cobaltstrike | 713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
Size

6.0MB
MD5

67cfe01d53930eea5d408d827e89a63e
SHA1

64f4743d3913ca43faeb9fb877178490c2405e73
SHA256

713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943
SHA512

590887961376de7bcbcaf3b7c0534384a96f8aa2ac09073d97a8e04a45d4c007ee444ee6436fed3d3c9a5b024b570406f2a69ca912c57782ccbc4f62fea57949
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173ee-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-40.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001749c-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019238-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-81.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016e73-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-3.dat	xmrig
behavioral1/files/0x00080000000173b2-9.dat	xmrig
behavioral1/memory/2852-13-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2692-23-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00070000000173ee-20.dat	xmrig
behavioral1/files/0x00070000000173f6-27.dat	xmrig
behavioral1/memory/2596-29-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x000700000001746c-34.dat	xmrig
behavioral1/memory/2768-37-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0007000000017474-40.dat	xmrig
behavioral1/files/0x000a00000001749c-48.dat	xmrig
behavioral1/memory/304-52-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0006000000019238-56.dat	xmrig
behavioral1/files/0x0005000000019c53-116.dat	xmrig
behavioral1/files/0x0005000000019614-66.dat	xmrig
behavioral1/files/0x0005000000019c36-138.dat	xmrig
behavioral1/files/0x000500000001a067-171.dat	xmrig
behavioral1/files/0x000500000001a0a1-181.dat	xmrig
behavioral1/memory/2616-337-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2564-494-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1104-946-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2688-1148-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/908-1136-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2688-797-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a345-191.dat	xmrig
behavioral1/files/0x000500000001a301-186.dat	xmrig
behavioral1/files/0x000500000001a07b-176.dat	xmrig
behavioral1/files/0x0005000000019fb9-166.dat	xmrig
behavioral1/files/0x0005000000019f9f-161.dat	xmrig
behavioral1/files/0x0005000000019db8-156.dat	xmrig
behavioral1/files/0x0005000000019da4-151.dat	xmrig
behavioral1/files/0x00050000000196e8-136.dat	xmrig
behavioral1/files/0x000500000001966c-134.dat	xmrig
behavioral1/memory/1496-127-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2688-126-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c38-125.dat	xmrig
behavioral1/files/0x0005000000019618-124.dat	xmrig
behavioral1/files/0x0005000000019d20-120.dat	xmrig
behavioral1/files/0x0005000000019c3a-113.dat	xmrig
behavioral1/memory/908-109-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x000500000001997c-108.dat	xmrig
behavioral1/files/0x0005000000019d44-141.dat	xmrig
behavioral1/files/0x0005000000019616-77.dat	xmrig
behavioral1/memory/3032-75-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1104-100-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ac-90.dat	xmrig
behavioral1/files/0x000500000001962a-81.dat	xmrig
behavioral1/memory/2596-72-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2688-63-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0033000000016e73-62.dat	xmrig
behavioral1/memory/2564-61-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2716-51-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2688-49-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2616-43-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2716-18-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2692-3181-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2716-3180-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2768-3191-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2596-3190-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2852-3183-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2616-3217-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/3032-3265-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/304-3249-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2852	GvTOZAZ.exe
2716	FkfYrSh.exe
2692	XeFydmt.exe
2596	sPdgjWX.exe
2768	wDGcETk.exe
2616	YnQtPMP.exe
304	MSBiQBp.exe
2564	YuchUcD.exe
3032	GeMlqpR.exe
1104	cBtyQGF.exe
908	oBgBQRG.exe
1496	zjIrmOW.exe
2376	BvhbuTq.exe
976	uVFaEWX.exe
628	UAtBmtt.exe
3020	JTGWuRf.exe
1260	wLqjHZP.exe
2056	errXpUp.exe
2764	cHSlfyp.exe
2648	qHVRwoz.exe
2544	ArSaBdt.exe
3068	WHGCvYo.exe
592	QqTIgVn.exe
2124	YnQlQyD.exe
2420	UasBWLO.exe
1868	oPHeNUR.exe
2452	SjWmLHo.exe
2220	muFPnYu.exe
2000	zERrzsS.exe
948	IWReugG.exe
984	jBPUICm.exe
704	NuiWKWB.exe
1756	qOHmjab.exe
1544	stShIsF.exe
800	SYvkVsZ.exe
1844	HTNeOfu.exe
1264	ZZxThOI.exe
1724	gYtmAQs.exe
1716	OmCbypO.exe
1528	jiGnEcd.exe
2084	hMOcmzS.exe
2092	XfMJuDV.exe
2012	fKTlRGR.exe
1824	rBxLqFH.exe
2100	ggiawkt.exe
1752	WqKQwix.exe
2900	WxxdlPv.exe
1740	rJZQbgZ.exe
1604	rrLnCWD.exe
2120	ogTrUfb.exe
1040	woZFRpJ.exe
2884	IixFXHK.exe
2372	fhqcUyk.exe
3004	uNEWYvE.exe
1324	CTFOIZG.exe
2500	XfTPBhF.exe
1596	JVgUyAd.exe
2832	cmXWRnr.exe
2588	erbWIAy.exe
2784	nSoPApE.exe
2924	slQWSYT.exe
2744	jflruOG.exe
572	NBbPTVh.exe
2228	xkkTQWG.exe

Loads dropped DLL 64 IoCs

pid	Process
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0008000000012102-3.dat	upx
behavioral1/files/0x00080000000173b2-9.dat	upx
behavioral1/memory/2852-13-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2692-23-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00070000000173ee-20.dat	upx
behavioral1/files/0x00070000000173f6-27.dat	upx
behavioral1/memory/2596-29-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x000700000001746c-34.dat	upx
behavioral1/memory/2768-37-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0007000000017474-40.dat	upx
behavioral1/files/0x000a00000001749c-48.dat	upx
behavioral1/memory/304-52-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0006000000019238-56.dat	upx
behavioral1/files/0x0005000000019c53-116.dat	upx
behavioral1/files/0x0005000000019614-66.dat	upx
behavioral1/files/0x0005000000019c36-138.dat	upx
behavioral1/files/0x000500000001a067-171.dat	upx
behavioral1/files/0x000500000001a0a1-181.dat	upx
behavioral1/memory/2616-337-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2564-494-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1104-946-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/908-1136-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x000500000001a345-191.dat	upx
behavioral1/files/0x000500000001a301-186.dat	upx
behavioral1/files/0x000500000001a07b-176.dat	upx
behavioral1/files/0x0005000000019fb9-166.dat	upx
behavioral1/files/0x0005000000019f9f-161.dat	upx
behavioral1/files/0x0005000000019db8-156.dat	upx
behavioral1/files/0x0005000000019da4-151.dat	upx
behavioral1/files/0x00050000000196e8-136.dat	upx
behavioral1/files/0x000500000001966c-134.dat	upx
behavioral1/memory/1496-127-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0005000000019c38-125.dat	upx
behavioral1/files/0x0005000000019618-124.dat	upx
behavioral1/files/0x0005000000019d20-120.dat	upx
behavioral1/files/0x0005000000019c3a-113.dat	upx
behavioral1/memory/908-109-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x000500000001997c-108.dat	upx
behavioral1/files/0x0005000000019d44-141.dat	upx
behavioral1/files/0x0005000000019616-77.dat	upx
behavioral1/memory/3032-75-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1104-100-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x00050000000196ac-90.dat	upx
behavioral1/files/0x000500000001962a-81.dat	upx
behavioral1/memory/2596-72-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0033000000016e73-62.dat	upx
behavioral1/memory/2564-61-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2716-51-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2688-49-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2616-43-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2716-18-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2692-3181-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2716-3180-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2768-3191-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2596-3190-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2852-3183-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2616-3217-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/3032-3265-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/304-3249-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2564-3244-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/908-3273-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1496-3280-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1104-3279-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gvmqAgJ.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\WfuKayR.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\qHsvUzH.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\lJaPmUr.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ITXykQI.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\dbNcdjn.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\csXWszB.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\sYLCCOq.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\hIslpoc.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ZvvbjxY.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\KvZIgFQ.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\rBxLqFH.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\KkiaerR.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\jWASJnd.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\Bvunpur.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\HyfCxlt.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\GYWutYb.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\IvCbiww.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\qpwqpwF.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\oENFHGI.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\MJuNXDD.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\dSWxakK.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\YrcSCUa.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\KFpDkiG.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\wcQtScD.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\YJcxgOq.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ySlSmFv.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\NYfmRdx.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\mugOegU.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\kpmlqtt.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\mZvleaM.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\JgVjhDv.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\FVeCjTe.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\izGaDyG.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\vUxCPog.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\YvXjiRA.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\SYvkVsZ.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\tXoGUlP.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\apgJkoY.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\HFPfQca.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\wtjRwPD.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\gxKLyhY.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\xkWbeOS.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\rMQypKI.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\lwqYehc.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\yPMloBS.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ulregTS.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\WJUAhmo.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\BTSWrXF.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\uJXTSSb.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\pgWrohg.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\DNWCjaX.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\xWMPvAs.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ddQGhkN.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\VsiNVli.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\GewZrxU.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\pBckyBt.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\dnJPRse.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\ZoZfITA.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\TegNXfd.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\EXpTSxL.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\jqzKuAI.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\dUsnytk.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
File created	C:\Windows\System\HbVBCDa.exe	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	32
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	32
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	32
PID 2688 wrote to memory of 2716	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	33
PID 2688 wrote to memory of 2716	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	33
PID 2688 wrote to memory of 2716	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	33
PID 2688 wrote to memory of 2692	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	34
PID 2688 wrote to memory of 2692	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	34
PID 2688 wrote to memory of 2692	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	34
PID 2688 wrote to memory of 2596	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	35
PID 2688 wrote to memory of 2596	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	35
PID 2688 wrote to memory of 2596	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	35
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	36
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	36
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	36
PID 2688 wrote to memory of 2616	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	37
PID 2688 wrote to memory of 2616	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	37
PID 2688 wrote to memory of 2616	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	37
PID 2688 wrote to memory of 304	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	38
PID 2688 wrote to memory of 304	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	38
PID 2688 wrote to memory of 304	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	38
PID 2688 wrote to memory of 2564	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	39
PID 2688 wrote to memory of 2564	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	39
PID 2688 wrote to memory of 2564	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	39
PID 2688 wrote to memory of 3032	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	40
PID 2688 wrote to memory of 3032	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	40
PID 2688 wrote to memory of 3032	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	40
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	41
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	41
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	41
PID 2688 wrote to memory of 1104	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	42
PID 2688 wrote to memory of 1104	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	42
PID 2688 wrote to memory of 1104	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	42
PID 2688 wrote to memory of 628	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	43
PID 2688 wrote to memory of 628	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	43
PID 2688 wrote to memory of 628	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	43
PID 2688 wrote to memory of 908	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	44
PID 2688 wrote to memory of 908	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	44
PID 2688 wrote to memory of 908	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	44
PID 2688 wrote to memory of 2056	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	45
PID 2688 wrote to memory of 2056	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	45
PID 2688 wrote to memory of 2056	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	45
PID 2688 wrote to memory of 1496	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	46
PID 2688 wrote to memory of 1496	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	46
PID 2688 wrote to memory of 1496	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	46
PID 2688 wrote to memory of 2764	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	47
PID 2688 wrote to memory of 2764	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	47
PID 2688 wrote to memory of 2764	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	47
PID 2688 wrote to memory of 976	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	48
PID 2688 wrote to memory of 976	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	48
PID 2688 wrote to memory of 976	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	48
PID 2688 wrote to memory of 2648	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	49
PID 2688 wrote to memory of 2648	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	49
PID 2688 wrote to memory of 2648	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	49
PID 2688 wrote to memory of 3020	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	50
PID 2688 wrote to memory of 3020	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	50
PID 2688 wrote to memory of 3020	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	50
PID 2688 wrote to memory of 3068	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	51
PID 2688 wrote to memory of 3068	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	51
PID 2688 wrote to memory of 3068	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	51
PID 2688 wrote to memory of 1260	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	52
PID 2688 wrote to memory of 1260	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	52
PID 2688 wrote to memory of 1260	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	52
PID 2688 wrote to memory of 592	2688	JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_713c626b31fecbf4964189180e946a8fe3f4f0d4fabcb632bed859e9510b8943.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\System\GvTOZAZ.exe
  C:\Windows\System\GvTOZAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\FkfYrSh.exe
  C:\Windows\System\FkfYrSh.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\XeFydmt.exe
  C:\Windows\System\XeFydmt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sPdgjWX.exe
  C:\Windows\System\sPdgjWX.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\wDGcETk.exe
  C:\Windows\System\wDGcETk.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\YnQtPMP.exe
  C:\Windows\System\YnQtPMP.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\MSBiQBp.exe
  C:\Windows\System\MSBiQBp.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\YuchUcD.exe
  C:\Windows\System\YuchUcD.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\GeMlqpR.exe
  C:\Windows\System\GeMlqpR.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\BvhbuTq.exe
  C:\Windows\System\BvhbuTq.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\cBtyQGF.exe
  C:\Windows\System\cBtyQGF.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\UAtBmtt.exe
  C:\Windows\System\UAtBmtt.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\oBgBQRG.exe
  C:\Windows\System\oBgBQRG.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\errXpUp.exe
  C:\Windows\System\errXpUp.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\zjIrmOW.exe
  C:\Windows\System\zjIrmOW.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\cHSlfyp.exe
  C:\Windows\System\cHSlfyp.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\uVFaEWX.exe
  C:\Windows\System\uVFaEWX.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\qHVRwoz.exe
  C:\Windows\System\qHVRwoz.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\JTGWuRf.exe
  C:\Windows\System\JTGWuRf.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\WHGCvYo.exe
  C:\Windows\System\WHGCvYo.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wLqjHZP.exe
  C:\Windows\System\wLqjHZP.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\QqTIgVn.exe
  C:\Windows\System\QqTIgVn.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\ArSaBdt.exe
  C:\Windows\System\ArSaBdt.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YnQlQyD.exe
  C:\Windows\System\YnQlQyD.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\UasBWLO.exe
  C:\Windows\System\UasBWLO.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\oPHeNUR.exe
  C:\Windows\System\oPHeNUR.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\SjWmLHo.exe
  C:\Windows\System\SjWmLHo.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\muFPnYu.exe
  C:\Windows\System\muFPnYu.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\zERrzsS.exe
  C:\Windows\System\zERrzsS.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\IWReugG.exe
  C:\Windows\System\IWReugG.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\jBPUICm.exe
  C:\Windows\System\jBPUICm.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\NuiWKWB.exe
  C:\Windows\System\NuiWKWB.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\qOHmjab.exe
  C:\Windows\System\qOHmjab.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\stShIsF.exe
  C:\Windows\System\stShIsF.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\SYvkVsZ.exe
  C:\Windows\System\SYvkVsZ.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\HTNeOfu.exe
  C:\Windows\System\HTNeOfu.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\ZZxThOI.exe
  C:\Windows\System\ZZxThOI.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\gYtmAQs.exe
  C:\Windows\System\gYtmAQs.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\OmCbypO.exe
  C:\Windows\System\OmCbypO.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\fKTlRGR.exe
  C:\Windows\System\fKTlRGR.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\jiGnEcd.exe
  C:\Windows\System\jiGnEcd.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ggiawkt.exe
  C:\Windows\System\ggiawkt.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\hMOcmzS.exe
  C:\Windows\System\hMOcmzS.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ogTrUfb.exe
  C:\Windows\System\ogTrUfb.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\XfMJuDV.exe
  C:\Windows\System\XfMJuDV.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\fhqcUyk.exe
  C:\Windows\System\fhqcUyk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\rBxLqFH.exe
  C:\Windows\System\rBxLqFH.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\uNEWYvE.exe
  C:\Windows\System\uNEWYvE.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\WqKQwix.exe
  C:\Windows\System\WqKQwix.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\CTFOIZG.exe
  C:\Windows\System\CTFOIZG.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\WxxdlPv.exe
  C:\Windows\System\WxxdlPv.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\XfTPBhF.exe
  C:\Windows\System\XfTPBhF.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\rJZQbgZ.exe
  C:\Windows\System\rJZQbgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\JVgUyAd.exe
  C:\Windows\System\JVgUyAd.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\rrLnCWD.exe
  C:\Windows\System\rrLnCWD.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cmXWRnr.exe
  C:\Windows\System\cmXWRnr.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\woZFRpJ.exe
  C:\Windows\System\woZFRpJ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\erbWIAy.exe
  C:\Windows\System\erbWIAy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IixFXHK.exe
  C:\Windows\System\IixFXHK.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\VdHThJj.exe
  C:\Windows\System\VdHThJj.exe
  2⤵
  PID:2248
- C:\Windows\System\nSoPApE.exe
  C:\Windows\System\nSoPApE.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NJIfTLC.exe
  C:\Windows\System\NJIfTLC.exe
  2⤵
  PID:1940
- C:\Windows\System\slQWSYT.exe
  C:\Windows\System\slQWSYT.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\wcQtScD.exe
  C:\Windows\System\wcQtScD.exe
  2⤵
  PID:2992
- C:\Windows\System\jflruOG.exe
  C:\Windows\System\jflruOG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\fEOUIVN.exe
  C:\Windows\System\fEOUIVN.exe
  2⤵
  PID:2172
- C:\Windows\System\NBbPTVh.exe
  C:\Windows\System\NBbPTVh.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\BFzqmbH.exe
  C:\Windows\System\BFzqmbH.exe
  2⤵
  PID:2876
- C:\Windows\System\xkkTQWG.exe
  C:\Windows\System\xkkTQWG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\eCYBgqr.exe
  C:\Windows\System\eCYBgqr.exe
  2⤵
  PID:956
- C:\Windows\System\oWTfsjz.exe
  C:\Windows\System\oWTfsjz.exe
  2⤵
  PID:1136
- C:\Windows\System\brdwMpQ.exe
  C:\Windows\System\brdwMpQ.exe
  2⤵
  PID:1320
- C:\Windows\System\bMrGAia.exe
  C:\Windows\System\bMrGAia.exe
  2⤵
  PID:2932
- C:\Windows\System\MZVcRgB.exe
  C:\Windows\System\MZVcRgB.exe
  2⤵
  PID:2256
- C:\Windows\System\ylLnCNk.exe
  C:\Windows\System\ylLnCNk.exe
  2⤵
  PID:1152
- C:\Windows\System\AGPstaF.exe
  C:\Windows\System\AGPstaF.exe
  2⤵
  PID:1620
- C:\Windows\System\tNVuszH.exe
  C:\Windows\System\tNVuszH.exe
  2⤵
  PID:556
- C:\Windows\System\aTHqdot.exe
  C:\Windows\System\aTHqdot.exe
  2⤵
  PID:868
- C:\Windows\System\EGpCEtP.exe
  C:\Windows\System\EGpCEtP.exe
  2⤵
  PID:468
- C:\Windows\System\VStOyVL.exe
  C:\Windows\System\VStOyVL.exe
  2⤵
  PID:2828
- C:\Windows\System\mDetjkW.exe
  C:\Windows\System\mDetjkW.exe
  2⤵
  PID:2332
- C:\Windows\System\xTjTZXe.exe
  C:\Windows\System\xTjTZXe.exe
  2⤵
  PID:2848
- C:\Windows\System\rILTNRh.exe
  C:\Windows\System\rILTNRh.exe
  2⤵
  PID:1348
- C:\Windows\System\IqMjpyI.exe
  C:\Windows\System\IqMjpyI.exe
  2⤵
  PID:2440
- C:\Windows\System\nGUIWnp.exe
  C:\Windows\System\nGUIWnp.exe
  2⤵
  PID:2336
- C:\Windows\System\KkiaerR.exe
  C:\Windows\System\KkiaerR.exe
  2⤵
  PID:2136
- C:\Windows\System\gKkXoHK.exe
  C:\Windows\System\gKkXoHK.exe
  2⤵
  PID:1796
- C:\Windows\System\lLDksPr.exe
  C:\Windows\System\lLDksPr.exe
  2⤵
  PID:1696
- C:\Windows\System\AAblaoy.exe
  C:\Windows\System\AAblaoy.exe
  2⤵
  PID:1720
- C:\Windows\System\tJurMyW.exe
  C:\Windows\System\tJurMyW.exe
  2⤵
  PID:2152
- C:\Windows\System\DDCjbnc.exe
  C:\Windows\System\DDCjbnc.exe
  2⤵
  PID:2696
- C:\Windows\System\WEcJEuh.exe
  C:\Windows\System\WEcJEuh.exe
  2⤵
  PID:1300
- C:\Windows\System\JgnHvfU.exe
  C:\Windows\System\JgnHvfU.exe
  2⤵
  PID:2432
- C:\Windows\System\celwBAd.exe
  C:\Windows\System\celwBAd.exe
  2⤵
  PID:668
- C:\Windows\System\zIbxkoV.exe
  C:\Windows\System\zIbxkoV.exe
  2⤵
  PID:828
- C:\Windows\System\WLJNZcS.exe
  C:\Windows\System\WLJNZcS.exe
  2⤵
  PID:2160
- C:\Windows\System\PtKxiJd.exe
  C:\Windows\System\PtKxiJd.exe
  2⤵
  PID:1316
- C:\Windows\System\rufAzFr.exe
  C:\Windows\System\rufAzFr.exe
  2⤵
  PID:2232
- C:\Windows\System\lljEIlY.exe
  C:\Windows\System\lljEIlY.exe
  2⤵
  PID:1548
- C:\Windows\System\xVfGWBg.exe
  C:\Windows\System\xVfGWBg.exe
  2⤵
  PID:2264
- C:\Windows\System\WdGDUhr.exe
  C:\Windows\System\WdGDUhr.exe
  2⤵
  PID:1648
- C:\Windows\System\SiNsiPy.exe
  C:\Windows\System\SiNsiPy.exe
  2⤵
  PID:944
- C:\Windows\System\LHeodGM.exe
  C:\Windows\System\LHeodGM.exe
  2⤵
  PID:2904
- C:\Windows\System\LgdsAFw.exe
  C:\Windows\System\LgdsAFw.exe
  2⤵
  PID:2380
- C:\Windows\System\BRMkJLy.exe
  C:\Windows\System\BRMkJLy.exe
  2⤵
  PID:840
- C:\Windows\System\hCyxuFl.exe
  C:\Windows\System\hCyxuFl.exe
  2⤵
  PID:1712
- C:\Windows\System\PfHKJml.exe
  C:\Windows\System\PfHKJml.exe
  2⤵
  PID:2812
- C:\Windows\System\ywEKiOP.exe
  C:\Windows\System\ywEKiOP.exe
  2⤵
  PID:860
- C:\Windows\System\gIiSEzc.exe
  C:\Windows\System\gIiSEzc.exe
  2⤵
  PID:344
- C:\Windows\System\tXoGUlP.exe
  C:\Windows\System\tXoGUlP.exe
  2⤵
  PID:2872
- C:\Windows\System\oEewyli.exe
  C:\Windows\System\oEewyli.exe
  2⤵
  PID:2052
- C:\Windows\System\amfBsSi.exe
  C:\Windows\System\amfBsSi.exe
  2⤵
  PID:2384
- C:\Windows\System\GkXeItd.exe
  C:\Windows\System\GkXeItd.exe
  2⤵
  PID:2276
- C:\Windows\System\bXTszZw.exe
  C:\Windows\System\bXTszZw.exe
  2⤵
  PID:916
- C:\Windows\System\NLECKNQ.exe
  C:\Windows\System\NLECKNQ.exe
  2⤵
  PID:888
- C:\Windows\System\pluvEgL.exe
  C:\Windows\System\pluvEgL.exe
  2⤵
  PID:2132
- C:\Windows\System\MXyCpCA.exe
  C:\Windows\System\MXyCpCA.exe
  2⤵
  PID:1032
- C:\Windows\System\WWMQpjM.exe
  C:\Windows\System\WWMQpjM.exe
  2⤵
  PID:2724
- C:\Windows\System\kAXoUcz.exe
  C:\Windows\System\kAXoUcz.exe
  2⤵
  PID:1336
- C:\Windows\System\SXvwHCb.exe
  C:\Windows\System\SXvwHCb.exe
  2⤵
  PID:3088
- C:\Windows\System\eMXxQdE.exe
  C:\Windows\System\eMXxQdE.exe
  2⤵
  PID:3104
- C:\Windows\System\KhNRjKj.exe
  C:\Windows\System\KhNRjKj.exe
  2⤵
  PID:3124
- C:\Windows\System\IIJDfjj.exe
  C:\Windows\System\IIJDfjj.exe
  2⤵
  PID:3148
- C:\Windows\System\fBwFpxC.exe
  C:\Windows\System\fBwFpxC.exe
  2⤵
  PID:3164
- C:\Windows\System\qOozWps.exe
  C:\Windows\System\qOozWps.exe
  2⤵
  PID:3184
- C:\Windows\System\QrHNtLY.exe
  C:\Windows\System\QrHNtLY.exe
  2⤵
  PID:3200
- C:\Windows\System\gohyTOH.exe
  C:\Windows\System\gohyTOH.exe
  2⤵
  PID:3224
- C:\Windows\System\csvOpqw.exe
  C:\Windows\System\csvOpqw.exe
  2⤵
  PID:3240
- C:\Windows\System\UmgFSye.exe
  C:\Windows\System\UmgFSye.exe
  2⤵
  PID:3264
- C:\Windows\System\jWASJnd.exe
  C:\Windows\System\jWASJnd.exe
  2⤵
  PID:3284
- C:\Windows\System\GfnDIca.exe
  C:\Windows\System\GfnDIca.exe
  2⤵
  PID:3320
- C:\Windows\System\OChArCC.exe
  C:\Windows\System\OChArCC.exe
  2⤵
  PID:3340
- C:\Windows\System\hvccHlm.exe
  C:\Windows\System\hvccHlm.exe
  2⤵
  PID:3364
- C:\Windows\System\YJcxgOq.exe
  C:\Windows\System\YJcxgOq.exe
  2⤵
  PID:3384
- C:\Windows\System\MVuByXZ.exe
  C:\Windows\System\MVuByXZ.exe
  2⤵
  PID:3400
- C:\Windows\System\kpZXUpp.exe
  C:\Windows\System\kpZXUpp.exe
  2⤵
  PID:3416
- C:\Windows\System\bpAcQMD.exe
  C:\Windows\System\bpAcQMD.exe
  2⤵
  PID:3432
- C:\Windows\System\QycAURx.exe
  C:\Windows\System\QycAURx.exe
  2⤵
  PID:3456
- C:\Windows\System\DegSlIF.exe
  C:\Windows\System\DegSlIF.exe
  2⤵
  PID:3472
- C:\Windows\System\MzvMqkN.exe
  C:\Windows\System\MzvMqkN.exe
  2⤵
  PID:3492
- C:\Windows\System\QKQjYxh.exe
  C:\Windows\System\QKQjYxh.exe
  2⤵
  PID:3512
- C:\Windows\System\XaMZUlc.exe
  C:\Windows\System\XaMZUlc.exe
  2⤵
  PID:3528
- C:\Windows\System\hqkuRlD.exe
  C:\Windows\System\hqkuRlD.exe
  2⤵
  PID:3548
- C:\Windows\System\YGPyika.exe
  C:\Windows\System\YGPyika.exe
  2⤵
  PID:3564
- C:\Windows\System\KpFNkLL.exe
  C:\Windows\System\KpFNkLL.exe
  2⤵
  PID:3584
- C:\Windows\System\vcjoaBH.exe
  C:\Windows\System\vcjoaBH.exe
  2⤵
  PID:3600
- C:\Windows\System\mqoAMCc.exe
  C:\Windows\System\mqoAMCc.exe
  2⤵
  PID:3616
- C:\Windows\System\jVwOJOM.exe
  C:\Windows\System\jVwOJOM.exe
  2⤵
  PID:3632
- C:\Windows\System\bjeLlJQ.exe
  C:\Windows\System\bjeLlJQ.exe
  2⤵
  PID:3648
- C:\Windows\System\LxWUnHi.exe
  C:\Windows\System\LxWUnHi.exe
  2⤵
  PID:3664
- C:\Windows\System\gpPoBHm.exe
  C:\Windows\System\gpPoBHm.exe
  2⤵
  PID:3684
- C:\Windows\System\bqUNZjl.exe
  C:\Windows\System\bqUNZjl.exe
  2⤵
  PID:3748
- C:\Windows\System\dNoGBQu.exe
  C:\Windows\System\dNoGBQu.exe
  2⤵
  PID:3764
- C:\Windows\System\guIXwgL.exe
  C:\Windows\System\guIXwgL.exe
  2⤵
  PID:3780
- C:\Windows\System\ulaWSry.exe
  C:\Windows\System\ulaWSry.exe
  2⤵
  PID:3804
- C:\Windows\System\uZTzclw.exe
  C:\Windows\System\uZTzclw.exe
  2⤵
  PID:3824
- C:\Windows\System\dVIuXtm.exe
  C:\Windows\System\dVIuXtm.exe
  2⤵
  PID:3840
- C:\Windows\System\pxmWiqa.exe
  C:\Windows\System\pxmWiqa.exe
  2⤵
  PID:3856
- C:\Windows\System\byFXqni.exe
  C:\Windows\System\byFXqni.exe
  2⤵
  PID:3876
- C:\Windows\System\eCwbHKM.exe
  C:\Windows\System\eCwbHKM.exe
  2⤵
  PID:3896
- C:\Windows\System\kktdWeP.exe
  C:\Windows\System\kktdWeP.exe
  2⤵
  PID:3916
- C:\Windows\System\oobRGFK.exe
  C:\Windows\System\oobRGFK.exe
  2⤵
  PID:3932
- C:\Windows\System\LDFLHVH.exe
  C:\Windows\System\LDFLHVH.exe
  2⤵
  PID:3948
- C:\Windows\System\GeOHQsp.exe
  C:\Windows\System\GeOHQsp.exe
  2⤵
  PID:3964
- C:\Windows\System\huKGMfH.exe
  C:\Windows\System\huKGMfH.exe
  2⤵
  PID:3980
- C:\Windows\System\lJaPmUr.exe
  C:\Windows\System\lJaPmUr.exe
  2⤵
  PID:3996
- C:\Windows\System\dcjPGJV.exe
  C:\Windows\System\dcjPGJV.exe
  2⤵
  PID:4012
- C:\Windows\System\VvLlezM.exe
  C:\Windows\System\VvLlezM.exe
  2⤵
  PID:4028
- C:\Windows\System\YJbectu.exe
  C:\Windows\System\YJbectu.exe
  2⤵
  PID:4044
- C:\Windows\System\lhoqxSe.exe
  C:\Windows\System\lhoqxSe.exe
  2⤵
  PID:4060
- C:\Windows\System\WrwDzAi.exe
  C:\Windows\System\WrwDzAi.exe
  2⤵
  PID:4076
- C:\Windows\System\IbmSuoS.exe
  C:\Windows\System\IbmSuoS.exe
  2⤵
  PID:4092
- C:\Windows\System\cvzRCnp.exe
  C:\Windows\System\cvzRCnp.exe
  2⤵
  PID:2020
- C:\Windows\System\YArdBhq.exe
  C:\Windows\System\YArdBhq.exe
  2⤵
  PID:1688
- C:\Windows\System\FbVybef.exe
  C:\Windows\System\FbVybef.exe
  2⤵
  PID:2760
- C:\Windows\System\ciAivJi.exe
  C:\Windows\System\ciAivJi.exe
  2⤵
  PID:3080
- C:\Windows\System\qqawOmY.exe
  C:\Windows\System\qqawOmY.exe
  2⤵
  PID:2348
- C:\Windows\System\dNtYGxA.exe
  C:\Windows\System\dNtYGxA.exe
  2⤵
  PID:1492
- C:\Windows\System\OqSSwjK.exe
  C:\Windows\System\OqSSwjK.exe
  2⤵
  PID:2816
- C:\Windows\System\kkyENJT.exe
  C:\Windows\System\kkyENJT.exe
  2⤵
  PID:3132
- C:\Windows\System\ITXykQI.exe
  C:\Windows\System\ITXykQI.exe
  2⤵
  PID:3172
- C:\Windows\System\kQoQzLn.exe
  C:\Windows\System\kQoQzLn.exe
  2⤵
  PID:3220
- C:\Windows\System\qFFqcvT.exe
  C:\Windows\System\qFFqcvT.exe
  2⤵
  PID:3256
- C:\Windows\System\ByisNcL.exe
  C:\Windows\System\ByisNcL.exe
  2⤵
  PID:2840
- C:\Windows\System\YLuCBHf.exe
  C:\Windows\System\YLuCBHf.exe
  2⤵
  PID:3408
- C:\Windows\System\UsmqbEC.exe
  C:\Windows\System\UsmqbEC.exe
  2⤵
  PID:3316
- C:\Windows\System\eFJHaSp.exe
  C:\Windows\System\eFJHaSp.exe
  2⤵
  PID:3452
- C:\Windows\System\RYKQUPk.exe
  C:\Windows\System\RYKQUPk.exe
  2⤵
  PID:3484
- C:\Windows\System\gUTZFlB.exe
  C:\Windows\System\gUTZFlB.exe
  2⤵
  PID:3392
- C:\Windows\System\fYavenB.exe
  C:\Windows\System\fYavenB.exe
  2⤵
  PID:3628
- C:\Windows\System\cavOSzz.exe
  C:\Windows\System\cavOSzz.exe
  2⤵
  PID:3572
- C:\Windows\System\XRZFssD.exe
  C:\Windows\System\XRZFssD.exe
  2⤵
  PID:3692
- C:\Windows\System\uBIrXUJ.exe
  C:\Windows\System\uBIrXUJ.exe
  2⤵
  PID:3712
- C:\Windows\System\RtKaepj.exe
  C:\Windows\System\RtKaepj.exe
  2⤵
  PID:3728
- C:\Windows\System\UBwhBCM.exe
  C:\Windows\System\UBwhBCM.exe
  2⤵
  PID:3776
- C:\Windows\System\IYhTGqV.exe
  C:\Windows\System\IYhTGqV.exe
  2⤵
  PID:3852
- C:\Windows\System\LnPsLcz.exe
  C:\Windows\System\LnPsLcz.exe
  2⤵
  PID:3676
- C:\Windows\System\fWyaxUI.exe
  C:\Windows\System\fWyaxUI.exe
  2⤵
  PID:3428
- C:\Windows\System\cEygGUF.exe
  C:\Windows\System\cEygGUF.exe
  2⤵
  PID:3424
- C:\Windows\System\DyAoZKA.exe
  C:\Windows\System\DyAoZKA.exe
  2⤵
  PID:3884
- C:\Windows\System\rCNeKxy.exe
  C:\Windows\System\rCNeKxy.exe
  2⤵
  PID:3160
- C:\Windows\System\XrizLKL.exe
  C:\Windows\System\XrizLKL.exe
  2⤵
  PID:3272
- C:\Windows\System\xBAccKK.exe
  C:\Windows\System\xBAccKK.exe
  2⤵
  PID:2088
- C:\Windows\System\UQnspxA.exe
  C:\Windows\System\UQnspxA.exe
  2⤵
  PID:3100
- C:\Windows\System\NqrhoLh.exe
  C:\Windows\System\NqrhoLh.exe
  2⤵
  PID:3208
- C:\Windows\System\oxeYxda.exe
  C:\Windows\System\oxeYxda.exe
  2⤵
  PID:3332
- C:\Windows\System\ulregTS.exe
  C:\Windows\System\ulregTS.exe
  2⤵
  PID:2676
- C:\Windows\System\xxUFtCK.exe
  C:\Windows\System\xxUFtCK.exe
  2⤵
  PID:3908
- C:\Windows\System\SzsqflI.exe
  C:\Windows\System\SzsqflI.exe
  2⤵
  PID:3612
- C:\Windows\System\KDWPDrB.exe
  C:\Windows\System\KDWPDrB.exe
  2⤵
  PID:3724
- C:\Windows\System\FOorgKl.exe
  C:\Windows\System\FOorgKl.exe
  2⤵
  PID:3544
- C:\Windows\System\ZzJJQcy.exe
  C:\Windows\System\ZzJJQcy.exe
  2⤵
  PID:2204
- C:\Windows\System\eqmNUfU.exe
  C:\Windows\System\eqmNUfU.exe
  2⤵
  PID:3972
- C:\Windows\System\hqmvikW.exe
  C:\Windows\System\hqmvikW.exe
  2⤵
  PID:4004
- C:\Windows\System\gczOkZR.exe
  C:\Windows\System\gczOkZR.exe
  2⤵
  PID:4068
- C:\Windows\System\EdxlNUQ.exe
  C:\Windows\System\EdxlNUQ.exe
  2⤵
  PID:3116
- C:\Windows\System\RWxHqwc.exe
  C:\Windows\System\RWxHqwc.exe
  2⤵
  PID:3136
- C:\Windows\System\JwhlsGi.exe
  C:\Windows\System\JwhlsGi.exe
  2⤵
  PID:3440
- C:\Windows\System\rAprOaV.exe
  C:\Windows\System\rAprOaV.exe
  2⤵
  PID:3560
- C:\Windows\System\eSUfuRG.exe
  C:\Windows\System\eSUfuRG.exe
  2⤵
  PID:3704
- C:\Windows\System\cwMDjOW.exe
  C:\Windows\System\cwMDjOW.exe
  2⤵
  PID:3680
- C:\Windows\System\SEAxNST.exe
  C:\Windows\System\SEAxNST.exe
  2⤵
  PID:2888
- C:\Windows\System\PAHSztv.exe
  C:\Windows\System\PAHSztv.exe
  2⤵
  PID:2572
- C:\Windows\System\HKWHScA.exe
  C:\Windows\System\HKWHScA.exe
  2⤵
  PID:3868
- C:\Windows\System\xLOGRtL.exe
  C:\Windows\System\xLOGRtL.exe
  2⤵
  PID:108
- C:\Windows\System\rwSNxAL.exe
  C:\Windows\System\rwSNxAL.exe
  2⤵
  PID:3348
- C:\Windows\System\SSTtbZU.exe
  C:\Windows\System\SSTtbZU.exe
  2⤵
  PID:3468
- C:\Windows\System\jruEYam.exe
  C:\Windows\System\jruEYam.exe
  2⤵
  PID:3056
- C:\Windows\System\ullPkmR.exe
  C:\Windows\System\ullPkmR.exe
  2⤵
  PID:4084
- C:\Windows\System\TOgGQqO.exe
  C:\Windows\System\TOgGQqO.exe
  2⤵
  PID:1572
- C:\Windows\System\DxyeuJx.exe
  C:\Windows\System\DxyeuJx.exe
  2⤵
  PID:3796
- C:\Windows\System\JQDmEtp.exe
  C:\Windows\System\JQDmEtp.exe
  2⤵
  PID:3912
- C:\Windows\System\KDXEpIB.exe
  C:\Windows\System\KDXEpIB.exe
  2⤵
  PID:3580
- C:\Windows\System\KNibUqE.exe
  C:\Windows\System\KNibUqE.exe
  2⤵
  PID:4036
- C:\Windows\System\QwQuCOE.exe
  C:\Windows\System\QwQuCOE.exe
  2⤵
  PID:3480
- C:\Windows\System\miJmQHl.exe
  C:\Windows\System\miJmQHl.exe
  2⤵
  PID:3800
- C:\Windows\System\fXzjlSL.exe
  C:\Windows\System\fXzjlSL.exe
  2⤵
  PID:2180
- C:\Windows\System\fxsRxTD.exe
  C:\Windows\System\fxsRxTD.exe
  2⤵
  PID:2776
- C:\Windows\System\qKtNrAc.exe
  C:\Windows\System\qKtNrAc.exe
  2⤵
  PID:1680
- C:\Windows\System\EXRirva.exe
  C:\Windows\System\EXRirva.exe
  2⤵
  PID:3556
- C:\Windows\System\bIeLWwv.exe
  C:\Windows\System\bIeLWwv.exe
  2⤵
  PID:788
- C:\Windows\System\mkGrBZY.exe
  C:\Windows\System\mkGrBZY.exe
  2⤵
  PID:3508
- C:\Windows\System\ZDYwJpl.exe
  C:\Windows\System\ZDYwJpl.exe
  2⤵
  PID:2972
- C:\Windows\System\yagZhkr.exe
  C:\Windows\System\yagZhkr.exe
  2⤵
  PID:2732
- C:\Windows\System\BljhTBw.exe
  C:\Windows\System\BljhTBw.exe
  2⤵
  PID:3064
- C:\Windows\System\NsZlvpI.exe
  C:\Windows\System\NsZlvpI.exe
  2⤵
  PID:3816
- C:\Windows\System\IyEcCXK.exe
  C:\Windows\System\IyEcCXK.exe
  2⤵
  PID:1956
- C:\Windows\System\rfgPQSo.exe
  C:\Windows\System\rfgPQSo.exe
  2⤵
  PID:1748
- C:\Windows\System\zOeMpXp.exe
  C:\Windows\System\zOeMpXp.exe
  2⤵
  PID:2808
- C:\Windows\System\cRParFp.exe
  C:\Windows\System\cRParFp.exe
  2⤵
  PID:3836
- C:\Windows\System\izLqWBA.exe
  C:\Windows\System\izLqWBA.exe
  2⤵
  PID:2416
- C:\Windows\System\PbpEhLB.exe
  C:\Windows\System\PbpEhLB.exe
  2⤵
  PID:1436
- C:\Windows\System\HEVevIH.exe
  C:\Windows\System\HEVevIH.exe
  2⤵
  PID:2780
- C:\Windows\System\ONfecKN.exe
  C:\Windows\System\ONfecKN.exe
  2⤵
  PID:3380
- C:\Windows\System\MgyTgpZ.exe
  C:\Windows\System\MgyTgpZ.exe
  2⤵
  PID:2804
- C:\Windows\System\EhOimlD.exe
  C:\Windows\System\EhOimlD.exe
  2⤵
  PID:2792
- C:\Windows\System\zrFmXkb.exe
  C:\Windows\System\zrFmXkb.exe
  2⤵
  PID:3992
- C:\Windows\System\lafWPza.exe
  C:\Windows\System\lafWPza.exe
  2⤵
  PID:1360
- C:\Windows\System\hOHmTwH.exe
  C:\Windows\System\hOHmTwH.exe
  2⤵
  PID:3740
- C:\Windows\System\dBNCjoH.exe
  C:\Windows\System\dBNCjoH.exe
  2⤵
  PID:2116
- C:\Windows\System\PFCLcqV.exe
  C:\Windows\System\PFCLcqV.exe
  2⤵
  PID:3084
- C:\Windows\System\ysdroPG.exe
  C:\Windows\System\ysdroPG.exe
  2⤵
  PID:3736
- C:\Windows\System\sLfDlvR.exe
  C:\Windows\System\sLfDlvR.exe
  2⤵
  PID:3236
- C:\Windows\System\Bvunpur.exe
  C:\Windows\System\Bvunpur.exe
  2⤵
  PID:3120
- C:\Windows\System\MzYJWbF.exe
  C:\Windows\System\MzYJWbF.exe
  2⤵
  PID:2072
- C:\Windows\System\vnUlGGx.exe
  C:\Windows\System\vnUlGGx.exe
  2⤵
  PID:2556
- C:\Windows\System\yhrxiwA.exe
  C:\Windows\System\yhrxiwA.exe
  2⤵
  PID:2404
- C:\Windows\System\NRZlbSi.exe
  C:\Windows\System\NRZlbSi.exe
  2⤵
  PID:2928
- C:\Windows\System\InYzUMN.exe
  C:\Windows\System\InYzUMN.exe
  2⤵
  PID:2360
- C:\Windows\System\VUNBQJD.exe
  C:\Windows\System\VUNBQJD.exe
  2⤵
  PID:3772
- C:\Windows\System\fcHXxmo.exe
  C:\Windows\System\fcHXxmo.exe
  2⤵
  PID:2604
- C:\Windows\System\EkcKdMD.exe
  C:\Windows\System\EkcKdMD.exe
  2⤵
  PID:4056
- C:\Windows\System\zkMLUTs.exe
  C:\Windows\System\zkMLUTs.exe
  2⤵
  PID:3792
- C:\Windows\System\kDluAok.exe
  C:\Windows\System\kDluAok.exe
  2⤵
  PID:4024
- C:\Windows\System\lovVEaK.exe
  C:\Windows\System\lovVEaK.exe
  2⤵
  PID:4112
- C:\Windows\System\MZzUZzs.exe
  C:\Windows\System\MZzUZzs.exe
  2⤵
  PID:4140
- C:\Windows\System\KfZJzkJ.exe
  C:\Windows\System\KfZJzkJ.exe
  2⤵
  PID:4160
- C:\Windows\System\SGAXDmF.exe
  C:\Windows\System\SGAXDmF.exe
  2⤵
  PID:4176
- C:\Windows\System\ACgwFhk.exe
  C:\Windows\System\ACgwFhk.exe
  2⤵
  PID:4200
- C:\Windows\System\jCEfGfs.exe
  C:\Windows\System\jCEfGfs.exe
  2⤵
  PID:4220
- C:\Windows\System\yCwdgLC.exe
  C:\Windows\System\yCwdgLC.exe
  2⤵
  PID:4240
- C:\Windows\System\QYdmAfu.exe
  C:\Windows\System\QYdmAfu.exe
  2⤵
  PID:4256
- C:\Windows\System\qFHTaBY.exe
  C:\Windows\System\qFHTaBY.exe
  2⤵
  PID:4272
- C:\Windows\System\XyKHpcm.exe
  C:\Windows\System\XyKHpcm.exe
  2⤵
  PID:4296
- C:\Windows\System\BgkTUvK.exe
  C:\Windows\System\BgkTUvK.exe
  2⤵
  PID:4360
- C:\Windows\System\ajgoyvj.exe
  C:\Windows\System\ajgoyvj.exe
  2⤵
  PID:4380
- C:\Windows\System\sJjBZTP.exe
  C:\Windows\System\sJjBZTP.exe
  2⤵
  PID:4396
- C:\Windows\System\fRXqpdA.exe
  C:\Windows\System\fRXqpdA.exe
  2⤵
  PID:4412
- C:\Windows\System\bFrHxlf.exe
  C:\Windows\System\bFrHxlf.exe
  2⤵
  PID:4428
- C:\Windows\System\gqcssgE.exe
  C:\Windows\System\gqcssgE.exe
  2⤵
  PID:4444
- C:\Windows\System\sUfZuFh.exe
  C:\Windows\System\sUfZuFh.exe
  2⤵
  PID:4460
- C:\Windows\System\BovFacV.exe
  C:\Windows\System\BovFacV.exe
  2⤵
  PID:4480
- C:\Windows\System\FmPwtIU.exe
  C:\Windows\System\FmPwtIU.exe
  2⤵
  PID:4496
- C:\Windows\System\iIXJlrx.exe
  C:\Windows\System\iIXJlrx.exe
  2⤵
  PID:4524
- C:\Windows\System\ldpNrLQ.exe
  C:\Windows\System\ldpNrLQ.exe
  2⤵
  PID:4540
- C:\Windows\System\rjvRzbL.exe
  C:\Windows\System\rjvRzbL.exe
  2⤵
  PID:4556
- C:\Windows\System\FWwjYhL.exe
  C:\Windows\System\FWwjYhL.exe
  2⤵
  PID:4572
- C:\Windows\System\qIjxraf.exe
  C:\Windows\System\qIjxraf.exe
  2⤵
  PID:4604
- C:\Windows\System\gsTQhEb.exe
  C:\Windows\System\gsTQhEb.exe
  2⤵
  PID:4620
- C:\Windows\System\QUFvcQK.exe
  C:\Windows\System\QUFvcQK.exe
  2⤵
  PID:4636
- C:\Windows\System\jdaULmq.exe
  C:\Windows\System\jdaULmq.exe
  2⤵
  PID:4656
- C:\Windows\System\WuFqrrc.exe
  C:\Windows\System\WuFqrrc.exe
  2⤵
  PID:4676
- C:\Windows\System\QhuBxsY.exe
  C:\Windows\System\QhuBxsY.exe
  2⤵
  PID:4696
- C:\Windows\System\KBYVPJs.exe
  C:\Windows\System\KBYVPJs.exe
  2⤵
  PID:4712
- C:\Windows\System\HVvuULU.exe
  C:\Windows\System\HVvuULU.exe
  2⤵
  PID:4728
- C:\Windows\System\JSuwIoW.exe
  C:\Windows\System\JSuwIoW.exe
  2⤵
  PID:4744
- C:\Windows\System\TegNXfd.exe
  C:\Windows\System\TegNXfd.exe
  2⤵
  PID:4760
- C:\Windows\System\lUiPnUL.exe
  C:\Windows\System\lUiPnUL.exe
  2⤵
  PID:4780
- C:\Windows\System\JIpLXOi.exe
  C:\Windows\System\JIpLXOi.exe
  2⤵
  PID:4804
- C:\Windows\System\bZEnBsB.exe
  C:\Windows\System\bZEnBsB.exe
  2⤵
  PID:4820
- C:\Windows\System\OyQHGhY.exe
  C:\Windows\System\OyQHGhY.exe
  2⤵
  PID:4840
- C:\Windows\System\zNqtCYz.exe
  C:\Windows\System\zNqtCYz.exe
  2⤵
  PID:4860
- C:\Windows\System\WgAyroS.exe
  C:\Windows\System\WgAyroS.exe
  2⤵
  PID:4876
- C:\Windows\System\LAnIXSp.exe
  C:\Windows\System\LAnIXSp.exe
  2⤵
  PID:4892
- C:\Windows\System\UuhDSIx.exe
  C:\Windows\System\UuhDSIx.exe
  2⤵
  PID:4908
- C:\Windows\System\NROojMd.exe
  C:\Windows\System\NROojMd.exe
  2⤵
  PID:4928
- C:\Windows\System\lRalhbD.exe
  C:\Windows\System\lRalhbD.exe
  2⤵
  PID:4944
- C:\Windows\System\RGdScSA.exe
  C:\Windows\System\RGdScSA.exe
  2⤵
  PID:4960
- C:\Windows\System\JBWBjhv.exe
  C:\Windows\System\JBWBjhv.exe
  2⤵
  PID:5028
- C:\Windows\System\uCfixqw.exe
  C:\Windows\System\uCfixqw.exe
  2⤵
  PID:5044
- C:\Windows\System\ARMihxY.exe
  C:\Windows\System\ARMihxY.exe
  2⤵
  PID:5064
- C:\Windows\System\nYLwxsC.exe
  C:\Windows\System\nYLwxsC.exe
  2⤵
  PID:5092
- C:\Windows\System\kgpetxn.exe
  C:\Windows\System\kgpetxn.exe
  2⤵
  PID:5108
- C:\Windows\System\DFzqSDY.exe
  C:\Windows\System\DFzqSDY.exe
  2⤵
  PID:1616
- C:\Windows\System\apgJkoY.exe
  C:\Windows\System\apgJkoY.exe
  2⤵
  PID:2296
- C:\Windows\System\wFYZGAK.exe
  C:\Windows\System\wFYZGAK.exe
  2⤵
  PID:3276
- C:\Windows\System\QNNnhEo.exe
  C:\Windows\System\QNNnhEo.exe
  2⤵
  PID:2068
- C:\Windows\System\gPrqiVY.exe
  C:\Windows\System\gPrqiVY.exe
  2⤵
  PID:4196
- C:\Windows\System\xPIcQqH.exe
  C:\Windows\System\xPIcQqH.exe
  2⤵
  PID:2912
- C:\Windows\System\qMEVBKN.exe
  C:\Windows\System\qMEVBKN.exe
  2⤵
  PID:2512
- C:\Windows\System\JzyIVWU.exe
  C:\Windows\System\JzyIVWU.exe
  2⤵
  PID:4236
- C:\Windows\System\xZjOKSn.exe
  C:\Windows\System\xZjOKSn.exe
  2⤵
  PID:4132
- C:\Windows\System\CtVfhxD.exe
  C:\Windows\System\CtVfhxD.exe
  2⤵
  PID:4172
- C:\Windows\System\SLhpNET.exe
  C:\Windows\System\SLhpNET.exe
  2⤵
  PID:4248
- C:\Windows\System\wGNNwnW.exe
  C:\Windows\System\wGNNwnW.exe
  2⤵
  PID:4292
- C:\Windows\System\aSvSZyR.exe
  C:\Windows\System\aSvSZyR.exe
  2⤵
  PID:4332
- C:\Windows\System\HxSUDIz.exe
  C:\Windows\System\HxSUDIz.exe
  2⤵
  PID:4344
- C:\Windows\System\cpyGKJs.exe
  C:\Windows\System\cpyGKJs.exe
  2⤵
  PID:4388
- C:\Windows\System\LgxNPVg.exe
  C:\Windows\System\LgxNPVg.exe
  2⤵
  PID:4420
- C:\Windows\System\GmKNoMU.exe
  C:\Windows\System\GmKNoMU.exe
  2⤵
  PID:4456
- C:\Windows\System\dloQeog.exe
  C:\Windows\System\dloQeog.exe
  2⤵
  PID:4368
- C:\Windows\System\kHEfOTP.exe
  C:\Windows\System\kHEfOTP.exe
  2⤵
  PID:4408
- C:\Windows\System\QorbMKF.exe
  C:\Windows\System\QorbMKF.exe
  2⤵
  PID:4472
- C:\Windows\System\QNHQSjZ.exe
  C:\Windows\System\QNHQSjZ.exe
  2⤵
  PID:4520
- C:\Windows\System\PfEDJLC.exe
  C:\Windows\System\PfEDJLC.exe
  2⤵
  PID:4612
- C:\Windows\System\xtMqBcn.exe
  C:\Windows\System\xtMqBcn.exe
  2⤵
  PID:4684
- C:\Windows\System\gLICSLB.exe
  C:\Windows\System\gLICSLB.exe
  2⤵
  PID:4752
- C:\Windows\System\fKVDvvK.exe
  C:\Windows\System\fKVDvvK.exe
  2⤵
  PID:4792
- C:\Windows\System\MmnCoQQ.exe
  C:\Windows\System\MmnCoQQ.exe
  2⤵
  PID:4832
- C:\Windows\System\cFMoCKe.exe
  C:\Windows\System\cFMoCKe.exe
  2⤵
  PID:4552
- C:\Windows\System\MnYhOAr.exe
  C:\Windows\System\MnYhOAr.exe
  2⤵
  PID:4740
- C:\Windows\System\dJTUQtW.exe
  C:\Windows\System\dJTUQtW.exe
  2⤵
  PID:4816
- C:\Windows\System\IfapsvS.exe
  C:\Windows\System\IfapsvS.exe
  2⤵
  PID:4884
- C:\Windows\System\nFqdQnm.exe
  C:\Windows\System\nFqdQnm.exe
  2⤵
  PID:4956
- C:\Windows\System\sjnUKoc.exe
  C:\Windows\System\sjnUKoc.exe
  2⤵
  PID:4616
- C:\Windows\System\HUiIjBk.exe
  C:\Windows\System\HUiIjBk.exe
  2⤵
  PID:5008
- C:\Windows\System\mVQSNRv.exe
  C:\Windows\System\mVQSNRv.exe
  2⤵
  PID:4900
- C:\Windows\System\lRgOPgQ.exe
  C:\Windows\System\lRgOPgQ.exe
  2⤵
  PID:5072
- C:\Windows\System\DNWCjaX.exe
  C:\Windows\System\DNWCjaX.exe
  2⤵
  PID:5084
- C:\Windows\System\LblaWov.exe
  C:\Windows\System\LblaWov.exe
  2⤵
  PID:2908
- C:\Windows\System\UYWjCvQ.exe
  C:\Windows\System\UYWjCvQ.exe
  2⤵
  PID:4152
- C:\Windows\System\czHLLiU.exe
  C:\Windows\System\czHLLiU.exe
  2⤵
  PID:5056
- C:\Windows\System\JUdgMWj.exe
  C:\Windows\System\JUdgMWj.exe
  2⤵
  PID:1404
- C:\Windows\System\zfnNrGb.exe
  C:\Windows\System\zfnNrGb.exe
  2⤵
  PID:4184
- C:\Windows\System\lAZnCwK.exe
  C:\Windows\System\lAZnCwK.exe
  2⤵
  PID:2536
- C:\Windows\System\xWMPvAs.exe
  C:\Windows\System\xWMPvAs.exe
  2⤵
  PID:792
- C:\Windows\System\RTUBqyb.exe
  C:\Windows\System\RTUBqyb.exe
  2⤵
  PID:4440
- C:\Windows\System\iyPSHfz.exe
  C:\Windows\System\iyPSHfz.exe
  2⤵
  PID:4340
- C:\Windows\System\EadWZxl.exe
  C:\Windows\System\EadWZxl.exe
  2⤵
  PID:596
- C:\Windows\System\aEBQEPg.exe
  C:\Windows\System\aEBQEPg.exe
  2⤵
  PID:4580
- C:\Windows\System\aaQgxQy.exe
  C:\Windows\System\aaQgxQy.exe
  2⤵
  PID:4600
- C:\Windows\System\gFOxvdl.exe
  C:\Windows\System\gFOxvdl.exe
  2⤵
  PID:4632
- C:\Windows\System\XVIAmnJ.exe
  C:\Windows\System\XVIAmnJ.exe
  2⤵
  PID:4940
- C:\Windows\System\dccOZOJ.exe
  C:\Windows\System\dccOZOJ.exe
  2⤵
  PID:4648
- C:\Windows\System\EipiMFh.exe
  C:\Windows\System\EipiMFh.exe
  2⤵
  PID:4704
- C:\Windows\System\VsiNVli.exe
  C:\Windows\System\VsiNVli.exe
  2⤵
  PID:4768
- C:\Windows\System\BumtXjK.exe
  C:\Windows\System\BumtXjK.exe
  2⤵
  PID:4980
- C:\Windows\System\jURxIPX.exe
  C:\Windows\System\jURxIPX.exe
  2⤵
  PID:5076
- C:\Windows\System\pEaoWGG.exe
  C:\Windows\System\pEaoWGG.exe
  2⤵
  PID:4516
- C:\Windows\System\gfzpQWV.exe
  C:\Windows\System\gfzpQWV.exe
  2⤵
  PID:4312
- C:\Windows\System\BQunMiz.exe
  C:\Windows\System\BQunMiz.exe
  2⤵
  PID:4788
- C:\Windows\System\ASsafbX.exe
  C:\Windows\System\ASsafbX.exe
  2⤵
  PID:5004
- C:\Windows\System\tqwnpWf.exe
  C:\Windows\System\tqwnpWf.exe
  2⤵
  PID:3308
- C:\Windows\System\TpKZcry.exe
  C:\Windows\System\TpKZcry.exe
  2⤵
  PID:912
- C:\Windows\System\SbHuNwA.exe
  C:\Windows\System\SbHuNwA.exe
  2⤵
  PID:1772
- C:\Windows\System\MVeluNb.exe
  C:\Windows\System\MVeluNb.exe
  2⤵
  PID:1456
- C:\Windows\System\tIysaqs.exe
  C:\Windows\System\tIysaqs.exe
  2⤵
  PID:4284
- C:\Windows\System\NJOvoks.exe
  C:\Windows\System\NJOvoks.exe
  2⤵
  PID:4336
- C:\Windows\System\eOEVkxN.exe
  C:\Windows\System\eOEVkxN.exe
  2⤵
  PID:4588
- C:\Windows\System\PSZgZjW.exe
  C:\Windows\System\PSZgZjW.exe
  2⤵
  PID:780
- C:\Windows\System\IiUUcip.exe
  C:\Windows\System\IiUUcip.exe
  2⤵
  PID:4664
- C:\Windows\System\hIPTvIi.exe
  C:\Windows\System\hIPTvIi.exe
  2⤵
  PID:4972
- C:\Windows\System\Wnkkhbo.exe
  C:\Windows\System\Wnkkhbo.exe
  2⤵
  PID:4308
- C:\Windows\System\TWAsISK.exe
  C:\Windows\System\TWAsISK.exe
  2⤵
  PID:4868
- C:\Windows\System\iDfasLF.exe
  C:\Windows\System\iDfasLF.exe
  2⤵
  PID:4452
- C:\Windows\System\yZbIbjz.exe
  C:\Windows\System\yZbIbjz.exe
  2⤵
  PID:1096
- C:\Windows\System\VZtNqmR.exe
  C:\Windows\System\VZtNqmR.exe
  2⤵
  PID:1984
- C:\Windows\System\HFPfQca.exe
  C:\Windows\System\HFPfQca.exe
  2⤵
  PID:4872
- C:\Windows\System\OAsAKSy.exe
  C:\Windows\System\OAsAKSy.exe
  2⤵
  PID:4120
- C:\Windows\System\VttBVEY.exe
  C:\Windows\System\VttBVEY.exe
  2⤵
  PID:5036
- C:\Windows\System\AmVHReB.exe
  C:\Windows\System\AmVHReB.exe
  2⤵
  PID:5100
- C:\Windows\System\icLhvyK.exe
  C:\Windows\System\icLhvyK.exe
  2⤵
  PID:2584
- C:\Windows\System\cRKYXYU.exe
  C:\Windows\System\cRKYXYU.exe
  2⤵
  PID:5060
- C:\Windows\System\ZPiRJXo.exe
  C:\Windows\System\ZPiRJXo.exe
  2⤵
  PID:4828
- C:\Windows\System\aItKepr.exe
  C:\Windows\System\aItKepr.exe
  2⤵
  PID:4264
- C:\Windows\System\KKMwzhF.exe
  C:\Windows\System\KKMwzhF.exe
  2⤵
  PID:5016
- C:\Windows\System\sKKXJoi.exe
  C:\Windows\System\sKKXJoi.exe
  2⤵
  PID:3756
- C:\Windows\System\rSJPDmX.exe
  C:\Windows\System\rSJPDmX.exe
  2⤵
  PID:1968
- C:\Windows\System\oiFLMES.exe
  C:\Windows\System\oiFLMES.exe
  2⤵
  PID:4168
- C:\Windows\System\JAjVhwR.exe
  C:\Windows\System\JAjVhwR.exe
  2⤵
  PID:4320
- C:\Windows\System\XLtUGRP.exe
  C:\Windows\System\XLtUGRP.exe
  2⤵
  PID:1576
- C:\Windows\System\AOJAflV.exe
  C:\Windows\System\AOJAflV.exe
  2⤵
  PID:4104
- C:\Windows\System\FSMbJJj.exe
  C:\Windows\System\FSMbJJj.exe
  2⤵
  PID:5132
- C:\Windows\System\hvWVMKk.exe
  C:\Windows\System\hvWVMKk.exe
  2⤵
  PID:5148
- C:\Windows\System\hvWOVeF.exe
  C:\Windows\System\hvWOVeF.exe
  2⤵
  PID:5176
- C:\Windows\System\RyqIveQ.exe
  C:\Windows\System\RyqIveQ.exe
  2⤵
  PID:5196
- C:\Windows\System\mBWkxvk.exe
  C:\Windows\System\mBWkxvk.exe
  2⤵
  PID:5232
- C:\Windows\System\pqStYJK.exe
  C:\Windows\System\pqStYJK.exe
  2⤵
  PID:5248
- C:\Windows\System\ireliTQ.exe
  C:\Windows\System\ireliTQ.exe
  2⤵
  PID:5264
- C:\Windows\System\xodnFHV.exe
  C:\Windows\System\xodnFHV.exe
  2⤵
  PID:5280
- C:\Windows\System\WJUAhmo.exe
  C:\Windows\System\WJUAhmo.exe
  2⤵
  PID:5300
- C:\Windows\System\EhdvQAd.exe
  C:\Windows\System\EhdvQAd.exe
  2⤵
  PID:5316
- C:\Windows\System\CNIvhbs.exe
  C:\Windows\System\CNIvhbs.exe
  2⤵
  PID:5332
- C:\Windows\System\ShfjUZH.exe
  C:\Windows\System\ShfjUZH.exe
  2⤵
  PID:5352
- C:\Windows\System\nyGzlXl.exe
  C:\Windows\System\nyGzlXl.exe
  2⤵
  PID:5368
- C:\Windows\System\sluLCpl.exe
  C:\Windows\System\sluLCpl.exe
  2⤵
  PID:5384
- C:\Windows\System\pLCXnjt.exe
  C:\Windows\System\pLCXnjt.exe
  2⤵
  PID:5404
- C:\Windows\System\tEhfPGb.exe
  C:\Windows\System\tEhfPGb.exe
  2⤵
  PID:5424
- C:\Windows\System\qZOtQTM.exe
  C:\Windows\System\qZOtQTM.exe
  2⤵
  PID:5440
- C:\Windows\System\cmABqbu.exe
  C:\Windows\System\cmABqbu.exe
  2⤵
  PID:5460
- C:\Windows\System\TNLaMSp.exe
  C:\Windows\System\TNLaMSp.exe
  2⤵
  PID:5476
- C:\Windows\System\FLNyDMS.exe
  C:\Windows\System\FLNyDMS.exe
  2⤵
  PID:5496
- C:\Windows\System\MuYLHww.exe
  C:\Windows\System\MuYLHww.exe
  2⤵
  PID:5516
- C:\Windows\System\RJUTIWo.exe
  C:\Windows\System\RJUTIWo.exe
  2⤵
  PID:5532
- C:\Windows\System\IQbLvZU.exe
  C:\Windows\System\IQbLvZU.exe
  2⤵
  PID:5552
- C:\Windows\System\Oyzdxpy.exe
  C:\Windows\System\Oyzdxpy.exe
  2⤵
  PID:5572
- C:\Windows\System\zXVDdHi.exe
  C:\Windows\System\zXVDdHi.exe
  2⤵
  PID:5588
- C:\Windows\System\TIARjtg.exe
  C:\Windows\System\TIARjtg.exe
  2⤵
  PID:5608
- C:\Windows\System\ndTOUHp.exe
  C:\Windows\System\ndTOUHp.exe
  2⤵
  PID:5636
- C:\Windows\System\lyJccuH.exe
  C:\Windows\System\lyJccuH.exe
  2⤵
  PID:5656
- C:\Windows\System\goykVLV.exe
  C:\Windows\System\goykVLV.exe
  2⤵
  PID:5676
- C:\Windows\System\WqjhAri.exe
  C:\Windows\System\WqjhAri.exe
  2⤵
  PID:5696
- C:\Windows\System\XzmeOUh.exe
  C:\Windows\System\XzmeOUh.exe
  2⤵
  PID:5712
- C:\Windows\System\qFSWrzn.exe
  C:\Windows\System\qFSWrzn.exe
  2⤵
  PID:5732
- C:\Windows\System\DYtnXMh.exe
  C:\Windows\System\DYtnXMh.exe
  2⤵
  PID:5748
- C:\Windows\System\vWsbMHQ.exe
  C:\Windows\System\vWsbMHQ.exe
  2⤵
  PID:5812
- C:\Windows\System\OLqKNhH.exe
  C:\Windows\System\OLqKNhH.exe
  2⤵
  PID:5836
- C:\Windows\System\aFxHzLt.exe
  C:\Windows\System\aFxHzLt.exe
  2⤵
  PID:5852
- C:\Windows\System\YYITPgY.exe
  C:\Windows\System\YYITPgY.exe
  2⤵
  PID:5868
- C:\Windows\System\iygAkdJ.exe
  C:\Windows\System\iygAkdJ.exe
  2⤵
  PID:5888
- C:\Windows\System\wtjRwPD.exe
  C:\Windows\System\wtjRwPD.exe
  2⤵
  PID:5904
- C:\Windows\System\SNGcffT.exe
  C:\Windows\System\SNGcffT.exe
  2⤵
  PID:5924
- C:\Windows\System\lRILdKu.exe
  C:\Windows\System\lRILdKu.exe
  2⤵
  PID:5940
- C:\Windows\System\CHbPbHE.exe
  C:\Windows\System\CHbPbHE.exe
  2⤵
  PID:5956
- C:\Windows\System\coNdxmi.exe
  C:\Windows\System\coNdxmi.exe
  2⤵
  PID:5976
- C:\Windows\System\BTSWrXF.exe
  C:\Windows\System\BTSWrXF.exe
  2⤵
  PID:5992
- C:\Windows\System\DTSRvWk.exe
  C:\Windows\System\DTSRvWk.exe
  2⤵
  PID:6012
- C:\Windows\System\qnWxwZo.exe
  C:\Windows\System\qnWxwZo.exe
  2⤵
  PID:6028
- C:\Windows\System\NMMOoEf.exe
  C:\Windows\System\NMMOoEf.exe
  2⤵
  PID:6044
- C:\Windows\System\qsYXrSK.exe
  C:\Windows\System\qsYXrSK.exe
  2⤵
  PID:6064
- C:\Windows\System\XDsruGB.exe
  C:\Windows\System\XDsruGB.exe
  2⤵
  PID:6084
- C:\Windows\System\kGhxBCk.exe
  C:\Windows\System\kGhxBCk.exe
  2⤵
  PID:6100
- C:\Windows\System\UNXXdGO.exe
  C:\Windows\System\UNXXdGO.exe
  2⤵
  PID:6120
- C:\Windows\System\HyfCxlt.exe
  C:\Windows\System\HyfCxlt.exe
  2⤵
  PID:6140
- C:\Windows\System\RyIaIaS.exe
  C:\Windows\System\RyIaIaS.exe
  2⤵
  PID:5124
- C:\Windows\System\qqbnxiA.exe
  C:\Windows\System\qqbnxiA.exe
  2⤵
  PID:5104
- C:\Windows\System\CwKNPqB.exe
  C:\Windows\System\CwKNPqB.exe
  2⤵
  PID:3232
- C:\Windows\System\EwDngrT.exe
  C:\Windows\System\EwDngrT.exe
  2⤵
  PID:5220
- C:\Windows\System\JOmudZo.exe
  C:\Windows\System\JOmudZo.exe
  2⤵
  PID:5228
- C:\Windows\System\gWplWZt.exe
  C:\Windows\System\gWplWZt.exe
  2⤵
  PID:5140
- C:\Windows\System\gXHPdcy.exe
  C:\Windows\System\gXHPdcy.exe
  2⤵
  PID:5260
- C:\Windows\System\EEaOMdf.exe
  C:\Windows\System\EEaOMdf.exe
  2⤵
  PID:5328
- C:\Windows\System\FiwWtbB.exe
  C:\Windows\System\FiwWtbB.exe
  2⤵
  PID:5392
- C:\Windows\System\qpwqpwF.exe
  C:\Windows\System\qpwqpwF.exe
  2⤵
  PID:5436
- C:\Windows\System\RJocWvK.exe
  C:\Windows\System\RJocWvK.exe
  2⤵
  PID:5512
- C:\Windows\System\YqyaJIn.exe
  C:\Windows\System\YqyaJIn.exe
  2⤵
  PID:5580
- C:\Windows\System\EXpTSxL.exe
  C:\Windows\System\EXpTSxL.exe
  2⤵
  PID:5276
- C:\Windows\System\yRoubhZ.exe
  C:\Windows\System\yRoubhZ.exe
  2⤵
  PID:5644
- C:\Windows\System\BQpDuyS.exe
  C:\Windows\System\BQpDuyS.exe
  2⤵
  PID:5652
- C:\Windows\System\nFseiCk.exe
  C:\Windows\System\nFseiCk.exe
  2⤵
  PID:5312
- C:\Windows\System\AKTfQcN.exe
  C:\Windows\System\AKTfQcN.exe
  2⤵
  PID:5828
- C:\Windows\System\wRaUTAH.exe
  C:\Windows\System\wRaUTAH.exe
  2⤵
  PID:5416
- C:\Windows\System\axwyyFR.exe
  C:\Windows\System\axwyyFR.exe
  2⤵
  PID:5524
- C:\Windows\System\OciOmGG.exe
  C:\Windows\System\OciOmGG.exe
  2⤵
  PID:5776
- C:\Windows\System\XyYsOnO.exe
  C:\Windows\System\XyYsOnO.exe
  2⤵
  PID:5568
- C:\Windows\System\TqcADlN.exe
  C:\Windows\System\TqcADlN.exe
  2⤵
  PID:5784
- C:\Windows\System\oorMBax.exe
  C:\Windows\System\oorMBax.exe
  2⤵
  PID:5972
- C:\Windows\System\vhUVvqJ.exe
  C:\Windows\System\vhUVvqJ.exe
  2⤵
  PID:6036
- C:\Windows\System\yfWAjZF.exe
  C:\Windows\System\yfWAjZF.exe
  2⤵
  PID:6080
- C:\Windows\System\SAlmKkY.exe
  C:\Windows\System\SAlmKkY.exe
  2⤵
  PID:5128
- C:\Windows\System\EzmhmbT.exe
  C:\Windows\System\EzmhmbT.exe
  2⤵
  PID:5728
- C:\Windows\System\EiAeKDe.exe
  C:\Windows\System\EiAeKDe.exe
  2⤵
  PID:4316
- C:\Windows\System\csTaDtS.exe
  C:\Windows\System\csTaDtS.exe
  2⤵
  PID:4852
- C:\Windows\System\bFhrKcM.exe
  C:\Windows\System\bFhrKcM.exe
  2⤵
  PID:5504
- C:\Windows\System\gSEXwTC.exe
  C:\Windows\System\gSEXwTC.exe
  2⤵
  PID:5324
- C:\Windows\System\WbCYfZr.exe
  C:\Windows\System\WbCYfZr.exe
  2⤵
  PID:5804
- C:\Windows\System\lOdYMEr.exe
  C:\Windows\System\lOdYMEr.exe
  2⤵
  PID:5244
- C:\Windows\System\CDdYLQd.exe
  C:\Windows\System\CDdYLQd.exe
  2⤵
  PID:5876
- C:\Windows\System\jkpHBBb.exe
  C:\Windows\System\jkpHBBb.exe
  2⤵
  PID:5884
- C:\Windows\System\NKIAtWf.exe
  C:\Windows\System\NKIAtWf.exe
  2⤵
  PID:5844
- C:\Windows\System\ZvJIpuX.exe
  C:\Windows\System\ZvJIpuX.exe
  2⤵
  PID:5916
- C:\Windows\System\pTeZEhO.exe
  C:\Windows\System\pTeZEhO.exe
  2⤵
  PID:5348
- C:\Windows\System\pgKvruA.exe
  C:\Windows\System\pgKvruA.exe
  2⤵
  PID:5448
- C:\Windows\System\zNcJDmp.exe
  C:\Windows\System\zNcJDmp.exe
  2⤵
  PID:1568
- C:\Windows\System\PpzAldE.exe
  C:\Windows\System\PpzAldE.exe
  2⤵
  PID:5936
- C:\Windows\System\KqYDNze.exe
  C:\Windows\System\KqYDNze.exe
  2⤵
  PID:5720
- C:\Windows\System\IzRcjKg.exe
  C:\Windows\System\IzRcjKg.exe
  2⤵
  PID:5380
- C:\Windows\System\xyWsldV.exe
  C:\Windows\System\xyWsldV.exe
  2⤵
  PID:5896
- C:\Windows\System\bmkLeCv.exe
  C:\Windows\System\bmkLeCv.exe
  2⤵
  PID:6024
- C:\Windows\System\mRqdvAl.exe
  C:\Windows\System\mRqdvAl.exe
  2⤵
  PID:5664
- C:\Windows\System\zjalvJG.exe
  C:\Windows\System\zjalvJG.exe
  2⤵
  PID:5704
- C:\Windows\System\gzfvvWF.exe
  C:\Windows\System\gzfvvWF.exe
  2⤵
  PID:5172
- C:\Windows\System\WhlkTeK.exe
  C:\Windows\System\WhlkTeK.exe
  2⤵
  PID:5548
- C:\Windows\System\DGRSiZs.exe
  C:\Windows\System\DGRSiZs.exe
  2⤵
  PID:5968
- C:\Windows\System\FMnMuXn.exe
  C:\Windows\System\FMnMuXn.exe
  2⤵
  PID:2984
- C:\Windows\System\ldjmZMZ.exe
  C:\Windows\System\ldjmZMZ.exe
  2⤵
  PID:5768
- C:\Windows\System\JtfpNHZ.exe
  C:\Windows\System\JtfpNHZ.exe
  2⤵
  PID:4920
- C:\Windows\System\lrrjLNi.exe
  C:\Windows\System\lrrjLNi.exe
  2⤵
  PID:5740
- C:\Windows\System\plKPoDT.exe
  C:\Windows\System\plKPoDT.exe
  2⤵
  PID:5492
- C:\Windows\System\bnZcImV.exe
  C:\Windows\System\bnZcImV.exe
  2⤵
  PID:1488
- C:\Windows\System\sGZKEbH.exe
  C:\Windows\System\sGZKEbH.exe
  2⤵
  PID:5412
- C:\Windows\System\gQEJXwT.exe
  C:\Windows\System\gQEJXwT.exe
  2⤵
  PID:6004
- C:\Windows\System\ibApzEe.exe
  C:\Windows\System\ibApzEe.exe
  2⤵
  PID:5760
- C:\Windows\System\Hwqqxuh.exe
  C:\Windows\System\Hwqqxuh.exe
  2⤵
  PID:5800
- C:\Windows\System\izGaDyG.exe
  C:\Windows\System\izGaDyG.exe
  2⤵
  PID:5296
- C:\Windows\System\RkBIsNa.exe
  C:\Windows\System\RkBIsNa.exe
  2⤵
  PID:5864
- C:\Windows\System\lfUyykh.exe
  C:\Windows\System\lfUyykh.exe
  2⤵
  PID:536
- C:\Windows\System\OEjZVpS.exe
  C:\Windows\System\OEjZVpS.exe
  2⤵
  PID:6096
- C:\Windows\System\OydRqTH.exe
  C:\Windows\System\OydRqTH.exe
  2⤵
  PID:2016
- C:\Windows\System\ksawbCY.exe
  C:\Windows\System\ksawbCY.exe
  2⤵
  PID:5508
- C:\Windows\System\PQudfdr.exe
  C:\Windows\System\PQudfdr.exe
  2⤵
  PID:5484
- C:\Windows\System\LgythZt.exe
  C:\Windows\System\LgythZt.exe
  2⤵
  PID:5224
- C:\Windows\System\PgKlhcq.exe
  C:\Windows\System\PgKlhcq.exe
  2⤵
  PID:5820
- C:\Windows\System\WlsLnSR.exe
  C:\Windows\System\WlsLnSR.exe
  2⤵
  PID:6136
- C:\Windows\System\BsBYSql.exe
  C:\Windows\System\BsBYSql.exe
  2⤵
  PID:5948
- C:\Windows\System\nUneRvj.exe
  C:\Windows\System\nUneRvj.exe
  2⤵
  PID:1100
- C:\Windows\System\OZvDsYz.exe
  C:\Windows\System\OZvDsYz.exe
  2⤵
  PID:5564
- C:\Windows\System\uLxBKMl.exe
  C:\Windows\System\uLxBKMl.exe
  2⤵
  PID:5628
- C:\Windows\System\Fgjubdf.exe
  C:\Windows\System\Fgjubdf.exe
  2⤵
  PID:5024
- C:\Windows\System\hpxxCds.exe
  C:\Windows\System\hpxxCds.exe
  2⤵
  PID:2788
- C:\Windows\System\xCFGnFN.exe
  C:\Windows\System\xCFGnFN.exe
  2⤵
  PID:2740
- C:\Windows\System\vegMhAZ.exe
  C:\Windows\System\vegMhAZ.exe
  2⤵
  PID:5212
- C:\Windows\System\KsVhNbz.exe
  C:\Windows\System\KsVhNbz.exe
  2⤵
  PID:880
- C:\Windows\System\HmpwNpJ.exe
  C:\Windows\System\HmpwNpJ.exe
  2⤵
  PID:5780
- C:\Windows\System\ajSfOfp.exe
  C:\Windows\System\ajSfOfp.exe
  2⤵
  PID:5988
- C:\Windows\System\ahdFzyJ.exe
  C:\Windows\System\ahdFzyJ.exe
  2⤵
  PID:6152
- C:\Windows\System\YRKgGkn.exe
  C:\Windows\System\YRKgGkn.exe
  2⤵
  PID:6168
- C:\Windows\System\hrvvtjS.exe
  C:\Windows\System\hrvvtjS.exe
  2⤵
  PID:6192
- C:\Windows\System\rBrmfwF.exe
  C:\Windows\System\rBrmfwF.exe
  2⤵
  PID:6212
- C:\Windows\System\uKMaUsU.exe
  C:\Windows\System\uKMaUsU.exe
  2⤵
  PID:6232
- C:\Windows\System\HvLCTus.exe
  C:\Windows\System\HvLCTus.exe
  2⤵
  PID:6248
- C:\Windows\System\dmUnjSz.exe
  C:\Windows\System\dmUnjSz.exe
  2⤵
  PID:6268
- C:\Windows\System\VoUOzwj.exe
  C:\Windows\System\VoUOzwj.exe
  2⤵
  PID:6284
- C:\Windows\System\WJKTZLr.exe
  C:\Windows\System\WJKTZLr.exe
  2⤵
  PID:6300
- C:\Windows\System\EJViuEX.exe
  C:\Windows\System\EJViuEX.exe
  2⤵
  PID:6316
- C:\Windows\System\ffxiTOw.exe
  C:\Windows\System\ffxiTOw.exe
  2⤵
  PID:6388
- C:\Windows\System\VUHZOWy.exe
  C:\Windows\System\VUHZOWy.exe
  2⤵
  PID:6412
- C:\Windows\System\vdHioCl.exe
  C:\Windows\System\vdHioCl.exe
  2⤵
  PID:6428
- C:\Windows\System\KvVFbmy.exe
  C:\Windows\System\KvVFbmy.exe
  2⤵
  PID:6444
- C:\Windows\System\xwqpAJC.exe
  C:\Windows\System\xwqpAJC.exe
  2⤵
  PID:6464
- C:\Windows\System\yeeCDvB.exe
  C:\Windows\System\yeeCDvB.exe
  2⤵
  PID:6492
- C:\Windows\System\BzCsvuX.exe
  C:\Windows\System\BzCsvuX.exe
  2⤵
  PID:6508
- C:\Windows\System\xxWXfZg.exe
  C:\Windows\System\xxWXfZg.exe
  2⤵
  PID:6524
- C:\Windows\System\tejBvwC.exe
  C:\Windows\System\tejBvwC.exe
  2⤵
  PID:6544
- C:\Windows\System\pdURNSt.exe
  C:\Windows\System\pdURNSt.exe
  2⤵
  PID:6560
- C:\Windows\System\nOJZGHv.exe
  C:\Windows\System\nOJZGHv.exe
  2⤵
  PID:6580
- C:\Windows\System\IDTUziH.exe
  C:\Windows\System\IDTUziH.exe
  2⤵
  PID:6596
- C:\Windows\System\jJWZGbw.exe
  C:\Windows\System\jJWZGbw.exe
  2⤵
  PID:6612
- C:\Windows\System\uOphPdp.exe
  C:\Windows\System\uOphPdp.exe
  2⤵
  PID:6632
- C:\Windows\System\dbNcdjn.exe
  C:\Windows\System\dbNcdjn.exe
  2⤵
  PID:6672
- C:\Windows\System\PNrAzTF.exe
  C:\Windows\System\PNrAzTF.exe
  2⤵
  PID:6692
- C:\Windows\System\QvPzoUW.exe
  C:\Windows\System\QvPzoUW.exe
  2⤵
  PID:6708
- C:\Windows\System\piRwFcT.exe
  C:\Windows\System\piRwFcT.exe
  2⤵
  PID:6724
- C:\Windows\System\uMkvEat.exe
  C:\Windows\System\uMkvEat.exe
  2⤵
  PID:6740
- C:\Windows\System\jHrarTs.exe
  C:\Windows\System\jHrarTs.exe
  2⤵
  PID:6760
- C:\Windows\System\bGsdWGn.exe
  C:\Windows\System\bGsdWGn.exe
  2⤵
  PID:6776
- C:\Windows\System\UKsmZWE.exe
  C:\Windows\System\UKsmZWE.exe
  2⤵
  PID:6792
- C:\Windows\System\OvdqoxM.exe
  C:\Windows\System\OvdqoxM.exe
  2⤵
  PID:6812
- C:\Windows\System\YMFahDz.exe
  C:\Windows\System\YMFahDz.exe
  2⤵
  PID:6828
- C:\Windows\System\TsqhpWb.exe
  C:\Windows\System\TsqhpWb.exe
  2⤵
  PID:6848
- C:\Windows\System\YfyZSLs.exe
  C:\Windows\System\YfyZSLs.exe
  2⤵
  PID:6864
- C:\Windows\System\NGDTFdT.exe
  C:\Windows\System\NGDTFdT.exe
  2⤵
  PID:6880
- C:\Windows\System\GZFlxyC.exe
  C:\Windows\System\GZFlxyC.exe
  2⤵
  PID:6896
- C:\Windows\System\XZmZegH.exe
  C:\Windows\System\XZmZegH.exe
  2⤵
  PID:6916
- C:\Windows\System\tpCELhZ.exe
  C:\Windows\System\tpCELhZ.exe
  2⤵
  PID:6932
- C:\Windows\System\noJXvmw.exe
  C:\Windows\System\noJXvmw.exe
  2⤵
  PID:6948
- C:\Windows\System\ZkzvKtO.exe
  C:\Windows\System\ZkzvKtO.exe
  2⤵
  PID:6964
- C:\Windows\System\QyNGAUi.exe
  C:\Windows\System\QyNGAUi.exe
  2⤵
  PID:7032
- C:\Windows\System\gQkVAuc.exe
  C:\Windows\System\gQkVAuc.exe
  2⤵
  PID:7048
- C:\Windows\System\ncRnyin.exe
  C:\Windows\System\ncRnyin.exe
  2⤵
  PID:7068
- C:\Windows\System\rDGTCUr.exe
  C:\Windows\System\rDGTCUr.exe
  2⤵
  PID:7084
- C:\Windows\System\QAHAWyJ.exe
  C:\Windows\System\QAHAWyJ.exe
  2⤵
  PID:7100
- C:\Windows\System\XdEaySu.exe
  C:\Windows\System\XdEaySu.exe
  2⤵
  PID:7116
- C:\Windows\System\lBAHBiE.exe
  C:\Windows\System\lBAHBiE.exe
  2⤵
  PID:7132
- C:\Windows\System\OakYvzi.exe
  C:\Windows\System\OakYvzi.exe
  2⤵
  PID:7148
- C:\Windows\System\aMdksci.exe
  C:\Windows\System\aMdksci.exe
  2⤵
  PID:7164
- C:\Windows\System\SRJbdbt.exe
  C:\Windows\System\SRJbdbt.exe
  2⤵
  PID:6240
- C:\Windows\System\YHfWzJo.exe
  C:\Windows\System\YHfWzJo.exe
  2⤵
  PID:2540
- C:\Windows\System\aVsGiWv.exe
  C:\Windows\System\aVsGiWv.exe
  2⤵
  PID:6132
- C:\Windows\System\MpmmihV.exe
  C:\Windows\System\MpmmihV.exe
  2⤵
  PID:5620
- C:\Windows\System\zXrQyjA.exe
  C:\Windows\System\zXrQyjA.exe
  2⤵
  PID:5604
- C:\Windows\System\AnUTrzf.exe
  C:\Windows\System\AnUTrzf.exe
  2⤵
  PID:6148
- C:\Windows\System\LJlAnqI.exe
  C:\Windows\System\LJlAnqI.exe
  2⤵
  PID:6188
- C:\Windows\System\KXwQIfh.exe
  C:\Windows\System\KXwQIfh.exe
  2⤵
  PID:6260
- C:\Windows\System\Imgvkkz.exe
  C:\Windows\System\Imgvkkz.exe
  2⤵
  PID:6324
- C:\Windows\System\lXBiBuF.exe
  C:\Windows\System\lXBiBuF.exe
  2⤵
  PID:6340
- C:\Windows\System\vIWrOiT.exe
  C:\Windows\System\vIWrOiT.exe
  2⤵
  PID:6360
- C:\Windows\System\KAmUFIn.exe
  C:\Windows\System\KAmUFIn.exe
  2⤵
  PID:2424
- C:\Windows\System\cvZjJzE.exe
  C:\Windows\System\cvZjJzE.exe
  2⤵
  PID:6404
- C:\Windows\System\qTWJHHv.exe
  C:\Windows\System\qTWJHHv.exe
  2⤵
  PID:6380
- C:\Windows\System\FKGueBP.exe
  C:\Windows\System\FKGueBP.exe
  2⤵
  PID:6484
- C:\Windows\System\juCwFih.exe
  C:\Windows\System\juCwFih.exe
  2⤵
  PID:6540
- C:\Windows\System\BCUnjEe.exe
  C:\Windows\System\BCUnjEe.exe
  2⤵
  PID:6624
- C:\Windows\System\JRZJLcz.exe
  C:\Windows\System\JRZJLcz.exe
  2⤵
  PID:6716
- C:\Windows\System\tlcVLIL.exe
  C:\Windows\System\tlcVLIL.exe
  2⤵
  PID:6788
- C:\Windows\System\uJXTSSb.exe
  C:\Windows\System\uJXTSSb.exe
  2⤵
  PID:6856
- C:\Windows\System\kMzwZNl.exe
  C:\Windows\System\kMzwZNl.exe
  2⤵
  PID:6928
- C:\Windows\System\hfSfdhQ.exe
  C:\Windows\System\hfSfdhQ.exe
  2⤵
  PID:6500
- C:\Windows\System\iAMJBAz.exe
  C:\Windows\System\iAMJBAz.exe
  2⤵
  PID:6568
- C:\Windows\System\KnTuWPF.exe
  C:\Windows\System\KnTuWPF.exe
  2⤵
  PID:6836
- C:\Windows\System\sWmThAa.exe
  C:\Windows\System\sWmThAa.exe
  2⤵
  PID:6644
- C:\Windows\System\KTbStCS.exe
  C:\Windows\System\KTbStCS.exe
  2⤵
  PID:6700
- C:\Windows\System\UIsPQqO.exe
  C:\Windows\System\UIsPQqO.exe
  2⤵
  PID:6772
- C:\Windows\System\xvxVgaB.exe
  C:\Windows\System\xvxVgaB.exe
  2⤵
  PID:6844
- C:\Windows\System\LVBMHKO.exe
  C:\Windows\System\LVBMHKO.exe
  2⤵
  PID:6904
- C:\Windows\System\XEJebXe.exe
  C:\Windows\System\XEJebXe.exe
  2⤵
  PID:7076
- C:\Windows\System\FXepFRV.exe
  C:\Windows\System\FXepFRV.exe
  2⤵
  PID:7112
- C:\Windows\System\YegmEBp.exe
  C:\Windows\System\YegmEBp.exe
  2⤵
  PID:5164
- C:\Windows\System\QwjLZll.exe
  C:\Windows\System\QwjLZll.exe
  2⤵
  PID:7064
- C:\Windows\System\moRmvDv.exe
  C:\Windows\System\moRmvDv.exe
  2⤵
  PID:6996
- C:\Windows\System\XpoSCZA.exe
  C:\Windows\System\XpoSCZA.exe
  2⤵
  PID:7012
- C:\Windows\System\GDjUtmo.exe
  C:\Windows\System\GDjUtmo.exe
  2⤵
  PID:7092
- C:\Windows\System\lacXUWa.exe
  C:\Windows\System\lacXUWa.exe
  2⤵
  PID:7124
- C:\Windows\System\uBgwGWp.exe
  C:\Windows\System\uBgwGWp.exe
  2⤵
  PID:6164
- C:\Windows\System\clAawIH.exe
  C:\Windows\System\clAawIH.exe
  2⤵
  PID:1932
- C:\Windows\System\rHBCZiO.exe
  C:\Windows\System\rHBCZiO.exe
  2⤵
  PID:4856
- C:\Windows\System\WfmJQNg.exe
  C:\Windows\System\WfmJQNg.exe
  2⤵
  PID:6348
- C:\Windows\System\NzUOPSg.exe
  C:\Windows\System\NzUOPSg.exe
  2⤵
  PID:6180
- C:\Windows\System\YCMuhbW.exe
  C:\Windows\System\YCMuhbW.exe
  2⤵
  PID:6400
- C:\Windows\System\wXADuxx.exe
  C:\Windows\System\wXADuxx.exe
  2⤵
  PID:6592
- C:\Windows\System\ySstyPZ.exe
  C:\Windows\System\ySstyPZ.exe
  2⤵
  PID:6440
- C:\Windows\System\DyNZGgO.exe
  C:\Windows\System\DyNZGgO.exe
  2⤵
  PID:6752
- C:\Windows\System\KLTvrvV.exe
  C:\Windows\System\KLTvrvV.exe
  2⤵
  PID:6296
- C:\Windows\System\JGRkjVD.exe
  C:\Windows\System\JGRkjVD.exe
  2⤵
  PID:6376
- C:\Windows\System\VLTLrjp.exe
  C:\Windows\System\VLTLrjp.exe
  2⤵
  PID:6784
- C:\Windows\System\oGcMxmo.exe
  C:\Windows\System\oGcMxmo.exe
  2⤵
  PID:6532
- C:\Windows\System\OONdtvQ.exe
  C:\Windows\System\OONdtvQ.exe
  2⤵
  PID:6668
- C:\Windows\System\dRrFfhl.exe
  C:\Windows\System\dRrFfhl.exe
  2⤵
  PID:7040
- C:\Windows\System\yjvKEkj.exe
  C:\Windows\System\yjvKEkj.exe
  2⤵
  PID:6604
- C:\Windows\System\AFRxLwd.exe
  C:\Windows\System\AFRxLwd.exe
  2⤵
  PID:6688
- C:\Windows\System\bexfmQz.exe
  C:\Windows\System\bexfmQz.exe
  2⤵
  PID:7056
- C:\Windows\System\RFGaWAT.exe
  C:\Windows\System\RFGaWAT.exe
  2⤵
  PID:7060
- C:\Windows\System\kKsKlZH.exe
  C:\Windows\System\kKsKlZH.exe
  2⤵
  PID:6056
- C:\Windows\System\tpzDVxK.exe
  C:\Windows\System\tpzDVxK.exe
  2⤵
  PID:6356
- C:\Windows\System\pgWrohg.exe
  C:\Windows\System\pgWrohg.exe
  2⤵
  PID:6256
- C:\Windows\System\kpmlqtt.exe
  C:\Windows\System\kpmlqtt.exe
  2⤵
  PID:6664
- C:\Windows\System\csXWszB.exe
  C:\Windows\System\csXWszB.exe
  2⤵
  PID:7172
- C:\Windows\System\PzddXxa.exe
  C:\Windows\System\PzddXxa.exe
  2⤵
  PID:7192
- C:\Windows\System\fFadgsC.exe
  C:\Windows\System\fFadgsC.exe
  2⤵
  PID:7208
- C:\Windows\System\iUWDyVH.exe
  C:\Windows\System\iUWDyVH.exe
  2⤵
  PID:7224
- C:\Windows\System\vDLTpmR.exe
  C:\Windows\System\vDLTpmR.exe
  2⤵
  PID:7244
- C:\Windows\System\baoNBNa.exe
  C:\Windows\System\baoNBNa.exe
  2⤵
  PID:7264
- C:\Windows\System\CxwQUTU.exe
  C:\Windows\System\CxwQUTU.exe
  2⤵
  PID:7384
- C:\Windows\System\EsUsEPb.exe
  C:\Windows\System\EsUsEPb.exe
  2⤵
  PID:7404
- C:\Windows\System\wWxFhbc.exe
  C:\Windows\System\wWxFhbc.exe
  2⤵
  PID:7420
- C:\Windows\System\oFrckGR.exe
  C:\Windows\System\oFrckGR.exe
  2⤵
  PID:7440
- C:\Windows\System\ncVUIOb.exe
  C:\Windows\System\ncVUIOb.exe
  2⤵
  PID:7460
- C:\Windows\System\XexDYTc.exe
  C:\Windows\System\XexDYTc.exe
  2⤵
  PID:7476
- C:\Windows\System\KYnvZzP.exe
  C:\Windows\System\KYnvZzP.exe
  2⤵
  PID:7496
- C:\Windows\System\rrTJQhP.exe
  C:\Windows\System\rrTJQhP.exe
  2⤵
  PID:7516
- C:\Windows\System\kbJOFnx.exe
  C:\Windows\System\kbJOFnx.exe
  2⤵
  PID:7532
- C:\Windows\System\usRGEXm.exe
  C:\Windows\System\usRGEXm.exe
  2⤵
  PID:7556
- C:\Windows\System\qvxUDFW.exe
  C:\Windows\System\qvxUDFW.exe
  2⤵
  PID:7576
- C:\Windows\System\gjDvjkg.exe
  C:\Windows\System\gjDvjkg.exe
  2⤵
  PID:7596
- C:\Windows\System\jVmOHjP.exe
  C:\Windows\System\jVmOHjP.exe
  2⤵
  PID:7620
- C:\Windows\System\tZCFIjD.exe
  C:\Windows\System\tZCFIjD.exe
  2⤵
  PID:7636
- C:\Windows\System\tBtbAUn.exe
  C:\Windows\System\tBtbAUn.exe
  2⤵
  PID:7656
- C:\Windows\System\BQfpQep.exe
  C:\Windows\System\BQfpQep.exe
  2⤵
  PID:7684
- C:\Windows\System\YHvAtvZ.exe
  C:\Windows\System\YHvAtvZ.exe
  2⤵
  PID:7700
- C:\Windows\System\xxluZCg.exe
  C:\Windows\System\xxluZCg.exe
  2⤵
  PID:7720
- C:\Windows\System\MtKHFrO.exe
  C:\Windows\System\MtKHFrO.exe
  2⤵
  PID:7736
- C:\Windows\System\pnGlRTu.exe
  C:\Windows\System\pnGlRTu.exe
  2⤵
  PID:7756
- C:\Windows\System\bpOKxvJ.exe
  C:\Windows\System\bpOKxvJ.exe
  2⤵
  PID:7772
- C:\Windows\System\NvKrTCB.exe
  C:\Windows\System\NvKrTCB.exe
  2⤵
  PID:7796
- C:\Windows\System\ZJMvIJw.exe
  C:\Windows\System\ZJMvIJw.exe
  2⤵
  PID:7812
- C:\Windows\System\CyDioLt.exe
  C:\Windows\System\CyDioLt.exe
  2⤵
  PID:7832
- C:\Windows\System\msgzrkM.exe
  C:\Windows\System\msgzrkM.exe
  2⤵
  PID:7848
- C:\Windows\System\ozgblJV.exe
  C:\Windows\System\ozgblJV.exe
  2⤵
  PID:7872
- C:\Windows\System\YgZcqMu.exe
  C:\Windows\System\YgZcqMu.exe
  2⤵
  PID:7888
- C:\Windows\System\ePUnPYb.exe
  C:\Windows\System\ePUnPYb.exe
  2⤵
  PID:7908
- C:\Windows\System\vUxCPog.exe
  C:\Windows\System\vUxCPog.exe
  2⤵
  PID:7928
- C:\Windows\System\LmJPWLz.exe
  C:\Windows\System\LmJPWLz.exe
  2⤵
  PID:7948
- C:\Windows\System\cdpZBDy.exe
  C:\Windows\System\cdpZBDy.exe
  2⤵
  PID:7968
- C:\Windows\System\UTvrhoz.exe
  C:\Windows\System\UTvrhoz.exe
  2⤵
  PID:7988
- C:\Windows\System\JnrJLAF.exe
  C:\Windows\System\JnrJLAF.exe
  2⤵
  PID:8012
- C:\Windows\System\uHjhReS.exe
  C:\Windows\System\uHjhReS.exe
  2⤵
  PID:8032
- C:\Windows\System\pmwJuZa.exe
  C:\Windows\System\pmwJuZa.exe
  2⤵
  PID:8052
- C:\Windows\System\JaeCTBQ.exe
  C:\Windows\System\JaeCTBQ.exe
  2⤵
  PID:8072
- C:\Windows\System\vaJIYMC.exe
  C:\Windows\System\vaJIYMC.exe
  2⤵
  PID:8088
- C:\Windows\System\SrUWNQt.exe
  C:\Windows\System\SrUWNQt.exe
  2⤵
  PID:8108
- C:\Windows\System\guucTOu.exe
  C:\Windows\System\guucTOu.exe
  2⤵
  PID:8128
- C:\Windows\System\ddYpIgG.exe
  C:\Windows\System\ddYpIgG.exe
  2⤵
  PID:8148
- C:\Windows\System\quUwSEC.exe
  C:\Windows\System\quUwSEC.exe
  2⤵
  PID:8168
- C:\Windows\System\smfLdPx.exe
  C:\Windows\System\smfLdPx.exe
  2⤵
  PID:8188
- C:\Windows\System\AmVkgmF.exe
  C:\Windows\System\AmVkgmF.exe
  2⤵
  PID:6460
- C:\Windows\System\KSbPozM.exe
  C:\Windows\System\KSbPozM.exe
  2⤵
  PID:7200
- C:\Windows\System\NiECRGk.exe
  C:\Windows\System\NiECRGk.exe
  2⤵
  PID:7236
- C:\Windows\System\LxyALyz.exe
  C:\Windows\System\LxyALyz.exe
  2⤵
  PID:7292
- C:\Windows\System\sATAouz.exe
  C:\Windows\System\sATAouz.exe
  2⤵
  PID:7316
- C:\Windows\System\sBfuvAb.exe
  C:\Windows\System\sBfuvAb.exe
  2⤵
  PID:7332
- C:\Windows\System\HlGoCZG.exe
  C:\Windows\System\HlGoCZG.exe
  2⤵
  PID:7344
- C:\Windows\System\tSzLwLN.exe
  C:\Windows\System\tSzLwLN.exe
  2⤵
  PID:7356
- C:\Windows\System\EhBFfuw.exe
  C:\Windows\System\EhBFfuw.exe
  2⤵
  PID:7368
- C:\Windows\System\oENFHGI.exe
  C:\Windows\System\oENFHGI.exe
  2⤵
  PID:7260
- C:\Windows\System\ahKmSoe.exe
  C:\Windows\System\ahKmSoe.exe
  2⤵
  PID:6608
- C:\Windows\System\WDnfLVH.exe
  C:\Windows\System\WDnfLVH.exe
  2⤵
  PID:7024
- C:\Windows\System\GbYefrM.exe
  C:\Windows\System\GbYefrM.exe
  2⤵
  PID:7452
- C:\Windows\System\GJarPpJ.exe
  C:\Windows\System\GJarPpJ.exe
  2⤵
  PID:6536
- C:\Windows\System\fIitMoc.exe
  C:\Windows\System\fIitMoc.exe
  2⤵
  PID:5616
- C:\Windows\System\WsAcvNS.exe
  C:\Windows\System\WsAcvNS.exe
  2⤵
  PID:7220
- C:\Windows\System\tfrEsJu.exe
  C:\Windows\System\tfrEsJu.exe
  2⤵
  PID:6988
- C:\Windows\System\oTaBpIt.exe
  C:\Windows\System\oTaBpIt.exe
  2⤵
  PID:7484
- C:\Windows\System\uzLhstP.exe
  C:\Windows\System\uzLhstP.exe
  2⤵
  PID:7156
- C:\Windows\System\VTQnNIS.exe
  C:\Windows\System\VTQnNIS.exe
  2⤵
  PID:6516
- C:\Windows\System\bTgmphS.exe
  C:\Windows\System\bTgmphS.exe
  2⤵
  PID:6452
- C:\Windows\System\RLidgDf.exe
  C:\Windows\System\RLidgDf.exe
  2⤵
  PID:7396
- C:\Windows\System\TJtLkiw.exe
  C:\Windows\System\TJtLkiw.exe
  2⤵
  PID:7432
- C:\Windows\System\ZtyBlAX.exe
  C:\Windows\System\ZtyBlAX.exe
  2⤵
  PID:7616
- C:\Windows\System\SYkgbcM.exe
  C:\Windows\System\SYkgbcM.exe
  2⤵
  PID:7436
- C:\Windows\System\ectUtFp.exe
  C:\Windows\System\ectUtFp.exe
  2⤵
  PID:7508
- C:\Windows\System\pkdGtvq.exe
  C:\Windows\System\pkdGtvq.exe
  2⤵
  PID:7628
- C:\Windows\System\gAjszRb.exe
  C:\Windows\System\gAjszRb.exe
  2⤵
  PID:7732
- C:\Windows\System\RIoZGiv.exe
  C:\Windows\System\RIoZGiv.exe
  2⤵
  PID:7676
- C:\Windows\System\hjbVsZV.exe
  C:\Windows\System\hjbVsZV.exe
  2⤵
  PID:7916
- C:\Windows\System\xecKftL.exe
  C:\Windows\System\xecKftL.exe
  2⤵
  PID:7784
- C:\Windows\System\hKckYmi.exe
  C:\Windows\System\hKckYmi.exe
  2⤵
  PID:7824
- C:\Windows\System\IvXSqRQ.exe
  C:\Windows\System\IvXSqRQ.exe
  2⤵
  PID:8008
- C:\Windows\System\sAQtEdZ.exe
  C:\Windows\System\sAQtEdZ.exe
  2⤵
  PID:7904
- C:\Windows\System\MucgzMx.exe
  C:\Windows\System\MucgzMx.exe
  2⤵
  PID:7940
- C:\Windows\System\YvXjiRA.exe
  C:\Windows\System\YvXjiRA.exe
  2⤵
  PID:8120
- C:\Windows\System\LdJetfi.exe
  C:\Windows\System\LdJetfi.exe
  2⤵
  PID:7980
- C:\Windows\System\sTCZTNm.exe
  C:\Windows\System\sTCZTNm.exe
  2⤵
  PID:7820
- C:\Windows\System\fhOYSJC.exe
  C:\Windows\System\fhOYSJC.exe
  2⤵
  PID:7856
- C:\Windows\System\WTnXZNu.exe
  C:\Windows\System\WTnXZNu.exe
  2⤵
  PID:7232
- C:\Windows\System\rIfyTnG.exe
  C:\Windows\System\rIfyTnG.exe
  2⤵
  PID:6940
- C:\Windows\System\EkNCBcx.exe
  C:\Windows\System\EkNCBcx.exe
  2⤵
  PID:7312
- C:\Windows\System\FXeWNKU.exe
  C:\Windows\System\FXeWNKU.exe
  2⤵
  PID:8064
- C:\Windows\System\kbCIayw.exe
  C:\Windows\System\kbCIayw.exe
  2⤵
  PID:5600
- C:\Windows\System\QuhGEZT.exe
  C:\Windows\System\QuhGEZT.exe
  2⤵
  PID:8136
- C:\Windows\System\WYtrkWv.exe
  C:\Windows\System\WYtrkWv.exe
  2⤵
  PID:8180
- C:\Windows\System\QExiIgS.exe
  C:\Windows\System\QExiIgS.exe
  2⤵
  PID:7336
- C:\Windows\System\ellcBBH.exe
  C:\Windows\System\ellcBBH.exe
  2⤵
  PID:7320
- C:\Windows\System\aWOzIXR.exe
  C:\Windows\System\aWOzIXR.exe
  2⤵
  PID:6960
- C:\Windows\System\EniPgFA.exe
  C:\Windows\System\EniPgFA.exe
  2⤵
  PID:6640
- C:\Windows\System\PqAlmPw.exe
  C:\Windows\System\PqAlmPw.exe
  2⤵
  PID:6912
- C:\Windows\System\vpfajyo.exe
  C:\Windows\System\vpfajyo.exe
  2⤵
  PID:7372
- C:\Windows\System\vYlNdeb.exe
  C:\Windows\System\vYlNdeb.exe
  2⤵
  PID:6736
- C:\Windows\System\zgJmabO.exe
  C:\Windows\System\zgJmabO.exe
  2⤵
  PID:7572
- C:\Windows\System\YdjYWyB.exe
  C:\Windows\System\YdjYWyB.exe
  2⤵
  PID:7428
- C:\Windows\System\BhONQRU.exe
  C:\Windows\System\BhONQRU.exe
  2⤵
  PID:7592
- C:\Windows\System\MmZXvlN.exe
  C:\Windows\System\MmZXvlN.exe
  2⤵
  PID:7652
- C:\Windows\System\uccnMjk.exe
  C:\Windows\System\uccnMjk.exe
  2⤵
  PID:7728
- C:\Windows\System\kVsQNNz.exe
  C:\Windows\System\kVsQNNz.exe
  2⤵
  PID:5796
- C:\Windows\System\hrIHLZb.exe
  C:\Windows\System\hrIHLZb.exe
  2⤵
  PID:5364
- C:\Windows\System\pyNCOuZ.exe
  C:\Windows\System\pyNCOuZ.exe
  2⤵
  PID:7960
- C:\Windows\System\ZbKtPcr.exe
  C:\Windows\System\ZbKtPcr.exe
  2⤵
  PID:7468
- C:\Windows\System\rEIKIvN.exe
  C:\Windows\System\rEIKIvN.exe
  2⤵
  PID:7552
- C:\Windows\System\iLhNJSO.exe
  C:\Windows\System\iLhNJSO.exe
  2⤵
  PID:8000
- C:\Windows\System\OZjUhqA.exe
  C:\Windows\System\OZjUhqA.exe
  2⤵
  PID:8040
- C:\Windows\System\LMVIGes.exe
  C:\Windows\System\LMVIGes.exe
  2⤵
  PID:8156
- C:\Windows\System\XwZkgoE.exe
  C:\Windows\System\XwZkgoE.exe
  2⤵
  PID:8020
- C:\Windows\System\CvLwlpm.exe
  C:\Windows\System\CvLwlpm.exe
  2⤵
  PID:6924
- C:\Windows\System\hnzctlm.exe
  C:\Windows\System\hnzctlm.exe
  2⤵
  PID:8116
- C:\Windows\System\bDHskpp.exe
  C:\Windows\System\bDHskpp.exe
  2⤵
  PID:6956
- C:\Windows\System\MVopxty.exe
  C:\Windows\System\MVopxty.exe
  2⤵
  PID:7080
- C:\Windows\System\rFWfiQt.exe
  C:\Windows\System\rFWfiQt.exe
  2⤵
  PID:6336
- C:\Windows\System\entpwBz.exe
  C:\Windows\System\entpwBz.exe
  2⤵
  PID:7648
- C:\Windows\System\GMPvLzX.exe
  C:\Windows\System\GMPvLzX.exe
  2⤵
  PID:7768
- C:\Windows\System\YnqryrV.exe
  C:\Windows\System\YnqryrV.exe
  2⤵
  PID:7964
- C:\Windows\System\fIKZVUe.exe
  C:\Windows\System\fIKZVUe.exe
  2⤵
  PID:8044
- C:\Windows\System\ysiQIih.exe
  C:\Windows\System\ysiQIih.exe
  2⤵
  PID:7900
- C:\Windows\System\MJuNXDD.exe
  C:\Windows\System\MJuNXDD.exe
  2⤵
  PID:7456
- C:\Windows\System\WYTLKgX.exe
  C:\Windows\System\WYTLKgX.exe
  2⤵
  PID:6368
- C:\Windows\System\bBFXkEQ.exe
  C:\Windows\System\bBFXkEQ.exe
  2⤵
  PID:8176
- C:\Windows\System\ySlSmFv.exe
  C:\Windows\System\ySlSmFv.exe
  2⤵
  PID:6892
- C:\Windows\System\KMNMrXt.exe
  C:\Windows\System\KMNMrXt.exe
  2⤵
  PID:7524
- C:\Windows\System\bWXAVym.exe
  C:\Windows\System\bWXAVym.exe
  2⤵
  PID:7884
- C:\Windows\System\ACfkrEd.exe
  C:\Windows\System\ACfkrEd.exe
  2⤵
  PID:7692
- C:\Windows\System\NcEfJPZ.exe
  C:\Windows\System\NcEfJPZ.exe
  2⤵
  PID:7528
- C:\Windows\System\YFVyqnP.exe
  C:\Windows\System\YFVyqnP.exe
  2⤵
  PID:7864
- C:\Windows\System\wwnXiiY.exe
  C:\Windows\System\wwnXiiY.exe
  2⤵
  PID:7400
- C:\Windows\System\lXDQPdY.exe
  C:\Windows\System\lXDQPdY.exe
  2⤵
  PID:7284
- C:\Windows\System\wtATXwa.exe
  C:\Windows\System\wtATXwa.exe
  2⤵
  PID:7712
- C:\Windows\System\qZqeyTK.exe
  C:\Windows\System\qZqeyTK.exe
  2⤵
  PID:7028
- C:\Windows\System\lKpQayv.exe
  C:\Windows\System\lKpQayv.exe
  2⤵
  PID:6472
- C:\Windows\System\CdhlIYl.exe
  C:\Windows\System\CdhlIYl.exe
  2⤵
  PID:7448
- C:\Windows\System\XpgGfsl.exe
  C:\Windows\System\XpgGfsl.exe
  2⤵
  PID:6984
- C:\Windows\System\aXPKeTK.exe
  C:\Windows\System\aXPKeTK.exe
  2⤵
  PID:6680
- C:\Windows\System\GhpKiNw.exe
  C:\Windows\System\GhpKiNw.exe
  2⤵
  PID:7604
- C:\Windows\System\yVCQAwr.exe
  C:\Windows\System\yVCQAwr.exe
  2⤵
  PID:7380
- C:\Windows\System\zqqQQWs.exe
  C:\Windows\System\zqqQQWs.exe
  2⤵
  PID:6808
- C:\Windows\System\KujAolz.exe
  C:\Windows\System\KujAolz.exe
  2⤵
  PID:5160
- C:\Windows\System\rQaSkoT.exe
  C:\Windows\System\rQaSkoT.exe
  2⤵
  PID:7256
- C:\Windows\System\WUqCxAN.exe
  C:\Windows\System\WUqCxAN.exe
  2⤵
  PID:7392
- C:\Windows\System\nXkXnqR.exe
  C:\Windows\System\nXkXnqR.exe
  2⤵
  PID:7716
- C:\Windows\System\MWCRpfK.exe
  C:\Windows\System\MWCRpfK.exe
  2⤵
  PID:7492
- C:\Windows\System\iGjZBLO.exe
  C:\Windows\System\iGjZBLO.exe
  2⤵
  PID:8024
- C:\Windows\System\GvTvcHu.exe
  C:\Windows\System\GvTvcHu.exe
  2⤵
  PID:8200
- C:\Windows\System\vwuSnha.exe
  C:\Windows\System\vwuSnha.exe
  2⤵
  PID:8216
- C:\Windows\System\NYfmRdx.exe
  C:\Windows\System\NYfmRdx.exe
  2⤵
  PID:8232
- C:\Windows\System\uIKdJRk.exe
  C:\Windows\System\uIKdJRk.exe
  2⤵
  PID:8264
- C:\Windows\System\gfjKbfX.exe
  C:\Windows\System\gfjKbfX.exe
  2⤵
  PID:8280
- C:\Windows\System\ZVlkvhv.exe
  C:\Windows\System\ZVlkvhv.exe
  2⤵
  PID:8296
- C:\Windows\System\CFjYnLJ.exe
  C:\Windows\System\CFjYnLJ.exe
  2⤵
  PID:8312
- C:\Windows\System\nfrzfhj.exe
  C:\Windows\System\nfrzfhj.exe
  2⤵
  PID:8328
- C:\Windows\System\RNGgqMZ.exe
  C:\Windows\System\RNGgqMZ.exe
  2⤵
  PID:8344
- C:\Windows\System\XRckHkY.exe
  C:\Windows\System\XRckHkY.exe
  2⤵
  PID:8360
- C:\Windows\System\ApzhYZb.exe
  C:\Windows\System\ApzhYZb.exe
  2⤵
  PID:8376
- C:\Windows\System\hmJLhph.exe
  C:\Windows\System\hmJLhph.exe
  2⤵
  PID:8392
- C:\Windows\System\iTrlOPQ.exe
  C:\Windows\System\iTrlOPQ.exe
  2⤵
  PID:8408
- C:\Windows\System\YwVMBEq.exe
  C:\Windows\System\YwVMBEq.exe
  2⤵
  PID:8424
- C:\Windows\System\pKpttUD.exe
  C:\Windows\System\pKpttUD.exe
  2⤵
  PID:8440
- C:\Windows\System\nqPXrRI.exe
  C:\Windows\System\nqPXrRI.exe
  2⤵
  PID:8520
- C:\Windows\System\iMcokfw.exe
  C:\Windows\System\iMcokfw.exe
  2⤵
  PID:8540
- C:\Windows\System\QpLquMD.exe
  C:\Windows\System\QpLquMD.exe
  2⤵
  PID:8556
- C:\Windows\System\yzVWxlK.exe
  C:\Windows\System\yzVWxlK.exe
  2⤵
  PID:8584
- C:\Windows\System\jqzKuAI.exe
  C:\Windows\System\jqzKuAI.exe
  2⤵
  PID:8600
- C:\Windows\System\NSqQmfc.exe
  C:\Windows\System\NSqQmfc.exe
  2⤵
  PID:8620
- C:\Windows\System\sYLCCOq.exe
  C:\Windows\System\sYLCCOq.exe
  2⤵
  PID:8640
- C:\Windows\System\pcZiFBk.exe
  C:\Windows\System\pcZiFBk.exe
  2⤵
  PID:8660
- C:\Windows\System\YjxslIc.exe
  C:\Windows\System\YjxslIc.exe
  2⤵
  PID:8684
- C:\Windows\System\ldTHlTs.exe
  C:\Windows\System\ldTHlTs.exe
  2⤵
  PID:8704
- C:\Windows\System\JsvBUcW.exe
  C:\Windows\System\JsvBUcW.exe
  2⤵
  PID:8724
- C:\Windows\System\abqjRkR.exe
  C:\Windows\System\abqjRkR.exe
  2⤵
  PID:8740
- C:\Windows\System\bvIBPnC.exe
  C:\Windows\System\bvIBPnC.exe
  2⤵
  PID:8756
- C:\Windows\System\UYiBpWI.exe
  C:\Windows\System\UYiBpWI.exe
  2⤵
  PID:8772
- C:\Windows\System\ZMOeSQe.exe
  C:\Windows\System\ZMOeSQe.exe
  2⤵
  PID:8788
- C:\Windows\System\PCMPKzL.exe
  C:\Windows\System\PCMPKzL.exe
  2⤵
  PID:8804
- C:\Windows\System\RAPOXve.exe
  C:\Windows\System\RAPOXve.exe
  2⤵
  PID:8820
- C:\Windows\System\PFMXHUb.exe
  C:\Windows\System\PFMXHUb.exe
  2⤵
  PID:8836
- C:\Windows\System\vYKmHJq.exe
  C:\Windows\System\vYKmHJq.exe
  2⤵
  PID:8852
- C:\Windows\System\JCEcXIE.exe
  C:\Windows\System\JCEcXIE.exe
  2⤵
  PID:8872
- C:\Windows\System\oCuYxhG.exe
  C:\Windows\System\oCuYxhG.exe
  2⤵
  PID:8892
- C:\Windows\System\hqxctkg.exe
  C:\Windows\System\hqxctkg.exe
  2⤵
  PID:8912
- C:\Windows\System\hIslpoc.exe
  C:\Windows\System\hIslpoc.exe
  2⤵
  PID:8936
- C:\Windows\System\ekfKdyE.exe
  C:\Windows\System\ekfKdyE.exe
  2⤵
  PID:8956
- C:\Windows\System\IPmCaKZ.exe
  C:\Windows\System\IPmCaKZ.exe
  2⤵
  PID:8976
- C:\Windows\System\xolUlzv.exe
  C:\Windows\System\xolUlzv.exe
  2⤵
  PID:8992
- C:\Windows\System\IgLxmXH.exe
  C:\Windows\System\IgLxmXH.exe
  2⤵
  PID:9008
- C:\Windows\System\rnMKatO.exe
  C:\Windows\System\rnMKatO.exe
  2⤵
  PID:9024
- C:\Windows\System\mqCNeSl.exe
  C:\Windows\System\mqCNeSl.exe
  2⤵
  PID:9044
- C:\Windows\System\oIDFruT.exe
  C:\Windows\System\oIDFruT.exe
  2⤵
  PID:9064
- C:\Windows\System\ILgDxwc.exe
  C:\Windows\System\ILgDxwc.exe
  2⤵
  PID:9080
- C:\Windows\System\POpHaZO.exe
  C:\Windows\System\POpHaZO.exe
  2⤵
  PID:9100
- C:\Windows\System\KfzrSMS.exe
  C:\Windows\System\KfzrSMS.exe
  2⤵
  PID:9120
- C:\Windows\System\jTDeYli.exe
  C:\Windows\System\jTDeYli.exe
  2⤵
  PID:9136
- C:\Windows\System\VaJOQxU.exe
  C:\Windows\System\VaJOQxU.exe
  2⤵
  PID:9156
- C:\Windows\System\ZvvbjxY.exe
  C:\Windows\System\ZvvbjxY.exe
  2⤵
  PID:9176
- C:\Windows\System\rJXzHmd.exe
  C:\Windows\System\rJXzHmd.exe
  2⤵
  PID:9192
- C:\Windows\System\nulSjBV.exe
  C:\Windows\System\nulSjBV.exe
  2⤵
  PID:7868
- C:\Windows\System\rMQypKI.exe
  C:\Windows\System\rMQypKI.exe
  2⤵
  PID:8240
- C:\Windows\System\FuRzzbe.exe
  C:\Windows\System\FuRzzbe.exe
  2⤵
  PID:8028
- C:\Windows\System\MjXLYaZ.exe
  C:\Windows\System\MjXLYaZ.exe
  2⤵
  PID:7896
- C:\Windows\System\daPOota.exe
  C:\Windows\System\daPOota.exe
  2⤵
  PID:8256
- C:\Windows\System\xpmLAFE.exe
  C:\Windows\System\xpmLAFE.exe
  2⤵
  PID:8248
- C:\Windows\System\TjxvIpi.exe
  C:\Windows\System\TjxvIpi.exe
  2⤵
  PID:8272
- C:\Windows\System\cQfixwb.exe
  C:\Windows\System\cQfixwb.exe
  2⤵
  PID:8308
- C:\Windows\System\JCRJays.exe
  C:\Windows\System\JCRJays.exe
  2⤵
  PID:8352
- C:\Windows\System\KeDfwMi.exe
  C:\Windows\System\KeDfwMi.exe
  2⤵
  PID:8416
- C:\Windows\System\UMzvItB.exe
  C:\Windows\System\UMzvItB.exe
  2⤵
  PID:8448
- C:\Windows\System\pDliJES.exe
  C:\Windows\System\pDliJES.exe
  2⤵
  PID:8456
- C:\Windows\System\LojuwKC.exe
  C:\Windows\System\LojuwKC.exe
  2⤵
  PID:8468
- C:\Windows\System\XPVzxtk.exe
  C:\Windows\System\XPVzxtk.exe
  2⤵
  PID:8488
- C:\Windows\System\UochNGL.exe
  C:\Windows\System\UochNGL.exe
  2⤵
  PID:8496
- C:\Windows\System\FiZrVcN.exe
  C:\Windows\System\FiZrVcN.exe
  2⤵
  PID:8568
- C:\Windows\System\XKVVXLZ.exe
  C:\Windows\System\XKVVXLZ.exe
  2⤵
  PID:8596
- C:\Windows\System\tlIUDZE.exe
  C:\Windows\System\tlIUDZE.exe
  2⤵
  PID:8764
- C:\Windows\System\anbjoxu.exe
  C:\Windows\System\anbjoxu.exe
  2⤵
  PID:8752
- C:\Windows\System\lmOQkcn.exe
  C:\Windows\System\lmOQkcn.exe
  2⤵
  PID:8844
- C:\Windows\System\mCeWbqF.exe
  C:\Windows\System\mCeWbqF.exe
  2⤵
  PID:8924
- C:\Windows\System\pWXhkal.exe
  C:\Windows\System\pWXhkal.exe
  2⤵
  PID:8968
- C:\Windows\System\tVPelZP.exe
  C:\Windows\System\tVPelZP.exe
  2⤵
  PID:9032
- C:\Windows\System\iDmDPYL.exe
  C:\Windows\System\iDmDPYL.exe
  2⤵
  PID:9076
- C:\Windows\System\GKYALeI.exe
  C:\Windows\System\GKYALeI.exe
  2⤵
  PID:9144
- C:\Windows\System\XuUJpBe.exe
  C:\Windows\System\XuUJpBe.exe
  2⤵
  PID:9188
- C:\Windows\System\ATpAymY.exe
  C:\Windows\System\ATpAymY.exe
  2⤵
  PID:7708
- C:\Windows\System\vzRIiKC.exe
  C:\Windows\System\vzRIiKC.exe
  2⤵
  PID:8244
- C:\Windows\System\xwCxAiM.exe
  C:\Windows\System\xwCxAiM.exe
  2⤵
  PID:8196
- C:\Windows\System\QILinfM.exe
  C:\Windows\System\QILinfM.exe
  2⤵
  PID:8432
- C:\Windows\System\HhQovjE.exe
  C:\Windows\System\HhQovjE.exe
  2⤵
  PID:8908
- C:\Windows\System\FgJXfkC.exe
  C:\Windows\System\FgJXfkC.exe
  2⤵
  PID:9052
- C:\Windows\System\olomkrN.exe
  C:\Windows\System\olomkrN.exe
  2⤵
  PID:9092
- C:\Windows\System\dgcRRub.exe
  C:\Windows\System\dgcRRub.exe
  2⤵
  PID:9168
- C:\Windows\System\hBJDoHv.exe
  C:\Windows\System\hBJDoHv.exe
  2⤵
  PID:7936
- C:\Windows\System\ipfMIau.exe
  C:\Windows\System\ipfMIau.exe
  2⤵
  PID:8320
- C:\Windows\System\fgnqtZT.exe
  C:\Windows\System\fgnqtZT.exe
  2⤵
  PID:8400
- C:\Windows\System\PvDqkoP.exe
  C:\Windows\System\PvDqkoP.exe
  2⤵
  PID:8420
- C:\Windows\System\UFKYTWr.exe
  C:\Windows\System\UFKYTWr.exe
  2⤵
  PID:8548
- C:\Windows\System\lwqYehc.exe
  C:\Windows\System\lwqYehc.exe
  2⤵
  PID:8536
- C:\Windows\System\jBafQgx.exe
  C:\Windows\System\jBafQgx.exe
  2⤵
  PID:8612
- C:\Windows\System\CqLfQPk.exe
  C:\Windows\System\CqLfQPk.exe
  2⤵
  PID:8676
- C:\Windows\System\jreXfyj.exe
  C:\Windows\System\jreXfyj.exe
  2⤵
  PID:8636
- C:\Windows\System\nDjXLmx.exe
  C:\Windows\System\nDjXLmx.exe
  2⤵
  PID:8848
- C:\Windows\System\WjZcZwK.exe
  C:\Windows\System\WjZcZwK.exe
  2⤵
  PID:8564
- C:\Windows\System\phPTxjA.exe
  C:\Windows\System\phPTxjA.exe
  2⤵
  PID:9184
- C:\Windows\System\zmhIrAW.exe
  C:\Windows\System\zmhIrAW.exe
  2⤵
  PID:7348
- C:\Windows\System\CvcyKcT.exe
  C:\Windows\System\CvcyKcT.exe
  2⤵
  PID:7272
- C:\Windows\System\KnGfMuB.exe
  C:\Windows\System\KnGfMuB.exe
  2⤵
  PID:8404
- C:\Windows\System\lpBJvRA.exe
  C:\Windows\System\lpBJvRA.exe
  2⤵
  PID:8984
- C:\Windows\System\ZvOFVDV.exe
  C:\Windows\System\ZvOFVDV.exe
  2⤵
  PID:9016
- C:\Windows\System\POmNsSz.exe
  C:\Windows\System\POmNsSz.exe
  2⤵
  PID:8356
- C:\Windows\System\dUsnytk.exe
  C:\Windows\System\dUsnytk.exe
  2⤵
  PID:8532
- C:\Windows\System\KBTcZGi.exe
  C:\Windows\System\KBTcZGi.exe
  2⤵
  PID:8632
- C:\Windows\System\KIBGRGU.exe
  C:\Windows\System\KIBGRGU.exe
  2⤵
  PID:9040
- C:\Windows\System\kYUdCau.exe
  C:\Windows\System\kYUdCau.exe
  2⤵
  PID:8680
- C:\Windows\System\EbYjJiz.exe
  C:\Windows\System\EbYjJiz.exe
  2⤵
  PID:8384
- C:\Windows\System\iYWCNOZ.exe
  C:\Windows\System\iYWCNOZ.exe
  2⤵
  PID:9004
- C:\Windows\System\ODKcpMd.exe
  C:\Windows\System\ODKcpMd.exe
  2⤵
  PID:9204
- C:\Windows\System\bebHwgI.exe
  C:\Windows\System\bebHwgI.exe
  2⤵
  PID:8472
- C:\Windows\System\PsySytR.exe
  C:\Windows\System\PsySytR.exe
  2⤵
  PID:8732
- C:\Windows\System\TfjqcbI.exe
  C:\Windows\System\TfjqcbI.exe
  2⤵
  PID:8552
- C:\Windows\System\BLKmkOf.exe
  C:\Windows\System\BLKmkOf.exe
  2⤵
  PID:9116
- C:\Windows\System\QOgOIdw.exe
  C:\Windows\System\QOgOIdw.exe
  2⤵
  PID:8212
- C:\Windows\System\pHyQIYx.exe
  C:\Windows\System\pHyQIYx.exe
  2⤵
  PID:8864
- C:\Windows\System\BxnUTXg.exe
  C:\Windows\System\BxnUTXg.exe
  2⤵
  PID:8500
- C:\Windows\System\vBbImdN.exe
  C:\Windows\System\vBbImdN.exe
  2⤵
  PID:8628
- C:\Windows\System\hlalAlM.exe
  C:\Windows\System\hlalAlM.exe
  2⤵
  PID:8592
- C:\Windows\System\SYjHEXi.exe
  C:\Windows\System\SYjHEXi.exe
  2⤵
  PID:8388
- C:\Windows\System\ALfmetH.exe
  C:\Windows\System\ALfmetH.exe
  2⤵
  PID:9212
- C:\Windows\System\ptPwRhv.exe
  C:\Windows\System\ptPwRhv.exe
  2⤵
  PID:9224
- C:\Windows\System\fWTwRgY.exe
  C:\Windows\System\fWTwRgY.exe
  2⤵
  PID:9240
- C:\Windows\System\UzWVWZf.exe
  C:\Windows\System\UzWVWZf.exe
  2⤵
  PID:9256
- C:\Windows\System\urYBNvE.exe
  C:\Windows\System\urYBNvE.exe
  2⤵
  PID:9272
- C:\Windows\System\YleFayL.exe
  C:\Windows\System\YleFayL.exe
  2⤵
  PID:9288
- C:\Windows\System\BnHwIeU.exe
  C:\Windows\System\BnHwIeU.exe
  2⤵
  PID:9308
- C:\Windows\System\TLizkQo.exe
  C:\Windows\System\TLizkQo.exe
  2⤵
  PID:9376
- C:\Windows\System\vylkyqi.exe
  C:\Windows\System\vylkyqi.exe
  2⤵
  PID:9392
- C:\Windows\System\tjsuyHp.exe
  C:\Windows\System\tjsuyHp.exe
  2⤵
  PID:9408
- C:\Windows\System\Ohbnxyw.exe
  C:\Windows\System\Ohbnxyw.exe
  2⤵
  PID:9424
- C:\Windows\System\HotsYEh.exe
  C:\Windows\System\HotsYEh.exe
  2⤵
  PID:9460
- C:\Windows\System\WPnbegq.exe
  C:\Windows\System\WPnbegq.exe
  2⤵
  PID:9476
- C:\Windows\System\yPMloBS.exe
  C:\Windows\System\yPMloBS.exe
  2⤵
  PID:9496
- C:\Windows\System\QNCGbEy.exe
  C:\Windows\System\QNCGbEy.exe
  2⤵
  PID:9520
- C:\Windows\System\ilxTwgq.exe
  C:\Windows\System\ilxTwgq.exe
  2⤵
  PID:9540
- C:\Windows\System\CAzrkaq.exe
  C:\Windows\System\CAzrkaq.exe
  2⤵
  PID:9560
- C:\Windows\System\WvSmFNb.exe
  C:\Windows\System\WvSmFNb.exe
  2⤵
  PID:9580
- C:\Windows\System\QKBLCtm.exe
  C:\Windows\System\QKBLCtm.exe
  2⤵
  PID:9600
- C:\Windows\System\yHdcaeO.exe
  C:\Windows\System\yHdcaeO.exe
  2⤵
  PID:9624
- C:\Windows\System\oVOlqaD.exe
  C:\Windows\System\oVOlqaD.exe
  2⤵
  PID:9644
- C:\Windows\System\jPPIFKU.exe
  C:\Windows\System\jPPIFKU.exe
  2⤵
  PID:9664
- C:\Windows\System\ObtxIEL.exe
  C:\Windows\System\ObtxIEL.exe
  2⤵
  PID:9684
- C:\Windows\System\WTKpnAC.exe
  C:\Windows\System\WTKpnAC.exe
  2⤵
  PID:9704
- C:\Windows\System\QvAziBo.exe
  C:\Windows\System\QvAziBo.exe
  2⤵
  PID:9724
- C:\Windows\System\PjjBMME.exe
  C:\Windows\System\PjjBMME.exe
  2⤵
  PID:9740
- C:\Windows\System\YEpzwrq.exe
  C:\Windows\System\YEpzwrq.exe
  2⤵
  PID:9760
- C:\Windows\System\gEUZIMo.exe
  C:\Windows\System\gEUZIMo.exe
  2⤵
  PID:9780
- C:\Windows\System\IOYDtFm.exe
  C:\Windows\System\IOYDtFm.exe
  2⤵
  PID:9804
- C:\Windows\System\dSWxakK.exe
  C:\Windows\System\dSWxakK.exe
  2⤵
  PID:9824
- C:\Windows\System\LWXHsqT.exe
  C:\Windows\System\LWXHsqT.exe
  2⤵
  PID:9844
- C:\Windows\System\TCXlReH.exe
  C:\Windows\System\TCXlReH.exe
  2⤵
  PID:9864
- C:\Windows\System\epVgAdk.exe
  C:\Windows\System\epVgAdk.exe
  2⤵
  PID:9888
- C:\Windows\System\HbVBCDa.exe
  C:\Windows\System\HbVBCDa.exe
  2⤵
  PID:9904
- C:\Windows\System\BmsCArr.exe
  C:\Windows\System\BmsCArr.exe
  2⤵
  PID:9928
- C:\Windows\System\KarpkMF.exe
  C:\Windows\System\KarpkMF.exe
  2⤵
  PID:9948
- C:\Windows\System\eSgzplG.exe
  C:\Windows\System\eSgzplG.exe
  2⤵
  PID:9968
- C:\Windows\System\nxJfuUX.exe
  C:\Windows\System\nxJfuUX.exe
  2⤵
  PID:9992
- C:\Windows\System\AhxtdLb.exe
  C:\Windows\System\AhxtdLb.exe
  2⤵
  PID:10008
- C:\Windows\System\mfhlfQi.exe
  C:\Windows\System\mfhlfQi.exe
  2⤵
  PID:10032
- C:\Windows\System\LZawMbt.exe
  C:\Windows\System\LZawMbt.exe
  2⤵
  PID:10052
- C:\Windows\System\PfZOAtt.exe
  C:\Windows\System\PfZOAtt.exe
  2⤵
  PID:10072
- C:\Windows\System\mRKoiRu.exe
  C:\Windows\System\mRKoiRu.exe
  2⤵
  PID:10092
- C:\Windows\System\wPUaYKN.exe
  C:\Windows\System\wPUaYKN.exe
  2⤵
  PID:10112
- C:\Windows\System\AQVfdHY.exe
  C:\Windows\System\AQVfdHY.exe
  2⤵
  PID:10132
- C:\Windows\System\vGNsIeA.exe
  C:\Windows\System\vGNsIeA.exe
  2⤵
  PID:10152
- C:\Windows\System\pcedtvI.exe
  C:\Windows\System\pcedtvI.exe
  2⤵
  PID:10168
- C:\Windows\System\wFnRzzx.exe
  C:\Windows\System\wFnRzzx.exe
  2⤵
  PID:10188
- C:\Windows\System\TeAYBeN.exe
  C:\Windows\System\TeAYBeN.exe
  2⤵
  PID:10204
- C:\Windows\System\POqlrQE.exe
  C:\Windows\System\POqlrQE.exe
  2⤵
  PID:10224
- C:\Windows\System\bYqEDqU.exe
  C:\Windows\System\bYqEDqU.exe
  2⤵
  PID:8208
- C:\Windows\System\wYfVBjn.exe
  C:\Windows\System\wYfVBjn.exe
  2⤵
  PID:8480
- C:\Windows\System\LScLyPW.exe
  C:\Windows\System\LScLyPW.exe
  2⤵
  PID:9236
- C:\Windows\System\dnJPRse.exe
  C:\Windows\System\dnJPRse.exe
  2⤵
  PID:9304
- C:\Windows\System\kMNZFJJ.exe
  C:\Windows\System\kMNZFJJ.exe
  2⤵
  PID:9248
- C:\Windows\System\ZfseAdO.exe
  C:\Windows\System\ZfseAdO.exe
  2⤵
  PID:8904
- C:\Windows\System\VoqTmok.exe
  C:\Windows\System\VoqTmok.exe
  2⤵
  PID:9132
- C:\Windows\System\wxtYKLI.exe
  C:\Windows\System\wxtYKLI.exe
  2⤵
  PID:9200
- C:\Windows\System\mpxfFkA.exe
  C:\Windows\System\mpxfFkA.exe
  2⤵
  PID:9320
- C:\Windows\System\eApvjwJ.exe
  C:\Windows\System\eApvjwJ.exe
  2⤵
  PID:9404
- C:\Windows\System\JbpRskd.exe
  C:\Windows\System\JbpRskd.exe
  2⤵
  PID:9372
- C:\Windows\System\RQzCmUv.exe
  C:\Windows\System\RQzCmUv.exe
  2⤵
  PID:9420
- C:\Windows\System\HeOPSSa.exe
  C:\Windows\System\HeOPSSa.exe
  2⤵
  PID:9456
- C:\Windows\System\dEaXsDS.exe
  C:\Windows\System\dEaXsDS.exe
  2⤵
  PID:9488
- C:\Windows\System\zBxeaUl.exe
  C:\Windows\System\zBxeaUl.exe
  2⤵
  PID:9528
- C:\Windows\System\qYLnWUt.exe
  C:\Windows\System\qYLnWUt.exe
  2⤵
  PID:9552
- C:\Windows\System\QhKNSsm.exe
  C:\Windows\System\QhKNSsm.exe
  2⤵
  PID:9592
- C:\Windows\System\rvHKjVE.exe
  C:\Windows\System\rvHKjVE.exe
  2⤵
  PID:9616
- C:\Windows\System\NCNGngP.exe
  C:\Windows\System\NCNGngP.exe
  2⤵
  PID:9652
- C:\Windows\System\gbyPKcM.exe
  C:\Windows\System\gbyPKcM.exe
  2⤵
  PID:9680
- C:\Windows\System\kUTvRlK.exe
  C:\Windows\System\kUTvRlK.exe
  2⤵
  PID:9736
- C:\Windows\System\gwEfotC.exe
  C:\Windows\System\gwEfotC.exe
  2⤵
  PID:9772
- C:\Windows\System\PcDqIEa.exe
  C:\Windows\System\PcDqIEa.exe
  2⤵
  PID:9800
- C:\Windows\System\cfjBaPx.exe
  C:\Windows\System\cfjBaPx.exe
  2⤵
  PID:9840
- C:\Windows\System\xeZWxbf.exe
  C:\Windows\System\xeZWxbf.exe
  2⤵
  PID:9860
- C:\Windows\System\ybtowKV.exe
  C:\Windows\System\ybtowKV.exe
  2⤵
  PID:9896
- C:\Windows\System\uDdpmza.exe
  C:\Windows\System\uDdpmza.exe
  2⤵
  PID:9916
- C:\Windows\System\WQylJaB.exe
  C:\Windows\System\WQylJaB.exe
  2⤵
  PID:9956
- C:\Windows\System\HPvQtCY.exe
  C:\Windows\System\HPvQtCY.exe
  2⤵
  PID:9984
- C:\Windows\System\gZbeaGc.exe
  C:\Windows\System\gZbeaGc.exe
  2⤵
  PID:10016
- C:\Windows\System\chBddjm.exe
  C:\Windows\System\chBddjm.exe
  2⤵
  PID:10028
- C:\Windows\System\EitMesV.exe
  C:\Windows\System\EitMesV.exe
  2⤵
  PID:10068
- C:\Windows\System\NuwshvW.exe
  C:\Windows\System\NuwshvW.exe
  2⤵
  PID:10088
- C:\Windows\System\ilYZbYM.exe
  C:\Windows\System\ilYZbYM.exe
  2⤵
  PID:10120
- C:\Windows\System\DCYMGXm.exe
  C:\Windows\System\DCYMGXm.exe
  2⤵
  PID:10160
- C:\Windows\System\WzWxrjr.exe
  C:\Windows\System\WzWxrjr.exe
  2⤵
  PID:10232
- C:\Windows\System\KXNbPMQ.exe
  C:\Windows\System\KXNbPMQ.exe
  2⤵
  PID:8964
- C:\Windows\System\FPuILZx.exe
  C:\Windows\System\FPuILZx.exe
  2⤵
  PID:9508
- C:\Windows\System\IJpUbkc.exe
  C:\Windows\System\IJpUbkc.exe
  2⤵
  PID:10216
- C:\Windows\System\EYlMOhd.exe
  C:\Windows\System\EYlMOhd.exe
  2⤵
  PID:9112
- C:\Windows\System\iRNVudr.exe
  C:\Windows\System\iRNVudr.exe
  2⤵
  PID:9416
- C:\Windows\System\oaxwjnz.exe
  C:\Windows\System\oaxwjnz.exe
  2⤵
  PID:9344
- C:\Windows\System\xxAfBIx.exe
  C:\Windows\System\xxAfBIx.exe
  2⤵
  PID:9484
- C:\Windows\System\aXVwOGc.exe
  C:\Windows\System\aXVwOGc.exe
  2⤵
  PID:9636
- C:\Windows\System\lQooXgL.exe
  C:\Windows\System\lQooXgL.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ArSaBdt.exe

Filesize
6.0MB

MD5
bd272f5a7a12ab45d33d02bd4d8135ec

SHA1
c97093599a6d3ab293414ad771913514ff66fa0f

SHA256
0fe8426ce24f904a7d4cdd343130d31b49814eaa890087c0837cd9dcaff6bce3

SHA512
617d47ff2984bb92365cfad82e3861611ce9bc26910ce6402b331334aa490da548064a17fb799e51aba95d4e8a23fc6303e538ba5fa60e75e3a51fa9e2802d33

Download Submit
C:\Windows\system\GeMlqpR.exe

Filesize
6.0MB

MD5
cc156ba9442dac9218976d0e24916a04

SHA1
309bdc19c15886064e3f8e6154176d678ebc00db

SHA256
ba4c9d7ab06805c55f7b14f20e4c223070ef9e8a22c00035125240adc60a4467

SHA512
6a8a5905d005d08a1df47a3506dc37e3532e797be2efe8cb792983952094ac6919555f1d0890e8eb1b75e5f75d044a89b8cc9564931f2cd17ceeac8e28f32650

Download Submit
C:\Windows\system\IWReugG.exe

Filesize
6.0MB

MD5
58b2e28b4bfd66a7bc62ba842932c210

SHA1
af9072fd2438514d56cf5295861fb3495281f124

SHA256
2ad7c0e182e983875f4d8d5c263df7068f19a9c7b0ed10db12c591abf817a2b9

SHA512
fae00d821f80a2a60fa2f7b6229c6f3df85b1b54964bd0bd3b1500a55504ef7f2f5533f22f5d62e07dcbe7b48bf4444898d148dd2ba8177c677d6eb111c36853

Download Submit
C:\Windows\system\JTGWuRf.exe

Filesize
6.0MB

MD5
76a3671e0afb72ca8ee771886390fb9b

SHA1
eb447b102b3b5010d3194d2a3d7cf9f8fc212fde

SHA256
945fab7ec1272c7c4e191dcc7a89eba671aea2e546ec8267a93c290b0094aa39

SHA512
285c58e74e7e2dbb97c1ff707b562953cb5b8f1f085f276238286738926b37d6984f728c2924e8b19c3f916041e5212a48cacee6bd5f93d308f9d87c210c65ca

Download Submit
C:\Windows\system\MSBiQBp.exe

Filesize
6.0MB

MD5
f811d25980cf16b19cecf05e242bb3e6

SHA1
f55e75e3c21a73b853de26dd28fb2de70a0a947f

SHA256
18180117c6e49662f9604ea03d1f91e08386c6bc70244b78532c5c4c21c09240

SHA512
0b2466722b0ac0a60e1333de9d559a494371b695903667ab8ca3894a5c1d8fcf37430cac8decc0ba70cf7041e132d4f2e524135637b621cb9bc8eea62ea8934e

Download Submit
C:\Windows\system\NuiWKWB.exe

Filesize
6.0MB

MD5
7edcb68343144fa176050b7b696df440

SHA1
5de659864af29933adccde1f63e6aec03091471d

SHA256
8b7c75c6102415a44ffb9a5016612c52b4e144331a1ec60345a9f2a5c1526ef7

SHA512
9895ccb10181c3726011a01ed9e3f5adc922eeeaa46cd0b98bd94c9005a1272f383823e05a858c837bd7fe7e8f9bebc30e1cacb5e3e6e393341285f1044395b6

Download Submit
C:\Windows\system\SjWmLHo.exe

Filesize
6.0MB

MD5
5a538ee72305c8081d7dd7faaf6639a8

SHA1
bbb321ea91b829fde2b5bb7fcac29046eabc6dc9

SHA256
34b65e15170fc8292fdb434d751467f40efc7d80482fa43cd1af3e927287865e

SHA512
626faf3ca05fbeebd263d39f3cb4d19f0a7f98c0c8dd358f66233eafaffc73a9c46aab50f84b15077550e5d0fa0a33193606fd4381ad2db2c115d45868936f39

Download Submit
C:\Windows\system\UAtBmtt.exe

Filesize
6.0MB

MD5
2fa9bd8e5a53d8953f5b1569ea99e4c8

SHA1
bd1a9037a81b4afff67cc7bbe7ba03b8385e7e85

SHA256
a366cf83347fd8ec515d2107b0e60abf2219b106b4cee742a1516d6b9c8241f0

SHA512
c1af944cd2af0c0789181f6c1324d8475118ce984501de23226c1ededaea4043c6b11263709a0615f49b6978d24e6387a3cdf85c1c5fc15b577961f528c31543

Download Submit
C:\Windows\system\UasBWLO.exe

Filesize
6.0MB

MD5
29332893509a6280a690a92852152b23

SHA1
585b5bf1b33487757d14d3682a7c4831db06c1c8

SHA256
f4e7517168ca33be918a00e41337d9f2879276e8eeb1a78c0fd615fb1dd75f25

SHA512
b5d5cf2e1ab83ae6f701ef0bf33bce5138cf9ab93b8b66498694544148803eefd3a096c1bc97f98a04a2f574c39e9f4becee5ea1ca2ee0279237e442a0a62abd

Download Submit
C:\Windows\system\XeFydmt.exe

Filesize
6.0MB

MD5
589909d10399ac634e03c7f1d21a1858

SHA1
5949aaa65b85ace79671b1cf1daa12fad2345544

SHA256
b0518123afdcb79e11c2f2844c34af075dca53cfbc2f1c270c10e69da588fed0

SHA512
21cb2528d6206af5253ef412c66b0c7b80d4f3374558c6675e5b76a7456eb25d74816e83bcd7abc7b446ff0891e60f148751fe9cfa2d48b3eba17a1ad3547283

Download Submit
C:\Windows\system\YnQlQyD.exe

Filesize
6.0MB

MD5
7f17d899687213d77d04f31e61561e44

SHA1
1acd13eb85428a6b4988ef84fd6899069d04bdc0

SHA256
110489a461e8ef7e4c820547a3ba1ac7df90da75def30c9f3d982e409c1b491d

SHA512
71b2d64740a623b9025bab2f6271a22e6c23d4626a4696a5a3493888bdc4e9b8cf995f271b9412a73a986b751fc1112616a431b1f137c14faaa9fa6707f4788b

Download Submit
C:\Windows\system\YnQtPMP.exe

Filesize
6.0MB

MD5
b53744bb9d1a60530e26c876179a6c41

SHA1
a51ab262186415f6fb65c35d98a19b346d729dec

SHA256
7988b941d137ed1204823e87b0b9f2dff4c2bf64cdeed03b43fe061016542932

SHA512
bf251e4ce9759962d9edfaf7dda8315b1f6c8f3281c0672584d5d0a9c9ef94b046acdb47b5fb315bc81b9406ab0d81fdcf8d61a020555211febba506ddac2a06

Download Submit
C:\Windows\system\YuchUcD.exe

Filesize
6.0MB

MD5
700e8e5920e97fc95d58a846c46c7d7b

SHA1
fa3ee2216fd021f93e29e63e4361e83867fa9ad1

SHA256
09d2e31ed3db8f9d185b90c93480ec3cb121e3487ebf3c82014f0588a6a2964e

SHA512
09b308e55cf01d360da1f54c05f039c4f5049560f2be2ad4840574ec14894dbef2db5db0597436bd8dd4a4f4b3fd144716f263a2dcbc86b6e2c34e797a9790f7

Download Submit
C:\Windows\system\cBtyQGF.exe

Filesize
6.0MB

MD5
368aacb9dc532c8a29e8147e2e28a6b0

SHA1
8b3888cd7540c768314f1d4a82185fb7e364c9ad

SHA256
322862db7f6ad359391c3945d3b280b13ab55c5b2f3d21a4b3d6ab669aebc10e

SHA512
5f2f639a693dc34bcdd635e23895881d2ca7b48a5bdbbd29fc28558eb792a9826a19b8324437a569689322900da4e1c3483f097bcba48d832019e000ecc9c965

Download Submit
C:\Windows\system\cHSlfyp.exe

Filesize
6.0MB

MD5
d8c201d9ca400d25dce8fc4b1822744a

SHA1
200783516954b7aff9265d4c258af4fdf3d5ee5b

SHA256
8ec6802f20a32c2d092065e528dfdd684a8d8f1e376c70ad20b2a2b250335ace

SHA512
c70bf230f7eb33334b46b7e9652e751282d3d82ba6fe3195cc3065a3c7cab8f035d9c141ead783117a8d4110291cde46ca997375234433faa0c31db3c5e5e63c

Download Submit
C:\Windows\system\errXpUp.exe

Filesize
6.0MB

MD5
e0892978f91015b30c12c385ee57a204

SHA1
72c81f45683462536e3f5d3c68ab9374812d9919

SHA256
82c71a2c928d5bb88fed5bc2e5d88b42c2134ac07fa1173413d11fa2f2d98337

SHA512
bae33c70922034ee1e0a451bdc1ce1eab29a9633108b4bd9ffbe93203125074b04e97db7e204124f93f35ad4d9faff30e12859f04dee9116bca32379652d60f5

Download Submit
C:\Windows\system\jBPUICm.exe

Filesize
6.0MB

MD5
bb36299331a7b0601ab98165aadf1587

SHA1
3997d75906836d2a21f9939ec2c548921911ecd0

SHA256
669c346f52989f7b94aca6a931b0020f3fde566839a29b844405f65314d3c0b2

SHA512
47a377e00b602a297b67a503a8739e776aafd4c5c7144af09d3eb10aa1edc8ff73e03f95d4d2b1f09f83560d09fc1e3f330290874946e84d564b3e7842ae9e77

Download Submit
C:\Windows\system\muFPnYu.exe

Filesize
6.0MB

MD5
080c9dbe872676682c5e04e04ae17fd2

SHA1
8353e0f6f1acfe5c0dcb96d27491e1b4234b1939

SHA256
ab375977f624971f97ea2a8546bcf68817277ee3966cc70c1b14793ad90216f1

SHA512
0ac6489ba1d6f9262244bcb0ac950f70c13b811b91cfa55c14929af8f6b0390249d283f3484a6246f7a70791cc7dc1c9e5667945644697b59889c2d115ee185f

Download Submit
C:\Windows\system\oBgBQRG.exe

Filesize
6.0MB

MD5
08a1e81372918a1fb6c6b86d1fbf8e66

SHA1
ecd8613159def84de3d29663e44cff0bf17d9913

SHA256
d3d42bea0353ea05d705966ed3ac8abd8ab890e92270843a2d71f8b0dcd8cd40

SHA512
a4f02a05f2a1929fc762fb1df90bc8b410635391095dbbac089d0df609e1bb6c6b9f1cee345b4beaa0c6efc04e883aa1fb36903a37142d5726f483a450e6f76e

Download Submit
C:\Windows\system\oPHeNUR.exe

Filesize
6.0MB

MD5
19f11145abdc57bf9fb6064d6ff26767

SHA1
37880e5348c029ac817e9cdbbedc8f241466bedc

SHA256
ba6c04d106611aad7f2f13db57b8d3cc46d56edab55aada75150c5cdc44986a2

SHA512
782328556698eceda40c7121c4f456b245935a1528304ad3594280a58b529358634fce3cbe7f6167e77fc9890302e519117c0182f1cae570ec7a5c9537e93808

Download Submit
C:\Windows\system\qHVRwoz.exe

Filesize
6.0MB

MD5
5f1f440ffd0f6e6184a2eb011c0f7525

SHA1
066fced574b9e47369b193ae9a87c085e4c07def

SHA256
4ec7182ab6efc3a610e2fe386c81dd97a65032382af8fceee79ddd87b56981e3

SHA512
6bcf4ecf80d5412caa7614e1a76825793107d2a4828f16187e6e5fa1163892b09734d886631e6a6c0b9fa72ec77aa50c3688e3d1531f523526c1c93c61d2bc5a

Download Submit
C:\Windows\system\sPdgjWX.exe

Filesize
6.0MB

MD5
c2a2efe570c3330caf66ee7abe80089f

SHA1
4d12f4ab0c38ec24b8767eeaeb09a59a5e9932ae

SHA256
d26811c0af9960d65968eff5ca139665b524cb79a508fcf1a5e8cfec3e8b87fa

SHA512
b0e2b032c697f5e4cbf4a521318af3c2c16cf103da6169030581972555d4959ea0aea1a864f2411c2a768f932c905f98727ec63f8e30621ec45349a2aacbf318

Download Submit
C:\Windows\system\uVFaEWX.exe

Filesize
6.0MB

MD5
35027009a42d1214a0e540fc98a8e21f

SHA1
c1457cbed1ef2437d331add4bc9c0ac542ffc014

SHA256
28a9694f1e31ba9c84f55d2d740d73e7d3dc7625b129d80b66cd61b0ed82f004

SHA512
7105a0b997580629c9652630bd76fce53723e83201b0102f43e8dd706e49fd095561b19c7109383e193a20a5d57d8d5668c9054b87c8c81b3559bd20d180b5a2

Download Submit
C:\Windows\system\wDGcETk.exe

Filesize
6.0MB

MD5
e2b17fa54a6a2fdaabf23735b2f68bd6

SHA1
217aa8352c803b3acd3dafec68a3f8209b89641a

SHA256
a94bf1269f551455aa570376750b6c8ab9cc31ac723fbd9a14316b9e65af0f9b

SHA512
b79a3b1ebbbe87b117dbeca37baef47d743cd5e9430254842681955249edfe34b4971060cbfdba12e84cff71b48eb1de87339199e06f9df2f264c3988a6a6c1b

Download Submit
C:\Windows\system\zERrzsS.exe

Filesize
6.0MB

MD5
8dd97c01e9f7c57a651ad50488d90c41

SHA1
822e54f9e80684af3b866c4ff4a9ab6a47022e32

SHA256
9a7ca27e81b7cefbbf3c6e997efcc57d938740302441c9b3a29b6cbb1c03f550

SHA512
b06e40e462163c4a04af7ad3faffda2330f512c3823eef3999e6b833a7031906df5801966d863d866f6aef0fd6e07e8def9efec7a360b471996263d85da190ee

Download Submit
C:\Windows\system\zjIrmOW.exe

Filesize
6.0MB

MD5
51866716436148a11673a32c245d5dcf

SHA1
eedb04b3c9a09db334a25cbae1eabcacc8875de9

SHA256
7a21beffeb75c6434e661b05a4bce1741d849f2c3178e3c799824b110081274c

SHA512
decfcfec651dfaa6c9ab2432164dfb5fe3c4b384eb1730278ac9affad9493a3f47202b7735d2a8afcd696d084afb38fec4b877cf739f3c31d8158f95d028bafd

Download Submit
\Windows\system\BvhbuTq.exe

Filesize
6.0MB

MD5
77a635564faa0ea5d48784ff9e6c3525

SHA1
0db94ef9e5f8404f5f2b05c271a21a082bcc09eb

SHA256
da74c1c9c8c17dfb007cf476554e86a8e66722c29086f8a57847291b15f43d81

SHA512
9b7e7bd47b068c0f497e210e93b1a907330c9876061d238fabd552b515f5f179cb6f51c88d54f0752c10ccfc43b487e6caf6129afec5fde4b27cfc1ef7bc4736

Download Submit
\Windows\system\FkfYrSh.exe

Filesize
6.0MB

MD5
d2a330d30f24d1daa0aea3c387451d63

SHA1
e2c059573911ddba3125559a5b023fe03bd31e89

SHA256
61202748040153da6559877f447907eb9910114173f76504c3625a5b556ac2a7

SHA512
8b6ec2a0067a40121360d56c45e940a18a1e850b48518c75553d33225ab661b7fd4c2cd9c4b71cb755b49faad79b35e013096802573685a86d8efa40c99de55b

Download Submit
\Windows\system\GvTOZAZ.exe

Filesize
6.0MB

MD5
2fc01f6e7dac98c02019a45f8d7c813b

SHA1
a685006329712f9b01af48a94aaeaf04b8bd3224

SHA256
77f1eb5e4e6e6d78e18309bddf0661eba59c749a4b297d68f8f1ccacd87e3249

SHA512
3b829d573a7c2d518846840a26f3d84da8882fc2f09e1aa659ca198f3d06050428ed9d95668d6b6781b385f83e014f368932e758ea1f7fa4c404604944213297

Download Submit
\Windows\system\QqTIgVn.exe

Filesize
6.0MB

MD5
278beb64fc22081a141d6bf3d5a3ccfb

SHA1
7d8dabe50498559252089d71822eff1669bcdd69

SHA256
1292a4f95c3fa387078e8bfcfb33f0f6979fad362b1b26512bd8b32dceb3b2ba

SHA512
89882d94d68b841d038329a860b702e2b8b686554aa517b9df74b8d51b3cc8032f650296b115c5eccb808f710e0e4870bbe5e0b896bf01adca15ac61e52a9e2c

Download Submit
\Windows\system\WHGCvYo.exe

Filesize
6.0MB

MD5
fa17aae44fb64f89908dce3a7a97f7e0

SHA1
6cedd57dd37b510db9eceb71f15b8be939e69e72

SHA256
24131b5ae9d10ae42f1b5492972d96726335fb4d569b621f6a5f28d463fa8d88

SHA512
561af275978f8754903452499a9c76e9746828071e9733813c519b09c3cf4b71fd472c4cf658d1c2db8fdcbd16db749bb072fa63add1204e24f7af29dddc5416

Download Submit
\Windows\system\wLqjHZP.exe

Filesize
6.0MB

MD5
ff6f91122ec4f217c28aeb3736e15903

SHA1
37bb033a96055a4c302c6b8a5008e45cde26a156

SHA256
a77bbe1d537681aa47ea4c82aab15337f9ac3670c81d8577b06f9eca1bac650d

SHA512
8cbe96b9c1f4da68d1abccb967ab4d5a8f34e67ded2988c645952575c30f7eecc2f45d3c6ac1f20bd014b8ac67a598eed92c505a84e47e2e3effe751693a39c1

Download Submit
memory/304-52-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/304-3249-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/908-3273-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/908-1136-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/908-109-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1104-946-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-100-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-3279-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-127-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-3280-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-494-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3244-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-61-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-29-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2596-72-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3190-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-43-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3217-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2616-337-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2688-36-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-804-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-0-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-126-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-130-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-8-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-493-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-131-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-93-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-92-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2688-91-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-945-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-89-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2688-88-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-57-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-22-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-28-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-63-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2688-1148-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1283-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2688-49-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-797-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-42-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1274-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-19-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3181-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2692-23-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3180-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2716-18-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2716-51-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3191-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2768-37-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3183-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2852-13-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3265-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-75-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download