cobaltstrike | 19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
Size

6.0MB
MD5

c787d8ad99b208ee3bbf942080c4a4d2
SHA1

4da0964a794ef08b2166dbef9dbcf243991adc8f
SHA256

19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015
SHA512

82d5a79f4b175d556ee40c8c165a000efad9a73b7e24ab5cad8b99c661a03a7d03671918d06015eabca0193aaa2f03bbe0665ea659fbd9fb26fdda41ccf96494
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUg:eOl56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000019467-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019496-11.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ad-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ef-31.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001963b-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dd7-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09f-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a094-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b8-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a322-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-188.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019438-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a377-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fda-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fbc-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-56.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019506-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2256-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0007000000019467-12.dat	xmrig
behavioral1/files/0x0006000000019496-11.dat	xmrig
behavioral1/files/0x000b000000012281-6.dat	xmrig
behavioral1/files/0x00060000000194ad-19.dat	xmrig
behavioral1/files/0x00060000000194ef-31.dat	xmrig
behavioral1/files/0x000700000001963b-41.dat	xmrig
behavioral1/files/0x000500000001967f-46.dat	xmrig
behavioral1/files/0x00050000000196c0-51.dat	xmrig
behavioral1/files/0x00050000000199b9-61.dat	xmrig
behavioral1/files/0x0005000000019c54-67.dat	xmrig
behavioral1/files/0x0005000000019d62-91.dat	xmrig
behavioral1/files/0x0005000000019dd7-101.dat	xmrig
behavioral1/files/0x000500000001a09f-121.dat	xmrig
behavioral1/files/0x000500000001a094-116.dat	xmrig
behavioral1/files/0x000500000001a0b8-135.dat	xmrig
behavioral1/files/0x000500000001a322-137.dat	xmrig
behavioral1/memory/2352-145-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1976-151-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2256-154-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2564-157-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2860-161-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2576-167-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2476-168-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a441-174.dat	xmrig
behavioral1/memory/2256-957-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a443-183.dat	xmrig
behavioral1/files/0x000500000001a445-188.dat	xmrig
behavioral1/files/0x0008000000019438-179.dat	xmrig
behavioral1/files/0x000500000001a377-130.dat	xmrig
behavioral1/memory/1176-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2724-163-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2256-162-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2720-159-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2256-158-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2716-155-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2816-153-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2256-150-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2212-149-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2744-147-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/604-143-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a43f-142.dat	xmrig
behavioral1/files/0x0005000000019fda-111.dat	xmrig
behavioral1/files/0x0005000000019fbc-106.dat	xmrig
behavioral1/files/0x0005000000019dcb-96.dat	xmrig
behavioral1/files/0x0005000000019d3d-86.dat	xmrig
behavioral1/files/0x0005000000019c73-81.dat	xmrig
behavioral1/files/0x0005000000019c58-76.dat	xmrig
behavioral1/files/0x0005000000019c56-71.dat	xmrig
behavioral1/files/0x000500000001970b-56.dat	xmrig
behavioral1/files/0x0008000000019506-37.dat	xmrig
behavioral1/files/0x00060000000194d0-27.dat	xmrig
behavioral1/memory/2476-3985-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/604-3986-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2352-3987-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2744-3988-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2212-3989-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2816-3990-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1976-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2564-3993-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2716-3992-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2724-3995-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2720-3994-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1176-3997-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2476	urXvLay.exe
604	raleJQp.exe
2352	YYaGBNX.exe
2744	UWONxaK.exe
2212	mdVkuYx.exe
1976	mxxteYL.exe
2816	HqmIXgb.exe
2716	GPacKDR.exe
2564	seoSLSu.exe
2720	CHTtiOG.exe
2860	Wwbwcpg.exe
2724	eHRilzy.exe
1176	yMivjwC.exe
2576	XlAixvF.exe
2680	CVlRsFm.exe
2396	tmVyaaP.exe
1492	QKsbboi.exe
1956	nlHiAro.exe
2736	YbOnROl.exe
2296	LBiQamM.exe
2628	NJXVdoy.exe
2384	kUrLAut.exe
2084	pmorbHf.exe
2896	gelSoPa.exe
3064	oaIbNzA.exe
2144	MZzLXwc.exe
1632	sBZantG.exe
684	dnJkyBz.exe
1988	LOQPvkO.exe
1896	NXJtyOa.exe
2440	SDHIAIJ.exe
1716	LTeenmw.exe
1500	MKdFSdX.exe
1648	eAdssrQ.exe
2088	XcaVcSV.exe
1884	EjEwkhS.exe
1000	Zmnjlys.exe
1536	zHDinCU.exe
2112	hiSJMKo.exe
1464	PNFQDip.exe
1080	LVOHNfh.exe
2368	gTylcbN.exe
2960	BjvHLcL.exe
2176	rpUYroX.exe
2268	EZcFVaa.exe
1096	ngjWXre.exe
884	Dgybhyi.exe
1824	ekNfrdx.exe
2096	iqUVqXG.exe
1576	lXbRvyO.exe
1680	ZUYklbO.exe
2288	DsOVKaa.exe
2424	tZGhVcQ.exe
2704	oEWwtMa.exe
2828	JIUQxia.exe
2692	IkMYeVL.exe
2808	DZUinDj.exe
2284	CsSKyrd.exe
2552	SPuJSyw.exe
3048	hFmQUdA.exe
2864	VUiWVuo.exe
2940	fbzdnCd.exe
1636	fPBCutR.exe
3024	tIIAynZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2256-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0007000000019467-12.dat	upx
behavioral1/files/0x0006000000019496-11.dat	upx
behavioral1/files/0x000b000000012281-6.dat	upx
behavioral1/files/0x00060000000194ad-19.dat	upx
behavioral1/files/0x00060000000194ef-31.dat	upx
behavioral1/files/0x000700000001963b-41.dat	upx
behavioral1/files/0x000500000001967f-46.dat	upx
behavioral1/files/0x00050000000196c0-51.dat	upx
behavioral1/files/0x00050000000199b9-61.dat	upx
behavioral1/files/0x0005000000019c54-67.dat	upx
behavioral1/files/0x0005000000019d62-91.dat	upx
behavioral1/files/0x0005000000019dd7-101.dat	upx
behavioral1/files/0x000500000001a09f-121.dat	upx
behavioral1/files/0x000500000001a094-116.dat	upx
behavioral1/files/0x000500000001a0b8-135.dat	upx
behavioral1/files/0x000500000001a322-137.dat	upx
behavioral1/memory/2352-145-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1976-151-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2564-157-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2860-161-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2576-167-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2476-168-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000500000001a441-174.dat	upx
behavioral1/memory/2256-957-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000500000001a443-183.dat	upx
behavioral1/files/0x000500000001a445-188.dat	upx
behavioral1/files/0x0008000000019438-179.dat	upx
behavioral1/files/0x000500000001a377-130.dat	upx
behavioral1/memory/1176-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2724-163-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2720-159-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2716-155-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2816-153-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2212-149-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2744-147-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/604-143-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x000500000001a43f-142.dat	upx
behavioral1/files/0x0005000000019fda-111.dat	upx
behavioral1/files/0x0005000000019fbc-106.dat	upx
behavioral1/files/0x0005000000019dcb-96.dat	upx
behavioral1/files/0x0005000000019d3d-86.dat	upx
behavioral1/files/0x0005000000019c73-81.dat	upx
behavioral1/files/0x0005000000019c58-76.dat	upx
behavioral1/files/0x0005000000019c56-71.dat	upx
behavioral1/files/0x000500000001970b-56.dat	upx
behavioral1/files/0x0008000000019506-37.dat	upx
behavioral1/files/0x00060000000194d0-27.dat	upx
behavioral1/memory/2476-3985-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/604-3986-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2352-3987-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2744-3988-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2212-3989-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2816-3990-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1976-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2564-3993-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2716-3992-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2724-3995-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2720-3994-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1176-3997-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2860-3998-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2576-3996-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gelSoPa.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\vkQzaHx.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\BOgYxqd.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\pAyITKN.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\UCCedew.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\jzEFCKL.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ahhVJnZ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\YgDJOEW.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\FiINqWR.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\QnUCLpv.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ClHHfkD.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ZIjKytJ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\lwPpOnG.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\SxSCUfw.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\OrAzTHd.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\pOKrEfF.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\NNsMKBW.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\AGAUOxZ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\rvJvrFq.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\GxDmUCZ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\hxpcxbc.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\CnODCkg.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\TzGAbVV.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\UWONxaK.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\fDxTbnK.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ZTBhVqu.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\uqDTtGO.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\rjxzDnl.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\GodkqJH.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\NSnIoTE.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\UPHIsws.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\fUkgDYv.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\riTbAPW.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\DsUkaiR.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\YioHpzz.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\MKdFSdX.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\Fhmvzcl.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\jxPlDsV.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\XTbhRHb.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\LAgkIxv.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\KlOszJG.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\MQHpgyr.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\AVZjaWS.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\urXvLay.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\VohOmVv.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\sONDWXC.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\hIbTalJ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\yZwwXRt.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\DjFscJt.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\VWLcTJS.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\VwpWqhU.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\oRtKPpc.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\qbAoKEH.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\CfcXSsm.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ttNNrwZ.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\mLLWtOe.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\PrFRZwg.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\jcIHFFB.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\ZNrjZWb.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\HYXbIJb.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\cLaGoda.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\jqnlFhm.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\hRUsRzP.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
File created	C:\Windows\System\bfQGAej.exe	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2476	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	32
PID 2256 wrote to memory of 2476	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	32
PID 2256 wrote to memory of 2476	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	32
PID 2256 wrote to memory of 604	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	33
PID 2256 wrote to memory of 604	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	33
PID 2256 wrote to memory of 604	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	33
PID 2256 wrote to memory of 2352	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	34
PID 2256 wrote to memory of 2352	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	34
PID 2256 wrote to memory of 2352	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	34
PID 2256 wrote to memory of 2744	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	35
PID 2256 wrote to memory of 2744	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	35
PID 2256 wrote to memory of 2744	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	35
PID 2256 wrote to memory of 2212	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	36
PID 2256 wrote to memory of 2212	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	36
PID 2256 wrote to memory of 2212	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	36
PID 2256 wrote to memory of 1976	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	37
PID 2256 wrote to memory of 1976	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	37
PID 2256 wrote to memory of 1976	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	37
PID 2256 wrote to memory of 2816	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	38
PID 2256 wrote to memory of 2816	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	38
PID 2256 wrote to memory of 2816	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	38
PID 2256 wrote to memory of 2716	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	39
PID 2256 wrote to memory of 2716	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	39
PID 2256 wrote to memory of 2716	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	39
PID 2256 wrote to memory of 2564	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	40
PID 2256 wrote to memory of 2564	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	40
PID 2256 wrote to memory of 2564	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	40
PID 2256 wrote to memory of 2720	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	41
PID 2256 wrote to memory of 2720	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	41
PID 2256 wrote to memory of 2720	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	41
PID 2256 wrote to memory of 2860	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	42
PID 2256 wrote to memory of 2860	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	42
PID 2256 wrote to memory of 2860	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	42
PID 2256 wrote to memory of 2724	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	43
PID 2256 wrote to memory of 2724	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	43
PID 2256 wrote to memory of 2724	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	43
PID 2256 wrote to memory of 1176	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	44
PID 2256 wrote to memory of 1176	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	44
PID 2256 wrote to memory of 1176	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	44
PID 2256 wrote to memory of 2576	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	45
PID 2256 wrote to memory of 2576	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	45
PID 2256 wrote to memory of 2576	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	45
PID 2256 wrote to memory of 2680	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	46
PID 2256 wrote to memory of 2680	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	46
PID 2256 wrote to memory of 2680	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	46
PID 2256 wrote to memory of 2396	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	47
PID 2256 wrote to memory of 2396	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	47
PID 2256 wrote to memory of 2396	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	47
PID 2256 wrote to memory of 1492	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	48
PID 2256 wrote to memory of 1492	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	48
PID 2256 wrote to memory of 1492	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	48
PID 2256 wrote to memory of 1956	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	49
PID 2256 wrote to memory of 1956	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	49
PID 2256 wrote to memory of 1956	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	49
PID 2256 wrote to memory of 2736	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	50
PID 2256 wrote to memory of 2736	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	50
PID 2256 wrote to memory of 2736	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	50
PID 2256 wrote to memory of 2296	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	51
PID 2256 wrote to memory of 2296	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	51
PID 2256 wrote to memory of 2296	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	51
PID 2256 wrote to memory of 2628	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	52
PID 2256 wrote to memory of 2628	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	52
PID 2256 wrote to memory of 2628	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	52
PID 2256 wrote to memory of 2384	2256	JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_19ffb6b6324df33879b16c448bfcf5ed9672673f113c6df7886a7025ff96e015.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\System\urXvLay.exe
  C:\Windows\System\urXvLay.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\raleJQp.exe
  C:\Windows\System\raleJQp.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\YYaGBNX.exe
  C:\Windows\System\YYaGBNX.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\UWONxaK.exe
  C:\Windows\System\UWONxaK.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\mdVkuYx.exe
  C:\Windows\System\mdVkuYx.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\mxxteYL.exe
  C:\Windows\System\mxxteYL.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HqmIXgb.exe
  C:\Windows\System\HqmIXgb.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\GPacKDR.exe
  C:\Windows\System\GPacKDR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\seoSLSu.exe
  C:\Windows\System\seoSLSu.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\CHTtiOG.exe
  C:\Windows\System\CHTtiOG.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\Wwbwcpg.exe
  C:\Windows\System\Wwbwcpg.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\eHRilzy.exe
  C:\Windows\System\eHRilzy.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\yMivjwC.exe
  C:\Windows\System\yMivjwC.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\XlAixvF.exe
  C:\Windows\System\XlAixvF.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\CVlRsFm.exe
  C:\Windows\System\CVlRsFm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\tmVyaaP.exe
  C:\Windows\System\tmVyaaP.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\QKsbboi.exe
  C:\Windows\System\QKsbboi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\nlHiAro.exe
  C:\Windows\System\nlHiAro.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\YbOnROl.exe
  C:\Windows\System\YbOnROl.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\LBiQamM.exe
  C:\Windows\System\LBiQamM.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\NJXVdoy.exe
  C:\Windows\System\NJXVdoy.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\kUrLAut.exe
  C:\Windows\System\kUrLAut.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\pmorbHf.exe
  C:\Windows\System\pmorbHf.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\gelSoPa.exe
  C:\Windows\System\gelSoPa.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\oaIbNzA.exe
  C:\Windows\System\oaIbNzA.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\MZzLXwc.exe
  C:\Windows\System\MZzLXwc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\sBZantG.exe
  C:\Windows\System\sBZantG.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\dnJkyBz.exe
  C:\Windows\System\dnJkyBz.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\LOQPvkO.exe
  C:\Windows\System\LOQPvkO.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\NXJtyOa.exe
  C:\Windows\System\NXJtyOa.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\SDHIAIJ.exe
  C:\Windows\System\SDHIAIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\LTeenmw.exe
  C:\Windows\System\LTeenmw.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\MKdFSdX.exe
  C:\Windows\System\MKdFSdX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\eAdssrQ.exe
  C:\Windows\System\eAdssrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\XcaVcSV.exe
  C:\Windows\System\XcaVcSV.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EjEwkhS.exe
  C:\Windows\System\EjEwkhS.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\Zmnjlys.exe
  C:\Windows\System\Zmnjlys.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\zHDinCU.exe
  C:\Windows\System\zHDinCU.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\hiSJMKo.exe
  C:\Windows\System\hiSJMKo.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\PNFQDip.exe
  C:\Windows\System\PNFQDip.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\LVOHNfh.exe
  C:\Windows\System\LVOHNfh.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\gTylcbN.exe
  C:\Windows\System\gTylcbN.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\BjvHLcL.exe
  C:\Windows\System\BjvHLcL.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\rpUYroX.exe
  C:\Windows\System\rpUYroX.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\EZcFVaa.exe
  C:\Windows\System\EZcFVaa.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ngjWXre.exe
  C:\Windows\System\ngjWXre.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\Dgybhyi.exe
  C:\Windows\System\Dgybhyi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ekNfrdx.exe
  C:\Windows\System\ekNfrdx.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\iqUVqXG.exe
  C:\Windows\System\iqUVqXG.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\lXbRvyO.exe
  C:\Windows\System\lXbRvyO.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZUYklbO.exe
  C:\Windows\System\ZUYklbO.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\DsOVKaa.exe
  C:\Windows\System\DsOVKaa.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\tZGhVcQ.exe
  C:\Windows\System\tZGhVcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\oEWwtMa.exe
  C:\Windows\System\oEWwtMa.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\JIUQxia.exe
  C:\Windows\System\JIUQxia.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\IkMYeVL.exe
  C:\Windows\System\IkMYeVL.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\DZUinDj.exe
  C:\Windows\System\DZUinDj.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\CsSKyrd.exe
  C:\Windows\System\CsSKyrd.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\SPuJSyw.exe
  C:\Windows\System\SPuJSyw.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\hFmQUdA.exe
  C:\Windows\System\hFmQUdA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VUiWVuo.exe
  C:\Windows\System\VUiWVuo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\fbzdnCd.exe
  C:\Windows\System\fbzdnCd.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\fPBCutR.exe
  C:\Windows\System\fPBCutR.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\tIIAynZ.exe
  C:\Windows\System\tIIAynZ.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\OoUYemj.exe
  C:\Windows\System\OoUYemj.exe
  2⤵
  PID:1180
- C:\Windows\System\JrqZRfg.exe
  C:\Windows\System\JrqZRfg.exe
  2⤵
  PID:2872
- C:\Windows\System\DavLdTI.exe
  C:\Windows\System\DavLdTI.exe
  2⤵
  PID:2432
- C:\Windows\System\YrWVIRn.exe
  C:\Windows\System\YrWVIRn.exe
  2⤵
  PID:1980
- C:\Windows\System\kmtmPSD.exe
  C:\Windows\System\kmtmPSD.exe
  2⤵
  PID:1672
- C:\Windows\System\MlRQONl.exe
  C:\Windows\System\MlRQONl.exe
  2⤵
  PID:920
- C:\Windows\System\iwcyMkr.exe
  C:\Windows\System\iwcyMkr.exe
  2⤵
  PID:1964
- C:\Windows\System\TyOyEvU.exe
  C:\Windows\System\TyOyEvU.exe
  2⤵
  PID:1752
- C:\Windows\System\bksGVPh.exe
  C:\Windows\System\bksGVPh.exe
  2⤵
  PID:2028
- C:\Windows\System\YlWwOhh.exe
  C:\Windows\System\YlWwOhh.exe
  2⤵
  PID:904
- C:\Windows\System\zGnkpqm.exe
  C:\Windows\System\zGnkpqm.exe
  2⤵
  PID:3012
- C:\Windows\System\HJlJNij.exe
  C:\Windows\System\HJlJNij.exe
  2⤵
  PID:2128
- C:\Windows\System\HYXbIJb.exe
  C:\Windows\System\HYXbIJb.exe
  2⤵
  PID:2024
- C:\Windows\System\YqyzbMM.exe
  C:\Windows\System\YqyzbMM.exe
  2⤵
  PID:1088
- C:\Windows\System\iMMAOPt.exe
  C:\Windows\System\iMMAOPt.exe
  2⤵
  PID:2072
- C:\Windows\System\dwKGQoZ.exe
  C:\Windows\System\dwKGQoZ.exe
  2⤵
  PID:2260
- C:\Windows\System\tjCmsLN.exe
  C:\Windows\System\tjCmsLN.exe
  2⤵
  PID:1676
- C:\Windows\System\jRFSuvG.exe
  C:\Windows\System\jRFSuvG.exe
  2⤵
  PID:2452
- C:\Windows\System\AVHeRuB.exe
  C:\Windows\System\AVHeRuB.exe
  2⤵
  PID:2332
- C:\Windows\System\evshNxl.exe
  C:\Windows\System\evshNxl.exe
  2⤵
  PID:2776
- C:\Windows\System\Xsbaghk.exe
  C:\Windows\System\Xsbaghk.exe
  2⤵
  PID:2964
- C:\Windows\System\YtMEBVZ.exe
  C:\Windows\System\YtMEBVZ.exe
  2⤵
  PID:2572
- C:\Windows\System\fFUACel.exe
  C:\Windows\System\fFUACel.exe
  2⤵
  PID:2636
- C:\Windows\System\ajLNRUG.exe
  C:\Windows\System\ajLNRUG.exe
  2⤵
  PID:864
- C:\Windows\System\mNGOawd.exe
  C:\Windows\System\mNGOawd.exe
  2⤵
  PID:1404
- C:\Windows\System\kDIIGZG.exe
  C:\Windows\System\kDIIGZG.exe
  2⤵
  PID:320
- C:\Windows\System\bmMgLwH.exe
  C:\Windows\System\bmMgLwH.exe
  2⤵
  PID:2492
- C:\Windows\System\wezbRXC.exe
  C:\Windows\System\wezbRXC.exe
  2⤵
  PID:972
- C:\Windows\System\SBrbjZx.exe
  C:\Windows\System\SBrbjZx.exe
  2⤵
  PID:1744
- C:\Windows\System\dNoJbOD.exe
  C:\Windows\System\dNoJbOD.exe
  2⤵
  PID:1888
- C:\Windows\System\opDZEUy.exe
  C:\Windows\System\opDZEUy.exe
  2⤵
  PID:1412
- C:\Windows\System\ARURSDi.exe
  C:\Windows\System\ARURSDi.exe
  2⤵
  PID:1092
- C:\Windows\System\xkqIuVE.exe
  C:\Windows\System\xkqIuVE.exe
  2⤵
  PID:1776
- C:\Windows\System\xUDaLuR.exe
  C:\Windows\System\xUDaLuR.exe
  2⤵
  PID:580
- C:\Windows\System\whIdDgs.exe
  C:\Windows\System\whIdDgs.exe
  2⤵
  PID:2300
- C:\Windows\System\gVHjFeY.exe
  C:\Windows\System\gVHjFeY.exe
  2⤵
  PID:1560
- C:\Windows\System\uPtuyJJ.exe
  C:\Windows\System\uPtuyJJ.exe
  2⤵
  PID:2108
- C:\Windows\System\KJrTZmC.exe
  C:\Windows\System\KJrTZmC.exe
  2⤵
  PID:2760
- C:\Windows\System\rQpTcOG.exe
  C:\Windows\System\rQpTcOG.exe
  2⤵
  PID:2608
- C:\Windows\System\xPlONhp.exe
  C:\Windows\System\xPlONhp.exe
  2⤵
  PID:1340
- C:\Windows\System\JjPPvle.exe
  C:\Windows\System\JjPPvle.exe
  2⤵
  PID:572
- C:\Windows\System\qKbNVEb.exe
  C:\Windows\System\qKbNVEb.exe
  2⤵
  PID:2972
- C:\Windows\System\JmCwAHs.exe
  C:\Windows\System\JmCwAHs.exe
  2⤵
  PID:1312
- C:\Windows\System\uXNffQC.exe
  C:\Windows\System\uXNffQC.exe
  2⤵
  PID:1208
- C:\Windows\System\vIOdBeh.exe
  C:\Windows\System\vIOdBeh.exe
  2⤵
  PID:1596
- C:\Windows\System\OxqfRQf.exe
  C:\Windows\System\OxqfRQf.exe
  2⤵
  PID:1084
- C:\Windows\System\cwkUdnm.exe
  C:\Windows\System\cwkUdnm.exe
  2⤵
  PID:2952
- C:\Windows\System\xassmLa.exe
  C:\Windows\System\xassmLa.exe
  2⤵
  PID:2252
- C:\Windows\System\YwVeMlB.exe
  C:\Windows\System\YwVeMlB.exe
  2⤵
  PID:2612
- C:\Windows\System\DhKcRmE.exe
  C:\Windows\System\DhKcRmE.exe
  2⤵
  PID:1892
- C:\Windows\System\iJwewvc.exe
  C:\Windows\System\iJwewvc.exe
  2⤵
  PID:1196
- C:\Windows\System\zYgUHzf.exe
  C:\Windows\System\zYgUHzf.exe
  2⤵
  PID:1384
- C:\Windows\System\iIsQojm.exe
  C:\Windows\System\iIsQojm.exe
  2⤵
  PID:1572
- C:\Windows\System\NCiPwmm.exe
  C:\Windows\System\NCiPwmm.exe
  2⤵
  PID:3088
- C:\Windows\System\yTBFgRm.exe
  C:\Windows\System\yTBFgRm.exe
  2⤵
  PID:3108
- C:\Windows\System\kbuKShF.exe
  C:\Windows\System\kbuKShF.exe
  2⤵
  PID:3128
- C:\Windows\System\IfrRYAa.exe
  C:\Windows\System\IfrRYAa.exe
  2⤵
  PID:3148
- C:\Windows\System\XCpEqif.exe
  C:\Windows\System\XCpEqif.exe
  2⤵
  PID:3168
- C:\Windows\System\WlCcvPU.exe
  C:\Windows\System\WlCcvPU.exe
  2⤵
  PID:3188
- C:\Windows\System\rjxzDnl.exe
  C:\Windows\System\rjxzDnl.exe
  2⤵
  PID:3208
- C:\Windows\System\SJpuICJ.exe
  C:\Windows\System\SJpuICJ.exe
  2⤵
  PID:3228
- C:\Windows\System\RVQlgyN.exe
  C:\Windows\System\RVQlgyN.exe
  2⤵
  PID:3248
- C:\Windows\System\iOIwwBW.exe
  C:\Windows\System\iOIwwBW.exe
  2⤵
  PID:3268
- C:\Windows\System\KfbNPWP.exe
  C:\Windows\System\KfbNPWP.exe
  2⤵
  PID:3288
- C:\Windows\System\MHDtkUh.exe
  C:\Windows\System\MHDtkUh.exe
  2⤵
  PID:3308
- C:\Windows\System\fSAHKhb.exe
  C:\Windows\System\fSAHKhb.exe
  2⤵
  PID:3324
- C:\Windows\System\GdJCGgE.exe
  C:\Windows\System\GdJCGgE.exe
  2⤵
  PID:3348
- C:\Windows\System\pCceblV.exe
  C:\Windows\System\pCceblV.exe
  2⤵
  PID:3368
- C:\Windows\System\AchNqqf.exe
  C:\Windows\System\AchNqqf.exe
  2⤵
  PID:3388
- C:\Windows\System\YVIXFLU.exe
  C:\Windows\System\YVIXFLU.exe
  2⤵
  PID:3408
- C:\Windows\System\zaxwsgA.exe
  C:\Windows\System\zaxwsgA.exe
  2⤵
  PID:3428
- C:\Windows\System\WaDXJyF.exe
  C:\Windows\System\WaDXJyF.exe
  2⤵
  PID:3448
- C:\Windows\System\QqPODSU.exe
  C:\Windows\System\QqPODSU.exe
  2⤵
  PID:3468
- C:\Windows\System\dsxaXYP.exe
  C:\Windows\System\dsxaXYP.exe
  2⤵
  PID:3484
- C:\Windows\System\riTbAPW.exe
  C:\Windows\System\riTbAPW.exe
  2⤵
  PID:3508
- C:\Windows\System\NmghBWI.exe
  C:\Windows\System\NmghBWI.exe
  2⤵
  PID:3528
- C:\Windows\System\EeRqjIg.exe
  C:\Windows\System\EeRqjIg.exe
  2⤵
  PID:3548
- C:\Windows\System\KjHVVqw.exe
  C:\Windows\System\KjHVVqw.exe
  2⤵
  PID:3568
- C:\Windows\System\lxmnLjh.exe
  C:\Windows\System\lxmnLjh.exe
  2⤵
  PID:3588
- C:\Windows\System\kGAPLwR.exe
  C:\Windows\System\kGAPLwR.exe
  2⤵
  PID:3604
- C:\Windows\System\IiOqAyn.exe
  C:\Windows\System\IiOqAyn.exe
  2⤵
  PID:3628
- C:\Windows\System\OFsvGOm.exe
  C:\Windows\System\OFsvGOm.exe
  2⤵
  PID:3648
- C:\Windows\System\DsUkaiR.exe
  C:\Windows\System\DsUkaiR.exe
  2⤵
  PID:3668
- C:\Windows\System\jldOjNi.exe
  C:\Windows\System\jldOjNi.exe
  2⤵
  PID:3688
- C:\Windows\System\EDjqQOh.exe
  C:\Windows\System\EDjqQOh.exe
  2⤵
  PID:3708
- C:\Windows\System\ZIjKytJ.exe
  C:\Windows\System\ZIjKytJ.exe
  2⤵
  PID:3724
- C:\Windows\System\GQepRyc.exe
  C:\Windows\System\GQepRyc.exe
  2⤵
  PID:3748
- C:\Windows\System\vlZuIXN.exe
  C:\Windows\System\vlZuIXN.exe
  2⤵
  PID:3768
- C:\Windows\System\RjCpHlO.exe
  C:\Windows\System\RjCpHlO.exe
  2⤵
  PID:3788
- C:\Windows\System\xRtzHyj.exe
  C:\Windows\System\xRtzHyj.exe
  2⤵
  PID:3808
- C:\Windows\System\bVSEZiO.exe
  C:\Windows\System\bVSEZiO.exe
  2⤵
  PID:3828
- C:\Windows\System\oEfpoCd.exe
  C:\Windows\System\oEfpoCd.exe
  2⤵
  PID:3844
- C:\Windows\System\JBiigVH.exe
  C:\Windows\System\JBiigVH.exe
  2⤵
  PID:3864
- C:\Windows\System\JKjJkXx.exe
  C:\Windows\System\JKjJkXx.exe
  2⤵
  PID:3888
- C:\Windows\System\cHRGMej.exe
  C:\Windows\System\cHRGMej.exe
  2⤵
  PID:3908
- C:\Windows\System\PZGXkfD.exe
  C:\Windows\System\PZGXkfD.exe
  2⤵
  PID:3928
- C:\Windows\System\rtVcOxm.exe
  C:\Windows\System\rtVcOxm.exe
  2⤵
  PID:3948
- C:\Windows\System\VRVrDEJ.exe
  C:\Windows\System\VRVrDEJ.exe
  2⤵
  PID:3968
- C:\Windows\System\JCiDrsA.exe
  C:\Windows\System\JCiDrsA.exe
  2⤵
  PID:3988
- C:\Windows\System\GzUqOAP.exe
  C:\Windows\System\GzUqOAP.exe
  2⤵
  PID:4008
- C:\Windows\System\HKszKnp.exe
  C:\Windows\System\HKszKnp.exe
  2⤵
  PID:4028
- C:\Windows\System\XTNRiiC.exe
  C:\Windows\System\XTNRiiC.exe
  2⤵
  PID:4048
- C:\Windows\System\CywNXTV.exe
  C:\Windows\System\CywNXTV.exe
  2⤵
  PID:4068
- C:\Windows\System\LhnZAQY.exe
  C:\Windows\System\LhnZAQY.exe
  2⤵
  PID:4088
- C:\Windows\System\RArHxwX.exe
  C:\Windows\System\RArHxwX.exe
  2⤵
  PID:2276
- C:\Windows\System\jJUDIUU.exe
  C:\Windows\System\jJUDIUU.exe
  2⤵
  PID:2092
- C:\Windows\System\VGIUsls.exe
  C:\Windows\System\VGIUsls.exe
  2⤵
  PID:2052
- C:\Windows\System\HPpGykB.exe
  C:\Windows\System\HPpGykB.exe
  2⤵
  PID:812
- C:\Windows\System\iooiHFD.exe
  C:\Windows\System\iooiHFD.exe
  2⤵
  PID:3100
- C:\Windows\System\wxIwanJ.exe
  C:\Windows\System\wxIwanJ.exe
  2⤵
  PID:3144
- C:\Windows\System\HjpdJZu.exe
  C:\Windows\System\HjpdJZu.exe
  2⤵
  PID:3176
- C:\Windows\System\stpPTNq.exe
  C:\Windows\System\stpPTNq.exe
  2⤵
  PID:3164
- C:\Windows\System\gJxwOXc.exe
  C:\Windows\System\gJxwOXc.exe
  2⤵
  PID:3200
- C:\Windows\System\xlBVYQa.exe
  C:\Windows\System\xlBVYQa.exe
  2⤵
  PID:3244
- C:\Windows\System\zvBjYvY.exe
  C:\Windows\System\zvBjYvY.exe
  2⤵
  PID:3296
- C:\Windows\System\lvYzvCc.exe
  C:\Windows\System\lvYzvCc.exe
  2⤵
  PID:3340
- C:\Windows\System\IAXodJG.exe
  C:\Windows\System\IAXodJG.exe
  2⤵
  PID:3376
- C:\Windows\System\rvJvrFq.exe
  C:\Windows\System\rvJvrFq.exe
  2⤵
  PID:3364
- C:\Windows\System\ABRnDlb.exe
  C:\Windows\System\ABRnDlb.exe
  2⤵
  PID:3424
- C:\Windows\System\YYwarpd.exe
  C:\Windows\System\YYwarpd.exe
  2⤵
  PID:3444
- C:\Windows\System\ahhVJnZ.exe
  C:\Windows\System\ahhVJnZ.exe
  2⤵
  PID:3504
- C:\Windows\System\vxBAMEf.exe
  C:\Windows\System\vxBAMEf.exe
  2⤵
  PID:3524
- C:\Windows\System\lwPpOnG.exe
  C:\Windows\System\lwPpOnG.exe
  2⤵
  PID:3584
- C:\Windows\System\rgbtujW.exe
  C:\Windows\System\rgbtujW.exe
  2⤵
  PID:3556
- C:\Windows\System\frRcASA.exe
  C:\Windows\System\frRcASA.exe
  2⤵
  PID:3616
- C:\Windows\System\xtEJAsY.exe
  C:\Windows\System\xtEJAsY.exe
  2⤵
  PID:3660
- C:\Windows\System\mNukhls.exe
  C:\Windows\System\mNukhls.exe
  2⤵
  PID:3700
- C:\Windows\System\BjUTBYD.exe
  C:\Windows\System\BjUTBYD.exe
  2⤵
  PID:3740
- C:\Windows\System\zKqbyvb.exe
  C:\Windows\System\zKqbyvb.exe
  2⤵
  PID:3720
- C:\Windows\System\MRbSePj.exe
  C:\Windows\System\MRbSePj.exe
  2⤵
  PID:3820
- C:\Windows\System\dhPrdgi.exe
  C:\Windows\System\dhPrdgi.exe
  2⤵
  PID:3796
- C:\Windows\System\QVlrpJs.exe
  C:\Windows\System\QVlrpJs.exe
  2⤵
  PID:3836
- C:\Windows\System\JwqkSaO.exe
  C:\Windows\System\JwqkSaO.exe
  2⤵
  PID:3884
- C:\Windows\System\CvBvETM.exe
  C:\Windows\System\CvBvETM.exe
  2⤵
  PID:3916
- C:\Windows\System\VXxebOl.exe
  C:\Windows\System\VXxebOl.exe
  2⤵
  PID:3940
- C:\Windows\System\CcVpCnF.exe
  C:\Windows\System\CcVpCnF.exe
  2⤵
  PID:3960
- C:\Windows\System\PCNWpRb.exe
  C:\Windows\System\PCNWpRb.exe
  2⤵
  PID:4004
- C:\Windows\System\ORNlrVs.exe
  C:\Windows\System\ORNlrVs.exe
  2⤵
  PID:4040
- C:\Windows\System\jORPkXC.exe
  C:\Windows\System\jORPkXC.exe
  2⤵
  PID:2240
- C:\Windows\System\RGVswXN.exe
  C:\Windows\System\RGVswXN.exe
  2⤵
  PID:2728
- C:\Windows\System\BgEawWT.exe
  C:\Windows\System\BgEawWT.exe
  2⤵
  PID:2648
- C:\Windows\System\SaWumin.exe
  C:\Windows\System\SaWumin.exe
  2⤵
  PID:1756
- C:\Windows\System\MCSKFzm.exe
  C:\Windows\System\MCSKFzm.exe
  2⤵
  PID:3080
- C:\Windows\System\KCyspwE.exe
  C:\Windows\System\KCyspwE.exe
  2⤵
  PID:3220
- C:\Windows\System\ZFJVsXr.exe
  C:\Windows\System\ZFJVsXr.exe
  2⤵
  PID:3284
- C:\Windows\System\SDErwAc.exe
  C:\Windows\System\SDErwAc.exe
  2⤵
  PID:3316
- C:\Windows\System\GodkqJH.exe
  C:\Windows\System\GodkqJH.exe
  2⤵
  PID:3320
- C:\Windows\System\tioDWqU.exe
  C:\Windows\System\tioDWqU.exe
  2⤵
  PID:3384
- C:\Windows\System\eTsbRld.exe
  C:\Windows\System\eTsbRld.exe
  2⤵
  PID:3436
- C:\Windows\System\IOlrfDO.exe
  C:\Windows\System\IOlrfDO.exe
  2⤵
  PID:3516
- C:\Windows\System\LyXKzvU.exe
  C:\Windows\System\LyXKzvU.exe
  2⤵
  PID:3612
- C:\Windows\System\RpgNQCW.exe
  C:\Windows\System\RpgNQCW.exe
  2⤵
  PID:3600
- C:\Windows\System\GQyEbcY.exe
  C:\Windows\System\GQyEbcY.exe
  2⤵
  PID:3656
- C:\Windows\System\NNsMKBW.exe
  C:\Windows\System\NNsMKBW.exe
  2⤵
  PID:3684
- C:\Windows\System\ddumtsA.exe
  C:\Windows\System\ddumtsA.exe
  2⤵
  PID:3784
- C:\Windows\System\WpynSnZ.exe
  C:\Windows\System\WpynSnZ.exe
  2⤵
  PID:3804
- C:\Windows\System\EaWQPtA.exe
  C:\Windows\System\EaWQPtA.exe
  2⤵
  PID:3852
- C:\Windows\System\UCktUer.exe
  C:\Windows\System\UCktUer.exe
  2⤵
  PID:4016
- C:\Windows\System\ZfWTjpp.exe
  C:\Windows\System\ZfWTjpp.exe
  2⤵
  PID:3956
- C:\Windows\System\jigKCXP.exe
  C:\Windows\System\jigKCXP.exe
  2⤵
  PID:2228
- C:\Windows\System\cJCTKCp.exe
  C:\Windows\System\cJCTKCp.exe
  2⤵
  PID:3000
- C:\Windows\System\MvkhNxz.exe
  C:\Windows\System\MvkhNxz.exe
  2⤵
  PID:3096
- C:\Windows\System\WNBPwEg.exe
  C:\Windows\System\WNBPwEg.exe
  2⤵
  PID:3160
- C:\Windows\System\KfJuuAG.exe
  C:\Windows\System\KfJuuAG.exe
  2⤵
  PID:3236
- C:\Windows\System\nGDmfIv.exe
  C:\Windows\System\nGDmfIv.exe
  2⤵
  PID:3332
- C:\Windows\System\ZzFCqAm.exe
  C:\Windows\System\ZzFCqAm.exe
  2⤵
  PID:3416
- C:\Windows\System\YCMoXFh.exe
  C:\Windows\System\YCMoXFh.exe
  2⤵
  PID:3476
- C:\Windows\System\whNngZZ.exe
  C:\Windows\System\whNngZZ.exe
  2⤵
  PID:3624
- C:\Windows\System\uMSXrBd.exe
  C:\Windows\System\uMSXrBd.exe
  2⤵
  PID:3756
- C:\Windows\System\ITzksfg.exe
  C:\Windows\System\ITzksfg.exe
  2⤵
  PID:3920
- C:\Windows\System\FXYatzT.exe
  C:\Windows\System\FXYatzT.exe
  2⤵
  PID:3944
- C:\Windows\System\eTkeVCh.exe
  C:\Windows\System\eTkeVCh.exe
  2⤵
  PID:4024
- C:\Windows\System\UybWivv.exe
  C:\Windows\System\UybWivv.exe
  2⤵
  PID:4084
- C:\Windows\System\KHtOwDz.exe
  C:\Windows\System\KHtOwDz.exe
  2⤵
  PID:1516
- C:\Windows\System\IqtykUb.exe
  C:\Windows\System\IqtykUb.exe
  2⤵
  PID:3156
- C:\Windows\System\XxpMdPo.exe
  C:\Windows\System\XxpMdPo.exe
  2⤵
  PID:3196
- C:\Windows\System\NtTqcTw.exe
  C:\Windows\System\NtTqcTw.exe
  2⤵
  PID:3400
- C:\Windows\System\OdBUYaK.exe
  C:\Windows\System\OdBUYaK.exe
  2⤵
  PID:3580
- C:\Windows\System\LpXuypT.exe
  C:\Windows\System\LpXuypT.exe
  2⤵
  PID:3876
- C:\Windows\System\ohbavqX.exe
  C:\Windows\System\ohbavqX.exe
  2⤵
  PID:408
- C:\Windows\System\FJWPgqN.exe
  C:\Windows\System\FJWPgqN.exe
  2⤵
  PID:4020
- C:\Windows\System\zTSzuFX.exe
  C:\Windows\System\zTSzuFX.exe
  2⤵
  PID:3140
- C:\Windows\System\zuLYpzh.exe
  C:\Windows\System\zuLYpzh.exe
  2⤵
  PID:1604
- C:\Windows\System\vzrAeTE.exe
  C:\Windows\System\vzrAeTE.exe
  2⤵
  PID:3520
- C:\Windows\System\Gppcpit.exe
  C:\Windows\System\Gppcpit.exe
  2⤵
  PID:2020
- C:\Windows\System\OJRWMVF.exe
  C:\Windows\System\OJRWMVF.exe
  2⤵
  PID:3036
- C:\Windows\System\kslIKan.exe
  C:\Windows\System\kslIKan.exe
  2⤵
  PID:3540
- C:\Windows\System\cpbXgZg.exe
  C:\Windows\System\cpbXgZg.exe
  2⤵
  PID:2180
- C:\Windows\System\HPFcmhK.exe
  C:\Windows\System\HPFcmhK.exe
  2⤵
  PID:1588
- C:\Windows\System\ilaygTV.exe
  C:\Windows\System\ilaygTV.exe
  2⤵
  PID:3880
- C:\Windows\System\FjGDmSy.exe
  C:\Windows\System\FjGDmSy.exe
  2⤵
  PID:1456
- C:\Windows\System\ZdZIYRi.exe
  C:\Windows\System\ZdZIYRi.exe
  2⤵
  PID:1204
- C:\Windows\System\UsDBjHW.exe
  C:\Windows\System\UsDBjHW.exe
  2⤵
  PID:2104
- C:\Windows\System\lSmAPQv.exe
  C:\Windows\System\lSmAPQv.exe
  2⤵
  PID:2560
- C:\Windows\System\oyOXZwj.exe
  C:\Windows\System\oyOXZwj.exe
  2⤵
  PID:2308
- C:\Windows\System\wTYBHjc.exe
  C:\Windows\System\wTYBHjc.exe
  2⤵
  PID:2280
- C:\Windows\System\xkroQNk.exe
  C:\Windows\System\xkroQNk.exe
  2⤵
  PID:836
- C:\Windows\System\pxRjCHI.exe
  C:\Windows\System\pxRjCHI.exe
  2⤵
  PID:2644
- C:\Windows\System\NbXtiJz.exe
  C:\Windows\System\NbXtiJz.exe
  2⤵
  PID:2316
- C:\Windows\System\RCvmyVb.exe
  C:\Windows\System\RCvmyVb.exe
  2⤵
  PID:4104
- C:\Windows\System\PxhnCSg.exe
  C:\Windows\System\PxhnCSg.exe
  2⤵
  PID:4120
- C:\Windows\System\vqyjweD.exe
  C:\Windows\System\vqyjweD.exe
  2⤵
  PID:4144
- C:\Windows\System\rgjGatc.exe
  C:\Windows\System\rgjGatc.exe
  2⤵
  PID:4160
- C:\Windows\System\GJxgjWY.exe
  C:\Windows\System\GJxgjWY.exe
  2⤵
  PID:4176
- C:\Windows\System\RYfVeYU.exe
  C:\Windows\System\RYfVeYU.exe
  2⤵
  PID:4196
- C:\Windows\System\YdEzjeg.exe
  C:\Windows\System\YdEzjeg.exe
  2⤵
  PID:4216
- C:\Windows\System\aattiJD.exe
  C:\Windows\System\aattiJD.exe
  2⤵
  PID:4240
- C:\Windows\System\JbRuAeB.exe
  C:\Windows\System\JbRuAeB.exe
  2⤵
  PID:4288
- C:\Windows\System\jSDNvSr.exe
  C:\Windows\System\jSDNvSr.exe
  2⤵
  PID:4304
- C:\Windows\System\MeptrWa.exe
  C:\Windows\System\MeptrWa.exe
  2⤵
  PID:4324
- C:\Windows\System\USUOSnz.exe
  C:\Windows\System\USUOSnz.exe
  2⤵
  PID:4340
- C:\Windows\System\NNGgnQj.exe
  C:\Windows\System\NNGgnQj.exe
  2⤵
  PID:4356
- C:\Windows\System\fVKvsAX.exe
  C:\Windows\System\fVKvsAX.exe
  2⤵
  PID:4380
- C:\Windows\System\dQBJvmr.exe
  C:\Windows\System\dQBJvmr.exe
  2⤵
  PID:4400
- C:\Windows\System\tTfIRJA.exe
  C:\Windows\System\tTfIRJA.exe
  2⤵
  PID:4416
- C:\Windows\System\SuXmmgm.exe
  C:\Windows\System\SuXmmgm.exe
  2⤵
  PID:4432
- C:\Windows\System\tMzcrAm.exe
  C:\Windows\System\tMzcrAm.exe
  2⤵
  PID:4448
- C:\Windows\System\AyWnWgg.exe
  C:\Windows\System\AyWnWgg.exe
  2⤵
  PID:4492
- C:\Windows\System\MqiveFF.exe
  C:\Windows\System\MqiveFF.exe
  2⤵
  PID:4512
- C:\Windows\System\yVgGcJR.exe
  C:\Windows\System\yVgGcJR.exe
  2⤵
  PID:4528
- C:\Windows\System\SYyLkzL.exe
  C:\Windows\System\SYyLkzL.exe
  2⤵
  PID:4548
- C:\Windows\System\EBwOkBC.exe
  C:\Windows\System\EBwOkBC.exe
  2⤵
  PID:4564
- C:\Windows\System\MfCgOBD.exe
  C:\Windows\System\MfCgOBD.exe
  2⤵
  PID:4584
- C:\Windows\System\uwIEDlR.exe
  C:\Windows\System\uwIEDlR.exe
  2⤵
  PID:4600
- C:\Windows\System\BZXfBIE.exe
  C:\Windows\System\BZXfBIE.exe
  2⤵
  PID:4616
- C:\Windows\System\bWYOJGg.exe
  C:\Windows\System\bWYOJGg.exe
  2⤵
  PID:4632
- C:\Windows\System\adUWUzm.exe
  C:\Windows\System\adUWUzm.exe
  2⤵
  PID:4660
- C:\Windows\System\XjvRtoW.exe
  C:\Windows\System\XjvRtoW.exe
  2⤵
  PID:4700
- C:\Windows\System\fLvwthA.exe
  C:\Windows\System\fLvwthA.exe
  2⤵
  PID:4720
- C:\Windows\System\lqUAqLW.exe
  C:\Windows\System\lqUAqLW.exe
  2⤵
  PID:4736
- C:\Windows\System\bGMiqld.exe
  C:\Windows\System\bGMiqld.exe
  2⤵
  PID:4752
- C:\Windows\System\dSbSzWY.exe
  C:\Windows\System\dSbSzWY.exe
  2⤵
  PID:4768
- C:\Windows\System\aDYQcOk.exe
  C:\Windows\System\aDYQcOk.exe
  2⤵
  PID:4796
- C:\Windows\System\QNyOaer.exe
  C:\Windows\System\QNyOaer.exe
  2⤵
  PID:4820
- C:\Windows\System\FtgeAPM.exe
  C:\Windows\System\FtgeAPM.exe
  2⤵
  PID:4836
- C:\Windows\System\Oqphope.exe
  C:\Windows\System\Oqphope.exe
  2⤵
  PID:4852
- C:\Windows\System\qwjUTNW.exe
  C:\Windows\System\qwjUTNW.exe
  2⤵
  PID:4868
- C:\Windows\System\jyAbQXu.exe
  C:\Windows\System\jyAbQXu.exe
  2⤵
  PID:4884
- C:\Windows\System\uHAwmNp.exe
  C:\Windows\System\uHAwmNp.exe
  2⤵
  PID:4900
- C:\Windows\System\JDnUpjV.exe
  C:\Windows\System\JDnUpjV.exe
  2⤵
  PID:4924
- C:\Windows\System\oIkHZAM.exe
  C:\Windows\System\oIkHZAM.exe
  2⤵
  PID:4940
- C:\Windows\System\CTeVuPQ.exe
  C:\Windows\System\CTeVuPQ.exe
  2⤵
  PID:4956
- C:\Windows\System\Mxmvind.exe
  C:\Windows\System\Mxmvind.exe
  2⤵
  PID:4972
- C:\Windows\System\paAmDjt.exe
  C:\Windows\System\paAmDjt.exe
  2⤵
  PID:5024
- C:\Windows\System\WnuMUjj.exe
  C:\Windows\System\WnuMUjj.exe
  2⤵
  PID:5040
- C:\Windows\System\kOyzcqx.exe
  C:\Windows\System\kOyzcqx.exe
  2⤵
  PID:5056
- C:\Windows\System\pXUKDGf.exe
  C:\Windows\System\pXUKDGf.exe
  2⤵
  PID:5072
- C:\Windows\System\pePITQt.exe
  C:\Windows\System\pePITQt.exe
  2⤵
  PID:5100
- C:\Windows\System\AZEchHa.exe
  C:\Windows\System\AZEchHa.exe
  2⤵
  PID:3664
- C:\Windows\System\KfDWVBC.exe
  C:\Windows\System\KfDWVBC.exe
  2⤵
  PID:1060
- C:\Windows\System\OFMCUYv.exe
  C:\Windows\System\OFMCUYv.exe
  2⤵
  PID:2140
- C:\Windows\System\GUayOjv.exe
  C:\Windows\System\GUayOjv.exe
  2⤵
  PID:4152
- C:\Windows\System\zwhPVbv.exe
  C:\Windows\System\zwhPVbv.exe
  2⤵
  PID:4224
- C:\Windows\System\VYvWgPi.exe
  C:\Windows\System\VYvWgPi.exe
  2⤵
  PID:2840
- C:\Windows\System\oRtKPpc.exe
  C:\Windows\System\oRtKPpc.exe
  2⤵
  PID:4172
- C:\Windows\System\Moiedtg.exe
  C:\Windows\System\Moiedtg.exe
  2⤵
  PID:4128
- C:\Windows\System\XZmmIMq.exe
  C:\Windows\System\XZmmIMq.exe
  2⤵
  PID:3280
- C:\Windows\System\tQurhPx.exe
  C:\Windows\System\tQurhPx.exe
  2⤵
  PID:2640
- C:\Windows\System\SQOAfuO.exe
  C:\Windows\System\SQOAfuO.exe
  2⤵
  PID:2604
- C:\Windows\System\SxSCUfw.exe
  C:\Windows\System\SxSCUfw.exe
  2⤵
  PID:2932
- C:\Windows\System\NaVybbQ.exe
  C:\Windows\System\NaVybbQ.exe
  2⤵
  PID:2600
- C:\Windows\System\maEPsRd.exe
  C:\Windows\System\maEPsRd.exe
  2⤵
  PID:4332
- C:\Windows\System\rHfDhxK.exe
  C:\Windows\System\rHfDhxK.exe
  2⤵
  PID:2684
- C:\Windows\System\fSmhXxo.exe
  C:\Windows\System\fSmhXxo.exe
  2⤵
  PID:4368
- C:\Windows\System\tULzTER.exe
  C:\Windows\System\tULzTER.exe
  2⤵
  PID:4412
- C:\Windows\System\LlDOaec.exe
  C:\Windows\System\LlDOaec.exe
  2⤵
  PID:4352
- C:\Windows\System\yKBbinE.exe
  C:\Windows\System\yKBbinE.exe
  2⤵
  PID:4284
- C:\Windows\System\REUPyBj.exe
  C:\Windows\System\REUPyBj.exe
  2⤵
  PID:4392
- C:\Windows\System\llPGyht.exe
  C:\Windows\System\llPGyht.exe
  2⤵
  PID:4488
- C:\Windows\System\nytJoDF.exe
  C:\Windows\System\nytJoDF.exe
  2⤵
  PID:4480
- C:\Windows\System\lNzBiEZ.exe
  C:\Windows\System\lNzBiEZ.exe
  2⤵
  PID:4560
- C:\Windows\System\exdyYkt.exe
  C:\Windows\System\exdyYkt.exe
  2⤵
  PID:4544
- C:\Windows\System\TTHlGRQ.exe
  C:\Windows\System\TTHlGRQ.exe
  2⤵
  PID:4608
- C:\Windows\System\PeaywKJ.exe
  C:\Windows\System\PeaywKJ.exe
  2⤵
  PID:4652
- C:\Windows\System\CoKqxEG.exe
  C:\Windows\System\CoKqxEG.exe
  2⤵
  PID:4680
- C:\Windows\System\yQLSxQu.exe
  C:\Windows\System\yQLSxQu.exe
  2⤵
  PID:4708
- C:\Windows\System\PkUZBmA.exe
  C:\Windows\System\PkUZBmA.exe
  2⤵
  PID:4684
- C:\Windows\System\fttPbed.exe
  C:\Windows\System\fttPbed.exe
  2⤵
  PID:1820
- C:\Windows\System\Zfpdbgc.exe
  C:\Windows\System\Zfpdbgc.exe
  2⤵
  PID:4832
- C:\Windows\System\unjtONR.exe
  C:\Windows\System\unjtONR.exe
  2⤵
  PID:4808
- C:\Windows\System\JkoHLeJ.exe
  C:\Windows\System\JkoHLeJ.exe
  2⤵
  PID:4932
- C:\Windows\System\TImAUBQ.exe
  C:\Windows\System\TImAUBQ.exe
  2⤵
  PID:4908
- C:\Windows\System\eHaBhMk.exe
  C:\Windows\System\eHaBhMk.exe
  2⤵
  PID:4988
- C:\Windows\System\gIMYBLG.exe
  C:\Windows\System\gIMYBLG.exe
  2⤵
  PID:2756
- C:\Windows\System\QzDsyld.exe
  C:\Windows\System\QzDsyld.exe
  2⤵
  PID:4912
- C:\Windows\System\KceOcCN.exe
  C:\Windows\System\KceOcCN.exe
  2⤵
  PID:4844
- C:\Windows\System\hxQxEya.exe
  C:\Windows\System\hxQxEya.exe
  2⤵
  PID:5004
- C:\Windows\System\VzAcpTG.exe
  C:\Windows\System\VzAcpTG.exe
  2⤵
  PID:5020
- C:\Windows\System\dvWDkAg.exe
  C:\Windows\System\dvWDkAg.exe
  2⤵
  PID:5036
- C:\Windows\System\lPYIjlf.exe
  C:\Windows\System\lPYIjlf.exe
  2⤵
  PID:5080
- C:\Windows\System\aJgmcZD.exe
  C:\Windows\System\aJgmcZD.exe
  2⤵
  PID:5096
- C:\Windows\System\OxlEVWG.exe
  C:\Windows\System\OxlEVWG.exe
  2⤵
  PID:3856
- C:\Windows\System\ydjHuBD.exe
  C:\Windows\System\ydjHuBD.exe
  2⤵
  PID:2676
- C:\Windows\System\nxeaaTD.exe
  C:\Windows\System\nxeaaTD.exe
  2⤵
  PID:4112
- C:\Windows\System\TVWptVu.exe
  C:\Windows\System\TVWptVu.exe
  2⤵
  PID:2488
- C:\Windows\System\dwfwHxX.exe
  C:\Windows\System\dwfwHxX.exe
  2⤵
  PID:4376
- C:\Windows\System\WJkJQAn.exe
  C:\Windows\System\WJkJQAn.exe
  2⤵
  PID:4484
- C:\Windows\System\wwFHJbY.exe
  C:\Windows\System\wwFHJbY.exe
  2⤵
  PID:4504
- C:\Windows\System\IgZcEfg.exe
  C:\Windows\System\IgZcEfg.exe
  2⤵
  PID:4624
- C:\Windows\System\QPVlrtj.exe
  C:\Windows\System\QPVlrtj.exe
  2⤵
  PID:4300
- C:\Windows\System\wjvEihU.exe
  C:\Windows\System\wjvEihU.exe
  2⤵
  PID:4476
- C:\Windows\System\djOBphG.exe
  C:\Windows\System\djOBphG.exe
  2⤵
  PID:4444
- C:\Windows\System\CTRVVCv.exe
  C:\Windows\System\CTRVVCv.exe
  2⤵
  PID:4576
- C:\Windows\System\itJlSWE.exe
  C:\Windows\System\itJlSWE.exe
  2⤵
  PID:4640
- C:\Windows\System\pvERStZ.exe
  C:\Windows\System\pvERStZ.exe
  2⤵
  PID:4760
- C:\Windows\System\DRckuLF.exe
  C:\Windows\System\DRckuLF.exe
  2⤵
  PID:468
- C:\Windows\System\fbNWjra.exe
  C:\Windows\System\fbNWjra.exe
  2⤵
  PID:4788
- C:\Windows\System\fjUhKJd.exe
  C:\Windows\System\fjUhKJd.exe
  2⤵
  PID:2772
- C:\Windows\System\afrjBCn.exe
  C:\Windows\System\afrjBCn.exe
  2⤵
  PID:4748
- C:\Windows\System\kgxKhok.exe
  C:\Windows\System\kgxKhok.exe
  2⤵
  PID:3044
- C:\Windows\System\wvfTxte.exe
  C:\Windows\System\wvfTxte.exe
  2⤵
  PID:1688
- C:\Windows\System\kWjWqRR.exe
  C:\Windows\System\kWjWqRR.exe
  2⤵
  PID:4816
- C:\Windows\System\ngyfNVj.exe
  C:\Windows\System\ngyfNVj.exe
  2⤵
  PID:5052
- C:\Windows\System\RVYcfIa.exe
  C:\Windows\System\RVYcfIa.exe
  2⤵
  PID:5108
- C:\Windows\System\oMONIVC.exe
  C:\Windows\System\oMONIVC.exe
  2⤵
  PID:2100
- C:\Windows\System\zrYlbqa.exe
  C:\Windows\System\zrYlbqa.exe
  2⤵
  PID:2752
- C:\Windows\System\nBvXmUi.exe
  C:\Windows\System\nBvXmUi.exe
  2⤵
  PID:4236
- C:\Windows\System\qSTTkxc.exe
  C:\Windows\System\qSTTkxc.exe
  2⤵
  PID:5016
- C:\Windows\System\CNvpzJs.exe
  C:\Windows\System\CNvpzJs.exe
  2⤵
  PID:4264
- C:\Windows\System\GfAPcMc.exe
  C:\Windows\System\GfAPcMc.exe
  2⤵
  PID:2852
- C:\Windows\System\DtxkhCi.exe
  C:\Windows\System\DtxkhCi.exe
  2⤵
  PID:2732
- C:\Windows\System\CbvhJye.exe
  C:\Windows\System\CbvhJye.exe
  2⤵
  PID:4280
- C:\Windows\System\TcysTHo.exe
  C:\Windows\System\TcysTHo.exe
  2⤵
  PID:4592
- C:\Windows\System\OFbXarM.exe
  C:\Windows\System\OFbXarM.exe
  2⤵
  PID:4316
- C:\Windows\System\gIYLJBb.exe
  C:\Windows\System\gIYLJBb.exe
  2⤵
  PID:640
- C:\Windows\System\BuRTJzK.exe
  C:\Windows\System\BuRTJzK.exe
  2⤵
  PID:4784
- C:\Windows\System\GxDmUCZ.exe
  C:\Windows\System\GxDmUCZ.exe
  2⤵
  PID:1056
- C:\Windows\System\yGdlKAg.exe
  C:\Windows\System\yGdlKAg.exe
  2⤵
  PID:4776
- C:\Windows\System\pmkAUfy.exe
  C:\Windows\System\pmkAUfy.exe
  2⤵
  PID:924
- C:\Windows\System\vZBMyxp.exe
  C:\Windows\System\vZBMyxp.exe
  2⤵
  PID:4896
- C:\Windows\System\VGIaXJT.exe
  C:\Windows\System\VGIaXJT.exe
  2⤵
  PID:4136
- C:\Windows\System\ihJTUqG.exe
  C:\Windows\System\ihJTUqG.exe
  2⤵
  PID:5092
- C:\Windows\System\QDTFcFz.exe
  C:\Windows\System\QDTFcFz.exe
  2⤵
  PID:5064
- C:\Windows\System\onsfsKn.exe
  C:\Windows\System\onsfsKn.exe
  2⤵
  PID:2780
- C:\Windows\System\qbAoKEH.exe
  C:\Windows\System\qbAoKEH.exe
  2⤵
  PID:1600
- C:\Windows\System\AAGEqFk.exe
  C:\Windows\System\AAGEqFk.exe
  2⤵
  PID:1848
- C:\Windows\System\RDiZhhF.exe
  C:\Windows\System\RDiZhhF.exe
  2⤵
  PID:1724
- C:\Windows\System\BMooneU.exe
  C:\Windows\System\BMooneU.exe
  2⤵
  PID:2824
- C:\Windows\System\IYOoNwg.exe
  C:\Windows\System\IYOoNwg.exe
  2⤵
  PID:4712
- C:\Windows\System\CmWjuAe.exe
  C:\Windows\System\CmWjuAe.exe
  2⤵
  PID:4828
- C:\Windows\System\PkTtonH.exe
  C:\Windows\System\PkTtonH.exe
  2⤵
  PID:4672
- C:\Windows\System\ThfxHGM.exe
  C:\Windows\System\ThfxHGM.exe
  2⤵
  PID:4676
- C:\Windows\System\vuSPlZi.exe
  C:\Windows\System\vuSPlZi.exe
  2⤵
  PID:2936
- C:\Windows\System\iGEvnFu.exe
  C:\Windows\System\iGEvnFu.exe
  2⤵
  PID:4892
- C:\Windows\System\XWajvMt.exe
  C:\Windows\System\XWajvMt.exe
  2⤵
  PID:4256
- C:\Windows\System\OfqPnqf.exe
  C:\Windows\System\OfqPnqf.exe
  2⤵
  PID:1244
- C:\Windows\System\kzQaqbW.exe
  C:\Windows\System\kzQaqbW.exe
  2⤵
  PID:5132
- C:\Windows\System\TWzrvTI.exe
  C:\Windows\System\TWzrvTI.exe
  2⤵
  PID:5156
- C:\Windows\System\VnhAuBJ.exe
  C:\Windows\System\VnhAuBJ.exe
  2⤵
  PID:5172
- C:\Windows\System\RNfTTwZ.exe
  C:\Windows\System\RNfTTwZ.exe
  2⤵
  PID:5192
- C:\Windows\System\brpTaNC.exe
  C:\Windows\System\brpTaNC.exe
  2⤵
  PID:5208
- C:\Windows\System\XgQmgLF.exe
  C:\Windows\System\XgQmgLF.exe
  2⤵
  PID:5248
- C:\Windows\System\CJfLvdQ.exe
  C:\Windows\System\CJfLvdQ.exe
  2⤵
  PID:5264
- C:\Windows\System\ncxlaHh.exe
  C:\Windows\System\ncxlaHh.exe
  2⤵
  PID:5300
- C:\Windows\System\yndtzmi.exe
  C:\Windows\System\yndtzmi.exe
  2⤵
  PID:5316
- C:\Windows\System\vbhYPlH.exe
  C:\Windows\System\vbhYPlH.exe
  2⤵
  PID:5332
- C:\Windows\System\ZYMJwTR.exe
  C:\Windows\System\ZYMJwTR.exe
  2⤵
  PID:5348
- C:\Windows\System\quLEWlp.exe
  C:\Windows\System\quLEWlp.exe
  2⤵
  PID:5376
- C:\Windows\System\tDyTfLE.exe
  C:\Windows\System\tDyTfLE.exe
  2⤵
  PID:5400
- C:\Windows\System\BQiwsIE.exe
  C:\Windows\System\BQiwsIE.exe
  2⤵
  PID:5416
- C:\Windows\System\NymFhMX.exe
  C:\Windows\System\NymFhMX.exe
  2⤵
  PID:5444
- C:\Windows\System\wcyCeEH.exe
  C:\Windows\System\wcyCeEH.exe
  2⤵
  PID:5460
- C:\Windows\System\OhmQWlC.exe
  C:\Windows\System\OhmQWlC.exe
  2⤵
  PID:5484
- C:\Windows\System\bsQRZmV.exe
  C:\Windows\System\bsQRZmV.exe
  2⤵
  PID:5504
- C:\Windows\System\tYsCacw.exe
  C:\Windows\System\tYsCacw.exe
  2⤵
  PID:5520
- C:\Windows\System\FfnXphi.exe
  C:\Windows\System\FfnXphi.exe
  2⤵
  PID:5540
- C:\Windows\System\oPgKHhu.exe
  C:\Windows\System\oPgKHhu.exe
  2⤵
  PID:5560
- C:\Windows\System\YlroZhe.exe
  C:\Windows\System\YlroZhe.exe
  2⤵
  PID:5576
- C:\Windows\System\PwyrCEj.exe
  C:\Windows\System\PwyrCEj.exe
  2⤵
  PID:5612
- C:\Windows\System\GdGxTvd.exe
  C:\Windows\System\GdGxTvd.exe
  2⤵
  PID:5628
- C:\Windows\System\ftFDWjR.exe
  C:\Windows\System\ftFDWjR.exe
  2⤵
  PID:5644
- C:\Windows\System\nzjRIsJ.exe
  C:\Windows\System\nzjRIsJ.exe
  2⤵
  PID:5660
- C:\Windows\System\CfEkxJN.exe
  C:\Windows\System\CfEkxJN.exe
  2⤵
  PID:5684
- C:\Windows\System\ESuebIz.exe
  C:\Windows\System\ESuebIz.exe
  2⤵
  PID:5704
- C:\Windows\System\wpylauG.exe
  C:\Windows\System\wpylauG.exe
  2⤵
  PID:5720
- C:\Windows\System\yogzFAY.exe
  C:\Windows\System\yogzFAY.exe
  2⤵
  PID:5740
- C:\Windows\System\HGyLUjt.exe
  C:\Windows\System\HGyLUjt.exe
  2⤵
  PID:5756
- C:\Windows\System\HVXhQHc.exe
  C:\Windows\System\HVXhQHc.exe
  2⤵
  PID:5784
- C:\Windows\System\GQizBCH.exe
  C:\Windows\System\GQizBCH.exe
  2⤵
  PID:5800
- C:\Windows\System\QZkYInq.exe
  C:\Windows\System\QZkYInq.exe
  2⤵
  PID:5816
- C:\Windows\System\SAtGVcM.exe
  C:\Windows\System\SAtGVcM.exe
  2⤵
  PID:5836
- C:\Windows\System\grtwTbK.exe
  C:\Windows\System\grtwTbK.exe
  2⤵
  PID:5856
- C:\Windows\System\ZkvpXOI.exe
  C:\Windows\System\ZkvpXOI.exe
  2⤵
  PID:5872
- C:\Windows\System\QIPOpym.exe
  C:\Windows\System\QIPOpym.exe
  2⤵
  PID:5912
- C:\Windows\System\VohOmVv.exe
  C:\Windows\System\VohOmVv.exe
  2⤵
  PID:5928
- C:\Windows\System\trkZDkN.exe
  C:\Windows\System\trkZDkN.exe
  2⤵
  PID:5948
- C:\Windows\System\RQDKAcR.exe
  C:\Windows\System\RQDKAcR.exe
  2⤵
  PID:5964
- C:\Windows\System\AcWtmQe.exe
  C:\Windows\System\AcWtmQe.exe
  2⤵
  PID:5980
- C:\Windows\System\vIvpjlM.exe
  C:\Windows\System\vIvpjlM.exe
  2⤵
  PID:5996
- C:\Windows\System\ReFLPrQ.exe
  C:\Windows\System\ReFLPrQ.exe
  2⤵
  PID:6016
- C:\Windows\System\HHgxGUZ.exe
  C:\Windows\System\HHgxGUZ.exe
  2⤵
  PID:6040
- C:\Windows\System\QsKciqa.exe
  C:\Windows\System\QsKciqa.exe
  2⤵
  PID:6056
- C:\Windows\System\SToFkzY.exe
  C:\Windows\System\SToFkzY.exe
  2⤵
  PID:6076
- C:\Windows\System\DGbcQLM.exe
  C:\Windows\System\DGbcQLM.exe
  2⤵
  PID:6096
- C:\Windows\System\EzcUiJF.exe
  C:\Windows\System\EzcUiJF.exe
  2⤵
  PID:6116
- C:\Windows\System\sONDWXC.exe
  C:\Windows\System\sONDWXC.exe
  2⤵
  PID:4804
- C:\Windows\System\fGgaTwt.exe
  C:\Windows\System\fGgaTwt.exe
  2⤵
  PID:4556
- C:\Windows\System\XjKpgmC.exe
  C:\Windows\System\XjKpgmC.exe
  2⤵
  PID:4848
- C:\Windows\System\VsPIehv.exe
  C:\Windows\System\VsPIehv.exe
  2⤵
  PID:5128
- C:\Windows\System\JoThGxO.exe
  C:\Windows\System\JoThGxO.exe
  2⤵
  PID:5152
- C:\Windows\System\wKQZzTj.exe
  C:\Windows\System\wKQZzTj.exe
  2⤵
  PID:5148
- C:\Windows\System\XuysfBd.exe
  C:\Windows\System\XuysfBd.exe
  2⤵
  PID:5140
- C:\Windows\System\dNyYnYk.exe
  C:\Windows\System\dNyYnYk.exe
  2⤵
  PID:4272
- C:\Windows\System\KYQtmGu.exe
  C:\Windows\System\KYQtmGu.exe
  2⤵
  PID:5256
- C:\Windows\System\jRWXQjJ.exe
  C:\Windows\System\jRWXQjJ.exe
  2⤵
  PID:4296
- C:\Windows\System\QIHHudb.exe
  C:\Windows\System\QIHHudb.exe
  2⤵
  PID:5228
- C:\Windows\System\LEKdmKA.exe
  C:\Windows\System\LEKdmKA.exe
  2⤵
  PID:5280
- C:\Windows\System\KmFSaES.exe
  C:\Windows\System\KmFSaES.exe
  2⤵
  PID:5324
- C:\Windows\System\vkQzaHx.exe
  C:\Windows\System\vkQzaHx.exe
  2⤵
  PID:5396
- C:\Windows\System\UvDlxCN.exe
  C:\Windows\System\UvDlxCN.exe
  2⤵
  PID:5364
- C:\Windows\System\RTOdEdO.exe
  C:\Windows\System\RTOdEdO.exe
  2⤵
  PID:5356
- C:\Windows\System\EPRSnwC.exe
  C:\Windows\System\EPRSnwC.exe
  2⤵
  PID:5412
- C:\Windows\System\CcTZclg.exe
  C:\Windows\System\CcTZclg.exe
  2⤵
  PID:5512
- C:\Windows\System\OiCUyby.exe
  C:\Windows\System\OiCUyby.exe
  2⤵
  PID:5528
- C:\Windows\System\vARcQgC.exe
  C:\Windows\System\vARcQgC.exe
  2⤵
  PID:5572
- C:\Windows\System\VRRiFvH.exe
  C:\Windows\System\VRRiFvH.exe
  2⤵
  PID:5608
- C:\Windows\System\QGnnRSi.exe
  C:\Windows\System\QGnnRSi.exe
  2⤵
  PID:5676
- C:\Windows\System\RrjQaJO.exe
  C:\Windows\System\RrjQaJO.exe
  2⤵
  PID:5712
- C:\Windows\System\heeunWY.exe
  C:\Windows\System\heeunWY.exe
  2⤵
  PID:5700
- C:\Windows\System\hIbTalJ.exe
  C:\Windows\System\hIbTalJ.exe
  2⤵
  PID:5824
- C:\Windows\System\UciQDNe.exe
  C:\Windows\System\UciQDNe.exe
  2⤵
  PID:5656
- C:\Windows\System\TbmSxDM.exe
  C:\Windows\System\TbmSxDM.exe
  2⤵
  PID:5768
- C:\Windows\System\JMxSlWS.exe
  C:\Windows\System\JMxSlWS.exe
  2⤵
  PID:5880
- C:\Windows\System\ZQLKrWH.exe
  C:\Windows\System\ZQLKrWH.exe
  2⤵
  PID:5900
- C:\Windows\System\ljPGZVf.exe
  C:\Windows\System\ljPGZVf.exe
  2⤵
  PID:5904
- C:\Windows\System\fyGvYwK.exe
  C:\Windows\System\fyGvYwK.exe
  2⤵
  PID:5892
- C:\Windows\System\xCxeuTL.exe
  C:\Windows\System\xCxeuTL.exe
  2⤵
  PID:5944
- C:\Windows\System\QBdVPlb.exe
  C:\Windows\System\QBdVPlb.exe
  2⤵
  PID:5992
- C:\Windows\System\eOFSEzP.exe
  C:\Windows\System\eOFSEzP.exe
  2⤵
  PID:6036
- C:\Windows\System\SaiRxdP.exe
  C:\Windows\System\SaiRxdP.exe
  2⤵
  PID:6048
- C:\Windows\System\nKvEcYh.exe
  C:\Windows\System\nKvEcYh.exe
  2⤵
  PID:6104
- C:\Windows\System\wFvGOWD.exe
  C:\Windows\System\wFvGOWD.exe
  2⤵
  PID:2700
- C:\Windows\System\jxPlDsV.exe
  C:\Windows\System\jxPlDsV.exe
  2⤵
  PID:6128
- C:\Windows\System\uKsRSpn.exe
  C:\Windows\System\uKsRSpn.exe
  2⤵
  PID:2040
- C:\Windows\System\qMZOvOu.exe
  C:\Windows\System\qMZOvOu.exe
  2⤵
  PID:2956
- C:\Windows\System\sFoQnwu.exe
  C:\Windows\System\sFoQnwu.exe
  2⤵
  PID:5088
- C:\Windows\System\KRmLCuD.exe
  C:\Windows\System\KRmLCuD.exe
  2⤵
  PID:2804
- C:\Windows\System\PCuvsFm.exe
  C:\Windows\System\PCuvsFm.exe
  2⤵
  PID:4964
- C:\Windows\System\SzLzrcu.exe
  C:\Windows\System\SzLzrcu.exe
  2⤵
  PID:5388
- C:\Windows\System\fWqGrfN.exe
  C:\Windows\System\fWqGrfN.exe
  2⤵
  PID:5276
- C:\Windows\System\eoZnbDA.exe
  C:\Windows\System\eoZnbDA.exe
  2⤵
  PID:5452
- C:\Windows\System\teGjCop.exe
  C:\Windows\System\teGjCop.exe
  2⤵
  PID:5456
- C:\Windows\System\zEqrIlT.exe
  C:\Windows\System\zEqrIlT.exe
  2⤵
  PID:5340
- C:\Windows\System\QNzTJcr.exe
  C:\Windows\System\QNzTJcr.exe
  2⤵
  PID:5292
- C:\Windows\System\BsTrmcM.exe
  C:\Windows\System\BsTrmcM.exe
  2⤵
  PID:5596
- C:\Windows\System\YvKZJnh.exe
  C:\Windows\System\YvKZJnh.exe
  2⤵
  PID:5604
- C:\Windows\System\tbaRKAM.exe
  C:\Windows\System\tbaRKAM.exe
  2⤵
  PID:5716
- C:\Windows\System\mWbcPDo.exe
  C:\Windows\System\mWbcPDo.exe
  2⤵
  PID:5680
- C:\Windows\System\gyVAutg.exe
  C:\Windows\System\gyVAutg.exe
  2⤵
  PID:5696
- C:\Windows\System\lIKTbhP.exe
  C:\Windows\System\lIKTbhP.exe
  2⤵
  PID:5780
- C:\Windows\System\yONFzgo.exe
  C:\Windows\System\yONFzgo.exe
  2⤵
  PID:5848
- C:\Windows\System\rzAjrjE.exe
  C:\Windows\System\rzAjrjE.exe
  2⤵
  PID:5924
- C:\Windows\System\NtPKQRE.exe
  C:\Windows\System\NtPKQRE.exe
  2⤵
  PID:6032
- C:\Windows\System\CwPTkcT.exe
  C:\Windows\System\CwPTkcT.exe
  2⤵
  PID:6092
- C:\Windows\System\uHpsgcZ.exe
  C:\Windows\System\uHpsgcZ.exe
  2⤵
  PID:6008
- C:\Windows\System\ZXCKQkj.exe
  C:\Windows\System\ZXCKQkj.exe
  2⤵
  PID:5884
- C:\Windows\System\FjnyrYf.exe
  C:\Windows\System\FjnyrYf.exe
  2⤵
  PID:6124
- C:\Windows\System\mIvKvlJ.exe
  C:\Windows\System\mIvKvlJ.exe
  2⤵
  PID:4864
- C:\Windows\System\OhwneoF.exe
  C:\Windows\System\OhwneoF.exe
  2⤵
  PID:2836
- C:\Windows\System\wxzbHSn.exe
  C:\Windows\System\wxzbHSn.exe
  2⤵
  PID:5344
- C:\Windows\System\aympryR.exe
  C:\Windows\System\aympryR.exe
  2⤵
  PID:5548
- C:\Windows\System\jiHjYiJ.exe
  C:\Windows\System\jiHjYiJ.exe
  2⤵
  PID:5940
- C:\Windows\System\VwYLWDm.exe
  C:\Windows\System\VwYLWDm.exe
  2⤵
  PID:1396
- C:\Windows\System\mxwQMwG.exe
  C:\Windows\System\mxwQMwG.exe
  2⤵
  PID:5480
- C:\Windows\System\dMUVNla.exe
  C:\Windows\System\dMUVNla.exe
  2⤵
  PID:5752
- C:\Windows\System\YiJjJbB.exe
  C:\Windows\System\YiJjJbB.exe
  2⤵
  PID:5776
- C:\Windows\System\CzDiqiX.exe
  C:\Windows\System\CzDiqiX.exe
  2⤵
  PID:6112
- C:\Windows\System\xEtDKlA.exe
  C:\Windows\System\xEtDKlA.exe
  2⤵
  PID:5568
- C:\Windows\System\bvWruuq.exe
  C:\Windows\System\bvWruuq.exe
  2⤵
  PID:5600
- C:\Windows\System\TmCFhYv.exe
  C:\Windows\System\TmCFhYv.exe
  2⤵
  PID:5428
- C:\Windows\System\EKkPeFS.exe
  C:\Windows\System\EKkPeFS.exe
  2⤵
  PID:5828
- C:\Windows\System\qkHAOKR.exe
  C:\Windows\System\qkHAOKR.exe
  2⤵
  PID:5408
- C:\Windows\System\spQrAQO.exe
  C:\Windows\System\spQrAQO.exe
  2⤵
  PID:5188
- C:\Windows\System\yZwwXRt.exe
  C:\Windows\System\yZwwXRt.exe
  2⤵
  PID:6004
- C:\Windows\System\fQwmESN.exe
  C:\Windows\System\fQwmESN.exe
  2⤵
  PID:5360
- C:\Windows\System\aABdgbl.exe
  C:\Windows\System\aABdgbl.exe
  2⤵
  PID:5988
- C:\Windows\System\XDapXgG.exe
  C:\Windows\System\XDapXgG.exe
  2⤵
  PID:5692
- C:\Windows\System\RCMVovb.exe
  C:\Windows\System\RCMVovb.exe
  2⤵
  PID:6072
- C:\Windows\System\QczmlIH.exe
  C:\Windows\System\QczmlIH.exe
  2⤵
  PID:1704
- C:\Windows\System\HgjQcOY.exe
  C:\Windows\System\HgjQcOY.exe
  2⤵
  PID:5328
- C:\Windows\System\wOOrfxP.exe
  C:\Windows\System\wOOrfxP.exe
  2⤵
  PID:5808
- C:\Windows\System\KbNZIWd.exe
  C:\Windows\System\KbNZIWd.exe
  2⤵
  PID:6136
- C:\Windows\System\EvcRNhV.exe
  C:\Windows\System\EvcRNhV.exe
  2⤵
  PID:5468
- C:\Windows\System\RQUrguL.exe
  C:\Windows\System\RQUrguL.exe
  2⤵
  PID:6148
- C:\Windows\System\mycmEeh.exe
  C:\Windows\System\mycmEeh.exe
  2⤵
  PID:6168
- C:\Windows\System\KzMpPeT.exe
  C:\Windows\System\KzMpPeT.exe
  2⤵
  PID:6188
- C:\Windows\System\ykLlSSI.exe
  C:\Windows\System\ykLlSSI.exe
  2⤵
  PID:6224
- C:\Windows\System\gdUDojG.exe
  C:\Windows\System\gdUDojG.exe
  2⤵
  PID:6244
- C:\Windows\System\GarHUCM.exe
  C:\Windows\System\GarHUCM.exe
  2⤵
  PID:6260
- C:\Windows\System\mxcOdOf.exe
  C:\Windows\System\mxcOdOf.exe
  2⤵
  PID:6276
- C:\Windows\System\bdPDnAz.exe
  C:\Windows\System\bdPDnAz.exe
  2⤵
  PID:6292
- C:\Windows\System\fItRgUG.exe
  C:\Windows\System\fItRgUG.exe
  2⤵
  PID:6328
- C:\Windows\System\rkvUkpU.exe
  C:\Windows\System\rkvUkpU.exe
  2⤵
  PID:6344
- C:\Windows\System\NZozcak.exe
  C:\Windows\System\NZozcak.exe
  2⤵
  PID:6360
- C:\Windows\System\cQvuyJl.exe
  C:\Windows\System\cQvuyJl.exe
  2⤵
  PID:6376
- C:\Windows\System\FvvGkPS.exe
  C:\Windows\System\FvvGkPS.exe
  2⤵
  PID:6392
- C:\Windows\System\tYWHCOg.exe
  C:\Windows\System\tYWHCOg.exe
  2⤵
  PID:6408
- C:\Windows\System\lwsyfOM.exe
  C:\Windows\System\lwsyfOM.exe
  2⤵
  PID:6424
- C:\Windows\System\RxSAlAD.exe
  C:\Windows\System\RxSAlAD.exe
  2⤵
  PID:6440
- C:\Windows\System\EfwMNhP.exe
  C:\Windows\System\EfwMNhP.exe
  2⤵
  PID:6456
- C:\Windows\System\VLEsQPb.exe
  C:\Windows\System\VLEsQPb.exe
  2⤵
  PID:6476
- C:\Windows\System\qWgXgSy.exe
  C:\Windows\System\qWgXgSy.exe
  2⤵
  PID:6496
- C:\Windows\System\GwGpTcH.exe
  C:\Windows\System\GwGpTcH.exe
  2⤵
  PID:6520
- C:\Windows\System\Fioqidh.exe
  C:\Windows\System\Fioqidh.exe
  2⤵
  PID:6540
- C:\Windows\System\GQiDZQP.exe
  C:\Windows\System\GQiDZQP.exe
  2⤵
  PID:6568
- C:\Windows\System\jQJYxtt.exe
  C:\Windows\System\jQJYxtt.exe
  2⤵
  PID:6588
- C:\Windows\System\QWDthEt.exe
  C:\Windows\System\QWDthEt.exe
  2⤵
  PID:6612
- C:\Windows\System\ZNUKNfU.exe
  C:\Windows\System\ZNUKNfU.exe
  2⤵
  PID:6628
- C:\Windows\System\XhLhYCD.exe
  C:\Windows\System\XhLhYCD.exe
  2⤵
  PID:6672
- C:\Windows\System\ZiCqcHA.exe
  C:\Windows\System\ZiCqcHA.exe
  2⤵
  PID:6688
- C:\Windows\System\sIEUmfW.exe
  C:\Windows\System\sIEUmfW.exe
  2⤵
  PID:6704
- C:\Windows\System\QRvviYU.exe
  C:\Windows\System\QRvviYU.exe
  2⤵
  PID:6720
- C:\Windows\System\pozHRrK.exe
  C:\Windows\System\pozHRrK.exe
  2⤵
  PID:6736
- C:\Windows\System\YzArcys.exe
  C:\Windows\System\YzArcys.exe
  2⤵
  PID:6752
- C:\Windows\System\WlvPErG.exe
  C:\Windows\System\WlvPErG.exe
  2⤵
  PID:6772
- C:\Windows\System\PMZBHie.exe
  C:\Windows\System\PMZBHie.exe
  2⤵
  PID:6792
- C:\Windows\System\XPAlybf.exe
  C:\Windows\System\XPAlybf.exe
  2⤵
  PID:6824
- C:\Windows\System\CJgfYeX.exe
  C:\Windows\System\CJgfYeX.exe
  2⤵
  PID:6844
- C:\Windows\System\uvofZQq.exe
  C:\Windows\System\uvofZQq.exe
  2⤵
  PID:6860
- C:\Windows\System\STkVENT.exe
  C:\Windows\System\STkVENT.exe
  2⤵
  PID:6880
- C:\Windows\System\xuwnvjm.exe
  C:\Windows\System\xuwnvjm.exe
  2⤵
  PID:6900
- C:\Windows\System\cLaGoda.exe
  C:\Windows\System\cLaGoda.exe
  2⤵
  PID:6920
- C:\Windows\System\gIRlATh.exe
  C:\Windows\System\gIRlATh.exe
  2⤵
  PID:6936
- C:\Windows\System\WwxrwWc.exe
  C:\Windows\System\WwxrwWc.exe
  2⤵
  PID:6956
- C:\Windows\System\VENziPw.exe
  C:\Windows\System\VENziPw.exe
  2⤵
  PID:6976
- C:\Windows\System\dESNnkQ.exe
  C:\Windows\System\dESNnkQ.exe
  2⤵
  PID:7004
- C:\Windows\System\GUYfteD.exe
  C:\Windows\System\GUYfteD.exe
  2⤵
  PID:7020
- C:\Windows\System\mAORjKY.exe
  C:\Windows\System\mAORjKY.exe
  2⤵
  PID:7036
- C:\Windows\System\jxKtnhx.exe
  C:\Windows\System\jxKtnhx.exe
  2⤵
  PID:7052
- C:\Windows\System\NipkZAD.exe
  C:\Windows\System\NipkZAD.exe
  2⤵
  PID:7072
- C:\Windows\System\OegnDYZ.exe
  C:\Windows\System\OegnDYZ.exe
  2⤵
  PID:7096
- C:\Windows\System\NTMJSth.exe
  C:\Windows\System\NTMJSth.exe
  2⤵
  PID:7120
- C:\Windows\System\aSPihdF.exe
  C:\Windows\System\aSPihdF.exe
  2⤵
  PID:7136
- C:\Windows\System\szgovYw.exe
  C:\Windows\System\szgovYw.exe
  2⤵
  PID:7152
- C:\Windows\System\WixZqFx.exe
  C:\Windows\System\WixZqFx.exe
  2⤵
  PID:5312
- C:\Windows\System\FmWwIMa.exe
  C:\Windows\System\FmWwIMa.exe
  2⤵
  PID:6156
- C:\Windows\System\HhTnrdY.exe
  C:\Windows\System\HhTnrdY.exe
  2⤵
  PID:5640
- C:\Windows\System\MjSSMTM.exe
  C:\Windows\System\MjSSMTM.exe
  2⤵
  PID:6200
- C:\Windows\System\XTbhRHb.exe
  C:\Windows\System\XTbhRHb.exe
  2⤵
  PID:6216
- C:\Windows\System\yXYocGk.exe
  C:\Windows\System\yXYocGk.exe
  2⤵
  PID:6284
- C:\Windows\System\ffpDYCz.exe
  C:\Windows\System\ffpDYCz.exe
  2⤵
  PID:6320
- C:\Windows\System\phdKzsN.exe
  C:\Windows\System\phdKzsN.exe
  2⤵
  PID:6336
- C:\Windows\System\HboEaek.exe
  C:\Windows\System\HboEaek.exe
  2⤵
  PID:6404
- C:\Windows\System\EjZkdgj.exe
  C:\Windows\System\EjZkdgj.exe
  2⤵
  PID:6468
- C:\Windows\System\qJTHJBi.exe
  C:\Windows\System\qJTHJBi.exe
  2⤵
  PID:6560
- C:\Windows\System\LAgkIxv.exe
  C:\Windows\System\LAgkIxv.exe
  2⤵
  PID:6452
- C:\Windows\System\WwauMsU.exe
  C:\Windows\System\WwauMsU.exe
  2⤵
  PID:6532
- C:\Windows\System\CfcXSsm.exe
  C:\Windows\System\CfcXSsm.exe
  2⤵
  PID:6580
- C:\Windows\System\cIvujfD.exe
  C:\Windows\System\cIvujfD.exe
  2⤵
  PID:6384
- C:\Windows\System\WKAnmfi.exe
  C:\Windows\System\WKAnmfi.exe
  2⤵
  PID:6604
- C:\Windows\System\qUskDDg.exe
  C:\Windows\System\qUskDDg.exe
  2⤵
  PID:6652
- C:\Windows\System\XYeRjAL.exe
  C:\Windows\System\XYeRjAL.exe
  2⤵
  PID:6640
- C:\Windows\System\KlOszJG.exe
  C:\Windows\System\KlOszJG.exe
  2⤵
  PID:6732
- C:\Windows\System\RMGHzEi.exe
  C:\Windows\System\RMGHzEi.exe
  2⤵
  PID:6684
- C:\Windows\System\YgDJOEW.exe
  C:\Windows\System\YgDJOEW.exe
  2⤵
  PID:6820
- C:\Windows\System\jqnlFhm.exe
  C:\Windows\System\jqnlFhm.exe
  2⤵
  PID:6784
- C:\Windows\System\PYSxVhc.exe
  C:\Windows\System\PYSxVhc.exe
  2⤵
  PID:6928
- C:\Windows\System\eTQFDda.exe
  C:\Windows\System\eTQFDda.exe
  2⤵
  PID:6748
- C:\Windows\System\rRDcrzu.exe
  C:\Windows\System\rRDcrzu.exe
  2⤵
  PID:1336
- C:\Windows\System\NSnIoTE.exe
  C:\Windows\System\NSnIoTE.exe
  2⤵
  PID:7044
- C:\Windows\System\ADwCqMU.exe
  C:\Windows\System\ADwCqMU.exe
  2⤵
  PID:6876
- C:\Windows\System\wbIqxXE.exe
  C:\Windows\System\wbIqxXE.exe
  2⤵
  PID:6912
- C:\Windows\System\Pagvthq.exe
  C:\Windows\System\Pagvthq.exe
  2⤵
  PID:7128
- C:\Windows\System\wIaYLoJ.exe
  C:\Windows\System\wIaYLoJ.exe
  2⤵
  PID:6984
- C:\Windows\System\YrzUoDd.exe
  C:\Windows\System\YrzUoDd.exe
  2⤵
  PID:6996
- C:\Windows\System\UtJXVtX.exe
  C:\Windows\System\UtJXVtX.exe
  2⤵
  PID:7164
- C:\Windows\System\gwArDIt.exe
  C:\Windows\System\gwArDIt.exe
  2⤵
  PID:6176
- C:\Windows\System\KzzxLGM.exe
  C:\Windows\System\KzzxLGM.exe
  2⤵
  PID:6084
- C:\Windows\System\cLiTELn.exe
  C:\Windows\System\cLiTELn.exe
  2⤵
  PID:6240
- C:\Windows\System\pLSmPRT.exe
  C:\Windows\System\pLSmPRT.exe
  2⤵
  PID:6252
- C:\Windows\System\YNlRXOa.exe
  C:\Windows\System\YNlRXOa.exe
  2⤵
  PID:6312
- C:\Windows\System\EVIhRHW.exe
  C:\Windows\System\EVIhRHW.exe
  2⤵
  PID:6400
- C:\Windows\System\hTqSTYF.exe
  C:\Windows\System\hTqSTYF.exe
  2⤵
  PID:6508
- C:\Windows\System\QBAbpRd.exe
  C:\Windows\System\QBAbpRd.exe
  2⤵
  PID:6548
- C:\Windows\System\sxooEnP.exe
  C:\Windows\System\sxooEnP.exe
  2⤵
  PID:6528
- C:\Windows\System\VeLMMPu.exe
  C:\Windows\System\VeLMMPu.exe
  2⤵
  PID:6576
- C:\Windows\System\MpAJBxh.exe
  C:\Windows\System\MpAJBxh.exe
  2⤵
  PID:6668
- C:\Windows\System\XGfZKBT.exe
  C:\Windows\System\XGfZKBT.exe
  2⤵
  PID:6620
- C:\Windows\System\SBWfeZL.exe
  C:\Windows\System\SBWfeZL.exe
  2⤵
  PID:6680
- C:\Windows\System\JdUPyfu.exe
  C:\Windows\System\JdUPyfu.exe
  2⤵
  PID:6896
- C:\Windows\System\NyhKhVA.exe
  C:\Windows\System\NyhKhVA.exe
  2⤵
  PID:6780
- C:\Windows\System\bKUUAdb.exe
  C:\Windows\System\bKUUAdb.exe
  2⤵
  PID:6916
- C:\Windows\System\kiKqimI.exe
  C:\Windows\System\kiKqimI.exe
  2⤵
  PID:6204
- C:\Windows\System\LMKWhol.exe
  C:\Windows\System\LMKWhol.exe
  2⤵
  PID:6888
- C:\Windows\System\LgcsKSm.exe
  C:\Windows\System\LgcsKSm.exe
  2⤵
  PID:7068
- C:\Windows\System\vYLEjBY.exe
  C:\Windows\System\vYLEjBY.exe
  2⤵
  PID:6840
- C:\Windows\System\NRDgYAC.exe
  C:\Windows\System\NRDgYAC.exe
  2⤵
  PID:7160
- C:\Windows\System\FWErpEm.exe
  C:\Windows\System\FWErpEm.exe
  2⤵
  PID:7064
- C:\Windows\System\bSguqPl.exe
  C:\Windows\System\bSguqPl.exe
  2⤵
  PID:7028
- C:\Windows\System\kZwLmHd.exe
  C:\Windows\System\kZwLmHd.exe
  2⤵
  PID:6372
- C:\Windows\System\SaPHTPk.exe
  C:\Windows\System\SaPHTPk.exe
  2⤵
  PID:6552
- C:\Windows\System\ufpvDkN.exe
  C:\Windows\System\ufpvDkN.exe
  2⤵
  PID:6432
- C:\Windows\System\HacGQKN.exe
  C:\Windows\System\HacGQKN.exe
  2⤵
  PID:6584
- C:\Windows\System\egtqmck.exe
  C:\Windows\System\egtqmck.exe
  2⤵
  PID:6800
- C:\Windows\System\uiWFWRd.exe
  C:\Windows\System\uiWFWRd.exe
  2⤵
  PID:6892
- C:\Windows\System\CSSLSaE.exe
  C:\Windows\System\CSSLSaE.exe
  2⤵
  PID:7016
- C:\Windows\System\oboimCb.exe
  C:\Windows\System\oboimCb.exe
  2⤵
  PID:6872
- C:\Windows\System\CcMGdGd.exe
  C:\Windows\System\CcMGdGd.exe
  2⤵
  PID:7032
- C:\Windows\System\bOAbOWx.exe
  C:\Windows\System\bOAbOWx.exe
  2⤵
  PID:7112
- C:\Windows\System\zhFCccG.exe
  C:\Windows\System\zhFCccG.exe
  2⤵
  PID:6268
- C:\Windows\System\scMDkgO.exe
  C:\Windows\System\scMDkgO.exe
  2⤵
  PID:6512
- C:\Windows\System\prwGqNp.exe
  C:\Windows\System\prwGqNp.exe
  2⤵
  PID:6416
- C:\Windows\System\QePWQqn.exe
  C:\Windows\System\QePWQqn.exe
  2⤵
  PID:4396
- C:\Windows\System\XGRvQCt.exe
  C:\Windows\System\XGRvQCt.exe
  2⤵
  PID:6868
- C:\Windows\System\jTOzWTu.exe
  C:\Windows\System\jTOzWTu.exe
  2⤵
  PID:6948
- C:\Windows\System\HbtPkuj.exe
  C:\Windows\System\HbtPkuj.exe
  2⤵
  PID:7000
- C:\Windows\System\EyIWHdD.exe
  C:\Windows\System\EyIWHdD.exe
  2⤵
  PID:7144
- C:\Windows\System\dsQTnRp.exe
  C:\Windows\System\dsQTnRp.exe
  2⤵
  PID:6492
- C:\Windows\System\GDLUWjt.exe
  C:\Windows\System\GDLUWjt.exe
  2⤵
  PID:6388
- C:\Windows\System\juvOaIM.exe
  C:\Windows\System\juvOaIM.exe
  2⤵
  PID:6744
- C:\Windows\System\MiBtFdu.exe
  C:\Windows\System\MiBtFdu.exe
  2⤵
  PID:6700
- C:\Windows\System\NavfvDJ.exe
  C:\Windows\System\NavfvDJ.exe
  2⤵
  PID:6952
- C:\Windows\System\qsGgkCo.exe
  C:\Windows\System\qsGgkCo.exe
  2⤵
  PID:7176
- C:\Windows\System\kozZItb.exe
  C:\Windows\System\kozZItb.exe
  2⤵
  PID:7200
- C:\Windows\System\SqbMUxk.exe
  C:\Windows\System\SqbMUxk.exe
  2⤵
  PID:7216
- C:\Windows\System\mgMlXHy.exe
  C:\Windows\System\mgMlXHy.exe
  2⤵
  PID:7232
- C:\Windows\System\zLbtOZI.exe
  C:\Windows\System\zLbtOZI.exe
  2⤵
  PID:7248
- C:\Windows\System\PVJiWKM.exe
  C:\Windows\System\PVJiWKM.exe
  2⤵
  PID:7268
- C:\Windows\System\KBWOeHn.exe
  C:\Windows\System\KBWOeHn.exe
  2⤵
  PID:7284
- C:\Windows\System\FMcpmfK.exe
  C:\Windows\System\FMcpmfK.exe
  2⤵
  PID:7300
- C:\Windows\System\jBtDYVP.exe
  C:\Windows\System\jBtDYVP.exe
  2⤵
  PID:7320
- C:\Windows\System\EsXTaEN.exe
  C:\Windows\System\EsXTaEN.exe
  2⤵
  PID:7348
- C:\Windows\System\rpFyPWj.exe
  C:\Windows\System\rpFyPWj.exe
  2⤵
  PID:7368
- C:\Windows\System\BOgYxqd.exe
  C:\Windows\System\BOgYxqd.exe
  2⤵
  PID:7388
- C:\Windows\System\hxpcxbc.exe
  C:\Windows\System\hxpcxbc.exe
  2⤵
  PID:7404
- C:\Windows\System\mYkwtXK.exe
  C:\Windows\System\mYkwtXK.exe
  2⤵
  PID:7424
- C:\Windows\System\hJulqSj.exe
  C:\Windows\System\hJulqSj.exe
  2⤵
  PID:7452
- C:\Windows\System\LIbQsTE.exe
  C:\Windows\System\LIbQsTE.exe
  2⤵
  PID:7472
- C:\Windows\System\vYbNCiD.exe
  C:\Windows\System\vYbNCiD.exe
  2⤵
  PID:7488
- C:\Windows\System\DjFscJt.exe
  C:\Windows\System\DjFscJt.exe
  2⤵
  PID:7516
- C:\Windows\System\nMpRLVT.exe
  C:\Windows\System\nMpRLVT.exe
  2⤵
  PID:7532
- C:\Windows\System\qBvSqOl.exe
  C:\Windows\System\qBvSqOl.exe
  2⤵
  PID:7568
- C:\Windows\System\bGNLBaE.exe
  C:\Windows\System\bGNLBaE.exe
  2⤵
  PID:7584
- C:\Windows\System\CnODCkg.exe
  C:\Windows\System\CnODCkg.exe
  2⤵
  PID:7604
- C:\Windows\System\xhfvjjy.exe
  C:\Windows\System\xhfvjjy.exe
  2⤵
  PID:7620
- C:\Windows\System\UPHIsws.exe
  C:\Windows\System\UPHIsws.exe
  2⤵
  PID:7636
- C:\Windows\System\DrnJAQR.exe
  C:\Windows\System\DrnJAQR.exe
  2⤵
  PID:7652
- C:\Windows\System\xiYsvYl.exe
  C:\Windows\System\xiYsvYl.exe
  2⤵
  PID:7672
- C:\Windows\System\RpHEfom.exe
  C:\Windows\System\RpHEfom.exe
  2⤵
  PID:7700
- C:\Windows\System\lfpMKKz.exe
  C:\Windows\System\lfpMKKz.exe
  2⤵
  PID:7716
- C:\Windows\System\EIboMJE.exe
  C:\Windows\System\EIboMJE.exe
  2⤵
  PID:7736
- C:\Windows\System\djXGDIl.exe
  C:\Windows\System\djXGDIl.exe
  2⤵
  PID:7752
- C:\Windows\System\mOtiGyO.exe
  C:\Windows\System\mOtiGyO.exe
  2⤵
  PID:7768
- C:\Windows\System\hZmZJxd.exe
  C:\Windows\System\hZmZJxd.exe
  2⤵
  PID:7784
- C:\Windows\System\vWLpKqg.exe
  C:\Windows\System\vWLpKqg.exe
  2⤵
  PID:7824
- C:\Windows\System\tGOUENj.exe
  C:\Windows\System\tGOUENj.exe
  2⤵
  PID:7840
- C:\Windows\System\sEydOMy.exe
  C:\Windows\System\sEydOMy.exe
  2⤵
  PID:7864
- C:\Windows\System\sLsmcvW.exe
  C:\Windows\System\sLsmcvW.exe
  2⤵
  PID:7880
- C:\Windows\System\nNixkPv.exe
  C:\Windows\System\nNixkPv.exe
  2⤵
  PID:7896
- C:\Windows\System\xNcxPjq.exe
  C:\Windows\System\xNcxPjq.exe
  2⤵
  PID:7916
- C:\Windows\System\iGFalBe.exe
  C:\Windows\System\iGFalBe.exe
  2⤵
  PID:7932
- C:\Windows\System\ejDPeCt.exe
  C:\Windows\System\ejDPeCt.exe
  2⤵
  PID:7948
- C:\Windows\System\Qyzcwvt.exe
  C:\Windows\System\Qyzcwvt.exe
  2⤵
  PID:7968
- C:\Windows\System\tSUZYwe.exe
  C:\Windows\System\tSUZYwe.exe
  2⤵
  PID:7984
- C:\Windows\System\LctLGBt.exe
  C:\Windows\System\LctLGBt.exe
  2⤵
  PID:8016
- C:\Windows\System\uodQCkR.exe
  C:\Windows\System\uodQCkR.exe
  2⤵
  PID:8032
- C:\Windows\System\BJwelkV.exe
  C:\Windows\System\BJwelkV.exe
  2⤵
  PID:8052
- C:\Windows\System\qnCfwrv.exe
  C:\Windows\System\qnCfwrv.exe
  2⤵
  PID:8072
- C:\Windows\System\GnMCKxQ.exe
  C:\Windows\System\GnMCKxQ.exe
  2⤵
  PID:8112
- C:\Windows\System\OgHxtcj.exe
  C:\Windows\System\OgHxtcj.exe
  2⤵
  PID:8128
- C:\Windows\System\rAWRpTw.exe
  C:\Windows\System\rAWRpTw.exe
  2⤵
  PID:8144
- C:\Windows\System\OvDtzoL.exe
  C:\Windows\System\OvDtzoL.exe
  2⤵
  PID:8168
- C:\Windows\System\EViRCgm.exe
  C:\Windows\System\EViRCgm.exe
  2⤵
  PID:8188
- C:\Windows\System\euByVog.exe
  C:\Windows\System\euByVog.exe
  2⤵
  PID:6308
- C:\Windows\System\eylziAF.exe
  C:\Windows\System\eylziAF.exe
  2⤵
  PID:7276
- C:\Windows\System\KgIAqlm.exe
  C:\Windows\System\KgIAqlm.exe
  2⤵
  PID:7084
- C:\Windows\System\jPPBNVi.exe
  C:\Windows\System\jPPBNVi.exe
  2⤵
  PID:7360
- C:\Windows\System\vEZznsJ.exe
  C:\Windows\System\vEZznsJ.exe
  2⤵
  PID:7444
- C:\Windows\System\WtOVOLv.exe
  C:\Windows\System\WtOVOLv.exe
  2⤵
  PID:6664
- C:\Windows\System\SUDdOme.exe
  C:\Windows\System\SUDdOme.exe
  2⤵
  PID:872
- C:\Windows\System\TzGAbVV.exe
  C:\Windows\System\TzGAbVV.exe
  2⤵
  PID:7264
- C:\Windows\System\iKgrjeC.exe
  C:\Windows\System\iKgrjeC.exe
  2⤵
  PID:7340
- C:\Windows\System\bQGwOFU.exe
  C:\Windows\System\bQGwOFU.exe
  2⤵
  PID:7376
- C:\Windows\System\zlfVlLn.exe
  C:\Windows\System\zlfVlLn.exe
  2⤵
  PID:7504
- C:\Windows\System\ayBuAKr.exe
  C:\Windows\System\ayBuAKr.exe
  2⤵
  PID:7416
- C:\Windows\System\GPkLwAh.exe
  C:\Windows\System\GPkLwAh.exe
  2⤵
  PID:7496
- C:\Windows\System\HRqoGsf.exe
  C:\Windows\System\HRqoGsf.exe
  2⤵
  PID:7560
- C:\Windows\System\HWJIpwU.exe
  C:\Windows\System\HWJIpwU.exe
  2⤵
  PID:7556
- C:\Windows\System\tskflkQ.exe
  C:\Windows\System\tskflkQ.exe
  2⤵
  PID:7600
- C:\Windows\System\MVjMktM.exe
  C:\Windows\System\MVjMktM.exe
  2⤵
  PID:7680
- C:\Windows\System\hoGnxbn.exe
  C:\Windows\System\hoGnxbn.exe
  2⤵
  PID:7792
- C:\Windows\System\trYQvyB.exe
  C:\Windows\System\trYQvyB.exe
  2⤵
  PID:7804
- C:\Windows\System\aHTdoFa.exe
  C:\Windows\System\aHTdoFa.exe
  2⤵
  PID:7660
- C:\Windows\System\hgAumFz.exe
  C:\Windows\System\hgAumFz.exe
  2⤵
  PID:7712
- C:\Windows\System\GEJUdQc.exe
  C:\Windows\System\GEJUdQc.exe
  2⤵
  PID:7848
- C:\Windows\System\MLdFAxM.exe
  C:\Windows\System\MLdFAxM.exe
  2⤵
  PID:7892
- C:\Windows\System\pAyITKN.exe
  C:\Windows\System\pAyITKN.exe
  2⤵
  PID:7960
- C:\Windows\System\YYKyAIg.exe
  C:\Windows\System\YYKyAIg.exe
  2⤵
  PID:7996
- C:\Windows\System\rSgHHww.exe
  C:\Windows\System\rSgHHww.exe
  2⤵
  PID:8012
- C:\Windows\System\QVdsnGj.exe
  C:\Windows\System\QVdsnGj.exe
  2⤵
  PID:8080
- C:\Windows\System\KNxdFhL.exe
  C:\Windows\System\KNxdFhL.exe
  2⤵
  PID:8028
- C:\Windows\System\TcPAZMb.exe
  C:\Windows\System\TcPAZMb.exe
  2⤵
  PID:8088
- C:\Windows\System\xKXxegr.exe
  C:\Windows\System\xKXxegr.exe
  2⤵
  PID:8100
- C:\Windows\System\MQHpgyr.exe
  C:\Windows\System\MQHpgyr.exe
  2⤵
  PID:8152
- C:\Windows\System\PKQwOUi.exe
  C:\Windows\System\PKQwOUi.exe
  2⤵
  PID:8184
- C:\Windows\System\iQflipZ.exe
  C:\Windows\System\iQflipZ.exe
  2⤵
  PID:7312
- C:\Windows\System\QAjcviB.exe
  C:\Windows\System\QAjcviB.exe
  2⤵
  PID:6836
- C:\Windows\System\TJMyGSD.exe
  C:\Windows\System\TJMyGSD.exe
  2⤵
  PID:6856
- C:\Windows\System\MXBolDw.exe
  C:\Windows\System\MXBolDw.exe
  2⤵
  PID:7432
- C:\Windows\System\WcoYbCw.exe
  C:\Windows\System\WcoYbCw.exe
  2⤵
  PID:7528
- C:\Windows\System\YTEfDcw.exe
  C:\Windows\System\YTEfDcw.exe
  2⤵
  PID:7188
- C:\Windows\System\TPwKEwX.exe
  C:\Windows\System\TPwKEwX.exe
  2⤵
  PID:7524
- C:\Windows\System\QMsRJHR.exe
  C:\Windows\System\QMsRJHR.exe
  2⤵
  PID:7540
- C:\Windows\System\mOrNHsn.exe
  C:\Windows\System\mOrNHsn.exe
  2⤵
  PID:7616
- C:\Windows\System\WLNWauI.exe
  C:\Windows\System\WLNWauI.exe
  2⤵
  PID:7668
- C:\Windows\System\TUrgtpm.exe
  C:\Windows\System\TUrgtpm.exe
  2⤵
  PID:7628
- C:\Windows\System\uwZuTCI.exe
  C:\Windows\System\uwZuTCI.exe
  2⤵
  PID:7764
- C:\Windows\System\TwybIAK.exe
  C:\Windows\System\TwybIAK.exe
  2⤵
  PID:7776
- C:\Windows\System\UvNSFaW.exe
  C:\Windows\System\UvNSFaW.exe
  2⤵
  PID:7956
- C:\Windows\System\JdXdfbY.exe
  C:\Windows\System\JdXdfbY.exe
  2⤵
  PID:7940
- C:\Windows\System\ttNNrwZ.exe
  C:\Windows\System\ttNNrwZ.exe
  2⤵
  PID:8024
- C:\Windows\System\QCkEoJl.exe
  C:\Windows\System\QCkEoJl.exe
  2⤵
  PID:8096
- C:\Windows\System\ROHXbxc.exe
  C:\Windows\System\ROHXbxc.exe
  2⤵
  PID:8140
- C:\Windows\System\XctDdtS.exe
  C:\Windows\System\XctDdtS.exe
  2⤵
  PID:7992
- C:\Windows\System\bpYSApR.exe
  C:\Windows\System\bpYSApR.exe
  2⤵
  PID:8164
- C:\Windows\System\MvQESVA.exe
  C:\Windows\System\MvQESVA.exe
  2⤵
  PID:7316
- C:\Windows\System\xrngvSE.exe
  C:\Windows\System\xrngvSE.exe
  2⤵
  PID:7184
- C:\Windows\System\cpLcuxX.exe
  C:\Windows\System\cpLcuxX.exe
  2⤵
  PID:7328
- C:\Windows\System\ttBXonI.exe
  C:\Windows\System\ttBXonI.exe
  2⤵
  PID:7196
- C:\Windows\System\BCBYasE.exe
  C:\Windows\System\BCBYasE.exe
  2⤵
  PID:7552
- C:\Windows\System\MQmblDe.exe
  C:\Windows\System\MQmblDe.exe
  2⤵
  PID:7648
- C:\Windows\System\mLLWtOe.exe
  C:\Windows\System\mLLWtOe.exe
  2⤵
  PID:7664
- C:\Windows\System\VOclAkK.exe
  C:\Windows\System\VOclAkK.exe
  2⤵
  PID:7912
- C:\Windows\System\XQyDQfO.exe
  C:\Windows\System\XQyDQfO.exe
  2⤵
  PID:7908
- C:\Windows\System\NjhqBfT.exe
  C:\Windows\System\NjhqBfT.exe
  2⤵
  PID:7480
- C:\Windows\System\kiJgUgd.exe
  C:\Windows\System\kiJgUgd.exe
  2⤵
  PID:7688
- C:\Windows\System\EXzEprP.exe
  C:\Windows\System\EXzEprP.exe
  2⤵
  PID:7832
- C:\Windows\System\sMVQwPt.exe
  C:\Windows\System\sMVQwPt.exe
  2⤵
  PID:7332
- C:\Windows\System\RLHsbNY.exe
  C:\Windows\System\RLHsbNY.exe
  2⤵
  PID:7336
- C:\Windows\System\fePoPZY.exe
  C:\Windows\System\fePoPZY.exe
  2⤵
  PID:7240
- C:\Windows\System\jJRzPOo.exe
  C:\Windows\System\jJRzPOo.exe
  2⤵
  PID:7760
- C:\Windows\System\whUCWjP.exe
  C:\Windows\System\whUCWjP.exe
  2⤵
  PID:8136
- C:\Windows\System\iAYJwbc.exe
  C:\Windows\System\iAYJwbc.exe
  2⤵
  PID:7576
- C:\Windows\System\PcrGTqS.exe
  C:\Windows\System\PcrGTqS.exe
  2⤵
  PID:7308
- C:\Windows\System\CwrGzCp.exe
  C:\Windows\System\CwrGzCp.exe
  2⤵
  PID:8064
- C:\Windows\System\mdAakdB.exe
  C:\Windows\System\mdAakdB.exe
  2⤵
  PID:7364
- C:\Windows\System\ptrRDUA.exe
  C:\Windows\System\ptrRDUA.exe
  2⤵
  PID:8120
- C:\Windows\System\XtADqwx.exe
  C:\Windows\System\XtADqwx.exe
  2⤵
  PID:7816
- C:\Windows\System\HXemICK.exe
  C:\Windows\System\HXemICK.exe
  2⤵
  PID:7460
- C:\Windows\System\kIYMNZq.exe
  C:\Windows\System\kIYMNZq.exe
  2⤵
  PID:7944
- C:\Windows\System\YzzStaN.exe
  C:\Windows\System\YzzStaN.exe
  2⤵
  PID:7612
- C:\Windows\System\oqBnOzZ.exe
  C:\Windows\System\oqBnOzZ.exe
  2⤵
  PID:7728
- C:\Windows\System\kYxLVRS.exe
  C:\Windows\System\kYxLVRS.exe
  2⤵
  PID:8200
- C:\Windows\System\SjXNsbJ.exe
  C:\Windows\System\SjXNsbJ.exe
  2⤵
  PID:8220
- C:\Windows\System\JIFwfZX.exe
  C:\Windows\System\JIFwfZX.exe
  2⤵
  PID:8236
- C:\Windows\System\izAHaJt.exe
  C:\Windows\System\izAHaJt.exe
  2⤵
  PID:8252
- C:\Windows\System\bKwWkPQ.exe
  C:\Windows\System\bKwWkPQ.exe
  2⤵
  PID:8268
- C:\Windows\System\uouCuJV.exe
  C:\Windows\System\uouCuJV.exe
  2⤵
  PID:8284
- C:\Windows\System\NnarjDg.exe
  C:\Windows\System\NnarjDg.exe
  2⤵
  PID:8300
- C:\Windows\System\hPRgWnc.exe
  C:\Windows\System\hPRgWnc.exe
  2⤵
  PID:8324
- C:\Windows\System\weNKvoI.exe
  C:\Windows\System\weNKvoI.exe
  2⤵
  PID:8348
- C:\Windows\System\HedeRtS.exe
  C:\Windows\System\HedeRtS.exe
  2⤵
  PID:8364
- C:\Windows\System\nSCaamC.exe
  C:\Windows\System\nSCaamC.exe
  2⤵
  PID:8384
- C:\Windows\System\egDeCUP.exe
  C:\Windows\System\egDeCUP.exe
  2⤵
  PID:8408
- C:\Windows\System\fmMvKIi.exe
  C:\Windows\System\fmMvKIi.exe
  2⤵
  PID:8424
- C:\Windows\System\pqGlxyj.exe
  C:\Windows\System\pqGlxyj.exe
  2⤵
  PID:8440
- C:\Windows\System\vtQfvWZ.exe
  C:\Windows\System\vtQfvWZ.exe
  2⤵
  PID:8456
- C:\Windows\System\icsxrlu.exe
  C:\Windows\System\icsxrlu.exe
  2⤵
  PID:8512
- C:\Windows\System\KjKOlIB.exe
  C:\Windows\System\KjKOlIB.exe
  2⤵
  PID:8532
- C:\Windows\System\eQAfHcz.exe
  C:\Windows\System\eQAfHcz.exe
  2⤵
  PID:8548
- C:\Windows\System\iQHAEAC.exe
  C:\Windows\System\iQHAEAC.exe
  2⤵
  PID:8568
- C:\Windows\System\PTefUvl.exe
  C:\Windows\System\PTefUvl.exe
  2⤵
  PID:8592
- C:\Windows\System\UtlSQex.exe
  C:\Windows\System\UtlSQex.exe
  2⤵
  PID:8608
- C:\Windows\System\GhUbONX.exe
  C:\Windows\System\GhUbONX.exe
  2⤵
  PID:8628
- C:\Windows\System\FpeKkjy.exe
  C:\Windows\System\FpeKkjy.exe
  2⤵
  PID:8644
- C:\Windows\System\fLebxpl.exe
  C:\Windows\System\fLebxpl.exe
  2⤵
  PID:8664
- C:\Windows\System\FiINqWR.exe
  C:\Windows\System\FiINqWR.exe
  2⤵
  PID:8688
- C:\Windows\System\etVtlla.exe
  C:\Windows\System\etVtlla.exe
  2⤵
  PID:8708
- C:\Windows\System\BpBRwsp.exe
  C:\Windows\System\BpBRwsp.exe
  2⤵
  PID:8728
- C:\Windows\System\wzElACF.exe
  C:\Windows\System\wzElACF.exe
  2⤵
  PID:8744
- C:\Windows\System\RTCtOBE.exe
  C:\Windows\System\RTCtOBE.exe
  2⤵
  PID:8764
- C:\Windows\System\OOtxToH.exe
  C:\Windows\System\OOtxToH.exe
  2⤵
  PID:8784
- C:\Windows\System\cGMdOBb.exe
  C:\Windows\System\cGMdOBb.exe
  2⤵
  PID:8800
- C:\Windows\System\TXOSSti.exe
  C:\Windows\System\TXOSSti.exe
  2⤵
  PID:8820
- C:\Windows\System\cprUmtJ.exe
  C:\Windows\System\cprUmtJ.exe
  2⤵
  PID:8840
- C:\Windows\System\zyonyKv.exe
  C:\Windows\System\zyonyKv.exe
  2⤵
  PID:8856
- C:\Windows\System\jOrsFfm.exe
  C:\Windows\System\jOrsFfm.exe
  2⤵
  PID:8872
- C:\Windows\System\kggolyZ.exe
  C:\Windows\System\kggolyZ.exe
  2⤵
  PID:8896
- C:\Windows\System\zwAooUT.exe
  C:\Windows\System\zwAooUT.exe
  2⤵
  PID:8912
- C:\Windows\System\ICTRNqI.exe
  C:\Windows\System\ICTRNqI.exe
  2⤵
  PID:8936
- C:\Windows\System\KQshkvN.exe
  C:\Windows\System\KQshkvN.exe
  2⤵
  PID:8956
- C:\Windows\System\AwFCwne.exe
  C:\Windows\System\AwFCwne.exe
  2⤵
  PID:8996
- C:\Windows\System\hRUsRzP.exe
  C:\Windows\System\hRUsRzP.exe
  2⤵
  PID:9016
- C:\Windows\System\wVeFrzF.exe
  C:\Windows\System\wVeFrzF.exe
  2⤵
  PID:9032
- C:\Windows\System\ZesoBfM.exe
  C:\Windows\System\ZesoBfM.exe
  2⤵
  PID:9048
- C:\Windows\System\dsBnTna.exe
  C:\Windows\System\dsBnTna.exe
  2⤵
  PID:9072
- C:\Windows\System\sRfmrua.exe
  C:\Windows\System\sRfmrua.exe
  2⤵
  PID:9100
- C:\Windows\System\NgztqQK.exe
  C:\Windows\System\NgztqQK.exe
  2⤵
  PID:9116
- C:\Windows\System\WisVbGh.exe
  C:\Windows\System\WisVbGh.exe
  2⤵
  PID:9140
- C:\Windows\System\PwNytxs.exe
  C:\Windows\System\PwNytxs.exe
  2⤵
  PID:9156
- C:\Windows\System\FcGegLd.exe
  C:\Windows\System\FcGegLd.exe
  2⤵
  PID:9176
- C:\Windows\System\hSmlcVV.exe
  C:\Windows\System\hSmlcVV.exe
  2⤵
  PID:9196
- C:\Windows\System\TQwcwfU.exe
  C:\Windows\System\TQwcwfU.exe
  2⤵
  PID:9212
- C:\Windows\System\DBsimvu.exe
  C:\Windows\System\DBsimvu.exe
  2⤵
  PID:8264
- C:\Windows\System\iIOibbg.exe
  C:\Windows\System\iIOibbg.exe
  2⤵
  PID:8336
- C:\Windows\System\KFpiECx.exe
  C:\Windows\System\KFpiECx.exe
  2⤵
  PID:8212
- C:\Windows\System\koOkXNm.exe
  C:\Windows\System\koOkXNm.exe
  2⤵
  PID:8280
- C:\Windows\System\yPzYzQP.exe
  C:\Windows\System\yPzYzQP.exe
  2⤵
  PID:8320
- C:\Windows\System\MjqwiMx.exe
  C:\Windows\System\MjqwiMx.exe
  2⤵
  PID:8396
- C:\Windows\System\ZllDHIL.exe
  C:\Windows\System\ZllDHIL.exe
  2⤵
  PID:8448
- C:\Windows\System\eoXiXhx.exe
  C:\Windows\System\eoXiXhx.exe
  2⤵
  PID:8464
- C:\Windows\System\HHNKcMu.exe
  C:\Windows\System\HHNKcMu.exe
  2⤵
  PID:8488
- C:\Windows\System\ItnnmNg.exe
  C:\Windows\System\ItnnmNg.exe
  2⤵
  PID:8540
- C:\Windows\System\ovuMNsU.exe
  C:\Windows\System\ovuMNsU.exe
  2⤵
  PID:8564
- C:\Windows\System\ByAvuvq.exe
  C:\Windows\System\ByAvuvq.exe
  2⤵
  PID:8576
- C:\Windows\System\fqcCLNA.exe
  C:\Windows\System\fqcCLNA.exe
  2⤵
  PID:8672
- C:\Windows\System\yQkOkOE.exe
  C:\Windows\System\yQkOkOE.exe
  2⤵
  PID:8652
- C:\Windows\System\XqHIlAs.exe
  C:\Windows\System\XqHIlAs.exe
  2⤵
  PID:8724
- C:\Windows\System\breakEb.exe
  C:\Windows\System\breakEb.exe
  2⤵
  PID:8796
- C:\Windows\System\LjNdKAH.exe
  C:\Windows\System\LjNdKAH.exe
  2⤵
  PID:8864
- C:\Windows\System\LaeVxTV.exe
  C:\Windows\System\LaeVxTV.exe
  2⤵
  PID:8908
- C:\Windows\System\VnfHRKb.exe
  C:\Windows\System\VnfHRKb.exe
  2⤵
  PID:8812
- C:\Windows\System\IHHkOcT.exe
  C:\Windows\System\IHHkOcT.exe
  2⤵
  PID:8952
- C:\Windows\System\YxsHYiQ.exe
  C:\Windows\System\YxsHYiQ.exe
  2⤵
  PID:8932
- C:\Windows\System\RgnImeL.exe
  C:\Windows\System\RgnImeL.exe
  2⤵
  PID:8884
- C:\Windows\System\uFAMYtC.exe
  C:\Windows\System\uFAMYtC.exe
  2⤵
  PID:8972
- C:\Windows\System\FuXFoUo.exe
  C:\Windows\System\FuXFoUo.exe
  2⤵
  PID:8992
- C:\Windows\System\TTyOjth.exe
  C:\Windows\System\TTyOjth.exe
  2⤵
  PID:9040
- C:\Windows\System\ksFrQRc.exe
  C:\Windows\System\ksFrQRc.exe
  2⤵
  PID:9056
- C:\Windows\System\knTRSBs.exe
  C:\Windows\System\knTRSBs.exe
  2⤵
  PID:9084
- C:\Windows\System\wmhTVOS.exe
  C:\Windows\System\wmhTVOS.exe
  2⤵
  PID:9112
- C:\Windows\System\egTGWkB.exe
  C:\Windows\System\egTGWkB.exe
  2⤵
  PID:9148
- C:\Windows\System\mcHhUNt.exe
  C:\Windows\System\mcHhUNt.exe
  2⤵
  PID:9172
- C:\Windows\System\lOVKzVM.exe
  C:\Windows\System\lOVKzVM.exe
  2⤵
  PID:8232
- C:\Windows\System\PwppAzl.exe
  C:\Windows\System\PwppAzl.exe
  2⤵
  PID:8340
- C:\Windows\System\frdPYLm.exe
  C:\Windows\System\frdPYLm.exe
  2⤵
  PID:8380
- C:\Windows\System\fsRXApM.exe
  C:\Windows\System\fsRXApM.exe
  2⤵
  PID:8392
- C:\Windows\System\DADfdCg.exe
  C:\Windows\System\DADfdCg.exe
  2⤵
  PID:8416
- C:\Windows\System\SPonSJu.exe
  C:\Windows\System\SPonSJu.exe
  2⤵
  PID:8420
- C:\Windows\System\QKOtVvI.exe
  C:\Windows\System\QKOtVvI.exe
  2⤵
  PID:8484
- C:\Windows\System\jTnxADR.exe
  C:\Windows\System\jTnxADR.exe
  2⤵
  PID:8588
- C:\Windows\System\ZSkPFZD.exe
  C:\Windows\System\ZSkPFZD.exe
  2⤵
  PID:8624
- C:\Windows\System\CCBkqHa.exe
  C:\Windows\System\CCBkqHa.exe
  2⤵
  PID:8656
- C:\Windows\System\izuMFqr.exe
  C:\Windows\System\izuMFqr.exe
  2⤵
  PID:8716
- C:\Windows\System\MjfpvYH.exe
  C:\Windows\System\MjfpvYH.exe
  2⤵
  PID:8868
- C:\Windows\System\jPTsxVd.exe
  C:\Windows\System\jPTsxVd.exe
  2⤵
  PID:8924
- C:\Windows\System\BaYzorj.exe
  C:\Windows\System\BaYzorj.exe
  2⤵
  PID:8980
- C:\Windows\System\bIhfxZp.exe
  C:\Windows\System\bIhfxZp.exe
  2⤵
  PID:9096
- C:\Windows\System\UJjYunp.exe
  C:\Windows\System\UJjYunp.exe
  2⤵
  PID:8332
- C:\Windows\System\uwcVCTk.exe
  C:\Windows\System\uwcVCTk.exe
  2⤵
  PID:8276
- C:\Windows\System\cAZyOXd.exe
  C:\Windows\System\cAZyOXd.exe
  2⤵
  PID:8476
- C:\Windows\System\RIjbSmC.exe
  C:\Windows\System\RIjbSmC.exe
  2⤵
  PID:8976
- C:\Windows\System\fBMkOWP.exe
  C:\Windows\System\fBMkOWP.exe
  2⤵
  PID:9136
- C:\Windows\System\italRjZ.exe
  C:\Windows\System\italRjZ.exe
  2⤵
  PID:8620
- C:\Windows\System\PTOJGAB.exe
  C:\Windows\System\PTOJGAB.exe
  2⤵
  PID:8500
- C:\Windows\System\epBxJDc.exe
  C:\Windows\System\epBxJDc.exe
  2⤵
  PID:1552
- C:\Windows\System\DwZwiYq.exe
  C:\Windows\System\DwZwiYq.exe
  2⤵
  PID:8756
- C:\Windows\System\ipfIutd.exe
  C:\Windows\System\ipfIutd.exe
  2⤵
  PID:8792
- C:\Windows\System\YGzVtpO.exe
  C:\Windows\System\YGzVtpO.exe
  2⤵
  PID:8772
- C:\Windows\System\ouwnCYG.exe
  C:\Windows\System\ouwnCYG.exe
  2⤵
  PID:8736
- C:\Windows\System\XOwZYjU.exe
  C:\Windows\System\XOwZYjU.exe
  2⤵
  PID:9060
- C:\Windows\System\JDEwUNv.exe
  C:\Windows\System\JDEwUNv.exe
  2⤵
  PID:9012
- C:\Windows\System\nTMGWIV.exe
  C:\Windows\System\nTMGWIV.exe
  2⤵
  PID:8520
- C:\Windows\System\osMZxjg.exe
  C:\Windows\System\osMZxjg.exe
  2⤵
  PID:8196
- C:\Windows\System\osAZekL.exe
  C:\Windows\System\osAZekL.exe
  2⤵
  PID:8260
- C:\Windows\System\WSAPSCj.exe
  C:\Windows\System\WSAPSCj.exe
  2⤵
  PID:8616
- C:\Windows\System\OLUNIPJ.exe
  C:\Windows\System\OLUNIPJ.exe
  2⤵
  PID:8944
- C:\Windows\System\nFpKKxG.exe
  C:\Windows\System\nFpKKxG.exe
  2⤵
  PID:8920
- C:\Windows\System\NAgMEHX.exe
  C:\Windows\System\NAgMEHX.exe
  2⤵
  PID:8888
- C:\Windows\System\GEhevjk.exe
  C:\Windows\System\GEhevjk.exe
  2⤵
  PID:8216
- C:\Windows\System\XqxYkbo.exe
  C:\Windows\System\XqxYkbo.exe
  2⤵
  PID:7632
- C:\Windows\System\CWtqjXw.exe
  C:\Windows\System\CWtqjXw.exe
  2⤵
  PID:8496
- C:\Windows\System\riMjCTm.exe
  C:\Windows\System\riMjCTm.exe
  2⤵
  PID:9184
- C:\Windows\System\FbjWHFj.exe
  C:\Windows\System\FbjWHFj.exe
  2⤵
  PID:8560
- C:\Windows\System\MzKXaWX.exe
  C:\Windows\System\MzKXaWX.exe
  2⤵
  PID:8436
- C:\Windows\System\CRDsEol.exe
  C:\Windows\System\CRDsEol.exe
  2⤵
  PID:8928
- C:\Windows\System\IgIjRvE.exe
  C:\Windows\System\IgIjRvE.exe
  2⤵
  PID:9220
- C:\Windows\System\SeXBdwi.exe
  C:\Windows\System\SeXBdwi.exe
  2⤵
  PID:9236
- C:\Windows\System\ZSyxdmN.exe
  C:\Windows\System\ZSyxdmN.exe
  2⤵
  PID:9276
- C:\Windows\System\XQthMzq.exe
  C:\Windows\System\XQthMzq.exe
  2⤵
  PID:9292
- C:\Windows\System\lPBicZS.exe
  C:\Windows\System\lPBicZS.exe
  2⤵
  PID:9312
- C:\Windows\System\siMZHHe.exe
  C:\Windows\System\siMZHHe.exe
  2⤵
  PID:9336
- C:\Windows\System\OVJoqFY.exe
  C:\Windows\System\OVJoqFY.exe
  2⤵
  PID:9352
- C:\Windows\System\cQKNoxb.exe
  C:\Windows\System\cQKNoxb.exe
  2⤵
  PID:9368
- C:\Windows\System\DoEqUPV.exe
  C:\Windows\System\DoEqUPV.exe
  2⤵
  PID:9392
- C:\Windows\System\OJrMgtu.exe
  C:\Windows\System\OJrMgtu.exe
  2⤵
  PID:9412
- C:\Windows\System\CVxXQYk.exe
  C:\Windows\System\CVxXQYk.exe
  2⤵
  PID:9428
- C:\Windows\System\BmqVxCa.exe
  C:\Windows\System\BmqVxCa.exe
  2⤵
  PID:9456
- C:\Windows\System\oQovluj.exe
  C:\Windows\System\oQovluj.exe
  2⤵
  PID:9476
- C:\Windows\System\keTdUhd.exe
  C:\Windows\System\keTdUhd.exe
  2⤵
  PID:9492
- C:\Windows\System\xkKQhUv.exe
  C:\Windows\System\xkKQhUv.exe
  2⤵
  PID:9508
- C:\Windows\System\YctdxNS.exe
  C:\Windows\System\YctdxNS.exe
  2⤵
  PID:9524
- C:\Windows\System\pDpVYmo.exe
  C:\Windows\System\pDpVYmo.exe
  2⤵
  PID:9540
- C:\Windows\System\VIWeFBp.exe
  C:\Windows\System\VIWeFBp.exe
  2⤵
  PID:9568
- C:\Windows\System\pXMNOSO.exe
  C:\Windows\System\pXMNOSO.exe
  2⤵
  PID:9588
- C:\Windows\System\gCGnIsp.exe
  C:\Windows\System\gCGnIsp.exe
  2⤵
  PID:9612
- C:\Windows\System\rkOEeaS.exe
  C:\Windows\System\rkOEeaS.exe
  2⤵
  PID:9628
- C:\Windows\System\kITDQio.exe
  C:\Windows\System\kITDQio.exe
  2⤵
  PID:9648
- C:\Windows\System\kraesfM.exe
  C:\Windows\System\kraesfM.exe
  2⤵
  PID:9688
- C:\Windows\System\jDEwBqx.exe
  C:\Windows\System\jDEwBqx.exe
  2⤵
  PID:9704
- C:\Windows\System\ldVVHWD.exe
  C:\Windows\System\ldVVHWD.exe
  2⤵
  PID:9728
- C:\Windows\System\OrAzTHd.exe
  C:\Windows\System\OrAzTHd.exe
  2⤵
  PID:9744
- C:\Windows\System\KLDXyXl.exe
  C:\Windows\System\KLDXyXl.exe
  2⤵
  PID:9760
- C:\Windows\System\TIOPFXX.exe
  C:\Windows\System\TIOPFXX.exe
  2⤵
  PID:9776
- C:\Windows\System\osEykdW.exe
  C:\Windows\System\osEykdW.exe
  2⤵
  PID:9792
- C:\Windows\System\kIUfCJT.exe
  C:\Windows\System\kIUfCJT.exe
  2⤵
  PID:9812
- C:\Windows\System\daqrAbs.exe
  C:\Windows\System\daqrAbs.exe
  2⤵
  PID:9828
- C:\Windows\System\qIcJUNz.exe
  C:\Windows\System\qIcJUNz.exe
  2⤵
  PID:9848
- C:\Windows\System\GZpclNl.exe
  C:\Windows\System\GZpclNl.exe
  2⤵
  PID:9872
- C:\Windows\System\VwzWOgn.exe
  C:\Windows\System\VwzWOgn.exe
  2⤵
  PID:9892
- C:\Windows\System\deYOHQe.exe
  C:\Windows\System\deYOHQe.exe
  2⤵
  PID:9924
- C:\Windows\System\MMlUrqQ.exe
  C:\Windows\System\MMlUrqQ.exe
  2⤵
  PID:9944
- C:\Windows\System\CTWYVna.exe
  C:\Windows\System\CTWYVna.exe
  2⤵
  PID:9968
- C:\Windows\System\JzBRMqf.exe
  C:\Windows\System\JzBRMqf.exe
  2⤵
  PID:9984
- C:\Windows\System\yqeQnhs.exe
  C:\Windows\System\yqeQnhs.exe
  2⤵
  PID:10004
- C:\Windows\System\tqOUdZO.exe
  C:\Windows\System\tqOUdZO.exe
  2⤵
  PID:10024
- C:\Windows\System\aHASiXK.exe
  C:\Windows\System\aHASiXK.exe
  2⤵
  PID:10040
- C:\Windows\System\lyjeoqe.exe
  C:\Windows\System\lyjeoqe.exe
  2⤵
  PID:10056
- C:\Windows\System\fUkgDYv.exe
  C:\Windows\System\fUkgDYv.exe
  2⤵
  PID:10076
- C:\Windows\System\WGMAWzo.exe
  C:\Windows\System\WGMAWzo.exe
  2⤵
  PID:10096
- C:\Windows\System\PWhZHWK.exe
  C:\Windows\System\PWhZHWK.exe
  2⤵
  PID:10112
- C:\Windows\System\gCVGzuH.exe
  C:\Windows\System\gCVGzuH.exe
  2⤵
  PID:10132
- C:\Windows\System\giiGkvN.exe
  C:\Windows\System\giiGkvN.exe
  2⤵
  PID:10152
- C:\Windows\System\PybQQgE.exe
  C:\Windows\System\PybQQgE.exe
  2⤵
  PID:10168
- C:\Windows\System\FIhLPHC.exe
  C:\Windows\System\FIhLPHC.exe
  2⤵
  PID:10192
- C:\Windows\System\LxzSGgh.exe
  C:\Windows\System\LxzSGgh.exe
  2⤵
  PID:10208
- C:\Windows\System\UNAxXpM.exe
  C:\Windows\System\UNAxXpM.exe
  2⤵
  PID:10236
- C:\Windows\System\HcpxGeg.exe
  C:\Windows\System\HcpxGeg.exe
  2⤵
  PID:9248
- C:\Windows\System\czhUgTC.exe
  C:\Windows\System\czhUgTC.exe
  2⤵
  PID:9228
- C:\Windows\System\HXGUmSk.exe
  C:\Windows\System\HXGUmSk.exe
  2⤵
  PID:9272
- C:\Windows\System\CyzWEbm.exe
  C:\Windows\System\CyzWEbm.exe
  2⤵
  PID:9304
- C:\Windows\System\WuHVdGs.exe
  C:\Windows\System\WuHVdGs.exe
  2⤵
  PID:9380
- C:\Windows\System\rFHIYqQ.exe
  C:\Windows\System\rFHIYqQ.exe
  2⤵
  PID:9408
- C:\Windows\System\QWoSMxv.exe
  C:\Windows\System\QWoSMxv.exe
  2⤵
  PID:9444
- C:\Windows\System\tEcvrIE.exe
  C:\Windows\System\tEcvrIE.exe
  2⤵
  PID:9500
- C:\Windows\System\EQFEPPF.exe
  C:\Windows\System\EQFEPPF.exe
  2⤵
  PID:9584
- C:\Windows\System\gURqEYn.exe
  C:\Windows\System\gURqEYn.exe
  2⤵
  PID:9556
- C:\Windows\System\AVZjaWS.exe
  C:\Windows\System\AVZjaWS.exe
  2⤵
  PID:9516
- C:\Windows\System\HxDQmlx.exe
  C:\Windows\System\HxDQmlx.exe
  2⤵
  PID:9600
- C:\Windows\System\EBdIuSS.exe
  C:\Windows\System\EBdIuSS.exe
  2⤵
  PID:9668
- C:\Windows\System\AEWhyon.exe
  C:\Windows\System\AEWhyon.exe
  2⤵
  PID:9664
- C:\Windows\System\hAvlJVw.exe
  C:\Windows\System\hAvlJVw.exe
  2⤵
  PID:9720
- C:\Windows\System\kHtCWFW.exe
  C:\Windows\System\kHtCWFW.exe
  2⤵
  PID:9756
- C:\Windows\System\Bqlcoyi.exe
  C:\Windows\System\Bqlcoyi.exe
  2⤵
  PID:9824
- C:\Windows\System\upOayJR.exe
  C:\Windows\System\upOayJR.exe
  2⤵
  PID:9736
- C:\Windows\System\trNIfeb.exe
  C:\Windows\System\trNIfeb.exe
  2⤵
  PID:9880
- C:\Windows\System\XLAhrnt.exe
  C:\Windows\System\XLAhrnt.exe
  2⤵
  PID:9840
- C:\Windows\System\sjsTwyH.exe
  C:\Windows\System\sjsTwyH.exe
  2⤵
  PID:9888
- C:\Windows\System\CSEFhqD.exe
  C:\Windows\System\CSEFhqD.exe
  2⤵
  PID:9908
- C:\Windows\System\wqtlbkJ.exe
  C:\Windows\System\wqtlbkJ.exe
  2⤵
  PID:9932
- C:\Windows\System\YYPUbAM.exe
  C:\Windows\System\YYPUbAM.exe
  2⤵
  PID:10036
- C:\Windows\System\PSqgVHD.exe
  C:\Windows\System\PSqgVHD.exe
  2⤵
  PID:10108
- C:\Windows\System\AUnywmM.exe
  C:\Windows\System\AUnywmM.exe
  2⤵
  PID:10176
- C:\Windows\System\aIwAVoH.exe
  C:\Windows\System\aIwAVoH.exe
  2⤵
  PID:10216
- C:\Windows\System\mWIfamO.exe
  C:\Windows\System\mWIfamO.exe
  2⤵
  PID:10228
- C:\Windows\System\VaoZhol.exe
  C:\Windows\System\VaoZhol.exe
  2⤵
  PID:10012
- C:\Windows\System\NcTZtOe.exe
  C:\Windows\System\NcTZtOe.exe
  2⤵
  PID:10052
- C:\Windows\System\gwlKNyn.exe
  C:\Windows\System\gwlKNyn.exe
  2⤵
  PID:10120
- C:\Windows\System\uamNgls.exe
  C:\Windows\System\uamNgls.exe
  2⤵
  PID:10128
- C:\Windows\System\TsudOeC.exe
  C:\Windows\System\TsudOeC.exe
  2⤵
  PID:8524
- C:\Windows\System\bfQGAej.exe
  C:\Windows\System\bfQGAej.exe
  2⤵
  PID:9264
- C:\Windows\System\fUiHmuC.exe
  C:\Windows\System\fUiHmuC.exe
  2⤵
  PID:9440
- C:\Windows\System\cuCSksn.exe
  C:\Windows\System\cuCSksn.exe
  2⤵
  PID:9532
- C:\Windows\System\iBUoMZD.exe
  C:\Windows\System\iBUoMZD.exe
  2⤵
  PID:9552
- C:\Windows\System\cTjivHn.exe
  C:\Windows\System\cTjivHn.exe
  2⤵
  PID:9608
- C:\Windows\System\zNwPoeS.exe
  C:\Windows\System\zNwPoeS.exe
  2⤵
  PID:9684
- C:\Windows\System\ygndvfq.exe
  C:\Windows\System\ygndvfq.exe
  2⤵
  PID:9808
- C:\Windows\System\AZLFhrT.exe
  C:\Windows\System\AZLFhrT.exe
  2⤵
  PID:9904
- C:\Windows\System\JjAyFwg.exe
  C:\Windows\System\JjAyFwg.exe
  2⤵
  PID:9964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CHTtiOG.exe

Filesize
6.0MB

MD5
9211c616b0c1bc1d27a7ceabd55f69c6

SHA1
35f68120379d4acefa3769af3d72a4854382a545

SHA256
92ac3f6e0838af4e55b53302047677347f939796009fb4e35572f4e80bbc88f6

SHA512
e2d22cc1bb15947a04d5c79d5755048d76b0d4abcd9439571c59a978bb490325a512a20f925b415c40592853fb54c60e6d0d998e8825192307972c883c19d15c

Download Submit
C:\Windows\system\CVlRsFm.exe

Filesize
6.0MB

MD5
dfe46d1e4d7bfd5da615a3be0b0d7d8a

SHA1
1c1b54f8c5fa56e37d88dc330e19802474bc69f4

SHA256
755f8ccac937b3bc5f1b3791fa8deba36c01ea7303ea7cac3882ff49876984cd

SHA512
3815408b134427eb0c22973496c1160e0f9c596743d7bbdad5b10bb2b276ee311f5e601349e94274f69af8f93d71261c729703b4036b707d54df8e56057c28bd

Download Submit
C:\Windows\system\GPacKDR.exe

Filesize
6.0MB

MD5
f747eabb44aefcaf4173f41738081303

SHA1
5fab2b402e3d3cc95182cf6249c251faf1ecb2e3

SHA256
3503224eb08e91dd8993efbffd7baf9d7ee196837117c6d370732e37ed65a839

SHA512
66a8f40640ddf4427e3d9fb20fa3593cbe5e91bd2e3a5e46f55328d32a589f3d3b69d027e1e52d690dd24525aa77105b2466112228347a64e7681f51f005b7d3

Download Submit
C:\Windows\system\HqmIXgb.exe

Filesize
6.0MB

MD5
db8c37927784280238ba30559868c31d

SHA1
e525717af7561d5693c6f12384dc6a0f21add648

SHA256
1bcbf2edbfd50f81ad38ef868fb02175bcb97d1efc1b0e95b30a036f48657bdd

SHA512
3e49741730a7eb70971662b064ba43908ef1780666b1a2d198af201ce4fe44ddbc966a43ccf3cbc95bd348fbe2aa73deaac41444fceac04894d588bd0706d794

Download Submit
C:\Windows\system\LBiQamM.exe

Filesize
6.0MB

MD5
e352f0d30598a970afc60c50e6c599a8

SHA1
5205f9df8949d0eee0098f00fcab9f6fadcdd7fb

SHA256
edf8719a50b0c84291756c33a127c58e296f7fdb1352618c251a9c74779480a4

SHA512
23c343033d425c6542f9963ed7572b7048aafea100740247dbe9d5a319d3ba4768f7887ae31903a0fbd6898d19a703603bdbadfb5a44ab4e94957febc9532265

Download Submit
C:\Windows\system\LOQPvkO.exe

Filesize
6.0MB

MD5
74de1d7026525597043e03fa9928c85e

SHA1
373641dac5a629bbcc6bd9087d4ba4b82c130232

SHA256
e695c72a2b1d0ab2eb5d11a6f13ef6387629d5a1d496c78b4991af0ae37d7d1b

SHA512
84b1f09a1446de4364a3f3f9886cf66a304b9e6334450a16c966dea4ae8a0765228fb87ad269a298d02ba0433cbcc2824ce49efcbea92ba059dce31fd2e46e35

Download Submit
C:\Windows\system\LTeenmw.exe

Filesize
6.0MB

MD5
4c2a36b5482a9fc65e59a112f06dcdcd

SHA1
71596d60ba7380de39677cb70143dc11ae69f086

SHA256
4fa3fd4a01a9c56f96ef43fd0184665008343576661b6f132a9bbc09356ae083

SHA512
628e5cab8947d4f00fdeab2b117ab63f21379dd485026e5dc86364869c32527f3121fd5de06b392dadf263eedd89996177a671e33ede8e2547d08345ffbdca0e

Download Submit
C:\Windows\system\MZzLXwc.exe

Filesize
6.0MB

MD5
a3f7fb3e808bbb5557c3805d47a10542

SHA1
a828a7c2ce76344287d032be2a2d3e3fa6f3b13d

SHA256
c70b0e3ba70bee596dae7bf62699b28b53c42b0846d69ab4a35783bcc7b332ff

SHA512
7ec61ef80181e59e914063b19d239216211e1d7bec0535a84ed51790d8475758559a2824831c6f160022c66f38d2fefd3a4f74d4f93429f5e540c8fc0eef0f86

Download Submit
C:\Windows\system\NJXVdoy.exe

Filesize
6.0MB

MD5
e1b2c0592f71e0c33a5d1c44cf3507e4

SHA1
1910b986fc375b0fc781f8f6ed57d558ccdf6922

SHA256
bb6d2bf8a8f993e8c997a58f5f96a67b03ebdd2248a5cc74ac065187815ab82c

SHA512
3faeea2ff7a1456707dc3b58d5dfe8a31d62e3c0512b08b3c7a96519aa523f80dd1a8d58fb6038fdc25c50e10f4e4d6166e00261040bebd2103e74776c405a4d

Download Submit
C:\Windows\system\NXJtyOa.exe

Filesize
6.0MB

MD5
5cd36163d1c8cfc1ac767bab29e5e4b9

SHA1
5989af5124cff85cd1fe9c7a2557020062e5fea6

SHA256
94117cf3d4da1e45cbf02662fe116df31a4443181429f5289e755e8c65b5e7d6

SHA512
7ca127a9855ad1ee701e44d6849045a2de986f546d1f73f1cd6b57a3abdd4e82592ed9acdfd1c51f3d1fdcd9eabdafc3401285ad871cd573103bc9a3fbf70f32

Download Submit
C:\Windows\system\QKsbboi.exe

Filesize
6.0MB

MD5
696c7831fc42d19907a8c1697bb4d06a

SHA1
ea10319744e26816ef23bcbec9c04031a84dc494

SHA256
8c14ce2ac9e27d5528d0782217f4eb5037814d6c6f01c6f0fb0488c7b6a6e429

SHA512
57188aa382999691f2dbbe9758d56cfe93fdf82ce8674b80ee6369ba0ed117d5c726cf523bc582dbfa779e9ff2a4e009c0eb290c06b56b6d149381245b4a18c4

Download Submit
C:\Windows\system\SDHIAIJ.exe

Filesize
6.0MB

MD5
31cb14ed73809b78fcb56a7ca93f633b

SHA1
fe07137d0186573e2ca5a3e5441b875cf694a74d

SHA256
4c6ee04b87eca3babf13cd48b190d235979e8753384a1e4e7a93875456afcebe

SHA512
04495572ce98167b38a94378d0c4af5bca9b8d25024a94bdc8b731341035cac6526bda375fa387f30132c1545ca2783c6ca83be8d69f2724ce3b9673c980c55d

Download Submit
C:\Windows\system\Wwbwcpg.exe

Filesize
6.0MB

MD5
39b21b5211ffb7a7f81a67e70dd66045

SHA1
ee09a62151cc358f1ef60b5df5825dd7a56e4f8c

SHA256
cc247db6834963d59a09e54f6a35afd5e2d1819c9347483a1294030f2cbbeab2

SHA512
ba44eedeaa9d091d28817ef7bc338d52310bd88b4c21c38813db6e6ad65c3ed2a3d446f93a3279fa70225fc26aafa70373f0ab19fb8d2a89e5a8bdf7f6860519

Download Submit
C:\Windows\system\XlAixvF.exe

Filesize
6.0MB

MD5
1093c11d320f66c31a286241d7b414d1

SHA1
7ac515027e82b9192c494ff08fd853c2bda64875

SHA256
eaa48572acf2b0561f46ca588c3c766de51028bd346083368df6e28a4e966a52

SHA512
8d8083340931a9ad331c63818a9f8740306e0575a33b2d7282c2b21a37254318c08ca13a871528d6ac582d23ba62c626023c0cc7e3236f9c992e330183d02d52

Download Submit
C:\Windows\system\YYaGBNX.exe

Filesize
6.0MB

MD5
979b5bd81df34e839f814b0a7ef79a70

SHA1
89d89514ddef4e872b9458e2ba63f784ad611937

SHA256
50edf65784478d4ba00d4addd2d61e8f8a4f9e5a58fa3f0c3a296413497d4ab0

SHA512
62ab3cf85be176466e003e7a39e9f05c9a11ae63529637c66bc03e4914066485b89289381b34a52d8cf17f513bd9442eac7faab412d413855523a4446376dea0

Download Submit
C:\Windows\system\YbOnROl.exe

Filesize
6.0MB

MD5
e17b33e70a62b97a5649cd3e1ceffa6d

SHA1
4e1571a9b6d7f69390456e68dfc3a3c888f71b26

SHA256
ea61e17e3b0603bdd4aa8be8f5f57904337757c75ea26a99f7e3bf5e259a4dbe

SHA512
8eaf30366b4b4f60a92e9e25ab327928a6ba25acf9c7cb4bf5563e608dc6cf317ab880f21e5f7caa934d7fa0fffdcbddba77ab46ff72711d07dc014df54370f6

Download Submit
C:\Windows\system\dnJkyBz.exe

Filesize
6.0MB

MD5
f40644144ca30bff7b12f489ca34ccc6

SHA1
e263fb5b7fe13125221c57965b3624076a829574

SHA256
2238acc9eb2d91a80dd409492742babc505c527316001b312db1d9c312e5de3d

SHA512
f7bc77039c48a53e69f5a9f6113ff6a8cdab14da97ec377831fd46718144677c13e5fbf0bdef14cbbffafd07616762519dd41eb683b66cc42afba2a6425fe210

Download Submit
C:\Windows\system\eHRilzy.exe

Filesize
6.0MB

MD5
de962fa3da6c6c594ad3d5d0ba4a0f50

SHA1
8b1dd94b4f6d603e937685d325a044f89121f43a

SHA256
87f55361427828205c750e2a01474d70a2e706de9770f8c52f734b0e62958f1a

SHA512
f1cefb72d7b8ab8e9bf7acb1506ab13e044496c443ab8c93eb1d4846e79f999a04eb25ce55cb1445361e8aafc6a6796249930961ee17acb230f5553c851a37e1

Download Submit
C:\Windows\system\gelSoPa.exe

Filesize
6.0MB

MD5
05a235a33ad85066af38dbd4fb43b27b

SHA1
cd9eae1fe6b355653c191b2020deabcdb7ce46dc

SHA256
b789c6fb2bff2b706779bd07213c1833ae7269c9020d3331da8bf68bae7ee8de

SHA512
a1bfbd9a8061038516c3c6f7c2c11eb75e874581e553192374f5693c1a4c25035732c2d79af9d5860db771046ed74bd80621e6fb1dfa9a1bfd9a09a2d65eb62a

Download Submit
C:\Windows\system\kUrLAut.exe

Filesize
6.0MB

MD5
7c1898f684e360463e41a2940605c84f

SHA1
81997668e9bc1457ae4ca66893b86131a9868f86

SHA256
9af4852302305a16db7a14c0d3431642734b0f369ad834c1e215a6bf5683de75

SHA512
8a61ac080060a97e606fb66061ce9439c0a888111685f3e5ef050df3833b31b177c2e07f281ba0e95111f659ebf216a39b1a9fd6201aff924f18367ced51a868

Download Submit
C:\Windows\system\mdVkuYx.exe

Filesize
6.0MB

MD5
1db92191fce2639f53807f9a004961f1

SHA1
f7c156e0b94cf307db1465e0d54498c313ff62fb

SHA256
7fe3cfa8dbe847538f1326f26656983534c1b9d679e420fc7dee57d3fe1e7c28

SHA512
ff15be3cfcf532d15b58fd1e12ec09bd607112ef830d7c724834e09eff7100c7072070b9f39b8eab8b9aba564d5a53bc6a81ccdd6d41a7cdd9e34b28a7548f40

Download Submit
C:\Windows\system\mxxteYL.exe

Filesize
6.0MB

MD5
71634d993e666b1f687f5cbc018e1118

SHA1
49dd63d6ef047f11ca69d99d4e4706e2e9867b9a

SHA256
bde6c896419b25ead99c10940625ffb7822ad4b4e03d2e2147c61701536fa3bd

SHA512
078c41477db8cece8bf72a5566ed5e84b8d69bf8e44fb5a17b0e102b265a59f97c6cc67920bb2ed2aa4b41df798434f7e5b68a7202c67b9c2e006c9814c14e83

Download Submit
C:\Windows\system\nlHiAro.exe

Filesize
6.0MB

MD5
63fb6eaf1cb7d83ee35742a12fa93f7b

SHA1
51d1bb21211ce9cdfa56f28f526ebb94575679a1

SHA256
22c0aea13a1937de1648f08c2547977f0b47c665a37d51d5dda28e401a5eef42

SHA512
de977457529fc9a275b8ad66c5ca3d64d44717a2105636b617edef383b646ec129bf87a4bf3da2fe276bf34f21a5e37b5dfe57fdbab918710e0a4625d3ace030

Download Submit
C:\Windows\system\oaIbNzA.exe

Filesize
6.0MB

MD5
6de3e159096e960e31475cc05eb67bb4

SHA1
e8e2d2e1693bc3a05de53d46f161e3e582cdbdf2

SHA256
7d5be8d59cecb85c2ad03e11fae3b290293ecf4288b24237932659c1438b1d2e

SHA512
619477d0692637ed3b78fbc583ea6438050c29b6354a1320567407de5a7ed109abec8c410136749284973c9c92783b49b440fe9196648bf2e07f80f7f1f0dab4

Download Submit
C:\Windows\system\pmorbHf.exe

Filesize
6.0MB

MD5
383fbf4dab19b0d8818f2bd0ef1bb86c

SHA1
acf2129ca4cbd3c972b3459ed209215e852d441c

SHA256
dc573444715e82f73bd2a87fde70b650cd74b7e8fcb274b05ad29c191b5b4ac2

SHA512
4cd5f9d596a3c0e94134cbced65860b2e9a4307a2f547367c90674c13bd7281718ee75744db3832dc82b7d093de2d51a563873b81f7d923f824e908036073569

Download Submit
C:\Windows\system\raleJQp.exe

Filesize
6.0MB

MD5
3e6dff4fca114ea71e5434e1df5f7278

SHA1
ef3bb2d804190174736f098413cd67df04c4d16a

SHA256
b5ecdaa5458e199ade68e549ea94b493d962998579e8945ead0a0c8c87360a8b

SHA512
3a2a13c803992947276ee5853110ddefae94abee1cd95483276a7ace99a9adacb1a95c8c67c825834596cf8caced159ea7eb980b5e2727cad87fc1189ef10884

Download Submit
C:\Windows\system\seoSLSu.exe

Filesize
6.0MB

MD5
1da7b60f5918fff206c6bfad9e8eaa84

SHA1
f9c20bd9c86c46ec8f07120d2fd3f15347e79611

SHA256
aca1a8aaed40d8bb5794d9140da8462ee2f31ef264778908d9d079fe8137e350

SHA512
5d802b7893ddb45a0f2d6dfb3072a0354e6dfafe296d0f5ae6369f1df098c99d5454bf4544fff44e1da5e3b3c39e52a33bbc01600b988f764f7bd9f4b99e785f

Download Submit
C:\Windows\system\tmVyaaP.exe

Filesize
6.0MB

MD5
ccbb951c1c5efd6768999538c135391d

SHA1
1ac7231bee4edf27faca621edc6ec755da5274a2

SHA256
56ee8a60685fb3d6ea5daf191e6318d73b67eb1bbf52a2ef97b898046dfc97ba

SHA512
3f41cdfa5114c87f5c222f7e6916fa01a27e273cab38759af20bf57bacb8caba96c759e8edc8acb3f16d089da387d11505a304872382329ce1e02eec3062f7ee

Download Submit
C:\Windows\system\urXvLay.exe

Filesize
6.0MB

MD5
c5b50a5eec2b9b7dd0a236658d3f9e7d

SHA1
1b6f9a2bc5dc885be8b7e8819a498fd1efc3ab2f

SHA256
20d3eaa78a86f37684d4229e37e31b14412e1303b5491423338ede10c7a1ea2a

SHA512
c6ada17f9e7cc0ba88d10b86e146a82e157a644d086b5c53d1f5d5cf394245880a464c39283b6582bb789119ea9d0160b90f4c2d8d2854b57369c266021c8ab9

Download Submit
C:\Windows\system\yMivjwC.exe

Filesize
6.0MB

MD5
47e1689a1347b885b46ac354bcdd5a32

SHA1
3df94599639ded69e2caea0ad9bc60383c6a5eac

SHA256
f3837a2a94db95e449d72ad948b39a338655a864d16281a50b75209973eb3256

SHA512
413e01bdf022046b9d6c6e6826aba8e8fc6abdf2492a1680fb58299d41f11c5823988bbdc75acd0dd6d3103f838e4601d1a4349f6f50208347b5fe8e34fd5315

Download Submit
\Windows\system\UWONxaK.exe

Filesize
6.0MB

MD5
2a44d54e6054685594b2b825ff6fa45c

SHA1
94a7a259d8765fe3636830939bb6f2d8cd358b30

SHA256
f08f6d216045c6cdc4424b50465ab4fc37cf7122080ec5906596ed02da3c95af

SHA512
a2fc84ca41bee6ac6adcccdf87a157ae562045b64e8afb3327b7e74835ff6429ba010559aa678d84f5a858c460db53cfdd6ee6977c89921eaf6ac50a5d9e95ce

Download Submit
\Windows\system\sBZantG.exe

Filesize
6.0MB

MD5
3bbc4416f9c5293c9faaddbd1a51fc6d

SHA1
3576ff13055eea8366039be3326be5a2c9813b47

SHA256
3599671eb91ee1fd65494b8de181a73a996ca790aa560f189b83f4e1007f88a0

SHA512
f84788fb29d1a4f14a2bbd43f3f3b9cf3fd08537ab0f41867c26faa07cb30b28adebfd248aea0f8c0712305c451dd505daadb4276c3db5d059cc54f1653056ea

Download Submit
memory/604-3986-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/604-143-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1176-3997-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1176-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1976-151-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3991-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3989-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-149-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-148-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-144-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-158-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-156-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2256-10-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-152-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2256-150-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-160-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-154-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-146-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2256-164-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2256-162-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2256-134-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-166-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2256-957-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1172-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1173-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3987-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-145-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2476-168-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3985-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3993-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2564-157-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2576-167-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3996-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-155-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3992-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2720-159-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3994-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3995-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-163-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-147-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3988-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2816-153-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3990-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2860-161-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3998-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download