cobaltstrike | 08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
Size

6.0MB
MD5

123c449f3dcd38da1e87d3ba1b598cef
SHA1

33828eec4a6f20ce4707d7d8be5eb70b696c64c8
SHA256

08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402
SHA512

f40cd27f895239a922112aabaf027bd832ff285fb4adbc40a0489536e750aacccb345ab579941f197530ec8c8f1a5d3bb09791e55d80391e4ffd8efe35e894c3
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU2:eOl56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001746a-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a6-24.dat	cobalt_reflective_dll
behavioral1/files/0x0018000000018676-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-98.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001707c-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018696-66.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001757f-41.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174c3-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2424-0-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000017403-11.dat	xmrig
behavioral1/files/0x000800000001746a-12.dat	xmrig
behavioral1/memory/1724-19-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1964-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x00070000000174a6-24.dat	xmrig
behavioral1/memory/2424-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2116-20-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0018000000018676-43.dat	xmrig
behavioral1/files/0x000500000001926c-54.dat	xmrig
behavioral1/memory/2860-60-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-67.dat	xmrig
behavioral1/files/0x0005000000019479-149.dat	xmrig
behavioral1/files/0x000500000001945b-136.dat	xmrig
behavioral1/files/0x000500000001950e-177.dat	xmrig
behavioral1/files/0x00050000000194d7-176.dat	xmrig
behavioral1/files/0x000500000001946a-166.dat	xmrig
behavioral1/files/0x000500000001947d-151.dat	xmrig
behavioral1/files/0x0005000000019465-146.dat	xmrig
behavioral1/files/0x00050000000194df-169.dat	xmrig
behavioral1/files/0x0005000000019485-157.dat	xmrig
behavioral1/files/0x0005000000019446-126.dat	xmrig
behavioral1/files/0x00050000000193c1-119.dat	xmrig
behavioral1/files/0x00050000000193a4-110.dat	xmrig
behavioral1/files/0x0005000000019377-108.dat	xmrig
behavioral1/files/0x0005000000019319-106.dat	xmrig
behavioral1/files/0x000500000001929a-104.dat	xmrig
behavioral1/files/0x0005000000019387-100.dat	xmrig
behavioral1/files/0x0005000000019365-98.dat	xmrig
behavioral1/files/0x000900000001707c-96.dat	xmrig
behavioral1/files/0x0005000000019450-132.dat	xmrig
behavioral1/files/0x0005000000019433-124.dat	xmrig
behavioral1/files/0x00050000000193b3-113.dat	xmrig
behavioral1/memory/3028-69-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2828-68-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-72.dat	xmrig
behavioral1/files/0x0007000000018696-66.dat	xmrig
behavioral1/memory/2424-63-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2744-62-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2424-61-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2852-46-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x000700000001757f-41.dat	xmrig
behavioral1/memory/2720-38-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2336-30-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00070000000174c3-34.dat	xmrig
behavioral1/memory/2424-2371-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2656-2379-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2852-2625-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2828-3057-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/3028-3070-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2424-3173-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1724-3999-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2116-4001-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/1964-4000-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2720-4005-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2852-4004-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2860-4003-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2744-4002-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2656-4006-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2828-4009-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/3028-4008-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2336-4007-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1724	FDWWZSd.exe
2116	oHqgTpY.exe
1964	JJXvUeC.exe
2336	cqafZjA.exe
2720	KhLqkzx.exe
2852	zfMYDbj.exe
2860	ovMlqpO.exe
2744	HLIDaQK.exe
2828	IYqCFEf.exe
3028	nTpFDgF.exe
2656	dqdgiAH.exe
2212	EubnQZi.exe
840	qhlcVuZ.exe
2964	hQPblpj.exe
2172	artJGso.exe
2672	YmKEKiC.exe
1816	VwnPkgD.exe
2888	jzYuBtv.exe
308	vZeGzOi.exe
1168	AoapOpY.exe
2924	QPrlDzL.exe
1984	spBbcPv.exe
1092	BbalRJS.exe
2096	QMvUSWc.exe
2072	rOaIvZs.exe
1948	PiZxCsc.exe
1988	JHWnkjD.exe
3008	zSUWxSG.exe
1208	PrRUryr.exe
2164	lFLHAFp.exe
2064	ChoGLcW.exe
1692	efzhBIE.exe
1172	LtxRQDN.exe
1108	aPvkcYN.exe
1056	nqlUaQo.exe
768	ihYhSAT.exe
284	zKsuzFu.exe
1396	MPpSYEs.exe
1632	BZEnEqo.exe
1792	ffzouxn.exe
1788	ZCUbTii.exe
956	AZFiJmD.exe
1212	ldIEHnt.exe
920	jcqQfLP.exe
2428	uDdzwBF.exe
1844	HtYCNOX.exe
1628	SfQWImx.exe
2480	SuyGbZT.exe
2324	hxvtqGI.exe
2588	QXjllaN.exe
628	UTacJYr.exe
672	ZvviriN.exe
1432	zxsUNup.exe
2200	zDVDFSk.exe
2060	QxrTZHT.exe
1604	rXHIwBs.exe
1164	zIxEcfn.exe
1712	GKAXZEv.exe
1456	ooZqbNb.exe
2752	GdvPXHJ.exe
2808	mYfQwxP.exe
2348	UcWdgSU.exe
2844	DewZmXt.exe
2124	ZNfbfnM.exe

Loads dropped DLL 64 IoCs

pid	Process
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2424-0-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000017403-11.dat	upx
behavioral1/files/0x000800000001746a-12.dat	upx
behavioral1/memory/1724-19-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1964-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00070000000174a6-24.dat	upx
behavioral1/memory/2116-20-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0018000000018676-43.dat	upx
behavioral1/files/0x000500000001926c-54.dat	upx
behavioral1/memory/2860-60-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0005000000019275-67.dat	upx
behavioral1/files/0x0005000000019479-149.dat	upx
behavioral1/files/0x000500000001945b-136.dat	upx
behavioral1/files/0x000500000001950e-177.dat	upx
behavioral1/files/0x00050000000194d7-176.dat	upx
behavioral1/files/0x000500000001946a-166.dat	upx
behavioral1/files/0x000500000001947d-151.dat	upx
behavioral1/files/0x0005000000019465-146.dat	upx
behavioral1/files/0x00050000000194df-169.dat	upx
behavioral1/files/0x0005000000019485-157.dat	upx
behavioral1/files/0x0005000000019446-126.dat	upx
behavioral1/files/0x00050000000193c1-119.dat	upx
behavioral1/files/0x00050000000193a4-110.dat	upx
behavioral1/files/0x0005000000019377-108.dat	upx
behavioral1/files/0x0005000000019319-106.dat	upx
behavioral1/files/0x000500000001929a-104.dat	upx
behavioral1/files/0x0005000000019387-100.dat	upx
behavioral1/files/0x0005000000019365-98.dat	upx
behavioral1/files/0x000900000001707c-96.dat	upx
behavioral1/files/0x0005000000019450-132.dat	upx
behavioral1/files/0x0005000000019433-124.dat	upx
behavioral1/files/0x00050000000193b3-113.dat	upx
behavioral1/memory/3028-69-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2828-68-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0005000000019278-72.dat	upx
behavioral1/files/0x0007000000018696-66.dat	upx
behavioral1/memory/2424-63-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2744-62-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2852-46-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x000700000001757f-41.dat	upx
behavioral1/memory/2720-38-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2336-30-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00070000000174c3-34.dat	upx
behavioral1/memory/2656-2379-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2852-2625-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2828-3057-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/3028-3070-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1724-3999-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2116-4001-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/1964-4000-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2720-4005-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2852-4004-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2860-4003-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2744-4002-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2656-4006-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2828-4009-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/3028-4008-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2336-4007-0x000000013F430000-0x000000013F784000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BjTJIFy.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\wOVYfUc.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\rbFljer.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ehvwLIr.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\gtsvQiv.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\FKXVQoR.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\EAQgMXq.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\WSPQAhr.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\qXEtHqy.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\CmZCNHP.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\rAdZojL.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\gqKTubp.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\nWfdEok.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\hqyqfaI.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\hcCmklk.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\wPuPmOA.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ffzouxn.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\zDVDFSk.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\mSwHQrq.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\QRNtbac.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\VZynWVy.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\qGFOwOa.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ZCUbTii.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\VRxfulP.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\SpsxuGP.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ubruCYq.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\eWMiiVL.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\VwnPkgD.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\Pauhusn.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\jAFYkgS.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\NmdojJf.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\LGErshC.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\KFUeHcx.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\lpsVYmF.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\PXFyIFy.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\KhLqkzx.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\mmAJQhi.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\xMYwQZt.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\SuflRTa.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\FDWWZSd.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\GIgHfem.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\eKqCXkK.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\IXSXawj.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ORsHCQJ.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\KoNuhFH.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\MHEuOSJ.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\lMFEgmz.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\imcYuKF.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\WIYuTtm.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\seWvCyQ.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\HnmllIK.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\qLBQQgg.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\YOXJJrM.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ZcsvWBZ.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\HJHAeww.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\JkgOYiy.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\GuYfBFr.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\DTDfpfn.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\ZasTsuf.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\YVSlYCU.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\aqIrunb.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\WxYMbbX.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\zugyIcE.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
File created	C:\Windows\System\VPJVpOC.exe	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 1724	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	31
PID 2424 wrote to memory of 1724	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	31
PID 2424 wrote to memory of 1724	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	31
PID 2424 wrote to memory of 2116	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	32
PID 2424 wrote to memory of 2116	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	32
PID 2424 wrote to memory of 2116	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	32
PID 2424 wrote to memory of 1964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	33
PID 2424 wrote to memory of 1964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	33
PID 2424 wrote to memory of 1964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	33
PID 2424 wrote to memory of 2336	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	34
PID 2424 wrote to memory of 2336	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	34
PID 2424 wrote to memory of 2336	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	34
PID 2424 wrote to memory of 2720	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	35
PID 2424 wrote to memory of 2720	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	35
PID 2424 wrote to memory of 2720	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	35
PID 2424 wrote to memory of 2852	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	36
PID 2424 wrote to memory of 2852	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	36
PID 2424 wrote to memory of 2852	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	36
PID 2424 wrote to memory of 2860	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	37
PID 2424 wrote to memory of 2860	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	37
PID 2424 wrote to memory of 2860	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	37
PID 2424 wrote to memory of 2828	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	38
PID 2424 wrote to memory of 2828	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	38
PID 2424 wrote to memory of 2828	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	38
PID 2424 wrote to memory of 2744	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	39
PID 2424 wrote to memory of 2744	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	39
PID 2424 wrote to memory of 2744	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	39
PID 2424 wrote to memory of 3028	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	40
PID 2424 wrote to memory of 3028	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	40
PID 2424 wrote to memory of 3028	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	40
PID 2424 wrote to memory of 2656	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	41
PID 2424 wrote to memory of 2656	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	41
PID 2424 wrote to memory of 2656	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	41
PID 2424 wrote to memory of 2172	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	42
PID 2424 wrote to memory of 2172	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	42
PID 2424 wrote to memory of 2172	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	42
PID 2424 wrote to memory of 2212	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	43
PID 2424 wrote to memory of 2212	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	43
PID 2424 wrote to memory of 2212	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	43
PID 2424 wrote to memory of 2672	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	44
PID 2424 wrote to memory of 2672	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	44
PID 2424 wrote to memory of 2672	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	44
PID 2424 wrote to memory of 840	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	45
PID 2424 wrote to memory of 840	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	45
PID 2424 wrote to memory of 840	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	45
PID 2424 wrote to memory of 1816	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	46
PID 2424 wrote to memory of 1816	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	46
PID 2424 wrote to memory of 1816	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	46
PID 2424 wrote to memory of 2964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	47
PID 2424 wrote to memory of 2964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	47
PID 2424 wrote to memory of 2964	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	47
PID 2424 wrote to memory of 2888	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	48
PID 2424 wrote to memory of 2888	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	48
PID 2424 wrote to memory of 2888	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	48
PID 2424 wrote to memory of 308	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	49
PID 2424 wrote to memory of 308	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	49
PID 2424 wrote to memory of 308	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	49
PID 2424 wrote to memory of 1168	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	50
PID 2424 wrote to memory of 1168	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	50
PID 2424 wrote to memory of 1168	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	50
PID 2424 wrote to memory of 2924	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	51
PID 2424 wrote to memory of 2924	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	51
PID 2424 wrote to memory of 2924	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	51
PID 2424 wrote to memory of 1092	2424	JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_08854b5ba5a62de97f0cecc8dba97f673c2eb05db2b34e9141948109d6415402.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\System\FDWWZSd.exe
  C:\Windows\System\FDWWZSd.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\oHqgTpY.exe
  C:\Windows\System\oHqgTpY.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\JJXvUeC.exe
  C:\Windows\System\JJXvUeC.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\cqafZjA.exe
  C:\Windows\System\cqafZjA.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\KhLqkzx.exe
  C:\Windows\System\KhLqkzx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\zfMYDbj.exe
  C:\Windows\System\zfMYDbj.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ovMlqpO.exe
  C:\Windows\System\ovMlqpO.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\IYqCFEf.exe
  C:\Windows\System\IYqCFEf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\HLIDaQK.exe
  C:\Windows\System\HLIDaQK.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nTpFDgF.exe
  C:\Windows\System\nTpFDgF.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\dqdgiAH.exe
  C:\Windows\System\dqdgiAH.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\artJGso.exe
  C:\Windows\System\artJGso.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\EubnQZi.exe
  C:\Windows\System\EubnQZi.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\YmKEKiC.exe
  C:\Windows\System\YmKEKiC.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\qhlcVuZ.exe
  C:\Windows\System\qhlcVuZ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\VwnPkgD.exe
  C:\Windows\System\VwnPkgD.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\hQPblpj.exe
  C:\Windows\System\hQPblpj.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\jzYuBtv.exe
  C:\Windows\System\jzYuBtv.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\vZeGzOi.exe
  C:\Windows\System\vZeGzOi.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\AoapOpY.exe
  C:\Windows\System\AoapOpY.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\QPrlDzL.exe
  C:\Windows\System\QPrlDzL.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\BbalRJS.exe
  C:\Windows\System\BbalRJS.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\spBbcPv.exe
  C:\Windows\System\spBbcPv.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JHWnkjD.exe
  C:\Windows\System\JHWnkjD.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\QMvUSWc.exe
  C:\Windows\System\QMvUSWc.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zSUWxSG.exe
  C:\Windows\System\zSUWxSG.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\rOaIvZs.exe
  C:\Windows\System\rOaIvZs.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\lFLHAFp.exe
  C:\Windows\System\lFLHAFp.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PiZxCsc.exe
  C:\Windows\System\PiZxCsc.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ChoGLcW.exe
  C:\Windows\System\ChoGLcW.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PrRUryr.exe
  C:\Windows\System\PrRUryr.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\efzhBIE.exe
  C:\Windows\System\efzhBIE.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\LtxRQDN.exe
  C:\Windows\System\LtxRQDN.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\aPvkcYN.exe
  C:\Windows\System\aPvkcYN.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\nqlUaQo.exe
  C:\Windows\System\nqlUaQo.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ihYhSAT.exe
  C:\Windows\System\ihYhSAT.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\zKsuzFu.exe
  C:\Windows\System\zKsuzFu.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\MPpSYEs.exe
  C:\Windows\System\MPpSYEs.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\BZEnEqo.exe
  C:\Windows\System\BZEnEqo.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ffzouxn.exe
  C:\Windows\System\ffzouxn.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\ZCUbTii.exe
  C:\Windows\System\ZCUbTii.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\jcqQfLP.exe
  C:\Windows\System\jcqQfLP.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\AZFiJmD.exe
  C:\Windows\System\AZFiJmD.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\uDdzwBF.exe
  C:\Windows\System\uDdzwBF.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ldIEHnt.exe
  C:\Windows\System\ldIEHnt.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\HtYCNOX.exe
  C:\Windows\System\HtYCNOX.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\SfQWImx.exe
  C:\Windows\System\SfQWImx.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\SuyGbZT.exe
  C:\Windows\System\SuyGbZT.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\hxvtqGI.exe
  C:\Windows\System\hxvtqGI.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UTacJYr.exe
  C:\Windows\System\UTacJYr.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\QXjllaN.exe
  C:\Windows\System\QXjllaN.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ZvviriN.exe
  C:\Windows\System\ZvviriN.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\zxsUNup.exe
  C:\Windows\System\zxsUNup.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\zDVDFSk.exe
  C:\Windows\System\zDVDFSk.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\QxrTZHT.exe
  C:\Windows\System\QxrTZHT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\GKAXZEv.exe
  C:\Windows\System\GKAXZEv.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\rXHIwBs.exe
  C:\Windows\System\rXHIwBs.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\ooZqbNb.exe
  C:\Windows\System\ooZqbNb.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\zIxEcfn.exe
  C:\Windows\System\zIxEcfn.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\GdvPXHJ.exe
  C:\Windows\System\GdvPXHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\mYfQwxP.exe
  C:\Windows\System\mYfQwxP.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\DewZmXt.exe
  C:\Windows\System\DewZmXt.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\UcWdgSU.exe
  C:\Windows\System\UcWdgSU.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZNfbfnM.exe
  C:\Windows\System\ZNfbfnM.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\OGpipxt.exe
  C:\Windows\System\OGpipxt.exe
  2⤵
  PID:2996
- C:\Windows\System\ObTnFQr.exe
  C:\Windows\System\ObTnFQr.exe
  2⤵
  PID:2936
- C:\Windows\System\TIfUgMv.exe
  C:\Windows\System\TIfUgMv.exe
  2⤵
  PID:2900
- C:\Windows\System\twDepke.exe
  C:\Windows\System\twDepke.exe
  2⤵
  PID:2008
- C:\Windows\System\WTHAhLB.exe
  C:\Windows\System\WTHAhLB.exe
  2⤵
  PID:912
- C:\Windows\System\wnDbACd.exe
  C:\Windows\System\wnDbACd.exe
  2⤵
  PID:576
- C:\Windows\System\eeDbjnY.exe
  C:\Windows\System\eeDbjnY.exe
  2⤵
  PID:2940
- C:\Windows\System\VRxfulP.exe
  C:\Windows\System\VRxfulP.exe
  2⤵
  PID:2384
- C:\Windows\System\YSJcjWT.exe
  C:\Windows\System\YSJcjWT.exe
  2⤵
  PID:1520
- C:\Windows\System\evnncDQ.exe
  C:\Windows\System\evnncDQ.exe
  2⤵
  PID:2332
- C:\Windows\System\Memzsgw.exe
  C:\Windows\System\Memzsgw.exe
  2⤵
  PID:1636
- C:\Windows\System\yOAewaD.exe
  C:\Windows\System\yOAewaD.exe
  2⤵
  PID:1060
- C:\Windows\System\RkjtuFS.exe
  C:\Windows\System\RkjtuFS.exe
  2⤵
  PID:1936
- C:\Windows\System\oEfnjbA.exe
  C:\Windows\System\oEfnjbA.exe
  2⤵
  PID:1000
- C:\Windows\System\viUluFu.exe
  C:\Windows\System\viUluFu.exe
  2⤵
  PID:316
- C:\Windows\System\yRoPgIt.exe
  C:\Windows\System\yRoPgIt.exe
  2⤵
  PID:3052
- C:\Windows\System\DIOzkOy.exe
  C:\Windows\System\DIOzkOy.exe
  2⤵
  PID:1016
- C:\Windows\System\ouFGRif.exe
  C:\Windows\System\ouFGRif.exe
  2⤵
  PID:2280
- C:\Windows\System\TLEyjZH.exe
  C:\Windows\System\TLEyjZH.exe
  2⤵
  PID:2596
- C:\Windows\System\tFvtQls.exe
  C:\Windows\System\tFvtQls.exe
  2⤵
  PID:944
- C:\Windows\System\uVmfdIA.exe
  C:\Windows\System\uVmfdIA.exe
  2⤵
  PID:2140
- C:\Windows\System\ukiBRlX.exe
  C:\Windows\System\ukiBRlX.exe
  2⤵
  PID:2460
- C:\Windows\System\FOqbuAq.exe
  C:\Windows\System\FOqbuAq.exe
  2⤵
  PID:2788
- C:\Windows\System\qqhtuCp.exe
  C:\Windows\System\qqhtuCp.exe
  2⤵
  PID:1096
- C:\Windows\System\UFOesPG.exe
  C:\Windows\System\UFOesPG.exe
  2⤵
  PID:1576
- C:\Windows\System\utTOhIV.exe
  C:\Windows\System\utTOhIV.exe
  2⤵
  PID:2368
- C:\Windows\System\rIIIcAl.exe
  C:\Windows\System\rIIIcAl.exe
  2⤵
  PID:2740
- C:\Windows\System\kpcMepF.exe
  C:\Windows\System\kpcMepF.exe
  2⤵
  PID:1732
- C:\Windows\System\XdVouCt.exe
  C:\Windows\System\XdVouCt.exe
  2⤵
  PID:2616
- C:\Windows\System\kVXihkF.exe
  C:\Windows\System\kVXihkF.exe
  2⤵
  PID:2636
- C:\Windows\System\JwyJwTA.exe
  C:\Windows\System\JwyJwTA.exe
  2⤵
  PID:1752
- C:\Windows\System\dLQIqxk.exe
  C:\Windows\System\dLQIqxk.exe
  2⤵
  PID:2960
- C:\Windows\System\sYUfRrH.exe
  C:\Windows\System\sYUfRrH.exe
  2⤵
  PID:2976
- C:\Windows\System\ssJmIdC.exe
  C:\Windows\System\ssJmIdC.exe
  2⤵
  PID:1928
- C:\Windows\System\WSPQAhr.exe
  C:\Windows\System\WSPQAhr.exe
  2⤵
  PID:596
- C:\Windows\System\cvSybVb.exe
  C:\Windows\System\cvSybVb.exe
  2⤵
  PID:2652
- C:\Windows\System\HLnibFP.exe
  C:\Windows\System\HLnibFP.exe
  2⤵
  PID:560
- C:\Windows\System\EjFEGkL.exe
  C:\Windows\System\EjFEGkL.exe
  2⤵
  PID:2708
- C:\Windows\System\quRuoHe.exe
  C:\Windows\System\quRuoHe.exe
  2⤵
  PID:344
- C:\Windows\System\tWsMQEe.exe
  C:\Windows\System\tWsMQEe.exe
  2⤵
  PID:1872
- C:\Windows\System\tKbcTgX.exe
  C:\Windows\System\tKbcTgX.exe
  2⤵
  PID:1400
- C:\Windows\System\BDwMMJX.exe
  C:\Windows\System\BDwMMJX.exe
  2⤵
  PID:1728
- C:\Windows\System\PvmOjBl.exe
  C:\Windows\System\PvmOjBl.exe
  2⤵
  PID:2360
- C:\Windows\System\VYfERKv.exe
  C:\Windows\System\VYfERKv.exe
  2⤵
  PID:2712
- C:\Windows\System\bHKqDhP.exe
  C:\Windows\System\bHKqDhP.exe
  2⤵
  PID:400
- C:\Windows\System\pRfpZuw.exe
  C:\Windows\System\pRfpZuw.exe
  2⤵
  PID:880
- C:\Windows\System\PnPlSLk.exe
  C:\Windows\System\PnPlSLk.exe
  2⤵
  PID:2244
- C:\Windows\System\ZhXfDZK.exe
  C:\Windows\System\ZhXfDZK.exe
  2⤵
  PID:1704
- C:\Windows\System\ThnXHPd.exe
  C:\Windows\System\ThnXHPd.exe
  2⤵
  PID:2760
- C:\Windows\System\mSwHQrq.exe
  C:\Windows\System\mSwHQrq.exe
  2⤵
  PID:1492
- C:\Windows\System\yirZPSY.exe
  C:\Windows\System\yirZPSY.exe
  2⤵
  PID:1072
- C:\Windows\System\iEgJiWy.exe
  C:\Windows\System\iEgJiWy.exe
  2⤵
  PID:3084
- C:\Windows\System\JGTHjPH.exe
  C:\Windows\System\JGTHjPH.exe
  2⤵
  PID:3104
- C:\Windows\System\cbeNCPr.exe
  C:\Windows\System\cbeNCPr.exe
  2⤵
  PID:3120
- C:\Windows\System\XMXTOCd.exe
  C:\Windows\System\XMXTOCd.exe
  2⤵
  PID:3144
- C:\Windows\System\UmkYdlc.exe
  C:\Windows\System\UmkYdlc.exe
  2⤵
  PID:3160
- C:\Windows\System\MJIuhke.exe
  C:\Windows\System\MJIuhke.exe
  2⤵
  PID:3180
- C:\Windows\System\eZzwTKW.exe
  C:\Windows\System\eZzwTKW.exe
  2⤵
  PID:3196
- C:\Windows\System\OlDlyGs.exe
  C:\Windows\System\OlDlyGs.exe
  2⤵
  PID:3216
- C:\Windows\System\rLPuYlU.exe
  C:\Windows\System\rLPuYlU.exe
  2⤵
  PID:3240
- C:\Windows\System\nEEaLCX.exe
  C:\Windows\System\nEEaLCX.exe
  2⤵
  PID:3260
- C:\Windows\System\HodOimb.exe
  C:\Windows\System\HodOimb.exe
  2⤵
  PID:3280
- C:\Windows\System\mxGJWID.exe
  C:\Windows\System\mxGJWID.exe
  2⤵
  PID:3300
- C:\Windows\System\XhroJMU.exe
  C:\Windows\System\XhroJMU.exe
  2⤵
  PID:3324
- C:\Windows\System\ruQPHBr.exe
  C:\Windows\System\ruQPHBr.exe
  2⤵
  PID:3344
- C:\Windows\System\dODFADC.exe
  C:\Windows\System\dODFADC.exe
  2⤵
  PID:3364
- C:\Windows\System\IAOcwqR.exe
  C:\Windows\System\IAOcwqR.exe
  2⤵
  PID:3384
- C:\Windows\System\qKxhXuS.exe
  C:\Windows\System\qKxhXuS.exe
  2⤵
  PID:3400
- C:\Windows\System\NmaRibq.exe
  C:\Windows\System\NmaRibq.exe
  2⤵
  PID:3424
- C:\Windows\System\FHvwDbl.exe
  C:\Windows\System\FHvwDbl.exe
  2⤵
  PID:3440
- C:\Windows\System\NxneHjB.exe
  C:\Windows\System\NxneHjB.exe
  2⤵
  PID:3464
- C:\Windows\System\dRPzqOY.exe
  C:\Windows\System\dRPzqOY.exe
  2⤵
  PID:3484
- C:\Windows\System\aUGprKb.exe
  C:\Windows\System\aUGprKb.exe
  2⤵
  PID:3500
- C:\Windows\System\PlJktpM.exe
  C:\Windows\System\PlJktpM.exe
  2⤵
  PID:3520
- C:\Windows\System\ObLPDDy.exe
  C:\Windows\System\ObLPDDy.exe
  2⤵
  PID:3540
- C:\Windows\System\flggjRp.exe
  C:\Windows\System\flggjRp.exe
  2⤵
  PID:3556
- C:\Windows\System\LTfWYhe.exe
  C:\Windows\System\LTfWYhe.exe
  2⤵
  PID:3572
- C:\Windows\System\gqcLLjd.exe
  C:\Windows\System\gqcLLjd.exe
  2⤵
  PID:3592
- C:\Windows\System\QulzNfj.exe
  C:\Windows\System\QulzNfj.exe
  2⤵
  PID:3620
- C:\Windows\System\szaxRot.exe
  C:\Windows\System\szaxRot.exe
  2⤵
  PID:3640
- C:\Windows\System\NsDEeYx.exe
  C:\Windows\System\NsDEeYx.exe
  2⤵
  PID:3660
- C:\Windows\System\UalBVTx.exe
  C:\Windows\System\UalBVTx.exe
  2⤵
  PID:3680
- C:\Windows\System\JniVnPh.exe
  C:\Windows\System\JniVnPh.exe
  2⤵
  PID:3700
- C:\Windows\System\FJceMKW.exe
  C:\Windows\System\FJceMKW.exe
  2⤵
  PID:3724
- C:\Windows\System\vgjEnMb.exe
  C:\Windows\System\vgjEnMb.exe
  2⤵
  PID:3744
- C:\Windows\System\wlAZnkk.exe
  C:\Windows\System\wlAZnkk.exe
  2⤵
  PID:3760
- C:\Windows\System\ZrQnWqc.exe
  C:\Windows\System\ZrQnWqc.exe
  2⤵
  PID:3776
- C:\Windows\System\VqmSNFI.exe
  C:\Windows\System\VqmSNFI.exe
  2⤵
  PID:3796
- C:\Windows\System\HFqdMVH.exe
  C:\Windows\System\HFqdMVH.exe
  2⤵
  PID:3812
- C:\Windows\System\gthEhNg.exe
  C:\Windows\System\gthEhNg.exe
  2⤵
  PID:3828
- C:\Windows\System\tMFGpOq.exe
  C:\Windows\System\tMFGpOq.exe
  2⤵
  PID:3848
- C:\Windows\System\bKPHWbg.exe
  C:\Windows\System\bKPHWbg.exe
  2⤵
  PID:3864
- C:\Windows\System\lFYKqIw.exe
  C:\Windows\System\lFYKqIw.exe
  2⤵
  PID:3880
- C:\Windows\System\pBjjRij.exe
  C:\Windows\System\pBjjRij.exe
  2⤵
  PID:3924
- C:\Windows\System\TVLTWmZ.exe
  C:\Windows\System\TVLTWmZ.exe
  2⤵
  PID:3940
- C:\Windows\System\euEGAiV.exe
  C:\Windows\System\euEGAiV.exe
  2⤵
  PID:3964
- C:\Windows\System\uXkuYkL.exe
  C:\Windows\System\uXkuYkL.exe
  2⤵
  PID:3984
- C:\Windows\System\VkDggtw.exe
  C:\Windows\System\VkDggtw.exe
  2⤵
  PID:4000
- C:\Windows\System\EXMkClw.exe
  C:\Windows\System\EXMkClw.exe
  2⤵
  PID:4020
- C:\Windows\System\VUBLCkt.exe
  C:\Windows\System\VUBLCkt.exe
  2⤵
  PID:4040
- C:\Windows\System\EdmMIYN.exe
  C:\Windows\System\EdmMIYN.exe
  2⤵
  PID:4056
- C:\Windows\System\xuqSSqy.exe
  C:\Windows\System\xuqSSqy.exe
  2⤵
  PID:4072
- C:\Windows\System\qXEtHqy.exe
  C:\Windows\System\qXEtHqy.exe
  2⤵
  PID:2884
- C:\Windows\System\NmzDCva.exe
  C:\Windows\System\NmzDCva.exe
  2⤵
  PID:1196
- C:\Windows\System\AXLOWrH.exe
  C:\Windows\System\AXLOWrH.exe
  2⤵
  PID:1564
- C:\Windows\System\FkdypXg.exe
  C:\Windows\System\FkdypXg.exe
  2⤵
  PID:1860
- C:\Windows\System\PXaweNo.exe
  C:\Windows\System\PXaweNo.exe
  2⤵
  PID:2160
- C:\Windows\System\xcxhTss.exe
  C:\Windows\System\xcxhTss.exe
  2⤵
  PID:2532
- C:\Windows\System\afWGLXK.exe
  C:\Windows\System\afWGLXK.exe
  2⤵
  PID:1836
- C:\Windows\System\XlfiYJF.exe
  C:\Windows\System\XlfiYJF.exe
  2⤵
  PID:2704
- C:\Windows\System\nTwRShu.exe
  C:\Windows\System\nTwRShu.exe
  2⤵
  PID:1112
- C:\Windows\System\LGErshC.exe
  C:\Windows\System\LGErshC.exe
  2⤵
  PID:2312
- C:\Windows\System\FZcHlyd.exe
  C:\Windows\System\FZcHlyd.exe
  2⤵
  PID:2944
- C:\Windows\System\GDGcChX.exe
  C:\Windows\System\GDGcChX.exe
  2⤵
  PID:3156
- C:\Windows\System\hueLuWx.exe
  C:\Windows\System\hueLuWx.exe
  2⤵
  PID:3192
- C:\Windows\System\ihKlbJz.exe
  C:\Windows\System\ihKlbJz.exe
  2⤵
  PID:3128
- C:\Windows\System\BIUeBQx.exe
  C:\Windows\System\BIUeBQx.exe
  2⤵
  PID:3172
- C:\Windows\System\OcgnRSR.exe
  C:\Windows\System\OcgnRSR.exe
  2⤵
  PID:3204
- C:\Windows\System\NmLPaXS.exe
  C:\Windows\System\NmLPaXS.exe
  2⤵
  PID:3256
- C:\Windows\System\ovPvhmy.exe
  C:\Windows\System\ovPvhmy.exe
  2⤵
  PID:3248
- C:\Windows\System\BjTJIFy.exe
  C:\Windows\System\BjTJIFy.exe
  2⤵
  PID:3356
- C:\Windows\System\HEJbsvP.exe
  C:\Windows\System\HEJbsvP.exe
  2⤵
  PID:3432
- C:\Windows\System\cEIcfgv.exe
  C:\Windows\System\cEIcfgv.exe
  2⤵
  PID:3336
- C:\Windows\System\kdQgraH.exe
  C:\Windows\System\kdQgraH.exe
  2⤵
  PID:3412
- C:\Windows\System\KlpbhhE.exe
  C:\Windows\System\KlpbhhE.exe
  2⤵
  PID:3452
- C:\Windows\System\PBoDdal.exe
  C:\Windows\System\PBoDdal.exe
  2⤵
  PID:3516
- C:\Windows\System\kKphRwN.exe
  C:\Windows\System\kKphRwN.exe
  2⤵
  PID:3584
- C:\Windows\System\PCGnzxy.exe
  C:\Windows\System\PCGnzxy.exe
  2⤵
  PID:3668
- C:\Windows\System\sIshHkt.exe
  C:\Windows\System\sIshHkt.exe
  2⤵
  PID:3536
- C:\Windows\System\jyCSKJP.exe
  C:\Windows\System\jyCSKJP.exe
  2⤵
  PID:3608
- C:\Windows\System\LCJrVgI.exe
  C:\Windows\System\LCJrVgI.exe
  2⤵
  PID:3692
- C:\Windows\System\UnAdwKi.exe
  C:\Windows\System\UnAdwKi.exe
  2⤵
  PID:3716
- C:\Windows\System\xzMpfSE.exe
  C:\Windows\System\xzMpfSE.exe
  2⤵
  PID:3784
- C:\Windows\System\pCpckyx.exe
  C:\Windows\System\pCpckyx.exe
  2⤵
  PID:3740
- C:\Windows\System\LkIOsRl.exe
  C:\Windows\System\LkIOsRl.exe
  2⤵
  PID:3888
- C:\Windows\System\apIpCWn.exe
  C:\Windows\System\apIpCWn.exe
  2⤵
  PID:3892
- C:\Windows\System\rSBgcca.exe
  C:\Windows\System\rSBgcca.exe
  2⤵
  PID:3804
- C:\Windows\System\qtqoyna.exe
  C:\Windows\System\qtqoyna.exe
  2⤵
  PID:3916
- C:\Windows\System\CqvnRCS.exe
  C:\Windows\System\CqvnRCS.exe
  2⤵
  PID:3960
- C:\Windows\System\pPqitey.exe
  C:\Windows\System\pPqitey.exe
  2⤵
  PID:3936
- C:\Windows\System\cwVtzRQ.exe
  C:\Windows\System\cwVtzRQ.exe
  2⤵
  PID:4068
- C:\Windows\System\scLYogp.exe
  C:\Windows\System\scLYogp.exe
  2⤵
  PID:3972
- C:\Windows\System\lSqpXWy.exe
  C:\Windows\System\lSqpXWy.exe
  2⤵
  PID:1188
- C:\Windows\System\hbuyJUV.exe
  C:\Windows\System\hbuyJUV.exe
  2⤵
  PID:1496
- C:\Windows\System\XUMuajq.exe
  C:\Windows\System\XUMuajq.exe
  2⤵
  PID:1720
- C:\Windows\System\dbomifE.exe
  C:\Windows\System\dbomifE.exe
  2⤵
  PID:1556
- C:\Windows\System\JcyWPQM.exe
  C:\Windows\System\JcyWPQM.exe
  2⤵
  PID:1544
- C:\Windows\System\Vyjcuqg.exe
  C:\Windows\System\Vyjcuqg.exe
  2⤵
  PID:2476
- C:\Windows\System\uVVYVpO.exe
  C:\Windows\System\uVVYVpO.exe
  2⤵
  PID:2952
- C:\Windows\System\KxnycQD.exe
  C:\Windows\System\KxnycQD.exe
  2⤵
  PID:3112
- C:\Windows\System\uHAIwed.exe
  C:\Windows\System\uHAIwed.exe
  2⤵
  PID:3096
- C:\Windows\System\yQrpTPx.exe
  C:\Windows\System\yQrpTPx.exe
  2⤵
  PID:3168
- C:\Windows\System\jFDUOtH.exe
  C:\Windows\System\jFDUOtH.exe
  2⤵
  PID:3212
- C:\Windows\System\EzvFWOd.exe
  C:\Windows\System\EzvFWOd.exe
  2⤵
  PID:3308
- C:\Windows\System\ChafPMN.exe
  C:\Windows\System\ChafPMN.exe
  2⤵
  PID:3352
- C:\Windows\System\WGKCcGR.exe
  C:\Windows\System\WGKCcGR.exe
  2⤵
  PID:3408
- C:\Windows\System\ZbySidE.exe
  C:\Windows\System\ZbySidE.exe
  2⤵
  PID:3456
- C:\Windows\System\gFolLaM.exe
  C:\Windows\System\gFolLaM.exe
  2⤵
  PID:2372
- C:\Windows\System\hqyqfaI.exe
  C:\Windows\System\hqyqfaI.exe
  2⤵
  PID:3632
- C:\Windows\System\JOTLZXL.exe
  C:\Windows\System\JOTLZXL.exe
  2⤵
  PID:3568
- C:\Windows\System\TlNqVPi.exe
  C:\Windows\System\TlNqVPi.exe
  2⤵
  PID:3648
- C:\Windows\System\QxDXZlH.exe
  C:\Windows\System\QxDXZlH.exe
  2⤵
  PID:3756
- C:\Windows\System\EqECowR.exe
  C:\Windows\System\EqECowR.exe
  2⤵
  PID:1076
- C:\Windows\System\mmAJQhi.exe
  C:\Windows\System\mmAJQhi.exe
  2⤵
  PID:3860
- C:\Windows\System\sIwJGEH.exe
  C:\Windows\System\sIwJGEH.exe
  2⤵
  PID:3768
- C:\Windows\System\uxMuQpb.exe
  C:\Windows\System\uxMuQpb.exe
  2⤵
  PID:3896
- C:\Windows\System\LDjdnGm.exe
  C:\Windows\System\LDjdnGm.exe
  2⤵
  PID:3996
- C:\Windows\System\gzKpFNb.exe
  C:\Windows\System\gzKpFNb.exe
  2⤵
  PID:4064
- C:\Windows\System\wWEJTre.exe
  C:\Windows\System\wWEJTre.exe
  2⤵
  PID:4052
- C:\Windows\System\nzOCKxO.exe
  C:\Windows\System\nzOCKxO.exe
  2⤵
  PID:2236
- C:\Windows\System\SBFEEXs.exe
  C:\Windows\System\SBFEEXs.exe
  2⤵
  PID:1656
- C:\Windows\System\EQRQkAp.exe
  C:\Windows\System\EQRQkAp.exe
  2⤵
  PID:1772
- C:\Windows\System\cZCoLcT.exe
  C:\Windows\System\cZCoLcT.exe
  2⤵
  PID:3076
- C:\Windows\System\pklTEQB.exe
  C:\Windows\System\pklTEQB.exe
  2⤵
  PID:3228
- C:\Windows\System\cGKWoZD.exe
  C:\Windows\System\cGKWoZD.exe
  2⤵
  PID:3272
- C:\Windows\System\SVrdZNP.exe
  C:\Windows\System\SVrdZNP.exe
  2⤵
  PID:3360
- C:\Windows\System\zEuPWrY.exe
  C:\Windows\System\zEuPWrY.exe
  2⤵
  PID:3380
- C:\Windows\System\wuSZsHQ.exe
  C:\Windows\System\wuSZsHQ.exe
  2⤵
  PID:3416
- C:\Windows\System\qAjHwqT.exe
  C:\Windows\System\qAjHwqT.exe
  2⤵
  PID:3528
- C:\Windows\System\GNtNKFW.exe
  C:\Windows\System\GNtNKFW.exe
  2⤵
  PID:3696
- C:\Windows\System\LAZyrMy.exe
  C:\Windows\System\LAZyrMy.exe
  2⤵
  PID:3736
- C:\Windows\System\Ugwrvre.exe
  C:\Windows\System\Ugwrvre.exe
  2⤵
  PID:3904
- C:\Windows\System\YEltbSn.exe
  C:\Windows\System\YEltbSn.exe
  2⤵
  PID:3948
- C:\Windows\System\KGKuCeh.exe
  C:\Windows\System\KGKuCeh.exe
  2⤵
  PID:4008
- C:\Windows\System\TBSJWUe.exe
  C:\Windows\System\TBSJWUe.exe
  2⤵
  PID:1664
- C:\Windows\System\ChCCcEc.exe
  C:\Windows\System\ChCCcEc.exe
  2⤵
  PID:4104
- C:\Windows\System\vUIXNOq.exe
  C:\Windows\System\vUIXNOq.exe
  2⤵
  PID:4124
- C:\Windows\System\hHiAkcg.exe
  C:\Windows\System\hHiAkcg.exe
  2⤵
  PID:4144
- C:\Windows\System\AcoOXhz.exe
  C:\Windows\System\AcoOXhz.exe
  2⤵
  PID:4164
- C:\Windows\System\fvgJOdC.exe
  C:\Windows\System\fvgJOdC.exe
  2⤵
  PID:4184
- C:\Windows\System\iSMKHBG.exe
  C:\Windows\System\iSMKHBG.exe
  2⤵
  PID:4204
- C:\Windows\System\NhNBUxc.exe
  C:\Windows\System\NhNBUxc.exe
  2⤵
  PID:4224
- C:\Windows\System\WbOntwu.exe
  C:\Windows\System\WbOntwu.exe
  2⤵
  PID:4244
- C:\Windows\System\nIINJPE.exe
  C:\Windows\System\nIINJPE.exe
  2⤵
  PID:4264
- C:\Windows\System\wCjMlaE.exe
  C:\Windows\System\wCjMlaE.exe
  2⤵
  PID:4284
- C:\Windows\System\hIpFzUx.exe
  C:\Windows\System\hIpFzUx.exe
  2⤵
  PID:4304
- C:\Windows\System\sRtwQRr.exe
  C:\Windows\System\sRtwQRr.exe
  2⤵
  PID:4324
- C:\Windows\System\GBsiDaM.exe
  C:\Windows\System\GBsiDaM.exe
  2⤵
  PID:4344
- C:\Windows\System\iiCuEkQ.exe
  C:\Windows\System\iiCuEkQ.exe
  2⤵
  PID:4364
- C:\Windows\System\CIEKfaG.exe
  C:\Windows\System\CIEKfaG.exe
  2⤵
  PID:4384
- C:\Windows\System\JvxTQQJ.exe
  C:\Windows\System\JvxTQQJ.exe
  2⤵
  PID:4404
- C:\Windows\System\kKhaUNw.exe
  C:\Windows\System\kKhaUNw.exe
  2⤵
  PID:4424
- C:\Windows\System\ErVpgJa.exe
  C:\Windows\System\ErVpgJa.exe
  2⤵
  PID:4444
- C:\Windows\System\asIMUku.exe
  C:\Windows\System\asIMUku.exe
  2⤵
  PID:4464
- C:\Windows\System\uqffZcT.exe
  C:\Windows\System\uqffZcT.exe
  2⤵
  PID:4484
- C:\Windows\System\ctvdwnN.exe
  C:\Windows\System\ctvdwnN.exe
  2⤵
  PID:4504
- C:\Windows\System\qJsUWyN.exe
  C:\Windows\System\qJsUWyN.exe
  2⤵
  PID:4524
- C:\Windows\System\PkJFuLr.exe
  C:\Windows\System\PkJFuLr.exe
  2⤵
  PID:4544
- C:\Windows\System\yrrwPYr.exe
  C:\Windows\System\yrrwPYr.exe
  2⤵
  PID:4564
- C:\Windows\System\YeVlWnc.exe
  C:\Windows\System\YeVlWnc.exe
  2⤵
  PID:4584
- C:\Windows\System\kTSasaF.exe
  C:\Windows\System\kTSasaF.exe
  2⤵
  PID:4604
- C:\Windows\System\WeSnOPZ.exe
  C:\Windows\System\WeSnOPZ.exe
  2⤵
  PID:4624
- C:\Windows\System\cIxOPhn.exe
  C:\Windows\System\cIxOPhn.exe
  2⤵
  PID:4644
- C:\Windows\System\sxvEyRi.exe
  C:\Windows\System\sxvEyRi.exe
  2⤵
  PID:4664
- C:\Windows\System\rLgtdHA.exe
  C:\Windows\System\rLgtdHA.exe
  2⤵
  PID:4684
- C:\Windows\System\RovuVNX.exe
  C:\Windows\System\RovuVNX.exe
  2⤵
  PID:4704
- C:\Windows\System\SclYbvL.exe
  C:\Windows\System\SclYbvL.exe
  2⤵
  PID:4724
- C:\Windows\System\qLLdCOT.exe
  C:\Windows\System\qLLdCOT.exe
  2⤵
  PID:4744
- C:\Windows\System\IIVfZep.exe
  C:\Windows\System\IIVfZep.exe
  2⤵
  PID:4764
- C:\Windows\System\thLysHq.exe
  C:\Windows\System\thLysHq.exe
  2⤵
  PID:4784
- C:\Windows\System\XDXobPR.exe
  C:\Windows\System\XDXobPR.exe
  2⤵
  PID:4804
- C:\Windows\System\mECUXPd.exe
  C:\Windows\System\mECUXPd.exe
  2⤵
  PID:4824
- C:\Windows\System\Pauhusn.exe
  C:\Windows\System\Pauhusn.exe
  2⤵
  PID:4844
- C:\Windows\System\XQhiXPK.exe
  C:\Windows\System\XQhiXPK.exe
  2⤵
  PID:4864
- C:\Windows\System\IIDeogQ.exe
  C:\Windows\System\IIDeogQ.exe
  2⤵
  PID:4884
- C:\Windows\System\tTndxRj.exe
  C:\Windows\System\tTndxRj.exe
  2⤵
  PID:4904
- C:\Windows\System\OeEXjQU.exe
  C:\Windows\System\OeEXjQU.exe
  2⤵
  PID:4924
- C:\Windows\System\wDJwETH.exe
  C:\Windows\System\wDJwETH.exe
  2⤵
  PID:4944
- C:\Windows\System\tCNtjXP.exe
  C:\Windows\System\tCNtjXP.exe
  2⤵
  PID:4964
- C:\Windows\System\fkbdsmb.exe
  C:\Windows\System\fkbdsmb.exe
  2⤵
  PID:4984
- C:\Windows\System\kbsdacN.exe
  C:\Windows\System\kbsdacN.exe
  2⤵
  PID:5004
- C:\Windows\System\prYtXnt.exe
  C:\Windows\System\prYtXnt.exe
  2⤵
  PID:5024
- C:\Windows\System\TWvcRVY.exe
  C:\Windows\System\TWvcRVY.exe
  2⤵
  PID:5044
- C:\Windows\System\wTxuzDh.exe
  C:\Windows\System\wTxuzDh.exe
  2⤵
  PID:5064
- C:\Windows\System\bIvoPax.exe
  C:\Windows\System\bIvoPax.exe
  2⤵
  PID:5084
- C:\Windows\System\TIejqtt.exe
  C:\Windows\System\TIejqtt.exe
  2⤵
  PID:5104
- C:\Windows\System\AQVOAZs.exe
  C:\Windows\System\AQVOAZs.exe
  2⤵
  PID:1348
- C:\Windows\System\PjXAjKk.exe
  C:\Windows\System\PjXAjKk.exe
  2⤵
  PID:3116
- C:\Windows\System\RtlXouo.exe
  C:\Windows\System\RtlXouo.exe
  2⤵
  PID:3276
- C:\Windows\System\YdCmdYt.exe
  C:\Windows\System\YdCmdYt.exe
  2⤵
  PID:3472
- C:\Windows\System\iPaXBVG.exe
  C:\Windows\System\iPaXBVG.exe
  2⤵
  PID:3492
- C:\Windows\System\RaKkLRf.exe
  C:\Windows\System\RaKkLRf.exe
  2⤵
  PID:3616
- C:\Windows\System\iggDSta.exe
  C:\Windows\System\iggDSta.exe
  2⤵
  PID:3824
- C:\Windows\System\jImubjY.exe
  C:\Windows\System\jImubjY.exe
  2⤵
  PID:3912
- C:\Windows\System\gmgWFHj.exe
  C:\Windows\System\gmgWFHj.exe
  2⤵
  PID:4088
- C:\Windows\System\GIgHfem.exe
  C:\Windows\System\GIgHfem.exe
  2⤵
  PID:4112
- C:\Windows\System\HSwaOWy.exe
  C:\Windows\System\HSwaOWy.exe
  2⤵
  PID:4136
- C:\Windows\System\XDzHKKp.exe
  C:\Windows\System\XDzHKKp.exe
  2⤵
  PID:4180
- C:\Windows\System\ZinZdFR.exe
  C:\Windows\System\ZinZdFR.exe
  2⤵
  PID:4200
- C:\Windows\System\nIWLchK.exe
  C:\Windows\System\nIWLchK.exe
  2⤵
  PID:4252
- C:\Windows\System\hKLMiXu.exe
  C:\Windows\System\hKLMiXu.exe
  2⤵
  PID:4280
- C:\Windows\System\KdBEfjV.exe
  C:\Windows\System\KdBEfjV.exe
  2⤵
  PID:4312
- C:\Windows\System\PInMuAi.exe
  C:\Windows\System\PInMuAi.exe
  2⤵
  PID:4336
- C:\Windows\System\DgpUeEC.exe
  C:\Windows\System\DgpUeEC.exe
  2⤵
  PID:4380
- C:\Windows\System\kyQjPMe.exe
  C:\Windows\System\kyQjPMe.exe
  2⤵
  PID:4412
- C:\Windows\System\NKLSypk.exe
  C:\Windows\System\NKLSypk.exe
  2⤵
  PID:4460
- C:\Windows\System\PtwlilG.exe
  C:\Windows\System\PtwlilG.exe
  2⤵
  PID:4492
- C:\Windows\System\NHRKbMb.exe
  C:\Windows\System\NHRKbMb.exe
  2⤵
  PID:4512
- C:\Windows\System\XjLwWnV.exe
  C:\Windows\System\XjLwWnV.exe
  2⤵
  PID:4536
- C:\Windows\System\zBqqvXE.exe
  C:\Windows\System\zBqqvXE.exe
  2⤵
  PID:4556
- C:\Windows\System\hpmZRcA.exe
  C:\Windows\System\hpmZRcA.exe
  2⤵
  PID:4596
- C:\Windows\System\rDsMcQG.exe
  C:\Windows\System\rDsMcQG.exe
  2⤵
  PID:4636
- C:\Windows\System\FkRTWML.exe
  C:\Windows\System\FkRTWML.exe
  2⤵
  PID:4680
- C:\Windows\System\ocEePqv.exe
  C:\Windows\System\ocEePqv.exe
  2⤵
  PID:4712
- C:\Windows\System\jtmmeAC.exe
  C:\Windows\System\jtmmeAC.exe
  2⤵
  PID:4736
- C:\Windows\System\XhUPZKo.exe
  C:\Windows\System\XhUPZKo.exe
  2⤵
  PID:4756
- C:\Windows\System\UNvVWjs.exe
  C:\Windows\System\UNvVWjs.exe
  2⤵
  PID:4820
- C:\Windows\System\jaXbeBN.exe
  C:\Windows\System\jaXbeBN.exe
  2⤵
  PID:4852
- C:\Windows\System\firAXrb.exe
  C:\Windows\System\firAXrb.exe
  2⤵
  PID:4880
- C:\Windows\System\QONDWnn.exe
  C:\Windows\System\QONDWnn.exe
  2⤵
  PID:4912
- C:\Windows\System\LwQwLQz.exe
  C:\Windows\System\LwQwLQz.exe
  2⤵
  PID:4936
- C:\Windows\System\EvTUzyK.exe
  C:\Windows\System\EvTUzyK.exe
  2⤵
  PID:4980
- C:\Windows\System\syzDzvv.exe
  C:\Windows\System\syzDzvv.exe
  2⤵
  PID:4996
- C:\Windows\System\qbfkfOx.exe
  C:\Windows\System\qbfkfOx.exe
  2⤵
  PID:5040
- C:\Windows\System\RcoZcPW.exe
  C:\Windows\System\RcoZcPW.exe
  2⤵
  PID:5080
- C:\Windows\System\StrewNV.exe
  C:\Windows\System\StrewNV.exe
  2⤵
  PID:5112
- C:\Windows\System\bFkCtoh.exe
  C:\Windows\System\bFkCtoh.exe
  2⤵
  PID:2912
- C:\Windows\System\ewYSvBE.exe
  C:\Windows\System\ewYSvBE.exe
  2⤵
  PID:3268
- C:\Windows\System\EXFbbTQ.exe
  C:\Windows\System\EXFbbTQ.exe
  2⤵
  PID:3552
- C:\Windows\System\vWCvADN.exe
  C:\Windows\System\vWCvADN.exe
  2⤵
  PID:3844
- C:\Windows\System\GDAhlql.exe
  C:\Windows\System\GDAhlql.exe
  2⤵
  PID:4092
- C:\Windows\System\aknDeXe.exe
  C:\Windows\System\aknDeXe.exe
  2⤵
  PID:4116
- C:\Windows\System\VZwheLe.exe
  C:\Windows\System\VZwheLe.exe
  2⤵
  PID:4160
- C:\Windows\System\FNgeChO.exe
  C:\Windows\System\FNgeChO.exe
  2⤵
  PID:4212
- C:\Windows\System\zsUOgnf.exe
  C:\Windows\System\zsUOgnf.exe
  2⤵
  PID:4296
- C:\Windows\System\seWvCyQ.exe
  C:\Windows\System\seWvCyQ.exe
  2⤵
  PID:4372
- C:\Windows\System\tmHdXgw.exe
  C:\Windows\System\tmHdXgw.exe
  2⤵
  PID:4416
- C:\Windows\System\OvywhPK.exe
  C:\Windows\System\OvywhPK.exe
  2⤵
  PID:4472
- C:\Windows\System\CdSfWma.exe
  C:\Windows\System\CdSfWma.exe
  2⤵
  PID:4540
- C:\Windows\System\sAeqKtN.exe
  C:\Windows\System\sAeqKtN.exe
  2⤵
  PID:4580
- C:\Windows\System\GAKiFfQ.exe
  C:\Windows\System\GAKiFfQ.exe
  2⤵
  PID:4640
- C:\Windows\System\yvoHmnL.exe
  C:\Windows\System\yvoHmnL.exe
  2⤵
  PID:4656
- C:\Windows\System\BAlfoBw.exe
  C:\Windows\System\BAlfoBw.exe
  2⤵
  PID:4780
- C:\Windows\System\grYOedL.exe
  C:\Windows\System\grYOedL.exe
  2⤵
  PID:4812
- C:\Windows\System\pfuXnwu.exe
  C:\Windows\System\pfuXnwu.exe
  2⤵
  PID:4836
- C:\Windows\System\AYUoisk.exe
  C:\Windows\System\AYUoisk.exe
  2⤵
  PID:4900
- C:\Windows\System\bBiQmlZ.exe
  C:\Windows\System\bBiQmlZ.exe
  2⤵
  PID:4956
- C:\Windows\System\KEnIJwp.exe
  C:\Windows\System\KEnIJwp.exe
  2⤵
  PID:5000
- C:\Windows\System\uBVFCYn.exe
  C:\Windows\System\uBVFCYn.exe
  2⤵
  PID:5060
- C:\Windows\System\GHMyTUw.exe
  C:\Windows\System\GHMyTUw.exe
  2⤵
  PID:3236
- C:\Windows\System\NwcWIGq.exe
  C:\Windows\System\NwcWIGq.exe
  2⤵
  PID:3396
- C:\Windows\System\WKjnYlq.exe
  C:\Windows\System\WKjnYlq.exe
  2⤵
  PID:1216
- C:\Windows\System\zgNxPlj.exe
  C:\Windows\System\zgNxPlj.exe
  2⤵
  PID:5132
- C:\Windows\System\MHEuOSJ.exe
  C:\Windows\System\MHEuOSJ.exe
  2⤵
  PID:5152
- C:\Windows\System\ZiiwaYk.exe
  C:\Windows\System\ZiiwaYk.exe
  2⤵
  PID:5172
- C:\Windows\System\oXkNSqy.exe
  C:\Windows\System\oXkNSqy.exe
  2⤵
  PID:5192
- C:\Windows\System\EqpJFUi.exe
  C:\Windows\System\EqpJFUi.exe
  2⤵
  PID:5212
- C:\Windows\System\YUrTGKG.exe
  C:\Windows\System\YUrTGKG.exe
  2⤵
  PID:5232
- C:\Windows\System\OJvIEXh.exe
  C:\Windows\System\OJvIEXh.exe
  2⤵
  PID:5252
- C:\Windows\System\gLCvgmq.exe
  C:\Windows\System\gLCvgmq.exe
  2⤵
  PID:5272
- C:\Windows\System\mssZgMp.exe
  C:\Windows\System\mssZgMp.exe
  2⤵
  PID:5292
- C:\Windows\System\FBEaXhv.exe
  C:\Windows\System\FBEaXhv.exe
  2⤵
  PID:5312
- C:\Windows\System\TXdKqHP.exe
  C:\Windows\System\TXdKqHP.exe
  2⤵
  PID:5332
- C:\Windows\System\KkWzVwK.exe
  C:\Windows\System\KkWzVwK.exe
  2⤵
  PID:5352
- C:\Windows\System\ohdHEAA.exe
  C:\Windows\System\ohdHEAA.exe
  2⤵
  PID:5372
- C:\Windows\System\IyFxdhA.exe
  C:\Windows\System\IyFxdhA.exe
  2⤵
  PID:5392
- C:\Windows\System\crphIaP.exe
  C:\Windows\System\crphIaP.exe
  2⤵
  PID:5412
- C:\Windows\System\UcPbveF.exe
  C:\Windows\System\UcPbveF.exe
  2⤵
  PID:5432
- C:\Windows\System\yOhlRwV.exe
  C:\Windows\System\yOhlRwV.exe
  2⤵
  PID:5452
- C:\Windows\System\UoPJEQV.exe
  C:\Windows\System\UoPJEQV.exe
  2⤵
  PID:5472
- C:\Windows\System\dKcVMsZ.exe
  C:\Windows\System\dKcVMsZ.exe
  2⤵
  PID:5492
- C:\Windows\System\FImGaSn.exe
  C:\Windows\System\FImGaSn.exe
  2⤵
  PID:5512
- C:\Windows\System\MeHvGnQ.exe
  C:\Windows\System\MeHvGnQ.exe
  2⤵
  PID:5532
- C:\Windows\System\QhhDaoB.exe
  C:\Windows\System\QhhDaoB.exe
  2⤵
  PID:5552
- C:\Windows\System\gjKYLap.exe
  C:\Windows\System\gjKYLap.exe
  2⤵
  PID:5572
- C:\Windows\System\ECUjfLL.exe
  C:\Windows\System\ECUjfLL.exe
  2⤵
  PID:5592
- C:\Windows\System\AJWAuzU.exe
  C:\Windows\System\AJWAuzU.exe
  2⤵
  PID:5612
- C:\Windows\System\QGacsFg.exe
  C:\Windows\System\QGacsFg.exe
  2⤵
  PID:5632
- C:\Windows\System\lRYuSXj.exe
  C:\Windows\System\lRYuSXj.exe
  2⤵
  PID:5652
- C:\Windows\System\VtyaXHh.exe
  C:\Windows\System\VtyaXHh.exe
  2⤵
  PID:5672
- C:\Windows\System\WRYgpJn.exe
  C:\Windows\System\WRYgpJn.exe
  2⤵
  PID:5692
- C:\Windows\System\RrIbCeM.exe
  C:\Windows\System\RrIbCeM.exe
  2⤵
  PID:5712
- C:\Windows\System\yrnbqhQ.exe
  C:\Windows\System\yrnbqhQ.exe
  2⤵
  PID:5732
- C:\Windows\System\AmfWedZ.exe
  C:\Windows\System\AmfWedZ.exe
  2⤵
  PID:5752
- C:\Windows\System\wOVYfUc.exe
  C:\Windows\System\wOVYfUc.exe
  2⤵
  PID:5772
- C:\Windows\System\jAFYkgS.exe
  C:\Windows\System\jAFYkgS.exe
  2⤵
  PID:5792
- C:\Windows\System\HoUnFIG.exe
  C:\Windows\System\HoUnFIG.exe
  2⤵
  PID:5812
- C:\Windows\System\aaToQVf.exe
  C:\Windows\System\aaToQVf.exe
  2⤵
  PID:5832
- C:\Windows\System\PqqSdnR.exe
  C:\Windows\System\PqqSdnR.exe
  2⤵
  PID:5852
- C:\Windows\System\roBFlNA.exe
  C:\Windows\System\roBFlNA.exe
  2⤵
  PID:5872
- C:\Windows\System\FLWyorM.exe
  C:\Windows\System\FLWyorM.exe
  2⤵
  PID:5896
- C:\Windows\System\AHKpGNB.exe
  C:\Windows\System\AHKpGNB.exe
  2⤵
  PID:5916
- C:\Windows\System\paAywXa.exe
  C:\Windows\System\paAywXa.exe
  2⤵
  PID:5936
- C:\Windows\System\ShwePwF.exe
  C:\Windows\System\ShwePwF.exe
  2⤵
  PID:5956
- C:\Windows\System\CmZCNHP.exe
  C:\Windows\System\CmZCNHP.exe
  2⤵
  PID:5976
- C:\Windows\System\QzScDiW.exe
  C:\Windows\System\QzScDiW.exe
  2⤵
  PID:5996
- C:\Windows\System\ELKOIMI.exe
  C:\Windows\System\ELKOIMI.exe
  2⤵
  PID:6016
- C:\Windows\System\woTrfiy.exe
  C:\Windows\System\woTrfiy.exe
  2⤵
  PID:6036
- C:\Windows\System\SDzOIou.exe
  C:\Windows\System\SDzOIou.exe
  2⤵
  PID:6056
- C:\Windows\System\KhHmCyL.exe
  C:\Windows\System\KhHmCyL.exe
  2⤵
  PID:6076
- C:\Windows\System\XeRVixJ.exe
  C:\Windows\System\XeRVixJ.exe
  2⤵
  PID:6096
- C:\Windows\System\nQasLaj.exe
  C:\Windows\System\nQasLaj.exe
  2⤵
  PID:6116
- C:\Windows\System\sfilRmv.exe
  C:\Windows\System\sfilRmv.exe
  2⤵
  PID:6136
- C:\Windows\System\RNkKjMn.exe
  C:\Windows\System\RNkKjMn.exe
  2⤵
  PID:3732
- C:\Windows\System\xMYwQZt.exe
  C:\Windows\System\xMYwQZt.exe
  2⤵
  PID:4240
- C:\Windows\System\DvXbWlq.exe
  C:\Windows\System\DvXbWlq.exe
  2⤵
  PID:4292
- C:\Windows\System\zlwEmfD.exe
  C:\Windows\System\zlwEmfD.exe
  2⤵
  PID:4400
- C:\Windows\System\lBVHPJG.exe
  C:\Windows\System\lBVHPJG.exe
  2⤵
  PID:4480
- C:\Windows\System\ieNoylj.exe
  C:\Windows\System\ieNoylj.exe
  2⤵
  PID:4496
- C:\Windows\System\NWUedZo.exe
  C:\Windows\System\NWUedZo.exe
  2⤵
  PID:4612
- C:\Windows\System\jDrllGt.exe
  C:\Windows\System\jDrllGt.exe
  2⤵
  PID:4760
- C:\Windows\System\zIVouwD.exe
  C:\Windows\System\zIVouwD.exe
  2⤵
  PID:4856
- C:\Windows\System\AQuyRCn.exe
  C:\Windows\System\AQuyRCn.exe
  2⤵
  PID:4916
- C:\Windows\System\mGrmecq.exe
  C:\Windows\System\mGrmecq.exe
  2⤵
  PID:4992
- C:\Windows\System\djRQRuK.exe
  C:\Windows\System\djRQRuK.exe
  2⤵
  PID:5100
- C:\Windows\System\kIsZjWI.exe
  C:\Windows\System\kIsZjWI.exe
  2⤵
  PID:2904
- C:\Windows\System\EvvcTqW.exe
  C:\Windows\System\EvvcTqW.exe
  2⤵
  PID:3992
- C:\Windows\System\mGFUDBi.exe
  C:\Windows\System\mGFUDBi.exe
  2⤵
  PID:5144
- C:\Windows\System\DgECRuk.exe
  C:\Windows\System\DgECRuk.exe
  2⤵
  PID:5164
- C:\Windows\System\kGSFpfv.exe
  C:\Windows\System\kGSFpfv.exe
  2⤵
  PID:5204
- C:\Windows\System\XRcVkuT.exe
  C:\Windows\System\XRcVkuT.exe
  2⤵
  PID:5240
- C:\Windows\System\FnqdcnC.exe
  C:\Windows\System\FnqdcnC.exe
  2⤵
  PID:5288
- C:\Windows\System\nKZAOqp.exe
  C:\Windows\System\nKZAOqp.exe
  2⤵
  PID:5320
- C:\Windows\System\WuxkwrM.exe
  C:\Windows\System\WuxkwrM.exe
  2⤵
  PID:5344
- C:\Windows\System\FBNvLQu.exe
  C:\Windows\System\FBNvLQu.exe
  2⤵
  PID:5388
- C:\Windows\System\iZgNwgB.exe
  C:\Windows\System\iZgNwgB.exe
  2⤵
  PID:5428
- C:\Windows\System\xoUsCHk.exe
  C:\Windows\System\xoUsCHk.exe
  2⤵
  PID:5464
- C:\Windows\System\vGQFFYX.exe
  C:\Windows\System\vGQFFYX.exe
  2⤵
  PID:5500
- C:\Windows\System\uaPtSBS.exe
  C:\Windows\System\uaPtSBS.exe
  2⤵
  PID:5520
- C:\Windows\System\uuHWYYb.exe
  C:\Windows\System\uuHWYYb.exe
  2⤵
  PID:5544
- C:\Windows\System\wuOsTwd.exe
  C:\Windows\System\wuOsTwd.exe
  2⤵
  PID:5584
- C:\Windows\System\QEmcOFb.exe
  C:\Windows\System\QEmcOFb.exe
  2⤵
  PID:5608
- C:\Windows\System\ARsIZeQ.exe
  C:\Windows\System\ARsIZeQ.exe
  2⤵
  PID:5648
- C:\Windows\System\cELnqAu.exe
  C:\Windows\System\cELnqAu.exe
  2⤵
  PID:5700
- C:\Windows\System\SLBxppf.exe
  C:\Windows\System\SLBxppf.exe
  2⤵
  PID:5720
- C:\Windows\System\kTJhhOY.exe
  C:\Windows\System\kTJhhOY.exe
  2⤵
  PID:5744
- C:\Windows\System\MerkzcH.exe
  C:\Windows\System\MerkzcH.exe
  2⤵
  PID:5764
- C:\Windows\System\CdZRfqp.exe
  C:\Windows\System\CdZRfqp.exe
  2⤵
  PID:5828
- C:\Windows\System\ZeMfYwI.exe
  C:\Windows\System\ZeMfYwI.exe
  2⤵
  PID:5848
- C:\Windows\System\NHKidwH.exe
  C:\Windows\System\NHKidwH.exe
  2⤵
  PID:5880
- C:\Windows\System\zazXsvd.exe
  C:\Windows\System\zazXsvd.exe
  2⤵
  PID:5924
- C:\Windows\System\GZwNpov.exe
  C:\Windows\System\GZwNpov.exe
  2⤵
  PID:5948
- C:\Windows\System\PCTPEvX.exe
  C:\Windows\System\PCTPEvX.exe
  2⤵
  PID:5992
- C:\Windows\System\lbcMsAb.exe
  C:\Windows\System\lbcMsAb.exe
  2⤵
  PID:6024
- C:\Windows\System\rWtesmj.exe
  C:\Windows\System\rWtesmj.exe
  2⤵
  PID:6048
- C:\Windows\System\ujlQgSJ.exe
  C:\Windows\System\ujlQgSJ.exe
  2⤵
  PID:6104
- C:\Windows\System\HnmllIK.exe
  C:\Windows\System\HnmllIK.exe
  2⤵
  PID:6112
- C:\Windows\System\tmaREUK.exe
  C:\Windows\System\tmaREUK.exe
  2⤵
  PID:6128
- C:\Windows\System\apTlJqY.exe
  C:\Windows\System\apTlJqY.exe
  2⤵
  PID:4260
- C:\Windows\System\QGKQVTL.exe
  C:\Windows\System\QGKQVTL.exe
  2⤵
  PID:4396
- C:\Windows\System\eqCPZKw.exe
  C:\Windows\System\eqCPZKw.exe
  2⤵
  PID:4520
- C:\Windows\System\PCekRgn.exe
  C:\Windows\System\PCekRgn.exe
  2⤵
  PID:4660
- C:\Windows\System\kCLiZgN.exe
  C:\Windows\System\kCLiZgN.exe
  2⤵
  PID:4716
- C:\Windows\System\onUCkTK.exe
  C:\Windows\System\onUCkTK.exe
  2⤵
  PID:4892
- C:\Windows\System\giMAWug.exe
  C:\Windows\System\giMAWug.exe
  2⤵
  PID:3792
- C:\Windows\System\matpLkJ.exe
  C:\Windows\System\matpLkJ.exe
  2⤵
  PID:5148
- C:\Windows\System\SpsxuGP.exe
  C:\Windows\System\SpsxuGP.exe
  2⤵
  PID:5188
- C:\Windows\System\MGKnGtm.exe
  C:\Windows\System\MGKnGtm.exe
  2⤵
  PID:5200
- C:\Windows\System\uwuQYyH.exe
  C:\Windows\System\uwuQYyH.exe
  2⤵
  PID:5280
- C:\Windows\System\AbMgIGw.exe
  C:\Windows\System\AbMgIGw.exe
  2⤵
  PID:5304
- C:\Windows\System\FDnmuUH.exe
  C:\Windows\System\FDnmuUH.exe
  2⤵
  PID:5364
- C:\Windows\System\YOXJJrM.exe
  C:\Windows\System\YOXJJrM.exe
  2⤵
  PID:5404
- C:\Windows\System\WQWQFMr.exe
  C:\Windows\System\WQWQFMr.exe
  2⤵
  PID:5444
- C:\Windows\System\dbkzoEU.exe
  C:\Windows\System\dbkzoEU.exe
  2⤵
  PID:5524
- C:\Windows\System\KFUeHcx.exe
  C:\Windows\System\KFUeHcx.exe
  2⤵
  PID:5628
- C:\Windows\System\bLKjRJS.exe
  C:\Windows\System\bLKjRJS.exe
  2⤵
  PID:5668
- C:\Windows\System\JcELLYS.exe
  C:\Windows\System\JcELLYS.exe
  2⤵
  PID:5704
- C:\Windows\System\llZUkWr.exe
  C:\Windows\System\llZUkWr.exe
  2⤵
  PID:2696
- C:\Windows\System\xJocHnL.exe
  C:\Windows\System\xJocHnL.exe
  2⤵
  PID:5800
- C:\Windows\System\FjHTkkk.exe
  C:\Windows\System\FjHTkkk.exe
  2⤵
  PID:5864
- C:\Windows\System\onWsjpe.exe
  C:\Windows\System\onWsjpe.exe
  2⤵
  PID:5944
- C:\Windows\System\CqgsZLD.exe
  C:\Windows\System\CqgsZLD.exe
  2⤵
  PID:5984
- C:\Windows\System\HxljYQn.exe
  C:\Windows\System\HxljYQn.exe
  2⤵
  PID:2796
- C:\Windows\System\gWvSkKF.exe
  C:\Windows\System\gWvSkKF.exe
  2⤵
  PID:6044
- C:\Windows\System\rpdeSmB.exe
  C:\Windows\System\rpdeSmB.exe
  2⤵
  PID:6124
- C:\Windows\System\qwiIoNF.exe
  C:\Windows\System\qwiIoNF.exe
  2⤵
  PID:4132
- C:\Windows\System\rAdZojL.exe
  C:\Windows\System\rAdZojL.exe
  2⤵
  PID:4316
- C:\Windows\System\agnzXmD.exe
  C:\Windows\System\agnzXmD.exe
  2⤵
  PID:4792
- C:\Windows\System\AXhWGOP.exe
  C:\Windows\System\AXhWGOP.exe
  2⤵
  PID:5052
- C:\Windows\System\LyWVYEQ.exe
  C:\Windows\System\LyWVYEQ.exe
  2⤵
  PID:3080
- C:\Windows\System\ixRXCIo.exe
  C:\Windows\System\ixRXCIo.exe
  2⤵
  PID:5208
- C:\Windows\System\Sjatxyb.exe
  C:\Windows\System\Sjatxyb.exe
  2⤵
  PID:5264
- C:\Windows\System\iaedKBI.exe
  C:\Windows\System\iaedKBI.exe
  2⤵
  PID:5400
- C:\Windows\System\LfrswIt.exe
  C:\Windows\System\LfrswIt.exe
  2⤵
  PID:5448
- C:\Windows\System\RFSFGcW.exe
  C:\Windows\System\RFSFGcW.exe
  2⤵
  PID:5548
- C:\Windows\System\OZdAUFO.exe
  C:\Windows\System\OZdAUFO.exe
  2⤵
  PID:5660
- C:\Windows\System\NUqsFUh.exe
  C:\Windows\System\NUqsFUh.exe
  2⤵
  PID:5684
- C:\Windows\System\oMdGavO.exe
  C:\Windows\System\oMdGavO.exe
  2⤵
  PID:5804
- C:\Windows\System\QaEvBBH.exe
  C:\Windows\System\QaEvBBH.exe
  2⤵
  PID:3032
- C:\Windows\System\UjqxZPJ.exe
  C:\Windows\System\UjqxZPJ.exe
  2⤵
  PID:6008
- C:\Windows\System\vEEqsgs.exe
  C:\Windows\System\vEEqsgs.exe
  2⤵
  PID:6164
- C:\Windows\System\XJyCafx.exe
  C:\Windows\System\XJyCafx.exe
  2⤵
  PID:6188
- C:\Windows\System\OxbiYRO.exe
  C:\Windows\System\OxbiYRO.exe
  2⤵
  PID:6208
- C:\Windows\System\zXhUaIJ.exe
  C:\Windows\System\zXhUaIJ.exe
  2⤵
  PID:6228
- C:\Windows\System\WMyCWiI.exe
  C:\Windows\System\WMyCWiI.exe
  2⤵
  PID:6248
- C:\Windows\System\RAuwgqY.exe
  C:\Windows\System\RAuwgqY.exe
  2⤵
  PID:6268
- C:\Windows\System\DwAQDGx.exe
  C:\Windows\System\DwAQDGx.exe
  2⤵
  PID:6288
- C:\Windows\System\TyOXcWJ.exe
  C:\Windows\System\TyOXcWJ.exe
  2⤵
  PID:6308
- C:\Windows\System\gkvZnbU.exe
  C:\Windows\System\gkvZnbU.exe
  2⤵
  PID:6328
- C:\Windows\System\kbojoLu.exe
  C:\Windows\System\kbojoLu.exe
  2⤵
  PID:6348
- C:\Windows\System\ZstIUYA.exe
  C:\Windows\System\ZstIUYA.exe
  2⤵
  PID:6368
- C:\Windows\System\Qtmojup.exe
  C:\Windows\System\Qtmojup.exe
  2⤵
  PID:6388
- C:\Windows\System\oXGoKGI.exe
  C:\Windows\System\oXGoKGI.exe
  2⤵
  PID:6408
- C:\Windows\System\XxqWoPq.exe
  C:\Windows\System\XxqWoPq.exe
  2⤵
  PID:6428
- C:\Windows\System\ODChxkg.exe
  C:\Windows\System\ODChxkg.exe
  2⤵
  PID:6448
- C:\Windows\System\iucNaLj.exe
  C:\Windows\System\iucNaLj.exe
  2⤵
  PID:6468
- C:\Windows\System\huctQxe.exe
  C:\Windows\System\huctQxe.exe
  2⤵
  PID:6488
- C:\Windows\System\XrokSIq.exe
  C:\Windows\System\XrokSIq.exe
  2⤵
  PID:6508
- C:\Windows\System\hhMrbMQ.exe
  C:\Windows\System\hhMrbMQ.exe
  2⤵
  PID:6528
- C:\Windows\System\EIYxwWq.exe
  C:\Windows\System\EIYxwWq.exe
  2⤵
  PID:6548
- C:\Windows\System\PTwGwdl.exe
  C:\Windows\System\PTwGwdl.exe
  2⤵
  PID:6568
- C:\Windows\System\hObFsZq.exe
  C:\Windows\System\hObFsZq.exe
  2⤵
  PID:6588
- C:\Windows\System\rzCXYhY.exe
  C:\Windows\System\rzCXYhY.exe
  2⤵
  PID:6608
- C:\Windows\System\DeFKuMa.exe
  C:\Windows\System\DeFKuMa.exe
  2⤵
  PID:6628
- C:\Windows\System\BcZwDGF.exe
  C:\Windows\System\BcZwDGF.exe
  2⤵
  PID:6648
- C:\Windows\System\PzpGean.exe
  C:\Windows\System\PzpGean.exe
  2⤵
  PID:6668
- C:\Windows\System\bjrNefe.exe
  C:\Windows\System\bjrNefe.exe
  2⤵
  PID:6688
- C:\Windows\System\ZasTsuf.exe
  C:\Windows\System\ZasTsuf.exe
  2⤵
  PID:6708
- C:\Windows\System\CwUUtBx.exe
  C:\Windows\System\CwUUtBx.exe
  2⤵
  PID:6728
- C:\Windows\System\QouZuwk.exe
  C:\Windows\System\QouZuwk.exe
  2⤵
  PID:6748
- C:\Windows\System\rbFljer.exe
  C:\Windows\System\rbFljer.exe
  2⤵
  PID:6768
- C:\Windows\System\fIirhBV.exe
  C:\Windows\System\fIirhBV.exe
  2⤵
  PID:6788
- C:\Windows\System\mqhTVen.exe
  C:\Windows\System\mqhTVen.exe
  2⤵
  PID:6808
- C:\Windows\System\TOlmZNu.exe
  C:\Windows\System\TOlmZNu.exe
  2⤵
  PID:6828
- C:\Windows\System\kITUMor.exe
  C:\Windows\System\kITUMor.exe
  2⤵
  PID:6848
- C:\Windows\System\cUYHGPJ.exe
  C:\Windows\System\cUYHGPJ.exe
  2⤵
  PID:6868
- C:\Windows\System\ZiYpKso.exe
  C:\Windows\System\ZiYpKso.exe
  2⤵
  PID:6884
- C:\Windows\System\wMPwFvZ.exe
  C:\Windows\System\wMPwFvZ.exe
  2⤵
  PID:6900
- C:\Windows\System\oLswCEQ.exe
  C:\Windows\System\oLswCEQ.exe
  2⤵
  PID:6924
- C:\Windows\System\JndRIQp.exe
  C:\Windows\System\JndRIQp.exe
  2⤵
  PID:6940
- C:\Windows\System\XwymDXN.exe
  C:\Windows\System\XwymDXN.exe
  2⤵
  PID:6964
- C:\Windows\System\yqtFhEz.exe
  C:\Windows\System\yqtFhEz.exe
  2⤵
  PID:6988
- C:\Windows\System\ckoYexm.exe
  C:\Windows\System\ckoYexm.exe
  2⤵
  PID:7008
- C:\Windows\System\rmNYUch.exe
  C:\Windows\System\rmNYUch.exe
  2⤵
  PID:7028
- C:\Windows\System\mTkSFWS.exe
  C:\Windows\System\mTkSFWS.exe
  2⤵
  PID:7048
- C:\Windows\System\PPMnePM.exe
  C:\Windows\System\PPMnePM.exe
  2⤵
  PID:7068
- C:\Windows\System\priWXAD.exe
  C:\Windows\System\priWXAD.exe
  2⤵
  PID:7088
- C:\Windows\System\ZoKNPiI.exe
  C:\Windows\System\ZoKNPiI.exe
  2⤵
  PID:7108
- C:\Windows\System\AzknaiP.exe
  C:\Windows\System\AzknaiP.exe
  2⤵
  PID:7128
- C:\Windows\System\zrqCupB.exe
  C:\Windows\System\zrqCupB.exe
  2⤵
  PID:7148
- C:\Windows\System\VKMLzEl.exe
  C:\Windows\System\VKMLzEl.exe
  2⤵
  PID:6012
- C:\Windows\System\CuFJLuL.exe
  C:\Windows\System\CuFJLuL.exe
  2⤵
  PID:2536
- C:\Windows\System\QRNtbac.exe
  C:\Windows\System\QRNtbac.exe
  2⤵
  PID:4100
- C:\Windows\System\FTpFboU.exe
  C:\Windows\System\FTpFboU.exe
  2⤵
  PID:4432
- C:\Windows\System\bOdrjIY.exe
  C:\Windows\System\bOdrjIY.exe
  2⤵
  PID:2108
- C:\Windows\System\QeFQCMG.exe
  C:\Windows\System\QeFQCMG.exe
  2⤵
  PID:5072
- C:\Windows\System\VkesNxX.exe
  C:\Windows\System\VkesNxX.exe
  2⤵
  PID:5244
- C:\Windows\System\AOLGTsc.exe
  C:\Windows\System\AOLGTsc.exe
  2⤵
  PID:5360
- C:\Windows\System\dIgOdmV.exe
  C:\Windows\System\dIgOdmV.exe
  2⤵
  PID:5504
- C:\Windows\System\XwmHleR.exe
  C:\Windows\System\XwmHleR.exe
  2⤵
  PID:5580
- C:\Windows\System\mMuOYrz.exe
  C:\Windows\System\mMuOYrz.exe
  2⤵
  PID:5664
- C:\Windows\System\rKGsvQG.exe
  C:\Windows\System\rKGsvQG.exe
  2⤵
  PID:5972
- C:\Windows\System\QGjPJor.exe
  C:\Windows\System\QGjPJor.exe
  2⤵
  PID:6172
- C:\Windows\System\ZqkpGxO.exe
  C:\Windows\System\ZqkpGxO.exe
  2⤵
  PID:6216
- C:\Windows\System\Jkpdnjr.exe
  C:\Windows\System\Jkpdnjr.exe
  2⤵
  PID:6236
- C:\Windows\System\EeWNbiE.exe
  C:\Windows\System\EeWNbiE.exe
  2⤵
  PID:6240
- C:\Windows\System\Mtzmvdn.exe
  C:\Windows\System\Mtzmvdn.exe
  2⤵
  PID:6284
- C:\Windows\System\VftPOem.exe
  C:\Windows\System\VftPOem.exe
  2⤵
  PID:6320
- C:\Windows\System\BHGuxMY.exe
  C:\Windows\System\BHGuxMY.exe
  2⤵
  PID:6376
- C:\Windows\System\FbjJcQk.exe
  C:\Windows\System\FbjJcQk.exe
  2⤵
  PID:6424
- C:\Windows\System\OzpkwPi.exe
  C:\Windows\System\OzpkwPi.exe
  2⤵
  PID:6436
- C:\Windows\System\QVdGLlK.exe
  C:\Windows\System\QVdGLlK.exe
  2⤵
  PID:6460
- C:\Windows\System\aFOysrJ.exe
  C:\Windows\System\aFOysrJ.exe
  2⤵
  PID:6484
- C:\Windows\System\HhGjLTa.exe
  C:\Windows\System\HhGjLTa.exe
  2⤵
  PID:6524
- C:\Windows\System\dgOrVLm.exe
  C:\Windows\System\dgOrVLm.exe
  2⤵
  PID:6556
- C:\Windows\System\acIYUUz.exe
  C:\Windows\System\acIYUUz.exe
  2⤵
  PID:6564
- C:\Windows\System\BabPYjF.exe
  C:\Windows\System\BabPYjF.exe
  2⤵
  PID:6620
- C:\Windows\System\gqKTubp.exe
  C:\Windows\System\gqKTubp.exe
  2⤵
  PID:6640
- C:\Windows\System\GLBFPMD.exe
  C:\Windows\System\GLBFPMD.exe
  2⤵
  PID:6704
- C:\Windows\System\olofjdM.exe
  C:\Windows\System\olofjdM.exe
  2⤵
  PID:6776
- C:\Windows\System\XKtbTZY.exe
  C:\Windows\System\XKtbTZY.exe
  2⤵
  PID:6720
- C:\Windows\System\rUfcIMG.exe
  C:\Windows\System\rUfcIMG.exe
  2⤵
  PID:6816
- C:\Windows\System\eKqCXkK.exe
  C:\Windows\System\eKqCXkK.exe
  2⤵
  PID:6856
- C:\Windows\System\SsczTNi.exe
  C:\Windows\System\SsczTNi.exe
  2⤵
  PID:6860
- C:\Windows\System\wCdBXrt.exe
  C:\Windows\System\wCdBXrt.exe
  2⤵
  PID:6880
- C:\Windows\System\SJNpKYd.exe
  C:\Windows\System\SJNpKYd.exe
  2⤵
  PID:6908
- C:\Windows\System\NEWZmKG.exe
  C:\Windows\System\NEWZmKG.exe
  2⤵
  PID:6960
- C:\Windows\System\JPMrMSx.exe
  C:\Windows\System\JPMrMSx.exe
  2⤵
  PID:6996
- C:\Windows\System\EVNBsTF.exe
  C:\Windows\System\EVNBsTF.exe
  2⤵
  PID:7020
- C:\Windows\System\ZvmnXUZ.exe
  C:\Windows\System\ZvmnXUZ.exe
  2⤵
  PID:7064
- C:\Windows\System\EOaiTfU.exe
  C:\Windows\System\EOaiTfU.exe
  2⤵
  PID:7080
- C:\Windows\System\uMukjrs.exe
  C:\Windows\System\uMukjrs.exe
  2⤵
  PID:7144
- C:\Windows\System\eDIwUDP.exe
  C:\Windows\System\eDIwUDP.exe
  2⤵
  PID:5968
- C:\Windows\System\zCnZbeC.exe
  C:\Windows\System\zCnZbeC.exe
  2⤵
  PID:2804
- C:\Windows\System\VyLmivf.exe
  C:\Windows\System\VyLmivf.exe
  2⤵
  PID:2304
- C:\Windows\System\tESectc.exe
  C:\Windows\System\tESectc.exe
  2⤵
  PID:4560
- C:\Windows\System\XEQeUAu.exe
  C:\Windows\System\XEQeUAu.exe
  2⤵
  PID:5324
- C:\Windows\System\nZhbhDd.exe
  C:\Windows\System\nZhbhDd.exe
  2⤵
  PID:5460
- C:\Windows\System\VvaQjch.exe
  C:\Windows\System\VvaQjch.exe
  2⤵
  PID:5952
- C:\Windows\System\gOOGRQW.exe
  C:\Windows\System\gOOGRQW.exe
  2⤵
  PID:6180
- C:\Windows\System\OSFlDHT.exe
  C:\Windows\System\OSFlDHT.exe
  2⤵
  PID:6160
- C:\Windows\System\aZDJMZd.exe
  C:\Windows\System\aZDJMZd.exe
  2⤵
  PID:6220
- C:\Windows\System\XmNKoya.exe
  C:\Windows\System\XmNKoya.exe
  2⤵
  PID:6360
- C:\Windows\System\ZNaaaKy.exe
  C:\Windows\System\ZNaaaKy.exe
  2⤵
  PID:6416
- C:\Windows\System\xBGSogP.exe
  C:\Windows\System\xBGSogP.exe
  2⤵
  PID:6356
- C:\Windows\System\WplsuuZ.exe
  C:\Windows\System\WplsuuZ.exe
  2⤵
  PID:2580
- C:\Windows\System\UkHFVKT.exe
  C:\Windows\System\UkHFVKT.exe
  2⤵
  PID:6624
- C:\Windows\System\ptbmWLx.exe
  C:\Windows\System\ptbmWLx.exe
  2⤵
  PID:6520
- C:\Windows\System\WMEXzvI.exe
  C:\Windows\System\WMEXzvI.exe
  2⤵
  PID:6584
- C:\Windows\System\NIVmlAM.exe
  C:\Windows\System\NIVmlAM.exe
  2⤵
  PID:6736
- C:\Windows\System\CdoOkCR.exe
  C:\Windows\System\CdoOkCR.exe
  2⤵
  PID:6684
- C:\Windows\System\oDTiuKf.exe
  C:\Windows\System\oDTiuKf.exe
  2⤵
  PID:6724
- C:\Windows\System\spEmvgp.exe
  C:\Windows\System\spEmvgp.exe
  2⤵
  PID:6800
- C:\Windows\System\qDlagUG.exe
  C:\Windows\System\qDlagUG.exe
  2⤵
  PID:6976
- C:\Windows\System\ouujSVz.exe
  C:\Windows\System\ouujSVz.exe
  2⤵
  PID:6984
- C:\Windows\System\hwDfszi.exe
  C:\Windows\System\hwDfszi.exe
  2⤵
  PID:6916
- C:\Windows\System\ekkgsFj.exe
  C:\Windows\System\ekkgsFj.exe
  2⤵
  PID:7044
- C:\Windows\System\EYRGEWC.exe
  C:\Windows\System\EYRGEWC.exe
  2⤵
  PID:7076
- C:\Windows\System\ZIdoCZU.exe
  C:\Windows\System\ZIdoCZU.exe
  2⤵
  PID:7160
- C:\Windows\System\VmsGLFS.exe
  C:\Windows\System\VmsGLFS.exe
  2⤵
  PID:4740
- C:\Windows\System\UxnXDkE.exe
  C:\Windows\System\UxnXDkE.exe
  2⤵
  PID:5484
- C:\Windows\System\nuGaOAk.exe
  C:\Windows\System\nuGaOAk.exe
  2⤵
  PID:6156
- C:\Windows\System\gkBzgXu.exe
  C:\Windows\System\gkBzgXu.exe
  2⤵
  PID:6196
- C:\Windows\System\AuYXlcf.exe
  C:\Windows\System\AuYXlcf.exe
  2⤵
  PID:6336
- C:\Windows\System\FOCCmlC.exe
  C:\Windows\System\FOCCmlC.exe
  2⤵
  PID:6380
- C:\Windows\System\VEoMtWa.exe
  C:\Windows\System\VEoMtWa.exe
  2⤵
  PID:6400
- C:\Windows\System\nKoALQm.exe
  C:\Windows\System\nKoALQm.exe
  2⤵
  PID:6536
- C:\Windows\System\MfCHbDA.exe
  C:\Windows\System\MfCHbDA.exe
  2⤵
  PID:6596
- C:\Windows\System\HjDVlwG.exe
  C:\Windows\System\HjDVlwG.exe
  2⤵
  PID:6764
- C:\Windows\System\YgaLEVY.exe
  C:\Windows\System\YgaLEVY.exe
  2⤵
  PID:6844
- C:\Windows\System\VjWIVUB.exe
  C:\Windows\System\VjWIVUB.exe
  2⤵
  PID:7036
- C:\Windows\System\XCdCQqO.exe
  C:\Windows\System\XCdCQqO.exe
  2⤵
  PID:7084
- C:\Windows\System\XwIikpB.exe
  C:\Windows\System\XwIikpB.exe
  2⤵
  PID:6948
- C:\Windows\System\eOyjuwg.exe
  C:\Windows\System\eOyjuwg.exe
  2⤵
  PID:4672
- C:\Windows\System\gNLgGOm.exe
  C:\Windows\System\gNLgGOm.exe
  2⤵
  PID:904
- C:\Windows\System\zZKwVDX.exe
  C:\Windows\System\zZKwVDX.exe
  2⤵
  PID:5820
- C:\Windows\System\pFmYjZV.exe
  C:\Windows\System\pFmYjZV.exe
  2⤵
  PID:2624
- C:\Windows\System\XRnGenq.exe
  C:\Windows\System\XRnGenq.exe
  2⤵
  PID:7172
- C:\Windows\System\WJDMCmJ.exe
  C:\Windows\System\WJDMCmJ.exe
  2⤵
  PID:7192
- C:\Windows\System\perYLLZ.exe
  C:\Windows\System\perYLLZ.exe
  2⤵
  PID:7208
- C:\Windows\System\pmTmacL.exe
  C:\Windows\System\pmTmacL.exe
  2⤵
  PID:7232
- C:\Windows\System\izHMSJu.exe
  C:\Windows\System\izHMSJu.exe
  2⤵
  PID:7252
- C:\Windows\System\ZfuZPtV.exe
  C:\Windows\System\ZfuZPtV.exe
  2⤵
  PID:7272
- C:\Windows\System\xhTHMHa.exe
  C:\Windows\System\xhTHMHa.exe
  2⤵
  PID:7292
- C:\Windows\System\apINXqt.exe
  C:\Windows\System\apINXqt.exe
  2⤵
  PID:7312
- C:\Windows\System\VPixqPo.exe
  C:\Windows\System\VPixqPo.exe
  2⤵
  PID:7332
- C:\Windows\System\ZcsvWBZ.exe
  C:\Windows\System\ZcsvWBZ.exe
  2⤵
  PID:7352
- C:\Windows\System\EvxFbtx.exe
  C:\Windows\System\EvxFbtx.exe
  2⤵
  PID:7368
- C:\Windows\System\LSZfWoD.exe
  C:\Windows\System\LSZfWoD.exe
  2⤵
  PID:7388
- C:\Windows\System\TIPeGFX.exe
  C:\Windows\System\TIPeGFX.exe
  2⤵
  PID:7412
- C:\Windows\System\HJHAeww.exe
  C:\Windows\System\HJHAeww.exe
  2⤵
  PID:7432
- C:\Windows\System\MbCGZvq.exe
  C:\Windows\System\MbCGZvq.exe
  2⤵
  PID:7452
- C:\Windows\System\PynPWqU.exe
  C:\Windows\System\PynPWqU.exe
  2⤵
  PID:7468
- C:\Windows\System\eQnigmn.exe
  C:\Windows\System\eQnigmn.exe
  2⤵
  PID:7488
- C:\Windows\System\kPsGUCH.exe
  C:\Windows\System\kPsGUCH.exe
  2⤵
  PID:7508
- C:\Windows\System\bdwaAWT.exe
  C:\Windows\System\bdwaAWT.exe
  2⤵
  PID:7532
- C:\Windows\System\AXTVrsS.exe
  C:\Windows\System\AXTVrsS.exe
  2⤵
  PID:7552
- C:\Windows\System\BoqHPpH.exe
  C:\Windows\System\BoqHPpH.exe
  2⤵
  PID:7572
- C:\Windows\System\mzGDrTS.exe
  C:\Windows\System\mzGDrTS.exe
  2⤵
  PID:7592
- C:\Windows\System\pqozjZU.exe
  C:\Windows\System\pqozjZU.exe
  2⤵
  PID:7612
- C:\Windows\System\TptaJQI.exe
  C:\Windows\System\TptaJQI.exe
  2⤵
  PID:7632
- C:\Windows\System\mzVyDmG.exe
  C:\Windows\System\mzVyDmG.exe
  2⤵
  PID:7652
- C:\Windows\System\MIlgNvn.exe
  C:\Windows\System\MIlgNvn.exe
  2⤵
  PID:7668
- C:\Windows\System\czCGGWC.exe
  C:\Windows\System\czCGGWC.exe
  2⤵
  PID:7692
- C:\Windows\System\lMFEgmz.exe
  C:\Windows\System\lMFEgmz.exe
  2⤵
  PID:7712
- C:\Windows\System\FGwfxLk.exe
  C:\Windows\System\FGwfxLk.exe
  2⤵
  PID:7732
- C:\Windows\System\aEwNTuc.exe
  C:\Windows\System\aEwNTuc.exe
  2⤵
  PID:7752
- C:\Windows\System\XhXtEQY.exe
  C:\Windows\System\XhXtEQY.exe
  2⤵
  PID:7772
- C:\Windows\System\oxXGdGc.exe
  C:\Windows\System\oxXGdGc.exe
  2⤵
  PID:7792
- C:\Windows\System\bxruQYo.exe
  C:\Windows\System\bxruQYo.exe
  2⤵
  PID:7812
- C:\Windows\System\jXFiUDU.exe
  C:\Windows\System\jXFiUDU.exe
  2⤵
  PID:7832
- C:\Windows\System\wkDcrXU.exe
  C:\Windows\System\wkDcrXU.exe
  2⤵
  PID:7852
- C:\Windows\System\VDwjJkS.exe
  C:\Windows\System\VDwjJkS.exe
  2⤵
  PID:7872
- C:\Windows\System\LBvxKTH.exe
  C:\Windows\System\LBvxKTH.exe
  2⤵
  PID:7892
- C:\Windows\System\wrwucGP.exe
  C:\Windows\System\wrwucGP.exe
  2⤵
  PID:7912
- C:\Windows\System\mUciVGw.exe
  C:\Windows\System\mUciVGw.exe
  2⤵
  PID:7932
- C:\Windows\System\UOdVPcO.exe
  C:\Windows\System\UOdVPcO.exe
  2⤵
  PID:7956
- C:\Windows\System\vtfJijM.exe
  C:\Windows\System\vtfJijM.exe
  2⤵
  PID:7976
- C:\Windows\System\uzMeWBj.exe
  C:\Windows\System\uzMeWBj.exe
  2⤵
  PID:7996
- C:\Windows\System\qdfpAup.exe
  C:\Windows\System\qdfpAup.exe
  2⤵
  PID:8012
- C:\Windows\System\fVVdNoP.exe
  C:\Windows\System\fVVdNoP.exe
  2⤵
  PID:8036
- C:\Windows\System\blnLQhQ.exe
  C:\Windows\System\blnLQhQ.exe
  2⤵
  PID:8056
- C:\Windows\System\zYXFXdE.exe
  C:\Windows\System\zYXFXdE.exe
  2⤵
  PID:8076
- C:\Windows\System\bkVvRSL.exe
  C:\Windows\System\bkVvRSL.exe
  2⤵
  PID:8096
- C:\Windows\System\feRMevR.exe
  C:\Windows\System\feRMevR.exe
  2⤵
  PID:8112
- C:\Windows\System\hkMIBHi.exe
  C:\Windows\System\hkMIBHi.exe
  2⤵
  PID:8136
- C:\Windows\System\ENkqcgE.exe
  C:\Windows\System\ENkqcgE.exe
  2⤵
  PID:8156
- C:\Windows\System\VfTzfDg.exe
  C:\Windows\System\VfTzfDg.exe
  2⤵
  PID:8176
- C:\Windows\System\WlwVley.exe
  C:\Windows\System\WlwVley.exe
  2⤵
  PID:6316
- C:\Windows\System\gybXtid.exe
  C:\Windows\System\gybXtid.exe
  2⤵
  PID:6504
- C:\Windows\System\LmZWLCh.exe
  C:\Windows\System\LmZWLCh.exe
  2⤵
  PID:6644
- C:\Windows\System\RBaoUIH.exe
  C:\Windows\System\RBaoUIH.exe
  2⤵
  PID:7136
- C:\Windows\System\GynFhKA.exe
  C:\Windows\System\GynFhKA.exe
  2⤵
  PID:2988
- C:\Windows\System\KlBMVHd.exe
  C:\Windows\System\KlBMVHd.exe
  2⤵
  PID:7120
- C:\Windows\System\HyYsLQs.exe
  C:\Windows\System\HyYsLQs.exe
  2⤵
  PID:6264
- C:\Windows\System\BBzeUIN.exe
  C:\Windows\System\BBzeUIN.exe
  2⤵
  PID:6340
- C:\Windows\System\biSnPiv.exe
  C:\Windows\System\biSnPiv.exe
  2⤵
  PID:7200
- C:\Windows\System\LJWmCiW.exe
  C:\Windows\System\LJWmCiW.exe
  2⤵
  PID:7244
- C:\Windows\System\LLOKXbV.exe
  C:\Windows\System\LLOKXbV.exe
  2⤵
  PID:7280
- C:\Windows\System\ksOoMZt.exe
  C:\Windows\System\ksOoMZt.exe
  2⤵
  PID:7264
- C:\Windows\System\rgbrYYT.exe
  C:\Windows\System\rgbrYYT.exe
  2⤵
  PID:7324
- C:\Windows\System\OOLPqWM.exe
  C:\Windows\System\OOLPqWM.exe
  2⤵
  PID:7404
- C:\Windows\System\WgiYzdx.exe
  C:\Windows\System\WgiYzdx.exe
  2⤵
  PID:7344
- C:\Windows\System\DxbQFcq.exe
  C:\Windows\System\DxbQFcq.exe
  2⤵
  PID:7380
- C:\Windows\System\OHKGMEa.exe
  C:\Windows\System\OHKGMEa.exe
  2⤵
  PID:7424
- C:\Windows\System\QTGWkhP.exe
  C:\Windows\System\QTGWkhP.exe
  2⤵
  PID:7520
- C:\Windows\System\VesxuXC.exe
  C:\Windows\System\VesxuXC.exe
  2⤵
  PID:7496
- C:\Windows\System\rrlvOUR.exe
  C:\Windows\System\rrlvOUR.exe
  2⤵
  PID:7540
- C:\Windows\System\Yozpeou.exe
  C:\Windows\System\Yozpeou.exe
  2⤵
  PID:7588
- C:\Windows\System\JkgOYiy.exe
  C:\Windows\System\JkgOYiy.exe
  2⤵
  PID:7628
- C:\Windows\System\REBstpa.exe
  C:\Windows\System\REBstpa.exe
  2⤵
  PID:7676
- C:\Windows\System\WebgSfv.exe
  C:\Windows\System\WebgSfv.exe
  2⤵
  PID:7664
- C:\Windows\System\lMwDtUx.exe
  C:\Windows\System\lMwDtUx.exe
  2⤵
  PID:7728
- C:\Windows\System\QDXcdHR.exe
  C:\Windows\System\QDXcdHR.exe
  2⤵
  PID:7748
- C:\Windows\System\lSxjkIw.exe
  C:\Windows\System\lSxjkIw.exe
  2⤵
  PID:7788
- C:\Windows\System\SvokzLT.exe
  C:\Windows\System\SvokzLT.exe
  2⤵
  PID:7840
- C:\Windows\System\yraubjH.exe
  C:\Windows\System\yraubjH.exe
  2⤵
  PID:7880
- C:\Windows\System\IGLcOLj.exe
  C:\Windows\System\IGLcOLj.exe
  2⤵
  PID:7864
- C:\Windows\System\NqJAGRb.exe
  C:\Windows\System\NqJAGRb.exe
  2⤵
  PID:7924
- C:\Windows\System\ZLARHyS.exe
  C:\Windows\System\ZLARHyS.exe
  2⤵
  PID:7952
- C:\Windows\System\EhFOKKv.exe
  C:\Windows\System\EhFOKKv.exe
  2⤵
  PID:8008
- C:\Windows\System\YVSlYCU.exe
  C:\Windows\System\YVSlYCU.exe
  2⤵
  PID:7988
- C:\Windows\System\ElCJDsY.exe
  C:\Windows\System\ElCJDsY.exe
  2⤵
  PID:8048
- C:\Windows\System\XtOfXEy.exe
  C:\Windows\System\XtOfXEy.exe
  2⤵
  PID:8088
- C:\Windows\System\EWvOoFd.exe
  C:\Windows\System\EWvOoFd.exe
  2⤵
  PID:8120
- C:\Windows\System\nWfdEok.exe
  C:\Windows\System\nWfdEok.exe
  2⤵
  PID:8108
- C:\Windows\System\ZGCCUWb.exe
  C:\Windows\System\ZGCCUWb.exe
  2⤵
  PID:8168
- C:\Windows\System\gQeedKh.exe
  C:\Windows\System\gQeedKh.exe
  2⤵
  PID:8184
- C:\Windows\System\GXANCoo.exe
  C:\Windows\System\GXANCoo.exe
  2⤵
  PID:6920
- C:\Windows\System\AzyGwIu.exe
  C:\Windows\System\AzyGwIu.exe
  2⤵
  PID:2628
- C:\Windows\System\xBAlBwU.exe
  C:\Windows\System\xBAlBwU.exe
  2⤵
  PID:6936
- C:\Windows\System\jGrCvlD.exe
  C:\Windows\System\jGrCvlD.exe
  2⤵
  PID:5160
- C:\Windows\System\ScsDHad.exe
  C:\Windows\System\ScsDHad.exe
  2⤵
  PID:2452
- C:\Windows\System\TDBfJBt.exe
  C:\Windows\System\TDBfJBt.exe
  2⤵
  PID:7220
- C:\Windows\System\siOdvcT.exe
  C:\Windows\System\siOdvcT.exe
  2⤵
  PID:7396
- C:\Windows\System\GuYfBFr.exe
  C:\Windows\System\GuYfBFr.exe
  2⤵
  PID:7408
- C:\Windows\System\dXPhjEW.exe
  C:\Windows\System\dXPhjEW.exe
  2⤵
  PID:7476
- C:\Windows\System\sNiZxrS.exe
  C:\Windows\System\sNiZxrS.exe
  2⤵
  PID:2080
- C:\Windows\System\pokTSff.exe
  C:\Windows\System\pokTSff.exe
  2⤵
  PID:7420
- C:\Windows\System\OzTlFZS.exe
  C:\Windows\System\OzTlFZS.exe
  2⤵
  PID:7620
- C:\Windows\System\lbrcMCi.exe
  C:\Windows\System\lbrcMCi.exe
  2⤵
  PID:7580
- C:\Windows\System\jIYjIaf.exe
  C:\Windows\System\jIYjIaf.exe
  2⤵
  PID:7680
- C:\Windows\System\GBIAJFI.exe
  C:\Windows\System\GBIAJFI.exe
  2⤵
  PID:7708
- C:\Windows\System\SuflRTa.exe
  C:\Windows\System\SuflRTa.exe
  2⤵
  PID:7764
- C:\Windows\System\ifidXix.exe
  C:\Windows\System\ifidXix.exe
  2⤵
  PID:7884
- C:\Windows\System\elRZJuJ.exe
  C:\Windows\System\elRZJuJ.exe
  2⤵
  PID:7904
- C:\Windows\System\VZynWVy.exe
  C:\Windows\System\VZynWVy.exe
  2⤵
  PID:7920
- C:\Windows\System\gIWyvuS.exe
  C:\Windows\System\gIWyvuS.exe
  2⤵
  PID:7948
- C:\Windows\System\jGchwVV.exe
  C:\Windows\System\jGchwVV.exe
  2⤵
  PID:2716
- C:\Windows\System\MryedyU.exe
  C:\Windows\System\MryedyU.exe
  2⤵
  PID:8024
- C:\Windows\System\SgroTMO.exe
  C:\Windows\System\SgroTMO.exe
  2⤵
  PID:8124
- C:\Windows\System\XsfIDAg.exe
  C:\Windows\System\XsfIDAg.exe
  2⤵
  PID:6604
- C:\Windows\System\RWenBjP.exe
  C:\Windows\System\RWenBjP.exe
  2⤵
  PID:6696
- C:\Windows\System\LrHcQEf.exe
  C:\Windows\System\LrHcQEf.exe
  2⤵
  PID:3036
- C:\Windows\System\GVQYheu.exe
  C:\Windows\System\GVQYheu.exe
  2⤵
  PID:6464
- C:\Windows\System\ollrOZL.exe
  C:\Windows\System\ollrOZL.exe
  2⤵
  PID:4084
- C:\Windows\System\YlbKAeo.exe
  C:\Windows\System\YlbKAeo.exe
  2⤵
  PID:7340
- C:\Windows\System\ayLASQf.exe
  C:\Windows\System\ayLASQf.exe
  2⤵
  PID:7480
- C:\Windows\System\rPZYuaE.exe
  C:\Windows\System\rPZYuaE.exe
  2⤵
  PID:7624
- C:\Windows\System\HkummXg.exe
  C:\Windows\System\HkummXg.exe
  2⤵
  PID:7808
- C:\Windows\System\qmTEvej.exe
  C:\Windows\System\qmTEvej.exe
  2⤵
  PID:7860
- C:\Windows\System\sbaNghI.exe
  C:\Windows\System\sbaNghI.exe
  2⤵
  PID:7848
- C:\Windows\System\aYuUeRv.exe
  C:\Windows\System\aYuUeRv.exe
  2⤵
  PID:1120
- C:\Windows\System\nAazzyt.exe
  C:\Windows\System\nAazzyt.exe
  2⤵
  PID:7992
- C:\Windows\System\NQyeUlV.exe
  C:\Windows\System\NQyeUlV.exe
  2⤵
  PID:2892
- C:\Windows\System\HxybVFT.exe
  C:\Windows\System\HxybVFT.exe
  2⤵
  PID:7180
- C:\Windows\System\QhdmIYi.exe
  C:\Windows\System\QhdmIYi.exe
  2⤵
  PID:1372
- C:\Windows\System\RDBuRCK.exe
  C:\Windows\System\RDBuRCK.exe
  2⤵
  PID:7224
- C:\Windows\System\uLhyGsf.exe
  C:\Windows\System\uLhyGsf.exe
  2⤵
  PID:2768
- C:\Windows\System\BviUsyX.exe
  C:\Windows\System\BviUsyX.exe
  2⤵
  PID:1824
- C:\Windows\System\hhPvTDG.exe
  C:\Windows\System\hhPvTDG.exe
  2⤵
  PID:2284
- C:\Windows\System\ICOpzta.exe
  C:\Windows\System\ICOpzta.exe
  2⤵
  PID:2664
- C:\Windows\System\reIUyRF.exe
  C:\Windows\System\reIUyRF.exe
  2⤵
  PID:2868
- C:\Windows\System\YSUVOVy.exe
  C:\Windows\System\YSUVOVy.exe
  2⤵
  PID:1952
- C:\Windows\System\EiRvFcf.exe
  C:\Windows\System\EiRvFcf.exe
  2⤵
  PID:804
- C:\Windows\System\YpPPOqY.exe
  C:\Windows\System\YpPPOqY.exe
  2⤵
  PID:7484
- C:\Windows\System\xLXSpBZ.exe
  C:\Windows\System\xLXSpBZ.exe
  2⤵
  PID:3000
- C:\Windows\System\hVMKxuh.exe
  C:\Windows\System\hVMKxuh.exe
  2⤵
  PID:2012
- C:\Windows\System\HiNbhJc.exe
  C:\Windows\System\HiNbhJc.exe
  2⤵
  PID:2136
- C:\Windows\System\FSUNgPK.exe
  C:\Windows\System\FSUNgPK.exe
  2⤵
  PID:7688
- C:\Windows\System\KfNVWdh.exe
  C:\Windows\System\KfNVWdh.exe
  2⤵
  PID:7780
- C:\Windows\System\sCKRrYk.exe
  C:\Windows\System\sCKRrYk.exe
  2⤵
  PID:2732
- C:\Windows\System\IOKdrnp.exe
  C:\Windows\System\IOKdrnp.exe
  2⤵
  PID:7768
- C:\Windows\System\ykkdYgM.exe
  C:\Windows\System\ykkdYgM.exe
  2⤵
  PID:2836
- C:\Windows\System\exuVBbZ.exe
  C:\Windows\System\exuVBbZ.exe
  2⤵
  PID:2876
- C:\Windows\System\TWHvIJY.exe
  C:\Windows\System\TWHvIJY.exe
  2⤵
  PID:7248
- C:\Windows\System\eejjUyQ.exe
  C:\Windows\System\eejjUyQ.exe
  2⤵
  PID:1996
- C:\Windows\System\XafKSTR.exe
  C:\Windows\System\XafKSTR.exe
  2⤵
  PID:684
- C:\Windows\System\YqvThDd.exe
  C:\Windows\System\YqvThDd.exe
  2⤵
  PID:448
- C:\Windows\System\qmNxlZL.exe
  C:\Windows\System\qmNxlZL.exe
  2⤵
  PID:2396
- C:\Windows\System\pizamBQ.exe
  C:\Windows\System\pizamBQ.exe
  2⤵
  PID:7740
- C:\Windows\System\EVgySga.exe
  C:\Windows\System\EVgySga.exe
  2⤵
  PID:1064
- C:\Windows\System\NXWUniq.exe
  C:\Windows\System\NXWUniq.exe
  2⤵
  PID:7824
- C:\Windows\System\XPWylWz.exe
  C:\Windows\System\XPWylWz.exe
  2⤵
  PID:7984
- C:\Windows\System\sncpNOk.exe
  C:\Windows\System\sncpNOk.exe
  2⤵
  PID:7844
- C:\Windows\System\BNuCCin.exe
  C:\Windows\System\BNuCCin.exe
  2⤵
  PID:2092
- C:\Windows\System\QvzALkM.exe
  C:\Windows\System\QvzALkM.exe
  2⤵
  PID:2148
- C:\Windows\System\JPeKrmq.exe
  C:\Windows\System\JPeKrmq.exe
  2⤵
  PID:8196
- C:\Windows\System\zgarjUS.exe
  C:\Windows\System\zgarjUS.exe
  2⤵
  PID:8220
- C:\Windows\System\BcSLuUc.exe
  C:\Windows\System\BcSLuUc.exe
  2⤵
  PID:8236
- C:\Windows\System\QmBaBAv.exe
  C:\Windows\System\QmBaBAv.exe
  2⤵
  PID:8256
- C:\Windows\System\OhCueNb.exe
  C:\Windows\System\OhCueNb.exe
  2⤵
  PID:8276
- C:\Windows\System\PxmECuP.exe
  C:\Windows\System\PxmECuP.exe
  2⤵
  PID:8292
- C:\Windows\System\rryKkct.exe
  C:\Windows\System\rryKkct.exe
  2⤵
  PID:8308
- C:\Windows\System\qjPJIZd.exe
  C:\Windows\System\qjPJIZd.exe
  2⤵
  PID:8324
- C:\Windows\System\YBgfnRr.exe
  C:\Windows\System\YBgfnRr.exe
  2⤵
  PID:8340
- C:\Windows\System\QqrQpUi.exe
  C:\Windows\System\QqrQpUi.exe
  2⤵
  PID:8356
- C:\Windows\System\mLlghtD.exe
  C:\Windows\System\mLlghtD.exe
  2⤵
  PID:8372
- C:\Windows\System\aLmHcUn.exe
  C:\Windows\System\aLmHcUn.exe
  2⤵
  PID:8388
- C:\Windows\System\NNdcxgd.exe
  C:\Windows\System\NNdcxgd.exe
  2⤵
  PID:8404
- C:\Windows\System\zxiNEYb.exe
  C:\Windows\System\zxiNEYb.exe
  2⤵
  PID:8424
- C:\Windows\System\zVWkQWV.exe
  C:\Windows\System\zVWkQWV.exe
  2⤵
  PID:8480
- C:\Windows\System\WahGEYd.exe
  C:\Windows\System\WahGEYd.exe
  2⤵
  PID:8504
- C:\Windows\System\hcCmklk.exe
  C:\Windows\System\hcCmklk.exe
  2⤵
  PID:8532
- C:\Windows\System\jZhIGxa.exe
  C:\Windows\System\jZhIGxa.exe
  2⤵
  PID:8552
- C:\Windows\System\URQiCTc.exe
  C:\Windows\System\URQiCTc.exe
  2⤵
  PID:8568
- C:\Windows\System\PBaUcQl.exe
  C:\Windows\System\PBaUcQl.exe
  2⤵
  PID:8584
- C:\Windows\System\mXlkFwl.exe
  C:\Windows\System\mXlkFwl.exe
  2⤵
  PID:8600
- C:\Windows\System\qEASKrb.exe
  C:\Windows\System\qEASKrb.exe
  2⤵
  PID:8616
- C:\Windows\System\VPUtTCU.exe
  C:\Windows\System\VPUtTCU.exe
  2⤵
  PID:8632
- C:\Windows\System\bPhLAAw.exe
  C:\Windows\System\bPhLAAw.exe
  2⤵
  PID:8648
- C:\Windows\System\Uqkywyb.exe
  C:\Windows\System\Uqkywyb.exe
  2⤵
  PID:8664
- C:\Windows\System\ayBCNRG.exe
  C:\Windows\System\ayBCNRG.exe
  2⤵
  PID:8680
- C:\Windows\System\WvvLqvh.exe
  C:\Windows\System\WvvLqvh.exe
  2⤵
  PID:8744
- C:\Windows\System\ajezGyg.exe
  C:\Windows\System\ajezGyg.exe
  2⤵
  PID:8760
- C:\Windows\System\lpsVYmF.exe
  C:\Windows\System\lpsVYmF.exe
  2⤵
  PID:8780
- C:\Windows\System\RBrOvlo.exe
  C:\Windows\System\RBrOvlo.exe
  2⤵
  PID:8808
- C:\Windows\System\spokNHt.exe
  C:\Windows\System\spokNHt.exe
  2⤵
  PID:8828
- C:\Windows\System\grxKpQK.exe
  C:\Windows\System\grxKpQK.exe
  2⤵
  PID:8852
- C:\Windows\System\OdAqNbK.exe
  C:\Windows\System\OdAqNbK.exe
  2⤵
  PID:8868
- C:\Windows\System\IPXHKqk.exe
  C:\Windows\System\IPXHKqk.exe
  2⤵
  PID:8892
- C:\Windows\System\Ehnnyil.exe
  C:\Windows\System\Ehnnyil.exe
  2⤵
  PID:8908
- C:\Windows\System\MsCEEIY.exe
  C:\Windows\System\MsCEEIY.exe
  2⤵
  PID:8928
- C:\Windows\System\bSOLyxW.exe
  C:\Windows\System\bSOLyxW.exe
  2⤵
  PID:8944
- C:\Windows\System\xkTYGxx.exe
  C:\Windows\System\xkTYGxx.exe
  2⤵
  PID:8968
- C:\Windows\System\vLyFBib.exe
  C:\Windows\System\vLyFBib.exe
  2⤵
  PID:8992
- C:\Windows\System\GFyBJvQ.exe
  C:\Windows\System\GFyBJvQ.exe
  2⤵
  PID:9016
- C:\Windows\System\AOoTBLe.exe
  C:\Windows\System\AOoTBLe.exe
  2⤵
  PID:9032
- C:\Windows\System\ahcYlgO.exe
  C:\Windows\System\ahcYlgO.exe
  2⤵
  PID:9052
- C:\Windows\System\TTnEFos.exe
  C:\Windows\System\TTnEFos.exe
  2⤵
  PID:9068
- C:\Windows\System\HIhIkUa.exe
  C:\Windows\System\HIhIkUa.exe
  2⤵
  PID:9084
- C:\Windows\System\mWbhQAZ.exe
  C:\Windows\System\mWbhQAZ.exe
  2⤵
  PID:9100
- C:\Windows\System\NmdojJf.exe
  C:\Windows\System\NmdojJf.exe
  2⤵
  PID:9120
- C:\Windows\System\HOjIenG.exe
  C:\Windows\System\HOjIenG.exe
  2⤵
  PID:9144
- C:\Windows\System\NjWhbhd.exe
  C:\Windows\System\NjWhbhd.exe
  2⤵
  PID:9164
- C:\Windows\System\vksENsS.exe
  C:\Windows\System\vksENsS.exe
  2⤵
  PID:9184
- C:\Windows\System\yPidpVT.exe
  C:\Windows\System\yPidpVT.exe
  2⤵
  PID:9200
- C:\Windows\System\oYeBQgk.exe
  C:\Windows\System\oYeBQgk.exe
  2⤵
  PID:7604
- C:\Windows\System\qiijALj.exe
  C:\Windows\System\qiijALj.exe
  2⤵
  PID:8252
- C:\Windows\System\KOdLyZC.exe
  C:\Windows\System\KOdLyZC.exe
  2⤵
  PID:8232
- C:\Windows\System\EaKeHax.exe
  C:\Windows\System\EaKeHax.exe
  2⤵
  PID:8300
- C:\Windows\System\mInLqaA.exe
  C:\Windows\System\mInLqaA.exe
  2⤵
  PID:8332
- C:\Windows\System\FKXVQoR.exe
  C:\Windows\System\FKXVQoR.exe
  2⤵
  PID:8396
- C:\Windows\System\HRdRHyX.exe
  C:\Windows\System\HRdRHyX.exe
  2⤵
  PID:8420
- C:\Windows\System\aUTaZTa.exe
  C:\Windows\System\aUTaZTa.exe
  2⤵
  PID:8452
- C:\Windows\System\NprkFAY.exe
  C:\Windows\System\NprkFAY.exe
  2⤵
  PID:8476
- C:\Windows\System\PCXjxgx.exe
  C:\Windows\System\PCXjxgx.exe
  2⤵
  PID:8512
- C:\Windows\System\bWWmEmg.exe
  C:\Windows\System\bWWmEmg.exe
  2⤵
  PID:8528
- C:\Windows\System\jkiyHDC.exe
  C:\Windows\System\jkiyHDC.exe
  2⤵
  PID:8548
- C:\Windows\System\ptwlRHY.exe
  C:\Windows\System\ptwlRHY.exe
  2⤵
  PID:8608
- C:\Windows\System\riImNHb.exe
  C:\Windows\System\riImNHb.exe
  2⤵
  PID:8640
- C:\Windows\System\xMJYYyU.exe
  C:\Windows\System\xMJYYyU.exe
  2⤵
  PID:8672
- C:\Windows\System\IXSXawj.exe
  C:\Windows\System\IXSXawj.exe
  2⤵
  PID:8660
- C:\Windows\System\rNRrdFl.exe
  C:\Windows\System\rNRrdFl.exe
  2⤵
  PID:8716
- C:\Windows\System\VNupvrh.exe
  C:\Windows\System\VNupvrh.exe
  2⤵
  PID:8732
- C:\Windows\System\ooDvVxs.exe
  C:\Windows\System\ooDvVxs.exe
  2⤵
  PID:8756
- C:\Windows\System\tKEzwvG.exe
  C:\Windows\System\tKEzwvG.exe
  2⤵
  PID:8796
- C:\Windows\System\TpsaIqt.exe
  C:\Windows\System\TpsaIqt.exe
  2⤵
  PID:8820
- C:\Windows\System\WHHqSOv.exe
  C:\Windows\System\WHHqSOv.exe
  2⤵
  PID:8860
- C:\Windows\System\IoAGBLo.exe
  C:\Windows\System\IoAGBLo.exe
  2⤵
  PID:8888
- C:\Windows\System\gcqfRDa.exe
  C:\Windows\System\gcqfRDa.exe
  2⤵
  PID:8952
- C:\Windows\System\TLkVHFD.exe
  C:\Windows\System\TLkVHFD.exe
  2⤵
  PID:8956
- C:\Windows\System\RtmEyuq.exe
  C:\Windows\System\RtmEyuq.exe
  2⤵
  PID:9004
- C:\Windows\System\hZaPvQU.exe
  C:\Windows\System\hZaPvQU.exe
  2⤵
  PID:9060
- C:\Windows\System\JhTUbYs.exe
  C:\Windows\System\JhTUbYs.exe
  2⤵
  PID:9040
- C:\Windows\System\MotsOSB.exe
  C:\Windows\System\MotsOSB.exe
  2⤵
  PID:9028
- C:\Windows\System\aSSEaxT.exe
  C:\Windows\System\aSSEaxT.exe
  2⤵
  PID:9156
- C:\Windows\System\FjKgYLQ.exe
  C:\Windows\System\FjKgYLQ.exe
  2⤵
  PID:9196
- C:\Windows\System\uInrqUs.exe
  C:\Windows\System\uInrqUs.exe
  2⤵
  PID:8208
- C:\Windows\System\CdTYKvW.exe
  C:\Windows\System\CdTYKvW.exe
  2⤵
  PID:592
- C:\Windows\System\mpeznoI.exe
  C:\Windows\System\mpeznoI.exe
  2⤵
  PID:3016
- C:\Windows\System\lkYirxx.exe
  C:\Windows\System\lkYirxx.exe
  2⤵
  PID:8400
- C:\Windows\System\qGFOwOa.exe
  C:\Windows\System\qGFOwOa.exe
  2⤵
  PID:8416
- C:\Windows\System\hOhyxyK.exe
  C:\Windows\System\hOhyxyK.exe
  2⤵
  PID:8444
- C:\Windows\System\CpgBazH.exe
  C:\Windows\System\CpgBazH.exe
  2⤵
  PID:8564
- C:\Windows\System\cDoadbn.exe
  C:\Windows\System\cDoadbn.exe
  2⤵
  PID:8468
- C:\Windows\System\PvMmfjk.exe
  C:\Windows\System\PvMmfjk.exe
  2⤵
  PID:8576
- C:\Windows\System\UlgJcCi.exe
  C:\Windows\System\UlgJcCi.exe
  2⤵
  PID:8628
- C:\Windows\System\QjVoqBV.exe
  C:\Windows\System\QjVoqBV.exe
  2⤵
  PID:8772
- C:\Windows\System\PWTxOpl.exe
  C:\Windows\System\PWTxOpl.exe
  2⤵
  PID:8900
- C:\Windows\System\FaqVCqI.exe
  C:\Windows\System\FaqVCqI.exe
  2⤵
  PID:8712
- C:\Windows\System\YNatcDz.exe
  C:\Windows\System\YNatcDz.exe
  2⤵
  PID:8904
- C:\Windows\System\uViWcwC.exe
  C:\Windows\System\uViWcwC.exe
  2⤵
  PID:8816
- C:\Windows\System\rXmHRGr.exe
  C:\Windows\System\rXmHRGr.exe
  2⤵
  PID:8980
- C:\Windows\System\SzMnPnQ.exe
  C:\Windows\System\SzMnPnQ.exe
  2⤵
  PID:8960
- C:\Windows\System\zCLeukP.exe
  C:\Windows\System\zCLeukP.exe
  2⤵
  PID:9192
- C:\Windows\System\cOnVXPn.exe
  C:\Windows\System\cOnVXPn.exe
  2⤵
  PID:8500
- C:\Windows\System\tikDDxY.exe
  C:\Windows\System\tikDDxY.exe
  2⤵
  PID:8964
- C:\Windows\System\lLVfTIQ.exe
  C:\Windows\System\lLVfTIQ.exe
  2⤵
  PID:9212
- C:\Windows\System\YWOlGmC.exe
  C:\Windows\System\YWOlGmC.exe
  2⤵
  PID:9140
- C:\Windows\System\QideGSy.exe
  C:\Windows\System\QideGSy.exe
  2⤵
  PID:8596
- C:\Windows\System\vwfvfJk.exe
  C:\Windows\System\vwfvfJk.exe
  2⤵
  PID:8520
- C:\Windows\System\FeyZZbq.exe
  C:\Windows\System\FeyZZbq.exe
  2⤵
  PID:8700
- C:\Windows\System\dBZRiec.exe
  C:\Windows\System\dBZRiec.exe
  2⤵
  PID:8848
- C:\Windows\System\qLBQQgg.exe
  C:\Windows\System\qLBQQgg.exe
  2⤵
  PID:8724
- C:\Windows\System\ccOFlfE.exe
  C:\Windows\System\ccOFlfE.exe
  2⤵
  PID:8876
- C:\Windows\System\HSDNIpF.exe
  C:\Windows\System\HSDNIpF.exe
  2⤵
  PID:9024
- C:\Windows\System\fPieYjD.exe
  C:\Windows\System\fPieYjD.exe
  2⤵
  PID:8212
- C:\Windows\System\NHopxHN.exe
  C:\Windows\System\NHopxHN.exe
  2⤵
  PID:8352
- C:\Windows\System\sgJmnsC.exe
  C:\Windows\System\sgJmnsC.exe
  2⤵
  PID:8284
- C:\Windows\System\yCQDCXP.exe
  C:\Windows\System\yCQDCXP.exe
  2⤵
  PID:9208
- C:\Windows\System\ycpJdlF.exe
  C:\Windows\System\ycpJdlF.exe
  2⤵
  PID:8368
- C:\Windows\System\Ndavksn.exe
  C:\Windows\System\Ndavksn.exe
  2⤵
  PID:8800
- C:\Windows\System\FrsrKjw.exe
  C:\Windows\System\FrsrKjw.exe
  2⤵
  PID:9128
- C:\Windows\System\qztiRMg.exe
  C:\Windows\System\qztiRMg.exe
  2⤵
  PID:9160
- C:\Windows\System\eAiDmgF.exe
  C:\Windows\System\eAiDmgF.exe
  2⤵
  PID:8316
- C:\Windows\System\OCcneqr.exe
  C:\Windows\System\OCcneqr.exe
  2⤵
  PID:9240
- C:\Windows\System\aZRbELU.exe
  C:\Windows\System\aZRbELU.exe
  2⤵
  PID:9260
- C:\Windows\System\mzOXEFV.exe
  C:\Windows\System\mzOXEFV.exe
  2⤵
  PID:9276
- C:\Windows\System\BFuGbNY.exe
  C:\Windows\System\BFuGbNY.exe
  2⤵
  PID:9296
- C:\Windows\System\imcYuKF.exe
  C:\Windows\System\imcYuKF.exe
  2⤵
  PID:9312
- C:\Windows\System\aqIrunb.exe
  C:\Windows\System\aqIrunb.exe
  2⤵
  PID:9328
- C:\Windows\System\msBgrBs.exe
  C:\Windows\System\msBgrBs.exe
  2⤵
  PID:9344
- C:\Windows\System\kXurAAm.exe
  C:\Windows\System\kXurAAm.exe
  2⤵
  PID:9420
- C:\Windows\System\KZpticY.exe
  C:\Windows\System\KZpticY.exe
  2⤵
  PID:9444
- C:\Windows\System\bfwZSWY.exe
  C:\Windows\System\bfwZSWY.exe
  2⤵
  PID:9484
- C:\Windows\System\DUUOCgB.exe
  C:\Windows\System\DUUOCgB.exe
  2⤵
  PID:9508
- C:\Windows\System\OmdMmDJ.exe
  C:\Windows\System\OmdMmDJ.exe
  2⤵
  PID:9524
- C:\Windows\System\wPuPmOA.exe
  C:\Windows\System\wPuPmOA.exe
  2⤵
  PID:9544
- C:\Windows\System\TXeOjen.exe
  C:\Windows\System\TXeOjen.exe
  2⤵
  PID:9560
- C:\Windows\System\nuYNktA.exe
  C:\Windows\System\nuYNktA.exe
  2⤵
  PID:9576
- C:\Windows\System\JZRxwYC.exe
  C:\Windows\System\JZRxwYC.exe
  2⤵
  PID:9592
- C:\Windows\System\PzpvmAk.exe
  C:\Windows\System\PzpvmAk.exe
  2⤵
  PID:9608
- C:\Windows\System\SoTscoj.exe
  C:\Windows\System\SoTscoj.exe
  2⤵
  PID:9624
- C:\Windows\System\brPpVeS.exe
  C:\Windows\System\brPpVeS.exe
  2⤵
  PID:9640
- C:\Windows\System\bPsiPze.exe
  C:\Windows\System\bPsiPze.exe
  2⤵
  PID:9656
- C:\Windows\System\WxYMbbX.exe
  C:\Windows\System\WxYMbbX.exe
  2⤵
  PID:9672
- C:\Windows\System\YccvLGL.exe
  C:\Windows\System\YccvLGL.exe
  2⤵
  PID:9688
- C:\Windows\System\kANcZRz.exe
  C:\Windows\System\kANcZRz.exe
  2⤵
  PID:9704
- C:\Windows\System\rYrvsVf.exe
  C:\Windows\System\rYrvsVf.exe
  2⤵
  PID:9724
- C:\Windows\System\yBhnCvo.exe
  C:\Windows\System\yBhnCvo.exe
  2⤵
  PID:9756
- C:\Windows\System\PXFyIFy.exe
  C:\Windows\System\PXFyIFy.exe
  2⤵
  PID:9772
- C:\Windows\System\WAXhuEu.exe
  C:\Windows\System\WAXhuEu.exe
  2⤵
  PID:9792
- C:\Windows\System\EReLBNU.exe
  C:\Windows\System\EReLBNU.exe
  2⤵
  PID:9808
- C:\Windows\System\AzlEzkh.exe
  C:\Windows\System\AzlEzkh.exe
  2⤵
  PID:9828
- C:\Windows\System\grDQEvs.exe
  C:\Windows\System\grDQEvs.exe
  2⤵
  PID:9848
- C:\Windows\System\mMreZTR.exe
  C:\Windows\System\mMreZTR.exe
  2⤵
  PID:9868
- C:\Windows\System\yvuFTui.exe
  C:\Windows\System\yvuFTui.exe
  2⤵
  PID:9884
- C:\Windows\System\JKkEXMV.exe
  C:\Windows\System\JKkEXMV.exe
  2⤵
  PID:9904
- C:\Windows\System\WakiTbt.exe
  C:\Windows\System\WakiTbt.exe
  2⤵
  PID:9920
- C:\Windows\System\pdzRucI.exe
  C:\Windows\System\pdzRucI.exe
  2⤵
  PID:9936
- C:\Windows\System\jnSjFpy.exe
  C:\Windows\System\jnSjFpy.exe
  2⤵
  PID:9952
- C:\Windows\System\BHnoyxM.exe
  C:\Windows\System\BHnoyxM.exe
  2⤵
  PID:9968
- C:\Windows\System\cggmrZU.exe
  C:\Windows\System\cggmrZU.exe
  2⤵
  PID:9984
- C:\Windows\System\UeZlHRj.exe
  C:\Windows\System\UeZlHRj.exe
  2⤵
  PID:10008
- C:\Windows\System\xqPDzkS.exe
  C:\Windows\System\xqPDzkS.exe
  2⤵
  PID:10024
- C:\Windows\System\ZkcLWFZ.exe
  C:\Windows\System\ZkcLWFZ.exe
  2⤵
  PID:10040
- C:\Windows\System\qjmTFfC.exe
  C:\Windows\System\qjmTFfC.exe
  2⤵
  PID:10056
- C:\Windows\System\nQUBJlE.exe
  C:\Windows\System\nQUBJlE.exe
  2⤵
  PID:10136
- C:\Windows\System\ankNsrl.exe
  C:\Windows\System\ankNsrl.exe
  2⤵
  PID:10152
- C:\Windows\System\eLrkpCq.exe
  C:\Windows\System\eLrkpCq.exe
  2⤵
  PID:10176
- C:\Windows\System\cEjzBPV.exe
  C:\Windows\System\cEjzBPV.exe
  2⤵
  PID:10196
- C:\Windows\System\hZrOGpF.exe
  C:\Windows\System\hZrOGpF.exe
  2⤵
  PID:10216
- C:\Windows\System\TaojwOO.exe
  C:\Windows\System\TaojwOO.exe
  2⤵
  PID:8776
- C:\Windows\System\jgOgZvS.exe
  C:\Windows\System\jgOgZvS.exe
  2⤵
  PID:9176
- C:\Windows\System\kPGueqT.exe
  C:\Windows\System\kPGueqT.exe
  2⤵
  PID:8936
- C:\Windows\System\WcPjpVn.exe
  C:\Windows\System\WcPjpVn.exe
  2⤵
  PID:8264
- C:\Windows\System\MbzmlXe.exe
  C:\Windows\System\MbzmlXe.exe
  2⤵
  PID:8544
- C:\Windows\System\FjxXITD.exe
  C:\Windows\System\FjxXITD.exe
  2⤵
  PID:9224
- C:\Windows\System\JpyJErp.exe
  C:\Windows\System\JpyJErp.exe
  2⤵
  PID:9268
- C:\Windows\System\WxuLOwq.exe
  C:\Windows\System\WxuLOwq.exe
  2⤵
  PID:9284
- C:\Windows\System\xbEqOWB.exe
  C:\Windows\System\xbEqOWB.exe
  2⤵
  PID:9324
- C:\Windows\System\tevmzqE.exe
  C:\Windows\System\tevmzqE.exe
  2⤵
  PID:9352
- C:\Windows\System\apxDtMK.exe
  C:\Windows\System\apxDtMK.exe
  2⤵
  PID:9468
- C:\Windows\System\QPekYoo.exe
  C:\Windows\System\QPekYoo.exe
  2⤵
  PID:9480
- C:\Windows\System\sYJjdow.exe
  C:\Windows\System\sYJjdow.exe
  2⤵
  PID:9504
- C:\Windows\System\SCImXLA.exe
  C:\Windows\System\SCImXLA.exe
  2⤵
  PID:9552
- C:\Windows\System\ZKJDEel.exe
  C:\Windows\System\ZKJDEel.exe
  2⤵
  PID:9620
- C:\Windows\System\UPiWBPG.exe
  C:\Windows\System\UPiWBPG.exe
  2⤵
  PID:9712
- C:\Windows\System\ZqtqZqz.exe
  C:\Windows\System\ZqtqZqz.exe
  2⤵
  PID:9800
- C:\Windows\System\jZTyaJp.exe
  C:\Windows\System\jZTyaJp.exe
  2⤵
  PID:9876
- C:\Windows\System\nusvaIG.exe
  C:\Windows\System\nusvaIG.exe
  2⤵
  PID:9816
- C:\Windows\System\gEIsXOt.exe
  C:\Windows\System\gEIsXOt.exe
  2⤵
  PID:9572
- C:\Windows\System\ehvwLIr.exe
  C:\Windows\System\ehvwLIr.exe
  2⤵
  PID:9668
- C:\Windows\System\UDoLQjG.exe
  C:\Windows\System\UDoLQjG.exe
  2⤵
  PID:9748
- C:\Windows\System\qgLMhKq.exe
  C:\Windows\System\qgLMhKq.exe
  2⤵
  PID:9568
- C:\Windows\System\GMheRNp.exe
  C:\Windows\System\GMheRNp.exe
  2⤵
  PID:9700
- C:\Windows\System\knejzkK.exe
  C:\Windows\System\knejzkK.exe
  2⤵
  PID:9780
- C:\Windows\System\MnLokHd.exe
  C:\Windows\System\MnLokHd.exe
  2⤵
  PID:9928
- C:\Windows\System\crzsAKc.exe
  C:\Windows\System\crzsAKc.exe
  2⤵
  PID:9944
- C:\Windows\System\dOqzuHg.exe
  C:\Windows\System\dOqzuHg.exe
  2⤵
  PID:10004
- C:\Windows\System\dbaxFsg.exe
  C:\Windows\System\dbaxFsg.exe
  2⤵
  PID:10036
- C:\Windows\System\RiZIsJl.exe
  C:\Windows\System\RiZIsJl.exe
  2⤵
  PID:10016
- C:\Windows\System\xyJEGlS.exe
  C:\Windows\System\xyJEGlS.exe
  2⤵
  PID:10124
- C:\Windows\System\uOlNOlB.exe
  C:\Windows\System\uOlNOlB.exe
  2⤵
  PID:10212
- C:\Windows\System\liFKgqJ.exe
  C:\Windows\System\liFKgqJ.exe
  2⤵
  PID:10228
- C:\Windows\System\BaYFgUd.exe
  C:\Windows\System\BaYFgUd.exe
  2⤵
  PID:9180
- C:\Windows\System\RmcYiqO.exe
  C:\Windows\System\RmcYiqO.exe
  2⤵
  PID:8940
- C:\Windows\System\LhYhtgf.exe
  C:\Windows\System\LhYhtgf.exe
  2⤵
  PID:8216
- C:\Windows\System\YuiYJGw.exe
  C:\Windows\System\YuiYJGw.exe
  2⤵
  PID:9292
- C:\Windows\System\pWleRAV.exe
  C:\Windows\System\pWleRAV.exe
  2⤵
  PID:9340
- C:\Windows\System\ofDPNCk.exe
  C:\Windows\System\ofDPNCk.exe
  2⤵
  PID:9400
- C:\Windows\System\mjxsJBG.exe
  C:\Windows\System\mjxsJBG.exe
  2⤵
  PID:9464
- C:\Windows\System\wWgVPge.exe
  C:\Windows\System\wWgVPge.exe
  2⤵
  PID:9412
- C:\Windows\System\doMHQjl.exe
  C:\Windows\System\doMHQjl.exe
  2⤵
  PID:9616
- C:\Windows\System\LNLlsut.exe
  C:\Windows\System\LNLlsut.exe
  2⤵
  PID:9492
- C:\Windows\System\hBqNVLh.exe
  C:\Windows\System\hBqNVLh.exe
  2⤵
  PID:9764
- C:\Windows\System\WZjrtxs.exe
  C:\Windows\System\WZjrtxs.exe
  2⤵
  PID:9540
- C:\Windows\System\brnBiQe.exe
  C:\Windows\System\brnBiQe.exe
  2⤵
  PID:9896
- C:\Windows\System\fnsLvof.exe
  C:\Windows\System\fnsLvof.exe
  2⤵
  PID:9752
- C:\Windows\System\viaOclD.exe
  C:\Windows\System\viaOclD.exe
  2⤵
  PID:9740
- C:\Windows\System\qZyHVmq.exe
  C:\Windows\System\qZyHVmq.exe
  2⤵
  PID:9996
- C:\Windows\System\cbpHiSm.exe
  C:\Windows\System\cbpHiSm.exe
  2⤵
  PID:10020
- C:\Windows\System\qqKwNIw.exe
  C:\Windows\System\qqKwNIw.exe
  2⤵
  PID:10092
- C:\Windows\System\OcoztCt.exe
  C:\Windows\System\OcoztCt.exe
  2⤵
  PID:10112
- C:\Windows\System\iAmSUXk.exe
  C:\Windows\System\iAmSUXk.exe
  2⤵
  PID:10148
- C:\Windows\System\AuJDusI.exe
  C:\Windows\System\AuJDusI.exe
  2⤵
  PID:10172
- C:\Windows\System\uYVMxSC.exe
  C:\Windows\System\uYVMxSC.exe
  2⤵
  PID:10232
- C:\Windows\System\MWuVeGq.exe
  C:\Windows\System\MWuVeGq.exe
  2⤵
  PID:9236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AoapOpY.exe

Filesize
6.0MB

MD5
29ab0ce68bbb50817a07b09f2a32e0e8

SHA1
34575a761301a37570d6f3fff7b4da9aad5aceb4

SHA256
b36276e7a9959d1d01304f9ea2f44517ae35143512ed06863c99053c5c35b1f6

SHA512
87518e2bdb9c475de9c50c2a22592b81f11cc13180185ee3e87312f02ab14ff4b6540a4095389273c0c09df04848665720060ecd0799dd56aec68a663a9c3fe5

Download Submit
C:\Windows\system\ChoGLcW.exe

Filesize
6.0MB

MD5
da46547a6704fe15188559a318769027

SHA1
d121ec9133effa20b7a3b455bd4843b2768174b2

SHA256
856851855e204977ebb07584d91925990e790160d8be37082a3e4e25ef3ffca1

SHA512
c6bbc789ec739393683c664aa28f0e71dfdcbb18865c8b662078c943b4074c74fd9e1d91cd181706f0ff7a26a407c5a2efa612290d795dd47e94b1f260fdf4c6

Download Submit
C:\Windows\system\EubnQZi.exe

Filesize
6.0MB

MD5
b30ec5c97724bd8d3ba07a94699cc135

SHA1
9bed14a797709d8b2b1af976c4d26067ec299e7c

SHA256
44714f068524223f70950c0f4a5d149a844088b1f86c6c01258576c8a93ee4f8

SHA512
f9253975161ec633cfa77fa06c7f67755f065148a1f259db4b2b3efbbabdddecf1f1b3309772fc0fbf3a7078f7854ea2b7c304260f379c835452fba390939b5a

Download Submit
C:\Windows\system\FDWWZSd.exe

Filesize
6.0MB

MD5
108e14a027a9980005bf79f4456c92a1

SHA1
0d09dfa3a22d85d84fcdf127b09bc3a40f438c8e

SHA256
b5a2e9bf463e9854ff6f945ebcb1736261fd3d8a966cd23fa5c1bf10609cfbda

SHA512
68910ec631984e8107d7694f9315086a726e3babbea63ef4d2cbd473cd39dc232721265937d40a95b53b8977c3e29c952cdd10e05d59cc41fdf71fd0bc63cfc3

Download Submit
C:\Windows\system\IYqCFEf.exe

Filesize
6.0MB

MD5
b8f46b92543f2768d22e6c9595565964

SHA1
f1fb5768f709934649d8e169439ed4f65ed8fe78

SHA256
cae3f5e0012dc786a27274ed3e6e5a2b9cc31dcd7d8e4a9ddee4633ef8cdefb0

SHA512
70dd2962111ef0721970c5233b3e57bf9735155448fb5619a13465ce2fd239319ca75e0cc90a1d3bfbba8a9f64adb5daf8e812a209f34fced469f2a95fe947de

Download Submit
C:\Windows\system\KhLqkzx.exe

Filesize
6.0MB

MD5
5894bd55e8f0342a7b9d62c0b8dd4daf

SHA1
e8e6bbea3d13f4c62e072b3d90fe194c81e46cf3

SHA256
692f2a0511ab78b1813748d15e16822658937e4fed7a7c0ef488c1f19f4f69a6

SHA512
59426ab4e631670ed00d1db075b19d5b0d94f6d7010f3c58ea25d2846525d590ab5f4d0de51706e57f55aee9d90203d8800cfe5cb1f6a5e7768a5c37daacb0a5

Download Submit
C:\Windows\system\PiZxCsc.exe

Filesize
6.0MB

MD5
6e5afae316235f8367d6b54994581a57

SHA1
748c197c579804d07e78d6fbbf16015ec65b22f5

SHA256
cb883254410500573c6ea674000e9677363db6d52ffc455d3e3de83f37689966

SHA512
86185ef205a00ca85df2e1a97d22e5ca6bd154bd74f906f9b1b7043b572cda6279639c2a054a9b6fe944bc682f8e765c4aefe54bdd1856f382a608e1da432b27

Download Submit
C:\Windows\system\PrRUryr.exe

Filesize
6.0MB

MD5
9a7b3d3557ca38db700a426ceb4273c8

SHA1
91cd92175e88ed69389e23166830942fdec399dc

SHA256
187036dd81c373698a19ba4b7f35243bbb6eaa619dce537eec6481c480c1a400

SHA512
d15a9c77a3cca53836f898f3d34d5bdb8400e45e2908c87b2f2c43a80ba02bed9d849e39a8a1acb09f60af3acec71be0fb523a68c64304b287030348d7f19a6e

Download Submit
C:\Windows\system\QMvUSWc.exe

Filesize
6.0MB

MD5
2dea95a3cbc13a88c43b77221354d33e

SHA1
e412628034a517b2157fc3acac5db4fbacd79caf

SHA256
c1582c586c82e7abd39d8017183fd062824f3d43116e2f549da1b4f805d542dd

SHA512
002194ffa4b161ba4db67f8159972d191a2dea5f1bf52108327ae74b002491e3b00f2eb9f4335a1527f04636752dbb72bf6301f018830c7d564f20cd61310ef3

Download Submit
C:\Windows\system\QPrlDzL.exe

Filesize
6.0MB

MD5
1b920b404e855c38184b30f07e6d2482

SHA1
86371b9662827164582ac2339b1e03b7b25539cd

SHA256
52dc90d283a7f84a2a4bd42060cf97612f014f4fc39f6903ea921916b27af331

SHA512
9d218f64521ed0bd37b0cd46853a75c658c89c33dd39124db2b474c58b8bc9bb2bfe15987bedeed84ed0375b52d1558d1b978a4c7692c059825020dbb951d7af

Download Submit
C:\Windows\system\VwnPkgD.exe

Filesize
6.0MB

MD5
8a2cf4e7665b08b674435d0800012176

SHA1
d3e579c7df9030607794e1a2573c8ffb5836124d

SHA256
caa905cc9bfa515129c0a9af1cb054475a7c29b7296ac9d3622994ebc71bf049

SHA512
a8d7f71e96821c0d1afae311ffd01ef7586472b17ae2593d2a61e2a64e050204b3dc75ac797c7664de17fbd30f79701e33fdc6fee725f6dde841778829c13346

Download Submit
C:\Windows\system\YmKEKiC.exe

Filesize
6.0MB

MD5
6a9852055a0528a89d35b82331f8cd98

SHA1
861bfb5dd36fd5bd0d055f219122da4c7a7b47b5

SHA256
308c5aadf6789a45b63b7293d201c77a729814d8ac50016edeecf8cb04bcb4c1

SHA512
dc2dd7a5f5e8f32f0aca01aa904f63e115fa3ee9c9ba648d2c1684b539cbe16b097a5cc110e5831fdea2f8bcdb6724a9570c7682d97fd5a8980b4661d3bfb540

Download Submit
C:\Windows\system\artJGso.exe

Filesize
6.0MB

MD5
77dbcad74bb2f749f1598c88fcb56139

SHA1
8c4a5e7aca9a04b664fede7887648bcb437aeff7

SHA256
0356af669e60fc42b2d5ff9a83fe913057eaf08e4248b6f37fafb346e60699f3

SHA512
0fb40184ec0a5e9d3cd5f200fd8c4a3c25f22a599b35bbcbef009dc14a4db166124ddd3918b5d377408270bcea0aef73b36906cc592ac73b8a5b5214613fe9f2

Download Submit
C:\Windows\system\dqdgiAH.exe

Filesize
6.0MB

MD5
861362f04920115fd61abb51875c9941

SHA1
5a6754e4eab04a7575026ef27408271f96070fde

SHA256
7a657f01388ac3bd8438cd110a096a36a28803747af8e5fa620b021621824200

SHA512
acd6f689b1bbf5e429bb5dbad2cc51cba4709f3c9dfee44bbb07c97a7780f87d76ca9a9e645f21deccc2b35c20990079ef96463700644eaf6b41c8a17830e4bb

Download Submit
C:\Windows\system\efzhBIE.exe

Filesize
6.0MB

MD5
854379466534bbfde373147316e84e16

SHA1
4967a58a7ac6b0711640f0c6b29c747e1447d65d

SHA256
916a4821e23289be8dfecc0c87f9eaf9df8291d554d8f2947230d6f10f4dc3d1

SHA512
35cd93fb5def14bfb09de7869bb93927f2c1b2e5c8731217676b3c7734cfef794d250542e450a3b4fdbe0be08c415e994556968622d11d2070b7c5e3e62e238e

Download Submit
C:\Windows\system\hQPblpj.exe

Filesize
6.0MB

MD5
2a80ea39e60ddd0521a5042bb2ea70fb

SHA1
60c6f706dd67050bc68a9885eae3d0a45d35ca1a

SHA256
58b64e1731166e3c6fb03f09b78f206c0567eaac3977c598aeaaf41f9664315f

SHA512
eda64c555979dbec484968fd1e8d13303323bb3ccf9df351a0388a5651ad5c6c52e3944a738a7c89a1b189ddbddceb27f83d9b8fe41f6e326beed0e6cb36c28b

Download Submit
C:\Windows\system\jzYuBtv.exe

Filesize
6.0MB

MD5
1400433dd0d17f0fb3f0ac017fe6c920

SHA1
998229281900b23a506fee34546140039617c52a

SHA256
5ec300cd61ba02fe5e1be4ebc1a7a65bb5663403ce3993483bb795f5665a1b25

SHA512
c26196d0777b4bb35e9015c75eb208d231477046634fa549aa55cf490bb3a42f0b86adafb95e5560339c8108fa2f7e28e37d1e01d0cf323fc4e70e86ca775bb0

Download Submit
C:\Windows\system\nTpFDgF.exe

Filesize
6.0MB

MD5
6ead4e3a9fa8adfe20a8f0027ffcfe16

SHA1
647827937d4075725d493f1a6b4306ffdf4fdbc2

SHA256
3a9b9afa436ee2b5de1f004b68c75b520c8e2074b13a0e8568ceebeb9d2fdda7

SHA512
881a4684344f28f9eb165e479dd8e5fc37a62b7411643c691cb09b2b2779eeeb7893807f19fa473f669b4aa543ae12014e8dd09b187e6c65ae365209dedd1242

Download Submit
C:\Windows\system\oHqgTpY.exe

Filesize
6.0MB

MD5
7d8386e770f4bb5e60f238ec38a15904

SHA1
628c777d1b3faffe482d8790b4fe9e704c5f02bf

SHA256
e3092aaeb2df355794324847b8acae309195ce72fe7af093e1d24af248ce7e10

SHA512
0793ff8b9e6edb7b924294b1085bfacb866027c9f5b4791c5774f213fe3ac8ae06e464dbacde037299db4cde8911d29b194e28cc0945b876791626b5ee04c1d5

Download Submit
C:\Windows\system\qhlcVuZ.exe

Filesize
6.0MB

MD5
20693d090398f0421816608e13f56d0f

SHA1
e955f169e82443e64a4ede989e76011da9819408

SHA256
fce1257f9d9e0d6b628a26df546d8511b075d70ba1a91c1c1a20e704337c38b0

SHA512
40655d9b94237561d7de6d7774b94edb53289a45f0700dd298d8f25e8722e0bee0453ffcbe7456af8a70b04d8b79d65d2d5b717a7523d472aec372ba50f1b6f1

Download Submit
C:\Windows\system\rOaIvZs.exe

Filesize
6.0MB

MD5
f73649059681cfb3b0127dc905a6e6a6

SHA1
29fcfb206bed9de3bc2130ae7a7d5eb4802723b7

SHA256
9c3a77c7966bf4bcce99539db93610fb751b6f034c683763c07090b20aef8b48

SHA512
ac877b56032c1099dacd96b0ee6a8e96581ecd05b6181d54c12e2493690fb75c26a8fff980f6374b92c33b80a1f5f75954a734ddb5c63022e41f79685ba36b23

Download Submit
C:\Windows\system\spBbcPv.exe

Filesize
6.0MB

MD5
90a276b5711759809f69085602ba8dfc

SHA1
a63e68a42dd3ab216caa092ed242793e74cf6cf6

SHA256
edea96b7e6e22b1f39891c187c990c5e8c1b0a6b2f2d58c88880a9ed42841842

SHA512
ff5e33d8bf21e59bcd67761f391d3680a971594e2472164a5ca7cf82484b1ab56f24a917410f400d64b068b5156677167f21e531b04d34b5d10250910f1f55a3

Download Submit
C:\Windows\system\vZeGzOi.exe

Filesize
6.0MB

MD5
d63c2eb99750d3a80014eb70b9a72e6c

SHA1
6494fb463a6e25e20d0554579b75c5bfe5e6e48a

SHA256
ca1c7a893956da79e50c1c06156ea45cbb9587c0e05b0e113993b7743f28ccbe

SHA512
0b926e2f096d6f338718e9e1469a17dc42c220348cdf5d5ab46168a79798bed8e6c7bcb8964917cabe3ba9b79594e29afedebbfa8b126505b79e6bb57aef85cb

Download Submit
C:\Windows\system\zSUWxSG.exe

Filesize
6.0MB

MD5
e9d6aad4533d37b398f72b45f6834ac0

SHA1
d9084cc94047aa080c392aa02257d527d4d05881

SHA256
4092a3828480657914c647f6f56aec135ac0da28db431fdf1bb48e11723c1bbb

SHA512
9924d4b53711b8d2cd101f5b775146724c6b118e80f828ee4ce64baaf0babc931c2566613e25cf1d0147fe5fc27c6726ac594aeb1b09913f253530d4796366b4

Download Submit
C:\Windows\system\zfMYDbj.exe

Filesize
6.0MB

MD5
d4bb05a46c404977935d5204a5da1c61

SHA1
720fc9dfbb83f84f9187006fbd377879473ae025

SHA256
2967610f60b1f677d329ac74a0a526487437e6ed900614e2de5f55665e9dda84

SHA512
5c8da4ff42460e5fe938ba3014f0daf3510a45f5ca7d4a553d3cc2255eb1e922d0c51a5b86856bf03ae9fe3881ccc1268e957843c96b42903099f22fce28cdd6

Download Submit
\Windows\system\BbalRJS.exe

Filesize
6.0MB

MD5
c5d367a22c2a0bf2190c4c63206dc0a9

SHA1
c5ec432035dc7335072fd15b3f264aab16555bc7

SHA256
823477fcdd841b4863b0fb500ab1cd1d0d5590ff4526d771a2347e79264a95ad

SHA512
ec525bad5c29a8427e48bfe699fdb4688ed48b8abb7b1ac5c315217e3ff51f96131e950bdbaae987ee864ef102e783ee4de886427df8a376b3f53266eb1b001e

Download Submit
\Windows\system\HLIDaQK.exe

Filesize
6.0MB

MD5
af2bc5c11d25e98a8aba666132b9158f

SHA1
df09754fc474092104d5054cf14aaa7c68289259

SHA256
24d9d9a1830e078dfe62e2e10d0bde1b0852b347c78818f819103302321f2663

SHA512
b6426605f09a1c77a4657a4f136c8bc2bd7770256d63b4afdcf01e5783af483fa8a2e66ffd44b691a150799265d94bdad12b356a8a0372f773b1ba30d164828e

Download Submit
\Windows\system\JHWnkjD.exe

Filesize
6.0MB

MD5
76a51d41e0581f8184e6540ca556110e

SHA1
b2e174b15231ee8a232bb0d8828a6c297e628e22

SHA256
f3f8b62d703141f108b72dde143994ce8b90e4afd57fe6449e4bb499069d2f6b

SHA512
3d366293abad3dad2940fb894e4635334d9cd96e3d95e0d5f55e5930e28476fbb4218700a6497b03e54dbb392c4a43ef44d0ff94effd23cadaab36ca9c082973

Download Submit
\Windows\system\JJXvUeC.exe

Filesize
6.0MB

MD5
ad98c12f94e9492805095ff33c55ddc9

SHA1
c098c32846f16aea401fe15d30399dcdc2c66e12

SHA256
9e543b58ad2e6016e29ba9e3ce120204050933d1b3b522fb0929b734cbf99856

SHA512
bcaabb43dd93b31d1494edee4c0701b3012f7487626bf101d63b29f34eff66e7e1d5ae33bbfe1baa5ace7d9fa37c2224822116398e95209f9fb510d519142699

Download Submit
\Windows\system\cqafZjA.exe

Filesize
6.0MB

MD5
fef12f72de8a6b13273d5a8e66ab6ca7

SHA1
71e4a15d2472c5c9067914d373a318bd5bdf42c6

SHA256
c089ab5889413edb3820b2becf5edf705a8766f41abd8e644abe48517ffbec69

SHA512
ba5adcb29976353431b51714ca00a904495327144e11ffd8c512cac42bf36f245ebc6ee44889265b82b1c9b5d14dfae5f38fa936e932ef5da2808a9b1604007c

Download Submit
\Windows\system\lFLHAFp.exe

Filesize
6.0MB

MD5
68a1fff5af2fdfa15b39b35cc754a912

SHA1
45a2f4c5bf049bed375a493588b1afcb7a75bcf1

SHA256
e0a74db9947adb355105cf308e5a07244d819bedb63ade7a2749278fb37fe0f7

SHA512
a685170a14a6157a6427938d483c0fb6ae52ba8af6ab48c8551c938325d94bc27a68477cb2af5ee7eb89b43b3ace109060af448ed69bc236a1d4413a2d258e45

Download Submit
\Windows\system\ovMlqpO.exe

Filesize
6.0MB

MD5
69051d53269f85dfc49671619da4a509

SHA1
266fc287438472004fb923746e13e19ff25b085c

SHA256
ec8e0dd4e52cd5a0c0a3465eff1ae8d4ab2c055327f81d33b30991093b7b5fcf

SHA512
12518121a5ae85e747dc300aea41d2787182cd021384305eca7a046083032ce492246895fdc49aba0f1b220b2ef5ba8b34610abd0182e3fa452071e8e1fd952a

Download Submit
memory/1724-19-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1724-3999-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1964-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4000-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-4001-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2116-20-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2336-30-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2336-4007-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2424-40-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2424-63-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-17-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-61-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-47-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-25-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3193-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-23-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3173-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2424-0-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-36-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2424-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2424-2371-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2384-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2977-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2790-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2624-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2379-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4006-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2720-38-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4005-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-62-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4002-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-68-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3057-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4009-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-46-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2625-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4004-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4003-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2860-60-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3028-69-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3070-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4008-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download