cobaltstrike | 65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
Size

6.0MB
MD5

4b93f31df2516ca67eeb0e15e6b77042
SHA1

760785db4a824848ea4092214d5a03db63642f23
SHA256

65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9
SHA512

2a330a01c0834a708b67e7a620f80b713999936c151e039b686163e22a25580db3834a10d3dc7c30201f051f0334b0f5f09f039d7fc9c671d7b23c115f90ba20
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUS:eOl56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-8.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-20.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-32.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001755b-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962d-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-96.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019451-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-112.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000187a8-62.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001878e-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2396-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-6.dat	xmrig
behavioral1/files/0x00070000000186f1-8.dat	xmrig
behavioral1/memory/1948-14-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2072-13-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f4-10.dat	xmrig
behavioral1/files/0x0006000000018704-20.dat	xmrig
behavioral1/memory/1668-29-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2660-26-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2788-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018744-37.dat	xmrig
behavioral1/files/0x0006000000018739-32.dat	xmrig
behavioral1/memory/2824-42-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/3040-48-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000900000001755b-54.dat	xmrig
behavioral1/files/0x0005000000019509-119.dat	xmrig
behavioral1/files/0x000500000001950e-124.dat	xmrig
behavioral1/files/0x000500000001957e-134.dat	xmrig
behavioral1/files/0x0005000000019625-170.dat	xmrig
behavioral1/memory/2824-788-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2856-1086-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3040-888-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1668-234-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000500000001962d-190.dat	xmrig
behavioral1/files/0x0005000000019629-180.dat	xmrig
behavioral1/files/0x000500000001962b-184.dat	xmrig
behavioral1/files/0x0005000000019627-174.dat	xmrig
behavioral1/files/0x0005000000019623-158.dat	xmrig
behavioral1/files/0x0005000000019624-165.dat	xmrig
behavioral1/files/0x00050000000195f0-157.dat	xmrig
behavioral1/files/0x000500000001958e-148.dat	xmrig
behavioral1/files/0x00050000000195ab-144.dat	xmrig
behavioral1/files/0x0005000000019621-153.dat	xmrig
behavioral1/files/0x0005000000019512-129.dat	xmrig
behavioral1/files/0x00050000000194c9-107.dat	xmrig
behavioral1/memory/2724-106-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2896-103-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2396-102-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2284-100-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2816-99-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2944-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-96.dat	xmrig
behavioral1/files/0x0007000000019451-94.dat	xmrig
behavioral1/files/0x00050000000194ee-89.dat	xmrig
behavioral1/files/0x00050000000194b9-88.dat	xmrig
behavioral1/files/0x0005000000019458-84.dat	xmrig
behavioral1/files/0x00050000000194f1-83.dat	xmrig
behavioral1/files/0x0005000000019502-112.dat	xmrig
behavioral1/files/0x00070000000187a8-62.dat	xmrig
behavioral1/memory/2856-66-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2396-58-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x000800000001878e-46.dat	xmrig
behavioral1/memory/1948-4045-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1668-4048-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2824-4047-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2724-4046-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2856-4044-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2944-4043-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2788-4042-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2896-4041-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2816-4040-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2284-4039-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2072-4038-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/3040-4037-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2072	VcWasnv.exe
1948	TMujjDF.exe
2660	jqEuuqS.exe
1668	NQtozIc.exe
2788	wsJsNVB.exe
2824	PTKQQmY.exe
3040	TZqoQaX.exe
2856	pNNSdNT.exe
2896	mdRxxrK.exe
2944	zCNHBQh.exe
2816	rlAIGdf.exe
2284	RJSkVsb.exe
2724	wkUzNXE.exe
2708	vzLbqos.exe
2584	txzzIaz.exe
1996	eHJGDBM.exe
2740	Gxgygso.exe
1984	VRhXOBa.exe
2764	gSzqLdx.exe
3012	VzogQBZ.exe
3028	ogTkLkI.exe
1560	MoitNkA.exe
3032	XoOZCeS.exe
3036	SGsDOdR.exe
1696	cIYCRvj.exe
2156	NexdsRA.exe
1848	wvlzWkq.exe
2572	dcTPrvT.exe
1052	kfoRjMG.exe
1108	amtvflt.exe
788	jZCabhN.exe
1280	xwtSHEg.exe
1268	KabfuHv.exe
2476	dbHcDMj.exe
2924	lewsJVf.exe
2316	OVKrlQZ.exe
588	UglfIJU.exe
896	NddqjCP.exe
2268	ldAcMMV.exe
968	FElcsQK.exe
804	VaqhJUz.exe
1212	QsOwaNf.exe
2496	qoTDosj.exe
1720	AfUrRMT.exe
1620	HSxcvKW.exe
2204	krOytkG.exe
2096	vSmvCci.exe
2492	wSCXvdu.exe
580	RgZnDca.exe
1880	qXgemBf.exe
904	KDuMTYM.exe
2416	MAGjOga.exe
2328	vZmSFpR.exe
1532	TtZnYBE.exe
920	oxsUNeX.exe
1860	nSfbEFw.exe
2420	BCPNndP.exe
2460	OZlZUOo.exe
1644	FANZXop.exe
2732	iTGxUvg.exe
2736	XHkgdtX.exe
1968	npqBHce.exe
2696	UKspQAA.exe
2908	NZyTyhP.exe

Loads dropped DLL 64 IoCs

pid	Process
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-6.dat	upx
behavioral1/files/0x00070000000186f1-8.dat	upx
behavioral1/memory/1948-14-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2072-13-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00060000000186f4-10.dat	upx
behavioral1/files/0x0006000000018704-20.dat	upx
behavioral1/memory/1668-29-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2660-26-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2788-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0006000000018744-37.dat	upx
behavioral1/files/0x0006000000018739-32.dat	upx
behavioral1/memory/2824-42-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/3040-48-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000900000001755b-54.dat	upx
behavioral1/files/0x0005000000019509-119.dat	upx
behavioral1/files/0x000500000001950e-124.dat	upx
behavioral1/files/0x000500000001957e-134.dat	upx
behavioral1/files/0x0005000000019625-170.dat	upx
behavioral1/memory/2824-788-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2856-1086-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3040-888-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1668-234-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000500000001962d-190.dat	upx
behavioral1/files/0x0005000000019629-180.dat	upx
behavioral1/files/0x000500000001962b-184.dat	upx
behavioral1/files/0x0005000000019627-174.dat	upx
behavioral1/files/0x0005000000019623-158.dat	upx
behavioral1/files/0x0005000000019624-165.dat	upx
behavioral1/files/0x00050000000195f0-157.dat	upx
behavioral1/files/0x000500000001958e-148.dat	upx
behavioral1/files/0x00050000000195ab-144.dat	upx
behavioral1/files/0x0005000000019621-153.dat	upx
behavioral1/files/0x0005000000019512-129.dat	upx
behavioral1/files/0x00050000000194c9-107.dat	upx
behavioral1/memory/2724-106-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2896-103-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2284-100-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2816-99-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2944-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000194a9-96.dat	upx
behavioral1/files/0x0007000000019451-94.dat	upx
behavioral1/files/0x00050000000194ee-89.dat	upx
behavioral1/files/0x00050000000194b9-88.dat	upx
behavioral1/files/0x0005000000019458-84.dat	upx
behavioral1/files/0x00050000000194f1-83.dat	upx
behavioral1/files/0x0005000000019502-112.dat	upx
behavioral1/files/0x00070000000187a8-62.dat	upx
behavioral1/memory/2856-66-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2396-58-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x000800000001878e-46.dat	upx
behavioral1/memory/1948-4045-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1668-4048-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2824-4047-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2724-4046-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2856-4044-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2944-4043-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2788-4042-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2896-4041-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2816-4040-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2284-4039-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2072-4038-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/3040-4037-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2660-4036-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\arEjZAb.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\lBgNWIE.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\WnKcjkw.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\yBEISXs.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\DTFKDeO.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\SGsDOdR.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\AsbSLnq.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\wkmqKZA.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\IpLmexT.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\QWNCDov.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\uNbwkoh.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\EtAYpaW.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\ORxVFKV.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\Rajrefo.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\EZgtwEN.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\Jbtkzak.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\krBHZVH.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\Rhkiemb.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\IiUNoOy.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\KKmGrWb.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\CpQdaRk.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\dawJtDa.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\kWdwpWg.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\JXJEsPw.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\VYKdqxE.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\amtvflt.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\zkGVWGr.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\MEyrKoj.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\hQoDCug.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\YHRrwcp.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\VVDJBOE.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\MAGjOga.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\nGODiiv.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\jcmjfxN.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\dbwsnAW.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\aUwkVYW.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\NiJchQh.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\gyDvbcA.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\skXnHGU.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\TvxFNuq.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\EsiVbbq.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\ZzOlrKF.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\YhKJRGP.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\MLamvjd.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\BRbdfBF.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\oUnafhk.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\VcVAgON.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\XqBaiWm.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\AKczRTQ.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\Tspfcdy.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\OuBsLdY.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\ZcxOmqg.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\zMsPDSz.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\FqPjIQZ.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\VsNAEUd.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\oxmCFsV.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\MkAMxNW.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\hdzpaIV.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\IUVKqnN.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\jVRhCLo.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\eidXThd.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\GEypEdZ.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\tTLUwxF.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
File created	C:\Windows\System\JzRsVSU.exe	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2072	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	31
PID 2396 wrote to memory of 2072	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	31
PID 2396 wrote to memory of 2072	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	31
PID 2396 wrote to memory of 1948	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	32
PID 2396 wrote to memory of 1948	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	32
PID 2396 wrote to memory of 1948	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	32
PID 2396 wrote to memory of 2660	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	33
PID 2396 wrote to memory of 2660	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	33
PID 2396 wrote to memory of 2660	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	33
PID 2396 wrote to memory of 1668	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	34
PID 2396 wrote to memory of 1668	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	34
PID 2396 wrote to memory of 1668	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	34
PID 2396 wrote to memory of 2788	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	35
PID 2396 wrote to memory of 2788	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	35
PID 2396 wrote to memory of 2788	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	35
PID 2396 wrote to memory of 2824	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	36
PID 2396 wrote to memory of 2824	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	36
PID 2396 wrote to memory of 2824	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	36
PID 2396 wrote to memory of 3040	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	37
PID 2396 wrote to memory of 3040	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	37
PID 2396 wrote to memory of 3040	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	37
PID 2396 wrote to memory of 2856	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	38
PID 2396 wrote to memory of 2856	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	38
PID 2396 wrote to memory of 2856	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	38
PID 2396 wrote to memory of 2896	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	39
PID 2396 wrote to memory of 2896	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	39
PID 2396 wrote to memory of 2896	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	39
PID 2396 wrote to memory of 2724	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	40
PID 2396 wrote to memory of 2724	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	40
PID 2396 wrote to memory of 2724	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	40
PID 2396 wrote to memory of 2944	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	41
PID 2396 wrote to memory of 2944	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	41
PID 2396 wrote to memory of 2944	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	41
PID 2396 wrote to memory of 2708	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	42
PID 2396 wrote to memory of 2708	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	42
PID 2396 wrote to memory of 2708	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	42
PID 2396 wrote to memory of 2816	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	43
PID 2396 wrote to memory of 2816	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	43
PID 2396 wrote to memory of 2816	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	43
PID 2396 wrote to memory of 2584	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	44
PID 2396 wrote to memory of 2584	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	44
PID 2396 wrote to memory of 2584	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	44
PID 2396 wrote to memory of 2284	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	45
PID 2396 wrote to memory of 2284	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	45
PID 2396 wrote to memory of 2284	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	45
PID 2396 wrote to memory of 2740	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	46
PID 2396 wrote to memory of 2740	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	46
PID 2396 wrote to memory of 2740	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	46
PID 2396 wrote to memory of 1996	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	47
PID 2396 wrote to memory of 1996	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	47
PID 2396 wrote to memory of 1996	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	47
PID 2396 wrote to memory of 1984	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	48
PID 2396 wrote to memory of 1984	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	48
PID 2396 wrote to memory of 1984	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	48
PID 2396 wrote to memory of 2764	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	49
PID 2396 wrote to memory of 2764	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	49
PID 2396 wrote to memory of 2764	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	49
PID 2396 wrote to memory of 3012	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	50
PID 2396 wrote to memory of 3012	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	50
PID 2396 wrote to memory of 3012	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	50
PID 2396 wrote to memory of 3028	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	51
PID 2396 wrote to memory of 3028	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	51
PID 2396 wrote to memory of 3028	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	51
PID 2396 wrote to memory of 3032	2396	JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_65fd746ee8c4128874c501180925ee421099d91fa58018d8273ee208b8868be9.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System\VcWasnv.exe
  C:\Windows\System\VcWasnv.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\TMujjDF.exe
  C:\Windows\System\TMujjDF.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\jqEuuqS.exe
  C:\Windows\System\jqEuuqS.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\NQtozIc.exe
  C:\Windows\System\NQtozIc.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\wsJsNVB.exe
  C:\Windows\System\wsJsNVB.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\PTKQQmY.exe
  C:\Windows\System\PTKQQmY.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\TZqoQaX.exe
  C:\Windows\System\TZqoQaX.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\pNNSdNT.exe
  C:\Windows\System\pNNSdNT.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\mdRxxrK.exe
  C:\Windows\System\mdRxxrK.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\wkUzNXE.exe
  C:\Windows\System\wkUzNXE.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\zCNHBQh.exe
  C:\Windows\System\zCNHBQh.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\vzLbqos.exe
  C:\Windows\System\vzLbqos.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\rlAIGdf.exe
  C:\Windows\System\rlAIGdf.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\txzzIaz.exe
  C:\Windows\System\txzzIaz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\RJSkVsb.exe
  C:\Windows\System\RJSkVsb.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\Gxgygso.exe
  C:\Windows\System\Gxgygso.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\eHJGDBM.exe
  C:\Windows\System\eHJGDBM.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\VRhXOBa.exe
  C:\Windows\System\VRhXOBa.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\gSzqLdx.exe
  C:\Windows\System\gSzqLdx.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\VzogQBZ.exe
  C:\Windows\System\VzogQBZ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ogTkLkI.exe
  C:\Windows\System\ogTkLkI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\XoOZCeS.exe
  C:\Windows\System\XoOZCeS.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\MoitNkA.exe
  C:\Windows\System\MoitNkA.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\cIYCRvj.exe
  C:\Windows\System\cIYCRvj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\SGsDOdR.exe
  C:\Windows\System\SGsDOdR.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\NexdsRA.exe
  C:\Windows\System\NexdsRA.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\wvlzWkq.exe
  C:\Windows\System\wvlzWkq.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\dcTPrvT.exe
  C:\Windows\System\dcTPrvT.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kfoRjMG.exe
  C:\Windows\System\kfoRjMG.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\amtvflt.exe
  C:\Windows\System\amtvflt.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\jZCabhN.exe
  C:\Windows\System\jZCabhN.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\xwtSHEg.exe
  C:\Windows\System\xwtSHEg.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\KabfuHv.exe
  C:\Windows\System\KabfuHv.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dbHcDMj.exe
  C:\Windows\System\dbHcDMj.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\lewsJVf.exe
  C:\Windows\System\lewsJVf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\OVKrlQZ.exe
  C:\Windows\System\OVKrlQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UglfIJU.exe
  C:\Windows\System\UglfIJU.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\NddqjCP.exe
  C:\Windows\System\NddqjCP.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\ldAcMMV.exe
  C:\Windows\System\ldAcMMV.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\FElcsQK.exe
  C:\Windows\System\FElcsQK.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\VaqhJUz.exe
  C:\Windows\System\VaqhJUz.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\QsOwaNf.exe
  C:\Windows\System\QsOwaNf.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\qoTDosj.exe
  C:\Windows\System\qoTDosj.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\AfUrRMT.exe
  C:\Windows\System\AfUrRMT.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\HSxcvKW.exe
  C:\Windows\System\HSxcvKW.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\krOytkG.exe
  C:\Windows\System\krOytkG.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\vSmvCci.exe
  C:\Windows\System\vSmvCci.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\wSCXvdu.exe
  C:\Windows\System\wSCXvdu.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\RgZnDca.exe
  C:\Windows\System\RgZnDca.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\qXgemBf.exe
  C:\Windows\System\qXgemBf.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\KDuMTYM.exe
  C:\Windows\System\KDuMTYM.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\MAGjOga.exe
  C:\Windows\System\MAGjOga.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\vZmSFpR.exe
  C:\Windows\System\vZmSFpR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\TtZnYBE.exe
  C:\Windows\System\TtZnYBE.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\oxsUNeX.exe
  C:\Windows\System\oxsUNeX.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\nSfbEFw.exe
  C:\Windows\System\nSfbEFw.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\BCPNndP.exe
  C:\Windows\System\BCPNndP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\OZlZUOo.exe
  C:\Windows\System\OZlZUOo.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\FANZXop.exe
  C:\Windows\System\FANZXop.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\iTGxUvg.exe
  C:\Windows\System\iTGxUvg.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\XHkgdtX.exe
  C:\Windows\System\XHkgdtX.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\UKspQAA.exe
  C:\Windows\System\UKspQAA.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\npqBHce.exe
  C:\Windows\System\npqBHce.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\NZyTyhP.exe
  C:\Windows\System\NZyTyhP.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\YfRsrjq.exe
  C:\Windows\System\YfRsrjq.exe
  2⤵
  PID:1732
- C:\Windows\System\RpGgAVw.exe
  C:\Windows\System\RpGgAVw.exe
  2⤵
  PID:2604
- C:\Windows\System\vSLwNAB.exe
  C:\Windows\System\vSLwNAB.exe
  2⤵
  PID:1588
- C:\Windows\System\zcwbXTR.exe
  C:\Windows\System\zcwbXTR.exe
  2⤵
  PID:1916
- C:\Windows\System\TGMGUMU.exe
  C:\Windows\System\TGMGUMU.exe
  2⤵
  PID:2244
- C:\Windows\System\kyVlFdI.exe
  C:\Windows\System\kyVlFdI.exe
  2⤵
  PID:556
- C:\Windows\System\bPKJjzW.exe
  C:\Windows\System\bPKJjzW.exe
  2⤵
  PID:2336
- C:\Windows\System\WrBTaMU.exe
  C:\Windows\System\WrBTaMU.exe
  2⤵
  PID:2600
- C:\Windows\System\dXAFFlY.exe
  C:\Windows\System\dXAFFlY.exe
  2⤵
  PID:2172
- C:\Windows\System\kwYYpnC.exe
  C:\Windows\System\kwYYpnC.exe
  2⤵
  PID:1664
- C:\Windows\System\XzDbbmO.exe
  C:\Windows\System\XzDbbmO.exe
  2⤵
  PID:2136
- C:\Windows\System\xnJdzqJ.exe
  C:\Windows\System\xnJdzqJ.exe
  2⤵
  PID:276
- C:\Windows\System\yyFveTn.exe
  C:\Windows\System\yyFveTn.exe
  2⤵
  PID:1736
- C:\Windows\System\ZZGhmGC.exe
  C:\Windows\System\ZZGhmGC.exe
  2⤵
  PID:1020
- C:\Windows\System\AvcBoJF.exe
  C:\Windows\System\AvcBoJF.exe
  2⤵
  PID:1496
- C:\Windows\System\qOBHBCy.exe
  C:\Windows\System\qOBHBCy.exe
  2⤵
  PID:1676
- C:\Windows\System\KCVDpFq.exe
  C:\Windows\System\KCVDpFq.exe
  2⤵
  PID:696
- C:\Windows\System\MmdeujP.exe
  C:\Windows\System\MmdeujP.exe
  2⤵
  PID:2500
- C:\Windows\System\CpQdaRk.exe
  C:\Windows\System\CpQdaRk.exe
  2⤵
  PID:1864
- C:\Windows\System\iVCzitN.exe
  C:\Windows\System\iVCzitN.exe
  2⤵
  PID:2996
- C:\Windows\System\WllYPjx.exe
  C:\Windows\System\WllYPjx.exe
  2⤵
  PID:1908
- C:\Windows\System\VDzFjBv.exe
  C:\Windows\System\VDzFjBv.exe
  2⤵
  PID:1912
- C:\Windows\System\SuEVNxZ.exe
  C:\Windows\System\SuEVNxZ.exe
  2⤵
  PID:2168
- C:\Windows\System\VntjEDj.exe
  C:\Windows\System\VntjEDj.exe
  2⤵
  PID:2536
- C:\Windows\System\vQmHPMQ.exe
  C:\Windows\System\vQmHPMQ.exe
  2⤵
  PID:2060
- C:\Windows\System\OeDiYbx.exe
  C:\Windows\System\OeDiYbx.exe
  2⤵
  PID:3056
- C:\Windows\System\FwlDbUf.exe
  C:\Windows\System\FwlDbUf.exe
  2⤵
  PID:2888
- C:\Windows\System\RZolVPR.exe
  C:\Windows\System\RZolVPR.exe
  2⤵
  PID:2768
- C:\Windows\System\XExTubh.exe
  C:\Windows\System\XExTubh.exe
  2⤵
  PID:3004
- C:\Windows\System\pDGpmWJ.exe
  C:\Windows\System\pDGpmWJ.exe
  2⤵
  PID:2900
- C:\Windows\System\LXqliOP.exe
  C:\Windows\System\LXqliOP.exe
  2⤵
  PID:2124
- C:\Windows\System\ooutdxo.exe
  C:\Windows\System\ooutdxo.exe
  2⤵
  PID:660
- C:\Windows\System\aynALhw.exe
  C:\Windows\System\aynALhw.exe
  2⤵
  PID:1452
- C:\Windows\System\NaVNzxm.exe
  C:\Windows\System\NaVNzxm.exe
  2⤵
  PID:1556
- C:\Windows\System\TdZCHKB.exe
  C:\Windows\System\TdZCHKB.exe
  2⤵
  PID:2272
- C:\Windows\System\AGiNvQc.exe
  C:\Windows\System\AGiNvQc.exe
  2⤵
  PID:1924
- C:\Windows\System\vSZrQJJ.exe
  C:\Windows\System\vSZrQJJ.exe
  2⤵
  PID:1440
- C:\Windows\System\TxKiiaJ.exe
  C:\Windows\System\TxKiiaJ.exe
  2⤵
  PID:444
- C:\Windows\System\oOjigEl.exe
  C:\Windows\System\oOjigEl.exe
  2⤵
  PID:988
- C:\Windows\System\cEzacqr.exe
  C:\Windows\System\cEzacqr.exe
  2⤵
  PID:1488
- C:\Windows\System\jXFndyB.exe
  C:\Windows\System\jXFndyB.exe
  2⤵
  PID:1688
- C:\Windows\System\NjKfPeL.exe
  C:\Windows\System\NjKfPeL.exe
  2⤵
  PID:3076
- C:\Windows\System\bIaJebh.exe
  C:\Windows\System\bIaJebh.exe
  2⤵
  PID:3092
- C:\Windows\System\VyirDGk.exe
  C:\Windows\System\VyirDGk.exe
  2⤵
  PID:3108
- C:\Windows\System\wZEgmQG.exe
  C:\Windows\System\wZEgmQG.exe
  2⤵
  PID:3124
- C:\Windows\System\smEKfEW.exe
  C:\Windows\System\smEKfEW.exe
  2⤵
  PID:3140
- C:\Windows\System\vtpazXC.exe
  C:\Windows\System\vtpazXC.exe
  2⤵
  PID:3156
- C:\Windows\System\YSoWdfR.exe
  C:\Windows\System\YSoWdfR.exe
  2⤵
  PID:3172
- C:\Windows\System\GfkTAGP.exe
  C:\Windows\System\GfkTAGP.exe
  2⤵
  PID:3188
- C:\Windows\System\DizHVek.exe
  C:\Windows\System\DizHVek.exe
  2⤵
  PID:3204
- C:\Windows\System\SbWDZbr.exe
  C:\Windows\System\SbWDZbr.exe
  2⤵
  PID:3220
- C:\Windows\System\iqKieKc.exe
  C:\Windows\System\iqKieKc.exe
  2⤵
  PID:3236
- C:\Windows\System\pxphqZT.exe
  C:\Windows\System\pxphqZT.exe
  2⤵
  PID:3252
- C:\Windows\System\ycEyDRj.exe
  C:\Windows\System\ycEyDRj.exe
  2⤵
  PID:3272
- C:\Windows\System\GSidBnk.exe
  C:\Windows\System\GSidBnk.exe
  2⤵
  PID:3288
- C:\Windows\System\aOGMSEk.exe
  C:\Windows\System\aOGMSEk.exe
  2⤵
  PID:3304
- C:\Windows\System\NTlOBkv.exe
  C:\Windows\System\NTlOBkv.exe
  2⤵
  PID:3320
- C:\Windows\System\EZbBNVb.exe
  C:\Windows\System\EZbBNVb.exe
  2⤵
  PID:3336
- C:\Windows\System\aBxrtxc.exe
  C:\Windows\System\aBxrtxc.exe
  2⤵
  PID:3424
- C:\Windows\System\xjzoOWa.exe
  C:\Windows\System\xjzoOWa.exe
  2⤵
  PID:3444
- C:\Windows\System\wFQyKvC.exe
  C:\Windows\System\wFQyKvC.exe
  2⤵
  PID:3464
- C:\Windows\System\WlJMmlh.exe
  C:\Windows\System\WlJMmlh.exe
  2⤵
  PID:3484
- C:\Windows\System\gbrzkPj.exe
  C:\Windows\System\gbrzkPj.exe
  2⤵
  PID:3500
- C:\Windows\System\VEnwKvt.exe
  C:\Windows\System\VEnwKvt.exe
  2⤵
  PID:3520
- C:\Windows\System\sQvtNiJ.exe
  C:\Windows\System\sQvtNiJ.exe
  2⤵
  PID:3540
- C:\Windows\System\EZgtwEN.exe
  C:\Windows\System\EZgtwEN.exe
  2⤵
  PID:3556
- C:\Windows\System\WWDCqbS.exe
  C:\Windows\System\WWDCqbS.exe
  2⤵
  PID:3576
- C:\Windows\System\zyFkWsb.exe
  C:\Windows\System\zyFkWsb.exe
  2⤵
  PID:3596
- C:\Windows\System\GkwJwBa.exe
  C:\Windows\System\GkwJwBa.exe
  2⤵
  PID:3612
- C:\Windows\System\zyrFmDV.exe
  C:\Windows\System\zyrFmDV.exe
  2⤵
  PID:3628
- C:\Windows\System\lagkvzb.exe
  C:\Windows\System\lagkvzb.exe
  2⤵
  PID:3648
- C:\Windows\System\rlnZttt.exe
  C:\Windows\System\rlnZttt.exe
  2⤵
  PID:3664
- C:\Windows\System\GqXoeyr.exe
  C:\Windows\System\GqXoeyr.exe
  2⤵
  PID:3680
- C:\Windows\System\ZHhmMiX.exe
  C:\Windows\System\ZHhmMiX.exe
  2⤵
  PID:3696
- C:\Windows\System\EwHsmCe.exe
  C:\Windows\System\EwHsmCe.exe
  2⤵
  PID:3712
- C:\Windows\System\VdbKQgC.exe
  C:\Windows\System\VdbKQgC.exe
  2⤵
  PID:3728
- C:\Windows\System\lmrCoQD.exe
  C:\Windows\System\lmrCoQD.exe
  2⤵
  PID:3744
- C:\Windows\System\AfohsWa.exe
  C:\Windows\System\AfohsWa.exe
  2⤵
  PID:3760
- C:\Windows\System\Jbtkzak.exe
  C:\Windows\System\Jbtkzak.exe
  2⤵
  PID:3776
- C:\Windows\System\DmMpsxj.exe
  C:\Windows\System\DmMpsxj.exe
  2⤵
  PID:3792
- C:\Windows\System\EuFGUnG.exe
  C:\Windows\System\EuFGUnG.exe
  2⤵
  PID:3812
- C:\Windows\System\nTDrEao.exe
  C:\Windows\System\nTDrEao.exe
  2⤵
  PID:3828
- C:\Windows\System\TjKhYHa.exe
  C:\Windows\System\TjKhYHa.exe
  2⤵
  PID:3876
- C:\Windows\System\hoAZwUV.exe
  C:\Windows\System\hoAZwUV.exe
  2⤵
  PID:3932
- C:\Windows\System\AJAZBDo.exe
  C:\Windows\System\AJAZBDo.exe
  2⤵
  PID:3960
- C:\Windows\System\mPLrUro.exe
  C:\Windows\System\mPLrUro.exe
  2⤵
  PID:3976
- C:\Windows\System\rFxQOyT.exe
  C:\Windows\System\rFxQOyT.exe
  2⤵
  PID:3996
- C:\Windows\System\StifCAq.exe
  C:\Windows\System\StifCAq.exe
  2⤵
  PID:4016
- C:\Windows\System\HfLCcKR.exe
  C:\Windows\System\HfLCcKR.exe
  2⤵
  PID:4036
- C:\Windows\System\QXxsWOW.exe
  C:\Windows\System\QXxsWOW.exe
  2⤵
  PID:4056
- C:\Windows\System\nGODiiv.exe
  C:\Windows\System\nGODiiv.exe
  2⤵
  PID:4072
- C:\Windows\System\nwQdLKL.exe
  C:\Windows\System\nwQdLKL.exe
  2⤵
  PID:2592
- C:\Windows\System\iMApKoz.exe
  C:\Windows\System\iMApKoz.exe
  2⤵
  PID:620
- C:\Windows\System\mBLhhDD.exe
  C:\Windows\System\mBLhhDD.exe
  2⤵
  PID:480
- C:\Windows\System\WyxDGfu.exe
  C:\Windows\System\WyxDGfu.exe
  2⤵
  PID:1132
- C:\Windows\System\rnEIiYS.exe
  C:\Windows\System\rnEIiYS.exe
  2⤵
  PID:2292
- C:\Windows\System\fQLoTyy.exe
  C:\Windows\System\fQLoTyy.exe
  2⤵
  PID:2512
- C:\Windows\System\KIlTOvz.exe
  C:\Windows\System\KIlTOvz.exe
  2⤵
  PID:3120
- C:\Windows\System\srsJLoS.exe
  C:\Windows\System\srsJLoS.exe
  2⤵
  PID:1904
- C:\Windows\System\BphNNsV.exe
  C:\Windows\System\BphNNsV.exe
  2⤵
  PID:1656
- C:\Windows\System\qfNYxrU.exe
  C:\Windows\System\qfNYxrU.exe
  2⤵
  PID:2232
- C:\Windows\System\nKhxCyJ.exe
  C:\Windows\System\nKhxCyJ.exe
  2⤵
  PID:2976
- C:\Windows\System\iIdSTIH.exe
  C:\Windows\System\iIdSTIH.exe
  2⤵
  PID:3216
- C:\Windows\System\HsfASGL.exe
  C:\Windows\System\HsfASGL.exe
  2⤵
  PID:2000
- C:\Windows\System\LtrTOrB.exe
  C:\Windows\System\LtrTOrB.exe
  2⤵
  PID:684
- C:\Windows\System\hjUbLlh.exe
  C:\Windows\System\hjUbLlh.exe
  2⤵
  PID:2056
- C:\Windows\System\fdGPjQH.exe
  C:\Windows\System\fdGPjQH.exe
  2⤵
  PID:2464
- C:\Windows\System\UjzxwEe.exe
  C:\Windows\System\UjzxwEe.exe
  2⤵
  PID:2260
- C:\Windows\System\FbxnEXe.exe
  C:\Windows\System\FbxnEXe.exe
  2⤵
  PID:2288
- C:\Windows\System\NzZXVYm.exe
  C:\Windows\System\NzZXVYm.exe
  2⤵
  PID:3300
- C:\Windows\System\RGoVwlT.exe
  C:\Windows\System\RGoVwlT.exe
  2⤵
  PID:3368
- C:\Windows\System\JCUmmMU.exe
  C:\Windows\System\JCUmmMU.exe
  2⤵
  PID:3384
- C:\Windows\System\ZthVoye.exe
  C:\Windows\System\ZthVoye.exe
  2⤵
  PID:3100
- C:\Windows\System\kcELCwU.exe
  C:\Windows\System\kcELCwU.exe
  2⤵
  PID:3228
- C:\Windows\System\ZXPbOMd.exe
  C:\Windows\System\ZXPbOMd.exe
  2⤵
  PID:3164
- C:\Windows\System\vGYveAz.exe
  C:\Windows\System\vGYveAz.exe
  2⤵
  PID:3396
- C:\Windows\System\HtQEBGp.exe
  C:\Windows\System\HtQEBGp.exe
  2⤵
  PID:3412
- C:\Windows\System\AtJTydv.exe
  C:\Windows\System\AtJTydv.exe
  2⤵
  PID:3460
- C:\Windows\System\iAahWMj.exe
  C:\Windows\System\iAahWMj.exe
  2⤵
  PID:3528
- C:\Windows\System\huKtnsH.exe
  C:\Windows\System\huKtnsH.exe
  2⤵
  PID:3572
- C:\Windows\System\IViOmbl.exe
  C:\Windows\System\IViOmbl.exe
  2⤵
  PID:3644
- C:\Windows\System\SmuFciC.exe
  C:\Windows\System\SmuFciC.exe
  2⤵
  PID:3772
- C:\Windows\System\gGuKtfF.exe
  C:\Windows\System\gGuKtfF.exe
  2⤵
  PID:3440
- C:\Windows\System\bkDuhlB.exe
  C:\Windows\System\bkDuhlB.exe
  2⤵
  PID:3476
- C:\Windows\System\NkRdGSQ.exe
  C:\Windows\System\NkRdGSQ.exe
  2⤵
  PID:3844
- C:\Windows\System\emlmVaf.exe
  C:\Windows\System\emlmVaf.exe
  2⤵
  PID:3592
- C:\Windows\System\onnwqZQ.exe
  C:\Windows\System\onnwqZQ.exe
  2⤵
  PID:3756
- C:\Windows\System\MLamvjd.exe
  C:\Windows\System\MLamvjd.exe
  2⤵
  PID:3824
- C:\Windows\System\XqAcUQO.exe
  C:\Windows\System\XqAcUQO.exe
  2⤵
  PID:3688
- C:\Windows\System\PmOPxFG.exe
  C:\Windows\System\PmOPxFG.exe
  2⤵
  PID:3620
- C:\Windows\System\ieAFlJv.exe
  C:\Windows\System\ieAFlJv.exe
  2⤵
  PID:3952
- C:\Windows\System\lOqMKKC.exe
  C:\Windows\System\lOqMKKC.exe
  2⤵
  PID:3988
- C:\Windows\System\tdFsPjT.exe
  C:\Windows\System\tdFsPjT.exe
  2⤵
  PID:4064
- C:\Windows\System\wwgbIMQ.exe
  C:\Windows\System\wwgbIMQ.exe
  2⤵
  PID:1364
- C:\Windows\System\CzOxGOx.exe
  C:\Windows\System\CzOxGOx.exe
  2⤵
  PID:3180
- C:\Windows\System\hrJTOIY.exe
  C:\Windows\System\hrJTOIY.exe
  2⤵
  PID:3284
- C:\Windows\System\FnIpCUM.exe
  C:\Windows\System\FnIpCUM.exe
  2⤵
  PID:3924
- C:\Windows\System\GeDQYJz.exe
  C:\Windows\System\GeDQYJz.exe
  2⤵
  PID:4080
- C:\Windows\System\RkrwIEN.exe
  C:\Windows\System\RkrwIEN.exe
  2⤵
  PID:3972
- C:\Windows\System\jZkllao.exe
  C:\Windows\System\jZkllao.exe
  2⤵
  PID:3348
- C:\Windows\System\MnHTkiu.exe
  C:\Windows\System\MnHTkiu.exe
  2⤵
  PID:824
- C:\Windows\System\gnIQWaL.exe
  C:\Windows\System\gnIQWaL.exe
  2⤵
  PID:3332
- C:\Windows\System\odNFbKb.exe
  C:\Windows\System\odNFbKb.exe
  2⤵
  PID:760
- C:\Windows\System\bCcHGef.exe
  C:\Windows\System\bCcHGef.exe
  2⤵
  PID:2892
- C:\Windows\System\dEUomOf.exe
  C:\Windows\System\dEUomOf.exe
  2⤵
  PID:3604
- C:\Windows\System\WTuIsco.exe
  C:\Windows\System\WTuIsco.exe
  2⤵
  PID:3804
- C:\Windows\System\JNhdQrc.exe
  C:\Windows\System\JNhdQrc.exe
  2⤵
  PID:3840
- C:\Windows\System\LdMFWQK.exe
  C:\Windows\System\LdMFWQK.exe
  2⤵
  PID:3692
- C:\Windows\System\mxJGpFz.exe
  C:\Windows\System\mxJGpFz.exe
  2⤵
  PID:3888
- C:\Windows\System\ZMiMFIj.exe
  C:\Windows\System\ZMiMFIj.exe
  2⤵
  PID:3908
- C:\Windows\System\ajddSee.exe
  C:\Windows\System\ajddSee.exe
  2⤵
  PID:3912
- C:\Windows\System\nSpxhEB.exe
  C:\Windows\System\nSpxhEB.exe
  2⤵
  PID:4032
- C:\Windows\System\UlMzyVr.exe
  C:\Windows\System\UlMzyVr.exe
  2⤵
  PID:3388
- C:\Windows\System\WmNfufS.exe
  C:\Windows\System\WmNfufS.exe
  2⤵
  PID:3768
- C:\Windows\System\dKnwThW.exe
  C:\Windows\System\dKnwThW.exe
  2⤵
  PID:3852
- C:\Windows\System\EsIlWkP.exe
  C:\Windows\System\EsIlWkP.exe
  2⤵
  PID:3624
- C:\Windows\System\pUAFJed.exe
  C:\Windows\System\pUAFJed.exe
  2⤵
  PID:352
- C:\Windows\System\aRKAIXN.exe
  C:\Windows\System\aRKAIXN.exe
  2⤵
  PID:4012
- C:\Windows\System\ajXTtXu.exe
  C:\Windows\System\ajXTtXu.exe
  2⤵
  PID:3492
- C:\Windows\System\nCbgtVs.exe
  C:\Windows\System\nCbgtVs.exe
  2⤵
  PID:3168
- C:\Windows\System\LLFGMCx.exe
  C:\Windows\System\LLFGMCx.exe
  2⤵
  PID:2428
- C:\Windows\System\QCWNOrI.exe
  C:\Windows\System\QCWNOrI.exe
  2⤵
  PID:3940
- C:\Windows\System\qMrUVgG.exe
  C:\Windows\System\qMrUVgG.exe
  2⤵
  PID:4068
- C:\Windows\System\QVvsXLG.exe
  C:\Windows\System\QVvsXLG.exe
  2⤵
  PID:3280
- C:\Windows\System\JYTGRSX.exe
  C:\Windows\System\JYTGRSX.exe
  2⤵
  PID:3380
- C:\Windows\System\tFgKhaa.exe
  C:\Windows\System\tFgKhaa.exe
  2⤵
  PID:3088
- C:\Windows\System\tUyhrPx.exe
  C:\Windows\System\tUyhrPx.exe
  2⤵
  PID:4112
- C:\Windows\System\jfsWqfS.exe
  C:\Windows\System\jfsWqfS.exe
  2⤵
  PID:4128
- C:\Windows\System\RBcuagG.exe
  C:\Windows\System\RBcuagG.exe
  2⤵
  PID:4144
- C:\Windows\System\ClbQdCf.exe
  C:\Windows\System\ClbQdCf.exe
  2⤵
  PID:4160
- C:\Windows\System\MsPbNKI.exe
  C:\Windows\System\MsPbNKI.exe
  2⤵
  PID:4176
- C:\Windows\System\FdAqlNN.exe
  C:\Windows\System\FdAqlNN.exe
  2⤵
  PID:4192
- C:\Windows\System\TRHAjso.exe
  C:\Windows\System\TRHAjso.exe
  2⤵
  PID:4208
- C:\Windows\System\FmJYLTI.exe
  C:\Windows\System\FmJYLTI.exe
  2⤵
  PID:4224
- C:\Windows\System\ZAieifR.exe
  C:\Windows\System\ZAieifR.exe
  2⤵
  PID:4240
- C:\Windows\System\huYiUlG.exe
  C:\Windows\System\huYiUlG.exe
  2⤵
  PID:4256
- C:\Windows\System\PXNWZjh.exe
  C:\Windows\System\PXNWZjh.exe
  2⤵
  PID:4272
- C:\Windows\System\NWNtpov.exe
  C:\Windows\System\NWNtpov.exe
  2⤵
  PID:4288
- C:\Windows\System\FbVIVzW.exe
  C:\Windows\System\FbVIVzW.exe
  2⤵
  PID:4304
- C:\Windows\System\RUabmZL.exe
  C:\Windows\System\RUabmZL.exe
  2⤵
  PID:4320
- C:\Windows\System\ZlNrHMN.exe
  C:\Windows\System\ZlNrHMN.exe
  2⤵
  PID:4336
- C:\Windows\System\UTVPdlo.exe
  C:\Windows\System\UTVPdlo.exe
  2⤵
  PID:4352
- C:\Windows\System\UBmsnEu.exe
  C:\Windows\System\UBmsnEu.exe
  2⤵
  PID:4368
- C:\Windows\System\UZzTxip.exe
  C:\Windows\System\UZzTxip.exe
  2⤵
  PID:4384
- C:\Windows\System\dhKQEFn.exe
  C:\Windows\System\dhKQEFn.exe
  2⤵
  PID:4400
- C:\Windows\System\YJGepAH.exe
  C:\Windows\System\YJGepAH.exe
  2⤵
  PID:4416
- C:\Windows\System\OvZWvTa.exe
  C:\Windows\System\OvZWvTa.exe
  2⤵
  PID:4432
- C:\Windows\System\CDSWXTh.exe
  C:\Windows\System\CDSWXTh.exe
  2⤵
  PID:4472
- C:\Windows\System\vakxEfO.exe
  C:\Windows\System\vakxEfO.exe
  2⤵
  PID:4496
- C:\Windows\System\hFUCVGm.exe
  C:\Windows\System\hFUCVGm.exe
  2⤵
  PID:4512
- C:\Windows\System\NJHQLHj.exe
  C:\Windows\System\NJHQLHj.exe
  2⤵
  PID:4528
- C:\Windows\System\YOmoYsF.exe
  C:\Windows\System\YOmoYsF.exe
  2⤵
  PID:4544
- C:\Windows\System\QiYaTLk.exe
  C:\Windows\System\QiYaTLk.exe
  2⤵
  PID:4560
- C:\Windows\System\rKOOpMS.exe
  C:\Windows\System\rKOOpMS.exe
  2⤵
  PID:4576
- C:\Windows\System\lOqFiXD.exe
  C:\Windows\System\lOqFiXD.exe
  2⤵
  PID:4592
- C:\Windows\System\BHtSLni.exe
  C:\Windows\System\BHtSLni.exe
  2⤵
  PID:4612
- C:\Windows\System\oBzEMzw.exe
  C:\Windows\System\oBzEMzw.exe
  2⤵
  PID:4628
- C:\Windows\System\TsdrRaL.exe
  C:\Windows\System\TsdrRaL.exe
  2⤵
  PID:4644
- C:\Windows\System\IeDBKhk.exe
  C:\Windows\System\IeDBKhk.exe
  2⤵
  PID:4660
- C:\Windows\System\uAlWRcb.exe
  C:\Windows\System\uAlWRcb.exe
  2⤵
  PID:4676
- C:\Windows\System\zOdlGVJ.exe
  C:\Windows\System\zOdlGVJ.exe
  2⤵
  PID:4692
- C:\Windows\System\PVHnDnG.exe
  C:\Windows\System\PVHnDnG.exe
  2⤵
  PID:4708
- C:\Windows\System\SXpiErU.exe
  C:\Windows\System\SXpiErU.exe
  2⤵
  PID:4724
- C:\Windows\System\byPvTXs.exe
  C:\Windows\System\byPvTXs.exe
  2⤵
  PID:4740
- C:\Windows\System\kzPrLtI.exe
  C:\Windows\System\kzPrLtI.exe
  2⤵
  PID:4756
- C:\Windows\System\HwAmEhR.exe
  C:\Windows\System\HwAmEhR.exe
  2⤵
  PID:4772
- C:\Windows\System\ZcxOmqg.exe
  C:\Windows\System\ZcxOmqg.exe
  2⤵
  PID:4788
- C:\Windows\System\oeBFpVb.exe
  C:\Windows\System\oeBFpVb.exe
  2⤵
  PID:4804
- C:\Windows\System\rTqhdMd.exe
  C:\Windows\System\rTqhdMd.exe
  2⤵
  PID:4820
- C:\Windows\System\hDuOirC.exe
  C:\Windows\System\hDuOirC.exe
  2⤵
  PID:4836
- C:\Windows\System\OqKuBQI.exe
  C:\Windows\System\OqKuBQI.exe
  2⤵
  PID:4852
- C:\Windows\System\GYTsMbl.exe
  C:\Windows\System\GYTsMbl.exe
  2⤵
  PID:4868
- C:\Windows\System\EdmIPYa.exe
  C:\Windows\System\EdmIPYa.exe
  2⤵
  PID:4888
- C:\Windows\System\NjsLjCu.exe
  C:\Windows\System\NjsLjCu.exe
  2⤵
  PID:4904
- C:\Windows\System\IqNhTaf.exe
  C:\Windows\System\IqNhTaf.exe
  2⤵
  PID:4920
- C:\Windows\System\tLxPbsC.exe
  C:\Windows\System\tLxPbsC.exe
  2⤵
  PID:4936
- C:\Windows\System\AsbSLnq.exe
  C:\Windows\System\AsbSLnq.exe
  2⤵
  PID:4952
- C:\Windows\System\IuaiIyR.exe
  C:\Windows\System\IuaiIyR.exe
  2⤵
  PID:4968
- C:\Windows\System\bvWWCVo.exe
  C:\Windows\System\bvWWCVo.exe
  2⤵
  PID:4984
- C:\Windows\System\ehOWkGw.exe
  C:\Windows\System\ehOWkGw.exe
  2⤵
  PID:5000
- C:\Windows\System\hsVJyGS.exe
  C:\Windows\System\hsVJyGS.exe
  2⤵
  PID:5016
- C:\Windows\System\frtZnHJ.exe
  C:\Windows\System\frtZnHJ.exe
  2⤵
  PID:5032
- C:\Windows\System\xBouRrD.exe
  C:\Windows\System\xBouRrD.exe
  2⤵
  PID:5048
- C:\Windows\System\rkvtaru.exe
  C:\Windows\System\rkvtaru.exe
  2⤵
  PID:5064
- C:\Windows\System\ZovMFSZ.exe
  C:\Windows\System\ZovMFSZ.exe
  2⤵
  PID:5080
- C:\Windows\System\hghQJsv.exe
  C:\Windows\System\hghQJsv.exe
  2⤵
  PID:5096
- C:\Windows\System\QmAUJSV.exe
  C:\Windows\System\QmAUJSV.exe
  2⤵
  PID:5112
- C:\Windows\System\yEwaNGt.exe
  C:\Windows\System\yEwaNGt.exe
  2⤵
  PID:3676
- C:\Windows\System\pZiYTjZ.exe
  C:\Windows\System\pZiYTjZ.exe
  2⤵
  PID:3420
- C:\Windows\System\NmyeExs.exe
  C:\Windows\System\NmyeExs.exe
  2⤵
  PID:2488
- C:\Windows\System\LRPHLCN.exe
  C:\Windows\System\LRPHLCN.exe
  2⤵
  PID:3948
- C:\Windows\System\CCitQyA.exe
  C:\Windows\System\CCitQyA.exe
  2⤵
  PID:2544
- C:\Windows\System\GyoXHZQ.exe
  C:\Windows\System\GyoXHZQ.exe
  2⤵
  PID:4136
- C:\Windows\System\vUHVosg.exe
  C:\Windows\System\vUHVosg.exe
  2⤵
  PID:3248
- C:\Windows\System\JERXKrc.exe
  C:\Windows\System\JERXKrc.exe
  2⤵
  PID:4236
- C:\Windows\System\ItzRrLx.exe
  C:\Windows\System\ItzRrLx.exe
  2⤵
  PID:4296
- C:\Windows\System\AnCRgKy.exe
  C:\Windows\System\AnCRgKy.exe
  2⤵
  PID:3116
- C:\Windows\System\fydHBiv.exe
  C:\Windows\System\fydHBiv.exe
  2⤵
  PID:1036
- C:\Windows\System\bkvRYZU.exe
  C:\Windows\System\bkvRYZU.exe
  2⤵
  PID:4428
- C:\Windows\System\KpeXVlz.exe
  C:\Windows\System\KpeXVlz.exe
  2⤵
  PID:3720
- C:\Windows\System\qcJeWfi.exe
  C:\Windows\System\qcJeWfi.exe
  2⤵
  PID:4024
- C:\Windows\System\KMPnWOR.exe
  C:\Windows\System\KMPnWOR.exe
  2⤵
  PID:4608
- C:\Windows\System\dawJtDa.exe
  C:\Windows\System\dawJtDa.exe
  2⤵
  PID:4816
- C:\Windows\System\yAzBWSA.exe
  C:\Windows\System\yAzBWSA.exe
  2⤵
  PID:4876
- C:\Windows\System\zxvYilF.exe
  C:\Windows\System\zxvYilF.exe
  2⤵
  PID:4948
- C:\Windows\System\GLtyhwm.exe
  C:\Windows\System\GLtyhwm.exe
  2⤵
  PID:4980
- C:\Windows\System\IepRAob.exe
  C:\Windows\System\IepRAob.exe
  2⤵
  PID:5044
- C:\Windows\System\AwutaSW.exe
  C:\Windows\System\AwutaSW.exe
  2⤵
  PID:5104
- C:\Windows\System\TvxFNuq.exe
  C:\Windows\System\TvxFNuq.exe
  2⤵
  PID:4768
- C:\Windows\System\GpgbkLL.exe
  C:\Windows\System\GpgbkLL.exe
  2⤵
  PID:4704
- C:\Windows\System\wzganwO.exe
  C:\Windows\System\wzganwO.exe
  2⤵
  PID:4860
- C:\Windows\System\IDslRNb.exe
  C:\Windows\System\IDslRNb.exe
  2⤵
  PID:2576
- C:\Windows\System\IQvRsai.exe
  C:\Windows\System\IQvRsai.exe
  2⤵
  PID:4900
- C:\Windows\System\lSuBQui.exe
  C:\Windows\System\lSuBQui.exe
  2⤵
  PID:2804
- C:\Windows\System\xQaaFFi.exe
  C:\Windows\System\xQaaFFi.exe
  2⤵
  PID:3708
- C:\Windows\System\IMePybn.exe
  C:\Windows\System\IMePybn.exe
  2⤵
  PID:3260
- C:\Windows\System\zQzrycC.exe
  C:\Windows\System\zQzrycC.exe
  2⤵
  PID:1484
- C:\Windows\System\GxztfIu.exe
  C:\Windows\System\GxztfIu.exe
  2⤵
  PID:4996
- C:\Windows\System\plRuWAG.exe
  C:\Windows\System\plRuWAG.exe
  2⤵
  PID:5088
- C:\Windows\System\Dakfbkb.exe
  C:\Windows\System\Dakfbkb.exe
  2⤵
  PID:3316
- C:\Windows\System\buORjhj.exe
  C:\Windows\System\buORjhj.exe
  2⤵
  PID:4204
- C:\Windows\System\sVkzzDP.exe
  C:\Windows\System\sVkzzDP.exe
  2⤵
  PID:4396
- C:\Windows\System\paTcasg.exe
  C:\Windows\System\paTcasg.exe
  2⤵
  PID:4640
- C:\Windows\System\LhFxKyd.exe
  C:\Windows\System\LhFxKyd.exe
  2⤵
  PID:4916
- C:\Windows\System\OuBsLdY.exe
  C:\Windows\System\OuBsLdY.exe
  2⤵
  PID:4468
- C:\Windows\System\YrwWsOA.exe
  C:\Windows\System\YrwWsOA.exe
  2⤵
  PID:4552
- C:\Windows\System\LWIclcN.exe
  C:\Windows\System\LWIclcN.exe
  2⤵
  PID:4620
- C:\Windows\System\JtasQsN.exe
  C:\Windows\System\JtasQsN.exe
  2⤵
  PID:4716
- C:\Windows\System\omxBzeF.exe
  C:\Windows\System\omxBzeF.exe
  2⤵
  PID:4568
- C:\Windows\System\cHXLaXQ.exe
  C:\Windows\System\cHXLaXQ.exe
  2⤵
  PID:4780
- C:\Windows\System\QAfVmVO.exe
  C:\Windows\System\QAfVmVO.exe
  2⤵
  PID:4848
- C:\Windows\System\BRbdfBF.exe
  C:\Windows\System\BRbdfBF.exe
  2⤵
  PID:4668
- C:\Windows\System\vgDwois.exe
  C:\Windows\System\vgDwois.exe
  2⤵
  PID:4932
- C:\Windows\System\oGfIyLE.exe
  C:\Windows\System\oGfIyLE.exe
  2⤵
  PID:3408
- C:\Windows\System\QHosRXY.exe
  C:\Windows\System\QHosRXY.exe
  2⤵
  PID:2700
- C:\Windows\System\wkmqKZA.exe
  C:\Windows\System\wkmqKZA.exe
  2⤵
  PID:4672
- C:\Windows\System\HsZvoJP.exe
  C:\Windows\System\HsZvoJP.exe
  2⤵
  PID:4392
- C:\Windows\System\gUxJQPn.exe
  C:\Windows\System\gUxJQPn.exe
  2⤵
  PID:3344
- C:\Windows\System\DWowsWw.exe
  C:\Windows\System\DWowsWw.exe
  2⤵
  PID:2836
- C:\Windows\System\uwuZGPb.exe
  C:\Windows\System\uwuZGPb.exe
  2⤵
  PID:3752
- C:\Windows\System\KIKlFEG.exe
  C:\Windows\System\KIKlFEG.exe
  2⤵
  PID:3656
- C:\Windows\System\aBMKRXT.exe
  C:\Windows\System\aBMKRXT.exe
  2⤵
  PID:3836
- C:\Windows\System\NjmIzAW.exe
  C:\Windows\System\NjmIzAW.exe
  2⤵
  PID:3516
- C:\Windows\System\bwMTnAu.exe
  C:\Windows\System\bwMTnAu.exe
  2⤵
  PID:4248
- C:\Windows\System\RszFFfu.exe
  C:\Windows\System\RszFFfu.exe
  2⤵
  PID:4312
- C:\Windows\System\quLBmTZ.exe
  C:\Windows\System\quLBmTZ.exe
  2⤵
  PID:4376
- C:\Windows\System\eZkIMGJ.exe
  C:\Windows\System\eZkIMGJ.exe
  2⤵
  PID:4440
- C:\Windows\System\SasfmyO.exe
  C:\Windows\System\SasfmyO.exe
  2⤵
  PID:4124
- C:\Windows\System\ZXMEieb.exe
  C:\Windows\System\ZXMEieb.exe
  2⤵
  PID:2640
- C:\Windows\System\uFYgGDm.exe
  C:\Windows\System\uFYgGDm.exe
  2⤵
  PID:4588
- C:\Windows\System\myyJANM.exe
  C:\Windows\System\myyJANM.exe
  2⤵
  PID:4752
- C:\Windows\System\ZLJyLEV.exe
  C:\Windows\System\ZLJyLEV.exe
  2⤵
  PID:4600
- C:\Windows\System\MhFPjiu.exe
  C:\Windows\System\MhFPjiu.exe
  2⤵
  PID:5028
- C:\Windows\System\QMzhsMT.exe
  C:\Windows\System\QMzhsMT.exe
  2⤵
  PID:5076
- C:\Windows\System\jcmjfxN.exe
  C:\Windows\System\jcmjfxN.exe
  2⤵
  PID:4364
- C:\Windows\System\uRKRELJ.exe
  C:\Windows\System\uRKRELJ.exe
  2⤵
  PID:5092
- C:\Windows\System\MBgbDZg.exe
  C:\Windows\System\MBgbDZg.exe
  2⤵
  PID:3472
- C:\Windows\System\UGUPqEg.exe
  C:\Windows\System\UGUPqEg.exe
  2⤵
  PID:4008
- C:\Windows\System\arEjZAb.exe
  C:\Windows\System\arEjZAb.exe
  2⤵
  PID:4284
- C:\Windows\System\mDNfcre.exe
  C:\Windows\System\mDNfcre.exe
  2⤵
  PID:2812
- C:\Windows\System\mlHrUay.exe
  C:\Windows\System\mlHrUay.exe
  2⤵
  PID:4572
- C:\Windows\System\TrDtTVr.exe
  C:\Windows\System\TrDtTVr.exe
  2⤵
  PID:4800
- C:\Windows\System\cxPctWl.exe
  C:\Windows\System\cxPctWl.exe
  2⤵
  PID:4732
- C:\Windows\System\HsAtIGf.exe
  C:\Windows\System\HsAtIGf.exe
  2⤵
  PID:5172
- C:\Windows\System\fOzBraf.exe
  C:\Windows\System\fOzBraf.exe
  2⤵
  PID:5188
- C:\Windows\System\IpLmexT.exe
  C:\Windows\System\IpLmexT.exe
  2⤵
  PID:5208
- C:\Windows\System\VZczkcV.exe
  C:\Windows\System\VZczkcV.exe
  2⤵
  PID:5224
- C:\Windows\System\ttHWzae.exe
  C:\Windows\System\ttHWzae.exe
  2⤵
  PID:5244
- C:\Windows\System\CgTtkik.exe
  C:\Windows\System\CgTtkik.exe
  2⤵
  PID:5272
- C:\Windows\System\mhgDAuF.exe
  C:\Windows\System\mhgDAuF.exe
  2⤵
  PID:5288
- C:\Windows\System\vqwtNwl.exe
  C:\Windows\System\vqwtNwl.exe
  2⤵
  PID:5304
- C:\Windows\System\UPJwRDe.exe
  C:\Windows\System\UPJwRDe.exe
  2⤵
  PID:5320
- C:\Windows\System\IHrZfQz.exe
  C:\Windows\System\IHrZfQz.exe
  2⤵
  PID:5336
- C:\Windows\System\YEORFQv.exe
  C:\Windows\System\YEORFQv.exe
  2⤵
  PID:5352
- C:\Windows\System\KjJqiYR.exe
  C:\Windows\System\KjJqiYR.exe
  2⤵
  PID:5368
- C:\Windows\System\cxGjkfh.exe
  C:\Windows\System\cxGjkfh.exe
  2⤵
  PID:5388
- C:\Windows\System\aJgKCCB.exe
  C:\Windows\System\aJgKCCB.exe
  2⤵
  PID:5404
- C:\Windows\System\bsfezNH.exe
  C:\Windows\System\bsfezNH.exe
  2⤵
  PID:5420
- C:\Windows\System\bVcjzCD.exe
  C:\Windows\System\bVcjzCD.exe
  2⤵
  PID:5436
- C:\Windows\System\reQnmMx.exe
  C:\Windows\System\reQnmMx.exe
  2⤵
  PID:5452
- C:\Windows\System\MDyuBqq.exe
  C:\Windows\System\MDyuBqq.exe
  2⤵
  PID:5468
- C:\Windows\System\FUYZjJQ.exe
  C:\Windows\System\FUYZjJQ.exe
  2⤵
  PID:5484
- C:\Windows\System\JDGPvCU.exe
  C:\Windows\System\JDGPvCU.exe
  2⤵
  PID:5504
- C:\Windows\System\DTirPQW.exe
  C:\Windows\System\DTirPQW.exe
  2⤵
  PID:5524
- C:\Windows\System\jKDOUIO.exe
  C:\Windows\System\jKDOUIO.exe
  2⤵
  PID:5544
- C:\Windows\System\IsXhsPl.exe
  C:\Windows\System\IsXhsPl.exe
  2⤵
  PID:5632
- C:\Windows\System\sgmmKTR.exe
  C:\Windows\System\sgmmKTR.exe
  2⤵
  PID:5652
- C:\Windows\System\VSfxZpm.exe
  C:\Windows\System\VSfxZpm.exe
  2⤵
  PID:5668
- C:\Windows\System\Qsghoxs.exe
  C:\Windows\System\Qsghoxs.exe
  2⤵
  PID:5684
- C:\Windows\System\NdVfrHK.exe
  C:\Windows\System\NdVfrHK.exe
  2⤵
  PID:5700
- C:\Windows\System\IFXXBbe.exe
  C:\Windows\System\IFXXBbe.exe
  2⤵
  PID:5716
- C:\Windows\System\yegnyRq.exe
  C:\Windows\System\yegnyRq.exe
  2⤵
  PID:5732
- C:\Windows\System\HqwbeJB.exe
  C:\Windows\System\HqwbeJB.exe
  2⤵
  PID:5748
- C:\Windows\System\DLZSMOV.exe
  C:\Windows\System\DLZSMOV.exe
  2⤵
  PID:5764
- C:\Windows\System\uLVSiMN.exe
  C:\Windows\System\uLVSiMN.exe
  2⤵
  PID:5780
- C:\Windows\System\ZnGILrr.exe
  C:\Windows\System\ZnGILrr.exe
  2⤵
  PID:5796
- C:\Windows\System\OjjCfvo.exe
  C:\Windows\System\OjjCfvo.exe
  2⤵
  PID:5816
- C:\Windows\System\ktxTBZl.exe
  C:\Windows\System\ktxTBZl.exe
  2⤵
  PID:5832
- C:\Windows\System\eMqaHbn.exe
  C:\Windows\System\eMqaHbn.exe
  2⤵
  PID:5848
- C:\Windows\System\Muouwwl.exe
  C:\Windows\System\Muouwwl.exe
  2⤵
  PID:5888
- C:\Windows\System\RzxmOkH.exe
  C:\Windows\System\RzxmOkH.exe
  2⤵
  PID:5904
- C:\Windows\System\xidmGXR.exe
  C:\Windows\System\xidmGXR.exe
  2⤵
  PID:5920
- C:\Windows\System\wZZBldG.exe
  C:\Windows\System\wZZBldG.exe
  2⤵
  PID:5936
- C:\Windows\System\wNQoYmm.exe
  C:\Windows\System\wNQoYmm.exe
  2⤵
  PID:5952
- C:\Windows\System\yicZPpf.exe
  C:\Windows\System\yicZPpf.exe
  2⤵
  PID:5968
- C:\Windows\System\oUnafhk.exe
  C:\Windows\System\oUnafhk.exe
  2⤵
  PID:5988
- C:\Windows\System\bLUnbAu.exe
  C:\Windows\System\bLUnbAu.exe
  2⤵
  PID:6004
- C:\Windows\System\mtBVpWN.exe
  C:\Windows\System\mtBVpWN.exe
  2⤵
  PID:6020
- C:\Windows\System\InuCGGB.exe
  C:\Windows\System\InuCGGB.exe
  2⤵
  PID:6040
- C:\Windows\System\YvoEiqT.exe
  C:\Windows\System\YvoEiqT.exe
  2⤵
  PID:6056
- C:\Windows\System\hTIowBg.exe
  C:\Windows\System\hTIowBg.exe
  2⤵
  PID:6100
- C:\Windows\System\iADJjkF.exe
  C:\Windows\System\iADJjkF.exe
  2⤵
  PID:6116
- C:\Windows\System\bvcGvFB.exe
  C:\Windows\System\bvcGvFB.exe
  2⤵
  PID:6132
- C:\Windows\System\EaYUtPo.exe
  C:\Windows\System\EaYUtPo.exe
  2⤵
  PID:3900
- C:\Windows\System\ofBOEqe.exe
  C:\Windows\System\ofBOEqe.exe
  2⤵
  PID:4264
- C:\Windows\System\qBoZGPm.exe
  C:\Windows\System\qBoZGPm.exe
  2⤵
  PID:3436
- C:\Windows\System\QFGSJGS.exe
  C:\Windows\System\QFGSJGS.exe
  2⤵
  PID:4796
- C:\Windows\System\QTPSQuj.exe
  C:\Windows\System\QTPSQuj.exe
  2⤵
  PID:4584
- C:\Windows\System\xVRCzjj.exe
  C:\Windows\System\xVRCzjj.exe
  2⤵
  PID:4348
- C:\Windows\System\hnuZapa.exe
  C:\Windows\System\hnuZapa.exe
  2⤵
  PID:5252
- C:\Windows\System\pezlIlk.exe
  C:\Windows\System\pezlIlk.exe
  2⤵
  PID:4536
- C:\Windows\System\WQPxKuf.exe
  C:\Windows\System\WQPxKuf.exe
  2⤵
  PID:5332
- C:\Windows\System\oqpkeEN.exe
  C:\Windows\System\oqpkeEN.exe
  2⤵
  PID:5400
- C:\Windows\System\NGzQOoN.exe
  C:\Windows\System\NGzQOoN.exe
  2⤵
  PID:2356
- C:\Windows\System\EyQpVDW.exe
  C:\Windows\System\EyQpVDW.exe
  2⤵
  PID:4216
- C:\Windows\System\dDJpKHE.exe
  C:\Windows\System\dDJpKHE.exe
  2⤵
  PID:4120
- C:\Windows\System\GoKJrbT.exe
  C:\Windows\System\GoKJrbT.exe
  2⤵
  PID:5536
- C:\Windows\System\gfQDYRW.exe
  C:\Windows\System\gfQDYRW.exe
  2⤵
  PID:4864
- C:\Windows\System\zlBacVa.exe
  C:\Windows\System\zlBacVa.exe
  2⤵
  PID:5148
- C:\Windows\System\JScJfyk.exe
  C:\Windows\System\JScJfyk.exe
  2⤵
  PID:5160
- C:\Windows\System\RLChpQI.exe
  C:\Windows\System\RLChpQI.exe
  2⤵
  PID:5204
- C:\Windows\System\CILuneV.exe
  C:\Windows\System\CILuneV.exe
  2⤵
  PID:5284
- C:\Windows\System\JzXSPeZ.exe
  C:\Windows\System\JzXSPeZ.exe
  2⤵
  PID:5348
- C:\Windows\System\AAarUJO.exe
  C:\Windows\System\AAarUJO.exe
  2⤵
  PID:5416
- C:\Windows\System\vPRfyzc.exe
  C:\Windows\System\vPRfyzc.exe
  2⤵
  PID:5480
- C:\Windows\System\vJaXxOt.exe
  C:\Windows\System\vJaXxOt.exe
  2⤵
  PID:5556
- C:\Windows\System\UwJvtlB.exe
  C:\Windows\System\UwJvtlB.exe
  2⤵
  PID:5592
- C:\Windows\System\GiWUpvu.exe
  C:\Windows\System\GiWUpvu.exe
  2⤵
  PID:5708
- C:\Windows\System\JfzwGIz.exe
  C:\Windows\System\JfzwGIz.exe
  2⤵
  PID:5660
- C:\Windows\System\aZqbHQt.exe
  C:\Windows\System\aZqbHQt.exe
  2⤵
  PID:5808
- C:\Windows\System\wiJLGss.exe
  C:\Windows\System\wiJLGss.exe
  2⤵
  PID:5728
- C:\Windows\System\crAyjcd.exe
  C:\Windows\System\crAyjcd.exe
  2⤵
  PID:5896
- C:\Windows\System\DrlvYLd.exe
  C:\Windows\System\DrlvYLd.exe
  2⤵
  PID:5960
- C:\Windows\System\XnnXgGq.exe
  C:\Windows\System\XnnXgGq.exe
  2⤵
  PID:5996
- C:\Windows\System\fYvcYrX.exe
  C:\Windows\System\fYvcYrX.exe
  2⤵
  PID:6036
- C:\Windows\System\tHDBFBJ.exe
  C:\Windows\System\tHDBFBJ.exe
  2⤵
  PID:6076
- C:\Windows\System\NeDkTuF.exe
  C:\Windows\System\NeDkTuF.exe
  2⤵
  PID:3044
- C:\Windows\System\SVrpQcJ.exe
  C:\Windows\System\SVrpQcJ.exe
  2⤵
  PID:6012
- C:\Windows\System\uKcHztL.exe
  C:\Windows\System\uKcHztL.exe
  2⤵
  PID:5012
- C:\Windows\System\lBgNWIE.exe
  C:\Windows\System\lBgNWIE.exe
  2⤵
  PID:4960
- C:\Windows\System\RzIOWRv.exe
  C:\Windows\System\RzIOWRv.exe
  2⤵
  PID:5984
- C:\Windows\System\nOSqDXO.exe
  C:\Windows\System\nOSqDXO.exe
  2⤵
  PID:5912
- C:\Windows\System\PHXJtJN.exe
  C:\Windows\System\PHXJtJN.exe
  2⤵
  PID:6140
- C:\Windows\System\mSYfohW.exe
  C:\Windows\System\mSYfohW.exe
  2⤵
  PID:5264
- C:\Windows\System\BUYfzbW.exe
  C:\Windows\System\BUYfzbW.exe
  2⤵
  PID:5396
- C:\Windows\System\wcqRUtd.exe
  C:\Windows\System\wcqRUtd.exe
  2⤵
  PID:5060
- C:\Windows\System\jUkpbRJ.exe
  C:\Windows\System\jUkpbRJ.exe
  2⤵
  PID:4044
- C:\Windows\System\YJDHfUq.exe
  C:\Windows\System\YJDHfUq.exe
  2⤵
  PID:5136
- C:\Windows\System\hTimKLh.exe
  C:\Windows\System\hTimKLh.exe
  2⤵
  PID:5168
- C:\Windows\System\OialtLv.exe
  C:\Windows\System\OialtLv.exe
  2⤵
  PID:5448
- C:\Windows\System\DPCqiYt.exe
  C:\Windows\System\DPCqiYt.exe
  2⤵
  PID:5564
- C:\Windows\System\bkoPJJC.exe
  C:\Windows\System\bkoPJJC.exe
  2⤵
  PID:5260
- C:\Windows\System\YAmFDGl.exe
  C:\Windows\System\YAmFDGl.exe
  2⤵
  PID:2784
- C:\Windows\System\OuYhPmf.exe
  C:\Windows\System\OuYhPmf.exe
  2⤵
  PID:5492
- C:\Windows\System\QWNCDov.exe
  C:\Windows\System\QWNCDov.exe
  2⤵
  PID:5152
- C:\Windows\System\cqZpDTk.exe
  C:\Windows\System\cqZpDTk.exe
  2⤵
  PID:5516
- C:\Windows\System\ssyJygC.exe
  C:\Windows\System\ssyJygC.exe
  2⤵
  PID:5184
- C:\Windows\System\uNbwkoh.exe
  C:\Windows\System\uNbwkoh.exe
  2⤵
  PID:3000
- C:\Windows\System\NWJJxqF.exe
  C:\Windows\System\NWJJxqF.exe
  2⤵
  PID:5584
- C:\Windows\System\ezLnUQF.exe
  C:\Windows\System\ezLnUQF.exe
  2⤵
  PID:5620
- C:\Windows\System\mSmTVNy.exe
  C:\Windows\System\mSmTVNy.exe
  2⤵
  PID:5696
- C:\Windows\System\zAtHkjx.exe
  C:\Windows\System\zAtHkjx.exe
  2⤵
  PID:5932
- C:\Windows\System\AGuMdbj.exe
  C:\Windows\System\AGuMdbj.exe
  2⤵
  PID:5600
- C:\Windows\System\wxQVVNy.exe
  C:\Windows\System\wxQVVNy.exe
  2⤵
  PID:1628
- C:\Windows\System\uqqPoMx.exe
  C:\Windows\System\uqqPoMx.exe
  2⤵
  PID:5760
- C:\Windows\System\mRqTSzg.exe
  C:\Windows\System\mRqTSzg.exe
  2⤵
  PID:924
- C:\Windows\System\blPXEMh.exe
  C:\Windows\System\blPXEMh.exe
  2⤵
  PID:5804
- C:\Windows\System\ZvulaZd.exe
  C:\Windows\System\ZvulaZd.exe
  2⤵
  PID:1900
- C:\Windows\System\mHdMzlC.exe
  C:\Windows\System\mHdMzlC.exe
  2⤵
  PID:6128
- C:\Windows\System\aUDftAQ.exe
  C:\Windows\System\aUDftAQ.exe
  2⤵
  PID:5948
- C:\Windows\System\PYdSJbF.exe
  C:\Windows\System\PYdSJbF.exe
  2⤵
  PID:5792
- C:\Windows\System\PZqibkM.exe
  C:\Windows\System\PZqibkM.exe
  2⤵
  PID:5128
- C:\Windows\System\xXuXvRq.exe
  C:\Windows\System\xXuXvRq.exe
  2⤵
  PID:2864
- C:\Windows\System\xxnOTRZ.exe
  C:\Windows\System\xxnOTRZ.exe
  2⤵
  PID:5552
- C:\Windows\System\IsEHBBO.exe
  C:\Windows\System\IsEHBBO.exe
  2⤵
  PID:800
- C:\Windows\System\bFKlYtx.exe
  C:\Windows\System\bFKlYtx.exe
  2⤵
  PID:5576
- C:\Windows\System\pYuydln.exe
  C:\Windows\System\pYuydln.exe
  2⤵
  PID:2432
- C:\Windows\System\OXIPskk.exe
  C:\Windows\System\OXIPskk.exe
  2⤵
  PID:5280
- C:\Windows\System\uuvURrJ.exe
  C:\Windows\System\uuvURrJ.exe
  2⤵
  PID:5124
- C:\Windows\System\VPqQowO.exe
  C:\Windows\System\VPqQowO.exe
  2⤵
  PID:1740
- C:\Windows\System\HRIgxkd.exe
  C:\Windows\System\HRIgxkd.exe
  2⤵
  PID:1796
- C:\Windows\System\hBhmnBw.exe
  C:\Windows\System\hBhmnBw.exe
  2⤵
  PID:5744
- C:\Windows\System\tSmyZkC.exe
  C:\Windows\System\tSmyZkC.exe
  2⤵
  PID:6088
- C:\Windows\System\rPKpLNv.exe
  C:\Windows\System\rPKpLNv.exe
  2⤵
  PID:3152
- C:\Windows\System\hpAEFdN.exe
  C:\Windows\System\hpAEFdN.exe
  2⤵
  PID:4540
- C:\Windows\System\VcVAgON.exe
  C:\Windows\System\VcVAgON.exe
  2⤵
  PID:5676
- C:\Windows\System\DtEZljX.exe
  C:\Windows\System\DtEZljX.exe
  2⤵
  PID:5608
- C:\Windows\System\UtjicPX.exe
  C:\Windows\System\UtjicPX.exe
  2⤵
  PID:2820
- C:\Windows\System\CGBBHyw.exe
  C:\Windows\System\CGBBHyw.exe
  2⤵
  PID:5884
- C:\Windows\System\THInJCT.exe
  C:\Windows\System\THInJCT.exe
  2⤵
  PID:5840
- C:\Windows\System\dyVIvdj.exe
  C:\Windows\System\dyVIvdj.exe
  2⤵
  PID:5824
- C:\Windows\System\dFmfLcs.exe
  C:\Windows\System\dFmfLcs.exe
  2⤵
  PID:4280
- C:\Windows\System\LehCRTE.exe
  C:\Windows\System\LehCRTE.exe
  2⤵
  PID:5572
- C:\Windows\System\OyaquVC.exe
  C:\Windows\System\OyaquVC.exe
  2⤵
  PID:2520
- C:\Windows\System\emwhUki.exe
  C:\Windows\System\emwhUki.exe
  2⤵
  PID:5616
- C:\Windows\System\bVUxyvZ.exe
  C:\Windows\System\bVUxyvZ.exe
  2⤵
  PID:6096
- C:\Windows\System\dbhBCPA.exe
  C:\Windows\System\dbhBCPA.exe
  2⤵
  PID:5980
- C:\Windows\System\EtAYpaW.exe
  C:\Windows\System\EtAYpaW.exe
  2⤵
  PID:5788
- C:\Windows\System\MXMojsO.exe
  C:\Windows\System\MXMojsO.exe
  2⤵
  PID:5412
- C:\Windows\System\puYWxqu.exe
  C:\Windows\System\puYWxqu.exe
  2⤵
  PID:5384
- C:\Windows\System\FDCiIXt.exe
  C:\Windows\System\FDCiIXt.exe
  2⤵
  PID:6068
- C:\Windows\System\qlXqMQO.exe
  C:\Windows\System\qlXqMQO.exe
  2⤵
  PID:5776
- C:\Windows\System\WBbWoMs.exe
  C:\Windows\System\WBbWoMs.exe
  2⤵
  PID:2376
- C:\Windows\System\pjddMsg.exe
  C:\Windows\System\pjddMsg.exe
  2⤵
  PID:6048
- C:\Windows\System\wAxNOCP.exe
  C:\Windows\System\wAxNOCP.exe
  2⤵
  PID:3548
- C:\Windows\System\lqeHuJJ.exe
  C:\Windows\System\lqeHuJJ.exe
  2⤵
  PID:4444
- C:\Windows\System\VoMjapP.exe
  C:\Windows\System\VoMjapP.exe
  2⤵
  PID:2332
- C:\Windows\System\YMsNPRC.exe
  C:\Windows\System\YMsNPRC.exe
  2⤵
  PID:5220
- C:\Windows\System\bGTLgVd.exe
  C:\Windows\System\bGTLgVd.exe
  2⤵
  PID:5380
- C:\Windows\System\xDmBqBJ.exe
  C:\Windows\System\xDmBqBJ.exe
  2⤵
  PID:5828
- C:\Windows\System\nvpEJnj.exe
  C:\Windows\System\nvpEJnj.exe
  2⤵
  PID:6052
- C:\Windows\System\vVTUepF.exe
  C:\Windows\System\vVTUepF.exe
  2⤵
  PID:5496
- C:\Windows\System\zkGVWGr.exe
  C:\Windows\System\zkGVWGr.exe
  2⤵
  PID:1936
- C:\Windows\System\IEASFAz.exe
  C:\Windows\System\IEASFAz.exe
  2⤵
  PID:1180
- C:\Windows\System\epVVJpA.exe
  C:\Windows\System\epVVJpA.exe
  2⤵
  PID:6028
- C:\Windows\System\DmofYuh.exe
  C:\Windows\System\DmofYuh.exe
  2⤵
  PID:2504
- C:\Windows\System\LAnURZO.exe
  C:\Windows\System\LAnURZO.exe
  2⤵
  PID:6148
- C:\Windows\System\SLInmjO.exe
  C:\Windows\System\SLInmjO.exe
  2⤵
  PID:6164
- C:\Windows\System\DEjqKat.exe
  C:\Windows\System\DEjqKat.exe
  2⤵
  PID:6192
- C:\Windows\System\eQLrlXc.exe
  C:\Windows\System\eQLrlXc.exe
  2⤵
  PID:6208
- C:\Windows\System\NSCbYbH.exe
  C:\Windows\System\NSCbYbH.exe
  2⤵
  PID:6224
- C:\Windows\System\cpwhqjf.exe
  C:\Windows\System\cpwhqjf.exe
  2⤵
  PID:6256
- C:\Windows\System\BEVbPyI.exe
  C:\Windows\System\BEVbPyI.exe
  2⤵
  PID:6272
- C:\Windows\System\BdswyaU.exe
  C:\Windows\System\BdswyaU.exe
  2⤵
  PID:6288
- C:\Windows\System\UZFfsVN.exe
  C:\Windows\System\UZFfsVN.exe
  2⤵
  PID:6308
- C:\Windows\System\GEQLDnf.exe
  C:\Windows\System\GEQLDnf.exe
  2⤵
  PID:6324
- C:\Windows\System\IErujyk.exe
  C:\Windows\System\IErujyk.exe
  2⤵
  PID:6340
- C:\Windows\System\VNHBRDK.exe
  C:\Windows\System\VNHBRDK.exe
  2⤵
  PID:6356
- C:\Windows\System\BrkBciP.exe
  C:\Windows\System\BrkBciP.exe
  2⤵
  PID:6380
- C:\Windows\System\PSjTYfV.exe
  C:\Windows\System\PSjTYfV.exe
  2⤵
  PID:6396
- C:\Windows\System\CIZfJPS.exe
  C:\Windows\System\CIZfJPS.exe
  2⤵
  PID:6412
- C:\Windows\System\nHtKVRB.exe
  C:\Windows\System\nHtKVRB.exe
  2⤵
  PID:6448
- C:\Windows\System\MDTPLlO.exe
  C:\Windows\System\MDTPLlO.exe
  2⤵
  PID:6464
- C:\Windows\System\zMsPDSz.exe
  C:\Windows\System\zMsPDSz.exe
  2⤵
  PID:6480
- C:\Windows\System\brgbQbk.exe
  C:\Windows\System\brgbQbk.exe
  2⤵
  PID:6496
- C:\Windows\System\gcwdzme.exe
  C:\Windows\System\gcwdzme.exe
  2⤵
  PID:6512
- C:\Windows\System\rXLTgGq.exe
  C:\Windows\System\rXLTgGq.exe
  2⤵
  PID:6532
- C:\Windows\System\pPGQuTo.exe
  C:\Windows\System\pPGQuTo.exe
  2⤵
  PID:6552
- C:\Windows\System\wIdOCwA.exe
  C:\Windows\System\wIdOCwA.exe
  2⤵
  PID:6572
- C:\Windows\System\EmvUptm.exe
  C:\Windows\System\EmvUptm.exe
  2⤵
  PID:6588
- C:\Windows\System\nKVgbvL.exe
  C:\Windows\System\nKVgbvL.exe
  2⤵
  PID:6604
- C:\Windows\System\WhgBabd.exe
  C:\Windows\System\WhgBabd.exe
  2⤵
  PID:6620
- C:\Windows\System\UKabPrb.exe
  C:\Windows\System\UKabPrb.exe
  2⤵
  PID:6636
- C:\Windows\System\zGKmrmB.exe
  C:\Windows\System\zGKmrmB.exe
  2⤵
  PID:6656
- C:\Windows\System\xnKunkt.exe
  C:\Windows\System\xnKunkt.exe
  2⤵
  PID:6704
- C:\Windows\System\CfnhFTp.exe
  C:\Windows\System\CfnhFTp.exe
  2⤵
  PID:6740
- C:\Windows\System\dJOobzv.exe
  C:\Windows\System\dJOobzv.exe
  2⤵
  PID:6756
- C:\Windows\System\pTJqNxS.exe
  C:\Windows\System\pTJqNxS.exe
  2⤵
  PID:6772
- C:\Windows\System\FDsMyjS.exe
  C:\Windows\System\FDsMyjS.exe
  2⤵
  PID:6788
- C:\Windows\System\SyjthZn.exe
  C:\Windows\System\SyjthZn.exe
  2⤵
  PID:6804
- C:\Windows\System\qXjXlKj.exe
  C:\Windows\System\qXjXlKj.exe
  2⤵
  PID:6820
- C:\Windows\System\GQfPggi.exe
  C:\Windows\System\GQfPggi.exe
  2⤵
  PID:6840
- C:\Windows\System\beBgsQm.exe
  C:\Windows\System\beBgsQm.exe
  2⤵
  PID:6860
- C:\Windows\System\LlfkCYV.exe
  C:\Windows\System\LlfkCYV.exe
  2⤵
  PID:6876
- C:\Windows\System\krBHZVH.exe
  C:\Windows\System\krBHZVH.exe
  2⤵
  PID:6896
- C:\Windows\System\XiIvmaN.exe
  C:\Windows\System\XiIvmaN.exe
  2⤵
  PID:6916
- C:\Windows\System\JFhcerM.exe
  C:\Windows\System\JFhcerM.exe
  2⤵
  PID:6932
- C:\Windows\System\IxUbFWc.exe
  C:\Windows\System\IxUbFWc.exe
  2⤵
  PID:6948
- C:\Windows\System\QfoMRxW.exe
  C:\Windows\System\QfoMRxW.exe
  2⤵
  PID:6972
- C:\Windows\System\svqmmJl.exe
  C:\Windows\System\svqmmJl.exe
  2⤵
  PID:6988
- C:\Windows\System\tdcyFMc.exe
  C:\Windows\System\tdcyFMc.exe
  2⤵
  PID:7008
- C:\Windows\System\gNlmgrh.exe
  C:\Windows\System\gNlmgrh.exe
  2⤵
  PID:7024
- C:\Windows\System\cPsLOgN.exe
  C:\Windows\System\cPsLOgN.exe
  2⤵
  PID:7040
- C:\Windows\System\sglgDou.exe
  C:\Windows\System\sglgDou.exe
  2⤵
  PID:7060
- C:\Windows\System\eZCdgut.exe
  C:\Windows\System\eZCdgut.exe
  2⤵
  PID:7080
- C:\Windows\System\RWWOBPU.exe
  C:\Windows\System\RWWOBPU.exe
  2⤵
  PID:7096
- C:\Windows\System\ikLpUYU.exe
  C:\Windows\System\ikLpUYU.exe
  2⤵
  PID:7112
- C:\Windows\System\XTdiSHU.exe
  C:\Windows\System\XTdiSHU.exe
  2⤵
  PID:7132
- C:\Windows\System\lftiTsX.exe
  C:\Windows\System\lftiTsX.exe
  2⤵
  PID:7148
- C:\Windows\System\PJHpACT.exe
  C:\Windows\System\PJHpACT.exe
  2⤵
  PID:7164
- C:\Windows\System\dbwsnAW.exe
  C:\Windows\System\dbwsnAW.exe
  2⤵
  PID:3024
- C:\Windows\System\FQBfwKV.exe
  C:\Windows\System\FQBfwKV.exe
  2⤵
  PID:2368
- C:\Windows\System\MEyrKoj.exe
  C:\Windows\System\MEyrKoj.exe
  2⤵
  PID:6172
- C:\Windows\System\LVVRkcL.exe
  C:\Windows\System\LVVRkcL.exe
  2⤵
  PID:6216
- C:\Windows\System\nJrgiDZ.exe
  C:\Windows\System\nJrgiDZ.exe
  2⤵
  PID:6204
- C:\Windows\System\pWjPkad.exe
  C:\Windows\System\pWjPkad.exe
  2⤵
  PID:6248
- C:\Windows\System\Hrtrqkh.exe
  C:\Windows\System\Hrtrqkh.exe
  2⤵
  PID:6268
- C:\Windows\System\RdWoHrq.exe
  C:\Windows\System\RdWoHrq.exe
  2⤵
  PID:6244
- C:\Windows\System\SdqnZxk.exe
  C:\Windows\System\SdqnZxk.exe
  2⤵
  PID:6420
- C:\Windows\System\LECUlBD.exe
  C:\Windows\System\LECUlBD.exe
  2⤵
  PID:6364
- C:\Windows\System\prBIivC.exe
  C:\Windows\System\prBIivC.exe
  2⤵
  PID:6404
- C:\Windows\System\cSUTYQS.exe
  C:\Windows\System\cSUTYQS.exe
  2⤵
  PID:6504
- C:\Windows\System\KaLoHOn.exe
  C:\Windows\System\KaLoHOn.exe
  2⤵
  PID:6488
- C:\Windows\System\FHJnrnl.exe
  C:\Windows\System\FHJnrnl.exe
  2⤵
  PID:6528
- C:\Windows\System\BNKAFZJ.exe
  C:\Windows\System\BNKAFZJ.exe
  2⤵
  PID:6600
- C:\Windows\System\ichmroc.exe
  C:\Windows\System\ichmroc.exe
  2⤵
  PID:6540
- C:\Windows\System\nPcopGJ.exe
  C:\Windows\System\nPcopGJ.exe
  2⤵
  PID:6580
- C:\Windows\System\PGXnjNP.exe
  C:\Windows\System\PGXnjNP.exe
  2⤵
  PID:6648
- C:\Windows\System\bYqYGaX.exe
  C:\Windows\System\bYqYGaX.exe
  2⤵
  PID:6720
- C:\Windows\System\fOmqegp.exe
  C:\Windows\System\fOmqegp.exe
  2⤵
  PID:6736
- C:\Windows\System\JOCBims.exe
  C:\Windows\System\JOCBims.exe
  2⤵
  PID:6828
- C:\Windows\System\FfZsNJX.exe
  C:\Windows\System\FfZsNJX.exe
  2⤵
  PID:6868
- C:\Windows\System\eWhRksx.exe
  C:\Windows\System\eWhRksx.exe
  2⤵
  PID:6912
- C:\Windows\System\XrhKsKu.exe
  C:\Windows\System\XrhKsKu.exe
  2⤵
  PID:2716
- C:\Windows\System\yVXpPJQ.exe
  C:\Windows\System\yVXpPJQ.exe
  2⤵
  PID:7016
- C:\Windows\System\FzMwPfI.exe
  C:\Windows\System\FzMwPfI.exe
  2⤵
  PID:7052
- C:\Windows\System\CWtyGDF.exe
  C:\Windows\System\CWtyGDF.exe
  2⤵
  PID:7124
- C:\Windows\System\TeRmiDw.exe
  C:\Windows\System\TeRmiDw.exe
  2⤵
  PID:7156
- C:\Windows\System\PmsQkQB.exe
  C:\Windows\System\PmsQkQB.exe
  2⤵
  PID:2808
- C:\Windows\System\ftSqLnG.exe
  C:\Windows\System\ftSqLnG.exe
  2⤵
  PID:6180
- C:\Windows\System\PgLuwHn.exe
  C:\Windows\System\PgLuwHn.exe
  2⤵
  PID:6236
- C:\Windows\System\ZIayqGe.exe
  C:\Windows\System\ZIayqGe.exe
  2⤵
  PID:6296
- C:\Windows\System\jRJJjTQ.exe
  C:\Windows\System\jRJJjTQ.exe
  2⤵
  PID:6676
- C:\Windows\System\GDUlncO.exe
  C:\Windows\System\GDUlncO.exe
  2⤵
  PID:6692
- C:\Windows\System\EPdAOoH.exe
  C:\Windows\System\EPdAOoH.exe
  2⤵
  PID:6752
- C:\Windows\System\ouDNovX.exe
  C:\Windows\System\ouDNovX.exe
  2⤵
  PID:6816
- C:\Windows\System\yuHHXqs.exe
  C:\Windows\System\yuHHXqs.exe
  2⤵
  PID:6884
- C:\Windows\System\QCJiOft.exe
  C:\Windows\System\QCJiOft.exe
  2⤵
  PID:6928
- C:\Windows\System\KnevZQW.exe
  C:\Windows\System\KnevZQW.exe
  2⤵
  PID:6968
- C:\Windows\System\koixsrq.exe
  C:\Windows\System\koixsrq.exe
  2⤵
  PID:7032
- C:\Windows\System\rWhxEdh.exe
  C:\Windows\System\rWhxEdh.exe
  2⤵
  PID:7076
- C:\Windows\System\KHRPRrc.exe
  C:\Windows\System\KHRPRrc.exe
  2⤵
  PID:7144
- C:\Windows\System\aUwkVYW.exe
  C:\Windows\System\aUwkVYW.exe
  2⤵
  PID:2348
- C:\Windows\System\ZCntZIK.exe
  C:\Windows\System\ZCntZIK.exe
  2⤵
  PID:6284
- C:\Windows\System\hJqnLqy.exe
  C:\Windows\System\hJqnLqy.exe
  2⤵
  PID:6392
- C:\Windows\System\XMCPIeu.exe
  C:\Windows\System\XMCPIeu.exe
  2⤵
  PID:6336
- C:\Windows\System\hQoDCug.exe
  C:\Windows\System\hQoDCug.exe
  2⤵
  PID:2176
- C:\Windows\System\TSjKJLu.exe
  C:\Windows\System\TSjKJLu.exe
  2⤵
  PID:6436
- C:\Windows\System\KoAdPhI.exe
  C:\Windows\System\KoAdPhI.exe
  2⤵
  PID:6644
- C:\Windows\System\CgHDEKd.exe
  C:\Windows\System\CgHDEKd.exe
  2⤵
  PID:6796
- C:\Windows\System\MjbbRdM.exe
  C:\Windows\System\MjbbRdM.exe
  2⤵
  PID:6548
- C:\Windows\System\wSmrsyL.exe
  C:\Windows\System\wSmrsyL.exe
  2⤵
  PID:6372
- C:\Windows\System\yqBrvIO.exe
  C:\Windows\System\yqBrvIO.exe
  2⤵
  PID:2872
- C:\Windows\System\fsUiiTn.exe
  C:\Windows\System\fsUiiTn.exe
  2⤵
  PID:6768
- C:\Windows\System\EsiVbbq.exe
  C:\Windows\System\EsiVbbq.exe
  2⤵
  PID:6460
- C:\Windows\System\cqbUFSD.exe
  C:\Windows\System\cqbUFSD.exe
  2⤵
  PID:6716
- C:\Windows\System\hdzpaIV.exe
  C:\Windows\System\hdzpaIV.exe
  2⤵
  PID:7120
- C:\Windows\System\UlPCIpA.exe
  C:\Windows\System\UlPCIpA.exe
  2⤵
  PID:6240
- C:\Windows\System\qKjZCrX.exe
  C:\Windows\System\qKjZCrX.exe
  2⤵
  PID:6432
- C:\Windows\System\iNdkKCj.exe
  C:\Windows\System\iNdkKCj.exe
  2⤵
  PID:6688
- C:\Windows\System\iqoppaz.exe
  C:\Windows\System\iqoppaz.exe
  2⤵
  PID:6668
- C:\Windows\System\HBkjMqX.exe
  C:\Windows\System\HBkjMqX.exe
  2⤵
  PID:6784
- C:\Windows\System\trBqrlN.exe
  C:\Windows\System\trBqrlN.exe
  2⤵
  PID:2840
- C:\Windows\System\pwGXEwl.exe
  C:\Windows\System\pwGXEwl.exe
  2⤵
  PID:7140
- C:\Windows\System\nHAkQXq.exe
  C:\Windows\System\nHAkQXq.exe
  2⤵
  PID:6524
- C:\Windows\System\rRkOEKn.exe
  C:\Windows\System\rRkOEKn.exe
  2⤵
  PID:6220
- C:\Windows\System\qFCNaaI.exe
  C:\Windows\System\qFCNaaI.exe
  2⤵
  PID:6616
- C:\Windows\System\IIUyWfJ.exe
  C:\Windows\System\IIUyWfJ.exe
  2⤵
  PID:4684
- C:\Windows\System\wjeVJsV.exe
  C:\Windows\System\wjeVJsV.exe
  2⤵
  PID:6472
- C:\Windows\System\IhxgXbS.exe
  C:\Windows\System\IhxgXbS.exe
  2⤵
  PID:2932
- C:\Windows\System\UAnTKdN.exe
  C:\Windows\System\UAnTKdN.exe
  2⤵
  PID:6564
- C:\Windows\System\OzquLAc.exe
  C:\Windows\System\OzquLAc.exe
  2⤵
  PID:2916
- C:\Windows\System\mqTXYJY.exe
  C:\Windows\System\mqTXYJY.exe
  2⤵
  PID:1140
- C:\Windows\System\TWdmAmB.exe
  C:\Windows\System\TWdmAmB.exe
  2⤵
  PID:6984
- C:\Windows\System\LudRsSt.exe
  C:\Windows\System\LudRsSt.exe
  2⤵
  PID:1956
- C:\Windows\System\tOOOzBz.exe
  C:\Windows\System\tOOOzBz.exe
  2⤵
  PID:1500
- C:\Windows\System\lDLNqTc.exe
  C:\Windows\System\lDLNqTc.exe
  2⤵
  PID:7184
- C:\Windows\System\DQaWmqr.exe
  C:\Windows\System\DQaWmqr.exe
  2⤵
  PID:7200
- C:\Windows\System\LKAYDXM.exe
  C:\Windows\System\LKAYDXM.exe
  2⤵
  PID:7216
- C:\Windows\System\srobFyt.exe
  C:\Windows\System\srobFyt.exe
  2⤵
  PID:7232
- C:\Windows\System\IonvTuS.exe
  C:\Windows\System\IonvTuS.exe
  2⤵
  PID:7248
- C:\Windows\System\WIyRONc.exe
  C:\Windows\System\WIyRONc.exe
  2⤵
  PID:7264
- C:\Windows\System\WaoySIY.exe
  C:\Windows\System\WaoySIY.exe
  2⤵
  PID:7280
- C:\Windows\System\zdEMtkB.exe
  C:\Windows\System\zdEMtkB.exe
  2⤵
  PID:7296
- C:\Windows\System\BQKhgfU.exe
  C:\Windows\System\BQKhgfU.exe
  2⤵
  PID:7312
- C:\Windows\System\jKvNxLx.exe
  C:\Windows\System\jKvNxLx.exe
  2⤵
  PID:7328
- C:\Windows\System\SOlDpml.exe
  C:\Windows\System\SOlDpml.exe
  2⤵
  PID:7348
- C:\Windows\System\nrozCOC.exe
  C:\Windows\System\nrozCOC.exe
  2⤵
  PID:7364
- C:\Windows\System\lkHawjb.exe
  C:\Windows\System\lkHawjb.exe
  2⤵
  PID:7380
- C:\Windows\System\nHNDWar.exe
  C:\Windows\System\nHNDWar.exe
  2⤵
  PID:7396
- C:\Windows\System\VdZKXCf.exe
  C:\Windows\System\VdZKXCf.exe
  2⤵
  PID:7412
- C:\Windows\System\NiJchQh.exe
  C:\Windows\System\NiJchQh.exe
  2⤵
  PID:7428
- C:\Windows\System\XkCubOS.exe
  C:\Windows\System\XkCubOS.exe
  2⤵
  PID:7444
- C:\Windows\System\cHKyXUy.exe
  C:\Windows\System\cHKyXUy.exe
  2⤵
  PID:7460
- C:\Windows\System\OvOXBQl.exe
  C:\Windows\System\OvOXBQl.exe
  2⤵
  PID:7476
- C:\Windows\System\CdLZpnL.exe
  C:\Windows\System\CdLZpnL.exe
  2⤵
  PID:7492
- C:\Windows\System\dYkyJiV.exe
  C:\Windows\System\dYkyJiV.exe
  2⤵
  PID:7508
- C:\Windows\System\EzviHMG.exe
  C:\Windows\System\EzviHMG.exe
  2⤵
  PID:7524
- C:\Windows\System\Clyvbea.exe
  C:\Windows\System\Clyvbea.exe
  2⤵
  PID:7540
- C:\Windows\System\ojRwehi.exe
  C:\Windows\System\ojRwehi.exe
  2⤵
  PID:7556
- C:\Windows\System\kWdwpWg.exe
  C:\Windows\System\kWdwpWg.exe
  2⤵
  PID:7572
- C:\Windows\System\CQfNdIL.exe
  C:\Windows\System\CQfNdIL.exe
  2⤵
  PID:7588
- C:\Windows\System\JRyiYzc.exe
  C:\Windows\System\JRyiYzc.exe
  2⤵
  PID:7604
- C:\Windows\System\NpGaFQS.exe
  C:\Windows\System\NpGaFQS.exe
  2⤵
  PID:7620
- C:\Windows\System\TssZmHh.exe
  C:\Windows\System\TssZmHh.exe
  2⤵
  PID:7636
- C:\Windows\System\leWhDWV.exe
  C:\Windows\System\leWhDWV.exe
  2⤵
  PID:7652
- C:\Windows\System\aRWNPeR.exe
  C:\Windows\System\aRWNPeR.exe
  2⤵
  PID:7668
- C:\Windows\System\TPfjyrt.exe
  C:\Windows\System\TPfjyrt.exe
  2⤵
  PID:7684
- C:\Windows\System\gyDvbcA.exe
  C:\Windows\System\gyDvbcA.exe
  2⤵
  PID:7700
- C:\Windows\System\htEpMLu.exe
  C:\Windows\System\htEpMLu.exe
  2⤵
  PID:7716
- C:\Windows\System\WnKcjkw.exe
  C:\Windows\System\WnKcjkw.exe
  2⤵
  PID:7732
- C:\Windows\System\PTkkSZp.exe
  C:\Windows\System\PTkkSZp.exe
  2⤵
  PID:7748
- C:\Windows\System\uAayptv.exe
  C:\Windows\System\uAayptv.exe
  2⤵
  PID:7768
- C:\Windows\System\ZpTBwnA.exe
  C:\Windows\System\ZpTBwnA.exe
  2⤵
  PID:7784
- C:\Windows\System\zhJnqQm.exe
  C:\Windows\System\zhJnqQm.exe
  2⤵
  PID:7800
- C:\Windows\System\fQnSHaP.exe
  C:\Windows\System\fQnSHaP.exe
  2⤵
  PID:7816
- C:\Windows\System\FqPjIQZ.exe
  C:\Windows\System\FqPjIQZ.exe
  2⤵
  PID:7832
- C:\Windows\System\MOpYKRa.exe
  C:\Windows\System\MOpYKRa.exe
  2⤵
  PID:7848
- C:\Windows\System\gBAjpzk.exe
  C:\Windows\System\gBAjpzk.exe
  2⤵
  PID:7864
- C:\Windows\System\pirjfXl.exe
  C:\Windows\System\pirjfXl.exe
  2⤵
  PID:7880
- C:\Windows\System\ZRVdZcn.exe
  C:\Windows\System\ZRVdZcn.exe
  2⤵
  PID:7896
- C:\Windows\System\ALDZiua.exe
  C:\Windows\System\ALDZiua.exe
  2⤵
  PID:7912
- C:\Windows\System\HHNhCNl.exe
  C:\Windows\System\HHNhCNl.exe
  2⤵
  PID:7928
- C:\Windows\System\ZeehvIj.exe
  C:\Windows\System\ZeehvIj.exe
  2⤵
  PID:7944
- C:\Windows\System\SYmtRJW.exe
  C:\Windows\System\SYmtRJW.exe
  2⤵
  PID:7960
- C:\Windows\System\VUSumZu.exe
  C:\Windows\System\VUSumZu.exe
  2⤵
  PID:7976
- C:\Windows\System\ShvdwJA.exe
  C:\Windows\System\ShvdwJA.exe
  2⤵
  PID:7992
- C:\Windows\System\LLJvqDh.exe
  C:\Windows\System\LLJvqDh.exe
  2⤵
  PID:8008
- C:\Windows\System\XJLqGxE.exe
  C:\Windows\System\XJLqGxE.exe
  2⤵
  PID:8024
- C:\Windows\System\VVDJBOE.exe
  C:\Windows\System\VVDJBOE.exe
  2⤵
  PID:8040
- C:\Windows\System\giETFsY.exe
  C:\Windows\System\giETFsY.exe
  2⤵
  PID:8056
- C:\Windows\System\boaLAeY.exe
  C:\Windows\System\boaLAeY.exe
  2⤵
  PID:8072
- C:\Windows\System\QkbWjLF.exe
  C:\Windows\System\QkbWjLF.exe
  2⤵
  PID:8088
- C:\Windows\System\SWTQyMk.exe
  C:\Windows\System\SWTQyMk.exe
  2⤵
  PID:8104
- C:\Windows\System\ZaQKbTF.exe
  C:\Windows\System\ZaQKbTF.exe
  2⤵
  PID:8120
- C:\Windows\System\YojtGmF.exe
  C:\Windows\System\YojtGmF.exe
  2⤵
  PID:8136
- C:\Windows\System\vlzKIZu.exe
  C:\Windows\System\vlzKIZu.exe
  2⤵
  PID:8152
- C:\Windows\System\LjIkxEq.exe
  C:\Windows\System\LjIkxEq.exe
  2⤵
  PID:8168
- C:\Windows\System\ORVKVnc.exe
  C:\Windows\System\ORVKVnc.exe
  2⤵
  PID:8184
- C:\Windows\System\DkbUKVZ.exe
  C:\Windows\System\DkbUKVZ.exe
  2⤵
  PID:6304
- C:\Windows\System\gwEgrio.exe
  C:\Windows\System\gwEgrio.exe
  2⤵
  PID:6320
- C:\Windows\System\OjiwMcj.exe
  C:\Windows\System\OjiwMcj.exe
  2⤵
  PID:6156
- C:\Windows\System\fQdiQIs.exe
  C:\Windows\System\fQdiQIs.exe
  2⤵
  PID:7092
- C:\Windows\System\OVXaZas.exe
  C:\Windows\System\OVXaZas.exe
  2⤵
  PID:7240
- C:\Windows\System\jqshmlN.exe
  C:\Windows\System\jqshmlN.exe
  2⤵
  PID:2012
- C:\Windows\System\dJzxjAJ.exe
  C:\Windows\System\dJzxjAJ.exe
  2⤵
  PID:7108
- C:\Windows\System\sACEsYw.exe
  C:\Windows\System\sACEsYw.exe
  2⤵
  PID:7072
- C:\Windows\System\cekcJHV.exe
  C:\Windows\System\cekcJHV.exe
  2⤵
  PID:6596
- C:\Windows\System\FdWRQrD.exe
  C:\Windows\System\FdWRQrD.exe
  2⤵
  PID:1572
- C:\Windows\System\UbDtJFl.exe
  C:\Windows\System\UbDtJFl.exe
  2⤵
  PID:7224
- C:\Windows\System\HEkhtLq.exe
  C:\Windows\System\HEkhtLq.exe
  2⤵
  PID:7288
- C:\Windows\System\oXEAWLN.exe
  C:\Windows\System\oXEAWLN.exe
  2⤵
  PID:7388
- C:\Windows\System\loPKuEj.exe
  C:\Windows\System\loPKuEj.exe
  2⤵
  PID:7372
- C:\Windows\System\luLaYao.exe
  C:\Windows\System\luLaYao.exe
  2⤵
  PID:7436
- C:\Windows\System\IUVKqnN.exe
  C:\Windows\System\IUVKqnN.exe
  2⤵
  PID:7484
- C:\Windows\System\VcoEoQI.exe
  C:\Windows\System\VcoEoQI.exe
  2⤵
  PID:7516
- C:\Windows\System\PKkRwXO.exe
  C:\Windows\System\PKkRwXO.exe
  2⤵
  PID:7584
- C:\Windows\System\jbGgINY.exe
  C:\Windows\System\jbGgINY.exe
  2⤵
  PID:7644
- C:\Windows\System\aEojhUN.exe
  C:\Windows\System\aEojhUN.exe
  2⤵
  PID:7680
- C:\Windows\System\WiRZWVf.exe
  C:\Windows\System\WiRZWVf.exe
  2⤵
  PID:7744
- C:\Windows\System\oBPOiAb.exe
  C:\Windows\System\oBPOiAb.exe
  2⤵
  PID:7812
- C:\Windows\System\mLbnCFR.exe
  C:\Windows\System\mLbnCFR.exe
  2⤵
  PID:7532
- C:\Windows\System\kVoTnFc.exe
  C:\Windows\System\kVoTnFc.exe
  2⤵
  PID:7596
- C:\Windows\System\KjqeYAa.exe
  C:\Windows\System\KjqeYAa.exe
  2⤵
  PID:7664
- C:\Windows\System\rlAWSQw.exe
  C:\Windows\System\rlAWSQw.exe
  2⤵
  PID:8160
- C:\Windows\System\HzFGcQS.exe
  C:\Windows\System\HzFGcQS.exe
  2⤵
  PID:6892
- C:\Windows\System\GsdoiDs.exe
  C:\Windows\System\GsdoiDs.exe
  2⤵
  PID:2392
- C:\Windows\System\HCALhvc.exe
  C:\Windows\System\HCALhvc.exe
  2⤵
  PID:7356
- C:\Windows\System\xftrnQN.exe
  C:\Windows\System\xftrnQN.exe
  2⤵
  PID:7320
- C:\Windows\System\LNwXrTW.exe
  C:\Windows\System\LNwXrTW.exe
  2⤵
  PID:6964
- C:\Windows\System\jpZTSBb.exe
  C:\Windows\System\jpZTSBb.exe
  2⤵
  PID:7260
- C:\Windows\System\GqignBq.exe
  C:\Windows\System\GqignBq.exe
  2⤵
  PID:7452
- C:\Windows\System\bvdIese.exe
  C:\Windows\System\bvdIese.exe
  2⤵
  PID:7712
- C:\Windows\System\elmKBfY.exe
  C:\Windows\System\elmKBfY.exe
  2⤵
  PID:7472
- C:\Windows\System\ywbLBVU.exe
  C:\Windows\System\ywbLBVU.exe
  2⤵
  PID:1724
- C:\Windows\System\QjSKCUw.exe
  C:\Windows\System\QjSKCUw.exe
  2⤵
  PID:3048
- C:\Windows\System\rlTpMwS.exe
  C:\Windows\System\rlTpMwS.exe
  2⤵
  PID:7780
- C:\Windows\System\LWFCfOT.exe
  C:\Windows\System\LWFCfOT.exe
  2⤵
  PID:7632
- C:\Windows\System\SLEQlZs.exe
  C:\Windows\System\SLEQlZs.exe
  2⤵
  PID:7728
- C:\Windows\System\DkTYmVs.exe
  C:\Windows\System\DkTYmVs.exe
  2⤵
  PID:7796
- C:\Windows\System\Lhfcvuk.exe
  C:\Windows\System\Lhfcvuk.exe
  2⤵
  PID:7860
- C:\Windows\System\XqBaiWm.exe
  C:\Windows\System\XqBaiWm.exe
  2⤵
  PID:7904
- C:\Windows\System\LkcYgao.exe
  C:\Windows\System\LkcYgao.exe
  2⤵
  PID:1884
- C:\Windows\System\hVErdGl.exe
  C:\Windows\System\hVErdGl.exe
  2⤵
  PID:7920
- C:\Windows\System\vuCUZry.exe
  C:\Windows\System\vuCUZry.exe
  2⤵
  PID:7972
- C:\Windows\System\pADFbyP.exe
  C:\Windows\System\pADFbyP.exe
  2⤵
  PID:1232
- C:\Windows\System\XbgqAha.exe
  C:\Windows\System\XbgqAha.exe
  2⤵
  PID:8048
- C:\Windows\System\GkzckyE.exe
  C:\Windows\System\GkzckyE.exe
  2⤵
  PID:8112
- C:\Windows\System\quhKrar.exe
  C:\Windows\System\quhKrar.exe
  2⤵
  PID:8068
- C:\Windows\System\RUDEoXS.exe
  C:\Windows\System\RUDEoXS.exe
  2⤵
  PID:8100
- C:\Windows\System\yZVCVNg.exe
  C:\Windows\System\yZVCVNg.exe
  2⤵
  PID:8180
- C:\Windows\System\Ohqyell.exe
  C:\Windows\System\Ohqyell.exe
  2⤵
  PID:7176
- C:\Windows\System\aBkrTvC.exe
  C:\Windows\System\aBkrTvC.exe
  2⤵
  PID:7304
- C:\Windows\System\nogZNFU.exe
  C:\Windows\System\nogZNFU.exe
  2⤵
  PID:7344
- C:\Windows\System\uHmNCNo.exe
  C:\Windows\System\uHmNCNo.exe
  2⤵
  PID:1460
- C:\Windows\System\kbyCikJ.exe
  C:\Windows\System\kbyCikJ.exe
  2⤵
  PID:6652
- C:\Windows\System\BhcYukM.exe
  C:\Windows\System\BhcYukM.exe
  2⤵
  PID:7004
- C:\Windows\System\eskzpYT.exe
  C:\Windows\System\eskzpYT.exe
  2⤵
  PID:7564
- C:\Windows\System\nGAjjLX.exe
  C:\Windows\System\nGAjjLX.exe
  2⤵
  PID:7872
- C:\Windows\System\aMtleVC.exe
  C:\Windows\System\aMtleVC.exe
  2⤵
  PID:7612
- C:\Windows\System\uOWUQUl.exe
  C:\Windows\System\uOWUQUl.exe
  2⤵
  PID:7892
- C:\Windows\System\vcpSwMe.exe
  C:\Windows\System\vcpSwMe.exe
  2⤵
  PID:7984
- C:\Windows\System\tTLUwxF.exe
  C:\Windows\System\tTLUwxF.exe
  2⤵
  PID:7952
- C:\Windows\System\AUUwWRt.exe
  C:\Windows\System\AUUwWRt.exe
  2⤵
  PID:8020
- C:\Windows\System\fdnraCP.exe
  C:\Windows\System\fdnraCP.exe
  2⤵
  PID:7760
- C:\Windows\System\QDVYGDH.exe
  C:\Windows\System\QDVYGDH.exe
  2⤵
  PID:492
- C:\Windows\System\tEWXidl.exe
  C:\Windows\System\tEWXidl.exe
  2⤵
  PID:7308
- C:\Windows\System\lUQBcwm.exe
  C:\Windows\System\lUQBcwm.exe
  2⤵
  PID:7580
- C:\Windows\System\bmtWwIh.exe
  C:\Windows\System\bmtWwIh.exe
  2⤵
  PID:8064
- C:\Windows\System\IZNFmzl.exe
  C:\Windows\System\IZNFmzl.exe
  2⤵
  PID:7212
- C:\Windows\System\DmSaFej.exe
  C:\Windows\System\DmSaFej.exe
  2⤵
  PID:7628
- C:\Windows\System\cpMygDP.exe
  C:\Windows\System\cpMygDP.exe
  2⤵
  PID:7792
- C:\Windows\System\ymAmpEw.exe
  C:\Windows\System\ymAmpEw.exe
  2⤵
  PID:7876
- C:\Windows\System\iKPLZOB.exe
  C:\Windows\System\iKPLZOB.exe
  2⤵
  PID:7500
- C:\Windows\System\rTqdWDo.exe
  C:\Windows\System\rTqdWDo.exe
  2⤵
  PID:6476
- C:\Windows\System\tiRaUKT.exe
  C:\Windows\System\tiRaUKT.exe
  2⤵
  PID:8084
- C:\Windows\System\UqmQkZg.exe
  C:\Windows\System\UqmQkZg.exe
  2⤵
  PID:8200
- C:\Windows\System\PxHWHtZ.exe
  C:\Windows\System\PxHWHtZ.exe
  2⤵
  PID:8216
- C:\Windows\System\GmrfwSB.exe
  C:\Windows\System\GmrfwSB.exe
  2⤵
  PID:8232
- C:\Windows\System\rDzXvAk.exe
  C:\Windows\System\rDzXvAk.exe
  2⤵
  PID:8248
- C:\Windows\System\UUQUnxt.exe
  C:\Windows\System\UUQUnxt.exe
  2⤵
  PID:8264
- C:\Windows\System\wcBBIpL.exe
  C:\Windows\System\wcBBIpL.exe
  2⤵
  PID:8280
- C:\Windows\System\VfCeOIZ.exe
  C:\Windows\System\VfCeOIZ.exe
  2⤵
  PID:8296
- C:\Windows\System\SKAZBtm.exe
  C:\Windows\System\SKAZBtm.exe
  2⤵
  PID:8312
- C:\Windows\System\ZzcAMqe.exe
  C:\Windows\System\ZzcAMqe.exe
  2⤵
  PID:8328
- C:\Windows\System\IaMWPdK.exe
  C:\Windows\System\IaMWPdK.exe
  2⤵
  PID:8344
- C:\Windows\System\CaLElCJ.exe
  C:\Windows\System\CaLElCJ.exe
  2⤵
  PID:8360
- C:\Windows\System\CInCDeP.exe
  C:\Windows\System\CInCDeP.exe
  2⤵
  PID:8376
- C:\Windows\System\FsMUofm.exe
  C:\Windows\System\FsMUofm.exe
  2⤵
  PID:8392
- C:\Windows\System\uYFyPUV.exe
  C:\Windows\System\uYFyPUV.exe
  2⤵
  PID:8408
- C:\Windows\System\ytnpRxc.exe
  C:\Windows\System\ytnpRxc.exe
  2⤵
  PID:8424
- C:\Windows\System\kamdKYq.exe
  C:\Windows\System\kamdKYq.exe
  2⤵
  PID:8444
- C:\Windows\System\yFGMdVf.exe
  C:\Windows\System\yFGMdVf.exe
  2⤵
  PID:8460
- C:\Windows\System\FIkilCx.exe
  C:\Windows\System\FIkilCx.exe
  2⤵
  PID:8476
- C:\Windows\System\ISJRcaY.exe
  C:\Windows\System\ISJRcaY.exe
  2⤵
  PID:8492
- C:\Windows\System\AKczRTQ.exe
  C:\Windows\System\AKczRTQ.exe
  2⤵
  PID:8508
- C:\Windows\System\PbcFSpD.exe
  C:\Windows\System\PbcFSpD.exe
  2⤵
  PID:8524
- C:\Windows\System\JiaaRbs.exe
  C:\Windows\System\JiaaRbs.exe
  2⤵
  PID:8540
- C:\Windows\System\HPfRzmG.exe
  C:\Windows\System\HPfRzmG.exe
  2⤵
  PID:8556
- C:\Windows\System\kTiisAy.exe
  C:\Windows\System\kTiisAy.exe
  2⤵
  PID:8572
- C:\Windows\System\XsfjmKi.exe
  C:\Windows\System\XsfjmKi.exe
  2⤵
  PID:8588
- C:\Windows\System\nKvhznM.exe
  C:\Windows\System\nKvhznM.exe
  2⤵
  PID:8604
- C:\Windows\System\dUFxWjR.exe
  C:\Windows\System\dUFxWjR.exe
  2⤵
  PID:8620
- C:\Windows\System\uVSUKoX.exe
  C:\Windows\System\uVSUKoX.exe
  2⤵
  PID:8636
- C:\Windows\System\uITlsad.exe
  C:\Windows\System\uITlsad.exe
  2⤵
  PID:8652
- C:\Windows\System\YDdZWbH.exe
  C:\Windows\System\YDdZWbH.exe
  2⤵
  PID:8668
- C:\Windows\System\wQEDusU.exe
  C:\Windows\System\wQEDusU.exe
  2⤵
  PID:8684
- C:\Windows\System\etZjIRp.exe
  C:\Windows\System\etZjIRp.exe
  2⤵
  PID:8700
- C:\Windows\System\iMSGZCl.exe
  C:\Windows\System\iMSGZCl.exe
  2⤵
  PID:8716
- C:\Windows\System\xwxZiPE.exe
  C:\Windows\System\xwxZiPE.exe
  2⤵
  PID:8732
- C:\Windows\System\AjtvRbi.exe
  C:\Windows\System\AjtvRbi.exe
  2⤵
  PID:8748
- C:\Windows\System\NQbDdAW.exe
  C:\Windows\System\NQbDdAW.exe
  2⤵
  PID:8764
- C:\Windows\System\rvdrPFb.exe
  C:\Windows\System\rvdrPFb.exe
  2⤵
  PID:8780
- C:\Windows\System\cjAEPSX.exe
  C:\Windows\System\cjAEPSX.exe
  2⤵
  PID:8796
- C:\Windows\System\QGiqWhJ.exe
  C:\Windows\System\QGiqWhJ.exe
  2⤵
  PID:8812
- C:\Windows\System\orbjwAU.exe
  C:\Windows\System\orbjwAU.exe
  2⤵
  PID:8828
- C:\Windows\System\KGpztxm.exe
  C:\Windows\System\KGpztxm.exe
  2⤵
  PID:8844
- C:\Windows\System\xYJxLZf.exe
  C:\Windows\System\xYJxLZf.exe
  2⤵
  PID:8860
- C:\Windows\System\orGVhjW.exe
  C:\Windows\System\orGVhjW.exe
  2⤵
  PID:8876
- C:\Windows\System\PWCHFyb.exe
  C:\Windows\System\PWCHFyb.exe
  2⤵
  PID:8892
- C:\Windows\System\xeTGnGG.exe
  C:\Windows\System\xeTGnGG.exe
  2⤵
  PID:8908
- C:\Windows\System\MskUloU.exe
  C:\Windows\System\MskUloU.exe
  2⤵
  PID:8924
- C:\Windows\System\bQYjMYK.exe
  C:\Windows\System\bQYjMYK.exe
  2⤵
  PID:8940
- C:\Windows\System\rggJlvN.exe
  C:\Windows\System\rggJlvN.exe
  2⤵
  PID:8956
- C:\Windows\System\ocIYgzZ.exe
  C:\Windows\System\ocIYgzZ.exe
  2⤵
  PID:8972
- C:\Windows\System\ERvKhyd.exe
  C:\Windows\System\ERvKhyd.exe
  2⤵
  PID:8988
- C:\Windows\System\EBhvolG.exe
  C:\Windows\System\EBhvolG.exe
  2⤵
  PID:9004
- C:\Windows\System\ORbmNRF.exe
  C:\Windows\System\ORbmNRF.exe
  2⤵
  PID:9020
- C:\Windows\System\almrQYB.exe
  C:\Windows\System\almrQYB.exe
  2⤵
  PID:9036
- C:\Windows\System\wtjztxp.exe
  C:\Windows\System\wtjztxp.exe
  2⤵
  PID:9052
- C:\Windows\System\WKVysyP.exe
  C:\Windows\System\WKVysyP.exe
  2⤵
  PID:9068
- C:\Windows\System\rFCsRDs.exe
  C:\Windows\System\rFCsRDs.exe
  2⤵
  PID:9084
- C:\Windows\System\CnZJbPm.exe
  C:\Windows\System\CnZJbPm.exe
  2⤵
  PID:9100
- C:\Windows\System\HhEaAlU.exe
  C:\Windows\System\HhEaAlU.exe
  2⤵
  PID:9116
- C:\Windows\System\fTbyPFx.exe
  C:\Windows\System\fTbyPFx.exe
  2⤵
  PID:9132
- C:\Windows\System\yteEgBq.exe
  C:\Windows\System\yteEgBq.exe
  2⤵
  PID:9148
- C:\Windows\System\qaDcdKR.exe
  C:\Windows\System\qaDcdKR.exe
  2⤵
  PID:9164
- C:\Windows\System\SiCQFCj.exe
  C:\Windows\System\SiCQFCj.exe
  2⤵
  PID:9180
- C:\Windows\System\JkDnyMg.exe
  C:\Windows\System\JkDnyMg.exe
  2⤵
  PID:9196
- C:\Windows\System\OZMcIbQ.exe
  C:\Windows\System\OZMcIbQ.exe
  2⤵
  PID:9212
- C:\Windows\System\tBAViym.exe
  C:\Windows\System\tBAViym.exe
  2⤵
  PID:8244
- C:\Windows\System\qHTzlVg.exe
  C:\Windows\System\qHTzlVg.exe
  2⤵
  PID:7468
- C:\Windows\System\xUeRHmA.exe
  C:\Windows\System\xUeRHmA.exe
  2⤵
  PID:8256
- C:\Windows\System\XvAYjjo.exe
  C:\Windows\System\XvAYjjo.exe
  2⤵
  PID:7276
- C:\Windows\System\cRNMsUf.exe
  C:\Windows\System\cRNMsUf.exe
  2⤵
  PID:8324
- C:\Windows\System\IwrhlRP.exe
  C:\Windows\System\IwrhlRP.exe
  2⤵
  PID:8288
- C:\Windows\System\SLKvvEf.exe
  C:\Windows\System\SLKvvEf.exe
  2⤵
  PID:8368
- C:\Windows\System\bOIJDLd.exe
  C:\Windows\System\bOIJDLd.exe
  2⤵
  PID:2104
- C:\Windows\System\RfZlmTi.exe
  C:\Windows\System\RfZlmTi.exe
  2⤵
  PID:8440
- C:\Windows\System\uFfself.exe
  C:\Windows\System\uFfself.exe
  2⤵
  PID:8500
- C:\Windows\System\waTehJN.exe
  C:\Windows\System\waTehJN.exe
  2⤵
  PID:8488
- C:\Windows\System\UqihNUt.exe
  C:\Windows\System\UqihNUt.exe
  2⤵
  PID:8564
- C:\Windows\System\YSRyoss.exe
  C:\Windows\System\YSRyoss.exe
  2⤵
  PID:8600
- C:\Windows\System\rbJFOrS.exe
  C:\Windows\System\rbJFOrS.exe
  2⤵
  PID:8520
- C:\Windows\System\rEcQEsK.exe
  C:\Windows\System\rEcQEsK.exe
  2⤵
  PID:8552
- C:\Windows\System\SCeMmiH.exe
  C:\Windows\System\SCeMmiH.exe
  2⤵
  PID:8664
- C:\Windows\System\AwNnPOl.exe
  C:\Windows\System\AwNnPOl.exe
  2⤵
  PID:8724
- C:\Windows\System\nKYCBuU.exe
  C:\Windows\System\nKYCBuU.exe
  2⤵
  PID:8712
- C:\Windows\System\VNyYEls.exe
  C:\Windows\System\VNyYEls.exe
  2⤵
  PID:8696
- C:\Windows\System\IYdtmsD.exe
  C:\Windows\System\IYdtmsD.exe
  2⤵
  PID:8788
- C:\Windows\System\aHAfQQu.exe
  C:\Windows\System\aHAfQQu.exe
  2⤵
  PID:8884
- C:\Windows\System\CACoOvA.exe
  C:\Windows\System\CACoOvA.exe
  2⤵
  PID:8948
- C:\Windows\System\icGedCR.exe
  C:\Windows\System\icGedCR.exe
  2⤵
  PID:9012
- C:\Windows\System\hPqpnOT.exe
  C:\Windows\System\hPqpnOT.exe
  2⤵
  PID:9044
- C:\Windows\System\pMmUlZs.exe
  C:\Windows\System\pMmUlZs.exe
  2⤵
  PID:8804
- C:\Windows\System\GuTEBpt.exe
  C:\Windows\System\GuTEBpt.exe
  2⤵
  PID:9064
- C:\Windows\System\QNOyeYt.exe
  C:\Windows\System\QNOyeYt.exe
  2⤵
  PID:8904
- C:\Windows\System\jwZyNni.exe
  C:\Windows\System\jwZyNni.exe
  2⤵
  PID:9000
- C:\Windows\System\IiJPrUt.exe
  C:\Windows\System\IiJPrUt.exe
  2⤵
  PID:9108
- C:\Windows\System\oKzAWbV.exe
  C:\Windows\System\oKzAWbV.exe
  2⤵
  PID:2184
- C:\Windows\System\bSTdVaC.exe
  C:\Windows\System\bSTdVaC.exe
  2⤵
  PID:9204
- C:\Windows\System\fTMLhnM.exe
  C:\Windows\System\fTMLhnM.exe
  2⤵
  PID:8272
- C:\Windows\System\RZGKxlW.exe
  C:\Windows\System\RZGKxlW.exe
  2⤵
  PID:8128
- C:\Windows\System\Rhkiemb.exe
  C:\Windows\System\Rhkiemb.exe
  2⤵
  PID:9156
- C:\Windows\System\ZzOlrKF.exe
  C:\Windows\System\ZzOlrKF.exe
  2⤵
  PID:8212
- C:\Windows\System\CxKDnty.exe
  C:\Windows\System\CxKDnty.exe
  2⤵
  PID:7828
- C:\Windows\System\jVLtNVb.exe
  C:\Windows\System\jVLtNVb.exe
  2⤵
  PID:7724
- C:\Windows\System\kjXjqPm.exe
  C:\Windows\System\kjXjqPm.exe
  2⤵
  PID:8400
- C:\Windows\System\MBWsjdL.exe
  C:\Windows\System\MBWsjdL.exe
  2⤵
  PID:8532
- C:\Windows\System\HJigxEu.exe
  C:\Windows\System\HJigxEu.exe
  2⤵
  PID:8644
- C:\Windows\System\xZqpiCH.exe
  C:\Windows\System\xZqpiCH.exe
  2⤵
  PID:8584
- C:\Windows\System\zTAfPvS.exe
  C:\Windows\System\zTAfPvS.exe
  2⤵
  PID:8416
- C:\Windows\System\ezjUuaE.exe
  C:\Windows\System\ezjUuaE.exe
  2⤵
  PID:8352
- C:\Windows\System\VsNAEUd.exe
  C:\Windows\System\VsNAEUd.exe
  2⤵
  PID:8920
- C:\Windows\System\mavFfhI.exe
  C:\Windows\System\mavFfhI.exe
  2⤵
  PID:8808
- C:\Windows\System\gJvcILN.exe
  C:\Windows\System\gJvcILN.exe
  2⤵
  PID:8936
- C:\Windows\System\pTnNkEa.exe
  C:\Windows\System\pTnNkEa.exe
  2⤵
  PID:9140
- C:\Windows\System\RQYKyKI.exe
  C:\Windows\System\RQYKyKI.exe
  2⤵
  PID:9144
- C:\Windows\System\Tspfcdy.exe
  C:\Windows\System\Tspfcdy.exe
  2⤵
  PID:9128
- C:\Windows\System\QlTyVxj.exe
  C:\Windows\System\QlTyVxj.exe
  2⤵
  PID:9188
- C:\Windows\System\DTFKDeO.exe
  C:\Windows\System\DTFKDeO.exe
  2⤵
  PID:8240
- C:\Windows\System\HMKscsD.exe
  C:\Windows\System\HMKscsD.exe
  2⤵
  PID:8304
- C:\Windows\System\ChjbUQz.exe
  C:\Windows\System\ChjbUQz.exe
  2⤵
  PID:940
- C:\Windows\System\GoQlHGY.exe
  C:\Windows\System\GoQlHGY.exe
  2⤵
  PID:8404
- C:\Windows\System\IpcxmyD.exe
  C:\Windows\System\IpcxmyD.exe
  2⤵
  PID:8648
- C:\Windows\System\GXVZMcx.exe
  C:\Windows\System\GXVZMcx.exe
  2⤵
  PID:8340
- C:\Windows\System\IjLzGVI.exe
  C:\Windows\System\IjLzGVI.exe
  2⤵
  PID:2904
- C:\Windows\System\mZAvvML.exe
  C:\Windows\System\mZAvvML.exe
  2⤵
  PID:868
- C:\Windows\System\yEByjKT.exe
  C:\Windows\System\yEByjKT.exe
  2⤵
  PID:2792
- C:\Windows\System\CDUAzMy.exe
  C:\Windows\System\CDUAzMy.exe
  2⤵
  PID:2180
- C:\Windows\System\DabGMaJ.exe
  C:\Windows\System\DabGMaJ.exe
  2⤵
  PID:8980
- C:\Windows\System\dUUcqCd.exe
  C:\Windows\System\dUUcqCd.exe
  2⤵
  PID:9080
- C:\Windows\System\RPgpvAY.exe
  C:\Windows\System\RPgpvAY.exe
  2⤵
  PID:8228
- C:\Windows\System\SUTXqFg.exe
  C:\Windows\System\SUTXqFg.exe
  2⤵
  PID:9092
- C:\Windows\System\MbhAAie.exe
  C:\Windows\System\MbhAAie.exe
  2⤵
  PID:9060
- C:\Windows\System\YtMQJaX.exe
  C:\Windows\System\YtMQJaX.exe
  2⤵
  PID:2236
- C:\Windows\System\UtmHhgH.exe
  C:\Windows\System\UtmHhgH.exe
  2⤵
  PID:2216
- C:\Windows\System\qCNYWnq.exe
  C:\Windows\System\qCNYWnq.exe
  2⤵
  PID:9224
- C:\Windows\System\JOjMnlM.exe
  C:\Windows\System\JOjMnlM.exe
  2⤵
  PID:9240
- C:\Windows\System\JscTVsU.exe
  C:\Windows\System\JscTVsU.exe
  2⤵
  PID:9256
- C:\Windows\System\pMaLYfK.exe
  C:\Windows\System\pMaLYfK.exe
  2⤵
  PID:9272
- C:\Windows\System\YFZniqe.exe
  C:\Windows\System\YFZniqe.exe
  2⤵
  PID:9288
- C:\Windows\System\ORMEnMc.exe
  C:\Windows\System\ORMEnMc.exe
  2⤵
  PID:9304
- C:\Windows\System\ogigbUn.exe
  C:\Windows\System\ogigbUn.exe
  2⤵
  PID:9320
- C:\Windows\System\qCNUvuQ.exe
  C:\Windows\System\qCNUvuQ.exe
  2⤵
  PID:9336
- C:\Windows\System\hXhrkpM.exe
  C:\Windows\System\hXhrkpM.exe
  2⤵
  PID:9352
- C:\Windows\System\bMYWvGF.exe
  C:\Windows\System\bMYWvGF.exe
  2⤵
  PID:9368
- C:\Windows\System\CnjKayM.exe
  C:\Windows\System\CnjKayM.exe
  2⤵
  PID:9384
- C:\Windows\System\WUwemmg.exe
  C:\Windows\System\WUwemmg.exe
  2⤵
  PID:9400
- C:\Windows\System\IWzXcyP.exe
  C:\Windows\System\IWzXcyP.exe
  2⤵
  PID:9416
- C:\Windows\System\JUkGdqd.exe
  C:\Windows\System\JUkGdqd.exe
  2⤵
  PID:9432
- C:\Windows\System\iMCCwIB.exe
  C:\Windows\System\iMCCwIB.exe
  2⤵
  PID:9448
- C:\Windows\System\aFBoaBY.exe
  C:\Windows\System\aFBoaBY.exe
  2⤵
  PID:9464
- C:\Windows\System\RcBaPtw.exe
  C:\Windows\System\RcBaPtw.exe
  2⤵
  PID:9480
- C:\Windows\System\yDuChFJ.exe
  C:\Windows\System\yDuChFJ.exe
  2⤵
  PID:9496
- C:\Windows\System\tcxlGSh.exe
  C:\Windows\System\tcxlGSh.exe
  2⤵
  PID:9520
- C:\Windows\System\EisCfCB.exe
  C:\Windows\System\EisCfCB.exe
  2⤵
  PID:9660
- C:\Windows\System\yOsaFms.exe
  C:\Windows\System\yOsaFms.exe
  2⤵
  PID:9684
- C:\Windows\System\FeQPAfX.exe
  C:\Windows\System\FeQPAfX.exe
  2⤵
  PID:9704
- C:\Windows\System\JCHkOFZ.exe
  C:\Windows\System\JCHkOFZ.exe
  2⤵
  PID:9720
- C:\Windows\System\naFBXps.exe
  C:\Windows\System\naFBXps.exe
  2⤵
  PID:9740
- C:\Windows\System\iNSTRJf.exe
  C:\Windows\System\iNSTRJf.exe
  2⤵
  PID:9760
- C:\Windows\System\XgXZMCB.exe
  C:\Windows\System\XgXZMCB.exe
  2⤵
  PID:9780
- C:\Windows\System\JjkhrHA.exe
  C:\Windows\System\JjkhrHA.exe
  2⤵
  PID:9800
- C:\Windows\System\kyxykUt.exe
  C:\Windows\System\kyxykUt.exe
  2⤵
  PID:9816
- C:\Windows\System\IiUNoOy.exe
  C:\Windows\System\IiUNoOy.exe
  2⤵
  PID:9836
- C:\Windows\System\ZDgVBfh.exe
  C:\Windows\System\ZDgVBfh.exe
  2⤵
  PID:9856
- C:\Windows\System\OokgKeV.exe
  C:\Windows\System\OokgKeV.exe
  2⤵
  PID:9876
- C:\Windows\System\uOdskmH.exe
  C:\Windows\System\uOdskmH.exe
  2⤵
  PID:9892
- C:\Windows\System\exYzwCC.exe
  C:\Windows\System\exYzwCC.exe
  2⤵
  PID:9936
- C:\Windows\System\QxRYVzG.exe
  C:\Windows\System\QxRYVzG.exe
  2⤵
  PID:9952
- C:\Windows\System\DkSNsQm.exe
  C:\Windows\System\DkSNsQm.exe
  2⤵
  PID:9976
- C:\Windows\System\yZhVgce.exe
  C:\Windows\System\yZhVgce.exe
  2⤵
  PID:10000
- C:\Windows\System\KKmGrWb.exe
  C:\Windows\System\KKmGrWb.exe
  2⤵
  PID:10020
- C:\Windows\System\tZdWEnx.exe
  C:\Windows\System\tZdWEnx.exe
  2⤵
  PID:10036
- C:\Windows\System\dRckBeH.exe
  C:\Windows\System\dRckBeH.exe
  2⤵
  PID:10056
- C:\Windows\System\pmVltXB.exe
  C:\Windows\System\pmVltXB.exe
  2⤵
  PID:10072
- C:\Windows\System\IHcbWlF.exe
  C:\Windows\System\IHcbWlF.exe
  2⤵
  PID:10088
- C:\Windows\System\zOkgBDY.exe
  C:\Windows\System\zOkgBDY.exe
  2⤵
  PID:10104
- C:\Windows\System\OwtLUSg.exe
  C:\Windows\System\OwtLUSg.exe
  2⤵
  PID:10124
- C:\Windows\System\iYMztME.exe
  C:\Windows\System\iYMztME.exe
  2⤵
  PID:10140
- C:\Windows\System\XzRIpCC.exe
  C:\Windows\System\XzRIpCC.exe
  2⤵
  PID:10156
- C:\Windows\System\RRisgrF.exe
  C:\Windows\System\RRisgrF.exe
  2⤵
  PID:10172
- C:\Windows\System\BsLHSGE.exe
  C:\Windows\System\BsLHSGE.exe
  2⤵
  PID:10188
- C:\Windows\System\SESOxut.exe
  C:\Windows\System\SESOxut.exe
  2⤵
  PID:10204
- C:\Windows\System\KBocwLW.exe
  C:\Windows\System\KBocwLW.exe
  2⤵
  PID:10220
- C:\Windows\System\elhglOf.exe
  C:\Windows\System\elhglOf.exe
  2⤵
  PID:10236
- C:\Windows\System\mJBxSDg.exe
  C:\Windows\System\mJBxSDg.exe
  2⤵
  PID:8888
- C:\Windows\System\pmeZMuD.exe
  C:\Windows\System\pmeZMuD.exe
  2⤵
  PID:9220
- C:\Windows\System\VUiVRrs.exe
  C:\Windows\System\VUiVRrs.exe
  2⤵
  PID:9280
- C:\Windows\System\zvhMxKj.exe
  C:\Windows\System\zvhMxKj.exe
  2⤵
  PID:8320
- C:\Windows\System\qNxtFtA.exe
  C:\Windows\System\qNxtFtA.exe
  2⤵
  PID:9316
- C:\Windows\System\hMRCORn.exe
  C:\Windows\System\hMRCORn.exe
  2⤵
  PID:8436
- C:\Windows\System\QqNubCQ.exe
  C:\Windows\System\QqNubCQ.exe
  2⤵
  PID:9264
- C:\Windows\System\oSNgUoY.exe
  C:\Windows\System\oSNgUoY.exe
  2⤵
  PID:9348
- C:\Windows\System\BcduOON.exe
  C:\Windows\System\BcduOON.exe
  2⤵
  PID:9332
- C:\Windows\System\rLnEkAp.exe
  C:\Windows\System\rLnEkAp.exe
  2⤵
  PID:9412
- C:\Windows\System\EOQvPlE.exe
  C:\Windows\System\EOQvPlE.exe
  2⤵
  PID:9504
- C:\Windows\System\KVtzCGa.exe
  C:\Windows\System\KVtzCGa.exe
  2⤵
  PID:9492
- C:\Windows\System\THDeTlF.exe
  C:\Windows\System\THDeTlF.exe
  2⤵
  PID:9512
- C:\Windows\System\TyvSAoV.exe
  C:\Windows\System\TyvSAoV.exe
  2⤵
  PID:9536
- C:\Windows\System\imoDaNC.exe
  C:\Windows\System\imoDaNC.exe
  2⤵
  PID:9552
- C:\Windows\System\xuaRQYg.exe
  C:\Windows\System\xuaRQYg.exe
  2⤵
  PID:9568
- C:\Windows\System\pvsUOjD.exe
  C:\Windows\System\pvsUOjD.exe
  2⤵
  PID:9584
- C:\Windows\System\mAkFtKh.exe
  C:\Windows\System\mAkFtKh.exe
  2⤵
  PID:9600
- C:\Windows\System\UcwRsTf.exe
  C:\Windows\System\UcwRsTf.exe
  2⤵
  PID:9620
- C:\Windows\System\yYrHBhq.exe
  C:\Windows\System\yYrHBhq.exe
  2⤵
  PID:9656
- C:\Windows\System\HGeYmcy.exe
  C:\Windows\System\HGeYmcy.exe
  2⤵
  PID:9636
- C:\Windows\System\hhLvTgG.exe
  C:\Windows\System\hhLvTgG.exe
  2⤵
  PID:9700
- C:\Windows\System\TZejPWF.exe
  C:\Windows\System\TZejPWF.exe
  2⤵
  PID:9676
- C:\Windows\System\CyjqcXF.exe
  C:\Windows\System\CyjqcXF.exe
  2⤵
  PID:9748
- C:\Windows\System\HNhGRxX.exe
  C:\Windows\System\HNhGRxX.exe
  2⤵
  PID:9788
- C:\Windows\System\cBjntXI.exe
  C:\Windows\System\cBjntXI.exe
  2⤵
  PID:9828
- C:\Windows\System\KdBrEHX.exe
  C:\Windows\System\KdBrEHX.exe
  2⤵
  PID:9768
- C:\Windows\System\fKqOjam.exe
  C:\Windows\System\fKqOjam.exe
  2⤵
  PID:9808
- C:\Windows\System\pCFPBkm.exe
  C:\Windows\System\pCFPBkm.exe
  2⤵
  PID:9868
- C:\Windows\System\jAkMGzm.exe
  C:\Windows\System\jAkMGzm.exe
  2⤵
  PID:9904
- C:\Windows\System\ORxVFKV.exe
  C:\Windows\System\ORxVFKV.exe
  2⤵
  PID:9920
- C:\Windows\System\hmsBQHT.exe
  C:\Windows\System\hmsBQHT.exe
  2⤵
  PID:9932
- C:\Windows\System\COPNvJc.exe
  C:\Windows\System\COPNvJc.exe
  2⤵
  PID:10008
- C:\Windows\System\HZOMlqS.exe
  C:\Windows\System\HZOMlqS.exe
  2⤵
  PID:9988
- C:\Windows\System\jpjPBTT.exe
  C:\Windows\System\jpjPBTT.exe
  2⤵
  PID:9508
- C:\Windows\System\simNLMO.exe
  C:\Windows\System\simNLMO.exe
  2⤵
  PID:1008
- C:\Windows\System\QFdYUPU.exe
  C:\Windows\System\QFdYUPU.exe
  2⤵
  PID:10096
- C:\Windows\System\LuVcPpu.exe
  C:\Windows\System\LuVcPpu.exe
  2⤵
  PID:8996
- C:\Windows\System\HHeTlHB.exe
  C:\Windows\System\HHeTlHB.exe
  2⤵
  PID:9236
- C:\Windows\System\apXIPTQ.exe
  C:\Windows\System\apXIPTQ.exe
  2⤵
  PID:9408
- C:\Windows\System\NpFwYPV.exe
  C:\Windows\System\NpFwYPV.exe
  2⤵
  PID:10132
- C:\Windows\System\zHKRzax.exe
  C:\Windows\System\zHKRzax.exe
  2⤵
  PID:10164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\MoitNkA.exe

Filesize
6.0MB

MD5
573c783106d401d1c34009a69aa5b2c3

SHA1
5a25fb79a1e8cfa841d3a4ae39b62275d81d1085

SHA256
02150822d31948d6c44764922c12454ca053ec3137438fa339b667ba889c6e6a

SHA512
2eeeda0451e5c55d3435d9055a4a6fac53d95908e8dcd792d53f72470e791a559f6751ffedb72ce3f73ee9a336002a36ea952b6c9c00e3b2d22c1127de5b9fdc

Download Submit
C:\Windows\system\NexdsRA.exe

Filesize
6.0MB

MD5
d380b4eafb4b95e800b70e8c55b8b283

SHA1
18245645e5952ff9e81be3ebdc77034df81eeca4

SHA256
b85c47850fdf9aaaa113e84b623ad3ebe15cd01ea9a7d6aff0fd255e16cbacc3

SHA512
06d5e7d934c207f0a9d4fa914780b705fd93e8529832856886a5058dde91fb536bf2ec6a384d2af84c42ecd56d9ce8f269c41cf754d241898c3bd9b495a2f8c3

Download Submit
C:\Windows\system\RJSkVsb.exe

Filesize
6.0MB

MD5
eb1232ef2df5b6121bb6fb3f16f44877

SHA1
ba58e80c60bf568c3da90c4345da0f15dbd4ff10

SHA256
4e63b107f52da732ed8446eb90b7f1049e50f8e38654755ea86d858e03b21574

SHA512
a43d1650a0942c6b21c08939778aad6f8efa2b3e053f23da42d3107cc89d946528a32200307e3aa0ddccf3e8d1be6be37576ea76eacd8d422115a61e88b90c49

Download Submit
C:\Windows\system\SGsDOdR.exe

Filesize
6.0MB

MD5
c42d1587a7c773b15f1a43dee529fcf9

SHA1
69b6fb8788841e63e201aa0dc69bf7afdffe975a

SHA256
06d74b6acc04d08ab27e9ff9a5e0235c60c3d45ce97e6c238cc46a890cedabac

SHA512
32395a0811875374f100d337e574154762112a9c4014e49e7ff2afa73ed09714860b2c9b43e7d6f7669eb4bcc80d436543b60328a2f37e26e1c96575d76fb0ec

Download Submit
C:\Windows\system\TZqoQaX.exe

Filesize
6.0MB

MD5
734ecf76ad4142c3569104bd2fbfb87d

SHA1
2a4c5f13c387456361f6715aa35ae0b84b8adb96

SHA256
16e4f2f7c250dc6d8ca197e6529c0b39286c1c62bdaefdbffc1985f25bb4970e

SHA512
71a646c033ca25eff7bd5ee7f77179aeac51e93444ad1989caa2eec4d01378a2c36a97ddb4763a65d8defe35a4f7e05bd2d7ab2fc7d9336951a438d5375f8487

Download Submit
C:\Windows\system\VRhXOBa.exe

Filesize
6.0MB

MD5
1160ffb2e4008ab99ae62f2182369bb6

SHA1
5cb9c8b4a9ced1b62da2839a68d479e3637b1cca

SHA256
501c24204c66ffee17d6ea5d972e0e8f3f523c71dae994be3916b25fac88a3bd

SHA512
5d78fe0d45ff719f86be205f69796caf77b0f797529c26b6714680178c48a8b997a3c9229da75e14c35819e6def0dad8e6694bd2bcb93cb1282cb85152f17119

Download Submit
C:\Windows\system\VcWasnv.exe

Filesize
6.0MB

MD5
7f696a0881845b77c7135f38a0a8dc42

SHA1
659047df61159c663a8b8c3c7203ba75c093828c

SHA256
33069f2a4ddf00234474642668da0fcb995d9a4dbfec6e6d5afc33b87124e545

SHA512
a73c880cc9dfa512b051449a4ef647b6a05ab15764342f15ac09e1600d6727dd15313b60a7b8c66de4dce5af143328f75f3148307834af56e323b49b8ce309ba

Download Submit
C:\Windows\system\VzogQBZ.exe

Filesize
6.0MB

MD5
c16d637fd27f7d18591f79e62a63812b

SHA1
13329e5e3f22515b3b7b28ab0f7a151e3e82786a

SHA256
7d08f6c23678195e3daebe9ee9471bf81f4ef6a2bf31c3a6fb68e144a3361147

SHA512
0d1ca81a29f08bfbec9ba35ddbf6c2a427dff7f1ce694cc1cf22c208a602bdb9bf3b91de05728bfc452a84d88951958fc6382c76c13545165956cb421a9575a4

Download Submit
C:\Windows\system\XoOZCeS.exe

Filesize
6.0MB

MD5
80a05860d59e7f11c85cb8ddd406852e

SHA1
66116d1dec270b039b782a593d895039d8d1aece

SHA256
ab2de5e981bee054531cd4d3fbfbf4df104e75386d5891f2c39dce71309808cf

SHA512
63680e39fecc0d3977369f71232f4d6f4f2f529ad579eadb1f951be83fe6df6b92f76634d9d4246b6b7b4c3e635d49ae302d96c133f34f3b1ad571b1f2a0d205

Download Submit
C:\Windows\system\amtvflt.exe

Filesize
6.0MB

MD5
e6ffbf8cade544bc2b1bbffb81971062

SHA1
94c3701df3544610989b3f25290c0803f515f8be

SHA256
a3d21e0055799dcfd307e54fff4c1c37569cb69ba17b5e0cd6e53d2508b8edf1

SHA512
4842eba2d34859dc63ba8be0b1cec61ea79ba60d1a28c839095b64693f42a09fa1d125820934c88396691994f72b4a6544854d490fc115b146e8029da892da5e

Download Submit
C:\Windows\system\cIYCRvj.exe

Filesize
6.0MB

MD5
9e2315df5f34784ff05b47b74815d905

SHA1
8dc3692d69d5fb772a58527441b563d88c26d6f3

SHA256
fd87dcb2a3d640de7b0ea6e1662c5be86bab9780b0ea2723ec464953a554acc2

SHA512
d3511296c74d4f49d7f38f6487caff690fe307dc87591d6df8c0d4d39f35051c658e03a2aa17423359909235c339a3002c5d75cbd7a649ee32ec638f1bac2d12

Download Submit
C:\Windows\system\dcTPrvT.exe

Filesize
6.0MB

MD5
fc328b01845397ceaf137494d21ea00e

SHA1
7a9069076685fdb87cf863cb4e234a88b91621d1

SHA256
51613c063c4b8db2b36ef81e8915886a2fb43124690640b33091959408eab264

SHA512
4450dd2418d18d836bdf9ded7ae4f0c3612616dfc19189349aa1555c782926ed9be6f6f06d9383da3ce5fcaad9f37fa4bc8ef851587d54b3c1ff2f6f0a76a94d

Download Submit
C:\Windows\system\eHJGDBM.exe

Filesize
6.0MB

MD5
be35014e36f3b9a0eaca443bb46a48c8

SHA1
1f9c5c5b68372764655c215970067aac88df0bc0

SHA256
73505fe3bbb13113fe2cf4bc4b0d53039e0e9c5d39a9c0c2a5832d5cb4d6052d

SHA512
8ddfe6e9b717f4a4bcbcd5d3091a576c067314defe07986f671a5f945ba8392a2ccbcadc84e9c94d02f10cc4fb275ba93ff36383e578352855e4d8f55245accf

Download Submit
C:\Windows\system\gSzqLdx.exe

Filesize
6.0MB

MD5
193c9e98a0051c124b0731fc82fe6c17

SHA1
3edd656d1c893b6747d0dbee50180891af7082a8

SHA256
28b5e2d9f6566b8282984172c88dae3b33a809cda9e75535eda8b368eb064e2b

SHA512
1d085befd44b6284cab0a45207e625f994bda2baab3a8b8e92530f3e81ed25d5829d5599cdeaa76ff542fc1401f41a39d80b9ee9d2bbdb83936a27a74715e5e2

Download Submit
C:\Windows\system\jZCabhN.exe

Filesize
6.0MB

MD5
fa9a09fa66c7811a4e55cd1e020925de

SHA1
a582e7b45f2a0ea5da946fbb624bcb2dbf219720

SHA256
85603d5478b32fd0cd8426b1a66143ee749c9258687264b826eb37c8f4cb1ce1

SHA512
3d69de70b73527aab2104454f2e3ff293e8d2835656974c54e8b23219e8fdacc3042753b851900856e9bb215759358ab89455e53bff851f4d32e9de0ecca2c46

Download Submit
C:\Windows\system\jqEuuqS.exe

Filesize
6.0MB

MD5
7d824a8174067089dff7f2bb0d10a864

SHA1
2fa7a19777a90074523c16cc3bc3e9a223f648a8

SHA256
eb704493c361dde65a99c79d803657a55e27460cd6033e7e60a6cd0151e54eff

SHA512
9efc8ab0198c71c1860f090715255211dfac5567a94b2a94863546978acb04e59393a3d7a3f3c6d8d351f6921e52b940e7c224f605e120ed0751af7ffda421e9

Download Submit
C:\Windows\system\kfoRjMG.exe

Filesize
6.0MB

MD5
e0bc89faf5a93925bc260ee04650b62a

SHA1
ed388c844b8e4f21176e5e7f002673212c4f88a3

SHA256
3d8794c3545def983bddf40b1b977891b7dd0fb924acc785ac7bc77252aff814

SHA512
acc7950313403a966c2a6f56af54b8b77d55430345c14290e9a9deb1aad104390b237e3e094226a4ad6ecc1f541c138993619dfc289e67e01f53f29ac6cca128

Download Submit
C:\Windows\system\mdRxxrK.exe

Filesize
6.0MB

MD5
427824e78573c9494c9e16d9787f1cef

SHA1
fd883b75f93eaa4b9763be00d3da084762738aa4

SHA256
88871c801a9838fe1046973849a4e1bcbed3b0b961f3a4f1da1d1cb869225650

SHA512
332d84bfed45a1a141f461a9386d05aa66f05eeb480dbe1066c2871bc718fb7ad13c98910b269a8971b7e4a9ee2a0870fb171d2e59ce26a53250c79e1ffe5875

Download Submit
C:\Windows\system\ogTkLkI.exe

Filesize
6.0MB

MD5
dc666ecc7f1936285af17fcca284ec18

SHA1
6a8a554a89aaa40498db6211c18397d2c9f7b8de

SHA256
e5e243aa938c769ef56d3ce1bc06bc3d119f7f48788d4e8be26dd1c16167faee

SHA512
e3c9de829b59a46df8a3ae7309fc55d51b371f359722552e78e79c62b190010cddc04bd3fac53b79ddabadd29c5728e59f1160dcb758ba5bddb2384bea30d599

Download Submit
C:\Windows\system\pNNSdNT.exe

Filesize
6.0MB

MD5
b09db539d438c26325c636668223c7da

SHA1
05636333f780ade90a58160154ce0f95f9c6dfb0

SHA256
eccc2fc6a5a31659f20d93b18fa070dbbbf27a4a8648f6dd1f382765b16a0fcc

SHA512
16ef9d1b3e712b9928c7bc8d617a8dc615a70260cd43577aaefd792d64f5e38b8b6076f35cb3f77bd01a3c1687c7e9aa823a26e56d9e5f28bd13ddc14cec6e8c

Download Submit
C:\Windows\system\rlAIGdf.exe

Filesize
6.0MB

MD5
4cbaf5599e1253187f0f150d09305323

SHA1
6e299fb86cb4959b330176446943cac651e51612

SHA256
af41bac531c1cdc14dc273b43fba150c8f90fbbb92d7543106e25ae593bffaf4

SHA512
e94295eb76c284f6c567ee730b7da6f1066aa388708ede9c2d22e0cc8088399f0d1aba0d0975c69a5cf284ac05a2194478c050f7bdb61318036480dc247db383

Download Submit
C:\Windows\system\txzzIaz.exe

Filesize
6.0MB

MD5
4ec9e2dd331cdbf53434fc79c56914c3

SHA1
3d517d7b0d19b6dfd5605d716253c7bae7cc15a2

SHA256
9f13bf736545a1bb885094b5d1160274603050ac94c079edba3154fceff97a89

SHA512
1ad27eadcad3f5d66338ac934212f3010a9800d6f679fed21b14a1e32b1cf05be156d1aba768e853c26c3edb5fc6740d0858378d3386d668212e3980120dc3dd

Download Submit
C:\Windows\system\vzLbqos.exe

Filesize
6.0MB

MD5
7a591462d2b56cf0581aba1f71a83520

SHA1
f7fdad47f6b2cbc0ffb181ec83f79aef1a943d4c

SHA256
8998a0840b4de87be0c8dc40b42f4bcaab7ea8dd37a78da7edaec47565725ab9

SHA512
0809d12cc1e36dfbfa2480797a371bb761721316bf82c656dd77d122b671cad4a78266fc30d1842517f43b8d13af85f95a17cf1b6fb99b1cfdb0b91cfa70307c

Download Submit
C:\Windows\system\wkUzNXE.exe

Filesize
6.0MB

MD5
df4ef7c135ec442a10e44707788ca8ad

SHA1
c1c4be8297784453d9569ba3fb2a80d65ab5b750

SHA256
cd0aa2e4e3325389177a587f714aaff7d2b7661df3c022faa9f89acc50a1d5e3

SHA512
cddbcd5b0d6ebe08c09972891b6e3c2be2e5a920bbced5faa26d6e694873ca112e60ad458a785f40f127c45bd86a58501aabc0f048193eb3fd3bb917b800fdbf

Download Submit
C:\Windows\system\wsJsNVB.exe

Filesize
6.0MB

MD5
a7ae7df68afff90e61adc384a6b79926

SHA1
7eaf07e14e01c1f160ce3c912e1351b2c22ad14c

SHA256
6e89c289c6db0af19e0d43a912b9ae08a20af37c28e387ad32fa65490c9ac8d9

SHA512
8868274898219903c211b032061227aac03788df7fc2c0e15d6ca09981da8d5e9aa0b3a0259a02650c184e768e6f5e33ef13fa5b84900b5960f76fefa20b2c53

Download Submit
C:\Windows\system\wvlzWkq.exe

Filesize
6.0MB

MD5
030caefe5ccce87649f2832d9f57f3dd

SHA1
cfe338be90aef5ac6287972891cbb8a1280302f3

SHA256
760306ee5fc6892f5029af1392a320bc48d9be06e0b10cdbbae15d025b4f2c3d

SHA512
ce9e5999aea4db7a344f0a5008438e22a801a30e127d71668c372862d2c11cd890963dc4f73ef240b8f48727ff1560317e385129f5c98b79bd3c2257ff6d65fd

Download Submit
C:\Windows\system\xwtSHEg.exe

Filesize
6.0MB

MD5
7fef9956d13a7680e996b1031b7709d0

SHA1
13008674438feca06cd7b596e0c96145ed5eba7c

SHA256
8b68e4f166fc5763db21ec0d2aeccb0a780b79228f290702eaf15ceed7a8b2bf

SHA512
86a79c26c9eb28c438770b90fea0eff63cc208e557f10a9ce2130efd66762e4c75ac0f93d95755a4256cb86009a06abbd8f5133ae947f0193779966aabf70356

Download Submit
C:\Windows\system\zCNHBQh.exe

Filesize
6.0MB

MD5
2277ea2fb6b6c95e74c1372d9589537c

SHA1
ea99a246cbca73cd9a11de90d4d70293585438e0

SHA256
be9d214e1dfad0d58a780418aa40446bc031e154009029df80302aa1a097059e

SHA512
157132803b227b48f3b2453f7c62157efb6a598a54c4b5948c94501139181276b0ba755c59e17a58bf4dcf34e6f2acb5135f3e2c0ad27f05d7ea65ec941e3c05

Download Submit
\Windows\system\Gxgygso.exe

Filesize
6.0MB

MD5
50166166ade3b3627b639eb9b4ee7cca

SHA1
d23fae7805eaacbe7bb8a58917bc6b8283a29b85

SHA256
d61317700e9bc6e3ac160519a1d4256d89f4dd2ed105846d1dff28f0a57deb38

SHA512
f51c1e3332c95696862a92c85df2c87bcabd04d448a1f3fc3b606346605a899edf334c574e55d6aa4ad881d7c254d74a3795aa20fd9fa81a60c06f8e99edbd55

Download Submit
\Windows\system\NQtozIc.exe

Filesize
6.0MB

MD5
34f47cb3e7c7fed7445fa736f4dcbc53

SHA1
b40ecf16d95ec89ec8bce8dab3aaa068e300e809

SHA256
de83a9c5c06d3286776960a5f49b371967ecad2840d8a8a88a64d71e3bcdc83b

SHA512
cb799b1e6760e320710621e5d615d04db02ec90a9e7b86575f216f23356ec3b4b79b41acfe323e0b59e6643ba167128ef14e76abd9bdc0df3ce6fabbe8e4a228

Download Submit
\Windows\system\PTKQQmY.exe

Filesize
6.0MB

MD5
52cb9fc5036e229dbf0f4ad01dace65e

SHA1
042391af624fa6728e17bff576b303fbbb85069d

SHA256
532c65ebf0ccc75d731a23476bb08b298cd7fd285ea2ea3d7e53c7953fbc18fe

SHA512
d15d28ae586d5246026d3a1002c5ff1ebd0ddfcfc89ca64fa1cd1039feab46ff039e3527bacfecb6aac404c4e0701569fbc8cf0aa2a35a8caa031e8e5d38e58c

Download Submit
\Windows\system\TMujjDF.exe

Filesize
6.0MB

MD5
79a0341a8de1f85cfc7c536bf12835fe

SHA1
64eb459b8cd65b6277ec9f2829ab7ef626d135e5

SHA256
2516a8c33858de3c5e64b0dd26ae11e3551c1bcfbd7ae721e27056b58865e346

SHA512
7733f28932554d4c838406efc683a2de287e40e3b33522ea5f81d32ed46ae76d05a6b1eb2703bab5759651196b6cf3e85afd5d9570aa2a8d4df636eba125c1b5

Download Submit
memory/1668-4048-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1668-234-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1668-29-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1948-4045-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1948-14-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2072-4038-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2072-13-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4039-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2284-100-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2396-47-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-92-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-35-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-38-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2396-25-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1085-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-887-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-105-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2396-104-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-339-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-102-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2396-101-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2396-58-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1088-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-97-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2396-79-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-50-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-91-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-0-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-18-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2396-33-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2660-26-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4036-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2724-106-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4046-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2788-36-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4042-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4040-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-99-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4047-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2824-42-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2824-788-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4044-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1086-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-66-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-103-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4041-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4043-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2944-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3040-48-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/3040-888-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4037-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download