵
  PID:9904
- C:\Windows\System\HXWyJeT.exe
  C:\Windows\System\HXWyJeT.exe
  2⤵
  PID:996
- C:\Windows\System\WqgCMZs.exe
  C:\Windows\System\WqgCMZs.exe
  2⤵
  PID:8772
- C:\Windows\System\hhZYqcH.exe
  C:\Windows\System\hhZYqcH.exe
  2⤵
  PID:9280
- C:\Windows\System\axbXyhL.exe
  C:\Windows\System\axbXyhL.exe
  2⤵
  PID:9340
- C:\Windows\System\jRQGzTR.exe
  C:\Windows\System\jRQGzTR.exe
  2⤵
  PID:9436
- C:\Windows\System\hvchzHm.exe
  C:\Windows\System\hvchzHm.exe
  2⤵
  PID:9504
- C:\Windows\System\nbBVqxM.exe
  C:\Windows\System\nbBVqxM.exe
  2⤵
  PID:9592
- C:\Windows\System\IuFuKzL.exe
  C:\Windows\System\IuFuKzL.exe
  2⤵
  PID:9616
- C:\Windows\System\iCKtsRv.exe
  C:\Windows\System\iCKtsRv.exe
  2⤵
  PID:9656
- C:\Windows\System\tSznwQX.exe
  C:\Windows\System\tSznwQX.exe
  2⤵
  PID:9728
- C:\Windows\System\njLLgog.exe
  C:\Windows\System\njLLgog.exe
  2⤵
  PID:9868
- C:\Windows\System\NNQWaKz.exe
  C:\Windows\System\NNQWaKz.exe
  2⤵
  PID:9944
- C:\Windows\System\ZxaGQED.exe
  C:\Windows\System\ZxaGQED.exe
  2⤵
  PID:9976
- C:\Windows\System\KiMbEXv.exe
  C:\Windows\System\KiMbEXv.exe
  2⤵
  PID:9964
- C:\Windows\System\DkPERug.exe
  C:\Windows\System\DkPERug.exe
  2⤵
  PID:10028
- C:\Windows\System\WsCgink.exe
  C:\Windows\System\WsCgink.exe
  2⤵
  PID:10112
- C:\Windows\System\sUXXuLA.exe
  C:\Windows\System\sUXXuLA.exe
  2⤵
  PID:10224
- C:\Windows\System\WYSmKIr.exe
  C:\Windows\System\WYSmKIr.exe
  2⤵
  PID:10056
- C:\Windows\System\pUmpWAN.exe
  C:\Windows\System\pUmpWAN.exe
  2⤵
  PID:10228
- C:\Windows\System\tytojLQ.exe
  C:\Windows\System\tytojLQ.exe
  2⤵
  PID:10096
- C:\Windows\System\peYNSiU.exe
  C:\Windows\System\peYNSiU.exe
  2⤵
  PID:9552
- C:\Windows\System\BUbwNaS.exe
  C:\Windows\System\BUbwNaS.exe
  2⤵
  PID:10208
- C:\Windows\System\GiNvCNm.exe
  C:\Windows\System\GiNvCNm.exe
  2⤵
  PID:9516
- C:\Windows\System\jyurOGr.exe
  C:\Windows\System\jyurOGr.exe
  2⤵
  PID:9672
- C:\Windows\System\npjlNjE.exe
  C:\Windows\System\npjlNjE.exe
  2⤵
  PID:9756
- C:\Windows\System\aKjFnXA.exe
  C:\Windows\System\aKjFnXA.exe
  2⤵
  PID:9836
- C:\Windows\System\UclpEbW.exe
  C:\Windows\System\UclpEbW.exe
  2⤵
  PID:8644
- C:\Windows\System\HuSBkXG.exe
  C:\Windows\System\HuSBkXG.exe
  2⤵
  PID:9500
- C:\Windows\System\HoyxCek.exe
  C:\Windows\System\HoyxCek.exe
  2⤵
  PID:9572
- C:\Windows\System\ELcfcXx.exe
  C:\Windows\System\ELcfcXx.exe
  2⤵
  PID:9916
- C:\Windows\System\ghsXLRM.exe
  C:\Windows\System\ghsXLRM.exe
  2⤵
  PID:9956
- C:\Windows\System\BaQDQhl.exe
  C:\Windows\System\BaQDQhl.exe
  2⤵
  PID:9652
- C:\Windows\System\PXJdNuV.exe
  C:\Windows\System\PXJdNuV.exe
  2⤵
  PID:9984
- C:\Windows\System\HKFRNoh.exe
  C:\Windows\System\HKFRNoh.exe
  2⤵
  PID:9780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CtUzaJT.exe

Filesize
6.0MB

MD5
d6085658d356633f07928cb40f0aa4b4

SHA1
b22540e62abbb5ce8d4bd0105c02e45afb82a0b6

SHA256
122f1a98f5100073f0d9bcb53042c1936dde2575ae366d71cbc2aa01facbded0

SHA512
8264222050eb45d0fc12098722e1dffb245a16a7b293d297c2e3e3c6bd799c25450d00633f034afa26c7335b19d354084b105b1becf88e946a5b415f89099b0d

Download Submit
C:\Windows\system\EWPVYvJ.exe

Filesize
6.0MB

MD5
3e2ff22278f50c485ae69dbbb8ca5ebb

SHA1
2df31bb7207e1479e345645beb2c972edaa789c9

SHA256
3db5bf1162c6c16b416362dacf528f8d268be443893c38812bf5211905952409

SHA512
314c20ddcafffe0efddf1696265f64cfe0b116af6e1c71c6715719b7f7cb8b0d197de26d64df7a71e4d8e99a52f2b8271698b6ae0970e02d77962264e8bfb163

Download Submit
C:\Windows\system\FmqqYaV.exe

Filesize
6.0MB

MD5
dcb1e97effb6877706578c5d659cc620

SHA1
873d563d8d741564931399b5230b04326ca68ecf

SHA256
5e30b81c15bb087c1d97d261d1a4505797a9655d787d217026b0908907f6d0e9

SHA512
925f62610bf869dd77ca0cd7485bd094f0bf615295c73ec7a0798528209b91c25dd3f43afefac20e1432975a5363c895ac66aa22f54234b21d986da8cea7ad0a

Download Submit
C:\Windows\system\HwLlTOX.exe

Filesize
6.0MB

MD5
bf73627fed66506cec9e2363f6f5beb5

SHA1
8f5e9ac762a429466478eb25c1ccb75502d8cab3

SHA256
1bf0aed31bf5903fd55df245b2ba6863ab1dfc699ebdd091ee13aae1c52880f3

SHA512
add92289beb77c4f4662efda09313f3f64b532f96ef2b089b00afe422c6c4028aeefba8b40a74156accecd9758facb056b313febb3be3c46e61846ad1fcb5616

Download Submit
C:\Windows\system\JszwWFP.exe

Filesize
6.0MB

MD5
10b9eee47db7798692049cd7863a1cd9

SHA1
c2e3b06990f3ea4a34a826496560376b7f6077c6

SHA256
f99f7038b150deed55776b895640abf214a738e25a803db6718ded032cc95a27

SHA512
74c26b273923d1698b63057b2cc51ba47a87df3356657f8c9c0083b1ff64472ebcf5a23aa32110ef887ae41e13418e1cba51f00bfb5557b4b4ed49efbee0807a

Download Submit
C:\Windows\system\KYjHLmJ.exe

Filesize
6.0MB

MD5
bcf9661f13ca526d34708181799ddb2f

SHA1
93769c91cea4d8b1084f6111cbb533fc17445893

SHA256
e18c2b489ed70117241fd117dff04a3c2f07a2336bcd9333a2941276d96f72c9

SHA512
88f27d97e34e34c164c2392a67e9b16d33441794d7314749ff5c7bc7d20d719ec8482dc11094068dd71082b5d114750c160168db91fead097fa983244a0333d9

Download Submit
C:\Windows\system\KdLEyOM.exe

Filesize
6.0MB

MD5
24ab5a6a8346869c3a1a1089f046edf4

SHA1
de9a88cd7edf4179204cdd7c7d925accb0d286a7

SHA256
3af61be69619763e136bdc0348aebd975a5bd984d9701f62a5bd27797b5e0235

SHA512
d2a3d80dc21bd7c5c428950e2f00133841fafc04c824fda61e0d8b9723622d65f53b30ae11795829309ce56bfa05e482576a6d01874e9326d8a459c1d9b4a28f

Download Submit
C:\Windows\system\KmHyfqk.exe

Filesize
6.0MB

MD5
32f0177fcc480159eff2ba36d00d2baf

SHA1
5664883468283fc874e4fff3bad746d86a2056a6

SHA256
f1fa0a7ed4b225b36a5c7a6961c77d955a657bfbc6094a478cec904b33dffb8d

SHA512
c6fbebe8d662c7a8220b7a015a087754705528ff8805ff80d7f917f0a09994cb4a663f8009cd4ef8887adce5449b02d7c765462a3a267cd8dfee32e2389ececf

Download Submit
C:\Windows\system\MSYdfZs.exe

Filesize
6.0MB

MD5
ae6351b00ff74ec8be2a4fbbda80c9af

SHA1
8dc5c64c960b4b4b3da242ed548cffde23d21d2c

SHA256
67e73b36263ed15eff2a81fe99aa4137044a714d1e4b14e1dc74fe516a40f12a

SHA512
e8ef47fd37ee66a804f6630a771452ec78580270135e2dc4c8f89c77d895b204fadb417ec9db825c5d2da4d074091ed463b9fb368e2a5b823caa27495ef7a9a8

Download Submit
C:\Windows\system\PKWJfVC.exe

Filesize
6.0MB

MD5
116ca46ddc140363c8445124be603d58

SHA1
d2a7eb67c542e4cbad6b97d1f2f982a903204a2f

SHA256
7f5e2548bfad24ea96d8d83925e35d448f278685dc952027140f52fc2eba35eb

SHA512
0c42c79c4c529316aa3f949074a707a6c4e01682b2ccc235cba2ad8c973ccbbff043f4b135831f9f8645fbb2c48122dce6277502f9b389a90ac2dbcec9e37efa

Download Submit
C:\Windows\system\PdMyVdh.exe

Filesize
6.0MB

MD5
1183842c7b932aea15b2c61d4c1f03ce

SHA1
289987fe50bec26728b71945a13c9529f5032ea2

SHA256
3b675019b9bee6b0017780d49e007e4b4a81baa93e262201453c9afcacdcb5fd

SHA512
39d2f7b79d9998a05e1da9bfa48a68b5587c7b32757402af1d3c406f9f8f519b3da853a0857187516b0e59814b1b57de68bc9bb19f51b499b17a544d696c9ab0

Download Submit
C:\Windows\system\QhTiNHz.exe

Filesize
6.0MB

MD5
58e5901ba8fd9002ec3f29dcd995d245

SHA1
e6c8c6c314e3332770a4ff05fa38256809cf8976

SHA256
eaa5ef280019aa24eadf15a053a75cf9d78b7376317d8c1dbd29eae304722fca

SHA512
e1c3e09e139874317e88c9c75296d29b53c5f8ccd4436693775591df5ada5b85811bf1ff30c987d29cf6e8fcf9e62020794e249d5b0337aa8c6bb11325136fd0

Download Submit
C:\Windows\system\WbyrfcE.exe

Filesize
6.0MB

MD5
d2598489288a0b238d7bae6b0fcb037b

SHA1
c6a8b031091cab4da6b92ca4cc6e88eb58aa5ede

SHA256
7a7b6c7bd58bf956e6d0891b2463da2b19adfb1d962567b679269286efdb6ae3

SHA512
09fe5d8393da00d5f8320d98949169ad5c4530905141663e46a17dea9cf11ae330bb002c9537636d0efe6f039ccba6069895dafbd9ea3916d773f73d93c62f7f

Download Submit
C:\Windows\system\ZykiTZc.exe

Filesize
6.0MB

MD5
6640e53ce03d7cb6763833d585a35e8a

SHA1
426e39e2268bbc9f11b6edb3a19cf3859a1e95f9

SHA256
db31e34677776d251134b7390a603ac613548da59c9c2b9dfc0f0c8e49af6544

SHA512
8c0a83020d0f38a00b1bfec8dfde0b24dd8cb86f003a76c3290df38aa4680f1d9b89bedce4dcab513a1ac75f37915d77ef421c5a29e714e7e433d826385d8282

Download Submit
C:\Windows\system\azfJpKE.exe

Filesize
6.0MB

MD5
e05702f150d4e4461e2b9a0d70880fc8

SHA1
3f9816bb63fe2072cbd21617e1729684811dd476

SHA256
7dc3e49c783c7e77fd8cd35ffbf4f0c8fbfe2eb0d966240c61c253027e0f3a7f

SHA512
7237a633fbc059430377df9f5cafae055adb98916f5c2c49785b9acf1d42bcf0c81d22b2cef1380b538bb95d79aea0c4d0b33b68b5cb24c304a1997465050b78

Download Submit
C:\Windows\system\cBEFDaw.exe

Filesize
6.0MB

MD5
d25b7db506c01e0c8da9a26ef651ebc7

SHA1
fa56e23e765a8fe087ed56951f39f7a600b94fa7

SHA256
3cbfb21ef78134531cf0e2e75bd2dd98c0715c136101ab5ed0ac11ee5bd547e0

SHA512
2fbc66d87d860577b510401913d95bbd19c5ef0a346a43166fad1648d93004b72b317cdf4890f9278e390d9d804f5277530faf33855bec76b3371ec50749a570

Download Submit
C:\Windows\system\eYtuhRC.exe

Filesize
6.0MB

MD5
64dd82709d09f4a97a49b4da82fa10f7

SHA1
3899d71e28ebb467191710eb759361e5031dd414

SHA256
f977694682f49588f8c17e78312cfe8f7139ee6eaee2a6686d1095b4291a54cf

SHA512
b9154cc547b4c6c2288f35c34f2374a4c4b06a5699a59f2f33a25122e56997f53d703365484b4bfc34123817fa2a1a7c9383a76e014ba87d37bdfee04a78c766

Download Submit
C:\Windows\system\gQlDPQw.exe

Filesize
6.0MB

MD5
01a049e95a00b315d420358eeed5a2ad

SHA1
d6fce5a2619a8a6e21590baa41757038c52d9d3b

SHA256
f4fe78fa9d8b41be5a780cb18865a1f74b148122a40207331b2edbd204eb1a09

SHA512
d4a60ca1af455eccbf5c321a652a9d702fa6423a84a8366e5278cb18f09fd51f237d662a45069ea66cf497895f01371153858703c7316f82ec060c453e28af8b

Download Submit
C:\Windows\system\jdDvOTz.exe

Filesize
6.0MB

MD5
791cf171792c19fe8dfbc80e0051d569

SHA1
36d4f333b035d91ef5ed84befe179436baef8d31

SHA256
788d9891f4e97c0b985655b4c2da917f65cd6d191ffb9f5f9d52140ef2669b21

SHA512
11f3036d96e306dba54a4e41649a511c0193dedbae48bf644522d62f7b3bbcf6d8e31b4596b006947b8c712ab2ae96d78b561aa4ab49568f9a0449f433665238

Download Submit
C:\Windows\system\lXeLroH.exe

Filesize
6.0MB

MD5
5148bf292c17e93e63827e01dba4d635

SHA1
4b9008580941329646fe2b8b2b6e710aa380a63e

SHA256
a85cece422b8110c9cd389ee1506d309ccd218c4d63134ef4fa8ba35d6183642

SHA512
fb6d2c5ae2bc44dc6e3054431da6eaa06f5fa9f8e3d93217afaae87e1092ce4e906613950328683b7617eda94f5840806a983b19e6b8ae9db59f4296e735188a

Download Submit
C:\Windows\system\nYJONXU.exe

Filesize
6.0MB

MD5
3e4239031997d1ef376b85ef4f580525

SHA1
50fba0a83b70f729236a030e220c37d8aaa604e4

SHA256
1a5220317ce4df9d310101a5a4b7f52ac6ab453303248d4831b4326d5d64eedc

SHA512
d8d0adbb91062ef1fcb73ee0701d2618dc27755c3ce02a08377f426c28661d426b2687e5070e45e1e268f962e76013393c215e5b01bb30b7df12b11e76b6fb85

Download Submit
C:\Windows\system\pyBzNAh.exe

Filesize
6.0MB

MD5
755533ed346bdf364b88cce16e351d54

SHA1
894e461d0786bee944ba2811fd1b9ff1783da6ef

SHA256
c0b56cbd211b7fb72bee0abf81b7ce7f5e400a4d964b1fdcdc4cedc13cbb00cd

SHA512
f624ed17f7943e0c00aa4bde7c03a6e3029c8e544d20a42eb5e86c5663355cfa463091d5501abab7cb945d74411e3158a1982b14865b4a555ca12a245747dc9a

Download Submit
C:\Windows\system\rKWzUou.exe

Filesize
6.0MB

MD5
107bad424944abccb85e39ecf12471a9

SHA1
9e882cb4b59bcaf5ccdbe0f613fd8666cd3de08d

SHA256
8431af0f3dcb5fd1e54e169021bc932a14e0e7bd921f1f5c4352fc94f313bcf5

SHA512
19fcc10393934c40209ed914b40bb80722cd0c32ca772927a61a0c0e1336837f398bc66bba6b40287a2b28f095a455ea6c9342e49d24adb1f5561b9843edb4ae

Download Submit
C:\Windows\system\vJVSiyK.exe

Filesize
6.0MB

MD5
1dc6782566631c5c32d544d2f122a413

SHA1
318dd4fec2ed20c77fbdbfabb0dcbb20cc2e48fa

SHA256
d76f793fda73e9c0462092031e9eb4af9c454abd8ccd1141900e8b2b626df302

SHA512
da10bb53f1bd0c5d8fd83f4269e25d68e1d5a944b110609e439fe820dfd0cf729589dedeecbc4969e5707b1c2dc19e31497a36bf90c6b2b9d27e463b16bcd955

Download Submit
C:\Windows\system\vgFZjhO.exe

Filesize
6.0MB

MD5
c0e857a06374b7ff8fb881f30c2013ba

SHA1
37a0c22dc5f7bb560ce8cb3b6235e154ed4391f7

SHA256
b9492b1cc23cf1399984c8db163d1808f68915dcf7cd4dee096dfd7277fb649a

SHA512
5d8c60852c822d162d0de556dd73b418e9354e887efae32e1f5e121070a51492ce42b1aad7c5399bbcc1bbff9e71c34c3de00e4400d5806a60720b81fb0d7cc6

Download Submit
C:\Windows\system\xImhbcE.exe

Filesize
6.0MB

MD5
20236e1d853afa002de558cadb510387

SHA1
9b230ab887eaf404ef776b5dbfee347f2d1c82a2

SHA256
504f8304a34ab1a15646595a0a60947720022f6a3d441cadf299789322630147

SHA512
84d3528bc43bb0b4f4cc54f9018dc7f4918ce8386df9f95f32669c414d9bdcfc74454dc8e5777973e40ac22cd7cc300bfe9924ac910cdcad2f96f6eaea392219

Download Submit
\Windows\system\DRqzLVO.exe

Filesize
6.0MB

MD5
806802d59f96a4d05ba49ed42882936d

SHA1
a79d06680789cb9a3cb10835cdc35a141b644368

SHA256
0b42f8f645484153e84b67d6eadc9f0208bb3983ef8658ccd89f2de1936772cd

SHA512
57199a537bd64963f4d3796b57901aeb35151c54d76e2b84a1fb46fc498e5b9440b5dc1a855767cf40af9b2f74a01690d6321456834f7b7293caf03bb451d62e

Download Submit
\Windows\system\MXCoSJw.exe

Filesize
6.0MB

MD5
43874fe8999b33ce8d87ea25df08bc7a

SHA1
a439591d22d4c70b1882e014eb2a12554f0751d9

SHA256
9a323d115e13d773759b3fd4824fb26aa142c48fa3943b47860acc7eb937a004

SHA512
3b026cde379a35731721b33a73d1d34c41302bb9f60d7492060cf5edf60fb0a9ff12db6a59813dc3bc5e873ca9716b70042355c854ebaf85654cf0ce6ed543c9

Download Submit
\Windows\system\TaSeRGz.exe

Filesize
6.0MB

MD5
9656066eea958bb5832f6d92f47529b1

SHA1
75ea8474e032e4ec96cd6ca43b52df39e67c0241

SHA256
2a31c64767fadcd62e980c58e7961674c3e89af69d718fb81bf889d25a61a0df

SHA512
2db1239c1779ebc653b309b85cd4e07c305bb4190692c3ab25bb739536f945e0fe41fba3d26004e262257fe0ab24f21ff56ada3300759ace324f03f3e35d1d74

Download Submit
\Windows\system\UtFAbdJ.exe

Filesize
6.0MB

MD5
c824d0fb21b89c5d9b67d5e240334e3c

SHA1
9f45e44c72ce0e67ea41806a41a3fbfb5c3db06e

SHA256
370c725b5321f6707db0949d59606721dc31239edf4a10203094688955c78c89

SHA512
a1ecac379b8ce30ea50f40f367aacae4e38f376b195a6b1b9455dd866d716206221bea2374d9bb4be09e8b4cc5bf60e6da4d79571226a5e2805ec0329a6a7352

Download Submit
\Windows\system\Xucspsn.exe

Filesize
6.0MB

MD5
2014ffe09b67ab61486480d8bc9d0911

SHA1
5ede8fd81cf67a5910c814309179f639406f6355

SHA256
1dca866cc95258902a0a52288654cdce34a84b616b3e6a3f748b95a9a29b2089

SHA512
9258fece8b39b4002e1c1bffe5d69dc1174840d5a0b53723d1fb6eb34f21cbb32344a71b8e1bfcb4a79bcb7f6e46939c95ffa02a4db6a5d10c7f519566373a66

Download Submit
\Windows\system\pfBszPu.exe

Filesize
6.0MB

MD5
d3d6aa24088160ab9870718237d171f3

SHA1
4977f5c68a36bbb09d78684168b3364742320339

SHA256
7e824fcff447aad59461763859847a1b7261d03785b9010face2a7593aee3422

SHA512
27fb32e116f9e3f78275f77485a30c024ed6574d59922bdcccc4273237566b9a4ffffe67013500205fb63020407c548844b969e37d28b1ba613c1b46c06f8764

Download Submit
memory/1732-52-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1732-21-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-73-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-109-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-189-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-232-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-694-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-35-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1732-100-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-8-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-70-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1732-28-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-65-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-91-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1732-17-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-60-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-81-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1744-22-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1744-4060-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2000-9-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-4061-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-75-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-19-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-4064-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-99-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-4058-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-36-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-4057-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-101-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4053-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-72-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-92-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4054-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4055-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2748-192-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2748-90-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4051-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2808-46-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2808-102-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2844-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4056-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4063-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-47-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4052-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-80-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-190-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4059-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2908-191-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2908-82-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-30-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4062-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-89-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download