cobaltstrike | f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
Size

6.0MB
MD5

73af9f6ffe8492e6af7702ff86e53b10
SHA1

66fa5464f614cf6f7341d59c04c37a07e4b51934
SHA256

f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974
SHA512

6de1d83090c08c098086df4f76358d7cab835d92390eecefcb954ac830660ddb53b7c5d7c87353593f772772ba3d4694e5fc8ce25a94d8f191f741c38255be42
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUw:eOl56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012276-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019227-13.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001922c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-25.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926a-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019279-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018781-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019379-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-64.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ad-54.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2328-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012276-3.dat	xmrig
behavioral1/memory/1944-8-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019227-13.dat	xmrig
behavioral1/memory/2288-15-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000700000001922c-12.dat	xmrig
behavioral1/files/0x0006000000019261-25.dat	xmrig
behavioral1/memory/3044-20-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000600000001926a-28.dat	xmrig
behavioral1/memory/2012-26-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/340-35-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2328-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019279-36.dat	xmrig
behavioral1/files/0x0008000000018781-45.dat	xmrig
behavioral1/files/0x0007000000019379-50.dat	xmrig
behavioral1/files/0x00050000000194fc-59.dat	xmrig
behavioral1/files/0x000500000001952f-69.dat	xmrig
behavioral1/files/0x00050000000195a7-79.dat	xmrig
behavioral1/files/0x000500000001961d-90.dat	xmrig
behavioral1/files/0x0005000000019621-98.dat	xmrig
behavioral1/files/0x000500000001961f-94.dat	xmrig
behavioral1/files/0x00050000000195e6-84.dat	xmrig
behavioral1/files/0x0005000000019627-136.dat	xmrig
behavioral1/files/0x000500000001967f-157.dat	xmrig
behavioral1/files/0x0005000000019c54-180.dat	xmrig
behavioral1/memory/340-849-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2012-631-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3044-349-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2288-251-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c58-189.dat	xmrig
behavioral1/files/0x0005000000019c56-184.dat	xmrig
behavioral1/files/0x00050000000199b9-174.dat	xmrig
behavioral1/files/0x000500000001970b-169.dat	xmrig
behavioral1/files/0x00050000000196c0-164.dat	xmrig
behavioral1/files/0x000500000001963b-154.dat	xmrig
behavioral1/files/0x000500000001962b-149.dat	xmrig
behavioral1/files/0x0005000000019629-145.dat	xmrig
behavioral1/files/0x0005000000019625-135.dat	xmrig
behavioral1/files/0x0005000000019622-124.dat	xmrig
behavioral1/memory/2544-120-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2644-118-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2280-116-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2328-115-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2852-114-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2328-113-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2648-112-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2328-111-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2656-110-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-128.dat	xmrig
behavioral1/memory/756-108-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2328-107-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2812-106-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2732-105-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1944-97-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001957e-74.dat	xmrig
behavioral1/files/0x0005000000019506-64.dat	xmrig
behavioral1/files/0x00060000000194ad-54.dat	xmrig
behavioral1/memory/1944-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2288-4005-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/3044-4006-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2012-4007-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/340-4008-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2732-4009-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2812-4010-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1944	aAxqGwh.exe
2288	APpPEHA.exe
3044	lBSTrlU.exe
2012	iKkcJPC.exe
340	FFFbJCU.exe
2732	nxZXxdt.exe
2812	bXlReAl.exe
756	JFqQGBp.exe
2656	GkqNhRz.exe
2648	dfdCteK.exe
2852	cQSNqoN.exe
2280	TbHrNuA.exe
2644	dZrFfXq.exe
2544	AIOBxWJ.exe
2608	rmNoYXK.exe
2584	MZMOPVm.exe
2180	QQOdxjK.exe
824	dmZuOJd.exe
1528	OgxpaeT.exe
2904	wxYhEGt.exe
2896	yxQyDsG.exe
1756	OGpSHCE.exe
2964	YUMzWhV.exe
2272	trGGbCJ.exe
1612	QaqMXUD.exe
2096	JuglsXL.exe
2252	NBWhKhg.exe
560	pkdnPgr.exe
2876	hngNOXM.exe
408	iyTADPC.exe
2500	BDhuYiQ.exe
1932	wqMTsLC.exe
2356	RfGnYlR.exe
880	TwXUQjl.exe
1692	buNNdGM.exe
1624	InGZyYQ.exe
852	kzUnSQM.exe
908	HSWIrRX.exe
1276	AXbayDV.exe
624	cRiDKEt.exe
2168	hZWXYcm.exe
2072	UCeKPcA.exe
2324	vpThLqa.exe
1052	zUGNQPz.exe
800	HBDQCRB.exe
1524	pktxMmC.exe
2216	mpDRPGD.exe
1432	FuySnWf.exe
900	xieaklK.exe
3024	oDYGmkf.exe
1392	CHtLKYO.exe
1548	xyazMdD.exe
1604	VHTLUTi.exe
772	smVTOna.exe
2976	bJljsQS.exe
2864	dkaGchK.exe
1992	UObaBxN.exe
2088	ejQRZVR.exe
2860	vkdyWvx.exe
2560	FFapJiB.exe
2580	FQPMNtA.exe
2604	lEVGKzf.exe
2152	exKTgnt.exe
1900	xmqFsIE.exe

Loads dropped DLL 64 IoCs

pid	Process
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2328-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000d000000012276-3.dat	upx
behavioral1/memory/1944-8-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0008000000019227-13.dat	upx
behavioral1/memory/2288-15-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000700000001922c-12.dat	upx
behavioral1/files/0x0006000000019261-25.dat	upx
behavioral1/memory/3044-20-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000600000001926a-28.dat	upx
behavioral1/memory/2012-26-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/340-35-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2328-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0006000000019279-36.dat	upx
behavioral1/files/0x0008000000018781-45.dat	upx
behavioral1/files/0x0007000000019379-50.dat	upx
behavioral1/files/0x00050000000194fc-59.dat	upx
behavioral1/files/0x000500000001952f-69.dat	upx
behavioral1/files/0x00050000000195a7-79.dat	upx
behavioral1/files/0x000500000001961d-90.dat	upx
behavioral1/files/0x0005000000019621-98.dat	upx
behavioral1/files/0x000500000001961f-94.dat	upx
behavioral1/files/0x00050000000195e6-84.dat	upx
behavioral1/files/0x0005000000019627-136.dat	upx
behavioral1/files/0x000500000001967f-157.dat	upx
behavioral1/files/0x0005000000019c54-180.dat	upx
behavioral1/memory/340-849-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2012-631-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3044-349-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2288-251-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0005000000019c58-189.dat	upx
behavioral1/files/0x0005000000019c56-184.dat	upx
behavioral1/files/0x00050000000199b9-174.dat	upx
behavioral1/files/0x000500000001970b-169.dat	upx
behavioral1/files/0x00050000000196c0-164.dat	upx
behavioral1/files/0x000500000001963b-154.dat	upx
behavioral1/files/0x000500000001962b-149.dat	upx
behavioral1/files/0x0005000000019629-145.dat	upx
behavioral1/files/0x0005000000019625-135.dat	upx
behavioral1/files/0x0005000000019622-124.dat	upx
behavioral1/memory/2544-120-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2644-118-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2280-116-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2852-114-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2648-112-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2656-110-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0005000000019623-128.dat	upx
behavioral1/memory/756-108-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2812-106-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2732-105-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/1944-97-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x000500000001957e-74.dat	upx
behavioral1/files/0x0005000000019506-64.dat	upx
behavioral1/files/0x00060000000194ad-54.dat	upx
behavioral1/memory/1944-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2288-4005-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/3044-4006-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2012-4007-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/340-4008-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2732-4009-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2812-4010-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2280-4012-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2648-4014-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2656-4013-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/756-4011-0x000000013FF00000-0x0000000140254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YzHjfXl.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\AHHhMTj.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\qwzoZwv.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\tfIMTko.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\slLzIbk.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\OswKmdU.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\KNfhPMM.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\qnJLRgi.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\HwQGWwQ.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\MZMOPVm.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\BRoodLN.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\fSvITGu.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\NSHRwdV.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\ffGkswq.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\VJfqvhc.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\JeCLsiP.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\uyTbKeL.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\cBryDeH.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\rujjnQU.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\BrJQYOl.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\aOAtkqc.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\LSFgcSY.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\jguaXBe.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\sjxfjnk.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\AuWVFky.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\DTRlvUz.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\Mekhycj.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\agQlqRN.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\KEHnLmR.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\yxQyDsG.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\fFiqbKF.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\BrBSYQe.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\EITzlmv.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\agMhHAV.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\UAbWiPh.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\CmPNAJC.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\XnUHmTD.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\AIOBxWJ.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\buNNdGM.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\lEVGKzf.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\pEDlsBZ.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\CUloVTT.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\SojXdnz.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\zZiekRI.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\xSHlvNQ.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\DNRnSAV.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\feBThXr.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\qFzkzDq.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\bWdWwkd.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\IQlXGMa.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\PcnZLEY.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\pxsPsmw.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\taZqqjh.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\sifWJya.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\axPLPyJ.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\bprcQyX.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\jEVNMJS.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\lHVPsCq.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\VHTLUTi.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\psiZQhn.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\mcBzial.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\sGMvDru.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\FOMXlJW.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
File created	C:\Windows\System\exKTgnt.exe	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1944	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	31
PID 2328 wrote to memory of 1944	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	31
PID 2328 wrote to memory of 1944	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	31
PID 2328 wrote to memory of 2288	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	32
PID 2328 wrote to memory of 2288	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	32
PID 2328 wrote to memory of 2288	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	32
PID 2328 wrote to memory of 3044	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	33
PID 2328 wrote to memory of 3044	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	33
PID 2328 wrote to memory of 3044	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	33
PID 2328 wrote to memory of 2012	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	34
PID 2328 wrote to memory of 2012	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	34
PID 2328 wrote to memory of 2012	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	34
PID 2328 wrote to memory of 340	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	35
PID 2328 wrote to memory of 340	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	35
PID 2328 wrote to memory of 340	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	35
PID 2328 wrote to memory of 2732	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	36
PID 2328 wrote to memory of 2732	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	36
PID 2328 wrote to memory of 2732	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	36
PID 2328 wrote to memory of 2812	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	37
PID 2328 wrote to memory of 2812	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	37
PID 2328 wrote to memory of 2812	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	37
PID 2328 wrote to memory of 756	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	38
PID 2328 wrote to memory of 756	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	38
PID 2328 wrote to memory of 756	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	38
PID 2328 wrote to memory of 2656	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	39
PID 2328 wrote to memory of 2656	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	39
PID 2328 wrote to memory of 2656	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	39
PID 2328 wrote to memory of 2648	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	40
PID 2328 wrote to memory of 2648	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	40
PID 2328 wrote to memory of 2648	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	40
PID 2328 wrote to memory of 2852	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	41
PID 2328 wrote to memory of 2852	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	41
PID 2328 wrote to memory of 2852	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	41
PID 2328 wrote to memory of 2280	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	42
PID 2328 wrote to memory of 2280	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	42
PID 2328 wrote to memory of 2280	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	42
PID 2328 wrote to memory of 2644	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	43
PID 2328 wrote to memory of 2644	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	43
PID 2328 wrote to memory of 2644	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	43
PID 2328 wrote to memory of 2544	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	44
PID 2328 wrote to memory of 2544	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	44
PID 2328 wrote to memory of 2544	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	44
PID 2328 wrote to memory of 2608	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	45
PID 2328 wrote to memory of 2608	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	45
PID 2328 wrote to memory of 2608	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	45
PID 2328 wrote to memory of 2584	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	46
PID 2328 wrote to memory of 2584	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	46
PID 2328 wrote to memory of 2584	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	46
PID 2328 wrote to memory of 2180	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	47
PID 2328 wrote to memory of 2180	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	47
PID 2328 wrote to memory of 2180	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	47
PID 2328 wrote to memory of 824	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	48
PID 2328 wrote to memory of 824	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	48
PID 2328 wrote to memory of 824	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	48
PID 2328 wrote to memory of 1528	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	49
PID 2328 wrote to memory of 1528	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	49
PID 2328 wrote to memory of 1528	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	49
PID 2328 wrote to memory of 2904	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	50
PID 2328 wrote to memory of 2904	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	50
PID 2328 wrote to memory of 2904	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	50
PID 2328 wrote to memory of 2896	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	51
PID 2328 wrote to memory of 2896	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	51
PID 2328 wrote to memory of 2896	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	51
PID 2328 wrote to memory of 1756	2328	JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f395378be43a22432d05e6392e93b26647efcfb7236f1d828df7892d31a00974.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\System\aAxqGwh.exe
  C:\Windows\System\aAxqGwh.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\APpPEHA.exe
  C:\Windows\System\APpPEHA.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\lBSTrlU.exe
  C:\Windows\System\lBSTrlU.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\iKkcJPC.exe
  C:\Windows\System\iKkcJPC.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\FFFbJCU.exe
  C:\Windows\System\FFFbJCU.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\nxZXxdt.exe
  C:\Windows\System\nxZXxdt.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\bXlReAl.exe
  C:\Windows\System\bXlReAl.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\JFqQGBp.exe
  C:\Windows\System\JFqQGBp.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\GkqNhRz.exe
  C:\Windows\System\GkqNhRz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\dfdCteK.exe
  C:\Windows\System\dfdCteK.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\cQSNqoN.exe
  C:\Windows\System\cQSNqoN.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\TbHrNuA.exe
  C:\Windows\System\TbHrNuA.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\dZrFfXq.exe
  C:\Windows\System\dZrFfXq.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\AIOBxWJ.exe
  C:\Windows\System\AIOBxWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\rmNoYXK.exe
  C:\Windows\System\rmNoYXK.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\MZMOPVm.exe
  C:\Windows\System\MZMOPVm.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\QQOdxjK.exe
  C:\Windows\System\QQOdxjK.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dmZuOJd.exe
  C:\Windows\System\dmZuOJd.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\OgxpaeT.exe
  C:\Windows\System\OgxpaeT.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\wxYhEGt.exe
  C:\Windows\System\wxYhEGt.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\yxQyDsG.exe
  C:\Windows\System\yxQyDsG.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\OGpSHCE.exe
  C:\Windows\System\OGpSHCE.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\YUMzWhV.exe
  C:\Windows\System\YUMzWhV.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\trGGbCJ.exe
  C:\Windows\System\trGGbCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\QaqMXUD.exe
  C:\Windows\System\QaqMXUD.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\JuglsXL.exe
  C:\Windows\System\JuglsXL.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\NBWhKhg.exe
  C:\Windows\System\NBWhKhg.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\pkdnPgr.exe
  C:\Windows\System\pkdnPgr.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\hngNOXM.exe
  C:\Windows\System\hngNOXM.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iyTADPC.exe
  C:\Windows\System\iyTADPC.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\BDhuYiQ.exe
  C:\Windows\System\BDhuYiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\wqMTsLC.exe
  C:\Windows\System\wqMTsLC.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\RfGnYlR.exe
  C:\Windows\System\RfGnYlR.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\TwXUQjl.exe
  C:\Windows\System\TwXUQjl.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\buNNdGM.exe
  C:\Windows\System\buNNdGM.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\InGZyYQ.exe
  C:\Windows\System\InGZyYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\kzUnSQM.exe
  C:\Windows\System\kzUnSQM.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\HSWIrRX.exe
  C:\Windows\System\HSWIrRX.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\AXbayDV.exe
  C:\Windows\System\AXbayDV.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\cRiDKEt.exe
  C:\Windows\System\cRiDKEt.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\hZWXYcm.exe
  C:\Windows\System\hZWXYcm.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\UCeKPcA.exe
  C:\Windows\System\UCeKPcA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\vpThLqa.exe
  C:\Windows\System\vpThLqa.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zUGNQPz.exe
  C:\Windows\System\zUGNQPz.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\HBDQCRB.exe
  C:\Windows\System\HBDQCRB.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\pktxMmC.exe
  C:\Windows\System\pktxMmC.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\mpDRPGD.exe
  C:\Windows\System\mpDRPGD.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\FuySnWf.exe
  C:\Windows\System\FuySnWf.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\xieaklK.exe
  C:\Windows\System\xieaklK.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\oDYGmkf.exe
  C:\Windows\System\oDYGmkf.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\CHtLKYO.exe
  C:\Windows\System\CHtLKYO.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\xyazMdD.exe
  C:\Windows\System\xyazMdD.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\VHTLUTi.exe
  C:\Windows\System\VHTLUTi.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\smVTOna.exe
  C:\Windows\System\smVTOna.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\bJljsQS.exe
  C:\Windows\System\bJljsQS.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\dkaGchK.exe
  C:\Windows\System\dkaGchK.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\UObaBxN.exe
  C:\Windows\System\UObaBxN.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ejQRZVR.exe
  C:\Windows\System\ejQRZVR.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\vkdyWvx.exe
  C:\Windows\System\vkdyWvx.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\FFapJiB.exe
  C:\Windows\System\FFapJiB.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\FQPMNtA.exe
  C:\Windows\System\FQPMNtA.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\lEVGKzf.exe
  C:\Windows\System\lEVGKzf.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\exKTgnt.exe
  C:\Windows\System\exKTgnt.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xmqFsIE.exe
  C:\Windows\System\xmqFsIE.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\gJmohVz.exe
  C:\Windows\System\gJmohVz.exe
  2⤵
  PID:2632
- C:\Windows\System\LIDhdnd.exe
  C:\Windows\System\LIDhdnd.exe
  2⤵
  PID:1976
- C:\Windows\System\nKBDZoQ.exe
  C:\Windows\System\nKBDZoQ.exe
  2⤵
  PID:2972
- C:\Windows\System\jbmaDTm.exe
  C:\Windows\System\jbmaDTm.exe
  2⤵
  PID:3048
- C:\Windows\System\tsPGEpv.exe
  C:\Windows\System\tsPGEpv.exe
  2⤵
  PID:1860
- C:\Windows\System\AuWVFky.exe
  C:\Windows\System\AuWVFky.exe
  2⤵
  PID:2264
- C:\Windows\System\MwyQZUm.exe
  C:\Windows\System\MwyQZUm.exe
  2⤵
  PID:1928
- C:\Windows\System\gShOCda.exe
  C:\Windows\System\gShOCda.exe
  2⤵
  PID:1504
- C:\Windows\System\OWCCeks.exe
  C:\Windows\System\OWCCeks.exe
  2⤵
  PID:956
- C:\Windows\System\yWasvTj.exe
  C:\Windows\System\yWasvTj.exe
  2⤵
  PID:780
- C:\Windows\System\sFYphGh.exe
  C:\Windows\System\sFYphGh.exe
  2⤵
  PID:844
- C:\Windows\System\efDGUHu.exe
  C:\Windows\System\efDGUHu.exe
  2⤵
  PID:596
- C:\Windows\System\wUfYmcz.exe
  C:\Windows\System\wUfYmcz.exe
  2⤵
  PID:1960
- C:\Windows\System\fIPSSrc.exe
  C:\Windows\System\fIPSSrc.exe
  2⤵
  PID:784
- C:\Windows\System\zSGQHQX.exe
  C:\Windows\System\zSGQHQX.exe
  2⤵
  PID:580
- C:\Windows\System\GQSIZjN.exe
  C:\Windows\System\GQSIZjN.exe
  2⤵
  PID:1628
- C:\Windows\System\YRboEoi.exe
  C:\Windows\System\YRboEoi.exe
  2⤵
  PID:2444
- C:\Windows\System\MDGqtKK.exe
  C:\Windows\System\MDGqtKK.exe
  2⤵
  PID:2980
- C:\Windows\System\SLRUNAV.exe
  C:\Windows\System\SLRUNAV.exe
  2⤵
  PID:1456
- C:\Windows\System\lFwTIVR.exe
  C:\Windows\System\lFwTIVR.exe
  2⤵
  PID:1904
- C:\Windows\System\NQAqQXE.exe
  C:\Windows\System\NQAqQXE.exe
  2⤵
  PID:2508
- C:\Windows\System\ZThuaxS.exe
  C:\Windows\System\ZThuaxS.exe
  2⤵
  PID:1056
- C:\Windows\System\PLVgCfF.exe
  C:\Windows\System\PLVgCfF.exe
  2⤵
  PID:2460
- C:\Windows\System\AAnnaEb.exe
  C:\Windows\System\AAnnaEb.exe
  2⤵
  PID:2712
- C:\Windows\System\HxyshdD.exe
  C:\Windows\System\HxyshdD.exe
  2⤵
  PID:2684
- C:\Windows\System\ifwaJDp.exe
  C:\Windows\System\ifwaJDp.exe
  2⤵
  PID:2872
- C:\Windows\System\pEDlsBZ.exe
  C:\Windows\System\pEDlsBZ.exe
  2⤵
  PID:1380
- C:\Windows\System\SlhAHmU.exe
  C:\Windows\System\SlhAHmU.exe
  2⤵
  PID:2504
- C:\Windows\System\FCxavtZ.exe
  C:\Windows\System\FCxavtZ.exe
  2⤵
  PID:2780
- C:\Windows\System\jYtnIGP.exe
  C:\Windows\System\jYtnIGP.exe
  2⤵
  PID:1372
- C:\Windows\System\jzFszon.exe
  C:\Windows\System\jzFszon.exe
  2⤵
  PID:2944
- C:\Windows\System\lcISUxQ.exe
  C:\Windows\System\lcISUxQ.exe
  2⤵
  PID:1188
- C:\Windows\System\cOVJFVF.exe
  C:\Windows\System\cOVJFVF.exe
  2⤵
  PID:2116
- C:\Windows\System\vPEwjrc.exe
  C:\Windows\System\vPEwjrc.exe
  2⤵
  PID:2440
- C:\Windows\System\ixTCWpv.exe
  C:\Windows\System\ixTCWpv.exe
  2⤵
  PID:1308
- C:\Windows\System\eLCHSnq.exe
  C:\Windows\System\eLCHSnq.exe
  2⤵
  PID:2008
- C:\Windows\System\nAvKzpg.exe
  C:\Windows\System\nAvKzpg.exe
  2⤵
  PID:2124
- C:\Windows\System\RNgnhiW.exe
  C:\Windows\System\RNgnhiW.exe
  2⤵
  PID:1700
- C:\Windows\System\rsfcqoG.exe
  C:\Windows\System\rsfcqoG.exe
  2⤵
  PID:2076
- C:\Windows\System\AMaMlhF.exe
  C:\Windows\System\AMaMlhF.exe
  2⤵
  PID:2204
- C:\Windows\System\EHkfoRn.exe
  C:\Windows\System\EHkfoRn.exe
  2⤵
  PID:2360
- C:\Windows\System\krDcNDa.exe
  C:\Windows\System\krDcNDa.exe
  2⤵
  PID:3036
- C:\Windows\System\irZezaC.exe
  C:\Windows\System\irZezaC.exe
  2⤵
  PID:2660
- C:\Windows\System\YYRHyVC.exe
  C:\Windows\System\YYRHyVC.exe
  2⤵
  PID:2848
- C:\Windows\System\BTMprrZ.exe
  C:\Windows\System\BTMprrZ.exe
  2⤵
  PID:2832
- C:\Windows\System\OJBlEgY.exe
  C:\Windows\System\OJBlEgY.exe
  2⤵
  PID:3040
- C:\Windows\System\PrdCEbW.exe
  C:\Windows\System\PrdCEbW.exe
  2⤵
  PID:1940
- C:\Windows\System\DmxryBv.exe
  C:\Windows\System\DmxryBv.exe
  2⤵
  PID:1980
- C:\Windows\System\ttoOlxZ.exe
  C:\Windows\System\ttoOlxZ.exe
  2⤵
  PID:1120
- C:\Windows\System\psiZQhn.exe
  C:\Windows\System\psiZQhn.exe
  2⤵
  PID:1712
- C:\Windows\System\bprcQyX.exe
  C:\Windows\System\bprcQyX.exe
  2⤵
  PID:2452
- C:\Windows\System\LsfRRCh.exe
  C:\Windows\System\LsfRRCh.exe
  2⤵
  PID:1572
- C:\Windows\System\IrOayNq.exe
  C:\Windows\System\IrOayNq.exe
  2⤵
  PID:2228
- C:\Windows\System\UNKIbBG.exe
  C:\Windows\System\UNKIbBG.exe
  2⤵
  PID:1556
- C:\Windows\System\UYxHgTq.exe
  C:\Windows\System\UYxHgTq.exe
  2⤵
  PID:820
- C:\Windows\System\CUloVTT.exe
  C:\Windows\System\CUloVTT.exe
  2⤵
  PID:2260
- C:\Windows\System\JRaNWEp.exe
  C:\Windows\System\JRaNWEp.exe
  2⤵
  PID:2700
- C:\Windows\System\jlMCmzE.exe
  C:\Windows\System\jlMCmzE.exe
  2⤵
  PID:2928
- C:\Windows\System\esHNUJi.exe
  C:\Windows\System\esHNUJi.exe
  2⤵
  PID:1676
- C:\Windows\System\hKplxem.exe
  C:\Windows\System\hKplxem.exe
  2⤵
  PID:1088
- C:\Windows\System\ajbPNQN.exe
  C:\Windows\System\ajbPNQN.exe
  2⤵
  PID:332
- C:\Windows\System\YSawzXw.exe
  C:\Windows\System\YSawzXw.exe
  2⤵
  PID:2564
- C:\Windows\System\BDbqAAn.exe
  C:\Windows\System\BDbqAAn.exe
  2⤵
  PID:1724
- C:\Windows\System\eZWnNQI.exe
  C:\Windows\System\eZWnNQI.exe
  2⤵
  PID:1804
- C:\Windows\System\vnGnEEN.exe
  C:\Windows\System\vnGnEEN.exe
  2⤵
  PID:2528
- C:\Windows\System\ybujPvH.exe
  C:\Windows\System\ybujPvH.exe
  2⤵
  PID:3084
- C:\Windows\System\UJJaVzF.exe
  C:\Windows\System\UJJaVzF.exe
  2⤵
  PID:3104
- C:\Windows\System\COjBcmr.exe
  C:\Windows\System\COjBcmr.exe
  2⤵
  PID:3124
- C:\Windows\System\wyKFdxQ.exe
  C:\Windows\System\wyKFdxQ.exe
  2⤵
  PID:3144
- C:\Windows\System\nDhJMJX.exe
  C:\Windows\System\nDhJMJX.exe
  2⤵
  PID:3160
- C:\Windows\System\xmegQiv.exe
  C:\Windows\System\xmegQiv.exe
  2⤵
  PID:3184
- C:\Windows\System\qFzkzDq.exe
  C:\Windows\System\qFzkzDq.exe
  2⤵
  PID:3200
- C:\Windows\System\HFHNKTA.exe
  C:\Windows\System\HFHNKTA.exe
  2⤵
  PID:3224
- C:\Windows\System\iILKxdF.exe
  C:\Windows\System\iILKxdF.exe
  2⤵
  PID:3244
- C:\Windows\System\ygaCloO.exe
  C:\Windows\System\ygaCloO.exe
  2⤵
  PID:3264
- C:\Windows\System\mcBzial.exe
  C:\Windows\System\mcBzial.exe
  2⤵
  PID:3284
- C:\Windows\System\jePfSlS.exe
  C:\Windows\System\jePfSlS.exe
  2⤵
  PID:3304
- C:\Windows\System\PJbZNWe.exe
  C:\Windows\System\PJbZNWe.exe
  2⤵
  PID:3324
- C:\Windows\System\taZqqjh.exe
  C:\Windows\System\taZqqjh.exe
  2⤵
  PID:3344
- C:\Windows\System\zlZxhpu.exe
  C:\Windows\System\zlZxhpu.exe
  2⤵
  PID:3360
- C:\Windows\System\saChWkm.exe
  C:\Windows\System\saChWkm.exe
  2⤵
  PID:3380
- C:\Windows\System\OeSmpfN.exe
  C:\Windows\System\OeSmpfN.exe
  2⤵
  PID:3408
- C:\Windows\System\tRJTdOa.exe
  C:\Windows\System\tRJTdOa.exe
  2⤵
  PID:3428
- C:\Windows\System\fFiqbKF.exe
  C:\Windows\System\fFiqbKF.exe
  2⤵
  PID:3444
- C:\Windows\System\aaLtSXg.exe
  C:\Windows\System\aaLtSXg.exe
  2⤵
  PID:3468
- C:\Windows\System\dsIIxCt.exe
  C:\Windows\System\dsIIxCt.exe
  2⤵
  PID:3484
- C:\Windows\System\DBhfyTV.exe
  C:\Windows\System\DBhfyTV.exe
  2⤵
  PID:3508
- C:\Windows\System\SojXdnz.exe
  C:\Windows\System\SojXdnz.exe
  2⤵
  PID:3528
- C:\Windows\System\vkMVdxX.exe
  C:\Windows\System\vkMVdxX.exe
  2⤵
  PID:3548
- C:\Windows\System\nzgKvux.exe
  C:\Windows\System\nzgKvux.exe
  2⤵
  PID:3568
- C:\Windows\System\ApgYXWs.exe
  C:\Windows\System\ApgYXWs.exe
  2⤵
  PID:3588
- C:\Windows\System\JToPmGS.exe
  C:\Windows\System\JToPmGS.exe
  2⤵
  PID:3608
- C:\Windows\System\kxbjmQh.exe
  C:\Windows\System\kxbjmQh.exe
  2⤵
  PID:3628
- C:\Windows\System\BrJQYOl.exe
  C:\Windows\System\BrJQYOl.exe
  2⤵
  PID:3648
- C:\Windows\System\HfMQtcD.exe
  C:\Windows\System\HfMQtcD.exe
  2⤵
  PID:3676
- C:\Windows\System\BRoodLN.exe
  C:\Windows\System\BRoodLN.exe
  2⤵
  PID:3704
- C:\Windows\System\vWZehUB.exe
  C:\Windows\System\vWZehUB.exe
  2⤵
  PID:3724
- C:\Windows\System\nGUPXoq.exe
  C:\Windows\System\nGUPXoq.exe
  2⤵
  PID:3748
- C:\Windows\System\pYZPNJo.exe
  C:\Windows\System\pYZPNJo.exe
  2⤵
  PID:3764
- C:\Windows\System\JQDodwg.exe
  C:\Windows\System\JQDodwg.exe
  2⤵
  PID:3788
- C:\Windows\System\CLlgYUW.exe
  C:\Windows\System\CLlgYUW.exe
  2⤵
  PID:3804
- C:\Windows\System\JptgNvw.exe
  C:\Windows\System\JptgNvw.exe
  2⤵
  PID:3828
- C:\Windows\System\zuiAQQv.exe
  C:\Windows\System\zuiAQQv.exe
  2⤵
  PID:3844
- C:\Windows\System\AnfHVmc.exe
  C:\Windows\System\AnfHVmc.exe
  2⤵
  PID:3868
- C:\Windows\System\QetcQBY.exe
  C:\Windows\System\QetcQBY.exe
  2⤵
  PID:3892
- C:\Windows\System\zKlJAfJ.exe
  C:\Windows\System\zKlJAfJ.exe
  2⤵
  PID:3916
- C:\Windows\System\YcHqbqA.exe
  C:\Windows\System\YcHqbqA.exe
  2⤵
  PID:3940
- C:\Windows\System\zZiekRI.exe
  C:\Windows\System\zZiekRI.exe
  2⤵
  PID:3960
- C:\Windows\System\JYeSidD.exe
  C:\Windows\System\JYeSidD.exe
  2⤵
  PID:3980
- C:\Windows\System\husGzAr.exe
  C:\Windows\System\husGzAr.exe
  2⤵
  PID:4000
- C:\Windows\System\OSBFYaK.exe
  C:\Windows\System\OSBFYaK.exe
  2⤵
  PID:4020
- C:\Windows\System\YhDkLKC.exe
  C:\Windows\System\YhDkLKC.exe
  2⤵
  PID:4040
- C:\Windows\System\hJUfQhj.exe
  C:\Windows\System\hJUfQhj.exe
  2⤵
  PID:4056
- C:\Windows\System\cfhOqHt.exe
  C:\Windows\System\cfhOqHt.exe
  2⤵
  PID:4080
- C:\Windows\System\ECNVupO.exe
  C:\Windows\System\ECNVupO.exe
  2⤵
  PID:2024
- C:\Windows\System\VvSZRnU.exe
  C:\Windows\System\VvSZRnU.exe
  2⤵
  PID:1872
- C:\Windows\System\pCeulfX.exe
  C:\Windows\System\pCeulfX.exe
  2⤵
  PID:1644
- C:\Windows\System\ohKGbuX.exe
  C:\Windows\System\ohKGbuX.exe
  2⤵
  PID:3096
- C:\Windows\System\LHkBrIS.exe
  C:\Windows\System\LHkBrIS.exe
  2⤵
  PID:3080
- C:\Windows\System\xPfWvem.exe
  C:\Windows\System\xPfWvem.exe
  2⤵
  PID:3180
- C:\Windows\System\bFzBPNx.exe
  C:\Windows\System\bFzBPNx.exe
  2⤵
  PID:3152
- C:\Windows\System\weZWkRB.exe
  C:\Windows\System\weZWkRB.exe
  2⤵
  PID:2820
- C:\Windows\System\RWocUsq.exe
  C:\Windows\System\RWocUsq.exe
  2⤵
  PID:3232
- C:\Windows\System\akOirks.exe
  C:\Windows\System\akOirks.exe
  2⤵
  PID:3300
- C:\Windows\System\mYTJijX.exe
  C:\Windows\System\mYTJijX.exe
  2⤵
  PID:3336
- C:\Windows\System\Bpecfti.exe
  C:\Windows\System\Bpecfti.exe
  2⤵
  PID:3276
- C:\Windows\System\xmDGUUM.exe
  C:\Windows\System\xmDGUUM.exe
  2⤵
  PID:3316
- C:\Windows\System\JIidGxN.exe
  C:\Windows\System\JIidGxN.exe
  2⤵
  PID:3420
- C:\Windows\System\HNgoluL.exe
  C:\Windows\System\HNgoluL.exe
  2⤵
  PID:3452
- C:\Windows\System\PAItiwc.exe
  C:\Windows\System\PAItiwc.exe
  2⤵
  PID:3440
- C:\Windows\System\lSxUSnN.exe
  C:\Windows\System\lSxUSnN.exe
  2⤵
  PID:3476
- C:\Windows\System\RxmOkTz.exe
  C:\Windows\System\RxmOkTz.exe
  2⤵
  PID:3540
- C:\Windows\System\yTdTfZm.exe
  C:\Windows\System\yTdTfZm.exe
  2⤵
  PID:3556
- C:\Windows\System\vBSzSUz.exe
  C:\Windows\System\vBSzSUz.exe
  2⤵
  PID:3624
- C:\Windows\System\oQPGmUA.exe
  C:\Windows\System\oQPGmUA.exe
  2⤵
  PID:3684
- C:\Windows\System\HmWCyhg.exe
  C:\Windows\System\HmWCyhg.exe
  2⤵
  PID:3644
- C:\Windows\System\KkGddcx.exe
  C:\Windows\System\KkGddcx.exe
  2⤵
  PID:3744
- C:\Windows\System\ZNkTVze.exe
  C:\Windows\System\ZNkTVze.exe
  2⤵
  PID:3784
- C:\Windows\System\DWBBCft.exe
  C:\Windows\System\DWBBCft.exe
  2⤵
  PID:3820
- C:\Windows\System\kRMdzXc.exe
  C:\Windows\System\kRMdzXc.exe
  2⤵
  PID:3852
- C:\Windows\System\COfSgIE.exe
  C:\Windows\System\COfSgIE.exe
  2⤵
  PID:3864
- C:\Windows\System\QXtJsnx.exe
  C:\Windows\System\QXtJsnx.exe
  2⤵
  PID:3912
- C:\Windows\System\tnSeLqr.exe
  C:\Windows\System\tnSeLqr.exe
  2⤵
  PID:3888
- C:\Windows\System\ESUaCku.exe
  C:\Windows\System\ESUaCku.exe
  2⤵
  PID:3932
- C:\Windows\System\ltjMPje.exe
  C:\Windows\System\ltjMPje.exe
  2⤵
  PID:3976
- C:\Windows\System\TVLhWZO.exe
  C:\Windows\System\TVLhWZO.exe
  2⤵
  PID:4008
- C:\Windows\System\jRhWGuo.exe
  C:\Windows\System\jRhWGuo.exe
  2⤵
  PID:4068
- C:\Windows\System\duGmYeq.exe
  C:\Windows\System\duGmYeq.exe
  2⤵
  PID:1028
- C:\Windows\System\burgqku.exe
  C:\Windows\System\burgqku.exe
  2⤵
  PID:2120
- C:\Windows\System\qTRHjjA.exe
  C:\Windows\System\qTRHjjA.exe
  2⤵
  PID:3112
- C:\Windows\System\AtPkUWx.exe
  C:\Windows\System\AtPkUWx.exe
  2⤵
  PID:3120
- C:\Windows\System\vagOmmR.exe
  C:\Windows\System\vagOmmR.exe
  2⤵
  PID:3168
- C:\Windows\System\TwfcdQP.exe
  C:\Windows\System\TwfcdQP.exe
  2⤵
  PID:3196
- C:\Windows\System\mJVSmPI.exe
  C:\Windows\System\mJVSmPI.exe
  2⤵
  PID:2724
- C:\Windows\System\qwheIvJ.exe
  C:\Windows\System\qwheIvJ.exe
  2⤵
  PID:3388
- C:\Windows\System\Upkzsis.exe
  C:\Windows\System\Upkzsis.exe
  2⤵
  PID:3464
- C:\Windows\System\qZxDtsT.exe
  C:\Windows\System\qZxDtsT.exe
  2⤵
  PID:3404
- C:\Windows\System\Fqrrstj.exe
  C:\Windows\System\Fqrrstj.exe
  2⤵
  PID:3504
- C:\Windows\System\zdgpWbz.exe
  C:\Windows\System\zdgpWbz.exe
  2⤵
  PID:3520
- C:\Windows\System\ApoeYak.exe
  C:\Windows\System\ApoeYak.exe
  2⤵
  PID:3636
- C:\Windows\System\EDgnINC.exe
  C:\Windows\System\EDgnINC.exe
  2⤵
  PID:3600
- C:\Windows\System\autnZpN.exe
  C:\Windows\System\autnZpN.exe
  2⤵
  PID:3660
- C:\Windows\System\rczXkiP.exe
  C:\Windows\System\rczXkiP.exe
  2⤵
  PID:3712
- C:\Windows\System\dtrBuVv.exe
  C:\Windows\System\dtrBuVv.exe
  2⤵
  PID:2156
- C:\Windows\System\fdsiXqa.exe
  C:\Windows\System\fdsiXqa.exe
  2⤵
  PID:4036
- C:\Windows\System\VtTvpuP.exe
  C:\Windows\System\VtTvpuP.exe
  2⤵
  PID:3948
- C:\Windows\System\otKFZOE.exe
  C:\Windows\System\otKFZOE.exe
  2⤵
  PID:4052
- C:\Windows\System\DzIfidB.exe
  C:\Windows\System\DzIfidB.exe
  2⤵
  PID:4064
- C:\Windows\System\llLPrsV.exe
  C:\Windows\System\llLPrsV.exe
  2⤵
  PID:2428
- C:\Windows\System\mwqioor.exe
  C:\Windows\System\mwqioor.exe
  2⤵
  PID:3132
- C:\Windows\System\NHSZdcR.exe
  C:\Windows\System\NHSZdcR.exe
  2⤵
  PID:3172
- C:\Windows\System\XzZblkr.exe
  C:\Windows\System\XzZblkr.exe
  2⤵
  PID:3332
- C:\Windows\System\RHNOKDc.exe
  C:\Windows\System\RHNOKDc.exe
  2⤵
  PID:3356
- C:\Windows\System\JxlxFPJ.exe
  C:\Windows\System\JxlxFPJ.exe
  2⤵
  PID:3536
- C:\Windows\System\eyPunPK.exe
  C:\Windows\System\eyPunPK.exe
  2⤵
  PID:3616
- C:\Windows\System\YfCRUfu.exe
  C:\Windows\System\YfCRUfu.exe
  2⤵
  PID:3756
- C:\Windows\System\buLmnTd.exe
  C:\Windows\System\buLmnTd.exe
  2⤵
  PID:3664
- C:\Windows\System\PggjyyB.exe
  C:\Windows\System\PggjyyB.exe
  2⤵
  PID:3840
- C:\Windows\System\bmrpyto.exe
  C:\Windows\System\bmrpyto.exe
  2⤵
  PID:4072
- C:\Windows\System\sifWJya.exe
  C:\Windows\System\sifWJya.exe
  2⤵
  PID:1592
- C:\Windows\System\pHmBdKS.exe
  C:\Windows\System\pHmBdKS.exe
  2⤵
  PID:2240
- C:\Windows\System\quECDFo.exe
  C:\Windows\System\quECDFo.exe
  2⤵
  PID:3292
- C:\Windows\System\GjVwdUW.exe
  C:\Windows\System\GjVwdUW.exe
  2⤵
  PID:3076
- C:\Windows\System\MVeXnpA.exe
  C:\Windows\System\MVeXnpA.exe
  2⤵
  PID:3688
- C:\Windows\System\ziyKmVR.exe
  C:\Windows\System\ziyKmVR.exe
  2⤵
  PID:3640
- C:\Windows\System\bWdWwkd.exe
  C:\Windows\System\bWdWwkd.exe
  2⤵
  PID:4032
- C:\Windows\System\jjRbVnc.exe
  C:\Windows\System\jjRbVnc.exe
  2⤵
  PID:3904
- C:\Windows\System\IHZKZIB.exe
  C:\Windows\System\IHZKZIB.exe
  2⤵
  PID:3280
- C:\Windows\System\acHzILU.exe
  C:\Windows\System\acHzILU.exe
  2⤵
  PID:3312
- C:\Windows\System\jRDFKlj.exe
  C:\Windows\System\jRDFKlj.exe
  2⤵
  PID:3496
- C:\Windows\System\yyYoXKC.exe
  C:\Windows\System\yyYoXKC.exe
  2⤵
  PID:3376
- C:\Windows\System\IJOjBmF.exe
  C:\Windows\System\IJOjBmF.exe
  2⤵
  PID:3900
- C:\Windows\System\MkULmbN.exe
  C:\Windows\System\MkULmbN.exe
  2⤵
  PID:3772
- C:\Windows\System\rYXSOOi.exe
  C:\Windows\System\rYXSOOi.exe
  2⤵
  PID:4116
- C:\Windows\System\kyhbfsk.exe
  C:\Windows\System\kyhbfsk.exe
  2⤵
  PID:4136
- C:\Windows\System\SUDFDmY.exe
  C:\Windows\System\SUDFDmY.exe
  2⤵
  PID:4156
- C:\Windows\System\XaYxGjn.exe
  C:\Windows\System\XaYxGjn.exe
  2⤵
  PID:4172
- C:\Windows\System\sEyDDqc.exe
  C:\Windows\System\sEyDDqc.exe
  2⤵
  PID:4192
- C:\Windows\System\cfPuvLt.exe
  C:\Windows\System\cfPuvLt.exe
  2⤵
  PID:4212
- C:\Windows\System\wScjdXU.exe
  C:\Windows\System\wScjdXU.exe
  2⤵
  PID:4228
- C:\Windows\System\JbwDQwP.exe
  C:\Windows\System\JbwDQwP.exe
  2⤵
  PID:4252
- C:\Windows\System\TQOASmN.exe
  C:\Windows\System\TQOASmN.exe
  2⤵
  PID:4272
- C:\Windows\System\cvPJsnn.exe
  C:\Windows\System\cvPJsnn.exe
  2⤵
  PID:4288
- C:\Windows\System\GnmcgoC.exe
  C:\Windows\System\GnmcgoC.exe
  2⤵
  PID:4324
- C:\Windows\System\bFjQGDr.exe
  C:\Windows\System\bFjQGDr.exe
  2⤵
  PID:4340
- C:\Windows\System\nqwnWgM.exe
  C:\Windows\System\nqwnWgM.exe
  2⤵
  PID:4364
- C:\Windows\System\lFFvEKp.exe
  C:\Windows\System\lFFvEKp.exe
  2⤵
  PID:4380
- C:\Windows\System\TsbGwbH.exe
  C:\Windows\System\TsbGwbH.exe
  2⤵
  PID:4404
- C:\Windows\System\AsfQsMP.exe
  C:\Windows\System\AsfQsMP.exe
  2⤵
  PID:4420
- C:\Windows\System\XtAANgq.exe
  C:\Windows\System\XtAANgq.exe
  2⤵
  PID:4436
- C:\Windows\System\oABkIOd.exe
  C:\Windows\System\oABkIOd.exe
  2⤵
  PID:4464
- C:\Windows\System\xQlAKEW.exe
  C:\Windows\System\xQlAKEW.exe
  2⤵
  PID:4484
- C:\Windows\System\zNjzKNb.exe
  C:\Windows\System\zNjzKNb.exe
  2⤵
  PID:4500
- C:\Windows\System\IWTITej.exe
  C:\Windows\System\IWTITej.exe
  2⤵
  PID:4524
- C:\Windows\System\ypfymrJ.exe
  C:\Windows\System\ypfymrJ.exe
  2⤵
  PID:4540
- C:\Windows\System\nPxxwxS.exe
  C:\Windows\System\nPxxwxS.exe
  2⤵
  PID:4564
- C:\Windows\System\txVEoBn.exe
  C:\Windows\System\txVEoBn.exe
  2⤵
  PID:4584
- C:\Windows\System\xSFyukQ.exe
  C:\Windows\System\xSFyukQ.exe
  2⤵
  PID:4600
- C:\Windows\System\rXrBhVs.exe
  C:\Windows\System\rXrBhVs.exe
  2⤵
  PID:4616
- C:\Windows\System\dEeNFoh.exe
  C:\Windows\System\dEeNFoh.exe
  2⤵
  PID:4632
- C:\Windows\System\vJUfeMT.exe
  C:\Windows\System\vJUfeMT.exe
  2⤵
  PID:4652
- C:\Windows\System\FpUHyfo.exe
  C:\Windows\System\FpUHyfo.exe
  2⤵
  PID:4668
- C:\Windows\System\tLjUGAH.exe
  C:\Windows\System\tLjUGAH.exe
  2⤵
  PID:4684
- C:\Windows\System\CMcPnFB.exe
  C:\Windows\System\CMcPnFB.exe
  2⤵
  PID:4700
- C:\Windows\System\qAJruRO.exe
  C:\Windows\System\qAJruRO.exe
  2⤵
  PID:4720
- C:\Windows\System\oWqerLP.exe
  C:\Windows\System\oWqerLP.exe
  2⤵
  PID:4736
- C:\Windows\System\gMlHcHU.exe
  C:\Windows\System\gMlHcHU.exe
  2⤵
  PID:4752
- C:\Windows\System\anJRjkJ.exe
  C:\Windows\System\anJRjkJ.exe
  2⤵
  PID:4792
- C:\Windows\System\gJrwGOs.exe
  C:\Windows\System\gJrwGOs.exe
  2⤵
  PID:4828
- C:\Windows\System\WSfnDbS.exe
  C:\Windows\System\WSfnDbS.exe
  2⤵
  PID:4844
- C:\Windows\System\ywZDSDJ.exe
  C:\Windows\System\ywZDSDJ.exe
  2⤵
  PID:4860
- C:\Windows\System\FroqYoE.exe
  C:\Windows\System\FroqYoE.exe
  2⤵
  PID:4876
- C:\Windows\System\zNQAUxu.exe
  C:\Windows\System\zNQAUxu.exe
  2⤵
  PID:4892
- C:\Windows\System\nRkXCtT.exe
  C:\Windows\System\nRkXCtT.exe
  2⤵
  PID:4912
- C:\Windows\System\ZBckQmM.exe
  C:\Windows\System\ZBckQmM.exe
  2⤵
  PID:4928
- C:\Windows\System\gxmFFey.exe
  C:\Windows\System\gxmFFey.exe
  2⤵
  PID:4944
- C:\Windows\System\IxvCfni.exe
  C:\Windows\System\IxvCfni.exe
  2⤵
  PID:4960
- C:\Windows\System\avASCRE.exe
  C:\Windows\System\avASCRE.exe
  2⤵
  PID:4976
- C:\Windows\System\uiPgVLq.exe
  C:\Windows\System\uiPgVLq.exe
  2⤵
  PID:4996
- C:\Windows\System\DPNpnIV.exe
  C:\Windows\System\DPNpnIV.exe
  2⤵
  PID:5020
- C:\Windows\System\WfTzxvs.exe
  C:\Windows\System\WfTzxvs.exe
  2⤵
  PID:5036
- C:\Windows\System\pEPYzlM.exe
  C:\Windows\System\pEPYzlM.exe
  2⤵
  PID:5052
- C:\Windows\System\OINZqhk.exe
  C:\Windows\System\OINZqhk.exe
  2⤵
  PID:5068
- C:\Windows\System\tqPBDQt.exe
  C:\Windows\System\tqPBDQt.exe
  2⤵
  PID:5092
- C:\Windows\System\UIivamU.exe
  C:\Windows\System\UIivamU.exe
  2⤵
  PID:5108
- C:\Windows\System\VvoQtvh.exe
  C:\Windows\System\VvoQtvh.exe
  2⤵
  PID:3992
- C:\Windows\System\Lfoprzu.exe
  C:\Windows\System\Lfoprzu.exe
  2⤵
  PID:3584
- C:\Windows\System\ylRALhr.exe
  C:\Windows\System\ylRALhr.exe
  2⤵
  PID:4112
- C:\Windows\System\DjzOFMh.exe
  C:\Windows\System\DjzOFMh.exe
  2⤵
  PID:1948
- C:\Windows\System\NEieZXy.exe
  C:\Windows\System\NEieZXy.exe
  2⤵
  PID:4168
- C:\Windows\System\AvjBznB.exe
  C:\Windows\System\AvjBznB.exe
  2⤵
  PID:2764
- C:\Windows\System\canqaYf.exe
  C:\Windows\System\canqaYf.exe
  2⤵
  PID:2948
- C:\Windows\System\AHHhMTj.exe
  C:\Windows\System\AHHhMTj.exe
  2⤵
  PID:4224
- C:\Windows\System\uNGYwMh.exe
  C:\Windows\System\uNGYwMh.exe
  2⤵
  PID:4296
- C:\Windows\System\QqAodLU.exe
  C:\Windows\System\QqAodLU.exe
  2⤵
  PID:4236
- C:\Windows\System\edmcNYD.exe
  C:\Windows\System\edmcNYD.exe
  2⤵
  PID:1260
- C:\Windows\System\bLabFqk.exe
  C:\Windows\System\bLabFqk.exe
  2⤵
  PID:4284
- C:\Windows\System\nDWnzET.exe
  C:\Windows\System\nDWnzET.exe
  2⤵
  PID:768
- C:\Windows\System\LNCECiI.exe
  C:\Windows\System\LNCECiI.exe
  2⤵
  PID:700
- C:\Windows\System\cMeNehw.exe
  C:\Windows\System\cMeNehw.exe
  2⤵
  PID:2868
- C:\Windows\System\nMTqiMS.exe
  C:\Windows\System\nMTqiMS.exe
  2⤵
  PID:4376
- C:\Windows\System\yQPYPTd.exe
  C:\Windows\System\yQPYPTd.exe
  2⤵
  PID:4396
- C:\Windows\System\xDUQzOm.exe
  C:\Windows\System\xDUQzOm.exe
  2⤵
  PID:4416
- C:\Windows\System\TNPsiOm.exe
  C:\Windows\System\TNPsiOm.exe
  2⤵
  PID:4456
- C:\Windows\System\OUjTRas.exe
  C:\Windows\System\OUjTRas.exe
  2⤵
  PID:4508
- C:\Windows\System\EqcUoRG.exe
  C:\Windows\System\EqcUoRG.exe
  2⤵
  PID:1956
- C:\Windows\System\gOxoEvb.exe
  C:\Windows\System\gOxoEvb.exe
  2⤵
  PID:4532
- C:\Windows\System\utmCfbV.exe
  C:\Windows\System\utmCfbV.exe
  2⤵
  PID:4560
- C:\Windows\System\vSLFuKB.exe
  C:\Windows\System\vSLFuKB.exe
  2⤵
  PID:4592
- C:\Windows\System\elWquTG.exe
  C:\Windows\System\elWquTG.exe
  2⤵
  PID:4716
- C:\Windows\System\WwCqDib.exe
  C:\Windows\System\WwCqDib.exe
  2⤵
  PID:2236
- C:\Windows\System\qaSOXPX.exe
  C:\Windows\System\qaSOXPX.exe
  2⤵
  PID:4696
- C:\Windows\System\DTRlvUz.exe
  C:\Windows\System\DTRlvUz.exe
  2⤵
  PID:4760
- C:\Windows\System\jxpDoXH.exe
  C:\Windows\System\jxpDoXH.exe
  2⤵
  PID:4788
- C:\Windows\System\FldWICY.exe
  C:\Windows\System\FldWICY.exe
  2⤵
  PID:4712
- C:\Windows\System\eueAqVH.exe
  C:\Windows\System\eueAqVH.exe
  2⤵
  PID:4640
- C:\Windows\System\qnHtHva.exe
  C:\Windows\System\qnHtHva.exe
  2⤵
  PID:4808
- C:\Windows\System\cRELDvC.exe
  C:\Windows\System\cRELDvC.exe
  2⤵
  PID:2020
- C:\Windows\System\xaBmPDi.exe
  C:\Windows\System\xaBmPDi.exe
  2⤵
  PID:4836
- C:\Windows\System\vPuYPKI.exe
  C:\Windows\System\vPuYPKI.exe
  2⤵
  PID:4852
- C:\Windows\System\AjiXbiD.exe
  C:\Windows\System\AjiXbiD.exe
  2⤵
  PID:4924
- C:\Windows\System\fJCFHOq.exe
  C:\Windows\System\fJCFHOq.exe
  2⤵
  PID:4988
- C:\Windows\System\owYPIjm.exe
  C:\Windows\System\owYPIjm.exe
  2⤵
  PID:2816
- C:\Windows\System\TAnFiMP.exe
  C:\Windows\System\TAnFiMP.exe
  2⤵
  PID:4908
- C:\Windows\System\TzOqcxR.exe
  C:\Windows\System\TzOqcxR.exe
  2⤵
  PID:4972
- C:\Windows\System\DOeNoEK.exe
  C:\Windows\System\DOeNoEK.exe
  2⤵
  PID:5016
- C:\Windows\System\zBPImlb.exe
  C:\Windows\System\zBPImlb.exe
  2⤵
  PID:5076
- C:\Windows\System\YBYgTlg.exe
  C:\Windows\System\YBYgTlg.exe
  2⤵
  PID:5116
- C:\Windows\System\cCgonAT.exe
  C:\Windows\System\cCgonAT.exe
  2⤵
  PID:5104
- C:\Windows\System\pwHAPJf.exe
  C:\Windows\System\pwHAPJf.exe
  2⤵
  PID:3956
- C:\Windows\System\UqjbeVX.exe
  C:\Windows\System\UqjbeVX.exe
  2⤵
  PID:4152
- C:\Windows\System\ZlNOvho.exe
  C:\Windows\System\ZlNOvho.exe
  2⤵
  PID:1192
- C:\Windows\System\kZaFjys.exe
  C:\Windows\System\kZaFjys.exe
  2⤵
  PID:4128
- C:\Windows\System\NsuJVTJ.exe
  C:\Windows\System\NsuJVTJ.exe
  2⤵
  PID:2756
- C:\Windows\System\yURIhHH.exe
  C:\Windows\System\yURIhHH.exe
  2⤵
  PID:1136
- C:\Windows\System\qJdhErx.exe
  C:\Windows\System\qJdhErx.exe
  2⤵
  PID:4220
- C:\Windows\System\auWXJYI.exe
  C:\Windows\System\auWXJYI.exe
  2⤵
  PID:4264
- C:\Windows\System\QsOvovt.exe
  C:\Windows\System\QsOvovt.exe
  2⤵
  PID:4240
- C:\Windows\System\kOTPwAk.exe
  C:\Windows\System\kOTPwAk.exe
  2⤵
  PID:4400
- C:\Windows\System\zMZSYuV.exe
  C:\Windows\System\zMZSYuV.exe
  2⤵
  PID:1792
- C:\Windows\System\JaNtxvn.exe
  C:\Windows\System\JaNtxvn.exe
  2⤵
  PID:4516
- C:\Windows\System\MfRoKBL.exe
  C:\Windows\System\MfRoKBL.exe
  2⤵
  PID:4428
- C:\Windows\System\onJEaSq.exe
  C:\Windows\System\onJEaSq.exe
  2⤵
  PID:1744
- C:\Windows\System\NSFFKbZ.exe
  C:\Windows\System\NSFFKbZ.exe
  2⤵
  PID:4580
- C:\Windows\System\fdamyby.exe
  C:\Windows\System\fdamyby.exe
  2⤵
  PID:4732
- C:\Windows\System\CrihBIw.exe
  C:\Windows\System\CrihBIw.exe
  2⤵
  PID:4552
- C:\Windows\System\wIcBMOh.exe
  C:\Windows\System\wIcBMOh.exe
  2⤵
  PID:4692
- C:\Windows\System\GTxRFsc.exe
  C:\Windows\System\GTxRFsc.exe
  2⤵
  PID:4680
- C:\Windows\System\XKqBgmA.exe
  C:\Windows\System\XKqBgmA.exe
  2⤵
  PID:4608
- C:\Windows\System\plejvEy.exe
  C:\Windows\System\plejvEy.exe
  2⤵
  PID:2196
- C:\Windows\System\lFuEnIP.exe
  C:\Windows\System\lFuEnIP.exe
  2⤵
  PID:4816
- C:\Windows\System\vkoxlWh.exe
  C:\Windows\System\vkoxlWh.exe
  2⤵
  PID:4956
- C:\Windows\System\BBmLSWB.exe
  C:\Windows\System\BBmLSWB.exe
  2⤵
  PID:5028
- C:\Windows\System\PVThTjd.exe
  C:\Windows\System\PVThTjd.exe
  2⤵
  PID:2728
- C:\Windows\System\gtwPnkX.exe
  C:\Windows\System\gtwPnkX.exe
  2⤵
  PID:4904
- C:\Windows\System\EGHBChZ.exe
  C:\Windows\System\EGHBChZ.exe
  2⤵
  PID:4888
- C:\Windows\System\yscjEAp.exe
  C:\Windows\System\yscjEAp.exe
  2⤵
  PID:1784
- C:\Windows\System\vBIRdOD.exe
  C:\Windows\System\vBIRdOD.exe
  2⤵
  PID:2736
- C:\Windows\System\DzlNCGu.exe
  C:\Windows\System\DzlNCGu.exe
  2⤵
  PID:4108
- C:\Windows\System\rTSVKWL.exe
  C:\Windows\System\rTSVKWL.exe
  2⤵
  PID:848
- C:\Windows\System\efGBAwf.exe
  C:\Windows\System\efGBAwf.exe
  2⤵
  PID:2620
- C:\Windows\System\OxVXBLK.exe
  C:\Windows\System\OxVXBLK.exe
  2⤵
  PID:4268
- C:\Windows\System\QqiengS.exe
  C:\Windows\System\QqiengS.exe
  2⤵
  PID:2004
- C:\Windows\System\axPLPyJ.exe
  C:\Windows\System\axPLPyJ.exe
  2⤵
  PID:4012
- C:\Windows\System\KYuPIjE.exe
  C:\Windows\System\KYuPIjE.exe
  2⤵
  PID:2576
- C:\Windows\System\NIbzWLv.exe
  C:\Windows\System\NIbzWLv.exe
  2⤵
  PID:4448
- C:\Windows\System\XnUHmTD.exe
  C:\Windows\System\XnUHmTD.exe
  2⤵
  PID:4476
- C:\Windows\System\iXWccCy.exe
  C:\Windows\System\iXWccCy.exe
  2⤵
  PID:4188
- C:\Windows\System\EJlAynd.exe
  C:\Windows\System\EJlAynd.exe
  2⤵
  PID:4548
- C:\Windows\System\YDdQblh.exe
  C:\Windows\System\YDdQblh.exe
  2⤵
  PID:4644
- C:\Windows\System\XQgKkox.exe
  C:\Windows\System\XQgKkox.exe
  2⤵
  PID:1568
- C:\Windows\System\TwpZWMY.exe
  C:\Windows\System\TwpZWMY.exe
  2⤵
  PID:4648
- C:\Windows\System\nOgqSDR.exe
  C:\Windows\System\nOgqSDR.exe
  2⤵
  PID:4868
- C:\Windows\System\zBnciId.exe
  C:\Windows\System\zBnciId.exe
  2⤵
  PID:5012
- C:\Windows\System\tDZPScd.exe
  C:\Windows\System\tDZPScd.exe
  2⤵
  PID:3260
- C:\Windows\System\UmRCUok.exe
  C:\Windows\System\UmRCUok.exe
  2⤵
  PID:4940
- C:\Windows\System\kkAtSXg.exe
  C:\Windows\System\kkAtSXg.exe
  2⤵
  PID:4144
- C:\Windows\System\tjiNMnX.exe
  C:\Windows\System\tjiNMnX.exe
  2⤵
  PID:5100
- C:\Windows\System\wNZfEbl.exe
  C:\Windows\System\wNZfEbl.exe
  2⤵
  PID:1332
- C:\Windows\System\hNERJkX.exe
  C:\Windows\System\hNERJkX.exe
  2⤵
  PID:1664
- C:\Windows\System\EnnzCaq.exe
  C:\Windows\System\EnnzCaq.exe
  2⤵
  PID:2800
- C:\Windows\System\oZQzLHF.exe
  C:\Windows\System\oZQzLHF.exe
  2⤵
  PID:4472
- C:\Windows\System\GnWwDmO.exe
  C:\Windows\System\GnWwDmO.exe
  2⤵
  PID:4536
- C:\Windows\System\FJrXHPN.exe
  C:\Windows\System\FJrXHPN.exe
  2⤵
  PID:1844
- C:\Windows\System\EJgCgIw.exe
  C:\Windows\System\EJgCgIw.exe
  2⤵
  PID:2752
- C:\Windows\System\QcrECQD.exe
  C:\Windows\System\QcrECQD.exe
  2⤵
  PID:3020
- C:\Windows\System\kjusAah.exe
  C:\Windows\System\kjusAah.exe
  2⤵
  PID:2200
- C:\Windows\System\aECmxPt.exe
  C:\Windows\System\aECmxPt.exe
  2⤵
  PID:3272
- C:\Windows\System\aYYWrCi.exe
  C:\Windows\System\aYYWrCi.exe
  2⤵
  PID:2144
- C:\Windows\System\OnXlkrQ.exe
  C:\Windows\System\OnXlkrQ.exe
  2⤵
  PID:3220
- C:\Windows\System\DEGuYfT.exe
  C:\Windows\System\DEGuYfT.exe
  2⤵
  PID:1896
- C:\Windows\System\ANEdJOV.exe
  C:\Windows\System\ANEdJOV.exe
  2⤵
  PID:5128
- C:\Windows\System\owifkhH.exe
  C:\Windows\System\owifkhH.exe
  2⤵
  PID:5144
- C:\Windows\System\xRUDAdR.exe
  C:\Windows\System\xRUDAdR.exe
  2⤵
  PID:5160
- C:\Windows\System\vzKKJbB.exe
  C:\Windows\System\vzKKJbB.exe
  2⤵
  PID:5176
- C:\Windows\System\okXBWef.exe
  C:\Windows\System\okXBWef.exe
  2⤵
  PID:5192
- C:\Windows\System\jKFeJzS.exe
  C:\Windows\System\jKFeJzS.exe
  2⤵
  PID:5208
- C:\Windows\System\tuWtyuN.exe
  C:\Windows\System\tuWtyuN.exe
  2⤵
  PID:5224
- C:\Windows\System\zpoWAlM.exe
  C:\Windows\System\zpoWAlM.exe
  2⤵
  PID:5240
- C:\Windows\System\aiyDQTQ.exe
  C:\Windows\System\aiyDQTQ.exe
  2⤵
  PID:5256
- C:\Windows\System\TDrTxvR.exe
  C:\Windows\System\TDrTxvR.exe
  2⤵
  PID:5272
- C:\Windows\System\AivLUJZ.exe
  C:\Windows\System\AivLUJZ.exe
  2⤵
  PID:5288
- C:\Windows\System\rhBCNHn.exe
  C:\Windows\System\rhBCNHn.exe
  2⤵
  PID:5304
- C:\Windows\System\GnSHupE.exe
  C:\Windows\System\GnSHupE.exe
  2⤵
  PID:5320
- C:\Windows\System\HNAsdbO.exe
  C:\Windows\System\HNAsdbO.exe
  2⤵
  PID:5336
- C:\Windows\System\DPcciES.exe
  C:\Windows\System\DPcciES.exe
  2⤵
  PID:5352
- C:\Windows\System\boiJPcT.exe
  C:\Windows\System\boiJPcT.exe
  2⤵
  PID:5368
- C:\Windows\System\WDwdzKo.exe
  C:\Windows\System\WDwdzKo.exe
  2⤵
  PID:5384
- C:\Windows\System\oAPSmdR.exe
  C:\Windows\System\oAPSmdR.exe
  2⤵
  PID:5400
- C:\Windows\System\OtRxMhf.exe
  C:\Windows\System\OtRxMhf.exe
  2⤵
  PID:5416
- C:\Windows\System\hgOsHLJ.exe
  C:\Windows\System\hgOsHLJ.exe
  2⤵
  PID:5432
- C:\Windows\System\hoQcCzS.exe
  C:\Windows\System\hoQcCzS.exe
  2⤵
  PID:5448
- C:\Windows\System\BUizXbB.exe
  C:\Windows\System\BUizXbB.exe
  2⤵
  PID:5464
- C:\Windows\System\yDaEHUD.exe
  C:\Windows\System\yDaEHUD.exe
  2⤵
  PID:5480
- C:\Windows\System\QSZUqkv.exe
  C:\Windows\System\QSZUqkv.exe
  2⤵
  PID:5496
- C:\Windows\System\zqPRLjZ.exe
  C:\Windows\System\zqPRLjZ.exe
  2⤵
  PID:5512
- C:\Windows\System\LPPVTOS.exe
  C:\Windows\System\LPPVTOS.exe
  2⤵
  PID:5528
- C:\Windows\System\jFPAdgP.exe
  C:\Windows\System\jFPAdgP.exe
  2⤵
  PID:5544
- C:\Windows\System\TuuQrFn.exe
  C:\Windows\System\TuuQrFn.exe
  2⤵
  PID:5584
- C:\Windows\System\OXghVyz.exe
  C:\Windows\System\OXghVyz.exe
  2⤵
  PID:5600
- C:\Windows\System\rkQDSSQ.exe
  C:\Windows\System\rkQDSSQ.exe
  2⤵
  PID:5616
- C:\Windows\System\wqwbCDR.exe
  C:\Windows\System\wqwbCDR.exe
  2⤵
  PID:5632
- C:\Windows\System\DNRnSAV.exe
  C:\Windows\System\DNRnSAV.exe
  2⤵
  PID:5648
- C:\Windows\System\bMWRkJq.exe
  C:\Windows\System\bMWRkJq.exe
  2⤵
  PID:5664
- C:\Windows\System\nwspqhN.exe
  C:\Windows\System\nwspqhN.exe
  2⤵
  PID:5680
- C:\Windows\System\zpkDQyX.exe
  C:\Windows\System\zpkDQyX.exe
  2⤵
  PID:5704
- C:\Windows\System\JeCLsiP.exe
  C:\Windows\System\JeCLsiP.exe
  2⤵
  PID:5720
- C:\Windows\System\WeyjsVW.exe
  C:\Windows\System\WeyjsVW.exe
  2⤵
  PID:5740
- C:\Windows\System\BzJYqCX.exe
  C:\Windows\System\BzJYqCX.exe
  2⤵
  PID:5756
- C:\Windows\System\BMVTBVo.exe
  C:\Windows\System\BMVTBVo.exe
  2⤵
  PID:5772
- C:\Windows\System\iMeoUGJ.exe
  C:\Windows\System\iMeoUGJ.exe
  2⤵
  PID:5788
- C:\Windows\System\crdxfWU.exe
  C:\Windows\System\crdxfWU.exe
  2⤵
  PID:5804
- C:\Windows\System\feBThXr.exe
  C:\Windows\System\feBThXr.exe
  2⤵
  PID:5820
- C:\Windows\System\fSvITGu.exe
  C:\Windows\System\fSvITGu.exe
  2⤵
  PID:5836
- C:\Windows\System\lFrhOCV.exe
  C:\Windows\System\lFrhOCV.exe
  2⤵
  PID:5852
- C:\Windows\System\xopVIED.exe
  C:\Windows\System\xopVIED.exe
  2⤵
  PID:5868
- C:\Windows\System\JpkHEAz.exe
  C:\Windows\System\JpkHEAz.exe
  2⤵
  PID:5884
- C:\Windows\System\UBRCGUJ.exe
  C:\Windows\System\UBRCGUJ.exe
  2⤵
  PID:5900
- C:\Windows\System\QOjJcRb.exe
  C:\Windows\System\QOjJcRb.exe
  2⤵
  PID:5916
- C:\Windows\System\dlZxtlU.exe
  C:\Windows\System\dlZxtlU.exe
  2⤵
  PID:5932
- C:\Windows\System\iZmhIIB.exe
  C:\Windows\System\iZmhIIB.exe
  2⤵
  PID:5948
- C:\Windows\System\HkXjGsw.exe
  C:\Windows\System\HkXjGsw.exe
  2⤵
  PID:5964
- C:\Windows\System\zUaAClk.exe
  C:\Windows\System\zUaAClk.exe
  2⤵
  PID:5980
- C:\Windows\System\otpAHnc.exe
  C:\Windows\System\otpAHnc.exe
  2⤵
  PID:5996
- C:\Windows\System\dRERudp.exe
  C:\Windows\System\dRERudp.exe
  2⤵
  PID:6012
- C:\Windows\System\mClQlWZ.exe
  C:\Windows\System\mClQlWZ.exe
  2⤵
  PID:6028
- C:\Windows\System\jNkjqzL.exe
  C:\Windows\System\jNkjqzL.exe
  2⤵
  PID:6044
- C:\Windows\System\vmsZRQw.exe
  C:\Windows\System\vmsZRQw.exe
  2⤵
  PID:6060
- C:\Windows\System\yzUMwKU.exe
  C:\Windows\System\yzUMwKU.exe
  2⤵
  PID:6076
- C:\Windows\System\cNcjVbK.exe
  C:\Windows\System\cNcjVbK.exe
  2⤵
  PID:6092
- C:\Windows\System\SSsNBKC.exe
  C:\Windows\System\SSsNBKC.exe
  2⤵
  PID:6108
- C:\Windows\System\CJvpIJX.exe
  C:\Windows\System\CJvpIJX.exe
  2⤵
  PID:6124
- C:\Windows\System\cvzczoU.exe
  C:\Windows\System\cvzczoU.exe
  2⤵
  PID:6140
- C:\Windows\System\CMSSQRu.exe
  C:\Windows\System\CMSSQRu.exe
  2⤵
  PID:5064
- C:\Windows\System\EUjZCpP.exe
  C:\Windows\System\EUjZCpP.exe
  2⤵
  PID:5048
- C:\Windows\System\sDRdgop.exe
  C:\Windows\System\sDRdgop.exe
  2⤵
  PID:4628
- C:\Windows\System\indTPxo.exe
  C:\Windows\System\indTPxo.exe
  2⤵
  PID:2552
- C:\Windows\System\cMNYCIh.exe
  C:\Windows\System\cMNYCIh.exe
  2⤵
  PID:5184
- C:\Windows\System\aOAtkqc.exe
  C:\Windows\System\aOAtkqc.exe
  2⤵
  PID:5200
- C:\Windows\System\loEhwMq.exe
  C:\Windows\System\loEhwMq.exe
  2⤵
  PID:5216
- C:\Windows\System\BrBSYQe.exe
  C:\Windows\System\BrBSYQe.exe
  2⤵
  PID:5280
- C:\Windows\System\uxBayXM.exe
  C:\Windows\System\uxBayXM.exe
  2⤵
  PID:5444
- C:\Windows\System\AOdpyqK.exe
  C:\Windows\System\AOdpyqK.exe
  2⤵
  PID:5380
- C:\Windows\System\uxfNGgG.exe
  C:\Windows\System\uxfNGgG.exe
  2⤵
  PID:5472
- C:\Windows\System\oVShtYb.exe
  C:\Windows\System\oVShtYb.exe
  2⤵
  PID:5264
- C:\Windows\System\jDBfZkv.exe
  C:\Windows\System\jDBfZkv.exe
  2⤵
  PID:5396
- C:\Windows\System\ILwQbfs.exe
  C:\Windows\System\ILwQbfs.exe
  2⤵
  PID:5392
- C:\Windows\System\THNrjOr.exe
  C:\Windows\System\THNrjOr.exe
  2⤵
  PID:5328
- C:\Windows\System\nXajJkj.exe
  C:\Windows\System\nXajJkj.exe
  2⤵
  PID:5300
- C:\Windows\System\TotaVFh.exe
  C:\Windows\System\TotaVFh.exe
  2⤵
  PID:5628
- C:\Windows\System\fKwkmcr.exe
  C:\Windows\System\fKwkmcr.exe
  2⤵
  PID:5688
- C:\Windows\System\nHjgdVl.exe
  C:\Windows\System\nHjgdVl.exe
  2⤵
  PID:5640
- C:\Windows\System\WvKHmJE.exe
  C:\Windows\System\WvKHmJE.exe
  2⤵
  PID:5712
- C:\Windows\System\VlwpsWP.exe
  C:\Windows\System\VlwpsWP.exe
  2⤵
  PID:5736
- C:\Windows\System\hKNLLZA.exe
  C:\Windows\System\hKNLLZA.exe
  2⤵
  PID:5800
- C:\Windows\System\xGaYiUx.exe
  C:\Windows\System\xGaYiUx.exe
  2⤵
  PID:5860
- C:\Windows\System\yITsvcZ.exe
  C:\Windows\System\yITsvcZ.exe
  2⤵
  PID:5896
- C:\Windows\System\waQHPOp.exe
  C:\Windows\System\waQHPOp.exe
  2⤵
  PID:5988
- C:\Windows\System\kVHCxjE.exe
  C:\Windows\System\kVHCxjE.exe
  2⤵
  PID:5812
- C:\Windows\System\aeiprZn.exe
  C:\Windows\System\aeiprZn.exe
  2⤵
  PID:6020
- C:\Windows\System\fGThHMX.exe
  C:\Windows\System\fGThHMX.exe
  2⤵
  PID:5880
- C:\Windows\System\jrsyuBL.exe
  C:\Windows\System\jrsyuBL.exe
  2⤵
  PID:5944
- C:\Windows\System\ZWgtpbi.exe
  C:\Windows\System\ZWgtpbi.exe
  2⤵
  PID:6088
- C:\Windows\System\UkQvnNB.exe
  C:\Windows\System\UkQvnNB.exe
  2⤵
  PID:6116
- C:\Windows\System\fLZAosF.exe
  C:\Windows\System\fLZAosF.exe
  2⤵
  PID:6072
- C:\Windows\System\HwdflOf.exe
  C:\Windows\System\HwdflOf.exe
  2⤵
  PID:6008
- C:\Windows\System\prTYFFX.exe
  C:\Windows\System\prTYFFX.exe
  2⤵
  PID:2256
- C:\Windows\System\vIztzpu.exe
  C:\Windows\System\vIztzpu.exe
  2⤵
  PID:6136
- C:\Windows\System\Belmbsg.exe
  C:\Windows\System\Belmbsg.exe
  2⤵
  PID:4132
- C:\Windows\System\EITzlmv.exe
  C:\Windows\System\EITzlmv.exe
  2⤵
  PID:4784
- C:\Windows\System\pRvsaOF.exe
  C:\Windows\System\pRvsaOF.exe
  2⤵
  PID:5232
- C:\Windows\System\gkIkAjX.exe
  C:\Windows\System\gkIkAjX.exe
  2⤵
  PID:5248
- C:\Windows\System\KhsUOWk.exe
  C:\Windows\System\KhsUOWk.exe
  2⤵
  PID:5440
- C:\Windows\System\DlUdShh.exe
  C:\Windows\System\DlUdShh.exe
  2⤵
  PID:5376
- C:\Windows\System\qVyqRFH.exe
  C:\Windows\System\qVyqRFH.exe
  2⤵
  PID:2540
- C:\Windows\System\BCJYHjB.exe
  C:\Windows\System\BCJYHjB.exe
  2⤵
  PID:5520
- C:\Windows\System\zYvEkxF.exe
  C:\Windows\System\zYvEkxF.exe
  2⤵
  PID:5296
- C:\Windows\System\WcNspQF.exe
  C:\Windows\System\WcNspQF.exe
  2⤵
  PID:5612
- C:\Windows\System\aUyPlwf.exe
  C:\Windows\System\aUyPlwf.exe
  2⤵
  PID:5828
- C:\Windows\System\AUPLFDn.exe
  C:\Windows\System\AUPLFDn.exe
  2⤵
  PID:5848
- C:\Windows\System\nCdwTxL.exe
  C:\Windows\System\nCdwTxL.exe
  2⤵
  PID:6052
- C:\Windows\System\fOZLUvg.exe
  C:\Windows\System\fOZLUvg.exe
  2⤵
  PID:5152
- C:\Windows\System\lfStVUm.exe
  C:\Windows\System\lfStVUm.exe
  2⤵
  PID:5312
- C:\Windows\System\BawkUjG.exe
  C:\Windows\System\BawkUjG.exe
  2⤵
  PID:6100
- C:\Windows\System\luaEloi.exe
  C:\Windows\System\luaEloi.exe
  2⤵
  PID:5332
- C:\Windows\System\nfsZdlc.exe
  C:\Windows\System\nfsZdlc.exe
  2⤵
  PID:2188
- C:\Windows\System\ZlfhwoV.exe
  C:\Windows\System\ZlfhwoV.exe
  2⤵
  PID:5768
- C:\Windows\System\cxwlVXp.exe
  C:\Windows\System\cxwlVXp.exe
  2⤵
  PID:6004
- C:\Windows\System\SrACvdy.exe
  C:\Windows\System\SrACvdy.exe
  2⤵
  PID:4920
- C:\Windows\System\cLwoSno.exe
  C:\Windows\System\cLwoSno.exe
  2⤵
  PID:5412
- C:\Windows\System\WYpYoff.exe
  C:\Windows\System\WYpYoff.exe
  2⤵
  PID:5508
- C:\Windows\System\vVlyHCR.exe
  C:\Windows\System\vVlyHCR.exe
  2⤵
  PID:5456
- C:\Windows\System\oPfTIRl.exe
  C:\Windows\System\oPfTIRl.exe
  2⤵
  PID:5960
- C:\Windows\System\UkdleKi.exe
  C:\Windows\System\UkdleKi.exe
  2⤵
  PID:6056
- C:\Windows\System\YvuiPSm.exe
  C:\Windows\System\YvuiPSm.exe
  2⤵
  PID:5784
- C:\Windows\System\cneONta.exe
  C:\Windows\System\cneONta.exe
  2⤵
  PID:5188
- C:\Windows\System\KhqbhPE.exe
  C:\Windows\System\KhqbhPE.exe
  2⤵
  PID:2068
- C:\Windows\System\njTVrhF.exe
  C:\Windows\System\njTVrhF.exe
  2⤵
  PID:5976
- C:\Windows\System\KJKnXdQ.exe
  C:\Windows\System\KJKnXdQ.exe
  2⤵
  PID:2952
- C:\Windows\System\fAVdDKi.exe
  C:\Windows\System\fAVdDKi.exe
  2⤵
  PID:5428
- C:\Windows\System\ITPVKLx.exe
  C:\Windows\System\ITPVKLx.exe
  2⤵
  PID:5580
- C:\Windows\System\XOnyZtg.exe
  C:\Windows\System\XOnyZtg.exe
  2⤵
  PID:5992
- C:\Windows\System\LkTzRBC.exe
  C:\Windows\System\LkTzRBC.exe
  2⤵
  PID:5172
- C:\Windows\System\XgKLOeJ.exe
  C:\Windows\System\XgKLOeJ.exe
  2⤵
  PID:5552
- C:\Windows\System\WeYuYip.exe
  C:\Windows\System\WeYuYip.exe
  2⤵
  PID:2588
- C:\Windows\System\EFqoRTc.exe
  C:\Windows\System\EFqoRTc.exe
  2⤵
  PID:6160
- C:\Windows\System\TTQuLSE.exe
  C:\Windows\System\TTQuLSE.exe
  2⤵
  PID:6176
- C:\Windows\System\wQxPAxV.exe
  C:\Windows\System\wQxPAxV.exe
  2⤵
  PID:6192
- C:\Windows\System\jAvYTTc.exe
  C:\Windows\System\jAvYTTc.exe
  2⤵
  PID:6208
- C:\Windows\System\tuwCvIv.exe
  C:\Windows\System\tuwCvIv.exe
  2⤵
  PID:6224
- C:\Windows\System\tfntKcw.exe
  C:\Windows\System\tfntKcw.exe
  2⤵
  PID:6240
- C:\Windows\System\swTcgiG.exe
  C:\Windows\System\swTcgiG.exe
  2⤵
  PID:6256
- C:\Windows\System\CAtZjKq.exe
  C:\Windows\System\CAtZjKq.exe
  2⤵
  PID:6272
- C:\Windows\System\gtNpXZY.exe
  C:\Windows\System\gtNpXZY.exe
  2⤵
  PID:6288
- C:\Windows\System\NpZVdSz.exe
  C:\Windows\System\NpZVdSz.exe
  2⤵
  PID:6304
- C:\Windows\System\HafLkhw.exe
  C:\Windows\System\HafLkhw.exe
  2⤵
  PID:6320
- C:\Windows\System\iXnrcUX.exe
  C:\Windows\System\iXnrcUX.exe
  2⤵
  PID:6336
- C:\Windows\System\XMbwJrO.exe
  C:\Windows\System\XMbwJrO.exe
  2⤵
  PID:6352
- C:\Windows\System\terdBEw.exe
  C:\Windows\System\terdBEw.exe
  2⤵
  PID:6368
- C:\Windows\System\uZGJlMs.exe
  C:\Windows\System\uZGJlMs.exe
  2⤵
  PID:6384
- C:\Windows\System\liLRNuv.exe
  C:\Windows\System\liLRNuv.exe
  2⤵
  PID:6400
- C:\Windows\System\PihPiSu.exe
  C:\Windows\System\PihPiSu.exe
  2⤵
  PID:6416
- C:\Windows\System\hQSKTUB.exe
  C:\Windows\System\hQSKTUB.exe
  2⤵
  PID:6432
- C:\Windows\System\MUptcAT.exe
  C:\Windows\System\MUptcAT.exe
  2⤵
  PID:6448
- C:\Windows\System\MeUvKVb.exe
  C:\Windows\System\MeUvKVb.exe
  2⤵
  PID:6464
- C:\Windows\System\GAeofrJ.exe
  C:\Windows\System\GAeofrJ.exe
  2⤵
  PID:6488
- C:\Windows\System\nYaibKz.exe
  C:\Windows\System\nYaibKz.exe
  2⤵
  PID:6504
- C:\Windows\System\oOmewTQ.exe
  C:\Windows\System\oOmewTQ.exe
  2⤵
  PID:6532
- C:\Windows\System\OkdUkbh.exe
  C:\Windows\System\OkdUkbh.exe
  2⤵
  PID:6552
- C:\Windows\System\SDhpYju.exe
  C:\Windows\System\SDhpYju.exe
  2⤵
  PID:6580
- C:\Windows\System\Tagecsi.exe
  C:\Windows\System\Tagecsi.exe
  2⤵
  PID:6616
- C:\Windows\System\NSHRwdV.exe
  C:\Windows\System\NSHRwdV.exe
  2⤵
  PID:6672
- C:\Windows\System\jTHIcyT.exe
  C:\Windows\System\jTHIcyT.exe
  2⤵
  PID:6740
- C:\Windows\System\EtbKmbY.exe
  C:\Windows\System\EtbKmbY.exe
  2⤵
  PID:6784
- C:\Windows\System\MSsciuW.exe
  C:\Windows\System\MSsciuW.exe
  2⤵
  PID:6832
- C:\Windows\System\CHPnaMQ.exe
  C:\Windows\System\CHPnaMQ.exe
  2⤵
  PID:6848
- C:\Windows\System\jhggfGE.exe
  C:\Windows\System\jhggfGE.exe
  2⤵
  PID:6876
- C:\Windows\System\dDikflT.exe
  C:\Windows\System\dDikflT.exe
  2⤵
  PID:6892
- C:\Windows\System\QAQueet.exe
  C:\Windows\System\QAQueet.exe
  2⤵
  PID:6908
- C:\Windows\System\lvUUNlz.exe
  C:\Windows\System\lvUUNlz.exe
  2⤵
  PID:6924
- C:\Windows\System\ErfyGim.exe
  C:\Windows\System\ErfyGim.exe
  2⤵
  PID:6940
- C:\Windows\System\ogoXXKq.exe
  C:\Windows\System\ogoXXKq.exe
  2⤵
  PID:6956
- C:\Windows\System\OqRsBrj.exe
  C:\Windows\System\OqRsBrj.exe
  2⤵
  PID:6976
- C:\Windows\System\odwLtoS.exe
  C:\Windows\System\odwLtoS.exe
  2⤵
  PID:6996
- C:\Windows\System\gmmIXLN.exe
  C:\Windows\System\gmmIXLN.exe
  2⤵
  PID:7016
- C:\Windows\System\zoQJpgP.exe
  C:\Windows\System\zoQJpgP.exe
  2⤵
  PID:7032
- C:\Windows\System\zYsSRus.exe
  C:\Windows\System\zYsSRus.exe
  2⤵
  PID:7048
- C:\Windows\System\EmsPfBC.exe
  C:\Windows\System\EmsPfBC.exe
  2⤵
  PID:7096
- C:\Windows\System\RwMkliT.exe
  C:\Windows\System\RwMkliT.exe
  2⤵
  PID:7112
- C:\Windows\System\nJZOprq.exe
  C:\Windows\System\nJZOprq.exe
  2⤵
  PID:7128
- C:\Windows\System\llTFgjs.exe
  C:\Windows\System\llTFgjs.exe
  2⤵
  PID:7144
- C:\Windows\System\imBDavu.exe
  C:\Windows\System\imBDavu.exe
  2⤵
  PID:7164
- C:\Windows\System\dXxvFhB.exe
  C:\Windows\System\dXxvFhB.exe
  2⤵
  PID:2064
- C:\Windows\System\ItGBzzs.exe
  C:\Windows\System\ItGBzzs.exe
  2⤵
  PID:6280
- C:\Windows\System\JfbeRGM.exe
  C:\Windows\System\JfbeRGM.exe
  2⤵
  PID:5608
- C:\Windows\System\rDKYHZI.exe
  C:\Windows\System\rDKYHZI.exe
  2⤵
  PID:6204
- C:\Windows\System\cDrDGkq.exe
  C:\Windows\System\cDrDGkq.exe
  2⤵
  PID:6296
- C:\Windows\System\CGmbkfF.exe
  C:\Windows\System\CGmbkfF.exe
  2⤵
  PID:6344
- C:\Windows\System\VqcPeHo.exe
  C:\Windows\System\VqcPeHo.exe
  2⤵
  PID:6376
- C:\Windows\System\CxLUOtU.exe
  C:\Windows\System\CxLUOtU.exe
  2⤵
  PID:6472
- C:\Windows\System\TtgNHOj.exe
  C:\Windows\System\TtgNHOj.exe
  2⤵
  PID:6360
- C:\Windows\System\RJaNWMf.exe
  C:\Windows\System\RJaNWMf.exe
  2⤵
  PID:6392
- C:\Windows\System\RGzyHbp.exe
  C:\Windows\System\RGzyHbp.exe
  2⤵
  PID:6476
- C:\Windows\System\xQOosYq.exe
  C:\Windows\System\xQOosYq.exe
  2⤵
  PID:6516
- C:\Windows\System\ffGkswq.exe
  C:\Windows\System\ffGkswq.exe
  2⤵
  PID:6540
- C:\Windows\System\kLQPJKQ.exe
  C:\Windows\System\kLQPJKQ.exe
  2⤵
  PID:6564
- C:\Windows\System\IQqxTae.exe
  C:\Windows\System\IQqxTae.exe
  2⤵
  PID:6588
- C:\Windows\System\pVjvqyU.exe
  C:\Windows\System\pVjvqyU.exe
  2⤵
  PID:6480
- C:\Windows\System\CrcGBpS.exe
  C:\Windows\System\CrcGBpS.exe
  2⤵
  PID:6636
- C:\Windows\System\rpRNwmv.exe
  C:\Windows\System\rpRNwmv.exe
  2⤵
  PID:6652
- C:\Windows\System\bymZfYR.exe
  C:\Windows\System\bymZfYR.exe
  2⤵
  PID:6668
- C:\Windows\System\uQGEYTP.exe
  C:\Windows\System\uQGEYTP.exe
  2⤵
  PID:6716
- C:\Windows\System\HDaZIaC.exe
  C:\Windows\System\HDaZIaC.exe
  2⤵
  PID:6712
- C:\Windows\System\CAmJSMO.exe
  C:\Windows\System\CAmJSMO.exe
  2⤵
  PID:6732
- C:\Windows\System\dXyzPdJ.exe
  C:\Windows\System\dXyzPdJ.exe
  2⤵
  PID:6736
- C:\Windows\System\npeKAtS.exe
  C:\Windows\System\npeKAtS.exe
  2⤵
  PID:6768
- C:\Windows\System\QTgnhBz.exe
  C:\Windows\System\QTgnhBz.exe
  2⤵
  PID:6840
- C:\Windows\System\rLaGbso.exe
  C:\Windows\System\rLaGbso.exe
  2⤵
  PID:6824
- C:\Windows\System\bAAniQQ.exe
  C:\Windows\System\bAAniQQ.exe
  2⤵
  PID:6860
- C:\Windows\System\dffdtCd.exe
  C:\Windows\System\dffdtCd.exe
  2⤵
  PID:6868
- C:\Windows\System\XLGoqGO.exe
  C:\Windows\System\XLGoqGO.exe
  2⤵
  PID:6808
- C:\Windows\System\wpzPUtj.exe
  C:\Windows\System\wpzPUtj.exe
  2⤵
  PID:6948
- C:\Windows\System\fKmrPsW.exe
  C:\Windows\System\fKmrPsW.exe
  2⤵
  PID:6900
- C:\Windows\System\kcMQTHk.exe
  C:\Windows\System\kcMQTHk.exe
  2⤵
  PID:6992
- C:\Windows\System\JIMGLRQ.exe
  C:\Windows\System\JIMGLRQ.exe
  2⤵
  PID:6932
- C:\Windows\System\kmPBIyI.exe
  C:\Windows\System\kmPBIyI.exe
  2⤵
  PID:7056
- C:\Windows\System\XfgPoEi.exe
  C:\Windows\System\XfgPoEi.exe
  2⤵
  PID:7072
- C:\Windows\System\ROhMyvF.exe
  C:\Windows\System\ROhMyvF.exe
  2⤵
  PID:7088
- C:\Windows\System\mKMnEJg.exe
  C:\Windows\System\mKMnEJg.exe
  2⤵
  PID:7104
- C:\Windows\System\kzXWtpl.exe
  C:\Windows\System\kzXWtpl.exe
  2⤵
  PID:7136
- C:\Windows\System\rRcOLRS.exe
  C:\Windows\System\rRcOLRS.exe
  2⤵
  PID:5716
- C:\Windows\System\Nsrjwne.exe
  C:\Windows\System\Nsrjwne.exe
  2⤵
  PID:6188
- C:\Windows\System\MoeAtnn.exe
  C:\Windows\System\MoeAtnn.exe
  2⤵
  PID:6252
- C:\Windows\System\LSwYNsc.exe
  C:\Windows\System\LSwYNsc.exe
  2⤵
  PID:6264
- C:\Windows\System\DJKiRis.exe
  C:\Windows\System\DJKiRis.exe
  2⤵
  PID:6424
- C:\Windows\System\bfgANKx.exe
  C:\Windows\System\bfgANKx.exe
  2⤵
  PID:6332
- C:\Windows\System\XSkRLyO.exe
  C:\Windows\System\XSkRLyO.exe
  2⤵
  PID:6600
- C:\Windows\System\vRypRcU.exe
  C:\Windows\System\vRypRcU.exe
  2⤵
  PID:6596
- C:\Windows\System\yOZIuyR.exe
  C:\Windows\System\yOZIuyR.exe
  2⤵
  PID:6648
- C:\Windows\System\lCxclUR.exe
  C:\Windows\System\lCxclUR.exe
  2⤵
  PID:6704
- C:\Windows\System\HowIEjq.exe
  C:\Windows\System\HowIEjq.exe
  2⤵
  PID:6660
- C:\Windows\System\pyyWjHZ.exe
  C:\Windows\System\pyyWjHZ.exe
  2⤵
  PID:6700
- C:\Windows\System\qWMoGxS.exe
  C:\Windows\System\qWMoGxS.exe
  2⤵
  PID:6760
- C:\Windows\System\QrrnvTI.exe
  C:\Windows\System\QrrnvTI.exe
  2⤵
  PID:6792
- C:\Windows\System\fPVOLWo.exe
  C:\Windows\System\fPVOLWo.exe
  2⤵
  PID:6888
- C:\Windows\System\JfKVfMK.exe
  C:\Windows\System\JfKVfMK.exe
  2⤵
  PID:6988
- C:\Windows\System\BqMNuGp.exe
  C:\Windows\System\BqMNuGp.exe
  2⤵
  PID:6936
- C:\Windows\System\JnDdgYh.exe
  C:\Windows\System\JnDdgYh.exe
  2⤵
  PID:7076
- C:\Windows\System\cozoZal.exe
  C:\Windows\System\cozoZal.exe
  2⤵
  PID:7068
- C:\Windows\System\Mekhycj.exe
  C:\Windows\System\Mekhycj.exe
  2⤵
  PID:7124
- C:\Windows\System\qVUutfb.exe
  C:\Windows\System\qVUutfb.exe
  2⤵
  PID:6184
- C:\Windows\System\GtoJAUY.exe
  C:\Windows\System\GtoJAUY.exe
  2⤵
  PID:5624
- C:\Windows\System\qjQWcsY.exe
  C:\Windows\System\qjQWcsY.exe
  2⤵
  PID:6236
- C:\Windows\System\KmzLOKu.exe
  C:\Windows\System\KmzLOKu.exe
  2⤵
  PID:6408
- C:\Windows\System\tAYxZzx.exe
  C:\Windows\System\tAYxZzx.exe
  2⤵
  PID:6428
- C:\Windows\System\RLkLqFw.exe
  C:\Windows\System\RLkLqFw.exe
  2⤵
  PID:6696
- C:\Windows\System\IdpzMSj.exe
  C:\Windows\System\IdpzMSj.exe
  2⤵
  PID:6796
- C:\Windows\System\ZoxHWOY.exe
  C:\Windows\System\ZoxHWOY.exe
  2⤵
  PID:6728
- C:\Windows\System\qHAmSzd.exe
  C:\Windows\System\qHAmSzd.exe
  2⤵
  PID:6612
- C:\Windows\System\agMhHAV.exe
  C:\Windows\System\agMhHAV.exe
  2⤵
  PID:6828
- C:\Windows\System\wTWZMxv.exe
  C:\Windows\System\wTWZMxv.exe
  2⤵
  PID:7092
- C:\Windows\System\cLDxXrm.exe
  C:\Windows\System\cLDxXrm.exe
  2⤵
  PID:6248
- C:\Windows\System\xoazukk.exe
  C:\Windows\System\xoazukk.exe
  2⤵
  PID:6512
- C:\Windows\System\aIKEuWH.exe
  C:\Windows\System\aIKEuWH.exe
  2⤵
  PID:6764
- C:\Windows\System\ClrqziE.exe
  C:\Windows\System\ClrqziE.exe
  2⤵
  PID:6312
- C:\Windows\System\wVXPTuS.exe
  C:\Windows\System\wVXPTuS.exe
  2⤵
  PID:6820
- C:\Windows\System\dADemdh.exe
  C:\Windows\System\dADemdh.exe
  2⤵
  PID:6220
- C:\Windows\System\SWboTMr.exe
  C:\Windows\System\SWboTMr.exe
  2⤵
  PID:6528
- C:\Windows\System\kosSlQY.exe
  C:\Windows\System\kosSlQY.exe
  2⤵
  PID:4312
- C:\Windows\System\pKuAijP.exe
  C:\Windows\System\pKuAijP.exe
  2⤵
  PID:7176
- C:\Windows\System\YsJDnbU.exe
  C:\Windows\System\YsJDnbU.exe
  2⤵
  PID:7192
- C:\Windows\System\pXWEGVD.exe
  C:\Windows\System\pXWEGVD.exe
  2⤵
  PID:7208
- C:\Windows\System\OgHpQII.exe
  C:\Windows\System\OgHpQII.exe
  2⤵
  PID:7224
- C:\Windows\System\rqazlbD.exe
  C:\Windows\System\rqazlbD.exe
  2⤵
  PID:7240
- C:\Windows\System\lxBCmZr.exe
  C:\Windows\System\lxBCmZr.exe
  2⤵
  PID:7256
- C:\Windows\System\usYRJma.exe
  C:\Windows\System\usYRJma.exe
  2⤵
  PID:7272
- C:\Windows\System\gfnkVys.exe
  C:\Windows\System\gfnkVys.exe
  2⤵
  PID:7288
- C:\Windows\System\bMMzehD.exe
  C:\Windows\System\bMMzehD.exe
  2⤵
  PID:7304
- C:\Windows\System\IIBoBaI.exe
  C:\Windows\System\IIBoBaI.exe
  2⤵
  PID:7320
- C:\Windows\System\LfofyGF.exe
  C:\Windows\System\LfofyGF.exe
  2⤵
  PID:7336
- C:\Windows\System\GxbNpUu.exe
  C:\Windows\System\GxbNpUu.exe
  2⤵
  PID:7352
- C:\Windows\System\LSKJYNz.exe
  C:\Windows\System\LSKJYNz.exe
  2⤵
  PID:7368
- C:\Windows\System\HYkDbDJ.exe
  C:\Windows\System\HYkDbDJ.exe
  2⤵
  PID:7384
- C:\Windows\System\jHPjqco.exe
  C:\Windows\System\jHPjqco.exe
  2⤵
  PID:7400
- C:\Windows\System\UAbWiPh.exe
  C:\Windows\System\UAbWiPh.exe
  2⤵
  PID:7416
- C:\Windows\System\hhGazkS.exe
  C:\Windows\System\hhGazkS.exe
  2⤵
  PID:7432
- C:\Windows\System\FLhBvgW.exe
  C:\Windows\System\FLhBvgW.exe
  2⤵
  PID:7448
- C:\Windows\System\nHllVBj.exe
  C:\Windows\System\nHllVBj.exe
  2⤵
  PID:7464
- C:\Windows\System\nMNanRu.exe
  C:\Windows\System\nMNanRu.exe
  2⤵
  PID:7480
- C:\Windows\System\ZLkgtTO.exe
  C:\Windows\System\ZLkgtTO.exe
  2⤵
  PID:7496
- C:\Windows\System\jLwuIOz.exe
  C:\Windows\System\jLwuIOz.exe
  2⤵
  PID:7512
- C:\Windows\System\OSoKqWB.exe
  C:\Windows\System\OSoKqWB.exe
  2⤵
  PID:7528
- C:\Windows\System\JzCESMZ.exe
  C:\Windows\System\JzCESMZ.exe
  2⤵
  PID:7544
- C:\Windows\System\JBozZNX.exe
  C:\Windows\System\JBozZNX.exe
  2⤵
  PID:7560
- C:\Windows\System\XkeOcJL.exe
  C:\Windows\System\XkeOcJL.exe
  2⤵
  PID:7576
- C:\Windows\System\AfpmYaN.exe
  C:\Windows\System\AfpmYaN.exe
  2⤵
  PID:7592
- C:\Windows\System\pbvczHP.exe
  C:\Windows\System\pbvczHP.exe
  2⤵
  PID:7608
- C:\Windows\System\hKAtmLD.exe
  C:\Windows\System\hKAtmLD.exe
  2⤵
  PID:7624
- C:\Windows\System\wRqLSrv.exe
  C:\Windows\System\wRqLSrv.exe
  2⤵
  PID:7640
- C:\Windows\System\rDFbcEQ.exe
  C:\Windows\System\rDFbcEQ.exe
  2⤵
  PID:7656
- C:\Windows\System\ZFrPFmC.exe
  C:\Windows\System\ZFrPFmC.exe
  2⤵
  PID:7672
- C:\Windows\System\mgeoZaZ.exe
  C:\Windows\System\mgeoZaZ.exe
  2⤵
  PID:7688
- C:\Windows\System\sVCPMbC.exe
  C:\Windows\System\sVCPMbC.exe
  2⤵
  PID:7704
- C:\Windows\System\KCVeCSO.exe
  C:\Windows\System\KCVeCSO.exe
  2⤵
  PID:7720
- C:\Windows\System\KCPPbAi.exe
  C:\Windows\System\KCPPbAi.exe
  2⤵
  PID:7740
- C:\Windows\System\mtFsqTP.exe
  C:\Windows\System\mtFsqTP.exe
  2⤵
  PID:7756
- C:\Windows\System\iOfnkbQ.exe
  C:\Windows\System\iOfnkbQ.exe
  2⤵
  PID:7772
- C:\Windows\System\GGLVvCT.exe
  C:\Windows\System\GGLVvCT.exe
  2⤵
  PID:7788
- C:\Windows\System\SDdvbke.exe
  C:\Windows\System\SDdvbke.exe
  2⤵
  PID:7804
- C:\Windows\System\MtYsjEk.exe
  C:\Windows\System\MtYsjEk.exe
  2⤵
  PID:7820
- C:\Windows\System\kBXCUeC.exe
  C:\Windows\System\kBXCUeC.exe
  2⤵
  PID:7836
- C:\Windows\System\IhrIibh.exe
  C:\Windows\System\IhrIibh.exe
  2⤵
  PID:7852
- C:\Windows\System\bakjTtr.exe
  C:\Windows\System\bakjTtr.exe
  2⤵
  PID:7868
- C:\Windows\System\KljyFPu.exe
  C:\Windows\System\KljyFPu.exe
  2⤵
  PID:7884
- C:\Windows\System\CnKqHiK.exe
  C:\Windows\System\CnKqHiK.exe
  2⤵
  PID:7900
- C:\Windows\System\Yybfygl.exe
  C:\Windows\System\Yybfygl.exe
  2⤵
  PID:7916
- C:\Windows\System\hKjNOHJ.exe
  C:\Windows\System\hKjNOHJ.exe
  2⤵
  PID:7932
- C:\Windows\System\kddfIZE.exe
  C:\Windows\System\kddfIZE.exe
  2⤵
  PID:7948
- C:\Windows\System\BdNYXjR.exe
  C:\Windows\System\BdNYXjR.exe
  2⤵
  PID:7964
- C:\Windows\System\wVatkCd.exe
  C:\Windows\System\wVatkCd.exe
  2⤵
  PID:7980
- C:\Windows\System\ybSbAgO.exe
  C:\Windows\System\ybSbAgO.exe
  2⤵
  PID:7996
- C:\Windows\System\DnLcBjb.exe
  C:\Windows\System\DnLcBjb.exe
  2⤵
  PID:8012
- C:\Windows\System\gsPEpfe.exe
  C:\Windows\System\gsPEpfe.exe
  2⤵
  PID:8028
- C:\Windows\System\YbOxdVw.exe
  C:\Windows\System\YbOxdVw.exe
  2⤵
  PID:8068
- C:\Windows\System\iszZlxI.exe
  C:\Windows\System\iszZlxI.exe
  2⤵
  PID:8084
- C:\Windows\System\dmROPBy.exe
  C:\Windows\System\dmROPBy.exe
  2⤵
  PID:8100
- C:\Windows\System\xpcyQLa.exe
  C:\Windows\System\xpcyQLa.exe
  2⤵
  PID:8116
- C:\Windows\System\iXLRxih.exe
  C:\Windows\System\iXLRxih.exe
  2⤵
  PID:8132
- C:\Windows\System\dyGMTvD.exe
  C:\Windows\System\dyGMTvD.exe
  2⤵
  PID:8148
- C:\Windows\System\VJGfPeY.exe
  C:\Windows\System\VJGfPeY.exe
  2⤵
  PID:8164
- C:\Windows\System\HSowYMm.exe
  C:\Windows\System\HSowYMm.exe
  2⤵
  PID:8180
- C:\Windows\System\anDaWzT.exe
  C:\Windows\System\anDaWzT.exe
  2⤵
  PID:7172
- C:\Windows\System\FiIExPJ.exe
  C:\Windows\System\FiIExPJ.exe
  2⤵
  PID:7232
- C:\Windows\System\lcbMJmT.exe
  C:\Windows\System\lcbMJmT.exe
  2⤵
  PID:7296
- C:\Windows\System\jZwVDEs.exe
  C:\Windows\System\jZwVDEs.exe
  2⤵
  PID:6624
- C:\Windows\System\HZyrMun.exe
  C:\Windows\System\HZyrMun.exe
  2⤵
  PID:6812
- C:\Windows\System\wvLwzYJ.exe
  C:\Windows\System\wvLwzYJ.exe
  2⤵
  PID:7284
- C:\Windows\System\EPSbujb.exe
  C:\Windows\System\EPSbujb.exe
  2⤵
  PID:7360
- C:\Windows\System\PJasMUq.exe
  C:\Windows\System\PJasMUq.exe
  2⤵
  PID:7188
- C:\Windows\System\eOplPNk.exe
  C:\Windows\System\eOplPNk.exe
  2⤵
  PID:7364
- C:\Windows\System\mfDYFGO.exe
  C:\Windows\System\mfDYFGO.exe
  2⤵
  PID:7424
- C:\Windows\System\aPjxnnF.exe
  C:\Windows\System\aPjxnnF.exe
  2⤵
  PID:7492
- C:\Windows\System\SFtYHdC.exe
  C:\Windows\System\SFtYHdC.exe
  2⤵
  PID:7556
- C:\Windows\System\oGccsGR.exe
  C:\Windows\System\oGccsGR.exe
  2⤵
  PID:7588
- C:\Windows\System\nyqKODc.exe
  C:\Windows\System\nyqKODc.exe
  2⤵
  PID:7444
- C:\Windows\System\rlEZftj.exe
  C:\Windows\System\rlEZftj.exe
  2⤵
  PID:7508
- C:\Windows\System\LQLgbqq.exe
  C:\Windows\System\LQLgbqq.exe
  2⤵
  PID:7572
- C:\Windows\System\IJWVEKe.exe
  C:\Windows\System\IJWVEKe.exe
  2⤵
  PID:7604
- C:\Windows\System\rSzrOWF.exe
  C:\Windows\System\rSzrOWF.exe
  2⤵
  PID:7716
- C:\Windows\System\JHGQQkw.exe
  C:\Windows\System\JHGQQkw.exe
  2⤵
  PID:7732
- C:\Windows\System\lEQuTot.exe
  C:\Windows\System\lEQuTot.exe
  2⤵
  PID:7700
- C:\Windows\System\Yoffhxy.exe
  C:\Windows\System\Yoffhxy.exe
  2⤵
  PID:1516
- C:\Windows\System\UKOGINK.exe
  C:\Windows\System\UKOGINK.exe
  2⤵
  PID:7780
- C:\Windows\System\UBHVKYQ.exe
  C:\Windows\System\UBHVKYQ.exe
  2⤵
  PID:7816
- C:\Windows\System\TciOrMk.exe
  C:\Windows\System\TciOrMk.exe
  2⤵
  PID:7880
- C:\Windows\System\uUcxavn.exe
  C:\Windows\System\uUcxavn.exe
  2⤵
  PID:7012
- C:\Windows\System\uECKKdy.exe
  C:\Windows\System\uECKKdy.exe
  2⤵
  PID:7976
- C:\Windows\System\KCSIBor.exe
  C:\Windows\System\KCSIBor.exe
  2⤵
  PID:7956
- C:\Windows\System\CeUpWhq.exe
  C:\Windows\System\CeUpWhq.exe
  2⤵
  PID:7892
- C:\Windows\System\rHNSucw.exe
  C:\Windows\System\rHNSucw.exe
  2⤵
  PID:7928
- C:\Windows\System\uApTiAF.exe
  C:\Windows\System\uApTiAF.exe
  2⤵
  PID:8036
- C:\Windows\System\AmOwiAe.exe
  C:\Windows\System\AmOwiAe.exe
  2⤵
  PID:8048
- C:\Windows\System\imVSuGW.exe
  C:\Windows\System\imVSuGW.exe
  2⤵
  PID:8064
- C:\Windows\System\zFWWUSF.exe
  C:\Windows\System\zFWWUSF.exe
  2⤵
  PID:8124
- C:\Windows\System\HlgSzjF.exe
  C:\Windows\System\HlgSzjF.exe
  2⤵
  PID:8076
- C:\Windows\System\vNyCuhx.exe
  C:\Windows\System\vNyCuhx.exe
  2⤵
  PID:8112
- C:\Windows\System\UuvbDtd.exe
  C:\Windows\System\UuvbDtd.exe
  2⤵
  PID:6520
- C:\Windows\System\YLfRiSY.exe
  C:\Windows\System\YLfRiSY.exe
  2⤵
  PID:7200
- C:\Windows\System\cqnqwnk.exe
  C:\Windows\System\cqnqwnk.exe
  2⤵
  PID:6748
- C:\Windows\System\cQBJkqN.exe
  C:\Windows\System\cQBJkqN.exe
  2⤵
  PID:7348
- C:\Windows\System\XanYOEb.exe
  C:\Windows\System\XanYOEb.exe
  2⤵
  PID:7220
- C:\Windows\System\bLrcDiA.exe
  C:\Windows\System\bLrcDiA.exe
  2⤵
  PID:7396
- C:\Windows\System\vLwuCNs.exe
  C:\Windows\System\vLwuCNs.exe
  2⤵
  PID:7616
- C:\Windows\System\INrBdHv.exe
  C:\Windows\System\INrBdHv.exe
  2⤵
  PID:7380
- C:\Windows\System\tfCyrXR.exe
  C:\Windows\System\tfCyrXR.exe
  2⤵
  PID:7652
- C:\Windows\System\XgSxIox.exe
  C:\Windows\System\XgSxIox.exe
  2⤵
  PID:7568
- C:\Windows\System\RlROzpE.exe
  C:\Windows\System\RlROzpE.exe
  2⤵
  PID:7664
- C:\Windows\System\SFoBoMC.exe
  C:\Windows\System\SFoBoMC.exe
  2⤵
  PID:7960
- C:\Windows\System\ruWNYkd.exe
  C:\Windows\System\ruWNYkd.exe
  2⤵
  PID:7764
- C:\Windows\System\AqrYpEf.exe
  C:\Windows\System\AqrYpEf.exe
  2⤵
  PID:7912
- C:\Windows\System\oCbKHij.exe
  C:\Windows\System\oCbKHij.exe
  2⤵
  PID:7940
- C:\Windows\System\OrXIrcA.exe
  C:\Windows\System\OrXIrcA.exe
  2⤵
  PID:8024
- C:\Windows\System\nlGDaIj.exe
  C:\Windows\System\nlGDaIj.exe
  2⤵
  PID:8092
- C:\Windows\System\dwloPJf.exe
  C:\Windows\System\dwloPJf.exe
  2⤵
  PID:8160
- C:\Windows\System\uyTbKeL.exe
  C:\Windows\System\uyTbKeL.exe
  2⤵
  PID:8188
- C:\Windows\System\eHLWLLf.exe
  C:\Windows\System\eHLWLLf.exe
  2⤵
  PID:7268
- C:\Windows\System\DBEXgVb.exe
  C:\Windows\System\DBEXgVb.exe
  2⤵
  PID:7028
- C:\Windows\System\epfJMpG.exe
  C:\Windows\System\epfJMpG.exe
  2⤵
  PID:8096
- C:\Windows\System\NSSjxzF.exe
  C:\Windows\System\NSSjxzF.exe
  2⤵
  PID:7668
- C:\Windows\System\IoPnsjf.exe
  C:\Windows\System\IoPnsjf.exe
  2⤵
  PID:8052
- C:\Windows\System\vcOieZa.exe
  C:\Windows\System\vcOieZa.exe
  2⤵
  PID:7488
- C:\Windows\System\gjDtjFE.exe
  C:\Windows\System\gjDtjFE.exe
  2⤵
  PID:7552
- C:\Windows\System\XbuBJsU.exe
  C:\Windows\System\XbuBJsU.exe
  2⤵
  PID:7376
- C:\Windows\System\KyswXxr.exe
  C:\Windows\System\KyswXxr.exe
  2⤵
  PID:7828
- C:\Windows\System\JhQQmzn.exe
  C:\Windows\System\JhQQmzn.exe
  2⤵
  PID:8196
- C:\Windows\System\WqNZyAB.exe
  C:\Windows\System\WqNZyAB.exe
  2⤵
  PID:8212
- C:\Windows\System\kYGhkAW.exe
  C:\Windows\System\kYGhkAW.exe
  2⤵
  PID:8228
- C:\Windows\System\sdxccUC.exe
  C:\Windows\System\sdxccUC.exe
  2⤵
  PID:8244
- C:\Windows\System\tCjyhSG.exe
  C:\Windows\System\tCjyhSG.exe
  2⤵
  PID:8260
- C:\Windows\System\RgFQWCm.exe
  C:\Windows\System\RgFQWCm.exe
  2⤵
  PID:8276
- C:\Windows\System\OgLDcoQ.exe
  C:\Windows\System\OgLDcoQ.exe
  2⤵
  PID:8292
- C:\Windows\System\vtrgZBv.exe
  C:\Windows\System\vtrgZBv.exe
  2⤵
  PID:8308
- C:\Windows\System\qVabaac.exe
  C:\Windows\System\qVabaac.exe
  2⤵
  PID:8324
- C:\Windows\System\xSHlvNQ.exe
  C:\Windows\System\xSHlvNQ.exe
  2⤵
  PID:8340
- C:\Windows\System\NksmfAt.exe
  C:\Windows\System\NksmfAt.exe
  2⤵
  PID:8356
- C:\Windows\System\xddnWFG.exe
  C:\Windows\System\xddnWFG.exe
  2⤵
  PID:8372
- C:\Windows\System\TcsFbcG.exe
  C:\Windows\System\TcsFbcG.exe
  2⤵
  PID:8388
- C:\Windows\System\OpeQhlJ.exe
  C:\Windows\System\OpeQhlJ.exe
  2⤵
  PID:8404
- C:\Windows\System\WlFzYMP.exe
  C:\Windows\System\WlFzYMP.exe
  2⤵
  PID:8420
- C:\Windows\System\FVYmRgv.exe
  C:\Windows\System\FVYmRgv.exe
  2⤵
  PID:8464
- C:\Windows\System\FtdXKvb.exe
  C:\Windows\System\FtdXKvb.exe
  2⤵
  PID:8480
- C:\Windows\System\YSTKocF.exe
  C:\Windows\System\YSTKocF.exe
  2⤵
  PID:8496
- C:\Windows\System\foMJxDM.exe
  C:\Windows\System\foMJxDM.exe
  2⤵
  PID:8516
- C:\Windows\System\nVmCqAH.exe
  C:\Windows\System\nVmCqAH.exe
  2⤵
  PID:8532
- C:\Windows\System\RrUXhCe.exe
  C:\Windows\System\RrUXhCe.exe
  2⤵
  PID:8548
- C:\Windows\System\dJoXdfi.exe
  C:\Windows\System\dJoXdfi.exe
  2⤵
  PID:8564
- C:\Windows\System\lHruatR.exe
  C:\Windows\System\lHruatR.exe
  2⤵
  PID:8580
- C:\Windows\System\THwMpbK.exe
  C:\Windows\System\THwMpbK.exe
  2⤵
  PID:8600
- C:\Windows\System\lCetdPl.exe
  C:\Windows\System\lCetdPl.exe
  2⤵
  PID:8616
- C:\Windows\System\YRUbgQg.exe
  C:\Windows\System\YRUbgQg.exe
  2⤵
  PID:8632
- C:\Windows\System\PycTupc.exe
  C:\Windows\System\PycTupc.exe
  2⤵
  PID:8648
- C:\Windows\System\NNTljlN.exe
  C:\Windows\System\NNTljlN.exe
  2⤵
  PID:8664
- C:\Windows\System\obDEZbb.exe
  C:\Windows\System\obDEZbb.exe
  2⤵
  PID:8680
- C:\Windows\System\HTYAEcy.exe
  C:\Windows\System\HTYAEcy.exe
  2⤵
  PID:8696
- C:\Windows\System\ZbmxnWl.exe
  C:\Windows\System\ZbmxnWl.exe
  2⤵
  PID:8712
- C:\Windows\System\svjkVlQ.exe
  C:\Windows\System\svjkVlQ.exe
  2⤵
  PID:8728
- C:\Windows\System\NTxGckd.exe
  C:\Windows\System\NTxGckd.exe
  2⤵
  PID:8744
- C:\Windows\System\qazwBBY.exe
  C:\Windows\System\qazwBBY.exe
  2⤵
  PID:8760
- C:\Windows\System\OOLMEEd.exe
  C:\Windows\System\OOLMEEd.exe
  2⤵
  PID:8776
- C:\Windows\System\sReAQAL.exe
  C:\Windows\System\sReAQAL.exe
  2⤵
  PID:8792
- C:\Windows\System\EmwVrjm.exe
  C:\Windows\System\EmwVrjm.exe
  2⤵
  PID:8808
- C:\Windows\System\ugjjdGR.exe
  C:\Windows\System\ugjjdGR.exe
  2⤵
  PID:8824
- C:\Windows\System\ZtrwtVk.exe
  C:\Windows\System\ZtrwtVk.exe
  2⤵
  PID:8840
- C:\Windows\System\rJIbtYX.exe
  C:\Windows\System\rJIbtYX.exe
  2⤵
  PID:8856
- C:\Windows\System\NSCmLnN.exe
  C:\Windows\System\NSCmLnN.exe
  2⤵
  PID:8872
- C:\Windows\System\kDLWBKf.exe
  C:\Windows\System\kDLWBKf.exe
  2⤵
  PID:8888
- C:\Windows\System\ohMfQAb.exe
  C:\Windows\System\ohMfQAb.exe
  2⤵
  PID:8904
- C:\Windows\System\eAqfYoN.exe
  C:\Windows\System\eAqfYoN.exe
  2⤵
  PID:8920
- C:\Windows\System\mjePvIZ.exe
  C:\Windows\System\mjePvIZ.exe
  2⤵
  PID:8936
- C:\Windows\System\skfvwEx.exe
  C:\Windows\System\skfvwEx.exe
  2⤵
  PID:8952
- C:\Windows\System\jMyNLyK.exe
  C:\Windows\System\jMyNLyK.exe
  2⤵
  PID:8968
- C:\Windows\System\eVvtiAC.exe
  C:\Windows\System\eVvtiAC.exe
  2⤵
  PID:8984
- C:\Windows\System\xqYUpck.exe
  C:\Windows\System\xqYUpck.exe
  2⤵
  PID:9016
- C:\Windows\System\oswiVds.exe
  C:\Windows\System\oswiVds.exe
  2⤵
  PID:9040
- C:\Windows\System\VDStEzI.exe
  C:\Windows\System\VDStEzI.exe
  2⤵
  PID:9056
- C:\Windows\System\ycoPLNn.exe
  C:\Windows\System\ycoPLNn.exe
  2⤵
  PID:9072
- C:\Windows\System\EXMmTpa.exe
  C:\Windows\System\EXMmTpa.exe
  2⤵
  PID:9088
- C:\Windows\System\PjnVgPM.exe
  C:\Windows\System\PjnVgPM.exe
  2⤵
  PID:9108
- C:\Windows\System\aBYOAxn.exe
  C:\Windows\System\aBYOAxn.exe
  2⤵
  PID:9124
- C:\Windows\System\LghdMxM.exe
  C:\Windows\System\LghdMxM.exe
  2⤵
  PID:9140
- C:\Windows\System\cXDcWSt.exe
  C:\Windows\System\cXDcWSt.exe
  2⤵
  PID:9156
- C:\Windows\System\milNEfa.exe
  C:\Windows\System\milNEfa.exe
  2⤵
  PID:9172
- C:\Windows\System\xVraslW.exe
  C:\Windows\System\xVraslW.exe
  2⤵
  PID:9188
- C:\Windows\System\bdQbaCO.exe
  C:\Windows\System\bdQbaCO.exe
  2⤵
  PID:9208
- C:\Windows\System\ZupxCVI.exe
  C:\Windows\System\ZupxCVI.exe
  2⤵
  PID:7476
- C:\Windows\System\jAkFpXv.exe
  C:\Windows\System\jAkFpXv.exe
  2⤵
  PID:8204
- C:\Windows\System\IGBpgWb.exe
  C:\Windows\System\IGBpgWb.exe
  2⤵
  PID:8268
- C:\Windows\System\VHXTBrS.exe
  C:\Windows\System\VHXTBrS.exe
  2⤵
  PID:8332
- C:\Windows\System\tNGlaMo.exe
  C:\Windows\System\tNGlaMo.exe
  2⤵
  PID:8364
- C:\Windows\System\QEiPzBx.exe
  C:\Windows\System\QEiPzBx.exe
  2⤵
  PID:6904
- C:\Windows\System\sXyjqHU.exe
  C:\Windows\System\sXyjqHU.exe
  2⤵
  PID:8256
- C:\Windows\System\qwzoZwv.exe
  C:\Windows\System\qwzoZwv.exe
  2⤵
  PID:8348
- C:\Windows\System\StSiTBS.exe
  C:\Windows\System\StSiTBS.exe
  2⤵
  PID:8772
- C:\Windows\System\ETDKnpO.exe
  C:\Windows\System\ETDKnpO.exe
  2⤵
  PID:8800
- C:\Windows\System\zMvZmWC.exe
  C:\Windows\System\zMvZmWC.exe
  2⤵
  PID:8832
- C:\Windows\System\DMvTQDT.exe
  C:\Windows\System\DMvTQDT.exe
  2⤵
  PID:8964
- C:\Windows\System\fKwpuDK.exe
  C:\Windows\System\fKwpuDK.exe
  2⤵
  PID:9028
- C:\Windows\System\fFRFHdG.exe
  C:\Windows\System\fFRFHdG.exe
  2⤵
  PID:9096
- C:\Windows\System\Rhcapln.exe
  C:\Windows\System\Rhcapln.exe
  2⤵
  PID:9000
- C:\Windows\System\GVgVRol.exe
  C:\Windows\System\GVgVRol.exe
  2⤵
  PID:9012
- C:\Windows\System\zZkUkHz.exe
  C:\Windows\System\zZkUkHz.exe
  2⤵
  PID:9132
- C:\Windows\System\VBKpBSl.exe
  C:\Windows\System\VBKpBSl.exe
  2⤵
  PID:9116
- C:\Windows\System\JCAvjVB.exe
  C:\Windows\System\JCAvjVB.exe
  2⤵
  PID:9180
- C:\Windows\System\IdmuGZz.exe
  C:\Windows\System\IdmuGZz.exe
  2⤵
  PID:9204
- C:\Windows\System\kzEsdTs.exe
  C:\Windows\System\kzEsdTs.exe
  2⤵
  PID:8428
- C:\Windows\System\HSjrFQv.exe
  C:\Windows\System\HSjrFQv.exe
  2⤵
  PID:8300
- C:\Windows\System\tfIMTko.exe
  C:\Windows\System\tfIMTko.exe
  2⤵
  PID:8284
- C:\Windows\System\hQCHtAc.exe
  C:\Windows\System\hQCHtAc.exe
  2⤵
  PID:8108
- C:\Windows\System\wNnAsfN.exe
  C:\Windows\System\wNnAsfN.exe
  2⤵
  PID:8396
- C:\Windows\System\YWidzIm.exe
  C:\Windows\System\YWidzIm.exe
  2⤵
  PID:8236
- C:\Windows\System\YHYJhri.exe
  C:\Windows\System\YHYJhri.exe
  2⤵
  PID:8020
- C:\Windows\System\giHMIFY.exe
  C:\Windows\System\giHMIFY.exe
  2⤵
  PID:8444
- C:\Windows\System\swAYnWL.exe
  C:\Windows\System\swAYnWL.exe
  2⤵
  PID:8460
- C:\Windows\System\etYIOdL.exe
  C:\Windows\System\etYIOdL.exe
  2⤵
  PID:8524
- C:\Windows\System\utQxQbl.exe
  C:\Windows\System\utQxQbl.exe
  2⤵
  PID:8560
- C:\Windows\System\QPxJSCq.exe
  C:\Windows\System\QPxJSCq.exe
  2⤵
  PID:8512
- C:\Windows\System\JKZXNUK.exe
  C:\Windows\System\JKZXNUK.exe
  2⤵
  PID:8476
- C:\Windows\System\xcUwFTN.exe
  C:\Windows\System\xcUwFTN.exe
  2⤵
  PID:8624
- C:\Windows\System\UajwMgr.exe
  C:\Windows\System\UajwMgr.exe
  2⤵
  PID:8660
- C:\Windows\System\RdxijLD.exe
  C:\Windows\System\RdxijLD.exe
  2⤵
  PID:8724
- C:\Windows\System\RJYgeIA.exe
  C:\Windows\System\RJYgeIA.exe
  2⤵
  PID:8704
- C:\Windows\System\glACnYl.exe
  C:\Windows\System\glACnYl.exe
  2⤵
  PID:8816
- C:\Windows\System\zfcrYys.exe
  C:\Windows\System\zfcrYys.exe
  2⤵
  PID:8916
- C:\Windows\System\bXqVTkL.exe
  C:\Windows\System\bXqVTkL.exe
  2⤵
  PID:8804
- C:\Windows\System\CoVEkGS.exe
  C:\Windows\System\CoVEkGS.exe
  2⤵
  PID:9036
- C:\Windows\System\CyVGown.exe
  C:\Windows\System\CyVGown.exe
  2⤵
  PID:8992
- C:\Windows\System\OaDmLVG.exe
  C:\Windows\System\OaDmLVG.exe
  2⤵
  PID:9164
- C:\Windows\System\bywnGdp.exe
  C:\Windows\System\bywnGdp.exe
  2⤵
  PID:9200
- C:\Windows\System\AsXuTJv.exe
  C:\Windows\System\AsXuTJv.exe
  2⤵
  PID:7332
- C:\Windows\System\slLzIbk.exe
  C:\Windows\System\slLzIbk.exe
  2⤵
  PID:7736
- C:\Windows\System\vPTxCSN.exe
  C:\Windows\System\vPTxCSN.exe
  2⤵
  PID:9184
- C:\Windows\System\PSkUsxx.exe
  C:\Windows\System\PSkUsxx.exe
  2⤵
  PID:8416
- C:\Windows\System\SOBOlqU.exe
  C:\Windows\System\SOBOlqU.exe
  2⤵
  PID:8316
- C:\Windows\System\yIjPkTF.exe
  C:\Windows\System\yIjPkTF.exe
  2⤵
  PID:8588
- C:\Windows\System\zpMnZfb.exe
  C:\Windows\System\zpMnZfb.exe
  2⤵
  PID:8628
- C:\Windows\System\sGMvDru.exe
  C:\Windows\System\sGMvDru.exe
  2⤵
  PID:8720
- C:\Windows\System\JWkCBbv.exe
  C:\Windows\System\JWkCBbv.exe
  2⤵
  PID:8672
- C:\Windows\System\bZQyrLW.exe
  C:\Windows\System\bZQyrLW.exe
  2⤵
  PID:8996
- C:\Windows\System\TUTBIia.exe
  C:\Windows\System\TUTBIia.exe
  2⤵
  PID:9104
- C:\Windows\System\ljnPRir.exe
  C:\Windows\System\ljnPRir.exe
  2⤵
  PID:8692
- C:\Windows\System\VYlkoAs.exe
  C:\Windows\System\VYlkoAs.exe
  2⤵
  PID:8656
- C:\Windows\System\DDWfogO.exe
  C:\Windows\System\DDWfogO.exe
  2⤵
  PID:8852
- C:\Windows\System\OONxwZp.exe
  C:\Windows\System\OONxwZp.exe
  2⤵
  PID:8960
- C:\Windows\System\cRlCQes.exe
  C:\Windows\System\cRlCQes.exe
  2⤵
  PID:9100
- C:\Windows\System\Nhtmvee.exe
  C:\Windows\System\Nhtmvee.exe
  2⤵
  PID:9120
- C:\Windows\System\xdndhsX.exe
  C:\Windows\System\xdndhsX.exe
  2⤵
  PID:1460
- C:\Windows\System\OIGjqIU.exe
  C:\Windows\System\OIGjqIU.exe
  2⤵
  PID:8456
- C:\Windows\System\hUyjKRI.exe
  C:\Windows\System\hUyjKRI.exe
  2⤵
  PID:8492
- C:\Windows\System\FDYLnZd.exe
  C:\Windows\System\FDYLnZd.exe
  2⤵
  PID:7988
- C:\Windows\System\flgkRjq.exe
  C:\Windows\System\flgkRjq.exe
  2⤵
  PID:8784
- C:\Windows\System\xEwJMUw.exe
  C:\Windows\System\xEwJMUw.exe
  2⤵
  PID:8948
- C:\Windows\System\xJBUDjh.exe
  C:\Windows\System\xJBUDjh.exe
  2⤵
  PID:8900
- C:\Windows\System\hJVsyMh.exe
  C:\Windows\System\hJVsyMh.exe
  2⤵
  PID:8224
- C:\Windows\System\SNXAGnQ.exe
  C:\Windows\System\SNXAGnQ.exe
  2⤵
  PID:8612
- C:\Windows\System\xmIbIRi.exe
  C:\Windows\System\xmIbIRi.exe
  2⤵
  PID:8928
- C:\Windows\System\XqxzLMC.exe
  C:\Windows\System\XqxzLMC.exe
  2⤵
  PID:9220
- C:\Windows\System\qXSKbMI.exe
  C:\Windows\System\qXSKbMI.exe
  2⤵
  PID:9236
- C:\Windows\System\hnWeHaa.exe
  C:\Windows\System\hnWeHaa.exe
  2⤵
  PID:9252
- C:\Windows\System\inozBTx.exe
  C:\Windows\System\inozBTx.exe
  2⤵
  PID:9272
- C:\Windows\System\vzsjCWX.exe
  C:\Windows\System\vzsjCWX.exe
  2⤵
  PID:9288
- C:\Windows\System\MrcEWaB.exe
  C:\Windows\System\MrcEWaB.exe
  2⤵
  PID:9304
- C:\Windows\System\xvDYweH.exe
  C:\Windows\System\xvDYweH.exe
  2⤵
  PID:9328
- C:\Windows\System\PsGHCwJ.exe
  C:\Windows\System\PsGHCwJ.exe
  2⤵
  PID:9344
- C:\Windows\System\fEPNGja.exe
  C:\Windows\System\fEPNGja.exe
  2⤵
  PID:9360
- C:\Windows\System\KyTMeDD.exe
  C:\Windows\System\KyTMeDD.exe
  2⤵
  PID:9376
- C:\Windows\System\lRgAAih.exe
  C:\Windows\System\lRgAAih.exe
  2⤵
  PID:9392
- C:\Windows\System\DvIzsSp.exe
  C:\Windows\System\DvIzsSp.exe
  2⤵
  PID:9448
- C:\Windows\System\QWqXHFf.exe
  C:\Windows\System\QWqXHFf.exe
  2⤵
  PID:9464
- C:\Windows\System\MyVSCFB.exe
  C:\Windows\System\MyVSCFB.exe
  2⤵
  PID:9480
- C:\Windows\System\KdbkbMy.exe
  C:\Windows\System\KdbkbMy.exe
  2⤵
  PID:9496
- C:\Windows\System\PzatUfr.exe
  C:\Windows\System\PzatUfr.exe
  2⤵
  PID:9512
- C:\Windows\System\GrWpNGc.exe
  C:\Windows\System\GrWpNGc.exe
  2⤵
  PID:9528
- C:\Windows\System\WNOEkuS.exe
  C:\Windows\System\WNOEkuS.exe
  2⤵
  PID:9544
- C:\Windows\System\gFHIpwF.exe
  C:\Windows\System\gFHIpwF.exe
  2⤵
  PID:9560
- C:\Windows\System\rSdsRQw.exe
  C:\Windows\System\rSdsRQw.exe
  2⤵
  PID:9576
- C:\Windows\System\KNkGtJi.exe
  C:\Windows\System\KNkGtJi.exe
  2⤵
  PID:9592
- C:\Windows\System\MaJafjs.exe
  C:\Windows\System\MaJafjs.exe
  2⤵
  PID:9608
- C:\Windows\System\LUMeeYj.exe
  C:\Windows\System\LUMeeYj.exe
  2⤵
  PID:9624
- C:\Windows\System\pBaEWIr.exe
  C:\Windows\System\pBaEWIr.exe
  2⤵
  PID:9644
- C:\Windows\System\pETJqDh.exe
  C:\Windows\System\pETJqDh.exe
  2⤵
  PID:9660
- C:\Windows\System\BAkZzLA.exe
  C:\Windows\System\BAkZzLA.exe
  2⤵
  PID:9676
- C:\Windows\System\XSPJRYI.exe
  C:\Windows\System\XSPJRYI.exe
  2⤵
  PID:9692
- C:\Windows\System\GHtubeb.exe
  C:\Windows\System\GHtubeb.exe
  2⤵
  PID:9708
- C:\Windows\System\oXitRdy.exe
  C:\Windows\System\oXitRdy.exe
  2⤵
  PID:9724
- C:\Windows\System\SctgUbc.exe
  C:\Windows\System\SctgUbc.exe
  2⤵
  PID:9740
- C:\Windows\System\NHuDqAA.exe
  C:\Windows\System\NHuDqAA.exe
  2⤵
  PID:9756
- C:\Windows\System\wcnXfwE.exe
  C:\Windows\System\wcnXfwE.exe
  2⤵
  PID:9772
- C:\Windows\System\qkKqfgB.exe
  C:\Windows\System\qkKqfgB.exe
  2⤵
  PID:9788
- C:\Windows\System\cBryDeH.exe
  C:\Windows\System\cBryDeH.exe
  2⤵
  PID:9804
- C:\Windows\System\zkpOGER.exe
  C:\Windows\System\zkpOGER.exe
  2⤵
  PID:10132
- C:\Windows\System\JysUPtW.exe
  C:\Windows\System\JysUPtW.exe
  2⤵
  PID:8608
- C:\Windows\System\ALbclwX.exe
  C:\Windows\System\ALbclwX.exe
  2⤵
  PID:9296
- C:\Windows\System\stawnCu.exe
  C:\Windows\System\stawnCu.exe
  2⤵
  PID:9540
- C:\Windows\System\qKbYoMb.exe
  C:\Windows\System\qKbYoMb.exe
  2⤵
  PID:9568
- C:\Windows\System\rpwFXPk.exe
  C:\Windows\System\rpwFXPk.exe
  2⤵
  PID:9536
- C:\Windows\System\XqzRCjQ.exe
  C:\Windows\System\XqzRCjQ.exe
  2⤵
  PID:9716
- C:\Windows\System\hUdRkkJ.exe
  C:\Windows\System\hUdRkkJ.exe
  2⤵
  PID:9780
- C:\Windows\System\xEwsXMp.exe
  C:\Windows\System\xEwsXMp.exe
  2⤵
  PID:9704
- C:\Windows\System\jEVNMJS.exe
  C:\Windows\System\jEVNMJS.exe
  2⤵
  PID:9784
- C:\Windows\System\ivfTnAG.exe
  C:\Windows\System\ivfTnAG.exe
  2⤵
  PID:9824
- C:\Windows\System\CmPNAJC.exe
  C:\Windows\System\CmPNAJC.exe
  2⤵
  PID:9848
- C:\Windows\System\FhwvpNv.exe
  C:\Windows\System\FhwvpNv.exe
  2⤵
  PID:9860
- C:\Windows\System\hyeDyUY.exe
  C:\Windows\System\hyeDyUY.exe
  2⤵
  PID:9872
- C:\Windows\System\kFpOsfy.exe
  C:\Windows\System\kFpOsfy.exe
  2⤵
  PID:9892
- C:\Windows\System\YwbqvqY.exe
  C:\Windows\System\YwbqvqY.exe
  2⤵
  PID:9908
- C:\Windows\System\ffszbjg.exe
  C:\Windows\System\ffszbjg.exe
  2⤵
  PID:9924
- C:\Windows\System\cevoAhV.exe
  C:\Windows\System\cevoAhV.exe
  2⤵
  PID:9932
- C:\Windows\System\jifZXmg.exe
  C:\Windows\System\jifZXmg.exe
  2⤵
  PID:10068
- C:\Windows\System\vcoeXsE.exe
  C:\Windows\System\vcoeXsE.exe
  2⤵
  PID:10108
- C:\Windows\System\kblEkfT.exe
  C:\Windows\System\kblEkfT.exe
  2⤵
  PID:10156
- C:\Windows\System\AUcFQnR.exe
  C:\Windows\System\AUcFQnR.exe
  2⤵
  PID:10232
- C:\Windows\System\PSUvKRY.exe
  C:\Windows\System\PSUvKRY.exe
  2⤵
  PID:10216
- C:\Windows\System\JeOppNL.exe
  C:\Windows\System\JeOppNL.exe
  2⤵
  PID:10192
- C:\Windows\System\lnKAlWV.exe
  C:\Windows\System\lnKAlWV.exe
  2⤵
  PID:10184
- C:\Windows\System\gEUVxfw.exe
  C:\Windows\System\gEUVxfw.exe
  2⤵
  PID:10164
- C:\Windows\System\qHsukuU.exe
  C:\Windows\System\qHsukuU.exe
  2⤵
  PID:9084
- C:\Windows\System\fqjlkGT.exe
  C:\Windows\System\fqjlkGT.exe
  2⤵
  PID:9264
- C:\Windows\System\OswKmdU.exe
  C:\Windows\System\OswKmdU.exe
  2⤵
  PID:9368
- C:\Windows\System\LSFgcSY.exe
  C:\Windows\System\LSFgcSY.exe
  2⤵
  PID:9616
- C:\Windows\System\YunKuNj.exe
  C:\Windows\System\YunKuNj.exe
  2⤵
  PID:9384
- C:\Windows\System\RzhKoMx.exe
  C:\Windows\System\RzhKoMx.exe
  2⤵
  PID:9388
- C:\Windows\System\KEHnLmR.exe
  C:\Windows\System\KEHnLmR.exe
  2⤵
  PID:9828
- C:\Windows\System\JUEhBma.exe
  C:\Windows\System\JUEhBma.exe
  2⤵
  PID:9880
- C:\Windows\System\lTUBjRw.exe
  C:\Windows\System\lTUBjRw.exe
  2⤵
  PID:9868
- C:\Windows\System\bCSEVon.exe
  C:\Windows\System\bCSEVon.exe
  2⤵
  PID:9952
- C:\Windows\System\VsdbHwp.exe
  C:\Windows\System\VsdbHwp.exe
  2⤵
  PID:9936
- C:\Windows\System\NziuniI.exe
  C:\Windows\System\NziuniI.exe
  2⤵
  PID:9968
- C:\Windows\System\PhCiIEd.exe
  C:\Windows\System\PhCiIEd.exe
  2⤵
  PID:10072
- C:\Windows\System\NxjLBsd.exe
  C:\Windows\System\NxjLBsd.exe
  2⤵
  PID:9996
- C:\Windows\System\PmRQHkt.exe
  C:\Windows\System\PmRQHkt.exe
  2⤵
  PID:10012
- C:\Windows\System\xCIzxUH.exe
  C:\Windows\System\xCIzxUH.exe
  2⤵
  PID:10092
- C:\Windows\System\KsIRPHP.exe
  C:\Windows\System\KsIRPHP.exe
  2⤵
  PID:10036
- C:\Windows\System\NJdGHyi.exe
  C:\Windows\System\NJdGHyi.exe
  2⤵
  PID:10052
- C:\Windows\System\zeDIWYc.exe
  C:\Windows\System\zeDIWYc.exe
  2⤵
  PID:10120
- C:\Windows\System\mziwtAr.exe
  C:\Windows\System\mziwtAr.exe
  2⤵
  PID:10096
- C:\Windows\System\ukmFOrO.exe
  C:\Windows\System\ukmFOrO.exe
  2⤵
  PID:10148
- C:\Windows\System\PgiIFxR.exe
  C:\Windows\System\PgiIFxR.exe
  2⤵
  PID:9248
- C:\Windows\System\orSBqjJ.exe
  C:\Windows\System\orSBqjJ.exe
  2⤵
  PID:10188
- C:\Windows\System\VPSuOnN.exe
  C:\Windows\System\VPSuOnN.exe
  2⤵
  PID:9352
- C:\Windows\System\udfWmAd.exe
  C:\Windows\System\udfWmAd.exe
  2⤵
  PID:9420
- C:\Windows\System\FezRHim.exe
  C:\Windows\System\FezRHim.exe
  2⤵
  PID:10236
- C:\Windows\System\nZMXrzK.exe
  C:\Windows\System\nZMXrzK.exe
  2⤵
  PID:10196
- C:\Windows\System\KNfhPMM.exe
  C:\Windows\System\KNfhPMM.exe
  2⤵
  PID:10172
- C:\Windows\System\eDhpDil.exe
  C:\Windows\System\eDhpDil.exe
  2⤵
  PID:9372
- C:\Windows\System\oJbTFGj.exe
  C:\Windows\System\oJbTFGj.exe
  2⤵
  PID:9416
- C:\Windows\System\vgAEsQc.exe
  C:\Windows\System\vgAEsQc.exe
  2⤵
  PID:9428
- C:\Windows\System\XeCLnCK.exe
  C:\Windows\System\XeCLnCK.exe
  2⤵
  PID:9492
- C:\Windows\System\DGtaxZe.exe
  C:\Windows\System\DGtaxZe.exe
  2⤵
  PID:9552
- C:\Windows\System\lLYCoxn.exe
  C:\Windows\System\lLYCoxn.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIOBxWJ.exe

Filesize
6.0MB

MD5
fd5dce47ed502fbd3ae43d1de00ca8dc

SHA1
c00643091c76ed5c565094c23c1355d821e3a57e

SHA256
fe9232d2a5bc9cee05af05516e120ccfe901ba1b0815af39ac1199f829d7652a

SHA512
6d3a9d19eac92fc21839d4326a5b0a84fa29190dc164a4dac84b14145d550dd4020d4f14fa72175ba753579f84b36a771e2ef2ff7a3a4578b3fef8c93a20e19c

Download Submit
C:\Windows\system\APpPEHA.exe

Filesize
6.0MB

MD5
26defe4a1ecb0449e403d7e4d6c0ad68

SHA1
0a405f1daa861fb44c6e11b097f6aa8989491813

SHA256
0dba49bac323a871f767ffa507acddc16e3b2edd0e6c0d3a6fa7793cc4cd8208

SHA512
dc8df9de556e0835e3cf66503e268ab192ad4512dcef507d08f4a9bbf4a51706ef184b58fba3ab34e8db85ce87d86d8f5adede12425f0329969fa44f6051595b

Download Submit
C:\Windows\system\BDhuYiQ.exe

Filesize
6.0MB

MD5
700f9133d918fc5b19a9181e2ece9f0c

SHA1
7c1e294aef849d0c23fa68541ce4629ab15ce8b9

SHA256
3b9f695082487bf555f7f343d39f84e70e29bd498e1f54dcd6c7bd992fa4c1d9

SHA512
3d00d4e821049cec754e5fb110b9cce439e847e104600b98b59a30912fa261ae7cd715be1a89d269c6c2efffa04c20b1373e8bd369eb7683590e7114147b561b

Download Submit
C:\Windows\system\GkqNhRz.exe

Filesize
6.0MB

MD5
98777a5635cabc6b4645eead62c4c633

SHA1
c896d8ef30a6f3fd94032bbd863da0ec1ee5ecb7

SHA256
e18523bddbe6e8e436826c6d7499c91344f2edf278999befe844813e06701869

SHA512
7c63bd87b032a97b53adc6017dbd34aa5a28aa45388e4ce8751035c3742a780fa0beb86b2d838b9f5f83361e775431a8fec1899363c314fbee93563e7a50fcb4

Download Submit
C:\Windows\system\JFqQGBp.exe

Filesize
6.0MB

MD5
7cb458d8fcaee9ac8ab614645f96c23c

SHA1
952711060c21ea260b6bad96cbbe6efbfa56f843

SHA256
70e2b43bce754b19c292e4ae12303f2eda731a283a10efa1df7c29ac4b0bc4b3

SHA512
60e5370be205e6ce9f6e0825dcc8e81b4a6093f2c3fa3e0e67abd82a4515c719714810e8b476577f29178a903ebf0a0a61e013f960dc2c4ec70bbff1407e7ea4

Download Submit
C:\Windows\system\MZMOPVm.exe

Filesize
6.0MB

MD5
0971af7bdc900baf162e603e81018e23

SHA1
38e3f541b6ecf0f91b14d103f206147152570f50

SHA256
f502899396ec80df512dd51801f7ba5ffa5de518230885a4ed5eb11085c09ec5

SHA512
40ea595a67bc71afac1cef0c8d963e57c248db726cadb52ef5e1daf4232171886dbc7ed51d72c288c2690ca86eef5b6880a59083d2c0238d1471a20977a2a0a4

Download Submit
C:\Windows\system\NBWhKhg.exe

Filesize
6.0MB

MD5
b9b03c74bec110b77ab20268abd0ba97

SHA1
85c09e919be48a431c43307a49dac3bacbc476a9

SHA256
bc20fef5a17923bb9af43a79b84072cf5a0fc94dbac4ea5f8762864ddbc9617b

SHA512
c6e80d0e3787658fac9c62796b688225e02bc31d3d71356b03cfc628cac8f23b12c3b0c764bab96ee807319ad23a1cfd622f7d3f33c412914ec1f4349a14d236

Download Submit
C:\Windows\system\OgxpaeT.exe

Filesize
6.0MB

MD5
060d2cbfd9efd0ecba4cd0e5a42167b3

SHA1
a237fd1c2274d6911b5988f2607a7add59e5e8c8

SHA256
c4cf78700108b46d11d956297761cf6880fedecbd9c699ecd5e2c8ac5d253b4d

SHA512
2827c5bfca62e9c27a0451e1f13e23d863395d8a64850bbf3dc9b67897465a7f1b6c35cf50f314eec4a427283a58e53ff51a81744882becbd7e76c55fcd74f61

Download Submit
C:\Windows\system\QQOdxjK.exe

Filesize
6.0MB

MD5
de6d100e2e8096ff01283f07025df383

SHA1
6e3c4b9de4a7434e97307dd2c23becb1dc3eb9be

SHA256
6ec26c917acfd444297176d249e0bddf5cd0dc45c6978957d1deaa6028db28ab

SHA512
07d67e295eb41624ee76faaef8e28d65b67d10d021535a3c49b434c9e24d88b763f64cbeba891f57a7a4c92c070123c46442df4b07618c4d8144752df7f3499e

Download Submit
C:\Windows\system\QaqMXUD.exe

Filesize
6.0MB

MD5
5493069b0bbe2ca1e6427c5b029e5192

SHA1
b80bed5306ad8b82e5de353c7cd7ffe0270de810

SHA256
2229e8bf064e0987be7a3991ba7c1a527078b2a47e9a3e7f64cb0fc36227a4e6

SHA512
11c9990d1f773e0069892a8d858def15d636d063cb594c7677db4cec9a09c57a6008ea20f4f24ad4aa081a8f652aaa390aacea4bdf7466760e91723fbcd62956

Download Submit
C:\Windows\system\TbHrNuA.exe

Filesize
6.0MB

MD5
ccd493672f7215fd310d47057a01a568

SHA1
ca4690310b8ffaa4f8e4fd0a42d23cc9fff9cd54

SHA256
423304db268ca8cd956af353a3a7ad19b12ee3bf1d1c9c7b9f714a3233d9e076

SHA512
0550d7328c3820bd9fbaffa2af104341be203aa91af3408c587c092b9be894e952aeae7c04501ba3c1d67032c3a7226b3123eb1d12b132724ec83fe5058a9303

Download Submit
C:\Windows\system\YUMzWhV.exe

Filesize
6.0MB

MD5
2e87261c706fcbe8100c0e41668e3971

SHA1
f14acc25a867e42278b7ed9be08ec1a422fc8639

SHA256
5e11d1a3444ab6c44e9dd323d2498125df7cdf5e33156e8c6221c9344b01202f

SHA512
f196813c54e9a7cf8bfc581dfe08cb0b797982b670cfd475bdbd382988f436a680150eab32690589bde701b8737cb0e4f5f61c4b9bb575a6583899de02d7ec37

Download Submit
C:\Windows\system\bXlReAl.exe

Filesize
6.0MB

MD5
d64e4fdda4859e43cbd6aeca50258725

SHA1
f4e794972e5eeff654fd7ed2facaff5634c4b259

SHA256
23edfb6cf6cabe9d26486c6fff0b827bc4fcc3a427b55cfb5b133f75de37057a

SHA512
2e48db0d34158d599c44cd60b8ee823bed9be2f00cc910391a3e9e401325c5ad6f054576c53aab6fdeb7cc6c061523f3548166ce1f702c306bfa39eaecc0f38c

Download Submit
C:\Windows\system\cQSNqoN.exe

Filesize
6.0MB

MD5
cfc4742ff024fa5090b94576510dcb2c

SHA1
1c1b6fb42c86f7ea1bd4aec1e03ab37d8bd2c4a3

SHA256
9ed993ac50c2703cc3bd7c1e39d67f3c015646570250708ad848ae37322a057b

SHA512
3767f7cc3e08aa56fb0a5a1ce5d446ca28f95d1136e88c169d73ec4117aa74c4db08d20ce5b3f878efb85622534515c171c3862ded861cc336d9ce3dc57c1fed

Download Submit
C:\Windows\system\dZrFfXq.exe

Filesize
6.0MB

MD5
f3bef9afe2d2b000a5ad59e7754eca8d

SHA1
fb215c7eb8b399a6ebcb67257643c4e01837de54

SHA256
39ec4b1bb5c3b5d94d20937d1337dae4c2b82bd05a627cc701c4264e10e1b9b6

SHA512
0e22f247a0189bf5327cfacb3dfbf017c9357f086132d871a64d6998e6b861ecc0793d37d109ce9239abb4f5530087ab16f9d88972101bcfcbfe72feffcfff6c

Download Submit
C:\Windows\system\dfdCteK.exe

Filesize
6.0MB

MD5
209e725816b9812f03f863b5887034ba

SHA1
1d44363ced4abc80916b0737c1215f5718b954d9

SHA256
29a5878d20124e4201833658d0faec59d8b94f8663f69fe7197ba02b159e851e

SHA512
9c296dec13c08b6a5ce0050fd5d992df76b2411a1a2fef4db6d6fdd0e937627129e4a97ccb2495a32d12758139dcafddb90d66933dbcfeafd672097b398c9128

Download Submit
C:\Windows\system\hngNOXM.exe

Filesize
6.0MB

MD5
56d7e3b6818f841377c7a522f2cb5332

SHA1
2f46a07a3fa876d0ab88e892edd3e29b70df0083

SHA256
07ca713fb0a0f9a1eed444008593564dac8b7fe7d3473655e79ca56a3deea8cc

SHA512
20557a71d4151566bb0250046db39e1f06efe715a054a9b19883787e114f2d75ec1c914f806bba2d6b395b11bb6a85b83c9b70a21342920fd4ec6597835b2a6b

Download Submit
C:\Windows\system\iKkcJPC.exe

Filesize
6.0MB

MD5
dd7e4d04df31afb417f0794788c6d885

SHA1
4b034819ea22605d92d438497fd621fef2f71b53

SHA256
ee497c6f8b8b6bed01a777b86ea627c030954d750ba147cc103998fa186357cf

SHA512
a856cb7f1f72519e94a5582b36e7e53a3acefcc3291a264714d88f41a18e5f1c7fbc26a06e5e0e9412e0a0d4a57ac7c86cdc28240e5fce0a2d2bf61df6e4aa45

Download Submit
C:\Windows\system\iyTADPC.exe

Filesize
6.0MB

MD5
09548f72a62524a6f7eb9c27edde5995

SHA1
f359a72ea194342fcd658fa605a9c628e973d58a

SHA256
2780339d84c62cc425033812b1e3b86ff0b26a690fd6a962230c433dd6d3128b

SHA512
8767cde87ab6eaa26609be592c27c26e3abf98d31c6223053e4ee55ab8bc001eeb46807f86709a23d30d3ecf6ee7bd9f4da12c293870c7c8d7060c2dc0a0095d

Download Submit
C:\Windows\system\lBSTrlU.exe

Filesize
6.0MB

MD5
bedde7ac70f71f416c7f07e44c65700f

SHA1
bd3ba0e8bbc9f87c6907835b5706a5a33adc81e8

SHA256
1e8cd760a8c1e7ff133181b44cb3cba8d6247ec763d475af362f99aeaecd1c7a

SHA512
dbbce3e097c9f1f6b109eceae927bbcfeb627f14e385f57af1f00eef12d109540b0c1114ce088c451a7b7d58eb3330c5d327a55840e40702a46a9d9f674344b3

Download Submit
C:\Windows\system\pkdnPgr.exe

Filesize
6.0MB

MD5
bf2f1a04e65e05367c2ef4cbec8ff9d0

SHA1
a482dfd136d2bd299ddea7c9491dfcfdfac71d06

SHA256
b308b15053745b32871043efe2aeb9428750a44264c0f793441055965b85420c

SHA512
ea6cc3ce297cc346cb01c812e62091e7428309dadc73dc46ceaca58903120a5069b7ebddd86cbf7928e94b21e551f51245ed8127aa6653323464f1550ac7a27a

Download Submit
C:\Windows\system\rmNoYXK.exe

Filesize
6.0MB

MD5
c47b789f9e39df14ce204c98ca2caef9

SHA1
dd66419af731bb1192ca38e31ff324a165a5da74

SHA256
2b7427f4672802f100be62cc0564926e358d3d826b60754a40a815950584b7db

SHA512
86fc0145f1d8e5710addeb7b9eea4291dabd1ebc19afa856294db56951a3d5c63bdc9b02e84e0cb3f6dd83960bc07183e325a81790f706739a864716e6501e43

Download Submit
C:\Windows\system\trGGbCJ.exe

Filesize
6.0MB

MD5
3a3efbac553583859832e85a26ff6b92

SHA1
9d761eba99e54140ae9a0f464e6f0713e0b089e9

SHA256
6b78cd1c0f5d4344802290cf00ac766dc572c34a8b688a77a27728b5cb324814

SHA512
edec7aac4a66e28b2c51e059971bbf214430b5f1eb4ebbe40670b1966638b0e841cde2af9a33bb187d925e5f41085d27216ceb00dd04132fc48c2984fa739f44

Download Submit
C:\Windows\system\wqMTsLC.exe

Filesize
6.0MB

MD5
dd928079fe497707a9363727d4907f4c

SHA1
7ba1f3a81245d503085a1ecf4103bfd8cf6d678d

SHA256
02bbe252c2c28007e56ab97f04f5b43a05b80961c50b7e3fa9a90fee564da3c2

SHA512
5159985cf8a2ba6b13ce89b048ccca33252a3e23189a1dbe6949da7a78034ae1eb06fe3b6c4e005d8773c1c3c2d19f11a2295171b6a1d51a13dd58cbaf74a55e

Download Submit
C:\Windows\system\wxYhEGt.exe

Filesize
6.0MB

MD5
d3106b4c76c15b9d9eebd421eed77c09

SHA1
0f6b34b98c3372289a9b8556dca47daa8a5e8432

SHA256
4b915d0bd34c5aec5ac6f3854ddb1809eb08023ee7ad1f5b8baca60085908cb9

SHA512
038a687c8b02305d97acf133cc56383649d32afe5dbc3019b3022bf0fabcccc7c726f7b9485f7e7e057130924fbdb507063c8365055db558b6c147a183bb898a

Download Submit
C:\Windows\system\yxQyDsG.exe

Filesize
6.0MB

MD5
f88657e5de8a1d25d34630fc4f37de87

SHA1
eea41cdfa1d3879c4f032eecbe0bab80c1d5eef4

SHA256
8b119414764a8d3d9d01368c9730f2a501924fc4a9520be5394dba28a35ab1fb

SHA512
36d8db0d38fe3719484b81462e76711cd1d5abe68f3ed0575c9287bfa785f94f71d27b881639bee3868869f1b1f9c711cfa8ea2f8b8290cf15163052c8132905

Download Submit
\Windows\system\FFFbJCU.exe

Filesize
6.0MB

MD5
d9d75b5e372106610b093712f0555078

SHA1
f5ae47fca5eeaabb82f15ec5ee4fb2b37920653a

SHA256
9c6974a8378c7782f67d39234bbcd08f27e351f4d3230591bdcd382cdb3430a3

SHA512
52d11002c3bf4aa4ad21da16191e0848a50d7932e38c50592de9b1fe154e08860d7d0403196647bbefe3e524836d3b2bd341c2e9c969f7a8adb7cee2a2af6e4d

Download Submit
\Windows\system\JuglsXL.exe

Filesize
6.0MB

MD5
241dc1777e34bf0a134eb5cd89974ae3

SHA1
8c50be1bae7895d017b210dcd8410bb9c92c1675

SHA256
d70ea6c97ad6c8a751ab8ed4fbd5ca271d2a63404690388b97b25be3f89f9443

SHA512
f0ac04be341ab687b699f7a68350f04e4ec42eecb9b50cb5b04c7c2f97295bbfd317f6c638759443beaed62de0282aa4fc0abfac64f5acd121d4f3ea1f8437c2

Download Submit
\Windows\system\OGpSHCE.exe

Filesize
6.0MB

MD5
6d702f3ad1743aad6bf60dfb11047f95

SHA1
7f3342685ded734d1e91255ccffca65f4f52f11a

SHA256
b2093dfb0e21d21663bbc65106fd5e30d7a5c1287554835869362108cbb0e670

SHA512
af02a4505937c04f72ee2363c2b2fc3b02e9f331927d2c1bd881a0f8ab039bc3045baeffb0c318c30d3fb83491f2f329de66e686cf7810dc2207316b6d3dac02

Download Submit
\Windows\system\aAxqGwh.exe

Filesize
6.0MB

MD5
69480dcbda6492bfbab85e62170c07b7

SHA1
0cb5ee49b9dae0d7be566e0c3a52fd1ddec3044a

SHA256
1c10e4ee09f4f5bbe1f5887fbfc0a1cecec4d9658ed4b3a37fbd7cb223596321

SHA512
0a3be19c90661651910d1192652b8819f61686ac9111ce932882725f8713aaf3c9421c5ce900e66f877a02658dd005b3e39a27b2313d49aff6a6321f82c1a09b

Download Submit
\Windows\system\dmZuOJd.exe

Filesize
6.0MB

MD5
9bb0ef15a37d660e92b2c97df75e835d

SHA1
c582d3504058056afe9daa071d0d0b35a824060b

SHA256
e52be3d57ded3ff237a64f8f69925717b5d805aa43d5de8e8ec12980ffc89298

SHA512
d5b73f8507f6d0e4514c59181b7076d6334e5025f91a1d5e10da327532aeb52f7ddd9a08dfc87befbf49f7558b48648fb8a3e320cd88b501f1c6ee0626a7efa2

Download Submit
\Windows\system\nxZXxdt.exe

Filesize
6.0MB

MD5
58cecc1783340df2fc56f3a98eeffb21

SHA1
37d6f07474d16f18fcace6ee3c184ba18a58582b

SHA256
7c106815d6d2c3c097c1b82b92b2dc388b42617141de6fa24ccca0eaac0ac8a7

SHA512
5bb8c1c119316c56f0c2e90180b1d470feef81ca99bf95cea8c9015cafd6a19101a257c162afbdb2f5d776a436d9c206de31449091e0f3cb54c2769523add6e8

Download Submit
memory/340-35-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/340-849-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/340-4008-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/756-108-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/756-4011-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1944-8-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-97-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-4004-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-4007-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2012-631-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2012-26-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2280-116-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-4012-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2288-15-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2288-251-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4005-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2328-743-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-5-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-119-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-40-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-117-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2328-121-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-115-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2328-850-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-113-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-965-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-111-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2328-109-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2328-122-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2328-123-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2328-107-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-32-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-30-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2328-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-120-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4015-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4017-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2644-118-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2648-112-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4014-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-110-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4013-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-105-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4009-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4010-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2812-106-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4016-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2852-114-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/3044-20-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4006-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3044-349-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download