cobaltstrike | 4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
Size

6.0MB
MD5

5396ea257aea5c52c513bf1ec4bb3946
SHA1

9852742730c5788b0e6d3fef3e4a0c0dc2321c13
SHA256

4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82
SHA512

6f664b7e3f2b27aca4a354815b7ed153ad506768ee7cce7a5fca9e2ba09caa3ccca8a402ee63d0b41c5a1aff90d5ce99780627b67b119abd80b4d9cdd850572f
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUA:eOl56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c23-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756b-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-67.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-57.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-6.dat	xmrig
behavioral1/files/0x0009000000016c23-8.dat	xmrig
behavioral1/files/0x0007000000016cab-12.dat	xmrig
behavioral1/memory/2368-42-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x000800000001756b-53.dat	xmrig
behavioral1/memory/2740-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-62.dat	xmrig
behavioral1/memory/2908-86-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1676-92-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ad-114.dat	xmrig
behavioral1/files/0x00050000000195b5-133.dat	xmrig
behavioral1/files/0x00050000000195c5-154.dat	xmrig
behavioral1/files/0x00050000000195c1-146.dat	xmrig
behavioral1/files/0x00050000000195c6-159.dat	xmrig
behavioral1/memory/2368-363-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2212-1910-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2600-2342-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1320-1884-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1284-1881-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-165.dat	xmrig
behavioral1/files/0x00050000000195c3-151.dat	xmrig
behavioral1/files/0x00050000000195bb-140.dat	xmrig
behavioral1/files/0x00050000000195bd-144.dat	xmrig
behavioral1/files/0x00050000000195b7-136.dat	xmrig
behavioral1/files/0x00050000000195b1-125.dat	xmrig
behavioral1/files/0x00050000000195b3-128.dat	xmrig
behavioral1/files/0x00050000000195af-120.dat	xmrig
behavioral1/files/0x00050000000195a9-109.dat	xmrig
behavioral1/files/0x00050000000195ab-112.dat	xmrig
behavioral1/files/0x00050000000195a7-104.dat	xmrig
behavioral1/files/0x000500000001957c-100.dat	xmrig
behavioral1/files/0x0005000000019547-95.dat	xmrig
behavioral1/files/0x0005000000019515-90.dat	xmrig
behavioral1/memory/2704-85-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2212-80-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-83.dat	xmrig
behavioral1/files/0x00050000000194ef-78.dat	xmrig
behavioral1/memory/1276-76-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2368-75-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2368-73-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-67.dat	xmrig
behavioral1/memory/1356-59-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2776-54-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1192-51-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ace-57.dat	xmrig
behavioral1/memory/2136-50-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2212-34-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2368-33-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1320-32-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2600-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce0-27.dat	xmrig
behavioral1/files/0x0007000000016ccc-45.dat	xmrig
behavioral1/memory/2908-44-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce9-41.dat	xmrig
behavioral1/memory/1284-40-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd8-26.dat	xmrig
behavioral1/memory/1676-2374-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2740-2386-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2708-2371-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2776-2360-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1192-2359-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2136-2358-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2908-2350-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1284	LVxrDrO.exe
2600	bDaxVIs.exe
1320	OIzJSTt.exe
2212	NhNKPTd.exe
2908	QcdWrhX.exe
2136	ybmOVEU.exe
1192	DOdoQVV.exe
2776	IfoLQqN.exe
1356	EVQAwRx.exe
2740	GmJDYDy.exe
1276	zrPmcGZ.exe
2708	QFqLODF.exe
2704	VjamqBc.exe
1676	pfGnqAM.exe
1388	lQMJjzG.exe
884	PpFGjcU.exe
2828	musnknO.exe
924	aYoqqQw.exe
1296	cdyajpv.exe
624	rOtNpOo.exe
2032	kmMfJAd.exe
1600	gIKUpol.exe
1780	rrpECGC.exe
2540	ZpdDiRn.exe
2012	lnbECpA.exe
1148	jbWqHlJ.exe
2880	fGGqXBP.exe
2872	KHXjVre.exe
2964	NknNMAd.exe
2432	JEfavew.exe
2516	dbJJeVe.exe
2748	uhGmGva.exe
3040	DihdqPi.exe
916	WWxwDML.exe
1708	FmGRHqQ.exe
436	dcbkVhN.exe
2132	TBnKcXb.exe
3016	ZcJrgHq.exe
1748	XYBZwcE.exe
1496	JyQhgOJ.exe
1788	nnpDNlY.exe
960	IDSyudb.exe
1340	wNPHymq.exe
1048	TYABdja.exe
580	MrcXBAv.exe
2624	coWBjKb.exe
888	QatktIr.exe
748	GGFwYeG.exe
1500	vQnDHtv.exe
2504	fedXYrV.exe
1760	RJPNGlz.exe
2712	meJyHCk.exe
3000	aOJOuGR.exe
2428	PiupQnj.exe
2272	NEWGGOO.exe
1556	kcXVyJN.exe
1324	AXVMIuK.exe
1248	DMQCTXC.exe
2064	CeoPnMC.exe
272	bGMapxl.exe
2252	cKTxImM.exe
2576	PPRFlij.exe
1632	iJwgHpt.exe
1568	DVuuWiX.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x000c000000012262-6.dat	upx
behavioral1/files/0x0009000000016c23-8.dat	upx
behavioral1/files/0x0007000000016cab-12.dat	upx
behavioral1/files/0x000800000001756b-53.dat	upx
behavioral1/memory/2740-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-62.dat	upx
behavioral1/memory/2908-86-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1676-92-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x00050000000195ad-114.dat	upx
behavioral1/files/0x00050000000195b5-133.dat	upx
behavioral1/files/0x00050000000195c5-154.dat	upx
behavioral1/files/0x00050000000195c1-146.dat	upx
behavioral1/files/0x00050000000195c6-159.dat	upx
behavioral1/memory/2212-1910-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2600-2342-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1320-1884-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1284-1881-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-165.dat	upx
behavioral1/files/0x00050000000195c3-151.dat	upx
behavioral1/files/0x00050000000195bb-140.dat	upx
behavioral1/files/0x00050000000195bd-144.dat	upx
behavioral1/files/0x00050000000195b7-136.dat	upx
behavioral1/files/0x00050000000195b1-125.dat	upx
behavioral1/files/0x00050000000195b3-128.dat	upx
behavioral1/files/0x00050000000195af-120.dat	upx
behavioral1/files/0x00050000000195a9-109.dat	upx
behavioral1/files/0x00050000000195ab-112.dat	upx
behavioral1/files/0x00050000000195a7-104.dat	upx
behavioral1/files/0x000500000001957c-100.dat	upx
behavioral1/files/0x0005000000019547-95.dat	upx
behavioral1/files/0x0005000000019515-90.dat	upx
behavioral1/memory/2704-85-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2212-80-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000500000001950f-83.dat	upx
behavioral1/files/0x00050000000194ef-78.dat	upx
behavioral1/memory/1276-76-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2368-73-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-67.dat	upx
behavioral1/memory/1356-59-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2776-54-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/1192-51-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0009000000016ace-57.dat	upx
behavioral1/memory/2136-50-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2212-34-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1320-32-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2600-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0009000000016ce0-27.dat	upx
behavioral1/files/0x0007000000016ccc-45.dat	upx
behavioral1/memory/2908-44-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0008000000016ce9-41.dat	upx
behavioral1/memory/1284-40-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0007000000016cd8-26.dat	upx
behavioral1/memory/1676-2374-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2740-2386-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2708-2371-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2776-2360-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/1192-2359-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2136-2358-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2908-2350-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1356-2349-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/1276-2348-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2704-2347-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zusRtTf.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\SDqdlWE.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\JCzGJaQ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\qdCYZNY.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\XPcuBCB.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\fjgelJQ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\VMRLLnE.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\kWsqBxh.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\WprydDZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\DmKYyCl.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\lhqjWEw.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\kwRMlre.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\NFInToH.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\RbJWoBZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\ZZIfiMZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\UEWwDYa.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\SZfaNam.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\dxznMEs.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\ZpGWmYJ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\awFxGsL.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\pdNqaHd.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\qWYXbhS.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\UznFwWH.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\ZzqoXsR.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\HBNGByW.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\tlFpwXT.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\zxGRycK.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\ePSFhWQ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\AyzzCFu.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\oEYXckr.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\yCyFqza.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\kXaVHyN.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\vPwMVJw.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\zrPmcGZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\DVuuWiX.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\vfSStvr.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\KvzMorh.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\GgStURs.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\xiiRokk.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\nXYnxcr.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\MsRMtlQ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\VAjKmHn.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\yWqYXga.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\jgBnfrn.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\zSQsddw.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\cylEMfP.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\VbAbtDy.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\IsbuVjZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\oyRbCUr.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\LTGjcHm.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\EBxUuPB.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\QOhqark.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\vjKEBSR.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\XeuXYzS.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\tjvxbkb.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\SlQmyaL.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\rNZeneH.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\NYRIued.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\FIJFerD.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\EKIuBhZ.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\nQBrwBz.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\qnfyGSM.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\YUQmepN.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
File created	C:\Windows\System\aGRyWes.exe	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1284	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	31
PID 2368 wrote to memory of 1284	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	31
PID 2368 wrote to memory of 1284	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	31
PID 2368 wrote to memory of 2600	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	32
PID 2368 wrote to memory of 2600	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	32
PID 2368 wrote to memory of 2600	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	32
PID 2368 wrote to memory of 1320	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	33
PID 2368 wrote to memory of 1320	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	33
PID 2368 wrote to memory of 1320	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	33
PID 2368 wrote to memory of 2136	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	34
PID 2368 wrote to memory of 2136	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	34
PID 2368 wrote to memory of 2136	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	34
PID 2368 wrote to memory of 2212	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	35
PID 2368 wrote to memory of 2212	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	35
PID 2368 wrote to memory of 2212	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	35
PID 2368 wrote to memory of 1192	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	36
PID 2368 wrote to memory of 1192	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	36
PID 2368 wrote to memory of 1192	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	36
PID 2368 wrote to memory of 2908	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	37
PID 2368 wrote to memory of 2908	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	37
PID 2368 wrote to memory of 2908	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	37
PID 2368 wrote to memory of 2776	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	38
PID 2368 wrote to memory of 2776	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	38
PID 2368 wrote to memory of 2776	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	38
PID 2368 wrote to memory of 1356	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	39
PID 2368 wrote to memory of 1356	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	39
PID 2368 wrote to memory of 1356	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	39
PID 2368 wrote to memory of 2740	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	40
PID 2368 wrote to memory of 2740	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	40
PID 2368 wrote to memory of 2740	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	40
PID 2368 wrote to memory of 1276	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	41
PID 2368 wrote to memory of 1276	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	41
PID 2368 wrote to memory of 1276	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	41
PID 2368 wrote to memory of 2708	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	42
PID 2368 wrote to memory of 2708	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	42
PID 2368 wrote to memory of 2708	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	42
PID 2368 wrote to memory of 2704	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	43
PID 2368 wrote to memory of 2704	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	43
PID 2368 wrote to memory of 2704	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	43
PID 2368 wrote to memory of 1676	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	44
PID 2368 wrote to memory of 1676	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	44
PID 2368 wrote to memory of 1676	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	44
PID 2368 wrote to memory of 1388	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	45
PID 2368 wrote to memory of 1388	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	45
PID 2368 wrote to memory of 1388	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	45
PID 2368 wrote to memory of 884	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	46
PID 2368 wrote to memory of 884	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	46
PID 2368 wrote to memory of 884	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	46
PID 2368 wrote to memory of 2828	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	47
PID 2368 wrote to memory of 2828	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	47
PID 2368 wrote to memory of 2828	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	47
PID 2368 wrote to memory of 924	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	48
PID 2368 wrote to memory of 924	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	48
PID 2368 wrote to memory of 924	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	48
PID 2368 wrote to memory of 1296	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	49
PID 2368 wrote to memory of 1296	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	49
PID 2368 wrote to memory of 1296	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	49
PID 2368 wrote to memory of 624	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	50
PID 2368 wrote to memory of 624	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	50
PID 2368 wrote to memory of 624	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	50
PID 2368 wrote to memory of 2032	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	51
PID 2368 wrote to memory of 2032	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	51
PID 2368 wrote to memory of 2032	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	51
PID 2368 wrote to memory of 1600	2368	JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4279e4ad1e8efaed862110ed5dc17bf5810dcda17816e15274096941c292ff82.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\LVxrDrO.exe
  C:\Windows\System\LVxrDrO.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\bDaxVIs.exe
  C:\Windows\System\bDaxVIs.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\OIzJSTt.exe
  C:\Windows\System\OIzJSTt.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ybmOVEU.exe
  C:\Windows\System\ybmOVEU.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\NhNKPTd.exe
  C:\Windows\System\NhNKPTd.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\DOdoQVV.exe
  C:\Windows\System\DOdoQVV.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QcdWrhX.exe
  C:\Windows\System\QcdWrhX.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\IfoLQqN.exe
  C:\Windows\System\IfoLQqN.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\EVQAwRx.exe
  C:\Windows\System\EVQAwRx.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\GmJDYDy.exe
  C:\Windows\System\GmJDYDy.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\zrPmcGZ.exe
  C:\Windows\System\zrPmcGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\QFqLODF.exe
  C:\Windows\System\QFqLODF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\VjamqBc.exe
  C:\Windows\System\VjamqBc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pfGnqAM.exe
  C:\Windows\System\pfGnqAM.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\lQMJjzG.exe
  C:\Windows\System\lQMJjzG.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\PpFGjcU.exe
  C:\Windows\System\PpFGjcU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\musnknO.exe
  C:\Windows\System\musnknO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\aYoqqQw.exe
  C:\Windows\System\aYoqqQw.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\cdyajpv.exe
  C:\Windows\System\cdyajpv.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\rOtNpOo.exe
  C:\Windows\System\rOtNpOo.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\kmMfJAd.exe
  C:\Windows\System\kmMfJAd.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\gIKUpol.exe
  C:\Windows\System\gIKUpol.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\rrpECGC.exe
  C:\Windows\System\rrpECGC.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ZpdDiRn.exe
  C:\Windows\System\ZpdDiRn.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\lnbECpA.exe
  C:\Windows\System\lnbECpA.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\jbWqHlJ.exe
  C:\Windows\System\jbWqHlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\fGGqXBP.exe
  C:\Windows\System\fGGqXBP.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NknNMAd.exe
  C:\Windows\System\NknNMAd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\KHXjVre.exe
  C:\Windows\System\KHXjVre.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dbJJeVe.exe
  C:\Windows\System\dbJJeVe.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\JEfavew.exe
  C:\Windows\System\JEfavew.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\uhGmGva.exe
  C:\Windows\System\uhGmGva.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\DihdqPi.exe
  C:\Windows\System\DihdqPi.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\WWxwDML.exe
  C:\Windows\System\WWxwDML.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\FmGRHqQ.exe
  C:\Windows\System\FmGRHqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\dcbkVhN.exe
  C:\Windows\System\dcbkVhN.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\TBnKcXb.exe
  C:\Windows\System\TBnKcXb.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ZcJrgHq.exe
  C:\Windows\System\ZcJrgHq.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XYBZwcE.exe
  C:\Windows\System\XYBZwcE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JyQhgOJ.exe
  C:\Windows\System\JyQhgOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\nnpDNlY.exe
  C:\Windows\System\nnpDNlY.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\wNPHymq.exe
  C:\Windows\System\wNPHymq.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\IDSyudb.exe
  C:\Windows\System\IDSyudb.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\coWBjKb.exe
  C:\Windows\System\coWBjKb.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\TYABdja.exe
  C:\Windows\System\TYABdja.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\aOJOuGR.exe
  C:\Windows\System\aOJOuGR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\MrcXBAv.exe
  C:\Windows\System\MrcXBAv.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\PiupQnj.exe
  C:\Windows\System\PiupQnj.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\QatktIr.exe
  C:\Windows\System\QatktIr.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\kcXVyJN.exe
  C:\Windows\System\kcXVyJN.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\GGFwYeG.exe
  C:\Windows\System\GGFwYeG.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\AXVMIuK.exe
  C:\Windows\System\AXVMIuK.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\vQnDHtv.exe
  C:\Windows\System\vQnDHtv.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\DMQCTXC.exe
  C:\Windows\System\DMQCTXC.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\fedXYrV.exe
  C:\Windows\System\fedXYrV.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\bGMapxl.exe
  C:\Windows\System\bGMapxl.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\RJPNGlz.exe
  C:\Windows\System\RJPNGlz.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\cKTxImM.exe
  C:\Windows\System\cKTxImM.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\meJyHCk.exe
  C:\Windows\System\meJyHCk.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\PPRFlij.exe
  C:\Windows\System\PPRFlij.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\NEWGGOO.exe
  C:\Windows\System\NEWGGOO.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\iJwgHpt.exe
  C:\Windows\System\iJwgHpt.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\CeoPnMC.exe
  C:\Windows\System\CeoPnMC.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\tvAtYyc.exe
  C:\Windows\System\tvAtYyc.exe
  2⤵
  PID:1564
- C:\Windows\System\DVuuWiX.exe
  C:\Windows\System\DVuuWiX.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\bsdAyqc.exe
  C:\Windows\System\bsdAyqc.exe
  2⤵
  PID:2536
- C:\Windows\System\Rkhcaot.exe
  C:\Windows\System\Rkhcaot.exe
  2⤵
  PID:1936
- C:\Windows\System\kqwSyaz.exe
  C:\Windows\System\kqwSyaz.exe
  2⤵
  PID:2500
- C:\Windows\System\WgtHaUm.exe
  C:\Windows\System\WgtHaUm.exe
  2⤵
  PID:2532
- C:\Windows\System\vLmGhYk.exe
  C:\Windows\System\vLmGhYk.exe
  2⤵
  PID:2924
- C:\Windows\System\rdQPudN.exe
  C:\Windows\System\rdQPudN.exe
  2⤵
  PID:2900
- C:\Windows\System\cjqXUdP.exe
  C:\Windows\System\cjqXUdP.exe
  2⤵
  PID:2968
- C:\Windows\System\jnzSZOQ.exe
  C:\Windows\System\jnzSZOQ.exe
  2⤵
  PID:2692
- C:\Windows\System\RJCxQjZ.exe
  C:\Windows\System\RJCxQjZ.exe
  2⤵
  PID:2820
- C:\Windows\System\tNwkYwS.exe
  C:\Windows\System\tNwkYwS.exe
  2⤵
  PID:2096
- C:\Windows\System\wPRtRbo.exe
  C:\Windows\System\wPRtRbo.exe
  2⤵
  PID:1036
- C:\Windows\System\SEUtZnZ.exe
  C:\Windows\System\SEUtZnZ.exe
  2⤵
  PID:1996
- C:\Windows\System\JbphYtH.exe
  C:\Windows\System\JbphYtH.exe
  2⤵
  PID:2640
- C:\Windows\System\nVlymHH.exe
  C:\Windows\System\nVlymHH.exe
  2⤵
  PID:1944
- C:\Windows\System\JQADJtp.exe
  C:\Windows\System\JQADJtp.exe
  2⤵
  PID:2848
- C:\Windows\System\EQNPmGJ.exe
  C:\Windows\System\EQNPmGJ.exe
  2⤵
  PID:3032
- C:\Windows\System\iWJoOOl.exe
  C:\Windows\System\iWJoOOl.exe
  2⤵
  PID:2956
- C:\Windows\System\bILKsDH.exe
  C:\Windows\System\bILKsDH.exe
  2⤵
  PID:2332
- C:\Windows\System\ciekSfS.exe
  C:\Windows\System\ciekSfS.exe
  2⤵
  PID:896
- C:\Windows\System\nyhSjwY.exe
  C:\Windows\System\nyhSjwY.exe
  2⤵
  PID:2544
- C:\Windows\System\NsgtAku.exe
  C:\Windows\System\NsgtAku.exe
  2⤵
  PID:3048
- C:\Windows\System\pbaTcIW.exe
  C:\Windows\System\pbaTcIW.exe
  2⤵
  PID:3012
- C:\Windows\System\DutbJfH.exe
  C:\Windows\System\DutbJfH.exe
  2⤵
  PID:1044
- C:\Windows\System\eolcHAS.exe
  C:\Windows\System\eolcHAS.exe
  2⤵
  PID:1364
- C:\Windows\System\lopsPBP.exe
  C:\Windows\System\lopsPBP.exe
  2⤵
  PID:2240
- C:\Windows\System\cyhkSDb.exe
  C:\Windows\System\cyhkSDb.exe
  2⤵
  PID:820
- C:\Windows\System\IlshbtO.exe
  C:\Windows\System\IlshbtO.exe
  2⤵
  PID:308
- C:\Windows\System\QsLpuUS.exe
  C:\Windows\System\QsLpuUS.exe
  2⤵
  PID:1584
- C:\Windows\System\wKKJAEg.exe
  C:\Windows\System\wKKJAEg.exe
  2⤵
  PID:1728
- C:\Windows\System\twSzIzn.exe
  C:\Windows\System\twSzIzn.exe
  2⤵
  PID:2068
- C:\Windows\System\JYSlOyf.exe
  C:\Windows\System\JYSlOyf.exe
  2⤵
  PID:760
- C:\Windows\System\JgawEdV.exe
  C:\Windows\System\JgawEdV.exe
  2⤵
  PID:1572
- C:\Windows\System\emZWoDR.exe
  C:\Windows\System\emZWoDR.exe
  2⤵
  PID:1020
- C:\Windows\System\muVVfoy.exe
  C:\Windows\System\muVVfoy.exe
  2⤵
  PID:1852
- C:\Windows\System\YOpgwqa.exe
  C:\Windows\System\YOpgwqa.exe
  2⤵
  PID:2564
- C:\Windows\System\CiqVlPR.exe
  C:\Windows\System\CiqVlPR.exe
  2⤵
  PID:768
- C:\Windows\System\GoegQej.exe
  C:\Windows\System\GoegQej.exe
  2⤵
  PID:2724
- C:\Windows\System\WSDIwGl.exe
  C:\Windows\System\WSDIwGl.exe
  2⤵
  PID:2652
- C:\Windows\System\LRHdUJA.exe
  C:\Windows\System\LRHdUJA.exe
  2⤵
  PID:1008
- C:\Windows\System\sxvWnUm.exe
  C:\Windows\System\sxvWnUm.exe
  2⤵
  PID:2520
- C:\Windows\System\AFHHEkd.exe
  C:\Windows\System\AFHHEkd.exe
  2⤵
  PID:1256
- C:\Windows\System\XqiHXVg.exe
  C:\Windows\System\XqiHXVg.exe
  2⤵
  PID:2864
- C:\Windows\System\AqzwYTs.exe
  C:\Windows\System\AqzwYTs.exe
  2⤵
  PID:2256
- C:\Windows\System\SbYnfth.exe
  C:\Windows\System\SbYnfth.exe
  2⤵
  PID:2420
- C:\Windows\System\eqGJxYc.exe
  C:\Windows\System\eqGJxYc.exe
  2⤵
  PID:264
- C:\Windows\System\crRvWoa.exe
  C:\Windows\System\crRvWoa.exe
  2⤵
  PID:1144
- C:\Windows\System\BHBgwTo.exe
  C:\Windows\System\BHBgwTo.exe
  2⤵
  PID:3084
- C:\Windows\System\gSnUGLD.exe
  C:\Windows\System\gSnUGLD.exe
  2⤵
  PID:3100
- C:\Windows\System\TpNnvzZ.exe
  C:\Windows\System\TpNnvzZ.exe
  2⤵
  PID:3116
- C:\Windows\System\EhAQItA.exe
  C:\Windows\System\EhAQItA.exe
  2⤵
  PID:3132
- C:\Windows\System\blaVACy.exe
  C:\Windows\System\blaVACy.exe
  2⤵
  PID:3148
- C:\Windows\System\akjYWHa.exe
  C:\Windows\System\akjYWHa.exe
  2⤵
  PID:3164
- C:\Windows\System\qfKDdjc.exe
  C:\Windows\System\qfKDdjc.exe
  2⤵
  PID:3180
- C:\Windows\System\wWZjfjR.exe
  C:\Windows\System\wWZjfjR.exe
  2⤵
  PID:3196
- C:\Windows\System\wGmBgUu.exe
  C:\Windows\System\wGmBgUu.exe
  2⤵
  PID:3212
- C:\Windows\System\qbPxsCs.exe
  C:\Windows\System\qbPxsCs.exe
  2⤵
  PID:3228
- C:\Windows\System\zxGRycK.exe
  C:\Windows\System\zxGRycK.exe
  2⤵
  PID:3244
- C:\Windows\System\JPrKYHU.exe
  C:\Windows\System\JPrKYHU.exe
  2⤵
  PID:3260
- C:\Windows\System\TZoVpJj.exe
  C:\Windows\System\TZoVpJj.exe
  2⤵
  PID:3280
- C:\Windows\System\vlvkrDQ.exe
  C:\Windows\System\vlvkrDQ.exe
  2⤵
  PID:3296
- C:\Windows\System\dsnxVJj.exe
  C:\Windows\System\dsnxVJj.exe
  2⤵
  PID:3312
- C:\Windows\System\kQfcPFu.exe
  C:\Windows\System\kQfcPFu.exe
  2⤵
  PID:3328
- C:\Windows\System\RIUKyAb.exe
  C:\Windows\System\RIUKyAb.exe
  2⤵
  PID:3344
- C:\Windows\System\HpGQXMv.exe
  C:\Windows\System\HpGQXMv.exe
  2⤵
  PID:3360
- C:\Windows\System\uwGfMiD.exe
  C:\Windows\System\uwGfMiD.exe
  2⤵
  PID:3376
- C:\Windows\System\NYRIued.exe
  C:\Windows\System\NYRIued.exe
  2⤵
  PID:3396
- C:\Windows\System\NDbdsvR.exe
  C:\Windows\System\NDbdsvR.exe
  2⤵
  PID:3500
- C:\Windows\System\aTbUtfw.exe
  C:\Windows\System\aTbUtfw.exe
  2⤵
  PID:3552
- C:\Windows\System\iCLBQnO.exe
  C:\Windows\System\iCLBQnO.exe
  2⤵
  PID:3592
- C:\Windows\System\xTRniVR.exe
  C:\Windows\System\xTRniVR.exe
  2⤵
  PID:3632
- C:\Windows\System\qRbAcJF.exe
  C:\Windows\System\qRbAcJF.exe
  2⤵
  PID:3672
- C:\Windows\System\YWTGQmq.exe
  C:\Windows\System\YWTGQmq.exe
  2⤵
  PID:3752
- C:\Windows\System\tzhHzMw.exe
  C:\Windows\System\tzhHzMw.exe
  2⤵
  PID:3788
- C:\Windows\System\hGnivDP.exe
  C:\Windows\System\hGnivDP.exe
  2⤵
  PID:4088
- C:\Windows\System\YGZtjCF.exe
  C:\Windows\System\YGZtjCF.exe
  2⤵
  PID:2548
- C:\Windows\System\PnIsfBj.exe
  C:\Windows\System\PnIsfBj.exe
  2⤵
  PID:2732
- C:\Windows\System\hPdiwkK.exe
  C:\Windows\System\hPdiwkK.exe
  2⤵
  PID:676
- C:\Windows\System\VAjKmHn.exe
  C:\Windows\System\VAjKmHn.exe
  2⤵
  PID:1740
- C:\Windows\System\UbCNyki.exe
  C:\Windows\System\UbCNyki.exe
  2⤵
  PID:2280
- C:\Windows\System\CPnmFZv.exe
  C:\Windows\System\CPnmFZv.exe
  2⤵
  PID:1660
- C:\Windows\System\XzQqHYP.exe
  C:\Windows\System\XzQqHYP.exe
  2⤵
  PID:2920
- C:\Windows\System\oHDXNOr.exe
  C:\Windows\System\oHDXNOr.exe
  2⤵
  PID:2680
- C:\Windows\System\pTppFTo.exe
  C:\Windows\System\pTppFTo.exe
  2⤵
  PID:3004
- C:\Windows\System\UEIlcii.exe
  C:\Windows\System\UEIlcii.exe
  2⤵
  PID:964
- C:\Windows\System\eBuBSUd.exe
  C:\Windows\System\eBuBSUd.exe
  2⤵
  PID:3080
- C:\Windows\System\qQxkQGO.exe
  C:\Windows\System\qQxkQGO.exe
  2⤵
  PID:3144
- C:\Windows\System\zRvWcuj.exe
  C:\Windows\System\zRvWcuj.exe
  2⤵
  PID:3208
- C:\Windows\System\yfPNhWq.exe
  C:\Windows\System\yfPNhWq.exe
  2⤵
  PID:3192
- C:\Windows\System\ZwbmSmh.exe
  C:\Windows\System\ZwbmSmh.exe
  2⤵
  PID:3224
- C:\Windows\System\EdrbZeo.exe
  C:\Windows\System\EdrbZeo.exe
  2⤵
  PID:3304
- C:\Windows\System\vQeWoKy.exe
  C:\Windows\System\vQeWoKy.exe
  2⤵
  PID:3340
- C:\Windows\System\EcJbDui.exe
  C:\Windows\System\EcJbDui.exe
  2⤵
  PID:3384
- C:\Windows\System\GqYjfRV.exe
  C:\Windows\System\GqYjfRV.exe
  2⤵
  PID:3424
- C:\Windows\System\NRkTXzZ.exe
  C:\Windows\System\NRkTXzZ.exe
  2⤵
  PID:3444
- C:\Windows\System\dexdCLq.exe
  C:\Windows\System\dexdCLq.exe
  2⤵
  PID:3460
- C:\Windows\System\vQzFrXG.exe
  C:\Windows\System\vQzFrXG.exe
  2⤵
  PID:3480
- C:\Windows\System\zusRtTf.exe
  C:\Windows\System\zusRtTf.exe
  2⤵
  PID:3496
- C:\Windows\System\uFWpqeJ.exe
  C:\Windows\System\uFWpqeJ.exe
  2⤵
  PID:3576
- C:\Windows\System\SltBRXd.exe
  C:\Windows\System\SltBRXd.exe
  2⤵
  PID:3640
- C:\Windows\System\ieoJWFD.exe
  C:\Windows\System\ieoJWFD.exe
  2⤵
  PID:3656
- C:\Windows\System\fNYWaIa.exe
  C:\Windows\System\fNYWaIa.exe
  2⤵
  PID:2528
- C:\Windows\System\oIaIhrt.exe
  C:\Windows\System\oIaIhrt.exe
  2⤵
  PID:3516
- C:\Windows\System\cTmqold.exe
  C:\Windows\System\cTmqold.exe
  2⤵
  PID:3532
- C:\Windows\System\alFHPZr.exe
  C:\Windows\System\alFHPZr.exe
  2⤵
  PID:3604
- C:\Windows\System\NVxHlnp.exe
  C:\Windows\System\NVxHlnp.exe
  2⤵
  PID:3620
- C:\Windows\System\HZATcjy.exe
  C:\Windows\System\HZATcjy.exe
  2⤵
  PID:3688
- C:\Windows\System\UKZFWYx.exe
  C:\Windows\System\UKZFWYx.exe
  2⤵
  PID:3712
- C:\Windows\System\yGtKwIS.exe
  C:\Windows\System\yGtKwIS.exe
  2⤵
  PID:3728
- C:\Windows\System\uPsbuRZ.exe
  C:\Windows\System\uPsbuRZ.exe
  2⤵
  PID:3744
- C:\Windows\System\UhLaFbX.exe
  C:\Windows\System\UhLaFbX.exe
  2⤵
  PID:3812
- C:\Windows\System\xPKkQcG.exe
  C:\Windows\System\xPKkQcG.exe
  2⤵
  PID:3824
- C:\Windows\System\DTNNEJC.exe
  C:\Windows\System\DTNNEJC.exe
  2⤵
  PID:3840
- C:\Windows\System\aCpVzKp.exe
  C:\Windows\System\aCpVzKp.exe
  2⤵
  PID:3856
- C:\Windows\System\sGRRZBq.exe
  C:\Windows\System\sGRRZBq.exe
  2⤵
  PID:3884
- C:\Windows\System\OZVKpmN.exe
  C:\Windows\System\OZVKpmN.exe
  2⤵
  PID:3912
- C:\Windows\System\kMqBxHV.exe
  C:\Windows\System\kMqBxHV.exe
  2⤵
  PID:3936
- C:\Windows\System\FqlCVOo.exe
  C:\Windows\System\FqlCVOo.exe
  2⤵
  PID:3960
- C:\Windows\System\BoSNclQ.exe
  C:\Windows\System\BoSNclQ.exe
  2⤵
  PID:3980
- C:\Windows\System\zNiFrjF.exe
  C:\Windows\System\zNiFrjF.exe
  2⤵
  PID:4004
- C:\Windows\System\qzHYrRf.exe
  C:\Windows\System\qzHYrRf.exe
  2⤵
  PID:4020
- C:\Windows\System\oKPBnAN.exe
  C:\Windows\System\oKPBnAN.exe
  2⤵
  PID:4040
- C:\Windows\System\RXBLdBd.exe
  C:\Windows\System\RXBLdBd.exe
  2⤵
  PID:4060
- C:\Windows\System\RsFUGrS.exe
  C:\Windows\System\RsFUGrS.exe
  2⤵
  PID:4080
- C:\Windows\System\OtmyTuj.exe
  C:\Windows\System\OtmyTuj.exe
  2⤵
  PID:1164
- C:\Windows\System\TgHgxIb.exe
  C:\Windows\System\TgHgxIb.exe
  2⤵
  PID:2100
- C:\Windows\System\uYGbtNx.exe
  C:\Windows\System\uYGbtNx.exe
  2⤵
  PID:3068
- C:\Windows\System\KLOsrEd.exe
  C:\Windows\System\KLOsrEd.exe
  2⤵
  PID:2888
- C:\Windows\System\nLQcdZt.exe
  C:\Windows\System\nLQcdZt.exe
  2⤵
  PID:2080
- C:\Windows\System\ePSFhWQ.exe
  C:\Windows\System\ePSFhWQ.exe
  2⤵
  PID:3128
- C:\Windows\System\jmIsxJe.exe
  C:\Windows\System\jmIsxJe.exe
  2⤵
  PID:3252
- C:\Windows\System\RhPBnDN.exe
  C:\Windows\System\RhPBnDN.exe
  2⤵
  PID:3160
- C:\Windows\System\rlxmobi.exe
  C:\Windows\System\rlxmobi.exe
  2⤵
  PID:3336
- C:\Windows\System\IqRDlhC.exe
  C:\Windows\System\IqRDlhC.exe
  2⤵
  PID:3288
- C:\Windows\System\myiEEro.exe
  C:\Windows\System\myiEEro.exe
  2⤵
  PID:3456
- C:\Windows\System\dTbowak.exe
  C:\Windows\System\dTbowak.exe
  2⤵
  PID:3368
- C:\Windows\System\KPwMUiC.exe
  C:\Windows\System\KPwMUiC.exe
  2⤵
  PID:3568
- C:\Windows\System\gsPJXho.exe
  C:\Windows\System\gsPJXho.exe
  2⤵
  PID:3468
- C:\Windows\System\mjldajN.exe
  C:\Windows\System\mjldajN.exe
  2⤵
  PID:3644
- C:\Windows\System\geZnSgw.exe
  C:\Windows\System\geZnSgw.exe
  2⤵
  PID:3524
- C:\Windows\System\zRjLkhK.exe
  C:\Windows\System\zRjLkhK.exe
  2⤵
  PID:3612
- C:\Windows\System\olhNKfW.exe
  C:\Windows\System\olhNKfW.exe
  2⤵
  PID:3600
- C:\Windows\System\WgxvodG.exe
  C:\Windows\System\WgxvodG.exe
  2⤵
  PID:3628
- C:\Windows\System\YMPKkkI.exe
  C:\Windows\System\YMPKkkI.exe
  2⤵
  PID:3724
- C:\Windows\System\QHamOzf.exe
  C:\Windows\System\QHamOzf.exe
  2⤵
  PID:3820
- C:\Windows\System\JKiITQW.exe
  C:\Windows\System\JKiITQW.exe
  2⤵
  PID:3868
- C:\Windows\System\GUZIZTo.exe
  C:\Windows\System\GUZIZTo.exe
  2⤵
  PID:3876
- C:\Windows\System\OyjsdKA.exe
  C:\Windows\System\OyjsdKA.exe
  2⤵
  PID:3832
- C:\Windows\System\mOtIBES.exe
  C:\Windows\System\mOtIBES.exe
  2⤵
  PID:3948
- C:\Windows\System\KbZQBST.exe
  C:\Windows\System\KbZQBST.exe
  2⤵
  PID:3968
- C:\Windows\System\LnUvdWn.exe
  C:\Windows\System\LnUvdWn.exe
  2⤵
  PID:3992
- C:\Windows\System\RQhiXfA.exe
  C:\Windows\System\RQhiXfA.exe
  2⤵
  PID:4032
- C:\Windows\System\CHypFnx.exe
  C:\Windows\System\CHypFnx.exe
  2⤵
  PID:4052
- C:\Windows\System\PjboVAF.exe
  C:\Windows\System\PjboVAF.exe
  2⤵
  PID:1504
- C:\Windows\System\ETExQbp.exe
  C:\Windows\System\ETExQbp.exe
  2⤵
  PID:1636
- C:\Windows\System\uLFivdE.exe
  C:\Windows\System\uLFivdE.exe
  2⤵
  PID:3320
- C:\Windows\System\CrqpzqL.exe
  C:\Windows\System\CrqpzqL.exe
  2⤵
  PID:3176
- C:\Windows\System\sTijQWA.exe
  C:\Windows\System\sTijQWA.exe
  2⤵
  PID:3140
- C:\Windows\System\kIcxzTh.exe
  C:\Windows\System\kIcxzTh.exe
  2⤵
  PID:3256
- C:\Windows\System\vjKEBSR.exe
  C:\Windows\System\vjKEBSR.exe
  2⤵
  PID:4108
- C:\Windows\System\gIlEEgO.exe
  C:\Windows\System\gIlEEgO.exe
  2⤵
  PID:4124
- C:\Windows\System\KkOEGcd.exe
  C:\Windows\System\KkOEGcd.exe
  2⤵
  PID:4148
- C:\Windows\System\SDqdlWE.exe
  C:\Windows\System\SDqdlWE.exe
  2⤵
  PID:4168
- C:\Windows\System\lyZJzTr.exe
  C:\Windows\System\lyZJzTr.exe
  2⤵
  PID:4188
- C:\Windows\System\oSJIXbJ.exe
  C:\Windows\System\oSJIXbJ.exe
  2⤵
  PID:4208
- C:\Windows\System\vkiLRhz.exe
  C:\Windows\System\vkiLRhz.exe
  2⤵
  PID:4228
- C:\Windows\System\ZYdvkbj.exe
  C:\Windows\System\ZYdvkbj.exe
  2⤵
  PID:4248
- C:\Windows\System\ydPzvrq.exe
  C:\Windows\System\ydPzvrq.exe
  2⤵
  PID:4268
- C:\Windows\System\broGQOi.exe
  C:\Windows\System\broGQOi.exe
  2⤵
  PID:4288
- C:\Windows\System\AweHTDN.exe
  C:\Windows\System\AweHTDN.exe
  2⤵
  PID:4312
- C:\Windows\System\BnagRBN.exe
  C:\Windows\System\BnagRBN.exe
  2⤵
  PID:4332
- C:\Windows\System\gjwEOnf.exe
  C:\Windows\System\gjwEOnf.exe
  2⤵
  PID:4352
- C:\Windows\System\sYudGlL.exe
  C:\Windows\System\sYudGlL.exe
  2⤵
  PID:4380
- C:\Windows\System\hlfzsyZ.exe
  C:\Windows\System\hlfzsyZ.exe
  2⤵
  PID:4400
- C:\Windows\System\bnOqCpj.exe
  C:\Windows\System\bnOqCpj.exe
  2⤵
  PID:4420
- C:\Windows\System\OaCnXno.exe
  C:\Windows\System\OaCnXno.exe
  2⤵
  PID:4440
- C:\Windows\System\zeclnzz.exe
  C:\Windows\System\zeclnzz.exe
  2⤵
  PID:4464
- C:\Windows\System\AZJzqyG.exe
  C:\Windows\System\AZJzqyG.exe
  2⤵
  PID:4480
- C:\Windows\System\pvJOYeK.exe
  C:\Windows\System\pvJOYeK.exe
  2⤵
  PID:4508
- C:\Windows\System\UWIEghW.exe
  C:\Windows\System\UWIEghW.exe
  2⤵
  PID:4524
- C:\Windows\System\XgvXPUt.exe
  C:\Windows\System\XgvXPUt.exe
  2⤵
  PID:4544
- C:\Windows\System\TvsfDss.exe
  C:\Windows\System\TvsfDss.exe
  2⤵
  PID:4568
- C:\Windows\System\WTHxiHx.exe
  C:\Windows\System\WTHxiHx.exe
  2⤵
  PID:4592
- C:\Windows\System\UfIVVQg.exe
  C:\Windows\System\UfIVVQg.exe
  2⤵
  PID:4616
- C:\Windows\System\iDpobIi.exe
  C:\Windows\System\iDpobIi.exe
  2⤵
  PID:4636
- C:\Windows\System\yXThYpB.exe
  C:\Windows\System\yXThYpB.exe
  2⤵
  PID:4656
- C:\Windows\System\nXxreIL.exe
  C:\Windows\System\nXxreIL.exe
  2⤵
  PID:4672
- C:\Windows\System\wFSwWEg.exe
  C:\Windows\System\wFSwWEg.exe
  2⤵
  PID:4700
- C:\Windows\System\WfscAye.exe
  C:\Windows\System\WfscAye.exe
  2⤵
  PID:4728
- C:\Windows\System\VuMtTmd.exe
  C:\Windows\System\VuMtTmd.exe
  2⤵
  PID:4744
- C:\Windows\System\rRmEQcK.exe
  C:\Windows\System\rRmEQcK.exe
  2⤵
  PID:4764
- C:\Windows\System\xSSlcBV.exe
  C:\Windows\System\xSSlcBV.exe
  2⤵
  PID:4784
- C:\Windows\System\uqKPhaf.exe
  C:\Windows\System\uqKPhaf.exe
  2⤵
  PID:4812
- C:\Windows\System\URVEWgA.exe
  C:\Windows\System\URVEWgA.exe
  2⤵
  PID:4832
- C:\Windows\System\HwiwoJn.exe
  C:\Windows\System\HwiwoJn.exe
  2⤵
  PID:4852
- C:\Windows\System\BYPsFPd.exe
  C:\Windows\System\BYPsFPd.exe
  2⤵
  PID:4872
- C:\Windows\System\FmIDThB.exe
  C:\Windows\System\FmIDThB.exe
  2⤵
  PID:4892
- C:\Windows\System\ebAzLWJ.exe
  C:\Windows\System\ebAzLWJ.exe
  2⤵
  PID:4908
- C:\Windows\System\QGXAwlO.exe
  C:\Windows\System\QGXAwlO.exe
  2⤵
  PID:4932
- C:\Windows\System\WIZFjQn.exe
  C:\Windows\System\WIZFjQn.exe
  2⤵
  PID:4956
- C:\Windows\System\aBOEaMF.exe
  C:\Windows\System\aBOEaMF.exe
  2⤵
  PID:4976
- C:\Windows\System\XIrLpgV.exe
  C:\Windows\System\XIrLpgV.exe
  2⤵
  PID:4996
- C:\Windows\System\NKewolc.exe
  C:\Windows\System\NKewolc.exe
  2⤵
  PID:5016
- C:\Windows\System\HwOzHFu.exe
  C:\Windows\System\HwOzHFu.exe
  2⤵
  PID:5036
- C:\Windows\System\crlCpWh.exe
  C:\Windows\System\crlCpWh.exe
  2⤵
  PID:5056
- C:\Windows\System\fQCNdFO.exe
  C:\Windows\System\fQCNdFO.exe
  2⤵
  PID:5080
- C:\Windows\System\fyAXwbX.exe
  C:\Windows\System\fyAXwbX.exe
  2⤵
  PID:5104
- C:\Windows\System\zFegchr.exe
  C:\Windows\System\zFegchr.exe
  2⤵
  PID:3452
- C:\Windows\System\ZUxxURC.exe
  C:\Windows\System\ZUxxURC.exe
  2⤵
  PID:3652
- C:\Windows\System\xlCSuRl.exe
  C:\Windows\System\xlCSuRl.exe
  2⤵
  PID:3664
- C:\Windows\System\bgrlcxW.exe
  C:\Windows\System\bgrlcxW.exe
  2⤵
  PID:3760
- C:\Windows\System\mpzxvdr.exe
  C:\Windows\System\mpzxvdr.exe
  2⤵
  PID:3544
- C:\Windows\System\yeOoVbq.exe
  C:\Windows\System\yeOoVbq.exe
  2⤵
  PID:3700
- C:\Windows\System\eahQVgH.exe
  C:\Windows\System\eahQVgH.exe
  2⤵
  PID:3888
- C:\Windows\System\zSQsddw.exe
  C:\Windows\System\zSQsddw.exe
  2⤵
  PID:3800
- C:\Windows\System\cCxadcp.exe
  C:\Windows\System\cCxadcp.exe
  2⤵
  PID:3904
- C:\Windows\System\iIeWOUG.exe
  C:\Windows\System\iIeWOUG.exe
  2⤵
  PID:3944
- C:\Windows\System\GFyPoLh.exe
  C:\Windows\System\GFyPoLh.exe
  2⤵
  PID:3972
- C:\Windows\System\XAfAygv.exe
  C:\Windows\System\XAfAygv.exe
  2⤵
  PID:2248
- C:\Windows\System\gwUkbQl.exe
  C:\Windows\System\gwUkbQl.exe
  2⤵
  PID:2276
- C:\Windows\System\hxpLcCg.exe
  C:\Windows\System\hxpLcCg.exe
  2⤵
  PID:2840
- C:\Windows\System\CRtSviO.exe
  C:\Windows\System\CRtSviO.exe
  2⤵
  PID:3240
- C:\Windows\System\fjgelJQ.exe
  C:\Windows\System\fjgelJQ.exe
  2⤵
  PID:3276
- C:\Windows\System\rkakYph.exe
  C:\Windows\System\rkakYph.exe
  2⤵
  PID:4140
- C:\Windows\System\hZvpTMQ.exe
  C:\Windows\System\hZvpTMQ.exe
  2⤵
  PID:4156
- C:\Windows\System\jqqXLqJ.exe
  C:\Windows\System\jqqXLqJ.exe
  2⤵
  PID:4196
- C:\Windows\System\NAVVcTs.exe
  C:\Windows\System\NAVVcTs.exe
  2⤵
  PID:4220
- C:\Windows\System\votjsqz.exe
  C:\Windows\System\votjsqz.exe
  2⤵
  PID:4308
- C:\Windows\System\TMgDzjd.exe
  C:\Windows\System\TMgDzjd.exe
  2⤵
  PID:4276
- C:\Windows\System\TnZeGWf.exe
  C:\Windows\System\TnZeGWf.exe
  2⤵
  PID:4340
- C:\Windows\System\uxtbsas.exe
  C:\Windows\System\uxtbsas.exe
  2⤵
  PID:4368
- C:\Windows\System\hKGUOFH.exe
  C:\Windows\System\hKGUOFH.exe
  2⤵
  PID:4408
- C:\Windows\System\ItMjTbh.exe
  C:\Windows\System\ItMjTbh.exe
  2⤵
  PID:4428
- C:\Windows\System\haSHLZn.exe
  C:\Windows\System\haSHLZn.exe
  2⤵
  PID:2804
- C:\Windows\System\xkmldFs.exe
  C:\Windows\System\xkmldFs.exe
  2⤵
  PID:4500
- C:\Windows\System\XlgFkqZ.exe
  C:\Windows\System\XlgFkqZ.exe
  2⤵
  PID:4476
- C:\Windows\System\kllxfCc.exe
  C:\Windows\System\kllxfCc.exe
  2⤵
  PID:4552
- C:\Windows\System\vByssCw.exe
  C:\Windows\System\vByssCw.exe
  2⤵
  PID:4580
- C:\Windows\System\eTZtNvm.exe
  C:\Windows\System\eTZtNvm.exe
  2⤵
  PID:4628
- C:\Windows\System\ZZVPhKD.exe
  C:\Windows\System\ZZVPhKD.exe
  2⤵
  PID:4668
- C:\Windows\System\micfREo.exe
  C:\Windows\System\micfREo.exe
  2⤵
  PID:4696
- C:\Windows\System\HQWNqPv.exe
  C:\Windows\System\HQWNqPv.exe
  2⤵
  PID:4756
- C:\Windows\System\ETnfgol.exe
  C:\Windows\System\ETnfgol.exe
  2⤵
  PID:4776
- C:\Windows\System\WoosRyK.exe
  C:\Windows\System\WoosRyK.exe
  2⤵
  PID:4848
- C:\Windows\System\UOGUuSJ.exe
  C:\Windows\System\UOGUuSJ.exe
  2⤵
  PID:4868
- C:\Windows\System\VZMmrqJ.exe
  C:\Windows\System\VZMmrqJ.exe
  2⤵
  PID:4916
- C:\Windows\System\uzOLuAw.exe
  C:\Windows\System\uzOLuAw.exe
  2⤵
  PID:4904
- C:\Windows\System\OVhVbyA.exe
  C:\Windows\System\OVhVbyA.exe
  2⤵
  PID:4972
- C:\Windows\System\ehPrSuq.exe
  C:\Windows\System\ehPrSuq.exe
  2⤵
  PID:5012
- C:\Windows\System\mbhhZyV.exe
  C:\Windows\System\mbhhZyV.exe
  2⤵
  PID:5024
- C:\Windows\System\CRrMmsN.exe
  C:\Windows\System\CRrMmsN.exe
  2⤵
  PID:5028
- C:\Windows\System\umDfLVM.exe
  C:\Windows\System\umDfLVM.exe
  2⤵
  PID:5096
- C:\Windows\System\YxtSjCy.exe
  C:\Windows\System\YxtSjCy.exe
  2⤵
  PID:5116
- C:\Windows\System\rBWtOET.exe
  C:\Windows\System\rBWtOET.exe
  2⤵
  PID:2336
- C:\Windows\System\YLWfpGT.exe
  C:\Windows\System\YLWfpGT.exe
  2⤵
  PID:3784
- C:\Windows\System\tAJPEuV.exe
  C:\Windows\System\tAJPEuV.exe
  2⤵
  PID:3892
- C:\Windows\System\hKJjflD.exe
  C:\Windows\System\hKJjflD.exe
  2⤵
  PID:3908
- C:\Windows\System\HjXbmee.exe
  C:\Windows\System\HjXbmee.exe
  2⤵
  PID:3924
- C:\Windows\System\ENuAKfV.exe
  C:\Windows\System\ENuAKfV.exe
  2⤵
  PID:4028
- C:\Windows\System\ZQwdQBq.exe
  C:\Windows\System\ZQwdQBq.exe
  2⤵
  PID:4048
- C:\Windows\System\JOrlprQ.exe
  C:\Windows\System\JOrlprQ.exe
  2⤵
  PID:2972
- C:\Windows\System\EtDMDWW.exe
  C:\Windows\System\EtDMDWW.exe
  2⤵
  PID:4116
- C:\Windows\System\loalRim.exe
  C:\Windows\System\loalRim.exe
  2⤵
  PID:4224
- C:\Windows\System\EBaWmXL.exe
  C:\Windows\System\EBaWmXL.exe
  2⤵
  PID:4264
- C:\Windows\System\LHgPOya.exe
  C:\Windows\System\LHgPOya.exe
  2⤵
  PID:4240
- C:\Windows\System\FkOeksq.exe
  C:\Windows\System\FkOeksq.exe
  2⤵
  PID:4320
- C:\Windows\System\SUNeSfY.exe
  C:\Windows\System\SUNeSfY.exe
  2⤵
  PID:4460
- C:\Windows\System\CqUyJZP.exe
  C:\Windows\System\CqUyJZP.exe
  2⤵
  PID:4448
- C:\Windows\System\OUWlaBJ.exe
  C:\Windows\System\OUWlaBJ.exe
  2⤵
  PID:4520
- C:\Windows\System\VgcMCvo.exe
  C:\Windows\System\VgcMCvo.exe
  2⤵
  PID:4632
- C:\Windows\System\cYMZxMf.exe
  C:\Windows\System\cYMZxMf.exe
  2⤵
  PID:4716
- C:\Windows\System\SZQJxLu.exe
  C:\Windows\System\SZQJxLu.exe
  2⤵
  PID:4648
- C:\Windows\System\lCtmsJA.exe
  C:\Windows\System\lCtmsJA.exe
  2⤵
  PID:4760
- C:\Windows\System\Dcpklbo.exe
  C:\Windows\System\Dcpklbo.exe
  2⤵
  PID:4828
- C:\Windows\System\IUKqTjc.exe
  C:\Windows\System\IUKqTjc.exe
  2⤵
  PID:4888
- C:\Windows\System\RNjUOuk.exe
  C:\Windows\System\RNjUOuk.exe
  2⤵
  PID:4984
- C:\Windows\System\kSBjtgz.exe
  C:\Windows\System\kSBjtgz.exe
  2⤵
  PID:4964
- C:\Windows\System\avSWnpS.exe
  C:\Windows\System\avSWnpS.exe
  2⤵
  PID:5008
- C:\Windows\System\HfUfBoi.exe
  C:\Windows\System\HfUfBoi.exe
  2⤵
  PID:3492
- C:\Windows\System\ZTriaif.exe
  C:\Windows\System\ZTriaif.exe
  2⤵
  PID:3292
- C:\Windows\System\CyOeRTi.exe
  C:\Windows\System\CyOeRTi.exe
  2⤵
  PID:3740
- C:\Windows\System\PzQRTHp.exe
  C:\Windows\System\PzQRTHp.exe
  2⤵
  PID:3996
- C:\Windows\System\DspzEfd.exe
  C:\Windows\System\DspzEfd.exe
  2⤵
  PID:3932
- C:\Windows\System\OCMThWF.exe
  C:\Windows\System\OCMThWF.exe
  2⤵
  PID:2404
- C:\Windows\System\aLbdjXa.exe
  C:\Windows\System\aLbdjXa.exe
  2⤵
  PID:4120
- C:\Windows\System\wgZWjZz.exe
  C:\Windows\System\wgZWjZz.exe
  2⤵
  PID:4260
- C:\Windows\System\mAhAdrC.exe
  C:\Windows\System\mAhAdrC.exe
  2⤵
  PID:4324
- C:\Windows\System\wYhDCpd.exe
  C:\Windows\System\wYhDCpd.exe
  2⤵
  PID:4392
- C:\Windows\System\GYqwQbZ.exe
  C:\Windows\System\GYqwQbZ.exe
  2⤵
  PID:5136
- C:\Windows\System\hzVqnJh.exe
  C:\Windows\System\hzVqnJh.exe
  2⤵
  PID:5160
- C:\Windows\System\FtbtCRY.exe
  C:\Windows\System\FtbtCRY.exe
  2⤵
  PID:5176
- C:\Windows\System\QCffJIu.exe
  C:\Windows\System\QCffJIu.exe
  2⤵
  PID:5196
- C:\Windows\System\YqVPPwE.exe
  C:\Windows\System\YqVPPwE.exe
  2⤵
  PID:5220
- C:\Windows\System\ioZjBCe.exe
  C:\Windows\System\ioZjBCe.exe
  2⤵
  PID:5240
- C:\Windows\System\rDxKeUM.exe
  C:\Windows\System\rDxKeUM.exe
  2⤵
  PID:5260
- C:\Windows\System\mlURxRB.exe
  C:\Windows\System\mlURxRB.exe
  2⤵
  PID:5280
- C:\Windows\System\kYpnrqV.exe
  C:\Windows\System\kYpnrqV.exe
  2⤵
  PID:5300
- C:\Windows\System\PrgfwDI.exe
  C:\Windows\System\PrgfwDI.exe
  2⤵
  PID:5324
- C:\Windows\System\LoYhdKI.exe
  C:\Windows\System\LoYhdKI.exe
  2⤵
  PID:5344
- C:\Windows\System\mgYkXYh.exe
  C:\Windows\System\mgYkXYh.exe
  2⤵
  PID:5360
- C:\Windows\System\uyXszJS.exe
  C:\Windows\System\uyXszJS.exe
  2⤵
  PID:5384
- C:\Windows\System\ypSIKUZ.exe
  C:\Windows\System\ypSIKUZ.exe
  2⤵
  PID:5400
- C:\Windows\System\JghudPv.exe
  C:\Windows\System\JghudPv.exe
  2⤵
  PID:5424
- C:\Windows\System\WeKnUvj.exe
  C:\Windows\System\WeKnUvj.exe
  2⤵
  PID:5444
- C:\Windows\System\wWsHjMS.exe
  C:\Windows\System\wWsHjMS.exe
  2⤵
  PID:5460
- C:\Windows\System\PRjfNOh.exe
  C:\Windows\System\PRjfNOh.exe
  2⤵
  PID:5484
- C:\Windows\System\geIMzDe.exe
  C:\Windows\System\geIMzDe.exe
  2⤵
  PID:5500
- C:\Windows\System\PvMunzd.exe
  C:\Windows\System\PvMunzd.exe
  2⤵
  PID:5520
- C:\Windows\System\ODBOLVi.exe
  C:\Windows\System\ODBOLVi.exe
  2⤵
  PID:5544
- C:\Windows\System\SAVckqe.exe
  C:\Windows\System\SAVckqe.exe
  2⤵
  PID:5564
- C:\Windows\System\SBsgPce.exe
  C:\Windows\System\SBsgPce.exe
  2⤵
  PID:5584
- C:\Windows\System\FNdZopI.exe
  C:\Windows\System\FNdZopI.exe
  2⤵
  PID:5600
- C:\Windows\System\hDlIRne.exe
  C:\Windows\System\hDlIRne.exe
  2⤵
  PID:5624
- C:\Windows\System\spOWdtu.exe
  C:\Windows\System\spOWdtu.exe
  2⤵
  PID:5644
- C:\Windows\System\HPotShM.exe
  C:\Windows\System\HPotShM.exe
  2⤵
  PID:5664
- C:\Windows\System\cIFAqoD.exe
  C:\Windows\System\cIFAqoD.exe
  2⤵
  PID:5688
- C:\Windows\System\USYkfNi.exe
  C:\Windows\System\USYkfNi.exe
  2⤵
  PID:5708
- C:\Windows\System\YQsePgL.exe
  C:\Windows\System\YQsePgL.exe
  2⤵
  PID:5728
- C:\Windows\System\ISfszfG.exe
  C:\Windows\System\ISfszfG.exe
  2⤵
  PID:5752
- C:\Windows\System\LODBNdu.exe
  C:\Windows\System\LODBNdu.exe
  2⤵
  PID:5772
- C:\Windows\System\nDgpuoV.exe
  C:\Windows\System\nDgpuoV.exe
  2⤵
  PID:5792
- C:\Windows\System\YPHniew.exe
  C:\Windows\System\YPHniew.exe
  2⤵
  PID:5812
- C:\Windows\System\flgIIpM.exe
  C:\Windows\System\flgIIpM.exe
  2⤵
  PID:5832
- C:\Windows\System\cylEMfP.exe
  C:\Windows\System\cylEMfP.exe
  2⤵
  PID:5852
- C:\Windows\System\jFYOqWd.exe
  C:\Windows\System\jFYOqWd.exe
  2⤵
  PID:5872
- C:\Windows\System\aQXMQNa.exe
  C:\Windows\System\aQXMQNa.exe
  2⤵
  PID:5892
- C:\Windows\System\uWolEVd.exe
  C:\Windows\System\uWolEVd.exe
  2⤵
  PID:5912
- C:\Windows\System\oARDILb.exe
  C:\Windows\System\oARDILb.exe
  2⤵
  PID:5932
- C:\Windows\System\XTiTLvO.exe
  C:\Windows\System\XTiTLvO.exe
  2⤵
  PID:5952
- C:\Windows\System\YfQAGNU.exe
  C:\Windows\System\YfQAGNU.exe
  2⤵
  PID:5972
- C:\Windows\System\waDlYbY.exe
  C:\Windows\System\waDlYbY.exe
  2⤵
  PID:5992
- C:\Windows\System\BiyitJb.exe
  C:\Windows\System\BiyitJb.exe
  2⤵
  PID:6012
- C:\Windows\System\GrZJmwJ.exe
  C:\Windows\System\GrZJmwJ.exe
  2⤵
  PID:6032
- C:\Windows\System\MpGhoPA.exe
  C:\Windows\System\MpGhoPA.exe
  2⤵
  PID:6052
- C:\Windows\System\kXENoUR.exe
  C:\Windows\System\kXENoUR.exe
  2⤵
  PID:6072
- C:\Windows\System\EslHlCi.exe
  C:\Windows\System\EslHlCi.exe
  2⤵
  PID:6092
- C:\Windows\System\OaZleEk.exe
  C:\Windows\System\OaZleEk.exe
  2⤵
  PID:6120
- C:\Windows\System\zBXaYKN.exe
  C:\Windows\System\zBXaYKN.exe
  2⤵
  PID:6140
- C:\Windows\System\jHZfKrP.exe
  C:\Windows\System\jHZfKrP.exe
  2⤵
  PID:4472
- C:\Windows\System\pfwyfaR.exe
  C:\Windows\System\pfwyfaR.exe
  2⤵
  PID:4576
- C:\Windows\System\rRSbRao.exe
  C:\Windows\System\rRSbRao.exe
  2⤵
  PID:4556
- C:\Windows\System\xQqnzpk.exe
  C:\Windows\System\xQqnzpk.exe
  2⤵
  PID:4708
- C:\Windows\System\ahNRLFk.exe
  C:\Windows\System\ahNRLFk.exe
  2⤵
  PID:4884
- C:\Windows\System\TTkywqC.exe
  C:\Windows\System\TTkywqC.exe
  2⤵
  PID:4900
- C:\Windows\System\ZJzMyGB.exe
  C:\Windows\System\ZJzMyGB.exe
  2⤵
  PID:3372
- C:\Windows\System\BHsXZxG.exe
  C:\Windows\System\BHsXZxG.exe
  2⤵
  PID:3416
- C:\Windows\System\ZzlyCjw.exe
  C:\Windows\System\ZzlyCjw.exe
  2⤵
  PID:3684
- C:\Windows\System\rlcpgTv.exe
  C:\Windows\System\rlcpgTv.exe
  2⤵
  PID:4200
- C:\Windows\System\NsIXuyd.exe
  C:\Windows\System\NsIXuyd.exe
  2⤵
  PID:3420
- C:\Windows\System\NJxtNTy.exe
  C:\Windows\System\NJxtNTy.exe
  2⤵
  PID:4456
- C:\Windows\System\ICCsOPW.exe
  C:\Windows\System\ICCsOPW.exe
  2⤵
  PID:2904
- C:\Windows\System\XeuXYzS.exe
  C:\Windows\System\XeuXYzS.exe
  2⤵
  PID:5144
- C:\Windows\System\OLOyKRB.exe
  C:\Windows\System\OLOyKRB.exe
  2⤵
  PID:5208
- C:\Windows\System\FfyVPZt.exe
  C:\Windows\System\FfyVPZt.exe
  2⤵
  PID:5252
- C:\Windows\System\zQzVQQp.exe
  C:\Windows\System\zQzVQQp.exe
  2⤵
  PID:5296
- C:\Windows\System\NeoNVpA.exe
  C:\Windows\System\NeoNVpA.exe
  2⤵
  PID:5332
- C:\Windows\System\qDGSLmd.exe
  C:\Windows\System\qDGSLmd.exe
  2⤵
  PID:5336
- C:\Windows\System\qKZmBIT.exe
  C:\Windows\System\qKZmBIT.exe
  2⤵
  PID:5352
- C:\Windows\System\AyzzCFu.exe
  C:\Windows\System\AyzzCFu.exe
  2⤵
  PID:5156
- C:\Windows\System\JsBWPqo.exe
  C:\Windows\System\JsBWPqo.exe
  2⤵
  PID:5456
- C:\Windows\System\IxuItEB.exe
  C:\Windows\System\IxuItEB.exe
  2⤵
  PID:2188
- C:\Windows\System\LTVwbXj.exe
  C:\Windows\System\LTVwbXj.exe
  2⤵
  PID:2792
- C:\Windows\System\KrJuoAM.exe
  C:\Windows\System\KrJuoAM.exe
  2⤵
  PID:5528
- C:\Windows\System\UscicUI.exe
  C:\Windows\System\UscicUI.exe
  2⤵
  PID:5512
- C:\Windows\System\dtbvUtV.exe
  C:\Windows\System\dtbvUtV.exe
  2⤵
  PID:5556
- C:\Windows\System\cPDXdaN.exe
  C:\Windows\System\cPDXdaN.exe
  2⤵
  PID:5612
- C:\Windows\System\nOdxivf.exe
  C:\Windows\System\nOdxivf.exe
  2⤵
  PID:2076
- C:\Windows\System\QTKetxr.exe
  C:\Windows\System\QTKetxr.exe
  2⤵
  PID:5656
- C:\Windows\System\uIRBYDU.exe
  C:\Windows\System\uIRBYDU.exe
  2⤵
  PID:5700
- C:\Windows\System\FSaVTaw.exe
  C:\Windows\System\FSaVTaw.exe
  2⤵
  PID:5724
- C:\Windows\System\OJIemYT.exe
  C:\Windows\System\OJIemYT.exe
  2⤵
  PID:5780
- C:\Windows\System\RvRjjLz.exe
  C:\Windows\System\RvRjjLz.exe
  2⤵
  PID:5808
- C:\Windows\System\aASPJtc.exe
  C:\Windows\System\aASPJtc.exe
  2⤵
  PID:5840
- C:\Windows\System\jAqfqmB.exe
  C:\Windows\System\jAqfqmB.exe
  2⤵
  PID:5864
- C:\Windows\System\lzkSaHH.exe
  C:\Windows\System\lzkSaHH.exe
  2⤵
  PID:5908
- C:\Windows\System\ydMZxBl.exe
  C:\Windows\System\ydMZxBl.exe
  2⤵
  PID:5948
- C:\Windows\System\svUbjzc.exe
  C:\Windows\System\svUbjzc.exe
  2⤵
  PID:5980
- C:\Windows\System\HnuSxhL.exe
  C:\Windows\System\HnuSxhL.exe
  2⤵
  PID:5964
- C:\Windows\System\JsAGRXL.exe
  C:\Windows\System\JsAGRXL.exe
  2⤵
  PID:6008
- C:\Windows\System\NYgLSTo.exe
  C:\Windows\System\NYgLSTo.exe
  2⤵
  PID:6040
- C:\Windows\System\KauTaAD.exe
  C:\Windows\System\KauTaAD.exe
  2⤵
  PID:2932
- C:\Windows\System\ZpGWmYJ.exe
  C:\Windows\System\ZpGWmYJ.exe
  2⤵
  PID:6112
- C:\Windows\System\cyxAfEj.exe
  C:\Windows\System\cyxAfEj.exe
  2⤵
  PID:4492
- C:\Windows\System\DGsLMhz.exe
  C:\Windows\System\DGsLMhz.exe
  2⤵
  PID:4792
- C:\Windows\System\NtsybOO.exe
  C:\Windows\System\NtsybOO.exe
  2⤵
  PID:4796
- C:\Windows\System\vfSStvr.exe
  C:\Windows\System\vfSStvr.exe
  2⤵
  PID:3476
- C:\Windows\System\kYyoZdD.exe
  C:\Windows\System\kYyoZdD.exe
  2⤵
  PID:4820
- C:\Windows\System\fIzpPIS.exe
  C:\Windows\System\fIzpPIS.exe
  2⤵
  PID:3704
- C:\Windows\System\anXwMLx.exe
  C:\Windows\System\anXwMLx.exe
  2⤵
  PID:2464
- C:\Windows\System\bprDvHR.exe
  C:\Windows\System\bprDvHR.exe
  2⤵
  PID:5132
- C:\Windows\System\WqwHIMT.exe
  C:\Windows\System\WqwHIMT.exe
  2⤵
  PID:5148
- C:\Windows\System\ayrIaJM.exe
  C:\Windows\System\ayrIaJM.exe
  2⤵
  PID:5204
- C:\Windows\System\fwyaeTd.exe
  C:\Windows\System\fwyaeTd.exe
  2⤵
  PID:5188
- C:\Windows\System\oEYXckr.exe
  C:\Windows\System\oEYXckr.exe
  2⤵
  PID:5276
- C:\Windows\System\sGfodjk.exe
  C:\Windows\System\sGfodjk.exe
  2⤵
  PID:5408
- C:\Windows\System\rjJRHrF.exe
  C:\Windows\System\rjJRHrF.exe
  2⤵
  PID:5440
- C:\Windows\System\QSGQOoG.exe
  C:\Windows\System\QSGQOoG.exe
  2⤵
  PID:5396
- C:\Windows\System\dPNgYeg.exe
  C:\Windows\System\dPNgYeg.exe
  2⤵
  PID:2796
- C:\Windows\System\UAhvsHb.exe
  C:\Windows\System\UAhvsHb.exe
  2⤵
  PID:5552
- C:\Windows\System\DWgltaq.exe
  C:\Windows\System\DWgltaq.exe
  2⤵
  PID:5576
- C:\Windows\System\KOTydnr.exe
  C:\Windows\System\KOTydnr.exe
  2⤵
  PID:5704
- C:\Windows\System\cFrkjGG.exe
  C:\Windows\System\cFrkjGG.exe
  2⤵
  PID:5636
- C:\Windows\System\QAakpIq.exe
  C:\Windows\System\QAakpIq.exe
  2⤵
  PID:5760
- C:\Windows\System\zupSqOL.exe
  C:\Windows\System\zupSqOL.exe
  2⤵
  PID:2672
- C:\Windows\System\ETDfkZK.exe
  C:\Windows\System\ETDfkZK.exe
  2⤵
  PID:5804
- C:\Windows\System\UXomJcQ.exe
  C:\Windows\System\UXomJcQ.exe
  2⤵
  PID:5844
- C:\Windows\System\iUXsXmE.exe
  C:\Windows\System\iUXsXmE.exe
  2⤵
  PID:5920
- C:\Windows\System\jeQyBXN.exe
  C:\Windows\System\jeQyBXN.exe
  2⤵
  PID:5960
- C:\Windows\System\HNRYEjy.exe
  C:\Windows\System\HNRYEjy.exe
  2⤵
  PID:6044
- C:\Windows\System\piXCWHI.exe
  C:\Windows\System\piXCWHI.exe
  2⤵
  PID:6080
- C:\Windows\System\QmJtnfI.exe
  C:\Windows\System\QmJtnfI.exe
  2⤵
  PID:6132
- C:\Windows\System\cNBiqsP.exe
  C:\Windows\System\cNBiqsP.exe
  2⤵
  PID:4840
- C:\Windows\System\dzjCpys.exe
  C:\Windows\System\dzjCpys.exe
  2⤵
  PID:4944
- C:\Windows\System\xiiRokk.exe
  C:\Windows\System\xiiRokk.exe
  2⤵
  PID:2184
- C:\Windows\System\qQUzRXt.exe
  C:\Windows\System\qQUzRXt.exe
  2⤵
  PID:4180
- C:\Windows\System\oQqLCFo.exe
  C:\Windows\System\oQqLCFo.exe
  2⤵
  PID:2348
- C:\Windows\System\mgWlduo.exe
  C:\Windows\System\mgWlduo.exe
  2⤵
  PID:1604
- C:\Windows\System\yCyFqza.exe
  C:\Windows\System\yCyFqza.exe
  2⤵
  PID:5288
- C:\Windows\System\yDiZhcT.exe
  C:\Windows\System\yDiZhcT.exe
  2⤵
  PID:5308
- C:\Windows\System\ejfdeaw.exe
  C:\Windows\System\ejfdeaw.exe
  2⤵
  PID:5416
- C:\Windows\System\TCYaKhi.exe
  C:\Windows\System\TCYaKhi.exe
  2⤵
  PID:5468
- C:\Windows\System\RNCTHWn.exe
  C:\Windows\System\RNCTHWn.exe
  2⤵
  PID:5572
- C:\Windows\System\MCASjCr.exe
  C:\Windows\System\MCASjCr.exe
  2⤵
  PID:2656
- C:\Windows\System\SuxTBIg.exe
  C:\Windows\System\SuxTBIg.exe
  2⤵
  PID:2976
- C:\Windows\System\genkRin.exe
  C:\Windows\System\genkRin.exe
  2⤵
  PID:2664
- C:\Windows\System\UONtvIu.exe
  C:\Windows\System\UONtvIu.exe
  2⤵
  PID:2684
- C:\Windows\System\TxZEDXJ.exe
  C:\Windows\System\TxZEDXJ.exe
  2⤵
  PID:5888
- C:\Windows\System\SeWSjsl.exe
  C:\Windows\System\SeWSjsl.exe
  2⤵
  PID:6136
- C:\Windows\System\tcaLzOJ.exe
  C:\Windows\System\tcaLzOJ.exe
  2⤵
  PID:6116
- C:\Windows\System\dKsXiHM.exe
  C:\Windows\System\dKsXiHM.exe
  2⤵
  PID:4712
- C:\Windows\System\ZlvCFFp.exe
  C:\Windows\System\ZlvCFFp.exe
  2⤵
  PID:3988
- C:\Windows\System\weUyTAk.exe
  C:\Windows\System\weUyTAk.exe
  2⤵
  PID:5124
- C:\Windows\System\IbSBStg.exe
  C:\Windows\System\IbSBStg.exe
  2⤵
  PID:5376
- C:\Windows\System\hGkjCqn.exe
  C:\Windows\System\hGkjCqn.exe
  2⤵
  PID:6156
- C:\Windows\System\qaaPoRN.exe
  C:\Windows\System\qaaPoRN.exe
  2⤵
  PID:6176
- C:\Windows\System\BArGUWT.exe
  C:\Windows\System\BArGUWT.exe
  2⤵
  PID:6196
- C:\Windows\System\QXVBKbe.exe
  C:\Windows\System\QXVBKbe.exe
  2⤵
  PID:6216
- C:\Windows\System\ctsNDIO.exe
  C:\Windows\System\ctsNDIO.exe
  2⤵
  PID:6236
- C:\Windows\System\YLwnXqv.exe
  C:\Windows\System\YLwnXqv.exe
  2⤵
  PID:6256
- C:\Windows\System\FIJFerD.exe
  C:\Windows\System\FIJFerD.exe
  2⤵
  PID:6276
- C:\Windows\System\vUIQCSg.exe
  C:\Windows\System\vUIQCSg.exe
  2⤵
  PID:6296
- C:\Windows\System\UcAfwKd.exe
  C:\Windows\System\UcAfwKd.exe
  2⤵
  PID:6312
- C:\Windows\System\VUHvcnP.exe
  C:\Windows\System\VUHvcnP.exe
  2⤵
  PID:6328
- C:\Windows\System\GBMcEBc.exe
  C:\Windows\System\GBMcEBc.exe
  2⤵
  PID:6356
- C:\Windows\System\ZCnRBEx.exe
  C:\Windows\System\ZCnRBEx.exe
  2⤵
  PID:6376
- C:\Windows\System\NUFjerP.exe
  C:\Windows\System\NUFjerP.exe
  2⤵
  PID:6396
- C:\Windows\System\UoTdJnv.exe
  C:\Windows\System\UoTdJnv.exe
  2⤵
  PID:6416
- C:\Windows\System\EhntYjp.exe
  C:\Windows\System\EhntYjp.exe
  2⤵
  PID:6436
- C:\Windows\System\bItwdje.exe
  C:\Windows\System\bItwdje.exe
  2⤵
  PID:6460
- C:\Windows\System\vRnlQNK.exe
  C:\Windows\System\vRnlQNK.exe
  2⤵
  PID:6480
- C:\Windows\System\eGatruX.exe
  C:\Windows\System\eGatruX.exe
  2⤵
  PID:6500
- C:\Windows\System\iEKQCsH.exe
  C:\Windows\System\iEKQCsH.exe
  2⤵
  PID:6520
- C:\Windows\System\XlVGVJr.exe
  C:\Windows\System\XlVGVJr.exe
  2⤵
  PID:6540
- C:\Windows\System\jSkPgZG.exe
  C:\Windows\System\jSkPgZG.exe
  2⤵
  PID:6560
- C:\Windows\System\yDgvuab.exe
  C:\Windows\System\yDgvuab.exe
  2⤵
  PID:6580
- C:\Windows\System\tIcmoge.exe
  C:\Windows\System\tIcmoge.exe
  2⤵
  PID:6600
- C:\Windows\System\uLyCqyy.exe
  C:\Windows\System\uLyCqyy.exe
  2⤵
  PID:6620
- C:\Windows\System\aNXlZrK.exe
  C:\Windows\System\aNXlZrK.exe
  2⤵
  PID:6640
- C:\Windows\System\mqLIWlu.exe
  C:\Windows\System\mqLIWlu.exe
  2⤵
  PID:6660
- C:\Windows\System\Fpppyle.exe
  C:\Windows\System\Fpppyle.exe
  2⤵
  PID:6680
- C:\Windows\System\UAbMGiY.exe
  C:\Windows\System\UAbMGiY.exe
  2⤵
  PID:6700
- C:\Windows\System\XuYmith.exe
  C:\Windows\System\XuYmith.exe
  2⤵
  PID:6720
- C:\Windows\System\oauXqym.exe
  C:\Windows\System\oauXqym.exe
  2⤵
  PID:6740
- C:\Windows\System\UTCzQof.exe
  C:\Windows\System\UTCzQof.exe
  2⤵
  PID:6760
- C:\Windows\System\hoQpSFk.exe
  C:\Windows\System\hoQpSFk.exe
  2⤵
  PID:6780
- C:\Windows\System\ahiLpTr.exe
  C:\Windows\System\ahiLpTr.exe
  2⤵
  PID:6800
- C:\Windows\System\bVyuTSf.exe
  C:\Windows\System\bVyuTSf.exe
  2⤵
  PID:6820
- C:\Windows\System\OCDPuZN.exe
  C:\Windows\System\OCDPuZN.exe
  2⤵
  PID:6840
- C:\Windows\System\yEpvbMZ.exe
  C:\Windows\System\yEpvbMZ.exe
  2⤵
  PID:6864
- C:\Windows\System\jrGmECX.exe
  C:\Windows\System\jrGmECX.exe
  2⤵
  PID:6884
- C:\Windows\System\UMFOpaD.exe
  C:\Windows\System\UMFOpaD.exe
  2⤵
  PID:6904
- C:\Windows\System\lhyKRNh.exe
  C:\Windows\System\lhyKRNh.exe
  2⤵
  PID:6924
- C:\Windows\System\GLrHIsu.exe
  C:\Windows\System\GLrHIsu.exe
  2⤵
  PID:6944
- C:\Windows\System\jhVdUbH.exe
  C:\Windows\System\jhVdUbH.exe
  2⤵
  PID:6960
- C:\Windows\System\xnCcAVF.exe
  C:\Windows\System\xnCcAVF.exe
  2⤵
  PID:6980
- C:\Windows\System\RiTkgrf.exe
  C:\Windows\System\RiTkgrf.exe
  2⤵
  PID:7000
- C:\Windows\System\rWZxoDk.exe
  C:\Windows\System\rWZxoDk.exe
  2⤵
  PID:7024
- C:\Windows\System\ixwEVsl.exe
  C:\Windows\System\ixwEVsl.exe
  2⤵
  PID:7044
- C:\Windows\System\PAjXSCq.exe
  C:\Windows\System\PAjXSCq.exe
  2⤵
  PID:7064
- C:\Windows\System\uFQPjRa.exe
  C:\Windows\System\uFQPjRa.exe
  2⤵
  PID:7084
- C:\Windows\System\havLLnl.exe
  C:\Windows\System\havLLnl.exe
  2⤵
  PID:7104
- C:\Windows\System\NYRYlhY.exe
  C:\Windows\System\NYRYlhY.exe
  2⤵
  PID:7124
- C:\Windows\System\rkDCyGl.exe
  C:\Windows\System\rkDCyGl.exe
  2⤵
  PID:7144
- C:\Windows\System\TxqbBhv.exe
  C:\Windows\System\TxqbBhv.exe
  2⤵
  PID:7164
- C:\Windows\System\ghqqcxo.exe
  C:\Windows\System\ghqqcxo.exe
  2⤵
  PID:5476
- C:\Windows\System\nBreDPm.exe
  C:\Windows\System\nBreDPm.exe
  2⤵
  PID:5652
- C:\Windows\System\ELDfSur.exe
  C:\Windows\System\ELDfSur.exe
  2⤵
  PID:5540
- C:\Windows\System\YLHQGLY.exe
  C:\Windows\System\YLHQGLY.exe
  2⤵
  PID:5560
- C:\Windows\System\rlxteyj.exe
  C:\Windows\System\rlxteyj.exe
  2⤵
  PID:1800
- C:\Windows\System\PVTdGmF.exe
  C:\Windows\System\PVTdGmF.exe
  2⤵
  PID:6064
- C:\Windows\System\puUVusC.exe
  C:\Windows\System\puUVusC.exe
  2⤵
  PID:5048
- C:\Windows\System\YgwMXMZ.exe
  C:\Windows\System\YgwMXMZ.exe
  2⤵
  PID:3512
- C:\Windows\System\EJYSjAZ.exe
  C:\Windows\System\EJYSjAZ.exe
  2⤵
  PID:5320
- C:\Windows\System\aatBILl.exe
  C:\Windows\System\aatBILl.exe
  2⤵
  PID:6152
- C:\Windows\System\aRIdWXe.exe
  C:\Windows\System\aRIdWXe.exe
  2⤵
  PID:6188
- C:\Windows\System\qptvcAN.exe
  C:\Windows\System\qptvcAN.exe
  2⤵
  PID:6252
- C:\Windows\System\anMjmyP.exe
  C:\Windows\System\anMjmyP.exe
  2⤵
  PID:6264
- C:\Windows\System\nJkCQYf.exe
  C:\Windows\System\nJkCQYf.exe
  2⤵
  PID:6288
- C:\Windows\System\nyrciID.exe
  C:\Windows\System\nyrciID.exe
  2⤵
  PID:6348
- C:\Windows\System\arxjnlx.exe
  C:\Windows\System\arxjnlx.exe
  2⤵
  PID:6368
- C:\Windows\System\zmvbmhp.exe
  C:\Windows\System\zmvbmhp.exe
  2⤵
  PID:6392
- C:\Windows\System\hXbtxmL.exe
  C:\Windows\System\hXbtxmL.exe
  2⤵
  PID:6444
- C:\Windows\System\LrAhVzZ.exe
  C:\Windows\System\LrAhVzZ.exe
  2⤵
  PID:6428
- C:\Windows\System\CWBdCFl.exe
  C:\Windows\System\CWBdCFl.exe
  2⤵
  PID:6496
- C:\Windows\System\lmgrTpM.exe
  C:\Windows\System\lmgrTpM.exe
  2⤵
  PID:6536
- C:\Windows\System\yNpIgRE.exe
  C:\Windows\System\yNpIgRE.exe
  2⤵
  PID:6548
- C:\Windows\System\bDEVvLU.exe
  C:\Windows\System\bDEVvLU.exe
  2⤵
  PID:6588
- C:\Windows\System\OmsMvWP.exe
  C:\Windows\System\OmsMvWP.exe
  2⤵
  PID:6612
- C:\Windows\System\JImMrpX.exe
  C:\Windows\System\JImMrpX.exe
  2⤵
  PID:6636
- C:\Windows\System\qPlTQde.exe
  C:\Windows\System\qPlTQde.exe
  2⤵
  PID:6696
- C:\Windows\System\PumRwie.exe
  C:\Windows\System\PumRwie.exe
  2⤵
  PID:6716
- C:\Windows\System\XUlPnFL.exe
  C:\Windows\System\XUlPnFL.exe
  2⤵
  PID:6732
- C:\Windows\System\Jxmdirc.exe
  C:\Windows\System\Jxmdirc.exe
  2⤵
  PID:6772
- C:\Windows\System\tjvxbkb.exe
  C:\Windows\System\tjvxbkb.exe
  2⤵
  PID:6812
- C:\Windows\System\xXBNcQE.exe
  C:\Windows\System\xXBNcQE.exe
  2⤵
  PID:6836
- C:\Windows\System\AYWBULs.exe
  C:\Windows\System\AYWBULs.exe
  2⤵
  PID:6876
- C:\Windows\System\aRakZnR.exe
  C:\Windows\System\aRakZnR.exe
  2⤵
  PID:6920
- C:\Windows\System\cdWZSNS.exe
  C:\Windows\System\cdWZSNS.exe
  2⤵
  PID:6968
- C:\Windows\System\FhJyOMC.exe
  C:\Windows\System\FhJyOMC.exe
  2⤵
  PID:7008
- C:\Windows\System\aFonFnI.exe
  C:\Windows\System\aFonFnI.exe
  2⤵
  PID:6992
- C:\Windows\System\SGWlwsW.exe
  C:\Windows\System\SGWlwsW.exe
  2⤵
  PID:7032
- C:\Windows\System\uFZcOgC.exe
  C:\Windows\System\uFZcOgC.exe
  2⤵
  PID:7076
- C:\Windows\System\NFInToH.exe
  C:\Windows\System\NFInToH.exe
  2⤵
  PID:7140
- C:\Windows\System\KEtADJV.exe
  C:\Windows\System\KEtADJV.exe
  2⤵
  PID:7152
- C:\Windows\System\ZGaLxtX.exe
  C:\Windows\System\ZGaLxtX.exe
  2⤵
  PID:2760
- C:\Windows\System\UrUlJaW.exe
  C:\Windows\System\UrUlJaW.exe
  2⤵
  PID:5076
- C:\Windows\System\PQwFyfV.exe
  C:\Windows\System\PQwFyfV.exe
  2⤵
  PID:5828
- C:\Windows\System\CgmRrKh.exe
  C:\Windows\System\CgmRrKh.exe
  2⤵
  PID:5940
- C:\Windows\System\JCzGJaQ.exe
  C:\Windows\System\JCzGJaQ.exe
  2⤵
  PID:2140
- C:\Windows\System\XXQlKZO.exe
  C:\Windows\System\XXQlKZO.exe
  2⤵
  PID:4244
- C:\Windows\System\vFcTFyP.exe
  C:\Windows\System\vFcTFyP.exe
  2⤵
  PID:6184
- C:\Windows\System\QzNTwjB.exe
  C:\Windows\System\QzNTwjB.exe
  2⤵
  PID:6248
- C:\Windows\System\iJznpGk.exe
  C:\Windows\System\iJznpGk.exe
  2⤵
  PID:6292
- C:\Windows\System\FfVJRrV.exe
  C:\Windows\System\FfVJRrV.exe
  2⤵
  PID:6372
- C:\Windows\System\HlYKUtN.exe
  C:\Windows\System\HlYKUtN.exe
  2⤵
  PID:6408
- C:\Windows\System\UKDDdcy.exe
  C:\Windows\System\UKDDdcy.exe
  2⤵
  PID:6528
- C:\Windows\System\AJJrmUB.exe
  C:\Windows\System\AJJrmUB.exe
  2⤵
  PID:6532
- C:\Windows\System\anNQocG.exe
  C:\Windows\System\anNQocG.exe
  2⤵
  PID:2452
- C:\Windows\System\sQzcUZm.exe
  C:\Windows\System\sQzcUZm.exe
  2⤵
  PID:6592
- C:\Windows\System\uFVIJul.exe
  C:\Windows\System\uFVIJul.exe
  2⤵
  PID:6632
- C:\Windows\System\TAuzCpF.exe
  C:\Windows\System\TAuzCpF.exe
  2⤵
  PID:6776
- C:\Windows\System\FRytQsY.exe
  C:\Windows\System\FRytQsY.exe
  2⤵
  PID:6808
- C:\Windows\System\NxOmgBK.exe
  C:\Windows\System\NxOmgBK.exe
  2⤵
  PID:6816
- C:\Windows\System\yRtnIeN.exe
  C:\Windows\System\yRtnIeN.exe
  2⤵
  PID:6912
- C:\Windows\System\NlZrWjY.exe
  C:\Windows\System\NlZrWjY.exe
  2⤵
  PID:7056
- C:\Windows\System\WCSszpC.exe
  C:\Windows\System\WCSszpC.exe
  2⤵
  PID:6936
- C:\Windows\System\hdvmXsc.exe
  C:\Windows\System\hdvmXsc.exe
  2⤵
  PID:6988
- C:\Windows\System\LlafdkJ.exe
  C:\Windows\System\LlafdkJ.exe
  2⤵
  PID:7080
- C:\Windows\System\IgyaTfS.exe
  C:\Windows\System\IgyaTfS.exe
  2⤵
  PID:5744
- C:\Windows\System\hSpMYrL.exe
  C:\Windows\System\hSpMYrL.exe
  2⤵
  PID:7136
- C:\Windows\System\viKrDxd.exe
  C:\Windows\System\viKrDxd.exe
  2⤵
  PID:5736
- C:\Windows\System\cIrGDfQ.exe
  C:\Windows\System\cIrGDfQ.exe
  2⤵
  PID:5312
- C:\Windows\System\iZIJFau.exe
  C:\Windows\System\iZIJFau.exe
  2⤵
  PID:6148
- C:\Windows\System\EKIuBhZ.exe
  C:\Windows\System\EKIuBhZ.exe
  2⤵
  PID:6320
- C:\Windows\System\RbJWoBZ.exe
  C:\Windows\System\RbJWoBZ.exe
  2⤵
  PID:6324
- C:\Windows\System\FICTYmo.exe
  C:\Windows\System\FICTYmo.exe
  2⤵
  PID:6340
- C:\Windows\System\wmAGefe.exe
  C:\Windows\System\wmAGefe.exe
  2⤵
  PID:6596
- C:\Windows\System\zjECgWd.exe
  C:\Windows\System\zjECgWd.exe
  2⤵
  PID:6576
- C:\Windows\System\zrjetEy.exe
  C:\Windows\System\zrjetEy.exe
  2⤵
  PID:6668
- C:\Windows\System\pXdbtZv.exe
  C:\Windows\System\pXdbtZv.exe
  2⤵
  PID:2928
- C:\Windows\System\LpfXLTw.exe
  C:\Windows\System\LpfXLTw.exe
  2⤵
  PID:6736
- C:\Windows\System\ivzFlLH.exe
  C:\Windows\System\ivzFlLH.exe
  2⤵
  PID:7100
- C:\Windows\System\uunaPwq.exe
  C:\Windows\System\uunaPwq.exe
  2⤵
  PID:3772
- C:\Windows\System\SOcNcqO.exe
  C:\Windows\System\SOcNcqO.exe
  2⤵
  PID:7156
- C:\Windows\System\kYoVvBl.exe
  C:\Windows\System\kYoVvBl.exe
  2⤵
  PID:7036
- C:\Windows\System\NTKDYjF.exe
  C:\Windows\System\NTKDYjF.exe
  2⤵
  PID:3540
- C:\Windows\System\VppOBQK.exe
  C:\Windows\System\VppOBQK.exe
  2⤵
  PID:6508
- C:\Windows\System\oDLWicA.exe
  C:\Windows\System\oDLWicA.exe
  2⤵
  PID:6208
- C:\Windows\System\fllJVCS.exe
  C:\Windows\System\fllJVCS.exe
  2⤵
  PID:6224
- C:\Windows\System\awFxGsL.exe
  C:\Windows\System\awFxGsL.exe
  2⤵
  PID:6572
- C:\Windows\System\HlXWphO.exe
  C:\Windows\System\HlXWphO.exe
  2⤵
  PID:2952
- C:\Windows\System\nVsxkWw.exe
  C:\Windows\System\nVsxkWw.exe
  2⤵
  PID:7180
- C:\Windows\System\UCUnhoO.exe
  C:\Windows\System\UCUnhoO.exe
  2⤵
  PID:7200
- C:\Windows\System\ZnKBgip.exe
  C:\Windows\System\ZnKBgip.exe
  2⤵
  PID:7216
- C:\Windows\System\CqSXVnD.exe
  C:\Windows\System\CqSXVnD.exe
  2⤵
  PID:7240
- C:\Windows\System\oOdRWQH.exe
  C:\Windows\System\oOdRWQH.exe
  2⤵
  PID:7264
- C:\Windows\System\SeMYnKB.exe
  C:\Windows\System\SeMYnKB.exe
  2⤵
  PID:7284
- C:\Windows\System\hQCBysL.exe
  C:\Windows\System\hQCBysL.exe
  2⤵
  PID:7300
- C:\Windows\System\XPimEnJ.exe
  C:\Windows\System\XPimEnJ.exe
  2⤵
  PID:7324
- C:\Windows\System\mSmxzVL.exe
  C:\Windows\System\mSmxzVL.exe
  2⤵
  PID:7344
- C:\Windows\System\KpiiJbs.exe
  C:\Windows\System\KpiiJbs.exe
  2⤵
  PID:7364
- C:\Windows\System\YUQmepN.exe
  C:\Windows\System\YUQmepN.exe
  2⤵
  PID:7384
- C:\Windows\System\IYGOQkP.exe
  C:\Windows\System\IYGOQkP.exe
  2⤵
  PID:7404
- C:\Windows\System\hVqxOYb.exe
  C:\Windows\System\hVqxOYb.exe
  2⤵
  PID:7424
- C:\Windows\System\gePmAZZ.exe
  C:\Windows\System\gePmAZZ.exe
  2⤵
  PID:7444
- C:\Windows\System\MQpLHZH.exe
  C:\Windows\System\MQpLHZH.exe
  2⤵
  PID:7464
- C:\Windows\System\ufhWHwK.exe
  C:\Windows\System\ufhWHwK.exe
  2⤵
  PID:7484
- C:\Windows\System\MYqZaJD.exe
  C:\Windows\System\MYqZaJD.exe
  2⤵
  PID:7504
- C:\Windows\System\wePDMRy.exe
  C:\Windows\System\wePDMRy.exe
  2⤵
  PID:7524
- C:\Windows\System\whxfODl.exe
  C:\Windows\System\whxfODl.exe
  2⤵
  PID:7544
- C:\Windows\System\aoXRfXy.exe
  C:\Windows\System\aoXRfXy.exe
  2⤵
  PID:7564
- C:\Windows\System\mHBLiaf.exe
  C:\Windows\System\mHBLiaf.exe
  2⤵
  PID:7584
- C:\Windows\System\sayyJJm.exe
  C:\Windows\System\sayyJJm.exe
  2⤵
  PID:7600
- C:\Windows\System\ZBIMMJk.exe
  C:\Windows\System\ZBIMMJk.exe
  2⤵
  PID:7620
- C:\Windows\System\pdptKep.exe
  C:\Windows\System\pdptKep.exe
  2⤵
  PID:7648
- C:\Windows\System\aZcBzAz.exe
  C:\Windows\System\aZcBzAz.exe
  2⤵
  PID:7668
- C:\Windows\System\oETzjYk.exe
  C:\Windows\System\oETzjYk.exe
  2⤵
  PID:7688
- C:\Windows\System\DVFabcx.exe
  C:\Windows\System\DVFabcx.exe
  2⤵
  PID:7708
- C:\Windows\System\FjUXlDt.exe
  C:\Windows\System\FjUXlDt.exe
  2⤵
  PID:7728
- C:\Windows\System\pXbnBkT.exe
  C:\Windows\System\pXbnBkT.exe
  2⤵
  PID:7748
- C:\Windows\System\xJldJTq.exe
  C:\Windows\System\xJldJTq.exe
  2⤵
  PID:7768
- C:\Windows\System\LkADtmZ.exe
  C:\Windows\System\LkADtmZ.exe
  2⤵
  PID:7788
- C:\Windows\System\EkeXsVn.exe
  C:\Windows\System\EkeXsVn.exe
  2⤵
  PID:7804
- C:\Windows\System\mEErbrt.exe
  C:\Windows\System\mEErbrt.exe
  2⤵
  PID:7824
- C:\Windows\System\YRJSwIG.exe
  C:\Windows\System\YRJSwIG.exe
  2⤵
  PID:7848
- C:\Windows\System\ZeZkQqu.exe
  C:\Windows\System\ZeZkQqu.exe
  2⤵
  PID:7868
- C:\Windows\System\xMKrXeR.exe
  C:\Windows\System\xMKrXeR.exe
  2⤵
  PID:7888
- C:\Windows\System\ntBcscg.exe
  C:\Windows\System\ntBcscg.exe
  2⤵
  PID:7908
- C:\Windows\System\fhbdCBr.exe
  C:\Windows\System\fhbdCBr.exe
  2⤵
  PID:7928
- C:\Windows\System\QqKXmSl.exe
  C:\Windows\System\QqKXmSl.exe
  2⤵
  PID:7948
- C:\Windows\System\etVzjoD.exe
  C:\Windows\System\etVzjoD.exe
  2⤵
  PID:7968
- C:\Windows\System\PxCqPeB.exe
  C:\Windows\System\PxCqPeB.exe
  2⤵
  PID:7984
- C:\Windows\System\xhlCBdV.exe
  C:\Windows\System\xhlCBdV.exe
  2⤵
  PID:8008
- C:\Windows\System\LMgfuev.exe
  C:\Windows\System\LMgfuev.exe
  2⤵
  PID:8028
- C:\Windows\System\yCGopSh.exe
  C:\Windows\System\yCGopSh.exe
  2⤵
  PID:8048
- C:\Windows\System\JfrPwlm.exe
  C:\Windows\System\JfrPwlm.exe
  2⤵
  PID:8064
- C:\Windows\System\gWkztFw.exe
  C:\Windows\System\gWkztFw.exe
  2⤵
  PID:8088
- C:\Windows\System\uPAPLBu.exe
  C:\Windows\System\uPAPLBu.exe
  2⤵
  PID:8112
- C:\Windows\System\DCsICwL.exe
  C:\Windows\System\DCsICwL.exe
  2⤵
  PID:8128
- C:\Windows\System\CttxIXR.exe
  C:\Windows\System\CttxIXR.exe
  2⤵
  PID:8148
- C:\Windows\System\FOryJkv.exe
  C:\Windows\System\FOryJkv.exe
  2⤵
  PID:8172
- C:\Windows\System\YZrEWZL.exe
  C:\Windows\System\YZrEWZL.exe
  2⤵
  PID:6956
- C:\Windows\System\ohaWhQc.exe
  C:\Windows\System\ohaWhQc.exe
  2⤵
  PID:6172
- C:\Windows\System\KoPTZny.exe
  C:\Windows\System\KoPTZny.exe
  2⤵
  PID:6796
- C:\Windows\System\HzCmqKk.exe
  C:\Windows\System\HzCmqKk.exe
  2⤵
  PID:7160
- C:\Windows\System\vxAvKDV.exe
  C:\Windows\System\vxAvKDV.exe
  2⤵
  PID:7120
- C:\Windows\System\XNdUFJS.exe
  C:\Windows\System\XNdUFJS.exe
  2⤵
  PID:6344
- C:\Windows\System\xzfXaTK.exe
  C:\Windows\System\xzfXaTK.exe
  2⤵
  PID:2912
- C:\Windows\System\KxYvLKF.exe
  C:\Windows\System\KxYvLKF.exe
  2⤵
  PID:6424
- C:\Windows\System\EDeHlbT.exe
  C:\Windows\System\EDeHlbT.exe
  2⤵
  PID:7176
- C:\Windows\System\LQfNXrh.exe
  C:\Windows\System\LQfNXrh.exe
  2⤵
  PID:7212
- C:\Windows\System\wzQfuFv.exe
  C:\Windows\System\wzQfuFv.exe
  2⤵
  PID:7252
- C:\Windows\System\MVrYdvy.exe
  C:\Windows\System\MVrYdvy.exe
  2⤵
  PID:7320
- C:\Windows\System\EePmVIj.exe
  C:\Windows\System\EePmVIj.exe
  2⤵
  PID:7352
- C:\Windows\System\Efmfzwj.exe
  C:\Windows\System\Efmfzwj.exe
  2⤵
  PID:7392
- C:\Windows\System\WpGxPdc.exe
  C:\Windows\System\WpGxPdc.exe
  2⤵
  PID:7376
- C:\Windows\System\oCRKPkB.exe
  C:\Windows\System\oCRKPkB.exe
  2⤵
  PID:7416
- C:\Windows\System\dhPFhWS.exe
  C:\Windows\System\dhPFhWS.exe
  2⤵
  PID:7452
- C:\Windows\System\hXCfjkH.exe
  C:\Windows\System\hXCfjkH.exe
  2⤵
  PID:7512
- C:\Windows\System\aacjERK.exe
  C:\Windows\System\aacjERK.exe
  2⤵
  PID:7532
- C:\Windows\System\mpCJHYB.exe
  C:\Windows\System\mpCJHYB.exe
  2⤵
  PID:7572
- C:\Windows\System\WIbMAep.exe
  C:\Windows\System\WIbMAep.exe
  2⤵
  PID:7576
- C:\Windows\System\unKDkbH.exe
  C:\Windows\System\unKDkbH.exe
  2⤵
  PID:7632
- C:\Windows\System\YtiGgyI.exe
  C:\Windows\System\YtiGgyI.exe
  2⤵
  PID:7680
- C:\Windows\System\IQwsVMr.exe
  C:\Windows\System\IQwsVMr.exe
  2⤵
  PID:7716
- C:\Windows\System\rtXoocy.exe
  C:\Windows\System\rtXoocy.exe
  2⤵
  PID:7756
- C:\Windows\System\PoQFbkH.exe
  C:\Windows\System\PoQFbkH.exe
  2⤵
  PID:2728
- C:\Windows\System\ZoCyKyD.exe
  C:\Windows\System\ZoCyKyD.exe
  2⤵
  PID:7796
- C:\Windows\System\zsxhxuq.exe
  C:\Windows\System\zsxhxuq.exe
  2⤵
  PID:7832
- C:\Windows\System\XyYSLsk.exe
  C:\Windows\System\XyYSLsk.exe
  2⤵
  PID:7816
- C:\Windows\System\sQQSPVd.exe
  C:\Windows\System\sQQSPVd.exe
  2⤵
  PID:7856
- C:\Windows\System\omPsWwg.exe
  C:\Windows\System\omPsWwg.exe
  2⤵
  PID:7924
- C:\Windows\System\QFLLfBR.exe
  C:\Windows\System\QFLLfBR.exe
  2⤵
  PID:7956
- C:\Windows\System\JXeCRbb.exe
  C:\Windows\System\JXeCRbb.exe
  2⤵
  PID:7940
- C:\Windows\System\cRCICvR.exe
  C:\Windows\System\cRCICvR.exe
  2⤵
  PID:7980
- C:\Windows\System\Mmvmgvu.exe
  C:\Windows\System\Mmvmgvu.exe
  2⤵
  PID:8016
- C:\Windows\System\ynBvvpE.exe
  C:\Windows\System\ynBvvpE.exe
  2⤵
  PID:8072
- C:\Windows\System\AyXvpuk.exe
  C:\Windows\System\AyXvpuk.exe
  2⤵
  PID:8060
- C:\Windows\System\ozgbbUv.exe
  C:\Windows\System\ozgbbUv.exe
  2⤵
  PID:8108
- C:\Windows\System\rsoZFkk.exe
  C:\Windows\System\rsoZFkk.exe
  2⤵
  PID:8168
- C:\Windows\System\DvyHhXQ.exe
  C:\Windows\System\DvyHhXQ.exe
  2⤵
  PID:6952
- C:\Windows\System\ktdeznw.exe
  C:\Windows\System\ktdeznw.exe
  2⤵
  PID:7052
- C:\Windows\System\bnEPDID.exe
  C:\Windows\System\bnEPDID.exe
  2⤵
  PID:7132
- C:\Windows\System\YnhcRll.exe
  C:\Windows\System\YnhcRll.exe
  2⤵
  PID:2808
- C:\Windows\System\LClappG.exe
  C:\Windows\System\LClappG.exe
  2⤵
  PID:1648
- C:\Windows\System\ZEBCNBu.exe
  C:\Windows\System\ZEBCNBu.exe
  2⤵
  PID:6268
- C:\Windows\System\avPvUam.exe
  C:\Windows\System\avPvUam.exe
  2⤵
  PID:7208
- C:\Windows\System\ZZIfiMZ.exe
  C:\Windows\System\ZZIfiMZ.exe
  2⤵
  PID:7248
- C:\Windows\System\DFXBVcc.exe
  C:\Windows\System\DFXBVcc.exe
  2⤵
  PID:2340
- C:\Windows\System\UgcxOUO.exe
  C:\Windows\System\UgcxOUO.exe
  2⤵
  PID:7272
- C:\Windows\System\unSGley.exe
  C:\Windows\System\unSGley.exe
  2⤵
  PID:7336
- C:\Windows\System\KvzMorh.exe
  C:\Windows\System\KvzMorh.exe
  2⤵
  PID:7440
- C:\Windows\System\uiuhtfP.exe
  C:\Windows\System\uiuhtfP.exe
  2⤵
  PID:2752
- C:\Windows\System\UOQjYwp.exe
  C:\Windows\System\UOQjYwp.exe
  2⤵
  PID:7472
- C:\Windows\System\jkHEbZb.exe
  C:\Windows\System\jkHEbZb.exe
  2⤵
  PID:7496
- C:\Windows\System\azPPSvQ.exe
  C:\Windows\System\azPPSvQ.exe
  2⤵
  PID:7608
- C:\Windows\System\wRijKph.exe
  C:\Windows\System\wRijKph.exe
  2⤵
  PID:7616
- C:\Windows\System\kQDRfNN.exe
  C:\Windows\System\kQDRfNN.exe
  2⤵
  PID:3020
- C:\Windows\System\YyOYNLJ.exe
  C:\Windows\System\YyOYNLJ.exe
  2⤵
  PID:2676
- C:\Windows\System\kmUtYzo.exe
  C:\Windows\System\kmUtYzo.exe
  2⤵
  PID:1860
- C:\Windows\System\LkIXIvp.exe
  C:\Windows\System\LkIXIvp.exe
  2⤵
  PID:7800
- C:\Windows\System\eLqkNGY.exe
  C:\Windows\System\eLqkNGY.exe
  2⤵
  PID:3056
- C:\Windows\System\iVPlgHv.exe
  C:\Windows\System\iVPlgHv.exe
  2⤵
  PID:7476
- C:\Windows\System\OXBKVIV.exe
  C:\Windows\System\OXBKVIV.exe
  2⤵
  PID:7936
- C:\Windows\System\gFQKLhR.exe
  C:\Windows\System\gFQKLhR.exe
  2⤵
  PID:2700
- C:\Windows\System\MACZxig.exe
  C:\Windows\System\MACZxig.exe
  2⤵
  PID:8096
- C:\Windows\System\kNFXrvJ.exe
  C:\Windows\System\kNFXrvJ.exe
  2⤵
  PID:8188
- C:\Windows\System\YEgQZaV.exe
  C:\Windows\System\YEgQZaV.exe
  2⤵
  PID:8184
- C:\Windows\System\EyGinJu.exe
  C:\Windows\System\EyGinJu.exe
  2⤵
  PID:6880
- C:\Windows\System\VxhCPcK.exe
  C:\Windows\System\VxhCPcK.exe
  2⤵
  PID:6024
- C:\Windows\System\dHmyZbK.exe
  C:\Windows\System\dHmyZbK.exe
  2⤵
  PID:7232
- C:\Windows\System\sdfOSyJ.exe
  C:\Windows\System\sdfOSyJ.exe
  2⤵
  PID:1716
- C:\Windows\System\ehiiawO.exe
  C:\Windows\System\ehiiawO.exe
  2⤵
  PID:7236
- C:\Windows\System\bZehUOf.exe
  C:\Windows\System\bZehUOf.exe
  2⤵
  PID:1956
- C:\Windows\System\woiOyGT.exe
  C:\Windows\System\woiOyGT.exe
  2⤵
  PID:8104
- C:\Windows\System\FuLPRHb.exe
  C:\Windows\System\FuLPRHb.exe
  2⤵
  PID:1488
- C:\Windows\System\dfhqSbd.exe
  C:\Windows\System\dfhqSbd.exe
  2⤵
  PID:2996
- C:\Windows\System\zgDLzug.exe
  C:\Windows\System\zgDLzug.exe
  2⤵
  PID:7500
- C:\Windows\System\iHLlsYq.exe
  C:\Windows\System\iHLlsYq.exe
  2⤵
  PID:2868
- C:\Windows\System\qrYXQDP.exe
  C:\Windows\System\qrYXQDP.exe
  2⤵
  PID:2988
- C:\Windows\System\ZucNcIJ.exe
  C:\Windows\System\ZucNcIJ.exe
  2⤵
  PID:7736
- C:\Windows\System\UTFwgxy.exe
  C:\Windows\System\UTFwgxy.exe
  2⤵
  PID:7884
- C:\Windows\System\jlrtsEK.exe
  C:\Windows\System\jlrtsEK.exe
  2⤵
  PID:7784
- C:\Windows\System\KumKibv.exe
  C:\Windows\System\KumKibv.exe
  2⤵
  PID:7904
- C:\Windows\System\ypBQkqz.exe
  C:\Windows\System\ypBQkqz.exe
  2⤵
  PID:1664
- C:\Windows\System\MLXExMS.exe
  C:\Windows\System\MLXExMS.exe
  2⤵
  PID:8004
- C:\Windows\System\eWggkBB.exe
  C:\Windows\System\eWggkBB.exe
  2⤵
  PID:8164
- C:\Windows\System\RJceOPM.exe
  C:\Windows\System\RJceOPM.exe
  2⤵
  PID:2812
- C:\Windows\System\smRGprX.exe
  C:\Windows\System\smRGprX.exe
  2⤵
  PID:6648
- C:\Windows\System\WvHRLWe.exe
  C:\Windows\System\WvHRLWe.exe
  2⤵
  PID:1784
- C:\Windows\System\qVzZfGS.exe
  C:\Windows\System\qVzZfGS.exe
  2⤵
  PID:1196
- C:\Windows\System\LaVUOpT.exe
  C:\Windows\System\LaVUOpT.exe
  2⤵
  PID:2856
- C:\Windows\System\sTMKgtW.exe
  C:\Windows\System\sTMKgtW.exe
  2⤵
  PID:2852
- C:\Windows\System\LMlufES.exe
  C:\Windows\System\LMlufES.exe
  2⤵
  PID:8036
- C:\Windows\System\YZRymDx.exe
  C:\Windows\System\YZRymDx.exe
  2⤵
  PID:2412
- C:\Windows\System\dQqikSP.exe
  C:\Windows\System\dQqikSP.exe
  2⤵
  PID:1992
- C:\Windows\System\mYWrFoG.exe
  C:\Windows\System\mYWrFoG.exe
  2⤵
  PID:7720
- C:\Windows\System\hPEIdSf.exe
  C:\Windows\System\hPEIdSf.exe
  2⤵
  PID:8204
- C:\Windows\System\HoeFzGr.exe
  C:\Windows\System\HoeFzGr.exe
  2⤵
  PID:8220
- C:\Windows\System\zvHQmFO.exe
  C:\Windows\System\zvHQmFO.exe
  2⤵
  PID:8236
- C:\Windows\System\EBCjeTA.exe
  C:\Windows\System\EBCjeTA.exe
  2⤵
  PID:8256
- C:\Windows\System\BqNiBow.exe
  C:\Windows\System\BqNiBow.exe
  2⤵
  PID:8272
- C:\Windows\System\dYnRAmR.exe
  C:\Windows\System\dYnRAmR.exe
  2⤵
  PID:8288
- C:\Windows\System\gstofXU.exe
  C:\Windows\System\gstofXU.exe
  2⤵
  PID:8304
- C:\Windows\System\EFHLuAR.exe
  C:\Windows\System\EFHLuAR.exe
  2⤵
  PID:8320
- C:\Windows\System\NhGXJmF.exe
  C:\Windows\System\NhGXJmF.exe
  2⤵
  PID:8336
- C:\Windows\System\gTFSXlF.exe
  C:\Windows\System\gTFSXlF.exe
  2⤵
  PID:8352
- C:\Windows\System\cGGJUjf.exe
  C:\Windows\System\cGGJUjf.exe
  2⤵
  PID:8368
- C:\Windows\System\jYFRYfA.exe
  C:\Windows\System\jYFRYfA.exe
  2⤵
  PID:8384
- C:\Windows\System\xLlxBBT.exe
  C:\Windows\System\xLlxBBT.exe
  2⤵
  PID:8400
- C:\Windows\System\RBYrvJJ.exe
  C:\Windows\System\RBYrvJJ.exe
  2⤵
  PID:8416
- C:\Windows\System\grsqHIb.exe
  C:\Windows\System\grsqHIb.exe
  2⤵
  PID:8432
- C:\Windows\System\LZfcOpC.exe
  C:\Windows\System\LZfcOpC.exe
  2⤵
  PID:8448
- C:\Windows\System\jzsdmpd.exe
  C:\Windows\System\jzsdmpd.exe
  2⤵
  PID:8464
- C:\Windows\System\KnXLkCy.exe
  C:\Windows\System\KnXLkCy.exe
  2⤵
  PID:8480
- C:\Windows\System\jBMZEzx.exe
  C:\Windows\System\jBMZEzx.exe
  2⤵
  PID:8496
- C:\Windows\System\YQNvQIP.exe
  C:\Windows\System\YQNvQIP.exe
  2⤵
  PID:8512
- C:\Windows\System\mlmLFTd.exe
  C:\Windows\System\mlmLFTd.exe
  2⤵
  PID:8532
- C:\Windows\System\zbHRXPA.exe
  C:\Windows\System\zbHRXPA.exe
  2⤵
  PID:8548
- C:\Windows\System\xhclDrp.exe
  C:\Windows\System\xhclDrp.exe
  2⤵
  PID:8564
- C:\Windows\System\cxijoGZ.exe
  C:\Windows\System\cxijoGZ.exe
  2⤵
  PID:8580
- C:\Windows\System\BQTpxGq.exe
  C:\Windows\System\BQTpxGq.exe
  2⤵
  PID:8620
- C:\Windows\System\bULlqwn.exe
  C:\Windows\System\bULlqwn.exe
  2⤵
  PID:8636
- C:\Windows\System\RHxvkrm.exe
  C:\Windows\System\RHxvkrm.exe
  2⤵
  PID:8728
- C:\Windows\System\srZqjog.exe
  C:\Windows\System\srZqjog.exe
  2⤵
  PID:8744
- C:\Windows\System\HCSCXdm.exe
  C:\Windows\System\HCSCXdm.exe
  2⤵
  PID:8760
- C:\Windows\System\nXYnxcr.exe
  C:\Windows\System\nXYnxcr.exe
  2⤵
  PID:8776
- C:\Windows\System\TWJozDU.exe
  C:\Windows\System\TWJozDU.exe
  2⤵
  PID:8912
- C:\Windows\System\hfoyNYb.exe
  C:\Windows\System\hfoyNYb.exe
  2⤵
  PID:8928
- C:\Windows\System\XhGwyfU.exe
  C:\Windows\System\XhGwyfU.exe
  2⤵
  PID:8944
- C:\Windows\System\YuOvKyJ.exe
  C:\Windows\System\YuOvKyJ.exe
  2⤵
  PID:8960
- C:\Windows\System\sXYAFfp.exe
  C:\Windows\System\sXYAFfp.exe
  2⤵
  PID:8992
- C:\Windows\System\YjLRxPI.exe
  C:\Windows\System\YjLRxPI.exe
  2⤵
  PID:9008
- C:\Windows\System\dZIJHHF.exe
  C:\Windows\System\dZIJHHF.exe
  2⤵
  PID:9024
- C:\Windows\System\hYGMmOL.exe
  C:\Windows\System\hYGMmOL.exe
  2⤵
  PID:9040
- C:\Windows\System\bPQPIxq.exe
  C:\Windows\System\bPQPIxq.exe
  2⤵
  PID:9056
- C:\Windows\System\MNWMxfn.exe
  C:\Windows\System\MNWMxfn.exe
  2⤵
  PID:9072
- C:\Windows\System\OYnaVwe.exe
  C:\Windows\System\OYnaVwe.exe
  2⤵
  PID:9088
- C:\Windows\System\VRdCfss.exe
  C:\Windows\System\VRdCfss.exe
  2⤵
  PID:9104
- C:\Windows\System\cNOYMOg.exe
  C:\Windows\System\cNOYMOg.exe
  2⤵
  PID:9124
- C:\Windows\System\SlQmyaL.exe
  C:\Windows\System\SlQmyaL.exe
  2⤵
  PID:9148
- C:\Windows\System\QxzwgRV.exe
  C:\Windows\System\QxzwgRV.exe
  2⤵
  PID:9168
- C:\Windows\System\XTKHdhV.exe
  C:\Windows\System\XTKHdhV.exe
  2⤵
  PID:9192
- C:\Windows\System\lhiSuZA.exe
  C:\Windows\System\lhiSuZA.exe
  2⤵
  PID:9208
- C:\Windows\System\kZWYBmO.exe
  C:\Windows\System\kZWYBmO.exe
  2⤵
  PID:7676
- C:\Windows\System\CfnskHE.exe
  C:\Windows\System\CfnskHE.exe
  2⤵
  PID:8244
- C:\Windows\System\BgEdpPL.exe
  C:\Windows\System\BgEdpPL.exe
  2⤵
  PID:8316
- C:\Windows\System\MRONTdk.exe
  C:\Windows\System\MRONTdk.exe
  2⤵
  PID:8080
- C:\Windows\System\aGRyWes.exe
  C:\Windows\System\aGRyWes.exe
  2⤵
  PID:1548
- C:\Windows\System\latgvQF.exe
  C:\Windows\System\latgvQF.exe
  2⤵
  PID:8380
- C:\Windows\System\xPFFjXw.exe
  C:\Windows\System\xPFFjXw.exe
  2⤵
  PID:7296
- C:\Windows\System\WrhMauH.exe
  C:\Windows\System\WrhMauH.exe
  2⤵
  PID:7596
- C:\Windows\System\ZrUtkmL.exe
  C:\Windows\System\ZrUtkmL.exe
  2⤵
  PID:8412
- C:\Windows\System\hWzgEHw.exe
  C:\Windows\System\hWzgEHw.exe
  2⤵
  PID:1536
- C:\Windows\System\cDOQVUv.exe
  C:\Windows\System\cDOQVUv.exe
  2⤵
  PID:1960
- C:\Windows\System\qrDeSlY.exe
  C:\Windows\System\qrDeSlY.exe
  2⤵
  PID:8444
- C:\Windows\System\imPGVQw.exe
  C:\Windows\System\imPGVQw.exe
  2⤵
  PID:7580
- C:\Windows\System\ioJRqRA.exe
  C:\Windows\System\ioJRqRA.exe
  2⤵
  PID:2800
- C:\Windows\System\iANulnd.exe
  C:\Windows\System\iANulnd.exe
  2⤵
  PID:8228
- C:\Windows\System\hkotLvx.exe
  C:\Windows\System\hkotLvx.exe
  2⤵
  PID:8296
- C:\Windows\System\mKzMPTS.exe
  C:\Windows\System\mKzMPTS.exe
  2⤵
  PID:8360
- C:\Windows\System\UEWwDYa.exe
  C:\Windows\System\UEWwDYa.exe
  2⤵
  PID:8252
- C:\Windows\System\gHLXVUc.exe
  C:\Windows\System\gHLXVUc.exe
  2⤵
  PID:8428
- C:\Windows\System\UIafPke.exe
  C:\Windows\System\UIafPke.exe
  2⤵
  PID:8460
- C:\Windows\System\eojBbcK.exe
  C:\Windows\System\eojBbcK.exe
  2⤵
  PID:8520
- C:\Windows\System\oZhNlaF.exe
  C:\Windows\System\oZhNlaF.exe
  2⤵
  PID:8576
- C:\Windows\System\wJvbQeY.exe
  C:\Windows\System\wJvbQeY.exe
  2⤵
  PID:8556
- C:\Windows\System\pimMghD.exe
  C:\Windows\System\pimMghD.exe
  2⤵
  PID:2004
- C:\Windows\System\DdzgrFv.exe
  C:\Windows\System\DdzgrFv.exe
  2⤵
  PID:8648
- C:\Windows\System\WyzuMkJ.exe
  C:\Windows\System\WyzuMkJ.exe
  2⤵
  PID:8664
- C:\Windows\System\RxKeBsp.exe
  C:\Windows\System\RxKeBsp.exe
  2⤵
  PID:8696
- C:\Windows\System\SgCmmXi.exe
  C:\Windows\System\SgCmmXi.exe
  2⤵
  PID:8712
- C:\Windows\System\crHtcnd.exe
  C:\Windows\System\crHtcnd.exe
  2⤵
  PID:556
- C:\Windows\System\PhgoIWU.exe
  C:\Windows\System\PhgoIWU.exe
  2⤵
  PID:8684
- C:\Windows\System\OqDuqQQ.exe
  C:\Windows\System\OqDuqQQ.exe
  2⤵
  PID:7196
- C:\Windows\System\TZtjCrP.exe
  C:\Windows\System\TZtjCrP.exe
  2⤵
  PID:8768
- C:\Windows\System\ZzqoXsR.exe
  C:\Windows\System\ZzqoXsR.exe
  2⤵
  PID:8752
- C:\Windows\System\pTBSTFX.exe
  C:\Windows\System\pTBSTFX.exe
  2⤵
  PID:8808
- C:\Windows\System\BFFHwME.exe
  C:\Windows\System\BFFHwME.exe
  2⤵
  PID:8820
- C:\Windows\System\BFYtERT.exe
  C:\Windows\System\BFYtERT.exe
  2⤵
  PID:8836
- C:\Windows\System\ekVsWYx.exe
  C:\Windows\System\ekVsWYx.exe
  2⤵
  PID:8840
- C:\Windows\System\xLFMKLC.exe
  C:\Windows\System\xLFMKLC.exe
  2⤵
  PID:8872
- C:\Windows\System\McZiyCN.exe
  C:\Windows\System\McZiyCN.exe
  2⤵
  PID:8888
- C:\Windows\System\PhPOSGe.exe
  C:\Windows\System\PhPOSGe.exe
  2⤵
  PID:8904
- C:\Windows\System\KnhkZzG.exe
  C:\Windows\System\KnhkZzG.exe
  2⤵
  PID:8968
- C:\Windows\System\WazDJju.exe
  C:\Windows\System\WazDJju.exe
  2⤵
  PID:8976
- C:\Windows\System\ITctJjf.exe
  C:\Windows\System\ITctJjf.exe
  2⤵
  PID:8956
- C:\Windows\System\XkMpYEJ.exe
  C:\Windows\System\XkMpYEJ.exe
  2⤵
  PID:8528
- C:\Windows\System\iUCuhcS.exe
  C:\Windows\System\iUCuhcS.exe
  2⤵
  PID:9016
- C:\Windows\System\zwmHQpc.exe
  C:\Windows\System\zwmHQpc.exe
  2⤵
  PID:9120
- C:\Windows\System\tknRaKg.exe
  C:\Windows\System\tknRaKg.exe
  2⤵
  PID:9156
- C:\Windows\System\SKuQYaV.exe
  C:\Windows\System\SKuQYaV.exe
  2⤵
  PID:8216
- C:\Windows\System\vgTniUj.exe
  C:\Windows\System\vgTniUj.exe
  2⤵
  PID:9004
- C:\Windows\System\zaTRtTO.exe
  C:\Windows\System\zaTRtTO.exe
  2⤵
  PID:9100
- C:\Windows\System\YnyNzPD.exe
  C:\Windows\System\YnyNzPD.exe
  2⤵
  PID:9144
- C:\Windows\System\WmilsNl.exe
  C:\Windows\System\WmilsNl.exe
  2⤵
  PID:9188
- C:\Windows\System\Ptgedvb.exe
  C:\Windows\System\Ptgedvb.exe
  2⤵
  PID:8348
- C:\Windows\System\zHVpHOg.exe
  C:\Windows\System\zHVpHOg.exe
  2⤵
  PID:6456
- C:\Windows\System\SwAmGyZ.exe
  C:\Windows\System\SwAmGyZ.exe
  2⤵
  PID:7356
- C:\Windows\System\icqqbvS.exe
  C:\Windows\System\icqqbvS.exe
  2⤵
  PID:7760
- C:\Windows\System\ALWHsjh.exe
  C:\Windows\System\ALWHsjh.exe
  2⤵
  PID:8156
- C:\Windows\System\tctsHWf.exe
  C:\Windows\System\tctsHWf.exe
  2⤵
  PID:1964
- C:\Windows\System\izFrJRn.exe
  C:\Windows\System\izFrJRn.exe
  2⤵
  PID:8200
- C:\Windows\System\heOtOmJ.exe
  C:\Windows\System\heOtOmJ.exe
  2⤵
  PID:8328
- C:\Windows\System\OdAIiIH.exe
  C:\Windows\System\OdAIiIH.exe
  2⤵
  PID:8396
- C:\Windows\System\vsFKllD.exe
  C:\Windows\System\vsFKllD.exe
  2⤵
  PID:8492
- C:\Windows\System\casVKLp.exe
  C:\Windows\System\casVKLp.exe
  2⤵
  PID:8040
- C:\Windows\System\MsRMtlQ.exe
  C:\Windows\System\MsRMtlQ.exe
  2⤵
  PID:8660
- C:\Windows\System\RjurFdT.exe
  C:\Windows\System\RjurFdT.exe
  2⤵
  PID:8692
- C:\Windows\System\owarytp.exe
  C:\Windows\System\owarytp.exe
  2⤵
  PID:8708
- C:\Windows\System\ysqUJBX.exe
  C:\Windows\System\ysqUJBX.exe
  2⤵
  PID:8796
- C:\Windows\System\fIVLNNG.exe
  C:\Windows\System\fIVLNNG.exe
  2⤵
  PID:8740
- C:\Windows\System\mceVnij.exe
  C:\Windows\System\mceVnij.exe
  2⤵
  PID:8816
- C:\Windows\System\Tnmxzps.exe
  C:\Windows\System\Tnmxzps.exe
  2⤵
  PID:8844
- C:\Windows\System\EgpayHo.exe
  C:\Windows\System\EgpayHo.exe
  2⤵
  PID:8884
- C:\Windows\System\qxgoMBJ.exe
  C:\Windows\System\qxgoMBJ.exe
  2⤵
  PID:8980
- C:\Windows\System\YXmfiux.exe
  C:\Windows\System\YXmfiux.exe
  2⤵
  PID:8972
- C:\Windows\System\wrAdaDh.exe
  C:\Windows\System\wrAdaDh.exe
  2⤵
  PID:9116
- C:\Windows\System\RTiVtZH.exe
  C:\Windows\System\RTiVtZH.exe
  2⤵
  PID:9084
- C:\Windows\System\DvcweHm.exe
  C:\Windows\System\DvcweHm.exe
  2⤵
  PID:1052
- C:\Windows\System\DXebvCN.exe
  C:\Windows\System\DXebvCN.exe
  2⤵
  PID:9064
- C:\Windows\System\GkoUxXz.exe
  C:\Windows\System\GkoUxXz.exe
  2⤵
  PID:9180
- C:\Windows\System\dDghsva.exe
  C:\Windows\System\dDghsva.exe
  2⤵
  PID:9140
- C:\Windows\System\gQACYkd.exe
  C:\Windows\System\gQACYkd.exe
  2⤵
  PID:672
- C:\Windows\System\HujUkzU.exe
  C:\Windows\System\HujUkzU.exe
  2⤵
  PID:8312
- C:\Windows\System\LuVSmqk.exe
  C:\Windows\System\LuVSmqk.exe
  2⤵
  PID:8000
- C:\Windows\System\mHQkJRA.exe
  C:\Windows\System\mHQkJRA.exe
  2⤵
  PID:7860
- C:\Windows\System\yssCcMT.exe
  C:\Windows\System\yssCcMT.exe
  2⤵
  PID:8268
- C:\Windows\System\fhEtmpH.exe
  C:\Windows\System\fhEtmpH.exe
  2⤵
  PID:8488
- C:\Windows\System\wXUMVme.exe
  C:\Windows\System\wXUMVme.exe
  2⤵
  PID:8656
- C:\Windows\System\EFDtMDc.exe
  C:\Windows\System\EFDtMDc.exe
  2⤵
  PID:8680
- C:\Windows\System\xcfeObA.exe
  C:\Windows\System\xcfeObA.exe
  2⤵
  PID:8856
- C:\Windows\System\XJSssct.exe
  C:\Windows\System\XJSssct.exe
  2⤵
  PID:8716
- C:\Windows\System\WtBwJhg.exe
  C:\Windows\System\WtBwJhg.exe
  2⤵
  PID:8880
- C:\Windows\System\NswUYDD.exe
  C:\Windows\System\NswUYDD.exe
  2⤵
  PID:2168
- C:\Windows\System\ZxkzFvW.exe
  C:\Windows\System\ZxkzFvW.exe
  2⤵
  PID:8212
- C:\Windows\System\AzYkRXB.exe
  C:\Windows\System\AzYkRXB.exe
  2⤵
  PID:2736
- C:\Windows\System\bHxsnRe.exe
  C:\Windows\System\bHxsnRe.exe
  2⤵
  PID:596
- C:\Windows\System\xOciBNU.exe
  C:\Windows\System\xOciBNU.exe
  2⤵
  PID:8280
- C:\Windows\System\iBLmjhe.exe
  C:\Windows\System\iBLmjhe.exe
  2⤵
  PID:1712
- C:\Windows\System\BpYLfbl.exe
  C:\Windows\System\BpYLfbl.exe
  2⤵
  PID:8864
- C:\Windows\System\XweKWQj.exe
  C:\Windows\System\XweKWQj.exe
  2⤵
  PID:8756
- C:\Windows\System\NEsUXOm.exe
  C:\Windows\System\NEsUXOm.exe
  2⤵
  PID:8644
- C:\Windows\System\NlCmzDJ.exe
  C:\Windows\System\NlCmzDJ.exe
  2⤵
  PID:9204
- C:\Windows\System\DlqOFAe.exe
  C:\Windows\System\DlqOFAe.exe
  2⤵
  PID:944
- C:\Windows\System\icoIDEE.exe
  C:\Windows\System\icoIDEE.exe
  2⤵
  PID:9036
- C:\Windows\System\zIyPMqT.exe
  C:\Windows\System\zIyPMqT.exe
  2⤵
  PID:8472
- C:\Windows\System\OqdBzgk.exe
  C:\Windows\System\OqdBzgk.exe
  2⤵
  PID:8456
- C:\Windows\System\eBSIFGD.exe
  C:\Windows\System\eBSIFGD.exe
  2⤵
  PID:8940
- C:\Windows\System\SNIPKyd.exe
  C:\Windows\System\SNIPKyd.exe
  2⤵
  PID:8524
- C:\Windows\System\CXTjehX.exe
  C:\Windows\System\CXTjehX.exe
  2⤵
  PID:9224
- C:\Windows\System\nsmvDiB.exe
  C:\Windows\System\nsmvDiB.exe
  2⤵
  PID:9240
- C:\Windows\System\rlcgMwm.exe
  C:\Windows\System\rlcgMwm.exe
  2⤵
  PID:9260
- C:\Windows\System\DtcBtBQ.exe
  C:\Windows\System\DtcBtBQ.exe
  2⤵
  PID:9276
- C:\Windows\System\ZEtrXtF.exe
  C:\Windows\System\ZEtrXtF.exe
  2⤵
  PID:9296
- C:\Windows\System\GzQjuEh.exe
  C:\Windows\System\GzQjuEh.exe
  2⤵
  PID:9312
- C:\Windows\System\TxYLgVK.exe
  C:\Windows\System\TxYLgVK.exe
  2⤵
  PID:9328
- C:\Windows\System\yptINKX.exe
  C:\Windows\System\yptINKX.exe
  2⤵
  PID:9344
- C:\Windows\System\LesBagI.exe
  C:\Windows\System\LesBagI.exe
  2⤵
  PID:9360
- C:\Windows\System\JrDyvXK.exe
  C:\Windows\System\JrDyvXK.exe
  2⤵
  PID:9376
- C:\Windows\System\Tsahqnm.exe
  C:\Windows\System\Tsahqnm.exe
  2⤵
  PID:9392
- C:\Windows\System\mxFYfbP.exe
  C:\Windows\System\mxFYfbP.exe
  2⤵
  PID:9408
- C:\Windows\System\hDEEWUb.exe
  C:\Windows\System\hDEEWUb.exe
  2⤵
  PID:9424
- C:\Windows\System\gVfUgkA.exe
  C:\Windows\System\gVfUgkA.exe
  2⤵
  PID:9440
- C:\Windows\System\JEYhWEM.exe
  C:\Windows\System\JEYhWEM.exe
  2⤵
  PID:9456
- C:\Windows\System\TtPdaiP.exe
  C:\Windows\System\TtPdaiP.exe
  2⤵
  PID:9472
- C:\Windows\System\TjNGlBx.exe
  C:\Windows\System\TjNGlBx.exe
  2⤵
  PID:9488
- C:\Windows\System\TDSOJjf.exe
  C:\Windows\System\TDSOJjf.exe
  2⤵
  PID:9504
- C:\Windows\System\WegYdRu.exe
  C:\Windows\System\WegYdRu.exe
  2⤵
  PID:9520
- C:\Windows\System\bviXuyq.exe
  C:\Windows\System\bviXuyq.exe
  2⤵
  PID:9536
- C:\Windows\System\wIJbunq.exe
  C:\Windows\System\wIJbunq.exe
  2⤵
  PID:9552
- C:\Windows\System\GhlECBG.exe
  C:\Windows\System\GhlECBG.exe
  2⤵
  PID:9568
- C:\Windows\System\YEFXRux.exe
  C:\Windows\System\YEFXRux.exe
  2⤵
  PID:9584
- C:\Windows\System\CKKrypV.exe
  C:\Windows\System\CKKrypV.exe
  2⤵
  PID:9600
- C:\Windows\System\EBxUuPB.exe
  C:\Windows\System\EBxUuPB.exe
  2⤵
  PID:9616
- C:\Windows\System\fdLiFWw.exe
  C:\Windows\System\fdLiFWw.exe
  2⤵
  PID:9632
- C:\Windows\System\tPrnlVB.exe
  C:\Windows\System\tPrnlVB.exe
  2⤵
  PID:9648
- C:\Windows\System\GYiBsLo.exe
  C:\Windows\System\GYiBsLo.exe
  2⤵
  PID:9664
- C:\Windows\System\OQMHBfI.exe
  C:\Windows\System\OQMHBfI.exe
  2⤵
  PID:9680
- C:\Windows\System\aojinnp.exe
  C:\Windows\System\aojinnp.exe
  2⤵
  PID:9704
- C:\Windows\System\YKqetIm.exe
  C:\Windows\System\YKqetIm.exe
  2⤵
  PID:9720
- C:\Windows\System\Swhsjid.exe
  C:\Windows\System\Swhsjid.exe
  2⤵
  PID:9736
- C:\Windows\System\DEGUjVe.exe
  C:\Windows\System\DEGUjVe.exe
  2⤵
  PID:9752
- C:\Windows\System\CrnaVpo.exe
  C:\Windows\System\CrnaVpo.exe
  2⤵
  PID:9768
- C:\Windows\System\MFDrffZ.exe
  C:\Windows\System\MFDrffZ.exe
  2⤵
  PID:9784
- C:\Windows\System\TnFMUrL.exe
  C:\Windows\System\TnFMUrL.exe
  2⤵
  PID:9800
- C:\Windows\System\yAGiCRQ.exe
  C:\Windows\System\yAGiCRQ.exe
  2⤵
  PID:9816
- C:\Windows\System\TaACXjo.exe
  C:\Windows\System\TaACXjo.exe
  2⤵
  PID:9832
- C:\Windows\System\OiaQpRu.exe
  C:\Windows\System\OiaQpRu.exe
  2⤵
  PID:9848
- C:\Windows\System\CytKTKk.exe
  C:\Windows\System\CytKTKk.exe
  2⤵
  PID:9864
- C:\Windows\System\rhCDyJG.exe
  C:\Windows\System\rhCDyJG.exe
  2⤵
  PID:9880
- C:\Windows\System\XXUhNKM.exe
  C:\Windows\System\XXUhNKM.exe
  2⤵
  PID:9896
- C:\Windows\System\QKuzOkP.exe
  C:\Windows\System\QKuzOkP.exe
  2⤵
  PID:9912
- C:\Windows\System\PNNYBoo.exe
  C:\Windows\System\PNNYBoo.exe
  2⤵
  PID:9928
- C:\Windows\System\SzNLrlF.exe
  C:\Windows\System\SzNLrlF.exe
  2⤵
  PID:9944
- C:\Windows\System\NkKfFHj.exe
  C:\Windows\System\NkKfFHj.exe
  2⤵
  PID:9960
- C:\Windows\System\VsDBcAI.exe
  C:\Windows\System\VsDBcAI.exe
  2⤵
  PID:9976
- C:\Windows\System\SwHnzlh.exe
  C:\Windows\System\SwHnzlh.exe
  2⤵
  PID:9992
- C:\Windows\System\aofdhxY.exe
  C:\Windows\System\aofdhxY.exe
  2⤵
  PID:10008
- C:\Windows\System\KBFUeZq.exe
  C:\Windows\System\KBFUeZq.exe
  2⤵
  PID:10024
- C:\Windows\System\QBHaJyT.exe
  C:\Windows\System\QBHaJyT.exe
  2⤵
  PID:10040
- C:\Windows\System\IHpwiQd.exe
  C:\Windows\System\IHpwiQd.exe
  2⤵
  PID:10056
- C:\Windows\System\BaYWnjh.exe
  C:\Windows\System\BaYWnjh.exe
  2⤵
  PID:10072
- C:\Windows\System\oTRvdSY.exe
  C:\Windows\System\oTRvdSY.exe
  2⤵
  PID:10088
- C:\Windows\System\qqQPHQh.exe
  C:\Windows\System\qqQPHQh.exe
  2⤵
  PID:10104
- C:\Windows\System\ZPkjOeG.exe
  C:\Windows\System\ZPkjOeG.exe
  2⤵
  PID:10120
- C:\Windows\System\bIHgfDZ.exe
  C:\Windows\System\bIHgfDZ.exe
  2⤵
  PID:10136
- C:\Windows\System\yYXLtbv.exe
  C:\Windows\System\yYXLtbv.exe
  2⤵
  PID:10152
- C:\Windows\System\EezjqCx.exe
  C:\Windows\System\EezjqCx.exe
  2⤵
  PID:10168
- C:\Windows\System\QAxEDzS.exe
  C:\Windows\System\QAxEDzS.exe
  2⤵
  PID:10184
- C:\Windows\System\jkaxjny.exe
  C:\Windows\System\jkaxjny.exe
  2⤵
  PID:10200
- C:\Windows\System\nkhGhpK.exe
  C:\Windows\System\nkhGhpK.exe
  2⤵
  PID:10216
- C:\Windows\System\bmaNtrW.exe
  C:\Windows\System\bmaNtrW.exe
  2⤵
  PID:10232
- C:\Windows\System\etCRxFx.exe
  C:\Windows\System\etCRxFx.exe
  2⤵
  PID:8952
- C:\Windows\System\nopTMXY.exe
  C:\Windows\System\nopTMXY.exe
  2⤵
  PID:2328
- C:\Windows\System\kPyRGtC.exe
  C:\Windows\System\kPyRGtC.exe
  2⤵
  PID:9164
- C:\Windows\System\TUHtdOZ.exe
  C:\Windows\System\TUHtdOZ.exe
  2⤵
  PID:9256
- C:\Windows\System\SxMiCLc.exe
  C:\Windows\System\SxMiCLc.exe
  2⤵
  PID:9288
- C:\Windows\System\rfKxTdX.exe
  C:\Windows\System\rfKxTdX.exe
  2⤵
  PID:9352
- C:\Windows\System\hKuQBdj.exe
  C:\Windows\System\hKuQBdj.exe
  2⤵
  PID:9336
- C:\Windows\System\VUcUMXT.exe
  C:\Windows\System\VUcUMXT.exe
  2⤵
  PID:9356
- C:\Windows\System\EFvFvob.exe
  C:\Windows\System\EFvFvob.exe
  2⤵
  PID:9416
- C:\Windows\System\FjWXaET.exe
  C:\Windows\System\FjWXaET.exe
  2⤵
  PID:9464
- C:\Windows\System\yQfrWHw.exe
  C:\Windows\System\yQfrWHw.exe
  2⤵
  PID:9480
- C:\Windows\System\dMgmxDf.exe
  C:\Windows\System\dMgmxDf.exe
  2⤵
  PID:9528
- C:\Windows\System\PewzOZE.exe
  C:\Windows\System\PewzOZE.exe
  2⤵
  PID:9560
- C:\Windows\System\aiMvpqe.exe
  C:\Windows\System\aiMvpqe.exe
  2⤵
  PID:9576
- C:\Windows\System\KvuIagp.exe
  C:\Windows\System\KvuIagp.exe
  2⤵
  PID:9612
- C:\Windows\System\LtoExPL.exe
  C:\Windows\System\LtoExPL.exe
  2⤵
  PID:9660
- C:\Windows\System\BDScQCq.exe
  C:\Windows\System\BDScQCq.exe
  2⤵
  PID:9672
- C:\Windows\System\TPGAnBx.exe
  C:\Windows\System\TPGAnBx.exe
  2⤵
  PID:9728
- C:\Windows\System\DvEIaRi.exe
  C:\Windows\System\DvEIaRi.exe
  2⤵
  PID:9760
- C:\Windows\System\dgdWVRg.exe
  C:\Windows\System\dgdWVRg.exe
  2⤵
  PID:9792
- C:\Windows\System\tBdhTMJ.exe
  C:\Windows\System\tBdhTMJ.exe
  2⤵
  PID:9808
- C:\Windows\System\tZBxfvn.exe
  C:\Windows\System\tZBxfvn.exe
  2⤵
  PID:9844
- C:\Windows\System\MHaPBIj.exe
  C:\Windows\System\MHaPBIj.exe
  2⤵
  PID:9872
- C:\Windows\System\gxfqlrk.exe
  C:\Windows\System\gxfqlrk.exe
  2⤵
  PID:9924
- C:\Windows\System\wpemndr.exe
  C:\Windows\System\wpemndr.exe
  2⤵
  PID:9940
- C:\Windows\System\QXYLNTe.exe
  C:\Windows\System\QXYLNTe.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EVQAwRx.exe

Filesize
6.0MB

MD5
b5e90751ff9d4900e470649b84f36b6d

SHA1
c9cd1ed3707003278cfbb431aeb3ead5390ece77

SHA256
97ce377484bc187a4ab34c610c915dffe0abd23bf08b26b3670313dd4f19c596

SHA512
3ed3f7dca35b6249093827876f97f47c07261c25bbbb18db7a87a25e7d19e97d17b5f0ffe9a0a90bdce2b93cfbc028c1cc683e6238f98714a3111d0e99fb1e8a

Download Submit
C:\Windows\system\GmJDYDy.exe

Filesize
6.0MB

MD5
4d03081718a76ee6c6ea2e9dde1b1340

SHA1
b6b955d35c8b7b6e8ea859bc0bddfc2cd31e4636

SHA256
5ea856ccfcd8014ab4ae6a7cd7ada5d8b5410ea1845a3988cc799e64583e37e4

SHA512
36d7a7b084c001f5d67b8cb29b0fa834e1c0253857c8896e462bd0b4b814fb5fa28bba919971bd439449065bee512a365961216b0da648bf24287bd0fdeb2c29

Download Submit
C:\Windows\system\IfoLQqN.exe

Filesize
6.0MB

MD5
53ac43e16f16dee1ad2eef4b1e8ea04f

SHA1
63589e17fbaffdf3169717679e01a35f4d33e8a6

SHA256
a0c5871fec4cd3d3049a4327364dca03e93125e5e304b3b88aa5d8651a437105

SHA512
c025b584174014e109c2bce01323c382cd06c3f2071a64f9e55c13da830e96f16cd22334a2fd589aa17ade951275ffc12eb7da8bc46c6a9dd11920711ab4d577

Download Submit
C:\Windows\system\JEfavew.exe

Filesize
6.0MB

MD5
1b2f9c9ac05707497dc83960609ef3b7

SHA1
4f27be0aa133cdc9efedfba4bf589ba950d5ff06

SHA256
670ede358447ce384f1a3fe70b4ff6b087b9aa1ab004f9f68707938353f8ab7e

SHA512
b0de50a1b33a517fb3400c961910cf90d914b33e1fb21049ce49d75c32949b587d8687154ad063d46a79e843b051787f7a47a08a43ab287d11a5d4ad8e4c2ad7

Download Submit
C:\Windows\system\KHXjVre.exe

Filesize
6.0MB

MD5
9840c42cc3e5e50a900884e03e6fa45c

SHA1
57ebcd93ddac5cf8539559128f9b3c089e7ccf61

SHA256
a21093791d6f034ed29947e232c2644aa60d98cfb7b94b5d30f3bae3763edb70

SHA512
a0d55cc772c1e6b7664161a57f3e37783443dd045f55b27907ab441a08c899b113880feb30f4be0fc9268e183c6ea3f2dbb9d0dc2654831b032786a1f0d42662

Download Submit
C:\Windows\system\LVxrDrO.exe

Filesize
6.0MB

MD5
469ec2414a0a5c12b927f0579b4a78df

SHA1
d9dd2ecb81d4c8abb966fc2f4c0d10a4fcfbcbd6

SHA256
1c90f1c6d7c0b2a7bcd0556b384d6bfbdc178455e082cc0d79280c1d9e3067d6

SHA512
f7135694199ee1b8d94086ec7758b4eab47dd9827a91faef2ca6d0d2404de31f5d9c76a31194301aea36b1c3270461e9e52f66373c5927785740c09159fe7959

Download Submit
C:\Windows\system\NhNKPTd.exe

Filesize
6.0MB

MD5
5af84c5a6c4a5e529782a6a0493e5be5

SHA1
09ea13e58a1458791f072cc5f70fa0c4b444a417

SHA256
56f82a40a8dd70d66d179e45ab5088f23a485b093ef1b09ce3468e8a6d476ea1

SHA512
ac28709c7a15343ceecce34084f7b23942733ce053e645819f82652a3db8f1ae1a394764db4c41b102efe0df9cbdc476afbd4ec9901b9f84c4b0f4550f746461

Download Submit
C:\Windows\system\PpFGjcU.exe

Filesize
6.0MB

MD5
cdb39c02c80037bdc1d0304b2911ada9

SHA1
012827d558bec3bdc8905e529df7ea28096fe2d9

SHA256
debc3c25046d05a24da6ef19240acf1fe03d246b55cbb9304b05c35485869e33

SHA512
34a0d60dada240143f47f610b831b98318af2d33a64c67b1510506415b2571a6dcda200e63ab2c98a82254be5e99b3cda81b7d92c13243e443fda8786dbf0c39

Download Submit
C:\Windows\system\QFqLODF.exe

Filesize
6.0MB

MD5
fa76af8d1dc3f6c7e7e6c7f04d3740ba

SHA1
0ba750ff9708fe95c2afec064c8aaeeda18219b5

SHA256
9ab54708d6166e409dab47f415e97d0402894190a07b5ce3494903cac888a387

SHA512
1e5ddeb67b9d3f45f3e76741b2595127f4fa77ca8d79077eb5202945a7420c52c49ec1941ff6757e66b364c158d8135fff5592fdae2f579b7b3c6cb2e3c4ea8f

Download Submit
C:\Windows\system\QcdWrhX.exe

Filesize
6.0MB

MD5
03738bb1a189f00ca328ae6fd884dae3

SHA1
c87330209e3f625dc151829962b5a38dec6c202d

SHA256
3e19d93d1d3797bdfcd7997dd902ee9e52b26f29500e63e844732adc0375485e

SHA512
45e0063f89d1e3dc26d90ddfb0fff227c8f1006c8789e11ee09e475063c97f604579a89de3b89cbf92c889c997c22965eb485319f765738ececbaaeee3706018

Download Submit
C:\Windows\system\VjamqBc.exe

Filesize
6.0MB

MD5
618e95836496e1c5f953a7f1fcc2762f

SHA1
11d7c2452a5578e4f4267754ddd0f822154e5354

SHA256
65ba27ab09f7596a812ef18f0d536f023e9427583346012d282cd5499bcbe444

SHA512
aa7d0ffb5d76035c0aa2f02f539090c85f4760d7fa9f74b2af15d1eef890c7eafcffc899e4be1b0acb19f57e3d309826fb572dfdcfd27aaf91436cc59cd1ea88

Download Submit
C:\Windows\system\ZpdDiRn.exe

Filesize
6.0MB

MD5
cfdba2122cf7773f62ef7499135a0801

SHA1
8e3df6d51b4afbafc7d3100467b57ad70449cb6c

SHA256
cf8e35da2385e2073c3f753f5ab2a59b79961dc12ee1fa33d3c5c32871a224bd

SHA512
b6d4b3906921b8300a224347555e7004b24c9eb32717b72115a88ddd1caae3322c7afaa6c0605e30d9d90942b017f1b97da62355473b405da82c1cbd1bd074ef

Download Submit
C:\Windows\system\aYoqqQw.exe

Filesize
6.0MB

MD5
19fc71ccd893d3c08a72ceec15a09abd

SHA1
a5ce574106c46202f2fe075c5b69b8b51358f47a

SHA256
853c6225ae16c0350a8dae498426df2d92b458ad998bc18febbf957cb693c060

SHA512
e66bac3be3a945f148515659670785ccc6f3d817b432d052838c82f634d5957e7f32550c7eba6c00e45c0da3a7906807b31a44eed87210358c0e1faa6bdf9b41

Download Submit
C:\Windows\system\cdyajpv.exe

Filesize
6.0MB

MD5
ea1a1e371d38907aac37ca0a08371326

SHA1
74b0fc4cb19e10ba0e04abe376b87c5106b62230

SHA256
7c09718ecc576997c6f2824491eafb5eb54e4d93a59813fd61b74e937db1e2f2

SHA512
2bb15d9f0990037e7d180bf611c643d72b284fc63770a68e3c71f7a45261b3099d3cee7b4d10f1a080b80f12c330405769a6b5093047297c596506a4ed5ac576

Download Submit
C:\Windows\system\fGGqXBP.exe

Filesize
6.0MB

MD5
7e9d4420cd30f90a2197c8895c41b57f

SHA1
ca0021b5725317c1b27a66030b51663d89543090

SHA256
3b583ff528591a6bfd9ae135fe9959fae228fdb9d6ab91e52bdbeddd7f70dce9

SHA512
00cf880a7d04d09040ee67efb5496e643c621f6509ba124b1d406a9f08e9856b52944945aebdcc4eae8aa2713eff3f64c63871dda17d085bc6a455c4de4aae21

Download Submit
C:\Windows\system\gIKUpol.exe

Filesize
6.0MB

MD5
d96c2e19749932349f27196f0fa5d558

SHA1
a9874217145b8bd7a4d73924b6e98b2b3560d5c8

SHA256
7a0955ea5850a867f0928814f41981eb9f28bce216d38b3cb8edab0465a03b92

SHA512
7e7b00a099edb2996910c11fd0a3653882b80370133b3fafb63615c3a343cbd1b9e641044c8b874eae0a20b7689791d0b72f88a6c61786f94dc7507f70950e46

Download Submit
C:\Windows\system\jbWqHlJ.exe

Filesize
6.0MB

MD5
da876637ba975a0276e9571aa4e0e7a3

SHA1
6c20b90b814093953df3a513b7acfaaceb685d80

SHA256
ecfe140ea85cbc35afefd8097f8ec36c8533e5c6c4418cb650813804183f3009

SHA512
51ce6ae132889f48f9924bf61d3668ea65d7f378d3afd970493637ba42961595316b03c162bdb6339028e5e7c56fc6f5138bb465e4b1182e46a1d9776bc458ce

Download Submit
C:\Windows\system\kmMfJAd.exe

Filesize
6.0MB

MD5
fc424057a29e3b3c2ba9ffa227302573

SHA1
5b64b47e29234774a4257c01388588016e2fda1c

SHA256
e3de7ac981497462e60eb0e57e967feed2e142845b887d9c1600d69a37b1c3e2

SHA512
5c3edc80291c5e19b62bf43efdeb7a59d838e9fb98cedbecdb6b6e273dcfacd479b24ee35736eb8acb680d7df0922087aaf2b3b3a88c9e78d6c2c9fe015ff4c2

Download Submit
C:\Windows\system\lQMJjzG.exe

Filesize
6.0MB

MD5
a3db0f85cdceaca4ec5ae71d420d1855

SHA1
9f76d10c4822452a3ad9675cf77043b9aa312635

SHA256
02c7694a6eaef774b0c933169a1648673b579bb2dfbec55ad6e0365eddc195ff

SHA512
d930483bf891607991da23bda7c9ed869631e9e4e2742c55c6c836bdb45259b47a727aebd7967324ce4db0571c7c343637594ab7378418b2c759c530217e30d8

Download Submit
C:\Windows\system\lnbECpA.exe

Filesize
6.0MB

MD5
9d732d029737822eaee5c0147fbcaf17

SHA1
0fe19df9a35eab3cdf511b0ed188d8ec27d94a67

SHA256
bf5a830896cd85d1e87f37d782485f3b35ff8adb46108354277522f167f00f9c

SHA512
f350249b578af370c5a59c437e48ee5884565dbbc64b8272e48b9f1eb4b6fd38029dc5c32c8ec56e02c42578aecee22baeb764b8cbedb04f66fd5c7998e00acf

Download Submit
C:\Windows\system\musnknO.exe

Filesize
6.0MB

MD5
663f55bcb8aee6b57ce1a9359c258705

SHA1
0257184cd35c83a9bf1caf2f85ab503d8b19a96e

SHA256
3d05ee8bba0d1ce569dc8cb7ac563138db4ab10be88842fd8668541ff915b673

SHA512
488944099b213bdb0f64c51312a567614a8b410cb93dc9cb9111ad1065a5a39972cb845dd0057cc61916d451027213499853101848165fbabca9e2652f56b75e

Download Submit
C:\Windows\system\pfGnqAM.exe

Filesize
6.0MB

MD5
fdeb4e3ec8d56119fb4a07af4748711e

SHA1
f8ae92125379c550d1e8354424c2cfcf57ab9c15

SHA256
59f5e3579efd16f4ed4e7f596350d6d430eec9857225d48729e536f521181bb7

SHA512
ef6c9adcbc46a9bbef5e8bebfa6a7fbd7dcc428413bf74445bda1cff61a115cacb9d0c7a13d45e9dbc5b15bfffcbadba7b3cf864e9434d55384de70be1ea332c

Download Submit
C:\Windows\system\rrpECGC.exe

Filesize
6.0MB

MD5
f2cb0cc0e1ca4e3500cc5e42dd17a52b

SHA1
0c3536af3580478ea01c69f06acc77146866ca59

SHA256
94d173d6b31eaeb842155582ddaebb8632f2db4ff04f9e7721c36bc680476483

SHA512
9695aacd6f8bdd694cf656217c7f384d61a7214a017ce379b8ac39a63eae4ddf9aaf7188181819e3f1da1edc465866faca92d6b75b0e580ed3127b6c5fd98c5c

Download Submit
C:\Windows\system\uhGmGva.exe

Filesize
6.0MB

MD5
182f082ef878ca2fd61c277834d0e59a

SHA1
accd07fc0e962a4373d7f41504f3ea6b72b315bf

SHA256
8ec2b71022879024c850823628c83861a6c3ba23dc7549735c5c16f0cc51fd7a

SHA512
14409045bbcca2a41dcd339686235ed9eb4eec49d3dfef28aa33c65c2a937693c579aff663734201c584bf6b15622be0d5f08d1cbd4a6967d4c268808ece5c97

Download Submit
C:\Windows\system\ybmOVEU.exe

Filesize
6.0MB

MD5
78b51cfe1c79c67b03bf8de34b501595

SHA1
b2744ae38b91e334b9ca8c6cbc4023aee52ca66c

SHA256
d7f4620d712c004192272384f5c1ac8ebe950cbdf75b488e1af66a3f6074e863

SHA512
a5a77b49b3239e549fe2a08db842a693c6ea49504a6d217426faa421572cd759ced552e774adf2be66a2c526531316a4e3a5e46e61c9200bb1dc3afd87a51949

Download Submit
C:\Windows\system\zrPmcGZ.exe

Filesize
6.0MB

MD5
6357d4b772b18b6e4874e81227caf2a0

SHA1
fe02aedb04ef3719baf9c749fa32160e5ff3cbf6

SHA256
e38d5e6d924704978cf720118c935f12aa0c120aa640d8b46b2487d5a14170b7

SHA512
eee2853e3e5fc5dfd671daed6163e4854cc96e83b7f49fca76801a3aaa0d4d8eee5c2045fb92c5749a83f8089ad257051b2add66b49e01de275da4309c83c033

Download Submit
\Windows\system\DOdoQVV.exe

Filesize
6.0MB

MD5
e56d84d92290ca0c20b4192e500a931c

SHA1
248a0555331ee2643e79f72945af3ef64c8576bc

SHA256
8383f7d660f8cdb3182faf634334f536a94796817343b088dd57d947db9c1ef9

SHA512
05ca54087873cd2726fb638e9c1b0a47a7022687c578dfeb08ecb006cedadc38b5cd3e6ad27d69bbb4a8a6c483fac76dd8124f31c442d4506429e43e552eea77

Download Submit
\Windows\system\NknNMAd.exe

Filesize
6.0MB

MD5
a0f1b9231cef4a211a09b767c2b5edc5

SHA1
6caf36bd61cd8035a536914c6dd24e2fe3ff50bd

SHA256
7dc17117aa307beba5f75815818bfe100c80c989157870b2a921928e172bde97

SHA512
f62e8db93eef8b3da83ee2557404466263ffa47bad97e72d4b26cb0420adc92f45949ebd659c4d78560518a5927d1aad232297b789befadf21c5e8fbfb2cbd3c

Download Submit
\Windows\system\OIzJSTt.exe

Filesize
6.0MB

MD5
da43101f324dd40b4deb7899f16876e9

SHA1
e1bb28549c4884f24f02d187afebfa77deff17be

SHA256
dccbfb5ce6db6da6ae31304134697e3d47c911a35831fb89a986f4f410ec99fe

SHA512
00227321ce46a4a56d2e1d1e2d41a89e778570be5dbd3a654b6b87821d8c0f65c57efadb81e24315f85637028899156c898cf5a95c9f4537b964a434aaac6a54

Download Submit
\Windows\system\bDaxVIs.exe

Filesize
6.0MB

MD5
805e10e281ced0c39f25827ad92eb2db

SHA1
477ddd4783a02f2a298368f709f7f6d90f02b52d

SHA256
c65c296fc00fa833b06cacb850f81d7ce595d9c99ff37ffde56f6c70f222c361

SHA512
c6472f5655cc03bab5c64f8d5734c7c7b13da42255cee7bf4b4ee7be57788cc2d6da000fcb9300e83e2addfd0fb05fa201b43fd9749d4ae53f45966d278125e1

Download Submit
\Windows\system\dbJJeVe.exe

Filesize
6.0MB

MD5
74b56c950e85a955dc0d02c6eb4cce89

SHA1
cc8899e39b124b9c3fa79d3d760691993163b40b

SHA256
eb06d199b7404ca1edecdfd2d7cc8a2458b82e52af88f525fd1aaab89e4445fd

SHA512
9c9e98e09c72ca689fa1a3df5a466a8e29010d48fadd91b4c9e59291a3d0d87149dbc46b977d527cb252bdf7af51643feffcc1084f8483bd1732561f18891352

Download Submit
\Windows\system\rOtNpOo.exe

Filesize
6.0MB

MD5
1f42167f4b77f31a7d66d9e4ec141f41

SHA1
53259a6c11986bf9121eda3110527d28a53730fb

SHA256
b7efa18c1208ea25a47ee7b2bcd25eb1852a163861cd44f4509b625260d3e2d3

SHA512
520606fdb22460e87aacbdaba4dbcfdc2feea7b678150a846161b16f18e24cab8d6bedd003fcbd2e1d01f3e68cf7aeb5d19bd481fe0492987fbaaa4219f33c06

Download Submit
memory/1192-51-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2359-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1276-76-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1276-2348-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1284-1881-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-40-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-32-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1320-1884-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1356-59-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2349-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-92-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2374-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-50-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2358-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2212-34-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2212-80-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1910-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-363-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-68-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-79-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2368-74-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2368-52-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2368-77-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-91-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-97-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-17-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-73-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-31-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-194-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2368-282-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-19-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-42-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2368-43-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2368-75-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2368-443-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-33-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2342-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2600-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2704-85-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2347-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2371-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2386-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-69-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2360-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2776-54-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2908-86-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2350-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2908-44-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download