cobaltstrike | 841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
Size

6.0MB
MD5

6ec78d6d48950e206fb6b70de731e6a0
SHA1

481b8e0309249d0ab258c19c9ad821d35a376ba6
SHA256

841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c
SHA512

07f48d8be5934e4089ec049f02bff7e65792ede801f7209f0dc8ede1380c2cd05e9ccff6e499eb1e99efe81d63704862cb053055e5808e6a2d1e5a7ebe1e3373
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUS:eOl56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000016c88-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-63.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-83.dat	cobalt_reflective_dll
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/268-44-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1044-35-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2784-42-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/692-33-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-32.dat	xmrig
behavioral1/memory/692-29-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-41.dat	xmrig
behavioral1/memory/2284-27-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c80-26.dat	xmrig
behavioral1/memory/2720-20-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-18.dat	xmrig
behavioral1/memory/268-13-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0008000000016875-12.dat	xmrig
behavioral1/files/0x0008000000016d3a-49.dat	xmrig
behavioral1/files/0x0007000000016cf5-56.dat	xmrig
behavioral1/files/0x0005000000018686-63.dat	xmrig
behavioral1/files/0x000800000001749c-54.dat	xmrig
behavioral1/files/0x00050000000186ed-91.dat	xmrig
behavioral1/memory/2688-95-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2784-92-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/3060-102-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-108.dat	xmrig
behavioral1/files/0x0006000000018b4e-138.dat	xmrig
behavioral1/memory/2644-596-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2820-491-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2688-597-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2748-393-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/3060-599-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/692-217-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b6-193.dat	xmrig
behavioral1/files/0x0005000000019360-184.dat	xmrig
behavioral1/files/0x00050000000193a6-188.dat	xmrig
behavioral1/files/0x0005000000019297-173.dat	xmrig
behavioral1/files/0x000500000001933f-178.dat	xmrig
behavioral1/files/0x0005000000019284-168.dat	xmrig
behavioral1/files/0x0005000000019278-163.dat	xmrig
behavioral1/files/0x0005000000019269-158.dat	xmrig
behavioral1/files/0x0005000000019250-153.dat	xmrig
behavioral1/files/0x0005000000019246-147.dat	xmrig
behavioral1/files/0x0006000000018c16-143.dat	xmrig
behavioral1/files/0x00050000000187a8-133.dat	xmrig
behavioral1/files/0x0005000000018744-123.dat	xmrig
behavioral1/files/0x000500000001878e-127.dat	xmrig
behavioral1/files/0x0005000000018739-118.dat	xmrig
behavioral1/files/0x0005000000018704-113.dat	xmrig
behavioral1/files/0x00050000000186f1-101.dat	xmrig
behavioral1/memory/2644-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/1044-86-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-85.dat	xmrig
behavioral1/memory/2820-84-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-83.dat	xmrig
behavioral1/memory/2748-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2796-81-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2284-80-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/692-77-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2912-76-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/692-75-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2244-73-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/692-69-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/692-53-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2720-52-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2328-8-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/memory/692-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2328	iZGhNNv.exe
268	clktWee.exe
2720	tmzljYC.exe
2284	aJVhOxC.exe
1044	ctVvYUx.exe
2784	APvJvEo.exe
2244	PAbVgix.exe
2912	JsRcrRu.exe
2796	MPVIVIy.exe
2748	ctmXoFX.exe
2820	tmPRXwX.exe
2644	YcEngqV.exe
2688	NWOpEWH.exe
3060	vOdfzLP.exe
2960	ZYfXKCW.exe
2876	MvRAINo.exe
2948	JKQKQnw.exe
3024	rladqPH.exe
2728	qTIGRPr.exe
3020	pxxTotI.exe
1404	spsTjJl.exe
1784	nBzRvbe.exe
1752	vWeLjOX.exe
2524	EFUqNIQ.exe
2108	TkEABnN.exe
1788	URfIqBD.exe
2548	XGIFRWq.exe
2444	XVCwItl.exe
1460	HsncOgG.exe
576	qxQkEtt.exe
2200	CDyglvA.exe
828	aFVykHs.exe
944	mtwZdkP.exe
1488	OhNBvjQ.exe
2392	dbmTbUX.exe
1712	iyxqJrb.exe
2400	JvXISLd.exe
1732	TVHZFUA.exe
744	emIhkuv.exe
1656	FiuineM.exe
2428	sWxbsai.exe
788	gTdEsHh.exe
2136	SJcExaV.exe
2208	kwxDkSJ.exe
1748	KrnMxCV.exe
2556	wACnmaf.exe
380	WmEkaqf.exe
648	rmFFtkc.exe
1492	nxgomkc.exe
2432	omfIIEN.exe
532	VvzbolG.exe
1700	lWkYqFR.exe
1592	rKaQJWx.exe
2360	YDRyPxl.exe
2576	CKlkmSN.exe
2776	XewCoyj.exe
320	ImgNilb.exe
1716	AgnuXcN.exe
2268	NssMnkf.exe
2704	ppMygYu.exe
2916	KvPGEsw.exe
2684	fwNIpgN.exe
836	iZMXmJQ.exe
3064	LfMOZwc.exe

Loads dropped DLL 64 IoCs

pid	Process
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/268-44-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1044-35-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2784-42-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/692-33-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-32.dat	upx
behavioral1/files/0x0007000000016cd7-41.dat	upx
behavioral1/memory/2284-27-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0007000000016c80-26.dat	upx
behavioral1/memory/2720-20-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-18.dat	upx
behavioral1/memory/268-13-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0008000000016875-12.dat	upx
behavioral1/files/0x0008000000016d3a-49.dat	upx
behavioral1/files/0x0007000000016cf5-56.dat	upx
behavioral1/files/0x0005000000018686-63.dat	upx
behavioral1/files/0x000800000001749c-54.dat	upx
behavioral1/files/0x00050000000186ed-91.dat	upx
behavioral1/memory/2688-95-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2784-92-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/3060-102-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-108.dat	upx
behavioral1/files/0x0006000000018b4e-138.dat	upx
behavioral1/memory/2644-596-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2820-491-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2688-597-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2748-393-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/3060-599-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00050000000193b6-193.dat	upx
behavioral1/files/0x0005000000019360-184.dat	upx
behavioral1/files/0x00050000000193a6-188.dat	upx
behavioral1/files/0x0005000000019297-173.dat	upx
behavioral1/files/0x000500000001933f-178.dat	upx
behavioral1/files/0x0005000000019284-168.dat	upx
behavioral1/files/0x0005000000019278-163.dat	upx
behavioral1/files/0x0005000000019269-158.dat	upx
behavioral1/files/0x0005000000019250-153.dat	upx
behavioral1/files/0x0005000000019246-147.dat	upx
behavioral1/files/0x0006000000018c16-143.dat	upx
behavioral1/files/0x00050000000187a8-133.dat	upx
behavioral1/files/0x0005000000018744-123.dat	upx
behavioral1/files/0x000500000001878e-127.dat	upx
behavioral1/files/0x0005000000018739-118.dat	upx
behavioral1/files/0x0005000000018704-113.dat	upx
behavioral1/files/0x00050000000186f1-101.dat	upx
behavioral1/memory/2644-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1044-86-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-85.dat	upx
behavioral1/memory/2820-84-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000600000001755b-83.dat	upx
behavioral1/memory/2748-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2796-81-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2284-80-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2912-76-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2244-73-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2720-52-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2328-8-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/memory/692-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2328-3188-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/268-3213-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2284-3235-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2784-3237-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2720-3239-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1044-3245-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Empsrpj.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\AgzuQWN.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\yIkpyTL.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\BCwYCmN.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\nOqDCLP.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\VojnltJ.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\VUWxZmB.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\QnuEolz.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\InvOsdj.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\SLKFICf.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\ahgMLKc.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\wLusVbM.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\UnoGMOF.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\lsoBlRC.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\tQPNDEy.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\IsKBKpx.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\wnAsOdl.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\uuZPLIf.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\lXDPIMO.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\JExipzm.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\NovccqQ.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\LWqXpOa.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\YIeOolJ.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\THVzCqd.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\MPVIVIy.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\nbMOOXv.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\ZVuFPIm.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\WmyNojx.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\RQYKLQU.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\JMRmthi.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\MjYrfnS.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\VdUhUMu.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\TWKwQel.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\GkfShfz.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\kZRCHEr.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\gusgfcj.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\RkzyXwq.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\wJPztCK.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\yovjJJk.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\TnBXSNF.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\wsdYlEF.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\PFykHDU.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\gKjezTj.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\jJZchCz.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\UaCUxlG.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\niGemsE.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\XGIFRWq.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\lElcGuk.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\CWhHJVz.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\RUeLuhI.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\czmVVka.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\HmHEWtT.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\KbjMnLi.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\SIbJiaV.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\zswWtXK.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\emIhkuv.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\GLKztQP.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\wbkLshZ.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\aLXIVJU.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\ypFymca.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\EnCXVWb.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\ZHGsJSY.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\WJgnBaR.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
File created	C:\Windows\System\QZQVzeJ.exe	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 2328	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	31
PID 692 wrote to memory of 2328	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	31
PID 692 wrote to memory of 2328	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	31
PID 692 wrote to memory of 268	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	32
PID 692 wrote to memory of 268	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	32
PID 692 wrote to memory of 268	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	32
PID 692 wrote to memory of 2720	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	33
PID 692 wrote to memory of 2720	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	33
PID 692 wrote to memory of 2720	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	33
PID 692 wrote to memory of 2284	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	34
PID 692 wrote to memory of 2284	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	34
PID 692 wrote to memory of 2284	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	34
PID 692 wrote to memory of 1044	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	35
PID 692 wrote to memory of 1044	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	35
PID 692 wrote to memory of 1044	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	35
PID 692 wrote to memory of 2784	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	36
PID 692 wrote to memory of 2784	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	36
PID 692 wrote to memory of 2784	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	36
PID 692 wrote to memory of 2244	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	38
PID 692 wrote to memory of 2244	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	38
PID 692 wrote to memory of 2244	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	38
PID 692 wrote to memory of 2796	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	39
PID 692 wrote to memory of 2796	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	39
PID 692 wrote to memory of 2796	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	39
PID 692 wrote to memory of 2912	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	40
PID 692 wrote to memory of 2912	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	40
PID 692 wrote to memory of 2912	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	40
PID 692 wrote to memory of 2820	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	41
PID 692 wrote to memory of 2820	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	41
PID 692 wrote to memory of 2820	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	41
PID 692 wrote to memory of 2748	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	42
PID 692 wrote to memory of 2748	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	42
PID 692 wrote to memory of 2748	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	42
PID 692 wrote to memory of 2644	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	43
PID 692 wrote to memory of 2644	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	43
PID 692 wrote to memory of 2644	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	43
PID 692 wrote to memory of 2688	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	44
PID 692 wrote to memory of 2688	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	44
PID 692 wrote to memory of 2688	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	44
PID 692 wrote to memory of 3060	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	45
PID 692 wrote to memory of 3060	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	45
PID 692 wrote to memory of 3060	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	45
PID 692 wrote to memory of 2960	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	46
PID 692 wrote to memory of 2960	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	46
PID 692 wrote to memory of 2960	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	46
PID 692 wrote to memory of 2876	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	47
PID 692 wrote to memory of 2876	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	47
PID 692 wrote to memory of 2876	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	47
PID 692 wrote to memory of 2948	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	48
PID 692 wrote to memory of 2948	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	48
PID 692 wrote to memory of 2948	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	48
PID 692 wrote to memory of 3024	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	49
PID 692 wrote to memory of 3024	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	49
PID 692 wrote to memory of 3024	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	49
PID 692 wrote to memory of 2728	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	50
PID 692 wrote to memory of 2728	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	50
PID 692 wrote to memory of 2728	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	50
PID 692 wrote to memory of 3020	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	51
PID 692 wrote to memory of 3020	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	51
PID 692 wrote to memory of 3020	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	51
PID 692 wrote to memory of 1404	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	52
PID 692 wrote to memory of 1404	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	52
PID 692 wrote to memory of 1404	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	52
PID 692 wrote to memory of 1784	692	JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_841b3bfe0afb69189af88f05dd755c1ae569d6283380f4279814b88a33e0d15c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:692
- C:\Windows\System\iZGhNNv.exe
  C:\Windows\System\iZGhNNv.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\clktWee.exe
  C:\Windows\System\clktWee.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\tmzljYC.exe
  C:\Windows\System\tmzljYC.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\aJVhOxC.exe
  C:\Windows\System\aJVhOxC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ctVvYUx.exe
  C:\Windows\System\ctVvYUx.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\APvJvEo.exe
  C:\Windows\System\APvJvEo.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\PAbVgix.exe
  C:\Windows\System\PAbVgix.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\MPVIVIy.exe
  C:\Windows\System\MPVIVIy.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JsRcrRu.exe
  C:\Windows\System\JsRcrRu.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\tmPRXwX.exe
  C:\Windows\System\tmPRXwX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ctmXoFX.exe
  C:\Windows\System\ctmXoFX.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\YcEngqV.exe
  C:\Windows\System\YcEngqV.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\NWOpEWH.exe
  C:\Windows\System\NWOpEWH.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vOdfzLP.exe
  C:\Windows\System\vOdfzLP.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ZYfXKCW.exe
  C:\Windows\System\ZYfXKCW.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\MvRAINo.exe
  C:\Windows\System\MvRAINo.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\JKQKQnw.exe
  C:\Windows\System\JKQKQnw.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\rladqPH.exe
  C:\Windows\System\rladqPH.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\qTIGRPr.exe
  C:\Windows\System\qTIGRPr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\pxxTotI.exe
  C:\Windows\System\pxxTotI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\spsTjJl.exe
  C:\Windows\System\spsTjJl.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\nBzRvbe.exe
  C:\Windows\System\nBzRvbe.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\vWeLjOX.exe
  C:\Windows\System\vWeLjOX.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\EFUqNIQ.exe
  C:\Windows\System\EFUqNIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\TkEABnN.exe
  C:\Windows\System\TkEABnN.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\URfIqBD.exe
  C:\Windows\System\URfIqBD.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\XGIFRWq.exe
  C:\Windows\System\XGIFRWq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XVCwItl.exe
  C:\Windows\System\XVCwItl.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\HsncOgG.exe
  C:\Windows\System\HsncOgG.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\qxQkEtt.exe
  C:\Windows\System\qxQkEtt.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\CDyglvA.exe
  C:\Windows\System\CDyglvA.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\aFVykHs.exe
  C:\Windows\System\aFVykHs.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\mtwZdkP.exe
  C:\Windows\System\mtwZdkP.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\OhNBvjQ.exe
  C:\Windows\System\OhNBvjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\dbmTbUX.exe
  C:\Windows\System\dbmTbUX.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\iyxqJrb.exe
  C:\Windows\System\iyxqJrb.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\JvXISLd.exe
  C:\Windows\System\JvXISLd.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\TVHZFUA.exe
  C:\Windows\System\TVHZFUA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\emIhkuv.exe
  C:\Windows\System\emIhkuv.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\FiuineM.exe
  C:\Windows\System\FiuineM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\sWxbsai.exe
  C:\Windows\System\sWxbsai.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\gTdEsHh.exe
  C:\Windows\System\gTdEsHh.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\SJcExaV.exe
  C:\Windows\System\SJcExaV.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\kwxDkSJ.exe
  C:\Windows\System\kwxDkSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\KrnMxCV.exe
  C:\Windows\System\KrnMxCV.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\wACnmaf.exe
  C:\Windows\System\wACnmaf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\WmEkaqf.exe
  C:\Windows\System\WmEkaqf.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\rmFFtkc.exe
  C:\Windows\System\rmFFtkc.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\nxgomkc.exe
  C:\Windows\System\nxgomkc.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\omfIIEN.exe
  C:\Windows\System\omfIIEN.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\VvzbolG.exe
  C:\Windows\System\VvzbolG.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\lWkYqFR.exe
  C:\Windows\System\lWkYqFR.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\rKaQJWx.exe
  C:\Windows\System\rKaQJWx.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\YDRyPxl.exe
  C:\Windows\System\YDRyPxl.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\CKlkmSN.exe
  C:\Windows\System\CKlkmSN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XewCoyj.exe
  C:\Windows\System\XewCoyj.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ImgNilb.exe
  C:\Windows\System\ImgNilb.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\AgnuXcN.exe
  C:\Windows\System\AgnuXcN.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\NssMnkf.exe
  C:\Windows\System\NssMnkf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ppMygYu.exe
  C:\Windows\System\ppMygYu.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\KvPGEsw.exe
  C:\Windows\System\KvPGEsw.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\fwNIpgN.exe
  C:\Windows\System\fwNIpgN.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\iZMXmJQ.exe
  C:\Windows\System\iZMXmJQ.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\LfMOZwc.exe
  C:\Windows\System\LfMOZwc.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\gFmOGQi.exe
  C:\Windows\System\gFmOGQi.exe
  2⤵
  PID:2812
- C:\Windows\System\eAOHLcn.exe
  C:\Windows\System\eAOHLcn.exe
  2⤵
  PID:2972
- C:\Windows\System\KtYyTOT.exe
  C:\Windows\System\KtYyTOT.exe
  2⤵
  PID:3028
- C:\Windows\System\hWyFEVH.exe
  C:\Windows\System\hWyFEVH.exe
  2⤵
  PID:1848
- C:\Windows\System\xrVFmWB.exe
  C:\Windows\System\xrVFmWB.exe
  2⤵
  PID:1292
- C:\Windows\System\tfgShoo.exe
  C:\Windows\System\tfgShoo.exe
  2⤵
  PID:1136
- C:\Windows\System\MnoGNqQ.exe
  C:\Windows\System\MnoGNqQ.exe
  2⤵
  PID:2112
- C:\Windows\System\MjYrfnS.exe
  C:\Windows\System\MjYrfnS.exe
  2⤵
  PID:2564
- C:\Windows\System\LFyXDEL.exe
  C:\Windows\System\LFyXDEL.exe
  2⤵
  PID:824
- C:\Windows\System\OoIxKzj.exe
  C:\Windows\System\OoIxKzj.exe
  2⤵
  PID:476
- C:\Windows\System\wptwpyn.exe
  C:\Windows\System\wptwpyn.exe
  2⤵
  PID:632
- C:\Windows\System\CruXUaP.exe
  C:\Windows\System\CruXUaP.exe
  2⤵
  PID:2384
- C:\Windows\System\IMHdyzR.exe
  C:\Windows\System\IMHdyzR.exe
  2⤵
  PID:340
- C:\Windows\System\eXicjtn.exe
  C:\Windows\System\eXicjtn.exe
  2⤵
  PID:1688
- C:\Windows\System\IHUcMcB.exe
  C:\Windows\System\IHUcMcB.exe
  2⤵
  PID:832
- C:\Windows\System\piCxyli.exe
  C:\Windows\System\piCxyli.exe
  2⤵
  PID:2420
- C:\Windows\System\GWrRLbk.exe
  C:\Windows\System\GWrRLbk.exe
  2⤵
  PID:284
- C:\Windows\System\khFaMTj.exe
  C:\Windows\System\khFaMTj.exe
  2⤵
  PID:900
- C:\Windows\System\veMAMBZ.exe
  C:\Windows\System\veMAMBZ.exe
  2⤵
  PID:776
- C:\Windows\System\GcvwbbX.exe
  C:\Windows\System\GcvwbbX.exe
  2⤵
  PID:1544
- C:\Windows\System\HHoTQwo.exe
  C:\Windows\System\HHoTQwo.exe
  2⤵
  PID:1840
- C:\Windows\System\zzvXLsK.exe
  C:\Windows\System\zzvXLsK.exe
  2⤵
  PID:1560
- C:\Windows\System\tPzffAz.exe
  C:\Windows\System\tPzffAz.exe
  2⤵
  PID:2340
- C:\Windows\System\LTXLwto.exe
  C:\Windows\System\LTXLwto.exe
  2⤵
  PID:2608
- C:\Windows\System\arAekfQ.exe
  C:\Windows\System\arAekfQ.exe
  2⤵
  PID:2580
- C:\Windows\System\ASZgXzT.exe
  C:\Windows\System\ASZgXzT.exe
  2⤵
  PID:1900
- C:\Windows\System\ZYRthfa.exe
  C:\Windows\System\ZYRthfa.exe
  2⤵
  PID:2864
- C:\Windows\System\qizjHLo.exe
  C:\Windows\System\qizjHLo.exe
  2⤵
  PID:2808
- C:\Windows\System\ZbgTkzr.exe
  C:\Windows\System\ZbgTkzr.exe
  2⤵
  PID:2852
- C:\Windows\System\OHNQDCD.exe
  C:\Windows\System\OHNQDCD.exe
  2⤵
  PID:2388
- C:\Windows\System\cfwHpmA.exe
  C:\Windows\System\cfwHpmA.exe
  2⤵
  PID:2732
- C:\Windows\System\wYSsFcA.exe
  C:\Windows\System\wYSsFcA.exe
  2⤵
  PID:3036
- C:\Windows\System\aEWQJTG.exe
  C:\Windows\System\aEWQJTG.exe
  2⤵
  PID:1768
- C:\Windows\System\PsHaAyh.exe
  C:\Windows\System\PsHaAyh.exe
  2⤵
  PID:1320
- C:\Windows\System\APfnrAV.exe
  C:\Windows\System\APfnrAV.exe
  2⤵
  PID:1812
- C:\Windows\System\fSBtdTW.exe
  C:\Windows\System\fSBtdTW.exe
  2⤵
  PID:872
- C:\Windows\System\vuNrFJT.exe
  C:\Windows\System\vuNrFJT.exe
  2⤵
  PID:2044
- C:\Windows\System\VFXLZtj.exe
  C:\Windows\System\VFXLZtj.exe
  2⤵
  PID:344
- C:\Windows\System\XXlmKtf.exe
  C:\Windows\System\XXlmKtf.exe
  2⤵
  PID:1332
- C:\Windows\System\PzjUxbB.exe
  C:\Windows\System\PzjUxbB.exe
  2⤵
  PID:2272
- C:\Windows\System\VUWxZmB.exe
  C:\Windows\System\VUWxZmB.exe
  2⤵
  PID:2140
- C:\Windows\System\SnTlNuD.exe
  C:\Windows\System\SnTlNuD.exe
  2⤵
  PID:2452
- C:\Windows\System\mkElsGL.exe
  C:\Windows\System\mkElsGL.exe
  2⤵
  PID:1516
- C:\Windows\System\yovjJJk.exe
  C:\Windows\System\yovjJJk.exe
  2⤵
  PID:2736
- C:\Windows\System\nJeUXUM.exe
  C:\Windows\System\nJeUXUM.exe
  2⤵
  PID:1632
- C:\Windows\System\bWEkeqo.exe
  C:\Windows\System\bWEkeqo.exe
  2⤵
  PID:2928
- C:\Windows\System\qAzziUt.exe
  C:\Windows\System\qAzziUt.exe
  2⤵
  PID:2680
- C:\Windows\System\VgQDIwT.exe
  C:\Windows\System\VgQDIwT.exe
  2⤵
  PID:2840
- C:\Windows\System\btpdAQz.exe
  C:\Windows\System\btpdAQz.exe
  2⤵
  PID:316
- C:\Windows\System\TnBXSNF.exe
  C:\Windows\System\TnBXSNF.exe
  2⤵
  PID:3084
- C:\Windows\System\ZzDIesZ.exe
  C:\Windows\System\ZzDIesZ.exe
  2⤵
  PID:3104
- C:\Windows\System\rcoePoX.exe
  C:\Windows\System\rcoePoX.exe
  2⤵
  PID:3124
- C:\Windows\System\iCKFXRi.exe
  C:\Windows\System\iCKFXRi.exe
  2⤵
  PID:3144
- C:\Windows\System\WQzLOWo.exe
  C:\Windows\System\WQzLOWo.exe
  2⤵
  PID:3164
- C:\Windows\System\bwiUOva.exe
  C:\Windows\System\bwiUOva.exe
  2⤵
  PID:3184
- C:\Windows\System\McxqDBH.exe
  C:\Windows\System\McxqDBH.exe
  2⤵
  PID:3204
- C:\Windows\System\GWMHOUr.exe
  C:\Windows\System\GWMHOUr.exe
  2⤵
  PID:3220
- C:\Windows\System\oLKeKSz.exe
  C:\Windows\System\oLKeKSz.exe
  2⤵
  PID:3244
- C:\Windows\System\URaVcnh.exe
  C:\Windows\System\URaVcnh.exe
  2⤵
  PID:3264
- C:\Windows\System\nndxVZj.exe
  C:\Windows\System\nndxVZj.exe
  2⤵
  PID:3284
- C:\Windows\System\ehfEvcu.exe
  C:\Windows\System\ehfEvcu.exe
  2⤵
  PID:3304
- C:\Windows\System\qkFotDM.exe
  C:\Windows\System\qkFotDM.exe
  2⤵
  PID:3324
- C:\Windows\System\CAxwJkb.exe
  C:\Windows\System\CAxwJkb.exe
  2⤵
  PID:3344
- C:\Windows\System\tdqdMBV.exe
  C:\Windows\System\tdqdMBV.exe
  2⤵
  PID:3364
- C:\Windows\System\qPvTMXQ.exe
  C:\Windows\System\qPvTMXQ.exe
  2⤵
  PID:3384
- C:\Windows\System\JYbPINY.exe
  C:\Windows\System\JYbPINY.exe
  2⤵
  PID:3404
- C:\Windows\System\QZQpqTg.exe
  C:\Windows\System\QZQpqTg.exe
  2⤵
  PID:3424
- C:\Windows\System\LtwxjJt.exe
  C:\Windows\System\LtwxjJt.exe
  2⤵
  PID:3448
- C:\Windows\System\kFXhaoe.exe
  C:\Windows\System\kFXhaoe.exe
  2⤵
  PID:3468
- C:\Windows\System\svqyUJK.exe
  C:\Windows\System\svqyUJK.exe
  2⤵
  PID:3488
- C:\Windows\System\YGSXfrx.exe
  C:\Windows\System\YGSXfrx.exe
  2⤵
  PID:3508
- C:\Windows\System\eYYIUxL.exe
  C:\Windows\System\eYYIUxL.exe
  2⤵
  PID:3528
- C:\Windows\System\gYIxBTH.exe
  C:\Windows\System\gYIxBTH.exe
  2⤵
  PID:3548
- C:\Windows\System\EnCXVWb.exe
  C:\Windows\System\EnCXVWb.exe
  2⤵
  PID:3568
- C:\Windows\System\QyWvKGM.exe
  C:\Windows\System\QyWvKGM.exe
  2⤵
  PID:3584
- C:\Windows\System\fBciKnc.exe
  C:\Windows\System\fBciKnc.exe
  2⤵
  PID:3608
- C:\Windows\System\UCtQvSg.exe
  C:\Windows\System\UCtQvSg.exe
  2⤵
  PID:3624
- C:\Windows\System\kGYJUcW.exe
  C:\Windows\System\kGYJUcW.exe
  2⤵
  PID:3644
- C:\Windows\System\dEBprmr.exe
  C:\Windows\System\dEBprmr.exe
  2⤵
  PID:3664
- C:\Windows\System\jCKbPdj.exe
  C:\Windows\System\jCKbPdj.exe
  2⤵
  PID:3684
- C:\Windows\System\QWdssTv.exe
  C:\Windows\System\QWdssTv.exe
  2⤵
  PID:3704
- C:\Windows\System\hKGAhxX.exe
  C:\Windows\System\hKGAhxX.exe
  2⤵
  PID:3728
- C:\Windows\System\VdbYuSM.exe
  C:\Windows\System\VdbYuSM.exe
  2⤵
  PID:3748
- C:\Windows\System\GWMQyTx.exe
  C:\Windows\System\GWMQyTx.exe
  2⤵
  PID:3768
- C:\Windows\System\jddlkSj.exe
  C:\Windows\System\jddlkSj.exe
  2⤵
  PID:3784
- C:\Windows\System\GKXVUmc.exe
  C:\Windows\System\GKXVUmc.exe
  2⤵
  PID:3812
- C:\Windows\System\unvDYMu.exe
  C:\Windows\System\unvDYMu.exe
  2⤵
  PID:3828
- C:\Windows\System\PpweWhQ.exe
  C:\Windows\System\PpweWhQ.exe
  2⤵
  PID:3852
- C:\Windows\System\wsdYlEF.exe
  C:\Windows\System\wsdYlEF.exe
  2⤵
  PID:3868
- C:\Windows\System\JnlVTQA.exe
  C:\Windows\System\JnlVTQA.exe
  2⤵
  PID:3888
- C:\Windows\System\tAAHPVz.exe
  C:\Windows\System\tAAHPVz.exe
  2⤵
  PID:3908
- C:\Windows\System\wpoJgfq.exe
  C:\Windows\System\wpoJgfq.exe
  2⤵
  PID:3928
- C:\Windows\System\HCkEWwh.exe
  C:\Windows\System\HCkEWwh.exe
  2⤵
  PID:3944
- C:\Windows\System\RMVAjjw.exe
  C:\Windows\System\RMVAjjw.exe
  2⤵
  PID:3964
- C:\Windows\System\ahTtyGO.exe
  C:\Windows\System\ahTtyGO.exe
  2⤵
  PID:3984
- C:\Windows\System\TcFryEc.exe
  C:\Windows\System\TcFryEc.exe
  2⤵
  PID:4004
- C:\Windows\System\pipnpLm.exe
  C:\Windows\System\pipnpLm.exe
  2⤵
  PID:4028
- C:\Windows\System\tQPNDEy.exe
  C:\Windows\System\tQPNDEy.exe
  2⤵
  PID:4052
- C:\Windows\System\pcddGWC.exe
  C:\Windows\System\pcddGWC.exe
  2⤵
  PID:4072
- C:\Windows\System\aARrvzg.exe
  C:\Windows\System\aARrvzg.exe
  2⤵
  PID:4092
- C:\Windows\System\CLQUbuS.exe
  C:\Windows\System\CLQUbuS.exe
  2⤵
  PID:2944
- C:\Windows\System\mgDxvis.exe
  C:\Windows\System\mgDxvis.exe
  2⤵
  PID:1776
- C:\Windows\System\bfnDUMB.exe
  C:\Windows\System\bfnDUMB.exe
  2⤵
  PID:1704
- C:\Windows\System\HcWstSi.exe
  C:\Windows\System\HcWstSi.exe
  2⤵
  PID:864
- C:\Windows\System\qlbEbkK.exe
  C:\Windows\System\qlbEbkK.exe
  2⤵
  PID:868
- C:\Windows\System\RJubxbe.exe
  C:\Windows\System\RJubxbe.exe
  2⤵
  PID:624
- C:\Windows\System\fznpHmh.exe
  C:\Windows\System\fznpHmh.exe
  2⤵
  PID:2348
- C:\Windows\System\SPtmXNe.exe
  C:\Windows\System\SPtmXNe.exe
  2⤵
  PID:2672
- C:\Windows\System\uvkljNO.exe
  C:\Windows\System\uvkljNO.exe
  2⤵
  PID:3092
- C:\Windows\System\gvxpIHU.exe
  C:\Windows\System\gvxpIHU.exe
  2⤵
  PID:3116
- C:\Windows\System\xJxtDiV.exe
  C:\Windows\System\xJxtDiV.exe
  2⤵
  PID:3140
- C:\Windows\System\fypuSzn.exe
  C:\Windows\System\fypuSzn.exe
  2⤵
  PID:3172
- C:\Windows\System\BslmvJw.exe
  C:\Windows\System\BslmvJw.exe
  2⤵
  PID:3240
- C:\Windows\System\rEBgyVt.exe
  C:\Windows\System\rEBgyVt.exe
  2⤵
  PID:2300
- C:\Windows\System\eusWAyb.exe
  C:\Windows\System\eusWAyb.exe
  2⤵
  PID:3256
- C:\Windows\System\FpkgRAf.exe
  C:\Windows\System\FpkgRAf.exe
  2⤵
  PID:3320
- C:\Windows\System\fClbReb.exe
  C:\Windows\System\fClbReb.exe
  2⤵
  PID:3332
- C:\Windows\System\nTVfGka.exe
  C:\Windows\System\nTVfGka.exe
  2⤵
  PID:3340
- C:\Windows\System\cqzjsFO.exe
  C:\Windows\System\cqzjsFO.exe
  2⤵
  PID:3396
- C:\Windows\System\yWBEwiX.exe
  C:\Windows\System\yWBEwiX.exe
  2⤵
  PID:3372
- C:\Windows\System\Hhtwzgt.exe
  C:\Windows\System\Hhtwzgt.exe
  2⤵
  PID:3480
- C:\Windows\System\iCfkPmN.exe
  C:\Windows\System\iCfkPmN.exe
  2⤵
  PID:3524
- C:\Windows\System\QnuEolz.exe
  C:\Windows\System\QnuEolz.exe
  2⤵
  PID:3564
- C:\Windows\System\xMWXqWa.exe
  C:\Windows\System\xMWXqWa.exe
  2⤵
  PID:3604
- C:\Windows\System\TlxQIGQ.exe
  C:\Windows\System\TlxQIGQ.exe
  2⤵
  PID:3500
- C:\Windows\System\xCCcRma.exe
  C:\Windows\System\xCCcRma.exe
  2⤵
  PID:3640
- C:\Windows\System\BhikEUM.exe
  C:\Windows\System\BhikEUM.exe
  2⤵
  PID:3576
- C:\Windows\System\pPviaor.exe
  C:\Windows\System\pPviaor.exe
  2⤵
  PID:3712
- C:\Windows\System\GVcXATU.exe
  C:\Windows\System\GVcXATU.exe
  2⤵
  PID:3724
- C:\Windows\System\dwaErFt.exe
  C:\Windows\System\dwaErFt.exe
  2⤵
  PID:3700
- C:\Windows\System\zeSeNLm.exe
  C:\Windows\System\zeSeNLm.exe
  2⤵
  PID:3844
- C:\Windows\System\YfqhTya.exe
  C:\Windows\System\YfqhTya.exe
  2⤵
  PID:3884
- C:\Windows\System\ssfjuHX.exe
  C:\Windows\System\ssfjuHX.exe
  2⤵
  PID:3736
- C:\Windows\System\DtcWQSh.exe
  C:\Windows\System\DtcWQSh.exe
  2⤵
  PID:4000
- C:\Windows\System\zPQrttU.exe
  C:\Windows\System\zPQrttU.exe
  2⤵
  PID:4048
- C:\Windows\System\kqqjIiU.exe
  C:\Windows\System\kqqjIiU.exe
  2⤵
  PID:4084
- C:\Windows\System\ontAPeR.exe
  C:\Windows\System\ontAPeR.exe
  2⤵
  PID:1792
- C:\Windows\System\rPbuqXv.exe
  C:\Windows\System\rPbuqXv.exe
  2⤵
  PID:3900
- C:\Windows\System\OQyPOls.exe
  C:\Windows\System\OQyPOls.exe
  2⤵
  PID:3940
- C:\Windows\System\LJqlYVe.exe
  C:\Windows\System\LJqlYVe.exe
  2⤵
  PID:4016
- C:\Windows\System\ZgeoDIf.exe
  C:\Windows\System\ZgeoDIf.exe
  2⤵
  PID:4068
- C:\Windows\System\ZAFCOcj.exe
  C:\Windows\System\ZAFCOcj.exe
  2⤵
  PID:3808
- C:\Windows\System\ewFBfNy.exe
  C:\Windows\System\ewFBfNy.exe
  2⤵
  PID:2532
- C:\Windows\System\yrovmPR.exe
  C:\Windows\System\yrovmPR.exe
  2⤵
  PID:2880
- C:\Windows\System\QYkSFlX.exe
  C:\Windows\System\QYkSFlX.exe
  2⤵
  PID:2716
- C:\Windows\System\EbxIhPX.exe
  C:\Windows\System\EbxIhPX.exe
  2⤵
  PID:1760
- C:\Windows\System\BdzNHZC.exe
  C:\Windows\System\BdzNHZC.exe
  2⤵
  PID:2088
- C:\Windows\System\xOOzvTc.exe
  C:\Windows\System\xOOzvTc.exe
  2⤵
  PID:964
- C:\Windows\System\ZopQbXW.exe
  C:\Windows\System\ZopQbXW.exe
  2⤵
  PID:2956
- C:\Windows\System\wRTvTUZ.exe
  C:\Windows\System\wRTvTUZ.exe
  2⤵
  PID:2696
- C:\Windows\System\ypFymca.exe
  C:\Windows\System\ypFymca.exe
  2⤵
  PID:2692
- C:\Windows\System\DgafHfQ.exe
  C:\Windows\System\DgafHfQ.exe
  2⤵
  PID:880
- C:\Windows\System\cENkCqw.exe
  C:\Windows\System\cENkCqw.exe
  2⤵
  PID:2028
- C:\Windows\System\EFvUSUY.exe
  C:\Windows\System\EFvUSUY.exe
  2⤵
  PID:2988
- C:\Windows\System\mbFDBTH.exe
  C:\Windows\System\mbFDBTH.exe
  2⤵
  PID:2292
- C:\Windows\System\NwxLWLC.exe
  C:\Windows\System\NwxLWLC.exe
  2⤵
  PID:2940
- C:\Windows\System\rOJPrjb.exe
  C:\Windows\System\rOJPrjb.exe
  2⤵
  PID:3080
- C:\Windows\System\fHOfsdy.exe
  C:\Windows\System\fHOfsdy.exe
  2⤵
  PID:3100
- C:\Windows\System\jdePIqZ.exe
  C:\Windows\System\jdePIqZ.exe
  2⤵
  PID:1728
- C:\Windows\System\jFqlZHb.exe
  C:\Windows\System\jFqlZHb.exe
  2⤵
  PID:3196
- C:\Windows\System\zPLFjgF.exe
  C:\Windows\System\zPLFjgF.exe
  2⤵
  PID:3132
- C:\Windows\System\IcotmRT.exe
  C:\Windows\System\IcotmRT.exe
  2⤵
  PID:3292
- C:\Windows\System\PFykHDU.exe
  C:\Windows\System\PFykHDU.exe
  2⤵
  PID:3316
- C:\Windows\System\FFsEBks.exe
  C:\Windows\System\FFsEBks.exe
  2⤵
  PID:804
- C:\Windows\System\zolOEpV.exe
  C:\Windows\System\zolOEpV.exe
  2⤵
  PID:3444
- C:\Windows\System\GxbLybb.exe
  C:\Windows\System\GxbLybb.exe
  2⤵
  PID:3600
- C:\Windows\System\dZBjXZS.exe
  C:\Windows\System\dZBjXZS.exe
  2⤵
  PID:3764
- C:\Windows\System\pughdNj.exe
  C:\Windows\System\pughdNj.exe
  2⤵
  PID:3236
- C:\Windows\System\dRFZhiQ.exe
  C:\Windows\System\dRFZhiQ.exe
  2⤵
  PID:3400
- C:\Windows\System\oOgDYQo.exe
  C:\Windows\System\oOgDYQo.exe
  2⤵
  PID:3464
- C:\Windows\System\RvfyUIA.exe
  C:\Windows\System\RvfyUIA.exe
  2⤵
  PID:3672
- C:\Windows\System\qJblaRl.exe
  C:\Windows\System\qJblaRl.exe
  2⤵
  PID:3744
- C:\Windows\System\iKMoXsR.exe
  C:\Windows\System\iKMoXsR.exe
  2⤵
  PID:3032
- C:\Windows\System\pqbRiNW.exe
  C:\Windows\System\pqbRiNW.exe
  2⤵
  PID:3780
- C:\Windows\System\wQYLZaE.exe
  C:\Windows\System\wQYLZaE.exe
  2⤵
  PID:3820
- C:\Windows\System\HBUmoEj.exe
  C:\Windows\System\HBUmoEj.exe
  2⤵
  PID:4088
- C:\Windows\System\jVSaTbj.exe
  C:\Windows\System\jVSaTbj.exe
  2⤵
  PID:3972
- C:\Windows\System\slXzCTF.exe
  C:\Windows\System\slXzCTF.exe
  2⤵
  PID:1316
- C:\Windows\System\IDEaNTS.exe
  C:\Windows\System\IDEaNTS.exe
  2⤵
  PID:1736
- C:\Windows\System\VdUhUMu.exe
  C:\Windows\System\VdUhUMu.exe
  2⤵
  PID:2480
- C:\Windows\System\FHWjemI.exe
  C:\Windows\System\FHWjemI.exe
  2⤵
  PID:4044
- C:\Windows\System\PZHqvjl.exe
  C:\Windows\System\PZHqvjl.exe
  2⤵
  PID:2484
- C:\Windows\System\DZwnzPM.exe
  C:\Windows\System\DZwnzPM.exe
  2⤵
  PID:2908
- C:\Windows\System\yJngpib.exe
  C:\Windows\System\yJngpib.exe
  2⤵
  PID:2320
- C:\Windows\System\zqlldUm.exe
  C:\Windows\System\zqlldUm.exe
  2⤵
  PID:1800
- C:\Windows\System\iuisYNY.exe
  C:\Windows\System\iuisYNY.exe
  2⤵
  PID:1940
- C:\Windows\System\WdskDuO.exe
  C:\Windows\System\WdskDuO.exe
  2⤵
  PID:1924
- C:\Windows\System\SATFYIv.exe
  C:\Windows\System\SATFYIv.exe
  2⤵
  PID:1424
- C:\Windows\System\JhSFcvR.exe
  C:\Windows\System\JhSFcvR.exe
  2⤵
  PID:3004
- C:\Windows\System\KXDzLCB.exe
  C:\Windows\System\KXDzLCB.exe
  2⤵
  PID:3580
- C:\Windows\System\fNjMtMb.exe
  C:\Windows\System\fNjMtMb.exe
  2⤵
  PID:3792
- C:\Windows\System\WKpwvOh.exe
  C:\Windows\System\WKpwvOh.exe
  2⤵
  PID:1484
- C:\Windows\System\mRIfowS.exe
  C:\Windows\System\mRIfowS.exe
  2⤵
  PID:3136
- C:\Windows\System\rxfblPe.exe
  C:\Windows\System\rxfblPe.exe
  2⤵
  PID:2188
- C:\Windows\System\vAKoOxM.exe
  C:\Windows\System\vAKoOxM.exe
  2⤵
  PID:3076
- C:\Windows\System\RTUQtnt.exe
  C:\Windows\System\RTUQtnt.exe
  2⤵
  PID:3232
- C:\Windows\System\dvGyAeY.exe
  C:\Windows\System\dvGyAeY.exe
  2⤵
  PID:3440
- C:\Windows\System\gxyxRYH.exe
  C:\Windows\System\gxyxRYH.exe
  2⤵
  PID:3176
- C:\Windows\System\tyOPqHW.exe
  C:\Windows\System\tyOPqHW.exe
  2⤵
  PID:2052
- C:\Windows\System\QVDLcOF.exe
  C:\Windows\System\QVDLcOF.exe
  2⤵
  PID:3920
- C:\Windows\System\XkjRymd.exe
  C:\Windows\System\XkjRymd.exe
  2⤵
  PID:3896
- C:\Windows\System\gHernqg.exe
  C:\Windows\System\gHernqg.exe
  2⤵
  PID:3992
- C:\Windows\System\AGHdFeE.exe
  C:\Windows\System\AGHdFeE.exe
  2⤵
  PID:3056
- C:\Windows\System\rAwQsnq.exe
  C:\Windows\System\rAwQsnq.exe
  2⤵
  PID:3052
- C:\Windows\System\YLZCudO.exe
  C:\Windows\System\YLZCudO.exe
  2⤵
  PID:1664
- C:\Windows\System\pIPKhom.exe
  C:\Windows\System\pIPKhom.exe
  2⤵
  PID:2760
- C:\Windows\System\KKeFzZb.exe
  C:\Windows\System\KKeFzZb.exe
  2⤵
  PID:2712
- C:\Windows\System\aIIAtHb.exe
  C:\Windows\System\aIIAtHb.exe
  2⤵
  PID:2860
- C:\Windows\System\PYvUont.exe
  C:\Windows\System\PYvUont.exe
  2⤵
  PID:1996
- C:\Windows\System\oinFpOX.exe
  C:\Windows\System\oinFpOX.exe
  2⤵
  PID:2528
- C:\Windows\System\aqaLgrN.exe
  C:\Windows\System\aqaLgrN.exe
  2⤵
  PID:2924
- C:\Windows\System\fWUrYPd.exe
  C:\Windows\System\fWUrYPd.exe
  2⤵
  PID:3420
- C:\Windows\System\PYHMimV.exe
  C:\Windows\System\PYHMimV.exe
  2⤵
  PID:3760
- C:\Windows\System\CWrYaPL.exe
  C:\Windows\System\CWrYaPL.exe
  2⤵
  PID:1660
- C:\Windows\System\VaWNJwZ.exe
  C:\Windows\System\VaWNJwZ.exe
  2⤵
  PID:2668
- C:\Windows\System\NnfODZc.exe
  C:\Windows\System\NnfODZc.exe
  2⤵
  PID:3540
- C:\Windows\System\czmVVka.exe
  C:\Windows\System\czmVVka.exe
  2⤵
  PID:2600
- C:\Windows\System\MDQAduJ.exe
  C:\Windows\System\MDQAduJ.exe
  2⤵
  PID:3924
- C:\Windows\System\gokcCnf.exe
  C:\Windows\System\gokcCnf.exe
  2⤵
  PID:292
- C:\Windows\System\OwPopzg.exe
  C:\Windows\System\OwPopzg.exe
  2⤵
  PID:4012
- C:\Windows\System\jGkTTtQ.exe
  C:\Windows\System\jGkTTtQ.exe
  2⤵
  PID:684
- C:\Windows\System\gKjezTj.exe
  C:\Windows\System\gKjezTj.exe
  2⤵
  PID:3040
- C:\Windows\System\ekZNDjz.exe
  C:\Windows\System\ekZNDjz.exe
  2⤵
  PID:3112
- C:\Windows\System\giysUsP.exe
  C:\Windows\System\giysUsP.exe
  2⤵
  PID:3660
- C:\Windows\System\QGCnTdK.exe
  C:\Windows\System\QGCnTdK.exe
  2⤵
  PID:3556
- C:\Windows\System\kyIfAVs.exe
  C:\Windows\System\kyIfAVs.exe
  2⤵
  PID:3068
- C:\Windows\System\VzmKUrC.exe
  C:\Windows\System\VzmKUrC.exe
  2⤵
  PID:3516
- C:\Windows\System\bplVFSK.exe
  C:\Windows\System\bplVFSK.exe
  2⤵
  PID:3620
- C:\Windows\System\YlVWYXA.exe
  C:\Windows\System\YlVWYXA.exe
  2⤵
  PID:1796
- C:\Windows\System\htDoVtM.exe
  C:\Windows\System\htDoVtM.exe
  2⤵
  PID:3280
- C:\Windows\System\LSzrYVM.exe
  C:\Windows\System\LSzrYVM.exe
  2⤵
  PID:2216
- C:\Windows\System\Hdbsodo.exe
  C:\Windows\System\Hdbsodo.exe
  2⤵
  PID:3504
- C:\Windows\System\QHnjdkh.exe
  C:\Windows\System\QHnjdkh.exe
  2⤵
  PID:2492
- C:\Windows\System\phwhmzD.exe
  C:\Windows\System\phwhmzD.exe
  2⤵
  PID:980
- C:\Windows\System\cIespEm.exe
  C:\Windows\System\cIespEm.exe
  2⤵
  PID:4112
- C:\Windows\System\pyyzmFO.exe
  C:\Windows\System\pyyzmFO.exe
  2⤵
  PID:4132
- C:\Windows\System\PNCJaqM.exe
  C:\Windows\System\PNCJaqM.exe
  2⤵
  PID:4148
- C:\Windows\System\tQRhqUm.exe
  C:\Windows\System\tQRhqUm.exe
  2⤵
  PID:4168
- C:\Windows\System\FWzldOg.exe
  C:\Windows\System\FWzldOg.exe
  2⤵
  PID:4188
- C:\Windows\System\PkpBIIa.exe
  C:\Windows\System\PkpBIIa.exe
  2⤵
  PID:4204
- C:\Windows\System\AtbRQtJ.exe
  C:\Windows\System\AtbRQtJ.exe
  2⤵
  PID:4220
- C:\Windows\System\zcYbpgh.exe
  C:\Windows\System\zcYbpgh.exe
  2⤵
  PID:4236
- C:\Windows\System\fcJgMCh.exe
  C:\Windows\System\fcJgMCh.exe
  2⤵
  PID:4252
- C:\Windows\System\VwsPwVi.exe
  C:\Windows\System\VwsPwVi.exe
  2⤵
  PID:4268
- C:\Windows\System\MZtMCAJ.exe
  C:\Windows\System\MZtMCAJ.exe
  2⤵
  PID:4284
- C:\Windows\System\CBpNtuv.exe
  C:\Windows\System\CBpNtuv.exe
  2⤵
  PID:4300
- C:\Windows\System\mYVWTqw.exe
  C:\Windows\System\mYVWTqw.exe
  2⤵
  PID:4320
- C:\Windows\System\OlPhMYP.exe
  C:\Windows\System\OlPhMYP.exe
  2⤵
  PID:4340
- C:\Windows\System\HOaFpcE.exe
  C:\Windows\System\HOaFpcE.exe
  2⤵
  PID:4392
- C:\Windows\System\ibspQPW.exe
  C:\Windows\System\ibspQPW.exe
  2⤵
  PID:4416
- C:\Windows\System\wsciNls.exe
  C:\Windows\System\wsciNls.exe
  2⤵
  PID:4432
- C:\Windows\System\dWMmkPi.exe
  C:\Windows\System\dWMmkPi.exe
  2⤵
  PID:4456
- C:\Windows\System\BtggQyb.exe
  C:\Windows\System\BtggQyb.exe
  2⤵
  PID:4472
- C:\Windows\System\rPHuOzT.exe
  C:\Windows\System\rPHuOzT.exe
  2⤵
  PID:4488
- C:\Windows\System\UXQbvpA.exe
  C:\Windows\System\UXQbvpA.exe
  2⤵
  PID:4504
- C:\Windows\System\smSobaL.exe
  C:\Windows\System\smSobaL.exe
  2⤵
  PID:4524
- C:\Windows\System\EHVrqWe.exe
  C:\Windows\System\EHVrqWe.exe
  2⤵
  PID:4548
- C:\Windows\System\GuacLfc.exe
  C:\Windows\System\GuacLfc.exe
  2⤵
  PID:4564
- C:\Windows\System\xOgwvuZ.exe
  C:\Windows\System\xOgwvuZ.exe
  2⤵
  PID:4584
- C:\Windows\System\cvSTPte.exe
  C:\Windows\System\cvSTPte.exe
  2⤵
  PID:4608
- C:\Windows\System\vLufSfC.exe
  C:\Windows\System\vLufSfC.exe
  2⤵
  PID:4624
- C:\Windows\System\dkgITWo.exe
  C:\Windows\System\dkgITWo.exe
  2⤵
  PID:4640
- C:\Windows\System\voVrTaB.exe
  C:\Windows\System\voVrTaB.exe
  2⤵
  PID:4676
- C:\Windows\System\lsVEmYu.exe
  C:\Windows\System\lsVEmYu.exe
  2⤵
  PID:4692
- C:\Windows\System\lbVTTrL.exe
  C:\Windows\System\lbVTTrL.exe
  2⤵
  PID:4708
- C:\Windows\System\BoraKhA.exe
  C:\Windows\System\BoraKhA.exe
  2⤵
  PID:4732
- C:\Windows\System\ARXofWt.exe
  C:\Windows\System\ARXofWt.exe
  2⤵
  PID:4752
- C:\Windows\System\uCTixGd.exe
  C:\Windows\System\uCTixGd.exe
  2⤵
  PID:4768
- C:\Windows\System\LLSZxYF.exe
  C:\Windows\System\LLSZxYF.exe
  2⤵
  PID:4788
- C:\Windows\System\hIxuFFf.exe
  C:\Windows\System\hIxuFFf.exe
  2⤵
  PID:4804
- C:\Windows\System\tMbkWJX.exe
  C:\Windows\System\tMbkWJX.exe
  2⤵
  PID:4820
- C:\Windows\System\TWKwQel.exe
  C:\Windows\System\TWKwQel.exe
  2⤵
  PID:4836
- C:\Windows\System\tjSCoSq.exe
  C:\Windows\System\tjSCoSq.exe
  2⤵
  PID:4856
- C:\Windows\System\lUiozRk.exe
  C:\Windows\System\lUiozRk.exe
  2⤵
  PID:4876
- C:\Windows\System\XjaknIY.exe
  C:\Windows\System\XjaknIY.exe
  2⤵
  PID:4892
- C:\Windows\System\gPDBPNx.exe
  C:\Windows\System\gPDBPNx.exe
  2⤵
  PID:4908
- C:\Windows\System\iczTPAQ.exe
  C:\Windows\System\iczTPAQ.exe
  2⤵
  PID:4928
- C:\Windows\System\qyLZLTU.exe
  C:\Windows\System\qyLZLTU.exe
  2⤵
  PID:4944
- C:\Windows\System\rmLACBi.exe
  C:\Windows\System\rmLACBi.exe
  2⤵
  PID:4960
- C:\Windows\System\ZjXuOQw.exe
  C:\Windows\System\ZjXuOQw.exe
  2⤵
  PID:4984
- C:\Windows\System\bQLdJzh.exe
  C:\Windows\System\bQLdJzh.exe
  2⤵
  PID:5012
- C:\Windows\System\MCOySDN.exe
  C:\Windows\System\MCOySDN.exe
  2⤵
  PID:5048
- C:\Windows\System\PNBPGlM.exe
  C:\Windows\System\PNBPGlM.exe
  2⤵
  PID:5068
- C:\Windows\System\pcIVVwg.exe
  C:\Windows\System\pcIVVwg.exe
  2⤵
  PID:5088
- C:\Windows\System\xDSlXyW.exe
  C:\Windows\System\xDSlXyW.exe
  2⤵
  PID:5116
- C:\Windows\System\MzQFuuZ.exe
  C:\Windows\System\MzQFuuZ.exe
  2⤵
  PID:564
- C:\Windows\System\hGkDLIv.exe
  C:\Windows\System\hGkDLIv.exe
  2⤵
  PID:2800
- C:\Windows\System\noUEOMX.exe
  C:\Windows\System\noUEOMX.exe
  2⤵
  PID:4124
- C:\Windows\System\QItgvrp.exe
  C:\Windows\System\QItgvrp.exe
  2⤵
  PID:3756
- C:\Windows\System\NvWuyXV.exe
  C:\Windows\System\NvWuyXV.exe
  2⤵
  PID:1556
- C:\Windows\System\SdfoNxf.exe
  C:\Windows\System\SdfoNxf.exe
  2⤵
  PID:4200
- C:\Windows\System\YstiytG.exe
  C:\Windows\System\YstiytG.exe
  2⤵
  PID:4264
- C:\Windows\System\vEOEjLg.exe
  C:\Windows\System\vEOEjLg.exe
  2⤵
  PID:4336
- C:\Windows\System\cjjtaIL.exe
  C:\Windows\System\cjjtaIL.exe
  2⤵
  PID:4184
- C:\Windows\System\AJSHaDR.exe
  C:\Windows\System\AJSHaDR.exe
  2⤵
  PID:4212
- C:\Windows\System\CsJkKdt.exe
  C:\Windows\System\CsJkKdt.exe
  2⤵
  PID:4276
- C:\Windows\System\ysAszLI.exe
  C:\Windows\System\ysAszLI.exe
  2⤵
  PID:4316
- C:\Windows\System\MwSRMQp.exe
  C:\Windows\System\MwSRMQp.exe
  2⤵
  PID:4368
- C:\Windows\System\dNLBsMx.exe
  C:\Windows\System\dNLBsMx.exe
  2⤵
  PID:4364
- C:\Windows\System\LpkZcyu.exe
  C:\Windows\System\LpkZcyu.exe
  2⤵
  PID:4424
- C:\Windows\System\VBqbIGP.exe
  C:\Windows\System\VBqbIGP.exe
  2⤵
  PID:4448
- C:\Windows\System\YojkHzE.exe
  C:\Windows\System\YojkHzE.exe
  2⤵
  PID:4464
- C:\Windows\System\CXeuxbb.exe
  C:\Windows\System\CXeuxbb.exe
  2⤵
  PID:4560
- C:\Windows\System\ZAkpkLq.exe
  C:\Windows\System\ZAkpkLq.exe
  2⤵
  PID:4572
- C:\Windows\System\wTspTcc.exe
  C:\Windows\System\wTspTcc.exe
  2⤵
  PID:4648
- C:\Windows\System\iTSVrki.exe
  C:\Windows\System\iTSVrki.exe
  2⤵
  PID:4656
- C:\Windows\System\zlpnrAb.exe
  C:\Windows\System\zlpnrAb.exe
  2⤵
  PID:4704
- C:\Windows\System\QtkTFfd.exe
  C:\Windows\System\QtkTFfd.exe
  2⤵
  PID:4720
- C:\Windows\System\YgenJBD.exe
  C:\Windows\System\YgenJBD.exe
  2⤵
  PID:4764
- C:\Windows\System\gwzYIGr.exe
  C:\Windows\System\gwzYIGr.exe
  2⤵
  PID:4828
- C:\Windows\System\YxHcYmy.exe
  C:\Windows\System\YxHcYmy.exe
  2⤵
  PID:4900
- C:\Windows\System\Empsrpj.exe
  C:\Windows\System\Empsrpj.exe
  2⤵
  PID:4940
- C:\Windows\System\mdrhxdl.exe
  C:\Windows\System\mdrhxdl.exe
  2⤵
  PID:4952
- C:\Windows\System\XEvUHDR.exe
  C:\Windows\System\XEvUHDR.exe
  2⤵
  PID:4748
- C:\Windows\System\YffGnLH.exe
  C:\Windows\System\YffGnLH.exe
  2⤵
  PID:4816
- C:\Windows\System\YSyXFmH.exe
  C:\Windows\System\YSyXFmH.exe
  2⤵
  PID:5020
- C:\Windows\System\ZfZhHVW.exe
  C:\Windows\System\ZfZhHVW.exe
  2⤵
  PID:5044
- C:\Windows\System\zJwYWgP.exe
  C:\Windows\System\zJwYWgP.exe
  2⤵
  PID:1288
- C:\Windows\System\BphnZvL.exe
  C:\Windows\System\BphnZvL.exe
  2⤵
  PID:2872
- C:\Windows\System\DusRrBN.exe
  C:\Windows\System\DusRrBN.exe
  2⤵
  PID:1104
- C:\Windows\System\KUqqZIE.exe
  C:\Windows\System\KUqqZIE.exe
  2⤵
  PID:2536
- C:\Windows\System\pJTakHx.exe
  C:\Windows\System\pJTakHx.exe
  2⤵
  PID:4232
- C:\Windows\System\jNJKKlb.exe
  C:\Windows\System\jNJKKlb.exe
  2⤵
  PID:4160
- C:\Windows\System\vAsWDEi.exe
  C:\Windows\System\vAsWDEi.exe
  2⤵
  PID:4108
- C:\Windows\System\nEtqDHj.exe
  C:\Windows\System\nEtqDHj.exe
  2⤵
  PID:4244
- C:\Windows\System\ZOvPjGO.exe
  C:\Windows\System\ZOvPjGO.exe
  2⤵
  PID:4360
- C:\Windows\System\wNvXBmv.exe
  C:\Windows\System\wNvXBmv.exe
  2⤵
  PID:4480
- C:\Windows\System\znqooNA.exe
  C:\Windows\System\znqooNA.exe
  2⤵
  PID:4328
- C:\Windows\System\TNGXNZv.exe
  C:\Windows\System\TNGXNZv.exe
  2⤵
  PID:1684
- C:\Windows\System\ohuOFax.exe
  C:\Windows\System\ohuOFax.exe
  2⤵
  PID:4556
- C:\Windows\System\FNZpwhO.exe
  C:\Windows\System\FNZpwhO.exe
  2⤵
  PID:4544
- C:\Windows\System\zCBUDWK.exe
  C:\Windows\System\zCBUDWK.exe
  2⤵
  PID:4672
- C:\Windows\System\oopGyqE.exe
  C:\Windows\System\oopGyqE.exe
  2⤵
  PID:4700
- C:\Windows\System\flTtnWO.exe
  C:\Windows\System\flTtnWO.exe
  2⤵
  PID:4936
- C:\Windows\System\rLwDVec.exe
  C:\Windows\System\rLwDVec.exe
  2⤵
  PID:4980
- C:\Windows\System\xUWQVgD.exe
  C:\Windows\System\xUWQVgD.exe
  2⤵
  PID:5032
- C:\Windows\System\vhVvlhZ.exe
  C:\Windows\System\vhVvlhZ.exe
  2⤵
  PID:4872
- C:\Windows\System\HgYRluc.exe
  C:\Windows\System\HgYRluc.exe
  2⤵
  PID:4852
- C:\Windows\System\GFFSVbD.exe
  C:\Windows\System\GFFSVbD.exe
  2⤵
  PID:4992
- C:\Windows\System\AAJMTXr.exe
  C:\Windows\System\AAJMTXr.exe
  2⤵
  PID:5060
- C:\Windows\System\bJljQUk.exe
  C:\Windows\System\bJljQUk.exe
  2⤵
  PID:4156
- C:\Windows\System\GkfShfz.exe
  C:\Windows\System\GkfShfz.exe
  2⤵
  PID:4596
- C:\Windows\System\ZMIybbm.exe
  C:\Windows\System\ZMIybbm.exe
  2⤵
  PID:5108
- C:\Windows\System\NwwLYfE.exe
  C:\Windows\System\NwwLYfE.exe
  2⤵
  PID:4216
- C:\Windows\System\aYrlCLv.exe
  C:\Windows\System\aYrlCLv.exe
  2⤵
  PID:4376
- C:\Windows\System\WWzWrHm.exe
  C:\Windows\System\WWzWrHm.exe
  2⤵
  PID:4540
- C:\Windows\System\vTxExPd.exe
  C:\Windows\System\vTxExPd.exe
  2⤵
  PID:4372
- C:\Windows\System\QWuCSum.exe
  C:\Windows\System\QWuCSum.exe
  2⤵
  PID:1816
- C:\Windows\System\gxmYRCl.exe
  C:\Windows\System\gxmYRCl.exe
  2⤵
  PID:4636
- C:\Windows\System\HSZrnhy.exe
  C:\Windows\System\HSZrnhy.exe
  2⤵
  PID:4920
- C:\Windows\System\rrbkxqp.exe
  C:\Windows\System\rrbkxqp.exe
  2⤵
  PID:4744
- C:\Windows\System\bLDmzbX.exe
  C:\Windows\System\bLDmzbX.exe
  2⤵
  PID:5040
- C:\Windows\System\vIBJclO.exe
  C:\Windows\System\vIBJclO.exe
  2⤵
  PID:5008
- C:\Windows\System\zqmbiXb.exe
  C:\Windows\System\zqmbiXb.exe
  2⤵
  PID:4356
- C:\Windows\System\PcWJESh.exe
  C:\Windows\System\PcWJESh.exe
  2⤵
  PID:4120
- C:\Windows\System\gJVLBAk.exe
  C:\Windows\System\gJVLBAk.exe
  2⤵
  PID:4180
- C:\Windows\System\ffGvGer.exe
  C:\Windows\System\ffGvGer.exe
  2⤵
  PID:4352
- C:\Windows\System\ZsLywXg.exe
  C:\Windows\System\ZsLywXg.exe
  2⤵
  PID:4532
- C:\Windows\System\YLIiFwv.exe
  C:\Windows\System\YLIiFwv.exe
  2⤵
  PID:4468
- C:\Windows\System\HwBKXDi.exe
  C:\Windows\System\HwBKXDi.exe
  2⤵
  PID:5000
- C:\Windows\System\XQSpFni.exe
  C:\Windows\System\XQSpFni.exe
  2⤵
  PID:2804
- C:\Windows\System\vECWoFI.exe
  C:\Windows\System\vECWoFI.exe
  2⤵
  PID:5080
- C:\Windows\System\uPRuDOI.exe
  C:\Windows\System\uPRuDOI.exe
  2⤵
  PID:4296
- C:\Windows\System\dObLGcE.exe
  C:\Windows\System\dObLGcE.exe
  2⤵
  PID:976
- C:\Windows\System\MKMnBJa.exe
  C:\Windows\System\MKMnBJa.exe
  2⤵
  PID:4784
- C:\Windows\System\uvtMFGx.exe
  C:\Windows\System\uvtMFGx.exe
  2⤵
  PID:4632
- C:\Windows\System\uuZPLIf.exe
  C:\Windows\System\uuZPLIf.exe
  2⤵
  PID:4684
- C:\Windows\System\kZRCHEr.exe
  C:\Windows\System\kZRCHEr.exe
  2⤵
  PID:4800
- C:\Windows\System\rAJMrce.exe
  C:\Windows\System\rAJMrce.exe
  2⤵
  PID:4384
- C:\Windows\System\TuLsQmu.exe
  C:\Windows\System\TuLsQmu.exe
  2⤵
  PID:5136
- C:\Windows\System\YTrkVUC.exe
  C:\Windows\System\YTrkVUC.exe
  2⤵
  PID:5152
- C:\Windows\System\OURQMZq.exe
  C:\Windows\System\OURQMZq.exe
  2⤵
  PID:5172
- C:\Windows\System\dPxkDZU.exe
  C:\Windows\System\dPxkDZU.exe
  2⤵
  PID:5192
- C:\Windows\System\pOyigfl.exe
  C:\Windows\System\pOyigfl.exe
  2⤵
  PID:5212
- C:\Windows\System\ZFoGCuS.exe
  C:\Windows\System\ZFoGCuS.exe
  2⤵
  PID:5232
- C:\Windows\System\HfOwldP.exe
  C:\Windows\System\HfOwldP.exe
  2⤵
  PID:5248
- C:\Windows\System\vuctbLQ.exe
  C:\Windows\System\vuctbLQ.exe
  2⤵
  PID:5268
- C:\Windows\System\mCxkhyg.exe
  C:\Windows\System\mCxkhyg.exe
  2⤵
  PID:5284
- C:\Windows\System\lXDPIMO.exe
  C:\Windows\System\lXDPIMO.exe
  2⤵
  PID:5308
- C:\Windows\System\CiUrqfa.exe
  C:\Windows\System\CiUrqfa.exe
  2⤵
  PID:5328
- C:\Windows\System\zZgTRRc.exe
  C:\Windows\System\zZgTRRc.exe
  2⤵
  PID:5344
- C:\Windows\System\iKKiwGE.exe
  C:\Windows\System\iKKiwGE.exe
  2⤵
  PID:5388
- C:\Windows\System\kkWVpiM.exe
  C:\Windows\System\kkWVpiM.exe
  2⤵
  PID:5404
- C:\Windows\System\zLJglvz.exe
  C:\Windows\System\zLJglvz.exe
  2⤵
  PID:5420
- C:\Windows\System\LwcZVbw.exe
  C:\Windows\System\LwcZVbw.exe
  2⤵
  PID:5436
- C:\Windows\System\qjqKYhr.exe
  C:\Windows\System\qjqKYhr.exe
  2⤵
  PID:5452
- C:\Windows\System\PQLhNXF.exe
  C:\Windows\System\PQLhNXF.exe
  2⤵
  PID:5468
- C:\Windows\System\BlXoHfb.exe
  C:\Windows\System\BlXoHfb.exe
  2⤵
  PID:5492
- C:\Windows\System\rJimXJg.exe
  C:\Windows\System\rJimXJg.exe
  2⤵
  PID:5508
- C:\Windows\System\QKxxLxi.exe
  C:\Windows\System\QKxxLxi.exe
  2⤵
  PID:5536
- C:\Windows\System\fsliUaz.exe
  C:\Windows\System\fsliUaz.exe
  2⤵
  PID:5560
- C:\Windows\System\WjZRsMp.exe
  C:\Windows\System\WjZRsMp.exe
  2⤵
  PID:5592
- C:\Windows\System\rmcMnXt.exe
  C:\Windows\System\rmcMnXt.exe
  2⤵
  PID:5608
- C:\Windows\System\MwrgnJe.exe
  C:\Windows\System\MwrgnJe.exe
  2⤵
  PID:5624
- C:\Windows\System\jJZchCz.exe
  C:\Windows\System\jJZchCz.exe
  2⤵
  PID:5652
- C:\Windows\System\oRwRKSV.exe
  C:\Windows\System\oRwRKSV.exe
  2⤵
  PID:5672
- C:\Windows\System\mtPxvOL.exe
  C:\Windows\System\mtPxvOL.exe
  2⤵
  PID:5688
- C:\Windows\System\ZyNMFQk.exe
  C:\Windows\System\ZyNMFQk.exe
  2⤵
  PID:5708
- C:\Windows\System\Jiaupcc.exe
  C:\Windows\System\Jiaupcc.exe
  2⤵
  PID:5728
- C:\Windows\System\JTFvRRJ.exe
  C:\Windows\System\JTFvRRJ.exe
  2⤵
  PID:5744
- C:\Windows\System\cSwjnVR.exe
  C:\Windows\System\cSwjnVR.exe
  2⤵
  PID:5760
- C:\Windows\System\GrUThtd.exe
  C:\Windows\System\GrUThtd.exe
  2⤵
  PID:5776
- C:\Windows\System\mASaTtW.exe
  C:\Windows\System\mASaTtW.exe
  2⤵
  PID:5796
- C:\Windows\System\InvOsdj.exe
  C:\Windows\System\InvOsdj.exe
  2⤵
  PID:5816
- C:\Windows\System\FmWggXf.exe
  C:\Windows\System\FmWggXf.exe
  2⤵
  PID:5832
- C:\Windows\System\hhIWDEU.exe
  C:\Windows\System\hhIWDEU.exe
  2⤵
  PID:5864
- C:\Windows\System\dlSwiVH.exe
  C:\Windows\System\dlSwiVH.exe
  2⤵
  PID:5884
- C:\Windows\System\mVHTeAx.exe
  C:\Windows\System\mVHTeAx.exe
  2⤵
  PID:5908
- C:\Windows\System\nHUpMbz.exe
  C:\Windows\System\nHUpMbz.exe
  2⤵
  PID:5924
- C:\Windows\System\RmOfXJr.exe
  C:\Windows\System\RmOfXJr.exe
  2⤵
  PID:5952
- C:\Windows\System\BReODeC.exe
  C:\Windows\System\BReODeC.exe
  2⤵
  PID:5968
- C:\Windows\System\RCAzJQD.exe
  C:\Windows\System\RCAzJQD.exe
  2⤵
  PID:5984
- C:\Windows\System\obPpiQT.exe
  C:\Windows\System\obPpiQT.exe
  2⤵
  PID:6004
- C:\Windows\System\GESpJql.exe
  C:\Windows\System\GESpJql.exe
  2⤵
  PID:6020
- C:\Windows\System\oeCsjNO.exe
  C:\Windows\System\oeCsjNO.exe
  2⤵
  PID:6036
- C:\Windows\System\HqByjIX.exe
  C:\Windows\System\HqByjIX.exe
  2⤵
  PID:6060
- C:\Windows\System\CTEyvwO.exe
  C:\Windows\System\CTEyvwO.exe
  2⤵
  PID:6084
- C:\Windows\System\nlBiFrN.exe
  C:\Windows\System\nlBiFrN.exe
  2⤵
  PID:6100
- C:\Windows\System\JIgzCpc.exe
  C:\Windows\System\JIgzCpc.exe
  2⤵
  PID:6128
- C:\Windows\System\cQmPEzx.exe
  C:\Windows\System\cQmPEzx.exe
  2⤵
  PID:5132
- C:\Windows\System\gusgfcj.exe
  C:\Windows\System\gusgfcj.exe
  2⤵
  PID:4760
- C:\Windows\System\qEwyTDI.exe
  C:\Windows\System\qEwyTDI.exe
  2⤵
  PID:5208
- C:\Windows\System\gAftVDk.exe
  C:\Windows\System\gAftVDk.exe
  2⤵
  PID:5276
- C:\Windows\System\pBfavww.exe
  C:\Windows\System\pBfavww.exe
  2⤵
  PID:5324
- C:\Windows\System\DisFQnp.exe
  C:\Windows\System\DisFQnp.exe
  2⤵
  PID:5184
- C:\Windows\System\ngJkXwP.exe
  C:\Windows\System\ngJkXwP.exe
  2⤵
  PID:4888
- C:\Windows\System\ZyGmBeC.exe
  C:\Windows\System\ZyGmBeC.exe
  2⤵
  PID:5264
- C:\Windows\System\NDpAmrY.exe
  C:\Windows\System\NDpAmrY.exe
  2⤵
  PID:5336
- C:\Windows\System\xotUxXe.exe
  C:\Windows\System\xotUxXe.exe
  2⤵
  PID:5364
- C:\Windows\System\LhHSYzH.exe
  C:\Windows\System\LhHSYzH.exe
  2⤵
  PID:5476
- C:\Windows\System\Nbtsimy.exe
  C:\Windows\System\Nbtsimy.exe
  2⤵
  PID:5516
- C:\Windows\System\ACxZIbn.exe
  C:\Windows\System\ACxZIbn.exe
  2⤵
  PID:5524
- C:\Windows\System\RkzyXwq.exe
  C:\Windows\System\RkzyXwq.exe
  2⤵
  PID:5432
- C:\Windows\System\RzGZoHH.exe
  C:\Windows\System\RzGZoHH.exe
  2⤵
  PID:5500
- C:\Windows\System\DezWegy.exe
  C:\Windows\System\DezWegy.exe
  2⤵
  PID:5576
- C:\Windows\System\DzZkPod.exe
  C:\Windows\System\DzZkPod.exe
  2⤵
  PID:5600
- C:\Windows\System\bynTRnC.exe
  C:\Windows\System\bynTRnC.exe
  2⤵
  PID:5616
- C:\Windows\System\pigxugx.exe
  C:\Windows\System\pigxugx.exe
  2⤵
  PID:5636
- C:\Windows\System\ZHGsJSY.exe
  C:\Windows\System\ZHGsJSY.exe
  2⤵
  PID:5696
- C:\Windows\System\HEkDGbo.exe
  C:\Windows\System\HEkDGbo.exe
  2⤵
  PID:5740
- C:\Windows\System\AGxEpuA.exe
  C:\Windows\System\AGxEpuA.exe
  2⤵
  PID:5812
- C:\Windows\System\tVJOngT.exe
  C:\Windows\System\tVJOngT.exe
  2⤵
  PID:5840
- C:\Windows\System\LkSCXnl.exe
  C:\Windows\System\LkSCXnl.exe
  2⤵
  PID:5792
- C:\Windows\System\QnNwJbQ.exe
  C:\Windows\System\QnNwJbQ.exe
  2⤵
  PID:5876
- C:\Windows\System\xzdTmJO.exe
  C:\Windows\System\xzdTmJO.exe
  2⤵
  PID:5916
- C:\Windows\System\oJXEmEQ.exe
  C:\Windows\System\oJXEmEQ.exe
  2⤵
  PID:5948
- C:\Windows\System\HfjkXtb.exe
  C:\Windows\System\HfjkXtb.exe
  2⤵
  PID:6044
- C:\Windows\System\IIslDIZ.exe
  C:\Windows\System\IIslDIZ.exe
  2⤵
  PID:5964
- C:\Windows\System\zuFPqeP.exe
  C:\Windows\System\zuFPqeP.exe
  2⤵
  PID:6000
- C:\Windows\System\orXrLdA.exe
  C:\Windows\System\orXrLdA.exe
  2⤵
  PID:5960
- C:\Windows\System\YcEOvwk.exe
  C:\Windows\System\YcEOvwk.exe
  2⤵
  PID:6116
- C:\Windows\System\JExipzm.exe
  C:\Windows\System\JExipzm.exe
  2⤵
  PID:6136
- C:\Windows\System\lvATCWO.exe
  C:\Windows\System\lvATCWO.exe
  2⤵
  PID:5204
- C:\Windows\System\WJgnBaR.exe
  C:\Windows\System\WJgnBaR.exe
  2⤵
  PID:4444
- C:\Windows\System\GqkQtXU.exe
  C:\Windows\System\GqkQtXU.exe
  2⤵
  PID:4520
- C:\Windows\System\ycSPkCC.exe
  C:\Windows\System\ycSPkCC.exe
  2⤵
  PID:5180
- C:\Windows\System\vOPcLFG.exe
  C:\Windows\System\vOPcLFG.exe
  2⤵
  PID:5244
- C:\Windows\System\JmbDIzL.exe
  C:\Windows\System\JmbDIzL.exe
  2⤵
  PID:5376
- C:\Windows\System\DWjcQmz.exe
  C:\Windows\System\DWjcQmz.exe
  2⤵
  PID:5544
- C:\Windows\System\cHPvqHW.exe
  C:\Windows\System\cHPvqHW.exe
  2⤵
  PID:5588
- C:\Windows\System\hmetTdK.exe
  C:\Windows\System\hmetTdK.exe
  2⤵
  PID:5752
- C:\Windows\System\aRrftLH.exe
  C:\Windows\System\aRrftLH.exe
  2⤵
  PID:5664
- C:\Windows\System\VPHwCeK.exe
  C:\Windows\System\VPHwCeK.exe
  2⤵
  PID:5552
- C:\Windows\System\VvVPRYD.exe
  C:\Windows\System\VvVPRYD.exe
  2⤵
  PID:5860
- C:\Windows\System\YFsobVY.exe
  C:\Windows\System\YFsobVY.exe
  2⤵
  PID:5684
- C:\Windows\System\aghPBwJ.exe
  C:\Windows\System\aghPBwJ.exe
  2⤵
  PID:5788
- C:\Windows\System\nPxDExd.exe
  C:\Windows\System\nPxDExd.exe
  2⤵
  PID:5904
- C:\Windows\System\XMCkmwZ.exe
  C:\Windows\System\XMCkmwZ.exe
  2⤵
  PID:6012
- C:\Windows\System\zgQjnNP.exe
  C:\Windows\System\zgQjnNP.exe
  2⤵
  PID:6028
- C:\Windows\System\HdcaPaL.exe
  C:\Windows\System\HdcaPaL.exe
  2⤵
  PID:6080
- C:\Windows\System\NZTSeUC.exe
  C:\Windows\System\NZTSeUC.exe
  2⤵
  PID:5220
- C:\Windows\System\RnBkGnx.exe
  C:\Windows\System\RnBkGnx.exe
  2⤵
  PID:5200
- C:\Windows\System\PQKEzEx.exe
  C:\Windows\System\PQKEzEx.exe
  2⤵
  PID:5340
- C:\Windows\System\KnLqdGI.exe
  C:\Windows\System\KnLqdGI.exe
  2⤵
  PID:5304
- C:\Windows\System\jMWZMRr.exe
  C:\Windows\System\jMWZMRr.exe
  2⤵
  PID:5480
- C:\Windows\System\ulJngzF.exe
  C:\Windows\System\ulJngzF.exe
  2⤵
  PID:5644
- C:\Windows\System\Oubgnoh.exe
  C:\Windows\System\Oubgnoh.exe
  2⤵
  PID:5772
- C:\Windows\System\vdQbveS.exe
  C:\Windows\System\vdQbveS.exe
  2⤵
  PID:5736
- C:\Windows\System\xTRMTlo.exe
  C:\Windows\System\xTRMTlo.exe
  2⤵
  PID:5828
- C:\Windows\System\xGxruPY.exe
  C:\Windows\System\xGxruPY.exe
  2⤵
  PID:5940
- C:\Windows\System\nJnCCcH.exe
  C:\Windows\System\nJnCCcH.exe
  2⤵
  PID:6076
- C:\Windows\System\fdJKkNq.exe
  C:\Windows\System\fdJKkNq.exe
  2⤵
  PID:5316
- C:\Windows\System\YofOAwW.exe
  C:\Windows\System\YofOAwW.exe
  2⤵
  PID:5320
- C:\Windows\System\WHmncsn.exe
  C:\Windows\System\WHmncsn.exe
  2⤵
  PID:6112
- C:\Windows\System\OqozMQW.exe
  C:\Windows\System\OqozMQW.exe
  2⤵
  PID:5808
- C:\Windows\System\qyMZYgt.exe
  C:\Windows\System\qyMZYgt.exe
  2⤵
  PID:5548
- C:\Windows\System\uXpbeaX.exe
  C:\Windows\System\uXpbeaX.exe
  2⤵
  PID:5784
- C:\Windows\System\nCvMDDl.exe
  C:\Windows\System\nCvMDDl.exe
  2⤵
  PID:5568
- C:\Windows\System\OajBtUL.exe
  C:\Windows\System\OajBtUL.exe
  2⤵
  PID:6056
- C:\Windows\System\phZJmFy.exe
  C:\Windows\System\phZJmFy.exe
  2⤵
  PID:5444
- C:\Windows\System\ZBSbyNx.exe
  C:\Windows\System\ZBSbyNx.exe
  2⤵
  PID:5892
- C:\Windows\System\RRkhfCW.exe
  C:\Windows\System\RRkhfCW.exe
  2⤵
  PID:6068
- C:\Windows\System\eKDzlLZ.exe
  C:\Windows\System\eKDzlLZ.exe
  2⤵
  PID:6180
- C:\Windows\System\IpORAgg.exe
  C:\Windows\System\IpORAgg.exe
  2⤵
  PID:6196
- C:\Windows\System\voEEmkL.exe
  C:\Windows\System\voEEmkL.exe
  2⤵
  PID:6220
- C:\Windows\System\VAuCNCr.exe
  C:\Windows\System\VAuCNCr.exe
  2⤵
  PID:6236
- C:\Windows\System\bzYINhA.exe
  C:\Windows\System\bzYINhA.exe
  2⤵
  PID:6256
- C:\Windows\System\YjDwrfw.exe
  C:\Windows\System\YjDwrfw.exe
  2⤵
  PID:6280
- C:\Windows\System\jqhPjhZ.exe
  C:\Windows\System\jqhPjhZ.exe
  2⤵
  PID:6300
- C:\Windows\System\zkObQvK.exe
  C:\Windows\System\zkObQvK.exe
  2⤵
  PID:6316
- C:\Windows\System\GLKztQP.exe
  C:\Windows\System\GLKztQP.exe
  2⤵
  PID:6336
- C:\Windows\System\BRfSIlr.exe
  C:\Windows\System\BRfSIlr.exe
  2⤵
  PID:6360
- C:\Windows\System\YwzxxkV.exe
  C:\Windows\System\YwzxxkV.exe
  2⤵
  PID:6380
- C:\Windows\System\ATxGKUU.exe
  C:\Windows\System\ATxGKUU.exe
  2⤵
  PID:6400
- C:\Windows\System\kceXFxM.exe
  C:\Windows\System\kceXFxM.exe
  2⤵
  PID:6416
- C:\Windows\System\aYfeDUa.exe
  C:\Windows\System\aYfeDUa.exe
  2⤵
  PID:6440
- C:\Windows\System\WBqPKpE.exe
  C:\Windows\System\WBqPKpE.exe
  2⤵
  PID:6456
- C:\Windows\System\oozvtVb.exe
  C:\Windows\System\oozvtVb.exe
  2⤵
  PID:6472
- C:\Windows\System\pekQazl.exe
  C:\Windows\System\pekQazl.exe
  2⤵
  PID:6492
- C:\Windows\System\NboRlDv.exe
  C:\Windows\System\NboRlDv.exe
  2⤵
  PID:6508
- C:\Windows\System\JgFyhIF.exe
  C:\Windows\System\JgFyhIF.exe
  2⤵
  PID:6524
- C:\Windows\System\bKtbgfj.exe
  C:\Windows\System\bKtbgfj.exe
  2⤵
  PID:6540
- C:\Windows\System\SLKFICf.exe
  C:\Windows\System\SLKFICf.exe
  2⤵
  PID:6564
- C:\Windows\System\MLbnBlG.exe
  C:\Windows\System\MLbnBlG.exe
  2⤵
  PID:6580
- C:\Windows\System\yZmskka.exe
  C:\Windows\System\yZmskka.exe
  2⤵
  PID:6596
- C:\Windows\System\tdoIcEY.exe
  C:\Windows\System\tdoIcEY.exe
  2⤵
  PID:6612
- C:\Windows\System\zdOLJyc.exe
  C:\Windows\System\zdOLJyc.exe
  2⤵
  PID:6628
- C:\Windows\System\UXOJsTB.exe
  C:\Windows\System\UXOJsTB.exe
  2⤵
  PID:6684
- C:\Windows\System\MXjrjFs.exe
  C:\Windows\System\MXjrjFs.exe
  2⤵
  PID:6700
- C:\Windows\System\QqtLDDs.exe
  C:\Windows\System\QqtLDDs.exe
  2⤵
  PID:6716
- C:\Windows\System\uwJgoJs.exe
  C:\Windows\System\uwJgoJs.exe
  2⤵
  PID:6732
- C:\Windows\System\POgodUw.exe
  C:\Windows\System\POgodUw.exe
  2⤵
  PID:6748
- C:\Windows\System\TrDmfwZ.exe
  C:\Windows\System\TrDmfwZ.exe
  2⤵
  PID:6764
- C:\Windows\System\PjajoMF.exe
  C:\Windows\System\PjajoMF.exe
  2⤵
  PID:6784
- C:\Windows\System\FlAjGXm.exe
  C:\Windows\System\FlAjGXm.exe
  2⤵
  PID:6800
- C:\Windows\System\SLWdSih.exe
  C:\Windows\System\SLWdSih.exe
  2⤵
  PID:6824
- C:\Windows\System\tyJmxNi.exe
  C:\Windows\System\tyJmxNi.exe
  2⤵
  PID:6840
- C:\Windows\System\zDYoTtm.exe
  C:\Windows\System\zDYoTtm.exe
  2⤵
  PID:6860
- C:\Windows\System\jiHYPCt.exe
  C:\Windows\System\jiHYPCt.exe
  2⤵
  PID:6880
- C:\Windows\System\IRNAQYu.exe
  C:\Windows\System\IRNAQYu.exe
  2⤵
  PID:6904
- C:\Windows\System\tXmSbEZ.exe
  C:\Windows\System\tXmSbEZ.exe
  2⤵
  PID:6924
- C:\Windows\System\MpNFlsl.exe
  C:\Windows\System\MpNFlsl.exe
  2⤵
  PID:6968
- C:\Windows\System\zrRURFr.exe
  C:\Windows\System\zrRURFr.exe
  2⤵
  PID:6984
- C:\Windows\System\EHlhVYo.exe
  C:\Windows\System\EHlhVYo.exe
  2⤵
  PID:7000
- C:\Windows\System\TLFrDYI.exe
  C:\Windows\System\TLFrDYI.exe
  2⤵
  PID:7016
- C:\Windows\System\ASACeSO.exe
  C:\Windows\System\ASACeSO.exe
  2⤵
  PID:7036
- C:\Windows\System\rQryTxZ.exe
  C:\Windows\System\rQryTxZ.exe
  2⤵
  PID:7052
- C:\Windows\System\rcWqXtd.exe
  C:\Windows\System\rcWqXtd.exe
  2⤵
  PID:7072
- C:\Windows\System\DYbzZCI.exe
  C:\Windows\System\DYbzZCI.exe
  2⤵
  PID:7088
- C:\Windows\System\arrexzS.exe
  C:\Windows\System\arrexzS.exe
  2⤵
  PID:7104
- C:\Windows\System\cVtkLIo.exe
  C:\Windows\System\cVtkLIo.exe
  2⤵
  PID:7120
- C:\Windows\System\gMVsbQN.exe
  C:\Windows\System\gMVsbQN.exe
  2⤵
  PID:7140
- C:\Windows\System\ccNcMJd.exe
  C:\Windows\System\ccNcMJd.exe
  2⤵
  PID:7156
- C:\Windows\System\suEexKY.exe
  C:\Windows\System\suEexKY.exe
  2⤵
  PID:6124
- C:\Windows\System\cVbCnkL.exe
  C:\Windows\System\cVbCnkL.exe
  2⤵
  PID:5856
- C:\Windows\System\dFgkRNo.exe
  C:\Windows\System\dFgkRNo.exe
  2⤵
  PID:5632
- C:\Windows\System\dZtkAQY.exe
  C:\Windows\System\dZtkAQY.exe
  2⤵
  PID:6188
- C:\Windows\System\jojGiVA.exe
  C:\Windows\System\jojGiVA.exe
  2⤵
  PID:6264
- C:\Windows\System\RXSPcTO.exe
  C:\Windows\System\RXSPcTO.exe
  2⤵
  PID:6204
- C:\Windows\System\cntlpVN.exe
  C:\Windows\System\cntlpVN.exe
  2⤵
  PID:6276
- C:\Windows\System\MNAyUGg.exe
  C:\Windows\System\MNAyUGg.exe
  2⤵
  PID:6292
- C:\Windows\System\HAhHxFr.exe
  C:\Windows\System\HAhHxFr.exe
  2⤵
  PID:6324
- C:\Windows\System\lythiWW.exe
  C:\Windows\System\lythiWW.exe
  2⤵
  PID:6368
- C:\Windows\System\zDEPgFN.exe
  C:\Windows\System\zDEPgFN.exe
  2⤵
  PID:6392
- C:\Windows\System\ecDaHbB.exe
  C:\Windows\System\ecDaHbB.exe
  2⤵
  PID:6536
- C:\Windows\System\DrnlROG.exe
  C:\Windows\System\DrnlROG.exe
  2⤵
  PID:6452
- C:\Windows\System\BwMAjup.exe
  C:\Windows\System\BwMAjup.exe
  2⤵
  PID:6620
- C:\Windows\System\LskHNlH.exe
  C:\Windows\System\LskHNlH.exe
  2⤵
  PID:6556
- C:\Windows\System\wDUwLfC.exe
  C:\Windows\System\wDUwLfC.exe
  2⤵
  PID:6520
- C:\Windows\System\bDOJGzs.exe
  C:\Windows\System\bDOJGzs.exe
  2⤵
  PID:6648
- C:\Windows\System\zAqmcSk.exe
  C:\Windows\System\zAqmcSk.exe
  2⤵
  PID:6660
- C:\Windows\System\wdmQyZx.exe
  C:\Windows\System\wdmQyZx.exe
  2⤵
  PID:6672
- C:\Windows\System\oqVwCus.exe
  C:\Windows\System\oqVwCus.exe
  2⤵
  PID:6792
- C:\Windows\System\KnzSqbd.exe
  C:\Windows\System\KnzSqbd.exe
  2⤵
  PID:6760
- C:\Windows\System\DEEolYJ.exe
  C:\Windows\System\DEEolYJ.exe
  2⤵
  PID:6708
- C:\Windows\System\oPWrUgD.exe
  C:\Windows\System\oPWrUgD.exe
  2⤵
  PID:6756
- C:\Windows\System\mLVGbaH.exe
  C:\Windows\System\mLVGbaH.exe
  2⤵
  PID:6892
- C:\Windows\System\GiTEmcp.exe
  C:\Windows\System\GiTEmcp.exe
  2⤵
  PID:6944
- C:\Windows\System\rhPCGVV.exe
  C:\Windows\System\rhPCGVV.exe
  2⤵
  PID:6960
- C:\Windows\System\gELzzeJ.exe
  C:\Windows\System\gELzzeJ.exe
  2⤵
  PID:6936
- C:\Windows\System\KvxtIdX.exe
  C:\Windows\System\KvxtIdX.exe
  2⤵
  PID:6980
- C:\Windows\System\PXJnDqx.exe
  C:\Windows\System\PXJnDqx.exe
  2⤵
  PID:6976
- C:\Windows\System\aqFjtvD.exe
  C:\Windows\System\aqFjtvD.exe
  2⤵
  PID:7084
- C:\Windows\System\RoqCazH.exe
  C:\Windows\System\RoqCazH.exe
  2⤵
  PID:7060
- C:\Windows\System\yrOowNI.exe
  C:\Windows\System\yrOowNI.exe
  2⤵
  PID:7096
- C:\Windows\System\OdYXEQq.exe
  C:\Windows\System\OdYXEQq.exe
  2⤵
  PID:5648
- C:\Windows\System\BbErTLu.exe
  C:\Windows\System\BbErTLu.exe
  2⤵
  PID:5224
- C:\Windows\System\EvsPiKo.exe
  C:\Windows\System\EvsPiKo.exe
  2⤵
  PID:6176
- C:\Windows\System\FCHFUGM.exe
  C:\Windows\System\FCHFUGM.exe
  2⤵
  PID:6248
- C:\Windows\System\UtndYBw.exe
  C:\Windows\System\UtndYBw.exe
  2⤵
  PID:6388
- C:\Windows\System\vABQKES.exe
  C:\Windows\System\vABQKES.exe
  2⤵
  PID:6268
- C:\Windows\System\QjFiQow.exe
  C:\Windows\System\QjFiQow.exe
  2⤵
  PID:6252
- C:\Windows\System\liOcxfX.exe
  C:\Windows\System\liOcxfX.exe
  2⤵
  PID:6428
- C:\Windows\System\aYqFpaq.exe
  C:\Windows\System\aYqFpaq.exe
  2⤵
  PID:6464
- C:\Windows\System\wpbLPZx.exe
  C:\Windows\System\wpbLPZx.exe
  2⤵
  PID:6548
- C:\Windows\System\ySYzckx.exe
  C:\Windows\System\ySYzckx.exe
  2⤵
  PID:6652
- C:\Windows\System\sVZKBuS.exe
  C:\Windows\System\sVZKBuS.exe
  2⤵
  PID:6500
- C:\Windows\System\Rqhkmqm.exe
  C:\Windows\System\Rqhkmqm.exe
  2⤵
  PID:6608
- C:\Windows\System\SobmIvS.exe
  C:\Windows\System\SobmIvS.exe
  2⤵
  PID:6780
- C:\Windows\System\BPAnzyN.exe
  C:\Windows\System\BPAnzyN.exe
  2⤵
  PID:6848
- C:\Windows\System\khGENgY.exe
  C:\Windows\System\khGENgY.exe
  2⤵
  PID:6692
- C:\Windows\System\yAZoNyA.exe
  C:\Windows\System\yAZoNyA.exe
  2⤵
  PID:7032
- C:\Windows\System\lPXDxIZ.exe
  C:\Windows\System\lPXDxIZ.exe
  2⤵
  PID:7116
- C:\Windows\System\iTUgKsf.exe
  C:\Windows\System\iTUgKsf.exe
  2⤵
  PID:5428
- C:\Windows\System\JLCOqCE.exe
  C:\Windows\System\JLCOqCE.exe
  2⤵
  PID:6288
- C:\Windows\System\hUXipNf.exe
  C:\Windows\System\hUXipNf.exe
  2⤵
  PID:6636
- C:\Windows\System\dKLzucH.exe
  C:\Windows\System\dKLzucH.exe
  2⤵
  PID:6232
- C:\Windows\System\sAywDSX.exe
  C:\Windows\System\sAywDSX.exe
  2⤵
  PID:6396
- C:\Windows\System\lwXkBsL.exe
  C:\Windows\System\lwXkBsL.exe
  2⤵
  PID:6516
- C:\Windows\System\tlCmRnL.exe
  C:\Windows\System\tlCmRnL.exe
  2⤵
  PID:6624
- C:\Windows\System\KCAlRwL.exe
  C:\Windows\System\KCAlRwL.exe
  2⤵
  PID:6604
- C:\Windows\System\VDXgVLe.exe
  C:\Windows\System\VDXgVLe.exe
  2⤵
  PID:7064
- C:\Windows\System\AgzuQWN.exe
  C:\Windows\System\AgzuQWN.exe
  2⤵
  PID:6680
- C:\Windows\System\tYhhfzR.exe
  C:\Windows\System\tYhhfzR.exe
  2⤵
  PID:6228
- C:\Windows\System\fhaeuaq.exe
  C:\Windows\System\fhaeuaq.exe
  2⤵
  PID:6920
- C:\Windows\System\wabtdub.exe
  C:\Windows\System\wabtdub.exe
  2⤵
  PID:7132
- C:\Windows\System\HvZAylj.exe
  C:\Windows\System\HvZAylj.exe
  2⤵
  PID:6952
- C:\Windows\System\sPMvmXZ.exe
  C:\Windows\System\sPMvmXZ.exe
  2⤵
  PID:6504
- C:\Windows\System\AMmZRld.exe
  C:\Windows\System\AMmZRld.exe
  2⤵
  PID:6996
- C:\Windows\System\oGIwKMO.exe
  C:\Windows\System\oGIwKMO.exe
  2⤵
  PID:7136
- C:\Windows\System\bLZPsYX.exe
  C:\Windows\System\bLZPsYX.exe
  2⤵
  PID:6836
- C:\Windows\System\cbAZgOH.exe
  C:\Windows\System\cbAZgOH.exe
  2⤵
  PID:6696
- C:\Windows\System\ZVuFPIm.exe
  C:\Windows\System\ZVuFPIm.exe
  2⤵
  PID:6352
- C:\Windows\System\GnKEYnH.exe
  C:\Windows\System\GnKEYnH.exe
  2⤵
  PID:7068
- C:\Windows\System\klTXniv.exe
  C:\Windows\System\klTXniv.exe
  2⤵
  PID:6592
- C:\Windows\System\EOJfnVJ.exe
  C:\Windows\System\EOJfnVJ.exe
  2⤵
  PID:6820
- C:\Windows\System\KUPUhUo.exe
  C:\Windows\System\KUPUhUo.exe
  2⤵
  PID:6156
- C:\Windows\System\PhgmRwc.exe
  C:\Windows\System\PhgmRwc.exe
  2⤵
  PID:7184
- C:\Windows\System\AZSaigY.exe
  C:\Windows\System\AZSaigY.exe
  2⤵
  PID:7200
- C:\Windows\System\ZbqykKg.exe
  C:\Windows\System\ZbqykKg.exe
  2⤵
  PID:7228
- C:\Windows\System\AbWmRMA.exe
  C:\Windows\System\AbWmRMA.exe
  2⤵
  PID:7264
- C:\Windows\System\mabtwEL.exe
  C:\Windows\System\mabtwEL.exe
  2⤵
  PID:7284
- C:\Windows\System\IQEHZXs.exe
  C:\Windows\System\IQEHZXs.exe
  2⤵
  PID:7300
- C:\Windows\System\LOsVlec.exe
  C:\Windows\System\LOsVlec.exe
  2⤵
  PID:7316
- C:\Windows\System\LnToQwC.exe
  C:\Windows\System\LnToQwC.exe
  2⤵
  PID:7332
- C:\Windows\System\VjfOTKa.exe
  C:\Windows\System\VjfOTKa.exe
  2⤵
  PID:7352
- C:\Windows\System\JCYsglE.exe
  C:\Windows\System\JCYsglE.exe
  2⤵
  PID:7368
- C:\Windows\System\BdjhZkW.exe
  C:\Windows\System\BdjhZkW.exe
  2⤵
  PID:7396
- C:\Windows\System\oBPXoOT.exe
  C:\Windows\System\oBPXoOT.exe
  2⤵
  PID:7412
- C:\Windows\System\JfAIVTB.exe
  C:\Windows\System\JfAIVTB.exe
  2⤵
  PID:7428
- C:\Windows\System\EtrXtYM.exe
  C:\Windows\System\EtrXtYM.exe
  2⤵
  PID:7444
- C:\Windows\System\hlkXcOq.exe
  C:\Windows\System\hlkXcOq.exe
  2⤵
  PID:7460
- C:\Windows\System\GZhoAdQ.exe
  C:\Windows\System\GZhoAdQ.exe
  2⤵
  PID:7488
- C:\Windows\System\fExGlQE.exe
  C:\Windows\System\fExGlQE.exe
  2⤵
  PID:7504
- C:\Windows\System\LmCNRoa.exe
  C:\Windows\System\LmCNRoa.exe
  2⤵
  PID:7524
- C:\Windows\System\GpDONFd.exe
  C:\Windows\System\GpDONFd.exe
  2⤵
  PID:7560
- C:\Windows\System\AXAwArO.exe
  C:\Windows\System\AXAwArO.exe
  2⤵
  PID:7580
- C:\Windows\System\BjLbswt.exe
  C:\Windows\System\BjLbswt.exe
  2⤵
  PID:7600
- C:\Windows\System\eGcZBeK.exe
  C:\Windows\System\eGcZBeK.exe
  2⤵
  PID:7616
- C:\Windows\System\DRKQvZZ.exe
  C:\Windows\System\DRKQvZZ.exe
  2⤵
  PID:7652
- C:\Windows\System\SheFgcX.exe
  C:\Windows\System\SheFgcX.exe
  2⤵
  PID:7672
- C:\Windows\System\xVYKybS.exe
  C:\Windows\System\xVYKybS.exe
  2⤵
  PID:7692
- C:\Windows\System\lIamPmf.exe
  C:\Windows\System\lIamPmf.exe
  2⤵
  PID:7708
- C:\Windows\System\fkaWynO.exe
  C:\Windows\System\fkaWynO.exe
  2⤵
  PID:7728
- C:\Windows\System\wgGvzZo.exe
  C:\Windows\System\wgGvzZo.exe
  2⤵
  PID:7756
- C:\Windows\System\kaMLpuV.exe
  C:\Windows\System\kaMLpuV.exe
  2⤵
  PID:7772
- C:\Windows\System\NYpmlRf.exe
  C:\Windows\System\NYpmlRf.exe
  2⤵
  PID:7788
- C:\Windows\System\qWptKsk.exe
  C:\Windows\System\qWptKsk.exe
  2⤵
  PID:7808
- C:\Windows\System\RUeLuhI.exe
  C:\Windows\System\RUeLuhI.exe
  2⤵
  PID:7828
- C:\Windows\System\GqhjqCr.exe
  C:\Windows\System\GqhjqCr.exe
  2⤵
  PID:7844
- C:\Windows\System\XIubSZb.exe
  C:\Windows\System\XIubSZb.exe
  2⤵
  PID:7860
- C:\Windows\System\TroYepR.exe
  C:\Windows\System\TroYepR.exe
  2⤵
  PID:7876
- C:\Windows\System\sXRnVad.exe
  C:\Windows\System\sXRnVad.exe
  2⤵
  PID:7892
- C:\Windows\System\jijIuCf.exe
  C:\Windows\System\jijIuCf.exe
  2⤵
  PID:7908
- C:\Windows\System\yyMlZEk.exe
  C:\Windows\System\yyMlZEk.exe
  2⤵
  PID:7932
- C:\Windows\System\qeDQqZv.exe
  C:\Windows\System\qeDQqZv.exe
  2⤵
  PID:7980
- C:\Windows\System\GRHjfXG.exe
  C:\Windows\System\GRHjfXG.exe
  2⤵
  PID:7996
- C:\Windows\System\ahgMLKc.exe
  C:\Windows\System\ahgMLKc.exe
  2⤵
  PID:8012
- C:\Windows\System\NovccqQ.exe
  C:\Windows\System\NovccqQ.exe
  2⤵
  PID:8028
- C:\Windows\System\BNunTSf.exe
  C:\Windows\System\BNunTSf.exe
  2⤵
  PID:8048
- C:\Windows\System\fyoXmhH.exe
  C:\Windows\System\fyoXmhH.exe
  2⤵
  PID:8072
- C:\Windows\System\rUWjyiB.exe
  C:\Windows\System\rUWjyiB.exe
  2⤵
  PID:8100
- C:\Windows\System\KAREkFV.exe
  C:\Windows\System\KAREkFV.exe
  2⤵
  PID:8116
- C:\Windows\System\XJWMbKE.exe
  C:\Windows\System\XJWMbKE.exe
  2⤵
  PID:8132
- C:\Windows\System\EfKnnib.exe
  C:\Windows\System\EfKnnib.exe
  2⤵
  PID:8152
- C:\Windows\System\tBGsVgj.exe
  C:\Windows\System\tBGsVgj.exe
  2⤵
  PID:8168
- C:\Windows\System\eZZObAy.exe
  C:\Windows\System\eZZObAy.exe
  2⤵
  PID:8184
- C:\Windows\System\TfUohsB.exe
  C:\Windows\System\TfUohsB.exe
  2⤵
  PID:5872
- C:\Windows\System\YKMNEyl.exe
  C:\Windows\System\YKMNEyl.exe
  2⤵
  PID:7208
- C:\Windows\System\jLYFrJm.exe
  C:\Windows\System\jLYFrJm.exe
  2⤵
  PID:7224
- C:\Windows\System\cYoHlSY.exe
  C:\Windows\System\cYoHlSY.exe
  2⤵
  PID:7192
- C:\Windows\System\uBihPKJ.exe
  C:\Windows\System\uBihPKJ.exe
  2⤵
  PID:7236
- C:\Windows\System\vGmpMLA.exe
  C:\Windows\System\vGmpMLA.exe
  2⤵
  PID:7272
- C:\Windows\System\IUzFyGg.exe
  C:\Windows\System\IUzFyGg.exe
  2⤵
  PID:7312
- C:\Windows\System\pJjDDad.exe
  C:\Windows\System\pJjDDad.exe
  2⤵
  PID:7376
- C:\Windows\System\whxPUMk.exe
  C:\Windows\System\whxPUMk.exe
  2⤵
  PID:7384
- C:\Windows\System\jjcgJgq.exe
  C:\Windows\System\jjcgJgq.exe
  2⤵
  PID:7420
- C:\Windows\System\LJrmzan.exe
  C:\Windows\System\LJrmzan.exe
  2⤵
  PID:7440
- C:\Windows\System\sNKRUsd.exe
  C:\Windows\System\sNKRUsd.exe
  2⤵
  PID:7496
- C:\Windows\System\qpTRUdD.exe
  C:\Windows\System\qpTRUdD.exe
  2⤵
  PID:7484
- C:\Windows\System\DZurljY.exe
  C:\Windows\System\DZurljY.exe
  2⤵
  PID:7588
- C:\Windows\System\IAjzZts.exe
  C:\Windows\System\IAjzZts.exe
  2⤵
  PID:7520
- C:\Windows\System\DeMIMHb.exe
  C:\Windows\System\DeMIMHb.exe
  2⤵
  PID:7608
- C:\Windows\System\WmyNojx.exe
  C:\Windows\System\WmyNojx.exe
  2⤵
  PID:6216
- C:\Windows\System\VDnOtcU.exe
  C:\Windows\System\VDnOtcU.exe
  2⤵
  PID:7660
- C:\Windows\System\ACxuHKW.exe
  C:\Windows\System\ACxuHKW.exe
  2⤵
  PID:7688
- C:\Windows\System\QBrqFgT.exe
  C:\Windows\System\QBrqFgT.exe
  2⤵
  PID:7744
- C:\Windows\System\DqUOfZB.exe
  C:\Windows\System\DqUOfZB.exe
  2⤵
  PID:7752
- C:\Windows\System\qJJFebP.exe
  C:\Windows\System\qJJFebP.exe
  2⤵
  PID:7784
- C:\Windows\System\rGeqQhn.exe
  C:\Windows\System\rGeqQhn.exe
  2⤵
  PID:7868
- C:\Windows\System\RAAFmaP.exe
  C:\Windows\System\RAAFmaP.exe
  2⤵
  PID:7840
- C:\Windows\System\GeMsBxa.exe
  C:\Windows\System\GeMsBxa.exe
  2⤵
  PID:7900
- C:\Windows\System\jnZIujt.exe
  C:\Windows\System\jnZIujt.exe
  2⤵
  PID:7952
- C:\Windows\System\CyHxTrC.exe
  C:\Windows\System\CyHxTrC.exe
  2⤵
  PID:7988
- C:\Windows\System\satHhgf.exe
  C:\Windows\System\satHhgf.exe
  2⤵
  PID:7972
- C:\Windows\System\OBXfOvf.exe
  C:\Windows\System\OBXfOvf.exe
  2⤵
  PID:8036
- C:\Windows\System\DXPiPKF.exe
  C:\Windows\System\DXPiPKF.exe
  2⤵
  PID:8060
- C:\Windows\System\TBVnnsk.exe
  C:\Windows\System\TBVnnsk.exe
  2⤵
  PID:8080
- C:\Windows\System\GhlqWix.exe
  C:\Windows\System\GhlqWix.exe
  2⤵
  PID:8088
- C:\Windows\System\oRiJQoH.exe
  C:\Windows\System\oRiJQoH.exe
  2⤵
  PID:8164
- C:\Windows\System\PERGxpN.exe
  C:\Windows\System\PERGxpN.exe
  2⤵
  PID:6432
- C:\Windows\System\PpdDGZK.exe
  C:\Windows\System\PpdDGZK.exe
  2⤵
  PID:8148
- C:\Windows\System\hKWaKTS.exe
  C:\Windows\System\hKWaKTS.exe
  2⤵
  PID:6856
- C:\Windows\System\xZNXhEX.exe
  C:\Windows\System\xZNXhEX.exe
  2⤵
  PID:7280
- C:\Windows\System\uyImhqq.exe
  C:\Windows\System\uyImhqq.exe
  2⤵
  PID:7388
- C:\Windows\System\kHaaKic.exe
  C:\Windows\System\kHaaKic.exe
  2⤵
  PID:7392
- C:\Windows\System\vmLCGiC.exe
  C:\Windows\System\vmLCGiC.exe
  2⤵
  PID:7328
- C:\Windows\System\gKtigCV.exe
  C:\Windows\System\gKtigCV.exe
  2⤵
  PID:7364
- C:\Windows\System\yABbeMG.exe
  C:\Windows\System\yABbeMG.exe
  2⤵
  PID:7408
- C:\Windows\System\OfDPzhc.exe
  C:\Windows\System\OfDPzhc.exe
  2⤵
  PID:7552
- C:\Windows\System\NYEXuJt.exe
  C:\Windows\System\NYEXuJt.exe
  2⤵
  PID:7632
- C:\Windows\System\yaHyrwG.exe
  C:\Windows\System\yaHyrwG.exe
  2⤵
  PID:7852
- C:\Windows\System\xmgNyOI.exe
  C:\Windows\System\xmgNyOI.exe
  2⤵
  PID:7916
- C:\Windows\System\oLVhEGc.exe
  C:\Windows\System\oLVhEGc.exe
  2⤵
  PID:7720
- C:\Windows\System\HfAqKcU.exe
  C:\Windows\System\HfAqKcU.exe
  2⤵
  PID:7924
- C:\Windows\System\TLbfyUD.exe
  C:\Windows\System\TLbfyUD.exe
  2⤵
  PID:7948
- C:\Windows\System\cLduWHh.exe
  C:\Windows\System\cLduWHh.exe
  2⤵
  PID:8128
- C:\Windows\System\MPKNXEb.exe
  C:\Windows\System\MPKNXEb.exe
  2⤵
  PID:8068
- C:\Windows\System\eNiejdj.exe
  C:\Windows\System\eNiejdj.exe
  2⤵
  PID:6932
- C:\Windows\System\HsAfaei.exe
  C:\Windows\System\HsAfaei.exe
  2⤵
  PID:8144
- C:\Windows\System\GjiKzqN.exe
  C:\Windows\System\GjiKzqN.exe
  2⤵
  PID:8176
- C:\Windows\System\TUuXrre.exe
  C:\Windows\System\TUuXrre.exe
  2⤵
  PID:6244
- C:\Windows\System\HmHEWtT.exe
  C:\Windows\System\HmHEWtT.exe
  2⤵
  PID:6468
- C:\Windows\System\shBHyjq.exe
  C:\Windows\System\shBHyjq.exe
  2⤵
  PID:7324
- C:\Windows\System\qOXEqBP.exe
  C:\Windows\System\qOXEqBP.exe
  2⤵
  PID:7344
- C:\Windows\System\CewpPeg.exe
  C:\Windows\System\CewpPeg.exe
  2⤵
  PID:7628
- C:\Windows\System\KGfAxPV.exe
  C:\Windows\System\KGfAxPV.exe
  2⤵
  PID:7748
- C:\Windows\System\iegYcYl.exe
  C:\Windows\System\iegYcYl.exe
  2⤵
  PID:7856
- C:\Windows\System\ljngPCC.exe
  C:\Windows\System\ljngPCC.exe
  2⤵
  PID:7836
- C:\Windows\System\iFXSUbR.exe
  C:\Windows\System\iFXSUbR.exe
  2⤵
  PID:7940
- C:\Windows\System\FqJBdBA.exe
  C:\Windows\System\FqJBdBA.exe
  2⤵
  PID:8096
- C:\Windows\System\MFeLVmt.exe
  C:\Windows\System\MFeLVmt.exe
  2⤵
  PID:7976
- C:\Windows\System\iDMmRdE.exe
  C:\Windows\System\iDMmRdE.exe
  2⤵
  PID:7472
- C:\Windows\System\ReCpGwY.exe
  C:\Windows\System\ReCpGwY.exe
  2⤵
  PID:7596
- C:\Windows\System\FogCpkf.exe
  C:\Windows\System\FogCpkf.exe
  2⤵
  PID:7768
- C:\Windows\System\YzXVaIO.exe
  C:\Windows\System\YzXVaIO.exe
  2⤵
  PID:7256
- C:\Windows\System\NOmTENi.exe
  C:\Windows\System\NOmTENi.exe
  2⤵
  PID:7944
- C:\Windows\System\JKckdGn.exe
  C:\Windows\System\JKckdGn.exe
  2⤵
  PID:7704
- C:\Windows\System\FsHxJmM.exe
  C:\Windows\System\FsHxJmM.exe
  2⤵
  PID:8112
- C:\Windows\System\vKayBbz.exe
  C:\Windows\System\vKayBbz.exe
  2⤵
  PID:7668
- C:\Windows\System\OZRuSzC.exe
  C:\Windows\System\OZRuSzC.exe
  2⤵
  PID:8056
- C:\Windows\System\suotExl.exe
  C:\Windows\System\suotExl.exe
  2⤵
  PID:7516
- C:\Windows\System\bylWxxs.exe
  C:\Windows\System\bylWxxs.exe
  2⤵
  PID:8160
- C:\Windows\System\CtIZkiN.exe
  C:\Windows\System\CtIZkiN.exe
  2⤵
  PID:8180
- C:\Windows\System\PUBRiPi.exe
  C:\Windows\System\PUBRiPi.exe
  2⤵
  PID:8196
- C:\Windows\System\OEcWEhz.exe
  C:\Windows\System\OEcWEhz.exe
  2⤵
  PID:8224
- C:\Windows\System\XXjQGIn.exe
  C:\Windows\System\XXjQGIn.exe
  2⤵
  PID:8240
- C:\Windows\System\mDBNlZH.exe
  C:\Windows\System\mDBNlZH.exe
  2⤵
  PID:8256
- C:\Windows\System\bsysZTI.exe
  C:\Windows\System\bsysZTI.exe
  2⤵
  PID:8272
- C:\Windows\System\MdIPceU.exe
  C:\Windows\System\MdIPceU.exe
  2⤵
  PID:8288
- C:\Windows\System\ynnNBxQ.exe
  C:\Windows\System\ynnNBxQ.exe
  2⤵
  PID:8304
- C:\Windows\System\JjiaZCW.exe
  C:\Windows\System\JjiaZCW.exe
  2⤵
  PID:8324
- C:\Windows\System\vKjxsuV.exe
  C:\Windows\System\vKjxsuV.exe
  2⤵
  PID:8340
- C:\Windows\System\iFoLELg.exe
  C:\Windows\System\iFoLELg.exe
  2⤵
  PID:8356
- C:\Windows\System\ZiHrnCz.exe
  C:\Windows\System\ZiHrnCz.exe
  2⤵
  PID:8372
- C:\Windows\System\rqmairb.exe
  C:\Windows\System\rqmairb.exe
  2⤵
  PID:8388
- C:\Windows\System\LiFLTiD.exe
  C:\Windows\System\LiFLTiD.exe
  2⤵
  PID:8484
- C:\Windows\System\OHThmfM.exe
  C:\Windows\System\OHThmfM.exe
  2⤵
  PID:8500
- C:\Windows\System\QSDPmXs.exe
  C:\Windows\System\QSDPmXs.exe
  2⤵
  PID:8516
- C:\Windows\System\rGkKWaQ.exe
  C:\Windows\System\rGkKWaQ.exe
  2⤵
  PID:8536
- C:\Windows\System\MEILrEV.exe
  C:\Windows\System\MEILrEV.exe
  2⤵
  PID:8552
- C:\Windows\System\pfAJEbv.exe
  C:\Windows\System\pfAJEbv.exe
  2⤵
  PID:8568
- C:\Windows\System\CtiJRmF.exe
  C:\Windows\System\CtiJRmF.exe
  2⤵
  PID:8592
- C:\Windows\System\RkQvpwD.exe
  C:\Windows\System\RkQvpwD.exe
  2⤵
  PID:8624
- C:\Windows\System\PVJqOxY.exe
  C:\Windows\System\PVJqOxY.exe
  2⤵
  PID:8640
- C:\Windows\System\pmHrueU.exe
  C:\Windows\System\pmHrueU.exe
  2⤵
  PID:8656
- C:\Windows\System\AysuxFs.exe
  C:\Windows\System\AysuxFs.exe
  2⤵
  PID:8680
- C:\Windows\System\MtvIfJC.exe
  C:\Windows\System\MtvIfJC.exe
  2⤵
  PID:8704
- C:\Windows\System\uyiyYMP.exe
  C:\Windows\System\uyiyYMP.exe
  2⤵
  PID:8720
- C:\Windows\System\TtmDEgv.exe
  C:\Windows\System\TtmDEgv.exe
  2⤵
  PID:8744
- C:\Windows\System\pVGfXDI.exe
  C:\Windows\System\pVGfXDI.exe
  2⤵
  PID:8772
- C:\Windows\System\QiQmjNE.exe
  C:\Windows\System\QiQmjNE.exe
  2⤵
  PID:8792
- C:\Windows\System\BJfZBqQ.exe
  C:\Windows\System\BJfZBqQ.exe
  2⤵
  PID:8820
- C:\Windows\System\QYCfuBZ.exe
  C:\Windows\System\QYCfuBZ.exe
  2⤵
  PID:8836
- C:\Windows\System\HbnoNJq.exe
  C:\Windows\System\HbnoNJq.exe
  2⤵
  PID:8864
- C:\Windows\System\MKzoqzU.exe
  C:\Windows\System\MKzoqzU.exe
  2⤵
  PID:8880
- C:\Windows\System\oGnAUgY.exe
  C:\Windows\System\oGnAUgY.exe
  2⤵
  PID:8900
- C:\Windows\System\WNrlpOm.exe
  C:\Windows\System\WNrlpOm.exe
  2⤵
  PID:8924
- C:\Windows\System\YPNCNpG.exe
  C:\Windows\System\YPNCNpG.exe
  2⤵
  PID:8940
- C:\Windows\System\DmPeQAO.exe
  C:\Windows\System\DmPeQAO.exe
  2⤵
  PID:8956
- C:\Windows\System\UEnexIp.exe
  C:\Windows\System\UEnexIp.exe
  2⤵
  PID:8980
- C:\Windows\System\pkNKIxV.exe
  C:\Windows\System\pkNKIxV.exe
  2⤵
  PID:9000
- C:\Windows\System\HLcOqOv.exe
  C:\Windows\System\HLcOqOv.exe
  2⤵
  PID:9020
- C:\Windows\System\xPEXJqF.exe
  C:\Windows\System\xPEXJqF.exe
  2⤵
  PID:9036
- C:\Windows\System\GXeYwlf.exe
  C:\Windows\System\GXeYwlf.exe
  2⤵
  PID:9068
- C:\Windows\System\RUfnLmb.exe
  C:\Windows\System\RUfnLmb.exe
  2⤵
  PID:9084
- C:\Windows\System\uEMGGLP.exe
  C:\Windows\System\uEMGGLP.exe
  2⤵
  PID:9100
- C:\Windows\System\ToNPpWL.exe
  C:\Windows\System\ToNPpWL.exe
  2⤵
  PID:9124
- C:\Windows\System\HPkccUL.exe
  C:\Windows\System\HPkccUL.exe
  2⤵
  PID:9140
- C:\Windows\System\fzBXwWO.exe
  C:\Windows\System\fzBXwWO.exe
  2⤵
  PID:9156
- C:\Windows\System\WSiguFP.exe
  C:\Windows\System\WSiguFP.exe
  2⤵
  PID:9172
- C:\Windows\System\CHgFwVG.exe
  C:\Windows\System\CHgFwVG.exe
  2⤵
  PID:9196
- C:\Windows\System\ppJmcKy.exe
  C:\Windows\System\ppJmcKy.exe
  2⤵
  PID:7468
- C:\Windows\System\YlDNHVf.exe
  C:\Windows\System\YlDNHVf.exe
  2⤵
  PID:7220
- C:\Windows\System\VELAilF.exe
  C:\Windows\System\VELAilF.exe
  2⤵
  PID:7360
- C:\Windows\System\dlsNTcq.exe
  C:\Windows\System\dlsNTcq.exe
  2⤵
  PID:8216
- C:\Windows\System\YpThxLj.exe
  C:\Windows\System\YpThxLj.exe
  2⤵
  PID:988
- C:\Windows\System\agctDkv.exe
  C:\Windows\System\agctDkv.exe
  2⤵
  PID:8284
- C:\Windows\System\NrcwrfA.exe
  C:\Windows\System\NrcwrfA.exe
  2⤵
  PID:8348
- C:\Windows\System\MSprFpz.exe
  C:\Windows\System\MSprFpz.exe
  2⤵
  PID:8368
- C:\Windows\System\apeOlMC.exe
  C:\Windows\System\apeOlMC.exe
  2⤵
  PID:8404
- C:\Windows\System\rBDwPSV.exe
  C:\Windows\System\rBDwPSV.exe
  2⤵
  PID:8444
- C:\Windows\System\SzBhqJP.exe
  C:\Windows\System\SzBhqJP.exe
  2⤵
  PID:8468
- C:\Windows\System\xBnjPbc.exe
  C:\Windows\System\xBnjPbc.exe
  2⤵
  PID:8492
- C:\Windows\System\tZTALFz.exe
  C:\Windows\System\tZTALFz.exe
  2⤵
  PID:8524
- C:\Windows\System\PxFGChl.exe
  C:\Windows\System\PxFGChl.exe
  2⤵
  PID:8544
- C:\Windows\System\RHduoci.exe
  C:\Windows\System\RHduoci.exe
  2⤵
  PID:8580
- C:\Windows\System\iBnLXvv.exe
  C:\Windows\System\iBnLXvv.exe
  2⤵
  PID:8588
- C:\Windows\System\dWHMojO.exe
  C:\Windows\System\dWHMojO.exe
  2⤵
  PID:8648
- C:\Windows\System\tIzKiEv.exe
  C:\Windows\System\tIzKiEv.exe
  2⤵
  PID:8688
- C:\Windows\System\cmRNXJG.exe
  C:\Windows\System\cmRNXJG.exe
  2⤵
  PID:8728
- C:\Windows\System\xvpoAvo.exe
  C:\Windows\System\xvpoAvo.exe
  2⤵
  PID:8672
- C:\Windows\System\CdzHEhk.exe
  C:\Windows\System\CdzHEhk.exe
  2⤵
  PID:8760
- C:\Windows\System\kTjPuen.exe
  C:\Windows\System\kTjPuen.exe
  2⤵
  PID:8764
- C:\Windows\System\odXTnSU.exe
  C:\Windows\System\odXTnSU.exe
  2⤵
  PID:8828
- C:\Windows\System\AoOrepb.exe
  C:\Windows\System\AoOrepb.exe
  2⤵
  PID:8856
- C:\Windows\System\sSBWAyi.exe
  C:\Windows\System\sSBWAyi.exe
  2⤵
  PID:8916
- C:\Windows\System\XFbCDca.exe
  C:\Windows\System\XFbCDca.exe
  2⤵
  PID:8932
- C:\Windows\System\iQczntL.exe
  C:\Windows\System\iQczntL.exe
  2⤵
  PID:8976
- C:\Windows\System\TIbUoiv.exe
  C:\Windows\System\TIbUoiv.exe
  2⤵
  PID:9032
- C:\Windows\System\QuXbDwa.exe
  C:\Windows\System\QuXbDwa.exe
  2⤵
  PID:9056
- C:\Windows\System\drClGUl.exe
  C:\Windows\System\drClGUl.exe
  2⤵
  PID:9096
- C:\Windows\System\XkSjUAL.exe
  C:\Windows\System\XkSjUAL.exe
  2⤵
  PID:9120
- C:\Windows\System\WosSiAa.exe
  C:\Windows\System\WosSiAa.exe
  2⤵
  PID:9192
- C:\Windows\System\jkGEJCC.exe
  C:\Windows\System\jkGEJCC.exe
  2⤵
  PID:9132
- C:\Windows\System\jBcJwwr.exe
  C:\Windows\System\jBcJwwr.exe
  2⤵
  PID:7456
- C:\Windows\System\aFxeMxV.exe
  C:\Windows\System\aFxeMxV.exe
  2⤵
  PID:8252
- C:\Windows\System\AavFnkx.exe
  C:\Windows\System\AavFnkx.exe
  2⤵
  PID:8264
- C:\Windows\System\VUHcKYr.exe
  C:\Windows\System\VUHcKYr.exe
  2⤵
  PID:8316
- C:\Windows\System\OdNqzUZ.exe
  C:\Windows\System\OdNqzUZ.exe
  2⤵
  PID:8384
- C:\Windows\System\JkGnZcg.exe
  C:\Windows\System\JkGnZcg.exe
  2⤵
  PID:8420
- C:\Windows\System\kWvijNB.exe
  C:\Windows\System\kWvijNB.exe
  2⤵
  PID:8440
- C:\Windows\System\doUeMTy.exe
  C:\Windows\System\doUeMTy.exe
  2⤵
  PID:8472
- C:\Windows\System\ggUTaUJ.exe
  C:\Windows\System\ggUTaUJ.exe
  2⤵
  PID:8496
- C:\Windows\System\VxkZEoD.exe
  C:\Windows\System\VxkZEoD.exe
  2⤵
  PID:8676
- C:\Windows\System\MBLSgVI.exe
  C:\Windows\System\MBLSgVI.exe
  2⤵
  PID:8508
- C:\Windows\System\KbjMnLi.exe
  C:\Windows\System\KbjMnLi.exe
  2⤵
  PID:8612
- C:\Windows\System\RORHrpo.exe
  C:\Windows\System\RORHrpo.exe
  2⤵
  PID:8872
- C:\Windows\System\FFWYQRk.exe
  C:\Windows\System\FFWYQRk.exe
  2⤵
  PID:8812
- C:\Windows\System\vKYBNZq.exe
  C:\Windows\System\vKYBNZq.exe
  2⤵
  PID:8988
- C:\Windows\System\jCqljLV.exe
  C:\Windows\System\jCqljLV.exe
  2⤵
  PID:8664
- C:\Windows\System\CIDiFsr.exe
  C:\Windows\System\CIDiFsr.exe
  2⤵
  PID:9044
- C:\Windows\System\CoIYnsk.exe
  C:\Windows\System\CoIYnsk.exe
  2⤵
  PID:9060
- C:\Windows\System\ynCpzpI.exe
  C:\Windows\System\ynCpzpI.exe
  2⤵
  PID:9112
- C:\Windows\System\SevgUCF.exe
  C:\Windows\System\SevgUCF.exe
  2⤵
  PID:9188
- C:\Windows\System\kSUqCUB.exe
  C:\Windows\System\kSUqCUB.exe
  2⤵
  PID:9136
- C:\Windows\System\esiHbcq.exe
  C:\Windows\System\esiHbcq.exe
  2⤵
  PID:8140
- C:\Windows\System\tedZrxg.exe
  C:\Windows\System\tedZrxg.exe
  2⤵
  PID:8232
- C:\Windows\System\IWnKydX.exe
  C:\Windows\System\IWnKydX.exe
  2⤵
  PID:8512
- C:\Windows\System\cUNVdgA.exe
  C:\Windows\System\cUNVdgA.exe
  2⤵
  PID:8412
- C:\Windows\System\GrMNxrv.exe
  C:\Windows\System\GrMNxrv.exe
  2⤵
  PID:8564
- C:\Windows\System\spcnOkt.exe
  C:\Windows\System\spcnOkt.exe
  2⤵
  PID:8560
- C:\Windows\System\oNzteyL.exe
  C:\Windows\System\oNzteyL.exe
  2⤵
  PID:8888
- C:\Windows\System\QWeNbAe.exe
  C:\Windows\System\QWeNbAe.exe
  2⤵
  PID:8936
- C:\Windows\System\seMnBsT.exe
  C:\Windows\System\seMnBsT.exe
  2⤵
  PID:8696
- C:\Windows\System\DheUwkr.exe
  C:\Windows\System\DheUwkr.exe
  2⤵
  PID:8948
- C:\Windows\System\UeTKyuR.exe
  C:\Windows\System\UeTKyuR.exe
  2⤵
  PID:9180
- C:\Windows\System\jRkFQWs.exe
  C:\Windows\System\jRkFQWs.exe
  2⤵
  PID:9204
- C:\Windows\System\uvkyCzn.exe
  C:\Windows\System\uvkyCzn.exe
  2⤵
  PID:8968
- C:\Windows\System\cMfDxCp.exe
  C:\Windows\System\cMfDxCp.exe
  2⤵
  PID:8852
- C:\Windows\System\ksAuAcG.exe
  C:\Windows\System\ksAuAcG.exe
  2⤵
  PID:9012
- C:\Windows\System\PoiMkwl.exe
  C:\Windows\System\PoiMkwl.exe
  2⤵
  PID:8740
- C:\Windows\System\MdZeRSH.exe
  C:\Windows\System\MdZeRSH.exe
  2⤵
  PID:8716
- C:\Windows\System\kqayjds.exe
  C:\Windows\System\kqayjds.exe
  2⤵
  PID:9092
- C:\Windows\System\aaSkYzx.exe
  C:\Windows\System\aaSkYzx.exe
  2⤵
  PID:8332
- C:\Windows\System\TAgyBTg.exe
  C:\Windows\System\TAgyBTg.exe
  2⤵
  PID:8456
- C:\Windows\System\QDhvqrC.exe
  C:\Windows\System\QDhvqrC.exe
  2⤵
  PID:8416
- C:\Windows\System\yIkpyTL.exe
  C:\Windows\System\yIkpyTL.exe
  2⤵
  PID:8652
- C:\Windows\System\mxMhCpz.exe
  C:\Windows\System\mxMhCpz.exe
  2⤵
  PID:8424
- C:\Windows\System\avukhlX.exe
  C:\Windows\System\avukhlX.exe
  2⤵
  PID:8892
- C:\Windows\System\emsWQuJ.exe
  C:\Windows\System\emsWQuJ.exe
  2⤵
  PID:9224
- C:\Windows\System\USbeBSK.exe
  C:\Windows\System\USbeBSK.exe
  2⤵
  PID:9240
- C:\Windows\System\nqyRjQI.exe
  C:\Windows\System\nqyRjQI.exe
  2⤵
  PID:9264
- C:\Windows\System\dVoUsBT.exe
  C:\Windows\System\dVoUsBT.exe
  2⤵
  PID:9284
- C:\Windows\System\jVpcTfO.exe
  C:\Windows\System\jVpcTfO.exe
  2⤵
  PID:9308
- C:\Windows\System\gSgDDSX.exe
  C:\Windows\System\gSgDDSX.exe
  2⤵
  PID:9328
- C:\Windows\System\HPXIipo.exe
  C:\Windows\System\HPXIipo.exe
  2⤵
  PID:9348
- C:\Windows\System\wLusVbM.exe
  C:\Windows\System\wLusVbM.exe
  2⤵
  PID:9376
- C:\Windows\System\hJoRCUS.exe
  C:\Windows\System\hJoRCUS.exe
  2⤵
  PID:9392
- C:\Windows\System\otcldLY.exe
  C:\Windows\System\otcldLY.exe
  2⤵
  PID:9420
- C:\Windows\System\hIrSkHl.exe
  C:\Windows\System\hIrSkHl.exe
  2⤵
  PID:9436
- C:\Windows\System\UCBehbD.exe
  C:\Windows\System\UCBehbD.exe
  2⤵
  PID:9452
- C:\Windows\System\UzLlSXT.exe
  C:\Windows\System\UzLlSXT.exe
  2⤵
  PID:9468
- C:\Windows\System\mlMpXBF.exe
  C:\Windows\System\mlMpXBF.exe
  2⤵
  PID:9492
- C:\Windows\System\GmsRGNk.exe
  C:\Windows\System\GmsRGNk.exe
  2⤵
  PID:9508
- C:\Windows\System\oahYnZM.exe
  C:\Windows\System\oahYnZM.exe
  2⤵
  PID:9532
- C:\Windows\System\dwQCPJM.exe
  C:\Windows\System\dwQCPJM.exe
  2⤵
  PID:9552
- C:\Windows\System\CWhHJVz.exe
  C:\Windows\System\CWhHJVz.exe
  2⤵
  PID:9576
- C:\Windows\System\qegdjZi.exe
  C:\Windows\System\qegdjZi.exe
  2⤵
  PID:9596
- C:\Windows\System\iAvenwz.exe
  C:\Windows\System\iAvenwz.exe
  2⤵
  PID:9612
- C:\Windows\System\QeDsxTE.exe
  C:\Windows\System\QeDsxTE.exe
  2⤵
  PID:9636
- C:\Windows\System\oiBGlGJ.exe
  C:\Windows\System\oiBGlGJ.exe
  2⤵
  PID:9656
- C:\Windows\System\LWqXpOa.exe
  C:\Windows\System\LWqXpOa.exe
  2⤵
  PID:9676
- C:\Windows\System\xnzmurk.exe
  C:\Windows\System\xnzmurk.exe
  2⤵
  PID:9696
- C:\Windows\System\aFEjusa.exe
  C:\Windows\System\aFEjusa.exe
  2⤵
  PID:9716
- C:\Windows\System\RQYKLQU.exe
  C:\Windows\System\RQYKLQU.exe
  2⤵
  PID:9732
- C:\Windows\System\zhmOFTH.exe
  C:\Windows\System\zhmOFTH.exe
  2⤵
  PID:9748
- C:\Windows\System\OcADzjA.exe
  C:\Windows\System\OcADzjA.exe
  2⤵
  PID:9764
- C:\Windows\System\xZTlMzG.exe
  C:\Windows\System\xZTlMzG.exe
  2⤵
  PID:9784
- C:\Windows\System\LivtSRC.exe
  C:\Windows\System\LivtSRC.exe
  2⤵
  PID:9800
- C:\Windows\System\rhENYaZ.exe
  C:\Windows\System\rhENYaZ.exe
  2⤵
  PID:9828
- C:\Windows\System\JMRmthi.exe
  C:\Windows\System\JMRmthi.exe
  2⤵
  PID:9844
- C:\Windows\System\KlyQozV.exe
  C:\Windows\System\KlyQozV.exe
  2⤵
  PID:9864
- C:\Windows\System\DAobWNV.exe
  C:\Windows\System\DAobWNV.exe
  2⤵
  PID:9892
- C:\Windows\System\IsdruCY.exe
  C:\Windows\System\IsdruCY.exe
  2⤵
  PID:9916
- C:\Windows\System\fPGlUkF.exe
  C:\Windows\System\fPGlUkF.exe
  2⤵
  PID:9932
- C:\Windows\System\ZNtYJKm.exe
  C:\Windows\System\ZNtYJKm.exe
  2⤵
  PID:9968
- C:\Windows\System\fzuILCo.exe
  C:\Windows\System\fzuILCo.exe
  2⤵
  PID:9988
- C:\Windows\System\xYeUBEa.exe
  C:\Windows\System\xYeUBEa.exe
  2⤵
  PID:10004
- C:\Windows\System\zoTzuHM.exe
  C:\Windows\System\zoTzuHM.exe
  2⤵
  PID:10028
- C:\Windows\System\EcwWsXb.exe
  C:\Windows\System\EcwWsXb.exe
  2⤵
  PID:10044
- C:\Windows\System\dOooAPP.exe
  C:\Windows\System\dOooAPP.exe
  2⤵
  PID:10072
- C:\Windows\System\SbbIhmA.exe
  C:\Windows\System\SbbIhmA.exe
  2⤵
  PID:10088
- C:\Windows\System\ABKwjJq.exe
  C:\Windows\System\ABKwjJq.exe
  2⤵
  PID:10108
- C:\Windows\System\HyGtMWz.exe
  C:\Windows\System\HyGtMWz.exe
  2⤵
  PID:10132
- C:\Windows\System\MJzOQga.exe
  C:\Windows\System\MJzOQga.exe
  2⤵
  PID:10152
- C:\Windows\System\jYZXnSw.exe
  C:\Windows\System\jYZXnSw.exe
  2⤵
  PID:10168
- C:\Windows\System\MAzSvNA.exe
  C:\Windows\System\MAzSvNA.exe
  2⤵
  PID:10188
- C:\Windows\System\yMLyEDa.exe
  C:\Windows\System\yMLyEDa.exe
  2⤵
  PID:10204
- C:\Windows\System\GDjoKql.exe
  C:\Windows\System\GDjoKql.exe
  2⤵
  PID:10228
- C:\Windows\System\eZhTBDK.exe
  C:\Windows\System\eZhTBDK.exe
  2⤵
  PID:9236
- C:\Windows\System\vHoDZli.exe
  C:\Windows\System\vHoDZli.exe
  2⤵
  PID:9168
- C:\Windows\System\AOaRBwZ.exe
  C:\Windows\System\AOaRBwZ.exe
  2⤵
  PID:7800
- C:\Windows\System\zlqsQqa.exe
  C:\Windows\System\zlqsQqa.exe
  2⤵
  PID:9292
- C:\Windows\System\ijzsjLe.exe
  C:\Windows\System\ijzsjLe.exe
  2⤵
  PID:9080
- C:\Windows\System\KDgzvKl.exe
  C:\Windows\System\KDgzvKl.exe
  2⤵
  PID:9336
- C:\Windows\System\Oxtwdat.exe
  C:\Windows\System\Oxtwdat.exe
  2⤵
  PID:9340
- C:\Windows\System\CehbhzF.exe
  C:\Windows\System\CehbhzF.exe
  2⤵
  PID:9384
- C:\Windows\System\eWfWzjl.exe
  C:\Windows\System\eWfWzjl.exe
  2⤵
  PID:8920
- C:\Windows\System\TQvmpHu.exe
  C:\Windows\System\TQvmpHu.exe
  2⤵
  PID:9476
- C:\Windows\System\scwOtUF.exe
  C:\Windows\System\scwOtUF.exe
  2⤵
  PID:9464
- C:\Windows\System\OsqOSUN.exe
  C:\Windows\System\OsqOSUN.exe
  2⤵
  PID:9528
- C:\Windows\System\sFfjhjY.exe
  C:\Windows\System\sFfjhjY.exe
  2⤵
  PID:9572
- C:\Windows\System\TUIpZGU.exe
  C:\Windows\System\TUIpZGU.exe
  2⤵
  PID:9608
- C:\Windows\System\bbAehGL.exe
  C:\Windows\System\bbAehGL.exe
  2⤵
  PID:9620
- C:\Windows\System\qzyjCgc.exe
  C:\Windows\System\qzyjCgc.exe
  2⤵
  PID:9644
- C:\Windows\System\NhhvcVw.exe
  C:\Windows\System\NhhvcVw.exe
  2⤵
  PID:9688
- C:\Windows\System\TOXsoBf.exe
  C:\Windows\System\TOXsoBf.exe
  2⤵
  PID:9728
- C:\Windows\System\rMfYyFq.exe
  C:\Windows\System\rMfYyFq.exe
  2⤵
  PID:9792
- C:\Windows\System\NbAlwKk.exe
  C:\Windows\System\NbAlwKk.exe
  2⤵
  PID:9772
- C:\Windows\System\shoKsbR.exe
  C:\Windows\System\shoKsbR.exe
  2⤵
  PID:9780
- C:\Windows\System\COqTpIY.exe
  C:\Windows\System\COqTpIY.exe
  2⤵
  PID:9852
- C:\Windows\System\NAoXqzJ.exe
  C:\Windows\System\NAoXqzJ.exe
  2⤵
  PID:9924
- C:\Windows\System\RspWMIV.exe
  C:\Windows\System\RspWMIV.exe
  2⤵
  PID:9912
- C:\Windows\System\EFKdCMK.exe
  C:\Windows\System\EFKdCMK.exe
  2⤵
  PID:9956
- C:\Windows\System\rTNFGxJ.exe
  C:\Windows\System\rTNFGxJ.exe
  2⤵
  PID:9996
- C:\Windows\System\IToZwjr.exe
  C:\Windows\System\IToZwjr.exe
  2⤵
  PID:10012
- C:\Windows\System\YIeOolJ.exe
  C:\Windows\System\YIeOolJ.exe
  2⤵
  PID:10060
- C:\Windows\System\eHeQwwf.exe
  C:\Windows\System\eHeQwwf.exe
  2⤵
  PID:10096
- C:\Windows\System\tcRDKQp.exe
  C:\Windows\System\tcRDKQp.exe
  2⤵
  PID:10116
- C:\Windows\System\GEbQgrw.exe
  C:\Windows\System\GEbQgrw.exe
  2⤵
  PID:10144
- C:\Windows\System\PoIyzMQ.exe
  C:\Windows\System\PoIyzMQ.exe
  2⤵
  PID:10184
- C:\Windows\System\kbCRXtY.exe
  C:\Windows\System\kbCRXtY.exe
  2⤵
  PID:10216
- C:\Windows\System\LYkJmaL.exe
  C:\Windows\System\LYkJmaL.exe
  2⤵
  PID:9232
- C:\Windows\System\vkqMWnc.exe
  C:\Windows\System\vkqMWnc.exe
  2⤵
  PID:9324
- C:\Windows\System\Stcwpvo.exe
  C:\Windows\System\Stcwpvo.exe
  2⤵
  PID:9220
- C:\Windows\System\HWkAzyF.exe
  C:\Windows\System\HWkAzyF.exe
  2⤵
  PID:7512
- C:\Windows\System\kTVcRfZ.exe
  C:\Windows\System\kTVcRfZ.exe
  2⤵
  PID:8480
- C:\Windows\System\dYjmIgL.exe
  C:\Windows\System\dYjmIgL.exe
  2⤵
  PID:9444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\APvJvEo.exe

Filesize
6.0MB

MD5
e531973c1e9fc13246e4a734fac49876

SHA1
04b4cfb57966db871ee6f461b0f44ec38c5aeed7

SHA256
a43bafe8d94d314e4c097698fb33b1d356494390b1e62d5ea59aef0b9294fe8d

SHA512
a3e84ec76f1171425c22d246f41d5f5f58df34f62e90eb1c48fd546b3929d500777abbd51c9f074cf360ef210c694aba26a92de79115bbe121fafc0e7334b8e8

Download Submit
C:\Windows\system\CDyglvA.exe

Filesize
6.0MB

MD5
7ff7d407c65e94c13f727d01ad5e6c97

SHA1
90313a547aae046a662cc9ca24518d18527476d8

SHA256
e33f010b92efb7d8f4437999326dbcc2ad0fea2ca505f1a8c8713ecc3689efdf

SHA512
38676d27cfeaa094b05fa1b52956ef5b5da6c3acde65095bcd31092437967932e70ac4fd8327f016a07d71c9c5aa0a6c02d506d68e7ac9c0e53063ecc22690af

Download Submit
C:\Windows\system\EFUqNIQ.exe

Filesize
6.0MB

MD5
099e8bfeffd9f3b24823e479eda23b25

SHA1
d869e23af3a1286b6e32e7b243800dee95382cf7

SHA256
49e789d058cf176a30b946e2277461e4d80a523976699f7fc1f21338af231c6f

SHA512
4dd57395b83257537edb2e66b29006e8723b9234dcfbaaba0a19e8e003d6e2dd8fcedf26aa0b08c2bc6f2c07656a02852a68faf678901a8fe9130a1b3f0c29bb

Download Submit
C:\Windows\system\HsncOgG.exe

Filesize
6.0MB

MD5
573e18cd1c369deef2a866c2d2e1a536

SHA1
70f732130479b3489eae7c988a91772e566043ae

SHA256
31726b7d8ef18b1906e51625332c33dbfe930c248b44c50bee921daa35ece123

SHA512
349c6f0e64ded551b93b434e92ca287a9f7e22669bba86455e0d868ffe20fc946aa20edd3971643586daca2f7d6a9229a35215510575fddb55780f37bd5d9fc4

Download Submit
C:\Windows\system\JKQKQnw.exe

Filesize
6.0MB

MD5
9a215dd6967e6a6b8b7ae2da9296425f

SHA1
28f375618f4acf92efd33aa021bdf384f3a18548

SHA256
10f92c2714cc7882d3616ed9f562ece801249b5a78797731c995e351353c7c22

SHA512
fd29f681d5ff706a5c14c769442a68f796b5bef584b182f5f5b330248dcbf2be9f94abc0b241784cc7f68a897a0d3b01db520169777b9751bf21f3e3a3a554f9

Download Submit
C:\Windows\system\MvRAINo.exe

Filesize
6.0MB

MD5
88c82409c08eb05c1ec81cad247b9362

SHA1
834a311ac2544633f6ad07302259be2ae7ff07f4

SHA256
48f020a1ec97ce1a0416b6f09a2b41fbe5f656f1c72bc3059e5739ee60eb6876

SHA512
90a79efe987073f486dce94434120136316a94d5fb46a65982af91044153ee64ef643f3c89a69790be28fef7d6d20b94e49ae7c96c813870928304e73b9d5e2a

Download Submit
C:\Windows\system\PAbVgix.exe

Filesize
6.0MB

MD5
ce57520a7682104fce9c634a1e939835

SHA1
822fd6979d6d471e6d0438b46dca00269a3621f2

SHA256
d4ffee5654fae392e8bbbffb35fc0710abbdc2ca0bb454d90a0ccc3623279b8c

SHA512
4a8aa3c63392ca898f5618d8520db551ac9b75a1eb171574667786a91515174378785829988a60a8690dfae3e2a7da39726c81c6b817a27055c89bf161b0bbca

Download Submit
C:\Windows\system\TkEABnN.exe

Filesize
6.0MB

MD5
ae64fc7424107d9f0d214935f984a3e4

SHA1
347a91949eb6e94bef1391fab6af08fae954f0ec

SHA256
3e2b45c8f4bf2033d6d1b2a553fc260ed5154e4f92d8c9c9a0054d6db4658632

SHA512
66453a30a0e0fbdc3ea9b4716497b91a4227c1b37ffbc19d5f3e73245ad6a8c0e08dd3709783cfec8d4e993eaaeeafa98346476ae971b64c0f2c1a6c72d285ed

Download Submit
C:\Windows\system\URfIqBD.exe

Filesize
6.0MB

MD5
91e606d8c12b0f44a88a66fa9e480064

SHA1
3ae0b56eb5d9d0d276c44c97e649d123f8188bae

SHA256
b5a06432e6fd97585790fc4b3c8fcd008be299fe307744e5951b9722e9f889b8

SHA512
e5a0e32b446a39d2a0807bfd108a542cd3824fbd40318ea53c93c8f333e97cf7a0e255398430c3db8b3211409dbf052860f05b6f5945ce0dc8a74e15d2aa4ba9

Download Submit
C:\Windows\system\XGIFRWq.exe

Filesize
6.0MB

MD5
dceb26a78c3a660261582567c824cc8b

SHA1
08df52e710f4feeec95cafa7915b972c5c01279b

SHA256
b4757212333eec1434d232cdd76e3d96f6745bfe5b501dc1d499712172716bce

SHA512
2326e1464b4372883f823328266308593dac73bdcd5eda2c60be49a396fd07e7ed58e834fbf68a75a63653622008a45c95c793653dd4fed9f1cc9f5d37e33666

Download Submit
C:\Windows\system\XVCwItl.exe

Filesize
6.0MB

MD5
6fdca4988d865dddb41aacd323f1641e

SHA1
a63951f46c8f3b57548169ea12fe197b8bbe9223

SHA256
d7294b22e5b8c5c0247fdce742213f42c00be111b0b9533431c5c442b9315ef6

SHA512
6e7fd99416b1f8d48d0cbbd48087773c829d34cf8d365ea8f6ede144d93433e1fbb0d5b3a51842a3c24878db5730ad6a6880eb602657a9bc485c92dfc0b28cf6

Download Submit
C:\Windows\system\YcEngqV.exe

Filesize
6.0MB

MD5
ca2bfff9c902587ce01512f224fcdd04

SHA1
54c34efd1d37cc9b596763a68fe8be5b6378d716

SHA256
eb699984be2963ade3a83691d079e8244450883bff0fccfe9359899559ee7985

SHA512
91310e39beedf498f7e49d9f3f614cd266afd0510fc86283b661a19bf6e80212683f635cec7ef9521b2ff89f688b6f0f010c25c9ff0066c609dfe6ab4e7d7f1b

Download Submit
C:\Windows\system\ZYfXKCW.exe

Filesize
6.0MB

MD5
593cb89a1843ddca1d31ad9d64b22fd5

SHA1
e534c0b1b9547de03ae5df20c39cf2cc0599fcbd

SHA256
ba2e39a8eb4342573970926d1b0326d4567eb905a53d8ac49a84abdcdbd89e51

SHA512
08469447ae9cbba6d562a526351432187b0b76908dbc96fc8e85f139a186b90f9fde5d3c163c153c9b146c88499d04ee66c2372ed344eef54a2414c89e919b77

Download Submit
C:\Windows\system\aFVykHs.exe

Filesize
6.0MB

MD5
432cbc957dbf7a98b421e82ded31f3a4

SHA1
f62ad6dc8bdfa41085a9d6792b29e730f3ec8e4c

SHA256
9d5396b2820feb7db3c1d7ea4314c43ef34c5b7d8483fb3bd1b7125a24aa32c9

SHA512
f887b4318ece344da64d4ac52756c736a3ffefcbe793bccc0c16192e6cefef651eb0a5adb1c00ce0dcd05f1c37e1234b7bc9abc9a25895317974caf9ef1e2ab2

Download Submit
C:\Windows\system\aJVhOxC.exe

Filesize
6.0MB

MD5
5ecdd70ddb5460348b30a31dbba8d4ec

SHA1
e1ce5ead26489f9e019bbd29fc6dadb7c0e0a7ec

SHA256
e0959c44bbb2b362c7c2346b20162a6b2bc6ecc8749c616bd8782d9b832bd1f2

SHA512
d15315229137c2bb47287d3540db2d9a414fe806f5112cf1c3c452f1425194a12fb410ca132a07c32818cee2f0f11c3911164717eeb0794569eb1cc3e60308ac

Download Submit
C:\Windows\system\clktWee.exe

Filesize
6.0MB

MD5
8a5eb3e94feaa2cd8dda1522c7c9ae58

SHA1
fa55c54da58a09df90e952e708e3ef1d4f9cfe1c

SHA256
0948c08166df82c295df897d6fcaf939eb0603928b6f80392751f583a4fd0350

SHA512
64406cd14ece39aaa566e0b787c7d8bbc9c9d0fdc5e95613656c24f3859625f6af5702d20228f4d9fe2118e928066aeae6c1d7e8df16c04974ad8d2cb93c0d14

Download Submit
C:\Windows\system\ctVvYUx.exe

Filesize
6.0MB

MD5
08d43b1834691b69125df50cbf5dcec1

SHA1
17f08a96a9435a8a531d1f02fdece23ea0d90213

SHA256
2d7790b52e7865520d03f6c67846772d1c93665b10058bb02565bafe7422f7b2

SHA512
e5797b8a1cd28b9c17be4fffc4e59560a3d4affd62b2b66d7d096cec3c940da9d4454146c57f967c71a08c484e1d0690af44f3fd08ef82bd0e33aa05d67e5b2e

Download Submit
C:\Windows\system\nBzRvbe.exe

Filesize
6.0MB

MD5
9ea17980d7863463c10bb179ec7e4206

SHA1
215d28824207163e87f5904203defd59ff0dd2ef

SHA256
2e345ea265ea36d2d7a93e36a5da47b1bb60aeba839bc885315fc810b964003f

SHA512
caaff7db00ece91fe16b5461dd1019cbdb53a8881f9c95a626ff16fdfe49f76a165fb51ee7f53d28db37254158896c938eb7776333ef6fe1a9b0b2722e207cda

Download Submit
C:\Windows\system\pxxTotI.exe

Filesize
6.0MB

MD5
75fac373bc2461803e91e54d0d4007be

SHA1
c69be4b222f1c68a6fb752163076ccf94a02eaff

SHA256
46e3bd6dfedb73746a1505a2c590e1e4fb0510310f6060e342b9aa4458ead5a6

SHA512
ad63137e7387ed20c1341503ea528bb5c77ae43e6e5e63831a1fccfc2d6b91a186b5528254ae3e5bc19fa01f5df4e15fac5ca24c33815cf7e6cf4a5c31733809

Download Submit
C:\Windows\system\qTIGRPr.exe

Filesize
6.0MB

MD5
b29ee3ee6d42a081fb73b418777d9393

SHA1
4bf55a174d05885df2dae920eb363f7126291e2e

SHA256
3e54c96ea4a215699ca4667cc4c39ea5a4972a7dd063a01128b7006321c9f125

SHA512
17517b8e4990705c3e7e0b406cdeafdeefddf38e51ecaa9461825fce1fe3c457842dd26dfb9246425d6e5b8d7618b0d9338f212a3f9f9d5a46c2972534d8f5fa

Download Submit
C:\Windows\system\qxQkEtt.exe

Filesize
6.0MB

MD5
b5c065248e1e9d0769d10b631e4a6c98

SHA1
466f4809c1e521760fdb925963939b08a6d73f94

SHA256
f1f41b1e425d2f61a25fd7864b88b45c6448bab0e60bdd8446eafa2d6a56bec3

SHA512
2d171ae157bbb9375e4bd8a8fee9dbecaa713a52b51a46ea93c24d141ba299e18cef8d7b1c8616616945dbf3f4ad005711a9df7247433be7f845f41f4560da30

Download Submit
C:\Windows\system\rladqPH.exe

Filesize
6.0MB

MD5
0386b7432d4d7842d88af6256f1ca87e

SHA1
f69d5fdc1997d5d1ffb2711eae4465c20cc3c3fa

SHA256
88a1e7d3496c8a843e80abe510fcd527dff9e517e2d79bcb24da96d219b284a7

SHA512
0511ed970c77230dc5e7dc6a06dda6344976dffac87daf1e321afc4fe75f007a5f3c340d5a9a9a224065742daa2a603b6f195f3c58943de49c4c01f99e1d1045

Download Submit
C:\Windows\system\spsTjJl.exe

Filesize
6.0MB

MD5
89ebf6b74b7f490f63daa783cc794ffb

SHA1
fa890b3587b3797ff5897fdd208c6daada52c706

SHA256
cc08ec796c3169ae0cfe49d03dfcee9aed0f96cec89b99b4a5db6825fda40879

SHA512
44e6b6f47a3c7b3901f8c3398aa36aa88aa5c9b2a5020d3514657786b5eaed71e7df441a112510f52c4eed8d59a8dbde04c95c820e1e71b21436fc6361fd5e5e

Download Submit
C:\Windows\system\tmPRXwX.exe

Filesize
6.0MB

MD5
cd883c4bfe01ecffad03f34730fd2aba

SHA1
0f5197e9d5f3b56e973b11acebb47b7d853b11ed

SHA256
813ac618546c6fa2347b928096d1d41bcbaf9211051745d6ada1ffa5daafe10c

SHA512
b2576fd83b967abd3bfd30eaf57a6cecf42a58bc6c0b4d55304c52724210a22dee4a08336bff53c79ea7423d720c069a46e70368fe59c5b201133d4b957f4862

Download Submit
C:\Windows\system\tmzljYC.exe

Filesize
6.0MB

MD5
2ddc80ac2a85d769a2b57b6d9e71500a

SHA1
41575ab65ee42ba52b83989aaf88d4ba9f02a0dd

SHA256
3315cc366d84a2c9c6257e4b359ba015408883262f4f3dbd7748ae41aaef90af

SHA512
d207f759b3b88726e2c749cf78b64e9f3f1659c4eaa7c8b762b54206b7618ca2f46f59239ccf6490a32295d8fa0268d2246a88ea174670c181d8c22c2ac0aba2

Download Submit
C:\Windows\system\vOdfzLP.exe

Filesize
6.0MB

MD5
9a2d116250dd17e2e4b5c243a3a5efee

SHA1
1b8e075cba67413dfca7e84026fadc91a146539b

SHA256
755c809269ca17e843283004ff3f859413f38292df5066c3a5c7fd3db47f9013

SHA512
31d49c3f5bc3dac47a0d1113a5720a09724029356437134cc0addca98769552eecd6e1cdf550f2755d11b5f9ad7d84c072b4a833636c52d5780279bc59267174

Download Submit
C:\Windows\system\vWeLjOX.exe

Filesize
6.0MB

MD5
f957c0c8a4eb4a391cb4da01902c6512

SHA1
32da529c99dcc2ccf7a72cc3b027731417326d00

SHA256
404e4a49ce41306278cdef5d24bda17a9579496d6417183359c96d017ee2b515

SHA512
3acf702e34ec24fa5ae61400a581449f24ee322643309365978f95d746c4fd23ca16512e4740e6af7d0a2f2ecc5240b6d5a0da72a3b5d9f10c0f6d3c60396e10

Download Submit
\Windows\system\JsRcrRu.exe

Filesize
6.0MB

MD5
6c86c3a9c05ef91680e9f79ed3c8d09a

SHA1
b8832820fad89b5fca886480b38e553c17b16e41

SHA256
b059c7847b72ecee5f8f99eb1c177b0d3e11dc8fe56b3f2aedfc502dea84fba8

SHA512
bac51046f5148c59c0ac436552a87f4ee5f6eee8e7663c98c5aa386a0cebf08f2ef7321629df4738eb0978cab92b4c85caff0c79652312f7d4ae710d3c0ab780

Download Submit
\Windows\system\MPVIVIy.exe

Filesize
6.0MB

MD5
4840d52be4cdf20a5c651517a5273c1c

SHA1
94cafd016d7624b893ab00bc904ac8d4951c0037

SHA256
8741921cf615ad4fbe03e72f8c250e66d630261bc5be8e8d169d8a95ff7427f3

SHA512
081398d152e6ae0a9ade2fc56e2932c04c1de97b353df8e54062668eb9189a2143d7e51c1624a4e53f8c90598f16d72b06609ca9e50750181e3c2e2b30e6b0e4

Download Submit
\Windows\system\NWOpEWH.exe

Filesize
6.0MB

MD5
d4e82fba3658660ac7b0c8074334f78c

SHA1
9f7f0d7e4a1b32b10836d6c9a4634997e612822b

SHA256
0dcd223d71087c29c1222c2b291e6e9d0f26a8ccaa917a7b1ea236fb8d0eeb1b

SHA512
fd664dfe47bb80dcfe4ad64b24bd14fa4138ae729823748e8bf6ee3d87be158d359de6c041fadc874878f37ea4808a135376d4fe2d3cfdb93a0ff03af45868ae

Download Submit
\Windows\system\ctmXoFX.exe

Filesize
6.0MB

MD5
fffb0a3742ee52afabbea9d113ff03fe

SHA1
76d2b519791bafb2a0c4203e02012770e3f4db5e

SHA256
e0253c710c167eaabd3906d8577f7d0b0898fb1a068861b997927630d0c706e7

SHA512
d550e0ecab906d1e0dd915c23da9c4701aa5d8d8213374c5623099887b29fbcb982f5bd81abdaf78462383b43d88c59ba3f213a6da4fb9ffd9c889bed4c1681d

Download Submit
\Windows\system\iZGhNNv.exe

Filesize
6.0MB

MD5
614d1358eb19b7924e8c5a0e25e7f4b9

SHA1
5fcfa4b1358b7a9d408c86f421b5bb0bc4ec7732

SHA256
a796e032df831092a1ede68ab96cd4ac39efbcde482f422129ce73c2a65901fb

SHA512
30298e2bca0dcf84a652b9c29267a2a10a3db519b73438dc914520e21404f32cb062eb8e99910c65d5a4cf6e0f6b9ad67161417432947cdc8a0e88b773c20da6

Download Submit
memory/268-13-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/268-44-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/268-3213-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/692-75-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-0-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/692-218-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-600-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-217-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/692-598-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-53-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-69-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-34-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/692-77-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/692-78-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-79-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-17-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-33-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/692-22-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/692-29-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/692-106-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-39-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/692-99-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1044-35-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-86-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-3245-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-73-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3560-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2284-27-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2284-80-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3235-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2328-8-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3188-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-596-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-87-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3583-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2688-95-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3586-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-597-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2720-52-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3239-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2720-20-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2748-393-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3573-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2784-42-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-92-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3237-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-81-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3552-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2820-84-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2820-491-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3587-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2912-76-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3557-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3584-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-102-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-599-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download