cobaltstrike | a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
Size

6.0MB
MD5

fcb5ed83237c3e9f1793b278adf0e7b8
SHA1

5d7eb34e5964dccad83cbf625d3607e63a3247ac
SHA256

a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25
SHA512

5b502083490f1663b10f35b589db550e0d0c305f2b69ad24e2ca201da2db78172900ebe4e758f0f8f43c05b63c0b3e55015beecef75166a8c246b3e493b83f33
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUz:eOl56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193e8-8.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194c4-21.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194cd-33.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001933b-29.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019524-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-48.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194d2-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1880-1-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/memory/1724-7-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193e8-8.dat	xmrig
behavioral1/memory/2016-14-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-10.dat	xmrig
behavioral1/memory/1484-20-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x00060000000194c4-21.dat	xmrig
behavioral1/files/0x00060000000194cd-33.dat	xmrig
behavioral1/files/0x000800000001933b-29.dat	xmrig
behavioral1/files/0x0006000000019524-43.dat	xmrig
behavioral1/files/0x000500000001a41b-53.dat	xmrig
behavioral1/files/0x000500000001a41e-63.dat	xmrig
behavioral1/memory/2108-68-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-72.dat	xmrig
behavioral1/files/0x000500000001a42d-76.dat	xmrig
behavioral1/files/0x000500000001a48b-86.dat	xmrig
behavioral1/files/0x000500000001a499-97.dat	xmrig
behavioral1/files/0x000500000001a49a-99.dat	xmrig
behavioral1/files/0x000500000001a4b1-116.dat	xmrig
behavioral1/files/0x000500000001a4b7-131.dat	xmrig
behavioral1/files/0x000500000001a4c3-162.dat	xmrig
behavioral1/memory/2824-1148-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2880-1159-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2752-1177-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2232-1194-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2888-1198-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/3000-1200-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1880-1220-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2744-1219-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1468-1262-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2856-1229-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2660-1221-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c5-167.dat	xmrig
behavioral1/files/0x000500000001a4c1-157.dat	xmrig
behavioral1/files/0x000500000001a4bf-151.dat	xmrig
behavioral1/files/0x000500000001a4bb-141.dat	xmrig
behavioral1/files/0x000500000001a4bd-147.dat	xmrig
behavioral1/files/0x000500000001a4b9-137.dat	xmrig
behavioral1/files/0x000500000001a4b3-122.dat	xmrig
behavioral1/files/0x000500000001a4b5-127.dat	xmrig
behavioral1/files/0x000500000001a4af-112.dat	xmrig
behavioral1/files/0x000500000001a4a9-106.dat	xmrig
behavioral1/files/0x000500000001a48d-91.dat	xmrig
behavioral1/files/0x000500000001a46f-81.dat	xmrig
behavioral1/files/0x000500000001a41d-59.dat	xmrig
behavioral1/files/0x000500000001a359-48.dat	xmrig
behavioral1/files/0x00080000000194d2-39.dat	xmrig
behavioral1/memory/1880-1398-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1724-1770-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2016-2607-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1484-2629-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1880-2727-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1880-2750-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2016-3665-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1724-3669-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2880-3678-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2108-3675-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1484-3674-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2232-3695-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/3000-3707-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2752-3709-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2660-3713-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2888-3719-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1724	iUgulgc.exe
2016	QbWGhXn.exe
1484	EuehCZA.exe
2108	BNYqQon.exe
2824	voZilmh.exe
2880	rFPgfMO.exe
2752	txeQYjP.exe
2232	gyKqIPk.exe
2888	hFghvxK.exe
3000	PllTHri.exe
2744	hUJcwTx.exe
2660	yGFFysO.exe
2856	lSmfEnG.exe
1468	NPWipmX.exe
1124	FFnYdJx.exe
2980	hOoljJn.exe
3016	IyTHZYS.exe
2704	CHRGXAh.exe
2964	fMhgvJA.exe
1244	DnWRwqa.exe
2672	hLiLSEo.exe
1060	YKygkqn.exe
1868	ZTbEyiU.exe
1204	zOTNQCE.exe
1404	sUQUMhr.exe
3020	RxexeuF.exe
2000	cNfiUlR.exe
2700	CohTKCk.exe
2164	MoSqjex.exe
2128	DoeJuiv.exe
2416	JBGUGjF.exe
480	sOAYhKz.exe
1976	EbkpNRB.exe
1920	mkvQbmq.exe
1600	vNOGYpp.exe
2148	aNEpSek.exe
836	yVvTTHb.exe
316	qJZljgi.exe
560	tCnbtkA.exe
2300	iBkRjZZ.exe
652	fCEPtZX.exe
1536	jCCmMrG.exe
1376	BguXkkd.exe
1524	dRtlAhr.exe
1144	HGrkFdx.exe
2248	DnwAWre.exe
2512	XQHYRHM.exe
2476	VpUAgRz.exe
2136	uHggzAs.exe
552	eXiFczX.exe
708	YCamZiV.exe
1784	qCjnxoA.exe
880	OoTuSuV.exe
1740	rZMnqqy.exe
1968	HiBjlhl.exe
1936	HMEtazN.exe
1584	FNnpuou.exe
1892	ytqokST.exe
2036	cJGiFVF.exe
1964	MaMdIOk.exe
2800	HiLrLWz.exe
2760	ppVfJwv.exe
2884	QFOaMhY.exe
2992	OxWUUyS.exe

Loads dropped DLL 64 IoCs

pid	Process
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1880-1-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/memory/1724-7-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x00070000000193e8-8.dat	upx
behavioral1/memory/2016-14-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000600000001949e-10.dat	upx
behavioral1/memory/1484-20-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x00060000000194c4-21.dat	upx
behavioral1/files/0x00060000000194cd-33.dat	upx
behavioral1/files/0x000800000001933b-29.dat	upx
behavioral1/files/0x0006000000019524-43.dat	upx
behavioral1/files/0x000500000001a41b-53.dat	upx
behavioral1/files/0x000500000001a41e-63.dat	upx
behavioral1/memory/2108-68-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000500000001a427-72.dat	upx
behavioral1/files/0x000500000001a42d-76.dat	upx
behavioral1/files/0x000500000001a48b-86.dat	upx
behavioral1/files/0x000500000001a499-97.dat	upx
behavioral1/files/0x000500000001a49a-99.dat	upx
behavioral1/files/0x000500000001a4b1-116.dat	upx
behavioral1/files/0x000500000001a4b7-131.dat	upx
behavioral1/files/0x000500000001a4c3-162.dat	upx
behavioral1/memory/2824-1148-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2880-1159-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2752-1177-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2232-1194-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2888-1198-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/3000-1200-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2744-1219-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1468-1262-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2856-1229-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2660-1221-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000500000001a4c5-167.dat	upx
behavioral1/files/0x000500000001a4c1-157.dat	upx
behavioral1/files/0x000500000001a4bf-151.dat	upx
behavioral1/files/0x000500000001a4bb-141.dat	upx
behavioral1/files/0x000500000001a4bd-147.dat	upx
behavioral1/files/0x000500000001a4b9-137.dat	upx
behavioral1/files/0x000500000001a4b3-122.dat	upx
behavioral1/files/0x000500000001a4b5-127.dat	upx
behavioral1/files/0x000500000001a4af-112.dat	upx
behavioral1/files/0x000500000001a4a9-106.dat	upx
behavioral1/files/0x000500000001a48d-91.dat	upx
behavioral1/files/0x000500000001a46f-81.dat	upx
behavioral1/files/0x000500000001a41d-59.dat	upx
behavioral1/files/0x000500000001a359-48.dat	upx
behavioral1/files/0x00080000000194d2-39.dat	upx
behavioral1/memory/1880-1398-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1724-1770-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2016-2607-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1484-2629-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2016-3665-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1724-3669-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2880-3678-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2108-3675-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1484-3674-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2232-3695-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/3000-3707-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2752-3709-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2660-3713-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2888-3719-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2744-3722-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1468-3717-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2856-3725-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sPtAxpS.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\EAYBysG.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ZQuVktS.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\WBiGRvS.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\PZTFbvo.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\vEekQXL.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\GdxMRPT.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\cSYcdbP.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\qsDVQmR.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\mcfIjWi.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\mowtTel.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\kwRqCEa.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\qCLXXll.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ldIuTzP.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\lJlNDLN.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\zNeFYFH.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\uqaxzYl.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\LQZoFnx.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\GkxnBDs.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ReheqDr.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\pcdVuMa.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\mJiUyxE.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\DbUcbIh.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\nQOcakL.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\uwemnfP.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\qXbExrM.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\fzndwfV.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\aYlSjyG.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\OZYTDaW.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\HbrdtkS.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\LCgIvIu.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\dMNBQGe.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\voZilmh.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\UqUPpiU.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\UvzyFAT.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ynmRSZH.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\gCLzCIS.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\HHSVrpY.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\LqlqtCi.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\oVouEuN.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\YFATtie.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\XmJcTfd.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\DLRjoTT.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\MHIjgNh.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\bnRfTjV.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\HxklirI.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\gNUkBRm.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\XAODroY.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\VAuGpQH.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ByhTlsQ.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\BoKdbyC.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\jkuxrJZ.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\uwMkxIO.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\ZFOtJis.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\jkaudzm.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\NDEiAZP.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\DxIdKfR.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\kNNUWQn.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\HUgkEbk.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\fJZrlso.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\xUmZJao.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\YSqmuPC.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\EzqGMwf.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
File created	C:\Windows\System\BtgLxjy.exe	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1724	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	32
PID 1880 wrote to memory of 1724	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	32
PID 1880 wrote to memory of 1724	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	32
PID 1880 wrote to memory of 2016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	33
PID 1880 wrote to memory of 2016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	33
PID 1880 wrote to memory of 2016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	33
PID 1880 wrote to memory of 1484	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	34
PID 1880 wrote to memory of 1484	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	34
PID 1880 wrote to memory of 1484	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	34
PID 1880 wrote to memory of 2108	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	35
PID 1880 wrote to memory of 2108	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	35
PID 1880 wrote to memory of 2108	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	35
PID 1880 wrote to memory of 2824	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	36
PID 1880 wrote to memory of 2824	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	36
PID 1880 wrote to memory of 2824	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	36
PID 1880 wrote to memory of 2880	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	37
PID 1880 wrote to memory of 2880	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	37
PID 1880 wrote to memory of 2880	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	37
PID 1880 wrote to memory of 2752	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	38
PID 1880 wrote to memory of 2752	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	38
PID 1880 wrote to memory of 2752	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	38
PID 1880 wrote to memory of 2232	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	39
PID 1880 wrote to memory of 2232	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	39
PID 1880 wrote to memory of 2232	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	39
PID 1880 wrote to memory of 2888	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	40
PID 1880 wrote to memory of 2888	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	40
PID 1880 wrote to memory of 2888	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	40
PID 1880 wrote to memory of 3000	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	41
PID 1880 wrote to memory of 3000	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	41
PID 1880 wrote to memory of 3000	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	41
PID 1880 wrote to memory of 2744	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	42
PID 1880 wrote to memory of 2744	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	42
PID 1880 wrote to memory of 2744	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	42
PID 1880 wrote to memory of 2660	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	43
PID 1880 wrote to memory of 2660	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	43
PID 1880 wrote to memory of 2660	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	43
PID 1880 wrote to memory of 2856	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	44
PID 1880 wrote to memory of 2856	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	44
PID 1880 wrote to memory of 2856	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	44
PID 1880 wrote to memory of 1468	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	45
PID 1880 wrote to memory of 1468	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	45
PID 1880 wrote to memory of 1468	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	45
PID 1880 wrote to memory of 1124	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	46
PID 1880 wrote to memory of 1124	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	46
PID 1880 wrote to memory of 1124	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	46
PID 1880 wrote to memory of 2980	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	47
PID 1880 wrote to memory of 2980	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	47
PID 1880 wrote to memory of 2980	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	47
PID 1880 wrote to memory of 3016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	48
PID 1880 wrote to memory of 3016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	48
PID 1880 wrote to memory of 3016	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	48
PID 1880 wrote to memory of 2704	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	49
PID 1880 wrote to memory of 2704	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	49
PID 1880 wrote to memory of 2704	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	49
PID 1880 wrote to memory of 2964	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	50
PID 1880 wrote to memory of 2964	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	50
PID 1880 wrote to memory of 2964	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	50
PID 1880 wrote to memory of 1244	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	51
PID 1880 wrote to memory of 1244	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	51
PID 1880 wrote to memory of 1244	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	51
PID 1880 wrote to memory of 2672	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	52
PID 1880 wrote to memory of 2672	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	52
PID 1880 wrote to memory of 2672	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	52
PID 1880 wrote to memory of 1060	1880	JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a71ff3629f16c55eaa8638e5a654b2710487a96936243299618d5b9a4db56b25.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\System\iUgulgc.exe
  C:\Windows\System\iUgulgc.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QbWGhXn.exe
  C:\Windows\System\QbWGhXn.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\EuehCZA.exe
  C:\Windows\System\EuehCZA.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\BNYqQon.exe
  C:\Windows\System\BNYqQon.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\voZilmh.exe
  C:\Windows\System\voZilmh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\rFPgfMO.exe
  C:\Windows\System\rFPgfMO.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\txeQYjP.exe
  C:\Windows\System\txeQYjP.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\gyKqIPk.exe
  C:\Windows\System\gyKqIPk.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\hFghvxK.exe
  C:\Windows\System\hFghvxK.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\PllTHri.exe
  C:\Windows\System\PllTHri.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\hUJcwTx.exe
  C:\Windows\System\hUJcwTx.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\yGFFysO.exe
  C:\Windows\System\yGFFysO.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\lSmfEnG.exe
  C:\Windows\System\lSmfEnG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\NPWipmX.exe
  C:\Windows\System\NPWipmX.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\FFnYdJx.exe
  C:\Windows\System\FFnYdJx.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\hOoljJn.exe
  C:\Windows\System\hOoljJn.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\IyTHZYS.exe
  C:\Windows\System\IyTHZYS.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\CHRGXAh.exe
  C:\Windows\System\CHRGXAh.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\fMhgvJA.exe
  C:\Windows\System\fMhgvJA.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DnWRwqa.exe
  C:\Windows\System\DnWRwqa.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\hLiLSEo.exe
  C:\Windows\System\hLiLSEo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\YKygkqn.exe
  C:\Windows\System\YKygkqn.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\ZTbEyiU.exe
  C:\Windows\System\ZTbEyiU.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\zOTNQCE.exe
  C:\Windows\System\zOTNQCE.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\sUQUMhr.exe
  C:\Windows\System\sUQUMhr.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\RxexeuF.exe
  C:\Windows\System\RxexeuF.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\cNfiUlR.exe
  C:\Windows\System\cNfiUlR.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\CohTKCk.exe
  C:\Windows\System\CohTKCk.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\MoSqjex.exe
  C:\Windows\System\MoSqjex.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\DoeJuiv.exe
  C:\Windows\System\DoeJuiv.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\JBGUGjF.exe
  C:\Windows\System\JBGUGjF.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\sOAYhKz.exe
  C:\Windows\System\sOAYhKz.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\EbkpNRB.exe
  C:\Windows\System\EbkpNRB.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\mkvQbmq.exe
  C:\Windows\System\mkvQbmq.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\vNOGYpp.exe
  C:\Windows\System\vNOGYpp.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\aNEpSek.exe
  C:\Windows\System\aNEpSek.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\yVvTTHb.exe
  C:\Windows\System\yVvTTHb.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\qJZljgi.exe
  C:\Windows\System\qJZljgi.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\tCnbtkA.exe
  C:\Windows\System\tCnbtkA.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\iBkRjZZ.exe
  C:\Windows\System\iBkRjZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\fCEPtZX.exe
  C:\Windows\System\fCEPtZX.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\jCCmMrG.exe
  C:\Windows\System\jCCmMrG.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\BguXkkd.exe
  C:\Windows\System\BguXkkd.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\dRtlAhr.exe
  C:\Windows\System\dRtlAhr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\HGrkFdx.exe
  C:\Windows\System\HGrkFdx.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\DnwAWre.exe
  C:\Windows\System\DnwAWre.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\XQHYRHM.exe
  C:\Windows\System\XQHYRHM.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\VpUAgRz.exe
  C:\Windows\System\VpUAgRz.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\uHggzAs.exe
  C:\Windows\System\uHggzAs.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\eXiFczX.exe
  C:\Windows\System\eXiFczX.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\YCamZiV.exe
  C:\Windows\System\YCamZiV.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\qCjnxoA.exe
  C:\Windows\System\qCjnxoA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\OoTuSuV.exe
  C:\Windows\System\OoTuSuV.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\rZMnqqy.exe
  C:\Windows\System\rZMnqqy.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\HiBjlhl.exe
  C:\Windows\System\HiBjlhl.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\HMEtazN.exe
  C:\Windows\System\HMEtazN.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\FNnpuou.exe
  C:\Windows\System\FNnpuou.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ytqokST.exe
  C:\Windows\System\ytqokST.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\cJGiFVF.exe
  C:\Windows\System\cJGiFVF.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\MaMdIOk.exe
  C:\Windows\System\MaMdIOk.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\HiLrLWz.exe
  C:\Windows\System\HiLrLWz.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ppVfJwv.exe
  C:\Windows\System\ppVfJwv.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\QFOaMhY.exe
  C:\Windows\System\QFOaMhY.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\OxWUUyS.exe
  C:\Windows\System\OxWUUyS.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ILDmFIX.exe
  C:\Windows\System\ILDmFIX.exe
  2⤵
  PID:2780
- C:\Windows\System\Bcijocp.exe
  C:\Windows\System\Bcijocp.exe
  2⤵
  PID:2068
- C:\Windows\System\Pdfchti.exe
  C:\Windows\System\Pdfchti.exe
  2⤵
  PID:1488
- C:\Windows\System\ljRZEbV.exe
  C:\Windows\System\ljRZEbV.exe
  2⤵
  PID:3024
- C:\Windows\System\AflRKNI.exe
  C:\Windows\System\AflRKNI.exe
  2⤵
  PID:2904
- C:\Windows\System\DLRjoTT.exe
  C:\Windows\System\DLRjoTT.exe
  2⤵
  PID:2876
- C:\Windows\System\fxVpZoF.exe
  C:\Windows\System\fxVpZoF.exe
  2⤵
  PID:1188
- C:\Windows\System\LVhFiMk.exe
  C:\Windows\System\LVhFiMk.exe
  2⤵
  PID:2996
- C:\Windows\System\fuMMYIm.exe
  C:\Windows\System\fuMMYIm.exe
  2⤵
  PID:2024
- C:\Windows\System\RpFDUfv.exe
  C:\Windows\System\RpFDUfv.exe
  2⤵
  PID:3008
- C:\Windows\System\UuCHFna.exe
  C:\Windows\System\UuCHFna.exe
  2⤵
  PID:3052
- C:\Windows\System\kgLFKno.exe
  C:\Windows\System\kgLFKno.exe
  2⤵
  PID:1696
- C:\Windows\System\NQImVSz.exe
  C:\Windows\System\NQImVSz.exe
  2⤵
  PID:956
- C:\Windows\System\wKhwlPz.exe
  C:\Windows\System\wKhwlPz.exe
  2⤵
  PID:908
- C:\Windows\System\RyyjgGJ.exe
  C:\Windows\System\RyyjgGJ.exe
  2⤵
  PID:852
- C:\Windows\System\fjxZpgI.exe
  C:\Windows\System\fjxZpgI.exe
  2⤵
  PID:1824
- C:\Windows\System\lVBtroT.exe
  C:\Windows\System\lVBtroT.exe
  2⤵
  PID:1076
- C:\Windows\System\VwquCmj.exe
  C:\Windows\System\VwquCmj.exe
  2⤵
  PID:1644
- C:\Windows\System\tYOPUnT.exe
  C:\Windows\System\tYOPUnT.exe
  2⤵
  PID:2124
- C:\Windows\System\kCsgPyI.exe
  C:\Windows\System\kCsgPyI.exe
  2⤵
  PID:2104
- C:\Windows\System\rQaZOrj.exe
  C:\Windows\System\rQaZOrj.exe
  2⤵
  PID:2184
- C:\Windows\System\LLfuWFl.exe
  C:\Windows\System\LLfuWFl.exe
  2⤵
  PID:1828
- C:\Windows\System\XkHBlzl.exe
  C:\Windows\System\XkHBlzl.exe
  2⤵
  PID:2508
- C:\Windows\System\AkPTSzZ.exe
  C:\Windows\System\AkPTSzZ.exe
  2⤵
  PID:2580
- C:\Windows\System\yGjbPwS.exe
  C:\Windows\System\yGjbPwS.exe
  2⤵
  PID:780
- C:\Windows\System\GxxYQYo.exe
  C:\Windows\System\GxxYQYo.exe
  2⤵
  PID:348
- C:\Windows\System\hIHUumm.exe
  C:\Windows\System\hIHUumm.exe
  2⤵
  PID:1596
- C:\Windows\System\VGLGQld.exe
  C:\Windows\System\VGLGQld.exe
  2⤵
  PID:2364
- C:\Windows\System\iVOIJAz.exe
  C:\Windows\System\iVOIJAz.exe
  2⤵
  PID:1700
- C:\Windows\System\JLdSQTa.exe
  C:\Windows\System\JLdSQTa.exe
  2⤵
  PID:1440
- C:\Windows\System\MQMuCov.exe
  C:\Windows\System\MQMuCov.exe
  2⤵
  PID:2896
- C:\Windows\System\ONNayAz.exe
  C:\Windows\System\ONNayAz.exe
  2⤵
  PID:2196
- C:\Windows\System\uuTXKiW.exe
  C:\Windows\System\uuTXKiW.exe
  2⤵
  PID:2628
- C:\Windows\System\ROJtLmT.exe
  C:\Windows\System\ROJtLmT.exe
  2⤵
  PID:2608
- C:\Windows\System\LQZoFnx.exe
  C:\Windows\System\LQZoFnx.exe
  2⤵
  PID:2956
- C:\Windows\System\avhCKeT.exe
  C:\Windows\System\avhCKeT.exe
  2⤵
  PID:288
- C:\Windows\System\GXyoYKb.exe
  C:\Windows\System\GXyoYKb.exe
  2⤵
  PID:1896
- C:\Windows\System\yuIbxpU.exe
  C:\Windows\System\yuIbxpU.exe
  2⤵
  PID:2908
- C:\Windows\System\lxUUgQO.exe
  C:\Windows\System\lxUUgQO.exe
  2⤵
  PID:2988
- C:\Windows\System\rlwDvwY.exe
  C:\Windows\System\rlwDvwY.exe
  2⤵
  PID:2796
- C:\Windows\System\yRGHJbO.exe
  C:\Windows\System\yRGHJbO.exe
  2⤵
  PID:1616
- C:\Windows\System\IsGfoLV.exe
  C:\Windows\System\IsGfoLV.exe
  2⤵
  PID:1748
- C:\Windows\System\fZfnFsS.exe
  C:\Windows\System\fZfnFsS.exe
  2⤵
  PID:1360
- C:\Windows\System\lJlNDLN.exe
  C:\Windows\System\lJlNDLN.exe
  2⤵
  PID:888
- C:\Windows\System\oJLlgVB.exe
  C:\Windows\System\oJLlgVB.exe
  2⤵
  PID:1628
- C:\Windows\System\vgpXSii.exe
  C:\Windows\System\vgpXSii.exe
  2⤵
  PID:1444
- C:\Windows\System\SAmhVKO.exe
  C:\Windows\System\SAmhVKO.exe
  2⤵
  PID:2208
- C:\Windows\System\yggJeYt.exe
  C:\Windows\System\yggJeYt.exe
  2⤵
  PID:1772
- C:\Windows\System\QyGkiFm.exe
  C:\Windows\System\QyGkiFm.exe
  2⤵
  PID:1640
- C:\Windows\System\ShGsVeI.exe
  C:\Windows\System\ShGsVeI.exe
  2⤵
  PID:2488
- C:\Windows\System\ciYpZNH.exe
  C:\Windows\System\ciYpZNH.exe
  2⤵
  PID:2736
- C:\Windows\System\uZpkdpX.exe
  C:\Windows\System\uZpkdpX.exe
  2⤵
  PID:2852
- C:\Windows\System\CkjdmnM.exe
  C:\Windows\System\CkjdmnM.exe
  2⤵
  PID:1224
- C:\Windows\System\WJCbFti.exe
  C:\Windows\System\WJCbFti.exe
  2⤵
  PID:2776
- C:\Windows\System\XsDADpR.exe
  C:\Windows\System\XsDADpR.exe
  2⤵
  PID:2932
- C:\Windows\System\FTOSKWA.exe
  C:\Windows\System\FTOSKWA.exe
  2⤵
  PID:2968
- C:\Windows\System\UcJVlKh.exe
  C:\Windows\System\UcJVlKh.exe
  2⤵
  PID:2088
- C:\Windows\System\RvFNxHf.exe
  C:\Windows\System\RvFNxHf.exe
  2⤵
  PID:1720
- C:\Windows\System\EjqVfaI.exe
  C:\Windows\System\EjqVfaI.exe
  2⤵
  PID:1760
- C:\Windows\System\NVpVJAw.exe
  C:\Windows\System\NVpVJAw.exe
  2⤵
  PID:1676
- C:\Windows\System\KwxoPas.exe
  C:\Windows\System\KwxoPas.exe
  2⤵
  PID:2180
- C:\Windows\System\llChHch.exe
  C:\Windows\System\llChHch.exe
  2⤵
  PID:1520
- C:\Windows\System\idcGxyz.exe
  C:\Windows\System\idcGxyz.exe
  2⤵
  PID:2260
- C:\Windows\System\rDDMhcr.exe
  C:\Windows\System\rDDMhcr.exe
  2⤵
  PID:1884
- C:\Windows\System\TmiqImJ.exe
  C:\Windows\System\TmiqImJ.exe
  2⤵
  PID:2640
- C:\Windows\System\tLtIuis.exe
  C:\Windows\System\tLtIuis.exe
  2⤵
  PID:2456
- C:\Windows\System\zNPaFYg.exe
  C:\Windows\System\zNPaFYg.exe
  2⤵
  PID:2304
- C:\Windows\System\FFXMNUu.exe
  C:\Windows\System\FFXMNUu.exe
  2⤵
  PID:1528
- C:\Windows\System\PskgzEY.exe
  C:\Windows\System\PskgzEY.exe
  2⤵
  PID:2548
- C:\Windows\System\vgUoacK.exe
  C:\Windows\System\vgUoacK.exe
  2⤵
  PID:2060
- C:\Windows\System\hNdfXqS.exe
  C:\Windows\System\hNdfXqS.exe
  2⤵
  PID:3092
- C:\Windows\System\hmOatxp.exe
  C:\Windows\System\hmOatxp.exe
  2⤵
  PID:3112
- C:\Windows\System\FEAVTJd.exe
  C:\Windows\System\FEAVTJd.exe
  2⤵
  PID:3132
- C:\Windows\System\JahlgHP.exe
  C:\Windows\System\JahlgHP.exe
  2⤵
  PID:3152
- C:\Windows\System\JWzoePY.exe
  C:\Windows\System\JWzoePY.exe
  2⤵
  PID:3172
- C:\Windows\System\vGyKfMK.exe
  C:\Windows\System\vGyKfMK.exe
  2⤵
  PID:3192
- C:\Windows\System\HUOPToe.exe
  C:\Windows\System\HUOPToe.exe
  2⤵
  PID:3212
- C:\Windows\System\GgkjMqa.exe
  C:\Windows\System\GgkjMqa.exe
  2⤵
  PID:3232
- C:\Windows\System\guBvNBJ.exe
  C:\Windows\System\guBvNBJ.exe
  2⤵
  PID:3252
- C:\Windows\System\KBIwjbC.exe
  C:\Windows\System\KBIwjbC.exe
  2⤵
  PID:3272
- C:\Windows\System\rDvngCb.exe
  C:\Windows\System\rDvngCb.exe
  2⤵
  PID:3292
- C:\Windows\System\aenlVfm.exe
  C:\Windows\System\aenlVfm.exe
  2⤵
  PID:3312
- C:\Windows\System\JNWGSsE.exe
  C:\Windows\System\JNWGSsE.exe
  2⤵
  PID:3336
- C:\Windows\System\JRnPAkh.exe
  C:\Windows\System\JRnPAkh.exe
  2⤵
  PID:3356
- C:\Windows\System\TfSRCgW.exe
  C:\Windows\System\TfSRCgW.exe
  2⤵
  PID:3376
- C:\Windows\System\GPlUHqb.exe
  C:\Windows\System\GPlUHqb.exe
  2⤵
  PID:3396
- C:\Windows\System\FAzSyyc.exe
  C:\Windows\System\FAzSyyc.exe
  2⤵
  PID:3416
- C:\Windows\System\ThyPxUq.exe
  C:\Windows\System\ThyPxUq.exe
  2⤵
  PID:3436
- C:\Windows\System\AvwGJVb.exe
  C:\Windows\System\AvwGJVb.exe
  2⤵
  PID:3456
- C:\Windows\System\EHQyNNw.exe
  C:\Windows\System\EHQyNNw.exe
  2⤵
  PID:3476
- C:\Windows\System\RBGxsOJ.exe
  C:\Windows\System\RBGxsOJ.exe
  2⤵
  PID:3496
- C:\Windows\System\QwqOArV.exe
  C:\Windows\System\QwqOArV.exe
  2⤵
  PID:3516
- C:\Windows\System\pYCrmOe.exe
  C:\Windows\System\pYCrmOe.exe
  2⤵
  PID:3536
- C:\Windows\System\fNlVtrA.exe
  C:\Windows\System\fNlVtrA.exe
  2⤵
  PID:3556
- C:\Windows\System\qXbExrM.exe
  C:\Windows\System\qXbExrM.exe
  2⤵
  PID:3576
- C:\Windows\System\jfRDzGx.exe
  C:\Windows\System\jfRDzGx.exe
  2⤵
  PID:3596
- C:\Windows\System\Vtriqhl.exe
  C:\Windows\System\Vtriqhl.exe
  2⤵
  PID:3616
- C:\Windows\System\heOEwpE.exe
  C:\Windows\System\heOEwpE.exe
  2⤵
  PID:3636
- C:\Windows\System\tprxfQG.exe
  C:\Windows\System\tprxfQG.exe
  2⤵
  PID:3656
- C:\Windows\System\GVATxcK.exe
  C:\Windows\System\GVATxcK.exe
  2⤵
  PID:3676
- C:\Windows\System\EiNIpIE.exe
  C:\Windows\System\EiNIpIE.exe
  2⤵
  PID:3696
- C:\Windows\System\CwLFtXJ.exe
  C:\Windows\System\CwLFtXJ.exe
  2⤵
  PID:3716
- C:\Windows\System\JzfreOm.exe
  C:\Windows\System\JzfreOm.exe
  2⤵
  PID:3736
- C:\Windows\System\ODvUALc.exe
  C:\Windows\System\ODvUALc.exe
  2⤵
  PID:3756
- C:\Windows\System\CtSovmh.exe
  C:\Windows\System\CtSovmh.exe
  2⤵
  PID:3776
- C:\Windows\System\rElmADY.exe
  C:\Windows\System\rElmADY.exe
  2⤵
  PID:3796
- C:\Windows\System\joHRSXM.exe
  C:\Windows\System\joHRSXM.exe
  2⤵
  PID:3816
- C:\Windows\System\CUfiwOm.exe
  C:\Windows\System\CUfiwOm.exe
  2⤵
  PID:3836
- C:\Windows\System\fRCSwBe.exe
  C:\Windows\System\fRCSwBe.exe
  2⤵
  PID:3856
- C:\Windows\System\wMHynYJ.exe
  C:\Windows\System\wMHynYJ.exe
  2⤵
  PID:3876
- C:\Windows\System\ycGffpH.exe
  C:\Windows\System\ycGffpH.exe
  2⤵
  PID:3896
- C:\Windows\System\xenKcDg.exe
  C:\Windows\System\xenKcDg.exe
  2⤵
  PID:3916
- C:\Windows\System\aPlKYrf.exe
  C:\Windows\System\aPlKYrf.exe
  2⤵
  PID:3936
- C:\Windows\System\AYcixte.exe
  C:\Windows\System\AYcixte.exe
  2⤵
  PID:3956
- C:\Windows\System\RBWyQkm.exe
  C:\Windows\System\RBWyQkm.exe
  2⤵
  PID:3976
- C:\Windows\System\LUJqDkm.exe
  C:\Windows\System\LUJqDkm.exe
  2⤵
  PID:3996
- C:\Windows\System\RCizehk.exe
  C:\Windows\System\RCizehk.exe
  2⤵
  PID:4016
- C:\Windows\System\RyFYzfV.exe
  C:\Windows\System\RyFYzfV.exe
  2⤵
  PID:4036
- C:\Windows\System\PaSxDbV.exe
  C:\Windows\System\PaSxDbV.exe
  2⤵
  PID:4056
- C:\Windows\System\eYvWvFP.exe
  C:\Windows\System\eYvWvFP.exe
  2⤵
  PID:4076
- C:\Windows\System\AzpQKya.exe
  C:\Windows\System\AzpQKya.exe
  2⤵
  PID:1752
- C:\Windows\System\DorUnEw.exe
  C:\Windows\System\DorUnEw.exe
  2⤵
  PID:2468
- C:\Windows\System\PGgXdjj.exe
  C:\Windows\System\PGgXdjj.exe
  2⤵
  PID:1980
- C:\Windows\System\ZxDBBkc.exe
  C:\Windows\System\ZxDBBkc.exe
  2⤵
  PID:2920
- C:\Windows\System\boWqTuh.exe
  C:\Windows\System\boWqTuh.exe
  2⤵
  PID:1352
- C:\Windows\System\qOxgLGL.exe
  C:\Windows\System\qOxgLGL.exe
  2⤵
  PID:3088
- C:\Windows\System\QoIKlpC.exe
  C:\Windows\System\QoIKlpC.exe
  2⤵
  PID:3100
- C:\Windows\System\SzPajeZ.exe
  C:\Windows\System\SzPajeZ.exe
  2⤵
  PID:3160
- C:\Windows\System\ZNOsheK.exe
  C:\Windows\System\ZNOsheK.exe
  2⤵
  PID:3164
- C:\Windows\System\HPfyxDg.exe
  C:\Windows\System\HPfyxDg.exe
  2⤵
  PID:3184
- C:\Windows\System\yrPelnL.exe
  C:\Windows\System\yrPelnL.exe
  2⤵
  PID:3224
- C:\Windows\System\NbzQVuz.exe
  C:\Windows\System\NbzQVuz.exe
  2⤵
  PID:3280
- C:\Windows\System\JSBJtGi.exe
  C:\Windows\System\JSBJtGi.exe
  2⤵
  PID:3300
- C:\Windows\System\XxRsbjl.exe
  C:\Windows\System\XxRsbjl.exe
  2⤵
  PID:3332
- C:\Windows\System\fBySMee.exe
  C:\Windows\System\fBySMee.exe
  2⤵
  PID:3348
- C:\Windows\System\FoSCwez.exe
  C:\Windows\System\FoSCwez.exe
  2⤵
  PID:3404
- C:\Windows\System\ekGSFzr.exe
  C:\Windows\System\ekGSFzr.exe
  2⤵
  PID:3444
- C:\Windows\System\fZkCRXr.exe
  C:\Windows\System\fZkCRXr.exe
  2⤵
  PID:3492
- C:\Windows\System\cEeEfGO.exe
  C:\Windows\System\cEeEfGO.exe
  2⤵
  PID:3524
- C:\Windows\System\yzafrGC.exe
  C:\Windows\System\yzafrGC.exe
  2⤵
  PID:3528
- C:\Windows\System\YNzKApB.exe
  C:\Windows\System\YNzKApB.exe
  2⤵
  PID:3548
- C:\Windows\System\AntbQaB.exe
  C:\Windows\System\AntbQaB.exe
  2⤵
  PID:3592
- C:\Windows\System\wGyDAav.exe
  C:\Windows\System\wGyDAav.exe
  2⤵
  PID:3632
- C:\Windows\System\wCfKNKS.exe
  C:\Windows\System\wCfKNKS.exe
  2⤵
  PID:3664
- C:\Windows\System\gEDzulm.exe
  C:\Windows\System\gEDzulm.exe
  2⤵
  PID:3704
- C:\Windows\System\ZqzPTwT.exe
  C:\Windows\System\ZqzPTwT.exe
  2⤵
  PID:3708
- C:\Windows\System\wwpPUhJ.exe
  C:\Windows\System\wwpPUhJ.exe
  2⤵
  PID:3752
- C:\Windows\System\eDknkMh.exe
  C:\Windows\System\eDknkMh.exe
  2⤵
  PID:3812
- C:\Windows\System\JYBvbRv.exe
  C:\Windows\System\JYBvbRv.exe
  2⤵
  PID:3824
- C:\Windows\System\Bftjhwf.exe
  C:\Windows\System\Bftjhwf.exe
  2⤵
  PID:3828
- C:\Windows\System\gXZLSDj.exe
  C:\Windows\System\gXZLSDj.exe
  2⤵
  PID:3868
- C:\Windows\System\xakuMsE.exe
  C:\Windows\System\xakuMsE.exe
  2⤵
  PID:3924
- C:\Windows\System\WsCnZcM.exe
  C:\Windows\System\WsCnZcM.exe
  2⤵
  PID:3944
- C:\Windows\System\JKpbDqO.exe
  C:\Windows\System\JKpbDqO.exe
  2⤵
  PID:4004
- C:\Windows\System\evwQSvF.exe
  C:\Windows\System\evwQSvF.exe
  2⤵
  PID:4024
- C:\Windows\System\uhXKvxY.exe
  C:\Windows\System\uhXKvxY.exe
  2⤵
  PID:4048
- C:\Windows\System\LtZpwXK.exe
  C:\Windows\System\LtZpwXK.exe
  2⤵
  PID:4092
- C:\Windows\System\uLynYnN.exe
  C:\Windows\System\uLynYnN.exe
  2⤵
  PID:1820
- C:\Windows\System\xKbGqTs.exe
  C:\Windows\System\xKbGqTs.exe
  2⤵
  PID:324
- C:\Windows\System\JRomULs.exe
  C:\Windows\System\JRomULs.exe
  2⤵
  PID:1680
- C:\Windows\System\YTIWUCg.exe
  C:\Windows\System\YTIWUCg.exe
  2⤵
  PID:3120
- C:\Windows\System\IftipUX.exe
  C:\Windows\System\IftipUX.exe
  2⤵
  PID:3148
- C:\Windows\System\pTAhZNw.exe
  C:\Windows\System\pTAhZNw.exe
  2⤵
  PID:3188
- C:\Windows\System\SSQZaLk.exe
  C:\Windows\System\SSQZaLk.exe
  2⤵
  PID:3260
- C:\Windows\System\VLuuvKC.exe
  C:\Windows\System\VLuuvKC.exe
  2⤵
  PID:3364
- C:\Windows\System\mVktbGS.exe
  C:\Windows\System\mVktbGS.exe
  2⤵
  PID:3408
- C:\Windows\System\mUTBKRp.exe
  C:\Windows\System\mUTBKRp.exe
  2⤵
  PID:3424
- C:\Windows\System\aaZohhM.exe
  C:\Windows\System\aaZohhM.exe
  2⤵
  PID:3428
- C:\Windows\System\KLyiQfy.exe
  C:\Windows\System\KLyiQfy.exe
  2⤵
  PID:3504
- C:\Windows\System\tKABlDx.exe
  C:\Windows\System\tKABlDx.exe
  2⤵
  PID:3604
- C:\Windows\System\BBejjSb.exe
  C:\Windows\System\BBejjSb.exe
  2⤵
  PID:3688
- C:\Windows\System\nneMiPy.exe
  C:\Windows\System\nneMiPy.exe
  2⤵
  PID:3692
- C:\Windows\System\RTtVwsA.exe
  C:\Windows\System\RTtVwsA.exe
  2⤵
  PID:3744
- C:\Windows\System\oImqWXn.exe
  C:\Windows\System\oImqWXn.exe
  2⤵
  PID:3328
- C:\Windows\System\FIPKzbD.exe
  C:\Windows\System\FIPKzbD.exe
  2⤵
  PID:3832
- C:\Windows\System\xFBluRw.exe
  C:\Windows\System\xFBluRw.exe
  2⤵
  PID:3928
- C:\Windows\System\fFdTzbI.exe
  C:\Windows\System\fFdTzbI.exe
  2⤵
  PID:3912
- C:\Windows\System\kYqzOEB.exe
  C:\Windows\System\kYqzOEB.exe
  2⤵
  PID:3968
- C:\Windows\System\VxfPIvC.exe
  C:\Windows\System\VxfPIvC.exe
  2⤵
  PID:4052
- C:\Windows\System\RWaIfdf.exe
  C:\Windows\System\RWaIfdf.exe
  2⤵
  PID:2820
- C:\Windows\System\eJUjzON.exe
  C:\Windows\System\eJUjzON.exe
  2⤵
  PID:3080
- C:\Windows\System\JFNRyuE.exe
  C:\Windows\System\JFNRyuE.exe
  2⤵
  PID:3200
- C:\Windows\System\DjCwGqz.exe
  C:\Windows\System\DjCwGqz.exe
  2⤵
  PID:3168
- C:\Windows\System\YLGkNvd.exe
  C:\Windows\System\YLGkNvd.exe
  2⤵
  PID:3392
- C:\Windows\System\oupBxXS.exe
  C:\Windows\System\oupBxXS.exe
  2⤵
  PID:3352
- C:\Windows\System\zCoGVNG.exe
  C:\Windows\System\zCoGVNG.exe
  2⤵
  PID:3552
- C:\Windows\System\TfOgDqs.exe
  C:\Windows\System\TfOgDqs.exe
  2⤵
  PID:3612
- C:\Windows\System\SjWuWKv.exe
  C:\Windows\System\SjWuWKv.exe
  2⤵
  PID:3724
- C:\Windows\System\mJiUyxE.exe
  C:\Windows\System\mJiUyxE.exe
  2⤵
  PID:3728
- C:\Windows\System\GSkHpeY.exe
  C:\Windows\System\GSkHpeY.exe
  2⤵
  PID:3772
- C:\Windows\System\nbgPbmw.exe
  C:\Windows\System\nbgPbmw.exe
  2⤵
  PID:3892
- C:\Windows\System\zVKDETx.exe
  C:\Windows\System\zVKDETx.exe
  2⤵
  PID:4068
- C:\Windows\System\kHIxcrf.exe
  C:\Windows\System\kHIxcrf.exe
  2⤵
  PID:2004
- C:\Windows\System\eZMYsUK.exe
  C:\Windows\System\eZMYsUK.exe
  2⤵
  PID:1672
- C:\Windows\System\PKpBdeQ.exe
  C:\Windows\System\PKpBdeQ.exe
  2⤵
  PID:2076
- C:\Windows\System\hQvsPCW.exe
  C:\Windows\System\hQvsPCW.exe
  2⤵
  PID:3268
- C:\Windows\System\AGeFugk.exe
  C:\Windows\System\AGeFugk.exe
  2⤵
  PID:3564
- C:\Windows\System\ziOCmkD.exe
  C:\Windows\System\ziOCmkD.exe
  2⤵
  PID:3544
- C:\Windows\System\JcJlnkZ.exe
  C:\Windows\System\JcJlnkZ.exe
  2⤵
  PID:3872
- C:\Windows\System\DUSFben.exe
  C:\Windows\System\DUSFben.exe
  2⤵
  PID:3904
- C:\Windows\System\QlBXQbQ.exe
  C:\Windows\System\QlBXQbQ.exe
  2⤵
  PID:3948
- C:\Windows\System\TauuVCA.exe
  C:\Windows\System\TauuVCA.exe
  2⤵
  PID:2828
- C:\Windows\System\ZrlKdFi.exe
  C:\Windows\System\ZrlKdFi.exe
  2⤵
  PID:4108
- C:\Windows\System\ZsztVGm.exe
  C:\Windows\System\ZsztVGm.exe
  2⤵
  PID:4128
- C:\Windows\System\qoPwOKO.exe
  C:\Windows\System\qoPwOKO.exe
  2⤵
  PID:4152
- C:\Windows\System\rliHyYP.exe
  C:\Windows\System\rliHyYP.exe
  2⤵
  PID:4172
- C:\Windows\System\TKgsFAt.exe
  C:\Windows\System\TKgsFAt.exe
  2⤵
  PID:4192
- C:\Windows\System\cQJSjUb.exe
  C:\Windows\System\cQJSjUb.exe
  2⤵
  PID:4212
- C:\Windows\System\ClIXzax.exe
  C:\Windows\System\ClIXzax.exe
  2⤵
  PID:4232
- C:\Windows\System\ibSrqth.exe
  C:\Windows\System\ibSrqth.exe
  2⤵
  PID:4248
- C:\Windows\System\wNHueaY.exe
  C:\Windows\System\wNHueaY.exe
  2⤵
  PID:4272
- C:\Windows\System\nlZMJik.exe
  C:\Windows\System\nlZMJik.exe
  2⤵
  PID:4292
- C:\Windows\System\BmORbmA.exe
  C:\Windows\System\BmORbmA.exe
  2⤵
  PID:4312
- C:\Windows\System\IPJniQf.exe
  C:\Windows\System\IPJniQf.exe
  2⤵
  PID:4332
- C:\Windows\System\KSzKrVx.exe
  C:\Windows\System\KSzKrVx.exe
  2⤵
  PID:4352
- C:\Windows\System\cWNTsYE.exe
  C:\Windows\System\cWNTsYE.exe
  2⤵
  PID:4372
- C:\Windows\System\YYSXfog.exe
  C:\Windows\System\YYSXfog.exe
  2⤵
  PID:4392
- C:\Windows\System\QDyaAmM.exe
  C:\Windows\System\QDyaAmM.exe
  2⤵
  PID:4412
- C:\Windows\System\eaKuQSa.exe
  C:\Windows\System\eaKuQSa.exe
  2⤵
  PID:4432
- C:\Windows\System\hVcXDmb.exe
  C:\Windows\System\hVcXDmb.exe
  2⤵
  PID:4452
- C:\Windows\System\gjvKWEv.exe
  C:\Windows\System\gjvKWEv.exe
  2⤵
  PID:4472
- C:\Windows\System\YFATtie.exe
  C:\Windows\System\YFATtie.exe
  2⤵
  PID:4488
- C:\Windows\System\bJoxRwQ.exe
  C:\Windows\System\bJoxRwQ.exe
  2⤵
  PID:4512
- C:\Windows\System\pqnoeAY.exe
  C:\Windows\System\pqnoeAY.exe
  2⤵
  PID:4536
- C:\Windows\System\alumYAy.exe
  C:\Windows\System\alumYAy.exe
  2⤵
  PID:4556
- C:\Windows\System\FegrquH.exe
  C:\Windows\System\FegrquH.exe
  2⤵
  PID:4576
- C:\Windows\System\LDUjnVH.exe
  C:\Windows\System\LDUjnVH.exe
  2⤵
  PID:4596
- C:\Windows\System\avdcJoN.exe
  C:\Windows\System\avdcJoN.exe
  2⤵
  PID:4616
- C:\Windows\System\HOHvowl.exe
  C:\Windows\System\HOHvowl.exe
  2⤵
  PID:4636
- C:\Windows\System\WNKErkp.exe
  C:\Windows\System\WNKErkp.exe
  2⤵
  PID:4656
- C:\Windows\System\mFYtIxo.exe
  C:\Windows\System\mFYtIxo.exe
  2⤵
  PID:4680
- C:\Windows\System\dXOirrO.exe
  C:\Windows\System\dXOirrO.exe
  2⤵
  PID:4700
- C:\Windows\System\KuwLSqP.exe
  C:\Windows\System\KuwLSqP.exe
  2⤵
  PID:4720
- C:\Windows\System\EtZqqiP.exe
  C:\Windows\System\EtZqqiP.exe
  2⤵
  PID:4740
- C:\Windows\System\tjkeohg.exe
  C:\Windows\System\tjkeohg.exe
  2⤵
  PID:4760
- C:\Windows\System\cltmPmR.exe
  C:\Windows\System\cltmPmR.exe
  2⤵
  PID:4776
- C:\Windows\System\YjHqbXo.exe
  C:\Windows\System\YjHqbXo.exe
  2⤵
  PID:4800
- C:\Windows\System\VAurAss.exe
  C:\Windows\System\VAurAss.exe
  2⤵
  PID:4820
- C:\Windows\System\dLVqqme.exe
  C:\Windows\System\dLVqqme.exe
  2⤵
  PID:4840
- C:\Windows\System\YaCTJXF.exe
  C:\Windows\System\YaCTJXF.exe
  2⤵
  PID:4860
- C:\Windows\System\BCDBxdU.exe
  C:\Windows\System\BCDBxdU.exe
  2⤵
  PID:4880
- C:\Windows\System\vzGHnTB.exe
  C:\Windows\System\vzGHnTB.exe
  2⤵
  PID:4900
- C:\Windows\System\eWnlkez.exe
  C:\Windows\System\eWnlkez.exe
  2⤵
  PID:4920
- C:\Windows\System\iMIXWjU.exe
  C:\Windows\System\iMIXWjU.exe
  2⤵
  PID:4940
- C:\Windows\System\tOatbjA.exe
  C:\Windows\System\tOatbjA.exe
  2⤵
  PID:4960
- C:\Windows\System\EZarQTZ.exe
  C:\Windows\System\EZarQTZ.exe
  2⤵
  PID:4976
- C:\Windows\System\sgEOiso.exe
  C:\Windows\System\sgEOiso.exe
  2⤵
  PID:5000
- C:\Windows\System\UvhsKFv.exe
  C:\Windows\System\UvhsKFv.exe
  2⤵
  PID:5016
- C:\Windows\System\gwHOyWJ.exe
  C:\Windows\System\gwHOyWJ.exe
  2⤵
  PID:5040
- C:\Windows\System\UqMbiZp.exe
  C:\Windows\System\UqMbiZp.exe
  2⤵
  PID:5060
- C:\Windows\System\WdfXJGR.exe
  C:\Windows\System\WdfXJGR.exe
  2⤵
  PID:5080
- C:\Windows\System\jCynFVZ.exe
  C:\Windows\System\jCynFVZ.exe
  2⤵
  PID:5100
- C:\Windows\System\PZecScn.exe
  C:\Windows\System\PZecScn.exe
  2⤵
  PID:2308
- C:\Windows\System\rRpDVTA.exe
  C:\Windows\System\rRpDVTA.exe
  2⤵
  PID:3608
- C:\Windows\System\qVqNPFx.exe
  C:\Windows\System\qVqNPFx.exe
  2⤵
  PID:3684
- C:\Windows\System\vYIyCIV.exe
  C:\Windows\System\vYIyCIV.exe
  2⤵
  PID:3852
- C:\Windows\System\LZLYhSy.exe
  C:\Windows\System\LZLYhSy.exe
  2⤵
  PID:1688
- C:\Windows\System\YxdoroQ.exe
  C:\Windows\System\YxdoroQ.exe
  2⤵
  PID:2592
- C:\Windows\System\bnLXdoh.exe
  C:\Windows\System\bnLXdoh.exe
  2⤵
  PID:4120
- C:\Windows\System\RMElHIV.exe
  C:\Windows\System\RMElHIV.exe
  2⤵
  PID:4184
- C:\Windows\System\mnirsWU.exe
  C:\Windows\System\mnirsWU.exe
  2⤵
  PID:4204
- C:\Windows\System\kSIIvCo.exe
  C:\Windows\System\kSIIvCo.exe
  2⤵
  PID:4264
- C:\Windows\System\EjkJowT.exe
  C:\Windows\System\EjkJowT.exe
  2⤵
  PID:4280
- C:\Windows\System\HmJeTtn.exe
  C:\Windows\System\HmJeTtn.exe
  2⤵
  PID:4284
- C:\Windows\System\PplmicA.exe
  C:\Windows\System\PplmicA.exe
  2⤵
  PID:4324
- C:\Windows\System\CcbYOhy.exe
  C:\Windows\System\CcbYOhy.exe
  2⤵
  PID:4364
- C:\Windows\System\QgDrOTj.exe
  C:\Windows\System\QgDrOTj.exe
  2⤵
  PID:4428
- C:\Windows\System\cUdrhIg.exe
  C:\Windows\System\cUdrhIg.exe
  2⤵
  PID:4448
- C:\Windows\System\jUztMbQ.exe
  C:\Windows\System\jUztMbQ.exe
  2⤵
  PID:4496
- C:\Windows\System\JipczfT.exe
  C:\Windows\System\JipczfT.exe
  2⤵
  PID:4484
- C:\Windows\System\jBfeJIS.exe
  C:\Windows\System\jBfeJIS.exe
  2⤵
  PID:2804
- C:\Windows\System\KXltWCJ.exe
  C:\Windows\System\KXltWCJ.exe
  2⤵
  PID:4548
- C:\Windows\System\omuvigm.exe
  C:\Windows\System\omuvigm.exe
  2⤵
  PID:4588
- C:\Windows\System\yOZWRdz.exe
  C:\Windows\System\yOZWRdz.exe
  2⤵
  PID:4632
- C:\Windows\System\LLNsAGg.exe
  C:\Windows\System\LLNsAGg.exe
  2⤵
  PID:4644
- C:\Windows\System\gjMdFxL.exe
  C:\Windows\System\gjMdFxL.exe
  2⤵
  PID:4696
- C:\Windows\System\bOHZEPP.exe
  C:\Windows\System\bOHZEPP.exe
  2⤵
  PID:4748
- C:\Windows\System\YKrroSm.exe
  C:\Windows\System\YKrroSm.exe
  2⤵
  PID:4732
- C:\Windows\System\YlTVrBl.exe
  C:\Windows\System\YlTVrBl.exe
  2⤵
  PID:4768
- C:\Windows\System\dnSLfoZ.exe
  C:\Windows\System\dnSLfoZ.exe
  2⤵
  PID:4828
- C:\Windows\System\eYidUKD.exe
  C:\Windows\System\eYidUKD.exe
  2⤵
  PID:4812
- C:\Windows\System\tWCkKGY.exe
  C:\Windows\System\tWCkKGY.exe
  2⤵
  PID:4848
- C:\Windows\System\XQSbOCN.exe
  C:\Windows\System\XQSbOCN.exe
  2⤵
  PID:4912
- C:\Windows\System\EarthkQ.exe
  C:\Windows\System\EarthkQ.exe
  2⤵
  PID:4928
- C:\Windows\System\SPIWQRt.exe
  C:\Windows\System\SPIWQRt.exe
  2⤵
  PID:4996
- C:\Windows\System\bDrTgGN.exe
  C:\Windows\System\bDrTgGN.exe
  2⤵
  PID:4972
- C:\Windows\System\CXOxOEG.exe
  C:\Windows\System\CXOxOEG.exe
  2⤵
  PID:5028
- C:\Windows\System\UAAFnRR.exe
  C:\Windows\System\UAAFnRR.exe
  2⤵
  PID:5056
- C:\Windows\System\FPxTLoH.exe
  C:\Windows\System\FPxTLoH.exe
  2⤵
  PID:2604
- C:\Windows\System\kSybfhk.exe
  C:\Windows\System\kSybfhk.exe
  2⤵
  PID:5096
- C:\Windows\System\jFvEltP.exe
  C:\Windows\System\jFvEltP.exe
  2⤵
  PID:3304
- C:\Windows\System\PYfkemd.exe
  C:\Windows\System\PYfkemd.exe
  2⤵
  PID:3964
- C:\Windows\System\cWivGGR.exe
  C:\Windows\System\cWivGGR.exe
  2⤵
  PID:3984
- C:\Windows\System\fZZRpjw.exe
  C:\Windows\System\fZZRpjw.exe
  2⤵
  PID:3248
- C:\Windows\System\PaydkDG.exe
  C:\Windows\System\PaydkDG.exe
  2⤵
  PID:4208
- C:\Windows\System\aNqHEkt.exe
  C:\Windows\System\aNqHEkt.exe
  2⤵
  PID:1904
- C:\Windows\System\OcWuzuD.exe
  C:\Windows\System\OcWuzuD.exe
  2⤵
  PID:4224
- C:\Windows\System\FOyxzlm.exe
  C:\Windows\System\FOyxzlm.exe
  2⤵
  PID:4320
- C:\Windows\System\nOZNyrx.exe
  C:\Windows\System\nOZNyrx.exe
  2⤵
  PID:4400
- C:\Windows\System\RkOVeHv.exe
  C:\Windows\System\RkOVeHv.exe
  2⤵
  PID:4464
- C:\Windows\System\movCjKM.exe
  C:\Windows\System\movCjKM.exe
  2⤵
  PID:4508
- C:\Windows\System\NHsosWs.exe
  C:\Windows\System\NHsosWs.exe
  2⤵
  PID:4568
- C:\Windows\System\haNOuzc.exe
  C:\Windows\System\haNOuzc.exe
  2⤵
  PID:2500
- C:\Windows\System\hsuXnNA.exe
  C:\Windows\System\hsuXnNA.exe
  2⤵
  PID:4672
- C:\Windows\System\vzJUZkb.exe
  C:\Windows\System\vzJUZkb.exe
  2⤵
  PID:4716
- C:\Windows\System\rDGFohr.exe
  C:\Windows\System\rDGFohr.exe
  2⤵
  PID:1184
- C:\Windows\System\CJuHssS.exe
  C:\Windows\System\CJuHssS.exe
  2⤵
  PID:4796
- C:\Windows\System\PNcbaTk.exe
  C:\Windows\System\PNcbaTk.exe
  2⤵
  PID:4752
- C:\Windows\System\jRCvAbD.exe
  C:\Windows\System\jRCvAbD.exe
  2⤵
  PID:4852
- C:\Windows\System\YEYGXZG.exe
  C:\Windows\System\YEYGXZG.exe
  2⤵
  PID:4988
- C:\Windows\System\wFSptmx.exe
  C:\Windows\System\wFSptmx.exe
  2⤵
  PID:264
- C:\Windows\System\bBPQDKm.exe
  C:\Windows\System\bBPQDKm.exe
  2⤵
  PID:5024
- C:\Windows\System\EKuAlvc.exe
  C:\Windows\System\EKuAlvc.exe
  2⤵
  PID:4968
- C:\Windows\System\xDMygNF.exe
  C:\Windows\System\xDMygNF.exe
  2⤵
  PID:2600
- C:\Windows\System\PpLRnhc.exe
  C:\Windows\System\PpLRnhc.exe
  2⤵
  PID:5088
- C:\Windows\System\kMXdbiS.exe
  C:\Windows\System\kMXdbiS.exe
  2⤵
  PID:2864
- C:\Windows\System\rNQPujU.exe
  C:\Windows\System\rNQPujU.exe
  2⤵
  PID:2912
- C:\Windows\System\gtejbqX.exe
  C:\Windows\System\gtejbqX.exe
  2⤵
  PID:4116
- C:\Windows\System\dLJnhRR.exe
  C:\Windows\System\dLJnhRR.exe
  2⤵
  PID:4104
- C:\Windows\System\YxZAzBn.exe
  C:\Windows\System\YxZAzBn.exe
  2⤵
  PID:2460
- C:\Windows\System\mXqPQbp.exe
  C:\Windows\System\mXqPQbp.exe
  2⤵
  PID:4256
- C:\Windows\System\QSMvCss.exe
  C:\Windows\System\QSMvCss.exe
  2⤵
  PID:4240
- C:\Windows\System\IWkvduA.exe
  C:\Windows\System\IWkvduA.exe
  2⤵
  PID:4348
- C:\Windows\System\KJbjNHa.exe
  C:\Windows\System\KJbjNHa.exe
  2⤵
  PID:4520
- C:\Windows\System\mKqwSbk.exe
  C:\Windows\System\mKqwSbk.exe
  2⤵
  PID:4404
- C:\Windows\System\YCErfKp.exe
  C:\Windows\System\YCErfKp.exe
  2⤵
  PID:2748
- C:\Windows\System\feJFrls.exe
  C:\Windows\System\feJFrls.exe
  2⤵
  PID:2692
- C:\Windows\System\pdriGdB.exe
  C:\Windows\System\pdriGdB.exe
  2⤵
  PID:4612
- C:\Windows\System\FRCJKvD.exe
  C:\Windows\System\FRCJKvD.exe
  2⤵
  PID:4872
- C:\Windows\System\HcHhXQi.exe
  C:\Windows\System\HcHhXQi.exe
  2⤵
  PID:4892
- C:\Windows\System\xOwPDBp.exe
  C:\Windows\System\xOwPDBp.exe
  2⤵
  PID:5076
- C:\Windows\System\nQxinTG.exe
  C:\Windows\System\nQxinTG.exe
  2⤵
  PID:2952
- C:\Windows\System\SKddaQf.exe
  C:\Windows\System\SKddaQf.exe
  2⤵
  PID:4260
- C:\Windows\System\MXlGqBb.exe
  C:\Windows\System\MXlGqBb.exe
  2⤵
  PID:4440
- C:\Windows\System\nszgDGe.exe
  C:\Windows\System\nszgDGe.exe
  2⤵
  PID:1768
- C:\Windows\System\SclnhcP.exe
  C:\Windows\System\SclnhcP.exe
  2⤵
  PID:4652
- C:\Windows\System\WXpxmcW.exe
  C:\Windows\System\WXpxmcW.exe
  2⤵
  PID:1200
- C:\Windows\System\XryzldH.exe
  C:\Windows\System\XryzldH.exe
  2⤵
  PID:4736
- C:\Windows\System\wfZximt.exe
  C:\Windows\System\wfZximt.exe
  2⤵
  PID:4584
- C:\Windows\System\usQnqxc.exe
  C:\Windows\System\usQnqxc.exe
  2⤵
  PID:2240
- C:\Windows\System\QjDjVTD.exe
  C:\Windows\System\QjDjVTD.exe
  2⤵
  PID:5112
- C:\Windows\System\nBeoJdc.exe
  C:\Windows\System\nBeoJdc.exe
  2⤵
  PID:2732
- C:\Windows\System\XUMwovZ.exe
  C:\Windows\System\XUMwovZ.exe
  2⤵
  PID:5108
- C:\Windows\System\VJtmqXv.exe
  C:\Windows\System\VJtmqXv.exe
  2⤵
  PID:4552
- C:\Windows\System\kIQLSlV.exe
  C:\Windows\System\kIQLSlV.exe
  2⤵
  PID:844
- C:\Windows\System\smRBkxR.exe
  C:\Windows\System\smRBkxR.exe
  2⤵
  PID:4380
- C:\Windows\System\PrqONdo.exe
  C:\Windows\System\PrqONdo.exe
  2⤵
  PID:4816
- C:\Windows\System\sZXveDZ.exe
  C:\Windows\System\sZXveDZ.exe
  2⤵
  PID:2848
- C:\Windows\System\ysUcyRs.exe
  C:\Windows\System\ysUcyRs.exe
  2⤵
  PID:3040
- C:\Windows\System\OonkGXc.exe
  C:\Windows\System\OonkGXc.exe
  2⤵
  PID:2840
- C:\Windows\System\RBpuptg.exe
  C:\Windows\System\RBpuptg.exe
  2⤵
  PID:4360
- C:\Windows\System\wrlARyL.exe
  C:\Windows\System\wrlARyL.exe
  2⤵
  PID:4144
- C:\Windows\System\UReMTVs.exe
  C:\Windows\System\UReMTVs.exe
  2⤵
  PID:4792
- C:\Windows\System\hcfFMam.exe
  C:\Windows\System\hcfFMam.exe
  2⤵
  PID:5124
- C:\Windows\System\RQdbYtg.exe
  C:\Windows\System\RQdbYtg.exe
  2⤵
  PID:5144
- C:\Windows\System\PYyAVDk.exe
  C:\Windows\System\PYyAVDk.exe
  2⤵
  PID:5164
- C:\Windows\System\TwllYzK.exe
  C:\Windows\System\TwllYzK.exe
  2⤵
  PID:5184
- C:\Windows\System\DdxeFfG.exe
  C:\Windows\System\DdxeFfG.exe
  2⤵
  PID:5204
- C:\Windows\System\jDNiOrO.exe
  C:\Windows\System\jDNiOrO.exe
  2⤵
  PID:5224
- C:\Windows\System\KheGxqd.exe
  C:\Windows\System\KheGxqd.exe
  2⤵
  PID:5244
- C:\Windows\System\DFOluIO.exe
  C:\Windows\System\DFOluIO.exe
  2⤵
  PID:5264
- C:\Windows\System\BxmbELa.exe
  C:\Windows\System\BxmbELa.exe
  2⤵
  PID:5284
- C:\Windows\System\jAKiblA.exe
  C:\Windows\System\jAKiblA.exe
  2⤵
  PID:5304
- C:\Windows\System\qBAQTVF.exe
  C:\Windows\System\qBAQTVF.exe
  2⤵
  PID:5320
- C:\Windows\System\SjLpswe.exe
  C:\Windows\System\SjLpswe.exe
  2⤵
  PID:5352
- C:\Windows\System\uSGKKGQ.exe
  C:\Windows\System\uSGKKGQ.exe
  2⤵
  PID:5368
- C:\Windows\System\BNBSxhG.exe
  C:\Windows\System\BNBSxhG.exe
  2⤵
  PID:5388
- C:\Windows\System\EcmieaX.exe
  C:\Windows\System\EcmieaX.exe
  2⤵
  PID:5404
- C:\Windows\System\RjBIHFN.exe
  C:\Windows\System\RjBIHFN.exe
  2⤵
  PID:5420
- C:\Windows\System\WkpuimB.exe
  C:\Windows\System\WkpuimB.exe
  2⤵
  PID:5448
- C:\Windows\System\cSULNNF.exe
  C:\Windows\System\cSULNNF.exe
  2⤵
  PID:5468
- C:\Windows\System\duszxcb.exe
  C:\Windows\System\duszxcb.exe
  2⤵
  PID:5488
- C:\Windows\System\OFuetXM.exe
  C:\Windows\System\OFuetXM.exe
  2⤵
  PID:5508
- C:\Windows\System\vXwBVBV.exe
  C:\Windows\System\vXwBVBV.exe
  2⤵
  PID:5524
- C:\Windows\System\BBdJpKo.exe
  C:\Windows\System\BBdJpKo.exe
  2⤵
  PID:5548
- C:\Windows\System\gggqtLu.exe
  C:\Windows\System\gggqtLu.exe
  2⤵
  PID:5564
- C:\Windows\System\hrquuNy.exe
  C:\Windows\System\hrquuNy.exe
  2⤵
  PID:5588
- C:\Windows\System\bCSwqMy.exe
  C:\Windows\System\bCSwqMy.exe
  2⤵
  PID:5608
- C:\Windows\System\hfXaqEo.exe
  C:\Windows\System\hfXaqEo.exe
  2⤵
  PID:5624
- C:\Windows\System\GepPLwy.exe
  C:\Windows\System\GepPLwy.exe
  2⤵
  PID:5640
- C:\Windows\System\gfaZqFO.exe
  C:\Windows\System\gfaZqFO.exe
  2⤵
  PID:5656
- C:\Windows\System\lAhUsSJ.exe
  C:\Windows\System\lAhUsSJ.exe
  2⤵
  PID:5676
- C:\Windows\System\YERRdnQ.exe
  C:\Windows\System\YERRdnQ.exe
  2⤵
  PID:5692
- C:\Windows\System\sPtAxpS.exe
  C:\Windows\System\sPtAxpS.exe
  2⤵
  PID:5732
- C:\Windows\System\BknTSZb.exe
  C:\Windows\System\BknTSZb.exe
  2⤵
  PID:5756
- C:\Windows\System\HljIJAA.exe
  C:\Windows\System\HljIJAA.exe
  2⤵
  PID:5772
- C:\Windows\System\jOEBdnE.exe
  C:\Windows\System\jOEBdnE.exe
  2⤵
  PID:5788
- C:\Windows\System\Ghnitgn.exe
  C:\Windows\System\Ghnitgn.exe
  2⤵
  PID:5804
- C:\Windows\System\gTQnkUO.exe
  C:\Windows\System\gTQnkUO.exe
  2⤵
  PID:5820
- C:\Windows\System\FKNeAvc.exe
  C:\Windows\System\FKNeAvc.exe
  2⤵
  PID:5844
- C:\Windows\System\JovqITA.exe
  C:\Windows\System\JovqITA.exe
  2⤵
  PID:5860
- C:\Windows\System\RGDdSQL.exe
  C:\Windows\System\RGDdSQL.exe
  2⤵
  PID:5876
- C:\Windows\System\nMtcUAi.exe
  C:\Windows\System\nMtcUAi.exe
  2⤵
  PID:5892
- C:\Windows\System\pJaQMmq.exe
  C:\Windows\System\pJaQMmq.exe
  2⤵
  PID:5912
- C:\Windows\System\ZXYFlLB.exe
  C:\Windows\System\ZXYFlLB.exe
  2⤵
  PID:5932
- C:\Windows\System\uMNyvYz.exe
  C:\Windows\System\uMNyvYz.exe
  2⤵
  PID:5948
- C:\Windows\System\PyizcAA.exe
  C:\Windows\System\PyizcAA.exe
  2⤵
  PID:5964
- C:\Windows\System\DoCszXW.exe
  C:\Windows\System\DoCszXW.exe
  2⤵
  PID:5980
- C:\Windows\System\vekXqJx.exe
  C:\Windows\System\vekXqJx.exe
  2⤵
  PID:6024
- C:\Windows\System\QPALXdk.exe
  C:\Windows\System\QPALXdk.exe
  2⤵
  PID:6052
- C:\Windows\System\cTVKByi.exe
  C:\Windows\System\cTVKByi.exe
  2⤵
  PID:6068
- C:\Windows\System\bdTnQBQ.exe
  C:\Windows\System\bdTnQBQ.exe
  2⤵
  PID:6088
- C:\Windows\System\HxFgUtH.exe
  C:\Windows\System\HxFgUtH.exe
  2⤵
  PID:6108
- C:\Windows\System\HVxmqQh.exe
  C:\Windows\System\HVxmqQh.exe
  2⤵
  PID:6128
- C:\Windows\System\iueASTs.exe
  C:\Windows\System\iueASTs.exe
  2⤵
  PID:4896
- C:\Windows\System\fYSRcaB.exe
  C:\Windows\System\fYSRcaB.exe
  2⤵
  PID:4692
- C:\Windows\System\iCCxsmt.exe
  C:\Windows\System\iCCxsmt.exe
  2⤵
  PID:4084
- C:\Windows\System\PCEzSim.exe
  C:\Windows\System\PCEzSim.exe
  2⤵
  PID:2028
- C:\Windows\System\yziKCbC.exe
  C:\Windows\System\yziKCbC.exe
  2⤵
  PID:5172
- C:\Windows\System\NUTcKhn.exe
  C:\Windows\System\NUTcKhn.exe
  2⤵
  PID:5176
- C:\Windows\System\JbZULzV.exe
  C:\Windows\System\JbZULzV.exe
  2⤵
  PID:5200
- C:\Windows\System\HlvSlRp.exe
  C:\Windows\System\HlvSlRp.exe
  2⤵
  PID:5256
- C:\Windows\System\dTjlYBB.exe
  C:\Windows\System\dTjlYBB.exe
  2⤵
  PID:2816
- C:\Windows\System\YEcBpqi.exe
  C:\Windows\System\YEcBpqi.exe
  2⤵
  PID:5296
- C:\Windows\System\YiyHmbF.exe
  C:\Windows\System\YiyHmbF.exe
  2⤵
  PID:2084
- C:\Windows\System\rUZKvab.exe
  C:\Windows\System\rUZKvab.exe
  2⤵
  PID:4952
- C:\Windows\System\nyTuNEX.exe
  C:\Windows\System\nyTuNEX.exe
  2⤵
  PID:3068
- C:\Windows\System\EAYBysG.exe
  C:\Windows\System\EAYBysG.exe
  2⤵
  PID:5348
- C:\Windows\System\ihvduJX.exe
  C:\Windows\System\ihvduJX.exe
  2⤵
  PID:5416
- C:\Windows\System\YTiNWAv.exe
  C:\Windows\System\YTiNWAv.exe
  2⤵
  PID:5400
- C:\Windows\System\kIryRUU.exe
  C:\Windows\System\kIryRUU.exe
  2⤵
  PID:5464
- C:\Windows\System\EhOwklb.exe
  C:\Windows\System\EhOwklb.exe
  2⤵
  PID:5540
- C:\Windows\System\ojCDudq.exe
  C:\Windows\System\ojCDudq.exe
  2⤵
  PID:5480
- C:\Windows\System\TLgwrqP.exe
  C:\Windows\System\TLgwrqP.exe
  2⤵
  PID:5572
- C:\Windows\System\fCLdrvE.exe
  C:\Windows\System\fCLdrvE.exe
  2⤵
  PID:5500
- C:\Windows\System\DtJwVln.exe
  C:\Windows\System\DtJwVln.exe
  2⤵
  PID:5620
- C:\Windows\System\qnuJNjQ.exe
  C:\Windows\System\qnuJNjQ.exe
  2⤵
  PID:5688
- C:\Windows\System\Xvbgzsp.exe
  C:\Windows\System\Xvbgzsp.exe
  2⤵
  PID:5632
- C:\Windows\System\UbGPwOt.exe
  C:\Windows\System\UbGPwOt.exe
  2⤵
  PID:5672
- C:\Windows\System\bFWsRcD.exe
  C:\Windows\System\bFWsRcD.exe
  2⤵
  PID:5740
- C:\Windows\System\pTrnCZu.exe
  C:\Windows\System\pTrnCZu.exe
  2⤵
  PID:5704
- C:\Windows\System\iyhvlHs.exe
  C:\Windows\System\iyhvlHs.exe
  2⤵
  PID:5764
- C:\Windows\System\PHOInPi.exe
  C:\Windows\System\PHOInPi.exe
  2⤵
  PID:5940
- C:\Windows\System\jjbZjQJ.exe
  C:\Windows\System\jjbZjQJ.exe
  2⤵
  PID:5972
- C:\Windows\System\AkBaFGa.exe
  C:\Windows\System\AkBaFGa.exe
  2⤵
  PID:5796
- C:\Windows\System\SLKQOrB.exe
  C:\Windows\System\SLKQOrB.exe
  2⤵
  PID:5816
- C:\Windows\System\IbMJmvR.exe
  C:\Windows\System\IbMJmvR.exe
  2⤵
  PID:5888
- C:\Windows\System\nFMdFro.exe
  C:\Windows\System\nFMdFro.exe
  2⤵
  PID:5960
- C:\Windows\System\KJWekED.exe
  C:\Windows\System\KJWekED.exe
  2⤵
  PID:5996
- C:\Windows\System\aFRSWYQ.exe
  C:\Windows\System\aFRSWYQ.exe
  2⤵
  PID:6016
- C:\Windows\System\xkjpidy.exe
  C:\Windows\System\xkjpidy.exe
  2⤵
  PID:6096
- C:\Windows\System\jPUIEDJ.exe
  C:\Windows\System\jPUIEDJ.exe
  2⤵
  PID:6048
- C:\Windows\System\PPpRhLB.exe
  C:\Windows\System\PPpRhLB.exe
  2⤵
  PID:6136
- C:\Windows\System\rfhTIYp.exe
  C:\Windows\System\rfhTIYp.exe
  2⤵
  PID:6080
- C:\Windows\System\kDzBufZ.exe
  C:\Windows\System\kDzBufZ.exe
  2⤵
  PID:6140
- C:\Windows\System\VKxamAP.exe
  C:\Windows\System\VKxamAP.exe
  2⤵
  PID:2012
- C:\Windows\System\ThKNQSW.exe
  C:\Windows\System\ThKNQSW.exe
  2⤵
  PID:5192
- C:\Windows\System\WDJcvRm.exe
  C:\Windows\System\WDJcvRm.exe
  2⤵
  PID:5152
- C:\Windows\System\oZxbxVY.exe
  C:\Windows\System\oZxbxVY.exe
  2⤵
  PID:5212
- C:\Windows\System\DFpwBje.exe
  C:\Windows\System\DFpwBje.exe
  2⤵
  PID:5276
- C:\Windows\System\dofPmZF.exe
  C:\Windows\System\dofPmZF.exe
  2⤵
  PID:5332
- C:\Windows\System\zcPBkfX.exe
  C:\Windows\System\zcPBkfX.exe
  2⤵
  PID:4984
- C:\Windows\System\QNNpaxR.exe
  C:\Windows\System\QNNpaxR.exe
  2⤵
  PID:5364
- C:\Windows\System\eprKoCX.exe
  C:\Windows\System\eprKoCX.exe
  2⤵
  PID:4908
- C:\Windows\System\wOyccwE.exe
  C:\Windows\System\wOyccwE.exe
  2⤵
  PID:5384
- C:\Windows\System\vYgSFyD.exe
  C:\Windows\System\vYgSFyD.exe
  2⤵
  PID:5444
- C:\Windows\System\mTsoQef.exe
  C:\Windows\System\mTsoQef.exe
  2⤵
  PID:5752
- C:\Windows\System\iwFuxsQ.exe
  C:\Windows\System\iwFuxsQ.exe
  2⤵
  PID:5708
- C:\Windows\System\OYTyHkN.exe
  C:\Windows\System\OYTyHkN.exe
  2⤵
  PID:5556
- C:\Windows\System\GPvzCaP.exe
  C:\Windows\System\GPvzCaP.exe
  2⤵
  PID:5900
- C:\Windows\System\aTjQOwp.exe
  C:\Windows\System\aTjQOwp.exe
  2⤵
  PID:5868
- C:\Windows\System\mZdruUV.exe
  C:\Windows\System\mZdruUV.exe
  2⤵
  PID:5920
- C:\Windows\System\HsXrUaH.exe
  C:\Windows\System\HsXrUaH.exe
  2⤵
  PID:5812
- C:\Windows\System\pMnKuWt.exe
  C:\Windows\System\pMnKuWt.exe
  2⤵
  PID:3628
- C:\Windows\System\OHrtKVV.exe
  C:\Windows\System\OHrtKVV.exe
  2⤵
  PID:6120
- C:\Windows\System\JhuSjQH.exe
  C:\Windows\System\JhuSjQH.exe
  2⤵
  PID:4288
- C:\Windows\System\wkkijQG.exe
  C:\Windows\System\wkkijQG.exe
  2⤵
  PID:5160
- C:\Windows\System\hJDFQYs.exe
  C:\Windows\System\hJDFQYs.exe
  2⤵
  PID:5236
- C:\Windows\System\nrAkzWj.exe
  C:\Windows\System\nrAkzWj.exe
  2⤵
  PID:5376
- C:\Windows\System\DKrUhMJ.exe
  C:\Windows\System\DKrUhMJ.exe
  2⤵
  PID:5516
- C:\Windows\System\tctBWSf.exe
  C:\Windows\System\tctBWSf.exe
  2⤵
  PID:5440
- C:\Windows\System\XomnCBW.exe
  C:\Windows\System\XomnCBW.exe
  2⤵
  PID:5328
- C:\Windows\System\BKWVdFT.exe
  C:\Windows\System\BKWVdFT.exe
  2⤵
  PID:5652
- C:\Windows\System\srUdBjC.exe
  C:\Windows\System\srUdBjC.exe
  2⤵
  PID:5720
- C:\Windows\System\xhjNyai.exe
  C:\Windows\System\xhjNyai.exe
  2⤵
  PID:5484
- C:\Windows\System\yUFGiQT.exe
  C:\Windows\System\yUFGiQT.exe
  2⤵
  PID:5596
- C:\Windows\System\RYZouRj.exe
  C:\Windows\System\RYZouRj.exe
  2⤵
  PID:6004
- C:\Windows\System\QlXPrbH.exe
  C:\Windows\System\QlXPrbH.exe
  2⤵
  PID:5856
- C:\Windows\System\LbIQmHh.exe
  C:\Windows\System\LbIQmHh.exe
  2⤵
  PID:5840
- C:\Windows\System\gDAmtRb.exe
  C:\Windows\System\gDAmtRb.exe
  2⤵
  PID:6116
- C:\Windows\System\TKOlaRB.exe
  C:\Windows\System\TKOlaRB.exe
  2⤵
  PID:6036
- C:\Windows\System\aJzVXFK.exe
  C:\Windows\System\aJzVXFK.exe
  2⤵
  PID:5220
- C:\Windows\System\MobukAm.exe
  C:\Windows\System\MobukAm.exe
  2⤵
  PID:6044
- C:\Windows\System\MfvOmIE.exe
  C:\Windows\System\MfvOmIE.exe
  2⤵
  PID:4164
- C:\Windows\System\PxYGAIo.exe
  C:\Windows\System\PxYGAIo.exe
  2⤵
  PID:5532
- C:\Windows\System\dUZScNX.exe
  C:\Windows\System\dUZScNX.exe
  2⤵
  PID:5784
- C:\Windows\System\hGXJxUF.exe
  C:\Windows\System\hGXJxUF.exe
  2⤵
  PID:5956
- C:\Windows\System\eWGFFvV.exe
  C:\Windows\System\eWGFFvV.exe
  2⤵
  PID:1744
- C:\Windows\System\nDteadB.exe
  C:\Windows\System\nDteadB.exe
  2⤵
  PID:5360
- C:\Windows\System\nHTLWvK.exe
  C:\Windows\System\nHTLWvK.exe
  2⤵
  PID:2724
- C:\Windows\System\DbUcbIh.exe
  C:\Windows\System\DbUcbIh.exe
  2⤵
  PID:5800
- C:\Windows\System\hIYRwKp.exe
  C:\Windows\System\hIYRwKp.exe
  2⤵
  PID:5260
- C:\Windows\System\EOYrwkw.exe
  C:\Windows\System\EOYrwkw.exe
  2⤵
  PID:6156
- C:\Windows\System\gPvzQPU.exe
  C:\Windows\System\gPvzQPU.exe
  2⤵
  PID:6172
- C:\Windows\System\VRqFRny.exe
  C:\Windows\System\VRqFRny.exe
  2⤵
  PID:6188
- C:\Windows\System\ZNWkwcC.exe
  C:\Windows\System\ZNWkwcC.exe
  2⤵
  PID:6204
- C:\Windows\System\WKAtlTO.exe
  C:\Windows\System\WKAtlTO.exe
  2⤵
  PID:6220
- C:\Windows\System\mAEXhBi.exe
  C:\Windows\System\mAEXhBi.exe
  2⤵
  PID:6236
- C:\Windows\System\qcFbOTQ.exe
  C:\Windows\System\qcFbOTQ.exe
  2⤵
  PID:6252
- C:\Windows\System\cbglMcS.exe
  C:\Windows\System\cbglMcS.exe
  2⤵
  PID:6268
- C:\Windows\System\XHyOnOA.exe
  C:\Windows\System\XHyOnOA.exe
  2⤵
  PID:6284
- C:\Windows\System\TnypXSW.exe
  C:\Windows\System\TnypXSW.exe
  2⤵
  PID:6300
- C:\Windows\System\DBMbNEB.exe
  C:\Windows\System\DBMbNEB.exe
  2⤵
  PID:6316
- C:\Windows\System\bAYKYAj.exe
  C:\Windows\System\bAYKYAj.exe
  2⤵
  PID:6332
- C:\Windows\System\CJGBczq.exe
  C:\Windows\System\CJGBczq.exe
  2⤵
  PID:6348
- C:\Windows\System\FtBPfyt.exe
  C:\Windows\System\FtBPfyt.exe
  2⤵
  PID:6364
- C:\Windows\System\iATfQdU.exe
  C:\Windows\System\iATfQdU.exe
  2⤵
  PID:6380
- C:\Windows\System\VslbweH.exe
  C:\Windows\System\VslbweH.exe
  2⤵
  PID:6396
- C:\Windows\System\JZDLTUR.exe
  C:\Windows\System\JZDLTUR.exe
  2⤵
  PID:6412
- C:\Windows\System\XMaEzwD.exe
  C:\Windows\System\XMaEzwD.exe
  2⤵
  PID:6428
- C:\Windows\System\iCIBgHs.exe
  C:\Windows\System\iCIBgHs.exe
  2⤵
  PID:6444
- C:\Windows\System\epnulEr.exe
  C:\Windows\System\epnulEr.exe
  2⤵
  PID:6460
- C:\Windows\System\XFtYXbo.exe
  C:\Windows\System\XFtYXbo.exe
  2⤵
  PID:6476
- C:\Windows\System\BceLYWl.exe
  C:\Windows\System\BceLYWl.exe
  2⤵
  PID:6492
- C:\Windows\System\szlPqtT.exe
  C:\Windows\System\szlPqtT.exe
  2⤵
  PID:6520
- C:\Windows\System\MDtYwXO.exe
  C:\Windows\System\MDtYwXO.exe
  2⤵
  PID:6536
- C:\Windows\System\WdqCENR.exe
  C:\Windows\System\WdqCENR.exe
  2⤵
  PID:6552
- C:\Windows\System\GkxnBDs.exe
  C:\Windows\System\GkxnBDs.exe
  2⤵
  PID:6568
- C:\Windows\System\nXmzxin.exe
  C:\Windows\System\nXmzxin.exe
  2⤵
  PID:6584
- C:\Windows\System\cpDSpso.exe
  C:\Windows\System\cpDSpso.exe
  2⤵
  PID:6600
- C:\Windows\System\keVFyio.exe
  C:\Windows\System\keVFyio.exe
  2⤵
  PID:6616
- C:\Windows\System\ZROXTuj.exe
  C:\Windows\System\ZROXTuj.exe
  2⤵
  PID:6632
- C:\Windows\System\KANWsZX.exe
  C:\Windows\System\KANWsZX.exe
  2⤵
  PID:6648
- C:\Windows\System\BCWoGiq.exe
  C:\Windows\System\BCWoGiq.exe
  2⤵
  PID:6664
- C:\Windows\System\HWnflzT.exe
  C:\Windows\System\HWnflzT.exe
  2⤵
  PID:6680
- C:\Windows\System\VFwuzOe.exe
  C:\Windows\System\VFwuzOe.exe
  2⤵
  PID:6696
- C:\Windows\System\LWSDgoY.exe
  C:\Windows\System\LWSDgoY.exe
  2⤵
  PID:6712
- C:\Windows\System\DqYUhWP.exe
  C:\Windows\System\DqYUhWP.exe
  2⤵
  PID:6728
- C:\Windows\System\BSNUWSH.exe
  C:\Windows\System\BSNUWSH.exe
  2⤵
  PID:6744
- C:\Windows\System\lXlTrWW.exe
  C:\Windows\System\lXlTrWW.exe
  2⤵
  PID:6760
- C:\Windows\System\rVyLefb.exe
  C:\Windows\System\rVyLefb.exe
  2⤵
  PID:6776
- C:\Windows\System\zNeFYFH.exe
  C:\Windows\System\zNeFYFH.exe
  2⤵
  PID:6792
- C:\Windows\System\BSmvclm.exe
  C:\Windows\System\BSmvclm.exe
  2⤵
  PID:6816
- C:\Windows\System\rQdKwsx.exe
  C:\Windows\System\rQdKwsx.exe
  2⤵
  PID:6836
- C:\Windows\System\ENGDeJM.exe
  C:\Windows\System\ENGDeJM.exe
  2⤵
  PID:6852
- C:\Windows\System\FPvSdfD.exe
  C:\Windows\System\FPvSdfD.exe
  2⤵
  PID:6868
- C:\Windows\System\sdPVWWm.exe
  C:\Windows\System\sdPVWWm.exe
  2⤵
  PID:6884
- C:\Windows\System\WIBmHCK.exe
  C:\Windows\System\WIBmHCK.exe
  2⤵
  PID:6900
- C:\Windows\System\IJwgVAh.exe
  C:\Windows\System\IJwgVAh.exe
  2⤵
  PID:6916
- C:\Windows\System\eXcmNMt.exe
  C:\Windows\System\eXcmNMt.exe
  2⤵
  PID:6932
- C:\Windows\System\USfqsop.exe
  C:\Windows\System\USfqsop.exe
  2⤵
  PID:6948
- C:\Windows\System\PBrCWOP.exe
  C:\Windows\System\PBrCWOP.exe
  2⤵
  PID:6964
- C:\Windows\System\ffuLbpY.exe
  C:\Windows\System\ffuLbpY.exe
  2⤵
  PID:6980
- C:\Windows\System\jkuxrJZ.exe
  C:\Windows\System\jkuxrJZ.exe
  2⤵
  PID:6996
- C:\Windows\System\yymApLj.exe
  C:\Windows\System\yymApLj.exe
  2⤵
  PID:7012
- C:\Windows\System\pYCrtVw.exe
  C:\Windows\System\pYCrtVw.exe
  2⤵
  PID:7032
- C:\Windows\System\JYnlvqn.exe
  C:\Windows\System\JYnlvqn.exe
  2⤵
  PID:7048
- C:\Windows\System\dCGovlR.exe
  C:\Windows\System\dCGovlR.exe
  2⤵
  PID:7064
- C:\Windows\System\YQIcioF.exe
  C:\Windows\System\YQIcioF.exe
  2⤵
  PID:7080
- C:\Windows\System\SysZbXq.exe
  C:\Windows\System\SysZbXq.exe
  2⤵
  PID:7096
- C:\Windows\System\umyglRI.exe
  C:\Windows\System\umyglRI.exe
  2⤵
  PID:7112
- C:\Windows\System\gDGczjU.exe
  C:\Windows\System\gDGczjU.exe
  2⤵
  PID:7128
- C:\Windows\System\occbvjx.exe
  C:\Windows\System\occbvjx.exe
  2⤵
  PID:7144
- C:\Windows\System\FegaMIt.exe
  C:\Windows\System\FegaMIt.exe
  2⤵
  PID:7160
- C:\Windows\System\JFOMkNX.exe
  C:\Windows\System\JFOMkNX.exe
  2⤵
  PID:6164
- C:\Windows\System\iJNCcZs.exe
  C:\Windows\System\iJNCcZs.exe
  2⤵
  PID:6228
- C:\Windows\System\SxulYVe.exe
  C:\Windows\System\SxulYVe.exe
  2⤵
  PID:5724
- C:\Windows\System\tNQnIsF.exe
  C:\Windows\System\tNQnIsF.exe
  2⤵
  PID:6180
- C:\Windows\System\evGoaSd.exe
  C:\Windows\System\evGoaSd.exe
  2⤵
  PID:5196
- C:\Windows\System\PuviPMN.exe
  C:\Windows\System\PuviPMN.exe
  2⤵
  PID:6276
- C:\Windows\System\khHmdZm.exe
  C:\Windows\System\khHmdZm.exe
  2⤵
  PID:6340
- C:\Windows\System\nyYYuRL.exe
  C:\Windows\System\nyYYuRL.exe
  2⤵
  PID:6408
- C:\Windows\System\aSJbmAj.exe
  C:\Windows\System\aSJbmAj.exe
  2⤵
  PID:6472
- C:\Windows\System\CbooWfT.exe
  C:\Windows\System\CbooWfT.exe
  2⤵
  PID:6504
- C:\Windows\System\RgTmExo.exe
  C:\Windows\System\RgTmExo.exe
  2⤵
  PID:6548
- C:\Windows\System\jgxDInL.exe
  C:\Windows\System\jgxDInL.exe
  2⤵
  PID:6328
- C:\Windows\System\YInJIVC.exe
  C:\Windows\System\YInJIVC.exe
  2⤵
  PID:6392
- C:\Windows\System\aYfUigu.exe
  C:\Windows\System\aYfUigu.exe
  2⤵
  PID:6612
- C:\Windows\System\OVdBTCd.exe
  C:\Windows\System\OVdBTCd.exe
  2⤵
  PID:6676
- C:\Windows\System\yJQxxwV.exe
  C:\Windows\System\yJQxxwV.exe
  2⤵
  PID:6740
- C:\Windows\System\HCfkmen.exe
  C:\Windows\System\HCfkmen.exe
  2⤵
  PID:6456
- C:\Windows\System\OhTDKNJ.exe
  C:\Windows\System\OhTDKNJ.exe
  2⤵
  PID:6724
- C:\Windows\System\FsWprJv.exe
  C:\Windows\System\FsWprJv.exe
  2⤵
  PID:6788
- C:\Windows\System\QeMHWpb.exe
  C:\Windows\System\QeMHWpb.exe
  2⤵
  PID:6532
- C:\Windows\System\xHLVTyJ.exe
  C:\Windows\System\xHLVTyJ.exe
  2⤵
  PID:6656
- C:\Windows\System\sYhiDzR.exe
  C:\Windows\System\sYhiDzR.exe
  2⤵
  PID:6592
- C:\Windows\System\fVVhveP.exe
  C:\Windows\System\fVVhveP.exe
  2⤵
  PID:6876
- C:\Windows\System\qDWcoMh.exe
  C:\Windows\System\qDWcoMh.exe
  2⤵
  PID:6824
- C:\Windows\System\iEOBLWC.exe
  C:\Windows\System\iEOBLWC.exe
  2⤵
  PID:6892
- C:\Windows\System\VeUtHxM.exe
  C:\Windows\System\VeUtHxM.exe
  2⤵
  PID:6960
- C:\Windows\System\evmmWBq.exe
  C:\Windows\System\evmmWBq.exe
  2⤵
  PID:7028
- C:\Windows\System\jmGklpx.exe
  C:\Windows\System\jmGklpx.exe
  2⤵
  PID:6944
- C:\Windows\System\GlnRZdQ.exe
  C:\Windows\System\GlnRZdQ.exe
  2⤵
  PID:7008
- C:\Windows\System\SCxxhuC.exe
  C:\Windows\System\SCxxhuC.exe
  2⤵
  PID:7060
- C:\Windows\System\zQLSygk.exe
  C:\Windows\System\zQLSygk.exe
  2⤵
  PID:7108
- C:\Windows\System\SjPvsfb.exe
  C:\Windows\System\SjPvsfb.exe
  2⤵
  PID:6104
- C:\Windows\System\kFPAWKV.exe
  C:\Windows\System\kFPAWKV.exe
  2⤵
  PID:7088
- C:\Windows\System\hESRxEZ.exe
  C:\Windows\System\hESRxEZ.exe
  2⤵
  PID:7152
- C:\Windows\System\CXFRHOL.exe
  C:\Windows\System\CXFRHOL.exe
  2⤵
  PID:5928
- C:\Windows\System\ZssaymK.exe
  C:\Windows\System\ZssaymK.exe
  2⤵
  PID:6152
- C:\Windows\System\wvnwuAU.exe
  C:\Windows\System\wvnwuAU.exe
  2⤵
  PID:6544
- C:\Windows\System\kZQYVaL.exe
  C:\Windows\System\kZQYVaL.exe
  2⤵
  PID:6376
- C:\Windows\System\vdpkTwc.exe
  C:\Windows\System\vdpkTwc.exe
  2⤵
  PID:6324
- C:\Windows\System\vqzXLJO.exe
  C:\Windows\System\vqzXLJO.exe
  2⤵
  PID:6768
- C:\Windows\System\kMPmsJw.exe
  C:\Windows\System\kMPmsJw.exe
  2⤵
  PID:6640
- C:\Windows\System\NpOlKIx.exe
  C:\Windows\System\NpOlKIx.exe
  2⤵
  PID:6608
- C:\Windows\System\KGmQVAC.exe
  C:\Windows\System\KGmQVAC.exe
  2⤵
  PID:6844
- C:\Windows\System\DRlaqWT.exe
  C:\Windows\System\DRlaqWT.exe
  2⤵
  PID:6736
- C:\Windows\System\zefhQlZ.exe
  C:\Windows\System\zefhQlZ.exe
  2⤵
  PID:6528
- C:\Windows\System\tkvrZYp.exe
  C:\Windows\System\tkvrZYp.exe
  2⤵
  PID:6992
- C:\Windows\System\mTZBNoF.exe
  C:\Windows\System\mTZBNoF.exe
  2⤵
  PID:6912
- C:\Windows\System\STwhhMz.exe
  C:\Windows\System\STwhhMz.exe
  2⤵
  PID:6940
- C:\Windows\System\cLgewhh.exe
  C:\Windows\System\cLgewhh.exe
  2⤵
  PID:7120
- C:\Windows\System\qBRLimy.exe
  C:\Windows\System\qBRLimy.exe
  2⤵
  PID:7056
- C:\Windows\System\ZOzHHTV.exe
  C:\Windows\System\ZOzHHTV.exe
  2⤵
  PID:6216
- C:\Windows\System\KcTVUKW.exe
  C:\Windows\System\KcTVUKW.exe
  2⤵
  PID:7140
- C:\Windows\System\iECObxy.exe
  C:\Windows\System\iECObxy.exe
  2⤵
  PID:6388
- C:\Windows\System\cObjNkT.exe
  C:\Windows\System\cObjNkT.exe
  2⤵
  PID:7172
- C:\Windows\System\WuaUeDY.exe
  C:\Windows\System\WuaUeDY.exe
  2⤵
  PID:7196
- C:\Windows\System\LRrfbOO.exe
  C:\Windows\System\LRrfbOO.exe
  2⤵
  PID:7212
- C:\Windows\System\AqOPaUN.exe
  C:\Windows\System\AqOPaUN.exe
  2⤵
  PID:7228
- C:\Windows\System\WkhLDrV.exe
  C:\Windows\System\WkhLDrV.exe
  2⤵
  PID:7244
- C:\Windows\System\AsTIUrK.exe
  C:\Windows\System\AsTIUrK.exe
  2⤵
  PID:7260
- C:\Windows\System\rFJAcCV.exe
  C:\Windows\System\rFJAcCV.exe
  2⤵
  PID:7276
- C:\Windows\System\TohfcTF.exe
  C:\Windows\System\TohfcTF.exe
  2⤵
  PID:7292
- C:\Windows\System\TqiWMCZ.exe
  C:\Windows\System\TqiWMCZ.exe
  2⤵
  PID:7308
- C:\Windows\System\RwssnYU.exe
  C:\Windows\System\RwssnYU.exe
  2⤵
  PID:7324
- C:\Windows\System\lrgaRJO.exe
  C:\Windows\System\lrgaRJO.exe
  2⤵
  PID:7340
- C:\Windows\System\mZfkyFO.exe
  C:\Windows\System\mZfkyFO.exe
  2⤵
  PID:7356
- C:\Windows\System\gNUkBRm.exe
  C:\Windows\System\gNUkBRm.exe
  2⤵
  PID:7372
- C:\Windows\System\HHuvliY.exe
  C:\Windows\System\HHuvliY.exe
  2⤵
  PID:7388
- C:\Windows\System\jXYcabF.exe
  C:\Windows\System\jXYcabF.exe
  2⤵
  PID:7404
- C:\Windows\System\ScDvxvT.exe
  C:\Windows\System\ScDvxvT.exe
  2⤵
  PID:7420
- C:\Windows\System\ugfwOUB.exe
  C:\Windows\System\ugfwOUB.exe
  2⤵
  PID:7436
- C:\Windows\System\PwvALQU.exe
  C:\Windows\System\PwvALQU.exe
  2⤵
  PID:7456
- C:\Windows\System\qWcDkhe.exe
  C:\Windows\System\qWcDkhe.exe
  2⤵
  PID:7472
- C:\Windows\System\VFIljwr.exe
  C:\Windows\System\VFIljwr.exe
  2⤵
  PID:7488
- C:\Windows\System\MXVGNKe.exe
  C:\Windows\System\MXVGNKe.exe
  2⤵
  PID:7504
- C:\Windows\System\hPXwmnF.exe
  C:\Windows\System\hPXwmnF.exe
  2⤵
  PID:7520
- C:\Windows\System\zqpoudf.exe
  C:\Windows\System\zqpoudf.exe
  2⤵
  PID:7536
- C:\Windows\System\RvfXKoy.exe
  C:\Windows\System\RvfXKoy.exe
  2⤵
  PID:7552
- C:\Windows\System\YGQwUsL.exe
  C:\Windows\System\YGQwUsL.exe
  2⤵
  PID:7568
- C:\Windows\System\bdKuNrY.exe
  C:\Windows\System\bdKuNrY.exe
  2⤵
  PID:7588
- C:\Windows\System\dqwNESP.exe
  C:\Windows\System\dqwNESP.exe
  2⤵
  PID:7604
- C:\Windows\System\Oqvvhkr.exe
  C:\Windows\System\Oqvvhkr.exe
  2⤵
  PID:7620
- C:\Windows\System\ApCEvuS.exe
  C:\Windows\System\ApCEvuS.exe
  2⤵
  PID:7636
- C:\Windows\System\PxMxwGt.exe
  C:\Windows\System\PxMxwGt.exe
  2⤵
  PID:7652
- C:\Windows\System\JTEXeoV.exe
  C:\Windows\System\JTEXeoV.exe
  2⤵
  PID:7668
- C:\Windows\System\VLTHLas.exe
  C:\Windows\System\VLTHLas.exe
  2⤵
  PID:7684
- C:\Windows\System\IdWphGc.exe
  C:\Windows\System\IdWphGc.exe
  2⤵
  PID:7700
- C:\Windows\System\bhmcROR.exe
  C:\Windows\System\bhmcROR.exe
  2⤵
  PID:7716
- C:\Windows\System\xFNIYKX.exe
  C:\Windows\System\xFNIYKX.exe
  2⤵
  PID:7732
- C:\Windows\System\qrjrAyT.exe
  C:\Windows\System\qrjrAyT.exe
  2⤵
  PID:7748
- C:\Windows\System\qJNyDEK.exe
  C:\Windows\System\qJNyDEK.exe
  2⤵
  PID:7768
- C:\Windows\System\NmtQcMZ.exe
  C:\Windows\System\NmtQcMZ.exe
  2⤵
  PID:7784
- C:\Windows\System\NZTqvFt.exe
  C:\Windows\System\NZTqvFt.exe
  2⤵
  PID:7800
- C:\Windows\System\GdBRLTF.exe
  C:\Windows\System\GdBRLTF.exe
  2⤵
  PID:7816
- C:\Windows\System\DueaVAp.exe
  C:\Windows\System\DueaVAp.exe
  2⤵
  PID:7832
- C:\Windows\System\qCRcJTv.exe
  C:\Windows\System\qCRcJTv.exe
  2⤵
  PID:7848
- C:\Windows\System\FDXBiwA.exe
  C:\Windows\System\FDXBiwA.exe
  2⤵
  PID:7864
- C:\Windows\System\MvzxRSd.exe
  C:\Windows\System\MvzxRSd.exe
  2⤵
  PID:7880
- C:\Windows\System\NvDktbe.exe
  C:\Windows\System\NvDktbe.exe
  2⤵
  PID:7896
- C:\Windows\System\EtnquoM.exe
  C:\Windows\System\EtnquoM.exe
  2⤵
  PID:7912
- C:\Windows\System\sISjMvK.exe
  C:\Windows\System\sISjMvK.exe
  2⤵
  PID:7928
- C:\Windows\System\wgMFHus.exe
  C:\Windows\System\wgMFHus.exe
  2⤵
  PID:7944
- C:\Windows\System\TTUKsKD.exe
  C:\Windows\System\TTUKsKD.exe
  2⤵
  PID:7960
- C:\Windows\System\CjRACMo.exe
  C:\Windows\System\CjRACMo.exe
  2⤵
  PID:7976
- C:\Windows\System\TzgKPTo.exe
  C:\Windows\System\TzgKPTo.exe
  2⤵
  PID:7992
- C:\Windows\System\AMPMbHb.exe
  C:\Windows\System\AMPMbHb.exe
  2⤵
  PID:8008
- C:\Windows\System\XooqKVS.exe
  C:\Windows\System\XooqKVS.exe
  2⤵
  PID:8024
- C:\Windows\System\NnyrKKU.exe
  C:\Windows\System\NnyrKKU.exe
  2⤵
  PID:8040
- C:\Windows\System\LSJehtd.exe
  C:\Windows\System\LSJehtd.exe
  2⤵
  PID:8056
- C:\Windows\System\avaQAKJ.exe
  C:\Windows\System\avaQAKJ.exe
  2⤵
  PID:8072
- C:\Windows\System\briXJSd.exe
  C:\Windows\System\briXJSd.exe
  2⤵
  PID:8088
- C:\Windows\System\NRUPerS.exe
  C:\Windows\System\NRUPerS.exe
  2⤵
  PID:8112
- C:\Windows\System\PbbOgCu.exe
  C:\Windows\System\PbbOgCu.exe
  2⤵
  PID:8128
- C:\Windows\System\eeonTCC.exe
  C:\Windows\System\eeonTCC.exe
  2⤵
  PID:8144
- C:\Windows\System\drykVqH.exe
  C:\Windows\System\drykVqH.exe
  2⤵
  PID:8160
- C:\Windows\System\MwPWaGK.exe
  C:\Windows\System\MwPWaGK.exe
  2⤵
  PID:8176
- C:\Windows\System\Rclxkkg.exe
  C:\Windows\System\Rclxkkg.exe
  2⤵
  PID:6596
- C:\Windows\System\SnDNFaX.exe
  C:\Windows\System\SnDNFaX.exe
  2⤵
  PID:6372
- C:\Windows\System\zlEADaH.exe
  C:\Windows\System\zlEADaH.exe
  2⤵
  PID:7204
- C:\Windows\System\hqwYdUQ.exe
  C:\Windows\System\hqwYdUQ.exe
  2⤵
  PID:7268
- C:\Windows\System\PbkLYCq.exe
  C:\Windows\System\PbkLYCq.exe
  2⤵
  PID:7332
- C:\Windows\System\teskNCw.exe
  C:\Windows\System\teskNCw.exe
  2⤵
  PID:5136
- C:\Windows\System\XfWCQbn.exe
  C:\Windows\System\XfWCQbn.exe
  2⤵
  PID:6424
- C:\Windows\System\BiSgGvd.exe
  C:\Windows\System\BiSgGvd.exe
  2⤵
  PID:6720
- C:\Windows\System\EOrdDqC.exe
  C:\Windows\System\EOrdDqC.exe
  2⤵
  PID:6248
- C:\Windows\System\JnmXpLl.exe
  C:\Windows\System\JnmXpLl.exe
  2⤵
  PID:7220
- C:\Windows\System\hKZmrGz.exe
  C:\Windows\System\hKZmrGz.exe
  2⤵
  PID:7284
- C:\Windows\System\KLyPsWv.exe
  C:\Windows\System\KLyPsWv.exe
  2⤵
  PID:7348
- C:\Windows\System\LmgJPmD.exe
  C:\Windows\System\LmgJPmD.exe
  2⤵
  PID:7412
- C:\Windows\System\drTyhxK.exe
  C:\Windows\System\drTyhxK.exe
  2⤵
  PID:7428
- C:\Windows\System\aVzbNXv.exe
  C:\Windows\System\aVzbNXv.exe
  2⤵
  PID:7452
- C:\Windows\System\BSGziWL.exe
  C:\Windows\System\BSGziWL.exe
  2⤵
  PID:7512
- C:\Windows\System\gAkJLXo.exe
  C:\Windows\System\gAkJLXo.exe
  2⤵
  PID:7496
- C:\Windows\System\jkmCrJc.exe
  C:\Windows\System\jkmCrJc.exe
  2⤵
  PID:7532
- C:\Windows\System\skHwSXy.exe
  C:\Windows\System\skHwSXy.exe
  2⤵
  PID:7692
- C:\Windows\System\tnEDUFm.exe
  C:\Windows\System\tnEDUFm.exe
  2⤵
  PID:7632
- C:\Windows\System\zUmZKFP.exe
  C:\Windows\System\zUmZKFP.exe
  2⤵
  PID:7744
- C:\Windows\System\xORTIsA.exe
  C:\Windows\System\xORTIsA.exe
  2⤵
  PID:7792
- C:\Windows\System\ueHOyEt.exe
  C:\Windows\System\ueHOyEt.exe
  2⤵
  PID:7828
- C:\Windows\System\LXShrtD.exe
  C:\Windows\System\LXShrtD.exe
  2⤵
  PID:7876
- C:\Windows\System\zaOHGxC.exe
  C:\Windows\System\zaOHGxC.exe
  2⤵
  PID:7892
- C:\Windows\System\fVYKhEN.exe
  C:\Windows\System\fVYKhEN.exe
  2⤵
  PID:7988
- C:\Windows\System\DeJTKjF.exe
  C:\Windows\System\DeJTKjF.exe
  2⤵
  PID:7940
- C:\Windows\System\klXHJhN.exe
  C:\Windows\System\klXHJhN.exe
  2⤵
  PID:8036
- C:\Windows\System\FBicavG.exe
  C:\Windows\System\FBicavG.exe
  2⤵
  PID:8096
- C:\Windows\System\ogiRtJR.exe
  C:\Windows\System\ogiRtJR.exe
  2⤵
  PID:8104
- C:\Windows\System\eleOBxR.exe
  C:\Windows\System\eleOBxR.exe
  2⤵
  PID:8084
- C:\Windows\System\PjdHNiJ.exe
  C:\Windows\System\PjdHNiJ.exe
  2⤵
  PID:8124
- C:\Windows\System\LwczFNj.exe
  C:\Windows\System\LwczFNj.exe
  2⤵
  PID:8188
- C:\Windows\System\FiNJqYX.exe
  C:\Windows\System\FiNJqYX.exe
  2⤵
  PID:6928
- C:\Windows\System\urqbAAB.exe
  C:\Windows\System\urqbAAB.exe
  2⤵
  PID:7236
- C:\Windows\System\GMRSZZP.exe
  C:\Windows\System\GMRSZZP.exe
  2⤵
  PID:7368
- C:\Windows\System\NUTnkQN.exe
  C:\Windows\System\NUTnkQN.exe
  2⤵
  PID:6908
- C:\Windows\System\YvSqRqE.exe
  C:\Windows\System\YvSqRqE.exe
  2⤵
  PID:6468
- C:\Windows\System\jPabGNS.exe
  C:\Windows\System\jPabGNS.exe
  2⤵
  PID:7320
- C:\Windows\System\dXiEPDc.exe
  C:\Windows\System\dXiEPDc.exe
  2⤵
  PID:7544
- C:\Windows\System\SmxUXyU.exe
  C:\Windows\System\SmxUXyU.exe
  2⤵
  PID:7380
- C:\Windows\System\FyRVytJ.exe
  C:\Windows\System\FyRVytJ.exe
  2⤵
  PID:6672
- C:\Windows\System\SLDCBle.exe
  C:\Windows\System\SLDCBle.exe
  2⤵
  PID:7616
- C:\Windows\System\RQJPREp.exe
  C:\Windows\System\RQJPREp.exe
  2⤵
  PID:7740
- C:\Windows\System\foeVEQj.exe
  C:\Windows\System\foeVEQj.exe
  2⤵
  PID:7600
- C:\Windows\System\mcfIjWi.exe
  C:\Windows\System\mcfIjWi.exe
  2⤵
  PID:7808
- C:\Windows\System\UAZWcof.exe
  C:\Windows\System\UAZWcof.exe
  2⤵
  PID:7760
- C:\Windows\System\nphFpLO.exe
  C:\Windows\System\nphFpLO.exe
  2⤵
  PID:7844
- C:\Windows\System\zDJUbyU.exe
  C:\Windows\System\zDJUbyU.exe
  2⤵
  PID:7924
- C:\Windows\System\ZtLTRxL.exe
  C:\Windows\System\ZtLTRxL.exe
  2⤵
  PID:7936
- C:\Windows\System\nqboblx.exe
  C:\Windows\System\nqboblx.exe
  2⤵
  PID:6860
- C:\Windows\System\xKbJcKT.exe
  C:\Windows\System\xKbJcKT.exe
  2⤵
  PID:8136
- C:\Windows\System\yZUXXge.exe
  C:\Windows\System\yZUXXge.exe
  2⤵
  PID:7024
- C:\Windows\System\RdqtGxr.exe
  C:\Windows\System\RdqtGxr.exe
  2⤵
  PID:7300
- C:\Windows\System\hPisUMi.exe
  C:\Windows\System\hPisUMi.exe
  2⤵
  PID:7448
- C:\Windows\System\CudqIkf.exe
  C:\Windows\System\CudqIkf.exe
  2⤵
  PID:6060
- C:\Windows\System\vPfbeqa.exe
  C:\Windows\System\vPfbeqa.exe
  2⤵
  PID:7528
- C:\Windows\System\qXWLvCv.exe
  C:\Windows\System\qXWLvCv.exe
  2⤵
  PID:7580
- C:\Windows\System\zrBRKbJ.exe
  C:\Windows\System\zrBRKbJ.exe
  2⤵
  PID:6200
- C:\Windows\System\AKMwdkn.exe
  C:\Windows\System\AKMwdkn.exe
  2⤵
  PID:7708
- C:\Windows\System\XJNzfbB.exe
  C:\Windows\System\XJNzfbB.exe
  2⤵
  PID:7676
- C:\Windows\System\TCSmuvU.exe
  C:\Windows\System\TCSmuvU.exe
  2⤵
  PID:7824
- C:\Windows\System\dpViqrK.exe
  C:\Windows\System\dpViqrK.exe
  2⤵
  PID:7628
- C:\Windows\System\dfCMEgQ.exe
  C:\Windows\System\dfCMEgQ.exe
  2⤵
  PID:7952
- C:\Windows\System\VuAhufi.exe
  C:\Windows\System\VuAhufi.exe
  2⤵
  PID:8100
- C:\Windows\System\hTdJdwM.exe
  C:\Windows\System\hTdJdwM.exe
  2⤵
  PID:7364
- C:\Windows\System\VrvTWEg.exe
  C:\Windows\System\VrvTWEg.exe
  2⤵
  PID:6580
- C:\Windows\System\tpAimgj.exe
  C:\Windows\System\tpAimgj.exe
  2⤵
  PID:8196
- C:\Windows\System\BTgEqRP.exe
  C:\Windows\System\BTgEqRP.exe
  2⤵
  PID:8212
- C:\Windows\System\gjFzUcQ.exe
  C:\Windows\System\gjFzUcQ.exe
  2⤵
  PID:8228
- C:\Windows\System\YZcKgtB.exe
  C:\Windows\System\YZcKgtB.exe
  2⤵
  PID:8244
- C:\Windows\System\BqvWpBd.exe
  C:\Windows\System\BqvWpBd.exe
  2⤵
  PID:8260
- C:\Windows\System\yEChotX.exe
  C:\Windows\System\yEChotX.exe
  2⤵
  PID:8276
- C:\Windows\System\ChgwEVF.exe
  C:\Windows\System\ChgwEVF.exe
  2⤵
  PID:8292
- C:\Windows\System\BcAVpcy.exe
  C:\Windows\System\BcAVpcy.exe
  2⤵
  PID:8308
- C:\Windows\System\vbAKgZl.exe
  C:\Windows\System\vbAKgZl.exe
  2⤵
  PID:8324
- C:\Windows\System\AmurUaa.exe
  C:\Windows\System\AmurUaa.exe
  2⤵
  PID:8340
- C:\Windows\System\yyXPPRc.exe
  C:\Windows\System\yyXPPRc.exe
  2⤵
  PID:8356
- C:\Windows\System\UtMaXvr.exe
  C:\Windows\System\UtMaXvr.exe
  2⤵
  PID:8372
- C:\Windows\System\iKoNPuD.exe
  C:\Windows\System\iKoNPuD.exe
  2⤵
  PID:8388
- C:\Windows\System\WwtmZoG.exe
  C:\Windows\System\WwtmZoG.exe
  2⤵
  PID:8404
- C:\Windows\System\DVZvyhc.exe
  C:\Windows\System\DVZvyhc.exe
  2⤵
  PID:8420
- C:\Windows\System\kitjxSo.exe
  C:\Windows\System\kitjxSo.exe
  2⤵
  PID:8436
- C:\Windows\System\oRXubIj.exe
  C:\Windows\System\oRXubIj.exe
  2⤵
  PID:8456
- C:\Windows\System\zTkFkpw.exe
  C:\Windows\System\zTkFkpw.exe
  2⤵
  PID:8484
- C:\Windows\System\wNWKxTD.exe
  C:\Windows\System\wNWKxTD.exe
  2⤵
  PID:8504
- C:\Windows\System\MpeilDn.exe
  C:\Windows\System\MpeilDn.exe
  2⤵
  PID:8524
- C:\Windows\System\nBZlxDG.exe
  C:\Windows\System\nBZlxDG.exe
  2⤵
  PID:8544
- C:\Windows\System\XjQWBXQ.exe
  C:\Windows\System\XjQWBXQ.exe
  2⤵
  PID:8564
- C:\Windows\System\EsuSSmb.exe
  C:\Windows\System\EsuSSmb.exe
  2⤵
  PID:8580
- C:\Windows\System\kLhhQWo.exe
  C:\Windows\System\kLhhQWo.exe
  2⤵
  PID:8596
- C:\Windows\System\pgKJwRt.exe
  C:\Windows\System\pgKJwRt.exe
  2⤵
  PID:8612
- C:\Windows\System\kGDypky.exe
  C:\Windows\System\kGDypky.exe
  2⤵
  PID:8628
- C:\Windows\System\EkQNkpk.exe
  C:\Windows\System\EkQNkpk.exe
  2⤵
  PID:8644
- C:\Windows\System\MAXABtA.exe
  C:\Windows\System\MAXABtA.exe
  2⤵
  PID:8660
- C:\Windows\System\hHeNNOR.exe
  C:\Windows\System\hHeNNOR.exe
  2⤵
  PID:8680
- C:\Windows\System\gNSEWnk.exe
  C:\Windows\System\gNSEWnk.exe
  2⤵
  PID:8696
- C:\Windows\System\EigLPLR.exe
  C:\Windows\System\EigLPLR.exe
  2⤵
  PID:8900
- C:\Windows\System\jMlrSau.exe
  C:\Windows\System\jMlrSau.exe
  2⤵
  PID:8944
- C:\Windows\System\eLRaLZz.exe
  C:\Windows\System\eLRaLZz.exe
  2⤵
  PID:8976
- C:\Windows\System\wRREoJZ.exe
  C:\Windows\System\wRREoJZ.exe
  2⤵
  PID:8992
- C:\Windows\System\wNhtKJD.exe
  C:\Windows\System\wNhtKJD.exe
  2⤵
  PID:9008
- C:\Windows\System\IQEhnce.exe
  C:\Windows\System\IQEhnce.exe
  2⤵
  PID:9028
- C:\Windows\System\sWAYhOt.exe
  C:\Windows\System\sWAYhOt.exe
  2⤵
  PID:7972
- C:\Windows\System\fodEtpW.exe
  C:\Windows\System\fodEtpW.exe
  2⤵
  PID:7256
- C:\Windows\System\NyNOIiY.exe
  C:\Windows\System\NyNOIiY.exe
  2⤵
  PID:8756
- C:\Windows\System\nVjkFtr.exe
  C:\Windows\System\nVjkFtr.exe
  2⤵
  PID:9056
- C:\Windows\System\YBiSkOe.exe
  C:\Windows\System\YBiSkOe.exe
  2⤵
  PID:9076
- C:\Windows\System\GngkNcW.exe
  C:\Windows\System\GngkNcW.exe
  2⤵
  PID:9092
- C:\Windows\System\myOClik.exe
  C:\Windows\System\myOClik.exe
  2⤵
  PID:9116
- C:\Windows\System\lSkKRby.exe
  C:\Windows\System\lSkKRby.exe
  2⤵
  PID:9132
- C:\Windows\System\puVrkAU.exe
  C:\Windows\System\puVrkAU.exe
  2⤵
  PID:9148
- C:\Windows\System\PppSdmi.exe
  C:\Windows\System\PppSdmi.exe
  2⤵
  PID:9156
- C:\Windows\System\SpDyKes.exe
  C:\Windows\System\SpDyKes.exe
  2⤵
  PID:9184
- C:\Windows\System\OShkbUc.exe
  C:\Windows\System\OShkbUc.exe
  2⤵
  PID:9196
- C:\Windows\System\kDOvsxB.exe
  C:\Windows\System\kDOvsxB.exe
  2⤵
  PID:9212
- C:\Windows\System\KGzrLaO.exe
  C:\Windows\System\KGzrLaO.exe
  2⤵
  PID:7304
- C:\Windows\System\ZBVYVSo.exe
  C:\Windows\System\ZBVYVSo.exe
  2⤵
  PID:7780
- C:\Windows\System\byOeRIS.exe
  C:\Windows\System\byOeRIS.exe
  2⤵
  PID:8252
- C:\Windows\System\NfGDmaz.exe
  C:\Windows\System\NfGDmaz.exe
  2⤵
  PID:7104
- C:\Windows\System\kDSYasa.exe
  C:\Windows\System\kDSYasa.exe
  2⤵
  PID:7188
- C:\Windows\System\drGnPzZ.exe
  C:\Windows\System\drGnPzZ.exe
  2⤵
  PID:8332
- C:\Windows\System\mlCuWHX.exe
  C:\Windows\System\mlCuWHX.exe
  2⤵
  PID:8380
- C:\Windows\System\vPpnebf.exe
  C:\Windows\System\vPpnebf.exe
  2⤵
  PID:8416
- C:\Windows\System\xFFmeIK.exe
  C:\Windows\System\xFFmeIK.exe
  2⤵
  PID:8400
- C:\Windows\System\WBgHijs.exe
  C:\Windows\System\WBgHijs.exe
  2⤵
  PID:8396
- C:\Windows\System\FKsJiel.exe
  C:\Windows\System\FKsJiel.exe
  2⤵
  PID:8464
- C:\Windows\System\ooslbyc.exe
  C:\Windows\System\ooslbyc.exe
  2⤵
  PID:8576
- C:\Windows\System\JtYmuYa.exe
  C:\Windows\System\JtYmuYa.exe
  2⤵
  PID:8604
- C:\Windows\System\xeoanlv.exe
  C:\Windows\System\xeoanlv.exe
  2⤵
  PID:8560
- C:\Windows\System\MquooqW.exe
  C:\Windows\System\MquooqW.exe
  2⤵
  PID:8640
- C:\Windows\System\BoIXZAR.exe
  C:\Windows\System\BoIXZAR.exe
  2⤵
  PID:8676
- C:\Windows\System\BprFNMJ.exe
  C:\Windows\System\BprFNMJ.exe
  2⤵
  PID:8720
- C:\Windows\System\JWVxzlJ.exe
  C:\Windows\System\JWVxzlJ.exe
  2⤵
  PID:8736
- C:\Windows\System\yiDSiZj.exe
  C:\Windows\System\yiDSiZj.exe
  2⤵
  PID:8752
- C:\Windows\System\qHIisUi.exe
  C:\Windows\System\qHIisUi.exe
  2⤵
  PID:8764
- C:\Windows\System\HtyPvRm.exe
  C:\Windows\System\HtyPvRm.exe
  2⤵
  PID:8820
- C:\Windows\System\APfRtog.exe
  C:\Windows\System\APfRtog.exe
  2⤵
  PID:8816
- C:\Windows\System\zHxvfbG.exe
  C:\Windows\System\zHxvfbG.exe
  2⤵
  PID:8852
- C:\Windows\System\oestezJ.exe
  C:\Windows\System\oestezJ.exe
  2⤵
  PID:8868
- C:\Windows\System\OMQMGiK.exe
  C:\Windows\System\OMQMGiK.exe
  2⤵
  PID:8876
- C:\Windows\System\ODleJIO.exe
  C:\Windows\System\ODleJIO.exe
  2⤵
  PID:8908
- C:\Windows\System\ycGSPga.exe
  C:\Windows\System\ycGSPga.exe
  2⤵
  PID:8928
- C:\Windows\System\ZBCyQih.exe
  C:\Windows\System\ZBCyQih.exe
  2⤵
  PID:8932
- C:\Windows\System\oVrpOUI.exe
  C:\Windows\System\oVrpOUI.exe
  2⤵
  PID:8960
- C:\Windows\System\wxBcofP.exe
  C:\Windows\System\wxBcofP.exe
  2⤵
  PID:8984
- C:\Windows\System\qKyMVBo.exe
  C:\Windows\System\qKyMVBo.exe
  2⤵
  PID:9004
- C:\Windows\System\DqWazQj.exe
  C:\Windows\System\DqWazQj.exe
  2⤵
  PID:9084
- C:\Windows\System\oUpsqsi.exe
  C:\Windows\System\oUpsqsi.exe
  2⤵
  PID:9100
- C:\Windows\System\dRSJuui.exe
  C:\Windows\System\dRSJuui.exe
  2⤵
  PID:9140
- C:\Windows\System\fXuSnwQ.exe
  C:\Windows\System\fXuSnwQ.exe
  2⤵
  PID:9208
- C:\Windows\System\xVyruUL.exe
  C:\Windows\System\xVyruUL.exe
  2⤵
  PID:7596
- C:\Windows\System\ADXRGeG.exe
  C:\Windows\System\ADXRGeG.exe
  2⤵
  PID:7464
- C:\Windows\System\KBCeyil.exe
  C:\Windows\System\KBCeyil.exe
  2⤵
  PID:7888
- C:\Windows\System\EewJjUd.exe
  C:\Windows\System\EewJjUd.exe
  2⤵
  PID:6660
- C:\Windows\System\PHeYArF.exe
  C:\Windows\System\PHeYArF.exe
  2⤵
  PID:6292
- C:\Windows\System\tInSMNE.exe
  C:\Windows\System\tInSMNE.exe
  2⤵
  PID:8412
- C:\Windows\System\hJdYDuU.exe
  C:\Windows\System\hJdYDuU.exe
  2⤵
  PID:8512
- C:\Windows\System\ybZnYnK.exe
  C:\Windows\System\ybZnYnK.exe
  2⤵
  PID:8840
- C:\Windows\System\BRJYyaz.exe
  C:\Windows\System\BRJYyaz.exe
  2⤵
  PID:8808
- C:\Windows\System\KRgVqrY.exe
  C:\Windows\System\KRgVqrY.exe
  2⤵
  PID:8956
- C:\Windows\System\MUrGSIS.exe
  C:\Windows\System\MUrGSIS.exe
  2⤵
  PID:8880
- C:\Windows\System\ldTexEV.exe
  C:\Windows\System\ldTexEV.exe
  2⤵
  PID:8916
- C:\Windows\System\iqtiHmz.exe
  C:\Windows\System\iqtiHmz.exe
  2⤵
  PID:9176
- C:\Windows\System\VTukYqB.exe
  C:\Windows\System\VTukYqB.exe
  2⤵
  PID:9072
- C:\Windows\System\zVnqTUz.exe
  C:\Windows\System\zVnqTUz.exe
  2⤵
  PID:8020
- C:\Windows\System\JaoAKEw.exe
  C:\Windows\System\JaoAKEw.exe
  2⤵
  PID:8052
- C:\Windows\System\FSIKIEK.exe
  C:\Windows\System\FSIKIEK.exe
  2⤵
  PID:8496
- C:\Windows\System\hpZrFWb.exe
  C:\Windows\System\hpZrFWb.exe
  2⤵
  PID:8500
- C:\Windows\System\EhDEBEr.exe
  C:\Windows\System\EhDEBEr.exe
  2⤵
  PID:8428
- C:\Windows\System\iBKNWay.exe
  C:\Windows\System\iBKNWay.exe
  2⤵
  PID:8608
- C:\Windows\System\LqlqtCi.exe
  C:\Windows\System\LqlqtCi.exe
  2⤵
  PID:8688
- C:\Windows\System\YkZaroP.exe
  C:\Windows\System\YkZaroP.exe
  2⤵
  PID:8832
- C:\Windows\System\ppcLcJD.exe
  C:\Windows\System\ppcLcJD.exe
  2⤵
  PID:8812
- C:\Windows\System\xTpacPt.exe
  C:\Windows\System\xTpacPt.exe
  2⤵
  PID:9044
- C:\Windows\System\VdkXXGR.exe
  C:\Windows\System\VdkXXGR.exe
  2⤵
  PID:9124
- C:\Windows\System\zHudkNP.exe
  C:\Windows\System\zHudkNP.exe
  2⤵
  PID:7444
- C:\Windows\System\TdgZQJF.exe
  C:\Windows\System\TdgZQJF.exe
  2⤵
  PID:9096
- C:\Windows\System\zQOuCSE.exe
  C:\Windows\System\zQOuCSE.exe
  2⤵
  PID:9192
- C:\Windows\System\rFCpmCP.exe
  C:\Windows\System\rFCpmCP.exe
  2⤵
  PID:8236
- C:\Windows\System\NbFBHWf.exe
  C:\Windows\System\NbFBHWf.exe
  2⤵
  PID:8532
- C:\Windows\System\POimkTi.exe
  C:\Windows\System\POimkTi.exe
  2⤵
  PID:8672
- C:\Windows\System\mYDNXhs.exe
  C:\Windows\System\mYDNXhs.exe
  2⤵
  PID:8836
- C:\Windows\System\HOLqjnM.exe
  C:\Windows\System\HOLqjnM.exe
  2⤵
  PID:8896
- C:\Windows\System\oXFKohl.exe
  C:\Windows\System\oXFKohl.exe
  2⤵
  PID:8692
- C:\Windows\System\tWIEmNO.exe
  C:\Windows\System\tWIEmNO.exe
  2⤵
  PID:9040
- C:\Windows\System\vlPSGHm.exe
  C:\Windows\System\vlPSGHm.exe
  2⤵
  PID:8968
- C:\Windows\System\HYIOZYq.exe
  C:\Windows\System\HYIOZYq.exe
  2⤵
  PID:8256
- C:\Windows\System\ByhTlsQ.exe
  C:\Windows\System\ByhTlsQ.exe
  2⤵
  PID:8656
- C:\Windows\System\fVAItvM.exe
  C:\Windows\System\fVAItvM.exe
  2⤵
  PID:8452
- C:\Windows\System\CfxYEDi.exe
  C:\Windows\System\CfxYEDi.exe
  2⤵
  PID:9068
- C:\Windows\System\JKxIybI.exe
  C:\Windows\System\JKxIybI.exe
  2⤵
  PID:9000
- C:\Windows\System\MLiMlTm.exe
  C:\Windows\System\MLiMlTm.exe
  2⤵
  PID:9128
- C:\Windows\System\JxFEDzu.exe
  C:\Windows\System\JxFEDzu.exe
  2⤵
  PID:8864
- C:\Windows\System\mawhPEW.exe
  C:\Windows\System\mawhPEW.exe
  2⤵
  PID:8284
- C:\Windows\System\BeNmiPu.exe
  C:\Windows\System\BeNmiPu.exe
  2⤵
  PID:9232
- C:\Windows\System\fYNcXvA.exe
  C:\Windows\System\fYNcXvA.exe
  2⤵
  PID:9252
- C:\Windows\System\ZeJRKCb.exe
  C:\Windows\System\ZeJRKCb.exe
  2⤵
  PID:9272
- C:\Windows\System\PHPLSCr.exe
  C:\Windows\System\PHPLSCr.exe
  2⤵
  PID:9304
- C:\Windows\System\miDyLGx.exe
  C:\Windows\System\miDyLGx.exe
  2⤵
  PID:9324
- C:\Windows\System\Vunlwyt.exe
  C:\Windows\System\Vunlwyt.exe
  2⤵
  PID:9340
- C:\Windows\System\OsAOUVF.exe
  C:\Windows\System\OsAOUVF.exe
  2⤵
  PID:9356
- C:\Windows\System\HwlDmZb.exe
  C:\Windows\System\HwlDmZb.exe
  2⤵
  PID:9372
- C:\Windows\System\JchRqVN.exe
  C:\Windows\System\JchRqVN.exe
  2⤵
  PID:9388
- C:\Windows\System\LcEjMuz.exe
  C:\Windows\System\LcEjMuz.exe
  2⤵
  PID:9404
- C:\Windows\System\bRjgcra.exe
  C:\Windows\System\bRjgcra.exe
  2⤵
  PID:9420
- C:\Windows\System\sHRiVPU.exe
  C:\Windows\System\sHRiVPU.exe
  2⤵
  PID:9436
- C:\Windows\System\yAHuVZs.exe
  C:\Windows\System\yAHuVZs.exe
  2⤵
  PID:9452
- C:\Windows\System\FFLDdFY.exe
  C:\Windows\System\FFLDdFY.exe
  2⤵
  PID:9468
- C:\Windows\System\JATxbSu.exe
  C:\Windows\System\JATxbSu.exe
  2⤵
  PID:9524
- C:\Windows\System\WvjUkPQ.exe
  C:\Windows\System\WvjUkPQ.exe
  2⤵
  PID:9548
- C:\Windows\System\mUjbGiS.exe
  C:\Windows\System\mUjbGiS.exe
  2⤵
  PID:9568
- C:\Windows\System\cTFyYmu.exe
  C:\Windows\System\cTFyYmu.exe
  2⤵
  PID:9596
- C:\Windows\System\cnluktv.exe
  C:\Windows\System\cnluktv.exe
  2⤵
  PID:9612
- C:\Windows\System\JBMgnrw.exe
  C:\Windows\System\JBMgnrw.exe
  2⤵
  PID:9636
- C:\Windows\System\KGDYMxA.exe
  C:\Windows\System\KGDYMxA.exe
  2⤵
  PID:9652
- C:\Windows\System\YfkRRnz.exe
  C:\Windows\System\YfkRRnz.exe
  2⤵
  PID:9668
- C:\Windows\System\braTMfJ.exe
  C:\Windows\System\braTMfJ.exe
  2⤵
  PID:9684
- C:\Windows\System\eauUhyS.exe
  C:\Windows\System\eauUhyS.exe
  2⤵
  PID:9708
- C:\Windows\System\sxPQueM.exe
  C:\Windows\System\sxPQueM.exe
  2⤵
  PID:9724
- C:\Windows\System\hIfdzCW.exe
  C:\Windows\System\hIfdzCW.exe
  2⤵
  PID:9756
- C:\Windows\System\lsqqnth.exe
  C:\Windows\System\lsqqnth.exe
  2⤵
  PID:9772
- C:\Windows\System\cyUzxSQ.exe
  C:\Windows\System\cyUzxSQ.exe
  2⤵
  PID:9800
- C:\Windows\System\cEMfsda.exe
  C:\Windows\System\cEMfsda.exe
  2⤵
  PID:9816
- C:\Windows\System\EtIPPks.exe
  C:\Windows\System\EtIPPks.exe
  2⤵
  PID:9832
- C:\Windows\System\UXYGojG.exe
  C:\Windows\System\UXYGojG.exe
  2⤵
  PID:9848
- C:\Windows\System\aVEUAJd.exe
  C:\Windows\System\aVEUAJd.exe
  2⤵
  PID:9864
- C:\Windows\System\SorHqqq.exe
  C:\Windows\System\SorHqqq.exe
  2⤵
  PID:9880
- C:\Windows\System\pfpKIbb.exe
  C:\Windows\System\pfpKIbb.exe
  2⤵
  PID:9904
- C:\Windows\System\zaYKwaf.exe
  C:\Windows\System\zaYKwaf.exe
  2⤵
  PID:9920
- C:\Windows\System\fPRYnWi.exe
  C:\Windows\System\fPRYnWi.exe
  2⤵
  PID:9936
- C:\Windows\System\IrLOLmN.exe
  C:\Windows\System\IrLOLmN.exe
  2⤵
  PID:9952
- C:\Windows\System\qJDAIwc.exe
  C:\Windows\System\qJDAIwc.exe
  2⤵
  PID:9968
- C:\Windows\System\soWSTcM.exe
  C:\Windows\System\soWSTcM.exe
  2⤵
  PID:9984
- C:\Windows\System\fDQROaF.exe
  C:\Windows\System\fDQROaF.exe
  2⤵
  PID:10012
- C:\Windows\System\LCETokq.exe
  C:\Windows\System\LCETokq.exe
  2⤵
  PID:10044
- C:\Windows\System\jLmzBnE.exe
  C:\Windows\System\jLmzBnE.exe
  2⤵
  PID:10060
- C:\Windows\System\ReheqDr.exe
  C:\Windows\System\ReheqDr.exe
  2⤵
  PID:10076
- C:\Windows\System\dvavNVX.exe
  C:\Windows\System\dvavNVX.exe
  2⤵
  PID:10096
- C:\Windows\System\rOLCeXi.exe
  C:\Windows\System\rOLCeXi.exe
  2⤵
  PID:10112
- C:\Windows\System\LtAECRL.exe
  C:\Windows\System\LtAECRL.exe
  2⤵
  PID:10128
- C:\Windows\System\wACBJFN.exe
  C:\Windows\System\wACBJFN.exe
  2⤵
  PID:10144
- C:\Windows\System\XACsacx.exe
  C:\Windows\System\XACsacx.exe
  2⤵
  PID:10164
- C:\Windows\System\iCIYJNb.exe
  C:\Windows\System\iCIYJNb.exe
  2⤵
  PID:10184
- C:\Windows\System\dvDSrjt.exe
  C:\Windows\System\dvDSrjt.exe
  2⤵
  PID:10228
- C:\Windows\System\HEnSMnB.exe
  C:\Windows\System\HEnSMnB.exe
  2⤵
  PID:8636
- C:\Windows\System\MSBVQlK.exe
  C:\Windows\System\MSBVQlK.exe
  2⤵
  PID:8624
- C:\Windows\System\KmPcRwi.exe
  C:\Windows\System\KmPcRwi.exe
  2⤵
  PID:9228
- C:\Windows\System\ZSCkkWL.exe
  C:\Windows\System\ZSCkkWL.exe
  2⤵
  PID:9248
- C:\Windows\System\BmDxPRi.exe
  C:\Windows\System\BmDxPRi.exe
  2⤵
  PID:9320
- C:\Windows\System\FeLADfi.exe
  C:\Windows\System\FeLADfi.exe
  2⤵
  PID:9416
- C:\Windows\System\mowtTel.exe
  C:\Windows\System\mowtTel.exe
  2⤵
  PID:9476
- C:\Windows\System\fFYngxK.exe
  C:\Windows\System\fFYngxK.exe
  2⤵
  PID:9496
- C:\Windows\System\CGUThfq.exe
  C:\Windows\System\CGUThfq.exe
  2⤵
  PID:9512
- C:\Windows\System\KUnUzpP.exe
  C:\Windows\System\KUnUzpP.exe
  2⤵
  PID:9332
- C:\Windows\System\NGpaeAp.exe
  C:\Windows\System\NGpaeAp.exe
  2⤵
  PID:9428
- C:\Windows\System\QtweBjF.exe
  C:\Windows\System\QtweBjF.exe
  2⤵
  PID:9556
- C:\Windows\System\hraKxCM.exe
  C:\Windows\System\hraKxCM.exe
  2⤵
  PID:9536
- C:\Windows\System\KxBTqle.exe
  C:\Windows\System\KxBTqle.exe
  2⤵
  PID:9592
- C:\Windows\System\JYIFazS.exe
  C:\Windows\System\JYIFazS.exe
  2⤵
  PID:9620
- C:\Windows\System\PAmGBNl.exe
  C:\Windows\System\PAmGBNl.exe
  2⤵
  PID:9648
- C:\Windows\System\uIjwBCD.exe
  C:\Windows\System\uIjwBCD.exe
  2⤵
  PID:9680
- C:\Windows\System\pAQhFwi.exe
  C:\Windows\System\pAQhFwi.exe
  2⤵
  PID:9696
- C:\Windows\System\QqOHJAc.exe
  C:\Windows\System\QqOHJAc.exe
  2⤵
  PID:9752
- C:\Windows\System\SCJMkxf.exe
  C:\Windows\System\SCJMkxf.exe
  2⤵
  PID:9792
- C:\Windows\System\vBdhlkm.exe
  C:\Windows\System\vBdhlkm.exe
  2⤵
  PID:9840
- C:\Windows\System\SPRyovd.exe
  C:\Windows\System\SPRyovd.exe
  2⤵
  PID:9932
- C:\Windows\System\fimisus.exe
  C:\Windows\System\fimisus.exe
  2⤵
  PID:9948
- C:\Windows\System\ylsRyRF.exe
  C:\Windows\System\ylsRyRF.exe
  2⤵
  PID:9928
- C:\Windows\System\zpzRaGj.exe
  C:\Windows\System\zpzRaGj.exe
  2⤵
  PID:9856
- C:\Windows\System\fRlLRQK.exe
  C:\Windows\System\fRlLRQK.exe
  2⤵
  PID:10024
- C:\Windows\System\FOvJOwr.exe
  C:\Windows\System\FOvJOwr.exe
  2⤵
  PID:10072
- C:\Windows\System\fsgPmgs.exe
  C:\Windows\System\fsgPmgs.exe
  2⤵
  PID:10176
- C:\Windows\System\aoyYdLz.exe
  C:\Windows\System\aoyYdLz.exe
  2⤵
  PID:10236
- C:\Windows\System\hFqGAte.exe
  C:\Windows\System\hFqGAte.exe
  2⤵
  PID:8888
- C:\Windows\System\twZAzxk.exe
  C:\Windows\System\twZAzxk.exe
  2⤵
  PID:9284
- C:\Windows\System\CXwCTZa.exe
  C:\Windows\System\CXwCTZa.exe
  2⤵
  PID:10216
- C:\Windows\System\laMyhTw.exe
  C:\Windows\System\laMyhTw.exe
  2⤵
  PID:10200
- C:\Windows\System\kbuOYXr.exe
  C:\Windows\System\kbuOYXr.exe
  2⤵
  PID:8772
- C:\Windows\System\kJWMKef.exe
  C:\Windows\System\kJWMKef.exe
  2⤵
  PID:10120
- C:\Windows\System\peBSiau.exe
  C:\Windows\System\peBSiau.exe
  2⤵
  PID:9292
- C:\Windows\System\VDEFcSh.exe
  C:\Windows\System\VDEFcSh.exe
  2⤵
  PID:9296
- C:\Windows\System\NgwakMB.exe
  C:\Windows\System\NgwakMB.exe
  2⤵
  PID:9464
- C:\Windows\System\pcJgznt.exe
  C:\Windows\System\pcJgznt.exe
  2⤵
  PID:9576
- C:\Windows\System\eCGOGmt.exe
  C:\Windows\System\eCGOGmt.exe
  2⤵
  PID:9676
- C:\Windows\System\bcZuPpT.exe
  C:\Windows\System\bcZuPpT.exe
  2⤵
  PID:9368
- C:\Windows\System\zwtXTHI.exe
  C:\Windows\System\zwtXTHI.exe
  2⤵
  PID:9808
- C:\Windows\System\UBSQlgC.exe
  C:\Windows\System\UBSQlgC.exe
  2⤵
  PID:9720
- C:\Windows\System\StdqDXW.exe
  C:\Windows\System\StdqDXW.exe
  2⤵
  PID:10036
- C:\Windows\System\IJqCzkG.exe
  C:\Windows\System\IJqCzkG.exe
  2⤵
  PID:9584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CHRGXAh.exe

Filesize
6.0MB

MD5
9da0143cb89a9d2db2bc3a512dbe07f9

SHA1
e8fcb0c4e6d15ce23da8b1b401dc465eaaaca761

SHA256
2f7c1a1bf1414a05c33d739effd25a07503ca296071d5e688b2a2d35c5712021

SHA512
4694d68bac4aa3363125c6bf68ee40ad12e39aeabaaa14ebb0022a52219c50567b3ff386e24e4ce85f02147749e11077585c9bec41e07c25f67246ab34b9c925

Download Submit
C:\Windows\system\CohTKCk.exe

Filesize
6.0MB

MD5
36517335d1ed9436fc079c219e5f1384

SHA1
173de20c966ef47d94b79d1bc478d46ca298bd48

SHA256
d3df4ef9294a65233a52b63016e842ede3892db059778ef7616e734936cf1ff1

SHA512
318f7ac5ef45e8fbe07d5dd62eb2b6699a1fc70d677113b95ee26a444bf21f535d9c923270dec751d8590bf8538be5faab782ed1211f4845adb4a45235d9f1e8

Download Submit
C:\Windows\system\DnWRwqa.exe

Filesize
6.0MB

MD5
9d4df9bd354529bf71734ac9fb20e5b8

SHA1
5583cd282ce0c923bd79bb9e81f583f78cf13b8b

SHA256
69f1073c3899e7ba92b3e38e07aabeed53052c27c6e22659c04b022343cd522c

SHA512
aab5d498a66142cc099f5a8aa0df3b2f5ffb82573340b0a078ce05a04ba809400106fdedfafd8e002218ee140642c8d97914084dd2e83f017a52aeb44e3cea66

Download Submit
C:\Windows\system\DoeJuiv.exe

Filesize
6.0MB

MD5
32c0b3a23ad93c4a37931ef4b289c0cf

SHA1
7e1687968a273f878c31a463077c8a0a62757775

SHA256
d0d19a4d4fd38b8e37b401a146a0444b855bbaa95121eed44fad0adf4eaab511

SHA512
a7a79526284771d8f8ba7b985eb4068a3ffb9df993f314fdcf3059e08a261c1f413838a2e2af5ecbc4162cfc6eca87ef814a0c889fab16913ad6301c2f5e6abe

Download Submit
C:\Windows\system\EuehCZA.exe

Filesize
6.0MB

MD5
d54694fadbcfac17bd03faa5f3811109

SHA1
f13422cbb0fd9fe0646ce73dd45abb4fc5cad459

SHA256
b2acd5a9163ef1486fb73029831d89ffb73f81cfd711796f8a66b8eb7663914c

SHA512
3520d1ed45d3556c170a6887a767c3807d0da048dc7428fb306ecfa34c56e0b22dc2e43ac724db3b7f56c018dc301f8f38a8b5a4171210116832097df60bea35

Download Submit
C:\Windows\system\FFnYdJx.exe

Filesize
6.0MB

MD5
852693bd8d977255bc2c629d93e6e1f4

SHA1
b7fec22171dcf3d4854750c7f1664eabc1f2b59f

SHA256
20051e2d326ac6db006e394d74b7023d156aa73f5d5d8552bab2e48eccc7a453

SHA512
76cd863e12737aaea91d62c0eea151abb59cf5e8b7ac9002a1989db6b0a4c340a0dee51065e32ca99dd0297ec656082cb6f64f814b624e9ca9ae9b607f02dc65

Download Submit
C:\Windows\system\IyTHZYS.exe

Filesize
6.0MB

MD5
63c5b2d44ec0915b441a8fcfd2c64251

SHA1
4d1dc5ff55623173cde0193393c235f2626638b3

SHA256
b3b54dd8a2931248935d55acd106f9034e7a331d1c46b9bb82b64ed600d595cd

SHA512
52dfa602228079c439bc31611663db8814a398e356dd071373e98e987472b1547786abd08d6dbc13ce3fe1317f94d974c3382cce6fd1a16fb06f77e47cbc996d

Download Submit
C:\Windows\system\JBGUGjF.exe

Filesize
6.0MB

MD5
ceb7c75a239383e76dc1a386ac890820

SHA1
f7c4bd8c3c384a3952991f00769d946770f23f6a

SHA256
8515e3305e3c40ffc35846b7460d32f74ccdd1d5740b5b495f88e7755f5b1e2b

SHA512
018bd62538af92ac602bf28763511ad68a3e7ae03874f208d772e3c3b58e375f9aeb1e0510a335a90fb974d6245806a58b170ae9d4e4c028b6d26ed1a25f68a0

Download Submit
C:\Windows\system\MoSqjex.exe

Filesize
6.0MB

MD5
1f83a8afe455511356f122bfba628010

SHA1
11f62c0793416ab88191bcf4190bddba29fd7703

SHA256
8ceee491b4f57e48aa7bdcab197dcb1fa506bd8b0e35bdebcf8e8064239cf933

SHA512
bcefa2410787617f4c3feccf75c30d4f58eca614883f9861147391b6c30b1e76f99d4205c14f457d98e7b264d61b832a8a90bc19da3f3b2e2cc797148379c058

Download Submit
C:\Windows\system\NPWipmX.exe

Filesize
6.0MB

MD5
58c8b7cf35a3bf42703cf33742c2363c

SHA1
f8639c1daf4fe6a0bec9dc22a1045c6bb7431f0d

SHA256
97a95dcae12be31784191e6ccc5cbedf715285224e62d55da5720940c9bd3695

SHA512
62895c7f673f77f43820dbd4749e0c1cdf65d5435146a4e9faaf30ef54d1d85df49ea85250ed27d3fba161a9d6461c73808dac5d724054b55e18ef3e2ee4ea8c

Download Submit
C:\Windows\system\PllTHri.exe

Filesize
6.0MB

MD5
2790a721daae52f4836a5f538e07634a

SHA1
73e7ee57ee3c7d18e980340dfc04310f709f5ee8

SHA256
e99f95059fd3421e8a121f9847f3a6c58e730d5e6f619ff34568c59606dd2d0c

SHA512
a181163ea029b8123c8252d29a3e72e7bd3f0daf9aff1d8690a10d73bd161f4566a838e3907388c97413db111329b5326adf9f8d201c0b397b245c02c53ffa9d

Download Submit
C:\Windows\system\RxexeuF.exe

Filesize
6.0MB

MD5
8f9a25730862ae13282e71b8b5b4941b

SHA1
4519114e3593b3813d6da68b94f65de440ec42b7

SHA256
160aeb14dfe0d721ff0224dae0e5da05470e67f4edbc1f845869ab9c6ef4452d

SHA512
fd993158419eec6d880bfe75b834eba32877087b32c68637795c8f2570771edd4e8a7aa36fb13e1007687238eb38a2e8a6d9790f857252b8e15f6f1aa96b8b8d

Download Submit
C:\Windows\system\YKygkqn.exe

Filesize
6.0MB

MD5
0b46109b023c19c623f7fe8193298d31

SHA1
39abdd4eacf3e7637a1e4336b3bfc44e92b9d02b

SHA256
0564e22f3266cdd2f76e8d1c8a6f8b87b40d9c922819047245f3417585ce33b0

SHA512
366b66aa63b302157e25c1289fa18a8bf544ca8812c294ce51e02f2e1569e9d0442aa6eb4953bc1688c84b9d130611529bfaf738887df13a2cc7c105cebb2186

Download Submit
C:\Windows\system\ZTbEyiU.exe

Filesize
6.0MB

MD5
232c5b6533f220da2816809df710f9bd

SHA1
a3d597c691bb98212f386045021b945fef9c95df

SHA256
919bfd9c58ee0a055ff2883e9d5a1a041788a44fd711f45b890338da52f573e7

SHA512
f1f86968dd9a223b27e2773308173892c330625d1cd572c8e8e2044bd53a3ddc91678e0ba806a12bde942fe352dd9b9886879e3ebaa53122c85459eeb6221cc8

Download Submit
C:\Windows\system\cNfiUlR.exe

Filesize
6.0MB

MD5
d97433ee4a5ad55d7c3b7f5b3ae224f6

SHA1
3cd8f23f9597827d7e9d8b31daebdb3a9fb64eae

SHA256
cebc360a872121a92481d9e422c3d19790ab02d0032f3dc760f10f3fbcbdffea

SHA512
d190a75eceb6293368cbc4d04dd6dc2bad5dbdc52c42552c80b5cb7dbfceb585bbbff463c09a79831bbd276291c51daf5be3e79b52f8f1b1cf38d4f48d9158e5

Download Submit
C:\Windows\system\gyKqIPk.exe

Filesize
6.0MB

MD5
d1bea538b37e1f239f83bf9564605b56

SHA1
f105cd5ceb7b7cc8519101f9aab535ecf4445c06

SHA256
14c96291a880300828d1361673e1e3e7913b898d429ef98a8fa08e5a5d401769

SHA512
7f62e9398a757d1b5be78a1cba491bd01eec19fd03448a9136282370c27c5bbc8f92adba5a38c6e239d48028f93012947717717731d6701d970151e9d9cff276

Download Submit
C:\Windows\system\hFghvxK.exe

Filesize
6.0MB

MD5
249b5edb79789bb699849bfe64d00737

SHA1
afa23cb1a6ef7265cb3780d342dc07b2286ac25a

SHA256
ddd3cb19375d9f26fa1f8406445495d756c541a55c80acf918775f44a2f9b093

SHA512
a8d9db04d3d171d02b43018bcfc8be597092dd44a0718e7bc1c1d69f979d4a775052fc42021df3aba5cd29404ea1d03f509430ea7e413c2819bdbe92535435c0

Download Submit
C:\Windows\system\hLiLSEo.exe

Filesize
6.0MB

MD5
8a43f1809040873d5b9020665576c6fe

SHA1
4829087b4313328dccd7b123e97fa988538357d2

SHA256
bdc6762226bdf09ee3381edaf3a9fee08fc81a783d84bb88e755d0af809fcb39

SHA512
0f55272e7a5279af33fedd01f24950ddb2bbbcfdbbc3d157592fbd231dd44c60ccffc87a23fcf78393bfdf5743765343fd2ea1fc0ce97b8f2b0bec63ee26ea34

Download Submit
C:\Windows\system\hOoljJn.exe

Filesize
6.0MB

MD5
0821e5f7e7fbca94e0641d7e23c2e47c

SHA1
7c1f06e008aefbe816765a571c2e8473609a03bc

SHA256
3255f71dbd1372fc67d37d70dfe07271912ce0d1e9584d080e7d395c4f0bda09

SHA512
5483faef15ff3aff0a80781c026041af05a066ef02cbd0f9b8d2ac7a97fd946927751d5ca190f63adeebf73c4a84e1345b7b45a23e89f30d9f7aa402f3c3080d

Download Submit
C:\Windows\system\hUJcwTx.exe

Filesize
6.0MB

MD5
2fb88a940b9b2c03152dbc19a63d4da1

SHA1
a86a32ed6d8bd7f8df82d3f5674254a80003b285

SHA256
6bef53a42d610b654f295b4ade7712c0050a0232a1168675fbebb60b189a421f

SHA512
e96b495602bc1ee2d6219f025656d06b6d75d8b1244897114298c5c0262da44acb7781c26346806b2452f453b1302f0c87b531fb6d1b69dd1108687d99f6b41d

Download Submit
C:\Windows\system\hkDryQv.exe

Filesize
8B

MD5
233ad0a93050b25a2933161cb0c1e844

SHA1
5d6abe11c440f202c3cf2e62a3e4ba6946f74e62

SHA256
7643fddf26c35443f4dedd19782d6d957601204192a2428e51f79b4879dac5a3

SHA512
7b51090ab0576ffe5a381c5f0cdc84b682c329ca9b1f4b13d42098cb71d1bea23c62d21a34381636472df37accc2c4412ebd72bb849e579fc9265a9a12f9d485

Download Submit
C:\Windows\system\lSmfEnG.exe

Filesize
6.0MB

MD5
a24e433b4d73cdc62852d94edc733e8a

SHA1
44ea166270dceadc632ee8a85e67ecfe802c8783

SHA256
b87e6df8cd7b51eeeb520a4a36e7342181c67ebdd9ac526e76351bd8444a4350

SHA512
b1c06aadc29760288acb1ec2efe02a00f810172c29b395c1d2d57d430a07bc931a01cc32dddb92621d387a2dbf5372c9ccbe4bff018126dff30031e48f1bb22e

Download Submit
C:\Windows\system\rFPgfMO.exe

Filesize
6.0MB

MD5
6bd4f504c9143af6b59a5ba3868c2792

SHA1
02e8a93f08bea9a5fcc6c3cfd92a207b7180afdf

SHA256
3f76e78ca31c95458028f50643f6693f78a6dae67e55f8af2ea68d93bb4b2a0f

SHA512
36fd957e324a9d3394f502b56cf86b9dde816b55d905e5051df74a901c091ce8d1bf7eb388ff8bdc1ac4033fa511d9fa5b22ee87325fc0aaa4e31744546e2750

Download Submit
C:\Windows\system\sOAYhKz.exe

Filesize
6.0MB

MD5
f112b6ee4c2459e89c2a54141401fbe3

SHA1
28375af79e0d4111238da991e6781e7c7009fbad

SHA256
b3cada1a9ff091cc0480fb4a4f219768f1bfbeb870bbd9c4abf1b2a6bc7b9655

SHA512
ab5b87676fc69d9d8031e0d94433dbe367bca39b1436cd321f882f7a32297575c4a97281540a4165bdfcf1994cf74fb6ed4ea077995d187f2358ec2f16d0e507

Download Submit
C:\Windows\system\sUQUMhr.exe

Filesize
6.0MB

MD5
08a358aaddae69e3096b9f5b76cd8218

SHA1
2d445cf877dc44fb434ecb2fb44485072ad516d4

SHA256
de3e83b92067cd9996d6b6098a15009bff4c14a2e9156621cced789188b43f2d

SHA512
f38ca15dbca2159e9c2334b7d09d425d4f86f9cb98cc642181746a06b1f8e8a40b0fff83b2ba0ddca4bec2a62014ead504249e9677607932791f19cd2a816873

Download Submit
C:\Windows\system\txeQYjP.exe

Filesize
6.0MB

MD5
837677570c1a74beabde7debce8310a6

SHA1
f707d98167bacddd8d69cec62804ddd8a5ff8eed

SHA256
24958eb8e2143526064fc06fd720d4d7752fe3b23022020d1705582a86277c03

SHA512
a09c8dfb8a2c581f039a084ebbcf787702295b23886d4031ba3fb23290006f561fda9606370729730628498003d0cdb7e6c2847810fcdb9ce9c2a9f0d19a8abe

Download Submit
C:\Windows\system\voZilmh.exe

Filesize
6.0MB

MD5
970a5ce284604b545c838f4161a64f67

SHA1
9045de7aa209252aa3ad8e1c51a1b64df28900af

SHA256
35d1f8fa788dd898d1352d217386473e815715a525ea4a9f3b22f8b400ba05e3

SHA512
9ede068196b2a85701c7a6d16e5229835f28b86ff83ea560862ebfcdac161f27f91b0812c669488e726ebce9fc0070ec6f793b07727b3a587d1fc4111682c398

Download Submit
C:\Windows\system\yGFFysO.exe

Filesize
6.0MB

MD5
738e65be514b9b9f8185f53b9b91cd5d

SHA1
77cec634a9a7b3c5c2be23376709dc6f185005f2

SHA256
b26e410a77f8d18c1a4087054f375ef0041ed16e4c57b24943166ac86195d3fb

SHA512
7e85e0d4450ddbb2eb7ae01bffb72ff474372e9ff7d290768a9b70a2b73eb97a8cc4542e141b23fe7e1bd58124a74a3b29675dcc06fd2539a908ebe781a161ad

Download Submit
C:\Windows\system\zOTNQCE.exe

Filesize
6.0MB

MD5
3f12cb66aca749a4f12ec6235e29f8a5

SHA1
6bc18db493e72a378ec2123480c633b0bb090a19

SHA256
812ee63a2a96ca5b36aaa72c4b47e465e5a91db7e4776c7a0b5dd6a735c8294b

SHA512
9509e0cb5e68b5c863eb392f8fa69c5b94a4f4f7b7b27f27b195199a82081aaeab36c76d9f75ccffa87ff154e020d7bcdacaab154146d810f3c9ed388a6cb758

Download Submit
\Windows\system\BNYqQon.exe

Filesize
6.0MB

MD5
9ed1fb827305e76f55cc6bc1001e7bd6

SHA1
4acc77c04286d0f15e849e867e5abc6b238ec2e5

SHA256
5e4213da3e75a1a827ab9f392c60445695cc8bc28f87fa5ccdcbe8368c88d53a

SHA512
dc24532bef142a7129a3f95963bc2f4364319ec090c896321cf4224e14f43f537c5b6d23d5fc868ffe22a8a710b977640a9800b7d5f829ec5de18db7411e2484

Download Submit
\Windows\system\QbWGhXn.exe

Filesize
6.0MB

MD5
23fd0f82817854f573dc8fc1eae5b9ca

SHA1
873b809d4b91d63fd81bea556a599512d6565260

SHA256
36afc06717a039018a4cae23ee3f2c20683c7eb9c170d3841cbc6756fb04d08d

SHA512
86f73b15ba44a466159fb5398b110f1515a502ae46f68e7584d0f40b87bf57a785145584040832675c0081aa1eb7eabd3dd0819a30bd15ddaa4ce04f9be91691

Download Submit
\Windows\system\fMhgvJA.exe

Filesize
6.0MB

MD5
cf09964be2708b015dcf91e3df2918a4

SHA1
661230a3145d5ebfba383c334325ef4c6d0821d7

SHA256
e6c0b3b8f7b53043fcac9ba4911e82c816020d0e765ab08353a27fa30a12e2e6

SHA512
f41b1bdb8c395eae8f7e960bc79ff140ea813a496709b0b92486cb84d3c87a613e2ea075019836696f495f55aa89693926519b0d6261ee0a6e44b86cebf74520

Download Submit
\Windows\system\iUgulgc.exe

Filesize
6.0MB

MD5
358f469e2b0b02de0a632f409f819276

SHA1
5f76aada20cb3ef8c0ceb1784420aed0f0662d70

SHA256
3480c521a3df513040fd5b784bf6a359d134a7edc8875fed1df1f10310a38289

SHA512
c145ec33389d55f4328816ef71af63ba41ce6a1699012974bc0228c31b448a9c1da20e76d7c332d43c3d397f86eb5ae13a47d4a8e60851019a594364e14ee40a

Download Submit
memory/1468-3717-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1468-1262-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2629-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1484-20-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1484-3674-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1724-7-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1770-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-3669-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1265-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1263-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1264-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1155-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1880-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1880-1235-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1880-67-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2784-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2786-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1220-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2722-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1201-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1880-18-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2739-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2724-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1199-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2743-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1197-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2750-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1398-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1591-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1178-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1927-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2723-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1880-1161-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2735-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2748-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2731-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2727-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2016-14-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2607-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3665-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-68-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3675-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1194-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3695-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3713-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1221-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3722-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1219-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3709-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1177-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1148-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3731-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1229-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3725-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3678-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1159-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1198-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3719-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1200-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3707-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download