cobaltstrike | d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
Size

6.0MB
MD5

829e32c907f55263cc13ad34a50024d0
SHA1

f47de9bf15d4b55d1808bc8406ba23c66474940e
SHA256

d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901
SHA512

a69706e186dcf45fe2bddc2a5add9b780b68800c51778330bfb1204303ece06b471be0e9ebc9340c7b7a59f194d0e914d98d80074e2cba558533607458c9d6f9
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU/:eOl56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001706d-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173da-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f1-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f4-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fc-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-47.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-83.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000016dbe-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-57.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d4-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/files/0x0008000000016ea4-8.dat	xmrig
behavioral1/files/0x000800000001706d-15.dat	xmrig
behavioral1/memory/2776-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2764-12-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00070000000173da-20.dat	xmrig
behavioral1/files/0x00070000000173f1-24.dat	xmrig
behavioral1/files/0x00070000000173f4-32.dat	xmrig
behavioral1/files/0x00070000000173fc-38.dat	xmrig
behavioral1/files/0x00050000000191ff-47.dat	xmrig
behavioral1/files/0x000500000001922c-50.dat	xmrig
behavioral1/files/0x000500000001936b-106.dat	xmrig
behavioral1/files/0x0005000000019356-102.dat	xmrig
behavioral1/files/0x0005000000019442-159.dat	xmrig
behavioral1/files/0x000500000001946b-155.dat	xmrig
behavioral1/files/0x0005000000019458-147.dat	xmrig
behavioral1/files/0x0005000000019426-140.dat	xmrig
behavioral1/files/0x00050000000193a5-130.dat	xmrig
behavioral1/files/0x000500000001946e-163.dat	xmrig
behavioral1/files/0x000500000001945c-152.dat	xmrig
behavioral1/files/0x000500000001944d-144.dat	xmrig
behavioral1/files/0x000500000001937b-109.dat	xmrig
behavioral1/files/0x0005000000019438-135.dat	xmrig
behavioral1/files/0x0005000000019423-125.dat	xmrig
behavioral1/files/0x0005000000019397-115.dat	xmrig
behavioral1/files/0x0005000000019353-97.dat	xmrig
behavioral1/files/0x000500000001928c-92.dat	xmrig
behavioral1/files/0x0005000000019284-83.dat	xmrig
behavioral1/files/0x002d000000016dbe-87.dat	xmrig
behavioral1/files/0x0005000000019266-77.dat	xmrig
behavioral1/files/0x0005000000019263-72.dat	xmrig
behavioral1/files/0x0005000000019256-62.dat	xmrig
behavioral1/files/0x0005000000019259-67.dat	xmrig
behavioral1/files/0x0005000000019244-57.dat	xmrig
behavioral1/files/0x00070000000191d4-42.dat	xmrig
behavioral1/memory/2080-1455-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2680-1727-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2596-1813-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2584-1820-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2736-1909-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2560-2035-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2624-2061-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3060-2190-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2080-2282-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/316-2338-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2080-2344-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2184-2350-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2080-2945-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2764-3016-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2776-3017-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2080-3153-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2080-3164-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2080-3163-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2596-3503-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2764-3505-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2776-3504-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2680-3531-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/316-3573-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/1360-3587-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2184-3607-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2624-3591-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3060-3555-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2560-3543-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	QUIIAdU.exe
2776	jhCxhzj.exe
2708	HzEXecb.exe
2680	zwtaCjH.exe
2596	glMoqQJ.exe
2584	YsUtGOb.exe
2736	TQQsEWI.exe
2560	jJVBUZR.exe
2624	kcaHSok.exe
3060	tRMcPPJ.exe
1360	xuIdall.exe
316	wcSCwYj.exe
2184	tuxjHsG.exe
2432	CGvZHCj.exe
2012	RhoXnFN.exe
2992	mLhFGKx.exe
2808	XOycqXd.exe
2008	znBfOeG.exe
772	UndAhjG.exe
1052	MYlTuVN.exe
3056	stEdYzt.exe
1500	mMgmhNu.exe
1120	MYVTzMR.exe
1516	rhtaUjZ.exe
568	BDyaIoZ.exe
992	bQtfNeq.exe
2160	NfzJtxC.exe
2084	yQSUtSR.exe
2088	NKvecyd.exe
2352	rgaqHhr.exe
1600	rMwKjdW.exe
2340	PflfFcw.exe
1648	HFLcCwy.exe
1704	DCRGCXQ.exe
2416	rYOIZIk.exe
2104	JjngxvM.exe
2444	azzRaqA.exe
936	toksjGy.exe
2996	EwJtSkk.exe
1340	srDvYzu.exe
1692	GxhMwzS.exe
2096	FYZiMax.exe
2936	aBSfTep.exe
2112	iwmTBwb.exe
3012	EcWuPgd.exe
2036	biZatRM.exe
1592	hHPDAcc.exe
2464	dpreSkA.exe
1248	wzmRwEw.exe
3004	hWcWZdt.exe
2400	HuzlkvQ.exe
640	RohKpXD.exe
1744	hpmwOin.exe
2216	JImzZvg.exe
1564	zhzmezn.exe
2704	TEjIDGz.exe
1636	PGTvNrk.exe
2588	uTFfDAn.exe
2156	kOtvJhh.exe
2692	zVIibKr.exe
2568	HGSOEzk.exe
2068	KutOPqW.exe
2728	BUaNVTo.exe
776	YKhsNuN.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/files/0x0008000000016ea4-8.dat	upx
behavioral1/files/0x000800000001706d-15.dat	upx
behavioral1/memory/2776-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2764-12-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00070000000173da-20.dat	upx
behavioral1/files/0x00070000000173f1-24.dat	upx
behavioral1/files/0x00070000000173f4-32.dat	upx
behavioral1/files/0x00070000000173fc-38.dat	upx
behavioral1/files/0x00050000000191ff-47.dat	upx
behavioral1/files/0x000500000001922c-50.dat	upx
behavioral1/files/0x000500000001936b-106.dat	upx
behavioral1/files/0x0005000000019356-102.dat	upx
behavioral1/files/0x0005000000019442-159.dat	upx
behavioral1/files/0x000500000001946b-155.dat	upx
behavioral1/files/0x0005000000019458-147.dat	upx
behavioral1/files/0x0005000000019426-140.dat	upx
behavioral1/files/0x00050000000193a5-130.dat	upx
behavioral1/files/0x000500000001946e-163.dat	upx
behavioral1/files/0x000500000001945c-152.dat	upx
behavioral1/files/0x000500000001944d-144.dat	upx
behavioral1/files/0x000500000001937b-109.dat	upx
behavioral1/files/0x0005000000019438-135.dat	upx
behavioral1/files/0x0005000000019423-125.dat	upx
behavioral1/files/0x0005000000019397-115.dat	upx
behavioral1/files/0x0005000000019353-97.dat	upx
behavioral1/files/0x000500000001928c-92.dat	upx
behavioral1/files/0x0005000000019284-83.dat	upx
behavioral1/files/0x002d000000016dbe-87.dat	upx
behavioral1/files/0x0005000000019266-77.dat	upx
behavioral1/files/0x0005000000019263-72.dat	upx
behavioral1/files/0x0005000000019256-62.dat	upx
behavioral1/files/0x0005000000019259-67.dat	upx
behavioral1/files/0x0005000000019244-57.dat	upx
behavioral1/files/0x00070000000191d4-42.dat	upx
behavioral1/memory/2680-1727-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2596-1813-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2584-1820-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2736-1909-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2560-2035-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2624-2061-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3060-2190-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/316-2338-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2184-2350-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2080-2945-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2764-3016-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2776-3017-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2596-3503-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2764-3505-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2776-3504-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2680-3531-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/316-3573-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/1360-3587-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2184-3607-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2624-3591-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3060-3555-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2560-3543-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2584-3533-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2736-3582-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AunPowO.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\vXysVEj.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\yyVPYtG.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\TuaaaKw.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ZnQKiab.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\vsqxDtF.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\sTIoFMI.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\FLWpVzM.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\SmkEgxo.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\fMRTFem.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\fLtQGBF.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\iFQlgpU.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ySqcYze.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ceLXwIq.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\hpmwOin.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ZHLsbXk.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\NpYSGJg.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\TTPsles.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\NHWlWyn.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ToFsQVL.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\FmXRryq.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\dVmuCmg.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\BKCATOr.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\IAdXAVB.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\gHIJIjr.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\unSPKQL.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\OZoYgFt.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\PUZUrDn.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\EXiLRey.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\cbZVZAw.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\rEGIpch.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\YsTkIzl.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\EbpZyrx.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\NZYWwUr.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\gXYACKk.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\YVrMXsX.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\azMrKRK.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\uDXDesC.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\bOjahRS.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\ezeaVDc.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\MVthXUb.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\TgafDNw.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\isJLXMk.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\hqeNoQW.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\SsIujKm.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\iolufuc.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\YbbaUCL.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\XOhGzsU.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\jocTLPk.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\zigGHzM.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\uREFbAW.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\VVOBcIe.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\VFDbFck.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\CQqXCbr.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\SUwcwMz.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\QMtLXQu.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\sShuVPB.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\LPFjSnR.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\YFrerEQ.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\gEPnHnG.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\QUIIAdU.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\GfcDkZM.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\MXFySCU.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
File created	C:\Windows\System\QKRhXTQ.exe	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2764	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	31
PID 2080 wrote to memory of 2764	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	31
PID 2080 wrote to memory of 2764	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	31
PID 2080 wrote to memory of 2776	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	32
PID 2080 wrote to memory of 2776	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	32
PID 2080 wrote to memory of 2776	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	32
PID 2080 wrote to memory of 2708	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	33
PID 2080 wrote to memory of 2708	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	33
PID 2080 wrote to memory of 2708	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	33
PID 2080 wrote to memory of 2680	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	34
PID 2080 wrote to memory of 2680	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	34
PID 2080 wrote to memory of 2680	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	34
PID 2080 wrote to memory of 2596	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	35
PID 2080 wrote to memory of 2596	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	35
PID 2080 wrote to memory of 2596	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	35
PID 2080 wrote to memory of 2584	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	36
PID 2080 wrote to memory of 2584	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	36
PID 2080 wrote to memory of 2584	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	36
PID 2080 wrote to memory of 2736	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	37
PID 2080 wrote to memory of 2736	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	37
PID 2080 wrote to memory of 2736	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	37
PID 2080 wrote to memory of 2560	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	38
PID 2080 wrote to memory of 2560	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	38
PID 2080 wrote to memory of 2560	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	38
PID 2080 wrote to memory of 2624	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	39
PID 2080 wrote to memory of 2624	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	39
PID 2080 wrote to memory of 2624	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	39
PID 2080 wrote to memory of 3060	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	40
PID 2080 wrote to memory of 3060	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	40
PID 2080 wrote to memory of 3060	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	40
PID 2080 wrote to memory of 1360	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	41
PID 2080 wrote to memory of 1360	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	41
PID 2080 wrote to memory of 1360	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	41
PID 2080 wrote to memory of 316	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	42
PID 2080 wrote to memory of 316	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	42
PID 2080 wrote to memory of 316	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	42
PID 2080 wrote to memory of 2184	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	43
PID 2080 wrote to memory of 2184	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	43
PID 2080 wrote to memory of 2184	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	43
PID 2080 wrote to memory of 2432	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	44
PID 2080 wrote to memory of 2432	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	44
PID 2080 wrote to memory of 2432	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	44
PID 2080 wrote to memory of 2012	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	45
PID 2080 wrote to memory of 2012	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	45
PID 2080 wrote to memory of 2012	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	45
PID 2080 wrote to memory of 2992	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	46
PID 2080 wrote to memory of 2992	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	46
PID 2080 wrote to memory of 2992	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	46
PID 2080 wrote to memory of 2808	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	47
PID 2080 wrote to memory of 2808	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	47
PID 2080 wrote to memory of 2808	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	47
PID 2080 wrote to memory of 2008	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	48
PID 2080 wrote to memory of 2008	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	48
PID 2080 wrote to memory of 2008	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	48
PID 2080 wrote to memory of 772	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	49
PID 2080 wrote to memory of 772	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	49
PID 2080 wrote to memory of 772	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	49
PID 2080 wrote to memory of 1052	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	50
PID 2080 wrote to memory of 1052	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	50
PID 2080 wrote to memory of 1052	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	50
PID 2080 wrote to memory of 3056	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	51
PID 2080 wrote to memory of 3056	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	51
PID 2080 wrote to memory of 3056	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	51
PID 2080 wrote to memory of 1120	2080	JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d66b5aa632746cd114e45a86257045582e773df406bb8965335aa0045300e901.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\System\QUIIAdU.exe
  C:\Windows\System\QUIIAdU.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\jhCxhzj.exe
  C:\Windows\System\jhCxhzj.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HzEXecb.exe
  C:\Windows\System\HzEXecb.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\zwtaCjH.exe
  C:\Windows\System\zwtaCjH.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\glMoqQJ.exe
  C:\Windows\System\glMoqQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\YsUtGOb.exe
  C:\Windows\System\YsUtGOb.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\TQQsEWI.exe
  C:\Windows\System\TQQsEWI.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\jJVBUZR.exe
  C:\Windows\System\jJVBUZR.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\kcaHSok.exe
  C:\Windows\System\kcaHSok.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\tRMcPPJ.exe
  C:\Windows\System\tRMcPPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\xuIdall.exe
  C:\Windows\System\xuIdall.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\wcSCwYj.exe
  C:\Windows\System\wcSCwYj.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\tuxjHsG.exe
  C:\Windows\System\tuxjHsG.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\CGvZHCj.exe
  C:\Windows\System\CGvZHCj.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\RhoXnFN.exe
  C:\Windows\System\RhoXnFN.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\mLhFGKx.exe
  C:\Windows\System\mLhFGKx.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\XOycqXd.exe
  C:\Windows\System\XOycqXd.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\znBfOeG.exe
  C:\Windows\System\znBfOeG.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\UndAhjG.exe
  C:\Windows\System\UndAhjG.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\MYlTuVN.exe
  C:\Windows\System\MYlTuVN.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\stEdYzt.exe
  C:\Windows\System\stEdYzt.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\MYVTzMR.exe
  C:\Windows\System\MYVTzMR.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\mMgmhNu.exe
  C:\Windows\System\mMgmhNu.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\BDyaIoZ.exe
  C:\Windows\System\BDyaIoZ.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\rhtaUjZ.exe
  C:\Windows\System\rhtaUjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\NfzJtxC.exe
  C:\Windows\System\NfzJtxC.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\bQtfNeq.exe
  C:\Windows\System\bQtfNeq.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\rgaqHhr.exe
  C:\Windows\System\rgaqHhr.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\yQSUtSR.exe
  C:\Windows\System\yQSUtSR.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\PflfFcw.exe
  C:\Windows\System\PflfFcw.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\NKvecyd.exe
  C:\Windows\System\NKvecyd.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JjngxvM.exe
  C:\Windows\System\JjngxvM.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\rMwKjdW.exe
  C:\Windows\System\rMwKjdW.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\azzRaqA.exe
  C:\Windows\System\azzRaqA.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\HFLcCwy.exe
  C:\Windows\System\HFLcCwy.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\toksjGy.exe
  C:\Windows\System\toksjGy.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\DCRGCXQ.exe
  C:\Windows\System\DCRGCXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\EwJtSkk.exe
  C:\Windows\System\EwJtSkk.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\rYOIZIk.exe
  C:\Windows\System\rYOIZIk.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\srDvYzu.exe
  C:\Windows\System\srDvYzu.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\GxhMwzS.exe
  C:\Windows\System\GxhMwzS.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\biZatRM.exe
  C:\Windows\System\biZatRM.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\FYZiMax.exe
  C:\Windows\System\FYZiMax.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\hHPDAcc.exe
  C:\Windows\System\hHPDAcc.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\aBSfTep.exe
  C:\Windows\System\aBSfTep.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\dpreSkA.exe
  C:\Windows\System\dpreSkA.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\iwmTBwb.exe
  C:\Windows\System\iwmTBwb.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\wzmRwEw.exe
  C:\Windows\System\wzmRwEw.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\EcWuPgd.exe
  C:\Windows\System\EcWuPgd.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\hWcWZdt.exe
  C:\Windows\System\hWcWZdt.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HuzlkvQ.exe
  C:\Windows\System\HuzlkvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\RohKpXD.exe
  C:\Windows\System\RohKpXD.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\hpmwOin.exe
  C:\Windows\System\hpmwOin.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PGTvNrk.exe
  C:\Windows\System\PGTvNrk.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\JImzZvg.exe
  C:\Windows\System\JImzZvg.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kOtvJhh.exe
  C:\Windows\System\kOtvJhh.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zhzmezn.exe
  C:\Windows\System\zhzmezn.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\zVIibKr.exe
  C:\Windows\System\zVIibKr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\TEjIDGz.exe
  C:\Windows\System\TEjIDGz.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HGSOEzk.exe
  C:\Windows\System\HGSOEzk.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\uTFfDAn.exe
  C:\Windows\System\uTFfDAn.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\KutOPqW.exe
  C:\Windows\System\KutOPqW.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\BUaNVTo.exe
  C:\Windows\System\BUaNVTo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\YKhsNuN.exe
  C:\Windows\System\YKhsNuN.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\RlJPvIY.exe
  C:\Windows\System\RlJPvIY.exe
  2⤵
  PID:1000
- C:\Windows\System\XUdtnZr.exe
  C:\Windows\System\XUdtnZr.exe
  2⤵
  PID:2148
- C:\Windows\System\YVrMXsX.exe
  C:\Windows\System\YVrMXsX.exe
  2⤵
  PID:2540
- C:\Windows\System\uWkeNRt.exe
  C:\Windows\System\uWkeNRt.exe
  2⤵
  PID:1732
- C:\Windows\System\naJACHc.exe
  C:\Windows\System\naJACHc.exe
  2⤵
  PID:1804
- C:\Windows\System\fhsNMNa.exe
  C:\Windows\System\fhsNMNa.exe
  2⤵
  PID:480
- C:\Windows\System\olblSdg.exe
  C:\Windows\System\olblSdg.exe
  2⤵
  PID:1952
- C:\Windows\System\oDuOquD.exe
  C:\Windows\System\oDuOquD.exe
  2⤵
  PID:2196
- C:\Windows\System\pdSGMpJ.exe
  C:\Windows\System\pdSGMpJ.exe
  2⤵
  PID:2192
- C:\Windows\System\nCLkYPP.exe
  C:\Windows\System\nCLkYPP.exe
  2⤵
  PID:2164
- C:\Windows\System\VkuzlAa.exe
  C:\Windows\System\VkuzlAa.exe
  2⤵
  PID:988
- C:\Windows\System\mDsqluB.exe
  C:\Windows\System\mDsqluB.exe
  2⤵
  PID:592
- C:\Windows\System\qfATzQO.exe
  C:\Windows\System\qfATzQO.exe
  2⤵
  PID:1696
- C:\Windows\System\IribzqO.exe
  C:\Windows\System\IribzqO.exe
  2⤵
  PID:1772
- C:\Windows\System\wgolqZf.exe
  C:\Windows\System\wgolqZf.exe
  2⤵
  PID:1712
- C:\Windows\System\gHIJIjr.exe
  C:\Windows\System\gHIJIjr.exe
  2⤵
  PID:3000
- C:\Windows\System\rCKcHaX.exe
  C:\Windows\System\rCKcHaX.exe
  2⤵
  PID:1224
- C:\Windows\System\eJWEuhm.exe
  C:\Windows\System\eJWEuhm.exe
  2⤵
  PID:1300
- C:\Windows\System\uePIdFP.exe
  C:\Windows\System\uePIdFP.exe
  2⤵
  PID:2920
- C:\Windows\System\ZjMaVhy.exe
  C:\Windows\System\ZjMaVhy.exe
  2⤵
  PID:1376
- C:\Windows\System\lZdFoFD.exe
  C:\Windows\System\lZdFoFD.exe
  2⤵
  PID:2472
- C:\Windows\System\LJcwkSR.exe
  C:\Windows\System\LJcwkSR.exe
  2⤵
  PID:1616
- C:\Windows\System\AUToLNw.exe
  C:\Windows\System\AUToLNw.exe
  2⤵
  PID:2268
- C:\Windows\System\JwowzNf.exe
  C:\Windows\System\JwowzNf.exe
  2⤵
  PID:1508
- C:\Windows\System\FbFNBJs.exe
  C:\Windows\System\FbFNBJs.exe
  2⤵
  PID:1576
- C:\Windows\System\bxUKwhp.exe
  C:\Windows\System\bxUKwhp.exe
  2⤵
  PID:2520
- C:\Windows\System\THKjOGb.exe
  C:\Windows\System\THKjOGb.exe
  2⤵
  PID:2780
- C:\Windows\System\ywgUsMe.exe
  C:\Windows\System\ywgUsMe.exe
  2⤵
  PID:892
- C:\Windows\System\ZomZnzE.exe
  C:\Windows\System\ZomZnzE.exe
  2⤵
  PID:2756
- C:\Windows\System\KbbPJpc.exe
  C:\Windows\System\KbbPJpc.exe
  2⤵
  PID:2616
- C:\Windows\System\ogywHaQ.exe
  C:\Windows\System\ogywHaQ.exe
  2⤵
  PID:1572
- C:\Windows\System\wimzXnT.exe
  C:\Windows\System\wimzXnT.exe
  2⤵
  PID:3068
- C:\Windows\System\GVAElJG.exe
  C:\Windows\System\GVAElJG.exe
  2⤵
  PID:2328
- C:\Windows\System\lHjhhLl.exe
  C:\Windows\System\lHjhhLl.exe
  2⤵
  PID:1708
- C:\Windows\System\oUWdPLD.exe
  C:\Windows\System\oUWdPLD.exe
  2⤵
  PID:2912
- C:\Windows\System\iquHBxw.exe
  C:\Windows\System\iquHBxw.exe
  2⤵
  PID:1088
- C:\Windows\System\UvQAoaa.exe
  C:\Windows\System\UvQAoaa.exe
  2⤵
  PID:2356
- C:\Windows\System\RhhlsMo.exe
  C:\Windows\System\RhhlsMo.exe
  2⤵
  PID:1624
- C:\Windows\System\QrqVpjq.exe
  C:\Windows\System\QrqVpjq.exe
  2⤵
  PID:2660
- C:\Windows\System\srYraSB.exe
  C:\Windows\System\srYraSB.exe
  2⤵
  PID:3048
- C:\Windows\System\fZKLLvp.exe
  C:\Windows\System\fZKLLvp.exe
  2⤵
  PID:2376
- C:\Windows\System\nqGHQxp.exe
  C:\Windows\System\nqGHQxp.exe
  2⤵
  PID:1084
- C:\Windows\System\vqiuFYZ.exe
  C:\Windows\System\vqiuFYZ.exe
  2⤵
  PID:1852
- C:\Windows\System\YxNsnpM.exe
  C:\Windows\System\YxNsnpM.exe
  2⤵
  PID:2380
- C:\Windows\System\vTOaoNF.exe
  C:\Windows\System\vTOaoNF.exe
  2⤵
  PID:2488
- C:\Windows\System\nsnpPgs.exe
  C:\Windows\System\nsnpPgs.exe
  2⤵
  PID:2292
- C:\Windows\System\bbmLgxt.exe
  C:\Windows\System\bbmLgxt.exe
  2⤵
  PID:344
- C:\Windows\System\bKUakFA.exe
  C:\Windows\System\bKUakFA.exe
  2⤵
  PID:2724
- C:\Windows\System\UFRcEAq.exe
  C:\Windows\System\UFRcEAq.exe
  2⤵
  PID:2712
- C:\Windows\System\DtlDReq.exe
  C:\Windows\System\DtlDReq.exe
  2⤵
  PID:2752
- C:\Windows\System\ZXpxFYr.exe
  C:\Windows\System\ZXpxFYr.exe
  2⤵
  PID:2468
- C:\Windows\System\BXnvAIM.exe
  C:\Windows\System\BXnvAIM.exe
  2⤵
  PID:620
- C:\Windows\System\vEZyAMM.exe
  C:\Windows\System\vEZyAMM.exe
  2⤵
  PID:108
- C:\Windows\System\YLdjaOY.exe
  C:\Windows\System\YLdjaOY.exe
  2⤵
  PID:2152
- C:\Windows\System\UfWaMWM.exe
  C:\Windows\System\UfWaMWM.exe
  2⤵
  PID:1836
- C:\Windows\System\QdkUBMn.exe
  C:\Windows\System\QdkUBMn.exe
  2⤵
  PID:1448
- C:\Windows\System\lBPrVQk.exe
  C:\Windows\System\lBPrVQk.exe
  2⤵
  PID:2436
- C:\Windows\System\XWvlcjc.exe
  C:\Windows\System\XWvlcjc.exe
  2⤵
  PID:2532
- C:\Windows\System\ZKyiCCr.exe
  C:\Windows\System\ZKyiCCr.exe
  2⤵
  PID:1944
- C:\Windows\System\GksJPdK.exe
  C:\Windows\System\GksJPdK.exe
  2⤵
  PID:1240
- C:\Windows\System\BBiAJnr.exe
  C:\Windows\System\BBiAJnr.exe
  2⤵
  PID:2456
- C:\Windows\System\tJIKkKN.exe
  C:\Windows\System\tJIKkKN.exe
  2⤵
  PID:3084
- C:\Windows\System\zigGHzM.exe
  C:\Windows\System\zigGHzM.exe
  2⤵
  PID:3100
- C:\Windows\System\tsKNFWT.exe
  C:\Windows\System\tsKNFWT.exe
  2⤵
  PID:3120
- C:\Windows\System\WzcgUVk.exe
  C:\Windows\System\WzcgUVk.exe
  2⤵
  PID:3144
- C:\Windows\System\uREFbAW.exe
  C:\Windows\System\uREFbAW.exe
  2⤵
  PID:3168
- C:\Windows\System\lxOpgNd.exe
  C:\Windows\System\lxOpgNd.exe
  2⤵
  PID:3196
- C:\Windows\System\dQFYnJz.exe
  C:\Windows\System\dQFYnJz.exe
  2⤵
  PID:3240
- C:\Windows\System\dKWELLC.exe
  C:\Windows\System\dKWELLC.exe
  2⤵
  PID:3260
- C:\Windows\System\TrjDlWB.exe
  C:\Windows\System\TrjDlWB.exe
  2⤵
  PID:3284
- C:\Windows\System\aitvkuf.exe
  C:\Windows\System\aitvkuf.exe
  2⤵
  PID:3300
- C:\Windows\System\QvQGVDn.exe
  C:\Windows\System\QvQGVDn.exe
  2⤵
  PID:3320
- C:\Windows\System\yTVKVdy.exe
  C:\Windows\System\yTVKVdy.exe
  2⤵
  PID:3340
- C:\Windows\System\NmjDBrf.exe
  C:\Windows\System\NmjDBrf.exe
  2⤵
  PID:3360
- C:\Windows\System\pZVcNzZ.exe
  C:\Windows\System\pZVcNzZ.exe
  2⤵
  PID:3376
- C:\Windows\System\RfrhZTK.exe
  C:\Windows\System\RfrhZTK.exe
  2⤵
  PID:3396
- C:\Windows\System\KyoKllH.exe
  C:\Windows\System\KyoKllH.exe
  2⤵
  PID:3416
- C:\Windows\System\TgafDNw.exe
  C:\Windows\System\TgafDNw.exe
  2⤵
  PID:3436
- C:\Windows\System\EjjkhTd.exe
  C:\Windows\System\EjjkhTd.exe
  2⤵
  PID:3456
- C:\Windows\System\dlQwuAu.exe
  C:\Windows\System\dlQwuAu.exe
  2⤵
  PID:3476
- C:\Windows\System\RPrSsLQ.exe
  C:\Windows\System\RPrSsLQ.exe
  2⤵
  PID:3504
- C:\Windows\System\DiGRqQE.exe
  C:\Windows\System\DiGRqQE.exe
  2⤵
  PID:3520
- C:\Windows\System\vspUqMj.exe
  C:\Windows\System\vspUqMj.exe
  2⤵
  PID:3536
- C:\Windows\System\nimOrTD.exe
  C:\Windows\System\nimOrTD.exe
  2⤵
  PID:3556
- C:\Windows\System\JTuNiYw.exe
  C:\Windows\System\JTuNiYw.exe
  2⤵
  PID:3576
- C:\Windows\System\DpRbQPh.exe
  C:\Windows\System\DpRbQPh.exe
  2⤵
  PID:3596
- C:\Windows\System\bJcsMDq.exe
  C:\Windows\System\bJcsMDq.exe
  2⤵
  PID:3620
- C:\Windows\System\MoPFXmD.exe
  C:\Windows\System\MoPFXmD.exe
  2⤵
  PID:3640
- C:\Windows\System\TRaLiVP.exe
  C:\Windows\System\TRaLiVP.exe
  2⤵
  PID:3660
- C:\Windows\System\txNbQid.exe
  C:\Windows\System\txNbQid.exe
  2⤵
  PID:3680
- C:\Windows\System\OUriomD.exe
  C:\Windows\System\OUriomD.exe
  2⤵
  PID:3700
- C:\Windows\System\Xcvckxy.exe
  C:\Windows\System\Xcvckxy.exe
  2⤵
  PID:3720
- C:\Windows\System\cKnhOUm.exe
  C:\Windows\System\cKnhOUm.exe
  2⤵
  PID:3736
- C:\Windows\System\nYnYoht.exe
  C:\Windows\System\nYnYoht.exe
  2⤵
  PID:3760
- C:\Windows\System\MmnYIvr.exe
  C:\Windows\System\MmnYIvr.exe
  2⤵
  PID:3780
- C:\Windows\System\bHaOOft.exe
  C:\Windows\System\bHaOOft.exe
  2⤵
  PID:3804
- C:\Windows\System\unSPKQL.exe
  C:\Windows\System\unSPKQL.exe
  2⤵
  PID:3820
- C:\Windows\System\IGWRZIx.exe
  C:\Windows\System\IGWRZIx.exe
  2⤵
  PID:3840
- C:\Windows\System\saKSWKK.exe
  C:\Windows\System\saKSWKK.exe
  2⤵
  PID:3860
- C:\Windows\System\EMOAGLG.exe
  C:\Windows\System\EMOAGLG.exe
  2⤵
  PID:3876
- C:\Windows\System\ASzawyX.exe
  C:\Windows\System\ASzawyX.exe
  2⤵
  PID:3896
- C:\Windows\System\cnCSRXj.exe
  C:\Windows\System\cnCSRXj.exe
  2⤵
  PID:3916
- C:\Windows\System\SWwsMDI.exe
  C:\Windows\System\SWwsMDI.exe
  2⤵
  PID:3948
- C:\Windows\System\scCDRBG.exe
  C:\Windows\System\scCDRBG.exe
  2⤵
  PID:3964
- C:\Windows\System\BhdwdHA.exe
  C:\Windows\System\BhdwdHA.exe
  2⤵
  PID:3984
- C:\Windows\System\SmkEgxo.exe
  C:\Windows\System\SmkEgxo.exe
  2⤵
  PID:4000
- C:\Windows\System\XRrFkYD.exe
  C:\Windows\System\XRrFkYD.exe
  2⤵
  PID:4028
- C:\Windows\System\ULecsNw.exe
  C:\Windows\System\ULecsNw.exe
  2⤵
  PID:4044
- C:\Windows\System\WrWKzoU.exe
  C:\Windows\System\WrWKzoU.exe
  2⤵
  PID:4064
- C:\Windows\System\HfECVWp.exe
  C:\Windows\System\HfECVWp.exe
  2⤵
  PID:4092
- C:\Windows\System\WfnqKdb.exe
  C:\Windows\System\WfnqKdb.exe
  2⤵
  PID:2968
- C:\Windows\System\hEVTiDP.exe
  C:\Windows\System\hEVTiDP.exe
  2⤵
  PID:1524
- C:\Windows\System\MqaUoCI.exe
  C:\Windows\System\MqaUoCI.exe
  2⤵
  PID:1028
- C:\Windows\System\IItAiAl.exe
  C:\Windows\System\IItAiAl.exe
  2⤵
  PID:2288
- C:\Windows\System\mLHAmlr.exe
  C:\Windows\System\mLHAmlr.exe
  2⤵
  PID:3076
- C:\Windows\System\uuUTOHB.exe
  C:\Windows\System\uuUTOHB.exe
  2⤵
  PID:1256
- C:\Windows\System\lasEsLX.exe
  C:\Windows\System\lasEsLX.exe
  2⤵
  PID:3116
- C:\Windows\System\fMFYCpp.exe
  C:\Windows\System\fMFYCpp.exe
  2⤵
  PID:3156
- C:\Windows\System\bLIjDvA.exe
  C:\Windows\System\bLIjDvA.exe
  2⤵
  PID:3224
- C:\Windows\System\OPfVFEI.exe
  C:\Windows\System\OPfVFEI.exe
  2⤵
  PID:2460
- C:\Windows\System\AaWRXwh.exe
  C:\Windows\System\AaWRXwh.exe
  2⤵
  PID:3128
- C:\Windows\System\TqfgTcw.exe
  C:\Windows\System\TqfgTcw.exe
  2⤵
  PID:3268
- C:\Windows\System\pmZTbmu.exe
  C:\Windows\System\pmZTbmu.exe
  2⤵
  PID:2044
- C:\Windows\System\fnMqxdD.exe
  C:\Windows\System\fnMqxdD.exe
  2⤵
  PID:3308
- C:\Windows\System\fxSYtep.exe
  C:\Windows\System\fxSYtep.exe
  2⤵
  PID:3352
- C:\Windows\System\WNiVFtE.exe
  C:\Windows\System\WNiVFtE.exe
  2⤵
  PID:3292
- C:\Windows\System\FtAZACL.exe
  C:\Windows\System\FtAZACL.exe
  2⤵
  PID:3328
- C:\Windows\System\CYAGOvA.exe
  C:\Windows\System\CYAGOvA.exe
  2⤵
  PID:3472
- C:\Windows\System\xyqSdth.exe
  C:\Windows\System\xyqSdth.exe
  2⤵
  PID:3408
- C:\Windows\System\jynJjcK.exe
  C:\Windows\System\jynJjcK.exe
  2⤵
  PID:3404
- C:\Windows\System\BNZKTuR.exe
  C:\Windows\System\BNZKTuR.exe
  2⤵
  PID:3488
- C:\Windows\System\meIfPMN.exe
  C:\Windows\System\meIfPMN.exe
  2⤵
  PID:3548
- C:\Windows\System\nILPNLC.exe
  C:\Windows\System\nILPNLC.exe
  2⤵
  PID:3528
- C:\Windows\System\cFjfiet.exe
  C:\Windows\System\cFjfiet.exe
  2⤵
  PID:3572
- C:\Windows\System\NnULZeb.exe
  C:\Windows\System\NnULZeb.exe
  2⤵
  PID:3612
- C:\Windows\System\gOCulVe.exe
  C:\Windows\System\gOCulVe.exe
  2⤵
  PID:3672
- C:\Windows\System\JaFLBEW.exe
  C:\Windows\System\JaFLBEW.exe
  2⤵
  PID:3656
- C:\Windows\System\GxiacHN.exe
  C:\Windows\System\GxiacHN.exe
  2⤵
  PID:3744
- C:\Windows\System\DwMWmvi.exe
  C:\Windows\System\DwMWmvi.exe
  2⤵
  PID:3796
- C:\Windows\System\hUJVASc.exe
  C:\Windows\System\hUJVASc.exe
  2⤵
  PID:3828
- C:\Windows\System\MHPVkSf.exe
  C:\Windows\System\MHPVkSf.exe
  2⤵
  PID:3872
- C:\Windows\System\DRJtJTX.exe
  C:\Windows\System\DRJtJTX.exe
  2⤵
  PID:3776
- C:\Windows\System\xTntXDD.exe
  C:\Windows\System\xTntXDD.exe
  2⤵
  PID:3892
- C:\Windows\System\BnIKqav.exe
  C:\Windows\System\BnIKqav.exe
  2⤵
  PID:3960
- C:\Windows\System\oZTMfLa.exe
  C:\Windows\System\oZTMfLa.exe
  2⤵
  PID:3944
- C:\Windows\System\kiWlosQ.exe
  C:\Windows\System\kiWlosQ.exe
  2⤵
  PID:4080
- C:\Windows\System\odwThEs.exe
  C:\Windows\System\odwThEs.exe
  2⤵
  PID:4020
- C:\Windows\System\eamUFgA.exe
  C:\Windows\System\eamUFgA.exe
  2⤵
  PID:4084
- C:\Windows\System\wZHgUbK.exe
  C:\Windows\System\wZHgUbK.exe
  2⤵
  PID:2240
- C:\Windows\System\BjAfvzq.exe
  C:\Windows\System\BjAfvzq.exe
  2⤵
  PID:1444
- C:\Windows\System\kbDJVAo.exe
  C:\Windows\System\kbDJVAo.exe
  2⤵
  PID:2572
- C:\Windows\System\mnemYYw.exe
  C:\Windows\System\mnemYYw.exe
  2⤵
  PID:2336
- C:\Windows\System\jIaJCYS.exe
  C:\Windows\System\jIaJCYS.exe
  2⤵
  PID:3136
- C:\Windows\System\JhfsFEE.exe
  C:\Windows\System\JhfsFEE.exe
  2⤵
  PID:3108
- C:\Windows\System\wEQtLTk.exe
  C:\Windows\System\wEQtLTk.exe
  2⤵
  PID:3220
- C:\Windows\System\oxslUJm.exe
  C:\Windows\System\oxslUJm.exe
  2⤵
  PID:3236
- C:\Windows\System\KckxuBl.exe
  C:\Windows\System\KckxuBl.exe
  2⤵
  PID:3432
- C:\Windows\System\ECNnvLK.exe
  C:\Windows\System\ECNnvLK.exe
  2⤵
  PID:3348
- C:\Windows\System\xdWJBMG.exe
  C:\Windows\System\xdWJBMG.exe
  2⤵
  PID:3448
- C:\Windows\System\dXlQmdt.exe
  C:\Windows\System\dXlQmdt.exe
  2⤵
  PID:3564
- C:\Windows\System\HSDNytb.exe
  C:\Windows\System\HSDNytb.exe
  2⤵
  PID:3668
- C:\Windows\System\BYxlmSW.exe
  C:\Windows\System\BYxlmSW.exe
  2⤵
  PID:3588
- C:\Windows\System\bGhGVmb.exe
  C:\Windows\System\bGhGVmb.exe
  2⤵
  PID:3616
- C:\Windows\System\MToWqso.exe
  C:\Windows\System\MToWqso.exe
  2⤵
  PID:3516
- C:\Windows\System\iwSPdzi.exe
  C:\Windows\System\iwSPdzi.exe
  2⤵
  PID:3728
- C:\Windows\System\fyqIFIz.exe
  C:\Windows\System\fyqIFIz.exe
  2⤵
  PID:3772
- C:\Windows\System\uKRVavG.exe
  C:\Windows\System\uKRVavG.exe
  2⤵
  PID:3756
- C:\Windows\System\XJAvmVq.exe
  C:\Windows\System\XJAvmVq.exe
  2⤵
  PID:3852
- C:\Windows\System\oajOjxm.exe
  C:\Windows\System\oajOjxm.exe
  2⤵
  PID:3884
- C:\Windows\System\totNuhV.exe
  C:\Windows\System\totNuhV.exe
  2⤵
  PID:4052
- C:\Windows\System\bgNlfov.exe
  C:\Windows\System\bgNlfov.exe
  2⤵
  PID:3164
- C:\Windows\System\FWNodsY.exe
  C:\Windows\System\FWNodsY.exe
  2⤵
  PID:1808
- C:\Windows\System\ZadRekx.exe
  C:\Windows\System\ZadRekx.exe
  2⤵
  PID:3976
- C:\Windows\System\fjQYBDG.exe
  C:\Windows\System\fjQYBDG.exe
  2⤵
  PID:3232
- C:\Windows\System\hbHRUbJ.exe
  C:\Windows\System\hbHRUbJ.exe
  2⤵
  PID:3212
- C:\Windows\System\zFHPAtT.exe
  C:\Windows\System\zFHPAtT.exe
  2⤵
  PID:2960
- C:\Windows\System\aQEqPPS.exe
  C:\Windows\System\aQEqPPS.exe
  2⤵
  PID:3280
- C:\Windows\System\cFdNheu.exe
  C:\Windows\System\cFdNheu.exe
  2⤵
  PID:3544
- C:\Windows\System\KFGghzW.exe
  C:\Windows\System\KFGghzW.exe
  2⤵
  PID:3204
- C:\Windows\System\nCHvPRK.exe
  C:\Windows\System\nCHvPRK.exe
  2⤵
  PID:3484
- C:\Windows\System\NrzNljs.exe
  C:\Windows\System\NrzNljs.exe
  2⤵
  PID:3608
- C:\Windows\System\Denbsmp.exe
  C:\Windows\System\Denbsmp.exe
  2⤵
  PID:3712
- C:\Windows\System\QDglVMc.exe
  C:\Windows\System\QDglVMc.exe
  2⤵
  PID:3912
- C:\Windows\System\UTZyncb.exe
  C:\Windows\System\UTZyncb.exe
  2⤵
  PID:4072
- C:\Windows\System\pLDsRvx.exe
  C:\Windows\System\pLDsRvx.exe
  2⤵
  PID:628
- C:\Windows\System\pNaPnWB.exe
  C:\Windows\System\pNaPnWB.exe
  2⤵
  PID:3928
- C:\Windows\System\ptpIJca.exe
  C:\Windows\System\ptpIJca.exe
  2⤵
  PID:3996
- C:\Windows\System\KWPclEZ.exe
  C:\Windows\System\KWPclEZ.exe
  2⤵
  PID:1752
- C:\Windows\System\AHjMyqC.exe
  C:\Windows\System\AHjMyqC.exe
  2⤵
  PID:4112
- C:\Windows\System\kJhhpLX.exe
  C:\Windows\System\kJhhpLX.exe
  2⤵
  PID:4136
- C:\Windows\System\JcSVokK.exe
  C:\Windows\System\JcSVokK.exe
  2⤵
  PID:4156
- C:\Windows\System\FnaqlQP.exe
  C:\Windows\System\FnaqlQP.exe
  2⤵
  PID:4176
- C:\Windows\System\RtVDJcB.exe
  C:\Windows\System\RtVDJcB.exe
  2⤵
  PID:4200
- C:\Windows\System\MALkVgV.exe
  C:\Windows\System\MALkVgV.exe
  2⤵
  PID:4220
- C:\Windows\System\MSBGgZU.exe
  C:\Windows\System\MSBGgZU.exe
  2⤵
  PID:4236
- C:\Windows\System\ICCdTaj.exe
  C:\Windows\System\ICCdTaj.exe
  2⤵
  PID:4256
- C:\Windows\System\fhYWkEw.exe
  C:\Windows\System\fhYWkEw.exe
  2⤵
  PID:4276
- C:\Windows\System\ukOINlg.exe
  C:\Windows\System\ukOINlg.exe
  2⤵
  PID:4296
- C:\Windows\System\ZOeVMVX.exe
  C:\Windows\System\ZOeVMVX.exe
  2⤵
  PID:4316
- C:\Windows\System\mEQKSjK.exe
  C:\Windows\System\mEQKSjK.exe
  2⤵
  PID:4336
- C:\Windows\System\kNzeoxL.exe
  C:\Windows\System\kNzeoxL.exe
  2⤵
  PID:4356
- C:\Windows\System\iKKIxYV.exe
  C:\Windows\System\iKKIxYV.exe
  2⤵
  PID:4372
- C:\Windows\System\pOYqorp.exe
  C:\Windows\System\pOYqorp.exe
  2⤵
  PID:4392
- C:\Windows\System\XdRWjwO.exe
  C:\Windows\System\XdRWjwO.exe
  2⤵
  PID:4416
- C:\Windows\System\HHvQMhB.exe
  C:\Windows\System\HHvQMhB.exe
  2⤵
  PID:4440
- C:\Windows\System\gwSQnfy.exe
  C:\Windows\System\gwSQnfy.exe
  2⤵
  PID:4456
- C:\Windows\System\zgCLwrW.exe
  C:\Windows\System\zgCLwrW.exe
  2⤵
  PID:4476
- C:\Windows\System\MbDIPJa.exe
  C:\Windows\System\MbDIPJa.exe
  2⤵
  PID:4492
- C:\Windows\System\sTZZGNT.exe
  C:\Windows\System\sTZZGNT.exe
  2⤵
  PID:4512
- C:\Windows\System\ngqmbIS.exe
  C:\Windows\System\ngqmbIS.exe
  2⤵
  PID:4528
- C:\Windows\System\wdWWgwU.exe
  C:\Windows\System\wdWWgwU.exe
  2⤵
  PID:4552
- C:\Windows\System\iPcMqLS.exe
  C:\Windows\System\iPcMqLS.exe
  2⤵
  PID:4572
- C:\Windows\System\WwUHjHi.exe
  C:\Windows\System\WwUHjHi.exe
  2⤵
  PID:4592
- C:\Windows\System\vBCBCxD.exe
  C:\Windows\System\vBCBCxD.exe
  2⤵
  PID:4612
- C:\Windows\System\lOwIJHG.exe
  C:\Windows\System\lOwIJHG.exe
  2⤵
  PID:4628
- C:\Windows\System\oBFGnzI.exe
  C:\Windows\System\oBFGnzI.exe
  2⤵
  PID:4648
- C:\Windows\System\UTMeJOw.exe
  C:\Windows\System\UTMeJOw.exe
  2⤵
  PID:4668
- C:\Windows\System\RHBoQyw.exe
  C:\Windows\System\RHBoQyw.exe
  2⤵
  PID:4684
- C:\Windows\System\dKqsIVE.exe
  C:\Windows\System\dKqsIVE.exe
  2⤵
  PID:4712
- C:\Windows\System\HCkUWPq.exe
  C:\Windows\System\HCkUWPq.exe
  2⤵
  PID:4744
- C:\Windows\System\Gblxswb.exe
  C:\Windows\System\Gblxswb.exe
  2⤵
  PID:4764
- C:\Windows\System\OEFgAIC.exe
  C:\Windows\System\OEFgAIC.exe
  2⤵
  PID:4784
- C:\Windows\System\QRDUFbO.exe
  C:\Windows\System\QRDUFbO.exe
  2⤵
  PID:4804
- C:\Windows\System\eOJeDKr.exe
  C:\Windows\System\eOJeDKr.exe
  2⤵
  PID:4820
- C:\Windows\System\SlZsmxY.exe
  C:\Windows\System\SlZsmxY.exe
  2⤵
  PID:4840
- C:\Windows\System\VchcARe.exe
  C:\Windows\System\VchcARe.exe
  2⤵
  PID:4864
- C:\Windows\System\KFVCaSP.exe
  C:\Windows\System\KFVCaSP.exe
  2⤵
  PID:4880
- C:\Windows\System\YHhGqvS.exe
  C:\Windows\System\YHhGqvS.exe
  2⤵
  PID:4904
- C:\Windows\System\MMdMqUD.exe
  C:\Windows\System\MMdMqUD.exe
  2⤵
  PID:4920
- C:\Windows\System\gNAEokm.exe
  C:\Windows\System\gNAEokm.exe
  2⤵
  PID:4940
- C:\Windows\System\OawjIZg.exe
  C:\Windows\System\OawjIZg.exe
  2⤵
  PID:4964
- C:\Windows\System\JMeykqz.exe
  C:\Windows\System\JMeykqz.exe
  2⤵
  PID:4984
- C:\Windows\System\dQqOMpJ.exe
  C:\Windows\System\dQqOMpJ.exe
  2⤵
  PID:5000
- C:\Windows\System\KYrZtLM.exe
  C:\Windows\System\KYrZtLM.exe
  2⤵
  PID:5024
- C:\Windows\System\XJmnkVt.exe
  C:\Windows\System\XJmnkVt.exe
  2⤵
  PID:5040
- C:\Windows\System\PhSTZZY.exe
  C:\Windows\System\PhSTZZY.exe
  2⤵
  PID:5064
- C:\Windows\System\isJLXMk.exe
  C:\Windows\System\isJLXMk.exe
  2⤵
  PID:5080
- C:\Windows\System\pQmMQrr.exe
  C:\Windows\System\pQmMQrr.exe
  2⤵
  PID:5100
- C:\Windows\System\pQcmgUw.exe
  C:\Windows\System\pQcmgUw.exe
  2⤵
  PID:3176
- C:\Windows\System\QMtLXQu.exe
  C:\Windows\System\QMtLXQu.exe
  2⤵
  PID:1588
- C:\Windows\System\kiBRNLD.exe
  C:\Windows\System\kiBRNLD.exe
  2⤵
  PID:3272
- C:\Windows\System\bwidEkW.exe
  C:\Windows\System\bwidEkW.exe
  2⤵
  PID:3356
- C:\Windows\System\dtUHBWz.exe
  C:\Windows\System\dtUHBWz.exe
  2⤵
  PID:3932
- C:\Windows\System\SfASoyD.exe
  C:\Windows\System\SfASoyD.exe
  2⤵
  PID:3956
- C:\Windows\System\VCuKfDM.exe
  C:\Windows\System\VCuKfDM.exe
  2⤵
  PID:1720
- C:\Windows\System\sIAnuFq.exe
  C:\Windows\System\sIAnuFq.exe
  2⤵
  PID:3152
- C:\Windows\System\igmJXGs.exe
  C:\Windows\System\igmJXGs.exe
  2⤵
  PID:4132
- C:\Windows\System\VmBSCNs.exe
  C:\Windows\System\VmBSCNs.exe
  2⤵
  PID:4104
- C:\Windows\System\apyWJIi.exe
  C:\Windows\System\apyWJIi.exe
  2⤵
  PID:4184
- C:\Windows\System\qmOBcJd.exe
  C:\Windows\System\qmOBcJd.exe
  2⤵
  PID:4212
- C:\Windows\System\oHYFMOt.exe
  C:\Windows\System\oHYFMOt.exe
  2⤵
  PID:4292
- C:\Windows\System\pVrIBGE.exe
  C:\Windows\System\pVrIBGE.exe
  2⤵
  PID:4268
- C:\Windows\System\dsgIMzM.exe
  C:\Windows\System\dsgIMzM.exe
  2⤵
  PID:4308
- C:\Windows\System\LFGCMbt.exe
  C:\Windows\System\LFGCMbt.exe
  2⤵
  PID:4364
- C:\Windows\System\WAeyLgZ.exe
  C:\Windows\System\WAeyLgZ.exe
  2⤵
  PID:4348
- C:\Windows\System\Axkepnc.exe
  C:\Windows\System\Axkepnc.exe
  2⤵
  PID:4448
- C:\Windows\System\eUPscVG.exe
  C:\Windows\System\eUPscVG.exe
  2⤵
  PID:4432
- C:\Windows\System\squLEZe.exe
  C:\Windows\System\squLEZe.exe
  2⤵
  PID:4488
- C:\Windows\System\ODkSRbo.exe
  C:\Windows\System\ODkSRbo.exe
  2⤵
  PID:4468
- C:\Windows\System\veprmOB.exe
  C:\Windows\System\veprmOB.exe
  2⤵
  PID:4544
- C:\Windows\System\TxNdQGY.exe
  C:\Windows\System\TxNdQGY.exe
  2⤵
  PID:4580
- C:\Windows\System\GQvfMWk.exe
  C:\Windows\System\GQvfMWk.exe
  2⤵
  PID:4636
- C:\Windows\System\qBGMILI.exe
  C:\Windows\System\qBGMILI.exe
  2⤵
  PID:4692
- C:\Windows\System\UxCpcuR.exe
  C:\Windows\System\UxCpcuR.exe
  2⤵
  PID:4656
- C:\Windows\System\RxkLSxk.exe
  C:\Windows\System\RxkLSxk.exe
  2⤵
  PID:4720
- C:\Windows\System\dWmOiuz.exe
  C:\Windows\System\dWmOiuz.exe
  2⤵
  PID:4736
- C:\Windows\System\lKbDnsz.exe
  C:\Windows\System\lKbDnsz.exe
  2⤵
  PID:4752
- C:\Windows\System\JzbeFQE.exe
  C:\Windows\System\JzbeFQE.exe
  2⤵
  PID:4800
- C:\Windows\System\oCbDOXp.exe
  C:\Windows\System\oCbDOXp.exe
  2⤵
  PID:4860
- C:\Windows\System\aDRFESt.exe
  C:\Windows\System\aDRFESt.exe
  2⤵
  PID:4888
- C:\Windows\System\qxDfgpY.exe
  C:\Windows\System\qxDfgpY.exe
  2⤵
  PID:4912
- C:\Windows\System\KdXWhwI.exe
  C:\Windows\System\KdXWhwI.exe
  2⤵
  PID:4916
- C:\Windows\System\OCZzMmp.exe
  C:\Windows\System\OCZzMmp.exe
  2⤵
  PID:4980
- C:\Windows\System\OtLdcSW.exe
  C:\Windows\System\OtLdcSW.exe
  2⤵
  PID:5020
- C:\Windows\System\fbxxhxq.exe
  C:\Windows\System\fbxxhxq.exe
  2⤵
  PID:5032
- C:\Windows\System\ccMFNxb.exe
  C:\Windows\System\ccMFNxb.exe
  2⤵
  PID:5060
- C:\Windows\System\LXdCccp.exe
  C:\Windows\System\LXdCccp.exe
  2⤵
  PID:5076
- C:\Windows\System\XklMTiP.exe
  C:\Windows\System\XklMTiP.exe
  2⤵
  PID:1924
- C:\Windows\System\QRHtApk.exe
  C:\Windows\System\QRHtApk.exe
  2⤵
  PID:3464
- C:\Windows\System\kZQWeWC.exe
  C:\Windows\System\kZQWeWC.exe
  2⤵
  PID:2136
- C:\Windows\System\CMwAbLn.exe
  C:\Windows\System\CMwAbLn.exe
  2⤵
  PID:3908
- C:\Windows\System\ArGknlv.exe
  C:\Windows\System\ArGknlv.exe
  2⤵
  PID:3652
- C:\Windows\System\OXDvZnW.exe
  C:\Windows\System\OXDvZnW.exe
  2⤵
  PID:4164
- C:\Windows\System\nElxDQa.exe
  C:\Windows\System\nElxDQa.exe
  2⤵
  PID:4704
- C:\Windows\System\GKigePm.exe
  C:\Windows\System\GKigePm.exe
  2⤵
  PID:4232
- C:\Windows\System\ODoatQw.exe
  C:\Windows\System\ODoatQw.exe
  2⤵
  PID:4248
- C:\Windows\System\bWPosRB.exe
  C:\Windows\System\bWPosRB.exe
  2⤵
  PID:4264
- C:\Windows\System\CTVkOtX.exe
  C:\Windows\System\CTVkOtX.exe
  2⤵
  PID:4436
- C:\Windows\System\RlmEtgd.exe
  C:\Windows\System\RlmEtgd.exe
  2⤵
  PID:4452
- C:\Windows\System\ZmgGYYE.exe
  C:\Windows\System\ZmgGYYE.exe
  2⤵
  PID:4508
- C:\Windows\System\XHkZovc.exe
  C:\Windows\System\XHkZovc.exe
  2⤵
  PID:4536
- C:\Windows\System\WfXkQMx.exe
  C:\Windows\System\WfXkQMx.exe
  2⤵
  PID:2696
- C:\Windows\System\aHRppOm.exe
  C:\Windows\System\aHRppOm.exe
  2⤵
  PID:4500
- C:\Windows\System\OBwaGyO.exe
  C:\Windows\System\OBwaGyO.exe
  2⤵
  PID:4660
- C:\Windows\System\UIYPgCi.exe
  C:\Windows\System\UIYPgCi.exe
  2⤵
  PID:4584
- C:\Windows\System\LqchqvP.exe
  C:\Windows\System\LqchqvP.exe
  2⤵
  PID:4852
- C:\Windows\System\mCgQDEE.exe
  C:\Windows\System\mCgQDEE.exe
  2⤵
  PID:4776
- C:\Windows\System\jwtNUZG.exe
  C:\Windows\System\jwtNUZG.exe
  2⤵
  PID:4956
- C:\Windows\System\dNXhhSG.exe
  C:\Windows\System\dNXhhSG.exe
  2⤵
  PID:3452
- C:\Windows\System\aOlvtlI.exe
  C:\Windows\System\aOlvtlI.exe
  2⤵
  PID:4948
- C:\Windows\System\bsBKtBh.exe
  C:\Windows\System\bsBKtBh.exe
  2⤵
  PID:4996
- C:\Windows\System\wxOKfZA.exe
  C:\Windows\System\wxOKfZA.exe
  2⤵
  PID:5096
- C:\Windows\System\rCwxQvC.exe
  C:\Windows\System\rCwxQvC.exe
  2⤵
  PID:3936
- C:\Windows\System\AunPowO.exe
  C:\Windows\System\AunPowO.exe
  2⤵
  PID:4152
- C:\Windows\System\UFJPzFx.exe
  C:\Windows\System\UFJPzFx.exe
  2⤵
  PID:5116
- C:\Windows\System\hvyYxAb.exe
  C:\Windows\System\hvyYxAb.exe
  2⤵
  PID:4388
- C:\Windows\System\EIPxSta.exe
  C:\Windows\System\EIPxSta.exe
  2⤵
  PID:4412
- C:\Windows\System\exXyDtV.exe
  C:\Windows\System\exXyDtV.exe
  2⤵
  PID:4128
- C:\Windows\System\MbWiOMu.exe
  C:\Windows\System\MbWiOMu.exe
  2⤵
  PID:4312
- C:\Windows\System\GDaewrv.exe
  C:\Windows\System\GDaewrv.exe
  2⤵
  PID:4708
- C:\Windows\System\RNriLso.exe
  C:\Windows\System\RNriLso.exe
  2⤵
  PID:4564
- C:\Windows\System\ZnQKiab.exe
  C:\Windows\System\ZnQKiab.exe
  2⤵
  PID:4680
- C:\Windows\System\hrjNBcs.exe
  C:\Windows\System\hrjNBcs.exe
  2⤵
  PID:4896
- C:\Windows\System\XqyfOoj.exe
  C:\Windows\System\XqyfOoj.exe
  2⤵
  PID:4756
- C:\Windows\System\ybPtowy.exe
  C:\Windows\System\ybPtowy.exe
  2⤵
  PID:5056
- C:\Windows\System\daSyMaS.exe
  C:\Windows\System\daSyMaS.exe
  2⤵
  PID:5128
- C:\Windows\System\IcBLbsh.exe
  C:\Windows\System\IcBLbsh.exe
  2⤵
  PID:5148
- C:\Windows\System\nHKNbut.exe
  C:\Windows\System\nHKNbut.exe
  2⤵
  PID:5168
- C:\Windows\System\URJGezt.exe
  C:\Windows\System\URJGezt.exe
  2⤵
  PID:5188
- C:\Windows\System\dyuVyxX.exe
  C:\Windows\System\dyuVyxX.exe
  2⤵
  PID:5208
- C:\Windows\System\kdmofNL.exe
  C:\Windows\System\kdmofNL.exe
  2⤵
  PID:5228
- C:\Windows\System\cRSJgrl.exe
  C:\Windows\System\cRSJgrl.exe
  2⤵
  PID:5248
- C:\Windows\System\fhcFvfC.exe
  C:\Windows\System\fhcFvfC.exe
  2⤵
  PID:5268
- C:\Windows\System\EmzgkRk.exe
  C:\Windows\System\EmzgkRk.exe
  2⤵
  PID:5288
- C:\Windows\System\JfTTSAe.exe
  C:\Windows\System\JfTTSAe.exe
  2⤵
  PID:5308
- C:\Windows\System\ukmMCeY.exe
  C:\Windows\System\ukmMCeY.exe
  2⤵
  PID:5328
- C:\Windows\System\IEMBivI.exe
  C:\Windows\System\IEMBivI.exe
  2⤵
  PID:5348
- C:\Windows\System\RMQvXWh.exe
  C:\Windows\System\RMQvXWh.exe
  2⤵
  PID:5368
- C:\Windows\System\LqXFfXJ.exe
  C:\Windows\System\LqXFfXJ.exe
  2⤵
  PID:5388
- C:\Windows\System\gBmAMQE.exe
  C:\Windows\System\gBmAMQE.exe
  2⤵
  PID:5408
- C:\Windows\System\RhXDvuO.exe
  C:\Windows\System\RhXDvuO.exe
  2⤵
  PID:5428
- C:\Windows\System\hdTnCTv.exe
  C:\Windows\System\hdTnCTv.exe
  2⤵
  PID:5448
- C:\Windows\System\AYQNgzI.exe
  C:\Windows\System\AYQNgzI.exe
  2⤵
  PID:5468
- C:\Windows\System\laewoDM.exe
  C:\Windows\System\laewoDM.exe
  2⤵
  PID:5488
- C:\Windows\System\qjORPuH.exe
  C:\Windows\System\qjORPuH.exe
  2⤵
  PID:5508
- C:\Windows\System\AyvwwUg.exe
  C:\Windows\System\AyvwwUg.exe
  2⤵
  PID:5528
- C:\Windows\System\cRgvBZz.exe
  C:\Windows\System\cRgvBZz.exe
  2⤵
  PID:5548
- C:\Windows\System\YlsFZPp.exe
  C:\Windows\System\YlsFZPp.exe
  2⤵
  PID:5568
- C:\Windows\System\dzrDKGG.exe
  C:\Windows\System\dzrDKGG.exe
  2⤵
  PID:5588
- C:\Windows\System\WWGAwmF.exe
  C:\Windows\System\WWGAwmF.exe
  2⤵
  PID:5608
- C:\Windows\System\gMXsSBm.exe
  C:\Windows\System\gMXsSBm.exe
  2⤵
  PID:5628
- C:\Windows\System\LnzxMaE.exe
  C:\Windows\System\LnzxMaE.exe
  2⤵
  PID:5648
- C:\Windows\System\fMRTFem.exe
  C:\Windows\System\fMRTFem.exe
  2⤵
  PID:5668
- C:\Windows\System\Aojmbib.exe
  C:\Windows\System\Aojmbib.exe
  2⤵
  PID:5688
- C:\Windows\System\mAfIoOH.exe
  C:\Windows\System\mAfIoOH.exe
  2⤵
  PID:5708
- C:\Windows\System\iWYEcxU.exe
  C:\Windows\System\iWYEcxU.exe
  2⤵
  PID:5728
- C:\Windows\System\BjBMsCO.exe
  C:\Windows\System\BjBMsCO.exe
  2⤵
  PID:5748
- C:\Windows\System\IetPkcu.exe
  C:\Windows\System\IetPkcu.exe
  2⤵
  PID:5768
- C:\Windows\System\mvjzKeU.exe
  C:\Windows\System\mvjzKeU.exe
  2⤵
  PID:5788
- C:\Windows\System\mLMmdOV.exe
  C:\Windows\System\mLMmdOV.exe
  2⤵
  PID:5808
- C:\Windows\System\fnUbWlF.exe
  C:\Windows\System\fnUbWlF.exe
  2⤵
  PID:5828
- C:\Windows\System\BTJdFYl.exe
  C:\Windows\System\BTJdFYl.exe
  2⤵
  PID:5848
- C:\Windows\System\OStjutm.exe
  C:\Windows\System\OStjutm.exe
  2⤵
  PID:5868
- C:\Windows\System\wHMxwIE.exe
  C:\Windows\System\wHMxwIE.exe
  2⤵
  PID:5888
- C:\Windows\System\YvYBThr.exe
  C:\Windows\System\YvYBThr.exe
  2⤵
  PID:5908
- C:\Windows\System\BYIfClj.exe
  C:\Windows\System\BYIfClj.exe
  2⤵
  PID:5928
- C:\Windows\System\qJodJgP.exe
  C:\Windows\System\qJodJgP.exe
  2⤵
  PID:5948
- C:\Windows\System\VVOBcIe.exe
  C:\Windows\System\VVOBcIe.exe
  2⤵
  PID:5968
- C:\Windows\System\bSbtctp.exe
  C:\Windows\System\bSbtctp.exe
  2⤵
  PID:5988
- C:\Windows\System\nSrAqxJ.exe
  C:\Windows\System\nSrAqxJ.exe
  2⤵
  PID:6008
- C:\Windows\System\lVwHmCI.exe
  C:\Windows\System\lVwHmCI.exe
  2⤵
  PID:6028
- C:\Windows\System\jJnUBgR.exe
  C:\Windows\System\jJnUBgR.exe
  2⤵
  PID:6048
- C:\Windows\System\qDBroYU.exe
  C:\Windows\System\qDBroYU.exe
  2⤵
  PID:6068
- C:\Windows\System\OyGFzjk.exe
  C:\Windows\System\OyGFzjk.exe
  2⤵
  PID:6088
- C:\Windows\System\DOGHMvE.exe
  C:\Windows\System\DOGHMvE.exe
  2⤵
  PID:6112
- C:\Windows\System\sbItguN.exe
  C:\Windows\System\sbItguN.exe
  2⤵
  PID:6132
- C:\Windows\System\WUuCzRd.exe
  C:\Windows\System\WUuCzRd.exe
  2⤵
  PID:2600
- C:\Windows\System\jaZSawB.exe
  C:\Windows\System\jaZSawB.exe
  2⤵
  PID:2740
- C:\Windows\System\FZORDmL.exe
  C:\Windows\System\FZORDmL.exe
  2⤵
  PID:3636
- C:\Windows\System\rUHfbMD.exe
  C:\Windows\System\rUHfbMD.exe
  2⤵
  PID:4604
- C:\Windows\System\BWyzwZH.exe
  C:\Windows\System\BWyzwZH.exe
  2⤵
  PID:4732
- C:\Windows\System\PjBHdvu.exe
  C:\Windows\System\PjBHdvu.exe
  2⤵
  PID:4832
- C:\Windows\System\OwFGzWF.exe
  C:\Windows\System\OwFGzWF.exe
  2⤵
  PID:4812
- C:\Windows\System\SnLVYgk.exe
  C:\Windows\System\SnLVYgk.exe
  2⤵
  PID:4932
- C:\Windows\System\dzddrAp.exe
  C:\Windows\System\dzddrAp.exe
  2⤵
  PID:5072
- C:\Windows\System\kzzdjsF.exe
  C:\Windows\System\kzzdjsF.exe
  2⤵
  PID:5156
- C:\Windows\System\JebFHCR.exe
  C:\Windows\System\JebFHCR.exe
  2⤵
  PID:5204
- C:\Windows\System\LAGkVEb.exe
  C:\Windows\System\LAGkVEb.exe
  2⤵
  PID:5216
- C:\Windows\System\HmLxhTd.exe
  C:\Windows\System\HmLxhTd.exe
  2⤵
  PID:5220
- C:\Windows\System\HWThOCE.exe
  C:\Windows\System\HWThOCE.exe
  2⤵
  PID:5260
- C:\Windows\System\zjvCHmY.exe
  C:\Windows\System\zjvCHmY.exe
  2⤵
  PID:5304
- C:\Windows\System\whfOsXE.exe
  C:\Windows\System\whfOsXE.exe
  2⤵
  PID:5364
- C:\Windows\System\LipfUlV.exe
  C:\Windows\System\LipfUlV.exe
  2⤵
  PID:5376
- C:\Windows\System\OZoYgFt.exe
  C:\Windows\System\OZoYgFt.exe
  2⤵
  PID:5380
- C:\Windows\System\jhktQjc.exe
  C:\Windows\System\jhktQjc.exe
  2⤵
  PID:5444
- C:\Windows\System\aMGkRlG.exe
  C:\Windows\System\aMGkRlG.exe
  2⤵
  PID:5464
- C:\Windows\System\DDIsXLn.exe
  C:\Windows\System\DDIsXLn.exe
  2⤵
  PID:5496
- C:\Windows\System\FEjKeDO.exe
  C:\Windows\System\FEjKeDO.exe
  2⤵
  PID:5504
- C:\Windows\System\rAcdEiK.exe
  C:\Windows\System\rAcdEiK.exe
  2⤵
  PID:5540
- C:\Windows\System\UFHerYU.exe
  C:\Windows\System\UFHerYU.exe
  2⤵
  PID:5596
- C:\Windows\System\wIUbTBs.exe
  C:\Windows\System\wIUbTBs.exe
  2⤵
  PID:5620
- C:\Windows\System\VJfWzSU.exe
  C:\Windows\System\VJfWzSU.exe
  2⤵
  PID:5676
- C:\Windows\System\inMpgAn.exe
  C:\Windows\System\inMpgAn.exe
  2⤵
  PID:5696
- C:\Windows\System\NmOVorC.exe
  C:\Windows\System\NmOVorC.exe
  2⤵
  PID:4464
- C:\Windows\System\Qjybdkk.exe
  C:\Windows\System\Qjybdkk.exe
  2⤵
  PID:5744
- C:\Windows\System\qoyVNFV.exe
  C:\Windows\System\qoyVNFV.exe
  2⤵
  PID:5796
- C:\Windows\System\gEkyTvY.exe
  C:\Windows\System\gEkyTvY.exe
  2⤵
  PID:5800
- C:\Windows\System\aqJQfzL.exe
  C:\Windows\System\aqJQfzL.exe
  2⤵
  PID:5820
- C:\Windows\System\bJzoexB.exe
  C:\Windows\System\bJzoexB.exe
  2⤵
  PID:5924
- C:\Windows\System\gKjtZVu.exe
  C:\Windows\System\gKjtZVu.exe
  2⤵
  PID:5956
- C:\Windows\System\oFIxJLp.exe
  C:\Windows\System\oFIxJLp.exe
  2⤵
  PID:5976
- C:\Windows\System\xPlcfal.exe
  C:\Windows\System\xPlcfal.exe
  2⤵
  PID:6004
- C:\Windows\System\GaqBxYo.exe
  C:\Windows\System\GaqBxYo.exe
  2⤵
  PID:6036
- C:\Windows\System\mMqIGhu.exe
  C:\Windows\System\mMqIGhu.exe
  2⤵
  PID:6040
- C:\Windows\System\rfomFnF.exe
  C:\Windows\System\rfomFnF.exe
  2⤵
  PID:6060
- C:\Windows\System\tvuzMox.exe
  C:\Windows\System\tvuzMox.exe
  2⤵
  PID:1484
- C:\Windows\System\EpMXuhd.exe
  C:\Windows\System\EpMXuhd.exe
  2⤵
  PID:6096
- C:\Windows\System\ClTVsCl.exe
  C:\Windows\System\ClTVsCl.exe
  2⤵
  PID:4188
- C:\Windows\System\GuzlMgW.exe
  C:\Windows\System\GuzlMgW.exe
  2⤵
  PID:4560
- C:\Windows\System\oYXrqdf.exe
  C:\Windows\System\oYXrqdf.exe
  2⤵
  PID:2140
- C:\Windows\System\ENmunJQ.exe
  C:\Windows\System\ENmunJQ.exe
  2⤵
  PID:4740
- C:\Windows\System\muzfMnr.exe
  C:\Windows\System\muzfMnr.exe
  2⤵
  PID:4328
- C:\Windows\System\MXgyjjo.exe
  C:\Windows\System\MXgyjjo.exe
  2⤵
  PID:5136
- C:\Windows\System\cjvYoWC.exe
  C:\Windows\System\cjvYoWC.exe
  2⤵
  PID:5144
- C:\Windows\System\VsgOnoI.exe
  C:\Windows\System\VsgOnoI.exe
  2⤵
  PID:5200
- C:\Windows\System\khVmWMa.exe
  C:\Windows\System\khVmWMa.exe
  2⤵
  PID:5264
- C:\Windows\System\zLZTDtT.exe
  C:\Windows\System\zLZTDtT.exe
  2⤵
  PID:5280
- C:\Windows\System\azMrKRK.exe
  C:\Windows\System\azMrKRK.exe
  2⤵
  PID:5336
- C:\Windows\System\EisjjDR.exe
  C:\Windows\System\EisjjDR.exe
  2⤵
  PID:5384
- C:\Windows\System\BlLMnoK.exe
  C:\Windows\System\BlLMnoK.exe
  2⤵
  PID:5420
- C:\Windows\System\ZFIhufr.exe
  C:\Windows\System\ZFIhufr.exe
  2⤵
  PID:5484
- C:\Windows\System\ZSGWkPm.exe
  C:\Windows\System\ZSGWkPm.exe
  2⤵
  PID:5576
- C:\Windows\System\PUZUrDn.exe
  C:\Windows\System\PUZUrDn.exe
  2⤵
  PID:5584
- C:\Windows\System\HdJKHcw.exe
  C:\Windows\System\HdJKHcw.exe
  2⤵
  PID:5656
- C:\Windows\System\cJKEQaz.exe
  C:\Windows\System\cJKEQaz.exe
  2⤵
  PID:5700
- C:\Windows\System\WCtMTPj.exe
  C:\Windows\System\WCtMTPj.exe
  2⤵
  PID:5756
- C:\Windows\System\jcKdcPR.exe
  C:\Windows\System\jcKdcPR.exe
  2⤵
  PID:2684
- C:\Windows\System\rEGIpch.exe
  C:\Windows\System\rEGIpch.exe
  2⤵
  PID:5836
- C:\Windows\System\iMCRsOK.exe
  C:\Windows\System\iMCRsOK.exe
  2⤵
  PID:532
- C:\Windows\System\dtEOZhe.exe
  C:\Windows\System\dtEOZhe.exe
  2⤵
  PID:2228
- C:\Windows\System\yPqgRpc.exe
  C:\Windows\System\yPqgRpc.exe
  2⤵
  PID:1380
- C:\Windows\System\dVDBFFG.exe
  C:\Windows\System\dVDBFFG.exe
  2⤵
  PID:2172
- C:\Windows\System\DqlBjhR.exe
  C:\Windows\System\DqlBjhR.exe
  2⤵
  PID:372
- C:\Windows\System\UPMaqQA.exe
  C:\Windows\System\UPMaqQA.exe
  2⤵
  PID:840
- C:\Windows\System\OPZhIFS.exe
  C:\Windows\System\OPZhIFS.exe
  2⤵
  PID:2384
- C:\Windows\System\GFAzLsI.exe
  C:\Windows\System\GFAzLsI.exe
  2⤵
  PID:2132
- C:\Windows\System\PbpyYML.exe
  C:\Windows\System\PbpyYML.exe
  2⤵
  PID:5856
- C:\Windows\System\efdLTMJ.exe
  C:\Windows\System\efdLTMJ.exe
  2⤵
  PID:5960
- C:\Windows\System\LmKKprJ.exe
  C:\Windows\System\LmKKprJ.exe
  2⤵
  PID:5996
- C:\Windows\System\fmDAiDo.exe
  C:\Windows\System\fmDAiDo.exe
  2⤵
  PID:6080
- C:\Windows\System\emIkFHK.exe
  C:\Windows\System\emIkFHK.exe
  2⤵
  PID:6056
- C:\Windows\System\ltOxGEt.exe
  C:\Windows\System\ltOxGEt.exe
  2⤵
  PID:6120
- C:\Windows\System\oADILPm.exe
  C:\Windows\System\oADILPm.exe
  2⤵
  PID:4992
- C:\Windows\System\qQCGUPT.exe
  C:\Windows\System\qQCGUPT.exe
  2⤵
  PID:4424
- C:\Windows\System\hQwMpQh.exe
  C:\Windows\System\hQwMpQh.exe
  2⤵
  PID:1632
- C:\Windows\System\qjTUEzD.exe
  C:\Windows\System\qjTUEzD.exe
  2⤵
  PID:5316
- C:\Windows\System\DEcJoFo.exe
  C:\Windows\System\DEcJoFo.exe
  2⤵
  PID:2000
- C:\Windows\System\qLKTDdg.exe
  C:\Windows\System\qLKTDdg.exe
  2⤵
  PID:5524
- C:\Windows\System\DPkwAUx.exe
  C:\Windows\System\DPkwAUx.exe
  2⤵
  PID:5460
- C:\Windows\System\jBCtvUN.exe
  C:\Windows\System\jBCtvUN.exe
  2⤵
  PID:4780
- C:\Windows\System\vPYzDXS.exe
  C:\Windows\System\vPYzDXS.exe
  2⤵
  PID:5244
- C:\Windows\System\otFaSrJ.exe
  C:\Windows\System\otFaSrJ.exe
  2⤵
  PID:5640
- C:\Windows\System\IQOfwuF.exe
  C:\Windows\System\IQOfwuF.exe
  2⤵
  PID:5776
- C:\Windows\System\COmajhI.exe
  C:\Windows\System\COmajhI.exe
  2⤵
  PID:5624
- C:\Windows\System\EJWnjvd.exe
  C:\Windows\System\EJWnjvd.exe
  2⤵
  PID:5824
- C:\Windows\System\wGpAJrx.exe
  C:\Windows\System\wGpAJrx.exe
  2⤵
  PID:2220
- C:\Windows\System\ypGLDoU.exe
  C:\Windows\System\ypGLDoU.exe
  2⤵
  PID:1756
- C:\Windows\System\CqeKkvn.exe
  C:\Windows\System\CqeKkvn.exe
  2⤵
  PID:1488
- C:\Windows\System\ObSSbnU.exe
  C:\Windows\System\ObSSbnU.exe
  2⤵
  PID:2412
- C:\Windows\System\IYWdVxU.exe
  C:\Windows\System\IYWdVxU.exe
  2⤵
  PID:852
- C:\Windows\System\yWkooHa.exe
  C:\Windows\System\yWkooHa.exe
  2⤵
  PID:4876
- C:\Windows\System\wXKFFOb.exe
  C:\Windows\System\wXKFFOb.exe
  2⤵
  PID:6104
- C:\Windows\System\qoWhbfs.exe
  C:\Windows\System\qoWhbfs.exe
  2⤵
  PID:4344
- C:\Windows\System\koUNuSG.exe
  C:\Windows\System\koUNuSG.exe
  2⤵
  PID:3036
- C:\Windows\System\YiCkYkz.exe
  C:\Windows\System\YiCkYkz.exe
  2⤵
  PID:1860
- C:\Windows\System\uYaeDkE.exe
  C:\Windows\System\uYaeDkE.exe
  2⤵
  PID:5904
- C:\Windows\System\qQtitTk.exe
  C:\Windows\System\qQtitTk.exe
  2⤵
  PID:3696
- C:\Windows\System\TnJDsTQ.exe
  C:\Windows\System\TnJDsTQ.exe
  2⤵
  PID:4100
- C:\Windows\System\meurdpu.exe
  C:\Windows\System\meurdpu.exe
  2⤵
  PID:5456
- C:\Windows\System\ggYEONi.exe
  C:\Windows\System\ggYEONi.exe
  2⤵
  PID:2236
- C:\Windows\System\iCWkvXP.exe
  C:\Windows\System\iCWkvXP.exe
  2⤵
  PID:5140
- C:\Windows\System\QlisbvG.exe
  C:\Windows\System\QlisbvG.exe
  2⤵
  PID:5724
- C:\Windows\System\royIXsp.exe
  C:\Windows\System\royIXsp.exe
  2⤵
  PID:5564
- C:\Windows\System\sJJOdak.exe
  C:\Windows\System\sJJOdak.exe
  2⤵
  PID:1796
- C:\Windows\System\iuEvYpk.exe
  C:\Windows\System\iuEvYpk.exe
  2⤵
  PID:5160
- C:\Windows\System\dGztvsT.exe
  C:\Windows\System\dGztvsT.exe
  2⤵
  PID:584
- C:\Windows\System\tpmgpDm.exe
  C:\Windows\System\tpmgpDm.exe
  2⤵
  PID:2092
- C:\Windows\System\zsEjKGv.exe
  C:\Windows\System\zsEjKGv.exe
  2⤵
  PID:6044
- C:\Windows\System\kumYDVc.exe
  C:\Windows\System\kumYDVc.exe
  2⤵
  PID:5276
- C:\Windows\System\xeuDrsY.exe
  C:\Windows\System\xeuDrsY.exe
  2⤵
  PID:6124
- C:\Windows\System\uNsYfvw.exe
  C:\Windows\System\uNsYfvw.exe
  2⤵
  PID:5048
- C:\Windows\System\rKsUVKC.exe
  C:\Windows\System\rKsUVKC.exe
  2⤵
  PID:2632
- C:\Windows\System\nnkCoOZ.exe
  C:\Windows\System\nnkCoOZ.exe
  2⤵
  PID:2180
- C:\Windows\System\mcUjrBh.exe
  C:\Windows\System\mcUjrBh.exe
  2⤵
  PID:5124
- C:\Windows\System\EMHUZzo.exe
  C:\Windows\System\EMHUZzo.exe
  2⤵
  PID:6156
- C:\Windows\System\HswZoOK.exe
  C:\Windows\System\HswZoOK.exe
  2⤵
  PID:6172
- C:\Windows\System\YboZlYC.exe
  C:\Windows\System\YboZlYC.exe
  2⤵
  PID:6188
- C:\Windows\System\xbEMRbu.exe
  C:\Windows\System\xbEMRbu.exe
  2⤵
  PID:6204
- C:\Windows\System\RFGqZpy.exe
  C:\Windows\System\RFGqZpy.exe
  2⤵
  PID:6220
- C:\Windows\System\UdfGXLD.exe
  C:\Windows\System\UdfGXLD.exe
  2⤵
  PID:6236
- C:\Windows\System\qoUGRaQ.exe
  C:\Windows\System\qoUGRaQ.exe
  2⤵
  PID:6252
- C:\Windows\System\GuPVVwh.exe
  C:\Windows\System\GuPVVwh.exe
  2⤵
  PID:6268
- C:\Windows\System\IMiWptp.exe
  C:\Windows\System\IMiWptp.exe
  2⤵
  PID:6284
- C:\Windows\System\LEmZlXU.exe
  C:\Windows\System\LEmZlXU.exe
  2⤵
  PID:6300
- C:\Windows\System\nWFIyle.exe
  C:\Windows\System\nWFIyle.exe
  2⤵
  PID:6316
- C:\Windows\System\yrJLFHt.exe
  C:\Windows\System\yrJLFHt.exe
  2⤵
  PID:6332
- C:\Windows\System\SrHrqEb.exe
  C:\Windows\System\SrHrqEb.exe
  2⤵
  PID:6348
- C:\Windows\System\HdJJuWs.exe
  C:\Windows\System\HdJJuWs.exe
  2⤵
  PID:6364
- C:\Windows\System\SmoSgGT.exe
  C:\Windows\System\SmoSgGT.exe
  2⤵
  PID:6380
- C:\Windows\System\VBhoUPu.exe
  C:\Windows\System\VBhoUPu.exe
  2⤵
  PID:6396
- C:\Windows\System\ksstHbT.exe
  C:\Windows\System\ksstHbT.exe
  2⤵
  PID:6412
- C:\Windows\System\wYWmiCm.exe
  C:\Windows\System\wYWmiCm.exe
  2⤵
  PID:6428
- C:\Windows\System\NRtgPQq.exe
  C:\Windows\System\NRtgPQq.exe
  2⤵
  PID:6444
- C:\Windows\System\EXiLRey.exe
  C:\Windows\System\EXiLRey.exe
  2⤵
  PID:6460
- C:\Windows\System\syYrmfs.exe
  C:\Windows\System\syYrmfs.exe
  2⤵
  PID:6476
- C:\Windows\System\fZmCnJF.exe
  C:\Windows\System\fZmCnJF.exe
  2⤵
  PID:6492
- C:\Windows\System\DAKjWvm.exe
  C:\Windows\System\DAKjWvm.exe
  2⤵
  PID:6508
- C:\Windows\System\VqvkQkh.exe
  C:\Windows\System\VqvkQkh.exe
  2⤵
  PID:6524
- C:\Windows\System\GbZKncE.exe
  C:\Windows\System\GbZKncE.exe
  2⤵
  PID:6540
- C:\Windows\System\qjdYEaX.exe
  C:\Windows\System\qjdYEaX.exe
  2⤵
  PID:6556
- C:\Windows\System\kXtSEwc.exe
  C:\Windows\System\kXtSEwc.exe
  2⤵
  PID:6572
- C:\Windows\System\ZnsKDFO.exe
  C:\Windows\System\ZnsKDFO.exe
  2⤵
  PID:6588
- C:\Windows\System\ltaoswS.exe
  C:\Windows\System\ltaoswS.exe
  2⤵
  PID:6608
- C:\Windows\System\oBWrHfS.exe
  C:\Windows\System\oBWrHfS.exe
  2⤵
  PID:6624
- C:\Windows\System\tqkhRcP.exe
  C:\Windows\System\tqkhRcP.exe
  2⤵
  PID:6640
- C:\Windows\System\bgtPKic.exe
  C:\Windows\System\bgtPKic.exe
  2⤵
  PID:6664
- C:\Windows\System\EiIwlCd.exe
  C:\Windows\System\EiIwlCd.exe
  2⤵
  PID:6680
- C:\Windows\System\qQsjiNA.exe
  C:\Windows\System\qQsjiNA.exe
  2⤵
  PID:6704
- C:\Windows\System\aimtHLW.exe
  C:\Windows\System\aimtHLW.exe
  2⤵
  PID:6724
- C:\Windows\System\WBUVwUk.exe
  C:\Windows\System\WBUVwUk.exe
  2⤵
  PID:6740
- C:\Windows\System\sgIauuC.exe
  C:\Windows\System\sgIauuC.exe
  2⤵
  PID:6772
- C:\Windows\System\JkaPmHa.exe
  C:\Windows\System\JkaPmHa.exe
  2⤵
  PID:6788
- C:\Windows\System\HyyFvjZ.exe
  C:\Windows\System\HyyFvjZ.exe
  2⤵
  PID:6804
- C:\Windows\System\bsVHXkC.exe
  C:\Windows\System\bsVHXkC.exe
  2⤵
  PID:6820
- C:\Windows\System\cspYmJT.exe
  C:\Windows\System\cspYmJT.exe
  2⤵
  PID:6836
- C:\Windows\System\aQhdjrC.exe
  C:\Windows\System\aQhdjrC.exe
  2⤵
  PID:6856
- C:\Windows\System\xMTgcbH.exe
  C:\Windows\System\xMTgcbH.exe
  2⤵
  PID:6872
- C:\Windows\System\vxgqBsg.exe
  C:\Windows\System\vxgqBsg.exe
  2⤵
  PID:6892
- C:\Windows\System\WfHoPUy.exe
  C:\Windows\System\WfHoPUy.exe
  2⤵
  PID:6908
- C:\Windows\System\ZLjBzMp.exe
  C:\Windows\System\ZLjBzMp.exe
  2⤵
  PID:6924
- C:\Windows\System\dpIwiqz.exe
  C:\Windows\System\dpIwiqz.exe
  2⤵
  PID:6940
- C:\Windows\System\NvyqMEK.exe
  C:\Windows\System\NvyqMEK.exe
  2⤵
  PID:6956
- C:\Windows\System\UDUweEx.exe
  C:\Windows\System\UDUweEx.exe
  2⤵
  PID:6972
- C:\Windows\System\sdMloUE.exe
  C:\Windows\System\sdMloUE.exe
  2⤵
  PID:6992
- C:\Windows\System\dXyEWkK.exe
  C:\Windows\System\dXyEWkK.exe
  2⤵
  PID:7008
- C:\Windows\System\lUWCjVk.exe
  C:\Windows\System\lUWCjVk.exe
  2⤵
  PID:7024
- C:\Windows\System\GmGpOvZ.exe
  C:\Windows\System\GmGpOvZ.exe
  2⤵
  PID:7040
- C:\Windows\System\jojQlvA.exe
  C:\Windows\System\jojQlvA.exe
  2⤵
  PID:7056
- C:\Windows\System\niCAeSD.exe
  C:\Windows\System\niCAeSD.exe
  2⤵
  PID:7072
- C:\Windows\System\uKVAITw.exe
  C:\Windows\System\uKVAITw.exe
  2⤵
  PID:7088
- C:\Windows\System\GazKcdO.exe
  C:\Windows\System\GazKcdO.exe
  2⤵
  PID:7104
- C:\Windows\System\reKUHkJ.exe
  C:\Windows\System\reKUHkJ.exe
  2⤵
  PID:7120
- C:\Windows\System\MNBvvec.exe
  C:\Windows\System\MNBvvec.exe
  2⤵
  PID:7136
- C:\Windows\System\aaCTuBt.exe
  C:\Windows\System\aaCTuBt.exe
  2⤵
  PID:7152
- C:\Windows\System\qryjWEx.exe
  C:\Windows\System\qryjWEx.exe
  2⤵
  PID:5900
- C:\Windows\System\PbYBdrA.exe
  C:\Windows\System\PbYBdrA.exe
  2⤵
  PID:6148
- C:\Windows\System\FXYkqSn.exe
  C:\Windows\System\FXYkqSn.exe
  2⤵
  PID:6216
- C:\Windows\System\wirLKlX.exe
  C:\Windows\System\wirLKlX.exe
  2⤵
  PID:6276
- C:\Windows\System\VqHrcjg.exe
  C:\Windows\System\VqHrcjg.exe
  2⤵
  PID:6312
- C:\Windows\System\dKVhvby.exe
  C:\Windows\System\dKVhvby.exe
  2⤵
  PID:6376
- C:\Windows\System\efdzKrA.exe
  C:\Windows\System\efdzKrA.exe
  2⤵
  PID:6440
- C:\Windows\System\TrGtMHT.exe
  C:\Windows\System\TrGtMHT.exe
  2⤵
  PID:5944
- C:\Windows\System\zWkyKLO.exe
  C:\Windows\System\zWkyKLO.exe
  2⤵
  PID:6916
- C:\Windows\System\OLGxDnA.exe
  C:\Windows\System\OLGxDnA.exe
  2⤵
  PID:7020
- C:\Windows\System\RKGXoaJ.exe
  C:\Windows\System\RKGXoaJ.exe
  2⤵
  PID:7112
- C:\Windows\System\aQvrRmy.exe
  C:\Windows\System\aQvrRmy.exe
  2⤵
  PID:2016
- C:\Windows\System\ZyHXvcn.exe
  C:\Windows\System\ZyHXvcn.exe
  2⤵
  PID:6180
- C:\Windows\System\ukLJAgN.exe
  C:\Windows\System\ukLJAgN.exe
  2⤵
  PID:6436
- C:\Windows\System\NyRFKDV.exe
  C:\Windows\System\NyRFKDV.exe
  2⤵
  PID:2820
- C:\Windows\System\rbcJSlO.exe
  C:\Windows\System\rbcJSlO.exe
  2⤵
  PID:5860
- C:\Windows\System\DQvvoIq.exe
  C:\Windows\System\DQvvoIq.exe
  2⤵
  PID:6168
- C:\Windows\System\CyizLIS.exe
  C:\Windows\System\CyizLIS.exe
  2⤵
  PID:6324
- C:\Windows\System\dEjTaUf.exe
  C:\Windows\System\dEjTaUf.exe
  2⤵
  PID:6420
- C:\Windows\System\yFNCkZU.exe
  C:\Windows\System\yFNCkZU.exe
  2⤵
  PID:6488
- C:\Windows\System\vdcUyqO.exe
  C:\Windows\System\vdcUyqO.exe
  2⤵
  PID:4404
- C:\Windows\System\KOBGvjH.exe
  C:\Windows\System\KOBGvjH.exe
  2⤵
  PID:6616
- C:\Windows\System\BleQQkP.exe
  C:\Windows\System\BleQQkP.exe
  2⤵
  PID:6688
- C:\Windows\System\cvqRFil.exe
  C:\Windows\System\cvqRFil.exe
  2⤵
  PID:6564
- C:\Windows\System\jnhJmRt.exe
  C:\Windows\System\jnhJmRt.exe
  2⤵
  PID:6828
- C:\Windows\System\MMzGWvY.exe
  C:\Windows\System\MMzGWvY.exe
  2⤵
  PID:6904
- C:\Windows\System\yjOufEb.exe
  C:\Windows\System\yjOufEb.exe
  2⤵
  PID:6232
- C:\Windows\System\OxqEAus.exe
  C:\Windows\System\OxqEAus.exe
  2⤵
  PID:6852
- C:\Windows\System\CKPgPrt.exe
  C:\Windows\System\CKPgPrt.exe
  2⤵
  PID:7064
- C:\Windows\System\uCxaPPS.exe
  C:\Windows\System\uCxaPPS.exe
  2⤵
  PID:7128
- C:\Windows\System\LKoTDuY.exe
  C:\Windows\System\LKoTDuY.exe
  2⤵
  PID:6844
- C:\Windows\System\bOXIxvJ.exe
  C:\Windows\System\bOXIxvJ.exe
  2⤵
  PID:6888
- C:\Windows\System\zgyqjXg.exe
  C:\Windows\System\zgyqjXg.exe
  2⤵
  PID:7084
- C:\Windows\System\QgCcfXx.exe
  C:\Windows\System\QgCcfXx.exe
  2⤵
  PID:6536
- C:\Windows\System\jfcfYei.exe
  C:\Windows\System\jfcfYei.exe
  2⤵
  PID:5780
- C:\Windows\System\sTLmwsX.exe
  C:\Windows\System\sTLmwsX.exe
  2⤵
  PID:6568
- C:\Windows\System\HHSpbiE.exe
  C:\Windows\System\HHSpbiE.exe
  2⤵
  PID:6196
- C:\Windows\System\vTzKhTt.exe
  C:\Windows\System\vTzKhTt.exe
  2⤵
  PID:6484
- C:\Windows\System\pwFAVpq.exe
  C:\Windows\System\pwFAVpq.exe
  2⤵
  PID:6652
- C:\Windows\System\DyrPnGV.exe
  C:\Windows\System\DyrPnGV.exe
  2⤵
  PID:6712
- C:\Windows\System\OrDTQHT.exe
  C:\Windows\System\OrDTQHT.exe
  2⤵
  PID:6328
- C:\Windows\System\IBTDNIn.exe
  C:\Windows\System\IBTDNIn.exe
  2⤵
  PID:6296
- C:\Windows\System\IXaLQvN.exe
  C:\Windows\System\IXaLQvN.exe
  2⤵
  PID:6748
- C:\Windows\System\LVBCAut.exe
  C:\Windows\System\LVBCAut.exe
  2⤵
  PID:6780
- C:\Windows\System\tgZNhbq.exe
  C:\Windows\System\tgZNhbq.exe
  2⤵
  PID:6720
- C:\Windows\System\GCLCfje.exe
  C:\Windows\System\GCLCfje.exe
  2⤵
  PID:2700
- C:\Windows\System\mkWwgKS.exe
  C:\Windows\System\mkWwgKS.exe
  2⤵
  PID:7016
- C:\Windows\System\lRBOguE.exe
  C:\Windows\System\lRBOguE.exe
  2⤵
  PID:2260
- C:\Windows\System\tJSncqQ.exe
  C:\Windows\System\tJSncqQ.exe
  2⤵
  PID:5880
- C:\Windows\System\TGQThUo.exe
  C:\Windows\System\TGQThUo.exe
  2⤵
  PID:6796
- C:\Windows\System\ksogwCH.exe
  C:\Windows\System\ksogwCH.exe
  2⤵
  PID:7036
- C:\Windows\System\QTckHvQ.exe
  C:\Windows\System\QTckHvQ.exe
  2⤵
  PID:6948
- C:\Windows\System\hqeNoQW.exe
  C:\Windows\System\hqeNoQW.exe
  2⤵
  PID:5356
- C:\Windows\System\WDyRWit.exe
  C:\Windows\System\WDyRWit.exe
  2⤵
  PID:4872
- C:\Windows\System\JNQsErl.exe
  C:\Windows\System\JNQsErl.exe
  2⤵
  PID:6636
- C:\Windows\System\FtaYUvZ.exe
  C:\Windows\System\FtaYUvZ.exe
  2⤵
  PID:6752
- C:\Windows\System\mSBHDJZ.exe
  C:\Windows\System\mSBHDJZ.exe
  2⤵
  PID:6656
- C:\Windows\System\eZKjCdN.exe
  C:\Windows\System\eZKjCdN.exe
  2⤵
  PID:6472
- C:\Windows\System\vwMFpzf.exe
  C:\Windows\System\vwMFpzf.exe
  2⤵
  PID:7100
- C:\Windows\System\fLtQGBF.exe
  C:\Windows\System\fLtQGBF.exe
  2⤵
  PID:6816
- C:\Windows\System\lSZbUzw.exe
  C:\Windows\System\lSZbUzw.exe
  2⤵
  PID:7160
- C:\Windows\System\AgTOLAj.exe
  C:\Windows\System\AgTOLAj.exe
  2⤵
  PID:6372
- C:\Windows\System\VFDbFck.exe
  C:\Windows\System\VFDbFck.exe
  2⤵
  PID:7148
- C:\Windows\System\VUbfubT.exe
  C:\Windows\System\VUbfubT.exe
  2⤵
  PID:5556
- C:\Windows\System\HbtEhgX.exe
  C:\Windows\System\HbtEhgX.exe
  2⤵
  PID:7180
- C:\Windows\System\WnECemp.exe
  C:\Windows\System\WnECemp.exe
  2⤵
  PID:7196
- C:\Windows\System\aaMKiKj.exe
  C:\Windows\System\aaMKiKj.exe
  2⤵
  PID:7212
- C:\Windows\System\gSAdoMT.exe
  C:\Windows\System\gSAdoMT.exe
  2⤵
  PID:7236
- C:\Windows\System\uuTGRMq.exe
  C:\Windows\System\uuTGRMq.exe
  2⤵
  PID:7268
- C:\Windows\System\IdDTQvX.exe
  C:\Windows\System\IdDTQvX.exe
  2⤵
  PID:7284
- C:\Windows\System\KbFvOtv.exe
  C:\Windows\System\KbFvOtv.exe
  2⤵
  PID:7300
- C:\Windows\System\sShuVPB.exe
  C:\Windows\System\sShuVPB.exe
  2⤵
  PID:7320
- C:\Windows\System\WbYIRrW.exe
  C:\Windows\System\WbYIRrW.exe
  2⤵
  PID:7348
- C:\Windows\System\GfcDkZM.exe
  C:\Windows\System\GfcDkZM.exe
  2⤵
  PID:7368
- C:\Windows\System\jnUbXiw.exe
  C:\Windows\System\jnUbXiw.exe
  2⤵
  PID:7384
- C:\Windows\System\mgVkkjz.exe
  C:\Windows\System\mgVkkjz.exe
  2⤵
  PID:7404
- C:\Windows\System\awQrGkv.exe
  C:\Windows\System\awQrGkv.exe
  2⤵
  PID:7420
- C:\Windows\System\aQRfibT.exe
  C:\Windows\System\aQRfibT.exe
  2⤵
  PID:7436
- C:\Windows\System\UfLoNfd.exe
  C:\Windows\System\UfLoNfd.exe
  2⤵
  PID:7452
- C:\Windows\System\GySXMQB.exe
  C:\Windows\System\GySXMQB.exe
  2⤵
  PID:7468
- C:\Windows\System\MaAQFUw.exe
  C:\Windows\System\MaAQFUw.exe
  2⤵
  PID:7484
- C:\Windows\System\cGropqu.exe
  C:\Windows\System\cGropqu.exe
  2⤵
  PID:7500
- C:\Windows\System\DQusRGU.exe
  C:\Windows\System\DQusRGU.exe
  2⤵
  PID:7516
- C:\Windows\System\blXCLxm.exe
  C:\Windows\System\blXCLxm.exe
  2⤵
  PID:7536
- C:\Windows\System\CDUHLmu.exe
  C:\Windows\System\CDUHLmu.exe
  2⤵
  PID:7560
- C:\Windows\System\WAiBESl.exe
  C:\Windows\System\WAiBESl.exe
  2⤵
  PID:7576
- C:\Windows\System\VNddwaM.exe
  C:\Windows\System\VNddwaM.exe
  2⤵
  PID:7592
- C:\Windows\System\YRCzPjz.exe
  C:\Windows\System\YRCzPjz.exe
  2⤵
  PID:7608
- C:\Windows\System\vtdsZKj.exe
  C:\Windows\System\vtdsZKj.exe
  2⤵
  PID:7628
- C:\Windows\System\ktvmFhw.exe
  C:\Windows\System\ktvmFhw.exe
  2⤵
  PID:7652
- C:\Windows\System\vVuwwmP.exe
  C:\Windows\System\vVuwwmP.exe
  2⤵
  PID:7668
- C:\Windows\System\MIriKwH.exe
  C:\Windows\System\MIriKwH.exe
  2⤵
  PID:7724
- C:\Windows\System\hGdJLEQ.exe
  C:\Windows\System\hGdJLEQ.exe
  2⤵
  PID:7740
- C:\Windows\System\MDrBpDC.exe
  C:\Windows\System\MDrBpDC.exe
  2⤵
  PID:7756
- C:\Windows\System\GKZnpec.exe
  C:\Windows\System\GKZnpec.exe
  2⤵
  PID:7776
- C:\Windows\System\UQJFHZn.exe
  C:\Windows\System\UQJFHZn.exe
  2⤵
  PID:7796
- C:\Windows\System\XTFpYMZ.exe
  C:\Windows\System\XTFpYMZ.exe
  2⤵
  PID:7812
- C:\Windows\System\CpGYBUn.exe
  C:\Windows\System\CpGYBUn.exe
  2⤵
  PID:7832
- C:\Windows\System\sjJsgRj.exe
  C:\Windows\System\sjJsgRj.exe
  2⤵
  PID:7848
- C:\Windows\System\uDXDesC.exe
  C:\Windows\System\uDXDesC.exe
  2⤵
  PID:7868
- C:\Windows\System\iLIVKMF.exe
  C:\Windows\System\iLIVKMF.exe
  2⤵
  PID:7888
- C:\Windows\System\JixvOIV.exe
  C:\Windows\System\JixvOIV.exe
  2⤵
  PID:7908
- C:\Windows\System\BLRtzCD.exe
  C:\Windows\System\BLRtzCD.exe
  2⤵
  PID:7928
- C:\Windows\System\wfOkQJR.exe
  C:\Windows\System\wfOkQJR.exe
  2⤵
  PID:7952
- C:\Windows\System\yKcCNnB.exe
  C:\Windows\System\yKcCNnB.exe
  2⤵
  PID:7972
- C:\Windows\System\qVPHdNe.exe
  C:\Windows\System\qVPHdNe.exe
  2⤵
  PID:7992
- C:\Windows\System\rvWGlYo.exe
  C:\Windows\System\rvWGlYo.exe
  2⤵
  PID:8008
- C:\Windows\System\EHozEmE.exe
  C:\Windows\System\EHozEmE.exe
  2⤵
  PID:8036
- C:\Windows\System\xGqdhdP.exe
  C:\Windows\System\xGqdhdP.exe
  2⤵
  PID:8052
- C:\Windows\System\LNioDWZ.exe
  C:\Windows\System\LNioDWZ.exe
  2⤵
  PID:8068
- C:\Windows\System\MpsqnsR.exe
  C:\Windows\System\MpsqnsR.exe
  2⤵
  PID:8088
- C:\Windows\System\aXtNFlS.exe
  C:\Windows\System\aXtNFlS.exe
  2⤵
  PID:8104
- C:\Windows\System\lgCrtKf.exe
  C:\Windows\System\lgCrtKf.exe
  2⤵
  PID:8128
- C:\Windows\System\ByRMQhV.exe
  C:\Windows\System\ByRMQhV.exe
  2⤵
  PID:8144
- C:\Windows\System\lVfFzXC.exe
  C:\Windows\System\lVfFzXC.exe
  2⤵
  PID:8160
- C:\Windows\System\QAdnGpS.exe
  C:\Windows\System\QAdnGpS.exe
  2⤵
  PID:8176
- C:\Windows\System\NkYSrIB.exe
  C:\Windows\System\NkYSrIB.exe
  2⤵
  PID:6632
- C:\Windows\System\oRqOKvq.exe
  C:\Windows\System\oRqOKvq.exe
  2⤵
  PID:7176
- C:\Windows\System\qYgbaxI.exe
  C:\Windows\System\qYgbaxI.exe
  2⤵
  PID:7096
- C:\Windows\System\dVmuCmg.exe
  C:\Windows\System\dVmuCmg.exe
  2⤵
  PID:6964
- C:\Windows\System\PWyrURc.exe
  C:\Windows\System\PWyrURc.exe
  2⤵
  PID:7220
- C:\Windows\System\MGQMMYN.exe
  C:\Windows\System\MGQMMYN.exe
  2⤵
  PID:7248
- C:\Windows\System\KhGVZJO.exe
  C:\Windows\System\KhGVZJO.exe
  2⤵
  PID:7260
- C:\Windows\System\StgrSGW.exe
  C:\Windows\System\StgrSGW.exe
  2⤵
  PID:7332
- C:\Windows\System\kofoBCl.exe
  C:\Windows\System\kofoBCl.exe
  2⤵
  PID:7344
- C:\Windows\System\uzbCbIg.exe
  C:\Windows\System\uzbCbIg.exe
  2⤵
  PID:7444
- C:\Windows\System\nZnuzeg.exe
  C:\Windows\System\nZnuzeg.exe
  2⤵
  PID:7544
- C:\Windows\System\EJfaDpE.exe
  C:\Windows\System\EJfaDpE.exe
  2⤵
  PID:7588
- C:\Windows\System\GOWyqKg.exe
  C:\Windows\System\GOWyqKg.exe
  2⤵
  PID:7660
- C:\Windows\System\MRAjwhU.exe
  C:\Windows\System\MRAjwhU.exe
  2⤵
  PID:7572
- C:\Windows\System\LPFjSnR.exe
  C:\Windows\System\LPFjSnR.exe
  2⤵
  PID:7316
- C:\Windows\System\EqowCWi.exe
  C:\Windows\System\EqowCWi.exe
  2⤵
  PID:7364
- C:\Windows\System\KxvsGtS.exe
  C:\Windows\System\KxvsGtS.exe
  2⤵
  PID:7676
- C:\Windows\System\pxEqqdD.exe
  C:\Windows\System\pxEqqdD.exe
  2⤵
  PID:7636
- C:\Windows\System\OIGFNCC.exe
  C:\Windows\System\OIGFNCC.exe
  2⤵
  PID:6952
- C:\Windows\System\EQwrakt.exe
  C:\Windows\System\EQwrakt.exe
  2⤵
  PID:6552
- C:\Windows\System\GlXvACW.exe
  C:\Windows\System\GlXvACW.exe
  2⤵
  PID:7460
- C:\Windows\System\VKjIzem.exe
  C:\Windows\System\VKjIzem.exe
  2⤵
  PID:7736
- C:\Windows\System\cCqHfDt.exe
  C:\Windows\System\cCqHfDt.exe
  2⤵
  PID:7840
- C:\Windows\System\gXkmiPY.exe
  C:\Windows\System\gXkmiPY.exe
  2⤵
  PID:7884
- C:\Windows\System\pMBLPVp.exe
  C:\Windows\System\pMBLPVp.exe
  2⤵
  PID:7964
- C:\Windows\System\gZyiXJF.exe
  C:\Windows\System\gZyiXJF.exe
  2⤵
  PID:8004
- C:\Windows\System\VYIZcSg.exe
  C:\Windows\System\VYIZcSg.exe
  2⤵
  PID:7820
- C:\Windows\System\hcBInDz.exe
  C:\Windows\System\hcBInDz.exe
  2⤵
  PID:7828
- C:\Windows\System\bFsHxKD.exe
  C:\Windows\System\bFsHxKD.exe
  2⤵
  PID:8064
- C:\Windows\System\ZoBitNA.exe
  C:\Windows\System\ZoBitNA.exe
  2⤵
  PID:7004
- C:\Windows\System\MPCAJtM.exe
  C:\Windows\System\MPCAJtM.exe
  2⤵
  PID:8184
- C:\Windows\System\uCLMdtU.exe
  C:\Windows\System\uCLMdtU.exe
  2⤵
  PID:8120
- C:\Windows\System\bxQdlXE.exe
  C:\Windows\System\bxQdlXE.exe
  2⤵
  PID:7192
- C:\Windows\System\LHZdcEi.exe
  C:\Windows\System\LHZdcEi.exe
  2⤵
  PID:7340
- C:\Windows\System\beOsvzJ.exe
  C:\Windows\System\beOsvzJ.exe
  2⤵
  PID:7376
- C:\Windows\System\LfSNywb.exe
  C:\Windows\System\LfSNywb.exe
  2⤵
  PID:7556
- C:\Windows\System\NDHVUBd.exe
  C:\Windows\System\NDHVUBd.exe
  2⤵
  PID:7312
- C:\Windows\System\IYwmagj.exe
  C:\Windows\System\IYwmagj.exe
  2⤵
  PID:7496
- C:\Windows\System\YFrerEQ.exe
  C:\Windows\System\YFrerEQ.exe
  2⤵
  PID:7692
- C:\Windows\System\rwjdMEW.exe
  C:\Windows\System\rwjdMEW.exe
  2⤵
  PID:7428
- C:\Windows\System\bOjahRS.exe
  C:\Windows\System\bOjahRS.exe
  2⤵
  PID:7052
- C:\Windows\System\XAfmiOe.exe
  C:\Windows\System\XAfmiOe.exe
  2⤵
  PID:7644
- C:\Windows\System\PmYgzUh.exe
  C:\Windows\System\PmYgzUh.exe
  2⤵
  PID:7920
- C:\Windows\System\lwYDbvL.exe
  C:\Windows\System\lwYDbvL.exe
  2⤵
  PID:7748
- C:\Windows\System\AfVnxDL.exe
  C:\Windows\System\AfVnxDL.exe
  2⤵
  PID:7792
- C:\Windows\System\QovRXRn.exe
  C:\Windows\System\QovRXRn.exe
  2⤵
  PID:7900
- C:\Windows\System\AutJhcu.exe
  C:\Windows\System\AutJhcu.exe
  2⤵
  PID:7944
- C:\Windows\System\hbaJTCx.exe
  C:\Windows\System\hbaJTCx.exe
  2⤵
  PID:7984
- C:\Windows\System\HJehKlg.exe
  C:\Windows\System\HJehKlg.exe
  2⤵
  PID:8076
- C:\Windows\System\YutdLUC.exe
  C:\Windows\System\YutdLUC.exe
  2⤵
  PID:7940
- C:\Windows\System\GysgYqg.exe
  C:\Windows\System\GysgYqg.exe
  2⤵
  PID:8136
- C:\Windows\System\PtBIycC.exe
  C:\Windows\System\PtBIycC.exe
  2⤵
  PID:8084
- C:\Windows\System\nzwahNj.exe
  C:\Windows\System\nzwahNj.exe
  2⤵
  PID:6900
- C:\Windows\System\LHcvqXT.exe
  C:\Windows\System\LHcvqXT.exe
  2⤵
  PID:7172
- C:\Windows\System\aiKDUpk.exe
  C:\Windows\System\aiKDUpk.exe
  2⤵
  PID:7508
- C:\Windows\System\bNRSkVj.exe
  C:\Windows\System\bNRSkVj.exe
  2⤵
  PID:7308
- C:\Windows\System\AAPZqge.exe
  C:\Windows\System\AAPZqge.exe
  2⤵
  PID:7808
- C:\Windows\System\dEYlyfB.exe
  C:\Windows\System\dEYlyfB.exe
  2⤵
  PID:7708
- C:\Windows\System\rTcitpg.exe
  C:\Windows\System\rTcitpg.exe
  2⤵
  PID:7400
- C:\Windows\System\WsSIvVP.exe
  C:\Windows\System\WsSIvVP.exe
  2⤵
  PID:7720
- C:\Windows\System\ODBIJep.exe
  C:\Windows\System\ODBIJep.exe
  2⤵
  PID:8080
- C:\Windows\System\qKXlIqc.exe
  C:\Windows\System\qKXlIqc.exe
  2⤵
  PID:8060
- C:\Windows\System\uWSBMMy.exe
  C:\Windows\System\uWSBMMy.exe
  2⤵
  PID:8152
- C:\Windows\System\txMjAxw.exe
  C:\Windows\System\txMjAxw.exe
  2⤵
  PID:7256
- C:\Windows\System\YFSuwVP.exe
  C:\Windows\System\YFSuwVP.exe
  2⤵
  PID:7768
- C:\Windows\System\Lcghlmw.exe
  C:\Windows\System\Lcghlmw.exe
  2⤵
  PID:7432
- C:\Windows\System\gAyKLif.exe
  C:\Windows\System\gAyKLif.exe
  2⤵
  PID:8024
- C:\Windows\System\vviUeRh.exe
  C:\Windows\System\vviUeRh.exe
  2⤵
  PID:7292
- C:\Windows\System\dGRJYcU.exe
  C:\Windows\System\dGRJYcU.exe
  2⤵
  PID:5884
- C:\Windows\System\tdvOsDj.exe
  C:\Windows\System\tdvOsDj.exe
  2⤵
  PID:7824
- C:\Windows\System\FkMsHwD.exe
  C:\Windows\System\FkMsHwD.exe
  2⤵
  PID:8100
- C:\Windows\System\BrEXBGL.exe
  C:\Windows\System\BrEXBGL.exe
  2⤵
  PID:7624
- C:\Windows\System\yRddfRj.exe
  C:\Windows\System\yRddfRj.exe
  2⤵
  PID:8112
- C:\Windows\System\ayoMdya.exe
  C:\Windows\System\ayoMdya.exe
  2⤵
  PID:7876
- C:\Windows\System\WWOuYSh.exe
  C:\Windows\System\WWOuYSh.exe
  2⤵
  PID:8016
- C:\Windows\System\yhYSeMT.exe
  C:\Windows\System\yhYSeMT.exe
  2⤵
  PID:8208
- C:\Windows\System\xnWCnjS.exe
  C:\Windows\System\xnWCnjS.exe
  2⤵
  PID:8224
- C:\Windows\System\umtnPQw.exe
  C:\Windows\System\umtnPQw.exe
  2⤵
  PID:8240
- C:\Windows\System\iHdcMgB.exe
  C:\Windows\System\iHdcMgB.exe
  2⤵
  PID:8256
- C:\Windows\System\aDdhemd.exe
  C:\Windows\System\aDdhemd.exe
  2⤵
  PID:8276
- C:\Windows\System\FSzyBcc.exe
  C:\Windows\System\FSzyBcc.exe
  2⤵
  PID:8292
- C:\Windows\System\fBnPKCI.exe
  C:\Windows\System\fBnPKCI.exe
  2⤵
  PID:8308
- C:\Windows\System\gGiUUtF.exe
  C:\Windows\System\gGiUUtF.exe
  2⤵
  PID:8324
- C:\Windows\System\bYrLZuo.exe
  C:\Windows\System\bYrLZuo.exe
  2⤵
  PID:8340
- C:\Windows\System\rAjYpcu.exe
  C:\Windows\System\rAjYpcu.exe
  2⤵
  PID:8356
- C:\Windows\System\QYWSPRX.exe
  C:\Windows\System\QYWSPRX.exe
  2⤵
  PID:8372
- C:\Windows\System\IMtrZpw.exe
  C:\Windows\System\IMtrZpw.exe
  2⤵
  PID:8388
- C:\Windows\System\vsqxDtF.exe
  C:\Windows\System\vsqxDtF.exe
  2⤵
  PID:8404
- C:\Windows\System\oWijBjx.exe
  C:\Windows\System\oWijBjx.exe
  2⤵
  PID:8420
- C:\Windows\System\DTJfHpb.exe
  C:\Windows\System\DTJfHpb.exe
  2⤵
  PID:8436
- C:\Windows\System\qqfLmgf.exe
  C:\Windows\System\qqfLmgf.exe
  2⤵
  PID:8456
- C:\Windows\System\KIopcTq.exe
  C:\Windows\System\KIopcTq.exe
  2⤵
  PID:8472
- C:\Windows\System\aFGTcya.exe
  C:\Windows\System\aFGTcya.exe
  2⤵
  PID:8488
- C:\Windows\System\yEiPKpU.exe
  C:\Windows\System\yEiPKpU.exe
  2⤵
  PID:8504
- C:\Windows\System\kldcJVO.exe
  C:\Windows\System\kldcJVO.exe
  2⤵
  PID:8520
- C:\Windows\System\ScZQCSH.exe
  C:\Windows\System\ScZQCSH.exe
  2⤵
  PID:8536
- C:\Windows\System\ANNDcYF.exe
  C:\Windows\System\ANNDcYF.exe
  2⤵
  PID:8552
- C:\Windows\System\BafmjFE.exe
  C:\Windows\System\BafmjFE.exe
  2⤵
  PID:8568
- C:\Windows\System\CwdJpTK.exe
  C:\Windows\System\CwdJpTK.exe
  2⤵
  PID:8584
- C:\Windows\System\pCGKWyN.exe
  C:\Windows\System\pCGKWyN.exe
  2⤵
  PID:8600
- C:\Windows\System\LCvnpAn.exe
  C:\Windows\System\LCvnpAn.exe
  2⤵
  PID:8616
- C:\Windows\System\mqlRUEY.exe
  C:\Windows\System\mqlRUEY.exe
  2⤵
  PID:8636
- C:\Windows\System\sbfIHTc.exe
  C:\Windows\System\sbfIHTc.exe
  2⤵
  PID:8652
- C:\Windows\System\wZMqdHF.exe
  C:\Windows\System\wZMqdHF.exe
  2⤵
  PID:8668
- C:\Windows\System\pgdKUCF.exe
  C:\Windows\System\pgdKUCF.exe
  2⤵
  PID:8684
- C:\Windows\System\fqBAWHy.exe
  C:\Windows\System\fqBAWHy.exe
  2⤵
  PID:8700
- C:\Windows\System\tTlrHyJ.exe
  C:\Windows\System\tTlrHyJ.exe
  2⤵
  PID:8716
- C:\Windows\System\oHTXkSh.exe
  C:\Windows\System\oHTXkSh.exe
  2⤵
  PID:8732
- C:\Windows\System\KgEJqZV.exe
  C:\Windows\System\KgEJqZV.exe
  2⤵
  PID:8748
- C:\Windows\System\ZHLsbXk.exe
  C:\Windows\System\ZHLsbXk.exe
  2⤵
  PID:8764
- C:\Windows\System\PvWGfAf.exe
  C:\Windows\System\PvWGfAf.exe
  2⤵
  PID:8780
- C:\Windows\System\NoaNPkJ.exe
  C:\Windows\System\NoaNPkJ.exe
  2⤵
  PID:8800
- C:\Windows\System\oGohLMh.exe
  C:\Windows\System\oGohLMh.exe
  2⤵
  PID:8816
- C:\Windows\System\NzmVLua.exe
  C:\Windows\System\NzmVLua.exe
  2⤵
  PID:8836
- C:\Windows\System\EGdYEBl.exe
  C:\Windows\System\EGdYEBl.exe
  2⤵
  PID:8852
- C:\Windows\System\qDwsCIK.exe
  C:\Windows\System\qDwsCIK.exe
  2⤵
  PID:8900
- C:\Windows\System\kUBvwSZ.exe
  C:\Windows\System\kUBvwSZ.exe
  2⤵
  PID:8980
- C:\Windows\System\IcBaEKq.exe
  C:\Windows\System\IcBaEKq.exe
  2⤵
  PID:9000
- C:\Windows\System\zImBpfC.exe
  C:\Windows\System\zImBpfC.exe
  2⤵
  PID:9020
- C:\Windows\System\SsIujKm.exe
  C:\Windows\System\SsIujKm.exe
  2⤵
  PID:9044
- C:\Windows\System\uToMYkz.exe
  C:\Windows\System\uToMYkz.exe
  2⤵
  PID:9060
- C:\Windows\System\EIQDcrx.exe
  C:\Windows\System\EIQDcrx.exe
  2⤵
  PID:9104
- C:\Windows\System\TBFDeMA.exe
  C:\Windows\System\TBFDeMA.exe
  2⤵
  PID:9128
- C:\Windows\System\tAvTWxF.exe
  C:\Windows\System\tAvTWxF.exe
  2⤵
  PID:9144
- C:\Windows\System\gbbnnTI.exe
  C:\Windows\System\gbbnnTI.exe
  2⤵
  PID:9160
- C:\Windows\System\aIYOlpR.exe
  C:\Windows\System\aIYOlpR.exe
  2⤵
  PID:9176
- C:\Windows\System\ahmdBql.exe
  C:\Windows\System\ahmdBql.exe
  2⤵
  PID:9200
- C:\Windows\System\IrlRIof.exe
  C:\Windows\System\IrlRIof.exe
  2⤵
  PID:7336
- C:\Windows\System\DowJWDm.exe
  C:\Windows\System\DowJWDm.exe
  2⤵
  PID:8204
- C:\Windows\System\IoJZoku.exe
  C:\Windows\System\IoJZoku.exe
  2⤵
  PID:7784
- C:\Windows\System\UcywmlG.exe
  C:\Windows\System\UcywmlG.exe
  2⤵
  PID:8268
- C:\Windows\System\YcyZaFU.exe
  C:\Windows\System\YcyZaFU.exe
  2⤵
  PID:8140
- C:\Windows\System\sDGsbNg.exe
  C:\Windows\System\sDGsbNg.exe
  2⤵
  PID:8248
- C:\Windows\System\peajITS.exe
  C:\Windows\System\peajITS.exe
  2⤵
  PID:8332
- C:\Windows\System\GCrUBLx.exe
  C:\Windows\System\GCrUBLx.exe
  2⤵
  PID:8452
- C:\Windows\System\GeTxoMU.exe
  C:\Windows\System\GeTxoMU.exe
  2⤵
  PID:8592
- C:\Windows\System\DwPhbJc.exe
  C:\Windows\System\DwPhbJc.exe
  2⤵
  PID:8580
- C:\Windows\System\iOjTnCA.exe
  C:\Windows\System\iOjTnCA.exe
  2⤵
  PID:8728
- C:\Windows\System\mTWfQpN.exe
  C:\Windows\System\mTWfQpN.exe
  2⤵
  PID:8756
- C:\Windows\System\fnVoRvs.exe
  C:\Windows\System\fnVoRvs.exe
  2⤵
  PID:8772
- C:\Windows\System\ucTkubc.exe
  C:\Windows\System\ucTkubc.exe
  2⤵
  PID:8708
- C:\Windows\System\femaExL.exe
  C:\Windows\System\femaExL.exe
  2⤵
  PID:8832
- C:\Windows\System\NGigHWo.exe
  C:\Windows\System\NGigHWo.exe
  2⤵
  PID:8848
- C:\Windows\System\kMhcKYM.exe
  C:\Windows\System\kMhcKYM.exe
  2⤵
  PID:8884
- C:\Windows\System\XKUjJCU.exe
  C:\Windows\System\XKUjJCU.exe
  2⤵
  PID:8908
- C:\Windows\System\SqIiJZx.exe
  C:\Windows\System\SqIiJZx.exe
  2⤵
  PID:8944
- C:\Windows\System\roUBdiJ.exe
  C:\Windows\System\roUBdiJ.exe
  2⤵
  PID:8964
- C:\Windows\System\VjaTJoM.exe
  C:\Windows\System\VjaTJoM.exe
  2⤵
  PID:9008
- C:\Windows\System\uPmHiIy.exe
  C:\Windows\System\uPmHiIy.exe
  2⤵
  PID:9040
- C:\Windows\System\uUZzbgx.exe
  C:\Windows\System\uUZzbgx.exe
  2⤵
  PID:9084
- C:\Windows\System\IhDSUwS.exe
  C:\Windows\System\IhDSUwS.exe
  2⤵
  PID:9056
- C:\Windows\System\DFjevtK.exe
  C:\Windows\System\DFjevtK.exe
  2⤵
  PID:9116
- C:\Windows\System\CPvujBX.exe
  C:\Windows\System\CPvujBX.exe
  2⤵
  PID:9156
- C:\Windows\System\ORGKPUh.exe
  C:\Windows\System\ORGKPUh.exe
  2⤵
  PID:9208
- C:\Windows\System\hRszGED.exe
  C:\Windows\System\hRszGED.exe
  2⤵
  PID:8200
- C:\Windows\System\HHrqeQw.exe
  C:\Windows\System\HHrqeQw.exe
  2⤵
  PID:8236
- C:\Windows\System\rxmVfFw.exe
  C:\Windows\System\rxmVfFw.exe
  2⤵
  PID:6984
- C:\Windows\System\lcQPnNr.exe
  C:\Windows\System\lcQPnNr.exe
  2⤵
  PID:8368
- C:\Windows\System\nVlLwFm.exe
  C:\Windows\System\nVlLwFm.exe
  2⤵
  PID:8316
- C:\Windows\System\bzhZXDp.exe
  C:\Windows\System\bzhZXDp.exe
  2⤵
  PID:8464
- C:\Windows\System\gYFkMWg.exe
  C:\Windows\System\gYFkMWg.exe
  2⤵
  PID:8500
- C:\Windows\System\UOuthMO.exe
  C:\Windows\System\UOuthMO.exe
  2⤵
  PID:8384
- C:\Windows\System\ieyjeOD.exe
  C:\Windows\System\ieyjeOD.exe
  2⤵
  PID:8444
- C:\Windows\System\WxubfQZ.exe
  C:\Windows\System\WxubfQZ.exe
  2⤵
  PID:8528
- C:\Windows\System\DhhLikN.exe
  C:\Windows\System\DhhLikN.exe
  2⤵
  PID:8664
- C:\Windows\System\MbGUTwT.exe
  C:\Windows\System\MbGUTwT.exe
  2⤵
  PID:8548
- C:\Windows\System\LhvFATa.exe
  C:\Windows\System\LhvFATa.exe
  2⤵
  PID:8692
- C:\Windows\System\BKEgZIM.exe
  C:\Windows\System\BKEgZIM.exe
  2⤵
  PID:8776
- C:\Windows\System\dRHSMFD.exe
  C:\Windows\System\dRHSMFD.exe
  2⤵
  PID:8680
- C:\Windows\System\wYOUxjm.exe
  C:\Windows\System\wYOUxjm.exe
  2⤵
  PID:8896
- C:\Windows\System\YFgbvSq.exe
  C:\Windows\System\YFgbvSq.exe
  2⤵
  PID:8960
- C:\Windows\System\DgyMuix.exe
  C:\Windows\System\DgyMuix.exe
  2⤵
  PID:8996
- C:\Windows\System\ppIuNmP.exe
  C:\Windows\System\ppIuNmP.exe
  2⤵
  PID:9032
- C:\Windows\System\awcAwRc.exe
  C:\Windows\System\awcAwRc.exe
  2⤵
  PID:9096
- C:\Windows\System\xfCPzAP.exe
  C:\Windows\System\xfCPzAP.exe
  2⤵
  PID:9112
- C:\Windows\System\fONiOgA.exe
  C:\Windows\System\fONiOgA.exe
  2⤵
  PID:9172
- C:\Windows\System\XpOtmrQ.exe
  C:\Windows\System\XpOtmrQ.exe
  2⤵
  PID:8028
- C:\Windows\System\OYKbJHz.exe
  C:\Windows\System\OYKbJHz.exe
  2⤵
  PID:8124
- C:\Windows\System\fjfGDSP.exe
  C:\Windows\System\fjfGDSP.exe
  2⤵
  PID:8480
- C:\Windows\System\YnHgehb.exe
  C:\Windows\System\YnHgehb.exe
  2⤵
  PID:8660
- C:\Windows\System\bdlDDRj.exe
  C:\Windows\System\bdlDDRj.exe
  2⤵
  PID:8516
- C:\Windows\System\XnmAQCE.exe
  C:\Windows\System\XnmAQCE.exe
  2⤵
  PID:8380
- C:\Windows\System\kUfOSuz.exe
  C:\Windows\System\kUfOSuz.exe
  2⤵
  PID:8432
- C:\Windows\System\HPRgsux.exe
  C:\Windows\System\HPRgsux.exe
  2⤵
  PID:8936
- C:\Windows\System\TyRbTBq.exe
  C:\Windows\System\TyRbTBq.exe
  2⤵
  PID:8872
- C:\Windows\System\RRGWRip.exe
  C:\Windows\System\RRGWRip.exe
  2⤵
  PID:8812
- C:\Windows\System\AAxNWlX.exe
  C:\Windows\System\AAxNWlX.exe
  2⤵
  PID:8988
- C:\Windows\System\cCUuiua.exe
  C:\Windows\System\cCUuiua.exe
  2⤵
  PID:9212
- C:\Windows\System\vXysVEj.exe
  C:\Windows\System\vXysVEj.exe
  2⤵
  PID:9136
- C:\Windows\System\cwmzPjF.exe
  C:\Windows\System\cwmzPjF.exe
  2⤵
  PID:8416
- C:\Windows\System\VaKEUpS.exe
  C:\Windows\System\VaKEUpS.exe
  2⤵
  PID:8300
- C:\Windows\System\vmwZAGZ.exe
  C:\Windows\System\vmwZAGZ.exe
  2⤵
  PID:8304
- C:\Windows\System\EfDsgpo.exe
  C:\Windows\System\EfDsgpo.exe
  2⤵
  PID:8564
- C:\Windows\System\isvvVwo.exe
  C:\Windows\System\isvvVwo.exe
  2⤵
  PID:8628
- C:\Windows\System\QshzxGt.exe
  C:\Windows\System\QshzxGt.exe
  2⤵
  PID:8940
- C:\Windows\System\pkmtAiN.exe
  C:\Windows\System\pkmtAiN.exe
  2⤵
  PID:8828
- C:\Windows\System\YZVphFp.exe
  C:\Windows\System\YZVphFp.exe
  2⤵
  PID:8796
- C:\Windows\System\kqdTSLY.exe
  C:\Windows\System\kqdTSLY.exe
  2⤵
  PID:9184
- C:\Windows\System\bPBPNnW.exe
  C:\Windows\System\bPBPNnW.exe
  2⤵
  PID:9192
- C:\Windows\System\EeXAtVV.exe
  C:\Windows\System\EeXAtVV.exe
  2⤵
  PID:7684
- C:\Windows\System\XutdwNS.exe
  C:\Windows\System\XutdwNS.exe
  2⤵
  PID:8532
- C:\Windows\System\QLBccFa.exe
  C:\Windows\System\QLBccFa.exe
  2⤵
  PID:9220
- C:\Windows\System\gRIyLWW.exe
  C:\Windows\System\gRIyLWW.exe
  2⤵
  PID:9240
- C:\Windows\System\soWzZPo.exe
  C:\Windows\System\soWzZPo.exe
  2⤵
  PID:9256
- C:\Windows\System\btnLtZu.exe
  C:\Windows\System\btnLtZu.exe
  2⤵
  PID:9276
- C:\Windows\System\qcqilxg.exe
  C:\Windows\System\qcqilxg.exe
  2⤵
  PID:9292
- C:\Windows\System\bbrBHhI.exe
  C:\Windows\System\bbrBHhI.exe
  2⤵
  PID:9312
- C:\Windows\System\UyXAsmw.exe
  C:\Windows\System\UyXAsmw.exe
  2⤵
  PID:9328
- C:\Windows\System\VFktKqe.exe
  C:\Windows\System\VFktKqe.exe
  2⤵
  PID:9344
- C:\Windows\System\qULDTsK.exe
  C:\Windows\System\qULDTsK.exe
  2⤵
  PID:9364
- C:\Windows\System\HfwsaTA.exe
  C:\Windows\System\HfwsaTA.exe
  2⤵
  PID:9380
- C:\Windows\System\CQqXCbr.exe
  C:\Windows\System\CQqXCbr.exe
  2⤵
  PID:9396
- C:\Windows\System\djinmbO.exe
  C:\Windows\System\djinmbO.exe
  2⤵
  PID:9412
- C:\Windows\System\vzUjRbi.exe
  C:\Windows\System\vzUjRbi.exe
  2⤵
  PID:9432
- C:\Windows\System\aciFzKZ.exe
  C:\Windows\System\aciFzKZ.exe
  2⤵
  PID:9448
- C:\Windows\System\VzFdfNz.exe
  C:\Windows\System\VzFdfNz.exe
  2⤵
  PID:9464
- C:\Windows\System\jzAdfcr.exe
  C:\Windows\System\jzAdfcr.exe
  2⤵
  PID:9480
- C:\Windows\System\nUhSVWz.exe
  C:\Windows\System\nUhSVWz.exe
  2⤵
  PID:9496
- C:\Windows\System\ZEzZKTe.exe
  C:\Windows\System\ZEzZKTe.exe
  2⤵
  PID:9512
- C:\Windows\System\HJyeIlk.exe
  C:\Windows\System\HJyeIlk.exe
  2⤵
  PID:9536
- C:\Windows\System\xGVRYXr.exe
  C:\Windows\System\xGVRYXr.exe
  2⤵
  PID:9552
- C:\Windows\System\YNKUqKf.exe
  C:\Windows\System\YNKUqKf.exe
  2⤵
  PID:9568
- C:\Windows\System\iolufuc.exe
  C:\Windows\System\iolufuc.exe
  2⤵
  PID:9588
- C:\Windows\System\dWHTuSY.exe
  C:\Windows\System\dWHTuSY.exe
  2⤵
  PID:9604
- C:\Windows\System\zFpROps.exe
  C:\Windows\System\zFpROps.exe
  2⤵
  PID:9628
- C:\Windows\System\kzMauOo.exe
  C:\Windows\System\kzMauOo.exe
  2⤵
  PID:9644
- C:\Windows\System\zhyTPLQ.exe
  C:\Windows\System\zhyTPLQ.exe
  2⤵
  PID:9668
- C:\Windows\System\yGCTJzz.exe
  C:\Windows\System\yGCTJzz.exe
  2⤵
  PID:9684
- C:\Windows\System\QulZBUr.exe
  C:\Windows\System\QulZBUr.exe
  2⤵
  PID:9700
- C:\Windows\System\EDfizxY.exe
  C:\Windows\System\EDfizxY.exe
  2⤵
  PID:9732
- C:\Windows\System\VtoGKre.exe
  C:\Windows\System\VtoGKre.exe
  2⤵
  PID:9804
- C:\Windows\System\MESoQkD.exe
  C:\Windows\System\MESoQkD.exe
  2⤵
  PID:9820
- C:\Windows\System\pAZalzL.exe
  C:\Windows\System\pAZalzL.exe
  2⤵
  PID:9840
- C:\Windows\System\GnIyrFy.exe
  C:\Windows\System\GnIyrFy.exe
  2⤵
  PID:9856
- C:\Windows\System\AzyVdsC.exe
  C:\Windows\System\AzyVdsC.exe
  2⤵
  PID:9872
- C:\Windows\System\VZRglmv.exe
  C:\Windows\System\VZRglmv.exe
  2⤵
  PID:9888
- C:\Windows\System\lDbAryt.exe
  C:\Windows\System\lDbAryt.exe
  2⤵
  PID:9904
- C:\Windows\System\hbJTCJa.exe
  C:\Windows\System\hbJTCJa.exe
  2⤵
  PID:9928
- C:\Windows\System\KKHDfJc.exe
  C:\Windows\System\KKHDfJc.exe
  2⤵
  PID:9944
- C:\Windows\System\ZgOZBqQ.exe
  C:\Windows\System\ZgOZBqQ.exe
  2⤵
  PID:9960
- C:\Windows\System\abxMFLS.exe
  C:\Windows\System\abxMFLS.exe
  2⤵
  PID:9976
- C:\Windows\System\pGBirzs.exe
  C:\Windows\System\pGBirzs.exe
  2⤵
  PID:9992
- C:\Windows\System\QccFOWY.exe
  C:\Windows\System\QccFOWY.exe
  2⤵
  PID:10008
- C:\Windows\System\lOKbviT.exe
  C:\Windows\System\lOKbviT.exe
  2⤵
  PID:10024
- C:\Windows\System\YsTkIzl.exe
  C:\Windows\System\YsTkIzl.exe
  2⤵
  PID:10040
- C:\Windows\System\RhTfQOX.exe
  C:\Windows\System\RhTfQOX.exe
  2⤵
  PID:10056
- C:\Windows\System\UiHPAZd.exe
  C:\Windows\System\UiHPAZd.exe
  2⤵
  PID:10072
- C:\Windows\System\FfJEpdF.exe
  C:\Windows\System\FfJEpdF.exe
  2⤵
  PID:10088
- C:\Windows\System\YbbaUCL.exe
  C:\Windows\System\YbbaUCL.exe
  2⤵
  PID:10104
- C:\Windows\System\yuafJvO.exe
  C:\Windows\System\yuafJvO.exe
  2⤵
  PID:10124
- C:\Windows\System\SoXuOab.exe
  C:\Windows\System\SoXuOab.exe
  2⤵
  PID:10140
- C:\Windows\System\hLhAsIl.exe
  C:\Windows\System\hLhAsIl.exe
  2⤵
  PID:10156
- C:\Windows\System\gEPnHnG.exe
  C:\Windows\System\gEPnHnG.exe
  2⤵
  PID:10172
- C:\Windows\System\TnsjTDC.exe
  C:\Windows\System\TnsjTDC.exe
  2⤵
  PID:10188
- C:\Windows\System\zaKnIEF.exe
  C:\Windows\System\zaKnIEF.exe
  2⤵
  PID:10204
- C:\Windows\System\AuuPvOs.exe
  C:\Windows\System\AuuPvOs.exe
  2⤵
  PID:10220
- C:\Windows\System\BDVzQUo.exe
  C:\Windows\System\BDVzQUo.exe
  2⤵
  PID:10236
- C:\Windows\System\VVcaisu.exe
  C:\Windows\System\VVcaisu.exe
  2⤵
  PID:8412
- C:\Windows\System\qaREfrN.exe
  C:\Windows\System\qaREfrN.exe
  2⤵
  PID:9016
- C:\Windows\System\ZebBeYg.exe
  C:\Windows\System\ZebBeYg.exe
  2⤵
  PID:9092
- C:\Windows\System\lXuXngJ.exe
  C:\Windows\System\lXuXngJ.exe
  2⤵
  PID:9232
- C:\Windows\System\ydckwYY.exe
  C:\Windows\System\ydckwYY.exe
  2⤵
  PID:9268
- C:\Windows\System\nuIptTW.exe
  C:\Windows\System\nuIptTW.exe
  2⤵
  PID:9352
- C:\Windows\System\TCORKYv.exe
  C:\Windows\System\TCORKYv.exe
  2⤵
  PID:9392
- C:\Windows\System\qLnltTT.exe
  C:\Windows\System\qLnltTT.exe
  2⤵
  PID:9300
- C:\Windows\System\CANyMfp.exe
  C:\Windows\System\CANyMfp.exe
  2⤵
  PID:9456
- C:\Windows\System\HgxftCf.exe
  C:\Windows\System\HgxftCf.exe
  2⤵
  PID:9504
- C:\Windows\System\DXDNbwt.exe
  C:\Windows\System\DXDNbwt.exe
  2⤵
  PID:9580
- C:\Windows\System\GXFojqs.exe
  C:\Windows\System\GXFojqs.exe
  2⤵
  PID:9548
- C:\Windows\System\dNzpUTL.exe
  C:\Windows\System\dNzpUTL.exe
  2⤵
  PID:9624
- C:\Windows\System\wrsUAcP.exe
  C:\Windows\System\wrsUAcP.exe
  2⤵
  PID:9656
- C:\Windows\System\VADaCuY.exe
  C:\Windows\System\VADaCuY.exe
  2⤵
  PID:8428
- C:\Windows\System\petZEez.exe
  C:\Windows\System\petZEez.exe
  2⤵
  PID:9716
- C:\Windows\System\TuosFNL.exe
  C:\Windows\System\TuosFNL.exe
  2⤵
  PID:9696
- C:\Windows\System\MyeEKWH.exe
  C:\Windows\System\MyeEKWH.exe
  2⤵
  PID:9744
- C:\Windows\System\TIVafTw.exe
  C:\Windows\System\TIVafTw.exe
  2⤵
  PID:9852
- C:\Windows\System\CjtlpUS.exe
  C:\Windows\System\CjtlpUS.exe
  2⤵
  PID:9772
- C:\Windows\System\TUfrMcM.exe
  C:\Windows\System\TUfrMcM.exe
  2⤵
  PID:9792
- C:\Windows\System\fygLUGT.exe
  C:\Windows\System\fygLUGT.exe
  2⤵
  PID:9776
- C:\Windows\System\TldtxLp.exe
  C:\Windows\System\TldtxLp.exe
  2⤵
  PID:9760
- C:\Windows\System\rJRHATC.exe
  C:\Windows\System\rJRHATC.exe
  2⤵
  PID:9832
- C:\Windows\System\dfyUrDh.exe
  C:\Windows\System\dfyUrDh.exe
  2⤵
  PID:9896
- C:\Windows\System\qoEctVi.exe
  C:\Windows\System\qoEctVi.exe
  2⤵
  PID:9940
- C:\Windows\System\SRxaAfR.exe
  C:\Windows\System\SRxaAfR.exe
  2⤵
  PID:9984
- C:\Windows\System\IHlGdIf.exe
  C:\Windows\System\IHlGdIf.exe
  2⤵
  PID:10032
- C:\Windows\System\tOIjWYG.exe
  C:\Windows\System\tOIjWYG.exe
  2⤵
  PID:10004
- C:\Windows\System\gSdtTTU.exe
  C:\Windows\System\gSdtTTU.exe
  2⤵
  PID:10100
- C:\Windows\System\gecsdXS.exe
  C:\Windows\System\gecsdXS.exe
  2⤵
  PID:10168
- C:\Windows\System\pVaWYwD.exe
  C:\Windows\System\pVaWYwD.exe
  2⤵
  PID:9252
- C:\Windows\System\yoHYCua.exe
  C:\Windows\System\yoHYCua.exe
  2⤵
  PID:10116
- C:\Windows\System\ZFrFjKK.exe
  C:\Windows\System\ZFrFjKK.exe
  2⤵
  PID:10180
- C:\Windows\System\JObLwPw.exe
  C:\Windows\System\JObLwPw.exe
  2⤵
  PID:8364
- C:\Windows\System\CSQgkOa.exe
  C:\Windows\System\CSQgkOa.exe
  2⤵
  PID:8792
- C:\Windows\System\YtEkRCv.exe
  C:\Windows\System\YtEkRCv.exe
  2⤵
  PID:9140
- C:\Windows\System\rrxqRUo.exe
  C:\Windows\System\rrxqRUo.exe
  2⤵
  PID:8612
- C:\Windows\System\LPtyufv.exe
  C:\Windows\System\LPtyufv.exe
  2⤵
  PID:9304
- C:\Windows\System\YODaQLB.exe
  C:\Windows\System\YODaQLB.exe
  2⤵
  PID:9424
- C:\Windows\System\ZTRxVGq.exe
  C:\Windows\System\ZTRxVGq.exe
  2⤵
  PID:9492
- C:\Windows\System\BKCATOr.exe
  C:\Windows\System\BKCATOr.exe
  2⤵
  PID:9532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BDyaIoZ.exe

Filesize
6.0MB

MD5
caf7819b74b4f4826b5df3413ef4c093

SHA1
e21884b6b1bd281bacb93e28fe1a11ec1fb4c9fc

SHA256
a41344b9bc17295a6179391f37281b7f0110d0aeb7f9cd949101d5af9717a169

SHA512
b6a54349c8f3fd730f4d3c64c163130bd77707ebbffea29518693540802d4614a71461818c4a63aec97cd4fbb55045aee875bc1f45ec752466e641aa4699aecb

Download Submit
C:\Windows\system\CGvZHCj.exe

Filesize
6.0MB

MD5
7e41be79a6d6590074a546e0e1b9305c

SHA1
cfd5152ab669c5b9072c0e7691238e0173e40e16

SHA256
3acf9906e49424b9ae86236c7c544797e205aa6cfbfc31d7b70bff098e2bf0e4

SHA512
98111fd49930a953b5a16a211dd3d14dbcd922b9562ddbd6a7a03dcb30ac81569a61530412149dd0059a39ab4b546a0027123e8fa7da0913d087abeec47aaf69

Download Submit
C:\Windows\system\MYlTuVN.exe

Filesize
6.0MB

MD5
dbb946aa838a55870ed183152e4da9d2

SHA1
27aea43c496f19183cd68197339153bc42584fe8

SHA256
b3626ff57bb082291507047cd70c2c5ca5716d165fe2c2061ee88ceaf7f10faf

SHA512
8a6b06dbe8e46f93df6f65e6801895d5c2c522e6fbc67caf2c076a5b19f5f5f77ea3c9a333f91d41cb466a77d448832fc9f1cc4776fa519f2ff31eae2c6887bb

Download Submit
C:\Windows\system\NKvecyd.exe

Filesize
6.0MB

MD5
7af48fe5de782a864e940d08d4e1ca5a

SHA1
f3ed62c38a83294c2fd09cf01b8d89e1e111d3f3

SHA256
c072a93b72f4c63e3a53f5635115967b5d7343ec67e15539d027249c1b433a32

SHA512
019c7c25bcfa9877b0ee180dc4b0a21d6b3b1750a2be20780b98b69e36ec3893540e8eb7cde3f2177c4839fedd9456e00dc07a4bd1c98a792623e8a314bf0274

Download Submit
C:\Windows\system\NfzJtxC.exe

Filesize
6.0MB

MD5
a5440dcaeb9ec1e0706abee10775e79b

SHA1
e7eccb408927deba36f7f2d5b4dd07d1efbcccbd

SHA256
33b633c21268d2d8a8169d3e6e3206c1939757fe5d89af7215e84a9f5b268fa2

SHA512
659e661a3d7ea40d4ea7121c570973ffaf62cb4674159e89219878ba85d28a9d2d87a8d20d53492bfc5b5aa76c61c6e56bc5e8740d62adaf593533dfb1fae3f8

Download Submit
C:\Windows\system\RhoXnFN.exe

Filesize
6.0MB

MD5
95cb1646c01f43ea13154cc1ae6d2750

SHA1
5845e79048fd2f8fc6d936aee42137bb9699b3cf

SHA256
7e5ab5d8b8c7d598af3c9929cbfbe390a50ab7e68e79df234ca2f7ffe0a41f34

SHA512
384ec96a0e813fcf8bb3142774762d18fb6675e05c67f172c12fd621fe941f586ec61f681139942f9edc8713b74cacc40dc8f32696f7d498717b2b0fc0f0308b

Download Submit
C:\Windows\system\TQQsEWI.exe

Filesize
6.0MB

MD5
dfb92e1bcaf59c1908bd95da4ab9d75e

SHA1
6d874607e3a9badca4ecb53f88fea3b7ab9a18b7

SHA256
ea8892cfcc62994c009ad82e48c31db3dc013189bec4188291ee715d35cbd206

SHA512
6ae7bc4ca11bc8ff80199d76b13abf8ac15d63cd35d4876049cb6f4051b1d591655baae2989b693fc9cf4d527eb55af0efd43c4461f9b012caab62fa80007831

Download Submit
C:\Windows\system\UndAhjG.exe

Filesize
6.0MB

MD5
9b32bd923d55caf88c5fb4d968307621

SHA1
cb6e59fd0a69575ce02f582f68ec654e624ac8ae

SHA256
f791fd1ebde26bd76a6abcd7bd9105b03577577808a6cfd286b84fd694d37aad

SHA512
6909a60aff89202510365c564920f00b3d6bb9f64f473cfbfa1edd88ed0b5a332f27c184c4df8354dab71e64f53c122a6cdae784198eca4fdfb715a338a8ccce

Download Submit
C:\Windows\system\XOycqXd.exe

Filesize
6.0MB

MD5
4a09bf89c11f22019aceb72ee23c3a18

SHA1
600988705eaa04d61a1b55594a9fbedf7773b763

SHA256
2fb3a1b38284565a782f783d23942dcfab657a96bb24659238b9de5a5655623f

SHA512
8e59e187a1428e0c04235815eb8bd96a17fa82dd310f5a71fa07b7a6664ada149b04763c870a85d144f98ef96f904aa8c72a6b8cbfa72a6e3b90efdbb8cf6b19

Download Submit
C:\Windows\system\YsUtGOb.exe

Filesize
6.0MB

MD5
2a0d5b380ec618a1ca676463755c1476

SHA1
e61564f7cc44b670a46f013675b090865aeaeb06

SHA256
6bd9202aae8e91ecf71f1a231463b9f3512bd55a7c0664745a226840a0e1182f

SHA512
94bf37be3a51286c8eccfaa72ae1d752ba27e1d9bbb83236634b14d1762e36d03bbdbd78dacf9cdb708365d7b0ee034753ca298757a32d99775298abfc19930a

Download Submit
C:\Windows\system\bQtfNeq.exe

Filesize
6.0MB

MD5
2a0c21d14f5d8eea3a68c0bc06402e8a

SHA1
e1b1bdf5403153f4fa1e0cc1fcbc06969538d532

SHA256
c23776322f640f17f91c49f67c39da2de4d3c7bd80f505d43fd5ab9210d08d21

SHA512
5ccf525c21cb43c5960e4bf62c13dca5c9abf3860b1be2130dfe4c837ecc1742aec9dcea317f11d0d2a8d7a95cd69b920c660816e50544a38dd26f1c7f320903

Download Submit
C:\Windows\system\jJVBUZR.exe

Filesize
6.0MB

MD5
9cb35b44cceb3866ef77ea24229c8ffd

SHA1
0d423263c4fbd4550b6491a6f122a6ca8028ebf4

SHA256
4c3f0a31a78c7176d88a426f531d2094a1c79274f39278e58bee7a58f1402210

SHA512
b150b526b10809b2d3665b15af739148e0be91dd5b9dabd1e0dd632173b9df82ce09cf5dba1183c6fa176f7874c27b2185d75c3ed5ba5a059c3898f09cc8734f

Download Submit
C:\Windows\system\kcaHSok.exe

Filesize
6.0MB

MD5
bd98a298b2337271b7576e13bf37df1f

SHA1
b559b79979a5ae7c12152bc03db6794b5cf82ada

SHA256
94fffcf64b4cf3b3f29ebccb738ae22c4874c717901d1265d6a23fb757067fff

SHA512
2db4245abab887f8cb90ebfe4c3ff2c4313d0f20bdce00f719e4b26909b186d4b92212e3a4ea60e9c5b10db864c70884ee4ef6c9e25c8f8551aecee63adf3f04

Download Submit
C:\Windows\system\mLhFGKx.exe

Filesize
6.0MB

MD5
fdf7925e25b45a1db2ecc941113efbcf

SHA1
6a4ec372234d23b84e0630fb4e4366642349ecd5

SHA256
8e4a3819db90eb86516f911623cb54c117106796051e355f4791767f9bce6f72

SHA512
5623b2b3ca9cea652a9c704620c7e061fc15fc1958cf545ee0009fa0fa8e918c091ae964bf9ea520d7b602e27d36e943e4ebc21817d982ed5ffacf464fac5457

Download Submit
C:\Windows\system\mMgmhNu.exe

Filesize
6.0MB

MD5
2c650042b87134c457261c84a6654e90

SHA1
f093c29415b152f6ad8edfe1d2b0a83811ac3787

SHA256
e7d4df078d0916419a7099b8558741a9742579f0ac58393faed04ff81b6c39e5

SHA512
39eda95443827e185c221462fa8c754b6b88a0f7c2349d9b9b5441194922cb911a274f43e731c83adb3050b40cd616e481a5135a735d2dc76c1b82a7228d65f3

Download Submit
C:\Windows\system\rMwKjdW.exe

Filesize
6.0MB

MD5
3d89a28fa8493b8c52b96fa88879b589

SHA1
d966821016ae0ff5d4cabab54d77d2d554c44f59

SHA256
74c780fdb764b6498f1c44f1a7788f51166adf673b8aaa16f7bfa96102e152fe

SHA512
54fb0331a32af0c1d3da9555a7a7846b75265f2899f0eab9241d49c44b95d8664b4f6c05d9b04350e79aaf6c33c5e8bb679bdb8b1cf052981a79e23646886355

Download Submit
C:\Windows\system\rgaqHhr.exe

Filesize
6.0MB

MD5
b9ab0e4683dcf5c70a0f1e58cdf5d557

SHA1
3a1e937adb451e3af2efd25f445a6456d3b8146b

SHA256
66221947db8867b9d99c01d2f4f45f27e2ac16c2a470b4a7a8bc56664560812f

SHA512
5ad8a335df9a8fe15eadc63299e3d6e8bedd8a22fb34909bc2ee77b40ef3c471f9b06e7570f982f7b51a51fa69c63c0b754cd8a11449064e9616ab3af3a211f2

Download Submit
C:\Windows\system\rhtaUjZ.exe

Filesize
6.0MB

MD5
8a58db5e6824f822257f34ddc08335f1

SHA1
688d4a67315a37ba62e03a6201ef54da6f603125

SHA256
ed4ae0c368a20403a573fb38c68870cb13b8529fa76543c822179642eb4a77ec

SHA512
bb65a7fa72abe79a7799443dede72c15a51e05c747b32ed0a0ef18d5d116eafe006514494e578b9bca7a7e7a89c6da622723cae7ce79191afe9911e3b0d3e261

Download Submit
C:\Windows\system\stEdYzt.exe

Filesize
6.0MB

MD5
ac532fa93fa73bb986a7d69d4f549ff9

SHA1
470f958d03d00be01713eea513033f84caa3c8fe

SHA256
7e2d92540d9545ef388cd99daf50b239a7ac16583eeb7af5afda7e45523d6bce

SHA512
710c927e5e9c96e55a71023780f3f9360138fb8a3ef6488ac711692717be36b95ace3031f1a322cece16926ea8d31d6a932a72708f0035481ebe3973b0ed1d91

Download Submit
C:\Windows\system\tuxjHsG.exe

Filesize
6.0MB

MD5
131689a0d166f5e0d016877cab3431a2

SHA1
6d88c2305f0f870e413d4a72823d9b1f907702fa

SHA256
1c9f9a1305b98a0457f3140cb00077935555841e5df5b7ee914f6a8b9f47e135

SHA512
bfbcfe9de039de43577b0a9888f987369342be27e05f80784311e43661a2a51b912724a35c305d1a5f24256e26447be3907248d7ac18dd6f38003652b2e29158

Download Submit
C:\Windows\system\wcSCwYj.exe

Filesize
6.0MB

MD5
5abb2142fb1fb4ca8c5dc1276a5173c9

SHA1
57694bdb1ee984db4b02ca6dac1703d6e181dc9f

SHA256
fe90d61f4f76ebe091204c563b739a20ba53bbd121cba07d9d3ddb7e1a222d2a

SHA512
8e8075a4e8643f98460883eb5807d92f97132044aede242903b8f6e2d5c5ab4bb1bb94fab2f518f40c1e1497844ab1db918f8bdabc2462a8f272823958cd8530

Download Submit
C:\Windows\system\xuIdall.exe

Filesize
6.0MB

MD5
a0ba866b83cf76cd259ee41c81bd0b98

SHA1
e665b49da89d547a268047bd385335940c9d7402

SHA256
bd20e8d501dc3bc28f8d041477e8ac0b7b062e20175c155b3633386cef62a2b3

SHA512
b029244f26c6dca22c4d8ddae8294b08684cdbca6fe25eea20459fa5c4e4cc9ba711cd41c8505c9ce619597be86450f6c6f21990a9fd6b7e4b81b0df1d330a7f

Download Submit
C:\Windows\system\yQSUtSR.exe

Filesize
6.0MB

MD5
c7f591be391619a346c6340de73315ba

SHA1
84629f6ee6496812d2654b6f8523d31a8bf60f12

SHA256
472656c0f1a1cc44680825cb1fd40ede1100581245bcc03e108d846c967ae574

SHA512
48f1d086187636dc1bacda03ecea9a75551a15c34fbcb7c40ada1a64e1594cfe413538b43dcbafbf387a8b3f4d174faecc5861c2e17e4b7cd3b91fe878e19373

Download Submit
C:\Windows\system\znBfOeG.exe

Filesize
6.0MB

MD5
8e41edc8fa11b5f75f4f26c9bd9863c6

SHA1
0e65461f4003ac6775e32383bcd21a2975b82a4d

SHA256
405a12ea89696db57618277c75e49394e19887685312e6b38659bf0b317711e8

SHA512
554e79fe29187bd08e318e56be294136232fb67c912e0bf2bff27012f1c6738f25147ff3e7788d756104218ad6f1a3d1f2c0ca98e1dbfe2f4a7299becd7ecab7

Download Submit
\Windows\system\HzEXecb.exe

Filesize
6.0MB

MD5
5a99b1b71fd11491a9a0e47e565ec171

SHA1
3a0736c4a28d3c37ca2fa0e0ad0ed41caee03190

SHA256
7129255dd12a2ee40390b6bd7ba64398baa2b447bfbedca2a406fe460dfb5a9d

SHA512
85a979b93418c268902ba6248411eb8d04a2c8878526c4cbe83501feac7eed52d26ef69a8b47dfddc02e8e12045e6a38bda110be8c8f87ff24c670f8f681362a

Download Submit
\Windows\system\JjngxvM.exe

Filesize
6.0MB

MD5
5acd231af21a33c1a538eff5c820a438

SHA1
9af6a20639090ccdf532278702bcb87dcae3a5b4

SHA256
032f4c39a750702aaca65b553ad85051c1d41f732fb86e67a57aa48638807f6b

SHA512
6df2556ea0d80ca4b959840ba815384aa2329c2b485f37fc92591d37d2d746fa12cea37b4b30d89fe9b65696138f578185e02b0f585938233a935465dd46945d

Download Submit
\Windows\system\MYVTzMR.exe

Filesize
6.0MB

MD5
4087c77de389013b74515747c72d0949

SHA1
57fa6cdc4100748dd4083267fd13dfe8ae16940e

SHA256
c9c1fc572bded5a7dc029575aef3d0eff755c354554acb84b979e55ce12c7c4a

SHA512
446e9a5d34e860c9f810485dc2c8f4d78af4773a9dfb06839f84001c7287992727b18258534141fb6edb065498c2d201d1e38ac3e9db94a956328e2a9bdeab6d

Download Submit
\Windows\system\PflfFcw.exe

Filesize
6.0MB

MD5
f4421611fe056c31b97e96c83cb604eb

SHA1
ba63b5aa31aa03a0bbd7ca36c91107fa96141681

SHA256
98b13737bdcf26a15de1dd2760f15a8ae98e71bf493eb7556a565a7d62f5ecbd

SHA512
2abc41f3e13d7555fc3bda9e31bff2780f68dcf7775498cd040d76bbd010596a1e5bca532fe701d32e797b225961f3b200ffcaaf7525cbf092faa01a565e2c15

Download Submit
\Windows\system\QUIIAdU.exe

Filesize
6.0MB

MD5
d3579ad3f2eda67dc08081e004c47cd6

SHA1
5cf803ae262efadea85da8b83461033d7054339f

SHA256
decac5041a862b4317288166d8c81dc73b3fe638da588c663ac591070c321b31

SHA512
641b84fbb698878b332aab596999092ad94eae512cccc6a2f6b3e8787c8e46ac9707d413f67a252bd5ecc629c25dbacd2a9c43c0e39703e57717adb006ddc014

Download Submit
\Windows\system\glMoqQJ.exe

Filesize
6.0MB

MD5
7eec01e185d932fb40bb395eeb7146b5

SHA1
11b7e7e0edcedb22feabb8a7ffc223ed80899a7c

SHA256
ecd2f53b9691fe4808f881ff8cde29b47a27857ff51af2ccae2a090587dff421

SHA512
107f679c1f8bbeea7486d3cc1ccd2797954ad1bd457d123d9e42f9841e0999689b57b476d935fcbcc5a1f5f1d384ce9e6c60d88a1e5e2e21d25ba7088c0c7459

Download Submit
\Windows\system\jhCxhzj.exe

Filesize
6.0MB

MD5
e114e329ebe75c5fbd794a94ad8bd64a

SHA1
e3474846445cc42e9d8286fa2a466a93e0d40d41

SHA256
4ed55e33fa697e03fb315b28d89f4d387a1f262c0c0e1c238975e92dcc6812d5

SHA512
7160ac8ec541339315352e097b7d29306636c5241c5ac4f95d5c9f32852ce5d7d6a554898d8006650bf6f95c96fef7c739507fdffdb9dc8e5fa28ec90aa793de

Download Submit
\Windows\system\tRMcPPJ.exe

Filesize
6.0MB

MD5
531a455969ef5c4a75988be5db7b6feb

SHA1
0f17cae6bd8a826e9452ecf31a04b7c7383a8caf

SHA256
7c9182c650cdf6ecf78e0774fe18bfbf156876e6a29325335b52ce914ddabb6c

SHA512
3c98cf85b33bbbbe5205f47705effc6ddbd1aa75d69a141c49f24dcce2320f74d6f04cbaf62fcd60ca193f070d7ca8eb278d15de5fc4b903cae885c87b503984

Download Submit
\Windows\system\zwtaCjH.exe

Filesize
6.0MB

MD5
9eb703db4a3ffbfed343efa4d5f0da78

SHA1
4c853ee4daed3364472d4aea612d0b4c763cbb88

SHA256
4714802894aa72d9aa20a9a0dec730ab032ccf3075d7e81008866f8f5bb51a19

SHA512
bfb51fb49d6c4929e5de199ac25e733bd519bfd51e54274a60150b6a5f6d5476c5c2ebf6617f5b69225baabd38660bec91c573a562308024f78237b1a5d063da

Download Submit
memory/316-3573-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/316-2338-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1360-3587-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3124-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2056-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1454-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1455-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1735-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3134-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1814-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2080-3163-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1822-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3169-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1910-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1453-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2062-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3164-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3141-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2206-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3170-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2282-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3158-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2344-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2355-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3125-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2945-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2946-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3153-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3148-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3121-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-0-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2350-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3607-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2035-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3543-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1820-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3533-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1813-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3503-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2061-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3591-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3531-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1727-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1909-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3582-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3016-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3505-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2764-12-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3017-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3504-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2190-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3555-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download