cobaltstrike | d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
Size

6.0MB
MD5

1b0b8d8c74de442973aec2bf506cbe56
SHA1

62fc8e29a0ad70a8af7a5284465d5c357f409221
SHA256

d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070
SHA512

89a0f2ddc24744d6a3f5bbf85b67868f92cf79c403de2f1e8d5b37b5b8c38eb1dddb7d1e1406f0132d6a26ca170243592af5eb478ac247f4ee72bd76546b6132
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUZ:eOl56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-16.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-26.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-50.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-45.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral1/memory/1620-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x0008000000016edb-7.dat	xmrig
behavioral1/files/0x000800000001707c-16.dat	xmrig
behavioral1/files/0x00080000000173f3-18.dat	xmrig
behavioral1/files/0x000700000001746a-30.dat	xmrig
behavioral1/files/0x0007000000017403-26.dat	xmrig
behavioral1/files/0x000500000001926c-55.dat	xmrig
behavioral1/files/0x0005000000019319-75.dat	xmrig
behavioral1/files/0x0005000000019377-85.dat	xmrig
behavioral1/files/0x00050000000193c1-105.dat	xmrig
behavioral1/files/0x0005000000019450-120.dat	xmrig
behavioral1/files/0x00050000000194df-160.dat	xmrig
behavioral1/files/0x0005000000019485-150.dat	xmrig
behavioral1/files/0x00050000000194d7-154.dat	xmrig
behavioral1/files/0x0005000000019479-141.dat	xmrig
behavioral1/files/0x000500000001947d-144.dat	xmrig
behavioral1/files/0x0005000000019465-130.dat	xmrig
behavioral1/files/0x000500000001946a-135.dat	xmrig
behavioral1/files/0x000500000001945b-125.dat	xmrig
behavioral1/files/0x0005000000019433-110.dat	xmrig
behavioral1/files/0x0005000000019446-115.dat	xmrig
behavioral1/files/0x00050000000193b3-100.dat	xmrig
behavioral1/files/0x00050000000193a4-95.dat	xmrig
behavioral1/files/0x0005000000019387-90.dat	xmrig
behavioral1/files/0x0005000000019365-80.dat	xmrig
behavioral1/files/0x000500000001929a-70.dat	xmrig
behavioral1/files/0x0005000000019278-65.dat	xmrig
behavioral1/files/0x0005000000019275-60.dat	xmrig
behavioral1/files/0x0005000000019268-50.dat	xmrig
behavioral1/files/0x00080000000174c3-45.dat	xmrig
behavioral1/files/0x00080000000174a6-41.dat	xmrig
behavioral1/files/0x0007000000017488-36.dat	xmrig
behavioral1/memory/2988-2555-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/1620-2567-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2520-2579-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/3064-2593-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2844-2589-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1620-3141-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1620-3279-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/1620-3281-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2844-4003-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2988-4004-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2520-4005-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/3064-4006-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2844	bybUbar.exe
3064	QEltviT.exe
2988	PoUmamq.exe
2520	oiQNExo.exe
2076	PnfKfZA.exe
2476	hVkiUrZ.exe
2744	bmHWiCc.exe
2832	RPkFQSc.exe
2756	daZcvsG.exe
2736	JkOWwwo.exe
2908	qKgvQoV.exe
2704	jxawAuS.exe
2624	gdEoXYZ.exe
2716	GyakqxZ.exe
2616	afdmcYQ.exe
1880	RfUdqtq.exe
2328	yWAcWrF.exe
2164	xaUsxqm.exe
1132	hnwaMJy.exe
1908	wJLCwwt.exe
992	AvAXABI.exe
964	cgLoYMS.exe
2364	EZxIgpq.exe
1652	TpVTihg.exe
1192	yOvxJvK.exe
2936	Buewgot.exe
2904	qKxYRAU.exe
1564	jmYpeGc.exe
2224	UMOUfBx.exe
2428	VkXqvWz.exe
3052	CkEOqKO.exe
2304	OzinGWq.exe
3024	dMgXhTd.exe
2944	GZjPFIQ.exe
1000	yvNCQIk.exe
1312	lwYEMYC.exe
288	eKMgBxX.exe
376	yzhUOmX.exe
1648	WXGwTBv.exe
1792	oCVRPBO.exe
3008	gtrlTOQ.exe
1892	eMJHgzO.exe
852	ZDsaZNe.exe
1584	iaiKPCb.exe
1548	xPOKajO.exe
332	zfvhlPR.exe
2500	zWiLPwr.exe
300	JddxJhc.exe
568	uxWuBou.exe
1896	odBFbim.exe
792	zPhflWU.exe
1420	sizqqoC.exe
2196	scxJmHK.exe
1236	eHbGcVf.exe
2280	ilpQyLU.exe
2316	wXtzWGu.exe
1524	CeOyeEC.exe
2680	qCOVbVR.exe
3048	FvPPajQ.exe
796	iJTqDBe.exe
2404	KIkPxyu.exe
320	ZQVHmjQ.exe
2708	zcTIFPO.exe
1572	LphVllQ.exe

Loads dropped DLL 64 IoCs

pid	Process
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x0008000000016edb-7.dat	upx
behavioral1/files/0x000800000001707c-16.dat	upx
behavioral1/files/0x00080000000173f3-18.dat	upx
behavioral1/files/0x000700000001746a-30.dat	upx
behavioral1/files/0x0007000000017403-26.dat	upx
behavioral1/files/0x000500000001926c-55.dat	upx
behavioral1/files/0x0005000000019319-75.dat	upx
behavioral1/files/0x0005000000019377-85.dat	upx
behavioral1/files/0x00050000000193c1-105.dat	upx
behavioral1/files/0x0005000000019450-120.dat	upx
behavioral1/files/0x00050000000194df-160.dat	upx
behavioral1/files/0x0005000000019485-150.dat	upx
behavioral1/files/0x00050000000194d7-154.dat	upx
behavioral1/files/0x0005000000019479-141.dat	upx
behavioral1/files/0x000500000001947d-144.dat	upx
behavioral1/files/0x0005000000019465-130.dat	upx
behavioral1/files/0x000500000001946a-135.dat	upx
behavioral1/files/0x000500000001945b-125.dat	upx
behavioral1/files/0x0005000000019433-110.dat	upx
behavioral1/files/0x0005000000019446-115.dat	upx
behavioral1/files/0x00050000000193b3-100.dat	upx
behavioral1/files/0x00050000000193a4-95.dat	upx
behavioral1/files/0x0005000000019387-90.dat	upx
behavioral1/files/0x0005000000019365-80.dat	upx
behavioral1/files/0x000500000001929a-70.dat	upx
behavioral1/files/0x0005000000019278-65.dat	upx
behavioral1/files/0x0005000000019275-60.dat	upx
behavioral1/files/0x0005000000019268-50.dat	upx
behavioral1/files/0x00080000000174c3-45.dat	upx
behavioral1/files/0x00080000000174a6-41.dat	upx
behavioral1/files/0x0007000000017488-36.dat	upx
behavioral1/memory/2988-2555-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2520-2579-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/3064-2593-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2844-2589-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1620-3141-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2844-4003-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2988-4004-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2520-4005-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/3064-4006-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Kuqzofs.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\dfPCOHg.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\dGsVnXX.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\iicONQo.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\FmCoefW.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\tdELGSM.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\dxYKKSs.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\faPxLVT.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\nWkORWg.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\KANcFqO.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\mOoeGMe.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\kOMMkom.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\FTuuImk.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\alRGGvY.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\RhkWWUg.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\kZbwHQk.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\XXzAGpo.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\aBAzUoE.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\ZAWfqHq.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\lKKHIvt.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\gAFrVFy.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\UovtAnm.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\IpbJpaz.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\vpKHfpH.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\Dcmwchn.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\CWVqsWn.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\PIKmRpv.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\fNcZPBn.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\JLczAMr.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\WzTrVHm.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\jzonWna.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\chbPwlb.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\aAFpQBd.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\YwGWetO.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\ovryGmq.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\Shcnque.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\tCewUFw.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\qdsSedC.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\hFnHvie.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\WuAgfHk.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\zsfvrYm.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\AIztcIw.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\xXzEaHW.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\hmWMDbv.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\ODPZCrw.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\CUkLLqv.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\FSuBkXp.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\uhDhQJF.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\AOTeuMm.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\BcmQXaD.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\SfTWMqa.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\ZDsaZNe.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\TzzbCFh.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\GhzOZTG.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\LgwqCCg.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\ZQVkNvI.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\FuCtfQh.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\txxxoxZ.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\JMwIGwT.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\oJxNgNG.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\bMnrbTP.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\LPioUWQ.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\CQvhSBq.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
File created	C:\Windows\System\gCjGqFs.exe	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	31
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	31
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	31
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	32
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	32
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	32
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	33
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	33
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	33
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	34
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	34
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	34
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	35
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	35
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	35
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	36
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	36
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	36
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	37
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	37
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	37
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	38
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	38
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	38
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	39
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	39
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	39
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	40
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	40
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	40
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	41
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	41
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	41
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	42
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	42
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	42
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	43
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	43
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	43
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	44
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	44
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	44
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	45
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	45
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	45
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	46
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	46
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	46
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	47
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	47
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	47
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	48
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	48
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	48
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	49
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	49
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	49
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	50
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	50
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	50
PID 1620 wrote to memory of 992	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	51
PID 1620 wrote to memory of 992	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	51
PID 1620 wrote to memory of 992	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	51
PID 1620 wrote to memory of 964	1620	JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d7d7bd1ad0e9098576446862561b797d00f252580b5a1d2538b40d0bd6577070.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\System\bybUbar.exe
  C:\Windows\System\bybUbar.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\QEltviT.exe
  C:\Windows\System\QEltviT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\PoUmamq.exe
  C:\Windows\System\PoUmamq.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\oiQNExo.exe
  C:\Windows\System\oiQNExo.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\PnfKfZA.exe
  C:\Windows\System\PnfKfZA.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\hVkiUrZ.exe
  C:\Windows\System\hVkiUrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\bmHWiCc.exe
  C:\Windows\System\bmHWiCc.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\RPkFQSc.exe
  C:\Windows\System\RPkFQSc.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\daZcvsG.exe
  C:\Windows\System\daZcvsG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JkOWwwo.exe
  C:\Windows\System\JkOWwwo.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\qKgvQoV.exe
  C:\Windows\System\qKgvQoV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\jxawAuS.exe
  C:\Windows\System\jxawAuS.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gdEoXYZ.exe
  C:\Windows\System\gdEoXYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\GyakqxZ.exe
  C:\Windows\System\GyakqxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\afdmcYQ.exe
  C:\Windows\System\afdmcYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\RfUdqtq.exe
  C:\Windows\System\RfUdqtq.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\yWAcWrF.exe
  C:\Windows\System\yWAcWrF.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xaUsxqm.exe
  C:\Windows\System\xaUsxqm.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\hnwaMJy.exe
  C:\Windows\System\hnwaMJy.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\wJLCwwt.exe
  C:\Windows\System\wJLCwwt.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\AvAXABI.exe
  C:\Windows\System\AvAXABI.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\cgLoYMS.exe
  C:\Windows\System\cgLoYMS.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\EZxIgpq.exe
  C:\Windows\System\EZxIgpq.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\TpVTihg.exe
  C:\Windows\System\TpVTihg.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\yOvxJvK.exe
  C:\Windows\System\yOvxJvK.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\Buewgot.exe
  C:\Windows\System\Buewgot.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\qKxYRAU.exe
  C:\Windows\System\qKxYRAU.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\jmYpeGc.exe
  C:\Windows\System\jmYpeGc.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\UMOUfBx.exe
  C:\Windows\System\UMOUfBx.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\VkXqvWz.exe
  C:\Windows\System\VkXqvWz.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\CkEOqKO.exe
  C:\Windows\System\CkEOqKO.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\OzinGWq.exe
  C:\Windows\System\OzinGWq.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dMgXhTd.exe
  C:\Windows\System\dMgXhTd.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\GZjPFIQ.exe
  C:\Windows\System\GZjPFIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\yvNCQIk.exe
  C:\Windows\System\yvNCQIk.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\lwYEMYC.exe
  C:\Windows\System\lwYEMYC.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\eKMgBxX.exe
  C:\Windows\System\eKMgBxX.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\WXGwTBv.exe
  C:\Windows\System\WXGwTBv.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\yzhUOmX.exe
  C:\Windows\System\yzhUOmX.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\oCVRPBO.exe
  C:\Windows\System\oCVRPBO.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\gtrlTOQ.exe
  C:\Windows\System\gtrlTOQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\eMJHgzO.exe
  C:\Windows\System\eMJHgzO.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ZDsaZNe.exe
  C:\Windows\System\ZDsaZNe.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\iaiKPCb.exe
  C:\Windows\System\iaiKPCb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\xPOKajO.exe
  C:\Windows\System\xPOKajO.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\zWiLPwr.exe
  C:\Windows\System\zWiLPwr.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\zfvhlPR.exe
  C:\Windows\System\zfvhlPR.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\JddxJhc.exe
  C:\Windows\System\JddxJhc.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\uxWuBou.exe
  C:\Windows\System\uxWuBou.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\odBFbim.exe
  C:\Windows\System\odBFbim.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\zPhflWU.exe
  C:\Windows\System\zPhflWU.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\scxJmHK.exe
  C:\Windows\System\scxJmHK.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\sizqqoC.exe
  C:\Windows\System\sizqqoC.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\eHbGcVf.exe
  C:\Windows\System\eHbGcVf.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\ilpQyLU.exe
  C:\Windows\System\ilpQyLU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\wXtzWGu.exe
  C:\Windows\System\wXtzWGu.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\CeOyeEC.exe
  C:\Windows\System\CeOyeEC.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qCOVbVR.exe
  C:\Windows\System\qCOVbVR.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\FvPPajQ.exe
  C:\Windows\System\FvPPajQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\KIkPxyu.exe
  C:\Windows\System\KIkPxyu.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\iJTqDBe.exe
  C:\Windows\System\iJTqDBe.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\ZQVHmjQ.exe
  C:\Windows\System\ZQVHmjQ.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\zcTIFPO.exe
  C:\Windows\System\zcTIFPO.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\LphVllQ.exe
  C:\Windows\System\LphVllQ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\xcRlLsu.exe
  C:\Windows\System\xcRlLsu.exe
  2⤵
  PID:2836
- C:\Windows\System\sUAwdCh.exe
  C:\Windows\System\sUAwdCh.exe
  2⤵
  PID:2656
- C:\Windows\System\Cicyhej.exe
  C:\Windows\System\Cicyhej.exe
  2⤵
  PID:2676
- C:\Windows\System\HwQnzeK.exe
  C:\Windows\System\HwQnzeK.exe
  2⤵
  PID:2652
- C:\Windows\System\EojmPPG.exe
  C:\Windows\System\EojmPPG.exe
  2⤵
  PID:980
- C:\Windows\System\crYiKOk.exe
  C:\Windows\System\crYiKOk.exe
  2⤵
  PID:1692
- C:\Windows\System\OJaVGZn.exe
  C:\Windows\System\OJaVGZn.exe
  2⤵
  PID:1764
- C:\Windows\System\hmWMDbv.exe
  C:\Windows\System\hmWMDbv.exe
  2⤵
  PID:1728
- C:\Windows\System\WzTrVHm.exe
  C:\Windows\System\WzTrVHm.exe
  2⤵
  PID:1080
- C:\Windows\System\ItnFUTx.exe
  C:\Windows\System\ItnFUTx.exe
  2⤵
  PID:3068
- C:\Windows\System\zfFMBsA.exe
  C:\Windows\System\zfFMBsA.exe
  2⤵
  PID:2924
- C:\Windows\System\BoRyJtk.exe
  C:\Windows\System\BoRyJtk.exe
  2⤵
  PID:1536
- C:\Windows\System\GrzMvCY.exe
  C:\Windows\System\GrzMvCY.exe
  2⤵
  PID:2272
- C:\Windows\System\XWGbWYQ.exe
  C:\Windows\System\XWGbWYQ.exe
  2⤵
  PID:1280
- C:\Windows\System\tviugKj.exe
  C:\Windows\System\tviugKj.exe
  2⤵
  PID:1176
- C:\Windows\System\CPRPQZp.exe
  C:\Windows\System\CPRPQZp.exe
  2⤵
  PID:1776
- C:\Windows\System\OMXRLtk.exe
  C:\Windows\System\OMXRLtk.exe
  2⤵
  PID:1696
- C:\Windows\System\GKrEOQy.exe
  C:\Windows\System\GKrEOQy.exe
  2⤵
  PID:612
- C:\Windows\System\rUmaOsG.exe
  C:\Windows\System\rUmaOsG.exe
  2⤵
  PID:1212
- C:\Windows\System\tFWaabQ.exe
  C:\Windows\System\tFWaabQ.exe
  2⤵
  PID:1472
- C:\Windows\System\JuGjvrD.exe
  C:\Windows\System\JuGjvrD.exe
  2⤵
  PID:2184
- C:\Windows\System\NqdRTfV.exe
  C:\Windows\System\NqdRTfV.exe
  2⤵
  PID:2488
- C:\Windows\System\jZNVuhK.exe
  C:\Windows\System\jZNVuhK.exe
  2⤵
  PID:1724
- C:\Windows\System\ZZjjIbh.exe
  C:\Windows\System\ZZjjIbh.exe
  2⤵
  PID:1456
- C:\Windows\System\LjPSGvn.exe
  C:\Windows\System\LjPSGvn.exe
  2⤵
  PID:1200
- C:\Windows\System\nscdwdI.exe
  C:\Windows\System\nscdwdI.exe
  2⤵
  PID:2020
- C:\Windows\System\lEooSOJ.exe
  C:\Windows\System\lEooSOJ.exe
  2⤵
  PID:1664
- C:\Windows\System\dVGVOWL.exe
  C:\Windows\System\dVGVOWL.exe
  2⤵
  PID:1512
- C:\Windows\System\vWpejPC.exe
  C:\Windows\System\vWpejPC.exe
  2⤵
  PID:3040
- C:\Windows\System\xxZmoSC.exe
  C:\Windows\System\xxZmoSC.exe
  2⤵
  PID:2480
- C:\Windows\System\NraPwkJ.exe
  C:\Windows\System\NraPwkJ.exe
  2⤵
  PID:2088
- C:\Windows\System\jZiyeim.exe
  C:\Windows\System\jZiyeim.exe
  2⤵
  PID:2728
- C:\Windows\System\CHnGOvR.exe
  C:\Windows\System\CHnGOvR.exe
  2⤵
  PID:2768
- C:\Windows\System\LTIjMIg.exe
  C:\Windows\System\LTIjMIg.exe
  2⤵
  PID:2648
- C:\Windows\System\dgmrhoS.exe
  C:\Windows\System\dgmrhoS.exe
  2⤵
  PID:672
- C:\Windows\System\oAEdPrc.exe
  C:\Windows\System\oAEdPrc.exe
  2⤵
  PID:2688
- C:\Windows\System\RHrbswx.exe
  C:\Windows\System\RHrbswx.exe
  2⤵
  PID:1596
- C:\Windows\System\ETDEymT.exe
  C:\Windows\System\ETDEymT.exe
  2⤵
  PID:2896
- C:\Windows\System\OFpsIOG.exe
  C:\Windows\System\OFpsIOG.exe
  2⤵
  PID:2232
- C:\Windows\System\xbEtPWz.exe
  C:\Windows\System\xbEtPWz.exe
  2⤵
  PID:2580
- C:\Windows\System\SdQGsRc.exe
  C:\Windows\System\SdQGsRc.exe
  2⤵
  PID:768
- C:\Windows\System\LWJIzYr.exe
  C:\Windows\System\LWJIzYr.exe
  2⤵
  PID:2092
- C:\Windows\System\QQlGmzd.exe
  C:\Windows\System\QQlGmzd.exe
  2⤵
  PID:1636
- C:\Windows\System\NIoWeiY.exe
  C:\Windows\System\NIoWeiY.exe
  2⤵
  PID:2116
- C:\Windows\System\DKrrIsj.exe
  C:\Windows\System\DKrrIsj.exe
  2⤵
  PID:2388
- C:\Windows\System\hFvHVzN.exe
  C:\Windows\System\hFvHVzN.exe
  2⤵
  PID:1668
- C:\Windows\System\zMTNybC.exe
  C:\Windows\System\zMTNybC.exe
  2⤵
  PID:1076
- C:\Windows\System\oFtKqeQ.exe
  C:\Windows\System\oFtKqeQ.exe
  2⤵
  PID:2372
- C:\Windows\System\eUljfwW.exe
  C:\Windows\System\eUljfwW.exe
  2⤵
  PID:3084
- C:\Windows\System\zcpyero.exe
  C:\Windows\System\zcpyero.exe
  2⤵
  PID:3104
- C:\Windows\System\xmInvwv.exe
  C:\Windows\System\xmInvwv.exe
  2⤵
  PID:3124
- C:\Windows\System\oqgpBoi.exe
  C:\Windows\System\oqgpBoi.exe
  2⤵
  PID:3144
- C:\Windows\System\DCIxkTd.exe
  C:\Windows\System\DCIxkTd.exe
  2⤵
  PID:3164
- C:\Windows\System\bGZztem.exe
  C:\Windows\System\bGZztem.exe
  2⤵
  PID:3184
- C:\Windows\System\CtvrXrj.exe
  C:\Windows\System\CtvrXrj.exe
  2⤵
  PID:3204
- C:\Windows\System\bxQISUJ.exe
  C:\Windows\System\bxQISUJ.exe
  2⤵
  PID:3224
- C:\Windows\System\UeoJxUK.exe
  C:\Windows\System\UeoJxUK.exe
  2⤵
  PID:3244
- C:\Windows\System\WUPVOMc.exe
  C:\Windows\System\WUPVOMc.exe
  2⤵
  PID:3264
- C:\Windows\System\uxkOKjd.exe
  C:\Windows\System\uxkOKjd.exe
  2⤵
  PID:3284
- C:\Windows\System\eiwVzeb.exe
  C:\Windows\System\eiwVzeb.exe
  2⤵
  PID:3304
- C:\Windows\System\ORDkobJ.exe
  C:\Windows\System\ORDkobJ.exe
  2⤵
  PID:3324
- C:\Windows\System\aQUFOzu.exe
  C:\Windows\System\aQUFOzu.exe
  2⤵
  PID:3344
- C:\Windows\System\wdFBvjm.exe
  C:\Windows\System\wdFBvjm.exe
  2⤵
  PID:3364
- C:\Windows\System\rMAmdec.exe
  C:\Windows\System\rMAmdec.exe
  2⤵
  PID:3384
- C:\Windows\System\mJAgIan.exe
  C:\Windows\System\mJAgIan.exe
  2⤵
  PID:3404
- C:\Windows\System\idiJOSH.exe
  C:\Windows\System\idiJOSH.exe
  2⤵
  PID:3424
- C:\Windows\System\xdvsAtX.exe
  C:\Windows\System\xdvsAtX.exe
  2⤵
  PID:3444
- C:\Windows\System\qBQcDnR.exe
  C:\Windows\System\qBQcDnR.exe
  2⤵
  PID:3464
- C:\Windows\System\GhAjPYY.exe
  C:\Windows\System\GhAjPYY.exe
  2⤵
  PID:3484
- C:\Windows\System\FslquOF.exe
  C:\Windows\System\FslquOF.exe
  2⤵
  PID:3504
- C:\Windows\System\bHIvzoV.exe
  C:\Windows\System\bHIvzoV.exe
  2⤵
  PID:3524
- C:\Windows\System\zOTcZjO.exe
  C:\Windows\System\zOTcZjO.exe
  2⤵
  PID:3544
- C:\Windows\System\ZKdahCl.exe
  C:\Windows\System\ZKdahCl.exe
  2⤵
  PID:3564
- C:\Windows\System\IuqNuuG.exe
  C:\Windows\System\IuqNuuG.exe
  2⤵
  PID:3584
- C:\Windows\System\gYpbUAu.exe
  C:\Windows\System\gYpbUAu.exe
  2⤵
  PID:3604
- C:\Windows\System\iFFsbFB.exe
  C:\Windows\System\iFFsbFB.exe
  2⤵
  PID:3624
- C:\Windows\System\xhViDzj.exe
  C:\Windows\System\xhViDzj.exe
  2⤵
  PID:3644
- C:\Windows\System\TAGdenN.exe
  C:\Windows\System\TAGdenN.exe
  2⤵
  PID:3664
- C:\Windows\System\gCjGqFs.exe
  C:\Windows\System\gCjGqFs.exe
  2⤵
  PID:3684
- C:\Windows\System\MLtyhYU.exe
  C:\Windows\System\MLtyhYU.exe
  2⤵
  PID:3704
- C:\Windows\System\CpqSiAJ.exe
  C:\Windows\System\CpqSiAJ.exe
  2⤵
  PID:3724
- C:\Windows\System\dnsLPbu.exe
  C:\Windows\System\dnsLPbu.exe
  2⤵
  PID:3744
- C:\Windows\System\CZTfWZi.exe
  C:\Windows\System\CZTfWZi.exe
  2⤵
  PID:3764
- C:\Windows\System\cYdOOjQ.exe
  C:\Windows\System\cYdOOjQ.exe
  2⤵
  PID:3784
- C:\Windows\System\rumZlDK.exe
  C:\Windows\System\rumZlDK.exe
  2⤵
  PID:3804
- C:\Windows\System\hzaaYyZ.exe
  C:\Windows\System\hzaaYyZ.exe
  2⤵
  PID:3824
- C:\Windows\System\YcCpRZI.exe
  C:\Windows\System\YcCpRZI.exe
  2⤵
  PID:3844
- C:\Windows\System\lFnRyES.exe
  C:\Windows\System\lFnRyES.exe
  2⤵
  PID:3864
- C:\Windows\System\WnwvkPi.exe
  C:\Windows\System\WnwvkPi.exe
  2⤵
  PID:3884
- C:\Windows\System\hvfIzVA.exe
  C:\Windows\System\hvfIzVA.exe
  2⤵
  PID:3904
- C:\Windows\System\ZvUpTPH.exe
  C:\Windows\System\ZvUpTPH.exe
  2⤵
  PID:3924
- C:\Windows\System\ODPZCrw.exe
  C:\Windows\System\ODPZCrw.exe
  2⤵
  PID:3944
- C:\Windows\System\DFWNKwv.exe
  C:\Windows\System\DFWNKwv.exe
  2⤵
  PID:3964
- C:\Windows\System\oQXXnzo.exe
  C:\Windows\System\oQXXnzo.exe
  2⤵
  PID:3984
- C:\Windows\System\eKYjruu.exe
  C:\Windows\System\eKYjruu.exe
  2⤵
  PID:4004
- C:\Windows\System\dNsuCgi.exe
  C:\Windows\System\dNsuCgi.exe
  2⤵
  PID:4024
- C:\Windows\System\CRNuMYL.exe
  C:\Windows\System\CRNuMYL.exe
  2⤵
  PID:4044
- C:\Windows\System\NmLwGXc.exe
  C:\Windows\System\NmLwGXc.exe
  2⤵
  PID:4064
- C:\Windows\System\eOiSRyc.exe
  C:\Windows\System\eOiSRyc.exe
  2⤵
  PID:4084
- C:\Windows\System\OmViQjo.exe
  C:\Windows\System\OmViQjo.exe
  2⤵
  PID:1932
- C:\Windows\System\CUkLLqv.exe
  C:\Windows\System\CUkLLqv.exe
  2⤵
  PID:2152
- C:\Windows\System\xFHkOoF.exe
  C:\Windows\System\xFHkOoF.exe
  2⤵
  PID:2872
- C:\Windows\System\xGuxQdS.exe
  C:\Windows\System\xGuxQdS.exe
  2⤵
  PID:2776
- C:\Windows\System\cZOOPqE.exe
  C:\Windows\System\cZOOPqE.exe
  2⤵
  PID:2496
- C:\Windows\System\vfcjLIJ.exe
  C:\Windows\System\vfcjLIJ.exe
  2⤵
  PID:1372
- C:\Windows\System\aTHPJAI.exe
  C:\Windows\System\aTHPJAI.exe
  2⤵
  PID:2212
- C:\Windows\System\IGPIxDj.exe
  C:\Windows\System\IGPIxDj.exe
  2⤵
  PID:632
- C:\Windows\System\UEidLuv.exe
  C:\Windows\System\UEidLuv.exe
  2⤵
  PID:2980
- C:\Windows\System\bPKVdMA.exe
  C:\Windows\System\bPKVdMA.exe
  2⤵
  PID:1656
- C:\Windows\System\vXxrYrV.exe
  C:\Windows\System\vXxrYrV.exe
  2⤵
  PID:1208
- C:\Windows\System\JoUZUgc.exe
  C:\Windows\System\JoUZUgc.exe
  2⤵
  PID:1848
- C:\Windows\System\NhUYPqT.exe
  C:\Windows\System\NhUYPqT.exe
  2⤵
  PID:3080
- C:\Windows\System\diJfqdM.exe
  C:\Windows\System\diJfqdM.exe
  2⤵
  PID:3112
- C:\Windows\System\uLbRgqD.exe
  C:\Windows\System\uLbRgqD.exe
  2⤵
  PID:3136
- C:\Windows\System\llihpBt.exe
  C:\Windows\System\llihpBt.exe
  2⤵
  PID:3156
- C:\Windows\System\QuztlWA.exe
  C:\Windows\System\QuztlWA.exe
  2⤵
  PID:3200
- C:\Windows\System\knjOmhQ.exe
  C:\Windows\System\knjOmhQ.exe
  2⤵
  PID:3236
- C:\Windows\System\XQqsqoo.exe
  C:\Windows\System\XQqsqoo.exe
  2⤵
  PID:3280
- C:\Windows\System\ZvGxxgB.exe
  C:\Windows\System\ZvGxxgB.exe
  2⤵
  PID:3312
- C:\Windows\System\fXFPZcN.exe
  C:\Windows\System\fXFPZcN.exe
  2⤵
  PID:3336
- C:\Windows\System\FmfgqQA.exe
  C:\Windows\System\FmfgqQA.exe
  2⤵
  PID:3380
- C:\Windows\System\rPRSdVI.exe
  C:\Windows\System\rPRSdVI.exe
  2⤵
  PID:3420
- C:\Windows\System\xcHiDtn.exe
  C:\Windows\System\xcHiDtn.exe
  2⤵
  PID:3452
- C:\Windows\System\hnQSiDP.exe
  C:\Windows\System\hnQSiDP.exe
  2⤵
  PID:3480
- C:\Windows\System\idGIhPN.exe
  C:\Windows\System\idGIhPN.exe
  2⤵
  PID:3512
- C:\Windows\System\jesnckf.exe
  C:\Windows\System\jesnckf.exe
  2⤵
  PID:3536
- C:\Windows\System\pBDtCcw.exe
  C:\Windows\System\pBDtCcw.exe
  2⤵
  PID:3556
- C:\Windows\System\jjRVdFl.exe
  C:\Windows\System\jjRVdFl.exe
  2⤵
  PID:3620
- C:\Windows\System\lAiknhy.exe
  C:\Windows\System\lAiknhy.exe
  2⤵
  PID:3660
- C:\Windows\System\FmCoefW.exe
  C:\Windows\System\FmCoefW.exe
  2⤵
  PID:3680
- C:\Windows\System\ilQAtLH.exe
  C:\Windows\System\ilQAtLH.exe
  2⤵
  PID:3712
- C:\Windows\System\oJxNgNG.exe
  C:\Windows\System\oJxNgNG.exe
  2⤵
  PID:3736
- C:\Windows\System\FiYrdbm.exe
  C:\Windows\System\FiYrdbm.exe
  2⤵
  PID:3780
- C:\Windows\System\eIqaiis.exe
  C:\Windows\System\eIqaiis.exe
  2⤵
  PID:3796
- C:\Windows\System\MQTVtxZ.exe
  C:\Windows\System\MQTVtxZ.exe
  2⤵
  PID:3852
- C:\Windows\System\eilvquV.exe
  C:\Windows\System\eilvquV.exe
  2⤵
  PID:3880
- C:\Windows\System\wgMFiSi.exe
  C:\Windows\System\wgMFiSi.exe
  2⤵
  PID:3932
- C:\Windows\System\RYnTYan.exe
  C:\Windows\System\RYnTYan.exe
  2⤵
  PID:3936
- C:\Windows\System\TWTkHyh.exe
  C:\Windows\System\TWTkHyh.exe
  2⤵
  PID:3980
- C:\Windows\System\ThRieln.exe
  C:\Windows\System\ThRieln.exe
  2⤵
  PID:4020
- C:\Windows\System\NgRNdGf.exe
  C:\Windows\System\NgRNdGf.exe
  2⤵
  PID:4052
- C:\Windows\System\lKKHIvt.exe
  C:\Windows\System\lKKHIvt.exe
  2⤵
  PID:4092
- C:\Windows\System\KHEJUEw.exe
  C:\Windows\System\KHEJUEw.exe
  2⤵
  PID:2324
- C:\Windows\System\vTWzVZg.exe
  C:\Windows\System\vTWzVZg.exe
  2⤵
  PID:2852
- C:\Windows\System\MItGtHr.exe
  C:\Windows\System\MItGtHr.exe
  2⤵
  PID:2816
- C:\Windows\System\VsTPqSW.exe
  C:\Windows\System\VsTPqSW.exe
  2⤵
  PID:272
- C:\Windows\System\uvNmVdX.exe
  C:\Windows\System\uvNmVdX.exe
  2⤵
  PID:2216
- C:\Windows\System\HhgmKHD.exe
  C:\Windows\System\HhgmKHD.exe
  2⤵
  PID:1640
- C:\Windows\System\CzwRHnB.exe
  C:\Windows\System\CzwRHnB.exe
  2⤵
  PID:940
- C:\Windows\System\MukDinD.exe
  C:\Windows\System\MukDinD.exe
  2⤵
  PID:1732
- C:\Windows\System\ARXhuvF.exe
  C:\Windows\System\ARXhuvF.exe
  2⤵
  PID:3116
- C:\Windows\System\JtNFXDk.exe
  C:\Windows\System\JtNFXDk.exe
  2⤵
  PID:3172
- C:\Windows\System\dexczcL.exe
  C:\Windows\System\dexczcL.exe
  2⤵
  PID:3256
- C:\Windows\System\EmVAlvM.exe
  C:\Windows\System\EmVAlvM.exe
  2⤵
  PID:3276
- C:\Windows\System\yWaAyLJ.exe
  C:\Windows\System\yWaAyLJ.exe
  2⤵
  PID:3356
- C:\Windows\System\mPBRXIX.exe
  C:\Windows\System\mPBRXIX.exe
  2⤵
  PID:3436
- C:\Windows\System\wIOBAYh.exe
  C:\Windows\System\wIOBAYh.exe
  2⤵
  PID:3496
- C:\Windows\System\beFukkg.exe
  C:\Windows\System\beFukkg.exe
  2⤵
  PID:3560
- C:\Windows\System\HWafSyF.exe
  C:\Windows\System\HWafSyF.exe
  2⤵
  PID:3600
- C:\Windows\System\wAEfhxr.exe
  C:\Windows\System\wAEfhxr.exe
  2⤵
  PID:3656
- C:\Windows\System\uKnRnBo.exe
  C:\Windows\System\uKnRnBo.exe
  2⤵
  PID:3716
- C:\Windows\System\FmDgQks.exe
  C:\Windows\System\FmDgQks.exe
  2⤵
  PID:3792
- C:\Windows\System\TUIWcfT.exe
  C:\Windows\System\TUIWcfT.exe
  2⤵
  PID:3872
- C:\Windows\System\YPJHVDL.exe
  C:\Windows\System\YPJHVDL.exe
  2⤵
  PID:3896
- C:\Windows\System\bmSShjZ.exe
  C:\Windows\System\bmSShjZ.exe
  2⤵
  PID:3972
- C:\Windows\System\FqMIPLF.exe
  C:\Windows\System\FqMIPLF.exe
  2⤵
  PID:4040
- C:\Windows\System\LGztBGV.exe
  C:\Windows\System\LGztBGV.exe
  2⤵
  PID:2828
- C:\Windows\System\rkdRFsB.exe
  C:\Windows\System\rkdRFsB.exe
  2⤵
  PID:2380
- C:\Windows\System\oxVnuQZ.exe
  C:\Windows\System\oxVnuQZ.exe
  2⤵
  PID:1888
- C:\Windows\System\FKnYOil.exe
  C:\Windows\System\FKnYOil.exe
  2⤵
  PID:952
- C:\Windows\System\BJlbPXK.exe
  C:\Windows\System\BJlbPXK.exe
  2⤵
  PID:1988
- C:\Windows\System\ynkVQaN.exe
  C:\Windows\System\ynkVQaN.exe
  2⤵
  PID:3180
- C:\Windows\System\rIWdtHu.exe
  C:\Windows\System\rIWdtHu.exe
  2⤵
  PID:3240
- C:\Windows\System\fAjLpHY.exe
  C:\Windows\System\fAjLpHY.exe
  2⤵
  PID:3360
- C:\Windows\System\eSCgftM.exe
  C:\Windows\System\eSCgftM.exe
  2⤵
  PID:3440
- C:\Windows\System\KycQflH.exe
  C:\Windows\System\KycQflH.exe
  2⤵
  PID:3476
- C:\Windows\System\DKAzTXj.exe
  C:\Windows\System\DKAzTXj.exe
  2⤵
  PID:4104
- C:\Windows\System\HWXyqTd.exe
  C:\Windows\System\HWXyqTd.exe
  2⤵
  PID:4124
- C:\Windows\System\ZytdmED.exe
  C:\Windows\System\ZytdmED.exe
  2⤵
  PID:4144
- C:\Windows\System\qNrVClY.exe
  C:\Windows\System\qNrVClY.exe
  2⤵
  PID:4168
- C:\Windows\System\GYFVHxc.exe
  C:\Windows\System\GYFVHxc.exe
  2⤵
  PID:4188
- C:\Windows\System\WUYgQPb.exe
  C:\Windows\System\WUYgQPb.exe
  2⤵
  PID:4204
- C:\Windows\System\TTlvIeM.exe
  C:\Windows\System\TTlvIeM.exe
  2⤵
  PID:4228
- C:\Windows\System\bCgTHPs.exe
  C:\Windows\System\bCgTHPs.exe
  2⤵
  PID:4248
- C:\Windows\System\FTuuImk.exe
  C:\Windows\System\FTuuImk.exe
  2⤵
  PID:4268
- C:\Windows\System\FjWJLlR.exe
  C:\Windows\System\FjWJLlR.exe
  2⤵
  PID:4288
- C:\Windows\System\oUVTOuw.exe
  C:\Windows\System\oUVTOuw.exe
  2⤵
  PID:4308
- C:\Windows\System\XjMkWRd.exe
  C:\Windows\System\XjMkWRd.exe
  2⤵
  PID:4328
- C:\Windows\System\QTitdGk.exe
  C:\Windows\System\QTitdGk.exe
  2⤵
  PID:4348
- C:\Windows\System\fjwtHKq.exe
  C:\Windows\System\fjwtHKq.exe
  2⤵
  PID:4368
- C:\Windows\System\evFVbOM.exe
  C:\Windows\System\evFVbOM.exe
  2⤵
  PID:4388
- C:\Windows\System\VkYBDIp.exe
  C:\Windows\System\VkYBDIp.exe
  2⤵
  PID:4408
- C:\Windows\System\sSdrudY.exe
  C:\Windows\System\sSdrudY.exe
  2⤵
  PID:4428
- C:\Windows\System\xMrQlYQ.exe
  C:\Windows\System\xMrQlYQ.exe
  2⤵
  PID:4448
- C:\Windows\System\YSvxGbY.exe
  C:\Windows\System\YSvxGbY.exe
  2⤵
  PID:4468
- C:\Windows\System\RoNlzoG.exe
  C:\Windows\System\RoNlzoG.exe
  2⤵
  PID:4488
- C:\Windows\System\tEmETVA.exe
  C:\Windows\System\tEmETVA.exe
  2⤵
  PID:4508
- C:\Windows\System\quiNUbh.exe
  C:\Windows\System\quiNUbh.exe
  2⤵
  PID:4528
- C:\Windows\System\gzeTAmr.exe
  C:\Windows\System\gzeTAmr.exe
  2⤵
  PID:4548
- C:\Windows\System\PTCWmfh.exe
  C:\Windows\System\PTCWmfh.exe
  2⤵
  PID:4568
- C:\Windows\System\SZHjcjE.exe
  C:\Windows\System\SZHjcjE.exe
  2⤵
  PID:4592
- C:\Windows\System\vPjzoSw.exe
  C:\Windows\System\vPjzoSw.exe
  2⤵
  PID:4612
- C:\Windows\System\vFzGZqn.exe
  C:\Windows\System\vFzGZqn.exe
  2⤵
  PID:4632
- C:\Windows\System\XIpbeew.exe
  C:\Windows\System\XIpbeew.exe
  2⤵
  PID:4652
- C:\Windows\System\SgvSfji.exe
  C:\Windows\System\SgvSfji.exe
  2⤵
  PID:4672
- C:\Windows\System\rtiUrUK.exe
  C:\Windows\System\rtiUrUK.exe
  2⤵
  PID:4692
- C:\Windows\System\qrlMIzx.exe
  C:\Windows\System\qrlMIzx.exe
  2⤵
  PID:4712
- C:\Windows\System\zBueQxo.exe
  C:\Windows\System\zBueQxo.exe
  2⤵
  PID:4732
- C:\Windows\System\alRGGvY.exe
  C:\Windows\System\alRGGvY.exe
  2⤵
  PID:4752
- C:\Windows\System\vSogVHL.exe
  C:\Windows\System\vSogVHL.exe
  2⤵
  PID:4772
- C:\Windows\System\biKXgsX.exe
  C:\Windows\System\biKXgsX.exe
  2⤵
  PID:4792
- C:\Windows\System\pBrxssJ.exe
  C:\Windows\System\pBrxssJ.exe
  2⤵
  PID:4812
- C:\Windows\System\jJFazMs.exe
  C:\Windows\System\jJFazMs.exe
  2⤵
  PID:4832
- C:\Windows\System\DAiDIos.exe
  C:\Windows\System\DAiDIos.exe
  2⤵
  PID:4852
- C:\Windows\System\AhoVnZP.exe
  C:\Windows\System\AhoVnZP.exe
  2⤵
  PID:4872
- C:\Windows\System\yeRSKFl.exe
  C:\Windows\System\yeRSKFl.exe
  2⤵
  PID:4892
- C:\Windows\System\TjekLeb.exe
  C:\Windows\System\TjekLeb.exe
  2⤵
  PID:4912
- C:\Windows\System\lCtSvkR.exe
  C:\Windows\System\lCtSvkR.exe
  2⤵
  PID:4932
- C:\Windows\System\UGfoBZS.exe
  C:\Windows\System\UGfoBZS.exe
  2⤵
  PID:4952
- C:\Windows\System\uKwYmuA.exe
  C:\Windows\System\uKwYmuA.exe
  2⤵
  PID:4972
- C:\Windows\System\SDLASyH.exe
  C:\Windows\System\SDLASyH.exe
  2⤵
  PID:4992
- C:\Windows\System\FqPONae.exe
  C:\Windows\System\FqPONae.exe
  2⤵
  PID:5012
- C:\Windows\System\yCMnzpC.exe
  C:\Windows\System\yCMnzpC.exe
  2⤵
  PID:5032
- C:\Windows\System\VFumztP.exe
  C:\Windows\System\VFumztP.exe
  2⤵
  PID:5052
- C:\Windows\System\sxikLcy.exe
  C:\Windows\System\sxikLcy.exe
  2⤵
  PID:5072
- C:\Windows\System\FSuBkXp.exe
  C:\Windows\System\FSuBkXp.exe
  2⤵
  PID:5092
- C:\Windows\System\uLksrul.exe
  C:\Windows\System\uLksrul.exe
  2⤵
  PID:5112
- C:\Windows\System\cnVDgkf.exe
  C:\Windows\System\cnVDgkf.exe
  2⤵
  PID:3720
- C:\Windows\System\OJrFeyz.exe
  C:\Windows\System\OJrFeyz.exe
  2⤵
  PID:3812
- C:\Windows\System\YxJrdiX.exe
  C:\Windows\System\YxJrdiX.exe
  2⤵
  PID:3920
- C:\Windows\System\RFMAOze.exe
  C:\Windows\System\RFMAOze.exe
  2⤵
  PID:3956
- C:\Windows\System\UzzefZX.exe
  C:\Windows\System\UzzefZX.exe
  2⤵
  PID:4032
- C:\Windows\System\vpKHfpH.exe
  C:\Windows\System\vpKHfpH.exe
  2⤵
  PID:1920
- C:\Windows\System\GJuqejm.exe
  C:\Windows\System\GJuqejm.exe
  2⤵
  PID:3016
- C:\Windows\System\QsAUpBF.exe
  C:\Windows\System\QsAUpBF.exe
  2⤵
  PID:3220
- C:\Windows\System\IhegTwY.exe
  C:\Windows\System\IhegTwY.exe
  2⤵
  PID:3372
- C:\Windows\System\BahLckg.exe
  C:\Windows\System\BahLckg.exe
  2⤵
  PID:3456
- C:\Windows\System\aLdSesM.exe
  C:\Windows\System\aLdSesM.exe
  2⤵
  PID:3612
- C:\Windows\System\bMnrbTP.exe
  C:\Windows\System\bMnrbTP.exe
  2⤵
  PID:4140
- C:\Windows\System\lETxxaS.exe
  C:\Windows\System\lETxxaS.exe
  2⤵
  PID:4160
- C:\Windows\System\IZcLEpF.exe
  C:\Windows\System\IZcLEpF.exe
  2⤵
  PID:4224
- C:\Windows\System\tfycuIX.exe
  C:\Windows\System\tfycuIX.exe
  2⤵
  PID:4244
- C:\Windows\System\DHXXaqC.exe
  C:\Windows\System\DHXXaqC.exe
  2⤵
  PID:4276
- C:\Windows\System\DaiwIAS.exe
  C:\Windows\System\DaiwIAS.exe
  2⤵
  PID:4300
- C:\Windows\System\xxYpPUf.exe
  C:\Windows\System\xxYpPUf.exe
  2⤵
  PID:4344
- C:\Windows\System\UAuEvyt.exe
  C:\Windows\System\UAuEvyt.exe
  2⤵
  PID:4360
- C:\Windows\System\kOMMkom.exe
  C:\Windows\System\kOMMkom.exe
  2⤵
  PID:4424
- C:\Windows\System\yuxlMcD.exe
  C:\Windows\System\yuxlMcD.exe
  2⤵
  PID:4456
- C:\Windows\System\JMwIGwT.exe
  C:\Windows\System\JMwIGwT.exe
  2⤵
  PID:4484
- C:\Windows\System\szVOYPp.exe
  C:\Windows\System\szVOYPp.exe
  2⤵
  PID:4516
- C:\Windows\System\ZABHQdq.exe
  C:\Windows\System\ZABHQdq.exe
  2⤵
  PID:4540
- C:\Windows\System\wRsEPol.exe
  C:\Windows\System\wRsEPol.exe
  2⤵
  PID:4560
- C:\Windows\System\ftkJgUI.exe
  C:\Windows\System\ftkJgUI.exe
  2⤵
  PID:4608
- C:\Windows\System\TrQiWEz.exe
  C:\Windows\System\TrQiWEz.exe
  2⤵
  PID:4660
- C:\Windows\System\dHnpoQe.exe
  C:\Windows\System\dHnpoQe.exe
  2⤵
  PID:4700
- C:\Windows\System\gAFrVFy.exe
  C:\Windows\System\gAFrVFy.exe
  2⤵
  PID:4720
- C:\Windows\System\SrTZrRv.exe
  C:\Windows\System\SrTZrRv.exe
  2⤵
  PID:4744
- C:\Windows\System\uvvGHTP.exe
  C:\Windows\System\uvvGHTP.exe
  2⤵
  PID:4764
- C:\Windows\System\DrIkqNA.exe
  C:\Windows\System\DrIkqNA.exe
  2⤵
  PID:4828
- C:\Windows\System\RxmJyzn.exe
  C:\Windows\System\RxmJyzn.exe
  2⤵
  PID:4848
- C:\Windows\System\qrKibWa.exe
  C:\Windows\System\qrKibWa.exe
  2⤵
  PID:4880
- C:\Windows\System\NfXQCcw.exe
  C:\Windows\System\NfXQCcw.exe
  2⤵
  PID:4920
- C:\Windows\System\Ddpowrb.exe
  C:\Windows\System\Ddpowrb.exe
  2⤵
  PID:4944
- C:\Windows\System\spcYBrU.exe
  C:\Windows\System\spcYBrU.exe
  2⤵
  PID:4968
- C:\Windows\System\nsOdLMJ.exe
  C:\Windows\System\nsOdLMJ.exe
  2⤵
  PID:5004
- C:\Windows\System\rvgMEQW.exe
  C:\Windows\System\rvgMEQW.exe
  2⤵
  PID:5048
- C:\Windows\System\YwGWetO.exe
  C:\Windows\System\YwGWetO.exe
  2⤵
  PID:5088
- C:\Windows\System\aVmHvIi.exe
  C:\Windows\System\aVmHvIi.exe
  2⤵
  PID:3636
- C:\Windows\System\EAzxMHK.exe
  C:\Windows\System\EAzxMHK.exe
  2⤵
  PID:3756
- C:\Windows\System\QMiBvVW.exe
  C:\Windows\System\QMiBvVW.exe
  2⤵
  PID:3832
- C:\Windows\System\upqfQYp.exe
  C:\Windows\System\upqfQYp.exe
  2⤵
  PID:2916
- C:\Windows\System\QvjmqYj.exe
  C:\Windows\System\QvjmqYj.exe
  2⤵
  PID:2268
- C:\Windows\System\aKxqMsn.exe
  C:\Windows\System\aKxqMsn.exe
  2⤵
  PID:3340
- C:\Windows\System\FRgXzev.exe
  C:\Windows\System\FRgXzev.exe
  2⤵
  PID:3532
- C:\Windows\System\axMJSpA.exe
  C:\Windows\System\axMJSpA.exe
  2⤵
  PID:4116
- C:\Windows\System\ioDomRQ.exe
  C:\Windows\System\ioDomRQ.exe
  2⤵
  PID:4176
- C:\Windows\System\oXzOiBk.exe
  C:\Windows\System\oXzOiBk.exe
  2⤵
  PID:4200
- C:\Windows\System\VMgHkNC.exe
  C:\Windows\System\VMgHkNC.exe
  2⤵
  PID:4280
- C:\Windows\System\fzFESXw.exe
  C:\Windows\System\fzFESXw.exe
  2⤵
  PID:4364
- C:\Windows\System\NwHZpeL.exe
  C:\Windows\System\NwHZpeL.exe
  2⤵
  PID:4400
- C:\Windows\System\gLGDJok.exe
  C:\Windows\System\gLGDJok.exe
  2⤵
  PID:4464
- C:\Windows\System\rSTKLEB.exe
  C:\Windows\System\rSTKLEB.exe
  2⤵
  PID:4520
- C:\Windows\System\vmyXvGU.exe
  C:\Windows\System\vmyXvGU.exe
  2⤵
  PID:4600
- C:\Windows\System\gIqqxRf.exe
  C:\Windows\System\gIqqxRf.exe
  2⤵
  PID:4648
- C:\Windows\System\OUScCDA.exe
  C:\Windows\System\OUScCDA.exe
  2⤵
  PID:4684
- C:\Windows\System\lSVNnIm.exe
  C:\Windows\System\lSVNnIm.exe
  2⤵
  PID:4788
- C:\Windows\System\hMizZOJ.exe
  C:\Windows\System\hMizZOJ.exe
  2⤵
  PID:4800
- C:\Windows\System\Kuqzofs.exe
  C:\Windows\System\Kuqzofs.exe
  2⤵
  PID:4900
- C:\Windows\System\qnNCMeu.exe
  C:\Windows\System\qnNCMeu.exe
  2⤵
  PID:4948
- C:\Windows\System\nfjbQOl.exe
  C:\Windows\System\nfjbQOl.exe
  2⤵
  PID:4988
- C:\Windows\System\dqvgwkI.exe
  C:\Windows\System\dqvgwkI.exe
  2⤵
  PID:5060
- C:\Windows\System\QBmHMmG.exe
  C:\Windows\System\QBmHMmG.exe
  2⤵
  PID:5084
- C:\Windows\System\yUKLWse.exe
  C:\Windows\System\yUKLWse.exe
  2⤵
  PID:3740
- C:\Windows\System\PUepcCf.exe
  C:\Windows\System\PUepcCf.exe
  2⤵
  PID:4016
- C:\Windows\System\xiJXtJd.exe
  C:\Windows\System\xiJXtJd.exe
  2⤵
  PID:3160
- C:\Windows\System\KfqUIoQ.exe
  C:\Windows\System\KfqUIoQ.exe
  2⤵
  PID:3100
- C:\Windows\System\qbHjQLL.exe
  C:\Windows\System\qbHjQLL.exe
  2⤵
  PID:4236
- C:\Windows\System\IMGriif.exe
  C:\Windows\System\IMGriif.exe
  2⤵
  PID:4320
- C:\Windows\System\DjtrZNk.exe
  C:\Windows\System\DjtrZNk.exe
  2⤵
  PID:4376
- C:\Windows\System\UqceLqS.exe
  C:\Windows\System\UqceLqS.exe
  2⤵
  PID:4436
- C:\Windows\System\HFWDOrJ.exe
  C:\Windows\System\HFWDOrJ.exe
  2⤵
  PID:4580
- C:\Windows\System\NhXBNir.exe
  C:\Windows\System\NhXBNir.exe
  2⤵
  PID:4668
- C:\Windows\System\WbklcOb.exe
  C:\Windows\System\WbklcOb.exe
  2⤵
  PID:5136
- C:\Windows\System\ECktDaG.exe
  C:\Windows\System\ECktDaG.exe
  2⤵
  PID:5156
- C:\Windows\System\oXsCLIt.exe
  C:\Windows\System\oXsCLIt.exe
  2⤵
  PID:5176
- C:\Windows\System\nMukhXC.exe
  C:\Windows\System\nMukhXC.exe
  2⤵
  PID:5196
- C:\Windows\System\moLOWuR.exe
  C:\Windows\System\moLOWuR.exe
  2⤵
  PID:5216
- C:\Windows\System\ICiTzru.exe
  C:\Windows\System\ICiTzru.exe
  2⤵
  PID:5236
- C:\Windows\System\VAWrqOX.exe
  C:\Windows\System\VAWrqOX.exe
  2⤵
  PID:5256
- C:\Windows\System\BSgIoyU.exe
  C:\Windows\System\BSgIoyU.exe
  2⤵
  PID:5276
- C:\Windows\System\wcnlBvF.exe
  C:\Windows\System\wcnlBvF.exe
  2⤵
  PID:5296
- C:\Windows\System\dqYNhwj.exe
  C:\Windows\System\dqYNhwj.exe
  2⤵
  PID:5316
- C:\Windows\System\nfPiWLv.exe
  C:\Windows\System\nfPiWLv.exe
  2⤵
  PID:5336
- C:\Windows\System\wACNwoR.exe
  C:\Windows\System\wACNwoR.exe
  2⤵
  PID:5356
- C:\Windows\System\vpjcJUw.exe
  C:\Windows\System\vpjcJUw.exe
  2⤵
  PID:5376
- C:\Windows\System\sXVtVLU.exe
  C:\Windows\System\sXVtVLU.exe
  2⤵
  PID:5396
- C:\Windows\System\jYpZOQU.exe
  C:\Windows\System\jYpZOQU.exe
  2⤵
  PID:5416
- C:\Windows\System\ZWEfrvz.exe
  C:\Windows\System\ZWEfrvz.exe
  2⤵
  PID:5436
- C:\Windows\System\jXicvDG.exe
  C:\Windows\System\jXicvDG.exe
  2⤵
  PID:5456
- C:\Windows\System\giZjZcD.exe
  C:\Windows\System\giZjZcD.exe
  2⤵
  PID:5476
- C:\Windows\System\ziuDhuh.exe
  C:\Windows\System\ziuDhuh.exe
  2⤵
  PID:5496
- C:\Windows\System\getZcox.exe
  C:\Windows\System\getZcox.exe
  2⤵
  PID:5516
- C:\Windows\System\cFIgdmN.exe
  C:\Windows\System\cFIgdmN.exe
  2⤵
  PID:5536
- C:\Windows\System\oAWVnDf.exe
  C:\Windows\System\oAWVnDf.exe
  2⤵
  PID:5556
- C:\Windows\System\YvkXrNJ.exe
  C:\Windows\System\YvkXrNJ.exe
  2⤵
  PID:5576
- C:\Windows\System\TPAvOKJ.exe
  C:\Windows\System\TPAvOKJ.exe
  2⤵
  PID:5596
- C:\Windows\System\lJUpKlB.exe
  C:\Windows\System\lJUpKlB.exe
  2⤵
  PID:5616
- C:\Windows\System\GzBnDiA.exe
  C:\Windows\System\GzBnDiA.exe
  2⤵
  PID:5636
- C:\Windows\System\YmdWfmQ.exe
  C:\Windows\System\YmdWfmQ.exe
  2⤵
  PID:5656
- C:\Windows\System\LzIjbRL.exe
  C:\Windows\System\LzIjbRL.exe
  2⤵
  PID:5676
- C:\Windows\System\iUaHeDh.exe
  C:\Windows\System\iUaHeDh.exe
  2⤵
  PID:5696
- C:\Windows\System\rYuYKab.exe
  C:\Windows\System\rYuYKab.exe
  2⤵
  PID:5716
- C:\Windows\System\nlVhXiC.exe
  C:\Windows\System\nlVhXiC.exe
  2⤵
  PID:5736
- C:\Windows\System\UBemAHc.exe
  C:\Windows\System\UBemAHc.exe
  2⤵
  PID:5752
- C:\Windows\System\OSIdOtG.exe
  C:\Windows\System\OSIdOtG.exe
  2⤵
  PID:5776
- C:\Windows\System\SBTgAJD.exe
  C:\Windows\System\SBTgAJD.exe
  2⤵
  PID:5796
- C:\Windows\System\OsElfpo.exe
  C:\Windows\System\OsElfpo.exe
  2⤵
  PID:5816
- C:\Windows\System\AQtYkNE.exe
  C:\Windows\System\AQtYkNE.exe
  2⤵
  PID:5836
- C:\Windows\System\dhFZftI.exe
  C:\Windows\System\dhFZftI.exe
  2⤵
  PID:5856
- C:\Windows\System\WJDDWXV.exe
  C:\Windows\System\WJDDWXV.exe
  2⤵
  PID:5876
- C:\Windows\System\flciJMT.exe
  C:\Windows\System\flciJMT.exe
  2⤵
  PID:5896
- C:\Windows\System\BPmCWwH.exe
  C:\Windows\System\BPmCWwH.exe
  2⤵
  PID:5916
- C:\Windows\System\UsKrZHK.exe
  C:\Windows\System\UsKrZHK.exe
  2⤵
  PID:5936
- C:\Windows\System\xOrKbto.exe
  C:\Windows\System\xOrKbto.exe
  2⤵
  PID:5956
- C:\Windows\System\gZUnfjc.exe
  C:\Windows\System\gZUnfjc.exe
  2⤵
  PID:5976
- C:\Windows\System\pLfPvTd.exe
  C:\Windows\System\pLfPvTd.exe
  2⤵
  PID:5996
- C:\Windows\System\sYjuEGO.exe
  C:\Windows\System\sYjuEGO.exe
  2⤵
  PID:6016
- C:\Windows\System\mJIsKcg.exe
  C:\Windows\System\mJIsKcg.exe
  2⤵
  PID:6036
- C:\Windows\System\CJIRmPu.exe
  C:\Windows\System\CJIRmPu.exe
  2⤵
  PID:6056
- C:\Windows\System\FLLsPjk.exe
  C:\Windows\System\FLLsPjk.exe
  2⤵
  PID:6080
- C:\Windows\System\HJZqozK.exe
  C:\Windows\System\HJZqozK.exe
  2⤵
  PID:6100
- C:\Windows\System\FINKYYV.exe
  C:\Windows\System\FINKYYV.exe
  2⤵
  PID:6120
- C:\Windows\System\mgvAClV.exe
  C:\Windows\System\mgvAClV.exe
  2⤵
  PID:6140
- C:\Windows\System\RYKArja.exe
  C:\Windows\System\RYKArja.exe
  2⤵
  PID:4704
- C:\Windows\System\yGrBJNj.exe
  C:\Windows\System\yGrBJNj.exe
  2⤵
  PID:4928
- C:\Windows\System\jibvxYb.exe
  C:\Windows\System\jibvxYb.exe
  2⤵
  PID:5008
- C:\Windows\System\mIHaJdw.exe
  C:\Windows\System\mIHaJdw.exe
  2⤵
  PID:5068
- C:\Windows\System\ksDYkaV.exe
  C:\Windows\System\ksDYkaV.exe
  2⤵
  PID:3672
- C:\Windows\System\NamOlnm.exe
  C:\Windows\System\NamOlnm.exe
  2⤵
  PID:4056
- C:\Windows\System\hQEonOG.exe
  C:\Windows\System\hQEonOG.exe
  2⤵
  PID:3472
- C:\Windows\System\YQkCnBN.exe
  C:\Windows\System\YQkCnBN.exe
  2⤵
  PID:4324
- C:\Windows\System\DVVIkct.exe
  C:\Windows\System\DVVIkct.exe
  2⤵
  PID:4396
- C:\Windows\System\YEYblYP.exe
  C:\Windows\System\YEYblYP.exe
  2⤵
  PID:4620
- C:\Windows\System\shPwAIC.exe
  C:\Windows\System\shPwAIC.exe
  2⤵
  PID:5128
- C:\Windows\System\Dcmwchn.exe
  C:\Windows\System\Dcmwchn.exe
  2⤵
  PID:5172
- C:\Windows\System\LVGIpkU.exe
  C:\Windows\System\LVGIpkU.exe
  2⤵
  PID:5188
- C:\Windows\System\duyHLZS.exe
  C:\Windows\System\duyHLZS.exe
  2⤵
  PID:5252
- C:\Windows\System\dpaKkdC.exe
  C:\Windows\System\dpaKkdC.exe
  2⤵
  PID:5284
- C:\Windows\System\AfnhObI.exe
  C:\Windows\System\AfnhObI.exe
  2⤵
  PID:5304
- C:\Windows\System\XNdawsd.exe
  C:\Windows\System\XNdawsd.exe
  2⤵
  PID:5308
- C:\Windows\System\CWVqsWn.exe
  C:\Windows\System\CWVqsWn.exe
  2⤵
  PID:5352
- C:\Windows\System\rVRtUUE.exe
  C:\Windows\System\rVRtUUE.exe
  2⤵
  PID:5392
- C:\Windows\System\KrJvEOq.exe
  C:\Windows\System\KrJvEOq.exe
  2⤵
  PID:5432
- C:\Windows\System\KCCPljO.exe
  C:\Windows\System\KCCPljO.exe
  2⤵
  PID:5472
- C:\Windows\System\jIeWbfL.exe
  C:\Windows\System\jIeWbfL.exe
  2⤵
  PID:5524
- C:\Windows\System\ReFmFzH.exe
  C:\Windows\System\ReFmFzH.exe
  2⤵
  PID:5508
- C:\Windows\System\hFnHvie.exe
  C:\Windows\System\hFnHvie.exe
  2⤵
  PID:5612
- C:\Windows\System\OtFRQIa.exe
  C:\Windows\System\OtFRQIa.exe
  2⤵
  PID:5592
- C:\Windows\System\mGaPWse.exe
  C:\Windows\System\mGaPWse.exe
  2⤵
  PID:5652
- C:\Windows\System\zylJgqU.exe
  C:\Windows\System\zylJgqU.exe
  2⤵
  PID:5672
- C:\Windows\System\gvwwfbr.exe
  C:\Windows\System\gvwwfbr.exe
  2⤵
  PID:5724
- C:\Windows\System\jvlnRaI.exe
  C:\Windows\System\jvlnRaI.exe
  2⤵
  PID:5704
- C:\Windows\System\tdELGSM.exe
  C:\Windows\System\tdELGSM.exe
  2⤵
  PID:5744
- C:\Windows\System\tQGUZag.exe
  C:\Windows\System\tQGUZag.exe
  2⤵
  PID:5804
- C:\Windows\System\rEpxowA.exe
  C:\Windows\System\rEpxowA.exe
  2⤵
  PID:5832
- C:\Windows\System\nGZOQJE.exe
  C:\Windows\System\nGZOQJE.exe
  2⤵
  PID:5884
- C:\Windows\System\BvNmUOW.exe
  C:\Windows\System\BvNmUOW.exe
  2⤵
  PID:5904
- C:\Windows\System\bWLcAoh.exe
  C:\Windows\System\bWLcAoh.exe
  2⤵
  PID:5928
- C:\Windows\System\EHAdqrE.exe
  C:\Windows\System\EHAdqrE.exe
  2⤵
  PID:5948
- C:\Windows\System\MBFFjBo.exe
  C:\Windows\System\MBFFjBo.exe
  2⤵
  PID:5992
- C:\Windows\System\eMHWMoJ.exe
  C:\Windows\System\eMHWMoJ.exe
  2⤵
  PID:6044
- C:\Windows\System\WOccgrQ.exe
  C:\Windows\System\WOccgrQ.exe
  2⤵
  PID:6088
- C:\Windows\System\HGUbQIa.exe
  C:\Windows\System\HGUbQIa.exe
  2⤵
  PID:6128
- C:\Windows\System\hnVzxAt.exe
  C:\Windows\System\hnVzxAt.exe
  2⤵
  PID:6132
- C:\Windows\System\RhkWWUg.exe
  C:\Windows\System\RhkWWUg.exe
  2⤵
  PID:4840
- C:\Windows\System\RLDopti.exe
  C:\Windows\System\RLDopti.exe
  2⤵
  PID:4860
- C:\Windows\System\nmtrKQi.exe
  C:\Windows\System\nmtrKQi.exe
  2⤵
  PID:5064
- C:\Windows\System\QxSaLZX.exe
  C:\Windows\System\QxSaLZX.exe
  2⤵
  PID:3392
- C:\Windows\System\MuVHBau.exe
  C:\Windows\System\MuVHBau.exe
  2⤵
  PID:4504
- C:\Windows\System\yoFAQZv.exe
  C:\Windows\System\yoFAQZv.exe
  2⤵
  PID:4664
- C:\Windows\System\pKMXQuw.exe
  C:\Windows\System\pKMXQuw.exe
  2⤵
  PID:5152
- C:\Windows\System\ZcJWFKt.exe
  C:\Windows\System\ZcJWFKt.exe
  2⤵
  PID:5204
- C:\Windows\System\upgaXUt.exe
  C:\Windows\System\upgaXUt.exe
  2⤵
  PID:5248
- C:\Windows\System\xJiVrKk.exe
  C:\Windows\System\xJiVrKk.exe
  2⤵
  PID:5312
- C:\Windows\System\CQqkOFD.exe
  C:\Windows\System\CQqkOFD.exe
  2⤵
  PID:5412
- C:\Windows\System\txIOoTO.exe
  C:\Windows\System\txIOoTO.exe
  2⤵
  PID:5448
- C:\Windows\System\Joviqfn.exe
  C:\Windows\System\Joviqfn.exe
  2⤵
  PID:5492
- C:\Windows\System\dVOERPC.exe
  C:\Windows\System\dVOERPC.exe
  2⤵
  PID:5528
- C:\Windows\System\zyRCHXJ.exe
  C:\Windows\System\zyRCHXJ.exe
  2⤵
  PID:5552
- C:\Windows\System\dBdqmja.exe
  C:\Windows\System\dBdqmja.exe
  2⤵
  PID:5628
- C:\Windows\System\NVyIsYY.exe
  C:\Windows\System\NVyIsYY.exe
  2⤵
  PID:5708
- C:\Windows\System\rMbGMww.exe
  C:\Windows\System\rMbGMww.exe
  2⤵
  PID:5784
- C:\Windows\System\YCcVFBM.exe
  C:\Windows\System\YCcVFBM.exe
  2⤵
  PID:5792
- C:\Windows\System\EYtWnjR.exe
  C:\Windows\System\EYtWnjR.exe
  2⤵
  PID:5888
- C:\Windows\System\gwHxdhZ.exe
  C:\Windows\System\gwHxdhZ.exe
  2⤵
  PID:5908
- C:\Windows\System\BKdSgXm.exe
  C:\Windows\System\BKdSgXm.exe
  2⤵
  PID:6008
- C:\Windows\System\aXaGGpW.exe
  C:\Windows\System\aXaGGpW.exe
  2⤵
  PID:6064
- C:\Windows\System\NKTxtmH.exe
  C:\Windows\System\NKTxtmH.exe
  2⤵
  PID:6116
- C:\Windows\System\QDCoxoe.exe
  C:\Windows\System\QDCoxoe.exe
  2⤵
  PID:4748
- C:\Windows\System\VSTyYba.exe
  C:\Windows\System\VSTyYba.exe
  2⤵
  PID:5080
- C:\Windows\System\IofHUAD.exe
  C:\Windows\System\IofHUAD.exe
  2⤵
  PID:4120
- C:\Windows\System\lYImWzW.exe
  C:\Windows\System\lYImWzW.exe
  2⤵
  PID:4680
- C:\Windows\System\jUkNTee.exe
  C:\Windows\System\jUkNTee.exe
  2⤵
  PID:5228
- C:\Windows\System\dxYKKSs.exe
  C:\Windows\System\dxYKKSs.exe
  2⤵
  PID:5268
- C:\Windows\System\dQplXom.exe
  C:\Windows\System\dQplXom.exe
  2⤵
  PID:5372
- C:\Windows\System\wGZXCxq.exe
  C:\Windows\System\wGZXCxq.exe
  2⤵
  PID:5404
- C:\Windows\System\uFONgOG.exe
  C:\Windows\System\uFONgOG.exe
  2⤵
  PID:5544
- C:\Windows\System\iqNqmfs.exe
  C:\Windows\System\iqNqmfs.exe
  2⤵
  PID:6152
- C:\Windows\System\MkzqkiR.exe
  C:\Windows\System\MkzqkiR.exe
  2⤵
  PID:6172
- C:\Windows\System\nwIKKrD.exe
  C:\Windows\System\nwIKKrD.exe
  2⤵
  PID:6192
- C:\Windows\System\PXXFqtT.exe
  C:\Windows\System\PXXFqtT.exe
  2⤵
  PID:6212
- C:\Windows\System\zQjAkeu.exe
  C:\Windows\System\zQjAkeu.exe
  2⤵
  PID:6232
- C:\Windows\System\WqLsTLA.exe
  C:\Windows\System\WqLsTLA.exe
  2⤵
  PID:6252
- C:\Windows\System\cEOVqdE.exe
  C:\Windows\System\cEOVqdE.exe
  2⤵
  PID:6272
- C:\Windows\System\fRZpugy.exe
  C:\Windows\System\fRZpugy.exe
  2⤵
  PID:6292
- C:\Windows\System\metzFpt.exe
  C:\Windows\System\metzFpt.exe
  2⤵
  PID:6312
- C:\Windows\System\kyLAlZq.exe
  C:\Windows\System\kyLAlZq.exe
  2⤵
  PID:6332
- C:\Windows\System\BtYykEa.exe
  C:\Windows\System\BtYykEa.exe
  2⤵
  PID:6352
- C:\Windows\System\CvWOXbX.exe
  C:\Windows\System\CvWOXbX.exe
  2⤵
  PID:6372
- C:\Windows\System\qsZtPED.exe
  C:\Windows\System\qsZtPED.exe
  2⤵
  PID:6392
- C:\Windows\System\xRKwyKj.exe
  C:\Windows\System\xRKwyKj.exe
  2⤵
  PID:6412
- C:\Windows\System\ovryGmq.exe
  C:\Windows\System\ovryGmq.exe
  2⤵
  PID:6432
- C:\Windows\System\CFJjqIN.exe
  C:\Windows\System\CFJjqIN.exe
  2⤵
  PID:6452
- C:\Windows\System\qduVwLD.exe
  C:\Windows\System\qduVwLD.exe
  2⤵
  PID:6472
- C:\Windows\System\WTQknkz.exe
  C:\Windows\System\WTQknkz.exe
  2⤵
  PID:6492
- C:\Windows\System\LqBXMWz.exe
  C:\Windows\System\LqBXMWz.exe
  2⤵
  PID:6512
- C:\Windows\System\hlXSHeB.exe
  C:\Windows\System\hlXSHeB.exe
  2⤵
  PID:6532
- C:\Windows\System\TvGXIrR.exe
  C:\Windows\System\TvGXIrR.exe
  2⤵
  PID:6556
- C:\Windows\System\jNkPQGS.exe
  C:\Windows\System\jNkPQGS.exe
  2⤵
  PID:6576
- C:\Windows\System\XusxEjT.exe
  C:\Windows\System\XusxEjT.exe
  2⤵
  PID:6596
- C:\Windows\System\TKBqJRv.exe
  C:\Windows\System\TKBqJRv.exe
  2⤵
  PID:6616
- C:\Windows\System\MPIrftN.exe
  C:\Windows\System\MPIrftN.exe
  2⤵
  PID:6636
- C:\Windows\System\AQjQMoi.exe
  C:\Windows\System\AQjQMoi.exe
  2⤵
  PID:6656
- C:\Windows\System\EaCjhRy.exe
  C:\Windows\System\EaCjhRy.exe
  2⤵
  PID:6676
- C:\Windows\System\eWnKcPM.exe
  C:\Windows\System\eWnKcPM.exe
  2⤵
  PID:6696
- C:\Windows\System\PZBapTP.exe
  C:\Windows\System\PZBapTP.exe
  2⤵
  PID:6716
- C:\Windows\System\phTIrjp.exe
  C:\Windows\System\phTIrjp.exe
  2⤵
  PID:6736
- C:\Windows\System\AQdNeyy.exe
  C:\Windows\System\AQdNeyy.exe
  2⤵
  PID:6756
- C:\Windows\System\myFLsPY.exe
  C:\Windows\System\myFLsPY.exe
  2⤵
  PID:6776
- C:\Windows\System\FYbvKoP.exe
  C:\Windows\System\FYbvKoP.exe
  2⤵
  PID:6796
- C:\Windows\System\xYveRAW.exe
  C:\Windows\System\xYveRAW.exe
  2⤵
  PID:6816
- C:\Windows\System\ufznmJp.exe
  C:\Windows\System\ufznmJp.exe
  2⤵
  PID:6836
- C:\Windows\System\NcHIlwM.exe
  C:\Windows\System\NcHIlwM.exe
  2⤵
  PID:6856
- C:\Windows\System\OoNhkHf.exe
  C:\Windows\System\OoNhkHf.exe
  2⤵
  PID:6876
- C:\Windows\System\fOgalhh.exe
  C:\Windows\System\fOgalhh.exe
  2⤵
  PID:6896
- C:\Windows\System\OFzLwpm.exe
  C:\Windows\System\OFzLwpm.exe
  2⤵
  PID:6916
- C:\Windows\System\IqFRaRy.exe
  C:\Windows\System\IqFRaRy.exe
  2⤵
  PID:6936
- C:\Windows\System\nraPZJi.exe
  C:\Windows\System\nraPZJi.exe
  2⤵
  PID:6956
- C:\Windows\System\LMzMrWP.exe
  C:\Windows\System\LMzMrWP.exe
  2⤵
  PID:6976
- C:\Windows\System\guyETOT.exe
  C:\Windows\System\guyETOT.exe
  2⤵
  PID:6996
- C:\Windows\System\Jepworm.exe
  C:\Windows\System\Jepworm.exe
  2⤵
  PID:7016
- C:\Windows\System\DRGnZsY.exe
  C:\Windows\System\DRGnZsY.exe
  2⤵
  PID:7036
- C:\Windows\System\BCmoUbN.exe
  C:\Windows\System\BCmoUbN.exe
  2⤵
  PID:7056
- C:\Windows\System\WkdCULb.exe
  C:\Windows\System\WkdCULb.exe
  2⤵
  PID:7076
- C:\Windows\System\oorPXlf.exe
  C:\Windows\System\oorPXlf.exe
  2⤵
  PID:7096
- C:\Windows\System\LFCkzJV.exe
  C:\Windows\System\LFCkzJV.exe
  2⤵
  PID:7116
- C:\Windows\System\nkqafma.exe
  C:\Windows\System\nkqafma.exe
  2⤵
  PID:7136
- C:\Windows\System\HrwcdjP.exe
  C:\Windows\System\HrwcdjP.exe
  2⤵
  PID:7156
- C:\Windows\System\ASGfabb.exe
  C:\Windows\System\ASGfabb.exe
  2⤵
  PID:5684
- C:\Windows\System\NdkLaSH.exe
  C:\Windows\System\NdkLaSH.exe
  2⤵
  PID:5824
- C:\Windows\System\hBNfTih.exe
  C:\Windows\System\hBNfTih.exe
  2⤵
  PID:5912
- C:\Windows\System\OhXpCsc.exe
  C:\Windows\System\OhXpCsc.exe
  2⤵
  PID:5972
- C:\Windows\System\nEaAQaZ.exe
  C:\Windows\System\nEaAQaZ.exe
  2⤵
  PID:6024
- C:\Windows\System\GcUYXOb.exe
  C:\Windows\System\GcUYXOb.exe
  2⤵
  PID:6092
- C:\Windows\System\ExwBdCa.exe
  C:\Windows\System\ExwBdCa.exe
  2⤵
  PID:4984
- C:\Windows\System\pqpLpJw.exe
  C:\Windows\System\pqpLpJw.exe
  2⤵
  PID:4416
- C:\Windows\System\RVVPROv.exe
  C:\Windows\System\RVVPROv.exe
  2⤵
  PID:5292
- C:\Windows\System\mLyNYqK.exe
  C:\Windows\System\mLyNYqK.exe
  2⤵
  PID:5332
- C:\Windows\System\xOOzEjA.exe
  C:\Windows\System\xOOzEjA.exe
  2⤵
  PID:5548
- C:\Windows\System\hjMwjQw.exe
  C:\Windows\System\hjMwjQw.exe
  2⤵
  PID:5624
- C:\Windows\System\dqCkOqV.exe
  C:\Windows\System\dqCkOqV.exe
  2⤵
  PID:6188
- C:\Windows\System\krIgpnY.exe
  C:\Windows\System\krIgpnY.exe
  2⤵
  PID:6228
- C:\Windows\System\igijomf.exe
  C:\Windows\System\igijomf.exe
  2⤵
  PID:6280
- C:\Windows\System\LCXgMCw.exe
  C:\Windows\System\LCXgMCw.exe
  2⤵
  PID:6300
- C:\Windows\System\QaBWbtO.exe
  C:\Windows\System\QaBWbtO.exe
  2⤵
  PID:6324
- C:\Windows\System\OIfEMJG.exe
  C:\Windows\System\OIfEMJG.exe
  2⤵
  PID:6368
- C:\Windows\System\snfedsG.exe
  C:\Windows\System\snfedsG.exe
  2⤵
  PID:6384
- C:\Windows\System\ffMaLbP.exe
  C:\Windows\System\ffMaLbP.exe
  2⤵
  PID:6428
- C:\Windows\System\udnpqkd.exe
  C:\Windows\System\udnpqkd.exe
  2⤵
  PID:6464
- C:\Windows\System\gmBhcyw.exe
  C:\Windows\System\gmBhcyw.exe
  2⤵
  PID:6520
- C:\Windows\System\gfHWZLu.exe
  C:\Windows\System\gfHWZLu.exe
  2⤵
  PID:6540
- C:\Windows\System\QHuZYOk.exe
  C:\Windows\System\QHuZYOk.exe
  2⤵
  PID:6568
- C:\Windows\System\TZJmvAt.exe
  C:\Windows\System\TZJmvAt.exe
  2⤵
  PID:6612
- C:\Windows\System\tGbSVkm.exe
  C:\Windows\System\tGbSVkm.exe
  2⤵
  PID:6652
- C:\Windows\System\tsxUNiG.exe
  C:\Windows\System\tsxUNiG.exe
  2⤵
  PID:6692
- C:\Windows\System\QOmGzTX.exe
  C:\Windows\System\QOmGzTX.exe
  2⤵
  PID:6724
- C:\Windows\System\znVFBir.exe
  C:\Windows\System\znVFBir.exe
  2⤵
  PID:6728
- C:\Windows\System\fZWICIX.exe
  C:\Windows\System\fZWICIX.exe
  2⤵
  PID:6772
- C:\Windows\System\tLjijFA.exe
  C:\Windows\System\tLjijFA.exe
  2⤵
  PID:6788
- C:\Windows\System\nRGPJbp.exe
  C:\Windows\System\nRGPJbp.exe
  2⤵
  PID:6852
- C:\Windows\System\BdhIxXn.exe
  C:\Windows\System\BdhIxXn.exe
  2⤵
  PID:6872
- C:\Windows\System\XmbfKzu.exe
  C:\Windows\System\XmbfKzu.exe
  2⤵
  PID:6904
- C:\Windows\System\xArMdFm.exe
  C:\Windows\System\xArMdFm.exe
  2⤵
  PID:6928
- C:\Windows\System\FfYdrJS.exe
  C:\Windows\System\FfYdrJS.exe
  2⤵
  PID:6948
- C:\Windows\System\jVertek.exe
  C:\Windows\System\jVertek.exe
  2⤵
  PID:7012
- C:\Windows\System\JHhSnnX.exe
  C:\Windows\System\JHhSnnX.exe
  2⤵
  PID:7032
- C:\Windows\System\CtfpRfl.exe
  C:\Windows\System\CtfpRfl.exe
  2⤵
  PID:7092
- C:\Windows\System\vpkkkRl.exe
  C:\Windows\System\vpkkkRl.exe
  2⤵
  PID:7112
- C:\Windows\System\hqCGBTw.exe
  C:\Windows\System\hqCGBTw.exe
  2⤵
  PID:7144
- C:\Windows\System\AlEStiH.exe
  C:\Windows\System\AlEStiH.exe
  2⤵
  PID:7148
- C:\Windows\System\HDvQfLD.exe
  C:\Windows\System\HDvQfLD.exe
  2⤵
  PID:5808
- C:\Windows\System\fubZnbA.exe
  C:\Windows\System\fubZnbA.exe
  2⤵
  PID:6004
- C:\Windows\System\fMkxmFT.exe
  C:\Windows\System\fMkxmFT.exe
  2⤵
  PID:1980
- C:\Windows\System\IbMrIMW.exe
  C:\Windows\System\IbMrIMW.exe
  2⤵
  PID:5148
- C:\Windows\System\jzonWna.exe
  C:\Windows\System\jzonWna.exe
  2⤵
  PID:5512
- C:\Windows\System\YkAifwe.exe
  C:\Windows\System\YkAifwe.exe
  2⤵
  PID:5424
- C:\Windows\System\edFZzzk.exe
  C:\Windows\System\edFZzzk.exe
  2⤵
  PID:6248
- C:\Windows\System\kZbwHQk.exe
  C:\Windows\System\kZbwHQk.exe
  2⤵
  PID:6220
- C:\Windows\System\VJNcooI.exe
  C:\Windows\System\VJNcooI.exe
  2⤵
  PID:6284
- C:\Windows\System\tmjUqzf.exe
  C:\Windows\System\tmjUqzf.exe
  2⤵
  PID:6400
- C:\Windows\System\GoJGwtH.exe
  C:\Windows\System\GoJGwtH.exe
  2⤵
  PID:6420
- C:\Windows\System\VdqMIZS.exe
  C:\Windows\System\VdqMIZS.exe
  2⤵
  PID:6440
- C:\Windows\System\lVymPQf.exe
  C:\Windows\System\lVymPQf.exe
  2⤵
  PID:6500
- C:\Windows\System\zVgzgGa.exe
  C:\Windows\System\zVgzgGa.exe
  2⤵
  PID:6572
- C:\Windows\System\EbeiXgj.exe
  C:\Windows\System\EbeiXgj.exe
  2⤵
  PID:6624
- C:\Windows\System\idNBwnK.exe
  C:\Windows\System\idNBwnK.exe
  2⤵
  PID:6704
- C:\Windows\System\uErSqkz.exe
  C:\Windows\System\uErSqkz.exe
  2⤵
  PID:6804
- C:\Windows\System\EXsldhM.exe
  C:\Windows\System\EXsldhM.exe
  2⤵
  PID:6764
- C:\Windows\System\UjGsikt.exe
  C:\Windows\System\UjGsikt.exe
  2⤵
  PID:6864
- C:\Windows\System\SVwBDWh.exe
  C:\Windows\System\SVwBDWh.exe
  2⤵
  PID:6892
- C:\Windows\System\CTOUgVk.exe
  C:\Windows\System\CTOUgVk.exe
  2⤵
  PID:7004
- C:\Windows\System\AIztcIw.exe
  C:\Windows\System\AIztcIw.exe
  2⤵
  PID:7064
- C:\Windows\System\EaxJxKe.exe
  C:\Windows\System\EaxJxKe.exe
  2⤵
  PID:7068
- C:\Windows\System\vZsfECN.exe
  C:\Windows\System\vZsfECN.exe
  2⤵
  PID:5688
- C:\Windows\System\rtloEDi.exe
  C:\Windows\System\rtloEDi.exe
  2⤵
  PID:7152
- C:\Windows\System\kIUmupZ.exe
  C:\Windows\System\kIUmupZ.exe
  2⤵
  PID:5864
- C:\Windows\System\XydHmKY.exe
  C:\Windows\System\XydHmKY.exe
  2⤵
  PID:4132
- C:\Windows\System\GttHXGG.exe
  C:\Windows\System\GttHXGG.exe
  2⤵
  PID:5264
- C:\Windows\System\cXwFqLF.exe
  C:\Windows\System\cXwFqLF.exe
  2⤵
  PID:6168
- C:\Windows\System\AzXBorN.exe
  C:\Windows\System\AzXBorN.exe
  2⤵
  PID:6344
- C:\Windows\System\GJHkwaz.exe
  C:\Windows\System\GJHkwaz.exe
  2⤵
  PID:6320
- C:\Windows\System\BlzKunA.exe
  C:\Windows\System\BlzKunA.exe
  2⤵
  PID:6468
- C:\Windows\System\QHMeund.exe
  C:\Windows\System\QHMeund.exe
  2⤵
  PID:6648
- C:\Windows\System\vpRLjyG.exe
  C:\Windows\System\vpRLjyG.exe
  2⤵
  PID:6784
- C:\Windows\System\pRzCXxt.exe
  C:\Windows\System\pRzCXxt.exe
  2⤵
  PID:6844
- C:\Windows\System\pxXNCsS.exe
  C:\Windows\System\pxXNCsS.exe
  2⤵
  PID:6912
- C:\Windows\System\ZxMEzQV.exe
  C:\Windows\System\ZxMEzQV.exe
  2⤵
  PID:6952
- C:\Windows\System\mqJljnX.exe
  C:\Windows\System\mqJljnX.exe
  2⤵
  PID:7184
- C:\Windows\System\wgDzVaf.exe
  C:\Windows\System\wgDzVaf.exe
  2⤵
  PID:7204
- C:\Windows\System\HNoOyED.exe
  C:\Windows\System\HNoOyED.exe
  2⤵
  PID:7224
- C:\Windows\System\dLsAwhX.exe
  C:\Windows\System\dLsAwhX.exe
  2⤵
  PID:7244
- C:\Windows\System\aulprpS.exe
  C:\Windows\System\aulprpS.exe
  2⤵
  PID:7264
- C:\Windows\System\dJHKSXp.exe
  C:\Windows\System\dJHKSXp.exe
  2⤵
  PID:7284
- C:\Windows\System\hopWXBA.exe
  C:\Windows\System\hopWXBA.exe
  2⤵
  PID:7304
- C:\Windows\System\cjVjtfq.exe
  C:\Windows\System\cjVjtfq.exe
  2⤵
  PID:7324
- C:\Windows\System\FflzlMQ.exe
  C:\Windows\System\FflzlMQ.exe
  2⤵
  PID:7344
- C:\Windows\System\kJhmxVJ.exe
  C:\Windows\System\kJhmxVJ.exe
  2⤵
  PID:7364
- C:\Windows\System\cgqYGij.exe
  C:\Windows\System\cgqYGij.exe
  2⤵
  PID:7384
- C:\Windows\System\sCFQtDL.exe
  C:\Windows\System\sCFQtDL.exe
  2⤵
  PID:7404
- C:\Windows\System\EpHfous.exe
  C:\Windows\System\EpHfous.exe
  2⤵
  PID:7424
- C:\Windows\System\OvfkCLl.exe
  C:\Windows\System\OvfkCLl.exe
  2⤵
  PID:7444
- C:\Windows\System\ARzvRtu.exe
  C:\Windows\System\ARzvRtu.exe
  2⤵
  PID:7464
- C:\Windows\System\qkNhBXQ.exe
  C:\Windows\System\qkNhBXQ.exe
  2⤵
  PID:7484
- C:\Windows\System\CimXSUh.exe
  C:\Windows\System\CimXSUh.exe
  2⤵
  PID:7500
- C:\Windows\System\IHACskI.exe
  C:\Windows\System\IHACskI.exe
  2⤵
  PID:7520
- C:\Windows\System\faPxLVT.exe
  C:\Windows\System\faPxLVT.exe
  2⤵
  PID:7540
- C:\Windows\System\zFidIQQ.exe
  C:\Windows\System\zFidIQQ.exe
  2⤵
  PID:7564
- C:\Windows\System\nZbnoxR.exe
  C:\Windows\System\nZbnoxR.exe
  2⤵
  PID:7584
- C:\Windows\System\kSOOZKx.exe
  C:\Windows\System\kSOOZKx.exe
  2⤵
  PID:7604
- C:\Windows\System\BpeEINA.exe
  C:\Windows\System\BpeEINA.exe
  2⤵
  PID:7624
- C:\Windows\System\VTmENls.exe
  C:\Windows\System\VTmENls.exe
  2⤵
  PID:7644
- C:\Windows\System\mHNhlJv.exe
  C:\Windows\System\mHNhlJv.exe
  2⤵
  PID:7664
- C:\Windows\System\QxieLAr.exe
  C:\Windows\System\QxieLAr.exe
  2⤵
  PID:7684
- C:\Windows\System\rOScvXL.exe
  C:\Windows\System\rOScvXL.exe
  2⤵
  PID:7704
- C:\Windows\System\kfOMDju.exe
  C:\Windows\System\kfOMDju.exe
  2⤵
  PID:7724
- C:\Windows\System\IdLGeGS.exe
  C:\Windows\System\IdLGeGS.exe
  2⤵
  PID:7744
- C:\Windows\System\qPFFXhi.exe
  C:\Windows\System\qPFFXhi.exe
  2⤵
  PID:7764
- C:\Windows\System\CJBNHds.exe
  C:\Windows\System\CJBNHds.exe
  2⤵
  PID:7784
- C:\Windows\System\rWiiCwG.exe
  C:\Windows\System\rWiiCwG.exe
  2⤵
  PID:7804
- C:\Windows\System\QUQpoZk.exe
  C:\Windows\System\QUQpoZk.exe
  2⤵
  PID:7824
- C:\Windows\System\OwXqtni.exe
  C:\Windows\System\OwXqtni.exe
  2⤵
  PID:7844
- C:\Windows\System\LGQlVkU.exe
  C:\Windows\System\LGQlVkU.exe
  2⤵
  PID:7864
- C:\Windows\System\dmJZbjy.exe
  C:\Windows\System\dmJZbjy.exe
  2⤵
  PID:7884
- C:\Windows\System\xUhMQkk.exe
  C:\Windows\System\xUhMQkk.exe
  2⤵
  PID:7904
- C:\Windows\System\WeuYFrt.exe
  C:\Windows\System\WeuYFrt.exe
  2⤵
  PID:7924
- C:\Windows\System\NYCRpKw.exe
  C:\Windows\System\NYCRpKw.exe
  2⤵
  PID:7944
- C:\Windows\System\QWvNSar.exe
  C:\Windows\System\QWvNSar.exe
  2⤵
  PID:7964
- C:\Windows\System\MCPFtzT.exe
  C:\Windows\System\MCPFtzT.exe
  2⤵
  PID:7984
- C:\Windows\System\vfYLMqK.exe
  C:\Windows\System\vfYLMqK.exe
  2⤵
  PID:8004
- C:\Windows\System\HmCULRs.exe
  C:\Windows\System\HmCULRs.exe
  2⤵
  PID:8024
- C:\Windows\System\fxdMVBP.exe
  C:\Windows\System\fxdMVBP.exe
  2⤵
  PID:8044
- C:\Windows\System\YCIMtyw.exe
  C:\Windows\System\YCIMtyw.exe
  2⤵
  PID:8064
- C:\Windows\System\ZjYenqk.exe
  C:\Windows\System\ZjYenqk.exe
  2⤵
  PID:8084
- C:\Windows\System\csTGoAT.exe
  C:\Windows\System\csTGoAT.exe
  2⤵
  PID:8104
- C:\Windows\System\njUQQPH.exe
  C:\Windows\System\njUQQPH.exe
  2⤵
  PID:8124
- C:\Windows\System\ophLISb.exe
  C:\Windows\System\ophLISb.exe
  2⤵
  PID:8144
- C:\Windows\System\ipcnYqg.exe
  C:\Windows\System\ipcnYqg.exe
  2⤵
  PID:8164
- C:\Windows\System\jNrzgOK.exe
  C:\Windows\System\jNrzgOK.exe
  2⤵
  PID:8184
- C:\Windows\System\Qsohnhl.exe
  C:\Windows\System\Qsohnhl.exe
  2⤵
  PID:6992
- C:\Windows\System\vAMJSZS.exe
  C:\Windows\System\vAMJSZS.exe
  2⤵
  PID:7128
- C:\Windows\System\RJaGfpv.exe
  C:\Windows\System\RJaGfpv.exe
  2⤵
  PID:5020
- C:\Windows\System\tEudtvo.exe
  C:\Windows\System\tEudtvo.exe
  2⤵
  PID:6200
- C:\Windows\System\dthvieM.exe
  C:\Windows\System\dthvieM.exe
  2⤵
  PID:6380
- C:\Windows\System\eGEeNSY.exe
  C:\Windows\System\eGEeNSY.exe
  2⤵
  PID:6444
- C:\Windows\System\mnQGpXd.exe
  C:\Windows\System\mnQGpXd.exe
  2⤵
  PID:6460
- C:\Windows\System\AYJcOgy.exe
  C:\Windows\System\AYJcOgy.exe
  2⤵
  PID:6752
- C:\Windows\System\KXCLOQX.exe
  C:\Windows\System\KXCLOQX.exe
  2⤵
  PID:6908
- C:\Windows\System\PoMDqKY.exe
  C:\Windows\System\PoMDqKY.exe
  2⤵
  PID:7196
- C:\Windows\System\OLboAzg.exe
  C:\Windows\System\OLboAzg.exe
  2⤵
  PID:7176
- C:\Windows\System\pHKdrVv.exe
  C:\Windows\System\pHKdrVv.exe
  2⤵
  PID:7280
- C:\Windows\System\NbroJkQ.exe
  C:\Windows\System\NbroJkQ.exe
  2⤵
  PID:7292
- C:\Windows\System\xFsqvfg.exe
  C:\Windows\System\xFsqvfg.exe
  2⤵
  PID:7316
- C:\Windows\System\XdhHcoy.exe
  C:\Windows\System\XdhHcoy.exe
  2⤵
  PID:7360
- C:\Windows\System\AffVvpz.exe
  C:\Windows\System\AffVvpz.exe
  2⤵
  PID:7400
- C:\Windows\System\JGIpUri.exe
  C:\Windows\System\JGIpUri.exe
  2⤵
  PID:7440
- C:\Windows\System\mWVBKRl.exe
  C:\Windows\System\mWVBKRl.exe
  2⤵
  PID:7452
- C:\Windows\System\mNuZVpA.exe
  C:\Windows\System\mNuZVpA.exe
  2⤵
  PID:7460
- C:\Windows\System\VpynoIj.exe
  C:\Windows\System\VpynoIj.exe
  2⤵
  PID:7512
- C:\Windows\System\KRRxXWm.exe
  C:\Windows\System\KRRxXWm.exe
  2⤵
  PID:7560
- C:\Windows\System\iOLorfD.exe
  C:\Windows\System\iOLorfD.exe
  2⤵
  PID:7580
- C:\Windows\System\AchdInL.exe
  C:\Windows\System\AchdInL.exe
  2⤵
  PID:7632
- C:\Windows\System\lrkseLb.exe
  C:\Windows\System\lrkseLb.exe
  2⤵
  PID:7640
- C:\Windows\System\eKQQTle.exe
  C:\Windows\System\eKQQTle.exe
  2⤵
  PID:7680
- C:\Windows\System\uhDhQJF.exe
  C:\Windows\System\uhDhQJF.exe
  2⤵
  PID:7712
- C:\Windows\System\FfQdUCo.exe
  C:\Windows\System\FfQdUCo.exe
  2⤵
  PID:7740
- C:\Windows\System\sXMtYLX.exe
  C:\Windows\System\sXMtYLX.exe
  2⤵
  PID:7780
- C:\Windows\System\biMGfpg.exe
  C:\Windows\System\biMGfpg.exe
  2⤵
  PID:7812
- C:\Windows\System\gpfKtKe.exe
  C:\Windows\System\gpfKtKe.exe
  2⤵
  PID:7840
- C:\Windows\System\inLnoKz.exe
  C:\Windows\System\inLnoKz.exe
  2⤵
  PID:7856
- C:\Windows\System\ROZBnZJ.exe
  C:\Windows\System\ROZBnZJ.exe
  2⤵
  PID:7896
- C:\Windows\System\baGBLsk.exe
  C:\Windows\System\baGBLsk.exe
  2⤵
  PID:7952
- C:\Windows\System\fnzPlko.exe
  C:\Windows\System\fnzPlko.exe
  2⤵
  PID:8000
- C:\Windows\System\qHIrUsO.exe
  C:\Windows\System\qHIrUsO.exe
  2⤵
  PID:8012
- C:\Windows\System\AOTeuMm.exe
  C:\Windows\System\AOTeuMm.exe
  2⤵
  PID:8036
- C:\Windows\System\VtyscdT.exe
  C:\Windows\System\VtyscdT.exe
  2⤵
  PID:8080
- C:\Windows\System\rQvGOqn.exe
  C:\Windows\System\rQvGOqn.exe
  2⤵
  PID:8152
- C:\Windows\System\Ofmxaxo.exe
  C:\Windows\System\Ofmxaxo.exe
  2⤵
  PID:8132
- C:\Windows\System\fHFjxmU.exe
  C:\Windows\System\fHFjxmU.exe
  2⤵
  PID:8180
- C:\Windows\System\AyeUNoA.exe
  C:\Windows\System\AyeUNoA.exe
  2⤵
  PID:5844
- C:\Windows\System\nwRtJwE.exe
  C:\Windows\System\nwRtJwE.exe
  2⤵
  PID:5648
- C:\Windows\System\CGgrewK.exe
  C:\Windows\System\CGgrewK.exe
  2⤵
  PID:5488
- C:\Windows\System\YaaoniL.exe
  C:\Windows\System\YaaoniL.exe
  2⤵
  PID:6528
- C:\Windows\System\IKHmSYH.exe
  C:\Windows\System\IKHmSYH.exe
  2⤵
  PID:6732
- C:\Windows\System\cCNMvOw.exe
  C:\Windows\System\cCNMvOw.exe
  2⤵
  PID:7180
- C:\Windows\System\IPVioDP.exe
  C:\Windows\System\IPVioDP.exe
  2⤵
  PID:7220
- C:\Windows\System\LnqzKCw.exe
  C:\Windows\System\LnqzKCw.exe
  2⤵
  PID:7272
- C:\Windows\System\QqFrgEq.exe
  C:\Windows\System\QqFrgEq.exe
  2⤵
  PID:7336
- C:\Windows\System\mqtIZjl.exe
  C:\Windows\System\mqtIZjl.exe
  2⤵
  PID:3060
- C:\Windows\System\gRiVaEu.exe
  C:\Windows\System\gRiVaEu.exe
  2⤵
  PID:7436
- C:\Windows\System\dfPCOHg.exe
  C:\Windows\System\dfPCOHg.exe
  2⤵
  PID:7552
- C:\Windows\System\RQHmQev.exe
  C:\Windows\System\RQHmQev.exe
  2⤵
  PID:7528
- C:\Windows\System\AzKOIQb.exe
  C:\Windows\System\AzKOIQb.exe
  2⤵
  PID:7600
- C:\Windows\System\MdqAxsg.exe
  C:\Windows\System\MdqAxsg.exe
  2⤵
  PID:7636
- C:\Windows\System\UQtkVty.exe
  C:\Windows\System\UQtkVty.exe
  2⤵
  PID:7692
- C:\Windows\System\GhzOZTG.exe
  C:\Windows\System\GhzOZTG.exe
  2⤵
  PID:7792
- C:\Windows\System\AeLuQmC.exe
  C:\Windows\System\AeLuQmC.exe
  2⤵
  PID:7816
- C:\Windows\System\rnXuIfC.exe
  C:\Windows\System\rnXuIfC.exe
  2⤵
  PID:7852
- C:\Windows\System\qqOCmrr.exe
  C:\Windows\System\qqOCmrr.exe
  2⤵
  PID:7932
- C:\Windows\System\ufIynAh.exe
  C:\Windows\System\ufIynAh.exe
  2⤵
  PID:7996
- C:\Windows\System\ITQDtcY.exe
  C:\Windows\System\ITQDtcY.exe
  2⤵
  PID:7992
- C:\Windows\System\QzLMtWk.exe
  C:\Windows\System\QzLMtWk.exe
  2⤵
  PID:8160
- C:\Windows\System\PWcywMQ.exe
  C:\Windows\System\PWcywMQ.exe
  2⤵
  PID:8116
- C:\Windows\System\YqzdbnG.exe
  C:\Windows\System\YqzdbnG.exe
  2⤵
  PID:6348
- C:\Windows\System\AVedArs.exe
  C:\Windows\System\AVedArs.exe
  2⤵
  PID:5164
- C:\Windows\System\zslwPDb.exe
  C:\Windows\System\zslwPDb.exe
  2⤵
  PID:6684
- C:\Windows\System\UmQKoEb.exe
  C:\Windows\System\UmQKoEb.exe
  2⤵
  PID:7172
- C:\Windows\System\wwdGtIz.exe
  C:\Windows\System\wwdGtIz.exe
  2⤵
  PID:7352
- C:\Windows\System\TAiSHSh.exe
  C:\Windows\System\TAiSHSh.exe
  2⤵
  PID:7260
- C:\Windows\System\SAyHaph.exe
  C:\Windows\System\SAyHaph.exe
  2⤵
  PID:7392
- C:\Windows\System\NYqAqHo.exe
  C:\Windows\System\NYqAqHo.exe
  2⤵
  PID:7480
- C:\Windows\System\AJXNyxk.exe
  C:\Windows\System\AJXNyxk.exe
  2⤵
  PID:7672
- C:\Windows\System\UAehwJq.exe
  C:\Windows\System\UAehwJq.exe
  2⤵
  PID:7620
- C:\Windows\System\MXpNXnA.exe
  C:\Windows\System\MXpNXnA.exe
  2⤵
  PID:7732
- C:\Windows\System\wnlWeeN.exe
  C:\Windows\System\wnlWeeN.exe
  2⤵
  PID:7860
- C:\Windows\System\PlZNOQa.exe
  C:\Windows\System\PlZNOQa.exe
  2⤵
  PID:7916
- C:\Windows\System\KSfDols.exe
  C:\Windows\System\KSfDols.exe
  2⤵
  PID:2848
- C:\Windows\System\xFffQDU.exe
  C:\Windows\System\xFffQDU.exe
  2⤵
  PID:8056
- C:\Windows\System\ftZqQpM.exe
  C:\Windows\System\ftZqQpM.exe
  2⤵
  PID:6988
- C:\Windows\System\kTBSWeC.exe
  C:\Windows\System\kTBSWeC.exe
  2⤵
  PID:8172
- C:\Windows\System\QHWLEsA.exe
  C:\Windows\System\QHWLEsA.exe
  2⤵
  PID:6268
- C:\Windows\System\cXaefRL.exe
  C:\Windows\System\cXaefRL.exe
  2⤵
  PID:3044
- C:\Windows\System\oBCzObU.exe
  C:\Windows\System\oBCzObU.exe
  2⤵
  PID:7420
- C:\Windows\System\BXEQNfG.exe
  C:\Windows\System\BXEQNfG.exe
  2⤵
  PID:8216
- C:\Windows\System\ygmeHvH.exe
  C:\Windows\System\ygmeHvH.exe
  2⤵
  PID:8236
- C:\Windows\System\DmEcoGg.exe
  C:\Windows\System\DmEcoGg.exe
  2⤵
  PID:8256
- C:\Windows\System\zngVuPn.exe
  C:\Windows\System\zngVuPn.exe
  2⤵
  PID:8276
- C:\Windows\System\DhkfaML.exe
  C:\Windows\System\DhkfaML.exe
  2⤵
  PID:8296
- C:\Windows\System\tSdpvdG.exe
  C:\Windows\System\tSdpvdG.exe
  2⤵
  PID:8316
- C:\Windows\System\yHqcQkj.exe
  C:\Windows\System\yHqcQkj.exe
  2⤵
  PID:8336
- C:\Windows\System\GcRIdKq.exe
  C:\Windows\System\GcRIdKq.exe
  2⤵
  PID:8356
- C:\Windows\System\mFdAwRx.exe
  C:\Windows\System\mFdAwRx.exe
  2⤵
  PID:8376
- C:\Windows\System\BrEkkMa.exe
  C:\Windows\System\BrEkkMa.exe
  2⤵
  PID:8396
- C:\Windows\System\fCLcqNA.exe
  C:\Windows\System\fCLcqNA.exe
  2⤵
  PID:8416
- C:\Windows\System\cTdizRS.exe
  C:\Windows\System\cTdizRS.exe
  2⤵
  PID:8436
- C:\Windows\System\XdRhENn.exe
  C:\Windows\System\XdRhENn.exe
  2⤵
  PID:8456
- C:\Windows\System\QiqQhxg.exe
  C:\Windows\System\QiqQhxg.exe
  2⤵
  PID:8476
- C:\Windows\System\lMIpRNg.exe
  C:\Windows\System\lMIpRNg.exe
  2⤵
  PID:8496
- C:\Windows\System\CRYvZQH.exe
  C:\Windows\System\CRYvZQH.exe
  2⤵
  PID:8516
- C:\Windows\System\WBhOvBf.exe
  C:\Windows\System\WBhOvBf.exe
  2⤵
  PID:8536
- C:\Windows\System\YjpetEV.exe
  C:\Windows\System\YjpetEV.exe
  2⤵
  PID:8556
- C:\Windows\System\qzyoKTD.exe
  C:\Windows\System\qzyoKTD.exe
  2⤵
  PID:8576
- C:\Windows\System\dVjseNs.exe
  C:\Windows\System\dVjseNs.exe
  2⤵
  PID:8596
- C:\Windows\System\OIivICs.exe
  C:\Windows\System\OIivICs.exe
  2⤵
  PID:8616
- C:\Windows\System\qoVKOwS.exe
  C:\Windows\System\qoVKOwS.exe
  2⤵
  PID:8636
- C:\Windows\System\vypWJhC.exe
  C:\Windows\System\vypWJhC.exe
  2⤵
  PID:8656
- C:\Windows\System\FCbuIgR.exe
  C:\Windows\System\FCbuIgR.exe
  2⤵
  PID:8672
- C:\Windows\System\Sjywsjn.exe
  C:\Windows\System\Sjywsjn.exe
  2⤵
  PID:8696
- C:\Windows\System\TjaDncX.exe
  C:\Windows\System\TjaDncX.exe
  2⤵
  PID:8716
- C:\Windows\System\OXDWVrN.exe
  C:\Windows\System\OXDWVrN.exe
  2⤵
  PID:8736
- C:\Windows\System\MeXTyrd.exe
  C:\Windows\System\MeXTyrd.exe
  2⤵
  PID:8756
- C:\Windows\System\vBGUipA.exe
  C:\Windows\System\vBGUipA.exe
  2⤵
  PID:8776
- C:\Windows\System\chbPwlb.exe
  C:\Windows\System\chbPwlb.exe
  2⤵
  PID:8796
- C:\Windows\System\uZPadAI.exe
  C:\Windows\System\uZPadAI.exe
  2⤵
  PID:8816
- C:\Windows\System\UkjCNQy.exe
  C:\Windows\System\UkjCNQy.exe
  2⤵
  PID:8836
- C:\Windows\System\iOoANBL.exe
  C:\Windows\System\iOoANBL.exe
  2⤵
  PID:8856
- C:\Windows\System\EOwTwCs.exe
  C:\Windows\System\EOwTwCs.exe
  2⤵
  PID:8876
- C:\Windows\System\dGsVnXX.exe
  C:\Windows\System\dGsVnXX.exe
  2⤵
  PID:8896
- C:\Windows\System\mqGGdot.exe
  C:\Windows\System\mqGGdot.exe
  2⤵
  PID:8916
- C:\Windows\System\RDUzCWm.exe
  C:\Windows\System\RDUzCWm.exe
  2⤵
  PID:8936
- C:\Windows\System\ejIpXQn.exe
  C:\Windows\System\ejIpXQn.exe
  2⤵
  PID:8956
- C:\Windows\System\eQZEwyx.exe
  C:\Windows\System\eQZEwyx.exe
  2⤵
  PID:8976
- C:\Windows\System\GWRWGOh.exe
  C:\Windows\System\GWRWGOh.exe
  2⤵
  PID:8996
- C:\Windows\System\BbmJFjE.exe
  C:\Windows\System\BbmJFjE.exe
  2⤵
  PID:9016
- C:\Windows\System\zNLUnjj.exe
  C:\Windows\System\zNLUnjj.exe
  2⤵
  PID:9040
- C:\Windows\System\IYiljvy.exe
  C:\Windows\System\IYiljvy.exe
  2⤵
  PID:9060
- C:\Windows\System\YLXirkd.exe
  C:\Windows\System\YLXirkd.exe
  2⤵
  PID:9076
- C:\Windows\System\carBkyO.exe
  C:\Windows\System\carBkyO.exe
  2⤵
  PID:9092
- C:\Windows\System\NOBfWPF.exe
  C:\Windows\System\NOBfWPF.exe
  2⤵
  PID:9108
- C:\Windows\System\PXWbPnm.exe
  C:\Windows\System\PXWbPnm.exe
  2⤵
  PID:9124
- C:\Windows\System\GbtfUGV.exe
  C:\Windows\System\GbtfUGV.exe
  2⤵
  PID:9140
- C:\Windows\System\zsfvrYm.exe
  C:\Windows\System\zsfvrYm.exe
  2⤵
  PID:9156
- C:\Windows\System\LgwqCCg.exe
  C:\Windows\System\LgwqCCg.exe
  2⤵
  PID:9172
- C:\Windows\System\EzQfZbf.exe
  C:\Windows\System\EzQfZbf.exe
  2⤵
  PID:9188
- C:\Windows\System\vIMCAhb.exe
  C:\Windows\System\vIMCAhb.exe
  2⤵
  PID:9204
- C:\Windows\System\wKtSUnL.exe
  C:\Windows\System\wKtSUnL.exe
  2⤵
  PID:7496
- C:\Windows\System\ZQVkNvI.exe
  C:\Windows\System\ZQVkNvI.exe
  2⤵
  PID:7536
- C:\Windows\System\sPqLeiE.exe
  C:\Windows\System\sPqLeiE.exe
  2⤵
  PID:7592
- C:\Windows\System\CSwlSdS.exe
  C:\Windows\System\CSwlSdS.exe
  2⤵
  PID:7880
- C:\Windows\System\ZQRcyCd.exe
  C:\Windows\System\ZQRcyCd.exe
  2⤵
  PID:8016
- C:\Windows\System\uPqXHvl.exe
  C:\Windows\System\uPqXHvl.exe
  2⤵
  PID:7980
- C:\Windows\System\brhnBqb.exe
  C:\Windows\System\brhnBqb.exe
  2⤵
  PID:5208
- C:\Windows\System\KzQxQDg.exe
  C:\Windows\System\KzQxQDg.exe
  2⤵
  PID:6180
- C:\Windows\System\WzRrwtR.exe
  C:\Windows\System\WzRrwtR.exe
  2⤵
  PID:8200
- C:\Windows\System\zQNialg.exe
  C:\Windows\System\zQNialg.exe
  2⤵
  PID:8244
- C:\Windows\System\zhBhgsf.exe
  C:\Windows\System\zhBhgsf.exe
  2⤵
  PID:8232
- C:\Windows\System\LXqXdPT.exe
  C:\Windows\System\LXqXdPT.exe
  2⤵
  PID:8324
- C:\Windows\System\Vmwymrz.exe
  C:\Windows\System\Vmwymrz.exe
  2⤵
  PID:8412
- C:\Windows\System\BIhTLnC.exe
  C:\Windows\System\BIhTLnC.exe
  2⤵
  PID:2564
- C:\Windows\System\hywqthq.exe
  C:\Windows\System\hywqthq.exe
  2⤵
  PID:8464
- C:\Windows\System\ugmcAlE.exe
  C:\Windows\System\ugmcAlE.exe
  2⤵
  PID:2748
- C:\Windows\System\AzoeKHf.exe
  C:\Windows\System\AzoeKHf.exe
  2⤵
  PID:8532
- C:\Windows\System\VflbJhf.exe
  C:\Windows\System\VflbJhf.exe
  2⤵
  PID:8572
- C:\Windows\System\URHdjEB.exe
  C:\Windows\System\URHdjEB.exe
  2⤵
  PID:8548
- C:\Windows\System\ILruzGD.exe
  C:\Windows\System\ILruzGD.exe
  2⤵
  PID:8592
- C:\Windows\System\moQdQrF.exe
  C:\Windows\System\moQdQrF.exe
  2⤵
  PID:8644
- C:\Windows\System\VIxiBLM.exe
  C:\Windows\System\VIxiBLM.exe
  2⤵
  PID:8652
- C:\Windows\System\TQOBgMv.exe
  C:\Windows\System\TQOBgMv.exe
  2⤵
  PID:8664
- C:\Windows\System\cpHJVLs.exe
  C:\Windows\System\cpHJVLs.exe
  2⤵
  PID:2644
- C:\Windows\System\CqNglDL.exe
  C:\Windows\System\CqNglDL.exe
  2⤵
  PID:8732
- C:\Windows\System\qGDfNdD.exe
  C:\Windows\System\qGDfNdD.exe
  2⤵
  PID:8752
- C:\Windows\System\liHdaxR.exe
  C:\Windows\System\liHdaxR.exe
  2⤵
  PID:1756
- C:\Windows\System\bfqUmUt.exe
  C:\Windows\System\bfqUmUt.exe
  2⤵
  PID:8828
- C:\Windows\System\YRiSMOa.exe
  C:\Windows\System\YRiSMOa.exe
  2⤵
  PID:1496
- C:\Windows\System\cVGKkvB.exe
  C:\Windows\System\cVGKkvB.exe
  2⤵
  PID:8892
- C:\Windows\System\OmOynVI.exe
  C:\Windows\System\OmOynVI.exe
  2⤵
  PID:8912
- C:\Windows\System\LAaermB.exe
  C:\Windows\System\LAaermB.exe
  2⤵
  PID:9024
- C:\Windows\System\xYmCwoq.exe
  C:\Windows\System\xYmCwoq.exe
  2⤵
  PID:9056
- C:\Windows\System\CkEYvzA.exe
  C:\Windows\System\CkEYvzA.exe
  2⤵
  PID:3012
- C:\Windows\System\lisfvaq.exe
  C:\Windows\System\lisfvaq.exe
  2⤵
  PID:1928
- C:\Windows\System\IYMEazk.exe
  C:\Windows\System\IYMEazk.exe
  2⤵
  PID:9152
- C:\Windows\System\tAvQewM.exe
  C:\Windows\System\tAvQewM.exe
  2⤵
  PID:9136
- C:\Windows\System\ZSzBceX.exe
  C:\Windows\System\ZSzBceX.exe
  2⤵
  PID:2772
- C:\Windows\System\LDdSvZq.exe
  C:\Windows\System\LDdSvZq.exe
  2⤵
  PID:2312
- C:\Windows\System\SNGYVfC.exe
  C:\Windows\System\SNGYVfC.exe
  2⤵
  PID:9200
- C:\Windows\System\dGeMNWI.exe
  C:\Windows\System\dGeMNWI.exe
  2⤵
  PID:7508
- C:\Windows\System\LJUnLOc.exe
  C:\Windows\System\LJUnLOc.exe
  2⤵
  PID:7800
- C:\Windows\System\dpzJcWB.exe
  C:\Windows\System\dpzJcWB.exe
  2⤵
  PID:2920
- C:\Windows\System\qrQmIDm.exe
  C:\Windows\System\qrQmIDm.exe
  2⤵
  PID:7940
- C:\Windows\System\txsoiKA.exe
  C:\Windows\System\txsoiKA.exe
  2⤵
  PID:7236
- C:\Windows\System\yvjUhJc.exe
  C:\Windows\System\yvjUhJc.exe
  2⤵
  PID:2956
- C:\Windows\System\EueZPfZ.exe
  C:\Windows\System\EueZPfZ.exe
  2⤵
  PID:8224
- C:\Windows\System\GttyZaL.exe
  C:\Windows\System\GttyZaL.exe
  2⤵
  PID:1844
- C:\Windows\System\fICAEZV.exe
  C:\Windows\System\fICAEZV.exe
  2⤵
  PID:2588
- C:\Windows\System\EhzBQUo.exe
  C:\Windows\System\EhzBQUo.exe
  2⤵
  PID:2948
- C:\Windows\System\OCMTKQQ.exe
  C:\Windows\System\OCMTKQQ.exe
  2⤵
  PID:580
- C:\Windows\System\SRROKmt.exe
  C:\Windows\System\SRROKmt.exe
  2⤵
  PID:236
- C:\Windows\System\JxjeHtG.exe
  C:\Windows\System\JxjeHtG.exe
  2⤵
  PID:2524
- C:\Windows\System\UhSoCmQ.exe
  C:\Windows\System\UhSoCmQ.exe
  2⤵
  PID:8364
- C:\Windows\System\sTFheQa.exe
  C:\Windows\System\sTFheQa.exe
  2⤵
  PID:8344
- C:\Windows\System\jFBUxjr.exe
  C:\Windows\System\jFBUxjr.exe
  2⤵
  PID:8384
- C:\Windows\System\WlbAHOz.exe
  C:\Windows\System\WlbAHOz.exe
  2⤵
  PID:8444
- C:\Windows\System\TkzPybX.exe
  C:\Windows\System\TkzPybX.exe
  2⤵
  PID:8484
- C:\Windows\System\nASbNKm.exe
  C:\Windows\System\nASbNKm.exe
  2⤵
  PID:8488
- C:\Windows\System\mePkhFQ.exe
  C:\Windows\System\mePkhFQ.exe
  2⤵
  PID:8508
- C:\Windows\System\UovtAnm.exe
  C:\Windows\System\UovtAnm.exe
  2⤵
  PID:8504
- C:\Windows\System\nYdyTXF.exe
  C:\Windows\System\nYdyTXF.exe
  2⤵
  PID:8692
- C:\Windows\System\ldqzdmL.exe
  C:\Windows\System\ldqzdmL.exe
  2⤵
  PID:2812
- C:\Windows\System\ZJdFeZt.exe
  C:\Windows\System\ZJdFeZt.exe
  2⤵
  PID:8772
- C:\Windows\System\EOfeGxs.exe
  C:\Windows\System\EOfeGxs.exe
  2⤵
  PID:8984
- C:\Windows\System\sUGNlEr.exe
  C:\Windows\System\sUGNlEr.exe
  2⤵
  PID:2824
- C:\Windows\System\NUgyLcw.exe
  C:\Windows\System\NUgyLcw.exe
  2⤵
  PID:9072
- C:\Windows\System\EvrZavJ.exe
  C:\Windows\System\EvrZavJ.exe
  2⤵
  PID:9148
- C:\Windows\System\tHDUlSc.exe
  C:\Windows\System\tHDUlSc.exe
  2⤵
  PID:2600
- C:\Windows\System\mRxbfpN.exe
  C:\Windows\System\mRxbfpN.exe
  2⤵
  PID:9168
- C:\Windows\System\HTsjjpB.exe
  C:\Windows\System\HTsjjpB.exe
  2⤵
  PID:7596
- C:\Windows\System\vOKJbAJ.exe
  C:\Windows\System\vOKJbAJ.exe
  2⤵
  PID:8248
- C:\Windows\System\TiOTEJa.exe
  C:\Windows\System\TiOTEJa.exe
  2⤵
  PID:1824
- C:\Windows\System\jejDGhD.exe
  C:\Windows\System\jejDGhD.exe
  2⤵
  PID:1004
- C:\Windows\System\Gzmldiv.exe
  C:\Windows\System\Gzmldiv.exe
  2⤵
  PID:2292
- C:\Windows\System\MUTzyEp.exe
  C:\Windows\System\MUTzyEp.exe
  2⤵
  PID:8348
- C:\Windows\System\adfsmif.exe
  C:\Windows\System\adfsmif.exe
  2⤵
  PID:8264
- C:\Windows\System\XTcslkW.exe
  C:\Windows\System\XTcslkW.exe
  2⤵
  PID:8368
- C:\Windows\System\OVtdPpT.exe
  C:\Windows\System\OVtdPpT.exe
  2⤵
  PID:8492
- C:\Windows\System\uBLpuCI.exe
  C:\Windows\System\uBLpuCI.exe
  2⤵
  PID:8552
- C:\Windows\System\DfAUiaM.exe
  C:\Windows\System\DfAUiaM.exe
  2⤵
  PID:8648
- C:\Windows\System\XpnbSnl.exe
  C:\Windows\System\XpnbSnl.exe
  2⤵
  PID:8512
- C:\Windows\System\mXSHFQo.exe
  C:\Windows\System\mXSHFQo.exe
  2⤵
  PID:8824
- C:\Windows\System\Shcnque.exe
  C:\Windows\System\Shcnque.exe
  2⤵
  PID:8952
- C:\Windows\System\fPOGHZq.exe
  C:\Windows\System\fPOGHZq.exe
  2⤵
  PID:8968
- C:\Windows\System\MkLEXPd.exe
  C:\Windows\System\MkLEXPd.exe
  2⤵
  PID:8988
- C:\Windows\System\jIVxwgo.exe
  C:\Windows\System\jIVxwgo.exe
  2⤵
  PID:9008
- C:\Windows\System\FgkKvre.exe
  C:\Windows\System\FgkKvre.exe
  2⤵
  PID:764
- C:\Windows\System\IXdoIdS.exe
  C:\Windows\System\IXdoIdS.exe
  2⤵
  PID:9116
- C:\Windows\System\VCyrHor.exe
  C:\Windows\System\VCyrHor.exe
  2⤵
  PID:7912
- C:\Windows\System\yVvGOXP.exe
  C:\Windows\System\yVvGOXP.exe
  2⤵
  PID:2244
- C:\Windows\System\DgkdbVO.exe
  C:\Windows\System\DgkdbVO.exe
  2⤵
  PID:1944
- C:\Windows\System\YRRHdPW.exe
  C:\Windows\System\YRRHdPW.exe
  2⤵
  PID:8204
- C:\Windows\System\vlMWJaT.exe
  C:\Windows\System\vlMWJaT.exe
  2⤵
  PID:2804
- C:\Windows\System\lDqgywH.exe
  C:\Windows\System\lDqgywH.exe
  2⤵
  PID:8428
- C:\Windows\System\SXQWGZN.exe
  C:\Windows\System\SXQWGZN.exe
  2⤵
  PID:8744
- C:\Windows\System\mrKkNnC.exe
  C:\Windows\System\mrKkNnC.exe
  2⤵
  PID:2572
- C:\Windows\System\kJYkPFz.exe
  C:\Windows\System\kJYkPFz.exe
  2⤵
  PID:2336
- C:\Windows\System\kXphVBK.exe
  C:\Windows\System\kXphVBK.exe
  2⤵
  PID:2188
- C:\Windows\System\vEKRyWa.exe
  C:\Windows\System\vEKRyWa.exe
  2⤵
  PID:8724
- C:\Windows\System\FuCtfQh.exe
  C:\Windows\System\FuCtfQh.exe
  2⤵
  PID:8868
- C:\Windows\System\CwADyRm.exe
  C:\Windows\System\CwADyRm.exe
  2⤵
  PID:9212
- C:\Windows\System\nZghmfc.exe
  C:\Windows\System\nZghmfc.exe
  2⤵
  PID:8608
- C:\Windows\System\xAejkdP.exe
  C:\Windows\System\xAejkdP.exe
  2⤵
  PID:1644
- C:\Windows\System\uKzstgy.exe
  C:\Windows\System\uKzstgy.exe
  2⤵
  PID:9012
- C:\Windows\System\AlSZdhe.exe
  C:\Windows\System\AlSZdhe.exe
  2⤵
  PID:8948
- C:\Windows\System\amRuaXj.exe
  C:\Windows\System\amRuaXj.exe
  2⤵
  PID:8928
- C:\Windows\System\nWkORWg.exe
  C:\Windows\System\nWkORWg.exe
  2⤵
  PID:8156
- C:\Windows\System\sRRaFaI.exe
  C:\Windows\System\sRRaFaI.exe
  2⤵
  PID:2320
- C:\Windows\System\UryBbgy.exe
  C:\Windows\System\UryBbgy.exe
  2⤵
  PID:2880
- C:\Windows\System\TMsRYzY.exe
  C:\Windows\System\TMsRYzY.exe
  2⤵
  PID:9132
- C:\Windows\System\bMTYUKm.exe
  C:\Windows\System\bMTYUKm.exe
  2⤵
  PID:8872
- C:\Windows\System\wAgQQZx.exe
  C:\Windows\System\wAgQQZx.exe
  2⤵
  PID:9032
- C:\Windows\System\QLggxMe.exe
  C:\Windows\System\QLggxMe.exe
  2⤵
  PID:9220
- C:\Windows\System\sAWEkkv.exe
  C:\Windows\System\sAWEkkv.exe
  2⤵
  PID:9240
- C:\Windows\System\QyopkKb.exe
  C:\Windows\System\QyopkKb.exe
  2⤵
  PID:9260
- C:\Windows\System\zHyhkKZ.exe
  C:\Windows\System\zHyhkKZ.exe
  2⤵
  PID:9276
- C:\Windows\System\BcmQXaD.exe
  C:\Windows\System\BcmQXaD.exe
  2⤵
  PID:9292
- C:\Windows\System\XEtxeKc.exe
  C:\Windows\System\XEtxeKc.exe
  2⤵
  PID:9308
- C:\Windows\System\OEsDqdF.exe
  C:\Windows\System\OEsDqdF.exe
  2⤵
  PID:9328
- C:\Windows\System\EjSviyT.exe
  C:\Windows\System\EjSviyT.exe
  2⤵
  PID:9344
- C:\Windows\System\XXzAGpo.exe
  C:\Windows\System\XXzAGpo.exe
  2⤵
  PID:9364
- C:\Windows\System\tRfiXkm.exe
  C:\Windows\System\tRfiXkm.exe
  2⤵
  PID:9388
- C:\Windows\System\GMIFXUO.exe
  C:\Windows\System\GMIFXUO.exe
  2⤵
  PID:9404
- C:\Windows\System\aAFpQBd.exe
  C:\Windows\System\aAFpQBd.exe
  2⤵
  PID:9420
- C:\Windows\System\lRzNooA.exe
  C:\Windows\System\lRzNooA.exe
  2⤵
  PID:9440
- C:\Windows\System\aKhHWVp.exe
  C:\Windows\System\aKhHWVp.exe
  2⤵
  PID:9456
- C:\Windows\System\tvkODog.exe
  C:\Windows\System\tvkODog.exe
  2⤵
  PID:9476
- C:\Windows\System\jItPGcD.exe
  C:\Windows\System\jItPGcD.exe
  2⤵
  PID:9492
- C:\Windows\System\cSWoJjV.exe
  C:\Windows\System\cSWoJjV.exe
  2⤵
  PID:9508
- C:\Windows\System\aBAzUoE.exe
  C:\Windows\System\aBAzUoE.exe
  2⤵
  PID:9528
- C:\Windows\System\cDDksvZ.exe
  C:\Windows\System\cDDksvZ.exe
  2⤵
  PID:9592
- C:\Windows\System\SfTWMqa.exe
  C:\Windows\System\SfTWMqa.exe
  2⤵
  PID:9608
- C:\Windows\System\JnRPvoz.exe
  C:\Windows\System\JnRPvoz.exe
  2⤵
  PID:9628
- C:\Windows\System\jvKWCBJ.exe
  C:\Windows\System\jvKWCBJ.exe
  2⤵
  PID:9652
- C:\Windows\System\teufpLe.exe
  C:\Windows\System\teufpLe.exe
  2⤵
  PID:9676
- C:\Windows\System\MjnvYdy.exe
  C:\Windows\System\MjnvYdy.exe
  2⤵
  PID:9696
- C:\Windows\System\ExummAD.exe
  C:\Windows\System\ExummAD.exe
  2⤵
  PID:9716
- C:\Windows\System\YOdiIKC.exe
  C:\Windows\System\YOdiIKC.exe
  2⤵
  PID:9732
- C:\Windows\System\lIIrvpc.exe
  C:\Windows\System\lIIrvpc.exe
  2⤵
  PID:9756
- C:\Windows\System\UlvZdbs.exe
  C:\Windows\System\UlvZdbs.exe
  2⤵
  PID:9772
- C:\Windows\System\BYfczmt.exe
  C:\Windows\System\BYfczmt.exe
  2⤵
  PID:9796
- C:\Windows\System\baVuKWK.exe
  C:\Windows\System\baVuKWK.exe
  2⤵
  PID:9816
- C:\Windows\System\cyBXCul.exe
  C:\Windows\System\cyBXCul.exe
  2⤵
  PID:9836
- C:\Windows\System\aCwmNSY.exe
  C:\Windows\System\aCwmNSY.exe
  2⤵
  PID:9852
- C:\Windows\System\xXzEaHW.exe
  C:\Windows\System\xXzEaHW.exe
  2⤵
  PID:9868
- C:\Windows\System\ipTuLdr.exe
  C:\Windows\System\ipTuLdr.exe
  2⤵
  PID:9892
- C:\Windows\System\aKVsrWs.exe
  C:\Windows\System\aKVsrWs.exe
  2⤵
  PID:9916
- C:\Windows\System\RLKudgX.exe
  C:\Windows\System\RLKudgX.exe
  2⤵
  PID:9936
- C:\Windows\System\PqMamsn.exe
  C:\Windows\System\PqMamsn.exe
  2⤵
  PID:9956
- C:\Windows\System\hzdFBQT.exe
  C:\Windows\System\hzdFBQT.exe
  2⤵
  PID:9972
- C:\Windows\System\LPioUWQ.exe
  C:\Windows\System\LPioUWQ.exe
  2⤵
  PID:9992
- C:\Windows\System\pCADEbe.exe
  C:\Windows\System\pCADEbe.exe
  2⤵
  PID:10016
- C:\Windows\System\FDTpoxn.exe
  C:\Windows\System\FDTpoxn.exe
  2⤵
  PID:10036
- C:\Windows\System\tYhdusR.exe
  C:\Windows\System\tYhdusR.exe
  2⤵
  PID:10056
- C:\Windows\System\fDBhqDl.exe
  C:\Windows\System\fDBhqDl.exe
  2⤵
  PID:10076
- C:\Windows\System\ESqeRlt.exe
  C:\Windows\System\ESqeRlt.exe
  2⤵
  PID:10096
- C:\Windows\System\VYXxPhc.exe
  C:\Windows\System\VYXxPhc.exe
  2⤵
  PID:10116
- C:\Windows\System\brWqCMM.exe
  C:\Windows\System\brWqCMM.exe
  2⤵
  PID:10136
- C:\Windows\System\bfMssMi.exe
  C:\Windows\System\bfMssMi.exe
  2⤵
  PID:10152
- C:\Windows\System\uAymkug.exe
  C:\Windows\System\uAymkug.exe
  2⤵
  PID:10176
- C:\Windows\System\KjzFapt.exe
  C:\Windows\System\KjzFapt.exe
  2⤵
  PID:10196
- C:\Windows\System\Mlpxxeu.exe
  C:\Windows\System\Mlpxxeu.exe
  2⤵
  PID:10212
- C:\Windows\System\dcbCSWG.exe
  C:\Windows\System\dcbCSWG.exe
  2⤵
  PID:10228
- C:\Windows\System\bcrYnPJ.exe
  C:\Windows\System\bcrYnPJ.exe
  2⤵
  PID:9252
- C:\Windows\System\SBmoKwP.exe
  C:\Windows\System\SBmoKwP.exe
  2⤵
  PID:9316
- C:\Windows\System\zJGUqVR.exe
  C:\Windows\System\zJGUqVR.exe
  2⤵
  PID:9356
- C:\Windows\System\qsxkBCw.exe
  C:\Windows\System\qsxkBCw.exe
  2⤵
  PID:9428
- C:\Windows\System\GxsMqXC.exe
  C:\Windows\System\GxsMqXC.exe
  2⤵
  PID:9468
- C:\Windows\System\hmrInXc.exe
  C:\Windows\System\hmrInXc.exe
  2⤵
  PID:2892
- C:\Windows\System\EoFtXfx.exe
  C:\Windows\System\EoFtXfx.exe
  2⤵
  PID:9236
- C:\Windows\System\jzxpLKF.exe
  C:\Windows\System\jzxpLKF.exe
  2⤵
  PID:9340
- C:\Windows\System\txxxoxZ.exe
  C:\Windows\System\txxxoxZ.exe
  2⤵
  PID:9416
- C:\Windows\System\ReVZywB.exe
  C:\Windows\System\ReVZywB.exe
  2⤵
  PID:9536
- C:\Windows\System\VYelaQi.exe
  C:\Windows\System\VYelaQi.exe
  2⤵
  PID:9548
- C:\Windows\System\dQKbXdx.exe
  C:\Windows\System\dQKbXdx.exe
  2⤵
  PID:9568
- C:\Windows\System\UeLQMKI.exe
  C:\Windows\System\UeLQMKI.exe
  2⤵
  PID:9556
- C:\Windows\System\xeHHBmP.exe
  C:\Windows\System\xeHHBmP.exe
  2⤵
  PID:9616
- C:\Windows\System\WfayanO.exe
  C:\Windows\System\WfayanO.exe
  2⤵
  PID:9636
- C:\Windows\System\WuAgfHk.exe
  C:\Windows\System\WuAgfHk.exe
  2⤵
  PID:9660
- C:\Windows\System\xZOtDpc.exe
  C:\Windows\System\xZOtDpc.exe
  2⤵
  PID:9744
- C:\Windows\System\FtVXMbk.exe
  C:\Windows\System\FtVXMbk.exe
  2⤵
  PID:9792
- C:\Windows\System\JhxFPJM.exe
  C:\Windows\System\JhxFPJM.exe
  2⤵
  PID:9808
- C:\Windows\System\fTFFnGn.exe
  C:\Windows\System\fTFFnGn.exe
  2⤵
  PID:9844
- C:\Windows\System\VLOaPzF.exe
  C:\Windows\System\VLOaPzF.exe
  2⤵
  PID:9876
- C:\Windows\System\oGCftdS.exe
  C:\Windows\System\oGCftdS.exe
  2⤵
  PID:9912
- C:\Windows\System\wPqSfky.exe
  C:\Windows\System\wPqSfky.exe
  2⤵
  PID:9928
- C:\Windows\System\FduJmku.exe
  C:\Windows\System\FduJmku.exe
  2⤵
  PID:9968
- C:\Windows\System\haRTMVR.exe
  C:\Windows\System\haRTMVR.exe
  2⤵
  PID:10012
- C:\Windows\System\LeyUOmZ.exe
  C:\Windows\System\LeyUOmZ.exe
  2⤵
  PID:10044
- C:\Windows\System\yeHnkRd.exe
  C:\Windows\System\yeHnkRd.exe
  2⤵
  PID:10084
- C:\Windows\System\Gdlozpz.exe
  C:\Windows\System\Gdlozpz.exe
  2⤵
  PID:10104
- C:\Windows\System\ZVjOrkk.exe
  C:\Windows\System\ZVjOrkk.exe
  2⤵
  PID:10132
- C:\Windows\System\mcgoPMQ.exe
  C:\Windows\System\mcgoPMQ.exe
  2⤵
  PID:10220
- C:\Windows\System\VLbOcvc.exe
  C:\Windows\System\VLbOcvc.exe
  2⤵
  PID:9396
- C:\Windows\System\UWWPYnI.exe
  C:\Windows\System\UWWPYnI.exe
  2⤵
  PID:9376
- C:\Windows\System\ooGCZPV.exe
  C:\Windows\System\ooGCZPV.exe
  2⤵
  PID:9484
- C:\Windows\System\rrIWJQj.exe
  C:\Windows\System\rrIWJQj.exe
  2⤵
  PID:9560
- C:\Windows\System\WJdETOa.exe
  C:\Windows\System\WJdETOa.exe
  2⤵
  PID:1012
- C:\Windows\System\IrIKuBT.exe
  C:\Windows\System\IrIKuBT.exe
  2⤵
  PID:9576
- C:\Windows\System\zHoLOeT.exe
  C:\Windows\System\zHoLOeT.exe
  2⤵
  PID:9412
- C:\Windows\System\ekYCgBL.exe
  C:\Windows\System\ekYCgBL.exe
  2⤵
  PID:9552
- C:\Windows\System\yiWyPZW.exe
  C:\Windows\System\yiWyPZW.exe
  2⤵
  PID:9464
- C:\Windows\System\hyMmWzq.exe
  C:\Windows\System\hyMmWzq.exe
  2⤵
  PID:9228
- C:\Windows\System\DRmnfnM.exe
  C:\Windows\System\DRmnfnM.exe
  2⤵
  PID:10236
- C:\Windows\System\NoSsnEa.exe
  C:\Windows\System\NoSsnEa.exe
  2⤵
  PID:9780
- C:\Windows\System\aWJUvHm.exe
  C:\Windows\System\aWJUvHm.exe
  2⤵
  PID:9684
- C:\Windows\System\qlCjOcG.exe
  C:\Windows\System\qlCjOcG.exe
  2⤵
  PID:9708
- C:\Windows\System\zzsAkzq.exe
  C:\Windows\System\zzsAkzq.exe
  2⤵
  PID:9908
- C:\Windows\System\oqNXyns.exe
  C:\Windows\System\oqNXyns.exe
  2⤵
  PID:9804
- C:\Windows\System\IkuLkaD.exe
  C:\Windows\System\IkuLkaD.exe
  2⤵
  PID:9924
- C:\Windows\System\RFfZwgb.exe
  C:\Windows\System\RFfZwgb.exe
  2⤵
  PID:10032
- C:\Windows\System\IwUziTc.exe
  C:\Windows\System\IwUziTc.exe
  2⤵
  PID:10072
- C:\Windows\System\oGxnOBT.exe
  C:\Windows\System\oGxnOBT.exe
  2⤵
  PID:9004
- C:\Windows\System\ndQhqhM.exe
  C:\Windows\System\ndQhqhM.exe
  2⤵
  PID:9300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AvAXABI.exe

Filesize
6.0MB

MD5
d07c68249e4f51b18fe571ec30c48a83

SHA1
56ece4b968e9ba4dda53f042a1917f2e374d87c9

SHA256
8ddb60e3676cbd832ef81381357d5963b38bdae16caa3a0a4da5b9ffa0d7e1fd

SHA512
1959dfb878e97611533b2e94595e9465b2cd66ac5e7603a3433b15b72d33a9ea7f4a03cc8b1f336a8be0dd84a8fe415cae9aa9d5d22043eba009c4256420f103

Download Submit
C:\Windows\system\Buewgot.exe

Filesize
6.0MB

MD5
53ba7af6e71561bcc99ea6715a039c2b

SHA1
4685cbb08b60d12c6efd7e4fe4ba0164dbad482f

SHA256
b3b150144c00d21382e22ec47cb003ba08d4c78fa4fae7a3d017ca70a1077dee

SHA512
786e95af114da830964ba74648ca0f2b6f5d13453935cd9ab2bf5072b44c63ddaa138fa680a5111fc6e1bb3f6a888ac60d52454d809223cf0d2e2fc8ceb944a6

Download Submit
C:\Windows\system\CkEOqKO.exe

Filesize
6.0MB

MD5
a0631e5815788c7b20bbaf1b7dc166b6

SHA1
4e6eaa536afa8493738de7456d6a4b5c11c9ad36

SHA256
264d34309c9f1b9f91119b2d4cb625ec8bae6d5f314c88d6df09317f24dc1407

SHA512
639cb18da6542414c246da2d8a5930f0df7b4744322d1fcf0e87c11ce2f4806593228116263a5cf5d46e11268e736fd1e06744c5c6fe4dbab2793b63259fc10b

Download Submit
C:\Windows\system\EZxIgpq.exe

Filesize
6.0MB

MD5
b19b8f1a7bc5d1ed86bf889fc99cbb44

SHA1
6ace3d4f9d88ec8bee53c7fc7bd4356f0d06bb9b

SHA256
bd738177a1d77e232f8dbea297428eab9189ef029d0fd0ee5649b34b1ce050bc

SHA512
63eaa08378fa07b33ab569ca0957e37950ec6cc2db96c01a3157b54840d9649bf1d6ced94206007d3a66c0e2b70793b6f931df1f07374a25b5b742610eeba12b

Download Submit
C:\Windows\system\GyakqxZ.exe

Filesize
6.0MB

MD5
8e8e0b45cc43e813c7b09dfb9810b3a0

SHA1
e4b328dc6c2acb234f332c2c8a00193c78b680ed

SHA256
5fb1319d1fe618144c00265405957e2412a4bda5d0feb01b9bab11a4bcb75671

SHA512
13274ddde578b25dd2acd9af2fffa9418549aa3911b8157f8febb69d61f2ca8fe2d813d1de7032ee0d4abb75a55803e14e0821805944d60925a5aa7dd844153d

Download Submit
C:\Windows\system\JkOWwwo.exe

Filesize
6.0MB

MD5
c752f7ce10200fea392a7f33efcffb3b

SHA1
d57df875dfc19f28c614947fb97dcd2ea6094941

SHA256
c9f896e26a3ed9cde4225a4581a249d7fe5ea147afd13dfb8b9111bca6959b51

SHA512
e843b87b7985faf63e2fce408880521fc48234c1d739ac5295e2f8e5ed055b95dc37cfb78b617be7dc79ac99c66c44cb12bea4bdf0e0343199320a50ebaf6281

Download Submit
C:\Windows\system\OzinGWq.exe

Filesize
6.0MB

MD5
a73bd07b0b7abdc62557bd3a2dd0434f

SHA1
f23e5f999b8b65f028f3c566c8b2de667a8f73cb

SHA256
d8d409c7c6c038be5598899387998c37e255f604fa908053ba1632cfed8d419e

SHA512
256b5d26265b356494c7d611d45a3838ec95ca9990bbb636d277cfe99555fe68c9b02670651895fe19429abe603bfab7b4bef46803fc7560b8bd52f1fbce2aa4

Download Submit
C:\Windows\system\PnfKfZA.exe

Filesize
6.0MB

MD5
bc39a68ba1156f096d1a9f5d248d2b0d

SHA1
558a7b902328358b61f7457f344eb73097a4a4ff

SHA256
7dc8e271aa69a43d9b3176daaacc00ce1f3f789bbc32fccc0ec4a2e8877de265

SHA512
df40d77f54772a06a3615470ad73de05a7084cccdbead7ef41acaca0ddbed58ac5e269c0ef217def6bb277ec76acdb76b73b69e3667a4ccdca96d9aa057c4bb7

Download Submit
C:\Windows\system\PoUmamq.exe

Filesize
6.0MB

MD5
5688eb71cfc88b01486eaeaf093c52e3

SHA1
65a59a8ccb510cb6774cb40e59bccce6418f4e58

SHA256
038d0f806ba96f9562f203dde48957aed5077ef3b63b727c0f18563b2b4de77b

SHA512
3170a091ddd33f3ce133e63bd5d297918aa24c25eb036baa3fd7aae1dd85bd6525b6d53ced4b35f08f6b4645c54abc606046ca6a86d46b42f24bfeb3d2e64fbd

Download Submit
C:\Windows\system\RPkFQSc.exe

Filesize
6.0MB

MD5
87bc8c221326d349d6d93e2c5d5e8c11

SHA1
6ab3e84d11f3f768e6dc08e3bd7b0096414a5e61

SHA256
86668ac7f278ce84388a9158139d174f07fa826d49fb7826b5ac6555f9ee7503

SHA512
6c93ef7458af706e9ac7cf68267d0e1301d40384481b8cf3427ce1cc8a114ebbfa5885ab57194b15a597829ac1330105cbd5169f1aad467c95ab61d9a089a3e9

Download Submit
C:\Windows\system\RfUdqtq.exe

Filesize
6.0MB

MD5
00b5ece8df541c56a5eb0efcf5990895

SHA1
fa29e429a31f778b706fd0a892044cb7457347af

SHA256
22fd9896816db8352a5979baa81183e262366f8e7301a79066d2ca784f30fc2c

SHA512
8cf8fe42c70ef3080bd5d3e07f912cc2aa1d42f09fe4dbbbec2f048f8f772e3e7343c1af6749d75c7150cbff024d6e4c424a7c02a6577c7538a6fd27bfa43d04

Download Submit
C:\Windows\system\TpVTihg.exe

Filesize
6.0MB

MD5
3dd68e7f2f142809f7109fb717583f62

SHA1
cec9cc32387c84512b3a082ea0d6a3b270d80ca4

SHA256
37d97c69f1c2d8455de462a6f6bc216998b13310304cf0fb8b4a1da5fc07788a

SHA512
595549789924e06f8b9decf3429633ef3c0ad3e57bcb4ade8a2c1b2c78986a4e8f3212897208cae2705ec6a87ebcf2fb84b46f45049acf1d9e55dc330e888f0d

Download Submit
C:\Windows\system\UMOUfBx.exe

Filesize
6.0MB

MD5
e2f582dd9cc1c279f75fdd3acc479102

SHA1
fd10d3eabd678cf13e10f9b66c5230c75cb03f21

SHA256
fba754ccd40fdb6a5bb5e82f71a392c889e83e3e21da35b89a5fd0214ce414d6

SHA512
13422a216e08654ef8e514a77f525022eb61ea11727b51bad04585fc78fb8e7280878766cf62265cab2c3528f35ddbff5fbb9612cb426633bc9f93e1418571e2

Download Submit
C:\Windows\system\VkXqvWz.exe

Filesize
6.0MB

MD5
63f2abbbcda08b55ddd311c174c4c884

SHA1
9e4a08e054f5f730892305b92ea14fd21950c5f3

SHA256
5713fa067defe8abf27750151fcf94bec79d57e2b0b753f2d7fedeba9d3cd37f

SHA512
2d2b2c79c3d5033d86fd7db896c7d088cc087df7a537a23cb40b0f05d664b5de169be05ea1660e6d797fbb3a9893ed63729637338091bf9e6164940b12701c18

Download Submit
C:\Windows\system\afdmcYQ.exe

Filesize
6.0MB

MD5
473c50a16af048c6d9c298ed13a54d7b

SHA1
923e92088d06ba39d0d834cfc19e1fe19ce0d65c

SHA256
9ba11fde36e64a5eb4fa438afa6cedeca4017f478c3ef5cd4ac1a0521b3d23cd

SHA512
6b367c05fb4bb74df4d79a78a302093e86e88dcfcea09ddcd5dd9d0b376fefd6b4903874dfbfbf33e0d9220491b5705cb6695ac39eb61ca7fde64f67a39beb52

Download Submit
C:\Windows\system\bmHWiCc.exe

Filesize
6.0MB

MD5
69c5f9e3aba88186a1ed8a760b4a5a7b

SHA1
d908461112e71111a9cd92a1a24604c202318820

SHA256
d28966112e8cc3071b4baf3f147a6d6d34fb0b68db4338a066e5e31e0bfe3ebc

SHA512
225268e79be74cbfb1fa0e6141f06df11546abb551287b1b9006ca33ba2fd3d0603f3fe88f3bdae3219873871543aff2c4300ad4bfbbaa8f3abae1d0614e146c

Download Submit
C:\Windows\system\cgLoYMS.exe

Filesize
6.0MB

MD5
abd83776fbb0dcab6fe1a92bf2ad773e

SHA1
26b6371397d9ed7cfd9848259fa8b1ab9321a79d

SHA256
5c25d8500fedc73bfd9b0cd9dd155170b6938aabdaabbdf2a4dba40fb93c6d2c

SHA512
c486d489c44ca7504d821809bd91605d36311bc497b2dda0197c3109310ce2876e280b6d45507231d008d603f9f2859ecf5c01e14ee9d2dc18d8350158ca5caf

Download Submit
C:\Windows\system\daZcvsG.exe

Filesize
6.0MB

MD5
cb4af25a49184459af32f96f98527d69

SHA1
2be45b14cd8771583a6cfb838cabf0428a2aa35a

SHA256
99d54e889f940052d45102e336dfec5ed3d53455cf780f1cceb181bc2d3c29e7

SHA512
3fab19d459ee55631bf0272ed6f9bbee1c7395f36d8856a80f0668301fb60853f472631a0e798ea341e33f8a9c47354ba4de186443342e9770ba77e0bc467eec

Download Submit
C:\Windows\system\gdEoXYZ.exe

Filesize
6.0MB

MD5
ca870ef5051b1ad38a90934e53f83b8f

SHA1
e89002fb81e8f366fd2d074d979e37c8c158c3d5

SHA256
36a6b53e33afc23f2797c5f99e11cfafba1cba7f1dbea94583bb453a07b940fe

SHA512
07c54bbe675e8d6cf3579bda52f7ea2abb51c0114e8ae4773a0d224572ff696054b680db9b04fb9245009d1dc6cfeb33e13adad31d87d68f1a9e70b5d9134f10

Download Submit
C:\Windows\system\hVkiUrZ.exe

Filesize
6.0MB

MD5
72fdacffd79275b5f0ff03ac8862d5c1

SHA1
cb40829695062eea5c49aa3ad02c216c18b6e549

SHA256
b802ad1d3bcb45e0fbaf0f74e24b31a9f1b7e33585edcdcc1b7f50fc08efcec7

SHA512
5d0ab031c11c7825ae69ea70eec7159bacea8650fabae8bd30235c313263be26b83969c6549ef19073b4c79f0d27d492e4dbdfddc1eec85c45531822d27e9473

Download Submit
C:\Windows\system\hnwaMJy.exe

Filesize
6.0MB

MD5
85f22922c3e1618cc91f80f5f06f14bc

SHA1
ccdb5a6baa8af46525bc84622c438921911530bc

SHA256
1c8eda5a72db28c8be157581557d0b4651c08eaf4c6de6740af71b1c2b090d23

SHA512
9e291308294217ec937c5160da6f6bcc4e8166c5d62a7d2582e0e925c1ca45dff568868b7ebfd2fd5a3a4e2829be49554e6e6aa8f80eb1932b563b7d4b4934b9

Download Submit
C:\Windows\system\jmYpeGc.exe

Filesize
6.0MB

MD5
e2cdbb9e09a5ad722420e9a82a781b96

SHA1
38c25718cebdcea2a8f7ae16f83a142d48f796e4

SHA256
7234ef8e5dab4cb40be98e0d15ddd7fd6e20069342f6f56e746d7787ec3e5170

SHA512
410322a83def215b3c150f812f3041331ad9a68a7a7e74c196b9502679053d13e02e79644cd96b3db4f1741f9ae6a1acda594006068788ca5998bae8fd24d34f

Download Submit
C:\Windows\system\jxawAuS.exe

Filesize
6.0MB

MD5
76557e19e8522a526086d26c207dddbf

SHA1
b16922b50dfc0befc4dcb9b5c0c32ae154f8569d

SHA256
aa04c7e47bf5bb01da57f8857abe6ce3c247b192da15513ee169d17463e013cf

SHA512
a8e2424e08d7bfb209e8d75cbd89d6ac519ba75fcbaf7e337c235dad73c770e612c5362f1406a059bc2f562678a274f775aa4013db9a40d28c32347d67309832

Download Submit
C:\Windows\system\qKgvQoV.exe

Filesize
6.0MB

MD5
3bd2de78d7398f205967064dc0a535db

SHA1
79b47f268bda38b9390f1e53a52c55e705bee199

SHA256
04f5068a9d048ecab00add26ba42e31a0533b546512bee0ecf39f7e1b5df2232

SHA512
b8dccae0aaa482b4b0167513fd5f4c30ed04c8f4759989fa9f1077ba4998b09cd88400d58c86c60034435de98856c46b92b907256c4cc8908d231f9e03149032

Download Submit
C:\Windows\system\qKxYRAU.exe

Filesize
6.0MB

MD5
b3688e59a40af5ee0ebd50c2426a3522

SHA1
43a479cb0fae0be802c4aa48a188d06fd532b6cc

SHA256
6934d8c564b9d8dafd6f321fd1a77c24f7fde08e6d523966b0d6db347e59291d

SHA512
036ca8e564ef348be325546fa870505feb9ec59b5899fb3d9d3733d08e1ab5865f07a4e3e06e7bd35dfbc87a8ac2d1d59489b6d2e748039691cf30dac41b54a3

Download Submit
C:\Windows\system\wJLCwwt.exe

Filesize
6.0MB

MD5
aef41b81861830d58c488763f6b0b18e

SHA1
d2079e4fbed8d8c3a1552cb314a9b06a0fe09fc8

SHA256
55095d7a2c76355911d58a4053a1adfd67edb60fb9267345761dc831f431706b

SHA512
b37c6bd7861ac4a02c223d11bf56e9016b926494873a72fb2f7690a35de56d38f4b9c5c39378c752f322a00c65eaa29ebd37580f254330645c08244fe17a0b1b

Download Submit
C:\Windows\system\xaUsxqm.exe

Filesize
6.0MB

MD5
8fa66f08bfd7331f0d649535037fd753

SHA1
ff8164429a2c99f363f7fba576cf9b5f267979b9

SHA256
8fc39abb4ff88660406d073f3b1cc4f1bf21795441abe9fa5ef31499e2f05acb

SHA512
fd1eba8e62f8cb147264c30610be33cb94d16068794268e615f2cc3308b410e2475dc3773b361c60d30ba304013fdd15536a233c2a1cb1e0b3929664328dda03

Download Submit
C:\Windows\system\yOvxJvK.exe

Filesize
6.0MB

MD5
b67aeecccab022a3dc39f243ba1cb9bc

SHA1
269f4b6ee57e9b09e57b8fbec9f1d9d58207794e

SHA256
6f5b490f64a01c0ea7301f51e23b3bf4e3988ac45cf869f80d6b3a8d10288c22

SHA512
cede3e78478c979dd69eb24c78624ddf99dc25315cb630f089c9a9313b84e67583ce08e117bd229df1eed46c6296068b0a68c5a1c5749ded182fac792cc98831

Download Submit
C:\Windows\system\yWAcWrF.exe

Filesize
6.0MB

MD5
7c58aa341b66fc2b2cfca892b7e6610b

SHA1
c2a8c679e4d15621c2245ef2562729d101810486

SHA256
531e9eb99e38afa7d9dc866145f6fcdab47ce93b29a54a7c065887316e0cbb88

SHA512
c6c1d19f464c50998b353dbcf0b814ae5b5913dbedb24112599bdafba3d47631336390674729fe20d9f1b1e3a6c0d449e4de666c8ea9a13b2ded90b3585a919e

Download Submit
\Windows\system\QEltviT.exe

Filesize
6.0MB

MD5
1f88faddcc503bd8fb54d1dabab0ba83

SHA1
50c6292e8624161f5aca864da66bfa6899471020

SHA256
9ef265c33606f6bce1fb8520af07d3bab24564b174c630bc8edec2a668825fc2

SHA512
00f4521ae715d7e7e7d1d4f9dd6fac2ac9108919a5149365274e5fc3b957c0e801711f50d5e9eeda51948e9014d119d9067025aafe1ceb6de107db8ade0a5f8b

Download Submit
\Windows\system\bybUbar.exe

Filesize
6.0MB

MD5
2a8bf2b25ccb9c469212b16d58ec2236

SHA1
2ac4001170d1b5b067aa2b86efa1fbe79f69ee02

SHA256
6d911e5ed47c43ee5a24e426645bca111027bbd7f160dab40c9d776cfc83e463

SHA512
7def915e5d4cd555855a6ddcedc11bbfa6798d7ce96cf0419a19c29ea37d9a2bce7dc3e1d1c1977b9a24d35441d596db8159f45713df64d343eee17f5c3ebb3d

Download Submit
\Windows\system\oiQNExo.exe

Filesize
6.0MB

MD5
2535d6ced01f26c3e0eb7ff699fa3084

SHA1
57ef3aab703a0446e27aa99efb25581668eddf9c

SHA256
4e7ed53ce56d72c3de5114fc8031cb4aef77baf477c13ddae64b9aada0549a66

SHA512
dc2df8c78996edee56a6a41c0b5f20447ab02cfcc92086b2c7ecb4717c064bfb71e07b39c2ed71e6edcc3d5549eebda5e741fac7d9da5ab8aad54dfb2f954eb6

Download Submit
memory/1620-3141-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3282-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1620-3281-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2567-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2519-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2583-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3279-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3163-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3144-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-0-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2579-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4005-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2589-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4003-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2555-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4004-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2593-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-4006-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download