cobaltstrike | 20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
29/12/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
Size

6.0MB
MD5

c191714717a7434b8bc23fc4b02a7baf
SHA1

503da03249a321d7654b2e530fd44ab8be5a2ff6
SHA256

20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f
SHA512

1ff128e8d9fc6ed88eb40a2a5fd74758a1b187e6e8c418dcac62f5b0c7280969dd0a879cc988ea06a83373678d19ec8ff343e8b2e0ea02400a77c532a6c7d9af
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU2:eOl56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00460000000120f4-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186e7-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-121.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral1/memory/3060-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x00460000000120f4-6.dat	xmrig
behavioral1/files/0x00070000000186e7-10.dat	xmrig
behavioral1/files/0x00070000000186f1-16.dat	xmrig
behavioral1/files/0x00060000000186f4-21.dat	xmrig
behavioral1/files/0x0006000000018704-26.dat	xmrig
behavioral1/files/0x0006000000018739-30.dat	xmrig
behavioral1/files/0x0005000000019451-50.dat	xmrig
behavioral1/files/0x00050000000194b9-65.dat	xmrig
behavioral1/files/0x00050000000194ee-75.dat	xmrig
behavioral1/files/0x0005000000019502-85.dat	xmrig
behavioral1/files/0x0005000000019509-90.dat	xmrig
behavioral1/files/0x000500000001957e-110.dat	xmrig
behavioral1/files/0x0005000000019627-150.dat	xmrig
behavioral1/files/0x000500000001962b-160.dat	xmrig
behavioral1/files/0x0005000000019629-156.dat	xmrig
behavioral1/files/0x0005000000019625-146.dat	xmrig
behavioral1/files/0x0005000000019624-141.dat	xmrig
behavioral1/files/0x0005000000019621-131.dat	xmrig
behavioral1/files/0x0005000000019623-135.dat	xmrig
behavioral1/files/0x00050000000195f0-125.dat	xmrig
behavioral1/files/0x00050000000195ab-121.dat	xmrig
behavioral1/files/0x000900000001749c-100.dat	xmrig
behavioral1/files/0x000500000001958e-115.dat	xmrig
behavioral1/files/0x0005000000019512-105.dat	xmrig
behavioral1/files/0x000500000001950e-96.dat	xmrig
behavioral1/files/0x00050000000194f1-80.dat	xmrig
behavioral1/files/0x00050000000194c9-70.dat	xmrig
behavioral1/files/0x00050000000194a9-60.dat	xmrig
behavioral1/files/0x0005000000019458-55.dat	xmrig
behavioral1/files/0x00050000000193df-45.dat	xmrig
behavioral1/files/0x00070000000193c4-40.dat	xmrig
behavioral1/files/0x0006000000018744-36.dat	xmrig
behavioral1/memory/2328-2462-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2324-2484-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2588-2495-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/580-2518-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2852-2519-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2744-2523-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2748-2550-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/3060-3228-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3060-3350-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2744-3633-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2324-3607-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/580-3606-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2588-3615-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2328-3604-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2852-3647-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2748-3642-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2340	uZbgnHx.exe
2328	MOxJMrZ.exe
2324	lqbxxFk.exe
2588	JZiDJwo.exe
580	AUWsaRo.exe
2884	YNmuDKC.exe
1984	LaemOuY.exe
2852	iAjarUP.exe
2956	wloenIz.exe
2856	byaExhN.exe
3012	aVEgQBt.exe
2912	WCjtcHv.exe
2744	yGfxwPP.exe
2748	uXPWJkv.exe
2704	MZBAlde.exe
2768	OmxQmDE.exe
2212	yDPTPZX.exe
596	mHJCfvd.exe
1332	AmKeQNq.exe
1116	CwwjZTJ.exe
868	uwmiFpg.exe
2420	kwItZCL.exe
1052	chJvhrx.exe
1344	CpXspno.exe
1292	DITDAvF.exe
1864	SZKqlOM.exe
2016	VuevdKG.exe
484	NRpalUQ.exe
2252	MpvwtSL.exe
2772	wRCsiWi.exe
2516	kYuSxRR.exe
448	uAMdQjk.exe
1484	qjFgyGH.exe
1640	HRXebiR.exe
984	dQtaXID.exe
1876	dBKlMWX.exe
1772	jZbgANY.exe
1308	lRJApBY.exe
1788	gfvgGXu.exe
2488	vsRVgRO.exe
2044	sMnRTwd.exe
1016	KSdzstb.exe
1612	kuBrnIH.exe
2484	upwFhYV.exe
1528	tyJXuod.exe
2176	JXgYwOk.exe
3000	LmTzExq.exe
2644	TOYTptL.exe
2380	mQDBQZA.exe
2244	jEbdrti.exe
1252	nOIXcOe.exe
2784	VkkYQUA.exe
1856	bPWZAXg.exe
3008	LwJBerz.exe
2104	hgNpvUy.exe
3020	uOQBLsT.exe
1624	EEPMohh.exe
2296	mzDcsMo.exe
3004	TpJispT.exe
2592	eMbMaIT.exe
2352	CvYEoXS.exe
2832	LSizDcn.exe
2924	ZcxKeDg.exe
2396	wHqHZyD.exe

Loads dropped DLL 64 IoCs

pid	Process
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3060-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x00460000000120f4-6.dat	upx
behavioral1/files/0x00070000000186e7-10.dat	upx
behavioral1/files/0x00070000000186f1-16.dat	upx
behavioral1/files/0x00060000000186f4-21.dat	upx
behavioral1/files/0x0006000000018704-26.dat	upx
behavioral1/files/0x0006000000018739-30.dat	upx
behavioral1/files/0x0005000000019451-50.dat	upx
behavioral1/files/0x00050000000194b9-65.dat	upx
behavioral1/files/0x00050000000194ee-75.dat	upx
behavioral1/files/0x0005000000019502-85.dat	upx
behavioral1/files/0x0005000000019509-90.dat	upx
behavioral1/files/0x000500000001957e-110.dat	upx
behavioral1/files/0x0005000000019627-150.dat	upx
behavioral1/files/0x000500000001962b-160.dat	upx
behavioral1/files/0x0005000000019629-156.dat	upx
behavioral1/files/0x0005000000019625-146.dat	upx
behavioral1/files/0x0005000000019624-141.dat	upx
behavioral1/files/0x0005000000019621-131.dat	upx
behavioral1/files/0x0005000000019623-135.dat	upx
behavioral1/files/0x00050000000195f0-125.dat	upx
behavioral1/files/0x00050000000195ab-121.dat	upx
behavioral1/files/0x000900000001749c-100.dat	upx
behavioral1/files/0x000500000001958e-115.dat	upx
behavioral1/files/0x0005000000019512-105.dat	upx
behavioral1/files/0x000500000001950e-96.dat	upx
behavioral1/files/0x00050000000194f1-80.dat	upx
behavioral1/files/0x00050000000194c9-70.dat	upx
behavioral1/files/0x00050000000194a9-60.dat	upx
behavioral1/files/0x0005000000019458-55.dat	upx
behavioral1/files/0x00050000000193df-45.dat	upx
behavioral1/files/0x00070000000193c4-40.dat	upx
behavioral1/files/0x0006000000018744-36.dat	upx
behavioral1/memory/2328-2462-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2324-2484-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2588-2495-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/580-2518-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2852-2519-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2744-2523-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2748-2550-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/3060-3228-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2744-3633-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2324-3607-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/580-3606-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2588-3615-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2328-3604-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2852-3647-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2748-3642-0x000000013F610000-0x000000013F964000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oEyYKgd.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\qIhyyYJ.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\kGtarRl.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\XsidSUd.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\DgfgfsM.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\dpgxZSz.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\aZpTxpt.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\PXZRJap.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\sKshpgg.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\SmzhREf.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\HVRmtdg.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\wYqSeyT.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\jMgsJwc.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\WCwrhGJ.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\zUwgVBC.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\QuZxNws.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\bzidkNc.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\BfmBdrS.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\RYYzxYl.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\qNyrFQr.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\CbTQqFP.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\wQcLyha.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\MsPqtqu.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\PMjRkOR.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\iSaceTa.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\kBWXpzb.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\bDaNago.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\yrjxVvb.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\PouABUx.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\PdfesYl.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\AWXzqwo.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\yAFMQtR.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\ikBlRMP.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\teXtgFo.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\DTVWVlo.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\aXGAqUr.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\xuAyARD.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\hEMdkaq.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\uOQBLsT.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\mzDcsMo.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\pzMGvWB.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\FpUkZiJ.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\lZdvOVm.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\EOSMvJK.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\uzOrlWt.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\oaTdhtZ.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\OLRJppW.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\GbdpdoX.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\ozHkmZK.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\QOBuTCO.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\iBfuUWd.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\ntdePFW.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\eQMMckG.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\pxuERds.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\iPMtGkl.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\DqftYkk.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\ddDfoOW.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\EDqDwix.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\QLwBTgO.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\NilHjFz.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\bZJyPvd.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\oIDsyBI.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\rSuEAse.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
File created	C:\Windows\System\TQADzZU.exe	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2340	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	31
PID 3060 wrote to memory of 2340	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	31
PID 3060 wrote to memory of 2340	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	31
PID 3060 wrote to memory of 2328	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	32
PID 3060 wrote to memory of 2328	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	32
PID 3060 wrote to memory of 2328	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	32
PID 3060 wrote to memory of 2324	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	33
PID 3060 wrote to memory of 2324	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	33
PID 3060 wrote to memory of 2324	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	33
PID 3060 wrote to memory of 2588	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	34
PID 3060 wrote to memory of 2588	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	34
PID 3060 wrote to memory of 2588	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	34
PID 3060 wrote to memory of 580	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	35
PID 3060 wrote to memory of 580	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	35
PID 3060 wrote to memory of 580	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	35
PID 3060 wrote to memory of 2884	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	36
PID 3060 wrote to memory of 2884	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	36
PID 3060 wrote to memory of 2884	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	36
PID 3060 wrote to memory of 1984	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	37
PID 3060 wrote to memory of 1984	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	37
PID 3060 wrote to memory of 1984	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	37
PID 3060 wrote to memory of 2852	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	38
PID 3060 wrote to memory of 2852	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	38
PID 3060 wrote to memory of 2852	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	38
PID 3060 wrote to memory of 2956	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	39
PID 3060 wrote to memory of 2956	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	39
PID 3060 wrote to memory of 2956	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	39
PID 3060 wrote to memory of 2856	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	40
PID 3060 wrote to memory of 2856	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	40
PID 3060 wrote to memory of 2856	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	40
PID 3060 wrote to memory of 3012	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	41
PID 3060 wrote to memory of 3012	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	41
PID 3060 wrote to memory of 3012	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	41
PID 3060 wrote to memory of 2912	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	42
PID 3060 wrote to memory of 2912	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	42
PID 3060 wrote to memory of 2912	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	42
PID 3060 wrote to memory of 2744	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	43
PID 3060 wrote to memory of 2744	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	43
PID 3060 wrote to memory of 2744	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	43
PID 3060 wrote to memory of 2748	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	44
PID 3060 wrote to memory of 2748	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	44
PID 3060 wrote to memory of 2748	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	44
PID 3060 wrote to memory of 2704	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	45
PID 3060 wrote to memory of 2704	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	45
PID 3060 wrote to memory of 2704	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	45
PID 3060 wrote to memory of 2768	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	46
PID 3060 wrote to memory of 2768	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	46
PID 3060 wrote to memory of 2768	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	46
PID 3060 wrote to memory of 2212	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	47
PID 3060 wrote to memory of 2212	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	47
PID 3060 wrote to memory of 2212	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	47
PID 3060 wrote to memory of 596	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	48
PID 3060 wrote to memory of 596	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	48
PID 3060 wrote to memory of 596	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	48
PID 3060 wrote to memory of 1332	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	49
PID 3060 wrote to memory of 1332	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	49
PID 3060 wrote to memory of 1332	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	49
PID 3060 wrote to memory of 1116	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	50
PID 3060 wrote to memory of 1116	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	50
PID 3060 wrote to memory of 1116	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	50
PID 3060 wrote to memory of 868	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	51
PID 3060 wrote to memory of 868	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	51
PID 3060 wrote to memory of 868	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	51
PID 3060 wrote to memory of 2420	3060	JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_20357fe2e03db67de43afa82011795dec01fc1b40c359bc0b903be425440973f.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\System\uZbgnHx.exe
  C:\Windows\System\uZbgnHx.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\MOxJMrZ.exe
  C:\Windows\System\MOxJMrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\lqbxxFk.exe
  C:\Windows\System\lqbxxFk.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\JZiDJwo.exe
  C:\Windows\System\JZiDJwo.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AUWsaRo.exe
  C:\Windows\System\AUWsaRo.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\YNmuDKC.exe
  C:\Windows\System\YNmuDKC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\LaemOuY.exe
  C:\Windows\System\LaemOuY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\iAjarUP.exe
  C:\Windows\System\iAjarUP.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\wloenIz.exe
  C:\Windows\System\wloenIz.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\byaExhN.exe
  C:\Windows\System\byaExhN.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\aVEgQBt.exe
  C:\Windows\System\aVEgQBt.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\WCjtcHv.exe
  C:\Windows\System\WCjtcHv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\yGfxwPP.exe
  C:\Windows\System\yGfxwPP.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\uXPWJkv.exe
  C:\Windows\System\uXPWJkv.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\MZBAlde.exe
  C:\Windows\System\MZBAlde.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\OmxQmDE.exe
  C:\Windows\System\OmxQmDE.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\yDPTPZX.exe
  C:\Windows\System\yDPTPZX.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\mHJCfvd.exe
  C:\Windows\System\mHJCfvd.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\AmKeQNq.exe
  C:\Windows\System\AmKeQNq.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\CwwjZTJ.exe
  C:\Windows\System\CwwjZTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\uwmiFpg.exe
  C:\Windows\System\uwmiFpg.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\kwItZCL.exe
  C:\Windows\System\kwItZCL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\chJvhrx.exe
  C:\Windows\System\chJvhrx.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\CpXspno.exe
  C:\Windows\System\CpXspno.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\DITDAvF.exe
  C:\Windows\System\DITDAvF.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\SZKqlOM.exe
  C:\Windows\System\SZKqlOM.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\VuevdKG.exe
  C:\Windows\System\VuevdKG.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\NRpalUQ.exe
  C:\Windows\System\NRpalUQ.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\MpvwtSL.exe
  C:\Windows\System\MpvwtSL.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\wRCsiWi.exe
  C:\Windows\System\wRCsiWi.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\kYuSxRR.exe
  C:\Windows\System\kYuSxRR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\uAMdQjk.exe
  C:\Windows\System\uAMdQjk.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\qjFgyGH.exe
  C:\Windows\System\qjFgyGH.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\HRXebiR.exe
  C:\Windows\System\HRXebiR.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\dQtaXID.exe
  C:\Windows\System\dQtaXID.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\dBKlMWX.exe
  C:\Windows\System\dBKlMWX.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\jZbgANY.exe
  C:\Windows\System\jZbgANY.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\lRJApBY.exe
  C:\Windows\System\lRJApBY.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\gfvgGXu.exe
  C:\Windows\System\gfvgGXu.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\vsRVgRO.exe
  C:\Windows\System\vsRVgRO.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\sMnRTwd.exe
  C:\Windows\System\sMnRTwd.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\KSdzstb.exe
  C:\Windows\System\KSdzstb.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\kuBrnIH.exe
  C:\Windows\System\kuBrnIH.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\upwFhYV.exe
  C:\Windows\System\upwFhYV.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\tyJXuod.exe
  C:\Windows\System\tyJXuod.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\JXgYwOk.exe
  C:\Windows\System\JXgYwOk.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\LmTzExq.exe
  C:\Windows\System\LmTzExq.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TOYTptL.exe
  C:\Windows\System\TOYTptL.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\mQDBQZA.exe
  C:\Windows\System\mQDBQZA.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\jEbdrti.exe
  C:\Windows\System\jEbdrti.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\nOIXcOe.exe
  C:\Windows\System\nOIXcOe.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\VkkYQUA.exe
  C:\Windows\System\VkkYQUA.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\bPWZAXg.exe
  C:\Windows\System\bPWZAXg.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\LwJBerz.exe
  C:\Windows\System\LwJBerz.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\hgNpvUy.exe
  C:\Windows\System\hgNpvUy.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\uOQBLsT.exe
  C:\Windows\System\uOQBLsT.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\EEPMohh.exe
  C:\Windows\System\EEPMohh.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\mzDcsMo.exe
  C:\Windows\System\mzDcsMo.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\TpJispT.exe
  C:\Windows\System\TpJispT.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\eMbMaIT.exe
  C:\Windows\System\eMbMaIT.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\CvYEoXS.exe
  C:\Windows\System\CvYEoXS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\LSizDcn.exe
  C:\Windows\System\LSizDcn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ZcxKeDg.exe
  C:\Windows\System\ZcxKeDg.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\wHqHZyD.exe
  C:\Windows\System\wHqHZyD.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\xQHRKRA.exe
  C:\Windows\System\xQHRKRA.exe
  2⤵
  PID:2728
- C:\Windows\System\vYhoBlU.exe
  C:\Windows\System\vYhoBlU.exe
  2⤵
  PID:2936
- C:\Windows\System\SmzhREf.exe
  C:\Windows\System\SmzhREf.exe
  2⤵
  PID:2724
- C:\Windows\System\HXAHRoZ.exe
  C:\Windows\System\HXAHRoZ.exe
  2⤵
  PID:2872
- C:\Windows\System\jcaLpmQ.exe
  C:\Windows\System\jcaLpmQ.exe
  2⤵
  PID:1048
- C:\Windows\System\pxuERds.exe
  C:\Windows\System\pxuERds.exe
  2⤵
  PID:1668
- C:\Windows\System\LfhCCQd.exe
  C:\Windows\System\LfhCCQd.exe
  2⤵
  PID:1748
- C:\Windows\System\wKxkjQE.exe
  C:\Windows\System\wKxkjQE.exe
  2⤵
  PID:1708
- C:\Windows\System\HVRmtdg.exe
  C:\Windows\System\HVRmtdg.exe
  2⤵
  PID:864
- C:\Windows\System\MvsNYYg.exe
  C:\Windows\System\MvsNYYg.exe
  2⤵
  PID:1268
- C:\Windows\System\RitvaXa.exe
  C:\Windows\System\RitvaXa.exe
  2⤵
  PID:1284
- C:\Windows\System\XyNIPBW.exe
  C:\Windows\System\XyNIPBW.exe
  2⤵
  PID:2908
- C:\Windows\System\TWDfoex.exe
  C:\Windows\System\TWDfoex.exe
  2⤵
  PID:1972
- C:\Windows\System\tTzcBNx.exe
  C:\Windows\System\tTzcBNx.exe
  2⤵
  PID:1004
- C:\Windows\System\mxXQGkv.exe
  C:\Windows\System\mxXQGkv.exe
  2⤵
  PID:1372
- C:\Windows\System\JrnkRJB.exe
  C:\Windows\System\JrnkRJB.exe
  2⤵
  PID:2036
- C:\Windows\System\ieOvNMD.exe
  C:\Windows\System\ieOvNMD.exe
  2⤵
  PID:684
- C:\Windows\System\zPCvZSj.exe
  C:\Windows\System\zPCvZSj.exe
  2⤵
  PID:1044
- C:\Windows\System\NZsbzIe.exe
  C:\Windows\System\NZsbzIe.exe
  2⤵
  PID:924
- C:\Windows\System\Flivyfd.exe
  C:\Windows\System\Flivyfd.exe
  2⤵
  PID:1812
- C:\Windows\System\qcKrbbb.exe
  C:\Windows\System\qcKrbbb.exe
  2⤵
  PID:2688
- C:\Windows\System\URCoKLd.exe
  C:\Windows\System\URCoKLd.exe
  2⤵
  PID:2148
- C:\Windows\System\tzgWQKQ.exe
  C:\Windows\System\tzgWQKQ.exe
  2⤵
  PID:1520
- C:\Windows\System\jEyUSCc.exe
  C:\Windows\System\jEyUSCc.exe
  2⤵
  PID:604
- C:\Windows\System\juPNBrT.exe
  C:\Windows\System\juPNBrT.exe
  2⤵
  PID:1512
- C:\Windows\System\idWuGwa.exe
  C:\Windows\System\idWuGwa.exe
  2⤵
  PID:1652
- C:\Windows\System\DBoiozs.exe
  C:\Windows\System\DBoiozs.exe
  2⤵
  PID:2660
- C:\Windows\System\zLWYmYg.exe
  C:\Windows\System\zLWYmYg.exe
  2⤵
  PID:1736
- C:\Windows\System\TeokNLR.exe
  C:\Windows\System\TeokNLR.exe
  2⤵
  PID:2616
- C:\Windows\System\wihZJOS.exe
  C:\Windows\System\wihZJOS.exe
  2⤵
  PID:2076
- C:\Windows\System\CUOHxhD.exe
  C:\Windows\System\CUOHxhD.exe
  2⤵
  PID:2968
- C:\Windows\System\vJiaYlU.exe
  C:\Windows\System\vJiaYlU.exe
  2⤵
  PID:572
- C:\Windows\System\kNPwYAh.exe
  C:\Windows\System\kNPwYAh.exe
  2⤵
  PID:2868
- C:\Windows\System\IXvggMA.exe
  C:\Windows\System\IXvggMA.exe
  2⤵
  PID:2128
- C:\Windows\System\oBwtGYO.exe
  C:\Windows\System\oBwtGYO.exe
  2⤵
  PID:2084
- C:\Windows\System\jWyuTfX.exe
  C:\Windows\System\jWyuTfX.exe
  2⤵
  PID:2436
- C:\Windows\System\LDcgBOq.exe
  C:\Windows\System\LDcgBOq.exe
  2⤵
  PID:2372
- C:\Windows\System\zULsypE.exe
  C:\Windows\System\zULsypE.exe
  2⤵
  PID:2792
- C:\Windows\System\AlrAnPX.exe
  C:\Windows\System\AlrAnPX.exe
  2⤵
  PID:2276
- C:\Windows\System\cSTakLf.exe
  C:\Windows\System\cSTakLf.exe
  2⤵
  PID:2888
- C:\Windows\System\PVsJFYj.exe
  C:\Windows\System\PVsJFYj.exe
  2⤵
  PID:2292
- C:\Windows\System\IyZZNIn.exe
  C:\Windows\System\IyZZNIn.exe
  2⤵
  PID:856
- C:\Windows\System\DtfMCqD.exe
  C:\Windows\System\DtfMCqD.exe
  2⤵
  PID:268
- C:\Windows\System\VXmEJgF.exe
  C:\Windows\System\VXmEJgF.exe
  2⤵
  PID:716
- C:\Windows\System\hKMMiRX.exe
  C:\Windows\System\hKMMiRX.exe
  2⤵
  PID:2504
- C:\Windows\System\oMEmByM.exe
  C:\Windows\System\oMEmByM.exe
  2⤵
  PID:1976
- C:\Windows\System\edHcMAe.exe
  C:\Windows\System\edHcMAe.exe
  2⤵
  PID:1516
- C:\Windows\System\SxLEqSr.exe
  C:\Windows\System\SxLEqSr.exe
  2⤵
  PID:3084
- C:\Windows\System\TCXDEkn.exe
  C:\Windows\System\TCXDEkn.exe
  2⤵
  PID:3104
- C:\Windows\System\SsnpFSY.exe
  C:\Windows\System\SsnpFSY.exe
  2⤵
  PID:3124
- C:\Windows\System\fSNCbOS.exe
  C:\Windows\System\fSNCbOS.exe
  2⤵
  PID:3144
- C:\Windows\System\SgEBDJX.exe
  C:\Windows\System\SgEBDJX.exe
  2⤵
  PID:3164
- C:\Windows\System\AqKjwAF.exe
  C:\Windows\System\AqKjwAF.exe
  2⤵
  PID:3184
- C:\Windows\System\tghvhwZ.exe
  C:\Windows\System\tghvhwZ.exe
  2⤵
  PID:3204
- C:\Windows\System\OTAAUye.exe
  C:\Windows\System\OTAAUye.exe
  2⤵
  PID:3224
- C:\Windows\System\pNaREAz.exe
  C:\Windows\System\pNaREAz.exe
  2⤵
  PID:3244
- C:\Windows\System\QevmKXp.exe
  C:\Windows\System\QevmKXp.exe
  2⤵
  PID:3272
- C:\Windows\System\TdYdTFZ.exe
  C:\Windows\System\TdYdTFZ.exe
  2⤵
  PID:3292
- C:\Windows\System\eXcCdKL.exe
  C:\Windows\System\eXcCdKL.exe
  2⤵
  PID:3312
- C:\Windows\System\jbQZZWE.exe
  C:\Windows\System\jbQZZWE.exe
  2⤵
  PID:3336
- C:\Windows\System\XEAXsJv.exe
  C:\Windows\System\XEAXsJv.exe
  2⤵
  PID:3376
- C:\Windows\System\TxhEXKg.exe
  C:\Windows\System\TxhEXKg.exe
  2⤵
  PID:3396
- C:\Windows\System\VUYywnZ.exe
  C:\Windows\System\VUYywnZ.exe
  2⤵
  PID:3416
- C:\Windows\System\pKwdOIZ.exe
  C:\Windows\System\pKwdOIZ.exe
  2⤵
  PID:3436
- C:\Windows\System\cVsTqzu.exe
  C:\Windows\System\cVsTqzu.exe
  2⤵
  PID:3456
- C:\Windows\System\CvwxWBv.exe
  C:\Windows\System\CvwxWBv.exe
  2⤵
  PID:3476
- C:\Windows\System\cLMfTKa.exe
  C:\Windows\System\cLMfTKa.exe
  2⤵
  PID:3496
- C:\Windows\System\jQyGKuo.exe
  C:\Windows\System\jQyGKuo.exe
  2⤵
  PID:3520
- C:\Windows\System\sFkUnyt.exe
  C:\Windows\System\sFkUnyt.exe
  2⤵
  PID:3540
- C:\Windows\System\tXSBQJg.exe
  C:\Windows\System\tXSBQJg.exe
  2⤵
  PID:3560
- C:\Windows\System\vytmsaI.exe
  C:\Windows\System\vytmsaI.exe
  2⤵
  PID:3580
- C:\Windows\System\oEyYKgd.exe
  C:\Windows\System\oEyYKgd.exe
  2⤵
  PID:3600
- C:\Windows\System\ezWJIrD.exe
  C:\Windows\System\ezWJIrD.exe
  2⤵
  PID:3620
- C:\Windows\System\jqRAfVO.exe
  C:\Windows\System\jqRAfVO.exe
  2⤵
  PID:3640
- C:\Windows\System\iMAJSkk.exe
  C:\Windows\System\iMAJSkk.exe
  2⤵
  PID:3660
- C:\Windows\System\yKjXDba.exe
  C:\Windows\System\yKjXDba.exe
  2⤵
  PID:3680
- C:\Windows\System\kilezwP.exe
  C:\Windows\System\kilezwP.exe
  2⤵
  PID:3700
- C:\Windows\System\vSOOWDj.exe
  C:\Windows\System\vSOOWDj.exe
  2⤵
  PID:3720
- C:\Windows\System\ULqfEvm.exe
  C:\Windows\System\ULqfEvm.exe
  2⤵
  PID:3740
- C:\Windows\System\RIruUlP.exe
  C:\Windows\System\RIruUlP.exe
  2⤵
  PID:3760
- C:\Windows\System\JgsmzjR.exe
  C:\Windows\System\JgsmzjR.exe
  2⤵
  PID:3780
- C:\Windows\System\kbWXmMF.exe
  C:\Windows\System\kbWXmMF.exe
  2⤵
  PID:3800
- C:\Windows\System\rlQZAyC.exe
  C:\Windows\System\rlQZAyC.exe
  2⤵
  PID:3820
- C:\Windows\System\rEkWEsW.exe
  C:\Windows\System\rEkWEsW.exe
  2⤵
  PID:3840
- C:\Windows\System\cRrNNXC.exe
  C:\Windows\System\cRrNNXC.exe
  2⤵
  PID:3860
- C:\Windows\System\zQgkTgO.exe
  C:\Windows\System\zQgkTgO.exe
  2⤵
  PID:3880
- C:\Windows\System\eAKYBiA.exe
  C:\Windows\System\eAKYBiA.exe
  2⤵
  PID:3900
- C:\Windows\System\NTvbezc.exe
  C:\Windows\System\NTvbezc.exe
  2⤵
  PID:3920
- C:\Windows\System\uKHrXuE.exe
  C:\Windows\System\uKHrXuE.exe
  2⤵
  PID:3940
- C:\Windows\System\YddNWxU.exe
  C:\Windows\System\YddNWxU.exe
  2⤵
  PID:3960
- C:\Windows\System\LBdPCeW.exe
  C:\Windows\System\LBdPCeW.exe
  2⤵
  PID:3980
- C:\Windows\System\jIXVNNq.exe
  C:\Windows\System\jIXVNNq.exe
  2⤵
  PID:4000
- C:\Windows\System\bQSdZDS.exe
  C:\Windows\System\bQSdZDS.exe
  2⤵
  PID:4020
- C:\Windows\System\TegGFyV.exe
  C:\Windows\System\TegGFyV.exe
  2⤵
  PID:4040
- C:\Windows\System\HTqtFVy.exe
  C:\Windows\System\HTqtFVy.exe
  2⤵
  PID:4060
- C:\Windows\System\waZdnyb.exe
  C:\Windows\System\waZdnyb.exe
  2⤵
  PID:4080
- C:\Windows\System\kRJrafK.exe
  C:\Windows\System\kRJrafK.exe
  2⤵
  PID:2108
- C:\Windows\System\OKlMEqE.exe
  C:\Windows\System\OKlMEqE.exe
  2⤵
  PID:2316
- C:\Windows\System\xicuxjh.exe
  C:\Windows\System\xicuxjh.exe
  2⤵
  PID:648
- C:\Windows\System\JSeDvRJ.exe
  C:\Windows\System\JSeDvRJ.exe
  2⤵
  PID:2836
- C:\Windows\System\oaTdhtZ.exe
  C:\Windows\System\oaTdhtZ.exe
  2⤵
  PID:2900
- C:\Windows\System\pWBXIBw.exe
  C:\Windows\System\pWBXIBw.exe
  2⤵
  PID:1868
- C:\Windows\System\kBWXpzb.exe
  C:\Windows\System\kBWXpzb.exe
  2⤵
  PID:1636
- C:\Windows\System\nhyZzIk.exe
  C:\Windows\System\nhyZzIk.exe
  2⤵
  PID:2256
- C:\Windows\System\BJRAJQg.exe
  C:\Windows\System\BJRAJQg.exe
  2⤵
  PID:1300
- C:\Windows\System\fLjhdlE.exe
  C:\Windows\System\fLjhdlE.exe
  2⤵
  PID:1060
- C:\Windows\System\YFTKVKT.exe
  C:\Windows\System\YFTKVKT.exe
  2⤵
  PID:1784
- C:\Windows\System\JroqhRu.exe
  C:\Windows\System\JroqhRu.exe
  2⤵
  PID:1084
- C:\Windows\System\BvSeUEq.exe
  C:\Windows\System\BvSeUEq.exe
  2⤵
  PID:2528
- C:\Windows\System\GMvkyaq.exe
  C:\Windows\System\GMvkyaq.exe
  2⤵
  PID:3100
- C:\Windows\System\yazNRcH.exe
  C:\Windows\System\yazNRcH.exe
  2⤵
  PID:3132
- C:\Windows\System\fMgSTWr.exe
  C:\Windows\System\fMgSTWr.exe
  2⤵
  PID:3156
- C:\Windows\System\jMgsJwc.exe
  C:\Windows\System\jMgsJwc.exe
  2⤵
  PID:3200
- C:\Windows\System\WkyQSBD.exe
  C:\Windows\System\WkyQSBD.exe
  2⤵
  PID:3216
- C:\Windows\System\nbFHEMG.exe
  C:\Windows\System\nbFHEMG.exe
  2⤵
  PID:3256
- C:\Windows\System\piwabuD.exe
  C:\Windows\System\piwabuD.exe
  2⤵
  PID:3308
- C:\Windows\System\uRdugwh.exe
  C:\Windows\System\uRdugwh.exe
  2⤵
  PID:3356
- C:\Windows\System\aClApFk.exe
  C:\Windows\System\aClApFk.exe
  2⤵
  PID:3404
- C:\Windows\System\GJPiZYD.exe
  C:\Windows\System\GJPiZYD.exe
  2⤵
  PID:3432
- C:\Windows\System\KlGWfuj.exe
  C:\Windows\System\KlGWfuj.exe
  2⤵
  PID:3464
- C:\Windows\System\bwXkxxz.exe
  C:\Windows\System\bwXkxxz.exe
  2⤵
  PID:3488
- C:\Windows\System\pcAAhAJ.exe
  C:\Windows\System\pcAAhAJ.exe
  2⤵
  PID:3508
- C:\Windows\System\qNyrFQr.exe
  C:\Windows\System\qNyrFQr.exe
  2⤵
  PID:3568
- C:\Windows\System\nttTgdA.exe
  C:\Windows\System\nttTgdA.exe
  2⤵
  PID:3592
- C:\Windows\System\WHeLLqV.exe
  C:\Windows\System\WHeLLqV.exe
  2⤵
  PID:3636
- C:\Windows\System\teXtgFo.exe
  C:\Windows\System\teXtgFo.exe
  2⤵
  PID:3668
- C:\Windows\System\gWuNcvP.exe
  C:\Windows\System\gWuNcvP.exe
  2⤵
  PID:2088
- C:\Windows\System\XCdZypD.exe
  C:\Windows\System\XCdZypD.exe
  2⤵
  PID:3736
- C:\Windows\System\LtYAEOt.exe
  C:\Windows\System\LtYAEOt.exe
  2⤵
  PID:3756
- C:\Windows\System\zahcdLO.exe
  C:\Windows\System\zahcdLO.exe
  2⤵
  PID:3796
- C:\Windows\System\PJcONaW.exe
  C:\Windows\System\PJcONaW.exe
  2⤵
  PID:3828
- C:\Windows\System\GvYtBQZ.exe
  C:\Windows\System\GvYtBQZ.exe
  2⤵
  PID:3852
- C:\Windows\System\pPQnVlC.exe
  C:\Windows\System\pPQnVlC.exe
  2⤵
  PID:3896
- C:\Windows\System\HlOCxRe.exe
  C:\Windows\System\HlOCxRe.exe
  2⤵
  PID:3928
- C:\Windows\System\iPMtGkl.exe
  C:\Windows\System\iPMtGkl.exe
  2⤵
  PID:3952
- C:\Windows\System\lngWteb.exe
  C:\Windows\System\lngWteb.exe
  2⤵
  PID:4016
- C:\Windows\System\cAPMgVN.exe
  C:\Windows\System\cAPMgVN.exe
  2⤵
  PID:4028
- C:\Windows\System\mZshhiF.exe
  C:\Windows\System\mZshhiF.exe
  2⤵
  PID:4088
- C:\Windows\System\niNkyrS.exe
  C:\Windows\System\niNkyrS.exe
  2⤵
  PID:4092
- C:\Windows\System\BjSFrWV.exe
  C:\Windows\System\BjSFrWV.exe
  2⤵
  PID:2980
- C:\Windows\System\XwmXhBm.exe
  C:\Windows\System\XwmXhBm.exe
  2⤵
  PID:2284
- C:\Windows\System\YPmwhSS.exe
  C:\Windows\System\YPmwhSS.exe
  2⤵
  PID:2672
- C:\Windows\System\wQsGYvj.exe
  C:\Windows\System\wQsGYvj.exe
  2⤵
  PID:2188
- C:\Windows\System\DmFNOZd.exe
  C:\Windows\System\DmFNOZd.exe
  2⤵
  PID:1660
- C:\Windows\System\nVnVijp.exe
  C:\Windows\System\nVnVijp.exe
  2⤵
  PID:3040
- C:\Windows\System\DgfgfsM.exe
  C:\Windows\System\DgfgfsM.exe
  2⤵
  PID:1940
- C:\Windows\System\LmSZBGX.exe
  C:\Windows\System\LmSZBGX.exe
  2⤵
  PID:3116
- C:\Windows\System\IimhKJy.exe
  C:\Windows\System\IimhKJy.exe
  2⤵
  PID:3160
- C:\Windows\System\zLPhfzw.exe
  C:\Windows\System\zLPhfzw.exe
  2⤵
  PID:3232
- C:\Windows\System\uOujKdE.exe
  C:\Windows\System\uOujKdE.exe
  2⤵
  PID:3288
- C:\Windows\System\mnVKPDL.exe
  C:\Windows\System\mnVKPDL.exe
  2⤵
  PID:3328
- C:\Windows\System\YPePprw.exe
  C:\Windows\System\YPePprw.exe
  2⤵
  PID:3424
- C:\Windows\System\FpjxvjX.exe
  C:\Windows\System\FpjxvjX.exe
  2⤵
  PID:3484
- C:\Windows\System\jqNFaon.exe
  C:\Windows\System\jqNFaon.exe
  2⤵
  PID:3548
- C:\Windows\System\DqftYkk.exe
  C:\Windows\System\DqftYkk.exe
  2⤵
  PID:3596
- C:\Windows\System\CHZKCCC.exe
  C:\Windows\System\CHZKCCC.exe
  2⤵
  PID:3656
- C:\Windows\System\QPslHBL.exe
  C:\Windows\System\QPslHBL.exe
  2⤵
  PID:3688
- C:\Windows\System\FVjzXTO.exe
  C:\Windows\System\FVjzXTO.exe
  2⤵
  PID:3768
- C:\Windows\System\ckPuPiU.exe
  C:\Windows\System\ckPuPiU.exe
  2⤵
  PID:3776
- C:\Windows\System\nkzlRmz.exe
  C:\Windows\System\nkzlRmz.exe
  2⤵
  PID:3856
- C:\Windows\System\IVEuOKg.exe
  C:\Windows\System\IVEuOKg.exe
  2⤵
  PID:3912
- C:\Windows\System\VaJpXOr.exe
  C:\Windows\System\VaJpXOr.exe
  2⤵
  PID:3976
- C:\Windows\System\KYrUuNU.exe
  C:\Windows\System\KYrUuNU.exe
  2⤵
  PID:4012
- C:\Windows\System\Gkfkwjt.exe
  C:\Windows\System\Gkfkwjt.exe
  2⤵
  PID:4072
- C:\Windows\System\OiAAEfs.exe
  C:\Windows\System\OiAAEfs.exe
  2⤵
  PID:1620
- C:\Windows\System\pzMGvWB.exe
  C:\Windows\System\pzMGvWB.exe
  2⤵
  PID:2736
- C:\Windows\System\CwmOgEJ.exe
  C:\Windows\System\CwmOgEJ.exe
  2⤵
  PID:824
- C:\Windows\System\OoUaVjt.exe
  C:\Windows\System\OoUaVjt.exe
  2⤵
  PID:2520
- C:\Windows\System\TMrihAP.exe
  C:\Windows\System\TMrihAP.exe
  2⤵
  PID:3092
- C:\Windows\System\jAznlUZ.exe
  C:\Windows\System\jAznlUZ.exe
  2⤵
  PID:4112
- C:\Windows\System\iSdKadf.exe
  C:\Windows\System\iSdKadf.exe
  2⤵
  PID:4132
- C:\Windows\System\zWHUSmq.exe
  C:\Windows\System\zWHUSmq.exe
  2⤵
  PID:4152
- C:\Windows\System\vJedBSs.exe
  C:\Windows\System\vJedBSs.exe
  2⤵
  PID:4172
- C:\Windows\System\zuDOxXy.exe
  C:\Windows\System\zuDOxXy.exe
  2⤵
  PID:4192
- C:\Windows\System\suouDoI.exe
  C:\Windows\System\suouDoI.exe
  2⤵
  PID:4212
- C:\Windows\System\lYfmLVz.exe
  C:\Windows\System\lYfmLVz.exe
  2⤵
  PID:4232
- C:\Windows\System\HYclfhf.exe
  C:\Windows\System\HYclfhf.exe
  2⤵
  PID:4252
- C:\Windows\System\slCfaGt.exe
  C:\Windows\System\slCfaGt.exe
  2⤵
  PID:4272
- C:\Windows\System\ZUOOsOL.exe
  C:\Windows\System\ZUOOsOL.exe
  2⤵
  PID:4292
- C:\Windows\System\grcDVve.exe
  C:\Windows\System\grcDVve.exe
  2⤵
  PID:4316
- C:\Windows\System\OdFOmPO.exe
  C:\Windows\System\OdFOmPO.exe
  2⤵
  PID:4336
- C:\Windows\System\mDeguLO.exe
  C:\Windows\System\mDeguLO.exe
  2⤵
  PID:4356
- C:\Windows\System\VKVkbDL.exe
  C:\Windows\System\VKVkbDL.exe
  2⤵
  PID:4376
- C:\Windows\System\IqVBWLv.exe
  C:\Windows\System\IqVBWLv.exe
  2⤵
  PID:4396
- C:\Windows\System\xgvGBov.exe
  C:\Windows\System\xgvGBov.exe
  2⤵
  PID:4416
- C:\Windows\System\RfVpymS.exe
  C:\Windows\System\RfVpymS.exe
  2⤵
  PID:4436
- C:\Windows\System\zwSWAeD.exe
  C:\Windows\System\zwSWAeD.exe
  2⤵
  PID:4456
- C:\Windows\System\uOTEZwB.exe
  C:\Windows\System\uOTEZwB.exe
  2⤵
  PID:4476
- C:\Windows\System\iBGZxWm.exe
  C:\Windows\System\iBGZxWm.exe
  2⤵
  PID:4496
- C:\Windows\System\vjKhacO.exe
  C:\Windows\System\vjKhacO.exe
  2⤵
  PID:4516
- C:\Windows\System\KOpXMFE.exe
  C:\Windows\System\KOpXMFE.exe
  2⤵
  PID:4536
- C:\Windows\System\yyEKqkd.exe
  C:\Windows\System\yyEKqkd.exe
  2⤵
  PID:4556
- C:\Windows\System\YcZNOOb.exe
  C:\Windows\System\YcZNOOb.exe
  2⤵
  PID:4576
- C:\Windows\System\lmMgcJu.exe
  C:\Windows\System\lmMgcJu.exe
  2⤵
  PID:4596
- C:\Windows\System\bbeTTVh.exe
  C:\Windows\System\bbeTTVh.exe
  2⤵
  PID:4616
- C:\Windows\System\RFCIkjk.exe
  C:\Windows\System\RFCIkjk.exe
  2⤵
  PID:4636
- C:\Windows\System\wVSzxCv.exe
  C:\Windows\System\wVSzxCv.exe
  2⤵
  PID:4656
- C:\Windows\System\FMuHCqr.exe
  C:\Windows\System\FMuHCqr.exe
  2⤵
  PID:4676
- C:\Windows\System\AjYkKDw.exe
  C:\Windows\System\AjYkKDw.exe
  2⤵
  PID:4696
- C:\Windows\System\LzxZvvU.exe
  C:\Windows\System\LzxZvvU.exe
  2⤵
  PID:4716
- C:\Windows\System\tQEyxwt.exe
  C:\Windows\System\tQEyxwt.exe
  2⤵
  PID:4736
- C:\Windows\System\XgZvhJw.exe
  C:\Windows\System\XgZvhJw.exe
  2⤵
  PID:4756
- C:\Windows\System\FpUkZiJ.exe
  C:\Windows\System\FpUkZiJ.exe
  2⤵
  PID:4776
- C:\Windows\System\eEsvBqe.exe
  C:\Windows\System\eEsvBqe.exe
  2⤵
  PID:4796
- C:\Windows\System\UyFROYg.exe
  C:\Windows\System\UyFROYg.exe
  2⤵
  PID:4816
- C:\Windows\System\RLiisNP.exe
  C:\Windows\System\RLiisNP.exe
  2⤵
  PID:4836
- C:\Windows\System\gTTJpzC.exe
  C:\Windows\System\gTTJpzC.exe
  2⤵
  PID:4856
- C:\Windows\System\NQKqEmT.exe
  C:\Windows\System\NQKqEmT.exe
  2⤵
  PID:4876
- C:\Windows\System\woVczkL.exe
  C:\Windows\System\woVczkL.exe
  2⤵
  PID:4896
- C:\Windows\System\vxjiSDm.exe
  C:\Windows\System\vxjiSDm.exe
  2⤵
  PID:4916
- C:\Windows\System\LAvyBgz.exe
  C:\Windows\System\LAvyBgz.exe
  2⤵
  PID:4936
- C:\Windows\System\JiNYmPU.exe
  C:\Windows\System\JiNYmPU.exe
  2⤵
  PID:4956
- C:\Windows\System\HpQWnVr.exe
  C:\Windows\System\HpQWnVr.exe
  2⤵
  PID:4976
- C:\Windows\System\UqoBinJ.exe
  C:\Windows\System\UqoBinJ.exe
  2⤵
  PID:4996
- C:\Windows\System\VNUgqAf.exe
  C:\Windows\System\VNUgqAf.exe
  2⤵
  PID:5016
- C:\Windows\System\MkfJDRk.exe
  C:\Windows\System\MkfJDRk.exe
  2⤵
  PID:5036
- C:\Windows\System\rmHWHIF.exe
  C:\Windows\System\rmHWHIF.exe
  2⤵
  PID:5056
- C:\Windows\System\DEsiUBa.exe
  C:\Windows\System\DEsiUBa.exe
  2⤵
  PID:5076
- C:\Windows\System\xzwVAdq.exe
  C:\Windows\System\xzwVAdq.exe
  2⤵
  PID:5096
- C:\Windows\System\JRLnjkU.exe
  C:\Windows\System\JRLnjkU.exe
  2⤵
  PID:5116
- C:\Windows\System\HyDGRGl.exe
  C:\Windows\System\HyDGRGl.exe
  2⤵
  PID:3192
- C:\Windows\System\nDmPhMY.exe
  C:\Windows\System\nDmPhMY.exe
  2⤵
  PID:3344
- C:\Windows\System\rwAOyHz.exe
  C:\Windows\System\rwAOyHz.exe
  2⤵
  PID:3452
- C:\Windows\System\CbTQqFP.exe
  C:\Windows\System\CbTQqFP.exe
  2⤵
  PID:3528
- C:\Windows\System\rbSUTKJ.exe
  C:\Windows\System\rbSUTKJ.exe
  2⤵
  PID:3672
- C:\Windows\System\JbnwZAD.exe
  C:\Windows\System\JbnwZAD.exe
  2⤵
  PID:3708
- C:\Windows\System\dvggLKw.exe
  C:\Windows\System\dvggLKw.exe
  2⤵
  PID:3816
- C:\Windows\System\elrZKmP.exe
  C:\Windows\System\elrZKmP.exe
  2⤵
  PID:3872
- C:\Windows\System\GnfpqUv.exe
  C:\Windows\System\GnfpqUv.exe
  2⤵
  PID:3992
- C:\Windows\System\AmisDXI.exe
  C:\Windows\System\AmisDXI.exe
  2⤵
  PID:4052
- C:\Windows\System\UlGhFJu.exe
  C:\Windows\System\UlGhFJu.exe
  2⤵
  PID:2604
- C:\Windows\System\PoAMGFv.exe
  C:\Windows\System\PoAMGFv.exe
  2⤵
  PID:3080
- C:\Windows\System\zlAMzVH.exe
  C:\Windows\System\zlAMzVH.exe
  2⤵
  PID:4100
- C:\Windows\System\NhtKbTF.exe
  C:\Windows\System\NhtKbTF.exe
  2⤵
  PID:4124
- C:\Windows\System\RTiLOaH.exe
  C:\Windows\System\RTiLOaH.exe
  2⤵
  PID:4168
- C:\Windows\System\UsROFIg.exe
  C:\Windows\System\UsROFIg.exe
  2⤵
  PID:4184
- C:\Windows\System\mPrnCbH.exe
  C:\Windows\System\mPrnCbH.exe
  2⤵
  PID:4240
- C:\Windows\System\zPzzdFI.exe
  C:\Windows\System\zPzzdFI.exe
  2⤵
  PID:4268
- C:\Windows\System\lZdvOVm.exe
  C:\Windows\System\lZdvOVm.exe
  2⤵
  PID:4300
- C:\Windows\System\EZoEpyn.exe
  C:\Windows\System\EZoEpyn.exe
  2⤵
  PID:4328
- C:\Windows\System\BaRtKGF.exe
  C:\Windows\System\BaRtKGF.exe
  2⤵
  PID:4372
- C:\Windows\System\CrNZtns.exe
  C:\Windows\System\CrNZtns.exe
  2⤵
  PID:4404
- C:\Windows\System\UyZOEev.exe
  C:\Windows\System\UyZOEev.exe
  2⤵
  PID:4428
- C:\Windows\System\qXUEnOn.exe
  C:\Windows\System\qXUEnOn.exe
  2⤵
  PID:4484
- C:\Windows\System\fmQQoEb.exe
  C:\Windows\System\fmQQoEb.exe
  2⤵
  PID:4504
- C:\Windows\System\aXSdkuC.exe
  C:\Windows\System\aXSdkuC.exe
  2⤵
  PID:4528
- C:\Windows\System\cNwKnPY.exe
  C:\Windows\System\cNwKnPY.exe
  2⤵
  PID:4572
- C:\Windows\System\HDleMTU.exe
  C:\Windows\System\HDleMTU.exe
  2⤵
  PID:4612
- C:\Windows\System\GLMjyzh.exe
  C:\Windows\System\GLMjyzh.exe
  2⤵
  PID:4624
- C:\Windows\System\dHFwKPf.exe
  C:\Windows\System\dHFwKPf.exe
  2⤵
  PID:4684
- C:\Windows\System\FzEPaCU.exe
  C:\Windows\System\FzEPaCU.exe
  2⤵
  PID:4704
- C:\Windows\System\gBAUnwk.exe
  C:\Windows\System\gBAUnwk.exe
  2⤵
  PID:4728
- C:\Windows\System\LpdZDQU.exe
  C:\Windows\System\LpdZDQU.exe
  2⤵
  PID:4772
- C:\Windows\System\Ehqlxgm.exe
  C:\Windows\System\Ehqlxgm.exe
  2⤵
  PID:4792
- C:\Windows\System\bxvayXC.exe
  C:\Windows\System\bxvayXC.exe
  2⤵
  PID:4852
- C:\Windows\System\rTUBMpP.exe
  C:\Windows\System\rTUBMpP.exe
  2⤵
  PID:4872
- C:\Windows\System\cldRtSz.exe
  C:\Windows\System\cldRtSz.exe
  2⤵
  PID:4904
- C:\Windows\System\XvRuGJt.exe
  C:\Windows\System\XvRuGJt.exe
  2⤵
  PID:4928
- C:\Windows\System\cuuuvHp.exe
  C:\Windows\System\cuuuvHp.exe
  2⤵
  PID:4972
- C:\Windows\System\zZRWBaO.exe
  C:\Windows\System\zZRWBaO.exe
  2⤵
  PID:5012
- C:\Windows\System\owqExWg.exe
  C:\Windows\System\owqExWg.exe
  2⤵
  PID:5032
- C:\Windows\System\OTrXZoZ.exe
  C:\Windows\System\OTrXZoZ.exe
  2⤵
  PID:5072
- C:\Windows\System\WagOXTt.exe
  C:\Windows\System\WagOXTt.exe
  2⤵
  PID:5104
- C:\Windows\System\ifUmvGp.exe
  C:\Windows\System\ifUmvGp.exe
  2⤵
  PID:3212
- C:\Windows\System\dSuYjgS.exe
  C:\Windows\System\dSuYjgS.exe
  2⤵
  PID:3428
- C:\Windows\System\ZoZbVqK.exe
  C:\Windows\System\ZoZbVqK.exe
  2⤵
  PID:3492
- C:\Windows\System\FJqCnCz.exe
  C:\Windows\System\FJqCnCz.exe
  2⤵
  PID:3716
- C:\Windows\System\LWPIQKc.exe
  C:\Windows\System\LWPIQKc.exe
  2⤵
  PID:3908
- C:\Windows\System\hwhlauL.exe
  C:\Windows\System\hwhlauL.exe
  2⤵
  PID:4056
- C:\Windows\System\ddDfoOW.exe
  C:\Windows\System\ddDfoOW.exe
  2⤵
  PID:2988
- C:\Windows\System\rNujKkr.exe
  C:\Windows\System\rNujKkr.exe
  2⤵
  PID:1496
- C:\Windows\System\hjscsnV.exe
  C:\Windows\System\hjscsnV.exe
  2⤵
  PID:4160
- C:\Windows\System\wKwOxiI.exe
  C:\Windows\System\wKwOxiI.exe
  2⤵
  PID:4228
- C:\Windows\System\JPBXZBh.exe
  C:\Windows\System\JPBXZBh.exe
  2⤵
  PID:4288
- C:\Windows\System\MihZMic.exe
  C:\Windows\System\MihZMic.exe
  2⤵
  PID:4332
- C:\Windows\System\gpPKLKs.exe
  C:\Windows\System\gpPKLKs.exe
  2⤵
  PID:4384
- C:\Windows\System\gwENmda.exe
  C:\Windows\System\gwENmda.exe
  2⤵
  PID:4424
- C:\Windows\System\RlvTiuM.exe
  C:\Windows\System\RlvTiuM.exe
  2⤵
  PID:4488
- C:\Windows\System\PdbmmiO.exe
  C:\Windows\System\PdbmmiO.exe
  2⤵
  PID:4524
- C:\Windows\System\ypyANSd.exe
  C:\Windows\System\ypyANSd.exe
  2⤵
  PID:4592
- C:\Windows\System\YCsbpSE.exe
  C:\Windows\System\YCsbpSE.exe
  2⤵
  PID:4672
- C:\Windows\System\IyoVetV.exe
  C:\Windows\System\IyoVetV.exe
  2⤵
  PID:4708
- C:\Windows\System\cBzbcNE.exe
  C:\Windows\System\cBzbcNE.exe
  2⤵
  PID:4764
- C:\Windows\System\WCwrhGJ.exe
  C:\Windows\System\WCwrhGJ.exe
  2⤵
  PID:4844
- C:\Windows\System\yWkUiFf.exe
  C:\Windows\System\yWkUiFf.exe
  2⤵
  PID:4892
- C:\Windows\System\vbFrZHV.exe
  C:\Windows\System\vbFrZHV.exe
  2⤵
  PID:4912
- C:\Windows\System\SnYGCOt.exe
  C:\Windows\System\SnYGCOt.exe
  2⤵
  PID:5024
- C:\Windows\System\POtDKOs.exe
  C:\Windows\System\POtDKOs.exe
  2⤵
  PID:5052
- C:\Windows\System\VDlTprU.exe
  C:\Windows\System\VDlTprU.exe
  2⤵
  PID:5092
- C:\Windows\System\fkblqyG.exe
  C:\Windows\System\fkblqyG.exe
  2⤵
  PID:3392
- C:\Windows\System\FmvGjhE.exe
  C:\Windows\System\FmvGjhE.exe
  2⤵
  PID:3628
- C:\Windows\System\SxTZpCU.exe
  C:\Windows\System\SxTZpCU.exe
  2⤵
  PID:3848
- C:\Windows\System\mcIMDLu.exe
  C:\Windows\System\mcIMDLu.exe
  2⤵
  PID:1656
- C:\Windows\System\nnsjoRC.exe
  C:\Windows\System\nnsjoRC.exe
  2⤵
  PID:4148
- C:\Windows\System\diCTabg.exe
  C:\Windows\System\diCTabg.exe
  2⤵
  PID:4200
- C:\Windows\System\cZCIWWw.exe
  C:\Windows\System\cZCIWWw.exe
  2⤵
  PID:4324
- C:\Windows\System\vMSCqHy.exe
  C:\Windows\System\vMSCqHy.exe
  2⤵
  PID:5136
- C:\Windows\System\TwpOdPW.exe
  C:\Windows\System\TwpOdPW.exe
  2⤵
  PID:5156
- C:\Windows\System\VhEeKiQ.exe
  C:\Windows\System\VhEeKiQ.exe
  2⤵
  PID:5176
- C:\Windows\System\MIQPQTA.exe
  C:\Windows\System\MIQPQTA.exe
  2⤵
  PID:5196
- C:\Windows\System\CGnSKie.exe
  C:\Windows\System\CGnSKie.exe
  2⤵
  PID:5216
- C:\Windows\System\anEgerN.exe
  C:\Windows\System\anEgerN.exe
  2⤵
  PID:5236
- C:\Windows\System\ZOpLWaO.exe
  C:\Windows\System\ZOpLWaO.exe
  2⤵
  PID:5256
- C:\Windows\System\ASoznaf.exe
  C:\Windows\System\ASoznaf.exe
  2⤵
  PID:5276
- C:\Windows\System\bDaNago.exe
  C:\Windows\System\bDaNago.exe
  2⤵
  PID:5296
- C:\Windows\System\mpqIHiC.exe
  C:\Windows\System\mpqIHiC.exe
  2⤵
  PID:5316
- C:\Windows\System\YUzUyEY.exe
  C:\Windows\System\YUzUyEY.exe
  2⤵
  PID:5336
- C:\Windows\System\vVRXPEy.exe
  C:\Windows\System\vVRXPEy.exe
  2⤵
  PID:5356
- C:\Windows\System\oPhwNko.exe
  C:\Windows\System\oPhwNko.exe
  2⤵
  PID:5376
- C:\Windows\System\glGFsxU.exe
  C:\Windows\System\glGFsxU.exe
  2⤵
  PID:5396
- C:\Windows\System\hTwLMzM.exe
  C:\Windows\System\hTwLMzM.exe
  2⤵
  PID:5416
- C:\Windows\System\ucXMRNE.exe
  C:\Windows\System\ucXMRNE.exe
  2⤵
  PID:5436
- C:\Windows\System\PkwIIHl.exe
  C:\Windows\System\PkwIIHl.exe
  2⤵
  PID:5456
- C:\Windows\System\nkfglPI.exe
  C:\Windows\System\nkfglPI.exe
  2⤵
  PID:5480
- C:\Windows\System\tAUZXpE.exe
  C:\Windows\System\tAUZXpE.exe
  2⤵
  PID:5500
- C:\Windows\System\lvioiVa.exe
  C:\Windows\System\lvioiVa.exe
  2⤵
  PID:5520
- C:\Windows\System\ZZhCHRO.exe
  C:\Windows\System\ZZhCHRO.exe
  2⤵
  PID:5540
- C:\Windows\System\IvFFiQA.exe
  C:\Windows\System\IvFFiQA.exe
  2⤵
  PID:5560
- C:\Windows\System\XfugYBH.exe
  C:\Windows\System\XfugYBH.exe
  2⤵
  PID:5580
- C:\Windows\System\ogvKSml.exe
  C:\Windows\System\ogvKSml.exe
  2⤵
  PID:5600
- C:\Windows\System\ktKlunh.exe
  C:\Windows\System\ktKlunh.exe
  2⤵
  PID:5620
- C:\Windows\System\bZJyPvd.exe
  C:\Windows\System\bZJyPvd.exe
  2⤵
  PID:5640
- C:\Windows\System\SCEKuXo.exe
  C:\Windows\System\SCEKuXo.exe
  2⤵
  PID:5660
- C:\Windows\System\wsrcDap.exe
  C:\Windows\System\wsrcDap.exe
  2⤵
  PID:5680
- C:\Windows\System\dvdjXkx.exe
  C:\Windows\System\dvdjXkx.exe
  2⤵
  PID:5700
- C:\Windows\System\CQLbAyO.exe
  C:\Windows\System\CQLbAyO.exe
  2⤵
  PID:5720
- C:\Windows\System\CUIVxfJ.exe
  C:\Windows\System\CUIVxfJ.exe
  2⤵
  PID:5740
- C:\Windows\System\SsFBrcv.exe
  C:\Windows\System\SsFBrcv.exe
  2⤵
  PID:5760
- C:\Windows\System\QnsuTIO.exe
  C:\Windows\System\QnsuTIO.exe
  2⤵
  PID:5780
- C:\Windows\System\YRqEEOd.exe
  C:\Windows\System\YRqEEOd.exe
  2⤵
  PID:5800
- C:\Windows\System\SJByIap.exe
  C:\Windows\System\SJByIap.exe
  2⤵
  PID:5820
- C:\Windows\System\XAyFpfR.exe
  C:\Windows\System\XAyFpfR.exe
  2⤵
  PID:5840
- C:\Windows\System\HDETtjW.exe
  C:\Windows\System\HDETtjW.exe
  2⤵
  PID:5860
- C:\Windows\System\kuPvWic.exe
  C:\Windows\System\kuPvWic.exe
  2⤵
  PID:5880
- C:\Windows\System\dpgxZSz.exe
  C:\Windows\System\dpgxZSz.exe
  2⤵
  PID:5900
- C:\Windows\System\FbUwMew.exe
  C:\Windows\System\FbUwMew.exe
  2⤵
  PID:5920
- C:\Windows\System\rPnAnou.exe
  C:\Windows\System\rPnAnou.exe
  2⤵
  PID:5940
- C:\Windows\System\PNJtvVU.exe
  C:\Windows\System\PNJtvVU.exe
  2⤵
  PID:5960
- C:\Windows\System\vkWqOKE.exe
  C:\Windows\System\vkWqOKE.exe
  2⤵
  PID:5980
- C:\Windows\System\PDCMlJG.exe
  C:\Windows\System\PDCMlJG.exe
  2⤵
  PID:6000
- C:\Windows\System\zkKChkF.exe
  C:\Windows\System\zkKChkF.exe
  2⤵
  PID:6020
- C:\Windows\System\gPFBACJ.exe
  C:\Windows\System\gPFBACJ.exe
  2⤵
  PID:6040
- C:\Windows\System\kEOTUBT.exe
  C:\Windows\System\kEOTUBT.exe
  2⤵
  PID:6060
- C:\Windows\System\ETsBNOh.exe
  C:\Windows\System\ETsBNOh.exe
  2⤵
  PID:6080
- C:\Windows\System\MIAkPAd.exe
  C:\Windows\System\MIAkPAd.exe
  2⤵
  PID:6100
- C:\Windows\System\SprCLos.exe
  C:\Windows\System\SprCLos.exe
  2⤵
  PID:6120
- C:\Windows\System\UTcCrrP.exe
  C:\Windows\System\UTcCrrP.exe
  2⤵
  PID:6140
- C:\Windows\System\fRKHFVH.exe
  C:\Windows\System\fRKHFVH.exe
  2⤵
  PID:4392
- C:\Windows\System\DWgYKoR.exe
  C:\Windows\System\DWgYKoR.exe
  2⤵
  PID:4508
- C:\Windows\System\bWYzCpU.exe
  C:\Windows\System\bWYzCpU.exe
  2⤵
  PID:4584
- C:\Windows\System\QcxSfxR.exe
  C:\Windows\System\QcxSfxR.exe
  2⤵
  PID:4648
- C:\Windows\System\BiNFpOI.exe
  C:\Windows\System\BiNFpOI.exe
  2⤵
  PID:4828
- C:\Windows\System\amMIcwt.exe
  C:\Windows\System\amMIcwt.exe
  2⤵
  PID:4864
- C:\Windows\System\lSmHzmW.exe
  C:\Windows\System\lSmHzmW.exe
  2⤵
  PID:5008
- C:\Windows\System\OWQhGOH.exe
  C:\Windows\System\OWQhGOH.exe
  2⤵
  PID:5084
- C:\Windows\System\kjEICeW.exe
  C:\Windows\System\kjEICeW.exe
  2⤵
  PID:3572
- C:\Windows\System\UJUoPhR.exe
  C:\Windows\System\UJUoPhR.exe
  2⤵
  PID:3812
- C:\Windows\System\pgPUqUJ.exe
  C:\Windows\System\pgPUqUJ.exe
  2⤵
  PID:2508
- C:\Windows\System\hMiJRWQ.exe
  C:\Windows\System\hMiJRWQ.exe
  2⤵
  PID:4244
- C:\Windows\System\nqeRKlO.exe
  C:\Windows\System\nqeRKlO.exe
  2⤵
  PID:5128
- C:\Windows\System\hXLEWaf.exe
  C:\Windows\System\hXLEWaf.exe
  2⤵
  PID:5172
- C:\Windows\System\yrjxVvb.exe
  C:\Windows\System\yrjxVvb.exe
  2⤵
  PID:5188
- C:\Windows\System\qgZrMhU.exe
  C:\Windows\System\qgZrMhU.exe
  2⤵
  PID:5252
- C:\Windows\System\EvfsRWm.exe
  C:\Windows\System\EvfsRWm.exe
  2⤵
  PID:5272
- C:\Windows\System\rdNiZEN.exe
  C:\Windows\System\rdNiZEN.exe
  2⤵
  PID:5304
- C:\Windows\System\VCcMUyn.exe
  C:\Windows\System\VCcMUyn.exe
  2⤵
  PID:5328
- C:\Windows\System\FmaqQoN.exe
  C:\Windows\System\FmaqQoN.exe
  2⤵
  PID:5372
- C:\Windows\System\lktEEYr.exe
  C:\Windows\System\lktEEYr.exe
  2⤵
  PID:5412
- C:\Windows\System\wzrBESi.exe
  C:\Windows\System\wzrBESi.exe
  2⤵
  PID:5432
- C:\Windows\System\zUtNUvR.exe
  C:\Windows\System\zUtNUvR.exe
  2⤵
  PID:5472
- C:\Windows\System\xrKQAmF.exe
  C:\Windows\System\xrKQAmF.exe
  2⤵
  PID:5528
- C:\Windows\System\nipbvkb.exe
  C:\Windows\System\nipbvkb.exe
  2⤵
  PID:5532
- C:\Windows\System\HNMCpCe.exe
  C:\Windows\System\HNMCpCe.exe
  2⤵
  PID:5576
- C:\Windows\System\iaTlcdw.exe
  C:\Windows\System\iaTlcdw.exe
  2⤵
  PID:5592
- C:\Windows\System\mvjMqMu.exe
  C:\Windows\System\mvjMqMu.exe
  2⤵
  PID:5636
- C:\Windows\System\YXMEFud.exe
  C:\Windows\System\YXMEFud.exe
  2⤵
  PID:5668
- C:\Windows\System\ispkPwo.exe
  C:\Windows\System\ispkPwo.exe
  2⤵
  PID:5708
- C:\Windows\System\qhLVAtl.exe
  C:\Windows\System\qhLVAtl.exe
  2⤵
  PID:5732
- C:\Windows\System\BIWJrKV.exe
  C:\Windows\System\BIWJrKV.exe
  2⤵
  PID:5752
- C:\Windows\System\djwgeah.exe
  C:\Windows\System\djwgeah.exe
  2⤵
  PID:5816
- C:\Windows\System\ENIJntk.exe
  C:\Windows\System\ENIJntk.exe
  2⤵
  PID:5848
- C:\Windows\System\TnYQTtI.exe
  C:\Windows\System\TnYQTtI.exe
  2⤵
  PID:5896
- C:\Windows\System\zEFdIkK.exe
  C:\Windows\System\zEFdIkK.exe
  2⤵
  PID:5908
- C:\Windows\System\auMwHZQ.exe
  C:\Windows\System\auMwHZQ.exe
  2⤵
  PID:5932
- C:\Windows\System\roflPpZ.exe
  C:\Windows\System\roflPpZ.exe
  2⤵
  PID:5976
- C:\Windows\System\FXOTfNd.exe
  C:\Windows\System\FXOTfNd.exe
  2⤵
  PID:5992
- C:\Windows\System\COYgZOQ.exe
  C:\Windows\System\COYgZOQ.exe
  2⤵
  PID:6048
- C:\Windows\System\smmWGzr.exe
  C:\Windows\System\smmWGzr.exe
  2⤵
  PID:6088
- C:\Windows\System\zHVUlNK.exe
  C:\Windows\System\zHVUlNK.exe
  2⤵
  PID:6108
- C:\Windows\System\WjQSxxM.exe
  C:\Windows\System\WjQSxxM.exe
  2⤵
  PID:6132
- C:\Windows\System\xshikUq.exe
  C:\Windows\System\xshikUq.exe
  2⤵
  PID:4468
- C:\Windows\System\TawBqJk.exe
  C:\Windows\System\TawBqJk.exe
  2⤵
  PID:4548
- C:\Windows\System\qfdfTFg.exe
  C:\Windows\System\qfdfTFg.exe
  2⤵
  PID:4752
- C:\Windows\System\kaZHvNU.exe
  C:\Windows\System\kaZHvNU.exe
  2⤵
  PID:5004
- C:\Windows\System\YKTQsYU.exe
  C:\Windows\System\YKTQsYU.exe
  2⤵
  PID:5048
- C:\Windows\System\qIhyyYJ.exe
  C:\Windows\System\qIhyyYJ.exe
  2⤵
  PID:3588
- C:\Windows\System\XPxicuZ.exe
  C:\Windows\System\XPxicuZ.exe
  2⤵
  PID:4008
- C:\Windows\System\dqPPVfw.exe
  C:\Windows\System\dqPPVfw.exe
  2⤵
  PID:4260
- C:\Windows\System\GULWdIo.exe
  C:\Windows\System\GULWdIo.exe
  2⤵
  PID:5204
- C:\Windows\System\LDPKWUO.exe
  C:\Windows\System\LDPKWUO.exe
  2⤵
  PID:5264
- C:\Windows\System\miipPWr.exe
  C:\Windows\System\miipPWr.exe
  2⤵
  PID:5332
- C:\Windows\System\yoXwsMu.exe
  C:\Windows\System\yoXwsMu.exe
  2⤵
  PID:5384
- C:\Windows\System\DIMtQwV.exe
  C:\Windows\System\DIMtQwV.exe
  2⤵
  PID:5424
- C:\Windows\System\YfUZQBC.exe
  C:\Windows\System\YfUZQBC.exe
  2⤵
  PID:5492
- C:\Windows\System\qsiIGOF.exe
  C:\Windows\System\qsiIGOF.exe
  2⤵
  PID:5552
- C:\Windows\System\MPgHEKQ.exe
  C:\Windows\System\MPgHEKQ.exe
  2⤵
  PID:5612
- C:\Windows\System\wuxTywu.exe
  C:\Windows\System\wuxTywu.exe
  2⤵
  PID:5688
- C:\Windows\System\AWMkxIK.exe
  C:\Windows\System\AWMkxIK.exe
  2⤵
  PID:5716
- C:\Windows\System\TmhoHLp.exe
  C:\Windows\System\TmhoHLp.exe
  2⤵
  PID:5768
- C:\Windows\System\FkUdTeb.exe
  C:\Windows\System\FkUdTeb.exe
  2⤵
  PID:5808
- C:\Windows\System\pTcPJLq.exe
  C:\Windows\System\pTcPJLq.exe
  2⤵
  PID:5892
- C:\Windows\System\nXQDRhA.exe
  C:\Windows\System\nXQDRhA.exe
  2⤵
  PID:5956
- C:\Windows\System\VXRmyoL.exe
  C:\Windows\System\VXRmyoL.exe
  2⤵
  PID:6008
- C:\Windows\System\GfwKIRe.exe
  C:\Windows\System\GfwKIRe.exe
  2⤵
  PID:6032
- C:\Windows\System\wsetKML.exe
  C:\Windows\System\wsetKML.exe
  2⤵
  PID:6096
- C:\Windows\System\cuXEHoQ.exe
  C:\Windows\System\cuXEHoQ.exe
  2⤵
  PID:6136
- C:\Windows\System\icfWoiA.exe
  C:\Windows\System\icfWoiA.exe
  2⤵
  PID:4628
- C:\Windows\System\RYuXLEi.exe
  C:\Windows\System\RYuXLEi.exe
  2⤵
  PID:4812
- C:\Windows\System\wWPmEOn.exe
  C:\Windows\System\wWPmEOn.exe
  2⤵
  PID:3260
- C:\Windows\System\eEdMrrT.exe
  C:\Windows\System\eEdMrrT.exe
  2⤵
  PID:4248
- C:\Windows\System\LwpZGdY.exe
  C:\Windows\System\LwpZGdY.exe
  2⤵
  PID:5208
- C:\Windows\System\KLWeyjL.exe
  C:\Windows\System\KLWeyjL.exe
  2⤵
  PID:5228
- C:\Windows\System\UubvoNv.exe
  C:\Windows\System\UubvoNv.exe
  2⤵
  PID:5364
- C:\Windows\System\TwUkkvD.exe
  C:\Windows\System\TwUkkvD.exe
  2⤵
  PID:5548
- C:\Windows\System\vrxdPBq.exe
  C:\Windows\System\vrxdPBq.exe
  2⤵
  PID:5596
- C:\Windows\System\frwQNtg.exe
  C:\Windows\System\frwQNtg.exe
  2⤵
  PID:5652
- C:\Windows\System\NPTFauB.exe
  C:\Windows\System\NPTFauB.exe
  2⤵
  PID:6160
- C:\Windows\System\HwaUHuK.exe
  C:\Windows\System\HwaUHuK.exe
  2⤵
  PID:6180
- C:\Windows\System\hNhIjZw.exe
  C:\Windows\System\hNhIjZw.exe
  2⤵
  PID:6200
- C:\Windows\System\aHlYUeY.exe
  C:\Windows\System\aHlYUeY.exe
  2⤵
  PID:6220
- C:\Windows\System\ElnSyrN.exe
  C:\Windows\System\ElnSyrN.exe
  2⤵
  PID:6240
- C:\Windows\System\DTVWVlo.exe
  C:\Windows\System\DTVWVlo.exe
  2⤵
  PID:6260
- C:\Windows\System\wGscWRR.exe
  C:\Windows\System\wGscWRR.exe
  2⤵
  PID:6280
- C:\Windows\System\NDmbFAc.exe
  C:\Windows\System\NDmbFAc.exe
  2⤵
  PID:6300
- C:\Windows\System\gqIpdWS.exe
  C:\Windows\System\gqIpdWS.exe
  2⤵
  PID:6320
- C:\Windows\System\vuaGdIi.exe
  C:\Windows\System\vuaGdIi.exe
  2⤵
  PID:6340
- C:\Windows\System\XsVZQfz.exe
  C:\Windows\System\XsVZQfz.exe
  2⤵
  PID:6360
- C:\Windows\System\muEMKNa.exe
  C:\Windows\System\muEMKNa.exe
  2⤵
  PID:6380
- C:\Windows\System\euSJRBu.exe
  C:\Windows\System\euSJRBu.exe
  2⤵
  PID:6400
- C:\Windows\System\eePRdqS.exe
  C:\Windows\System\eePRdqS.exe
  2⤵
  PID:6424
- C:\Windows\System\RGKsXZR.exe
  C:\Windows\System\RGKsXZR.exe
  2⤵
  PID:6444
- C:\Windows\System\BvNFBmy.exe
  C:\Windows\System\BvNFBmy.exe
  2⤵
  PID:6464
- C:\Windows\System\vmiPfmd.exe
  C:\Windows\System\vmiPfmd.exe
  2⤵
  PID:6484
- C:\Windows\System\hLqAXsf.exe
  C:\Windows\System\hLqAXsf.exe
  2⤵
  PID:6504
- C:\Windows\System\VXMiiDq.exe
  C:\Windows\System\VXMiiDq.exe
  2⤵
  PID:6524
- C:\Windows\System\eGsbWjq.exe
  C:\Windows\System\eGsbWjq.exe
  2⤵
  PID:6544
- C:\Windows\System\tTwylUv.exe
  C:\Windows\System\tTwylUv.exe
  2⤵
  PID:6564
- C:\Windows\System\OlIobHK.exe
  C:\Windows\System\OlIobHK.exe
  2⤵
  PID:6584
- C:\Windows\System\shMcyfX.exe
  C:\Windows\System\shMcyfX.exe
  2⤵
  PID:6604
- C:\Windows\System\TxaeakF.exe
  C:\Windows\System\TxaeakF.exe
  2⤵
  PID:6624
- C:\Windows\System\LuOoXbw.exe
  C:\Windows\System\LuOoXbw.exe
  2⤵
  PID:6644
- C:\Windows\System\zSFjqUq.exe
  C:\Windows\System\zSFjqUq.exe
  2⤵
  PID:6664
- C:\Windows\System\aooPSdT.exe
  C:\Windows\System\aooPSdT.exe
  2⤵
  PID:6684
- C:\Windows\System\kGtarRl.exe
  C:\Windows\System\kGtarRl.exe
  2⤵
  PID:6704
- C:\Windows\System\MKNslOC.exe
  C:\Windows\System\MKNslOC.exe
  2⤵
  PID:6724
- C:\Windows\System\mUlTYca.exe
  C:\Windows\System\mUlTYca.exe
  2⤵
  PID:6744
- C:\Windows\System\YNnkpCp.exe
  C:\Windows\System\YNnkpCp.exe
  2⤵
  PID:6764
- C:\Windows\System\lczIwHw.exe
  C:\Windows\System\lczIwHw.exe
  2⤵
  PID:6784
- C:\Windows\System\rQzbzMb.exe
  C:\Windows\System\rQzbzMb.exe
  2⤵
  PID:6804
- C:\Windows\System\lLgupOm.exe
  C:\Windows\System\lLgupOm.exe
  2⤵
  PID:6824
- C:\Windows\System\QohHtAs.exe
  C:\Windows\System\QohHtAs.exe
  2⤵
  PID:6844
- C:\Windows\System\TUoXZxp.exe
  C:\Windows\System\TUoXZxp.exe
  2⤵
  PID:6864
- C:\Windows\System\GCbQbHM.exe
  C:\Windows\System\GCbQbHM.exe
  2⤵
  PID:6884
- C:\Windows\System\OosVYsd.exe
  C:\Windows\System\OosVYsd.exe
  2⤵
  PID:6904
- C:\Windows\System\TAxjhyx.exe
  C:\Windows\System\TAxjhyx.exe
  2⤵
  PID:6924
- C:\Windows\System\XAHxACF.exe
  C:\Windows\System\XAHxACF.exe
  2⤵
  PID:6944
- C:\Windows\System\UjBFctG.exe
  C:\Windows\System\UjBFctG.exe
  2⤵
  PID:6964
- C:\Windows\System\xCbeFpU.exe
  C:\Windows\System\xCbeFpU.exe
  2⤵
  PID:6984
- C:\Windows\System\LUgYzOY.exe
  C:\Windows\System\LUgYzOY.exe
  2⤵
  PID:7004
- C:\Windows\System\aeLskHi.exe
  C:\Windows\System\aeLskHi.exe
  2⤵
  PID:7024
- C:\Windows\System\vLxIOUv.exe
  C:\Windows\System\vLxIOUv.exe
  2⤵
  PID:7044
- C:\Windows\System\tBxQwBv.exe
  C:\Windows\System\tBxQwBv.exe
  2⤵
  PID:7064
- C:\Windows\System\haiAIDP.exe
  C:\Windows\System\haiAIDP.exe
  2⤵
  PID:7084
- C:\Windows\System\WBzByWm.exe
  C:\Windows\System\WBzByWm.exe
  2⤵
  PID:7104
- C:\Windows\System\nGpGeSs.exe
  C:\Windows\System\nGpGeSs.exe
  2⤵
  PID:7124
- C:\Windows\System\ivKKbxS.exe
  C:\Windows\System\ivKKbxS.exe
  2⤵
  PID:7144
- C:\Windows\System\glNlscd.exe
  C:\Windows\System\glNlscd.exe
  2⤵
  PID:7164
- C:\Windows\System\jTnVTBB.exe
  C:\Windows\System\jTnVTBB.exe
  2⤵
  PID:5796
- C:\Windows\System\EmUQhgn.exe
  C:\Windows\System\EmUQhgn.exe
  2⤵
  PID:5888
- C:\Windows\System\wHDktld.exe
  C:\Windows\System\wHDktld.exe
  2⤵
  PID:5912
- C:\Windows\System\BpWHKgN.exe
  C:\Windows\System\BpWHKgN.exe
  2⤵
  PID:6036
- C:\Windows\System\OLRJppW.exe
  C:\Windows\System\OLRJppW.exe
  2⤵
  PID:4348
- C:\Windows\System\PDVkRJr.exe
  C:\Windows\System\PDVkRJr.exe
  2⤵
  PID:4908
- C:\Windows\System\GMivSNK.exe
  C:\Windows\System\GMivSNK.exe
  2⤵
  PID:3120
- C:\Windows\System\ejNxlQU.exe
  C:\Windows\System\ejNxlQU.exe
  2⤵
  PID:5288
- C:\Windows\System\iwZneLP.exe
  C:\Windows\System\iwZneLP.exe
  2⤵
  PID:5348
- C:\Windows\System\aqLEplE.exe
  C:\Windows\System\aqLEplE.exe
  2⤵
  PID:5556
- C:\Windows\System\oqcxSkJ.exe
  C:\Windows\System\oqcxSkJ.exe
  2⤵
  PID:5656
- C:\Windows\System\MzXGdpQ.exe
  C:\Windows\System\MzXGdpQ.exe
  2⤵
  PID:6188
- C:\Windows\System\hDTCoWW.exe
  C:\Windows\System\hDTCoWW.exe
  2⤵
  PID:6228
- C:\Windows\System\wzQZXmW.exe
  C:\Windows\System\wzQZXmW.exe
  2⤵
  PID:6248
- C:\Windows\System\oUlwuek.exe
  C:\Windows\System\oUlwuek.exe
  2⤵
  PID:6272
- C:\Windows\System\IKTYYET.exe
  C:\Windows\System\IKTYYET.exe
  2⤵
  PID:6316
- C:\Windows\System\XiNEAaT.exe
  C:\Windows\System\XiNEAaT.exe
  2⤵
  PID:6348
- C:\Windows\System\FaJwGKU.exe
  C:\Windows\System\FaJwGKU.exe
  2⤵
  PID:6372
- C:\Windows\System\zWjeUpd.exe
  C:\Windows\System\zWjeUpd.exe
  2⤵
  PID:6420
- C:\Windows\System\TTlnqcb.exe
  C:\Windows\System\TTlnqcb.exe
  2⤵
  PID:6452
- C:\Windows\System\UPlPEaH.exe
  C:\Windows\System\UPlPEaH.exe
  2⤵
  PID:6476
- C:\Windows\System\XbwcJgb.exe
  C:\Windows\System\XbwcJgb.exe
  2⤵
  PID:6520
- C:\Windows\System\VoXBQtj.exe
  C:\Windows\System\VoXBQtj.exe
  2⤵
  PID:6552
- C:\Windows\System\crAGyfE.exe
  C:\Windows\System\crAGyfE.exe
  2⤵
  PID:6576
- C:\Windows\System\qYprxCr.exe
  C:\Windows\System\qYprxCr.exe
  2⤵
  PID:6620
- C:\Windows\System\FUmZNrp.exe
  C:\Windows\System\FUmZNrp.exe
  2⤵
  PID:6652
- C:\Windows\System\xtUkDoy.exe
  C:\Windows\System\xtUkDoy.exe
  2⤵
  PID:6676
- C:\Windows\System\LEfctXb.exe
  C:\Windows\System\LEfctXb.exe
  2⤵
  PID:6696
- C:\Windows\System\ythKSJL.exe
  C:\Windows\System\ythKSJL.exe
  2⤵
  PID:6760
- C:\Windows\System\KwkqCRW.exe
  C:\Windows\System\KwkqCRW.exe
  2⤵
  PID:6792
- C:\Windows\System\rsgLZTH.exe
  C:\Windows\System\rsgLZTH.exe
  2⤵
  PID:6820
- C:\Windows\System\mpbEoMM.exe
  C:\Windows\System\mpbEoMM.exe
  2⤵
  PID:6852
- C:\Windows\System\fzvGJqG.exe
  C:\Windows\System\fzvGJqG.exe
  2⤵
  PID:6856
- C:\Windows\System\DtknPwL.exe
  C:\Windows\System\DtknPwL.exe
  2⤵
  PID:6896
- C:\Windows\System\PgVBSfN.exe
  C:\Windows\System\PgVBSfN.exe
  2⤵
  PID:6960
- C:\Windows\System\dQBrmFL.exe
  C:\Windows\System\dQBrmFL.exe
  2⤵
  PID:6980
- C:\Windows\System\GBzqhzV.exe
  C:\Windows\System\GBzqhzV.exe
  2⤵
  PID:7032
- C:\Windows\System\kMvhLcw.exe
  C:\Windows\System\kMvhLcw.exe
  2⤵
  PID:7072
- C:\Windows\System\ttLPfaQ.exe
  C:\Windows\System\ttLPfaQ.exe
  2⤵
  PID:7060
- C:\Windows\System\jZRLuXh.exe
  C:\Windows\System\jZRLuXh.exe
  2⤵
  PID:7096
- C:\Windows\System\amSYuZU.exe
  C:\Windows\System\amSYuZU.exe
  2⤵
  PID:7140
- C:\Windows\System\mUZdesQ.exe
  C:\Windows\System\mUZdesQ.exe
  2⤵
  PID:5712
- C:\Windows\System\JKZixyI.exe
  C:\Windows\System\JKZixyI.exe
  2⤵
  PID:5996
- C:\Windows\System\weBZAYv.exe
  C:\Windows\System\weBZAYv.exe
  2⤵
  PID:4532
- C:\Windows\System\nbbSRXP.exe
  C:\Windows\System\nbbSRXP.exe
  2⤵
  PID:3536
- C:\Windows\System\TmxPhPt.exe
  C:\Windows\System\TmxPhPt.exe
  2⤵
  PID:4128
- C:\Windows\System\KgLmINx.exe
  C:\Windows\System\KgLmINx.exe
  2⤵
  PID:5464
- C:\Windows\System\NBqqusP.exe
  C:\Windows\System\NBqqusP.exe
  2⤵
  PID:5628
- C:\Windows\System\jFdvuAx.exe
  C:\Windows\System\jFdvuAx.exe
  2⤵
  PID:6208
- C:\Windows\System\hjmkRLd.exe
  C:\Windows\System\hjmkRLd.exe
  2⤵
  PID:6276
- C:\Windows\System\qqDGdvr.exe
  C:\Windows\System\qqDGdvr.exe
  2⤵
  PID:6292
- C:\Windows\System\kAwHzRS.exe
  C:\Windows\System\kAwHzRS.exe
  2⤵
  PID:6336
- C:\Windows\System\RlBYLCt.exe
  C:\Windows\System\RlBYLCt.exe
  2⤵
  PID:6392
- C:\Windows\System\iAUOMNf.exe
  C:\Windows\System\iAUOMNf.exe
  2⤵
  PID:6500
- C:\Windows\System\loCLquU.exe
  C:\Windows\System\loCLquU.exe
  2⤵
  PID:6532
- C:\Windows\System\oWFOnxU.exe
  C:\Windows\System\oWFOnxU.exe
  2⤵
  PID:6640
- C:\Windows\System\PouABUx.exe
  C:\Windows\System\PouABUx.exe
  2⤵
  PID:6656
- C:\Windows\System\maAMOgm.exe
  C:\Windows\System\maAMOgm.exe
  2⤵
  PID:6692
- C:\Windows\System\vVlieUI.exe
  C:\Windows\System\vVlieUI.exe
  2⤵
  PID:6740
- C:\Windows\System\GIvzqjH.exe
  C:\Windows\System\GIvzqjH.exe
  2⤵
  PID:6816
- C:\Windows\System\jdZXsIh.exe
  C:\Windows\System\jdZXsIh.exe
  2⤵
  PID:6912
- C:\Windows\System\jjASyAn.exe
  C:\Windows\System\jjASyAn.exe
  2⤵
  PID:6956
- C:\Windows\System\EmAdaSv.exe
  C:\Windows\System\EmAdaSv.exe
  2⤵
  PID:7000
- C:\Windows\System\cHnedij.exe
  C:\Windows\System\cHnedij.exe
  2⤵
  PID:7040
- C:\Windows\System\ENrDIGi.exe
  C:\Windows\System\ENrDIGi.exe
  2⤵
  PID:7100
- C:\Windows\System\wfVPOBW.exe
  C:\Windows\System\wfVPOBW.exe
  2⤵
  PID:7152
- C:\Windows\System\ZVtXmUq.exe
  C:\Windows\System\ZVtXmUq.exe
  2⤵
  PID:6052
- C:\Windows\System\IcWsYfB.exe
  C:\Windows\System\IcWsYfB.exe
  2⤵
  PID:5132
- C:\Windows\System\EOSMvJK.exe
  C:\Windows\System\EOSMvJK.exe
  2⤵
  PID:5352
- C:\Windows\System\zRIEBTf.exe
  C:\Windows\System\zRIEBTf.exe
  2⤵
  PID:5408
- C:\Windows\System\qCipCDb.exe
  C:\Windows\System\qCipCDb.exe
  2⤵
  PID:6252
- C:\Windows\System\DezaqeP.exe
  C:\Windows\System\DezaqeP.exe
  2⤵
  PID:6368
- C:\Windows\System\tEcfUvp.exe
  C:\Windows\System\tEcfUvp.exe
  2⤵
  PID:6432
- C:\Windows\System\bEMxTmS.exe
  C:\Windows\System\bEMxTmS.exe
  2⤵
  PID:6496
- C:\Windows\System\WVbvXfX.exe
  C:\Windows\System\WVbvXfX.exe
  2⤵
  PID:6572
- C:\Windows\System\stBeFxT.exe
  C:\Windows\System\stBeFxT.exe
  2⤵
  PID:6672
- C:\Windows\System\AMzxmFv.exe
  C:\Windows\System\AMzxmFv.exe
  2⤵
  PID:6796
- C:\Windows\System\pcHyTBG.exe
  C:\Windows\System\pcHyTBG.exe
  2⤵
  PID:6840
- C:\Windows\System\FDEsWrp.exe
  C:\Windows\System\FDEsWrp.exe
  2⤵
  PID:6992
- C:\Windows\System\gXopIBS.exe
  C:\Windows\System\gXopIBS.exe
  2⤵
  PID:7184
- C:\Windows\System\qQejOjI.exe
  C:\Windows\System\qQejOjI.exe
  2⤵
  PID:7204
- C:\Windows\System\iZmXPKl.exe
  C:\Windows\System\iZmXPKl.exe
  2⤵
  PID:7224
- C:\Windows\System\XyjUKPt.exe
  C:\Windows\System\XyjUKPt.exe
  2⤵
  PID:7244
- C:\Windows\System\xTiGPZb.exe
  C:\Windows\System\xTiGPZb.exe
  2⤵
  PID:7264
- C:\Windows\System\gcKhXom.exe
  C:\Windows\System\gcKhXom.exe
  2⤵
  PID:7284
- C:\Windows\System\IHmIAxE.exe
  C:\Windows\System\IHmIAxE.exe
  2⤵
  PID:7304
- C:\Windows\System\jxIkoST.exe
  C:\Windows\System\jxIkoST.exe
  2⤵
  PID:7324
- C:\Windows\System\vCCMAVG.exe
  C:\Windows\System\vCCMAVG.exe
  2⤵
  PID:7344
- C:\Windows\System\hByRFIh.exe
  C:\Windows\System\hByRFIh.exe
  2⤵
  PID:7364
- C:\Windows\System\rwVZaSx.exe
  C:\Windows\System\rwVZaSx.exe
  2⤵
  PID:7384
- C:\Windows\System\txyJJxr.exe
  C:\Windows\System\txyJJxr.exe
  2⤵
  PID:7404
- C:\Windows\System\MLELYuY.exe
  C:\Windows\System\MLELYuY.exe
  2⤵
  PID:7424
- C:\Windows\System\BQXAWnV.exe
  C:\Windows\System\BQXAWnV.exe
  2⤵
  PID:7444
- C:\Windows\System\ibZbHmz.exe
  C:\Windows\System\ibZbHmz.exe
  2⤵
  PID:7464
- C:\Windows\System\hNuphed.exe
  C:\Windows\System\hNuphed.exe
  2⤵
  PID:7484
- C:\Windows\System\JDIslXq.exe
  C:\Windows\System\JDIslXq.exe
  2⤵
  PID:7504
- C:\Windows\System\wHjgCZJ.exe
  C:\Windows\System\wHjgCZJ.exe
  2⤵
  PID:7524
- C:\Windows\System\vVLUahE.exe
  C:\Windows\System\vVLUahE.exe
  2⤵
  PID:7544
- C:\Windows\System\IoYBMeg.exe
  C:\Windows\System\IoYBMeg.exe
  2⤵
  PID:7564
- C:\Windows\System\trzlHNe.exe
  C:\Windows\System\trzlHNe.exe
  2⤵
  PID:7584
- C:\Windows\System\TQTMCQZ.exe
  C:\Windows\System\TQTMCQZ.exe
  2⤵
  PID:7604
- C:\Windows\System\vGtIrCo.exe
  C:\Windows\System\vGtIrCo.exe
  2⤵
  PID:7624
- C:\Windows\System\emnMZdI.exe
  C:\Windows\System\emnMZdI.exe
  2⤵
  PID:7644
- C:\Windows\System\EvQtJYy.exe
  C:\Windows\System\EvQtJYy.exe
  2⤵
  PID:7664
- C:\Windows\System\uaHjPuZ.exe
  C:\Windows\System\uaHjPuZ.exe
  2⤵
  PID:7684
- C:\Windows\System\HkSxFLw.exe
  C:\Windows\System\HkSxFLw.exe
  2⤵
  PID:7704
- C:\Windows\System\eemHemS.exe
  C:\Windows\System\eemHemS.exe
  2⤵
  PID:7724
- C:\Windows\System\QlnZwff.exe
  C:\Windows\System\QlnZwff.exe
  2⤵
  PID:7740
- C:\Windows\System\HKBuoVa.exe
  C:\Windows\System\HKBuoVa.exe
  2⤵
  PID:7764
- C:\Windows\System\cVJOfRs.exe
  C:\Windows\System\cVJOfRs.exe
  2⤵
  PID:7784
- C:\Windows\System\SBWOJgb.exe
  C:\Windows\System\SBWOJgb.exe
  2⤵
  PID:7804
- C:\Windows\System\QGNyaTX.exe
  C:\Windows\System\QGNyaTX.exe
  2⤵
  PID:7824
- C:\Windows\System\elNSAzj.exe
  C:\Windows\System\elNSAzj.exe
  2⤵
  PID:7840
- C:\Windows\System\EqphsLV.exe
  C:\Windows\System\EqphsLV.exe
  2⤵
  PID:7864
- C:\Windows\System\zUwgVBC.exe
  C:\Windows\System\zUwgVBC.exe
  2⤵
  PID:7884
- C:\Windows\System\QrnYeSB.exe
  C:\Windows\System\QrnYeSB.exe
  2⤵
  PID:7904
- C:\Windows\System\QuZxNws.exe
  C:\Windows\System\QuZxNws.exe
  2⤵
  PID:7924
- C:\Windows\System\lhBmCoU.exe
  C:\Windows\System\lhBmCoU.exe
  2⤵
  PID:7948
- C:\Windows\System\EIZPFYr.exe
  C:\Windows\System\EIZPFYr.exe
  2⤵
  PID:7968
- C:\Windows\System\PAvlmLr.exe
  C:\Windows\System\PAvlmLr.exe
  2⤵
  PID:7988
- C:\Windows\System\gUthUWz.exe
  C:\Windows\System\gUthUWz.exe
  2⤵
  PID:8008
- C:\Windows\System\Ergzspc.exe
  C:\Windows\System\Ergzspc.exe
  2⤵
  PID:8028
- C:\Windows\System\yODFLKB.exe
  C:\Windows\System\yODFLKB.exe
  2⤵
  PID:8048
- C:\Windows\System\PVsvpwl.exe
  C:\Windows\System\PVsvpwl.exe
  2⤵
  PID:8068
- C:\Windows\System\aLguWSR.exe
  C:\Windows\System\aLguWSR.exe
  2⤵
  PID:8088
- C:\Windows\System\HAabpZa.exe
  C:\Windows\System\HAabpZa.exe
  2⤵
  PID:8108
- C:\Windows\System\RUjUGXy.exe
  C:\Windows\System\RUjUGXy.exe
  2⤵
  PID:8128
- C:\Windows\System\hCnxCzW.exe
  C:\Windows\System\hCnxCzW.exe
  2⤵
  PID:8144
- C:\Windows\System\EfbhNPK.exe
  C:\Windows\System\EfbhNPK.exe
  2⤵
  PID:8168
- C:\Windows\System\uvyFkmK.exe
  C:\Windows\System\uvyFkmK.exe
  2⤵
  PID:8188
- C:\Windows\System\snCnJbr.exe
  C:\Windows\System\snCnJbr.exe
  2⤵
  PID:7056
- C:\Windows\System\lulIQzO.exe
  C:\Windows\System\lulIQzO.exe
  2⤵
  PID:5876
- C:\Windows\System\TTdBYcu.exe
  C:\Windows\System\TTdBYcu.exe
  2⤵
  PID:4120
- C:\Windows\System\ALWmdTD.exe
  C:\Windows\System\ALWmdTD.exe
  2⤵
  PID:6172
- C:\Windows\System\hSAvCqC.exe
  C:\Windows\System\hSAvCqC.exe
  2⤵
  PID:6332
- C:\Windows\System\mSLgzWr.exe
  C:\Windows\System\mSLgzWr.exe
  2⤵
  PID:6480
- C:\Windows\System\HvXDjRR.exe
  C:\Windows\System\HvXDjRR.exe
  2⤵
  PID:6556
- C:\Windows\System\gqwKSPL.exe
  C:\Windows\System\gqwKSPL.exe
  2⤵
  PID:6752
- C:\Windows\System\dRDvuVd.exe
  C:\Windows\System\dRDvuVd.exe
  2⤵
  PID:6920
- C:\Windows\System\AiXaJaU.exe
  C:\Windows\System\AiXaJaU.exe
  2⤵
  PID:7180
- C:\Windows\System\cRGaXrt.exe
  C:\Windows\System\cRGaXrt.exe
  2⤵
  PID:7212
- C:\Windows\System\bFYqKKH.exe
  C:\Windows\System\bFYqKKH.exe
  2⤵
  PID:7236
- C:\Windows\System\JdAwgNP.exe
  C:\Windows\System\JdAwgNP.exe
  2⤵
  PID:7280
- C:\Windows\System\eZydPaK.exe
  C:\Windows\System\eZydPaK.exe
  2⤵
  PID:7312
- C:\Windows\System\llzeEoX.exe
  C:\Windows\System\llzeEoX.exe
  2⤵
  PID:7336
- C:\Windows\System\KAztFKk.exe
  C:\Windows\System\KAztFKk.exe
  2⤵
  PID:7380
- C:\Windows\System\xiFzcEm.exe
  C:\Windows\System\xiFzcEm.exe
  2⤵
  PID:7420
- C:\Windows\System\LhAIFBl.exe
  C:\Windows\System\LhAIFBl.exe
  2⤵
  PID:7452
- C:\Windows\System\exWwpMV.exe
  C:\Windows\System\exWwpMV.exe
  2⤵
  PID:7492
- C:\Windows\System\RVquKlh.exe
  C:\Windows\System\RVquKlh.exe
  2⤵
  PID:7496
- C:\Windows\System\vkRytgc.exe
  C:\Windows\System\vkRytgc.exe
  2⤵
  PID:7516
- C:\Windows\System\SDJgMSk.exe
  C:\Windows\System\SDJgMSk.exe
  2⤵
  PID:7560
- C:\Windows\System\fcnfOWG.exe
  C:\Windows\System\fcnfOWG.exe
  2⤵
  PID:7592
- C:\Windows\System\YfVYJJr.exe
  C:\Windows\System\YfVYJJr.exe
  2⤵
  PID:7652
- C:\Windows\System\vSsDxIB.exe
  C:\Windows\System\vSsDxIB.exe
  2⤵
  PID:7672
- C:\Windows\System\kWheHtf.exe
  C:\Windows\System\kWheHtf.exe
  2⤵
  PID:7712
- C:\Windows\System\IAMEdIO.exe
  C:\Windows\System\IAMEdIO.exe
  2⤵
  PID:7748
- C:\Windows\System\vekqsOs.exe
  C:\Windows\System\vekqsOs.exe
  2⤵
  PID:7780
- C:\Windows\System\icxARuR.exe
  C:\Windows\System\icxARuR.exe
  2⤵
  PID:7820
- C:\Windows\System\lOPZVZd.exe
  C:\Windows\System\lOPZVZd.exe
  2⤵
  PID:2440
- C:\Windows\System\PdfesYl.exe
  C:\Windows\System\PdfesYl.exe
  2⤵
  PID:7872
- C:\Windows\System\zMmAyTM.exe
  C:\Windows\System\zMmAyTM.exe
  2⤵
  PID:7896
- C:\Windows\System\PRqhlvz.exe
  C:\Windows\System\PRqhlvz.exe
  2⤵
  PID:7936
- C:\Windows\System\wQsvtdK.exe
  C:\Windows\System\wQsvtdK.exe
  2⤵
  PID:7984
- C:\Windows\System\hddwHwZ.exe
  C:\Windows\System\hddwHwZ.exe
  2⤵
  PID:8016
- C:\Windows\System\XsidSUd.exe
  C:\Windows\System\XsidSUd.exe
  2⤵
  PID:8044
- C:\Windows\System\LeiUpUm.exe
  C:\Windows\System\LeiUpUm.exe
  2⤵
  PID:8076
- C:\Windows\System\jRxkgUE.exe
  C:\Windows\System\jRxkgUE.exe
  2⤵
  PID:8100
- C:\Windows\System\WoIJQPY.exe
  C:\Windows\System\WoIJQPY.exe
  2⤵
  PID:8120
- C:\Windows\System\vuvSgjG.exe
  C:\Windows\System\vuvSgjG.exe
  2⤵
  PID:8164
- C:\Windows\System\UiuKBVg.exe
  C:\Windows\System\UiuKBVg.exe
  2⤵
  PID:5952
- C:\Windows\System\rPVpJam.exe
  C:\Windows\System\rPVpJam.exe
  2⤵
  PID:4804
- C:\Windows\System\TaZkvHS.exe
  C:\Windows\System\TaZkvHS.exe
  2⤵
  PID:6232
- C:\Windows\System\CwTasif.exe
  C:\Windows\System\CwTasif.exe
  2⤵
  PID:6408
- C:\Windows\System\OXlFPUu.exe
  C:\Windows\System\OXlFPUu.exe
  2⤵
  PID:6596
- C:\Windows\System\IFTUdJu.exe
  C:\Windows\System\IFTUdJu.exe
  2⤵
  PID:6876
- C:\Windows\System\YTCBzLT.exe
  C:\Windows\System\YTCBzLT.exe
  2⤵
  PID:7200
- C:\Windows\System\GbdpdoX.exe
  C:\Windows\System\GbdpdoX.exe
  2⤵
  PID:7260
- C:\Windows\System\BWPMolp.exe
  C:\Windows\System\BWPMolp.exe
  2⤵
  PID:7316
- C:\Windows\System\bhngbDe.exe
  C:\Windows\System\bhngbDe.exe
  2⤵
  PID:7372
- C:\Windows\System\vjEnOqb.exe
  C:\Windows\System\vjEnOqb.exe
  2⤵
  PID:7400
- C:\Windows\System\VHZCspi.exe
  C:\Windows\System\VHZCspi.exe
  2⤵
  PID:7480
- C:\Windows\System\LugPlan.exe
  C:\Windows\System\LugPlan.exe
  2⤵
  PID:7540
- C:\Windows\System\nzgCQvb.exe
  C:\Windows\System\nzgCQvb.exe
  2⤵
  PID:7620
- C:\Windows\System\LvENrpW.exe
  C:\Windows\System\LvENrpW.exe
  2⤵
  PID:7660
- C:\Windows\System\ojIaPrT.exe
  C:\Windows\System\ojIaPrT.exe
  2⤵
  PID:7656
- C:\Windows\System\yXjCLfu.exe
  C:\Windows\System\yXjCLfu.exe
  2⤵
  PID:7772
- C:\Windows\System\CVSFGVp.exe
  C:\Windows\System\CVSFGVp.exe
  2⤵
  PID:7816
- C:\Windows\System\KxunmaB.exe
  C:\Windows\System\KxunmaB.exe
  2⤵
  PID:7880
- C:\Windows\System\RpCbwUt.exe
  C:\Windows\System\RpCbwUt.exe
  2⤵
  PID:7944
- C:\Windows\System\CglmvBn.exe
  C:\Windows\System\CglmvBn.exe
  2⤵
  PID:7960
- C:\Windows\System\gFpNiCw.exe
  C:\Windows\System\gFpNiCw.exe
  2⤵
  PID:7996
- C:\Windows\System\oPHXfpI.exe
  C:\Windows\System\oPHXfpI.exe
  2⤵
  PID:8104
- C:\Windows\System\nJMTGkR.exe
  C:\Windows\System\nJMTGkR.exe
  2⤵
  PID:8140
- C:\Windows\System\HqJkIIb.exe
  C:\Windows\System\HqJkIIb.exe
  2⤵
  PID:5776
- C:\Windows\System\OascwXy.exe
  C:\Windows\System\OascwXy.exe
  2⤵
  PID:6216
- C:\Windows\System\XPaPFJD.exe
  C:\Windows\System\XPaPFJD.exe
  2⤵
  PID:6148
- C:\Windows\System\nualzlE.exe
  C:\Windows\System\nualzlE.exe
  2⤵
  PID:6940
- C:\Windows\System\nmxRUBT.exe
  C:\Windows\System\nmxRUBT.exe
  2⤵
  PID:7196
- C:\Windows\System\FnRZrJv.exe
  C:\Windows\System\FnRZrJv.exe
  2⤵
  PID:7300
- C:\Windows\System\ElKjfKb.exe
  C:\Windows\System\ElKjfKb.exe
  2⤵
  PID:7256
- C:\Windows\System\jeNeblG.exe
  C:\Windows\System\jeNeblG.exe
  2⤵
  PID:7392
- C:\Windows\System\uNSceNM.exe
  C:\Windows\System\uNSceNM.exe
  2⤵
  PID:7456
- C:\Windows\System\mVOaTEk.exe
  C:\Windows\System\mVOaTEk.exe
  2⤵
  PID:7612
- C:\Windows\System\hDzUXsm.exe
  C:\Windows\System\hDzUXsm.exe
  2⤵
  PID:7716
- C:\Windows\System\qLoSkqh.exe
  C:\Windows\System\qLoSkqh.exe
  2⤵
  PID:7792
- C:\Windows\System\plHPGnQ.exe
  C:\Windows\System\plHPGnQ.exe
  2⤵
  PID:7860
- C:\Windows\System\wgzBKdR.exe
  C:\Windows\System\wgzBKdR.exe
  2⤵
  PID:7964
- C:\Windows\System\zFYFcWk.exe
  C:\Windows\System\zFYFcWk.exe
  2⤵
  PID:8060
- C:\Windows\System\ixVDsEd.exe
  C:\Windows\System\ixVDsEd.exe
  2⤵
  PID:6112
- C:\Windows\System\IEFAMrr.exe
  C:\Windows\System\IEFAMrr.exe
  2⤵
  PID:7172
- C:\Windows\System\rmhqsfN.exe
  C:\Windows\System\rmhqsfN.exe
  2⤵
  PID:8208
- C:\Windows\System\MjDNGvt.exe
  C:\Windows\System\MjDNGvt.exe
  2⤵
  PID:8228
- C:\Windows\System\YjQukTW.exe
  C:\Windows\System\YjQukTW.exe
  2⤵
  PID:8248
- C:\Windows\System\DGLEvPA.exe
  C:\Windows\System\DGLEvPA.exe
  2⤵
  PID:8268
- C:\Windows\System\DgHSIyl.exe
  C:\Windows\System\DgHSIyl.exe
  2⤵
  PID:8288
- C:\Windows\System\MGcRchg.exe
  C:\Windows\System\MGcRchg.exe
  2⤵
  PID:8324
- C:\Windows\System\IgxnodY.exe
  C:\Windows\System\IgxnodY.exe
  2⤵
  PID:8348
- C:\Windows\System\SgHXFLe.exe
  C:\Windows\System\SgHXFLe.exe
  2⤵
  PID:8376
- C:\Windows\System\bzidkNc.exe
  C:\Windows\System\bzidkNc.exe
  2⤵
  PID:8392
- C:\Windows\System\McyOPvM.exe
  C:\Windows\System\McyOPvM.exe
  2⤵
  PID:8412
- C:\Windows\System\hmAWwUp.exe
  C:\Windows\System\hmAWwUp.exe
  2⤵
  PID:8428
- C:\Windows\System\SFrObmX.exe
  C:\Windows\System\SFrObmX.exe
  2⤵
  PID:8448
- C:\Windows\System\WqwIkaP.exe
  C:\Windows\System\WqwIkaP.exe
  2⤵
  PID:8464
- C:\Windows\System\qWHEvkE.exe
  C:\Windows\System\qWHEvkE.exe
  2⤵
  PID:8488
- C:\Windows\System\OuuEwFl.exe
  C:\Windows\System\OuuEwFl.exe
  2⤵
  PID:8504
- C:\Windows\System\zKeIOvu.exe
  C:\Windows\System\zKeIOvu.exe
  2⤵
  PID:8520
- C:\Windows\System\TjaJJBN.exe
  C:\Windows\System\TjaJJBN.exe
  2⤵
  PID:8536
- C:\Windows\System\bGFlmKK.exe
  C:\Windows\System\bGFlmKK.exe
  2⤵
  PID:8556
- C:\Windows\System\QAdXccR.exe
  C:\Windows\System\QAdXccR.exe
  2⤵
  PID:8576
- C:\Windows\System\qZdoZzv.exe
  C:\Windows\System\qZdoZzv.exe
  2⤵
  PID:8592
- C:\Windows\System\ngYJtKy.exe
  C:\Windows\System\ngYJtKy.exe
  2⤵
  PID:8620
- C:\Windows\System\pZdTOJR.exe
  C:\Windows\System\pZdTOJR.exe
  2⤵
  PID:8636
- C:\Windows\System\ykoulPq.exe
  C:\Windows\System\ykoulPq.exe
  2⤵
  PID:8660
- C:\Windows\System\PyQigfr.exe
  C:\Windows\System\PyQigfr.exe
  2⤵
  PID:8676
- C:\Windows\System\NMEkrSL.exe
  C:\Windows\System\NMEkrSL.exe
  2⤵
  PID:8696
- C:\Windows\System\lufnRbm.exe
  C:\Windows\System\lufnRbm.exe
  2⤵
  PID:8712
- C:\Windows\System\GMTPfxn.exe
  C:\Windows\System\GMTPfxn.exe
  2⤵
  PID:8732
- C:\Windows\System\dhRwOlg.exe
  C:\Windows\System\dhRwOlg.exe
  2⤵
  PID:8756
- C:\Windows\System\iwDAjNi.exe
  C:\Windows\System\iwDAjNi.exe
  2⤵
  PID:8772
- C:\Windows\System\uknHHXO.exe
  C:\Windows\System\uknHHXO.exe
  2⤵
  PID:8788
- C:\Windows\System\CwcATdT.exe
  C:\Windows\System\CwcATdT.exe
  2⤵
  PID:8804
- C:\Windows\System\giAmSUs.exe
  C:\Windows\System\giAmSUs.exe
  2⤵
  PID:8848
- C:\Windows\System\xhPfMBt.exe
  C:\Windows\System\xhPfMBt.exe
  2⤵
  PID:8864
- C:\Windows\System\pWomzeT.exe
  C:\Windows\System\pWomzeT.exe
  2⤵
  PID:8892
- C:\Windows\System\SdmxdMr.exe
  C:\Windows\System\SdmxdMr.exe
  2⤵
  PID:8924
- C:\Windows\System\wQcLyha.exe
  C:\Windows\System\wQcLyha.exe
  2⤵
  PID:8940
- C:\Windows\System\MuDQpeH.exe
  C:\Windows\System\MuDQpeH.exe
  2⤵
  PID:8956
- C:\Windows\System\ukbkYoc.exe
  C:\Windows\System\ukbkYoc.exe
  2⤵
  PID:8976
- C:\Windows\System\QykJTVt.exe
  C:\Windows\System\QykJTVt.exe
  2⤵
  PID:9004
- C:\Windows\System\Pkihnfc.exe
  C:\Windows\System\Pkihnfc.exe
  2⤵
  PID:9020
- C:\Windows\System\tfTMXvX.exe
  C:\Windows\System\tfTMXvX.exe
  2⤵
  PID:9036
- C:\Windows\System\zzZyqYM.exe
  C:\Windows\System\zzZyqYM.exe
  2⤵
  PID:9052
- C:\Windows\System\ffcMluE.exe
  C:\Windows\System\ffcMluE.exe
  2⤵
  PID:9068
- C:\Windows\System\RToflYf.exe
  C:\Windows\System\RToflYf.exe
  2⤵
  PID:9088
- C:\Windows\System\fVRDtYf.exe
  C:\Windows\System\fVRDtYf.exe
  2⤵
  PID:9108
- C:\Windows\System\KhrgnPX.exe
  C:\Windows\System\KhrgnPX.exe
  2⤵
  PID:9124
- C:\Windows\System\wmVFqPd.exe
  C:\Windows\System\wmVFqPd.exe
  2⤵
  PID:9140
- C:\Windows\System\seVjSvd.exe
  C:\Windows\System\seVjSvd.exe
  2⤵
  PID:9156
- C:\Windows\System\CNkbmIv.exe
  C:\Windows\System\CNkbmIv.exe
  2⤵
  PID:9172
- C:\Windows\System\dRVIwwb.exe
  C:\Windows\System\dRVIwwb.exe
  2⤵
  PID:9192
- C:\Windows\System\ztzKhLM.exe
  C:\Windows\System\ztzKhLM.exe
  2⤵
  PID:6600
- C:\Windows\System\soWHEKm.exe
  C:\Windows\System\soWHEKm.exe
  2⤵
  PID:7292
- C:\Windows\System\pVNOmjy.exe
  C:\Windows\System\pVNOmjy.exe
  2⤵
  PID:7800
- C:\Windows\System\pNlTMxn.exe
  C:\Windows\System\pNlTMxn.exe
  2⤵
  PID:8036
- C:\Windows\System\KgaZYrQ.exe
  C:\Windows\System\KgaZYrQ.exe
  2⤵
  PID:8064
- C:\Windows\System\fWzLkcy.exe
  C:\Windows\System\fWzLkcy.exe
  2⤵
  PID:8204
- C:\Windows\System\HDUtSmS.exe
  C:\Windows\System\HDUtSmS.exe
  2⤵
  PID:8236
- C:\Windows\System\DGagzDo.exe
  C:\Windows\System\DGagzDo.exe
  2⤵
  PID:8264
- C:\Windows\System\WdVVKAK.exe
  C:\Windows\System\WdVVKAK.exe
  2⤵
  PID:8280
- C:\Windows\System\rnfJamj.exe
  C:\Windows\System\rnfJamj.exe
  2⤵
  PID:8332
- C:\Windows\System\EDqDwix.exe
  C:\Windows\System\EDqDwix.exe
  2⤵
  PID:2080
- C:\Windows\System\YfVTJBY.exe
  C:\Windows\System\YfVTJBY.exe
  2⤵
  PID:2812
- C:\Windows\System\UQPcgBk.exe
  C:\Windows\System\UQPcgBk.exe
  2⤵
  PID:8456
- C:\Windows\System\MxLbcJk.exe
  C:\Windows\System\MxLbcJk.exe
  2⤵
  PID:8532
- C:\Windows\System\viXkglb.exe
  C:\Windows\System\viXkglb.exe
  2⤵
  PID:8572
- C:\Windows\System\AWXzqwo.exe
  C:\Windows\System\AWXzqwo.exe
  2⤵
  PID:8608
- C:\Windows\System\oCVbUoI.exe
  C:\Windows\System\oCVbUoI.exe
  2⤵
  PID:8648
- C:\Windows\System\CngRTyW.exe
  C:\Windows\System\CngRTyW.exe
  2⤵
  PID:8584
- C:\Windows\System\MtXxfgb.exe
  C:\Windows\System\MtXxfgb.exe
  2⤵
  PID:8688
- C:\Windows\System\APNuPhN.exe
  C:\Windows\System\APNuPhN.exe
  2⤵
  PID:8472
- C:\Windows\System\UhpBZiD.exe
  C:\Windows\System\UhpBZiD.exe
  2⤵
  PID:2700
- C:\Windows\System\OKQEwbX.exe
  C:\Windows\System\OKQEwbX.exe
  2⤵
  PID:784
- C:\Windows\System\BrcfutQ.exe
  C:\Windows\System\BrcfutQ.exe
  2⤵
  PID:2500
- C:\Windows\System\atHyUdO.exe
  C:\Windows\System\atHyUdO.exe
  2⤵
  PID:2752
- C:\Windows\System\wenYLNL.exe
  C:\Windows\System\wenYLNL.exe
  2⤵
  PID:8748
- C:\Windows\System\lumXiXb.exe
  C:\Windows\System\lumXiXb.exe
  2⤵
  PID:8784
- C:\Windows\System\kGvJrdm.exe
  C:\Windows\System\kGvJrdm.exe
  2⤵
  PID:8856
- C:\Windows\System\sezRjhZ.exe
  C:\Windows\System\sezRjhZ.exe
  2⤵
  PID:1544
- C:\Windows\System\UGSfCEt.exe
  C:\Windows\System\UGSfCEt.exe
  2⤵
  PID:8988
- C:\Windows\System\RQwoFCJ.exe
  C:\Windows\System\RQwoFCJ.exe
  2⤵
  PID:8872
- C:\Windows\System\YCMiFjG.exe
  C:\Windows\System\YCMiFjG.exe
  2⤵
  PID:8888
- C:\Windows\System\bkkUlvL.exe
  C:\Windows\System\bkkUlvL.exe
  2⤵
  PID:2600
- C:\Windows\System\KbSTGqq.exe
  C:\Windows\System\KbSTGqq.exe
  2⤵
  PID:2828
- C:\Windows\System\RysXXkV.exe
  C:\Windows\System\RysXXkV.exe
  2⤵
  PID:9016
- C:\Windows\System\MchkKXs.exe
  C:\Windows\System\MchkKXs.exe
  2⤵
  PID:1648
- C:\Windows\System\PkSseIR.exe
  C:\Windows\System\PkSseIR.exe
  2⤵
  PID:2760
- C:\Windows\System\MzNVbDA.exe
  C:\Windows\System\MzNVbDA.exe
  2⤵
  PID:9148
- C:\Windows\System\fXLslgJ.exe
  C:\Windows\System\fXLslgJ.exe
  2⤵
  PID:9200
- C:\Windows\System\qnmTSzN.exe
  C:\Windows\System\qnmTSzN.exe
  2⤵
  PID:9120
- C:\Windows\System\ozHkmZK.exe
  C:\Windows\System\ozHkmZK.exe
  2⤵
  PID:9180
- C:\Windows\System\CpimqDu.exe
  C:\Windows\System\CpimqDu.exe
  2⤵
  PID:2464
- C:\Windows\System\HdlHeKI.exe
  C:\Windows\System\HdlHeKI.exe
  2⤵
  PID:1996
- C:\Windows\System\kbEZksC.exe
  C:\Windows\System\kbEZksC.exe
  2⤵
  PID:556
- C:\Windows\System\zbQpxkS.exe
  C:\Windows\System\zbQpxkS.exe
  2⤵
  PID:7332
- C:\Windows\System\SnUzZva.exe
  C:\Windows\System\SnUzZva.exe
  2⤵
  PID:1536
- C:\Windows\System\tufSnRj.exe
  C:\Windows\System\tufSnRj.exe
  2⤵
  PID:7700
- C:\Windows\System\mwibrDL.exe
  C:\Windows\System\mwibrDL.exe
  2⤵
  PID:7812
- C:\Windows\System\nZnIOhm.exe
  C:\Windows\System\nZnIOhm.exe
  2⤵
  PID:7976
- C:\Windows\System\BQdtZTV.exe
  C:\Windows\System\BQdtZTV.exe
  2⤵
  PID:7232
- C:\Windows\System\xsjOQxz.exe
  C:\Windows\System\xsjOQxz.exe
  2⤵
  PID:6152
- C:\Windows\System\GiPUNAL.exe
  C:\Windows\System\GiPUNAL.exe
  2⤵
  PID:8224
- C:\Windows\System\AovEyIw.exe
  C:\Windows\System\AovEyIw.exe
  2⤵
  PID:8276
- C:\Windows\System\PUcgQIJ.exe
  C:\Windows\System\PUcgQIJ.exe
  2⤵
  PID:8356
- C:\Windows\System\BLSJdxB.exe
  C:\Windows\System\BLSJdxB.exe
  2⤵
  PID:8388
- C:\Windows\System\vwgeSiH.exe
  C:\Windows\System\vwgeSiH.exe
  2⤵
  PID:8444
- C:\Windows\System\hLzmJJs.exe
  C:\Windows\System\hLzmJJs.exe
  2⤵
  PID:8372
- C:\Windows\System\vOTaaWM.exe
  C:\Windows\System\vOTaaWM.exe
  2⤵
  PID:8600
- C:\Windows\System\cRadxQU.exe
  C:\Windows\System\cRadxQU.exe
  2⤵
  PID:8408
- C:\Windows\System\kGXnDUW.exe
  C:\Windows\System\kGXnDUW.exe
  2⤵
  PID:8632
- C:\Windows\System\TOjRUHx.exe
  C:\Windows\System\TOjRUHx.exe
  2⤵
  PID:8780
- C:\Windows\System\vSzOfeo.exe
  C:\Windows\System\vSzOfeo.exe
  2⤵
  PID:8904
- C:\Windows\System\aGoUbZK.exe
  C:\Windows\System\aGoUbZK.exe
  2⤵
  PID:2732
- C:\Windows\System\NWgmFND.exe
  C:\Windows\System\NWgmFND.exe
  2⤵
  PID:8512
- C:\Windows\System\vzWtKzQ.exe
  C:\Windows\System\vzWtKzQ.exe
  2⤵
  PID:8812
- C:\Windows\System\ruPouDR.exe
  C:\Windows\System\ruPouDR.exe
  2⤵
  PID:8968
- C:\Windows\System\wFgAwuX.exe
  C:\Windows\System\wFgAwuX.exe
  2⤵
  PID:8900
- C:\Windows\System\Tboyszq.exe
  C:\Windows\System\Tboyszq.exe
  2⤵
  PID:1712
- C:\Windows\System\YjJuqAq.exe
  C:\Windows\System\YjJuqAq.exe
  2⤵
  PID:9096
- C:\Windows\System\kpbdWij.exe
  C:\Windows\System\kpbdWij.exe
  2⤵
  PID:1276
- C:\Windows\System\WfyAhSA.exe
  C:\Windows\System\WfyAhSA.exe
  2⤵
  PID:9132
- C:\Windows\System\sITkhtK.exe
  C:\Windows\System\sITkhtK.exe
  2⤵
  PID:9080
- C:\Windows\System\OmMeJVi.exe
  C:\Windows\System\OmMeJVi.exe
  2⤵
  PID:2368
- C:\Windows\System\TkpZuBD.exe
  C:\Windows\System\TkpZuBD.exe
  2⤵
  PID:9188
- C:\Windows\System\oIDsyBI.exe
  C:\Windows\System\oIDsyBI.exe
  2⤵
  PID:1728
- C:\Windows\System\ZfzfYzR.exe
  C:\Windows\System\ZfzfYzR.exe
  2⤵
  PID:2532
- C:\Windows\System\JgOVrBh.exe
  C:\Windows\System\JgOVrBh.exe
  2⤵
  PID:7472
- C:\Windows\System\NDBBywN.exe
  C:\Windows\System\NDBBywN.exe
  2⤵
  PID:7520
- C:\Windows\System\lQsnXWt.exe
  C:\Windows\System\lQsnXWt.exe
  2⤵
  PID:9212
- C:\Windows\System\iAJRBUE.exe
  C:\Windows\System\iAJRBUE.exe
  2⤵
  PID:7696
- C:\Windows\System\RJBfRQY.exe
  C:\Windows\System\RJBfRQY.exe
  2⤵
  PID:7920
- C:\Windows\System\ZlziAEi.exe
  C:\Windows\System\ZlziAEi.exe
  2⤵
  PID:7956
- C:\Windows\System\QOBuTCO.exe
  C:\Windows\System\QOBuTCO.exe
  2⤵
  PID:2964
- C:\Windows\System\TTZGJpB.exe
  C:\Windows\System\TTZGJpB.exe
  2⤵
  PID:588
- C:\Windows\System\EiLsUtI.exe
  C:\Windows\System\EiLsUtI.exe
  2⤵
  PID:6996
- C:\Windows\System\KzpgOjb.exe
  C:\Windows\System\KzpgOjb.exe
  2⤵
  PID:2620
- C:\Windows\System\qwckyjV.exe
  C:\Windows\System\qwckyjV.exe
  2⤵
  PID:8552
- C:\Windows\System\atRkCaR.exe
  C:\Windows\System\atRkCaR.exe
  2⤵
  PID:8728
- C:\Windows\System\czKrAKc.exe
  C:\Windows\System\czKrAKc.exe
  2⤵
  PID:8752
- C:\Windows\System\VfUTGBg.exe
  C:\Windows\System\VfUTGBg.exe
  2⤵
  PID:8912
- C:\Windows\System\vldgupq.exe
  C:\Windows\System\vldgupq.exe
  2⤵
  PID:8964
- C:\Windows\System\XcFHIvV.exe
  C:\Windows\System\XcFHIvV.exe
  2⤵
  PID:8952
- C:\Windows\System\dJvNVDs.exe
  C:\Windows\System\dJvNVDs.exe
  2⤵
  PID:9168
- C:\Windows\System\FZqmKgT.exe
  C:\Windows\System\FZqmKgT.exe
  2⤵
  PID:1944
- C:\Windows\System\PTAxUkE.exe
  C:\Windows\System\PTAxUkE.exe
  2⤵
  PID:1776
- C:\Windows\System\VDtLLME.exe
  C:\Windows\System\VDtLLME.exe
  2⤵
  PID:1764
- C:\Windows\System\AaYgPzD.exe
  C:\Windows\System\AaYgPzD.exe
  2⤵
  PID:8080
- C:\Windows\System\ekdQeUG.exe
  C:\Windows\System\ekdQeUG.exe
  2⤵
  PID:8768
- C:\Windows\System\DuQaKNp.exe
  C:\Windows\System\DuQaKNp.exe
  2⤵
  PID:8668
- C:\Windows\System\GcdQxmW.exe
  C:\Windows\System\GcdQxmW.exe
  2⤵
  PID:9208
- C:\Windows\System\UCItXLC.exe
  C:\Windows\System\UCItXLC.exe
  2⤵
  PID:9048
- C:\Windows\System\FKWEKpM.exe
  C:\Windows\System\FKWEKpM.exe
  2⤵
  PID:2132
- C:\Windows\System\UdBbSzw.exe
  C:\Windows\System\UdBbSzw.exe
  2⤵
  PID:8184
- C:\Windows\System\GdZeLAa.exe
  C:\Windows\System\GdZeLAa.exe
  2⤵
  PID:8304
- C:\Windows\System\MNdSCqW.exe
  C:\Windows\System\MNdSCqW.exe
  2⤵
  PID:112
- C:\Windows\System\kuqrgTV.exe
  C:\Windows\System\kuqrgTV.exe
  2⤵
  PID:1744
- C:\Windows\System\QLwBTgO.exe
  C:\Windows\System\QLwBTgO.exe
  2⤵
  PID:8720
- C:\Windows\System\XLMboeK.exe
  C:\Windows\System\XLMboeK.exe
  2⤵
  PID:8568
- C:\Windows\System\TRuDvmh.exe
  C:\Windows\System\TRuDvmh.exe
  2⤵
  PID:9060
- C:\Windows\System\xEcGRKO.exe
  C:\Windows\System\xEcGRKO.exe
  2⤵
  PID:8196
- C:\Windows\System\XnZXEVn.exe
  C:\Windows\System\XnZXEVn.exe
  2⤵
  PID:8936
- C:\Windows\System\CBOZnKy.exe
  C:\Windows\System\CBOZnKy.exe
  2⤵
  PID:8500
- C:\Windows\System\SIwipem.exe
  C:\Windows\System\SIwipem.exe
  2⤵
  PID:8744
- C:\Windows\System\FYnbIMf.exe
  C:\Windows\System\FYnbIMf.exe
  2⤵
  PID:8484
- C:\Windows\System\EeHpvpK.exe
  C:\Windows\System\EeHpvpK.exe
  2⤵
  PID:9232
- C:\Windows\System\SWCyVYP.exe
  C:\Windows\System\SWCyVYP.exe
  2⤵
  PID:9268
- C:\Windows\System\xDqCZMm.exe
  C:\Windows\System\xDqCZMm.exe
  2⤵
  PID:9288
- C:\Windows\System\psUmTfb.exe
  C:\Windows\System\psUmTfb.exe
  2⤵
  PID:9308
- C:\Windows\System\NilHjFz.exe
  C:\Windows\System\NilHjFz.exe
  2⤵
  PID:9332
- C:\Windows\System\YoGbKZq.exe
  C:\Windows\System\YoGbKZq.exe
  2⤵
  PID:9352
- C:\Windows\System\gqLknJY.exe
  C:\Windows\System\gqLknJY.exe
  2⤵
  PID:9368
- C:\Windows\System\MuWHelX.exe
  C:\Windows\System\MuWHelX.exe
  2⤵
  PID:9384
- C:\Windows\System\aRNahsA.exe
  C:\Windows\System\aRNahsA.exe
  2⤵
  PID:9400
- C:\Windows\System\JLoQEMo.exe
  C:\Windows\System\JLoQEMo.exe
  2⤵
  PID:9424
- C:\Windows\System\AKgeiyZ.exe
  C:\Windows\System\AKgeiyZ.exe
  2⤵
  PID:9460
- C:\Windows\System\uQNDiqh.exe
  C:\Windows\System\uQNDiqh.exe
  2⤵
  PID:9484
- C:\Windows\System\lTNHUGD.exe
  C:\Windows\System\lTNHUGD.exe
  2⤵
  PID:9504
- C:\Windows\System\zrIxpkx.exe
  C:\Windows\System\zrIxpkx.exe
  2⤵
  PID:9520
- C:\Windows\System\bSldkHB.exe
  C:\Windows\System\bSldkHB.exe
  2⤵
  PID:9536
- C:\Windows\System\lWZByJm.exe
  C:\Windows\System\lWZByJm.exe
  2⤵
  PID:9552
- C:\Windows\System\cgFYZwn.exe
  C:\Windows\System\cgFYZwn.exe
  2⤵
  PID:9584
- C:\Windows\System\xhwTdln.exe
  C:\Windows\System\xhwTdln.exe
  2⤵
  PID:9600
- C:\Windows\System\zZUJlXO.exe
  C:\Windows\System\zZUJlXO.exe
  2⤵
  PID:9620
- C:\Windows\System\tRUsyuc.exe
  C:\Windows\System\tRUsyuc.exe
  2⤵
  PID:9636
- C:\Windows\System\GhXuBqf.exe
  C:\Windows\System\GhXuBqf.exe
  2⤵
  PID:9656
- C:\Windows\System\gjJSqAQ.exe
  C:\Windows\System\gjJSqAQ.exe
  2⤵
  PID:9672
- C:\Windows\System\bWXNDRU.exe
  C:\Windows\System\bWXNDRU.exe
  2⤵
  PID:9692
- C:\Windows\System\RsmCulZ.exe
  C:\Windows\System\RsmCulZ.exe
  2⤵
  PID:9708
- C:\Windows\System\NMqOMpP.exe
  C:\Windows\System\NMqOMpP.exe
  2⤵
  PID:9728
- C:\Windows\System\TMZdgtY.exe
  C:\Windows\System\TMZdgtY.exe
  2⤵
  PID:9744
- C:\Windows\System\IrDKyYt.exe
  C:\Windows\System\IrDKyYt.exe
  2⤵
  PID:9764
- C:\Windows\System\GjaucTN.exe
  C:\Windows\System\GjaucTN.exe
  2⤵
  PID:9784
- C:\Windows\System\fziddyf.exe
  C:\Windows\System\fziddyf.exe
  2⤵
  PID:9804
- C:\Windows\System\INTFTDy.exe
  C:\Windows\System\INTFTDy.exe
  2⤵
  PID:9820
- C:\Windows\System\jhlZzmc.exe
  C:\Windows\System\jhlZzmc.exe
  2⤵
  PID:9840
- C:\Windows\System\nhkDLOT.exe
  C:\Windows\System\nhkDLOT.exe
  2⤵
  PID:9860
- C:\Windows\System\xsHqNuo.exe
  C:\Windows\System\xsHqNuo.exe
  2⤵
  PID:9880
- C:\Windows\System\LCRIyIE.exe
  C:\Windows\System\LCRIyIE.exe
  2⤵
  PID:9896
- C:\Windows\System\SwhUxmJ.exe
  C:\Windows\System\SwhUxmJ.exe
  2⤵
  PID:9912
- C:\Windows\System\clZuphm.exe
  C:\Windows\System\clZuphm.exe
  2⤵
  PID:9928
- C:\Windows\System\hMpMbBK.exe
  C:\Windows\System\hMpMbBK.exe
  2⤵
  PID:9948
- C:\Windows\System\ziXymoZ.exe
  C:\Windows\System\ziXymoZ.exe
  2⤵
  PID:9964
- C:\Windows\System\EZLhsBS.exe
  C:\Windows\System\EZLhsBS.exe
  2⤵
  PID:10008
- C:\Windows\System\uFzMvrt.exe
  C:\Windows\System\uFzMvrt.exe
  2⤵
  PID:10028
- C:\Windows\System\EeIVrHm.exe
  C:\Windows\System\EeIVrHm.exe
  2⤵
  PID:10052
- C:\Windows\System\LVAXhTA.exe
  C:\Windows\System\LVAXhTA.exe
  2⤵
  PID:10076
- C:\Windows\System\FWUqHNZ.exe
  C:\Windows\System\FWUqHNZ.exe
  2⤵
  PID:10092
- C:\Windows\System\iWuQzYX.exe
  C:\Windows\System\iWuQzYX.exe
  2⤵
  PID:10112
- C:\Windows\System\qCacCoz.exe
  C:\Windows\System\qCacCoz.exe
  2⤵
  PID:10132
- C:\Windows\System\AOXYNjF.exe
  C:\Windows\System\AOXYNjF.exe
  2⤵
  PID:10168
- C:\Windows\System\uZmCYRg.exe
  C:\Windows\System\uZmCYRg.exe
  2⤵
  PID:10184
- C:\Windows\System\uJeTmgf.exe
  C:\Windows\System\uJeTmgf.exe
  2⤵
  PID:10200
- C:\Windows\System\EdswmmA.exe
  C:\Windows\System\EdswmmA.exe
  2⤵
  PID:10220
- C:\Windows\System\tZqKwcw.exe
  C:\Windows\System\tZqKwcw.exe
  2⤵
  PID:2712
- C:\Windows\System\BfmBdrS.exe
  C:\Windows\System\BfmBdrS.exe
  2⤵
  PID:9028
- C:\Windows\System\mnDXqHn.exe
  C:\Windows\System\mnDXqHn.exe
  2⤵
  PID:9248
- C:\Windows\System\zkZZmgO.exe
  C:\Windows\System\zkZZmgO.exe
  2⤵
  PID:8908
- C:\Windows\System\xyIMkaJ.exe
  C:\Windows\System\xyIMkaJ.exe
  2⤵
  PID:9224
- C:\Windows\System\RzOLtOW.exe
  C:\Windows\System\RzOLtOW.exe
  2⤵
  PID:9228
- C:\Windows\System\XIpSWWt.exe
  C:\Windows\System\XIpSWWt.exe
  2⤵
  PID:9280
- C:\Windows\System\scAeNaW.exe
  C:\Windows\System\scAeNaW.exe
  2⤵
  PID:9360
- C:\Windows\System\UsGgQOq.exe
  C:\Windows\System\UsGgQOq.exe
  2⤵
  PID:9304
- C:\Windows\System\paHczMt.exe
  C:\Windows\System\paHczMt.exe
  2⤵
  PID:9344
- C:\Windows\System\DEMhudx.exe
  C:\Windows\System\DEMhudx.exe
  2⤵
  PID:9416
- C:\Windows\System\pUJJnAK.exe
  C:\Windows\System\pUJJnAK.exe
  2⤵
  PID:9448
- C:\Windows\System\mGysgKo.exe
  C:\Windows\System\mGysgKo.exe
  2⤵
  PID:9480
- C:\Windows\System\akLDDCS.exe
  C:\Windows\System\akLDDCS.exe
  2⤵
  PID:9580
- C:\Windows\System\ZoTCrXE.exe
  C:\Windows\System\ZoTCrXE.exe
  2⤵
  PID:9592
- C:\Windows\System\nomDvuv.exe
  C:\Windows\System\nomDvuv.exe
  2⤵
  PID:9632
- C:\Windows\System\GnLpHaX.exe
  C:\Windows\System\GnLpHaX.exe
  2⤵
  PID:9648
- C:\Windows\System\BsudJxC.exe
  C:\Windows\System\BsudJxC.exe
  2⤵
  PID:9724
- C:\Windows\System\TvQXiTj.exe
  C:\Windows\System\TvQXiTj.exe
  2⤵
  PID:9792
- C:\Windows\System\VNxDswI.exe
  C:\Windows\System\VNxDswI.exe
  2⤵
  PID:9828
- C:\Windows\System\sioAaFm.exe
  C:\Windows\System\sioAaFm.exe
  2⤵
  PID:9876
- C:\Windows\System\ZDRnsUc.exe
  C:\Windows\System\ZDRnsUc.exe
  2⤵
  PID:9664
- C:\Windows\System\XyqQJDn.exe
  C:\Windows\System\XyqQJDn.exe
  2⤵
  PID:9772
- C:\Windows\System\TcEeTMR.exe
  C:\Windows\System\TcEeTMR.exe
  2⤵
  PID:9892
- C:\Windows\System\ApuvQCE.exe
  C:\Windows\System\ApuvQCE.exe
  2⤵
  PID:9924
- C:\Windows\System\sAYuBPs.exe
  C:\Windows\System\sAYuBPs.exe
  2⤵
  PID:9936
- C:\Windows\System\IVPHdeo.exe
  C:\Windows\System\IVPHdeo.exe
  2⤵
  PID:9984
- C:\Windows\System\lQcLLVB.exe
  C:\Windows\System\lQcLLVB.exe
  2⤵
  PID:10000
- C:\Windows\System\QZUUDit.exe
  C:\Windows\System\QZUUDit.exe
  2⤵
  PID:10084
- C:\Windows\System\DhDKUzV.exe
  C:\Windows\System\DhDKUzV.exe
  2⤵
  PID:10024
- C:\Windows\System\kwmiRar.exe
  C:\Windows\System\kwmiRar.exe
  2⤵
  PID:10072
- C:\Windows\System\KmDZYZZ.exe
  C:\Windows\System\KmDZYZZ.exe
  2⤵
  PID:10156
- C:\Windows\System\pxTSunv.exe
  C:\Windows\System\pxTSunv.exe
  2⤵
  PID:10040
- C:\Windows\System\RYYzxYl.exe
  C:\Windows\System\RYYzxYl.exe
  2⤵
  PID:10088
- C:\Windows\System\lvOyDSQ.exe
  C:\Windows\System\lvOyDSQ.exe
  2⤵
  PID:10180
- C:\Windows\System\DEOuVZq.exe
  C:\Windows\System\DEOuVZq.exe
  2⤵
  PID:8948
- C:\Windows\System\DhccFQM.exe
  C:\Windows\System\DhccFQM.exe
  2⤵
  PID:9264
- C:\Windows\System\BWRmkYG.exe
  C:\Windows\System\BWRmkYG.exe
  2⤵
  PID:9376
- C:\Windows\System\NUWSAXO.exe
  C:\Windows\System\NUWSAXO.exe
  2⤵
  PID:9476
- C:\Windows\System\cneHDSk.exe
  C:\Windows\System\cneHDSk.exe
  2⤵
  PID:9516
- C:\Windows\System\uhfYTrF.exe
  C:\Windows\System\uhfYTrF.exe
  2⤵
  PID:9456
- C:\Windows\System\LRZXCVa.exe
  C:\Windows\System\LRZXCVa.exe
  2⤵
  PID:9548
- C:\Windows\System\mzFSUKe.exe
  C:\Windows\System\mzFSUKe.exe
  2⤵
  PID:7076
- C:\Windows\System\GWnwmAE.exe
  C:\Windows\System\GWnwmAE.exe
  2⤵
  PID:9380
- C:\Windows\System\RwhSPTv.exe
  C:\Windows\System\RwhSPTv.exe
  2⤵
  PID:9544
- C:\Windows\System\OangBwE.exe
  C:\Windows\System\OangBwE.exe
  2⤵
  PID:9868
- C:\Windows\System\fmTlgDp.exe
  C:\Windows\System\fmTlgDp.exe
  2⤵
  PID:9752
- C:\Windows\System\xxdvATM.exe
  C:\Windows\System\xxdvATM.exe
  2⤵
  PID:9688
- C:\Windows\System\oKTcOGW.exe
  C:\Windows\System\oKTcOGW.exe
  2⤵
  PID:9776
- C:\Windows\System\EFmYgrV.exe
  C:\Windows\System\EFmYgrV.exe
  2⤵
  PID:9812
- C:\Windows\System\VBhrVPM.exe
  C:\Windows\System\VBhrVPM.exe
  2⤵
  PID:10016
- C:\Windows\System\kkxvstY.exe
  C:\Windows\System\kkxvstY.exe
  2⤵
  PID:10124
- C:\Windows\System\ntZHHmC.exe
  C:\Windows\System\ntZHHmC.exe
  2⤵
  PID:10164
- C:\Windows\System\ZcuWyyo.exe
  C:\Windows\System\ZcuWyyo.exe
  2⤵
  PID:10196
- C:\Windows\System\hMxvEUf.exe
  C:\Windows\System\hMxvEUf.exe
  2⤵
  PID:9392
- C:\Windows\System\pGPyRCV.exe
  C:\Windows\System\pGPyRCV.exe
  2⤵
  PID:9320
- C:\Windows\System\JjKZZif.exe
  C:\Windows\System\JjKZZif.exe
  2⤵
  PID:9848
- C:\Windows\System\MRMmnkw.exe
  C:\Windows\System\MRMmnkw.exe
  2⤵
  PID:10152
- C:\Windows\System\VSWDthd.exe
  C:\Windows\System\VSWDthd.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUWsaRo.exe

Filesize
6.0MB

MD5
aae1917f816302917e9766c34e43502a

SHA1
c1f2d760e41b6886cf53da24d2ee386331e8a1ec

SHA256
d77c36633229ad7d788c9d2b3a3bec047f34d8d294016c3a7e4fbe8fbfff596a

SHA512
12975f4810af5298dae799e554dc08d0f48853bf3a1e78f4a38d384119389f8327f4ab420907ac5febbdbd75bedbe7dec96c268985107c55f14e4bf9443267f0

Download Submit
C:\Windows\system\AmKeQNq.exe

Filesize
6.0MB

MD5
2ed756963402b616d9fbf6bc032f08ce

SHA1
91da4d1383862f113696f021947f369b46bf39d6

SHA256
ca3d5fb2cf8dd8241371fddf063e261e6c1f82f5ca9ca581bb763dc976bb9887

SHA512
eb2c355e18f1a0a11da654a4fcbc6a0659c212b89372682a8b7fa5fc0c526adf35bd0d3ec21ac285ff87409a8dd4eadd49b06494ce9982f987df328d74039d72

Download Submit
C:\Windows\system\CpXspno.exe

Filesize
6.0MB

MD5
766364c5252795a9208508ea6f4db510

SHA1
32b24b8cb83458ad1e60f85dae3d6d207346cf68

SHA256
56939428d3b014c12f81edfc874350befb9f134c7e832289bbfd492e411ec710

SHA512
c9cd3ea2a2a1cfb5f46980404e687c7a4755b2fdc9a35be6b498e2c7814a01c40632634b06d237fbbb76944994fc5caf7f2f45f91e343880582d5aee1bfc4b19

Download Submit
C:\Windows\system\CwwjZTJ.exe

Filesize
6.0MB

MD5
a377e603f939661da285d491700c8e5e

SHA1
32a1dc9c5510b4aaa6c2458b0effb112dec265c8

SHA256
c2251d740e46ef8ed776baf0f68416fbdcc279b210c2884b75fad494c482ad45

SHA512
f2a35bc0289219996d5e4a80399442a0cda0f0824c51042d41442a040b9047a1760539bc4752adc87b5ad46adbb7ed84e2d161b82a9364d4f55a50c6f244ac59

Download Submit
C:\Windows\system\DITDAvF.exe

Filesize
6.0MB

MD5
3182c584e0d2cf277aceaa43d752e08b

SHA1
69607c0623295700a31902c6dbeeef57fbef9f77

SHA256
b222c123df718cb5fc30da0dc144e05c4aad26f14e91038ec32b76194ed5bad4

SHA512
05712b2beaee66bccd413f2850a6a65707df92773011d14669084c9cd7e2720845f89b3603a15d02c1d86ab4e71cd2918d1081b0e5419e1358fd2fd2f7bbfb32

Download Submit
C:\Windows\system\JZiDJwo.exe

Filesize
6.0MB

MD5
91c479e8da27d838cc78471e55cbbff6

SHA1
8d5e5df6beef05c6053843d896e8494e391ef12f

SHA256
4ac627d811ad8f8d02680f21c96e1ebeeddeb57f7dcca9eef11ed7054840d08a

SHA512
4e3a08adb031d830c18a2e0929ccd3ae2bbab791d954feb2c8df31cbffd24e37fecd3c659ab1aabcfa90855bc929606940103c065aa8735f133da249fb2d433f

Download Submit
C:\Windows\system\LaemOuY.exe

Filesize
6.0MB

MD5
2eb37de2e47aeb06d21f8ad1e9fe161a

SHA1
31876c55776b5f23e2a2009a3ca1e4b2b171de42

SHA256
e40c2991de497a3682a70c5e99d07d177004bf345ab8412a4b13a18e7a3f0fca

SHA512
a0a055b414481615fc06e5acf3f2b9609ee781962febef8173522ff3c170ce40ff5cfacdf0d65a69d7ced127b4bddfc31792471fa4d93db70be86389555b726d

Download Submit
C:\Windows\system\MOxJMrZ.exe

Filesize
6.0MB

MD5
0966a598ee21fb33b58f372a728b2751

SHA1
b973d64b5cef2b4e6376051a719ac4e84a1f6a69

SHA256
400417155f7f385ac7af6e7c33bc59f0ed035c8c6d962426bf333bcf8b932fc3

SHA512
4422128ee0fcc6adcd198a91fc46eb79fc162e9fcc873314452b7cd015466177bb89e9e3ce9dc431a073e487f68577dc5911855f112a2564ce16f5a3204ec84c

Download Submit
C:\Windows\system\MZBAlde.exe

Filesize
6.0MB

MD5
dc3d3ef83397c0b40b5a2b47af27a398

SHA1
dc638400af0acab89cda2e2dcdfa6824138941eb

SHA256
7b29a0d2f4e95981e621c1ea865b645a027721561ad858a32735d99eddc88244

SHA512
2ba77678b651ce8860e4137b24b428ebb868086f94ade27fe3883c36d08b1791cda527753477998b061d6c991b8bc6f332ad0e601149c2c782094ba47043cda2

Download Submit
C:\Windows\system\MpvwtSL.exe

Filesize
6.0MB

MD5
c474a2c73b6fa9b0f93f8c1031843ac0

SHA1
9291a4031a167074088e438d5dec5c6e1cbbaba0

SHA256
e1f6ae47939b6c63d78345fb5c139255e416b58051a76a163b3c736ca730cd3c

SHA512
6466640067e69c968647d1e2596ef0b3f7991f6fb2f5f75db77cde8443fd0e2e323f0d9ec5f4a30116cb98e0a51a531267561e7bac5abbbf291b45aabe06f9fa

Download Submit
C:\Windows\system\NRpalUQ.exe

Filesize
6.0MB

MD5
7fa97e032e584032ebd649ea18c4d18c

SHA1
d4c1808342c75d7b29b46d82d72cdb9f7e14dad8

SHA256
cd9dbb752bc195522bf68b2258f1213124d5c294591c38805c76ac2eee97549a

SHA512
66a55037299d0021027297d4139e85f34ab8cb25a8aa921b20c9670e63d9c39f7ecbba37b867c3d2b2b27537e4ce569063363795a945b51d54d766aca0078305

Download Submit
C:\Windows\system\OmxQmDE.exe

Filesize
6.0MB

MD5
93519da87eeeeebdc2fbe80c650823c3

SHA1
7d8c34361f278976d234bac312945bd2a3e8f66a

SHA256
4a803748b95925459964d037c285767278e1d19f55a8a95f01a2a754fd119504

SHA512
7dde05465d07134b731ee6c609ffcde2c2ea1cf8eae2001e0b8862e2da797cd099ba6f22c0518587cd102e30169c3d547139e1817e5637efa5a3d0b1130b026d

Download Submit
C:\Windows\system\SZKqlOM.exe

Filesize
6.0MB

MD5
9496e9aea65e819eee2162120c27770b

SHA1
c428700c43d8dbb7b5aaf3a50647b5f2107a4bac

SHA256
13d50ac17135de3b8257db5e14d37e2c9926974404ec2a1d2376379cb5183fa1

SHA512
6a5be51ffeff1e81f674aadc50785794ebf3348f45e8ff35022bf22e2e28c0be34991ad28a034497d02ef11621fbf231fa1a991481eb810561011c5d73cff435

Download Submit
C:\Windows\system\VuevdKG.exe

Filesize
6.0MB

MD5
3ef58a8963d5efcefc6354ec81eabb15

SHA1
840377e136df437f4a47dd135ea19dc27e67d614

SHA256
3e5cdb9067869843319d007fb4f7ec1c7af0fe5d33346474027c33a631a9221d

SHA512
c888f0f6c7ec090bbe7dce0865a61ffd1f392584426a205f2d1a85e8ab9ba720f622acee61bcea83959a463e82e60e6413deac38c7b7071dbce9f7708b1a3e5f

Download Submit
C:\Windows\system\WCjtcHv.exe

Filesize
6.0MB

MD5
2c74b19eb8d80b570db61e17e08d3c17

SHA1
e356092a91d1a81b45570b25e92c93682f398b46

SHA256
9443020d6b371c6e796aeee37e27b5757f4c5d9ab8f518868f03b67a1d11e646

SHA512
0156f2a996831a2e89077f21b7542cf79f327eb9d36c05460e2fa9a54dce7705d2bec12674eeda233efbdd69a345ca69112a638bea68254d201eaa855b1ec850

Download Submit
C:\Windows\system\YNmuDKC.exe

Filesize
6.0MB

MD5
9927efbc042edacd3c90acc718e861d8

SHA1
8443da9fce4168bd52568b078dc2682cc4e767d5

SHA256
7580430500914471c3dd98c19ccb7218ae4a78e30851749d11ceaf8473c3fb5b

SHA512
af9ebd682dc9d6285022aae19c0c3bb61aa75ac768e7ac18cdcc8ed40e24a08190866461d857d4b22983446524a21776225db28721a0f4d1821c423d6b5a02a6

Download Submit
C:\Windows\system\aVEgQBt.exe

Filesize
6.0MB

MD5
48db2391c7d602d9003a9d2ddb2a65cc

SHA1
cc3f44d9f9865b6fa8e502389829cd5d3fe15913

SHA256
102d470354881c9b8e9c2769a8a9164306a5e267b9136fb8ba6688a4339194ee

SHA512
52e81816efd74ffb997176191a85d03ca4da302e5c691866a3ec97ba0621c5aa070a48972b780fa8d4fda4fbe4816db99fa38668f45cb1802441d2994201405c

Download Submit
C:\Windows\system\byaExhN.exe

Filesize
6.0MB

MD5
20c2a44bdae78c3ff6c14dade5294ae8

SHA1
0ba270e6fcdbb693353df4277a1426179e8faa1d

SHA256
2fed6707074c8c87352e908904b016a89faed3cff77ecd38db38280db80833dd

SHA512
5237f13eb90d7724479c434f16b30ccbf07f700c8478398721a62c49c1acbb7fe545a5413414401d24dd3fd38055133524f8dd5f977b36d3e4a90a1cf2aa9f9b

Download Submit
C:\Windows\system\chJvhrx.exe

Filesize
6.0MB

MD5
afdbf975183c750a2b7805038f576f89

SHA1
3d667758284a5d44f4987daa343c192af3f04077

SHA256
dfdc86658b2e6562844db5c75548ae63d87df49ac940fdc8e681daf84821ff93

SHA512
de2ed45e2bf24a81edc2bf2928bbd633445f4238209d3b0e7af28d1e77e42a94a11396fd2c44c1434a03a2549d2528361f86dd3a8ed82e732ca48b6a8c856c86

Download Submit
C:\Windows\system\iAjarUP.exe

Filesize
6.0MB

MD5
cc116b8334fefce9d99712d65ce0b304

SHA1
80664bc8349df2675fdd0b226116581b2fbab902

SHA256
325369e488987ef04306d14650d2aac32a110408aa21884eb39e8871ee44b5ca

SHA512
f1ccd48cf8ac325e13af61b039f8dd3c386e4c6d9536f99c7e7e5a76a3fda006461e2c9fbd048520dec32f61c270d60ef3577f28440f2e6b31da00e4c39f9267

Download Submit
C:\Windows\system\kYuSxRR.exe

Filesize
6.0MB

MD5
dbfbb55efb52870ad0ddec87087b203f

SHA1
b4ef99d73323acf4381be6e5d778f43bf0c8658f

SHA256
ab8255192f8370a81e9ca9ce016b2af0ced49f17beae63be2e619c0fd45f692b

SHA512
9f523c07fdd6b245e72b0433cff66443b39d8173a89f0898e4ac3726e0c5138d30637cfc39f34141e6301f9abd4cc488a52eb30baaeff618d7b00dfddc21c9e6

Download Submit
C:\Windows\system\kwItZCL.exe

Filesize
6.0MB

MD5
559fd9cb153159ed96d4c1beb14fb01e

SHA1
f0cf932c6f4e66a275b9be64ef9c798c1a95d978

SHA256
a128ff6e29e980a1001915c19159939f6b3fd76165a74b2e09790e4ef55d86f2

SHA512
d24031b8d218232579f67bc33869517ab88d2ceefcb47c7a8abeea173912228ff20ec059c0167b6ffd73643921b8440380436e1c39a8e6290255826de8fa8909

Download Submit
C:\Windows\system\lqbxxFk.exe

Filesize
6.0MB

MD5
c41b2d4701b64161801e5ae768db4522

SHA1
f28946d7a895275fe02b0d4e644cb7237f6c1d17

SHA256
048a0b844217eb754aa3809c26a459ad0fbb84400a7b380e7551e080972f86e0

SHA512
93c6023d9bfa2cd7d2f6190b4d1cfb3d5b722fd4e8801593bfb94956a2fae70b3cccf7c9d6b585863315780f309eddbe45add737fcdb6ae694b9622352156625

Download Submit
C:\Windows\system\mHJCfvd.exe

Filesize
6.0MB

MD5
9d0fa2267c77f701f3890c366fc75843

SHA1
acc29b2e3950bf8b85c05525a7c396521ee44366

SHA256
6ce99f9163b8fe56c181b02b231f353317ae4d60673cff20cdd056e83f60f651

SHA512
c831a3ac276daaf569f893db8f85a2d273c88406276aefd028d599fe5c6322ed8c480d56c95b3d34680b1e5132c47762979a93a3092b9cfaf9d7bbbd2308cda7

Download Submit
C:\Windows\system\uAMdQjk.exe

Filesize
6.0MB

MD5
8345f846c8944ef3f6c64f8f8b34aad5

SHA1
dc129bfddea32568aefb0b0ff49b173429cbed18

SHA256
10ccc2e3e8d66747aa89bbdc75e326ac9fa86c19416f1cdd5c8ad37f132bc389

SHA512
66b96b554f31405877c8afc5b116645b3c269e3a1d05d98aad455732439ee4041d249a7310b8ca0f079ee595ee136f1e503a251b4c4d8d079d79cb3b4e53486f

Download Submit
C:\Windows\system\uXPWJkv.exe

Filesize
6.0MB

MD5
28f993547e33949624ffb0d22f595b6e

SHA1
fef3b9f18903907f38050e434017338495f5d656

SHA256
5e2e3b3f00412e1e83181014ddac0ef070f093dd584eb2061eea5f993f2e8e9e

SHA512
f3f8f3df46ab6a8007db9041e4ff2a05eaf098bdd0926b297f3a58808c50e9937304787f83cfa5f14ad22c0b21b1f1f76baa767f0f7c59921e194b3d26f09bcd

Download Submit
C:\Windows\system\uZbgnHx.exe

Filesize
6.0MB

MD5
2f96fd4a5b5b3fcaa05271f21256a18e

SHA1
445aa8b073cc7a4564acd7941ca9c5d628d2c71b

SHA256
2c785dd0070c0a202025f9082eeda2a7f3dbb29d61fa5d8d6b3cfbefdf61fe09

SHA512
e003cbdc9606393a2c594d5768c02ef799bf3f6662909e13e2c3912c22605b908300bb8173799f45247ac2ea5233b6ef41cda9bd99788dfebbc6a45c40ed1ca8

Download Submit
C:\Windows\system\uwmiFpg.exe

Filesize
6.0MB

MD5
386e354fb1372c856338b05bb75eb10b

SHA1
e22a1ec875de7e5e6cdb216235f920919f676606

SHA256
03118e7e53769b91b77c5b9b3ef80dba2227fc5911ccf993fd2b1db3e9c2780c

SHA512
c9d0ebe6359a12ce1811919dc62a1b7965763e51a404d6c9092eee0794a3d4684056d69713cf1d308a71d7b32132a4b99641c131e6cc0151d38e7e110205b6e8

Download Submit
C:\Windows\system\wRCsiWi.exe

Filesize
6.0MB

MD5
4f19233cb6b3c45e5025d6fe33ff7a66

SHA1
a85f6abf3ab8008d7454f0da07bac20a69c19fc1

SHA256
340ff287fa9e28d5b00d24b413afbd70b1abb5f4cdb9b3a2f9b47397447b8fc1

SHA512
d7983246009a35aeecc21eb30b37c9ac340088a9d2decb953eb225316e6ebf4a0be39615b82198ee81f1720cc9b294b7ca841ba6a3d44f4b9d7a5361b9dc9a37

Download Submit
C:\Windows\system\wloenIz.exe

Filesize
6.0MB

MD5
ca46ed838cd9e74312aa868a772e8528

SHA1
c19fe6cdbdf7b3ef7bf4c3e88a5bc13955f8f54e

SHA256
1f1884fb65434d8bfbbd912aff381d05ae2047dfe212c683e6779cff0ce2249a

SHA512
d6d00a4f2a41814d4af9030b16985a795d2c51aec4da43c0f2961d98aef035bbb6237e4eb6225b1b6616845e6119bd0c25653347fb24757103502e2d4c7f95eb

Download Submit
C:\Windows\system\yDPTPZX.exe

Filesize
6.0MB

MD5
830fbca048f3165e0d69f6bd37948fb2

SHA1
8d96d1605d98300febd3be7298ac2a3dab9435ba

SHA256
81db35db3fce9904e95f513568f16053d741b6e617fc21258738666aeb45793d

SHA512
03995a16deb75bd54e3bbb78e3f48ec82c939ba4b7d048828db742afa336319acc9968d6b101850a62fdc38e1dd90429c0519a8056b0e60064f8205469c2e412

Download Submit
C:\Windows\system\yGfxwPP.exe

Filesize
6.0MB

MD5
21a183f26abe6eb70d62fd50f1ec8d86

SHA1
2905ee9e0972be126377b0267514c63fd7866119

SHA256
fb9c7984263aaa0be0df106ccff981d399727e2fe4e0b05c6af3a119a6530847

SHA512
ce1f00a3317ab8b3ebdfb7f5122011db5e11eac52a20ff4516ddb771f293be32e92958f5c9984f166cec9b7a20efab00bdade20ecbd2771e82c5808e5aaffa33

Download Submit
memory/580-3606-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/580-2518-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3607-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2484-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3604-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2462-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3615-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2495-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2523-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3633-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3642-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2550-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3647-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2519-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2524-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2335-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3228-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3330-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3335-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3336-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3365-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3352-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3368-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3350-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2521-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2505-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2491-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2463-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2406-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3060-0-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download